From aea12fd77cb6cf3676e0fc1d41047f68003fa033 Mon Sep 17 00:00:00 2001 From: Packit Date: Sep 25 2020 17:58:01 +0000 Subject: gnutls-3.6.8 base --- diff --git a/ABOUT-NLS b/ABOUT-NLS new file mode 100644 index 0000000..b1de1b6 --- /dev/null +++ b/ABOUT-NLS @@ -0,0 +1,1282 @@ +1 Notes on the Free Translation Project +*************************************** + +Free software is going international! The Free Translation Project is +a way to get maintainers of free software, translators, and users all +together, so that free software will gradually become able to speak many +languages. A few packages already provide translations for their +messages. + + If you found this `ABOUT-NLS' file inside a distribution, you may +assume that the distributed package does use GNU `gettext' internally, +itself available at your nearest GNU archive site. But you do _not_ +need to install GNU `gettext' prior to configuring, installing or using +this package with messages translated. + + Installers will find here some useful hints. These notes also +explain how users should proceed for getting the programs to use the +available translations. They tell how people wanting to contribute and +work on translations can contact the appropriate team. + +1.1 INSTALL Matters +=================== + +Some packages are "localizable" when properly installed; the programs +they contain can be made to speak your own native language. Most such +packages use GNU `gettext'. Other packages have their own ways to +internationalization, predating GNU `gettext'. + + By default, this package will be installed to allow translation of +messages. It will automatically detect whether the system already +provides the GNU `gettext' functions. Installers may use special +options at configuration time for changing the default behaviour. The +command: + + ./configure --disable-nls + +will _totally_ disable translation of messages. + + When you already have GNU `gettext' installed on your system and run +configure without an option for your new package, `configure' will +probably detect the previously built and installed `libintl' library +and will decide to use it. If not, you may have to to use the +`--with-libintl-prefix' option to tell `configure' where to look for it. + + Internationalized packages usually have many `po/LL.po' files, where +LL gives an ISO 639 two-letter code identifying the language. Unless +translations have been forbidden at `configure' time by using the +`--disable-nls' switch, all available translations are installed +together with the package. However, the environment variable `LINGUAS' +may be set, prior to configuration, to limit the installed set. +`LINGUAS' should then contain a space separated list of two-letter +codes, stating which languages are allowed. + +1.2 Using This Package +====================== + +As a user, if your language has been installed for this package, you +only have to set the `LANG' environment variable to the appropriate +`LL_CC' combination. If you happen to have the `LC_ALL' or some other +`LC_xxx' environment variables set, you should unset them before +setting `LANG', otherwise the setting of `LANG' will not have the +desired effect. Here `LL' is an ISO 639 two-letter language code, and +`CC' is an ISO 3166 two-letter country code. For example, let's +suppose that you speak German and live in Germany. At the shell +prompt, merely execute `setenv LANG de_DE' (in `csh'), +`export LANG; LANG=de_DE' (in `sh') or `export LANG=de_DE' (in `bash'). +This can be done from your `.login' or `.profile' file, once and for +all. + + You might think that the country code specification is redundant. +But in fact, some languages have dialects in different countries. For +example, `de_AT' is used for Austria, and `pt_BR' for Brazil. The +country code serves to distinguish the dialects. + + The locale naming convention of `LL_CC', with `LL' denoting the +language and `CC' denoting the country, is the one use on systems based +on GNU libc. On other systems, some variations of this scheme are +used, such as `LL' or `LL_CC.ENCODING'. You can get the list of +locales supported by your system for your language by running the +command `locale -a | grep '^LL''. + + Not all programs have translations for all languages. By default, an +English message is shown in place of a nonexistent translation. If you +understand other languages, you can set up a priority list of languages. +This is done through a different environment variable, called +`LANGUAGE'. GNU `gettext' gives preference to `LANGUAGE' over `LANG' +for the purpose of message handling, but you still need to have `LANG' +set to the primary language; this is required by other parts of the +system libraries. For example, some Swedish users who would rather +read translations in German than English for when Swedish is not +available, set `LANGUAGE' to `sv:de' while leaving `LANG' to `sv_SE'. + + Special advice for Norwegian users: The language code for Norwegian +bokma*l changed from `no' to `nb' recently (in 2003). During the +transition period, while some message catalogs for this language are +installed under `nb' and some older ones under `no', it's recommended +for Norwegian users to set `LANGUAGE' to `nb:no' so that both newer and +older translations are used. + + In the `LANGUAGE' environment variable, but not in the `LANG' +environment variable, `LL_CC' combinations can be abbreviated as `LL' +to denote the language's main dialect. For example, `de' is equivalent +to `de_DE' (German as spoken in Germany), and `pt' to `pt_PT' +(Portuguese as spoken in Portugal) in this context. + +1.3 Translating Teams +===================== + +For the Free Translation Project to be a success, we need interested +people who like their own language and write it well, and who are also +able to synergize with other translators speaking the same language. +Each translation team has its own mailing list. The up-to-date list of +teams can be found at the Free Translation Project's homepage, +`http://translationproject.org/', in the "Teams" area. + + If you'd like to volunteer to _work_ at translating messages, you +should become a member of the translating team for your own language. +The subscribing address is _not_ the same as the list itself, it has +`-request' appended. For example, speakers of Swedish can send a +message to `sv-request@li.org', having this message body: + + subscribe + + Keep in mind that team members are expected to participate +_actively_ in translations, or at solving translational difficulties, +rather than merely lurking around. If your team does not exist yet and +you want to start one, or if you are unsure about what to do or how to +get started, please write to `coordinator@translationproject.org' to +reach the coordinator for all translator teams. + + The English team is special. It works at improving and uniformizing +the terminology in use. Proven linguistic skills are praised more than +programming skills, here. + +1.4 Available Packages +====================== + +Languages are not equally supported in all packages. The following +matrix shows the current state of internationalization, as of June +2010. The matrix shows, in regard of each package, for which languages +PO files have been submitted to translation coordination, with a +translation percentage of at least 50%. + + Ready PO files af am an ar as ast az be be@latin bg bn_IN bs ca + +--------------------------------------------------+ + a2ps | [] [] | + aegis | | + ant-phone | | + anubis | | + aspell | [] [] | + bash | | + bfd | | + bibshelf | [] | + binutils | | + bison | | + bison-runtime | [] | + bluez-pin | [] [] | + bombono-dvd | | + buzztard | | + cflow | | + clisp | | + coreutils | [] [] | + cpio | | + cppi | | + cpplib | [] | + cryptsetup | | + dfarc | | + dialog | [] [] | + dico | | + diffutils | [] | + dink | | + doodle | | + e2fsprogs | [] | + enscript | [] | + exif | | + fetchmail | [] | + findutils | [] | + flex | [] | + freedink | | + gas | | + gawk | [] [] | + gcal | [] | + gcc | | + gettext-examples | [] [] [] [] | + gettext-runtime | [] [] | + gettext-tools | [] [] | + gip | [] | + gjay | | + gliv | [] | + glunarclock | [] [] | + gnubiff | | + gnucash | [] | + gnuedu | | + gnulib | | + gnunet | | + gnunet-gtk | | + gnutls | | + gold | | + gpe-aerial | | + gpe-beam | | + gpe-bluetooth | | + gpe-calendar | | + gpe-clock | [] | + gpe-conf | | + gpe-contacts | | + gpe-edit | | + gpe-filemanager | | + gpe-go | | + gpe-login | | + gpe-ownerinfo | [] | + gpe-package | | + gpe-sketchbook | | + gpe-su | [] | + gpe-taskmanager | [] | + gpe-timesheet | [] | + gpe-today | [] | + gpe-todo | | + gphoto2 | | + gprof | [] | + gpsdrive | | + gramadoir | | + grep | | + grub | [] [] | + gsasl | | + gss | | + gst-plugins-bad | [] | + gst-plugins-base | [] | + gst-plugins-good | [] | + gst-plugins-ugly | [] | + gstreamer | [] [] [] | + gtick | | + gtkam | [] | + gtkorphan | [] | + gtkspell | [] [] [] | + gutenprint | | + hello | [] | + help2man | | + hylafax | | + idutils | | + indent | [] [] | + iso_15924 | | + iso_3166 | [] [] [] [] [] [] [] | + iso_3166_2 | | + iso_4217 | | + iso_639 | [] [] [] [] | + iso_639_3 | | + jwhois | | + kbd | | + keytouch | [] | + keytouch-editor | | + keytouch-keyboa... | [] | + klavaro | [] | + latrine | | + ld | [] | + leafpad | [] [] | + libc | [] [] | + libexif | () | + libextractor | | + libgnutls | | + libgpewidget | | + libgpg-error | | + libgphoto2 | | + libgphoto2_port | | + libgsasl | | + libiconv | [] | + libidn | | + lifelines | | + liferea | [] [] | + lilypond | | + linkdr | [] | + lordsawar | | + lprng | | + lynx | [] | + m4 | | + mailfromd | | + mailutils | | + make | | + man-db | | + man-db-manpages | | + minicom | | + mkisofs | | + myserver | | + nano | [] [] | + opcodes | | + parted | | + pies | | + popt | | + psmisc | | + pspp | [] | + pwdutils | | + radius | [] | + recode | [] [] | + rosegarden | | + rpm | | + rush | | + sarg | | + screem | | + scrollkeeper | [] [] [] | + sed | [] [] | + sharutils | [] [] | + shishi | | + skencil | | + solfege | | + solfege-manual | | + soundtracker | | + sp | | + sysstat | | + tar | [] | + texinfo | | + tin | | + unicode-han-tra... | | + unicode-transla... | | + util-linux-ng | [] | + vice | | + vmm | | + vorbis-tools | | + wastesedge | | + wdiff | | + wget | [] [] | + wyslij-po | | + xchat | [] [] [] [] | + xdg-user-dirs | [] [] [] [] [] [] [] [] [] | + xkeyboard-config | [] [] | + +--------------------------------------------------+ + af am an ar as ast az be be@latin bg bn_IN bs ca + 6 0 1 2 3 19 1 10 3 28 3 1 38 + + crh cs da de el en en_GB en_ZA eo es et eu fa + +-------------------------------------------------+ + a2ps | [] [] [] [] [] [] [] | + aegis | [] [] [] | + ant-phone | [] () | + anubis | [] [] | + aspell | [] [] [] [] [] | + bash | [] [] [] | + bfd | [] | + bibshelf | [] [] [] | + binutils | [] | + bison | [] [] | + bison-runtime | [] [] [] [] | + bluez-pin | [] [] [] [] [] [] | + bombono-dvd | [] | + buzztard | [] [] [] | + cflow | [] [] | + clisp | [] [] [] [] | + coreutils | [] [] [] [] | + cpio | | + cppi | | + cpplib | [] [] [] | + cryptsetup | [] | + dfarc | [] [] [] | + dialog | [] [] [] [] [] | + dico | | + diffutils | [] [] [] [] [] [] | + dink | [] [] [] | + doodle | [] | + e2fsprogs | [] [] [] | + enscript | [] [] [] | + exif | () [] [] | + fetchmail | [] [] () [] [] [] | + findutils | [] [] [] | + flex | [] [] | + freedink | [] [] [] | + gas | [] | + gawk | [] [] [] | + gcal | [] | + gcc | [] [] | + gettext-examples | [] [] [] [] | + gettext-runtime | [] [] [] [] | + gettext-tools | [] [] [] | + gip | [] [] [] [] | + gjay | [] | + gliv | [] [] [] | + glunarclock | [] [] | + gnubiff | () | + gnucash | [] () () () () | + gnuedu | [] [] | + gnulib | [] [] | + gnunet | | + gnunet-gtk | [] | + gnutls | [] [] | + gold | [] | + gpe-aerial | [] [] [] [] | + gpe-beam | [] [] [] [] | + gpe-bluetooth | [] [] | + gpe-calendar | [] | + gpe-clock | [] [] [] [] | + gpe-conf | [] [] [] | + gpe-contacts | [] [] [] | + gpe-edit | [] [] | + gpe-filemanager | [] [] [] | + gpe-go | [] [] [] [] | + gpe-login | [] [] | + gpe-ownerinfo | [] [] [] [] | + gpe-package | [] [] [] | + gpe-sketchbook | [] [] [] [] | + gpe-su | [] [] [] [] | + gpe-taskmanager | [] [] [] [] | + gpe-timesheet | [] [] [] [] | + gpe-today | [] [] [] [] | + gpe-todo | [] [] [] | + gphoto2 | [] [] () [] [] [] | + gprof | [] [] [] | + gpsdrive | [] [] [] | + gramadoir | [] [] [] | + grep | [] | + grub | [] [] | + gsasl | [] | + gss | | + gst-plugins-bad | [] [] [] [] [] | + gst-plugins-base | [] [] [] [] [] | + gst-plugins-good | [] [] [] [] [] [] | + gst-plugins-ugly | [] [] [] [] [] [] | + gstreamer | [] [] [] [] [] | + gtick | [] () [] | + gtkam | [] [] () [] [] | + gtkorphan | [] [] [] [] | + gtkspell | [] [] [] [] [] [] [] | + gutenprint | [] [] [] | + hello | [] [] [] [] | + help2man | [] | + hylafax | [] [] | + idutils | [] [] | + indent | [] [] [] [] [] [] [] | + iso_15924 | [] () [] [] | + iso_3166 | [] [] [] [] () [] [] [] () | + iso_3166_2 | () | + iso_4217 | [] [] [] () [] [] | + iso_639 | [] [] [] [] () [] [] | + iso_639_3 | [] | + jwhois | [] | + kbd | [] [] [] [] [] | + keytouch | [] [] | + keytouch-editor | [] [] | + keytouch-keyboa... | [] | + klavaro | [] [] [] [] | + latrine | [] () | + ld | [] [] | + leafpad | [] [] [] [] [] [] | + libc | [] [] [] [] | + libexif | [] [] () | + libextractor | | + libgnutls | [] | + libgpewidget | [] [] | + libgpg-error | [] [] | + libgphoto2 | [] () | + libgphoto2_port | [] () [] | + libgsasl | | + libiconv | [] [] [] [] [] | + libidn | [] [] [] | + lifelines | [] () | + liferea | [] [] [] [] [] | + lilypond | [] [] [] | + linkdr | [] [] [] | + lordsawar | [] | + lprng | | + lynx | [] [] [] [] | + m4 | [] [] [] [] | + mailfromd | | + mailutils | [] | + make | [] [] [] | + man-db | | + man-db-manpages | | + minicom | [] [] [] [] | + mkisofs | | + myserver | | + nano | [] [] [] | + opcodes | [] [] | + parted | [] [] | + pies | | + popt | [] [] [] [] [] | + psmisc | [] [] [] | + pspp | [] | + pwdutils | [] | + radius | [] | + recode | [] [] [] [] [] [] | + rosegarden | () () () | + rpm | [] [] [] | + rush | | + sarg | | + screem | | + scrollkeeper | [] [] [] [] [] | + sed | [] [] [] [] [] [] | + sharutils | [] [] [] [] | + shishi | | + skencil | [] () [] | + solfege | [] [] [] | + solfege-manual | [] [] | + soundtracker | [] [] [] | + sp | [] | + sysstat | [] [] [] | + tar | [] [] [] [] | + texinfo | [] [] [] | + tin | [] [] | + unicode-han-tra... | | + unicode-transla... | | + util-linux-ng | [] [] [] [] | + vice | () () | + vmm | [] | + vorbis-tools | [] [] | + wastesedge | [] | + wdiff | [] [] | + wget | [] [] [] | + wyslij-po | | + xchat | [] [] [] [] [] | + xdg-user-dirs | [] [] [] [] [] [] [] [] [] | + xkeyboard-config | [] [] [] [] [] [] | + +-------------------------------------------------+ + crh cs da de el en en_GB en_ZA eo es et eu fa + 5 64 105 117 18 1 8 0 28 89 18 19 0 + + fi fr ga gl gu he hi hr hu hy id is it ja ka kn + +----------------------------------------------------+ + a2ps | [] [] [] [] | + aegis | [] [] | + ant-phone | [] [] | + anubis | [] [] [] [] | + aspell | [] [] [] [] | + bash | [] [] [] [] | + bfd | [] [] [] | + bibshelf | [] [] [] [] [] | + binutils | [] [] [] | + bison | [] [] [] [] | + bison-runtime | [] [] [] [] [] [] | + bluez-pin | [] [] [] [] [] [] [] [] | + bombono-dvd | [] | + buzztard | [] | + cflow | [] [] [] | + clisp | [] | + coreutils | [] [] [] [] [] | + cpio | [] [] [] [] | + cppi | [] [] | + cpplib | [] [] [] | + cryptsetup | [] [] [] | + dfarc | [] [] [] | + dialog | [] [] [] [] [] [] [] | + dico | | + diffutils | [] [] [] [] [] [] [] [] [] | + dink | [] | + doodle | [] [] | + e2fsprogs | [] [] | + enscript | [] [] [] [] | + exif | [] [] [] [] [] [] | + fetchmail | [] [] [] [] | + findutils | [] [] [] [] [] [] | + flex | [] [] [] | + freedink | [] [] [] | + gas | [] [] | + gawk | [] [] [] [] () [] | + gcal | [] | + gcc | [] | + gettext-examples | [] [] [] [] [] [] [] | + gettext-runtime | [] [] [] [] [] [] | + gettext-tools | [] [] [] [] | + gip | [] [] [] [] [] [] | + gjay | [] | + gliv | [] () | + glunarclock | [] [] [] [] | + gnubiff | () [] () | + gnucash | () () () () () [] | + gnuedu | [] [] | + gnulib | [] [] [] [] [] [] | + gnunet | | + gnunet-gtk | [] | + gnutls | [] [] | + gold | [] [] | + gpe-aerial | [] [] [] | + gpe-beam | [] [] [] [] | + gpe-bluetooth | [] [] [] [] | + gpe-calendar | [] [] | + gpe-clock | [] [] [] [] [] | + gpe-conf | [] [] [] [] | + gpe-contacts | [] [] [] [] | + gpe-edit | [] [] [] | + gpe-filemanager | [] [] [] [] | + gpe-go | [] [] [] [] [] | + gpe-login | [] [] [] | + gpe-ownerinfo | [] [] [] [] [] | + gpe-package | [] [] [] | + gpe-sketchbook | [] [] [] [] | + gpe-su | [] [] [] [] [] [] | + gpe-taskmanager | [] [] [] [] [] | + gpe-timesheet | [] [] [] [] [] | + gpe-today | [] [] [] [] [] [] [] | + gpe-todo | [] [] [] | + gphoto2 | [] [] [] [] [] [] | + gprof | [] [] [] [] | + gpsdrive | [] [] [] | + gramadoir | [] [] [] | + grep | [] [] | + grub | [] [] [] [] | + gsasl | [] [] [] [] [] | + gss | [] [] [] [] [] | + gst-plugins-bad | [] [] [] [] [] [] | + gst-plugins-base | [] [] [] [] [] [] | + gst-plugins-good | [] [] [] [] [] [] | + gst-plugins-ugly | [] [] [] [] [] [] | + gstreamer | [] [] [] [] [] | + gtick | [] [] [] [] [] | + gtkam | [] [] [] [] [] | + gtkorphan | [] [] [] | + gtkspell | [] [] [] [] [] [] [] [] [] | + gutenprint | [] [] [] [] | + hello | [] [] [] | + help2man | [] [] | + hylafax | [] | + idutils | [] [] [] [] [] [] | + indent | [] [] [] [] [] [] [] [] | + iso_15924 | [] () [] [] | + iso_3166 | [] () [] [] [] [] [] [] [] [] [] [] | + iso_3166_2 | () [] [] [] | + iso_4217 | [] () [] [] [] [] | + iso_639 | [] () [] [] [] [] [] [] [] | + iso_639_3 | () [] [] | + jwhois | [] [] [] [] [] | + kbd | [] [] | + keytouch | [] [] [] [] [] [] | + keytouch-editor | [] [] [] [] [] | + keytouch-keyboa... | [] [] [] [] [] | + klavaro | [] [] | + latrine | [] [] [] | + ld | [] [] [] [] | + leafpad | [] [] [] [] [] [] [] () | + libc | [] [] [] [] [] | + libexif | [] | + libextractor | | + libgnutls | [] [] | + libgpewidget | [] [] [] [] | + libgpg-error | [] [] | + libgphoto2 | [] [] [] | + libgphoto2_port | [] [] [] | + libgsasl | [] [] [] [] [] | + libiconv | [] [] [] [] [] [] | + libidn | [] [] [] [] | + lifelines | () | + liferea | [] [] [] [] | + lilypond | [] [] | + linkdr | [] [] [] [] [] | + lordsawar | | + lprng | [] | + lynx | [] [] [] [] [] | + m4 | [] [] [] [] [] [] | + mailfromd | | + mailutils | [] [] | + make | [] [] [] [] [] [] [] [] [] | + man-db | [] [] | + man-db-manpages | [] | + minicom | [] [] [] [] [] | + mkisofs | [] [] [] [] | + myserver | | + nano | [] [] [] [] [] [] | + opcodes | [] [] [] [] | + parted | [] [] [] [] | + pies | | + popt | [] [] [] [] [] [] [] [] [] | + psmisc | [] [] [] | + pspp | | + pwdutils | [] [] | + radius | [] [] | + recode | [] [] [] [] [] [] [] [] | + rosegarden | () () () () () | + rpm | [] [] | + rush | | + sarg | [] | + screem | [] [] | + scrollkeeper | [] [] [] [] | + sed | [] [] [] [] [] [] [] [] | + sharutils | [] [] [] [] [] [] [] | + shishi | [] | + skencil | [] | + solfege | [] [] [] [] | + solfege-manual | [] [] | + soundtracker | [] [] | + sp | [] () | + sysstat | [] [] [] [] [] | + tar | [] [] [] [] [] [] [] | + texinfo | [] [] [] [] | + tin | [] | + unicode-han-tra... | | + unicode-transla... | [] [] | + util-linux-ng | [] [] [] [] [] [] | + vice | () () () | + vmm | [] | + vorbis-tools | [] | + wastesedge | () () | + wdiff | [] | + wget | [] [] [] [] [] [] [] [] | + wyslij-po | [] [] [] | + xchat | [] [] [] [] [] [] [] [] [] | + xdg-user-dirs | [] [] [] [] [] [] [] [] [] [] [] [] [] | + xkeyboard-config | [] [] [] [] [] | + +----------------------------------------------------+ + fi fr ga gl gu he hi hr hu hy id is it ja ka kn + 105 121 53 20 4 8 3 5 53 2 120 5 84 67 0 4 + + ko ku ky lg lt lv mk ml mn mr ms mt nb nds ne + +-----------------------------------------------+ + a2ps | [] | + aegis | | + ant-phone | | + anubis | [] [] | + aspell | [] | + bash | | + bfd | | + bibshelf | [] [] | + binutils | | + bison | [] | + bison-runtime | [] [] [] [] [] | + bluez-pin | [] [] [] [] [] | + bombono-dvd | | + buzztard | | + cflow | | + clisp | | + coreutils | [] | + cpio | | + cppi | | + cpplib | | + cryptsetup | | + dfarc | [] | + dialog | [] [] [] [] [] | + dico | | + diffutils | [] [] | + dink | | + doodle | | + e2fsprogs | | + enscript | | + exif | [] | + fetchmail | | + findutils | | + flex | | + freedink | [] | + gas | | + gawk | | + gcal | | + gcc | | + gettext-examples | [] [] [] [] | + gettext-runtime | [] | + gettext-tools | [] | + gip | [] [] | + gjay | | + gliv | | + glunarclock | [] | + gnubiff | | + gnucash | () () () () | + gnuedu | | + gnulib | | + gnunet | | + gnunet-gtk | | + gnutls | [] | + gold | | + gpe-aerial | [] | + gpe-beam | [] | + gpe-bluetooth | [] [] | + gpe-calendar | [] | + gpe-clock | [] [] [] [] [] | + gpe-conf | [] [] | + gpe-contacts | [] [] | + gpe-edit | [] | + gpe-filemanager | [] [] | + gpe-go | [] [] [] | + gpe-login | [] | + gpe-ownerinfo | [] [] | + gpe-package | [] [] | + gpe-sketchbook | [] [] | + gpe-su | [] [] [] [] [] [] | + gpe-taskmanager | [] [] [] [] [] [] | + gpe-timesheet | [] [] | + gpe-today | [] [] [] [] | + gpe-todo | [] [] | + gphoto2 | | + gprof | [] | + gpsdrive | | + gramadoir | | + grep | | + grub | | + gsasl | | + gss | | + gst-plugins-bad | [] [] [] [] | + gst-plugins-base | [] [] | + gst-plugins-good | [] [] | + gst-plugins-ugly | [] [] [] [] [] | + gstreamer | | + gtick | | + gtkam | [] | + gtkorphan | [] [] | + gtkspell | [] [] [] [] [] [] [] | + gutenprint | | + hello | [] [] [] | + help2man | | + hylafax | | + idutils | | + indent | | + iso_15924 | [] [] | + iso_3166 | [] [] () [] [] [] [] [] | + iso_3166_2 | | + iso_4217 | [] [] | + iso_639 | [] [] | + iso_639_3 | [] | + jwhois | [] | + kbd | | + keytouch | [] | + keytouch-editor | [] | + keytouch-keyboa... | [] | + klavaro | [] | + latrine | [] | + ld | | + leafpad | [] [] [] | + libc | [] | + libexif | | + libextractor | | + libgnutls | [] | + libgpewidget | [] [] | + libgpg-error | | + libgphoto2 | | + libgphoto2_port | | + libgsasl | | + libiconv | | + libidn | | + lifelines | | + liferea | | + lilypond | | + linkdr | | + lordsawar | | + lprng | | + lynx | | + m4 | | + mailfromd | | + mailutils | | + make | [] | + man-db | | + man-db-manpages | | + minicom | [] | + mkisofs | | + myserver | | + nano | [] [] | + opcodes | | + parted | | + pies | | + popt | [] [] [] | + psmisc | | + pspp | | + pwdutils | | + radius | | + recode | | + rosegarden | | + rpm | | + rush | | + sarg | | + screem | | + scrollkeeper | [] [] | + sed | | + sharutils | | + shishi | | + skencil | | + solfege | [] | + solfege-manual | | + soundtracker | | + sp | | + sysstat | [] | + tar | [] | + texinfo | [] | + tin | | + unicode-han-tra... | | + unicode-transla... | | + util-linux-ng | | + vice | | + vmm | | + vorbis-tools | | + wastesedge | | + wdiff | | + wget | [] | + wyslij-po | | + xchat | [] [] [] | + xdg-user-dirs | [] [] [] [] [] [] [] [] | + xkeyboard-config | [] [] [] | + +-----------------------------------------------+ + ko ku ky lg lt lv mk ml mn mr ms mt nb nds ne + 20 5 10 1 13 48 4 2 2 4 24 10 20 3 1 + + nl nn or pa pl ps pt pt_BR ro ru rw sk sl sq sr + +---------------------------------------------------+ + a2ps | [] [] [] [] [] [] [] [] | + aegis | [] [] [] | + ant-phone | [] [] | + anubis | [] [] [] | + aspell | [] [] [] [] [] | + bash | [] [] | + bfd | [] | + bibshelf | [] [] | + binutils | [] [] | + bison | [] [] [] | + bison-runtime | [] [] [] [] [] [] [] | + bluez-pin | [] [] [] [] [] [] [] [] | + bombono-dvd | [] () | + buzztard | [] [] | + cflow | [] | + clisp | [] [] | + coreutils | [] [] [] [] [] [] | + cpio | [] [] [] | + cppi | [] | + cpplib | [] | + cryptsetup | [] | + dfarc | [] | + dialog | [] [] [] [] | + dico | [] | + diffutils | [] [] [] [] [] [] | + dink | () | + doodle | [] [] | + e2fsprogs | [] [] | + enscript | [] [] [] [] [] | + exif | [] [] [] () [] | + fetchmail | [] [] [] [] | + findutils | [] [] [] [] [] | + flex | [] [] [] [] [] | + freedink | [] [] | + gas | | + gawk | [] [] [] [] | + gcal | | + gcc | [] | + gettext-examples | [] [] [] [] [] [] [] [] | + gettext-runtime | [] [] [] [] [] [] [] [] [] | + gettext-tools | [] [] [] [] [] [] | + gip | [] [] [] [] [] | + gjay | | + gliv | [] [] [] [] [] [] | + glunarclock | [] [] [] [] [] | + gnubiff | [] () | + gnucash | [] () () () | + gnuedu | [] | + gnulib | [] [] [] [] | + gnunet | | + gnunet-gtk | | + gnutls | [] [] | + gold | | + gpe-aerial | [] [] [] [] [] [] [] | + gpe-beam | [] [] [] [] [] [] [] | + gpe-bluetooth | [] [] | + gpe-calendar | [] [] [] [] | + gpe-clock | [] [] [] [] [] [] [] [] | + gpe-conf | [] [] [] [] [] [] [] | + gpe-contacts | [] [] [] [] [] | + gpe-edit | [] [] [] | + gpe-filemanager | [] [] [] | + gpe-go | [] [] [] [] [] [] [] [] | + gpe-login | [] [] | + gpe-ownerinfo | [] [] [] [] [] [] [] [] | + gpe-package | [] [] | + gpe-sketchbook | [] [] [] [] [] [] [] | + gpe-su | [] [] [] [] [] [] [] [] | + gpe-taskmanager | [] [] [] [] [] [] [] [] | + gpe-timesheet | [] [] [] [] [] [] [] [] | + gpe-today | [] [] [] [] [] [] [] [] | + gpe-todo | [] [] [] [] [] | + gphoto2 | [] [] [] [] [] [] [] [] | + gprof | [] [] [] | + gpsdrive | [] [] | + gramadoir | [] [] | + grep | [] [] [] [] | + grub | [] [] [] | + gsasl | [] [] [] [] | + gss | [] [] [] | + gst-plugins-bad | [] [] [] [] [] [] | + gst-plugins-base | [] [] [] [] [] | + gst-plugins-good | [] [] [] [] [] | + gst-plugins-ugly | [] [] [] [] [] [] | + gstreamer | [] [] [] [] [] | + gtick | [] [] [] | + gtkam | [] [] [] [] [] [] | + gtkorphan | [] | + gtkspell | [] [] [] [] [] [] [] [] [] [] | + gutenprint | [] [] | + hello | [] [] [] [] | + help2man | [] [] | + hylafax | [] | + idutils | [] [] [] [] [] | + indent | [] [] [] [] [] [] [] | + iso_15924 | [] [] [] [] | + iso_3166 | [] [] [] [] [] () [] [] [] [] [] [] [] [] | + iso_3166_2 | [] [] [] | + iso_4217 | [] [] [] [] [] [] [] [] | + iso_639 | [] [] [] [] [] [] [] [] [] | + iso_639_3 | [] [] | + jwhois | [] [] [] [] | + kbd | [] [] [] | + keytouch | [] [] [] | + keytouch-editor | [] [] [] | + keytouch-keyboa... | [] [] [] | + klavaro | [] [] | + latrine | [] [] | + ld | | + leafpad | [] [] [] [] [] [] [] [] [] | + libc | [] [] [] [] | + libexif | [] [] () [] | + libextractor | | + libgnutls | [] [] | + libgpewidget | [] [] [] | + libgpg-error | [] [] | + libgphoto2 | [] [] | + libgphoto2_port | [] [] [] [] [] | + libgsasl | [] [] [] [] [] | + libiconv | [] [] [] [] [] | + libidn | [] [] | + lifelines | [] [] | + liferea | [] [] [] [] [] () () [] | + lilypond | [] | + linkdr | [] [] [] | + lordsawar | | + lprng | [] | + lynx | [] [] [] | + m4 | [] [] [] [] [] | + mailfromd | [] | + mailutils | [] | + make | [] [] [] [] | + man-db | [] [] [] | + man-db-manpages | [] [] [] | + minicom | [] [] [] [] | + mkisofs | [] [] [] | + myserver | | + nano | [] [] [] [] | + opcodes | [] [] | + parted | [] [] [] [] | + pies | [] | + popt | [] [] [] [] | + psmisc | [] [] [] | + pspp | [] [] | + pwdutils | [] | + radius | [] [] [] | + recode | [] [] [] [] [] [] [] [] | + rosegarden | () () | + rpm | [] [] [] | + rush | [] [] | + sarg | | + screem | | + scrollkeeper | [] [] [] [] [] [] [] [] | + sed | [] [] [] [] [] [] [] [] [] | + sharutils | [] [] [] [] | + shishi | [] | + skencil | [] [] | + solfege | [] [] [] [] | + solfege-manual | [] [] [] | + soundtracker | [] | + sp | | + sysstat | [] [] [] [] | + tar | [] [] [] [] | + texinfo | [] [] [] [] | + tin | [] | + unicode-han-tra... | | + unicode-transla... | | + util-linux-ng | [] [] [] [] [] | + vice | [] | + vmm | [] | + vorbis-tools | [] [] | + wastesedge | [] | + wdiff | [] [] | + wget | [] [] [] [] [] [] [] | + wyslij-po | [] [] [] | + xchat | [] [] [] [] [] [] [] [] [] | + xdg-user-dirs | [] [] [] [] [] [] [] [] [] [] [] [] [] [] | + xkeyboard-config | [] [] [] | + +---------------------------------------------------+ + nl nn or pa pl ps pt pt_BR ro ru rw sk sl sq sr + 135 10 4 7 105 1 29 62 47 91 3 54 46 9 37 + + sv sw ta te tg th tr uk vi wa zh_CN zh_HK zh_TW + +---------------------------------------------------+ + a2ps | [] [] [] [] [] | 27 + aegis | [] | 9 + ant-phone | [] [] [] [] | 9 + anubis | [] [] [] [] | 15 + aspell | [] [] [] | 20 + bash | [] [] [] | 12 + bfd | [] | 6 + bibshelf | [] [] [] | 16 + binutils | [] [] | 8 + bison | [] [] | 12 + bison-runtime | [] [] [] [] [] [] | 29 + bluez-pin | [] [] [] [] [] [] [] [] | 37 + bombono-dvd | [] | 4 + buzztard | [] | 7 + cflow | [] [] [] | 9 + clisp | | 10 + coreutils | [] [] [] [] | 22 + cpio | [] [] [] [] [] [] | 13 + cppi | [] [] | 5 + cpplib | [] [] [] [] [] [] | 14 + cryptsetup | [] [] | 7 + dfarc | [] | 9 + dialog | [] [] [] [] [] [] [] | 30 + dico | [] | 2 + diffutils | [] [] [] [] [] [] | 30 + dink | | 4 + doodle | [] [] | 7 + e2fsprogs | [] [] [] | 11 + enscript | [] [] [] [] | 17 + exif | [] [] [] | 16 + fetchmail | [] [] [] | 17 + findutils | [] [] [] [] [] | 20 + flex | [] [] [] [] | 15 + freedink | [] | 10 + gas | [] | 4 + gawk | [] [] [] [] | 18 + gcal | [] [] | 5 + gcc | [] [] [] | 7 + gettext-examples | [] [] [] [] [] [] [] | 34 + gettext-runtime | [] [] [] [] [] [] [] | 29 + gettext-tools | [] [] [] [] [] [] | 22 + gip | [] [] [] [] | 22 + gjay | [] | 3 + gliv | [] [] [] | 14 + glunarclock | [] [] [] [] [] | 19 + gnubiff | [] [] | 4 + gnucash | () [] () [] () | 10 + gnuedu | [] [] | 7 + gnulib | [] [] [] [] | 16 + gnunet | [] | 1 + gnunet-gtk | [] [] [] | 5 + gnutls | [] [] [] | 10 + gold | [] | 4 + gpe-aerial | [] [] [] | 18 + gpe-beam | [] [] [] | 19 + gpe-bluetooth | [] [] [] | 13 + gpe-calendar | [] [] [] [] | 12 + gpe-clock | [] [] [] [] [] | 28 + gpe-conf | [] [] [] [] | 20 + gpe-contacts | [] [] [] | 17 + gpe-edit | [] [] [] | 12 + gpe-filemanager | [] [] [] [] | 16 + gpe-go | [] [] [] [] [] | 25 + gpe-login | [] [] [] | 11 + gpe-ownerinfo | [] [] [] [] [] | 25 + gpe-package | [] [] [] | 13 + gpe-sketchbook | [] [] [] | 20 + gpe-su | [] [] [] [] [] | 30 + gpe-taskmanager | [] [] [] [] [] | 29 + gpe-timesheet | [] [] [] [] [] | 25 + gpe-today | [] [] [] [] [] [] | 30 + gpe-todo | [] [] [] [] | 17 + gphoto2 | [] [] [] [] [] | 24 + gprof | [] [] [] | 15 + gpsdrive | [] [] [] | 11 + gramadoir | [] [] [] | 11 + grep | [] [] [] | 10 + grub | [] [] [] | 14 + gsasl | [] [] [] [] | 14 + gss | [] [] [] | 11 + gst-plugins-bad | [] [] [] [] | 26 + gst-plugins-base | [] [] [] [] [] | 24 + gst-plugins-good | [] [] [] [] | 24 + gst-plugins-ugly | [] [] [] [] [] | 29 + gstreamer | [] [] [] [] | 22 + gtick | [] [] [] | 13 + gtkam | [] [] [] | 20 + gtkorphan | [] [] [] | 14 + gtkspell | [] [] [] [] [] [] [] [] [] | 45 + gutenprint | [] | 10 + hello | [] [] [] [] [] [] | 21 + help2man | [] [] | 7 + hylafax | [] | 5 + idutils | [] [] [] [] | 17 + indent | [] [] [] [] [] [] | 30 + iso_15924 | () [] () [] [] | 16 + iso_3166 | [] [] () [] [] () [] [] [] () | 53 + iso_3166_2 | () [] () [] | 9 + iso_4217 | [] () [] [] () [] [] | 26 + iso_639 | [] [] [] () [] () [] [] [] [] | 38 + iso_639_3 | [] () | 8 + jwhois | [] [] [] [] [] | 16 + kbd | [] [] [] [] [] | 15 + keytouch | [] [] [] | 16 + keytouch-editor | [] [] [] | 14 + keytouch-keyboa... | [] [] [] | 14 + klavaro | [] | 11 + latrine | [] [] [] | 10 + ld | [] [] [] [] | 11 + leafpad | [] [] [] [] [] [] | 33 + libc | [] [] [] [] [] | 21 + libexif | [] () | 7 + libextractor | [] | 1 + libgnutls | [] [] [] | 9 + libgpewidget | [] [] [] | 14 + libgpg-error | [] [] [] | 9 + libgphoto2 | [] [] | 8 + libgphoto2_port | [] [] [] [] | 14 + libgsasl | [] [] [] | 13 + libiconv | [] [] [] [] | 21 + libidn | () [] [] | 11 + lifelines | [] | 4 + liferea | [] [] [] | 21 + lilypond | [] | 7 + linkdr | [] [] [] [] [] | 17 + lordsawar | | 1 + lprng | [] | 3 + lynx | [] [] [] [] | 17 + m4 | [] [] [] [] | 19 + mailfromd | [] [] | 3 + mailutils | [] | 5 + make | [] [] [] [] | 21 + man-db | [] [] [] | 8 + man-db-manpages | | 4 + minicom | [] [] | 16 + mkisofs | [] [] | 9 + myserver | | 0 + nano | [] [] [] [] | 21 + opcodes | [] [] [] | 11 + parted | [] [] [] [] [] | 15 + pies | [] [] | 3 + popt | [] [] [] [] [] [] | 27 + psmisc | [] [] | 11 + pspp | | 4 + pwdutils | [] [] | 6 + radius | [] [] | 9 + recode | [] [] [] [] | 28 + rosegarden | () | 0 + rpm | [] [] [] | 11 + rush | [] [] | 4 + sarg | | 1 + screem | [] | 3 + scrollkeeper | [] [] [] [] [] | 27 + sed | [] [] [] [] [] | 30 + sharutils | [] [] [] [] [] | 22 + shishi | [] | 3 + skencil | [] [] | 7 + solfege | [] [] [] [] | 16 + solfege-manual | [] | 8 + soundtracker | [] [] [] | 9 + sp | [] | 3 + sysstat | [] [] | 15 + tar | [] [] [] [] [] [] | 23 + texinfo | [] [] [] [] [] | 17 + tin | | 4 + unicode-han-tra... | | 0 + unicode-transla... | | 2 + util-linux-ng | [] [] [] [] | 20 + vice | () () | 1 + vmm | [] | 4 + vorbis-tools | [] | 6 + wastesedge | | 2 + wdiff | [] [] | 7 + wget | [] [] [] [] [] | 26 + wyslij-po | [] [] | 8 + xchat | [] [] [] [] [] [] | 36 + xdg-user-dirs | [] [] [] [] [] [] [] [] [] [] | 63 + xkeyboard-config | [] [] [] | 22 + +---------------------------------------------------+ + 85 teams sv sw ta te tg th tr uk vi wa zh_CN zh_HK zh_TW + 178 domains 119 1 3 3 0 10 65 51 155 17 98 7 41 2618 + + Some counters in the preceding matrix are higher than the number of +visible blocks let us expect. This is because a few extra PO files are +used for implementing regional variants of languages, or language +dialects. + + For a PO file in the matrix above to be effective, the package to +which it applies should also have been internationalized and +distributed as such by its maintainer. There might be an observable +lag between the mere existence a PO file and its wide availability in a +distribution. + + If June 2010 seems to be old, you may fetch a more recent copy of +this `ABOUT-NLS' file on most GNU archive sites. The most up-to-date +matrix with full percentage details can be found at +`http://translationproject.org/extra/matrix.html'. + +1.5 Using `gettext' in new packages +=================================== + +If you are writing a freely available program and want to +internationalize it you are welcome to use GNU `gettext' in your +package. Of course you have to respect the GNU Library General Public +License which covers the use of the GNU `gettext' library. This means +in particular that even non-free programs can use `libintl' as a shared +library, whereas only free software can use `libintl' as a static +library or use modified versions of `libintl'. + + Once the sources are changed appropriately and the setup can handle +the use of `gettext' the only thing missing are the translations. The +Free Translation Project is also available for packages which are not +developed inside the GNU project. Therefore the information given above +applies also for every other Free Software Project. Contact +`coordinator@translationproject.org' to make the `.pot' files available +to the translation teams. + diff --git a/AUTHORS b/AUTHORS new file mode 100644 index 0000000..e9c5378 --- /dev/null +++ b/AUTHORS @@ -0,0 +1,167 @@ +The authors list is autogenerated from the git history; sorted by number of commits + +Nikos Mavrogiannopoulos +Simon Josefsson +Tim Rühsen +Daiki Ueno +Dmitry Eremin-Solenikov +Ludovic Courtès +Timo Schulz +Jonathan Bastien-Filiatrault +Alon Bar-Lev +Andreas Metzler +Martin Storsjo +Tim Kosse +Simo Sorce +Tom Vrancken +Daniel Kahn Gillmor +Fabian Keil +Fabio Fiorina +Stef Walter +Armin Burgmeier +Andrew McDonald +Alex Gaynor +Martin Ukrop +Jaak Ristioja +Attila Molnar +Hugo Beauzée-Luyssen +Martin Sucha +Stefan Berger +David Woodhouse +Jan Vcelak +Kevin Cernekee +Ander Juaristi +Stefan Sørensen +Adam Sampson +Alfredo Pironti +Anderson Toshiyuki Sasaki +Brad Hards +Michael Weiser +Patrick Pelletier +Rolf Eike Beer +Sjoerd Simons +Thomas Klute +Wolfgang Meyer zu Bergsten +Christian Grothoff +Daniel P. Berrange +Gustavo Zacarias +Jakub Jelen +Jiří Klimeš +Kurt Roeckx +Peter Wu +Stefan Bühler +Thierry Quemerais +Alessandro Ghedini +Alex Monk +David Caldwell +Diego Elio Pettenò +Elta Koepp +Fabrice Fontaine +Giuseppe Scrivano +Hubert Kario +Ilya Tumaykin +James Bottomley +Karl Tarbe +Ke Zhao +Mark Brand +Matthias-Christian Ott +Maya Rashish +Michał Górny +Petr Písař +Roman Bogorodskiy +Stephan Mueller +Steve Dispensa +raspa0 +Alban Crequy +Aleksei Nikiforov +Alexander Kanavin +Alexandre Bique +Andreas Metzler +Andreas Schneider +Andreas Schwab +Avinash Sonawane +Bas van Schaik +Bernhard M. Wiedemann +Bjørn Christensen +Carolin Latze +Chen Hongzhi +Chris Barry +Colin Walters +Dan Fandrich +Daniel Schaefer +David Walker +David Weber +Elias Pipping +Elta Koepp +Frank Morgner +Hani Benhabiles +Ilya V. Matveychikov +Jared Wong +Jason Spafford +Jay Foad +Jeffrey Walton +Jens Lechtenboerger +Jussi Kukkonen +Kenneth J. Miller +Lucas Fisher +Ludwig Nussel +Luis G.F +Luke Dashjr +Maciej S. Szmigiero +Maks Naumov +Marcin Cieślak +Marcus Meissner +Marga Manterola +Marius Bakke +Marti Raudsepp +Matt Turner +Matt Whitlock +Micah Anderson +Michael Catanzaro +Nick Alcock +Nicolas Dufresne +Nils Maier +Olga +Philippe Proulx +Philippe Widmer +R. Andrew Bailey +Raj Raman +Rical Jasan +Rickard Bellgrim +Robert Scheck +Roberto Newmon +Rowan Thorpe +SUMIT AGGARWAL +Saurav Babu +Sebastian Dröge +Simon Arlott +Steve Lhomme +Thomas Klausner +Tobias Polzer +Tomas Hoger +Tristan Matthews +Vitezslav Cizek +Werner Koch +Yuriy M. Kaminskiy +sskaje +Łukasz Stelmach + + +The translators list is autogenerated from po file history + +Anders Jonsson +Benno Schulenberg +Felipe Castro +Francisco Javier Serrador +Jakub Bogusz +Jorma Karvonen +Milo Casagrande +Mingye Wang (Arthur2e5) +Petr Pisar +Rafael Fontenelle +Roland Illig +Sharuzzaman Ahmat Raslan +Stéphane Aulery +Trần Ngọc Quân +Yuri Chornoivan +Мирослав Николић diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md new file mode 100644 index 0000000..3a20170 --- /dev/null +++ b/CONTRIBUTING.md @@ -0,0 +1,457 @@ +# GnuTLS -- Information about our contribution rules and coding style + + Anyone is welcome to contribute to GnuTLS. You can either take up +tasks from our [planned list](https://gitlab.com/gnutls/gnutls/milestones), +or suprise us with enhancement we didn't plan for. In all cases be prepared +to defend and justify your enhancements, and get through few rounds +of changes. + +We try to stick to the following rules, so when contributing please +try to follow them too. + + +# Git commits: + +Note that when contributing code you will need to assert that the contribution is +in accordance to the "Developer's Certificate of Origin" as found in the +file [DCO.txt](doc/DCO.txt). + +To indicate that, make sure that your contributions (patches or merge requests), +contain a "Signed-off-by" line, with your real name and e-mail address. +To automate the process use "git am -s" to produce patches and/or set the +a template to simplify this process, as follows. + +``` +$ cp devel/git-template ~/.git-template +[edit] +$ git config commit.template ~/.git-template +``` + + +# Test suite: + + New functionality should be accompanied by a test case which verifies +the correctness of GnuTLS' operation on successful use of the new +functionality, as well as on fail cases. The GnuTLS test suite is run on "make check" +on every system GnuTLS is installed, except for the tests/suite part +which is only run during development. + +For testing functionality of gnutls we use two test unit testing frameworks: +1. The gnutls testing framework as in [utils.h](tests/utils.h), usually for high level + tests such as testing a client against a server. See [set_x509_key_mem.c](tests/set_x509_key_mem.c). +2. The cmocka unit testing framework, for unit testing of functions + or interfaces. See [dtls-sliding-window.c](tests/dtls-sliding-window.c). + +Certificates for testing purposes are available at [cert-common.h](tests/cert-common.h). +Note that we do not regenerate test certificates when they expire, but +we rather fix the test's time using datefudge or gnutls_global_set_time_function(). +For example, see [x509cert-tl.c](tests/x509cert-tl.c). + + +# File names: + + Files are split to directories according to the subsystem +they belong to. Examples are x509/, minitasn1/, openpgp/, +opencdk/ etc. The files in the root directory related +to the main TLS protocol implementation. + + +# C dialect: + + While parts of GnuTLS were written in older dialects, new code +in GnuTLS are expected to conform to C99. Exceptions could be made +for C99 features that are not supported in popular platforms on a +case by case basis. + + +# Indentation style: + + In general, use [the Linux kernel coding style](https://www.kernel.org/doc/html/latest/process/coding-style.html). +You may indent the source using GNU indent, e.g. "indent -linux *.c". + + +# Commenting style + +In general for documenting new code we prefer self-documented code to comments. That is: + - Meaningful function and macro names + - Short functions which do a single thing + +That does not mean that no comments are allowed, but that when they are +used, they are used to document something that is not obvious, or the protocol +expectations. Though we haven't followed that rule strictly in the past, it +should be followed on new code. + + +# Function names: + + All the function names use underscore ```_```, to separate words, +functions like ```gnutlsDoThat``` are not used. The exported function names +usually start with the ```gnutls_``` prefix, and the words that follow +specify the exact subsystem of gnutls that this function refers to. +E.g. ```gnutls_x509_crt_get_dn```, refers to the X.509 +certificate parsing part of gnutls. Some of the used prefixes are the +following. + * ```gnutls_x509_crt_``` for the X.509 certificate part + * ```gnutls_session_``` for the TLS session part (but this may be omited) + * ```gnutls_handshake_``` for the TLS handshake part + * ```gnutls_record_``` for the TLS record protocol part + * ```gnutls_alert_``` for the TLS alert protocol part + * ```gnutls_credentials_``` for the credentials structures + * ```gnutls_global_``` for the global structures handling + +All exported API functions must be listed in libgnutls.map +in order to be exported. + +Internal functions, i.e, functions that are not exported in the API but +are used internally by multiple files, should be prefixed with an underscore. +For example `_gnutls_handshake_begin()`. + +Internal functions restricted to a file (static), or inline functions, should +not use the `_gnutls` prefix for simplicity, e.g., `get_version()`. + +Internal structures should not be exported. Especially pointers to +internal data. Doing so harms future reorganization/rewrite of subsystems. +They can however be used by unit tests in tests/ directory; in that +case they should be part of the GNUTLS_PRIVATE_3_4 tag in libgnutls.map. + + +# Header guards + + Each private C header file SHOULD have a header guard consisting of the +project name and the file path relative to the project directory, all uppercase. + +Example: `lib/srp.h` uses the header guard `GNUTLS_LIB_SRP_H`. + +The header guard is used as first and last effective code in a header file, +like e.g. in lib/srp.h: + +``` +#ifndef GNUTLS_LIB_SRP_H +#define GNUTLS_LIB_SRP_H + +... + +#endif /* GNUTLS_LIB_SRP_H */ + +The public header files follow a similar convention but use the relative +install directory as template, e.g. `GNUTLS_GNUTLS_H` for `gnutls/gnutls.h`. + + +# Introducing new functions / API + + Prior to introducing any new API consider all options to offer the same +functionality without introducing a new function. The reason is that we want +to avoid breaking the ABI, and thus we cannot typically remove any function +that was added (though we have few exceptions). Since we cannot remove, it +means that experimental APIs, or helper APIs that are not typically needed +may become a burden to maintain in the future. That is, they may prevent +a refactoring, or require to keep legacy code. + +As such, some questions to answer before adding a new API: + * Is this API useful for a large class of applications, or is it limited + to few? + * If it is limited to few, can we work around that functionality without + a new API? + * Would that function be relevant in the future when a new protocol such TLS + 13.0 is made available? Would it harm the addition of a new protocol? + + +The make rule 'abi-check' verifies that the ABI remained compatible since +the last tagged release. It relies on the git tree and abi-compliance-checker. + +The above do not apply to the C++ library; this library's ABI should not +be considered stable. + + +# Introducing new features / modifying behavior + + When a new feature is introduced which may affect already deployed code, +it must be disabled by default. For example a new TLS extension should be +enabled when explicitly requested by the application. That can happen for +example with a gnutls_init() flag. + +The same should be followed when an existing function behavior is modified +in a way that may break existing applications which use the API in a +reasonable way. If the existing function allows flags, then a new flag +should be introduced to enable the new behavior. + +When it is necessary, or desireable to enable the new features by default +(e.g., TLS1.3 introduction), the "next" releases should be used (and +introduced if necessary), to allow the modification to be tested for an +extended amount of time. + + +# API documentation + +When introducing a new API, we provide the function documentation as +inline comments, in a way that it can be used to generate a man-page +and be included in our manual. For that we use gnome-style comments +as in the example below. The detailed form is documented on `doc/scripts/gdoc`. + +/** + * gnutls_init: + * @session: is a pointer to a #gnutls_session_t type. + * @flags: indicate if this session is to be used for server or client. + * + * This function initializes the provided session. Every + * session must be initialized before use, and must be deinitialized + * after used by calling gnutls_deinit(). + * + * @flags can be any combination of flags from %gnutls_init_flags_t. + * + * Note that since version 3.1.2 this function enables some common + * TLS extensions such as session tickets and OCSP certificate status + * request in client side by default. To prevent that use the %GNUTLS_NO_EXTENSIONS + * flag. + * + * Returns: %GNUTLS_E_SUCCESS on success, or a negative error code. + **/ + + +# Constructed types: + + The constructed types in gnutls always have the ```gnutls_``` prefix. +Definitions, value defaults and enumerated values should be in +capitals. E.g. ```GNUTLS_CIPHER_3DES_CBC```. + +Structures should have the ```_st``` suffix in their name even +if they are a typedef. One can use the sizeof() on types with +```_st``` as suffix to get the structure's size. + +Other constructed types should have the ```_t``` suffix. A pointer +to a structure also has the ```_t``` suffix. + + +# Function parameters: + +The gnutls functions accept parameters in the order: + 1. Input parameters + 2. Output parameters + +When data and size are expected as input, a const gnutls_datum_t structure +should be used (or more precisely a pointer to the structure). + +When data pointer and size are to be returned as output, a gnutls_datum_t +structure should be used. + +When output is to be copied to caller an array of fixed data should be +provided. + + +# Callback function parameters: + + Callback functions should be avoided, if this is possible. +Callbacks that refer to a TLS session should include the +current session as a parameter, in order for the called function to +be able to retrieve the data associated with the session. +This is not always done though -- see the push/pull callbacks. + + +# Return values: + + Functions in gnutls return an int type, when possible. In that +case 0 should be returned in case of success, or maybe a positive +value, if some other indication is needed. + +A negative value always indicates failure. All the available +error codes are defined in gnutls.h and a description +is available in gnutls_errors.c + + +Functions which are intended to return a boolean value should return +a type of bool, and it is recommended to contain the string '_is_' +on its function name; e.g., +``` +bool _gnutls_is_not_prehashed(); +``` + +That allows the distinguishing functions that return negative errors +from boolean functions to both the developer and the compiler. Note +that in the past the 'unsigned' type was used to distinguish boolean functions +and several of these still exist. + +## Selecting the right return value + +When selecting the return value for a TLS protocol parsing function +a suggested approach is to check which alert fits best on that error +(see `alert.c`), and then select from the error codes which are mapped +to that alert (see `gnutls_error_to_alert()`). For more generic parsing +errors consider using the `GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER`. + + +# Usage of assert() + + The assert() macro --not to be confused with gnutls_assert()-- is used +exceptionally on impossible situations to assist static analysis tools. +That is, it should be used when the static analyzer used in CI (currently +clang analyzer), detects an error which is on an impossible situation. +In these cases assert() is used to rule out that case. + +For example in the situation where a pointer is known to be non-null, +but the static analyzer cannot rule it out, we use code like the following: +``` +assert(ptr != NULL); +ptr->deref = 3; +``` + +Since GnuTLS is a library no other uses of assert() macro are acceptable. + +The NDEBUG macro is not used in GnuTLS compilation, so the assert() macros +are always active. + + +# Gnulib + +The directories `gl/`, `src/gl/` and `lib/unistring` contain gnulib files +copied/created by `./bootstrap`. Gnulib is a portability source code library +to handle API or behavior incompatibilities between target systems. + +To take advantage of the latest gnulib files, we have to update the +`gnulib/` submodule from time to time: +``` +$ make glimport +``` + +Note that the gnulib library in `gl/` is used by the GnuTLS library +and is kept separate from the gnulib used by the GnuTLS tools because +of license issues, and also to prevent any gnulib networking modules +from entering the library (gnulib networking re-implements the windows +network stack and causes issues to gnutls applications running on windows). + + +# Compiler warnings + +The compiler prints warnings for several reasons; these warnings are +also not constant in time, different versions of the same compiler may +warn about different issues. + +In GnuTLS we enable as many as possible warnings available in the compiler +via configure.ac. On certain cases however we silence or disable warnings +and the following subsections go case by case. + +## Switch unintended fall-through warnings + +These we silence by using the macro FALLTHROUGH under a switch +statement which intentionally falls through. Example: +``` +switch (session->internals.recv_state) { + case RECV_STATE_DTLS_RETRANSMIT: + ret = _dtls_retransmit(session); + if (ret < 0) + return gnutls_assert_val(ret); + + session->internals.recv_state = RECV_STATE_0; + FALLTHROUGH; + case RECV_STATE_0: + + _dtls_async_timer_check(session); + return 1; +} +``` + + +# Symbol and library versioning + + The library uses the libtool versioning system, which in turn +results to a soname bump on incompatible changes. That is described +in [hooks.m4](m4/hooks.m4). Despite its complexity that system is +only sufficient to distinguish between versions of the library that +have broke ABI (i.e., soname bump occurred). + +Today however, soname versioning isn't sufficient. Symbol versioning +as provided by [libgnutls.map](lib/libgnutls.map) have several +advantages. + * they allow for symbol clashing between different gnutls library + versions being in the same address space. + * they allow installers to detect the library version used for + an application utilizing a specific symbol + * the allow introducing multiple versions of a symbol a la libc, + keeping the semantics of old functions while introducing new. + +As such for every symbol introduced on a particular version, we +create an entry in libgnutls.map based on the version and containing +the new symbols. For example, if in version 3.6.2 we introduce symbol +```gnutls_xyz```, the entry would be: + +GNUTLS_3_6_2 { + global: + gnutls_xyz; +} GNUTLS_3_6_1; + +where ```GNUTLS_3_6_1``` is the last version that symbols were introduced, +and indicates a dependency of 3.6.2 to symbols of 3.6.1. + +Note that when the soname version is bumped, i.e., the ABI is broken +all the previous symbol versions should be combined into a single. For +example on the 3.4.0 soname bump, all symbols were put under the +GNUTLS_3_4 version. + +Backporting new symbols to an old version which is soname compatible +is not allowed (can cause quite some problems). Backporting symbols +to an incompatible soname version is allowed, but must ensure that +the symbol version used for the backported symbol version is distinct from +the original library symbol version. E.g., if symbol ```gnutls_xyz``` +with version GNUTLS_3_6_3 is backported on gnutls 3.3.15, it should +use version GNUTLS_3_3_15. + + +# Auto-generated files: + Several parts of the documentation and the command line tools parameters +files (.def) are auto-generated. Normally when introducing new functions, +or adding new command line options to tools you need to run 'make +files-update', review the output (when feasible) and commit it separately, +e.g., with a message: "auto-generated files update". + + +# Guile bindings: + + Parts of the Guile bindings, such as types (aka. "SMOBs"), enum values, +constants, are automatically generated. This is handled by the modules +under `guile/modules/gnutls/build/'; these modules are only used at +build-time and are not installed. + +The Scheme variables they generate (e.g., constants, type predicates, +etc.) are exported to user programs through `gnutls.scm' and +`gnutls/extra.scm', both of which are installed. + +For instance, when adding/removing/renaming enumerates or constants, +two things must be done: + + 1. Update the enum list in `build/enums.scm' (currently dependencies + are not tracked, so you have to run "make clean all" in `guile/' + after). + + 2. Update the export list of `gnutls.scm' (or `extra.scm'). + +Note that, for constants and enums, "schemefied" names are used, as +noted under the "Guile API Conventions" node of the manual. + +# Automated testing + + GnuTLS primarily relies on gitlab-ci which is configured in .gitlab-ci.yml +file in the repository. The goal is to have a test suite which runs for +every new merge request prior to merging. There are no particular rules for +the test targets, except for them being reliable and running in a reasonable +timeframe (~1 hour). + + +# Reviewing code + + A review as part of the gitlab merge requests, is a way to prevent errors due to +these guidelines not being followed, e.g., verify there is a reasonable test suite, +and whether it covers reasonably the new code, that the function naming is +consistent with these guidelines, as well as check for obvious mistakes in the new +code. + +The intention is to keep reviews lightweight, and rely on CI for tasks such +as compiling and testing code and features. + +A proposed checklist to assist such reviews follows. + * [ ] Any issues marked for closing are addressed + * [ ] There is a test suite reasonably covering new functionality or modifications + * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md` + * [ ] This feature/change has adequate documentation added + * [ ] No obvious mistakes in the code + + +[Guidelines to consider when reviewing.](https://github.com/thoughtbot/guides/tree/master/code-review) diff --git a/ChangeLog b/ChangeLog new file mode 100644 index 0000000..7856ae5 --- /dev/null +++ b/ChangeLog @@ -0,0 +1,40636 @@ +Author: Nikos Mavrogiannopoulos +Date: Tue May 28 07:05:46 2019 +0200 + + doc: do not distribute pdf files + + It compicates the 'make dist' phase and does not add much + value as the files are available from the web site. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue May 28 06:45:56 2019 +0200 + + released 3.6.8 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon May 27 22:34:42 2019 +0200 + + minor updates in the latex version of the manual [ci skip] + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon May 27 21:29:44 2019 +0200 + + doc update [ci skip] + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri May 24 12:59:13 2019 +0200 + + .gitlab-ci.yml: ensure that the LIBS variable is empty after a configure run + + We do not use this variable as it is global and applies to all of + tests, applications and library, and when it is set it is usually due to + bugs in configure.ac. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu May 23 21:20:49 2019 +0200 + + Do not add libraries in the global LIBS in configure + + This ensures that libraries are linked with the programs + requiring them. + + Resolves: #735 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu May 23 11:41:45 2019 +0200 + + bumped version + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri May 24 05:46:18 2019 +0200 + + tests: prf-early fixes the global version + + This allows having fixed data in the hello message involved. + That required exposing the variable holding the global gnutls + version number for testing. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu May 23 21:32:58 2019 +0200 + + certtool: corrected typo in manual [ci skip] + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu May 23 21:11:58 2019 +0200 + + Revert "bumped version" + + In order to make the CI functional again. The version number update + seems to conflict with tests/tls13/prf-early.sh + + This reverts commit d34d93b8713cf10235ce7016fd69b6932b0752c0. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu May 23 15:29:23 2019 +0200 + + tests: prf-early.sh: use the static flag of datefudge + + This eliminates unexpected failures of the test in slower systems. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu May 23 15:41:19 2019 +0200 + + tlsfuzzer: reverted accidental move to incorrect version + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu May 23 11:44:12 2019 +0200 + + NEWS: doc update + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu May 23 11:41:45 2019 +0200 + + bumped version + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Simo Sorce +Date: Wed May 22 15:08:45 2019 -0400 + + Pass down Q for FFDHE in al pre TLS1.3 as well + + Signed-off-by: Simo Sorce + +Author: Simo Sorce +Date: Tue May 21 09:40:01 2019 -0400 + + Check Q for FFDHE primes in prime-check + + These are mersenne primes so q = (p - 1) / 2 + We check that p = (q * 2) + 1 + + Signed-off-by: Simo Sorce + +Author: Simo Sorce +Date: Mon May 20 17:13:12 2019 -0400 + + Always pass in and check Q in TLS 1.3 + + In FIPS mode do an extra check that we did have Q, but it is always + passed into the tls13 derive function from the callers. + + Signed-off-by: Simo Sorce + +Author: Simo Sorce +Date: Fri May 17 14:05:37 2019 -0400 + + Add plumbing to handle Q parameter in DH exchanges + + Signed-off-by: Simo Sorce + +Author: Simo Sorce +Date: Tue May 14 18:38:33 2019 -0400 + + Add test to ensure ECDH exchange behaves correctly + + This test ensures that public keys are properly tested for validity + before a ECDH exchange is computed. + + Signed-off-by: Simo Sorce + +Author: Simo Sorce +Date: Fri May 10 14:49:05 2019 -0400 + + Add test to ensure DH exchange behaves correctly + + This test ensures that public keys are properly tested for validity + before a DH exchange is computed. + + Signed-off-by: Simo Sorce + +Author: Simo Sorce +Date: Fri May 3 12:32:56 2019 -0400 + + Add Full Public Key Check for DH + + This is for NIST SP800-56A requirements and FIPS CAVS testing. + GnuTLS never passes in a non-empty Q for normal operations, but tests will + and if Q is passed in it needs to be checked. + + Signed-off-by: Simo Sorce + +Author: Simo Sorce +Date: Wed May 1 10:57:51 2019 -0400 + + Fix Copy&Paste error + + Signed-off-by: Simo Sorce + +Author: Daiki Ueno +Date: Wed May 22 10:39:27 2019 +0200 + + tls13/key_update: increase handling limit from 1 to 8 + + The limit was too small when testing the capability of handling + multiple KeyUpdate messages with tlsfuzzer. + + This requires a change in the rate limit logic, as previously it + doesn't count the KeyUpdate messages despite the name of + KEY_UPDATES_PER_SEC. + + Signed-off-by: Daiki Ueno + +Author: Daiki Ueno +Date: Wed May 22 11:51:57 2019 +0200 + + tlsfuzzer: use %ALLOW_SMALL_RECORDS for testing + + Signed-off-by: Daiki Ueno + +Author: Daiki Ueno +Date: Wed May 22 11:16:03 2019 +0200 + + priority: add new option to allow small records (>= 64) + + There is a mismatch in the lower limit of record sizes in RFC + 8449 (64) and our default (512). If the server advertises a smaller + limit than our default, the client has no way to keep communicating + with the server. + + This patch adds a new priority string option %ALLOW_SMALL_RECORDS to + set the limit to 64. + + Signed-off-by: Daiki Ueno + +Author: Daiki Ueno +Date: Tue May 21 08:32:21 2019 +0200 + + record_add_to_buffers: check if there is an incomplete handshake header + + The function checks if a Handshake message is interleaved with an + Application Data, but the check was insuffient because it assumed that + a complete header is received in the buffer. + + Signed-off-by: Daiki Ueno + +Author: Daiki Ueno +Date: Fri May 17 11:51:00 2019 +0200 + + algorithms: eliminate the FFDHE alert desc requirement + + This implements the errata for RFC 7919 eliminating the requirement to + reply with an insufficient_security alert when we have negotiated an + FFDHE group, but cannot find common ciphersuite: + https://www.rfc-editor.org/errata/eid4908 + + Signed-off-by: Daiki Ueno + +Author: Aleksei Nikiforov +Date: Fri May 17 14:44:06 2019 +0300 + + Mark second argument of function gnutls_x509_crt_equals2 as const + + This will allow using this function with certificates + returned by function gnutls_certificate_get_peers + without casts dropping const qualifier or + making temporary copies out of retrieved data. + + Signed-off-by: Aleksei Nikiforov + +Author: Nikos Mavrogiannopoulos +Date: Tue May 21 08:22:08 2019 +0200 + + tests: verify functionality of GNUTLS_VERIFY_DISABLE_CA_SIGN flag + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Kenneth J. Miller +Date: Mon Apr 15 17:56:13 2019 +0200 + + pubkey: remove deprecated TLS1_RSA flag check + + The gnutls_certificate_verify_flags comparisons against + OLD_PUBKEY_VERIFY_FLAG_TLS1_RSA conflicts with + GNUTLS_VERIFY_DISABLE_CA_SIGN and no longer seems to be used in calls to + both gnutls_pubkey_verify_data2 and gnutls_pubkey_verify_hash2 as it + seems to have been fully replaced by GNUTLS_VERIFY_USE_TLS1_RSA. + + Resolves: #754 + + Signed-off-by: Kenneth J. Miller + +Author: Nikos Mavrogiannopoulos +Date: Tue May 21 05:54:35 2019 +0200 + + x509.h: corrected typo in newly introduced definition + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon May 20 21:34:30 2019 +0200 + + x509.h: removed stray '%' + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon May 20 16:13:12 2019 +0200 + + certtool: CA certificates will contain the digital signature key usage flag + + This change ensures that all certificates will contain the digital + signature key usage flag if that's specified in the template. + + Resolves: #767 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon May 20 14:40:31 2019 +0200 + + Added profile to correspond to the future security parameter + + It seems that the FUTURE security level parameter was added + without a corresponding verification profile. This patch address + the issue by introducing it. + + Resolves: #770 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon May 20 15:47:41 2019 +0200 + + tests: added unit tests of utc and generalTime convertor + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Daiki Ueno +Date: Mon Apr 29 19:03:55 2019 +0200 + + server auth: disable TLS 1.3 if no signature algorithm is usable + + This is a server side counterpart of + 005a4d04145707daad9588acedfdb5f6cd97c80c. + + Instead of signalling an error when no algorithm is usable in TLS 1.3, + it downgrades the session to TLS 1.2 with a warning. + + Signed-off-by: Daiki Ueno + +Author: Nikos Mavrogiannopoulos +Date: Sat May 18 21:13:10 2019 +0200 + + algorithms/secparams.c: fixed indentation + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon May 20 14:34:56 2019 +0200 + + gnutls-serv: GERR macro will output in stderr + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Tim Rühsen +Date: Mon May 20 11:10:11 2019 +0200 + + Apply STD3 ASCII rules in gnutls_idna_map() + + Signed-off-by: Tim Rühsen + +Author: Tim Rühsen +Date: Fri May 10 11:42:46 2019 +0200 + + Fix _Thread_local for C99 installed in C11 environments + + Signed-off-by: Tim Rühsen + +Author: Tim Rühsen +Date: Fri May 10 11:27:32 2019 +0200 + + Remove redundant typedef of Tspi_Context_GetTpmObject_func() + + Gcc 4.4 errors out on this. + + Signed-off-by: Tim Rühsen + +Author: Tim Rühsen +Date: Wed May 15 09:47:24 2019 +0200 + + Update gnulib for gcc-9 manywarnings + + Signed-off-by: Tim Rühsen + +Author: Nikos Mavrogiannopoulos +Date: Tue May 14 21:39:46 2019 +0200 + + Check all memory allocation in examples and certtool + + Resolves: #739 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Daiki Ueno +Date: Thu Apr 25 17:08:43 2019 +0200 + + ext/record_size_limit: distinguish sending and receiving limits + + The previous behavior was that both sending and receiving limits are + negotiated to be the same value. It was problematic when: + + - client sends a record_size_limit with a large value in CH + - server sends a record_size_limit with a smaller value in EE + - client updates the limit for both sending and receiving, upon + receiving EE + - server sends a Certificate message larger than the limit + + With this patch, each peer maintains the sending / receiving limits + separately so not to confuse with the contradicting settings. + + Signed-off-by: Daiki Ueno + +Author: Dmitry Eremin-Solenikov +Date: Tue May 7 14:49:05 2019 +0300 + + lib/nettle: fix carry flag in Streebog code + + Fix carry flag being calculated incorrectly in Streebog code. + + Signed-off-by: Dmitry Eremin-Solenikov + +Author: Tim Rühsen +Date: Fri May 10 13:31:23 2019 +0200 + + Fix endless looping GETPORT in tests/scripts/common.sh + + Signed-off-by: Tim Rühsen + +Author: Nikos Mavrogiannopoulos +Date: Fri May 10 06:30:12 2019 +0200 + + _gnutls_srp_entry_free: follow consistent behavior in freeing data + + _gnutls_srp_entry_free would previously not free any parameters that + were known to gnutls to account for documented behavior of + gnutls_srp_set_server_credentials_function(). This was not updated + when the newly added 8192 parameter was added to the library. + + This introduces a safety check for generator parameters, even though + in practice they are the same pointer. + + Resolves: #761 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed May 8 22:08:18 2019 +0200 + + dane.h: added multiple inclusion header guard + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed May 8 21:52:54 2019 +0200 + + tools: suppress ctime() error from static analysers + + This function is not thread safe and can be easily misused + even in single threaded scenarios (one such minor bug fixed). + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed May 8 22:05:10 2019 +0200 + + accelerated: added header guards + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Tim Rühsen +Date: Wed May 1 20:33:28 2019 +0200 + + Add or clean header guards in lib/nettle + + Signed-off-by: Tim Rühsen + +Author: Tim Rühsen +Date: Sun Apr 28 12:22:59 2019 +0200 + + Add or clean header guards in tests/ + + Signed-off-by: Tim Rühsen + +Author: Tim Rühsen +Date: Sun Apr 28 12:19:01 2019 +0200 + + Add or clean header guards in src/ + + Signed-off-by: Tim Rühsen + +Author: Tim Rühsen +Date: Sun Apr 28 12:11:13 2019 +0200 + + Add or clean header guards in lib/x509/ + + Signed-off-by: Tim Rühsen + +Author: Tim Rühsen +Date: Sun Apr 28 12:08:27 2019 +0200 + + Add or clean header guards in lib/tls13/ + + Signed-off-by: Tim Rühsen + +Author: Tim Rühsen +Date: Sun Apr 28 12:05:32 2019 +0200 + + Add or clean header guards in lib/extras/ + + Signed-off-by: Tim Rühsen + +Author: Tim Rühsen +Date: Sun Apr 28 12:03:07 2019 +0200 + + Add or clean header guards in lib/ext/ + + Signed-off-by: Tim Rühsen + +Author: Tim Rühsen +Date: Sun Apr 28 11:55:37 2019 +0200 + + Add or clean header guards in lib/auth/ + + Signed-off-by: Tim Rühsen + +Author: Tim Rühsen +Date: Thu Mar 14 21:21:50 2019 +0100 + + Add or clean header guards in lib/ + + Signed-off-by: Tim Rühsen + +Author: Tim Rühsen +Date: Wed Apr 24 21:21:12 2019 +0200 + + Add 'Header guards' section in CONTRIBUTING.md + + Signed-off-by: Tim Rühsen + +Author: Daniel Schaefer +Date: Sun May 5 14:35:02 2019 +0200 + + guile: Properly format guile configure options + + Without the square brackets autoconf turns hyphens into underscores, + which is not what we want or what the help says. + + Signed-off-by: Daniel Schaefer + +Author: Nikos Mavrogiannopoulos +Date: Fri May 3 19:10:03 2019 +0200 + + gnutls_sign_list: document the non-thread-safeness + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Daiki Ueno +Date: Tue Apr 30 14:42:51 2019 +0200 + + crypto: add private API to retrieve internal IV + + For FIPS validation purposes, this adds a new function + _gnutls_cipher_get_iv() that exposes internal IV after encryption and + decryption. The function is not generally useful because the IV value + can be easily calculated from the initial IV and the subsequent + ciphertext but for FIPS validation purposes. + + Signed-off-by: Daiki Ueno + +Author: Daiki Ueno +Date: Mon Apr 29 13:15:33 2019 +0200 + + abi-check: supply --hd2 to abi-check-latest target + + To suppress changes in internal structures. + Suggested by Nikos Mavrogiannopoulos. + + Signed-off-by: Daiki Ueno + +Author: Nikos Mavrogiannopoulos +Date: Sat Apr 20 18:46:23 2019 +0200 + + certtool: refuse to accept an incompatible key type + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Apr 15 14:32:55 2019 +0200 + + certtool: generate RSA-PSS certificates from RSA keys + + When generating certificates it was not possible to generate + an RSA-PSS certificate from an RSA key (common scenario). This + fixes the certificate generation to include such a method. + + Ironically there was a test for this scenario but the test + was limited to checking that the combination of certtool parameters + succeeded; modified the test to check the textual expression of + the certificate for the RSA-PSS indicators. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Daiki Ueno +Date: Fri Apr 19 22:04:24 2019 +0200 + + tls13/session_ticket: use the same ticket_age_add regardless of endianness + + Signed-off-by: Daiki Ueno + +Author: Daiki Ueno +Date: Fri Apr 19 16:59:31 2019 +0200 + + tls13/session_ticket: avoid UB regarding 64-bit time encoding + + On 32-bit platform, struct timespec.tv_sec can be signed 32-bit and + thus right shifting 32 could be an undefined behavior. + + Signed-off-by: Daiki Ueno + +Author: Daiki Ueno +Date: Fri Apr 19 08:12:56 2019 +0200 + + tests: make datefudge check robuster + + When checking datefudge availability under cross-compiling environment + with a binfmt wrapper, it is not sufficient to check against the host + executable. This instead uses a test executable compiled for the + target architecture. + + Signed-off-by: Daiki Ueno + +Author: Daiki Ueno +Date: Thu Apr 11 14:35:32 2019 +0200 + + serv, cli: add --keymatexport option + + This adds --keymatexport and --keymatexportsize options to both + gnutls-serv and gnutls-cli. Those would be useful for testing + interoperability with other implementations. + + Signed-off-by: Daiki Ueno + +Author: Daiki Ueno +Date: Thu Apr 11 12:11:00 2019 +0200 + + prf: add function to retrieve early keying material + + This adds a new function gnutls_prf_early, which shall be called in a + handshake hook waiting for GNUTLS_HANDSHAKE_CLIENT_HELLO. The test + needs to be run in a datefudge wrapper as the early secrets depend on + the current time (through PSK). + + Signed-off-by: Daiki Ueno + +Author: Daiki Ueno +Date: Thu Apr 11 12:07:00 2019 +0200 + + handshake: generate early exporter secret + + Signed-off-by: Daiki Ueno + +Author: Daiki Ueno +Date: Thu Apr 11 12:00:46 2019 +0200 + + handshake: move early secrets calculation to pre_shared_key + + TLS 1.3 Early Secret and the derived keys are calculated upon a PSK + being selected, thus the code fits better in ext/pre_shared_key.c. + + Signed-off-by: Daiki Ueno + +Author: Daiki Ueno +Date: Thu Apr 11 12:10:00 2019 +0200 + + tests/tls13/prf: check if the exported material matches on server + + Signed-off-by: Daiki Ueno + +Author: Daiki Ueno +Date: Thu Apr 11 11:23:26 2019 +0200 + + prf: centrally define "exporter" label in handshake.h + + Signed-off-by: Daiki Ueno + +Author: Andreas Metzler +Date: Thu Apr 18 18:43:30 2019 +0200 + + doc: Add documentation for GNUTLS_CERT_IGNORE + + Signed-off-by: Andreas Metzler + +Author: Daiki Ueno +Date: Tue Apr 16 14:27:10 2019 +0200 + + p11tool: copy vendor query attributes when listing privkeys + + When listing private keys on a specified token, "pin-value" is + ignored and the tool looks for GNUTLS_PIN, because it internally + strips out vendor query attributes from the original URL. + + This also replaces the global uses of GNUTLS_PIN envvar in + testpkcs11.sh to check the case where the envvar is not in effect. + + Signed-off-by: Daiki Ueno + +Author: Nikos Mavrogiannopoulos +Date: Sun Apr 7 13:22:21 2019 +0200 + + abi-check: simplify ABI comparison using libabigail tools + + These have output ABI format compatibility and that means we can + take snapshots to test ABI against. We also hard-code explicitly + the SONAME version to ensure no accidental SONAME bumps happen. + + This patch also moves symbols.last in the devel/ subdirectory + and no internal files are shipped. + + Relates: #292 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sun Apr 7 18:29:02 2019 +0200 + + .gitignore: ignore tests/libpkcs11mock2.la + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sun Apr 7 14:30:30 2019 +0200 + + gnutls.h: re-define GNUTLS_CRT_RAWPK + + This was available before 3.6.4, and was incorrectly removed. + It was found using libabigail tools. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Bernhard M. Wiedemann +Date: Sun Apr 14 16:53:52 2019 +0200 + + Extend test cert to 2049-05-27 + + instead of expiring in 2024-02-29 + This update did not trigger y2038 bugs on 32-bit systems. + + Without this patch, one test fails after 2024: + doit:124: rsa pss key: gnutls_x509_crt_verify_data2 | + FAIL x509sign-verify (exit status: 1) + + Signed-off-by: Bernhard M. Wiedemann + +Author: Andreas Metzler +Date: Sun Apr 14 15:25:31 2019 +0000 + + Fix link error with gcc-9 + + Use LDADD instead of LDFLAGS to link test cipher-openssl-compat against + libcrypto. This fixes a build error with gcc9 which passes the linker + option --as-needed by default. + + Signed-off-by: Andreas Metzler + +Author: Nikos Mavrogiannopoulos +Date: Sun Apr 14 16:15:23 2019 +0200 + + doc: mark TLS1.2 functions as such [ci skip] + + gnutls_cipher_suite_get_name and gnutls_session_get_master_secret + are marked as TLS1.2 or earlier-only as they cannot be used with + TLS 1.3. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sat Apr 13 08:37:50 2019 +0200 + + gnutlsxx.h: removed fixme comments [ci skip] + + They served no purpose. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sat Apr 13 08:33:57 2019 +0200 + + gnutls-cli: renamed global variable name + + That is because the same variable name is used by local + variables as well. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Tim Rühsen +Date: Thu Apr 11 09:46:21 2019 +0200 + + Fix WIN32 custom push/pull functions + + Signed-off-by: Tim Rühsen + Reported-by: J. Ali Harlow (@j_ali on Gitlab.com) + +Author: Daiki Ueno +Date: Tue Apr 9 18:20:15 2019 +0200 + + tests: fix race condition in tls13/post-handshake-with-cert-pkcs11 + + The test had a strange setup of server/client processes: the server + runs in a child process and the client runs in a parent process. The + intention behind this was to detect softhsm availability in the parent + process and exit with 77 if missing. However, there was a potential + race when the server exits and proceeds to the next call of start(). + + This fixes the process setup and moves the softhsm detection at the + program startup. + + Signed-off-by: Daiki Ueno + +Author: Alon Bar-Lev +Date: Tue Apr 9 19:01:46 2019 +0300 + + build: rename guile variables to match upstream names + + Reduce confusion between the upstream terms and the gnutls terms. + + Signed-off-by: Alon Bar-Lev + +Author: Alon Bar-Lev +Date: Wed Apr 3 18:42:26 2019 +0300 + + build: allow override guile system location + + guile has three settings acquired from system: + * GUILE_SITE + * GUILE_SITE_CCACHE + * GUILE_EXTENSION + + The =guile-2.2 m4 macro provides all settings for build to use as default, + while allowing to override each. + + Resolves: #748 + Signed-off-by: Alon Bar-Lev + +Author: Marius Bakke +Date: Tue Apr 9 14:17:09 2019 +0200 + + Makefile.am: Don't assume autoopts-config returns a single dash. + + On distributions such as Nix or Guix, `autoopts-config libsrc` may + return something along the lines of + "/gnu/store/...-autogen-5.18.16/share/autogen/libopts-42.1.17.tar.gz". + + * Makefile.am (libopts-check): Print only the last field from + autoopts-config output. + + Signed-off-by: Marius Bakke + +Author: Tim Rühsen +Date: Tue Apr 9 12:19:00 2019 +0200 + + Pass CI commit check if branches are 'even' + + Signed-off-by: Tim Rühsen + +Author: Alon Bar-Lev +Date: Mon Apr 8 20:34:24 2019 +0300 + + tests: cert-tests: crl: cleanup files + + Signed-off-by: Alon Bar-Lev + +Author: Alon Bar-Lev +Date: Tue Apr 9 07:59:53 2019 +0300 + + ci: refresh the cache due to failures in debian + + Signed-off-by: Alon Bar-Lev + +Author: Nikos Mavrogiannopoulos +Date: Sun Apr 7 13:03:20 2019 +0200 + + CONTRIBUTING.md: document unit testing method of internal functions [ci skip] + + Resolves: #749 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Daiki Ueno +Date: Thu Apr 4 16:51:28 2019 +0200 + + tests: add post-handshake auth test using PKCS#11 token + + This adds a test that exercise the client's auth rejection logic, + using the RSA-PSS disabled PKCS #11 token. + + Signed-off-by: Daiki Ueno + +Author: Daiki Ueno +Date: Thu Apr 4 16:40:11 2019 +0200 + + tests: add mock PKCS#11 module disabling RSA-PSS + + This adds libpkcs11mock2.so, which wraps SoftHSM but filters out the + use of the CKM_RSA_PKCS_PSS mechanism. That way we can simulate the + situation where the certificate is RSA while the private key cannot be + used for RSA-PSS. + + Signed-off-by: Daiki Ueno + +Author: Nikos Mavrogiannopoulos +Date: Sat Apr 6 08:34:43 2019 +0200 + + nettle: include config.h before checking for definitions + + This makes sure that we don't include the internal backport + if compiled with a version of nettle that includes that code. + We also exclude nettle/backport from the static analyzer's list + as it contains files outside our control (from nettle project). + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Maciej S. Szmigiero +Date: Thu Mar 28 23:04:13 2019 +0100 + + gnutls_memset(): calling explicit_bzero() is enough to zero-fill a buffer + + If we use explicit_bzero() to zero-fill a buffer in gnutls_memset() we + don't need to zero it again via a volatile trick later in this function. + + Signed-off-by: Maciej S. Szmigiero + +Author: Elta Koepp +Date: Fri Apr 5 10:04:12 2019 -0400 + + [OSCP] Fix : null pointer resp + + Signed-off-by: Elta Koepp + +Author: Daiki Ueno +Date: Thu Apr 4 17:01:24 2019 +0200 + + cert auth: reject auth if no signature algorithm is usable in TLS 1.3 + + Previously, when there is no overlap between usable signature + algorithms and the "signature_algorithms" extension in Certificate + Request, the client failed in sending Certificate Verify, followed by + a connection close. In TLS 1.3, it is possible to keep the connection + but reject the authentication by not sending Certificate Verify. + + Signed-off-by: Daiki Ueno + +Author: Daiki Ueno +Date: Mon Apr 1 14:14:12 2019 +0200 + + handshake: remove unnecessary HSK_CRT_SENT flag + + Previously, while the flag HSK_CRT_SENT was checked in + _gnutls13_send_certificate_verify, the flag was never set anywhere. + + Signed-off-by: Daiki Ueno + +Author: Nikos Mavrogiannopoulos +Date: Wed Apr 3 11:59:37 2019 +0200 + + .gitlab-ci.yml: do not run commit-check on master branch + + That is, because there are no diffs to check. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Simo Sorce +Date: Fri Mar 29 14:01:14 2019 -0400 + + Fix check_if_signed + + Fix the target branch we check against by adding upstream as remote. + + Drop the use of set -e as this causes the shell to immediately exit on + errors instead of allowing the code to check the failure and report what + it faled about. + + Also print which commits are being checked and what information was found + so that a CI failure can be better diagnosed. + + Signed-off-by: Simo Sorce + +Author: Nikos Mavrogiannopoulos +Date: Sat Mar 30 05:37:02 2019 +0100 + + doc update [ci skip] + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Simo Sorce +Date: Fri Oct 19 15:53:27 2018 -0400 + + Vendor in XTS functionality from Nettle + + If nettle's XTS is not available, use a vendored in version from master. + This is necessary as long as we need to link against 3.4 for ABI + compatibility reasons. + + Signed-off-by: Simo Sorce + +Author: Nikos Mavrogiannopoulos +Date: Fri Mar 29 06:08:06 2019 +0100 + + fuzz: improvements in gnutls_x509_verify_fuzzer [ci skip] + + Added a larger set of corpus (generated with afl-fuzz), and made + sure that the fuzzer application crashes if verification succeeds. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Tim Rühsen +Date: Thu Mar 28 10:41:13 2019 +0100 + + Let check_if_signed fail if git fails + + Signed-off-by: Tim Rühsen + +Author: Elta Koepp +Date: Wed Mar 27 13:38:50 2019 +0000 + + Update ocsptool-common.c + +Author: Elta Koepp +Date: Wed Mar 27 12:55:55 2019 +0000 + + Detect malloc failure. + + malloc(data.size + 1) maybe returns NULL on failure. + +Author: Nikos Mavrogiannopoulos +Date: Wed Mar 27 07:21:31 2019 +0100 + + released 3.6.7 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Daiki Ueno +Date: Mon Mar 25 16:06:39 2019 +0100 + + handshake: add missing initialization of local variable + + Resolves: #704 + + Signed-off-by: Daiki Ueno + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Mar 25 15:47:51 2019 +0100 + + fuzz: added fuzzer for certificate verification + + This also adds a reproducer for CVE-2019-3829. + + Resolves: #694 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Mar 26 16:11:42 2019 +0100 + + bumped version + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Anderson Toshiyuki Sasaki +Date: Tue Mar 26 11:05:06 2019 +0100 + + fips140: Perform SHA-3 self tests + + It is required to perform the self tests to validate SHA-3 + implementation. + + Signed-off-by: Anderson Toshiyuki Sasaki + +Author: Nikos Mavrogiannopoulos +Date: Sun Mar 24 08:37:05 2019 +0100 + + tools: removed unused code + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Ke Zhao +Date: Thu Mar 21 11:27:24 2019 -0400 + + gnutls-cli: Fix output with option "--logfile" + + The X.509 connection would still print informational message to the + stdout by default. Move that output to logfile and add x509 functionality + test in the test suite. + + Signed-off-by: Ke Zhao + +Author: Alon Bar-Lev +Date: Sat Mar 23 00:38:17 2019 +0200 + + configure.ac: remove --with-guile-site-dir + + The hack of distcheck is not known and should not be the default as the + GUILE_SITE_DIR macro is the default expected behavior. + + There is little value in specifying any other location of the site-dir as it + is out of the guile configuration so best to remove. + + Signed-off-by: Alon Bar-Lev + +Author: Nikos Mavrogiannopoulos +Date: Wed Mar 20 11:40:15 2019 +0100 + + _x509_en/decode_provable_seed: clarified purpose of functions [ci skip] + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Mar 1 11:15:47 2019 +0100 + + handshake: increase the default number of tickets we send to 2 + + This makes it easier for clients which perform multiple connections + to the server to use the tickets sent by a default server. That's + because 2 tickets allow for 2 new connections (if one is using each + ticket once as recommended), which in turn lead to 4 new and so on. + + Resolves: #596 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sat Feb 23 21:02:56 2019 +0100 + + Improved estimation of wait in gnutls_session_get_data2 + + Previously we would wait an arbitrary value of 50ms for the + server to send session tickets. This change makes the client + wait for the estimated single trip time + 60 ms for the server + to calculate the session tickets. This improves the chance + to obtain tickets from internet servers during the call of + gnutls_session_get_data2(). + + Resolves: #706 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sat Mar 16 19:59:07 2019 +0100 + + doc update + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Ke Zhao +Date: Wed Mar 6 13:23:24 2019 -0500 + + gnutls-cli: Add option "--logfile" to redirect information message output + + First, add an option "--logfile" so user could choose a specific file to + store all the informational messages. In some cases, informational + messages may cause unexpected result if the output is standard output. + + With this option, user could redirect these messages to a specific + file. This will be helpful in testing and tracking. + + Second, replace printf() function with log_msg() function + + This log_msg() function is used when "--logfile" is enabled. + + Third, add a functionality test for "--logfile" option + + Add a test script to test if "--logfile" option works as it should be. + + Signed-off-by: Ke Zhao + +Author: Nikos Mavrogiannopoulos +Date: Fri Mar 15 17:00:17 2019 +0100 + + Removed all FIXME comments in code [ci skip] + + We expand informational comments on limitations, but with removing + FIXME (keyword didn't help fixing these), and remove completely unhelpful + comments, obsolete ones, or comments about ideas. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Mar 13 15:14:37 2019 +0100 + + pkcs11: security officer login implies writable session + + According to the PKCS#11 v2.30, 6.7.1 there are no read-only Security Officer + sessions. + + Resolves: #721 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Steve Lhomme +Date: Wed Mar 13 14:54:28 2019 +0000 + + inet_ntop is available in Windows but not via arpa/inet.h + + It's found in ws2tcpip.h which is already included in gnutls_int.h + + arpa/inet.h doesn't exist on Windows, so add arpa_inet to the list of headers + replaced by gnulib if not found. + + Signed-off-by: Steve Lhomme + +Author: Tim Rühsen +Date: Thu Mar 7 10:16:46 2019 +0100 + + Update the GNU Free Documentation License (FDL) + + Signed-off-by: Tim Rühsen + +Author: Tim Rühsen +Date: Mon Feb 25 10:36:36 2019 +0100 + + Fix URL of ABI compliance checker + + Signed-off-by: Tim Rühsen + +Author: Tim Rühsen +Date: Mon Feb 25 10:32:24 2019 +0100 + + Fix URLs of p11-kit + + Signed-off-by: Tim Rühsen + +Author: Tim Rühsen +Date: Tue Feb 5 17:00:41 2019 +0100 + + Use https:// in lib/, src/, and m4/ + + Signed-off-by: Tim Rühsen + +Author: Tim Rühsen +Date: Tue Feb 5 16:56:08 2019 +0100 + + Use https:// for arbitrary files #1 + + Signed-off-by: Tim Rühsen + +Author: Tim Rühsen +Date: Tue Feb 5 16:44:37 2019 +0100 + + Use https:// for www.iana.org + + Signed-off-by: Tim Rühsen + +Author: Tim Rühsen +Date: Tue Feb 5 16:25:25 2019 +0100 + + Use https:// for csrc.nist.gov + + Signed-off-by: Tim Rühsen + +Author: Tim Rühsen +Date: Tue Feb 5 16:22:43 2019 +0100 + + Use https:// for www.gnu.org and www.example.com + + Signed-off-by: Tim Rühsen + +Author: Nikos Mavrogiannopoulos +Date: Wed Mar 13 09:03:39 2019 +0100 + + .gitlab-ci.yml: updated cache key name + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sun Mar 10 13:59:32 2019 +0100 + + tests: verify that 'certtool -i --outder' does not output text + + A common regression in the past, was certtool outputting text while + writing raw DER data. Ensure that the certificate-info option does not + regress. + + Resolves: #627 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sat Mar 9 21:50:46 2019 +0100 + + SECURITY.md: updated to reflect the current practice [ci skip] + + This change updates the SECURITY guidelines to reflect the current + practice (no special security releases), and thus refer directly + to the upcoming or following release. Furthermore, it removes + any mention of absolute time, as the release cadence is already + fixed to bi-monthly. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sat Mar 9 21:14:39 2019 +0100 + + doc: removed cyclo subdir + + This directory had a makefile which was intended to calculate the cyclomatic + complexity, however that was not functional, and not related with gnutls' + documentation. + + Resolves: #727 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Mar 8 20:17:49 2019 +0100 + + NEWS: fix NEWS entries [ci skip] + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Daiki Ueno +Date: Mon Mar 4 17:17:47 2019 +0100 + + tls13/certificate: utilize "certificate_required" alert + + This could make errors more distinguishable when the client sends no + certificates or a bad certificate. + + Signed-off-by: Daiki Ueno + +Author: Daiki Ueno +Date: Wed Feb 27 18:38:09 2019 +0100 + + alert: recognize "certificate_required" + + This may be sent if the server received an empty Certificate message. + + Signed-off-by: Daiki Ueno + +Author: Anderson Toshiyuki Sasaki +Date: Fri Jan 18 13:17:46 2019 +0100 + + .gitlab-ci.yml: Test FIPS HMAC self-test + + This enables the integrity self-tests in FIPS140 test build. + + Signed-off-by: Anderson Toshiyuki Sasaki + +Author: Anderson Toshiyuki Sasaki +Date: Fri Jan 11 11:23:21 2019 +0100 + + fips140: Ignore newlines read at the end of HMAC file + + This makes the integrity check to ignore newlines appended after the + HMAC value. + + Signed-off-by: Anderson Toshiyuki Sasaki + +Author: Anderson Toshiyuki Sasaki +Date: Thu Jan 10 14:04:02 2019 +0100 + + fips140: Fix the names of files used in integrity checks + + The names of the libraries haven't been updated when the soname version + were bumped. + + Signed-off-by: Anderson Toshiyuki Sasaki + +Author: Bas van Schaik +Date: Thu Feb 28 22:15:26 2019 +0000 + + Create .lgtm.yml for LGTM.com C/C++ analysis + + Signed-off-by: Bas van Schaik + +Author: Nikos Mavrogiannopoulos +Date: Mon Feb 25 14:41:24 2019 +0100 + + .gitlab-ci.yml: added thread sanitizer run + + This checks for unsafe uses of variables in our included threaded + tests. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Feb 25 14:35:16 2019 +0100 + + Protected _gnutls_epoch_get from _gnutls_epoch_gc on false start + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Feb 25 15:11:19 2019 +0100 + + gnutls_record_send2: try to ensure integrity of operations on false and early start + + This adds a double check in the sanity check of gnutls_record_send2() + for the initial_negotiation_completed value, making sure that the + check will be successful even in parallel operation of send/recv. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sun Feb 24 21:13:27 2019 +0100 + + mini-dtls-pthread: renamed and fixed several shortcomings + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sun Feb 24 00:19:21 2019 +0100 + + Make false start and early start multi-thread recv/send safe + + An application that is sending and receiving from different threads + after handshake is complete cannot take advantage of false start because + gnutls_record_send2() detects operations during the handshake process + as invalid. + + Because in early start and false start the remaining handshake process needs + only to receive data, and the sending side is already set-up, this error + detection is bogus. With this patch we remove it. + + Resolves: #713 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sat Feb 23 18:57:09 2019 +0100 + + doc: added more information on operation under multiple threads + + Relates: #713 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Tim Rühsen +Date: Fri Mar 1 20:13:38 2019 +0100 + + Update ./bootstrap from latest gnulib + + Signed-off-by: Tim Rühsen + +Author: Nikos Mavrogiannopoulos +Date: Wed Feb 27 10:01:47 2019 +0100 + + Clarifications on AEAD ciphers + + Relates: #716 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Feb 27 09:29:04 2019 +0100 + + Improve documentation for gnutls_cipher_get_iv_size + + This clarifies what is returned and what is to be expected on algorithms + with variable IV sizes. + + Resolves: #717 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Feb 26 15:42:01 2019 +0100 + + pkcs11: clarify GNUTLS_PKCS11_TOKEN_MODNAME presence [ci skip] + + Resolves: #633 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Feb 26 15:21:48 2019 +0100 + + cppcheck: suppress warning on nettle code [ci skip] + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Andreas Metzler +Date: Sat Feb 23 18:43:49 2019 +0100 + + gnutls-cli: fix --benchmark-ciphers type overflow + + Signed-off-by: Andreas Metzler + +Author: Nikos Mavrogiannopoulos +Date: Sat Feb 23 21:19:06 2019 +0100 + + _gnutls_recv_handshake: added explicit sanity checks + + Although, this function acts on the message provided as expected and thus + it should never call a message parsing function on unexpected + messages, we make a more explicit sanity check. This unifies the + sanity checks existing within the involved functions. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Tim Rühsen +Date: Tue Feb 12 15:20:23 2019 +0100 + + gnutls_x509_crt_init: Fix dereference of NULL pointer + + Signed-off-by: Tim Rühsen + +Author: Tim Rühsen +Date: Tue Feb 12 15:14:07 2019 +0100 + + Remove redundant resets of variables after free() + + Signed-off-by: Tim Rühsen + +Author: Tim Rühsen +Date: Tue Feb 12 15:09:11 2019 +0100 + + Automatically NULLify after gnutls_free() + + This method prevents direct use-after-free and + double-free issues. + + Signed-off-by: Tim Rühsen + +Author: Daiki Ueno +Date: Tue Feb 19 13:56:35 2019 +0100 + + tlsfuzzer: update to the latest upstream for downgrade protection tests + + Signed-off-by: Daiki Ueno + +Author: Daiki Ueno +Date: Sat Feb 9 10:26:56 2019 +0100 + + ext/supported_versions: regenerate server random + + This adds a call to _gnutls_gen_server_random() in handling the + "supported_versions" extension, so that the TLS 1.3 downgrade sentinel + is set only when the earlier versions are selected. + + Signed-off-by: Daiki Ueno + +Author: Tim Rühsen +Date: Tue Feb 5 11:01:20 2019 +0100 + + Update ax_code_coverage.m4 to latest release of autoconf-archive + + Signed-off-by: Tim Rühsen + +Author: Hugo Beauzée-Luyssen +Date: Thu Feb 21 14:49:36 2019 +0100 + + lib: x509: Minor directory browsing simplification + + Signed-off-by: Hugo Beauzée-Luyssen + +Author: Hugo Beauzée-Luyssen +Date: Mon Feb 18 14:41:56 2019 +0100 + + Revert "Revert "verify-high2: Fix cert dir iteration on Win32"" + + This reverts commit 681330882da19099eea360fab141cab937c45677. + + Signed-off-by: Hugo Beauzée-Luyssen + + This revert also contains the fix to the original commit (invalid + utf8->utf16 conversion) and a minor simplification of the _treaddir loop. + +Author: Hugo Beauzée-Luyssen +Date: Mon Feb 18 17:12:54 2019 +0100 + + iconv: Allow _gnutls_utf8_to_ucs2 to output little endian + + Signed-off-by: Hugo Beauzée-Luyssen + +Author: Hugo Beauzée-Luyssen +Date: Mon Feb 18 09:37:04 2019 +0100 + + lib: Provide _Thread_local on MSVC + + Signed-off-by: Hugo Beauzée-Luyssen + +Author: Tim Rühsen +Date: Mon Feb 18 21:38:38 2019 +0100 + + Add test for starttls XMPP + + Signed-off-by: Tim Rühsen + +Author: Tim Rühsen +Date: Wed Feb 6 11:30:06 2019 +0100 + + gnutls-cli: Fix --starttls-proto=xmpp + + Fixes two issues with gnutls-cli --starttls-proto=xmpp: + 1. Print 'Timeout' on timeout instead of random errno message + 2. Do not wait for linefeed when using XMPP (XML) + + Signed-off-by: Tim Rühsen + +Author: Tim Rühsen +Date: Mon Feb 18 15:38:56 2019 +0100 + + check_if_signed: Get source branch if not set + + Signed-off-by: Tim Rühsen + +Author: R. Andrew Bailey +Date: Thu Feb 14 09:38:33 2019 -0500 + + tests: wrap ADD_SYSCALL for getrandom in test for SYS_getrandom + + Signed-off-by: R. Andrew Bailey + +Author: Daiki Ueno +Date: Fri Feb 8 14:46:33 2019 +0100 + + gnutls_record_set_max_size: make it work on server side + + The record_size_limit extension can also be specified by the server to + indicate the maximum plaintext. Also add test cases for asymmetric + settings between server and client. + + Signed-off-by: Daiki Ueno + +Author: Daiki Ueno +Date: Thu Jan 31 13:39:35 2019 +0100 + + tlsfuzzer: update to the latest upstream for record_size_limit test + + Signed-off-by: Daiki Ueno + +Author: Daiki Ueno +Date: Fri Feb 8 13:22:13 2019 +0100 + + ext/record_size_limit: account for content type octet in TLS 1.3 + + In TLS 1.3, the protocol maximum of plaintext size is 2^14+1, while + it is 2^14 in TLS 1.2. To accommodate that, this introduces the + following invariant: + - when the maximum is set by the user with + gnutls_record_set_max_size(), store it as is. The value range is + [511, 16834]. + - when the maximum is negotiated through record_size_limit extension, + it can be [512, 16385]. In TLS 1.3, subtract by 1 to fit in [511, + 16384]. + + Signed-off-by: Daiki Ueno + +Author: Daiki Ueno +Date: Thu Jan 31 16:56:55 2019 +0100 + + decrypt_packet_tls13: add check for max plaintext size + + There is check in _gnutls_recv_in_buffers already, but for TLS 1.3 we + need to take account of the padding. + + Signed-off-by: Daiki Ueno + +Author: Daiki Ueno +Date: Fri Jan 25 17:00:44 2019 +0100 + + record: reject too large plaintext after decryption + + Signed-off-by: Daiki Ueno + +Author: Daiki Ueno +Date: Wed Jan 30 16:45:08 2019 +0100 + + constate: reset max_record_recv_size upon renegotiation + + Signed-off-by: Daiki Ueno + +Author: Daiki Ueno +Date: Wed Jan 30 10:21:07 2019 +0100 + + session_pack: reset max_record_recv_size when packing + + Signed-off-by: Daiki Ueno + +Author: Daiki Ueno +Date: Thu Jan 17 11:53:35 2019 +0100 + + ext/record_size_limit: don't confuse with negotiated/user-supplied maximum + + As documented in gnutls_int.h, max_record_send_size is for tracking + the user-supplied maximum, while max_record_recv_size for the + protocol negotiated maximum. + + Signed-off-by: Daiki Ueno + +Author: Daiki Ueno +Date: Sun Jan 20 09:18:21 2019 +0100 + + ext/max_record: server shouldn't send it with record_size_limit + + Otherwise, the connection will be disconnected by the client, as + suggested in RFC: A client MUST treat receipt of both + "max_fragment_length" and "record_size_limit" as a fatal error, and it + SHOULD generate an "illegal_parameter" alert. + + Signed-off-by: Daiki Ueno + +Author: Daiki Ueno +Date: Thu Feb 7 16:28:52 2019 +0100 + + _gnutls_hello_ext_is_present: don't ignore max_fragment_length + + The extension is assigned the internal ID 0. + + Signed-off-by: Daiki Ueno + +Author: Daiki Ueno +Date: Fri Jan 25 17:04:40 2019 +0100 + + .dir-locals.el: disable indent-tabs-mode in js-mode + + Signed-off-by: Daiki Ueno + +Author: Nikos Mavrogiannopoulos +Date: Thu Feb 14 13:01:34 2019 +0100 + + bootstrap.conf: do not override GNULIB_SRCDIR + + This was not set in all of our CI platforms, and was causing + issues in MacOSX. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Feb 11 09:18:46 2019 +0100 + + x509: corrected issue in the algorithm parameters comparison + + Each certificate has two fields to set the signature algorithm + and parameters used for the digital signature. One of the fields is + authenticated and the other is not. It is required from RFC5280 to + enforce the equality of these fields, but currently due to an issue + we wouldn't enforce the equality of the parameters fields. This + fix corrects the issue. + + We also move an RSA-PSS certificate in chainverify that was relying + on invalid parameters, to this set of invalid certificates. + + Resolves: #698 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Feb 13 07:54:59 2019 +0000 + + tests: added further checks for gnutls_pkcs11_token_get_info + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Tim Rühsen +Date: Tue Jan 29 16:10:59 2019 +0100 + + Fix uninitialized warning in pkcs11.c + + Signed-off-by: Tim Rühsen + +Author: Tim Rühsen +Date: Wed Feb 13 17:22:21 2019 +0100 + + Cleanup lib/auth/cert.c as suggested by cppcheck + + Signed-off-by: Tim Rühsen + +Author: Tim Rühsen +Date: Mon Feb 11 10:41:47 2019 +0100 + + Fix 32bit overflow issue in src/serv-args.def + + Fixing this warning seen on 32bit architectures: + + serv-args.c: In function 'doOptMaxearlydata': + serv-args.c:1431:14: warning: overflow in conversion from 'long long int' to 'long int' changes value from '4294967296' to '0' [-Woverflow] + { 1, 4294967296 } }; + ^~~~~~~~~~ + + Signed-off-by: Tim Rühsen + +Author: Tim Rühsen +Date: Fri Feb 8 13:03:30 2019 +0100 + + Remove typedef'ing ssize_t in gnutls.h + + Signed-off-by: Tim Rühsen + +Author: Tim Rühsen +Date: Wed Feb 6 20:54:45 2019 +0100 + + Use inet_pton() from gnulib + + Signed-off-by: Tim Rühsen + +Author: Nikos Mavrogiannopoulos +Date: Sat Feb 9 10:52:29 2019 +0100 + + bootstrap: refuse to bootstrap if any dependencies bring gnulib's network stack + + If gnulib's network stack is brought (due to a dependency) in the library + it will make the library unusable to non-gnulib using applications. This + prevents windows applications for example to use gnutls, and so on. Even + more it is quite hard to catch that issue because our testsuite uses + gnulib as well. Instead we try to catch the these modules at import time. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Tim Rühsen +Date: Wed Feb 6 20:35:11 2019 +0100 + + Use inet_ntop() from gnulib + + Signed-off-by: Tim Rühsen + +Author: Nikos Mavrogiannopoulos +Date: Sun Feb 3 12:18:30 2019 +0100 + + _gnutls_gen_rawpk_crt: corrected the use of assert + + The API could return 0 or 1 matching certificates. The case of zero + can only happen in client side. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sun Feb 3 08:47:50 2019 +0100 + + raw public keys: apply the key usage bits the same way as X.509 + + That is, we require a signing certificate when negotiating + TLS1.3, or when sending a client certificate (on all cases). + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sat Feb 2 09:13:40 2019 +0100 + + Fallback to TLS 1.2 when incompatible with signature certs are provided + + This only takes into account certificates in the credentials structure. + If certificates are provided in a callback, these must be checked by + the provider. For that we assume that the credentials structure is + filled when associated with a session; if not then the fallback mechanism + will not work and the handshake will fail. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sat Feb 2 07:10:10 2019 +0100 + + Enforce the certificate key usage restrictions on all cases + + That is, we require a signing certificate when negotiating + TLS1.3, or when sending a client certificate (on all cases). + + Before we would not perform any checks under TLS1.3 or when client + certificates are sent, assuming that the certificates used will always + be signing ones. However if the user sets up incorrectly a decryption + certificate we would use it for signing. This fix makes sure that an + error is returned early when these scenarios are detected. + + Resolves: #690 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Tim Rühsen +Date: Mon Jan 21 12:54:58 2019 +0100 + + Fetch OSS-Fuzz corpora much faster [skip ci] + + Signed-off-by: Tim Rühsen + +Author: Nikos Mavrogiannopoulos +Date: Mon Feb 4 15:10:19 2019 +0100 + + .triage-policies.yml: added [ci skip] + + This adds a set of policies regarding issues and merge requests + to be enforced by the gitlab-triage bot. That is: + - Issues without any label for more than a month are marked + with needs attention label + - Issues with needinfo label are closed if they are not updated + within a month + - Merge requests marked as WIP with no update within 5 months + are closed. + + These rules are not enforced automatically; we have to schedule + a run of the gitlab-triage bot. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Dmitry Eremin-Solenikov +Date: Sat Feb 2 17:47:48 2019 +0300 + + build: do not generate mech-list.h if p11-kit is not available + + Compiling GnuTLS with no p11-kit installed will result in a serie of + warnings during build time because mech-list.h will be generated even if + pkcs11 tool compilation is disabled. Move mech-list.h generation to + happen only if pkcs11 is enabled, thus removing these warnings. + + Signed-off-by: Dmitry Eremin-Solenikov + +Author: Dmitry Eremin-Solenikov +Date: Sat Feb 2 17:32:01 2019 +0300 + + build: pass NETTLE_LIBS together with HOGWEED_LIBS + + libhogweed might depend on exact non-system-wide nettle, so let's pass + NETTLE_LIBS flags together when using HOGWEED_LIBS. + + Signed-off-by: Dmitry Eremin-Solenikov + +Author: Tim Rühsen +Date: Sat Jan 26 21:44:28 2019 +0100 + + Add GNUTLS_E_RECEIVED_DISALLOWED_NAME for illegal SNI names + + An illegal/disallowed SNI server name previously generated + the misleading message "An illegal parameter has been received.". + + This commit changes it to + "A disallowed SNI server name has been received.". + + Signed-off-by: Tim Rühsen + +Author: Dmitry Eremin-Solenikov +Date: Wed Jan 30 21:58:34 2019 +0300 + + lib/nettle: replace nettle-stdint.h with just stdint.h + + Nettle library is going to drop nettle-stdint.h. Replace this include + with with just . + + Signed-off-by: Dmitry Eremin-Solenikov + +Author: Tim Rühsen +Date: Mon Jan 28 15:25:30 2019 +0100 + + Fix 'make glimport' and update CONTRIBUTING.md + + Signed-off-by: Tim Rühsen + +Author: Alon Bar-Lev +Date: Sun Jan 27 13:59:56 2019 +0200 + + .gitignore: add test files + + Signed-off-by: Alon Bar-Lev + +Author: Alon Bar-Lev +Date: Sun Jan 27 13:17:35 2019 +0200 + + build: detect previous supported guile + + A recent change in the m4 macro of guile enforces latest guile: + --- + AC_DEFUN([GUILE_PROGS], + [_guile_required_version="m4_default([$1], [$GUILE_EFFECTIVE_VERSION])" + if test -z "$_guile_required_version"; then + _guile_required_version=2.2 + fi + --- + + The result: + --- + checking for guile-snarf... /usr/bin/guile-snarf + checking for guild... /usr/bin/guild + checking for guile-2.2... no + checking for guile2.2... no + checking for guile-2... no + checking for guile2... no + checking for guile... /usr/bin/guile + checking for Guile version >= 2.2... configure: error: Guile 2.2 required, but 2.0.14 found + --- + + Probably best to specify the supported version explicitly when calling + GUILE_PROGS, to keep existing behavior calling the GUILE_PKG detects the + existing packages. + + Signed-off-by: Alon Bar-Lev + +Author: Tim Rühsen +Date: Fri Jan 25 11:51:56 2019 +0100 + + Fix unused var warning in guile/src/core.c + + Signed-off-by: Tim Rühsen + +Author: Tim Rühsen +Date: Fri Jan 25 12:26:46 2019 +0100 + + Fix abi-check failure + + Signed-off-by: Tim Rühsen + +Author: Nikos Mavrogiannopoulos +Date: Fri Jan 25 08:32:17 2019 +0100 + + NEWS: updated + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Jan 25 08:24:21 2019 +0100 + + src/Makefile.am: remove .bak files before autogenerating + + This avoids errors due to files pre-existing but not being + writable. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Jan 25 08:18:01 2019 +0100 + + bumped versions + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Jan 25 08:13:26 2019 +0100 + + Makefile.am: require guile-2.2 for release + + That's because guile.m4 from previous releases has issues + with the latest version. + + Resolves: #631 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Jan 24 20:25:59 2019 +0100 + + priorities: when %NO_EXTENSIONS is specified disable TLS1.3 + + This makes the behavior of this priority string option well-defined + even when TLS1.3 is enabled. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Andreas Metzler +Date: Thu Jan 24 18:48:40 2019 +0100 + + certtool.1: fix formatting + + Apostroph at start of a line is a control character in manpages, avoid + it. Also drop wrong indent. + See https://bugs.debian.org/920215 + + Signed-off-by: Andreas Metzler + +Author: Daiki Ueno +Date: Wed Jan 23 17:52:47 2019 +0100 + + tlsfuzzer: update to the latest upstream for record_size_limit tests + + Signed-off-by: Daiki Ueno + +Author: Dmitry Eremin-Solenikov +Date: Thu Jan 24 01:57:13 2019 +0300 + + configure.ac: fix substitution for libatomic + + Signed-off-by: Dmitry Eremin-Solenikov + +Author: Nikos Mavrogiannopoulos +Date: Wed Jan 23 20:51:11 2019 +0100 + + .travis.yml: avoid installing submodules + + They are not necessary for building and testing the basic + test suite. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Jan 23 20:42:34 2019 +0100 + + update on "Fix gnutls.pc for multiarch builds" + + This replaces LTLIBUNISTRING with LIBUNISTRING in Makefile.am. + The former is no longer produced by configure.ac. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Tim Rühsen +Date: Wed Jan 23 15:13:12 2019 +0100 + + set_ciphersuite_list(): Use linear approach to cleanup priorities + + Signed-off-by: Tim Rühsen + +Author: Daiki Ueno +Date: Tue Jan 22 15:47:39 2019 +0100 + + tests: check record_size_limit is reset after resumption + + Signed-off-by: Daiki Ueno + +Author: Daiki Ueno +Date: Sat Jan 19 10:31:52 2019 +0100 + + constate: don't restore max_record_recv_size from resumed data + + Signed-off-by: Daiki Ueno + +Author: Daiki Ueno +Date: Thu Jan 17 17:50:49 2019 +0100 + + ext/record_size_limit: mark it as mandatory extension + + In a resuming session record_size_limit is always renegotiated, and + thus the server should parse the extension always. + + Signed-off-by: Daiki Ueno + +Author: Daiki Ueno +Date: Thu Jan 17 11:52:50 2019 +0100 + + ext/record_size_limit: reject too large extension payload + + Signed-off-by: Daiki Ueno + +Author: Nikos Mavrogiannopoulos +Date: Sat Jan 5 14:12:46 2019 +0100 + + gnutls-serv: improvements in UDP server + + This modifies the server to deinitialize the session after use + (avoiding leaks), and to only send the hello verify request when + a client hello is seen. + + This also adds a basic unit test of gnutls-serv with the --udp option. + + Resolves #632 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Fabrice Fontaine +Date: Wed Jan 23 13:36:23 2019 +0100 + + configure.ac: add comment for -latomic + + Signed-off-by: Fabrice Fontaine + +Author: Nikos Mavrogiannopoulos +Date: Wed Jan 23 08:42:54 2019 +0100 + + tests: added tests for multiple ticket reception + + This introduces tests for the reception (parsing) of multiple tickets + by a gnutls client. It uses the tlslite-ng server because unlike a gnutls + server, tlslite-ng does send multiple tickets in a single record. That + way we test that we can parse both ways of sending tickets. + + Resolves: #511 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Tim Rühsen +Date: Wed Jan 23 11:45:39 2019 +0100 + + Update gnulib + + Closes #653 (printf %n crashes on Android) + + Signed-off-by: Tim Rühsen + +Author: Nikos Mavrogiannopoulos +Date: Mon Jan 21 20:53:06 2019 +0100 + + gnutls_alert_send_appropriate: do not send alert to peer on all errors + + That is, do not send alerts for success, or for errors indicating that + an alert has been received. This changes the documented function behavior + but does not break any existing caller expectations. + + Relates: #672 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Jan 21 20:33:00 2019 +0100 + + gnutls_pkcs11_privkey_import_url: enable RSA-PSS only when an RSA key can sign + + In gnutls_pkcs11_privkey_import_url() we only enabled RSA-PSS functionality to + the key if the CKM_RSA_PKCS_PSS mechanism is available to the token. However, + if the specific key is not marked for use with digital signatures (CKA_SIGN + set), then we may have still ended-up using it and fail when using it. We + now test whether CKA_SIGN is set prior to enabling such keys for PSS. + + Resolves: #667 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Jan 21 20:56:10 2019 +0100 + + alert: associate unsupported curve alerts with handshake failure + + Resolves: #672 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Tim Rühsen +Date: Thu Jan 10 14:53:32 2019 +0100 + + Check for Signed-off-by: in CI + + Signed-off-by: Tim Rühsen + +Author: Tim Rühsen +Date: Sun Jan 20 12:00:07 2019 +0100 + + Avoid excessive CPU usage in gnutls_idna_map() + + Signed-off-by: Tim Rühsen + +Author: Tim Rühsen +Date: Sat Jan 19 18:19:42 2019 +0100 + + Fix uninitialized variable in tests/x509dn.c + + Signed-off-by: Tim Rühsen + +Author: Tim Rühsen +Date: Sat Jan 19 18:04:31 2019 +0100 + + crypto-selftests.c: Fix checking return value + + Signed-off-by: Tim Rühsen + +Author: Nikos Mavrogiannopoulos +Date: Fri Jan 11 07:23:40 2019 +0100 + + auto-generate the AUTHORS file + + The original file was unmaintained since long time. This is now + auto-generated from the git shortlog, at release time. + + Relates: #606 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Fabrice Fontaine +Date: Thu Jan 17 13:24:04 2019 +0100 + + configure.ac: check if libatomic is needed + + gnutls source code uses the C++11 functionality since + https://github.com/gnutls/gnutls/commit/7978a733460f92b31033affd0e487c86d66c643d, + which internally is implemented using the __atomic_*() gcc built-ins + + On certain architectures, the __atomic_*() built-ins are implemented in + the libatomic library that comes with the rest of the gcc runtime. Due + to this, code using might need to link against libatomic, + otherwise one hits build issues such as: + + ../lib/.libs/libgnutls.so: undefined reference to `__atomic_fetch_sub_4' + + on an architecture like SPARC. + + To solve this, a configure.ac check is added to know if we need to + link against libatomic or not. The library is also added to gnutls.pc. + + Fixes: + - http://autobuild.buildroot.org/results/6c749bd592ceffeacadd2ab570d127936cce64b2 + - http://autobuild.buildroot.org/results/30aa83d3cf3482af8a59250c196c85f4a278d343 + + Signed-off-by: Fabrice Fontaine + +Author: Tim Rühsen +Date: Thu Jan 17 10:22:45 2019 +0100 + + Fix gnutls.pc for multiarch builds + + Signed-off-by: Tim Rühsen + +Author: Nikos Mavrogiannopoulos +Date: Mon Jan 14 10:56:27 2019 +0100 + + certtool: data encipherment is disabled by default + + For the TLS protocol this option is not necessary, and if enabled + by mistake (as default) and no other option is set, then the + generated key will be unusable. Thus we disable it, to generate + working keys by default. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Jan 10 19:23:12 2019 +0100 + + .travis.yml: use ./bootstrap instead of make autoreconf + + The latter is no longer available after the removal of + GNUMakefile. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Jan 10 07:56:17 2019 +0100 + + The flag %NO_EXTENSIONS is disabling extension support while being functional + + That is, the %NO_EXTENSIONS option is the only documented way to disable + extensions completely from a session. Clarify that message, mention that + its behavior is undefined when combine with TLS1.3, and make sure that it + is functional. The latter makes sure that safe renegotiation and extended + master secret extensions remain disabled when this flag is given. + + That simplifies testing certain scenarios under TLS1.0 or TLS1.1 when + no extensions must be used. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Jan 8 12:26:19 2019 +0100 + + When sending no extensions do not include a zero length + + According to RFC5246: + The presence of extensions can be detected by determining whether + there are bytes following the compression_method field at the end of + the ServerHello. + + and as such we correct our behavior to not send the zero length bytes. + This was our behavior in 3.5.x and 3.3.x branch, and thus this corrects + a regression of gnutls with these branches. + + Signed-off-by: Nikos Mavrogiannopoulos + Signed-off-by: David Woodhouse + +Author: Nikos Mavrogiannopoulos +Date: Tue Jan 8 19:37:49 2019 +0000 + + Avoid calling sign_algorithm_get_name() when we already have pointer to the algorithm. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Daiki Ueno +Date: Wed Jan 2 13:21:49 2019 +0100 + + tls-sig: check RSA-PSS signature key compatibility also in TLS 1.2 + + This extends commit 51d21634 to cover the optional TLS 1.2 cases, + which RFC 8446 4.2.3 suggests: "Implementations that advertise support + for RSASSA-PSS (which is mandatory in TLS 1.3) MUST be prepared to + accept a signature using that scheme even when TLS 1.2 is negotiated". + + Signed-off-by: Daiki Ueno + +Author: Daiki Ueno +Date: Tue Jan 8 18:09:29 2019 +0100 + + tlsfuzzer: update to the latest upstream for the TLS 1.2 CV tests + + Signed-off-by: Daiki Ueno + +Author: Daiki Ueno +Date: Tue Jan 8 18:06:17 2019 +0100 + + alert: map GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM to illegal_parameter + + This alert is more appropriate according to the tlsfuzzer test: + https://github.com/tomato42/tlsfuzzer/commit/4b6a4aa8b00cf3f3bcb2388d1bfdad985610ed1d + + Signed-off-by: Daiki Ueno + +Author: Daiki Ueno +Date: Tue Jan 8 14:40:25 2019 +0100 + + Revert "build: remove src/*.bak from distribution" + + This reverts commit 9ba397aa841730e4824d2bf8537aa15e711ad9b3, as it + turned out to be not practical. See !862 for the discussion. + + Signed-off-by: Daiki Ueno + +Author: Nikos Mavrogiannopoulos +Date: Tue Jan 8 12:07:00 2019 +0100 + + _gnutls_hello_ext_set_datum: removed unnecessary remark [ci skip] + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Maks Naumov +Date: Tue Jan 8 00:05:23 2019 +0200 + + Fix _gnutls_write_new_general_name() result checking + +Author: Alon Bar-Lev +Date: Mon Jan 7 17:46:10 2019 +0200 + + build: install all m4 macros + + having all m4 macros in m4/ directory enables easier autoreconf process for + downstream as dependency programs that provide these macros are not required. + + both gtk-doc and guile requires huge dependency list, and currently are + required per any change (patch) in autotools. + + Signed-off-by: Alon Bar-Lev + +Author: Daiki Ueno +Date: Wed Jan 2 13:44:50 2019 +0100 + + ext/pre_shared_key: avoid unnecessary use of VLA for MSVC + + Suggested by Gisle Vanem in: + https://github.com/gnutls/gnutls/commit/fd8c1ec8fe155861dffa28811127f101b6697b4b#r31802648 + + Signed-off-by: Daiki Ueno + +Author: Tim Rühsen +Date: Fri Jan 4 09:47:24 2019 +0100 + + Fix typos in lib/ + + Signed-off-by: Tim Rühsen + +Author: Tim Rühsen +Date: Thu Jan 3 16:36:17 2019 +0100 + + Unroll MinGW CI runner commands + + Signed-off-by: Tim Rühsen + +Author: Nikos Mavrogiannopoulos +Date: Thu Jan 3 09:51:34 2019 +0100 + + tests: treat all signals as error + + Previously we were only treating SIGSEGV as error though there is + no reason to treat other signals as success and they may hide an + actual error case (e.g., when SIGPIPE is received). With this change we + treat any signals received by the child except SIGTERM as error, and + we ensure that SIGPIPE is ignored in all tests. + + This also updates tests/slow/cipher-api-test.c to test failures with + SIGABRT or otherwise consistently. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Jan 4 14:48:26 2019 +0100 + + Revert "verify-high2: Fix cert dir iteration on Win32" + + This was failing CI (x509cert-tl) but was not detected due to + a bug. + + This reverts commit 362a0c30b79ccede7e5bc3a7747c3e7f1d30889a. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Marga Manterola +Date: Thu Jan 3 17:57:29 2019 +0000 + + Fix typo when checking for ed25519 support + +Author: Tim Rühsen +Date: Tue Jan 1 14:26:04 2019 +0100 + + Fix typos in doc/ + + Signed-off-by: Tim Rühsen + +Author: Nikos Mavrogiannopoulos +Date: Thu Jan 3 09:13:56 2019 +0100 + + _gnutls13_handshake_sign_data: properly fail on signing error + + When signing failed, gnutls would return an invalid signed message + (with no data) instead of failing. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Tim Rühsen +Date: Wed Jan 2 10:29:48 2019 +0100 + + Fix 'make distcheck' + + The following error will be fixed: + + ERROR: files left in build directory after distclean: + ./tests/softhsm-privkey-eddsa-test.config + make[1]: *** [Makefile:1833: distcleancheck] Error 1 + + Signed-off-by: Tim Rühsen + +Author: Tim Rühsen +Date: Wed Jan 2 10:22:26 2019 +0100 + + Remove auto-generated gnulib files from repo + + Bootstrapping with latest gnulib updated both files, + so they are obviously auto-generated files which do not + belong into the repository. + + Signed-off-by: Tim Rühsen + +Author: Tim Rühsen +Date: Wed Jan 2 10:02:11 2019 +0100 + + Update required autoconf version to 2.63 + + This fixes the bootstrap error with the latest gnulib: + + gnulib/gnulib-tool: *** minimum supported autoconf version is 2.63. Try adding AC_PREREQ([2.63]) to your configure.ac. + gnulib/gnulib-tool: *** Stop. + ./bootstrap: gnulib-tool failed + + Signed-off-by: Tim Rühsen + +Author: Tim Rühsen +Date: Wed Jan 2 09:56:42 2019 +0100 + + Update gnulib + + This fixes the following 'make syntax-check' failure: + + maint.mk: out of date copyright in ./gnulib/lib/version-etc.c; update it + make: *** [maint.mk:1199: sc_copyright_check] Error 1 + + Signed-off-by: Tim Rühsen + +Author: Tim Rühsen +Date: Wed Jan 2 09:49:19 2019 +0100 + + Update copyright year in doc/gnutls.texi + + This fixes the following error of 'make syntax-check': + + maint.mk: out of date copyright in doc/gnutls.texi; update it + make: *** [maint.mk:1201: sc_copyright_check] Error 1 + + Signed-off-by: Tim Rühsen + +Author: Nikos Mavrogiannopoulos +Date: Sun Dec 30 16:25:08 2018 +0100 + + examples: ignore GNUTLS_E_AGAIN or INTERRUPTED errors + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sun Dec 30 16:00:43 2018 +0100 + + examples: use a valid DNS name + + This prevents a gnutls server from sending an unexpected message + alert due to invalid DNS name encoding, if the example is not modified. + + Resolves: #663 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Tim Rühsen +Date: Sat Dec 29 19:16:57 2018 +0100 + + Fix OSS-Fuzz build + + Signed-off-by: Tim Rühsen + +Author: Dmitry Eremin-Solenikov +Date: Tue Dec 25 14:44:11 2018 +0300 + + tests: cipher-openssl-compat: don't call EVP_CIPHER_CTX_init() + + There is no need to call EVP_CIPHER_CTX_init() after + EVP_CIPHER_CTX_new(). + + Fixes #658 + + Signed-off-by: Dmitry Eremin-Solenikov + +Author: Dmitry Eremin-Solenikov +Date: Tue Dec 25 14:43:56 2018 +0300 + + tests: cipher-openssl-compat: don't fail if OpenSSL doesn't provide cipher + + LibreSSL does not provide ChaCha20-Poly1305 through EVP_CIPHER + interface, so let's skip the test if cipher is not available. + + Signed-off-by: Dmitry Eremin-Solenikov + +Author: Nikos Mavrogiannopoulos +Date: Thu Dec 20 17:49:21 2018 +0100 + + gnutls_pubkey_import_ecc_raw: set the public key bits + + This sets the number of key bits once an ECC key is imported. + + Resolves #640 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Dec 21 07:58:24 2018 +0100 + + GNUTLS_X509_NO_WELL_DEFINED_EXPIRATION: deprecated + + This removes the documented use of this macro. It was non-functional. + Given the nature of the definition of the non-well defined date for + certificates, it may be wise not to use a special macro at all. The + reason is that the no-well defined date is a real date (~year 9999), + and any approximation with seconds will be unstable due to irregular + leap seconds. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Dec 21 07:54:40 2018 +0100 + + gnutls-cli-debug: removed unused variable + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Hugo Beauzée-Luyssen +Date: Mon Dec 17 11:37:12 2018 +0100 + + win32: Check that CertOpenStore is behaving as CertOpenSystemStore + + The test isn't located in tests/windows since we need the actual + libcrypt32 implementations. + +Author: Tim Rühsen +Date: Thu Dec 20 16:33:34 2018 +0100 + + testrandom.sh: Fix endless loop + + Signed-off-by: Tim Rühsen + +Author: Nikos Mavrogiannopoulos +Date: Wed Dec 19 09:41:41 2018 +0100 + + vasprintf: use from gnulib; don't bundle twice + + Relates #653 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Hugo Beauzée-Luyssen +Date: Thu Dec 13 17:31:29 2018 +0100 + + win32: Use CertOpenStore instead of CertOpenSystemStore + + CertOpenSystemStore is not available when building for windows store. + Both functions are available since windows XP, so there is no + compatibility change. + CertOpenSystemStore documentation states "Only current user certificates + are accessible using this method, not the local machine store." hence we + pass CERT_SYSTEM_STORE_CURRENT_USER. + We also use the wide chars variants, in the event the ansi ones are + silently rejected by windows store applications (which is not + documented, but which I strongly suspect) + This is equivalent to Wine's implementation of CertOpenSystemStore: + https://github.com/wine-mirror/wine/blob/master/dlls/crypt32/store.c#L904 + +Author: Hugo Beauzée-Luyssen +Date: Tue Dec 4 15:18:36 2018 +0100 + + keys-win: Disable private key import on windows store + + Windows store drastically limits the available functions. + In this case, at least CryptSetProvParam and the NCrypt* functions + can't be used + + Signed-off-by: Hugo Beauzée-Luyssen + +Author: Hugo Beauzée-Luyssen +Date: Tue Dec 4 13:22:52 2018 +0100 + + verify-high2: Fix cert dir iteration on Win32 + + And especially when building for windows store, which only allows + unicode version of opendir & friends functions. + +Author: Hugo Beauzée-Luyssen +Date: Tue Dec 4 11:53:48 2018 +0100 + + lib: Don't hardcode LoadLibraryA + + Those functions are forbidden when building for Windows Store + + Signed-off-by: Hugo Beauzée-Luyssen + +Author: Tim Rühsen +Date: Tue Dec 18 16:27:29 2018 +0100 + + .gitlab-ci.yml: Remove assert in gl/tests/test-strerror.c + + A bug made our CI cross builds fail. + See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=916779 + + Signed-off-by: Tim Rühsen + +Author: Tim Rühsen +Date: Fri Nov 16 16:22:10 2018 +0100 + + tests/cert-tests/certtool-eddsa: Increase portability (fix for busybox) + + Signed-off-by: Tim Rühsen + +Author: Tim Rühsen +Date: Fri Nov 16 16:20:17 2018 +0100 + + tests/cert-tests/certtool: SKIP if --disable-bash-tests was given + + Signed-off-by: Tim Rühsen + +Author: Tim Rühsen +Date: Fri Nov 16 16:13:31 2018 +0100 + + tests/cert-tests/pkcs12-utf8: Use /bin/sh instead of bash + + Signed-off-by: Tim Rühsen + +Author: Tim Rühsen +Date: Fri Nov 16 16:12:31 2018 +0100 + + tests/cert-tests/pkcs12-corner-cases: Increase portability (fix for busybox) + + Signed-off-by: Tim Rühsen + +Author: Tim Rühsen +Date: Fri Nov 16 16:11:53 2018 +0100 + + tests/cert-tests/certtool-ecdsa: Increase portability (fix for busybox) + + Signed-off-by: Tim Rühsen + +Author: Tim Rühsen +Date: Fri Nov 16 16:06:18 2018 +0100 + + tests/cert-tests/pem-decoding: Increase portability (fix for busybox) + + Signed-off-by: Tim Rühsen + +Author: Tim Rühsen +Date: Fri Nov 16 13:28:26 2018 +0100 + + tests/cert-tests/certtool-crl-decoding: Increase portability (fix for busybox) + + Signed-off-by: Tim Rühsen + +Author: Tim Rühsen +Date: Fri Nov 16 12:34:01 2018 +0100 + + tests/long-crl.sh: Increase portability (fix for busybox) + + Signed-off-by: Tim Rühsen + +Author: Tim Rühsen +Date: Fri Nov 16 12:14:27 2018 +0100 + + tests/gnutls-cli-debug.sh: Remove bashisms + + Signed-off-by: Tim Rühsen + +Author: Tim Rühsen +Date: Fri Nov 23 19:58:49 2018 +0100 + + tests/scripts/common.sh: Add check_if_equal() + + Signed-off-by: Tim Rühsen + +Author: Tim Rühsen +Date: Fri Nov 16 12:08:06 2018 +0100 + + tests/scripts/common.sh: Make random port value work on busybox + + On busybox 'date +%N' returns an empty value. + On 'dash' (Debian shell) $RANDOM doesn't work. + + This commit works first tries $RANDOM and then falls back to 'date +%N'. + + Signed-off-by: Tim Rühsen + +Author: Nikos Mavrogiannopoulos +Date: Sat Dec 15 22:14:18 2018 +0100 + + doc: minor fixes [ci skip] + + Created NEWS entry for 3.6.6 and unified the listing of gnutls_init_flags_t + items. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Peter Wu +Date: Sat Dec 15 22:01:10 2018 +0100 + + pkcs11: fix memleak in gnutls_pkcs11_token_get_ptr + + find_token_modname_cb uses p11_kit_config_option to retrieve the module + name, but its return value (stored in tn.modname) must be freed. + +Author: Tom Vrancken +Date: Sat Aug 26 14:22:44 2017 +0200 + + Implemented support for raw public-key functionality (RFC7250). + + Signed-off-by: Tom Vrancken + +Author: Hugo Beauzée-Luyssen +Date: Thu Dec 13 11:00:03 2018 +0100 + + configure.ac: Always enable unicode support on windows + +Author: Peter Wu +Date: Thu Nov 29 18:21:22 2018 +0100 + + pkcs11: fix memleak when querying for GNUTLS_PKCS11_TOKEN_MODNAME + + find_token_modname_cb uses p11_kit_config_option to retrieve the module + name, but its return value must be free'd. + + Other fixes: + - Do not silently truncate the output buffer, return an error instead. + - If the module name is unavailable, do not write "(null)" to the + output. Write an empty string instead. + - The module path can be of arbitrary length, so passing output=NULL to + learn the length seems reasonable, except that snprintf crashed on a + NULL pointer dereference. + + Fixes: 241f9f0b1 ("Added GNUTLS_PKCS11_TOKEN_MODNAME for gnutls_pkcs11_token_get_info") + Signed-off-by: Peter Wu + +Author: Peter Wu +Date: Thu Nov 29 18:43:39 2018 +0100 + + pkcs11: clarify gnutls_pkcs11_*_get_info output_size + + It was not clear whether @output_size contains the actual string length + or the buffer length (including null terminator). + + Signed-off-by: Peter Wu + +Author: Tim Rühsen +Date: Thu Nov 15 10:44:20 2018 +0100 + + build: remove src/*.bak from distribution + + Instead, include the autogen-generated *.c, *.h and the stamp files in + the distribution. + + To prevent the bundled files being linked with incompatible autogen + libopts, this adds an extra check in configure. If the detected + system libopts version is too old, it will use the included libopts + implementation. + + Signed-off-by: Tim Rühsen + Signed-off-by: Daiki Ueno + +Author: Nikos Mavrogiannopoulos +Date: Wed Dec 12 09:48:01 2018 +0100 + + GNUTLS_PCERT_NO_CERT: marked as unused/ignored + + This flag was already a no-op. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Dec 11 09:34:22 2018 +0100 + + srp/psk: update recommendations for usernames [ci skip] + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Dec 12 06:15:25 2018 +0100 + + doc: include PSK examples into documentation + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Daiki Ueno +Date: Thu Dec 6 14:59:30 2018 +0100 + + tlsfuzzer: update to the latest upstream to eanble CCS tests + + Signed-off-by: Daiki Ueno + +Author: Tim Rühsen +Date: Tue Dec 4 17:15:02 2018 +0100 + + Fix gnutls_handshake_set_timeout() for values < 1000 + + handshake-timeout.c now tests for <1000ms timeout and for >=1000ms + timeout. The test duration decreased from 45s to 1.2s. + + Signed-off-by: Tim Rühsen + +Author: Daiki Ueno +Date: Thu Nov 22 14:59:11 2018 +0100 + + record: make CCS handling stricter in TLS 1.3 + + In TLS 1.3, the change_cipher_spec messages received under the + following conditions should be treated as unexpected record type: + containing value other than 0x01, or received after the handshake. + + Signed-off-by: Daiki Ueno + +Author: Nikos Mavrogiannopoulos +Date: Wed Dec 5 14:44:23 2018 +0100 + + bootstrap: only update the required submodules for building + + Although we have few submodules they are not all required for + building and testing. This patch modified bootstrap.conf not + to update all of them, but only the necessary for building and + testing. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Andreas Metzler +Date: Sat Dec 1 13:26:20 2018 +0100 + + Fix error message on old or missing nettle. + + Signed-off-by: Andreas Metzler + +Author: Nikos Mavrogiannopoulos +Date: Sat Dec 1 06:04:45 2018 +0100 + + released 3.4.1 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Simo Sorce +Date: Wed Oct 3 13:12:38 2018 -0400 + + Constant time/cache PKCS#1 RSA decryption + + This patch tries to make the code have the same time and memory access + aptterns across all branches of the decryption function so that timining + or cache side channels are minimized or neutralized. + + To do so it uses a new nettle rsa decryption function that is + side-channel silent. + + Signed-off-by: Simo Sorce + +Author: Nikos Mavrogiannopoulos +Date: Wed Nov 28 16:00:34 2018 +0100 + + Added test about rsa decryption under pkcs11 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Nov 30 10:28:28 2018 +0100 + + gnutls_x509_crt_set_expiration_time: fixed documentation [ci skip] + + Fixed the documentation of the function to reflect reality. + This function did not accept the GNUTLS_X509_NO_WELL_DEFINED_EXPIRATION + macro. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Nov 30 08:49:50 2018 +0100 + + NEWS: updated [ci skip] + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Nov 30 08:44:35 2018 +0100 + + bumped version + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Dmitry Eremin-Solenikov +Date: Thu Nov 29 06:05:22 2018 +0300 + + tests: attempt to fix test errors on Mac OS X + + It looks like Mac OS X's grep has issues with applying basic regexps + with alternation operator inside. Use several grep calls in pipeline to + achieve the same result. + + Signed-off-by: Dmitry Eremin-Solenikov + +Author: Dmitry Eremin-Solenikov +Date: Wed Nov 28 23:39:32 2018 +0300 + + travis: print logs for all failed tests + + Signed-off-by: Dmitry Eremin-Solenikov + +Author: Dmitry Eremin-Solenikov +Date: Wed Nov 28 14:10:35 2018 +0300 + + lib: fix pkcs11 using defines from PKCS#11 3.0 for EdDSA + + pkcs11 support code uses several definitions from forthcoming PKCS#11 + standard version. Older p11-kit versions do not provide these + definitions. Detect and disable code supporting EdDSA if compiling + GnuTLS with older p11-kit library. + + Closes #626 + + Signed-off-by: Dmitry Eremin-Solenikov + Fixes: 88377775a3eff679a9ec60ab9bfc6b3c683a0407 + Signed-off-by: Dmitry Eremin-Solenikov + +Author: Nikos Mavrogiannopoulos +Date: Wed Nov 28 20:08:29 2018 +0100 + + CONTRIBUTING.md: specify rules for static/inline functions [ci skip] + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Nov 22 17:36:17 2018 +0100 + + CONTRIBUTING.md: proposal for new features/modifications approach [ci skip] + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Nov 21 21:09:33 2018 +0100 + + CONTRIBUTING.md: added proposal on commenting style [ci skip] + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Dmitry Eremin-Solenikov +Date: Wed Nov 28 16:03:59 2018 +0300 + + tests: fix crl test under MinGW32/64 + + Use --outfile instead of output redirection to stop CR from sneaking + into temp file. Extra CR symbols make grep choke on that file. + + Signed-off-by: Dmitry Eremin-Solenikov + +Author: Stephan Mueller +Date: Tue Nov 27 22:27:26 2018 +0100 + + DRBG: Use ACVP validated test vector in self test + + Due to removing all of the FIPS 140-2 continuous self test leftovers, + the DRBG test vector must be updated as the very first DRBG block is not + dropped any more. + + The test complies with the CAVP test definition specified in "The + NIST SP 800-90A Deterministic Random Bit Generator Validation + System (DRBGVS)" section 6.2. + + The test vector is obtained during a successful trial run using the + NIST ACVP server. The following registration was used to generate the + test vector: + + { + "algorithm":"ctrDRBG", + "prereqVals":[ + { + "algorithm":"AES", + "valValue":"same" + } + ], + "predResistanceEnabled":[ + false + ], + "reseedImplemented":true, + "capabilities":[ + { + "mode":"AES-256", + "derFuncEnabled":false, + "entropyInputLen":[ + 384 + ], + "nonceLen":[ + 0 + ], + "persoStringLen":[ + 0, + 256 + ], + "additionalInputLen":[ + 0, + 256 + ], + "returnedBitsLen":512 + } + ] + }, + + Signed-off-by: Stephan Mueller + +Author: Nikos Mavrogiannopoulos +Date: Tue Nov 27 13:47:46 2018 +0100 + + Fix session description info printing + + This fixes a truncation issue in session description information printing + for certain ciphersuites, and adds a limited testing of expected description + strings for certain ciphersuites. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Nov 20 11:30:22 2018 +0100 + + Prevent applications from combining legacy versions of TLS with TLS1.3 + + It can happen that an application due to a misconfiguration, enables TLS1.3 + in combination with TLS1.0 or TLS1.1 only. In that case a server which is + unaware of the TLS1.3 protocol will reply by selecting the TLS1.2 protocol + instead and that answer will be rejected by the client. With this change + we ensure that TLS1.3 is not enabled in these problematic scenarios. + + Resolves: #621 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Dmitry Eremin-Solenikov +Date: Wed Nov 21 18:35:07 2018 +0300 + + cert-tests: verify --no-text switch for pkcs7/pkcs12 info + + Signed-off-by: Dmitry Eremin-Solenikov + +Author: Dmitry Eremin-Solenikov +Date: Fri Nov 16 03:46:52 2018 +0300 + + certtool: don't output textual information if --no-text was given + + Disable text output if --no-text option was given for --p7-info and + --p12-info. + + Signed-off-by: Dmitry Eremin-Solenikov + +Author: Dmitry Eremin-Solenikov +Date: Wed Nov 21 20:05:20 2018 +0300 + + certtool: don't output pkcs12 information to stderr + + Print all pkcs12-info output to outfile, rather than stderr. + + Signed-off-by: Dmitry Eremin-Solenikov + +Author: Dmitry Eremin-Solenikov +Date: Wed Nov 21 18:35:07 2018 +0300 + + cert-tests: verify --no-text switch for cert/crq/pub/privkeys + + Signed-off-by: Dmitry Eremin-Solenikov + +Author: Dmitry Eremin-Solenikov +Date: Fri Nov 16 03:46:52 2018 +0300 + + certtool: don't output textual information if --no-text was given + + Change privkey/certificate/CRL/CSR handling to disable text output if + --no-text option was given. + + Closes #487 + + Signed-off-by: Dmitry Eremin-Solenikov + +Author: Stefan Berger +Date: Mon Nov 19 11:47:45 2018 -0500 + + tests: tpm: Use kill_proc to terminate a process + + Use kill_proc to terminate a process by first sending it SIGTERM, + waiting max. 1 second and then use SIGKILL. + + Signed-off-by: Stefan Berger + +Author: Stefan Berger +Date: Mon Nov 19 11:19:53 2018 -0500 + + tests: tpm: Redirect help screen output to stdout + + The dash shell doesn't seem to understand &>/dev/null, so use + >/dev/null to quiet down the help screen check. + + Signed-off-by: Stefan Berger + +Author: Daiki Ueno +Date: Sat Nov 24 16:59:12 2018 +0100 + + doc: suggest to check max_early_data_size before sending early data + + Signed-off-by: Daiki Ueno + +Author: Daiki Ueno +Date: Thu Nov 22 14:59:54 2018 +0100 + + tests: resume: suppress compiler warnings + + Signed-off-by: Daiki Ueno + +Author: Stephan Mueller +Date: Sun Nov 25 13:46:44 2018 +0100 + + DRBG: Remove all traces of FIPS 140-2 continuous self test + + The removal allows the CAVS / ACVP test required for a successful FIPS + 140-2 validation to pass. + + Signed-off-by: Stephan Mueller + +Author: Daiki Ueno +Date: Thu Nov 22 15:04:00 2018 +0100 + + .gitignore: ignore more files and sort them alphabetically + + Signed-off-by: Daiki Ueno + +Author: Tim Rühsen +Date: Sat Nov 24 15:58:48 2018 +0100 + + bootstrap.conf: add "autogen" to buildreq + + Signed-off-by: Tim Rühsen + +Author: Daiki Ueno +Date: Sat Nov 24 15:57:11 2018 +0100 + + build: fix srcdir detection when VPATH build + + Unlike the ".c.c.bak:" and ".h.h.bak:" rules, ".def.stamp:" needs this + adjustment because the source files (*.bak) are not provided as $<. + + Signed-off-by: Daiki Ueno + +Author: Daiki Ueno +Date: Sat Nov 24 16:00:48 2018 +0100 + + tests: remove unnecessary session creation in tls13/anti_replay + + This test only checks the behavior of _gnutls_anti_replay_check, thus + session is not needed at all. + + Signed-off-by: Daiki Ueno + +Author: Nikos Mavrogiannopoulos +Date: Wed Nov 21 21:09:55 2018 +0100 + + doc: corrected typos [ci skip] + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Nov 19 14:16:50 2018 +0100 + + tests: added test for RSA decryption under gnutls_privkey_import_ext4 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Nov 19 14:07:39 2018 +0100 + + crypto-self-tests-pk: added RSA-PSS sign/verify tests + + This also corrects the GOST R 34.10-2012-512-TC26-512-A self + test. + + Relates: #597 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Nov 16 21:04:49 2018 +0100 + + tests: added TLS1.3 tests for PKCS#11 and external key types + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Simo Sorce +Date: Thu Oct 25 10:03:01 2018 -0400 + + Add support for EDDSA/Ed25519 object support via PKCS#11 + + Tested with softHSM 2.5.0 + + Resolves #417 + + Signed-off-by: Simo Sorce + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Simo Sorce +Date: Thu Oct 25 10:44:14 2018 -0400 + + Fix RSA-PSS tests to properly return skip value + + Signed-off-by: Simo Sorce + +Author: Nikos Mavrogiannopoulos +Date: Sun Nov 18 20:22:08 2018 +0100 + + gnutls_certificate_type_get*: updated documentation to list limitations + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Nov 19 06:50:55 2018 +0100 + + tests: resume: use spaces around '?' and ':' according to coding style + + Also set a link to the kernel coding style in CONTRIBUTIONS.md + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Nov 14 15:20:08 2018 +0100 + + gnutls_certificate_type_get*: ensure that the default type is returned + + That is, ensure that unless we negotiate something else than + X509, the default certificate type is returned to applications. + Previously we wouldn't do that for TLS1.3 resumed sessions, and + we would return zero (invalid type) instead. + + That addresses issues with applications checking explicitly + for X509 certificate type being present. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Daiki Ueno +Date: Fri Nov 16 16:13:31 2018 +0100 + + tests/tls13-early-data: check if max_early_data_size is advertised + + Signed-off-by: Daiki Ueno + +Author: Daiki Ueno +Date: Fri Nov 16 14:25:49 2018 +0100 + + serv: add --maxearlydata option + + Also exercise this in testcompat-tls13-openssl.sh. + + Signed-off-by: Daiki Ueno + +Author: Daiki Ueno +Date: Sun Nov 18 05:47:08 2018 +0100 + + record: gnutls_record_send_early_data: check the upper limit + + Signed-off-by: Daiki Ueno + +Author: Daiki Ueno +Date: Fri Nov 16 16:12:13 2018 +0100 + + tls13/session_ticket: fix "max_early_data_size" extension handling + + session->security_parameters.max_early_data_size is initially set to 0. + + Signed-off-by: Daiki Ueno + +Author: Nikos Mavrogiannopoulos +Date: Sat Nov 17 19:30:20 2018 +0100 + + update documentation on GNUTLS_AUTO_REAUTH and gnutls_record_get_direction [ci skip] + + That clarifiesthe intention, and adds warning of using this flag when + multiple threads are involved. Based on suggestion by Michael Catanzaro. + + Relates: #615 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Nov 16 21:16:33 2018 +0100 + + .gitlab-ci.yml: run coverage build over fedora + + This will include the TPM subsystem in the coverage report. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Stefan Berger +Date: Fri Nov 16 10:47:23 2018 -0500 + + tests: tpm: Extend test case to not use --register + + Extend the tpmtool test case to also test without the --register + parameter. + + Signed-off-by: Stefan Berger + +Author: Stefan Berger +Date: Wed Nov 14 10:07:08 2018 -0500 + + tests: tpm: Add a test case for tpmtool + + This test case exercises tpmtool and uses certtool to create a + self-signed certificate with the TPM. It uses swtpm as TPM emulator and + configures tcsd to talk to swtpm. + + Extend the Readme.md with the packages needed for TPM support and TPM test + support. + + This test case needs to be run as root since tcsd needs to be started + as root. + + Signed-off-by: Stefan Berger + +Author: Stefan Berger +Date: Fri Nov 16 06:48:01 2018 -0500 + + .gitlab-ci.yml: copy the log files of minimal.Fedora to the gitlab server + + Signed-off-by: Stefan Berger + +Author: Stefan Berger +Date: Thu Nov 15 19:55:02 2018 -0500 + + lib: tpm: Fix a memory leak + + Signed-off-by: Stefan Berger + +Author: Dmitry Eremin-Solenikov +Date: Fri Nov 16 03:38:38 2018 +0300 + + doc: mention GOST private key unmasking and additional format support + + Signed-off-by: Dmitry Eremin-Solenikov + +Author: Dmitry Eremin-Solenikov +Date: Tue Nov 13 11:25:17 2018 +0300 + + cert-tests: test parsing and decoding of GOST private keys + + Add a test for parsing and decoding GOST private keys in different + formats, incuding encrypted keys. + + Signed-off-by: Dmitry Eremin-Solenikov + +Author: Dmitry Eremin-Solenikov +Date: Tue Nov 13 11:23:37 2018 +0300 + + certtool: support --pkcs-cipher none + + If password is specified on command line currently certtool will always + output encrypted pkcs8 file. Add `--pkcs-cipher none' allowing one to + force certtool to output unencrypted private keys. + + Signed-off-by: Dmitry Eremin-Solenikov + +Author: Dmitry Eremin-Solenikov +Date: Tue Nov 13 03:02:35 2018 +0300 + + nettle/gost: gostdsa: use size_t instead of mp_limb_t + + Use size_t for size variables instead of mp_limb_t (data type rather + than size type). + + Signed-off-by: Dmitry Eremin-Solenikov + +Author: Dmitry Eremin-Solenikov +Date: Tue Nov 13 02:48:05 2018 +0300 + + pkcs8: support GOST keys without encapsulation + + Add support for yet another representation of GOST private keys: + LE-formatted number encoded into pkcs-8-PrivateKeyInfo.privateKey + without any additional encapsulation. + + Signed-off-by: Dmitry Eremin-Solenikov + +Author: Dmitry Eremin-Solenikov +Date: Tue Nov 13 02:47:39 2018 +0300 + + nettle: unmaks GOST private keys if necessary + + Signed-off-by: Dmitry Eremin-Solenikov + +Author: Dmitry Eremin-Solenikov +Date: Tue Nov 13 02:45:18 2018 +0300 + + nettle/gost: support GOST key unmasking + + New Russian reccomendation defines 'key masking' in the form of + several concatenated numbers, which must be multiplied modulo Q to get + private key. + + Signed-off-by: Dmitry Eremin-Solenikov + +Author: Stefan Berger +Date: Thu Nov 15 12:43:01 2018 -0500 + + tpmtool: Fix a memory leak related to TPM key list + + Signed-off-by: Stefan Berger + +Author: Nikos Mavrogiannopoulos +Date: Thu Nov 15 16:03:38 2018 +0100 + + updated auto-generated-files + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Nov 14 13:56:52 2018 +0100 + + anti_replay: moved new add function into anti_replay structure + + The new function was not sharing anything with the existing + gnutls_db_* backend, and moving it to anti_replay structure + is more clean and allows for deviations from the old API + conventions (e.g., now we can pass pointers for efficiency + and pass the expiration time as part of the call). + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Nov 13 22:49:26 2018 +0100 + + _gnutls_x509_read_eddsa_pubkey(): sanity check the input values + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Nov 13 09:24:06 2018 +0100 + + gnutls_x509_privkey_import_ecc_raw(): fail on invalid sizes + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sun Nov 11 08:25:56 2018 +0100 + + tests: verify whether certificate request levels behave consistently + + This verifies whether the behavior of GNUTLS_CERT_IGNORE, GNUTLS_CERT_REQUEST + and GNUTLS_CERT_REQUIRE is consistent accross protocols. + + Relates #615 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sun Nov 11 08:52:13 2018 +0100 + + doc: minor updates in elliptic curve documentation + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Nov 14 13:42:01 2018 +0100 + + tests: added a test for detecting duplicate early data + + Resolves #610 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Dmitry Eremin-Solenikov +Date: Wed Nov 14 01:43:05 2018 +0300 + + tests: add testfile from RFC4134 Section 4.5 + + Add test example demonstrating indefinite-length BER encoding of PKCS#7 + data. + + Signed-off-by: Dmitry Eremin-Solenikov + +Author: Dmitry Eremin-Solenikov +Date: Mon Nov 12 03:34:31 2018 +0300 + + pkcs7: allow BER encoding when parsing encapContentInfo.eContent + + CMS specification explicitly allows BER encoding in CMS files. RFC 4134 + example 4.5 uses BER indefinite encoding. + + Signed-off-by: Dmitry Eremin-Solenikov + +Author: Dmitry Eremin-Solenikov +Date: Wed Nov 14 01:49:08 2018 +0300 + + configure.ac: drop obsolete info line + + Since 4b567871 there is no `ac_enable_session_tickets` variable, so + let's drop obsolete remnants. + + Closes #616 + + Signed-off-by: Dmitry Eremin-Solenikov + Noted-by: Dilyan Palauzov + +Author: Daiki Ueno +Date: Tue Nov 13 10:07:09 2018 +0100 + + build: minor cleanup of mech-list.h generation + + Signed-off-by: Daiki Ueno + +Author: Daiki Ueno +Date: Tue Nov 13 10:02:17 2018 +0100 + + README-ci.freebsd.md: require autogen + + Signed-off-by: Daiki Ueno + +Author: Daiki Ueno +Date: Mon Nov 12 13:41:19 2018 +0100 + + build: remove autogen .bak files from the repository + + While the .bak files are necessary for not requiring autogen on + deployment environment, they are not needed for development and may + cause conflict when other developers use different version of + autogen. This removes those files from the repository and require + autogen at make dist time. + + Signed-off-by: Daiki Ueno + +Author: Daiki Ueno +Date: Mon Nov 12 15:48:44 2018 +0100 + + build: use suffix rules for generating .bak files + + Signed-off-by: Daiki Ueno + +Author: Daiki Ueno +Date: Mon Nov 12 15:48:14 2018 +0100 + + build: use AM_MISSING_PROG for autogen + + That makes error message more friendly when autogen is not installed + on developing environment. + + Signed-off-by: Daiki Ueno + +Author: Stefan Berger +Date: Mon Nov 12 09:20:44 2018 -0500 + + tpm: Fix memory leak in encode_tpmkey_url + + When returning the key URL in encode_tpm_key_url we do not need to allocate + a separate buffer for the URL since we return the allocated buffer from + _gnutls_buffer_to_datum(). + + Signed-off-by: Stefan Berger + +Author: Daiki Ueno +Date: Mon Oct 15 13:35:43 2018 +0200 + + doc: mention 0-RTT + + Signed-off-by: Daiki Ueno + +Author: Daiki Ueno +Date: Sun Oct 21 07:34:07 2018 +0200 + + serv: enable anti-replay when early data is used + + Signed-off-by: Daiki Ueno + +Author: Daiki Ueno +Date: Fri Oct 19 17:52:48 2018 +0200 + + TLS 1.3: implement anti-replay measure using ClientHello recording + + This implements ClientHello recording outlined in section 8.2 of RFC + 8446. + + Signed-off-by: Daiki Ueno + +Author: Daiki Ueno +Date: Thu Nov 1 15:37:42 2018 +0100 + + db: introduce gnutls_db_set_add_function + + This adds a way to store an entry if it is not found in the database, + so that the implementation can provide atomic test-and-set. + + Signed-off-by: Daiki Ueno + +Author: Daiki Ueno +Date: Thu Nov 8 17:54:11 2018 +0100 + + db: introduce gnutls_db_check_entry_expire_time + + This would be particularly useful when the same database is used to + store long-lived TLS 1.2 session data and short-lived TLS 1.3 + anti-replay entries. Note that the existing gnutls_db_check_entry + doesn't fit in this use-case, as it takes gnutls_session_t as the + argument. + + Signed-off-by: Daiki Ueno + +Author: Daiki Ueno +Date: Mon Oct 22 15:26:07 2018 +0200 + + tls13/session_ticket: record timestamp in ticket + + This is needed for implementing freshness checks outlined in 8.3 of + RFC 8446. + + Signed-off-by: Daiki Ueno + +Author: Daiki Ueno +Date: Thu Nov 8 15:46:42 2018 +0100 + + str: suppress compiler warning when time_t is 32-bit + + Signed-off-by: Daiki Ueno + +Author: Daiki Ueno +Date: Mon Oct 22 11:12:02 2018 +0200 + + testcompat-tls13-openssl: exercise early data transmission + + Signed-off-by: Daiki Ueno + +Author: Daiki Ueno +Date: Mon Oct 15 11:29:56 2018 +0200 + + tests: add tests for early data + + Signed-off-by: Daiki Ueno + +Author: Daiki Ueno +Date: Fri Oct 12 13:33:13 2018 +0200 + + cli: add --earlydata option + + Signed-off-by: Daiki Ueno + +Author: Daiki Ueno +Date: Fri Oct 12 13:33:00 2018 +0200 + + serv: add --earlydata option + + Signed-off-by: Daiki Ueno + +Author: Daiki Ueno +Date: Fri Oct 12 13:34:21 2018 +0200 + + record: introduce new API functions for early data + + This introduces gnutls_record_get_max_early_data_size(), + gnutls_record_send_early_data(), and gnutls_record_recv_early_data() + functions. + + Signed-off-by: Daiki Ueno + +Author: Daiki Ueno +Date: Fri Oct 12 11:45:59 2018 +0200 + + handshake: handle early data + + This plumbers early data handling in the handshake processes, which + consists of: + - traffic key updates taking into account of client_early_traffic_secret + - early data buffering in both server and client + - the EndOfEarlyData message handling + - making use of max_early_data_size extension in NewSessionTicket + + Signed-off-by: Daiki Ueno + +Author: Daiki Ueno +Date: Sun Oct 28 07:57:34 2018 +0100 + + session_pack: record max_early_data_size in session data + + max_early_data_size sent as part of NST should be recorded and + restored when the session data is set back on the session. + + Signed-off-by: Daiki Ueno + +Author: Daiki Ueno +Date: Sun Oct 28 07:57:57 2018 +0100 + + record: fix memleak when rejecting early data + + The "discard" label previously used assumes that the decrypted record + is already added to record_recv_buffer. It is not the case when + rejecting early data. Release the allocated memory manually and + return early. + + Signed-off-by: Daiki Ueno + +Author: Daiki Ueno +Date: Fri Oct 12 17:10:51 2018 +0200 + + constate: add epoch_rel argument to _gnutls_epoch_dup + + This is necessary for handling early data. Previously, + _gnutls_epoch_dup() copied the parameters from EPOCH_READ_CURRENT, + while the client only sets EPOCH_WRITE_CURRENT when sending early + data. This allows caller to specify from which epoch the parameters + are copied. + + Signed-off-by: Daiki Ueno + +Author: Daiki Ueno +Date: Fri Oct 12 11:29:57 2018 +0200 + + handshake: refactor early secret derivation + + Signed-off-by: Daiki Ueno + +Author: Daiki Ueno +Date: Fri Oct 5 10:41:23 2018 +0200 + + handshake: record transcript hash for ClientHello + + This is necessary to compute client_early_traffic_secret and + early_exporter_master_secret in TLS 1.3. + + Signed-off-by: Daiki Ueno + +Author: Daiki Ueno +Date: Fri Oct 5 11:13:24 2018 +0200 + + ext/pre_shared_key: use predefined macros for secret labels + + Signed-off-by: Daiki Ueno + +Author: Tim Rühsen +Date: Tue Nov 6 09:38:43 2018 +0100 + + Unconditionally include nettle/memxor.h + + Signed-off-by: Tim Rühsen + +Author: Nikos Mavrogiannopoulos +Date: Sat Nov 10 10:54:32 2018 +0100 + + gnutls-cli: use assert to mark impossible path + + This avoids static analyzers from complaining. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sat Nov 10 07:46:24 2018 +0100 + + pkcs12: cleanups, and two memory leak fixes + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Nov 9 07:44:02 2018 +0100 + + tls13: use system's openssl for interop testing + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Nov 9 20:11:42 2018 +0100 + + Added checks to avoid false negatives reported by static analyzers + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Dmitry Eremin-Solenikov +Date: Tue Nov 6 14:47:41 2018 +0300 + + src: update autogenerated .bak files + + Update files to include proper year, version, etc. + + Signed-off-by: Dmitry Eremin-Solenikov + +Author: Dmitry Eremin-Solenikov +Date: Tue Nov 6 14:42:56 2018 +0300 + + src: include .bak files in EXTRA_DIST + + Including .bak files in EXTRA_DIST allows us to stop hand-generating + these files in distribution. Instead they are directly copied from the + source tree. + + Signed-off-by: Dmitry Eremin-Solenikov + +Author: Dmitry Eremin-Solenikov +Date: Tue Nov 6 14:34:18 2018 +0300 + + src: update .bak files during -args.c/.h regeneration + + To ease updating of .bak files, update them when regenerating + Autogen'erated source files. + + Signed-off-by: Dmitry Eremin-Solenikov + +Author: Dmitry Eremin-Solenikov +Date: Tue Nov 6 12:01:49 2018 +0300 + + doc: fix texi generation in out-of-tree builds + + Signed-off-by: Dmitry Eremin-Solenikov + +Author: Dmitry Eremin-Solenikov +Date: Tue Nov 6 10:52:47 2018 +0300 + + src: mark autogen'ed sources as nodist_ + + Mark autogenerated sources as not distributable. We are distributing + .bak files instead. + + Signed-off-by: Dmitry Eremin-Solenikov + +Author: Dmitry Eremin-Solenikov +Date: Mon Nov 5 16:37:02 2018 +0300 + + Makefile.am: drop manpages regeneration from dist-hook + + There is no need anymore to regenerate tools manpages, they will be + generated automatically from doc/manpages/Makefile.am. + + Signed-off-by: Dmitry Eremin-Solenikov + +Author: Dmitry Eremin-Solenikov +Date: Mon Nov 5 16:22:25 2018 +0300 + + manpages: fix manpages distribution + + It seems that dist_man_MANS does not work properly with Automake + conditionals. Automake will not distribute files which are conditionally + disabled at this make run. As released tarballs include all manpages + already, let's include them unconditionally. + + Signed-off-by: Dmitry Eremin-Solenikov + +Author: Dmitry Eremin-Solenikov +Date: Mon Nov 5 15:02:50 2018 +0300 + + manpages: fix tools manpages generation + + Pass additional include path to let autogen find common arguments + template. + + Signed-off-by: Dmitry Eremin-Solenikov + +Author: Dmitry Eremin-Solenikov +Date: Mon Nov 5 14:53:46 2018 +0300 + + manpages: un-unroll the loop + + Replace unrolled loop over header files with for-loop to simplify + Makefile. + + Signed-off-by: Dmitry Eremin-Solenikov + +Author: Dmitry Eremin-Solenikov +Date: Mon Nov 5 14:30:53 2018 +0300 + + configure.ac: merge autogen/libopts checks + + Move handling of autogen/libopts to a single place. Enforce usage of + local libopts if autogen is not found. + + Signed-off-by: Dmitry Eremin-Solenikov + +Author: Dmitry Eremin-Solenikov +Date: Mon Nov 5 13:12:51 2018 +0300 + + doc: fix documentation generation in out-of-tree builds + + gtk-doc will not process gnutls.h.in file, so we need to point it to + generated gnutls.h file, found inside builddir. + + Signed-off-by: Dmitry Eremin-Solenikov + +Author: Dmitry Eremin-Solenikov +Date: Mon Nov 5 00:43:55 2018 +0300 + + cfg.mk: fix ChangeLog generation on out-of-tree builds + + ChangeLog regeneration does not work for out-of-tree build, so let's fix + that. + + Signed-off-by: Dmitry Eremin-Solenikov + +Author: Dmitry Eremin-Solenikov +Date: Sun Nov 4 14:29:11 2018 +0300 + + src: args-std.def: substitute variables using configure + + Use standard way (configure script) to substiture variables in + args-std.def file, instead of manually replacing them in dist-hook. + + Fixes #567 + + Signed-off-by: Dmitry Eremin-Solenikov + +Author: Nikos Mavrogiannopoulos +Date: Fri Nov 9 20:07:24 2018 +0100 + + Initialize output var to avoid false negative from static analyzers + + This was identified by clang analyzer's on _gnutls_x509_dn_to_string + and _gnutls_x509_decode_string. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Nov 5 20:51:33 2018 +0100 + + .gitlab-ci.yml: move to fedora29 for CI + + This also moves the x86 CI builds to the debian cross infrastructure + as we have a more reliable way of generating a 32-bit image. + + Resolves #607 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Stefan Berger +Date: Fri Nov 2 18:33:32 2018 -0400 + + tpmtool: Support --srk-well-known for SRK with 20 zero bytes password + + Implement --srk-well-known for SRK with 20 zero bytes password. + + Signed-off-by: Stefan Berger + +Author: Nikos Mavrogiannopoulos +Date: Wed Nov 7 09:56:56 2018 +0100 + + testcompat-openssl: do not test DSS or small curves with 1.1.1 + + DSA uses 1024-bit parameters, and these together with curves of + less than 256 bits are not accepted by debian's openssl. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Nov 7 10:20:32 2018 +0100 + + doc/credentials: increased key size in RSA client cert + + This is used by the test suite and recent openssl in debian requires + a larger certificates. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Nov 7 10:16:10 2018 +0100 + + certtool: allow --update-certificate to replace public key + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Nov 7 08:37:23 2018 +0100 + + README.md: updated instructions to apply to fedora29 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Ander Juaristi +Date: Thu Oct 4 14:57:47 2018 +0200 + + Update docs for session ticket key rotation [ci skip] + + Fix #581. + + Signed-off-by: Ander Juaristi + +Author: Daiki Ueno +Date: Thu Nov 1 13:43:17 2018 +0100 + + ext/record_size_limit: handle the extension in TLS 1.2 ServerHello + + Previously it had assumed that TLS 1.2 servers don't send the + extension, while actually it can be present in ServerHello. + + Signed-off-by: Daiki Ueno + +Author: Nikos Mavrogiannopoulos +Date: Tue Oct 30 19:56:47 2018 +0100 + + gnutls_priority_init: ignore CTYPE-OPENPGP options + + In GnuTLS 3.6.0 we dropped support for openpgp keys, however + the CTYPE-OPENPGP is often seen in applications, sometimes + as -CTYPE-OPENPGP to ensure it is not enabled. We simply + ignore this priority string when seen, to avoid preventing + these applications from running. + + Resolves #593 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Oct 30 19:46:09 2018 +0100 + + gnutls_priority_init: fixed indentation according to project rules + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Oct 19 12:04:29 2018 +0200 + + gnutls_priority_set: re-organized + + The sanity tests we moved prior to setting these priorities + and the %GNUTLS_E_NO_PRIORITIES_WERE_SET error code is returned + consistently to indicate that the existing priorities were not + overwritten. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Oct 17 14:53:47 2018 +0200 + + gnutls_priority_set: do not override the version after handshake is complete + + When an application would re-set priorities prior to a rehandshake + we would override the negotiated version with the highest supported, + something which may lead to issues. This disables that unnecessary + version override. See: + + https://bugzilla.redhat.com/show_bug.cgi?id=1634736 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Oct 30 10:28:20 2018 +0100 + + gnutls-serv: use default priorities when none are given + + This makes it in par with gnutls-cli. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Dmitry Eremin-Solenikov +Date: Mon Oct 29 01:42:28 2018 +0300 + + self-tests: add GOST public key tests + + Test vectors provided in standard are not that usefull (they use + unsupported curves with a != -3), so these test vectors were generated + by hand. + + Fixes #492 + + Signed-off-by: Dmitry Eremin-Solenikov + +Author: Nikos Mavrogiannopoulos +Date: Mon Oct 29 07:24:01 2018 +0100 + + NEWS: added CMAC entries [ci skip] + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Simo Sorce +Date: Sun Oct 28 12:19:46 2018 -0400 + + Add NEWS entry about AES-CMAC + + Signed-off-by: Simo Sorce + +Author: Simo Sorce +Date: Fri Oct 26 16:55:27 2018 -0400 + + Add selftests for CMAC + + Signed-off-by: Simo Sorce + +Author: Simo Sorce +Date: Fri Oct 26 13:38:13 2018 -0400 + + Vendor in CMAC functionality from Nettle + + If nettle's CMAC is not available, use a vendored in version from master. + This is necessary as long as we need to link against 3.4 for ABI + compatibility reasons. + + Signed-off-by: Simo Sorce + +Author: Simo Sorce +Date: Fri Oct 26 13:22:23 2018 -0400 + + Add CMAC Support + + Signed-off-by: Simo Sorce + +Author: Dmitry Eremin-Solenikov +Date: Sun Oct 28 15:44:15 2018 +0300 + + NEWS: Add entry mentioning fix of S-BOXes for CryptoPro-B,-C,-D variants + + Signed-off-by: Dmitry Eremin-Solenikov + +Author: Dmitry Eremin-Solenikov +Date: Sun Oct 28 10:13:00 2018 +0300 + + self-tests: add GOST symmetric algorithms tests + + Add tests for: + - GOST 28147-89 CFB cipher + - GOST R 34.11-94 hash function + - Streebog-256/-512 hash functions + - HMAC using GOST R 34.11-94/Streebog functions + + Signed-off-by: Dmitry Eremin-Solenikov + +Author: Dmitry Eremin-Solenikov +Date: Sun Oct 28 10:11:21 2018 +0300 + + nettle: fix s-boxes selection for rare GOST 28147-89 variants + + gost28147-89 code contained c&p error, which resulted in using S-BOX + CryptoPro-A instead of -B, -C, -D. Fix that. + + Signed-off-by: Dmitry Eremin-Solenikov + +Author: Nikos Mavrogiannopoulos +Date: Fri Oct 26 22:50:52 2018 +0200 + + doc update [ci skip] + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Daiki Ueno +Date: Wed Oct 24 13:08:45 2018 +0200 + + ext/pre_shared_key: don't assume ob_ticket_age < ticket_age_add + + Previously, the server treated the condition as error, while it is + possible that ob_ticket_age may have wrapped round by 2^32. + + Signed-off-by: Daiki Ueno + +Author: Daiki Ueno +Date: Thu Oct 25 12:32:52 2018 +0200 + + tls13/session_ticket: calculate ticket_age in milliseconds + + Previously we calculated ticket age from the current wall clock in + seconds, multiplying by 1000. This is conceptually wrong, because + ticket age is designed to be in milliseconds. + + Signed-off-by: Daiki Ueno + +Author: Daiki Ueno +Date: Fri Oct 26 08:18:01 2018 +0200 + + str: add macros to encode/decode struct timespec value + + Signed-off-by: Daiki Ueno + +Author: Daiki Ueno +Date: Thu Oct 25 13:47:13 2018 +0200 + + system: provide a means to replace gettime implementation + + While gettime() is extensively used in the code, the library + previously hadn't provided a way to replace it for testing. This adds + a new internal function _gnutls_global_set_gettime_function and makes + use of it through virt-time.h. + + Signed-off-by: Daiki Ueno + +Author: Simo Sorce +Date: Wed Oct 24 15:45:23 2018 -0400 + + Add selftest for CFB8 + +Author: Daiki Ueno +Date: Thu Oct 25 12:09:05 2018 +0200 + + _gnutls_timespec_cmp: new inline function + + Signed-off-by: Daiki Ueno + +Author: Daiki Ueno +Date: Thu Oct 25 12:02:53 2018 +0200 + + tls13/session_ticket: rename tls13_ticket_t type to tls13_ticket_st + + This is consistent with the coding guideline. + + Signed-off-by: Daiki Ueno + +Author: Nikos Mavrogiannopoulos +Date: Thu Oct 25 08:29:27 2018 +0200 + + gnutls-cli: reduce printed session information + + When connecting to a server we were printing a lot of duplicate + information that was already part of the "Description" string. + No longer print that information unless --verbose is given. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Oct 24 13:05:58 2018 +0200 + + gnutls-cli: do not print errors twice + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Simo Sorce +Date: Wed Oct 24 13:04:22 2018 -0400 + + Vendor in CFB8 functionality from Nettle + + If nettle's CFB8 is not available, use a vendored in version from master. + This is necessary as long as we need to link against 3.4 for ABI + compatibility reasons. + + Signed-off-by: Simo Sorce + +Author: Simo Sorce +Date: Wed Oct 24 12:14:51 2018 -0400 + + Add AES-CFB8 Support + + Signed-off-by: Simo Sorce + +Author: Nikos Mavrogiannopoulos +Date: Mon Oct 15 15:59:48 2018 +0200 + + p11tool: fix initialization of security officer's PIN + + Previously we would call gnutls_pkcs11_token_set_pin() without an + old PIN provided, which will result to the use of C_InitPIN() on the + underlying module. The C_InitPIN() in contrast with C_SetPIN() will + only work for the user and not for the administrator. As such, we + always provide the oldpin for when we change the admin's PIN. + + Resolves #561 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Oct 23 15:20:45 2018 +0200 + + fips140: aligned code with documentation + + That is, we introduce the documented but unimplemented macros + GNUTLS_FIPS140_SET_LAX_MODE() and GNUTLS_FIPS140_SET_STRICT_MODE(). + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Tom Vrancken +Date: Mon Oct 22 10:52:08 2018 +0200 + + Simplified check for NULL pointer to reduce code changes. + + Signed-off-by: Tom Vrancken + +Author: Tom Vrancken +Date: Mon Oct 22 10:51:19 2018 +0200 + + Unified abbreviation for certificate type priorities in code. + + Signed-off-by: Tom Vrancken + +Author: Tom Vrancken +Date: Thu Oct 11 21:25:11 2018 +0200 + + Renamed CHECK_AUTH macro to CHECK_AUTH_TYPE to be more clear what it checks. + + Signed-off-by: Tom Vrancken + +Author: Tom Vrancken +Date: Thu Oct 11 21:13:45 2018 +0200 + + Renamed _gnutls_server_select_cert() to _gnutls_select_server_cert() for consistency reasons with its client couterpart. + + Signed-off-by: Tom Vrancken + +Author: Tom Vrancken +Date: Thu Oct 11 21:05:33 2018 +0200 + + Renamed certificate_credential_append_crt_list() to certificate_credential_append_keypair(). + + Signed-off-by: Tom Vrancken + +Author: Tom Vrancken +Date: Thu Oct 11 21:01:25 2018 +0200 + + Renamed _gnutls_auth_info_set() to _gnutls_auth_info_init(). + + Signed-off-by: Tom Vrancken + +Author: Tom Vrancken +Date: Wed May 23 10:16:00 2018 +0200 + + Renamed fields in priority_st to improve code readability. Fixes #453. + + Signed-off-by: Tom Vrancken + +Author: Tom Vrancken +Date: Tue May 22 12:35:31 2018 +0200 + + Added NULL pointer check in gnutls_certificate_free_credentials for safety. + + Signed-off-by: Tom Vrancken + +Author: Tom Vrancken +Date: Mon May 21 10:11:28 2018 +0200 + + Renamed _gnutls_proc_x509_server_crt to _gnutls_proc_x509_crt. + + Signed-off-by: Tom Vrancken + +Author: Tom Vrancken +Date: Sat May 19 16:01:01 2018 +0200 + + Small fixes for comments and log strings. + + Signed-off-by: Tom Vrancken + +Author: Tim Rühsen +Date: Thu Oct 18 11:09:09 2018 +0200 + + SKIP tests/global-init-override if weak symbols don't work + + Signed-off-by: Tim Rühsen + +Author: Nikos Mavrogiannopoulos +Date: Tue Oct 16 15:06:04 2018 +0200 + + tests: eagain-auto-auth: only compiled in systems with cmocka available + + This fixes build issue at MacOSX CI. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Oct 12 16:36:12 2018 +0200 + + tlsfuzzer: updated to latest upstream and enabled new tests + + Resolves: #591 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Oct 12 17:08:15 2018 +0200 + + handshake: send missing extension alert + + When a key share extension is not seen under TLS1.3, send + the missing extension alert. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Oct 4 08:27:10 2018 +0200 + + _gnutls_server_select_cert: return error when no server cert is selected + + When a certificate callback is used and no certificate is provided + by it, return an error rather than trying to use it (and crashing) + later. Note that this affects only an "illegal" code path when + a server would have provided no certificate, something which must + not happen on a real-world server. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Oct 1 11:58:15 2018 +0200 + + gnutls_init: added flag for automatic re-authentication + + This introduces the GNUTLS_AUTO_REAUTH gnutls_init() flag and makes + re-authentication under TLS simpler to enable and use. + + Resolves #571 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Mar 29 14:21:59 2018 +0200 + + pkcs11 uris: the URI scheme is case insensitive + + Makes the comparisons of the URI scheme to use c_strcasecmp + from gnulib. It also replaces various straw strcasecmp with + the gnulib variant. This ensures that comparison will be + reliable irrespective of the locale. + + Resolves #590 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Oct 11 21:49:11 2018 +0200 + + .gitlab-ci.yml: cross CI requires privileged systems + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Tim Rühsen +Date: Tue Oct 9 12:46:12 2018 +0200 + + Fix check for GNU C compiler in eina_cpu.c + + Signed-off-by: Tim Rühsen + +Author: Tim Rühsen +Date: Tue Oct 9 12:34:26 2018 +0200 + + Fix gen-mech-list.sh on Solaris / Bourne Shell + + `cmd` is more compatible than $(cmd). + + The shell is "sh (Schily Bourne Shell) version 2013/01/14 a+ (i386-pc-solaris2.9)" + + Signed-off-by: Tim Rühsen + +Author: Tim Rühsen +Date: Fri Oct 5 19:41:15 2018 +0200 + + Let bootstrap check for gperf and autopoint + + Signed-off-by: Tim Rühsen + +Author: Tim Rühsen +Date: Mon Oct 8 11:25:23 2018 +0200 + + Skip tests/tls13/prf.c if visibility 'protected' doesn't work + + Overriding gnutls_rnd() with visibility 'protected' doesn't always work. + E.g. LDFLAGS="-Wl,-Bsymbolic-functions" seems to have priority on + Debian derived systems. + + Fixes #584 + + Signed-off-by: Tim Rühsen + +Author: Nikos Mavrogiannopoulos +Date: Sat Oct 6 16:43:33 2018 +0200 + + tests: added unit test for gnutls_session_set_id + + This adds a unit and a negative test which ensures that + a client will not be tricked in performing resumption when + this function is used. + + Resolves #585 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Oct 4 08:29:41 2018 +0200 + + doc: fix use of gnutls_ext_raw_parse callback [ci skip] + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sun Sep 30 22:05:59 2018 +0200 + + gnutls_priority_set: do not override version on handshake + + When handshake is in progress, do not override the default TLS + version in the session. This allows gnutls_priority_set to be called + in the post_client_hello function without breaking the handshake. + + Resolves #580 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Oct 2 11:57:31 2018 +0200 + + encrypt_packet_tls13: added explicit check on iv_size bounds + + Although there are no ciphers defined for TLS1.3 which would overflow + the assumed bound, an explicit check is necessary to avoid that code + be a liability in future updates. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Oct 1 09:18:46 2018 +0200 + + privkey_pkcs8: added reference for validation parameters OID [ci skip] + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Oct 1 08:31:16 2018 +0200 + + NEWS: corrected typo [ci skip] + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Tim Rühsen +Date: Thu Sep 27 21:11:21 2018 +0200 + + Use ASCII version of strcasecmp() in library code + + strcasecmp() has side effects in some locales. + What we really need is c_strcasecmp() from Gnulib for comparing + ASCII strings. + + Fixes #570 + + Signed-off-by: Tim Rühsen + +Author: Dmitry Eremin-Solenikov +Date: Thu Sep 27 11:02:33 2018 +0300 + + .gitlab-ci.yml: reenable SSLv2 hello support for SSL-3.0.Fedora.x86_64 + + Reenable SSLv2 hello support to let several SSL-3.0 tls-fuzzer tests + pass. + + Signed-off-by: Dmitry Eremin-Solenikov + +Author: Dmitry Eremin-Solenikov +Date: Thu Sep 27 01:05:09 2018 +0300 + + tlsfuzzer: disable SSL3.0 in export-ciphers-rejected test + + These tests will fail with SSL3.0-enabled gnutls-serv unless --ssl3 + option was passed. We will run these tests anyway from + gnutls-nocert-ssl3.json, so disable them here. + + Signed-off-by: Dmitry Eremin-Solenikov + +Author: Dmitry Eremin-Solenikov +Date: Thu Sep 27 00:42:21 2018 +0300 + + tlsfuzzer: support running from separate build dir + + Adapt tls-fuzzer-common.sh script to be able to run tests in case + srcdir != builddir. + + Signed-off-by: Dmitry Eremin-Solenikov + +Author: Dmitry Eremin-Solenikov +Date: Tue Sep 25 17:00:14 2018 +0300 + + .gitlab-ci.yml: reenable full test suite in SSL-3.0/SHA-1 case + + Reenable full test suite run in SSL-3.0/SHA-1 CI test case to let us + catch issues in legacy code. + + Signed-off-by: Dmitry Eremin-Solenikov + +Author: Dmitry Eremin-Solenikov +Date: Mon Sep 24 16:07:19 2018 +0300 + + tlsfuzzer: add missing script + + Makefile.am refers tls-fuzzer-nocert-ssl3.sh script, which is missing + in the source tree. Add it back. + + Signed-off-by: Dmitry Eremin-Solenikov + +Author: Dmitry Eremin-Solenikov +Date: Thu Sep 27 00:35:20 2018 +0300 + + tlsfuzzer: move common code to separate file + + Move common code to tls-fuzzer-common.sh to ease further adjustments. + + Signed-off-by: Dmitry Eremin-Solenikov + +Author: Dmitry Eremin-Solenikov +Date: Wed Sep 26 23:34:16 2018 +0300 + + tlsfuzzer: use random port for tls-fuzzer-nocert test + + Like the rest of tls-fuzzer tests, pass "-p PORT" to subtests, allowing + usage of random port for server. + + Signed-off-by: Dmitry Eremin-Solenikov + +Author: Dmitry Eremin-Solenikov +Date: Wed Sep 26 23:34:16 2018 +0300 + + tlsfuzzer: use random port for tls-fuzzer-cert test + + Like the rest of tls-fuzzer tests, pass "-p PORT" to subtests, allowing + usage of random port for server. + + Signed-off-by: Dmitry Eremin-Solenikov + +Author: Tim Rühsen +Date: Wed Sep 26 12:54:37 2018 +0200 + + Make tlsproxy/buffer.c compilable by gcc 4.4.7 + + Signed-off-by: Tim Rühsen + +Author: Nikos Mavrogiannopoulos +Date: Wed Sep 26 09:38:04 2018 +0200 + + _gnutls_check_key_purpose: eliminated dead code + + Resolves #573 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Sep 25 13:52:25 2018 +0200 + + manpages: do not generate any manpages for openpgp.h + + This API is no longer functional and is only available as stubs + for backwards binary compatibility. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Sep 25 13:06:57 2018 +0200 + + manpage generation: cleanup + + Recognize parameters of the form unsigned char name[8], and + do not print obscure warnings. Furthermore gdoc will fail + when a function parameter is not described or when no + function is found. This addresses the generation of undetected + errors in generated manpages. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Sep 25 12:07:10 2018 +0200 + + doc: fixed missing function and enumeration parameters + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Sep 25 14:12:26 2018 +0200 + + tests: removed unused file + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Sep 25 18:10:12 2018 +0200 + + mech-list.h: generate unique entries + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Sep 24 17:33:03 2018 +0200 + + released 3.6.4 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Sep 21 16:31:58 2018 +0200 + + tests: pkcs12-utf8 depend on bash + + The NetBSD default shell cannot handle the UTF-8 strings we use + in that script. + + Resolves #544 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Sep 21 16:20:36 2018 +0200 + + bumped versions and updated NEWS file + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Sep 21 16:18:23 2018 +0200 + + Enable the TLS1.3 protocol by default + + As the protocol has been finalized, and the implementation is + stable and interoperable, there is no need to enable it conditionally. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Sep 18 08:36:18 2018 +0200 + + gnutls-cli: enable CRL validation on startup + + This also makes the failure in adding CRLs or CAs, a fatal error. + + Resolves #564 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Sep 20 16:44:51 2018 +0200 + + Provide a more flexible PKCS#11 search of trust store certificates + + This addresses the problem where the CA certificate doesn't + have a subject key identifier whereas the end certificates + have an authority key identifier. + + Resolves #569 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Sep 18 08:35:32 2018 +0200 + + trust list: added flag to force failure on CRL validation error + + This allows an application to be notified of the addition of invalid + CRLs in the trust list. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Tim Rühsen +Date: Tue Sep 18 11:50:43 2018 +0200 + + Remove auto-generated src/mech-list.h from repo + + Signed-off-by: Tim Rühsen + +Author: Tim Rühsen +Date: Tue Sep 18 15:35:20 2018 +0200 + + Fix issue introduced in 20886264fe + + This makes _gnutls_resolve_priorities() return a string that is always + allocated with the gnutls memory functions. + + Signed-off-by: Tim Rühsen + +Author: Nikos Mavrogiannopoulos +Date: Wed Sep 19 14:15:20 2018 +0200 + + session tickets: check timestamp for validity + + We were previously only relying on the client's view of the + ticket lifetime for TLS1.3 tickets. This makes sure that we + only resume tickets that the server considers valid and consolidates + the expiration time checks to _gnutls_check_resumed_params(). + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Sep 20 10:11:42 2018 +0200 + + ECC export/import: updated documentation on EdDSA curves + + This clarifies the format that parameters in the EdDSA curves + will be returned, and also ensures that the import/export + functions fail on unsupported curves. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Sep 19 15:03:32 2018 +0200 + + tests: use virt-time.h in resumption tests + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Ander Juaristi +Date: Tue Sep 18 09:40:20 2018 +0200 + + Added session ticket key rotation with TOTP + + This introduces session ticket key rotation on server side. The + key set with gnutls_session_ticket_enable_server() is used as a + master key to generate time-based keys for tickets. The rotation + relates to the gnutls_db_set_cache_expiration() period. + + Resolves #184 + + Signed-off-by: Ander Juaristi + +Author: Dmitry Eremin-Solenikov +Date: Tue Sep 18 03:05:51 2018 +0300 + + certtool: print GOST public key with MSB first + + OpenSSL and other libraries print MSB first, when printing GOST public + keys. Let's return to this convention. + + Signed-off-by: Dmitry Eremin-Solenikov + +Author: Dmitry Eremin-Solenikov +Date: Tue Sep 18 03:05:51 2018 +0300 + + x509: print_pubkey: print GOST public key with MSB first + + OpenSSL and other libraries print MSB first, when printing GOST public + keys. Let's return to this convention. + + Signed-off-by: Dmitry Eremin-Solenikov + +Author: Dmitry Eremin-Solenikov +Date: Tue Sep 18 00:53:17 2018 +0300 + + lib: use little endian when importing/exporting GOST keys + + GOST R 34.10 native format is little endian. It is better for the + application code to use native format data to interface library, rather + than convert buffers on their own. + + Signed-off-by: Dmitry Eremin-Solenikov + +Author: Dmitry Eremin-Solenikov +Date: Tue Sep 18 00:51:05 2018 +0300 + + mpi: add function to dprint mpi in little endianness + + Add little endian counterpart to _gnutls_mpi_dprint and + _gnutls_mpi_dprint_le. + + Signed-off-by: Dmitry Eremin-Solenikov + +Author: Dmitry Eremin-Solenikov +Date: Mon Sep 17 12:26:31 2018 +0300 + + gnutls.h: correct GOST R number references [ci skip] + + Fix numeric GOST R ids used in documentation, too many numbers: + - GOST R 34.11 is digest function + - GOST R 34.10-2001 is a digital signature over GOST R 34.11-94 digest + - GOST R 34.10-2012 is a digital signature over GOST R 34.11-2012 digest + + Signed-off-by: Dmitry Eremin-Solenikov + +Author: Tim Rühsen +Date: Mon Sep 17 10:12:38 2018 +0200 + + Update git submodules via ./bootstrap + + Setting $SUBMODULE_NOFETCH to a non-empty value adds + --no-fetch to the git command (for CI speedup). + + Signed-off-by: Tim Rühsen + +Author: Nikos Mavrogiannopoulos +Date: Mon Sep 17 15:14:12 2018 +0200 + + tests: pkcs1-pad: run with SHA-1 enabled or disabled + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Sep 17 12:58:38 2018 +0200 + + .gitlab-ci.yml: enable run with SHA-1 enabled + + This adds a CI run with SHA-1 enabled, and corrects issues in the + testsuite when that's the case. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Sep 17 09:28:08 2018 +0200 + + gnutls_x509_trust_list_add_trust_mem: fix behavior with unaccounted certs + + If gnutls_x509_trust_list_add_cas returns less than clist_size, the additional + unaccounted certificates will never be freed. + + Relates #552 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Sep 17 09:12:29 2018 +0200 + + gnutls_x509_trust_list_add_cas: corrected return value + + When the flag GNUTLS_TL_USE_IN_TLS is used and add_new_ca_to_rdn_seq + the return value did not include the last certificate added to the + list. This corrects its return value. + + Relates #552 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Sep 17 09:10:24 2018 +0200 + + fixed documentation in trust list functions + + That clarifies and addresses issues in the documentation of + gnutls_x509_trust_list_add_crls() and gnutls_x509_trust_list_add_cas() + + Relates #552 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sun Sep 16 15:54:41 2018 +0200 + + tests: added CRL verification tests + + This tests CRL verification with certtool --verify-crl on correct + and incorrect cases. + + Relates #564 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sun Sep 16 15:35:19 2018 +0200 + + certtool: updates in documentation in messages for CRL generation + + This fixes the messages printed for the generation of a CRL, and + makes the return code of the CRL verification depending on the + verification result. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Sep 14 16:32:05 2018 +0200 + + Fix variable used in reallocation + + This corrects the variable name used in the sizeof argument + for realloc. This does not alter the actual allocation size, + but rather it fixes a logic error. + + Relates: #554 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Aug 22 15:25:06 2018 +0200 + + .gitignore: updated + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Aug 22 10:08:41 2018 +0200 + + dtls: recover when a NewSessionTicket message is lost + + When the server's NewSessionTicket gets lost while the ChangeCipherSpec + goes through, the client did not request retransmission by retransmitting + his last flight, and the handshake was blocked. This commit addresses + the issue and adds a reproducer. + + Resolves #543 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Daiki Ueno +Date: Mon Aug 27 17:44:35 2018 +0200 + + tlsfuzzer: remove duplicate tests and sort them alphabetically + + Signed-off-by: Daiki Ueno + +Author: Andreas Schwab +Date: Mon Sep 10 17:35:08 2018 +0200 + + doc: fix reference to invocation nodes + + Signed-off-by: Andreas Schwab + +Author: Nikos Mavrogiannopoulos +Date: Mon Aug 20 15:17:04 2018 +0200 + + priority: be backwards compatible with priority strings starting with NONE + + That is, we allow priority strings which do not enable any groups to + work, by disabling TLS1.3. For example + 'NONE:+VERS-TLS-ALL:+MAC-ALL:+RSA:+AES-128-GCM:+SIGN-ALL:+COMP-NULL' + is still operational, but no TLS1.3 is enabled when specified. + + Resolves: #549 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Tim Rühsen +Date: Fri Aug 24 16:34:14 2018 +0200 + + Use gnutls_strdup() instead of strdup() in library code + + Signed-off-by: Tim Rühsen + +Author: Tim Rühsen +Date: Fri Aug 24 16:27:36 2018 +0200 + + Remove gnulib work-around '#undef strdup' + + The 'issue' should be fixed already. Even if not, it has to + addressed in gnulib. + + Signed-off-by: Tim Rühsen + +Author: Daiki Ueno +Date: Tue Aug 21 15:02:56 2018 +0200 + + ext/pre_shared_key: use consistent name for regitration entry + + Signed-off-by: Daiki Ueno + +Author: Daiki Ueno +Date: Tue Aug 21 14:54:41 2018 +0200 + + ext/pre_shared_key: make ticket age calculation consistent + + Previously we used a pattern like this: + + uint32_t obfuscated_ticket_age, ticket_age_add; + time_t ticket_age; + + ticket_age = obfuscated_ticket_age - ticket_age_add; + if (ticket_age < 0) { + ... + } + + This always evaluates to false, because subtraction between unsigned + integers yields an unsigned integer. Let's do the comparison before + subtraction and also use correct types for representing time: uint32_t + for protocol time and time_t for system time. + + Signed-off-by: Daiki Ueno + +Author: Daiki Ueno +Date: Fri Aug 17 15:45:20 2018 +0200 + + tls13/psk_ext_parser: simplify the iterator interface + + Previously it was unclear whether psk_ext_parser_st is stateful or + not. This change introduces the simpler API to iterate over the + immutable data (psk_ext_parser_st), following the iterator pattern. + + Signed-off-by: Daiki Ueno + +Author: Nikos Mavrogiannopoulos +Date: Tue Aug 21 16:18:11 2018 +0200 + + gnutls-cli-debug: mention RFC8446 for TLS1.3 and RFC8422 for X25519 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Tim Rühsen +Date: Tue Aug 21 13:10:48 2018 +0200 + + Remove --no-git from ./bootstrap [ci skip] + + This removes the --no-git option as bootstrap itself does not use + the remote repository for cloning. At least as long $GNULIB_SRCDIR + points to a recent enough local gnulib git repo. + + Signed-off-by: Tim Rühsen + +Author: Nikos Mavrogiannopoulos +Date: Fri Aug 17 14:02:34 2018 +0200 + + handshake: do not negotiate TLS1.3 using the legacy version field + + Previously we could end-up with a TLS1.3 connection if the TLS1.3 + ID was seen on the wire. We now explicitly fallback to TLS1.2 + when we see a protocol with TLS1.3 semantics in an SSL2.0 or + in the legacy version of the client hello. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Aug 17 12:57:25 2018 +0200 + + handshake: simplified protocol version checking functions + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Aug 17 10:50:15 2018 +0200 + + tlsfuzzer: modify to use the final code points + + Relates #542 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Aug 13 20:55:50 2018 +0200 + + fuzz: updated traces for final TLS1.3 version + + Resolves #359 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Aug 13 20:46:21 2018 +0200 + + protocols: bumped TLS1.3 version number to RFC8446 value + + This adds support of the final RFC numbers. + + Resolves #542 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Tom Vrancken +Date: Wed Aug 15 18:29:32 2018 +0200 + + Implemented RFC7250 certificate type negotiation extensions. + + Signed-off-by: Tom Vrancken + +Author: Daiki Ueno +Date: Fri Aug 10 14:06:16 2018 +0200 + + ext/record_size_limit: new extension + + This implements the record_size_limit extension as defined in RFC 8449. + + Although it obsoletes the max_record_size extension, for compatibility + reasons GnuTLS still sends it on certain occasions. For example, when + the new size is representable as the codepoint defined for + max_record_size. + + Signed-off-by: Daiki Ueno + +Author: Daiki Ueno +Date: Tue Aug 14 16:46:12 2018 +0200 + + ext/max_record: remove use of extension private data + + As the extension data is always stored in + session->security_parameters.max_record_send_size, it shouldn't be + necessary to track it with the private data. + + Signed-off-by: Daiki Ueno + +Author: Nikos Mavrogiannopoulos +Date: Fri Aug 17 14:43:30 2018 +0200 + + gnutls_session_resumption_requested: fixed behavior under TLS1.3 + + This makes gnutls_session_resumption_requested() functional under + TLS1.3 and introduces a unit test of the function. + + Resolves #546 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sun Aug 19 18:59:02 2018 +0200 + + .gitlab-ci.yml: use --no-git to bootstrap + + That is, to reduce CI time, and avoid failures due to + non-availability of the gnulib git repo. + + Resolves #547 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Aug 17 14:48:56 2018 +0200 + + hello_ext: removed bogus comment + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Aug 17 16:08:37 2018 +0200 + + .gitmodules: gnulib submodule is now synced from libidn's mirror + + This mirror is updated hourly and is hosted on gitlab, meaning + less dependency on external sites downtime. + + Resolves: #547 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Andreas Metzler +Date: Wed Aug 15 14:20:43 2018 +0200 + + Fix two typos (overriden/guarranteed) + + Signed-off-by: Andreas Metzler + +Author: Nikos Mavrogiannopoulos +Date: Mon Aug 13 21:47:53 2018 +0200 + + doc: document the non-portability of NONE priority string + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Aug 13 20:22:48 2018 +0200 + + tools: check output of called functions + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Aug 13 20:19:55 2018 +0200 + + write_oid_and_params: moved nullity check of params earlier + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Aug 9 16:13:50 2018 +0200 + + gnutls_session_set_premaster: corrected error checks + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Aug 9 16:12:36 2018 +0200 + + pubkey_verify_hashed_data: apply algorithm checks + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Aug 9 16:09:21 2018 +0200 + + privkey_sign_raw_data: use assert to mark code which always succeeds + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Aug 9 16:05:47 2018 +0200 + + _gnutls_send_change_cipher_spec: removed unnecessary test + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Aug 13 21:04:56 2018 +0200 + + .travis.yml: do not run brew upgrade + + This addresses issue with travis compilation on MacOSX. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Aug 7 16:27:19 2018 +0200 + + gnutls_memset: use explicit_bzero + + That is, use the glibc function when available and the second + parameter is zero. + + Resolves #230 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Aug 7 09:52:55 2018 +0200 + + use a consistent method to mark fall-through in switch cases + + Also document that method in contribution guide. + + Resolves #306 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Daiki Ueno +Date: Tue Aug 7 14:45:07 2018 +0200 + + ext/pre_shared_key: prevent crash if no server credentials are set + + Previously, if server is configured without PSK credentials and the + client authenticated with PSK, the server crashed with: + + Program received signal SIGSEGV, Segmentation fault. + 0x00007ffff7b190ba in server_recv_params (session=0x636fc0, data=0x634e6e "", + len=46, pskcred=0x0) at pre_shared_key.c:523 + 523 prf = pskcred->binder_algo; + + Signed-off-by: Daiki Ueno + +Author: Daiki Ueno +Date: Tue Aug 7 13:21:16 2018 +0200 + + tlsfuzzer: update to the latest version + + Also enable test-tls13-ffdhe-sanity.py, + test-tls13-session-resumption.py, and + test-tls13-unrecognised-groups.py. + + Signed-off-by: Daiki Ueno + +Author: Daiki Ueno +Date: Tue Aug 7 12:32:56 2018 +0200 + + alert: map GNUTLS_E_NO_COMMON_KEY_SHARE to handshake_failure + + Previously, when server received a ClientHello that does include only + groups from unassigned ranges in supported_groups, it aborted the + connection with an illegal_parameter. + + Resolves #537 + + Signed-off-by: Daiki Ueno + +Author: Daiki Ueno +Date: Tue Aug 7 11:43:32 2018 +0200 + + algorithms: add support for FFDHE6144 + + Signed-off-by: Daiki Ueno + +Author: Nikos Mavrogiannopoulos +Date: Fri Aug 3 22:26:47 2018 +0200 + + Corrected the importing of ECDSA public keys + + This seems to be a regression since EdDSA support. The call to + _gnutls_x509_get_pk_algorithm() in public key import was unnecessary + and in fact it was overriding the available curve with a curve associated + with the OID. As the ECDSA OID doesn't include the curve, that had the + result of deleting the already read curve. + + Resolves #538 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Aug 3 14:13:14 2018 +0200 + + Ensure we are sending the right protocol version on second client hello + + That is, when we respond to a Hello Retry Request as client, we put + the TLS1.2 version on the second client hello to send a hello that is + as close as possible to the original hello. That effectively separates + the handling of TLS1.2 rehandshake and TLS1.3 hello retry request + when sending a client hello. + + Resolves #535 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Aug 7 07:30:55 2018 +0200 + + doc: improved text on certifications + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Aug 7 07:13:35 2018 +0200 + + doc: few improvements over certificate validation text + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Jul 30 21:50:35 2018 +0200 + + gnutls-serv: re-introduce the session identifier message + + The message "If your browser supports session resuming, then you should + see the same session ID, when you press the reload button", is now printed + again even under TLS1.3. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Jul 30 16:48:26 2018 +0200 + + resume: keep persistent session identifiers + + With the introduction of session ticket support (TLS1.2) and + TLS1.3, session identifiers have no persistency on server or + client side. Improve the situation by introducing persistent + session identifiers on server side in a backwards compatible + way. + + Resolves #484 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Daiki Ueno +Date: Thu Jul 19 15:57:59 2018 +0200 + + .gitlab-ci.yml: include fuzz/*.log in artifacts + + Signed-off-by: Daiki Ueno + +Author: Daiki Ueno +Date: Wed Jul 18 15:56:17 2018 +0200 + + tests: tls-fuzzer: enable tests relying on header fragmentation + + Those tests were previously disabled because splitting of handshake + messages in a very short (< 4 bytes) fragments is not implemented. + + Signed-off-by: Daiki Ueno + +Author: Daiki Ueno +Date: Thu Aug 2 15:44:15 2018 +0200 + + record: send unexpected_message upon empty unencrypted records + + Signed-off-by: Daiki Ueno + +Author: Daiki Ueno +Date: Fri Jul 27 06:30:41 2018 +0200 + + buffers: handle very short fragmentation of handshake messages + + If the received record doesn't even complete the handshake + header (i.e., the record size < 4), keep it in a temporary buffer and + let the caller receive more records. Once enough amount of data is + received, move the already received records back to record_buffer and + proceed to the normal processing. + + Fixes: #272 + + Signed-off-by: Daiki Ueno + +Author: Daiki Ueno +Date: Fri Jul 27 06:23:12 2018 +0200 + + mbuffers: introduce _mbuffer_head_push_first + + This is similar to _mbuffer_enqueue, but adds an element to the + beginning of the buffer. + + This is to make the incomplete header handling case easier. + + Signed-off-by: Daiki Ueno + +Author: Daiki Ueno +Date: Fri Jul 27 06:10:37 2018 +0200 + + _gnutls_parse_record_buffered_msgs: eliminate local variable usage + + If `remain > 0` is true, `recv_buf[0].length > 0` always holds. + Combine those conditions and remove the `remain` utilizing MIN(). + + This is to make the incomplete header handling case easier. + + Signed-off-by: Daiki Ueno + +Author: Daiki Ueno +Date: Fri Jul 27 05:35:02 2018 +0200 + + buffers: avoid confusion in fragment length calculation + + Previously, to calculate the fragment length, it added/subtracted one + to the ending offset back and forth; that was not easier to read and + couldn't handle empty payload messages in TLS. + + Signed-off-by: Daiki Ueno + +Author: Daiki Ueno +Date: Thu Aug 2 16:59:27 2018 +0200 + + tlsfuzzer: update to the latest version + + Also enable test-tls13-0rtt-garbage.py. + + Signed-off-by: Daiki Ueno + +Author: Daiki Ueno +Date: Mon Jul 16 11:30:05 2018 +0200 + + TLS 1.3: ignore "early_data" extension + + As 0-RTT is still not implemented in GnuTLS, the server responds with + 1-RTT, by skipping decryption failure up to max_early_data_size, as + suggested in 4.2.10 Early Data Detection. + + Resolves #512 + + Signed-off-by: Daiki Ueno + +Author: Nikos Mavrogiannopoulos +Date: Fri Aug 3 21:45:14 2018 +0200 + + p11tool: print expiration time on certificates + + This is particularly useful when displaying information about a + certificate trust store. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Jul 19 15:52:26 2018 +0200 + + tls1.3: server returns early on handshake when no cert is provided by client + + Under TLS1.3 the server knows the negotiated keys early, if no client + certificate is sent. In that case, the server is not only able to + transmit the session ticket immediately after its finished message, + but is also able to transmit data, similarly to false start. + + Resolves #481 + Resolves #457 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Jul 23 15:01:49 2018 +0200 + + gnutls-serv: don't close connection properly when handshake is not yet complete + + In the case handshake is not yet complete and we need + to terminate, it is because of an issue. As such prefer an + unclear termination at this stage. This addresses error detection + issues with tlsfuzzer. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Aug 2 16:16:27 2018 +0200 + + gnutls-cli: corrected input buffer null-termination + + This was a regression in the previous cleanup at + f138ff85df69976badce44a5c46157cce091020f included in + 3.6.3. + + Resolves #534 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Jul 31 11:37:50 2018 +0200 + + certtool: added example of converting to DER in manpage + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Tim Rühsen +Date: Fri Jul 27 23:46:50 2018 +0200 + + Fix gcc-8 -Wabi warnings + + Fixes #531 + + Signed-off-by: Tim Rühsen + +Author: Nikos Mavrogiannopoulos +Date: Fri Jul 27 11:58:38 2018 +0200 + + ext/key_share: check the validity of server key shares + + That is, when generating the public key based on the server's + key share, ensure that the algorithms match completely with + the key shares the client initially sent. This was detected + by the updated traces for TLS1.3 fuzzying. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Jul 26 15:37:58 2018 +0200 + + gnutls-serv: improve output under TLS1.3 + + That is, silence fields no longer applicable under TLS1.3 + and make sure that newer functions like gnutls_session_get_desc() + get used when describing the session. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Jul 26 15:06:34 2018 +0200 + + fuzz: updated traces for latest TLS1.3 draft + + Relates #359 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Jul 26 12:40:54 2018 +0200 + + tests: run tls-fuzzer PSK testsuite + + Resolves #508 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Jul 26 11:27:23 2018 +0200 + + tests: added unit test of handshake with large certificate + + This checks whether handshake message fragmentation and de-fragmentation + is functional on server and client. + + Resolves #513 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Jul 26 11:02:37 2018 +0200 + + certtool: eliminated limits in certificate export size + + That allows printing an exporting certificates of size only bounded + by avail memory. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Jul 26 10:56:25 2018 +0200 + + certtool: eliminate maximum limit in fields read with READ_MULTI_LINE_TOKENIZED() + + This allows to generate a certificate with an extension of arbitrary size. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Jul 25 16:41:38 2018 +0200 + + gnutls.h: corrected typo + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Jul 25 14:48:47 2018 +0200 + + send_client_hello: don't override version after HRR is received + + When a Hello Retry Request is received, do not set our (transient) + version to TLS1.2 on the second client hello. That's because both + peers have already negotiated TLS1.3. + + This addresses issue with peers which may send a changecipherspec + message at this stage, which is now allowed when our version is + set to be TLS1.2. Introduced test suite using openssl and resumption + using HRR which reproduces the issue. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Jul 25 13:08:35 2018 +0200 + + hello_ext_parse: apply the test for pre-shared key ext being last on client hello + + We were incorrectly insisting on pre-shared key extension being last in + both client and server hello. That was incorrect, as only in client hello + it is required by TLS1.3 to be last. + + Quoting: + The "pre_shared_key" extension MUST be the last extension in the + ClientHello (this facilitates implementation as described below). + Servers MUST check that it is the last extension and otherwise fail + the handshake with an "illegal_parameter" alert. + + Resolves #525 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Jul 24 20:58:10 2018 +0200 + + .gitlab-ci.yml: automatically retry failed jobs + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Jul 24 16:48:32 2018 +0200 + + doc update + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Jul 24 16:38:08 2018 +0200 + + allow no certificates to be reported by the gnutls_certificate_retrieve_function callbacks + + In 9829ef9a we introduced a wrapper over the older callback functions + which didn't handle this case. + + Resolves #528 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Dmitry Eremin-Solenikov +Date: Fri Jul 20 20:49:28 2018 +0300 + + cert-cred: fix possible segfault when resetting cert retrieval function + + Reset get_cert_callback3 callback to NULL if provided callback is NULL. + Otherwise after the certificate request call_legacy_cert_cb1 / + call_legacy_cert_cb2 will try to unconditionally call legacy_cert_cb1 / + legacy_cert_cb2 callback (set to NULL) leading to segfault. + + Fixes: 9829ef9a3ca06d60472599df7c74ebb9a53f1fe2 + Signed-off-by: Dmitry Eremin-Solenikov + +Author: Dmitry Eremin-Solenikov +Date: Sun Jul 22 20:31:36 2018 +0300 + + kx: for uniformity print master secret size + + During keys setup phase debug log will contain sizes of all keys and + secrets, except master secret. Dump MS length (48) to log for + uniformity. + + Signed-off-by: Dmitry Eremin-Solenikov + +Author: Dmitry Eremin-Solenikov +Date: Sun Jul 22 20:31:09 2018 +0300 + + constate: dump full key block to log + + Include full key block to the debug log. + + Signed-off-by: Dmitry Eremin-Solenikov + +Author: Dmitry Eremin-Solenikov +Date: Sun Jul 22 20:30:04 2018 +0300 + + constate: dump MAC keys to debug log + + _gnutls_set_keys() can dump client/server write keys/ivs to debug log, + but it skips MAC keys. Add MAC keys to log. + + Signed-off-by: Dmitry Eremin-Solenikov + +Author: Dmitry Eremin-Solenikov +Date: Sun Jul 22 20:25:35 2018 +0300 + + constate: drop unused variable in _gnutls_set_keys + + _gnutls_set_keys() creates rrnd as client random + server random, but + does not use it (it was used before for export key generation, but was + not removed when dropping support for export cipher suites). + + Signed-off-by: Dmitry Eremin-Solenikov + Fixes: 8bdb8d53aa5b4c5d04255b6c9b5f2dac8b23d51b + +Author: Dmitry Eremin-Solenikov +Date: Sat Jul 21 13:23:42 2018 +0300 + + cert auth: simplify certificate selection code + + Merge pubkey_is_compat_with_cs() and select_sign_algorithm() functions + to ease extension of certificate selection code. + + Signed-off-by: Dmitry Eremin-Solenikov + +Author: Tim Rühsen +Date: Thu Jul 19 12:50:13 2018 +0200 + + Remove trailing dot from hostname input + + Fixes #532 + + Signed-off-by: Tim Rühsen + +Author: Nikos Mavrogiannopoulos +Date: Tue Jul 17 09:03:38 2018 +0200 + + gnutls_x509_privkey_import_ecc_raw: encode parameters on import + + That makes the structure fully usable after import. In _encode_privkey() + use the lower-level _gnutls_x509_export_int2() for key encoding as the + call to higher gnutls_x509_privkey_export2() could result to an infinite + recursion when keys are incomplete. + + Introduced additional tests for PKCS#8 key import and export. + + Resolves: #516 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Dmitry Eremin-Solenikov +Date: Thu Jul 19 14:19:07 2018 +0300 + + certtool: use gnutls_gost_paramset_get_name + + gost_param_name() predates gnutls_gost_paramset_get_name() and + gnutls_gost_paramset_t. Use current API functions instead of hand-coding + new functions. + + Signed-off-by: Dmitry Eremin-Solenikov + +Author: Nikos Mavrogiannopoulos +Date: Thu Jul 19 11:24:04 2018 +0200 + + gnutls-cli: do not fail if CKA_ID is too long + + Increased the buffer needed to read reasonable-sized CKA_IDs + and avoid failure when the CKA_ID is too long. + + Resolves #520 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Jul 19 07:47:40 2018 +0200 + + .gitlab-ci.yml: combined abi-check and TLS1.3 check runs + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Jul 19 06:06:34 2018 +0200 + + tests: handshake-timeout: reverted virt-time.h usage + + The tests nature (waiting on a socket) didn't fit well with the virt-time + implementation. Reverted to original real-time wait and improved error + detection in child process. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Jul 16 14:04:01 2018 +0200 + + gnutls_priority_init: fix err_pos on invalid strings + + When the provided string would be resolved (e.g., due to a @ priority + being used), to a different string, then do not attempt to + detect the right location of the error. It will not be useful to the caller. + + This addresses the issue of test suite failure when --with-system-priority-file + and --with-default-priority-string are provided. It also enhances the test suite + with these options being active. + + Resolves #517 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Jul 17 21:55:33 2018 +0200 + + examples: tlsproxy: use snprintf instead of strncpy + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Jul 17 08:17:13 2018 +0200 + + doc: simplified documentation on threads + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Jul 17 13:53:02 2018 +0200 + + examples: tlsproxy: eliminated warnings + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Jul 16 09:10:21 2018 +0200 + + .gitlab-ci.yml: updated win32 targets + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Jul 16 08:27:54 2018 +0200 + + doc update + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sun Jul 15 18:38:40 2018 +0200 + + gnutls-cli: mark legacy options as deprecated + + This removes the --ranges and --disable-extensions options from + the default listing of options. They are disfunctional and may + be removed in the future. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sat Jul 14 17:39:03 2018 +0200 + + .travis.yml: update brew and use nettle 3.4 + + Resolves #480 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sat Jul 14 08:39:52 2018 +0200 + + .gitlab-ci.yml: Werror build runs with -std=c99 + + This ensures that the errors reported will be relevant + for the required version of the standard. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sat Jul 14 17:30:49 2018 +0200 + + bumped versions + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sat Jul 14 08:27:26 2018 +0200 + + _gnutls_resolve_priorities: avoid gnu extension for ?: construct + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Jul 13 16:11:16 2018 +0200 + + NEWS: doc update + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Jul 13 14:23:28 2018 +0200 + + nettle/rnd-fips: updated documentation + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Jul 13 14:01:44 2018 +0200 + + gnutls-cli: improve error reporting with -l --priority option + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Jul 13 11:18:21 2018 +0200 + + cipher-listings: use the sed found by configure script and make it portable + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Jul 13 09:04:42 2018 +0200 + + tests: tls-fuzzer: separated SSL3.0 from TLS1.x tests + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Jul 12 16:17:02 2018 +0200 + + gnutls-cli-debug: do not attempt SSL3.0 negotiation when not enabled + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Jul 12 15:41:21 2018 +0200 + + priorities: ensure that SSL3.0 enablement fails early when disabled + + That is, that a priority string with only SSL3.0 present is discarded as + invalid. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Jul 12 15:14:39 2018 +0200 + + The SSL 3.0 protocol is disabled on compile time by default + + It can be re-enabled by specifying --enable-ssl3-support on configure script. + This is the first step before removing support for the protocol completely. + + Relates #103 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Jul 13 08:45:49 2018 +0200 + + tests: gnutls-cli-debug.sh: corrected run under FIPS mode + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Jul 13 07:10:11 2018 +0200 + + doc: minor text updates + + Updated text for gnutls_session_ext_master_secret_status and for + GNUTLS_NO_EXTENSIONS flag which is defunc. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Jul 13 07:08:42 2018 +0200 + + gnutls-cli-debug: fix EtM and extended master secret discovery + + In particular do not set the GNUTLS_NO_EXTENSIONS flag by default, + and only enable block ciphers for the EtM check. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Jul 13 06:40:08 2018 +0200 + + tests: improved unit test of gnutls-cli-debug + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Jul 12 09:20:57 2018 +0200 + + gnutls-cli-debug: generalized cipher tests + + That is, tests now check for either the 128-bit or the 256-bit + of the cipher consistently. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Jul 12 09:19:13 2018 +0200 + + gnutls-cli-debug: removed legacy tests no longer applicable + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Jul 12 09:17:11 2018 +0200 + + gnutls-cli-debug: detect TLS1.3 support + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Jul 11 21:26:05 2018 +0200 + + gnutls-cli-debug: when testing servers enable all ciphers + + Resolves #515 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Daiki Ueno +Date: Tue Jul 3 11:33:21 2018 +0200 + + doc: update for TLS 1.3 + + Signed-off-by: Daiki Ueno + +Author: Nikos Mavrogiannopoulos +Date: Mon Jul 2 09:56:35 2018 +0200 + + _gnutls13_recv_async_handshake: process multiple and split handshake messages + + It is permitted to concatenate multiple async handshake messages in a single + record message as well as split large messages (NST) into multiple records. + Modified _gnutls13_recv_async_handshake() to process them correctly, instead + of assuming that they are formatted as one message per record. + + Resolves #510 + Resolves #504 + + Relates #511 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Jul 2 10:18:23 2018 +0200 + + tests: check whether multiple tickets can be sent/received + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Jul 2 10:11:41 2018 +0200 + + gnutls_session_ticket_send: allow sending multiple tickets in one go + + This allows combining the tickets in a single record message when + possible. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Jul 4 07:42:44 2018 +0200 + + tests: handshake-timeout: use virt_sec_sleep() to avoid long delays in test + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Jul 2 16:28:28 2018 +0200 + + generate_session_ticket: tickets cannot extend the original session time + + That is, on a resumed session the server would not issue new tickets + that would have extended the lifetime of the originally issued ticket. + + Resolves #476 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Jul 3 18:42:01 2018 +0200 + + pre_shared_key: do not send extension when no identities are present + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Jul 2 20:25:40 2018 +0200 + + tests: corrected priority strings in session-tickets-ok and other cleanups + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Jul 3 10:22:04 2018 +0200 + + doc: mention session ticket behavior under TLS1.3 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Jul 2 16:29:04 2018 +0200 + + generate_session_ticket: use a 4-byte nonce by default + + It is not necessary to use large nonces. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Jul 2 16:22:04 2018 +0200 + + pre_shared_key: use time_t type for ticket_age variable + + This is guarranteed to allow negative values, and also be 32-bits. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Jul 2 16:19:35 2018 +0200 + + generate_session_ticket: fixed comment + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Dmitry Eremin-Solenikov +Date: Mon Jul 9 18:21:20 2018 +0300 + + lib: document digest and paramset in gost key import functions + + Document behaviour of gnutls_pubkey_import_gost_raw, + gnutls_privkey_import_gost_raw and gnutls_x509_privkey_import_gost_raw. + + Signed-off-by: Dmitry Eremin-Solenikov + +Author: Dmitry Eremin-Solenikov +Date: Mon Jul 9 14:22:34 2018 +0300 + + lib/x509: use new function to deduce default GOST paramset + + Use new _gnutls_gost_paramset_default() function to deduce default GOST + paramset, instead of hardcoding if/else in several places. + + Signed-off-by: Dmitry Eremin-Solenikov + +Author: Dmitry Eremin-Solenikov +Date: Mon Jul 9 14:02:14 2018 +0300 + + lib: remove undefined behaviour when handling GOST paramset + + Initial version of GOST patchset used param < 0 to represent unknown + value. Later special enum entry GNUTLS_GOST_PARAMSET_UNKNOWN was + introduced. Fix several leftovers comparing params to 0 directly. + + Closes #505. + + Signed-off-by: Dmitry Eremin-Solenikov + +Author: Nikos Mavrogiannopoulos +Date: Mon Jul 9 12:40:59 2018 +0200 + + updated auto-generated files + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Jun 25 10:36:18 2018 +0200 + + gnutls_priority_init2,gnutls_set_default_priority_append: introduced + + This allows enhancing the default priority with additional + options, allowing an application to introduce stricter (or weaker) + settings without requiring it to override all settings. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sat Jul 7 19:52:04 2018 +0200 + + doc update [ci skip] + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sat Jul 7 19:48:14 2018 +0200 + + doc update [ci skip] + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Andreas Metzler +Date: Sat Jul 7 14:20:01 2018 +0200 + + configure: Fix progress message for --enable-tls13-support + + Signed-off-by: Andreas Metzler + +Author: Nikos Mavrogiannopoulos +Date: Sat Jul 7 10:21:51 2018 +0200 + + tests: tls-fuzzer-alpn: operate on random port + + This allows parallel run of the test with other tlsfuzzer tests. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Jul 3 08:49:06 2018 +0200 + + configure: added option --enable-tls13-support + + The new option enables TLS1.3 draft-28 support unconditionally. + Updated the test suite to run when TLS1.3 is enabled by default, + and added a CI run with TLS1.3 enabled. + + Resolves #424 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Jul 3 11:45:31 2018 +0200 + + _gnutls_figure_common_ciphersuite: apply rfc7919 requirements only under TLS1.2 + + Under TLS1.3 there is no requirement to return insufficient security depending + on the FFDHE group negotiation. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Jul 3 09:06:27 2018 +0200 + + supported_versions: do not parse in server side when TLS1.3 is disabled + + This allows a server to negotiate older versions using the previous TLS + negotiation scheme. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Jul 3 08:31:13 2018 +0200 + + protocols: bumped TLS1.3 protocol to draft-28 + + Resolves #506 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Jul 4 10:08:06 2018 +0200 + + tests: mini-record-timing: avoid warning for too large stack usage + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Jul 2 11:47:34 2018 +0200 + + tlsfuzzer: updated to include RSA and RSA-PSS related tests + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Jul 2 08:32:52 2018 +0200 + + sign_supports_cert_pk_algorithm: corrected check for RSAE-PSS + + If the signature algorithm sets the `cert_pk` field, ignore the + `pk` field completely. Not doing that would make the RSAE signature + algorithms with RSA-PSS certificates which is against the intended + use of `cert_pk`. + + Resolves #500 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Jul 2 14:12:48 2018 +0200 + + tlsproxy: included but not as submodule + + This allows updating the example when necessary within the repository + and reduces the amount of external dependencies for CI. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Jul 2 14:12:15 2018 +0200 + + tlsproxy: removed submodule + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sun Jul 1 21:03:28 2018 +0200 + + tests: introduced tests about crypto API failures on illegal use + + This ensures that any mistakes in using the crypto API are propagated + to the higher level calls, or result to an abort(). + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sun Jul 1 12:49:55 2018 +0200 + + gnutls_aead_cipher_encryptv: eliminate signed/unsigned warnings under x86 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sun Jul 1 22:00:09 2018 +0200 + + accelerated: error on the cases where the nettle API would have errored + + This ensures that illegal uses of the API would be propagated to + the higher levels. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sun Jul 1 22:08:16 2018 +0200 + + gnutls_cipher_add_auth: propagate error codes + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sun Jul 1 11:27:48 2018 +0200 + + certtool: properly print an int64_t value + + Also included the gnulib inttype module for portability. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sun Jul 1 11:24:16 2018 +0200 + + certtool: print information on time_t restrictions on failure + + This informs the user of the tool why dates after 2038 cannot + be expressed on systems with a 32-bit time_t. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sat Jun 30 16:49:53 2018 +0200 + + tests: verify that certtool operates as expected with dates after 2038 + + That is, whether it works with a time_t of 64-bit size, and fails + with a time_t of 32-bit size. + + Resolves #370 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sun Jul 1 12:39:28 2018 +0200 + + tests: check explicitly the size of time_t + + Previously we were disabling the 2038 tests on 32-bit systems, + but there can be 32-bit systems with a 64-bit time_t. Ensure + that we run the right tests. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sat Jun 30 16:48:54 2018 +0200 + + tests: better guarding of variable SKIP_DATEFUDGE_CHECK + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Jun 27 21:31:43 2018 +0200 + + tests: ignore PIPE signal on TLS1.3-related tests + + This was inadvertently omitted and that could cause unexpected + issues when one of the peers would close the connection earlier + than expected. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Jun 27 15:00:13 2018 +0200 + + tests: check for GNUTLS_E_GOT_APPLICATION_DATA on post-handshake auth + + That is, check whether GNUTLS_E_GOT_APPLICATION_DATA is received as + documented, and whether post-handshake auth can complete while this + is being sent. + + Resolves #490 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Jun 27 14:38:40 2018 +0200 + + post-handshake: return GNUTLS_E_GOT_APPLICATION_DATA as documented to + + Relates #490 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Jun 27 13:57:11 2018 +0200 + + tests: introduced test for post-handshake auth + PSK + + Relates #489 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Jun 27 14:19:02 2018 +0200 + + tls13 handshake: allow certificate messages after handshake + + This allows post-handshake authentication even when PSK + is negotiated. + + Resolves #489 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Jun 27 13:41:13 2018 +0200 + + gnutls_session_get_flags: introduced GNUTLS_SFLAGS_POST_HANDSHAKE_AUTH + + This allows a server application to detect whether the client + would support post handshake authentication or not without initiating + via gnutls_reauth(). + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Jul 2 08:10:45 2018 +0200 + + gnutls-serv: make --disable-client-cert and --require-client-cert options incompatible + + That is refuse to run when both options are specified. + + Resolves #502 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Jun 29 22:40:27 2018 +0200 + + tests: verify whether GNUTLS_TLS_VERSION_MAX is negotiated on default mode + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Tim Rühsen +Date: Fri Jun 29 10:33:18 2018 +0200 + + Fixes + cleanups for .gitlab-ci.yml + +Author: Nikos Mavrogiannopoulos +Date: Wed Jun 27 21:46:24 2018 +0200 + + p11tool: remove duplicate branch + + The GNUTLS_PKCS11_OBJ_ATTR_MATCH and GNUTLS_PKCS11_OBJ_ATTR_ALL + attributes are the same, so there is no need to handle them + separately. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Tim Rühsen +Date: Tue Jun 26 12:50:30 2018 +0200 + + Add strdup-posix gnulib module + + Some files in gl/tests won't build in environments without + strdup(), e.g. MinGW on Debian. The gnulib docs advise to + explicitly add the module. + + Signed-off-by: Tim Rühsen + +Author: Nikos Mavrogiannopoulos +Date: Thu Jun 21 11:29:19 2018 +0200 + + testcompat-tls13-openssl: fix openssl interactions + + * Do not require certificate validation on tests where no certificate is sent + * Rekey test performs data transfer after re-key + + This introduces a dependency on the expect package for testing, and + updates openssl to address an issue in post-handshake auth interop + testing. + + Resolves #488 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Jun 22 14:14:07 2018 +0200 + + gnutls-serv: when post-handshake auth is asked; require a certificate + + This allows testing post-handshake authentication using gnutls-serv. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Jun 21 15:05:40 2018 +0200 + + key update: corrected generation of keys + + Resolves #485 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Jun 21 08:46:04 2018 +0200 + + gnutls-cli: wait for all server data prior to closing connection + + This cleans-up the existing code which was disfunctional and + allows detecting errors which happen after we transmit data + to the server. + + Relates #485 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Jun 27 13:34:16 2018 +0200 + + .gitignore: added new test executables + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Jun 27 13:27:39 2018 +0200 + + tests: eliminated compiler warnings + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Dmitry Eremin-Solenikov +Date: Tue Jun 26 16:02:45 2018 +0300 + + Update .gitignore files according to bootstrap + + Signed-off-by: Dmitry Eremin-Solenikov + +Author: Dmitry Eremin-Solenikov +Date: Tue Jun 26 15:22:49 2018 +0300 + + src: fix regenerating autogen files if builddir = srcdir + + Signed-off-by: Dmitry Eremin-Solenikov + +Author: Rolf Eike Beer +Date: Tue Jun 26 15:18:36 2018 +0200 + + convert from milliseconds to timespec without loop + + Signed-off-by: Rolf Eike Beer + +Author: Rolf Eike Beer +Date: Tue Jun 26 15:02:51 2018 +0200 + + use timespec_sub_ms() instead of open coding it + + Signed-off-by: Rolf Eike Beer + +Author: Rolf Eike Beer +Date: Tue Jun 26 14:59:54 2018 +0200 + + avoid overflow when substracting timespecs if rdtsc is not available + + This may still overflow on platforms where unsigned long is 32 bit (e.g. 32 bit + Un*x, any Windows) when the delta is more than 4 seconds. + + Signed-off-by: Rolf Eike Beer + +Author: Dmitry Eremin-Solenikov +Date: Tue Jun 26 11:38:58 2018 +0300 + + lib/nettle/gost: support building with mini-nettle/mini-gmp + + Do not depend directly on gmp.h. + + Closes: #497 + + Signed-off-by: Dmitry Eremin-Solenikov + +Author: Rolf Eike Beer +Date: Tue Jun 26 09:39:19 2018 +0200 + + avoid rounding errors and overflows when substracting timespecs + + The current Unix time will cause overflows if multiplied with 1000, which could + lead to rounding errors afterwards. Do the substractions first so all numbers + stay small enough to fit into unsigned ints. + + Signed-off-by: Rolf Eike Beer + +Author: Nikos Mavrogiannopoulos +Date: Mon Jun 25 12:30:55 2018 +0200 + + wrap_nettle_pk_generate_keys: retry on provable key generation + + This resolves issue with occasional failures under RSA key generation + in FIPS140-2 mode. + + Resolves #283 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Tim Rühsen +Date: Sat Jun 23 15:11:17 2018 +0200 + + Let ./bootstrap sync from translationproject.org + + This makes manual updating of the translations obsolete. + From now on, builds and tarballs will always have the latest translations + included. + + We should not forget to inform translationproject.org to update the + translations before a release. How to do that is described at + https://translationproject.org/html/maintainers.html (6. Announcing). + +Author: Nikos Mavrogiannopoulos +Date: Tue Jun 26 02:38:51 2018 +0200 + + gnutls_session_get_desc: fixed desc printing of custom groups + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Jun 25 10:06:25 2018 +0200 + + doc update [ci skip] + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sun Jun 24 21:46:15 2018 +0200 + + aarch64: use getauxval() if available to discover cpu caps + + This improves CPU detection by avoiding the parsing of + of a human-readable file and allows operation under debian + multilib qemu setup. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sun Jun 24 21:50:15 2018 +0200 + + .gitlab-ci.yml: no need for submodule update on cross-builds + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Jun 18 13:14:03 2018 +0200 + + .gitlab-ci.yml: use qemu for aarch64 testing + + This eliminates the need (and costs) to maintain a separate baremetal + system. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sun Jun 24 08:27:00 2018 +0200 + + .gitlab-ci.yml: corrected typo + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sun Jun 24 08:06:55 2018 +0200 + + .gitlab-ci.yml: skip submodule initialization when not necessary + + This prevents unnecessary download of submodules on CI. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sun Jun 24 06:51:14 2018 +0200 + + .gitlab-ci.yml: updated x86 CI builds with better datefudge detection + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sun Jun 24 06:58:37 2018 +0200 + + .gitlab-ci.yml: debian stretch build replaced by buster + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sat Jun 23 19:38:26 2018 +0200 + + doc update [ci skip] + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sat Jun 23 19:35:13 2018 +0200 + + doc update [ci skip] + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Dmitry Eremin-Solenikov +Date: Fri Jun 15 13:38:44 2018 +0300 + + tests: add PKCS#12 test script for GOST 28147-89-encrypted files + + Signed-off-by: Dmitry Eremin-Solenikov + +Author: Dmitry Eremin-Solenikov +Date: Fri Jun 15 13:06:41 2018 +0300 + + certtool: honour --hash option when generating PKCS#12 files + + Use algorithm specified with --hash option when generating MAC for + PKCS#12 file, allowing user to select algorithms other than SHA-1. + + Signed-off-by: Dmitry Eremin-Solenikov + +Author: Dmitry Eremin-Solenikov +Date: Sun Sep 24 10:31:39 2017 +0300 + + tests: expand pkcs7 test to also check GOST files + + Signed-off-by: Dmitry Eremin-Solenikov + +Author: Dmitry Eremin-Solenikov +Date: Sat Sep 23 22:51:19 2017 +0300 + + test: test GOST keys import/export + + Signed-off-by: Dmitry Eremin-Solenikov + +Author: Dmitry Eremin-Solenikov +Date: Sat Sep 23 21:40:34 2017 +0300 + + certtool: ask if certificate will be used for data encryption + + Signed-off-by: Dmitry Eremin-Solenikov + +Author: Dmitry Eremin-Solenikov +Date: Sat Sep 23 21:37:18 2017 +0300 + + tests: add common gost certificates for tests + + Signed-off-by: Dmitry Eremin-Solenikov + +Author: Dmitry Eremin-Solenikov +Date: Tue Dec 6 03:57:24 2016 +0300 + + Support key matching with GOST keys + + GOST keys do not support signing non-GOST hashes, so use correct digest + algorithm when verifying that GOST public and private keys match. + + Signed-off-by: Dmitry Eremin-Solenikov + +Author: Dmitry Eremin-Solenikov +Date: Sat Nov 26 04:51:41 2016 +0300 + + Add generated GOST credentials for tests + + Signed-off-by: Dmitry Eremin-Solenikov + +Author: Dmitry Eremin-Solenikov +Date: Mon Nov 21 20:58:00 2016 +0300 + + Use GOST R 34.11-94 when generating key for PKCS data to be encrypted with GOST 28147-89 + + Signed-off-by: Dmitry Eremin-Solenikov + +Author: Dmitry Eremin-Solenikov +Date: Mon Nov 21 20:52:43 2016 +0300 + + certtool: support generating GOST-encrypted PKCS#8/12 files + + Signed-off-by: Dmitry Eremin-Solenikov + +Author: Dmitry Eremin-Solenikov +Date: Fri Nov 18 00:23:54 2016 +0300 + + Add gost certificates to chainverify tests + + Signed-off-by: Dmitry Eremin-Solenikov + +Author: Dmitry Eremin-Solenikov +Date: Thu Nov 17 10:47:16 2016 +0300 + + Expand x509 sign/verify test with GOST algorithms + + Signed-off-by: Dmitry Eremin-Solenikov + +Author: Dmitry Eremin-Solenikov +Date: Thu Nov 17 10:22:11 2016 +0300 + + oids: expand to include GOST digests/signatures + + Signed-off-by: Dmitry Eremin-Solenikov + +Author: Dmitry Eremin-Solenikov +Date: Tue Aug 29 17:44:10 2017 +0300 + + tests: privkey-keygen: adapt to support GOST algorithms + + Signed-off-by: Dmitry Eremin-Solenikov + +Author: Dmitry Eremin-Solenikov +Date: Mon Oct 24 20:56:46 2016 +0300 + + Support GOST private keys generation + + Signed-off-by: Dmitry Eremin-Solenikov + +Author: Dmitry Eremin-Solenikov +Date: Fri Oct 21 18:01:20 2016 +0300 + + certtool: support dumping GOST private key information + + Signed-off-by: Dmitry Eremin-Solenikov + +Author: Dmitry Eremin-Solenikov +Date: Fri Oct 21 17:38:57 2016 +0300 + + Add several DN entry definitions used by qualified GOST signatures + + Signed-off-by: Dmitry Eremin-Solenikov + +Author: Dmitry Eremin-Solenikov +Date: Mon Aug 28 14:34:33 2017 +0300 + + certool: export GOST privkeys only in PKCS#8 format + + Signed-off-by: Dmitry Eremin-Solenikov + +Author: Dmitry Eremin-Solenikov +Date: Wed Nov 9 14:19:58 2016 +0300 + + Add support for PKCS12 files using GOST MAC + + Local PKCS12-based standard derives from RFC 7292 (PKCS #12) in using + PBKDF2 to generate MAC key rather than using PKCS12 scheme. + + Signed-off-by: Dmitry Eremin-Solenikov + +Author: Dmitry Eremin-Solenikov +Date: Wed Nov 9 14:02:56 2016 +0300 + + Add support for PBES2/PBKDF2 using GOST algorithms + + Signed-off-by: Dmitry Eremin-Solenikov + +Author: Dmitry Eremin-Solenikov +Date: Sat Jan 28 06:01:01 2017 +0300 + + Support PKCS#12 key derivation with GOST digests + + Signed-off-by: Dmitry Eremin-Solenikov + +Author: Dmitry Eremin-Solenikov +Date: Fri Oct 21 17:56:04 2016 +0300 + + Add support for importing/exporting GOST private keys + + Signed-off-by: Dmitry Eremin-Solenikov + +Author: Dmitry Eremin-Solenikov +Date: Mon Sep 18 12:54:12 2017 +0300 + + Support importing/exporting X.509 GOST public keys + + Signed-off-by: Dmitry Eremin-Solenikov + +Author: Dmitry Eremin-Solenikov +Date: Fri Oct 21 04:43:35 2016 +0300 + + Add ASN.1 definitions for GOST keys + + Signed-off-by: Dmitry Eremin-Solenikov + +Author: Dmitry Eremin-Solenikov +Date: Fri Oct 21 04:07:36 2016 +0300 + + nettle: add support for GOST 34.10 public keys + + There is no support for GOST public keys derivation, as it is used only + for TLS or PKCS#7 with encrypted content. + + Signed-off-by: Dmitry Eremin-Solenikov + +Author: Dmitry Eremin-Solenikov +Date: Fri Oct 21 17:05:38 2016 +0300 + + Add few functions to support basic operations with GOST public keys + + Signed-off-by: Dmitry Eremin-Solenikov + +Author: Dmitry Eremin-Solenikov +Date: Fri Oct 21 04:02:30 2016 +0300 + + Add declarations for GOST R 34.10 signatures + + Signed-off-by: Dmitry Eremin-Solenikov + +Author: Dmitry Eremin-Solenikov +Date: Fri Oct 21 03:55:10 2016 +0300 + + Define GOST R 34.10 curves + + Signed-off-by: Dmitry Eremin-Solenikov + +Author: Dmitry Eremin-Solenikov +Date: Fri Oct 21 04:00:21 2016 +0300 + + Add declarations to support GOST public keys + + Signed-off-by: Dmitry Eremin-Solenikov + +Author: Dmitry Eremin-Solenikov +Date: Tue Nov 29 05:28:17 2016 +0300 + + Add support for I/O of little-endian MPI + + Signed-off-by: Dmitry Eremin-Solenikov + +Author: Dmitry Eremin-Solenikov +Date: Tue Nov 29 05:30:10 2016 +0300 + + nettle: add support for unsigned LE MPIs + + Signed-off-by: Dmitry Eremin-Solenikov + +Author: Dmitry Eremin-Solenikov +Date: Fri Oct 21 04:05:41 2016 +0300 + + nettle: add support for GOST 34.11 hash functions + + Add support for GOST R 34.11-94 and Streebog (256/512) functions. + + Signed-off-by: Dmitry Eremin-Solenikov + +Author: Dmitry Eremin-Solenikov +Date: Fri Oct 21 04:05:07 2016 +0300 + + nettle: support GOST28147-89 in CFB mode + + Signed-off-by: Dmitry Eremin-Solenikov + +Author: Dmitry Eremin-Solenikov +Date: Thu Oct 27 03:18:32 2016 +0300 + + Add declarations for GOST 28147-89 cipher in CFB mode + + Signed-off-by: Dmitry Eremin-Solenikov + +Author: Dmitry Eremin-Solenikov +Date: Fri Oct 21 03:57:17 2016 +0300 + + Add declarations for GOST R 34.11 (-94 and -2012) digest algorithms + + Signed-off-by: Dmitry Eremin-Solenikov + +Author: Dmitry Eremin-Solenikov +Date: Tue Aug 29 15:12:53 2017 +0300 + + Import GOST-supporting part from Nettle pending patches + + Nettle upstream takes significant time to accept GOST-related patches. + As per Nikos' suggestion, push relevant parts to GnuTLS, so that they + can be tested in wild at the same time supporting GOST ciphersuite code. + + Signed-off-by: Dmitry Eremin-Solenikov + +Author: Dmitry Eremin-Solenikov +Date: Sun Sep 17 20:57:52 2017 +0300 + + .gitlab-ci.yml: disable gost in minimal build + + Signed-off-by: Dmitry Eremin-Solenikov + +Author: Dmitry Eremin-Solenikov +Date: Wed Oct 26 22:34:17 2016 +0300 + + Add configure argument to disable GOST support + + Signed-off-by: Dmitry Eremin-Solenikov + +Author: Nikos Mavrogiannopoulos +Date: Tue Jun 12 10:16:10 2018 +0200 + + _gnutls_parse_hello_extensions: enforce that pre-shared-key extension is last + + This is a requirement in draft-ietf-tls-tls13-28 4.2.11 section: + The "pre_shared_key" extension MUST be the last extension in the + ClientHello (this facilitates implementation as described below). + Servers MUST check that it is the last extension and otherwise fail + the handshake with an "illegal_parameter" alert. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Jun 12 10:01:22 2018 +0200 + + tests: check whether we send the pre-shared key extension after dumbfw + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Jun 12 09:35:16 2018 +0200 + + tests: corrected typo in comment + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Jun 8 10:48:32 2018 +0200 + + extensions: corrected order of pre-shared-key and dumbfw + + The pre-shared-key MUST always be last under TLS1.3 while the + dumbfw extension should be last in order to do proper evaluation + of extension size (gnutls requirement). As such the protocol + requirement takes precedence. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Tim Rühsen +Date: Tue Jun 19 13:21:44 2018 +0200 + + Fix test code for -Werror + +Author: Nikos Mavrogiannopoulos +Date: Tue Jun 19 14:59:33 2018 +0200 + + tests: updated supplemental tests for TLS1.3 + + This includes tests that verify that TLS1.3 is not negotiated + when supplemental data are set in client and/or server side. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Jun 19 16:03:52 2018 +0200 + + gnutls_supplemental_register: disable TLS 1.3 globally + + This allows using the registered supplemental data handlers, since + these are not used under TLS 1.3. + + Resolves #479 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Jun 19 14:42:13 2018 +0200 + + gnutls_session_supplemental_register: disable TLS1.3 when set + + This allows using the registered supplemental data handlers, since + these are not used under TLS 1.3. + + Resolves #479 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Tim Rühsen +Date: Tue Jun 19 12:02:13 2018 +0200 + + Remove oss-fuzz copora from tarball + + The size of the corpora is huge and not needed for normal builds. + + This patch also fixes test run issues on Windows. + +Author: Nikos Mavrogiannopoulos +Date: Wed Jun 20 13:20:27 2018 +0200 + + gnutls-cli: introduce the rekey1 inline command + + That allows performing a rekey locally and with the + peer. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Jun 18 11:33:34 2018 +0200 + + document new behavior on safe padding removal + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Jun 18 11:22:36 2018 +0200 + + record: fail with invalid request when attempting to send no pad and no data + + Previously we were returning an internal error which seems to be incorrect + in that case. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Jun 18 11:15:56 2018 +0200 + + tests: enhance padding check + + This introduces tests for zero-data transfers with padding as well + as padding and de-padding with safe padding flag set. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Jun 18 11:03:40 2018 +0200 + + gnutls-cli: added CCM run under TLS1.2 in benchmark mode + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Jun 18 11:00:39 2018 +0200 + + cipher: made TLS1.3 safe padding check optional + + This patch introduces the gnutls_init() flag GNUTLS_SAFE_PADDING_CHECK + which makes the TLS1.3 safe padding check optional. That way applications + which do not utilize the TLS1.3 padding do not get penalized by the performance + drop in TLS1.3 packet processing. This addresses a regression in TLS1.3 + packet processing performance. + + Resolves: #466 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Jun 19 13:16:13 2018 +0200 + + gnutls_session_get_id: document restrictions + + This documents the fact that a TLS session ID cannot be relied + to be unique or to even have a meaningful value. + + Resolves #484 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Jun 19 13:08:27 2018 +0200 + + tests: verify that resumed session ID matches original + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Dmitry Eremin-Solenikov +Date: Tue Jun 19 18:23:14 2018 +0300 + + Makefile.am: move autogen files update to src/Makefile.am + + Move autogen'ed files update to src/Makefile.am to simplify code and + support out-of-tree builds. + + Signed-off-by: Dmitry Eremin-Solenikov + +Author: Dmitry Eremin-Solenikov +Date: Tue Jun 19 18:20:18 2018 +0300 + + Makefile.am: files-update: support out-of-tree builds + + Signed-off-by: Dmitry Eremin-Solenikov + +Author: Dmitry Eremin-Solenikov +Date: Tue Jun 19 11:26:09 2018 +0300 + + symbol-check: fix typo to make it work for out-of-tree builds + + Signed-off-by: Dmitry Eremin-Solenikov + +Author: Nikos Mavrogiannopoulos +Date: Sat Jun 16 15:46:25 2018 +0200 + + aarch64: update elf files to correspond to the macosx version + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sun Jun 10 14:08:54 2018 +0200 + + macosx: include aarch64 asm files + + Relates #475 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sat Jun 16 15:27:02 2018 +0200 + + Makefile.am: abi-check: fetch fresh tags + + This addresses the issue of failed abi-check CI runs on + forked repositories. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Jun 18 15:10:32 2018 +0200 + + drbg-aes: removed the continuous DRBG checks + + These are no longer necessary for FIPS140-2 compliance. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Tim Rühsen +Date: Fri Jun 15 19:39:22 2018 +0200 + + Fix usage of 'autoreconf' + + 'autoreconf' created a different configure script than ./bootstrap. + The result was a broken wchar.h that failed to compile. + + The work-around was 'autoreconf -I gl/m4' which is not what a developer + expects. This patch moves gl/m4/* to m4/ which is the default include dir + for autoreconf. + + Signed-off-by: Tim Rühsen + +Author: Martin Storsjo +Date: Thu Jun 14 12:53:42 2018 +0300 + + configure: Check for clock_gettime and fmemopen using a proper test + + Don't use AC_CHECK_FUNCS for these functions, but actually test by + including the real header that defines the functions. This allows + the macOS version selection work as intended, making the references + to these functions weak if targeting a version of macOS where these + functions aren't available. Thanks to -no_weak_imports, these weak + references end up in failed linker tests, marking the functions as + unavailable. + + This fixes issue #142. + + Signed-off-by: Martin Storsjo + +Author: Martin Storsjo +Date: Thu Jun 14 12:52:03 2018 +0300 + + configure: Include sys/random.h before checking for getentropy on macOS + + This function is available since macOS 10.12, but it's in + sys/random.h on macOS, contrary to the other platforms supporting + it where it is present in unistd.h. + + If we don't include the right header that declares the function + and its availability, the configure check would succeed even if + targeting older versions of macOS that lacks the function. + + Also include the same header in the source file that actually + uses getentropy. + + Signed-off-by: Martin Storsjo + +Author: Martin Storsjo +Date: Thu Jun 14 12:36:10 2018 +0300 + + configure: Pass -no_weak_imports to the linker, if supported + + This avoids linking to functions that aren't available in the + lowest targeted macOS version. + + If the proper header declaring a function is included, and + gnutls is built with -mmacosx-version-min or the + MACOSX_DEPLOYMENT_TARGET environment variable is set, each + reference to a function that doesn't exist in the minimum + targeted version will be made a weak reference, so that loading + the binary still works, but the function pointer will resolve + to NULL if running on a version of the platform that lacks it. + + Since this project doesn't do such runtime checks for functions + it expects to have available, we should instead add this linker + option to fail on the weak references. This allows autoconf to + work as intended, detecting that these functions aren't usable. + + This flag appeared in Xcode 8, so check for its availability + before using it. (Xcode 8 and the 10.12 SDK is coincidentally + the release where most relevant new functions appeared, so with + older Xcode versions, the modern platform functions we might want + to avoid don't exist.) + + See issue #142. + + Signed-off-by: Martin Storsjo + +Author: Martin Storsjo +Date: Thu Jun 14 13:47:41 2018 +0300 + + configure: Remove a duplicate check for fmemopen + + The duplicate was added in 5bb8a18b without any specific reasoning + as to why. + + Signed-off-by: Martin Storsjo + +Author: Daiki Ueno +Date: Wed Jun 13 17:50:20 2018 +0200 + + tlsfuzzer: update to the latest version + + Also enable test-tls13-hrr.py. + + Signed-off-by: Daiki Ueno + +Author: Daiki Ueno +Date: Wed Jun 13 17:47:50 2018 +0200 + + _gnutls13_handshake_server: send CCS immediately after HRR + + In the TLS 1.3 middlebox compatibility mode, CCS follows the first + handshake message sent from the server, that is either SH or HRR. + + Signed-off-by: Daiki Ueno + +Author: Nikos Mavrogiannopoulos +Date: Thu Jun 14 13:43:30 2018 +0200 + + _gnutls13_handshake_server: corrected transition when post_handshake callback is set + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Daiki Ueno +Date: Wed Jun 13 17:43:32 2018 +0200 + + _gnutls_send_change_cipher_spec: don't cache under TLS 1.3 + + Under TLS 1.3, when the server sent HRR, CCS may be followed by + receiving ClientHello. In that case, the messsage shouldn't be + cached. + + Signed-off-by: Daiki Ueno + +Author: Nikos Mavrogiannopoulos +Date: Sun Jun 10 11:42:10 2018 +0200 + + abi-check skip session::set_transport_vec_push_function + + This prevents an abi-compliance checker error when run under + gcc8 (though this error is not there under any other gcc). + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sun May 27 15:13:47 2018 +0200 + + corrected check for iovec types in libc + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sat Jun 2 22:23:29 2018 +0200 + + updated auto-generated files + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sat Jun 2 22:15:58 2018 +0200 + + gnutls-cli: benchmark for TLS1.3 and TLS1.2 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sat Jun 2 21:37:00 2018 +0200 + + cipher: use gnutls_aead_cipher_encryptv + + This eliminates the need of a memory allocation during each + packet encryption when no padding is done. + + Relates #458 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sat Jun 2 21:25:10 2018 +0200 + + gnutls_aead_cipher_encryptv: introduced + + This API allows encryption using a scatter input, by also + taking advantage of ciphers which are optimized for such input. + That is particularly useful under TLS1.3 since its encryption is + based on encryption of scattered data (data+pad). + + Resolves #458 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sat Jun 2 21:23:41 2018 +0200 + + MAX_CIPHER_BLOCK_SIZE: increased to 64-bytes for CHACHA20 + + This was not necessary since that value was only used by block + (in TLS sense) ciphers, but that definition could also be used + for the CHACHA20. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Jun 14 14:51:23 2018 +0200 + + configure: reduce warnings about implicit-fallthrough [ci skip] + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Jun 14 13:22:03 2018 +0200 + + gnutls_alert_send_appropriate: fix type + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Jun 14 13:18:54 2018 +0200 + + README-ci.freebsd.md: updated for new build method with gnulib [ci skip] + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Tim Rühsen +Date: Wed Jun 6 09:45:32 2018 +0200 + + Use $(MAKE) instead of make + + Signed-off-by: Tim Rühsen + +Author: Tim Rühsen +Date: Tue Jun 5 17:06:05 2018 +0200 + + distclean temp. test files for 'make distcheck' + + Signed-off-by: Tim Rühsen + +Author: Tim Rühsen +Date: Tue Jun 5 10:58:10 2018 +0200 + + Add DISTCLEANFILES to src/Makefile.am to fix 'make distcheck' + + Signed-off-by: Tim Rühsen + +Author: Tim Rühsen +Date: Mon Jun 4 16:15:07 2018 +0200 + + Fix creation of ChangeLog for 'make distcheck' + + Signed-off-by: Tim Rühsen + +Author: Tim Rühsen +Date: Mon Jun 4 11:56:57 2018 +0200 + + Fix 'compare-makefile' make target for 'make distcheck' + + Signed-off-by: Tim Rühsen + +Author: Tim Rühsen +Date: Mon Jun 4 11:33:18 2018 +0200 + + Fix 'compare-exported' make target for 'make distcheck' + + Signed-off-by: Tim Rühsen + +Author: Tim Rühsen +Date: Thu May 31 13:20:51 2018 +0200 + + Fix distcheck issues + + Signed-off-by: Tim Rühsen + +Author: Tim Rühsen +Date: Mon May 21 16:25:20 2018 +0200 + + Fix gcc 8 warnings + + Signed-off-by: Tim Rühsen + +Author: Tim Rühsen +Date: Sat May 19 13:24:58 2018 +0200 + + Fix CI testing -Werror + + Signed-off-by: Tim Rühsen + +Author: Tim Rühsen +Date: Sat May 19 10:19:32 2018 +0200 + + Skip sc_prohibit_always_true_header_tests + + We can't simply remove the checks for HAVE_SYS_SOCKET_H. + If we do, we have to make checks on real WIN32, which + is currently not an option. + So we skip sc_prohibit_always_true_header_tests. + + Signed-off-by: Tim Rühsen + +Author: Tim Rühsen +Date: Sat May 19 09:37:24 2018 +0200 + + Fix sc_prohibit_always-defined_macros + + Signed-off-by: Tim Rühsen + +Author: Tim Rühsen +Date: Fri May 18 23:23:26 2018 +0200 + + Avoid certain gnulib tests + + Signed-off-by: Tim Rühsen + +Author: Tim Rühsen +Date: Fri May 18 23:10:16 2018 +0200 + + Update GTK-DOC check in configure.ac + + Signed-off-by: Tim Rühsen + +Author: Tim Rühsen +Date: Wed Jun 6 09:19:45 2018 +0200 + + Use ./bootstrap in .gitlab-ci.yml + + Signed-off-by: Tim Rühsen + +Author: Tim Rühsen +Date: Fri May 18 20:31:31 2018 +0200 + + Add bootstrap + bootstrap.conf + + Signed-off-by: Tim Rühsen + +Author: Tim Rühsen +Date: Fri May 18 20:06:16 2018 +0200 + + Add gnulib submodule + + Signed-off-by: Tim Rühsen + +Author: Dmitry Eremin-Solenikov +Date: Wed Jun 13 12:12:18 2018 +0300 + + nettle: require Nettle library >= 3.4 + + Nettle version 3.4 was released more than a half year ago, require it to + compile GnuTLS library. It allows us to remove bundled code that was + merged into that release. + + Signed-off-by: Dmitry Eremin-Solenikov + +Author: Daiki Ueno +Date: Tue Jun 12 13:01:17 2018 +0200 + + .gitlab-ci.yml: fix artifact paths for TLS1.3/interop + + Signed-off-by: Daiki Ueno + +Author: Nikos Mavrogiannopoulos +Date: Tue Jun 12 09:12:07 2018 +0200 + + tlsfuzzer-tls13: use a random port for testing + + That eliminates the need for locking and allows parallel runs. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Daiki Ueno +Date: Fri Jun 8 13:13:27 2018 +0200 + + tlsfuzzer: update to the latest version + + Also enable the TLS 1.3 tests. + + Signed-off-by: Daiki Ueno + +Author: Daiki Ueno +Date: Mon Jun 11 12:08:18 2018 +0200 + + buffers: remove redundant assignment + + Signed-off-by: Daiki Ueno + +Author: Daiki Ueno +Date: Mon Jun 11 10:51:16 2018 +0200 + + record: use correct alert type upon receiving empty Alert + + Signed-off-by: Daiki Ueno + +Author: Daiki Ueno +Date: Fri Jun 8 15:55:06 2018 +0200 + + record: improve empty message handling in TLS 1.3 + + Previously, _gnutls_recv_in_buffers() silently discarded empty + messages because such messages are used as a countermeasure to + vulnerabilities in the CBC mode. In TLS 1.3, however, there are only + AEAD ciphers and such logic is meaningless. Moreover, in the protocol + it is suggested to send "unexpected_message" alert when receiving + empty messages in certain occasions. This change moves the empty + message handling to record_add_to_buffers(). + + Signed-off-by: Daiki Ueno + +Author: Daiki Ueno +Date: Fri Jun 8 12:51:40 2018 +0200 + + record: fix padding removal when the payload is zero-length + + Previoysly if TLSInnerPlaintext.content is zero-length, the loop + couldn't detect ContentType following the content. + + Signed-off-by: Daiki Ueno + +Author: Nikos Mavrogiannopoulos +Date: Tue Jun 5 10:37:58 2018 +0200 + + priorities: introduced %FORCE_ETM + + This introduces a priority string option to force encrypt-then-mac + during negotiation, to prevent negotiating the legacy CBC ciphersuites. + + Resolves #472 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Jun 6 09:25:20 2018 +0200 + + priorities: hmac-sha256 ciphersuites were removed from defaults + + These ciphersuites are deprecated since the introduction of AEAD + ciphersuites, and are only necessary for compatibility with older + servers. Since older servers already support hmac-sha1 there is + no reason to keep these ciphersuites enabled by default, as they + increase our attack surface. + + Relates #456 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Jun 7 09:56:49 2018 +0200 + + cbc_mac_verify: require minimum padding under SSL3.0 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Jun 7 09:54:50 2018 +0200 + + cipher: separated CBC w/o EtM handling + + This would allow to further modify for more invasive work-arounds. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Jun 4 17:57:52 2018 +0200 + + dummy_wait: always hash the same amount of blocks that would have been on minimum pad + + This improves protection against lucky13-type of attacks when + encrypt-then-mac is not in use. + + Resolves #456 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon May 21 09:04:55 2018 +0200 + + cbc-record-check.sh: introduced + + That enhances the existing CBC check and adds sha384, uses PSK + to reduce handshake time, and other updates. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri May 18 15:43:36 2018 +0200 + + dummy_wait: correctly account the length field in SHA384 HMAC + + The existing lucky13 attack count-measures did not work correctly for + SHA384 HMAC. + + The overall impact of that should not be significant as SHA384 is prioritized + lower than SHA256 or SHA1 and thus it is not typically negotiated, unless a + client prioritizes a SHA384 MAC, or a server only supports SHA384, and in both + cases the vulnerability is only present if Encrypt-then-MAC (RFC7366) is unsupported + by the peer. + + Resolves #455 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Tim Rühsen +Date: Thu Jun 7 12:11:30 2018 +0200 + + Fix warnings seen on OpenCSW Solaris 10 + + Signed-off-by: Tim Rühsen + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Jun 8 08:56:23 2018 +0200 + + gnutls_session_get_data2: harmonize documentation with practice + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Tim Rühsen +Date: Wed Jun 6 12:45:13 2018 +0200 + + Fix variable overflow in TLS1.3 session ticket code + +Author: Daiki Ueno +Date: Fri Jun 1 15:04:49 2018 +0200 + + tls13/session_ticket: don't send ticket when no common KE modes + + When the server had received psk_key_exchange_modes extension which + doesn't have any overlap with the server configuration, omit to send + NewSessionTicket. + + Signed-off-by: Daiki Ueno + +Author: Daiki Ueno +Date: Tue Jun 5 14:08:26 2018 +0200 + + ext/psk_ke_modes: always send extension unless disabled in config + + With the psk_key_exchange_modes extension, clients can restrict the + key exchange modes for use with resumption and in that case the server + shouldn't send NewSessionTicket. This patch makes use of it to avoid + receiving useless tickets, by sending the psk_key_exchange_modes + extension unless PSK is completely disabled. + + A couple of tests need to be adjusted: tls13/prf to take into account + of the psk_key_exchange_modes extension sent, and tls13/no-psk-exts to + not treat the presence of the extension as error. + + Signed-off-by: Daiki Ueno + +Author: Tim Rühsen +Date: Wed May 23 22:26:20 2018 +0200 + + Add --enable-doc to DISTCHECK_CONFIGURE_FLAGS + + Make sure that 'make distcheck' works even if + './configure --disable-doc' has been used in the project dir. + + Signed-off-by: Tim Rühsen + +Author: Tim Rühsen +Date: Wed May 23 22:24:05 2018 +0200 + + Fix tests 'ocsp-must-staple-connection' and 'ocsp-tls-connection' + + Signed-off-by: Tim Rühsen + +Author: Tim Rühsen +Date: Wed May 23 22:22:27 2018 +0200 + + Fix tests/cert-tests/template-test for 'make distcheck' + + Signed-off-by: Tim Rühsen + +Author: Daiki Ueno +Date: Fri Jun 1 09:54:41 2018 +0200 + + ext/pre_shared_key: make PSK identity parsing robuster + + Previously, to determine whether a PSK identity is a ticket or a PSK + username, it relied on PskIdentity.obfuscated_ticket_age, which + "SHOULD" be 0 if the identity is a PSK username. + + This patch instead checks the key name of the ticket first and then + check the constraints of the PSK username. That way, it can + distinguish tickets and PSK usernames in a more realible manner. + + Signed-off-by: Daiki Ueno + +Author: Daiki Ueno +Date: Fri Jun 1 10:01:08 2018 +0200 + + _gnutls_decrypt_session_ticket: fail early on key name mismatch + + If the key name of the ticket doesn't match, we don't need to parse + the entire ticket. + + Signed-off-by: Daiki Ueno + +Author: Tom Vrancken +Date: Tue May 29 15:53:45 2018 +0200 + + Renamed extension supported ECC to supported groups. Fixes #451. + Split combined ECC extensions into different files. + + Signed-off-by: Tom Vrancken + +Author: Tim Rühsen +Date: Thu May 24 12:45:32 2018 +0200 + + Fix more warnings in tests/ + + To not introduce larger code changes, these bugs are mostly + fixed by #pragma understood by gcc and clang. + A check for the minimal gcc/clang version prevents warnings about + unknown pragmas with other or older compilers. + + Signed-off-by: Tim Rühsen + +Author: Tim Rühsen +Date: Thu May 24 09:49:34 2018 +0200 + + Fix warnings in test suite + + Fixes: + tls-ext-register.c:238:11: warning: unused variable 'i' [-Wunused-variable] + record-retvals.c:118:14: warning: unused variable 'vers' [-Wunused-variable] + record-retvals.c:347:1: warning: label 'next' defined but not used [-Wunused-label] + alerts.c:71:14: warning: unused variable 'vers' [-Wunused-variable] + alerts.c:71:11: warning: unused variable 'i' [-Wunused-variable] + alerts.c:160:11: warning: unused variable 'i' [-Wunused-variable] + send-client-cert.c:176:6: warning: no previous prototype for 'start' [-Wmissing-prototypes] + tls-session-supplemental.c:186:6: warning: unused variable 'optval' [-Wunused-variable] + tls-session-supplemental.c:184:7: warning: unused variable 'topbuf' [-Wunused-variable] + tls-session-supplemental.c:183:6: warning: unused variable 'err' [-Wunused-variable] + x509self.c:211:6: warning: unused variable 'optval' [-Wunused-variable] + x509self.c:208:7: warning: unused variable 'topbuf' [-Wunused-variable] + x509self.c:207:6: warning: unused variable 'err' [-Wunused-variable] + + Signed-off-by: Tim Rühsen + +Author: Nikos Mavrogiannopoulos +Date: Tue May 22 09:14:45 2018 +0200 + + tests: resume: check whether PSK username matches on resumption + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue May 22 09:04:32 2018 +0200 + + resumption: reduce session parameters stored under TLS1.3 + + That is, do not store extensions or security parameters which + depend on extension negotiation. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue May 15 16:35:32 2018 +0200 + + session_ticket: use random nonces + + Avoid using any time values in plain as this could allow association + of clients. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue May 15 16:03:23 2018 +0200 + + updated auto-generated files + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue May 15 14:14:55 2018 +0200 + + doc: mention changes under TLS 1.3 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue May 15 11:22:24 2018 +0200 + + tests: added main use-case test for gnutls_session_ticket_send() + + It verifies whether a server can use gnutls_session_ticket_send() + to send a ticket after re-authentication, and whether a client + can receive that ticket and re-authenticate with it, while + its certificate is made available to server. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue May 15 11:21:55 2018 +0200 + + handshake: do not include async messages into transcript + + This prevents the session tickets to affect re-authentication + or other operations that require the transcript. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue May 15 10:27:00 2018 +0200 + + gnutls_session_ticket_send: new function + + Introduced in order for a server to be able to send an arbitrary + amount of tickets, at any time. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue May 15 10:10:20 2018 +0200 + + handshake: store session parameters in TLS1.3 ticket + + This allows a TLS1.3 server to obtain certificate or other + information from the client on a resumed session. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon May 14 16:05:27 2018 +0200 + + handshake: TLS1.3 async messages trigger the handshake hook + + That is, the callback set with gnutls_handshake_set_hook_function() is + now called even on the async handshake messages received under TLS1.3, + such as key update, etc. + + Resolves #441 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon May 14 14:33:15 2018 +0200 + + tests: check various parameters on resumption + + That is, check gnutls_session_is_resumed() is functional on server + side, whether PRF is respected on resumption, whether gnutls_certificate_get_peers() + and gnutls_certificate_get_ours() operate as expected, and whether session + resumption fails with tickets after expiration time has passed. + + In addition improve function documentation by documenting the current + semantics for the functions above. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Daiki Ueno +Date: Tue Apr 17 13:32:18 2018 +0200 + + tests: exercise TLS 1.3 session resumption + + This requires a few changes to the resume.c test: because + NewSessionTicket is a post-handshake message, + gnutls_session_get_data2() needs to be called after sending the first + application data. Also, when GNUTLS_E_AGAIN, gnutls_record_recv() + needs to retry. + + Signed-off-by: Daiki Ueno + +Author: Daiki Ueno +Date: Mon Apr 30 14:27:52 2018 +0200 + + gnutls-cli: ignore E_AGAIN to accommodate async handshake message + + When an async handshake message has arrived while no application data + is available, gnutls_record_recv() returns GNUTLS_E_AGAIN and the loop + in socket_recv() blocks. Since socket_recv() is guarded by select(), + it should be safe to ignore GNUTLS_E_AGAIN. + + Signed-off-by: Daiki Ueno + +Author: Nikos Mavrogiannopoulos +Date: Mon May 14 09:01:59 2018 +0200 + + gnutls_auth_get_type: simplified + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Ander Juaristi +Date: Mon Apr 16 17:13:47 2018 +0200 + + TLS 1.3: Introduced TLS 1.3 session resumption + + This introduces session resumption under TLS 1.3. For that, + it enables the psk_ke_modes extension when we enable session + tickets. It enables sending session tickets in addition to + PSK usernames. The detection of resumption vs pure PSK is done by + comparing the indexes sent with the index received by the server. + + TLS 1.3 session tickets are always sent to the peer unless the + GNUTLS_NO_TICKETS is specified. + + Resolves #290 + + Signed-off-by: Ander Juaristi + Signed-off-by: Nikos Mavrogiannopoulos + Signed-off-by: Daiki Ueno + +Author: Nikos Mavrogiannopoulos +Date: Thu May 10 14:25:12 2018 +0200 + + psk_ke_modes: introduce psk_ke_modes_is_required() and update doc + + This adds a helper function to be extended when session resumption + is added, and clarifies why we send a prioritized list on ke modes. + + Signed-off-by: Nikos Mavrogiannopoulos + Signed-off-by: Ander Juaristi + +Author: Ander Juaristi +Date: Thu Apr 12 17:58:47 2018 +0200 + + session tickets: expose {encrypt,decrypt}_ticket as internal API + + To reuse the same ticket construction in any TLS versions, expose the + private functions in ext/session_ticket.c. + + Signed-off-by: Ander Juaristi + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Daiki Ueno +Date: Thu May 3 09:39:15 2018 +0200 + + ext/pre_shared_key: fix binder calculation when HRR is sent + + In that case, ClientHello1 and HelloRetryRequest are included in the + PSK binder computation, not only the truncated ClientHello2. + + Signed-off-by: Daiki Ueno + +Author: Daiki Ueno +Date: Mon Apr 16 17:22:19 2018 +0200 + + handshake: record transcript offset of client Finished + + This is for deriving resumption_master_secret, whose value is + calculated over ClientHello...client Finished. + + Signed-off-by: Daiki Ueno + +Author: Tim Rühsen +Date: Thu May 24 15:24:17 2018 +0200 + + Fix testdane by removing www.kumari.net + + danetool --check www.kumari.net: + Verification: Verification failed. The certificate differs. + + Signed-off-by: Tim Rühsen + +Author: Tom Vrancken +Date: Tue May 22 11:22:42 2018 +0200 + + Fixed some spelling issues. [ci skip] + + Signed-off-by: Tom Vrancken + +Author: Tom Vrancken +Date: Mon May 21 21:58:55 2018 +0200 + + Added extra extension flag to docs. + Added description of default pack and unpack functions. + + Signed-off-by: Tom Vrancken + +Author: Tom Vrancken +Date: Mon May 21 09:44:16 2018 +0200 + + Removed section about Heartbleed. + Referenced new functions _gnutls_hello_ext_set_datum / _gnutls_hello_ext_get_datum for manipulation extension data. + + Signed-off-by: Tom Vrancken + +Author: Tom Vrancken +Date: Sun May 20 10:23:36 2018 +0200 + + Fixed typo and incorrect function references. + + Signed-off-by: Tom Vrancken + +Author: Tom Vrancken +Date: Sat May 19 22:22:29 2018 +0200 + + Updated documentation on Hello extensions. + + Signed-off-by: Tom Vrancken + +Author: Nikos Mavrogiannopoulos +Date: Sat May 19 11:30:35 2018 +0200 + + pkcs11: consistent/clear naming of find obj callbacks and structs + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri May 18 11:04:34 2018 +0200 + + updated auto-generated files + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri May 18 09:19:16 2018 +0200 + + gnutls_pkcs11_token_get_ptr, gnutls_pkcs11_obj_get_ptr: introduced + + This allows an application to open a PKCS#11 token using a URI, + and use it directly, bypassing gnutls. That is useful to take + advantage of PKCS#11 functionality not wrapped by gnutls but + still use PKCS#11 URIs to identify the token. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sat May 19 12:47:16 2018 +0200 + + CONTRIBUTING.md: document why gnulib is kept separate [ci skip] + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Martin Sucha +Date: Fri May 18 18:52:41 2018 +0200 + + certtool: split long prompt for serial + + Signed-off-by: Martin Sucha + +Author: Martin Sucha +Date: Fri May 18 13:00:43 2018 +0200 + + doc: add note about CRL numbers to man page + + Signed-off-by: Martin Sucha + +Author: Martin Sucha +Date: Fri May 18 12:35:39 2018 +0200 + + certtool: ask again until serial/crl number is valid + + Signed-off-by: Martin Sucha + +Author: Martin Sucha +Date: Fri May 18 11:39:53 2018 +0200 + + tests: remove check for broken datefudge + + This check is not necessary with Fedora 28 build image + currently used for CI as it contains datefudge 1.22 + as well. + + Signed-off-by: Martin Sucha + +Author: Martin Sucha +Date: Fri May 18 10:43:26 2018 +0200 + + certtool: remove extra function + + I did not notice strip_nl previously. + + Signed-off-by: Martin Sucha + +Author: Martin Sucha +Date: Fri May 18 10:31:30 2018 +0200 + + tests: add negative tests for certtool crl numbers + + Signed-off-by: Martin Sucha + +Author: Martin Sucha +Date: Sun May 13 23:28:33 2018 +0200 + + doc: add NEWS about serial and CRL numbers + + Signed-off-by: Martin Sucha + +Author: Martin Sucha +Date: Sun May 13 23:04:29 2018 +0200 + + doc: add hex format to example template + + Signed-off-by: Martin Sucha + +Author: Martin Sucha +Date: Thu May 17 12:31:01 2018 +0200 + + certtool: use larger serial and CRL numbers + + Serial/CRL numbers can be up to 20 octets in length + as per RFC 5280, so it should be possible to use + such numbers as input to certtool. certtool + only allowed to specify 63-bit numbers in + template file or interactively (even though + it generated larger numbers in batch mode + by default). + + This patch allows large numbers to be specified + as a hexadecimal string. Parsing of decimal numbers + larger than native integers would require adding + dependency on libgmp directly to certtool or + extending the API exposed by GnuTLS library with parsing + functions. Since most tools (including GnuTLS) display + serial numbers in hexadecimal, it is not worth the + trouble to support large decimal numbers. + + Default values are unified between batch mode and + interactive input and their size is extended. + + CA/Browser forum recommends CAs to include at least + 64 bits of random data in the certificate serial + numbers in Baseline Requirements[1] section 7.1, but + gnutls adds only 32 bits. Some other + implementations generate default serial numbers + with more entropy as well, here is the current state + as of May 2018: + + +----------------+-------------------------------+ + | Implementation | Random bits in default serial | + +----------------+-------------------------------+ + | OpenSSL [2] | 159 | + | CFSSL [3] | 159 | + | wolfSSL [4] | 128 | + | GnuTLS | 32 | + | Mbed TLS [5] | 0 (defaults to 1) | + +----------------+-------------------------------+ + + The 20 octet field size can fit numbers up to 159 bits + since the most significant bit must be zero as numbers + in DER encoding are in two's complement and the serial + and CRL numbers must be positive. + + Default serial numbers are extended to full 159 bits + allowed by the field size and are completely random, + which matches other implementations. + + CRL numbers have the same size requirements, but also + need to be monotonic (RFC 5280, section 5.2.3). That's + why timestamp is used in them. The timestamp portion + is extended from 31 bits to 39 bits as 31 bits will + overflow in year 2038. The rest of the available space + up to 159 bits allowed in the 20 octet limit is filled + with random bits. + + Since the new CRL numbers are larger, the requirement for them + to be monotonically increasing is preserved when upgrading to a + newer version. This does not hold the other way around though, + so after using a newer version of certtool to generate a CRL + with default number and publishing it, it's not possible + to use older version anymore to generate subsequent CRLs. + Unfortunately, there is no easy workaround for users of older + certtool, since it is not possible to specify CRL numbers + greater than 63 bits manually prior to this change. + Users intending to downgrade to older version later are advised + to specify the CRL numbers in new version of certtool + manually with values they are smaller than what would get + generated by default in the old version. + + grep does not recognize CRLF line endings generated + in tests using MinGW, so we need to convert those to + LF endings for $ in the regex to match test output + correctly. + + datefudge 1.21 that is present in Fedora 26 + image trims the timestamp to 32 bits. That bug was + fixed in datefudge 1.22 available in the Debian image, + so we check if datefudge behaves correctly + and skip the test that uses more than 32 bits if + datefudge is broken. + + [1] https://cabforum.org/wp-content/uploads/CA-Browser-Forum-BR-1.4.2.pdf + [2] https://github.com/openssl/openssl/blob/6ebb49f3f9c9333611192561979bb799fa1eb76d/apps/apps.c#L1513 + [3] https://github.com/cloudflare/cfssl/blob/5d63dbd981b5c408effbb58c442d54761ff94fbd/signer/local/local.go#L295 + [4] https://github.com/wolfSSL/wolfssl/blob/d60b16c5b8c19cc61db4a5c3f5e085a7a158cd28/wolfcrypt/src/asn.c#L9791 + [5] https://github.com/ARMmbed/mbedtls/blob/84a1107818aaddfd2abe4c5a3478cf84ab2e26b4/programs/x509/cert_write.c#L81 + + Signed-off-by: Martin Sucha + +Author: Nikos Mavrogiannopoulos +Date: Mon May 7 09:52:32 2018 +0200 + + handshake: do not send TLS extensions under DTLS and vice versa + + That is, introduce the notion of TLS-only and DTLS-only extensions, + providing a framework to prevent sending extensions which are registered + for example for TLS 1.3, under DTLS and vice versa. + + Resolves #440 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon May 7 11:51:41 2018 +0200 + + gnutls_ext_raw_parse: introduced GNUTLS_EXT_RAW_FLAG_DTLS_CLIENT_HELLO + + This allows parsing extensions from a DTLS client hello. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed May 16 15:32:35 2018 +0200 + + tests: fix serv location in testcompat-main-openssl + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Andreas Metzler +Date: Sun May 13 14:39:14 2018 +0200 + + tests/suite: add missing file to dist + + Signed-off-by: Andreas Metzler + +Author: Andreas Metzler +Date: Sun May 13 14:33:17 2018 +0200 + + Allow running of test against installed gnutls-serv + + Signed-off-by: Andreas Metzler + +Author: Nikos Mavrogiannopoulos +Date: Fri May 4 14:55:21 2018 +0200 + + gnutls_certificate_set_retrieve_function3: updated documentation + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed May 2 14:30:24 2018 +0200 + + updated auto-generated files + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sun Apr 29 15:16:35 2018 +0200 + + pcert: added functionality to retrieve lists + + That introduces gnutls_pcert_list_import_x509_file() and + gnutls_x509_crt_list_import_url(). + + Resolves #373 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sat May 12 10:10:28 2018 +0200 + + tests: sanity-cpp: fixes for win32 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sat May 12 09:51:59 2018 +0200 + + .gitlab-ci.yml: bumped version of cache due to addition of CXXFLAGS + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sat May 12 09:04:28 2018 +0200 + + tests: fix failures in cxx example + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sat May 12 08:47:15 2018 +0200 + + cxx: bring few modern functions, and allow to get the raw session + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Philippe Widmer +Date: Thu May 10 16:44:58 2018 +0200 + + New constructors for classes client_session() and server_session() provide passing flags. Closes #438. + + Signed-off-by: Philippe Widmer + +Author: Nikos Mavrogiannopoulos +Date: Thu May 10 13:38:32 2018 +0200 + + tests: mini-record-timing: updated to work under newer gnutls [ci skip] + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu May 10 05:49:07 2018 +0200 + + tests: key_update: improved error checking and increased timeout + + That is to avoid reaching the maximum number of key updates per second. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sat May 5 22:31:39 2018 +0200 + + .gitlab-ci.yml: moved fedora CI builds to F28 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sat May 5 23:21:16 2018 +0200 + + tests: testcompat-openssl: disable DSS ciphersuites under SSL3.0 + + Previously if openssl wouldn't support DSS, we would only disable + DSS under TLS1.0 or later, not under SSL 3.0. This fixes interoperability + with Fedora28 openssl. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon May 7 08:12:12 2018 +0200 + + Makefile.am: optimized the abi-check configure step + + Also ensured that the same build flags are applied in both builds + for ABI checking. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sat May 5 23:15:06 2018 +0200 + + several updates to address issues found by clang static analyzer + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sat May 5 22:51:26 2018 +0200 + + nettle: fix casts which result to warnings in newer gcc + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon May 7 21:58:30 2018 +0200 + + tests: updated for GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER from handshake + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon May 7 21:49:16 2018 +0200 + + handshake: use GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER consistently + + Also treat GNUTLS_E_ILLEGAL_PARAMETER as a synonym if returned during + a connection. + + Relates #442 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon May 7 21:42:44 2018 +0200 + + CONTRIBUTING.md: documented status of C++ library [ci skip] + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon May 7 10:50:30 2018 +0200 + + tests: cookie: fixed exit condition [ci skip] + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon May 7 15:39:30 2018 +0200 + + doc update [ci skip] + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon May 7 08:17:09 2018 +0200 + + .gitlab-ci.yml: fixes in win32 builds + + Relates #439 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri May 4 08:39:30 2018 +0200 + + certtool: honor --ask-pass when loading a private key + + This also improves the password prompt when the password requested + is not for a smart card. + + Resolves: #436 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Michael Weiser +Date: Fri Apr 27 15:35:30 2018 +0200 + + .gitlab-ci.yml: Disable full test suite for cross builds + + Disable the full test suite for cross CI builds to speed them up. + + Signed-off-by: Michael Weiser + +Author: Michael Weiser +Date: Wed Apr 25 16:54:27 2018 +0200 + + .gitlab-ci.yml: Expire all build log artifacts + + Signed-off-by: Michael Weiser + +Author: Michael Weiser +Date: Wed Mar 28 22:47:01 2018 +0200 + + Use configured CC for pkg-config test + + Using the configured compiler aids in running the test suite under qemu + or in a multlib scenario. + + Signed-off-by: Michael Weiser + +Author: Michael Weiser +Date: Mon Mar 19 19:02:12 2018 +0100 + + Add Debian-based qemu cross CI targets + + Signed-off-by: Michael Weiser + +Author: Nikos Mavrogiannopoulos +Date: Sat May 5 22:38:56 2018 +0200 + + updated-auto-generated files + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sat May 5 22:17:15 2018 +0200 + + fuzzer: added fresh TLS1.3 server trace + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sat May 5 21:59:13 2018 +0200 + + gnutls-serv: all skipping DTLS cookie request + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sat May 5 21:45:56 2018 +0200 + + gnutls-cli: corrected data written by server trace + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu May 3 11:53:51 2018 +0200 + + tests: post handshake auth: test more combinations + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu May 3 11:48:46 2018 +0200 + + post_handshake_auth: send extension irrespective of certificates being present + + The feature does not necessarily require certificates to be present + and an empty cert can be presented. Furthermore, the certificates + can be set later on the credentials structure. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu May 3 13:48:52 2018 +0200 + + updated auto-generated files + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sun Apr 8 18:38:47 2018 +0200 + + tests: added interop tests with openssl under TLS1.3 + + This adds interoperability tests for: + * PSK with elliptic curve DHE + * RSA,RSA-PSS,secp256r1,ed25519 server certificate + * RSA,RSA-PSS,secp256r1,ed25519 client certificate + * X25519,SECP256R1 key share exchange + * key share with HRR + + Relates #328 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Apr 23 10:07:32 2018 +0200 + + doc: clarified re-handshake details under TLS1.2 server + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Apr 23 09:09:41 2018 +0200 + + tls13/certificate_request: corrected check of duplicate signature algorithms + + Made the check local when parsing a certificate request, as we may + receive multiple requests when post-handshake authentication is + in place. Furthermore check whether this extension has been received + as this is a mandatory one. In addition handle a memory leak when + multiple peer certificates are set. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Apr 23 08:41:22 2018 +0200 + + gnutls_reauth: doc update + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Apr 20 21:35:52 2018 +0200 + + gnutls-cli: enhanced tool for TLS1.3 options + + This patch allows a client to enable post-handshake + authentication, perform re-key and restrict the sent key shares. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Apr 20 14:51:15 2018 +0200 + + tls13/certificate: send empty certificate instead of skipping + + According to TLS1.3 spec: + The server's certificate_list MUST always be non-empty. A client + will send an empty certificate_list if it does not have an + appropriate certificate to send in response to the server's + authentication request. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Apr 20 13:47:57 2018 +0200 + + _gnutls_figure_common_ciphersuite: ignore certificate check if PSK is negotiated + + That is, if we are performing PSK under TLS1.3, don't bother + checking whether the certificate is compatible with the ciphersuite; + there isn't any. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Apr 20 10:53:51 2018 +0200 + + tls13/certificate_verify: corrected context in signatures in client side + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Apr 20 10:47:59 2018 +0200 + + _gnutls13_handshake_sign_data: avoid unnecessary copy + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Apr 20 09:01:28 2018 +0200 + + handshake: cleanup in TLS1.3 initial secret calculation + + That eliminates duplicate code in server hello parsing. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Apr 20 08:06:14 2018 +0200 + + psk: compute binder which is compatible with draft-ietf-tls-tls13 + + Previously the computed binder values was not compatible with any + TLS1.3 draft, and was not interoperating with openssl or tlslite. + + Resolves #427 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri May 4 08:06:35 2018 +0200 + + CONTRIBUTING.md: added text on CI [ci skip] + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu May 3 14:19:34 2018 +0200 + + tests: fallback scsv: check proper fallback under TLS 1.3 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu May 3 15:13:13 2018 +0200 + + encrypt_packet_tls13: made size check safer + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sat Apr 28 11:14:34 2018 +0200 + + pkcs11: mark private key objects as sensitive by default + + That is, to prevent accidentally creating objects which can + be exported. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Apr 23 15:02:53 2018 +0200 + + tests: check the behavior of TLS1.2 key exchange methods under TLS1.3 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Apr 23 15:11:28 2018 +0200 + + psk: mark psk_ke_modes as invalid when ignored + + TLS1.3 handles the receiving of pre-shared keys extension as + invalid when the psk_ke_modes extension is not received as well. + As such, when we ignore the psk_ke_modes for some reason (e.g., + no credentials) we need to indicate that it was received. We + use the invalid mode flag for that reason, allowing the handshake + to fail later for the right reason (e.g., no credentials error rather + than illegal extension). + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Apr 23 15:01:48 2018 +0200 + + priority: handle RSA-PSK ciphersuites similar to SRP + + That is, when specified disable TLS1.3. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Andreas Metzler +Date: Sat Apr 28 14:14:30 2018 +0200 + + Add another sni related test + + As --sni-hostname does not imply --verify-hostname a hostname mismatch + still triggers an error. + + Signed-off-by: Andreas Metzler + +Author: Nikos Mavrogiannopoulos +Date: Mon Apr 23 14:00:15 2018 +0200 + + tests: sni-hostname was updated to support TLS1.3 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sun Apr 29 13:44:04 2018 +0200 + + updated auto-generated files + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Andreas Metzler +Date: Sat Apr 28 14:11:27 2018 +0200 + + doc: Add crossreference/warning + + Add pointer to --verify-hostname to --sni-hostname description. + + Signed-off-by: Andreas Metzler + +Author: Nikos Mavrogiannopoulos +Date: Mon Apr 23 13:58:22 2018 +0200 + + gnutls-cli: added option to specify the verification hostname + + This enables testing various scenarios, by allowing to specify the + hostname to be used for certificate validation when connecting to + a remote host (e.g., localhost but with a certificate for example.com). + + Resolves #344 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Apr 26 09:06:00 2018 +0200 + + doc: fixes for better latex pdf generation [ci skip] + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Apr 24 08:36:06 2018 +0200 + + retrieve_pin: refuse to retrieve PIN from URI more than one time + + That is, prevent re-using a static PIN if it has already been + known to be wrong. Introduced tests of that behavior. + + Resolves #425 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Apr 24 16:42:10 2018 +0200 + + doc: updated OCSP documentation [ci skip] + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sun Apr 22 16:02:08 2018 +0200 + + gnutls.h.in: corrected typo [ci skip] + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Apr 20 08:42:27 2018 +0200 + + fuzz: corrected TLS1.3 enablement [ci skip] + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Apr 17 10:59:25 2018 +0200 + + _gnutls_epoch_new: allow re-allocation epoch next epoch + + On certain cases when re-handshake is interrupted by application + data, _gnutls_epoch_new() will be called twice. Make sure that + this does not lead to an error. We also rename the function to + clarify its purpose _gnutls_epoch_setup_next(). + + Resolves #426 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Apr 17 09:52:01 2018 +0200 + + tests: added reproducers for receiving app data when rehandshake is expected + + Relates: #426 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Apr 17 09:31:12 2018 +0200 + + tests: eliminated exit_code variable used in few tests + + It was a legacy variable for error printing that was never + used uniformly. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Apr 17 09:24:29 2018 +0200 + + tests: eagain: moved to cmocka and enhanced for TLS1.3 + + That also makes macros from eagain-common.h functioning under cmocka. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Apr 16 09:51:11 2018 +0200 + + tests: tls12-rehandshake-cert*: run multiple rehandshake tests + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Apr 17 07:45:54 2018 +0200 + + tls13/finished: addressed memory leak in receiving finished packet + + Issue found using oss-fuzz: + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=7518 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Apr 16 15:35:33 2018 +0200 + + priority: document the reasons for the order of supported groups [ci skip] + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Apr 16 15:14:01 2018 +0200 + + handshake: described the epoch reference counting [ci skip] + + It is used only in DTLS where multiple handshake states may be + active. + + Resolves #421 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Apr 16 09:51:11 2018 +0200 + + tests: tls12-rehandshake-cert-3: run multiple rehandshake tests + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Apr 11 14:35:26 2018 +0200 + + doc update + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Apr 11 08:34:15 2018 +0200 + + ANON,SRP,NULL ciphersuites: when set do not negotiate TLS1.3 or later + + The reason is that these ciphersuites cannot be negotiated using TLS1.3. + There is a different strategy followed for these. + + * NULL ciphersuites: they are not something normally enabled and used + for debugging purposes mostly. When set both in client and server side + only TLS1.2 can be used. + + * SRP ciphersuites: they are used on client side when the client is actually + performing a username-password authentication with SRP. On server side we + can have indeed a server support SRP and non-SRP. In that case we limit + both on TLS1.2. That an unfortunate restriction, but is not a regression + and IMHO these servers would most likely be phased out as very few would + want to stick to TLS1.2 connections for SRP; or we may have an SRP update + for TLS1.3 which could lift that limitation in the future. + + * ANON ciphersuites: they are used in certain client/server setups where very + basic level of security is required, and in opportunistic encryption scenarios. + There is a difference in the handling of these cases. In the case of Anon-only + server/clients they provide the session with anonymous credentials structure; in + the case of opportunistic encryption they provide both certificate and anonymous + credentials. Thus we allow the protocol (TLS1.3) be in the priorities, but if we + see no certificate or PSK credentials we disable TLS1.3 negotiation. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sat Apr 7 21:42:57 2018 +0200 + + ext/pre_shared_key: cleanups in error handling + + This addresses a memory leak found via oss-fuzz. It also + sets the right index on the selected PSK, and returns the + right server error code on incorrect key file. + + Addresses: + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=7465 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sat Apr 7 21:27:27 2018 +0200 + + ext/psk_ke_modes: corrected data access + + That also improves the if-checks. + + Issue and reproducer discovered via oss-fuzz: + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=7470 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sat Apr 7 21:06:53 2018 +0200 + + fuzz: added client and server traces for TLS 1.3 draft-26 [ci skip] + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sat Apr 7 06:20:05 2018 +0200 + + doc: corrected space-tab issues in examples + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Apr 6 20:51:39 2018 +0200 + + constate: fixed key generation for TLS1.3 + + This amends 62ea232f180b980a0d4b6462c468706db6cc4700, and + removes invalid NULL checks, as well as corrects the key + set for server side. + + This is verified against openssl master, but does not include + automated test suite; it will be tested as part of #328 + + Resolves #419 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Apr 4 14:51:08 2018 +0200 + + doc: re-organized and modernized examples + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Apr 4 13:47:36 2018 +0200 + + doc: updated for TLS1.3 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Apr 6 13:36:11 2018 +0200 + + fuzz: added PSK traces with TLS1.3 + + Relates: #359 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Apr 4 15:28:37 2018 +0200 + + psk: save the username on auth info struct under TLS1.3 + + Add the necessary tests to verify that gnutls_psk_server_get_username() + reports the right username under TLS1.2 and TLS1.3. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Mar 22 10:02:36 2018 +0100 + + tests: enhanced test suite for TLS1.3 and PSK + + That includes tests with unknown usernames and connections with wrong key + and updates to fastopen.sh to use certificate auth, making it applicable + under TLS1.3. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Mar 29 09:51:32 2018 +0200 + + priority: added GROUP-DH-ALL and GROUP-EC-ALL + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Apr 3 13:10:30 2018 +0200 + + dumbfw: account for extension data padding + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Apr 5 09:04:47 2018 +0200 + + Simplified the _gnutls13_psk_ext_parser interface and added unit tests + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Ander Juaristi +Date: Thu Mar 22 08:59:56 2018 +0100 + + Added support for out-of-band Pre-shared keys under TLS1.3 + + That adds support for pre-shared keys with and without Diffie-Hellman + key exchange. That's a modified version of initial Ander's patch. + + Resolves #414 + Resolves #125 + + Signed-off-by: Ander Juaristi + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Apr 6 10:36:18 2018 +0200 + + certtool: key-type desc was moved along the privkey functionality [ci skip] + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Apr 4 13:47:25 2018 +0200 + + gnutls_record_can_use_length_hiding: corrected return type + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Apr 4 16:54:15 2018 +0200 + + encrypt_packet_tls13: reverted to original API + + That allows more uniformity across encrypt/decrypt, and + across different protocol handling. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sun Mar 25 20:08:26 2018 +0200 + + nettle: corrected typo in version check for compatibility mode with 3.3 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Mar 13 11:11:52 2018 +0100 + + doc update + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Mar 13 09:45:44 2018 +0100 + + protocols: bumped TLS1.3 protocol to draft -26 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Mar 13 09:23:05 2018 +0100 + + record: added AAD data when encrypting or decrypting + + This is a requirement of draft-ietf-tls-tls13-25 + + Resolves #409 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Mar 12 17:10:42 2018 +0100 + + priorities: disable any key exchange methods if there is no TLS1.2 or earlier + + That is, because TLS1.2 has specific requirements in the ordering of + curves/groups if certain ciphersuites (ECDHE/DHE) are present, and + by being able to eliminate them early we simplify the negotiation + for TLS1.3-only clients/servers. + + Relates #378 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Mar 9 12:12:56 2018 +0100 + + _gnutls_supported_ecc_recv_params: take into account precedence + + That is, when %SERVER_PRECEDENCE is given in the priority string make + sure that the negotiated curve of DH group respects the server's priorities. + That's very relevant under TLS1.3 as ciphersuite negotiation itself, where + %SERVER_PRECEDENCE applied, does contain only the cipher algorithm and MAC + unlike TLS1.2 which included key exchange as well. + + Resolves #378 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Mar 12 10:37:00 2018 +0100 + + supported_versions: cannot be used to negotiate pre-TLS1.3 + + This is a requirement of draft-ietf-tls-tls13-26 + + Resolves #410 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Mar 23 20:45:40 2018 +0100 + + doc update [ci skip] + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Mar 23 07:04:37 2018 +0100 + + doc: mention gnutls_privkey_import_ext4 in upgrade from 3.5.x + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Mar 23 07:02:23 2018 +0100 + + doc: added since field in gnutls_record_send2() description + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Mar 23 06:47:55 2018 +0100 + + Makefile.am: reduce automake warnings and corrected version + + That is, avoid using the := syntax, set the right version variable + and use a hidden file for abi-check cache stamp. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sun Mar 18 15:46:36 2018 +0100 + + The abi-check target was updated to check against the last tag + + As abi-dumper and abi-compliance-checker tools are not reliable when + run across different systems, we now compare the previous tag ABI with the + current compiled library. That is in contrast with the previous behavior + of storing the output files of abi-dumper, which can become obsolete on + a CI update. + + That also moves the ABI check only on the CI, and not in the 'make dist' rule + as it takes significant time to run. + + This relates to an issue reported against libidn2's use of abi-compliance-checker + but it affects gnutls as they share similar code: + https://gitlab.com/libidn/libidn2/issues/42 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Mar 20 07:15:13 2018 +0100 + + nettle/pk: include nettle/version.h + + That enables the nettle version macros to operate. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Mar 19 14:42:38 2018 +0100 + + tests: avoid duplicate runs of tests when not necessary + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Mar 19 18:31:40 2018 +0100 + + tests: moved invalid-cert reproducer into fuzz/ reproducers + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Mar 19 18:29:23 2018 +0100 + + tests: testpkcs11.sh was moved to the main tests + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Mar 19 18:24:10 2018 +0100 + + tests: long-crl.sh was moved to main suite + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Mar 19 15:22:14 2018 +0100 + + tests: suite: dropped ocsp-coverage and cert-coverage + + These tests are duplicates of fuzz/gnutls_ocsp_resp/req_parser_fuzzer + and gnutls_x509_parser_fuzzer. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Mar 19 15:11:38 2018 +0100 + + tests: testsrn.sh was removed as duplicate of safe-renegotation/ tests + + Also safe-renegotiation tests were made TLS1.2-only as they do not + apply to TLS1.3. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Mar 19 15:07:14 2018 +0100 + + tests: pkcs7-cat: moved to main suite + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Mar 13 15:46:16 2018 +0100 + + tests: updated for TLS1.3 inclusion + + This moves the test to use a specific version or test multiple + TLS versions if applicable. + + Resolves #413 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Mar 19 09:00:23 2018 +0100 + + tests: mini-record-retvals was split into return vals checking and alerts checking + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Mar 13 13:47:46 2018 +0100 + + tests: client-fast-open: updated for TLS1.3 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Mar 13 13:43:47 2018 +0100 + + tests: removed unused test + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Mar 13 13:41:19 2018 +0100 + + tests: auto-verify: update for TLS1.3 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sat Mar 10 19:08:08 2018 +0100 + + doc update [ci skip] + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Mar 8 16:21:20 2018 +0100 + + tlsfuzzer: updated to the latest version + + Also enabled the RSA-PSS tests. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Mar 8 16:00:34 2018 +0100 + + alert: send the appropriate alert on GNUTLS_E_ERROR_IN_FINISHED_PACKET + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Mar 8 14:54:55 2018 +0100 + + Bumped TLS1.3 draft version to -23 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Mar 8 13:57:05 2018 +0100 + + Hello retry request matches server hello + + That also distinguishes between them by using the special random value, + and implements the version check as in draft-ietf-tls-tls13-24. + + Resolves #391 #390 #392 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Mar 7 12:52:46 2018 +0100 + + tests: added negative tests for RSA-PSS key exchange + + Relates #400 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Mar 6 15:09:50 2018 +0100 + + signatures: distinguish RSA-PSS signatures with RSA PKCS#1 1.5 certificates from "pure" + + This change enhances signature algorithms to have a private key algorithm + parameter. That is, to allow signature algorithms operating with a private + key of type X while the public key is of type Y. That is useful for the + RSA-PSS signatures which are of two types; one which is seen from servers + having PKCS#1 1.5 certificates, the other with RSA-PSS certificates, while + both utilize RSA-PSS private keys. + + This is a draft-ietf-tls-tls13-23 change. + + Resolves #400 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Feb 28 12:41:40 2018 +0100 + + Server hello format follows TLS1.2 format + + Also version negotiation was moved to supported_versions extension, + and session ID is set by client following appendix D.4. + + This is a draft-ietf-tls-tls13-22 change. + + Resolves #393, #389, #397 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Feb 28 11:38:53 2018 +0100 + + Renumbered the key share extension to 51 + + This is a draft-ietf-tls-tls13-23 change. + + Resolves #398 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Feb 22 16:12:55 2018 +0100 + + record: ignore any ChangeCipherSpec messages under TLS1.3 handshake + + Also send ChangeCipherSpec messages under TLS1.3 handshake. + + This is a draft-ietf-tls-tls13-22 change. + + Resolves #395 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Feb 22 14:42:43 2018 +0100 + + record: send 0x0303 under TLS1.3 + + This is a draft-ietf-tls-tls13-22 change. + + Resolves #396 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Mar 8 12:03:39 2018 +0100 + + cryptodev: fix prototype of cryptodev_mac_fast [ci skip] + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Mar 7 16:14:51 2018 +0100 + + cryptodev: added missing macro [ci skip] + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Mar 5 15:42:14 2018 +0100 + + tests: added unit tests of gnutls_x509_crt_export + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Mar 2 23:21:34 2018 +0100 + + doc update + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Mar 2 23:09:11 2018 +0100 + + gnutls_x509_crt_export2: avoid re-encoding + + That prevents possible re-encoding issues in libtasn1 or ambiguously + formatted DER data, from affecting verbatim usage of certificates. + + Relates #403 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Mar 2 17:48:01 2018 +0100 + + tests: added reproducer with DER re-encoding error on client side + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sun Mar 4 19:07:29 2018 +0100 + + cfg.mk: update-po rule uses commit -s + + This makes it produce a commit message which can be sent to + the repo (Signed-off-by is mandatory). + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sun Mar 4 19:01:41 2018 +0100 + + Sync with TP. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sun Mar 4 19:01:23 2018 +0100 + + CONTRIBUTING.md: added more info about gnulib + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Tim Rühsen +Date: Sat Mar 3 18:42:20 2018 +0100 + + Improve fuzzer coverage report creation + +Author: Nikos Mavrogiannopoulos +Date: Fri Mar 2 23:40:43 2018 +0100 + + pkcs11: set the modulus bits on RSA keys + + That value is necessary when using RSA-PSS keys. + + Relates #402 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Mar 2 14:51:31 2018 +0100 + + gnutls_privkey_import_ext4: enhanced with GNUTLS_PRIVKEY_INFO_PK_ALGO_BITS flag + + That flag is utilized by the information function to obtain the + value of the parameters (e.g., modulus). That information is necessary + to safely handle RSA-PSS keys. + + For RSA-PSS keys this is a regression since 3.6.0 where this API was + introduced, but as this change is necessary and 3.6.x is not yet marked + as stable, it should be acceptable. + + Relates #402 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Mar 2 11:18:12 2018 +0100 + + _gnutls_find_rsa_pss_salt_size: add a validity check for salt size + + That is, in order to reject invalid parameters. + + Resolves #402 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Mar 2 09:38:55 2018 +0100 + + tests: eliminated destructive tests + + That adds a dependency to p11-kit 0.23.10 for the test suite. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Mar 1 16:38:29 2018 +0100 + + configure: simplified nettle version check + + Relates #401 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Łukasz Stelmach +Date: Tue Feb 27 15:44:55 2018 +0100 + + gnutls-cli: do not ask any questions with --strict-tofu + + Signed-off-by: Łukasz Stelmach + +Author: Tim Rühsen +Date: Tue Feb 27 22:04:10 2018 +0100 + + Update oss-fuzz corpora + + Signed-off-by: Tim Rühsen + +Author: Nikos Mavrogiannopoulos +Date: Thu Feb 22 11:43:53 2018 +0100 + + drbg-aes: use the new nettle APIs for AES + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Feb 22 11:29:08 2018 +0100 + + accelerated: padlock: use the new nettle APIs + + Also remove any ifdefs for nettle (it is not conditionally compiled in), + and do not register accelerators for AES-192-CBC. That cipher is widely + ignored to bother. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Feb 26 11:46:09 2018 +0100 + + doc update + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Feb 26 11:44:56 2018 +0100 + + updated auto-generated files + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Feb 23 09:55:50 2018 +0100 + + gnutls_ext_raw_parse: introduced function + + That function can be combined with callbacks like + gnutls_handshake_set_hook_function() for applications to + be able to process messages when necessary. + + Resolves #382 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Feb 21 11:46:08 2018 +0100 + + fuzz: added TLS1.3 client and server traces [ci skip] + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Feb 21 11:21:36 2018 +0100 + + fuzz: enable fuzzer target in afl examples and add missing script [ci skip] + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Feb 21 11:20:31 2018 +0100 + + fuzz: fixes in README file [ci skip] + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Feb 19 20:11:57 2018 +0100 + + updated Since version in new function entries as well as map file versions + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Feb 19 17:17:45 2018 +0100 + + fuzz: enable TLS1.3 in server and client fuzzers + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Feb 19 15:10:00 2018 +0100 + + updated auto-generated files + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Feb 19 15:02:36 2018 +0100 + + doc update + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Daiki Ueno +Date: Tue Jan 23 16:39:36 2018 +0100 + + record: new gnutls_record_send2 function + + This adds a new function gnutls_record_send2() which takes an extra + argument to specify the padding size of the record. + + Signed-off-by: Daiki Ueno + +Author: Daiki Ueno +Date: Thu Feb 8 13:24:46 2018 +0100 + + _gnutls_record_overhead: count content type octet in plaintext + + In TLS 1.3, TLSInnerPlaintext has the 'type' field followed by the + padding. Exclude it from the overhead calculation. + + Signed-off-by: Daiki Ueno + +Author: Daiki Ueno +Date: Wed Jan 3 14:14:56 2018 +0100 + + tests: check extended record padding work with TLS 1.3 + + Signed-off-by: Daiki Ueno + +Author: Daiki Ueno +Date: Thu Dec 21 17:02:22 2017 +0100 + + range: make length hiding always usable under TLS 1.3 + + This patch reintroduce the extended record padding mode removed in + commit 7df219f0. Under TLS 1.3, the padding mode can be implemented + in the record protocol. + + Signed-off-by: Daiki Ueno + +Author: Daiki Ueno +Date: Wed Jan 3 14:10:22 2018 +0100 + + tests: re-enable mini-record-range test + + This test was previously disabled as part of NEW_PADDING extension + removal (commit 7df219f0). Even though the extension is not usable, + gnutls_record_send_range() should work with the standard TLS block + cipher padding. + + Signed-off-by: Daiki Ueno + +Author: Daiki Ueno +Date: Thu Dec 21 15:53:30 2017 +0100 + + doc: fix mention of gnutls_record_send_range() + + Signed-off-by: Daiki Ueno + +Author: Nikos Mavrogiannopoulos +Date: Sat Jan 27 16:38:14 2018 +0100 + + po: lib/x509/ocsp.c added to translatable files + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Jan 4 17:32:58 2018 +0100 + + tests: corrected various typos + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Jan 4 17:26:54 2018 +0100 + + doc: use 3.6.xx to be consistent with other version references + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Jan 2 12:44:15 2018 +0100 + + doc update + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Dec 13 10:11:57 2017 +0100 + + doc: getfuncs.pl: distinguish between different typedef types + + That allows to properly distinguish a struct from a one liner + typedef. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Dec 13 08:00:38 2017 +0100 + + check_ocsp_response: print OCSP response actual error on debug log + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Dec 12 14:55:29 2017 +0100 + + x509/cert: reorganized + + Split functionality related to certificate credentials and + session certificate handling in cert-cred.c and cert-session.c + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Nov 29 16:19:56 2017 +0100 + + tests: added unit test for gnutls_ocsp_resp_list_import2 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Oct 18 10:35:53 2017 +0200 + + doc: updated + + * document the new behavior of gnutls_certificate_set_ocsp_status_request_file + * updated text on OCSP stapled responses + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Nov 21 16:31:02 2017 +0100 + + tests: added ocsptool sanity check program + + This checks its functionality in loading and exporting PEM + and DER structures. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Oct 16 16:05:15 2017 +0200 + + tests: enhanced OCSP tests + + * Run tests under TLS1.2 and TLS1.3 + * Verify whether multiple OCSP responses are received in client + side, under TLS1.3. + * Verify that OCSP status responses can be sent by + client under TLS1.3 + * Verify operation of gnutls_certificate_retrieve_function3 + * Verify operation when multiple OCSP responses by file are set + + Resolves #307 + Resolves #291 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Dec 12 08:47:00 2017 +0100 + + cert auth: use a single callback to call for OCSP + + That is, when selecting the certificate to use, point to + the callback to use as well (whether it being the global or + a specific) one, for OCSP. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Nov 22 10:32:04 2017 +0100 + + ocsp: introduced gnutls_certificate_get_ocsp_expiration() + + This is a function to allow obtaining the validity of the OCSP responses + already set in the credential structures. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Dec 8 13:45:24 2017 +0100 + + ocsp: enhanced the OCSP response loading APIs + + Introduced gnutls_certificate_set_ocsp_status_request_file2() and + gnutls_certificate_set_ocsp_status_request_mem(). These functions + behave as the equivalent certificate loading functions and pre-load + the OCSP response provided as a file, either in DER or in PEM form. + + In addition, ensure that if the server is provided a problematic OCSP + response, or the OCSP response is not renewed before it is invalid, we + will not provide it to the clients. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Oct 18 11:26:55 2017 +0200 + + gnutls-serv: allow loading multiple OCSP responses + + That is, allow specifying multiple 'ocsp-response' options on + command line. In addition introduce the option 'ignore-ocsp-response-errors' + which will set the GNUTLS_CERTIFICATE_SKIP_OCSP_RESPONSE_CHECK flag + prior to importing the response. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Oct 18 10:32:20 2017 +0200 + + cert: introduced flag GNUTLS_CERTIFICATE_SKIP_OCSP_RESPONSE_CHECK + + This allows reverting the new semantics of checking the loaded + OCSP response against the certificates present and return + to the 3.5.x semantics. + + That option is also useful for debugging as it allows setting + an arbitrary response and checking gnutls' client behavior with that. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Dec 7 16:16:55 2017 +0100 + + gnutls_certificate_set_ocsp_status_request_file: match input response to certificates + + That is, iterate through the certificate chain to figure to which + certificate the response corresponds to, and assign it to it. + That allows for applications to re-use this function to set + multiple responses when available. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Dec 6 13:51:52 2017 +0100 + + ocsp: moved non-extension related functions to ocsp-api.c + + That keeps ext/status_response.c clear of items that are + not related with the extension handling. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Oct 17 09:59:53 2017 +0200 + + gnutls_ocsp_status_request_get2: allow operation under TLS1.3 for server side + + Under TLS1.3 it is possible for both client and server to send the + status request extension in certificate message. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Oct 17 08:32:09 2017 +0200 + + select_sign_algorithm: check KX type only on pre-TLS1.3 + + That, when selecting a certificate under TLS1.3, considers + the negotiated signature algorithms for compatibility with the + certificate to be selected. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Dec 6 13:45:21 2017 +0100 + + rename _gnutls_selected_certs_set -> selected_certs_set + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Dec 6 13:32:28 2017 +0100 + + ocsp: send all the OCSP responses under TLS1.3 + + That is, any responses set by the caller application (directly + or via a callback), will be sent to the peer. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Dec 6 13:18:16 2017 +0100 + + introduced gnutls_certificate_retrieve_function3 + + That allows a certificate callback to provide OCSP responses in addition + to certificates. That also introduces a flags option which currently + accepts GNUTLS_CERT_RETR_DEINIT_ALL which allows the callback to + specify whether the provided data should be deinitialized. + + To simplify the certificate callback code, all previous (now legacy) + callbacks are implemented as wrappers over the new callback function. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Nov 29 14:27:44 2017 +0100 + + gnutls_ocsp_resp_list_import2: introduced + + That is, introduced function to to import multiple OCSP PEM + responses into a list. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Nov 21 16:20:48 2017 +0100 + + ocsptool: import and export OCSP responses in PEM format + + That also modifies the 'request-info' and 'response-info' commands + to check the 'outfile' parameter and if set, to store the corresponding + structure into that file. Currently for OCSP requests there is no + printing of PEM data. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Nov 21 14:59:31 2017 +0100 + + ocsp: introduced gnutls_ocsp_resp_import2 and gnutls_ocsp_resp_export2 + + These allow importing and exporting an OCSP response to PEM format, + in addition to DER. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Oct 13 09:36:38 2017 +0200 + + _gnutls_x509_cert_verify_peers: verify all received OCSP responses + + That is, when verifying the server's certificate, take into account + all present OCSP responses. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Oct 13 09:31:58 2017 +0200 + + gnutls_ocsp_status_request_get2: added function + + The function extends gnutls_ocsp_status_request_get() to + retrieve more than a single responses. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Oct 10 10:21:19 2017 +0200 + + tls13/certificate: parse OCSP status response and save responses in auth info struct + + That provides support of OCSP status response under TLS 1.3. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Oct 10 11:14:19 2017 +0200 + + ext/status_request: allow more than a single OCSP response to be received + + That change allows for arbitrary number of OCSP responses + which is required in TLS1.3. The received list is now stored + in auth structure, and thus packed with it on resumption data. + The status response extension data, are now only used on server + side, when temporarily storing the OCSP response to send. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Oct 10 09:59:17 2017 +0200 + + _gnutls_copy_certificate_auth_info: simplified and avoid multiple allocations + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Dec 19 16:16:29 2017 +0100 + + tests: updated to account for HMAC-SHA384 and CAMELLIA removal + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Dec 19 16:00:45 2017 +0100 + + priorities: provide a more consistent "story" for default cipher settings + + Current settings in NORMAL priorities which were affected: + * Enabled ciphers: + - AES-GCM + - CHACHA20-POLY1305 + - AES-CCM + - AES-CBC + + * Enabled signature algorithms: + - RSA-SHA256 + - RSA-PSS-SHA256 + - ECDSA-SHA256 / ECDSA-SECP256R1-SHA256 + - EDDSA-ED25519 + - RSA-SHA384 + - RSA-PSS-SHA384 + - ECDSA-SHA384 / ECDSA-SECP384R1-SHA384 + - RSA-SHA512 + - RSA-PSS-SHA512 + - ECDSA-SHA512 / ECDSA-SECP521R1-SHA512 + - RSA-SHA1 + - ECDSA-SHA1 + + Removed: + * Ciphersuites utilizing HMAC-SHA384. That MAC is only used on "legacy" + type of ciphersuites, and doesn't provide any advantage over HMAC-SHA256. + * Ciphersuites utilizing CAMELLIA were removed. TLS1.3 doesn't define any + CAMELLIA ciphersuites, and thus provide consistent defaults across + protocols. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Oct 17 09:27:36 2017 +0200 + + certificate request: corrected parsing of signature algorithms + + That fixes an issue in TLS 1.3 certificate request message parsing. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Dec 4 18:22:54 2017 +0100 + + tlsfuzzer: updated to latest master + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sat Dec 9 11:23:24 2017 +0100 + + doc: documented hsk_flags "lifetime" and its reset + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Nov 8 13:13:31 2017 +0100 + + session state: TLS1.2 and TLS1.3 state is stored as union + + That is, to reduce memory usage as these protocol cannot be used + in parallel. + + Relates: #281 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Nov 8 13:08:02 2017 +0100 + + session state: organized key exchange keys into structures + + That is, with the view of separating the data needed for + TLS1.2 and earlier and TLS1.3. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Nov 7 16:52:21 2017 +0100 + + record state: avoid memory allocations for stored keys + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Nov 7 16:25:31 2017 +0100 + + handshake: ffdhe flags merged with handshake flags + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Nov 7 16:09:12 2017 +0100 + + handshake: false start flag merged with hsk_flags + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Nov 7 15:36:01 2017 +0100 + + handshake: use hsk_flags in TLS1.2 and TLS1.3 + + The flags provide a more transparent view of the received + and expected messages. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Dec 5 09:01:56 2017 +0100 + + doc: added text on TLS1.3 rekey and reauthentication + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Dec 4 17:45:11 2017 +0100 + + updated auto-generated files + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Nov 2 15:30:43 2017 +0100 + + tests: re-enabled post-handshake auth tests + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Nov 2 15:19:10 2017 +0100 + + handshake: added support for post-handshake authentication + + That is: + * introduced a gnutls_init() flag for clients to enable post-handshake + authentication + * introduced gnutls_reauth() function, to be called by servers to request + authentication, and by clients to perform authentication + + Resolves #562 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Nov 21 11:12:14 2017 +0100 + + gnutls_record_set_state: use const for seq_number + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Nov 20 16:56:12 2017 +0100 + + tests: added test suite on key limits + + This checks whether key update occurs for the expected ciphersuites. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Nov 20 16:52:58 2017 +0100 + + gnutls_record_get_state: doc update + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Nov 20 16:01:29 2017 +0100 + + Introduce key usage limits under TLS1.3 + + That introduces a transparent key update for sending key after + the safety limit is reached. + + Resolves #130 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Nov 20 13:08:18 2017 +0100 + + updated auto-generated files + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Oct 30 08:59:17 2017 +0100 + + tests: removed unused variables and introduced temporal vars in macros + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Oct 30 08:51:06 2017 +0100 + + tests: check gnutls_rehandshake() and gnutls_handshake() under TLS1.3 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sat Oct 28 12:38:52 2017 +0200 + + gnutls_*handshake: wrap gnutls_session_key_update under TLS 1.3 + + The semantics of the gnutls_handshake() and gnutls_rehandshake() functions + were tied to TLS 1.2 and earlier behavior. This patch attempts to merge + the two different semantics as follows: + + TLS1.2: + * gnutls_rehandshake: sends a hello request message (asks the peer for a re-handshake) + in server side; invalid to be called in client side. + + * gnutls_handshake: performs a re-handshake in either client or server side; + in server side it is expected to be called after + gnutls_rehandshake(). + + TLS1.3: + * gnutls_rehandshake: in server side sends a key update and asks the peer to re-key + as well; remains invalid to be called in client side. + + * gnutls_handshake: sends a key update and asks the peer to re-key as well; + in client side; is a no-op when called in server side. + + Relates #131 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Oct 19 16:45:18 2017 +0200 + + tests: added unit tests with TLS1.3 key update + + Relates #131 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Oct 19 16:27:30 2017 +0200 + + handshake: introduced gnutls_session_key_update() + + This function allows updating keys of the session and notifying + the peer. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Oct 19 14:52:03 2017 +0200 + + handshake: added TLS1.3 passive key update + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Daiki Ueno +Date: Wed Nov 29 11:18:40 2017 +0100 + + keylogfile: write TLS 1.3 secrets + + Signed-off-by: Daiki Ueno + +Author: Daiki Ueno +Date: Tue Nov 28 18:28:19 2017 +0100 + + _gnutls_nss_keylog_write: define new internal API + + This patch turns the write_nss_key_log function to an internal + API (with a different name) so that it can be called from other places + implementing TLS 1.3 key scheduling. + + Signed-off-by: Daiki Ueno + +Author: Nikos Mavrogiannopoulos +Date: Mon Nov 27 11:27:12 2017 +0100 + + tls-fuzzer: enabled the large hello checks + + These were previously not working because tls-fuzzer was not TLS1.3-ready. + This is addressed at the current update, and as such we enable them. + + That commit also enables the SNI resumption tests. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Nov 29 16:21:45 2017 +0100 + + hkdf: refer to nettle's hkdf.h when available + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Nov 29 14:04:30 2017 +0100 + + doc update + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Nov 27 11:07:40 2017 +0100 + + gnutls_prf_rfc5705: apply the context limits only under TLS1.2 or earlier + + These limits do not exist under TLS1.3. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Nov 27 11:04:59 2017 +0100 + + gnutls_prf_raw: fail under TLS1.3 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Nov 27 09:10:24 2017 +0100 + + tests: included behavioral test of gnutls_prf under TLS1.3 + + Resolves #330 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Nov 27 09:03:31 2017 +0100 + + gnutls_prf: prevent usage under TLS1.3 + + Only allow its use when it is documented to have the same output + as gnutls_rfc5705() and in that case make it a wrapper to it. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Daiki Ueno +Date: Fri Nov 24 11:07:20 2017 +0100 + + gnutls_prf_rfc5705: calculate exporter using HKDF if TLS 1.3 + + Signed-off-by: Daiki Ueno + +Author: Daiki Ueno +Date: Fri Nov 24 10:55:43 2017 +0100 + + handshake-tls13: derive and store exporter_master_secret + + Signed-off-by: Daiki Ueno + +Author: Daiki Ueno +Date: Fri Nov 24 10:34:26 2017 +0100 + + _tls13_derive_secret: define secret argument + + TLS 1.3 exporters need to derive a secret from exporter_master_secret + or early_exporter_master_secret, not the handshake or application + secret stored in temp_secret. Add a new argument @secret to + _tls13_derive_secret to specify any secret. + + Signed-off-by: Daiki Ueno + +Author: Nikos Mavrogiannopoulos +Date: Wed Nov 8 11:45:25 2017 +0100 + + session state: combined srp and dh prime bits variables + + They were being used for the same purpose, and SRP as well as + DH, do not overlap to require two different variables. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Nov 8 11:41:59 2017 +0100 + + session state: mark mod_auth_st_int as constant + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Nov 8 11:39:53 2017 +0100 + + dtls: cookie is stored dynamically when needed rather than in pre-allocated size + + That reduces the number of bytes used in cases where DTLS is not in use or + we are in server-side. + + Relates #281 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Oct 10 09:54:13 2017 +0200 + + removed legacy/unused rsa-related structures/functions + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Dmitry Eremin-Solenikov +Date: Sat Sep 23 21:43:45 2017 +0300 + + lib: simplify adding groups according to prioritites + + There is little point, remembering if EC or DHE came first and then + adding necessary groups checking that flag. Instead just add groups at + the time first EC or DHE ciphersuite is met. + + Signed-off-by: Dmitry Eremin-Solenikov + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Oct 4 09:21:06 2017 +0200 + + tests: added unit test for RDNs in cert callback + + This verifies whether the RDNs received at the callbacks under + TLS1.2 and TLS1.3 have the expected values (corresponding to the + certificates used). + + Resolves #297 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Oct 3 15:59:14 2017 +0200 + + gnutls_auth*_get_type: use gnutls_kx_get to retrieve key exchange + + That allows the functions to operate under TLS 1.3 which have + no key exchange as part of the ciphersuite. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Oct 3 15:28:07 2017 +0200 + + tests: check certificate callbacks under TLS 1.2 and 1.3 + + Resolves #278 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Oct 3 14:56:15 2017 +0200 + + tests: added unit tests for client certificate under TLS1.3 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Oct 3 14:21:33 2017 +0200 + + handshake: handle the certificate authorities extension + + That is, when sending or receiving the certificate request message. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Oct 3 13:59:39 2017 +0200 + + handshake: added support for client certificates + + That is, receive and parse a certificate request, certificate + verify, as well as certificate in server side. + + That way, client certificates + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Oct 3 11:48:28 2017 +0200 + + handshake: return GNUTLS_E_NO_CERTIFICATE_FOUND when no certificate is found in TLS1.3 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Oct 3 11:43:45 2017 +0200 + + handshake: send certificate request when requested + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Oct 6 11:00:16 2017 +0200 + + tests: added check for client hello random value after HRR + + That way we ensure that we follow the tls1.3 draft which requires + the second client hello to be identical to the initial one. + + Resolves #299 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Oct 6 11:16:17 2017 +0200 + + handshake: treat reply to HRR as a reply to hello verify request + + That is, re-use the client random value on the client hello which + is a reply to a hello retry request. + + Relates #299 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Oct 6 10:18:33 2017 +0200 + + tests: added key share behavioral test + + This verifies whether the gnutls_init() flags GNUTLS_KEY_SHARE_TOP, + GNUTLS_KEY_SHARE_TOP2, GNUTLS_KEY_SHARE_TOP3 behave as advertized. + + Resolves #284 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Oct 6 09:05:20 2017 +0200 + + key share: added flags to gnutls_init() to modify its default behavior + + That way the application can adjust the range of keys generated + during client hello attempting to guess the server's algorithm. + + Applications are intentionally not given the option to select the + algorithm in the key share, but rather chose from the prioritized + list of groups, to avoid a disconnect between the prioritized + groups, and the key share sent. + + Relates #284 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Nov 2 15:40:24 2017 +0100 + + handshake: initialize buffer prior to use + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Oct 4 10:55:48 2017 +0200 + + tests: added tests for TLS1.2- rollback detection + + That is, tests which check + * whether the server's generated values under TLS1.2- match the expected + * whether the client would fail on negotiation if the rollback values are detected + + Resolves #293 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Oct 4 10:33:11 2017 +0200 + + _gnutls_set_server_random: corrected TLS1.2 and TLS1.1 rollback detection + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Oct 3 11:08:04 2017 +0200 + + extensions: renamed _gnutls_hello_ext_*sdata to _gnutls_hello_ext_*priv + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Oct 3 09:35:52 2017 +0200 + + server_name: use the new API for ext data setting + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Oct 3 08:58:59 2017 +0200 + + extensions: enhanced extension lib with pack and unpack functions + + That allows the functionality to be used for the majority of extensions. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Oct 3 08:41:51 2017 +0200 + + tests: check the correct handling of cookie extension in client side + + Resolves #218 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Oct 3 08:39:58 2017 +0200 + + extensions: allow receiving and sending extensions which were not advertised by client side + + That is needed due to the special treatment of the cookie extension, + which is sent by the server in HRR even if it was not advertised by + the client. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Sep 29 16:41:09 2017 +0200 + + extensions: optimized gid_to_ext_entry() map on known extensions + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Sep 29 16:23:10 2017 +0200 + + extensions: avoid double loop when parsing received extensions + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Sep 29 15:40:36 2017 +0200 + + extensions: avoid looping to discover location of saved data + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Sep 29 15:16:04 2017 +0200 + + handshake: added support for reading and sending cookie extension + + That introduces an internal API to associate data to an extension. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Nov 13 08:45:09 2017 +0100 + + doc: document the GNUTLS_E_NO_COMMON_KEY_SHARE usage + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Sep 29 11:58:25 2017 +0200 + + tests: added unit test for hello retry request support + + Resolves #285 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Sep 29 14:24:54 2017 +0200 + + tests: rehandshake tests were restricted to TLS1.2 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Sep 29 14:11:34 2017 +0200 + + handshake: reduce assert printouts in common cases + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Sep 29 10:10:48 2017 +0200 + + handshake: accept hello retry request in client side + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Sep 29 09:08:59 2017 +0200 + + buf: _gnutls_buffer_pop_data made easier to use + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Sep 29 09:01:41 2017 +0200 + + handshake: simplified version parsing + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Sep 21 16:40:43 2017 +0200 + + handshake: send hello retry request when no key share matches + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Sep 29 12:54:38 2017 +0200 + + ext: do not advertize post handshake authentication + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Sep 29 08:21:54 2017 +0200 + + tests: check TLS1.3 record layer packet modification + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Sep 28 07:50:42 2017 +0200 + + handshake: split set_client_random to gen and set + + This aligns with set_server_random() and gen_server_random(). + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Sep 28 07:47:40 2017 +0200 + + handshake: only attempt to detect downgrade attacks if TLS1.3 is supported + + Otherwise, connections under TLS 1.2 may fail, even if client never enabled + TLS 1.3 support. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Sep 27 15:10:07 2017 +0200 + + nettle/pk: explicitly mark intentional fallthrough in switch cases + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Sep 22 16:59:31 2017 +0200 + + key share: removed duplicate message + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Sep 27 08:20:10 2017 +0200 + + tests: fix warning in rng-sigint.c + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Sep 27 08:58:26 2017 +0200 + + tests: improved tls-session-supplemental + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Sep 26 16:44:39 2017 +0200 + + kx: moved to new buffer API + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Sep 26 15:38:58 2017 +0200 + + handshake: moved to the new mbuffer API + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Sep 26 12:54:18 2017 +0200 + + handshake: use the new buffer type in TLS 1.3 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Sep 26 11:57:18 2017 +0200 + + handshake: new helper functions to use gnutls_buffer_st to generate mbuffers + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Sep 26 10:29:15 2017 +0200 + + tlsfuzzer: disable non TLS1.3-ready tests + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Sep 25 16:28:38 2017 +0200 + + tests: added tests for TLS1.3 record generation / parsing + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Sep 25 09:47:52 2017 +0200 + + tests: introduced basic TLS1.3 key exchange test suite + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Sep 25 16:26:45 2017 +0200 + + record: adjusted overhead calculation for TLS1.3 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Sep 25 14:49:23 2017 +0200 + + priority: include groups into priority when having a TLS1.3-only session + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Sep 25 09:46:32 2017 +0200 + + priority: do include all the version's signature semantics + + This resolves issue, which prevented handling certain types + of TLS1.3-only signatures, depending on the order of enabled + protocols. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Sep 25 09:32:25 2017 +0200 + + ext/key_share: corrected release of MPI parameters + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Sep 25 09:28:45 2017 +0200 + + ext/signature: explicitly prevent RSA/DSA and SHA1 signatures on TLS1.3 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Sep 22 16:55:36 2017 +0200 + + hello ext: reduce verbosity + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Sep 22 11:10:56 2017 +0200 + + constate.h: removed non-existing function + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Sep 22 10:55:43 2017 +0200 + + record: any alert is fatal under TLS1.3 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Sep 18 14:49:24 2017 +0200 + + extensions: introduced functions to obtain currently parsed message + + This allows the extension handling code to operate differently + on different messages. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Sep 21 09:30:39 2017 +0200 + + supported_versions: print the received versions + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Sep 21 12:58:51 2017 +0200 + + handshake: introduced server side handshake [2/2] + + That is, send server certificate verify and receive + certificate and certificate verify messages. In addition + introduced flags to mark the expected, or sent messages. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Sep 21 10:21:26 2017 +0200 + + cs: select certificate under TLS1.3 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Sep 21 09:53:47 2017 +0200 + + handshake: introduced server side handshake [1/2] + + That is, send certificate request and certificate in server side + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Sep 21 09:50:10 2017 +0200 + + ciphersuites: introduce a maximum supported TLS/DTLS version + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Sep 21 09:41:37 2017 +0200 + + handshake: properly set the default record version + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Sep 20 16:07:39 2017 +0200 + + handshake: send encrypted extensions handshake message + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Sep 15 13:54:25 2017 +0200 + + handshake: parse new session ticket message + + That does not include extension handling. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Sep 20 15:33:16 2017 +0200 + + str: added _gnutls_buffer_pop_prefix24 and _gnutls_buffer_pop_prefix8 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Sep 27 15:07:04 2017 +0200 + + str: use assert to mark impossible cases + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Sep 20 15:21:16 2017 +0200 + + str: allow creating a read-only buffer + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Sep 20 13:43:14 2017 +0200 + + gnutls_session_get_desc: more descriptive name for TLS1.3 ciphersuites + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Sep 15 09:11:37 2017 +0200 + + handshake: generate application keys + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Sep 15 08:30:52 2017 +0200 + + constate: added _gnutls_epoch_dup + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Sep 15 07:59:21 2017 +0200 + + constate: indentation fixes + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Sep 14 10:22:36 2017 +0200 + + handshake: added basic support for TLS 1.3 handshake in client side + + That does not include support for client certificates as it + requires extension handling improvements in order for extensions + to be context sensitive (now they cannot distinguish whether the + parsing routine is called during client hello or certificate request + reading) + + This does not include proper parsing of extensions present in + the certificate message. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Sep 13 14:19:12 2017 +0200 + + handshake: added parsing of encrypted extensions + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Sep 25 10:44:43 2017 +0200 + + crypto-api: introduce internal version of AEAD API + + This allows to initialize the TLS 1.3 connection state without + additional allocations as required by the external API. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Aug 11 15:16:51 2017 +0200 + + record: added TLS 1.3 record parsing and key derivation + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Jul 18 13:48:13 2017 +0200 + + handshake: introduced TLS 1.3 handshake client state machine outline + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Sep 20 11:56:28 2017 +0200 + + extensions: separate the hello extensions from others + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Sep 20 11:51:10 2017 +0200 + + hello_ext.h: removed non-existant function definition + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Sep 20 11:48:30 2017 +0200 + + extensions: files renamed to hello_ext + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Sep 20 11:46:55 2017 +0200 + + extensions: renamed hello extension handling functions appropriately + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Sep 20 11:40:54 2017 +0200 + + extensions: simplified semantics of store and check functions + + That is, _gnutls_extension_list_check was made a boolean function, + and both were renamed to more appropriate names such as, + _gnutls_hello_ext_is_present, _gnutls_hello_ext_save. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Sep 20 11:30:12 2017 +0200 + + extension: renamed functions to reflect purpose + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Sep 20 10:05:53 2017 +0200 + + extensions: use the low-level extension parsing code for hello parsing + + That's a step towards unification of TLS-type extension handling + for TLS 1.3. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Sep 20 09:46:34 2017 +0200 + + extv: introduced a low-level extension parsing code + + This will simplify the parsing and handling of extensions throughout + the TLS 1.3 message contents. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Sep 19 12:58:56 2017 +0200 + + extensions: simplified the extension tracking + + Instead of keep a list of the received TLS extension IDs, use the bits + in a variable to mark the received extensions. That reduces the + overall memory usage due to extension tracking. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Sep 19 12:48:14 2017 +0200 + + extensions: use an internal extension ID independent of the TLS id + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Sep 15 14:46:13 2017 +0200 + + str: rename _gnutls_buffer_pop_prefix to _gnutls_buffer_pop_prefix32 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Sep 15 14:45:20 2017 +0200 + + str: rename _gnutls_buffer_pop_datum_prefix to _gnutls_buffer_pop_datum_prefix32 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Sep 14 14:10:14 2017 +0200 + + security params: store PRF when packing session + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Sep 14 14:03:43 2017 +0200 + + handshake: simplify by storing a pointer to PRF mac entry + + That way, we avoid multiple function calls to obtain information + such as hash size, and other MAC properties. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Sep 14 12:13:09 2017 +0200 + + ext/signature: improved TLS 1.3 signature algorithm negotiation + + That is, we introduce a simpler way to handle multiple versions + of a single signature algorithm. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Sep 14 11:21:51 2017 +0200 + + str: added helper functions to read prefixed data with 8 or 16-bit headers + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Sep 14 09:44:58 2017 +0200 + + ecc: do not warn on receiving extension on client side + + This extension can be received used under TLS 1.3 on the client side. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Aug 14 14:30:07 2017 +0200 + + Added TLS 1.3 HKDF key derivation functionality + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Sep 12 10:30:59 2017 +0200 + + extensions: include extension number in debugging message + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Sep 12 10:12:41 2017 +0200 + + tests: check behavior on the extension hello flags + + That is, verify whether the various combinations of + GNUTLS_EXT_FLAG_CLIENT_HELLO, + GNUTLS_EXT_FLAG_TLS12_SERVER_HELLO, + GNUTLS_EXT_FLAG_TLS13_SERVER_HELLO + work as expected with regards to sending and receiving + extensions. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Sep 11 10:26:44 2017 +0200 + + extensions: apply extension msg type restrictions + + That is, on the extension parsing functions ensure that + no extension which are not valid for the currently + received message are parsed. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Sep 11 10:13:07 2017 +0200 + + extensions: mark the message validity of each supported extension + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Sep 11 09:50:58 2017 +0200 + + extensions: type renamed to id for clarity + + We were previously using the variable named 'type' to indicate the + extension ID. With TLS 1.3, extensions are also given an applicability + type (which message the extension applies to), and thus renamed the + variable for clarity. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Sep 12 08:03:59 2017 +0200 + + tests: guile: don't use VERS-TLS-ALL + + That is, avoid enabling experimental protocols. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Sep 12 08:00:00 2017 +0200 + + .gitlab-ci.yml: abi-coverage: include guile logs + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Aug 14 09:20:25 2017 +0200 + + nettle: added HKDF functions + + They are being included conditionally depending on the RSA-PSS feature + (RSA-PSS and HKDF are expected to be introduced at the same version). + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Sep 11 15:54:40 2017 +0200 + + gnutls-cli-debug: use explicit TLS versions rather than TLS-ALL + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Aug 15 15:37:04 2017 +0200 + + _gnutls_server_select_suite: don't set auth callbacks for TLS 1.3 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Aug 15 11:00:27 2017 +0200 + + supported_versions: print negotiated protocol + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Jul 18 15:35:21 2017 +0200 + + Negotiate draft-TLS1.3 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Jul 18 14:14:58 2017 +0200 + + handshake: added the TLS 1.3 ciphersuites + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Sep 11 11:45:39 2017 +0200 + + handshake: print negotiated version after its negotiation (for TLS1.3) + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Sep 11 11:33:31 2017 +0200 + + tests: fix TLS version to 1.2 for tests which used VERS-TLS-ALL + + This allows the test suite to run, even when TLS1.3 is still + experimental. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Jul 14 09:34:05 2017 +0200 + + Added support for key share extension + + This enables TLS 1.3 key exchange based on the key share extension. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Jul 18 09:23:53 2017 +0200 + + handshake: always accept TLS 1.2 in client hello if we have later protocols enabled + + That is because after TLS 1.3 there is no negotiation of the version using + the Client Hello field, but with an extension. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Jul 18 08:23:01 2017 +0200 + + require nettle 3.3 or later + + This will simplify handling of the x25519 key exchange. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Jul 14 09:10:11 2017 +0200 + + str: added function to append fixed-size MPI + + This is used in TLS 1.3 which introduces a new MPI over-the-wire + format. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Jul 13 11:57:26 2017 +0200 + + tests: resumption tests were restricted to TLS 1.2 + + TLS 1.3 implements resumption is a different way, so we should + introduce new resumption tests once that support is in place. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Jul 13 11:52:07 2017 +0200 + + ext/post_handshake: restrict the use of this extension to TLS 1.3 or later + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Jul 13 11:46:29 2017 +0200 + + handshake: optimizations and enhancements in session version handling + + This introduces the following new functions: + const version_entry_st *_gnutls_legacy_version_max(gnutls_session_t session); + const version_entry_st *_gnutls_version_max(gnutls_session_t session); + + which replace their previous counterparts. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Jul 13 11:21:24 2017 +0200 + + tests: check for post-handshake extension in TLS 1.2-only sessions + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Jul 13 11:14:56 2017 +0200 + + tests: added unit tests for post-handshake-auth extension + + These test whether this extension is seen under TLS 1.3 in client + hello, and whether it is not present in server hello. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Jul 13 10:33:18 2017 +0200 + + handshake: send client and server hellos according to TLS 1.3 + + That is, when TLS 1.3 is negotiated the compression algorithms and + session ID fields are no longer sent. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Jul 13 09:44:28 2017 +0200 + + Added support for post handshake auth extension + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Jul 12 13:40:19 2017 +0200 + + tests: updated for new behavior of disabling protocols on missing signature algorithms + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Jul 12 13:38:39 2017 +0200 + + tests: verify that no signature algorithms with (D)TLS 1.2 will cause an error + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Jul 12 13:33:46 2017 +0200 + + priorities: when no signature algorithms eliminate (D)TLS 1.2 or later + + If an application intentionally disables all signature algorithms, ensure + that we can operate by eliminating protocol options which require these + signature algorithms to be set. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Jul 12 13:16:10 2017 +0200 + + tests: safer use of gnutls_bye in _test_cli_serv() + + In addition make sure we check gnutls_priority_set() for errors. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Jul 12 09:40:46 2017 +0200 + + tests: added checks for special signature algorithms + + This tests the behavior when signature algorithms only available + under TLS1.3 are present in a TLS 1.2 session. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Jul 12 09:38:26 2017 +0200 + + tests: verify that +SIGN-ECDSA-SECP256R1-SHA256 has no effect when combined with TLS1.2 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Jul 12 08:56:18 2017 +0200 + + tests: added signature tests for ECDSA-SECP256R1-SHA256 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Jul 12 09:19:16 2017 +0200 + + priority: do not include signature algorithms that apply to different TLS version + + That is, when a signature algorithm that is only applicable + to specific TLS protocol semantics (e.g., ECDSA-SECP256R1-SHA256) + is enabled, under TLS 1.2, it will result to no code points being + added. That prevents connection errors due to "wrong" code + points being added that do not correspond to a usable signature + algorithm under the protocol. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Jul 11 14:07:43 2017 +0200 + + tests: updated for the new behavior of handshake + + Previously at handshake we would negotiate a ciphersuite and certificate + and later figure out a signature algorithm. Now we negotiate all at once, + so we no longer reach situations where mid-way of handshake we figure we + have no signature algorithm to use. Update the test cases relying on that + behavior to account the new one. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Jul 11 11:09:51 2017 +0200 + + pubkey: enforce TLS 1.3 signature restrictions on verification + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Jul 10 16:43:51 2017 +0200 + + ext/signature: added TLS 1.3 signature algorithm negotiation + + That patch adds the signature algorithms: + - GNUTLS_SIGN_ECDSA_SECP256R1_SHA256 + - GNUTLS_SIGN_ECDSA_SECP384R1_SHA384 + - GNUTLS_SIGN_ECDSA_SECP521R1_SHA512 + + and enables them for the default TLS priority strings. + In addition it allows negotiating signature algorithms sharing + the same TLS IDs, but which have different semantics between TLS + versions (e.g., 6,4 maps to GNUTLS_SIGN_ECDSA_SHA512 under TLS 1.2 + but to GNUTLS_SIGN_ECDSA_SECP521R1_SHA512 under TLS 1.3). + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Jun 19 15:20:00 2017 +0200 + + tests: added unit test for TLS 1.3 version negotiation + + This checks whether the Client Hello and Server Hello packets + contain the expected values. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Jun 19 14:17:40 2017 +0200 + + handshake: added support for negotiating version using extension + + That is, introduced the TLS 1.3 supported_versions extension. It is currently + only being used if negotiating TLS 1.3 or later. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Jun 19 13:30:46 2017 +0200 + + handshake: legacy version negotiation is not used for TLS 1.3 + + That is, ensure that the functions used for TLS 1.2 and earlier + negotiation cannot be used with TLS 1.3. That is because TLS 1.3 + is negotiated using a TLS extension. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Jun 19 11:57:22 2017 +0200 + + Added TLS 1.3 Hello message random generation + + That is, added check for TLS 1.3 random value requirements in client side, + and generation according to TLS 1.3 requirements for server and + client side. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Feb 19 14:57:55 2018 +0100 + + Revert "priority: disable the enabled by default RSA-PSS signature algorithms" + + This reverts commit ef44477127952c13e93d7ea88f7b549bf36602f5. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sat Feb 10 11:13:57 2018 +0100 + + updated auto-generated files + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Jan 22 11:52:19 2018 +0100 + + doc update + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Jan 30 07:41:26 2018 +0100 + + tests: check gnutls_fips140_set_mode operation per thread + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sun Jan 21 15:49:42 2018 +0100 + + tests: added unit test of gnutls_fips140_set_mode + + Also ensure that 512-bit keys cannot be generated + in FIPS140-2 mode + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Jan 22 11:40:42 2018 +0100 + + tests: gnutls_hmac_fast: explicitly enable MD5 use under FIPS140-2 mode + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Dec 21 12:38:29 2017 +0100 + + tests: gc.c -> gnutls_hmac_fast.c + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Jan 22 09:15:03 2018 +0100 + + doc: documented gnutls_fips140_set_mode and gnutls_fips_mode_t + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sun Jan 21 15:07:00 2018 +0100 + + fips140: added function for applications to switch the FIPS140-2 mode + + That would allow FIPS140-2 compliant applications to use forbidden + algorithms by switching to a lax FIPS140-2 mode. + + Resolves #352 + Resolves #353 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sun Jan 21 14:01:17 2018 +0100 + + fips140: enforcement of allowed ciphers moved to crypto-api.c and cipher_int.c + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Dec 20 15:36:59 2017 +0100 + + fips140: enforcement of hash and MACs use moved to crypto-api.c and hash_int.c + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Feb 19 08:38:35 2018 +0100 + + tests: srp: increased timeout to 40secs [ci skip] + + Since we increased the maximum parameters to 8k, ensure + that slower systems have enough time to complete the handshake. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sun Feb 18 20:58:07 2018 +0100 + + doc: updates NEWS entry for 3.6.2 adding ABI changes [ci skip] + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Feb 16 08:54:26 2018 +0100 + + latex: introduced functionWarning macro + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Feb 16 08:27:56 2018 +0100 + + bumped version + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Feb 13 16:34:09 2018 +0100 + + tests: check whether gnutls_credentials_set() can be set in an hsk hook + + This is useful when these are set during the handshake process + on the handshake hook before client hello is parsed. + + Relates #382 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Feb 13 16:47:16 2018 +0100 + + doc: documented how to set the credentials late in certain vhost scenarios + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Feb 13 16:21:52 2018 +0100 + + doc: updated text on gnutls_handshake_set_hook_function + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Feb 13 11:12:09 2018 +0100 + + doc update [ci skip] + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Feb 12 11:18:06 2018 +0100 + + priority: disable the enabled by default RSA-PSS signature algorithms + + They have been modified in the latest (yet unsupported) TLS 1.3 + drafts, so prevent causes interoperability failures by keeping them + on. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Feb 12 09:20:17 2018 +0100 + + tests: cipher-openssl-compat: extend to include CCM tests + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Michael Catanzaro +Date: Fri Feb 9 10:22:24 2018 -0600 + + Improve documentation of gnutls_x509_trust_list_iter_get_ca [ci skip] + + The documentation is confusing because it implies that + gnutls_x509_trust_list_iter_deinit() should be called after using this + function, but in fact it is generally not necessary. + + Also, there was a typo here ("usin"). + + Signed-off-by: Michael Catanzaro + +Author: Nikos Mavrogiannopoulos +Date: Wed Feb 7 18:59:39 2018 +0100 + + .gitlab-ci.yml: run the fuzz testsuite under various CPU capabilities + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Feb 7 09:24:18 2018 +0100 + + accelerated: make explicit key size check to all accelerated ciphers + + That is, do not rely on checks done on asm level, as they vary and + may change over updates. Also handle consistently invalid key sizes + by returning an error, and eliminate calls to abort(). + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Vitezslav Cizek +Date: Tue Feb 6 16:46:31 2018 +0100 + + accelerated: check keysize in SSSE3 cipher setkey + + aes_ssse3_cipher_setkey() accepted any key size, + which could lead to invalid memory access. + + Such as with the oss-fuzz corpora file + fuzz/gnutls_pkcs8_key_parser_fuzzer.in/da59d34eacdf50a0019a457fb7c4916be48c99a5 + + Signed-off-by: Vitezslav Cizek + +Author: Nikos Mavrogiannopoulos +Date: Thu Feb 8 14:32:42 2018 +0100 + + p11tool: updated documentation [ci skip] + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Feb 7 11:34:36 2018 +0100 + + nettle: use the nettle_get_secp API when available + + Resolves #380 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Dec 6 09:46:41 2017 +0100 + + nettle base64_encode_raw: use cast to avoid warnings + + Nettle switched prototypes for base64_encode_raw() as follows: + -base64_encode_raw(uint8_t *dst, size_t length, const uint8_t *src); + +base64_encode_raw(char *dst, size_t length, const uint8_t *src); + + That means we need to cast fist param to void if we want to avoid + warnings on different platforms. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Feb 6 14:40:59 2018 +0100 + + accelerated: x86-common: do not use _xgetbv() with clang + + Resolves #372 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Feb 6 14:37:42 2018 +0100 + + configure: treat solaris as ELF system + + Resolves #376 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Feb 6 04:03:45 2018 +0100 + + tests: repeat cipher test with multiple keys and nonces + + In addition include chacha20-poly1305 into the tests. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Feb 6 03:59:17 2018 +0100 + + accelerated: aarch64: fix GCM counter increment + + Ensure that we restrict the GCM counter to the 4 bytes assigned to it. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Feb 6 04:39:39 2018 +0100 + + accelerated: fix use of SSSE3 vpaes_encrypt + + Previously we assumed that the nettle GCM internal functions + will use the provided ECB function for single block encryption. + Newer versions no longer operate that way. Ensure that we + are compatible with them. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Feb 5 20:25:23 2018 +0100 + + accelerated: fix use of aesni_ecb_encrypt() + + Previously we assumed that the nettle GCM internal functions + will use the provided ECB function for single block encryption. + Newer versions no longer operate that way. Ensure that we + are compatible with them. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Feb 2 15:49:48 2018 +0100 + + serv: increase cache size used for resumption + + That allows sessions with longer parameters to be able + to be resumed. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Feb 2 11:09:22 2018 +0100 + + CONTRIBUTING.md: check the issue closing as part of review [ci skip] + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Feb 2 10:35:11 2018 +0100 + + gnutls-cli: no longer print certificate types or compression methods + + We don't support any other compression methods than the null compression, + nor any other certificate types. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Jay Foad +Date: Sat Jan 27 09:13:17 2018 +0100 + + Inline version macros into its users. + + This fixes a problem in _gnutls_version_is_supported() where we want to + use preprocessing directives in the loop body. Doing this within a macro + argument is undefined behaviour according to the C standard, and not + supported by the system compiler on AIX. + + Signed-off-by: Jay Foad + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Jan 26 15:49:53 2018 +0100 + + updated auto-generated files + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Jan 26 15:48:52 2018 +0100 + + certtool: deprecated the --certificate-pubkey option + + That option is duplicate since --pubkey-info can provide the same + information. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Jan 26 15:44:21 2018 +0100 + + certtool: avoid duplicate deinitialization on --certificate-pubkey + + Resolves #368 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sun Jan 21 12:25:10 2018 +0100 + + dh: document why BER decoding rules are allows + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sun Jan 21 12:19:12 2018 +0100 + + pubkey: use the strict DER decoder for SubjectPublicKeyInfo + + Although there is no explicit RFC mentioning the SubjectPublicKeyInfo + encoding, this structure is a subset of the X.509 certificate's structure + and as such it is expected to be in DER form. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sun Jan 21 11:36:20 2018 +0100 + + pk: document need for the generic BER decoder + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Jan 17 19:26:12 2018 +0100 + + doc update + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Jan 17 19:25:36 2018 +0100 + + tests: check whether deletion of a certificate object works + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Jan 17 19:15:46 2018 +0100 + + p11tool: corrected issue preventing the deletion of objects in batch mode + + Previously initialization of PIN callbacks would only happen during listing + of objects, which happened only in non-batch mode. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Jan 17 19:10:52 2018 +0100 + + p11tool: corrected type affecting use of --only-urls + + It would enable batch mode accidentally. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Jan 19 11:42:02 2018 +0100 + + tests: pkcs11/tls-neg-pkcs11-key: updated for softhsm with PKCS#11 support + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Jan 22 09:06:25 2018 +0100 + + added sub-section on selecting the right return value [ci skip] + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Jan 17 17:35:54 2018 +0100 + + doc update [ci skip] + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Jan 17 08:38:13 2018 +0100 + + examples: use gnutls_certificate_set_x509_system_trust + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Jan 12 16:14:23 2018 +0100 + + doc update + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Jan 12 13:23:03 2018 +0100 + + tests: privkey-verify-broken: addressed uninitialized var use + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Jan 10 15:41:50 2018 +0100 + + tests: check whether get_mtu() functions relate to the set values + + That is, verify that gnutls_dtls_set_data_mtu() value would be + reflected into gnutls_dtls_get_data_mtu(), as well as the + gnutls_dtls_set_mtu() to gnutls_dtls_get_mtu(). + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Jan 10 15:35:36 2018 +0100 + + tests: added unit test for _gnutls_record_overhead() + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Jan 12 09:01:54 2018 +0100 + + DTLS: improved data MTU calculation under CBC ciphersuites + + The data MTU calculation under CBC ciphersuites takes into + account that the overhead of these ciphersuites is constant (IV + + hash + 1 byte padding), though the capacity varies due to the padding + block. That is, on 16-byte padding block, one padding byte is the + overhead but the rest 15 bytes are accounted for data MTU. + + That also has the side effect that setting a data MTU using + gnutls_dtls_set_data_mtu(), is not definite, and the actual + MTU may be larger for these ciphersuites --i.e., the + return value of gnutls_dtls_get_data_mtu(). + + Resolves #360 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Jan 10 10:58:30 2018 +0100 + + fuzz: added reproducer for leak in gnutls_x509_crl_list_import + + That was detected by oss-fuzz in: + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=4930 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Jan 10 10:56:28 2018 +0100 + + gnutls_x509_crt_list_import: eliminated memory leak + + That leak would be triggered if GNUTLS_X509_CRT_LIST_IMPORT_FAIL_IF_EXCEED + flag was used and the input data would exceed the maximum limit. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Jan 9 11:31:45 2018 +0100 + + libtasn1: updated to latest libtasn1 master branch + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Jan 3 16:41:36 2018 +0100 + + gnutls_pkcs12_key_parser_fuzzer.in: added reproducer for oss-fuzz #4890 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sun Jan 7 09:55:37 2018 +0100 + + doc update [ci skip] + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Jan 3 16:27:03 2018 +0100 + + doc: updated copyright year for manual + + That eliminates the 'make syntax-check' error. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sat Dec 30 20:12:36 2017 +0100 + + tests: added reproducer for self-signed verification error + + Relates #347 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sat Dec 30 19:57:08 2017 +0100 + + x509/verify: when verifying against a self signed certificate ignore issuer + + That is, ignore issuer when checking the issuer's parameters strength. That + resolves the issue of marking self-signed certificates as with insecure + parameters during verification. + + Resolves #347 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Dec 20 08:16:29 2017 +0100 + + gnutls_pk_self_test: include ECDSA tests on GNUTLS_PK_EC + + Previously when a request for a specific self check on GNUTLS_PK_EC + was done, only ECDH tests would be run. This change includes the ECDSA + tests as well (GNUTLS_PK_EC and GNUTLS_PK_ECDSA are an alias to each other). + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Dec 19 16:40:59 2017 +0100 + + tests: hash-large: increase parallelism to allow fast run in CI + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Dec 8 11:14:58 2017 +0100 + + doc: reference gnutls_prf_rfc5705 instead of gnutls_prf + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sun Dec 3 11:34:32 2017 +0100 + + tests: utils.h: forbid compilation with NDEBUG + + This allows to rely on the assert() macro being functional on + the test suite. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sun Dec 3 10:49:12 2017 +0100 + + tests: p11-kit-load.sh: verify that all modules are loaded after a private key operation + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Nov 30 15:08:22 2017 +0100 + + tests: enhanced pkcs11/list-tokens + + This not only creates a trust list with the system certificates, but + also attempts to verify a certificate, increasing the number of calls + to PKCS#11 verification API (and thus ensuring there are no calls + which may trigger the load of other modules). + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Nov 30 14:31:07 2017 +0100 + + pkcs11 verification: always use the GNUTLS_PKCS11_OBJ_FLAG_PRESENT_IN_TRUSTED_MODULE + + That is, make sure that all our calls to PKCS#11 subsystem for verification + will only trigger the trust module initialization, and not the generic + PKCS#11 initialization. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Nov 30 14:28:46 2017 +0100 + + pkcs11: simplify trusted module loading state + + That is always utilize the same flags (GNUTLS_PKCS11_OBJ_FLAG_PRESENT_IN_TRUSTED_MODULE) + to determine whether to initialize trusted modules only or + proceed with general initialization. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Nov 30 12:52:57 2017 +0100 + + _gnutls_pkcs11_check_init: improved transition between states + + The init_level_t for PKCS#11 modules, was incorrectly handled as a + linear state transition, causing few cases in the transition to be + incorrectly handled. Define precisely the state transitions and + enforce them in _gnutls_pkcs11_check_init. + + That addresses a regression introduced by the previous state handling + addition, which made impossible to switch from the trusted state to + the all modules. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Nov 30 11:44:14 2017 +0100 + + tests: corrected destructive/p11-kit-load.sh error checking + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Daiki Ueno +Date: Fri Dec 1 11:13:29 2017 +0100 + + gnutls-serv: fix double-free on inactivity timeout + + Previously, gnutls-serv --echo segfaulted when closing client + connection after inactivity timeout. Here is the valgrind output: + + ==20246== Invalid free() / delete / delete[] / realloc() + ==20246== at 0x4C2FD18: free (vg_replace_malloc.c:530) + ==20246== by 0x405310: listener_free (serv.c:154) + ==20246== by 0x408B57: tcp_server (serv.c:1568) + ==20246== by 0x407DA6: main (serv.c:1231) + ==20246== Address 0x6ed4fe0 is 0 bytes inside a block of size 3 free'd + ==20246== at 0x4C2FD18: free (vg_replace_malloc.c:530) + ==20246== by 0x408A1D: tcp_server (serv.c:1548) + ==20246== by 0x407DA6: main (serv.c:1231) + ==20246== Block was alloc'd at + ==20246== at 0x4C2EB6B: malloc (vg_replace_malloc.c:299) + ==20246== by 0x6A64489: strdup (in /usr/lib64/libc-2.25.so) + ==20246== by 0x407310: get_response (serv.c:948) + ==20246== by 0x408840: tcp_server (serv.c:1492) + ==20246== by 0x407DA6: main (serv.c:1231) + ==20246== + + Signed-off-by: Daiki Ueno + +Author: Daiki Ueno +Date: Tue Nov 28 15:45:59 2017 +0100 + + .dir-locals.el: new file + + This forces Emacs to use the Linux kernel coding style for all C code. + + Signed-off-by: Daiki Ueno + +Author: Daiki Ueno +Date: Tue Nov 28 15:45:54 2017 +0100 + + build: remove m4 files pulled in by autopoint + + Having these files in the git repository causes unnecessary changes + after "make bootstrap". + + Signed-off-by: Daiki Ueno + +Author: Nikos Mavrogiannopoulos +Date: Wed Nov 29 17:16:41 2017 +0100 + + gnutls_aead_cipher_init: corrected potential memory leak + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Nov 28 14:28:46 2017 +0100 + + doc: provided basic documentation of the FIPS140-2 mode [ci skip] + + Resolves #332 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Nov 27 09:42:26 2017 +0100 + + tests: verify whether group remains the same after resumption + + Resolves #331 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Nov 27 09:31:52 2017 +0100 + + _gnutls_set_resumed_parameters: restore the group from resumed parameters + + That allows resumed sessions to have the original group information such as + curve used for key exchange or FFDHE parameters. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Sep 27 08:19:01 2017 +0200 + + tests: removed unnecessary assert + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Oct 10 14:23:20 2017 +0200 + + tests: delete temporary files + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Nov 8 11:47:22 2017 +0100 + + session state: use the right type for send_cert_req variable + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Nov 24 08:17:40 2017 +0100 + + tests: client-fastopen: introduce child signal handler and delay prior to starting + + This addresses a hang issue on freebsd builds. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Nov 22 17:36:30 2017 +0100 + + psktool: allow up to 512-byte keys + + This aligns the psktool --help output with the psktool operation. + + Suggested by Jack Lloyd. + + Resolves #327 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Nov 21 20:26:43 2017 +0100 + + getfuncs-map.pl: added gnutls_srp_8192_group* symbols to ignore list + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Nov 21 19:24:29 2017 +0100 + + updated auto-generated files + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Nov 21 19:17:01 2017 +0100 + + srptool: --create-conf no longer includes 1024-bit parameters + + In addition it includes the 8192-bit parameters, and + the default params used for a new user are the 2k ones. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Nov 21 13:23:21 2017 +0100 + + tests: updated SRP checks + + Test 1024, 1536, 2048, 3072, 4096 and 8192 bit parameters. + In addition, verify that parameters not in the SRP spec are + rejected by a gnutls client. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Nov 21 13:05:12 2017 +0100 + + .gitlab-ci.yml: move destructive tests after trust store tests + + That is, to ensure they are only run after the trust store + is complete and that it doesn't affect its output. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Nov 20 14:43:21 2017 +0100 + + doc update + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Nov 20 14:34:20 2017 +0100 + + tests: include the 8192-bit SRP prime into param checks + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Nov 20 14:33:33 2017 +0100 + + srp: added the 8192-bit prime + + As we now reject any primes not in the SRP spec, we include + that parameter to ensure we can handle clients within the + spec but with large parameters. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Nov 20 14:10:02 2017 +0100 + + srp: reject any parameters not in the SRP draft + + This implements the SHOULD requirement from RFC5054, i.e., to + only accept group parameters that come from a trusted source, + such as those listed in Appendix A. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Nov 20 14:07:12 2017 +0100 + + fuzz: srp-client: decreased acceptable prime bits to 1024 [ci skip] + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Nov 9 09:47:10 2017 +0100 + + tests: combined key and cert tests + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Nov 9 09:40:23 2017 +0100 + + tests: windows subdir is only included on windows builds + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Nov 8 16:32:48 2017 +0100 + + tests: dtls subdir was merged into main tests + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Nov 20 13:49:55 2017 +0100 + + fuzz: srp-client: restrict prime bits to 1537 [ci skip] + + That avoids timeouts in the oss-fuzz infrastructure: + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3277 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sun Nov 19 16:39:16 2017 +0100 + + doc: corrected typo + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Nov 16 16:57:29 2017 +0100 + + doc: better detect acronym keyword on latex output + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Nov 16 16:53:46 2017 +0100 + + doc: latex: resolve all citation issues + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Nov 16 16:43:21 2017 +0100 + + doc: citations translate into references in texinfo + + That makes the citations to be links in the generated html manual. + + Resolves: #321 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Nov 13 11:03:35 2017 +0100 + + p11tool: renamed pkcs11_set_pin() to allow static linking + + Resolves #322 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Nov 15 11:47:31 2017 +0100 + + cfg.mk: do not include reproducer files into syntax checks + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Nov 15 10:31:00 2017 +0100 + + gnutls_x509_ext_import_proxy: corrected memory leak + + Also added reproducer for the memory leak found. + + Issue found using oss-fuzz: + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3159 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Nov 8 13:56:56 2017 +0100 + + tools: do not access unused variables + + This avoids warnings by static analyzers. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Nov 8 10:51:51 2017 +0100 + + .gitlab-ci.yml: disabled gcc warnings on CI builds and use dash + + That should decrease the time spent in configure. Based on suggestions + by Tim Ruehsen. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sun Nov 5 20:46:47 2017 +0100 + + .gitlab-ci.yml: use configure cache file and ccache + + That reduces the total time spent per build by caching configure + checks, and compilation artifacts. + + Also that patch set no longer uploads coverage files as artifacts. + These files are not generally useful, and removing that "feature" + will reduce CI running time. + + Signed-off-by: Nikos Mavrogiannopoulos + Signed-off-by: Dmitry Eremin-Solenikov + +Author: Nikos Mavrogiannopoulos +Date: Sat Nov 4 17:18:23 2017 +0100 + + doc: corrected typo [ci skip] + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Nov 3 15:10:03 2017 +0100 + + tests: list-tokens: not only list but also verify whether module is operational + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Nov 3 15:03:35 2017 +0100 + + pkcs11: refuse to load modules with duplicate information + + That is, when ck_info matches, we soft fail loading the module. + That is, because in several cases the pointers got by p11-kit + may differ for the same modules. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Nov 3 14:33:24 2017 +0100 + + tests: enhanced PKCS#11 loading test + + Test whether implicit initialization in trusted module (e.g., + via verification), would result to proper initialization of additional + modules once a PCKS#11 function is called. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Oct 30 13:51:33 2017 +0100 + + tests: added PKCS#11 module loading test + + This checks: + 1. Whether all modules are loaded from p11-kit when + no explicit gnutls_pkcs11_init() is called and + pkcs11 calls are accessed. + 2. Whether only the trusted modules are loaded from + p11-kit and no other PKCS#11 calls than PKCS#11 + cert validation is performed. + 3. Whether the trusted modules are loaded when + gnutls_pkcs11_init() is called with manual + flag. + + Resolves #315 + Resolves #316 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Oct 30 11:29:38 2017 +0100 + + pkcs11: allow loading trusted modules when pkcs11 was initialized in manual mode + + When a PKCS#11 trust module is used in the system, but gnutls_pkcs11_init() + is explicitly called with GNUTLS_PKCS11_FLAG_MANUAL flag, then the PKCS#11 + trust store was not loaded, and thus prevent any certificate validation. + + This change allows initializing the trust modules only even if generic + PKCS#11 support is disabled by the application. + + Relates #316 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Oct 30 09:57:09 2017 +0100 + + pkcs11: introduce multiple levels of loading + + That allows to load the PKCS#11 trusted modules (on systems which use them) + without loading all the potentially present PKCS#11 modules. + + Relates #315 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Oct 31 09:18:15 2017 +0100 + + CONTRIBUTING.md: added a short text on reviewing code [ci skip] + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Roberto Newmon +Date: Sun Oct 29 08:30:02 2017 +0000 + + Fix non-null warning + + Help the compiler understand the control flow in the MATCH_FUNC and + INVALID_MATCH_FUNC macros. + + Because we are using macros, the compiler is not able to correlate the + replaced values of the macro variables to each other yielding non-null + warnings. Introduce a C variable to mimic the macro variable helping + the compiler understanding the control flow. + +Author: Nikos Mavrogiannopoulos +Date: Sat Oct 21 15:17:22 2017 +0200 + + tests: test whether PKCS#11 generation works without login + + Resolves #147 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sat Oct 21 15:10:03 2017 +0200 + + p11tool: attempt to auto-login when the token requires it + + In operations like generation or writing objects, run as if --login + was given if the token is marked to require login. + + Relates #147 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sat Oct 21 15:01:53 2017 +0200 + + p11tool: print PKCS#11 token flags in --list-tokens + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sat Oct 21 14:53:37 2017 +0200 + + pkcs11: forward token flags to applications + + That is, gnutls_pkcs11_token_get_flags() will not return the + most common/useful PKCS#11 token flags, in addition to trusted and HW + flags. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sat Oct 21 09:44:37 2017 +0200 + + doc update [ci skip] + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sat Oct 21 02:18:07 2017 +0200 + + doc update + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Oct 19 10:14:33 2017 +0200 + + doc update [ci skip] + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Thomas Klute +Date: Wed Oct 18 19:50:57 2017 +0200 + + gnutls_server_name_set: Clarify meaning of the name_length parameter [ci skip] + + Signed-off-by: Thomas Klute + +Author: Nikos Mavrogiannopoulos +Date: Wed Oct 18 15:57:53 2017 +0200 + + doc: mention SHA224 removal in upgrade guide + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Oct 18 15:55:57 2017 +0200 + + bumped version + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Oct 18 10:18:33 2017 +0200 + + gnutls-serv: print the right error code on OCSP request setting + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Oct 18 13:42:21 2017 +0200 + + ocsptool: doc update + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Oct 16 11:41:36 2017 +0200 + + doc update [ci skip] + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Sep 27 13:25:02 2017 +0200 + + cmp_hsk_types: fixed check for SSLv2 hello + + Previously, if SSLv2 hello support was disabled, the check for + the expected TLS message was incorrect. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sat Oct 7 10:06:09 2017 +0200 + + doc: improve documentation on provable private keys + + Resolves #301 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sat Oct 7 09:44:54 2017 +0200 + + doc: enhanced text on PKCS#7 and public keys + + Resolves #302 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sun Oct 1 12:20:18 2017 +0200 + + tests: check whether key IDs with SHA512 are corrected calculated + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sun Oct 1 12:18:54 2017 +0200 + + certtool: allow using SHA512 for key IDs + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sun Oct 1 12:17:26 2017 +0200 + + _gnutls_get_key_id: introduce flag GNUTLS_KEYID_USE_SHA512 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sun Oct 1 12:14:11 2017 +0200 + + tests: check fingerprint generation with SHA512 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sun Oct 1 12:12:25 2017 +0200 + + certtool: allow using --fingerprint with sha384 or sha512 + + Resolves #295 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Andreas Metzler +Date: Wed Sep 27 19:21:59 2017 +0200 + + Modernize gtk-doc support + + Update gtk-doc.make, m4/gtk-doc.m4 and doc/reference/Makefile.am from + gtk-doc git head (that is 1.26 + + c08cc78562c59082fc83b55b58747177510b7a70). + Disable gtkdoc-check. + + Signed-off-by: Andreas Metzler + +Author: Rowan Thorpe +Date: Wed Sep 27 21:41:43 2017 +0300 + + Fix autoreconf invocation to actually run autopoint + + Signed-off-by: Rowan Thorpe + +Author: Nikos Mavrogiannopoulos +Date: Mon Sep 25 16:57:31 2017 +0200 + + CONTRIBUTING.md: added some text on introducing new APIs [ci skip] + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sun Sep 24 10:52:08 2017 +0200 + + tests: re-purposed client_dsa_key test to match new behavior of the library + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sun Sep 24 10:47:05 2017 +0200 + + tests: update TLS 1.2 tests to account for RSA-PSS client signatures + + On commit de4f55b4dcf4bbe8f788e1f8f5bd59cd596f7d36: + "signature: on client side, refuse to negotiate non-enabled signature schemes" + + the behavior of allowing a client to utilize disabled for the session + signatures, and thus the negotiated signatures now match the ones + in the session's priority string. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sat Sep 23 08:37:50 2017 +0200 + + signature: on client side, refuse to negotiate non-enabled signature schemes + + That amends/reverts commit 6aa8c390b08a25b18c0799fbd42bd0eec703fae4: + "On client side allow signing with the signature algorithm of our cert" + + Previously, when we initially disabled DSA, we allowed client certificates + which can do DSA-SHA1 to be utilized to ease migration from these certificates. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Sep 15 09:53:01 2017 +0200 + + _gnutls_epoch_gc: ensure there are no stray epochs after gc + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Sep 15 09:29:30 2017 +0200 + + constate: simplified allocation of epochs + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Sep 15 08:26:22 2017 +0200 + + _gnutls_epoch_get(): simplified use + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sun Sep 24 17:42:01 2017 +0200 + + gnutls_x509_crt/q_set_spki: always initialize the spki structure + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sat Sep 23 11:17:21 2017 +0200 + + gnutls-cli: always initialize the inline commands struct + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sat Sep 23 11:13:31 2017 +0200 + + gnutls-cli-debug: eliminated memory leaks + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sat Sep 23 11:11:27 2017 +0200 + + ocsptool: eliminate memory leaks + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sat Sep 23 11:09:00 2017 +0200 + + certtool: use assert to protect var access + + The code correctly uses the variables, but the assert ensures + that static analyzers follow the intended paths too. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sat Sep 23 11:06:53 2017 +0200 + + srptool: removed unused variables + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sat Sep 23 11:06:24 2017 +0200 + + psktool: remove unused variables + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sat Sep 23 11:05:18 2017 +0200 + + gnutls-cli: fix memory leak + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sat Sep 23 11:04:21 2017 +0200 + + tools: eliminated dead assignments + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sat Sep 23 10:59:58 2017 +0200 + + ocsptool: check chain size on verification + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Sep 19 11:08:19 2017 +0200 + + .gitlab-ci.yml: use static analyzer and Werror build in src + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sat Sep 23 08:29:17 2017 +0200 + + tests: enhanced resumption checks with same and different SNI + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sat Sep 23 08:19:21 2017 +0200 + + server name: refuse to resume a session which server name doesn't match + + That is, follow the RFC6066 requirement that server: + "MUST NOT accept the request to resume the session if the + server_name extension contains a different name." + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sat Sep 23 10:47:15 2017 +0200 + + gnutls-cli: eliminate few memory leaks + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Thomas Klute +Date: Thu Sep 21 11:00:33 2017 +0200 + + tests: New test for SNI parsing during cache-based session resumption + + Signed-off-by: Thomas Klute + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Thomas Klute +Date: Thu Sep 21 10:45:05 2017 +0200 + + Ensure the SNI extension is parsed during cache-based resumption + + This patch changes the parse_type of the SNI extension to + GNUTLS_EXT_MANDATORY to ensure it is parsed during every handshake. + + With SNI previously classified as GNUTLS_EXT_APPLICATION, GnuTLS + servers ignored the SNI extension when resuming a TLS session from + cache, because "application" level extensions are skipped during + resumption. As a result, gnutls_server_name_get() always returned + GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE when called on the resumed + session, breaking virtual server systems. + + According to RFC 6066, Section 3 the SNI extension must be parsed on + session resumption if implemented at all: + + "A server that implements this extension MUST NOT accept the request + to resume the session if the server_name extension contains a + different name." + + This change allows applications using GnuTLS to match SNI data on + resumed sessions. + + Signed-off-by: Thomas Klute + +Author: Dmitry Eremin-Solenikov +Date: Mon Sep 18 17:06:15 2017 +0300 + + tests: explicitly check for gnutls.pc in pkgconfig.sh + + Signed-off-by: Dmitry Eremin-Solenikov + +Author: Dmitry Eremin-Solenikov +Date: Mon Sep 18 13:33:53 2017 +0300 + + test: use proper library name in pkgconfig.sh error message + + If there is a -R flag in p11-kit-1.pc file, pkgconfig.sh test will still + reference libidn2.pc, rather than proper source of the message. Also + move the test for library flags before updating PKG_CONFIG_PATH. + + Signed-off-by: Dmitry Eremin-Solenikov + +Author: Dmitry Eremin-Solenikov +Date: Mon Sep 18 13:32:40 2017 +0300 + + tests: use libidn2 in pkgconfig.sh + + Since abe6a12b9766219163f99d7807a0b07fbe5f590c GnuTLS does not support + libidn1. Switch pkgconfig.sh test to use libidn2. + + Signed-off-by: Dmitry Eremin-Solenikov + +Author: Tim Rühsen +Date: Tue Sep 19 20:36:22 2017 +0200 + + parse-datetime: Fix buffer overflow + +Author: Nikos Mavrogiannopoulos +Date: Mon Sep 18 15:35:32 2017 +0200 + + tlsfuzzer: document the reason of failure of few fragmentation tests + + It seems that gnutls does not accept records carrying handshake messages + that contain less bytes than necessary to recover the handshake header. + The TLS protocol allows that option, and other implementations seem to + accept that fragmentation. + + Relates #272 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sat Sep 16 18:21:36 2017 +0200 + + parse_handshake_header: removed duplicate check + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sat Sep 16 14:03:54 2017 +0200 + + ecdh: return more appropriate error code on empty packet + + This makes tlsfuzzer's test-x25519 detect the right error + code on empty message. Previously this issue was masked by our + refusal to accept 1-byte sized fragments. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Sep 15 16:34:02 2017 +0200 + + parse_handshake_header: allow 1-byte sized fragments + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Sep 15 16:21:02 2017 +0200 + + tests: added reproducer for DTLS infinite loop + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Tim Rühsen +Date: Mon Sep 18 20:55:25 2017 +0200 + + pkcs11/get_key_algo_type(): Always initialize bits variable + + Signed-off-by: Tim Rühsen + +Author: Tim Rühsen +Date: Mon Sep 18 20:53:23 2017 +0200 + + tests/base64-raw: Remove unused variable + + Signed-off-by: Tim Rühsen + +Author: Tim Rühsen +Date: Mon Sep 18 15:54:19 2017 +0200 + + gnutls.h: Remove redundant function declarations + + Signed-off-by: Tim Rühsen + +Author: Nikos Mavrogiannopoulos +Date: Thu Sep 14 11:56:27 2017 +0200 + + x509: removed debugging code [ci skip] + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Jun 27 13:58:58 2017 +0200 + + tests: modified the MD5 signature algorithm negotiation tests + + Since GnuTLS can no longer negotiate MD5, we utilize a byte stream + of a connection which advertises MD5, and we make sure we detect the + right error code for the rejection of MD5 signature. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Jun 27 08:42:10 2017 +0200 + + doc update + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Jun 27 08:36:01 2017 +0200 + + tlsfuzzer: no longer include tests involving SHA224 signatures + + We no longer support them. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Jun 26 15:04:32 2017 +0200 + + algorithms/sign: removed TLS identifiers for legacy algorithms + + That is, for the MD5-using algorithms, as well as for the DSA2 + signature algorithms that were never really used with TLS 1.2. + + Kept DSA-SHA1 in order to be used by TLS 1.2 and legacy applications. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Jun 26 15:02:47 2017 +0200 + + algorithms/sign: legacy signature algorithms were moved toward the end of the list + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Jun 26 14:58:17 2017 +0200 + + algorithms/sign: no longer enable SHA224 hash in signatures + + TLS 1.3 requires that SHA224 MUST NOT be used, and given the + fact that SHA224 was never widespread used in TLS 1.2, there + is no reason to keep these algorithms at all. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Sep 8 16:19:38 2017 +0200 + + tlsfuzzer: added large client hello tests + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Sep 8 15:16:55 2017 +0200 + + win32: removed no longer used subdir + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Sep 8 14:01:09 2017 +0200 + + .gitlab-ci.yml: added warning cppcheck checks + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Sep 7 16:54:24 2017 +0200 + + .gitlab-ci.yml: removed initialization step + + That is, combine syntax-check with the static analyzers run. That + provides more parallelism per build and reduces the overall time + spent on a successful run. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Sep 7 16:20:01 2017 +0200 + + doc: added README on FreeBSD CI setup + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Sep 7 16:21:44 2017 +0200 + + .gitlab-ci.yml: added FreeBSD build + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Sep 7 17:05:57 2017 +0200 + + tests: ip-utils: added include for FreeBSD compilation + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Sep 7 14:12:20 2017 +0200 + + .gitlab-ci.yml: enable more cppcheck tests + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Sep 8 12:15:47 2017 +0200 + + tests: updated tlsfuzzer to reduce rsa-pss failures + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Sep 7 15:51:57 2017 +0200 + + crq: doc update + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Sep 7 09:31:30 2017 +0200 + + tests: added unit test for gnutls_x509_crq_sign + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Sep 7 09:11:06 2017 +0200 + + tests: added verification checks into crl_apis + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Sep 7 09:10:20 2017 +0200 + + gnutls_x509_crl_verify: check next update field for presence + + If not present do not attempt to utilize its value. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Sep 7 08:33:24 2017 +0200 + + tests: added verification check into crt_apis + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Sep 7 08:30:13 2017 +0200 + + tests: added unit test for gnutls_x509_crt_sign + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Sep 7 08:24:41 2017 +0200 + + doc update + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Sep 7 09:23:28 2017 +0200 + + gnutls_x509_crq_sign: undeprecate + + After the updates of the function semantics, it is no longer + needed to deprecate it. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Sep 7 09:13:54 2017 +0200 + + gnutls_x509_crl_sign: undeprecate + + After the updates of the function semantics, it is no longer + needed to deprecate it. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Sep 7 09:21:16 2017 +0200 + + gnutls_x509_crq_sign: no longer sign with SHA1 + + Modify the behavior of the functions to sign with an appropriate + to the public key hash algorithm. That although it modifies the + semantics of the functions, it allows them to be useful even after + SHA1 is considered insecure. + + In addition to that, the functions which accept a hash algorithm, will + accept a null hash, which instructs the function to select a + reasonable choice. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Sep 7 08:21:47 2017 +0200 + + gnutls_x509_*_sign: no longer sign with SHA1 + + Modify the behavior of the functions to sign with an appropriate + to the public key hash algorithm. That although it modifies the + semantics of the functions, it allows them to be useful even after + SHA1 is considered insecure. + + In addition to that, the functions which accept a hash algorithm, will + accept a null hash, which instructs the function to select a + reasonable choice. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Sep 7 08:12:05 2017 +0200 + + doc: document the change of gnutls_x509_crt_sign + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Sep 8 08:31:42 2017 +0200 + + tests: tolerate leaks in opensc-pkcs11 when present + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Sep 7 08:08:12 2017 +0200 + + doc update + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Sep 6 14:51:59 2017 +0200 + + tests: added reproducer for safe renegotiation failure with openssl + + Relates #259 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Sep 6 15:11:00 2017 +0200 + + handshake: check SCSVs prior to resuming a session + + This ensures that extensions which are also available as SCSVs + are parsed prior to resuming a session. This resolves an issue + with openssl sending SCSV instead of an extension for the safe + renegotiation. + + Relates #259 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Thomas Klausner +Date: Wed Sep 6 19:16:30 2017 +0200 + + Use $(LIBDL) instead of hardcoding -ldl. + +Author: Nikos Mavrogiannopoulos +Date: Wed Sep 6 14:34:20 2017 +0200 + + cmocka: require 1.0.1 + + This prevents failures in test suite due to insufficient cmocka + library version. + + Resolves #268 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Sep 6 09:46:05 2017 +0200 + + tlslite-ng: updated to latest version + + This addresses issues with RSA-PSS signing. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Avinash Sonawane +Date: Thu Aug 31 18:05:04 2017 +0530 + + cli-debug-args.def: Fix typo + + Signed-off-by: Avinash Sonawane + +Author: Nikos Mavrogiannopoulos +Date: Tue Aug 29 15:38:49 2017 +0200 + + latex: handle the deprecated function mark [ci skip] + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Aug 29 13:56:58 2017 +0200 + + .gitlab-ci.yml: give more specific name to windows job artifacts [ci skip] + + This allows a more descriptive name to any downloaded artifacts. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Aug 28 15:16:58 2017 +0200 + + tools: removed re-using PIN message when in non-verbose mode + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Aug 28 12:57:38 2017 +0200 + + p11tool: print public or private key algorithm + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Aug 28 14:20:36 2017 +0200 + + gnutls_pkcs11_privkey_generate3: doc update [ci skip] + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sat Aug 26 17:27:09 2017 +0200 + + tests: check whether generated private keys are marked private + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sat Aug 26 17:16:26 2017 +0200 + + tests: added unit test of p11tool with --set-pin + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sat Aug 26 17:02:28 2017 +0200 + + tests: check whether generated or copied keys are marked as sensitive + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Aug 25 15:58:14 2017 +0200 + + updated auto-generated files + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Aug 25 15:56:49 2017 +0200 + + p11tool: allow obtaining PIN from command line on operations + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Aug 25 14:49:33 2017 +0200 + + certtool: eliminate global use of default_dig + + Use instead the cinfo->hash field which is already used + by p11tool. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Aug 25 12:01:37 2017 +0200 + + tests: krb5-test: disable valgrind mem leak checks for negative checks + + Resolves #192 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Aug 25 11:47:28 2017 +0200 + + doc update + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Aug 25 11:41:47 2017 +0200 + + tests: check whether p11tool signing with RSA-PSS works + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Aug 25 10:53:51 2017 +0200 + + p11tool: allow signing with RSA-PSS and specifying an explicit hash + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Aug 25 10:41:27 2017 +0200 + + sign_params_to_flags: moved to certtool-common.c + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Aug 25 10:33:27 2017 +0200 + + certtool: hash_to_id moved to certtool-common.c + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Andreas Metzler +Date: Sat Aug 26 17:49:28 2017 +0200 + + Fix some typos [ci skip] + + occurence -> occurrence + sucessful -> successful + + Signed-off-by: Andreas Metzler + +Author: Tom Vrancken +Date: Fri Aug 25 19:54:58 2017 +0200 + + Fixed segmentation faults caused by accessing NULL pointers during mutex operations. This bug was triggered while setting priorities. + + Signed-off-by: Tom Vrancken + +Author: Nikos Mavrogiannopoulos +Date: Fri Aug 25 16:15:24 2017 +0200 + + p11tool: explicitly mark generated keys as sensitive + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Alon Bar-Lev +Date: Sat Aug 26 00:16:03 2017 +0300 + + tests: windows: warning: function declaration isn't a prototype + + Signed-off-by: Alon Bar-Lev + +Author: Alon Bar-Lev +Date: Fri Aug 25 23:45:44 2017 +0300 + + tests: warning: implicit declaration of function + + Signed-off-by: Alon Bar-Lev + +Author: Nikos Mavrogiannopoulos +Date: Thu Aug 24 17:03:17 2017 +0200 + + m4: updated ax_code_coverage.m4 [ci skip] + + This version fixes a bug which prevented including the branch coverage + into output. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Tim Rühsen +Date: Mon Aug 21 15:19:25 2017 +0200 + + fuzzer: Enhance code coverage of gnutls_base64_encoder_fuzzer + + Signed-off-by: Tim Rühsen + +Author: Tim Rühsen +Date: Mon Aug 21 15:16:55 2017 +0200 + + fuzzer: Add script 'view-coverage' + + This helper script is for viewing the code coverage of + single (or combined) fuzzers running with all his corpora. + + It helps optimizing the code coverage by hand-crafting corpora + and/or dictionaries. + + Signed-off-by: Tim Rühsen + +Author: Tim Rühsen +Date: Mon Aug 21 14:22:58 2017 +0200 + + fuzzer: Change CFLAGS -O0 to -O1 in fuzz/README.md + + Signed-off-by: Tim Rühsen + +Author: Tim Rühsen +Date: Mon Aug 21 14:20:54 2017 +0200 + + fuzzer: Update corpora from oss-fuzz + + Signed-off-by: Tim Rühsen + +Author: Nikos Mavrogiannopoulos +Date: Thu Aug 24 15:29:19 2017 +0200 + + tlslite: updated to latest version + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Aug 23 10:20:05 2017 +0200 + + certtool: do not ask about RSA encryption in non-RSA keys + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Aug 22 16:17:54 2017 +0200 + + fuzz: work-around libtool file name + + fuzzers utilize argv[0] to discover the name the reproducers are stored + in. However libtool creates a script which later runs the executable. + Try to detect that situation and use the right paths. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Aug 22 08:48:03 2017 +0200 + + dh params: document DH param setting functions as deprecated + + They are no longer useful after the RFC7919 DH parameter negotiation. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Aug 15 10:03:54 2017 +0200 + + tests: introduced unit test of gnutls_memset() + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Aug 22 07:27:03 2017 +0200 + + fuzz: removed -static ldflag completely + + It is not necessary for building the fuzzer, and was causing + issues in MacOSX systems. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Aug 21 09:47:59 2017 +0200 + + .gitlab-ci.yml: use the same flags in the tags and non-tags windows builds + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Aug 21 09:46:07 2017 +0200 + + tests: p11-kit-trust is not compiled in windows + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Aug 21 08:35:07 2017 +0200 + + fuzz: temporarily disable -static build of fuzz/ in MacOSX + + This allows running the MacOSX CI tests on travis. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Aug 21 08:26:57 2017 +0200 + + doc update + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Aug 21 07:56:58 2017 +0200 + + tests: verify the output size of gnutls_x509_privkey_export + + That is, make sure that gnutls_x509_privkey_export() and + gnutls_x509_privkey_export2() agrees with the strlen() + value on the data. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sun Aug 20 20:46:31 2017 +0200 + + .travis.yml: print failed log files in fuzz after failure + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sun Aug 20 19:43:52 2017 +0200 + + hooks.m4: reduce the gap between minor soversion of 3.5.x and 3.6.0 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sun Aug 20 09:24:19 2017 +0200 + + tests: make mini-record more friendly for OSes with limited buffers + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sun Aug 20 09:18:05 2017 +0200 + + pull/push backends: ECONNRESET is translated to GNUTLS_E_PREMATURE_TERMINATION + + This returns a more reasonable error code on platforms where + this errno is set. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sun Aug 20 09:05:02 2017 +0200 + + tests: gnutls_x509_privkey_import: address issue on error path + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sun Aug 20 00:18:44 2017 +0200 + + sed: use it in a portable way in makefiles + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sat Aug 19 23:33:46 2017 +0200 + + configure: disable hardware acceleration on aarch64/ilp32 mode + + Our included assembly code for aarch64 is not suitable for that + data mode. + + Resolves #252 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sat Aug 19 13:39:28 2017 +0200 + + create_tls_random: avoid warning in fuzzying mode + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sat Aug 19 08:58:37 2017 +0200 + + configure.ac: removed conditional FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION + + Instead rely only on the definition, to make fuzzying mode to be + enabled even if --enable-fuzzer-target is not specified, but defined + b the compiler. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sat Aug 19 08:56:28 2017 +0200 + + rnd-fuzzer: use ifdef instead of conditional compilation + + This allows compiling in fuzzying mode even when --enable-fuzzer-target + is not specified on configure, but the definition is present. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Tim Rühsen +Date: Fri Aug 18 21:39:13 2017 +0200 + + fuzzer: Update base64 fuzzers + corpora + + Signed-off-by: Tim Rühsen + +Author: Tim Rühsen +Date: Fri Aug 18 21:32:28 2017 +0200 + + fuzzer: Fix include path in run-clang.sh [skip ci] + + Signed-off-by: Tim Rühsen + +Author: Nikos Mavrogiannopoulos +Date: Fri Aug 18 15:43:43 2017 +0200 + + gnutls_x509_privkey_export: use _gnutls_copy_string on PEM data + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Aug 18 13:05:34 2017 +0200 + + Corrected argument names of functions to correspond to declaration + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Aug 18 12:57:07 2017 +0200 + + lib: use casts and be explicit on intentional enumeration use + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Aug 18 13:56:04 2017 +0200 + + gnutls-cli-debug: do not run non-FIPS cipher tests when in FIPS mode + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Aug 18 12:52:20 2017 +0200 + + doc update + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Aug 18 12:47:12 2017 +0200 + + doc update + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Aug 18 11:51:53 2017 +0200 + + tests: added basic test for the operation of gnutls-cli-debug + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Aug 18 11:44:55 2017 +0200 + + tests: verify the presence of GNUTLS_SFLAGS_RFC7919 flag in server and client mode + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Aug 18 11:34:46 2017 +0200 + + gnutls-cli-debug: check whether RFC7919 is supported + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Aug 18 11:31:52 2017 +0200 + + gnutls_session_get_flags: introduced GNUTLS_SFLAGS_RFC7919 + + This allows checking whether the DHE parameters used were negotiated + using RFC7919. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Aug 18 11:22:11 2017 +0200 + + gnutls_auth_*: check cs parameter for validity prior to use + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Aug 18 11:16:50 2017 +0200 + + certtool: simplified certificate PEM printing + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Aug 18 11:14:16 2017 +0200 + + gnutls-cli: fixed bounds check on benchmark-tls + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Aug 18 10:44:21 2017 +0200 + + lib: removed legacy debugging code + + That code was code from the initial versions of gnutls. It was neither + used nor updated for long time. + + Relates #248 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Aug 18 10:35:03 2017 +0200 + + fuzz: added missing files into dist [ci skip] + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Aug 18 10:06:36 2017 +0200 + + tests: added missing files in dist [ci skip] + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Aug 18 10:05:36 2017 +0200 + + tests: do not suppress stderr errors on servers startup + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Aug 17 17:41:34 2017 +0200 + + doc update + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Aug 18 08:39:50 2017 +0200 + + abi-check: added check for 3.6.0 ABI compatibility + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Aug 18 08:38:48 2017 +0200 + + gnutls_x509_crl_get_issuer_dn: removed unnecessary const + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Aug 17 11:27:24 2017 +0200 + + certtool: fixed documentation of sign-params + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Aug 17 10:50:56 2017 +0200 + + README.md: mention lockfile-progs dependency + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Aug 17 10:02:47 2017 +0200 + + tests: tls-neg-ext4-key: explicitly restrict to TLS 1.2, 1.1 and 1.0 + + This allows testing all signature types used in the protocol. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Aug 17 09:59:53 2017 +0200 + + sign APIs: introduce RSA-RAW signing algorithm + + This ensures that there is a signing algorithm for all the operations + we support. Previously, we required GNUTLS_SIGN_UNKNOWN to be acceptable + by signing functions to accomodate for raw RSA operations. Now we make + that explicit and in the process clean-up the API. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Aug 17 10:09:13 2017 +0200 + + removed devel/fuzz; functionality moved to fuzz/ [ci skip] + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Tim Rühsen +Date: Fri Aug 11 21:42:02 2017 +0200 + + fuzzer: Add 'make -C fuzz coverage' [ci skip] + + This reports how much code is covered by fuzzing. + + Signed-off-by: Tim Rühsen + +Author: Nikos Mavrogiannopoulos +Date: Mon Aug 14 08:46:03 2017 +0200 + + _gnutls_recv_server_certificate_status: use the same type in subtracted values + + This ensures that there are no issues with subtracting those values. + Note that the second is read from an uint24_t and thus it is always + positive regardless its type. + + Resolves #245 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Aug 14 08:42:51 2017 +0200 + + _gnutls_proc_srp_client_kx: use same type in subtracted values + + This ensures that there are no issues with subtracting those values. + Note that the second is read from an uint16_t and thus it is always + positive regardless its type. + + Resolves #244 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Tim Rühsen +Date: Tue Aug 15 12:34:25 2017 +0200 + + fuzzer: Move regression corpora from tests/ to fuzz/ + + See fuzz/README.md for the corresponding paths. + + Signed-off-by: Tim Rühsen + +Author: Tim Rühsen +Date: Mon Aug 14 12:34:00 2017 +0200 + + fuzzer: Suppress leak in libgmp <= 6.1.2 + + Signed-off-by: Tim Rühsen + +Author: Tim Rühsen +Date: Fri Aug 11 18:31:35 2017 +0200 + + fuzzer: Suppress unsigned integer overflow in rnd-fuzzer.c + + Signed-off-by: Tim Rühsen + +Author: Tim Rühsen +Date: Sat Aug 5 20:49:19 2017 +0200 + + fuzzer: Initial check in for improved fuzzing + + Signed-off-by: Tim Rühsen + +Author: Nikos Mavrogiannopoulos +Date: Wed Aug 9 08:24:59 2017 +0200 + + fuzzer: added a fuzzer target + + This allows to compile the library with flags which will add predictable + random generation and eliminate some crypto checks, in order for the + library to be used for testing (fuzzying). + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Aug 15 16:40:41 2017 +0200 + + updated auto-generated files + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Aug 15 16:39:36 2017 +0200 + + gnutls_x509_privkey_export: made a wrapper over gnutls_x509_privkey_export2() + + In addition, improved function description. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Aug 15 13:23:39 2017 +0200 + + gnutls-http-serv: use RSA-PSS key + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Aug 15 13:11:03 2017 +0200 + + doc update + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Aug 15 12:58:02 2017 +0200 + + tests: use certtool to check RSA-PSS to RSA conversion + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Aug 15 12:07:01 2017 +0200 + + certtool: introduced --to-rsa option + + This allows converting an RSA-PSS key to raw RSA. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Aug 11 16:37:21 2017 +0200 + + doc update + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Aug 11 12:30:17 2017 +0200 + + updated auto-generated files + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Aug 4 15:51:34 2017 +0200 + + tests: added unit tests for gnutls_privkey_import_ext4 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Aug 4 15:00:46 2017 +0200 + + gnutls_privkey_import_ext4: introduced to allow signing with RSA-PSS or Ed25519 keys + + That function allows a signing callback which passes the signature + algorithm, providing all the information to callback for signing. + It also introduces GNUTLS_PRIVKEY_INFO_HAVE_SIGN_ALGO flag which + allows the library to query the private key of the supported + signature algorithms. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Aug 15 10:47:11 2017 +0200 + + reduce common asserts to assist in debugging the library + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Aug 15 10:29:42 2017 +0200 + + doc: algorithms.texi: include list of groups but skip compression methods + + Compression methods are no longer relevant or supported, and groups + replace the elliptic curves. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Aug 15 10:27:19 2017 +0200 + + doc: improved elliptic curve and group documentation + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Aug 14 19:02:45 2017 +0200 + + doc: mention the AES-DRBG random generator [ci skip] + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Aug 11 12:40:14 2017 +0200 + + tests: improved detection of 64-bit systems + + We now use the ${ac_cv_sizeof_unsigned_long_int} variable which + gives the numbers used in the host system, not the build one. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Aug 10 10:51:26 2017 +0200 + + tests: updated for new x86 host + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Aug 10 09:37:07 2017 +0200 + + .gitlab-ci.yml: replaced the f23 x86 build with a f26 x86 build + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Aug 11 11:09:39 2017 +0200 + + fuzz: explicitly initialize and deinitialize the library [ci skip] + + This enables the fuzzers to run even when statically linked. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Jul 18 13:08:31 2017 +0200 + + handshake: eliminated unnecessary function wrappers + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Jul 18 10:35:13 2017 +0200 + + gnutls_int.h: reduce memory occupied by ext_data + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Jul 18 10:25:10 2017 +0200 + + gnutls_int.h: reduced the maximum number of epoch states we keep + + There was no need to keep 16 epochs, as we typically we have only + one or two active. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Jul 18 10:14:11 2017 +0200 + + gnutls_int.h: removed unused variable from state + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Jul 14 11:30:51 2017 +0200 + + extensions: simplified requirements from send callback + + The callback no longer needs to return the number of sent data; + they are now calculated by the caller. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Jun 27 11:42:25 2017 +0200 + + ext/ecc: renamed Supported curves extension + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Jun 27 11:01:08 2017 +0200 + + gnutls-serv: --require-client-cert no longer implies --verify-client-cert + + That is, it is now possible to require a client certificate without + verifying it. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Aug 10 10:35:22 2017 +0200 + + CONTRIBUTING.md: corrected typo [ci skip] + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Aug 9 16:59:15 2017 +0200 + + doc update + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Aug 9 10:30:04 2017 +0200 + + updated auto-generated files + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Aug 9 09:40:03 2017 +0200 + + CONTRIBUTING.md: added section on symbol versioning + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Aug 4 11:06:18 2017 +0200 + + libgnutls.map: separated symbols introduced in 3.6.0 + + This separation assists tools like rpm which can detect + the right version of the library to use, by using the + symbol version. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Aug 9 10:21:06 2017 +0200 + + tests: added reproducer for private key import leak + + Issue found using oss-fuzz: + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=561 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Aug 9 13:18:33 2017 +0200 + + rnd: use time_t for prng_reseed_time + + This ensures that all time comparisons are done + under the same type. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Aug 9 10:20:36 2017 +0200 + + gnutls_x509_privkey_import_pkcs8: fixed memory leak on incorrect key import + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Aug 9 09:58:17 2017 +0200 + + tests: added reproducer for memory leak in SRP server + + Issue found using oss-fuzz: + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2859 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Aug 9 09:57:49 2017 +0200 + + gnutls_srp_verifier: corrected memory leak + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Aug 9 09:52:37 2017 +0200 + + tests: added reproducer for memory leak in RSA-PSK + + Issue found using oss-fuzz: + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2863 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Aug 9 09:52:21 2017 +0200 + + rsa-psk: corrected memory leak on invalid decrypt + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Aug 9 10:44:56 2017 +0200 + + updated auto-generated files + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Aug 9 10:41:58 2017 +0200 + + p11tool: --generate-xxx options were replaced by generate-privkey + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Tim Rühsen +Date: Mon Aug 7 23:04:36 2017 +0200 + + Fix memleaks in gnutls_x509_trust_list_add_crls() + + Signed-off-by: Tim Rühsen + +Author: Tim Rühsen +Date: Mon Aug 7 23:04:05 2017 +0200 + + Fix memleak in gnutls_x509_crl_list_import() + + Signed-off-by: Tim Rühsen + +Author: Nikos Mavrogiannopoulos +Date: Tue Aug 8 15:03:53 2017 +0200 + + publickey: fixed incorrect assignment + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Aug 8 15:03:11 2017 +0200 + + mac: simplified iteration functions + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Aug 8 14:59:56 2017 +0200 + + corrected input to gnutls_sign_supports_pk_algorithm + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Aug 8 14:59:44 2017 +0200 + + extensions: corrected flag check + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Aug 8 15:50:44 2017 +0200 + + tests: updated for new rsa-pss key in doc/credentials + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Aug 8 12:51:58 2017 +0200 + + cert selection: prioritize RSA-PSS certs over RSA + + RSA and RSA-PSS can both be used for RSA-PSS operations, and + as such without prioritizing RSA-PSS certificates it is unknown + which certificate will be used for an RSA-PSS operation. The + reason we want to have only RSA-PSS keys used for RSA-PSS operations + is to cover the use case where a server uses a legacy RSA certificate + for clients that don't support RSA-PSS and an RSA-PSS certificate + for the rest, thus separating the keys used for these client + groups. That separation ensures that any issue on PKCS#1 1.5 + (legacy RSA), would not affect sessions which use RSA-PSS. + + Resolves #243 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Aug 8 11:35:26 2017 +0200 + + gnutls_certificate_credentials_t: combine privkey into cert_st structure + + This reduces the number of applications and allows for easier + use of the structure information, as they are now self-contained + for most uses. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Aug 8 10:56:17 2017 +0200 + + tests: verify whether the RSA-PSS key is preferred on RSA-PSS sigs + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Aug 8 09:27:57 2017 +0200 + + certtool: eliminated unused variable + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Aug 7 16:32:17 2017 +0200 + + tests: added negative tests in provable-privkey + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Aug 7 16:23:29 2017 +0200 + + gnutls_pk_params_st: separate flags/qbits and curve + + Previously we were using the field flags to store the + size of q in case of GNUTLS_PK_DH, some key generation flags + in case of GNUTLS_PK_RSA, and the curve in case of elliptic + curve key. Separate this into multiple fields to reduce + confusion on the field. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Aug 7 14:55:38 2017 +0200 + + tests: check whether validation parameters are lost on key re-import + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sat Aug 5 20:08:31 2017 +0200 + + certtool: improved documentation on --provable option + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sat Aug 5 19:52:40 2017 +0200 + + certtool: create mapping between --load-x and --info options + + That allows using: + certtool --certificate-info --load-certificate FILE + and + certtool --certificate-info --infile FILE + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sat Aug 5 19:35:53 2017 +0200 + + certtool: removed definitions of non-existing functions + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sat Aug 5 17:08:16 2017 +0200 + + tests: updated for the new provable private key format + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sat Aug 5 10:17:46 2017 +0200 + + gnutls_x509_privkey_verify_seed: improved error on missing validation parameters + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Aug 1 16:17:45 2017 +0200 + + certtool: silence warnings related to --pkcs8 + + There is no reason to bug the user with such details by default. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Aug 1 15:18:34 2017 +0200 + + certtool: better print provable key validation parameters + + That is, include hash in the printable set, and keep spaces + from next fields. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Aug 1 15:11:12 2017 +0200 + + certtool: provable private keys are always exported in PKCS#8 form + + That allows the provable parameters to be included. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Aug 1 14:43:04 2017 +0200 + + x509: no longer emit the previous custom format for provable parameters + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Aug 1 14:30:06 2017 +0200 + + x509: store and read provable seed in PKCS#8 form of key + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Aug 2 10:28:07 2017 +0200 + + Added information on OID registry + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Aug 1 14:23:31 2017 +0200 + + pkix.asn: removed unused DomainParameters + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Aug 1 11:29:26 2017 +0200 + + x509: separated PKIX1 attributes parsing code for cert request handling + + This allows other code to utilize it. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Aug 7 09:36:20 2017 +0200 + + _gnutls_fbase64_decode will always return non-zero + + That is, document that fact and update its callers to remove + checks for zero. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sun Aug 6 17:23:52 2017 +0200 + + _gnutls_base64_decode: reject all zero-length string encodings on decoding + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sun Aug 6 11:34:39 2017 +0200 + + wrap_nettle_pk_fixup: added sanity check in RSA-PSS param checking + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sun Aug 6 11:34:10 2017 +0200 + + _decode_pkcs8_rsa_key: signal error in RSA privkey decoding + + Addresses oss-fuzz issue: + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2865 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sun Aug 6 11:28:15 2017 +0200 + + tests: added reproducer for private key crash + + Found using oss-fuzz: + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2865 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sun Aug 6 10:17:29 2017 +0200 + + tests: added unit test of gnutls_x509_crt_list_import + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sat Aug 5 09:35:14 2017 +0200 + + tests: added reproducer applications for psk and srp fuzzers + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Aug 4 19:47:00 2017 +0200 + + updated auto-generated files + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sun Jul 30 02:57:03 2017 +0200 + + gnutls_server_fuzzer: added ed25519 key/cert + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Jul 31 09:22:51 2017 +0200 + + removed references for "new" semantics of PEM base64 encode and decode + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Jul 31 09:19:22 2017 +0200 + + base64: reverted the raw semantics from the PEM encoding/decoding functions + + Keeping the complex semantics with NULL headers would most likely cause + issues in the future. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Jul 31 09:15:20 2017 +0200 + + base64: test the new base64 encoding and decoding functions + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Jul 31 09:13:35 2017 +0200 + + base64: uniformly use GNUTLS_E_BASE64_DECODING_ERROR for decoding errors + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Jul 31 09:08:24 2017 +0200 + + base64: introduced new functions for base64 encoding + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sun Jul 30 19:05:23 2017 +0200 + + tests: gnutls_x509_privkey_import: enhanced to test DER key import + + It seems that this function was not tested for multiple cases of + private keys in DER mode. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sun Jul 30 03:43:42 2017 +0200 + + gnutls_x509_privkey_import: allow importing ed25519 PKCS#8 keys in DER form + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Jul 28 14:00:27 2017 +0200 + + sign/digest: separate "brokenness" of signatures and hash algorithms + + That is, allow digital signatures to be marked as broken irrespective + of their used hash, and restrict hash brokenness to preimage resistance. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Jul 28 13:40:21 2017 +0200 + + sign: use C99 syntax for signature algorithm's table + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Jul 28 13:22:51 2017 +0200 + + .gitlab-ci.yml: enable multiple undefined sub-sanitizers + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Aug 4 16:40:29 2017 +0200 + + updated auto-generated files + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Jul 31 13:51:56 2017 +0200 + + p11tool: auto-generate the list of PKCS#11 mechanisms from p11-kit + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Jul 28 12:11:06 2017 +0200 + + tests: added unit test for gnutls_x509_privkey_import + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Jul 28 11:52:28 2017 +0200 + + tests: added TLS negotiation with various keys under PKCS#11 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Jul 28 11:48:40 2017 +0200 + + x509_privkey: handle keys which can only have PKCS#8 form transparently + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Jul 28 11:00:03 2017 +0200 + + tests: updated for errors returned due to early signature selection + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Jul 28 10:30:25 2017 +0200 + + tests: added check for the negotiation of ext keys + + That is, check whether we can negotiate TLS with ext abstract + key types, and whether the algorithms which cannot be used + with that key type, gracefully fail. + + Relates #234 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Jul 28 10:22:29 2017 +0200 + + privkey: reject signing with ext keys and GNUTLS_PK_RSA_PSS or GNUTLS_PK_EDDSA_ED25519 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Jul 28 10:09:54 2017 +0200 + + _gnutls_check_key_cert_match: use the new API for signing + + This ensures that the same signature algorithm is used for + signing and verification. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Jul 28 10:02:59 2017 +0200 + + privkey: return less specific but more appropriate error on invalid pks for ext keys + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Jul 28 09:27:03 2017 +0200 + + prior to negotiating a signature check compatibility with private key + + That is, check if the private key can support the public key operation + needed for the signature. That in particular includes, excluding the + Ed25519 and RSA-PSS from being used with the 'EXT' keys as the + current API cannot handle them, and RSA-PSS from being used by PKCS#11 + RSA keys which do not provide the CKM_RSA_PKCS_PSS mechanism. + + Relates #234 + Resolves #209 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Jul 28 09:21:59 2017 +0200 + + pkcs11: mark RSA PKCS#11 key which can do RSA-PSS + + Also refuse to sign with RSA-PSS if the mechanism is not supported. + + Relates #208 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Jul 11 11:55:52 2017 +0200 + + handshake: select a signature algorithm early + + That is, select the signature algorithm at the point the certificate and + ciphersuites are decided. Also ensure that a compatible signature algorithm + with the ciphersuite and the key is selected. + + That prevents situations where a ciphersuite and a certificate are + negotiated, but later on the handshake we figure that there are no + common signature algorithms. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Jul 28 08:46:18 2017 +0200 + + tests: added basic unit test of gnutls_pkcs11_token_check_mechanism + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Jul 27 18:07:54 2017 +0200 + + gnutls_pkcs11_token_check_mechanism: introduced function to check token for a particular mechanism + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Aug 4 10:45:20 2017 +0200 + + updated auto-generated files + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Aug 4 10:21:06 2017 +0200 + + x509/output: print error on invalid public key parameters on certificate + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Aug 4 10:05:29 2017 +0200 + + gnutls_pk_get_oid: return early on unknown algorithm + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Aug 4 09:48:42 2017 +0200 + + tests: check whether the gnutls_x509_*_set_spki will reject invalid values + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Aug 4 09:34:23 2017 +0200 + + tests: updated for gnutls_x509_spki_get_rsa_pss_params + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Aug 4 09:29:12 2017 +0200 + + tests: added unit test of generation of legal and illegal rsa-pss parameters + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Aug 4 09:25:31 2017 +0200 + + spki: combined all exported functions to a single set and get + + This simplifies setting parameters for a particular key type, + as well as getting them. The advantage is that they are set + atomically, preventing an inadverterly half-filled structure. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Aug 4 09:13:15 2017 +0200 + + certtool: set RSA-PSS parameters using GNUTLS_KEYGEN_SPKI kdata type + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Aug 4 09:06:32 2017 +0200 + + introduced error code GNUTLS_E_PK_INVALID_PUBKEY_PARAMS + + This is being use to indicate errors in the public key parameters + such as the RSA-PSS salt size or digest algorithm. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Aug 3 16:46:32 2017 +0200 + + gnutls_x509_privkey_generate*: allow specifying the SPKI parameters for key generation + + This in turn removes the need for reading the flag GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE + on the key generation process. The flag is now only used during key signing + which is also its documented purpose. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Aug 3 16:29:18 2017 +0200 + + gnutls_x509_privkey_set_spki: check validity of parameters set + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Aug 3 16:21:26 2017 +0200 + + gnutls_x509_cr*_set_spki: check for validity of parameters set + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Aug 3 16:16:49 2017 +0200 + + _gnutls_x509_check_pubkey_params: removed unnecessary parameter + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Aug 3 16:06:06 2017 +0200 + + tests: added check for import of RSA-PSS key with invalid salt + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Aug 3 15:37:18 2017 +0200 + + gnutls_pubkey_import_x509: propagate errors from gnutls_x509_crt_get_pk_algorithm + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Aug 3 15:16:08 2017 +0200 + + _rsa_pss_verify_digest: verify the validity of the salt_size length on verification + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Aug 3 15:08:43 2017 +0200 + + gnutls_x509_privkey_import: immediately exit on GNUTLS_E_PK_INVALID_PRIVKEY + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Aug 3 15:00:00 2017 +0200 + + wrap_nettle_pk_fixup: check RSA PSS parameters for validity on import + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Aug 3 11:03:44 2017 +0200 + + gnutls_x509_*_set_spki: removed arbitrary restrictions to setting parameters + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Jul 28 08:20:16 2017 +0200 + + tests: added unit test for the SPKI abstract functions + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Jul 27 11:24:40 2017 +0200 + + tests: chainverify: included negative and positive tests with RSA-PSS signed chains + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Jul 27 15:03:00 2017 +0200 + + pct_test: use local SPKI structure to override parameters if not set + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Jul 27 08:44:05 2017 +0200 + + fixup_spki_params: use GNUTLS_E_CONSTRAINT_ERROR for RSA-PSS violations + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Jul 27 08:28:54 2017 +0200 + + _gnutls_x509_read_pkalgo_params: initialize params structure + + That is the primary call on these parameters, thus it should + initialize the structure with something reasonable. That is + similar to behavior of _gnutls_x509_read_rsa_pss_params. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Jul 27 08:14:37 2017 +0200 + + RSA-PSS parameter checking was moved to lower level functions + + That way all PKI callers get protected by the checks. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Jul 27 07:55:24 2017 +0200 + + signature security level check were moved to lower level functions + + That way all callers (including PKI functions) get protected by + the available checks. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Jul 27 07:19:36 2017 +0200 + + _wrap_nettle_pk_encrypt: return GNUTLS_E_INVALID_REQUEST on unsupported algorithms + + That is a more specific error code than internal error. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Jul 27 07:10:22 2017 +0200 + + certtool: print signature algorithm in cert verification output + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Jul 26 17:51:00 2017 +0200 + + verify_crt: translate GNUTLS_E_CONSTRAINT_ERROR to verification status flag + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Jul 26 17:50:33 2017 +0200 + + x509/sign: in debugging mode print the signature algorithm + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Jul 26 17:34:14 2017 +0200 + + _gnutls_x509_validate_sign_params: use GNUTLS_E_CONSTRAINT_ERROR for mismatch of RSA-PSS parameters + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Jul 26 17:28:00 2017 +0200 + + _gnutls_x509_read_rsa_pss_params: fail early on unknown hash algorithms + + Also utilize GNUTLS_E_CONSTRAINT_ERROR for signaling differences + between the hash functions. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Jul 26 16:55:02 2017 +0200 + + gnutls_pubkey_get_preferred_hash_algorithm: will take into account the RSA-PSS SPKI + + In addition it will offer a SHA hash depending on the key size for + RSA public keys. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Jul 26 16:45:00 2017 +0200 + + certtool: sign_params_to_flags: use strtok to parse input + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Jul 26 15:41:51 2017 +0200 + + certtool: copy SPKI information from private key when available + + That also addresses a bug due to which SPKI information was not set. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Jul 26 15:54:07 2017 +0200 + + x509/output: Subject Public Key parameters are printed just before actual key + + That allows to easier figure out algorithm and basic parameters, rather + than having them at the end of long key output. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Jul 26 15:35:15 2017 +0200 + + gnutls_x509_crt_set_spki: be more verbose in parameter restrictions + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Jul 26 15:07:42 2017 +0200 + + _gnutls_privkey_update_spki_params: use GNUTLS_E_CONSTRAINT_ERROR on mismatch of hash + + That is a more specific error code for hash mismatch between + public key information and signature. In addition only override + the salt size, if it is set to zero without the proper flags. + + That prevents the update function from setting an invalid (lower) + than the expected size. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Jul 26 15:00:17 2017 +0200 + + cert-tests: use .tmp suffix for all tests + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Jul 26 14:43:15 2017 +0200 + + certtool: allow specifying RSA-PSS parameters for key generation + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Jul 26 14:56:36 2017 +0200 + + _gnutls_x509_write_rsa_pss_params: refuse to write RSA-PSS parameters we cannot use + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Jul 26 14:30:03 2017 +0200 + + certtool: group together common options + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Jul 26 13:41:46 2017 +0200 + + tests: modified to account new errors + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Jul 26 17:58:06 2017 +0200 + + gnutls_x509_*_get_signature_algorithm: simplified error handling + + These functions were documented to return a negative error code + on failure, as well as GNUTLS_SIGN_UNKNOWN on unknown algorithms. + Simplify them by only returning GNUTLS_SIGN_UNKNOWN on all error + conditions. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Jul 26 13:24:52 2017 +0200 + + _gnutls_x509_get_signature_algorithm: return negative error code on unknown algorithm + + This allows internal callers to quickly fail on errors. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Jul 26 13:40:31 2017 +0200 + + compare_sig_algorithm: modify to work even for certs with unsupported signature algorithm + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Jul 26 09:20:22 2017 +0200 + + pubkey_verify_hashed_data: simplified and made static + + That also removes its ability to operate with the 'unknown' + signature algorithm, and forces the TLS 1.0 key exchange to + supply the right algorithm or flags. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Jul 26 09:16:03 2017 +0200 + + pubkey_verify_data: accept signature entry instead of PK and hash + + That aligns better with current callers which know the signature + algorithm in use. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Jul 27 17:00:00 2017 +0200 + + NEWS: documented the SPKI handling functions + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Jul 25 13:42:12 2017 +0200 + + tests: added RSA and RSA PSS key unit tests + + That is test: + 1. Whether RSA-PSS keys will refuse to sign with incompatible signature + 2. Whether RSA-PSS public keys cannot be used for encryption + 3. Whether RSA-PSS keys cannot be used for signing with PKCS#1 1.5 + 4. Whether an RSA key can be converted to an RSA-PSS one with the public APIs + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Jul 25 16:52:18 2017 +0200 + + certtool: do not print error on missing RSA-PSS parameters on key + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Jul 27 16:53:57 2017 +0200 + + Added convention for missing SubjectPublicKeyInfo params field + + That is, when that field is missing, the spki_st structure field + pk will be set to GNUTLS_PK_UNKNOWN. In that case other fields + are undefined. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Jul 25 14:01:48 2017 +0200 + + *set_spki(): return error on incompatible algorithms + + In addition update the public key algorithm field in the + respective structure. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Jul 25 16:33:26 2017 +0200 + + gnutls_x509_privkey_generate2: do not hardcode the RSA-PSS hash to SHA256 + + Instead use _gnutls_pk_bits_to_sha_hash() to set an appropriate hash + for the number of bits of the key. This matches better the "intention" + of RSA-PSS or tying the security parameter with the salt and hash. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Jul 25 14:14:49 2017 +0200 + + _decode_pkcs8_rsa_pss_key: ensure we set the PSS PK identifier + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Jul 25 13:38:34 2017 +0200 + + cleanup: removed duplicate parameter in gnutls_pubkey_st + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Jul 25 13:28:44 2017 +0200 + + gnutls_x509_privkey_int: eliminated duplicate pk_algorithm field + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Jul 25 13:34:50 2017 +0200 + + cleanup: removed unnecessary/duplicate parameters in _dsa_q_to_hash + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Jul 25 13:18:05 2017 +0200 + + cleanup: removed unnecessary/duplicate parameters in functions + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Jul 25 13:12:19 2017 +0200 + + cleanup: removed unnecessary/duplicate parameters in functions + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Jul 25 12:01:52 2017 +0200 + + abstract.h: added functions to read and write SPKI information + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Jul 25 11:48:58 2017 +0200 + + gnutls_x509_privkey_set_spki: introduced function to update SPKI on a key + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Jul 24 16:35:50 2017 +0200 + + tests: added unit test for the SPKI related functions + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Jul 25 11:37:04 2017 +0200 + + x509.h: Renamed SPKI related functions + + This better reflects their purpose as providers of information + for subject public key. In addition use 'const' for fields that + should be left intact. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Jul 25 09:43:05 2017 +0200 + + tests: introduced RSA-PSS key exchange with a key fixed to rsa-pss with sha256 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Jul 25 10:06:10 2017 +0200 + + _gnutls_pubkey_compatible_with_sig: enforce RSA-PSS requirements + + That is require that parameters in an RSA-PSS key which has them + explicitly set, are respected with regards to signature algorithm + negotiation. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Jul 25 09:39:32 2017 +0200 + + tests: eagain-common.h: remove superfluous information + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Jul 12 08:49:30 2017 +0200 + + tests: renamed tests for uniformity + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Jul 24 16:15:15 2017 +0200 + + tests: added unit test for RSA-PSS signing over PKCS#11 + + This requires a softhsm with support for RSA_PKCS_PSS mechanism. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Jul 24 16:05:36 2017 +0200 + + gnutls_pubkey_verify*: use common function to set RSA-PSS parameters + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Jul 24 11:21:34 2017 +0200 + + pkcs11: added support for signatures with RSA-PSS + + Relates #209 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Jul 25 10:16:40 2017 +0200 + + gnutls_pk_params_st: renamed sign field to spki + + The name "sign" was ambiguous with regard to its intented + use, as it could refer to digital signature parameters + which was not exactly the case. That field contains parameters + present in the subject public key info (SPKI), which could + be used in a digital signature, but not necessarily. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Jul 24 10:12:54 2017 +0200 + + Clarified the purpose of the spki params related functions + + _gnutls_privkey_get_sign_params was renamed to _gnutls_privkey_get_spki_params, + _gnutls_privkey_update_sign_params to _gnutls_privkey_update_spki_params, + and the dig entry of gnutls_x509_spki_st was renamed to rsa_pss_dig. + + The reason is that there could be a confusion on the purpose of + the 'dig' entry, as it could be assumed to be the signature's hash + algorithm in the general case. That could not be because the SPKI + parameters do not contain it for any other algorithm than RSA-PSS. + As such, make a logical separation from SPKI reading functions + with the signature reading functions and try to use the + gnutls_sign_entry_st when signature information is required. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Jul 21 23:56:20 2017 +0200 + + Pass the signature algorithm lower in the verification stack + + This will allow enhancing the back-ends (PKCS#11 and ext) for + signing with the new signature algorithms like RSA-PSS and Ed25519. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Aug 3 07:46:11 2017 +0200 + + fuzz: introduced mem.h with common callbacks for mem access + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Aug 3 07:38:13 2017 +0200 + + updated auto-generated files + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Jul 31 10:50:52 2017 +0200 + + fuzz: added SRP server and client fuzzers + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sun Jul 30 03:01:08 2017 +0200 + + fuzz: introduced psk.h common header + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sun Jul 30 02:48:11 2017 +0200 + + fuzz: added PSK server fuzzer + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sun Jul 30 02:30:43 2017 +0200 + + fuzz: added PSK client fuzzer + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sun Jul 30 02:12:19 2017 +0200 + + gnutls-cli: introduced options to save client and server traces + + This allows to easier obtain traces for use in fuzzers. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sun Jul 30 01:45:22 2017 +0200 + + fuzz: ported libidn2's main.c taking advantage of afl-clang-fast + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sun Jul 30 01:55:43 2017 +0200 + + gnutls_system_recv_timeout: doc update + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Aug 2 20:52:57 2017 +0200 + + tlsfuzzer: enabled EC tests for x25519 + + That includes tests for default curve. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Jul 21 15:18:38 2017 +0200 + + tlsfuzzer: enabled test for ECDHE without the supported groups/EC extension + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Aug 2 17:25:17 2017 +0200 + + Set a default supported curve + + RFC4492 and draft-ietf-tls-rfc4492bis-17 mention: + "A client that proposes ECC cipher suites may choose not to include these + extensions. In this case, the server is free to choose any one of + the elliptic curves or point formats listed in Section 5." + + As such, we set a default curve to be used in the case the + server encounters a handshake with no supported groups/curves + extension. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Aug 2 12:58:48 2017 +0200 + + tlsfuzzer: removed duplicate tests + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Aug 2 12:55:24 2017 +0200 + + tlsfuzzer: fixed comment fields + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Jul 11 08:02:56 2017 +0200 + + doc update + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Jul 24 08:39:00 2017 +0200 + + updated auto-generated files + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Jul 18 08:13:00 2017 +0200 + + gnutls-cli: use FFDHE3072 parameters for benchmarking + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Aug 1 10:21:37 2017 +0200 + + _gnutls_figure_dh_params: do not use have_ffdhe flag + + This flag is intended to indicate whether the peer has advertized + at least one FFDHE group, and not whether we have negotiated FFDHE. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Jul 10 12:23:55 2017 +0200 + + tests: added unit test for group listings in priority structure + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Jul 10 12:05:01 2017 +0200 + + tests: updated cipher-listings.sh for the new groups listing + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Jul 10 11:46:03 2017 +0200 + + doc: documented the use of RFC7919 and groups + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Jul 3 10:44:14 2017 +0200 + + tlsfuzzer: enabled RFC7919 FFDHE tests + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Jul 3 09:09:27 2017 +0200 + + tests: enhanced server key exchange tests with explicit DH param setting + + That is, not only check the DH parameter setting using the known_dh_params() + functions, but also with the explicit setting --set_server_dh_params(). + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Jun 30 16:17:12 2017 +0200 + + tests: updated for post-RFC7919 behavior of library + + That is, it is no longer necessary to set DH parameters on a + credentials structure, and thus previously expected to fail + connections may succeed even without DH parameters. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Jun 30 15:54:27 2017 +0200 + + tests: added RFC7919 FFDHE unit tests + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Jun 30 15:37:00 2017 +0200 + + cli,serv: do not print any information on compression + + Compression is always NULL. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Jun 30 15:32:58 2017 +0200 + + cli,serv: no longer print parameters when FFDHE groups are used + + The negotiated RFC7919 group is now printed as part of the Description string, + and there is no reason to print more information on parameters defined by + the protocol. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Jul 10 11:57:51 2017 +0200 + + gnutls-cli: print the supported groups instead of curves + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Jul 10 12:02:13 2017 +0200 + + gnutls_priority_ecc_curve_list: avoid including groups into elliptic curves list + + This provides a mostly-compatible behavior of gnutls_priority_ecc_curve_list() + in order to avoid keeping additional information for elliptic curves in the + priority cache. This approach will always return the supported curves, if the set + groups are prioritized with the elliptic curve variants set first. This + is the default in the built-in priorities, and to most common setups. + + Items which are non-valid curves will not be returned. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Aug 2 08:42:37 2017 +0200 + + handshake: moved group negotiation after ciphersuite selection + + This allows to cope with situations where the peer prioritizes a + supported group which doesn't map to a supported ciphersuite. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Jul 14 10:35:58 2017 +0200 + + security_parameters: ease access to group information by keeping pointer to it + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Jul 14 10:15:23 2017 +0200 + + security_parameters: simplified contents by keeping pointer to cipher_suite_entry_st + + That, in addition to simplifying the contents, it allows faster access + to ciphersuite's properties. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Jun 27 15:36:04 2017 +0200 + + TLS: introduced support for RFC7919 groups + + That replaces the EC curve extension negotiation with + the negotiated groups extensions, introduces handling + for groups as priority strings, as well as using and + checking of RFC7919 DH parameters once negotiated. + + Resolves: #37 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Jul 21 16:03:35 2017 +0200 + + updated auto-generated files + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Jul 21 14:21:32 2017 +0200 + + gnutls-cli: use gnutls_priority_set + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Jul 21 14:20:26 2017 +0200 + + tests: modified gnutls_priority_set2() tests for gnutls_priority_set() + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Jul 21 12:09:49 2017 +0200 + + gnutls_priority_set: use reference counting + + That eliminates the need for gnutls_priority_set2() which is now + removed. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Jul 21 11:43:27 2017 +0200 + + Introduced atomic.h to simplify handling of atomic integers + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Jul 21 11:22:31 2017 +0200 + + Revert "Documented use gnutls_priority_set2()." + + This reverts commit b4aed16ee30f76211c13b075149bb87c012f9bf6. + +Author: Nikos Mavrogiannopoulos +Date: Fri Jul 21 10:54:13 2017 +0200 + + tlsfuzzer: enabled test-ecdsa-sig-flexibility.py + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Jul 21 10:05:44 2017 +0200 + + updated auto-generated files + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Jul 20 14:48:33 2017 +0200 + + doc update + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Jul 20 14:43:20 2017 +0200 + + algorithms/mac: marked RIPEMD160 as insecure for certificates + + This is an algorithm which is not really used in Internet PKI + and due to that has seen no public cryptanalysis. As such + we disable it for certificate verification to prevent it from + being used as an attack vector. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Jul 20 13:26:46 2017 +0200 + + tests: partially reverted SHA1 broken tests + + SHA1 is now considered broken only for certificates, hence + OCSP or raw signing tests no longer need to use GNUTLS_VERIFY_ALLOW_BROKEN + in the cases where certificate verification is not performed. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Jul 20 13:18:10 2017 +0200 + + x509/verify: reject SHA1 in signature algorithms for certificate verification + + That is, we now use gnutls_sign_is_secure2() with GNUTLS_SIGN_FLAG_SECURE_FOR_CERTS + flag for checking the validity of the signature algorithm, when + verifying signatures in certificates. + + Resolves #229 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Jul 20 13:16:07 2017 +0200 + + tests: added unit tests for gnutls_sign_is_secure2() + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Jul 20 12:41:47 2017 +0200 + + gnutls_sign_is_secure2: introduced + + This function exports the ability to check the validity of + a signature algorithm for signing certificates. + + That also introduces the flag GNUTLS_SIGN_FLAG_SECURE_FOR_CERTS + which when specified will cause the function to return whether + the algorithm is secure for signing certificates. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Jul 20 12:40:34 2017 +0200 + + _gnutls_digest_is_secure_for_certs: introduced + + This is a macro to allow checking the security of a hash algorithm + with respect to signing certificates. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Jul 20 12:17:40 2017 +0200 + + mac: re-organized the hash algorithms table + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Jul 20 16:28:15 2017 +0200 + + tests: added reproducer with ed25519 private key + + Found with oss-fuzz: + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2689 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Jul 20 16:43:18 2017 +0200 + + Ensure that public key parameters are initialized on import + + Previously we depended on initialization during the _init() + call, however, there can be cases where this re-initialization + is needed (e.g., on multiple tries to load a key). + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Jul 20 16:49:11 2017 +0200 + + _decode_pkcs8_eddsa_key: ensure that the key size read matches the curve size + + That is, in the newly introduced ed25519 keys we didn't check + whether the input size in the PKCS#8 file matched the curve + size. + + Found using oss-fuzz: + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2689 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Jul 18 16:40:11 2017 +0200 + + tlsfuzzer: enabled SNI and other tests from master + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Jul 20 08:22:10 2017 +0200 + + tests: updated to reflect the fact that invalid dns names are rejected + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Jul 18 16:32:07 2017 +0200 + + server_name: several simplifications of the code base + + The existing code was written with the intention of supporting multiple + server names, however that was never happened, and this extension is + currently only used for DNS server names. Remove unneeded extensibility. + + In addition, removed conversion of client provided server name (DNS) to + IDNA. Clients not providing valid names are violating the spec and + that conversion step not only wastes resources, but increases + the attack surface of a server. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Jul 18 16:11:05 2017 +0200 + + server_name: be strict in decoding errors + + That is, return error when a malformed extension is seen. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Jul 18 11:23:11 2017 +0200 + + tlsfuzzer: enabled RSA-PSS checks on certificate verify + + Relates: #208 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Jul 18 11:16:09 2017 +0200 + + tlsfuzzer: enabled test-extended-master-secret-extension.py + + That allows testing the extended master secret behavior. + + Resolves: #231 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Jul 18 10:59:23 2017 +0200 + + ext_master_secret: return proper error code on decoding error + + Proper meaning that it maps to the alert 'decode error' rather + than illegal parameter. According to tlsfuzzer the former is more + suitable. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Jul 18 08:07:24 2017 +0200 + + gnutls-cli: re-use priorities for both client and server on benchmarks + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Jul 17 19:14:33 2017 +0200 + + gnutls-cli: re-use priorities when measuring performance + + This avoids measuring cache misses due to priority processing time. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Jul 17 14:06:50 2017 +0200 + + tests: enhanced SSL3.0 openssl detection in testcompat-openssl + + That disables SSL 3.0 testing in openssl versions which cannot negotiated + it (see https://bugzilla.redhat.com/show_bug.cgi?id=1471783 for rationale) + and corrects a typo in the variable name and printed message. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Jul 17 11:57:41 2017 +0200 + + .gitlab-ci.yml: document that the x86 build is our openssl 1.0.x compat testing as well + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Jul 17 11:08:07 2017 +0200 + + tests: disable ARCFOUR interop tests if openssl doesn't support the cipher + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Jul 17 08:32:08 2017 +0200 + + tests: testcompat-openssl: 3DES is explicitly enabled for SSL 3.0 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sat Jul 15 18:06:01 2017 +0200 + + Use gcc's attribute to mark fallthrough statements + + gcc7 is more verbose on fallthrough warnings, and this patch set + cleans up the current state by making use of the attribute when + necessary. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sat Jul 15 18:09:18 2017 +0200 + + configure: do not utilize the -Wno-format-truncation gcc warning + + The warnings it produces have little value in our use of string functions. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sat Jul 15 17:43:09 2017 +0200 + + .gitlab-ci.yml: switched to fedora 26 for CI builds + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Jul 17 15:17:08 2017 +0200 + + tests: introduced tests on public key import-export + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Jul 17 09:31:10 2017 +0200 + + tests: added sign/verification test using rfc8080 keys + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Jul 17 10:20:41 2017 +0200 + + tests: verify that a server with an ed25519 key will fail when client does not advertise it + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Jul 17 09:11:59 2017 +0200 + + tests: privkey-keygen: added unit test for Ed25519 keys + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Jul 17 09:06:52 2017 +0200 + + privkey_sign_and_hash_data: in pre-hashed schemes, allow empty hash algorithm + + In these schemes the hash algorithm is fixed in the signature algorithm + and thus the empty (unknown) value will act as a wildcard. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sat Jul 15 20:10:24 2017 +0200 + + tests: added private key parameter verification in key-import-export checks + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sat Jul 15 20:03:21 2017 +0200 + + nettle: wrap_nettle_pk_verify_priv_params: verify whether public key matches private + + This enables gnutls_privkey_verify_params() for Ed25519 keys. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Jul 14 20:52:49 2017 +0200 + + CONTRIBUTING.md: specified rules on boolean functions + + Based on suggestion by Hubert Kario. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Jul 14 14:08:20 2017 +0200 + + priority: enabled Ed25519 signature by default + + As our implementation interoperates with boringssl's implementation + of Ed25519, we can now enable it. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Jun 19 10:45:49 2017 +0200 + + updated auto-generated files + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Jun 7 09:50:29 2017 +0200 + + handshake: return better error code on unwanted algorithm + + That is, when a signature algorithm is available which was not + asked by the peer, then return GNUTLS_E_UNWANTED_ALGORITHM + instead of the UNKNOWN_ALGORITHM. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Jun 7 10:05:50 2017 +0200 + + tests: added check on Ed25519 chain verification + + This chain was generated using certtool, and passed verification + with OpenSSL's implementation (commit: db0f35dda18403accabe98e7780f3dfc516f49de) + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Jun 6 11:34:49 2017 +0200 + + gnutls-cli: added RSA-PSS signatures in benchmark + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Jun 6 11:47:48 2017 +0200 + + doc update + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Jun 6 11:47:09 2017 +0200 + + privkey_sign_and_hash_data: added sanity check on param validity + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Jun 6 10:42:58 2017 +0200 + + gnutls-cli: added benchmark on X25519-Ed25519 key exchange + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Jun 6 09:42:22 2017 +0200 + + tests: pkcs7: added ed25519 basic signing and verification checks + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Jun 6 09:23:53 2017 +0200 + + privkey_sign_and_hash_data: handle prehashed signatures + + This allows this function to handle ed25519, i.e., allows it + to operate for PKCS#7 signatures. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Jun 6 09:21:48 2017 +0200 + + pkcs7: improved syntax in if-clause + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Jun 5 10:14:43 2017 +0200 + + tests: enhanced OID tests for Ed25519 OIDs + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Jun 2 11:27:34 2017 +0200 + + tests: key-import-export: added Ed25519 key import/export checks + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Jun 2 09:52:51 2017 +0200 + + doc update + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Jun 2 09:44:52 2017 +0200 + + tests: replaced rsa-pss/eddsa certtool options with --key-type + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Jun 2 09:41:56 2017 +0200 + + certtool: introduced the --key-type option + + This replaces the --rsa-pss and --eddsa options. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue May 30 13:02:06 2017 +0200 + + Renamed GNUTLS_PK_ECDHX to GNUTLS_PK_ECDH_X25519 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue May 30 12:53:40 2017 +0200 + + tests: parse and interpret an EdDSA public key + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon May 29 16:23:10 2017 +0200 + + tests: added TLS handshake test with EdDSA25519 certificates + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon May 29 16:22:27 2017 +0200 + + Allowed Ed25519 signing in TLS handshakes + + This follows draft-ietf-tls-rfc4492bis-17 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon May 29 15:23:21 2017 +0200 + + tests: added tests on EdDSA signature validation using the sign/verify_data APIs + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri May 26 17:26:34 2017 +0200 + + tests: Added unit test on EdDSA key parsing + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon May 29 12:52:12 2017 +0200 + + tests: added Ed25519 key and certificate generation tests + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri May 26 15:20:38 2017 +0200 + + Added support for EdDSA (Ed25519) curve keys + + This adds support for draft-ietf-curdle-pkix-04. + + Resolves #25 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sat Jul 15 18:52:33 2017 +0200 + + parse_pem_cert_mem: fixed issue resulting to accessing past the input data + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sat Jul 15 17:54:01 2017 +0200 + + supported_exts.h: make sure that the generated function is static + + That avoids compiler warnings due to missing prototype. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Jun 14 15:12:11 2017 +0200 + + tlsfuzzer: enabled chacha20 tests + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Jul 13 14:50:55 2017 +0200 + + updated tlsfuzzer + + That fixes issue detecting connection termination from gnutls-serv + in chacha20 test. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Jul 12 15:54:38 2017 +0200 + + tests: csr-invalid.der: modify the SPKI OID to use SECP384R1 + + That avoids false positives in error detection in 'crq' test due to + SECP224R1 not being supported in our CI platforms. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Jul 12 16:04:49 2017 +0200 + + x509/output: do not attempt to print the key ID on unknown SPKI algorithms + + On unknown algorithms, it is not always possible to parse the SPKI + field. Instead avoid printing errors. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Jul 12 15:24:23 2017 +0200 + + .gitlab-ci.yml: corrected location of artifacts in aarch64 build + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Jul 12 13:44:24 2017 +0200 + + tests: certtool-rsa-pss: use unique temp files + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Jul 11 10:28:16 2017 +0200 + + updated auto-generated files + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Jun 19 15:18:20 2017 +0200 + + _gnutls_buffer_append_data_prefix: cleanup + + This eliminates a misleading code that assumed that the called functions + will return the appended size. Always return zero on success which is + what the existing callers assume. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Jul 11 10:30:56 2017 +0200 + + .gitlab-ci.yml: removed unnecessary options from minimal build + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Jul 3 09:52:21 2017 +0200 + + pubkey: print the failed signature algorithm when verification fails + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Jul 3 09:58:35 2017 +0200 + + gnutls-cli: added option to allow verification with broken algorithms + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Jul 3 10:06:22 2017 +0200 + + tls sessions will not fail of insecure algorithms which are explicitly enabled + + That is, if DSA-SHA1 is allowed, do not propagate errors from + gnutls_pubkey_verify_data2() due to SHA1 considered insecure, but rather + ignore such errors. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Jul 13 14:37:00 2017 +0200 + + tests: mini-record-2: made more robust + + It will no longer close the session prior to peer processing + all messages. This prevents the peer stopping processing + prior to all messages being received. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Jul 13 14:22:33 2017 +0200 + + tests: mini-record: made more robust + + It will no longer use a stream socket as this can does not work + well with damaged records (they may end up merged). + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Jul 13 13:21:29 2017 +0200 + + record: reject 0-byte long ciphertext + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Jul 11 10:18:56 2017 +0200 + + record: added sanity checking in the record layer version copy + + Previously we assumed that an active session had always a version + set, however there have been reports of evolution crashing in + that particular point. Although, this could have been due to + memory corruption, be careful and check for invalid input. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Jul 3 11:51:20 2017 +0200 + + record: more precise calculation of max recv size + + Previously we were using a rough calculation of the max recv size + based on maximum values. Now we calculate the exact maximum value once + the epoch is initialized and enforce it throughout the session. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Jun 14 15:33:01 2017 +0200 + + decryption: use the same error code on all cases + + This eases testing using tlsfuzzer. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Jul 3 11:08:49 2017 +0200 + + gnutls-serv: allow receiving requests up to 16kb + + This makes gnutls-serv useful for few tlsfuzzer test cases. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Jul 3 11:19:44 2017 +0200 + + max_record_recv_size: removed call to gnutls_compression_get() + + We no longer support compression. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Jul 11 09:10:39 2017 +0200 + + Print the requested CA names when in debug mode + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Jun 27 11:00:20 2017 +0200 + + gnutls-http-serv: do not set the obsolete PGP options + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Jul 11 08:51:07 2017 +0200 + + doc: updated documentation on client authentication [ci skip] + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Jul 10 09:53:55 2017 +0200 + + doc: explicitly state intended usage of priorities on server-side + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Jul 4 09:26:57 2017 +0200 + + doc: use the default priorities in server example + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Jun 26 14:04:37 2017 +0200 + + updated auto-generated files + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Jun 26 10:26:03 2017 +0200 + + tests: added unit tests for gnutls_priority_set*() + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Jun 26 10:18:33 2017 +0200 + + Documented use gnutls_priority_set2(). + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Jun 26 10:02:22 2017 +0200 + + priorities: share priority structures across sessions + + As the contents of the priority cache grows, it makes sense to shared + these structures across many sessions (in server side) rather than + copying them to a session. All overrides of the priority contents + were moved to session->internals. On client side where gnutls_priority_set_direct() + is more commonly used, ensure that the set priority is deinitialized. + + That also introduces gnutls_priority_set2() which does not copy the priority + contents by default. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Jun 27 11:19:37 2017 +0200 + + set_client_ciphersuite: use the new internal APIs + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sun Jun 25 16:06:49 2017 +0200 + + .gitignore: ignore new tests + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sun Jun 25 15:32:52 2017 +0200 + + tests: added unit testing for server/client cipher negotiation + + This verifies that the expected algorithm (cipher) is negotiated. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sun Jun 25 12:03:46 2017 +0200 + + tests: added unit testing for server ciphersuite/KX negotiation + + This verifies whether the ciphersuite negotiation will detect and + reject incompatible data present in credentials. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Jun 23 14:00:52 2017 +0200 + + doc: corrected typo + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Jun 23 13:32:09 2017 +0200 + + Renamed fields of sign_algorithm_st + + The new names better reflect the reality with signature algorithms + in TLS 1.3, and correct the initial naming error. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Jun 23 13:24:48 2017 +0200 + + handshake: simplified signature algorithm list generation + + Similarly to ciphersuites, that also utilizes a cache of signature algorithms + on the priority structure which is used to quickly generate the signature + algorithm list. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Jun 23 11:55:23 2017 +0200 + + Eliminated access to obsolete priority cache fields + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Jun 23 10:34:11 2017 +0200 + + handshake: simplified the client-side ciphersuite negotiation + + This takes advantage of the ciphersuite cache in priorities structure + while keeping the same ciphersuite selection checks in place. + + The previous ciphersuite selection checks kept: + * Removing SRP ciphersuites when no SRP credentials are set + * Removing ciphersuites when no corresponding to KX credentials were set + * SCSV addition in SSL 3.0 and fallback SCSV + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Jun 21 11:54:39 2017 +0200 + + handshake: simplified the server-side ciphersuite negotiation + + This eliminates all the back and forth loops in the previous code + while keeping the same ciphersuite selection checks in place. + + The ciphersuite selection tests that were kept: + * Check if key exchange supports the server public key and key usage flags + * Check if DH or other parameters required for the ciphersuite are present + * Find appropriate certificate for the credentials and ciphersuite + * Check whether a curve is negotiated for the ECDH ciphersuites + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Jun 21 10:25:32 2017 +0200 + + priority: include a cache of supported ciphersuites + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Jun 21 09:31:31 2017 +0200 + + removed unused cipher-suite and KX related functions + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Jun 21 09:17:57 2017 +0200 + + algorithm/kx: sorted key exchange algorithms based on current trends + + That optimizes linear search for the common options. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Jun 23 11:07:11 2017 +0200 + + Removed unused functions + + These were identified using callcatcher. + http://www.skynet.ie/~caolan/Packages/callcatcher.html + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Jul 7 15:43:25 2017 +0200 + + fuzz: added make update command [ci skip] + + This allows updating the fuzzer corpus from openssl using a single + command. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Jul 7 15:11:13 2017 +0200 + + fuzz: added corpora from openssl [ci skip] + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Jul 7 14:59:52 2017 +0200 + + fuzz: undid changes related to boringssl server/client corpus format [ci skip] + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Jul 7 14:58:34 2017 +0200 + + fuzz: included verbatim corpus from boringssl + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Jul 7 12:22:23 2017 +0200 + + fuzz: gnutls-client-fuzzer: read directly from memory [ci skip] + + Also updated to read the prefixed boringssl corpus files. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Jul 7 11:45:05 2017 +0200 + + fuzz: gnutls-server-fuzzer: read directly from memory [ci skip] + + Also updated to read the prefixed boring ssl corpus files. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Jul 5 20:14:54 2017 +0200 + + updated auto-generated files + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sat Jul 1 18:00:45 2017 +0200 + + priority_options.gperf: modified for gperf 3.1 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Jul 4 16:12:26 2017 +0200 + + tlsfuzzer: enabled ALPN tests + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Jul 5 21:44:19 2017 +0200 + + updated tlsfuzzer + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Jul 4 16:15:08 2017 +0200 + + ext/alpn: added stricter checks on field lengths + + That is, no longer tolerate empty fields, and error on invalid + lengths. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Jul 4 15:35:25 2017 +0200 + + gnutls-serv: added the --alpn and --alpn-fatal options + + This allows specifying ALPN protocols supported by server, allowing + to test the ALPN negotiation. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Jul 4 11:42:59 2017 +0200 + + fuzz: updated server with multiple keys (ECDSA, RSA) and DH parameters [ci skip] + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sat Jul 1 10:50:57 2017 +0200 + + OCSP: find_signercert: improved DER length calculation + + Previously we were assuming a fixed amount of length bytes which + is not correct for all possible lengths. Use libtasn1 to decode + the length field. + + Resolves: #223 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Jun 30 10:04:01 2017 +0200 + + OCSP: check the subject public key identifier field to figure issuer + + Normally when attempting to match the 'Responder Key ID' in an OCSP response + against the issuer certificate we check (according to RFC6960) against the + hash of the SPKI field. However, in few certificates (see commit: + "added ECDSA OCSP response verification"), that may not be the case. In that + certificate, that value matches the Subject Public Key identifier field + but not the hash. + + To account for these certificates, we enhance the matching to also consider + the Subject Public Key identifier field. + + Relates: #223 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Jun 30 09:33:08 2017 +0200 + + OCSP: added more verbose debug logging on verification + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Jun 29 21:17:34 2017 +0200 + + tests: added ECDSA OCSP response verification + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Jun 30 10:43:20 2017 +0200 + + .travis.yml: do not fail on brew install failures + + brew install seems to fail on several occasions when a newer package + is available than the installed. Ignore those errors rather than + failing build. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Jun 29 14:34:20 2017 +0200 + + tests: added check on saving certs and OCSP responses + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Jun 29 14:28:29 2017 +0200 + + gnutls-cli: save OCSP response at the time certificate is saved + + That ensures that we always save the OCSP response, even when certificate + verification fails. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Jun 6 14:26:07 2017 +0200 + + moved compression-related APIs to compat.h + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Jun 6 08:56:09 2017 +0200 + + doc: removed any references to compression and documented change + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Jun 5 16:20:25 2017 +0200 + + tests: removed tests related to zlib support + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Jun 5 15:58:35 2017 +0200 + + doc update + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Jun 5 15:36:18 2017 +0200 + + Removed support for compression mechanisms + + They are not required for TLS 1.3, and are deprecated for TLS 1.2. + We eliminate them in order to reduce the complexity in the record + packet handling. + + Resolves #212 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Jun 20 13:59:54 2017 +0200 + + gnutls-cli: be less verbose in OCSP error messages + + Previously we were reporting "No issuer found" if any certificate + in a chain could not be verified. That was confusing information + and not strictly necessary. No longer print that. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Jun 20 13:57:15 2017 +0200 + + gnutls-cli: improved error message of OCSP failure + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Jun 20 09:12:39 2017 +0200 + + updated auto-generated files + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Jun 19 20:50:22 2017 +0200 + + tests: ocsptool: added test of --verify-response with --load-chain + + This utilizes the provided chain to find the signer of the + OCSP response. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Jun 20 09:09:41 2017 +0200 + + ocsp: print response's signature algorithm in compact listing + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Jun 20 09:06:01 2017 +0200 + + ocsptool: verify_response will print information on the response + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Jun 20 08:59:45 2017 +0200 + + ocsptool: doc update + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Jun 20 08:31:41 2017 +0200 + + ocsptool: allow combining --load-trust with --verify-response + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Jun 19 20:58:21 2017 +0200 + + ocsptool: --load-chain will sort the input chain + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Jun 19 20:50:22 2017 +0200 + + ocsptool: introduced --verify-allow-broken option + + This allows verification to succeed even when broken algorithms are + involved. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Jun 19 20:47:10 2017 +0200 + + ocsptool: the --verify-response can be combined with --load-chain + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Jun 19 20:27:24 2017 +0200 + + gnutls_certificate_verification_status_print: mention OCSP in error messages + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Jun 16 14:36:43 2017 +0200 + + ocsptool: added --load-chain option + + This option allows to directly verify all the members of a certificate + chain. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Jun 19 08:20:47 2017 +0200 + + doc update + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sun Jun 18 17:35:06 2017 +0200 + + tests: enabled X25519 interop tests with openssl 1.1.0 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sun Jun 18 14:35:57 2017 +0200 + + NORMAL priority: no longer enable the smaller curves by default + + They are not widely enabled by web servers, and they provide no + advantage over X25519. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sun Jun 18 14:35:33 2017 +0200 + + NORMAL priority: enable X25519 curve + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sat Jun 17 14:22:02 2017 +0200 + + pkcs11: cleanups in pkcs11_login() + + Use pkcs11_rv_to_err() to return the right error code map after + PKCS#11 calls; separate checks for already log in status for SO and + user login. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sat Jun 17 14:07:50 2017 +0200 + + tests: pkcs11-mock: reset state when requesting reauth + + That is, for the MOCK_FLAG_SAFENET_ALWAYS_AUTH flag we ensure that + GetSessionInfo() will return the right state when authentication + is required for the first time. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Jun 16 22:04:49 2017 +0200 + + pkcs11: improved handling of HSMs without CKU_CONTEXT_SPECIFIC support + + That is, when the HSM returns CKR_USER_NOT_LOGGED_IN, switch + to CKU_USER, instead of relying to a fallback within pkcs11_login(). + That simplifies login logic. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sun May 28 11:07:50 2017 +0200 + + tests: added unit test for safenet protectserver HSM's PKCS#11 support + + That is, detect whether the absence of C_Login will fallback to CKU_USER + after CKU_CONTEXT_SPECIFIC is tried. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon May 29 11:26:19 2017 +0200 + + pkcs11: simplified pkcs11_login() + + By cleanups, as well as including the reauth flag in the flags option. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon May 29 11:11:24 2017 +0200 + + pkcs11: the GNUTLS_PKCS11_OBJ_FLAG_LOGIN will force a login + + That is, even in tokens which do not have a CKF_LOGIN_REQUIRED flag + a login will be forced. This allows operation on the safenet HSMs + which do not set that flag. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sat May 27 07:24:36 2017 +0200 + + Handle specially safenet HSMs which cannot handle CKU_CONTEXT_SPECIFIC + + These HSMs do not support CKA_ALWAYS_AUTHENTICATE, nor understand CKU_CONTEXT_SPECIFIC, + but rather return CKR_USER_NOT_LOGGED_IN on the first private key operation. + Try to discover that state by calling C_Login when CKR_USER_NOT_LOGGED_IN + is seen, and retrying with CKU_USER after CKU_CONTEXT_SPECIFIC login fails. + See discussion in https://github.com/OpenSC/libp11/issues/160 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Jun 16 12:06:36 2017 +0200 + + Added documentation to legacy openpgp functions + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Jun 16 10:58:23 2017 +0200 + + Removed unnecessary certificate type functionality + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Jun 16 10:23:19 2017 +0200 + + NEWS: doc update + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Jun 16 10:21:52 2017 +0200 + + updated auto-generated files + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Jun 16 10:21:10 2017 +0200 + + doc: removed references to openpgp + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Jun 16 10:14:58 2017 +0200 + + po: removed openpgp/output.c + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Jun 16 09:55:44 2017 +0200 + + guile: removed openpgp related tests + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Jun 16 09:30:41 2017 +0200 + + fuzz: removed the openpgp certificate fuzzer + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Jun 16 09:03:05 2017 +0200 + + tools: removed options for openpgp support + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Jun 16 08:50:32 2017 +0200 + + Removed support for openpgp certificates and keys + + Resolves #178 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Jun 16 08:38:42 2017 +0200 + + tests: removed openpgp related tests + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Jun 7 11:58:25 2017 +0200 + + tests: added reproducer for assertion trigger + + This relates to handshakes with support for RSA-PSS. + Found with oss-fuzz: + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2132 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Daiki Ueno +Date: Thu Jun 8 15:42:30 2017 +0200 + + nettle: ported fix for assertion failure in pss_verify_mgf1 + + Backport the upstream fix from: + https://git.lysator.liu.se/nettle/nettle/commit/b1252fedf6ee1dbb8468d1d3f177711a16e83e52 + + Signed-off-by: Daiki Ueno + +Author: Nikos Mavrogiannopoulos +Date: Thu Jun 8 17:33:21 2017 +0200 + + .gitlab-ci.yml: keep logs of tests in abi build + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Jun 15 13:41:36 2017 +0200 + + doc: simplified the default client example + + Removed optional paths. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Jun 15 13:20:51 2017 +0200 + + tests: added reproducer for OCSP response found test cases + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Jun 15 13:14:23 2017 +0200 + + fuzz: documented location for OCSP-related reproducers + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Jun 15 12:43:48 2017 +0200 + + ocsp: added sanity check in returned length + + This addresses: + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1492 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Jun 15 10:37:53 2017 +0200 + + doc: added/modernized text on AEAD ciphers [ci skip] + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Jun 15 09:09:20 2017 +0200 + + doc update + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Jun 15 09:06:49 2017 +0200 + + tests: improved duplicate extension test + + Instead of sending two duplicate extensions of which one is invalid, + send two valid ones instead. That way, we avoid the possibility of false + positives due to the validation code of the extension contents. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Jun 14 14:15:08 2017 +0200 + + tests: verify that duplicate extensions are rejected + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Jun 14 13:09:44 2017 +0200 + + TLS extensions: added duplicate extension check on server side + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Jun 14 11:15:54 2017 +0200 + + gnutls_init: better naming for internal function + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Jun 13 08:08:56 2017 +0200 + + tests: added unit test for overriding TLS extensions + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Jun 14 11:11:34 2017 +0200 + + TLS extensions: mark each extension which cannot be overriden + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Jun 14 11:02:49 2017 +0200 + + TLS extensions: combined the extension data and resumed data structures + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Jun 12 17:31:19 2017 +0200 + + removed type extension_priv_data_t + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Jun 13 08:02:04 2017 +0200 + + gnutls_int.h: groupped extension structures together + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Jun 12 14:19:23 2017 +0200 + + TLS extensions: several simplifications + + This allows extensions set by the application to override some + of the internal ones. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Jun 14 15:53:13 2017 +0200 + + .gitlab-ci.yml: FreeBSD system is no longer available; disabling for CI [ci skip] + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Jun 12 10:26:13 2017 +0200 + + doc update + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Jun 9 18:53:48 2017 +0200 + + updated auto-generated files + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Jun 9 16:37:48 2017 +0200 + + doc: added reference to privkey export functions + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Jun 9 18:29:18 2017 +0200 + + tests: added basic unit tests for the export_*_raw2() functions + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Jun 9 18:17:34 2017 +0200 + + corrected typo in x962 functions + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Jun 9 16:21:31 2017 +0200 + + pkcs11: do not set leading zeros on integers + + PKCS#11 defines integers as unsigned having most significant byte + first, e.g., 32768 = 0x80 0x00. This is interpreted literraly by + some HSMs which do not accept an integer with a leading zero. + + Resolves: #215 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Jun 9 16:20:05 2017 +0200 + + Introduced functions to export integers with no leading zero + + That is introduced the flag GNUTLS_EXPORT_FLAG_NO_LZ and: + * gnutls_pubkey_export_rsa_raw2 + * gnutls_pubkey_export_dsa_raw2 + * gnutls_pubkey_export_ecc_raw2 + * gnutls_privkey_export_rsa_raw2 + * gnutls_privkey_export_dsa_raw2 + * gnutls_privkey_export_ecc_raw2 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Jun 8 15:03:17 2017 +0200 + + nettle: use older GMP macros for mpz_mod_2exp and mpz_div_2exp + + These ensure that compilation will succeed even when building with gmp-mini. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Jun 8 13:15:00 2017 +0200 + + _gnutls_ucs2_to_utf8: use void* as pointer type to avoid compiler assumptions on alignment [ci skip] + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Jun 8 13:06:19 2017 +0200 + + ciphersuites: removed unused function + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Jun 8 13:00:25 2017 +0200 + + nettle/cipher: document that ctx_ptr is 16-byte aligned, and use void* to avoid compiler assumptions + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Jun 8 12:53:44 2017 +0200 + + certtool: corrected typo in strcmp() use + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Jun 8 11:15:02 2017 +0200 + + _gnutls_x509_privkey_reinit: ensure fields will not be re-used + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Jun 8 09:25:32 2017 +0200 + + certtool: improved error message when public key cannot be figured [ci skip] + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Jun 6 16:05:37 2017 +0200 + + updated auto-generated files for new signing API + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Jun 6 16:00:41 2017 +0200 + + handshake: simplify handshake by using the new signing API + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Jun 6 13:38:05 2017 +0200 + + tests: introduced unit tests of the new signing API + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue May 30 15:39:52 2017 +0200 + + abstract API: introduced new signing functions + + That is, the gnutls_privkey_sign_data2() and gnutls_privkey_sign_hash2(). + The new functions perform signing with input the signature algorithm instead + of the hash algorithm; that allows to use algorithms where the hash algorithm + is not used, or the public key algorithm may be different than the key's. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Jun 7 11:18:07 2017 +0200 + + pkix: removed unused definition + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Jun 6 16:04:53 2017 +0200 + + gnutls_privkey_st: removed unused element + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Jun 6 10:34:33 2017 +0200 + + gnutls_session_get_desc: improved ciphersuite description + + That is, separated the key exchange from the signature algorithm + used by the server, and list them in different fields. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Jun 2 11:16:45 2017 +0200 + + tests: key-import-export: use cert-common.h + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Jun 2 17:04:45 2017 +0200 + + tests: simplified CPPFLAGS of tests using internal gnutls funcs + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Jun 6 12:54:24 2017 +0200 + + tests: key-exchange: added error checking in gnutls_certificate_set_x509_key_mem + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Jun 6 10:58:33 2017 +0200 + + _gnutls_check_key_cert_match: account for RSA and RSA-PSS mismatches + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Jun 6 09:49:09 2017 +0200 + + certtool: fix DER export with --p7-info + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Jun 5 13:21:38 2017 +0200 + + updated auto-generated files + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Jun 5 10:01:07 2017 +0200 + + doc update + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Jun 5 09:59:49 2017 +0200 + + psktool: minor documentation updates + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Jun 5 09:52:53 2017 +0200 + + tests: added basic functionality check for psktool + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Jun 5 09:50:07 2017 +0200 + + psktool: increased default key size to 256-bits + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Jun 5 09:39:49 2017 +0200 + + psktool: do not assume any default key file + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Daniel Kahn Gillmor +Date: Wed May 31 12:58:58 2017 -0400 + + clarify documentation and arguments for psktool + + * psktool's -p argument should really be short for --pskfile, not + --passwd. there is no passwd involved. + + * the example documentation switches names halfway through, which is + confusing. + + * there is no prompt for a password. do not mention it in the + example. + +Author: Nikos Mavrogiannopoulos +Date: Mon May 29 09:22:44 2017 +0200 + + tests: added unit test to verify that certificates with non-DER strict time fields are accepted + + Also removed the old strict compliance DER test. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon May 29 09:15:27 2017 +0200 + + Tolerate DER time encoding errors + + It seems that openssl generated certificates may contain invalid + formatted times, and gnutls will no longer parse them. Ignore such + formatting errors when DER decoding. + + We should reconsider this in the future (#207) + + Resolves #196 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Jun 5 10:24:04 2017 +0200 + + tests: enhanced OID tests with OIDs for SHA3 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Jun 5 10:21:54 2017 +0200 + + tests: enhanced OID tests with OIDs for RSA-PSS + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sun Jun 4 13:56:04 2017 +0200 + + .gitlab-ci.yml: added aarch64 build based on Debian + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed May 31 14:55:19 2017 +0200 + + _gnutls_PRF: was made inline function + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed May 31 14:29:10 2017 +0200 + + tests: added low-level unit tests on TLS 1.0 and 1.2 PRFs + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed May 31 13:52:03 2017 +0200 + + prf: implement the TLS 1.0 and 1.2 PRFs using nettle + + That simplifies the existing PRF code and moves it in the + crypto-backend component. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed May 31 12:00:26 2017 +0200 + + doc: refer to the site for commercial support options + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed May 31 11:29:08 2017 +0200 + + tests: mini-record-retvals: include AES-CBC tests + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed May 31 11:36:30 2017 +0200 + + tests: eliminated build warnings + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed May 31 08:55:54 2017 +0200 + + tests: combined tables of sign-verify tests + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue May 30 19:54:48 2017 +0200 + + Only accept known public key algorithms in the GNUTLS_PRIVKEY_EXT private keys + + The reason is that this API, assumes very low level primitives which + are not available for the newer RSA-PSS private keys. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue May 30 19:42:36 2017 +0200 + + _gnutls_privkey_*_sign_params: added support for GNUTLS_PRIVKEY_EXT keys + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue May 30 19:25:11 2017 +0200 + + tests: added basic test on "external" keys with gnutls_privkey_import_ext2() + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue May 30 16:53:14 2017 +0200 + + gnutls_x509_privkey_sign_data: wrap over gnutls_privkey_sign_data() + + That will allow this function to operate with the new key types. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue May 30 16:43:28 2017 +0200 + + tests: added unit tests for the gnutls_x509_* sign/verify APIs + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon May 29 15:23:21 2017 +0200 + + tests: added tests signature validation using the sign/verify_data APIs + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue May 30 16:24:05 2017 +0200 + + Separated use of GNUTLS_PRIVKEY_FLAG_PROVABLE and GNUTLS_PRIVKEY_SIGN_FLAG_REPRODUCIBLE + + For simplicity, rename GNUTLS_PRIVKEY_SIGN_FLAG_REPRODUCIBLE to GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue May 30 16:19:25 2017 +0200 + + _gnutls_privkey_find_sign_params: renamed and simplified + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue May 30 15:40:40 2017 +0200 + + gnutls_privkey_sign_hash: removed duplicate code + + The same code was available in _gnutls_privkey_find_sign_params(). + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue May 30 10:47:12 2017 +0200 + + GNUTLS_E_INSUFFICIENT_SECURITY: moved to fatal errors + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon May 29 16:22:27 2017 +0200 + + tls-sig: re-organize and simplify the TLS signature generation and verification + + That makes sure that the high level APIs are used when possible, and + separate the TLS 1.2 from other code paths. This will allow supporting + signature schemes like EdDSA and others. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue May 30 10:59:53 2017 +0200 + + tests: modify tests to allow signatures with SHA1 + + There were several tests that were utilizing SHA1 signatures but were + not failing due to the bug in gnutls_pubkey_verify_hash2(). + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed May 31 10:12:31 2017 +0200 + + gnutls_pubkey_verify_hash2: do not allow GNUTLS_VERIFY_USE_TLS1_RSA with non-RSA keys + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue May 30 10:42:27 2017 +0200 + + gnutls_pubkey_verify_hash2: check for broken signature algorithms + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue May 30 10:13:16 2017 +0200 + + gnutls_pubkey_verify_data2: do not utilize GNUTLS_VERIFY_USE_RSA_PSS + + This flag is not required for verification since the signature algorithm + is sufficient to detect RSA-PSS without requiring any flags. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue May 30 10:36:59 2017 +0200 + + tests: do not utilize GNUTLS_VERIFY_USE_RSA_PSS + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon May 29 08:55:47 2017 +0200 + + certtool: do not ask for password when exporting to PKCS#8 implicitly + + Previously --generate-privkey wouldn't ask for password unless --pkcs8 + was explicitly given. Keep that behavior, and do not ask for any password + even if we need to export to PKCS#8 for some key types. Always require + the --pkcs8 option to encrypt with password. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon May 29 08:43:14 2017 +0200 + + updated auto-generated files + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon May 29 08:37:03 2017 +0200 + + doc: mention RSA-PSS-SHA* signature algorithms + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon May 29 08:33:44 2017 +0200 + + certtool: replaced rsa-pss-sign with sign-params option + + This option could accomodate future enhancements/additions in + certificate signining. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon May 29 08:26:41 2017 +0200 + + certtool: better documentation on rsa-pss-sign + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri May 26 13:30:18 2017 +0200 + + replaced MAX_SIGNATURE_ALGORITHMS macro with MAX_ALGOS + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri May 26 13:19:08 2017 +0200 + + tests: added unit test for gnutls_sign_supports_pk_algorithm() + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri May 26 10:44:41 2017 +0200 + + tls-fuzzer: ignore the incomplete RSA-PSS tests + + These tests fail because tls-fuzzer currently does not properly implement + RSA-PSS. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri May 26 10:06:34 2017 +0200 + + tests: verify that generated RSA-PSS keys can be read with certtool -k + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri May 26 10:01:04 2017 +0200 + + certtool: use PKCS#8 format for generated RSA-PSS keys + + An RSA-PSS key has additional parameters which cannot be stored + in the "standard" PKCS#1 format. For that when asked to generate + an RSA-PSS key, we export to the PKCS#8 form. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri May 26 09:52:33 2017 +0200 + + doc update + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri May 26 08:57:11 2017 +0200 + + tests: x509sign-verify: include ECDSA and RSA-PSS key tests + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri May 26 08:22:07 2017 +0200 + + tlsfuzzer: the test-certificate-verify-malformed check now passes + + Previously it was expecting a different alert code than gnutls returned. + Now gnutls returns the expected alert code (GNUTLS_A_DECRYPT_ERROR) + on malformed signatures. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu May 25 16:35:18 2017 +0200 + + alert: map GNUTLS_E_PK_SIG_VERIFY_FAILED to GNUTLS_A_DECRYPT_ERROR + + This makes server respond with GNUTLS_A_DECRYPT_ERROR on malformed signatures, + which is the expected behavior. Hinted by Hubert Kario. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu May 25 16:18:25 2017 +0200 + + Increased the maximum number of signature algorithms + + That allows including all the existing signatures including DSA. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu May 25 14:30:17 2017 +0200 + + x509sign-verify: corrected test to perform RSA tests on RSA keys + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu May 25 14:01:53 2017 +0200 + + tests: added tests for RSA-PSS key exchange under TLS 1.2 + + That includes tests with RSA and RSA-PSS server and client certificates. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu May 25 14:53:43 2017 +0200 + + publickey: map RSA ciphersuites to GNUTLS_PK_RSA_PSS + + That is in addition to GNUTLS_PK_RSA + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Dmitry Eremin-Solenikov +Date: Wed Nov 30 06:40:39 2016 +0300 + + Rework KX -> PK mappings + + GOST VKO and PSS keys would support several public keys, so change + the previous 1:1 kx->pk mapping into 1:many. + + Signed-off-by: Dmitry Eremin-Solenikov + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu May 25 12:45:08 2017 +0200 + + tests: added TLS 1.2 tests with RSA-PSS signatures on RSA certificates + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu May 25 11:50:38 2017 +0200 + + gnutls_privkey_sign_hash: use the GNUTLS_PRIVKEY_SIGN_FLAG_RSA_PSS flag + + That is, the privkey_sign_hash() function was made static (no users other + than the same file), and gnutls_privkey_sign_hash will take into account + the GNUTLS_PRIVKEY_SIGN_FLAG_RSA_PSS, if specified. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu May 25 11:33:49 2017 +0200 + + tls-sig: sign with RSA-PSS when requested by negotiated signature algorithm + + That is, when signing a TLS message, take into account the + negotiated signature algorithm, in addition to the hash algorithm + to decide which flags to pass to gnutls_privkey_sign_hash(). This + allows signing the handshake messages with RSA-PSS even when an RSA + key is present. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu May 25 11:19:12 2017 +0200 + + priority: enabled RSA-PSS signatures by default + + They are prioritized low on the list to reduce compatibility + issues in case they are wrongly implemented in gnutls or in the + peer implementation. To be revised when more elaborate compatibility + tests are made. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu May 25 11:13:23 2017 +0200 + + ext/signature: accept compatible algorithms with PK + + That is instead of using a 1-1 mapping of signature algorithms + to public key algorithms, use gnutls_sign_supports_pk_algorithm() + to determine whether algorithms match. That way we can allow + GNUTLS_SIGN_RSA_PSS_SHA256 under GNUTLS_PK_RSA and GNUTLS_PK_RSA_PSS + keys. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu May 25 11:12:33 2017 +0200 + + gnutls_pubkey_verify_hash2: corrected operation with RSA-PSS keys + + That is, do not check the flag GNUTLS_VERIFY_USE_RSA_PSS, as we + already have enough information to determine whether an RSA-PSS + signature is used (the sign algorithm). Also return the code + GNUTLS_E_INCOMPATIBLE_SIG_WITH_KEY when a signature algorithm + incompatible with the public key is encountered. + + In addition, fixed few misplacements of GNUTLS_PK_RSA_PSS in switch + cases. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu May 25 10:48:30 2017 +0200 + + Introduced gnutls_sign_supports_pk_algorithm() + + This function allows to test whether a combination of public key + algorithm and signature algorithm are supported. This is introduced + for RSA-PSS signatures which can be generated by a GNUTLS_PK_RSA key + or by a GNUTLS_PK_RSA_PSS key. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Daiki Ueno +Date: Thu Mar 16 11:38:58 2017 +0100 + + x509: implement RSA-PSS signature scheme + + This patch enables RSA-PSS signature scheme in the X.509 functions and + certtool. + + When creating RSA-PSS signature, there are 3 different scenarios: + + a. both a private key and a certificate are RSA-PSS + b. the private key is RSA, while the certificate is RSA-PSS + c. both the private key and the certificate are RSA + + For (a) and (b), the RSA-PSS parameters are read from the certificate. + Any conflicts in parameters between the private key and the certificate + are reported as an error. + + For (c), the sign functions, such as gnutls_x509_crt_privkey_sign() or + gnutls_privkey_sign_data(), shall be instructed to generate an RSA-PSS + signature. This can be done with the new flag + GNUTLS_PRIVKEY_SIGN_FLAG_RSA_PSS. + + Verification is similar to signing, except for the case (c), use the + flag GNUTLS_VERIFY_USE_RSA_PSS instead of + GNUTLS_PRIVKEY_SIGN_FLAG_RSA_PSS. + + From the command line, certtool has a couple of new options: --rsa-pss + and --rsa-pss-sign. The --rsa-pss option indicates that the generated + private key or certificate is restricted to RSA-PSS, while the + --rsa-pss-sign option indicates that the generated certificate is signed + with RSA-PSS. + + For simplicity, there is no means of choosing arbitrary salt length. + When it is not given by a private key or a certificate, it is + automatically calculated from the underlying hash algorithm and the + RSA modulus bits. + + [minor naming changes by nmav] + + Signed-off-by: Daiki Ueno + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu May 25 10:19:22 2017 +0200 + + fuzz: added RSA-PSS certificate + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Daiki Ueno +Date: Fri Mar 31 14:36:46 2017 +0200 + + build: import files from Nettle for RSA-PSS + + Signed-off-by: Daiki Ueno + +Author: Nikos Mavrogiannopoulos +Date: Sat May 27 07:29:44 2017 +0200 + + libtasn1: updated to 4.11 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu May 25 15:10:17 2017 +0200 + + updated auto-generated files + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu May 25 09:39:10 2017 +0200 + + tests: added unit tests for gnutls_de/encode_rs_value + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu May 25 08:38:43 2017 +0200 + + pk: exported gnutls_decode_rs_value() and gnutls_encode_rs_value() + + These functions allow encoding to and from a Dss-Sig-Value. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri May 26 12:43:21 2017 +0200 + + tests: skip x86-specific tests when not in x86 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri May 26 10:56:30 2017 +0200 + + updated auto-generated files + +Author: Nikos Mavrogiannopoulos +Date: Fri May 26 10:18:09 2017 +0200 + + tests: tls-fuzzer: corrected unlocking at tls-fuzzer-cert.sh + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri May 26 10:42:28 2017 +0200 + + examples: made a comment that getpass() output needs to be sanitized + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri May 26 10:13:05 2017 +0200 + + certtool: avoid printing legacy options in --help + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed May 24 17:34:31 2017 +0200 + + Makefile: improved code coverage extraction from lcov output + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed May 24 15:48:31 2017 +0200 + + configure: warn when building as static library [ci skip] + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed May 24 14:01:56 2017 +0200 + + gnutls_ocsp_status_request_enable_client: removed support for problematic parameters + + Removed support for responder_id and extensions parameters. These + had very difficult semantics to use and the underlying implementation + had encoding errors, meaning there was no interoperation with other + clients. Given that issue it means there are no applications depending on + these parameters; ignore these parameters completely and no longer send + either responder_id or extensions. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed May 24 11:48:24 2017 +0200 + + gnutls_ocsp_status_request_enable_client: documented requirements for parameters + + That is, the fact that extensions and responder_id parameters must be + allocated, and are assigned to the session. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed May 24 11:38:16 2017 +0200 + + ext/status_request: Removed the parsing of responder IDs from client extension + + These values were never used by gnutls, nor were accessible to applications, + and as such there is not reason to parse them. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed May 24 10:46:03 2017 +0200 + + ext/status_request: ensure response IDs are properly deinitialized + + That is, do not attempt to loop through the array if there is no array + allocated. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed May 24 10:28:28 2017 +0200 + + tlsfuzzer: enabled ocsp stapling test + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed May 24 10:17:09 2017 +0200 + + tlsfuzzer: updated to latest version + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue May 23 09:26:10 2017 +0200 + + self-tests: limit compatibility API checks to vectors with plaintext + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon May 22 16:43:38 2017 +0200 + + tests: on cipher override do not run the compatibility checks + + That is, because we introduce a cipher using the new AEAD API which + does not provide compatibility hooks. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon May 22 16:41:48 2017 +0200 + + self-tests: introduced flag GNUTLS_SELF_TEST_FLAG_NO_COMPAT + + This allows skipping the compatibility APIs when running self tests. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon May 22 16:39:14 2017 +0200 + + self-tests: all parameter was replaced by flags + + This allows to introduce more options than just check all + ciphers. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon May 22 14:41:56 2017 +0200 + + aarch64: fix AES-GCM in-place encryption and decryption + + Resolves #204 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon May 22 11:54:25 2017 +0200 + + crypto: self-tests: enhance to include compatibility APIs + + That is, run the compatibility gnutls_cipher_* APIs on self tests + for AEAD ciphers in addition to the AEAD API. + + Relates #204 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon May 22 14:23:14 2017 +0200 + + crypto-api: refuse to run gnutls_cipher_init() in full AEAD modes + + That is, there are AEAD modes like CCM that can only be used through + the AEAD API. Always refuse calls to gnutls_cipher_init() in these + modes. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon May 22 09:19:53 2017 +0200 + + doc: corrected error in gnutls_x509_privkey_sign_data parameters [ci skip] + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sat May 20 20:41:30 2017 +0200 + + sysrng-linux: improved detection of getrandom() + + The getrandom() call is defined in sys/random.h. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sat May 20 20:34:40 2017 +0200 + + gnutls-cli: use 16k buffers in --benchmark-tls-ciphers + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sat May 20 20:31:33 2017 +0200 + + gnutls-cli: cleaned up --benchmark-ciphers output + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sat May 20 20:20:34 2017 +0200 + + gnutls-cli: no longer include arcfour in benchmarks + + This cipher is considered broken and no longer included in + the default set of ciphers. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sat May 20 08:51:55 2017 +0200 + + documented the make files-update make option + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sat May 20 08:48:26 2017 +0200 + + updated auto-generated files + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sat May 20 08:26:47 2017 +0200 + + tests: added TLS server test for multi-key usage + + That is, a server which utilizes both RSA and ECDSA keys. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sat May 20 08:14:59 2017 +0200 + + p11tool: mark provider opts as deprecated + + That is, to avoid listing that option in p11tool --help, as it is + only useful for debugging very low level interfaces with PKCS#11 + parameter passing. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Dmitry Eremin-Solenikov +Date: Sat May 20 02:19:17 2017 +0300 + + gnutls-serv: allow user to specify multiple x509certile/x509keyfile + + Instead of adding more and more variants like x509dsakeyfile or + x509ecckeyfile (counting eddsa and gost in future), allow user to + specify x509certfile/x509keyfile multiple times. Keep the old + options as compatibility options. + + Signed-off-by: Dmitry Eremin-Solenikov + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Dmitry Eremin-Solenikov +Date: Thu May 18 23:55:57 2017 +0300 + + Fix two memory leaks in debug output of gnutls tools + + Signed-off-by: Dmitry Eremin-Solenikov + +Author: Dmitry Eremin-Solenikov +Date: Wed Nov 30 07:13:09 2016 +0300 + + Don't let GnuTLS headers in NETTLE_CFLAGS override local headers + + Change order of CFLAGS so that local headers always come before ones in + $(NETTLE_CFLAGS). + + Signed-off-by: Dmitry Eremin-Solenikov + +Author: Nikos Mavrogiannopoulos +Date: Fri May 12 17:58:55 2017 +0200 + + find_signer: eliminate memory leak + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Karl Tarbe +Date: Mon May 8 15:06:33 2017 +0300 + + tests: add test for signing with certificate list + + Signing with one certificate, but includes the other certificates + inside the PKCS#7 structure. + + Signed-off-by: Karl Tarbe + +Author: Karl Tarbe +Date: Thu May 4 16:46:14 2017 +0300 + + certtool: allow multiple certificates in --p7-sign + + Signed-off-by: Karl Tarbe + +Author: Andreas Metzler +Date: Sun May 14 11:21:07 2017 +0200 + + Fix autoconf progress message concerning heartbeat [ci skip] + +Author: Nikos Mavrogiannopoulos +Date: Thu May 11 22:03:08 2017 +0200 + + doc: corrected typo [ci skip] + + Reported by Andreas Metzler. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu May 11 22:01:10 2017 +0200 + + test: corrected typo preventing the run of openpgp test [ci skip] + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed May 10 17:43:32 2017 +0200 + + updated auto-generated files + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed May 10 17:23:54 2017 +0200 + + pkcs11_override_cert_exts: do not use CKA_X_DISTRUSTED flag when retrieving + + This flag was introduced in order for reducing the number of duplicate + stapled extensions returned by p11-kit. Unfortunately that fix was bogus + and in fact it resulted to p11-kit not returning any stapled extensions. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed May 10 17:08:11 2017 +0200 + + tests: added unit test for p11-kit trust store + + This verifies whether an Example Root CA can be read together + with its stapled extensions. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed May 10 16:40:10 2017 +0200 + + p11tool: added the --provider-opts option + + This option allows passing parameters to the PKCS#11 module + loading process, i.e., passed to gnutls_pkcs11_add_provider(). + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed May 10 16:34:25 2017 +0200 + + pkcs11_add_provider: allow passing parameters to p11-kit trust module + + When the @params argument of gnutls_pkcs11_add_provider() starts with + 'p11-kit:' the specified provider is loaded as an unmanaged module + and the rest of parameters are being passed opaque to the module. This + allows loading for example the p11-kit trust module with a custom path + for the trust database. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue May 9 22:03:45 2017 +0200 + + tests: introduced checks in alternative chain discovery + + These cope with alternative chain discovery in the case of insecure + algorithm found in the chain. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue May 9 21:24:36 2017 +0200 + + tests: modified pkcs1-pad to account for alt path search + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon May 8 06:43:28 2017 +0200 + + gnutls_x509_trust_list_verify_crt2: treat signers with insecure algorithms as unknown + + The reason is that many servers utilize a legacy chain to improve compatibility + with old clients and that chain often contains insecure algorithm. In that case + try to construct alternative paths. To maintain compatibility with previous + versions, we ensure that the same error code (verification status) is returned + in these cases as before by sending the cached error if the alternative path fails + too. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue May 9 20:57:40 2017 +0200 + + updated auto-generated files + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue May 9 20:57:00 2017 +0200 + + Makefile: files-update directive will update the auto-generated files in src/ + + This simplifies the update of files generated by autogen. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon May 8 07:02:16 2017 +0200 + + tests: added check for gnutls-cli's sni-hostname option + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon May 8 06:13:59 2017 +0200 + + gnutls-cli: introduced --sni-hostname option + + This allows overriding the value set on the TLS server name indication + extension. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed May 10 10:39:22 2017 +0200 + + Makefile: added phony targets to .PHONY [ci skip] + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue May 9 14:51:44 2017 +0200 + + fuzz: doc update [ci skip] + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon May 8 06:27:21 2017 +0200 + + errors.h: _gnutls_cert_log will only print on non-null certificates + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nicolas Dufresne +Date: Fri Apr 28 17:17:32 2017 -0400 + + rsa-psk: Use the correct username datum + + In rsa-psk we properly request username for the case the + application uses a callback, but later we use the username + cached in the credentials structure. This will lead to empty + username issues. + + Signed-off-by: Nicolas Dufresne + +Author: Nikos Mavrogiannopoulos +Date: Sat May 6 23:06:45 2017 +0200 + + tests: added check for PSK client callback in RSA-PSK + + This check verifies whether gnutls_psk_client_credentials_function + is operational, and the parameters sent are taken into account + by the server. + + Relates !364 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sat May 6 22:47:32 2017 +0200 + + tests: simplified name of mini-rsa-psk check + + In addition modernize the used APIs and added explicit check + on the received by the server username value. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri May 5 14:31:30 2017 +0200 + + tests: utilize the email_protection_key template option + + This ensures that generated certificates and requests will + include that key purpose when the option is present. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri May 5 14:21:13 2017 +0200 + + certtool: introduced the email_protection_key option + + This option was introduced in documentation for certtool without + an implementation of it. It is a shortcut for option + key_purpose_oid = 1.3.6.1.5.5.7.3.4 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Andreas Metzler +Date: Mon May 1 19:20:38 2017 +0200 + + gnutls-cli: Use CRLF with --starttls-proto=smtp. + + Closes https://gitlab.com/gnutls/gnutls/issues/200 + +Author: Nikos Mavrogiannopoulos +Date: Mon May 1 01:43:40 2017 +0200 + + doc: remove libidn from instructions and add libidn2 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon May 1 00:59:12 2017 +0200 + + doc: update + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon May 1 00:26:47 2017 +0200 + + added newline in debug messages [ci skip] + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Apr 4 20:13:11 2017 +0200 + + Removed support for libidn1 + + Currently we support both IDNA2003 and IDNA2008. However, IDNA2003 + is already obsolete by registrars and NICs, thus there is no reason + to continue supporting it. We switch to IDNA2008 exclusively using libidn2. + + Resolves #194 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon May 1 12:44:46 2017 +0200 + + updated minitasn1 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon May 1 12:42:57 2017 +0200 + + gnutls.h: introduced GNUTLS_E_ASN1_TIME_ERROR + + This corresponds to libtasn1 ASN1_TIME_ENCODING_ERROR and + indicates an error in the DER or BER encoding of time field. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sun Apr 30 13:25:16 2017 +0200 + + gnutls_pkcs12_simple_parse: set to null vars after deinitialization + + This avoids having the variables being deinitialized twice during + cleanup. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sun Apr 30 12:52:51 2017 +0200 + + tests: enhance with checks to verify that textual IPs are not matched + + That verifies that the hostname check verification function will + not succeed if given textual IPs, and the certificate contains + textual IPs in DNSname or in the CN fields. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sat Apr 29 13:30:50 2017 +0200 + + gnutls_x509_crt_check_hostname2: no match dns fields against IPs + + Previously we were checking textual IP address matching against + the DNS fields. This match was non-standard and was intended to + work around few broken servers. However that also led to not + evaluating and IP constraints for that IP. No longer follow that + broken behavior. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sun Apr 30 12:45:19 2017 +0200 + + tests: check against symbols present only in IDNA2003 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sat Apr 29 14:00:24 2017 +0200 + + gnutls_idna_map: fallback to IDNA2008 transitional encoding on failure + + This aligns with the behavior of firefox, which maps to IDNA2008, and + fallbacks to IDNA2003 if that fails (e.g., mapping doesn't exist). + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Apr 28 23:12:19 2017 +0200 + + fuzz: fix leaks in PKCS#12 fuzzer + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Apr 28 22:46:48 2017 +0200 + + pkcs12: release CRL data on error path + + This addresses issue: + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1295 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Apr 25 12:01:25 2017 +0200 + + doc: added gnutls_ext_flags_t enumeration + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Apr 25 11:55:10 2017 +0200 + + _gnutls_base64_decode: corrected leak on decoding error + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Apr 25 11:08:47 2017 +0200 + + tests: fixed expected error code in base64 check + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Apr 25 15:15:27 2017 +0200 + + certtool: ensure no leaks on pkcs12_info() error paths + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Apr 25 11:02:01 2017 +0200 + + tests: added reproducer for mem leak in PKCS#12 decoding + + This relates to: + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1173 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Apr 25 10:59:58 2017 +0200 + + pkcs12: eliminate mem leaks in _pkcs12_decode_safe_contents + + This makes sure we deinitialize previously available elements. + This addresses: + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1173 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Apr 25 10:48:46 2017 +0200 + + cleanups in _pkcs12_decode_safe_contents + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Apr 25 10:36:22 2017 +0200 + + pkcs12: clean ups in PKCS#12 parsing + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Apr 24 14:16:24 2017 +0200 + + Added explicit check for the bounds of the generated 'd'. + + This is according to FIPS186-4 sec. B.3.1. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Apr 24 13:06:45 2017 +0200 + + fips140-2: enhanced check of generated parameters + + That is, replaced all assert() calls with if statements to allow + gracefull fail. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Apr 24 13:11:04 2017 +0200 + + dsa-fips.h: include nettle/bignum.h to allow compilation under nettle-mini + + Relates #197 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Apr 25 09:50:08 2017 +0200 + + tests: added base64 reproducer of mem leak + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Apr 24 13:28:39 2017 +0200 + + doc update [ci skip] + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sun Apr 23 11:54:38 2017 +0200 + + gnutls.h: introduced flag GNUTLS_EXT_FLAG_OVERRIDE_INTERNAL [ci skip] + + This flag is expected to be used by applications which handle + custom extensions that are not currently supported in gnutls, but + support for them may be added in the future. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Apr 21 09:28:47 2017 +0200 + + _gnutls_base64_decode: addressed memory leak in decoding + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Apr 21 09:19:56 2017 +0200 + + gnutls_pem_base64_decode: allow decoding raw base64 data + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Apr 21 09:14:18 2017 +0200 + + tests: check whether gnutls_pem_base64_decode2 decodes with null argument + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Apr 21 09:12:51 2017 +0200 + + Revert "gnutls_pem_base64_decode: allow decoding raw base64 data" + + This reverts commit fa86fc6892d6551340f24da6a6af4f484a62b884. + +Author: Nikos Mavrogiannopoulos +Date: Thu Apr 20 16:34:56 2017 +0200 + + doc: clarifications on custom thread override [ci skip] + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Apr 20 14:03:39 2017 +0200 + + fuzz: added PEM base64 decoder and encoder fuzzers [ci skip] + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Apr 19 20:04:59 2017 +0200 + + fuzz: openpgp fuzzer always succeeds when no support is present [ci skip] + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Apr 14 01:18:56 2017 +0300 + + lib/system/fastopen: simplified TCP fast open for OSX + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Tim Rühsen +Date: Mon Apr 10 12:39:46 2017 +0200 + + lib/system/fastopen: Add TCP Fast Open for OSX + + Signed-off-by: Tim Rühsen + +Author: Nikos Mavrogiannopoulos +Date: Sat Apr 8 16:37:28 2017 +0200 + + doc: removed incorrect comment + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sat Apr 8 17:02:35 2017 +0200 + + gnutls_dh_get_pubkey: fixed operation under PSK authentication + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sat Apr 8 16:15:36 2017 +0200 + + tests: test gnutls_dh_get_pubkey in PSK auth + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sat Apr 8 16:33:09 2017 +0200 + + tests: combined and enhanced DH params tests + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sat Apr 8 16:25:49 2017 +0200 + + tests: added DH parameter check in X.509 auth + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sat Apr 8 16:18:26 2017 +0200 + + tests: added basic test on gnutls_dh_params_cpy + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sat Apr 8 16:14:06 2017 +0200 + + tests: test gnutls_dh_get_pubkey in anonymous auth + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sat Apr 8 16:15:46 2017 +0200 + + doc update + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sat Apr 8 15:50:16 2017 +0200 + + tests: added basic unit test on gnutls_random_art() + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Apr 7 22:51:09 2017 +0200 + + doc: fixed documentation for various function parameters + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Apr 7 22:37:54 2017 +0200 + + .gitlab-ci.yml: removed the coverage run under pkcs11 trust store + + It was causing inaccurate total coverage numbers. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Apr 7 16:56:06 2017 +0200 + + .gitlab-ci.yml: added runs under the PKCS#11 trust store in fedora + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Apr 7 16:51:46 2017 +0200 + + tests: use gnutls_global_init instead of global_init + + The reason is to force initialization of the PKCS#11 backend, + and thus support for any PKCS#11 trust store when setup. + This fixes running the test suite in Fedora. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Apr 7 14:42:10 2017 +0200 + + tests: added checks with certificates that contain invalid time field + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Apr 7 14:33:29 2017 +0200 + + x509/time: reject invalid dates in local mktime() + + Resolves #135 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Apr 7 14:25:34 2017 +0200 + + certtool: added newline in error message + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Apr 7 14:09:31 2017 +0200 + + tests: added basic check for systemkey tool + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Apr 7 14:05:45 2017 +0200 + + systemkey: improved error message on unsupported systems + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Apr 7 14:00:41 2017 +0200 + + tests: enhanced tofu trustdb checks + + Include checks which store and load commitments from the user's home + directory. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Apr 7 10:35:33 2017 +0200 + + tests: do not run pkgconfig test in systems with invalid libidn flags + + This prevents our test from failing, due to invalid flags found in + a dependency of ours. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Apr 7 13:30:16 2017 +0200 + + doc: fixed tpmtool and psktool documentation + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Apr 7 09:39:50 2017 +0200 + + doc update + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Apr 7 09:38:45 2017 +0200 + + tests: added unit tests for the base64 raw decoding functions + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Apr 7 09:37:10 2017 +0200 + + gnutls_pem_base64_decode: allow decoding raw base64 data + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Apr 7 09:26:01 2017 +0200 + + x509/output: do not print usage entry when there is none + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Apr 7 09:21:19 2017 +0200 + + certtool: improved printing of the key PIN and key ID + + That is, on private keys use the same format when printing + the public Key ID and public key PIN, as when printing it + in certificates. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Apr 6 18:34:56 2017 +0200 + + .gitlab-ci.yml: fixed freebsd build project restriction + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Apr 6 18:18:02 2017 +0200 + + certtool: print the key PIN on private and public keys + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Apr 6 18:09:14 2017 +0200 + + gnutls_pem_base64_encode2: do raw base64 when msg is NULL + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Apr 7 08:33:54 2017 +0200 + + .gitlab-ci.yml: simplified CI setup + + This makes builds independent by reducing interactions between + artifacts of builds. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Apr 6 11:53:33 2017 +0200 + + fuzz: do not enable the openpgp fuzzer when openpgp is disabled + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Apr 5 14:50:43 2017 +0200 + + serv: fixed carriage return stripping in strip() + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Apr 5 14:47:30 2017 +0200 + + Mark with (void) the remove() function and other unchecked functions + + This allows static analysers to properly warn on unchecked return values. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Apr 5 14:29:16 2017 +0200 + + gnutls-cli: fixed minor coverity identified issues + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Apr 5 14:26:52 2017 +0200 + + certtool: fixed newline skip code in smime-to-p7 code + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Apr 5 14:12:03 2017 +0200 + + tests: added unit test for the certtool smime conversion functionality + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Apr 5 13:41:36 2017 +0200 + + certtool: fixed minor issues pointed out by coverity + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Apr 5 13:38:06 2017 +0200 + + gnutls-cli: better resource management in benchmark cmd + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Apr 5 13:30:22 2017 +0200 + + is_level_acceptable: ensure issuer is not dereferenced when null + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Apr 5 13:25:08 2017 +0200 + + certtool: guard the value of tl before gnutls_pkcs7_verify + + This utilizes assert() as it cannot be triggered in practice. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Apr 5 13:20:44 2017 +0200 + + Avoid using ASN1_MAX_NAME_SIZE directly + + Since ASN1_MAX_NAME_SIZE refers to a single element in the asn1 + tree, it is not suitable to hold the maximum combined name. Instead + use a local definition of MAX_NAME_SIZE, which is a multiple of + the ASN1_MAX_NAME_SIZE. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Apr 5 13:15:38 2017 +0200 + + gnutls_x509_crq_set_challenge_password: don't accept null password + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Apr 5 13:13:26 2017 +0200 + + Mark with (void) the functions where the returned value is not checked intentionally + + This allows static analysers to properly warn on unchecked return values. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Apr 5 13:08:11 2017 +0200 + + removed duplicate code + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Apr 5 12:47:03 2017 +0200 + + handshake/record: mark with comments all expected fall-through switches + + This reduces warnings from static analysers like coverity and makes + explicit the intention. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Apr 5 12:42:18 2017 +0200 + + gnutlsxx.cpp: fixed misleading indentation issues + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Apr 5 12:39:23 2017 +0200 + + doc: document intended fallthrough + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Apr 5 12:36:52 2017 +0200 + + tests: fixed possible buffer overflow to avoid spurious complaints + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Apr 5 12:34:56 2017 +0200 + + updated auto-generated files + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Apr 5 11:54:45 2017 +0200 + + x509.h: added macro for inhibit any policy + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Apr 5 11:50:29 2017 +0200 + + NEWS: updated + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Apr 5 10:24:17 2017 +0200 + + doc: documented the inhibit any policy extension + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Apr 5 11:08:09 2017 +0200 + + tests: added PKCS#12 unit test with AES file + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Apr 4 16:36:48 2017 +0200 + + tests: added unit test for inhibit anypolicy generation + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Apr 5 15:36:47 2017 +0200 + + supported_exts: inhibit anypolicy is listed as supported + + Since we don't support certificate verification based on policies, + we make sure we do not reject any certificates based on the inhibit + any policy extension being present. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Apr 4 16:27:34 2017 +0200 + + certtool: added template option inhibit_anypolicy_skip_certs + + This option writes the inhibit anyPolicy option in a certificate. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Apr 4 16:25:47 2017 +0200 + + x509: output the inhibit anyPolicy value + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Apr 5 10:29:32 2017 +0200 + + documented the GNUTLS_X509_OID_POLICY_ANY macro + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Apr 4 16:03:34 2017 +0200 + + x509: added function to set and retrieve inhibit anypolicy extension value + + That is, introduced: + * gnutls_x509_crt_get_inhibit_anypolicy + * gnutls_x509_crt_set_inhibit_anypolicy + + Resolves #180 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Apr 4 15:53:05 2017 +0200 + + _gnutls_x509_write_uint32: ensure we prepend leading zero when writing + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Apr 4 15:46:45 2017 +0200 + + Added helper functions to parse the inhibit anyPolicy X.509 extension + + That introduces: + * gnutls_x509_ext_export_inhibit_anypolicy + * gnutls_x509_ext_import_inhibit_anypolicy + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Apr 4 15:22:06 2017 +0200 + + tests: added unit test for PKCS#12 with file that uses PBES1 with no salt + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Apr 6 05:14:25 2017 +0200 + + tests: added basic check for system trust store + + This checks whether the gnutls_certificate_set_x509_system_trust() + and thus the trust list equivalent function operate as expected + and return a positive number of certificates. The test is ignored + in systems where these functions return GNUTLS_E_UNIMPLEMENTED_FEATURE. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: David Caldwell +Date: Tue Apr 4 21:29:55 2017 -0700 + + gnutls_x509_trust_list_add_system_trust: Add macOS keychain support + + Also don't check for a default_trust_store_file in configure when building on + macOS (unless explicitly asked to with --with-default-trust-store-file=xxx), + because otherwise it finds /etc/ssl/cert.pem: This file is new (since + 10.12.2?), which means libraries built on the newest OS version wouldn't work + the same way on an older versions (and vice versa). "/etc/ssl/cert.pem" also + doesn't seem to reflect additions and deletions from the user's or system's + trusted roots keychain (in my limited testing). + + Signed-off-by: David Caldwell + +Author: David Caldwell +Date: Wed Apr 5 11:15:45 2017 -0700 + + Rename uint64 to gnutls_uint64 to avoid conflict with macOS + + Signed-off-by: David Caldwell + +Author: Nikos Mavrogiannopoulos +Date: Wed Apr 5 10:11:01 2017 +0200 + + mpi: openpgp integer scanning was put into conditional + + That is, no longer include that code when compiling without openpgp + support. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Mar 29 12:38:34 2017 +0200 + + Moved all openpgp-related variables and definitions into ifdef blocks + + This allows compilation with -Werror even if openpgp is disabled. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Mar 29 09:55:36 2017 +0200 + + OpenPGP authentication is disabled by default + + The flag --enable-openpgp-authenticationcan be used to revert + this change. + + Resolves #178 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Apr 5 08:50:53 2017 +0200 + + tools: remove outfile when exited on error + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Apr 5 08:32:48 2017 +0200 + + certtool: added examples on verifying certificates + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Apr 5 08:12:17 2017 +0200 + + certtool: improved documentation + + Incorporated comments made in Lenka Horakova's thesis study. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Apr 4 15:22:06 2017 +0200 + + tests: added unit test for PKCS#12 with file that uses PBES1 with no salt + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Apr 4 11:28:27 2017 +0200 + + doc update + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Apr 4 12:52:14 2017 +0200 + + tests: add unit test for PKCS#12 with file that uses SHA512 for MAC + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Apr 4 12:11:27 2017 +0200 + + pkcs12: increased the maximum salt size + + This accomodates for files which have salt sizes up to 256 bytes. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Apr 4 12:01:15 2017 +0200 + + _gnutls_pkcs12_string_to_key: allow SHA384 and SHA512 + + The previous implementation of the function was restricted to SHA1 and + SHA256. Extended to allow SHA384 and SHA512 as well. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Apr 4 11:25:22 2017 +0200 + + PKCS#12: added support for files with zero salt length in MAC + + Resolves #191 + Resolves #190 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Apr 4 11:19:23 2017 +0200 + + tests: added unit test for PKCS#12 with file with no salt in MAC + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Apr 3 09:44:43 2017 +0200 + + tests: verify that the encryption OID is printed + + That is, verify whether certtool --p12-info will print the + actual encryption OID on unsupported files, rather than the + generic PBES2 algorithm. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Apr 3 09:35:31 2017 +0200 + + gnutls_pkcs8_info: return the encryption algorithm OID on failure + + When failing to import a structure due to an unsupported encryption + algorithm OID, return the unsupported OID instead of the generic + PBES2 OID. + + Resolves: #193 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Apr 4 10:26:43 2017 +0200 + + gnutls_transport_set_pull_timeout_function: doc update [ci skip] + + Clarified when this function should be set. Based on suggestion by + Sean Greenslade. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Andreas Metzler +Date: Sun Apr 2 17:56:15 2017 +0200 + + Use NORMAL priority for SSLv23_*_method. + + Instead of enforcing TLS1.0/SSL3.0 use gnutls NORMAL priority for + SSLv23_*_methods. + + http://bugs.debian.org/857436 + +Author: Nikos Mavrogiannopoulos +Date: Sun Apr 2 15:14:41 2017 +0200 + + .gitlab-ci.yml: renamed dist build to doc-dist + + This better describes the name of the build. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sun Apr 2 15:12:44 2017 +0200 + + .gitlab-ci.yml: combined minimal and no-tools builds + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sun Apr 2 15:07:05 2017 +0200 + + .gitlab-ci.yml: combined static analyser runs + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sat Apr 1 23:40:12 2017 +0200 + + .gitlab-ci.yml: reduced builds and stages + + That is an improvement to run the CI faster. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Mar 30 20:56:01 2017 +0200 + + tests: added unit test for gnutls_priority_get_cipher_suite_index + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Mar 31 20:33:49 2017 +0200 + + gnutls-cli: eliminate leak on --list option + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Mar 29 18:52:48 2017 +0200 + + gnutls_priority_get_cipher_suite_index: fixed returned protocols + + That is no longer return indexes for ciphersuites which would not have + been available due to TLS version mismatch in the priorities cache. + + Resolves #146 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Matt Turner +Date: Fri Mar 31 13:45:04 2017 -0700 + + tests: Copy template out of ${srcdir} + + Otherwise, out of tree builds will fail to copy the template. + + Signed-off-by: Matt Turner + +Author: Nikos Mavrogiannopoulos +Date: Fri Mar 31 20:56:04 2017 +0200 + + gnutls_cipher_get_tag_size: document behavior on non-AEAD ciphers + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Mar 31 20:53:19 2017 +0200 + + doc: make a note that parts of the crypto API are in Core API + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Mar 31 16:27:03 2017 +0200 + + tests: added checks with problematic PKCS#12 files + + These check whether parsing of unsupported files (e.g., with RC2-128), + will succeed. This serves as functionality check for gnutls_pkcs8_info. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Mar 31 16:17:07 2017 +0200 + + gnutls_pkcs8_info: do not free oid on GNUTLS_E_UNKNOWN_CIPHER_TYPE + + The documented behavior of the function was to return a valid + OID in that case. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Mar 30 19:58:22 2017 +0200 + + doc update [ci skip] + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Mar 29 14:08:26 2017 +0200 + + Makefile.am: dropped .clcopying from dist files [ci skip] + + It is no longer being used. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Mar 29 10:40:31 2017 +0200 + + Simplified the generation of ChangeLog [ci skip] + + Removed the dependency on git2cl and utilize git log directly. + git2cl seems to provide incorrect output. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Mar 28 09:05:38 2017 +0200 + + tests: added global locks on tls-fuzzer tests + + They both require access to the same port and thus cannot + be run in parallel. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Mar 28 09:01:25 2017 +0200 + + cert: ensure that there are no leftovers in certificate msg + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Mar 28 08:58:29 2017 +0200 + + testsuite: added tlsfuzzer certificate requiring tests + + This enhances the testsuite by running all the tlsfuzzer + fuzzer tests which require certificates from server. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Mar 28 08:40:32 2017 +0200 + + alert: return GNUTLS_A_BAD_CERTIFICATE on GNUTLS_E_PK_SIG_VERIFY_FAILED + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Mar 28 09:28:44 2017 +0200 + + fuzz: updated pkcs12 corpus + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Mar 27 17:40:23 2017 +0200 + + fuzz: added PKCS#12 file parser fuzzer + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Mar 27 17:28:08 2017 +0200 + + doc update + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sun Mar 26 13:46:45 2017 +0200 + + ocsp-test: disable under windows + + This test was failing because datefudge couldn't run under win32. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sun Mar 26 13:45:37 2017 +0200 + + Revert "ocsp-test: disable under windows" + + This reverts commit 90d5ad5a42759957866ba1d9c96f5dccfd3ea1cc. + +Author: Nikos Mavrogiannopoulos +Date: Sun Mar 26 10:10:02 2017 +0200 + + .travis.yml: no longer install pkg-config + + Travis build seem to fail for some reason since pkg-config is already + installed. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sun Mar 26 10:07:13 2017 +0200 + + ocsp-test: disable under windows + + This test was failing because datefudge couldn't run under win32. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sat Mar 25 21:48:46 2017 +0100 + + .gitlab-ci.yml: increase time of artifact expiration + + This allows to re-run failed builds on the depending stages + during that time. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sat Mar 25 21:44:53 2017 +0100 + + gnutls.pc: Removed P11_KIT_LIBS from Libs.private + + It was already being included in Requires.private. Reported + by Andreas Metzler. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Mar 23 08:03:52 2017 +0100 + + gnutls.pc: don't include zlib twice in private libs + +Author: Nikos Mavrogiannopoulos +Date: Thu Mar 23 11:39:34 2017 +0100 + + tests: create-chain.sh: do not explicitly set serial + + We were previously exporting certificates with serial number being + zero, which is not allowed by RFC5280. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Mar 23 11:34:07 2017 +0100 + + doc update + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Mar 22 09:39:12 2017 +0100 + + tests: added mini-x509-ipaddr + + This is a unit test for GNUTLS_DT_IP_ADDRESS as used in + gnutls_certificate_verify_peers(). + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Mar 22 09:00:09 2017 +0100 + + Introduced GNUTLS_DT_IP_ADDRESS + + This allows verifying an IP address using gnutls_certificate_verify_peers() + or gnutls_x509_trust_list_verify_crt2(). + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Mar 21 12:19:35 2017 +0100 + + doc update + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Mar 17 15:04:50 2017 +0100 + + tests: check whether we fallback to CN unconditionally + + This is a unit test for: + "gnutls_x509_crt_check_hostname2: do not fallback to CN unconditionally" + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Mar 17 15:01:12 2017 +0100 + + gnutls_x509_crt_check_hostname2: do not fallback to CN unconditionally + + Do not fallback to checking the CN of a certificate for a hostname + if supported names such as IP addresses were found in gnutls_x509_crt_check_hostname2(). + This behavioral change is in order to satisfy the RFC6125 requirement + of not falling back to CN in that case. Reported by Suphannee Sivakorn. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Mar 17 14:50:10 2017 +0100 + + tests: added unit test of GNUTLS_VERIFY_DO_NOT_ALLOW_IP_MATCHES + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Mar 17 14:43:36 2017 +0100 + + Introduced verification flag GNUTLS_VERIFY_DO_NOT_ALLOW_IP_MATCHES + + This flag when provided to the gnutls_x509_crt_check_hostname2() function + (and its callers), will prevent IP matching of the subject alternative + name. This can be utilized by applications which directly check for + IP addresses using gnutls_x509_crt_check_ip(). + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Mar 17 14:37:21 2017 +0100 + + updated auto-generated files + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Mar 16 11:38:19 2017 +0100 + + tests: added unit test for gnutls_x509_crt_check_ip + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Mar 16 10:07:37 2017 +0100 + + Added gnutls_x509_crt_check_ip() + + This function allows to directly verify IP addresses on a certificate. + That is a first step towards making gnutls_x509_crt_check_hostname2() + not verify IP addresses. + + Based on discussion and suggestion by Suphannee Sivakorn. See + https://lists.gnupg.org/pipermail/gnutls-devel/2017-March/008368.html + + Relates #185 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Mar 21 14:07:22 2017 +0100 + + tests: added unit test of gnutls_pubkey_verify_data2 override flags + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Mar 21 13:47:09 2017 +0100 + + tests: keygen -> privkey-keygen + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Mar 21 13:20:02 2017 +0100 + + _gnutls_check_key_cert_match: allow broken sigs + + That ensures that when loading a certificate pair with SHA1, when + SHA1 is disabled will not cause the server to fail to load. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Mar 21 13:14:24 2017 +0100 + + .gitignore: more files to ignore + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Mar 21 13:12:07 2017 +0100 + + Use a common function to decide acceptable signatures + + That is, ensure that results from all verification functions, + including gnutls_pubkey_verify_data2(), will be consistent with + SHA1 and other algorithms deprecation. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Mar 21 13:01:51 2017 +0100 + + check_ocsp_response: utilize the same flags as in certificate verification + + That ensures that overrides like using broken algorithms are considered + in OCSP validation. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Mar 21 14:34:37 2017 +0100 + + extensions: print the name/type of any unexpected extension + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sat Mar 18 18:12:55 2017 +0100 + + tests: added script to check pkg-config operation + + That is, whether the generated gnutls.pc will function for + compiling and linking. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sat Mar 18 17:56:42 2017 +0100 + + gnutls.pc: don't pass the libtool vars to Libs.private + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Mar 21 10:11:54 2017 +0100 + + tests: improved tls-rehandshake tests + + Used common definitions from cert-common.h for certificates, + and improved error detection in tls-rehandshake-cert-2. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Mar 21 09:42:59 2017 +0100 + + tests: check whether a rehandshake without a cert works + + That is, check whether if on initial handshake the server requests + a certificate, but on the following rehandshake he doesn't, whether + the client behaves as expected. This tests: + 1f685db853db6e48c77c6dbde0cdf716a7303baa + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Mar 21 09:36:18 2017 +0100 + + handshake: reset cert request state on handshake init + + That addresses a bug which on client side on case of an initial + handshake with a client certificate, we continue to send this + certificate even if on rehandshake we were not requested with on. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Mar 21 07:59:37 2017 +0100 + + Revert "nettle/rnd: use gettime() instead of gnutls_time()" + + This reverts commit c4842a21f65c7fc9a27932eb1792b1fc9e65f722. + The time() syscall is also implemented as syscall() and is in + fact performing better than gettime(). + +Author: Nikos Mavrogiannopoulos +Date: Mon Mar 20 23:00:06 2017 +0100 + + README.md: corrected typo [ci skip] + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Mar 20 16:31:42 2017 +0100 + + nettle/rnd: use gettime() instead of gnutls_time() + + The gnulib gettime() maps to gettimeofday() or clock_gettime() + which are both implemented as fast system calls - see vdso(7)- + and as such are available without a switch to kernel mode. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Mar 20 13:29:42 2017 +0100 + + doc: updated RNG documentation to reflect the previous changes + +Author: Nikos Mavrogiannopoulos +Date: Mon Mar 20 13:23:39 2017 +0100 + + nettle/rnd: re-seed both key and nonce levels based on time + + The time(0) is quite cheap on modern operating systems, and thus we + can rely on it to provide improved assurance in the output randomness. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Mar 20 13:13:11 2017 +0100 + + nettle/pk: use nonce level for RSA padding + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sat Mar 18 19:26:02 2017 +0100 + + README.md: corrected link for coverage in master [ci skip] + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Martin Storsjo +Date: Fri Mar 17 23:33:01 2017 +0200 + + Avoid deprecation warnings when including gnutls/abstract.h + + Since ac3de8f5, when all openpgp functionality was deprecated, a + library user including gnutls/abstract.h gets warnings about + deprecated declarations, like this: + + gnutls/openpgp.h:328:10: warning: ‘gnutls_openpgp_recv_key_func’ is deprecated [-Wdeprecated-declarations] + gnutls_openpgp_recv_key_func func) _GNUTLS_GCC_ATTR_DEPRECATED; + + This warning is emitted since the gnutls_openpgp_set_recv_key_function + prototype uses the deprecated typedef gnutls_openpgp_recv_key_func. + + By omitting the deprecation attribute from this individual + typedef, we avoid the spurious warnings in calling code which just + includes gnutls/abstract.h without actually using anything related + to openpgp. + + Signed-off-by: Martin Storsjo + +Author: Nikos Mavrogiannopoulos +Date: Fri Mar 17 10:47:33 2017 +0100 + + gnutls.h: added definitions to obtain the maximum element in several enumerations + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Mar 16 14:29:10 2017 +0100 + + tests: added basic unit tests for several string functions of libs + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Feb 24 09:44:55 2017 +0100 + + doc update + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Mar 13 22:51:57 2017 +0100 + + tests: certtool-crl-decoding: ignore lines warning about SHA1 deprecation + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Mar 13 17:17:32 2017 +0100 + + tests: check the flag GNUTLS_VERIFY_ALLOW_SIGN_WITH_SHA1 + + In addition verify whether the GNUTLS_VERIFY_ALLOW_BROKEN flag + works when MD5 is present. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Mar 13 17:13:48 2017 +0100 + + Introduced flag GNUTLS_VERIFY_ALLOW_SIGN_WITH_SHA1 + + This allows performing a verification with only SHA1 allowed + from the broken algorithms. This can be used to fine-tune + verification in case default verification fails, to detect + whether the failed algorithm was SHA1. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Mar 13 17:06:47 2017 +0100 + + Introduced the %VERIFY_ALLOW_BROKEN priority string option + + This allows enabling broken signature algorithms in certificate verification. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Mar 13 17:00:22 2017 +0100 + + Allow reverting the SHA1 ban as a signature algorithm + + This allows distributors to decide not to ban SHA1. This + option may be removed in the future. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Feb 24 12:36:46 2017 +0100 + + p11tool: test-sign operation using SHA256 instead of SHA1 + + This avoids the errors returned from the verification functions due to + SHA1 usage. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Feb 24 09:42:26 2017 +0100 + + tests: updated to account SHA1 move to broken set + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Feb 24 08:35:34 2017 +0100 + + algorithms: tag SHA1 as insecure algorithm + + Although SHA1 was considered to be risky to use the past few years, + there has been no demonstration of breakage. As of 2017-2-23 there has + been a demonstrated collision in SHA1, and even though the attack was + a costly one, it provided the incentive to should move SHA1 into + the broken hashes list together with MD5 and MD2. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Mar 16 14:02:05 2017 +0100 + + README.md: updated coverage links [ci skip] + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Mar 16 08:25:52 2017 +0100 + + tests: removed unneeded ifdef in tlsext-decoding.c + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Mar 16 09:04:24 2017 +0100 + + doc: updated RNG design + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Mar 15 14:21:43 2017 +0100 + + nettle/rnd: introduced time limit for key generator + + That is, force re-key of the KEY and RANDOM PRNG after 2 hours + of operation, irrespective of the amount of data having been output. + At the same time, increase limits for key and nonce generators, + to prevent a large amount of system calls in busy servers. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Mar 15 15:11:14 2017 +0100 + + _gnutls_pk_generate_keys: separate between ephemeral and long-term keys + + That allows using the faster generator for ephemeral keys. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Mar 15 14:46:54 2017 +0100 + + nettle/pk: use the nonce level for digital signatures + + That is, we do not really require high quality secret data for the generation + of signatures. A better approach would be to switch to predictable signatures (RFC6979). + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Mar 15 22:06:59 2017 +0100 + + .gitlab-ci.yml: limit submodule update to avoid fetch + + This should reduce both the bandwidth and the time of the fetch. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Martin Storsjo +Date: Wed Mar 15 23:32:12 2017 +0200 + + Fix a typo in a variable name in an m4 script + + Signed-off-by: Martin Storsjo + +Author: Alon Bar-Lev +Date: Tue Mar 14 19:27:49 2017 +0200 + + build: disable valgrind tests by default + + Signed-off-by: Alon Bar-Lev + +Author: Nikos Mavrogiannopoulos +Date: Wed Mar 15 05:17:37 2017 +0100 + + .gitlab-ci.yml: ubsan build utilizes -Werror for the library + + That brings back the -Werror for building, after its removal from + clang-analyzer build. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Mar 14 16:43:34 2017 +0100 + + .gitlab-ci.yml: remove -Werror compilation from scan-build + + When we pass '--status-bugs' to the command in combination with + '-Werror' in CFLAGS it has the following side effects. In a failed + due to Werror build, scan-build fails to find any issues, and + marks the run as successfully completed. Hence, removes the -Werror + from clang-analyzer. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Alon Bar-Lev +Date: Mon Mar 13 20:47:02 2017 +0200 + + build: tests: resolve as-needed issue with seccomp + + Incorrect ordering of -lseccomp: + + -Wl,--as-needed ../lib/.libs/libgnutls.so -lseccomp ./.libs/libutils.a + ./.libs/libutils.a(seccomp.o): In function seccomp_init' + seccomp.c:(.text+0x2b): undefined reference to `seccomp_init' + + + Signed-off-by: Alon Bar-Lev + +Author: Nikos Mavrogiannopoulos +Date: Mon Mar 13 23:27:14 2017 +0100 + + fuzz: Corrected default options in fuzz scripts [ci skip] + + This change assumes that afl-fuzz (and not libfuzzer) will be used + by default. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Mar 13 20:13:49 2017 +0100 + + gnutls_pkcs11_privkey_init: document limitation on created object [ci skip] + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Mar 13 15:21:40 2017 +0100 + + pkcs11: re-open privkey session handle on CKR_SESSION_HANDLE_INVALID + + When initializing a private key operation, attempt to re-open the key + if CKR_SESSION_HANDLE_INVALID is received. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Mar 13 15:15:31 2017 +0100 + + tests: pkcs11-mock lib: check object session sanity prior to using it + + This avoids crashes when the object is used after a fork but prior + to the session being re-established. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Mar 9 11:21:50 2017 +0100 + + tests: added an OCSP response parsing coverage test + + This inputs a large set of valid and invalid OCSP files + in the OCSP parser with the intention to stress test its + error checking, and prevent regressions. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Mar 9 08:14:32 2017 +0100 + + tests: added a certificate parsing coverage test + + This inputs a large set of valid and invalid certificates in + the certificate parser with the intention to stress test its + error checking, and prevent regressions. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Mar 13 09:39:03 2017 +0100 + + .gitignore: more files to ignore + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Mar 13 09:33:29 2017 +0100 + + tests: added unit tests for gnutls_pkcs11_token_get_mechanism + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Mar 13 09:28:25 2017 +0100 + + tests: included unit test for gnutls_pkcs11_obj_export + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Mar 13 09:23:37 2017 +0100 + + tests: added unit test for gnutls_pkcs11_reinit() + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Mar 13 09:17:42 2017 +0100 + + tests: added unit tests for gnutls_pkcs11_obj_get_info + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Mar 13 09:17:07 2017 +0100 + + doc update + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Mar 13 09:14:15 2017 +0100 + + gnutls_pkcs11_obj_get_info: don't include the terminator into output size + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Alon Bar-Lev +Date: Mon Mar 13 11:32:07 2017 +0200 + + tests: cert-tests: openpgp-certs: align test redirection + + Signed-off-by: Alon Bar-Lev + +Author: Alon Bar-Lev +Date: Mon Mar 13 10:45:08 2017 +0200 + + tests: suppressions.valgrind: supress fillin_rpath + + Signed-off-by: Alon Bar-Lev + +Author: Alon Bar-Lev +Date: Mon Mar 13 11:30:41 2017 +0200 + + tests: remove unused suppressions.valgrind + + Signed-off-by: Alon Bar-Lev + +Author: Nikos Mavrogiannopoulos +Date: Sun Mar 12 14:48:19 2017 +0100 + + lib: unconditionally enable the self-check functions + + These functions were previously made available only in FIPS140-2 + mode. Enabling them unconditionally allows applications to directly + utilize that functionality for testing the gnutls library. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sun Mar 12 14:43:00 2017 +0100 + + tests: added unit test for gnutls_pkcs11_get_pin_function + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sun Mar 12 14:29:14 2017 +0100 + + tests: moved ocsp-tests to main directory + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Mar 10 17:37:10 2017 +0100 + + pkcs11: re-open private key session inside a locked section + + This prevents clashes when the same operation is carried in other + threads. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Mar 10 17:12:50 2017 +0100 + + pkcs11: introduced locks to PKCS#11 private key structure + + This allows to run PKCS#11 private key operations such as signing + and decryption in parallel. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Mar 10 17:04:20 2017 +0100 + + tests: introduced check for parallel operation (signatures) in PKCS#11 mode + + That is, verify that parallel signatures using a single gnutls_pkcs11_privkey_t + context work. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Alon Bar-Lev +Date: Sun Mar 12 15:05:41 2017 +0200 + + tests: scripts: suppress which errors + + Signed-off-by: Alon Bar-Lev + +Author: Nikos Mavrogiannopoulos +Date: Sat Mar 11 12:08:21 2017 +0100 + + pkcs11: during scan, leave the provider loop asap + + This optimizes access when multiple provider modules are available, + by avoiding scanning irrelevant ones. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Alex Gaynor +Date: Sat Mar 11 10:28:50 2017 -0500 + + Do not attempt to parse a 32-bit integer if a packet is not 4 bytes. + + This addresses: + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=824 + + Signed-off-by: Alex Gaynor + +Author: Nikos Mavrogiannopoulos +Date: Thu Mar 9 15:50:24 2017 +0100 + + fuzz: document how to run AFL [ci skip] + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Mar 9 10:57:28 2017 +0100 + + fuzz: added initial corpus for the OCSP request parser + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Mar 8 17:09:59 2017 +0100 + + fuzz: added initial corpus for OCSP response parser + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Mar 8 17:01:59 2017 +0100 + + fuzz: added OCSP structure parsers + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Mar 8 16:51:39 2017 +0100 + + fuzz: increased minimized set of X.509 certificates + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Mar 9 12:57:41 2017 +0100 + + PKCS8/PKCS12: enforce a maximum number of iterations + + This prevents denial of service through very large iteration + counts. Issue found via oss-fuzz: + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=434 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Alex Gaynor +Date: Wed Mar 8 14:52:38 2017 -0500 + + Do not attempt to parse a 32-bit integer if a packet is not 4 bytes. + + This addresses: + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=737 + + Signed-off-by: Alex Gaynor + +Author: Nikos Mavrogiannopoulos +Date: Thu Mar 9 11:25:54 2017 +0100 + + Revert ".gitlab-ci.yml: include coverage statistics of FIPS140-2 code" + + This reverts commit 603772688c4e37dae437b4cede12e25b9dd9f678. + The commit introduced a long wait for the coverage build without + and significant benefit (the extend of the FIPS140 code is limited + to have any impact on the overall coverage). + +Author: Nikos Mavrogiannopoulos +Date: Thu Mar 9 10:52:59 2017 +0100 + + sysrng-linux: define _rnd_get_system_entropy unconditionally + + This fixes compilation in systems without getrandom(). + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Mar 8 16:00:02 2017 +0100 + + tests: dtls-stress: use X.509 certificates instead of openpgp + + This will allow the test tool to operate even after openpgp certificates + are deprecated. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Mar 7 22:52:31 2017 +0100 + + .gitlab-ci.yml: added build without openpgp support + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Mar 8 11:32:31 2017 +0100 + + doc update + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Mar 7 22:36:16 2017 +0100 + + Added openpgp stub file + + That allows disabling openpgp authentication and at the same time + retaining ABI compatibility with versions including openpgp. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Mar 8 15:00:06 2017 +0100 + + doc update + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Mar 8 14:58:14 2017 +0100 + + tests: split PKCS#12 encoding from decoding tests + + Enhanced PKCS#12 encoding tests, with the encoding of a file + which contains a cert, a key and a CRL. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Mar 8 14:47:20 2017 +0100 + + tests: added PKCS#12 file decoding containing a CRL + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Mar 8 14:40:15 2017 +0100 + + certtool: enhance to allow writing CRLs in PKCS#12 files + + In addition fallback to DER when --load-crl fails importing a PEM + encoded CRL due to PEM issues. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Mar 8 14:21:30 2017 +0100 + + tests: added CRL decoding unit tests using certtool + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Mar 8 14:04:32 2017 +0100 + + tests: enhanced basic tests in CRL parsing + + That tests gnutls_x509_crl_get_crt_serial(). + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Mar 8 13:50:55 2017 +0100 + + Rewritten gnutls_x509_rdn_get() and gnutls_x509_rdn_get2() + + The new code re-uses the gnutls_x509_dn APIs instead of re-implementing. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Mar 8 13:43:36 2017 +0100 + + tests: added checks for the old DN decoding functions + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Mar 7 22:39:20 2017 +0100 + + tests: do not run tests which require openpgp when it is disabled + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Mar 7 22:47:55 2017 +0100 + + .gitlab-ci.yml: include coverage html output as artifact + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Mar 8 13:22:59 2017 +0100 + + tests: x509-verify: print the keys on failure + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Mar 8 13:17:15 2017 +0100 + + gnutls_privkey_export_x509: doc update + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Mar 8 13:07:08 2017 +0100 + + tests: split sign-verify test to RSA and ECDSA parts + + This allows parallelist and also helps identifying easier the + culprit on an error. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Mar 8 11:52:25 2017 +0100 + + tests: adjusted for the removal of HMAC-MD5 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Mar 8 11:48:28 2017 +0100 + + priority: do not enable HMAC-MD5 by default + + While HMAC-MD5 is not yet broken, it is not used by any non-broken + or non-NULL ciphersuites (is only used with NULL and RC4), and as there + is not plan to introduce new ciphersuites with that MAC algorithm, there + is no point to include it in the default set of allowed algorithms. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Mar 7 23:10:43 2017 +0100 + + tests: converted FIPS140-2 mode checks in Makefiles to run-time in scripts + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Mar 8 10:48:40 2017 +0100 + + gnutls.h: introduced GNUTLS_E_TLS_PACKET_DECODING_ERROR [ci skip] + + This is an alias to GNUTLS_E_UNEXPECTED_PACKET_LENGTH. That + allows distinguishing the alert from GNUTLS_E_RECORD_OVERFLOW. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Mar 7 21:53:51 2017 +0100 + + tests: crq: ignore lines for Security Level + + This allows running the test under FIPS140-2 mode. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Mar 7 21:39:12 2017 +0100 + + ax_code_coverage.m4: updated + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Mar 6 23:21:33 2017 +0100 + + .gitlab-ci.yml: initialize submodules where needed (for tlsfuzzer run) + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Mar 6 15:28:01 2017 +0100 + + .gitlab-ci.yml: include subdirs of suite/ in artifacts + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Mar 6 23:11:39 2017 +0100 + + ext/signature: error on invalid extension format + + That is, if an extension containing no signature algorithms is + encountered, treat that as an error. This is an RFC5246 requirement, + since the minimum "supported_signature_algorithms" length is 2. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Mar 6 14:30:19 2017 +0100 + + _gnutls_proc_x509_server_crt: return GNUTLS_E_CERTIFICATE_ERROR on parsing error + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Mar 6 14:21:45 2017 +0100 + + alert: GNUTLS_E_NO_CERTIFICATE_FOUND maps to GNUTLS_A_DECODE_ERROR + + This is the closest to use alert when no certificate is found; at least + it is closer according to tlsfuzzer and rfc5246 text on insuficient_security + alert. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Mar 6 13:51:33 2017 +0100 + + read_client_hello: use integer for extensions size + + As we do not read the value directly, but rather assign to it + the remaining data, we ensure that there are no overflows if + we have additional data past the extensions field. The integer + can hold more than 2^24 which is the maximum handshake packet + size. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Mar 3 16:33:57 2017 +0100 + + ext/signature: reject an extension with padded data + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Mar 3 16:18:44 2017 +0100 + + ext/signature: reject an extension size of zero + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Mar 3 15:58:19 2017 +0100 + + gnutls_record_recv: do not accept a client hello while handshake is in progress + + That is, do not return GNUTLS_E_REHANDSHAKE, while we are within + a handshake process. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Mar 3 15:16:59 2017 +0100 + + read_client_hello: fail early on illegally formatted message + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Mar 2 17:57:57 2017 +0100 + + _gnutls_parse_extensions: do not fail on empty extensions field + + On the other hand, fail if an empty extensions field is seen, but + the client hello contains data nevertheless, or if the extensions + field is padded with additional unaccounted data. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Mar 2 17:53:55 2017 +0100 + + alert: GNUTLS_E_PK_INVALID_PUBKEY maps to GNUTLS_A_ILLEGAL_PARAMETER + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Mar 2 17:48:31 2017 +0100 + + alerts: separated record overflow from decode error alerts + + Introduced GNUTLS_E_RECORD_OVERFLOW. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Mar 2 17:42:51 2017 +0100 + + auth: failures of _gnutls_mpi_init_scan_nz map to GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER + + That ensures that the right alert is send when illegal + parameters are received (e.g., zero length). + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Mar 7 11:49:45 2017 +0100 + + doc: updated tlsproxy to latest version + +Author: Nikos Mavrogiannopoulos +Date: Mon Apr 18 14:17:18 2016 +0200 + + testsuite: added tlsfuzzer + + This enhances the testsuite by running all the tlsfuzzer + fuzzer tests which require no certificates from server. + + https://github.com/tomato42/tlsfuzzer + +Author: Nikos Mavrogiannopoulos +Date: Tue Mar 7 07:55:10 2017 +0100 + + tests: converted compile-time checks for FIPS140 mode to run-time + + This allows running the complete test suite even when the library + is compiled in FIPS140-2 mode, as long as the run-time is not at + this mode. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Mar 7 07:39:20 2017 +0100 + + .gitlab-ci.yml: include coverage statistics of FIPS140-2 code + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Mar 7 07:32:46 2017 +0100 + + .gitlab-ci.yml: include FIPS140-2 code into static analyzer runs + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Mar 6 22:35:41 2017 +0100 + + doc update + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Mar 1 10:22:04 2017 +0100 + + nettle/rnd-fips: combined the FIPS-compliant generators to two + + This brings the FIPS generators in par with the non-FIPS chacha-based ones. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Mar 1 10:18:14 2017 +0100 + + nettle/rnd: use two random generators instead of 3 + + That combines the levels GNUTLS_RND_RANDOM and GNUTLS_RND_KEY, while + at the same time makes sure that backtracking is impossible on the + GNUTLS_RND_KEY level, by reinitializing the RNG after a call requesting + data for the GNUTLS_RND_KEY level. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Mar 1 10:04:18 2017 +0100 + + doc: updated the PRNG documentation to utilize two PRNG instances + + Also move the random generator discussion to internals section. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Feb 27 11:37:39 2017 +0100 + + doc: document the state of PRNG in GnuTLS 3.6.0 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Feb 27 11:51:18 2017 +0100 + + nettle/pk: corrected call to gnutls_rnd() for rnd_nonce_func + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sun Feb 26 20:07:41 2017 +0100 + + tests: decoupled the random generator operational tests from the forking ones + + That also corrects the fact that not all tests were run for all generators, + and allows to run the tests in parallel. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sun Feb 26 19:56:09 2017 +0100 + + nettle/rnd: specify different limits for rekey in PRNGs + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sun Feb 26 19:20:16 2017 +0100 + + nettle/pk: use the GNUTLS_RND_RANDOM level for DH/DSA params + + This are not long term keys and do not require the key level. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sun Feb 26 19:16:32 2017 +0100 + + tests: added check to verify that including crypto.h is sufficient + + That is, sufficient to use its functionality, and including additional + headers isn't necessary. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sun Feb 26 19:11:51 2017 +0100 + + crypto.h: include gnutls.h to obtain required types + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Feb 23 10:44:43 2017 +0100 + + rnd: reduce calls to _rnd_get_system_entropy + + That is, no longer obtain the initial nonces for the RNG + via _rnd_get_system_entropy() but instead use time-based ones + which are typically faster kernel calls. This reduces the number + of expensive system calls done during thread and + process initialization. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Feb 21 11:48:08 2017 +0100 + + rnd: when reseeding the generators use the next best generator + + That is, use the RANDOM level to obtain keys to reseed the + NONCE level, and the KEY level to reseed the RANDOM. The KEY + level is reseeded using the system random generator. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Feb 21 11:11:31 2017 +0100 + + tests: verify whether crypto operations fail + + That is verify whether a signature operation will fail if + the library is in error state. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Feb 21 11:05:48 2017 +0100 + + Added _gnutls_lib_force_operational + + This allows recovering from _gnutls_lib_simulate_error() which in + turn allows more advanced tests. Not documented, and intended to + be an internal symbol only. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Feb 21 10:56:44 2017 +0100 + + pk: always use _gnutls_switch_lib_state + + This avoids relying on abort() for RNG errors in PK wrappers. + We use instead the library state originally added for FIPS140-2 + support, and if the state indicates failure the operation will + fail. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Feb 21 10:43:56 2017 +0100 + + rnd: switched to 3 chacha-based PRNGs for all security levels + + Chacha was selected because it is already present in TLS protocol + as algorithm, meaning that re-using would improve CPU caching, + and it is a comparable in performance algorithm to the existing + PRNG used for nonces (salsa20). The yarrow generator was removed + because we are primarily seeding from system devices which are + sufficiently trustworthy to offload us from coping with the + handling of multiple sources of input. As such it allows + us to switch to a simpler PRNG such as a stream cipher like Chacha. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sun Feb 19 10:40:44 2017 +0100 + + rnd: aligned type of data counter with input data type (size_t) + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sun Feb 19 09:57:39 2017 +0100 + + random: keep global list of initialized contexts + + This allows to properly deinitialize all random generator + contexts on library deinitialization. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sat Feb 18 21:47:33 2017 +0100 + + rnd: removed call of _rnd_system_entropy_deinit on deinit + + This was already being done in _gnutls_rnd_deinit(). + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Jan 27 13:52:23 2017 +0100 + + Removed locks from internal rng + + Also made the rng back-end to be thread-safe. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Jan 27 10:21:56 2017 +0100 + + Use a thread local random generator. + + This allows accessing the per-thread random generator in + a lock-free way, at the cost of additional memory per thread. + The default random generator imposes around 640 bytes per thread + on 64-bit architectures. + + Resolves: #141 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Mar 6 07:38:20 2017 +0100 + + Makefile.am: added missing file + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Mar 6 06:58:29 2017 +0100 + + .gitlab-ci.yml: execute initialization stage unconditionally [ci skip] + + This step is required both in tags and commit runs. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sun Mar 5 18:22:04 2017 +0100 + + datum.h: documented behavior of datum functions + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sun Mar 5 18:17:36 2017 +0100 + + _gnutls_set_strdatum: always return an allocated string on success + + That prevents returning NULL to functions which require a string. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Alex Gaynor +Date: Sun Mar 5 02:21:30 2017 +0000 + + Enforce the max packet length for OpenPGP subpackets as well + + This addresses: + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=392 + + Signed-off-by: Alex Gaynor + +Author: Nikos Mavrogiannopoulos +Date: Sun Mar 5 08:08:10 2017 +0100 + + doc: corrected typo [ci skip] + + It was pointed out by morozov@eags.ru. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Mar 3 09:31:37 2017 +0100 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Fri Mar 3 09:29:12 2017 +0100 + + tests: do not generate certificates with serial being zero + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Mar 3 08:48:41 2017 +0100 + + tests: check whether a certificate with illegal version is rejected + + That is, whether a certificate with version zero fails to import. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Mar 3 08:38:01 2017 +0100 + + gnutls_x509_crt_set_version: do not allow writing illegal versions + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Mar 3 08:28:47 2017 +0100 + + x509: reject illegal certificate versions + + Resolves #182 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Mar 3 08:44:41 2017 +0100 + + gnutls_x509_crt_set_serial: refuse to write all-zero serial number + + This is prohibited by RFC5280. + + Relates #181 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Mar 3 08:27:23 2017 +0100 + + gnutls_x509_crt_set_serial: document the 20-byte limit for serial sizes + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Mar 1 12:51:47 2017 +0100 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Wed Mar 1 11:59:50 2017 +0100 + + tests: chainverify: incorporated the tests for unknown critical extensions + + These check whether unknown critical extensions are detected during verification, + and whether the flag GNUTLS_VERIFY_IGNORE_UNKNOWN_CRIT_EXTENSIONS, is honored + during verification. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Mar 1 11:47:17 2017 +0100 + + x509.h: introduced flag GNUTLS_VERIFY_IGNORE_UNKNOWN_CRIT_EXTENSIONS + + That flag signals the verification process, not to fail on unknown critical + extensions. This can be used when the critical extension checking in a chain + is handled externally. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Feb 27 16:54:33 2017 +0100 + + tests: verify that critical extensions can be stored + + That is, ensure that we don't repeat the regression of + certtool not processing free-form critical extensions when no + other free-form extensions are present. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Feb 27 15:50:44 2017 +0100 + + tests: added verification for unknown critical extensions + + This tests whether unknown critical extensions will cause a verification + failure. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Feb 27 14:48:37 2017 +0100 + + x509/verify: refuse to verify certificates with unknown critical extensions + + That is, introduced flag GNUTLS_CERT_UNKNOWN_CRIT_EXTENSIONS, which is + set when the chain under verification contains unsupported extensions marked + as critical. + + Resolves: #177 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Mar 1 10:17:41 2017 +0100 + + .gitlab-ci.yml: run tests under a FIPS140 mode simulation + + That is, in FIPS140-2/Fedora/x86_64 build, run tests under a normal + run (when library is compiled with FIPS140-2 support but not enabled + on run time), and also run tests under a run-time that simulates + FIPS140-2 support. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Mar 1 17:13:37 2017 +0100 + + crypto-self-tests: modified exported functions to work under fips140-2 mode + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Mar 1 15:52:13 2017 +0100 + + tests: skip tests which cannot be run in FIPS140-2 mode + + This allows the test suite to be run in FIPS140-2 mode. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Mar 1 15:42:25 2017 +0100 + + _gnutls_pk_params_copy: copy the provable algorithm used + + This is affected utilization of generated RSA keys under FIPS140-2 mode + which utilizes provable generation. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Mar 1 14:31:30 2017 +0100 + + gnutls_session_ticket_key_generate: fixed operation under FIPS140-2 mode + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Mar 1 14:05:31 2017 +0100 + + tests: priorities: enhanced for test to work under FIPS140-2 mode + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Mar 1 13:46:43 2017 +0100 + + gnutls-cli: print the ciphers, MACs and KXs when priority string is given + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Mar 1 13:39:39 2017 +0100 + + gnutls_priority_get_cipher_suite_index: do not return values for non-existent ciphers + + That is, do return only the enabled algorithms in states like FIPS140-2, + rather than returning the set that would have been enabled if these + restrictions wouldn't be in place. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Feb 28 15:46:07 2017 +0100 + + README.md: removed info that gnutls is a gnu project [ci skip] + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Feb 28 15:33:45 2017 +0100 + + tests: doc update [ci skip] + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Mar 1 07:58:04 2017 +0100 + + tests: added test cases with invalid openpgp certs + + These certificates contain invalid secret key sub-packets. + These trigger invalid memory accesses: + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=360 + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=354 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Mar 1 07:54:04 2017 +0100 + + opencdk: do not parse any secret keys in packet when reading a certificate + + This reduces the attack surface on the parsers, and prevents any bugs + in the secret key parser to be exploitable by inserting secret key + sub-packets into an openpgp certificate. + + This addresses: + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=354 + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=360 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Feb 28 10:32:38 2017 +0100 + + tests: crt_apis: added tests for writing/reading unique IDs + + That is check the functionality of: + - gnutls_x509_crt_get_subject_unique_id + - gnutls_x509_crt_get_issuer_unique_id + - gnutls_x509_crt_set_issuer_unique_id + - gnutls_x509_crt_set_subject_unique_id + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Feb 28 10:59:28 2017 +0100 + + Added _gnutls_idna_email_reverse_map + + This allows printing the reverse map of an IDNA-encoded email. + Modified x509/output to include this decoding for RFC822Name. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Feb 28 10:47:03 2017 +0100 + + x509/output: Cleanup in IDNA name printing + + That also removes the incorrect mapping to IDNA punycode when the + input is not printable. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Feb 28 08:48:24 2017 +0100 + + tests: added test for interactive creation of a request + + Relates #179 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Feb 28 08:24:30 2017 +0100 + + certtool: removed limits in interactive input + + That removes the limits when reading most of the interactive input. + The read_str() function due to its dependence on static variable remains + with a limit, but will output an error if the input string exceeds size. + + Resolves #179 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Feb 28 08:00:56 2017 +0100 + + certtool: increased buffer for reading from user + + This allows reading longer than 128-byte fields interactively. + The new limit is 512-bytes. + + Relates #179 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Feb 27 08:23:47 2017 +0100 + + tests: added certificate generation with very long DNS and CN name + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Feb 27 15:58:53 2017 +0100 + + gnutls_x509_crt_get_extension_info: fixed function to comply with documented approach + + That is, do not include the trailing NULL byte size in the + size of the object identifier. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Feb 27 16:47:55 2017 +0100 + + certtool: store critical extensions even if no other extension are present + + That is, fix a bug which prevented critical extensions to be stored + if no other free-form extensions were specified. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Feb 27 15:06:57 2017 +0100 + + x509/name_constraints: documented return values and corrected return type + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Feb 24 09:24:19 2017 +0100 + + gnutls_ocsp_resp_verify_direct, gnutls_ocsp_resp_verify: defined flags argument + + That was defined to be gnutls_certificate_verify_flags, and + it allows passing verification flags, such as flags to allow + broken algorithms. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Feb 24 09:09:10 2017 +0100 + + is_level_acceptable: no longer checks for broken algorithms + + This is done at is_broken_allowed(), and in fact checking them in + is_level_acceptable() creates a conflict when overrides like flag + GNUTLS_VERIFY_ALLOW_BROKEN is used. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Feb 24 08:57:27 2017 +0100 + + gnutls_store_commitment: introduced flag GNUTLS_SCOMMIT_FLAG_ALLOW_BROKEN + + This flag allows operation of the function even with broken algorithms. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Feb 24 08:46:01 2017 +0100 + + verify: is_broken_allowed: account for "new" flag GNUTLS_VERIFY_ALLOW_BROKEN + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Feb 24 09:53:26 2017 +0100 + + devel/fuzz: added necessary casts for compilation [ci skip] + + Also added the IDNA targets to makefile's default target. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Feb 24 07:56:50 2017 +0100 + + devel/fuzz: include string.h for strlen() [ci skip] + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Feb 23 18:05:09 2017 +0100 + + devel/fuzz: IDNA fuzzers: removed printf [ci skip] + + see request in: + https://github.com/google/oss-fuzz/issues/417 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Feb 23 11:08:34 2017 +0100 + + tests: added test case with invalid openpgp cert + + This triggers an invalid memory access: + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=391 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Feb 23 11:10:04 2017 +0100 + + opencdk: read_attribute: account buffer size + + That ensures that there is no read past the end of buffer. + + Resolves the oss-fuzz found bug: + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=391 + + Relates: #159 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Feb 23 13:35:42 2017 +0100 + + gnutls-cli-debug: fixed protocol to port discovery + + That is, if --starttls-proto is provided the default port + selected will be converted to host byte order as expected. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Feb 23 13:11:45 2017 +0100 + + pk.c: fixed memory leak on DSS signature decoding + + Detected using oss-fuzz: + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=676 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Feb 23 13:07:47 2017 +0100 + + tests: added client reproducer for memory leak + + That reproduces a memory leak detected in the client code path. + Detected using oss-fuzz: + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=676 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Feb 23 12:34:28 2017 +0100 + + tests: update to take into account the removal of random art + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Feb 23 10:26:04 2017 +0100 + + x509/output: No longer include public key's random art + + That is in order to reduce bloat in the output, which already + contains many identifiers for public key. + + See mailing list discussion at: + https://lists.gnupg.org/pipermail/gnutls-devel/2017-February/008324.html + https://lists.gnupg.org/pipermail/gnutls-devel/2017-February/008329.html + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Feb 22 17:02:33 2017 +0100 + + tests: updated to include the pin-sha256 in output + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Feb 22 16:47:02 2017 +0100 + + tests: updated to take into account the pin-sha256 oneline output + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Feb 22 11:11:06 2017 +0100 + + x509/output: print key PIN on oneline output + + That is, instead of the public key ID. The key PIN due to HPKP + is now more widely used than hex-based key IDs. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Feb 22 11:06:51 2017 +0100 + + x509/output: print the public key PIN of a certificate + + That is, print the value used by the HPKP protocol as per + RFC7469. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Feb 23 09:39:28 2017 +0100 + + certtool: don't warn when 'uri' is specified on template + + Reported at: + https://bugzilla.redhat.com/show_bug.cgi?id=1425884 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Feb 22 21:53:42 2017 +0100 + + .gitlab-ci.yml: ubsan build: fixed artifacts path + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Feb 22 21:45:32 2017 +0100 + + tests: split starttls.sh into multiple scripts + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Feb 22 21:29:22 2017 +0100 + + tests: pkcs11-import-with-pin: removed invalid conditional macro + +Author: Nikos Mavrogiannopoulos +Date: Wed Feb 22 17:38:07 2017 +0100 + + tests: added PKCS#11 test for pin input + + This introduces a test on PIN input to retrieve an object using + pin-value and pin-source (file). + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Feb 22 21:01:30 2017 +0100 + + SECURITY.md: updated after comments from Daniel Berrange [ci skip] + +Author: Nikos Mavrogiannopoulos +Date: Tue Feb 21 16:50:22 2017 +0100 + + Removed unnecessary entries in pkix.asn and gnutls.asn + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Feb 21 14:20:17 2017 +0100 + + nettle/pk: corrected memcpy of Q in DSA params + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Feb 20 08:02:02 2017 +0100 + + crypto.h: improved documentation of randomness levels + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Feb 20 08:01:09 2017 +0100 + + nettle/pk: use the appropriate level of randomness for each operation + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Feb 20 08:00:41 2017 +0100 + + srp: use nonce level for SRP password randomization + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Feb 21 08:58:16 2017 +0100 + + doc: document the use of assert() + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Feb 21 08:17:25 2017 +0100 + + doc: removed protocol/ directory + + While it was used during the first years of development, today + it is way more easy to access protocol documents via the IETF + web site. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Feb 21 08:13:56 2017 +0100 + + Added SECURITY.md, a description of the security issue handling process + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Feb 20 18:57:56 2017 +0100 + + .gitlab-ci.yml: require clang analyzer build to be warning free + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Feb 20 18:53:01 2017 +0100 + + configure: no longer use -Wframe-larger-than + + We do not require a specific stack size, and there is legacy + code which utilizes large stack sizes. As such remove the + warnings to allow for a warning free compilation. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Feb 20 18:50:40 2017 +0100 + + pkcs11: avoid calling memcpy will null options + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Feb 20 16:41:46 2017 +0100 + + preinitialize variables to work-around warnings with clang + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Feb 20 15:05:57 2017 +0100 + + eliminated dead code as indicated by clang scan-build + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Feb 20 15:02:22 2017 +0100 + + pkcs7: corrected error checking in write_signer_id + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Feb 20 14:18:25 2017 +0100 + + preinitialize variables to work-around warnings with clang's scan-build + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Feb 20 14:03:40 2017 +0100 + + eliminated various clang warnings with non-null arguments + + That is, use assert() to ensure that known to be non-null + variables will be used as input to functions requiring non-null. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Feb 20 13:49:55 2017 +0100 + + make_printable_string: allow operation with null input + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Feb 20 13:32:37 2017 +0100 + + .gitlab-ci.yml: replaced clang's build with clang analyser's scan-build + + This introduces a static analyser pass in the CI. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Feb 20 13:13:19 2017 +0100 + + .gitlab-ci.yml: added cppcheck run + + This adds a basic static analysis of the source code. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Feb 20 11:14:49 2017 +0100 + + opencdk/read-packet.c: corrected typo in type cast + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Feb 20 11:13:08 2017 +0100 + + cdk_pkt_read: enforce packet limits + + That ensures that there are no overflows in the subsequent + calculations. + + Resolves the oss-fuzz found bug: + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=420 + + Relates: #159 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Feb 20 11:01:07 2017 +0100 + + tests: added test case with invalid openpgp cert + + That triggers a heap buffer overflow: + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=420 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Robert Scheck +Date: Sun Feb 19 22:50:30 2017 +0100 + + Add LMTP, POP3, NNTP, Sieve and PostgreSQL support to gnutls-cli + + Add LMTP (RFC 2033), POP3 (RFC 2595), NNTP (RFC 4642), Sieve (RFC 5804) and PostgreSQL support to gnutls-cli ("--starttls-proto"). + + Signed-off-by: Robert Scheck + +Author: Nikos Mavrogiannopoulos +Date: Sun Feb 19 17:31:52 2017 +0100 + + README.md: added CII best practices badge [ci skip] + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Rical Jasan +Date: Fri Feb 17 21:22:19 2017 -0800 + + tests: Improve port-checking infrastructure. + + The test suite unnecessarily failed on systems without netstat because + it was assumed to be present. Instead of simply checking for its + presence and indicating an unsupported test, however, the ss utility + can be used as a drop-in replacement. When netstat/net-tools is not + present, the ss utility from iproute2 still stands a fair chance of + existing, and they also have similar enough semantics that they can be + used interchangeably in the test suite. + + The functions in tests/scripts/common.sh that used netstat + (wait_for_port, wait_for_free_port) now use new functions, + check_if_port_in_use and check_if_port_listening, to abstract the call + to netstat/ss. The eval'd variable GETPORT also used netstat, and has + been updated accordingly. + + The new port-checking functions use another new function, + have_port_finder, which takes care of the details of selecting ss + (preferred) or netstat, or fails otherwise. + + Signed-off-by: Rical Jasan + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Alon Bar-Lev +Date: Sun Feb 12 19:48:19 2017 +0200 + + build: doc: install images also into htmldir + + images are required also by the html documentation. + + Signed-off-by: Alon Bar-Lev + +Author: Nikos Mavrogiannopoulos +Date: Fri Feb 17 15:37:42 2017 +0100 + + .gitlab-ci.yml: corrected coverage build + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sat Feb 18 07:23:18 2017 +0100 + + .gitlab-ci.yml: remove submodule update from main build + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Feb 17 17:40:27 2017 +0100 + + updated auto-generated files + +Author: Nikos Mavrogiannopoulos +Date: Fri Feb 17 17:38:23 2017 +0100 + + Makefile: improved symbols extraction + + That is, do not include non-function names. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Feb 17 15:35:41 2017 +0100 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Fri Feb 17 15:31:02 2017 +0100 + + tests: ignore sanity checks in broken cert test + + This allows the existing reproducers which contain certificates which + are rejected by sanity checks, to still be used to detect regressions. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Feb 17 15:26:56 2017 +0100 + + Added gnutls_x509_crt_set_flags() + + This functions allows specifying flags to the certificate object. + In particular it allows the single flag GNUTLS_X509_CRT_FLAG_IGNORE_SANITY + which allows to ignore sanity checks at the import of the certificate. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Feb 17 15:20:44 2017 +0100 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Fri Feb 17 15:14:38 2017 +0100 + + Introduced GNUTLS_E_CERTIFICATE_TIME_ERROR error code + + This error code indicates an issue in the time fields of certificate. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Feb 17 11:49:48 2017 +0100 + + x509/output: properly indicate error in Time fields + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Feb 17 11:33:56 2017 +0100 + + x509/time: refuse importing certificates with invalid Time fields + + That will refuse to import certificates which their time field + is not in GMT, or contain fractional seconds. + + Resolves: #169 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Feb 17 11:26:33 2017 +0100 + + _gnutls_x509_generalTime2gtime: refuse to parse fractional seconds + + Fractional seconds in GeneralizedTime are prohibited by RFC5280. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Feb 17 11:25:15 2017 +0100 + + tests: enhanced test suite to include invalid X509v3 cert + + That certificate contains a GeneralizedTime with fractional + seconds. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Feb 17 15:10:40 2017 +0100 + + gnutls_x509_crt_list_import: fixed leak on import failure + +Author: Nikos Mavrogiannopoulos +Date: Fri Feb 17 10:39:21 2017 +0100 + + tests: enhanced test suite to include creation of invalid certificates + + That is, check whether the creation of invalid V2 or V1 certificates + will be detected, and that the correct error codes are returned. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Feb 17 10:06:58 2017 +0100 + + gnutls_x509_crt_sign2: refuse to sign invalid X.509 certificates + + That is, do not sign X.509 certificates which have fields that + shouldn't be present on their corresponding version. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Feb 17 10:04:52 2017 +0100 + + gnutls_x509_crt_import: reject X.509v1 certificates with invalid fields + + Refuse to import X.509v1 certificates which have fields that didn't + exist in X.509v1 specification. That is the issuerUniqueID and + subjectUniqueID fields. + + Resolves: #168 + Resolves: #167 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Feb 17 09:56:24 2017 +0100 + + tests: enhanced test suite to include invalid V1 certs + + That is, added X.509v1 certificates with attributes that shouldn't + have been presented (valid for X.509v2 only). + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Feb 15 18:42:22 2017 +0100 + + gnutls.pc: do not include libidn2 in Requires.private + + The libidn2 versions available do not include libidn2.pc, + thus the inclusion was causing problems when using pkg-config. + Instead we include -lidn2 in Libs.private. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sun Feb 12 11:01:46 2017 +0100 + + .gitlab-ci.yml: Re-organized stages + + The less CPU intensive tasks were moved to earlier stage, and the + CPU intensive tasks are only spawned only after basic syntax and + ABI checks have succeeded. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sun Feb 12 09:42:15 2017 +0100 + + gnutls.h: corrected typo [ci skip] + +Author: Marcin Cieślak +Date: Thu Feb 9 00:26:16 2017 +0000 + + only if HAVE_ALLOCA_H + + FreeBSD does know alloca() but has no such header + + Signed-off-by: Marcin Cieślak + +Author: Nikos Mavrogiannopoulos +Date: Sun Feb 5 11:41:41 2017 +0100 + + doc: document the intention of the priority string usage [ci skip] + + This documents the gnutls_set_default_priority() function, and + how it is intended to be combined with an application that utilizes + priority strings. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sat Dec 24 15:51:17 2016 +0100 + + doc update + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Dec 28 08:57:16 2016 +0100 + + tests: modified tests for the disablement of 3DES + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sat Dec 24 15:50:11 2016 +0100 + + Removed support for the 3DES cipher by default + + That is a legacy cipher that is no longer needed to be + included as backup cipher. + + Resolves #120 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Feb 2 22:59:43 2017 +0100 + + x509: optimize subject alternative name access + + That reads SAN and IAN early on import, significantly reducing + the running time of functions which iterate over the alternative + names of a certificate, e.g., gnutls_x509_crt_check_hostname(). + + Relates #165 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sat Feb 4 14:28:30 2017 +0100 + + .travis.yml: list all logs on failure + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sat Feb 4 14:01:36 2017 +0100 + + tests: enable all IDNA tests when compiled with libidn2 + + Keep IDNA2003-only tests on the ifdef HAVE_LIBIDN. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sat Feb 4 07:50:03 2017 +0100 + + .travis.yml: updated instructions for travis builds + + Removed unbound and other minor fixes. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Feb 3 23:28:01 2017 +0100 + + extras/hex.h: do not use strlen as variable name + + That is, do not utilize a standard C function name as variable name. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Feb 3 23:11:27 2017 +0100 + + gnutls_pkcs11_obj_list_import_url4: always return an initialized pointer + + When returning success, but no elements, gnutls_pkcs11_obj_list_import_url4, + could have returned zero number of elements with a pointer that was uninitialized. + Ensure that an initialized (i.e., null in that case), pointer is always returned. + Reported by Jeremy Harris. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Feb 3 00:08:19 2017 +0100 + + .gitlab-ci.yml: use libidn2 on windows builds + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Feb 2 11:26:18 2017 +0100 + + gnutls_heartbeat_allowed: corrected type on dummy wrapper + + That is, when compiling without heartbeat support, compilation + could fail due to the dummy wrapper not returning the right + type. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Feb 2 08:27:14 2017 +0100 + + Address test suite failure due to timezone differences. + + Reported by Thorsten Glaser and Andreas Metzler. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Jan 31 17:06:16 2017 +0100 + + doc update [ci skip] + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Jan 31 07:38:50 2017 +0100 + + gnutls_heartbeat_allowed: corrected return type + + This reflects better the fact that this function returns + a boolean. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sat Jan 28 09:26:05 2017 +0100 + + _idn2_to_unicode_8z8z: do not err on mixed IDNA domains + + That is allow domains of the form 'großes.xn--fa-hia.de'. The + drawback is that we may not err early on invalid formatted + names. We however delegate any such decisions to libidn2. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Jan 27 10:07:28 2017 +0100 + + README.md: added link to travis build for 3.5.x [ci skip] + + In addition to adding a link to travis build for 3.5.x branch removed + link on 3.4.x branch. It is no longer active. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Jan 26 14:49:33 2017 +0100 + + heartbeat extension: doc update + + Document how to calculate the total TLS data transmitted. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Jan 26 13:21:39 2017 +0100 + + str-idna: improved error handling + + In addition to detecting input with invalid characters in _idn2_to_unicode_8z8z(), + we also add support for case insensitive punycode header. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Jan 25 15:45:57 2017 +0100 + + Updated auto-generated files + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Jan 25 03:35:54 2017 +0100 + + str-idna: cleanups in IDNA handling + + Ensure safe operation even with broken libidn2, and make + sure that we properly allocate memory to caller, even on complex + library configuration. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Jan 24 14:13:21 2017 +0100 + + fuzz: added run-afl helper script + + This script which allows running the fuzzying tests + locally using american fuzzy lop. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Jan 24 13:50:59 2017 +0100 + + fuzz: Added IDNA encoding/decoding fuzzying units + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Jan 24 13:43:54 2017 +0100 + + Move IDNA functionality to str-idna.c from str-unicode.c + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Jan 24 08:57:52 2017 +0100 + + tests: use the exported API for IDNA testing + + In addition group together the tests which require libidn2 >= 0.14. + This allows the tests to succeed. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Jan 24 08:55:06 2017 +0100 + + tools: depend on gnutls_idna_map() instead of using directly libidn/libidn2 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Jan 24 08:50:54 2017 +0100 + + Exported gnutls_idna_map() and gnutls_idna_reverse_map() + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Jan 24 07:56:12 2017 +0100 + + .gitlab-ci.yml: added run with IDNA2003 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Jan 24 18:59:51 2017 +0100 + + tests: simplified str-idna + + This separates the directions that are tested (utf-8 -> punycode + and vice versa). + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Jan 24 07:52:23 2017 +0100 + + configure: added flag to force IDNA2003 + + That allows to compile with libidn even if libidn2 is present, and + can be used to check IDNA2003 support. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Tim Rühsen +Date: Sat Jan 21 23:14:46 2017 +0100 + + Add support for libidn2 (IDNA 2008 + TR46) + + Signed-off-by: Tim Rühsen + +Author: Nikos Mavrogiannopoulos +Date: Wed Jan 25 08:55:40 2017 +0100 + + pkcs7 decryption: addressed memory leak in PBES1-DES-CBC-MD5 handling + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Jan 25 09:46:00 2017 +0100 + + minitasn1: updated to libtasn1 4.10 + +Author: Nikos Mavrogiannopoulos +Date: Wed Jan 25 03:24:34 2017 +0100 + + configure: do not disable valgrind tests unless explicitly specified + + ... or unless we are in release build. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Jan 24 16:28:41 2017 +0100 + + Makefile.am: increased the number of releases to perform ABI checks with + + That is added 3.4.0, 3.4.17 and 3.5.8. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Jan 20 16:55:26 2017 +0100 + + tests: verify that a written certificate will inherit its ID from privkey + + That is, whether p11tool will do the right thing and figure the proper + ID to use for a certificate object, if the public key is available. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Jan 20 16:33:03 2017 +0100 + + p11tool: re-use ID from corresponding objects when writing certificates + + That is when writing a certificate which has a corresponding public key, + or private key in the token, ensure that we use the same ID for the + objects. That eases the work of someone writing objects to certificates, + and does not require him to manually detect the object IDs. + + Resolves #160 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Alon Bar-Lev +Date: Fri Jan 20 19:18:09 2017 +0200 + + .gitlab-ci.yml: add Fedora/x86_64/no-tools + + Signed-off-by: Alon Bar-Lev + +Author: Alon Bar-Lev +Date: Fri Jan 20 23:12:36 2017 +0200 + + valgrind: support separate builddir for suppressions.valgrind + + Signed-off-by: Alon Bar-Lev + +Author: Alon Bar-Lev +Date: Fri Jan 20 21:14:22 2017 +0200 + + configure: remove void statement + + Signed-off-by: Alon Bar-Lev + +Author: Alon Bar-Lev +Date: Fri Jan 20 23:39:41 2017 +0200 + + tests: skip tests that requires tools if tools are disabled + + building with --disable-tools should not cause test failure. + + Signed-off-by: Alon Bar-Lev + +Author: Nikos Mavrogiannopoulos +Date: Sun Jan 22 00:59:41 2017 +0100 + + doc: improved documentation on DH parameters [ci skip] + +Author: Nikos Mavrogiannopoulos +Date: Fri Jan 20 14:36:51 2017 +0100 + + Revert "tests: suite: pkcs11: skip if no softhsm" + + This reverts commit 276a6ee44d80d4d3b144a78794020c177be8f0ea. + The reason is to avoid having changes in softhsm packaging, result + to skipping large parts of the test suite without someone noticing. + +Author: Nikos Mavrogiannopoulos +Date: Thu Jan 19 09:28:08 2017 +0100 + + _decode_pkcs8_dsa_key: ensure that the P value is non-zero + + When decoding a DSA private key, and constructing the public key + ensure that P is non-zero, and thus can be used as modulus. + + Issue found using oss-fuzz: + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=393 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Jan 19 09:24:19 2017 +0100 + + tests: added private key causing FPE + + Issue found using oss-fuzz: + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=393 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Jan 19 09:20:28 2017 +0100 + + _gnutls_decrypt_pbes1_des_md5_data: ensure that encrypted data size is a multiple of blocksize + + That prevents incorrect data reaching nettle which has only + assertion checks (leading to an abort). + + Issue found using oss-fuzz: + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=389 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Jan 19 09:14:29 2017 +0100 + + tests: added PKCS#8 key which causes undefined behavior on import + + Issue found using oss-fuzz: + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=389 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Jan 19 09:08:49 2017 +0100 + + tests: added certificate which reproduces a leak in gnutls_x509_ext_import_aia + + Issue found using oss-fuzz: + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=385 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Jan 19 09:08:04 2017 +0100 + + x509: eliminated memory leak on gnutls_x509_ext_import_aia + + Issue found using oss-fuzz: + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=385 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Jan 17 15:08:29 2017 +0100 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Wed Jan 18 13:51:32 2017 +0100 + + tests: added check which ensures a client cannot receive during handshake + + Relates #158 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Jan 18 09:51:35 2017 +0100 + + tests: added check which ensures a client cannot transmit during handshake + + Relates #158 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Jan 17 15:28:05 2017 +0100 + + tests: cleanup error reporting in handshake-false-start + +Author: Nikos Mavrogiannopoulos +Date: Wed Jan 18 13:47:02 2017 +0100 + + Refuse to receive data during handshake + + This prevents buggy applications from receiving non-authenticated data + that may have arrived during the handshake. + + Relates #158 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Jan 17 15:05:35 2017 +0100 + + Refuse to send data during handshake + + That prevents buggy applications from transmitting sensitive data during + handshake. + + Resolves #158 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sun Jan 15 10:40:02 2017 +0100 + + Disable AVX support when it is not supported by the CPU + + This mostly affects virtual systems. Reported by Frank Chen. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Jan 17 13:34:33 2017 +0100 + + opencdk: improved error code checking in the stream reading functions + + This amends 49be4f7b82eba2363bb8d4090950dad976a77a3a + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Jan 16 17:09:36 2017 +0100 + + minitasn1: updated to latest git version + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Jan 16 13:01:56 2017 +0100 + + doc: removed references to OpenPGP functions and enumerations + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sun Jan 15 11:11:19 2017 +0100 + + doc: removed documentation related to OpenPGP and guile + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Jan 6 08:26:17 2017 +0100 + + doc: removed documentation related to OpenPGP + + Also added section explaining why OpenPGP is being deprecated. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Jan 6 08:14:09 2017 +0100 + + openpgp.h: all openpgp functionality was marked as deprecated + + This is to prevent new applications using that functionality. + As the OpenPGP certificate for HTTPS (or TLS in general) never got + any traction, GnuTLS is the only implementation supporting it, + and the quality of the OpenPGP supporting code is questionable, + we deprecate that code with the intention to drop it completely + when an opportunity is given. + + Relates #102 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Jan 9 08:36:02 2017 +0100 + + tests: added missing file + +Author: Nikos Mavrogiannopoulos +Date: Mon Jan 9 08:18:33 2017 +0100 + + CONTRIBUTING.md: Improve instructions on git-template [ci skip] + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Alon Bar-Lev +Date: Thu Jan 5 10:35:29 2017 +0200 + + tests: remove bash usage + + Signed-off-by: Alon Bar-Lev + +Author: Alon Bar-Lev +Date: Thu Jan 5 14:01:30 2017 +0200 + + tests: suite: chain: support separate builddir + + Signed-off-by: Alon Bar-Lev + +Author: Alon Bar-Lev +Date: Thu Jan 5 10:34:07 2017 +0200 + + tests: skip tests that requires tools if tools are disabled + + building with --disable-tools should not cause test failure. + + Signed-off-by: Alon Bar-Lev + +Author: Alon Bar-Lev +Date: Tue Jan 3 16:46:46 2017 +0200 + + gitignore: update [ci skip] + + Signed-off-by: Alon Bar-Lev + +Author: Alon Bar-Lev +Date: Tue Jan 3 16:45:19 2017 +0200 + + gitignore: sort() + + Signed-off-by: Alon Bar-Lev + +Author: Nikos Mavrogiannopoulos +Date: Wed Jan 4 15:22:13 2017 +0100 + + opencdk: added error checking in the stream reading functions + + This addresses an out of memory error. Issue found using oss-fuzz: + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=337 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Jan 4 15:03:12 2017 +0100 + + tests: added test case with invalid openpgp cert + + This triggers an out of memory error. Issue found using oss-fuzz: + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=337 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Jan 4 14:56:50 2017 +0100 + + opencdk: cdk_pk_get_keyid: fix stack overflow + + Issue found using oss-fuzz: + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=340 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Jan 4 14:48:38 2017 +0100 + + tests: added test case with invalid openpgp cert + + This triggers a memory error. Issue found using oss-fuzz: + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=340 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Jan 4 14:47:11 2017 +0100 + + tests: added test case with invalid openpgp cert + + This triggers a memory error. Issue found using oss-fuzz: + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=346 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Jan 4 14:42:03 2017 +0100 + + opencdk: read_attribute: added more precise checks when reading stream + + That addresses heap read overflows found using oss-fuzz: + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=338 + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=346 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Jan 4 14:34:05 2017 +0100 + + tests: added test case with invalid openpgp cert + + This triggers a memory error. Issue found using oss-fuzz: + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=338 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Jan 4 14:31:26 2017 +0100 + + tests: openpgp-cert-parser: simplified + +Author: Nikos Mavrogiannopoulos +Date: Wed Jan 4 09:46:26 2017 +0100 + + auth rsa: eliminated memory leak on pkcs-1 formatting attack path + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Jan 4 09:42:25 2017 +0100 + + tests: added reproducer for server issues + + This allows to reproduce issues found on server side, by adding + a transcript in server-interesting. Currently it contains values + found using oss-fuzz. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Jan 4 09:32:17 2017 +0100 + + _decode_pkcs8_dsa_key: fixed memory leak on error path + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Jan 4 09:28:23 2017 +0100 + + decode_private_key_info: eliminate memory leaks on error path + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Jan 4 09:26:07 2017 +0100 + + _gnutls_x509_read_dsa_params: update params structure parameters size on successful read + + That will allow proper deinitialization of the parameters even if + the structure fill up doesn't succeed. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Jan 4 09:18:03 2017 +0100 + + tests: added test with private key that causes memory leak + + Issue found using oss-fuzz: + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=371 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Jan 4 09:10:54 2017 +0100 + + _gnutls_pkcs12_string_to_key: avoid division by zero when salt_size = 0 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Wed Jan 4 09:07:10 2017 +0100 + + tests: added test with PKCS#8 key that signals FPE + + Issue found using oss-fuzz: + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=376 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Alon Bar-Lev +Date: Sat Dec 31 05:07:47 2016 +0200 + + tests: skip tests that requires tools if tools are disabled + + building with --disable-tools should not cause test failure. + + Signed-off-by: Alon Bar-Lev + +Author: Alon Bar-Lev +Date: Tue Jan 3 14:56:05 2017 +0200 + + tests: cert-tests: pkcs12 drop builddir usage + + sync with other tests + + Signed-off-by: Alon Bar-Lev + +Author: Alon Bar-Lev +Date: Tue Jan 3 14:40:36 2017 +0200 + + tests: suite: pkcs11: skip if no softhsm + + similar to other tests + + Signed-off-by: Alon Bar-Lev + +Author: Nikos Mavrogiannopoulos +Date: Tue Jan 3 16:10:07 2017 +0100 + + gnutls_x509_ext_import_policies: fixed memory leak on error path + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Jan 3 15:53:27 2017 +0100 + + tests: added test case with invalid X.509 cert + + This triggers a memory leak. Issue found using oss-fuzz: + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=294 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Jan 3 15:49:37 2017 +0100 + + x509 output: fixed memory leak in AIA extension printing + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Jan 3 15:46:41 2017 +0100 + + tests: added test case with invalid X.509 cert + + Issue found using oss-fuzz: + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=300 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Jan 3 15:00:59 2017 +0100 + + doc: document how to enhance the testsuite with issues found + +Author: Nikos Mavrogiannopoulos +Date: Tue Jan 3 14:37:18 2017 +0100 + + status_request: eliminated leak on error path + + Issue found using oss-fuzz: + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=269 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Jan 3 13:49:18 2017 +0100 + + proc_server_kx: eliminated leak on error path + + Issue found using oss-fuzz: + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=272 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Jan 3 14:49:03 2017 +0100 + + tests: added reproducer for client issues + + This allows to reproduce issues found on client handling, by adding + a transcript in client-interesting. Currently it contains values + found using oss-fuzz. + + The client3.disabled transcript is disabled because it depends + on a fix in nettle. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Jan 3 13:39:43 2017 +0100 + + tests: do not run key-tests under leak sanitizer + + The reason is that we cannot distinguish between a memory leak on + application failure (which is followed by exit- thus should be ignored) + and an address sanitizer issue (which should never be ignored). + As such we disable leak detection with asan and rely on valgrind. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Jan 3 13:20:16 2017 +0100 + + tests: illegal-rsa: don't hide stderr + +Author: Nikos Mavrogiannopoulos +Date: Mon Jan 2 10:47:24 2017 +0100 + + tests: added suite for checking PKCS#7 structure import + + The initial (problematic) structures have been obtained from oss-fuzz + project. + +Author: Nikos Mavrogiannopoulos +Date: Tue Jan 3 11:39:13 2017 +0100 + + fuzz: added basic Makefile to assist in reproducing [ci skip] + + Also updated README.md + +Author: Nikos Mavrogiannopoulos +Date: Mon Jan 2 17:24:41 2017 +0100 + + Simplified contribution policy [ci skip] + + Also added a template to assist in the required steps to contribute. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Jan 2 17:05:29 2017 +0100 + + _gnutls_x509_get_signature: fix memory leak on error path + +Author: Nikos Mavrogiannopoulos +Date: Mon Jan 2 17:04:29 2017 +0100 + + tests: added test case with invalid X.509 certificate + + This certificate causes a memory leak while printing. + + Issue found using oss-fuzz: + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=280 + + Relates #156 + +Author: Nikos Mavrogiannopoulos +Date: Mon Jan 2 15:07:48 2017 +0100 + + valgrind: use different exit code to signify error + + This allows the test suite to differentiate between valgrind and expected + errors from tools. + +Author: Nikos Mavrogiannopoulos +Date: Mon Jan 2 15:01:26 2017 +0100 + + tests: cert-tests: force asan to return an error code other than one on failure + +Author: Nikos Mavrogiannopoulos +Date: Mon Jan 2 15:00:24 2017 +0100 + + gnutls_pkcs8_info: addressed memory leak on error path + +Author: Nikos Mavrogiannopoulos +Date: Mon Jan 2 14:55:14 2017 +0100 + + certtool: pkcs8_info_int: fix memory leak + +Author: Nikos Mavrogiannopoulos +Date: Mon Jan 2 13:44:46 2017 +0100 + + wrap_nettle_mpi_modm: bail on a modulus that is zero + + Relates #156 + +Author: Nikos Mavrogiannopoulos +Date: Mon Jan 2 13:32:41 2017 +0100 + + tests: added test for invalid private keys + + Also force asan to return an error code other than one (the normally + expected for invalid keys). + +Author: Nikos Mavrogiannopoulos +Date: Mon Jan 2 12:02:53 2017 +0100 + + x509: address leak in print_altname - cert printing + +Author: Nikos Mavrogiannopoulos +Date: Mon Jan 2 12:03:35 2017 +0100 + + tests: added certificate to reproduce memory leak + + Found by oss-fuzz project: + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=299 + + Relates #156 + +Author: Nikos Mavrogiannopoulos +Date: Mon Jan 2 11:05:21 2017 +0100 + + tests: added test case with invalid PKCS#8 data + + Issue found using oss-fuzz: + https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=363 + + Relates #156 + +Author: Nikos Mavrogiannopoulos +Date: Mon Jan 2 11:20:45 2017 +0100 + + nettle: added a safety net on wrap_nettle_cipher_setiv() + + Return error if attempting to set invalid IV size. + +Author: Nikos Mavrogiannopoulos +Date: Mon Jan 2 11:51:10 2017 +0100 + + pkcs7 decrypt: require a valid IV size on all ciphers + + That is, do not accept the IV size present in the structure as valid + without checking. + + Relates #156 + +Author: Nikos Mavrogiannopoulos +Date: Mon Jan 2 13:26:29 2017 +0100 + + fuzz: added a PBES1 PKCS#8 private key file into corpus + +Author: Nikos Mavrogiannopoulos +Date: Mon Jan 2 13:23:01 2017 +0100 + + pkcs8: pkcs8_key_info() will correctly detect non-encrypted files + +Author: Nikos Mavrogiannopoulos +Date: Mon Jan 2 13:19:49 2017 +0100 + + certtool: don't print PKCS#8 information when outputting DER data + +Author: Alex Gaynor +Date: Sun Jan 1 09:15:09 2017 -0500 + + Corrected a leak in OpenPGP sub-packet parsing. + + Signed-off-by: Alex Gaynor + +Author: Nikos Mavrogiannopoulos +Date: Mon Jan 2 10:13:48 2017 +0100 + + doc: fixed copyright date in gnutls.texi + +Author: Nikos Mavrogiannopoulos +Date: Mon Jan 2 08:43:47 2017 +0100 + + gnutls_rnd: document the available values of level [ci skip] + + This enables using the function by only checking the man page. + +Author: Nikos Mavrogiannopoulos +Date: Fri Dec 9 16:45:19 2016 +0100 + + pkcs11 verification: ensure that an issuer we retrieve is not blacklist + + It may happen in p11-kit trust module that a trusted certificate is + both in the trusted set, and the blacklisted set. To avoid accepting + a certificate when in both sets, we always check whether a trusted + issuer certificate is in the blacklisted set. + +Author: Alex Gaynor +Date: Fri Dec 30 21:17:22 2016 -0500 + + Attempt to fix a leak in OpenPGP cert parsing. + +Author: Nikos Mavrogiannopoulos +Date: Sat Dec 31 14:57:57 2016 +0100 + + tests: enable all the ciphersuite in openssl cli for DSS checks + +Author: Nikos Mavrogiannopoulos +Date: Sat Dec 31 11:48:44 2016 +0100 + + certtool: improved error reporting on file error + +Author: Nikos Mavrogiannopoulos +Date: Sat Dec 31 13:27:10 2016 +0100 + + tests: don't check against 3DES if disabled in openssl + +Author: Nikos Mavrogiannopoulos +Date: Sat Dec 31 13:25:23 2016 +0100 + + tests: do not pass the -dhparams to openssl 1.1.0; it doesn't work + +Author: Nikos Mavrogiannopoulos +Date: Sat Dec 31 12:14:44 2016 +0100 + + tests: simplified DH params format + + Also switch to RFC7919 DH params. + +Author: Nikos Mavrogiannopoulos +Date: Sat Dec 31 12:13:20 2016 +0100 + + tests: corrected type in openssl compat tests + +Author: Nikos Mavrogiannopoulos +Date: Sat Dec 31 12:12:33 2016 +0100 + + tests: added common variable for DH parameters + +Author: Nikos Mavrogiannopoulos +Date: Wed Dec 28 10:36:37 2016 +0100 + + tests: fixed paths in compat tests + +Author: Nikos Mavrogiannopoulos +Date: Wed Dec 28 09:04:59 2016 +0100 + + tests: better termination checking in compat tests + + This ensures that the exit code of all spawned processes is + checked. + +Author: Nikos Mavrogiannopoulos +Date: Sat Dec 31 10:12:34 2016 +0100 + + cfg.mk: exclude devel/ subdirectory from syntax checks + +Author: Nikos Mavrogiannopoulos +Date: Fri Dec 30 15:50:45 2016 +0100 + + certtool: properly report unencrypted PKCS#8 keys in --p8-info + +Author: Nikos Mavrogiannopoulos +Date: Fri Dec 30 15:41:53 2016 +0100 + + fuzz: added decrypted PKCS#8 keys + +Author: Nikos Mavrogiannopoulos +Date: Fri Dec 30 15:23:17 2016 +0100 + + fuzz: added PKCS#8 keys with low iteration count + + This makes sure that the fuzzer will not timeout while + trying to decode keys. + +Author: Nikos Mavrogiannopoulos +Date: Wed Dec 28 11:01:37 2016 +0100 + + submodules: use the github mirror of openssl + +Author: Alex Gaynor +Date: Mon Dec 26 13:15:25 2016 -0500 + + Do not infinite loop if an EOF occurs while skipping a PGP packet + + Signed-off-by: Alex Gaynor + +Author: Alex Gaynor +Date: Tue Dec 27 09:45:31 2016 -0500 + + Added a fuzzer for OpenPGP cert parsing + + Signed-off-by: Alex Gaynor + +Author: Nikos Mavrogiannopoulos +Date: Wed Dec 28 09:59:34 2016 +0100 + + fuzz: document the convention for initial values + +Author: Nikos Mavrogiannopoulos +Date: Wed Dec 28 09:58:20 2016 +0100 + + fuzz: Added initial values for DN, PKCS8 and X.509 tests + +Author: Alex Gaynor +Date: Mon Dec 26 15:59:03 2016 +0000 + + Added a parser for PKCS7 importing and printing + +Author: Nikos Mavrogiannopoulos +Date: Mon Dec 19 08:38:41 2016 +0100 + + fuzz: added X.509 DN parser + +Author: Nikos Mavrogiannopoulos +Date: Mon Dec 19 08:35:45 2016 +0100 + + fuzz: added PKCS#8 private key parser + +Author: Nikos Mavrogiannopoulos +Date: Wed Dec 21 08:18:24 2016 +0100 + + configure: introduced --with-priority-string option + + This allows specifying the priority string to be used with + gnutls_set_default_priority() on configure time. + +Author: Nikos Mavrogiannopoulos +Date: Mon Dec 19 21:35:53 2016 +0100 + + priorities: reset the profile flags when appending new flags + + That is, to avoid causing issues to applications calling gnutls_*priority_set() + multiple times with different parameters. In that case if multiple profiles are + used the outcome could be undefined. Now, the last call will prevail. + +Author: Nikos Mavrogiannopoulos +Date: Mon Dec 19 21:39:02 2016 +0100 + + gnutls_session_set_verify_cert: doc update + +Author: Nikos Mavrogiannopoulos +Date: Mon Dec 19 21:26:09 2016 +0100 + + Revert "priorities: set the additional verify flags instead of appending them" + + This reverts commit aaf49747f981f6c17cdc9ea7495a8948a5015ae2. + +Author: Nikos Mavrogiannopoulos +Date: Mon Dec 19 21:19:05 2016 +0100 + + doc update [ci skip] + +Author: Nikos Mavrogiannopoulos +Date: Mon Dec 19 19:01:31 2016 +0100 + + tests: added check for certtool loading CA certificates from PKCS#11 + +Author: Nikos Mavrogiannopoulos +Date: Fri Dec 9 15:52:49 2016 +0100 + + certtool: document that --load-ca-certificate can be used with PKCS#11 URLs + +Author: Nikos Mavrogiannopoulos +Date: Fri Dec 9 15:44:20 2016 +0100 + + certtool: load_ca_cert() can load a CA from URLs + +Author: Nikos Mavrogiannopoulos +Date: Fri Dec 9 11:36:13 2016 +0100 + + certtool: unified the CA certificate loading process + + That is, combined how CA certificates are loaded for --verify-chain, + --verify and --p7-verify. It is based on the trust list high level + functions, something that allows PKCS#11 URLs to be specified in + --load-ca-certificate. + +Author: Nikos Mavrogiannopoulos +Date: Mon Dec 19 16:15:50 2016 +0100 + + doc update [ci skip] + +Author: Nikos Mavrogiannopoulos +Date: Fri Dec 9 16:21:30 2016 +0100 + + .gitlab-ci.yml: changed buildroot to fedora25 + +Author: Nikos Mavrogiannopoulos +Date: Mon Dec 19 11:01:10 2016 +0100 + + tests: added check for multiple calls to gnutls_priority_set_direct() + +Author: Nikos Mavrogiannopoulos +Date: Mon Dec 19 10:49:34 2016 +0100 + + priorities: set the additional verify flags instead of appending them + + That is, to avoid causing issues to applications calling gnutls_*priority_set() + multiple times with different parameters. In that case if multiple profiles are + used the combo could be undefined. + +Author: Nikos Mavrogiannopoulos +Date: Mon Dec 19 10:36:01 2016 +0100 + + verify: print certificate on sec param failure + +Author: Nikos Mavrogiannopoulos +Date: Thu Dec 15 15:08:31 2016 +0100 + + x509: corrected leak in certificate printing + + The leak could be triggered if the certificate policies to be imported are + invalid. + +Author: Nikos Mavrogiannopoulos +Date: Thu Dec 15 15:02:18 2016 +0100 + + gnutls_x509_ext_import_proxy: fix issue reading the policy language + + If the language was set but the policy wasn't, that could lead to + a double free, as the value returned to the user was freed. + +Author: Nikos Mavrogiannopoulos +Date: Thu Dec 15 14:50:36 2016 +0100 + + tests: added certificate which was causing issues in gnutls_x509_crt_print() + +Author: Nikos Mavrogiannopoulos +Date: Thu Dec 15 14:47:13 2016 +0100 + + tests: improved certder to easily load certificates from a directory + + That allows to place certificates in certs-interesting/ and these + will be loaded and checked upon the new "cert" test case. + +Author: Nikos Mavrogiannopoulos +Date: Thu Dec 15 14:06:06 2016 +0100 + + doc update + +Author: Alexander Kanavin +Date: Wed Dec 14 17:42:45 2016 +0200 + + Do not add cli-args.h to cli-args.stamp Makefile target + + Signed-off-by: Alexander Kanavin + +Author: Alex Gaynor +Date: Thu Dec 15 08:08:45 2016 -0500 + + Describe the integration + +Author: Alex Gaynor +Date: Thu Dec 15 07:27:47 2016 -0500 + + Move to the devel dir + +Author: Alex Gaynor +Date: Tue Dec 13 20:14:33 2016 -0500 + + Added a server fuzzer + +Author: Alex Gaynor +Date: Mon Dec 12 08:09:49 2016 -0500 + + Migrated fuzzers from the oss-repo to here. + + Also added a new private_key_parser fuzzer. + +Author: Dmitry Eremin-Solenikov +Date: Wed Dec 14 18:07:05 2016 +0300 + + Drop _gnutls_epoch_get_compression + + This function is unused since long ago, let's drop it. + + Signed-off-by: Dmitry Eremin-Solenikov + +Author: Dmitry Eremin-Solenikov +Date: Wed Dec 14 17:51:56 2016 +0300 + + Rework setting next compression method + + Only update compression method if all internal check succeed and next + epoch will use this it. Also while we are at at, actually check for + _gnutls_set_compression() return value. + + Signed-off-by: Dmitry Eremin-Solenikov + +Author: Dmitry Eremin-Solenikov +Date: Wed Dec 14 17:51:56 2016 +0300 + + Rework setting next cipher suite + + Only update cipher_suite if all internal check succeed and next epoch + will use this ciphe suite. Also while we are at at, actually check for + _gnutls_set_cipher_suite() return value. + + Signed-off-by: Dmitry Eremin-Solenikov + +Author: Dmitry Eremin-Solenikov +Date: Mon Nov 28 13:16:13 2016 +0300 + + Cache MAC algorithm used for PRF function + + Instead of spreading checks all over the GnuTLS, cache used PRF after + setting the cipher suite and reference the value later. Like in + _gnutls_PRF_raw the GNUTLS_MAC_MD5_SHA1 means MD5+SHA1 combo. + + Signed-off-by: Dmitry Eremin-Solenikov + +Author: Dmitry Eremin-Solenikov +Date: Wed Dec 14 04:11:11 2016 +0300 + + Use MAC_MD5_SHA1 instead of MAC_UNKNOWN to specify TLS 1.0 PRF + + Signed-off-by: Dmitry Eremin-Solenikov + +Author: Dmitry Eremin-Solenikov +Date: Wed Dec 14 03:52:06 2016 +0300 + + Rewrite SSL/TLS signature verification to use combined MD5+SHA1 digest + + Signed-off-by: Dmitry Eremin-Solenikov + +Author: Dmitry Eremin-Solenikov +Date: Wed Dec 14 03:52:06 2016 +0300 + + Rewrite SSL/TLS signing code to use combined MD5+SHA1 digest + + Signed-off-by: Dmitry Eremin-Solenikov + +Author: Dmitry Eremin-Solenikov +Date: Wed Dec 14 03:15:49 2016 +0300 + + Add special MD5+SHA1 digest to simplify TLS signature code + + Signed-off-by: Dmitry Eremin-Solenikov + +Author: Nikos Mavrogiannopoulos +Date: Wed Dec 14 10:52:27 2016 +0100 + + _gnutls_pkcs_raw_decrypt_data: merge all errors during decryption to GNUTLS_E_DECRYPTION_FAILED + + This makes the function's return values simpler to handle. + +Author: Dmitry Eremin-Solenikov +Date: Wed Dec 14 00:46:16 2016 +0300 + + configure.ac: remove autogen'erated files only if necessary + + Currently autogen'erated files will be removed on each call to + configure. However this would break the build if one of previous + make invocations have created corresponding stamp files. + + Signed-off-by: Dmitry Eremin-Solenikov + +Author: Nikos Mavrogiannopoulos +Date: Wed Dec 14 09:50:24 2016 +0100 + + bumped versions and added news entry for 3.6.0 [ci skip] + +Author: Nikos Mavrogiannopoulos +Date: Wed Dec 14 09:46:18 2016 +0100 + + README.md: added information on the 3.5.x builds + +Author: Nikos Mavrogiannopoulos +Date: Tue Dec 13 11:41:12 2016 +0100 + + tests: added test for PKCS#8 encrypted key decoding + + This also verifies that the return value when attempting to + decrypt without a password is GNUTLS_E_DECRYPTION_FAILED. + +Author: Nikos Mavrogiannopoulos +Date: Tue Dec 13 11:27:38 2016 +0100 + + pkcs8: ensure that the correct error code is returned on decryption failure + +Author: Nikos Mavrogiannopoulos +Date: Sat Dec 10 13:15:16 2016 +0100 + + doc update [ci skip] + +Author: Nikos Mavrogiannopoulos +Date: Fri Dec 9 15:44:47 2016 +0100 + + doc: updated to documentation of certtool [ci skip] + + This corrects options which incorrectly mentioned they support URLs. + +Author: Nikos Mavrogiannopoulos +Date: Fri Dec 9 11:54:30 2016 +0100 + + x509: better documented gnutls_trust_list_flags_t + +Author: Nikos Mavrogiannopoulos +Date: Fri Dec 9 15:06:55 2016 +0100 + + tests: disable ASAN leak checks on suite tests + + These detect memory leaks in the tools in src/ which are + not critical nor there is serious reason to address. + +Author: Nikos Mavrogiannopoulos +Date: Fri Dec 9 12:03:33 2016 +0100 + + tests: disable ASAN leak checks on certificate tests + + These detect memory leaks in the tools in src/ which are + not critical nor there is serious reason to address. + +Author: Nikos Mavrogiannopoulos +Date: Fri Dec 9 09:54:14 2016 +0100 + + tests: enhanced long-session-id test + + This ensures that no leaks exist during exit (to avoid asan failures), + and that we test for the specific error code that gnutls_handshake() + is expected to return. + +Author: Nikos Mavrogiannopoulos +Date: Fri Dec 9 09:52:20 2016 +0100 + + handshake: return GNUTLS_E_ILLEGAL_PARAMETER on invalid ID size + + This is a more sensible error code to return on invalid packet. + +Author: Nikos Mavrogiannopoulos +Date: Fri Dec 9 09:15:59 2016 +0100 + + tests: eliminate compilation warning in crq-basic [ci skip] + +Author: Nikos Mavrogiannopoulos +Date: Thu Dec 8 15:41:40 2016 +0100 + + .gitlab-ci.yml: do not enable IDN support in minimal build + +Author: Nikos Mavrogiannopoulos +Date: Fri Dec 2 14:57:41 2016 +0100 + + configure.ac: use AC_CONFIG_LINKS to copy autogenerated files + +Author: Nikos Mavrogiannopoulos +Date: Fri Dec 2 09:22:38 2016 +0100 + + Added autogen pre-generated files into repository + + This allows building gnutls from git in systems without using + autogen. + +Author: Nikos Mavrogiannopoulos +Date: Wed Dec 7 14:28:46 2016 +0100 + + configure: added option to enable maintainer mode + + That makes normal builds, not regenerate Makefiles or configure, + allowing for faster CI builds on second stage. + +Author: Nikos Mavrogiannopoulos +Date: Tue Nov 15 09:03:59 2016 +0100 + + .gitlab-ci.yml: split the CI run into stages + + In addition avoid re-generating images for operating systems + on every build and use pre-built images, which are generated in + the gnutls-build-images sub-project. That allows for faster and + more reliable (independent of network) CI runs. + +Author: Nikos Mavrogiannopoulos +Date: Thu Dec 1 21:40:14 2016 +0100 + + .gitlab-ci.yml: use local libopts on x86 + + This works around autogen failures on x86-64 centos7 CI hosts. + +Author: Nikos Mavrogiannopoulos +Date: Thu Dec 8 16:35:24 2016 +0100 + + doc: updated documentation on multithreading [ci skip] + + Resolves #154 + +Author: Nikos Mavrogiannopoulos +Date: Thu Dec 8 16:27:36 2016 +0100 + + doc: list gnutls_init_flags_t [ci skip] + + Suggested by Tyler Burns. + +Author: Nikos Mavrogiannopoulos +Date: Thu Dec 8 15:54:07 2016 +0100 + + tests: make conditional (to HAVE_LIBIDN) any IDN related checks + + This allows the test suite to successfully complete even when compiled + without libidn. + +Author: Nikos Mavrogiannopoulos +Date: Thu Dec 8 15:44:28 2016 +0100 + + str: do not call gnutls_assert in inline function + + This allows the build to succeed when compiled without libidn. + +Author: Nikos Mavrogiannopoulos +Date: Thu Dec 8 13:09:35 2016 +0100 + + tests: disable leak checks in rsa-md5-collision.sh + +Author: Nikos Mavrogiannopoulos +Date: Thu Dec 8 14:04:07 2016 +0100 + + tests: split and enhanced UTF-8 name checks from hostname-check + + That is, added checks to ensure that non-ASCII DNS names in certificates + fail, and that properly encoded IDNA2003 names, succeed. + +Author: Nikos Mavrogiannopoulos +Date: Thu Dec 8 13:54:53 2016 +0100 + + tests: added check with failed verification on invalid UTF-8 + + That is, check whether raw UTF-8 in the certificate will fail + verification. Raw UTF-8 is prohibited by IETF PKIX (RFC5280) on a + certificate. + +Author: Nikos Mavrogiannopoulos +Date: Thu Dec 8 13:40:41 2016 +0100 + + tests: updated cert with UTF8 names to contain proper IDNA2003 encoded names + +Author: Nikos Mavrogiannopoulos +Date: Thu Dec 8 13:28:00 2016 +0100 + + gnutls_x509_crt_check_email type changed to unsigned + + This reflects the documented returned value type (bool), and + allows the compiler to warn on accidental checks for negative + value. + +Author: Nikos Mavrogiannopoulos +Date: Thu Dec 8 13:20:05 2016 +0100 + + x509: do not attempt to ACE encode values stored in certificates + + The email and hostname values are required to be in ASCII form by PKIX. + We instead ignore these names, if their values are outside the ASCII + printable character set. + +Author: Nikos Mavrogiannopoulos +Date: Thu Dec 8 08:08:28 2016 +0100 + + .gitlab-ci.yml: removed libintl references + + They are no longer shipped in the build systems. + +Author: Nikos Mavrogiannopoulos +Date: Thu Dec 8 07:32:18 2016 +0100 + + tests: added missing test in dist + +Author: Nikos Mavrogiannopoulos +Date: Thu Dec 8 07:23:18 2016 +0100 + + tests: corrected typos in starttls.sh + + This allows to detect chat in most systems. + +Author: Nikos Mavrogiannopoulos +Date: Thu Dec 8 07:17:34 2016 +0100 + + bumped version + +Author: Nikos Mavrogiannopoulos +Date: Wed Dec 7 15:43:21 2016 +0100 + + tests: reduced the intermediate steps in rsa-md5-collision + +Author: Nikos Mavrogiannopoulos +Date: Wed Dec 7 13:24:34 2016 +0100 + + configure: break after finding the first libtspi + + It may happen that multiple versions are available on a system, + and by using the first one we ensure, that we are using the + 64-bit version on 64-bit system, instead of falling back to + the 32-bit. + +Author: Nikos Mavrogiannopoulos +Date: Wed Dec 7 13:20:08 2016 +0100 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Wed Dec 7 10:56:30 2016 +0100 + + tests: added operational -sign/verify- tests in keygen app + + This will check that a generated key is immediately usable for + operations. + +Author: Nikos Mavrogiannopoulos +Date: Wed Dec 7 10:27:01 2016 +0100 + + gnutls_x509_privkey_cpy: use _gnutls_pk_params_copy + + This ensures that all fields of parameters are copied. Inspired + by patch of Dmitry Eremin-Solenikov. + +Author: Nikos Mavrogiannopoulos +Date: Wed Dec 7 10:30:13 2016 +0100 + + tests: enhanced keygen to include check of gnutls_x509_privkey_cpy + +Author: Nikos Mavrogiannopoulos +Date: Wed Dec 7 08:58:30 2016 +0100 + + tests: added tests for CRL generation APIs + +Author: Nikos Mavrogiannopoulos +Date: Wed Dec 7 09:05:01 2016 +0100 + + x509 crl: document the nextUpdate field limitation + +Author: Dmitry Eremin-Solenikov +Date: Tue Dec 6 22:41:28 2016 +0300 + + Don't trash DER CRQ output with text data + + Signed-off-by: Dmitry Eremin-Solenikov + +Author: Nikos Mavrogiannopoulos +Date: Wed Dec 7 08:59:03 2016 +0100 + + x509 crl: Allow generation of CRLs not to specify a nextUpdate + +Author: Nikos Mavrogiannopoulos +Date: Tue Dec 6 20:03:31 2016 +0100 + + doc update [ci skip] + +Author: Nikos Mavrogiannopoulos +Date: Tue Dec 6 13:07:57 2016 +0100 + + tests: updated overhead calculation for new code + +Author: Nikos Mavrogiannopoulos +Date: Wed Nov 30 11:57:56 2016 +0100 + + DTLS: more precise overhead calculation + + That takes into account space available due to padding, and + allows it to be included for use in the gnutls_get_data_mtu(). + + Resolves #140 + +Author: Nikos Mavrogiannopoulos +Date: Wed Nov 30 09:54:45 2016 +0100 + + tests: added check for MTU calculation on DTLS 1.2 + +Author: Nikos Mavrogiannopoulos +Date: Mon Dec 5 10:36:04 2016 +0100 + + src: clean all stamp files on 'make clean' + +Author: Nikos Mavrogiannopoulos +Date: Mon Dec 5 10:33:07 2016 +0100 + + configure: search 64-bit paths for libtspi before 32-bit paths + + That is, because 64-bit systems may have both 64-bit and 32-bit paths + while 32-bit systems only the latter. + +Author: James Bottomley +Date: Sat Dec 3 14:36:40 2016 -0800 + + tpm: fix handling of keys requiring authorization + + There are several problems with the key handling in the tpm code. + + The first, and most serious, is that we should make sure we understand + the authorization requirements of a key *before* using it. The reason + for this is that the TPM has a dictionary attack defence and is + programmed to lock up after a certain number of authorization failures + (which can be very small). If we try first without authorization, we + may lock up the TPM. The fix for this is to check whether + authorization is required and supply it before using the key. + + Secondly, if the key does require authorization but no password is + supplied we should return immediately, since we know the TPM will give + us an authorization error anyway. + + Thirdly, we should unconditionally read the policy of the key rather + than checking if a policy exists: Policies are tied to key objects, so + if there is an old policy in s->tpm_key_policy, but we're creating a + new key, the key it belonged to will be closed, meaning the policy + will be invalid. Fix this by always setting the policy each time we + get a new key object. + + Signed-off-by: James Bottomley + +Author: Nikos Mavrogiannopoulos +Date: Sun Dec 4 09:56:13 2016 +0100 + + In import_tpm_key_cb() fix the wrong password loop + + When calling import_tpm_key() once it initializes the key, but + a second call fails due to the key being already initialized. Ensure + that failure of import_tpm_key() leaves the key on a clear state. + + Reported by James Bottomley . + +Author: Nikos Mavrogiannopoulos +Date: Sun Dec 4 18:48:55 2016 +0100 + + src gl: updated + +Author: Nikos Mavrogiannopoulos +Date: Fri Dec 2 15:59:17 2016 +0100 + + gl: removed iconv module + + It is no longer used by the library. + +Author: Nikos Mavrogiannopoulos +Date: Sun Dec 4 10:11:19 2016 +0100 + + configure.ac: detect trousers library on debian + +Author: Andreas Metzler +Date: Sat Dec 3 14:29:51 2016 +0100 + + Prevent unwanted linkage to -lhogweed + + Specify action-if-found for AC_CHECK_LIB when checking for !SuiteB + curves to keep autoconf from adding -lhogweed to LIBS. This caused + linkage of e.g. openssl wrapper and C++ library to -lhogweed. The issue + only shows up if --disable-libdane is specified, since the dane autoconf + test resets LIBS. + +Author: James Bottomley +Date: Fri Dec 2 15:28:08 2016 -0800 + + Fix inability to find libtspi (trousers) on openSUSE + + For distro reasons, the path on openSUSE is /lib[64]/libtspi.so.1 + which the current code doesn't find. Fix this by having it search all + viable system library locations (/lib /lib64 /usr/lib and + /usr/lib/lib64) + + Signed-off-by: James Bottomley + +Author: Nikos Mavrogiannopoulos +Date: Fri Dec 2 16:27:58 2016 +0100 + + x509: fixed output of pubkey + +Author: Nikos Mavrogiannopoulos +Date: Thu Dec 1 16:41:55 2016 +0100 + + doc: document the fact that certificates and CRLs are unusable after generation + + They must be exported and re-imported if intended to be used for + signing or verification. + +Author: Nikos Mavrogiannopoulos +Date: Thu Dec 1 16:32:04 2016 +0100 + + doc: no longer list SHA1 as a safe choice in X.509 signing + +Author: Nikos Mavrogiannopoulos +Date: Thu Dec 1 16:19:31 2016 +0100 + + certtool: prevent-null termination of buffers allocated with fread_file() + + We do not know whether their allocated size allows for that additional + null, and we do not need the null termination. + +Author: Nikos Mavrogiannopoulos +Date: Thu Dec 1 08:40:13 2016 +0100 + + gnutls_x509_crl_verify: always return zero on success + + Also document that in previous versions a positive number could + be returned on success. Reported by Adrien Beraud. + +Author: Nikos Mavrogiannopoulos +Date: Thu Dec 1 14:09:15 2016 +0100 + + tests: corrected space-tab issue + +Author: Nikos Mavrogiannopoulos +Date: Thu Dec 1 10:04:45 2016 +0100 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Thu Dec 1 09:55:51 2016 +0100 + + Improved messages and violation handling in signature key usage checks + + This will now tolerate violations in server certificate, if + %DEBUG_ALLOW_KEY_USAGE_VIOLATIONS is set. + +Author: Nikos Mavrogiannopoulos +Date: Thu Dec 1 09:48:56 2016 +0100 + + Removed redundant certificate key usage checks. + + There were redundant checks when a certificate was obtained, as + well as prior to performing operations with certificates/pubkeys. + Kept the checks prior to operations. + +Author: Nikos Mavrogiannopoulos +Date: Thu Dec 1 09:45:26 2016 +0100 + + _gnutls_map_pk_get_pk -> _gnutls_map_kx_get_pk + +Author: Nikos Mavrogiannopoulos +Date: Wed Nov 30 14:18:51 2016 +0100 + + gnutls_kx_get: allow calling the function during handshake + + Previous this function would return garbage during handshake, because + parameters were not considered established, however there are valid + uses of this function during it. For that reason this function is + modified to return a correct value even during handshake (after + a hello is being exchanged). + +Author: Nikos Mavrogiannopoulos +Date: Wed Nov 30 14:14:42 2016 +0100 + + _gnutls_check_key_usage: check for invalid key exchange algorithm + + Reported by Dmitry Eremin-Solenikov. + +Author: Nikos Mavrogiannopoulos +Date: Wed Nov 30 14:56:41 2016 +0100 + + tests: added checks on signature key usage violations + +Author: Nikos Mavrogiannopoulos +Date: Thu Dec 1 09:10:41 2016 +0100 + + .gitlab-ci.yml: added docker tag on mingw builds + + That ensures that these builds are done on the gitlab.com runners + which run as privileged containers (and thus have access to mount). + +Author: Nikos Mavrogiannopoulos +Date: Wed Nov 30 09:20:26 2016 +0100 + + privkey: set the key parameters algorithm prior to returning success + +Author: Nikos Mavrogiannopoulos +Date: Wed Nov 30 09:15:06 2016 +0100 + + When decoding a public key ensure that algorithm is written in the params struct + + Reported by Dmitry Eremin-Solenikov. + +Author: Nikos Mavrogiannopoulos +Date: Wed Nov 30 08:54:09 2016 +0100 + + cfg.mk: disable checks for public submodule updates in CI + +Author: Nikos Mavrogiannopoulos +Date: Wed Nov 30 08:44:40 2016 +0100 + + .gitlab-ci.yml: do not require update to /proc/sys/fs/binfmt_misc to succeed + + In some CI systems, it is not possible to write to this filesystem, and + they already have the wine executable registered. In the case we cannot + write proceed to running the check and hope for the best. + +Author: Nikos Mavrogiannopoulos +Date: Tue Nov 29 16:00:30 2016 +0100 + + tests: use datefudge in rsa-md5-collision check + + This makes sure that any failure detected is not because of + expired certificates, but because of MD5 being disabled. + +Author: Nikos Mavrogiannopoulos +Date: Tue Nov 29 15:51:18 2016 +0100 + + tools: use stamp files to allow parallel build of autogen files + + Autogen seems to output on the creates files gradually, something that + makes 'make' believe that the command is complete prior to the output + file being fully populated. The current approach uses stamp files to + ensure that no incomplete files are used for compilation. + +Author: Nikos Mavrogiannopoulos +Date: Tue Nov 29 13:44:01 2016 +0100 + + guile: do not use +COMP-DEFLATE in priorities test + + This allows the test to work even in the cases where gnutls + is compiled without zlib support. + +Author: Nikos Mavrogiannopoulos +Date: Mon Nov 28 18:19:43 2016 +0100 + + moved all syntax check exceptions in cfg.mk + +Author: Nikos Mavrogiannopoulos +Date: Tue Nov 29 07:57:26 2016 +0100 + + .gitlab-ci.yml: added zlib dependency + +Author: Nikos Mavrogiannopoulos +Date: Mon Nov 28 12:48:25 2016 +0100 + + .gitlab-ci.yml: fixed artifacts paths for Debian build + +Author: Nikos Mavrogiannopoulos +Date: Mon Nov 28 10:26:14 2016 +0100 + + tests: str-unicode: check whether exceptions are tolerated on decryption + +Author: Nikos Mavrogiannopoulos +Date: Mon Nov 28 10:01:02 2016 +0100 + + tests: added exception and join control characters in str-unicode + +Author: Nikos Mavrogiannopoulos +Date: Mon Nov 28 09:38:38 2016 +0100 + + unistring: added property-join-control + +Author: Nikos Mavrogiannopoulos +Date: Fri Nov 25 17:49:10 2016 +0100 + + unistring: added default_ignorable_code_point and not_a_character tests + +Author: Nikos Mavrogiannopoulos +Date: Fri Nov 25 17:23:51 2016 +0100 + + unistring: added NFKC normalization + +Author: Nikos Mavrogiannopoulos +Date: Fri Nov 25 15:29:43 2016 +0100 + + unistring: included all possible categories for simplicity and extensibility + +Author: Nikos Mavrogiannopoulos +Date: Fri Nov 25 14:55:37 2016 +0100 + + tests: enhanced str-unicode with more char sets + +Author: Nikos Mavrogiannopoulos +Date: Fri Nov 25 14:20:11 2016 +0100 + + gnutls_utf8_password_normalize: perform more strict check on input characters + + That is, ensure that the input characters are in the valid class of characters + for the PRECIS FreeformClass. + +Author: Nikos Mavrogiannopoulos +Date: Fri Nov 25 13:11:44 2016 +0100 + + tests: fixed str-unicode tests with control characters + +Author: Nikos Mavrogiannopoulos +Date: Fri Nov 25 13:02:48 2016 +0100 + + gnutls_utf8_password_normalize: avoid use of strlen() + +Author: Nikos Mavrogiannopoulos +Date: Mon Nov 28 11:03:28 2016 +0100 + + tests: added pkcs12 file with long password + +Author: Nikos Mavrogiannopoulos +Date: Fri Nov 25 16:09:20 2016 +0100 + + renamed system/iconv.c -> str-iconv.c + + We no longer use the system's functionality for converting between + charsets (we use libunistring), hence it is no longer suitable for + the wrappers to stay in system/. + +Author: Nikos Mavrogiannopoulos +Date: Fri Nov 25 11:58:14 2016 +0100 + + x509: when printing ACE DNSnames ensure the actual name is also printed + +Author: Nikos Mavrogiannopoulos +Date: Fri Nov 25 11:47:53 2016 +0100 + + tests: added unit tests of of _gnutls_idna_reverse_map + +Author: Nikos Mavrogiannopoulos +Date: Fri Nov 25 11:34:19 2016 +0100 + + introduced _gnutls_idna_reverse_map() + + This function allows mapping ACE formatted domains to UTF-8. + +Author: Nikos Mavrogiannopoulos +Date: Fri Nov 25 10:05:28 2016 +0100 + + Combined checks for printable characters + +Author: Nikos Mavrogiannopoulos +Date: Fri Nov 25 09:58:58 2016 +0100 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Wed Nov 23 08:44:59 2016 +0100 + + tests: updated crt_apis to include setting UTF-8 SAN + +Author: Nikos Mavrogiannopoulos +Date: Wed Nov 23 08:17:13 2016 +0100 + + tests: updated crq_apis to include setting UTF-8 SAN + +Author: Nikos Mavrogiannopoulos +Date: Fri Nov 25 09:48:56 2016 +0100 + + gnutls_idna_map: check for printable data prior to mapping + +Author: Nikos Mavrogiannopoulos +Date: Wed Nov 23 10:53:23 2016 +0100 + + gnutls_x509_aia_set: IDNA encode when needed + +Author: Nikos Mavrogiannopoulos +Date: Wed Nov 16 14:48:59 2016 +0100 + + When writing alternative names to certificates ensure we write in ACE format + +Author: Nikos Mavrogiannopoulos +Date: Fri Nov 25 10:39:10 2016 +0100 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Thu Nov 24 16:30:49 2016 +0100 + + tests: added pkcs7 verification with struct generated from openssl (with keyid) + +Author: Nikos Mavrogiannopoulos +Date: Thu Nov 24 15:44:35 2016 +0100 + + tests: added pkcs7 verification with struct generated from openssl + +Author: Nikos Mavrogiannopoulos +Date: Fri Nov 25 10:23:00 2016 +0100 + + doc: added certificate for ECC with any purpose + +Author: Nikos Mavrogiannopoulos +Date: Thu Nov 24 16:40:15 2016 +0100 + + pkcs7: return GNUTLS_E_PK_SIG_VERIFY_FAILED on hash mismatch + + In addition introduce a new error code to warn about no embedded data. + +Author: Nikos Mavrogiannopoulos +Date: Thu Nov 24 16:33:18 2016 +0100 + + pkcs7: only print signer's issuer DN when DN has contents + +Author: Nikos Mavrogiannopoulos +Date: Thu Nov 24 14:51:15 2016 +0100 + + pkcs7: added recursive discovery of structure's signer + + This uses the PKCS#7 certificate list as a pool of certificates + to generate a certificate chain that leads to our root CAs. + +Author: Nikos Mavrogiannopoulos +Date: Thu Nov 24 15:11:31 2016 +0100 + + pkcs7: on data verification failure log the signer + +Author: Nikos Mavrogiannopoulos +Date: Thu Nov 24 13:17:41 2016 +0100 + + tests: added complex verification example using PKCS#7 + + That uses multiple intermediate certificates from the PKCS#7 structure. + +Author: Nikos Mavrogiannopoulos +Date: Thu Nov 24 14:32:28 2016 +0100 + + doc: updated gnutls_x509_trust_list_verify_crt2() + +Author: Nikos Mavrogiannopoulos +Date: Thu Nov 24 13:14:16 2016 +0100 + + pkcs7: pass the verification flags down to gnutls_x509_trust_list_verify_crt2, in find_signer() + + This allows for flags like GNUTLS_VERIFY_DISABLE_TIME_CHECKS to apply when + verifying PKCS#7 structures. + +Author: Nikos Mavrogiannopoulos +Date: Thu Nov 24 09:54:17 2016 +0100 + + pkcs7: corrected iteration over stored certificates + + This allows to use all possibly stored certificates on chain discovery, + not only the first. + +Author: Nikos Mavrogiannopoulos +Date: Thu Nov 24 09:53:58 2016 +0100 + + pkcs7: added debug logging on verification discovery + +Author: Nikos Mavrogiannopoulos +Date: Thu Nov 24 14:54:46 2016 +0100 + + errors.h: added _gnutls_reason_log + +Author: Nikos Mavrogiannopoulos +Date: Thu Nov 24 09:49:13 2016 +0100 + + errors.h: added _gnutls_cert_log + + This log function allows to easily log the name of a certificate. + +Author: Andreas Schneider +Date: Thu Nov 24 17:31:45 2016 +0100 + + certtool: One if check is enough + + Signed-off-by: Andreas Schneider + +Author: Nikos Mavrogiannopoulos +Date: Thu Nov 24 08:37:47 2016 +0100 + + corrected log message [ci skip] + +Author: Nikos Mavrogiannopoulos +Date: Wed Nov 23 21:09:03 2016 +0100 + + gnutls_idna_map was prefixed with underscore to avoid clashes with exported symbols + +Author: Nikos Mavrogiannopoulos +Date: Wed Nov 23 14:37:47 2016 +0100 + + more files to ignore + +Author: Nikos Mavrogiannopoulos +Date: Wed Nov 23 14:30:48 2016 +0100 + + avoid the use of c_isascii() and use c_isprint() + + That latter detects correctly the printable characters we are + interested in. + +Author: Nikos Mavrogiannopoulos +Date: Mon Nov 21 15:45:22 2016 +0100 + + tests: added unit tests for gnutls_idna_map() + +Author: Nikos Mavrogiannopoulos +Date: Wed Nov 23 13:12:08 2016 +0100 + + IDNA code re-organization + + That introduces the internal function gnutls_idna_map(), which + utilizes libidn and libunistring to convert hostnames to IDNA ACE + form. + +Author: Nikos Mavrogiannopoulos +Date: Tue Nov 22 16:57:01 2016 +0100 + + tests: updated outputs to reflect new fingerprint/keyid formats + +Author: Nikos Mavrogiannopoulos +Date: Tue Nov 22 16:56:41 2016 +0100 + + tests: made tmp files unique + +Author: Nikos Mavrogiannopoulos +Date: Tue Nov 22 16:43:25 2016 +0100 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Tue Nov 22 16:42:14 2016 +0100 + + Align the printing of a certificate's fingerprint with the key ID printing + +Author: Nikos Mavrogiannopoulos +Date: Tue Nov 22 16:35:58 2016 +0100 + + Print a key's or certificate's key ID with SHA256 in addition to SHA1 + +Author: Nikos Mavrogiannopoulos +Date: Tue Nov 22 16:18:01 2016 +0100 + + certtool: address compiler warnings + +Author: Nikos Mavrogiannopoulos +Date: Tue Nov 22 09:31:19 2016 +0100 + + doc: document the RFC7613 normalization of passwords [ci skip] + +Author: Nikos Mavrogiannopoulos +Date: Mon Nov 21 21:16:28 2016 +0100 + + unistring: include only the required categories + + In addition fix the license text of the included library. + +Author: Nikos Mavrogiannopoulos +Date: Wed Nov 16 15:50:39 2016 +0100 + + server_name: log server name sent + +Author: Nikos Mavrogiannopoulos +Date: Wed Nov 16 16:47:15 2016 +0100 + + x509/output: improve log message on embedded null + +Author: Nikos Mavrogiannopoulos +Date: Mon Nov 21 12:00:28 2016 +0100 + + build-aux: added unused-parameter.h + +Author: Nikos Mavrogiannopoulos +Date: Mon Nov 21 11:36:43 2016 +0100 + + .gitlab-ci.yml: explicitly specify --with-included-unistring when needed + +Author: Nikos Mavrogiannopoulos +Date: Mon Nov 21 11:32:09 2016 +0100 + + hooks.m4: corrected typo + +Author: Nikos Mavrogiannopoulos +Date: Mon Nov 21 10:52:23 2016 +0100 + + .gitlab-ci.yml: ignore syntax-check issues caused by included unistring + +Author: Nikos Mavrogiannopoulos +Date: Mon Nov 21 10:11:32 2016 +0100 + + more files to ignore + +Author: Nikos Mavrogiannopoulos +Date: Mon Nov 21 09:38:38 2016 +0100 + + unconditionally include unistring code + + That simplifies internationalization support, at the cost of + including a version of libunistring, which is used on systems + which do not ship it. + +Author: Nikos Mavrogiannopoulos +Date: Mon Nov 21 09:20:36 2016 +0100 + + lib: added unistring sub-library + +Author: Nikos Mavrogiannopoulos +Date: Sun Nov 20 17:11:57 2016 +0100 + + updated auto-generated files for gnutls_utf8_password_normalize() + +Author: Nikos Mavrogiannopoulos +Date: Sun Nov 20 17:08:55 2016 +0100 + + tests: enhanced str-unicode with GNUTLS_UTF8_IGNORE_ERRS flag + + That is, enhanced to check the tolerable variant of gnutls_utf8_password_normalize() + +Author: Nikos Mavrogiannopoulos +Date: Wed Nov 9 18:26:21 2016 +0100 + + .gitlab-ci.yml: added build without libunistring + +Author: Nikos Mavrogiannopoulos +Date: Mon Nov 14 10:42:32 2016 +0100 + + doc: mention the RFC7613 normalization and the libunistring dependency + +Author: Nikos Mavrogiannopoulos +Date: Sun Nov 20 17:03:02 2016 +0100 + + tolerate non-valid UTF8 passwords when decrypting + +Author: Nikos Mavrogiannopoulos +Date: Wed Nov 9 14:42:26 2016 +0100 + + tests: addressed compiler warnings + +Author: Nikos Mavrogiannopoulos +Date: Wed Nov 9 14:40:19 2016 +0100 + + _gnutls_utf8_to_ucs2: normalize to NFC UTF16 output + +Author: Nikos Mavrogiannopoulos +Date: Wed Nov 9 14:31:24 2016 +0100 + + openssl_hash_password: normalize the password prior to use + +Author: Nikos Mavrogiannopoulos +Date: Wed Nov 9 12:55:22 2016 +0100 + + TPM: normalize the password prior to use + +Author: Nikos Mavrogiannopoulos +Date: Wed Nov 9 10:53:40 2016 +0100 + + _gnutls_calc_srp_sha: normalize the password prior to use + +Author: Nikos Mavrogiannopoulos +Date: Wed Nov 9 10:50:42 2016 +0100 + + gnutls_x509_crq_set_challenge_password: normalize the password prior to use + +Author: Nikos Mavrogiannopoulos +Date: Wed Nov 9 10:48:04 2016 +0100 + + PKCS#7/8: normalize the password according to rfc7613 + +Author: Nikos Mavrogiannopoulos +Date: Mon Nov 14 10:53:37 2016 +0100 + + gnutls.pc: use the LT version of the lib variables + +Author: Nikos Mavrogiannopoulos +Date: Tue Nov 8 15:24:26 2016 +0100 + + Use libunistring when present instead of iconv() + + That allows us to rely to a single provider for unicode + functionality. + +Author: Nikos Mavrogiannopoulos +Date: Tue Nov 8 15:24:00 2016 +0100 + + tests: added unit tests for gnutls_utf8_password_normalize() + +Author: Nikos Mavrogiannopoulos +Date: Tue Nov 8 13:00:16 2016 +0100 + + Added function for UTF-8 normalization based on RFC7613 + + This introduces gnutls_utf8_password_normalize() and a dependency on libunistring. + +Author: Nikos Mavrogiannopoulos +Date: Mon Nov 14 17:12:02 2016 +0100 + + tests: added test suite with PKCS#8 files that have invalid encryption + +Author: Nikos Mavrogiannopoulos +Date: Mon Nov 14 16:30:46 2016 +0100 + + PKCS#5,7 decryption: verify the correctness of padding + + That is, for block ciphers (i.e., cbc), verify that all the padding bytes + match the expected contents according to RFC2898. + + Relates #148 + +Author: Nikos Mavrogiannopoulos +Date: Mon Nov 14 15:17:26 2016 +0100 + + PKCS#5,7 decryption: added sanity check on padding size + + Relates #148 + +Author: Nikos Mavrogiannopoulos +Date: Mon Nov 14 15:01:18 2016 +0100 + + PKCS#5,7 decryption: fail without leak on unknown MAC + +Author: Nikos Mavrogiannopoulos +Date: Mon Nov 14 14:54:00 2016 +0100 + + PKCS#5,7 decryption: fail early on invalid block sizes + +Author: Nikos Mavrogiannopoulos +Date: Mon Nov 14 14:47:13 2016 +0100 + + PKCS#5,7 decryption: enforce limits in the support parameter sizes + + This allows to detect invalid parameters early rather than later. + Relates #148 + +Author: Nikos Mavrogiannopoulos +Date: Mon Nov 14 14:03:58 2016 +0100 + + updated auto-generated files for new functions + +Author: Nikos Mavrogiannopoulos +Date: Mon Nov 14 10:03:29 2016 +0100 + + pkcs7 output: use the new functions for DN output + +Author: Nikos Mavrogiannopoulos +Date: Mon Nov 14 09:52:16 2016 +0100 + + tests: account for the strict RFC4514 compliance reversal + + Test the new functions only for the strict RFC4514 compliance to + output strings, and test the old functions for the legacy format. + +Author: Nikos Mavrogiannopoulos +Date: Fri Nov 11 19:05:27 2016 +0100 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Fri Nov 11 18:52:03 2016 +0100 + + x509 output: use the new functions for DN output + +Author: Nikos Mavrogiannopoulos +Date: Fri Nov 11 18:31:37 2016 +0100 + + cleanups in _gnutls_buffer_to_datum() + +Author: Nikos Mavrogiannopoulos +Date: Fri Nov 11 18:42:59 2016 +0100 + + certtool: use the new APIs for DN extraction + +Author: Nikos Mavrogiannopoulos +Date: Mon Nov 14 13:31:34 2016 +0100 + + _gnutls_x509_get_dn: when no data ensure we return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE + + This aligns with the previous (prior to RFC4514 improvements) behavior of the function. + +Author: Nikos Mavrogiannopoulos +Date: Fri Nov 11 16:20:01 2016 +0100 + + Introduced new functions to allow multiple DN parsing modes + + The old DN parsing functions are changed to return the original + non-fully compliant with RFC4514 string format, while the new + ones return the compliant string by default. This allows applications + which relied on the previous format to continue functioning without + changes. + +Author: Nikos Mavrogiannopoulos +Date: Wed Nov 9 17:19:48 2016 +0100 + + .gitlab-ci.yml: include root dir log files in all builds + +Author: Nikos Mavrogiannopoulos +Date: Mon Nov 14 11:06:26 2016 +0100 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Mon Nov 14 12:57:53 2016 +0100 + + gl: removed invalid module name + +Author: Nikos Mavrogiannopoulos +Date: Sun Nov 13 17:08:35 2016 +0100 + + tools: added explicit socket flag to skip TLS initialization + + This allows proper error recovery when SOCKET_FLAG_RAW is specified + and initialize_session() fails. + +Author: Nikos Mavrogiannopoulos +Date: Sun Nov 13 16:41:43 2016 +0100 + + gnutls-cli-debug: terminate sessions which cannot be re-used + +Author: Nikos Mavrogiannopoulos +Date: Sun Nov 13 16:15:42 2016 +0100 + + sockets: only use gnutls_bye on a valid socket session + +Author: Nikos Mavrogiannopoulos +Date: Thu Nov 10 06:39:32 2016 +0100 + + p11tool: --initialize will no longer reset user PIN + + That is because it only resetted the user PIN and not the admin PIN, + while at the same time it had problems to cope with the case where + the URL changed between token initialization and PIN setting (which + is the case if --label is provided to --initialize). + +Author: Nikos Mavrogiannopoulos +Date: Thu Nov 10 06:34:50 2016 +0100 + + p11tool: added options to initialize a user and admin's PIN + +Author: Nikos Mavrogiannopoulos +Date: Fri Nov 11 09:01:39 2016 +0100 + + gnutls_store_pubkey: document the default hosts format + +Author: Nikos Mavrogiannopoulos +Date: Mon Nov 7 09:17:22 2016 +0100 + + _wrap_nettle_pk_verify: use FAIL_IF_LIB_ERROR prior to returning success + + This will prevent verification to succeed if the system is in + error state. + +Author: Nikos Mavrogiannopoulos +Date: Mon Nov 7 09:11:24 2016 +0100 + + fips140-2: moved PCT-test in wrap_nettle_generate_keys + + This allows it to run in any potential scenario, i.e., any + call of _gnutls_pk_generate_keys(). + +Author: Nikos Mavrogiannopoulos +Date: Sat Nov 5 19:18:08 2016 +0100 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Sun Nov 6 10:03:35 2016 +0100 + + .gitlab-ci.yml: use included libtasn1 in CI systems which do not have 4.9 + +Author: Nikos Mavrogiannopoulos +Date: Sat Sep 3 10:31:27 2016 +0200 + + bumped the version of the minimum required libtasn1 + + We now require the latest version that supports OIDs + with elements that are longer than 32-bits. + +Author: Nikos Mavrogiannopoulos +Date: Mon Jul 11 11:16:12 2016 +0200 + + tests: added check for the decoding of certificates with long OIDs + + That is, OIDs which have an element which exceeds 2^32. + +Author: Nikos Mavrogiannopoulos +Date: Fri Nov 4 10:42:58 2016 +0100 + + symbol-check: do not compare against symbols not exported by us + +Author: Nikos Mavrogiannopoulos +Date: Fri Nov 4 09:49:41 2016 +0100 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Fri Nov 4 09:34:55 2016 +0100 + + tests: updated known ciphersuites test for CHACHA20-POLY1305 in the SECURE set + +Author: Nikos Mavrogiannopoulos +Date: Fri Nov 4 09:10:18 2016 +0100 + + priorities: added CHACHA20-POLY1305 to SECURE set + +Author: Nikos Mavrogiannopoulos +Date: Fri Nov 4 08:15:24 2016 +0100 + + released 3.5.6 + +Author: Nikos Mavrogiannopoulos +Date: Fri Nov 4 07:58:48 2016 +0100 + + bumped versions + +Author: Nikos Mavrogiannopoulos +Date: Fri Nov 4 07:56:33 2016 +0100 + + symbols.last: updated auto-generated file + +Author: Nikos Mavrogiannopoulos +Date: Wed Oct 19 10:27:26 2016 +0200 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Mon Oct 31 10:18:09 2016 +0100 + + tests: added test to ensure that gnutls_rnd() is not called during initialization + +Author: Nikos Mavrogiannopoulos +Date: Mon Oct 24 08:30:06 2016 +0200 + + doc: explicitly state that rng self_test mustn't require rng initialization + +Author: Nikos Mavrogiannopoulos +Date: Mon Oct 17 14:10:08 2016 +0200 + + deprecated _gnutls_rnd() in favor of exported gnutls_rnd() + +Author: Nikos Mavrogiannopoulos +Date: Fri Oct 14 14:16:51 2016 +0200 + + rng: split initialization in preinit and init + + This makes gnutls to initialize its random generator on the + first call to gnutls_rnd(). That prevents blocking due to + getrandom() on a constructor; that change allows to use gnutls-linked + applications even in early boot in systems where getrandom() blocks + waiting for entropy. + +Author: Nikos Mavrogiannopoulos +Date: Mon Oct 31 11:40:12 2016 +0100 + + _gnutls_rnd_check: call _rnd_system_entropy_check directly + +Author: Nikos Mavrogiannopoulos +Date: Wed Nov 2 18:07:13 2016 +0100 + + x509: removed unused IDNA file + +Author: Nikos Mavrogiannopoulos +Date: Wed Nov 2 13:24:59 2016 +0100 + + doc update [ci skip] + +Author: Nikos Mavrogiannopoulos +Date: Wed Nov 2 08:29:25 2016 +0100 + + handshake: log advertized version + +Author: Nikos Mavrogiannopoulos +Date: Wed Nov 2 08:13:38 2016 +0100 + + algorithms.h: removed exported prototype from internal header + +Author: Nikos Mavrogiannopoulos +Date: Tue Nov 1 18:39:38 2016 +0100 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Mon Oct 31 17:23:16 2016 +0100 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Mon Oct 31 16:59:20 2016 +0100 + + tests: added decoding of multi-value DN + +Author: Nikos Mavrogiannopoulos +Date: Mon Oct 31 14:21:37 2016 +0100 + + x509_dn: forbid non-supported escaped chars on DN encoding + +Author: Nikos Mavrogiannopoulos +Date: Mon Oct 31 14:07:13 2016 +0100 + + tests: enhanced RFC4514 with arbitrary escaped strings + +Author: Nikos Mavrogiannopoulos +Date: Mon Oct 31 14:07:27 2016 +0100 + + x509_dn: allow arbitrary escaped strings + + In addition fail encoding on unescaped '+'. We do not support it + for DN encoding. + +Author: Nikos Mavrogiannopoulos +Date: Fri Oct 21 14:46:49 2016 +0200 + + tests: modified to account for backwards-encoded DN (according to RFC4514) + +Author: Nikos Mavrogiannopoulos +Date: Mon Oct 31 13:18:17 2016 +0100 + + tests: removed old README file + + The description in the file had no relevance to the existing tests. + +Author: Nikos Mavrogiannopoulos +Date: Mon Oct 31 13:00:14 2016 +0100 + + gnutls_x509_crt_set_*dn, gnutls_x509_dn_set_str: honor the reverse property of RFC4514 + + When converting an RFC4514 string to a DN ensure that the elements + are encoded in reverse order, as required by the RFC. + + Resolves #111 + +Author: Nikos Mavrogiannopoulos +Date: Tue Jul 19 15:35:44 2016 +0200 + + Encode string DNs backwards according to RFC4514 + + This makes the output string from functions such as gnutls_x509_crt_get*dn() + to comply with RFC4514 requirements in DN element order. + + Relates #111 + +Author: Nikos Mavrogiannopoulos +Date: Mon Oct 31 14:41:10 2016 +0100 + + Updated issue templates [ci skip] + +Author: Nikos Mavrogiannopoulos +Date: Mon Oct 31 14:35:22 2016 +0100 + + Added issue templates [ci skip] + +Author: Nikos Mavrogiannopoulos +Date: Sat Oct 29 23:45:18 2016 +0200 + + doc update [ci skip] + +Author: Nikos Mavrogiannopoulos +Date: Sat Oct 29 23:31:00 2016 +0200 + + nettle: renamed system random generator-related files for clarity + +Author: Nikos Mavrogiannopoulos +Date: Mon Oct 17 14:34:10 2016 +0200 + + tests: introduced checks for gnutls_rnd() in multi-threaded scenario + +Author: Nikos Mavrogiannopoulos +Date: Mon Oct 17 14:33:53 2016 +0200 + + tests: introduced sanity checks in rng-fork + +Author: Nikos Mavrogiannopoulos +Date: Mon Oct 24 08:30:29 2016 +0200 + + drbg-aes-self-test: corrected free call + +Author: Nikos Mavrogiannopoulos +Date: Thu Oct 27 21:04:49 2016 +0200 + + tests: check for gnutls 3.3.x compatibility + + That is, check whether the status request extension is not sent + by the server, if the server does not hold a status response. We + require that behavior to be backwards compatible with gnutls 3.3.x. + +Author: Nikos Mavrogiannopoulos +Date: Wed Oct 26 17:51:11 2016 +0200 + + Reverted the behavior of sending a status request extension even without a response + + That is, we no longer reply to a client's hello with a status request, with + a status request extension. Although that behavior which was introduced + in 6b76e0c899b1ff08df9bd9b41588f771f050be89 is legal, it creates incompatibility + issues with gnutls 3.3.x branch. That is because versions prior 3.3.26 + translates the presence of the extension as a guarrantee that the status + response data will be sent. Even though, that is false assumption we + replicate the previous behavior to allow such clients to connect to + a gnutls 3.5.x server. + + Relates !66 + +Author: Dmitry Eremin-Solenikov +Date: Thu Oct 27 18:42:38 2016 +0300 + + tests: do not enable testpkcs11.sh twice + + Signed-off-by: Dmitry Eremin-Solenikov + +Author: Dmitry Eremin-Solenikov +Date: Sat Oct 22 14:24:16 2016 +0300 + + starttls: search for chat in sbin if it is not present in PATH + + Signed-off-by: Dmitry Eremin-Solenikov + +Author: Dmitry Eremin-Solenikov +Date: Fri Oct 21 04:17:36 2016 +0300 + + Fix autoconf warnings in libopts.m4 + + Without this patch Autoconf will spam console with the following kind of + messages: + + configure.ac:650: warning: AC_LANG_CONFTEST: no AC_LANG_SOURCE call detected in body + ../../lib/autoconf/lang.m4:193: AC_LANG_CONFTEST is expanded from... + ../../lib/autoconf/general.m4:2740: _AC_RUN_IFELSE is expanded from... + ../../lib/m4sugar/m4sh.m4:639: AS_IF is expanded from... + ../../lib/autoconf/general.m4:2759: AC_RUN_IFELSE is expanded from... + ../../lib/m4sugar/m4sh.m4:639: AS_IF is expanded from... + ../../lib/autoconf/general.m4:2042: AC_CACHE_VAL is expanded from... + src/libopts/m4/libopts.m4:386: LIBOPTS_RUN_FOPEN_TEXT is expanded from... + src/libopts/m4/libopts.m4:425: INVOKE_LIBOPTS_MACROS is expanded from... + src/libopts/m4/libopts.m4:560: AM_COND_IF is expanded from... + src/libopts/m4/libopts.m4:581: LIBOPTS_CHECK is expanded from... + configure.ac:650: the top level + + Signed-off-by: Dmitry Eremin-Solenikov + +Author: Dmitry Eremin-Solenikov +Date: Sat Oct 22 02:18:40 2016 +0300 + + cfg.mk: fix m4 files removal + + Signed-off-by: Dmitry Eremin-Solenikov + +Author: Nikos Mavrogiannopoulos +Date: Fri Oct 21 17:45:03 2016 +0200 + + tests: better check for gnutls_ecc_curve_get result + +Author: Nikos Mavrogiannopoulos +Date: Fri Oct 21 17:30:43 2016 +0200 + + Terminate handshake if only unknown or disabled signatures are advertized by the peer + + That is, do not attempt to proceed assuming that the peer supports SHA-1. + +Author: Dmitry Eremin-Solenikov +Date: Sat Oct 22 03:28:14 2016 +0300 + + Fix compilation of tests if nettle is not installed in standard path + + Signed-off-by: Dmitry Eremin-Solenikov + +Author: Nikos Mavrogiannopoulos +Date: Tue Oct 25 08:03:32 2016 +0200 + + gnutls-cli-debug: corrected TLS1.2 detection + +Author: Nikos Mavrogiannopoulos +Date: Mon Oct 24 08:33:42 2016 +0200 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Sat Oct 22 09:41:45 2016 +0200 + + modified the gnutls_certificate_set_key* change + + While the change was fully backwards compatible for applications that were + adding a single certificate, and applications that were checking for negative + errors codes, many applications do not. As this may cause incompatibility issues + with software properly utilizing the previously documented API, the change + is reverted, and applications need to explicitly enable a flag (GNUTLS_CERTIFICATE_API_V2) + in the credentials structure for the set_key functions to return an index. + +Author: Nikos Mavrogiannopoulos +Date: Wed Oct 19 23:06:59 2016 +0200 + + tests: removed nohats.ca from testdane + + The host seems to be unreliable. + +Author: Nikos Mavrogiannopoulos +Date: Fri Oct 21 16:43:47 2016 +0200 + + .travis.yml: use as many jobs as CPUs in OSX + +Author: Nikos Mavrogiannopoulos +Date: Fri Oct 21 16:14:32 2016 +0200 + + .travis.yml: do not run the public submodule checks of maint.mk + + These seem to be problematic to detect modification and are preventing + the CI from operating. + +Author: Nikos Mavrogiannopoulos +Date: Fri Oct 21 13:16:50 2016 +0200 + + .travis.yml: simplified the submodule checkout + + The default submodule initialization in travis caused the MacOSX builds to fail. + +Author: Nikos Mavrogiannopoulos +Date: Fri Oct 21 13:15:19 2016 +0200 + + Added casts to prevent compiler warnings + +Author: Nikos Mavrogiannopoulos +Date: Fri Oct 21 13:14:57 2016 +0200 + + corrected typo + +Author: Nikos Mavrogiannopoulos +Date: Fri Oct 21 12:10:56 2016 +0200 + + README.md: corrected link to travius build + +Author: Nikos Mavrogiannopoulos +Date: Thu Oct 20 15:58:38 2016 +0200 + + .travis.yml: added support for compiling in macosx + +Author: Nikos Mavrogiannopoulos +Date: Fri Oct 21 11:02:30 2016 +0200 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Fri Oct 21 11:01:43 2016 +0200 + + tests: added checks for the new GNUTLS_NO_TICKETS flag + +Author: Nikos Mavrogiannopoulos +Date: Fri Oct 21 10:26:13 2016 +0200 + + gnutls_init: added GNUTLS_NO_TICKETS flags + + These flags allow the callers to disable the automatically enabled + session tickets. This could be done only with GNUTLS_NO_EXTENSIONS + which also disabled other useful extensions. + +Author: Nikos Mavrogiannopoulos +Date: Thu Oct 20 09:26:10 2016 +0200 + + tests: added pkcs11-privkey-export + + This checks whether the public parts of RSA private and public keys + can be properly extracted from a PKCS#11 module. + +Author: Jakub Jelen +Date: Wed Oct 19 13:41:55 2016 +0200 + + Expose CKA_PUBLIC_EXPONENT and CKA_MODULUS for private keys too + +Author: Jakub Jelen +Date: Wed Oct 19 09:17:52 2016 +0200 + + tests/pkcs11: Return also CKA_CLASS + +Author: Jakub Jelen +Date: Tue Oct 18 15:28:39 2016 +0200 + + tests/pkcs11: Expose SUBJECT for certificates, PUBLIC_EXPONENT and MODULUS for public keys to widen compatibility + +Author: Nikos Mavrogiannopoulos +Date: Tue Oct 18 15:42:52 2016 +0200 + + doc update [ci skip] + +Author: Nikos Mavrogiannopoulos +Date: Tue Oct 18 13:45:34 2016 +0200 + + updated auto-generated files + +Author: Nikos Mavrogiannopoulos +Date: Tue Oct 18 09:24:02 2016 +0200 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Tue Oct 18 10:13:56 2016 +0200 + + certtool: allow setting key purposes for non-CA certificates + + That is, allow setting code signing, or time stamping key purpose + in certificates that are not marked as CA. The previous restriction + served no purpose. + +Author: Nikos Mavrogiannopoulos +Date: Tue Oct 18 10:01:49 2016 +0200 + + certtool: introduce key purpose checks in p7 direct verification + +Author: Nikos Mavrogiannopoulos +Date: Tue Oct 18 09:22:59 2016 +0200 + + x509: introduced gnutls_x509_crt_check_key_purpose() + +Author: Nikos Mavrogiannopoulos +Date: Mon Oct 17 15:07:03 2016 +0200 + + gnutls_x509_crt_verify_data2: introduce constraints checks on the provided certificate + + That is check the provided certificate for validity in time and key usage. + +Author: Nikos Mavrogiannopoulos +Date: Tue Oct 18 10:02:29 2016 +0200 + + tests: introduced verification constraints checks for PKCS#7 structures + + That is, key purpose checks and more elaborate time checks. + +Author: Nikos Mavrogiannopoulos +Date: Mon Oct 17 12:00:41 2016 +0200 + + gnutls-serv: use the included known DH parameters by default + +Author: Nikos Mavrogiannopoulos +Date: Mon Oct 17 11:54:51 2016 +0200 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Fri Oct 14 12:02:31 2016 +0200 + + certtool: manpage update + +Author: Nikos Mavrogiannopoulos +Date: Wed Oct 12 08:34:13 2016 +0200 + + getfuncs-map.pl: ignore the ffdhe exported parameters + + That is ignore the new variables exported which are not functions, and + thus cannot be detected by getfuncs-map.pl. + +Author: Nikos Mavrogiannopoulos +Date: Tue Oct 11 19:26:44 2016 +0200 + + updated auto-generated files + +Author: Nikos Mavrogiannopoulos +Date: Tue Oct 11 20:10:37 2016 +0200 + + tests: crl-test: use a unique temp file + +Author: Nikos Mavrogiannopoulos +Date: Tue Oct 11 20:01:27 2016 +0200 + + tests: added sanity check for included primes + +Author: Nikos Mavrogiannopoulos +Date: Tue Oct 11 19:36:26 2016 +0200 + + doc: discuss the set_known_dh_params and use it in the examples + +Author: Nikos Mavrogiannopoulos +Date: Tue Oct 11 19:25:52 2016 +0200 + + tests: check gnutls_psk_set_server_known_dh_params + +Author: Nikos Mavrogiannopoulos +Date: Tue Oct 11 19:22:25 2016 +0200 + + tests: check gnutls_anon_set_server_known_dh_params + +Author: Nikos Mavrogiannopoulos +Date: Tue Oct 11 19:12:16 2016 +0200 + + tests: check gnutls_certificate_set_known_dh_params + +Author: Nikos Mavrogiannopoulos +Date: Tue Oct 11 16:42:28 2016 +0200 + + DH: introduced gnutls_*_set_known_dh_params() + + That is, the functions gnutls_certificate_set_known_dh_params(), + gnutls_anon_set_server_known_dh_params(), + gnutls_psk_set_server_known_dh_params(). + These functions allow to statically set the DH parameters, based + on the RFC7919 FFDHE parameters. This can simplify server configuration + by allowing DH without loading parameters from file. + + Relates #37 + +Author: Nikos Mavrogiannopoulos +Date: Tue Oct 11 16:18:22 2016 +0200 + + certtool: --get-dh-params will output the FFDHE primes instead of the SRP primes + +Author: Nikos Mavrogiannopoulos +Date: Tue Oct 11 16:05:57 2016 +0200 + + DH: export the FFDHE Diffie-Hellman values + +Author: Nikos Mavrogiannopoulos +Date: Fri Oct 14 16:13:29 2016 +0200 + + .gitlab-ci.yml: use fedora's mingw-cmocka packages + +Author: Nikos Mavrogiannopoulos +Date: Fri Oct 14 16:12:44 2016 +0200 + + more files to ignore + +Author: Nikos Mavrogiannopoulos +Date: Fri Oct 14 15:04:41 2016 +0200 + + tests: added check for PKCS#7 catalog file parsing and data extracting + +Author: Nikos Mavrogiannopoulos +Date: Fri Oct 14 15:46:05 2016 +0200 + + tests: updated pkcs7 text outputs to account for certtool update + +Author: Nikos Mavrogiannopoulos +Date: Fri Oct 14 14:55:57 2016 +0200 + + certtool: --p7-info will include the PKCS#7 encoded data in PEM format + +Author: Nikos Mavrogiannopoulos +Date: Fri Oct 14 14:50:25 2016 +0200 + + tests: replaced large test2.cat with a smaller file + +Author: Nikos Mavrogiannopoulos +Date: Fri Oct 14 13:13:26 2016 +0200 + + certtool: improve text on missing options for cert generation + +Author: Nikos Mavrogiannopoulos +Date: Fri Oct 14 12:57:31 2016 +0200 + + Revert "certtool: improve text on missing options for cert generation" + + This reverts commit 7daed1fd0602bce7495d252f1a9b638fc41e38d3. + +Author: Nikos Mavrogiannopoulos +Date: Fri Oct 14 10:22:07 2016 +0200 + + handshake: set a maximum number of warning messages that can be received per handshake + + That is to avoid DoS due to the assymetry of cost of sending an alert vs the cost + of processing. + +Author: Nikos Mavrogiannopoulos +Date: Fri Oct 14 10:08:35 2016 +0200 + + record: disallow parsing of alert messages prior to session start + +Author: Nikos Mavrogiannopoulos +Date: Fri Oct 14 10:07:58 2016 +0200 + + tests: added check to verify that the server will bail out after receiving only alerts + +Author: Nikos Mavrogiannopoulos +Date: Fri Oct 14 09:59:22 2016 +0200 + + tests: added check to verify that the server will bail out after many alerts + +Author: Nikos Mavrogiannopoulos +Date: Thu Oct 13 17:01:16 2016 +0200 + + certtool: improve text on missing options for cert generation + +Author: Nikos Mavrogiannopoulos +Date: Thu Oct 13 16:55:00 2016 +0200 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Thu Oct 13 16:51:19 2016 +0200 + + tools: removed redudant messages on PIN re-use + +Author: Nikos Mavrogiannopoulos +Date: Thu Oct 13 16:48:52 2016 +0200 + + p11tool: avoid asking the security officer PIN twice on initialization + +Author: Nikos Mavrogiannopoulos +Date: Thu Oct 13 16:41:04 2016 +0200 + + p11tool: improved messages on token initialization + +Author: Nikos Mavrogiannopoulos +Date: Thu Oct 13 16:37:45 2016 +0200 + + p11tool: corrected check of PIN existance in token initialization + +Author: Nikos Mavrogiannopoulos +Date: Thu Oct 13 13:10:52 2016 +0200 + + doc: set a default handshake timeout on example server + +Author: Nikos Mavrogiannopoulos +Date: Thu Oct 13 13:09:35 2016 +0200 + + serv: set a timeout value in handshake + +Author: Nikos Mavrogiannopoulos +Date: Thu Oct 13 08:56:45 2016 +0200 + + tests: added check for Encrypt-then-MAC under DTLS + +Author: Nikos Mavrogiannopoulos +Date: Thu Oct 13 08:54:52 2016 +0200 + + tests: cleanups in tls-etm.c + +Author: Nikos Mavrogiannopoulos +Date: Wed Oct 12 13:36:01 2016 +0200 + + gnutls_pkcs7_get_embedded_data: added GNUTLS_PKCS7_EDATA_GET_RAW flag + + This flag allows the export of the stored embedded data with any wrapping + encoding included. This in particular, it allows to read the data from the + microsoft catalog PKCS#7 structures, which store as embedded data elements + of a SEQUENCE, but only authenticate the inner parts without the bytes + forming the SEQUENCE header. + +Author: Nikos Mavrogiannopoulos +Date: Tue Oct 11 21:33:24 2016 +0200 + + configure: automatically disable non-suiteb curves + + That is, if the installed nettle doesn't provide the + nettle_secp_192r1 symbol. + +Author: Nikos Mavrogiannopoulos +Date: Sun Oct 9 20:41:18 2016 +0200 + + doc update + +Author: Colin Walters +Date: Tue Oct 11 11:28:39 2016 -0400 + + priorities: Do read crypto policy files with mtime of zero + + In a default Fedora Atomic Host installation, + `/etc/crypto-policies/backends/gnutls.config` is a symlink to the + default in `/usr/share/`. On an OSTree-managed system, files in + `/usr` have an mtime of zero (to help deduplication). + + The simple fix here is to still try to read the first time, even if + the file has an mtime of zero. + +Author: Nikos Mavrogiannopoulos +Date: Tue Oct 11 14:11:27 2016 +0200 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Tue Oct 11 13:55:56 2016 +0200 + + certtool: corrected use of gnutls_pkcs7_get_embedded_data() + +Author: Nikos Mavrogiannopoulos +Date: Tue Oct 11 13:06:48 2016 +0200 + + pkix.asn: simplified ASN.1 description by eliminating pkcs-7-ContentType + +Author: Nikos Mavrogiannopoulos +Date: Tue Oct 11 13:03:45 2016 +0200 + + updated auto-generated files + +Author: Nikos Mavrogiannopoulos +Date: Tue Oct 11 11:30:28 2016 +0200 + + certtool: print the enacapsulated content OID on verification + +Author: Nikos Mavrogiannopoulos +Date: Fri Oct 7 15:25:31 2016 +0200 + + tests: added checks for the decoding of various PKCS#7 structures + +Author: Nikos Mavrogiannopoulos +Date: Fri Oct 7 15:19:16 2016 +0200 + + pkcs7: print the eContent type in output functions if it does not match the defaults + +Author: Nikos Mavrogiannopoulos +Date: Fri Oct 7 12:06:37 2016 +0200 + + pkcs7: allow unknown and legacy signature data OIDs to be imported + + This allows to decode very old PKCS#7 structures where the content is not + an octet string. In addition, it introduces gnutls_pkcs7_get_embedded_data_oid() + to obtain the OID of the signature data. + +Author: Nikos Mavrogiannopoulos +Date: Fri Oct 7 19:07:41 2016 +0200 + + certtool: --p7-info can be combined with --p7-show-data to display embedded data + +Author: Nikos Mavrogiannopoulos +Date: Mon Oct 10 09:48:05 2016 +0200 + + lib: link with LTLIBDL instead of LIBDL + + It fixes compilation issues on some systems. + +Author: Nikos Mavrogiannopoulos +Date: Sun Oct 9 20:01:06 2016 +0200 + + released 3.5.5 + +Author: Nikos Mavrogiannopoulos +Date: Sun Oct 9 19:27:39 2016 +0200 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Sun Oct 9 19:04:30 2016 +0200 + + doc: mention gnutls_session_ext_register and its supplemental data equivalent + +Author: Nikos Mavrogiannopoulos +Date: Sun Oct 9 18:56:52 2016 +0200 + + bumped version + +Author: Nikos Mavrogiannopoulos +Date: Sun Oct 9 14:21:09 2016 +0200 + + TLS extensions: only cache the extension IDs from exts that the server supports + + That avoids imposing any artificial limits on the number of extensions that + a server can handle. + + Resolves #136 + +Author: Nikos Mavrogiannopoulos +Date: Sun Oct 9 14:05:07 2016 +0200 + + tests: check the registration of multiple extensions + +Author: Nikos Mavrogiannopoulos +Date: Sat Oct 8 07:24:02 2016 +0200 + + doc: added gnutls_datum_t and giovec_t to indexes + + Resolves #137 + +Author: Nikos Mavrogiannopoulos +Date: Fri Oct 7 15:24:25 2016 +0200 + + pkcs7: removed any limits in hex encoding of attributes + +Author: Nikos Mavrogiannopoulos +Date: Fri Oct 7 16:10:19 2016 +0200 + + certtool: lift any limits in print_raw() + +Author: Nikos Mavrogiannopoulos +Date: Fri Oct 7 14:17:52 2016 +0200 + + certtool: added safety net when generating a certificate request + + That is, do not allow specifying --generate-request --load-pubkey without + specifying --load-privkey. Previously if --load-pubkey would have been + used, it would have been ignored, causing confusion to the users. + +Author: Nikos Mavrogiannopoulos +Date: Thu Oct 6 08:50:39 2016 +0200 + + doc update [ci skip] + +Author: Nikos Mavrogiannopoulos +Date: Wed Oct 5 20:10:46 2016 +0200 + + Makefile.am: improved the files-update output + +Author: Nikos Mavrogiannopoulos +Date: Wed Oct 5 20:09:21 2016 +0200 + + updated auto-generated files + +Author: Nikos Mavrogiannopoulos +Date: Wed Oct 5 13:51:05 2016 +0200 + + _gnutls_utf8_to_ucs2: force NFC normalization form in windows + +Author: Nikos Mavrogiannopoulos +Date: Wed Oct 5 11:04:54 2016 +0200 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Wed Oct 5 11:41:23 2016 +0200 + + tests: added checks for gnutls_session_supplemental_register + +Author: Nikos Mavrogiannopoulos +Date: Wed Oct 5 11:33:55 2016 +0200 + + Added session-specific supplemental data handling + + This allows a caller to add supplemental data handling which will + only be made available for a specific session. + +Author: Nikos Mavrogiannopoulos +Date: Wed Oct 5 10:43:29 2016 +0200 + + tests: added checks for gnutls_session_ext_register + +Author: Nikos Mavrogiannopoulos +Date: Fri Sep 30 18:53:09 2016 +0200 + + Added session-specific TLS extensions + + This allows a caller to add extensions which will be made available + for a specific session. + +Author: Ludovic Courtès +Date: Wed Oct 5 14:30:33 2016 +0200 + + guile: Implement session record ports using the Guile 2.2 API. + + This allows the Guile bindings to be built and used with + Guile >= 2.1.4, which introduced a new port API. + + * guile/src/core.c (USING_GUILE_BEFORE_2_2): New macro. + (session_record_port_type) [!USING_GUILE_BEFORE_2_2]: New definition. + (read_from_session_record_port, write_to_session_record_port) + (make_session_record_port) [!USING_GUILE_BEFORE_2_2]: New functions. + Conditionalize the other same-named functions on + USING_GUILE_BEFORE_2_2. + (scm_init_gnutls_session_record_port_type): Use + 'read_from_session_record_port' when !USING_GUILE_BEFORE_2_2. + +Author: Ludovic Courtès +Date: Wed Oct 5 14:30:32 2016 +0200 + + guile: Test 'set-session-transport-fd!'. + + * guile/tests/session-record-port.scm: Use 'set-session-transport-fd!' + on the server side. + +Author: Ludovic Courtès +Date: Wed Oct 5 14:30:31 2016 +0200 + + guile: Guile 2.x 'uniform-vector-read!' replacement returns 0 upon EOF. + + This problem was never hit in practice because our tests always got the + non-EOF case. + + * guile/modules/gnutls/build/tests.scm (uniform-vector-read!) [guile-2]: + Return 0 upon EOF. + +Author: Nikos Mavrogiannopoulos +Date: Wed Oct 5 10:01:20 2016 +0200 + + win32: install the .def files in libdir instead of bindir + + Suggested by Eli Zaretskii. + +Author: Nikos Mavrogiannopoulos +Date: Wed Oct 5 08:48:57 2016 +0200 + + certtool: include arpa/inet.h unconditionally + + That is because we use inet_pton() which is either provided by the + OS, or by gnulib. + +Author: Nikos Mavrogiannopoulos +Date: Wed Oct 5 08:46:08 2016 +0200 + + gnutls-cli: fix compilation warning in win32 + +Author: Nikos Mavrogiannopoulos +Date: Wed Oct 5 08:44:05 2016 +0200 + + Fixed the version in libgnutls-openssl.def file + + Previously the version set in that file would have + been (incorrectly) equal to the version of the main library. + +Author: Nikos Mavrogiannopoulos +Date: Wed Oct 5 08:34:51 2016 +0200 + + tests: avoid using %zd for formatted output + + It is not supported by windows. + +Author: Nikos Mavrogiannopoulos +Date: Tue Oct 4 16:20:44 2016 +0200 + + tests: skip tests which depend on libidn functionality if build without libidn + +Author: Nikos Mavrogiannopoulos +Date: Tue Oct 4 15:55:08 2016 +0200 + + tests: fixed compilation of pkcs11-privkey-always-auth + +Author: Nikos Mavrogiannopoulos +Date: Tue Oct 4 15:10:22 2016 +0200 + + Fix build of system/keys-win.c with older mingw + + Patch by Eli Zaretskii + +Author: Nikos Mavrogiannopoulos +Date: Mon Oct 3 14:48:49 2016 +0200 + + tests: introduced further parallelization in provable* tests + + This runs independent verification steps in parallel, improving running time significantly. + +Author: Nikos Mavrogiannopoulos +Date: Mon Oct 3 14:40:06 2016 +0200 + + tests: provable-dh-default check is too slow and is only run when the complete suite is requested + +Author: Nikos Mavrogiannopoulos +Date: Mon Oct 3 14:25:06 2016 +0200 + + tests: split provable-privkey into multiple checks + + This allows the tests to be run in parallel. + +Author: Nikos Mavrogiannopoulos +Date: Mon Oct 3 14:17:52 2016 +0200 + + tests: provable-dh was split into two programs + + This allows the test to be run more efficiently when run + in parallel. + +Author: Nikos Mavrogiannopoulos +Date: Fri Sep 30 16:48:54 2016 +0200 + + .gitlab-ci.yml: do not run the full test suite on valgrind test + + This allows the CI test to run on reasonable time. + +Author: Nikos Mavrogiannopoulos +Date: Fri Sep 30 14:16:01 2016 +0200 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Mon Sep 26 13:00:36 2016 +0200 + + more files to ignore + +Author: Nikos Mavrogiannopoulos +Date: Fri Sep 30 13:08:53 2016 +0200 + + devel/openssl: updated to 1.1.0 release + +Author: Nikos Mavrogiannopoulos +Date: Thu Sep 29 15:41:23 2016 +0200 + + aarch64: added optimized AES-CCM mode + +Author: Nikos Mavrogiannopoulos +Date: Tue Sep 27 21:43:05 2016 +0200 + + Imported Andy Polyakov's implementation of AES-GCM in aarch64 + +Author: Nikos Mavrogiannopoulos +Date: Mon Sep 26 11:55:37 2016 +0200 + + Imported Andy Polyakov's implementation of AES in aarch64 + +Author: Nikos Mavrogiannopoulos +Date: Thu Sep 29 13:36:55 2016 +0200 + + Added HMAC-SHA* optimizations for aarch64 + +Author: Nikos Mavrogiannopoulos +Date: Fri Sep 23 14:55:37 2016 +0200 + + Imported Andy Polyakov's implementations for SHA* in aarch64 + +Author: Nikos Mavrogiannopoulos +Date: Mon Oct 3 12:53:43 2016 +0200 + + fix zero-termination in _gnutls_server_name_set_raw() for large server names + +Author: Nikos Mavrogiannopoulos +Date: Mon Oct 3 12:56:07 2016 +0200 + + _gnutls_check_id_for_change: added check for NULL username + + This is not required, but may prevent from issues if code-reorganizations + which may set a NULL username, occur. + +Author: Nikos Mavrogiannopoulos +Date: Mon Oct 3 12:58:17 2016 +0200 + + gnutls_*_crt_print: better error checking + +Author: Nikos Mavrogiannopoulos +Date: Mon Oct 3 10:29:29 2016 +0200 + + tests: added test for CKA_ALWAYS_AUTHENTICATE handling in PKCS#11 + + This checks whether GnuTLS properly calls login prior to any sign + operations when the object is marked as CKA_ALWAYS_AUTHENTICATE. + +Author: Nikos Mavrogiannopoulos +Date: Mon Oct 3 11:11:55 2016 +0200 + + pkcs11: improved debugging output in pkcs11_login + +Author: Nikos Mavrogiannopoulos +Date: Mon Oct 3 10:22:44 2016 +0200 + + name constraints: removed unused variable + +Author: Nikos Mavrogiannopoulos +Date: Fri Sep 30 13:25:41 2016 +0200 + + tools: clarify errors when reading files + + Previously certtool and ocsptool would report: + ``` + $ certtool --generate-request --load-privkey=foo --outfile=bar + Generating a PKCS #10 certificate request... + reading --load-privkey: foo + ``` + + And that doesn't make apparent what the issue was. Modified + to print: + ``` + error reading --load-privkey: foo + ``` + + Report and initial patch by Thibault Nélis. + + Resolves !97 + +Author: Nikos Mavrogiannopoulos +Date: Wed Sep 28 07:41:13 2016 +0200 + + p11tool: doc update [ci skip] + +Author: Nikos Mavrogiannopoulos +Date: Tue Sep 27 23:42:01 2016 +0200 + + Removed C99 constructions in for-loops + + These constructions although valid for C99 they are + being rejected by various compilers. Get rid of them. + +Author: Daiki Ueno +Date: Tue Sep 27 11:04:16 2016 +0200 + + certtool: print correct size of EC keys + + Previously certtool complained about key size if --curve is given: + + $ certtool --generate-privkey --ecc --curve secp256r1 --outfile key.pem + Generating a -2147483646 bit EC/ECDSA private key... + Note that ECDSA keys with size less than 256 are not widely supported. + +Author: Nikos Mavrogiannopoulos +Date: Tue Sep 27 09:51:56 2016 +0200 + + p11tool: documented the p11-kit relevancy of distrust and stapled + +Author: Nikos Mavrogiannopoulos +Date: Tue Sep 27 09:39:09 2016 +0200 + + pkcs11: forbid PKCS#11 extensions to be used in other than trust modules + + That is, only use the CKA_X_DISTRUSTED and the extension override in + p11-kit trust modules, to avoid conflicts with potentially other + PKCS#11 extensions. + +Author: Nikos Mavrogiannopoulos +Date: Tue Sep 27 11:46:24 2016 +0200 + + .gitlab-ci.yml: enabled valgrind tests build + +Author: Nikos Mavrogiannopoulos +Date: Tue Sep 27 11:44:16 2016 +0200 + + tests: allow handshake-large-packet to run under valgrind + + That is, initialize the allocated buffers with a known value. + +Author: Nikos Mavrogiannopoulos +Date: Mon Sep 26 14:24:31 2016 +0200 + + p11tool: introduced the --mark-distrusted and --distrusted options + + This allows to mark objects as distrusted, as well as list all + distrusted certificates (blacklisted) for a p11-kit trust module as: + p11tool --list-all-certs --distrusted + +Author: Nikos Mavrogiannopoulos +Date: Mon Sep 26 14:23:24 2016 +0200 + + pkcs11: introduced flag GNUTLS_PKCS11_OBJ_FLAG_MARK_DISTRUSTED + + This allows to mark objects as distrusted, as well as to be + able to list distrusted objects. + +Author: Nikos Mavrogiannopoulos +Date: Mon Sep 26 14:00:32 2016 +0200 + + pkcs11: only staple extensions from a trust module when they are from a non-distrusted certificate + + That is, make sure that the API for stapling extensions is only used + for non-distrusted (blacklisted) certificates. The reason is to avoid + duplicate extension entries from the p11-kit trust database. These + come from blacklisted certificates, and we have no reason to support + stapled extensions with blacklisted certificates. + +Author: Nikos Mavrogiannopoulos +Date: Mon Sep 26 13:47:19 2016 +0200 + + p11tool: allow to export a certificate with its stapled extensions + +Author: Nikos Mavrogiannopoulos +Date: Mon Sep 26 08:12:52 2016 +0200 + + gnutls_oid_to_ecc_curve: fix null pointer dereference + + This addresses issue where an unknown curve would cause a + null pointer dereference. This was introduced with the addition + of X25519. Reported by Theofilos Petsios. + +Author: Nikos Mavrogiannopoulos +Date: Fri Sep 23 16:01:07 2016 +0200 + + Only send the status request extension on cert authentication + + That is, do not both asking for it, or replying to it, if we are + not using any certificates. + +Author: Nikos Mavrogiannopoulos +Date: Thu Sep 22 14:49:57 2016 +0200 + + gdoc: improved the detection and display of escaped characters (@%) + + This allows to properly display strings like %COMPAT and @SYSTEM + in the manual and the manpages. + +Author: Nikos Mavrogiannopoulos +Date: Thu Sep 22 13:46:19 2016 +0200 + + doc: gnutls_priority_init: fixed %COMPAT [ci skip] + +Author: Nikos Mavrogiannopoulos +Date: Thu Sep 22 12:08:45 2016 +0200 + + .gitlab-ci.yml: corrected debian build's dependency + +Author: Nikos Mavrogiannopoulos +Date: Thu Sep 22 11:07:45 2016 +0200 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Wed Sep 21 17:59:18 2016 +0200 + + On client side allow signing with the signature algorithm of our cert + + That allows to sign for example with DSA-SHA1 as client even if we do not + allow DSA-SHA1 as signature algorithm for server's certificate. This allows + to use a deprecated certificate without enabling deprecated algorithms + globally. + +Author: Nikos Mavrogiannopoulos +Date: Thu Sep 22 11:01:22 2016 +0200 + + _gnutls_session_get_sign_algo: always return GNUTLS_SIGN_UNKNOWN on failure + +Author: Nikos Mavrogiannopoulos +Date: Thu Sep 22 10:35:13 2016 +0200 + + tests: added check for server-side ECDSA keys + + These tests check whether a server ECDSA key will be rejected by + the client in case the client has no ECDSA signature algorithms + available. + +Author: Nikos Mavrogiannopoulos +Date: Thu Sep 22 09:54:12 2016 +0200 + + tests: added check for client-side DSA key + + This checks whether a client can use and send a DSA key, even + if DSA is not enabled (which should prohibit the server from providing + a DSA certificate). + +Author: Nikos Mavrogiannopoulos +Date: Thu Sep 22 09:21:06 2016 +0200 + + certtool: do not require a certificate to generate a PKCS#12 file + + That is, allow generating PKCS#12 files with private keys only as well. + +Author: Nikos Mavrogiannopoulos +Date: Tue Sep 20 09:00:23 2016 +0200 + + .gitlab-ci.yml: added debian build + +Author: Nikos Mavrogiannopoulos +Date: Tue Sep 20 14:31:12 2016 +0200 + + README.md: depend on softhsm2 and net-tools on debian + +Author: Nikos Mavrogiannopoulos +Date: Mon Sep 19 15:36:21 2016 +0200 + + tests: mini-server-name: skip invalid UTF-8 check if compiled without libidn + + This allows the test suite to run in systems without libidn. Reported + by Thomas Klausner. + +Author: Nikos Mavrogiannopoulos +Date: Mon Sep 19 14:55:24 2016 +0200 + + tests: added the macros test_fail() and test_success() + + These macros allow test programs which run multiple checks, + to report the name of the check failed. Modified mini-server-name + and x509-dn-decode to use the macro. + +Author: Nikos Mavrogiannopoulos +Date: Mon Sep 19 18:55:59 2016 +0200 + + cfg.mk: removed invalid rule in web target + +Author: Nikos Mavrogiannopoulos +Date: Mon Sep 19 14:24:10 2016 +0200 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Mon Sep 19 14:12:56 2016 +0200 + + added debugging message when session fails due to handshake hash buffer + +Author: Nikos Mavrogiannopoulos +Date: Mon Sep 19 08:02:14 2016 +0200 + + tests: check whether large packets are allowed on the handshake + +Author: Nikos Mavrogiannopoulos +Date: Mon Sep 19 08:01:24 2016 +0200 + + Do not allow sending overflowed extensions field + + That is, restrict the extensions to a 2^16 total size. + +Author: Nikos Mavrogiannopoulos +Date: Mon Sep 19 07:42:41 2016 +0200 + + tests: minor improvements in mini-extension + + This will improve recovery from error conditions. + +Author: Nikos Mavrogiannopoulos +Date: Fri Sep 16 13:12:50 2016 +0200 + + Increased the maximum size allowed for handshake messages to 128kb + + This would allow the library to cope with larger packets, as well + as TLS 1.3 hellos. Suggested by Hubert Kario. + +Author: Nikos Mavrogiannopoulos +Date: Sat Sep 17 12:52:41 2016 +0200 + + tests: added check for insecure key + + That is, a check which verified whether a connection to a server with + a very small key will fail the certificate verification check. + +Author: Nikos Mavrogiannopoulos +Date: Sat Sep 17 11:43:45 2016 +0200 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Sat Sep 17 11:31:29 2016 +0200 + + Introduced separate error codes for invalid private and public keys + + This allows functions like decryption and verification to report + the specific issue they encountered on public key error. + The new codes are GNUTLS_E_PK_INVALID_PUBKEY and GNUTLS_E_PK_INVALID_PRIVKEY + +Author: Nikos Mavrogiannopoulos +Date: Thu Sep 15 16:50:26 2016 +0200 + + .gitlab-ci.yml: no longer require gnutls-devel + + This package is no longer needed to run abi-check. + +Author: Nikos Mavrogiannopoulos +Date: Thu Sep 15 16:49:37 2016 +0200 + + Makefile: abi-check no longer require gnutls headers to be installed + + This addresses the issue of requiring gnutls-devel in the CI system + to run abi-check. + +Author: Nikos Mavrogiannopoulos +Date: Tue Sep 13 15:17:29 2016 +0200 + + doc: remove the conditional self_test functions + + Also prevent them by re-entering the documented functions list + by restricting the header files that contribute functions to the + known list defined by $(HEADER_FILES). + +Author: Nikos Mavrogiannopoulos +Date: Tue Sep 13 10:37:54 2016 +0200 + + Makefile.am: introduced 'make files-update' rule + + This rule updates the makefiles in doc/ and the kept symbol list. + This allows for easier automation of the symbol change 'make dist' + breakages. + +Author: Nikos Mavrogiannopoulos +Date: Tue Sep 13 10:33:00 2016 +0200 + + manpages: delete comparison temp file + +Author: Nikos Mavrogiannopoulos +Date: Tue Sep 13 10:30:09 2016 +0200 + + Makefile.am: symbol changes were made more elaborate + + During make dist, the makefile will report the appropriate + symbol change message with instructions and fail. + +Author: Nikos Mavrogiannopoulos +Date: Tue Sep 13 10:02:48 2016 +0200 + + updated doc and symbol files for gnutls_certificate_set_ocsp_status_request_function2 + +Author: Nikos Mavrogiannopoulos +Date: Tue Sep 13 10:00:42 2016 +0200 + + Makefile.am: print the symbols.last diff on make dist + + This allows to manually verify the contents before overriding + the old file. + +Author: Nikos Mavrogiannopoulos +Date: Mon Sep 12 17:23:07 2016 +0200 + + doc: allow creation of gnutls.epub without running epub-fix + +Author: Nikos Mavrogiannopoulos +Date: Mon Sep 12 15:50:52 2016 +0200 + + .gitlab-ci.yml: use nproc as argument to 'make -j' + + That way, we use as many make processes, as the number of + CPUs in the CI system. + +Author: Nikos Mavrogiannopoulos +Date: Mon Sep 12 15:31:13 2016 +0200 + + .gitlab-ci.yml: added build which runs 'make dist' + + This tests whether the manpages, info, html, pdf and epub + manual are properly generated, and whether any new functions + were included into makefiles. + +Author: Nikos Mavrogiannopoulos +Date: Mon Sep 12 15:30:07 2016 +0200 + + doc: fixed the epub documentation generation + +Author: Nikos Mavrogiannopoulos +Date: Tue Sep 13 20:18:03 2016 +0200 + + gnutls_certificate_set_ocsp_status_request_file: mention version it was enhanced + +Author: Nikos Mavrogiannopoulos +Date: Tue Sep 13 20:11:28 2016 +0200 + + doc: corrected typo + +Author: Alex Monk +Date: Mon Sep 12 18:24:49 2016 +0100 + + Add ECDHE-* to the priority string docs for key exchange algorithms + + GNUTLS_KX_ECDHE_PSK was added in 2.99.3 (released 2011-06-18) + The other two were added in 2.99.2 (released 2011-05-26) + + Signed-off-by: Alex Monk + +Author: Nikos Mavrogiannopoulos +Date: Tue Sep 13 08:54:42 2016 +0200 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Tue Sep 13 08:49:10 2016 +0200 + + .gitlab-ci.yml: added check for position dependent code + +Author: Nikos Mavrogiannopoulos +Date: Tue Sep 13 08:46:51 2016 +0200 + + Makefile.am: added check for position dependent code + + This check will verify that the generated library doesn't contain + position dependent code. It depends on elf utilities. + +Author: Nikos Mavrogiannopoulos +Date: Tue Sep 13 08:38:36 2016 +0200 + + openssl asm: reverted to AESNI-x86 code to gnutls 3.4.x code + + The newer code was creating position dependent code. + +Author: Nikos Mavrogiannopoulos +Date: Mon Sep 12 11:59:37 2016 +0200 + + tests: added checks to verify server understanding of UTF8 hostnames + + This verifies whether a server can understand and serve requests + which contain UTF-8 server names. + +Author: Nikos Mavrogiannopoulos +Date: Mon Sep 12 11:51:07 2016 +0200 + + tests: set_key: fixed the time override + +Author: Nikos Mavrogiannopoulos +Date: Mon Sep 12 11:23:25 2016 +0200 + + tests: set_key: enabled failure_mode test + + Also eliminated memory leaks related to it. + +Author: Nikos Mavrogiannopoulos +Date: Sat Sep 10 10:50:43 2016 +0200 + + Added IDNA support in server side + + Any server names provided to server side by the gnutls_certificate_set_* + functions, are converted to IDNA format for comparison with client provided + values. + +Author: Nikos Mavrogiannopoulos +Date: Mon Sep 12 10:52:18 2016 +0200 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Mon Sep 12 10:48:10 2016 +0200 + + .gitlab-ci.yml: restrict the freebsd builds to local branches only + +Author: Alex Monk +Date: Sun Sep 11 22:10:14 2016 +0100 + + Add SIGN-ECDSA-SHA* to the priority strings docs + + There were added in version 2.99.2, 2011-05-26 + + Signed-off-by: Alex Monk + +Author: Nikos Mavrogiannopoulos +Date: Mon Sep 12 10:22:37 2016 +0200 + + gnutls_certificate_set_*key: ensure proper cleanup on key mismatch failures + + That is, ensure that we keep no local references that are shared with + the caller, and that we properly free all initialized values. + +Author: Nikos Mavrogiannopoulos +Date: Mon Sep 12 10:23:48 2016 +0200 + + tests: check key mismatch on gnutls_certificate_set_*key + + That is, check whether these functions can successfully + recover from such condition, without leaks or double freeing. + +Author: Nikos Mavrogiannopoulos +Date: Thu Sep 8 15:32:06 2016 +0200 + + tests: added unit testing for gnutls_certificate_set_ocsp_status_request_function2 + +Author: Nikos Mavrogiannopoulos +Date: Thu Sep 8 15:14:37 2016 +0200 + + tests: added unit tests for gnutls_certificate_set_x509_key() + + In addition these tests verify that the expected index is returned + and that can be used with gnutls_certificate_get_crt_raw() afterwards. + +Author: Nikos Mavrogiannopoulos +Date: Thu Sep 8 15:03:00 2016 +0200 + + tests: enhanced set_x509_key tests to include index verification + + That is, verify that correct indexes are returned, and these + can be used with gnutls_certificate_get_crt_raw() afterwards. + +Author: Nikos Mavrogiannopoulos +Date: Thu Sep 8 13:48:30 2016 +0200 + + tests: enhanced set_x509_key_file tests to include index verification + + That is, verify that correct indexes are returned, and these + can be used with gnutls_certificate_get_crt_raw() afterwards. + +Author: Nikos Mavrogiannopoulos +Date: Wed Sep 7 17:55:38 2016 +0200 + + tests: more checks for functionality of gnutls_certificate_set_ocsp_status_request_file + + This introduces checks for the cases where gnutls_certificate_set_ocsp_status_request_file() + is called with multiple indexes, to set an OCSP response for different + certificates. The tests then verify whether the expected OCSP response + is received. + +Author: Nikos Mavrogiannopoulos +Date: Wed Sep 7 14:49:35 2016 +0200 + + Added gnutls_certificate_set_ocsp_status_request_function2 + + That introduces a new function to allow setting an OCSP status + request handling function per certificate. Furthermore it repurposes + the flag parameters to an index option on gnutls_certificate_set_ocsp_status_request_file. + + The changes above allow setting a different OCSP status response + file per certificate, and a different function. The indexes they + rely on to associate with existing certs are the indexes returned + by the gnutls_certificate_set_key() and friends functions. + +Author: Nikos Mavrogiannopoulos +Date: Wed Sep 7 13:38:19 2016 +0200 + + All the key and chain set functions return an index + + When setting key and certificate material to a gnutls_certificate_credentials_t + structure, the corresponding set functions will return an index. + That index could be used later either on the get functions, or + when setting corresponding data (e.g., an OCSP response). + +Author: Nikos Mavrogiannopoulos +Date: Wed Sep 7 13:29:54 2016 +0200 + + doc: clarifications in gnutls_certificate_set_ocsp_status_request_function() + +Author: Andreas Metzler +Date: Sun Sep 11 16:00:57 2016 +0200 + + Typo fixes found by lintian. + + incosistent, ommited + +Author: Nikos Mavrogiannopoulos +Date: Sun Sep 11 20:24:43 2016 +0200 + + .gitlab-ci.yml: added code-coverage output to clang build + +Author: Nikos Mavrogiannopoulos +Date: Sun Sep 11 19:40:25 2016 +0200 + + .gitlab-ci.yml: the code-coverage command will always succeed + + This works around random failures while calculating the code coverage. + +Author: Nikos Mavrogiannopoulos +Date: Sun Sep 11 19:37:45 2016 +0200 + + .gitlab-ci.yml: moved commonly installed packages into the before_script field + +Author: Nikos Mavrogiannopoulos +Date: Sun Sep 11 12:57:04 2016 +0200 + + .gitlab-ci.yml: added syntax check build + +Author: Nikos Mavrogiannopoulos +Date: Sun Sep 11 12:51:11 2016 +0200 + + cfg.mk: revived 'make release' + +Author: Nikos Mavrogiannopoulos +Date: Sun Sep 11 12:21:59 2016 +0200 + + several spacing fixes to keep syntax-check happy + +Author: Nikos Mavrogiannopoulos +Date: Sun Sep 11 11:51:37 2016 +0200 + + avoid the usage of '-a' and '-o' bash options + + This keeps syntax-check happy. + +Author: Nikos Mavrogiannopoulos +Date: Sun Sep 11 11:44:58 2016 +0200 + + avoid the usage of strncpy + +Author: Nikos Mavrogiannopoulos +Date: Sun Sep 11 11:40:51 2016 +0200 + + removed signal.h from files that wasn't used at + +Author: Nikos Mavrogiannopoulos +Date: Sun Sep 11 11:38:35 2016 +0200 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Sun Sep 11 11:38:08 2016 +0200 + + gnutls_x509_cidr_to_rfc5280: removed double semi-colon + +Author: Nikos Mavrogiannopoulos +Date: Sun Sep 11 11:37:32 2016 +0200 + + removed c-ctype.h from files that wasn't used at + +Author: Nikos Mavrogiannopoulos +Date: Sun Sep 11 11:36:27 2016 +0200 + + configure.ac: quote parameters when needed + +Author: Nikos Mavrogiannopoulos +Date: Sun Sep 11 11:35:51 2016 +0200 + + removed assert.h from files that wasn't used at + +Author: Nikos Mavrogiannopoulos +Date: Sun Sep 11 11:34:53 2016 +0200 + + POTFILES: added libdane files + +Author: Nikos Mavrogiannopoulos +Date: Sun Sep 11 11:25:15 2016 +0200 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Sun Sep 11 11:23:15 2016 +0200 + + tests/tools: avoid non-null check before free() + +Author: Nikos Mavrogiannopoulos +Date: Sat Sep 10 23:02:13 2016 +0200 + + latex manual: added backwards compatibility options + +Author: Nikos Mavrogiannopoulos +Date: Sat Sep 10 11:04:51 2016 +0200 + + .gitlab-ci.yml: windows DLL builds now include all required dependencies + + Also improved naming conventions for builds + +Author: Nikos Mavrogiannopoulos +Date: Sat Sep 10 07:49:59 2016 +0200 + + inet_ntop4: casted signed/unsigned comparison + +Author: Nikos Mavrogiannopoulos +Date: Sat Sep 10 07:48:22 2016 +0200 + + system.h: undefine macros before defining them + +Author: Nikos Mavrogiannopoulos +Date: Sat Sep 10 07:44:21 2016 +0200 + + _gnutls_fbase64_decode: use memsub macro instead of casts + +Author: Nikos Mavrogiannopoulos +Date: Fri Sep 9 15:04:52 2016 +0200 + + gnutls-cli: use gnutls_set_default_priority if no priorities are given + +Author: Nikos Mavrogiannopoulos +Date: Fri Sep 9 15:01:05 2016 +0200 + + gnutls-serv: removed '...' from documentation + + That caused caused problems in generated manpage. + +Author: Nikos Mavrogiannopoulos +Date: Fri Sep 9 13:59:05 2016 +0200 + + configure: better document the random generator variant used + +Author: Nikos Mavrogiannopoulos +Date: Thu Sep 8 07:30:33 2016 +0200 + + released 3.5.4 + +Author: Nikos Mavrogiannopoulos +Date: Wed Sep 7 22:44:08 2016 +0200 + + .gitlab-ci.yml: corrected wrong operation in minimal build + +Author: Nikos Mavrogiannopoulos +Date: Wed Sep 7 22:25:47 2016 +0200 + + updated auto-generated files + +Author: Nikos Mavrogiannopoulos +Date: Wed Sep 7 22:20:10 2016 +0200 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Wed Sep 7 13:17:56 2016 +0200 + + bumped versions + +Author: Nikos Mavrogiannopoulos +Date: Wed Sep 7 13:16:41 2016 +0200 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Wed Sep 7 09:30:18 2016 +0200 + + tests: do not run pkcs12-utf8 under windows + + This test required to pass UTF8 data under command line, and that + doesn't seem to work under windows. + +Author: Nikos Mavrogiannopoulos +Date: Wed Sep 7 08:45:24 2016 +0200 + + _gnutls_ucs2_to_utf8: corrected use of WideCharToMultiByte in windows + +Author: Nikos Mavrogiannopoulos +Date: Tue Sep 6 18:45:17 2016 +0200 + + tests: added debugging info in conv-utf8 + +Author: Nikos Mavrogiannopoulos +Date: Tue Sep 6 16:45:19 2016 +0200 + + tests: don't build cmocka tests with libutils - they conflict + +Author: Nikos Mavrogiannopoulos +Date: Tue Sep 6 15:58:59 2016 +0200 + + .gitlab-ci.yml: keep config.log in windows builds + +Author: Nikos Mavrogiannopoulos +Date: Tue Sep 6 15:14:01 2016 +0200 + + .gitlab-ci.yml: corrected typo for libidn installation in windows64 + +Author: Nikos Mavrogiannopoulos +Date: Tue Sep 6 14:52:54 2016 +0200 + + .gitlab-ci.yml: install our internal cmocka for windows + +Author: Nikos Mavrogiannopoulos +Date: Tue Sep 6 13:18:10 2016 +0200 + + tests: added unit tests of _gnutls_utf8_to_ucs2 and _gnutls_ucs2_to_utf8 + +Author: Nikos Mavrogiannopoulos +Date: Tue Sep 6 11:40:36 2016 +0200 + + libgnutls.map: export _gnutls_utf8_to_ucs2 and _gnutls_ucs2_to_utf8 for testing + +Author: Nikos Mavrogiannopoulos +Date: Fri Aug 26 14:49:07 2016 +0200 + + pkcs12: enhanced to allow encrypting using UCS2 passwords + + That is use _gnutls_utf8_to_ucs2() to convert the provided + password to UCS2. + +Author: Nikos Mavrogiannopoulos +Date: Fri Aug 26 15:56:19 2016 +0200 + + _gnutls_ucs2_to_utf8: fixed null termination check in windows code + +Author: Nikos Mavrogiannopoulos +Date: Fri Aug 26 14:48:24 2016 +0200 + + Added _gnutls_utf8_to_ucs2() + + This function allows to convert between UTF8 to UCS2 big-endian. + +Author: Nikos Mavrogiannopoulos +Date: Fri Aug 26 14:23:13 2016 +0200 + + tests: added tests for PKCS#12 decoding with UTF8 passwords + +Author: Nikos Mavrogiannopoulos +Date: Fri Aug 26 14:34:07 2016 +0200 + + pkcs7 encryption: corrected memory leaks + +Author: Nikos Mavrogiannopoulos +Date: Tue Sep 6 14:54:30 2016 +0200 + + Makefile: local-code-coverage-output always succeeds + +Author: Martin Ukrop +Date: Fri Sep 2 10:30:54 2016 +0200 + + x509: Adjust IP name constraints behavior + + - Modified IPv4/IPv6 interaction in name constraints -- IPv4 and IPv6 no have empty intersection (previously: were treated independently). + - Current behavior is more conservative -- in case of IPv4 constraint cert, subcerts will not be able to have IPv6 addresses. + - Tests updated accordingly. + - Behavior now matches NSS. + +Author: Nikos Mavrogiannopoulos +Date: Tue Sep 6 09:05:59 2016 +0200 + + tests: added checks to verify behavior in writing pkcs11 objects + + That is, verify that private keys are marked as private by default, + and public objects are marked as non-private by default. + +Author: Nikos Mavrogiannopoulos +Date: Tue Sep 6 09:00:20 2016 +0200 + + p11tool: eliminated memory leak in --list options + +Author: Nikos Mavrogiannopoulos +Date: Tue Sep 6 08:49:01 2016 +0200 + + p11tool: do not mark written objects as private by default + + That is, when --mark-private or --no-mark-private are not specified, + set non-private for public objects and private for private ones. + +Author: Nikos Mavrogiannopoulos +Date: Mon Sep 5 18:16:57 2016 +0200 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Mon Sep 5 18:15:25 2016 +0200 + + minitasn1: updated to latest git version + +Author: Nikos Mavrogiannopoulos +Date: Mon Sep 5 18:08:50 2016 +0200 + + _gnutls_encode_ber_rs_raw: simplified + + That is, use a single allocation for temporary data. + +Author: Nikos Mavrogiannopoulos +Date: Mon Sep 5 13:05:17 2016 +0200 + + .gitlab-ci.yml: use fedora24 with address sanitizer + + The fix in fbb9618b25b77c65e24a6ce224d53bc9a0b81457 addresses + the problems with asan in fedora24. + +Author: Nikos Mavrogiannopoulos +Date: Mon Sep 5 13:01:31 2016 +0200 + + tests: use LSAN_OPTIONS instead of ASAN_OPTIONS + + New versions of address sanitizer do not parse this file + otherwise. + +Author: Nikos Mavrogiannopoulos +Date: Mon Sep 5 09:48:24 2016 +0200 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Mon Sep 5 09:41:30 2016 +0200 + + tests: corrected detection of 64-bit systems in softhsm.h + +Author: Nikos Mavrogiannopoulos +Date: Mon Sep 5 09:37:51 2016 +0200 + + tests: added check for PKCS#11 signature validity + + That is, tests whether our generated DSASignatureValue with PKCS#11 + contains r, s values that are non-negative, i.e., are zero padded + when necessary. This utilizes _gnutls_decode_ber_rs_raw(). + +Author: Nikos Mavrogiannopoulos +Date: Mon Sep 5 09:29:24 2016 +0200 + + Introduced helper function _gnutls_decode_ber_rs_raw() + +Author: Nikos Mavrogiannopoulos +Date: Sat Sep 3 11:39:57 2016 +0200 + + _gnutls_encode_ber_rs_raw: zero-pad values when necessary + + This addresses issue when encoding values obtained via + PKCS#11 which may not be necessarily padded. + + Resolves #122 + +Author: Nikos Mavrogiannopoulos +Date: Sat Sep 3 10:23:49 2016 +0200 + + tests: template-test: use uniform way to detect 32-bit systems + +Author: Nikos Mavrogiannopoulos +Date: Thu Sep 1 12:35:55 2016 +0200 + + .gitlab-ci.yml: use the gitlab.com shared runners + + This removes the need to administer custom runners (except for + the FreeBSD runner which cannot run under Linux), makes the + testing on other platforms such as Debian simpler, and allows + merge requests to pass through the CI. + +Author: David Woodhouse +Date: Tue Aug 30 15:26:27 2016 +0100 + + Import DTLS sliding window validation from OpenConnect ESP code + + In this implementation, the end of the sliding window is always advanced + to the latest received packet, and we accept up to 64 packets before + that one. We no longer refuse to accept packets because they are + *too* far ahead of what we've already seen. + + Some of the test cases are fixed up accordingly. + + This matches the code in OpenConnect esp-seqno.c at commit 314ac65. + +Author: Jussi Kukkonen +Date: Wed Aug 31 11:04:06 2016 +0300 + + tools: Use correct include dir with minitasn + + This allows compiling certtool without libtasn headers. + +Author: Nikos Mavrogiannopoulos +Date: Mon Aug 29 14:16:16 2016 +0200 + + nettle: removed unused variable in windows rng + +Author: Nikos Mavrogiannopoulos +Date: Mon Aug 29 13:52:24 2016 +0200 + + tests: don't run danetool.sh when not compiled with dane support + +Author: Nikos Mavrogiannopoulos +Date: Mon Aug 29 13:48:04 2016 +0200 + + tests: mini-dtls-record: modified expected order to account for new SW behavior + +Author: Nikos Mavrogiannopoulos +Date: Mon Aug 29 13:02:54 2016 +0200 + + dtls: ensure that the DTLS window doesn't get stalled + + That is ensure that it is forwarded at least one place if more than 16 + packets have been received since the first one. + +Author: Nikos Mavrogiannopoulos +Date: Mon Aug 29 13:25:23 2016 +0200 + + tests: enhance the DTLS window unit test to account for lost packets + + This adds tests for cases where many lost packets are encountered, + such as 50% of the packets received, as well as 3 consequent packets + being lost. + +Author: Nikos Mavrogiannopoulos +Date: Fri Aug 26 16:52:19 2016 +0200 + + README.md: added coverage report [ci skip] + +Author: David Woodhouse +Date: Sun Aug 28 21:42:34 2016 +0100 + + gnutls_pkcs12_simple_parse: set the key value to null on failure + +Author: Nikos Mavrogiannopoulos +Date: Sun Aug 28 00:55:30 2016 +0200 + + tests: added basic operational check of gnutls_ocsp_resp_get_single() + +Author: Nikos Mavrogiannopoulos +Date: Sun Aug 28 00:40:49 2016 +0200 + + gnutls_ocsp_resp_get_single: reorganized function to eliminate memory leaks + + Simplified and optimized the function operation, by removing + unecessary memory allocations, as well as eliminate memory leaks + on certain error cases. + +Author: Nikos Mavrogiannopoulos +Date: Sat Aug 27 17:00:22 2016 +0200 + + ocsp: corrected the comparison of the serial size in OCSP response + + Previously the OCSP certificate check wouldn't verify the serial length + and could succeed in cases it shouldn't. + + Reported by Stefan Buehler. + +Author: Nikos Mavrogiannopoulos +Date: Fri Aug 26 11:35:50 2016 +0200 + + tools: eliminated memory leaks in deinitialization + +Author: Nikos Mavrogiannopoulos +Date: Fri Aug 26 11:28:51 2016 +0200 + + tools: allow socket_bye() to be used for non-polite terminations + +Author: Nikos Mavrogiannopoulos +Date: Fri Aug 26 11:14:19 2016 +0200 + + tests: added suppressions.valgrind in ocsp-tests + +Author: Nikos Mavrogiannopoulos +Date: Thu Aug 25 15:48:03 2016 +0200 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Thu Aug 25 15:46:06 2016 +0200 + + tests: added check for the decoding of pbes1-des-md5 key + +Author: Nikos Mavrogiannopoulos +Date: Thu Aug 25 17:27:16 2016 +0200 + + pkcs8: cleaned up PKCS#8 decoding from common code with PKCS#7 + +Author: Nikos Mavrogiannopoulos +Date: Thu Aug 25 15:40:28 2016 +0200 + + pkcs8: added support for decryption with PBES1-DES-CBC-MD5 + + While this is a legacy (and insecure) cipher combination it is the + default output of openssl up until the 1.0.2 version. We introduce + this option to allow decrypting private keys from these versions of + openssl. + +Author: raspa0 +Date: Thu Aug 25 10:58:22 2016 +0200 + + fix memleak in pkcs11_get_random + +Author: Nikos Mavrogiannopoulos +Date: Thu Aug 25 09:57:55 2016 +0200 + + ocsptool: reduce memory leaks on execution + +Author: Nikos Mavrogiannopoulos +Date: Wed Aug 24 14:09:13 2016 +0200 + + tests: enable ocsp-must-staple-connection check + +Author: Nikos Mavrogiannopoulos +Date: Wed Aug 24 16:17:20 2016 +0200 + + doc: be more explicit about the usage of gnutls_global_init/deinit [ci skip] + +Author: Nikos Mavrogiannopoulos +Date: Wed Aug 24 14:41:33 2016 +0200 + + tests: don't use piped tee in pkcs8-decode + + It would prevent error codes from being detected in the tests. + +Author: Nikos Mavrogiannopoulos +Date: Wed Aug 24 14:04:52 2016 +0200 + + ocsptool: corrected bug in session establishment + +Author: Nikos Mavrogiannopoulos +Date: Wed Aug 24 13:57:00 2016 +0200 + + tests: ocsp-tls-connection: no longer check for netcat; it was not needed + +Author: Nikos Mavrogiannopoulos +Date: Wed Aug 24 13:39:43 2016 +0200 + + tests: added decoding of key with pbes2 and SHA256 PRF + +Author: Nikos Mavrogiannopoulos +Date: Wed Aug 24 13:32:04 2016 +0200 + + Added support for decrypting PKCS#8 files which use HMAC-SHA256 as PRF + + This improves compatibility with new openssl versions. + +Author: Nikos Mavrogiannopoulos +Date: Wed Aug 24 10:49:13 2016 +0200 + + Ported openssl format fix from openconnect + + Patch by David Woodhouse + +Author: raspa0 +Date: Wed Aug 24 06:15:03 2016 +0000 + + src/pkcs11.c: fix mech_list out-of-bounds check + +Author: Philippe Proulx +Date: Mon Aug 15 01:13:16 2016 -0400 + + gnutls_record_recv(): doc: push -> pull + + Signed-off-by: Philippe Proulx + +Author: Nikos Mavrogiannopoulos +Date: Mon Aug 22 16:32:34 2016 +0200 + + rnd-linux: added check for SYS_getrandom being defined + + This allows to compile the getrandom() code in old Linux systems + which do not have the system call defined. + +Author: Nikos Mavrogiannopoulos +Date: Mon Aug 22 16:29:09 2016 +0200 + + libdane: include minitasn1 headers + +Author: Nikos Mavrogiannopoulos +Date: Mon Aug 22 17:11:53 2016 +0200 + + gnutls-cli: do not exit if fast open is not supported + +Author: Nikos Mavrogiannopoulos +Date: Mon Aug 22 13:21:07 2016 +0200 + + gnutls-cli: added bufferring in starttls read of packets + +Author: Nikos Mavrogiannopoulos +Date: Mon Aug 22 13:34:44 2016 +0200 + + tests: added basic test of STARTTLS over FTP for gnutls-cli + +Author: Nikos Mavrogiannopoulos +Date: Mon Aug 22 09:03:41 2016 +0200 + + tests: added basic starttls functionality testing on gnutls-cli + +Author: Nikos Mavrogiannopoulos +Date: Mon Aug 22 09:13:50 2016 +0200 + + gnutls-cli: exit with error code 2 on starttls errors + +Author: Nikos Mavrogiannopoulos +Date: Mon Aug 22 08:57:23 2016 +0200 + + tests: fixed fastopen.sh to operate from cmd + +Author: Nikos Mavrogiannopoulos +Date: Mon Aug 22 08:47:57 2016 +0200 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Mon Aug 22 08:46:04 2016 +0200 + + gnutls-cli: fixed the behavior when --starttls or --starttls-proto is given + + The change of moving the handshake process as part of the socket establishment + broke the starttls functionality in gnutls-cli. This change fixes that functionality. + Reported by Andreas Metzler. + +Author: SUMIT AGGARWAL +Date: Fri Aug 19 11:58:39 2016 +0200 + + Fix HANDLE_LEAK and memory leak issues. + +Author: Nikos Mavrogiannopoulos +Date: Mon Aug 22 08:18:15 2016 +0200 + + gnutls-cli: print 'Handshake was completed' + + The change of moving the handshake process as part of the socket + establishment, prevented the text 'Handshake was completed' from + being printed as part of a successful handshake. That message was + used by applications like gnus which use gnutls-cli. This patch + reverts that change and prints that message on successful handshakes. + +Author: Nikos Mavrogiannopoulos +Date: Wed Aug 10 14:43:03 2016 +0200 + + tests: openpgp-certs tests were moved to cert-tests + +Author: Nikos Mavrogiannopoulos +Date: Wed Aug 10 14:07:03 2016 +0200 + + gnutls_key_generate: fail if the state of the library is invalid + + Suggested by Stephan Mueller. + +Author: Nikos Mavrogiannopoulos +Date: Wed Aug 10 13:35:33 2016 +0200 + + tests: mini-dtls-hello-verify: ignore SIGPIPE to avoid unexpected crashes + + Resolves: #119 + +Author: Nikos Mavrogiannopoulos +Date: Tue Aug 9 12:00:57 2016 +0200 + + gnutls_safe_renegotiation_status: changed return type to unsigned + +Author: Nikos Mavrogiannopoulos +Date: Tue Aug 9 11:12:16 2016 +0200 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Tue Aug 9 10:54:09 2016 +0200 + + tests: removed unused variables from tests + +Author: Nikos Mavrogiannopoulos +Date: Tue Aug 9 10:45:00 2016 +0200 + + doc update + +Author: Martin Ukrop +Date: Thu Jun 23 12:11:18 2016 +0200 + + tests: Add tests for X509 IP constraints + + - Add dedicated test file name-constraints-ip for IP tests. + - Test the following: + * Generation and saving of valid name constraints. + * Trying to save invalid IP constraints. + * Reading the saved constraints. + * constraints_check() calls for both IPv4 and IPv6. + * IP constraints intersection (simple, empty, mediocre, complicated). + * IPv4/IPv6 constraints interaction and various corner cases. + - IPs/CIDRs are printed in logs in case of failure. + - Add 2 new chain tests (positive, negative). + - Add generated test executable to ignored files. + + Signed-off-by: Martin Ukrop + +Author: Martin Ukrop +Date: Wed Jun 29 11:25:59 2016 +0200 + + x509: Add support for IP constraints + + - IP constraints are now checked against the subject alternative + name field. + - Implemented IP name constraints merging. + - Added IP constraints validity checking during loading and getting + the name constraints object from the user. + - Add a convenience function name_constraints_node_new that allocates + a name constraints node and sets its fields. Use this new function + where applicable. + - Add documentation for is_nc_empty, _gnutls_name_constraints_node_free, + _gnutls_name_constraints_intersect. + - Small improvements elsewhere (polishing). + + Signed-off-by: Martin Ukrop + +Author: Martin Ukrop +Date: Wed Aug 3 19:40:55 2016 +0200 + + tests: Add more IP conversion unit tests + + - Renamed ip-in-cidr test to ip-utils. + - Added built binary to .gitignore. + - Added new tests for gnutls_x509_cidr_to_rfc5280. + + Signed-off-by: Martin Ukrop + +Author: Nikos Mavrogiannopoulos +Date: Tue Aug 2 15:28:52 2016 +0200 + + tests: added unit test for ip_in_cidr function + +Author: Martin Ukrop +Date: Wed Jun 29 11:23:40 2016 +0200 + + x509: Separate out IP handling functions + + - Moved IP/CIDR to string conversion functions into separate + header and export privately for the use in tests. + - Placed ip_in_cidr() into separate header for easy testing + - Add publicly available function to convert text CIDR to RFC5280 + format for the use in name constraints extension. + - certtool: Use GnuTLS exported CIDR functions instead of local ones. + - Export mask_to_prefix, mask_ip for internal GnuTLS use. + - Introduce new error value (malformed cidr) and add to description + functions in errors.c. + + Signed-off-by: Martin Ukrop + +Author: Martin Ukrop +Date: Thu Jun 23 12:33:15 2016 +0200 + + tests: Add corner case tests for name constraints, improve doc + + - Added corner case test suite for DNS name constraints. + - Documentation update in chain tests. + + Signed-off-by: Martin Ukrop + +Author: Martin Ukrop +Date: Fri Jul 8 11:59:47 2016 +0200 + + Add more ignored files + + * .tmp and .swp for text editor files + * Makefile.user created by Qt Creator + * gl/tests/ctype.h as it is generated from ctype.h.in + + Signed-off-by: Martin Ukrop + +Author: Stefan Sørensen +Date: Mon Aug 8 13:31:18 2016 +0200 + + Change ca3 and related certificate to include an intermediate CA in the chain. + + Also update a bunch of test-cases to support chains with an intermediate CA. + + Signed-off-by: Stefan Sørensen + +Author: Nikos Mavrogiannopoulos +Date: Tue Aug 9 10:14:08 2016 +0200 + + Revert "tests: check gnutls_certificate_get_x509_crt with more than one certificates" + + This reverts commit f7d884720b128ef86f6b9dc9fc498be89faf1732. + +Author: Nikos Mavrogiannopoulos +Date: Tue Aug 9 09:35:03 2016 +0200 + + tests: do not run srp test when no SRP support is compiled in + +Author: Nikos Mavrogiannopoulos +Date: Mon Aug 8 11:49:04 2016 +0200 + + tests: moved child status error checking code in utils.h + +Author: Nikos Mavrogiannopoulos +Date: Tue Aug 9 07:46:42 2016 +0200 + + latex: updated sources for new functions + +Author: Nikos Mavrogiannopoulos +Date: Tue Aug 9 07:28:27 2016 +0200 + + updated auto-generated files + +Author: Nikos Mavrogiannopoulos +Date: Tue Aug 9 07:23:36 2016 +0200 + + released 3.5.3 + +Author: Nikos Mavrogiannopoulos +Date: Mon Aug 8 16:30:10 2016 +0200 + + gnutls_transport_set_fastopen: added flags options + + This will allow minor modifications to the semantics of the function + in the future, without introducing a new API. + +Author: Nikos Mavrogiannopoulos +Date: Mon Aug 8 16:22:42 2016 +0200 + + doc update + +Author: Stefan Sørensen +Date: Mon Aug 8 13:31:15 2016 +0200 + + Fix gnutls_pkcs12_simple_parse to always extract the complete chain + + gnutls_pkcs12_simple_parse was only collecting extra certificates that was + possible elements of the certificate chain when the extra_certs argument was + not NULL. Fix by allways collecting all the certificates, any unneeded + certificates are released before returning if extra_certs is NULL anyway. + + Signed-off-by: Stefan Sørensen + +Author: Nikos Mavrogiannopoulos +Date: Mon Aug 8 16:08:29 2016 +0200 + + tests: check gnutls_certificate_get_x509_crt with more than one certificates + + This would detect the issue in the "Fix invalid pointer operation in gnutls_certificate_get_x509_crt" + +Author: Stefan Sørensen +Date: Mon Aug 8 13:31:17 2016 +0200 + + tests: Use common ca3 test certificates in x509cert, x509dn and x509self tests. + + Signed-off-by: Stefan Sørensen + +Author: Stefan Sørensen +Date: Mon Aug 8 13:31:16 2016 +0200 + + tests: Remove zero-termination of gnutls_datum encapsulated certificates + + This allows for memcmp comparison with certificates after processing. + + Signed-off-by: Stefan Sørensen + +Author: Stefan Sørensen +Date: Mon Aug 8 13:31:14 2016 +0200 + + Fix invalid pointer operation in gnutls_certificate_get_x509_crt + + The access to the allocated crt_list variable was missing a pointer + dereference, leading to memory corruption for any certificate list with more + than one element. + + Signed-off-by: Stefan Sørensen + +Author: Nikos Mavrogiannopoulos +Date: Sun Aug 7 12:56:21 2016 +0200 + + tests: added check for errors when importing illegal RSA keys + +Author: Nikos Mavrogiannopoulos +Date: Sun Aug 7 12:45:03 2016 +0200 + + x509: call the fixup functions after loading private keys + + That way we can better report errors which relate to illegal + parameters being detected. + +Author: Nikos Mavrogiannopoulos +Date: Sun Aug 7 12:06:39 2016 +0200 + + nettle: use rsa_*_key_prepare on key import + + Previously we calculated the size of the key directly, but + by using the rsa_*_key_prepare we benefit from any checks that + may be introduced in the future. Specifically any checks for invalid + public keys (e.g., keys that may crash the underlying gmp functions). + + This patch avoids calling rsa_private_key_prepare every time we construct + a nettle private key struct, because this function requires a bigint + multiplication. We call that function once on private key import. + +Author: Nikos Mavrogiannopoulos +Date: Sun Aug 7 11:53:19 2016 +0200 + + tests: added missing backslash in key-tests Makefile + +Author: Nikos Mavrogiannopoulos +Date: Mon Aug 8 08:25:31 2016 +0200 + + Revert "nettle: use rsa_*_key_prepare" + + This reverts commit c801a15bca9ea8f3f7abd4be48bebd36c54eeba2. + +Author: Nikos Mavrogiannopoulos +Date: Sun Aug 7 11:41:47 2016 +0200 + + gnutls.h: moved all compatibility defines outside the enum + +Author: Nikos Mavrogiannopoulos +Date: Sun Aug 7 11:31:36 2016 +0200 + + prepared for release 3.5.3 + +Author: Nikos Mavrogiannopoulos +Date: Fri Aug 5 15:55:47 2016 +0200 + + tests: use gnutls_record_set_timeout instead of kill child processes + + That way we avoid issues like #118 which are caused by killing the child + process, and we also avoid deadlocks by making sure that recv will terminate + after a long delay. + +Author: Nikos Mavrogiannopoulos +Date: Fri Aug 5 15:52:17 2016 +0200 + + tests: mini-record modify in a way to be more fail safe + + That is, do not kill the child, but instead switch the roles of + child and parent, and add a timeout on recv to avoid infinite delays. + + Relates: #118 + +Author: Nikos Mavrogiannopoulos +Date: Fri Aug 5 15:20:48 2016 +0200 + + pkcs11: is_object_pkcs11_url -> is_pkcs11_url_object + + Renamed function for clarity. + +Author: Nikos Mavrogiannopoulos +Date: Fri Aug 5 09:46:14 2016 +0200 + + tests: ignore sigpipe in mini-record + +Author: Nikos Mavrogiannopoulos +Date: Fri Aug 5 09:30:14 2016 +0200 + + gnutls_fips140_mode_enabled: changed return type to unsigned + +Author: Nikos Mavrogiannopoulos +Date: Thu Aug 4 13:58:54 2016 +0200 + + doc: updated contribution guide with more info on test suite [ci skip] + +Author: Nikos Mavrogiannopoulos +Date: Thu Aug 4 10:22:50 2016 +0200 + + gnutls_pkcs11_privkey_status: return type changed to unsigned + +Author: Nikos Mavrogiannopoulos +Date: Thu Aug 4 09:57:04 2016 +0200 + + doc: added section on SCTP protocol [ci skip] + +Author: Nikos Mavrogiannopoulos +Date: Tue Aug 2 13:46:05 2016 +0200 + + tests: client-fastopen: removed seccomp conditional + +Author: Nikos Mavrogiannopoulos +Date: Tue Aug 2 13:34:18 2016 +0200 + + fastopen: improved error checking at connect() + +Author: Nikos Mavrogiannopoulos +Date: Mon Aug 1 10:48:46 2016 +0200 + + nettle: use rsa_*_key_prepare + + Previously we calculated the size of the key directly, but + by using the rsa_*_key_prepare we benefit from any checks that + may be introduced in the future. Specifically any checks for invalid + public keys (e.g., keys that may crash the underlying gmp functions). + +Author: Nikos Mavrogiannopoulos +Date: Fri Jul 29 15:00:06 2016 +0200 + + gnutls_transport_set_fastopen: doc update + +Author: Nikos Mavrogiannopoulos +Date: Fri Jul 29 13:47:27 2016 +0200 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Fri Jul 29 12:19:25 2016 +0200 + + getrandom: use SYS_getrandom instead of __NR_getrandom + + These are identical definitions, but according to syscall() + SYS_getrandom is the expected value. + +Author: Martin Ukrop +Date: Wed Jul 27 15:41:08 2016 +0200 + + x059: Fix asymmetry in name constraints intersection + + - In _gnutls_name_constraints_intersect, if *_nc had a node of some type not present in _nc2, this was preserved. However, if it was vice versa (_nc2 having a type not present in *_nc), this node was discarded. + - This is now fixed. + - Removed redundant return value check that was accidentally left when refactoring from set_datum to explicit NULL setting. + + Signed-off-by: Martin Ukrop + +Author: Martin Ukrop +Date: Tue Jul 26 17:44:53 2016 +0200 + + tests: Add and improve chain tests + + - Add a new chaintest testing the symmetry of merging name constraints of different types. + - Rename old name_constraints_but_no_name test to match other name constraints tests. + - Improve chain description of older name constraints tests. + + Signed-off-by: Martin Ukrop + +Author: Nikos Mavrogiannopoulos +Date: Thu Jul 28 14:34:15 2016 +0200 + + doc update [ci skip] + +Author: Nikos Mavrogiannopoulos +Date: Thu Jul 28 13:41:11 2016 +0200 + + configure: do not generate makefiles in removed dirs + +Author: Nikos Mavrogiannopoulos +Date: Thu Jul 28 13:37:31 2016 +0200 + + tests: updated paths for new location of p12 files + +Author: Nikos Mavrogiannopoulos +Date: Thu Jul 28 13:34:34 2016 +0200 + + tests: safe renegotiation tests are run from top dir + +Author: Nikos Mavrogiannopoulos +Date: Thu Jul 28 13:30:18 2016 +0200 + + tests: srp tests moved outside subdir + +Author: Nikos Mavrogiannopoulos +Date: Thu Jul 28 13:24:55 2016 +0200 + + tests: moved sha2 tests into cert-tests/ + +Author: Nikos Mavrogiannopoulos +Date: Thu Jul 28 13:20:25 2016 +0200 + + tests: moved ecdsa tests to key-tests/ + +Author: Nikos Mavrogiannopoulos +Date: Thu Jul 28 13:13:39 2016 +0200 + + tests: moved dsa tests into key-tests/ + +Author: Nikos Mavrogiannopoulos +Date: Thu Jul 28 13:08:57 2016 +0200 + + tests: moved pkcs8 tests to key-tests/ + +Author: Nikos Mavrogiannopoulos +Date: Thu Jul 28 13:04:31 2016 +0200 + + tests: key-tests: moved data files into data/ subdir + +Author: Nikos Mavrogiannopoulos +Date: Thu Jul 28 12:59:33 2016 +0200 + + tests: moved pkcs12 tests into cert-certs/ subdir + +Author: Nikos Mavrogiannopoulos +Date: Thu Jul 28 11:23:43 2016 +0200 + + more files to ignore + +Author: Tim Rühsen +Date: Thu Jul 28 09:55:27 2016 +0200 + + Require compiler to support C99 + +Author: Nikos Mavrogiannopoulos +Date: Thu Jul 28 13:59:26 2016 +0200 + + doc update + +Author: Tim Kosse +Date: Sat Jul 9 13:03:55 2016 +0200 + + Add test for gnutls_x509_crt_list_import2 with flag GNUTLS_X509_CRT_LIST_FAIL_IF_UNSORTED. + +Author: Tim Kosse +Date: Sat Jul 9 12:24:33 2016 +0200 + + gnutls_x509_crl_list_import2 was ignoring the passed flags if all CTLs in the list fit within the initially allocated memory. + +Author: Nikos Mavrogiannopoulos +Date: Thu Jul 28 10:51:40 2016 +0200 + + gnutls_certificate_get_peers may return an unsorted list + +Author: Tim Kosse +Date: Sat Jul 9 11:53:52 2016 +0200 + + gnutls_x509_crt_list_import2 was ignoring the passed flags if all certificates in the list fit within the initially allocated memory. + +Author: Nikos Mavrogiannopoulos +Date: Thu Jul 28 10:37:00 2016 +0200 + + x509: parse_tlsfeatures: move limit check at the point of addition + + This prevents appending failures when verifying chains on certificates + which use the maximum allowed number of features. Suggested by Tim + Kosse. + +Author: Nikos Mavrogiannopoulos +Date: Thu Jul 28 10:33:06 2016 +0200 + + tests: removed irrelevant comment + +Author: Nikos Mavrogiannopoulos +Date: Thu Jul 28 10:31:25 2016 +0200 + + correct the sign type of integers in debug message + + Suggested by Tim Kosse + +Author: Nikos Mavrogiannopoulos +Date: Thu Jul 28 10:29:18 2016 +0200 + + verify_crt: simplified error setting + + based on suggestion by Tim Kosse. + +Author: Nikos Mavrogiannopoulos +Date: Thu Jul 28 10:12:46 2016 +0200 + + verify_crt: removed text on parameter no longer being present + +Author: Nikos Mavrogiannopoulos +Date: Wed Jul 27 23:36:20 2016 +0200 + + x509: avoid using int declaration within a for-loop + + This addresses compilation problem with old compilers, + and brings consistency as this type of declaration is not + used in gnutls' code. + +Author: Nikos Mavrogiannopoulos +Date: Wed Jul 27 23:32:28 2016 +0200 + + gnutls_global_init/deinit: don't use any locking during constructor + + This ensures that there is no deadlock on unexpected errors, such + as missing symbols (e.g., on lazy linking). Reported by Ludovic Courtès. + +Author: Nikos Mavrogiannopoulos +Date: Wed Jul 27 23:27:07 2016 +0200 + + rnd-linux: use better define check for linux systems + +Author: Nikos Mavrogiannopoulos +Date: Wed Jul 27 13:10:28 2016 +0200 + + gnutls_prf: document when its output matches gnutls_prf_rfc5705 + +Author: Nikos Mavrogiannopoulos +Date: Wed Jul 27 11:05:59 2016 +0200 + + doc: gnutls_session_set_id: added since + +Author: Nikos Mavrogiannopoulos +Date: Wed Jul 27 10:38:47 2016 +0200 + + .gitlab-ci.yml: keep the guile logs as artifacts on test suite failure + +Author: Nikos Mavrogiannopoulos +Date: Wed Jul 27 09:20:52 2016 +0200 + + doc update + +Author: David Walker +Date: Wed Jul 20 12:43:26 2016 +0100 + + Add extra dependency flags + + This fixes the build when the dependencies are split up during a cross-compile + + Resolves: #113 + +Author: Nikos Mavrogiannopoulos +Date: Tue Jul 26 15:14:33 2016 +0200 + + moved system-keys-win.c and system-key-dummy.c under system/ + +Author: Nikos Mavrogiannopoulos +Date: Mon Jul 25 15:47:19 2016 +0200 + + split system.c to various files under system/ + +Author: Nikos Mavrogiannopoulos +Date: Mon Jul 25 16:26:39 2016 +0200 + + gnutls.h: giovec_t is a typedef to iovec where that is available + +Author: Nikos Mavrogiannopoulos +Date: Tue Jul 26 13:37:43 2016 +0200 + + tests: added unit test for linux _rnd_get_system_entropy + + This tests whether the function can operate as expected while being + interrupted by signals. + +Author: Nikos Mavrogiannopoulos +Date: Tue Jul 26 12:03:54 2016 +0200 + + getrandom: loop around getrandom to get the requested number of bytes + + This simplifies and enhanced the previous error handling code. + +Author: Nikos Mavrogiannopoulos +Date: Tue Jul 26 11:45:30 2016 +0200 + + README.ci-runners: document asan and ubsan tags + +Author: Nikos Mavrogiannopoulos +Date: Tue Jul 26 15:17:35 2016 +0200 + + tests: removed pkcs1-padding from subdirs + +Author: Nikos Mavrogiannopoulos +Date: Tue Jul 26 15:10:49 2016 +0200 + + .gitignore: more tests files to ignore + +Author: Nikos Mavrogiannopoulos +Date: Tue Jul 26 14:59:34 2016 +0200 + + configure.ac: don't generate makefiles of moved tests + +Author: Nikos Mavrogiannopoulos +Date: Tue Jul 26 14:57:44 2016 +0200 + + tests: pkcs1-pad: moved to cert-tests + +Author: Nikos Mavrogiannopoulos +Date: Tue Jul 26 14:55:25 2016 +0200 + + tests: userid test moved to cert-tests/ + +Author: Nikos Mavrogiannopoulos +Date: Tue Jul 26 14:51:59 2016 +0200 + + tests: rsa-md5-collision: run from top-level + +Author: Nikos Mavrogiannopoulos +Date: Tue Jul 26 14:29:45 2016 +0200 + + doc: updated documentation for gnutls_transport_set_int* + +Author: Nikos Mavrogiannopoulos +Date: Tue Jul 26 13:59:04 2016 +0200 + + doc: added section on reducing round-trips + + That discusses TCP fast open with gnutls_transport_set_fastopen(), and false start. + +Author: Nikos Mavrogiannopoulos +Date: Tue Jul 26 11:38:32 2016 +0200 + + tests: added test of gnutls_transport_set_fastopen + +Author: Tim Ruehsen +Date: Mon Jul 25 13:05:30 2016 +0200 + + tests: added test of TCP fast open using gnutls-cli and gnutls-serv + +Author: Tim Ruehsen +Date: Mon Jul 25 13:08:28 2016 +0200 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Tue Jul 26 10:33:24 2016 +0200 + + tools: TLS handling has been incorporated into socket_open() + + This is of particular usage to the server IP address loop, since + we can detect fast open errors and retry handshake to the next IP + address. + +Author: Tim Ruehsen +Date: Mon Jul 25 13:04:11 2016 +0200 + + gnutls-cli: added example usage of TCP fastopen + + It is enabled with the new --fastopen option. + +Author: Tim Ruehsen +Date: Mon Jul 25 13:00:12 2016 +0200 + + Support TCP Fast Open + + This introduces a new function gnutls_transport_set_fastopen(). + + Signed-off-by: Nikos Mavrogiannopoulos + Signed-off-by: Tim Ruehsen + +Author: Nikos Mavrogiannopoulos +Date: Tue Jul 26 11:09:56 2016 +0200 + + .gitlab-ci.yml: added asan tag for builds which require asan + +Author: Nikos Mavrogiannopoulos +Date: Tue Jul 26 11:08:12 2016 +0200 + + tests: pkcs11-privkey-fork: added explicit pkcs11 deinitialization + + Also ignore known leaks for p11-kit. + +Author: Nikos Mavrogiannopoulos +Date: Mon Jul 25 11:43:08 2016 +0200 + + mention ubsan in README [ci skip] + +Author: Nikos Mavrogiannopoulos +Date: Thu Jul 21 20:14:39 2016 +0200 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Fri Jul 22 14:11:25 2016 +0200 + + tests: added checks for OCSP response file support + + That is, check the usability of the APIs for setting and using + an ocsp response. This improves and makes more generic the + test suite API and test_cli_serv() in particular. + +Author: Nikos Mavrogiannopoulos +Date: Fri Jul 22 15:36:55 2016 +0200 + + dtls: added a null pointer check in record_overhead + + According to my reading this check is unnecessary as in + no case a null pointer can be encountered. However gcc6 + warns about a null pointer derefence and thus adding it, + to be safe. + +Author: Nikos Mavrogiannopoulos +Date: Fri Jul 22 14:43:49 2016 +0200 + + gnutls_x509_crt_check_hostname*: use unsigned a return value + + This is to prevent issues to callers who may check for negative + error values. + +Author: Nikos Mavrogiannopoulos +Date: Fri Jul 22 11:17:08 2016 +0200 + + doc update [ci skip] + +Author: Nikos Mavrogiannopoulos +Date: Fri Jul 22 11:08:32 2016 +0200 + + introduced: GNUTLS_E_UNAVAILABLE_DURING_HANDSHAKE + + This error code is returned when the session resumption parameters + are requested during a handshake. That is, to increase the clarity + when requesting these parameters while false start is active and + the handshake is not complete even if gnutls_handshake() has returned. + + Relates #114 + +Author: Nikos Mavrogiannopoulos +Date: Thu Jul 21 18:58:24 2016 +0200 + + tests: added check of the return values of resumption data functions during false start + + Relates #114 + +Author: Nikos Mavrogiannopoulos +Date: Fri Jul 22 10:57:37 2016 +0200 + + doc: mention that the session data functions will fail prior to handshake completion + +Author: Martin Ukrop +Date: Wed Jul 20 14:52:00 2016 +0200 + + x509: Fix DNS name constraints checking + + - If the intersection of name constraints of the given type was empty, the results allowed all names instead of none. + - Fixed by adding an universal excluded name constraint in case the intersection for the particular type is empty. + - Moved the logic of creating a name constraint node copy from _gnutls_name_constraints_intersect to name_constraints_intersect_nodes (previously name_constraints_match), as intersecting IP addresses will require further processing (not just taking one of the compared nodes as was the implementation till now). + - GNUTLS_SAN_MAX added in order to comfortably iterate over SAN type enum. + +Author: Martin Ukrop +Date: Wed Jul 20 14:29:40 2016 +0200 + + tests: Add DNS name constraints tests + + - One chaintest with empty permitted intersection. + - Merge testset with 2 permitted constraints with empty intersection (intersected list is completely empty). + - Merge testset with 3 permitted constraints, 2 of which have empty intersection. + - Merge testset with 2 permitted constraints with empty intersection and one constraints of different type that remains (intersected list is not empty). + - Enhance failing function with suite number for easier comprehension. + +Author: Martin Ukrop +Date: Wed Jul 20 14:28:20 2016 +0200 + + tests: Tidy up old X509 name constraints tests + + - Use convenience functions for error checking and failure reporting. + - Drop explicit (de)initialization (prevents some not reed reachable memory due to PKCS11 subsystem not being deinitialized in the destructor). + - Use variables to count set permitted/excluded constraints instead of hard-coded numbers. + +Author: Nikos Mavrogiannopoulos +Date: Thu Jul 21 16:07:56 2016 +0200 + + doc: clarify return codes in verification functions [ci skip] + +Author: Nikos Mavrogiannopoulos +Date: Thu Jul 21 16:02:42 2016 +0200 + + gnutls_certificate_verify_peers2: document that hostname comparison follows RFC6125 + +Author: Nikos Mavrogiannopoulos +Date: Thu Jul 21 11:53:46 2016 +0200 + + rnd-getentropy: better handling of error printing with errno + +Author: Nikos Mavrogiannopoulos +Date: Thu Jul 21 11:51:05 2016 +0200 + + rnd-linux: make getrandom back-end robust against EINTR failures + +Author: Nikos Mavrogiannopoulos +Date: Wed Jul 20 13:36:38 2016 +0200 + + gnutls_init: doc update + +Author: Nikos Mavrogiannopoulos +Date: Wed Jul 20 13:31:18 2016 +0200 + + tests: verify that GNUTLS_NONBLOCK is available as a definition + +Author: Nikos Mavrogiannopoulos +Date: Wed Jul 20 13:23:16 2016 +0200 + + gnutls.h: define elements of gnutls_init_flags_t + + That is, define all the elements that were available prior + the move from #define to enum, to allow code relying on + +Author: Nikos Mavrogiannopoulos +Date: Wed Jul 20 13:07:44 2016 +0200 + + gnutls.h: documented the version various gnutls_init flags were introduced + +Author: Nikos Mavrogiannopoulos +Date: Wed Jul 20 11:27:35 2016 +0200 + + Moved the gnutls_x509_dn API functions to x509_dn.c + +Author: Nikos Mavrogiannopoulos +Date: Tue Jul 19 15:12:13 2016 +0200 + + tests: enhanced DN decoding tests with complex encoding + +Author: Nikos Mavrogiannopoulos +Date: Tue Jul 19 14:43:52 2016 +0200 + + RFC4514 DN decoding: allow decoding of raw ('#') items + + In addition allow escaping prefix or suffix spaces as well as + the hash. + +Author: Nikos Mavrogiannopoulos +Date: Tue Jul 19 14:21:16 2016 +0200 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Tue Jul 19 14:10:08 2016 +0200 + + tests: enhanced DN decoding tests with encoding + + This adds unit tests for gnutls_x509_dn_set_str(). + +Author: Nikos Mavrogiannopoulos +Date: Tue Jul 19 14:09:06 2016 +0200 + + Added gnutls_x509_dn_set_str() + + This allows initializing a gnutls_x509_dn_t structure via a DN string. + +Author: Nikos Mavrogiannopoulos +Date: Tue Jul 19 13:45:08 2016 +0200 + + tests: utils: use vasprintf() where available + + This allows printing long strings. + +Author: Nikos Mavrogiannopoulos +Date: Tue Jul 19 13:35:13 2016 +0200 + + tests: added checks for the RFC4514 decoding via gnutls_x509_dn_get_str() + +Author: Tim Rühsen +Date: Tue Jul 19 12:08:23 2016 +0200 + + Remove redundant if expression from tests/mini-loss-time.c + +Author: Tim Rühsen +Date: Tue Jul 19 11:08:10 2016 +0200 + + Fix tests/slow/cipher-openssl-compat.c for OpenSSL 1.1.0 + +Author: Nikos Mavrogiannopoulos +Date: Mon Jul 18 18:02:25 2016 +0200 + + cfg.mk: no longer save config.rpath + +Author: Nikos Mavrogiannopoulos +Date: Mon Jul 18 16:36:27 2016 +0200 + + removed auto-generated files from the repository + +Author: Nikos Mavrogiannopoulos +Date: Sun Jul 17 09:37:22 2016 +0200 + + tests: removed an skipped failures due to bugs in softhsm 2.0.0 + + These are no longer an issue as the CI has been updated to softhsm + 2.1.0, which addresses them, and they prevented catching the + GNUTLS-SA-2016-2 regression. + +Author: Nikos Mavrogiannopoulos +Date: Sat Jul 16 18:12:27 2016 +0200 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Sat Jul 16 17:19:02 2016 +0200 + + Dropped support for EGD random generator + + This removes rarely tested code for systems which no longer exist + and simplifies code for Linux random generator. + + Resolves #112 + +Author: Nikos Mavrogiannopoulos +Date: Fri Jul 15 21:55:04 2016 +0200 + + configure: prevent a version of getentropy() in a linux libc to be used + + For now, we auto-detect and switch between getrandom() and /dev/urandom + when the former is not available. With the complexity of dealing with + libc's that have the feature but kernel not supporting it, or vice versa + it is best keep things simple. + +Author: Nikos Mavrogiannopoulos +Date: Fri Jul 15 21:38:02 2016 +0200 + + rnd-linux: added sanity check in getrandom output + +Author: Nikos Mavrogiannopoulos +Date: Fri Jul 15 18:57:01 2016 +0200 + + nettle: split the rnd-common to rnd-windows, rnd-getentropy, and rnd-linux + + That is, to the windows random generator as well as the getentropy() + generator in BSDs, as well as the getrandom(), /dev/urandom, + and EGD generators on Linux systems. + +Author: Nikos Mavrogiannopoulos +Date: Fri Jul 15 18:51:14 2016 +0200 + + rnd-common: added faster detection of getrandom based on GRND_NONBLOCK + +Author: Nikos Mavrogiannopoulos +Date: Fri Jul 15 15:31:16 2016 +0200 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Fri Jul 15 14:58:07 2016 +0200 + + urandom: use st_ino and st_rdev to determine device uniqueness + +Author: Nikos Mavrogiannopoulos +Date: Fri Jul 15 14:34:38 2016 +0200 + + Added auto-detection of getrandom() system call in Linux systems + + In addition use getrandom() via the syscall interface if it doesn't + exist in Libc. The reason for the latter is that getrandom() support + for glibc is in limbo for several years, and for auto-detection is that + even if it is going to be present in libc we will not be able to guarrantee + that the system call is available just because it is present in glibc. + For that we detect on initialization whether getrandom() can obtain + random data, and if yes, we continue using that. + +Author: Nikos Mavrogiannopoulos +Date: Fri Jul 15 13:58:16 2016 +0200 + + tests: seccomp examples: use cert-common.h + +Author: Nikos Mavrogiannopoulos +Date: Thu Jul 14 10:00:19 2016 +0200 + + tests: enhanced arbitrary extension tests with octet_string encoding + +Author: Nikos Mavrogiannopoulos +Date: Thu Jul 14 09:43:28 2016 +0200 + + certtool: added the ability to encode arbitrary extensions + + That is, added the ability to encode as an octet string any + specified extension data. + +Author: Nikos Mavrogiannopoulos +Date: Thu Jul 14 09:21:16 2016 +0200 + + .gitlab-ci.yml: added expiration time of a week for failure artifacts + +Author: Nikos Mavrogiannopoulos +Date: Mon Jul 11 16:36:39 2016 +0200 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Mon Jul 11 16:31:47 2016 +0200 + + tests: added basic testing of gnutls_x509_crq_set_extension_by_oid() + +Author: Nikos Mavrogiannopoulos +Date: Mon Jul 11 16:13:12 2016 +0200 + + tests: added checks on certificate and request generation with arbitrary extensions + + This tests the add_extension and add_critical_extension options of certtool. + +Author: Nikos Mavrogiannopoulos +Date: Mon Jul 11 11:43:10 2016 +0200 + + certtool: added options to set arbitrary extensions to certificates and requests + + This allows setting arbitrary extensions using the following new template options: + add_extension = "5.6.7.8 0x0001020304050607AAABCD" + add_critical_extension = "9.10.11.12.13.14.15.16.17.1.5 0xCAFE" + + The "0x" prefix can be omitted. + +Author: Nikos Mavrogiannopoulos +Date: Mon Jul 11 11:41:14 2016 +0200 + + added gnutls_x509_crq_set_extension_by_oid() + + This is a function to add an arbitrary extension into a + certificate request. + +Author: Nikos Mavrogiannopoulos +Date: Wed Jul 13 13:20:10 2016 +0200 + + doc: mention the need of libtasn1-tools in Fedora based systems [ci skip] + +Author: Nikos Mavrogiannopoulos +Date: Wed Jul 13 12:11:57 2016 +0200 + + doc update [ci skip] + +Author: Nikos Mavrogiannopoulos +Date: Mon Jul 11 10:54:09 2016 +0200 + + doc: mention libcmocka dependency + +Author: Nikos Mavrogiannopoulos +Date: Sat Jul 9 14:52:42 2016 +0200 + + tests: added unit testing for DTLS sliding window implementation + + This was taken from the unit testing of AF_KTLS. + +Author: Nikos Mavrogiannopoulos +Date: Fri Jun 10 23:14:03 2016 +0200 + + dtls: imported Fridolin's DTLS sliding window implementation + + This simplifies the current code, and reduces the memory needed. + +Author: Nikos Mavrogiannopoulos +Date: Fri Jun 10 22:42:21 2016 +0200 + + dtls: moved DTLS window handling to separate file + +Author: Nikos Mavrogiannopoulos +Date: Tue Jul 12 18:37:53 2016 +0200 + + ex-client-x509: removed unused call to gnutls_session_set_ptr() + +Author: Nikos Mavrogiannopoulos +Date: Tue Jul 12 14:48:14 2016 +0200 + + libtasn1: updated to allow large OIDs to be used even on 32-bit systems + +Author: Nikos Mavrogiannopoulos +Date: Mon Jul 11 17:44:28 2016 +0200 + + doc: updated contribution guide + +Author: Nikos Mavrogiannopoulos +Date: Mon Jul 11 17:43:04 2016 +0200 + + doc: updated contribution guide + +Author: Nikos Mavrogiannopoulos +Date: Mon Jul 11 17:19:16 2016 +0200 + + tests: link the resume tests to gnulib due to their missing memmem() + + This fixes compilation of gnutls in solaris. Reported by Dagobert Michelsen. + +Author: Nikos Mavrogiannopoulos +Date: Fri Jul 8 14:26:38 2016 +0200 + + NEWS: corrected release date [ci skip] + +Author: Nikos Mavrogiannopoulos +Date: Thu Jul 7 22:55:48 2016 +0200 + + .gitlab-ci.yml: keep the artifacts on failure + +Author: Nikos Mavrogiannopoulos +Date: Thu Jul 7 21:00:56 2016 +0200 + + write_nss_key_log: write the premaster secret while it is still valid + +Author: Nikos Mavrogiannopoulos +Date: Thu Jul 7 20:55:03 2016 +0200 + + updated libtasn1 + +Author: Nikos Mavrogiannopoulos +Date: Wed Jul 6 08:43:58 2016 +0200 + + released 3.5.2 + +Author: Nikos Mavrogiannopoulos +Date: Tue Jul 5 18:40:32 2016 +0200 + + cfg.mk: reduced the generated changelog size + +Author: Nikos Mavrogiannopoulos +Date: Tue Jul 5 18:37:15 2016 +0200 + + bumped version + +Author: Nikos Mavrogiannopoulos +Date: Tue Jul 5 12:03:51 2016 +0200 + + tests: ignore any memory leaks from libcrypto + +Author: Nikos Mavrogiannopoulos +Date: Tue Jul 5 11:33:54 2016 +0200 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Fri Jul 1 13:51:18 2016 +0200 + + asm: updated openssl and the asm sources for AES-GCM from openssl 1.0.2h + + This improves the performance of AES-GCM significantly by taking + advantage of AVX and MOVBE instructions where available. This + utilizes Andy Polyakov's code under BSD license. + +Author: Nikos Mavrogiannopoulos +Date: Tue Jul 5 11:44:59 2016 +0200 + + tests: when testing with openssl disallow any CPU optimizations + + This ensures that we test our optimized code (which is mostly + openssl based), with code that is not identical. + +Author: Nikos Mavrogiannopoulos +Date: Fri Jul 1 14:29:40 2016 +0200 + + tests: added openssl compatibility tests for AES-GCM cipher + +Author: Nikos Mavrogiannopoulos +Date: Tue Jul 5 11:41:20 2016 +0200 + + dane: corrected the license of libdane files + + The license was always LGPL version 2.1, and these + files mentioned LGPL version 3. Reported by Thomas + Petazzoni. + +Author: Nikos Mavrogiannopoulos +Date: Mon Jul 4 17:29:30 2016 +0200 + + tests: ignore leaks due to p11-kit in test suite + + This addresses issue in "pkcs11-privkey-fork" which failed + when compiled under asan due to leaks in p11-kit after fork. + +Author: Nikos Mavrogiannopoulos +Date: Mon Jul 4 15:28:27 2016 +0200 + + tests: added check to ensure that pkcs11 objects will be reopened on fork + + This checks whether C_Initialize() and C_OpenSession() will be called + again when using a PKCS#11 module. + + Resolves #95 + +Author: Nikos Mavrogiannopoulos +Date: Mon Jul 4 15:19:32 2016 +0200 + + pkcs11: on object import always check for a support public key algorithm + +Author: Nikos Mavrogiannopoulos +Date: Fri Jul 1 15:29:58 2016 +0200 + + gnutls_aead_cipher_decrypt: corrected the return value of ptext_len + + That is, do not account the tag_size into the plaintext. + +Author: Nikos Mavrogiannopoulos +Date: Thu Jun 30 15:29:44 2016 +0200 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Thu Jun 30 15:22:22 2016 +0200 + + configure: check for libdl irrespective of FIPS140 configuration + + This allows to link to libdl for the tests that require it. + +Author: Nikos Mavrogiannopoulos +Date: Thu Jun 30 13:44:57 2016 +0200 + + tests: account pkcs11/pkcs11-mock-ext.h in Makefile + +Author: Nikos Mavrogiannopoulos +Date: Thu Jun 30 13:41:51 2016 +0200 + + tests: link pkcs11-import-url-privkey with libdl + + That is because it uses dlopen(). + +Author: Nikos Mavrogiannopoulos +Date: Thu Jun 30 10:47:02 2016 +0200 + + more files to ignore + +Author: Nikos Mavrogiannopoulos +Date: Thu Jun 30 09:34:33 2016 +0200 + + tests: avoid compiler warning from pkcs11-pubkey-import + +Author: Nikos Mavrogiannopoulos +Date: Thu Jun 30 09:30:47 2016 +0200 + + tests: added check to verify the tolerance of broken C_GetAttributes + + That is, test gnutls_pkcs11_obj_list_import_url4() when importing + private keys from tokens that return CKR_OK on sensitive objects, + and tokens that return CKR_ATTRIBUTE_SENSTIVE. + + Relates #108 + +Author: Nikos Mavrogiannopoulos +Date: Thu Jun 30 09:11:40 2016 +0200 + + pkcs11_get_attribute_avalue: correctly handle a -1 value length from C_GetAttributeValue + + That is, work-around modules which do not return an error on sensitive + objects. + + Relates #108 + +Author: Nikos Mavrogiannopoulos +Date: Wed Jun 29 18:52:22 2016 +0200 + + pkcs11_get_attribute_avalue: do not assign values on failure + + When C_GetAttributeValue() returns size but does not return data + then pkcs11_get_attribute_avalue() would set the return data pointer + to a free'd value. This is against the convention expected by callers, + i.e, set data to NULL. Reported by Anthony Alba in #108. + +Author: Nikos Mavrogiannopoulos +Date: Wed Jun 29 17:25:06 2016 +0200 + + tests: use datefudge in name-constraints test + + This avoids the expiration of the used certificate to affect the test. + +Author: Nikos Mavrogiannopoulos +Date: Tue Jun 28 09:17:13 2016 +0200 + + tests: link libpkcs11mock1 with gnulib + + This allows it to use gnulib for strndup where it is needed. + +Author: Nikos Mavrogiannopoulos +Date: Tue Jun 28 09:15:55 2016 +0200 + + p11tool: do not return from void functions + + This fixes a compilation issue with solaris compiler. Reported + by Peter Eriksson. + +Author: Nikos Mavrogiannopoulos +Date: Fri Jun 24 11:01:35 2016 +0200 + + doc: mention the boolean functions in the gnutls API + +Author: Nikos Mavrogiannopoulos +Date: Fri Jun 24 10:55:37 2016 +0200 + + tests: removed remainders of pkcs11 tests from suite/ + +Author: Nikos Mavrogiannopoulos +Date: Fri Jun 24 08:37:03 2016 +0200 + + gnutls_pkcs11_crt_is_known: changed to unsigned type + +Author: Nikos Mavrogiannopoulos +Date: Thu Jun 23 23:24:19 2016 +0200 + + tests: pkcs11-is-known: check that no flags enforce compare + +Author: Nikos Mavrogiannopoulos +Date: Thu Jun 23 23:13:50 2016 +0200 + + gnutls_pkcs11_crt_is_known: always assume GNUTLS_PKCS11_OBJ_FLAG_COMPARE unless GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_DISTRUSTED is given + +Author: Nikos Mavrogiannopoulos +Date: Thu Jun 23 23:06:29 2016 +0200 + + tests: moved pkcs11-softhsm test suite into pkcs11/ + +Author: Nikos Mavrogiannopoulos +Date: Thu Jun 23 22:40:26 2016 +0200 + + find_cert_cb: minor cleanups in find_cert_cb + +Author: Nikos Mavrogiannopoulos +Date: Thu Jun 23 22:25:06 2016 +0200 + + tests: added more unit tests for gnutls_pkcs11_crt_is_known() + +Author: Nikos Mavrogiannopoulos +Date: Wed Jun 22 18:04:45 2016 +0200 + + dn2: updated to account for serial number being printed + +Author: Nikos Mavrogiannopoulos +Date: Wed Jun 22 18:01:15 2016 +0200 + + tests: corrected create-chain.sh to remove the ocsp_signing_key from generated certs + +Author: Nikos Mavrogiannopoulos +Date: Wed Jun 22 18:00:03 2016 +0200 + + tests: replaced tls feature extension checks + + The previous checks had incorrect key purpose check on the final + (root) certificate. + +Author: Nikos Mavrogiannopoulos +Date: Wed Jun 22 17:31:30 2016 +0200 + + enhanced debugging messages for cert verification + +Author: Nikos Mavrogiannopoulos +Date: Wed Jun 22 17:09:54 2016 +0200 + + x509: print serial number in compact output + +Author: Nikos Mavrogiannopoulos +Date: Wed Jun 22 16:49:42 2016 +0200 + + tests: include softhsm.h into dist files + +Author: Nikos Mavrogiannopoulos +Date: Wed Jun 22 15:27:05 2016 +0200 + + pkcs11: correctly encode the serial number when searching for certificate + + In gnutls_pkcs11_crt_is_known() corrected the encoding of the + serial number to TLV DER from LV DER. This is the encoding we + use when storing that number. + +Author: Nikos Mavrogiannopoulos +Date: Wed Jun 22 15:50:51 2016 +0200 + + pkcs11: correctly account check_found_cert() + +Author: Nikos Mavrogiannopoulos +Date: Wed Jun 22 13:50:48 2016 +0200 + + gnutls-cli-debug: replaced draft-ietf-tls-chacha20-poly1305-04 with RFC7905 + +Author: Nikos Mavrogiannopoulos +Date: Mon Jun 20 12:07:03 2016 +0200 + + gnutls-cli: benchmark the memcpy performance to compare with ciphers + + Also ensure that we use different memory areas for each operation + to avoid measuring better performance due to caching. + +Author: Nikos Mavrogiannopoulos +Date: Thu Jun 16 11:53:55 2016 +0200 + + doc update [ci skip] + +Author: Nikos Mavrogiannopoulos +Date: Sun Jun 19 15:48:21 2016 +0200 + + doc: corrected typo + +Author: Nikos Mavrogiannopoulos +Date: Sun Jun 19 13:06:15 2016 +0200 + + Sync with TP. + +Author: Andreas Metzler +Date: Sat Jun 18 18:36:13 2016 +0200 + + Typo fixes (found by lintian): extention, reencode + +Author: Nikos Mavrogiannopoulos +Date: Thu Jun 16 11:51:42 2016 +0200 + + tests: added check for handshake packet reconstruction + + This tests whether a split handshake packet is properly reconstructed + if the parts are switched. + +Author: Nikos Mavrogiannopoulos +Date: Thu Jun 16 11:37:30 2016 +0200 + + dtls: corrected reconstruction of handshake packets received out of order + + That is, when the handshake packet is split into multiple different + chunks and received out of order, make sure that reconstruction occurs + properly. Reported by Guillaume Roguez. + +Author: Nikos Mavrogiannopoulos +Date: Thu Jun 16 10:08:34 2016 +0200 + + Corrected the writing of serial number in PKCS#11 modules + + That is previously the serial number was written in raw format, but + in PKCS#11 the serial number must be set encoded as integer. Report + and fix by Stanislav Zidek. + +Author: Nikos Mavrogiannopoulos +Date: Wed Jun 15 13:50:54 2016 +0200 + + ext: ecc: replaced SUPPORTED ECC POINT FORMATS with better formatted name + +Author: Nikos Mavrogiannopoulos +Date: Wed Jun 15 09:21:10 2016 +0200 + + tests: disable SRP-base64 encode/decoded tests when SRP is disabled + +Author: Nikos Mavrogiannopoulos +Date: Tue Jun 14 19:46:55 2016 +0200 + + .gitlab-ci.yml: restrict windows build checks to tests/ subdir [ci skip] + + That is because there is an issue with the gnulib self tests when + run under windows. + +Author: Nikos Mavrogiannopoulos +Date: Tue Jun 14 16:43:50 2016 +0200 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Tue Jun 14 16:35:55 2016 +0200 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Tue Jun 14 16:32:21 2016 +0200 + + released 3.5.1 + +Author: Nikos Mavrogiannopoulos +Date: Tue Jun 14 16:31:35 2016 +0200 + + tests: added missing files + +Author: Nikos Mavrogiannopoulos +Date: Tue Jun 14 15:24:48 2016 +0200 + + updated auto-generated files + +Author: Nikos Mavrogiannopoulos +Date: Tue Jun 14 15:23:04 2016 +0200 + + tests: fixed the path of cert-tests files and added missing files in Makefile.am + +Author: Nikos Mavrogiannopoulos +Date: Tue Jun 14 15:17:33 2016 +0200 + + more files to ignore + +Author: Nikos Mavrogiannopoulos +Date: Wed Jun 1 10:21:54 2016 +0200 + + tests: verify the resilience of the TLSFeature handling functions on large number of features + +Author: Nikos Mavrogiannopoulos +Date: Wed Jun 1 10:02:56 2016 +0200 + + tlsfeature: impose a maximum number of supported TLS features + + This avoids many allocations and simplifies handling of the features. + The currently set maximum number of TLS features aligns with the + maximum number of supported TLS extensions. + +Author: Nikos Mavrogiannopoulos +Date: Wed Jun 1 09:51:01 2016 +0200 + + tests: added unit test for gnutls_x509_tlsfeatures_check_crt + +Author: Nikos Mavrogiannopoulos +Date: Tue May 31 16:07:44 2016 +0200 + + During PKIX chain verification check the TLSFeatures compliance + + This verifies whether a chain complies with RFC7366 p.4.2.2 requirements. + That is whether the issuer's features are a superset of the certificate + under verification. + + This enhances gnutls_x509_crt_get_tlsfeatures() to allow appending + of TLSFeatures, and introduces gnutls_x509_tlsfeatures_check_crt(). + +Author: Nikos Mavrogiannopoulos +Date: Tue May 31 15:10:27 2016 +0200 + + verify_crt: moved all verification state into a common structure + + This allows for easier extension of state. + +Author: Nikos Mavrogiannopoulos +Date: Tue May 31 09:28:28 2016 +0200 + + tests: added chain verification with TLS features + + That adds checks for the RFC7633 requirements for intermediate + and CA certificates (p. 4.2.2). + +Author: Nikos Mavrogiannopoulos +Date: Tue Jun 14 14:37:49 2016 +0200 + + bumped version + +Author: Nikos Mavrogiannopoulos +Date: Tue Jun 14 14:37:12 2016 +0200 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Tue Jun 14 14:01:56 2016 +0200 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Tue Jun 14 13:49:28 2016 +0200 + + tests: verify the operation of honor_crq_ext template option + +Author: Nikos Mavrogiannopoulos +Date: Tue Jun 14 13:41:24 2016 +0200 + + tests: common.sh will export the required TZ for datefudge tests + +Author: Nikos Mavrogiannopoulos +Date: Tue Jun 14 13:24:03 2016 +0200 + + tools: avoid using deprecated types + +Author: Nikos Mavrogiannopoulos +Date: Tue Jun 14 13:23:03 2016 +0200 + + certtool: allow copying specific certificate request extensions to certificate + + This introduces the honor_crq_extension multi-line template option. + +Author: Nikos Mavrogiannopoulos +Date: Tue Jun 14 13:13:32 2016 +0200 + + tests: added check on gnutls_x509_crt_set_crq_extension_by_oid() + +Author: Nikos Mavrogiannopoulos +Date: Tue Jun 14 11:19:50 2016 +0200 + + Added gnutls_x509_crt_set_crq_extension_by_oid() + + This allows copying specific OIDs from a certificate + request to the certificate. + +Author: Nikos Mavrogiannopoulos +Date: Tue Jun 14 09:59:20 2016 +0200 + + tests: moved check for datefudge in scripts/common.sh + +Author: Nikos Mavrogiannopoulos +Date: Tue Jun 14 09:55:04 2016 +0200 + + tests: cert-tests: moved all data files in separate subdir + +Author: Nikos Mavrogiannopoulos +Date: Tue Jun 14 09:36:29 2016 +0200 + + tests: cert-tests: moved templates into subdir + +Author: Daniel P. Berrange +Date: Fri Jun 10 13:41:22 2016 +0100 + + tests: test trailing comma in system priorities + + Add tests which verify behaviour when the list of system + priorities has a trailing ','. Avoid crash in test suite + if the test unexpectedly succeeds when expected_str is + NULL. + + Signed-off-by: Daniel P. Berrange + +Author: Nikos Mavrogiannopoulos +Date: Fri Jun 10 13:56:23 2016 +0200 + + tests: added check of DTLS rehandshake for upgrade + + That is check whether anon -> cert renegotiation works. + +Author: Nikos Mavrogiannopoulos +Date: Fri Jun 10 13:43:36 2016 +0200 + + tests: added check of DTLS rehandshake when using PKIX certs + + This complements the existing DTLS rehandshake test using anonymous + ciphersuites. + +Author: Nikos Mavrogiannopoulos +Date: Thu Jun 9 18:55:02 2016 +0200 + + tests: document some details in system-prio-file [ci skip] + +Author: Nikos Mavrogiannopoulos +Date: Thu Jun 9 17:40:49 2016 +0200 + + doc: mention the usage of the _gnutls_resolve_priorities function in testsuite + +Author: Nikos Mavrogiannopoulos +Date: Thu Jun 9 17:38:29 2016 +0200 + + doc: mention the fallback keyword support in manual + +Author: Nikos Mavrogiannopoulos +Date: Thu Jun 9 17:36:12 2016 +0200 + + tests: added checks for system priority file fallback mechanism + +Author: Daniel P. Berrange +Date: Fri Jun 3 16:57:02 2016 +0100 + + gnutls_priority_init: multiple @KEYWORD lookups with fallback + + The support for using "@KEYWORD" as a priority string is very + useful to separate selection of priorities from application + specific code or config files. It is, however, not general + enough to fully serve all reasonable use cases. + + For example, consider an application sets + + gnutls_priority_set_direct(session, "@SYSTEM", NULL); + + The system administrator can modify the global priorities + file to change what "@SYSTEM" resolves to for all apps using + GNUTLS. As soon as one application wishes to have a slightly + different configuration from others on the host, you have to + go back and start modifying application specific configuration + files once more. This is bad for the system administrator as + it means there's no longer one single place where they can + see the priority configuration for all apps. + + They may try to get around this problem by configuring the + app to use a different keyword, instead of a full priority + string, eg "@LIBVIRT". So the global priorities file can + now define entries for both "SYSTEM" and "LIBVIRT". This + has still placed a burden on the administrator change the + config in two places - both libvirt config files and the + global priorities file. + + What is more desirable is if applications were able to provide + a list of keywords that would be tried in order, picking the + first that existed. For example, libvirt could be written to + request the following by default + + gnutls_priority_set_direct(session, "@LIBVIRT,SYSTEM", NULL); + + With this, gnutls would first try to find the "LIBVIRT" keyword + in the global configuration file, and if that is not present, + then it would fallback to trying to find the "SYSTEM" keyword. + + This provides nice "out of the box" behaviour for system + administrators, whereby the app would be using "SYSTEM" initially + and if the admin wishes to give the app a custom configuration, + they can simply modify the global priorities file to add in the + application specific keyword "LIBVIRT". There is never a need + for the sysadmin to modify any application specific configuration + files any more. It is exclusively controlled in one place via the + global priorities file. + + Signed-off-by: Daniel P. Berrange + +Author: Nikos Mavrogiannopoulos +Date: Thu Jun 9 17:20:22 2016 +0200 + + tests: enhanced system priority file testing + + This checks whether appending to system priority options work. + +Author: Nikos Mavrogiannopoulos +Date: Thu Jun 9 17:21:57 2016 +0200 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Thu Jun 9 17:01:06 2016 +0200 + + doc: remove all references to openpgp auth example + +Author: Nikos Mavrogiannopoulos +Date: Thu Jun 9 16:48:14 2016 +0200 + + doc update + +Author: Daniel P. Berrange +Date: Fri Jun 3 14:59:11 2016 +0100 + + _gnutls_resolve_priorities: always try to re-read sys priority file + + Previously if the system priority file was edited, that would + take effect on the very next TLS session an application created. + + As of: + + commit 006b89d4464ae1bb6d545ea5716998654124df45 + Author: Nikos Mavrogiannopoulos + Date: Fri Apr 1 10:46:12 2016 +0200 + + priorities: preload the system priorities on library loading time + + It is required to restart every application after changing the + system priority file to get changes to take effect. + + Further, for applications running in a chroot, it will no longer + honour a system priority file that may exist inside the chroot, + always using the originally cached data from outside the chroot. + + This patch changes the caching so that we always try to reload + the cache of system priorities. A mtime check is used to avoid + actually re-reading the file unless its content has obviously + changed. If the file no longer exists, the cache will not be + invalidated. This ensures that the current priority file is + always honoured, whether inside a chroot or not, while at the + same time allowing apps to work in a chroot when no system + priority file is present. + + Signed-off-by: Daniel P. Berrange + +Author: Nikos Mavrogiannopoulos +Date: Wed Jun 8 19:38:07 2016 +0200 + + doc: remove references to GNUTLS_KEYLOGFILE + +Author: Nikos Mavrogiannopoulos +Date: Mon Jun 6 19:33:34 2016 +0200 + + tests: renamed rehandshake checks for clarity + +Author: Nikos Mavrogiannopoulos +Date: Mon Jun 6 18:47:28 2016 +0200 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Mon Jun 6 18:43:12 2016 +0200 + + keylogfile: only consider the SSLKEYLOGFILE variable + + In addition do not check the environment in the constructor + but instead use static variables to save the key file name. + The GNUTLS_KEYLOGFILE environment variable is no longer used + since there is no reason to have a separate one. + +Author: Nikos Mavrogiannopoulos +Date: Mon Jun 6 18:39:18 2016 +0200 + + lib: eliminated the use of deprecated variables + +Author: Nikos Mavrogiannopoulos +Date: Sat Jun 4 11:42:21 2016 +0200 + + doc: removed OpenPGP examples + + Relates #102 + +Author: Nikos Mavrogiannopoulos +Date: Sat Jun 4 11:36:34 2016 +0200 + + pkcs12: corrected return type of gnutls_pkcs12_bag_get_type() + +Author: Nikos Mavrogiannopoulos +Date: Fri Jun 3 17:07:28 2016 +0200 + + tests: move pkcs11-cert-import-url4-exts with the other pkcs11 tests + + This prevents a build failure in windows. + +Author: Nikos Mavrogiannopoulos +Date: Fri Jun 3 15:01:59 2016 +0200 + + doc clarify the version since when GNUTLS_PKCS11_OBJ_FLAG_OVERWRITE_TRUSTMOD_EXT is accepted + +Author: Nikos Mavrogiannopoulos +Date: Fri Jun 3 14:53:04 2016 +0200 + + tests: corrected typo in crl-test + +Author: Nikos Mavrogiannopoulos +Date: Fri Jun 3 14:24:32 2016 +0200 + + tests: check gnutls_pkcs11_obj_list_import_url4() with GNUTLS_PKCS11_OBJ_FLAG_OVERWRITE_TRUSTMOD_EXT + +Author: Nikos Mavrogiannopoulos +Date: Fri Jun 3 14:50:45 2016 +0200 + + gnutls_pkcs11_obj_list_import_url4: accepts the GNUTLS_PKCS11_OBJ_FLAG_OVERWRITE_TRUSTMOD_EXT flag + +Author: Nikos Mavrogiannopoulos +Date: Fri Jun 3 14:41:25 2016 +0200 + + gnutls_pkcs11_obj_list_import_url3: rewritten to use gnutls_pkcs11_obj_list_import_url4 + +Author: Nikos Mavrogiannopoulos +Date: Fri Jun 3 14:29:45 2016 +0200 + + pkcs11: use ctx as variable name for ck_object_handle_t for clarity + +Author: Nikos Mavrogiannopoulos +Date: Fri Jun 3 13:47:44 2016 +0200 + + pkcs11: doc update + +Author: Nikos Mavrogiannopoulos +Date: Thu Jun 2 14:37:11 2016 +0200 + + doc update [ci skip] + +Author: Nikos Mavrogiannopoulos +Date: Thu Jun 2 14:28:52 2016 +0200 + + _gnutls_check_key_purpose: in CA certificates treat the SGC key purpose as GNUTLS_KP_TLS_WWW_SERVER + + This is a hack for certain very old CA certificates lurking around which instead + of having the GNUTLS_KP_TLS_WWW_SERVER have some old OIDs for that purpose. Consider + these OIDs equivalent to GNUTLS_KP_TLS_WWW_SERVER in marked as CA certificates. + +Author: Nikos Mavrogiannopoulos +Date: Thu Jun 2 09:22:26 2016 +0200 + + gnutls-cli: --save-ocsp will work even if verification fails + + That is, allow saving the response even if the OCSP response caused + a verification error. That way the response can be examined for possible + issues. + +Author: Nikos Mavrogiannopoulos +Date: Thu Jun 2 09:20:13 2016 +0200 + + ocsp: attempt harder to figure an OCSP staple issuer + + That is, check initially against the trust list set on the credentials, + and if verification is not possible attempt with all certificates in + the chain as possible issuers. The reason of this enhancement is the + few servers have an OCSP response signed not by their direct CA but + rather by one of the higher level CAs. + +Author: Nikos Mavrogiannopoulos +Date: Wed Jun 1 14:10:59 2016 +0200 + + tests: added comprehensive OCSP test suite with MUST-staple PKIX extension + + This includes the tests: + - Server with valid certificate - no staple + - Server with valid certificate - valid staple + - Server with valid certificate - invalid staple + - Server with valid certificate - unrelated cert staple + - Server with valid certificate - expired staple + - Server with valid certificate - old staple + +Author: Nikos Mavrogiannopoulos +Date: Wed Jun 1 10:09:54 2016 +0200 + + tests: utils: added c_print() + +Author: Nikos Mavrogiannopoulos +Date: Wed Jun 1 10:33:15 2016 +0200 + + ext: status_request: added more descriptive name + +Author: Nikos Mavrogiannopoulos +Date: Wed Jun 1 14:15:49 2016 +0200 + + ocsp: fail certificate verification on expired or too old revocation data info + +Author: Nikos Mavrogiannopoulos +Date: Wed Jun 1 14:13:52 2016 +0200 + + ocsp: Introduced GNUTLS_CERT_INVALID_OCSP_STATUS + + This verification status flag indicates an OCSP status response + being stapled but it being invalid for some reason (e.g., unable + to parse or doesn't contain the expected certificate). + +Author: Nikos Mavrogiannopoulos +Date: Wed Jun 1 14:38:32 2016 +0200 + + doc: improved OCSP description and mention RFC7633 + +Author: Nikos Mavrogiannopoulos +Date: Tue May 31 16:52:06 2016 +0200 + + tests: added basic check for gnutls_url_is_supported + +Author: Nikos Mavrogiannopoulos +Date: Tue May 31 16:47:34 2016 +0200 + + gnutls_url_is_supported: type changed to unsigned + + In addition function documentation was updated. + +Author: Nikos Mavrogiannopoulos +Date: Tue May 31 16:42:22 2016 +0200 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Tue May 31 16:37:34 2016 +0200 + + pubkey_to_bits: return type was changed to unsigned + + This function did not return signed data, so the "int" return + type was confusing. + +Author: Nikos Mavrogiannopoulos +Date: Tue May 31 16:16:38 2016 +0200 + + crypto-selftests: removed unneeded cast + +Author: Nikos Mavrogiannopoulos +Date: Tue May 31 13:49:13 2016 +0200 + + several sign-related API changes + + This replaces the usage of "int" in functions which could only + have accepted an "unsigned" value. Also functions which return + unsigned values are explicitly tagged as such. The ABI remains + the same with these changes. + + This allows easier catching of sign/unsigned related errors from + the calling applications. + +Author: Nikos Mavrogiannopoulos +Date: Tue May 31 11:40:00 2016 +0200 + + x509: simplified _gnutls_x509_get_tbs() + +Author: Nikos Mavrogiannopoulos +Date: Tue May 31 10:08:14 2016 +0200 + + x509: replace the bool type with the unsigned type + + This allows to rely on gcc warnings for improper checks and + conversions. Unfortunately gcc does warn on invalid checks for + the bool type (e.g., b<0). + +Author: Nikos Mavrogiannopoulos +Date: Tue May 31 10:00:18 2016 +0200 + + configure: enable the type-limits gcc warnings + + In addition remove the unsafe-loop-optimizations warning + as they were not helpful. + +Author: Nikos Mavrogiannopoulos +Date: Tue May 31 08:59:47 2016 +0200 + + certtool: doc update + +Author: Nikos Mavrogiannopoulos +Date: Mon May 30 22:28:23 2016 +0200 + + DCO: added Tim Kosse [ci skip] + +Author: Nikos Mavrogiannopoulos +Date: Mon May 30 15:19:15 2016 +0200 + + tools: modify canonicalize_host to not depend on in6_addr + +Author: Nikos Mavrogiannopoulos +Date: Mon May 30 15:17:06 2016 +0200 + + tests: added unit tests for gnutls_x509_tlsfeatures_t handling funcs + + This includes DER import/export as well as feature appending. + +Author: Nikos Mavrogiannopoulos +Date: Mon May 30 14:19:20 2016 +0200 + + tests: tlsfeature-test will ignore the 'Algorithm Security Level' line in comparisons + + That is to allow depending on the certificate output validation without + relying on "moving" parameters such as the Algorithm Security Level. + +Author: Nikos Mavrogiannopoulos +Date: Mon May 30 13:47:14 2016 +0200 + + tests: verify whether the TLSFeatures extension is copied + + Verify whether the TLSFeatures extension is copied from the certificate + request to the generated certificate. + +Author: Nikos Mavrogiannopoulos +Date: Mon May 30 13:34:17 2016 +0200 + + doc: updated since version of tlsfeature functionality and documented new functions + +Author: Tim Kosse +Date: Fri Jan 15 14:45:03 2016 +0100 + + tests: add testcase to check for missing status request + + That is verify whether the OCSP MUST-staple extension, as can be + deduced from RFC7633, is accounted during handshake. + +Author: Tim Kosse +Date: Fri Jan 15 14:45:42 2016 +0100 + + Reset extensions_sent_size only at start of handshake + + That is, do not reset it when completing it so that we can + use the negotiated extensions even after the handshake is + complete. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Tim Kosse +Date: Sun Dec 20 15:09:24 2015 +0100 + + Account the TLSFeature certificate extension in certificate verification + + That is, account for the OCSP-Must staple extension. If we have sent an OCSP + status request and have not gotten anything, but the certificate has the + Status Request TLSFeature extension present, fail to verify the certificate. + +Author: Nikos Mavrogiannopoulos +Date: Mon May 30 12:57:55 2016 +0200 + + tools: allow specifying a hostname with a port attached + + That is: gnutls-cli www.example.com:443 is equivalent to + gnutls-cli www.example.com -p 443 + +Author: Nikos Mavrogiannopoulos +Date: Mon May 30 12:35:45 2016 +0200 + + tests: check the generation and printing of TLS feature PKIX extension + +Author: Nikos Mavrogiannopoulos +Date: Mon May 30 11:23:39 2016 +0200 + + doc: document tls_feature option in the sample template + +Author: Nikos Mavrogiannopoulos +Date: Mon May 30 10:55:46 2016 +0200 + + TLS extensions: use more human-friendly names + + This is required to provide better output to gnutls_ext_get_name() + +Author: Nikos Mavrogiannopoulos +Date: Mon May 30 10:50:38 2016 +0200 + + exported function to convert TLS extension numbers to strings + + The exported function is gnutls_ext_get_name() + +Author: Nikos Mavrogiannopoulos +Date: Mon May 30 10:45:46 2016 +0200 + + x509/output: print the extension name of TLSFeatures + +Author: Tim Kosse +Date: Thu Jan 7 11:27:13 2016 +0100 + + Implement setting the TLS features extension on certificates via certtool's template file. + +Author: Nikos Mavrogiannopoulos +Date: Mon May 30 10:20:00 2016 +0200 + + libgnutls.map: exported the tlsfeatures-related functions + +Author: Tim Kosse +Date: Fri Jan 15 11:34:31 2016 +0100 + + Add functions to get/set the tlsfeatures to certificate requests. + +Author: Tim Kosse +Date: Mon May 30 09:57:42 2016 +0200 + + Added gnutls_x509_crt_set_tlsfeatures + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Tim Kosse +Date: Mon May 30 09:52:15 2016 +0200 + + Added functions to add features and convert tlsfeatures back to DER + + That adds: + gnutls_x509_ext_export_tlsfeatures + gnutls_x509_tlsfeatures_add + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Tim Kosse +Date: Fri Jan 15 13:48:10 2016 +0100 + + Move call to terminate() until after printing the error message. + +Author: Tim Kosse +Date: Fri Jan 15 12:04:00 2016 +0100 + + Fix the description of two testcases. + +Author: Tim Kosse +Date: Mon May 30 09:45:29 2016 +0200 + + Added functions to parse the TLSFeatures X.509 extension. + + In addition provide function to enumerate the features it lists, + and output information with the output functions. + This adds: + gnutls_x509_tlsfeatures_init + gnutls_x509_tlsfeatures_deinit + gnutls_x509_tlsfeatures_get + gnutls_x509_ext_import_tlsfeatures + gnutls_x509_crt_get_tlsfeatures + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Andreas Metzler +Date: Sun May 29 11:53:22 2016 +0200 + + Typo fix: auxilary -> auxiliary [ci skip] + +Author: Nikos Mavrogiannopoulos +Date: Sat May 28 22:26:48 2016 +0200 + + tests: added DTLS 0.9 check with AES-128-GCM + +Author: Nikos Mavrogiannopoulos +Date: Sat May 28 19:57:09 2016 +0200 + + gl: secure_getenv() will behave as getenv on windows + +Author: Nikos Mavrogiannopoulos +Date: Sat May 28 19:32:12 2016 +0200 + + tests: corrected definition of CryptSignHash in mock crypt32 + +Author: Nikos Mavrogiannopoulos +Date: Sat May 28 09:55:53 2016 +0200 + + Rely on gnulib's secure_getenv() + +Author: Nikos Mavrogiannopoulos +Date: Sat May 28 09:55:07 2016 +0200 + + x86-common: use secure_getenv() + +Author: Nikos Mavrogiannopoulos +Date: Fri May 27 22:48:48 2016 +0200 + + configure.ac: check for secure_getenv where available and always enable system extensions + +Author: Nikos Mavrogiannopoulos +Date: Fri May 27 22:34:53 2016 +0200 + + tests: keylog-env will check for SSLKEYLOGFILE as well + +Author: Nikos Mavrogiannopoulos +Date: Fri May 27 22:26:02 2016 +0200 + + env: use secure_getenv when reading environment variables + +Author: Nikos Mavrogiannopoulos +Date: Fri May 27 22:21:50 2016 +0200 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Fri May 27 22:19:40 2016 +0200 + + Append keys on keylogfile + + Also consider the SSLKEYLOGFILE variable, since the format is + identical and we are always appending keys. + +Author: Nikos Mavrogiannopoulos +Date: Thu May 26 11:05:40 2016 +0200 + + tests: ssl2-hello check is made conditional + + It is only run if ENABLE_SSL2 is defined. + +Author: Nikos Mavrogiannopoulos +Date: Thu May 26 11:04:27 2016 +0200 + + .gitignore: more files to ignore + +Author: Nikos Mavrogiannopoulos +Date: Thu May 26 11:02:34 2016 +0200 + + tests: added SSL2.0 client hello parsing check + +Author: Nikos Mavrogiannopoulos +Date: Thu May 26 10:58:19 2016 +0200 + + tests: added small text clarifying the purpose of the cert-common.h header + +Author: Nikos Mavrogiannopoulos +Date: Tue May 24 13:45:32 2016 +0200 + + tests: add an upper limit in the run of compat tests + + This allows the test suite to recover from the case of DTLS implementations + that do not properly retransmit and block on lost packets. + +Author: Nikos Mavrogiannopoulos +Date: Tue May 24 13:27:12 2016 +0200 + + doc: advise against using the TPM-specific API + + It is restricted to TPM 1.2, and there are fine PKCS#11 wrappers that + will provide identifical functionality. + + Relates #101 + +Author: Nikos Mavrogiannopoulos +Date: Tue May 24 10:08:14 2016 +0200 + + .gitlab-ci.yml: corrected typo preventing the no-SSL 3.0 test part to be properly run + + Also test the --disable-ssl2-support option. + +Author: Nikos Mavrogiannopoulos +Date: Tue May 24 09:58:12 2016 +0200 + + Amend the "Allow for conditional compilation of SSL 3.0 protocol patch" + + That is fix bug introduced by an incorrect #ifdef, and unconditionally + provide access to certificate callbacks. + + This amends 89faab9e9e9123f39e8c0c6f8da1f67de423254a + +Author: Nikos Mavrogiannopoulos +Date: Tue May 24 09:17:53 2016 +0200 + + doc: updated text on priority strings + + Refer to RFC7685 for the TLS padding extension (%DUMBFW), + and mention the default behavior for the TLS client hello record version. + +Author: Nikos Mavrogiannopoulos +Date: Mon May 23 11:33:53 2016 +0200 + + pkcs11: added sanity check to find_obj_url_cb() for object validity + + Also avoid unnecessary recursion. + +Author: Nikos Mavrogiannopoulos +Date: Sat May 21 06:24:47 2016 +0200 + + tests: run compatibility checks in parallel for various modifiers + + That is, the various %NO_ETM, %COMPAT, ... modifiers are checked + in parallel in the testcompat suite, reducing the overall running + time significantly. + +Author: Nikos Mavrogiannopoulos +Date: Sat May 21 05:39:21 2016 +0200 + + tests: enhance TLS version checks with DTLS + + That is we check whether DTLS-1.0 and DTLS-1.2 can be negotiated + using the NORMAL priority string. We also add a custom check for + DTLS-0.9 as this is not fully supported for negotiation. + +Author: Nikos Mavrogiannopoulos +Date: Fri May 20 17:44:46 2016 +0200 + + tests: use /bin/bash in tests which require common.sh + +Author: Nikos Mavrogiannopoulos +Date: Fri May 20 15:04:22 2016 +0200 + + .gitlab-ci.yml: minimal build disables SSL2 client hello + +Author: Nikos Mavrogiannopoulos +Date: Fri May 20 15:03:41 2016 +0200 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Fri May 20 15:01:49 2016 +0200 + + Allow for conditional compilation of SSL 2.0 client hello support + + This allows to completely remove SSL 2.0 support by calling configure + with the '--disable-ssl2-support' option. + + Relates #97 + +Author: Nikos Mavrogiannopoulos +Date: Fri May 20 14:54:38 2016 +0200 + + Amend: Allow for conditional compilation of SSL 3.0 protocol + + This patch makes conditional several more SSL 3.0-only parts of codebase. + +Author: Nikos Mavrogiannopoulos +Date: Fri May 20 14:47:27 2016 +0200 + + CONTRIBUTING.md: link to milestones instead of all issues + +Author: Nikos Mavrogiannopoulos +Date: Fri May 20 14:42:12 2016 +0200 + + tests: mini-x509-cas: use cert-common.h + +Author: Nikos Mavrogiannopoulos +Date: Fri May 20 14:41:08 2016 +0200 + + CONTRIBUTING.md: doc update + +Author: Nikos Mavrogiannopoulos +Date: Fri May 20 12:07:57 2016 +0200 + + tests: do not use pkglib to generate libpkcs11mock1.so + + This resulted in the test library being installed. Install we use noinst + for the library, but pass -rpath to LDFLAGS as a hack to for libtool + to generate the shared version. + +Author: Nikos Mavrogiannopoulos +Date: Thu May 19 12:08:13 2016 +0200 + + configure.ac: increased stack size usage to reduce warnings + + Also remove gcc flags from the banned list that no longer pose + and issue. + +Author: Nikos Mavrogiannopoulos +Date: Fri May 20 07:45:46 2016 +0200 + + announce.txt: updated list email address + +Author: Nikos Mavrogiannopoulos +Date: Thu May 19 10:56:52 2016 +0200 + + priority: CCM ciphersuites was promoted over the CBC ones + + Also make explicit the prioritization rules for the default set + of ciphers. + +Author: Nikos Mavrogiannopoulos +Date: Thu May 19 09:24:13 2016 +0200 + + gnutls-cli: allow operation with stdin input + + That is once commands from stdin are given, they are not only sent to server, + but we also wait for a response prior to exiting. + + Resolves #96 + +Author: Nikos Mavrogiannopoulos +Date: Wed May 18 14:00:06 2016 +0200 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Wed May 18 22:24:33 2016 +0200 + + tests: ocsp-tls-connection: use /bin/bash since we rely on the $RANDOM variable + +Author: Nikos Mavrogiannopoulos +Date: Wed May 18 22:20:47 2016 +0200 + + tests: use _putenv() for setting environment on windows + +Author: Nikos Mavrogiannopoulos +Date: Wed May 18 21:15:38 2016 +0200 + + tests: added check to verify that keylog file is being written + +Author: Nikos Mavrogiannopoulos +Date: Wed May 18 16:38:13 2016 +0200 + + doc: documented the GNUTLS_KEYLOGFILE environment variable + +Author: Nikos Mavrogiannopoulos +Date: Wed May 18 16:31:28 2016 +0200 + + Write session keys into a file when GNUTLS_KEYLOGFILE is exported + + That is the file pointed from the variable is written to, and contain + the session parameters in the following format (identical to NSS key + log format): + + CLIENT_RANDOM <64 bytes of hex encoded client_random> <96 bytes of hex encoded master secret> + + and for the old RSA ciphersuites also in the format: + RSA <16 bytes of hex encoded encrypted pre master secret> <96 bytes of hex encoded master secret> + + Resolves #64 + +Author: Nikos Mavrogiannopoulos +Date: Wed May 18 13:39:06 2016 +0200 + + systemkey: corrected help output + +Author: Nikos Mavrogiannopoulos +Date: Wed May 18 13:36:11 2016 +0200 + + doc: document the systems supported via systemkeys API + +Author: Nikos Mavrogiannopoulos +Date: Tue May 17 14:13:26 2016 +0200 + + doc update [ci skip] + +Author: Nikos Mavrogiannopoulos +Date: Tue May 17 10:35:39 2016 +0200 + + gnutls-cli: corrected check for OCSP verification success + +Author: Thomas Klute +Date: Fri Apr 29 02:50:31 2016 +0200 + + Test case for gnutls-cli --ocsp + + This new test case checks if gnutls-cli accepts OCSP responses for a + valid and a revoked server certificate when establishing TLS + connections. Uses the OpenSSL OCSP responder. + + Signed-off-by: Thomas Klute + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue May 17 09:23:22 2016 +0200 + + INSTALL.md: no longer reference libgcrypt + +Author: Nikos Mavrogiannopoulos +Date: Tue May 17 09:16:32 2016 +0200 + + doc: updated README files + + This makes the names a bit more reasonable, drops the very generic + INSTALL file, and also allows the github repository to print the + correct README file. + + README -> INSTALL.md + README-alpha.md -> README.md + +Author: Nikos Mavrogiannopoulos +Date: Tue May 17 08:56:59 2016 +0200 + + tests: renamed cert-callback checks for simplicity + +Author: Nikos Mavrogiannopoulos +Date: Tue May 17 08:55:50 2016 +0200 + + tests: added check with the legacy cert verification callback + +Author: Nikos Mavrogiannopoulos +Date: Tue May 17 08:54:43 2016 +0200 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Tue May 17 08:43:58 2016 +0200 + + tests: cert-callbacks check now checks the server-side callback operation as well + +Author: Nikos Mavrogiannopoulos +Date: Mon May 16 18:08:27 2016 +0200 + + tests: dtls-stress: fix debug argument accounting + + It was not being considered when it was not the last argument. + +Author: Nikos Mavrogiannopoulos +Date: Mon May 16 18:05:34 2016 +0200 + + tests: re-disabled dtls-nb check; it had random failures + + This was disabled for quite long time already, and needs to + be investigated. + +Author: Nikos Mavrogiannopoulos +Date: Mon May 16 13:47:23 2016 +0200 + + tests: added DTLS test suite when in session resumption + + While there is already a test suite for DTLS lost packets/rearranges + it does not cover the session resumption flights. This patch + enhances the test suite with these checks. + +Author: Nikos Mavrogiannopoulos +Date: Sun May 15 10:44:42 2016 +0200 + + dtls-stress: added session resumption option + + This allows to perform tests on DTLS resumed sessions for + retransmitions due to lost packets. + +Author: Nikos Mavrogiannopoulos +Date: Sun May 15 11:34:32 2016 +0200 + + tests: dtls: removed excessive debugging output from test + +Author: Nikos Mavrogiannopoulos +Date: Sun May 15 11:08:57 2016 +0200 + + tests: dtls-stress: corrected parsing of -d option + +Author: Nikos Mavrogiannopoulos +Date: Sun May 15 10:49:42 2016 +0200 + + record.c: removed superfluous debugging + +Author: Nikos Mavrogiannopoulos +Date: Sun May 15 10:40:38 2016 +0200 + + gnutls_assert_val: corrected regression from 78ee98e06c7862df38131b12083adc1a0c5eea4a + +Author: Nikos Mavrogiannopoulos +Date: Sun May 15 09:30:02 2016 +0200 + + gnutls_assert_val: was modified to be in line with gnutls_assert() + +Author: Nikos Mavrogiannopoulos +Date: Sat May 14 13:03:27 2016 +0200 + + .gitlab-ci.yml: added new build target without SSL 3.0 + + Also disable SSL3.0 in the minimal library compilation. + +Author: Nikos Mavrogiannopoulos +Date: Sat May 14 11:58:27 2016 +0200 + + .gitignore: more files to ignore + +Author: Nikos Mavrogiannopoulos +Date: Sat May 14 11:57:47 2016 +0200 + + tests: added key exchange checks for all DTLS protocols + +Author: Nikos Mavrogiannopoulos +Date: Sat May 14 11:48:45 2016 +0200 + + doc: prefer the usage of VERS-ALL in documentation + +Author: Nikos Mavrogiannopoulos +Date: Sat May 14 11:47:18 2016 +0200 + + ext master secret: don't enable when SSL 3.0 is the only protocol + + That is on server side only. On client side this logic was already + present. + +Author: Nikos Mavrogiannopoulos +Date: Sat May 14 11:18:44 2016 +0200 + + tests: separated the key exchange checks + + That is introduce separate checks for each key exchange on every TLS version. + +Author: Nikos Mavrogiannopoulos +Date: Sat May 14 11:12:56 2016 +0200 + + doc: mention the TLS 1.2 restriction of sign algo functions + +Author: Nikos Mavrogiannopoulos +Date: Sat May 14 10:28:49 2016 +0200 + + Allow for conditional compilation of SSL 3.0 protocol + + This allows to completely remove SSL 3.0 support by calling configure + with the '--disable-ssl3' option. + + Resolves #93 + +Author: Nikos Mavrogiannopoulos +Date: Sat May 14 08:03:48 2016 +0200 + + Makefile.am: include renamed files into distribution + +Author: Nikos Mavrogiannopoulos +Date: Sat May 14 00:39:23 2016 +0200 + + README-alpha.md: refer to CONTRIBUTING.md [ci skip] + +Author: Nikos Mavrogiannopoulos +Date: Sat May 14 00:38:59 2016 +0200 + + LICENSE: mention that documentation is under GNU FDL + +Author: Nikos Mavrogiannopoulos +Date: Sat May 14 00:35:45 2016 +0200 + + Leave only LICENSE in the root directory and move licenses to doc/ + +Author: Nikos Mavrogiannopoulos +Date: Sat May 14 00:13:44 2016 +0200 + + Added a LICENSE file [ci skip] + +Author: Nikos Mavrogiannopoulos +Date: Sat May 14 00:31:43 2016 +0200 + + Moved coding style and contribution guide to CONTRIBUTION.md + + This aligns with gitlab's web interface. + +Author: Nikos Mavrogiannopoulos +Date: Fri May 13 20:39:11 2016 +0200 + + tests: include unistd.h in tests which call _exit() + +Author: Nikos Mavrogiannopoulos +Date: Fri May 13 13:41:53 2016 +0200 + + tests: simplified server launching process + + Also attempt to use a new port on every started server and + added a waiting period for the port to become re-usable. + +Author: Nikos Mavrogiannopoulos +Date: Fri May 13 11:28:51 2016 +0200 + + tests: avoid calling exit() from signal handlers + +Author: Nikos Mavrogiannopoulos +Date: Fri May 13 11:16:58 2016 +0200 + + memmem.m4: don't call exit() from signal handler + +Author: Nikos Mavrogiannopoulos +Date: Thu May 12 11:24:03 2016 +0200 + + tests: enhance SNI checking with invalid UTF8 and embedded NULL case + +Author: Nikos Mavrogiannopoulos +Date: Thu May 12 11:22:51 2016 +0200 + + Introduce _gnutls_server_name_set_raw + + This is an internal function intended for testing, which performs + the same as gnutls_server_name_set() but without any UTF8 conversions + or other checks in the input. It is intended to be used with raw data. + +Author: Nikos Mavrogiannopoulos +Date: Thu May 12 11:21:16 2016 +0200 + + errors: include GNUTLS_E_IDNA_ERROR to the list + +Author: Nikos Mavrogiannopoulos +Date: Thu May 12 10:58:58 2016 +0200 + + server_name: only save the supported server names in the session + + Invalid server names with embedded nulls and unsupported types + are not saved. + +Author: Nikos Mavrogiannopoulos +Date: Thu May 12 10:37:56 2016 +0200 + + gnutls_server_name_get: mention GNUTLS_E_IDNA_ERROR being returned + +Author: Nikos Mavrogiannopoulos +Date: Thu May 12 09:24:23 2016 +0200 + + doc: clarify that 'hmac' in the name of functions is only for legacy reasons + +Author: Nikos Mavrogiannopoulos +Date: Wed May 11 13:23:33 2016 +0200 + + tests: introduce delay between server restarts in testsrn.sh + + This is to reduce test suite random failures on CI. + +Author: Nikos Mavrogiannopoulos +Date: Wed May 11 09:31:28 2016 +0200 + + tests: CRL test will separate stderr output from stdout + + This addresses CI failures due to "Merge mismatch for function" messages + from gcov being inserted into stdout output and messing the base64 encoding. + +Author: Nikos Mavrogiannopoulos +Date: Wed May 11 09:28:55 2016 +0200 + + Revert "tests: CRL test will not push stderr into output files" + + This reverts commit bf1ee75f78cd81ea8309bdfb50f63ed0ab61a23a. + +Author: Nikos Mavrogiannopoulos +Date: Wed May 11 09:27:32 2016 +0200 + + gnutls_pkcs7_print: avoid warning for signed/unsigned comparison by making everything signed + +Author: Nikos Mavrogiannopoulos +Date: Wed May 11 08:17:37 2016 +0200 + + tests: CRL test will not push stderr into output files + + This addresses CI failures due to "Merge mismatch for function" messages + from gcov being inserted into output and messing the base64 encoding. + +Author: Nikos Mavrogiannopoulos +Date: Tue May 10 22:46:34 2016 +0200 + + pack_srp_auth_info: corrected check for uninitialized username + +Author: Nikos Mavrogiannopoulos +Date: Tue May 10 22:48:56 2016 +0200 + + call_get_cert_callback: removed dead code + +Author: Nikos Mavrogiannopoulos +Date: Tue May 10 22:11:52 2016 +0200 + + pkcs11: added error check in _gnutls_buffer_append_data() + +Author: Nikos Mavrogiannopoulos +Date: Tue May 10 22:08:23 2016 +0200 + + gnutls_pubkey_verify_data2: simplified return logic + +Author: Nikos Mavrogiannopoulos +Date: Tue May 10 22:02:54 2016 +0200 + + gnutls_pkcs7_print: corrected type of unsigned count variable + +Author: Nikos Mavrogiannopoulos +Date: Tue May 10 21:55:07 2016 +0200 + + _gnutls_krb5_der_to_principal: fixed invalid deinitialization on cleanup + +Author: Nikos Mavrogiannopoulos +Date: Tue May 10 20:57:08 2016 +0200 + + tests: don't run hash-large on freebsd + +Author: Nikos Mavrogiannopoulos +Date: Tue May 10 20:06:03 2016 +0200 + + tests: fix mmap usage of hash-large to correctly detect failures + +Author: Nikos Mavrogiannopoulos +Date: Tue May 10 15:23:11 2016 +0200 + + doc: updated documentation for gnutls_x509_crt_get_*_dn + +Author: Nikos Mavrogiannopoulos +Date: Tue May 10 15:20:09 2016 +0200 + + certtool: handle empty CNs on verification + + That is, handle GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE if returned + from gnutls_x509_crt_get_dn() on the end certificate. + +Author: Nikos Mavrogiannopoulos +Date: Tue May 10 15:17:18 2016 +0200 + + Revert "x509: allow empty DNs on parsing for subject DNs" + + This reverts commit 1641ea943079765d601cf418dc2c89c1c93f0ecf. + +Author: Nikos Mavrogiannopoulos +Date: Tue May 10 11:40:43 2016 +0200 + + cert cred: add the CN to the list of known hostnames only if no dns_names + + That is, follow rfc6125 and support CN as a fallback only. + +Author: Nikos Mavrogiannopoulos +Date: Tue May 10 11:23:02 2016 +0200 + + tests: enhanced set_x509*_key to verify that connections succeed with creds + + That is the tests no only verify that credentials are set as expected + but also whether sessions are established with the credentials provided. + +Author: Nikos Mavrogiannopoulos +Date: Tue May 10 11:15:53 2016 +0200 + + gnutls_certificate_set_key: import the DNS names of the certificates + + That is, only when no (NULL) names are provided. + +Author: Nikos Mavrogiannopoulos +Date: Tue May 10 11:12:33 2016 +0200 + + reset the global time func on init/deinit + +Author: Nikos Mavrogiannopoulos +Date: Tue May 10 11:05:03 2016 +0200 + + auth/cert: log the server name requested by client + +Author: Nikos Mavrogiannopoulos +Date: Tue May 10 11:00:02 2016 +0200 + + improved output of gnutls_assert() + +Author: Nikos Mavrogiannopoulos +Date: Tue May 10 10:44:57 2016 +0200 + + x509: allow empty DNs on parsing for subject DNs + +Author: Alon Bar-Lev +Date: Mon May 9 20:57:36 2016 +0300 + + build: tests/windows/cng-windows.c: fix implicit decleration of exit + + Signed-off-by: Alon Bar-Lev + +Author: Nikos Mavrogiannopoulos +Date: Tue May 10 09:15:29 2016 +0200 + + .gitlab-ci.yml: enable openssl compat library in minimal build + +Author: Nikos Mavrogiannopoulos +Date: Tue May 10 09:12:51 2016 +0200 + + openssl_compat: removed unneeded headers + + These headers have been renamed, but they were not necessary for + this module's compilation. Report/Patch by Andreas Metzler. + +Author: Nikos Mavrogiannopoulos +Date: Mon May 9 21:47:14 2016 +0200 + + .gitlab-ci.yml: added build for windows DLLs + + This creates the windows DLLs on every tagged release. + +Author: Nikos Mavrogiannopoulos +Date: Mon May 9 08:03:24 2016 +0200 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Mon May 9 07:52:14 2016 +0200 + + bumped soversion + +Author: Nikos Mavrogiannopoulos +Date: Mon May 9 07:51:05 2016 +0200 + + updated auto-generated files + +Author: Nikos Mavrogiannopoulos +Date: Sat May 7 13:34:34 2016 +0200 + + x509: use the modified flag in gnutls_x509_crt_t + + That will avoid re-encoding or decoding in common operations. + +Author: Nikos Mavrogiannopoulos +Date: Sat May 7 13:18:20 2016 +0200 + + x509: added flag to indicate modification in gnutls_x509_crt_t + +Author: Nikos Mavrogiannopoulos +Date: Fri May 6 16:55:48 2016 +0200 + + gnutls_x509_crt_equals*: modified to allow operation with certificates that are not imported + + This allows it operating with certificates that are generated from scratch. + +Author: Nikos Mavrogiannopoulos +Date: Fri May 6 16:04:31 2016 +0200 + + tests: added checks for certificate generation APIs + +Author: Nikos Mavrogiannopoulos +Date: Fri May 6 15:40:14 2016 +0200 + + doc: fixed documentation of gnutls_x509_crt_set_subject_alternative_name + + The previous version could not be parsed by gdoc. + +Author: Hubert Kario +Date: Fri May 6 11:12:29 2016 +0200 + + gnutls-serv: sending alerts on mismatched SNI names + + Extend serv utility to be able to send alerts when the name advertised + by client does not match the name expected by server. + +Author: Hubert Kario +Date: Fri May 6 11:05:10 2016 +0200 + + Add support for sending unrecognized name alerts + + To better test support for server_name extension in TLS, it's + necessary to be able to differentiate between name being rejected + because it is unknown to the server and it being malformed. + +Author: Nikos Mavrogiannopoulos +Date: Fri May 6 11:41:12 2016 +0200 + + doc: TODO list references to gitlab + +Author: Nikos Mavrogiannopoulos +Date: Thu May 5 11:10:38 2016 +0200 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Thu May 5 11:01:29 2016 +0200 + + priorities: when without AES acceleration prefer stream ciphers (i.e., CHACHA20) + +Author: Nikos Mavrogiannopoulos +Date: Thu May 5 22:49:50 2016 +0200 + + doc: updated documentation on rehandshake and GNUTLS_ALLOW_ID_CHANGE [ci skip] + +Author: Nikos Mavrogiannopoulos +Date: Wed May 4 09:13:50 2016 +0200 + + tests: use the 'b' modifier for writing binary data in set_x509_key_file_der + + This allows the test to operate properly on windows systems. + +Author: Nikos Mavrogiannopoulos +Date: Wed May 4 08:07:37 2016 +0200 + + tests: avoid the usage of tmpnam() + + Use a simpler version which is confined within the testsuite + build directories. + +Author: Nikos Mavrogiannopoulos +Date: Wed May 4 07:48:37 2016 +0200 + + tests: disable checks with tmpnam() on windows + +Author: Nikos Mavrogiannopoulos +Date: Tue May 3 20:14:37 2016 +0200 + + tests: fixed 64-bit check for time_t in mini-x509 + +Author: Nikos Mavrogiannopoulos +Date: Tue May 3 15:26:52 2016 +0200 + + tests: added check for gnutls_certificate_set_x509_simple_pkcs12_file + +Author: Nikos Mavrogiannopoulos +Date: Tue May 3 15:12:47 2016 +0200 + + .gitignore: more files to ignore + +Author: Nikos Mavrogiannopoulos +Date: Tue May 3 15:12:00 2016 +0200 + + tests: added check of gnutls_certificate_set_x509_key_file2 with DER input + +Author: Nikos Mavrogiannopoulos +Date: Tue May 3 14:54:31 2016 +0200 + + tests: enhanced set_x509_key_file check + + That now verifies that the input is the same as the data stored + in the credentials as well checks for valid operation. + +Author: Nikos Mavrogiannopoulos +Date: Tue May 3 14:29:35 2016 +0200 + + tests: mini-x509: include the legacy verification functions into the check + +Author: Nikos Mavrogiannopoulos +Date: Tue May 3 14:28:44 2016 +0200 + + tests: added check for gnutls_certificate_set_key() + +Author: Nikos Mavrogiannopoulos +Date: Tue May 3 14:24:08 2016 +0200 + + gnutls_certificate_set_key: duplicate the provided memory + + That is, do not assume that a heap allocated value is provided. + +Author: Nikos Mavrogiannopoulos +Date: Tue May 3 11:54:04 2016 +0200 + + .gitlab-ci.yml: enabled coverage run in the x86 build + +Author: Nikos Mavrogiannopoulos +Date: Tue May 3 11:49:09 2016 +0200 + + tests: do not block server errors in testdsa from being printed out + + Also added a delay prior to launching next server instance. + +Author: Nikos Mavrogiannopoulos +Date: Tue May 3 11:43:48 2016 +0200 + + .gitignore: more test files to ignore + +Author: Nikos Mavrogiannopoulos +Date: Tue May 3 11:26:04 2016 +0200 + + pkcs11: find_ext_cb: eliminated memory leak + +Author: Nikos Mavrogiannopoulos +Date: Tue May 3 10:56:44 2016 +0200 + + pkcs11: find_cert_cb: do not use C_FindObjectsInit() when another is already running + + While some modules implicitly terminated the previous run, this is not + something that PKCS#11 modules are expected to typically do. + +Author: Nikos Mavrogiannopoulos +Date: Tue May 3 09:28:36 2016 +0200 + + pkcs11: the flag GNUTLS_PKCS11_OBJ_FLAG_OVERWRITE_TRUSTMOD_EXT will be respected by imported certificates + + That is, certificates imported with gnutls_pkcs11_obj_import_url() or + gnutls_x509_crt_import_url() will be able to be extracted with their + extensions overriden. Previously that was available only on gnutls_pkcs11_get_raw_issuer() + and friends. + +Author: Nikos Mavrogiannopoulos +Date: Mon May 2 15:36:56 2016 +0200 + + tests: added a basic PKCS#11 mock module + + This is used to test gnutls_pkcs11_obj_get_exts(), gnutls_x509_crt_import_url(), + and gnutls_pkcs11_get_raw_issuer() with the GNUTLS_PKCS11_OBJ_FLAG_OVERWRITE_TRUSTMOD_EXT + flag. + +Author: Nikos Mavrogiannopoulos +Date: Mon May 2 13:13:10 2016 +0200 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Mon May 2 13:12:00 2016 +0200 + + _gnutls_x509_crt_cpy: optimized and simplified + +Author: Nikos Mavrogiannopoulos +Date: Mon May 2 12:53:54 2016 +0200 + + exported gnutls_x509_crt_equals() and gnutls_x509_crt_equals2() + + These functions provide a way to compare parsed certificates. They + were used internally and they are quite useful to be made available. + +Author: Nikos Mavrogiannopoulos +Date: Mon May 2 15:36:37 2016 +0200 + + gnutls_pkcs11_obj_get_exts: updated documentation + +Author: Nikos Mavrogiannopoulos +Date: Mon May 2 12:09:03 2016 +0200 + + gnutls_x509_crt_import_url: updated documentation for new function name + +Author: Nikos Mavrogiannopoulos +Date: Mon May 2 12:05:48 2016 +0200 + + gnutls_pkcs11_add_provider: clarified params description + +Author: Nikos Mavrogiannopoulos +Date: Mon May 2 08:38:32 2016 +0200 + + tests: added checks on PKCS#1 digest info encoding/decoding + +Author: Nikos Mavrogiannopoulos +Date: Mon May 2 08:37:45 2016 +0200 + + gnutls_decode_ber_digest_info: return more precise error code on unknown hash + + That is instead of returning GNUTLS_E_UNKNOWN_ALGORITHM on unknown hash, + return GNUTLS_E_UNKNOWN_HASH_ALGORITHM. + +Author: Nikos Mavrogiannopoulos +Date: Mon May 2 08:35:58 2016 +0200 + + errors.h: removed terminating colon on gnutls_assert() output + +Author: Nikos Mavrogiannopoulos +Date: Sun May 1 12:13:26 2016 +0200 + + doc: updated PKCS #11 documentation + +Author: Nikos Mavrogiannopoulos +Date: Sat Apr 30 18:09:18 2016 +0200 + + gnutls_certificate_get_crt_raw: doc update + +Author: Nikos Mavrogiannopoulos +Date: Sat Apr 30 18:06:51 2016 +0200 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Sat Apr 30 17:50:45 2016 +0200 + + doc: mention the version after which gnutls_pem_base64_en/decode2() are available + +Author: Nikos Mavrogiannopoulos +Date: Sat Apr 30 08:26:37 2016 +0200 + + tests: use one-time files in crl + +Author: Nikos Mavrogiannopoulos +Date: Sat Apr 30 07:14:13 2016 +0200 + + tests: check whether the randomly generate port is used + +Author: Nikos Mavrogiannopoulos +Date: Sat Apr 30 07:05:46 2016 +0200 + + .gitlab-ci.yml: enabled the code coverage checks in the valgrind and ubsan targets + +Author: Nikos Mavrogiannopoulos +Date: Fri Apr 29 19:38:44 2016 +0200 + + tests: enhanced the key-import-export tests + + This check now includes the abstract privkey import/export interfaces. + +Author: Nikos Mavrogiannopoulos +Date: Fri Apr 29 19:38:01 2016 +0200 + + corrected import issue in gnutls_privkey_import_ecc_raw + +Author: Nikos Mavrogiannopoulos +Date: Fri Apr 29 19:31:48 2016 +0200 + + x509/privkey: in raw import functions set the parameter's algorithm type + +Author: Nikos Mavrogiannopoulos +Date: Fri Apr 29 19:03:11 2016 +0200 + + srp base64: return proper gnutls errors codes on error rather than -1 + +Author: Nikos Mavrogiannopoulos +Date: Fri Apr 29 19:02:45 2016 +0200 + + tests: added checks for base64 functions + +Author: Nikos Mavrogiannopoulos +Date: Fri Apr 29 18:04:50 2016 +0200 + + .gitlab-ci.yml: added code coverage run + + This enhances a test to print the code coverage of the test suite, + which in turn is being used/reported by gitlab CI interface. + +Author: Nikos Mavrogiannopoulos +Date: Fri Apr 29 14:53:40 2016 +0200 + + ax_code_coverage.m4: updated to latest version + +Author: Nikos Mavrogiannopoulos +Date: Fri Apr 29 13:12:36 2016 +0200 + + libtasn1: updated to latest version + +Author: Nikos Mavrogiannopoulos +Date: Fri Apr 29 12:57:23 2016 +0200 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Fri Apr 29 12:56:24 2016 +0200 + + errors.h: gnutls_assert() will log the function name in addition to filename/line + + This is quite necessary after the filenames were simplified and we have + filenames with identical names in the directory structure. + +Author: Nikos Mavrogiannopoulos +Date: Fri Apr 29 12:34:43 2016 +0200 + + tests: added check for SRP ID change during rehandshake + + The tests make sure that username changes are allowed if the + flag GNUTLS_ALLOW_ID_CHANGE is specified, and prohibited otherwise. + +Author: Nikos Mavrogiannopoulos +Date: Fri Apr 29 11:47:58 2016 +0200 + + tests: added check for PSK ID change during rehandshake + + The tests make sure that username changes are allowed if the + flag GNUTLS_ALLOW_ID_CHANGE is specified, and prohibited otherwise. + +Author: Nikos Mavrogiannopoulos +Date: Fri Apr 29 10:23:45 2016 +0200 + + handshake: enhance same certificate checks to apply to PSK/SRP username + + That is, unless GNUTLS_ALLOW_ID_CHANGE is specified, during a rehandshake + clients will not be allowed to present another certificate than the original, + or change their username for PSK or SRP ciphersuites. + +Author: Nikos Mavrogiannopoulos +Date: Fri Apr 29 09:39:13 2016 +0200 + + tests: added 'PFS' and 'SUITEB128' into the list of checked priority strings + +Author: Nikos Mavrogiannopoulos +Date: Fri Apr 29 09:29:45 2016 +0200 + + tests: fail() function will also print function and line information + +Author: Nikos Mavrogiannopoulos +Date: Fri Apr 29 09:36:02 2016 +0200 + + _gnutls_hex2bin: refuse to decode odd-sized hex data + +Author: Nikos Mavrogiannopoulos +Date: Fri Apr 29 09:32:52 2016 +0200 + + tests: added unit tests on the HEX encoding/decoding functions + +Author: Nikos Mavrogiannopoulos +Date: Thu Apr 28 18:08:56 2016 +0200 + + certtool: eliminated memory leaks in DH parameter printing/generation. + +Author: Nikos Mavrogiannopoulos +Date: Thu Apr 28 17:42:49 2016 +0200 + + certtool: combined all the seed decoding methods to a single one + + That not only simplifies the code, but also allows decoding hex strings + which contain not hex chars (and that allows decoding hex of the form XX:XX:XX) + +Author: Nikos Mavrogiannopoulos +Date: Thu Apr 28 17:31:24 2016 +0200 + + Revert "tests: ensure the seed is provided in plain hex" + + This reverts commit 0ea7206e12f52f6ed50c4a76ea0a23f5470115b2. + +Author: Nikos Mavrogiannopoulos +Date: Thu Apr 28 16:41:26 2016 +0200 + + tests: check certtool dh-parameter generation with --provable option + +Author: Nikos Mavrogiannopoulos +Date: Thu Apr 28 16:38:16 2016 +0200 + + tests: ensure the seed is provided in plain hex + +Author: Nikos Mavrogiannopoulos +Date: Thu Apr 28 16:34:29 2016 +0200 + + certtool: allow specifying seed size when generating provable DH parameters + +Author: Nikos Mavrogiannopoulos +Date: Thu Apr 28 14:34:17 2016 +0200 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Thu Apr 28 14:26:19 2016 +0200 + + tests: simplified custom-urls check + +Author: Nikos Mavrogiannopoulos +Date: Thu Apr 28 14:22:44 2016 +0200 + + tests: added check on whether builtin URLs cannot be overriden + +Author: Nikos Mavrogiannopoulos +Date: Thu Apr 28 14:09:44 2016 +0200 + + keys: custom URLs take precedence over pre-defined URLs + + This allows applications to define the own 'system:' or 'pkcs11:' + URLs. + + Resolves #89 + +Author: Nikos Mavrogiannopoulos +Date: Thu Apr 28 16:45:44 2016 +0200 + + x25519: ensure that a valid private key is present on key derivation + +Author: Nikos Mavrogiannopoulos +Date: Thu Apr 28 10:33:47 2016 +0200 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Thu Apr 28 10:32:51 2016 +0200 + + tests: added check for GNUTLS_FORCE_CLIENT_CERT init flag + +Author: Nikos Mavrogiannopoulos +Date: Thu Apr 28 10:31:50 2016 +0200 + + instead of assigning a variable per flag use the init flags directly + + That is store the flags provided in gnutls_init() in the session structure + and use these flags directly when required. + +Author: Nikos Mavrogiannopoulos +Date: Thu Apr 28 09:28:54 2016 +0200 + + added flag in session to force sending a client certificate + + This handles the use case of a client connecting to a server + which incorrectly lists the CA certificates it supports. Without + that change the only option was to avoid using the "automatic" + client certificate functions, but rather utilize callbacks. + With that approach this use case is handled by the "automatic" + certificate selection functions. + +Author: Nikos Mavrogiannopoulos +Date: Thu Apr 28 13:28:50 2016 +0200 + + .gitlab-ci.yml: do not load submodules on CI since they are not used + + This reduces the CI running time. + +Author: Nikos Mavrogiannopoulos +Date: Thu Apr 28 09:27:24 2016 +0200 + + tests: check client behavior of sending CA certificates + +Author: Nikos Mavrogiannopoulos +Date: Wed Apr 27 08:18:45 2016 +0200 + + doc: removed news about feature already backported in 3.4.6 + +Author: Nikos Mavrogiannopoulos +Date: Wed Apr 27 08:17:45 2016 +0200 + + examples: introduced basic error checking in more examples + +Author: Nikos Mavrogiannopoulos +Date: Wed Apr 27 07:55:50 2016 +0200 + + examples: simplified the basic client example + +Author: Nikos Mavrogiannopoulos +Date: Wed Apr 27 07:50:20 2016 +0200 + + examples: introduced basic error checking in main client examples + +Author: Nikos Mavrogiannopoulos +Date: Wed Apr 27 07:38:47 2016 +0200 + + examples: corrected the required version of example + +Author: Nikos Mavrogiannopoulos +Date: Tue Apr 26 15:03:08 2016 +0200 + + tests: enhanced dane testing with offline verification checks + +Author: Nikos Mavrogiannopoulos +Date: Tue Apr 26 14:34:26 2016 +0200 + + dane: verification will not fail if a CA entry is encountered but cannot be verified + + That addresses the issue of verifying a single certificate against a list + of TLSA entries that contain an entry with CA usage (cert usage 0). With + the previous behavior verification would have failed, while now this + entry will be skipped. + +Author: Nikos Mavrogiannopoulos +Date: Tue Apr 26 13:54:17 2016 +0200 + + doc: improved documentation on certificate and DANE verification functions + +Author: Nikos Mavrogiannopoulos +Date: Tue Apr 26 13:35:35 2016 +0200 + + dane: updated documentation of dane_verify_crt_raw + +Author: Nikos Mavrogiannopoulos +Date: Tue Apr 26 13:00:46 2016 +0200 + + doc: added clarifications on documentation for dane_state_t + +Author: Nikos Mavrogiannopoulos +Date: Tue Apr 26 12:56:35 2016 +0200 + + manpages: include the dane functions into the distributed pages + +Author: Nikos Mavrogiannopoulos +Date: Sun Apr 24 15:35:20 2016 +0200 + + ecdhe: eliminated unneeded checks for zero of public parameters + + There were not required by either draft-ietf-tls-rfc4492bis-07 + or rfc7748. + +Author: Nikos Mavrogiannopoulos +Date: Sun Apr 24 15:22:55 2016 +0200 + + doc: added example client application utilizing the 3.1.x APIs + +Author: Nikos Mavrogiannopoulos +Date: Sun Apr 24 15:13:42 2016 +0200 + + examples: added explicit 3.5.0 dependency in ex-client-x509 + +Author: Nikos Mavrogiannopoulos +Date: Sun Apr 24 15:11:00 2016 +0200 + + examples: added error checks and updated verify_certificate_chain() + +Author: Nikos Mavrogiannopoulos +Date: Sun Apr 24 14:30:07 2016 +0200 + + .gitlab-ci.yml: made the linux tag explicit for our runners + +Author: Nikos Mavrogiannopoulos +Date: Sun Apr 24 14:15:04 2016 +0200 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Sun Apr 24 14:13:11 2016 +0200 + + doc: document curve X25519 + +Author: Nikos Mavrogiannopoulos +Date: Sun Apr 24 14:12:46 2016 +0200 + + doc: clarify what catch all means in all scenarios + +Author: Nikos Mavrogiannopoulos +Date: Sun Apr 24 11:07:46 2016 +0200 + + gnutls-cli-debug: added tests for supported curves + +Author: Nikos Mavrogiannopoulos +Date: Sat Apr 23 15:20:21 2016 +0200 + + tests: include self tests with CURVE-X25519 + +Author: Nikos Mavrogiannopoulos +Date: Fri Apr 22 13:17:38 2016 +0200 + + gnutls-cli: enhanced KX benchmark with X25519 + +Author: Nikos Mavrogiannopoulos +Date: Fri Apr 22 12:25:59 2016 +0200 + + handshake: added support for ECDH with curve X25519 + + This follows draft-ietf-tls-rfc4492bis-07 and rfc7748 + +Author: Nikos Mavrogiannopoulos +Date: Sun Apr 24 12:11:48 2016 +0200 + + tests: updated the openssl compat check to make explicit the used curves + +Author: Nikos Mavrogiannopoulos +Date: Sun Apr 24 11:12:29 2016 +0200 + + ecdhe: print the received curve from the server on debug mode + +Author: Nikos Mavrogiannopoulos +Date: Sun Apr 24 10:54:54 2016 +0200 + + gnutls-cli-debug: added CHACHA20-POLY1305 detection + +Author: Nikos Mavrogiannopoulos +Date: Sat Apr 23 22:25:35 2016 +0200 + + tests: on out of memory conditions do not fail the hash-large test + + This test may require a large amount of memory which some CI systems + cannot provide. When an out-of-memory-error is detected skip the test + instead of failing. + +Author: Nikos Mavrogiannopoulos +Date: Sat Apr 23 15:15:50 2016 +0200 + + session: removed unused parameters from RSA-EXPORT era + +Author: Nikos Mavrogiannopoulos +Date: Sat Apr 23 14:52:03 2016 +0200 + + README-alpha.md: updated badges with the new gitlab URLs + +Author: Nikos Mavrogiannopoulos +Date: Fri Apr 22 09:26:55 2016 +0200 + + doc: document the TPM 1.2 limitation + +Author: Nikos Mavrogiannopoulos +Date: Thu Apr 21 16:50:46 2016 +0200 + + doc: tpm: include short instructions on initializing the TPM chip + +Author: Nikos Mavrogiannopoulos +Date: Wed Apr 20 16:19:32 2016 +0200 + + tests: hash-large: use private mmap() + + This reduces the memory usage of the test significantly on Linux. + +Author: Nikos Mavrogiannopoulos +Date: Wed Apr 20 12:04:09 2016 +0200 + + tests: use mmap() for large memory allocations in systems that support it + + That allows the hash-large test to run on systems which its calloc() + is attempting to allocate an impossible amount of memory. + +Author: Nikos Mavrogiannopoulos +Date: Wed Apr 20 11:28:21 2016 +0200 + + tests: use /bin/bash for tests that use bashisms + +Author: Nikos Mavrogiannopoulos +Date: Wed Apr 20 11:02:10 2016 +0200 + + tests: don't run danetool.sh if danetool is not present + + That prevents test suite failure in systems without libunbound. + +Author: Nikos Mavrogiannopoulos +Date: Wed Apr 20 10:08:23 2016 +0200 + + gnutls_int.h: allow compiling with system (gnutls) headers + +Author: Nikos Mavrogiannopoulos +Date: Wed Apr 20 13:44:59 2016 +0200 + + .gitlab-ci.yml: added build rule on freebsd + +Author: Nikos Mavrogiannopoulos +Date: Tue Apr 19 23:11:13 2016 +0200 + + certtool: document sha3 functions in manpage [ci skip] + +Author: Nikos Mavrogiannopoulos +Date: Tue Apr 19 23:06:24 2016 +0200 + + doc: added missing @end example in danetool documentation + +Author: Nikos Mavrogiannopoulos +Date: Tue Apr 19 22:50:52 2016 +0200 + + doc: updated documentation on false start + +Author: Nikos Mavrogiannopoulos +Date: Tue Apr 19 22:37:22 2016 +0200 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Tue Apr 19 19:25:08 2016 +0200 + + gnutls-cli-debug: enable socket verbosity when --verbose is given + +Author: Nikos Mavrogiannopoulos +Date: Tue Apr 19 19:23:23 2016 +0200 + + tools: explicitly initialize socket struct to zero + + That resolves issue where verbose was enabled by default. + +Author: Nikos Mavrogiannopoulos +Date: Tue Apr 19 19:18:05 2016 +0200 + + tools: avoid extracting the value of the app-proto alias + + Instead always extract the starttls-proto value, as it seems + that libopts doesn't report any value for the former. This + corrects the starttls capability of danetool and gnutls-cli-debug. + +Author: Nikos Mavrogiannopoulos +Date: Tue Apr 19 19:12:51 2016 +0200 + + tools: document the starttls capability + +Author: Nikos Mavrogiannopoulos +Date: Tue Apr 19 09:20:04 2016 +0200 + + tests: do not run danetool.sh on windows + + The test fails due to CRLF. + +Author: Nikos Mavrogiannopoulos +Date: Mon Apr 18 16:24:34 2016 +0200 + + tools: avoid relying on static buffers for service name + +Author: Nikos Mavrogiannopoulos +Date: Mon Apr 18 16:16:59 2016 +0200 + + tests: added basic check on danetool --tlsa-rr option + +Author: Nikos Mavrogiannopoulos +Date: Mon Apr 18 16:03:37 2016 +0200 + + danetool: Allow specifying a service name into port option + + This makes the tool similar to gnutls-cli. + +Author: Kevin Cernekee +Date: Mon Apr 18 15:15:32 2016 +0200 + + Fix library build on Chrome Native Client (NaCl) + + Some supported toolchains define DT_UNKNOWN but do not + define _DIRENT_HAVE_D_TYPE (and do not have the d_type field). + On other platforms GnuTLS may need to second-guess what the + library is reporting, but on NaCl this is unsafe. + +Author: Nikos Mavrogiannopoulos +Date: Mon Apr 18 12:03:05 2016 +0200 + + gnutls-serv: don't send closure messages in failed handshakes + +Author: Nikos Mavrogiannopoulos +Date: Mon Apr 18 11:46:39 2016 +0200 + + client key exchange: fail if the client KX message is padded with additional bytes + +Author: Nikos Mavrogiannopoulos +Date: Mon Apr 18 11:18:04 2016 +0200 + + _wrap_nettle_pk_derive: reject values of public key that are over the prime + + That is do not canonicalise the value we get from the network, but + rather check it for validity. This saves a modular reduction on handshake + and performs a sanity check on the peer's (client) parameters. + Reported by Hubert Kario. + + Resolves #84 + +Author: Nikos Mavrogiannopoulos +Date: Fri Apr 15 10:17:32 2016 +0200 + + tests: suite: disable any openssl cpu optimizations + + This prevents from valgrind failures on softhsm usage due to + any new instruction optimizations which are not supported by + valgrind. + +Author: Nikos Mavrogiannopoulos +Date: Fri Apr 15 10:14:22 2016 +0200 + + doc: further updated documentation on false start [ci skip] + +Author: Nikos Mavrogiannopoulos +Date: Thu Apr 14 19:32:22 2016 +0200 + + doc: updated documentation on false start + +Author: Nikos Mavrogiannopoulos +Date: Thu Apr 14 19:23:13 2016 +0200 + + tests: enhanced the false start checks + + These now check whether sending and receiving is performed + as expected after handshake, DTLS, as well as test explicit handshake + called by the application. + +Author: Nikos Mavrogiannopoulos +Date: Thu Apr 14 19:20:36 2016 +0200 + + Updated false start support to be transparent to applications. + + That is, an additional flag GNUTLS_ENABLE_FALSE_START is introduced + for gnutls_init(), and that enables support for false start. At + this point false start will be performed by the handshake if possible, + and gnutls_record_recv() will handle handshake completion. + +Author: Nikos Mavrogiannopoulos +Date: Thu Apr 14 11:11:01 2016 +0200 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Thu Apr 14 11:02:59 2016 +0200 + + doc: updated docs related to private key generation + +Author: Nikos Mavrogiannopoulos +Date: Thu Apr 14 10:54:49 2016 +0200 + + certtool: do not allow combining --provable with --ecc in key generation + + There is no such support in the library. + +Author: Nikos Mavrogiannopoulos +Date: Thu Apr 14 10:33:55 2016 +0200 + + updated auto-generated files for new APIs + +Author: Nikos Mavrogiannopoulos +Date: Thu Apr 14 10:28:36 2016 +0200 + + doc: added tlsproxy example reference into documentation + +Author: Nikos Mavrogiannopoulos +Date: Wed Apr 13 15:55:56 2016 +0200 + + tests: pem-decoding: fixed issue preventing out-of-tree checks + +Author: Nikos Mavrogiannopoulos +Date: Wed Apr 13 15:48:58 2016 +0200 + + tests: pem-decoding: use unique temp files + +Author: Nikos Mavrogiannopoulos +Date: Wed Apr 13 14:06:02 2016 +0200 + + tests: enhanced mini-x509-kx with ECDHE-ECDSA ciphersuite testing + + Also renamed it to cert-key-exchange for easier tracking. + +Author: Nikos Mavrogiannopoulos +Date: Wed Apr 13 13:59:02 2016 +0200 + + handshake: do not overwrite the server's signature algorithm + + That is, correct a bug under which a client sending a certificate + would overwrite the server's idea about the used signature algorithm. + Reported by Hubert Kario. + +Author: Nikos Mavrogiannopoulos +Date: Wed Apr 13 13:50:59 2016 +0200 + + tests: enhanced mini-x509-kx with client auth scenarios + +Author: Nikos Mavrogiannopoulos +Date: Wed Apr 13 13:39:38 2016 +0200 + + tests: verify that the output of gnutls_sign_algorithm_get() is the expected one + +Author: Nikos Mavrogiannopoulos +Date: Wed Apr 13 13:06:23 2016 +0200 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Wed Apr 13 11:43:56 2016 +0200 + + ocsp: increased the preallocated space in check_ocsp_purpose to account for null terminator + + This relates to gnutls_x509_crt_get_key_purpose_oid() change to + return null-terminated OIDs. + +Author: Nikos Mavrogiannopoulos +Date: Wed Apr 13 11:28:13 2016 +0200 + + tests: enhanced and simplified SHA3 tests + + Included checks about SHA3-224 and SHA3-384. + +Author: Nikos Mavrogiannopoulos +Date: Wed Apr 13 11:05:19 2016 +0200 + + tests: added check of GOST cert decoding/printing + + This verifies whether our printing functions print the + OID on unknown/unsupported algorithms. + +Author: Nikos Mavrogiannopoulos +Date: Wed Apr 13 11:04:12 2016 +0200 + + x509 output: print the OID of certificates/CRLs/CRQs with unknown algorithms + + That is, if any unknown signature or subject public key algorithm is + encountered the OID will be printed instead. + +Author: Nikos Mavrogiannopoulos +Date: Wed Apr 13 10:27:14 2016 +0200 + + tests: added basic tests for CSR parsing + + This mainly includes tests on the new gnutls_x509_crq_get_signature_oid() + and gnutls_x509_crt_get_algorithm_oid(). + +Author: Nikos Mavrogiannopoulos +Date: Wed Apr 13 10:16:29 2016 +0200 + + tests: added basic tests on CRL parsing + + That includes testing on the new gnutls_x509_crl_get_signature_oid() + +Author: Nikos Mavrogiannopoulos +Date: Wed Apr 13 09:51:46 2016 +0200 + + tests: added basic functionality tests for gnutls_x509_crt_get_*_oid + +Author: Nikos Mavrogiannopoulos +Date: Wed Apr 13 09:43:31 2016 +0200 + + Added gnutls_x509_crl_get_signature_oid + +Author: Nikos Mavrogiannopoulos +Date: Wed Apr 13 09:39:21 2016 +0200 + + Added gnutls_x509_crq_get_signature_oid and gnutls_x509_crq_get_pk_oid + +Author: Nikos Mavrogiannopoulos +Date: Wed Apr 13 09:17:08 2016 +0200 + + Added gnutls_x509_crt_get_signature_oid and gnutls_x509_crt_get_pk_oid + + These functions can directly provide the textual object identifier + of their corresponding fields. + +Author: Nikos Mavrogiannopoulos +Date: Wed Apr 13 09:03:56 2016 +0200 + + gnutls_x509_crt_get_key_purpose_oid: copy the OID as a null-terminated string + +Author: Nikos Mavrogiannopoulos +Date: Wed Apr 13 08:53:23 2016 +0200 + + sign: corrected digest in SHA3-224 OID mapping + +Author: Nikos Mavrogiannopoulos +Date: Tue Apr 12 22:53:57 2016 +0200 + + configure: corrected regression which prevented the build of tests/suite + + This regression was introduced at 8b97662c40c67a6d4087ce6e1f0c6fb6ea4a8b2c + +Author: Nikos Mavrogiannopoulos +Date: Tue Apr 12 22:25:06 2016 +0200 + + gnutls_x509_ext_import_policies: initialize value to avoid compiler warnings + +Author: Nikos Mavrogiannopoulos +Date: Tue Apr 12 22:21:02 2016 +0200 + + README: removed inexistent package + +Author: Nikos Mavrogiannopoulos +Date: Tue Apr 12 22:16:22 2016 +0200 + + common.mk: corrected typo on LDFLAGS for coverage + +Author: Nikos Mavrogiannopoulos +Date: Tue Apr 12 19:25:18 2016 +0200 + + danetool: corrected typo in manual [ci skip] + +Author: Nikos Mavrogiannopoulos +Date: Tue Apr 12 16:07:41 2016 +0200 + + gnutls_packet_get: avoid null pointer dereference on NULL input + + That is, still allow the function to handle a NULL packet + input but reset the data contents. + +Author: Nikos Mavrogiannopoulos +Date: Tue Apr 12 16:04:24 2016 +0200 + + gnutls_x509_privkey_verify_seed: corrected typo that made the function always return true + +Author: Nikos Mavrogiannopoulos +Date: Tue Apr 12 16:02:20 2016 +0200 + + _gnutls_asn2err: declared as constant function + +Author: Nikos Mavrogiannopoulos +Date: Tue Apr 12 15:37:38 2016 +0200 + + load_dir_certs: use readdir() in all platforms + + According to glibc documentation readdir_r() is deprecated + and the use of readdir() is recommended. As such we switch to + it on all platforms. + +Author: Nikos Mavrogiannopoulos +Date: Tue Apr 12 15:26:42 2016 +0200 + + tests: combined the resume checks for Anonymous and PSK ciphersuites + + In addition enhanced it to check the resumption on the certificate + ciphersuites as well. + +Author: Nikos Mavrogiannopoulos +Date: Tue Apr 12 14:21:04 2016 +0200 + + configure: Add a code coverage option + + Configure with: + ./configure --enable-code-coverage + Show coverage output with: + make && make check && make code-coverage-capture + +Author: Nikos Mavrogiannopoulos +Date: Tue Apr 12 14:17:26 2016 +0200 + + Makefile.am: moved common rules (AM_CFLAGS) to common.mk + +Author: Nikos Mavrogiannopoulos +Date: Tue Apr 12 12:12:40 2016 +0200 + + gnutls_ocsp_resp_get_single: fail if thisUpdate is not available or unparsable + + That is because this field is not optional, and a failure on its + parsing is always fatal. Reported by Yuan Jochen Kang. + +Author: Nikos Mavrogiannopoulos +Date: Tue Apr 12 12:08:35 2016 +0200 + + gnutls_x509_privkey_import2: document an intentional fall through + +Author: Nikos Mavrogiannopoulos +Date: Mon Apr 11 16:48:46 2016 +0200 + + README: add abi-compliance-checker into install instructions + +Author: Nikos Mavrogiannopoulos +Date: Mon Apr 11 08:49:11 2016 +0200 + + gnutls_x509_crt_get_key_usage: ensure that its returned value is properly handled + + Reported by Yuan Jochen Kang. + +Author: Nikos Mavrogiannopoulos +Date: Sun Apr 10 10:54:29 2016 +0200 + + tests: do not enable valgrind in non-git builds + +Author: Nikos Mavrogiannopoulos +Date: Sat Apr 9 13:38:47 2016 +0200 + + hash: corrected the textual description of hashes + +Author: Nikos Mavrogiannopoulos +Date: Sat Apr 9 13:34:39 2016 +0200 + + corrected SHA3-224 OID + +Author: Nikos Mavrogiannopoulos +Date: Sat Apr 9 13:31:54 2016 +0200 + + x509 output: don't warn about insecure algorithm when unknown + +Author: Nikos Mavrogiannopoulos +Date: Sat Apr 9 12:43:22 2016 +0200 + + tests: remove any system specific code of ecore + + This was causing issues with certain builds and + was not used for the purpose of testing. + +Author: Nikos Mavrogiannopoulos +Date: Sat Apr 9 11:51:34 2016 +0200 + + tests: disable unsupported curves from compatibility checks + + This allows running make check even when compiling with disable-suiteb-curves. + +Author: Nikos Mavrogiannopoulos +Date: Sat Apr 9 11:49:07 2016 +0200 + + tests: removed unused scripts + +Author: Nikos Mavrogiannopoulos +Date: Sat Apr 9 11:46:27 2016 +0200 + + .gitlab-ci.yml: combined C99 and undefined sanitizer builds + +Author: Nikos Mavrogiannopoulos +Date: Sat Apr 9 09:46:06 2016 +0200 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Sat Apr 9 09:43:49 2016 +0200 + + crywrap: was removed from gnutls tools + + Its inclusion did not increase the attention paid to this + tool, not provided any significant advantage to gnutls' users + thus it was unbundled from the main library. The tool can be found at + https://github.com/nmav/crywrap + +Author: Nikos Mavrogiannopoulos +Date: Sat Apr 9 08:17:53 2016 +0200 + + minitasn1: updated to latest git version + +Author: Nikos Mavrogiannopoulos +Date: Fri Apr 8 19:46:36 2016 +0200 + + doc: Replace references to select with poll and other fixes + +Author: Nikos Mavrogiannopoulos +Date: Fri Apr 8 19:40:28 2016 +0200 + + doc: replace inaccurate sentence with reference to gnutls_record_discard_queued [ci skip] + +Author: Nikos Mavrogiannopoulos +Date: Fri Apr 8 15:40:06 2016 +0200 + + gnutls_record_get_direction: doc update [ci skip] + +Author: Nikos Mavrogiannopoulos +Date: Fri Apr 8 14:13:26 2016 +0200 + + tests: reduce the number of loops in x509sign-verify2 + + This enables running the test in reasonable time under valgrind. + +Author: Nikos Mavrogiannopoulos +Date: Fri Apr 8 13:36:44 2016 +0200 + + pkix.asn: corrected byKey definition + + OCSP is defined in an EXPLICIT tags module, and as such + we must tag explicitly all of its tags. + +Author: Nikos Mavrogiannopoulos +Date: Tue Apr 5 13:22:29 2016 +0200 + + tests: check the generation of IP name constraints with certtool + +Author: Nikos Mavrogiannopoulos +Date: Tue Apr 5 13:21:53 2016 +0200 + + certtool: allow generating IP name constraints + + Relates #83 + +Author: Nikos Mavrogiannopoulos +Date: Tue Apr 5 13:16:07 2016 +0200 + + _gnutls_parse_general_name2: allow parsing empty names + + This allows parsing empty general names such as an empty DNSname + used in name constraints. + +Author: Nikos Mavrogiannopoulos +Date: Tue Apr 5 11:54:50 2016 +0200 + + name constraints: enforce the rules for IP constraints when adding + + This will prevent gnutls from generating badly formed certificates. + +Author: Nikos Mavrogiannopoulos +Date: Tue Apr 5 10:36:05 2016 +0200 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Tue Apr 5 10:33:18 2016 +0200 + + .gitignore: more files to ignore + +Author: Daiki Ueno +Date: Wed Mar 16 14:21:41 2016 +0900 + + name constraints: compute permitted set strictly + + RFC 5280 6.1.4. states that the permitted_subtrees variable is + constructed as an intersection of its previous value. + + Co-authored-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Apr 5 09:08:14 2016 +0200 + + .gitlab-ci.yml: added C99 target for the library + + This compiles the library using gcc options for the C99 + standard. + +Author: Nikos Mavrogiannopoulos +Date: Tue Apr 5 08:44:34 2016 +0200 + + README: updated libtasn1 URL [ci skip] + +Author: Nikos Mavrogiannopoulos +Date: Sun Apr 3 09:46:24 2016 +0200 + + x86-common: increase the size of _gnutls_x86_cpuid_s to match the size of assembly files + + This resolves issue on certain platforms (e.g., windows) where ld would simply fail, + instead of allocate the largest size of the variable. + +Author: Nikos Mavrogiannopoulos +Date: Sat Apr 2 12:56:45 2016 +0200 + + ocsptool: use HTTP/1.0 for requests + + This avoids issue with servers serving chunk encoding which + ocsptool doesn't support. Reported by Thomas Klute. + +Author: Nikos Mavrogiannopoulos +Date: Sat Apr 2 12:02:08 2016 +0200 + + gnutls_init(): refer to gnutls_init_flags_t for the documentation of available flags + +Author: Nikos Mavrogiannopoulos +Date: Sat Apr 2 11:16:19 2016 +0200 + + README.CODING_STYLE: set C99 as the C dialect of choice + +Author: Nikos Mavrogiannopoulos +Date: Fri Apr 1 11:10:56 2016 +0200 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Fri Apr 1 11:08:38 2016 +0200 + + tests: added check for system priority file loading and parsing + + This checks whether the file is properly loaded and its contents + are parsed as expected. + +Author: Nikos Mavrogiannopoulos +Date: Fri Apr 1 10:46:12 2016 +0200 + + priorities: preload the system priorities on library loading time + + This allows to rely on the system priorities even in the case of + applications that chroot(). This also introduces the environment + variable GNUTLS_SYSTEM_PRIORITY_FILE which can be used to override + the global priority file. + +Author: Nikos Mavrogiannopoulos +Date: Thu Mar 31 17:25:45 2016 +0200 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Thu Mar 31 17:24:37 2016 +0200 + + tests: added check of verification using MD5 with and without --verify-allow-broken + + This tests certtool and whether it fails verification of MD5 chains + with no --verify-allow-broken, or whether it succeeds if given. + +Author: Nikos Mavrogiannopoulos +Date: Thu Mar 31 17:15:34 2016 +0200 + + tests: added PKCS #7 signing/verification test with broken sigs (MD5) + + This tests whether we can sign structures using broken algorithms (MD5), + and verify structures signed with broken algoritms if --verify-allow-broken + is given to certtool. + +Author: Nikos Mavrogiannopoulos +Date: Thu Mar 31 16:58:37 2016 +0200 + + certtool: added flag to allow verification using broken algorithms + +Author: Nikos Mavrogiannopoulos +Date: Thu Mar 31 09:46:44 2016 +0200 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Thu Mar 31 10:29:59 2016 +0200 + + tests: check whether resumption data from resumed session work + +Author: Nikos Mavrogiannopoulos +Date: Thu Mar 31 09:40:09 2016 +0200 + + session resumption: lift the limitation of calling gnutls_session_get_data*() on non-resumed sessions + + This allows of obtaining the session data required for proper session resumption + from any available session. This brings the API in par with expectations of its + users. + + Resolves #79 + +Author: Nikos Mavrogiannopoulos +Date: Thu Mar 31 09:45:43 2016 +0200 + + dtls: added missing dtls.h to state.c + +Author: Nikos Mavrogiannopoulos +Date: Wed Mar 30 12:24:09 2016 +0200 + + tests: added check for gnutls_record_set_state() under DTLS + +Author: Nikos Mavrogiannopoulos +Date: Wed Mar 30 11:37:49 2016 +0200 + + dtls: reset the record number sliding window on gnutls_record_set_state() + + This addresses issue where gnutls_record_set_state() was called with a + new state but the sliding window information was not updated, thus + blocking any incoming packets. + + Resolves #82 + +Author: Nikos Mavrogiannopoulos +Date: Wed Mar 30 10:13:18 2016 +0200 + + x509/output: simplified cidr_to_string() + +Author: Nikos Mavrogiannopoulos +Date: Tue Mar 29 16:14:15 2016 +0200 + + .gitignore: more files to ignore + +Author: Nikos Mavrogiannopoulos +Date: Tue Mar 29 16:11:36 2016 +0200 + + tests: check gnutls_record_get_state() with DTLS + + Since in DTLS we relied on a sliding window to keep track of the + sequence numbers we didn't provide a sensible value to application + via gnutls_record_get_state(). This test makes sure that we report + the "correct" value when asked. Correct being the next number after + the last received packet. + +Author: Nikos Mavrogiannopoulos +Date: Tue Mar 29 15:52:59 2016 +0200 + + DTLS: save last valid record sequence number + + This will allow to report a valid number to gnutls_record_get_state() callers + in case of DTLS. Reported by Fridolin Pokorny. + +Author: Nikos Mavrogiannopoulos +Date: Tue Mar 29 15:34:37 2016 +0200 + + tests: delete outfile in certtool-long-cn + +Author: Nikos Mavrogiannopoulos +Date: Tue Mar 29 15:33:27 2016 +0200 + + tests: verify the output of name constraints IP decoding + +Author: Nikos Mavrogiannopoulos +Date: Tue Mar 29 15:04:11 2016 +0200 + + x509/output: print RFC5280 CIDRs in name constraints + +Author: Nikos Mavrogiannopoulos +Date: Tue Mar 29 14:11:56 2016 +0200 + + tests: check the sequence numbers produced by gnutls_record_get_state() + +Author: Nikos Mavrogiannopoulos +Date: Tue Mar 29 14:08:58 2016 +0200 + + gnutls_record_get_state: Allow for NULL parameters + +Author: Nikos Mavrogiannopoulos +Date: Thu Mar 24 07:13:59 2016 +0100 + + ocsptool: eliminated memory leaks in verify-response option + +Author: Nikos Mavrogiannopoulos +Date: Thu Mar 24 07:12:34 2016 +0100 + + ocsptool: don't exit with error code on verification failures when --ignore-errors is given + +Author: Nikos Mavrogiannopoulos +Date: Wed Mar 23 23:15:24 2016 +0100 + + tests: added OCSP related checks + +Author: Nikos Mavrogiannopoulos +Date: Wed Mar 23 23:14:01 2016 +0100 + + ocsptool: exit with error on verification failures + +Author: Nikos Mavrogiannopoulos +Date: Wed Mar 23 23:00:53 2016 +0100 + + ocsp: gnutls_ocsp_resp_verify_direct will skip additional checks for certificates matching issuer + + That eliminates issue with ocsptool rejecting OCSP responses signed + by the same CA that signed the certificate. Reported by Thomas Klute. + +Author: Nikos Mavrogiannopoulos +Date: Wed Mar 23 22:46:16 2016 +0100 + + ocsptool: Allow saving responses even if verification fails + + In addition do not enter a spurious newline to responses. + +Author: Maya Rashish +Date: Wed Mar 23 18:04:07 2016 +0200 + + Avoid using strerror in dtls stress test + + Using it results in build failure on NetBSD: + undefined reference to `rpl_strerror' + +Author: Maya Rashish +Date: Wed Mar 23 16:08:02 2016 +0200 + + Add missing header to testsuite + + This causes a problem for NetBSD+clang tests, because SIGTERM and + kill are undefined. + + Resolves #80 + + Signed-off-by: Maya Rashish + +Author: Nikos Mavrogiannopoulos +Date: Wed Mar 23 10:39:59 2016 +0100 + + session tickets: avoid GCM for session tickets and rely on CBC and HMAC + + The latter is more resilient against non-key renewal. + +Author: Jaak Ristioja +Date: Mon Feb 15 12:14:52 2016 +0200 + + Broke apart _gnutls_recv_int() to the packet and non-packet cases. + + Only gnutls_record_recv_packet() called _gnutls_recv_int() with + (packet != NULL). I refactored this logic directly downstream into + gnutls_record_recv_packet(). The _gnutls_recv_int() function now only + handles non-packet specific logic. The check_session_status() function + was created to deduplicate common code which would otherwise have + ended up in both functions. + + The rationale behind this change is to optimize what were previously + calls of _gnutls_recv_int(). First of all _gnutls_recv_int() now has + only 6 parameters, which according to the x86_64 System V Application + Binary Interface should now fit into CPU registers and no longer use + the stack. Secondly this change avoids a number of branching checks + for both packet and non-packet cases. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Mar 21 11:29:08 2016 +0100 + + gnutls-cli: corrected usage of gnutls_session_get_data() + + This is no longer called on resumed sessions, allowing more than + one resumption in servers which use tickets and don't resend the ticket + on subsequent connections. + +Author: Nikos Mavrogiannopoulos +Date: Fri Mar 18 13:10:40 2016 +0100 + + testcompat-openssl: enable TLS 1.2 tests with openssl 1.0.1+ + +Author: Nikos Mavrogiannopoulos +Date: Fri Mar 18 11:21:35 2016 +0100 + + tests: verify that the post-client-hello callback has access to ALPN data + +Author: Nikos Mavrogiannopoulos +Date: Fri Mar 18 10:35:46 2016 +0100 + + .gitlab-ci.yml: don't use git submodule update, not needed for our testsuite + +Author: Yuriy M. Kaminskiy +Date: Tue Mar 15 18:21:32 2016 +0300 + + alpn: ALPN state is per-connection, it should not be saved with session data + + In addition the extension was moved to the mandatory to parse to ensure it + is always parsed when sessions are resumed. + + rfc7301: + Unlike many other TLS extensions, this extension does not establish + properties of the session, only of the connection. When session + resumption or session tickets [RFC5077] are used, the previous + contents of this extension are irrelevant, and only the values in the + new handshake messages are considered. + + Signed-off-by: Yuriy M. Kaminskiy + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Mar 18 09:44:40 2016 +0100 + + tests: added checks for session resumption and ALPN + + This checks whether the ALPN extension is re-read on + resumption and is negotiated. + +Author: Nikos Mavrogiannopoulos +Date: Wed Mar 16 10:00:17 2016 +0100 + + x86-common: CPUID override will only work if CPU has already the capability present + + This resolves test suite failure on CPUs with limited capabilities. + Reported by Andreas Metzler. + +Author: Nikos Mavrogiannopoulos +Date: Thu Feb 11 17:35:12 2016 +0100 + + Introduced GNUTLS_E_ASN1_EMBEDDED_NULL_IN_STRING + + This error code is returned when an embedded NULL is detected in + a string. + +Author: Nikos Mavrogiannopoulos +Date: Wed Mar 16 21:03:54 2016 +0100 + + gnutls_server_name_set: accept non-null terminated hostnames + + The introduction of IDNA support introduced a regression and this + function does not operate correctly when given non-null terminated + strings. Reported by Tim Ruehsen. + + Relates #78 + +Author: Nikos Mavrogiannopoulos +Date: Wed Mar 16 20:57:31 2016 +0100 + + tests: added check for non-null terminated server name + + This checks whether a non-null terminated server name, but with + correct length is correctly accepted by gnutls_server_name_set(). + + Relates #78 + +Author: Nikos Mavrogiannopoulos +Date: Tue Mar 15 12:00:39 2016 +0100 + + tests: template-test was updated for OCSP key purpose reordering + +Author: Ludovic Courtès +Date: Mon Mar 14 10:44:08 2016 +0100 + + guile: doc: Mention bytevectors. + + * doc/gnutls-guile.texi (Representation of Binary Data): Mention bytevectors. + (Input and Output): Likewise. + +Author: Ludovic Courtès +Date: Mon Mar 14 10:44:07 2016 +0100 + + guile: doc: Explain "Application Data" packets and 'session-record-port'. + + * doc/gnutls-guile.texi (Input and Output): Mention "Application Data" + packets and buffering. + +Author: Nikos Mavrogiannopoulos +Date: Tue Mar 15 11:20:16 2016 +0100 + + certtool: do not require a CA for OCSP signing + + This follows the recommendations in RFC6960 in 4.2.2.2 + which allow a CA to delegate OCSP signing to another certificate + without requiring it to be a CA. + + Reported by Thomas Klute. + +Author: Nikos Mavrogiannopoulos +Date: Mon Mar 14 14:06:01 2016 +0100 + + doc: updated text for gnutls_ocsp_status_request_is_checked() + + Relates #75 + +Author: Nikos Mavrogiannopoulos +Date: Mon Mar 14 13:56:17 2016 +0100 + + doc: clarified expectations on gnutls_datum_t + + Relates #77 + +Author: Nikos Mavrogiannopoulos +Date: Sun Mar 13 20:55:02 2016 +0100 + + doc update: gnutls_handshake_set_false_start_function() [ci skip] + +Author: Nikos Mavrogiannopoulos +Date: Sun Mar 13 11:39:22 2016 +0100 + + abi-check: corrected type of gnutls_x509_crl_get_issuer_dn + + That will avoid any accidental ABI breakage on that symbol. + +Author: Nikos Mavrogiannopoulos +Date: Fri Mar 11 14:45:02 2016 +0100 + + .gitlab-ci.yml: added abi-checker rule + + This allows to test ABI incompatibilities as soon as possible. + +Author: Nikos Mavrogiannopoulos +Date: Fri Mar 11 14:36:39 2016 +0100 + + Makefile: made abi-checks self-contained + + That is, they no longer assume a given directory structure to exist + outside git. It now includes a static dump of the symbols in 3.4.0 + for x86_64 and we compare with it. + +Author: Nikos Mavrogiannopoulos +Date: Fri Mar 11 11:52:17 2016 +0100 + + certtool: better error handling in file_size() + +Author: Nikos Mavrogiannopoulos +Date: Fri Mar 11 11:47:12 2016 +0100 + + gnutls-cli: fix invalid initialization in cert_verify_ocsp() + +Author: Nikos Mavrogiannopoulos +Date: Fri Mar 11 11:45:23 2016 +0100 + + gnutls-serv: human_addr always returns a non-null argument + + This addresses issue with libc's which don't support printf() with + a NULL argument. + +Author: Nikos Mavrogiannopoulos +Date: Tue Mar 8 15:10:07 2016 +0100 + + tests: testpkcs11: the test will always fail in code path failures + +Author: Nikos Mavrogiannopoulos +Date: Tue Mar 8 10:12:22 2016 +0100 + + README: list the main branches build status [ci skip] + +Author: Nikos Mavrogiannopoulos +Date: Mon Mar 7 11:50:34 2016 +0100 + + gnutls_system_recv_timeout: restore poll on EINTR + +Author: Nikos Mavrogiannopoulos +Date: Mon Mar 7 10:47:43 2016 +0100 + + doc: corrected typo [ci skip] + +Author: Nikos Mavrogiannopoulos +Date: Mon Mar 7 10:42:14 2016 +0100 + + gnutls_ocsp_status_request_is_checked: document the version the flag was introduced at + + Relates: #75 + +Author: Nikos Mavrogiannopoulos +Date: Mon Mar 7 10:25:57 2016 +0100 + + doc: generate manpages for all functions + + That addresses issue where certain manpages were created empty. + See https://bugzilla.redhat.com/show_bug.cgi?id=1306800 + +Author: Nikos Mavrogiannopoulos +Date: Mon Mar 7 10:11:37 2016 +0100 + + doc: mention gnutls_certificate_set_x509_trust_dir() + + It was not mentioned in the "Client or server certificate verification" + section. + + Resolves #76 + +Author: Nikos Mavrogiannopoulos +Date: Mon Mar 7 09:30:44 2016 +0100 + + tests: mini-loss-time: improved timeout detection + +Author: Nikos Mavrogiannopoulos +Date: Fri Mar 4 10:16:51 2016 +0100 + + corrected typo in comment [ci skip] + +Author: Nikos Mavrogiannopoulos +Date: Tue Mar 1 16:23:55 2016 +0100 + + configure: silence clang's warnings + +Author: Nikos Mavrogiannopoulos +Date: Thu Mar 3 14:24:13 2016 +0100 + + tests: added check for version negotiation default prio string + + That verifies whether the support versions are negotiated. + +Author: Nikos Mavrogiannopoulos +Date: Thu Mar 3 09:05:32 2016 +0100 + + tests: include test-hash-large into dist + +Author: Nikos Mavrogiannopoulos +Date: Thu Mar 3 08:50:48 2016 +0100 + + Sync with TP [ci skip] + +Author: Ludovic Courtès +Date: Wed Mar 2 09:59:19 2016 +0100 + + Update NEWS. + +Author: Nikos Mavrogiannopoulos +Date: Tue Mar 1 14:50:42 2016 +0100 + + Disable weak symbols for _gnutls_global_init_skip() under windows + + That is to avoid an issue with running gnutls under windows; + that renders GNUTLS_SKIP_GLOBAL_INIT a no-op under windows. + + Relates #74 + +Author: Nikos Mavrogiannopoulos +Date: Tue Mar 1 13:19:29 2016 +0100 + + .gitlab-ci.yml: asan, clang and valgrind builds were made arch-independent + +Author: Nikos Mavrogiannopoulos +Date: Mon Feb 29 20:49:09 2016 +0100 + + tests: pkcs12: allow multiple in-place builds + +Author: Nikos Mavrogiannopoulos +Date: Mon Feb 29 19:41:33 2016 +0100 + + tests: pkcs1-pad,rsa-md5-collision: allow multiple in-place builds + +Author: Nikos Mavrogiannopoulos +Date: Mon Feb 29 17:12:49 2016 +0100 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Mon Feb 29 17:06:12 2016 +0100 + + gnutls-cli: fail if gnutls is not compiled with DANE support and --dane is provided + + Suggested by Bjorn Jacke. + +Author: Nikos Mavrogiannopoulos +Date: Mon Feb 29 13:23:25 2016 +0100 + + tests: always used the slow (portable) version of get16bits + + This prevents issues with misaligned addresses and undefined sanitizer. + +Author: Nikos Mavrogiannopoulos +Date: Mon Feb 29 12:46:47 2016 +0100 + + timespec_sub_ms: fixed operation in 32-bit systems + +Author: Nikos Mavrogiannopoulos +Date: Mon Feb 29 10:23:20 2016 +0100 + + .gitlab-ci.yml: don't use the internal libtasn1 when compiling with libubsan + + This prevents build failures due to issues in libtasn1 + +Author: Nikos Mavrogiannopoulos +Date: Mon Feb 29 10:22:13 2016 +0100 + + tests: Fixes to prevent undefined behavior (found with libubsan) + +Author: Nikos Mavrogiannopoulos +Date: Mon Feb 29 10:18:58 2016 +0100 + + pkcs11: Fixes to prevent undefined behavior (found with libubsan) + +Author: Nikos Mavrogiannopoulos +Date: Mon Feb 29 09:58:40 2016 +0100 + + cipher.c: Fixes to prevent undefined behavior (found with libubsan) + +Author: Nikos Mavrogiannopoulos +Date: Mon Feb 29 09:57:40 2016 +0100 + + ecc: optimized extension parsing + +Author: Nikos Mavrogiannopoulos +Date: Mon Feb 29 09:48:12 2016 +0100 + + opencdk: Fixes to prevent undefined behavior (found with libubsan) + +Author: Nikos Mavrogiannopoulos +Date: Mon Feb 29 09:48:02 2016 +0100 + + gnutls.h: Fixes to prevent undefined behavior (found with libubsan) + +Author: Nikos Mavrogiannopoulos +Date: Mon Feb 29 09:43:32 2016 +0100 + + x509: Fixes to prevent undefined behavior (found with libubsan) + +Author: Nikos Mavrogiannopoulos +Date: Mon Feb 29 09:27:23 2016 +0100 + + x509: cleanup in privkey.c + +Author: Andreas Metzler +Date: Sun Feb 28 15:35:01 2016 +0100 + + Let p11tool --provider option accept filenames. + + Drop 'file-exists = yes;' to allow specifying either an absolute pathname + or a file in P11_MODULE_PATH. + +Author: Nikos Mavrogiannopoulos +Date: Sun Feb 28 13:01:11 2016 +0100 + + .gitlab-ci.yml: abort on ubsan errors + +Author: Nikos Mavrogiannopoulos +Date: Sun Feb 28 12:12:09 2016 +0100 + + p11tool: addressed memory leaks + +Author: Nikos Mavrogiannopoulos +Date: Sun Feb 28 10:45:02 2016 +0100 + + tests: use 'datefudge -s' to avoid loops + + This avoids repeated loops of the same test as well as + random failures in the test suite. + +Author: Nikos Mavrogiannopoulos +Date: Sat Feb 27 22:37:21 2016 +0100 + + tests: krb5-test: increased the number of loops + + This should prevent random failures in the test suite. + +Author: Nikos Mavrogiannopoulos +Date: Sat Feb 27 22:23:34 2016 +0100 + + .gitlab-ci.yml: asan and ubsan include the suite/ + +Author: Nikos Mavrogiannopoulos +Date: Tue Feb 23 10:35:14 2016 +0100 + + .gitignore: more files to ignore + +Author: Nikos Mavrogiannopoulos +Date: Tue Feb 23 10:33:18 2016 +0100 + + doc: documented false start functionality + +Author: Nikos Mavrogiannopoulos +Date: Tue Feb 23 10:23:57 2016 +0100 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Tue Feb 23 10:14:53 2016 +0100 + + tests: Added checks for false start operation + +Author: Nikos Mavrogiannopoulos +Date: Tue Feb 23 09:40:26 2016 +0100 + + Added gnutls_handshake_set_false_start_function() + + This function allows to use TLS False-start, by using the provided + function to send data just after finished message. + +Author: Nikos Mavrogiannopoulos +Date: Sat Feb 27 21:54:51 2016 +0100 + + tests: enable softhsmv2 test suite by default + + Also do not fatally fail with known softhsmv2 bugs. + +Author: Jan Vcelak +Date: Fri Feb 26 16:17:48 2016 +0100 + + pkcs11: tests for RSA, ECC, DSA private key import + + Signed-off-by: Jan Vcelak + +Author: Jan Vcelak +Date: Fri Feb 26 16:17:47 2016 +0100 + + pkcs11: tests for DSA key generating + + Signed-off-by: Jan Vcelak + +Author: Nikos Mavrogiannopoulos +Date: Sat Feb 27 17:56:36 2016 +0100 + + added getpid() to the list of system calls used + +Author: Nikos Mavrogiannopoulos +Date: Fri Feb 26 14:41:12 2016 +0100 + + .gitlab-ci.yml: added compilation rule with libubsan + +Author: Jan Vcelak +Date: Thu Feb 25 16:43:36 2016 +0100 + + gnutls_x509_privkey_import: add missing algorithm setting for DSA keys + + The algorithm number was set only in the private key structure, not in + the nested structure with parameters. This made certain operations to + fail (e.g., copying the key into a PKCS #11 token). + + Signed-off-by: Jan Vcelak + +Author: Jan Vcelak +Date: Thu Feb 25 15:21:30 2016 +0100 + + pkcs11: implement correct DSA key pair generating + + Signed-off-by: Jan Vcelak + +Author: Jan Vcelak +Date: Thu Feb 25 15:21:29 2016 +0100 + + pkcs11: add interface for C_GenerateKey + + Signed-off-by: Jan Vcelak + +Author: Nikos Mavrogiannopoulos +Date: Fri Feb 26 12:00:55 2016 +0100 + + better match with unknown_tls_aid + +Author: Nikos Mavrogiannopoulos +Date: Fri Feb 26 11:54:05 2016 +0100 + + x509: moved time-specific functions to time.c + +Author: Sebastian Dröge +Date: Wed Feb 24 12:42:26 2016 +0200 + + configure: Android is ELF too + + Without this, compiling Android for x86 or x86-64 fails because the assembly + optimizations are not compiled in. + +Author: Nikos Mavrogiannopoulos +Date: Thu Feb 25 15:45:04 2016 +0100 + + mentioned the public git URL for cloning [ci skip] + +Author: Nikos Mavrogiannopoulos +Date: Wed Feb 24 15:12:23 2016 +0100 + + doc update [ci skip] + +Author: Nikos Mavrogiannopoulos +Date: Wed Feb 24 14:55:19 2016 +0100 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Wed Feb 24 14:53:59 2016 +0100 + + tests: check functions which export session parameters + + That is gnutls_session_get_random() and gnutls_session_get_master_secret(). + +Author: Nikos Mavrogiannopoulos +Date: Wed Feb 24 14:43:17 2016 +0100 + + Added gnutls_session_get_master_secret + + This provides the ability to export all session parameters in various + formats. + + Resolves #64 + +Author: Nikos Mavrogiannopoulos +Date: Mon Feb 22 15:51:11 2016 +0100 + + tests: gnutls_session_get_flags() is checked for extended master secret + +Author: Nikos Mavrogiannopoulos +Date: Mon Feb 22 15:49:25 2016 +0100 + + tests: check gnutls_session_get_flags() for EtM + +Author: Nikos Mavrogiannopoulos +Date: Mon Feb 22 15:46:33 2016 +0100 + + tests: check gnutls_session_get_flags() for safe renegotiation + +Author: Nikos Mavrogiannopoulos +Date: Mon Feb 22 15:26:46 2016 +0100 + + Added gnutls_session_get_flags() + + This function would allow to simplify handling of future + flags which we may want to indicate, and would not require + API additions for new flags. + +Author: Nikos Mavrogiannopoulos +Date: Mon Feb 22 11:57:30 2016 +0100 + + Revert ".gitlab-ci.yml: disable guile tests" + + This reverts commit 50ce516eebaf011f041002ecbfdb61b113159282. + +Author: Ludovic Courtès +Date: Sun Feb 21 18:58:35 2016 +0100 + + guile: Fix out-of-tree builds. + + This fixes a regression introduced in 3045a96. + + * guile/Makefile.am (.in.scm): Make the parent directory of $@. + +Author: Nikos Mavrogiannopoulos +Date: Thu Feb 18 17:04:24 2016 +0100 + + Improved documentation in _gnutls_sort_clist + +Author: Nikos Mavrogiannopoulos +Date: Thu Feb 18 16:43:51 2016 +0100 + + gnutls_x509_crt_list_import: corrected memory leak + + This was triggered if GNUTLS_X509_CRT_LIST_FAIL_IF_UNSORTED was specified + and a failure occurred. + +Author: Nikos Mavrogiannopoulos +Date: Thu Feb 18 15:59:31 2016 +0100 + + _gnutls_sort_clist: fixed issues when used with func option + + This function would incorrectly call func() on elements that were + included in the list, and would not call func() if the size of the + final chain was one. + +Author: Nikos Mavrogiannopoulos +Date: Thu Feb 18 15:10:54 2016 +0100 + + tests: added tests for gnutls_pcert_list_import_x509_raw() + +Author: Nikos Mavrogiannopoulos +Date: Thu Feb 18 14:29:20 2016 +0100 + + ext master secret: ensure we disable ext master secret if requested + + That is, on rehandshakes, as on the standard handshakes it is disabled + by default. + +Author: Nikos Mavrogiannopoulos +Date: Thu Feb 18 14:18:04 2016 +0100 + + tests: verify that we do not allow rehandshakes without ext master + + That is, if we have an initial session which uses the extended master + secret do not allow subsequent rehandshakes to skip it. + +Author: Nikos Mavrogiannopoulos +Date: Thu Feb 18 11:53:20 2016 +0100 + + tests: sha3-test: use different dates for generation and validation + +Author: Nikos Mavrogiannopoulos +Date: Thu Feb 18 10:55:32 2016 +0100 + + certtool: eliminated memory leaks + +Author: Nikos Mavrogiannopoulos +Date: Thu Feb 18 10:28:33 2016 +0100 + + bumped the version of max algorithm num to account for new signing algorithms + +Author: Nikos Mavrogiannopoulos +Date: Thu Feb 18 09:17:17 2016 +0100 + + src: added systemkey-args to BUILT_SOURCES + +Author: Nikos Mavrogiannopoulos +Date: Wed Feb 17 15:19:08 2016 +0100 + + tests: simplified sha3-test + +Author: Nikos Mavrogiannopoulos +Date: Wed Feb 17 05:43:24 2016 +0100 + + cross.mk: updated for gnutls 3.4.9, nettle 3.2, gmp 6.1.0 and p11-kit 0.23.2 [ci skip] + +Author: Nikos Mavrogiannopoulos +Date: Tue Feb 16 16:46:54 2016 +0100 + + .gitlab-ci.yml: disable guile tests + + This prevents the test suite from failing. + +Author: Nikos Mavrogiannopoulos +Date: Tue Feb 16 16:40:09 2016 +0100 + + doc update [ci skip] + +Author: Nikos Mavrogiannopoulos +Date: Thu Feb 11 16:18:00 2016 +0100 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Thu Feb 11 16:13:12 2016 +0100 + + tests: resume: check whether the server does not resume in ext master secret mismatch + + Relates #69 + +Author: Nikos Mavrogiannopoulos +Date: Thu Feb 11 16:10:31 2016 +0100 + + Ensure that session resumption does not occur when ext master secret status changes + + That is we make sure the server doesn't resume when: + 1. Original session had extended master secret but not advertised in resumed + 2. Original session did not have extended master secret but is advertised in resumed + + Relates #69 + +Author: Nikos Mavrogiannopoulos +Date: Thu Feb 11 14:45:40 2016 +0100 + + tests: resume: simplified structure assignment using C99 syntax + +Author: Nikos Mavrogiannopoulos +Date: Mon Feb 15 10:52:55 2016 +0100 + + tests: added certification generation tests with SHA-3 tests + +Author: Nikos Mavrogiannopoulos +Date: Mon Feb 15 10:37:57 2016 +0100 + + Added NIST's OIDs for SHA3 signature algorithms + + This allows to generate certificates signed with SHA3. + +Author: Ludovic Courtès +Date: Thu Feb 11 23:04:38 2016 +0100 + + guile: Work around lack of 'eval-when' on 1.8. + + * guile/modules/gnutls.in (eval-when) [!guile-2]: New macro. + +Author: Ludovic Courtès +Date: Thu Feb 11 23:04:37 2016 +0100 + + guile: Install modules in versioned directory by default. + + * configure.ac: Change default 'GUILE_SITE' value to include + $guile_effective_version. + +Author: Ludovic Courtès +Date: Thu Feb 11 23:04:36 2016 +0100 + + guile: build: Make silent rules actually quiet. + + * guile/Makefile.am (.in.scm): Use $(AM_V_GEN) and $(AM_V_at). + * guile/src/Makefile.am (enums.h, enum-map.i.c) + (smobs.h, smob-types.i.c, %.x): Likewise. + +Author: Ludovic Courtès +Date: Thu Feb 11 23:04:35 2016 +0100 + + guile: Build and install .go files on Guile 2.x. + + * configure.ac: Check for 'guild' and substitute 'GUILD'. Define + 'HAVE_GUILD'. Substitute 'guileobjectdir'. Don't output + guile/modules/Makefile and guile/tests/Makefile. + * guile/modules/Makefile.am, guile/tests/Makefile.am: Remove. Move + contents to... + * guile/Makefile.am: ... here. + (SUBDIRS): Remove 'modules' and 'tests'. + +Author: Ludovic Courtès +Date: Thu Feb 11 23:04:34 2016 +0100 + + guile: doc: Change prompt in examples. + + * doc/gnutls-guile.texi (Guile Preparations): Use the prompt found in + 2.0. Change "libguile-gnutls-v-0" to "guile-gnutls-v-2". + +Author: Ludovic Courtès +Date: Thu Feb 11 23:04:33 2016 +0100 + + guile: tests: Add Guile 2.2 compatibility layer. + + This allows tests to run with Guile 2.1/2.2. + + * guile/modules/gnutls/build/tests.scm (define-replacement) [guile-2]: + New macro. + (uniform-vector-read!, uniform-vector-write) [guile-2]: New procedures. + * doc/gnutls-guile.texi (Guile Preparations): Mention 2.2. + +Author: Ludovic Courtès +Date: Thu Feb 11 23:04:32 2016 +0100 + + guile: tests: Make sure no processes are left behind. + + Before that, child processes would be left behind and become zombies. + + * guile/tests/anonymous-auth.scm, guile/tests/openpgp-auth.scm, + guile/tests/session-record-port.scm, guile/tests/x509-auth.scm: + Add (waitpid pid) call on the server side. + +Author: Ludovic Courtès +Date: Thu Feb 11 23:04:31 2016 +0100 + + guile: tests: Add 'with-child-process'. + + This makes sure that child processes always exit no matter what. + + * guile/modules/gnutls/build/tests.scm (define-syntax-rule) [!guile-2]: + New macro. + (call-with-child-process): New procedure. + (with-child-process): New macro. + * guile/tests/anonymous-auth.scm, guile/tests/openpgp-auth.scm, + guile/tests/session-record-port.scm, guile/tests/x509-auth.scm: Use it + instead of an explicit 'primitive-fork' call. + * guile/.dir-locals.el: New file. + * guile/Makefile.am (EXTRA_DIST): New variable. + +Author: Nikos Mavrogiannopoulos +Date: Mon Feb 15 09:52:10 2016 +0100 + + tests: mini-loss-time: ensure client timeouts after the server is + + This addresses issue with the server detecting the client disconnection + prior to its timeout. Reported by Steven Chamberlain, Andreas Metzler. + +Author: Jaak Ristioja +Date: Fri Feb 12 16:59:31 2016 +0200 + + Removed the invariant htype parameter of _gnutls_recv_int() + + All uses of _gnutls_recv_int() passed -1 as the htype argument of type + gnutls_handshake_description_t, which had been used for SSLv2 client + hellos. Introduced in 2001 with dc1122e7b6. + +Author: Nikos Mavrogiannopoulos +Date: Sun Feb 14 18:41:01 2016 +0100 + + provable RSA key generation: adjust the seed size based on N size + +Author: Nikos Mavrogiannopoulos +Date: Sun Feb 14 18:18:38 2016 +0100 + + provable RSA key generation: allow non-2048 and non-3072 keys + + That is enforce the 2048 and 3072-bit limit to FIPS when in FIPS140-2 + mode. + +Author: Nikos Mavrogiannopoulos +Date: Sat Feb 13 18:21:08 2016 +0100 + + DH/DSA: allow the generation of larger than 15360 bit parameters + +Author: Nikos Mavrogiannopoulos +Date: Sat Feb 13 14:50:19 2016 +0100 + + tests: eliminated mem leak in hash-large + +Author: Nikos Mavrogiannopoulos +Date: Fri Feb 12 15:16:55 2016 +0100 + + tests: check whether large buffer hashes and MAC work as expected + +Author: Nikos Mavrogiannopoulos +Date: Fri Feb 12 10:48:12 2016 +0100 + + nettle: use the correct type for hash and MAC functions + +Author: Nikos Mavrogiannopoulos +Date: Sat Feb 6 22:44:37 2016 +0100 + + provable prime generation: arbitrary seed lengths are accepted in non-FIPS mode + +Author: Nikos Mavrogiannopoulos +Date: Thu Feb 11 12:10:57 2016 +0100 + + gnutls-cli: improved indentation in benchmark output + +Author: Nikos Mavrogiannopoulos +Date: Thu Feb 11 11:43:27 2016 +0100 + + certtool: removed unused variable + +Author: Nikos Mavrogiannopoulos +Date: Thu Feb 11 11:00:15 2016 +0100 + + certtool: the --generate-dh-params option can be combined with --provable + + This however, will generate provable DSA parameters and import them + as DH parameters. + + Resolves #72 + +Author: Nikos Mavrogiannopoulos +Date: Thu Feb 11 10:42:34 2016 +0100 + + certtool: the --dh-info option will retrieve DH parameters from DSA keys + +Author: Nikos Mavrogiannopoulos +Date: Thu Feb 11 10:34:52 2016 +0100 + + tests: added check for gnutls_dh_params_import_dsa + +Author: Nikos Mavrogiannopoulos +Date: Thu Feb 11 10:05:58 2016 +0100 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Thu Feb 11 10:05:13 2016 +0100 + + Added gnutls_dh_params_import_dsa() which allows to import DSA parameters into DH ones + + This simplifies importing DSA private keys into DH parameters. + +Author: Nikos Mavrogiannopoulos +Date: Wed Feb 10 14:29:47 2016 +0100 + + tests: set_pkcs12_cred: existing tests are disabled when in FIPS140-2 mode + + The tests require access to the RC4 cipher which is not available. + +Author: Attila Molnar +Date: Wed Feb 10 10:55:15 2016 +0100 + + Fix memory leak in gnutls_certificate_set_ocsp_status_request_file() + + Signed-off-by: Attila Molnar + +Author: Attila Molnar +Date: Sat Feb 6 18:16:59 2016 +0100 + + doc: Update description of credential alloc/dealloc functions + + Get rid of "This structure is complex enough to manipulate directly..." + text which suggests that these functions are optional, "helper" functions + when in fact their usage is required for encapsulation reasons. + +Author: Nikos Mavrogiannopoulos +Date: Wed Feb 10 10:11:00 2016 +0100 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Mon Feb 8 11:23:33 2016 +0100 + + ALPN: added the GNUTLS_ALPN_SERVER_PRECEDENCE flag + + This allows the server to set precedence on the protocols + it supports, rather than following the client's order. + + Resolves #71 + +Author: Andreas Metzler +Date: Tue Feb 9 13:37:49 2016 +0100 + + improve doc on special keywords in priority string + + Special keywords in priority strings like %COMPAT may not be prefixed + with +, - or !, "NORMAL:+%COMPAT is invalid. + +Author: Attila Molnar +Date: Sat Feb 6 18:01:33 2016 +0100 + + doc: Fix some typos + +Author: Attila Molnar +Date: Sat Feb 6 17:50:05 2016 +0100 + + Remove remaining RSA-EXPORT support leftovers from doc and messages + +Author: Nikos Mavrogiannopoulos +Date: Wed Feb 3 09:20:05 2016 +0100 + + tests: pkcs11-pubkey-import-ecdsa will only work under softhsmv2 + +Author: Andreas Metzler +Date: Sun Jan 31 17:59:37 2016 +0100 + + Fix some more typos. + + certifcate, funtion, withing, missmatch + +Author: Nikos Mavrogiannopoulos +Date: Sat Jan 30 12:18:55 2016 +0100 + + tests: updated check to account for revert in 7d3caedb8df9d04eee9513cb5b3b417ae29927f5 + +Author: Nikos Mavrogiannopoulos +Date: Sat Jan 30 12:15:07 2016 +0100 + + Revert "tests: updated to account for cert generation after 2adb9b2bfb31afebbdd9f990e2b74c9a3d4e5c57 fix" + + This reverts commit 735dbde324be6c8785a3dea5f09c82b6a8ad298b. + +Author: Nikos Mavrogiannopoulos +Date: Sat Jan 30 11:15:13 2016 +0100 + + Revert "Fix out-of-bounds read in gnutls_x509_ext_export_key_usage" + + This was not really an out-of-bounds check. Added documentation + to make that clear. + + This reverts commit ffbc9aaea7dcf29c03784d128b83f0682357858d. + +Author: Nikos Mavrogiannopoulos +Date: Thu Jan 28 13:14:14 2016 +0100 + + certtool: corrected email escaping in texinfo + +Author: Nikos Mavrogiannopoulos +Date: Thu Jan 28 10:45:17 2016 +0100 + + Replaced select() system call with poll() on POSIX systems + + This allows to use the default gnutls functions with file descriptors + over the maximum supported by select. + +Author: Nikos Mavrogiannopoulos +Date: Mon Jan 25 11:08:21 2016 +0100 + + tests: windows: fixed check-output call + +Author: Nikos Mavrogiannopoulos +Date: Fri Jan 22 16:34:29 2016 +0100 + + tests: added dummy functions used by CAPI32 implementation + +Author: Nikos Mavrogiannopoulos +Date: Fri Jan 22 16:33:48 2016 +0100 + + tests: better checking for failure in windows cng check + +Author: Nikos Mavrogiannopoulos +Date: Fri Jan 22 12:59:47 2016 +0100 + + system-key-win: call CertFreeCertificateContext() + +Author: Bjørn Christensen +Date: Fri Jan 22 11:52:21 2016 +0100 + + system-key-win: added interface to CAPI, old style crypto api on windows + +Author: Nikos Mavrogiannopoulos +Date: Thu Jan 21 14:45:56 2016 +0100 + + certtool: corrected texinfo output for krb5_principal + +Author: Nikos Mavrogiannopoulos +Date: Thu Jan 21 12:58:56 2016 +0100 + + tests: priorities: account for the addition of CHACHA20-POLY1305 + +Author: Nikos Mavrogiannopoulos +Date: Thu Jan 21 12:00:33 2016 +0100 + + CHACHA20_POLY1305 was added to the default priority strings + + That is the NORMAL and PERFORMANCE priority strings now will + enable CHACHA20-POLY1305 by default. + +Author: Nikos Mavrogiannopoulos +Date: Mon Jan 18 18:38:36 2016 +0100 + + gnutls_global_init: log gnutls' version on initialization + +Author: Nikos Mavrogiannopoulos +Date: Mon Jan 18 15:56:02 2016 +0100 + + doc: corrected typo [ci skip] + +Author: Nikos Mavrogiannopoulos +Date: Sat Jan 16 20:54:20 2016 +0100 + + README: added trousers to list of dependencies [ci skip] + +Author: Nikos Mavrogiannopoulos +Date: Sat Jan 16 20:43:42 2016 +0100 + + tests: added check for KRB5Principal output + + Resolves #67 + +Author: Nikos Mavrogiannopoulos +Date: Thu Jan 14 17:16:00 2016 +0100 + + README.md -> README-alpha.md + +Author: Nikos Mavrogiannopoulos +Date: Thu Jan 14 17:09:23 2016 +0100 + + updated copyright info + +Author: Nikos Mavrogiannopoulos +Date: Thu Jan 14 17:04:54 2016 +0100 + + README: auto-generated from README-install.md + +Author: Nikos Mavrogiannopoulos +Date: Thu Jan 14 14:50:34 2016 +0100 + + gnutls_int.h: increased MAX_SERVER_NAME_SIZE to 256 bytes + +Author: Nikos Mavrogiannopoulos +Date: Wed Jan 13 13:14:55 2016 +0100 + + gnutls_pubkey_import_x509_raw: fixed memory leak + +Author: Nikos Mavrogiannopoulos +Date: Fri Jan 8 16:26:21 2016 +0100 + + tests: added check for the krb5_principal template option + +Author: Nikos Mavrogiannopoulos +Date: Mon Jan 11 15:11:41 2016 +0100 + + certtool: introduced the krb5_principal template option + +Author: Nikos Mavrogiannopoulos +Date: Mon Jan 11 15:09:23 2016 +0100 + + x509: introduced GNUTLS_SAN_OTHERNAME_KRB5PRINCIPAL + + That allows to print and write KRB5PrincipalName othernames + in subject alternative name. + +Author: Nikos Mavrogiannopoulos +Date: Mon Jan 11 15:19:24 2016 +0100 + + x509: place newline when printing unsupported othernames + +Author: Nikos Mavrogiannopoulos +Date: Sun Jan 10 16:05:41 2016 +0100 + + x509: moved virtual subject alternative name othername support to virt-san.c + +Author: Nikos Mavrogiannopoulos +Date: Sun Jan 10 14:46:16 2016 +0100 + + gnutls_x509_crt_set_subject_alt_name: documented the version after which GNUTLS_SAN_OTHERNAME_XMPP is available + +Author: Nikos Mavrogiannopoulos +Date: Sun Jan 10 14:45:03 2016 +0100 + + tests: added check for XMPP othername generation + +Author: Nikos Mavrogiannopoulos +Date: Sun Jan 10 14:39:14 2016 +0100 + + certtool: allow writing xmpp_name + +Author: Nikos Mavrogiannopoulos +Date: Sun Jan 10 14:30:56 2016 +0100 + + Allow assigning 'virtual' SAN types via *_set_subject_alt_name() + +Author: Nikos Mavrogiannopoulos +Date: Sun Jan 10 13:47:38 2016 +0100 + + NEWS: document newly added functions + +Author: Nikos Mavrogiannopoulos +Date: Sun Jan 10 08:17:51 2016 +0100 + + alpn: when parsing the list of protocols return at the first mutually common + + That resolves an issue where the server wouldn't select the first mutually supported. + + Resolves #63 + +Author: Nikos Mavrogiannopoulos +Date: Sun Jan 10 08:17:07 2016 +0100 + + tests: mini-alpn: corrected protocol selection order + +Author: Nikos Mavrogiannopoulos +Date: Sun Jan 10 08:04:29 2016 +0100 + + tests: alpn: enhance the testing of ALPN negotiation + +Author: Nikos Mavrogiannopoulos +Date: Sat Jan 9 21:42:11 2016 +0100 + + alpn: document how the selected protocol is selected [ci skip] + +Author: Nikos Mavrogiannopoulos +Date: Sat Jan 9 21:20:00 2016 +0100 + + tests: verify that the selected ALPN protocol is the first advertised + +Author: Nikos Mavrogiannopoulos +Date: Fri Jan 8 16:52:44 2016 +0100 + + gnutls_aead_cipher_decrypt: removed misleading text + + Reported by Fridolin Pokorny. + +Author: Nikos Mavrogiannopoulos +Date: Fri Jan 8 12:16:29 2016 +0100 + + tests: added check for certtool's othername writing functionality + +Author: Nikos Mavrogiannopoulos +Date: Fri Jan 8 11:16:58 2016 +0100 + + certtool: added ability to generate othernames via template files + + Relates #62 + +Author: Nikos Mavrogiannopoulos +Date: Fri Jan 8 12:05:18 2016 +0100 + + x509: added flags to enable the encoding of othername data + +Author: Nikos Mavrogiannopoulos +Date: Fri Jan 8 11:05:36 2016 +0100 + + x509: introduced functions to set an othername alternative name + + That is, added, gnutls_x509_crt_set_subject_alt_othername, + gnutls_x509_crt_set_issuer_alt_othername, gnutls_x509_crq_set_subject_alt_othername + + Relates #62 + +Author: Nikos Mavrogiannopoulos +Date: Thu Jan 7 14:35:59 2016 +0100 + + trust_list_get_issuer_by_dn: fixed check for DN or SPKI + +Author: Nikos Mavrogiannopoulos +Date: Thu Jan 7 14:02:24 2016 +0100 + + configure: no longer distribute lzip tarballs + +Author: Nikos Mavrogiannopoulos +Date: Thu Jan 7 14:14:21 2016 +0100 + + symbols.last: don't include internal symbols into exported list + +Author: Nikos Mavrogiannopoulos +Date: Tue Jan 5 11:21:43 2016 +0100 + + tests: updated to account for cert generation after 2adb9b2bfb31afebbdd9f990e2b74c9a3d4e5c57 fix + +Author: Tim Kosse +Date: Mon Jan 4 16:40:26 2016 +0100 + + Fix out-of-bounds read in gnutls_x509_ext_export_key_usage + +Author: Nikos Mavrogiannopoulos +Date: Thu Dec 31 20:16:37 2015 +0200 + + .gitlab-ci.yml: optimized build process + + That is, in slow asan and valgrind builds don't check the full test suite. + +Author: Nikos Mavrogiannopoulos +Date: Thu Dec 31 14:35:45 2015 +0200 + + gnutls_pkcs11_copy_x509_privkey2: corrected the writing of ECC private key + +Author: Nikos Mavrogiannopoulos +Date: Thu Dec 31 13:38:34 2015 +0200 + + tests: pkcs11-pubkey-import will check both RSA and ECDSA keys + +Author: Nikos Mavrogiannopoulos +Date: Thu Dec 31 13:35:30 2015 +0200 + + gnutls_pkcs11_copy_x509_privkey2: corrected the type of the written object + + Previously only RSA objects were correctly written. + +Author: Nikos Mavrogiannopoulos +Date: Thu Dec 31 13:10:37 2015 +0200 + + tests: added ECDSA key in cert-common.h + +Author: Nikos Mavrogiannopoulos +Date: Thu Dec 31 12:20:41 2015 +0200 + + pkcs11: moved default RSA public exponent out of stack + +Author: Nikos Mavrogiannopoulos +Date: Thu Dec 31 12:17:21 2015 +0200 + + pkcs11: import public keys from any available object + + That is, load public keys from the public key object, or + the certificate object if they are present. That affects + non-RSA public keys which do not contain all required fields + on the private key object. + +Author: Nikos Mavrogiannopoulos +Date: Thu Dec 31 01:02:30 2015 +0200 + + session DB: made the magic number depending on gnutls' version + + That will make sure that sessions not stored by this version of + gnutls will not be resumed by another (which may be incompatible). + +Author: Nikos Mavrogiannopoulos +Date: Thu Dec 31 00:46:12 2015 +0200 + + ui.c -> fingerprint.c + +Author: Nikos Mavrogiannopoulos +Date: Thu Dec 31 00:45:43 2015 +0200 + + split OCSP functionality from ui.c + +Author: Nikos Mavrogiannopoulos +Date: Thu Dec 31 00:39:19 2015 +0200 + + split anon credentials functionality from ui.c + +Author: Nikos Mavrogiannopoulos +Date: Thu Dec 31 00:38:31 2015 +0200 + + split psk functionality from ui.c + +Author: Nikos Mavrogiannopoulos +Date: Thu Dec 31 00:37:22 2015 +0200 + + split session info functions from ui.c + +Author: Nikos Mavrogiannopoulos +Date: Thu Dec 31 00:34:25 2015 +0200 + + split certificate credentials functions from ui.c + +Author: Nikos Mavrogiannopoulos +Date: Thu Dec 31 00:32:20 2015 +0200 + + split dh API functions from ui.c + +Author: Nikos Mavrogiannopoulos +Date: Thu Dec 31 00:28:46 2015 +0200 + + split randomart functionality from ui.c + +Author: Nikos Mavrogiannopoulos +Date: Wed Dec 30 23:18:32 2015 +0200 + + helper.c -> file.c + +Author: Nikos Mavrogiannopoulos +Date: Wed Dec 30 11:26:30 2015 +0200 + + certtool: doc update [skip ci] + +Author: Andreas Metzler +Date: Sat Dec 26 18:24:56 2015 +0100 + + Fix some typos [ci skip] + +Author: Nikos Mavrogiannopoulos +Date: Thu Dec 24 11:54:21 2015 +0200 + + NEWS: doc update [ci skip] + +Author: Nikos Mavrogiannopoulos +Date: Thu Dec 24 11:44:00 2015 +0200 + + respect the max-record extension under DTLS + + This resolves issue with max-record being negotiated but + ignored. Resolves #61 + +Author: Nikos Mavrogiannopoulos +Date: Thu Dec 24 11:42:58 2015 +0200 + + tests: added check for max-record extension in TLS + +Author: Nikos Mavrogiannopoulos +Date: Thu Dec 24 11:18:57 2015 +0200 + + tests: check whether the max-record extension is usable with DTLS + +Author: Nikos Mavrogiannopoulos +Date: Thu Dec 24 11:13:28 2015 +0200 + + dtls: print the MTU in debugging messages + +Author: Nikos Mavrogiannopoulos +Date: Tue Dec 22 17:14:02 2015 +0200 + + updated documentation on supported algorithms [ci skip] + +Author: Nikos Mavrogiannopoulos +Date: Tue Dec 22 11:30:52 2015 +0200 + + Added SHA384 to the list of TLS support MAC algorithms + +Author: Nikos Mavrogiannopoulos +Date: Mon Dec 21 12:46:09 2015 +0200 + + documented the gitlab ci runner tags + +Author: Nikos Mavrogiannopoulos +Date: Sun Dec 20 11:11:38 2015 +0200 + + tests: added timeout in long-running checks + +Author: Nikos Mavrogiannopoulos +Date: Sun Dec 20 11:01:48 2015 +0200 + + certtool: eliminated various memory leaks + +Author: Nikos Mavrogiannopoulos +Date: Sun Dec 20 10:48:27 2015 +0200 + + certtool: prevented memory leak in pkcs8-info cmd + +Author: Nikos Mavrogiannopoulos +Date: Sat Dec 19 16:58:03 2015 +0200 + + certtool: do not use signal() under win32 + +Author: Alon Bar-Lev +Date: Fri Dec 18 17:34:01 2015 +0200 + + build: configure.ac: manpages cleanups + + Signed-off-by: Alon Bar-Lev + +Author: Alon Bar-Lev +Date: Fri Dec 18 12:14:08 2015 +0200 + + build: allow installing man(1) even with --disable-doc + + Currently these man pages are installed only if --enable-doc + is provided, while these are not actually docs, do not require any + special dependency, nor consume large space. + + This adds --enable-manpages to enable/disable manpages installation, and + install the man(1) regardless of --disable-doc. + + Signed-off-by: Alon Bar-Lev + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Dec 18 14:32:25 2015 +0100 + + certtool: ignore sigpipe + + This signal was observed under certain cirquimstances + +Author: Nikos Mavrogiannopoulos +Date: Fri Dec 18 14:29:05 2015 +0100 + + certtool: don't close stdout on exit + +Author: Nikos Mavrogiannopoulos +Date: Fri Dec 18 14:24:23 2015 +0100 + + pkcs7: eliminated leak in gnutls_pkcs7_print + +Author: Nikos Mavrogiannopoulos +Date: Fri Dec 18 13:56:31 2015 +0100 + + gnutls_pubkey_import_privkey: document that this operation is not possible in certain keys + +Author: Nikos Mavrogiannopoulos +Date: Fri Dec 18 11:40:59 2015 +0100 + + doc: replace writev with sendmsg in the list of system calls + +Author: Nikos Mavrogiannopoulos +Date: Fri Dec 18 10:23:22 2015 +0100 + + tests: don't run the no-signal test in systems which MSG_NOSIGNAL is not available + +Author: Nikos Mavrogiannopoulos +Date: Fri Dec 18 10:15:10 2015 +0100 + + Reduce the number of used syscalls by using sendmsg() instead of writev() + + We relied on sendmsg() anyway for the MSG_NO_SIGNAL version of the calls, + thus it is a good idea to avoid calling writev() and use sendmsg(). That + way we reduce the number of calls required for seccomp. + +Author: Alon Bar-Lev +Date: Thu Dec 17 19:57:53 2015 +0200 + + doc: manpages: remove generated tpmtool.1 page + + Signed-off-by: Alon Bar-Lev + +Author: Alon Bar-Lev +Date: Thu Dec 17 19:57:52 2015 +0200 + + .gitignore: add m4/extern-inline.m4 + +Author: Nikos Mavrogiannopoulos +Date: Thu Dec 17 14:19:04 2015 +0100 + + tests: added check to verify that the PKCS#7 embedded data are recovered as expected + +Author: Nikos Mavrogiannopoulos +Date: Thu Dec 17 14:18:17 2015 +0100 + + certtool: introduced the --p7-show-data option + + This option allows printing the embedded data in a PKCS#7 signed + structure. + +Author: Nikos Mavrogiannopoulos +Date: Thu Dec 17 14:17:23 2015 +0100 + + gnutls_pkcs7_get_embedded_data: added function + + This function allows extracting the embedded data from a PKCS#7 signed + structure. + +Author: Nikos Mavrogiannopoulos +Date: Wed Dec 16 16:13:41 2015 +0100 + + tests: updated pkcs7-gen to account for content-type attribute + +Author: Nikos Mavrogiannopoulos +Date: Wed Dec 16 14:52:39 2015 +0100 + + tests: check whether the content-type attribute is set if we sign using time + +Author: Nikos Mavrogiannopoulos +Date: Wed Dec 16 14:28:23 2015 +0100 + + pkcs7: set by default the content type attribute + + That is a requirement of rfc5652. Relates #59 + +Author: Nikos Mavrogiannopoulos +Date: Wed Dec 16 14:02:56 2015 +0100 + + pkcs7: use the PK_PKIX1_RSA_OID when writing RSA signature OIDs for PKCS#7 structures + + That is because there are implementations which cannot cope with the + normal RSA signature OIDs. Relates #59 + +Author: Nikos Mavrogiannopoulos +Date: Wed Dec 16 10:10:20 2015 +0100 + + pkcs7: Disable the optional fields prior to generating the PKCS#7 structure + + This resolves issue with our PKCS#7 structures not being parsed by + MacOSX' tools. Relates #59 + +Author: Nikos Mavrogiannopoulos +Date: Tue Dec 15 22:28:55 2015 +0100 + + certtool: corrected invalid free + +Author: Nikos Mavrogiannopoulos +Date: Tue Dec 15 22:27:50 2015 +0100 + + certtool: warn if an ECDSA key is marked for encryption + +Author: Nikos Mavrogiannopoulos +Date: Tue Dec 15 20:36:29 2015 +0100 + + build: fix make distclean by including src/gl only once + +Author: Nikos Mavrogiannopoulos +Date: Tue Dec 15 13:52:20 2015 +0100 + + make sure gnutls_assert is present at the cases where GNUTLS_E_INTERNAL_ERROR is returned + +Author: Gustavo Zacarias +Date: Mon Dec 14 15:20:25 2015 -0300 + + configure: really make --disable-crywrap work + + The crywrap variable is set regardless of the state of enable_crywrap, + hence --disable-crywrap never works. + Just put the tests for crywrap deps inside the enable_crywrap + conditional. + + Signed-off-by: Gustavo Zacarias + +Author: Nikos Mavrogiannopoulos +Date: Tue Dec 15 11:29:09 2015 +0100 + + certtool: the --p7-time option was made an enable/disable option + + It remains disabled by default. + +Author: Nikos Mavrogiannopoulos +Date: Mon Dec 14 15:19:59 2015 +0100 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Mon Dec 14 15:03:23 2015 +0100 + + tests: check whether server returns the correct error code if presented with invalid versions + + That is gnutls_handshake() will return GNUTLS_E_UNSUPPORTED_VERSION_PACKET in + server side, if the client presents a very old TLS version which is not supported. + + Relates #42 + +Author: Nikos Mavrogiannopoulos +Date: Mon Dec 14 14:34:04 2015 +0100 + + handshake: when receiving a TLS version which is too low fail + + That is, don't treat all unsupported version as being to high. Treat + versions which are not known and lower than the highest as a protocol + error. + + Resolves #42 + +Author: Nikos Mavrogiannopoulos +Date: Sun Dec 13 12:34:47 2015 +0100 + + .gitlab-ci.yml: valgrind build was moved at the end as it is the slowest build + +Author: Nikos Mavrogiannopoulos +Date: Sun Dec 13 12:24:44 2015 +0100 + + certtool: the --p7-include-cert option is enabled by default + + This allows to generate PKCS#7 structures by default that can be + read by iOS. + +Author: sskaje +Date: Sun Dec 13 16:31:19 2015 +0800 + + #56 Feature: certtool --p7-sign support GNUTLS_PKCS7_INCLUDE_CERT + +Author: Nikos Mavrogiannopoulos +Date: Thu Dec 10 09:35:59 2015 +0100 + + gnutls-cli-debug: rephrased inappropriate fallback test description to match the rest + +Author: Nikos Mavrogiannopoulos +Date: Tue Dec 8 10:59:02 2015 +0100 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Tue Dec 8 10:52:43 2015 +0100 + + Do not allow importing public keys from PKCS #11 private keys for DSA and ECDSA + + This prevents the reading of the public key when non-RSA keys are available. This + is a much cleaner approach than 5a4e692511dc3a829eda0d7c5a87e56cbc2055f0. + +Author: Nikos Mavrogiannopoulos +Date: Tue Dec 8 10:48:13 2015 +0100 + + Revert "Do not allow importing public keys from PKCS #11 private keys for DSA and ECDSA" + + This reverts commit 5a4e692511dc3a829eda0d7c5a87e56cbc2055f0. + +Author: Nikos Mavrogiannopoulos +Date: Tue Dec 8 10:44:30 2015 +0100 + + tests: check whether a peer changing certificate is detected + +Author: Nikos Mavrogiannopoulos +Date: Tue Dec 8 10:20:34 2015 +0100 + + tests: doc update + +Author: Nikos Mavrogiannopoulos +Date: Tue Dec 8 10:17:49 2015 +0100 + + Do not allow certificate change during a rehandshake + + That is require that the certificate of the peer remains the same + and return GNUTLS_E_SESSION_CERTIFICATE_CHANGED otherwise. To revert + to the previous behavior the GNUTLS_ALLOW_CERT_CHANGE flag was introduced. + +Author: Nikos Mavrogiannopoulos +Date: Sun Dec 6 12:00:46 2015 +0100 + + tests: check whether gnutls_pubkey_import_privkey() operates well for PKCS#11 RSA keys + +Author: Nikos Mavrogiannopoulos +Date: Sun Dec 6 11:35:57 2015 +0100 + + Do not allow importing public keys from PKCS #11 private keys for DSA and ECDSA + + That is, because they do not contain all the required parameters for a direct + import. Reported by Jan Vcelak. + +Author: Nikos Mavrogiannopoulos +Date: Sun Dec 6 10:58:45 2015 +0100 + + pkcs11: avoid setting a variable which isn't used + +Author: Nikos Mavrogiannopoulos +Date: Sun Dec 6 10:57:48 2015 +0100 + + MAX_PK_PARAM_SIZE was moved to gnutls_int.h + +Author: Nikos Mavrogiannopoulos +Date: Sun Dec 6 10:54:37 2015 +0100 + + pkcs11: deinitialize gnutls_pkcs11_obj_t's pubkey on deinit + +Author: Jan Vcelak +Date: Sun Dec 6 00:46:39 2015 +0100 + + pkcs11: fix passing of incorrect variable in privkey_get_pubkey + + The code worked for RSA because the content of the variables matched. + But it doesn't match for ECC. + + CKM_RSA_PKCS_KEY_PAIR_GEN (0x0) == CKK_RSA (0x0) + CKM_ECDSA_KEY_PAIR_GEN (0x1040) != CKK_ECDSA (0x3) + + Signed-off-by: Jan Vcelak + +Author: Nikos Mavrogiannopoulos +Date: Wed Dec 2 18:40:28 2015 +0100 + + gnutls-cli: don't use RSA ciphersuites to test chacha20 as they are not defined + +Author: Nikos Mavrogiannopoulos +Date: Wed Dec 2 16:15:03 2015 +0100 + + documented bug in gnutls_x509_crt_get_*_unique_id() + +Author: Nikos Mavrogiannopoulos +Date: Tue Dec 1 10:40:23 2015 +0100 + + tools: don't compile tpmtool if PKCS11 is disabled + + That is because GnuTLS' TPM code makes use of the PKCS11 PIN callbacks. + +Author: Nikos Mavrogiannopoulos +Date: Mon Nov 30 10:34:03 2015 +0100 + + Amend "When decoding extensions do not ignore decoding errors" + + Do not treat an error the fact that no extensions field is present. + +Author: Nikos Mavrogiannopoulos +Date: Mon Nov 30 09:49:08 2015 +0100 + + allow specifying NULL buffer in gnutls_x509_crt_get_*_unique_id() + +Author: Nikos Mavrogiannopoulos +Date: Thu Nov 26 12:46:02 2015 +0100 + + NEWS: removed functions that were part of 3.4.x releases + +Author: Nikos Mavrogiannopoulos +Date: Sun Nov 29 10:37:53 2015 +0100 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Sun Nov 29 10:30:01 2015 +0100 + + tests: added check for TLS extension decoding error propagation + + Relates #40 + +Author: Nikos Mavrogiannopoulos +Date: Sun Nov 29 09:24:12 2015 +0100 + + When decoding extensions do not ignore decoding errors + + That is, move from a parsing error tolerance to a more strict + decoding approach. + Relates #40 + +Author: Nikos Mavrogiannopoulos +Date: Sat Nov 28 10:43:31 2015 +0100 + + .gitignore: more files to ignore + +Author: Nikos Mavrogiannopoulos +Date: Sat Nov 28 10:11:52 2015 +0100 + + ocsp_output: when next update is not present don't print error message + + That is because this field is optional. + Resolves #53 + +Author: Nikos Mavrogiannopoulos +Date: Thu Nov 26 11:23:15 2015 +0100 + + tests: override-ciphers will not run mac tests on windows + + There is some issue with symbols for self tests not being exported. + +Author: Nikos Mavrogiannopoulos +Date: Thu Nov 26 09:37:02 2015 +0100 + + .gitlab-ci.yml: removed separate builddir build from x86-64 targets to reduce builds + +Author: Nikos Mavrogiannopoulos +Date: Thu Nov 26 09:32:25 2015 +0100 + + tests: updates for certtool test to run under windows + +Author: Nikos Mavrogiannopoulos +Date: Thu Nov 26 09:25:48 2015 +0100 + + .gitlab-ci.yml: minimal library no longer requires x86-64 for compilation + +Author: Nikos Mavrogiannopoulos +Date: Wed Nov 25 19:24:15 2015 +0100 + + .gitlab-ci.yml: in windows build skip the gnulib tests + +Author: Nikos Mavrogiannopoulos +Date: Wed Nov 25 11:57:31 2015 +0100 + + .gitlab-ci.yml: added windows build + +Author: Nikos Mavrogiannopoulos +Date: Wed Nov 25 11:56:49 2015 +0100 + + tests: changes for running tests under windows + +Author: Nikos Mavrogiannopoulos +Date: Wed Nov 25 11:56:06 2015 +0100 + + tests: cipher-test will forward the prog exit code as the script exit code + +Author: Nikos Mavrogiannopoulos +Date: Wed Nov 25 11:25:07 2015 +0100 + + README: added information for windows build + +Author: Nikos Mavrogiannopoulos +Date: Wed Nov 25 10:53:51 2015 +0100 + + libopts: use the O_BINARY flag in windows for files + +Author: Nikos Mavrogiannopoulos +Date: Wed Nov 25 10:49:30 2015 +0100 + + libopts: updated to 5.18.6 + +Author: Nikos Mavrogiannopoulos +Date: Wed Nov 25 10:25:08 2015 +0100 + + use consistent terms in system.c and system-keys-win.c + +Author: Nikos Mavrogiannopoulos +Date: Wed Nov 25 10:21:46 2015 +0100 + + tests: added basic functionality testing for system-keys in windows + +Author: Nikos Mavrogiannopoulos +Date: Wed Nov 25 09:49:03 2015 +0100 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Wed Nov 25 09:46:26 2015 +0100 + + Added gnutls_encode_ber_digest_info and gnutls_decode_ber_digest_info + +Author: Nikos Mavrogiannopoulos +Date: Tue Nov 24 13:27:13 2015 +0100 + + cross.mk: allow building with mingw64 + +Author: Nikos Mavrogiannopoulos +Date: Tue Nov 24 13:09:40 2015 +0100 + + tests: use gnulib where needed + +Author: Nikos Mavrogiannopoulos +Date: Tue Nov 24 13:04:28 2015 +0100 + + cross.mk: updated windows cross compile makefile + +Author: Nikos Mavrogiannopoulos +Date: Tue Nov 24 13:03:15 2015 +0100 + + tests: disable global-init-override test in windows + + Gcc does not support weak symbols on this platform. + +Author: Nikos Mavrogiannopoulos +Date: Tue Nov 24 12:54:32 2015 +0100 + + tools: don't call endservent in windows + +Author: Nikos Mavrogiannopoulos +Date: Sun Nov 22 13:27:14 2015 +0100 + + added cast to silence gcc warning + +Author: Nikos Mavrogiannopoulos +Date: Sat Nov 21 13:33:42 2015 +0100 + + tests: added check for multiple extension registering + +Author: Nikos Mavrogiannopoulos +Date: Sat Nov 21 13:25:20 2015 +0100 + + statically initialize extensions instead of using the lib constructor + +Author: Nikos Mavrogiannopoulos +Date: Sat Nov 21 13:09:19 2015 +0100 + + marked all extensions structures as constant + +Author: Nikos Mavrogiannopoulos +Date: Sat Nov 21 11:33:45 2015 +0100 + + system-keys-win: allow reinitialization of the library after a deinitialization + +Author: Nikos Mavrogiannopoulos +Date: Sat Nov 21 01:05:37 2015 +0100 + + getfuncs.pl: don't consider functions with _gnutls prefix + +Author: Nikos Mavrogiannopoulos +Date: Sat Nov 21 00:52:51 2015 +0100 + + gnutls_global_init_skip: prefixed with an underscore + +Author: Nikos Mavrogiannopoulos +Date: Fri Nov 20 13:57:09 2015 +0100 + + .gitlab-ci.yml: added clang compilation target + +Author: Nikos Mavrogiannopoulos +Date: Fri Nov 20 10:11:29 2015 +0100 + + certtool: check fread_file() for errors in all situations + + This caused certtool to crash on invalid input on stdin. + Reported by Christoph Biedl. + +Author: Nikos Mavrogiannopoulos +Date: Thu Nov 19 11:46:39 2015 +0100 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Wed Nov 18 21:44:54 2015 +0100 + + gnutls_certificate_set_flags: Added since + +Author: Nikos Mavrogiannopoulos +Date: Wed Nov 18 20:16:38 2015 +0100 + + tests: check gnutls_certificate_flags + +Author: Nikos Mavrogiannopoulos +Date: Wed Nov 18 20:13:07 2015 +0100 + + Added gnutls_certificate_flags() and GNUTLS_CERTIFICATE_SKIP_KEY_CERT_MATCH + + That allows a user of the credentials to disable the certificate matching + action. That is, to disable the calls to sign and verify on initialization. + +Author: Nikos Mavrogiannopoulos +Date: Wed Nov 18 16:39:36 2015 +0100 + + link with libdl when trousers is enabled; reported by Andreas Schneider + +Author: Nikos Mavrogiannopoulos +Date: Wed Nov 18 16:30:24 2015 +0100 + + enhanced cipher selftests with variable key sizes on arcfour + +Author: Nikos Mavrogiannopoulos +Date: Wed Nov 18 15:55:19 2015 +0100 + + Do not enforce a maximum key size on ARCFOUR + + That makes the library consistent with the behavior of previous versions (3.3.x) + +Author: Nikos Mavrogiannopoulos +Date: Wed Nov 18 10:22:31 2015 +0100 + + gnutls-cli-debug: make TLS 1.6 fallback check more reliable + +Author: Nikos Mavrogiannopoulos +Date: Wed Nov 18 09:24:18 2015 +0100 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Tue Nov 17 07:09:05 2015 +0100 + + README: added non-interactive versions of commands + +Author: Nikos Mavrogiannopoulos +Date: Mon Nov 16 18:52:48 2015 +0100 + + .gitlab-ci.yml: disable non-suiteb curves in all systems as we have multiple which are fedoras + +Author: Nikos Mavrogiannopoulos +Date: Mon Nov 16 17:28:49 2015 +0100 + + tests: corrected copyright info + +Author: Nikos Mavrogiannopoulos +Date: Mon Nov 16 16:32:04 2015 +0100 + + documented GNUTLS_SKIP_GLOBAL_INIT macro + +Author: Nikos Mavrogiannopoulos +Date: Mon Nov 16 16:30:37 2015 +0100 + + tests: added check for overriding global initialization + +Author: Nikos Mavrogiannopoulos +Date: Mon Nov 16 16:25:31 2015 +0100 + + Added GNUTLS_SKIP_GLOBAL_INIT macro to allow programs skip implicit global initialization + +Author: Nikos Mavrogiannopoulos +Date: Mon Nov 16 15:02:48 2015 +0100 + + tests: utils.c: simplify windows check + +Author: Nikos Mavrogiannopoulos +Date: Mon Nov 16 12:40:14 2015 +0100 + + .gitlab-ci.yml: added build and check in FIPS140-2 mode + +Author: Nikos Mavrogiannopoulos +Date: Sun Nov 15 20:35:18 2015 +0100 + + tests: made seccomp tests more reliable by waiting for each side to terminate + +Author: Nikos Mavrogiannopoulos +Date: Sun Nov 15 17:06:18 2015 +0100 + + doc: document how to use gnutls with seccomp + +Author: Nikos Mavrogiannopoulos +Date: Sun Nov 15 16:32:47 2015 +0100 + + .gitlab-ci.yml: reorganized and added a simple build and check on x86-64 rule + + The latter also enables the seccomp checks. + +Author: Nikos Mavrogiannopoulos +Date: Sun Nov 15 15:51:14 2015 +0100 + + tests: check operation of TLS and DTLS under seccomp when configured with --enable-seccomp-tests + +Author: Nikos Mavrogiannopoulos +Date: Fri Nov 13 16:39:24 2015 +0100 + + gnutls_x509_crt_set_subject/issuer_unique_id: added Since in doc + +Author: Nikos Mavrogiannopoulos +Date: Fri Nov 13 14:40:20 2015 +0100 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Fri Nov 13 11:00:10 2015 +0100 + + Added documentation on PKCS #7 signing + +Author: Nikos Mavrogiannopoulos +Date: Thu Nov 12 16:38:02 2015 +0100 + + updated chacha20 ciphers to conform to latest draft + +Author: Nikos Mavrogiannopoulos +Date: Thu Nov 12 15:03:10 2015 +0100 + + tests: suite: more shell scripts were given the .sh suffix and simplified makefile + +Author: Nikos Mavrogiannopoulos +Date: Thu Nov 12 12:04:04 2015 +0100 + + tests: verify that unique IDs are generated as expected + +Author: Nikos Mavrogiannopoulos +Date: Thu Nov 12 12:03:14 2015 +0100 + + certtool: Allow writing unique IDs in generated certificates + +Author: Nikos Mavrogiannopoulos +Date: Thu Nov 12 11:43:52 2015 +0100 + + Added gnutls_x509_crt_set_issuer_unique_id() and gnutls_x509_crt_set_subject_unique_id() + +Author: Nikos Mavrogiannopoulos +Date: Thu Nov 12 11:10:08 2015 +0100 + + properly indent unique IDs + +Author: Nikos Mavrogiannopoulos +Date: Thu Nov 12 09:48:27 2015 +0100 + + tests: added check with the various X.509 key exchanges + +Author: Nikos Mavrogiannopoulos +Date: Thu Nov 12 09:29:43 2015 +0100 + + tests: check rehandshake from anon to DHE + +Author: Nikos Mavrogiannopoulos +Date: Wed Nov 11 11:37:30 2015 +0100 + + documented the GNUTLS_NO_EXPLICIT_INIT environment variable + +Author: Nikos Mavrogiannopoulos +Date: Wed Nov 11 11:29:21 2015 +0100 + + crypto-api: doc update + +Author: Nikos Mavrogiannopoulos +Date: Wed Nov 11 11:15:51 2015 +0100 + + Allow switching a ciphersuite to DHE and ECDHE on a rehandshake + +Author: Nikos Mavrogiannopoulos +Date: Wed Nov 11 10:49:31 2015 +0100 + + tests: added check for ciphersuite switch from anonymous to certificate + +Author: Nikos Mavrogiannopoulos +Date: Tue Nov 10 13:31:16 2015 +0100 + + .gitlab-ci.yml: disable guile in asan builds + +Author: Nikos Mavrogiannopoulos +Date: Tue Nov 10 10:34:56 2015 +0100 + + tests: suite: don't run shell scripts with valgrind + +Author: Nikos Mavrogiannopoulos +Date: Tue Nov 10 10:24:44 2015 +0100 + + tests: testsrn: output errors on stderr + +Author: Nikos Mavrogiannopoulos +Date: Tue Nov 10 10:13:35 2015 +0100 + + deinitialize all handshake keys when handshake is over + +Author: Nikos Mavrogiannopoulos +Date: Mon Nov 9 23:53:25 2015 +0100 + + testdane: improved error detection in sites + +Author: Nikos Mavrogiannopoulos +Date: Mon Nov 9 23:34:03 2015 +0100 + + tests: suite: eliminate many leaks in the tests and run them under valgrind + +Author: Nikos Mavrogiannopoulos +Date: Mon Nov 9 23:27:47 2015 +0100 + + certtool: eliminate leaks in _verify_x509_mem() + +Author: Nikos Mavrogiannopoulos +Date: Mon Nov 9 23:04:48 2015 +0100 + + tests: openpgp-certs: use valgrind + +Author: Nikos Mavrogiannopoulos +Date: Mon Nov 9 23:04:03 2015 +0100 + + openpgp: eliminate leaks in gnutls_openpgp_keyring_import() + +Author: Nikos Mavrogiannopoulos +Date: Mon Nov 9 22:48:47 2015 +0100 + + tests: eliminate leaks in mini-eagain2.c + +Author: Nikos Mavrogiannopoulos +Date: Mon Nov 9 22:48:25 2015 +0100 + + certtool: eliminate memory leaks in certificate generation + +Author: Nikos Mavrogiannopoulos +Date: Mon Nov 9 22:45:44 2015 +0100 + + tests: key-tests: use valgrind + +Author: Nikos Mavrogiannopoulos +Date: Mon Nov 9 22:45:13 2015 +0100 + + gnutls_x509_crt_set_pubkey: clarify usage + +Author: Nikos Mavrogiannopoulos +Date: Mon Nov 9 21:54:54 2015 +0100 + + pkcs12: correctly set salt size in gnutls_pkcs12_mac_info + + Also eliminate leaks in PKCS #12 parsing. + +Author: Nikos Mavrogiannopoulos +Date: Mon Nov 9 21:54:09 2015 +0100 + + tests: run the PKCS #12 tests under valgrind + +Author: Nikos Mavrogiannopoulos +Date: Mon Nov 9 18:43:03 2015 +0100 + + certtool: make sure that pkcs12 structures are deinitialized + +Author: Nikos Mavrogiannopoulos +Date: Mon Nov 9 16:01:55 2015 +0100 + + tests: provable-privkey: fixed DSA test on FIPS140 enabled systems + +Author: Nikos Mavrogiannopoulos +Date: Mon Nov 9 15:51:17 2015 +0100 + + nettle: be more specific in seed size mismatches + +Author: Nikos Mavrogiannopoulos +Date: Mon Nov 9 15:43:20 2015 +0100 + + crypto-backend: ensure there are no leaks on deinitialization + +Author: Nikos Mavrogiannopoulos +Date: Mon Nov 9 14:29:48 2015 +0100 + + Require TLS 1.2 for all the ciphersuites which are defined for it only + + This solves an interoperability issue with openssl. Reported by Viktor Dukhovni. + +Author: Nikos Mavrogiannopoulos +Date: Sun Nov 8 09:30:39 2015 +0100 + + p11tool: introduced --only-urls option + + This option allows printing a compact listing containing only of URLs. + +Author: Nikos Mavrogiannopoulos +Date: Sat Nov 7 21:51:56 2015 +0100 + + Modified the CHACHA20 cipher to conform to draft-ietf-tls-chacha20-poly1305-02 + +Author: Nikos Mavrogiannopoulos +Date: Fri Nov 6 15:02:51 2015 +0100 + + .gitlab-ci.yml: use static libasan + + This prevents issues with tests which use LD_PRELOAD. + +Author: Nikos Mavrogiannopoulos +Date: Fri Nov 6 10:40:39 2015 +0100 + + .gitlab-ci.yml: disable non-suiteb curves on build on Fedora system + +Author: Nikos Mavrogiannopoulos +Date: Thu Nov 5 11:11:29 2015 +0100 + + tools: better ftp auth tls negotiation + +Author: Nikos Mavrogiannopoulos +Date: Wed Nov 4 09:49:47 2015 +0100 + + tests: added check for gnutls_priority_set_default + +Author: Nikos Mavrogiannopoulos +Date: Tue Nov 3 10:46:17 2015 +0100 + + tools: only check for status code in FTP starttls negotiation + +Author: Nikos Mavrogiannopoulos +Date: Tue Nov 3 10:45:44 2015 +0100 + + tools: print more info in starttls negotiation when --verbose is given + +Author: Nikos Mavrogiannopoulos +Date: Tue Nov 3 09:40:39 2015 +0100 + + gnutls.pc: don't use the libtool version of the link options + + Reported by Dan Kegel. + Resolves #49 + +Author: Nikos Mavrogiannopoulos +Date: Sun Nov 1 01:53:43 2015 +0100 + + tests: simplified mini-dtls-hello-verify-48 + +Author: Nikos Mavrogiannopoulos +Date: Fri Oct 30 13:38:36 2015 +0100 + + tests: added check for blocking on invalid DTLS cookie + + Relates to #48 + +Author: Nikos Mavrogiannopoulos +Date: Thu Oct 29 09:28:59 2015 +0100 + + removed inacurate text + +Author: Nikos Mavrogiannopoulos +Date: Fri Oct 23 15:46:33 2015 +0200 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Fri Oct 23 15:44:27 2015 +0200 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Fri Oct 23 14:17:23 2015 +0200 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Thu Oct 22 13:04:32 2015 +0200 + + doc: document the sign function requirements in gnutls_privkey_import_ext + +Author: Nikos Mavrogiannopoulos +Date: Wed Oct 21 19:57:39 2015 +0200 + + Mention key protection through isolation in crypto backend section + +Author: Nikos Mavrogiannopoulos +Date: Wed Oct 21 19:48:22 2015 +0200 + + doc: updated supplemental data documentation + +Author: Nikos Mavrogiannopoulos +Date: Wed Oct 21 09:13:56 2015 +0200 + + tests: testdane will not check hosts which are unreachable + +Author: Andreas Metzler +Date: Tue Oct 20 19:02:25 2015 +0200 + + Documentation update + + The new simple verification functions were backported to 3.4.6, correct + "Since:" to reflect this. + +Author: Nikos Mavrogiannopoulos +Date: Tue Oct 20 09:40:56 2015 +0200 + + doc: documented future level + +Author: Nikos Mavrogiannopoulos +Date: Tue Oct 20 09:24:36 2015 +0200 + + pkcs11.h: relocated gnutls_pkcs11_copy_pubkey to allow discovery by buggy doc scripts + +Author: Nikos Mavrogiannopoulos +Date: Tue Oct 20 09:16:20 2015 +0200 + + bumped version to distinguish from 3.4 branch + +Author: Nikos Mavrogiannopoulos +Date: Tue Oct 20 09:03:25 2015 +0200 + + ext master secret: extension is marked as mandatory + + This forces the extension to be sent even where resuming sessions. + Resolves #45 + +Author: Nikos Mavrogiannopoulos +Date: Tue Oct 20 08:44:04 2015 +0200 + + tests: Check whether a resumed session contains the ext master secret extension + + Relates #45 + +Author: Nikos Mavrogiannopoulos +Date: Sat Oct 17 09:22:28 2015 +0200 + + alpn: avoid warning on signed/unsigned + +Author: Nikos Mavrogiannopoulos +Date: Sat Oct 17 09:20:52 2015 +0200 + + README: updated CI link + +Author: Nikos Mavrogiannopoulos +Date: Sat Oct 17 09:12:09 2015 +0200 + + doc: set a path which includes new binaries when running autogen + + That makes sure that autogen will discover the binaries to obtain the + --help output. + +Author: Nikos Mavrogiannopoulos +Date: Sat Oct 17 08:57:02 2015 +0200 + + gnutls-cli-debug: updated doc + +Author: Nikos Mavrogiannopoulos +Date: Fri Oct 16 22:58:54 2015 +0200 + + tools: when the starttls-proto is specified automatically detect the port if not given + +Author: Nikos Mavrogiannopoulos +Date: Fri Oct 16 15:05:09 2015 +0200 + + tests: verify that public keys are properly written + + Also disable parts of the suite that softhsm2 cannot properly work with, + to allow running parts of the suite even with broken softhsm. + +Author: Nikos Mavrogiannopoulos +Date: Fri Oct 16 15:39:05 2015 +0200 + + cleanup in gnutls_pubkey_import_rsa_raw + +Author: Nikos Mavrogiannopoulos +Date: Fri Oct 16 15:33:21 2015 +0200 + + pkcs11_read_pubkey: make input type more clear + +Author: Nikos Mavrogiannopoulos +Date: Fri Oct 16 14:13:47 2015 +0200 + + p11tool: Allow writing a PKCS #11 pubkey object + +Author: Nikos Mavrogiannopoulos +Date: Fri Oct 16 13:16:36 2015 +0200 + + tools: allow importing a pubkey from a certificate + +Author: Nikos Mavrogiannopoulos +Date: Fri Oct 16 13:03:57 2015 +0200 + + pkcs11: introduced gnutls_pkcs11_copy_pubkey + + That allows copying a public key to a PKCS #11 module. + +Author: Nikos Mavrogiannopoulos +Date: Thu Oct 15 21:23:44 2015 +0200 + + .gitlab-ci.yml: combined the slow build with the separate build dir + +Author: Nikos Mavrogiannopoulos +Date: Thu Oct 15 21:16:52 2015 +0200 + + Disable the NULL cipher on runtime when FIPS140 mode is enabled instead of statically + + That way the NULL cipher can be used when not in FIPS140 mode. + +Author: Nikos Mavrogiannopoulos +Date: Thu Oct 15 21:09:06 2015 +0200 + + re-enable NULL ciphersuites + + They were accidentally disabled by b237b37d4d17ee4f98629aae9d72aec87f434cb8 + +Author: Nikos Mavrogiannopoulos +Date: Thu Oct 15 18:35:44 2015 +0200 + + tests: check whether the RSA-EXPORT and ARCFOUR-40 legacy strings are accepted + +Author: Nikos Mavrogiannopoulos +Date: Thu Oct 15 18:20:38 2015 +0200 + + Tolerate priority strings with names of legacy ciphers and key exchanges + + That enables better backwards compatibility with old applications + which disable or enable algorithms which no longer are supported. + Relates #44 + +Author: Nikos Mavrogiannopoulos +Date: Thu Oct 15 16:21:43 2015 +0200 + + pkcs11: write CKA_ISSUER and CKA_SERIAL_NUMBER when writing on a certificate + + That allows NSS to read and use the written certificate. + Relates #43 + +Author: Nikos Mavrogiannopoulos +Date: Tue Oct 13 04:01:04 2015 +0200 + + tests: enhanced sec-params check to account for future sec-param + +Author: Nikos Mavrogiannopoulos +Date: Mon Oct 12 22:11:16 2015 +0200 + + certtool: recognize the future sec-param + +Author: Nikos Mavrogiannopoulos +Date: Mon Oct 12 22:10:25 2015 +0200 + + Introduced the security parameter future (256) and switched ultra to 192 bits + + For ultra, this was its documented strength, and now follows RFC3766 recommendations + for sizes. + +Author: Nikos Mavrogiannopoulos +Date: Mon Oct 12 21:54:09 2015 +0200 + + certtool: be more specific on the help message for --sec-param when --bits are given + +Author: Nikos Mavrogiannopoulos +Date: Mon Oct 12 14:54:04 2015 +0200 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Mon Oct 12 14:15:28 2015 +0200 + + tests: added test case for record timeout values + +Author: Nikos Mavrogiannopoulos +Date: Mon Oct 12 13:52:03 2015 +0200 + + Introduced GNUTLS_INDEFINITE_TIMEOUT + + This allows to specify an indefinite timeout to gnutls_record_set_timeout(). + In addition this flag is accepted by gnutls_handshake_set_timeout() and + cancels out a previously set timeout. + Resolves #41 + +Author: Nikos Mavrogiannopoulos +Date: Wed Oct 7 10:38:25 2015 +0200 + + tests: better detection of softhsm library + +Author: Nikos Mavrogiannopoulos +Date: Mon Oct 5 14:31:53 2015 +0200 + + added text on _gnutls_dh_compute_key + +Author: Nikos Mavrogiannopoulos +Date: Mon Oct 5 17:11:37 2015 +0200 + + gnutls_record_recv: simplified text on GNUTLS_E_REHANDSHAKE + +Author: Nikos Mavrogiannopoulos +Date: Tue Sep 22 14:31:00 2015 +0200 + + certtool: print 16-bytes of hex values per line + + Also avoid a colon on the end of the line. + +Author: Nikos Mavrogiannopoulos +Date: Tue Sep 22 08:31:04 2015 +0200 + + fips140: set the key via a configure argument + +Author: Nikos Mavrogiannopoulos +Date: Sat Sep 19 12:37:51 2015 +0200 + + tests: disable cipher-test on windows platform; they don't seem to work + +Author: Nikos Mavrogiannopoulos +Date: Mon Sep 21 14:47:41 2015 +0200 + + README.md: added build instructions for Fedora/RHEL + +Author: Nikos Mavrogiannopoulos +Date: Mon Sep 21 14:25:12 2015 +0200 + + priorities: sort algorithms by security strength unless performance is requested + + That is prioritize 256-bit ciphers over 128-bit ciphers. This would protect + secrecy of current data even after a PQ future. + +Author: Nikos Mavrogiannopoulos +Date: Sat Sep 19 12:12:18 2015 +0200 + + .gitlab-ci.yml: reduce the number of CPUs used in slow on make check + +Author: Nikos Mavrogiannopoulos +Date: Sat Sep 19 11:36:48 2015 +0200 + + use time_t for internal type to avoid warnings on signed/unsigned comparison + +Author: Nikos Mavrogiannopoulos +Date: Sat Sep 19 11:30:39 2015 +0200 + + DSA FIPS186-4 key generation: print the required seed length on mismatch + +Author: Nikos Mavrogiannopoulos +Date: Sat Sep 19 11:22:04 2015 +0200 + + certtool: added more friendly error on seed_size mismatch + + That prints more useful information when generating provable private keys. + +Author: Nikos Mavrogiannopoulos +Date: Sat Sep 19 11:14:29 2015 +0200 + + tests: use the corrected seed for default provable private key + +Author: Nikos Mavrogiannopoulos +Date: Sat Sep 19 06:52:13 2015 +0200 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Sat Sep 19 06:50:45 2015 +0200 + + certtool: switched the default level to HIGH for key generation + + That requires 3072 bits for RSA and DSA keys. + +Author: Nikos Mavrogiannopoulos +Date: Fri Sep 18 23:49:46 2015 +0200 + + tools: added xmpp into the starttls-proto options + +Author: Nikos Mavrogiannopoulos +Date: Fri Sep 18 15:57:14 2015 +0200 + + tools: added ldap into the starttls-proto options + +Author: Nikos Mavrogiannopoulos +Date: Thu Sep 17 14:52:27 2015 +0200 + + system.c: simplify gnutls_system_recv_timeout + +Author: Nikos Mavrogiannopoulos +Date: Thu Sep 17 13:15:54 2015 +0200 + + gnutls-cli-debug: use RFC7627 instead of draft-ietf-tls-session-hash + +Author: Nikos Mavrogiannopoulos +Date: Thu Sep 17 10:45:30 2015 +0200 + + updated documentation on gnutls_vdata_types_t based on DKG's suggestions + +Author: Nikos Mavrogiannopoulos +Date: Thu Sep 17 10:10:47 2015 +0200 + + doc update + +Author: Daniel Kahn Gillmor +Date: Wed Sep 16 19:59:12 2015 -0400 + + improve docs for gnutls_certificate_verify_peers*() + + The gnutls_certificate_verify_peers{,2,3}() functions all return + GNUTLS_E_SUCCESS (0) even in situations when the peer's certificate + was not verified. This is explained in the first paragraphs + ("i.e. failure to trust a certificate does not imply a negative return + value"), but the Returns: line isn't comparably clear. + +Author: Nikos Mavrogiannopoulos +Date: Mon Sep 14 21:36:24 2015 +0200 + + certtool: increased seed size to allow for DSA seeds + +Author: Nikos Mavrogiannopoulos +Date: Mon Sep 14 21:32:05 2015 +0200 + + _gnutls_hex2bin: avoid overrun in the provided buffer + +Author: Nikos Mavrogiannopoulos +Date: Sun Sep 13 19:29:41 2015 +0200 + + certtool: don't output PKCS #8 on key-info option + +Author: Nikos Mavrogiannopoulos +Date: Sun Sep 13 13:57:26 2015 +0200 + + better error checking in seed decoding + +Author: Nikos Mavrogiannopoulos +Date: Sun Sep 13 13:52:30 2015 +0200 + + gnutls_x509_privkey_verify_seed: fail on keys without seed information + +Author: Nikos Mavrogiannopoulos +Date: Sun Sep 13 13:39:13 2015 +0200 + + certtool: on provable keys always print the legacy format + +Author: Nikos Mavrogiannopoulos +Date: Sun Sep 13 13:27:12 2015 +0200 + + Use separate PEM headers for provable private keys + + Also introduce GNUTLS_PRIVKEY_FLAG_EXPORT_COMPAT to allow exporting + provable private keys in the old compatibility format. + +Author: Nikos Mavrogiannopoulos +Date: Sun Sep 13 11:06:39 2015 +0200 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Sun Sep 13 11:06:00 2015 +0200 + + certtool: provable key generation was moved to a separate flag that can be combined with --generate-privkey + + Also enhanced the test suite with DSA provable key generation/verification. + +Author: Nikos Mavrogiannopoulos +Date: Sun Sep 13 10:57:39 2015 +0200 + + Allow verifying and generating provable DSA keys + +Author: Nikos Mavrogiannopoulos +Date: Sun Sep 13 09:51:25 2015 +0200 + + tests: added checks for provable key generation and verification + +Author: Nikos Mavrogiannopoulos +Date: Sun Sep 13 09:36:46 2015 +0200 + + certtool: added provable key verification + +Author: Nikos Mavrogiannopoulos +Date: Sun Sep 13 09:32:32 2015 +0200 + + Made the new key generation API flexible to allow extensions in the future + +Author: Nikos Mavrogiannopoulos +Date: Sun Sep 13 09:06:12 2015 +0200 + + Added API to verify private keys generated with seed + +Author: Nikos Mavrogiannopoulos +Date: Sun Sep 13 09:01:41 2015 +0200 + + gnutls_asn1_tab: updated auto-generated file + +Author: Nikos Mavrogiannopoulos +Date: Sat Sep 12 16:20:13 2015 +0200 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Sat Sep 12 16:18:10 2015 +0200 + + certtool: allow the generation of "provable" private keys + + Relates to #34 + +Author: Nikos Mavrogiannopoulos +Date: Sat Sep 12 15:47:38 2015 +0200 + + Added API to generate private keys from a given seed + + Currently it is restricted to RSA and FIPS 186-4 key generation with SHA384. + Relates to #34 + +Author: Nikos Mavrogiannopoulos +Date: Sat Sep 12 14:47:02 2015 +0200 + + properly generate asn1_tab.c + +Author: Nikos Mavrogiannopoulos +Date: Fri Sep 11 15:44:06 2015 +0200 + + Don't use formatted output for fixed strings + + Resolves #35 + +Author: Nikos Mavrogiannopoulos +Date: Wed Sep 9 22:24:27 2015 +0200 + + README.md: updated information + +Author: Nikos Mavrogiannopoulos +Date: Sat Sep 5 06:20:58 2015 +0200 + + renamed the auto-verification functions + + The names are more consistent with the rest of the library. + +Author: Nikos Mavrogiannopoulos +Date: Fri Sep 4 14:05:02 2015 +0200 + + pkcs11: when storing public keys, make sure they are marked as not private + +Author: Nikos Mavrogiannopoulos +Date: Mon Aug 31 14:22:02 2015 +0200 + + README.md: mention the testsuite + +Author: Nikos Mavrogiannopoulos +Date: Sun Aug 30 23:41:11 2015 +0200 + + README.md: print build status + +Author: Nikos Mavrogiannopoulos +Date: Sun Aug 30 23:31:06 2015 +0200 + + README.md: refer to files using markdown + +Author: Nikos Mavrogiannopoulos +Date: Sun Aug 30 23:26:27 2015 +0200 + + Updated coding style + +Author: Nikos Mavrogiannopoulos +Date: Fri Aug 28 16:54:47 2015 +0200 + + gnutls-cli-debug: corrected typo in inappropriate fallback check + +Author: Nikos Mavrogiannopoulos +Date: Fri Aug 28 16:51:35 2015 +0200 + + .gitlab-ci.yml: use the same number of CPUs in all the checks + +Author: Nikos Mavrogiannopoulos +Date: Fri Aug 28 12:05:02 2015 +0200 + + gnutls-cli-debug: added check for inappropriate fallback support + +Author: Nikos Mavrogiannopoulos +Date: Thu Aug 27 22:12:55 2015 +0200 + + Introduced GNUTLS_E_CERTIFICATE_VERIFICATION_ERROR to be returned by the auto-verification functions + +Author: Nikos Mavrogiannopoulos +Date: Wed Aug 26 19:39:22 2015 +0200 + + nettle: simplified SHA3 checks for nettle + + nettle 3.1 doesn't have the functions nettle for + runtime version checking. + +Author: Nikos Mavrogiannopoulos +Date: Wed Aug 26 19:34:59 2015 +0200 + + export _gnutls_digest_exists for self tests + +Author: Nikos Mavrogiannopoulos +Date: Wed Aug 26 11:51:09 2015 +0200 + + x509: tolerate missing subject or issuer fields + +Author: Nikos Mavrogiannopoulos +Date: Wed Aug 26 11:42:01 2015 +0200 + + certtool: added support for sha3 + +Author: Nikos Mavrogiannopoulos +Date: Wed Aug 26 11:37:13 2015 +0200 + + gnutls_oid_to_digest(): don't return supported but disabled algorithms + +Author: Nikos Mavrogiannopoulos +Date: Wed Aug 26 11:02:39 2015 +0200 + + Added support for the SHA3 digest algorithm + +Author: Nikos Mavrogiannopoulos +Date: Wed Aug 26 09:13:52 2015 +0200 + + corrected typo in ex-server-anon + +Author: Nikos Mavrogiannopoulos +Date: Mon Aug 24 14:13:24 2015 +0200 + + Define more precisely the auto verification function semantics. + +Author: Nikos Mavrogiannopoulos +Date: Mon Aug 24 13:59:21 2015 +0200 + + Allow overriding the verification flags from the auto-verification functions + +Author: Nikos Mavrogiannopoulos +Date: Mon Aug 24 13:43:09 2015 +0200 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Mon Aug 24 13:39:33 2015 +0200 + + Document the new verification functions + +Author: Nikos Mavrogiannopoulos +Date: Mon Aug 24 13:19:51 2015 +0200 + + examples: simplify the X.509 client example by using the new verification API + +Author: Nikos Mavrogiannopoulos +Date: Mon Aug 24 13:13:57 2015 +0200 + + tests: check the auto-verification functionality + +Author: Nikos Mavrogiannopoulos +Date: Mon Aug 24 12:00:10 2015 +0200 + + Added simpler verification functions for clients + + The major use-case for the TLS protocol is verification of PKIX + certificates. However, certificate verification support while is + similar for almost all projects it requires around 100 lines of code + (a callback) to be duplicated to all applications. That patch + set gets rid of the callback and simplifies certificate verification + support, by introducing a very simple API; one that would accept + the session and the hostname only. + + Resolves #27 + +Author: Nikos Mavrogiannopoulos +Date: Mon Aug 24 11:10:26 2015 +0200 + + tests: added test for gnutls_session_set_verify_function + +Author: Nikos Mavrogiannopoulos +Date: Mon Aug 24 11:03:09 2015 +0200 + + Added gnutls_session_set_verify_function + + That allows to set a verification callback per session rather + than only globally on the credentials structure. + +Author: Nikos Mavrogiannopoulos +Date: Sun Aug 23 22:54:22 2015 +0200 + + getfuncs.pl: ignore defines in headers + +Author: Nikos Mavrogiannopoulos +Date: Sun Aug 23 22:33:59 2015 +0200 + + Makefiles: updated for new filenames + +Author: Nikos Mavrogiannopoulos +Date: Sun Aug 23 19:28:09 2015 +0200 + + Moved pk_* functions to pk.c + +Author: Nikos Mavrogiannopoulos +Date: Sun Aug 23 19:19:45 2015 +0200 + + Removed the 'gnutls_' prefix from files to simplify file naming + +Author: Nikos Mavrogiannopoulos +Date: Sun Aug 23 18:44:26 2015 +0200 + + Moved the PRF functions to prf.c + +Author: Nikos Mavrogiannopoulos +Date: Sun Aug 23 14:19:17 2015 +0200 + + hex decoding: more reasonable error codes + + That is, return GNUTLS_E_PARSING_ERROR instead of base64 decoding + error, and document that fact. + +Author: Nikos Mavrogiannopoulos +Date: Fri Aug 21 15:10:46 2015 +0200 + + tests: Added resumption tests for PSK ciphersuites + +Author: Nikos Mavrogiannopoulos +Date: Fri Aug 21 14:35:09 2015 +0200 + + Set the extended master secret status based on resumption data only + + That is, don't require a new negotiation with extensions. + +Author: Nikos Mavrogiannopoulos +Date: Fri Aug 21 14:23:38 2015 +0200 + + tests: corrected resumption tests to disable tickets when needed + + That is, perform the tests that require no tickets, with tickets disabled. + +Author: Nikos Mavrogiannopoulos +Date: Fri Aug 21 14:06:51 2015 +0200 + + session packing: corrected issue in PSK session unpack + +Author: Nikos Mavrogiannopoulos +Date: Fri Aug 21 13:54:41 2015 +0200 + + PSK: save the username in client side in the auth structure + +Author: Nikos Mavrogiannopoulos +Date: Fri Aug 21 13:26:08 2015 +0200 + + _gnutls_hash() returns error code if any. + + Ideally we would like to eliminate any return codes from that + function. However, since that's on exported API we cannot easily + do without breaking the ABI. Reported by Benedikt Klotz. + + Resolves #28 + +Author: Nikos Mavrogiannopoulos +Date: Fri Aug 21 13:15:11 2015 +0200 + + x509: when appending CRLs to a trust list ensure that we don't have duplicates + + That is, overwrite CRLs if they have been obsoleted. + +Author: Nikos Mavrogiannopoulos +Date: Fri Aug 21 11:34:39 2015 +0200 + + certtool: allow exporting very long CRLs + +Author: Nikos Mavrogiannopoulos +Date: Fri Aug 14 12:15:16 2015 +0200 + + tests: verify that a key usage violation is detected + + That is that the certificate key usage flags are respected + by either the client side or the server side. + +Author: Nikos Mavrogiannopoulos +Date: Fri Aug 14 12:14:55 2015 +0200 + + Enable key usage checks in the client side of RSA ciphersuites + +Author: Nikos Mavrogiannopoulos +Date: Fri Aug 14 12:14:08 2015 +0200 + + priorities: Added internal option to allow key usage violations in server side + +Author: Nikos Mavrogiannopoulos +Date: Fri Aug 14 11:55:04 2015 +0200 + + fix typo in comment + +Author: Nikos Mavrogiannopoulos +Date: Fri Aug 14 11:27:50 2015 +0200 + + Re-enable the certificate key usage checks for compliance with ciphersuite + + There is a new attack on the TLS protocol which relies on using certificates + for ECDSA as certificates for ECDH ciphersuites. That attack while it doesn't + affect gnutls, which doesn't support static ECDH, assumes that implementations + ignore the key usage bits in the certificate. We have done it since 3.1.0 for + compatibility reasons (see http://www.gnutls.org/faq.html#key-usage-violation), + but that clearly opens the door for real attacks in the future. + + For this reason the key usage bits will no longer be ignored. + + Resolves #24 + +Author: Nikos Mavrogiannopoulos +Date: Thu Aug 13 12:10:59 2015 +0200 + + tests: verify whether CRL date setting works as expected + +Author: Nikos Mavrogiannopoulos +Date: Thu Aug 13 12:05:35 2015 +0200 + + certtool: Allow specifying CRL dates as fixed dates + +Author: Nikos Mavrogiannopoulos +Date: Thu Aug 13 11:48:15 2015 +0200 + + tests: verify CRL appending effectiveness + +Author: Nikos Mavrogiannopoulos +Date: Thu Aug 13 11:45:50 2015 +0200 + + gnutls_x509_crl_set_authority_key_id, gnutls_x509_crl_set_number allow overwritting + + That allows them to overwrite values which were previously set (e.g., + on an imported CRL). + +Author: Nikos Mavrogiannopoulos +Date: Thu Aug 13 11:36:17 2015 +0200 + + certtool: allow appending certificates to a CRL + +Author: Nikos Mavrogiannopoulos +Date: Wed Aug 12 23:03:20 2015 +0200 + + certtool: removed limit on maximum imported certificates in the -i option + +Author: Nikos Mavrogiannopoulos +Date: Wed Aug 12 22:49:15 2015 +0200 + + tests: check whether the CRL generation code works as expected + +Author: Nikos Mavrogiannopoulos +Date: Wed Aug 12 22:48:45 2015 +0200 + + certtool: eliminated memory leaks due to new cert loading code + +Author: Nikos Mavrogiannopoulos +Date: Wed Aug 12 22:22:55 2015 +0200 + + certtool: lifted limits on file size to load + +Author: Nikos Mavrogiannopoulos +Date: Mon Aug 10 16:43:28 2015 +0200 + + before dist ensure that included libopts matches autogen + +Author: Nikos Mavrogiannopoulos +Date: Mon Aug 10 16:12:05 2015 +0200 + + configure: use ':' instead of /bin/true for programs not found + +Author: Nikos Mavrogiannopoulos +Date: Sun Aug 9 21:20:33 2015 +0200 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Sun Aug 9 20:58:40 2015 +0200 + + tests: include all cert-tests into dist + +Author: Nikos Mavrogiannopoulos +Date: Fri Aug 7 16:59:18 2015 +0200 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Fri Aug 7 16:13:12 2015 +0200 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Fri Aug 7 16:04:12 2015 +0200 + + tests: check gnutls_check_version_numeric() + +Author: Nikos Mavrogiannopoulos +Date: Fri Aug 7 15:45:21 2015 +0200 + + gnutls.h: added macro gnutls_check_version_numeric + + This simplifies version checking, and allows the compiler to optimize + out. It can only accept numerals. + + Patch by David Woodhouse. + +Author: Nikos Mavrogiannopoulos +Date: Fri Aug 7 15:19:33 2015 +0200 + + use pure and const gcc attributes in headers + +Author: Nikos Mavrogiannopoulos +Date: Fri Aug 7 14:14:44 2015 +0200 + + mention version macro + +Author: Nikos Mavrogiannopoulos +Date: Thu Aug 6 10:37:15 2015 +0200 + + p11tool: test-sign will not fail if a pubkey is not found + +Author: Nikos Mavrogiannopoulos +Date: Tue Aug 4 20:32:25 2015 +0200 + + key decoding: set key to null for consistency + +Author: Nikos Mavrogiannopoulos +Date: Tue Aug 4 14:08:37 2015 +0200 + + key decoding: simplify decoding logic by removing the fallback + +Author: Nikos Mavrogiannopoulos +Date: Tue Aug 4 13:56:41 2015 +0200 + + key decoding: corrected regression with PKCS #8 key decoding + + Reported by Daniel Berrange. + +Author: Nikos Mavrogiannopoulos +Date: Tue Aug 4 13:55:56 2015 +0200 + + tests: added check for decoding of a PKCS #8 key as fallback + +Author: Nikos Mavrogiannopoulos +Date: Mon Aug 3 14:17:16 2015 +0200 + + pkcs11: set the CKA_TOKEN attribute on generated public keys + + That also introduces the GNUTLS_PKCS11_OBJ_FLAG_NO_STORE_PUBKEY flag, + to simulate the previous behavior. + +Author: Nikos Mavrogiannopoulos +Date: Sat Aug 1 17:03:33 2015 +0200 + + tests: added check for the fallback SCSV + +Author: Nikos Mavrogiannopoulos +Date: Sat Aug 1 17:02:00 2015 +0200 + + handshake: check inappropriate fallback against the configured max version + + That allows to operate on a server which is explicitly configured to + utilize earlier than TLS 1.2 versions. + +Author: Nikos Mavrogiannopoulos +Date: Sat Aug 1 17:01:36 2015 +0200 + + corrected GNUTLS_E_INAPPROPRIATE_FALLBACK error code + +Author: Nikos Mavrogiannopoulos +Date: Sat Aug 1 16:44:13 2015 +0200 + + DCO: added Alessandro Ghedini + +Author: Nikos Mavrogiannopoulos +Date: Sat Aug 1 14:21:59 2015 +0200 + + copy_ciphersuites: use definition for reserved ciphersuites + +Author: Alessandro Ghedini +Date: Sat Aug 1 00:38:10 2015 +0200 + + handshake: add FALLBACK_SCSV priority option + + This allows clients to enable the TLS_FALLBACK_SCSV mechanism during + the handshake, as defined in RFC7507. + +Author: Alessandro Ghedini +Date: Sat Aug 1 00:04:16 2015 +0200 + + handshake: check for TLS_FALLBACK_SCSV + + If TLS_FALLBACK_SCSV was sent by the client during the handshake, and + the advertised protocol version is lower than GNUTLS_TLS_VERSION_MAX, + send the "Inappropriate fallback" fatal alert and abort the handshake. + + This mechanism was defined in RFC7507. + +Author: Nikos Mavrogiannopoulos +Date: Sat Aug 1 09:10:53 2015 +0200 + + cfg.mk: fix order of arguments in gnulib-tool + +Author: Nikos Mavrogiannopoulos +Date: Sat Aug 1 08:38:50 2015 +0200 + + use gettext-h gnulib module + +Author: Nikos Mavrogiannopoulos +Date: Sat Aug 1 00:12:25 2015 +0200 + + tests: added missing certtool-long-cn + +Author: Nikos Mavrogiannopoulos +Date: Fri Jul 31 22:42:42 2015 +0200 + + safe renegotiation: simulate receiving the extension on receival of SCSV + +Author: Nikos Mavrogiannopoulos +Date: Fri Jul 31 22:00:53 2015 +0200 + + made data2hex() safer, and eliminated mem leak + +Author: Nikos Mavrogiannopoulos +Date: Mon Jul 20 22:17:17 2015 +0200 + + tests: added check for proper handling of very long CNs + +Author: Nikos Mavrogiannopoulos +Date: Fri Jul 31 21:26:25 2015 +0200 + + updated the required gettext version to match the macros from gnulib + +Author: Nikos Mavrogiannopoulos +Date: Fri Jul 31 16:03:25 2015 +0200 + + safe renegotiation: handle case where client didn't send any extension + + That was affected by the "don't try to send extensions we didn't receive". + +Author: Nikos Mavrogiannopoulos +Date: Fri Jul 31 15:02:01 2015 +0200 + + tpm: avoid warning + +Author: Nikos Mavrogiannopoulos +Date: Fri Jul 31 14:57:33 2015 +0200 + + As server don't try to send extensions we didn't receive. + +Author: Nikos Mavrogiannopoulos +Date: Fri Jul 31 14:33:00 2015 +0200 + + tests: added check for server sending (or not) status request messages + +Author: Nikos Mavrogiannopoulos +Date: Fri Jul 31 14:30:00 2015 +0200 + + fips140: corrected hex decoding + +Author: Nikos Mavrogiannopoulos +Date: Tue Jul 21 11:48:51 2015 +0200 + + bumped version + +Author: Nikos Mavrogiannopoulos +Date: Tue Jul 21 11:45:51 2015 +0200 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Tue Jul 21 10:30:20 2015 +0200 + + verify-tofu: use nettle's base64 functions + +Author: Nikos Mavrogiannopoulos +Date: Tue Jul 21 10:24:39 2015 +0200 + + gnulib: removed base64 implementation + +Author: Nikos Mavrogiannopoulos +Date: Tue Jul 21 10:20:40 2015 +0200 + + openpgp: use nettle's base64 functions + +Author: Nikos Mavrogiannopoulos +Date: Tue Jul 21 10:11:48 2015 +0200 + + x509_b64: switch to nettle's base64 functions + +Author: Nikos Mavrogiannopoulos +Date: Tue Jul 21 08:57:52 2015 +0200 + + tests: added check for PSK file parsing + +Author: Nikos Mavrogiannopoulos +Date: Tue Jul 21 08:37:34 2015 +0200 + + fips: use gnutls_hex_decode for MAC decoding + +Author: Nikos Mavrogiannopoulos +Date: Tue Jul 21 08:36:32 2015 +0200 + + tpm: use gnutls_hex_decode for uuid decoding + +Author: Nikos Mavrogiannopoulos +Date: Tue Jul 21 08:36:14 2015 +0200 + + psk: use gnutls_hex_decode2 for key decoding + +Author: Nikos Mavrogiannopoulos +Date: Tue Jul 21 08:35:47 2015 +0200 + + system-keys-win: use gnutls_hex_decode for ID decoding + +Author: Nikos Mavrogiannopoulos +Date: Tue Jul 21 08:35:11 2015 +0200 + + openpgp: use gnutls_hex_decode for keyid decoding + +Author: Nikos Mavrogiannopoulos +Date: Tue Jul 21 08:34:52 2015 +0200 + + DN decoding: use gnutls_hex_encode + +Author: Nikos Mavrogiannopoulos +Date: Tue Jul 21 08:19:17 2015 +0200 + + Introduced gnutls_hex_encode2() and gnutls_hex_decode2() + + These also use safer hex decoding functions which don't skip + invalid input. + +Author: Nikos Mavrogiannopoulos +Date: Mon Jul 20 22:37:40 2015 +0200 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Mon Jul 20 22:09:28 2015 +0200 + + x509: simplified data to hex conversion in unknown DN names + +Author: Nikos Mavrogiannopoulos +Date: Mon Jul 20 21:26:36 2015 +0200 + + gnutls_prf_rfc5705: Allow for non-null context and zero context length + +Author: Nikos Mavrogiannopoulos +Date: Mon Jul 13 20:19:28 2015 +0200 + + bumped version + +Author: Nikos Mavrogiannopoulos +Date: Mon Jul 20 15:42:21 2015 +0200 + + tests: added cross-check between gnutls_prf_rfc5705() and gnutls_prf() + +Author: Nikos Mavrogiannopoulos +Date: Mon Jul 20 15:07:05 2015 +0200 + + removed legacy libgcrypt flags + +Author: Nikos Mavrogiannopoulos +Date: Mon Jul 20 14:59:37 2015 +0200 + + gnutls_prf_rfc5705: optimize in the common use case, by avoiding malloc + + Also don't handle specially the case of non-NULL context and context_size of zero. + +Author: Nikos Mavrogiannopoulos +Date: Mon Jul 20 14:03:34 2015 +0200 + + ignore more files + +Author: Nikos Mavrogiannopoulos +Date: Mon Jul 20 14:03:22 2015 +0200 + + p11tool: fix documentation for --generate-ecc and generate-dsa + +Author: Nikos Mavrogiannopoulos +Date: Mon Jul 20 10:49:48 2015 +0200 + + gnutls_prf_rfc5705: mention the version it was introduced at + +Author: Nikos Mavrogiannopoulos +Date: Mon Jul 20 10:39:37 2015 +0200 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Mon Jul 20 10:35:08 2015 +0200 + + tests: added check for gnutls_prf() and gnutls_prf_rfc5705 + +Author: Nikos Mavrogiannopoulos +Date: Mon Jul 20 10:03:37 2015 +0200 + + gnutls_prf_rfc5705: added + + That includes support for RFC5705 when the context field is used. + Initial patch by Rick van Rein. + +Author: Nikos Mavrogiannopoulos +Date: Fri Jul 17 11:38:17 2015 +0200 + + doc update: explain more about PKCS #11 and fork + +Author: Nikos Mavrogiannopoulos +Date: Tue Jul 14 09:55:50 2015 +0200 + + configure: print the trousers lib only when set + +Author: Nikos Mavrogiannopoulos +Date: Tue Jul 14 09:44:30 2015 +0200 + + tpmtool: Added --test-sign parameter + +Author: Nikos Mavrogiannopoulos +Date: Mon Jul 13 20:04:41 2015 +0200 + + Deinitialize the TPM subsystem only when trousers support is enabled + +Author: Nikos Mavrogiannopoulos +Date: Mon Jul 13 16:25:16 2015 +0200 + + TPM: don't link to trousers, use dlopen() + + That introduces --with-trousers-lib which can be used to specify the + library to dlopen(). + + Resolves #18 + +Author: Nikos Mavrogiannopoulos +Date: Sun Jul 12 15:21:13 2015 +0200 + + updated auto-generated files + +Author: Nikos Mavrogiannopoulos +Date: Sun Jul 12 15:15:00 2015 +0200 + + bumped version + +Author: Nikos Mavrogiannopoulos +Date: Sat Jul 11 12:05:56 2015 +0200 + + pkcs11: mention the version GNUTLS_PKCS11_TOKEN_MODNAME is available from + +Author: Nikos Mavrogiannopoulos +Date: Fri Jul 10 21:20:23 2015 +0200 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Fri Jul 10 21:17:48 2015 +0200 + + PSK: set the hint in DHE-PSK and ECDHE-PSK ciphersuites + +Author: Nikos Mavrogiannopoulos +Date: Fri Jul 10 19:17:23 2015 +0200 + + tests: updated pskself to check the hint in all PSK ciphersuites + +Author: Nikos Mavrogiannopoulos +Date: Fri Jul 10 16:57:19 2015 +0200 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Fri Jul 10 16:55:48 2015 +0200 + + p11tool: be more compact in token URL printing + +Author: Nikos Mavrogiannopoulos +Date: Fri Jul 10 16:52:57 2015 +0200 + + p11tool: group the provided options for readability + +Author: Nikos Mavrogiannopoulos +Date: Fri Jul 10 16:31:02 2015 +0200 + + p11tool: keep backwards compatibility by introducing --list-token-urls + + That is, the output of --list-tokens remains the same. + +Author: Nikos Mavrogiannopoulos +Date: Fri Jul 10 16:25:48 2015 +0200 + + p11tool: print the module name of a token in verbose mode + +Author: Nikos Mavrogiannopoulos +Date: Fri Jul 10 16:24:11 2015 +0200 + + Added GNUTLS_PKCS11_TOKEN_MODNAME for gnutls_pkcs11_token_get_info + + That allows to obtain the shared module name of a token URL. + +Author: Nikos Mavrogiannopoulos +Date: Fri Jul 10 13:36:51 2015 +0200 + + pkcs11.h: doc update + +Author: Nikos Mavrogiannopoulos +Date: Fri Jul 10 13:12:00 2015 +0200 + + p11tool: less verbose output in --list-tokens unless --verbose is specified + +Author: Nikos Mavrogiannopoulos +Date: Thu Jul 9 14:10:23 2015 +0200 + + tests: added suppression for bash mem leak + +Author: Nikos Mavrogiannopoulos +Date: Thu Jul 9 22:50:11 2015 +0200 + + tests: don't run certtool-utf8 when libidn is 1.30 or less + + This avoids test suite failures due to libidn. + +Author: Nikos Mavrogiannopoulos +Date: Thu Jul 9 13:45:58 2015 +0200 + + gnutls-cli: doc update + +Author: Nikos Mavrogiannopoulos +Date: Thu Jul 9 13:26:14 2015 +0200 + + dumbfw: don't append a size prefix in the pad + + Reported by Hannes Mehnert. + +Author: Nikos Mavrogiannopoulos +Date: Wed Jul 8 09:47:52 2015 +0200 + + gl: use /bin/true to run valgrind during configure + + Bash has memory leaks, which prevents the valgrind check to + operate using the SHELL variable. + +Author: Nikos Mavrogiannopoulos +Date: Wed Jul 8 09:38:37 2015 +0200 + + tests: added check for invalid UTF8 encoded string + +Author: Nikos Mavrogiannopoulos +Date: Wed Jul 8 09:19:00 2015 +0200 + + Revert "libidn support is disabled by default" + + This reverts commit 5fdffb2c177cb990480fb8b93c9257ccc5dfcaad. + +Author: Daniel Kahn Gillmor +Date: Thu Jul 2 14:28:32 2015 -0400 + + certtool --outder should not emit signature verification status + + When emitting binary-formatted output, send signature verification + status to stderr, since it is not binary-formatted output. + + A simpler version of this patch would be to always send signature + verification to stderr, but that would change the text-formatted + output. + +Author: Nikos Mavrogiannopoulos +Date: Wed Jul 1 21:13:23 2015 +0200 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Wed Jul 1 15:25:30 2015 +0200 + + DSA: the numeric number of bits returned from public key should depend on P not Y + + That allows to do the proper evaluation to check certificate strength. + Reported by Hubert Kario. + +Author: Nikos Mavrogiannopoulos +Date: Wed Jul 1 15:36:20 2015 +0200 + + tests: check whether we print the prime size in DSA keys + +Author: Nikos Mavrogiannopoulos +Date: Wed Jul 1 11:15:38 2015 +0200 + + name constraints: simplified gnutls_x509_name_constraints_check_crt() + +Author: Nikos Mavrogiannopoulos +Date: Wed Jul 1 11:08:11 2015 +0200 + + tests: verify that unsupported name constraints are properly handled + +Author: Nikos Mavrogiannopoulos +Date: Wed Jul 1 11:01:20 2015 +0200 + + name constraints: don't reject certificates if a CA has the URI or IPADDRESS constraints + + Don't reject certificates if a CA has the URI or IPADDRESS constraints, and + the end certificate doesn't have an IPaddress name or a URI set. + +Author: Nikos Mavrogiannopoulos +Date: Mon Jun 29 19:52:15 2015 +0200 + + Sync with TP. + +Author: Nikos Mavrogiannopoulos +Date: Sun Jun 28 13:09:42 2015 +0200 + + libidn support is disabled by default + + That is until the issues with libidn get resolves. + + Relates #10 + +Author: Nikos Mavrogiannopoulos +Date: Sat Jun 27 08:05:10 2015 +0200 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Sat Jun 27 07:57:21 2015 +0200 + + tests: added a test for the fork detection interface + +Author: Nikos Mavrogiannopoulos +Date: Sat Jun 27 07:51:05 2015 +0200 + + tests: resume-dtls: increased timeouts + +Author: Nikos Mavrogiannopoulos +Date: Fri Jun 26 16:31:21 2015 +0200 + + Don't use pthread_atfork(), it is not safe to use with dlopen() + + http://austingroupbugs.net/view.php?id=851 + +Author: Nikos Mavrogiannopoulos +Date: Fri Jun 26 14:47:39 2015 +0200 + + atfork: added underscore to gnutls_forkid + +Author: Nikos Mavrogiannopoulos +Date: Fri Jun 26 09:08:20 2015 +0200 + + simplified fork detection + +Author: Nikos Mavrogiannopoulos +Date: Fri Jun 26 08:07:01 2015 +0200 + + enhanced header matching code for private keys to skip unrelated data + +Author: Nikos Mavrogiannopoulos +Date: Fri Jun 26 08:00:24 2015 +0200 + + tests: added private key import checks + +Author: Nikos Mavrogiannopoulos +Date: Thu Jun 25 15:08:54 2015 +0200 + + gnutls_x509_privkey_import: optimized private key loading + +Author: Nikos Mavrogiannopoulos +Date: Thu Jun 25 15:01:17 2015 +0200 + + gnutls_x509_privkey_import2: better behavior when provided with an unencrypted file + + That is, it will attempt to decode it first as plain file prior to + trying all encrypted options. + +Author: Nikos Mavrogiannopoulos +Date: Thu Jun 25 14:47:52 2015 +0200 + + tests: added check to verify that gnutls_x509_privkey_import2 works for plain keys + + That is, when a password is provided and the key is non encrypted. + +Author: Nikos Mavrogiannopoulos +Date: Thu Jun 25 11:08:19 2015 +0200 + + _gnutls_get_asn_mpis() will release any data on failure + + Resolves #15 + +Author: Alon Bar-Lev +Date: Sun Jun 21 20:42:12 2015 +0300 + + tests: tab indent + minor style changes + + Signed-off-by: Alon Bar-Lev + +Author: Nikos Mavrogiannopoulos +Date: Tue Jun 23 11:53:23 2015 +0200 + + tests: modified test-ciphersuite-names to work with cpp 5.1.1 + +Author: Nikos Mavrogiannopoulos +Date: Mon Jun 22 23:49:32 2015 +0200 + + tests: test-ciphersuite-names: create any needed dirs + +Author: Nikos Mavrogiannopoulos +Date: Mon Jun 22 21:24:55 2015 +0200 + + tests: moved test-ciphersuites.sh one level up + + That simplifies running the script outside make check. + +Author: Alon Bar-Lev +Date: Sun Jun 21 20:43:34 2015 +0300 + + tests: suite: ciphersuite: fixups + + fix separate builddir issue, without modifying locations, quite ugly. + + re-indent using tab. + + fix shebang. + + Signed-off-by: Alon Bar-Lev + +Author: Alon Bar-Lev +Date: Sun Jun 21 03:00:05 2015 +0300 + + tests: enforce UTC timezone in datefudge tests + + Signed-off-by: Alon Bar-Lev + +Author: Alon Bar-Lev +Date: Sun Jun 21 03:00:04 2015 +0300 + + tests: misc: shell cleanup + + leftovers minor sync. + + Signed-off-by: Alon Bar-Lev + +Author: Alon Bar-Lev +Date: Sun Jun 21 03:00:03 2015 +0300 + + tests: suite: cleanup shell usage + + Add quotes for most usages of variables. + + Added ${} for variables. + + Cleanup indentation to be consistent with other tests. + + Fix separate builddir issues. + + Signed-off-by: Alon Bar-Lev + +Author: Alon Bar-Lev +Date: Sun Jun 21 03:00:02 2015 +0300 + + tests: misc: cleanup shell usage + + Add quotes for most usages of variables. + + Added ${} for variables. + + Cleanup indentation to be consistent with other tests. + + Signed-off-by: Alon Bar-Lev + +Author: Nikos Mavrogiannopoulos +Date: Sat Jun 20 18:38:24 2015 +0200 + + tests: fixed includes + +Author: Nikos Mavrogiannopoulos +Date: Sat Jun 20 12:27:54 2015 +0200 + + move all gettext definitions in gnutls_str.h + +Author: Nikos Mavrogiannopoulos +Date: Sat Jun 20 12:23:40 2015 +0200 + + cross.mk: updated for 3.4.2 + +Author: Nikos Mavrogiannopoulos +Date: Sat Jun 20 12:18:26 2015 +0200 + + gnutls_str: include gettext.h when dgettext is available + +Author: Nikos Mavrogiannopoulos +Date: Sat Jun 20 12:09:14 2015 +0200 + + tests: don't depend on gnulib + + That dependency unfortunately causes many portability problems + on platforms where it should have worked out of the box. + +Author: Nikos Mavrogiannopoulos +Date: Sat Jun 20 10:43:12 2015 +0200 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Sat Jun 20 10:31:27 2015 +0200 + + use the same shebang for perl + +Author: Nikos Mavrogiannopoulos +Date: Fri Jun 19 22:55:04 2015 +0200 + + tests: added a verify-chain test case + +Author: Nikos Mavrogiannopoulos +Date: Fri Jun 19 21:53:27 2015 +0200 + + tests: don't quote provider in common.sh + + That caused testpkcs11 to fail. + +Author: Nikos Mavrogiannopoulos +Date: Thu Jun 18 22:50:18 2015 +0200 + + tests: don't enforce alignment rules for caller buffers + +Author: Alon Bar-Lev +Date: Wed Jun 17 14:05:54 2015 +0300 + + tests: cert-tests: cleanup shell usage + + Add quotes for most usages of variables. + + Added ${} for variables. + + Cleanup trailing spaces. + + Signed-off-by: Alon Bar-Lev + +Author: Nikos Mavrogiannopoulos +Date: Thu Jun 18 16:20:50 2015 +0200 + + Added gitlab-ci.yml + +Author: Nikos Mavrogiannopoulos +Date: Thu Jun 18 15:52:39 2015 +0200 + + reduced the exported functions to the minimum needed + +Author: Nikos Mavrogiannopoulos +Date: Thu Jun 18 15:49:39 2015 +0200 + + _gnutls_ext_register was made static + +Author: Nikos Mavrogiannopoulos +Date: Thu Jun 18 15:49:06 2015 +0200 + + libgnutls.map: use a 3.4 related name for private functions + + This eliminates any collisions with functions from 3.3.x + +Author: Alon Bar-Lev +Date: Thu Jun 18 09:41:54 2015 +0300 + + tests: nist-pkits: cleanup shell/perl usage + + Add quotes for most usages of variables. + + Added ${} for variables. + + Consistent indent. + + Signed-off-by: Alon Bar-Lev + +Author: Nikos Mavrogiannopoulos +Date: Thu Jun 18 14:15:18 2015 +0200 + + tests: force link with nettle of mini-alignment + +Author: Nikos Mavrogiannopoulos +Date: Thu Jun 18 14:11:08 2015 +0200 + + tests: Check the OID functions + +Author: Nikos Mavrogiannopoulos +Date: Thu Jun 18 14:01:42 2015 +0200 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Thu Jun 18 13:59:57 2015 +0200 + + Exported functions to convert from and to OIDs + +Author: Saurav Babu +Date: Thu Jun 18 12:50:32 2015 +0530 + + gnutls-cli: Fixed Possible Memory Leak + + This patch fixes possible memory leak in psk_callback() function, rawkey + is allocated memory by gnutls_malloc() and is not freed when + gnutls_hex_decode() returns with error + + Signed-off-by: Saurav Babu + +Author: Nikos Mavrogiannopoulos +Date: Thu Jun 18 11:19:37 2015 +0200 + + pkcs7: corrected write_signer_id() when GNUTLS_PKCS7_WRITE_SPKI was used + +Author: Alon Bar-Lev +Date: Thu Jun 18 09:41:55 2015 +0300 + + tests: openpgp-certs: cleanup shell usage + + Add quotes for most usages of variables. + + Added ${} for variables. + + Signed-off-by: Alon Bar-Lev + +Author: Alon Bar-Lev +Date: Thu Jun 18 09:41:53 2015 +0300 + + tests: key-tests: cleanup shell usage + + Add quotes for most usages of variables. + + Added ${} for variables. + + Signed-off-by: Alon Bar-Lev + +Author: Alon Bar-Lev +Date: Thu Jun 18 09:41:52 2015 +0300 + + tests: ecdsa: cleanup shell usage + + Add quotes for most usages of variables. + + Added ${} for variables. + + Cleanup trailing spaces. + + Signed-off-by: Alon Bar-Lev + +Author: Alon Bar-Lev +Date: Thu Jun 18 00:57:04 2015 +0300 + + tests: dsa: cleanup shell usage + + Add quotes for most usages of variables. + + Added ${} for variables. + + Cleanup trailing spaces. + + Removal of unneeded ';'. + + Minor fix in tests/scripts/common.sh at trap to pass message and avoid + killing. + + Signed-off-by: Alon Bar-Lev + +Author: Nikos Mavrogiannopoulos +Date: Thu Jun 18 10:51:09 2015 +0200 + + indentation fix + +Author: Nikos Mavrogiannopoulos +Date: Thu Jun 18 10:46:13 2015 +0200 + + Always align in 16-byte boundary our input to crypto + + That allows faster operations in almost all instruction sets. + +Author: Nikos Mavrogiannopoulos +Date: Thu Jun 18 10:44:45 2015 +0200 + + tests: added check for memory alignment + +Author: Nikos Mavrogiannopoulos +Date: Wed Jun 17 22:26:51 2015 +0200 + + tests: only run test with long dates in 64-bit systems + +Author: Nikos Mavrogiannopoulos +Date: Wed Jun 17 17:17:10 2015 +0200 + + tests: regenerate the results in template-test using UTC times + +Author: Nikos Mavrogiannopoulos +Date: Wed Jun 17 16:48:36 2015 +0200 + + ensure that gnutls_pubkey_verify_data2 returns 0 on success + +Author: Nikos Mavrogiannopoulos +Date: Wed Jun 17 16:40:15 2015 +0200 + + Added gnutls_pkcs7_get_signature_count + +Author: Alon Bar-Lev +Date: Wed Jun 17 11:59:55 2015 +0300 + + tests: suite: run testpkcs11 if PKCS#11 is enabled + + Signed-off-by: Alon Bar-Lev + +Author: Alon Bar-Lev +Date: Wed Jun 17 11:59:56 2015 +0300 + + tests: remove bash usage + + Signed-off-by: Alon Bar-Lev + +Author: Nikos Mavrogiannopoulos +Date: Wed Jun 17 11:34:46 2015 +0200 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Wed Jun 17 11:19:10 2015 +0200 + + tests: verify that we generate dates with UTCTime prior to 2050 + + Also that we generate dates with GeneralizedTime format after 2050. + +Author: Nikos Mavrogiannopoulos +Date: Wed Jun 17 11:12:03 2015 +0200 + + When writing the Time ASN.1 structure follow the RFC5280 recommendations + +Author: Nikos Mavrogiannopoulos +Date: Wed Jun 17 11:03:29 2015 +0200 + + Set time in PKCS #7 structures properly (in UTCTime format). + +Author: Nikos Mavrogiannopoulos +Date: Wed Jun 17 10:42:54 2015 +0200 + + doc update + +Author: Alon Bar-Lev +Date: Tue Jun 16 23:48:58 2015 +0300 + + tests: cert-tests: pkcs7: support separate builddir + + Signed-off-by: Alon Bar-Lev + +Author: Nikos Mavrogiannopoulos +Date: Tue Jun 16 22:00:41 2015 +0200 + + account new symbols + +Author: Nikos Mavrogiannopoulos +Date: Tue Jun 16 22:00:01 2015 +0200 + + updated makefiles for the new functions + +Author: Nikos Mavrogiannopoulos +Date: Tue Jun 16 21:53:29 2015 +0200 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Tue Jun 16 21:47:37 2015 +0200 + + use common base for pkcs7 files + +Author: Nikos Mavrogiannopoulos +Date: Tue Jun 16 21:41:42 2015 +0200 + + added missing symbol + +Author: Nikos Mavrogiannopoulos +Date: Tue Jun 16 21:34:30 2015 +0200 + + released 3.4.2 + +Author: Nikos Mavrogiannopoulos +Date: Tue Jun 16 17:18:51 2015 +0200 + + certtool: made explicit the inclusion of time in PKCS #7 signatures + +Author: Nikos Mavrogiannopoulos +Date: Tue Jun 16 17:15:04 2015 +0200 + + pkcs7: write the DER encoded time + +Author: Nikos Mavrogiannopoulos +Date: Tue Jun 16 16:56:30 2015 +0200 + + certtool: include the signature time in PKCS #7 signatures + +Author: Nikos Mavrogiannopoulos +Date: Tue Jun 16 16:55:40 2015 +0200 + + pkcs7: corrected usage of GNUTLS_PKCS7_INCLUDE_TIME flag + +Author: Nikos Mavrogiannopoulos +Date: Tue Jun 16 13:31:54 2015 +0200 + + tests: minor updates in pkcs7 output checks to match new certtool + +Author: Nikos Mavrogiannopoulos +Date: Tue Jun 16 13:31:30 2015 +0200 + + certtool: rely on gnutls_pkcs7_print() even more + +Author: Nikos Mavrogiannopoulos +Date: Tue Jun 16 13:27:43 2015 +0200 + + pkcs7: print certificates and CRLs in FULL mode + +Author: Nikos Mavrogiannopoulos +Date: Tue Jun 16 12:29:53 2015 +0200 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Tue Jun 16 12:29:38 2015 +0200 + + certtool: use gnutls_pkcs7_print() - partially + +Author: Nikos Mavrogiannopoulos +Date: Tue Jun 16 12:18:55 2015 +0200 + + Added gnutls_pkcs7_print() + +Author: Nikos Mavrogiannopoulos +Date: Mon Jun 15 11:36:58 2015 +0200 + + bumped version + +Author: Nikos Mavrogiannopoulos +Date: Thu Jun 11 10:34:55 2015 +0200 + + tests: added signature/verification stress test + +Author: Nikos Mavrogiannopoulos +Date: Thu Jun 11 10:11:35 2015 +0200 + + tests: check also individual ciphers for interoperability + +Author: Nikos Mavrogiannopoulos +Date: Mon Jun 8 11:38:54 2015 +0200 + + fips140: better debug messages when verifying MAC + +Author: Nikos Mavrogiannopoulos +Date: Fri Jun 5 11:19:13 2015 +0200 + + tpmtool: added newline in error messages + +Author: Nikos Mavrogiannopoulos +Date: Wed Jun 3 16:10:30 2015 +0200 + + fips140: added check for reseed detection + +Author: Nikos Mavrogiannopoulos +Date: Wed Jun 3 15:48:23 2015 +0200 + + tests: check random generator for long outputs as well + +Author: Nikos Mavrogiannopoulos +Date: Wed Jun 3 15:42:42 2015 +0200 + + fips140: when GNUTLS_SKIP_FIPS_INTEGRITY_CHECKS is setup do not perform integrity tests + +Author: Nikos Mavrogiannopoulos +Date: Wed Jun 3 15:38:09 2015 +0200 + + fips140: reset the reseed counter only on reseed + +Author: Nikos Mavrogiannopoulos +Date: Wed Jun 3 15:37:39 2015 +0200 + + fips140: when reseeding only reseed the required context not all + +Author: Nikos Mavrogiannopoulos +Date: Wed Jun 3 14:37:11 2015 +0200 + + fips140: added more checks on the reseed and generate function + +Author: Nikos Mavrogiannopoulos +Date: Wed Jun 3 14:36:35 2015 +0200 + + fips140: enforce the max_number_of_bits_per_request + +Author: Nikos Mavrogiannopoulos +Date: Wed Jun 3 16:36:32 2015 +0200 + + tests: do not include times in the PKCS #7 checks as they depend on local timezone + +Author: Nikos Mavrogiannopoulos +Date: Wed Jun 3 13:28:59 2015 +0200 + + pkcs7: addressed memory leaks + +Author: Nikos Mavrogiannopoulos +Date: Wed Jun 3 11:42:30 2015 +0200 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Wed Jun 3 11:38:55 2015 +0200 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Wed Jun 3 11:35:04 2015 +0200 + + tests: Added PKCS #7 attribute generation check + +Author: Nikos Mavrogiannopoulos +Date: Wed Jun 3 10:44:25 2015 +0200 + + tests: updated for new certtool output + +Author: Nikos Mavrogiannopoulos +Date: Wed Jun 3 10:40:54 2015 +0200 + + certtool: print signed and unsigned PKCS #7 attributes + +Author: Nikos Mavrogiannopoulos +Date: Wed Jun 3 10:24:05 2015 +0200 + + Added code to parse and set PKCS #7 attributes + +Author: Nikos Mavrogiannopoulos +Date: Tue Jun 2 16:34:45 2015 +0200 + + tests: added PKCS #7 verification check with MD5 + +Author: Nikos Mavrogiannopoulos +Date: Tue Jun 2 16:31:49 2015 +0200 + + use the same flags in all verification functions + +Author: Nikos Mavrogiannopoulos +Date: Tue Jun 2 16:05:46 2015 +0200 + + _decode_pkcs7_signed_data: fixed mem leaks + +Author: Nikos Mavrogiannopoulos +Date: Tue Jun 2 15:58:14 2015 +0200 + + Initialization of gnutls_x509_dn_t was modified to allow deinitialization after failure + + Part2: made gnutls_x509_crt_get_subject() and gnutls_x509_crt_get_issuer() + return a constant value and avoid leaks. + +Author: Nikos Mavrogiannopoulos +Date: Tue Jun 2 14:40:56 2015 +0200 + + doc: Separated the PKCS #7 in manual + +Author: Nikos Mavrogiannopoulos +Date: Tue Jun 2 14:35:26 2015 +0200 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Tue Jun 2 14:26:20 2015 +0200 + + tests: check PKCS #7 structure signature generation + +Author: Nikos Mavrogiannopoulos +Date: Tue Jun 2 14:16:58 2015 +0200 + + tests: check PKCS #7 bundle generation + +Author: Nikos Mavrogiannopoulos +Date: Tue Jun 2 14:08:13 2015 +0200 + + certtool: added --p7-generate, --p7-sign and --p7-detached-sign + +Author: Nikos Mavrogiannopoulos +Date: Tue Jun 2 12:58:34 2015 +0200 + + Added gnutls_pkcs7_sign() + +Author: Nikos Mavrogiannopoulos +Date: Tue Jun 2 11:13:41 2015 +0200 + + Added gnutls_pkcs7_get_crl_raw2 + +Author: Nikos Mavrogiannopoulos +Date: Tue Jun 2 11:00:39 2015 +0200 + + certtool: print the signing time when available + +Author: Nikos Mavrogiannopoulos +Date: Tue Jun 2 11:00:26 2015 +0200 + + pkcs7 verification: parse the signing time + +Author: Nikos Mavrogiannopoulos +Date: Tue Jun 2 09:54:38 2015 +0200 + + on PKCS #7 verification check the the content type matches the signed data + +Author: Nikos Mavrogiannopoulos +Date: Tue Jun 2 09:22:36 2015 +0200 + + certtool: print more info about the PKCS #7 struct + +Author: Nikos Mavrogiannopoulos +Date: Tue Jun 2 09:15:53 2015 +0200 + + certtool: allow verification against a direct PKCS #7 signer + +Author: Nikos Mavrogiannopoulos +Date: Tue Jun 2 09:05:27 2015 +0200 + + tests: added checks with PKCS #7 detached data + +Author: Nikos Mavrogiannopoulos +Date: Tue Jun 2 09:03:34 2015 +0200 + + pkcs7 verification: return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE when no encapsulated data exist + +Author: Nikos Mavrogiannopoulos +Date: Tue Jun 2 08:57:34 2015 +0200 + + certtool: allow verifying PKCS #7 with detached data + +Author: Nikos Mavrogiannopoulos +Date: Mon Jun 1 21:37:44 2015 +0200 + + certtool: improved PKCS #7 verification output + +Author: Nikos Mavrogiannopoulos +Date: Mon Jun 1 21:33:02 2015 +0200 + + tests: check the key purpose in PKCS #7 verification + +Author: Nikos Mavrogiannopoulos +Date: Mon Jun 1 20:07:57 2015 +0200 + + tests: added PKCS #7 test with more than 1 certs + +Author: Nikos Mavrogiannopoulos +Date: Mon Jun 1 18:56:51 2015 +0200 + + certtool: allow verification of PKCS #7 structures + +Author: Nikos Mavrogiannopoulos +Date: Mon Jun 1 18:55:37 2015 +0200 + + Initialization of gnutls_x509_dn_t was modified to allow deinitialization after failure + +Author: Nikos Mavrogiannopoulos +Date: Mon Jun 1 15:19:03 2015 +0200 + + Added PKCS #7 signature(s) verification + +Author: Nikos Mavrogiannopoulos +Date: Mon Jun 1 15:13:10 2015 +0200 + + Added gnutls_pkcs11_get_raw_issuer_by_subject_key_id and gnutls_x509_trust_list_get_issuer_by_subject_key_id + +Author: Nikos Mavrogiannopoulos +Date: Mon Jun 1 14:34:57 2015 +0200 + + tests: added check for gnutls_x509_dn_get_str + +Author: Nikos Mavrogiannopoulos +Date: Mon Jun 1 14:26:19 2015 +0200 + + added gnutls_x509_dn_get_str + +Author: Nikos Mavrogiannopoulos +Date: Mon Jun 1 11:52:58 2015 +0200 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Mon Jun 1 11:51:32 2015 +0200 + + Added gnutls_x509_crt_verify_data2() and kept gnutls_privkey_sign_data() + +Author: Nikos Mavrogiannopoulos +Date: Mon Jun 1 10:43:46 2015 +0200 + + verify PKCS #7 signed data + +Author: Nikos Mavrogiannopoulos +Date: Fri May 29 14:41:13 2015 +0200 + + updated PKCS #7 code to cache signed_data + +Author: Nikos Mavrogiannopoulos +Date: Mon Jun 1 21:48:48 2015 +0200 + + When manual PKCS #11 configuration is requested don't initialize other providers + +Author: Nikos Mavrogiannopoulos +Date: Sun May 31 08:51:26 2015 +0200 + + certtool: deinitialize PKCS #7 resources + +Author: Nikos Mavrogiannopoulos +Date: Sun May 31 08:50:09 2015 +0200 + + tests: Added tests for PKCS7 cert extraction + +Author: Nikos Mavrogiannopoulos +Date: Fri May 29 16:37:36 2015 +0200 + + Revert "updated gnulib" + + This reverts commit c040ce6dd05b48b971d8dcc8fc8f23957ed15f9c. + +Author: Nikos Mavrogiannopoulos +Date: Fri May 29 14:39:58 2015 +0200 + + silence format-signness warnings in gcc5 + +Author: Nikos Mavrogiannopoulos +Date: Fri May 29 14:34:53 2015 +0200 + + updated gnulib + +Author: Nikos Mavrogiannopoulos +Date: Tue May 26 22:12:19 2015 +0200 + + Check the OID size for match when comparing for the OCSP nonce extension + + Reported by Hanno Böck. + +Author: Armin Burgmeier +Date: Sat May 23 23:30:18 2015 -0400 + + gnutls_dh_get_prime_bits: return 0 if DH is not used + + Before, the number of bits of a zero-length number was attempted to be + extracted, resulting in an error. The changed behaviour is consistent with + the documentation which explicitly states that 0 should be returned if no DH + key exchange was performed. + +Author: Nikos Mavrogiannopoulos +Date: Fri May 22 09:08:00 2015 +0200 + + gnutls_dh_get_group: mention that the values may include a leading zero + +Author: Nikos Mavrogiannopoulos +Date: Thu May 21 11:55:06 2015 +0200 + + gnutls_dh_set_prime_bits: warn when overriding the DH max prime size with 1007 bits or less + +Author: Nikos Mavrogiannopoulos +Date: Thu May 21 10:52:37 2015 +0200 + + cleanup unused variable + +Author: Nikos Mavrogiannopoulos +Date: Thu May 21 10:51:17 2015 +0200 + + corrected allocation check + +Author: Nikos Mavrogiannopoulos +Date: Thu May 21 10:46:26 2015 +0200 + + removed useless check + +Author: Nikos Mavrogiannopoulos +Date: Thu May 21 10:43:06 2015 +0200 + + document intentional fallthrough in switch + +Author: Nikos Mavrogiannopoulos +Date: Thu May 21 10:41:11 2015 +0200 + + ecc ext: check return code of _gnutls_buffer_append_data + +Author: Nikos Mavrogiannopoulos +Date: Sun May 17 21:11:14 2015 +0200 + + tests: enhance the no-signal check to include proper data sending + +Author: Nikos Mavrogiannopoulos +Date: Sun May 17 20:59:14 2015 +0200 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Sun May 17 20:57:48 2015 +0200 + + tests: check the operation of GNUTLS_NO_SIGNAL + +Author: Nikos Mavrogiannopoulos +Date: Sun May 17 20:33:48 2015 +0200 + + Allow the usage of MSG_NOSIGNAL in send functions + + That introduces the GNUTLS_NO_SIGNAL flag for gnutls_init(), + which is available in systems that support the MSG_NOSIGNAL + flag to send(). That eases the usage of the library within + other libraries. + Resolves #11 + +Author: Nikos Mavrogiannopoulos +Date: Fri May 15 12:03:23 2015 +0200 + + include nettle/memxor when needed + +Author: Nikos Mavrogiannopoulos +Date: Fri May 15 12:02:56 2015 +0200 + + gnutls-serv: send alert when wrong data have been received from client + +Author: Nikos Mavrogiannopoulos +Date: Thu May 14 15:32:09 2015 +0200 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Thu May 14 14:00:11 2015 +0200 + + camellia256-gcm: corrected regression + + Reported by Manuel Pegourie-Gonnard. + +Author: Nikos Mavrogiannopoulos +Date: Mon May 11 18:41:09 2015 +0200 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Wed May 6 15:22:05 2015 +0200 + + doc: added section about subject alternative names + +Author: Nikos Mavrogiannopoulos +Date: Wed May 6 11:17:09 2015 +0200 + + handshake_start_time was moved out of the DTLS-specific variables + +Author: Nikos Mavrogiannopoulos +Date: Wed May 6 11:13:05 2015 +0200 + + apply default timeout for DTLS in gnutls_handshake_set_timeout + +Author: Nikos Mavrogiannopoulos +Date: Wed May 6 10:03:16 2015 +0200 + + tests: do not perform internationalized name checks without libidn + +Author: Nikos Mavrogiannopoulos +Date: Wed May 6 09:52:39 2015 +0200 + + tests: updated sign-md5-rep to reduce false failures + +Author: Nikos Mavrogiannopoulos +Date: Tue May 5 16:40:37 2015 +0200 + + tests: eliminate mem leaks in mini-loss-time + +Author: Nikos Mavrogiannopoulos +Date: Tue May 5 15:55:19 2015 +0200 + + tests: testdane: remove dane.nox.su from the list of known to be good hosts + +Author: Nikos Mavrogiannopoulos +Date: Tue May 5 14:43:42 2015 +0200 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Tue May 5 14:41:55 2015 +0200 + + tests: mini-loss-time enhanced to check proper timeouts in both client and server + +Author: Nikos Mavrogiannopoulos +Date: Tue May 5 14:35:45 2015 +0200 + + dtls: combined the total timeouts of DTLS and TLS handshake + + That also makes the waits for packets more robust against blocking. + +Author: Nikos Mavrogiannopoulos +Date: Tue May 5 09:36:17 2015 +0200 + + define GNUTLS_SUPPLEMENTAL_USER_MAPPING_DATA + +Author: Nikos Mavrogiannopoulos +Date: Tue May 5 07:57:16 2015 +0200 + + doc: updated text to account for pkcs11-url standardization + +Author: Nikos Mavrogiannopoulos +Date: Sun May 3 19:43:40 2015 +0200 + + tests: mini-dtls-mtu: compile in windows + +Author: Jaak Ristioja +Date: Mon May 4 10:53:10 2015 +0300 + + doc: Fixed typo in heartbeat documentation. + +Author: Nikos Mavrogiannopoulos +Date: Sun May 3 19:39:52 2015 +0200 + + cross.mk: updated for 3.4.1 + +Author: Nikos Mavrogiannopoulos +Date: Sun May 3 19:36:02 2015 +0200 + + updated abi base for 3.4 + +Author: Nikos Mavrogiannopoulos +Date: Sun May 3 19:24:23 2015 +0200 + + NEWS: updated + +Author: Nikos Mavrogiannopoulos +Date: Sun May 3 19:09:19 2015 +0200 + + released 3.4.1 + +Author: Nikos Mavrogiannopoulos +Date: Thu Apr 30 18:48:57 2015 +0200 + + doc: updated gnutls_dtls_set_timeouts + +Author: Nikos Mavrogiannopoulos +Date: Thu Apr 30 16:40:24 2015 +0200 + + doc: fixed example with DTLS timeouts + +Author: Nikos Mavrogiannopoulos +Date: Thu Apr 30 16:32:40 2015 +0200 + + use macro for DTLS default timeout + +Author: Nikos Mavrogiannopoulos +Date: Thu Apr 30 16:28:24 2015 +0200 + + gnutls_handshake_set_timeout will properly work with DTLS + +Author: Nikos Mavrogiannopoulos +Date: Thu Apr 30 14:09:22 2015 +0200 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Thu Apr 30 14:53:17 2015 +0200 + + document the need for gnutls_transport_set_pull_timeout_function + +Author: Nikos Mavrogiannopoulos +Date: Thu Apr 30 14:06:09 2015 +0200 + + doc: updated async operation text + +Author: Nikos Mavrogiannopoulos +Date: Thu Apr 30 13:53:19 2015 +0200 + + disable default handshake timeout + + It caused issues with non-blocking TLS clients and servers + which may not want to block while the pull timeout function + waits. + +Author: Nikos Mavrogiannopoulos +Date: Thu Apr 30 13:38:26 2015 +0200 + + tests: added check to verify that pull timeout is not called on non-blocking sessions + +Author: Nikos Mavrogiannopoulos +Date: Thu Apr 30 13:22:34 2015 +0200 + + GNUTLS_NONBLOCK can be used for non-DTLS sessions as well + +Author: Nikos Mavrogiannopoulos +Date: Wed Apr 29 14:44:30 2015 +0200 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Wed Apr 29 14:44:30 2015 +0200 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Tue Apr 28 16:12:13 2015 +0200 + + tests: key generation test was moved to main checks + + This will allow to catch memory leaks with valgrind. + +Author: Jan Vcelak +Date: Tue Apr 28 13:50:40 2015 +0200 + + fix memory leak in ECDSA key parameters verification + + Signed-off-by: Jan Vcelak + +Author: Nikos Mavrogiannopoulos +Date: Tue Apr 28 14:30:35 2015 +0200 + + updated minitasn1 + +Author: Nikos Mavrogiannopoulos +Date: Tue Apr 28 14:29:41 2015 +0200 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Tue Apr 28 14:26:57 2015 +0200 + + Handle DNS name constraints with leading dot + + Patch by Fotis Loukos. + Resolves 3 + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Tue Apr 28 09:02:12 2015 +0200 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Mon Apr 27 09:16:42 2015 +0200 + + updated text for gnutls_pkcs11_init + +Author: Nikos Mavrogiannopoulos +Date: Mon Apr 27 09:08:10 2015 +0200 + + updated pkcs11 loading documentation + +Author: Nikos Mavrogiannopoulos +Date: Sun Apr 26 08:31:12 2015 +0200 + + tests: mini-etm: use TLS as the transport layer + +Author: Nikos Mavrogiannopoulos +Date: Sun Apr 26 08:29:19 2015 +0200 + + tests: added comment for sign-md5-rep + +Author: Nikos Mavrogiannopoulos +Date: Sun Apr 26 08:11:17 2015 +0200 + + more files to ignore + +Author: Nikos Mavrogiannopoulos +Date: Sun Apr 26 00:04:13 2015 +0200 + + Sync with TP. + +Author: Nikos Mavrogiannopoulos +Date: Sat Apr 25 21:23:38 2015 +0200 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Sat Apr 25 20:00:04 2015 +0200 + + tests: added reproducer for the MD5 acceptance issue + + Reported by Karthikeyan Bhargavan. + http://lists.gnutls.org/pipermail/gnutls-devel/2015-April/007572.html + +Author: Nikos Mavrogiannopoulos +Date: Sat Apr 25 19:34:34 2015 +0200 + + before falling back to SHA1 as signature algorithm in TLS 1.2 check if it is enabled + +Author: Nikos Mavrogiannopoulos +Date: Sat Apr 25 19:14:07 2015 +0200 + + _gnutls_session_sign_algo_enabled: do not consider any values from the extension data to decide acceptable algorithms + +Author: Nikos Mavrogiannopoulos +Date: Sat Apr 25 09:28:57 2015 +0200 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Sat Apr 25 09:13:04 2015 +0200 + + tests: added unit tests for gnutls_certificate_client_get_request_status + +Author: Nikos Mavrogiannopoulos +Date: Sat Apr 25 09:12:04 2015 +0200 + + set the value used by gnutls_certificate_client_get_request_status prior to selecting certificate + + That allows gnutls_certificate_client_get_request_status() to be properly operating + from the callback. Reported by Anton Lavrentiev. + +Author: Nikos Mavrogiannopoulos +Date: Sat Apr 25 09:10:15 2015 +0200 + + updated doc for retrieve function + +Author: Nikos Mavrogiannopoulos +Date: Fri Apr 24 16:04:44 2015 +0200 + + updated PKCS #11 URL references to rfc7512 + +Author: Nikos Mavrogiannopoulos +Date: Wed Apr 22 14:00:45 2015 +0200 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Wed Apr 22 13:54:18 2015 +0200 + + tests: added check for gnutls_credentials_get + +Author: Nikos Mavrogiannopoulos +Date: Wed Apr 22 13:49:10 2015 +0200 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Wed Apr 22 13:41:17 2015 +0200 + + fixed doc: reported by Anton Lavrentiev + +Author: Nikos Mavrogiannopoulos +Date: Wed Apr 22 11:33:34 2015 +0200 + + doc: corrected typo + +Author: Nikos Mavrogiannopoulos +Date: Tue Apr 21 22:08:56 2015 +0200 + + tests: resume-dtls: remove global variables + +Author: Andreas Metzler +Date: Tue Apr 21 19:18:00 2015 +0200 + + List all certificate type priority strings. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sun Apr 19 21:23:21 2015 +0200 + + tls-rsa: keep a common code path when doing RSA decryption + + Suggested by Nimrod Aviram. + +Author: Nikos Mavrogiannopoulos +Date: Tue Apr 21 15:20:38 2015 +0200 + + tests: initialize status where needed + +Author: Nikos Mavrogiannopoulos +Date: Tue Apr 21 15:18:11 2015 +0200 + + tests: cleanup openpgp-auth2 + +Author: Nikos Mavrogiannopoulos +Date: Tue Apr 21 15:17:38 2015 +0200 + + tests: cleanup mini-dtls-rehandshake + +Author: Nikos Mavrogiannopoulos +Date: Tue Apr 21 13:46:36 2015 +0200 + + tests: resume: check for signals + +Author: Nikos Mavrogiannopoulos +Date: Tue Apr 21 10:42:50 2015 +0200 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Tue Apr 21 10:40:41 2015 +0200 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Tue Apr 21 10:36:07 2015 +0200 + + tests: reduced compiler warnings + +Author: Nikos Mavrogiannopoulos +Date: Tue Apr 21 10:07:30 2015 +0200 + + tests: verify the return value of gnutls_certificate_get_ours when no cert is sent + +Author: Nikos Mavrogiannopoulos +Date: Tue Apr 21 10:07:11 2015 +0200 + + tests: close unused file descriptors in resume checks + +Author: Nikos Mavrogiannopoulos +Date: Mon Apr 20 23:39:08 2015 +0200 + + libopts: fixed the reading of the --enable-local-libopts flag + +Author: Nikos Mavrogiannopoulos +Date: Mon Apr 20 17:51:20 2015 +0200 + + gnutls-cli: when no certificate is sent, notify the user + +Author: Nikos Mavrogiannopoulos +Date: Mon Apr 20 17:45:33 2015 +0200 + + tests: added check with X.509 certificates and callbacks + + That corresponds to functionality checked in openpgp-callback.c + +Author: Nikos Mavrogiannopoulos +Date: Mon Apr 20 17:38:10 2015 +0200 + + tests: added check for gnutls_certificate_get_ours() when used in combination with callbacks + +Author: Nikos Mavrogiannopoulos +Date: Mon Apr 20 16:46:34 2015 +0200 + + tests: improved x509dn check + +Author: Nikos Mavrogiannopoulos +Date: Mon Apr 20 16:43:51 2015 +0200 + + gnutls_certificate_get_ours: will return the certificate even if a callback was used + + This corrects a bug where this function would not work, when + gnutls_certificate_set_retrieve_function2() was used. + +Author: Nikos Mavrogiannopoulos +Date: Mon Apr 20 16:31:55 2015 +0200 + + gnutls-cli: when a certificate is specified require the corresponding private key + +Author: Nikos Mavrogiannopoulos +Date: Mon Apr 20 16:25:21 2015 +0200 + + ensure that the X.509 version number is one byte only + +Author: Nikos Mavrogiannopoulos +Date: Mon Apr 20 14:04:37 2015 +0200 + + Check for invalid length in the X.509 version field + + If such an invalid length is detected, reject the certificate. + Reported by Hanno Böck. + +Author: Nikos Mavrogiannopoulos +Date: Mon Apr 20 13:57:31 2015 +0200 + + ocsp: initialize certs to NULL + +Author: Nikos Mavrogiannopoulos +Date: Mon Apr 20 12:45:56 2015 +0200 + + gnutls-serv: print when the peer's certificate is not verified + +Author: Nikos Mavrogiannopoulos +Date: Sun Apr 19 09:42:05 2015 +0200 + + Sync with TP. + +Author: Tim Kosse +Date: Sat Apr 18 11:38:57 2015 +0200 + + ncrypt.h lacks some defines with some versions of MinGW. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Sun Apr 19 09:19:22 2015 +0200 + + updated auto-generated files + +Author: Tim Kosse +Date: Sat Apr 18 11:38:56 2015 +0200 + + Fix a preprocessor warning about mismatched quotes. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Tim Kosse +Date: Sat Apr 18 11:38:55 2015 +0200 + + Set _WIN32_WINNT to 0x600, at least with some MinGW versions ncrypt.h checks this define to be at least 0x600. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Tim Kosse +Date: Sat Apr 18 11:38:54 2015 +0200 + + Fix include order, include gnutls_int.h before gnutls.h, otherwise undefined external references to gnutls_free and gnutls_strdup are the result when statically linking against GnuTLS built by MinGW. + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Thu Apr 16 19:36:32 2015 +0300 + + gnutls-cli: removed CCM from the ciphers tested with the old API + + That prevents a crash of the benchmark. Reported by James Cloos. + +Author: Nikos Mavrogiannopoulos +Date: Thu Apr 16 19:24:46 2015 +0300 + + refuse to use the old cipher API with AEAD-only ciphers + +Author: Nikos Mavrogiannopoulos +Date: Thu Apr 16 00:16:22 2015 +0300 + + tests: ignore sigpipe in resume and termination tests + +Author: Nikos Mavrogiannopoulos +Date: Wed Apr 15 20:05:59 2015 +0300 + + doc: added error check in example + +Author: Nikos Mavrogiannopoulos +Date: Wed Apr 15 20:03:06 2015 +0300 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Wed Apr 15 16:00:53 2015 +0300 + + doc: removed stray @end + +Author: Nikos Mavrogiannopoulos +Date: Wed Apr 15 11:53:39 2015 +0300 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Wed Apr 15 11:49:26 2015 +0300 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Wed Apr 15 11:48:21 2015 +0300 + + x509: when printing the keyid of a certificate use the curve name for randomart + +Author: Nikos Mavrogiannopoulos +Date: Wed Apr 15 11:47:39 2015 +0300 + + gnutls_x509_crt_get_pk_* are based on gnutls_pubkey_export_* + +Author: Nikos Mavrogiannopoulos +Date: Wed Apr 15 11:45:08 2015 +0300 + + gnutls_pubkey_export_* are tolerable in null input + +Author: Nikos Mavrogiannopoulos +Date: Wed Apr 15 11:41:54 2015 +0300 + + Added gnutls_x509_crt_get_pk_ecc_raw() + +Author: Nikos Mavrogiannopoulos +Date: Wed Apr 15 11:24:01 2015 +0300 + + randomart: corrected usage of snprintf + +Author: Nikos Mavrogiannopoulos +Date: Tue Apr 14 22:11:14 2015 +0300 + + certtool: when generating an ECDSA key use the curve name in random art + +Author: Nikos Mavrogiannopoulos +Date: Tue Apr 14 22:08:18 2015 +0300 + + randomart: only print key size if it is non-zero + +Author: Nikos Mavrogiannopoulos +Date: Tue Apr 14 22:01:29 2015 +0300 + + cross.mk: updated for 3.4.0 + +Author: Nikos Mavrogiannopoulos +Date: Tue Apr 14 21:33:19 2015 +0300 + + Remove SOCK_CLOEXEC from socket() call. + + That allows compilation in systems where this + flag doesn't exist. + Resolves #7 + +Author: Nikos Mavrogiannopoulos +Date: Tue Apr 14 16:06:39 2015 +0300 + + document the recommended re-handshake process + +Author: Nikos Mavrogiannopoulos +Date: Thu Apr 9 16:00:43 2015 +0200 + + remove duplicate entries from manpages Makefile + +Author: Nikos Mavrogiannopoulos +Date: Wed Apr 8 17:08:07 2015 +0200 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Wed Apr 8 17:07:11 2015 +0200 + + tests: enhanced cert tests with SHA256 key IDs + +Author: Nikos Mavrogiannopoulos +Date: Wed Apr 8 16:56:44 2015 +0200 + + certtool: modified to allow different key ID algorithms + +Author: Nikos Mavrogiannopoulos +Date: Wed Apr 8 16:48:46 2015 +0200 + + Added flags which modify the algorithm used for key ID calculation + +Author: Nikos Mavrogiannopoulos +Date: Wed Apr 8 16:33:47 2015 +0200 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Wed Apr 8 16:18:37 2015 +0200 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Wed Apr 8 16:16:42 2015 +0200 + + gnutls_record_discard_queued() is both for TLS and DTLS + +Author: Nikos Mavrogiannopoulos +Date: Wed Apr 8 08:59:54 2015 +0200 + + document the new crypto register functions + +Author: Nikos Mavrogiannopoulos +Date: Wed Apr 8 08:53:39 2015 +0200 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Wed Apr 8 08:49:45 2015 +0200 + + doc: avoid spaces in showfunc + +Author: Nikos Mavrogiannopoulos +Date: Wed Apr 8 08:15:24 2015 +0200 + + tests: added files into dist + +Author: Nikos Mavrogiannopoulos +Date: Wed Apr 8 08:08:14 2015 +0200 + + configure: ask for nettle 3.1 + +Author: Nikos Mavrogiannopoulos +Date: Wed Apr 8 08:06:52 2015 +0200 + + released 3.4.0 + +Author: Nikos Mavrogiannopoulos +Date: Tue Apr 7 23:28:06 2015 +0200 + + gnutls-cli: document the method to override the detected ciphers + +Author: Nikos Mavrogiannopoulos +Date: Tue Apr 7 23:21:23 2015 +0200 + + fixed AESNI CCM encryption + +Author: Nikos Mavrogiannopoulos +Date: Tue Apr 7 23:14:48 2015 +0200 + + cleanups in CCM-aesni + +Author: Nikos Mavrogiannopoulos +Date: Tue Apr 7 22:28:29 2015 +0200 + + tests: test CCM-8 against polarssl + +Author: Nikos Mavrogiannopoulos +Date: Tue Apr 7 22:21:45 2015 +0200 + + gnutls-cli-debug: test for AES-CCM + +Author: Nikos Mavrogiannopoulos +Date: Tue Apr 7 22:10:43 2015 +0200 + + doc: added 'git submodule update' to clone steps + +Author: Nikos Mavrogiannopoulos +Date: Tue Apr 7 22:00:17 2015 +0200 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Tue Apr 7 21:38:11 2015 +0200 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Tue Apr 7 20:24:10 2015 +0200 + + removed unused functions + +Author: Nikos Mavrogiannopoulos +Date: Tue Apr 7 16:03:16 2015 +0200 + + extend the fallback to setkey in addition to init + +Author: Nikos Mavrogiannopoulos +Date: Tue Apr 7 15:50:23 2015 +0200 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Tue Apr 7 15:48:41 2015 +0200 + + tests: verify the behavior of GNUTLS_E_NEED_FALLBACK + +Author: Nikos Mavrogiannopoulos +Date: Tue Apr 7 15:39:18 2015 +0200 + + introduced GNUTLS_E_NEED_FALLBACK to allow falling back from registered ciphers + + That allows a registered cipher to indicate that it cannot operate + (e.g., due to memory constraints, or internal limits), and gnutls should + proceed with the default algorithms. + +Author: Nikos Mavrogiannopoulos +Date: Tue Apr 7 10:53:54 2015 +0200 + + ciphersuites: moved CCM ciphersuites in the appropriate ifdefs + +Author: Nikos Mavrogiannopoulos +Date: Tue Apr 7 10:51:25 2015 +0200 + + tests: ciphersuite test will ignore the invalid names of TLS_DHE_PSK_WITH_AES_128_CCM_8 + + That is because the names in rfc6655 are for some reason different + than the expected. + +Author: Nikos Mavrogiannopoulos +Date: Tue Apr 7 10:47:00 2015 +0200 + + document CCM and CCM-8 + +Author: Nikos Mavrogiannopoulos +Date: Tue Apr 7 10:44:02 2015 +0200 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Tue Apr 7 10:42:36 2015 +0200 + + tests: added CCM and CCM_8 into ciphersuite tests + +Author: Nikos Mavrogiannopoulos +Date: Tue Apr 7 10:31:23 2015 +0200 + + Added CCM-8 ciphersuites + +Author: Nikos Mavrogiannopoulos +Date: Mon Apr 6 19:14:31 2015 +0200 + + updated announce text + +Author: Nikos Mavrogiannopoulos +Date: Mon Apr 6 10:49:15 2015 +0200 + + symbols: added the new supplemental functions + +Author: Nikos Mavrogiannopoulos +Date: Mon Apr 6 10:08:16 2015 +0200 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Sun Apr 5 20:43:18 2015 +0200 + + tests: delay tests that depend on timing when they fail + + That often prevents failures on busy systems. + +Author: Nikos Mavrogiannopoulos +Date: Sat Apr 4 18:31:28 2015 +0200 + + don't enforce iv_size > block_size; it is no longer true for all ciphers + +Author: Nikos Mavrogiannopoulos +Date: Sat Apr 4 15:10:26 2015 +0200 + + simplified calc_enc_length_stream + +Author: Nikos Mavrogiannopoulos +Date: Sat Apr 4 14:49:03 2015 +0200 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Sat Apr 4 14:29:58 2015 +0200 + + tests: updated supplemental API + +Author: Nikos Mavrogiannopoulos +Date: Sat Apr 4 12:42:21 2015 +0200 + + gnutls_ext_register will fail on double registration + +Author: Nikos Mavrogiannopoulos +Date: Sat Apr 4 12:37:38 2015 +0200 + + gnutls_supplemental_register will fail on double registration + +Author: Nikos Mavrogiannopoulos +Date: Sat Apr 4 12:05:40 2015 +0200 + + symbols: added new exported functions + +Author: Nikos Mavrogiannopoulos +Date: Sat Apr 4 12:04:34 2015 +0200 + + doc: updated makefiles to include new functions + +Author: Nikos Mavrogiannopoulos +Date: Sat Apr 4 12:03:37 2015 +0200 + + libgnutls.map: remove gnutls_record_set_max_empty_records + +Author: Nikos Mavrogiannopoulos +Date: Sat Apr 4 11:54:03 2015 +0200 + + account for the renamed gnutls_supplemental_recv/send + +Author: Nikos Mavrogiannopoulos +Date: Sat Apr 4 11:50:54 2015 +0200 + + document the export supplemental data API + +Author: Nikos Mavrogiannopoulos +Date: Sat Apr 4 11:45:28 2015 +0200 + + gnutls_do_recv/send_supplemental -> gnutls_supplemental_recv/send + + Also added the gnutls_ prefix to new types. + +Author: Nikos Mavrogiannopoulos +Date: Sat Apr 4 11:34:55 2015 +0200 + + Added documentation for gnutls_do_send/recv_supplemental + +Author: Nikos Mavrogiannopoulos +Date: Sat Apr 4 10:30:56 2015 +0200 + + doc updates + +Author: Nikos Mavrogiannopoulos +Date: Sat Apr 4 09:43:16 2015 +0200 + + the base64 xxx_alloc functions were renamed to xxx2 + + That brings them in par with the rest of the allocation + functions. + +Author: Nikos Mavrogiannopoulos +Date: Sat Apr 4 09:36:34 2015 +0200 + + p11tool: use the key usage flags to set PKCS #11 properties + +Author: Nikos Mavrogiannopoulos +Date: Sat Apr 4 09:31:00 2015 +0200 + + pkcs11: use key_usage to set the appropriate flags + +Author: Nikos Mavrogiannopoulos +Date: Sat Apr 4 08:53:33 2015 +0200 + + cleanups in supplemental data support + +Author: Nikos Mavrogiannopoulos +Date: Sat Apr 4 07:36:47 2015 +0200 + + DH: do not warn on zero q_bits + +Author: Nikos Mavrogiannopoulos +Date: Fri Apr 3 22:52:17 2015 +0200 + + NEWS: rearrange entries + +Author: Nikos Mavrogiannopoulos +Date: Fri Apr 3 22:35:24 2015 +0200 + + certtool: certtool --generate-dh-params will account for --outder + + Resolves #5 + +Author: Nikos Mavrogiannopoulos +Date: Thu Apr 2 15:30:20 2015 +0200 + + chacha20-poly1305: ciphersuite numbers correspond to the latest draft + +Author: Nikos Mavrogiannopoulos +Date: Thu Apr 2 15:27:51 2015 +0200 + + p11tool: improved output message + +Author: Nikos Mavrogiannopoulos +Date: Thu Apr 2 12:54:45 2015 +0200 + + removed unecessary warning + +Author: Nikos Mavrogiannopoulos +Date: Wed Apr 1 19:08:33 2015 +0200 + + doc update: account for new functions + +Author: Nikos Mavrogiannopoulos +Date: Wed Apr 1 18:42:13 2015 +0200 + + p11tool: better output text + +Author: Nikos Mavrogiannopoulos +Date: Wed Apr 1 18:40:47 2015 +0200 + + pkcs11: added GNUTLS_PKCS11_OBJ_FLAG_EXPECT_PUBKEY + + Also enforce the expected flags despite any given flags + in the URL. + +Author: Nikos Mavrogiannopoulos +Date: Wed Apr 1 18:29:08 2015 +0200 + + p11tool: added the --test-sign parameter + + That allows to check an existing key for signing/verification. + +Author: Nikos Mavrogiannopoulos +Date: Wed Apr 1 16:52:48 2015 +0200 + + gnutls_priv/pubkey_import_url replace: gnutls_privkey_import_pkcs11_url and gnutls_pubkey_import_pkcs11_url + +Author: Nikos Mavrogiannopoulos +Date: Wed Apr 1 16:02:02 2015 +0200 + + certtool: corrected import of pubkey in DER format + +Author: Nikos Mavrogiannopoulos +Date: Wed Apr 1 10:50:08 2015 +0200 + + tests: added check for EtM negotiation + +Author: Nikos Mavrogiannopoulos +Date: Wed Apr 1 10:42:28 2015 +0200 + + only send EtM extension if we have CBC ciphersuites + +Author: Nikos Mavrogiannopoulos +Date: Wed Apr 1 10:04:54 2015 +0200 + + mention gnutls_privkey_sign_raw_data in upgrade section + +Author: Nikos Mavrogiannopoulos +Date: Wed Apr 1 09:55:09 2015 +0200 + + gnutls_privkey_sign_raw_data: converted to macro over gnutls_privkey_sign_hash + +Author: Nikos Mavrogiannopoulos +Date: Wed Apr 1 10:00:31 2015 +0200 + + tests: added check for the legacy gnutls_privkey_sign_raw_data + +Author: Nikos Mavrogiannopoulos +Date: Tue Mar 31 11:16:45 2015 +0200 + + avoid compilation warnings in self checks (take 2) + +Author: Nikos Mavrogiannopoulos +Date: Tue Mar 31 11:15:04 2015 +0200 + + Revert "selftests: avoid compilatio warnings" + + This reverts commit 196477d68f32b30d0de8e203a5c1c405af429603. + +Author: Nikos Mavrogiannopoulos +Date: Tue Mar 31 08:50:45 2015 +0200 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Tue Mar 31 08:48:37 2015 +0200 + + tests: check whether PKCS #11 ID set on copy/generation is correct + +Author: Nikos Mavrogiannopoulos +Date: Tue Mar 31 08:29:33 2015 +0200 + + p11tool: allow setting the CKA_ID on object initialization/generation + +Author: Nikos Mavrogiannopoulos +Date: Tue Mar 31 08:22:58 2015 +0200 + + exported new functions + +Author: Nikos Mavrogiannopoulos +Date: Tue Mar 31 08:19:18 2015 +0200 + + pkcs11: enhanced key generation functions to allow specifying a CKA_ID + +Author: Nikos Mavrogiannopoulos +Date: Tue Mar 31 08:14:27 2015 +0200 + + selftests: avoid compilatio warnings + +Author: Nikos Mavrogiannopoulos +Date: Mon Mar 30 16:12:27 2015 +0200 + + enhanced copy functions to allow specifying a CKA_ID + +Author: Nikos Mavrogiannopoulos +Date: Mon Mar 30 09:57:41 2015 +0200 + + tests: mini-server-name: ignore sigpipe + +Author: Nikos Mavrogiannopoulos +Date: Mon Mar 30 07:48:15 2015 +0200 + + tests: added more libidn-related valgrind suppressions + +Author: Nikos Mavrogiannopoulos +Date: Mon Mar 30 07:05:27 2015 +0200 + + doc: increase border spacing in HTML tables + +Author: Nikos Mavrogiannopoulos +Date: Mon Mar 30 06:59:19 2015 +0200 + + doc: list chacha20-poly1305 to the list of ciphers + +Author: Nikos Mavrogiannopoulos +Date: Mon Mar 30 06:47:51 2015 +0200 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Mon Mar 30 06:37:52 2015 +0200 + + manpages: automatically adjust the copyright year on generated pages + +Author: Nikos Mavrogiannopoulos +Date: Mon Mar 30 06:34:37 2015 +0200 + + tests: added check for gnutls_server_name_get and gnutls_server_name_set + +Author: Nikos Mavrogiannopoulos +Date: Sun Mar 29 10:54:11 2015 +0200 + + test-ciphers.js: improved ciphersuite checks + +Author: Nikos Mavrogiannopoulos +Date: Sun Mar 29 10:49:23 2015 +0200 + + corrected GNUTLS_ECDHE_ECDSA_CHACHA20_POLY1305 + +Author: Nikos Mavrogiannopoulos +Date: Sun Mar 29 10:27:57 2015 +0200 + + updated test-ciphersuite.sh for new types + +Author: Nikos Mavrogiannopoulos +Date: Sat Mar 28 23:18:06 2015 +0100 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Sat Mar 28 22:41:03 2015 +0100 + + Better fix for the double free in dist point parsing + +Author: Nikos Mavrogiannopoulos +Date: Sat Mar 28 22:31:09 2015 +0100 + + updated minitasn1 + +Author: Nikos Mavrogiannopoulos +Date: Sat Mar 28 19:34:29 2015 +0100 + + gnutls_pkcs11_copy_x509_privkey: increase size for attributes + +Author: Nikos Mavrogiannopoulos +Date: Sat Mar 28 19:21:48 2015 +0100 + + moved chacha20-poly1305 ciphersuites to the 0xCD space + +Author: Nikos Mavrogiannopoulos +Date: Sat Mar 28 13:45:23 2015 +0100 + + doc update: replace cryptographic algorithm by encryption algorithm + +Author: Nikos Mavrogiannopoulos +Date: Sat Mar 28 12:43:58 2015 +0100 + + gnutls_subject_alt_names_set and gnutls_x509_aki_set_cert_issuer will set null-terminated strings + +Author: Jiří Klimeš +Date: Fri Mar 27 19:55:40 2015 +0100 + + doc: be consistent in the function descriptions + + Signed-off-by: Jiří Klimeš + +Author: Jiří Klimeš +Date: Fri Mar 27 20:00:45 2015 +0100 + + doc: correct the description of crypto API functions + + Signed-off-by: Jiří Klimeš + +Author: Jiří Klimeš +Date: Fri Mar 27 12:58:34 2015 +0100 + + Fix a few compiler warnings about unused variables + + [-Wunused-variable] + + Signed-off-by: Jiří Klimeš + +Author: Nikos Mavrogiannopoulos +Date: Sat Mar 28 12:00:36 2015 +0100 + + fixed CHACHA20-POLY1305 in DTLS + +Author: Nikos Mavrogiannopoulos +Date: Sat Mar 28 11:08:28 2015 +0100 + + gnutls-cli: added chacha-poly1305 into benchmarks + +Author: Nikos Mavrogiannopoulos +Date: Sat Mar 28 10:57:54 2015 +0100 + + when calculating record overhead account for chacha20 which doesn't send the nonce on the wire + +Author: Nikos Mavrogiannopoulos +Date: Sat Mar 28 10:54:02 2015 +0100 + + tests: include chacha20 into transfer tests + +Author: Nikos Mavrogiannopoulos +Date: Sat Mar 28 10:40:47 2015 +0100 + + Added the CHACHA20-POLY1305 ciphersuites (with random IDs) + +Author: Nikos Mavrogiannopoulos +Date: Sat Mar 28 09:59:38 2015 +0100 + + added chacha20-poly1305 as cipher + +Author: Nikos Mavrogiannopoulos +Date: Sat Mar 28 09:09:02 2015 +0100 + + tests: check retvals in block ciphers + +Author: Nikos Mavrogiannopoulos +Date: Sat Mar 28 09:06:16 2015 +0100 + + do not penalize CBC ciphers with the maximum send data size + + That reduced the maximum send size for CBC ciphers from 16384 + to 16384-(block size), which was unnecessary and was causing issues: + https://bugs.winehq.org/show_bug.cgi?id=37500 + +Author: Nikos Mavrogiannopoulos +Date: Sat Mar 28 08:18:32 2015 +0100 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Sat Mar 28 08:18:17 2015 +0100 + + gnutls_record_set_max_empty_records: removed + +Author: Nikos Mavrogiannopoulos +Date: Mon Mar 23 22:55:29 2015 +0100 + + eliminated double-free in the parsing of dist points + + Reported by Robert Święcki. + +Author: Nikos Mavrogiannopoulos +Date: Mon Mar 23 22:29:23 2015 +0100 + + Added a tight loop around the legacy push function + + That reduces the need for more expensive outer loops. + Originally suggested by Anton Lavrentiev. + +Author: Nikos Mavrogiannopoulos +Date: Mon Mar 23 19:19:49 2015 +0100 + + updated gnulib + +Author: Nikos Mavrogiannopoulos +Date: Fri Mar 27 14:01:20 2015 +0100 + + p11tool: more precise documentation of --set-id parameter + +Author: Nikos Mavrogiannopoulos +Date: Fri Mar 27 11:05:08 2015 +0100 + + depend on nettle 3.1 or later + +Author: Nikos Mavrogiannopoulos +Date: Fri Mar 27 10:42:48 2015 +0100 + + tests: updated email check for renamed --verify-email option + +Author: Nikos Mavrogiannopoulos +Date: Fri Mar 27 10:32:29 2015 +0100 + + gnutls_pkcs11_privkey_generate2: increased the size of ck_attributes + +Author: Nikos Mavrogiannopoulos +Date: Fri Mar 27 10:31:03 2015 +0100 + + pkcs11: check gnutls_rnd() for error condition + +Author: Nikos Mavrogiannopoulos +Date: Fri Mar 27 10:27:10 2015 +0100 + + gnutls_pkcs11_privkey_generate2: set a CKA_ID on key generation + +Author: Nikos Mavrogiannopoulos +Date: Fri Mar 27 10:25:59 2015 +0100 + + p11tool: reduced debugging output + +Author: Nikos Mavrogiannopoulos +Date: Fri Mar 27 09:47:40 2015 +0100 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Fri Mar 27 09:47:12 2015 +0100 + + certtool: --purpose, --hostname were renamed to --verify-purpose, --verify-hostname + +Author: Nikos Mavrogiannopoulos +Date: Thu Mar 26 16:46:43 2015 +0100 + + p11tool: added --mark-no-sign and --mark-no-decrypt options + +Author: Nikos Mavrogiannopoulos +Date: Thu Mar 26 16:34:46 2015 +0100 + + pkcs11: added flags to mark keys as not-being signable or decryptable + + That adds GNUTLS_PKCS11_OBJ_FLAG_MARK_NO_DECRYPT and GNUTLS_PKCS11_OBJ_FLAG_MARK_NO_SIGN + which can be set during generation or write of keys. + +Author: Nikos Mavrogiannopoulos +Date: Thu Mar 26 16:21:28 2015 +0100 + + pkcs11: set the CKA_SIGN and CKA_DECRYPT flags when writing a private key + +Author: Nikos Mavrogiannopoulos +Date: Thu Mar 26 13:16:52 2015 +0100 + + tests: cleanups in resume-dtls + +Author: Nikos Mavrogiannopoulos +Date: Thu Mar 26 11:26:14 2015 +0100 + + ext: server_name: move name length check prior to IDN convertion + +Author: Nikos Mavrogiannopoulos +Date: Thu Mar 26 11:04:37 2015 +0100 + + When an application calls gnutls_server_name_set() with a name of zero size disable the extension + + Resolves #2 + +Author: Nikos Mavrogiannopoulos +Date: Thu Mar 26 09:25:10 2015 +0100 + + gnutls_x509_crt_check_hostname2: check CN for match only if certificate would have been acceptable for GNUTLS_KP_TLS_WWW_SERVER + +Author: Nikos Mavrogiannopoulos +Date: Thu Mar 26 09:20:34 2015 +0100 + + Apply DNS name constraints on CN field only on certificates acceptable for TLS WWW SERVER purpose + + Suggested by Fotis Loukos. + +Author: Nikos Mavrogiannopoulos +Date: Wed Mar 25 17:10:06 2015 +0100 + + tests: mini-loss-time is less prone to timeouts + +Author: Nikos Mavrogiannopoulos +Date: Wed Mar 25 15:56:32 2015 +0100 + + tests: added valgrind suppressions in cert-tests for libidn + +Author: Nikos Mavrogiannopoulos +Date: Wed Mar 25 15:52:15 2015 +0100 + + certtool: eliminated memory leaks on verification + +Author: Nikos Mavrogiannopoulos +Date: Wed Mar 25 10:39:35 2015 +0100 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Wed Mar 25 10:21:31 2015 +0100 + + tests: Added email verification tests with certtool + +Author: Nikos Mavrogiannopoulos +Date: Wed Mar 25 10:05:33 2015 +0100 + + certtool: added the --email option, to use in verification + +Author: Nikos Mavrogiannopoulos +Date: Wed Mar 25 10:04:56 2015 +0100 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Wed Mar 25 09:42:16 2015 +0100 + + Added gnutls_x509_crt_check_email(), gnutls_openpgp_crt_check_email() and GNUTLS_DT_RFC822NAME + +Author: Nikos Mavrogiannopoulos +Date: Wed Mar 25 09:02:53 2015 +0100 + + tests: verify that we accept a certificate with no name even if its CA has nameconstraints + +Author: Nikos Mavrogiannopoulos +Date: Wed Mar 25 08:38:47 2015 +0100 + + name constraints: when no name of the type is found, accept the certificate + + This follows RFC5280 advice closely. Reported by Fotis Loukos. + +Author: Nikos Mavrogiannopoulos +Date: Tue Mar 24 10:49:32 2015 +0100 + + tests: increase the timeout in resume-dtls + +Author: Nikos Mavrogiannopoulos +Date: Tue Mar 24 10:09:43 2015 +0100 + + gnutls_pkcs11_obj_export3: allow operation when raw.data is NULL and we have a public key + +Author: Nikos Mavrogiannopoulos +Date: Tue Mar 24 09:58:17 2015 +0100 + + pkcs11: simplified export of objects + + That also allows to export public keys, even when a CKA_VALUE + with the public key is not present. For that we use the key + parameters, which we encode into a key. Issue reported by + Frank Leavis. + +Author: Nikos Mavrogiannopoulos +Date: Tue Mar 24 08:37:35 2015 +0100 + + gnulib: removed u64 module + +Author: Nikos Mavrogiannopoulos +Date: Tue Mar 24 08:36:33 2015 +0100 + + drop support for gnulib's u64 + +Author: Nikos Mavrogiannopoulos +Date: Mon Mar 23 13:09:08 2015 +0100 + + tests: check legacy RC4 in testcompat + + That would prevent losing compatibility without detecting it. + That is currently the case since it is no longer enabled by default. + +Author: Nikos Mavrogiannopoulos +Date: Mon Mar 23 10:28:28 2015 +0100 + + tests: added check to verify the correctness of the record function return values + +Author: Nikos Mavrogiannopoulos +Date: Sat Mar 21 11:14:15 2015 +0100 + + tools: enable compilation with all options disabled + +Author: Nikos Mavrogiannopoulos +Date: Sat Mar 21 11:13:58 2015 +0100 + + enable compilation with several options disabled + +Author: Nikos Mavrogiannopoulos +Date: Sat Mar 21 10:38:28 2015 +0100 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Fri Mar 20 14:04:26 2015 +0100 + + doc: avoid mentioning pointers when not needed + +Author: Nikos Mavrogiannopoulos +Date: Fri Mar 20 13:46:24 2015 +0100 + + increase the maximum stack frame the compiler will warn for + +Author: Nikos Mavrogiannopoulos +Date: Fri Mar 20 13:22:43 2015 +0100 + + doc: avoid using structure for opaque types + +Author: Nikos Mavrogiannopoulos +Date: Fri Mar 20 09:42:28 2015 +0100 + + tests: include gnutls_ext_s/get_data into tests of mini-extension + +Author: Nikos Mavrogiannopoulos +Date: Fri Mar 20 09:41:59 2015 +0100 + + updated documentation on non-return value of gnutls_ext_set_data + +Author: Nikos Mavrogiannopoulos +Date: Fri Mar 20 09:35:51 2015 +0100 + + tests: fixed buffers in mini-dtls0-9 + +Author: Nikos Mavrogiannopoulos +Date: Fri Mar 20 09:32:19 2015 +0100 + + avoid overflow when receiving DTLS 0.9 CCS + +Author: Nikos Mavrogiannopoulos +Date: Fri Mar 20 08:35:48 2015 +0100 + + added gnutls_ext_set_data() and gnutls_ext_get_data() + + As a side effect the type which holds private data was reduced + from union to void * pointer. That simplifies the exported API + without reducing the options in the internal API. + +Author: Nikos Mavrogiannopoulos +Date: Thu Mar 19 22:04:48 2015 +0100 + + more files to ignore + +Author: Nikos Mavrogiannopoulos +Date: Thu Mar 19 22:03:22 2015 +0100 + + set GNUTLS_DTLS_VERSION_MIN to be DTLS0.9 + + That allows standard DTLS ciphersuites to be used with DTLS0.9 + +Author: Nikos Mavrogiannopoulos +Date: Thu Mar 19 21:59:06 2015 +0100 + + tests: added test for DTLS 0.9 + +Author: Nikos Mavrogiannopoulos +Date: Thu Mar 19 21:30:42 2015 +0100 + + tests: updated mini-extension + +Author: Nikos Mavrogiannopoulos +Date: Thu Mar 19 21:29:34 2015 +0100 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Thu Mar 19 21:27:35 2015 +0100 + + mention the new functionality briefly in documentation + +Author: Nikos Mavrogiannopoulos +Date: Thu Mar 19 21:23:29 2015 +0100 + + mention that the registration functions are not thread safe + +Author: Nikos Mavrogiannopoulos +Date: Thu Mar 19 21:22:29 2015 +0100 + + store a copy of the extensions name + +Author: Nikos Mavrogiannopoulos +Date: Thu Mar 19 21:21:00 2015 +0100 + + deinitialize supplemental data on deinit + +Author: Nikos Mavrogiannopoulos +Date: Thu Mar 19 21:15:24 2015 +0100 + + removed unused epoch change callback + +Author: Nikos Mavrogiannopoulos +Date: Thu Mar 19 21:12:27 2015 +0100 + + deinitialize supplemental data on deinit + +Author: Nikos Mavrogiannopoulos +Date: Thu Mar 19 21:06:14 2015 +0100 + + reduce warnings + +Author: Nikos Mavrogiannopoulos +Date: Thu Mar 19 21:00:26 2015 +0100 + + added documentation for the new functions + +Author: Nikos Mavrogiannopoulos +Date: Thu Mar 19 20:47:51 2015 +0100 + + tests: remove warnings in mini-supplementaldata.c + +Author: Nikos Mavrogiannopoulos +Date: Thu Mar 19 20:46:57 2015 +0100 + + updated types + +Author: Nikos Mavrogiannopoulos +Date: Thu Mar 19 20:41:03 2015 +0100 + + more files to ignore + +Author: Thierry Quemerais +Date: Thu Mar 19 20:40:25 2015 +0100 + + Added a way to add custom supplemental data from public API. + + Signed-off-by: Thierry Quemerais + +Author: Thierry Quemerais +Date: Thu Mar 19 16:24:15 2015 +0100 + + Fixed extension test. + + Signed-off-by: Thierry Quemerais + +Author: Nikos Mavrogiannopoulos +Date: Thu Mar 19 20:35:22 2015 +0100 + + renamed gnutls_buffer_st -> gnutls_buffer_t + +Author: Thierry Quemerais +Date: Thu Mar 19 20:15:11 2015 +0100 + + Added a way to add custom extensions from public API. + + Signed-off-by: Thierry Quemerais + +Author: Nikos Mavrogiannopoulos +Date: Thu Mar 19 20:11:18 2015 +0100 + + more files to ignore + +Author: Nikos Mavrogiannopoulos +Date: Thu Mar 19 11:43:52 2015 +0100 + + gnutls_x509_crt_import_pkcs11_url moved to pkcs11.h as it was always defined there + +Author: Nikos Mavrogiannopoulos +Date: Thu Mar 19 11:06:28 2015 +0100 + + inet_ntop replacement: include sys/socket.h + +Author: Nikos Mavrogiannopoulos +Date: Thu Mar 19 11:03:24 2015 +0100 + + inet_ntop replacement: do not depend on socklen_t + +Author: Nikos Mavrogiannopoulos +Date: Wed Mar 18 22:48:06 2015 +0100 + + tests: link cipher tests directly with nettle when needed + +Author: Nikos Mavrogiannopoulos +Date: Wed Mar 18 22:39:19 2015 +0100 + + tests: mini-dtls-record: increase timeouts to avoid failure of test due to slow system + +Author: Nikos Mavrogiannopoulos +Date: Wed Mar 18 19:46:00 2015 +0100 + + tests: mini-dtls-record: removed the need for 64-bit number + +Author: Nikos Mavrogiannopoulos +Date: Wed Mar 18 19:34:14 2015 +0100 + + tests: increase verbosity of mini-dtls-record + +Author: Nikos Mavrogiannopoulos +Date: Wed Mar 18 14:05:51 2015 +0100 + + document the cipher override API + +Author: Nikos Mavrogiannopoulos +Date: Wed Mar 18 13:47:03 2015 +0100 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Wed Mar 18 13:42:55 2015 +0100 + + added test suite for overriden digests and MACs + +Author: Nikos Mavrogiannopoulos +Date: Wed Mar 18 13:04:43 2015 +0100 + + Added API to register MAC and digest algorithms. + +Author: Nikos Mavrogiannopoulos +Date: Wed Mar 18 11:46:06 2015 +0100 + + added test suite for overriden ciphers + +Author: Nikos Mavrogiannopoulos +Date: Wed Mar 18 11:44:26 2015 +0100 + + Added API to register AEAD and legacy ciphers. + +Author: Nikos Mavrogiannopoulos +Date: Wed Mar 18 11:30:44 2015 +0100 + + cryptodev: provide the new AEAD API + +Author: Nikos Mavrogiannopoulos +Date: Wed Mar 18 10:34:47 2015 +0100 + + Added environment variable which can override automatic global initialization + +Author: Nikos Mavrogiannopoulos +Date: Wed Mar 18 10:09:34 2015 +0100 + + removed unused functions + +Author: Nikos Mavrogiannopoulos +Date: Wed Mar 18 10:07:09 2015 +0100 + + configure: fail compilation if the minimum required libtasn1 is not present + +Author: Nikos Mavrogiannopoulos +Date: Wed Mar 18 09:53:06 2015 +0100 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Mon Mar 16 13:52:05 2015 +0100 + + tests: long-session-id uses the test framework + +Author: Nikos Mavrogiannopoulos +Date: Tue Mar 17 09:29:52 2015 +0100 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Tue Mar 17 09:23:51 2015 +0100 + + depend on p11-kit 0.23.1 to conform to draft-pechanec-pkcs11uri-21 + +Author: Nikos Mavrogiannopoulos +Date: Mon Mar 16 13:23:20 2015 +0100 + + tests: fixed shadowed variable in mini-dtls-record + +Author: Nikos Mavrogiannopoulos +Date: Mon Mar 16 11:38:56 2015 +0100 + + tests: use nanosleep for sleeping + +Author: Nikos Mavrogiannopoulos +Date: Sat Mar 14 08:41:33 2015 +0100 + + README-alpha: move valgrind to testing tools + +Author: Nikos Mavrogiannopoulos +Date: Sat Mar 14 08:40:29 2015 +0100 + + updated README-alpha + +Author: Nikos Mavrogiannopoulos +Date: Fri Mar 13 16:30:55 2015 +0100 + + Fixed handling of supplemental data with types > 255. + + Patch by Thierry Quemerais. + +Author: Nikos Mavrogiannopoulos +Date: Fri Mar 13 16:20:54 2015 +0100 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Fri Mar 13 16:12:17 2015 +0100 + + gnutls_priority_init: document that priorities can be NULL + +Author: Nikos Mavrogiannopoulos +Date: Fri Mar 13 13:30:12 2015 +0100 + + testpkcs11: disallow softhsm 2.0.0b1 from being used to test PKCS #11 + +Author: Nikos Mavrogiannopoulos +Date: Fri Mar 13 13:24:18 2015 +0100 + + tests: mini-eagain2: call gnutls_handshake_set_timeout() at the proper time + +Author: Nikos Mavrogiannopoulos +Date: Fri Mar 13 10:10:23 2015 +0100 + + added libasan as dependency + +Author: Nikos Mavrogiannopoulos +Date: Fri Mar 13 09:52:15 2015 +0100 + + corrected self test for 3DES + +Author: Nikos Mavrogiannopoulos +Date: Thu Mar 12 06:58:02 2015 +0100 + + pkcs11: correctly set the size of type + +Author: Nikos Mavrogiannopoulos +Date: Wed Mar 11 22:51:25 2015 +0100 + + pkcs11: combined the fill for object attributes set + +Author: Nikos Mavrogiannopoulos +Date: Wed Mar 11 22:35:53 2015 +0100 + + pkcs11: only set ID and label when both size and data are set + +Author: Nikos Mavrogiannopoulos +Date: Wed Mar 11 16:14:32 2015 +0100 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Wed Mar 11 16:10:46 2015 +0100 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Wed Mar 11 16:10:36 2015 +0100 + + p11tool: exit with non-zero reason if no objects are found + +Author: Nikos Mavrogiannopoulos +Date: Wed Mar 11 16:02:44 2015 +0100 + + tests: added checks for p11tool --set-id and --set-label + +Author: Nikos Mavrogiannopoulos +Date: Wed Mar 11 16:02:21 2015 +0100 + + p11tool: added --set-id and --set-label options + +Author: Nikos Mavrogiannopoulos +Date: Wed Mar 11 14:49:04 2015 +0100 + + added gnutls_pkcs11_obj_set_info() + + This function allows setting information such as the CKA_ID + and the CKA_LABEL of an object. + + Resolves #1 + +Author: Nikos Mavrogiannopoulos +Date: Wed Mar 11 09:30:37 2015 +0100 + + Added check for GNUTLS-SA-2015-1 + +Author: Nikos Mavrogiannopoulos +Date: Mon Mar 9 22:31:38 2015 +0100 + + tests: removed test with invalid DER encoding in chainverify + + These certificates are now rejected earlier. + +Author: Nikos Mavrogiannopoulos +Date: Mon Mar 9 22:31:03 2015 +0100 + + tests: added a check for certificates with invalid DER encodings + +Author: Nikos Mavrogiannopoulos +Date: Mon Mar 9 22:19:33 2015 +0100 + + x509: use libtasn1's strict DER decoding rules in network obtained structures + +Author: Nikos Mavrogiannopoulos +Date: Mon Mar 9 21:57:25 2015 +0100 + + depend on libtasn1 4.3 + +Author: Nikos Mavrogiannopoulos +Date: Mon Mar 9 21:54:13 2015 +0100 + + minitasn1: updated to libtasn1 4.3 + +Author: Nikos Mavrogiannopoulos +Date: Mon Mar 9 19:09:34 2015 +0100 + + rearranged internal documentation + +Author: Nikos Mavrogiannopoulos +Date: Mon Mar 9 12:38:52 2015 +0100 + + tools: added ftp as a starttls protocol + +Author: Nikos Mavrogiannopoulos +Date: Mon Mar 9 12:38:01 2015 +0100 + + gnutls-cli: starttls and starttls-proto can't mix + +Author: Nikos Mavrogiannopoulos +Date: Sat Mar 7 19:58:00 2015 +0100 + + expand on SECURE256 being an alias to SECURE192 + +Author: Nikos Mavrogiannopoulos +Date: Sat Mar 7 13:10:53 2015 +0100 + + tests: do not run polarssl interop test on VIA + +Author: Nikos Mavrogiannopoulos +Date: Sat Mar 7 13:08:47 2015 +0100 + + use common license in all testcompat scripts + +Author: Nikos Mavrogiannopoulos +Date: Sat Mar 7 11:47:19 2015 +0100 + + removed unused function + +Author: Nikos Mavrogiannopoulos +Date: Sat Mar 7 09:56:10 2015 +0100 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Fri Mar 6 18:02:28 2015 +0100 + + README-alpha is README.md on repository + + It contains information for developers. + +Author: Nikos Mavrogiannopoulos +Date: Fri Mar 6 18:00:41 2015 +0100 + + Revert "auto-generate README from README.md" + + This reverts commit aff4b2151b42c6a59e490c3714d3e1e64d2921dd. + +Author: Nikos Mavrogiannopoulos +Date: Fri Mar 6 17:36:15 2015 +0100 + + cleaned up licensing + +Author: Nikos Mavrogiannopoulos +Date: Fri Mar 6 17:32:10 2015 +0100 + + auto-generate README from README.md + +Author: Nikos Mavrogiannopoulos +Date: Fri Mar 6 17:17:53 2015 +0100 + + Revert "added README.md as link to README" + + This reverts commit 041d4f947eb6937d4af62eb35055668825c36833. + +Author: Nikos Mavrogiannopoulos +Date: Fri Mar 6 17:17:26 2015 +0100 + + added README.md as link to README + +Author: Nikos Mavrogiannopoulos +Date: Fri Mar 6 17:15:41 2015 +0100 + + Revert "renamed README files" + + This reverts commit 05b4fa46667d3f5972f6de6ac61ff959382c67a5. + +Author: Nikos Mavrogiannopoulos +Date: Fri Mar 6 17:14:50 2015 +0100 + + renamed README files + +Author: Nikos Mavrogiannopoulos +Date: Fri Mar 6 17:12:09 2015 +0100 + + README: converted to mark-down + +Author: Nikos Mavrogiannopoulos +Date: Fri Mar 6 15:58:37 2015 +0100 + + gnutls-cli-debug: corrected check of certificate chain order + +Author: Nikos Mavrogiannopoulos +Date: Fri Mar 6 15:52:01 2015 +0100 + + tests: added small test to verify that GNUTLS_X509_CRT_LIST_FAIL_IF_UNSORTED succeeds with a single cert + +Author: Nikos Mavrogiannopoulos +Date: Fri Mar 6 15:42:40 2015 +0100 + + gnutls-cli-debug: disable unsupported TLS protocols as soon + +Author: Nikos Mavrogiannopoulos +Date: Fri Mar 6 15:30:42 2015 +0100 + + cli sockets: check for a digit prior using atoi + +Author: Nikos Mavrogiannopoulos +Date: Fri Mar 6 15:14:14 2015 +0100 + + gnutls-cli-debug: a cert list of size 1 is always sorted + +Author: Nikos Mavrogiannopoulos +Date: Fri Mar 6 15:11:35 2015 +0100 + + gnutls-cli-debug: do not warn multiple times about unknown protocols + +Author: Nikos Mavrogiannopoulos +Date: Fri Mar 6 10:52:32 2015 +0100 + + updated documentation on FIPS140-2 + +Author: Nikos Mavrogiannopoulos +Date: Thu Mar 5 22:30:31 2015 +0100 + + tests: speed up testcompat check by remove less important options + +Author: Nikos Mavrogiannopoulos +Date: Thu Mar 5 22:27:51 2015 +0100 + + tests: updated paths for softhsm detection + +Author: Nikos Mavrogiannopoulos +Date: Thu Mar 5 22:16:34 2015 +0100 + + README: mention nodejs + +Author: Nikos Mavrogiannopoulos +Date: Thu Mar 5 21:04:58 2015 +0100 + + configure: check for /usr/share/dns/root.key as well for dns root key + +Author: Nikos Mavrogiannopoulos +Date: Thu Mar 5 21:03:20 2015 +0100 + + README: mention dependency on dns-root-data + +Author: Nikos Mavrogiannopoulos +Date: Thu Mar 5 19:03:34 2015 +0100 + + tests: don't perform the overflow check in 32-bit systems + +Author: Nikos Mavrogiannopoulos +Date: Thu Mar 5 18:46:44 2015 +0100 + + tests: date parsing test was modified to work in 32-bit systems + +Author: Nikos Mavrogiannopoulos +Date: Thu Mar 5 18:59:25 2015 +0100 + + certtool: in 32-bit systems use PRIu64 to print 64-bit values + +Author: Nikos Mavrogiannopoulos +Date: Thu Mar 5 18:56:34 2015 +0100 + + certtool: exit when there is an overflow in parsing days + +Author: Nikos Mavrogiannopoulos +Date: Thu Mar 5 11:40:17 2015 +0100 + + README: mention that openssl and polarssl will be used for interop testing + +Author: Nikos Mavrogiannopoulos +Date: Thu Mar 5 10:40:20 2015 +0100 + + Revert "tests: increased the retries with datefudge cert generation" + + This reverts commit a381fd148d2e181e19aad9ab9a9c5993080ce869. + +Author: Nikos Mavrogiannopoulos +Date: Thu Mar 5 10:40:10 2015 +0100 + + Revert "tests: template-test: added a baseline check to detect slow systems" + + This reverts commit b7ef1265810ec55d0912db2e3fa4204d8c412377. + +Author: Nikos Mavrogiannopoulos +Date: Thu Mar 5 09:25:58 2015 +0100 + + tests: template-test: added a baseline check to detect slow systems + +Author: Nikos Mavrogiannopoulos +Date: Thu Mar 5 08:09:54 2015 +0100 + + tests: increased the retries with datefudge cert generation + + There are slow systems that are not always capable of generating the + certificate within a single second. + +Author: Nikos Mavrogiannopoulos +Date: Wed Mar 4 23:25:56 2015 +0100 + + add bison as a dependency + +Author: Nikos Mavrogiannopoulos +Date: Wed Mar 4 22:45:09 2015 +0100 + + build documentation last + + That allows the examples to depend on libgnu_gpl.la + +Author: Nikos Mavrogiannopoulos +Date: Wed Mar 4 20:50:37 2015 +0100 + + list unbound dependency for DANE + +Author: Nikos Mavrogiannopoulos +Date: Wed Mar 4 20:44:29 2015 +0100 + + tests: removed dane hosts which don't behave well + +Author: Nikos Mavrogiannopoulos +Date: Wed Mar 4 20:37:32 2015 +0100 + + updated instructions for installed packages + +Author: Nikos Mavrogiannopoulos +Date: Wed Mar 4 17:24:20 2015 +0100 + + latex doc: updated copyright dates + +Author: Nikos Mavrogiannopoulos +Date: Wed Mar 4 17:23:32 2015 +0100 + + updated copyright date + +Author: Nikos Mavrogiannopoulos +Date: Wed Mar 4 14:59:58 2015 +0100 + + use asn1_decode_simple_ber if available + +Author: Nikos Mavrogiannopoulos +Date: Wed Mar 4 11:25:30 2015 +0100 + + corrected typo + +Author: Nikos Mavrogiannopoulos +Date: Wed Mar 4 10:47:30 2015 +0100 + + mention libidn + +Author: Ilya V. Matveychikov +Date: Wed Mar 4 03:25:42 2015 +0300 + + asn1random.pl: generate simple tags only + + Do not emit tags with numbers greater than or equal 31 as they must be + encoded an octet sequence (ref X.690-0207 # 8.1.2.4) + + Signed-off-by: Ilya V. Matveychikov + +Author: Nikos Mavrogiannopoulos +Date: Wed Mar 4 10:07:01 2015 +0100 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Fri Feb 20 22:24:23 2015 +0100 + + tests: added checks for invalid X.509 certificate signatures + +Author: Nikos Mavrogiannopoulos +Date: Wed Mar 4 08:20:35 2015 +0100 + + added the change of priority string NORMAL in documentation + +Author: Nikos Mavrogiannopoulos +Date: Wed Mar 4 08:15:16 2015 +0100 + + document the usage of a PKCS #11 trust module for verification + +Author: Nikos Mavrogiannopoulos +Date: Tue Mar 3 19:44:38 2015 +0100 + + tests: updated the suite to account for the removal of DSA by default + +Author: Nikos Mavrogiannopoulos +Date: Tue Mar 3 18:52:22 2015 +0100 + + tests: updated the suite to account for the removal of DSA by default + +Author: Nikos Mavrogiannopoulos +Date: Tue Mar 3 18:51:22 2015 +0100 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Tue Mar 3 17:44:00 2015 +0100 + + cross-implementation test suite was relicensed to 3-clause BSD + + That way the suite can be used by projects with other licenses. + +Author: Nikos Mavrogiannopoulos +Date: Tue Mar 3 09:34:26 2015 +0100 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Tue Mar 3 09:31:16 2015 +0100 + + DSA signatures and DHE-DSS are disabled by default + + DSA was an algorithm that was never deployed on the Internet + and had, until very recently, several limitations such as + restriction of its keys to 1024 bits, SHA1-only etc. Given + that there are literally 0 internet (HTTPS) certificates using + DSA, there is no point to enable it by default and increase + our attack surface. + +Author: Nikos Mavrogiannopoulos +Date: Mon Mar 2 08:12:28 2015 +0100 + + gnutls-cli: include AES_128_CCM in benchmark-ciphers + +Author: Nikos Mavrogiannopoulos +Date: Sat Feb 28 12:55:09 2015 +0100 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Sat Feb 28 12:22:10 2015 +0100 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Sat Feb 28 09:43:16 2015 +0100 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Sat Feb 28 09:33:12 2015 +0100 + + bundle inet_ntop in systems that don't have it + +Author: Nikos Mavrogiannopoulos +Date: Fri Feb 27 16:31:50 2015 +0100 + + updated auto-generated files + +Author: Nikos Mavrogiannopoulos +Date: Fri Feb 27 16:26:34 2015 +0100 + + removed gnutls_pubkey_get_verify_algorithm from abstract.h + +Author: Nikos Mavrogiannopoulos +Date: Thu Feb 26 13:03:35 2015 +0100 + + corrected typo in gnutls_handshake(), spotted by Andris Mednis + +Author: Nikos Mavrogiannopoulos +Date: Tue Feb 24 10:28:26 2015 +0100 + + doc update: document that session_get_data() must be used in non-resumed sessions + +Author: Nikos Mavrogiannopoulos +Date: Mon Feb 23 13:50:00 2015 +0100 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Sun Feb 22 11:47:25 2015 +0100 + + added comments + +Author: Nikos Mavrogiannopoulos +Date: Sun Feb 22 11:39:49 2015 +0100 + + Use p11_kit_uri_get_pin_value() if available in p11-kit + +Author: Nikos Mavrogiannopoulos +Date: Sat Feb 21 12:00:13 2015 +0100 + + fixed handling of GNUTLS_E_INT_CHECK_AGAIN + +Author: Nikos Mavrogiannopoulos +Date: Sat Feb 21 11:50:40 2015 +0100 + + removed unnecessary check and optimized function + +Author: Nikos Mavrogiannopoulos +Date: Sat Feb 21 11:46:13 2015 +0100 + + corrected check which prevented client to sent an unacceptable for the version ciphersuite + +Author: Nikos Mavrogiannopoulos +Date: Sat Feb 21 11:40:50 2015 +0100 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Sat Feb 21 11:38:49 2015 +0100 + + tests: mini-key-material: avoid memory leak + +Author: Nikos Mavrogiannopoulos +Date: Sat Feb 21 11:35:04 2015 +0100 + + tests: require DTLS 1.2 when using GCM + +Author: Nikos Mavrogiannopoulos +Date: Sat Feb 21 11:32:36 2015 +0100 + + handle GNUTLS_E_INT_CHECK_AGAIN + +Author: Nikos Mavrogiannopoulos +Date: Sat Feb 21 11:28:57 2015 +0100 + + check the negotiated TLS/DTLS version prior to offering a ciphersuite a server + +Author: Nikos Mavrogiannopoulos +Date: Sat Feb 21 10:57:14 2015 +0100 + + remove unnecessary assert + +Author: Nikos Mavrogiannopoulos +Date: Sat Feb 21 10:53:25 2015 +0100 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Sat Feb 21 10:51:49 2015 +0100 + + tests: modified tests with obsolete APIs with their replacement API + +Author: Nikos Mavrogiannopoulos +Date: Sat Feb 21 07:35:21 2015 +0100 + + doc: added deprecated functions into upgrade plan + +Author: Nikos Mavrogiannopoulos +Date: Sat Feb 21 07:35:01 2015 +0100 + + tests: added checks for gnutls_x509_crt_get_signature_algorithm and gnutls_x509_crt_get_preferred_hash_algorithm + +Author: Nikos Mavrogiannopoulos +Date: Sat Feb 21 07:25:24 2015 +0100 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Sat Feb 21 07:24:13 2015 +0100 + + removed gnutls_pubkey_get_verify_algorithm() and unnecessary internal APIs + +Author: Nikos Mavrogiannopoulos +Date: Sat Feb 21 07:13:37 2015 +0100 + + removed gnutls_x509_crt_get_verify_algorithm() + +Author: Nikos Mavrogiannopoulos +Date: Sat Feb 21 07:07:54 2015 +0100 + + removed gnutls_pubkey_verify_hash() and gnutls_pubkey_verify_data() + +Author: Nikos Mavrogiannopoulos +Date: Fri Feb 20 23:47:25 2015 +0100 + + certtool: use unsigned for bits + +Author: Nikos Mavrogiannopoulos +Date: Fri Feb 20 23:46:35 2015 +0100 + + certtool/p11tool: avoid cast to function call + +Author: Nikos Mavrogiannopoulos +Date: Fri Feb 20 23:42:47 2015 +0100 + + certtool: allow specifying a purpose and a hostname for chain verification + +Author: Nikos Mavrogiannopoulos +Date: Fri Feb 20 22:17:15 2015 +0100 + + tests: added check for invalid X.509 certificate + +Author: Nikos Mavrogiannopoulos +Date: Fri Feb 20 17:09:57 2015 +0100 + + tests: added check for gnutls_record_get_state() + +Author: Nikos Mavrogiannopoulos +Date: Fri Feb 20 17:09:34 2015 +0100 + + removed unused constants + +Author: Nikos Mavrogiannopoulos +Date: Fri Feb 20 16:58:41 2015 +0100 + + memcpy fix in gnutls_record_get_state + +Author: Nikos Mavrogiannopoulos +Date: Fri Feb 20 16:23:33 2015 +0100 + + removed ltmain.sh from root + +Author: Nikos Mavrogiannopoulos +Date: Fri Feb 20 11:18:45 2015 +0100 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Fri Feb 20 11:16:44 2015 +0100 + + Added gnutls_record_get_state() and gnutls_record_set_state() + + These functions allow to export the key material and sequence numbers. + That allows offloading the sending and receiving of individual records. + +Author: Nikos Mavrogiannopoulos +Date: Fri Feb 20 11:13:55 2015 +0100 + + fixed sequence number copy + +Author: Nikos Mavrogiannopoulos +Date: Fri Feb 20 10:56:54 2015 +0100 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Fri Feb 20 10:56:35 2015 +0100 + + gnutls_handshake_set_hook_function: will provide the raw handshake data + +Author: Nikos Mavrogiannopoulos +Date: Wed Feb 18 23:04:24 2015 +0100 + + use explicit casts to unsigned int in the CURVE_TO_BITS et al + +Author: Nikos Mavrogiannopoulos +Date: Wed Feb 18 22:55:38 2015 +0100 + + use cast in _gnutls_hash_fast + +Author: Nikos Mavrogiannopoulos +Date: Tue Feb 17 14:20:10 2015 +0100 + + when importing a certificate ensure that the signature parameters match + +Author: Nikos Mavrogiannopoulos +Date: Sat Feb 14 18:02:01 2015 +0100 + + Allow AESNI GCM accelaration in x86 + +Author: Nikos Mavrogiannopoulos +Date: Fri Feb 6 20:22:42 2015 +0100 + + gnutls-cli: added --save-cert option + +Author: Nikos Mavrogiannopoulos +Date: Thu Feb 5 05:39:13 2015 +0100 + + added missing prototypes + +Author: Nikos Mavrogiannopoulos +Date: Wed Feb 4 10:14:55 2015 +0100 + + handle differently OCSP responses that are revoked and of unknown status + +Author: Nikos Mavrogiannopoulos +Date: Sun Feb 1 13:35:40 2015 +0100 + + compilation fix with return on void function; reported by David Marx + +Author: Nikos Mavrogiannopoulos +Date: Thu Jan 29 14:31:08 2015 +0100 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Thu Jan 29 14:21:18 2015 +0100 + + set the appropriate direction when _gnutls_io_write_flush() is called + +Author: Nikos Mavrogiannopoulos +Date: Wed Jan 28 10:32:16 2015 +0100 + + tests: added check for operation under different threads and DTLS + +Author: Nikos Mavrogiannopoulos +Date: Wed Jan 28 10:22:37 2015 +0100 + + tests: added check for operation under different processes and DTLS + +Author: Nikos Mavrogiannopoulos +Date: Wed Jan 28 09:57:13 2015 +0100 + + Revert "doc update" + + This reverts commit eabf1f27d255577bad60d302abf46a969848fcd7. + +Author: Nikos Mavrogiannopoulos +Date: Wed Jan 28 09:56:56 2015 +0100 + + Revert "Added gnutls_record_is_async()" + + This reverts commit 2232822aabe473d124f924d64ff52981d685fd41. + +Author: Nikos Mavrogiannopoulos +Date: Wed Jan 28 09:56:21 2015 +0100 + + documented using a session with fork or multiple threads + +Author: Nikos Mavrogiannopoulos +Date: Tue Jan 27 13:07:19 2015 +0100 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Tue Jan 27 13:06:10 2015 +0100 + + Added gnutls_record_is_async() + + That function indicates whether gnutls_record_recv() and + gnutls_record_send() can be used independently and in + parallel. + +Author: Nikos Mavrogiannopoulos +Date: Sun Jan 25 10:17:06 2015 +0100 + + print errno in a more uniform way + +Author: Nikos Mavrogiannopoulos +Date: Sun Jan 25 08:28:13 2015 +0100 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Sun Jan 25 08:27:08 2015 +0100 + + exported gnutls_system_recv_timeout() + +Author: Nikos Mavrogiannopoulos +Date: Sun Jan 25 08:15:01 2015 +0100 + + simplified _gnutls_writev() by requiring the total length + +Author: Nikos Mavrogiannopoulos +Date: Tue Jan 20 09:39:44 2015 +0100 + + opencdk: small fixed to reduce warnings + +Author: Nikos Mavrogiannopoulos +Date: Mon Jan 19 15:36:22 2015 +0100 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Mon Jan 19 15:32:09 2015 +0100 + + don't be so verbose about the OCSP nonce; it is universally unsupported + +Author: Tim Ruehsen +Date: Sat Jan 17 14:32:35 2015 +0100 + + OCSP check the whole cert chain + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Mon Jan 19 09:29:31 2015 +0100 + + on certificate import check whether the two signature algorithms match + +Author: Nikos Mavrogiannopoulos +Date: Sat Jan 17 09:49:17 2015 +0100 + + cross.mk: use 3.3.12 + +Author: Nikos Mavrogiannopoulos +Date: Sat Jan 17 09:01:37 2015 +0100 + + doc update + +Author: Luke Dashjr +Date: Mon Jan 12 19:32:38 2015 +0000 + + Added configure option --disable-tools + +Author: Nikos Mavrogiannopoulos +Date: Fri Jan 16 15:54:53 2015 +0100 + + corrected typos + + Reported by Guido Kroon. + +Author: Nikos Mavrogiannopoulos +Date: Fri Jan 16 14:16:58 2015 +0100 + + Added the notion of obsolete versions + + That prevents using these versions as record version numbers, unless + they are the only protocol supported. This avoids the issues with + servers that have banned SSL 3.0 record versions. + +Author: Nikos Mavrogiannopoulos +Date: Fri Jan 16 10:16:47 2015 +0100 + + ocsptool: follow the documented process for gnutls_x509_crt_get_authority_info_access + +Author: Nikos Mavrogiannopoulos +Date: Fri Jan 16 10:15:08 2015 +0100 + + gnutls_x509_crt_get_authority_info_access: doc update + +Author: Nikos Mavrogiannopoulos +Date: Thu Jan 15 15:49:53 2015 +0100 + + ocsptool-common: iterate through all AIA items prior to decidig the OCSP server + +Author: Nikos Mavrogiannopoulos +Date: Wed Jan 14 08:11:17 2015 +0100 + + use a FIPS key that agree's with fedora's fipshmac + +Author: Nikos Mavrogiannopoulos +Date: Wed Jan 14 22:51:55 2015 +0100 + + DCO: Added Luke Dashjr + +Author: Nikos Mavrogiannopoulos +Date: Tue Jan 13 22:47:59 2015 +0100 + + simplified text for inline-commands-prefix + +Author: Nikos Mavrogiannopoulos +Date: Mon Jan 12 23:14:35 2015 +0100 + + gnutls-cli: added --starttls-proto option + +Author: Nikos Mavrogiannopoulos +Date: Mon Jan 12 17:28:50 2015 +0100 + + pkcs11: cleanup the name of types + +Author: Nikos Mavrogiannopoulos +Date: Mon Jan 12 17:19:48 2015 +0100 + + tests: updates in softhsm detection + +Author: Nikos Mavrogiannopoulos +Date: Mon Jan 12 17:12:56 2015 +0100 + + pkcs11: when importing a public key, import it's data as well (version 2 fix) + +Author: Nikos Mavrogiannopoulos +Date: Mon Jan 12 17:02:03 2015 +0100 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Mon Jan 12 11:50:53 2015 +0100 + + testpkcs11: do not ignore the failure to write a trusted CA + +Author: Nikos Mavrogiannopoulos +Date: Mon Jan 12 11:17:24 2015 +0100 + + removed gnutls_pubkey_get_pk_* from the exported function list + +Author: Nikos Mavrogiannopoulos +Date: Mon Jan 12 10:33:21 2015 +0100 + + tests: key-import-export: enhanced to test gnutls_pubkey_*_ecc_x962 + +Author: Nikos Mavrogiannopoulos +Date: Mon Jan 12 10:32:13 2015 +0100 + + gnutls_pubkey_t: allow the import of another parameter set without a leak + +Author: Nikos Mavrogiannopoulos +Date: Mon Jan 12 10:19:47 2015 +0100 + + removed ABI-compatibility functions + +Author: Nikos Mavrogiannopoulos +Date: Fri Jan 9 13:59:34 2015 +0100 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Sun Jan 11 22:41:01 2015 +0100 + + testpkcs11: modified to support both softhsmv1 and v2 + +Author: Nikos Mavrogiannopoulos +Date: Sun Jan 11 22:15:10 2015 +0100 + + pkcs11: when importing a public key, import it's data as well + +Author: Nikos Mavrogiannopoulos +Date: Sun Jan 11 18:00:38 2015 +0100 + + tests: enhanced key-import-export to check output of pubkeys + +Author: Nikos Mavrogiannopoulos +Date: Sun Jan 11 16:25:01 2015 +0100 + + tests: eliminated leaks + +Author: Nikos Mavrogiannopoulos +Date: Sun Jan 11 16:16:49 2015 +0100 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Sun Jan 11 16:06:26 2015 +0100 + + tests: added checks for private key import/export functions + +Author: Nikos Mavrogiannopoulos +Date: Sat Jan 10 21:56:21 2015 +0100 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Sat Jan 10 12:13:29 2015 +0100 + + tests: Added test case for openpgp keys loaded by callback + +Author: Nikos Mavrogiannopoulos +Date: Sat Jan 10 12:12:25 2015 +0100 + + When setting up TLS with cert-type OpenPGP from a client, + the server verifies if it supports the extension’s contents + in _gnutls_session_cert_type_supported(). This function + checks for cred->get_cert_callback but not cred->get_cert_callback2. + As a result, servers setup for OpenPGP certificate credential + callback with gnutls_certificate_set_retrieve_function2() are + unable to use the OpenPGP certificate type. + + The solution is to consider cred->get_cert_callback2 alongside + cred->get_cert_callback in _gnutls_session_cert_type_supported(). + + Patch by Rick van Rein. + +Author: Nikos Mavrogiannopoulos +Date: Sat Jan 10 11:56:48 2015 +0100 + + gnutls_privkey_import_openpgp_raw: do not release the cached value + +Author: Ludovic Courtès +Date: Thu Jan 8 10:18:07 2015 +0100 + + guile: Call 'load-extension' both during expansion and at run time. + + Fixes . + + * guile/modules/gnutls.in: Wrap '%libdir' definition and + 'load-extension' call in 'eval-when'. + +Author: Nikos Mavrogiannopoulos +Date: Thu Jan 8 09:35:59 2015 +0100 + + When receiving a TLS record with multiple handshake packets, parse them in one go + + That resolves: + https://savannah.gnu.org/support/?108712 + +Author: Nikos Mavrogiannopoulos +Date: Thu Jan 8 09:25:15 2015 +0100 + + tests: updated mini-dtls-record-asym + +Author: Nikos Mavrogiannopoulos +Date: Tue Jan 6 21:36:33 2015 +0100 + + tests: better documentation of mini-dtls-record-asym purpose + +Author: Nikos Mavrogiannopoulos +Date: Tue Jan 6 21:27:14 2015 +0100 + + tests: moved udp_socketpair to utils + +Author: Nikos Mavrogiannopoulos +Date: Tue Jan 6 21:22:02 2015 +0100 + + tests: corrected asymmetric MTU test for DTLS and added caching + +Author: Nikos Mavrogiannopoulos +Date: Tue Jan 6 17:32:44 2015 +0100 + + Added test case for DTLS handshake packet reconstruction when it exceeds MTU + + https://savannah.gnu.org/support/?108712 + +Author: Nikos Mavrogiannopoulos +Date: Tue Jan 6 17:18:57 2015 +0100 + + simplified _gnutls_dgram_read() + +Author: Nikos Mavrogiannopoulos +Date: Tue Jan 6 13:39:19 2015 +0100 + + danetool: only compile when dane is enabled + +Author: Nikos Mavrogiannopoulos +Date: Tue Jan 6 10:17:14 2015 +0100 + + in DTLS don't combine multiple packets which exceed MTU + + Resolves: https://savannah.gnu.org/support/?108715 + +Author: Nikos Mavrogiannopoulos +Date: Tue Jan 6 10:01:47 2015 +0100 + + Added more precise check of push functions availability + +Author: Nikos Mavrogiannopoulos +Date: Tue Jan 6 09:59:33 2015 +0100 + + Revert "in DTLS don't use writev() when multiple packets which exceed MTU are queued" + + This reverts commit 43082a67c7514d65301d157fb567a133138a85ab. + +Author: Nikos Mavrogiannopoulos +Date: Tue Jan 6 09:59:25 2015 +0100 + + Revert "Give precedence to vector push function" + + This reverts commit cb4ea413569803cbbf291abb27d30d14bfa971c5. + +Author: Nikos Mavrogiannopoulos +Date: Mon Jan 5 15:08:28 2015 +0100 + + Give precedence to vector push function + +Author: Nikos Mavrogiannopoulos +Date: Mon Jan 5 15:08:28 2015 +0100 + + in DTLS don't use writev() when multiple packets which exceed MTU are queued + + That change requires the system_write() to be registered unconditionally, + even when writev() is available. + Resolves: https://savannah.gnu.org/support/?108715 + +Author: Nikos Mavrogiannopoulos +Date: Mon Jan 5 16:28:58 2015 +0100 + + tests: added check to ensure that DTLS handshake packets will not exceed MTU + +Author: Nikos Mavrogiannopoulos +Date: Mon Jan 5 16:21:57 2015 +0100 + + certtool: warn when setting a certificate's expiration longer than the CA's expiration + +Author: Nikos Mavrogiannopoulos +Date: Mon Jan 5 15:01:22 2015 +0100 + + testpkcs11: detect softhsm2 + +Author: Nikos Mavrogiannopoulos +Date: Mon Jan 5 14:40:51 2015 +0100 + + tests: account for disabling of ARCFOUR where needed + +Author: Nikos Mavrogiannopoulos +Date: Sun Jan 4 23:19:33 2015 +0100 + + certtool: modified check for READ_NUMERIC + +Author: Nikos Mavrogiannopoulos +Date: Sun Jan 4 22:46:16 2015 +0100 + + certtool: use 64-bit type for CRL serial number + +Author: Nikos Mavrogiannopoulos +Date: Sun Jan 4 22:43:00 2015 +0100 + + certtool: check for overflows when reading serial numbers + +Author: Nikos Mavrogiannopoulos +Date: Sun Jan 4 20:44:21 2015 +0100 + + certtool: use int64_t as type for integers read + +Author: Nikos Mavrogiannopoulos +Date: Sun Jan 4 20:30:39 2015 +0100 + + gnutls-cli-debug: more precise handling of SMTP protocol + + Patch by Andreas Metzler. + +Author: Nikos Mavrogiannopoulos +Date: Sun Jan 4 11:11:51 2015 +0100 + + updated gnulib + +Author: Nikos Mavrogiannopoulos +Date: Fri Jan 2 12:49:55 2015 +0200 + + gnutls-cli-debug: corrected the skip of ignored checks + +Author: Nikos Mavrogiannopoulos +Date: Wed Dec 31 22:50:17 2014 +0200 + + use explicit casts in the dummy ip conversion functions + +Author: Nikos Mavrogiannopoulos +Date: Wed Dec 31 22:41:24 2014 +0200 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Wed Dec 31 22:40:55 2014 +0200 + + ARCFOUR-128 is disabled by default + +Author: Nikos Mavrogiannopoulos +Date: Wed Dec 31 22:38:51 2014 +0200 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Wed Dec 31 16:53:57 2014 +0200 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Wed Dec 31 12:48:06 2014 +0200 + + system-keys-win: use LoadLibraryA to load ncrypt.dll + +Author: Nikos Mavrogiannopoulos +Date: Wed Dec 31 12:23:04 2014 +0200 + + Updated abi-compliance-checker for 3.4 API + +Author: Nikos Mavrogiannopoulos +Date: Wed Dec 31 12:17:51 2014 +0200 + + updated export symbols list (due to ABI breakage) + +Author: Nikos Mavrogiannopoulos +Date: Wed Dec 31 12:15:16 2014 +0200 + + doc: updated auto-generated files + +Author: Nikos Mavrogiannopoulos +Date: Wed Dec 31 12:09:41 2014 +0200 + + generate manpages for urls.h and system-keys.h + +Author: Nikos Mavrogiannopoulos +Date: Wed Dec 31 12:07:37 2014 +0200 + + tests: added check for gnutls_x509_trust_list_get_issuer_by_dn() + +Author: Nikos Mavrogiannopoulos +Date: Wed Dec 31 12:00:11 2014 +0200 + + updated libgnutls.map for new functions + +Author: Nikos Mavrogiannopoulos +Date: Wed Dec 31 11:49:40 2014 +0200 + + doc: updated auto-generated files and added urls.h + +Author: Nikos Mavrogiannopoulos +Date: Wed Dec 31 11:17:55 2014 +0200 + + tests: added checks for the new --key-id and --fingerprint certtool options + +Author: Nikos Mavrogiannopoulos +Date: Wed Dec 31 11:11:40 2014 +0200 + + certtool: Added --fingerprint and --key-id options + +Author: Nikos Mavrogiannopoulos +Date: Wed Dec 31 10:00:11 2014 +0200 + + certtool: --pubkey-info will load a public key from stdin + +Author: Nikos Mavrogiannopoulos +Date: Wed Dec 31 09:40:03 2014 +0200 + + include netinet/in.h if present to access ipv6 related structures + + Based on patch by Rumko. + https://savannah.gnu.org/support/?108713 + +Author: Nikos Mavrogiannopoulos +Date: Wed Dec 31 09:34:24 2014 +0200 + + VERS-ALL adds all protocols if used with '+' + +Author: Nikos Mavrogiannopoulos +Date: Wed Dec 31 09:14:15 2014 +0200 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Wed Dec 31 09:04:27 2014 +0200 + + priority strings VERS-TLS-ALL and VERS-DTLS-ALL are restricted to the corresponding protocols + + That introduces VERS-ALL which behaves as VERS-TLS-ALL previously. + +Author: Nikos Mavrogiannopoulos +Date: Wed Dec 31 08:49:13 2014 +0200 + + gnutls.h: made DTLS protocol version numbering distinct + +Author: Matthias-Christian Ott +Date: Tue Dec 30 11:58:43 2014 +0200 + + Don't call _gnutls_cipher_encrypt2 with textlen = 0 in _gnutls_auth_cipher_encrypt2_tag + + If the plaintext is shorter than the block size of the used cipher, + _gnutls_auth_cipher_encrypt2_tag calls _gnutls_cipher_encrypt2 with + textlen = 0. By definition _gnutls_cipher_encrypt2 does nothing in this + case and thus does not need to be called. + +Author: Matthias-Christian Ott +Date: Tue Dec 30 11:57:36 2014 +0200 + + Handle zero length plaintext for VIA PadLock functions + + If the plaintext is shorter than the block size of the used cipher, + _gnutls_auth_cipher_encrypt2_tag calls _gnutls_cipher_encrypt2 with + textlen = 0. padlock_ecb_encrypt and padlock_cbc_encrypt assume that the + plaintext length (last parameter) is greater than zero and segfault + otherwise. The assembler code for both functions is automatically + generated and imported from OpenSSL, so to ease maintenance the length + should be validated in the functions that call padlock_ecb_encrypt or + padlock_cbc_encrypt. + +Author: Nikos Mavrogiannopoulos +Date: Sun Dec 28 13:29:57 2014 +0200 + + use backslashes in windows path + +Author: Nikos Mavrogiannopoulos +Date: Sun Dec 28 11:14:47 2014 +0200 + + tests: enhanced openpgp-keyring test + +Author: Nikos Mavrogiannopoulos +Date: Sun Dec 28 11:13:10 2014 +0200 + + openpgp: properly print names in oneline output as well + +Author: Nikos Mavrogiannopoulos +Date: Sun Dec 28 11:11:18 2014 +0200 + + updates in openpgp DSA key printing + +Author: Nikos Mavrogiannopoulos +Date: Sun Dec 28 10:59:23 2014 +0200 + + properly print openpgp names + +Author: Nikos Mavrogiannopoulos +Date: Sun Dec 28 10:47:37 2014 +0200 + + opencdk: print all warnings on compilation + +Author: Nikos Mavrogiannopoulos +Date: Sun Dec 28 10:47:20 2014 +0200 + + opencdk: eliminated warning from armor.c + +Author: Nikos Mavrogiannopoulos +Date: Sun Dec 28 10:45:30 2014 +0200 + + removed cache support for opencdk's keydb + + It's implementation looked buggy. + +Author: Nikos Mavrogiannopoulos +Date: Sat Dec 27 22:41:53 2014 +0200 + + updated guile comments + +Author: Nikos Mavrogiannopoulos +Date: Thu Dec 25 00:16:17 2014 +0200 + + tools: use OCSP functions only when OCSP is enabled + +Author: Nikos Mavrogiannopoulos +Date: Wed Dec 24 19:08:54 2014 +0200 + + Corrected encoding and decoding of ANSI X9.62 + + That affects gnutls_pubkey_export_ecc_x962() and + gnutls_pubkey_import_ecc_x962(). + +Author: Nikos Mavrogiannopoulos +Date: Wed Dec 24 18:34:04 2014 +0200 + + tools: document the available curves + +Author: Nikos Mavrogiannopoulos +Date: Wed Dec 24 08:54:19 2014 +0200 + + PKCS #11 tests: ported to softhsmv2 + + The C programs still rely on softhsmv1 since there + are issues with softhsmv2 and CKA_TRUSTED. + https://bugzilla.redhat.com/show_bug.cgi?id=1177086 + +Author: Nikos Mavrogiannopoulos +Date: Tue Dec 23 18:33:22 2014 +0200 + + updated documentation of gnutls_memcmp() + +Author: Nikos Mavrogiannopoulos +Date: Tue Dec 23 13:41:35 2014 +0200 + + use everywhere the new name of gnutls_x509_crt_import_pkcs11_url + +Author: Nikos Mavrogiannopoulos +Date: Tue Dec 23 13:29:13 2014 +0200 + + better cleanup in gnutls_pkcs11_privkey_import_url and allow reuse + +Author: Nikos Mavrogiannopoulos +Date: Tue Dec 23 12:54:23 2014 +0200 + + completely separated the two gnulibs to avoid conflicts + +Author: Nikos Mavrogiannopoulos +Date: Tue Dec 23 12:40:17 2014 +0200 + + updated gnulib + +Author: Nikos Mavrogiannopoulos +Date: Tue Dec 23 12:28:03 2014 +0200 + + dropped the sanitize URL approach + +Author: Nikos Mavrogiannopoulos +Date: Tue Dec 23 12:24:35 2014 +0200 + + Instead of sanitizing URLs, use hints to support incomplete PKCS#11 URIs + +Author: Nikos Mavrogiannopoulos +Date: Tue Dec 23 12:04:45 2014 +0200 + + gnutls_x509_crt_import_url replaces gnutls_x509_crt_import_pkcs11_url + +Author: Nikos Mavrogiannopoulos +Date: Tue Dec 23 08:52:24 2014 +0200 + + use p11_kit_uri_get_pin_source instead of p11_kit_uri_get_pinfile + +Author: Nikos Mavrogiannopoulos +Date: Mon Dec 22 12:16:05 2014 +0200 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Mon Dec 22 11:59:41 2014 +0200 + + ex-pkcs11-list.c: updated for new API + +Author: Nikos Mavrogiannopoulos +Date: Mon Dec 22 11:43:49 2014 +0200 + + combined gnutls_pkcs11_obj_attr_t with gnutls_pkcs11_obj_flags + + That was done in an API-backwards compatible way. That + introduces gnutls_pkcs11_obj_list_import_url3() and + gnutls_pkcs11_obj_list_import_url4(). + +Author: Nikos Mavrogiannopoulos +Date: Sun Dec 21 20:33:22 2014 +0200 + + first attempt to unify obj_attrs with obj_flags + +Author: Nikos Mavrogiannopoulos +Date: Sun Dec 21 19:33:53 2014 +0200 + + tests: pkcs11-is-known checks whether the import of PKCS #11 objects as trusted certs works + +Author: Nikos Mavrogiannopoulos +Date: Sun Dec 21 13:16:17 2014 +0200 + + Added softhsm.h to share code in softhsm detection + +Author: Nikos Mavrogiannopoulos +Date: Sun Dec 21 13:00:53 2014 +0200 + + Directly import PKCS #11 object URLs as trusted certificates + + That is, don't treat them as trusted modules, because they aren't + a token URL, but rather a direct reference to specific objects. + +Author: Nikos Mavrogiannopoulos +Date: Sat Dec 20 20:37:35 2014 +0200 + + PSK: added sanity check on PSK key size set + +Author: Nikos Mavrogiannopoulos +Date: Fri Dec 19 12:56:11 2014 +0200 + + gnutls-cli-debug: removed ARCFOUR-40 from the ciphers to use + + It is no longer supported. + +Author: Nikos Mavrogiannopoulos +Date: Fri Dec 19 12:07:17 2014 +0200 + + _gnutls_buffer_append_data returns zero on success + +Author: Nikos Mavrogiannopoulos +Date: Fri Dec 19 10:40:58 2014 +0200 + + corrected documentation for the cork/uncork functions + + Reported by Jaak Ristioja. + +Author: Nikos Mavrogiannopoulos +Date: Fri Dec 19 10:35:10 2014 +0200 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Fri Dec 19 10:25:40 2014 +0200 + + Added more precise version check in _gnutls_version_lowest + +Author: Nikos Mavrogiannopoulos +Date: Fri Dec 19 08:56:44 2014 +0200 + + corrected documentation of gnutls_cork() + +Author: Nikos Mavrogiannopoulos +Date: Wed Dec 17 14:50:52 2014 +0200 + + Added 32-bit overflow protection in _gnutls_buffer_append_data() + +Author: Jaak Ristioja +Date: Wed Dec 17 13:55:10 2014 +0200 + + Remove redundant condition in align_allocd_with_data(). + + At all call-sites of align_allocd_with_data() dest->data is non-NULL. + + Signed-off-by: Jaak Ristioja + +Author: Jaak Ristioja +Date: Wed Dec 17 13:55:09 2014 +0200 + + Deduplicated some code in _gnutls_buffer_append_data(). + + Signed-off-by: Jaak Ristioja + +Author: Jaak Ristioja +Date: Wed Dec 17 13:55:07 2014 +0200 + + Explicitly marked some variables const in _gnutls_buffer_append_data(). + + Signed-off-by: Jaak Ristioja + +Author: Nikos Mavrogiannopoulos +Date: Wed Dec 17 14:37:31 2014 +0200 + + DCO: added Jaak Ristioja + +Author: Nikos Mavrogiannopoulos +Date: Tue Dec 16 22:36:17 2014 +0200 + + test-ciphers: do not fail on processor which don't have the AES-NI instructions + +Author: Nikos Mavrogiannopoulos +Date: Tue Dec 16 15:39:24 2014 +0100 + + _gnutls_buffer_*: moved common operations to function + +Author: Nikos Mavrogiannopoulos +Date: Tue Dec 16 15:35:10 2014 +0100 + + _gnutls_buffer_append_data: moved common code outside the if-clause + +Author: Nikos Mavrogiannopoulos +Date: Fri Dec 12 18:42:04 2014 +0100 + + tests: disable SSL 3.0 checks with polarssl + + It seems that SSL 3.0 is disabled in Debian's polarssl. + +Author: Nikos Mavrogiannopoulos +Date: Fri Dec 12 18:41:50 2014 +0100 + + testdane: removed www.vulcano.cl from good hosts + +Author: Nikos Mavrogiannopoulos +Date: Thu Dec 4 14:26:05 2014 +0100 + + tests: enhanced x509cert-tl + + Verify gnutls_x509_trust_list_verify_crt2() in combination with + gnutls_x509_trust_list_add_named_crt(). + +Author: Nikos Mavrogiannopoulos +Date: Thu Dec 4 14:21:46 2014 +0100 + + use gnutls_x509_trust_list_verify_named_crt in gnutls_x509_trust_list_verify_crt2 + +Author: Ludovic Courtès +Date: Fri Dec 12 14:24:14 2014 +0100 + + Update 'NEWS'. + +Author: Nikos Mavrogiannopoulos +Date: Fri Dec 12 09:35:29 2014 +0100 + + gnutls_rnd: doc update + +Author: Nikos Mavrogiannopoulos +Date: Fri Dec 12 08:48:24 2014 +0100 + + gnutls_pkcs12_simple_parse: doc update + +Author: Nikos Mavrogiannopoulos +Date: Fri Dec 12 08:26:53 2014 +0100 + + improved documentation on dane + +Author: Ludovic Courtès +Date: Thu Dec 11 19:06:18 2014 +0100 + + guile: Open binary file in binary mode, for the sake of MinGW. + + Reported by Eli Zaretskii . + + * guile/tests/openpgp-keyring.scm: Use 'open-file' with "rb" instead of + 'open-input-file'. + +Author: Ludovic Courtès +Date: Thu Dec 11 19:04:17 2014 +0100 + + guile: Link with '-no-undefined'. + + Fixes builds on MinGW. + Reported by Eli Zaretskii . + + * guile/src/Makefile.am (guile_gnutls_v_2_la_LDFLAGS): Add + -no-undefined. + +Author: Nikos Mavrogiannopoulos +Date: Thu Dec 11 19:03:28 2014 +0100 + + p11tool: use Sleep() in windows + +Author: Nikos Mavrogiannopoulos +Date: Thu Dec 11 19:01:16 2014 +0100 + + certtool: ensure that default_serial_int is 64-bits or more + +Author: Nikos Mavrogiannopoulos +Date: Thu Dec 11 18:59:27 2014 +0100 + + use select() instead of alarm for better portability + + Based on patch by Eli Zaretskii. + +Author: Nikos Mavrogiannopoulos +Date: Thu Dec 11 18:53:21 2014 +0100 + + cross.mk: updated for 3.3.11 + +Author: Nikos Mavrogiannopoulos +Date: Thu Dec 11 10:15:54 2014 +0100 + + Allow a random generator with the same priority to re-register + + That corrects an issue where the library is deinitialized, and + reinitialization wouldn't register the same rnd module. + Reported by Stanislav Zidek. + +Author: Nikos Mavrogiannopoulos +Date: Thu Dec 11 09:27:58 2014 +0100 + + tests: x509cert: verify that length returned from gnutls_x509_crt_get_dn matches strlen + +Author: Nikos Mavrogiannopoulos +Date: Thu Dec 11 06:08:33 2014 +0100 + + testcompat: corrected usage of null cipher + +Author: Nikos Mavrogiannopoulos +Date: Wed Dec 10 15:40:49 2014 +0100 + + added the .check function in FIPS140-2 code + +Author: Nikos Mavrogiannopoulos +Date: Mon Dec 8 23:30:07 2014 +0100 + + corrected typo + +Author: Nikos Mavrogiannopoulos +Date: Sat Dec 6 10:48:52 2014 +0100 + + configure: added option --without-idn + +Author: Nikos Mavrogiannopoulos +Date: Sat Dec 6 10:46:24 2014 +0100 + + accelerated: added required casts + +Author: Nikos Mavrogiannopoulos +Date: Sat Dec 6 10:40:48 2014 +0100 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Sat Dec 6 10:40:09 2014 +0100 + + the priority string EXPORT is no more + +Author: Nikos Mavrogiannopoulos +Date: Sat Dec 6 10:27:00 2014 +0100 + + aesni-ccm: removed unused struct entries + +Author: Nikos Mavrogiannopoulos +Date: Sat Dec 6 09:41:08 2014 +0100 + + added AESNI accelerated CCM + +Author: Nikos Mavrogiannopoulos +Date: Sat Dec 6 09:33:20 2014 +0100 + + more nettle3 related changes + +Author: Nikos Mavrogiannopoulos +Date: Fri Dec 5 19:58:42 2014 +0100 + + dane: use the new _gnutls_buffer_to_datum + +Author: Nikos Mavrogiannopoulos +Date: Fri Dec 5 10:36:34 2014 +0100 + + tests: corrected the expected lengths in ocsp + +Author: Nikos Mavrogiannopoulos +Date: Fri Dec 5 10:31:41 2014 +0100 + + _gnutls_buffer_to_datum: includes code for exporting strings + +Author: Nikos Mavrogiannopoulos +Date: Fri Dec 5 10:04:50 2014 +0100 + + when the trusted list contains a non-CA certificate warn via the audit log + +Author: Nikos Mavrogiannopoulos +Date: Fri Dec 5 09:52:40 2014 +0100 + + modified the CCM ciphersuite's name to match the one in the IANA registry + +Author: Nikos Mavrogiannopoulos +Date: Fri Dec 5 09:52:14 2014 +0100 + + ciphersuite test: enhanced check for correct ciphersuites + +Author: Nikos Mavrogiannopoulos +Date: Fri Dec 5 09:35:46 2014 +0100 + + ciphersuites tests: add missing includes + +Author: Nikos Mavrogiannopoulos +Date: Fri Dec 5 09:00:04 2014 +0100 + + ciphersuite tests: define HAVE_CONFIG_H + +Author: Ludovic Courtès +Date: Thu Dec 4 22:15:57 2014 +0100 + + guile: Build with warnings. + + * guile/src/Makefile.am (AM_CFLAGS) [HAVE_GCC]: Add -Wall -Wextra + -Wno-unused-parameter. + +Author: Ludovic Courtès +Date: Thu Dec 4 22:14:57 2014 +0100 + + guile: Remove the deprecated priority API. + + * guile/modules/gnutls/build/priorities.scm: Remove. + * guile/src/make-session-priorities.scm: Remove. + * guile/modules/Makefile.am (EXTRA_DIST): Adjust accordingly. + * guile/src/Makefile.am (EXTRA_DIST): Likewise. + (GENERATED_BINDINGS): Remove 'priorities.i.c'. + (priorities.i.c): Remove target. + * guile/src/core.c: Don't include it. + (scm_gnutls_set_default_priority_x): Remove. + * guile/modules/gnutls.in (gnutls): Adjust export list. + * guile/tests/session-record-port.scm: Use 'set-session-priorities!'. + * guile/tests/x509-auth.scm: Likewise. + +Author: Ludovic Courtès +Date: Thu Dec 4 22:15:16 2014 +0100 + + guile: Remove RSA parameters and related procedures. + + * guile/modules/gnutls/build/smobs.scm (%rsa-parameters-smob): Remove. + (%gnutls-smobs): Remove it. + * guile/src/core.c (scm_gnutls_make_rsa_parameters, + scm_gnutls_pkcs1_import_rsa_parameters, + scm_gnutls_pkcs1_export_rsa_parameters, + scm_gnutls_set_certificate_credentials_rsa_export_params_x): Remove. + * guile/modules/gnutls.in: Adjust export list. + * guile/tests/openpgp-auth.scm (import-rsa-params): Remove. + Remove references to it and to + 'set-certificate-credentials-rsa-export-parameters!'. + * guile/tests/x509-auth.scm: Likewise. + * doc/gnutls-guile.texi (Representation of Binary Data): Remove + references to RSA parameters. Adjust example accordingly. + (OpenPGP Authentication Guile Example): Likewise. + +Author: Nikos Mavrogiannopoulos +Date: Thu Dec 4 16:05:58 2014 +0100 + + updated TODO list + +Author: Nikos Mavrogiannopoulos +Date: Thu Dec 4 14:39:03 2014 +0100 + + removed several of the unneeded exported internal symbols + +Author: Nikos Mavrogiannopoulos +Date: Wed Dec 3 10:53:25 2014 +0100 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Wed Dec 3 10:39:51 2014 +0100 + + doc: corrected typo + +Author: Nikos Mavrogiannopoulos +Date: Fri Nov 28 20:21:52 2014 +0100 + + use unsigned long in gcm_cast_st + +Author: Nikos Mavrogiannopoulos +Date: Wed Nov 26 15:43:55 2014 +0100 + + corrected issue in AES-256-GCM + +Author: Nikos Mavrogiannopoulos +Date: Wed Nov 26 15:20:07 2014 +0100 + + tests: enhanced cipher check to include all ciphers. + +Author: Nikos Mavrogiannopoulos +Date: Wed Nov 26 14:56:27 2014 +0100 + + simplified abstractions over nettle based on Niels' comments. + +Author: Nikos Mavrogiannopoulos +Date: Wed Nov 26 11:21:29 2014 +0100 + + API doc update + +Author: Nikos Mavrogiannopoulos +Date: Wed Nov 26 11:20:26 2014 +0100 + + Added test vectors for CCM mode + +Author: Nikos Mavrogiannopoulos +Date: Wed Nov 26 10:27:23 2014 +0100 + + CCM: corrected AEAD decryption + +Author: Nikos Mavrogiannopoulos +Date: Tue Nov 25 20:27:05 2014 +0100 + + CCM mode moved to the lowest priority + +Author: Nikos Mavrogiannopoulos +Date: Tue Nov 25 19:42:10 2014 +0100 + + aes-gcm-aead.h: generalized + +Author: Nikos Mavrogiannopoulos +Date: Tue Nov 25 17:57:15 2014 +0100 + + gnutls-cli: added benchmark for CCM + +Author: Nikos Mavrogiannopoulos +Date: Tue Nov 25 17:46:55 2014 +0100 + + tests: updated for AES-128-CCM ciphersuites + +Author: Nikos Mavrogiannopoulos +Date: Tue Nov 25 17:27:03 2014 +0100 + + use the new AEAD API in gnutls_cipher.c + +Author: Nikos Mavrogiannopoulos +Date: Tue Nov 25 17:04:25 2014 +0100 + + Added definitions for CCM ciphersuites + +Author: Nikos Mavrogiannopoulos +Date: Mon Nov 24 16:02:25 2014 +0100 + + Modified crypto backend to accomodate for the CCM ciphersuites + +Author: Nikos Mavrogiannopoulos +Date: Mon Nov 24 10:54:55 2014 +0100 + + More nettle2 updates (in FIPS140-2 mode) + +Author: Nikos Mavrogiannopoulos +Date: Sun Nov 23 22:58:41 2014 +0100 + + ported to nettle 3.0 + +Author: Nikos Mavrogiannopoulos +Date: Wed Dec 3 10:10:05 2014 +0100 + + reduced current soversion + +Author: Nikos Mavrogiannopoulos +Date: Wed Dec 3 10:06:32 2014 +0100 + + documented the removal of deprecated functions + +Author: Nikos Mavrogiannopoulos +Date: Wed Dec 3 09:53:52 2014 +0100 + + corrected comparison + +Author: Nikos Mavrogiannopoulos +Date: Wed Dec 3 09:49:24 2014 +0100 + + removed the old gnutls_retr_st compatibility functions + +Author: Nikos Mavrogiannopoulos +Date: Wed Dec 3 09:45:19 2014 +0100 + + Removed binary compatibility with RSA-EXPORT using applications + +Author: Nikos Mavrogiannopoulos +Date: Wed Dec 3 09:41:33 2014 +0100 + + removed the old priority functions + + That is: + gnutls_cipher_set_priority + gnutls_mac_set_priority + gnutls_compression_set_priority + gnutls_kx_set_priority + gnutls_protocol_set_priority + gnutls_certificate_type_set_priority + +Author: Nikos Mavrogiannopoulos +Date: Wed Dec 3 09:37:55 2014 +0100 + + removed gnutls_x509_crt_verify_hash() and gnutls_x509_crt_verify_data() + +Author: Nikos Mavrogiannopoulos +Date: Wed Dec 3 09:35:26 2014 +0100 + + gnutls_sign_callback_set() and gnutls_sign_callback_get() were removed + +Author: Nikos Mavrogiannopoulos +Date: Wed Dec 3 09:32:21 2014 +0100 + + renumbered fields in gnutls.h + +Author: Nikos Mavrogiannopoulos +Date: Wed Dec 3 09:28:10 2014 +0100 + + increased gnutls' soversion + +Author: Nikos Mavrogiannopoulos +Date: Tue Dec 2 10:50:45 2014 +0100 + + if the rnd structure doesn't provide check, _gnutls_rnd_check() will succeed + +Author: Nikos Mavrogiannopoulos +Date: Sun Nov 30 22:17:31 2014 +0100 + + tests: Added check for verification using CRLs + +Author: Nikos Mavrogiannopoulos +Date: Sun Nov 30 21:44:10 2014 +0100 + + Reorganized, and eliminated memory leak in _gnutls_x509_crt_check_revocation() + + Reported by Tim Rühsen. + +Author: Nikos Mavrogiannopoulos +Date: Sat Nov 29 15:27:34 2014 +0100 + + systemkey: updated for new gnutls_system_key_iter_get_info + +Author: Nikos Mavrogiannopoulos +Date: Fri Nov 28 16:16:19 2014 +0100 + + gnutls_system_key_iter_get_info() allows restricting results to a specific certificate type + +Author: Nikos Mavrogiannopoulos +Date: Fri Nov 28 16:12:31 2014 +0100 + + removed unneeded variable + +Author: Nikos Mavrogiannopoulos +Date: Fri Nov 28 14:39:58 2014 +0100 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Fri Nov 28 13:18:49 2014 +0100 + + doc: added recommendation to use the higher level functions to load keys + +Author: Nikos Mavrogiannopoulos +Date: Fri Nov 28 10:40:34 2014 +0100 + + certtool: avoid gcc warnings + +Author: Nikos Mavrogiannopoulos +Date: Tue Nov 25 11:47:56 2014 +0100 + + gnutls-cli-debug: Added check for whether %NO_EXTENSIONS is required + +Author: Nikos Mavrogiannopoulos +Date: Fri Nov 28 10:32:22 2014 +0100 + + gnutls_session_get_desc: allow proper printing of the NULL KX + +Author: Nikos Mavrogiannopoulos +Date: Fri Nov 28 09:30:04 2014 +0100 + + gnutls_session_get_desc will return NULL if initial negotiation is not complete + +Author: Nikos Mavrogiannopoulos +Date: Thu Nov 27 23:17:29 2014 +0100 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Thu Nov 27 23:16:04 2014 +0100 + + tests: small fix in mini-chain-unsorted + +Author: Nikos Mavrogiannopoulos +Date: Thu Nov 27 22:39:08 2014 +0100 + + GNUTLS_E_CERTIFICATE_LIST_UNSORTED can be returned from gnutls_pcert_import_x509_list + + That is when it cannot sort the list and GNUTLS_X509_CRT_LIST_SORT is specified. + +Author: Nikos Mavrogiannopoulos +Date: Thu Nov 27 16:28:10 2014 +0100 + + gnutls_pcert_import_x509_list: only sort the lists it can sort + +Author: Nikos Mavrogiannopoulos +Date: Thu Nov 27 16:12:33 2014 +0100 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Thu Nov 27 16:10:44 2014 +0100 + + simplified windows URLs + +Author: Nikos Mavrogiannopoulos +Date: Thu Nov 27 16:08:46 2014 +0100 + + system-keys-win: include urls.h + +Author: Nikos Mavrogiannopoulos +Date: Thu Nov 27 16:06:46 2014 +0100 + + tests: added mini-chain-unsorted + +Author: Nikos Mavrogiannopoulos +Date: Thu Nov 27 15:06:11 2014 +0100 + + Added flag GNUTLS_X509_CRT_LIST_SORT for gnutls_x509_crt_list_import* + + That also allows automatically sorting input chains to the + gnutls_certificate_credentials_t structure. + +Author: Nikos Mavrogiannopoulos +Date: Tue Nov 25 21:53:03 2014 +0100 + + tests: Added check for memory leaks when a file cannot be loaded. + +Author: Nikos Mavrogiannopoulos +Date: Tue Nov 25 21:52:23 2014 +0100 + + gnutls_certificate_set_x509_key_*: eliminated memory leak when certificate could not be parsed + + Reported by Georg Richter. + +Author: Nikos Mavrogiannopoulos +Date: Tue Nov 25 20:33:15 2014 +0100 + + libdane: undef gnutls_assert() before redefining it + +Author: Nikos Mavrogiannopoulos +Date: Mon Nov 24 22:39:23 2014 +0100 + + gnutls-cli-debug: do not print error on unknown protocols + +Author: Nikos Mavrogiannopoulos +Date: Mon Nov 24 20:22:35 2014 +0100 + + tests: added leak check for gnutls_set_x509_key_mem2() + +Author: Nikos Mavrogiannopoulos +Date: Mon Nov 24 19:16:42 2014 +0100 + + documented the limitations of the loading functions + +Author: Nikos Mavrogiannopoulos +Date: Mon Nov 24 18:54:28 2014 +0100 + + corrected memleak in read_key_mem() + + Patch by Georg Richter. + +Author: Nikos Mavrogiannopoulos +Date: Mon Nov 24 13:27:09 2014 +0100 + + gnutls-cli-debug: Added check for sorted certificate chain + +Author: Nikos Mavrogiannopoulos +Date: Mon Nov 24 10:40:24 2014 +0100 + + do not allow the resumption of a session which switches the state of ext_master_secret + +Author: Nikos Mavrogiannopoulos +Date: Sun Nov 23 22:23:55 2014 +0100 + + tests: run rfc2253-escape-test under valgrind + +Author: Nikos Mavrogiannopoulos +Date: Sun Nov 23 19:43:44 2014 +0100 + + tests: enhanced custom-url check + +Author: Nikos Mavrogiannopoulos +Date: Sun Nov 23 19:43:01 2014 +0100 + + sanitize URLs at the proper place + +Author: Nikos Mavrogiannopoulos +Date: Sun Nov 23 19:42:43 2014 +0100 + + corrected freeing of custom URL + +Author: Nikos Mavrogiannopoulos +Date: Sun Nov 23 13:03:50 2014 +0100 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Sun Nov 23 12:43:27 2014 +0100 + + Added memxor_different_alignment into suppressions + +Author: Nikos Mavrogiannopoulos +Date: Sun Nov 23 12:36:22 2014 +0100 + + Allow the construction of chains with custom URLs + +Author: Nikos Mavrogiannopoulos +Date: Sun Nov 23 11:04:47 2014 +0100 + + updated ignored files + +Author: Nikos Mavrogiannopoulos +Date: Sun Nov 23 11:04:15 2014 +0100 + + renamed systemkey-tool to systemkey, and don't install it by default + +Author: Nikos Mavrogiannopoulos +Date: Sun Nov 23 10:51:30 2014 +0100 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Sun Nov 23 10:49:59 2014 +0100 + + tests: added check for registration of custom URLs + +Author: Nikos Mavrogiannopoulos +Date: Sun Nov 23 10:49:32 2014 +0100 + + export gnutls_register_custom_url + +Author: Nikos Mavrogiannopoulos +Date: Sun Nov 23 10:48:56 2014 +0100 + + correctly handle non-pkcs11 URLs in read_cert_url + +Author: Nikos Mavrogiannopoulos +Date: Sun Nov 23 09:30:29 2014 +0100 + + more files to ignore + +Author: Nikos Mavrogiannopoulos +Date: Sun Nov 23 09:11:38 2014 +0100 + + Added the ability to register application specific URLs for keys and certs + +Author: Nikos Mavrogiannopoulos +Date: Sun Nov 23 08:47:41 2014 +0100 + + system-keys-win: use macros for the URL + +Author: Nikos Mavrogiannopoulos +Date: Sat Nov 22 10:49:52 2014 +0100 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Fri Nov 21 20:42:21 2014 +0100 + + tests: added test for GNUTLS_E_GOT_APPLICATION_DATA on rehandshake + +Author: Nikos Mavrogiannopoulos +Date: Fri Nov 21 20:18:08 2014 +0100 + + treat GNUTLS_E_GOT_APPLICATION_DATA as non-fatal if initial negotiation is complete + + This corrects a regression introduced in b5a0de2e6da98866cafb770c3141b7353d030ab2 + Reported by Dan Winship. https://savannah.gnu.org/support/?108690 + +Author: Nikos Mavrogiannopoulos +Date: Fri Nov 21 16:48:45 2014 +0100 + + removed old news + +Author: Nikos Mavrogiannopoulos +Date: Fri Nov 21 16:10:33 2014 +0100 + + The record version in the client Hello will be set to the lowest supported protocol + + There should have been no harm in keeping it SSL 3.0 but + unfortunately in draft-thomson-sslv3-diediedie-00 + it has been marked as MUST NOT do that. That will be fixed in a later + revision but since then there are servers not accepting SSL 3.0 + as a valid record version (note that this is about the record + version, which describes the format of the packet, nothing to + do with the negotiated version). + +Author: Nikos Mavrogiannopoulos +Date: Fri Nov 21 15:41:25 2014 +0100 + + Revert "The priority modifier %LATEST_RECORD_VERSION is now the default" + + This reverts commit 66c419cc6336ea9a2747574588ffee77458b838f. + +Author: Nikos Mavrogiannopoulos +Date: Fri Nov 21 15:02:40 2014 +0100 + + deinitialize the OCSP response der data + + That also makes sure that reinitialization of ASN1 structures + are done when it is required only. + +Author: Nikos Mavrogiannopoulos +Date: Fri Nov 21 14:48:50 2014 +0100 + + gnutls_priority_string_list: allow printing the special keywords as well. + +Author: Nikos Mavrogiannopoulos +Date: Fri Nov 21 14:18:15 2014 +0100 + + simplified code involving getrandom() and getentropy() + +Author: Nikos Mavrogiannopoulos +Date: Thu Nov 20 10:36:23 2014 +0100 + + configure: detect android system and define a variable + +Author: Nikos Mavrogiannopoulos +Date: Thu Nov 20 10:35:26 2014 +0100 + + separated system-keys implementations + +Author: Nikos Mavrogiannopoulos +Date: Thu Nov 20 22:52:43 2014 +0100 + + removed redundant local + +Author: Nikos Mavrogiannopoulos +Date: Thu Nov 20 00:15:02 2014 +0100 + + tests: added check for the abbreviated URLs which don't contain object information + +Author: Nikos Mavrogiannopoulos +Date: Thu Nov 20 00:13:45 2014 +0100 + + prior to importing objects with URLs sanitize them + + That allows to use out of band information to complete missing + parts in URLs (e.g., object-type=cert, when there is a certificate). + +Author: Nikos Mavrogiannopoulos +Date: Wed Nov 19 23:53:50 2014 +0100 + + compilation fixes + +Author: Nikos Mavrogiannopoulos +Date: Wed Nov 19 11:28:38 2014 +0100 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Fri Nov 7 16:14:08 2014 +0100 + + Added API to read/write/delete key-cert pairs (limited to windows for now) + +Author: Nikos Mavrogiannopoulos +Date: Mon Nov 17 20:26:26 2014 +0100 + + NORMAL priority: prioritize the less than 256-bits curves at the lowest level + +Author: Nikos Mavrogiannopoulos +Date: Mon Nov 17 18:21:48 2014 +0100 + + certtool: Allow to set the nonRepudiation, keyAgreement and dataEncipherment flags + +Author: Nikos Mavrogiannopoulos +Date: Mon Nov 17 18:09:36 2014 +0100 + + list the OIDs in the certtool cfg file documentation + +Author: Nikos Mavrogiannopoulos +Date: Sun Nov 16 18:27:01 2014 +0100 + + properly reset the zombie mode in FIPS mode + + This amends 9158f590f4a18c84fc9eb41877b29d73b30af879 + +Author: Nikos Mavrogiannopoulos +Date: Sat Nov 15 10:06:12 2014 +0100 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Fri Nov 14 22:17:42 2014 +0100 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Fri Nov 14 22:16:09 2014 +0100 + + partially reverted 999d221fd2241ff73f884bf33d8cbe6eb8299184 + + That change allows to use the intermediate certificates in chains + as OCSP anchors. + +Author: Nikos Mavrogiannopoulos +Date: Fri Nov 14 21:21:53 2014 +0100 + + certtool: print message when the system trust is used + +Author: David Weber +Date: Fri Nov 14 14:49:24 2014 +0200 + + Fixed SRTP profile configuration in cli.c and serv.c. + + I have tested the fix in 3.3.10. This commit is UNTESTED as i am unable + to compile gnutls (./configure complains about gl_INIT and ggl_INIT). + + Signed-off-by: Nikos Mavrogiannopoulos + +Author: Nikos Mavrogiannopoulos +Date: Fri Nov 14 20:13:36 2014 +0100 + + tests: ocsp: added the signature in check + +Author: Nikos Mavrogiannopoulos +Date: Fri Nov 14 20:10:06 2014 +0100 + + only print about additional certificates if they are present + +Author: Nikos Mavrogiannopoulos +Date: Fri Nov 14 17:22:07 2014 +0100 + + ocsp: fix DN decoding in gnutls_ocsp_resp_get_responder_raw_id + +Author: Nikos Mavrogiannopoulos +Date: Fri Nov 14 11:42:42 2014 +0100 + + tests: ocsp: added check with a long response + +Author: Nikos Mavrogiannopoulos +Date: Fri Nov 14 16:17:58 2014 +0100 + + use the original DER/BER data when verifying an OCSP response + +Author: Nikos Mavrogiannopoulos +Date: Fri Nov 14 11:55:21 2014 +0100 + + _pkcs1_rsa_verify_sig() simplify hashing + +Author: Nikos Mavrogiannopoulos +Date: Fri Nov 14 11:42:15 2014 +0100 + + ocsp: eliminated duplicate code + +Author: Nikos Mavrogiannopoulos +Date: Fri Nov 14 11:05:18 2014 +0100 + + clarified the multiple paths printing of the verify options + +Author: Nikos Mavrogiannopoulos +Date: Fri Nov 14 10:53:31 2014 +0100 + + gnutls-cli: allow printing the certificates in OCSP responses when --print-cert is specified + +Author: Nikos Mavrogiannopoulos +Date: Fri Nov 14 10:47:55 2014 +0100 + + updated OCSP verification code to better use the trust list, and the KeyHash + +Author: Nikos Mavrogiannopoulos +Date: Fri Nov 14 09:34:13 2014 +0100 + + OCSP printing: Add header in front of certificates + +Author: Nikos Mavrogiannopoulos +Date: Fri Nov 14 09:32:40 2014 +0100 + + added gnutls_pkcs11_get_raw_issuer_by_dn and gnutls_x509_trust_list_get_issuer_by_dn + +Author: Nikos Mavrogiannopoulos +Date: Fri Nov 14 07:57:19 2014 +0100 + + gnutls-cli-debug: check for OCSP status response + +Author: Nikos Mavrogiannopoulos +Date: Fri Nov 14 07:45:49 2014 +0100 + + corrected crq test case; reported by Andreas Metzler + +Author: Nikos Mavrogiannopoulos +Date: Thu Nov 13 20:56:27 2014 +0100 + + set the GNUTLS_PIN_CONTEXT_SPECIFIC flag on PIN callback + +Author: Nikos Mavrogiannopoulos +Date: Thu Nov 13 16:31:21 2014 +0100 + + replaced gnutls_ocsp_resp_get_responder_by_key with gnutls_ocsp_resp_get_responder_raw_id + + In addition reverted gnutls_ocsp_resp_get_responder() to the old + buggy behavior of returning 0 if the element was missing. + +Author: Nikos Mavrogiannopoulos +Date: Thu Nov 13 16:05:44 2014 +0100 + + certtool: make sure that GNUTLS_PKCS_PLAIN is set when no password should be asked + +Author: Nikos Mavrogiannopoulos +Date: Thu Nov 13 16:05:21 2014 +0100 + + gnutls_x509_privkey_import2: will not use a callback if GNUTLS_PKCS_PLAIN is specified + +Author: Nikos Mavrogiannopoulos +Date: Thu Nov 13 15:55:50 2014 +0100 + + the FIPS140-2 testing mode is disabled after self-checks + +Author: Nikos Mavrogiannopoulos +Date: Thu Nov 13 15:50:05 2014 +0100 + + updated OCSP tests to account for the new key ID + +Author: Nikos Mavrogiannopoulos +Date: Thu Nov 13 15:43:04 2014 +0100 + + doc update and gnutls_ocsp_resp_get_responder() will always initialized output data + +Author: Nikos Mavrogiannopoulos +Date: Thu Nov 13 15:38:34 2014 +0100 + + _rnd_get_event: use memset to avoid valgrind complaints + +Author: Nikos Mavrogiannopoulos +Date: Thu Nov 13 15:34:23 2014 +0100 + + gnutls-cli: print the OCSP response in verbose mode + +Author: Nikos Mavrogiannopoulos +Date: Thu Nov 13 15:30:55 2014 +0100 + + corrected documentation of OCSP response verification + +Author: Nikos Mavrogiannopoulos +Date: Thu Nov 13 14:39:41 2014 +0100 + + Added gnutls_ocsp_resp_get_responder_by_key() + +Author: Nikos Mavrogiannopoulos +Date: Thu Nov 13 14:39:07 2014 +0100 + + dn parsing: return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE when DN is not available + +Author: Nikos Mavrogiannopoulos +Date: Thu Nov 13 14:12:15 2014 +0100 + + gnutls-cli: added option to save the OCSP response + +Author: Nikos Mavrogiannopoulos +Date: Thu Nov 13 12:06:32 2014 +0100 + + added the notion of preferred sign algorithm in a private key + + This can be set for keys imported with gnutls_privkey_import_ext3() + with the info callback. It is only considered for client side keys + in TLS sessions. + +Author: Nikos Mavrogiannopoulos +Date: Thu Nov 13 10:18:03 2014 +0100 + + Added priority string %NO_SESSION_HASH to prevent advertising the extended master secret extension + +Author: Nikos Mavrogiannopoulos +Date: Thu Nov 13 10:06:51 2014 +0100 + + certificate status requestion response is optional according to RFC6066 + +Author: Nikos Mavrogiannopoulos +Date: Thu Nov 13 09:52:43 2014 +0100 + + Added flag GNUTLS_OCSP_SR_IS_AVAIL for gnutls_ocsp_status_request_is_checked + +Author: Nikos Mavrogiannopoulos +Date: Thu Nov 13 09:27:38 2014 +0100 + + rnd: removed the packed attribute from event_st + + That prevents a SIGBUS on solaris sparc systems. + Reported by Thomas Thorberger. + +Author: Nikos Mavrogiannopoulos +Date: Thu Nov 13 09:18:31 2014 +0100 + + The priority modifier %LATEST_RECORD_VERSION is now the default + + This works-around issue with servers that forbit the SSL 3.0 + version number from the first packet of the record protocol. + +Author: Nikos Mavrogiannopoulos +Date: Thu Nov 13 09:16:29 2014 +0100 + + added check for servers that disallow the SSL 3.0 record version + +Author: Nikos Mavrogiannopoulos +Date: Wed Nov 12 19:44:18 2014 +0100 + + gnutls-cli: print whether status request has been checked + +Author: Nikos Mavrogiannopoulos +Date: Wed Nov 12 16:14:55 2014 +0100 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Wed Nov 12 15:44:53 2014 +0100 + + Enable PIN support to gnutls_x509_privkey_t + +Author: Nikos Mavrogiannopoulos +Date: Tue Nov 11 15:16:12 2014 +0100 + + _gnutls_ucs2_to_utf8() can handle little endian strings. + +Author: Nikos Mavrogiannopoulos +Date: Tue Nov 11 11:25:57 2014 +0100 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Tue Nov 11 11:25:44 2014 +0100 + + Added gnutls_memcmp() and exported it. + +Author: Nikos Mavrogiannopoulos +Date: Tue Nov 11 10:47:56 2014 +0100 + + indentation fix + +Author: Nikos Mavrogiannopoulos +Date: Tue Nov 11 10:40:21 2014 +0100 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Fri Nov 7 16:05:10 2014 +0100 + + added gnutls_pkcs12_bag_set_privkey() + + Conflicts: + lib/libgnutls.map + +Author: Nikos Mavrogiannopoulos +Date: Mon Nov 10 12:59:39 2014 +0100 + + dropped unused copy_func + +Author: Nikos Mavrogiannopoulos +Date: Mon Nov 10 11:38:58 2014 +0100 + + silence warning + +Author: Nikos Mavrogiannopoulos +Date: Fri Oct 31 10:08:00 2014 +0100 + + Added check with the invalid crq sent by Sean Burford + +Author: Nikos Mavrogiannopoulos +Date: Fri Oct 31 10:00:32 2014 +0100 + + when exporting curve coordinates to X9.63 format, perform additional sanity checks on input + + Reported by Sean Burford. + +Author: Nikos Mavrogiannopoulos +Date: Sat Nov 8 09:06:36 2014 +0100 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Sat Nov 8 08:38:44 2014 +0100 + + doc update + +Author: Nikos Mavrogiannopoulos +Date: Sat Nov 8 08:36:16 2014 +0100 + + exported gnutls_memset() + +Author: Nikos Mavrogiannopoulos +Date: Sat Nov 8 08:35:01 2014 +0100 + + doc: updated text on session tickets + +Author: Nikos Mavrogiannopoulos +Date: Fri Nov 7 21:46:58 2014 +0100 + + tools: include arpa/inet.h in socket.c + +Author: Nikos Mavrogiannopoulos +Date: Fri Nov 7 19:18:22 2014 +0100 + + doc: use the same port for DTLS client and server + +Author: Nikos Mavrogiannopoulos +Date: Fri Nov 7 19:01:57 2014 +0100 + + pkcs11: pass the correct user type to protected authentication login + +Author: Nikos Mavrogiannopoulos +Date: Fri Nov 7 10:22:11 2014 +0100 + + doc: corrected values for INSECURE level + +Author: Nikos Mavrogiannopoulos +Date: Fri Nov 7 08:55:40 2014 +0100 + + pkcs11: support the CKA_EXTRACTABLE and CKA_NEVER_EXTRACTABLE flags + +Author: Nikos Mavrogiannopoulos +Date: Fri Nov 7 08:44:46 2014 +0100 + + pkcs11: added the flag GNUTLS_PKCS11_OBJ_FLAG_MARK_ALWAYS_AUTH + +Author: Nikos Mavrogiannopoulos +Date: Fri Nov 7 07:54:41 2014 +0100 + + pkcs11: perform reauth at the appropriate state + +Author: Nikos Mavrogiannopoulos +Date: Fri Nov 7 07:49:54 2014 +0100 + + pkcs11_login: set the correct user type on reauthentication diff --git a/GNUmakefile b/GNUmakefile new file mode 100644 index 0000000..da25113 --- /dev/null +++ b/GNUmakefile @@ -0,0 +1,127 @@ +# Having a separate GNUmakefile lets me 'include' the dynamically +# generated rules created via cfg.mk (package-local configuration) +# as well as maint.mk (generic maintainer rules). +# This makefile is used only if you run GNU Make. +# It is necessary if you want to build targets usually of interest +# only to the maintainer. + +# Copyright (C) 2001, 2003, 2006-2019 Free Software Foundation, Inc. + +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +# If the user runs GNU make but has not yet run ./configure, +# give them a diagnostic. +_gl-Makefile := $(wildcard [M]akefile) +ifneq ($(_gl-Makefile),) + +# Make tar archive easier to reproduce. +export TAR_OPTIONS = --owner=0 --group=0 --numeric-owner + +# Allow the user to add to this in the Makefile. +ALL_RECURSIVE_TARGETS = + +include Makefile + +# Some projects override e.g., _autoreconf here. +-include $(srcdir)/cfg.mk + +# Allow cfg.mk to override these. +_build-aux ?= build-aux +_autoreconf ?= autoreconf -v + +include $(srcdir)/maint.mk + +# Ensure that $(VERSION) is up to date for dist-related targets, but not +# for others: rerunning autoreconf and recompiling everything isn't cheap. +_have-git-version-gen := \ + $(shell test -f $(srcdir)/$(_build-aux)/git-version-gen && echo yes) +ifeq ($(_have-git-version-gen)0,yes$(MAKELEVEL)) + _is-dist-target ?= $(filter-out %clean, \ + $(filter maintainer-% dist% alpha beta stable,$(MAKECMDGOALS))) + _is-install-target ?= $(filter-out %check, $(filter install%,$(MAKECMDGOALS))) + ifneq (,$(_is-dist-target)$(_is-install-target)) + _curr-ver := $(shell cd $(srcdir) \ + && $(_build-aux)/git-version-gen \ + .tarball-version \ + $(git-version-gen-tag-sed-script)) + ifneq ($(_curr-ver),$(VERSION)) + ifeq ($(_curr-ver),UNKNOWN) + $(info WARNING: unable to verify if $(VERSION) is the correct version) + else + ifneq (,$(_is-install-target)) + # GNU Coding Standards state that 'make install' should not cause + # recompilation after 'make all'. But as long as changing the version + # string alters config.h, the cost of having 'make all' always have an + # up-to-date version is prohibitive. So, as a compromise, we merely + # warn when installing a version string that is out of date; the user + # should run 'autoreconf' (or something like 'make distcheck') to + # fix the version, 'make all' to propagate it, then 'make install'. + $(info WARNING: version string $(VERSION) is out of date;) + $(info run '$(MAKE) _version' to fix it) + else + $(info INFO: running autoreconf for new version string: $(_curr-ver)) +GNUmakefile: _version + touch GNUmakefile + endif + endif + endif + endif +endif + +.PHONY: _version +_version: + cd $(srcdir) && rm -rf autom4te.cache .version && $(_autoreconf) + $(MAKE) $(AM_MAKEFLAGS) Makefile + +else + +.DEFAULT_GOAL := abort-due-to-no-makefile +srcdir = . + +# The package can override .DEFAULT_GOAL to run actions like autoreconf. +-include ./cfg.mk + +# Allow cfg.mk to override these. +_build-aux ?= build-aux +_autoreconf ?= autoreconf -v + +include ./maint.mk + +ifeq ($(.DEFAULT_GOAL),abort-due-to-no-makefile) +$(MAKECMDGOALS): abort-due-to-no-makefile +endif + +abort-due-to-no-makefile: + @echo There seems to be no Makefile in this directory. 1>&2 + @echo "You must run ./configure before running 'make'." 1>&2 + @exit 1 + +endif + +# Tell version 3.79 and up of GNU make to not build goals in this +# directory in parallel, in case someone tries to build multiple +# targets, and one of them can cause a recursive target to be invoked. + +# Only set this if Automake doesn't provide it. +AM_RECURSIVE_TARGETS ?= $(RECURSIVE_TARGETS:-recursive=) \ + $(RECURSIVE_CLEAN_TARGETS:-recursive=) \ + dist distcheck tags ctags + +ALL_RECURSIVE_TARGETS += $(AM_RECURSIVE_TARGETS) + +ifneq ($(word 2, $(MAKECMDGOALS)), ) +ifneq ($(filter $(ALL_RECURSIVE_TARGETS), $(MAKECMDGOALS)), ) +.NOTPARALLEL: +endif +endif diff --git a/INSTALL b/INSTALL new file mode 100644 index 0000000..8865734 --- /dev/null +++ b/INSTALL @@ -0,0 +1,368 @@ +Installation Instructions +************************* + + Copyright (C) 1994-1996, 1999-2002, 2004-2016 Free Software +Foundation, Inc. + + Copying and distribution of this file, with or without modification, +are permitted in any medium without royalty provided the copyright +notice and this notice are preserved. This file is offered as-is, +without warranty of any kind. + +Basic Installation +================== + + Briefly, the shell command './configure && make && make install' +should configure, build, and install this package. The following +more-detailed instructions are generic; see the 'README' file for +instructions specific to this package. Some packages provide this +'INSTALL' file but do not implement all of the features documented +below. The lack of an optional feature in a given package is not +necessarily a bug. More recommendations for GNU packages can be found +in *note Makefile Conventions: (standards)Makefile Conventions. + + The 'configure' shell script attempts to guess correct values for +various system-dependent variables used during compilation. It uses +those values to create a 'Makefile' in each directory of the package. +It may also create one or more '.h' files containing system-dependent +definitions. Finally, it creates a shell script 'config.status' that +you can run in the future to recreate the current configuration, and a +file 'config.log' containing compiler output (useful mainly for +debugging 'configure'). + + It can also use an optional file (typically called 'config.cache' and +enabled with '--cache-file=config.cache' or simply '-C') that saves the +results of its tests to speed up reconfiguring. Caching is disabled by +default to prevent problems with accidental use of stale cache files. + + If you need to do unusual things to compile the package, please try +to figure out how 'configure' could check whether to do them, and mail +diffs or instructions to the address given in the 'README' so they can +be considered for the next release. If you are using the cache, and at +some point 'config.cache' contains results you don't want to keep, you +may remove or edit it. + + The file 'configure.ac' (or 'configure.in') is used to create +'configure' by a program called 'autoconf'. You need 'configure.ac' if +you want to change it or regenerate 'configure' using a newer version of +'autoconf'. + + The simplest way to compile this package is: + + 1. 'cd' to the directory containing the package's source code and type + './configure' to configure the package for your system. + + Running 'configure' might take a while. While running, it prints + some messages telling which features it is checking for. + + 2. Type 'make' to compile the package. + + 3. Optionally, type 'make check' to run any self-tests that come with + the package, generally using the just-built uninstalled binaries. + + 4. Type 'make install' to install the programs and any data files and + documentation. When installing into a prefix owned by root, it is + recommended that the package be configured and built as a regular + user, and only the 'make install' phase executed with root + privileges. + + 5. Optionally, type 'make installcheck' to repeat any self-tests, but + this time using the binaries in their final installed location. + This target does not install anything. Running this target as a + regular user, particularly if the prior 'make install' required + root privileges, verifies that the installation completed + correctly. + + 6. You can remove the program binaries and object files from the + source code directory by typing 'make clean'. To also remove the + files that 'configure' created (so you can compile the package for + a different kind of computer), type 'make distclean'. There is + also a 'make maintainer-clean' target, but that is intended mainly + for the package's developers. If you use it, you may have to get + all sorts of other programs in order to regenerate files that came + with the distribution. + + 7. Often, you can also type 'make uninstall' to remove the installed + files again. In practice, not all packages have tested that + uninstallation works correctly, even though it is required by the + GNU Coding Standards. + + 8. Some packages, particularly those that use Automake, provide 'make + distcheck', which can by used by developers to test that all other + targets like 'make install' and 'make uninstall' work correctly. + This target is generally not run by end users. + +Compilers and Options +===================== + + Some systems require unusual options for compilation or linking that +the 'configure' script does not know about. Run './configure --help' +for details on some of the pertinent environment variables. + + You can give 'configure' initial values for configuration parameters +by setting variables in the command line or in the environment. Here is +an example: + + ./configure CC=c99 CFLAGS=-g LIBS=-lposix + + *Note Defining Variables::, for more details. + +Compiling For Multiple Architectures +==================================== + + You can compile the package for more than one kind of computer at the +same time, by placing the object files for each architecture in their +own directory. To do this, you can use GNU 'make'. 'cd' to the +directory where you want the object files and executables to go and run +the 'configure' script. 'configure' automatically checks for the source +code in the directory that 'configure' is in and in '..'. This is known +as a "VPATH" build. + + With a non-GNU 'make', it is safer to compile the package for one +architecture at a time in the source code directory. After you have +installed the package for one architecture, use 'make distclean' before +reconfiguring for another architecture. + + On MacOS X 10.5 and later systems, you can create libraries and +executables that work on multiple system types--known as "fat" or +"universal" binaries--by specifying multiple '-arch' options to the +compiler but only a single '-arch' option to the preprocessor. Like +this: + + ./configure CC="gcc -arch i386 -arch x86_64 -arch ppc -arch ppc64" \ + CXX="g++ -arch i386 -arch x86_64 -arch ppc -arch ppc64" \ + CPP="gcc -E" CXXCPP="g++ -E" + + This is not guaranteed to produce working output in all cases, you +may have to build one architecture at a time and combine the results +using the 'lipo' tool if you have problems. + +Installation Names +================== + + By default, 'make install' installs the package's commands under +'/usr/local/bin', include files under '/usr/local/include', etc. You +can specify an installation prefix other than '/usr/local' by giving +'configure' the option '--prefix=PREFIX', where PREFIX must be an +absolute file name. + + You can specify separate installation prefixes for +architecture-specific files and architecture-independent files. If you +pass the option '--exec-prefix=PREFIX' to 'configure', the package uses +PREFIX as the prefix for installing programs and libraries. +Documentation and other data files still use the regular prefix. + + In addition, if you use an unusual directory layout you can give +options like '--bindir=DIR' to specify different values for particular +kinds of files. Run 'configure --help' for a list of the directories +you can set and what kinds of files go in them. In general, the default +for these options is expressed in terms of '${prefix}', so that +specifying just '--prefix' will affect all of the other directory +specifications that were not explicitly provided. + + The most portable way to affect installation locations is to pass the +correct locations to 'configure'; however, many packages provide one or +both of the following shortcuts of passing variable assignments to the +'make install' command line to change installation locations without +having to reconfigure or recompile. + + The first method involves providing an override variable for each +affected directory. For example, 'make install +prefix=/alternate/directory' will choose an alternate location for all +directory configuration variables that were expressed in terms of +'${prefix}'. Any directories that were specified during 'configure', +but not in terms of '${prefix}', must each be overridden at install time +for the entire installation to be relocated. The approach of makefile +variable overrides for each directory variable is required by the GNU +Coding Standards, and ideally causes no recompilation. However, some +platforms have known limitations with the semantics of shared libraries +that end up requiring recompilation when using this method, particularly +noticeable in packages that use GNU Libtool. + + The second method involves providing the 'DESTDIR' variable. For +example, 'make install DESTDIR=/alternate/directory' will prepend +'/alternate/directory' before all installation names. The approach of +'DESTDIR' overrides is not required by the GNU Coding Standards, and +does not work on platforms that have drive letters. On the other hand, +it does better at avoiding recompilation issues, and works well even +when some directory options were not specified in terms of '${prefix}' +at 'configure' time. + +Optional Features +================= + + If the package supports it, you can cause programs to be installed +with an extra prefix or suffix on their names by giving 'configure' the +option '--program-prefix=PREFIX' or '--program-suffix=SUFFIX'. + + Some packages pay attention to '--enable-FEATURE' options to +'configure', where FEATURE indicates an optional part of the package. +They may also pay attention to '--with-PACKAGE' options, where PACKAGE +is something like 'gnu-as' or 'x' (for the X Window System). The +'README' should mention any '--enable-' and '--with-' options that the +package recognizes. + + For packages that use the X Window System, 'configure' can usually +find the X include and library files automatically, but if it doesn't, +you can use the 'configure' options '--x-includes=DIR' and +'--x-libraries=DIR' to specify their locations. + + Some packages offer the ability to configure how verbose the +execution of 'make' will be. For these packages, running './configure +--enable-silent-rules' sets the default to minimal output, which can be +overridden with 'make V=1'; while running './configure +--disable-silent-rules' sets the default to verbose, which can be +overridden with 'make V=0'. + +Particular systems +================== + + On HP-UX, the default C compiler is not ANSI C compatible. If GNU CC +is not installed, it is recommended to use the following options in +order to use an ANSI C compiler: + + ./configure CC="cc -Ae -D_XOPEN_SOURCE=500" + +and if that doesn't work, install pre-built binaries of GCC for HP-UX. + + HP-UX 'make' updates targets which have the same time stamps as their +prerequisites, which makes it generally unusable when shipped generated +files such as 'configure' are involved. Use GNU 'make' instead. + + On OSF/1 a.k.a. Tru64, some versions of the default C compiler cannot +parse its '' header file. The option '-nodtk' can be used as a +workaround. If GNU CC is not installed, it is therefore recommended to +try + + ./configure CC="cc" + +and if that doesn't work, try + + ./configure CC="cc -nodtk" + + On Solaris, don't put '/usr/ucb' early in your 'PATH'. This +directory contains several dysfunctional programs; working variants of +these programs are available in '/usr/bin'. So, if you need '/usr/ucb' +in your 'PATH', put it _after_ '/usr/bin'. + + On Haiku, software installed for all users goes in '/boot/common', +not '/usr/local'. It is recommended to use the following options: + + ./configure --prefix=/boot/common + +Specifying the System Type +========================== + + There may be some features 'configure' cannot figure out +automatically, but needs to determine by the type of machine the package +will run on. Usually, assuming the package is built to be run on the +_same_ architectures, 'configure' can figure that out, but if it prints +a message saying it cannot guess the machine type, give it the +'--build=TYPE' option. TYPE can either be a short name for the system +type, such as 'sun4', or a canonical name which has the form: + + CPU-COMPANY-SYSTEM + +where SYSTEM can have one of these forms: + + OS + KERNEL-OS + + See the file 'config.sub' for the possible values of each field. If +'config.sub' isn't included in this package, then this package doesn't +need to know the machine type. + + If you are _building_ compiler tools for cross-compiling, you should +use the option '--target=TYPE' to select the type of system they will +produce code for. + + If you want to _use_ a cross compiler, that generates code for a +platform different from the build platform, you should specify the +"host" platform (i.e., that on which the generated programs will +eventually be run) with '--host=TYPE'. + +Sharing Defaults +================ + + If you want to set default values for 'configure' scripts to share, +you can create a site shell script called 'config.site' that gives +default values for variables like 'CC', 'cache_file', and 'prefix'. +'configure' looks for 'PREFIX/share/config.site' if it exists, then +'PREFIX/etc/config.site' if it exists. Or, you can set the +'CONFIG_SITE' environment variable to the location of the site script. +A warning: not all 'configure' scripts look for a site script. + +Defining Variables +================== + + Variables not defined in a site shell script can be set in the +environment passed to 'configure'. However, some packages may run +configure again during the build, and the customized values of these +variables may be lost. In order to avoid this problem, you should set +them in the 'configure' command line, using 'VAR=value'. For example: + + ./configure CC=/usr/local2/bin/gcc + +causes the specified 'gcc' to be used as the C compiler (unless it is +overridden in the site shell script). + +Unfortunately, this technique does not work for 'CONFIG_SHELL' due to an +Autoconf limitation. Until the limitation is lifted, you can use this +workaround: + + CONFIG_SHELL=/bin/bash ./configure CONFIG_SHELL=/bin/bash + +'configure' Invocation +====================== + + 'configure' recognizes the following options to control how it +operates. + +'--help' +'-h' + Print a summary of all of the options to 'configure', and exit. + +'--help=short' +'--help=recursive' + Print a summary of the options unique to this package's + 'configure', and exit. The 'short' variant lists options used only + in the top level, while the 'recursive' variant lists options also + present in any nested packages. + +'--version' +'-V' + Print the version of Autoconf used to generate the 'configure' + script, and exit. + +'--cache-file=FILE' + Enable the cache: use and save the results of the tests in FILE, + traditionally 'config.cache'. FILE defaults to '/dev/null' to + disable caching. + +'--config-cache' +'-C' + Alias for '--cache-file=config.cache'. + +'--quiet' +'--silent' +'-q' + Do not print messages saying which checks are being made. To + suppress all normal output, redirect it to '/dev/null' (any error + messages will still be shown). + +'--srcdir=DIR' + Look for the package's source code in directory DIR. Usually + 'configure' can determine that directory automatically. + +'--prefix=DIR' + Use DIR as the installation prefix. *note Installation Names:: for + more details, including other options available for fine-tuning the + installation locations. + +'--no-create' +'-n' + Run the configure checks, but stop before creating any output + files. + +'configure' also accepts some other, not widely useful, options. Run +'configure --help' for more details. diff --git a/INSTALL.md b/INSTALL.md new file mode 100644 index 0000000..aa2c5fd --- /dev/null +++ b/INSTALL.md @@ -0,0 +1,152 @@ +GnuTLS README -- Important introductory notes +============================================= + +GnuTLS implements the TLS/SSL (Transport Layer Security aka Secure +Sockets Layer) protocol. GnuTLS is a GNU project. Additional +information can be found at . + + +README +====== + +This README is targeted for users of the library who build from +sources but do not necessarily develop. If you are interested +in developing and contributing to the GnuTLS project, please +see README-alpha and visit +https://www.gnutls.org/manual/html_node/Contributing.html. + + +COMPILATION +=========== + +A typical command sequence for building the library is shown below. +A complete list of options available for configure can be found +by running './configure --help'. + +``` + cd gnutls- + ./configure --prefix=/usr + make + make check + sudo make install +``` + +The commands above build and install the static archive (libgnutls.a), +the shared object (libgnutls.so), and additional binaries such as certtool +and gnutls-cli. + +The library depends on libnettle and gmplib. +* gmplib: for big number arithmetic, https://gmplib.org/ +* nettle: for cryptographic algorithms, https://www.lysator.liu.se/~nisse/nettle/ + +Optionally it may use the following libraries: +* libtasn1: For ASN.1 parsing (a copy is included, if not found), https://www.gnu.org/software/libtasn1/ +* p11-kit: for smart card support, https://p11-glue.github.io/p11-glue/p11-kit.html +* libtspi: for Trusted Platform Module (TPM) support, https://trousers.sourceforge.net/ +* libunbound: For DNSSEC/DANE support, https://unbound.net/ +* libz: For compression support, https://www.zlib.net/ +* libidn: For supporting internationalized DNS names (IDNA 2003), https://www.gnu.org/software/libidn/ +* libidn2: For supporting internationalized DNS names (IDNA 2008), https://www.gnu.org/software/libidn/#libidn2 + +To configure libnettle for installation and use by GnuTLS, a typical +command sequence would be: + +``` + cd nettle- + ./configure --prefix=/usr --disable-openssl --enable-shared + make + sudo make install +``` + +For the Nettle project, --enable-shared will instruct automake and +friends to build and install both the static archive (libnettle.a) +and the shared object (libnettle.so). + +In case you are compiling for an embedded system, you can disable +unneeded features of GnuTLS. In general, it is usually best not to +disable anything (for future mailing list questions and possible bugs). + +Depending on your installation, additional libraries, such as libtasn1 +and zlib, may be required. + + +DOCUMENTATION +============= + +See the documentation in doc/ and online at +https://www.gnutls.org/manual. + + +EXAMPLES +======== + +See the examples in doc/examples/ and online at 'How To Use GnuTLS in +Applications' at https://www.gnutls.org/manual. + + +SECURITY ADVISORIES +=================== + +The project collects and publishes information on past security +incidents and vulnerabilities. Open information exchange, including +information which is [sometimes] suppressed in non-open or non-free +projects, is one of the goals of the GnuTLS project. Please visit +https://www.gnutls.org/security.html. + + +MAILING LISTS +============= + +The GnuTLS project maintains mailing lists for users, developers, and +commits. Please see https://www.gnutls.org/lists.html. + + +LICENSING +========= + +See the [LICENSE](LICENSE) file. + + +BUGS +==== + +Thorough testing is very important and expensive. Often, the +developers do not have access to a particular piece of hardware or +configuration to reproduce a scenario. Notifying the developers about a +possible bug will greatly help the project. + +If you believe you have found a bug, please report it to bugs@gnutls.org +together with any applicable information. + +Applicable information would include why the issue is a GnuTLS bug (if +not readily apparent), output from 'uname -a', the version of the library or +tool being used, a stack trace if available ('bt full' if under gdb or +valgrind output), and perhaps a network trace. Vague queries or piecemeal +messages are difficult to act upon and don't help the development effort. + +Additional information can be found at the project's manual. + + +PATCHES +======= + +Patches are welcome and encouraged. Patches can be submitted through the +bug tracking system or the mailing list. When submitting patches, please +be sure to use sources from the git repository, and preferably from the +master branch. To create a patch for the project from a local git repository, +please use the following commands. 'gnutls' should be the local directory +of a previous git clone. + +``` + cd gnutls + git add the-file-you-modified.c another-file.c + git commit the-file-you-modified.c another-file.c + git format-patch +``` + +For more information on use of Git, visit https://git-scm.com/ + +---------------------------------------------------------------------- +Copying and distribution of this file, with or without modification, +are permitted in any medium without royalty provided the copyright +notice and this notice are preserved. diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..c751cef --- /dev/null +++ b/LICENSE @@ -0,0 +1,24 @@ +LICENSING +========= + +Since GnuTLS version 3.1.10, the core library is released under +the GNU Lesser General Public License (LGPL) version 2.1 or later +(see doc/COPYING.LESSER for the license terms). + +The GNU LGPL applies to the main GnuTLS library, while the +included applications as well as gnutls-openssl +library are under the GNU GPL version 3. The gnutls library is +located in the lib/ and libdane/ directories, while the applications +in src/ and, the gnutls-openssl library is at extra/. + +The documentation in doc/ is under the GNU FDL license 1.3. + + +Note, however, that the nettle and the gmp libraries which are +GnuTLS dependencies, they are distributed under a LGPLv3+ or GPLv2+ dual +license. As such binaries linking to them need to adhere to either LGPLv3+ +or the GPLv2+ license. + +For any copyright year range specified as YYYY-ZZZZ in this package +note that the range specifies every single year in that closed interval. + diff --git a/Makefile.am b/Makefile.am new file mode 100644 index 0000000..ffcbc4e --- /dev/null +++ b/Makefile.am @@ -0,0 +1,209 @@ +## Process this file with automake to produce Makefile.in +# Copyright (C) 2000-2012 Free Software Foundation, Inc. +# +# Author: Nikos Mavrogiannopoulos +# +# This file is part of GnuTLS. +# +# This file is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 3 of the License, or +# (at your option) any later version. +# +# This file is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this file; if not, write to the Free Software Foundation, +# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +DISTCHECK_CONFIGURE_FLAGS = \ + --enable-doc \ + --enable-gtk-doc \ + --disable-valgrind-tests \ + --with-guile-site-dir='$$(datarootdir)/guile/site/$$(GUILE_EFFECTIVE_VERSION)' \ + --with-guile-site-ccache-dir='$$(libdir)/guile/$$(GUILE_EFFECTIVE_VERSION)/site-ccache' \ + --with-guile-extension-dir='$$(libdir)/guile/$$(GUILE_EFFECTIVE_VERSION)/extensions' \ + AUTOGEN=false + +SUBDIRS = gl lib extra + +if ENABLE_DANE +SUBDIRS += libdane +endif + +SUBDIRS += po +if ENABLE_TOOLS +SUBDIRS += src/gl src +else +SUBDIRS += src/gl +endif + +if ENABLE_TESTS +SUBDIRS += tests fuzz +endif + +if HAVE_GUILE +SUBDIRS += guile +endif + +if ENABLE_MANPAGES +SUBDIRS += doc/manpages +endif + +if ENABLE_DOC +SUBDIRS += doc +endif + +ACLOCAL_AMFLAGS = -I m4 -I src/libopts/m4 -I src/gl/m4 -I lib/unistring/m4 --install + +EXTRA_DIST = cfg.mk maint.mk CONTRIBUTING.md README.md LICENSE AUTHORS NEWS \ + ChangeLog THANKS INSTALL.md + +DISTCLEANFILES = AUTHORS + +AUTHORS: + @echo -e "The authors list is autogenerated from the git history; sorted by number of commits\n" >AUTHORS + @git shortlog -sen| cut -f 2 | sed 's/@/ at /g' >> AUTHORS + @echo -e "\n\nThe translators list is autogenerated from po file history\n" >>AUTHORS + @sed -n 's/.*Last-Translator: *\(.*\) *<.*/\1/p' po/*.po | sort -u >>AUTHORS + +pic-check: + @echo "Checking for position dependent code" + readelf -d $(builddir)/lib/.libs/libgnutls.so|grep TEXTREL; if test $$? = 0;then \ + eu-findtextrel $(builddir)/lib/.libs/libgnutls.so; \ + false; \ + fi + +ABIDW_COMMON = --no-show-locs --no-corpus-path +ABIGNORE_FILE = "$(top_srcdir)/devel/libgnutls.abignore" +SYMBOLS_LAST_FILE = "$(top_srcdir)/devel/symbols.last" +LIBGNUTLS_ABI_LAST_FILE = "$(top_srcdir)/devel/libgnutls-latest-$$(uname -m).abi" +LIBDANE_ABI_LAST_FILE = "$(top_srcdir)/devel/libdane-latest-$$(uname -m).abi" + +abi-dump-versioned: lib/libgnutls.la libdane/libgnutls-dane.la + @echo "**************************************************************************" + @echo "Generating versioned ABI files of current gnutls and gnutls-dane libraries" + @echo "**************************************************************************" + @abidw lib/.libs/libgnutls.so $(ABIDW_COMMON) --suppressions $(ABIGNORE_FILE) --out-file "$(srcdir)/devel/libgnutls-$(VERSION)-$$(uname -m).abi" + @abidw libdane/.libs/libgnutls-dane.so $(ABIDW_COMMON) --out-file "$(srcdir)/devel/libdane-$(VERSION)-$$(uname -m).abi" + +abi-dump-latest: lib/libgnutls.la libdane/libgnutls-dane.la + @echo "****************************************************************" + @echo "Generating ABI files of current gnutls and gnutls-dane libraries" + @echo "****************************************************************" + @abidw lib/.libs/libgnutls.so $(ABIDW_COMMON) --suppressions $(ABIGNORE_FILE) --out-file $(LIBGNUTLS_ABI_LAST_FILE) + @abidw libdane/.libs/libgnutls-dane.so $(ABIDW_COMMON) --out-file $(LIBDANE_ABI_LAST_FILE) + @rm -f "./devel/libgnutls-latest-$$(uname -m).tmp" + @rm -f "./devel/libdane-latest-$$(uname -m).tmp" + +abi-check-latest: lib/libgnutls.la libdane/libgnutls-dane.la + @echo "Checking whether the latest ABI dump matches" + @abidiff --suppressions $(ABIGNORE_FILE) lib/.libs/libgnutls.so $(LIBGNUTLS_ABI_LAST_FILE) --hd2 "$(srcdir)/lib/includes/gnutls/"; if test $$? != 0;then \ + echo "*********************************************************"; \ + echo "libgnutls ABI has changed; use 'make-files-update' "; \ + echo "and use 'git diff' to check correctness before committing"; \ + echo "*********************************************************"; \ + false; \ + fi + @abidiff libdane/.libs/libgnutls-dane.so $(LIBDANE_ABI_LAST_FILE) --hd2 "$(srcdir)/libdane/includes/gnutls/"; if test $$? != 0;then \ + echo "*********************************************************"; \ + echo "libgnutls-dane ABI has changed; use 'make-files-update' "; \ + echo "and use 'git diff' to check correctness before committing"; \ + echo "*********************************************************"; \ + false; \ + fi + @echo "********************************" + @echo "Current release matches ABI dump" + @echo "********************************" + +ABICHECK_COMMON = --no-added-syms +abi-check: lib/libgnutls.la libdane/libgnutls-dane.la + @for file in $$(echo $(srcdir)/devel/libgnutls-*-$$(uname -m).abi);do \ + echo "Comparing libgnutls with $$file"; \ + abidiff $${file} lib/.libs/libgnutls.so $(ABICHECK_COMMON) --suppressions $(ABIGNORE_FILE) --hd2 "$(srcdir)/lib/includes/gnutls/"; \ + if test $$? != 0;then \ + echo "****************************************************************************"; \ + echo "ABI check failed; If intentional add suppression in devel/libgnutls.abignore"; \ + echo "****************************************************************************"; \ + false; \ + fi; \ + done + @for file in $$(echo $(srcdir)/devel/libdane-*-$$(uname -m).abi);do \ + echo "Comparing libgnutls-dane with $$file"; \ + abidiff $${file} libdane/.libs/libgnutls-dane.so $(ABICHECK_COMMON) --hd2 "$(srcdir)/libdane/includes/gnutls/"; \ + if test $$? != 0;then \ + echo "**********************************************"; \ + echo "ABI check failed; If intentional add a "; \ + echo "libabigail suppression file for libgnutls-dane"; \ + echo "**********************************************"; \ + false; \ + fi; \ + done + @echo "********************" + @echo "ABI checks completed" + @echo "********************" + +symbol-check: lib/libgnutls.la + @objdump -T $(builddir)/lib/.libs/libgnutls.so | grep -v ' \*UND\*' | awk '{print $$7 "@" $$6;}' | grep -v GNUTLS_FIPS140 | grep -v GNUTLS_PRIVATE | grep -v '^@' | sort -u >symbols.last.tmp + @diff -u $(SYMBOLS_LAST_FILE) symbols.last.tmp >/dev/null 2>&1; if test $$? != 0;then \ + diff -u $(SYMBOLS_LAST_FILE) symbols.last.tmp | grep -v '\-\-\-' >symbols.diff.tmp 2>&1; \ + if grep -e '^-' symbols.diff.tmp;then \ + echo "*******************************************"; \ + echo "Symbols were removed from the library. "; \ + echo "Check symbols.diff.tmp for more information"; \ + echo "*******************************************"; \ + false; \ + else \ + echo "*************************************************************"; \ + echo "Symbols were added in the library; use 'make-files-update' "; \ + echo "and use 'git diff' to check correctness before committing "; \ + echo "*************************************************************"; \ + false; \ + fi \ + else \ + test -f symbols.diff.tmp && cat symbols.diff.tmp; \ + echo "**************************"; \ + echo "No symbol changes detected"; \ + echo "**************************"; \ + fi + rm -f symbols.last.tmp symbols.diff.tmp + +include $(top_srcdir)/aminclude_static.am +clean-local: code-coverage-clean +distclean-local: code-coverage-dist-clean + +local-code-coverage-output: code-coverage-capture + cat GnuTLS-$(VERSION)-coverage/index.html|grep headerCovTableEntry|grep '%'|head -1|sed 's/^.*>\([0-9]\+\.[0-9]\+\s*%\)<.*$$/ coverage lines: \1/' || true + +libopts-check: + @echo "*****************************************************************" + @echo "Checking whether included libopts matches the system's. If the" + @echo "check fails upgrade the included libopts." + @echo "*****************************************************************" + test "`autoopts-config libsrc|awk -F '-' '{print $$NF}'|sed 's/.tar.gz//'`" = "`cat $(srcdir)/src/libopts/autoopts/options.h |grep OPTIONS_VERSION_STRING|cut -d '"' -f 2|sed 's/:/./g'`" + +files-update: libopts-check abi-dump-latest + $(MAKE) -C doc/ compare-makefile || mv doc/tmp-compare-makefile $(srcdir)/doc/Makefile.am + $(MAKE) -C doc/manpages compare-makefile || mv doc/manpages/tmp-compare-makefile $(srcdir)/doc/manpages/Makefile.am + $(MAKE) -C . symbol-check || mv symbols.last.tmp $(SYMBOLS_LAST_FILE) + @echo "******************************************************************************************" + @echo "updated auto-generated files; please use git diff to verify the correctness of the changes" + @echo "******************************************************************************************" + +dist-hook: libopts-check + $(PKG_CONFIG) --atleast-version=2.2.0 guile-2.2 + if test -d "$(top_srcdir)/devel";then \ + $(MAKE) -C $(top_srcdir) symbol-check && \ + $(MAKE) -C $(top_srcdir) abi-check-latest; \ + fi + $(MAKE) -C doc/ compare-makefile + $(MAKE) -C doc/ compare-exported + $(MAKE) -C doc/manpages compare-makefile + $(MAKE) ChangeLog + mv ChangeLog $(distdir) + touch $(distdir)/doc/*.html $(distdir)/doc/*.pdf $(distdir)/doc/*.info + +.PHONY: abi-check abi-dump-versioned abi-dump-latest pic-check symbol-check local-code-coverage-output files-update libopts-check AUTHORS diff --git a/Makefile.in b/Makefile.in new file mode 100644 index 0000000..6112bf6 --- /dev/null +++ b/Makefile.in @@ -0,0 +1,2248 @@ +# Makefile.in generated by automake 1.16.1 from Makefile.am. +# @configure_input@ + +# Copyright (C) 1994-2018 Free Software Foundation, Inc. + +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +@SET_MAKE@ + +# Copyright (C) 2000-2012 Free Software Foundation, Inc. +# +# Author: Nikos Mavrogiannopoulos +# +# This file is part of GnuTLS. +# +# This file is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 3 of the License, or +# (at your option) any later version. +# +# This file is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this file; if not, write to the Free Software Foundation, +# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +# aminclude_static.am generated automatically by Autoconf +# from AX_AM_MACROS_STATIC on Tue May 28 07:09:17 CEST 2019 +VPATH = @srcdir@ +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} +am__make_running_with_option = \ + case $${target_option-} in \ + ?) ;; \ + *) echo "am__make_running_with_option: internal error: invalid" \ + "target option '$${target_option-}' specified" >&2; \ + exit 1;; \ + esac; \ + has_opt=no; \ + sane_makeflags=$$MAKEFLAGS; \ + if $(am__is_gnu_make); then \ + sane_makeflags=$$MFLAGS; \ + else \ + case $$MAKEFLAGS in \ + *\\[\ \ ]*) \ + bs=\\; \ + sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ + | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ + esac; \ + fi; \ + skip_next=no; \ + strip_trailopt () \ + { \ + flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ + }; \ + for flg in $$sane_makeflags; do \ + test $$skip_next = yes && { skip_next=no; continue; }; \ + case $$flg in \ + *=*|--*) continue;; \ + -*I) strip_trailopt 'I'; skip_next=yes;; \ + -*I?*) strip_trailopt 'I';; \ + -*O) strip_trailopt 'O'; skip_next=yes;; \ + -*O?*) strip_trailopt 'O';; \ + -*l) strip_trailopt 'l'; skip_next=yes;; \ + -*l?*) strip_trailopt 'l';; \ + -[dEDm]) skip_next=yes;; \ + -[JT]) skip_next=yes;; \ + esac; \ + case $$flg in \ + *$$target_option*) has_opt=yes; break;; \ + esac; \ + done; \ + test $$has_opt = yes +am__make_dryrun = (target_option=n; $(am__make_running_with_option)) +am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) +pkgdatadir = $(datadir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ +am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd +install_sh_DATA = $(install_sh) -c -m 644 +install_sh_PROGRAM = $(install_sh) -c +install_sh_SCRIPT = $(install_sh) -c +INSTALL_HEADER = $(INSTALL_DATA) +transform = $(program_transform_name) +NORMAL_INSTALL = : +PRE_INSTALL = : +POST_INSTALL = : +NORMAL_UNINSTALL = : +PRE_UNINSTALL = : +POST_UNINSTALL = : +build_triplet = @build@ +host_triplet = @host@ +@ENABLE_DANE_TRUE@am__append_1 = libdane +@ENABLE_TOOLS_TRUE@am__append_2 = src/gl src +@ENABLE_TOOLS_FALSE@am__append_3 = src/gl +@ENABLE_TESTS_TRUE@am__append_4 = tests fuzz +@HAVE_GUILE_TRUE@am__append_5 = guile +@ENABLE_MANPAGES_TRUE@am__append_6 = doc/manpages +@ENABLE_DOC_TRUE@am__append_7 = doc +subdir = . +ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 +am__aclocal_m4_deps = $(top_srcdir)/lib/unistring/m4/gnulib-comp.m4 \ + $(top_srcdir)/lib/unistring/m4/inline.m4 \ + $(top_srcdir)/lib/unistring/m4/libunistring-base.m4 \ + $(top_srcdir)/src/gl/m4/__inline.m4 \ + $(top_srcdir)/src/gl/m4/bison.m4 \ + $(top_srcdir)/src/gl/m4/clock_time.m4 \ + $(top_srcdir)/src/gl/m4/fseek.m4 \ + $(top_srcdir)/src/gl/m4/getaddrinfo.m4 \ + $(top_srcdir)/src/gl/m4/getpass.m4 \ + $(top_srcdir)/src/gl/m4/gettime.m4 \ + $(top_srcdir)/src/gl/m4/gnulib-comp.m4 \ + $(top_srcdir)/src/gl/m4/hostent.m4 \ + $(top_srcdir)/src/gl/m4/mktime.m4 \ + $(top_srcdir)/src/gl/m4/nstrftime.m4 \ + $(top_srcdir)/src/gl/m4/parse-datetime.m4 \ + $(top_srcdir)/src/gl/m4/servent.m4 \ + $(top_srcdir)/src/gl/m4/time_rz.m4 \ + $(top_srcdir)/src/gl/m4/timegm.m4 \ + $(top_srcdir)/src/gl/m4/timespec.m4 \ + $(top_srcdir)/src/gl/m4/tm_gmtoff.m4 \ + $(top_srcdir)/src/gl/m4/tzset.m4 \ + $(top_srcdir)/src/libopts/m4/libopts.m4 \ + $(top_srcdir)/src/libopts/m4/stdnoreturn.m4 \ + $(top_srcdir)/m4/00gnulib.m4 \ + $(top_srcdir)/m4/absolute-header.m4 $(top_srcdir)/m4/alloca.m4 \ + $(top_srcdir)/m4/arpa_inet_h.m4 \ + $(top_srcdir)/m4/ax_ac_append_to_file.m4 \ + $(top_srcdir)/m4/ax_ac_print_to_file.m4 \ + $(top_srcdir)/m4/ax_add_am_macro_static.m4 \ + $(top_srcdir)/m4/ax_am_macros_static.m4 \ + $(top_srcdir)/m4/ax_check_gnu_make.m4 \ + $(top_srcdir)/m4/ax_code_coverage.m4 \ + $(top_srcdir)/m4/ax_file_escapes.m4 \ + $(top_srcdir)/m4/builtin-expect.m4 \ + $(top_srcdir)/m4/byteswap.m4 $(top_srcdir)/m4/close.m4 \ + $(top_srcdir)/m4/codeset.m4 $(top_srcdir)/m4/ctype.m4 \ + $(top_srcdir)/m4/dup2.m4 $(top_srcdir)/m4/eealloc.m4 \ + $(top_srcdir)/m4/environ.m4 $(top_srcdir)/m4/errno_h.m4 \ + $(top_srcdir)/m4/exponentd.m4 $(top_srcdir)/m4/extensions.m4 \ + $(top_srcdir)/m4/extern-inline.m4 $(top_srcdir)/m4/fcntl-o.m4 \ + $(top_srcdir)/m4/fcntl.m4 $(top_srcdir)/m4/fcntl_h.m4 \ + $(top_srcdir)/m4/fdopen.m4 $(top_srcdir)/m4/flexmember.m4 \ + $(top_srcdir)/m4/float_h.m4 $(top_srcdir)/m4/fpieee.m4 \ + $(top_srcdir)/m4/fseeko.m4 $(top_srcdir)/m4/fstat.m4 \ + $(top_srcdir)/m4/ftell.m4 $(top_srcdir)/m4/ftello.m4 \ + $(top_srcdir)/m4/ftruncate.m4 $(top_srcdir)/m4/func.m4 \ + $(top_srcdir)/m4/getcwd.m4 $(top_srcdir)/m4/getdelim.m4 \ + $(top_srcdir)/m4/getdtablesize.m4 $(top_srcdir)/m4/getline.m4 \ + $(top_srcdir)/m4/getpagesize.m4 $(top_srcdir)/m4/gettext.m4 \ + $(top_srcdir)/m4/gettimeofday.m4 \ + $(top_srcdir)/m4/gnulib-common.m4 \ + $(top_srcdir)/m4/gnulib-comp.m4 $(top_srcdir)/m4/gtk-doc.m4 \ + $(top_srcdir)/m4/guile.m4 $(top_srcdir)/m4/hooks.m4 \ + $(top_srcdir)/m4/host-cpu-c-abi.m4 $(top_srcdir)/m4/iconv.m4 \ + $(top_srcdir)/m4/include_next.m4 $(top_srcdir)/m4/inet_ntop.m4 \ + $(top_srcdir)/m4/inet_pton.m4 \ + $(top_srcdir)/m4/intl-thread-locale.m4 \ + $(top_srcdir)/m4/intlmacosx.m4 $(top_srcdir)/m4/intmax_t.m4 \ + $(top_srcdir)/m4/inttypes-pri.m4 $(top_srcdir)/m4/inttypes.m4 \ + $(top_srcdir)/m4/inttypes_h.m4 $(top_srcdir)/m4/ioctl.m4 \ + $(top_srcdir)/m4/isblank.m4 $(top_srcdir)/m4/langinfo_h.m4 \ + $(top_srcdir)/m4/largefile.m4 $(top_srcdir)/m4/lcmessage.m4 \ + $(top_srcdir)/m4/ld-output-def.m4 \ + $(top_srcdir)/m4/ld-version-script.m4 \ + $(top_srcdir)/m4/lib-ld.m4 $(top_srcdir)/m4/lib-link.m4 \ + $(top_srcdir)/m4/lib-prefix.m4 $(top_srcdir)/m4/libtool.m4 \ + $(top_srcdir)/m4/limits-h.m4 $(top_srcdir)/m4/locale-fr.m4 \ + $(top_srcdir)/m4/locale-ja.m4 $(top_srcdir)/m4/locale-tr.m4 \ + $(top_srcdir)/m4/locale-zh.m4 $(top_srcdir)/m4/locale_h.m4 \ + $(top_srcdir)/m4/localename.m4 \ + $(top_srcdir)/m4/localtime-buffer.m4 $(top_srcdir)/m4/lock.m4 \ + $(top_srcdir)/m4/longlong.m4 $(top_srcdir)/m4/lseek.m4 \ + $(top_srcdir)/m4/lstat.m4 $(top_srcdir)/m4/ltoptions.m4 \ + $(top_srcdir)/m4/ltsugar.m4 $(top_srcdir)/m4/ltversion.m4 \ + $(top_srcdir)/m4/lt~obsolete.m4 $(top_srcdir)/m4/malloc.m4 \ + $(top_srcdir)/m4/malloca.m4 $(top_srcdir)/m4/manywarnings.m4 \ + $(top_srcdir)/m4/memchr.m4 $(top_srcdir)/m4/memmem.m4 \ + $(top_srcdir)/m4/minmax.m4 $(top_srcdir)/m4/mmap-anon.m4 \ + $(top_srcdir)/m4/mode_t.m4 $(top_srcdir)/m4/msvc-inval.m4 \ + $(top_srcdir)/m4/msvc-nothrow.m4 $(top_srcdir)/m4/multiarch.m4 \ + $(top_srcdir)/m4/nanosleep.m4 $(top_srcdir)/m4/netdb_h.m4 \ + $(top_srcdir)/m4/netinet_in_h.m4 $(top_srcdir)/m4/nls.m4 \ + $(top_srcdir)/m4/off_t.m4 $(top_srcdir)/m4/open-cloexec.m4 \ + $(top_srcdir)/m4/open.m4 $(top_srcdir)/m4/pathmax.m4 \ + $(top_srcdir)/m4/perror.m4 $(top_srcdir)/m4/pipe.m4 \ + $(top_srcdir)/m4/pkg.m4 $(top_srcdir)/m4/po.m4 \ + $(top_srcdir)/m4/printf.m4 $(top_srcdir)/m4/progtest.m4 \ + $(top_srcdir)/m4/pthread_rwlock_rdlock.m4 \ + $(top_srcdir)/m4/putenv.m4 $(top_srcdir)/m4/raise.m4 \ + $(top_srcdir)/m4/read-file.m4 $(top_srcdir)/m4/realloc.m4 \ + $(top_srcdir)/m4/secure_getenv.m4 $(top_srcdir)/m4/select.m4 \ + $(top_srcdir)/m4/setenv.m4 $(top_srcdir)/m4/setlocale.m4 \ + $(top_srcdir)/m4/sigaction.m4 $(top_srcdir)/m4/signal_h.m4 \ + $(top_srcdir)/m4/signalblocking.m4 \ + $(top_srcdir)/m4/size_max.m4 $(top_srcdir)/m4/sleep.m4 \ + $(top_srcdir)/m4/snprintf.m4 $(top_srcdir)/m4/socketlib.m4 \ + $(top_srcdir)/m4/sockets.m4 $(top_srcdir)/m4/socklen.m4 \ + $(top_srcdir)/m4/sockpfaf.m4 $(top_srcdir)/m4/ssize_t.m4 \ + $(top_srcdir)/m4/stat-time.m4 $(top_srcdir)/m4/stat.m4 \ + $(top_srcdir)/m4/stdalign.m4 $(top_srcdir)/m4/stdbool.m4 \ + $(top_srcdir)/m4/stddef_h.m4 $(top_srcdir)/m4/stdint.m4 \ + $(top_srcdir)/m4/stdint_h.m4 $(top_srcdir)/m4/stdio_h.m4 \ + $(top_srcdir)/m4/stdlib_h.m4 $(top_srcdir)/m4/strcase.m4 \ + $(top_srcdir)/m4/strdup.m4 $(top_srcdir)/m4/strerror.m4 \ + $(top_srcdir)/m4/strerror_r.m4 $(top_srcdir)/m4/string_h.m4 \ + $(top_srcdir)/m4/strings_h.m4 $(top_srcdir)/m4/strndup.m4 \ + $(top_srcdir)/m4/strnlen.m4 $(top_srcdir)/m4/strtok_r.m4 \ + $(top_srcdir)/m4/strverscmp.m4 $(top_srcdir)/m4/symlink.m4 \ + $(top_srcdir)/m4/sys_ioctl_h.m4 \ + $(top_srcdir)/m4/sys_select_h.m4 \ + $(top_srcdir)/m4/sys_socket_h.m4 \ + $(top_srcdir)/m4/sys_stat_h.m4 $(top_srcdir)/m4/sys_time_h.m4 \ + $(top_srcdir)/m4/sys_types_h.m4 $(top_srcdir)/m4/sys_uio_h.m4 \ + $(top_srcdir)/m4/threadlib.m4 $(top_srcdir)/m4/time_h.m4 \ + $(top_srcdir)/m4/time_r.m4 $(top_srcdir)/m4/ungetc.m4 \ + $(top_srcdir)/m4/unistd_h.m4 \ + $(top_srcdir)/m4/valgrind-tests.m4 \ + $(top_srcdir)/m4/vasnprintf.m4 $(top_srcdir)/m4/vasprintf.m4 \ + $(top_srcdir)/m4/vsnprintf.m4 $(top_srcdir)/m4/warn-on-use.m4 \ + $(top_srcdir)/m4/warnings.m4 $(top_srcdir)/m4/wchar_h.m4 \ + $(top_srcdir)/m4/wchar_t.m4 $(top_srcdir)/m4/wint_t.m4 \ + $(top_srcdir)/m4/xsize.m4 $(top_srcdir)/configure.ac +am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ + $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(top_srcdir)/configure \ + $(am__configure_deps) $(am__DIST_COMMON) +am__CONFIG_DISTCLEAN_FILES = config.status config.cache config.log \ + configure.lineno config.status.lineno +mkinstalldirs = $(install_sh) -d +CONFIG_HEADER = config.h +CONFIG_CLEAN_FILES = doc/doxygen/Doxyfile lib/includes/gnutls/gnutls.h +CONFIG_CLEAN_VPATH_FILES = +AM_V_P = $(am__v_P_@AM_V@) +am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) +am__v_P_0 = false +am__v_P_1 = : +AM_V_GEN = $(am__v_GEN_@AM_V@) +am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) +am__v_GEN_0 = @echo " GEN " $@; +am__v_GEN_1 = +AM_V_at = $(am__v_at_@AM_V@) +am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) +am__v_at_0 = @ +am__v_at_1 = +SOURCES = +DIST_SOURCES = +RECURSIVE_TARGETS = all-recursive check-recursive cscopelist-recursive \ + ctags-recursive dvi-recursive html-recursive info-recursive \ + install-data-recursive install-dvi-recursive \ + install-exec-recursive install-html-recursive \ + install-info-recursive install-pdf-recursive \ + install-ps-recursive install-recursive installcheck-recursive \ + installdirs-recursive pdf-recursive ps-recursive \ + tags-recursive uninstall-recursive +am__can_run_installinfo = \ + case $$AM_UPDATE_INFO_DIR in \ + n|no|NO) false;; \ + *) (install-info --version) >/dev/null 2>&1;; \ + esac +RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive \ + distclean-recursive maintainer-clean-recursive +am__recursive_targets = \ + $(RECURSIVE_TARGETS) \ + $(RECURSIVE_CLEAN_TARGETS) \ + $(am__extra_recursive_targets) +AM_RECURSIVE_TARGETS = $(am__recursive_targets:-recursive=) TAGS CTAGS \ + cscope distdir distdir-am dist dist-all distcheck +am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) \ + $(LISP)config.h.in +# Read a list of newline-separated strings from the standard input, +# and print each of them once, without duplicates. Input order is +# *not* preserved. +am__uniquify_input = $(AWK) '\ + BEGIN { nonempty = 0; } \ + { items[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in items) print i; }; } \ +' +# Make sure the list of sources is unique. This is necessary because, +# e.g., the same source file might be shared among _SOURCES variables +# for different programs/libraries. +am__define_uniq_tagged_files = \ + list='$(am__tagged_files)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | $(am__uniquify_input)` +ETAGS = etags +CTAGS = ctags +CSCOPE = cscope +DIST_SUBDIRS = gl lib extra libdane po src/gl src tests fuzz guile \ + doc/manpages doc +am__DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/config.h.in \ + $(top_srcdir)/aminclude_static.am \ + $(top_srcdir)/build-aux/ar-lib $(top_srcdir)/build-aux/compile \ + $(top_srcdir)/build-aux/config.guess \ + $(top_srcdir)/build-aux/config.rpath \ + $(top_srcdir)/build-aux/config.sub \ + $(top_srcdir)/build-aux/install-sh \ + $(top_srcdir)/build-aux/ltmain.sh \ + $(top_srcdir)/build-aux/missing \ + $(top_srcdir)/doc/doxygen/Doxyfile.in \ + $(top_srcdir)/lib/includes/gnutls/gnutls.h.in ABOUT-NLS \ + AUTHORS ChangeLog INSTALL NEWS THANKS build-aux/ar-lib \ + build-aux/compile build-aux/config.guess \ + build-aux/config.rpath build-aux/config.sub build-aux/depcomp \ + build-aux/install-sh build-aux/ltmain.sh build-aux/mdate-sh \ + build-aux/missing build-aux/texinfo.tex build-aux/ylwrap +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) +distdir = $(PACKAGE)-$(VERSION) +top_distdir = $(distdir) +am__remove_distdir = \ + if test -d "$(distdir)"; then \ + find "$(distdir)" -type d ! -perm -200 -exec chmod u+w {} ';' \ + && rm -rf "$(distdir)" \ + || { sleep 5 && rm -rf "$(distdir)"; }; \ + else :; fi +am__post_remove_distdir = $(am__remove_distdir) +am__relativize = \ + dir0=`pwd`; \ + sed_first='s,^\([^/]*\)/.*$$,\1,'; \ + sed_rest='s,^[^/]*/*,,'; \ + sed_last='s,^.*/\([^/]*\)$$,\1,'; \ + sed_butlast='s,/*[^/]*$$,,'; \ + while test -n "$$dir1"; do \ + first=`echo "$$dir1" | sed -e "$$sed_first"`; \ + if test "$$first" != "."; then \ + if test "$$first" = ".."; then \ + dir2=`echo "$$dir0" | sed -e "$$sed_last"`/"$$dir2"; \ + dir0=`echo "$$dir0" | sed -e "$$sed_butlast"`; \ + else \ + first2=`echo "$$dir2" | sed -e "$$sed_first"`; \ + if test "$$first2" = "$$first"; then \ + dir2=`echo "$$dir2" | sed -e "$$sed_rest"`; \ + else \ + dir2="../$$dir2"; \ + fi; \ + dir0="$$dir0"/"$$first"; \ + fi; \ + fi; \ + dir1=`echo "$$dir1" | sed -e "$$sed_rest"`; \ + done; \ + reldir="$$dir2" +GZIP_ENV = --best +DIST_ARCHIVES = $(distdir).tar.xz +DIST_TARGETS = dist-xz +distuninstallcheck_listfiles = find . -type f -print +am__distuninstallcheck_listfiles = $(distuninstallcheck_listfiles) \ + | sed 's|^\./|$(prefix)/|' | grep -v '$(infodir)/dir$$' +distcleancheck_listfiles = find . -type f -print +ACLOCAL = @ACLOCAL@ +ALLOCA = @ALLOCA@ +ALLOCA_H = @ALLOCA_H@ +AMTAR = @AMTAR@ +AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ +APPLE_UNIVERSAL_BUILD = @APPLE_UNIVERSAL_BUILD@ +AR = @AR@ +ARFLAGS = @ARFLAGS@ +AUTOCONF = @AUTOCONF@ +AUTOGEN = @AUTOGEN@ +AUTOHEADER = @AUTOHEADER@ +AUTOMAKE = @AUTOMAKE@ +AWK = @AWK@ +BITSIZEOF_PTRDIFF_T = @BITSIZEOF_PTRDIFF_T@ +BITSIZEOF_SIG_ATOMIC_T = @BITSIZEOF_SIG_ATOMIC_T@ +BITSIZEOF_SIZE_T = @BITSIZEOF_SIZE_T@ +BITSIZEOF_WCHAR_T = @BITSIZEOF_WCHAR_T@ +BITSIZEOF_WINT_T = @BITSIZEOF_WINT_T@ +BYTESWAP_H = @BYTESWAP_H@ +CC = @CC@ +CCAS = @CCAS@ +CCASDEPMODE = @CCASDEPMODE@ +CCASFLAGS = @CCASFLAGS@ +CCDEPMODE = @CCDEPMODE@ +CFLAGS = @CFLAGS@ +CMOCKA_CFLAGS = @CMOCKA_CFLAGS@ +CMOCKA_LIBS = @CMOCKA_LIBS@ +CODE_COVERAGE_CFLAGS = @CODE_COVERAGE_CFLAGS@ +CODE_COVERAGE_CPPFLAGS = @CODE_COVERAGE_CPPFLAGS@ +CODE_COVERAGE_CXXFLAGS = @CODE_COVERAGE_CXXFLAGS@ +CODE_COVERAGE_ENABLED = @CODE_COVERAGE_ENABLED@ +CODE_COVERAGE_LIBS = @CODE_COVERAGE_LIBS@ +CONFIG_INCLUDE = @CONFIG_INCLUDE@ +CPP = @CPP@ +CPPFLAGS = @CPPFLAGS@ +CRYWRAP_PATCHLEVEL = @CRYWRAP_PATCHLEVEL@ +CXX = @CXX@ +CXXCPP = @CXXCPP@ +CXXDEPMODE = @CXXDEPMODE@ +CXXFLAGS = @CXXFLAGS@ +CXX_LT_AGE = @CXX_LT_AGE@ +CXX_LT_CURRENT = @CXX_LT_CURRENT@ +CXX_LT_REVISION = @CXX_LT_REVISION@ +CYGPATH_W = @CYGPATH_W@ +DEFS = @DEFS@ +DEPDIR = @DEPDIR@ +DLLTOOL = @DLLTOOL@ +DLL_SSL_VERSION = @DLL_SSL_VERSION@ +DLL_VERSION = @DLL_VERSION@ +DSYMUTIL = @DSYMUTIL@ +DUMPBIN = @DUMPBIN@ +ECHO_C = @ECHO_C@ +ECHO_N = @ECHO_N@ +ECHO_T = @ECHO_T@ +EGREP = @EGREP@ +EMULTIHOP_HIDDEN = @EMULTIHOP_HIDDEN@ +EMULTIHOP_VALUE = @EMULTIHOP_VALUE@ +ENABLE_PADLOCK = @ENABLE_PADLOCK@ +ENOLINK_HIDDEN = @ENOLINK_HIDDEN@ +ENOLINK_VALUE = @ENOLINK_VALUE@ +EOVERFLOW_HIDDEN = @EOVERFLOW_HIDDEN@ +EOVERFLOW_VALUE = @EOVERFLOW_VALUE@ +ERRNO_H = @ERRNO_H@ +EXEEXT = @EXEEXT@ +FGREP = @FGREP@ +FIPS140_LIBS = @FIPS140_LIBS@ +FLOAT_H = @FLOAT_H@ +GCOV = @GCOV@ +GENHTML = @GENHTML@ +GETADDRINFO_LIB = @GETADDRINFO_LIB@ +GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@ +GMP_CFLAGS = @GMP_CFLAGS@ +GMP_LIBS = @GMP_LIBS@ +GMSGFMT = @GMSGFMT@ +GMSGFMT_015 = @GMSGFMT_015@ +GNULIB_ACCEPT = @GNULIB_ACCEPT@ +GNULIB_ACCEPT4 = @GNULIB_ACCEPT4@ +GNULIB_ATOLL = @GNULIB_ATOLL@ +GNULIB_BIND = @GNULIB_BIND@ +GNULIB_BTOWC = @GNULIB_BTOWC@ +GNULIB_CALLOC_POSIX = @GNULIB_CALLOC_POSIX@ +GNULIB_CANONICALIZE_FILE_NAME = @GNULIB_CANONICALIZE_FILE_NAME@ +GNULIB_CHDIR = @GNULIB_CHDIR@ +GNULIB_CHOWN = @GNULIB_CHOWN@ +GNULIB_CLOSE = @GNULIB_CLOSE@ +GNULIB_CONNECT = @GNULIB_CONNECT@ +GNULIB_CTIME = @GNULIB_CTIME@ +GNULIB_DPRINTF = @GNULIB_DPRINTF@ +GNULIB_DUP = @GNULIB_DUP@ +GNULIB_DUP2 = @GNULIB_DUP2@ +GNULIB_DUP3 = @GNULIB_DUP3@ +GNULIB_DUPLOCALE = @GNULIB_DUPLOCALE@ +GNULIB_ENVIRON = @GNULIB_ENVIRON@ +GNULIB_EUIDACCESS = @GNULIB_EUIDACCESS@ +GNULIB_EXPLICIT_BZERO = @GNULIB_EXPLICIT_BZERO@ +GNULIB_FACCESSAT = @GNULIB_FACCESSAT@ +GNULIB_FCHDIR = @GNULIB_FCHDIR@ +GNULIB_FCHMODAT = @GNULIB_FCHMODAT@ +GNULIB_FCHOWNAT = @GNULIB_FCHOWNAT@ +GNULIB_FCLOSE = @GNULIB_FCLOSE@ +GNULIB_FCNTL = @GNULIB_FCNTL@ +GNULIB_FDATASYNC = @GNULIB_FDATASYNC@ +GNULIB_FDOPEN = @GNULIB_FDOPEN@ +GNULIB_FFLUSH = @GNULIB_FFLUSH@ +GNULIB_FFS = @GNULIB_FFS@ +GNULIB_FFSL = @GNULIB_FFSL@ +GNULIB_FFSLL = @GNULIB_FFSLL@ +GNULIB_FGETC = @GNULIB_FGETC@ +GNULIB_FGETS = @GNULIB_FGETS@ +GNULIB_FOPEN = @GNULIB_FOPEN@ +GNULIB_FPRINTF = @GNULIB_FPRINTF@ +GNULIB_FPRINTF_POSIX = @GNULIB_FPRINTF_POSIX@ +GNULIB_FPURGE = @GNULIB_FPURGE@ +GNULIB_FPUTC = @GNULIB_FPUTC@ +GNULIB_FPUTS = @GNULIB_FPUTS@ +GNULIB_FREAD = @GNULIB_FREAD@ +GNULIB_FREOPEN = @GNULIB_FREOPEN@ +GNULIB_FSCANF = @GNULIB_FSCANF@ +GNULIB_FSEEK = @GNULIB_FSEEK@ +GNULIB_FSEEKO = @GNULIB_FSEEKO@ +GNULIB_FSTAT = @GNULIB_FSTAT@ +GNULIB_FSTATAT = @GNULIB_FSTATAT@ +GNULIB_FSYNC = @GNULIB_FSYNC@ +GNULIB_FTELL = @GNULIB_FTELL@ +GNULIB_FTELLO = @GNULIB_FTELLO@ +GNULIB_FTRUNCATE = @GNULIB_FTRUNCATE@ +GNULIB_FUTIMENS = @GNULIB_FUTIMENS@ +GNULIB_FWRITE = @GNULIB_FWRITE@ +GNULIB_GETADDRINFO = @GNULIB_GETADDRINFO@ +GNULIB_GETC = @GNULIB_GETC@ +GNULIB_GETCHAR = @GNULIB_GETCHAR@ +GNULIB_GETCWD = @GNULIB_GETCWD@ +GNULIB_GETDELIM = @GNULIB_GETDELIM@ +GNULIB_GETDOMAINNAME = @GNULIB_GETDOMAINNAME@ +GNULIB_GETDTABLESIZE = @GNULIB_GETDTABLESIZE@ +GNULIB_GETGROUPS = @GNULIB_GETGROUPS@ +GNULIB_GETHOSTNAME = @GNULIB_GETHOSTNAME@ +GNULIB_GETLINE = @GNULIB_GETLINE@ +GNULIB_GETLOADAVG = @GNULIB_GETLOADAVG@ +GNULIB_GETLOGIN = @GNULIB_GETLOGIN@ +GNULIB_GETLOGIN_R = @GNULIB_GETLOGIN_R@ +GNULIB_GETPAGESIZE = @GNULIB_GETPAGESIZE@ +GNULIB_GETPASS = @GNULIB_GETPASS@ +GNULIB_GETPEERNAME = @GNULIB_GETPEERNAME@ +GNULIB_GETSOCKNAME = @GNULIB_GETSOCKNAME@ +GNULIB_GETSOCKOPT = @GNULIB_GETSOCKOPT@ +GNULIB_GETSUBOPT = @GNULIB_GETSUBOPT@ +GNULIB_GETTIMEOFDAY = @GNULIB_GETTIMEOFDAY@ +GNULIB_GETUSERSHELL = @GNULIB_GETUSERSHELL@ +GNULIB_GRANTPT = @GNULIB_GRANTPT@ +GNULIB_GROUP_MEMBER = @GNULIB_GROUP_MEMBER@ +GNULIB_IMAXABS = @GNULIB_IMAXABS@ +GNULIB_IMAXDIV = @GNULIB_IMAXDIV@ +GNULIB_INET_NTOP = @GNULIB_INET_NTOP@ +GNULIB_INET_PTON = @GNULIB_INET_PTON@ +GNULIB_IOCTL = @GNULIB_IOCTL@ +GNULIB_ISATTY = @GNULIB_ISATTY@ +GNULIB_ISBLANK = @GNULIB_ISBLANK@ +GNULIB_LCHMOD = @GNULIB_LCHMOD@ +GNULIB_LCHOWN = @GNULIB_LCHOWN@ +GNULIB_LINK = @GNULIB_LINK@ +GNULIB_LINKAT = @GNULIB_LINKAT@ +GNULIB_LISTEN = @GNULIB_LISTEN@ +GNULIB_LOCALECONV = @GNULIB_LOCALECONV@ +GNULIB_LOCALENAME = @GNULIB_LOCALENAME@ +GNULIB_LOCALTIME = @GNULIB_LOCALTIME@ +GNULIB_LSEEK = @GNULIB_LSEEK@ +GNULIB_LSTAT = @GNULIB_LSTAT@ +GNULIB_MALLOC_POSIX = @GNULIB_MALLOC_POSIX@ +GNULIB_MBRLEN = @GNULIB_MBRLEN@ +GNULIB_MBRTOWC = @GNULIB_MBRTOWC@ +GNULIB_MBSCASECMP = @GNULIB_MBSCASECMP@ +GNULIB_MBSCASESTR = @GNULIB_MBSCASESTR@ +GNULIB_MBSCHR = @GNULIB_MBSCHR@ +GNULIB_MBSCSPN = @GNULIB_MBSCSPN@ +GNULIB_MBSINIT = @GNULIB_MBSINIT@ +GNULIB_MBSLEN = @GNULIB_MBSLEN@ +GNULIB_MBSNCASECMP = @GNULIB_MBSNCASECMP@ +GNULIB_MBSNLEN = @GNULIB_MBSNLEN@ +GNULIB_MBSNRTOWCS = @GNULIB_MBSNRTOWCS@ +GNULIB_MBSPBRK = @GNULIB_MBSPBRK@ +GNULIB_MBSPCASECMP = @GNULIB_MBSPCASECMP@ +GNULIB_MBSRCHR = @GNULIB_MBSRCHR@ +GNULIB_MBSRTOWCS = @GNULIB_MBSRTOWCS@ +GNULIB_MBSSEP = @GNULIB_MBSSEP@ +GNULIB_MBSSPN = @GNULIB_MBSSPN@ +GNULIB_MBSSTR = @GNULIB_MBSSTR@ +GNULIB_MBSTOK_R = @GNULIB_MBSTOK_R@ +GNULIB_MBTOWC = @GNULIB_MBTOWC@ +GNULIB_MEMCHR = @GNULIB_MEMCHR@ +GNULIB_MEMMEM = @GNULIB_MEMMEM@ +GNULIB_MEMPCPY = @GNULIB_MEMPCPY@ +GNULIB_MEMRCHR = @GNULIB_MEMRCHR@ +GNULIB_MKDIRAT = @GNULIB_MKDIRAT@ +GNULIB_MKDTEMP = @GNULIB_MKDTEMP@ +GNULIB_MKFIFO = @GNULIB_MKFIFO@ +GNULIB_MKFIFOAT = @GNULIB_MKFIFOAT@ +GNULIB_MKNOD = @GNULIB_MKNOD@ +GNULIB_MKNODAT = @GNULIB_MKNODAT@ +GNULIB_MKOSTEMP = @GNULIB_MKOSTEMP@ +GNULIB_MKOSTEMPS = @GNULIB_MKOSTEMPS@ +GNULIB_MKSTEMP = @GNULIB_MKSTEMP@ +GNULIB_MKSTEMPS = @GNULIB_MKSTEMPS@ +GNULIB_MKTIME = @GNULIB_MKTIME@ +GNULIB_NANOSLEEP = @GNULIB_NANOSLEEP@ +GNULIB_NL_LANGINFO = @GNULIB_NL_LANGINFO@ +GNULIB_NONBLOCKING = @GNULIB_NONBLOCKING@ +GNULIB_OBSTACK_PRINTF = @GNULIB_OBSTACK_PRINTF@ +GNULIB_OBSTACK_PRINTF_POSIX = @GNULIB_OBSTACK_PRINTF_POSIX@ +GNULIB_OPEN = @GNULIB_OPEN@ +GNULIB_OPENAT = @GNULIB_OPENAT@ +GNULIB_OVERRIDES_STRUCT_STAT = @GNULIB_OVERRIDES_STRUCT_STAT@ +GNULIB_OVERRIDES_WINT_T = @GNULIB_OVERRIDES_WINT_T@ +GNULIB_PCLOSE = @GNULIB_PCLOSE@ +GNULIB_PERROR = @GNULIB_PERROR@ +GNULIB_PIPE = @GNULIB_PIPE@ +GNULIB_PIPE2 = @GNULIB_PIPE2@ +GNULIB_POPEN = @GNULIB_POPEN@ +GNULIB_POSIX_OPENPT = @GNULIB_POSIX_OPENPT@ +GNULIB_PREAD = @GNULIB_PREAD@ +GNULIB_PRINTF = @GNULIB_PRINTF@ +GNULIB_PRINTF_POSIX = @GNULIB_PRINTF_POSIX@ +GNULIB_PSELECT = @GNULIB_PSELECT@ +GNULIB_PTHREAD_SIGMASK = @GNULIB_PTHREAD_SIGMASK@ +GNULIB_PTSNAME = @GNULIB_PTSNAME@ +GNULIB_PTSNAME_R = @GNULIB_PTSNAME_R@ +GNULIB_PUTC = @GNULIB_PUTC@ +GNULIB_PUTCHAR = @GNULIB_PUTCHAR@ +GNULIB_PUTENV = @GNULIB_PUTENV@ +GNULIB_PUTS = @GNULIB_PUTS@ +GNULIB_PWRITE = @GNULIB_PWRITE@ +GNULIB_QSORT_R = @GNULIB_QSORT_R@ +GNULIB_RAISE = @GNULIB_RAISE@ +GNULIB_RANDOM = @GNULIB_RANDOM@ +GNULIB_RANDOM_R = @GNULIB_RANDOM_R@ +GNULIB_RAWMEMCHR = @GNULIB_RAWMEMCHR@ +GNULIB_READ = @GNULIB_READ@ +GNULIB_READLINK = @GNULIB_READLINK@ +GNULIB_READLINKAT = @GNULIB_READLINKAT@ +GNULIB_REALLOCARRAY = @GNULIB_REALLOCARRAY@ +GNULIB_REALLOC_POSIX = @GNULIB_REALLOC_POSIX@ +GNULIB_REALPATH = @GNULIB_REALPATH@ +GNULIB_RECV = @GNULIB_RECV@ +GNULIB_RECVFROM = @GNULIB_RECVFROM@ +GNULIB_REMOVE = @GNULIB_REMOVE@ +GNULIB_RENAME = @GNULIB_RENAME@ +GNULIB_RENAMEAT = @GNULIB_RENAMEAT@ +GNULIB_RMDIR = @GNULIB_RMDIR@ +GNULIB_RPMATCH = @GNULIB_RPMATCH@ +GNULIB_SCANF = @GNULIB_SCANF@ +GNULIB_SECURE_GETENV = @GNULIB_SECURE_GETENV@ +GNULIB_SELECT = @GNULIB_SELECT@ +GNULIB_SEND = @GNULIB_SEND@ +GNULIB_SENDTO = @GNULIB_SENDTO@ +GNULIB_SETENV = @GNULIB_SETENV@ +GNULIB_SETHOSTNAME = @GNULIB_SETHOSTNAME@ +GNULIB_SETLOCALE = @GNULIB_SETLOCALE@ +GNULIB_SETSOCKOPT = @GNULIB_SETSOCKOPT@ +GNULIB_SHUTDOWN = @GNULIB_SHUTDOWN@ +GNULIB_SIGACTION = @GNULIB_SIGACTION@ +GNULIB_SIGNAL_H_SIGPIPE = @GNULIB_SIGNAL_H_SIGPIPE@ +GNULIB_SIGPROCMASK = @GNULIB_SIGPROCMASK@ +GNULIB_SLEEP = @GNULIB_SLEEP@ +GNULIB_SNPRINTF = @GNULIB_SNPRINTF@ +GNULIB_SOCKET = @GNULIB_SOCKET@ +GNULIB_SPRINTF_POSIX = @GNULIB_SPRINTF_POSIX@ +GNULIB_STAT = @GNULIB_STAT@ +GNULIB_STDIO_H_NONBLOCKING = @GNULIB_STDIO_H_NONBLOCKING@ +GNULIB_STDIO_H_SIGPIPE = @GNULIB_STDIO_H_SIGPIPE@ +GNULIB_STPCPY = @GNULIB_STPCPY@ +GNULIB_STPNCPY = @GNULIB_STPNCPY@ +GNULIB_STRCASESTR = @GNULIB_STRCASESTR@ +GNULIB_STRCHRNUL = @GNULIB_STRCHRNUL@ +GNULIB_STRDUP = @GNULIB_STRDUP@ +GNULIB_STRERROR = @GNULIB_STRERROR@ +GNULIB_STRERROR_R = @GNULIB_STRERROR_R@ +GNULIB_STRFTIME = @GNULIB_STRFTIME@ +GNULIB_STRNCAT = @GNULIB_STRNCAT@ +GNULIB_STRNDUP = @GNULIB_STRNDUP@ +GNULIB_STRNLEN = @GNULIB_STRNLEN@ +GNULIB_STRPBRK = @GNULIB_STRPBRK@ +GNULIB_STRPTIME = @GNULIB_STRPTIME@ +GNULIB_STRSEP = @GNULIB_STRSEP@ +GNULIB_STRSIGNAL = @GNULIB_STRSIGNAL@ +GNULIB_STRSTR = @GNULIB_STRSTR@ +GNULIB_STRTOD = @GNULIB_STRTOD@ +GNULIB_STRTOIMAX = @GNULIB_STRTOIMAX@ +GNULIB_STRTOK_R = @GNULIB_STRTOK_R@ +GNULIB_STRTOLD = @GNULIB_STRTOLD@ +GNULIB_STRTOLL = @GNULIB_STRTOLL@ +GNULIB_STRTOULL = @GNULIB_STRTOULL@ +GNULIB_STRTOUMAX = @GNULIB_STRTOUMAX@ +GNULIB_STRVERSCMP = @GNULIB_STRVERSCMP@ +GNULIB_SYMLINK = @GNULIB_SYMLINK@ +GNULIB_SYMLINKAT = @GNULIB_SYMLINKAT@ +GNULIB_SYSTEM_POSIX = @GNULIB_SYSTEM_POSIX@ +GNULIB_TIMEGM = @GNULIB_TIMEGM@ +GNULIB_TIME_R = @GNULIB_TIME_R@ +GNULIB_TIME_RZ = @GNULIB_TIME_RZ@ +GNULIB_TMPFILE = @GNULIB_TMPFILE@ +GNULIB_TRUNCATE = @GNULIB_TRUNCATE@ +GNULIB_TTYNAME_R = @GNULIB_TTYNAME_R@ +GNULIB_TZSET = @GNULIB_TZSET@ +GNULIB_UNISTD_H_NONBLOCKING = @GNULIB_UNISTD_H_NONBLOCKING@ +GNULIB_UNISTD_H_SIGPIPE = @GNULIB_UNISTD_H_SIGPIPE@ +GNULIB_UNLINK = @GNULIB_UNLINK@ +GNULIB_UNLINKAT = @GNULIB_UNLINKAT@ +GNULIB_UNLOCKPT = @GNULIB_UNLOCKPT@ +GNULIB_UNSETENV = @GNULIB_UNSETENV@ +GNULIB_USLEEP = @GNULIB_USLEEP@ +GNULIB_UTIMENSAT = @GNULIB_UTIMENSAT@ +GNULIB_VASPRINTF = @GNULIB_VASPRINTF@ +GNULIB_VDPRINTF = @GNULIB_VDPRINTF@ +GNULIB_VFPRINTF = @GNULIB_VFPRINTF@ +GNULIB_VFPRINTF_POSIX = @GNULIB_VFPRINTF_POSIX@ +GNULIB_VFSCANF = @GNULIB_VFSCANF@ +GNULIB_VPRINTF = @GNULIB_VPRINTF@ +GNULIB_VPRINTF_POSIX = @GNULIB_VPRINTF_POSIX@ +GNULIB_VSCANF = @GNULIB_VSCANF@ +GNULIB_VSNPRINTF = @GNULIB_VSNPRINTF@ +GNULIB_VSPRINTF_POSIX = @GNULIB_VSPRINTF_POSIX@ +GNULIB_WCPCPY = @GNULIB_WCPCPY@ +GNULIB_WCPNCPY = @GNULIB_WCPNCPY@ +GNULIB_WCRTOMB = @GNULIB_WCRTOMB@ +GNULIB_WCSCASECMP = @GNULIB_WCSCASECMP@ +GNULIB_WCSCAT = @GNULIB_WCSCAT@ +GNULIB_WCSCHR = @GNULIB_WCSCHR@ +GNULIB_WCSCMP = @GNULIB_WCSCMP@ +GNULIB_WCSCOLL = @GNULIB_WCSCOLL@ +GNULIB_WCSCPY = @GNULIB_WCSCPY@ +GNULIB_WCSCSPN = @GNULIB_WCSCSPN@ +GNULIB_WCSDUP = @GNULIB_WCSDUP@ +GNULIB_WCSFTIME = @GNULIB_WCSFTIME@ +GNULIB_WCSLEN = @GNULIB_WCSLEN@ +GNULIB_WCSNCASECMP = @GNULIB_WCSNCASECMP@ +GNULIB_WCSNCAT = @GNULIB_WCSNCAT@ +GNULIB_WCSNCMP = @GNULIB_WCSNCMP@ +GNULIB_WCSNCPY = @GNULIB_WCSNCPY@ +GNULIB_WCSNLEN = @GNULIB_WCSNLEN@ +GNULIB_WCSNRTOMBS = @GNULIB_WCSNRTOMBS@ +GNULIB_WCSPBRK = @GNULIB_WCSPBRK@ +GNULIB_WCSRCHR = @GNULIB_WCSRCHR@ +GNULIB_WCSRTOMBS = @GNULIB_WCSRTOMBS@ +GNULIB_WCSSPN = @GNULIB_WCSSPN@ +GNULIB_WCSSTR = @GNULIB_WCSSTR@ +GNULIB_WCSTOK = @GNULIB_WCSTOK@ +GNULIB_WCSWIDTH = @GNULIB_WCSWIDTH@ +GNULIB_WCSXFRM = @GNULIB_WCSXFRM@ +GNULIB_WCTOB = @GNULIB_WCTOB@ +GNULIB_WCTOMB = @GNULIB_WCTOMB@ +GNULIB_WCWIDTH = @GNULIB_WCWIDTH@ +GNULIB_WMEMCHR = @GNULIB_WMEMCHR@ +GNULIB_WMEMCMP = @GNULIB_WMEMCMP@ +GNULIB_WMEMCPY = @GNULIB_WMEMCPY@ +GNULIB_WMEMMOVE = @GNULIB_WMEMMOVE@ +GNULIB_WMEMSET = @GNULIB_WMEMSET@ +GNULIB_WRITE = @GNULIB_WRITE@ +GNULIB__EXIT = @GNULIB__EXIT@ +GNUTLS_REQUIRES_PRIVATE = @GNUTLS_REQUIRES_PRIVATE@ +GREP = @GREP@ +GTKDOC_CHECK = @GTKDOC_CHECK@ +GTKDOC_CHECK_PATH = @GTKDOC_CHECK_PATH@ +GTKDOC_DEPS_CFLAGS = @GTKDOC_DEPS_CFLAGS@ +GTKDOC_DEPS_LIBS = @GTKDOC_DEPS_LIBS@ +GTKDOC_MKPDF = @GTKDOC_MKPDF@ +GTKDOC_REBASE = @GTKDOC_REBASE@ +GUILD = @GUILD@ +GUILE = @GUILE@ +GUILE_CFLAGS = @GUILE_CFLAGS@ +GUILE_CONFIG = @GUILE_CONFIG@ +GUILE_EFFECTIVE_VERSION = @GUILE_EFFECTIVE_VERSION@ +GUILE_EXTENSION = @GUILE_EXTENSION@ +GUILE_LDFLAGS = @GUILE_LDFLAGS@ +GUILE_LIBS = @GUILE_LIBS@ +GUILE_LTLIBS = @GUILE_LTLIBS@ +GUILE_SITE = @GUILE_SITE@ +GUILE_SITE_CCACHE = @GUILE_SITE_CCACHE@ +GUILE_TOOLS = @GUILE_TOOLS@ +HAVE_ACCEPT4 = @HAVE_ACCEPT4@ +HAVE_ALLOCA_H = @HAVE_ALLOCA_H@ +HAVE_ARPA_INET_H = @HAVE_ARPA_INET_H@ +HAVE_ATOLL = @HAVE_ATOLL@ +HAVE_BTOWC = @HAVE_BTOWC@ +HAVE_C99_STDINT_H = @HAVE_C99_STDINT_H@ +HAVE_CANONICALIZE_FILE_NAME = @HAVE_CANONICALIZE_FILE_NAME@ +HAVE_CHOWN = @HAVE_CHOWN@ +HAVE_CRTDEFS_H = @HAVE_CRTDEFS_H@ +HAVE_DECL_ENVIRON = @HAVE_DECL_ENVIRON@ +HAVE_DECL_FCHDIR = @HAVE_DECL_FCHDIR@ +HAVE_DECL_FDATASYNC = @HAVE_DECL_FDATASYNC@ +HAVE_DECL_FPURGE = @HAVE_DECL_FPURGE@ +HAVE_DECL_FREEADDRINFO = @HAVE_DECL_FREEADDRINFO@ +HAVE_DECL_FSEEKO = @HAVE_DECL_FSEEKO@ +HAVE_DECL_FTELLO = @HAVE_DECL_FTELLO@ +HAVE_DECL_GAI_STRERROR = @HAVE_DECL_GAI_STRERROR@ +HAVE_DECL_GETADDRINFO = @HAVE_DECL_GETADDRINFO@ +HAVE_DECL_GETDELIM = @HAVE_DECL_GETDELIM@ +HAVE_DECL_GETDOMAINNAME = @HAVE_DECL_GETDOMAINNAME@ +HAVE_DECL_GETLINE = @HAVE_DECL_GETLINE@ +HAVE_DECL_GETLOADAVG = @HAVE_DECL_GETLOADAVG@ +HAVE_DECL_GETLOGIN = @HAVE_DECL_GETLOGIN@ +HAVE_DECL_GETLOGIN_R = @HAVE_DECL_GETLOGIN_R@ +HAVE_DECL_GETNAMEINFO = @HAVE_DECL_GETNAMEINFO@ +HAVE_DECL_GETPAGESIZE = @HAVE_DECL_GETPAGESIZE@ +HAVE_DECL_GETUSERSHELL = @HAVE_DECL_GETUSERSHELL@ +HAVE_DECL_IMAXABS = @HAVE_DECL_IMAXABS@ +HAVE_DECL_IMAXDIV = @HAVE_DECL_IMAXDIV@ +HAVE_DECL_INET_NTOP = @HAVE_DECL_INET_NTOP@ +HAVE_DECL_INET_PTON = @HAVE_DECL_INET_PTON@ +HAVE_DECL_INITSTATE = @HAVE_DECL_INITSTATE@ +HAVE_DECL_LOCALTIME_R = @HAVE_DECL_LOCALTIME_R@ +HAVE_DECL_MEMMEM = @HAVE_DECL_MEMMEM@ +HAVE_DECL_MEMRCHR = @HAVE_DECL_MEMRCHR@ +HAVE_DECL_OBSTACK_PRINTF = @HAVE_DECL_OBSTACK_PRINTF@ +HAVE_DECL_SETENV = @HAVE_DECL_SETENV@ +HAVE_DECL_SETHOSTNAME = @HAVE_DECL_SETHOSTNAME@ +HAVE_DECL_SETSTATE = @HAVE_DECL_SETSTATE@ +HAVE_DECL_SNPRINTF = @HAVE_DECL_SNPRINTF@ +HAVE_DECL_STRDUP = @HAVE_DECL_STRDUP@ +HAVE_DECL_STRERROR_R = @HAVE_DECL_STRERROR_R@ +HAVE_DECL_STRNCASECMP = @HAVE_DECL_STRNCASECMP@ +HAVE_DECL_STRNDUP = @HAVE_DECL_STRNDUP@ +HAVE_DECL_STRNLEN = @HAVE_DECL_STRNLEN@ +HAVE_DECL_STRSIGNAL = @HAVE_DECL_STRSIGNAL@ +HAVE_DECL_STRTOIMAX = @HAVE_DECL_STRTOIMAX@ +HAVE_DECL_STRTOK_R = @HAVE_DECL_STRTOK_R@ +HAVE_DECL_STRTOUMAX = @HAVE_DECL_STRTOUMAX@ +HAVE_DECL_TRUNCATE = @HAVE_DECL_TRUNCATE@ +HAVE_DECL_TTYNAME_R = @HAVE_DECL_TTYNAME_R@ +HAVE_DECL_UNSETENV = @HAVE_DECL_UNSETENV@ +HAVE_DECL_VSNPRINTF = @HAVE_DECL_VSNPRINTF@ +HAVE_DECL_WCTOB = @HAVE_DECL_WCTOB@ +HAVE_DECL_WCWIDTH = @HAVE_DECL_WCWIDTH@ +HAVE_DPRINTF = @HAVE_DPRINTF@ +HAVE_DUP2 = @HAVE_DUP2@ +HAVE_DUP3 = @HAVE_DUP3@ +HAVE_DUPLOCALE = @HAVE_DUPLOCALE@ +HAVE_EUIDACCESS = @HAVE_EUIDACCESS@ +HAVE_EXPLICIT_BZERO = @HAVE_EXPLICIT_BZERO@ +HAVE_FACCESSAT = @HAVE_FACCESSAT@ +HAVE_FCHDIR = @HAVE_FCHDIR@ +HAVE_FCHMODAT = @HAVE_FCHMODAT@ +HAVE_FCHOWNAT = @HAVE_FCHOWNAT@ +HAVE_FCNTL = @HAVE_FCNTL@ +HAVE_FDATASYNC = @HAVE_FDATASYNC@ +HAVE_FEATURES_H = @HAVE_FEATURES_H@ +HAVE_FFS = @HAVE_FFS@ +HAVE_FFSL = @HAVE_FFSL@ +HAVE_FFSLL = @HAVE_FFSLL@ +HAVE_FREELOCALE = @HAVE_FREELOCALE@ +HAVE_FSEEKO = @HAVE_FSEEKO@ +HAVE_FSTATAT = @HAVE_FSTATAT@ +HAVE_FSYNC = @HAVE_FSYNC@ +HAVE_FTELLO = @HAVE_FTELLO@ +HAVE_FTRUNCATE = @HAVE_FTRUNCATE@ +HAVE_FUTIMENS = @HAVE_FUTIMENS@ +HAVE_GETDTABLESIZE = @HAVE_GETDTABLESIZE@ +HAVE_GETGROUPS = @HAVE_GETGROUPS@ +HAVE_GETHOSTNAME = @HAVE_GETHOSTNAME@ +HAVE_GETLOGIN = @HAVE_GETLOGIN@ +HAVE_GETPAGESIZE = @HAVE_GETPAGESIZE@ +HAVE_GETPASS = @HAVE_GETPASS@ +HAVE_GETSUBOPT = @HAVE_GETSUBOPT@ +HAVE_GETTIMEOFDAY = @HAVE_GETTIMEOFDAY@ +HAVE_GRANTPT = @HAVE_GRANTPT@ +HAVE_GROUP_MEMBER = @HAVE_GROUP_MEMBER@ +HAVE_IMAXDIV_T = @HAVE_IMAXDIV_T@ +HAVE_INITSTATE = @HAVE_INITSTATE@ +HAVE_INTTYPES_H = @HAVE_INTTYPES_H@ +HAVE_ISBLANK = @HAVE_ISBLANK@ +HAVE_LANGINFO_ALTMON = @HAVE_LANGINFO_ALTMON@ +HAVE_LANGINFO_CODESET = @HAVE_LANGINFO_CODESET@ +HAVE_LANGINFO_ERA = @HAVE_LANGINFO_ERA@ +HAVE_LANGINFO_H = @HAVE_LANGINFO_H@ +HAVE_LANGINFO_T_FMT_AMPM = @HAVE_LANGINFO_T_FMT_AMPM@ +HAVE_LANGINFO_YESEXPR = @HAVE_LANGINFO_YESEXPR@ +HAVE_LCHMOD = @HAVE_LCHMOD@ +HAVE_LCHOWN = @HAVE_LCHOWN@ +HAVE_LIBCRYPTO = @HAVE_LIBCRYPTO@ +HAVE_LIBDL = @HAVE_LIBDL@ +HAVE_LIBPTHREAD = @HAVE_LIBPTHREAD@ +HAVE_LIBRT = @HAVE_LIBRT@ +HAVE_LIBSECCOMP = @HAVE_LIBSECCOMP@ +HAVE_LINK = @HAVE_LINK@ +HAVE_LINKAT = @HAVE_LINKAT@ +HAVE_LONG_LONG_INT = @HAVE_LONG_LONG_INT@ +HAVE_LSTAT = @HAVE_LSTAT@ +HAVE_MAX_ALIGN_T = @HAVE_MAX_ALIGN_T@ +HAVE_MBRLEN = @HAVE_MBRLEN@ +HAVE_MBRTOWC = @HAVE_MBRTOWC@ +HAVE_MBSINIT = @HAVE_MBSINIT@ +HAVE_MBSLEN = @HAVE_MBSLEN@ +HAVE_MBSNRTOWCS = @HAVE_MBSNRTOWCS@ +HAVE_MBSRTOWCS = @HAVE_MBSRTOWCS@ +HAVE_MBTOWC = @HAVE_MBTOWC@ +HAVE_MEMCHR = @HAVE_MEMCHR@ +HAVE_MEMPCPY = @HAVE_MEMPCPY@ +HAVE_MKDIRAT = @HAVE_MKDIRAT@ +HAVE_MKDTEMP = @HAVE_MKDTEMP@ +HAVE_MKFIFO = @HAVE_MKFIFO@ +HAVE_MKFIFOAT = @HAVE_MKFIFOAT@ +HAVE_MKNOD = @HAVE_MKNOD@ +HAVE_MKNODAT = @HAVE_MKNODAT@ +HAVE_MKOSTEMP = @HAVE_MKOSTEMP@ +HAVE_MKOSTEMPS = @HAVE_MKOSTEMPS@ +HAVE_MKSTEMP = @HAVE_MKSTEMP@ +HAVE_MKSTEMPS = @HAVE_MKSTEMPS@ +HAVE_MSVC_INVALID_PARAMETER_HANDLER = @HAVE_MSVC_INVALID_PARAMETER_HANDLER@ +HAVE_NANOSLEEP = @HAVE_NANOSLEEP@ +HAVE_NETDB_H = @HAVE_NETDB_H@ +HAVE_NETINET_IN_H = @HAVE_NETINET_IN_H@ +HAVE_NEWLOCALE = @HAVE_NEWLOCALE@ +HAVE_NL_LANGINFO = @HAVE_NL_LANGINFO@ +HAVE_OPENAT = @HAVE_OPENAT@ +HAVE_OS_H = @HAVE_OS_H@ +HAVE_PCLOSE = @HAVE_PCLOSE@ +HAVE_PIPE = @HAVE_PIPE@ +HAVE_PIPE2 = @HAVE_PIPE2@ +HAVE_POPEN = @HAVE_POPEN@ +HAVE_POSIX_OPENPT = @HAVE_POSIX_OPENPT@ +HAVE_POSIX_SIGNALBLOCKING = @HAVE_POSIX_SIGNALBLOCKING@ +HAVE_PREAD = @HAVE_PREAD@ +HAVE_PSELECT = @HAVE_PSELECT@ +HAVE_PTHREAD_SIGMASK = @HAVE_PTHREAD_SIGMASK@ +HAVE_PTSNAME = @HAVE_PTSNAME@ +HAVE_PTSNAME_R = @HAVE_PTSNAME_R@ +HAVE_PWRITE = @HAVE_PWRITE@ +HAVE_QSORT_R = @HAVE_QSORT_R@ +HAVE_RAISE = @HAVE_RAISE@ +HAVE_RANDOM = @HAVE_RANDOM@ +HAVE_RANDOM_H = @HAVE_RANDOM_H@ +HAVE_RANDOM_R = @HAVE_RANDOM_R@ +HAVE_RAWMEMCHR = @HAVE_RAWMEMCHR@ +HAVE_READLINK = @HAVE_READLINK@ +HAVE_READLINKAT = @HAVE_READLINKAT@ +HAVE_REALLOCARRAY = @HAVE_REALLOCARRAY@ +HAVE_REALPATH = @HAVE_REALPATH@ +HAVE_RENAMEAT = @HAVE_RENAMEAT@ +HAVE_RPMATCH = @HAVE_RPMATCH@ +HAVE_SA_FAMILY_T = @HAVE_SA_FAMILY_T@ +HAVE_SECURE_GETENV = @HAVE_SECURE_GETENV@ +HAVE_SETENV = @HAVE_SETENV@ +HAVE_SETHOSTNAME = @HAVE_SETHOSTNAME@ +HAVE_SETSTATE = @HAVE_SETSTATE@ +HAVE_SIGACTION = @HAVE_SIGACTION@ +HAVE_SIGHANDLER_T = @HAVE_SIGHANDLER_T@ +HAVE_SIGINFO_T = @HAVE_SIGINFO_T@ +HAVE_SIGNED_SIG_ATOMIC_T = @HAVE_SIGNED_SIG_ATOMIC_T@ +HAVE_SIGNED_WCHAR_T = @HAVE_SIGNED_WCHAR_T@ +HAVE_SIGNED_WINT_T = @HAVE_SIGNED_WINT_T@ +HAVE_SIGSET_T = @HAVE_SIGSET_T@ +HAVE_SLEEP = @HAVE_SLEEP@ +HAVE_STDINT_H = @HAVE_STDINT_H@ +HAVE_STPCPY = @HAVE_STPCPY@ +HAVE_STPNCPY = @HAVE_STPNCPY@ +HAVE_STRCASECMP = @HAVE_STRCASECMP@ +HAVE_STRCASESTR = @HAVE_STRCASESTR@ +HAVE_STRCHRNUL = @HAVE_STRCHRNUL@ +HAVE_STRINGS_H = @HAVE_STRINGS_H@ +HAVE_STRPBRK = @HAVE_STRPBRK@ +HAVE_STRPTIME = @HAVE_STRPTIME@ +HAVE_STRSEP = @HAVE_STRSEP@ +HAVE_STRTOD = @HAVE_STRTOD@ +HAVE_STRTOLD = @HAVE_STRTOLD@ +HAVE_STRTOLL = @HAVE_STRTOLL@ +HAVE_STRTOULL = @HAVE_STRTOULL@ +HAVE_STRUCT_ADDRINFO = @HAVE_STRUCT_ADDRINFO@ +HAVE_STRUCT_RANDOM_DATA = @HAVE_STRUCT_RANDOM_DATA@ +HAVE_STRUCT_SIGACTION_SA_SIGACTION = @HAVE_STRUCT_SIGACTION_SA_SIGACTION@ +HAVE_STRUCT_SOCKADDR_STORAGE = @HAVE_STRUCT_SOCKADDR_STORAGE@ +HAVE_STRUCT_SOCKADDR_STORAGE_SS_FAMILY = @HAVE_STRUCT_SOCKADDR_STORAGE_SS_FAMILY@ +HAVE_STRUCT_TIMEVAL = @HAVE_STRUCT_TIMEVAL@ +HAVE_STRVERSCMP = @HAVE_STRVERSCMP@ +HAVE_SYMLINK = @HAVE_SYMLINK@ +HAVE_SYMLINKAT = @HAVE_SYMLINKAT@ +HAVE_SYS_BITYPES_H = @HAVE_SYS_BITYPES_H@ +HAVE_SYS_INTTYPES_H = @HAVE_SYS_INTTYPES_H@ +HAVE_SYS_IOCTL_H = @HAVE_SYS_IOCTL_H@ +HAVE_SYS_LOADAVG_H = @HAVE_SYS_LOADAVG_H@ +HAVE_SYS_PARAM_H = @HAVE_SYS_PARAM_H@ +HAVE_SYS_SELECT_H = @HAVE_SYS_SELECT_H@ +HAVE_SYS_SOCKET_H = @HAVE_SYS_SOCKET_H@ +HAVE_SYS_TIME_H = @HAVE_SYS_TIME_H@ +HAVE_SYS_TYPES_H = @HAVE_SYS_TYPES_H@ +HAVE_SYS_UIO_H = @HAVE_SYS_UIO_H@ +HAVE_TIMEGM = @HAVE_TIMEGM@ +HAVE_TIMEZONE_T = @HAVE_TIMEZONE_T@ +HAVE_TYPE_VOLATILE_SIG_ATOMIC_T = @HAVE_TYPE_VOLATILE_SIG_ATOMIC_T@ +HAVE_TZSET = @HAVE_TZSET@ +HAVE_UNISTD_H = @HAVE_UNISTD_H@ +HAVE_UNLINKAT = @HAVE_UNLINKAT@ +HAVE_UNLOCKPT = @HAVE_UNLOCKPT@ +HAVE_UNSIGNED_LONG_LONG_INT = @HAVE_UNSIGNED_LONG_LONG_INT@ +HAVE_USLEEP = @HAVE_USLEEP@ +HAVE_UTIMENSAT = @HAVE_UTIMENSAT@ +HAVE_VASPRINTF = @HAVE_VASPRINTF@ +HAVE_VDPRINTF = @HAVE_VDPRINTF@ +HAVE_WCHAR_H = @HAVE_WCHAR_H@ +HAVE_WCHAR_T = @HAVE_WCHAR_T@ +HAVE_WCPCPY = @HAVE_WCPCPY@ +HAVE_WCPNCPY = @HAVE_WCPNCPY@ +HAVE_WCRTOMB = @HAVE_WCRTOMB@ +HAVE_WCSCASECMP = @HAVE_WCSCASECMP@ +HAVE_WCSCAT = @HAVE_WCSCAT@ +HAVE_WCSCHR = @HAVE_WCSCHR@ +HAVE_WCSCMP = @HAVE_WCSCMP@ +HAVE_WCSCOLL = @HAVE_WCSCOLL@ +HAVE_WCSCPY = @HAVE_WCSCPY@ +HAVE_WCSCSPN = @HAVE_WCSCSPN@ +HAVE_WCSDUP = @HAVE_WCSDUP@ +HAVE_WCSFTIME = @HAVE_WCSFTIME@ +HAVE_WCSLEN = @HAVE_WCSLEN@ +HAVE_WCSNCASECMP = @HAVE_WCSNCASECMP@ +HAVE_WCSNCAT = @HAVE_WCSNCAT@ +HAVE_WCSNCMP = @HAVE_WCSNCMP@ +HAVE_WCSNCPY = @HAVE_WCSNCPY@ +HAVE_WCSNLEN = @HAVE_WCSNLEN@ +HAVE_WCSNRTOMBS = @HAVE_WCSNRTOMBS@ +HAVE_WCSPBRK = @HAVE_WCSPBRK@ +HAVE_WCSRCHR = @HAVE_WCSRCHR@ +HAVE_WCSRTOMBS = @HAVE_WCSRTOMBS@ +HAVE_WCSSPN = @HAVE_WCSSPN@ +HAVE_WCSSTR = @HAVE_WCSSTR@ +HAVE_WCSTOK = @HAVE_WCSTOK@ +HAVE_WCSWIDTH = @HAVE_WCSWIDTH@ +HAVE_WCSXFRM = @HAVE_WCSXFRM@ +HAVE_WINSOCK2_H = @HAVE_WINSOCK2_H@ +HAVE_WINT_T = @HAVE_WINT_T@ +HAVE_WMEMCHR = @HAVE_WMEMCHR@ +HAVE_WMEMCMP = @HAVE_WMEMCMP@ +HAVE_WMEMCPY = @HAVE_WMEMCPY@ +HAVE_WMEMMOVE = @HAVE_WMEMMOVE@ +HAVE_WMEMSET = @HAVE_WMEMSET@ +HAVE_WS2TCPIP_H = @HAVE_WS2TCPIP_H@ +HAVE_XLOCALE_H = @HAVE_XLOCALE_H@ +HAVE__BOOL = @HAVE__BOOL@ +HAVE__EXIT = @HAVE__EXIT@ +HOGWEED_CFLAGS = @HOGWEED_CFLAGS@ +HOGWEED_LIBS = @HOGWEED_LIBS@ +HOSTENT_LIB = @HOSTENT_LIB@ +HTML_DIR = @HTML_DIR@ +INCLUDE_NEXT = @INCLUDE_NEXT@ +INCLUDE_NEXT_AS_FIRST_DIRECTIVE = @INCLUDE_NEXT_AS_FIRST_DIRECTIVE@ +INET_NTOP_LIB = @INET_NTOP_LIB@ +INET_PTON_LIB = @INET_PTON_LIB@ +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +INT32_MAX_LT_INTMAX_MAX = @INT32_MAX_LT_INTMAX_MAX@ +INT64_MAX_EQ_LONG_MAX = @INT64_MAX_EQ_LONG_MAX@ +INTLLIBS = @INTLLIBS@ +INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@ +LCOV = @LCOV@ +LD = @LD@ +LDFLAGS = @LDFLAGS@ +LIBATOMIC_LIBS = @LIBATOMIC_LIBS@ +LIBCRYPTO = @LIBCRYPTO@ +LIBCRYPTO_PREFIX = @LIBCRYPTO_PREFIX@ +LIBDL = @LIBDL@ +LIBDL_PREFIX = @LIBDL_PREFIX@ +LIBGNUTLS_CFLAGS = @LIBGNUTLS_CFLAGS@ +LIBGNUTLS_LIBS = @LIBGNUTLS_LIBS@ +LIBICONV = @LIBICONV@ +LIBIDN2_CFLAGS = @LIBIDN2_CFLAGS@ +LIBIDN2_LIBS = @LIBIDN2_LIBS@ +LIBINTL = @LIBINTL@ +LIBMULTITHREAD = @LIBMULTITHREAD@ +LIBOBJS = @LIBOBJS@ +LIBOPTS_CFLAGS = @LIBOPTS_CFLAGS@ +LIBOPTS_DIR = @LIBOPTS_DIR@ +LIBOPTS_LDADD = @LIBOPTS_LDADD@ +LIBPTH = @LIBPTH@ +LIBPTHREAD = @LIBPTHREAD@ +LIBPTHREAD_PREFIX = @LIBPTHREAD_PREFIX@ +LIBPTH_PREFIX = @LIBPTH_PREFIX@ +LIBRT = @LIBRT@ +LIBRT_PREFIX = @LIBRT_PREFIX@ +LIBS = @LIBS@ +LIBSECCOMP = @LIBSECCOMP@ +LIBSECCOMP_PREFIX = @LIBSECCOMP_PREFIX@ +LIBSOCKET = @LIBSOCKET@ +LIBTASN1_CFLAGS = @LIBTASN1_CFLAGS@ +LIBTASN1_LIBS = @LIBTASN1_LIBS@ +LIBTESTS_LIBDEPS = @LIBTESTS_LIBDEPS@ +LIBTHREAD = @LIBTHREAD@ +LIBTOOL = @LIBTOOL@ +LIBUNISTRING = @LIBUNISTRING@ +LIBUNISTRING_UNICTYPE_H = @LIBUNISTRING_UNICTYPE_H@ +LIBUNISTRING_UNINORM_H = @LIBUNISTRING_UNINORM_H@ +LIBUNISTRING_UNISTR_H = @LIBUNISTRING_UNISTR_H@ +LIBUNISTRING_UNITYPES_H = @LIBUNISTRING_UNITYPES_H@ +LIB_CLOCK_GETTIME = @LIB_CLOCK_GETTIME@ +LIB_NANOSLEEP = @LIB_NANOSLEEP@ +LIB_SELECT = @LIB_SELECT@ +LIMITS_H = @LIMITS_H@ +LIPO = @LIPO@ +LN_S = @LN_S@ +LOCALE_FR = @LOCALE_FR@ +LOCALE_FR_UTF8 = @LOCALE_FR_UTF8@ +LOCALE_JA = @LOCALE_JA@ +LOCALE_TR_UTF8 = @LOCALE_TR_UTF8@ +LOCALE_ZH_CN = @LOCALE_ZH_CN@ +LTALLOCA = @LTALLOCA@ +LTLIBCRYPTO = @LTLIBCRYPTO@ +LTLIBDL = @LTLIBDL@ +LTLIBICONV = @LTLIBICONV@ +LTLIBINTL = @LTLIBINTL@ +LTLIBMULTITHREAD = @LTLIBMULTITHREAD@ +LTLIBOBJS = @LTLIBOBJS@ +LTLIBPTH = @LTLIBPTH@ +LTLIBPTHREAD = @LTLIBPTHREAD@ +LTLIBRT = @LTLIBRT@ +LTLIBSECCOMP = @LTLIBSECCOMP@ +LTLIBTHREAD = @LTLIBTHREAD@ +LT_AGE = @LT_AGE@ +LT_CURRENT = @LT_CURRENT@ +LT_DANE_AGE = @LT_DANE_AGE@ +LT_DANE_CURRENT = @LT_DANE_CURRENT@ +LT_DANE_REVISION = @LT_DANE_REVISION@ +LT_REVISION = @LT_REVISION@ +LT_SSL_AGE = @LT_SSL_AGE@ +LT_SSL_CURRENT = @LT_SSL_CURRENT@ +LT_SSL_REVISION = @LT_SSL_REVISION@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ +LT_XSSL_AGE = @LT_XSSL_AGE@ +LT_XSSL_CURRENT = @LT_XSSL_CURRENT@ +LT_XSSL_REVISION = @LT_XSSL_REVISION@ +MAINT = @MAINT@ +MAJOR_VERSION = @MAJOR_VERSION@ +MAKEINFO = @MAKEINFO@ +MANIFEST_TOOL = @MANIFEST_TOOL@ +MINOR_VERSION = @MINOR_VERSION@ +MKDIR_P = @MKDIR_P@ +MSGFMT = @MSGFMT@ +MSGFMT_015 = @MSGFMT_015@ +MSGMERGE = @MSGMERGE@ +NETINET_IN_H = @NETINET_IN_H@ +NETTLE_CFLAGS = @NETTLE_CFLAGS@ +NETTLE_LIBS = @NETTLE_LIBS@ +NEXT_ARPA_INET_H = @NEXT_ARPA_INET_H@ +NEXT_AS_FIRST_DIRECTIVE_ARPA_INET_H = @NEXT_AS_FIRST_DIRECTIVE_ARPA_INET_H@ +NEXT_AS_FIRST_DIRECTIVE_CTYPE_H = @NEXT_AS_FIRST_DIRECTIVE_CTYPE_H@ +NEXT_AS_FIRST_DIRECTIVE_ERRNO_H = @NEXT_AS_FIRST_DIRECTIVE_ERRNO_H@ +NEXT_AS_FIRST_DIRECTIVE_FCNTL_H = @NEXT_AS_FIRST_DIRECTIVE_FCNTL_H@ +NEXT_AS_FIRST_DIRECTIVE_FLOAT_H = @NEXT_AS_FIRST_DIRECTIVE_FLOAT_H@ +NEXT_AS_FIRST_DIRECTIVE_INTTYPES_H = @NEXT_AS_FIRST_DIRECTIVE_INTTYPES_H@ +NEXT_AS_FIRST_DIRECTIVE_LANGINFO_H = @NEXT_AS_FIRST_DIRECTIVE_LANGINFO_H@ +NEXT_AS_FIRST_DIRECTIVE_LIMITS_H = @NEXT_AS_FIRST_DIRECTIVE_LIMITS_H@ +NEXT_AS_FIRST_DIRECTIVE_LOCALE_H = @NEXT_AS_FIRST_DIRECTIVE_LOCALE_H@ +NEXT_AS_FIRST_DIRECTIVE_NETDB_H = @NEXT_AS_FIRST_DIRECTIVE_NETDB_H@ +NEXT_AS_FIRST_DIRECTIVE_NETINET_IN_H = @NEXT_AS_FIRST_DIRECTIVE_NETINET_IN_H@ +NEXT_AS_FIRST_DIRECTIVE_SIGNAL_H = @NEXT_AS_FIRST_DIRECTIVE_SIGNAL_H@ +NEXT_AS_FIRST_DIRECTIVE_STDDEF_H = @NEXT_AS_FIRST_DIRECTIVE_STDDEF_H@ +NEXT_AS_FIRST_DIRECTIVE_STDINT_H = @NEXT_AS_FIRST_DIRECTIVE_STDINT_H@ +NEXT_AS_FIRST_DIRECTIVE_STDIO_H = @NEXT_AS_FIRST_DIRECTIVE_STDIO_H@ +NEXT_AS_FIRST_DIRECTIVE_STDLIB_H = @NEXT_AS_FIRST_DIRECTIVE_STDLIB_H@ +NEXT_AS_FIRST_DIRECTIVE_STRINGS_H = @NEXT_AS_FIRST_DIRECTIVE_STRINGS_H@ +NEXT_AS_FIRST_DIRECTIVE_STRING_H = @NEXT_AS_FIRST_DIRECTIVE_STRING_H@ +NEXT_AS_FIRST_DIRECTIVE_SYS_IOCTL_H = @NEXT_AS_FIRST_DIRECTIVE_SYS_IOCTL_H@ +NEXT_AS_FIRST_DIRECTIVE_SYS_SELECT_H = @NEXT_AS_FIRST_DIRECTIVE_SYS_SELECT_H@ +NEXT_AS_FIRST_DIRECTIVE_SYS_SOCKET_H = @NEXT_AS_FIRST_DIRECTIVE_SYS_SOCKET_H@ +NEXT_AS_FIRST_DIRECTIVE_SYS_STAT_H = @NEXT_AS_FIRST_DIRECTIVE_SYS_STAT_H@ +NEXT_AS_FIRST_DIRECTIVE_SYS_TIME_H = @NEXT_AS_FIRST_DIRECTIVE_SYS_TIME_H@ +NEXT_AS_FIRST_DIRECTIVE_SYS_TYPES_H = @NEXT_AS_FIRST_DIRECTIVE_SYS_TYPES_H@ +NEXT_AS_FIRST_DIRECTIVE_SYS_UIO_H = @NEXT_AS_FIRST_DIRECTIVE_SYS_UIO_H@ +NEXT_AS_FIRST_DIRECTIVE_TIME_H = @NEXT_AS_FIRST_DIRECTIVE_TIME_H@ +NEXT_AS_FIRST_DIRECTIVE_UNISTD_H = @NEXT_AS_FIRST_DIRECTIVE_UNISTD_H@ +NEXT_AS_FIRST_DIRECTIVE_WCHAR_H = @NEXT_AS_FIRST_DIRECTIVE_WCHAR_H@ +NEXT_CTYPE_H = @NEXT_CTYPE_H@ +NEXT_ERRNO_H = @NEXT_ERRNO_H@ +NEXT_FCNTL_H = @NEXT_FCNTL_H@ +NEXT_FLOAT_H = @NEXT_FLOAT_H@ +NEXT_INTTYPES_H = @NEXT_INTTYPES_H@ +NEXT_LANGINFO_H = @NEXT_LANGINFO_H@ +NEXT_LIMITS_H = @NEXT_LIMITS_H@ +NEXT_LOCALE_H = @NEXT_LOCALE_H@ +NEXT_NETDB_H = @NEXT_NETDB_H@ +NEXT_NETINET_IN_H = @NEXT_NETINET_IN_H@ +NEXT_SIGNAL_H = @NEXT_SIGNAL_H@ +NEXT_STDDEF_H = @NEXT_STDDEF_H@ +NEXT_STDINT_H = @NEXT_STDINT_H@ +NEXT_STDIO_H = @NEXT_STDIO_H@ +NEXT_STDLIB_H = @NEXT_STDLIB_H@ +NEXT_STRINGS_H = @NEXT_STRINGS_H@ +NEXT_STRING_H = @NEXT_STRING_H@ +NEXT_SYS_IOCTL_H = @NEXT_SYS_IOCTL_H@ +NEXT_SYS_SELECT_H = @NEXT_SYS_SELECT_H@ +NEXT_SYS_SOCKET_H = @NEXT_SYS_SOCKET_H@ +NEXT_SYS_STAT_H = @NEXT_SYS_STAT_H@ +NEXT_SYS_TIME_H = @NEXT_SYS_TIME_H@ +NEXT_SYS_TYPES_H = @NEXT_SYS_TYPES_H@ +NEXT_SYS_UIO_H = @NEXT_SYS_UIO_H@ +NEXT_TIME_H = @NEXT_TIME_H@ +NEXT_UNISTD_H = @NEXT_UNISTD_H@ +NEXT_WCHAR_H = @NEXT_WCHAR_H@ +NM = @NM@ +NMEDIT = @NMEDIT@ +NUMBER_VERSION = @NUMBER_VERSION@ +OBJDUMP = @OBJDUMP@ +OBJEXT = @OBJEXT@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ +P11_KIT_CFLAGS = @P11_KIT_CFLAGS@ +P11_KIT_LIBS = @P11_KIT_LIBS@ +PACKAGE = @PACKAGE@ +PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ +PACKAGE_NAME = @PACKAGE_NAME@ +PACKAGE_STRING = @PACKAGE_STRING@ +PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ +PACKAGE_VERSION = @PACKAGE_VERSION@ +PATCH_VERSION = @PATCH_VERSION@ +PATH_SEPARATOR = @PATH_SEPARATOR@ +PKG_CONFIG = @PKG_CONFIG@ +PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ +PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ +PMCCABE = @PMCCABE@ +POSIX_SHELL = @POSIX_SHELL@ +POSUB = @POSUB@ +PRAGMA_COLUMNS = @PRAGMA_COLUMNS@ +PRAGMA_SYSTEM_HEADER = @PRAGMA_SYSTEM_HEADER@ +PRIPTR_PREFIX = @PRIPTR_PREFIX@ +PRI_MACROS_BROKEN = @PRI_MACROS_BROKEN@ +PTHREAD_H_DEFINES_STRUCT_TIMESPEC = @PTHREAD_H_DEFINES_STRUCT_TIMESPEC@ +PTRDIFF_T_SUFFIX = @PTRDIFF_T_SUFFIX@ +RANLIB = @RANLIB@ +REPLACE_BTOWC = @REPLACE_BTOWC@ +REPLACE_CALLOC = @REPLACE_CALLOC@ +REPLACE_CANONICALIZE_FILE_NAME = @REPLACE_CANONICALIZE_FILE_NAME@ +REPLACE_CHOWN = @REPLACE_CHOWN@ +REPLACE_CLOSE = @REPLACE_CLOSE@ +REPLACE_CTIME = @REPLACE_CTIME@ +REPLACE_DPRINTF = @REPLACE_DPRINTF@ +REPLACE_DUP = @REPLACE_DUP@ +REPLACE_DUP2 = @REPLACE_DUP2@ +REPLACE_DUPLOCALE = @REPLACE_DUPLOCALE@ +REPLACE_FACCESSAT = @REPLACE_FACCESSAT@ +REPLACE_FCHOWNAT = @REPLACE_FCHOWNAT@ +REPLACE_FCLOSE = @REPLACE_FCLOSE@ +REPLACE_FCNTL = @REPLACE_FCNTL@ +REPLACE_FDOPEN = @REPLACE_FDOPEN@ +REPLACE_FFLUSH = @REPLACE_FFLUSH@ +REPLACE_FOPEN = @REPLACE_FOPEN@ +REPLACE_FPRINTF = @REPLACE_FPRINTF@ +REPLACE_FPURGE = @REPLACE_FPURGE@ +REPLACE_FREELOCALE = @REPLACE_FREELOCALE@ +REPLACE_FREOPEN = @REPLACE_FREOPEN@ +REPLACE_FSEEK = @REPLACE_FSEEK@ +REPLACE_FSEEKO = @REPLACE_FSEEKO@ +REPLACE_FSTAT = @REPLACE_FSTAT@ +REPLACE_FSTATAT = @REPLACE_FSTATAT@ +REPLACE_FTELL = @REPLACE_FTELL@ +REPLACE_FTELLO = @REPLACE_FTELLO@ +REPLACE_FTRUNCATE = @REPLACE_FTRUNCATE@ +REPLACE_FUTIMENS = @REPLACE_FUTIMENS@ +REPLACE_GAI_STRERROR = @REPLACE_GAI_STRERROR@ +REPLACE_GETCWD = @REPLACE_GETCWD@ +REPLACE_GETDELIM = @REPLACE_GETDELIM@ +REPLACE_GETDOMAINNAME = @REPLACE_GETDOMAINNAME@ +REPLACE_GETDTABLESIZE = @REPLACE_GETDTABLESIZE@ +REPLACE_GETGROUPS = @REPLACE_GETGROUPS@ +REPLACE_GETLINE = @REPLACE_GETLINE@ +REPLACE_GETLOGIN_R = @REPLACE_GETLOGIN_R@ +REPLACE_GETPAGESIZE = @REPLACE_GETPAGESIZE@ +REPLACE_GETPASS = @REPLACE_GETPASS@ +REPLACE_GETTIMEOFDAY = @REPLACE_GETTIMEOFDAY@ +REPLACE_GMTIME = @REPLACE_GMTIME@ +REPLACE_INET_NTOP = @REPLACE_INET_NTOP@ +REPLACE_INET_PTON = @REPLACE_INET_PTON@ +REPLACE_INITSTATE = @REPLACE_INITSTATE@ +REPLACE_IOCTL = @REPLACE_IOCTL@ +REPLACE_ISATTY = @REPLACE_ISATTY@ +REPLACE_ITOLD = @REPLACE_ITOLD@ +REPLACE_LCHOWN = @REPLACE_LCHOWN@ +REPLACE_LINK = @REPLACE_LINK@ +REPLACE_LINKAT = @REPLACE_LINKAT@ +REPLACE_LOCALECONV = @REPLACE_LOCALECONV@ +REPLACE_LOCALTIME = @REPLACE_LOCALTIME@ +REPLACE_LOCALTIME_R = @REPLACE_LOCALTIME_R@ +REPLACE_LSEEK = @REPLACE_LSEEK@ +REPLACE_LSTAT = @REPLACE_LSTAT@ +REPLACE_MALLOC = @REPLACE_MALLOC@ +REPLACE_MBRLEN = @REPLACE_MBRLEN@ +REPLACE_MBRTOWC = @REPLACE_MBRTOWC@ +REPLACE_MBSINIT = @REPLACE_MBSINIT@ +REPLACE_MBSNRTOWCS = @REPLACE_MBSNRTOWCS@ +REPLACE_MBSRTOWCS = @REPLACE_MBSRTOWCS@ +REPLACE_MBSTATE_T = @REPLACE_MBSTATE_T@ +REPLACE_MBTOWC = @REPLACE_MBTOWC@ +REPLACE_MEMCHR = @REPLACE_MEMCHR@ +REPLACE_MEMMEM = @REPLACE_MEMMEM@ +REPLACE_MKDIR = @REPLACE_MKDIR@ +REPLACE_MKFIFO = @REPLACE_MKFIFO@ +REPLACE_MKNOD = @REPLACE_MKNOD@ +REPLACE_MKSTEMP = @REPLACE_MKSTEMP@ +REPLACE_MKTIME = @REPLACE_MKTIME@ +REPLACE_NANOSLEEP = @REPLACE_NANOSLEEP@ +REPLACE_NEWLOCALE = @REPLACE_NEWLOCALE@ +REPLACE_NL_LANGINFO = @REPLACE_NL_LANGINFO@ +REPLACE_NULL = @REPLACE_NULL@ +REPLACE_OBSTACK_PRINTF = @REPLACE_OBSTACK_PRINTF@ +REPLACE_OPEN = @REPLACE_OPEN@ +REPLACE_OPENAT = @REPLACE_OPENAT@ +REPLACE_PERROR = @REPLACE_PERROR@ +REPLACE_POPEN = @REPLACE_POPEN@ +REPLACE_PREAD = @REPLACE_PREAD@ +REPLACE_PRINTF = @REPLACE_PRINTF@ +REPLACE_PSELECT = @REPLACE_PSELECT@ +REPLACE_PTHREAD_SIGMASK = @REPLACE_PTHREAD_SIGMASK@ +REPLACE_PTSNAME = @REPLACE_PTSNAME@ +REPLACE_PTSNAME_R = @REPLACE_PTSNAME_R@ +REPLACE_PUTENV = @REPLACE_PUTENV@ +REPLACE_PWRITE = @REPLACE_PWRITE@ +REPLACE_QSORT_R = @REPLACE_QSORT_R@ +REPLACE_RAISE = @REPLACE_RAISE@ +REPLACE_RANDOM = @REPLACE_RANDOM@ +REPLACE_RANDOM_R = @REPLACE_RANDOM_R@ +REPLACE_READ = @REPLACE_READ@ +REPLACE_READLINK = @REPLACE_READLINK@ +REPLACE_READLINKAT = @REPLACE_READLINKAT@ +REPLACE_REALLOC = @REPLACE_REALLOC@ +REPLACE_REALPATH = @REPLACE_REALPATH@ +REPLACE_REMOVE = @REPLACE_REMOVE@ +REPLACE_RENAME = @REPLACE_RENAME@ +REPLACE_RENAMEAT = @REPLACE_RENAMEAT@ +REPLACE_RMDIR = @REPLACE_RMDIR@ +REPLACE_SELECT = @REPLACE_SELECT@ +REPLACE_SETENV = @REPLACE_SETENV@ +REPLACE_SETLOCALE = @REPLACE_SETLOCALE@ +REPLACE_SETSTATE = @REPLACE_SETSTATE@ +REPLACE_SLEEP = @REPLACE_SLEEP@ +REPLACE_SNPRINTF = @REPLACE_SNPRINTF@ +REPLACE_SPRINTF = @REPLACE_SPRINTF@ +REPLACE_STAT = @REPLACE_STAT@ +REPLACE_STDIO_READ_FUNCS = @REPLACE_STDIO_READ_FUNCS@ +REPLACE_STDIO_WRITE_FUNCS = @REPLACE_STDIO_WRITE_FUNCS@ +REPLACE_STPNCPY = @REPLACE_STPNCPY@ +REPLACE_STRCASESTR = @REPLACE_STRCASESTR@ +REPLACE_STRCHRNUL = @REPLACE_STRCHRNUL@ +REPLACE_STRDUP = @REPLACE_STRDUP@ +REPLACE_STRERROR = @REPLACE_STRERROR@ +REPLACE_STRERROR_R = @REPLACE_STRERROR_R@ +REPLACE_STRFTIME = @REPLACE_STRFTIME@ +REPLACE_STRNCAT = @REPLACE_STRNCAT@ +REPLACE_STRNDUP = @REPLACE_STRNDUP@ +REPLACE_STRNLEN = @REPLACE_STRNLEN@ +REPLACE_STRSIGNAL = @REPLACE_STRSIGNAL@ +REPLACE_STRSTR = @REPLACE_STRSTR@ +REPLACE_STRTOD = @REPLACE_STRTOD@ +REPLACE_STRTOIMAX = @REPLACE_STRTOIMAX@ +REPLACE_STRTOK_R = @REPLACE_STRTOK_R@ +REPLACE_STRTOLD = @REPLACE_STRTOLD@ +REPLACE_STRTOUMAX = @REPLACE_STRTOUMAX@ +REPLACE_STRUCT_LCONV = @REPLACE_STRUCT_LCONV@ +REPLACE_STRUCT_TIMEVAL = @REPLACE_STRUCT_TIMEVAL@ +REPLACE_SYMLINK = @REPLACE_SYMLINK@ +REPLACE_SYMLINKAT = @REPLACE_SYMLINKAT@ +REPLACE_TIMEGM = @REPLACE_TIMEGM@ +REPLACE_TMPFILE = @REPLACE_TMPFILE@ +REPLACE_TRUNCATE = @REPLACE_TRUNCATE@ +REPLACE_TTYNAME_R = @REPLACE_TTYNAME_R@ +REPLACE_TZSET = @REPLACE_TZSET@ +REPLACE_UNLINK = @REPLACE_UNLINK@ +REPLACE_UNLINKAT = @REPLACE_UNLINKAT@ +REPLACE_UNSETENV = @REPLACE_UNSETENV@ +REPLACE_USLEEP = @REPLACE_USLEEP@ +REPLACE_UTIMENSAT = @REPLACE_UTIMENSAT@ +REPLACE_VASPRINTF = @REPLACE_VASPRINTF@ +REPLACE_VDPRINTF = @REPLACE_VDPRINTF@ +REPLACE_VFPRINTF = @REPLACE_VFPRINTF@ +REPLACE_VPRINTF = @REPLACE_VPRINTF@ +REPLACE_VSNPRINTF = @REPLACE_VSNPRINTF@ +REPLACE_VSPRINTF = @REPLACE_VSPRINTF@ +REPLACE_WCRTOMB = @REPLACE_WCRTOMB@ +REPLACE_WCSFTIME = @REPLACE_WCSFTIME@ +REPLACE_WCSNRTOMBS = @REPLACE_WCSNRTOMBS@ +REPLACE_WCSRTOMBS = @REPLACE_WCSRTOMBS@ +REPLACE_WCSWIDTH = @REPLACE_WCSWIDTH@ +REPLACE_WCTOB = @REPLACE_WCTOB@ +REPLACE_WCTOMB = @REPLACE_WCTOMB@ +REPLACE_WCWIDTH = @REPLACE_WCWIDTH@ +REPLACE_WRITE = @REPLACE_WRITE@ +SED = @SED@ +SERVENT_LIB = @SERVENT_LIB@ +SET_MAKE = @SET_MAKE@ +SHELL = @SHELL@ +SIG_ATOMIC_T_SUFFIX = @SIG_ATOMIC_T_SUFFIX@ +SIZE_T_SUFFIX = @SIZE_T_SUFFIX@ +STDALIGN_H = @STDALIGN_H@ +STDBOOL_H = @STDBOOL_H@ +STDDEF_H = @STDDEF_H@ +STDINT_H = @STDINT_H@ +STDNORETURN_H = @STDNORETURN_H@ +STRIP = @STRIP@ +SYS_IOCTL_H_HAVE_WINSOCK2_H = @SYS_IOCTL_H_HAVE_WINSOCK2_H@ +SYS_IOCTL_H_HAVE_WINSOCK2_H_AND_USE_SOCKETS = @SYS_IOCTL_H_HAVE_WINSOCK2_H_AND_USE_SOCKETS@ +SYS_TIME_H_DEFINES_STRUCT_TIMESPEC = @SYS_TIME_H_DEFINES_STRUCT_TIMESPEC@ +TIME_H_DEFINES_STRUCT_TIMESPEC = @TIME_H_DEFINES_STRUCT_TIMESPEC@ +TROUSERS_LIB = @TROUSERS_LIB@ +TSS_CFLAGS = @TSS_CFLAGS@ +TSS_LIBS = @TSS_LIBS@ +UINT32_MAX_LT_UINTMAX_MAX = @UINT32_MAX_LT_UINTMAX_MAX@ +UINT64_MAX_EQ_ULONG_MAX = @UINT64_MAX_EQ_ULONG_MAX@ +UNBOUND_CFLAGS = @UNBOUND_CFLAGS@ +UNBOUND_LIBS = @UNBOUND_LIBS@ +UNDEFINE_STRTOK_R = @UNDEFINE_STRTOK_R@ +UNISTD_H_DEFINES_STRUCT_TIMESPEC = @UNISTD_H_DEFINES_STRUCT_TIMESPEC@ +UNISTD_H_HAVE_WINSOCK2_H = @UNISTD_H_HAVE_WINSOCK2_H@ +UNISTD_H_HAVE_WINSOCK2_H_AND_USE_SOCKETS = @UNISTD_H_HAVE_WINSOCK2_H_AND_USE_SOCKETS@ +USE_NLS = @USE_NLS@ +VALGRIND = @VALGRIND@ +VERSION = @VERSION@ +WARN_CFLAGS = @WARN_CFLAGS@ +WCHAR_T_SUFFIX = @WCHAR_T_SUFFIX@ +WERROR_CFLAGS = @WERROR_CFLAGS@ +WINDOWS_64_BIT_OFF_T = @WINDOWS_64_BIT_OFF_T@ +WINDOWS_64_BIT_ST_SIZE = @WINDOWS_64_BIT_ST_SIZE@ +WINDOWS_STAT_INODES = @WINDOWS_STAT_INODES@ +WINDOWS_STAT_TIMESPEC = @WINDOWS_STAT_TIMESPEC@ +WINT_T_SUFFIX = @WINT_T_SUFFIX@ +WSTACK_CFLAGS = @WSTACK_CFLAGS@ +XGETTEXT = @XGETTEXT@ +XGETTEXT_015 = @XGETTEXT_015@ +XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@ +YACC = @YACC@ +YEAR = @YEAR@ +YFLAGS = @YFLAGS@ +abs_aux_dir = @abs_aux_dir@ +abs_builddir = @abs_builddir@ +abs_srcdir = @abs_srcdir@ +abs_top_builddir = @abs_top_builddir@ +abs_top_srcdir = @abs_top_srcdir@ +ac_ct_AR = @ac_ct_AR@ +ac_ct_CC = @ac_ct_CC@ +ac_ct_CXX = @ac_ct_CXX@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +ac_cv_sizeof_time_t = @ac_cv_sizeof_time_t@ +am__include = @am__include@ +am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ +am__tar = @am__tar@ +am__untar = @am__untar@ +autogen = @autogen@ +bindir = @bindir@ +build = @build@ +build_alias = @build_alias@ +build_cpu = @build_cpu@ +build_os = @build_os@ +build_vendor = @build_vendor@ +builddir = @builddir@ +datadir = @datadir@ +datarootdir = @datarootdir@ +docdir = @docdir@ +dvidir = @dvidir@ +exec_prefix = @exec_prefix@ +ggl_LIBOBJS = @ggl_LIBOBJS@ +ggl_LTLIBOBJS = @ggl_LTLIBOBJS@ +ggltests_LIBOBJS = @ggltests_LIBOBJS@ +ggltests_LTLIBOBJS = @ggltests_LTLIBOBJS@ +ggltests_WITNESS = @ggltests_WITNESS@ +gl_LIBOBJS = @gl_LIBOBJS@ +gl_LTLIBOBJS = @gl_LTLIBOBJS@ +gltests_LIBOBJS = @gltests_LIBOBJS@ +gltests_LTLIBOBJS = @gltests_LTLIBOBJS@ +gltests_WITNESS = @gltests_WITNESS@ +guile_snarf = @guile_snarf@ +guileextensiondir = @guileextensiondir@ +guilesiteccachedir = @guilesiteccachedir@ +guilesitedir = @guilesitedir@ +host = @host@ +host_alias = @host_alias@ +host_cpu = @host_cpu@ +host_os = @host_os@ +host_vendor = @host_vendor@ +htmldir = @htmldir@ +ifGNUmake = @ifGNUmake@ +ifnGNUmake = @ifnGNUmake@ +includedir = @includedir@ +infodir = @infodir@ +install_sh = @install_sh@ +libdir = @libdir@ +libexecdir = @libexecdir@ +localedir = @localedir@ +localstatedir = @localstatedir@ +mandir = @mandir@ +mkdir_p = @mkdir_p@ +oldincludedir = @oldincludedir@ +pdfdir = @pdfdir@ +prefix = @prefix@ +program_transform_name = @program_transform_name@ +psdir = @psdir@ +runstatedir = @runstatedir@ +sbindir = @sbindir@ +sharedstatedir = @sharedstatedir@ +srcdir = @srcdir@ +sysconfdir = @sysconfdir@ +target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ +top_builddir = @top_builddir@ +top_srcdir = @top_srcdir@ +unistring_LIBOBJS = @unistring_LIBOBJS@ +unistring_LTLIBOBJS = @unistring_LTLIBOBJS@ +unistringtests_LIBOBJS = @unistringtests_LIBOBJS@ +unistringtests_LTLIBOBJS = @unistringtests_LTLIBOBJS@ +unistringtests_WITNESS = @unistringtests_WITNESS@ +DISTCHECK_CONFIGURE_FLAGS = \ + --enable-doc \ + --enable-gtk-doc \ + --disable-valgrind-tests \ + --with-guile-site-dir='$$(datarootdir)/guile/site/$$(GUILE_EFFECTIVE_VERSION)' \ + --with-guile-site-ccache-dir='$$(libdir)/guile/$$(GUILE_EFFECTIVE_VERSION)/site-ccache' \ + --with-guile-extension-dir='$$(libdir)/guile/$$(GUILE_EFFECTIVE_VERSION)/extensions' \ + AUTOGEN=false + +SUBDIRS = gl lib extra $(am__append_1) po $(am__append_2) \ + $(am__append_3) $(am__append_4) $(am__append_5) \ + $(am__append_6) $(am__append_7) +ACLOCAL_AMFLAGS = -I m4 -I src/libopts/m4 -I src/gl/m4 -I lib/unistring/m4 --install +EXTRA_DIST = cfg.mk maint.mk CONTRIBUTING.md README.md LICENSE AUTHORS NEWS \ + ChangeLog THANKS INSTALL.md + +DISTCLEANFILES = AUTHORS +ABIDW_COMMON = --no-show-locs --no-corpus-path +ABIGNORE_FILE = "$(top_srcdir)/devel/libgnutls.abignore" +SYMBOLS_LAST_FILE = "$(top_srcdir)/devel/symbols.last" +LIBGNUTLS_ABI_LAST_FILE = "$(top_srcdir)/devel/libgnutls-latest-$$(uname -m).abi" +LIBDANE_ABI_LAST_FILE = "$(top_srcdir)/devel/libdane-latest-$$(uname -m).abi" +ABICHECK_COMMON = --no-added-syms +@CODE_COVERAGE_ENABLED_TRUE@GITIGNOREFILES = $(GITIGNOREFILES) $(CODE_COVERAGE_OUTPUT_FILE) $(CODE_COVERAGE_OUTPUT_DIRECTORY) +@CODE_COVERAGE_ENABLED_TRUE@code_coverage_v_lcov_cap = $(code_coverage_v_lcov_cap_$(V)) +@CODE_COVERAGE_ENABLED_TRUE@code_coverage_v_lcov_cap_ = $(code_coverage_v_lcov_cap_$(AM_DEFAULT_VERBOSITY)) +@CODE_COVERAGE_ENABLED_TRUE@code_coverage_v_lcov_cap_0 = @echo " LCOV --capture" $(CODE_COVERAGE_OUTPUT_FILE); +@CODE_COVERAGE_ENABLED_TRUE@code_coverage_v_lcov_ign = $(code_coverage_v_lcov_ign_$(V)) +@CODE_COVERAGE_ENABLED_TRUE@code_coverage_v_lcov_ign_ = $(code_coverage_v_lcov_ign_$(AM_DEFAULT_VERBOSITY)) +@CODE_COVERAGE_ENABLED_TRUE@code_coverage_v_lcov_ign_0 = @echo " LCOV --remove /tmp/*" $(CODE_COVERAGE_IGNORE_PATTERN); +@CODE_COVERAGE_ENABLED_TRUE@code_coverage_v_genhtml = $(code_coverage_v_genhtml_$(V)) +@CODE_COVERAGE_ENABLED_TRUE@code_coverage_v_genhtml_ = $(code_coverage_v_genhtml_$(AM_DEFAULT_VERBOSITY)) +@CODE_COVERAGE_ENABLED_TRUE@code_coverage_v_genhtml_0 = @echo " GEN " "$(CODE_COVERAGE_OUTPUT_DIRECTORY)"; +@CODE_COVERAGE_ENABLED_TRUE@code_coverage_quiet = $(code_coverage_quiet_$(V)) +@CODE_COVERAGE_ENABLED_TRUE@code_coverage_quiet_ = $(code_coverage_quiet_$(AM_DEFAULT_VERBOSITY)) +@CODE_COVERAGE_ENABLED_TRUE@code_coverage_quiet_0 = --quiet + +# sanitizes the test-name: replaces with underscores: dashes and dots +@CODE_COVERAGE_ENABLED_TRUE@code_coverage_sanitize = $(subst -,_,$(subst .,_,$(1))) +@CODE_COVERAGE_ENABLED_TRUE@AM_DISTCHECK_CONFIGURE_FLAGS = $(AM_DISTCHECK_CONFIGURE_FLAGS) --disable-code-coverage +all: config.h + $(MAKE) $(AM_MAKEFLAGS) all-recursive + +.SUFFIXES: +am--refresh: Makefile + @: +$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/aminclude_static.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ + *$$dep*) \ + echo ' cd $(srcdir) && $(AUTOMAKE) --foreign'; \ + $(am__cd) $(srcdir) && $(AUTOMAKE) --foreign \ + && exit 0; \ + exit 1;; \ + esac; \ + done; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --foreign Makefile +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + @case '$?' in \ + *config.status*) \ + echo ' $(SHELL) ./config.status'; \ + $(SHELL) ./config.status;; \ + *) \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $@ $(am__maybe_remake_depfiles)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $@ $(am__maybe_remake_depfiles);; \ + esac; +$(top_srcdir)/aminclude_static.am $(am__empty): + +$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) + $(SHELL) ./config.status --recheck + +$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps) + $(am__cd) $(srcdir) && $(AUTOCONF) +$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps) + $(am__cd) $(srcdir) && $(ACLOCAL) $(ACLOCAL_AMFLAGS) +$(am__aclocal_m4_deps): + +config.h: stamp-h1 + @test -f $@ || rm -f stamp-h1 + @test -f $@ || $(MAKE) $(AM_MAKEFLAGS) stamp-h1 + +stamp-h1: $(srcdir)/config.h.in $(top_builddir)/config.status + @rm -f stamp-h1 + cd $(top_builddir) && $(SHELL) ./config.status config.h +$(srcdir)/config.h.in: @MAINTAINER_MODE_TRUE@ $(am__configure_deps) + ($(am__cd) $(top_srcdir) && $(AUTOHEADER)) + rm -f stamp-h1 + touch $@ + +distclean-hdr: + -rm -f config.h stamp-h1 +doc/doxygen/Doxyfile: $(top_builddir)/config.status $(top_srcdir)/doc/doxygen/Doxyfile.in + cd $(top_builddir) && $(SHELL) ./config.status $@ +lib/includes/gnutls/gnutls.h: $(top_builddir)/config.status $(top_srcdir)/lib/includes/gnutls/gnutls.h.in + cd $(top_builddir) && $(SHELL) ./config.status $@ + +mostlyclean-libtool: + -rm -f *.lo + +clean-libtool: + -rm -rf .libs _libs + +distclean-libtool: + -rm -f libtool config.lt + +# This directory's subdirectories are mostly independent; you can cd +# into them and run 'make' without going through this Makefile. +# To change the values of 'make' variables: instead of editing Makefiles, +# (1) if the variable is set in 'config.status', edit 'config.status' +# (which will cause the Makefiles to be regenerated when you run 'make'); +# (2) otherwise, pass the desired values on the 'make' command line. +$(am__recursive_targets): + @fail=; \ + if $(am__make_keepgoing); then \ + failcom='fail=yes'; \ + else \ + failcom='exit 1'; \ + fi; \ + dot_seen=no; \ + target=`echo $@ | sed s/-recursive//`; \ + case "$@" in \ + distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \ + *) list='$(SUBDIRS)' ;; \ + esac; \ + for subdir in $$list; do \ + echo "Making $$target in $$subdir"; \ + if test "$$subdir" = "."; then \ + dot_seen=yes; \ + local_target="$$target-am"; \ + else \ + local_target="$$target"; \ + fi; \ + ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \ + || eval $$failcom; \ + done; \ + if test "$$dot_seen" = "no"; then \ + $(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \ + fi; test -z "$$fail" + +ID: $(am__tagged_files) + $(am__define_uniq_tagged_files); mkid -fID $$unique +tags: tags-recursive +TAGS: tags + +tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) + set x; \ + here=`pwd`; \ + if ($(ETAGS) --etags-include --version) >/dev/null 2>&1; then \ + include_option=--etags-include; \ + empty_fix=.; \ + else \ + include_option=--include; \ + empty_fix=; \ + fi; \ + list='$(SUBDIRS)'; for subdir in $$list; do \ + if test "$$subdir" = .; then :; else \ + test ! -f $$subdir/TAGS || \ + set "$$@" "$$include_option=$$here/$$subdir/TAGS"; \ + fi; \ + done; \ + $(am__define_uniq_tagged_files); \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ + test -n "$$unique" || unique=$$empty_fix; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ + fi +ctags: ctags-recursive + +CTAGS: ctags +ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) + $(am__define_uniq_tagged_files); \ + test -z "$(CTAGS_ARGS)$$unique" \ + || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ + $$unique + +GTAGS: + here=`$(am__cd) $(top_builddir) && pwd` \ + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" +cscope: cscope.files + test ! -s cscope.files \ + || $(CSCOPE) -b -q $(AM_CSCOPEFLAGS) $(CSCOPEFLAGS) -i cscope.files $(CSCOPE_ARGS) +clean-cscope: + -rm -f cscope.files +cscope.files: clean-cscope cscopelist +cscopelist: cscopelist-recursive + +cscopelist-am: $(am__tagged_files) + list='$(am__tagged_files)'; \ + case "$(srcdir)" in \ + [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \ + *) sdir=$(subdir)/$(srcdir) ;; \ + esac; \ + for i in $$list; do \ + if test -f "$$i"; then \ + echo "$(subdir)/$$i"; \ + else \ + echo "$$sdir/$$i"; \ + fi; \ + done >> $(top_builddir)/cscope.files + +distclean-tags: + -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags + -rm -f cscope.out cscope.in.out cscope.po.out cscope.files + +distdir: $(BUILT_SOURCES) + $(MAKE) $(AM_MAKEFLAGS) distdir-am + +distdir-am: $(DISTFILES) + $(am__remove_distdir) + test -d "$(distdir)" || mkdir "$(distdir)" + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ + dist_files=`for file in $$list; do echo $$file; done | \ + sed -e "s|^$$srcdirstrip/||;t" \ + -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ + case $$dist_files in \ + */*) $(MKDIR_P) `echo "$$dist_files" | \ + sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ + sort -u` ;; \ + esac; \ + for file in $$dist_files; do \ + if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ + if test -d $$d/$$file; then \ + dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ + else \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ + || exit 1; \ + fi; \ + done + @list='$(DIST_SUBDIRS)'; for subdir in $$list; do \ + if test "$$subdir" = .; then :; else \ + $(am__make_dryrun) \ + || test -d "$(distdir)/$$subdir" \ + || $(MKDIR_P) "$(distdir)/$$subdir" \ + || exit 1; \ + dir1=$$subdir; dir2="$(distdir)/$$subdir"; \ + $(am__relativize); \ + new_distdir=$$reldir; \ + dir1=$$subdir; dir2="$(top_distdir)"; \ + $(am__relativize); \ + new_top_distdir=$$reldir; \ + echo " (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) top_distdir="$$new_top_distdir" distdir="$$new_distdir" \\"; \ + echo " am__remove_distdir=: am__skip_length_check=: am__skip_mode_fix=: distdir)"; \ + ($(am__cd) $$subdir && \ + $(MAKE) $(AM_MAKEFLAGS) \ + top_distdir="$$new_top_distdir" \ + distdir="$$new_distdir" \ + am__remove_distdir=: \ + am__skip_length_check=: \ + am__skip_mode_fix=: \ + distdir) \ + || exit 1; \ + fi; \ + done + $(MAKE) $(AM_MAKEFLAGS) \ + top_distdir="$(top_distdir)" distdir="$(distdir)" \ + dist-hook + -test -n "$(am__skip_mode_fix)" \ + || find "$(distdir)" -type d ! -perm -755 \ + -exec chmod u+rwx,go+rx {} \; -o \ + ! -type d ! -perm -444 -links 1 -exec chmod a+r {} \; -o \ + ! -type d ! -perm -400 -exec chmod a+r {} \; -o \ + ! -type d ! -perm -444 -exec $(install_sh) -c -m a+r {} {} \; \ + || chmod -R a+r "$(distdir)" +dist-gzip: distdir + tardir=$(distdir) && $(am__tar) | eval GZIP= gzip $(GZIP_ENV) -c >$(distdir).tar.gz + $(am__post_remove_distdir) + +dist-bzip2: distdir + tardir=$(distdir) && $(am__tar) | BZIP2=$${BZIP2--9} bzip2 -c >$(distdir).tar.bz2 + $(am__post_remove_distdir) + +dist-lzip: distdir + tardir=$(distdir) && $(am__tar) | lzip -c $${LZIP_OPT--9} >$(distdir).tar.lz + $(am__post_remove_distdir) +dist-xz: distdir + tardir=$(distdir) && $(am__tar) | XZ_OPT=$${XZ_OPT--e} xz -c >$(distdir).tar.xz + $(am__post_remove_distdir) + +dist-tarZ: distdir + @echo WARNING: "Support for distribution archives compressed with" \ + "legacy program 'compress' is deprecated." >&2 + @echo WARNING: "It will be removed altogether in Automake 2.0" >&2 + tardir=$(distdir) && $(am__tar) | compress -c >$(distdir).tar.Z + $(am__post_remove_distdir) + +dist-shar: distdir + @echo WARNING: "Support for shar distribution archives is" \ + "deprecated." >&2 + @echo WARNING: "It will be removed altogether in Automake 2.0" >&2 + shar $(distdir) | eval GZIP= gzip $(GZIP_ENV) -c >$(distdir).shar.gz + $(am__post_remove_distdir) + +dist-zip: distdir + -rm -f $(distdir).zip + zip -rq $(distdir).zip $(distdir) + $(am__post_remove_distdir) + +dist dist-all: + $(MAKE) $(AM_MAKEFLAGS) $(DIST_TARGETS) am__post_remove_distdir='@:' + $(am__post_remove_distdir) + +# This target untars the dist file and tries a VPATH configuration. Then +# it guarantees that the distribution is self-contained by making another +# tarfile. +distcheck: dist + case '$(DIST_ARCHIVES)' in \ + *.tar.gz*) \ + eval GZIP= gzip $(GZIP_ENV) -dc $(distdir).tar.gz | $(am__untar) ;;\ + *.tar.bz2*) \ + bzip2 -dc $(distdir).tar.bz2 | $(am__untar) ;;\ + *.tar.lz*) \ + lzip -dc $(distdir).tar.lz | $(am__untar) ;;\ + *.tar.xz*) \ + xz -dc $(distdir).tar.xz | $(am__untar) ;;\ + *.tar.Z*) \ + uncompress -c $(distdir).tar.Z | $(am__untar) ;;\ + *.shar.gz*) \ + eval GZIP= gzip $(GZIP_ENV) -dc $(distdir).shar.gz | unshar ;;\ + *.zip*) \ + unzip $(distdir).zip ;;\ + esac + chmod -R a-w $(distdir) + chmod u+w $(distdir) + mkdir $(distdir)/_build $(distdir)/_build/sub $(distdir)/_inst + chmod a-w $(distdir) + test -d $(distdir)/_build || exit 0; \ + dc_install_base=`$(am__cd) $(distdir)/_inst && pwd | sed -e 's,^[^:\\/]:[\\/],/,'` \ + && dc_destdir="$${TMPDIR-/tmp}/am-dc-$$$$/" \ + && am__cwd=`pwd` \ + && $(am__cd) $(distdir)/_build/sub \ + && ../../configure \ + $(AM_DISTCHECK_CONFIGURE_FLAGS) \ + $(DISTCHECK_CONFIGURE_FLAGS) \ + --srcdir=../.. --prefix="$$dc_install_base" \ + && $(MAKE) $(AM_MAKEFLAGS) \ + && $(MAKE) $(AM_MAKEFLAGS) dvi \ + && $(MAKE) $(AM_MAKEFLAGS) check \ + && $(MAKE) $(AM_MAKEFLAGS) install \ + && $(MAKE) $(AM_MAKEFLAGS) installcheck \ + && $(MAKE) $(AM_MAKEFLAGS) uninstall \ + && $(MAKE) $(AM_MAKEFLAGS) distuninstallcheck_dir="$$dc_install_base" \ + distuninstallcheck \ + && chmod -R a-w "$$dc_install_base" \ + && ({ \ + (cd ../.. && umask 077 && mkdir "$$dc_destdir") \ + && $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" install \ + && $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" uninstall \ + && $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" \ + distuninstallcheck_dir="$$dc_destdir" distuninstallcheck; \ + } || { rm -rf "$$dc_destdir"; exit 1; }) \ + && rm -rf "$$dc_destdir" \ + && $(MAKE) $(AM_MAKEFLAGS) dist \ + && rm -rf $(DIST_ARCHIVES) \ + && $(MAKE) $(AM_MAKEFLAGS) distcleancheck \ + && cd "$$am__cwd" \ + || exit 1 + $(am__post_remove_distdir) + @(echo "$(distdir) archives ready for distribution: "; \ + list='$(DIST_ARCHIVES)'; for i in $$list; do echo $$i; done) | \ + sed -e 1h -e 1s/./=/g -e 1p -e 1x -e '$$p' -e '$$x' +distuninstallcheck: + @test -n '$(distuninstallcheck_dir)' || { \ + echo 'ERROR: trying to run $@ with an empty' \ + '$$(distuninstallcheck_dir)' >&2; \ + exit 1; \ + }; \ + $(am__cd) '$(distuninstallcheck_dir)' || { \ + echo 'ERROR: cannot chdir into $(distuninstallcheck_dir)' >&2; \ + exit 1; \ + }; \ + test `$(am__distuninstallcheck_listfiles) | wc -l` -eq 0 \ + || { echo "ERROR: files left after uninstall:" ; \ + if test -n "$(DESTDIR)"; then \ + echo " (check DESTDIR support)"; \ + fi ; \ + $(distuninstallcheck_listfiles) ; \ + exit 1; } >&2 +distcleancheck: distclean + @if test '$(srcdir)' = . ; then \ + echo "ERROR: distcleancheck can only run from a VPATH build" ; \ + exit 1 ; \ + fi + @test `$(distcleancheck_listfiles) | wc -l` -eq 0 \ + || { echo "ERROR: files left in build directory after distclean:" ; \ + $(distcleancheck_listfiles) ; \ + exit 1; } >&2 +check-am: all-am +check: check-recursive +all-am: Makefile config.h +installdirs: installdirs-recursive +installdirs-am: +install: install-recursive +install-exec: install-exec-recursive +install-data: install-data-recursive +uninstall: uninstall-recursive + +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am + +installcheck: installcheck-recursive +install-strip: + if test -z '$(STRIP)'; then \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + install; \ + else \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ + fi +mostlyclean-generic: + +clean-generic: + +distclean-generic: + -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + -test -z "$(DISTCLEANFILES)" || rm -f $(DISTCLEANFILES) + +maintainer-clean-generic: + @echo "This command is intended for maintainers to use" + @echo "it deletes files that may require special tools to rebuild." +clean: clean-recursive + +clean-am: clean-generic clean-libtool clean-local mostlyclean-am + +distclean: distclean-recursive + -rm -f $(am__CONFIG_DISTCLEAN_FILES) + -rm -f Makefile +distclean-am: clean-am distclean-generic distclean-hdr \ + distclean-libtool distclean-local distclean-tags + +dvi: dvi-recursive + +dvi-am: + +html: html-recursive + +html-am: + +info: info-recursive + +info-am: + +install-data-am: + +install-dvi: install-dvi-recursive + +install-dvi-am: + +install-exec-am: + +install-html: install-html-recursive + +install-html-am: + +install-info: install-info-recursive + +install-info-am: + +install-man: + +install-pdf: install-pdf-recursive + +install-pdf-am: + +install-ps: install-ps-recursive + +install-ps-am: + +installcheck-am: + +maintainer-clean: maintainer-clean-recursive + -rm -f $(am__CONFIG_DISTCLEAN_FILES) + -rm -rf $(top_srcdir)/autom4te.cache + -rm -f Makefile +maintainer-clean-am: distclean-am maintainer-clean-generic + +mostlyclean: mostlyclean-recursive + +mostlyclean-am: mostlyclean-generic mostlyclean-libtool + +pdf: pdf-recursive + +pdf-am: + +ps: ps-recursive + +ps-am: + +uninstall-am: + +.MAKE: $(am__recursive_targets) all install-am install-strip + +.PHONY: $(am__recursive_targets) CTAGS GTAGS TAGS all all-am \ + am--refresh check check-am clean clean-cscope clean-generic \ + clean-libtool clean-local cscope cscopelist-am ctags ctags-am \ + dist dist-all dist-bzip2 dist-gzip dist-hook dist-lzip \ + dist-shar dist-tarZ dist-xz dist-zip distcheck distclean \ + distclean-generic distclean-hdr distclean-libtool \ + distclean-local distclean-tags distcleancheck distdir \ + distuninstallcheck dvi dvi-am html html-am info info-am \ + install install-am install-data install-data-am install-dvi \ + install-dvi-am install-exec install-exec-am install-html \ + install-html-am install-info install-info-am install-man \ + install-pdf install-pdf-am install-ps install-ps-am \ + install-strip installcheck installcheck-am installdirs \ + installdirs-am maintainer-clean maintainer-clean-generic \ + mostlyclean mostlyclean-generic mostlyclean-libtool pdf pdf-am \ + ps ps-am tags tags-am uninstall uninstall-am + +.PRECIOUS: Makefile + + +AUTHORS: + @echo -e "The authors list is autogenerated from the git history; sorted by number of commits\n" >AUTHORS + @git shortlog -sen| cut -f 2 | sed 's/@/ at /g' >> AUTHORS + @echo -e "\n\nThe translators list is autogenerated from po file history\n" >>AUTHORS + @sed -n 's/.*Last-Translator: *\(.*\) *<.*/\1/p' po/*.po | sort -u >>AUTHORS + +pic-check: + @echo "Checking for position dependent code" + readelf -d $(builddir)/lib/.libs/libgnutls.so|grep TEXTREL; if test $$? = 0;then \ + eu-findtextrel $(builddir)/lib/.libs/libgnutls.so; \ + false; \ + fi + +abi-dump-versioned: lib/libgnutls.la libdane/libgnutls-dane.la + @echo "**************************************************************************" + @echo "Generating versioned ABI files of current gnutls and gnutls-dane libraries" + @echo "**************************************************************************" + @abidw lib/.libs/libgnutls.so $(ABIDW_COMMON) --suppressions $(ABIGNORE_FILE) --out-file "$(srcdir)/devel/libgnutls-$(VERSION)-$$(uname -m).abi" + @abidw libdane/.libs/libgnutls-dane.so $(ABIDW_COMMON) --out-file "$(srcdir)/devel/libdane-$(VERSION)-$$(uname -m).abi" + +abi-dump-latest: lib/libgnutls.la libdane/libgnutls-dane.la + @echo "****************************************************************" + @echo "Generating ABI files of current gnutls and gnutls-dane libraries" + @echo "****************************************************************" + @abidw lib/.libs/libgnutls.so $(ABIDW_COMMON) --suppressions $(ABIGNORE_FILE) --out-file $(LIBGNUTLS_ABI_LAST_FILE) + @abidw libdane/.libs/libgnutls-dane.so $(ABIDW_COMMON) --out-file $(LIBDANE_ABI_LAST_FILE) + @rm -f "./devel/libgnutls-latest-$$(uname -m).tmp" + @rm -f "./devel/libdane-latest-$$(uname -m).tmp" + +abi-check-latest: lib/libgnutls.la libdane/libgnutls-dane.la + @echo "Checking whether the latest ABI dump matches" + @abidiff --suppressions $(ABIGNORE_FILE) lib/.libs/libgnutls.so $(LIBGNUTLS_ABI_LAST_FILE) --hd2 "$(srcdir)/lib/includes/gnutls/"; if test $$? != 0;then \ + echo "*********************************************************"; \ + echo "libgnutls ABI has changed; use 'make-files-update' "; \ + echo "and use 'git diff' to check correctness before committing"; \ + echo "*********************************************************"; \ + false; \ + fi + @abidiff libdane/.libs/libgnutls-dane.so $(LIBDANE_ABI_LAST_FILE) --hd2 "$(srcdir)/libdane/includes/gnutls/"; if test $$? != 0;then \ + echo "*********************************************************"; \ + echo "libgnutls-dane ABI has changed; use 'make-files-update' "; \ + echo "and use 'git diff' to check correctness before committing"; \ + echo "*********************************************************"; \ + false; \ + fi + @echo "********************************" + @echo "Current release matches ABI dump" + @echo "********************************" +abi-check: lib/libgnutls.la libdane/libgnutls-dane.la + @for file in $$(echo $(srcdir)/devel/libgnutls-*-$$(uname -m).abi);do \ + echo "Comparing libgnutls with $$file"; \ + abidiff $${file} lib/.libs/libgnutls.so $(ABICHECK_COMMON) --suppressions $(ABIGNORE_FILE) --hd2 "$(srcdir)/lib/includes/gnutls/"; \ + if test $$? != 0;then \ + echo "****************************************************************************"; \ + echo "ABI check failed; If intentional add suppression in devel/libgnutls.abignore"; \ + echo "****************************************************************************"; \ + false; \ + fi; \ + done + @for file in $$(echo $(srcdir)/devel/libdane-*-$$(uname -m).abi);do \ + echo "Comparing libgnutls-dane with $$file"; \ + abidiff $${file} libdane/.libs/libgnutls-dane.so $(ABICHECK_COMMON) --hd2 "$(srcdir)/libdane/includes/gnutls/"; \ + if test $$? != 0;then \ + echo "**********************************************"; \ + echo "ABI check failed; If intentional add a "; \ + echo "libabigail suppression file for libgnutls-dane"; \ + echo "**********************************************"; \ + false; \ + fi; \ + done + @echo "********************" + @echo "ABI checks completed" + @echo "********************" + +symbol-check: lib/libgnutls.la + @objdump -T $(builddir)/lib/.libs/libgnutls.so | grep -v ' \*UND\*' | awk '{print $$7 "@" $$6;}' | grep -v GNUTLS_FIPS140 | grep -v GNUTLS_PRIVATE | grep -v '^@' | sort -u >symbols.last.tmp + @diff -u $(SYMBOLS_LAST_FILE) symbols.last.tmp >/dev/null 2>&1; if test $$? != 0;then \ + diff -u $(SYMBOLS_LAST_FILE) symbols.last.tmp | grep -v '\-\-\-' >symbols.diff.tmp 2>&1; \ + if grep -e '^-' symbols.diff.tmp;then \ + echo "*******************************************"; \ + echo "Symbols were removed from the library. "; \ + echo "Check symbols.diff.tmp for more information"; \ + echo "*******************************************"; \ + false; \ + else \ + echo "*************************************************************"; \ + echo "Symbols were added in the library; use 'make-files-update' "; \ + echo "and use 'git diff' to check correctness before committing "; \ + echo "*************************************************************"; \ + false; \ + fi \ + else \ + test -f symbols.diff.tmp && cat symbols.diff.tmp; \ + echo "**************************"; \ + echo "No symbol changes detected"; \ + echo "**************************"; \ + fi + rm -f symbols.last.tmp symbols.diff.tmp + +# Code coverage +# +# Optional: +# - CODE_COVERAGE_DIRECTORY: Top-level directory for code coverage reporting. +# Multiple directories may be specified, separated by whitespace. +# (Default: $(top_builddir)) +# - CODE_COVERAGE_OUTPUT_FILE: Filename and path for the .info file generated +# by lcov for code coverage. (Default: +# $(PACKAGE_NAME)-$(PACKAGE_VERSION)-coverage.info) +# - CODE_COVERAGE_OUTPUT_DIRECTORY: Directory for generated code coverage +# reports to be created. (Default: +# $(PACKAGE_NAME)-$(PACKAGE_VERSION)-coverage) +# - CODE_COVERAGE_BRANCH_COVERAGE: Set to 1 to enforce branch coverage, +# set to 0 to disable it and leave empty to stay with the default. +# (Default: empty) +# - CODE_COVERAGE_LCOV_SHOPTS_DEFAULT: Extra options shared between both lcov +# instances. (Default: based on ) +# - CODE_COVERAGE_LCOV_SHOPTS: Extra options to shared between both lcov +# instances. (Default: ) +# - CODE_COVERAGE_LCOV_OPTIONS_GCOVPATH: --gcov-tool pathtogcov +# - CODE_COVERAGE_LCOV_OPTIONS_DEFAULT: Extra options to pass to the +# collecting lcov instance. (Default: ) +# - CODE_COVERAGE_LCOV_OPTIONS: Extra options to pass to the collecting lcov +# instance. (Default: ) +# - CODE_COVERAGE_LCOV_RMOPTS_DEFAULT: Extra options to pass to the filtering +# lcov instance. (Default: empty) +# - CODE_COVERAGE_LCOV_RMOPTS: Extra options to pass to the filtering lcov +# instance. (Default: ) +# - CODE_COVERAGE_GENHTML_OPTIONS_DEFAULT: Extra options to pass to the +# genhtml instance. (Default: based on ) +# - CODE_COVERAGE_GENHTML_OPTIONS: Extra options to pass to the genhtml +# instance. (Default: ) +# - CODE_COVERAGE_IGNORE_PATTERN: Extra glob pattern of files to ignore +# +# The generated report will be titled using the $(PACKAGE_NAME) and +# $(PACKAGE_VERSION). In order to add the current git hash to the title, +# use the git-version-gen script, available online. +# Optional variables +# run only on top dir +@CODE_COVERAGE_ENABLED_TRUE@ ifeq ($(abs_builddir), $(abs_top_builddir)) +@CODE_COVERAGE_ENABLED_TRUE@CODE_COVERAGE_DIRECTORY ?= $(top_builddir) +@CODE_COVERAGE_ENABLED_TRUE@CODE_COVERAGE_OUTPUT_FILE ?= $(PACKAGE_NAME)-$(PACKAGE_VERSION)-coverage.info +@CODE_COVERAGE_ENABLED_TRUE@CODE_COVERAGE_OUTPUT_DIRECTORY ?= $(PACKAGE_NAME)-$(PACKAGE_VERSION)-coverage + +@CODE_COVERAGE_ENABLED_TRUE@CODE_COVERAGE_BRANCH_COVERAGE ?= +@CODE_COVERAGE_ENABLED_TRUE@CODE_COVERAGE_LCOV_SHOPTS_DEFAULT ?= $(if $(CODE_COVERAGE_BRANCH_COVERAGE),--rc lcov_branch_coverage=$(CODE_COVERAGE_BRANCH_COVERAGE)) +@CODE_COVERAGE_ENABLED_TRUE@CODE_COVERAGE_LCOV_SHOPTS ?= $(CODE_COVERAGE_LCOV_SHOPTS_DEFAULT) +@CODE_COVERAGE_ENABLED_TRUE@CODE_COVERAGE_LCOV_OPTIONS_GCOVPATH ?= --gcov-tool "$(GCOV)" +@CODE_COVERAGE_ENABLED_TRUE@CODE_COVERAGE_LCOV_OPTIONS_DEFAULT ?= $(CODE_COVERAGE_LCOV_OPTIONS_GCOVPATH) +@CODE_COVERAGE_ENABLED_TRUE@CODE_COVERAGE_LCOV_OPTIONS ?= $(CODE_COVERAGE_LCOV_OPTIONS_DEFAULT) +@CODE_COVERAGE_ENABLED_TRUE@CODE_COVERAGE_LCOV_RMOPTS_DEFAULT ?= +@CODE_COVERAGE_ENABLED_TRUE@CODE_COVERAGE_LCOV_RMOPTS ?= $(CODE_COVERAGE_LCOV_RMOPTS_DEFAULT) +@CODE_COVERAGE_ENABLED_TRUE@CODE_COVERAGE_GENHTML_OPTIONS_DEFAULT ?=$(if $(CODE_COVERAGE_BRANCH_COVERAGE),--rc genhtml_branch_coverage=$(CODE_COVERAGE_BRANCH_COVERAGE)) +@CODE_COVERAGE_ENABLED_TRUE@CODE_COVERAGE_GENHTML_OPTIONS ?= $(CODE_COVERAGE_GENHTML_OPTIONS_DEFAULT) +@CODE_COVERAGE_ENABLED_TRUE@CODE_COVERAGE_IGNORE_PATTERN ?= + +# Use recursive makes in order to ignore errors during check +@CODE_COVERAGE_ENABLED_TRUE@check-code-coverage: +@CODE_COVERAGE_ENABLED_TRUE@ -$(AM_V_at)$(MAKE) $(AM_MAKEFLAGS) -k check +@CODE_COVERAGE_ENABLED_TRUE@ $(AM_V_at)$(MAKE) $(AM_MAKEFLAGS) code-coverage-capture + +# Capture code coverage data +@CODE_COVERAGE_ENABLED_TRUE@code-coverage-capture: code-coverage-capture-hook +@CODE_COVERAGE_ENABLED_TRUE@ $(code_coverage_v_lcov_cap)$(LCOV) $(code_coverage_quiet) $(addprefix --directory ,$(CODE_COVERAGE_DIRECTORY)) --capture --output-file "$(CODE_COVERAGE_OUTPUT_FILE).tmp" --test-name "$(call code_coverage_sanitize,$(PACKAGE_NAME)-$(PACKAGE_VERSION))" --no-checksum --compat-libtool $(CODE_COVERAGE_LCOV_SHOPTS) $(CODE_COVERAGE_LCOV_OPTIONS) +@CODE_COVERAGE_ENABLED_TRUE@ $(code_coverage_v_lcov_ign)$(LCOV) $(code_coverage_quiet) $(addprefix --directory ,$(CODE_COVERAGE_DIRECTORY)) --remove "$(CODE_COVERAGE_OUTPUT_FILE).tmp" "/tmp/*" $(CODE_COVERAGE_IGNORE_PATTERN) --output-file "$(CODE_COVERAGE_OUTPUT_FILE)" $(CODE_COVERAGE_LCOV_SHOPTS) $(CODE_COVERAGE_LCOV_RMOPTS) +@CODE_COVERAGE_ENABLED_TRUE@ -@rm -f "$(CODE_COVERAGE_OUTPUT_FILE).tmp" +@CODE_COVERAGE_ENABLED_TRUE@ $(code_coverage_v_genhtml)LANG=C $(GENHTML) $(code_coverage_quiet) $(addprefix --prefix ,$(CODE_COVERAGE_DIRECTORY)) --output-directory "$(CODE_COVERAGE_OUTPUT_DIRECTORY)" --title "$(PACKAGE_NAME)-$(PACKAGE_VERSION) Code Coverage" --legend --show-details "$(CODE_COVERAGE_OUTPUT_FILE)" $(CODE_COVERAGE_GENHTML_OPTIONS) +@CODE_COVERAGE_ENABLED_TRUE@ @echo "file://$(abs_builddir)/$(CODE_COVERAGE_OUTPUT_DIRECTORY)/index.html" + +@CODE_COVERAGE_ENABLED_TRUE@code-coverage-clean: +@CODE_COVERAGE_ENABLED_TRUE@ -$(LCOV) --directory $(top_builddir) -z +@CODE_COVERAGE_ENABLED_TRUE@ -rm -rf "$(CODE_COVERAGE_OUTPUT_FILE)" "$(CODE_COVERAGE_OUTPUT_FILE).tmp" "$(CODE_COVERAGE_OUTPUT_DIRECTORY)" +@CODE_COVERAGE_ENABLED_TRUE@ -find . \( -name "*.gcda" -o -name "*.gcno" -o -name "*.gcov" \) -delete + +@CODE_COVERAGE_ENABLED_TRUE@code-coverage-dist-clean: +@CODE_COVERAGE_ENABLED_TRUE@ else # ifneq ($(abs_builddir), $(abs_top_builddir)) +@CODE_COVERAGE_ENABLED_TRUE@check-code-coverage: + +@CODE_COVERAGE_ENABLED_TRUE@code-coverage-capture: code-coverage-capture-hook + +@CODE_COVERAGE_ENABLED_TRUE@code-coverage-clean: + +@CODE_COVERAGE_ENABLED_TRUE@code-coverage-dist-clean: +@CODE_COVERAGE_ENABLED_TRUE@ endif # ifeq ($(abs_builddir), $(abs_top_builddir)) +# Use recursive makes in order to ignore errors during check +@CODE_COVERAGE_ENABLED_FALSE@check-code-coverage: +@CODE_COVERAGE_ENABLED_FALSE@ @echo "Need to reconfigure with --enable-code-coverage" +# Capture code coverage data +@CODE_COVERAGE_ENABLED_FALSE@code-coverage-capture: code-coverage-capture-hook +@CODE_COVERAGE_ENABLED_FALSE@ @echo "Need to reconfigure with --enable-code-coverage" + +@CODE_COVERAGE_ENABLED_FALSE@code-coverage-clean: + +@CODE_COVERAGE_ENABLED_FALSE@code-coverage-dist-clean: + +# Hook rule executed before code-coverage-capture, overridable by the user +code-coverage-capture-hook: + +.PHONY: check-code-coverage code-coverage-capture code-coverage-dist-clean code-coverage-clean code-coverage-capture-hook + +clean-local: code-coverage-clean +distclean-local: code-coverage-dist-clean + +local-code-coverage-output: code-coverage-capture + cat GnuTLS-$(VERSION)-coverage/index.html|grep headerCovTableEntry|grep '%'|head -1|sed 's/^.*>\([0-9]\+\.[0-9]\+\s*%\)<.*$$/ coverage lines: \1/' || true + +libopts-check: + @echo "*****************************************************************" + @echo "Checking whether included libopts matches the system's. If the" + @echo "check fails upgrade the included libopts." + @echo "*****************************************************************" + test "`autoopts-config libsrc|awk -F '-' '{print $$NF}'|sed 's/.tar.gz//'`" = "`cat $(srcdir)/src/libopts/autoopts/options.h |grep OPTIONS_VERSION_STRING|cut -d '"' -f 2|sed 's/:/./g'`" + +files-update: libopts-check abi-dump-latest + $(MAKE) -C doc/ compare-makefile || mv doc/tmp-compare-makefile $(srcdir)/doc/Makefile.am + $(MAKE) -C doc/manpages compare-makefile || mv doc/manpages/tmp-compare-makefile $(srcdir)/doc/manpages/Makefile.am + $(MAKE) -C . symbol-check || mv symbols.last.tmp $(SYMBOLS_LAST_FILE) + @echo "******************************************************************************************" + @echo "updated auto-generated files; please use git diff to verify the correctness of the changes" + @echo "******************************************************************************************" + +dist-hook: libopts-check + $(PKG_CONFIG) --atleast-version=2.2.0 guile-2.2 + if test -d "$(top_srcdir)/devel";then \ + $(MAKE) -C $(top_srcdir) symbol-check && \ + $(MAKE) -C $(top_srcdir) abi-check-latest; \ + fi + $(MAKE) -C doc/ compare-makefile + $(MAKE) -C doc/ compare-exported + $(MAKE) -C doc/manpages compare-makefile + $(MAKE) ChangeLog + mv ChangeLog $(distdir) + touch $(distdir)/doc/*.html $(distdir)/doc/*.pdf $(distdir)/doc/*.info + +.PHONY: abi-check abi-dump-versioned abi-dump-latest pic-check symbol-check local-code-coverage-output files-update libopts-check AUTHORS + +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff --git a/NEWS b/NEWS new file mode 100644 index 0000000..9268a0e --- /dev/null +++ b/NEWS @@ -0,0 +1,9581 @@ +GnuTLS NEWS -- History of user-visible changes. -*- outline -*- +Bug numbers referenced in this log correspond to bug numbers at our issue tracker, +available at https://gitlab.com/gnutls/gnutls/issues +Copyright (C) 2000-2016 Free Software Foundation, Inc. +Copyright (C) 2013-2019 Nikos Mavrogiannopoulos +See the end for copying conditions. + +* Version 3.6.8 (released 2019-05-28) + +** libgnutls: Added gnutls_prf_early() function to retrieve early keying + material (#329) + +** libgnutls: Added support for AES-XTS cipher (#354) + +** libgnutls: Fix calculation of Streebog digests (incorrect carry operation in + 512 bit addition) + +** libgnutls: During Diffie-Hellman operations in TLS, verify that the peer's + public key is on the right subgroup (y^q=1 mod p), when q is available (under + TLS 1.3 and under earlier versions when RFC7919 parameters are used). + +** libgnutls: the gnutls_srp_set_server_credentials_function can now be used + with the 8192 parameters as well (#995). + +** libgnutls: Fixed bug preventing the use of gnutls_pubkey_verify_data2() and + gnutls_pubkey_verify_hash2() with the GNUTLS_VERIFY_DISABLE_CA_SIGN flag (#754) + +** libgnutls: The priority string option %ALLOW_SMALL_RECORDS was added to allow + clients to communicate with the server advertising smaller limits than 512 + +** libgnutls: Apply STD3 ASCII rules in gnutls_idna_map() to prevent + hostname/domain crafting via IDNA conversion (#720) + +** certtool: allow the digital signature key usage flag in CA certificates. + Previously certtool would ignore this flag for CA certificates even if + specified (#767) + +** gnutls-cli/serv: added the --keymatexport and --keymatexportsize options. + These allow testing the RFC5705 using these tools. + +** API and ABI modifications: +gnutls_prf_early: Added +gnutls_record_set_max_recv_size: Added +gnutls_dh_params_import_raw3: Added +gnutls_ffdhe_2048_group_q: Added +gnutls_ffdhe_3072_group_q: Added +gnutls_ffdhe_4096_group_q: Added +gnutls_ffdhe_6144_group_q: Added +gnutls_ffdhe_8192_group_q: Added + + +* Version 3.6.7 (released 2019-03-27) + +** libgnutls, gnutls tools: Every gnutls_free() will automatically set + the free'd pointer to NULL. This prevents possible use-after-free and + double free issues. Use-after-free will be turned into NULL dereference. + The counter-measure does not extend to applications using gnutls_free(). + +** libgnutls: Fixed a memory corruption (double free) vulnerability in the + certificate verification API. Reported by Tavis Ormandy; addressed with + the change above. [GNUTLS-SA-2019-03-27, #694] + +** libgnutls: Fixed an invalid pointer access via malformed TLS1.3 async messages; + Found using tlsfuzzer. [GNUTLS-SA-2019-03-27, #704] + +** libgnutls: enforce key usage limitations on certificates more actively. + Previously we would enforce it for TLS1.2 protocol, now we enforce it + even when TLS1.3 is negotiated, or on client certificates as well. When + an inappropriate for TLS1.3 certificate is seen on the credentials structure + GnuTLS will disable TLS1.3 support for that session (#690). + +** libgnutls: the default number of tickets sent under TLS 1.3 was increased to + two. This makes it easier for clients which perform multiple connections + to the server to use the tickets sent by a default server. + +** libgnutls: enforce the equality of the two signature parameters fields in + a certificate. We were already enforcing the signature algorithm, but there + was a bug in parameter checking code. + +** libgnutls: fixed issue preventing sending and receiving from different + threads when false start was enabled (#713). + +** libgnutls: the flag GNUTLS_PKCS11_OBJ_FLAG_LOGIN_SO now implies a writable + session, as non-writeable security officer sessions are undefined in PKCS#11 + (#721). + +** libgnutls: no longer send downgrade sentinel in TLS 1.3. + Previously the sentinel value was embedded to early in version + negotiation and was sent even on TLS 1.3. It is now sent only when + TLS 1.2 or earlier is negotiated (#689). + +** gnutls-cli: Added option --logfile to redirect informational messages output. + +** API and ABI modifications: +No changes since last version. + + +* Version 3.6.6 (released 2019-01-25) + +** libgnutls: gnutls_pubkey_import_ecc_raw() was fixed to set the number bits + on the public key (#640). + +** libgnutls: Added support for raw public-key authentication as defined in RFC7250. + Raw public-keys can be negotiated by enabling the corresponding certificate + types via the priority strings. The raw public-key mechanism must be explicitly + enabled via the GNUTLS_ENABLE_RAWPK init flag (#26, #280). + +** libgnutls: When on server or client side we are sending no extensions we do + not set an empty extensions field but we rather remove that field competely. + This solves a regression since 3.5.x and improves compatibility of the server + side with certain clients. + +** libgnutls: We no longer mark RSA keys in PKCS#11 tokens as RSA-PSS capable if + the CKA_SIGN is not set (#667). + +** libgnutls: The priority string option %NO_EXTENSIONS was improved to completely + disable extensions at all cases, while providing a functional session. This + also implies that when specified, TLS1.3 is disabled. + +** libgnutls: GNUTLS_X509_NO_WELL_DEFINED_EXPIRATION was marked as deprecated. + The previous definition was non-functional (#609). + +** API and ABI modifications: +GNUTLS_ENABLE_RAWPK: Added +GNUTLS_ENABLE_CERT_TYPE_NEG: Removed (was no-op; replaced by GNUTLS_ENABLE_RAWPK) +GNUTLS_X509_NO_WELL_DEFINED_EXPIRATION: Deprecated +GNUTLS_PCERT_NO_CERT: Deprecated + + +* Version 3.6.5 (released 2018-12-01) + +** libgnutls: Provide the option of transparent re-handshake/reauthentication + when the GNUTLS_AUTO_REAUTH flag is specified in gnutls_init() (#571). + +** libgnutls: Added support for TLS 1.3 zero round-trip (0-RTT) mode (#127) + +** libgnutls: The priority functions will ignore and not enable TLS1.3 if + requested with legacy TLS versions enabled but not TLS1.2. That is because + if such a priority string is used in the client side (e.g., TLS1.3+TLS1.0 enabled) + servers which do not support TLS1.3 will negotiate TLS1.2 which will be + rejected by the client as disabled (#621). + +** libgnutls: Change RSA decryption to use a new side-channel silent function. + This addresses a security issue where memory access patterns as well as timing + on the underlying Nettle rsa-decrypt function could lead to new Bleichenbacher + attacks. Side-channel resistant code is slower due to the need to mask + access and timings. When used in TLS the new functions cause RSA based + handshakes to be between 13% and 28% slower on average (Numbers are indicative, + the tests where performed on a relatively modern Intel CPU, results vary + depending on the CPU and architecture used). This change makes nettle 3.4.1 + the minimum requirement of gnutls (#630). [CVSS: medium] + +** libgnutls: gnutls_priority_init() and friends, allow the CTYPE-OPENPGP keyword + in the priority string. It is only accepted as legacy option and is ignored. + +** libgnutls: Added support for EdDSA under PKCS#11 (#417) + +** libgnutls: Added support for AES-CFB8 cipher (#357) + +** libgnutls: Added support for AES-CMAC MAC (#351) + +** libgnutls: In two previous versions GNUTLS_CIPHER_GOST28147_CPB/CPC/CPD_CFB ciphers + have incorrectly used CryptoPro-A S-BOX instead of proper (CryptoPro-B/-C/-D + S-BOXes). They are fixed now. + +** libgnutls: Added support for GOST key unmasking and unwrapped GOST private + keys parsing, as specified in R 50.1.112-2016. + +** gnutls-serv: It applies the default settings when no --priority option is given, + using gnutls_set_default_priority(). + +** p11tool: Fix initialization of security officer's PIN with the --initialize-so-pin + option (#561) + +** certtool: Add parameter --no-text that prevents certtool from outputting + text before PEM-encoded private key, public key, certificate, CRL or CSR. + +** API and ABI modifications: +GNUTLS_AUTO_REAUTH: Added +GNUTLS_CIPHER_AES_128_CFB8: Added +GNUTLS_CIPHER_AES_192_CFB8: Added +GNUTLS_CIPHER_AES_256_CFB8: Added +GNUTLS_MAC_AES_CMAC_128: Added +GNUTLS_MAC_AES_CMAC_256: Added +gnutls_record_get_max_early_data_size: Added +gnutls_record_send_early_data: Added +gnutls_record_recv_early_data: Added +gnutls_db_check_entry_expire_time: Added +gnutls_anti_replay_set_add_function: Added +gnutls_anti_replay_init: Added +gnutls_anti_replay_deinit: Added +gnutls_anti_replay_set_window: Added +gnutls_anti_replay_enable: Added +gnutls_privkey_decrypt_data2: Added + + +* Version 3.6.4 (released 2018-09-24) + +** libgnutls: Added the final (RFC8446) version numbering of the TLS1.3 protocol. + +** libgnutls: Corrected regression since 3.6.3 in the callbacks set with + gnutls_certificate_set_retrieve_function() which could not handle the case where + no certificates were returned, or the callbacks were set to NULL (see #528). + +** libgnutls: gnutls_handshake() on server returns early on handshake when no + certificate is presented by client and the gnutls_init() flag GNUTLS_ENABLE_EARLY_START + is specified. + +** libgnutls: Added session ticket key rotation on server side with TOTP. + The key set with gnutls_session_ticket_enable_server() is used as a + master key to generate time-based keys for tickets. The rotation + relates to the gnutls_db_set_cache_expiration() period. + +** libgnutls: The 'record size limit' extension is added and preferred to the + 'max record size' extension when possible. + +** libgnutls: Provide a more flexible PKCS#11 search of trust store certificates. + This addresses the problem where the CA certificate doesn't have a subject key + identifier whereas the end certificates have an authority key identifier (#569) + +** libgnutls: gnutls_privkey_export_gost_raw2(), gnutls_privkey_import_gost_raw(), + gnutls_pubkey_export_gost_raw2(), gnutls_pubkey_import_gost_raw() import + and export GOST parameters in the "native" little endian format used for these + curves. This is an intentional incompatible change with 3.6.3. + +** libgnutls: Added support for seperately negotiating client and server certificate types + as defined in RFC7250. This mechanism must be explicitly enabled via the + GNUTLS_ENABLE_CERT_TYPE_NEG flag in gnutls_init(). + +** gnutls-cli: enable CRL validation on startup (#564) + +** API and ABI modifications: +GNUTLS_ENABLE_EARLY_START: Added +GNUTLS_ENABLE_CERT_TYPE_NEG: Added +GNUTLS_TL_FAIL_ON_INVALID_CRL: Added +GNUTLS_CERTIFICATE_VERIFY_CRLS: Added +gnutls_ctype_target_t: New enumeration +gnutls_record_set_max_early_data_size: Added +gnutls_certificate_type_get2: Added +gnutls_priority_certificate_type_list2: Added +gnutls_ffdhe_6144_group_prime: Added +gnutls_ffdhe_6144_group_generator: Added +gnutls_ffdhe_6144_key_bits: Added + + +* Version 3.6.3 (released 2018-07-16) + +** libgnutls: Introduced support for draft-ietf-tls-tls13-28. It includes version + negotiation, post handshake authentication, length hiding, multiple OCSP support, + consistent ciphersuite support across protocols, hello retry requests, ability + to adjust key shares via gnutls_init() flags, certificate authorities extension, + and key usage limits. TLS1.3 draft-28 support can be enabled by default if + the option --enable-tls13-support is given to configure script. + +** libgnutls: Apply compatibility settings for existing applications running with TLS1.2 or + earlier and TLS 1.3. When SRP or NULL ciphersuites are specified in priority strings + TLS 1.3 is will be disabled. When Anonymous ciphersuites are specified in priority + strings, then TLS 1.3 negotiation will be disabled if the session is associated + only with an anonymous credentials structure. + +** Added support for Russian Public Key Infrastructure according to RFCs 4491/4357/7836. + This adds support for using GOST keys for digital signatures and under PKCS#7, PKCS#12, + and PKCS#8 standards. In particular added elliptic curves GOST R 34.10-2001 CryptoProA + 256-bit curve (RFC 4357), GOST R 34.10-2001 CryptoProXchA 256-bit curve (RFC 4357), + and GOST R 34.10-2012 TC26-512-A 512-bit curve (RFC 7836). + +** Provide a uniform cipher list across supported TLS protocols; the CAMELLIA ciphers + as well as ciphers utilizing HMAC-SHA384 and SHA256 have been removed from the default + priority strings, as they are undefined under TLS1.3 and they provide no advantage + over other options in earlier protocols. + +** The SSL 3.0 protocol is disabled on compile-time by default. It can be re-enabled + by specifying --enable-ssl3-support on configure script. + +** libgnutls: Introduced function to switch the current FIPS140-2 operational + mode, i.e., strict vs a more lax mode which will allow certain non FIPS140-2 + operations. + +** libgnutls: Introduced low-level function to assist applications attempting client + hello extension parsing, prior to GnuTLS' parsing of the message. + +** libgnutls: When exporting an X.509 certificate avoid re-encoding if there are no + modifications to the certificate. That prevents DER re-encoding issues with incorrectly + encoded certificates, or other DER incompatibilities to affect a TLS session. + Relates with #403 + +** libgnutls: on group exchange honor the %SERVER_PRECEDENCE and select the groups + which are preferred by the server. That unfortunately has complicated semantics + as TLS1.2 requires specific ordering of the groups based on the ciphersuite ordering, + which could make group order unpredictable if TLS1.3 is negotiated. + +** Improved counter-measures for TLS CBC record padding. Kenny Paterson, Eyal Ronen + and Adi Shamir reported that the existing counter-measures had certain issues and + were insufficient when the attacker has additional access to the CPU cache and + performs a chosen-plaintext attack. This affected the legacy CBC ciphersuites. [CVSS: medium] + +** Introduced the %FORCE_ETM priority string option. This option prevents the negotiation + of legacy CBC ciphersuites unless encrypt-then-mac is negotiated. + +** libgnutls: gnutls_privkey_import_ext4() was enhanced with the + GNUTLS_PRIVKEY_INFO_PK_ALGO_BITS flag. + +** libgnutls: gnutls_pkcs11_copy_secret_key, gnutls_pkcs11_copy_x509_privkey2, + gnutls_pkcs11_privkey_generate3 will mark objects as sensitive by default + unless GNUTLS_PKCS11_OBJ_FLAG_MARK_NOT_SENSITIVE is specified. This is an API + change for these functions which make them err towards safety. + +** libgnutls: improved aarch64 cpu features detection by using getauxval(). + +** certtool: It is now possible to specify certificate and serial CRL numbers greater + than 2**63-2 as a hex-encoded string both when prompted and in a template file. + Default certificate serial numbers are now fully random. Default CRL + numbers include more random bits and are larger than in previous GnuTLS versions. + Since CRL numbers are required to be monotonic, specify suitable CRL numbers manually + if you intend to later downgrade to previous versions as it was not possible + to specify large CRL numbers in previous versions of certtool. + +** API and ABI modifications: +gnutls_fips140_set_mode: Added +gnutls_session_key_update: Added +gnutls_ext_get_current_msg: Added +gnutls_reauth: Added +gnutls_ocsp_status_request_get2: Added +gnutls_ocsp_resp_import2: Added +gnutls_ocsp_resp_export2: Added +gnutls_ocsp_resp_list_import2: Added +gnutls_certificate_set_retrieve_function3: Added +gnutls_certificate_set_ocsp_status_request_file2: Added +gnutls_certificate_set_ocsp_status_request_mem: Added +gnutls_certificate_get_ocsp_expiration: Added +gnutls_record_send2: Added +gnutls_ext_raw_parse: Added +gnutls_x509_crt_list_import_url: Added +gnutls_pcert_list_import_x509_file: Added +gnutls_pkcs11_token_get_ptr: Added +gnutls_pkcs11_obj_get_ptr: Added +gnutls_session_ticket_send: Added +gnutls_aead_cipher_encryptv: Added +gnutls_gost_paramset_get_name: Added +gnutls_gost_paramset_get_oid: Added +gnutls_oid_to_gost_paramset: Added +gnutls_decode_gost_rs_value: Added +gnutls_encode_gost_rs_value: Added +gnutls_pubkey_export_gost_raw2: Added +gnutls_pubkey_import_gost_raw: Added +gnutls_x509_crt_get_pk_gost_raw: Added +gnutls_privkey_export_gost_raw2: Added +gnutls_privkey_import_gost_raw: Added +gnutls_x509_privkey_export_gost_raw: Added +gnutls_x509_privkey_import_gost_raw: Added +gnutls_set_default_priority_append: Added +gnutls_priority_init2: Added +GNUTLS_PRIVKEY_INFO_PK_ALGO_BITS: Added +GNUTLS_PKCS11_OBJ_FLAG_MARK_NOT_SENSITIVE: Added + + +* Version 3.6.2 (released 2018-02-16) + +** libgnutls: When verifying against a self signed certificate ignore issuer. + That is, ignore issuer when checking the issuer's parameters strength, resolving + issue #347 which caused self signed certificates to be additionally marked as of + insufficient security level. + +** libgnutls: Corrected MTU calculation for the CBC ciphersuites. The data + MTU calculation now, it correctly accounts for the fixed overhead due to + padding (as 1 byte), while at the same time considers the rest of the + padding as part of data MTU. + +** libgnutls: Address issue of loading of all PKCS#11 modules on startup + on systems with a PKCS#11 trust store (as opposed to a file trust store). + Introduced a multi-stage initialization which loads the trust modules, and + other modules are deferred for the first pure PKCS#11 request. + +** libgnutls: The SRP authentication will reject any parameters outside + RFC5054. This protects any client from potential MitM due to insecure + parameters. That also brings SRP in par with the RFC7919 changes to + Diffie-Hellman. + +** libgnutls: Added the 8192-bit parameters of SRP to the accepted parameters + for SRP authentication. + +** libgnutls: Addressed issue in the accelerated code affecting interoperability + with versions of nettle >= 3.4. + +** libgnutls: Addressed issue in the AES-GCM acceleration under aarch64. + +** libgnutls: Addressed issue in the AES-CBC acceleration under ssse3 (patch by + Vitezslav Cizek). + +** srptool: the --create-conf option no longer includes 1024-bit parameters. + +** p11tool: Fixed the deletion of objects in batch mode. + +** API and ABI modifications: +gnutls_srp_8192_group_generator: Added +gnutls_srp_8192_group_prime: Added + + +* Version 3.6.1 (released 2017-10-21) + +** libgnutls: Fixed interoperability issue with openssl when safe renegotiation was + used. Resolves gitlab issue #259. + +** libgnutls: gnutls_x509_crl_sign, gnutls_x509_crt_sign, + gnutls_x509_crq_sign, were modified to sign with a better algorithm than + SHA1. They will now sign with an algorithm that corresponds to the security + level of the signer's key. + +** libgnutls: gnutls_x509_*_sign2() functions and gnutls_x509_*_privkey_sign() + accept GNUTLS_DIG_UNKNOWN (0) as a hash function option. That will signal + the function to auto-detect an appropriate hash algorithm to use. + +** libgnutls: Removed support for signature algorithms using SHA2-224 in TLS. + TLS 1.3 no longer uses SHA2-224 and it was never a widespread algorithm + in TLS 1.2. As such, no reason to keep supporting it. + +** libgnutls: Refuse to use client certificates containing disallowed + algorithms for a session. That reverts a change on 3.5.5, which allowed + a client to use DSA-SHA1 due to his old DSA certificate, without requiring him + to enable DSA-SHA1 (and thus make it acceptable for the server's certificate). + The previous approach was to allow a smooth move for client infrastructure + after the DSA algorithm became disabled by default, and is no longer necessary + as DSA is now being universally depracated. + +** libgnutls: Refuse to resume a session which had a different SNI advertised. That + improves RFC6066 support in server side. Reported by Thomas Klute. + +** p11tool: Mark all generated objects as sensitive by default. + +** p11tool: added options --sign-params and --hash. This allows testing + signature with multiple algorithms, including RSA-PSS. + +** API and ABI modifications: +No changes since last version. + + +* Version 3.6.0 (released 2017-08-21) + +** libgnutls: tlsfuzzer is part of the CI testsuite. This is a TLS testing and + fuzzying toolkit, allowing for corner case testing, and ensuring that the + behavior of the library will not change across releases. + https://github.com/tomato42/tlsfuzzer + +** libgnutls: Introduced a lock-free random generator which operates per-thread + and eliminates random-generator related bottlenecks in multi-threaded operation. + Resolves gitlab issue #141. + http://nmav.gnutls.org/2017/03/improving-by-simplifying-gnutls-prng.html + +** libgnutls: Replaced the Salsa20 random generator with one based on CHACHA. + The goal is to reduce code needed in cache (CHACHA is also used for TLS), + and the number of primitives used by the library. That does not affect the + AES-DRBG random generator used in FIPS140-2 mode. + +** libgnutls: Added support for RSA-PSS key type as well as signatures in + certificates, and TLS key exchange. Contributed by Daiki Ueno. + RSA-PSS signatures can be generated by RSA-PSS keys and normal RSA keys, + but not vice-versa. The feature includes: + * RSA-PSS key generation and key handling (in PKCS#8 form) + * RSA-PSS key generation and key handling from PKCS#11 (with CKM_RSA_PKCS_PSS mech) + * Handling of RSA-PSS subjectPublicKeyInfo parameters, when present + in either the private key or certificate. + * RSA-PSS signing and verification of PKIX certificates + * RSA-PSS signing and verification of TLS 1.2 handshake + * RSA-PSS signing and verification of PKCS#7 structures + * RSA-PSS and RSA key combinations for TLS credentials. That is, when + multiple keys are supplied, RSA-PSS keys are preferred over RSA for RSA-PSS + TLS signatures, to contain risks of cross-protocol attacks between the algorithms. + * RSA-PSS key conversion to RSA PKCS#1 form (certtool --to-rsa) + Note that RSA-PSS signatures with SHA1 are (intentionally) not supported. + +** libgnutls: Added support for Ed25519 signing in certificates and TLS key + exchange following draft-ietf-tls-rfc4492bis-17. The feature includes: + * Ed25519 key generation and key handling (in PKCS#8 form) + * Ed25519 signing and verification of PKIX certificates + * Ed25519 signing and verification of TLS 1.2 handshake + * Ed25519 signing and verification of PKCS#7 structures + +** libgnutls: Enabled X25519 key exchange by default, following draft-ietf-tls-rfc4492bis-17. + +** libgnutls: Added support for Diffie-Hellman group negotiation following RFC7919. + That makes the DH parameters negotiation more robust and less prone to errors + due to insecure parameters. Servers are no longer required to specific explicit + DH parameters, though if they do these parameters will be used. Group + selection can be done via priority strings. The introduced strings are + GROUP-ALL, GROUP-FFDHE2048, GROUP-FFDHE3072, GROUP-FFDHE4096 and + GROUP-FFDHE8192, as well as the corresponding to curves groups. Note that + the 6144 group from RFC7919 is not supported. + +** libgnutls: Introduced various sanity checks on certificate import. Refuse + to import certificates which have fractional seconds in Time fields, X.509v1 + certificates which have the unique identifiers set, and certificates with illegal + version numbers. All of these are prohibited by RFC5280. + +** libgnutls: Introduced gnutls_x509_crt_set_flags(). This function can set flags + in the crt structure. The only flag supported at the moment is + GNUTLS_X509_CRT_FLAG_IGNORE_SANITY which skips the certificate sanity + checks on import. + +** libgnutls: PKIX certificates with unknown critical extensions are rejected + on verification with status GNUTLS_CERT_UNKNOWN_CRIT_EXTENSIONS. This + behavior can be overridden by providing the flag GNUTLS_VERIFY_IGNORE_UNKNOWN_CRIT_EXTENSIONS + to verification functions. Resolves gitlab issue #177. + +** libgnutls: Refuse to generate a certificate with an illegal version, or an + illegal serial number. That is, gnutls_x509_crt_set_version() and + gnutls_x509_crt_set_serial(), will fail on input considered to be invalid + in RFC5280. + +** libgnutls: Calls to gnutls_record_send() and gnutls_record_recv() + prior to handshake being complete are now refused. Addresses gitlab issue #158. + +** libgnutls: Added support for PKCS#12 files with no salt (zero length) in their + password encoding, and PKCS#12 files using SHA384 and SHA512 as MAC. + +** libgnutls: Exported functions to encode and decode DSA and ECDSA r,s values. + +** libgnutls: Added new callback setting function to gnutls_privkey_t for external + keys. The new function (gnutls_privkey_import_ext4), allows signing in addition + to previous algorithms (RSA PKCS#1 1.5, DSA, ECDSA), with RSA-PSS and Ed25519 + keys. + +** libgnutls: Introduced the %VERIFY_ALLOW_BROKEN and %VERIFY_ALLOW_SIGN_WITH_SHA1 + priority string options. These allows enabling all broken and SHA1-based signature + algorithms in certificate verification, respectively. + +** libgnutls: 3DES-CBC is no longer included in the default priorities + list. It has to be explicitly enabled, e.g., with a string like + "NORMAL:+3DES-CBC". + +** libgnutls: SHA1 was marked as insecure for signing certificates. Verification + of certificates signed with SHA1 is now considered insecure and will + fail, unless flags intended to enable broken algorithms are set. Other uses + of SHA1 are still allowed. This can be reverted on compile time with the configure + flag --enable-sha1-support. + +** libgnutls: RIPEMD160 was marked as insecure for certificate signatures. Verification + of certificates signed with RIPEMD160 hash algorithm is now considered insecure and + will fail, unless flags intended to enable broken algorithms are set. + +** libgnutls: No longer enable SECP192R1 and SECP224R1 by default on TLS handshakes. + These curves were rarely used for that purpose, provide no advantage over + x25519 and were deprecated by TLS 1.3. + +** libgnutls: Removed support for DEFLATE, or any other compression method. + +** libgnutls: OpenPGP authentication was removed; the resulting library is ABI + compatible, with the openpgp related functions being stubs that fail + on invocation. + +** libgnutls: Removed support for libidn (i.e., IDNA2003); gnutls can now be compiled + only with libidn2 which provides IDNA2008. + +** certtool: The option '--load-ca-certificate' can now accept PKCS#11 + URLs in addition to files. + +** certtool: The option '--load-crl' can now be used when generating PKCS#12 + files (i.e., in conjunction with '--to-p12' option). + +** certtool: Keys with provable RSA and DSA parameters are now only read and + exported from PKCS#8 form, following draft-mavrogiannopoulos-pkcs8-validated-parameters-00.txt. + This removes support for the previous a non-standard key format. + +** certtool: Added support for generating, printing and handling RSA-PSS and + Ed25519 keys and certificates. + +** certtool: the parameters --rsa, --dsa and --ecdsa to --generate-privkey are now + deprecated, replaced by the --key-type option. + +** p11tool: The --generate-rsa, --generate-ecc and --generate-dsa options were + replaced by the --generate-privkey option. + +** psktool: Generate 256-bit keys by default. + +** gnutls-server: Increase request buffer size to 16kb, and added the --alpn and + --alpn-fatal options, allowing testing of ALPN negotiation. + +** API and ABI modifications: +gnutls_encode_rs_value: Added +gnutls_decode_rs_value: Added +gnutls_base64_encode2: Added +gnutls_base64_decode2: Added +gnutls_x509_crt_set_flags: Added +gnutls_x509_crt_check_ip: Added +gnutls_x509_ext_import_inhibit_anypolicy: Added +gnutls_x509_ext_export_inhibit_anypolicy: Added +gnutls_x509_crt_get_inhibit_anypolicy: Added +gnutls_x509_crt_set_inhibit_anypolicy: Added +gnutls_pubkey_export_rsa_raw2: Added +gnutls_pubkey_export_dsa_raw2: Added +gnutls_pubkey_export_ecc_raw2: Added +gnutls_privkey_export_rsa_raw2: Added +gnutls_privkey_export_dsa_raw2: Added +gnutls_privkey_export_ecc_raw2: Added +gnutls_x509_spki_init: Added +gnutls_x509_spki_deinit: Added +gnutls_x509_spki_get_pk_algorithm: Added +gnutls_x509_spki_set_pk_algorithm: Added +gnutls_x509_spki_get_digest_algorithm: Added +gnutls_x509_spki_set_digest_algorithm: Added +gnutls_x509_spki_get_salt_size: Added +gnutls_x509_spki_set_salt_size: Added +gnutls_x509_crt_set_spki: Added +gnutls_x509_crt_get_spki: Added +gnutls_x509_privkey_get_spki: Added +gnutls_x509_privkey_set_spki: Added +gnutls_x509_crq_get_spki: Added +gnutls_x509_crq_set_spki: Added +gnutls_pubkey_set_spki: Added +gnutls_pubkey_get_spki: Added +gnutls_privkey_set_spki: Added +gnutls_privkey_get_spki: Added +gnutls_privkey_import_ext4: Added +GNUTLS_EXPORT_FLAG_NO_LZ: Added +GNUTLS_DT_IP_ADDRESS: Added +GNUTLS_X509_CRT_FLAG_IGNORE_SANITY: Added +GNUTLS_CERT_UNKNOWN_CRIT_EXTENSIONS: Added +GNUTLS_VERIFY_ALLOW_SIGN_WITH_SHA1: Added +GNUTLS_VERIFY_DO_NOT_ALLOW_IP_MATCHES: Added +GNUTLS_VERIFY_IGNORE_UNKNOWN_CRIT_EXTENSIONS: Added +GNUTLS_SFLAGS_RFC7919: Added + + +* Version 3.5.7 (released 2016-12-8) + +** libgnutls: Include CHACHA20-POLY1305 ciphersuites in the SECURE128 + and SECURE256 priority strings. + +** libgnutls: Require libtasn1 4.9; this ensures gnutls will correctly + operate with OIDs which have elements that exceed 2^32. + +** libgnutls: The DN decoding functions output the traditional DN format + rather than the strict RFC4514 compliant textual DN. This reverts the + 3.5.6 introduced change, and allows applications which depended on the + previous format to continue to function. Introduced new functions which + output the strict format by default, and can revert to the old one using + a flag. + +** libgnutls: Improved TPM key handling. Check authorization requirements + prior to using a key and fix issue on loop for PIN input. Patches by + James Bottomley. + +** libgnutls: In all functions accepting UTF-8 passwords, ensure that + passwords are normalized according to RFC7613. When invalid UTF-8 + passwords are detected, they are only tolerated for decryption. + This introduces a libunistring dependency on GnuTLS. A version of + libunistring is included in the library for the platforms that do + not ship it; it can be used with the '--with-included-unistring' + option to configure script. + +** libgnutls: When setting a subject alternative name in a certificate + which is in UTF-8 format, it will transparently be converted to IDNA form + prior to storing. + +** libgnutls: GNUTLS_CRT_PRINT_ONELINE flag on gnutls_x509_crt_print() + will print the SHA256 key-ID instead of a certificate fingerprint. + +** libgnutls: enhance the PKCS#7 verification capabilities. In the case + signers that are not discoverable using the trust list or input, use + the stored list as pool to generate a trusted chain to the signer. + +** libgnutls: Improved MTU calculation precision for the CBC ciphersuites + under DTLS. + +** libgnutls: [added missing news entry since 3.5.0] + No longer tolerate certificate key usage violations for + TLS signature verification, and decryption. That is GnuTLS will fail + to connect to servers which incorrectly use a restricted to signing certificate + for decryption, or vice-versa. This reverts the lax behavior introduced + in 3.1.0, due to several such broken servers being available. The %COMPAT + priority keyword can be used to work-around connecting on these servers. + +** certtool: When exporting a CRQ in DER format ensure no text data are + intermixed. Patch by Dmitry Eremin-Solenikov. + +** certtool: Include the SHA-256 variant of key ID in --certificate-info + options. + +** p11tool: Introduced the --initialize-pin and --initialize-so-pin + options. + +** API and ABI modifications: +gnutls_utf8_password_normalize: Added +gnutls_ocsp_resp_get_responder2: Added +gnutls_x509_crt_get_issuer_dn3: Added +gnutls_x509_crt_get_dn3: Added +gnutls_x509_rdn_get2: Added +gnutls_x509_dn_get_str2: Added +gnutls_x509_crl_get_issuer_dn3: Added +gnutls_x509_crq_get_dn3: Added + + +* Version 3.5.6 (released 2016-11-04) + +** libgnutls: Enhanced the PKCS#7 parser to allow decoding old + (pre-rfc5652) structures with arbitrary encapsulated content. + +** libgnutls: Introduced a function group to set known DH parameters + using groups from RFC7919. + +** libgnutls: Added more strict RFC4514 textual DN encoding and decoding. + Now the generated textual DN is in reverse order according to RFC4514, + and functions which generate a DN from strings such gnutls_x509_crt_set_*dn() + set the expected DN (reverse of the provided string). + +** libgnutls: Introduced time and constraints checks in the end certificate + in the gnutls_x509_crt_verify_data2() and gnutls_pkcs7_verify_direct() + functions. + +** libgnutls: Set limits on the maximum number of alerts handled. That is, + applications using gnutls could be tricked into an busy loop if the + peer sends continuously alert messages. Applications which set a maximum + handshake time (via gnutls_handshake_set_timeout) will eventually recover + but others may remain in a busy loops indefinitely. This is related but + not identical to CVE-2016-8610, due to the difference in alert handling + of the libraries (gnutls delegates that handling to applications). + +** libgnutls: Reverted the change which made the gnutls_certificate_set_*key* + functions return an index (introduced in 3.5.5), to avoid affecting programs + which explicitly check success of the function as equality to zero. In order + for these functions to return an index an explicit call to gnutls_certificate_set_flags + with the GNUTLS_CERTIFICATE_API_V2 flag is now required. + +** libgnutls: Reverted the behavior of sending a status request extension even + without a response (introduced in 3.5.5). That is, we no longer reply to a + client's hello with a status request, with a status request extension. Although + that behavior is legal, it creates incompatibility issues with releases in + the gnutls 3.3.x branch. + +** libgnutls: Delayed the initialization of the random generator at + the first call of gnutls_rnd(). This allows applications to load + on systems which getrandom() would block, without blocking until + real random data are needed. + +** certtool: --get-dh-params will output parameters from the RFC7919 + groups. + +** p11tool: improvements in --initialize option. + +** API and ABI modifications: +GNUTLS_CERTIFICATE_API_V2: Added +GNUTLS_NO_TICKETS: Added +gnutls_pkcs7_get_embedded_data_oid: Added +gnutls_anon_set_server_known_dh_params: Added +gnutls_certificate_set_known_dh_params: Added +gnutls_psk_set_server_known_dh_params: Added +gnutls_x509_crt_check_key_purpose: Added + + +* Version 3.5.5 (released 2016-10-09) + +** libgnutls: enhanced gnutls_certificate_set_ocsp_status_request_file() + to allow importing multiple OCSP request files, one for each chain + provided. + +** libgnutls: The gnutls_certificate_set_key* functions return an + index of the added chain. That index can be used either with + gnutls_certificate_set_ocsp_status_request_file(), or with + gnutls_certificate_get_crt_raw() and friends. + +** libgnutls: Added SHA*, AES-GCM, AES-CCM and AES-CBC optimized implementations + for the aarch64 architecture. Uses Andy Polyakov's assembly code. + +** libgnutls: Ensure proper cleanups on gnutls_certificate_set_*key() + failures due to key mismatch. This prevents leaks or double freeing + on such failures. + +** libgnutls: Increased the maximum size of the handshake message hash. + This will allow the library to cope better with larger packets, as + the ones offered by current TLS 1.3 drafts. + +** libgnutls: Allow to use client certificates despite them containing + disallowed algorithms for a session. That allows for example a client + to use DSA-SHA1 due to his old DSA certificate, without requiring him + to enable DSA-SHA1 (and thus make it acceptable for the server's certificate). + +** libgnutls: Reverted AESNI code on x86 to earlier version as the + latest version was creating position depending code. Added checks + in the CI to detect position depending code early. + +** guile: Update code to the I/O port API of Guile >= 2.1.4 + This makes sure the GnuTLS bindings will work with the forthcoming 2.2 + stable series of Guile, of which 2.1 is a preview. + +** API and ABI modifications: +gnutls_certificate_set_ocsp_status_request_function2: Added +gnutls_session_ext_register: Added +gnutls_session_supplemental_register: Added +GNUTLS_E_PK_INVALID_PUBKEY: Added +GNUTLS_E_PK_INVALID_PRIVKEY: Added + + +* Version 3.5.4 (released 2016-09-08) + +** libgnutls: Corrected the comparison of the serial size in OCSP response. + Previously the OCSP certificate check wouldn't verify the serial length + and could succeed in cases it shouldn't (GNUTLS-SA-2016-3). + Reported by Stefan Buehler. + +** libgnutls: Added support for IP name constraints. Patch by Martin Ukrop. + +** libgnutls: Added support of PKCS#8 file decryption using DES-CBC-MD5. This + is added to allow decryption of PKCS #8 private keys from openssl prior to 1.1.0. + +** libgnutls: Added support for decrypting PKCS#8 files which use HMAC-SHA256 + as PRF. This allow decrypting PKCS #8 private keys generated with openssl 1.1.0. + +** libgnutls: Added support for internationalized passwords in PKCS#12 files. + Previous versions would only encrypt or decrypt using passwords from the ASCII + set. + +** libgnutls: Addressed issue with PKCS#11 signature generation on ECDSA + keys. The signature is now written as unsigned integers into the DSASignatureValue + structure. Previously signed integers could be written depending on what + the underlying module would produce. Addresses #122. + +** gnutls-cli: Fixed starttls regression from 3.5.3. + +** API and ABI modifications: +GNUTLS_E_MALFORMED_CIDR: Added +gnutls_x509_cidr_to_rfc5280: Added +gnutls_oid_to_mac: Added + + +* Version 3.5.3 (released 2016-08-09) + +** libgnutls: Added support for TCP fast open (RFC7413), allowing + to reduce by one round-trip the handshake process. Based on proposal and + patch by Tim Ruehsen. + +** libgnutls: Adopted a simpler with less memory requirements DTLS sliding + window implementation. Based on Fridolin Pokorny's implementation for + AF_KTLS. + +** libgnutls: Use getrandom where available via the syscall interface. + This works around an issue of not-using getrandom even if it exists + since glibc doesn't declare such function. + +** libgnutls: Fixed DNS name constraints checking in the case of empty + intersection of domain names in the chain. Report and fix by Martin Ukrop. + +** libgnutls: Fixed name constraints checking in the case of chains + where the higher level certificates contained different types of + constraints than the ones present in the lower intermediate CAs. + Report and fix by Martin Ukrop. + +** libgnutls: Dropped support for the EGD random generator. + +** libgnutls: Allow the decoding of raw elements (starting with #) + in RFC4514 DN string decoding. + +** libgnutls: Fixes in gnutls_x509_crt_list_import2, which was + ignoring flags if all certificates in the list fit within the + initially allocated memory. Patch by Tim Kosse. + +** libgnutls: Corrected issue which made gnutls_certificate_get_x509_crt() + to return invalid pointers when returned more than a single certificate. + Report and fix by Stefan Sørensen. + +** libgnutls: Fix gnutls_pkcs12_simple_parse to always extract the complete chain, + even when the extra_certs was non-null. Report and fix by Stefan Sørensen. + +** certtool: Added the "add_extension" and "add_critical_extension" + template options. This allows specifying arbitrary extensions into + certificates and certificate requests. + +** gnutls-cli: Added the --fastopen option. + +** API and ABI modifications: +GNUTLS_E_UNAVAILABLE_DURING_HANDSHAKE: Added +gnutls_x509_crq_set_extension_by_oid: Added +gnutls_x509_dn_set_str: Added +gnutls_transport_set_fastopen: Added + + +* Version 3.5.2 (released 2016-07-06) + +** libgnutls: Address issue when utilizing the p11-kit trust store + for certificate verification (GNUTLS-SA-2016-2). + +** libgnutls: Fixed DTLS handshake packet reconstruction. Reported by + Guillaume Roguez. + +** libgnutls: Fixed issues with PKCS#11 reading of sensitive objects + from SafeNet Network HSM. Reported by Anthony Alba in #108. + +** libgnutls: Corrected the writing of PKCS#11 CKA_SERIAL_NUMBER. Report + and fix by Stanislav Židek. + +** libgnutls: Added AES-GCM optimizations using the AVX and MOVBE + instructions. Uses Andy Polyakov's assembly code. + +** API and ABI modifications: +No changes since last version. + + +* Version 3.5.1 (released 2016-06-14) + +** libgnutls: The SSL 3.0 protocol support can completely be removed + using a compile time option. The configure option is --disable-ssl3-support. + +** libgnutls: The SSL 2.0 client hello support can completely be removed + using a compile time option. The configure option is --disable-ssl2-support. + +** libgnutls: Added support for OCSP Must staple PKIX extension. That is, + implemented the RFC7633 TLSFeature for OCSP status request extension. + Feature implemented by Tim Kosse. + +** libgnutls: More strict OCSP staple verification. That is, no longer + ignore invalid or too old OCSP staples. The previous behavior was + to rely on application use gnutls_ocsp_status_request_is_checked(), + while the new behavior is to include OCSP verification by default + and set the GNUTLS_CERT_INVALID_OCSP_STATUS verification flag on error. + +** libgnutls: Treat CA certificates with the "Server Gated Cryptography" key + purpose OIDs equivalent to having the GNUTLS_KP_TLS_WWW_SERVER OID. This + improves interoperability with several old intermediate CA certificates + carrying these legacy OIDs. + +** libgnutls: Re-read the system wide priority file when needed. Patch by + Daniel P. Berrange. + +** libgnutls: Allow for fallback in system-specific initial keywords + (prefixed with '@'). That allows to specify a keyword such as + "@KEYWORD1,KEYWORD2" which will use the first available of these + two keywords. Patch by Daniel P. Berrange. + +** libgnutls: The SSLKEYLOGFILE environment variable can be used to log + session keys. These session keys are compatible with the NSS Key Log + Format and can be used to decrypt the session for debugging using + wireshark. + +** API and ABI modifications: +GNUTLS_CERT_INVALID_OCSP_STATUS: Added +gnutls_x509_crt_set_crq_extension_by_oid: Added +gnutls_x509_ext_import_tlsfeatures: Added +gnutls_x509_ext_export_tlsfeatures: Added +gnutls_x509_tlsfeatures_add: Added +gnutls_x509_tlsfeatures_init: Added +gnutls_x509_tlsfeatures_deinit: Added +gnutls_x509_tlsfeatures_get: Added +gnutls_x509_crt_get_tlsfeatures: Added +gnutls_x509_crt_set_tlsfeatures: Added +gnutls_x509_crq_get_tlsfeatures: Added +gnutls_x509_crq_set_tlsfeatures: Added +gnutls_ext_get_name: Added + + +* Version 3.5.0 (released 2016-05-09) + +** libgnutls: Added SHA3 based signing algorithms for DSA, RSA and ECDSA, + based on https://csrc.nist.gov/groups/ST/crypto_apps_infra/csor/algorithms.html + +** libgnutls: Added support for curve X25519 (RFC 7748, draft-ietf-tls-rfc4492bis-07). + This curve is disabled by default as it is still on specification status. It + can be enabled using the priority string modifier +CURVE-X25519. + +** libgnutls: Added support for TLS false start (draft-ietf-tls-falsestart-01) + by introducing gnutls_init() flag GNUTLS_ENABLE_FALSE_START (#73). + +** libgnutls: Added new APIs to access the FIPS186-4 (Shawe-Taylor based) provable + RSA and DSA parameter generation from a seed. + +** libgnutls: The CHACHA20-POLY1305 ciphersuite is enabled by default. This + cipher is prioritized after AES-GCM. + +** libgnutls: On a rehandshake ensure that the certificate of the peer or + its username remains the same as in previous handshakes. That is to protect + applications which do not check user credentials on rehandshakes. The + threat to address depends on the application protocol. Primarily it + protects against applications which authenticate the peer initially and + perform accounting using the session's information, from being misled + by a rehandshake which switches the peer's identity. Applications can + disable this protection by using the %GNUTLS_ALLOW_ID_CHANGE flag in + gnutls_init(). + +** libgnutls: No longer tolerate certificate key usage violations for + TLS signature verification, and decryption. That is GnuTLS will fail + to connect to servers which incorrectly use a restricted to signing certificate + for decryption, or vice-versa. This reverts the lax behavior introduced + in 3.1.0, due to several such broken servers being available. The %COMPAT + priority keyword can be used to work-around connecting on these servers. + +** libgnutls: Be strict in TLS extension decoding. That is, do not tolerate + parsing errors in the extensions field and treat it as a typical Hello + message structure. Reported by Hubert Kario (#40). + +** libgnutls: Old and unsupported version numbers in client hellos are + rejected with a "protocol_version" alert message. Reported by Hubert + Kario (#42). + +** libgnutls: Lifted the limitation of calling the gnutls_session_get_data*() + functions, only on non-resumed sessions. This brings the API in par with + its usage (#79). + +** libgnutls: Follow RFC5280 strictly in name constraints computation. The + permitted subtrees is intersected with any previous values. Report and + patch by Daiki Ueno. + +** libgnutls: Enforce the RFC 7627 (extended master secret) requirements on + session resumption. Reported by Hubert Kario (#69). + +** libgnutls: Consider the max-record TLS extension even when under DTLS. + Reported by Peter Dettman (#61). + +** libgnutls: Replaced writev() system call with sendmsg(). + +** libgnutls: Replaced select() system call with poll() on POSIX systems. + +** libgnutls: Preload the system priority file on library load. This allows + applications that chroot() to also use the system priorities. + +** libgnutls: Applications are allowed to override the built-in key and + certificate URLs. + +** libgnutls: The gnutls.h header marks constant and pure functions explictly. + +** certtool: Added the ability to sign certificates using SHA3. + +** certtool: Added the --provable and --verify-allow-broken options. + +** gnutls-cli: The --dane option will cause verification failure if gnutls is not + compiled with DANE support. + +** crywrap: The tool was unbundled from gnutls' distribution. It can be found at + https://github.com/nmav/crywrap + +** guile: .go files are now built and installed + +** guile: Fix compatibility issue of the test suite with Guile 2.1 + +** guile: When --with-guile-site-dir is passed, modules are installed in a + versioned directory, typically $(datadir)/guile/site/2.0 + +** guile: Tests no longer leave zombie processes behind + +** API and ABI modifications: +GNUTLS_FORCE_CLIENT_CERT: Added +GNUTLS_ENABLE_FALSE_START: Added +GNUTLS_INDEFINITE_TIMEOUT: Added +GNUTLS_ALPN_SERVER_PRECEDENCE: Added +GNUTLS_E_ASN1_EMBEDDED_NULL_IN_STRING: Added +GNUTLS_E_HANDSHAKE_DURING_FALSE_START: Added +gnutls_check_version_numeric: Added +gnutls_x509_crt_equals: Added +gnutls_x509_crt_equals2: Added +gnutls_x509_crt_set_subject_alt_othername: Added +gnutls_x509_crt_set_issuer_alt_othername: Added +gnutls_x509_crt_get_signature_oid: Added +gnutls_x509_crt_get_pk_oid: Added +gnutls_x509_crq_set_subject_alt_othername: Added +gnutls_x509_crq_get_pk_oid: Added +gnutls_x509_crq_get_signature_oid: Added +gnutls_x509_crl_get_signature_oid: Added +gnutls_x509_privkey_generate2: Added +gnutls_x509_privkey_get_seed: Added +gnutls_x509_privkey_verify_seed: Added +gnutls_privkey_generate2: Added +gnutls_privkey_get_seed: Added +gnutls_privkey_verify_seed: Added +gnutls_decode_ber_digest_info: Added +gnutls_encode_ber_digest_info: Added +gnutls_dh_params_import_dsa: Added +gnutls_session_get_master_secret: Added + + +* Version 3.4.3 (released 2015-07-12) + +** libgnutls: Follow closely RFC5280 recommendations and use UTCTime for + dates prior to 2050. + +** libgnutls: Force 16-byte alignment to all input to ciphers (previously it + was done only when cryptodev was enabled). + +** libgnutls: Removed support for pthread_atfork() as it has undefined + semantics when used with dlopen(), and may lead to a crash. + +** libgnutls: corrected failure when importing plain files + with gnutls_x509_privkey_import2(), and a password was provided. + +** libgnutls: Don't reject certificates if a CA has the URI or IP address + name constraints, and the end certificate doesn't have an IP address + name or a URI set. + +** libgnutls: set and read the hint in DHE-PSK and ECDHE-PSK ciphersuites. + +** p11tool: Added --list-token-urls option, and print the token module name + in list-tokens. + +** API and ABI modifications: +gnutls_ecc_curve_get_oid: Added +gnutls_digest_get_oid: Added +gnutls_pk_get_oid: Added +gnutls_sign_get_oid: Added +gnutls_ecc_curve_get_id: Added +gnutls_oid_to_digest: Added +gnutls_oid_to_pk: Added +gnutls_oid_to_sign: Added +gnutls_oid_to_ecc_curve: Added +gnutls_pkcs7_get_signature_count: Added + + +* Version 3.4.2 (released 2015-06-16) + +** libgnutls: DTLS blocking API is more robust against infinite blocking, +and will notify of more possible timeouts. + +** libgnutls: corrected regression with Camellia-256-GCM cipher. Reported +by Manuel Pegourie-Gonnard. + +** libgnutls: Introduced the GNUTLS_NO_SIGNAL flag to gnutls_init(). That +allows to disable SIGPIPE for writes done within gnutls. + +** libgnutls: Enhanced the PKCS #7 API to allow signing and verification +of structures. API moved to gnutls/pkcs7.h header. + +** certtool: Added options to generate PKCS #7 bundles and signed +structures. + +** API and ABI modifications: +gnutls_x509_dn_get_str: Added +gnutls_pkcs11_get_raw_issuer_by_subject_key_id: Added +gnutls_x509_trust_list_get_issuer_by_subject_key_id: Added +gnutls_x509_crt_verify_data2: Added +gnutls_pkcs7_get_crt_raw2: Added +gnutls_pkcs7_signature_info_deinit: Added +gnutls_pkcs7_get_signature_info: Added +gnutls_pkcs7_verify_direct: Added +gnutls_pkcs7_verify: Added +gnutls_pkcs7_get_crl_raw2: Added +gnutls_pkcs7_sign: Added +gnutls_pkcs7_attrs_deinit: Added +gnutls_pkcs7_add_attr: Added +gnutls_pkcs7_get_attr: Added +gnutls_pkcs7_print: Added + + +* Version 3.4.1 (released 2015-05-03) + +** libgnutls: gnutls_certificate_get_ours: will return the certificate even +if a callback was used to send it. + +** libgnutls: Check for invalid length in the X.509 version field. Without +the check certificates with invalid length would be detected as having an +arbitrary version. Reported by Hanno Böck. + +** libgnutls: Handle DNS name constraints with a leading dot. Patch by +Fotis Loukos. + +** libgnutls: Updated system-keys support for windows to compile in more +versions of mingw. Patch by Tim Kosse. + +** libgnutls: Fix for MD5 downgrade in TLS 1.2 signatures. Reported by +Karthikeyan Bhargavan [GNUTLS-SA-2015-2]. + +** libgnutls: Reverted: The gnutls_handshake() process will enforce a timeout +by default. That caused issues with non-blocking programs. + +** certtool: It can generate SHA256 key IDs. + +** gnutls-cli: fixed crash in --benchmark-ciphers. Reported by James Cloos. + +** configure: re-enabled the --enable-local-libopts flag + +** API and ABI modifications: +gnutls_x509_crt_get_pk_ecc_raw: Added + + +* Version 3.4.0 (released 2015-04-08) + +** libgnutls: Added support for AES-CCM and AES-CCM-8 (RFC6655 and RFC7251) +ciphersuites. The former are enabled by default, the latter need to be +explicitly enabled, since they reduce the overall security level. + +** libgnutls: Added support for Chacha20-Poly1305 ciphersuites following +draft-mavrogiannopoulos-chacha-tls-05 and draft-irtf-cfrg-chacha20-poly1305-10. +That is currently provided as technology preview and is not enabled by +default, since there are no assigned ciphersuite points by IETF and there +is no guarrantee of compatibility between draft versions. The ciphersuite +priority string to enable it is "+CHACHA20-POLY1305". + +** libgnutls: Added support for encrypt-then-authenticate in CBC +ciphersuites (RFC7366 -taking into account its errata text). This is +enabled by default and can be disabled using the %NO_ETM priority +string. + +** libgnutls: Added support for the extended master secret +(triple-handshake fix) following draft-ietf-tls-session-hash-02. + +** libgnutls: Added a new simple and hard to misuse AEAD API (crypto.h). + +** libgnutls: SSL 3.0 is no longer included in the default priorities +list. It has to be explicitly enabled, e.g., with a string like +"NORMAL:+VERS-SSL3.0". + +** libgnutls: ARCFOUR (RC4) is no longer included in the default priorities +list. It has to be explicitly enabled, e.g., with a string like +"NORMAL:+ARCFOUR-128". + +** libgnutls: DSA signatures and DHE-DSS are no longer included in the +default priorities list. They have to be explicitly enabled, e.g., with +a string like "NORMAL:+DHE-DSS:+SIGN-DSA-SHA256:+SIGN-DSA-SHA1". The +DSA ciphersuites were dropped because they had no deployment at all +on the internet, to justify their inclusion. + +** libgnutls: The priority string EXPORT was completely removed. The string +was already defunc as support for the EXPORT ciphersuites was removed in +GnuTLS 3.2.0. + +** libgnutls: Added API to utilize system specific private keys in +"gnutls/system-keys.h". It is currently provided as technology preview +and is restricted to windows CNG keys. + +** libgnutls: gnutls_x509_crt_check_hostname() and friends will use +RFC6125 comparison of hostnames. That introduces a dependency on libidn. + +** libgnutls: Depend on p11-kit 0.23.1 to comply with the final +PKCS #11 URLs draft (draft-pechanec-pkcs11uri-21). + +** libgnutls: Depend on nettle 3.1. + +** libgnutls: Use getrandom() or getentropy() when available. That +avoids the complexity of file descriptor handling and issues with +applications closing all open file descriptors on startup. + +** libgnutls: Use pthread_atfork() to detect fork when available. + +** libgnutls: If a key purpose (extended key usage) is specified for verification, +it is applied into intermediate certificates. The verification result +GNUTLS_CERT_PURPOSE_MISMATCH is also introduced. + +** libgnutls: When gnutls_certificate_set_x509_key_file2() is used in +combination with PKCS #11, or TPM URLs, it will utilize the provided +password as PIN if required. That removes the requirement for the +application to set a callback for PINs in that case. + +** libgnutls: priority strings VERS-TLS-ALL and VERS-DTLS-ALL are +restricted to the corresponding protocols only, and the VERS-ALL +string is introduced to catch all possible protocols. + +** libgnutls: Added helper functions to obtain information on PKCS #8 +structures. + +** libgnutls: Certificate chains which are provided to gnutls_certificate_credentials_t +will automatically be sorted instead of failing with GNUTLS_E_CERTIFICATE_LIST_UNSORTED. + +** libgnutls: Added functions to export and set the record state. That +allows for gnutls_record_send() and recv() to be offloaded (to kernel, +hardware or any other subsystem). + +** libgnutls: Added the ability to register application specific URL +types, which express certificates and keys using gnutls_register_custom_url(). + +** libgnutls: Added API to override existing ciphers, digests and MACs, e.g., +to override AES-GCM using a system-specific accelerator. That is, (crypto.h) +gnutls_crypto_register_cipher(), gnutls_crypto_register_aead_cipher(), +gnutls_crypto_register_mac(), and gnutls_crypto_register_digest(). + +** libgnutls: Added gnutls_ext_register() to register custom extensions. +Contributed by Thierry Quemerais. + +** libgnutls: Added gnutls_supplemental_register() to register custom +supplemental data handshake messages. Contributed by Thierry Quemerais. + +** libgnutls-openssl: it is no longer built by default. + + +** certtool: Added --p8-info option, which will print PKCS #8 information +even if the password is not available. + +** certtool: --key-info option will print PKCS #8 encryption information +when available. + +** certtool: Added the --key-id and --fingerprint options. + +** certtool: Added the --verify-hostname, --verify-email and --verify-purpose +options to be used in certificate chain verification, to simulate verification +for specific hostname and key purpose (extended key usage). + +** certtool: --p12-info option will print PKCS #12 MAC and cipher information +when available. + +** certtool: it will print the A-label (ACE) names in addition to UTF-8. + +** p11tool: added options --set-id and --set-label. + +** gnutls-cli: added options --priority-list and --save-cert. + +** guile: Deprecated priority API has been removed. The old priority API, +which had been deprecated for some time, is now gone; use 'set-session-priorities!' +instead. + +** guile: Remove RSA parameters and related procedures. This API had been +deprecated. + +** guile: Fix compilation on MinGW. Previously only the static version of the +'guile-gnutls-v-2' library would be built, preventing dynamic loading from Guile. + +** API and ABI modifications: +gnutls_record_get_state: Added +gnutls_record_set_state: Added +gnutls_aead_cipher_init: Added +gnutls_aead_cipher_decrypt: Added +gnutls_aead_cipher_encrypt: Added +gnutls_aead_cipher_deinit: Added +gnutls_pkcs12_generate_mac2: Added +gnutls_pkcs12_mac_info: Added +gnutls_pkcs12_bag_enc_info: Added +gnutls_pkcs8_info: Added +gnutls_pkcs_schema_get_name: Added +gnutls_pkcs_schema_get_oid: Added +gnutls_pcert_export_x509: Added +gnutls_pcert_export_openpgp: Added +gnutls_pcert_import_x509_list: Added +gnutls_pkcs11_privkey_cpy: Added +gnutls_x509_crq_get_signature_algorithm: Added +gnutls_x509_trust_list_iter_get_ca: Added +gnutls_x509_trust_list_iter_deinit: Added +gnutls_x509_trust_list_get_issuer_by_dn: Added +gnutls_pkcs11_get_raw_issuer_by_dn: Added +gnutls_certificate_get_trust_list: Added +gnutls_privkey_export_x509: Added +gnutls_privkey_export_pkcs11: Added +gnutls_privkey_export_openpgp: Added +gnutls_privkey_import_ext3: Added +gnutls_certificate_get_x509_key: Added +gnutls_certificate_get_x509_crt: Added +gnutls_certificate_get_openpgp_key: Added +gnutls_certificate_get_openpgp_crt: Added +gnutls_record_discard_queued: Added +gnutls_session_ext_master_secret_status: Added +gnutls_priority_string_list: Added +gnutls_dh_params_import_raw2: Added +gnutls_memset: Added +gnutls_memcmp: Added +gnutls_pkcs12_bag_set_privkey: Added +gnutls_ocsp_resp_get_responder_raw_id: Added +gnutls_system_key_iter_deinit: Added +gnutls_system_key_iter_get_info: Added +gnutls_system_key_delete: Added +gnutls_system_key_add_x509: Added +gnutls_system_recv_timeout: Added +gnutls_register_custom_url: Added +gnutls_pkcs11_obj_list_import_url3: Added +gnutls_pkcs11_obj_list_import_url4: Added +gnutls_pkcs11_obj_set_info: Added +gnutls_crypto_register_cipher: Added +gnutls_crypto_register_aead_cipher: Added +gnutls_crypto_register_mac: Added +gnutls_crypto_register_digest: Added +gnutls_ext_register: Added +gnutls_supplemental_register: Added +gnutls_supplemental_recv: Added +gnutls_supplemental_send: Added +gnutls_openpgp_crt_check_email: Added +gnutls_x509_crt_check_email: Added +gnutls_handshake_set_hook_function: Modified +gnutls_pkcs11_privkey_generate3: Added +gnutls_pkcs11_copy_x509_crt2: Added +gnutls_pkcs11_copy_x509_privkey2: Added +gnutls_pkcs11_obj_list_import_url: Removed +gnutls_pkcs11_obj_list_import_url2: Removed +gnutls_certificate_client_set_retrieve_function: Removed +gnutls_certificate_server_set_retrieve_function: Removed +gnutls_certificate_set_rsa_export_params: Removed +gnutls_certificate_type_set_priority: Removed +gnutls_cipher_set_priority: Removed +gnutls_compression_set_priority: Removed +gnutls_kx_set_priority: Removed +gnutls_mac_set_priority: Removed +gnutls_protocol_set_priority: Removed +gnutls_rsa_export_get_modulus_bits: Removed +gnutls_rsa_export_get_pubkey: Removed +gnutls_rsa_params_cpy: Removed +gnutls_rsa_params_deinit: Removed +gnutls_rsa_params_export_pkcs1: Removed +gnutls_rsa_params_export_raw: Removed +gnutls_rsa_params_generate2: Removed +gnutls_rsa_params_import_pkcs1: Removed +gnutls_rsa_params_import_raw: Removed +gnutls_rsa_params_init: Removed +gnutls_sign_callback_get: Removed +gnutls_sign_callback_set: Removed +gnutls_x509_crt_verify_data: Removed +gnutls_x509_crt_verify_hash: Removed +gnutls_pubkey_get_verify_algorithm: Removed +gnutls_x509_crt_get_verify_algorithm: Removed +gnutls_pubkey_verify_hash: Removed +gnutls_pubkey_verify_data: Removed +gnutls_record_set_max_empty_records: Removed + +guile: +set-session-cipher-priority!: Removed +set-session-mac-priority!: Removed +set-session-compression-method-priority!: Removed +set-session-kx-priority!: Removed +set-session-protocol-priority!: Removed +set-session-certificate-type-priority!: Removed +set-session-default-priority!: Removed +set-session-default-export-priority!: Removed +make-rsa-parameters: Removed +rsa-parameters?: Removed +set-certificate-credentials-rsa-export-parameters!: Removed +pkcs1-import-rsa-parameters: Removed +pkcs1-export-rsa-parameters: Removed + + + +* Version 3.3.6 (released 2014-07-23) + +** libgnutls: Use inet_ntop to print IP addresses when available + +** libgnutls: gnutls_x509_crt_check_hostname and friends will also check +IP addresses, and match documented behavior. Reported by David Woodhouse. + +** libgnutls: DSA key generation in FIPS140-2 mode doesn't allow 1024 +bit parameters. + +** libgnutls: fixed issue in gnutls_pkcs11_reinit() which prevented tokens +being usable after a reinitialization. + +** libgnutls: fixed PKCS #11 private key operations after a fork. + +** libgnutls: fixed PKCS #11 ECDSA key generation. + +** libgnutls: The GNUTLS_CPUID_OVERRIDE environment variable can be used to +explicitly enable/disable the use of certain CPU capabilities. Note that CPU +detection cannot be overridden, i.e., VIA options cannot be enabled on an Intel +CPU. The currently available options are: + 0x1: Disable all run-time detected optimizations + 0x2: Enable AES-NI + 0x4: Enable SSSE3 + 0x8: Enable PCLMUL + 0x100000: Enable VIA padlock + 0x200000: Enable VIA PHE + 0x400000: Enable VIA PHE SHA512 + +** libdane: added dane_query_to_raw_tlsa(); patch by Simon Arlott. + +** p11tool: use GNUTLS_SO_PIN to read the security officer's PIN if set. + +** p11tool: ask for label when one isn't provided. + +** p11tool: added --batch parameter to disable any interactivity. + +** p11tool: will not implicitly enable so-login for certain types of +objects. That avoids issues with tokens that require different login +types. + +** certtool/p11tool: Added the --curve parameter which allows to explicitly +specify the curve to use. + +** API and ABI modifications: +gnutls_certificate_set_x509_trust_dir: Added +gnutls_x509_trust_list_add_trust_dir: Added + + +* Version 3.3.5 (released 2014-06-26) + +** libgnutls: Added gnutls_record_recv_packet() and gnutls_packet_deinit(). +These functions provide a variant of gnutls_record_recv() that avoids +the final memcpy of data. + +** libgnutls: gnutls_x509_crl_iter_crt_serial() was added as a +faster variant of gnutls_x509_crl_get_crt_serial() when coping with +very large structures. + +** libgnutls: When the decoding of a printable DN element fails, then treat +it as unknown and print its hex value rather than failing. That works around +an issue in a TURKTRST root certificate which improperly encodes the +X520countryName element. + +** libgnutls: gnutls_x509_trust_list_add_trust_file() will return the number +of certificates present in a PKCS #11 token when loading it. + +** libgnutls: Allow the post client hello callback to put the handshake on +hold, by returning GNUTLS_E_AGAIN or GNUTLS_E_INTERRUPTED. + +** certtool: option --to-p12 will now consider --load-ca-certificate + +** certtol: Added option to specify the PKCS #12 friendly name on command +line. + +** p11tool: Allow marking a certificate copied to a token as a CA. + +** API and ABI modifications: +GNUTLS_PKCS11_OBJ_FLAG_MARK_CA: Added +gnutls_x509_crl_iter_deinit: Added +gnutls_x509_crl_iter_crt_serial: Added +gnutls_record_recv_packet: Added +gnutls_packet_deinit: Added +gnutls_packet_get: Added + + +* Version 3.3.4 (released 2014-05-31) + +** libgnutls: Updated Andy Polyakov's assembly code. That prevents a +crash on certain CPUs. + +** API and ABI modifications: +No changes since last version. + + +* Version 3.3.3 (released 2014-05-30) + +** libgnutls: Eliminated memory corruption issue in Server Hello parsing. +Issue reported by Joonas Kuorilehto of Codenomicon. + +** libgnutls: gnutls_global_set_mutex() was modified to operate with the +new initialization process. + +** libgnutls: Increased the maximum certificate size buffer +in the PKCS #11 subsystem. + +** libgnutls: Check the return code of getpwuid_r() instead of relying +on the result value. That avoids issue in certain systems, when using +tofu authentication and the home path cannot be determined. Issue reported +by Viktor Dukhovni. + +** libgnutls-dane: Improved dane_verify_session_crt(), which now attempts to +create a full chain. This addresses points from https://savannah.gnu.org/support/index.php?108552 + +** gnutls-cli: --dane will only check the end certificate if PKIX validation +has been disabled. + +** gnutls-cli: --benchmark-soft-ciphers has been removed. That option cannot +be emulated with the implicit initialization of gnutls. + +** certtool: Allow multiple organizations and organizational unit names to +be specified in a template. + +** certtool: Warn when invalid configuration options are set to a template. + +** ocsptool: Include path in ocsp request. This resolves #108582 +(https://savannah.gnu.org/support/?108582), reported by Matt McCutchen. + +** API and ABI modifications: +gnutls_credentials_get: Added + + +* Version 3.3.2 (released 2014-05-06) + +** libgnutls: Added the 'very weak' certificate verification profile +that corresponds to 64-bit security level. + +** libgnutls: Corrected file descriptor leak on random generator +initialization. + +** libgnutls: Corrected file descriptor leak on PSK password file +reading. Issue identified using the Codenomicon TLS test suite. + +** libgnutls: Avoid deinitialization if initialization has failed. + +** libgnutls: null-terminate othername alternative names. + +** libgnutls: gnutls_x509_trust_list_get_issuer() will operate correctly +on a PKCS #11 trust list. + +** libgnutls: Several small bug fixes identified using valgrind and +the Codenomicon TLS test suite. + +** libgnutls-dane: Accept a certificate using DANE if there is at least one +entry that matches the certificate. Patch by simon [at] arlott.org. + +** libgnutls-guile: Fixed compilation issue. + +** certtool: Allow exporting a CRL on DER format. + +** certtool: The ECDSA keys generated by default use the SECP256R1 curve +which is supported more widely than the previously used SECP224R1. + +** API and ABI modifications: +GNUTLS_PROFILE_VERY_WEAK: Added + + +* Version 3.3.1 (released 2014-04-19) + +** libgnutls: Enforce more strict checks to heartbeat messages +concerning padding and payload. Suggested by Peter Dettman. + +** libgnutls: Allow decoding PKCS #8 files with ECC parameters +from openssl. + +** libgnutls: Several small bug fixes found by coverity. + +** libgnutls: The conditionally available self-test functions +were moved to self-test.h. + +** libgnutls: Fixed issue with the check of incoming data when two +different recv and send pointers have been specified. Reported and +investigated by JMRecio. + +** libgnutls: Fixed issue in the RSA-PSK key exchange, which would +result to illegal memory access if a server hint was provided. Reported +by André Klitzing. + +** libgnutls: Fixed client memory leak in the PSK key exchange, if a +server hint was provided. + +** libgnutls: Corrected the *get_*_othername_oid() functions. + +** API and ABI modifications: +No changes since last version. + + +* Version 3.3.0 (released 2014-04-10) + +** libgnutls: The initialization of the library was moved to a +constructor. That is, gnutls_global_init() is no longer required +unless linking with a static library or a system that does not +support library constructors. + +** libgnutls: static libraries are not built by default. + +** libgnutls: PKCS #11 initialization is delayed to first usage. +That avoids long delays in gnutls initialization due to broken PKCS #11 +modules. + +** libgnutls: The PKCS #11 subsystem is re-initialized "automatically" +on the first PKCS #11 API call after a fork. + +** libgnutls: certificate verification profiles were introduced +that can be specified as flags to verification functions. They +are enumerations in gnutls_certificate_verification_profiles_t +and can be converted to flags for use in a verification function +using GNUTLS_PROFILE_TO_VFLAGS(). + +** libgnutls: Added the ability to read system-specific initial +keywords, if they are prefixed with '@'. That allows a compile-time +specified configuration file to be used to read pre-configured priority +strings from. That can be used to impose system specific policies. + +** libgnutls: Increased the default security level of priority +strings (NORMAL and PFS strings require at minimum a 1008 DH prime), +and set a verification profile by default. The LEGACY keyword is +introduced to set the old defaults. + +** libgnutls: Added support for the name constraints PKIX extension. +Currently only DNS names and e-mails are supported (no URIs, IPs +or DNs). + +** libgnutls: Security parameter SEC_PARAM_NORMAL was renamed to +SEC_PARAM_MEDIUM to avoid confusion with the priority string NORMAL. + +** libgnutls: Added new API in x509-ext.h to handle X.509 extensions. +This API handles the X.509 extensions in isolation, allowing to parse +similarly formatted extensions stored in other structures. + +** libgnutls: When generating DSA keys the macro GNUTLS_SUBGROUP_TO_BITS +can be used to specify a particular subgroup as the number of bits in +gnutls_privkey_generate; e.g., GNUTLS_SUBGROUP_TO_BITS(2048, 256). + +** libgnutls: DH parameter generation is now delegated to nettle. +That unfortunately has the side-effect that DH parameters longer than +3072 bits, cannot be generated (not without a nettle update). + +** libgnutls: Separated nonce RNG from the main RNG. The nonce +random number generator is based on salsa20/12. + +** libgnutls: The buffer alignment provided to crypto backend is +enforced to be 16-byte aligned, when compiled with cryptodev +support. That allows certain cryptodev drivers to operate more +efficiently. + +** libgnutls: Return error when a public/private key pair that doesn't +match is set into a credentials structure. + +** libgnutls: Depend on p11-kit 0.20.0 or later. + +** libgnutls: The new padding (%NEW_PADDING) experimental TLS extension has +been removed. It was not approved by IETF. + +** libgnutls: The experimental xssl library is removed from the gnutls +distribution. + +** libgnutls: Reduced the number of gnulib modules used in the main library. + +** libgnutls: Added priority string %DISABLE_WILDCARDS. + +** libgnutls: Added the more extensible verification function +gnutls_certificate_verify_peers(), that allows checking, in addition +to a peer's DNS hostname, for the key purpose of the end certificate +(via PKIX extended key usage). + +** certtool: Timestamps for serial numbers were increased to 8 bytes, +and in batch mode to 12 (appended with 4 random bytes). + +** certtool: When no CRL number is provided (or value set to -1), then +a time-based number will be used, similarly to the serial generation +number in certificates. + +** certtool: Print the SHA256 fingerprint of a certificate in addition +to SHA1. + +** libgnutls: Added --enable-fips140-mode configuration option (unsupported). +That option enables (when running on FIPS140-enabled system): + o RSA, DSA and DH key generation as in FIPS-186-4 (using provable primes) + o The DRBG-CTR-AES256 deterministic random generator from SP800-90A. + o Self-tests on initialization on ciphers/MACs, public key algorithms + and the random generator. + o HMAC-SHA256 verification of the library on load. + o MD5 is included for TLS purposes but cannot be used by the high level + hashing functions. + o All ciphers except AES are disabled. + o All MACs and hashes except GCM and SHA are disabled (e.g., HMAC-MD5). + o All keys (temporal and long term) are zeroized after use. + o Security levels are adjusted to the FIPS140-2 recommendations (rather + than ECRYPT). + +** API and ABI modifications: +GNUTLS_VERIFY_DO_NOT_ALLOW_WILDCARDS: Added +gnutls_certificate_verify_peers: Added +gnutls_privkey_generate: Added +gnutls_pkcs11_crt_is_known: Added +gnutls_fips140_mode_enabled: Added +gnutls_sec_param_to_symmetric_bits: Added +gnutls_pubkey_export_ecc_x962: Added (replaces gnutls_pubkey_get_pk_ecc_x962) +gnutls_pubkey_export_ecc_raw: Added (replaces gnutls_pubkey_get_pk_ecc_raw) +gnutls_pubkey_export_dsa_raw: Added (replaces gnutls_pubkey_get_pk_dsa_raw) +gnutls_pubkey_export_rsa_raw: Added (replaces gnutls_pubkey_get_pk_rsa_raw) +gnutls_pubkey_verify_params: Added +gnutls_privkey_export_ecc_raw: Added +gnutls_privkey_export_dsa_raw: Added +gnutls_privkey_export_rsa_raw: Added +gnutls_privkey_import_ecc_raw: Added +gnutls_privkey_import_dsa_raw: Added +gnutls_privkey_import_rsa_raw: Added +gnutls_privkey_verify_params: Added +gnutls_x509_crt_check_hostname2: Added +gnutls_openpgp_crt_check_hostname2: Added +gnutls_x509_name_constraints_init: Added +gnutls_x509_name_constraints_deinit: Added +gnutls_x509_crt_get_name_constraints: Added +gnutls_x509_name_constraints_add_permitted: Added +gnutls_x509_name_constraints_add_excluded: Added +gnutls_x509_crt_set_name_constraints: Added +gnutls_x509_name_constraints_get_permitted: Added +gnutls_x509_name_constraints_get_excluded: Added +gnutls_x509_name_constraints_check: Added +gnutls_x509_name_constraints_check_crt: Added +gnutls_x509_crl_get_extension_data2: Added +gnutls_x509_crt_get_extension_data2: Added +gnutls_x509_crq_get_extension_data2: Added +gnutls_subject_alt_names_init: Added +gnutls_subject_alt_names_deinit: Added +gnutls_subject_alt_names_get: Added +gnutls_subject_alt_names_set: Added +gnutls_x509_ext_import_subject_alt_names: Added +gnutls_x509_ext_export_subject_alt_names: Added +gnutls_x509_crl_dist_points_init: Added +gnutls_x509_crl_dist_points_deinit: Added +gnutls_x509_crl_dist_points_get: Added +gnutls_x509_crl_dist_points_set: Added +gnutls_x509_ext_import_crl_dist_points: Added +gnutls_x509_ext_export_crl_dist_points: Added +gnutls_x509_ext_import_name_constraints: Added +gnutls_x509_ext_export_name_constraints: Added +gnutls_x509_aia_init: Added +gnutls_x509_aia_deinit: Added +gnutls_x509_aia_get: Added +gnutls_x509_aia_set: Added +gnutls_x509_ext_import_aia: Added +gnutls_x509_ext_export_aia: Added +gnutls_x509_ext_import_subject_key_id: Added +gnutls_x509_ext_export_subject_key_id: Added +gnutls_x509_ext_export_authority_key_id: Added +gnutls_x509_ext_import_authority_key_id: Added +gnutls_x509_aki_init: Added +gnutls_x509_aki_get_id: Added +gnutls_x509_aki_get_cert_issuer: Added +gnutls_x509_aki_set_id: Added +gnutls_x509_aki_set_cert_issuer: Added +gnutls_x509_aki_deinit: Added +gnutls_x509_ext_import_private_key_usage_period: Added +gnutls_x509_ext_export_private_key_usage_period: Added +gnutls_x509_ext_import_basic_constraints: Added +gnutls_x509_ext_export_basic_constraints: Added +gnutls_x509_ext_import_key_usage: Added +gnutls_x509_ext_export_key_usage: Added +gnutls_x509_ext_import_proxy: Added +gnutls_x509_ext_export_proxy: Added +gnutls_x509_policies_init: Added +gnutls_x509_policies_deinit: Added +gnutls_x509_policies_get: Added +gnutls_x509_policies_set: Added +gnutls_x509_ext_import_policies: Added +gnutls_x509_ext_export_policies: Added +gnutls_x509_key_purpose_init: Added +gnutls_x509_key_purpose_deinit: Added +gnutls_x509_key_purpose_set: Added +gnutls_x509_key_purpose_get: Added +gnutls_x509_ext_import_key_purposes: Added +gnutls_x509_ext_export_key_purposes: Added +gnutls_digest_self_test: Added (conditionally) +gnutls_mac_self_test: Added (conditionally) +gnutls_pk_self_test: Added (conditionally) +gnutls_cipher_self_test: Added (conditionally) +gnutls_global_set_mem_functions: Deprecated + + +* Version 3.2.6 (released 2013-10-31) + +** libgnutls: Support for TPM via trousers is now enabled by default. + +** libgnutls: Camellia in GCM mode has been added in default priorities, and +GCM mode is prioritized over CBC in all of the default priority strings. + +** libgnutls: Added ciphersuite GNUTLS_ECDHE_RSA_AES_256_CBC_SHA384. + +** libgnutls: Fixed ciphersuites GNUTLS_ECDHE_ECDSA_CAMELLIA_256_CBC_SHA384, +GNUTLS_ECDHE_RSA_CAMELLIA_256_CBC_SHA384 and GNUTLS_PSK_CAMELLIA_128_GCM_SHA256. +Reported by Stefan Buehler. + +** libgnutls: Added support for ISO OID for RSA-SHA1 signatures. + +** libgnutls: Minimum acceptable DH group parameters were increased to 767 +bits from 727. + +** libgnutls: Added function to obtain random data from PKCS #11 tokens. +Contributed by Wolfgang Meyer zu Bergsten. + +** gnulib: updated. + +** libdane: Fixed a one-off bug in dane_query_tlsa() introduced by the +previous fix. Reported by Tomas Mraz. + +** p11tool: Added option generate-random. + +** API and ABI modifications: +gnutls_pkcs11_token_get_random: Added + + +* Version 3.2.5 (released 2013-10-23) + +** libgnutls: Documentation and build-time fixes. + +** libgnutls: Allow the generation of DH groups of less than 700 bits. + +** libgnutls: Added several combinations of ciphersuites with SHA256 and SHA384 as MAC, +as well as Camellia with GCM. + +** libdane: Added interfaces to allow initialization of dane_query_t from +external DNS resolutions, and to allow direct verification of a certificate +chain against a dane_query_t. Contributed by Christian Grothoff. + +** libdane: Fixed a buffer overflow in dane_query_tlsa(). This could be +triggered by a DNS server supplying more than 4 DANE records. Report and fix +by Christian Grothoff. + +** srptool: Fixed index command line option. Patch by Attila Molnar. + +** gnutls-cli: Added support for inline commands, using the +--inline-commands-prefix and --inline-commands options. Patch by Raj Raman. + +** certtool: pathlen constraint is now read correctly. Reported by +Christoph Seitz. + +** API and ABI modifications: +gnutls_certificate_get_crt_raw: Added +dane_verify_crt_raw: Added +dane_raw_tlsa: Added + + +* Version 3.2.4 (released 2013-08-31) + +** libgnutls: Fixes when session tickets and session DB are used. +Report and initial patch by Stefan Buehler. + +** libgnutls: Added the RSA-PSK key exchange. Patch by by Frank Morgner, +based on previous patch by Bardenheuer GmbH and Bundesdruckerei GmbH. + +** libgnutls: Added ciphersuites that use ARCFOUR with ECDHE. Patch +by Stefan Buehler. + +** libgnutls: Added the PFS priority string option. + +** libgnutls: Gnulib included files are strictly LGPLv2. + +** libgnutls: Corrected gnutls_certificate_server_set_request(). +Reported by Petr Pisar. + +** API and ABI modifications: +gnutls_record_set_timeout: Exported + + +* Version 3.2.3 (released 2013-07-30) + +** libgnutls: Fixes in parsing of priority strings. Patch by Stefan Buehler. + +** libgnutls: Solve issue with received TLS packets that exceed 2^14. +(this fixes a bug that was accidentally introduced in 3.2.2) + +** libgnutls: Removed gnulib modules under LGPLv3 that could possibly be +used by the library. + +** libgnutls: Fixes in gnutls_record_send_range(). Report and initial fix by +Alfredo Pironti. + +** API and ABI modifications: +gnutls_priority_kx_list: Added +gnutls_priority_mac_list: Added +gnutls_priority_cipher_list: Added + + +* Version 3.2.2 (released 2013-07-14) + +** libgnutls: Several optimizations in the related to packet processing +subsystems. + +** libgnutls: DTLS replay detection can now be disabled (to be used +in certain transport layers like SCTP). + +** libgnutls: Fixes in SRTP extension generation when MKI is being +used. + +** libgnutls: Added ability to set hooks before or after sending or receiving +any handshake message with gnutls_handshake_set_hook_function(). + +** API and ABI modifications: +GNUTLS_NO_REPLAY_PROTECTION: Added +gnutls_certificate_set_trust_list: Added +gnutls_cipher_get_tag_size: Added +gnutls_record_overhead_size: Added +gnutls_est_record_overhead_size: Added +gnutls_handshake_set_hook_function: Added +gnutls_handshake_description_get_name: Added +gnutls_digest_list: Added +gnutls_digest_get_id: Added +gnutls_digest_get_name: Added + + +* Version 3.2.1 (released 2013-06-01) + +** libgnutls: Allow ECC when in SSL 3.0 to work-around a bug in certain +openssl versions. + +** libgnutls: Fixes in interrupted function resumption. Report +and patch by Tim Kosse. + +** libgnutls: Corrected issue when receiving client hello verify requests +in DTLS. + +** libgnutls: Fixes in DTLS record overhead size calculations. + +** libgnutls: gnutls_handshake_get_last_in() was fixed. Reported +by Mann Ern Kang. + +** API and ABI modifications: +gnutls_session_set_id: Added + + +* Version 3.2.0 (released 2013-05-10) + +** libgnutls: Use nettle's elliptic curve implementation. + +** libgnutls: Added Salsa20 cipher + +** libgnutls: Added UMAC-96 and UMAC-128 + +** libgnutls: Added ciphersuites involving Salsa20 and UMAC-96. +As they are not standardized they are defined using private ciphersuite +numbers. + +** libgnutls: Added support for DTLS 1.2. + +** libgnutls: Added support for the Application Layer Protocol Negotiation +(ALPN) extension. + +** libgnutls: Removed support for the RSA-EXPORT ciphersuites. + +** libgnutls: Avoid linking to librt (that also avoids unnecessary +linking to pthreads if p11-kit isn't used). + +** API and ABI modifications: +gnutls_cipher_get_iv_size: Added +gnutls_hmac_set_nonce: Added +gnutls_mac_get_nonce_size: Added + + +* Version 3.1.10 (released 2013-03-22) + +** certtool: When generating PKCS #12 files use by default the +ARCFOUR (RC4) cipher to be compatible with devices that don't +support AES with PKCS #12. + +** libgnutls: Load CA certificates in android 4.x systems. + +** libgnutls: Optimized CA certificate loading. + +** libgnutls: Private keys are overwritten on deinitialization. + +** libgnutls: PKCS #11 slots are scanned only when needed, not +on initialization. This speeds up gnutls initialization when smart +cards are present. + +** libgnutls: Corrected issue in the (deprecated) external key +signing interface, when used with TLS 1.2. Reported by Bjorn H. Christensen. + +** libgnutls: Fixes in openpgp handshake with fingerprints. Reported by +Joke de Buhr. + +** libgnutls-dane: Updated DANE verification options. + +** configure: Trust store file must be explicitly set or unset when +cross compiling. + +** API and ABI modifications: +gnutls_x509_crt_get_issuer_dn2: Added +gnutls_x509_crt_get_dn2: Added +gnutls_x509_crl_get_issuer_dn2: Added +gnutls_x509_crq_get_dn2: Added +gnutls_x509_trust_list_remove_trust_mem: Added +gnutls_x509_trust_list_remove_trust_file: Added +gnutls_x509_trust_list_remove_cas: Added +gnutls_session_get_desc: Added +gnutls_privkey_sign_raw_data: Added +gnutls_privkey_status: Added + + +* Version 3.1.9 (released 2013-02-27) + +** certtool: Option --to-p12 will now ask for a password to generate +a PKCS #12 file from an encrypted key file. Reported by Yan Fiz. + +** libgnutls: Corrected issue in gnutls_pubkey_verify_data(). + +** libgnutls: Corrected parsing issue in XMPP within a subject +alternative name. Reported by James Cloos. + +** libgnutls: gnutls_pkcs11_reinit() will reinitialize all PKCS #11 +modules, and not only the ones loaded via p11-kit. + +** libgnutls: Added function to check whether the private key is +still available (inserted). + +** libgnutls: Try to detect fork even during nonce generation. + +** API and ABI modifications: +gnutls_handshake_set_random: Added +gnutls_transport_set_int2: Added +gnutls_transport_get_int2: Added +gnutls_transport_get_int: Added +gnutls_record_cork: Exported +gnutls_record_uncork: Exported +gnutls_pkcs11_privkey_status: Added + + +* Version 3.1.8 (released 2013-02-10) + +** libgnutls: Fixed issue in gnutls_x509_privkey_import2() which didn't return +GNUTLS_E_DECRYPTION_FAILED in all cases, and affect certtool operation +with encrypted keys. Reported by Yan Fiz. + +** libgnutls: The minimum DH bits accepted by priorities NORMAL and +PERFORMANCE was set to previous defaults 727 bits. Reported by Diego +Elio Petteno. + +** libgnutls: Corrected issue which prevented gnutls_pubkey_verify_hash() +to operate with long keys. Reported by Erik A Jensen. + +** API and ABI modifications: +No changes since last version. + + +* Version 3.1.7 (released 2013-02-04) + +** certtool: Added option "dn" which allows to directly set the DN +in a template from an RFC4514 string. + +** danetool: Added options: --dlv and --insecure. Suggested by Paul Wouters. + +** libgnutls-xssl: Added a new library to simplify GnuTLS usage. + +** libgnutls-dane: Added function to specify a DLV file. + +** libgnutls: Heartbeat code was made optional. + +** libgnutls: Fixes in server side of DTLS-0.9. + +** libgnutls: DN variable 'T' was expanded to 'title'. + +** libgnutls: Fixes in record padding parsing to prevent a timing attack. +Issue reported by Kenny Paterson and Nadhem Alfardan. + +** libgnutls: Added functions to directly set the DN in a certificate +or request from an RFC4514 string. + +** libgnutls: Optimizations in the random generator. The re-seeding of +it is now explicitly done on every session deinit. + +** libgnutls: Simplified the DTLS sliding window implementation. + +** libgnutls: The minimum DH bits accepted by a client are now set +by the specified priority string. The current values correspond to the +previous defaults (727 bits), except for the SECURE128 and SECURE192 +strings which increase the minimum to 1248 and 1776 respectively. + +** libgnutls: Added the gnutls_record_cork() and uncork API to enable +buffering in sending application data. + +** libgnutls: Removed default random padding, and added a length-hiding interface +instead. Both the server and the client must support this extension. Whether +length-hiding can be used on a given session can be checked using +gnutls_record_can_use_length_hiding(). Contributed by Alfredo Pironti. + +** libgnutls: Added the experimental %NEW_PADDING priority string. It enables +a new padding mechanism in TLS allowing arbitrary padding in TLS records +in all ciphersuites, which makes length-hiding more efficient and solves +the issues with timing attacks on CBC ciphersuites. + +** libgnutls: Corrected gnutls_cipher_decrypt2() when used with AEAD +ciphers (i.e., AES-GCM). Reported by William McGovern. + +** API and ABI modifications: +gnutls_db_check_entry_time: Added +gnutls_record_set_timeout: Added +gnutls_record_get_random_padding_status: Added +gnutls_x509_crt_set_dn: Added +gnutls_x509_crt_set_issuer_dn: Added +gnutls_x509_crq_set_dn: Added +gnutls_range_split: Added +gnutls_record_send_range: Added +gnutls_record_set_max_empty_records: Added +gnutls_record_can_use_length_hiding: Added +gnutls_rnd_refresh: Added +xssl_deinit: Added +xssl_flush: Added +xssl_read: Added +xssl_getdelim: Added +xssl_write: Added +xssl_printf: Added +xssl_sinit: Added +xssl_client_init: Added +xssl_server_init: Added +xssl_get_session: Added +xssl_get_verify_status: Added +xssl_cred_init: Added +xssl_cred_deinit: Added +dane_state_set_dlv_file: Added +GNUTLS_SEC_PARAM_EXPORT: Added +GNUTLS_SEC_PARAM_VERY_WEAK: Added + + +* Version 3.1.6 (released 2013-01-02) + +** libgnutls: Fixed record padding parsing issue. Reported by Kenny +Paterson and Nadhem Alfardan. + +** libgnutls: Several updates in the ASN.1 string handling subsystem. + +** libgnutls: gnutls_x509_crt_get_policy() allows for a list of zero +policy qualifiers. + +** libgnutls: Ignore heartbeat messages when received out-of-order, +instead of issuing an error. + +** libgnutls: Stricter RSA PKCS #1 1.5 encoding and decoding. Reported +by Kikuchi Masashi. + +** libgnutls: TPM support is disabled by default because GPL programs +cannot link with it. Use --with-tpm to enable it. + +** libgnutls-guile: Fixed parallel compilation issue. + +** gnutls-cli: It will try to connect to all possible returned addresses +before failing. + +** API and ABI modifications: +No changes since last version. + + +* Version 3.1.5 (released 2012-11-24) + +** libgnutls: Added functions to parse the certificates policies +extension. + +** libgnutls: Handle BMPString (UCS-2) encoding in the Distinguished +Name by translating it to UTF-8 (works on windows or systems with iconv). + +** libgnutls: Added PKCS #11 key generation function that returns the +public key on generation. + +** libgnutls: Corrected bug in priority string parsing, that mostly +affected combined levels. Patch by Tim Kosse. + +** certtool: The --pubkey-info option can be combined with the +--load-privkey or --load-request to print the corresponding public keys. + +** certtool: It is able to set certificate policies via a template. + +** certtool: Added --hex-numbers option which prints big numbers in +an easier to parse format. + +** p11tool: After key generation, outputs the public key (useful in +tokens that do not store the public key). + +** danetool: It is being built even without libgnutls-dane (the +--check functionality is disabled though). + +** API and ABI modifications: +gnutls_pkcs11_privkey_generate2: Added +gnutls_x509_crt_get_policy: Added +gnutls_x509_crt_set_policy: Added +gnutls_x509_policy_release: Added +gnutls_pubkey_import_x509_crq: Added +gnutls_pubkey_print: Added +GNUTLS_CRT_PRINT_FULL_NUMBERS: Added + + +* Version 3.1.4 (released 2012-11-10) + +** libgnutls: gnutls_certificate_verify_peers2() will set flags depending on +the available revocation data validity. + +** libgnutls: Added gnutls_certificate_verification_status_print(), +a function to print the verification status code in human readable text. + +** libgnutls: Added priority string %VERIFY_DISABLE_CRL_CHECKS. + +** libgnutls: Simplified certificate verification by adding +gnutls_certificate_verify_peers3(). + +** libgnutls: Added support for extension to establish keys for SRTP. +Contributed by Martin Storsjo. + +** libgnutls: The X.509 verification functions check the key +usage bits and pathlen constraints and on failure output +GNUTLS_CERT_SIGNER_CONSTRAINTS_FAILURE. + +** libgnutls: gnutls_x509_crl_verify() includes the time checks. + +** libgnutls: Added verification flag GNUTLS_VERIFY_DO_NOT_ALLOW_UNSORTED_CHAIN +and made GNUTLS_VERIFY_ALLOW_UNSORTED_CHAIN the default. + +** libgnutls: Always tolerate key usage violation errors from the side +of the peer, but also notify via an audit message. + +** gnutls-cli: Added --local-dns option. + +** danetool: Corrected bug that prevented loading PEM files. + +** danetool: Added --check option to allow querying and verifying +a site's DANE data. + +** libgnutls-dane: Added pkg-config file for the library. + +** API and ABI modifications: +gnutls_session_get_id2: Added +gnutls_sign_is_secure: Added +gnutls_certificate_verify_peers3: Added +gnutls_ocsp_status_request_is_checked: Added +gnutls_certificate_verification_status_print: Added +gnutls_srtp_set_profile: Added +gnutls_srtp_set_profile_direct: Added +gnutls_srtp_get_selected_profile: Added +gnutls_srtp_get_profile_name: Added +gnutls_srtp_get_profile_id: Added +gnutls_srtp_get_keys: Added +gnutls_srtp_get_mki: Added +gnutls_srtp_set_mki: Added +gnutls_srtp_profile_t: Added +dane_cert_type_name: Added +dane_match_type_name: Added +dane_cert_usage_name: Added +dane_verification_status_print: Added +GNUTLS_CERT_REVOCATION_DATA_SUPERSEDED: Added +GNUTLS_CERT_REVOCATION_DATA_ISSUED_IN_FUTURE: Added +GNUTLS_CERT_SIGNER_CONSTRAINTS_FAILURE: Added +GNUTLS_CERT_UNEXPECTED_OWNER: Added +GNUTLS_VERIFY_DO_NOT_ALLOW_UNSORTED_CHAIN: Added + + +* Version 3.1.3 (released 2012-10-12) + +** libgnutls: Added support for the OCSP Certificate Status +extension. + +** libgnutls: gnutls_certificate_verify_peers2() will use the OCSP +certificate status extension in verification. + +** libgnutls: Bug fixes in gnutls_x509_privkey_import_openssl(). + +** libgnutls: Increased maximum password length in the PKCS #12 +functions. + +** libgnutls: Fixed the receipt of session tickets during session resumption. +Reported by danblack at http://savannah.gnu.org/support/?108146 + +** libgnutls: Added functions to export structures in an allocated buffer. + +** libgnutls: Added gnutls_ocsp_resp_check_crt() to check whether the OCSP +response corresponds to the given certificate. + +** libgnutls: In client side gnutls_init() enables the session ticket and +OCSP certificate status request extensions by default. The flag +GNUTLS_NO_EXTENSIONS can be used to prevent that. + +** libgnutls: Several updates in the OpenPGP code. The generating code +is fully RFC6091 compliant and RFC5081 support is only supported in client +mode. + +** libgnutls-dane: Added. It is a library to provide DANE with DNSSEC +certificate verification. + +** gnutls-cli: Added --dane option to enable DANE certificate verification. + +** danetool: Added tool to generate DANE TLSA Resource Records (RR). + +** API and ABI modifications: +gnutls_certificate_get_peers_subkey_id: Added +gnutls_certificate_set_ocsp_status_request_function: Added +gnutls_certificate_set_ocsp_status_request_file: Added +gnutls_ocsp_status_request_enable_client: Added +gnutls_ocsp_status_request_get: Added +gnutls_ocsp_resp_check_crt: Added +gnutls_dh_params_export2_pkcs3: Added +gnutls_pubkey_export2: Added +gnutls_x509_crt_export2: Added +gnutls_x509_dn_export2: Added +gnutls_x509_crl_export2: Added +gnutls_pkcs7_export2: Added +gnutls_x509_privkey_export2: Added +gnutls_x509_privkey_export2_pkcs8: Added +gnutls_x509_crq_export2: Added +gnutls_openpgp_crt_export2: Added +gnutls_openpgp_privkey_export2: Added +gnutls_pkcs11_obj_export2: Added +gnutls_pkcs12_export2: Added +gnutls_pubkey_import_openpgp_raw: Added +gnutls_pubkey_import_x509_raw: Added +dane_state_init: Added +dane_state_deinit: Added +dane_query_tlsa: Added +dane_query_status: Added +dane_query_entries: Added +dane_query_data: Added +dane_query_deinit: Added +dane_verify_session_crt: Added +dane_verify_crt: Added +dane_strerror: Added + + +* Version 3.1.2 (released 2012-09-26) + +** libgnutls: Fixed bug in gnutls_x509_trust_list_add_system_trust() +and gnutls_x509_trust_list_add_trust_mem() that prevented the loading +of certificates in the windows platform. + +** libgnutls: Corrected bug in OpenPGP subpacket encoding. + +** libgnutls: Added support for DTLS/TLS heartbeats by Olga Smolenchuk. +(the work was done during Google Summer of Code). + +** libgnutls: Added X.509 certificate verification flag +GNUTLS_VERIFY_ALLOW_UNSORTED_CHAIN. This flag allows the verification +of unsorted certificate chains and is enabled by default for +TLS certificate verification (if gnutls_certificate_set_verify_flags() +does not override it). + +** libgnutls: Prints warning on certificates that contain keys of +an insecure level. If the %COMPAT priority flag is not specified +the TLS connection fails. + +** libgnutls: Correctly restore gnutls_record_recv() in DTLS mode +if interrupted during the retrasmition of handshake data. + +** libgnutls: Better mingw32 support (patch by LRN). + +** libgnutls: The %COMPAT keyword, if specified, will tolerate +key usage violation errors (they are far too common to ignore). + +** libgnutls: Added GNUTLS_STATELESS_COMPRESSION flag to gnutls_init(), +which provides a tool to counter compression-related attacks where +parts of the data are controlled by the attacker _and_ are placed in +separate records (use with care - do not use compression if not sure). + +** libgnutls: Depends on libtasn1 2.14 or later. + +** certtool: Prints the number of bits of the public key algorithm +parameter in a private key. + +** API and ABI modifications: +gnutls_x509_privkey_get_pk_algorithm2: Added +gnutls_heartbeat_ping: Added +gnutls_heartbeat_pong: Added +gnutls_heartbeat_allowed: Added +gnutls_heartbeat_enable: Added +gnutls_heartbeat_set_timeouts: Added +gnutls_heartbeat_get_timeout: Added +GNUTLS_SEC_PARAM_WEAK: Added +GNUTLS_SEC_PARAM_INSECURE: Added + +* Version 3.1.1 (released 2012-09-02) + +** gnutls-serv: Listens on IPv6. Patch by Bernhard R. Link. + +** certtool: Changes in password handling of certtool. +Ask password when required and only if the '--password' option is not +given. If the '--password' option is given during key generation then +assume the PKCS #8 file format, instead of ignoring the password. + +** tpmtool: No longer asks for key password in registered keys. + +** libgnutls: Elliptic curve code was optimized by Ilya Tumaykin. +wmNAF is now used for point multiplication and other optimizations. +(the major part of the work was done during Google Summer of Code). + +** libgnutls: The default pull_timeout_function only uses select +instead of a combination of select() and recv() to prevent issues +when used in stream sockets in some systems. + +** libgnutls: Be tolerant in ECDSA signature violations (e.g. using +SHA256 with a SECP384 curve instead of SHA-384), to interoperate with +openssl. + +** libgnutls: Fixed DSA and ECDSA signature generation in smart +cards. Thanks to Andreas Schwier from cardcontact.de for providing +me with ECDSA capable smart cards. + +** API and ABI modifications: +gnutls_sign_algorithm_get: Added +gnutls_sign_get_hash_algorithm: Added +gnutls_sign_get_pk_algorithm: Added + + +* Version 3.1.0 (released 2012-08-15) + +** libgnutls: Added direct support for TPM as a cryptographic module +in gnutls/tpm.h. TPM keys can be used in functions accepting files +using URLs of the following types: + tpmkey:file=/path/to/file + tpmkey:uuid=7f468c16-cb7f-11e1-824d-b3a4f4b20343;storage=user + +** libgnutls: Priority string level keywords can be combined. +For example the string "SECURE256:+SUITEB128" is now allowed. + +** libgnutls: requires libnettle 2.5. + +** libgnutls: Use the PKCS #1 1.5 encoding provided by nettle (2.5) +for encryption and signatures. + +** libgnutls: Added GNUTLS_CERT_SIGNATURE_FAILURE to differentiate between +generic errors and signature verification errors in the verification +functions. + +** libgnutls: Added gnutls_pkcs12_simple_parse() as a helper function +to simplify parsing in most PKCS #12 use cases. + +** libgnutls: gnutls_certificate_set_x509_simple_pkcs12_file() adds +the whole certificate chain (if any) to the credentials structure, instead +of only the end-user certificate. + +** libgnutls: Key import functions such as gnutls_pkcs12_simple_parse() +and gnutls_x509_privkey_import_pkcs8(), return consistently +GNUTLS_E_DECRYPTION_FAILED if the input structure is encrypted but no +password was provided. + +** libgnutls: Added gnutls_handshake_set_timeout() a function that +allows to set the maximum time spent in a handshake. + +** libgnutlsxx: Added session::set_transport_vec_push_function. Patch +by Alexandre Bique. + +** tpmtool: Added. It is a tool to generate private keys in the +TPM. + +** gnutls-cli: --benchmark-tls was split to --benchmark-tls-kx +and --benchmark-tls-ciphers + +** certtool: generated PKCS #12 structures may hold more than one +private key. Patch by Lucas Fisher. + +** certtool: Added option --null-password to generate/decrypt keys +that use a NULL password (in schemas that distinguish between NULL +an empty passwords). + +** minitasn1: Upgraded to libtasn1 version 2.13. + +** API and ABI modifications: +GNUTLS_CERT_SIGNATURE_FAILURE: Added +GNUTLS_CAMELLIA_192_CBC: Added +GNUTLS_PKCS_NULL_PASSWORD: Added +gnutls_url_is_supported: Added +gnutls_pkcs11_obj_list_import_url2: Added +gnutls_pkcs11_obj_set_pin_function: Added +gnutls_pkcs11_privkey_set_pin_function: Added +gnutls_pkcs11_get_pin_function: Added +gnutls_privkey_import_tpm_raw: Added +gnutls_privkey_import_tpm_url: Added +gnutls_privkey_import_pkcs11_url: Added +gnutls_privkey_import_openpgp_raw: Added +gnutls_privkey_import_x509_raw: Added +gnutls_privkey_import_ext2: Added +gnutls_privkey_import_url: Added +gnutls_privkey_set_pin_function: Added +gnutls_tpm_privkey_generate: Added +gnutls_tpm_key_list_deinit: Added +gnutls_tpm_key_list_get_url: Added +gnutls_tpm_get_registered: Added +gnutls_tpm_privkey_delete: Added +gnutls_pubkey_import_tpm_raw: Added +gnutls_pubkey_import_tpm_url: Added +gnutls_pubkey_import_url: Added +gnutls_pubkey_verify_hash2: Added +gnutls_pubkey_set_pin_function: Added +gnutls_x509_privkey_import2: Added +gnutls_x509_privkey_import_openssl: Added +gnutls_x509_crt_set_pin_function: Added +gnutls_load_file: Added +gnutls_pkcs12_simple_parse: Added +gnutls_certificate_set_x509_system_trust: Added +gnutls_certificate_set_pin_function: Added +gnutls_x509_trust_list_add_system_trust: Added +gnutls_x509_trust_list_add_trust_file: Added +gnutls_x509_trust_list_add_trust_mem: Added +gnutls_pk_to_sign: Added +gnutls_handshake_set_timeout: Added +gnutls_pubkey_verify_hash: Deprecated (use gnutls_pubkey_verify_hash2) +gnutls_pubkey_verify_data: Deprecated (use gnutls_pubkey_verify_data2) + + +* Version 3.0.22 (released 2012-08-04) + +** libgnutls: gnutls_certificate_set_x509_system_trust() +is now supported on OpenBSD. + +** libgnutls: When verifying a certificate chain make sure it is chain. +If the chain is wronly interrupted at some point then truncate it, +and only try to verify the correct part. Patch by David Woodhouse + +** libgnutls: Restored the behavior of gnutls_x509_privkey_import_pkcs8() +which now may (again) accept a NULL password. + +** certtool: Allow the user to choose the hash algorithm +when signing certificate request or certificate revocation list. +Patch by Petr Písař. + +** API and ABI modifications: +No changes since last version. + + +* Version 3.0.21 (released 2012-07-02) + +** libgnutls: fixed bug in gnutls_x509_privkey_import() +that prevented the loading of EC private keys when DER +encoded. Reported by David Woodhouse. + +** libgnutls: In DTLS larger to mtu records result to +GNUTLS_E_LARGE_PACKET instead of being truncated. + +** libgnutls: gnutls_dtls_get_data_mtu() is more precise. Based +on patch by David Woodhouse. + +** libgnutls: Fixed memory leak in PKCS #8 key import. + +** libgnutls: Added support for an old version of the DTLS protocol +used by openconnect vpn client for compatibility with Cisco's AnyConnect +SSL VPN. It is marked as GNUTLS_DTLS0_9. Do not use it for newer protocols +as it has issues. + +** libgnutls: Corrected bug that prevented resolving PKCS #11 URLs +if only the label is specified. Patch by David Woodhouse. + +** libgnutls: When EMSGSIZE errno is seen then GNUTLS_E_LARGE_PACKET +is returned. + +** API and ABI modifications: +gnutls_dtls_set_data_mtu: Added +gnutls_session_set_premaster: Added + + +* Version 3.0.20 (released 2012-06-05) + +** libgnutls: Corrected bug which prevented the parsing of +handshake packets spanning multiple records. + +** libgnutls: Check key identifiers when checking for an issuer. + +** libgnutls: Added gnutls_pubkey_verify_hash2() + +** libgnutls: Added gnutls_certificate_set_x509_system_trust() +that loads the trusted CA certificates from system locations +(e.g. trusted storage in windows and CA bundle files in other systems). + +** certtool: Added support for the URI subject alternative +name type in certtool. + +** certtool: Increase to 128 the maximum number of distinct options +(e.g. dns_names) allowed. + +** gnutls-cli: If --print-cert is given, print the certificate, +even on verification failure. + +** API and ABI modifications: +gnutls_pk_to_sign: Added +gnutls_pubkey_verify_hash2: Added +gnutls_certificate_set_x509_system_trust: Added + + +* Version 3.0.19 (released 2012-04-22) + +** libgnutls: When decoding a PKCS #11 URL the pin-source field +is assumed to be a file that stores the pin. Based on patch +by David Smith. + +** libgnutls: gnutls_record_check_pending() no longer +returns unprocessed data, and thus ensure the non-blocking +of the next call to gnutls_record_recv(). + +** libgnutls: Added strict tests in Diffie-Hellman and +SRP key exchange public keys. + +** libgnutls: in ECDSA and DSA TLS 1.2 authentication be less +strict in hash selection, and allow a stronger hash to +be used than the appropriate, to improve interoperability +with openssl. + +** tests: Disabled floating point test, and corrections +in pkcs12 decoding tests. + +** API and ABI modifications: +No changes since last version. + + +* Version 3.0.18 (released 2012-04-02) + +** certtool: Avoid a Y2K38 bug when generating certificates. +Patch by Robert Millan. + +** libgnutls: Make sure that GNUTLS_E_PREMATURE_TERMINATION +is returned on premature termination (and added unit test). + +** libgnutls: Fixes for W64 API. Patch by B. Scott Michel. + +** libgnutls: Corrected VIA padlock detection for old +VIA processors. Reported by Kris Karas. + +** libgnutls: Updated assembler files. + +** libgnutls: Time in generated certificates is stored +as GeneralizedTime instead of UTCTime (which only stores +2 digits of a year). + +** minitasn1: Upgraded to libtasn1 version 2.13 (pre-release). + +** API and ABI modifications: +gnutls_x509_crt_set_private_key_usage_period: Added +gnutls_x509_crt_get_private_key_usage_period: Added +gnutls_x509_crq_set_private_key_usage_period: Added +gnutls_x509_crq_get_private_key_usage_period: Added +gnutls_session_get_random: Added + + +* Version 3.0.17 (released 2012-03-17) + +** command line apps: Always link with local libopts. + +** API and ABI modifications: +No changes since last version. + + +* Version 3.0.16 (released 2012-03-16) + +** minitasn1: Upgraded to libtasn1 version 2.12 (pre-release). + +** libgnutls: Corrected SRP-RSA ciphersuites when used under TLS 1.2. + +** libgnutls: included assembler files for MacOSX. + +** p11tool: Small fixes in handling of the --private command +line option. + +** certtool: The template option allows for setting the domain +component (DC) option of the distinguished name, and the ocsp_uri +as well as the ca_issuers_uri options. + +** API and ABI modifications: +gnutls_x509_crt_set_authority_info_access: Added + + +* Version 3.0.15 (released 2012-03-02) + +** test suite: Only run under valgrind in the development +system (the full git repository) + +** command line apps: Link with local libopts if the +installed is an old one. + +** libgnutls: Eliminate double free during SRP +authentication. Reported by Peter Penzov. + +** libgnutls: Corrections in record packet parsing. +Reported by Matthew Hall. + +** libgnutls: Cryptodev updates and fixes. + +** libgnutls: Corrected issue with select() that affected +FreeBSD. This prevented establishing DTLS sessions. +Reported by Andreas Metzler. + +** libgnutls: Corrected rehandshake and resumption +operations in DTLS. Reported by Sean Buckheister. + +** libgnutls: PKCS #11 objects that do not have ID +no longer crash listing. Reported by Sven Geggus. + +** API and ABI modifications: +No changes since last version. + + +* Version 3.0.14 (released 2012-02-24) + +** command line apps: Included libopts doesn't get installed +by default. + +** libgnutls: Eliminate double free on wrongly formatted +certificate list. Reported by Remi Gacogne. + +** libgnutls: cryptodev code corrected, updated to account +for hashes and GCM mode. + +** libgnutls: Eliminated memory leak in PCKS #11 initialization. +Report and fix by Sam Varshavchik. + +** API and ABI modifications: +No changes since last version. + + +* Version 3.0.13 (released 2012-02-18) + +** gnutls-cli: added the --ocsp option which will verify +the peer's certificate with OCSP. + +** gnutls-cli: added the --tofu option and if specified, gnutls-cli +will use an ssh-style authentication method. + +** gnutls-cli: if no --x509cafile is provided a default is +assumed (/etc/ssl/certs/ca-certificates.crt), if it exists. + +** ocsptool: Added --ask parameter, to verify a certificate's +status from an ocsp server. + +** command line apps: Use gnu autogen (libopts) to parse command +line arguments and template files. + +** tests: Added stress test for DTLS packet losses and +out-of-order receival. Contributed by Sean Buckheister. + +** libgnutls: Several updates and corrections in the DTLS +DTLS lost packet handling and retransmission timeouts. +Report and patches by Sean Buckheister. + +** libgnutls: Added new functions to easily allow the usage of +a trust on first use (SSH-style) authentication. + +** libgnutls: SUITEB128 and SUITEB192 priority strings account +for the RFC6460 requirements. + +** libgnutls: Added new security parameter GNUTLS_SEC_PARAM_LEGACY +to account for security level of 96-bits. + +** libgnutls: In client side if server does not advertise any +known CAs and only a single certificate is set in the credentials, +sent that one. + +** libgnutls: Added functions to parse authority key identifiers +when stored as a 'general name' and serial combo. + +** libgnutls: Added function to force explicit reinitialization +of PKCS #11 modules. This is required on the child process after +a fork (if PKCS #11 functionality is desirable). + +** libgnutls: Depend on p11-kit 0.11. + +** API and ABI modifications: +gnutls_dtls_get_timeout: Added +gnutls_verify_stored_pubkey: Added +gnutls_store_pubkey: Added +gnutls_store_commitment: Added +gnutls_x509_crt_get_authority_key_gn_serial: Added +gnutls_x509_crl_get_authority_key_gn_serial: Added +gnutls_pkcs11_reinit: Added +gnutls_ecc_curve_list: Added +gnutls_priority_certificate_type_list: Added +gnutls_priority_sign_list: Added +gnutls_priority_protocol_list: Added +gnutls_priority_compression_list: Added +gnutls_priority_ecc_curve_list: Added +gnutls_tdb_init: Added +gnutls_tdb_set_store_func: Added +gnutls_tdb_set_store_commitment_func: Added +gnutls_tdb_set_verify_func: Added +gnutls_tdb_deinit: Added + + +* Version 3.0.12 (released 2012-01-20) + +** libgnutls: Added OCSP support. +There is a new header file gnutls/ocsp.h and a set of new functions +under the gnutls_ocsp namespace. Currently the functionality provided +is to parse and extract information from OCSP requests/responses, to +generate OCSP requests and to verify OCSP responses. See the manual +for more information. Run ./configure with --disable-ocsp to build +GnuTLS without OCSP support. + +This work was sponsored by Smoothwall . + +** ocsptool: Added new command line tool. +The tool can parse OCSP request/responses, generate OCSP requests and +verify OCSP responses. See the manual for more information. + +** certtool: --outder option now works for private +and public keys as well. + +** libgnutls: Added error code GNUTLS_E_NO_PRIORITIES_WERE_SET +to warn when no or insufficient priorities were set. + +** libgnutls: Corrected an alignment issue in ECDH +key generation which prevented some keys from being +correctly aligned in rare circumstances. + +** libgnutls: Corrected memory leaks in DH parameter +generation and ecc_projective_check_point(). + +** libgnutls: Added gnutls_x509_dn_oid_name() to +return a descriptive name of a DN OID. + +** API and ABI modifications: +gnutls_pubkey_encrypt_data: Added +gnutls_x509_dn_oid_name: Added +gnutls_session_resumption_requested: Added +gnutls/ocsp.h: Added new header file. +gnutls_ocsp_print_formats_t: Added new type. +gnutls_ocsp_resp_status_t: Added new type. +gnutls_ocsp_cert_status_t: Added new type. +gnutls_x509_crl_reason_t: Added new type. +gnutls_ocsp_req_add_cert: Added. +gnutls_ocsp_req_add_cert_id: Added. +gnutls_ocsp_req_deinit: Added. +gnutls_ocsp_req_export: Added. +gnutls_ocsp_req_get_cert_id: Added. +gnutls_ocsp_req_get_extension: Added. +gnutls_ocsp_req_get_nonce: Added. +gnutls_ocsp_req_get_version: Added. +gnutls_ocsp_req_import: Added. +gnutls_ocsp_req_init: Added. +gnutls_ocsp_req_print: Added. +gnutls_ocsp_req_randomize_nonce: Added. +gnutls_ocsp_req_set_extension: Added. +gnutls_ocsp_req_set_nonce: Added. +gnutls_ocsp_resp_deinit: Added. +gnutls_ocsp_resp_export: Added. +gnutls_ocsp_resp_get_certs: Added. +gnutls_ocsp_resp_get_extension: Added. +gnutls_ocsp_resp_get_nonce: Added. +gnutls_ocsp_resp_get_produced: Added. +gnutls_ocsp_resp_get_responder: Added. +gnutls_ocsp_resp_get_response: Added. +gnutls_ocsp_resp_get_signature: Added. +gnutls_ocsp_resp_get_signature_algorithm: Added. +gnutls_ocsp_resp_get_single: Added. +gnutls_ocsp_resp_get_status: Added. +gnutls_ocsp_resp_get_version: Added. +gnutls_ocsp_resp_import: Added. +gnutls_ocsp_resp_init: Added. +gnutls_ocsp_resp_print: Added. +gnutls_ocsp_resp_verify: Added. + +* Version 3.0.11 (released 2012-01-06) + +** libgnutls: Corrected functionality of +gnutls_record_get_direction(). Reported by Philip Allison. + +** libgnutls: Provide less timing information when decoding +TLS/DTLS record packets. Patch by Nadhem Alfardan. + +** API and ABI modifications: +No changes since last version. + + +* Version 3.0.10 (released 2012-01-04) + +** gnutls-cli/serv: Set don't fragment bit in DTLS sessions +in Linux as well as in BSD. + +** gnutls-cli: Fixed reading from windows terminals. + +** libgnutls: When GNUTLS_OPENPGP_FMT_BASE64 is specified +the stream is assumed to be base64 encoded (previously +the encoding was auto-detected). This avoids a decoding +issue in windows systems. + +** libgnutls: Corrected ciphersuite GNUTLS_ECDHE_PSK_AES_256_CBC_SHA384 + +** libgnutls: Added ciphersuites: GNUTLS_PSK_WITH_AES_256_GCM_SHA384 +and GNUTLS_DHE_PSK_WITH_AES_256_GCM_SHA384. + +** libgnutls: Added function gnutls_random_art() to convert +fingerprints to images (currently ascii-art). + +** libgnutls: Corrected bug in DSA private key parsing, which +prevented the verification of the key. + +** API and ABI modifications: +gnutls_random_art: Added + + +* Version 3.0.9 (released 2011-12-13) + +** certtool: Added new parameter --dh-info. + +** certtool: -l option was overloaded so if combined with --priority +it will only list the ciphersuites that are enabled by the given +priority string. + +** libgnutls: Added new priority string %SERVER_PRECEDENCE, which +changes the ciphersuite selection procedure. If specified the server +priorities will be used for selection instead of the client's. + +** libgnutls: Optimizations in Diffie-Hellman parameters generation +and key exchange. + +** libgnutls: When session tickets are negotiated and used in a +session, a server will not store that session data into its cache. + +** libgnutls: Added the SECP192R1 curve. + +** libgnutls: Added gnutls_priority_get_cipher_suite_index() to +allow listing the ciphersuites enabled in a priority structure. +It outputs an index to be used in gnutls_get_cipher_suite_info(). + +** libgnutls: Optimizations in the elliptic curve code --timing +attacks resistant code is only used in ECDSA private key operations. + +** doc: man pages for API functions generation was fixed and are +now added again in the distribution. + +** API and ABI modifications: +GNUTLS_ECC_CURVE_SECP192R1: New curve definition +gnutls_priority_get_cipher_suite_index: Added + + +* Version 3.0.8 (released 2011-11-12) + +** certtool: Certtool -e returns error code on verification +failure. + +** certtool: Verifies parameters of generated keys. + +** libgnutls: Corrected ECC key generation (introduced in 3.0.6) + +** libgnutls: Provide less timing information when decoding +TLS/DTLS record packets. + +** doc: man pages for API functions were removed. +The reason was that the code that auto-generated the man pages missed +many APIs and we couldn't fix it (volunteers welcome). See the info +manual or the GTK-DOC manual instead. + +** API and ABI modifications: +gnutls_x509_privkey_verify_params: Added + + +* Version 3.0.7 (released 2011-11-08) + +** libgnutls: Corrected fix in gnutls_session_get_data() +to report the actual session size when the provided buffer +is not enough. + +** libgnutls: Fixed ciphersuite GNUTLS_ECDHE_RSA_AES_128_CBC_SHA256, +which was using a wrong MAC algorithm. Reported by Fabrice Gautier. + +** API and ABI modifications: +No changes since last version. + + +* Version 3.0.6 (released 2011-11-07) + +** gnutls-guile: Compilation fixes. + +** libgnutls: Fixed possible buffer overflow in +gnutls_session_get_data(). Reported and fix by Alban Crequy. + +** libgnutls: Bug fixes in the ciphersuites with NULL cipher. +Reported by Fabrice Gautier. + +** libgnutls: Bug fixes in ECC code for 64-bit MIPS systems. +Thanks to Joseph Graham for providing access to such a system. + +** libgnutls: Correctly report ECC private key parsing errors. +Reported by Fabrice Gautier. + +** libgnutls: In ECDHE verify that the received point lies on +the selected curve. The ECDHE ciphersuites now take precendence +to plain DHE. + +** API and ABI modifications: +No changes since last version. + + +* Version 3.0.5 (released 2011-10-27) + +** libgnutls-extra: is no more + +** libgnutls: Corrections in order to compile with mingw32. + +** libgnutls: Corrections in VIA padlock code for VIA C5 processor +and new detection of PHE with support for partial hashing. + +** libgnutls: Corrected bug in gnutls_x509_data2hex. Report and fix +by Vincent Untz. + +** minitasn1: Upgraded to libtasn1 version 2.10. + +** API and ABI modifications: +No changes since last version. + + +* Version 3.0.4 (released 2011-10-15) + +** libgnutls-extra: gnutls_register_md5_handler() was +removed. + +** gnutls-cli-debug: Added more tests including AES-GCM, +SHA256 and elliptic curves. + +** gnutls-cli: Added --benchmark-soft-ciphers to benchmark +the software version of the ciphers instead of hw accelerated +(where available) + +** libgnutls: Public key ID calculation is consistent among +all structures. It uses a SHA-1 hash of the subjectPublicKeyInfo. + +** libgnutls: gnutls_privkey_t allows setting external callback +to perform signing or decryption. Can be set using +gnutls_privkey_import_ext() + +** libgnutls: A certificate credentials structure can be +used with a gnutls_privkey_t and a gnutls_pcert_st +structure using gnutls_certificate_set_key(). + +** libgnutls: Fixes to enable external signing callback to +operate with TLS 1.2. + +** libgnutls: Fixed crash when printing ECDSA certificate key +ID. Reported by Erik Jensen. + +** libgnutls: Corrected VIA padlock code for C3. In C3 benchmarks +show a 50x increase in AES speed and a 14x increase in VIA nano. Added +support for hashes and HMACs. + +** libgnutls: Compilation fixed when p11-kit is not detected. + +** libgnutls: Fixed the deflate compression code. + +** libgnutls: Added gnutls_x509_crt_get_authority_info_access. +Used to get the PKIX Authority Information Access (AIA) field. + +** libgnutls: gnutls_x509_crt_print supports printing AIA fields. + +** libgnutls: Added ability to gnutls_privkey_t to operate with +signing callback function. + +** API and ABI modifications: +gnutls_x509_crt_get_authority_info_access (x509.h): Added function. +gnutls_privkey_import_ext: Added function. +gnutls_certificate_set_key: Added function. +gnutls_info_access_what_t (x509.h): Added enum. +GNUTLS_OID_AIA (x509.h): Added symbol. +GNUTLS_OID_AD_OCSP (x509.h): Added symbol. +GNUTLS_OID_AD_CAISSUERS (x509.h): Added symbol. + +* Version 3.0.3 (released 2011-09-18) + +** libgnutls: Added gnutls_record_get_discarded() to return the +number of discarded records in a DTLS session. + +** libgnutls: All functions related to RSA-EXPORT were deprecated. +Support for RSA-EXPORT ciphersuites will be ceased in future versions. + +** libgnutls: Memory leak fixes in credentials private key +deinitialization. Reported by Dan Winship. + +** libgnutls: Memory leak fixes in ECC ciphersuites. + +** libgnutls: Do not send an empty extension structure in server +hello. This affected old implementations that do not support extensions. +Reported by J. Cameijo Cerdeira. + +** libgnutls: Allow CA importing of 0 certificates to succeed. +Reported by Jonathan Nieder in +. + +** libgnutls: Added support for VIA padlock AES optimizations. +(disabled by default) + +** libgnutls: Added support for elliptic curves in +PKCS #11. + +** libgnutls: Added gnutls_pkcs11_privkey_generate() +to allow generating a key in a token. + +** p11tool: Added generate-rsa, generate-dsa and +generate-ecc options to allow generating private +keys in the token. + +** libgnutls: gnutls_transport_set_lowat dummy macro was +removed. + +** API and ABI modifications: +gnutls_pkcs11_privkey_generate: Added +gnutls_pubkey_import_ecc_raw: Added +gnutls_pubkey_import_ecc_x962: Added +gnutls_pubkey_get_pk_ecc_x962: Added +gnutls_record_get_discarded: Added + + +* Version 3.0.2 (released 2011-09-01) + +** libgnutls: OpenPGP certificate type is not enabled +by default. + +** libgnutls: Added %NO_EXTENSIONS priority string. + +** libgnutls: Corrected issue in gnutls_record_recv() +triggered on encryption or compression error. + +** libgnutls: Compatibility fixes in CPU ID detection +for i386 and old GCC. + +** gnutls-cli: Benchmark applications were incorporated +with it. + +** libgnutls: Corrected parsing of XMPP subject +alternative names. + +** libgnutls: Allow for out-of-order ChangeCipherSpec +message in DTLS. + +** libgnutls: gnutls_certificate_set_x509_key() and +gnutls_certificate_set_openpgp_key() operate as in 2.10.x +and allow the release of the private key during the +lifetime of the certificate structure. + +** API and ABI modifications: +GNUTLS_PRIVKEY_IMPORT_COPY: new gnutls_privkey_import() flag + + +* Version 3.0.1 (released 2011-08-20) + +** libgnutls: gnutls_certificate_set_x509_key_file() and +friends support server name indication. If multiple +certificates are set using these functions the proper one +will be selected during a handshake. + +** libgnutls: Added AES-256-GCM which was left out from +the previous release. Reported by Benjamin Hof. + +** libgnutls: When asking for a PKCS# 11 PIN multiple +times, the flags in the callback were not being updated +to reflect for PIN low count or final try. + +** libgnutls: Do not allow second instances of PKCS #11 +modules. + +** libgnutls: fixed alignment issue in AES-NI code. + +** libgnutls: The config file at gnutls_pkcs11_init() +is being read if provided. + +** libgnutls: Ensure that a certificate list specified +using gnutls_certificate_set_x509_key() and friends, is +sorted according to TLS specification (from subject to issuer). + +** libgnutls: Added GNUTLS_X509_CRT_LIST_FAIL_IF_UNSORTED flag for +gnutls_x509_crt_list_import. It checks whether the list to be +imported is properly sorted. + +** crywrap: Added to the distribution. It is an application +that proxies TLS session to a port using a plaintext service. + +** doc: Many GTK-DOC improvements. + +** i18n: Translations were updated. + +** API and ABI modifications: +GNUTLS_X509_CRT_LIST_FAIL_IF_UNSORTED: New element in gnutls_certificate_import_flags +GNUTLS_PKCS11_PIN_WRONG: New flag for PIN callback + + +* Version 3.0.0 (released 2011-07-29) + +** libgnutls: writev_emu: stop on the first incomplete write. Patch by +Sjoerd Simons. + +** libgnutls: Fix zlib handling in gnutls.pc. Patch by Andreas +Metzler. + +** certtool: bug fixes in certificate request generation. Patch +by Petr Písař. + +** API and ABI modifications: +gnutls_pcert_list_import_x509_raw: ADDED + + +* Version 2.99.4 (released 2011-07-23) + +** doc: documentation updates. + +** libgnutls: gnutls_rsa_params_t is now identical to gnutls_x509_privkey_t +to avoid thread-safety issues. Reported by Sam Varshavchik. + +** libgnutls: Added compatibility mode with /etc/gnutls/pkcs11.conf + +** libgnutls: license upgraded to LGPLv3 + +** libgnutls: gnutls_srp_verifier() returns data allocated with gnutls_malloc() +for consistency. + +** API and ABI modifications: +No changes since last version. + + +* Version 2.99.3 (released 2011-06-18) + +** libgnutls: Added new PKCS #11 flags to force an object being private or +not. (GNUTLS_PKCS11_OBJ_FLAG_MARK_PRIVATE and GNUTLS_PKCS11_OBJ_FLAG_MARK_NOT_PRIVATE) + +** libgnutls: Added SUITEB128 and SUITEB192 priority +strings to enable the NSA SuiteB cryptography ciphersuites. + +** libgnutls: Added gnutls_pubkey_verify_data2() that will +verify data provided the signature algorithm. + +** libgnutls: Simplified the handling of handshake messages to +be hashed. Instead of hashing during the handshake process we now +keep the data until handshake is over and hash them on request. +This uses more memory but eliminates issues with TLS 1.2 and +simplifies code. + +** libgnutls: Added AES-GCM optimizations using the PCLMULQDQ +instruction. Uses Andy Polyakov's assembly code. + +** libgnutls: Added gnutls_x509_trust_list_add_named_crt() and +gnutls_x509_trust_list_verify_named_crt() that allow having a +list of certificates in the trusted list that will be associated +with a name (e.g. server name) and will not be used as CAs. + +** libgnutls: PKCS #11 back-end rewritten to use p11-kit +http://p11-glue.freedesktop.org/p11-kit.html. Rewrite by +Stef Walter. + +** libgnutls: Added ECDHE-PSK ciphersuites for TLS (RFC 5489). + +** API and ABI modifications: +gnutls_pubkey_verify_data2: ADDED +gnutls_ecc_curve_get: ADDED +gnutls_x509_trust_list_add_named_crt: ADDED +gnutls_x509_trust_list_verify_named_crt: ADDED +gnutls_x509_privkey_verify_data: REMOVED +gnutls_crypto_bigint_register: REMOVED +gnutls_crypto_cipher_register: REMOVED +gnutls_crypto_digest_register: REMOVED +gnutls_crypto_mac_register: REMOVED +gnutls_crypto_pk_register: REMOVED +gnutls_crypto_rnd_register: REMOVED +gnutls_crypto_single_cipher_register: REMOVED +gnutls_crypto_single_digest_register: REMOVED +gnutls_crypto_single_mac_register: REMOVED +GNUTLS_KX_ECDHE_PSK: New key exchange method +GNUTLS_VERIFY_DISABLE_CRL_CHECKS: New certificate verification flag. +GNUTLS_PKCS11_OBJ_FLAG_MARK_PRIVATE: New PKCS#11 object flag. +GNUTLS_PKCS11_OBJ_FLAG_MARK_NOT_PRIVATE: New PKCS#11 object flag. + + +* Version 2.99.2 (released 2011-05-26) + +** libgnutls: Added Elliptic curve support. This is not +enabled by default. Requires priority strings: ++CURVE-ALL: to add all supported curves ++ECDHE-RSA: to add ephemeral ECDHE with an RSA-signed certificate ++ECDHE-ECDSA: to add ephemeral ECDHE with an ECDSA-signed certificate ++ANON-ECDHE: to add anonymous ECDH + +** libgnutls: PKCS #11 URLs conform to the latest draft +being http://tools.ietf.org/html/draft-pechanec-pkcs11uri-04. + +** certtool: Can now load private keys and public keys from PKCS #11 tokens +via URLs. + +** libgnutls: Added gnutls_global_set_audit_log_function() that allows +to get important auditing information including the corresponding session. +That might be useful to block DoS or other attacker from specific IPs. + +** libgnutls: gnutls_pkcs11_privkey_import_url() will now correctly read +the public key algorithm of the key. + +** libgnutls: Added gnutls_certificate_get_issuer() and +gnutls_x509_trust_list_get_issuer() to compensate for the +missing gnutls_certificate_get_x509_cas(). + +** libgnutls: Added gnutls_x509_crq_verify() to allow +verification of the self signature in a certificate request. +This allows verifying whether the owner of the private key +is the generator of the request. + +** libgnutls: gnutls_x509_crt_set_crq() implicitly verifies +the self signature of the request. + +** API and ABI modifications: +gnutls_certificate_get_issuer: ADDED +gnutls_x509_trust_list_get_issuer: ADDED +gnutls_x509_crq_verify: ADDED +gnutls_global_set_audit_log_function: ADDED +gnutls_ecc_curve_get_name: ADDED +gnutls_ecc_curve_get_size: ADDED +gnutls_x509_privkey_import_ecc_raw: ADDED +gnutls_x509_privkey_export_ecc_raw: ADDED +gnutls_global_set_time_function: ADDED + +GNUTLS_E_ECC_NO_SUPPORTED_CURVES: New error code +GNUTLS_E_ECC_UNSUPPORTED_CURVE: New error code +GNUTLS_KX_ECDHE_RSA: New key exchange method +GNUTLS_KX_ECDHE_ECDSA: New key exchange method +GNUTLS_KX_ANON_ECDH: New key exchange method +GNUTLS_PK_ECC: New public key algorithm +GNUTLS_SIGN_ECDSA_SHA1: New signature algorithm +GNUTLS_SIGN_ECDSA_SHA256: New signature algorithm +GNUTLS_SIGN_ECDSA_SHA384: New signature algorithm +GNUTLS_SIGN_ECDSA_SHA512: New signature algorithm +GNUTLS_SIGN_ECDSA_SHA224: New signature algorithm +GNUTLS_ECC_CURVE_INVALID: New curve definition +GNUTLS_ECC_CURVE_SECP224R1: New curve definition +GNUTLS_ECC_CURVE_SECP256R1: New curve definition +GNUTLS_ECC_CURVE_SECP384R1: New curve definition +GNUTLS_ECC_CURVE_SECP521R1: New curve definition + + +* Version 2.99.1 (released 2011-04-23) + +** libgnutls: LZO support was removed. + +** libgnutls: Corrections in SSLv2 client hello parsing. + +** libgnutls: Added support for AES-NI if detected. Uses +Andy Polyakov's AES-NI code. + +** libgnutls: Restored HMAC-MD5 for compatibility. Although considered +weak, several sites require it for connection. It is enabled for +"NORMAL" and "PERFORMANCE" priority strings. + +** libgnutls: depend on libdl. + +** libgnutls-extra: Dropped support of LZO compression via liblzo. + +** libgnutls: gnutls_transport_set_global_errno() was removed. This +function required GnuTLS to access system specific data, for no reason. +Use gnutls_transport_set_errno(), or your system's errno fascility +instead. + +** libgnutls: Added gnutls_certificate_set_retrieve_function2() +to set a callback to retrieve a certificate. The certificate is +received in a format that requires no processing from gnutls thus +it is suitable when performance is required. + +** API and ABI modifications: +gnutls_transport_set_global_errno: REMOVED +gnutls_certificate_set_retrieve_function2: ADDED + +* Version 2.99.0 (released 2011-04-09) + +** libgnutls: Added Datagram TLS support. + +** libgnutls: Uses a single configure file and a single +gnulib library to save space. + +** libgnutls: Several bug fixes. + +** libgnutls: gnutls_transport_set_lowat() is no more. + +** libgnutls-openssl: modified to use modern gnutls' functions. +This introduces an ABI incompatibility with previous versions. + +** libgnutls: Corrected signature generation and verification +in the Certificate Verify message when in TLS 1.2. Reported +by Todd A. Ouska. + +** libgnutlsxx: The C++ interface returns exception on +every error and not only on fatal ones. This allows easier +handling of errors. + +** libgnutls: Corrected issue in DHE-PSK ciphersuites that ignored +the PSK callback. + +** libgnutls: SRP and PSK are no longer set on the default priorities. +They have to be explicitly set. + +** libgnutls: During handshake message verification using DSS +use the hash algorithm required by it. + +** libgnutls: gnutls_recv() return GNUTLS_E_PREMATURE_TERMINATION +on unexpected EOF, instead of GNUTLS_E_UNEXPECTED_PACKET_LENGTH. + +** libgnutls: Added GCM mode (interoperates with tls.secg.org) + +** libgnutls-extra: Inner application extension was removed. +It was never standardized nor published as an RFC. + +** libgnutls: Added new certificate verification functions, that +can provide more details and are more efficient. Check +gnutls_x509_trust_list_*. + +** certtool: Uses the new certificate verification functions for +--verify-chain. + +** certtool: Added new certificate verification functionality +using the --verify option. Combined with --load-ca-certificate +it can verify a certificate chain against a list of certificates. + +** Several files unnecessarily included ; this has been fixed. + +** API and ABI modifications: +gnutls_dtls_set_timeouts: ADDED +gnutls_dtls_get_mtu: ADDED +gnutls_dtls_get_data_mtu: ADDED +gnutls_dtls_set_mtu: ADDED +gnutls_dtls_cookie_send: ADDED +gnutls_dtls_cookie_verify: ADDED +gnutls_dtls_prestate_set: ADDED +gnutls_x509_trust_list_verify_crt: ADDED +gnutls_x509_trust_list_add_crls: ADDED +gnutls_x509_trust_list_add_cas: ADDED +gnutls_x509_trust_list_init: ADDED +gnutls_x509_trust_list_deinit: ADDED +gnutls_cipher_add_auth: ADDED +gnutls_cipher_tag: ADDED +gnutls_psk_netconf_derive_key: REMOVED +gnutls_certificate_verify_peers: REMOVED +gnutls_session_set_finished_function: REMOVED +gnutls_ext_register: REMOVED +gnutls_certificate_get_x509_crls: REMOVED +gnutls_certificate_get_x509_cas: REMOVED +gnutls_certificate_get_openpgp_keyring: REMOVED +gnutls_session_get_server_random: REMOVED +gnutls_session_get_client_random: REMOVED +gnutls_session_get_master_secret: REMOVED +gnutls_ia_allocate_client_credentials: REMOVED +gnutls_ia_allocate_server_credentials: REMOVED +gnutls_ia_enable: REMOVED +gnutls_ia_endphase_send: REMOVED +gnutls_ia_extract_inner_secret: REMOVED +gnutls_ia_free_client_credentials: REMOVED +gnutls_ia_free_server_credentials: REMOVED +gnutls_ia_generate_challenge: REMOVED +gnutls_ia_get_client_avp_ptr: REMOVED +gnutls_ia_get_server_avp_ptr: REMOVED +gnutls_ia_handshake: REMOVED +gnutls_ia_handshake_p: REMOVED +gnutls_ia_permute_inner_secret: REMOVED +gnutls_ia_recv: REMOVED +gnutls_ia_send: REMOVED +gnutls_ia_set_client_avp_function: REMOVED +gnutls_ia_set_client_avp_ptr: REMOVED +gnutls_ia_set_server_avp_function: REMOVED +gnutls_ia_set_server_avp_ptr: REMOVED +gnutls_ia_verify_endphase: REMOVED + + +* Version 2.12.2 (released 2011-04-08) + +** libgnutls: Several updates and fixes for win32. Patches by LRN. + +** libgnutls: Several bug and memory leak fixes. + +** srptool: Accepts the -d option to enable debugging. + +** libgnutls: Corrected bug in gnutls_srp_verifier() that prevented +the allocation of a verifier. Reported by Andrew Wiseman. + +** API and ABI modifications: +No changes since last version. + + +* Version 2.12.1 (released 2011-04-02) + +** certtool: Generated certificate request with stricter permissions. +Reported by Luca Capello. + +** libgnutls: Bug fixes in opencdk code. Reported by Vitaly Kruglikov. + +** libgnutls: Corrected windows system_errno() function prototype. + +** libgnutls: C++ compatibility fix for compat.h. Reported by Mark Brand. + +** libgnutls: Fix size of gnutls_openpgp_keyid_t by using the +GNUTLS_OPENPGP_KEYID_SIZE definition. Reported by Andreas Metzler. + +** API and ABI modifications: +No changes since last version. + + + + +* Version 2.12.0 (released 2011-03-24) + +** certtool: Warns on generation of DSA keys of over 1024 bits, about +the incompatibility with TLS other than 1.2. + +** libgnutls: Modified signature algorithm selection in client +certificate request, to avoid failures in DSA certificates. + +** libgnutls: Instead of failing with internal error, return +GNUTLS_E_INCOMPAT_DSA_KEY_WITH_TLS_PROTOCOL if an incompatible DSA +key with the negotiated protocol is encountered. + +** libgnutls: Bug fixes in the RSA ciphersuite behavior with openpgp keys. + +** libgnutls: Force state update when fork is detected in the nettle +rng. + +** libgnutls: modified gnutls_pubkey_import_openpgp() to use the preferred +subkey instead of setting explicitly one. + +** libgnutls: Corrected default behavior in record version of Client Hellos. + +** libgnutls-openssl: modified to use modern gnutls' functions. +This introduces an ABI incompatibility with previous versions. + +** API and ABI modifications: +gnutls_pubkey_import_openpgp: MODIFIED + + +* Version 2.11.7 + +** libgnutls: The deprecated gnutls_x509_privkey_sign_hash() was +replaced by gnutls_privkey_sign_hash2(). + +** libgnutls: gnutls_pubkey_verify_data, gnutls_pubkey_verify_hash, +gnutls_x509_privkey_verify_data, gnutls_x509_crt_verify_data, +gnutls_x509_crt_verify_hash return the negative error code +GNUTLS_E_PK_SIG_VERIFY_FAILED if verification fails to simplify error +checking. + +** libgnutls: Added helper functions for signature verification: +gnutls_pubkey_verify_data() and gnutls_pubkey_import_privkey(). + +** libgnutls: Modified gnutls_privkey_sign_data(). + +** gnutls_x509_crl_privkey_sign2(), gnutls_x509_crq_sign2() +gnutls_x509_privkey_sign_hash(), gnutls_x509_privkey_sign_data(), +gnutls_x509_crt_verify_hash(), gnutls_x509_crt_verify_data(), were +deprecated for gnutls_x509_crl_privkey_sign(), +gnutls_x509_crq_privkey_sign(), gnutls_privkey_sign_hash(), +gnutls_privkey_sign_data(), gnutls_pubkey_verify_hash() +gnutls_pubkey_verify_data() respectively. + +** libgnutls: gnutls_*_export_raw() functions now add leading zero in +integers. + +** libgnutls: Added convenience functions gnutls_x509_crl_list_import2() +and gnutls_x509_crt_list_import2(). + +** crypto.h: Fix use with C++. +Reported by "Brendan Doherty" . + +** API and ABI modifications: +gnutls_x509_crl_list_import: ADDED +gnutls_x509_crl_list_import2: ADDED +gnutls_x509_crt_list_import2: ADDED +gnutls_x509_crl_get_raw_issuer_dn: ADDED +gnutls_pubkey_import_privkey: ADDED +gnutls_pubkey_verify_data: ADDED +gnutls_privkey_sign_hash: MODIFIED (was added in 2.11.0) +gnutls_privkey_sign_data: MODIFIED (was added in 2.11.0) +gnutls_x509_crq_sign2: DEPRECATED (use: gnutls_x509_crq_privkey_sign) +gnutls_x509_crq_sign: DEPRECATED (use: gnutls_x509_crq_privkey_sign) +gnutls_x509_crq_get_preferred_hash_algorithm: REMOVED (was added in 2.11.0) +gnutls_x509_crl_sign: DEPRECATED (use: gnutls_x509_crl_privkey_sign) +gnutls_x509_crl_sign2: DEPRECATED (use: gnutls_x509_crl_privkey_sign) +gnutls_x509_privkey_sign_data: DEPRECATED (use: gnutls_privkey_sign_data2) +gnutls_x509_privkey_sign_hash: DEPRECATED (use: gnutls_privkey_sign_hash2) +gnutls_x509_privkey_verify_data: DEPRECATED (use: gnutls_pubkey_verify_data) +gnutls_session_set_finished_function: DEPRECATED +gnutls_x509_crt_verify_hash: DEPRECATED (use: gnutls_pubkey_verify_hash) +gnutls_x509_crt_verify_data: DEPRECATED (use: gnutls_pubkey_verify_data) +gnutls_x509_crt_get_verify_algorithm: DEPRECATED (use: gnutls_pubkey_get_verify_algorithm) +gnutls_x509_crt_get_preferred_hash_algorithm: DEPRECATED (use: gnutls_pubkey_get_preferred_hash_algorithm) +gnutls_openpgp_privkey_sign_hash: DEPRECATED (use: gnutls_privkey_sign_hash2) +gnutls_pkcs11_privkey_sign_hash: REMOVED (was added in 2.11.0) +gnutls_pkcs11_privkey_decrypt_data: REMOVED (was added in 2.11.0) +gnutls_privkey_sign_hash: REMOVED (was added in 2.11.0) + +* Version 2.11.6 (released 2010-12-06) + +** libgnutls: Record version of Client Hellos is now set by default to +SSL 3.0. To restore the previous default behavior use %LATEST_RECORD_VERSION +priority string. + +** libgnutls: Use ASN1_NULL when writing parameters for RSA signatures. +This makes us comply with RFC3279. Reported by Michael Rommel. + +** gnutls-serv: Corrected a buffer overflow. Reported and patch by Tomas Mraz. + +** API and ABI modifications: +No changes since last version. + +* Version 2.11.5 (released 2010-12-01) + +** libgnutls: Reverted default behavior for verification and +introduced GNUTLS_VERIFY_DO_NOT_ALLOW_X509_V1_CA_CRT. Thus by default +V1 trusted CAs are allowed, unless the new flag is specified. + +** libgnutls: Correctly add leading zero to PKCS #8 encoded DSA key. +Reported by Jeffrey Walton. + +** libgnutls: Added SIGN-ALL, CTYPE-ALL, COMP-ALL, and VERS-TLS-ALL +as priority strings. Those allow to set all the supported algorithms +at once. + +** p11tool: Introduced. It allows manipulating pkcs 11 tokens. + +** gnutls-cli: Print channel binding only in verbose mode. +Before it printed it after the 'Compression:' output, thus breaking +Emacs starttls.el string searches. + +** API and ABI modifications: +gnutls_pkcs11_token_init: New function +gnutls_pkcs11_token_set_pin: New function + +* Version 2.11.4 (released 2010-10-15) + +** libgnutls: Add new API gnutls_session_channel_binding. +The function is used to get the channel binding data. Currently only +the "tls-unique" (RFC 5929) channel binding type is supported, through +the GNUTLS_CB_TLS_UNIQUE type. See new section "Channel Bindings" in +the manual. + +** gnutls-cli, gnutls-serv: Print 'tls-unique' Channel Bindings. + +** doc: Added pkcs11.h header file to GTK-DOC manual. + +** build: Update gnulib files. + +** i18n: Update translations. + +** tests: Add self tests gendh.c. Speed up Guile self checks. + +** API and ABI modifications: +gnutls_session_channel_binding: New function. +gnutls_channel_binding_t: New enumeration. +GNUTLS_CB_TLS_UNIQUE: New gnutls_channel_binding_t enum member. +GNUTLS_E_CHANNEL_BINDING_NOT_AVAILABLE: New error code. + +* Version 2.11.3 (released 2010-10-14) + +** Indent code to follow the GNU Coding Standard. +You should be able to unpack the 2.11.2 release and run 'make indent' +twice to get exactly the same content as 2.11.3 except for generated +files. Using GNU Indent 2.2.11. + +** API and ABI modifications: +No changes since last version. + +* Version 2.11.2 (released 2010-10-08) + +** libgnutls: Several bug fixes on session resumption +and session tickets support. + +** libgnutls: Add new extended key usage ipsecIKE. + +** certtool: Renamed PKCS #11 options to: --p11-provider, +--p11-export-url, --p11-list-certs, --p11-list-certs, +--p11-list-privkeys, --p11-list-trusted, --p11-list-all-certs, +--p11-list-all, --p11-list-tokens, --p11-login, --p11-write, +--p11-write-label, --p11-write-trusted, --p11-detailed-url, +--p11-delete-url + +** libgnutls: Corrected bug that caused importing DSA keys as RSA, +introduced with the new nettle code. + +** libgnutls: Corrected advertizing issue for session tickets. + +** API and ABI modifications: +gnutls_x509_crt_get_subject_unique_id: ADDED. +gnutls_x509_crt_get_issuer_unique_id: ADDED. + +* Version 2.11.1 (released 2010-09-14) + +** libgnutls: Nettle is the default crypto back end. Use --with-libgcrypt +to use the libgcrypt back end. + +** libgnutls: Depend on nettle 2.1. This makes nettle a fully working +backend crypto library. + +** libgnutls: Added RSA_NULL_SHA1 and SHA256 ciphersuites. + +** libgnutls: Several updates in the buffering internal interface. + +** libgnutls: Is now more liberal in the PEM decoding. That is spaces and +tabs are being skipped. + +** libgnutls: Added support for draft-pechanec-pkcs11uri-02. + +** libgnutls: The %COMPAT flag now allows larger records that violate the +TLS spec. + +** libgnutls: by default lowat level has been set to zero to avoid unnecessary +system calls. Applications that depended on it being 1 should explicitly call +gnutls_transport_set_lowat(). + +** libgnutls: Updated documentation and gnutls_pk_params_t mappings +to ECRYPT II recommendations. Mappings were moved to a single location +and DSA keys are handled differently (since DSA2 allows for 1024,2048 +and 3072 keys only). + +** libgnutls: gnutls_x509_privkey_import() will fallback to +gnutls_x509_privkey_import_pkcs8() without a password, if it +is unable to decode the key. + +** libgnutls: HMAC-MD5 no longer used by default. + +** API and ABI modifications: +gnutls_openpgp_privkey_sec_param: ADDED +gnutls_x509_privkey_sec_param: ADDED + +* Version 2.11.0 (released 2010-07-22) + +** libgnutls: support scattered write using writev(). This takes +advantage of the new buffering layer and allows queuing of packets +and flushing them. This is currently used for handshake messages +only. + +** libgnutls: Added gnutls_global_set_mutex() to allow setting +alternative locking procedures. By default the system available +locking is used. In *NIX pthreads are used and in windows the +critical section API. This follows a different approach than the +previous versions that depended on libgcrypt initialization. The +locks are now set by default in systems that support it. Programs +that used gcry_control() to set thread locks should insert it into +a block of +#if GNUTLS_VERSION_NUMBER <= 0x020b00 + gcry_control(...) +#endif + +** libgnutls: Added support for reading DN from EV-certificates. +New DN values: +jurisdictionOfIncorporationLocalityName, +jurisdictionOfIncorporationStateOrProvinceName, +jurisdictionOfIncorporationCountryName + +** libgnutls: Added support for DSA signing/verifying with bit +length over 1024. + +** libgnutls-extra: When in FIPS mode gnutls_global_init_extra() +has to be called to register any required md5 handlers. + +** libgnutls: Internal buffering code was replaced by simpler +code contributed by Jonathan Bastien-Filiatrault. + +** libgnutls: Internal API for extensions augmented to allow +safe storing and loading of data on resumption. This allows writing +self-contained extensions (when possible). As a side effect +the OPRFI extension was removed. + +** libgnutls: Added support for DSA-SHA256 and DSA-SHA224 + +** libgnutls: Added PKCS #11 support and an API to access objects in +gnutls/pkcs11.h. Currently certificates and public keys can be +imported from tokens, and operations can be performed on private keys. + +** libgnutls: Added abstract gnutls_privkey_t and gnutls_pubkey_t + +** libgnutls: Added initial support for the nettle library. It uses +the system's random generator for seeding. That is /dev/urandom in Linux, +system calls in Win32 and EGD on other systems. + +** libgnutls: Corrected issue on the %SSL3_RECORD_VERSION priority string. It now + works even when resuming a session. + +** libgnutls: Added gnutls_certificate_set_retrieve_function() to replace the +similar gnutls_certificate_set_server_retrieve_function() and +gnutls_certificate_set_client_retrieve_function(). In addition it support +PKCS #11 private keys. + +** libgnutls: Added gnutls_pkcs11_copy_x509_crt(), gnutls_pkcs11_copy_x509_privkey(), +and gnutls_pkcs11_delete_url() to allow copying and deleting data in tokens. + +** libgnutls: Added gnutls_sec_param_to_pk_bits() et al. to allow select bit +sizes for private keys using a human understandable scale. + +** certtool: Added new options: --pkcs11-list-tokens, --pkcs11-list-all +--pkcs11-list-all-certs, --pkcs11-list-trusted, --pkcs11-list-certs, +--pkcs11-delete-url, --pkcs11-write + +certtool: The --pkcs-cipher is taken into account when generating a +private key. The default cipher used now is aes-128. The old behavior can +be simulated by specifying "--pkcs-cipher 3des-pkcs12". + +certtool: Added --certificate-pubkey to print the public key of the +certificate. + +** gnutls-cli/gnutls-serv: --x509cafile, --x509certfile and --x509keyfile +can now accept a PKCS #11 URL in addition to a file. This will allow for +example to use the Gnome-keyring trusted certificate list to verify +connections using a url such as: +pkcs11:token=Root%20CA%20Certificates;serial=1%3AROOTS%3ADEFAULT;model=1%2E0;manufacturer=Gnome%20Keyring + +** API and ABI modifications: +gnutls_certificate_set_server_retrieve_function: DEPRECATED +gnutls_certificate_set_client_retrieve_function: DEPRECATED +gnutls_sign_callback_set: DEPRECATED +gnutls_global_set_mutex: ADDED +gnutls_pubkey_get_preferred_hash_algorithm: ADDED +gnutls_x509_crt_get_preferred_hash_algorithm: ADDED +gnutls_x509_privkey_export_rsa_raw2: ADDED +gnutls_rnd: ADDED +gnutls_sec_param_to_pk_bits: ADDED +gnutls_pk_bits_to_sec_param: ADDED +gnutls_sec_param_get_name: ADDED +gnutls_pkcs11_type_get_name: ADDED +gnutls_certificate_set_retrieve_function: ADDED +gnutls_pkcs11_init: ADDED +gnutls_pkcs11_deinit: ADDED +gnutls_pkcs11_set_pin_function: ADDED +gnutls_pkcs11_set_token_function: ADDED +gnutls_pkcs11_add_provider: ADDED +gnutls_pkcs11_obj_init: ADDED +gnutls_pkcs11_obj_import_url: ADDED +gnutls_pkcs11_obj_export_url: ADDED +gnutls_pkcs11_obj_deinit: ADDED +gnutls_pkcs11_obj_export: ADDED +gnutls_pkcs11_obj_list_import_url: ADDED +gnutls_pkcs11_obj_export: ADDED +gnutls_x509_crt_import_pkcs11: ADDED +gnutls_pkcs11_obj_get_type: ADDED +gnutls_x509_crt_list_import_pkcs11: ADDED +gnutls_x509_crt_import_pkcs11_url: ADDED +gnutls_pkcs11_obj_get_info: ADDED +gnutls_pkcs11_token_get_info: ADDED +gnutls_pkcs11_token_get_url: ADDED +gnutls_pkcs11_privkey_init: ADDED +gnutls_pkcs11_privkey_deinit: ADDED +gnutls_pkcs11_privkey_get_pk_algorithm: ADDED +gnutls_pkcs11_privkey_get_info: ADDED +gnutls_pkcs11_privkey_import_url: ADDED +gnutls_pkcs11_privkey_sign_data: ADDED +gnutls_pkcs11_privkey_sign_hash: ADDED +gnutls_pkcs11_privkey_decrypt_data: ADDED +gnutls_privkey_init: ADDED +gnutls_privkey_deinit: ADDED +gnutls_privkey_get_pk_algorithm: ADDED +gnutls_privkey_get_type: ADDED +gnutls_privkey_import_pkcs11: ADDED +gnutls_privkey_import_x509: ADDED +gnutls_privkey_import_openpgp: ADDED +gnutls_privkey_sign_data: ADDED +gnutls_privkey_sign_hash: ADDED +gnutls_privkey_decrypt_data: ADDED +gnutls_pkcs11_privkey_export_url: ADDED +gnutls_x509_crq_privkey_sign: ADDED +gnutls_x509_crl_privkey_sign: ADDED +gnutls_x509_crt_privkey_sign: ADDED +gnutls_pubkey_init: ADDED +gnutls_pubkey_deinit: ADDED +gnutls_pubkey_get_pk_algorithm: ADDED +gnutls_pubkey_import_x509: ADDED +gnutls_pubkey_import_openpgp: ADDED +gnutls_pubkey_get_pk_rsa_raw: ADDED +gnutls_pubkey_get_pk_dsa_raw: ADDED +gnutls_pubkey_export: ADDED +gnutls_pubkey_get_key_id: ADDED +gnutls_pubkey_get_key_usage: ADDED +gnutls_pubkey_verify_hash: ADDED +gnutls_pubkey_get_verify_algorithm: ADDED +gnutls_pkcs11_type_get_name: ADDED +gnutls_pubkey_import_pkcs11_url: ADDED +gnutls_pubkey_import: ADDED +gnutls_pubkey_import_pkcs11: ADDED +gnutls_pubkey_import_dsa_raw: ADDED +gnutls_pubkey_import_rsa_raw: ADDED +gnutls_x509_crt_set_pubkey: ADDED +gnutls_x509_crq_set_pubkey: ADDED +gnutls_pkcs11_copy_x509_crt: ADDED +gnutls_pkcs11_copy_x509_privkey: ADDED +gnutls_pkcs11_delete_url: ADDED + +* Version 2.10.1 (released 2010-07-25) + +** libgnutls: Added support for broken certificates that indicate RSA +with strange OIDs. + +** gnutls-cli: Allow verification using V1 CAs. + +** libgnutls: gnutls_x509_privkey_import() will fallback to +gnutls_x509_privkey_import_pkcs8() without a password, if it +is unable to decode the key. + +** libgnutls: Correctly deinitialize crypto API functions to prevent +a memory leak. Reported by Mads Kiilerich. + +** certtool: If asked to generate DSA keys of size more than 1024 bits, +issue a warning, that the output key might not be working everywhere. + +** certtool: The --pkcs-cipher is taken into account when generating a +private key. The default cipher used now is aes-128. The old behavior +can be simulated by specifying "--pkcs-cipher 3des-pkcs12". + +** API and ABI modifications: +No changes since last version. + +* Version 2.10.0 (released 2010-06-25) + +** API and ABI modifications: +No changes since last version. + +* Version 2.9.12 (released 2010-06-17) + +** gnutls-cli: Make --starttls work again. +Problem introduced in patch to use read() instead of fgets() committed +on 2010-01-27. + +** API and ABI modifications: +No changes since last version. + +* Version 2.9.11 (released 2010-06-07) + +** libgnutls: Removed two APIs related to safe renegotiation. +Use priority strings instead. The APIs were +gnutls_safe_negotiation_set_initial and gnutls_safe_renegotiation_set. +(Remember that we don't promise ABI stability during development +series, so this doesn't cause an shared library ABI increment.) + +** tests: More self testing of safe renegotiation extension. +See tests/safe-renegotiation/README for more information. + +** doc: a PDF version of the API reference manual (GTK-DOC) is now built. + +** doc: Terms 'GNUTLS' and 'GNU TLS' were changed to 'GnuTLS' for consistency. + +** API and ABI modifications: +gnutls_safe_negotiation_set_initial: REMOVED. +gnutls_safe_renegotiation_set: REMOVED. + +* Version 2.9.10 (released 2010-04-22) + +** libgnutls: Time verification extended to trusted certificate list. +Unless new constant GNUTLS_VERIFY_DISABLE_TRUSTED_TIME_CHECKS flag is +specified. + +** certtool: Display postalCode and Name X.509 DN attributes correctly. +Based on patch by Pavan Konjarla. Adds new constant +GNUTLS_OID_X520_POSTALCODE and GNUTLS_OID_X520_NAME. + +** libgnutls: Added Steve Dispensa's patch for safe renegotiation (RFC 5746) +Solves the issue discussed in: + and +. +Note that to allow connecting to unpatched servers the full protection +is only enabled if the priority string %SAFE_RENEGOTIATION is +specified. You can check whether protection is in place by querying +gnutls_safe_renegotiation_status(). New error codes +GNUTLS_E_SAFE_RENEGOTIATION_FAILED and +GNUTLS_E_UNSAFE_RENEGOTIATION_DENIED added. + +** libgnutls: When checking openpgp self signature also check the signatures +** of all subkeys. +Ilari Liusvaara noticed and reported the issue and provided test +vectors as well. + +** libgnutls: Added cryptodev support (/dev/crypto). +Tested with http://www.logix.cz/michal/devel/cryptodev/. Added +benchmark utility for AES. Adds new error codes +GNUTLS_E_CRYPTODEV_IOCTL_ERROR and GNUTLS_E_CRYPTODEV_DEVICE_ERROR. + +** libgnutls: Exported API to access encryption and hash algorithms. +The new API functions are gnutls_cipher_decrypt, gnutls_cipher_deinit, +gnutls_cipher_encrypt, gnutls_cipher_get_block_size, +gnutls_cipher_init, gnutls_hash, gnutls_hash_deinit, gnutls_hash_fast, +gnutls_hash_get_len, gnutls_hash_init, gnutls_hash_output, +gnutls_hmac, gnutls_hmac_deinit, gnutls_hmac_fast, +gnutls_hmac_get_len, gnutls_hmac_init, gnutls_hmac_output. New API +constants are GNUTLS_MAC_SHA224 and GNUTLS_DIG_SHA224. + +** libgnutls: Added gnutls_certificate_set_verify_function() to allow +verification of certificate upon receipt rather than waiting until the +end of the handshake. + +** libgnutls: Don't send alerts during handshake. +Instead new error code GNUTLS_E_UNKNOWN_SRP_USERNAME is added. + +** certtool: Corrected two issues that affected certificate request generation. +(1) Null padding is added on integers (found thanks to Wilankar Trupti), +(2) In optional SignatureAlgorithm parameters field for DSA keys the DSA +parameters were added. Those were rejected by Verisign. Gnutls no longer adds +those parameters there since other implementations don't do either and having +them does not seem to offer anything (anyway you need the signer's certificate +to verify thus public key will be available). Found thanks to Boyan Kasarov. +This however has the side-effect that public key IDs shown by certtool are +now different than previous gnutls releases. +(3) the option --pgp-certificate-info will verify self signatures + +** certtool: Allow exporting of Certificate requests on DER format. + +** certtool: New option --no-crq-extensions to avoid extensions in CSRs. + +** gnutls-cli: Handle reading binary data from server. +Reported by and tiny patch from Vitaly Mayatskikh + in +. + +** minitasn1: Upgraded to libtasn1 version 2.6. + +** i18n: Updated Czech, Dutch, French, Polish, Swedish translation. +** Added Italian and Simplified Chinese translation. +Thanks to Petr Pisar, Erwin Poeze, Nicolas Provost, Jakub Bogusz, +Daniel Nylander, Sergio Zanchetta, Tao Wei, and Aron Xu. + +** doc: The GTK-DOC manual is significantly improved. + +** API and ABI modifications: +%DISABLE_SAFE_RENEGOTIATION: Added to priority strings (do not use). +%INITIAL_SAFE_RENEGOTIATION: Added to priority strings. +%UNSAFE_RENEGOTIATION: Added to priority strings. +GNUTLS_DIG_SHA224: ADDED. +GNUTLS_E_CRYPTODEV_DEVICE_ERROR: ADDED. +GNUTLS_E_CRYPTODEV_IOCTL_ERROR: ADDED. +GNUTLS_E_SAFE_RENEGOTIATION_FAILED: ADDED. +GNUTLS_E_UNKNOWN_SRP_USERNAME: ADDED. +GNUTLS_E_UNSAFE_RENEGOTIATION_DENIED: ADDED. +GNUTLS_MAC_SHA224: ADDED. +GNUTLS_OID_X520_NAME: ADDED. +GNUTLS_OID_X520_POSTALCODE: ADDED. +GNUTLS_VERIFY_DISABLE_TRUSTED_TIME_CHECKS: ADDED. +GNUTLS_VERSION_MAX: ADDED. +gnutls_certificate_set_verify_function: ADDED. +gnutls_cipher_decrypt: ADDED. +gnutls_cipher_deinit: ADDED. +gnutls_cipher_encrypt: ADDED. +gnutls_cipher_get_block_size: ADDED. +gnutls_cipher_init: ADDED. +gnutls_hash: ADDED. +gnutls_hash_deinit: ADDED. +gnutls_hash_fast: ADDED. +gnutls_hash_get_len: ADDED. +gnutls_hash_init: ADDED. +gnutls_hash_output: ADDED. +gnutls_hmac: ADDED. +gnutls_hmac_deinit: ADDED. +gnutls_hmac_fast: ADDED. +gnutls_hmac_get_len: ADDED. +gnutls_hmac_init: ADDED. +gnutls_hmac_output: ADDED. +gnutls_safe_negotiation_set_initial: ADDED. +gnutls_safe_renegotiation_set: ADDED. +gnutls_safe_renegotiation_status: ADDED. + +* Version 2.9.9 (released 2009-11-09) + +** libgnutls: Cleanups and several bug fixes. +Found by Steve Grubb and Tomas Mraz. + +** Link libgcrypt explicitly to certtool, gnutls-cli, gnutls-serv. + +** Fix --disable-valgrind-tests. +Reported by Ingmar Vanhassel in +. + +** API and ABI modifications: +No changes since last version. + +* Version 2.9.8 (released 2009-11-05) + +** libgnutls: Fix for memory leaks on interrupted handshake. +Reported by Tang Tong. + +** libgnutls: Addition of support for TLS 1.2 signature algorithms +** extension and certificate verify field. +This requires changes for TLS 1.2 servers and clients that use +callbacks for certificate retrieval. They are now required to check +with gnutls_sign_algorithm_get_requested() whether the certificate +they send complies with the peer's preferences in signature +algorithms. + +** libgnutls: In server side when resuming a session do not overwrite the +** initial session data with the resumed session data. + +** libgnutls: Added support for AES-128, AES-192 and AES-256 in PKCS #8 +** encryption. +This affects also PKCS #12 encoded files. This adds the following new +enums: GNUTLS_CIPHER_AES_192_CBC, GNUTLS_PKCS_USE_PBES2_AES_128, +GNUTLS_PKCS_USE_PBES2_AES_192, GNUTLS_PKCS_USE_PBES2_AES_256. + +** libgnutls: Fix PKCS#12 encoding. +The error you would get was "The OID is not supported.". Problem +introduced for the v2.8.x branch in 2.7.6. + +** certtool: Added the --pkcs-cipher option. +To explicitely specify the encryption algorithm to use. + +** tests: Added "pkcs12_encode" self-test to check PKCS#12 functions. + +** tests: Fix time bomb in chainverify self-test. +Reported by Andreas Metzler in +. + +** tests: Fix expired cert in chainverify self-test. + +** i18n: Vietnamese translation updated. +Thanks to Clytie Siddall. + +** API and ABI modifications: +GNUTLS_CIPHER_AES_192_CBC: ADDED to gnutls/gnutls.h. +GNUTLS_PKCS_USE_PBES2_AES_128: ADDED to gnutls/x509.h. +GNUTLS_PKCS_USE_PBES2_AES_192: ADDED to gnutls/x509.h. +GNUTLS_PKCS_USE_PBES2_AES_256: ADDED to gnutls/x509.h. +GNUTLS_BAG_SECRET: ADDED to gnutls/pkcs12.h. +GNUTLS_DIG_UNKNOWN: ADDED to gnutls/gnutls.h. +gnutls_sign_algorithm_get_requested: ADDED. + +* Version 2.9.7 (released 2009-10-06) + +** libgnutls: TLS 1.2 server mode fixes. +Now interoperates against Opera. Contributed by Daiki Ueno. + +** libgnutlsxx: Fix link problems. +Tiny patch from Boyan Kasarov . + +** guile: Compatibility with guile 2.x. +By Ludovic Courtes . + +** API and ABI modifications: +No changes since last version. + +* Version 2.9.6 (released 2009-09-22) + +** libgnutls: Enable Camellia ciphers by default. + +** API and ABI modifications: +No changes since last version. + +* Version 2.9.5 (released 2009-09-10) + +** libgnutls: Add new functions to extract X.509 Issuer Alternative Names. +The new functions are gnutls_x509_crt_get_issuer_alt_name2, +gnutls_x509_crt_get_issuer_alt_name, and +gnutls_x509_crt_get_issuer_alt_othername_oid. Contributed by Brad +Hards . + +** API and ABI modifications: +gnutls_x509_crt_get_issuer_alt_name2: ADDED. +gnutls_x509_crt_get_issuer_alt_name: ADDED. +gnutls_x509_crt_get_issuer_alt_othername_oid: ADDED. + +* Version 2.9.4 (released 2009-09-03) + +** libgnutls: Client-side TLS 1.2 and SHA-256 ciphersuites now works. +The new supported ciphersuites are AES-128/256 in CBC mode with +ANON-DH/RSA/DHE-DSS/DHE-RSA. Contributed by Daiki Ueno. Further, +SHA-256 is now the preferred default MAC (however it is only used with +TLS 1.2). + +** libgnutls: Make OpenPGP hostname checking work again. +The patch to resolve the X.509 CN/SAN issue accidentally broken +OpenPGP hostname comparison. + +** libgnutls: When printing X.509 certificates, handle XMPP SANs better. +Reported by Howard Chu in +. + +** Fix use of deprecated types internally. +Use of deprecated types in GnuTLS from now on will lead to a compile +error, to prevent this from happening again. + +** API and ABI modifications: +No changes since last version. + +* Version 2.9.3 (released 2009-08-19) + +** libgnutls: Support for TLS tickets was contributed by Daiki Ueno. +The new APIs are gnutls_session_ticket_enable_client, +gnutls_session_ticket_enable_server, and +gnutls_session_ticket_key_generate. + +** gnutls-cli, gnutls-serv: New parameter --noticket to disable TLS tickets. + +** API and ABI modifications: +gnutls_session_ticket_key_generate: ADDED. +gnutls_session_ticket_enable_client: ADDED. +gnutls_session_ticket_enable_server: ADDED. + +* Version 2.9.2 (released 2009-08-14) + +** libgnutls: Fix problem with NUL bytes in X.509 CN and SAN fields. +By using a NUL byte in CN/SAN fields, it was possible to fool GnuTLS +into 1) not printing the entire CN/SAN field value when printing a +certificate and 2) cause incorrect positive matches when matching a +hostname against a certificate. Some CAs apparently have poor +checking of CN/SAN values and issue these (arguable invalid) +certificates. Combined, this can be used by attackers to become a +MITM on server-authenticated TLS sessions. The problem is mitigated +since attackers needs to get one certificate per site they want to +attack, and the attacker reveals his tracks by applying for a +certificate at the CA. It does not apply to client authenticated TLS +sessions. Research presented independently by Dan Kaminsky and Moxie +Marlinspike at BlackHat09. Thanks to Tomas Hoger +for providing one part of the patch. [GNUTLS-SA-2009-4] [CVE-2009-2730]. + +** libgnutls: Fix rare failure in gnutls_x509_crt_import. +The function may fail incorrectly when an earlier certificate was +imported to the same gnutls_x509_crt_t structure. + +** minitasn1: Internal copy updated to libtasn1 v2.3. + +** libgnutls: Fix return value of gnutls_certificate_client_get_request_status. +Before it always returned false. Reported by Peter Hendrickson + in +. + +** libgnutls: Fix off-by-one size computation error in unknown DN printing. +The error resulted in truncated strings when printing unknown OIDs in +X.509 certificate DNs. Reported by Tim Kosse + in +. + +** libgnutls: Fix PKCS#12 decryption from password. +The encryption key derived from the password was incorrect for (on +average) 1 in every 128 input for random inputs. Reported by "Kukosa, +Tomas" in +. + +** libgnutls: Return correct bit lengths of some MPIs. +gnutls_dh_get_prime_bits, gnutls_rsa_export_get_modulus_bits, and +gnutls_dh_get_peers_public_bits. Before the reported value was +overestimated. Reported by Peter Hendrickson in +. + +** libgnutls: Avoid internal error when invoked after GNUTLS_E_AGAIN. +Report and patch by Tim Kosse in + +and +. + +** libgnutls: Relax checking of required libtasn1/libgcrypt versions. +Before we required that the runtime library used the same (or more +recent) libgcrypt/libtasn1 as it was compiled with. Now we just check +that the runtime usage is above the minimum required. Reported by +Marco d'Itri via Andreas Metzler + in . + +** tests: Added new self-test pkcs12_s2k_pem to detect MPI bit length error. + +** tests: Improved test vectors in self-test pkcs12_s2k. + +** tests: Added new self-test dn2 to detect off-by-one size error. + +** tests: Fix failure in "chainverify" because a certificate have expired. + +** API and ABI modifications: +No changes since last version. + +* Version 2.9.1 (released 2009-06-08) + +** libgnutls: Fix crash in gnutls_global_init after earlier init/deinit cycle. +Forwarded by Martin von Gagern from +. + +** tests: Added new self-tests init_roundtrip.c to detect previous problem. + +** Reduce stack usage for some CRQ functions. + +** Doc fixes for CRQ functions. + +** API and ABI modifications: +No changes since last version. + +* Version 2.9.0 (released 2009-05-28) + +** Doc fixes. + +** API and ABI modifications: +No changes since last version. + +* Version 2.8.6 (released 2010-03-15) + +** libgnutls: For CSRs, don't null pad integers for RSA/DSA value. +VeriSign rejected CSRs with this padding. Reported by Wilankar Trupti + and Boyan Kasarov . + +Note: As a side effect of this change, the "public key identifier" +value computed for a certificate using this version of GnuTLS will be +different from values computed using earlier versions of GnuTLS. + +** libgnutls: For CSRs on DSA keys, don't add DSA parameters to the +** optional SignatureAlgorithm parameter field. +VeriSign rejected these CSRs. They are stricly speaking not needed +since you need the signer's certificate to verify the certificate +signature anyway. Reported by Wilankar Trupti + and Boyan Kasarov . + +** libgnutls: When checking openpgp self signature also check the signatures +** of all subkeys. +Ilari Liusvaara noticed and reported the issue and provided test +vectors as well. + +** libgnutls: Cleanups and several bug fixes. +Found by Steve Grubb and Tomas Mraz. + +** Link libgcrypt explicitly to certtool, gnutls-cli, gnutls-serv. + +** Fix --disable-valgrind-tests. +Reported by Ingmar Vanhassel in +. + +** examples: Use the new APIs for printing X.509 certificate information. + +** Fix build failures on Solaris. +Thanks to Dagobert Michelsen . + +** i18n: Updated Czech, Dutch, French, Polish, Swedish and Vietnamese +** translations. Added Simplified Chinese translation. + +** API and ABI modifications: +No changes since last version. + +* Version 2.8.5 (released 2009-11-02) + +** libgnutls: In server side when resuming a session do not overwrite the +** initial session data with the resumed session data. + +** libgnutls: Fix PKCS#12 encoding. +The error you would get was "The OID is not supported.". Problem +introduced for the v2.8.x branch in 2.7.6. + +** guile: Compatibility with guile 2.x. +By Ludovic Courtes . + +** tests: Fix expired cert in chainverify self-test. + +** tests: Fix time bomb in chainverify self-test. +Reported by Andreas Metzler in +. + +** API and ABI modifications: +No changes since last version. + +* Version 2.8.4 (released 2009-09-18) + +** libgnutls: Enable Camellia ciphers by default. + +** libgnutls: Make OpenPGP hostname checking work again. +The patch to resolve the X.509 CN/SAN issue accidentally broken +OpenPGP hostname comparison. + +** libgnutls: When printing X.509 certificates, handle XMPP SANs better. +Reported by Howard Chu in +. + +** API and ABI modifications: +No changes since last version. + +* Version 2.8.3 (released 2009-08-13) + +** libgnutls: Fix patch for NUL in CN/SAN in last release. +Code intended to be removed would lead to an read-out-bound error in +some situations. Reported by Tomas Hoger . A CVE +code have been allocated for the vulnerability: [CVE-2009-2730]. + +** libgnutls: Fix rare failure in gnutls_x509_crt_import. +The function may fail incorrectly when an earlier certificate was +imported to the same gnutls_x509_crt_t structure. + +** libgnutls-extra, libgnutls-openssl: Fix MinGW cross-compiling build error. + +** tests: Made self-test mini-eagain take less time. + +** doc: Typo fixes. + +** API and ABI modifications: +No changes since last version. + +* Version 2.8.2 (released 2009-08-10) + +** libgnutls: Fix problem with NUL bytes in X.509 CN and SAN fields. +By using a NUL byte in CN/SAN fields, it was possible to fool GnuTLS +into 1) not printing the entire CN/SAN field value when printing a +certificate and 2) cause incorrect positive matches when matching a +hostname against a certificate. Some CAs apparently have poor +checking of CN/SAN values and issue these (arguable invalid) +certificates. Combined, this can be used by attackers to become a +MITM on server-authenticated TLS sessions. The problem is mitigated +since attackers needs to get one certificate per site they want to +attack, and the attacker reveals his tracks by applying for a +certificate at the CA. It does not apply to client authenticated TLS +sessions. Research presented independently by Dan Kaminsky and Moxie +Marlinspike at BlackHat09. Thanks to Tomas Hoger +for providing one part of the patch. [GNUTLS-SA-2009-4]. + +** libgnutls: Fix return value of gnutls_certificate_client_get_request_status. +Before it always returned false. Reported by Peter Hendrickson + in +. + +** libgnutls: Fix off-by-one size computation error in unknown DN printing. +The error resulted in truncated strings when printing unknown OIDs in +X.509 certificate DNs. Reported by Tim Kosse + in +. + +** libgnutls: Return correct bit lengths of some MPIs. +gnutls_dh_get_prime_bits, gnutls_rsa_export_get_modulus_bits, and +gnutls_dh_get_peers_public_bits. Before the reported value was +overestimated. Reported by Peter Hendrickson in +. + +** libgnutls: Avoid internal error when invoked after GNUTLS_E_AGAIN. +Report and patch by Tim Kosse in + +and +. + +** libgnutls: Relax checking of required libtasn1/libgcrypt versions. +Before we required that the runtime library used the same (or more +recent) libgcrypt/libtasn1 as it was compiled with. Now we just check +that the runtime usage is above the minimum required. Reported by +Marco d'Itri via Andreas Metzler + in . + +** minitasn1: Internal copy updated to libtasn1 v2.3. + +** tests: Fix failure in "chainverify" because a certificate have expired. + +** API and ABI modifications: +No changes since last version. + +* Version 2.8.1 (released 2009-06-10) + +** libgnutls: Fix crash in gnutls_global_init after earlier init/deinit cycle. +Forwarded by Martin von Gagern from +. + +** libgnutls: Fix PKCS#12 decryption from password. +The encryption key derived from the password was incorrect for (on +average) 1 in every 128 input for random inputs. Reported by "Kukosa, +Tomas" in +. + +** API and ABI modifications: +No changes since last version. + +* Version 2.8.0 (released 2009-05-27) + +** doc: Fix gnutls_dh_get_prime_bits. Fix error codes and algorithm lists. + +** Major changes compared to the v2.4 branch: + +*** lib: Linker version scripts reduces number of exported symbols. + +*** lib: Limit exported symbols on systems without LD linker scripts. + +*** libgnutls: Fix namespace issue with version symbols. + +*** libgnutls: Add functions to verify a hash against a certificate. +gnutls_x509_crt_verify_hash: ADDED +gnutls_x509_crt_get_verify_algorithm: ADDED + +*** gnutls-serv: Listen on all interfaces, including both IPv4 and IPv6. + +*** i18n: The GnuTLS gettext domain is now 'libgnutls' instead of 'gnutls'. + +*** certtool: Query for multiple dnsName subjectAltName in interactive mode. + +*** gnutls-cli: No longer accepts V1 CAs by default during X.509 chain verify. + +*** gnutls-serv: No longer disable MAC padding by default. + +*** gnutls-cli: Certificate information output format changed. + +*** libgnutls: New priority strings %VERIFY_ALLOW_SIGN_RSA_MD5 +*** and %VERIFY_ALLOW_X509_V1_CA_CRT. + +*** libgnutls: gnutls_x509_crt_print prints signature algorithm in oneline mode. + +*** libgnutls: gnutls_openpgp_crt_print supports oneline mode. + +*** libgnutls: gnutls_handshake when sending client hello during a +rehandshake, will not offer a version number larger than the current. + +*** libgnutls: New interface to get key id for certificate requests. +gnutls_x509_crq_get_key_id: ADDED. + +*** libgnutls: gnutls_x509_crq_print will now also print public key id. + +*** certtool: --verify-chain now prints results of using library verification. + +*** libgnutls: Libgcrypt initialization changed. + +*** libgnutls: Small byte reads via gnutls_record_recv() optimized. + +*** gnutls-cli: Return non-zero exit code on error conditions. + +*** gnutls-cli: Corrected bug which caused a rehandshake request to be ignored. + +*** certtool: allow setting arbitrary key purpose object identifiers. + +*** libgnutls: Change detection of when to use a linker version script. +Use --enable-ld-version-script or --disable-ld-version-script to +override auto-detection logic. + +*** Fix warnings and build GnuTLS with more warnings enabled. + +*** New API to set X.509 credentials from PKCS#12 memory structure. +gnutls_certificate_set_x509_simple_pkcs12_mem: ADDED + +*** Old libgnutls.m4 and libgnutls-config scripts removed. +Please use pkg-config instead. + +*** libgnutls: Added functions to handle CRL extensions. +gnutls_x509_crl_get_authority_key_id: ADDED +gnutls_x509_crl_get_number: ADDED +gnutls_x509_crl_get_extension_oid: ADDED +gnutls_x509_crl_get_extension_info: ADDED +gnutls_x509_crl_get_extension_data: ADDED +gnutls_x509_crl_set_authority_key_id: ADDED +gnutls_x509_crl_set_number: ADDED + +*** libgnutls: Added functions to handle X.509 extensions in Certificate +Requests. +gnutls_x509_crq_get_key_rsa_raw: ADDED +gnutls_x509_crq_get_attribute_info: ADDED +gnutls_x509_crq_get_attribute_data: ADDED +gnutls_x509_crq_get_extension_info: ADDED +gnutls_x509_crq_get_extension_data: ADDED +gnutls_x509_crq_get_key_usage: ADDED +gnutls_x509_crq_get_basic_constraints: ADDED +gnutls_x509_crq_get_subject_alt_name: ADDED +gnutls_x509_crq_get_subject_alt_othername_oid: ADDED +gnutls_x509_crq_get_extension_by_oid: ADDED +gnutls_x509_crq_set_subject_alt_name: ADDED +gnutls_x509_crq_set_basic_constraints: ADDED +gnutls_x509_crq_set_key_usage: ADDED +gnutls_x509_crq_get_key_purpose_oid: ADDED +gnutls_x509_crq_set_key_purpose_oid: ADDED +gnutls_x509_crq_print: ADDED +gnutls_x509_crt_set_crq_extensions: ADDED + +*** certtool: Print and set CRL and CRQ extensions. + +*** minitasn1: Internal copy updated to libtasn1 v2.1. + +*** examples: Now released into the public domain. + +*** The Texinfo and GTK-DOC manuals were improved. + +*** Several self-tests were added and others improved. + +*** API/ABI changes in GnuTLS 2.8 compared to GnuTLS 2.6.x +No offically supported interfaces have been modified or removed. The +library should be completely backwards compatible on both the source +and binary level. + +The shared library no longer exports some symbols that have never been +officially supported, i.e., not mentioned in any of the header files. +The symbols are: + + _gnutls* + gnutls_asn1_tab + +Normally when symbols are removed, the shared library version has to +be incremented. This leads to a significant cost for everyone using +the library. Because none of the above symbols have ever been +intended for use by well-behaved applications, we decided that the it +would be better for those applications to pay the price rather than +incurring problems on the majority of applications. + +If it turns out that applications have been using unofficial +interfaces, we will need to release a follow-on release on the v2.8 +branch to exports additional interfaces. However, initial testing +suggests that few if any applications have been using any of the +internal symbols. + +Although not a new change compared to 2.6.x, we'd like to remind you +interfaces have been modified so that X.509 chain verification now +also checks activation/expiration times on certificates. The affected +functions are: + +gnutls_x509_crt_list_verify: CHANGED, checks activation/expiration times. +gnutls_certificate_verify_peers: Likewise. +gnutls_certificate_verify_peers2: Likewise. +GNUTLS_CERT_NOT_ACTIVATED: ADDED. +GNUTLS_CERT_EXPIRED: ADDED. +GNUTLS_VERIFY_DISABLE_TIME_CHECKS: ADDED. + +This change in behaviour was made during the GnuTLS 2.6.x cycle, and +we gave our rationale for it in earlier release notes. + +The following symbols have been added to the library: + +gnutls_certificate_set_x509_simple_pkcs12_mem: ADDED +gnutls_x509_crl_get_authority_key_id: ADDED +gnutls_x509_crl_get_extension_data: ADDED +gnutls_x509_crl_get_extension_info: ADDED +gnutls_x509_crl_get_extension_oid: ADDED +gnutls_x509_crl_get_number: ADDED +gnutls_x509_crl_set_authority_key_id: ADDED +gnutls_x509_crl_set_number: ADDED +gnutls_x509_crq_get_attribute_data: ADDED +gnutls_x509_crq_get_attribute_info: ADDED +gnutls_x509_crq_get_basic_constraints: ADDED +gnutls_x509_crq_get_extension_by_oid: ADDED +gnutls_x509_crq_get_extension_data: ADDED +gnutls_x509_crq_get_extension_info: ADDED +gnutls_x509_crq_get_key_id: ADDED. +gnutls_x509_crq_get_key_purpose_oid: ADDED +gnutls_x509_crq_get_key_rsa_raw: ADDED +gnutls_x509_crq_get_key_usage: ADDED +gnutls_x509_crq_get_subject_alt_name: ADDED +gnutls_x509_crq_get_subject_alt_othername_oid: ADDED +gnutls_x509_crq_print: ADDED +gnutls_x509_crq_set_basic_constraints: ADDED +gnutls_x509_crq_set_key_purpose_oid: ADDED +gnutls_x509_crq_set_key_usage: ADDED +gnutls_x509_crq_set_subject_alt_name: ADDED +gnutls_x509_crt_get_verify_algorithm: ADDED +gnutls_x509_crt_set_crq_extensions: ADDED +gnutls_x509_crt_verify_hash: ADDED + +The following interfaces have been added to the header files: + +GNUTLS_VERSION: ADDED, replaces LIBGNUTLS_VERSION. +GNUTLS_VERSION_MAJOR: ADDED, replaces LIBGNUTLS_VERSION_MAJOR. +GNUTLS_VERSION_MINOR: ADDED, replaces LIBGNUTLS_VERSION_MINOR. +GNUTLS_VERSION_PATCH: ADDED, replaces LIBGNUTLS_VERSION_PATCH. +GNUTLS_VERSION_NUMBER: ADDED, replaces LIBGNUTLS_VERSION_NUMBER. +GNUTLS_EXTRA_VERSION: ADDED, replaces LIBGNUTLS_EXTRA_VERSION. + +The following interfaces have been deprecated: + +LIBGNUTLS_VERSION: DEPRECATED. +LIBGNUTLS_VERSION_MAJOR: DEPRECATED. +LIBGNUTLS_VERSION_MINOR: DEPRECATED. +LIBGNUTLS_VERSION_PATCH: DEPRECATED. +LIBGNUTLS_VERSION_NUMBER: DEPRECATED. +LIBGNUTLS_EXTRA_VERSION: DEPRECATED. + +* Version 2.7.14 (released 2009-05-26) + +** libgnutls: Fix namespace issue with version symbol for libgnutls-extra. +The symbol LIBGNUTLS_EXTRA_VERSION were renamed to +GNUTLS_EXTRA_VERSION. The old symbol will continue to work but is +deprecated. + +** Doc: Several typo fixes in documentation. +Reported by Peter Hendrickson . + +** API and ABI modifications: +GNUTLS_VERSION: ADDED, replaces LIBGNUTLS_EXTRA_VERSION. +LIBGNUTLS_EXTRA_VERSION: DEPRECATED. + +* Version 2.7.13 (released 2009-05-25) + +** libgnutls: Fix version of some exported symbols in the shared library. +Reported by Andreas Metzler in +. + +** tests: Handle recently expired certificates in chainverify self-test. +Reported by Andreas Metzler in +. + +** API and ABI modifications: +No changes since last version. + +* Version 2.7.12 (released 2009-05-20) + +** gnutls-serv, gnutls-cli-debug: Make them work on Windows. + +** tests/crq_key_id: Don't read entropy from /dev/random in self-test. +Reported by Andreas Metzler in +. + +** Fix build failures. +Missing sa_family_t and vsnprintf on IRIX. Reported by "Tom +G. Christensen" in +. + +** minitasn1: Internal copy updated to libtasn1 v2.2. +GnuTLS should work fine with libtasn1 v1.x and that is still +supported. + +** API and ABI modifications: +No changes since last version. + +* Version 2.7.11 (released 2009-05-18) + +** minitasn1: Fix build failure when using internal libtasn1. +Reported by "Tom G. Christensen" in +. + +** libgnutls: Fix build failure with --disable-cxx. +Reported by Andreas Metzler in +. + +** gnutls-serv: Fix build failure for unportable NI_MAXHOST/NI_MAXSERV. +Reported by "Tom G. Christensen" in + + +** Building with many warning flags now requires --enable-gcc-warnings. +This avoids crying wolf for normal compiles. + +** API and ABI modifications: +No changes since last version. + +* Version 2.7.10 (released 2009-05-13) + +** examples: Now released into the public domain. +This makes the license of the example code compatible with more +licenses, including the (L)GPL. + +** minitasn1: Internal copy updated to libtasn1 v2.1. +GnuTLS should work fine with libtasn1 v1.x and that is still +supported. + +** libgnutls: Fix crash in signature verification +The fix for the CVE-2009-1415 problem wasn't merged completely. + +** doc: Fixes for GTK-DOC output. + +** API and ABI modifications: +No changes since last version. + +* Version 2.7.9 (released 2009-05-11) + +** doc: Fix strings in man page of gnutls_priority_init. + +** doc: Fix tables of error codes and supported algorithms. + +** Fix build failure when cross-compiled using MinGW. + +** Fix build failure when LZO is enabled. +Reported by Arfrever Frehtes Taifersar Arahesis + in +. + +** Fix build failure on systems without AF_INET6, e.g., Solaris 2.6. +Reported by "Tom G. Christensen" in +. + +** Fix warnings in self-tests. + +** API and ABI modifications: +No changes since last version. + +* Version 2.7.8 (released 2009-05-03) + +** libgnutls: Fix DSA key generation. +Merged from stable branch. [GNUTLS-SA-2009-2] [CVE-2009-1416] + +** libgnutls: Check expiration/activation time on untrusted certificates. +Merged from stable branch. Reported by Romain Francoise +. This changes the semantics of +gnutls_x509_crt_list_verify, which in turn is used by +gnutls_certificate_verify_peers and gnutls_certificate_verify_peers2. +We add two new gnutls_certificate_status_t codes for reporting the new +error condition, GNUTLS_CERT_NOT_ACTIVATED and GNUTLS_CERT_EXPIRED. +We also add a new gnutls_certificate_verify_flags flag, +GNUTLS_VERIFY_DISABLE_TIME_CHECKS, that can be used to disable the new +behaviour. [GNUTLS-SA-2009-3] [CVE-2009-1417] + +** lib: Linker version scripts reduces number of exported symbols. +The linker version script now lists all exported ABIs explicitly, to +avoid accidentally exporting unintended functions. Compared to +before, most symbols beginning with _gnutls* are no longer exported. +These functions have never been intended for use by applications, and +there were no prototypes for these function in the public header +files. Thus we believe it is possible to do this without incrementing +the library ABI version which normally has to be done when removing an +interface. + +** lib: Limit exported symbols on systems without LD linker scripts. +Before all symbols were exported. Now we limit the exported symbols +to (for libgnutls and libgnutls-extra) gnutls* and (for libgnutls) +_gnutls*. This is a superset of the actual supported ABI, but still +an improvement compared to before. This is implemented using Libtool +-export-symbols-regex. It is more portable than linker version +scripts. + +** libgnutls: Incremented CURRENT/AGE libtool version to reflect new symbols. +This should have been done in the last release. + +** gnutls-serv: Listen on all interfaces, including both IPv4 and IPv6. +Reported by Peter Hendrickson in +. + +** doc: Improved sections for the info manual. +We now follow the advice given by the texinfo manual on which +directory categories to use. In particular, libgnutls moved from the +'GNU Libraries' section to the 'Software libraries' and the command +line tools moved from 'Network Applications' to 'System +Administration'. + +** API and ABI modifications: +gnutls_x509_crt_list_verify: CHANGED, checks activation/expiration times. +gnutls_certificate_verify_peers: Likewise. +gnutls_certificate_verify_peers2: Likewise. +GNUTLS_CERT_NOT_ACTIVATED: ADDED. +GNUTLS_CERT_EXPIRED: ADDED. +GNUTLS_VERIFY_DISABLE_TIME_CHECKS: ADDED. + +* Version 2.7.7 (released 2009-04-20) + +** libgnutls: Applied patch by Cedric Bail to add functions +gnutls_x509_crt_verify_hash() and gnutls_x509_crt_get_verify_algorithm(). + +** gnutls.pc: Add -ltasn1 to 'pkg-config --libs --static gnutls' output. +Reported by Andreas Metzler in +. + +** minitasn1: Internal copy updated to libtasn1 v1.8. +GnuTLS is also internally ready to be used with libtasn1 v2.0. + +** doc: Fix build failure of errcodes/printlist. +Reported by Roman Bogorodskiy in +. + +** i18n: The GnuTLS gettext domain is now 'libgnutls' instead of 'gnutls'. +It is currently only used by the core library. This will enable a new +domain 'gnutls' for translations of the command line tools. + +** Corrected possible memory corruption on signature verification failure. +Reported by Miroslav Kratochvil + +** API and ABI modifications: +gnutls_x509_crt_verify_hash: ADDED +gnutls_x509_crt_get_verify_algorithm: ADDED + +* Version 2.7.6 (released 2009-02-27) + +** certtool: Query for multiple dnsName subjectAltName in interactive mode. +This applies both to generating certificates and certificate requests. + +** pkix.asn: Removed unneeded definitions to reduce memory usage. + +** gnutls-cli: No longer accepts V1 CAs by default during X.509 chain verify. +Use --priority NORMAL:%VERIFY_ALLOW_X509_V1_CA_CRT to permit V1 CAs to +be used for chain verification. + +** gnutls-serv: No longer disable MAC padding by default. +Use --priority NORMAL:%COMPAT to disable MAC padding again. + +** gnutls-cli: Certificate information output format changed. +The tool now uses libgnutls' functions to print certificate +information. This avoids code duplication. + +** libgnutls: New priority strings %VERIFY_ALLOW_SIGN_RSA_MD5 +** and %VERIFY_ALLOW_X509_V1_CA_CRT. +They can be used to override the default certificate chain validation +behaviour. + +** libgnutls: Added %SSL3_RECORD_VERSION priority string that allows to +specify the client hello message record version. Used to overcome buggy +TLS servers. Report by Martin von Gagern. + +** libgnutls: gnutls_x509_crt_print prints signature algorithm in oneline mode. + +** libgnutls: gnutls_openpgp_crt_print supports oneline mode. + +** doc: Update gnutls-cli and gnutls-serv --help output descriptions. + +** API and ABI modifications: +No changes since last version. + +* Version 2.7.5 (released 2009-02-06) + +** libgnutls: Accept chains where intermediary certs are trusted. +Before GnuTLS needed to validate the entire chain back to a +self-signed certificate. GnuTLS will now stop looking when it has +found an intermediary trusted certificate. The new behaviour is +useful when chains, for example, contains a top-level CA, an +intermediary CA signed using RSA-MD5, and an end-entity certificate. +To avoid chain validation errors due to the RSA-MD5 cert, you can +explicitly add the intermediary RSA-MD5 cert to your trusted certs. +The signature on trusted certificates are not checked, so the chain +has a chance to validate correctly. Reported by "Douglas E. Engert" + in +. + +** libgnutls: result_size in gnutls_hex_encode now holds +the size of the result. Report by John Brooks . + +** libgnutls: gnutls_handshake when sending client hello during a +rehandshake, will not offer a version number larger than the current. +Reported by Tristan Hill . + +** libgnutls: Permit V1 Certificate Authorities properly. +Before they were mistakenly rejected even though +GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT and/or +GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT were supplied. Reported by +"Douglas E. Engert" in +. + +** API and ABI modifications: +No changes since last version. + +* Version 2.7.4 (released 2009-01-07) + +** libgnutls: deprecate X.509 validation chains using MD5 and MD2 signatures. +This is a bugfix -- the previous attempt to do this from internal x509 +certificate verification procedures did not return the correct value +for certificates using a weak hash. Reported by Daniel Kahn Gillmor + in +, +debugged and patch by Tomas Mraz and Daniel Kahn +Gillmor . + +** libgnutls: New interface to get key id for certificate requests. +Patch from David Marín Carreño in +. + +** libgnutls: gnutls_x509_crq_print will now also print public key id. + +** certtool: --verify-chain now prints results of using library verification. +Earlier, certtool --verify-chain used its own validation algorithm +which wasn't guaranteed to give the same result as the libgnutls +internal validation algorithm. Now this command print a new final +line with header 'Chain verification output:' that contains the result +from using the internal verification algorithm on the same chain. + +** tests: Add crq_key_id self-test of gnutls_x509_crq_get_key_id. + +** API and ABI modifications: +gnutls_x509_crq_get_key_id: ADDED. + +* Version 2.7.3 (released 2008-12-10) + +** libgnutls: Fix chain verification for chains that ends with RSA-MD2 CAs. +Reported by Michael Kiefer in + forwarded by +Andreas Metzler in +. + +** libgnutls: Libgcrypt initialization changed. +If libgcrypt has not already been initialized, GnuTLS will now +initialize libgcrypt with disabled secure memory. Initialize +libgcrypt explicitly in your application if you want to enable secure +memory. Before GnuTLS initialized libgcrypt to use GnuTLS's memory +allocation functions, which doesn't use secure memory, so there is no +real change in behaviour. + +** libgnutls: Fix memory leak in PSK authentication. +Reported by Michael Weiser in +. + +** libgnutls: Small byte reads via gnutls_record_recv() optimized. + +** certtool: Move gcry_control(GCRYCTL_ENABLE_QUICK_RANDOM, 0) call earlier. +It needs to be invoked before libgcrypt is initialized. + +** gnutls-cli: Return non-zero exit code on error conditions. + +** gnutls-cli: Corrected bug which caused a rehandshake request to be ignored. + +** tests: Added chainverify self-test that tests X.509 chain verifications. + +** API and ABI modifications: +No changes since last version. + +* Version 2.7.2 (released 2008-11-18) + +** libgnutls: Fix X.509 certificate chain validation error. [GNUTLS-SA-2008-3] +The flaw makes it possible for man in the middle attackers (i.e., +active attackers) to assume any name and trick GnuTLS clients into +trusting that name. Thanks for report and analysis from Martin von +Gagern . [CVE-2008-4989] + +Any updates with more details about this vulnerability will be added +to + +** libgnutls: Fix namespace issue with version symbols. +The symbols LIBGNUTLS_VERSION, LIBGNUTLS_VERSION_MAJOR, +LIBGNUTLS_VERSION_MINOR, LIBGNUTLS_VERSION_PATCH, and +LIBGNUTLS_VERSION_NUMBER were renamed to GNUTLS_VERSION_NUMBER, +GNUTLS_VERSION_MAJOR, GNUTLS_VERSION_MINOR, GNUTLS_VERSION_PATCH, and +GNUTLS_VERSION_NUMBER respectively. The old symbols will continue to +work but are deprecated. + +** certtool: allow setting arbitrary key purpose object identifiers. + +** libgnutls: Fix detection of C99 macros, to make debug logging work again. + +** libgnutls: Add missing prototype for gnutls_srp_set_prime_bits. +Reported by Kevin Quick in +. + +** libgnutls-extra: Make building with LZO compression work again. +Build failure reported by Arfrever Frehtes Taifersar Arahesis + in +. + +** libgnutls: Change detection of when to use a linker version script. +Use --enable-ld-version-script or --disable-ld-version-script to +override auto-detection logic. + +** doc: Change license on the manual to GFDLv1.3+. + +** doc: GTK-DOC fixes for new splitted configuration system. + +** doc: Texinfo stylesheet uses white background. + +** tests: Add cve-2008-4989.c self-test. +Tests regressions of the GNUTLS-SA-2008-3 security problem, and the +follow-on problem with crashes on length 1 certificate chains. + +** gnulib: Deprecated modules removed. +Modules include memchr and memcmp. + +** Fix warnings and build GnuTLS with more warnings enabled. + +** minitasn1: Internal copy updated to libtasn1 v1.7. + +** API and ABI modifications: +gnutls_certificate_set_x509_simple_pkcs12_mem: ADDED +GNUTLS_VERSION: ADDED, replaces LIBGNUTLS_VERSION. +GNUTLS_VERSION_MAJOR: ADDED, replaces LIBGNUTLS_VERSION_MAJOR. +GNUTLS_VERSION_MINOR: ADDED, replaces LIBGNUTLS_VERSION_MINOR. +GNUTLS_VERSION_PATCH: ADDED, replaces LIBGNUTLS_VERSION_PATCH. +GNUTLS_VERSION_NUMBER: ADDED, replaces LIBGNUTLS_VERSION_NUMBER. +LIBGNUTLS_VERSION: DEPRECATED. +LIBGNUTLS_VERSION_MAJOR: DEPRECATED. +LIBGNUTLS_VERSION_MINOR: DEPRECATED. +LIBGNUTLS_VERSION_PATCH: DEPRECATED. +LIBGNUTLS_VERSION_NUMBER: DEPRECATED. + +* Version 2.7.1 (released 2008-10-31) + +** certtool: print a PKCS #8 key even if it is not encrypted. + +** Old libgnutls.m4 and libgnutls-config scripts removed. +Please use pkg-config instead. + +** Configuration system modified. +There is now a configure script in lib/ and libextra/ as well, because +gnulib works better with a config.h per gnulib directory. + +** API and ABI modifications: +No changes since last version. + +* Version 2.7.0 (released 2008-10-16) + +** libgnutls: Added functions to handle CRL extensions. + +** libgnutls: Added functions to handle X.509 extensions in Certificate +Requests. + +** libgnutls: Improved error string for GNUTLS_E_AGAIN. +Suggested by "Lavrentiev, Anton (NIH/NLM/NCBI) [C]" . + +** certtool: Print and set CRL and CRQ extensions. + +** libgnutls-extra: Protect internal symbols with static. +Fixes problem when linking certtool statically. Tiny patch from Aaron +Ucko . + +** libgnutls-openssl: fix out of bounds access. +Problem in X509_get_subject_name and X509_get_issuer_name. Tiny patch +from Thomas Viehmann . + +** libgnutlsxx: Define server_session::get_srp_username even if no SRP. + +** tests: Make tests compile when using internal libtasn1. +Patch by ludo@gnu.org (Ludovic Courtès). + +** Changed detection of libtasn1 and libgcrypt to avoid depending on *-config. +We now require a libgcrypt that has Camellia constants declared in +gcrypt.h, which means v1.3.0 or later. + +** API and ABI modifications: +gnutls_x509_crl_get_authority_key_id: ADDED +gnutls_x509_crl_get_number: ADDED +gnutls_x509_crl_get_extension_oid: ADDED +gnutls_x509_crl_get_extension_info: ADDED +gnutls_x509_crl_get_extension_data: ADDED +gnutls_x509_crl_set_authority_key_id: ADDED +gnutls_x509_crl_set_number: ADDED +gnutls_x509_crq_get_key_rsa_raw: ADDED +gnutls_x509_crq_get_attribute_info: ADDED +gnutls_x509_crq_get_attribute_data: ADDED +gnutls_x509_crq_get_extension_info: ADDED +gnutls_x509_crq_get_extension_data: ADDED +gnutls_x509_crq_get_key_usage: ADDED +gnutls_x509_crq_get_basic_constraints: ADDED +gnutls_x509_crq_get_subject_alt_name: ADDED +gnutls_x509_crq_get_subject_alt_othername_oid: ADDED +gnutls_x509_crq_get_extension_by_oid: ADDED +gnutls_x509_crq_set_subject_alt_name: ADDED +gnutls_x509_crq_set_basic_constraints: ADDED +gnutls_x509_crq_set_key_usage: ADDED +gnutls_x509_crq_get_key_purpose_oid: ADDED +gnutls_x509_crq_set_key_purpose_oid: ADDED +gnutls_x509_crq_print: ADDED +gnutls_x509_crt_set_crq_extensions: ADDED + +* Version 2.6.6 (released 2009-04-30) + +** libgnutls: Corrected double free on signature verification failure. +Reported by Miroslav Kratochvil . See the advisory +for more details. [GNUTLS-SA-2009-1] [CVE-2009-1415] + +** libgnutls: Fix DSA key generation. +Noticed when investigating the previous GNUTLS-SA-2009-1 problem. All +DSA keys generated using GnuTLS 2.6.x are corrupt. See the advisory +for more details. [GNUTLS-SA-2009-2] [CVE-2009-1416] + +** libgnutls: Check expiration/activation time on untrusted certificates. +Reported by Romain Francoise . Before the +library did not check activation/expiration times on certificates, and +was documented as not doing so. We have realized that many +applications that use libgnutls, including gnutls-cli, fail to perform +proper checks. Implementing similar logic in all applications leads +to code duplication. Hence, we decided to check whether the current +time (as reported by the time function) is within the +activation/expiration period of certificates when verifying untrusted +certificates. + +This changes the semantics of gnutls_x509_crt_list_verify, which in +turn is used by gnutls_certificate_verify_peers and +gnutls_certificate_verify_peers2. We add two new +gnutls_certificate_status_t codes for reporting the new error +condition, GNUTLS_CERT_NOT_ACTIVATED and GNUTLS_CERT_EXPIRED. We also +add a new gnutls_certificate_verify_flags flag, +GNUTLS_VERIFY_DISABLE_TIME_CHECKS, that can be used to disable the new +behaviour. + +More details about the vulnerabilities will be posted at +. + +** gnutls-cli, gnutls-cli-debug: Fix AIX build problem. +Reported by LAUPRETRE François (P) in +. + +** tests: Fix linking of tests/openpgp/keyring self-test. +Reported by Daniel Black in . + +** API and ABI modifications: +gnutls_x509_crt_list_verify: CHANGED, checks activation/expiration times. +gnutls_certificate_verify_peers: Likewise. +gnutls_certificate_verify_peers2: Likewise. +GNUTLS_CERT_NOT_ACTIVATED: ADDED. +GNUTLS_CERT_EXPIRED: ADDED. +GNUTLS_VERIFY_DISABLE_TIME_CHECKS: ADDED. + +* Version 2.6.5 (released 2009-04-11) + +** libgnutls: Added %SSL3_RECORD_VERSION priority string that allows to +specify the client hello message record version. Used to overcome buggy +TLS servers. Report by Martin von Gagern. + +** GnuTLS no longer uses the libtasn1-config script to find libtasn1. +Libtasn1 0.3.4 or later is required. This is to align with the +upcoming libtasn1 v2.0 release that doesn't have a libtasn1-script. + +** API and ABI modifications: +No changes since last version. + +* Version 2.6.4 (released 2009-02-06) + +** libgnutls: Accept chains where intermediary certs are trusted. +Before GnuTLS needed to validate the entire chain back to a +self-signed certificate. GnuTLS will now stop looking when it has +found an intermediary trusted certificate. The new behaviour is +useful when chains, for example, contains a top-level CA, an +intermediary CA signed using RSA-MD5, and an end-entity certificate. +To avoid chain validation errors due to the RSA-MD5 cert, you can +explicitly add the intermediary RSA-MD5 cert to your trusted certs. +The signature on trusted certificates are not checked, so the chain +has a chance to validate correctly. Reported by "Douglas E. Engert" + in +. + +** libgnutls: result_size in gnutls_hex_encode now holds +the size of the result. Report by John Brooks . + +** libgnutls: gnutls_handshake when sending client hello during a +rehandshake, will not offer a version number larger than the current. +Reported by Tristan Hill . + +** libgnutls: Permit V1 Certificate Authorities properly. +Before they were mistakenly rejected even though +GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT and/or +GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT were supplied. Reported by +"Douglas E. Engert" in +. + +** libgnutls: deprecate X.509 validation chains using MD5 and MD2 signatures. +This is a bugfix -- the previous attempt to do this from internal x509 +certificate verification procedures did not return the correct value +for certificates using a weak hash. Reported by Daniel Kahn Gillmor + in +, +debugged and patch by Tomas Mraz and Daniel Kahn +Gillmor . + +** libgnutls: Fix compile error with Sun CC. +Reported by Jeff Cai in +. + +** API and ABI modifications: +No changes since last version. + +* Version 2.6.3 (released 2008-12-12) + +** libgnutls: Fix chain verification for chains that ends with RSA-MD2 CAs. +Reported by Michael Kiefer in + forwarded by +Andreas Metzler in +. + +** libgnutls: Fix memory leak in PSK authentication. +Reported by Michael Weiser in +. + +** certtool: Move gcry_control(GCRYCTL_ENABLE_QUICK_RANDOM, 0) call earlier. +It needs to be invoked before libgcrypt is initialized. + +** gnutls-cli: Return non-zero exit code on error conditions. + +** gnutls-cli: Corrected bug which caused a rehandshake request to be ignored. + +** API and ABI modifications: +No changes since last version. + +* Version 2.6.2 (released 2008-11-12) + +** libgnutls: Fix crash in X.509 validation code for self-signed certificates. +The patch to fix the security problem GNUTLS-SA-2008-3 introduced a +problem for certificate chains that contained just one self-signed +certificate. Reported by Michael Meskes in +. + +** API and ABI modifications: +No changes since last version. + +* Version 2.6.1 (released 2008-11-10) + +** libgnutls: Fix X.509 certificate chain validation error. [GNUTLS-SA-2008-3] +The flaw makes it possible for man in the middle attackers (i.e., +active attackers) to assume any name and trick GnuTLS clients into +trusting that name. Thanks for report and analysis from Martin von +Gagern . [CVE-2008-4989] + +Any updates with more details about this vulnerability will be added +to + +** libgnutls: Add missing prototype for gnutls_srp_set_prime_bits. +Reported by Kevin Quick in +. + +** libgnutls-extra: Protect internal symbols with static. +Fixes problem when linking certtool statically. Tiny patch from Aaron +Ucko . + +** libgnutls-openssl: Fix patch against X509_get_issuer_name. +It incorrectly returned the subject DN instead of issuer DN in v2.6.0. +Thanks to Thomas Viehmann for report. + +** certtool: Print a PKCS #8 key even if it is not encrypted. + +** tests: Make tests compile when using internal libtasn1. +Patch by ludo@gnu.org (Ludovic Courtès). + +** API and ABI modifications: +No changes since last version. + +* Version 2.6.0 (released 2008-10-06) + +** libgnutls: Correct printing and parsing of IPv6 addresses. + +** libgnutls-openssl: fix out of bounds access. +Problem in X509_get_subject_name and X509_get_issuer_name. Tiny patch +from Thomas Viehmann . + +** certtool: Use inet_pton for parsing IPv6 addresses. + +** Major changes compared to the v2.4 branch: + +*** Added API to replace and update the crypto backend. + +*** certtool: can add several subject alternative names via template file. + +*** opencdk: Parse (but not decrypt) encrypted secret keys. + +*** libgnutls: gnutls_x509_crt_set_subject_alt_name() was added that can +either set or append alternative names. It can also handle binary structures +such as IP addresses. + +*** libgnutls: New function to set minimum acceptable SRP bits. +The function is gnutls_srp_set_prime_bits. + +*** libgnutls: Add interface to deal with public key and signature algorithms. +The functions are called gnutls_pk_list, gnutls_pk_get_id, +gnutls_sign_list, and gnutls_sign_get_id. + +*** libgnutls: New interfaces to get name of public key and signing algorithms. +The functions are gnutls_sign_get_name and gnutls_pk_get_name. + +*** libgnutls: New API to get a string corresponding to a error symbol. +The function is gnutls_strerror_name. + +*** libgnutls: New API to set the public parameters in a certificate request +*** from a private key. +The function is gnutls_x509_crq_set_key_rsa_raw. + +*** libgnutls: New API to set a callback to extract TLS Finished data. +The function to register is gnutls_session_set_finished_function and +it takes a callback of the gnutls_finished_callback_func type. + +*** libgnutls: Fix namespace problem with TLS_MASTER_SIZE and TLS_RANDOM_SIZE. + +*** libgnutls: New interface to register a new TLS extension handler. +The new function gnutls_ext_register can be used to register handlers +for specific TLS extension types. The callback functions have the new +types gnutls_ext_recv_func and gnutls_ext_send_func. A type to +classify TLS extensions, gnutls_ext_parse_type_t, has been added as +well. + +*** libgnutls-extra: Add function to work with Libgcrypt in FIPS mode. +The function is gnutls_register_md5_handler. When libgcrypt is in +FIPS mode, MD5 is disabled, but TLS normally requires use of MD5 in +the PRF. + +*** API/ABI changes in GnuTLS 2.6 +No functions have been removed or modified. The library should be +fully backwards compatible on both the source and binary level. + +A new header file have been added. It contains +definitions related to replacing the internal crypto functionality. +All definitions and the header itself is experimental but supported. + +We have realized that the symbols TLS_MASTER_SIZE and TLS_RANDOM_SIZE +does not use the normal namespace. We have added GNUTLS_MASTER_SIZE +and GNUTLS_RANDOM_SIZE, but the old symbols are still defined. + +The following functions have been added to libgnutls: + +GNUTLS_MASTER_SIZE +GNUTLS_RANDOM_SIZE +gnutls_crypto_bigint_register2 +gnutls_crypto_cipher_register2 +gnutls_crypto_digest_register2 +gnutls_crypto_mac_register2 +gnutls_crypto_pk_register2 +gnutls_crypto_rnd_register2 +gnutls_crypto_single_cipher_register2 +gnutls_crypto_single_digest_register2 +gnutls_crypto_single_mac_register2 +gnutls_ext_register +gnutls_pk_get_id +gnutls_pk_get_name +gnutls_pk_list +gnutls_session_set_finished_function +gnutls_sign_get_id +gnutls_sign_get_name +gnutls_sign_list +gnutls_srp_set_prime_bits: +gnutls_strerror_name +gnutls_x509_crq_set_key_rsa_raw +gnutls_x509_crt_set_crl_dist_points2 +gnutls_x509_crt_set_subject_alt_name + +The following functions have been added to libgnutls-extra: + +gnutls_register_md5_handler + +** API and ABI modifications: +No changes since last version. + +* Version 2.5.9 (released 2008-09-29) + +** libgnutls: Fix several memory leaks. +Reported by Sam Varshavchik . + +** libgnutls: Fix buffer overrun in gnutls_x509_crt_list_import. +Report and patch by Jonathan Manktelow. + +** libgnutls: crypto.h gnutls_pk_params_st changes allocation strategy. +The parameters are now allocated in the structure itself. + +** doc: Texinfo HTML manual uses a stylesheet to improve readability. + +** tests: Scripts now use EXEEXT properly. +Modern libtool doesn't create wrapper script, so the self tests need +to invoke certtool.exe under MinGW32+Wine. + +** Uses autoconf 2.63, automake 1.10.1, libtool 2.2.6a. +Automake warnings are now also enabled. + +** API and ABI modifications: +gnutls_pk_params_st: MODIFIED + +* Version 2.5.8 (released 2008-09-21) + +** certtool: updated so it can add several subject alternative names using +the template file. + +** libgnutls: gnutls_x509_crt_set_subject_alt_name() was added that can +either set or append alternative names. It can also handle binary structures +such as IP addresses. + +** libgnutls: Fix crash in hashing code when using non-libgcrypt handlers. + +** libgnutls: New function to set minimum acceptable SRP bits. +The function is gnutls_srp_set_prime_bits. Tiny patch by Kevin Quick + in . + +** libgnutls: Check for overflows in gnutls_calloc and gnutls_secure_calloc. +Also fix overflows in calls to those functions. Reported by Werner +Koch . + +** libgnutls-extra: Add function to work with Libgcrypt in FIPS mode. +The function is gnutls_register_md5_handler. When libgcrypt is in +FIPS mode, MD5 is disabled, but TLS normally requires use of MD5 in +the PRF. + +** Opencdk: Add calls to gnutls_assert to ease debugging. + +** Indent code. + +** API and ABI modifications: +gnutls_srp_set_prime_bits: ADDED +gnutls_register_md5_handler: ADDED +gnutls_x509_crt_set_crl_dist_points2: ADDED +gnutls_x509_crt_set_subject_alt_name: ADDED + +* Version 2.5.7 (released 2008-09-16) + +** libgnutls: New interfaces to get name of public key and signing algorithms. +The functions are gnutls_sign_get_name and gnutls_pk_get_name. + +** libgnutls: Don't crash when gnutls_credentials_set is called twice. + +** libgnutls: Fix libgnutls shared library version. +It wasn't properly incremented after adding symbols in the last +release. + +** manual: Now mention supported public key and public key signing algorithms. + +** tests/openssl: initialize gnutls before use. + +** tests/setcredcrash: New test to catch regressions of gnutls_credentials_set. + +** GTK-DOC manual: mention new symbols in 2.6.x. Mention crypto.h functions. + +** API and ABI modifications: +gnutls_sign_get_name: ADDED +gnutls_pk_get_name: ADDED + +* Version 2.5.6 (released 2008-09-08) + +** libgnutls: Add interface to deal with public key and signature algorithms. +The functions are called gnutls_pk_list, gnutls_pk_get_id, +gnutls_sign_list, and gnutls_sign_get_id. Suggested by Sam +Varshavchik . + +** libgnutls: Refactor and clean up some code. + +** libgnutls: Fix compile error with Sun CC. + +** gnutls-cli: Improve --list output to include public key and signature algs. + +** gnutls-cli, gnutls-serv: Remove --copyright parameter. +Use standard --version to get license info. + +** gnutls-cli.1: Document all new parameters. +Thanks to James Westby . + +** tests: New self-test pgps2kgnu to test parsing of encrypted secrets. +Contributed by Daniel Kahn Gillmor . + +** API and ABI modifications: +gnutls_pk_list: ADDED +gnutls_pk_get_id: ADDED +gnutls_sign_list: ADDED +gnutls_sign_get_id: ADDED + +* Version 2.5.5 (released 2008-08-29) + +** libgnutls: New API to get a string corresponding to a error symbol. +The function is gnutls_strerror_name. + +** libgnutls: Fix include paths so that building with internal libtasn1 works. +Reported by "jth.net ApS" . + +** libgnutls: Fix segmentation fault when generating private keys. +Reported by Daniel Kahn Gillmor . + +** libgnutls: Remove code to import certificate chains in PKCS#7 format. +The code has not worked since v0.9.0 and apparently nobody has missed +it, so we decided to remove the code rather than fix it. If you have +old certificate chains stored in PKCS#7 format, you can convert them +to a list of PEM certificates by using 'certtool --p7-info'. Reported +by Christian Grothoff . + +** opencdk: Parse (but not decrypt) encrypted secret keys. +Contributed by Daniel Kahn Gillmor . + +** libgnutls: Fix many warnings. + +** Included copy of libtasn1 is upgraded to version 1.5. + +** Add French translation, thanks to Nicolas Provost. + +** API and ABI modifications: +gnutls_strerror_name: ADDED + +* Version 2.5.4 (released 2008-08-19) + +** Fix secure memory initialization of libgcrypt. +Reported by Joe Orton in +. + +** Doc fixes. +Reference to NIST SP 800-57 in the manual on key size recommendations. +Added 'Since:' tags to new APIs for gtk-doc. + +** API and ABI modifications: +No changes since last version. + +* Version 2.5.3 (released 2008-08-14) + +** libgnutls: New API to set the public parameters in a certificate request +** from a private key. +The function is gnutls_x509_crq_set_key_rsa_raw. Inspired by +discussion with "Zach C." . + +** libgnutls: New API to set a callback to extract TLS Finished data. +The function to register is gnutls_session_set_finished_function and +it takes a callback of the gnutls_finished_callback_func type. + +** libgnutls: Drop final comma after GNUTLS_CRT_PRINT_UNSIGNED_FULL in enum. +Reported in . + +** libgnutls: Fix namespace problem with TLS_MASTER_SIZE and TLS_RANDOM_SIZE. +The new names are GNUTLS_MASTER_SIZE and GNUTLS_RANDOM_SIZE. The old +names are mapped to the new names in compat.h. These mappings will +likely be removed more quickly than other mappings in that file due to +the namespace violation. + +** libgnutlsxx: Make it build when SRP is disabled. + +** doc: Add doxygen files in doc/doxygen/. + +** API and ABI modifications: +gnutls_x509_crq_set_key_rsa_raw: ADDED +gnutls_session_set_finished_function: ADDED +gnutls_finished_callback_func: ADDED +GNUTLS_MASTER_SIZE: ADDED +GNUTLS_RANDOM_SIZE: ADDED +TLS_MASTER_SIZE: DEPRECATED +TLS_RANDOM_SIZE: DEPRECATED + +* Version 2.5.2 (released 2008-07-08) + +** libgnutls: Fix bug in gnutls_dh_params_generate2. +The prime and generator was swapped. + +** libgnutls: New interface to register a new TLS extension handler. +The new function gnutls_ext_register can be used to register handlers +for specific TLS extension types. The callback functions have the new +types gnutls_ext_recv_func and gnutls_ext_send_func. A type to +classify TLS extensions, gnutls_ext_parse_type_t, has been added as +well. + +** Move more code for TLS/IA extension from libgnutls to libgnutls-extra. +This was made possible by using the new gnutls_ext_register interface. +The TLS/IA functionality has only been supported through the +libgnutls-extra library, so it makes sense for the code to belong +there too. + +** API and ABI modifications: +gnutls_ext_recv_func: ADDED +gnutls_ext_send_func: ADDED +gnutls_ext_parse_type_t: ADDED +gnutls_ext_register: ADDED + +* Version 2.5.1 (released 2008-07-02) + +** Indent code. + +** API and ABI modifications: +No changes since last version. + +* Version 2.5.0 (released 2008-07-02) + +** Port fixes from v2.4.1 release, see below. + +** Added API to replace and update the crypto backend. +The header gnutls/crypto.h is now officially supported, and declares +the symbols below. + +** Rewritten opencdk crypto backend, to use the gnutls internal one. + +** Update gnulib and translations. +The gnulib gc crypto code has been removed since it was never finished +and is no longer even used. An internal non-libgcrypt crypto +implementation may be added in the future, but we'll decide that later +on. + +** API and ABI modifications: +gnutls_crypto_bigint_register2: ADDED. +gnutls_crypto_cipher_register2: ADDED. +gnutls_crypto_digest_register2: ADDED. +gnutls_crypto_mac_register2: ADDED. +gnutls_crypto_pk_register2: ADDED. +gnutls_crypto_rnd_register2: ADDED. +gnutls_crypto_single_cipher_register2: ADDED. +gnutls_crypto_single_digest_register2: ADDED. +gnutls_crypto_single_mac_register2: ADDED. + +* Version 2.4.3 (released 2009-02-06) + +** libgnutls: Accept chains where intermediary certs are trusted. +Before GnuTLS needed to validate the entire chain back to a +self-signed certificate. GnuTLS will now stop looking when it has +found an intermediary trusted certificate. The new behaviour is +useful when chains, for example, contains a top-level CA, an +intermediary CA signed using RSA-MD5, and an end-entity certificate. +To avoid chain validation errors due to the RSA-MD5 cert, you can +explicitly add the intermediary RSA-MD5 cert to your trusted certs. +The signature on trusted certificates are not checked, so the chain +has a chance to validate correctly. Reported by "Douglas E. Engert" + in +. + +** libgnutls: Permit V1 Certificate Authorities properly. +Before they were mistakenly rejected even though +GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT and/or +GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT were supplied. Reported by +"Douglas E. Engert" in +. + +** libgnutls: deprecate X.509 validation chains using MD5 and MD2 signatures. +This is a bugfix -- the previous attempt to do this from internal x509 +certificate verification procedures did not return the correct value +for certificates using a weak hash. Reported by Daniel Kahn Gillmor + in +, +debugged and patch by Tomas Mraz and Daniel Kahn +Gillmor . + +** libgnutls: Fix chain verification for chains that ends with RSA-MD2 CAs. +Reported by Michael Kiefer in + forwarded by +Andreas Metzler in +. + +** libgnutls: Fix crash in X.509 validation code for self-signed certificates. +The patch to fix the security problem GNUTLS-SA-2008-3 introduced a +problem for certificate chains that contained just one self-signed +certificate. Reported by Michael Meskes in +. + +** libgnutls: Fix X.509 certificate chain validation error. [GNUTLS-SA-2008-3] +The flaw makes it possible for man in the middle attackers (i.e., +active attackers) to assume any name and trick GnuTLS clients into +trusting that name. Thanks for report and analysis from Martin von +Gagern . [CVE-2008-4989] + +Any updates with more details about this vulnerability will be added +to + +** libgnutls: Fix buffer overrun in gnutls_x509_crt_list_import. +Report and patch by Jonathan Manktelow. + +** libgnutls: Avoid use of non-thread safe strerror. + +** API and ABI modifications: +No changes since last version. + +* Version 2.4.2 (released 2008-09-15) + +** libgnutls: Don't crash when gnutls_credentials_set is called twice. + +** libgnutls: Corrected memory leak in X.509 functions. +Thanks to Colin Leroy . + +** libgnutls: Fix compile error with Sun CC. + +** gnutls-cli.1: Document all new parameters. +Thanks to James Westby . + +** tests/openssl: initialize gnutls before use. +Fixes crash with libgcrypt 1.4.2. Reported by Ludovic Courtes +. + +** doc/: Fix texinfo markup for old texinfo versions. + +** Included copy of libtasn1 is upgraded to version 1.5. + +** API and ABI modifications: +No changes since last version. + +* Version 2.4.1 (released 2008-06-30) + +** libgnutls: Fix local crash in gnutls_handshake. [GNUTLS-SA-2008-2] +If the gnutls_handshake function is called for a normal session, which +can happen for re-handshakes, the library would crash because it tried +to hash some data using a libgcrypt handle that had been deallocated. +Report and tiny patch from Tomas Mraz . Any updates +with more details about this vulnerability will be added to + + +** libgnutls: Fix memory leaks when doing a re-handshake. +Reported by Sam Varshavchik in +. + +** Fix compiler warnings. +Reported by Massimo Gaspari in +. + +** Fix ordering of -I's to avoid opencdk.h conflict with system headers. +Reported by Roman Bogorodskiy in +. + +** srptool: Fix a problem where --verify check does not succeed. +Report and tiny patch by Matthias Koenig in +. + +** API and ABI modifications: +No changes since last version. + +* Version 2.4.0 (released 2008-06-19) + +** Major changes compared to the v2.2 branch: + +*** The OpenPGP sub-system has been improved and now supports subkeys. + +*** The PSK sub-system has been improved and now supports password +*** derivation and PSK identity hints. +The password derivation algorithms support is documented in +draft-ietf-netconf-tls-02.txt. + +*** The certtool --inder and --outder has been replaced by --inraw and --outraw. +This aligns terminology with OpenPGP, which doesn't use DER encoding. +The old parameters will continue to work for some time. + +*** Certtool now confirm passwords and changes permissions of private key files. + +*** The default handshake size limit has been increased to 48kb. +It appears as if some valid handshakes are large due to sending many +CA certificates. (The earlier limit was 16kb.) + +*** LZO compression is now disabled by default. +The main reason is that LZO compression in TLS is not standardized, +but license compatiblity issues with minilzo triggered us to make this +decision now. + +*** Improvements for cross-compilation to Windows and OpenWRT. + +*** The look of the GTK-DOC manual has been improved. +Major developer visible changes compared to the v2.2 branch: + +*** Full OpenPGP support is part of libgnutls, licensed under the LGPL. + +*** New APIs to access the raw X.509 Subject and Issuer DN's and +*** elements from the certificate credentials structure. +Thanks to Joe Orton. + +*** New APIs to improve working with username/passwords and PSK. + +*** Names of constants to affect certificate printing changed. +The constants are used for OpenPGP too, which the names didn't +reflect, so the following name change has been made: + + Old name New name + GNUTLS_X509_CRT_FULL GNUTLS_CRT_PRINT_FULL + GNUTLS_X509_CRT_ONELINE GNUTLS_CRT_PRINT_ONELINE + GNUTLS_X509_CRT_UNSIGNED_FULL GNUTLS_CRT_PRINT_UNSIGNED_FULL + +The old names will be mapped to the new names for some time. + +*** The function gnutls_openpgp_privkey_get_id has been renamed to +*** gnutls_openpgp_privkey_get_key_id. +A compatibility mapping exists to avoid breaking API backwards +compatibility. + +*** Replaced all uses of alloca with malloc and free. + +*** We no longer build with -D_REENTRANT -D_THREAD_SAFE. +We have been unable to find a documented rationale for this practice. + +*** Of course, many smaller fixes have been made, see the ChangeLog file. + +*** API/ABI changes in GnuTLS 2.4 +All OpenPGP related functions have been moved from libgnutls-extra to +libgnutls, and several new functions have been added (see below). +Before making the release, we discussed whether moving functions from +libgnutls-extra to libgnutls would require us to increment the ABI +version, but the general opinion was that this would not be required. +All older functions continue to work the same. We are open to the +possibility that this decision will lead to problem on some platform, +and if it turns out that the Right Thing should have been to increment +the shared library version, we would need to release an update within +the 2.4.x branch that increments the shared library version. + +This release adds the following functions: + + gnutls_psk_client_get_hint + gnutls_psk_set_server_credentials_hint + gnutls_psk_netconf_derive_key + + Used to get/set the PSK identity hint, and derive PSK keys from + passwords a'la netconf. + + gnutls_x509_dn_deinit + gnutls_x509_dn_export + gnutls_x509_dn_import + gnutls_x509_dn_init + + Used to handle X.509 Certificate DN's directly. + + gnutls_hex2bin + + Converts a data buffer to hex. Useful for handling PSK/SRP shared + secrets. + + gnutls_certificate_get_x509_cas + gnutls_certificate_get_x509_crls + gnutls_certificate_get_openpgp_keyring + + Functions for direct access to credential elements. + + gnutls_openpgp_crt_get_auth_subkey + gnutls_openpgp_crt_get_key_id + gnutls_openpgp_crt_get_pk_dsa_raw + gnutls_openpgp_crt_get_pk_rsa_raw + gnutls_openpgp_crt_get_preferred_key_id + gnutls_openpgp_crt_get_revoked_status + gnutls_openpgp_crt_get_subkey_count + gnutls_openpgp_crt_get_subkey_creation_time + gnutls_openpgp_crt_get_subkey_expiration_time + gnutls_openpgp_crt_get_subkey_fingerprint + gnutls_openpgp_crt_get_subkey_id + gnutls_openpgp_crt_get_subkey_idx + gnutls_openpgp_crt_get_subkey_pk_algorithm + gnutls_openpgp_crt_get_subkey_pk_dsa_raw + gnutls_openpgp_crt_get_subkey_pk_rsa_raw + gnutls_openpgp_crt_get_subkey_revoked_status + gnutls_openpgp_crt_get_subkey_usage + gnutls_openpgp_crt_print + gnutls_openpgp_crt_set_preferred_key_id + gnutls_openpgp_keyring_get_crt + gnutls_openpgp_keyring_get_crt_count + gnutls_openpgp_privkey_export + gnutls_openpgp_privkey_export_dsa_raw + gnutls_openpgp_privkey_export_rsa_raw + gnutls_openpgp_privkey_export_subkey_dsa_raw + gnutls_openpgp_privkey_export_subkey_rsa_raw + gnutls_openpgp_privkey_get_fingerprint + gnutls_openpgp_privkey_get_key_id + gnutls_openpgp_privkey_get_pk_algorithm + gnutls_openpgp_privkey_get_preferred_key_id + gnutls_openpgp_privkey_get_revoked_status + gnutls_openpgp_privkey_get_subkey_count + gnutls_openpgp_privkey_get_subkey_creation_time + gnutls_openpgp_privkey_get_subkey_expiration_time + gnutls_openpgp_privkey_get_subkey_fingerprint + gnutls_openpgp_privkey_get_subkey_id + gnutls_openpgp_privkey_get_subkey_idx + gnutls_openpgp_privkey_get_subkey_pk_algorithm + gnutls_openpgp_privkey_get_subkey_revoked_status + gnutls_openpgp_privkey_set_preferred_key_id + + New OpenPGP related functions. + + The function gnutls_openpgp_crt_get_key_id is the same as the old + from gnutls_openpgp_crt_get_id, see above. + +The release also adds a new header file 'gnutls/crypto.h', however it +is currently not used. + +** libgnutls [OpenPGP]: New APIs to retrieve fingerprint from OpenPGP subkeys. +Contributed by Daniel Kahn Gillmor . + +** API and ABI modifications: +gnutls_openpgp_crt_get_subkey_fingerprint: ADDED. +gnutls_openpgp_privkey_get_subkey_fingerprint: ADDED. + +* Version 2.3.15 (released 2008-06-15) + +** Disable the openpgp-certs self-tests. +It results in failure under Wine and doesn't work on Debian buildds. + +** API and ABI modifications: +No changes since last version. + +* Version 2.3.14 (released 2008-06-11) + +** libgnutls [OpenPGP]: Changed OpenPGP verification behaviour. +An OpenPGP certificate is now only considered verified if all the user +IDs are verified. + +** Examples: Make C++ example compile. +Earlier it may have failed with an unresolved reference to strlen. + +** Documentation: Doc fix for gnutls_x509_crt_get_extension_oid. +Reported by Sam Varshavchik . + +** API and ABI modifications: +No changes since last version. + +* Version 2.3.13 (released 2008-06-07) + +** libgnutls [OpenPGP]: Make OpenPGP handshakes work again. + +** doc/: Add psktool to info index. Some minor cleanups. + +** tests/: Added non-forking TLS handshake test, see tests/mini.c. + +** tests/: Added libgcrypt.supp which can be used with valgrind. +The file suppresses the known libgcrypt memory leaks, so they aren't +printed when you run valgrind on the gnutls self-tests. Use it as +follows: valgrind --suppressions=libgcrypt.supp ./x509self or add +'--suppressions=/home/you/src/gnutls/tests/libgcrypt.supp' to your +~/.valgrindrc file. + +** tests/: Reduce amount of debugging output by default. +Use --verbose for each test to get the full output. + +** tests/: Fix memory leaks in several self-tests. +None of the self tests should be leaking memory when running valgrind +or similar tools. (Known exceptions are dhepskself, pskself, and +set_pkcs12_cred, which appear likely to be due to memory leaks in the +library.) + +** API and ABI modifications: +No changes since last version. + +* Version 2.3.12 (released 2008-06-04) + +** Merge gnutls_with_netconf branch. + +*** libgnutls [PSK]: New API to retrieve PSK identity hint in client. +The function is gnutls_psk_client_get_hint. + +*** libgnutls [PSK]: New API to set PSK identity hint in server. +The function is gnutls_psk_set_server_credentials_hint. + +*** libgnutls [PSK]: Support server key exchange with PSK identity hint. +In the client, the message is parsed and the application can use +gnutls_psk_client_get_hint to retrieve the hint. In the server, the +message is sent if the application has specified a PSK identity hint +using gnutls_psk_set_server_credentials_hint. + +*** libgnutls [PSK]: Support Netconf PSK key derivation. +The function gnutls_psk_netconf_derive_key supports the PSK key +derivation as specified in draft-ietf-netconf-tls-02.txt. New self +test netconf-psk.c. + +*** psktool: Support new --netconf-hint to generate PSK key from password. +Uses the Netconf algorithm to derive PSK key from password. + +*** gnutls-serv: Support new --pskhint parameter to set PSK identity hint. + +*** gnutls-cli: Always support PSK modes, through a callback. +The callback will derive a PSK key using Netconf algorithm. It will +print the PSK identity hint to help the user. + +*** New PSK example client and server. +See doc/examples/ex-client-psk.c and doc/examples/ex-serv-psk.c. + +** libgnutls: Fix gnutls_x509_crl_set_version on arm platforms. +The code didn't work properly on platforms where 'char' is unsigned, +when you set version 0. Reported by Laurence Withers + in +. + +** libgnutls-openssl: added RAND_pseudo_bytes API. +Patch from Robert Millan . + +** API and ABI modifications: +RAND_pseudo_bytes: ADDED to libgnutls-openssl. +gnutls_psk_client_get_hint: ADDED. +gnutls_psk_set_server_credentials_hint: ADDED. +gnutls_psk_netconf_derive_key: ADDED + +* Version 2.3.11 (released 2008-05-20) + +** Fix flaw in fix for GNUTLS-SA-2008-1-3. +The flaw would result in incorrectly terminated sessions with the +error "Decryption has failed" when the server sends a small packet +(typically when the session is closed). Reported by Andreas Metzler + in +. + +** Don't use gnulib headers when building C++ library. +Fixes builds under Windows. + +** Make umask a requirement. +We don't know of any system that lacks it, even GNU CoreUtils use it +unconditionally. + +** Update gnulib files. +Fixes a problem where it pulled in a replacement for memcmp under +MinGW, which caused the C++ example to fail to build. + +** API and ABI modifications: +No changes since last version. + +* Version 2.3.10 (released 2008-05-19) + +** Added wide wildcard hostname matching. +Tiny patch by Jean-Philippe Garcia Ballester. + +** Fix three security vulnerabilities. [GNUTLS-SA-2008-1] +Thanks to CERT-FI for finding the bugs and providing detailed reports, +which allowed the bugs to be reproduced and fixed easily. Patches +developed by Simon Josefsson and Nikos Mavrogiannopoulos. Any updates +with more details about these vulnerabilities will be added to + + +*** [GNUTLS-SA-2008-1-1] +*** libgnutls: Fix crash when sending invalid server name. +The crash can be triggered remotely before authentication, which can +lead to a Daniel of Service attack to disable the server. The bug +cause gnutls to store more session resumption data than what was +allocated for, thus overwriting unallocated memory. + +*** [GNUTLS-SA-2008-1-2] +*** libgnutls: Fix crash when sending repeated client hellos. +The crash can be triggered remotely before authentication, which can +lead to a Daniel of Service attack to disable the server. The bug +triggers a null-pointer dereference. + +*** [GNUTLS-SA-2008-1-3] +*** libgnutls: Fix crash in cipher padding decoding for invalid record lengths. +The crash can be triggered remotely before authentication, which can +lead to a Daniel of Service attack to disable the server. The bug +cause gnutls to read memory beyond the end of the received record. + +** libgnutlsxx: Updated API according to patches from Eduardo +Villanueva Che (discussion at +) + +** Use umask to restrict permissions to owner before creating a file. + +** API and ABI modifications: +No changes since last version. + +* Version 2.3.9 (released 2008-05-16) + +** libgnutls: Fix build failures if SRP/OpenPGP is disabled. +Based on report and tiny patches from +, see +. + +** libgnutls: Translation fixes. + +** gnutls-cli: Fix so that PSK authentication works. +Also improve manual to give example for gnutls-cli PSK authentication. + +** certtool: Encrypting a private key now require a confirmed password. +Before './certtool -k -8' would merely ask for a password once. +Reported by Daniel 'NebuchadnezzaR' Dehennin + see +. + +** certtool: When writing private keys to files, change permissions of file. +Now the file which the private key is saved to is chmod'ed 0600. +Reported by martin f krafft see +. + +** guile: Fix -fgnu89-inline test. + +** Removed --enable-profile-mode. +The code linked gnutls with the libfc project (Function Check) which +appears to have been stalled since around 2002. + +** Clean up header file checks by ./configure. + +** Update of gnulib files. + +** API and ABI modifications: +No changes since last version. + +* Version 2.3.8 (released 2008-04-29) + +** libgnutls: Increase default handshake packet size limit to 48kb. +The old limit was 16kb and some servers send huge list of trusted CAs, +thus running into the limit. FYI, applications can further increase +this limit using gnutls_handshake_set_max_packet_length. Thanks to +Marc Haber and "Marc F. Clemente" + for reporting and providing test servers. + +** libgnutls: Add new error code: GNUTLS_E_HANDSHAKE_TOO_LARGE +Returned when the handshake data size is too large. Before +GNUTLS_E_MEMORY_ERROR was used, which could be confused with other +error situations. + +** libgnutls: Hide definitions in crypto.h. +We have decided that the APIs defined in crypto.h are not stable +enough for v2.4, so don't use any of those functions. + +** gnutls-cli: exit when hostname doesn't match certificate. +Use --insecure to avoid hostname comparison. + +** certtool: --inder and --outder replaced by --inraw and --outraw. +The reason is to align terminology with OpenPGP, which doesn't use +DER. The old parameters will continue to work for some time. + +** doc: Add section 'Index of new symbols in 2.4.0' to the GTK-DOC manual. + +** doc: Many cosmetic fixes, to silence (most) gtk-doc warnings. + +** Mingw32: Revert libgcrypt vasprintf work-around added in last release. +Use libgcrypt 1.4.1 or later when building on MinGW32, it removes the +vasprintf symbol from the libgcrypt library which caused problems. + +** Update of gnulib files. + +** tests: New self-test of crypto.h RNG code tests/crypto_rng. + +** API and ABI modifications: +GNUTLS_E_HANDSHAKE_TOO_LARGE: ADDED. + +* Version 2.3.7 (released 2008-04-21) + +** opencdk now properly sets the key usage bits into openpgp keys. + +** gnutls-cli: Fix crash on TLS handshake failures. +Reported by "Marc F. Clemente" in Debian BTS #466477. +This is similar to . + +** certtool: with --generate-request and newly generated keys, print the key. + +** Build fixes for MinGW. +Missing rpl_fseeko symbol in lib/opencdk/. Better checks for linking +with -lws2_32 when needed. Use ASCII only isprint() when printing +X.509 certificate information, to avoid non-ASCII but printable +characters. Thanks to Massimo Gaspari for +reports. + +** Update internal copy of libtasn1 to version 1.4. + +** API and ABI modifications: +No changes since last version. + +* Version 2.3.6 (released 2008-04-17) + +** Make gnutls_x509_crq_sign2 set certificate request version if not set. +** Improve documentation for gnutls_x509_crq_sign2. +Based on report from "John Brooks" in +. + +** tests/pathlen: run diff without parameters to improve portability. +Based on HPUX build hints in +. + +** Don't use %e specifier with strftime, it doesn't work under Windows. +Reported by Massimo Gaspari in +. + +** Remove all uses of gnutls_alloca/gnutls_afree. +Use normal gnutls_malloc instead. One reason is increased portability +to Windows, the other is that several of the uses may be unsafe +because the size of data allocated could be large. Reported by +Massimo Gaspari in +. + +** Build Guile code with -fgnu89-inline only when supported. +Reported by Kris Karas in +. + +** Several GTK-DOC related fixes. + +** Clean up OpenCDK related code. +GnuTLS now requires its internal OpenCDK code rather than the external +GPL library OpenCDK. Unfortunately, we don't have resources to +maintain an external library (help welcome). + +** API and ABI modifications: +No changes since last version. + +* Version 2.3.5 (released 2008-04-14) + +** Build fix for MinGW and --disable-shared. +Reported by Massimo Gaspari in +. + +** Document how to generate CRLs. +Suggested by "Rainer Gerhards" . + +** Documented the --priority option to gnutls-cli and gnutls-serv. + +** Several minor fixes in the OpenPGP interface. +Thanks to Daniel Kahn Gillmor. + +** Fix fopen file descriptor leak in PSK server code. +Thanks to Laurence Withers , see +. + +** Translations files not stored directly in git to avoid merge conflicts. + +** New APIs to let applications replace the RNG used. +Update all RNG callers in the code to use the new interface. + +** Guile code now built with -fgnu89-inline to fix inline semantic problem. + +** Update gnulib files. + +** API and ABI modifications: +gnutls_crypto_rnd_register: ADDED +gnutls_rnd_level_t: ADDED +GNUTLS_RND_KEY: ADDED, gnutls_rnd_level_t member +GNUTLS_RND_RANDOM: ADDED, gnutls_rnd_level_t member +GNUTLS_RND_NONCE: ADDED, gnutls_rnd_level_t member +gnutls_crypto_rnd_st: ADDED +GNUTLS_DIG_SHA224: ADDED +GNUTLS_SIGN_RSA_SHA224: ADDED +gnutls_openpgp_crt_get_auth_subkey: MODIFIED + +* Version 2.3.4 (released 2008-03-19) + +** Finish renaming of gnutls_certificate_export_x509_cas etc. +They weren't renamed in the public header file. + +** Added functions to register a cipher/mac/digest. This allows to +override the included ones. + +** Fix a bunch of compiler warnings. + +** API and ABI modifications: +gnutls_crypto_cipher_st: ADDED +gnutls_crypto_mac_st: ADDED +gnutls_crypto_digest_st: ADDED +gnutls_crypto_cipher_register: ADDED +gnutls_crypto_mac_register: ADDED +gnutls_crypto_digest_register: ADDED +GNUTLS_E_CRYPTO_ALREADY_REGISTERED: ADDED + +* Version 2.3.3 (released 2008-03-10) + +** Fix build failure in libextra/gnutls_extra.c that needed opencdk.h. +Reported by Roman Bogorodskiy . + +** No longer compiled using -D_REENTRANT -D_THREAD_SAFE. +We could not find any modern justification for enabling these flags by +default. If you know of some platform that needs one of the flags to +work properly, please let us know. (Actually introduced in v2.3.0 but +not documented until now.) + +** Importing many CA certificates are now considerably faster. +This affect gnutls_certificate_set_x509_trust_mem, +gnutls_certificate_set_x509_trust, and +gnutls_certificate_set_x509_trust_file. The complexity was reduced +from O(2*n^2) to O(n). When adding 206 files containing 408 +certificates, using gnutls_certificate_set_x509_trust_file, the time +dropped from 40 seconds to 0.3 seconds. Thanks to Edgar Fuß for code +to trigger the problem. See also +. + +** Clarify documentation for gnutls_x509_crt_set_subject_alternative_name +** to be explicit that it takes zero terminated data. + +** gnutls-cli --print-cert now print PKCS#3 format Diffie-Hellman parameters. + +** Documentation fixes for the GTK-DOC manual. + +** Fix compilation error related to __FUNCTION__ on some systems. +Reported by Tim Mooney, see +. + +** Updated translations. + +** Update gnulib files. + +** API and ABI modifications: +gnutls_hex2bin: MODIFIED, uses size_t instead of int for string length, + and char* instead of void* for output buffer. + +* Version 2.3.2 (released 2008-02-26) + +** Fix srcdir!=objdir failure in openpgpself test. + +** Improved API documentation output from GTK-DOC. + +** Added gnutls_x509_dn_export(). Patch by Joe Orton. + +** Renamed gnutls_certificate_export_x509_cas and friends. +See . + +** Internal header files cleanup. + +** API and ABI modifications: +gnutls_certificate_export_x509_cas: RENAMED to gnutls_certificate_get_x509_cas +gnutls_certificate_export_x509_crls: RENAMED to gnutls_certificate_get_x509_crls +gnutls_certificate_export_openpgp_keyring: RENAMED to gnutls_certificate_get_openpgp_keyring +gnutls_x509_dn_export: ADDED + +* Version 2.3.1 (released 2008-02-21) + +** OpenPGP support merged into libgnutls and is now licensed under LGPL. +The included copy of OpenCDK has been stripped down and re-licensed +under the LGPL. + +** Cipher priority string handling now handle strings that starts with NULL. +Thanks to Laurence Withers . + +** gnutls-cli: When -d is used, also prints RNG information from libgcrypt. + +** Corrected memory leaks in session resuming and DHE ciphersuites. Reported +by Daniel Stenberg. + +** Increased the default certificate verification chain limits and allowed +for checks without limitation. + +** Corrected the behaviour of gnutls_x509_crt_get_subject_alt_name() +and gnutls_x509_crt_get_subject_alt_name() to not null terminate binary +strings and return the proper size. + +** Add section 'On Record Padding' to the manual. +This collects all problems related to record padding with +Nokia/Sony-Ericsson phones that we know about. + +** Several improvements in the OpenPGP authentication. +Now subkeys can be used for authentication, according to +draft-mavrogiannopoulos-rfc5081bis-00.txt. + +** certtool can print information on OpenPGP certificates and keys. + +** Added gnutls_x509_dn_import/init/deinit() to access raw DER DN. +Patch by Joe Orton. + +** Added gnutls_certificate_export_x509_cas and other functions to +export elements from the certificate credentials structure. Based on +suggestion from Joe Orton. + +** Doc fixes. +Clarify that srp_base64 is not the same as normal base64. + +** Fix non-portable use of brace expansion in makefiles. + +** API and ABI modifications: +gnutls_certificate_export_x509_cas: ADDED +gnutls_certificate_export_x509_crls: ADDED +gnutls_certificate_export_openpgp_keyring: ADDED +gnutls_openpgp_keyid_t: ADDED, instead of hard-coded 'unsigned char[8]'. +gnutls_openpgp_crt_get_key_id: ADDED, obsoletes gnutls_openpgp_crt_get_id. +gnutls_openpgp_crt_get_revoked_status: ADDED +gnutls_openpgp_crt_get_subkey_count: ADDED +gnutls_openpgp_crt_get_subkey_idx: ADDED +gnutls_openpgp_crt_get_subkey_revoked_status: ADDED +gnutls_openpgp_crt_get_subkey_pk_algorithm: ADDED +gnutls_openpgp_crt_get_subkey_creation_time: ADDED +gnutls_openpgp_crt_get_subkey_expiration_time: ADDED +gnutls_openpgp_crt_get_subkey_id: ADDED +gnutls_openpgp_crt_get_subkey_usage: ADDED +gnutls_openpgp_privkey_get_fingerprint: ADDED +gnutls_openpgp_privkey_get_key_id: ADDED +gnutls_openpgp_privkey_get_subkey_count: ADDED +gnutls_openpgp_privkey_get_subkey_idx: ADDED +gnutls_openpgp_privkey_get_subkey_revoked_status: ADDED +gnutls_openpgp_privkey_get_revoked_status: ADDED +gnutls_openpgp_privkey_get_subkey_pk_algorithm: ADDED +gnutls_openpgp_privkey_get_subkey_expiration_time: ADDED +gnutls_openpgp_privkey_get_subkey_id: ADDED +gnutls_openpgp_privkey_get_subkey_creation_time: ADDED +gnutls_openpgp_crt_get_subkey_pk_dsa_raw: ADDED +gnutls_openpgp_crt_get_subkey_pk_rsa_raw: ADDED +gnutls_openpgp_crt_get_pk_dsa_raw: ADDED +gnutls_openpgp_crt_get_pk_rsa_raw: ADDED +gnutls_openpgp_privkey_export_subkey_dsa_raw: ADDED +gnutls_openpgp_privkey_export_subkey_rsa_raw: ADDED +gnutls_openpgp_privkey_export_dsa_raw: ADDED +gnutls_openpgp_privkey_export_rsa_raw: ADDED +gnutls_openpgp_privkey_export: ADDED +gnutls_certificate_set_openpgp_key_file2: ADDED +gnutls_certificate_set_openpgp_key_mem2: ADDED +gnutls_x509_dn_init: ADDED +gnutls_x509_dn_import: ADDED +gnutls_x509_dn_deinit: ADDED +GNUTLS_E_OPENPGP_SUBKEY_ERROR: ADDED +gnutls_hex2bin: ADDED +GNUTLS_CRT_PRINT_FULL: ADDED, same as old GNUTLS_X509_CRT_FULL. +GNUTLS_CRT_PRINT_ONELINE: ADDED, same as old GNUTLS_X509_CRT_ONELINE. +GNUTLS_CRT_PRINT_UNSIGNED_FULL: ADDED, same as + old GNUTLS_X509_CRT_UNSIGNED_FULL. + +* Version 2.3.0 (released 2008-01-08) + +** LZO compression is now disabled by default. +The reason is that LZO compression is not standardized in TLS. If you +wish to experiment with it, you will have to supply --with-lzo when +invoking ./configure. The internal copy of minilzo is no longer +included with GnuTLS, so you will need to install liblzo or liblzo2 on +your system to have --with-lzo to be effective. + +** More than one server name field is now sent to the server properly. +Thanks to mark.phillips@virgin.net. + +** Fixes the post_client_hello_function(). The extensions are now parsed +in a callback friendly way. + +** Fix for certificate selection in servers with certificate callbacks. + +** Updated translations. + +** Update gnulib files. + +** API and ABI modifications: +No changes since last version. + +* Version 2.2.5 (released 2008-05-19) + +** Fix flaw in fix for GNUTLS-SA-2008-1-3. +The flaw would result in incorrectly terminated sessions with the +error "Decryption has failed" when the server sends a small packet +(typically when the session is closed). Reported by Andreas Metzler + in +. + +** API and ABI modifications: +No changes since last version. + +* Version 2.2.4 (released 2008-05-19) + +** Fix three security vulnerabilities. [GNUTLS-SA-2008-1] +Thanks to CERT-FI for finding the bugs and providing detailed reports, +which allowed the bugs to be reproduced and fixed easily. Patches +developed by Simon Josefsson and Nikos Mavrogiannopoulos. Any updates +with more details about these vulnerabilities will be added to + + +*** [GNUTLS-SA-2008-1-1] +*** libgnutls: Fix crash when sending invalid server name. +The crash can be triggered remotely before authentication, which can +lead to a Daniel of Service attack to disable the server. The bug +cause gnutls to store more session resumption data than what was +allocated for, thus overwriting unallocated memory. + +*** [GNUTLS-SA-2008-1-2] +*** libgnutls: Fix crash when sending repeated client hellos. +The crash can be triggered remotely before authentication, which can +lead to a Daniel of Service attack to disable the server. The bug +triggers a null-pointer dereference. + +*** [GNUTLS-SA-2008-1-3] +*** libgnutls: Fix crash in cipher padding decoding for invalid record lengths. +The crash can be triggered remotely before authentication, which can +lead to a Daniel of Service attack to disable the server. The bug +cause gnutls to read memory beyond the end of the received record. + +** API and ABI modifications: +No changes since last version. + +* Version 2.2.3 (released 2008-05-06) + +** Increase default handshake packet size limit to 48kb. +The old limit was 16kb and some servers send huge list of trusted CAs, +thus running into the limit. FYI, applications can further increase +this limit using gnutls_handshake_set_max_packet_length. Thanks to +Marc Haber and "Marc F. Clemente" + for reporting and providing test servers. + +** Fix compilation error related to __FUNCTION__ on some systems. +Reported by Tim Mooney, see +. + +** Documented the --priority option to gnutls-cli and gnutls-serv. + +** Fix fopen file descriptor leak in PSK server code. +Thanks to Laurence Withers , see +. + +** Build Guile code with -fgnu89-inline only when supported. +Reported by Kris Karas in +. + +** Make Camellia encryption work. +Reported by Yoshisato YANAGISAWA in +. + +** API and ABI modifications: +No changes since last version. + +* Version 2.2.2 (released 2008-02-21) + +** Cipher priority string handling now handle strings that starts with NULL. +Thanks to Laurence Withers . + +** Corrected memory leaks in session resuming and DHE ciphersuites. Reported +by Daniel Stenberg. + +** Increased the default certificate verification chain limits and allowed +for checks without limitation. + +** Corrected the behaviour of gnutls_x509_crt_get_subject_alt_name() +and gnutls_x509_crt_get_subject_alt_name() to not null terminate binary +strings and return the proper size. + +** API and ABI modifications: +No changes since last version. + +* Version 2.2.1 (released 2008-01-17) + +** Prevent linking libextra against previously installed libgnutls. +Tiny patch from "Alon Bar-Lev" , see +. + +** Fixes the post_client_hello_function(). The extensions are now parsed +in a callback friendly way. + +** Fix for certificate selection in servers with certificate callbacks. + +** API and ABI modifications: +No changes since last version. + +* Version 2.2.0 (released 2007-12-14) + +** Update internal copy of libtasn1 to version 1.2. + +** Certtool --verify-chain now handle inputs larger than 64kb. +This fixes the self-test "rsa-md5-collision" under MinGW+Wine with +recent versions of libgcrypt. The problem was that Wine with the +libgcrypt RNG generates huge amounts of debugging output. + +** Translation updates. +Added Dutch translation. Updated Polish and Swedish translation. + +** Major changes compared to the v2.0 branch: + +*** SRP support aligned with newly published RFC 5054. + +*** OpenPGP support aligned with newly published RFC 5081. + +*** Support for DSA2 keys. + +*** Support for Camellia cipher. + +*** Support for Opaque PRF Input extension. + +*** PKCS#8 parser now handle DSA keys. + +*** Change from GPLv2 to GPLv3 for command-line tools, libgnutls-extra, etc. +Notice that liblzo2 2.02 is licensed under GPLv2 only. Earlier +versions, such as 2.01 which is included with GnuTLS, is available +under GPLv2 or later. If this incompatibility causes problems, we +recommend you to disable LZO using --without-lzo. LZO compression is +not a standard TLS compression algorithm, so the impact should be +minimal. + +*** Functions for disabling record protocol padding. +Works around bugs on Nokia/Ericsson phones. + +*** New functions gnutls_priority_set() for setting cipher priorities easily. +Priorities like "COMPAT" also enables other work arounds, such as +disabling padding. + +*** Other minor improvements and bug fixes. + +** Backwards incompatible API/ABI changes in GnuTLS 2.2 +To adapt to changes in the TLS extension specifications for OpenPGP +and SRP, the GnuTLS API had to be modified. This means breaking the +API and ABI backwards compatibility. That is something we try to +avoid unless it is necessary. We decided to also remove the already +deprecated stub functions for X.509 to XML conversion and TLS +authorization (see below) when we had the opportunity. + +Generally, most applications does not need to be modified. Just +re-compile them against the latest GnuTLS release, and it should work +fine. + +Applications that use the OpenPGP or SRP features needs to be +modified. Below is a list of the modified APIs and discussion of what +the minimal things you need to modify in your application to make it +work with GnuTLS 2.2. + +Note that GnuTLS 2.2 also introduces new APIs -- such as +gnutls_set_priority() that is superior to +gnutls_set_default_priority() -- that you may want to start using. +However, using those new APIs is not required to use GnuTLS 2.2 since +the old functions continue are still supported. This text only +discuss what you minimally have to modify. + +*** XML related changes +The function `gnutls_x509_crt_to_xml' has been removed. It has been +deprecated and only returned an error code since GnuTLS version +1.2.11. Nobody has complained, so users doesn't seem to miss the +functionality. We don't know of any other library to convert X.509 +certificates into XML format, but we decided (long ago) that GnuTLS +isn't the right place for this kind of functionality. If you want +help to find some other library to use here, please explain and +discuss your use case on help-gnutls@gnu.org. + +*** TLS Authorization related changes +Everything related to TLS authorizations have been removed, they were +only stub functions that returned an error code: + + GNUTLS_SUPPLEMENTAL_AUTHZ_DATA + gnutls_authz_data_format_type_t + gnutls_authz_recv_callback_func + gnutls_authz_send_callback_func + gnutls_authz_enable + gnutls_authz_send_x509_attr_cert + gnutls_authz_send_saml_assertion + gnutls_authz_send_x509_attr_cert_url + gnutls_authz_send_saml_assertion_url + +*** SRP related changes +The callback gnutls_srp_client_credentials_function has a new +prototype, and its semantic has changed. You need to rewrite the +callback, see the updated function documentation and SRP example code +(doc/examples/ex-client-srp.c and doc/examples/ex-serv-srp.c) for more +information. + +The alert codes GNUTLS_A_MISSING_SRP_USERNAME and +GNUTLS_A_UNKNOWN_SRP_USERNAME are no longer used by the SRP +specification, instead the GNUTLS_A_UNKNOWN_PSK_IDENTITY alert is +used. There are #define's to map the old names to the new. You may +run into problems if you have a switch-case with cases for both SRP +alerts, since they are now mapped to the same value. The solution is +to drop the SRP alerts from such switch cases, as they are now +deprecated in favor of GNUTLS_A_UNKNOWN_PSK_IDENTITY. + +*** OpenPGP related changes +The function `gnutls_certificate_set_openpgp_keyserver' have been +removed. There is no replacement functionality inside GnuTLS. If you +need keyserver functionality, consider using the GnuPG tools. + +All functions, types, and error codes related to OpenPGP trustdb +format have been removed. The trustdb format is a non-standard +GnuPG-specific format, and we recommend you to use key rings instead. +The following have been removed: + + gnutls_certificate_set_openpgp_trustdb + gnutls_openpgp_trustdb_init + gnutls_openpgp_trustdb_deinit + gnutls_openpgp_trustdb_import + gnutls_openpgp_key_verify_trustdb + gnutls_openpgp_trustdb_t + GNUTLS_E_OPENPGP_TRUSTDB_VERSION_UNSUPPORTED + +The following functions has an added parameter of the (new) type +`gnutls_openpgp_crt_fmt_t'. The type specify the format of the data +(binary or base64). The functions are: + gnutls_certificate_set_openpgp_key_file + gnutls_certificate_set_openpgp_key_mem + gnutls_certificate_set_openpgp_keyring_mem + gnutls_certificate_set_openpgp_keyring_file + +To improve terminology and align with the X.509 interface, some +functions have been renamed. Compatibility mappings exists. The old +and new names of the affected functions and types are: + + Old name New name + gnutls_openpgp_key_t gnutls_openpgp_crt_t + gnutls_openpgp_key_fmt_t gnutls_openpgp_crt_fmt_t + gnutls_openpgp_key_status_t gnutls_openpgp_crt_status_t + GNUTLS_OPENPGP_KEY GNUTLS_OPENPGP_CERT + GNUTLS_OPENPGP_KEY_FINGERPRINT GNUTLS_OPENPGP_CERT_FINGERPRINT + gnutls_openpgp_key_init gnutls_openpgp_crt_init + gnutls_openpgp_key_deinit gnutls_openpgp_crt_deinit + gnutls_openpgp_key_import gnutls_openpgp_crt_import + gnutls_openpgp_key_export gnutls_openpgp_crt_export + gnutls_openpgp_key_get_key_usage gnutls_openpgp_crt_get_key_usage + gnutls_openpgp_key_get_fingerprint gnutls_openpgp_crt_get_fingerprint + gnutls_openpgp_key_get_pk_algorithm gnutls_openpgp_crt_get_pk_algorithm + gnutls_openpgp_key_get_name gnutls_openpgp_crt_get_name + gnutls_openpgp_key_get_version gnutls_openpgp_crt_get_version + gnutls_openpgp_key_get_creation_time gnutls_openpgp_crt_get_creation_time + gnutls_openpgp_key_get_expiration_time gnutls_openpgp_crt_get_expiration_time + gnutls_openpgp_key_get_id gnutls_openpgp_crt_get_id + gnutls_openpgp_key_check_hostname gnutls_openpgp_crt_check_hostname + gnutls_openpgp_send_key gnutls_openpgp_send_cert + +** API and ABI modifications: +No changes since last version. + +* Version 2.1.8 (released 2007-12-10) + +** The GPL version has been changed from version 2 to version 3. +This affects the self-tests, command-line tools, the libgnutls-extra +library, the relevant guile parts, and the build environment. + +** Added gnutls_x509_crt_get_subject_alt_name2(). + +** Corrected a segfault when setting an empty gnutls_priority_t +at gnutls_priority_set(). + +** Use gettext 0.17 which updates m4/lib-*.m4 macros. +Fixes a problem with spurious -L/usr/lib additions. + +** API and ABI modifications: +gnutls_x509_crt_get_subject_alt_name2: ADD. + +* Version 2.1.7 (released 2007-11-29) + +** PKCS #8 parser can now encode/decode DSA keys. + +** Updated gnutls_set_default_priority2() now renamed to +gnutls_priority_set() and gnutls_priority_set_direct() which +accept a string to indicate preferences of ciphersuite parameters. + +** gnutls-cli and gnutls-serv now have a --priority option to set +the priority string. + +** The gnutls_*_convert_priority() functions were deprecated by +the gnutls_priority_set() and gnutls_priority_set_direct(). + +** Internal copy of OpenCDK upgraded to version 0.6.6. + +** API and ABI modifications: +gnutls_priority_init: ADD. +gnutls_priority_deinit: ADD. +gnutls_priority_set: ADD. +gnutls_priority_set_direct: ADD. +gnutls_set_default_priority2: RENAMED to gnutls_priority_set_direct() +gnutls_mac_convert_priority: REMOVED +gnutls_compression_convert_priority: REMOVED +gnutls_protocol_convert_priority: REMOVED +gnutls_kx_convert_priority: REMOVED +gnutls_cipher_convert_priority: REMOVED +gnutls_certificate_type_convert_priority: REMOVED +gnutls_set_default_priority: UNDEPRECATED +gnutls_set_default_priority_export: UNDEPRECATED + +** Undocumented API and ABI modifications earlier in the 2.1.x series: +GNUTLS_CIPHER_UNKNOWN: ADD. +GNUTLS_CIPHER_CAMELLIA_128_CBC: ADD. +GNUTLS_CIPHER_CAMELLIA_256_CBC: ADD. +GNUTLS_KX_UNKNOWN: ADD. +GNUTLS_COMP_UNKNOWN: ADD. +GNUTLS_CRT_UNKNOWN: ADD. +gnutls_mac_get_id: ADD. +gnutls_compression_get_id: ADD. +gnutls_cipher_get_id: ADD. +gnutls_kx_get_id: ADD. +gnutls_protocol_get_id: ADD. +gnutls_certificate_type_get_id: ADD. +gnutls_handshake_post_client_hello_func: ADD. +gnutls_certificate_send_x509_rdn_sequence: ADD prototype to gnutls.h.in. + +* Version 2.1.6 (released 2007-11-15) + +** Corrected bug in decompression of expanded compression data. + +** Added the --to-p8 option to certtool to convert private keys +to PKCS #8 keys. + +** Introduced the GNUTLS_E_BASE64_UNEXPECTED_HEADER_ERROR error code. + +** gnutls_certificate_set_x509_key_* can now read PKCS #8 unencrypted +private keys. + +** Fixed GNUTLS_E_UNKNOWN_ALGORITHM vs GNUTLS_E_UNKNOWN_HASH_ALGORITHM. +During the 2.1.x series the GNUTLS_E_UNKNOWN_HASH_ALGORITHM error code +was renamed to GNUTLS_E_UNKNOWN_ALGORITHM, unfortunately without being +documented. This caused some problems (e.g., debian #450854). To +avoid backwards compatibility problems, this release revert this +change, so that GNUTLS_E_UNKNOWN_HASH_ALGORITHM works just like it has +done in GnuTLS 2.0.x and earlier, and add a new error code +GNUTLS_E_UNKNOWN_ALGORITHM. + +** Fixes several gtk-doc warnings. + +** API and ABI modifications: +GNUTLS_E_UNKNOWN_ALGORITHM: CHANGED. +GNUTLS_E_UNKNOWN_HASH_ALGORITHM: CHANGED. +GNUTLS_E_BASE64_UNEXPECTED_HEADER_ERROR: ADD. + +* Version 2.1.5 (released 2007-11-01) + +** Fix PKCS#3 parameter export problem. + +** Improve certtool queries, they now print the default value. + +** Fix ABI version. + +** Update gnulib files. + +** API and ABI modifications: +No changes since last version. + +* Version 2.1.4 (released 2007-10-27) + +** Added the --v1 option to certtool, to allow generating X.509 +version 1 certificates. + +** certtool: Add option --disable-quick-random to enable the old behaviour +of using /dev/random to generate keys. + +** Added priority functions that accept strings. + +** Added gnutls_set_default_priority2() which accepts a flag to indicate +priorities preferences. + +** Added gnutls_record_disable_padding() to allow servers talking to +buggy clients that complain if the TLS 1.0 record protocol padding is +used. + +** Introduced gnutls_session_enable_compatibility_mode() to allow enabling +all supported compatibility options (like disabling padding). + +** The gnutls_certificate_set_openpgp_* functions were modified to include +the format. This makes the interface consistent with the x509 functions. + +** Internal copy of OpenCDK upgraded to version 0.6.5. + +** Update gnulib files. + +** API and ABI modifications: +gnutls_certificate_set_openpgp_key_mem: MODIFIED +gnutls_certificate_set_openpgp_key_file: MODIFIED +gnutls_certificate_set_openpgp_keyring_mem: MODIFIED +gnutls_certificate_set_openpgp_keyring_file: MODIFIED +gnutls_set_default_priority: DEPRECATED +gnutls_set_default_priority_export: DEPRECATED +gnutls_set_default_priority2: ADDED +gnutls_session_enable_compatibility_mode: ADDED +gnutls_record_disable_padding: ADDED +gnutls_mac_convert_priority: ADDED +gnutls_compression_convert_priority: ADDED +gnutls_protocol_convert_priority: ADDED +gnutls_kx_convert_priority: ADDED +gnutls_cipher_convert_priority: ADDED +gnutls_certificate_type_convert_priority: ADDED +gnutls_openpgp_key_t: RENAMED to gnutls_openpgp_crt_t +gnutls_openpgp_key_status_t: RENAMED to gnutls_openpgp_crt_status_t +gnutls_openpgp_send_key: RENAMED to gnutls_openpgp_send_cert +gnutls_openpgp_key_init: RENAMED to gnutls_openpgp_crt_init +gnutls_openpgp_key_import: RENAMED to gnutls_openpgp_crt_import +gnutls_openpgp_key_export: RENAMED to gnutls_openpgp_crt_export +gnutls_openpgp_key_check_hostname: RENAMED to gnutls_openpgp_crt_check_hostname +gnutls_openpgp_key_get_creation_time: RENAMED to gnutls_openpgp_crt_get_creation_time +gnutls_openpgp_key_get_expiration_time: RENAMED to gnutls_openpgp_crt_get_expiration_time +gnutls_openpgp_key_get_fingerprint: RENAMED to gnutls_openpgp_crt_get_fingerprint +gnutls_openpgp_key_get_version: RENAMED to gnutls_openpgp_crt_get_version +gnutls_openpgp_key_get_pk_algorithm: RENAMED to gnutls_openpgp_crt_get_pk_algorithm +gnutls_openpgp_key_get_name: RENAMED to gnutls_openpgp_crt_get_name +gnutls_openpgp_key_deinit: RENAMED to gnutls_openpgp_crt_deinit +gnutls_openpgp_key_get_id: RENAMED to gnutls_openpgp_crt_get_id +gnutls_openpgp_key_get_key_usage: RENAMED to gnutls_openpgp_crt_get_key_usage +gnutls_openpgp_key_verify_ring: RENAMED to gnutls_openpgp_crt_verify_ring +gnutls_openpgp_key_verify_self: RENAMED to gnutls_openpgp_crt_verify_self + +* Version 2.1.3 (released 2007-10-17) + +** TLS authorization support removed. +This technique may be patented in the future, and it is not of crucial +importance for the Internet community. After deliberation we have +concluded that the best thing we can do in this situation is to +encourage society not to adopt this technique. We have decided to +lead the way with our own actions. + +** Re-enabled the 256 bit ciphers in the default priorities. + +** Corrected bugs in openpgp key verification using a keyring (both in +gnutls and opencdk) + +** API and ABI modifications: +gnutls_certificate_set_openpgp_keyserver: REMOVED +gnutls_authz_data_format_type_t, +gnutls_authz_recv_callback_func, +gnutls_authz_send_callback_func, +gnutls_authz_enable, +gnutls_authz_send_x509_attr_cert, +gnutls_authz_send_saml_assertion, +gnutls_authz_send_x509_attr_cert_url, +gnutls_authz_send_saml_assertion_url: REMOVED. +GNUTLS_SUPPLEMENTAL_USER_MAPPING_DATA: ADDED. To avoid that the + gnutls_supplemental_data_format_type_t enum type becomes empty. + +* Version 2.1.2 (released 2007-10-14) + +** Removed all the trustdb code from openpgp authentication. +We now use only the well-specified keyrings. + +** The 256 bit ciphers are not enabled in the default priorities. + +** Added support for DSA2 using libgcrypt 1.3.0. + +** certtool: Fixed data corruption when using --outder. + +** Removed all the xml related stubs and functions. + +** Added capability to set a callback after the client hello is received +by the server in order to adjust parameters before the handshake. + +** SRP was corrected to adhere to the latest draft (published soon as RFC) + +** Corrected bug which did not allow a server to run without supporting +certificates. + +** Updated the DN parser which now prints wrongly decoded values as hex +strings. + +** certtool: Add option --quick-random. +For generating low security test credentials. + +** API and ABI modifications: +gnutls_x509_crt_to_xml: REMOVED +gnutls_openpgp_key_to_xml: REMOVED +gnutls_openpgp_key_verify_trustdb: REMOVED +gnutls_openpgp_trustdb_init: REMOVED +gnutls_openpgp_trustdb_deinit: REMOVED +gnutls_openpgp_trustdb_import: REMOVED +gnutls_certificate_set_openpgp_trustdb: REMOVED +gnutls_srp_client_credentials_function: CHANGED +gnutls_handshake_set_post_client_hello_function: ADDED +gnutls_mac_get_key_size: ADDED +GNUTLS_E_OPENPGP_TRUSTDB_VERSION_UNSUPPORTED: DEPRECATED. +GNUTLS_A_MISSING_SRP_USERNAME: DEPRECATED +GNUTLS_A_UNKNOWN_SRP_USERNAME: DEPRECATED + +* Version 2.1.1 (released 2007-09-24) + +** Added support for Camellia cipher, thanks to Yoshisato YANAGISAWA. +Camellia is only enabled in GnuTLS if the installed libgcrypt has been +compiled with Camellia support. See the libgcrypt documentation on +how to enable it. Unconditionally disable it using the configure +option --disable-camellia. Fixes #1. + +** Properly document in the NEWS file the API change in the last release. + +** API and ABI modifications: +No changes since last version. + +* Version 2.1.0 (released 2007-09-20) + +** Support for draft-rescorla-tls-opaque-prf-input-00.txt. +The support is disabled by default. Since no value has been allocated +by the IANA for this extension yet, you will need to provide one +yourself by invoking './configure --enable-opaque-prf-input=42'. +Fixes #2. + +** Example code: Fix compilation flaw under MinGW. + +** API and ABI modifications: +gnutls_oprfi_callback_func: ADD, new typedef function prototype. +gnutls_oprfi_enable_client: ADD, new function. +gnutls_oprfi_enable_server: ADD, new function. + +* Version 2.0.4 (released 2007-11-16) + +** Corrected bug in decompression of expanded compression data. + +** API and ABI modifications: +No changes since last version. + +* Version 2.0.3 (released 2007-11-10) + +** This version backports several fixes from the 2.1.x branch. + +** Fixed PKCS #3 parameter export. + +** Added gnutls_record_disable_padding() to allow servers talking to +buggy clients that complain if the TLS 1.0 record protocol padding is +used. + +** Introduced gnutls_session_enable_compatibility_mode() to allow enabling +all supported compatibility options (like disabling padding). + +** Corrected bug which did not allow a server to run without supporting +certificates. + +** API and ABI modifications: +gnutls_session_enable_compatibility_mode: ADDED +gnutls_record_disable_padding: ADDED + +* Version 2.0.2 (released 2007-10-17) + +** TLS authorization support removed. +This technique may be patented in the future, and it is not of crucial +importance for the Internet community. After deliberation we have +concluded that the best thing we can do in this situation is to +encourage society not to adopt this technique. We have decided to +lead the way with our own actions. + +** certtool: Fixed data corruption when using --outder. + +** Fix configure-time Guile detection. + +** API and ABI modifications: +GNUTLS_SUPPLEMENTAL_USER_MAPPING_DATA: ADDED. To avoid that the + gnutls_supplemental_data_format_type_t enum type becomes empty. + +* Version 2.0.1 (released 2007-09-20) + +** New directory doc/credentials/ with test credentials. +This collects the test credentials from the web page and from src/. +The script gnutls-http-serv has also been moved to that directory. + +** Update SRP extension type and cipher suite with official IANA values. +This breaks backwards compatibility with SRP in older versions of +GnuTLS, but this is intentional to speed up the adoption of the +official values. The old values we used were incorrect. + +** Guile: Fix `x509-certificate-dn-oid' + +** API and ABI modifications: +No changes since last version. + +* Version 2.0.0 (released 2007-09-04) + +** Included copy of Libtasn1 upgraded to version 1.1. + +** Disable building of some examples if anonymous ciphers are disabled. + +** Don't build examples for disabled features. + +** API and ABI modifications: +No changes since last version. + +* Version 1.7.19 (released 2007-08-27) + +** Fix gnutls_error_is_fatal so that positive "errors" are non-critical. +This solves connection problems in mutt, see +. + +** Update gnulib files. +In particular, the getpass module -- with its dependencies on getline, +getdelim, fseeko etc -- where moved from the lgl/ (used by the core +library) directory to the gl/ directory (only used by the command line +tools). The reason is that getpass is now only used by the +command-line tools, and reducing the number of gnulib modules linked +to the core library helps portability and reduces size. + +** Fix warnings. + +** Disable building of PGP examples if PGP is disabled. + +** Included copy of OpenCDK upgraded to version 0.6.4. + +** API and ABI modifications: +No changes since last version. + +* Version 1.7.18 (released 2007-08-16) + +** Install images for the info manual. +This has a side effect of renaming the images. See + for +discussions on the approach chosen. + +** Fix pointer mix to variables of different size. +Patch extracted from +. + +** Fix warnings during build. +Thanks to Andreas Metzler . + +** API and ABI modifications: +No changes since last version. + +* Version 1.7.17 (released 2007-08-15) + +** New functions to perform external signing. +Set the signing callback function (of the gnutls_sign_func prototype) +using the gnutls_sign_callback_set function. In the callback, you may +find the new functions gnutls_x509_privkey_sign_hash and +gnutls_openpgp_privkey_sign_hash useful. A new function +gnutls_sign_callback_get is also added, to retrieve the function +pointer. Thanks to "Alon Bar-Lev" for +comments and testing. + +** New self test of client and server authenticated X.509 TLS sessions. +See tests/x509self.c and tests/x509signself.c. The latter also tests +the new external signing callback interface. + +** New errors GNUTLS_E_APPLICATION_ERROR_MIN..GNUTLS_E_APPLICATION_ERROR_MAX. +These two actually describe the outer limits of a range of error codes +reserved to the application. All of the errors are treated as fatal +by the library (it has to since it doesn't know the semantics of the +error codes). This can be useful in callbacks, to signal some +application-specific error condition, which will usually eventually +cause some gnutls API to return the same error code as the callback, +which then can be inspected by the application. Note that error codes +are negative. + +** gnutls_set_default_priority now disable TLS 1.2 by default. +The RFC is not released yet, and we're approaching a major release so +let's not enable it just yet. + +** Fix namespace so that gnutls_*_t is used consistently. +Before, many places in the GnuTLS code used the old deprecated type +names without the '_t' suffix. + +** Build fixes for Guile code. +Patch from Ludovic Courtes . + +** More documentation fixes. +In particular, the section headings were modified for casing. By +Ludovic Courtes . + +** Updated Polish and Swedish translations. +Thanks to Jakub Bogusz and Daniel Nylander +. + +** API and ABI modifications: +gnutls_sign_func: ADD, new type for sign callback. +gnutls_sign_callback_set: ADD, new function to set sign callback. +gnutls_sign_callback_get: ADD, new function to retrieve sign callback. +gnutls_x509_privkey_sign_hash, +gnutls_openpgp_privkey_sign_hash: ADD, new functions useful in sign callback. +GNUTLS_E_APPLICATION_ERROR_MIN, +GNUTLS_E_APPLICATION_ERROR_MAX: ADD, new CPP #defines for error codes. + +* Version 1.7.16 (released 2007-08-07) + +** Fix sanity checks and return values in certificate selection. +In some cases, GnuTLS omitted to report suitable error codes when no +suitable certificate was found. + +** Fix gnutls-cli starttls EOF on Mac OS X. +Thanks to Hal Eden . + +** Documentation fixes. +In particular, the section headings were modified for casing. By +Ludovic Courtes . + +** Update gnulib files. + +** API and ABI modifications: +No changes since last version. + +* Version 1.7.15 (released 2007-07-02) + +** Fix self-tests key-id under mingw32. + +** Test that the Guile header files are recent enough to work. +Before we just tested that the command line tool 'guile' was recent +enough, which may not be sufficient if you still have an old +libguile.h header installed. + +** Guile bindings are now installed under $prefix by default. +Use --without-guile-site-dir to install it under $pkgdatadir/site/ +where $pkgdatadir is as returned by "guile-config info pkgdatadir". +Use --with-guile-site-dir=/your/own/path to specify the path manually. +The default, --with-guile-site-dir, will install the Guile bindings +under $datadir/guile/site. There is a new section 'Guile +Preparations' in the manual that discuss these issues. + +** Fix run-time library path ordering in linking the Guile bindings. + +** Improved manual on downloading, installing, getting help, bug reports etc. +Suggested by Ludovic Courtès . + +** Add Malay message translations. +Thanks to Sharuzzaman Ahmat Raslan . + +** API and ABI modifications: +No changes since last version. + +* Version 1.7.14 (released 2007-06-26) + +** Don't enable Guile bindings unless we have Guile 1.8 or later. +Patch from Ludovic Courtès . + +** Fix memory leak during DSA signature verification. +Patch from Ludovic Courtès . + +** Fix crash in gnutls-cli when TLS handshake fails. +Reported by Marc Haber and Andreas +Metzler via Debian BTS #429183, see +. + +** Minor OpenPGP fixes in stream_to_datum. +Patch from Timo Schulz and Ludovic Courtès +. + +** Fix off-by-one in TLS 1.2 handshake. +Patch from Ludovic Courtès . + +** Minor Guile binding self-test cleanup. +Patch from Ludovic Courtès . + +** Update gnulib files. + +** API and ABI modifications: +No changes since last version. + +* Version 1.7.13 (released 2007-06-11) + +** OpenCDK copy updated to version 0.6.3. + +** Build fixes for GnuTLS Guile bindings. +Patch from Ludovic Courtès . + +** Build fix for GTK-DOC manual. + +** Update gnulib files. + +** API and ABI modifications: +No changes since last version. + +* Version 1.7.12 (released 2007-06-08) + +** Guile bindings for GnuTLS have been included. +Contributed by Ludovic Courtès . There is a +new chapter 'Guile Bindings' in the manual. + +** Have PKCS8 parser return better error codes. +Reported by Nate Nielsen , see + and +. + +** Fix mem leak for sessions with client authentication via certificates. +Reported by Andrew W. Nosenko , see +. + +** Fix mem leaks. +Reported by Dennis Vshivkov , see +. Added +self-test tests/parse_ca.c to test regressions. + +** Fix build failures related to missing images in manual. +Reported by Andreas Metzler . + +** Update gnulib files. + +** API and ABI modifications: +No changes since last version. + +* Version 1.7.11 (released 2007-05-26) + +** Include opencdk.h in the release. +Reported by Roman Bogorodskiy . + +** API and ABI modifications: +No changes since last version. + +* Version 1.7.10 (released 2007-05-25) + +** New API functions to extract DER encoded X.509 Subject/Issuer DN. +Suggested by Nate Nielsen . + +** Update of gnulib files. + +** GnuTLS is now developed in GIT instead of CVS. +See for a public repository. + +** API and ABI modifications: +gnutls_x509_crt_get_raw_issuer_dn: ADD. +gnutls_x509_crt_get_raw_dn: ADD. + +* Version 1.7.9 (released 2007-05-12) + +** X.509 certificates are preferred over OpenPGP keys. +This is a change in the semantics of gnutls_set_default_priority. + +** The included copy of OpenCDK has been updated to 0.6.1. +There has been some API changes in OpenCDK, and the GnuTLS layer have +been modified as well. Note that while there are API/ABI incompatible +changes in OpenCDK, this does not influence GnuTLS's API/ABI because +its API/ABI have not changed. From this version on, GnuTLS requires +OpenCDK 0.6.0 or later. + +** Fix build failure caused by missing doc/gnutls-logo.pdf. + +** Change certtool's default serial number from 0 to a time-based value. + +** Fix X.509 signing with RSA-PKCS#1 to set a NULL parameters fields. +Before, we remove the parameters field, which resulted in a slightly +different DER encoding which in turn caused signature verification +failures of GnuTLS-generated RSA certificates in some other +implementations (e.g., GnuPG 2.x's gpgsm). Depending on which RFCs +you read, this may or may not be correct, but our new behaviour appear +to be consistent with other widely used implementations. + +** Fix mem leaks in gnutls_x509_crt_print. + +** API and ABI modifications: +No changes since last version. + +* Version 1.7.8 (released 2007-04-16) + +** Added examples for the authorization extension. +See doc/examples/ex-client-authz.c and doc/examples/ex-serv-authz.c. + +** The examples only use gnutls_set_default_priority(). +The exception is when DH_ANON is needed. + +** Improve gnutls_set_default_priority() priorities. +The new approach is for it to try and negotiate all secure and +standard mechanisms available. Currently, DH_ANON ciphersuites and +LZO compressions are not enabled by default, because they are, +respectively, insecure and non-standardized. Note that TLS 1.2 will +not be enabled by default in non-experimental release until it has +been approved by the IETF. + +** gnutls-cli and gnutls-serv now uses the library's default priorities. +This means that to get DH_ANON and LZO compression, you'll need to +specify that manually using '--kx anon' or '--comp lzo'. + +** Minor fixes to the human display format of X.509 certificates. + +** New APIs to extract Distinguished Name's from X.509 certificates. +Based on patch from Howard Chu . + +** Improved library searching for opencdk. +It will now add the appropriate -R or -Wl,-rpath flags as necessary. +The deprecated opencdk.m4 is no longer used. + +** New APIs to list supported algorithms in the library. +The APIs are gnutls_cipher_list, gnutls_mac_list, +gnutls_compression_list, gnutls_protocol_list, +gnutls_certificate_type_list, gnutls_kx_list, and +gnutls_cipher_suite_info. Suggested by Howard Chu . + +** The gnutls_x509_crt_get_key_id API now handle non-RSA/DSA keys. + +** New configure option --disable-tls-authorization to disable tls-authz. + +** Fix prototype for `gnutls_psk_set_client_credentials'. +The last parameter was renamed from 'flags' to 'format' and the type +changed from 'unsigned int' to 'gnutls_psk_key_flags' (an enum type), +which shouldn't cause any ABI changes. Reported by ludo@chbouib.org +(Ludovic Courtès). + +** Fix allocation in gnutls_certificate_set_openpgp_key. +Tiny patch from ludo@chbouib.org (Ludovic Courtès). + +** API and ABI modifications: +gnutls_x509_dn_t: ADD. +gnutls_x509_ava_st: ADD. +gnutls_x509_crt_get_subject, +gnutls_x509_crt_get_issuer: ADD. +gnutls_x509_dn_get_rdn_ava: ADD. +gnutls_cipher_list: ADD. +gnutls_mac_list: ADD. +gnutls_compression_list: ADD. +gnutls_protocol_list: ADD. +gnutls_certificate_type_list: ADD. +gnutls_kx_list: ADD. +gnutls_cipher_suite_info: ADD. + +* Version 1.7.7 (released 2007-02-22) + +** Support for supplemental handshake messages and authorization data. +Supplemental data is described in RFC 4680 and the authorization +extensions in draft-housley-tls-authz-extns-07. + +** Support for authorization data in gnutls-cli and gnutls-serv. +New parameters --authz-x509-attr-cert and --authz-saml-assertion. + +** Fix for gnutls_x509_crt_check_hostname. +Before it would have reported that the certificate matched a hostname +when it did not have any dNSName or any CN field. Report and tiny +patch from "Richard W.M. Jones" . + +** New self test for RFC 2818 comparison in gnutls_x509_crt_check_hostname. +Tests regressions of the bug, and several other features. + +** GnuTLS now matches URI's with IP Addresses against iPAddress SAN's. +Before there were no support for iPAddress SAN's during comparison. + +** New API to print information about CRL's. +The function is gnutls_x509_crl_print. + +** New API to extract signature value from CRL's. +The function is gnutls_x509_crl_get_signature. + +** Support for directoryName Subject Alternative Name's. +The gnutls_x509_crt_get_subject_alt_name function returns the DN as a +string in the provided buffer. + +** Internal improvements to certtool. +It uses gnutls_x509_crl_print to print CRL information. It uses some +more gnulib modules to simplify error handling. + +** API and ABI modifications: +GNUTLS_HANDSHAKE_SUPPLEMENTAL: ADD, new gnutls_handshake_description_t element. +gnutls_supplemental_data_format_type_t: ADD. +gnutls_authz_data_format_type_t: ADD. +gnutls_supplemental_get_name: ADD. +gnutls_authz_recv_callback_func, +gnutls_authz_send_callback_func: ADD, callback prototypes. +gnutls_authz_enable: ADD. +gnutls_authz_send_x509_attr_cert, +gnutls_authz_send_saml_assertion, +gnutls_authz_send_x509_attr_cert_url, +gnutls_authz_send_saml_assertion_url: ADD. +GNUTLS_SAN_DN: ADD, new gnutls_x509_subject_alt_name_t element. +gnutls_x509_crl_print: ADD. +gnutls_x509_crl_get_signature: ADD. + +* Version 1.7.6 (released 2007-02-12) + +** Support for 'otherName' Subject Alternative Names. +The existing API gnutls_x509_crt_get_subject_alt_name may now return +the new type GNUTLS_SAN_OTHERNAME together with the otherName value. +To find out the otherName OID (necessary for proper parsing of the +value), use the new API gnutls_x509_crt_get_subject_alt_othername_oid. +For known OIDs, gnutls_x509_crt_get_subject_alt_othername_oid will +return "virtual" SAN values, e.g., GNUTLS_SAN_OTHERNAME_XMPP to +simplify OID matching. Suggested by Matthias Wimmer . + +** Certtool can print otherName SAN values for certificates. +For known otherName OIDs (currently only id-on-xmppAddr as defined by +RFC 3920), it will also print the name. + +** Fix TLS 1.2 RSA signing in servers. +Before it used the old-style MD5+SHA1 signature, but the TLS +signatures should be normal PKCS#1 signatures. FYI, we use and +require that DigestInfo parameters are present and NULL for TLS 1.2. + +** Add APIs to access X.509 extensions sequentially. +The existing APIs gnutls_x509_crt_get_extension_oid() and +gnutls_x509_crt_get_extension_by_oid() does not permit callers to +inspect the extensions in the order defined by the certificate. + +** Add API to extract signature value from X.509 certificates. +The function is gnutls_x509_crt_get_signature. + +** Fix crash when generating proxy certificates in batch mode. +If you don't specify a proxy policy in batch mode, it will use +id-ppl-inheritALL. + +** Add API to print information about X.509 certificates. +The function is gnutls_x509_crt_print. + +** Certtool uses the new API gnutls_x509_crt_print to print certificate info. +One consequence of this is that the output syntax has changed +slightly. Some more fields are printed. + +** Doc fixes. + +** API and ABI modifications: +gnutls_x509_crt_print: ADD +gnutls_certificate_print_formats_t: ADD, new enum. +gnutls_x509_crt_get_signature: ADD. +gnutls_x509_crt_get_extension_data: ADD. +gnutls_x509_crt_get_extension_info: ADD. +gnutls_x509_crt_get_subject_alt_othername_oid: ADD. +GNUTLS_SAN_OTHERNAME: ADD, new gnutls_x509_subject_alt_name_t element. +GNUTLS_SAN_OTHERNAME_XMPP: ADD, new gnutls_x509_subject_alt_name_t element. + +* Version 1.7.5 (released 2007-02-06) + +** Servers won't negotiate SRP RSA/DSS cipher suites if no SRP credential +** is set. + +** Default behaviour for the gnutls-cli and gnutls-serv tools improved. + +** Fix --list output for gnutls-cli and gnutls-serv. +Mention TLS1.2, SHA512 etc. + +** Manual contains new section on setting up a test HTTP server. +A server set up following those descriptions are available online via +. + +** Update of gnulib files. + +** API and ABI modifications: +No changes since last version. + +* Version 1.7.4 (released 2007-02-05) + +** Support for RSA signing using SHA-256/384/512. +A new self test "sha2" tries to build a long X.509 certificate chain +testing all new hashes. + +** The gnutls-serv tool now use static DH parameters if none are supplied. + +** Discuss proxy certificates in the manual. + +** Improve bibliographical citations in the manual. + +** Update of gnulib files. + +** Fix certtool template handling of pathLenConstraints. +It now defaults to -1 instead of 0, which causes the field to be +missing unless the template specify it. + +** API and ABI modifications: +GNUTLS_MAC_SHA256, +GNUTLS_MAC_SHA384, +GNUTLS_MAC_SHA512: New gnutls_mac_algorithm_t values. +GNUTLS_DIG_SHA256, +GNUTLS_DIG_SHA384, +GNUTLS_DIG_SHA512: New gnutls_digest_algorithm_t values. +GNUTLS_SIGN_RSA_SHA256, +GNUTLS_SIGN_RSA_SHA384, +GNUTLS_SIGN_RSA_SHA512: New gnutls_sign_algorithm_t values. + +* Version 1.7.3 (released 2007-02-01) + +** New option to certtool: --generate-proxy. +This will generate a Proxy Certificate from an end entity certificate. +Proxy Certificates are documented in RFC 3820. You will need to +specify the proxy certificate's private key with --load-privkey, the +user certificate with --load-certificate and the private key used to +sign the new proxy certificate with --load-ca-privkey. Certtool will +query for proxy path length and the policy language OID. Currently +only OIDs that have an empty policy are supported (which includes the +two OIDs defined by RFC 3820). + +** Certtool --certificate-info now prints information for Proxy Certificates. +Before the proxy extension was just printed as DER encoded data. + +** New APIs to set proxy subject names and get/set proxy cert extension. + +** Fix parsing of pathLenConstraints in BasicConstraints with missing cA. + +** Added self-test to test for regressions of pathLenConstraint bug. +Incidentally, this also test (some) other regressions or changes in +the output from certtool --certificate-info. + +** When certtool generates CA certificates, pressing enter on the path +** length constraint query will now remove the field. +Before it set the path length constraint to 0, which is a rather poor +default. + +** Certtool now print times in UTC when printing certificate/CRL info. + +** Add better fix to work around C++ compiler bug on Mac OS X. +Reported and tiny patch provided by Matthias Scheler . + +** Fix import of ASCII armored OpenPGP keys. +Patch by ludovic.courtes@laas.fr (Ludovic Courtès). + +** Update of gnulib files. + +** API and ABI modifications: +gnutls_x509_crt_set_proxy_dn: ADD. +gnutls_x509_crt_set_proxy: ADD. +gnutls_x509_crt_get_proxy: ADD. + +* Version 1.7.2 (released 2007-01-14) + +** Certtool now print the value of the pathLenConstraints field for certs. + +** Certtool now query for path length constraints when generating CA certs. +For batch uses, the certtool configuration name is "path_len". +Suggested by Sascha Ziemann . + +** Add new API to get/set pathLenConstraint in the Basic Constraints. +The new functions gnutls_x509_crt_get_basic_constraints and +gnutls_x509_crt_set_basic_constraints provide a superset of the +functionality in the old gnutls_x509_crt_get_ca_status and +gnutls_x509_crt_set_ca_status (respectively), but the old functions +will continue to be supported. + +** Add new API in OpenCDK to extract public/secret OpenPGP key to S-expr. +The functions are cdk_pubkey_to_sexp and cdk_seckey_to_sexp. A proper +OpenCDK release with this patch will be made soon, which should bump +the OpenCDK version number. Patch by Mario Lenz . + +** Certtool --to-p12 can now store more than one certificate in the blob. +Before it could only store one certificate, but now it will read and +store as many certificate there are from the --load-certificate file. +Suggested by Sascha Ziemann . + +** Clean up separation of gnutls and gnutls-extra for OpenPGP. +In particular, the OpenPGP function variables are no longer part of +the exported libgnutls interface, and no header files from +libgnutls-extra (GPL) are needed by libgnutls (LGPL). The variables +were never intended for non-internal purposes, and thus this does not +imply a change in the external API/ABI. + +** Print URL to gaa when missing, and fix srcdir!=builddir for GAA files. +Reported by ludovic.courtes@laas.fr (Ludovic Courtès). + +** GnuTLS no longer uses -mms-bitfields --enable-runtime-pseudo-reloc. +Before these parameters were set to make GnuTLS build under mingw32, +however, they appear to no longer be necessary. + +** A minor fix to the C++ library to make it build. +Reported by Pavlov Konstantin . + +** Update of gnulib files. + +** API and ABI modifications: +gnutls_x509_crt_get_basic_constraints: ADD. +gnutls_x509_crt_set_basic_constraints: ADD. +cdk_pubkey_to_sexp: ADD (in opencdk). +cdk_seckey_to_sexp: ADD (in opencdk). + +* Version 1.7.1 (released 2006-12-28) + +** TLS 1.2 server side fix. +The Certificate Request sent did not contain the list of supported +hashes field, thus violating the protocol. It will now contain an +empty list. Reported by ludovic.courtes@laas.fr (Ludovic Courtès). + +** TLS 1.2 DSA signature verification fix. +Reported by ludovic.courtes@laas.fr (Ludovic Courtès). + +** Fix the list of trusted CAs that server's send to clients. +Before, the list contained issuer DN's instead of subject DN's of the +trusted CAs. Reported by Max Kellermann . + +** Fix gnutls_certificate_set_x509_crl to initialize the CRL before using it. +Also added a self-test in tests/certificate_set_x509_crl.c to test the +function. Reported by Max Kellermann . + +** Encode UID fields in DN's as DirectoryString. +Before GnuTLS encoded and parsed UID fields as IA5String. This was +incorrect, it should have used DirectoryString. Now it will use +DirectoryString for the UID field, but for backwards compatibility it +will also accept IA5String UID's. Reported by Max Kellermann +. + +** Improve out-of-sourcedir builds from CVS. +Reported by ludovic.courtes@laas.fr (Ludovic Courtès). + +** Bootstrap tools changed. +We now require autoconf 2.61, automake 1.10, and gettext 0.16, when +building GnuTLS from CVS. Libtool 1.5.22 is used. + +** Fixed a syntax error in lib/gnutls.asn. +Reported by Paul Millar . + +** Added German translation of GnuTLS messages. + +** Update of gnulib files. + +** API and ABI modifications: +No changes since last version. + +* Version 1.7.0 (released 2006-11-29) + +** The default protocol priority try TLS 1.1 and TLS 1.2 too. +The details is that the protocol priority set by +`gnutls_set_default_priority' has been changed from TLS 1.0 and SSL +3.0 to TLS 1.2, TLS 1.1, TLS 1.0 and SSL 3.0. + +** Preliminary support for TLS 1.2. +The client has been successfully tested against +https://www.mikestoolbox.org:4433/. + +** Anonself test now print a lot of debugging info, including TLS version. + +** Doc fixes in OpenCDK, to avoid some gtk-doc warnings. + +** Update of gnulib files. + +** API and ABI modifications: +GNUTLS_TLS1_2: New gnutls_protocol_t enum member. + +*** Pulled up from stable 1.6.x branch: + +** Fix ./configure failure with non-GCC compilers. +This fixes the following error message: +configure: error: conditional "HAVE_LD_OUTPUT_DEF" was never defined. +Reported by "Michael C. Vergallen" . + +* Version 1.6.3 (released 2007-05-26) + +** New API functions to extract DER encoded X.509 Subject/Issuer DN. +Suggested by Nate Nielsen . Backported +from the 1.7.x branch, see +. + +** Have PKCS8 parser return better error codes. +Reported by Nate Nielsen , see + and +. + +** Fix mem leak for sessions with client authentication via certificates. +Reported by Andrew W. Nosenko , see +. + +** Fix building of 'tlsia' self test. +Earlier some gcc are known to build tlsia linking to +$prefix/lib/libgnutls-extra.so rather than the libgnutls-extra.so in +the build directory, even though command line parameters look OK. +Changing order of some parameters fixes it. + +** API and ABI modifications: +gnutls_x509_crt_get_raw_issuer_dn: ADD. +gnutls_x509_crt_get_raw_dn: ADD. + +* Version 1.6.2 (released 2007-04-18) + +** Fix X.509 signing with RSA-PKCS#1 to set a NULL parameters fields. +Before, we remove the parameters field, which resulted in a slightly +different DER encoding which in turn caused signature verification +failures of GnuTLS-generated RSA certificates in some other +implementations (e.g., GnuPG 2.x's gpgsm). Depending on which RFCs +you read, this may or may not be correct, but our new behaviour appear +to be consistent with other widely used implementations. + +** Regenerate the PKIX ASN.1 syntax tree. +For some reason, after changing the ASN.1 type of ldap-UID in the last +release, the generated C file built from the ASN.1 schema was not +refreshed. This can cause problems when reading/writing UID +components inside X.500 Distinguished Names. Reported by devel +. + +** Updated translations. + +** API and ABI modifications: +No changes since last version. + +* Version 1.6.1 (released 2006-12-28) + +** Fix the list of trusted CAs that server's send to clients. +Before, the list contained issuer DN's instead of subject DN's of the +trusted CAs. Reported by Max Kellermann . + +** Fix gnutls_certificate_set_x509_crl to initialize the CRL before using it. +Reported by Max Kellermann . + +** Encode UID fields in DN's as DirectoryString. +Before GnuTLS encoded and parsed UID fields as IA5String. This was +incorrect, it should have used DirectoryString. Now it will use +DirectoryString for the UID field, but for backwards compatibility it +will also accept IA5String UID's. Reported by Max Kellermann +. + +** Fix ./configure failure with non-GCC compilers. +This fixes the following error message: +configure: error: conditional "HAVE_LD_OUTPUT_DEF" was never defined. +Reported by "Michael C. Vergallen" . + +** API and ABI modifications: +No changes since last version. + +* Version 1.6.0 (released 2006-11-17) + +** No changes since 1.5.5. +The major changes compared to the 1.4.x branch are: + +*** A GnuTLS C++ library is part of the official distribution. +Currently there are no examples or documentation, but hopefully this +will change. See gnutlsxx.h for the API. + +*** Windows is a supported platform. +There are, however, two know bugs. One is related to select() in +command line tools (not, nota bene, in the library), the other is a +problem with libgcrypt that causes delays. Help is needed to resolve +those issues, so we feel we can't delay the release because of this. + +*** New APIs for custom push/pull function error reporting. +The new APIs are gnutls_transport_set_errno and +gnutls_transport_set_global_errno. See the release notes for version +1.5.4 for more information. + +*** Self tests are run under valgrind, if available. See --disable-valgrind. + +* Version 1.5.5 (released 2006-11-16) + +** Correctly bump shared library version after adding new APIs. +This was forgotten in the last release. + +** Fix unsigned vs signed problem in ex-x509-info.c example. +Reported by Tim Kosse . + +** Fix the rsa-md5-collision self test to work for MinGW+Wine. + +** Update of gnulib files. + +** API and ABI modifications: +No changes since last version. + +* Version 1.5.4 (released 2006-11-07) + +** New API functions to set errno in push/pull functions. +Under Windows, setting the errno variable in a push/pull replacement +may end up setting the wrong errno variable, and GnuTLS send/recv +functions become confused about the real errno returned from a failed +push/pull function. Therefor, we have added two APIs to set the errno +variable used by GnuTLS. The APIs can also help to keep things +thread-safe, by avoiding potentially global variables. Typically, +instead of setting errno in your push/pull function, you will call one +of these functions. It is recommended to use +gnutls_transport_set_errno, but if you don't have the session variable +easily accessible in the push/pull replacement function, you can use +gnutls_transport_set_global_errno. Suggested by Tim Kosse +. + +void gnutls_transport_set_errno (gnutls_session_t session, int err); +void gnutls_transport_set_global_errno (int err); + +** When calling `recv' or `send' Windows errors are handled properly. +The Windows recv/send functions doesn't use errno, and GnuTLS now use +WSAGetLastError to access the error condition instead. + +** Several OpenPGP API fixes. +All suggested by ludovic.courtes@laas.fr (Ludovic Courtès). The most +important fix is to change the return value of +gnutls_openpgp_privkey_get_pk_algorithm and +gnutls_openpgp_key_get_pk_algorithm from 'int' to +'gnutls_pk_algorithm_t', which is an enum type (and thus API/ABI +compatible with 'int'). + +** When a GnuTLS server receive a SSLv2 Client Hello for an unknown TLS +** version, try to negotiate the highest version support by the GnuTLS server, +** instead of the lowest. +Reported by . + +** Replace old constructs with use of gnulib modules. +For example, we can now assume unistd.h, sys/stat.h, sys/socket.h in +the code. If the headers doesn't exist on the target system, gnulib +will make sure its replacement header files are used instead. + +** Fix SOVERSION computation for *.def files. +This fixes build errors similar to "No rule to make target +`libgnutls-`expr', needed by `all-am'." when building for Windows. + +** gnutls_check-version uses strverscmp from gnulib. + +** Update of gnulib files. + +** API and ABI modifications: +gnutls_transport_set_errno: ADD +gnutls_transport_set_global_errno: ADD + +* Version 1.5.3 (released 2006-10-26) + +** Add new self-test of RSA-MD5 signature chains. +Note that we already, since GnuTLS 1.2.9, reject RSA-MD5 signatures +when verifying X.509 chains. The code is in tests/rsa-md5-collision/ +and is based on the work by Marc Stevens et al, see +. + +** Re-factor self tests. + +** The include copy of Libtasn1 is updated to version 0.3.7. + +** The included copy of OpenCDK is updated to version 0.5.11. + +** Fix the filename of the *.def file on Windows after library version bump. + +** Separated the gnulib directory into one for LGPL modules and one for GPL. +This allows the GPL'd part of GnuTLS to take advantage of the GPL'd +gnulib modules. Earlier we could only use the LGPL'ed module from +gnulib, because two gnulib directories in the same project didn't +work. + +** API and ABI modifications: +No changes since last version. + +* Version 1.5.2 (released 2006-10-03) + +** Decrement the shared library version back to 13 (as in the 1.4.x branch). +Note that if you installed 1.5.0 or 1.5.1, they will have a higher +shared library version than this version, so you'll have to remove +them and possibly relink your applications. The reason for this is +that no API/ABI changes have been made since the 1.4.x branch, and +that incrementing the shared library version was a mistake. Reported +by Andreas Metzler . + +** Fix off-by-one error when computing length to malloc. +The code is used by gnutls_openpgp_add_keyring_file and +gnutls_openpgp_add_keyring_mem. Reported by "Adam Langley" +. + +** Add version script for the GnuTLS C++ library. +Reported by Andreas Metzler . + +** Fix the C++ compiler detection logic. +Reported by Andreas Metzler . + +** Update of gnulib files. + +** API and ABI modifications: +No changes since last version. + +* Version 1.5.1 (released 2006-09-21) + +** Fix PKCS#1 verification to avoid a variant of Bleichenbacher's +** Crypto 06 rump session attack. +In particular, we check that the digestAlgorithm.parameters field is +missing or empty, to avoid that it can contain "garbage" that may be +used to alter the numeric properties of the signature. See + (which is +not exactly the same as the problem we fix here). Reported by Yutaka +OIWA . + +See GNUTLS-SA-2006-4 on http://www.gnutls.org/security.html for more +up to date information. + +** Add self test to test for above flaw. + +** Fix gnutls-cli-debug regarding resume support detection. +Earlier, if the session-id from the server had a length of 0, it would +indicate that the server supports resumption, which isn't the case. +Reported by Kataja Kai . + +** Fix building of examples on FreeBSD by including netinet/in.h. +Reported by Roman Bogorodskiy . + +** Fix certtool bug that caused the private key to not be loaded when +generating a certificate with --load-request, which in turn triggered +another unrelated bug in gnutls_x509_crt_sign2 (also fixed). Reported +by Sascha Ziemann . + +** gnutls-cli and gnutls-serv works on Windows. +The problem was the select() call that doesn't work on file +descriptors (stdin) on Windows. We borrowed some code from plibc to +solve this. It appears to be somewhat unreliable though. + +** Autoconf 2.60 is now used. + +** API and ABI modifications: +No changes since last version. + +* Version 1.5.0 (released 2006-08-13) + +** Change SRP and Cert-Type extensions to match IANA registry. + +** Fixed bug in OpenPGP authentication handshake. + +** Improvements for building under MinGW. +Provides internal inet_ntop and inet_pton functions and arpa/inet.h +header. Calls WSAStartup and WSACleanup in gnutls_global_init and +gnutls_global_deinit, respectively. Loads getaddrinfo and getnameinfo +at run-time from ws2_32.dll, and falls back on a simple replacement if +it is not available. Builds the library with -mms-bitfields +-Wl,--enable-runtime-pseudo-reloc. Links with --output-def, to +create *.def files, which are installed. + +** The examples now (conditionally) include config.h and link to gnulib. +No other source changes were necessary, so the examples should +continue to be possible to use stand-alone without any autoconf or +gnulib stuff. + +** Added C++ header "gnutlsxx.h" and library "libgnutlsxx". +You may unconditionally disable it with --disable-cxx. See +includes/gnutls/gnutlsxx.h and lib/gnutlsxx.cpp for the +implementation. + +** Made command line tool '--version' behave according to GNU Standards. +This enables 'make distcheck' to succeed. + +** OpenCDK updated to 0.5.9 to fix some problems with OpenPGP support. + +** Make --without-included-libtasn1 work. +Reported by Daniel Black . + +** Fix a crash (strcmp() on a NULL value) in the certificate verification logic. +See https://www.gnu.org/software/gnutls/security.html regardging +GNUTLS-SA-2006-2 for more up to date information. Reported by +satyakumar . + +** API and ABI modifications: +No changes since last version. + +* Version 1.4.5 (released 2006-11-06) + +** When a GnuTLS server receive a SSLv2 Client Hello for an unknown TLS +** version, try to negotiate the highest version support by the GnuTLS server, +** instead of the lowest. +Reported by . + +** Fix typo in doc/examples/ex-serv-pgp.c. +Reported by Adam Langley" . + +** API and ABI modifications: +No changes since last version. + +* Version 1.4.4 (released 2006-09-12) + +** Relax the test that caught signatures that exploit the variant of +** Bleichenbacher's Crypto 06 rump session attack on our +** verification logic flaw. +In particular, we now permit the digestAlgorithm.parameters field to +be present but empty, whereas in 1.4.3 we actually checked that the +field was absent. + +** Revert the removal of debug information for the GNUTLS-SA-2006-3 problem. +The messages are only printed in debug mode, which is not recommended +for normal use, and thus logging this situation cannot be abused as an +oracle in typical recommended situations. + +** API and ABI modifications: +No changes since last version. + +* Version 1.4.3 (released 2006-09-08) + +** Fix PKCS#1 verification to avoid a variant of Bleichenbacher's +** Crypto 06 rump session attack. +In particular, we check that the digestAlgorithm.parameters field is +empty, to avoid that it can contain "garbage" that may be used to +alter the numeric properties of the signature. See + (which is +not exactly the same as the problem we fix here). Reported by Yutaka +OIWA . + +See GNUTLS-SA-2006-4 on http://www.gnutls.org/security.html for more +up to date information. + +** Fix PKCS#1 decryption to avoid Bleichenbacher's Crypto 98 attack. +See . +Reported by Werner Koch . + +See GNUTLS-SA-2006-3 on http://www.gnutls.org/security.html for more +up to date information. + +** Fix crash in gnutls_x509_crt_sign2 if passed a NULL issuer_key. + +** API and ABI modifications: +No changes since last version. + +* Version 1.4.2 (released 2006-08-12) + +** Fix a crash (strcmp() on a NULL value) in the certificate verification logic. +This can happen if you call gnutls_certificate_verify_peers2 and have +a certain mix of local CA certificates and the peer send special +certificates, that together trigger certain behaviour. It is not +known at this point whether the crash can be triggered without the +special local CA certificate, and thus turn this into a remote crash +of clients that verify server certificates when they talk to a server +with the special server certificate. See GNUTLS-SA-2006-2 on +https://www.gnu.org/software/gnutls/security.html for more up to date +information. Reported by satyakumar . + +** Change SRP and Cert-Type extensions to match IANA registry. + +** OpenCDK updated to 0.5.9 to fix some problems with OpenPGP support. + +** Make --without-included-libtasn1 work. +Reported by Daniel Black . + +** API and ABI modifications: +No changes since last version. + +* Version 1.4.1 (released 2006-06-14) + +** Replaced inactive ifdefs to enable openpgp support in test programs. + +** Fixed bug in OpenPGP authentication handshake. + +** Fixed typographical in man pages. + +** Build fixes of the manual. + +** Added Swedish translation. + +** API and ABI modifications: +No changes since last version. + +* Version 1.4.0 (released 2006-05-15) + +** Remove GnuTLS 0.8.x compatibility functions. + +** The libgcrypt RNG is initialized in gnutls_global_init(). + +** TLS/IA API changes from Emile van Bergen. +A dummy credential structure is not needed now, if you wish to use the +low-level TLS/IA API, simply call gnutls_ia_enable to enable TLS/IA on +a session. + +** The self-tests are now run under valgrind, if it is installed. + +** Libtasn1 is updated to 0.3.4, and that version is now required. + +** The command line tools now use getaddrinfo and support IPv6. + +** API and ABI modifications: +_gnutls_x509_get_raw_crt_activation_time, +_gnutls_x509_get_raw_crt_expiration_time: Removed. +gnutls_ia_require_inner_phase: Removed, replaced by gnutls_ia_enable. +gnutls_ia_enable: Added. + +* Version 1.3.5 (released 2006-03-08) + +** Error messages are now translated using GNU Gettext. + +** The function gnutls_x509_crt_to_xml now return an internal error. +This means that the code to convert X.509 certificates to XML format +does not work any more. The reason is that the function called +libtasn1 internal functions. It seems unclean for libtasn1 to export +the APIs needed here. Instead it would be better to implement XML +support inside libtasn1 properly. If you need this functionality +strongly, please consider looking into implementing this suggested +approach instead. As a workaround, you may also modify lib/x509/xml.c +(change '#if 1' to '#if 0') and build using --with-included-libtasn1. + +** Libraries are now built with libtool's -no-undefined. +This helps producing libraries for Windows using mingw32. + +** Doc fixes to explain that gnutls_record_send can block. + +** Libtasn1 0.3.1 or later is now required. +The include copy has been updated too. + +** gnutls-cli can now recognize services and port numbers with the -p option. + +** API and ABI modifications: +No changes since last version. + +* Version 1.3.4 (released 2006-02-09) + +** Fix read of out bounds bug in DER parser. +Reported by Evgeny Legerov , and debugging help from +Protover SSL. Libtasn1 0.2.18 is now required, which contains the +previous bug fix. The included libtasn1 version in GnuTLS has been +updated. + +** Fixed bug in non-blocking gnutls_bye(). gnutls_record_send() will no +longer invalidate a session if the underlying send fails, but it will +prevent future writes. That is to allow reading the already received data. +Patches and bug reports by Yoann Vandoorselaere + +** Corrected bugs in gnutls_certificate_set_x509_crl() and +gnutls_certificate_set_x509_trust(), that caused memory corruption if +more than one certificates were added. Report and patch by Max Kellermann. + +** Fix build problems of OpenCDK on AIX. +Thanks to "Heiden, John" . + +** API and ABI modifications: +No changes since last version. + +* Version 1.3.3 (released 2006-01-12) + +** New API to access the TLS master secret. +When possible, you should use the TLS PRF functions instead. +Suggested by Jouni Malinen . + +** Improved handling when multiple libraries use GnuTLS at the same time. +Now gnutls_global_init() can be called multiple times, and +gnutls_global_deinit() will only deallocate the structure when it has +been called as many times as gnutls_global_init() was called. + +** Added a self test of TLS resume functionality. + +** Fix crash in TLS resume code, caused by TLS/IA changes. + +** Documentation fixes about thread unsafety, prompted by +** discussion with bryanh@giraffe-data.com (Bryan Henderson). +In particular, gnutls_global_init() and gnutls_global_deinit() are not +thread safe. Careful callers may want to protect the call using a +mutex. The problem could also be ignored, which would cause a memory +leak under rare conditions when two threads invoke the function +roughly at the same time. + +** Add 'const' keywords in various places, from Frediano ZIGLIO. + +** The code was indented again, including the external header files. + +** API and ABI modifications: +New functions to retrieve the master secret value: + gnutls_session_get_master_secret + +Add a 'const' keyword to existing API: + gnutls_x509_crq_get_challenge_password + +* Version 1.3.2 (released 2005-12-15) + +** GnuTLS now support TLS Inner application (TLS/IA). +This is per draft-funk-tls-inner-application-extension-01. This +functionality is added to libgnutls-extra, so it is licensed under the +GNU General Public License. + +** New APIs to access the TLS Pseudo-Random-Function (PRF). +The PRF is used by some protocols building on TLS, such as EAP-PEAP +and EAP-TTLS. One function to access the raw PRF and one to access +the PRF seeded with the client/server random fields are provided. +Suggested by Jouni Malinen . + +** New APIs to acceess the client and server random fields in a session. +These fields can be useful by protocols using TLS. Note that these +fields are typically used as input to the TLS PRF, and if this is your +intended use, you should use the TLS PRF API that use the +client/server random field directly. Suggested by Jouni Malinen +. + +** Internal type cleanups. +The uint8, uint16, uint32 types have been replaced by uint8_t, +uint16_t, uint32_t. Gnulib is used to guarantee the presence of +correct types on platforms that lack them. The uint type have been +replaced by unsigned. + +** API and ABI modifications: +New functions to invoke the TLS Pseudo-Random-Function (PRF): + gnutls_prf + gnutls_prf_raw + +New functions to retrieve the session's client and server random values: + gnutls_session_get_server_random + gnutls_session_get_client_random + +New function, to perform TLS/IA handshake: + gnutls_ia_handshake + +New function to decide whether to do a TLS/IA handshake: + gnutls_ia_handshake_p + +New functions to allocate a TLS/IA credential: + gnutls_ia_allocate_client_credentials + gnutls_ia_free_client_credentials + gnutls_ia_allocate_server_credentials + gnutls_ia_free_server_credentials + +New functions to handle the AVP callback: + gnutls_ia_set_client_avp_function + gnutls_ia_set_client_avp_ptr + gnutls_ia_get_client_avp_ptr + gnutls_ia_set_server_avp_function + gnutls_ia_set_server_avp_ptr + gnutls_ia_get_server_avp_ptr + +New functions, to toggle TLS/IA application phases: + gnutls_ia_require_inner_phase + +New function to mix session keys with inner secret: + gnutls_ia_permute_inner_secret + +Low-level API (used internally by gnutls_ia_handshake): + gnutls_ia_endphase_send + gnutls_ia_send + gnutls_ia_recv + +New functions that can be used after successful TLS/IA negotiation: + gnutls_ia_generate_challenge + gnutls_ia_extract_inner_secret + +Enum type with TLS/IA modes: + gnutls_ia_mode_t + +Enum type with TLS/IA packet types: + gnutls_ia_apptype_t + +Enum values for TLS/IA alerts: + GNUTLS_A_INNER_APPLICATION_FAILURE + GNUTLS_A_INNER_APPLICATION_VERIFICATION + +New error codes, to signal when an application phase has finished: + GNUTLS_E_WARNING_IA_IPHF_RECEIVED + GNUTLS_E_WARNING_IA_FPHF_RECEIVED + +New error code to signal TLS/IA verify failure: + GNUTLS_E_IA_VERIFY_FAILED + +* Version 1.3.1 (released 2005-12-08) + +** Support for DHE-PSK cipher suites has been added. +This method offers perfect forward secrecy. + +** Fix gnutls-cli STARTTLS hang when SIGINT is sent too quickly, thanks to +Otto Maddox and Nozomu Ando . + +** Corrected a bug in certtool for 64 bit machines. Reported +by Max Kellermann . + +** New function to set a X.509 private key and certificate pairs, and/or +CRLs, from an PKCS#12 file, suggested by Emile van Bergen +. + +The integrity of the PKCS#12 file is protected through a password +based MAC; public-key based signatures for integrity protection are +not supported. PKCS#12 bags may be encrypted using password derived +symmetric keys, public-key based encryption is not supported. The +PKCS#8 keys may be encrypted using passwords. The API use the same +password for all operations. We believe that any more flexibility +create too much complexity that would hurt overall security, but may +add more PKCS#12 related APIs if real-world experience indicate +otherwise. + +** gnutls_x509_privkey_import_pkcs8 now accept unencrypted PEM PKCS#8 keys, +reported by Emile van Bergen . +This will enable "certtool -k -8" to parse those keys. + +** Certtool now generate keys in unencrypted PKCS#8 format for empty passwords. +Use "certtool -p -8" and press press enter at the prompt. Earlier, +certtool would have encrypted the key using an empty password. + +** Certtool now accept --password for --key-info and encrypted PKCS#8 keys. +Earlier it would have prompted the user for it, even if --password was +supplied. + +** Added self test of PKCS#8 parsing. +Unencrypted and encrypted (pbeWithSHAAnd3-KeyTripleDES-CBC and +pbeWithSHAAnd40BitRC2-CBC) formats are tested. The test is in +tests/pkcs8. + +** API and ABI modifications: +New function to set X.509 credentials from a PKCS#12 file: + gnutls_certificate_set_x509_simple_pkcs12_file + +New gnutls_kx_algorithm_t enum type: + GNUTLS_KX_DHE_PSK + +New API to return session data (basically same as gnutls_session_get_data): + gnutls_session_get_data2 + +New API to set PSK Diffie-Hellman parameters: + gnutls_psk_set_server_dh_params + +* Version 1.3.0 (2005-11-15) + +** Support for TLS Pre-Shared Key (TLS-PSK) ciphersuites have been added. +This add several new APIs, see below. Read the updated manual for +more information. A new self test "pskself" has been added, that will +test this functionality. + +** The session resumption data are now system independent. + +** The code has been re-indented to conform to the GNU coding style. + +** Removed the RIPEMD ciphersuites. + +** Added a discussion of the internals of gnutls in manual. + +** Fixes for Tru64 UNIX 4.0D that lack MAP_FAILED, from Albert Chin. + +** Remove trailing comma in enums, for IBM C v6, from Albert Chin. + +** Make sure config.h is included first in a few files, from Albert Chin. + +** Don't use C++ comments ("//") as they are invalid, from Albert Chin. + +** Don't install SRP programs and man pages if --disable-srp-authentication, +from Albert Chin. + +** API and ABI modifications: +New gnutls_kx_algorithm_t key exchange type: GNUTLS_KX_PSK + +New gnutls_credentials_type_t credential type: + GNUTLS_CRD_PSK + +New credential types: + gnutls_psk_server_credentials_t + gnutls_psk_client_credentials_t + +New functions to allocate PSK credentials: + gnutls_psk_allocate_client_credentials + gnutls_psk_free_client_credentials + gnutls_psk_free_server_credentials + gnutls_psk_allocate_server_credentials + +New enum type for PSK key flags: + gnutls_psk_key_flags + +New function prototypes for credential callback: + gnutls_psk_client_credentials_function + gnutls_psk_server_credentials_function + +New function to set PSK username and key: + gnutls_psk_set_client_credentials + +New function to set PSK passwd file: + gnutls_psk_set_server_credentials_file + +New function to extract PSK user in server: + gnutls_psk_server_get_username + +New functions to set PSK callback: + gnutls_psk_set_server_credentials_function + gnutls_psk_set_client_credentials_function + +Use size_t instead of int for output size parameter: + gnutls_srp_base64_encode + gnutls_srp_base64_decode + +* Version 1.2.11 (2006-05-11) +- The function gnutls_x509_crt_to_xml is not supported any more, and + return an internal error. The reason is that the function called + internal libtasn1 functions which are no longer exported from + libtasn1. +- Updated libtasn1 requirement to 0.3.4 and refreshed internal mintiasn1. +- Updated gnulib compatibility files. +- Fixed _gnutls_x509_get_raw_crt_expiration_time and + _gnutls_x509_get_raw_crt_activation_time to return (time_t)-1 on errors. +- API and ABI modifications: + No changes since last version. + +* Version 1.2.10 (2006-02-09) +- Fix read out bounds bug in DER parser. Reported by Evgeny Legerov + , and debugging help from Protover SSL. +- Libtasn1 0.2.18 is now required (contains the previous bug fix). + The included version has been updated too. +- Fix gnutls-cli STARTTLS hang when SIGINT is sent too quickly, thanks to + Otto Maddox and Nozomu Ando . +- Corrected a bug in certtool for 64 bit machines. Reported + by Max Kellermann . +- Corrected bugs in gnutls_certificate_set_x509_crl() and + gnutls_certificate_set_x509_trust(), that caused memory corruption if + more than one certificates were added. Report and patch by Max Kellermann. +- Fixed bug in non-blocking gnutls_bye(). gnutls_record_send() will no + longer invalidate a session if the underlying send fails, but it will + prevent future writes. That is to allow reading the already received data. + Patches and bug reports by Yoann Vandoorselaere + +* Version 1.2.9 (2005-11-07) +- Documentation was updated and improved. +- RSA-MD2 is now supported for verifying digital signatures. +- Due to cryptographic advances, verifying untrusted X.509 + certificates signed with RSA-MD2 or RSA-MD5 will now fail with a + GNUTLS_CERT_INSECURE_ALGORITHM verification output. For + applications that must remain interoperable, you can use the + GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD2 or GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD5 + flags when verifying certificates. Naturally, this is not + recommended default behaviour for applications. To enable the + broken algorithms, call gnutls_certificate_set_verify_flags with the + proper flag, to change the verification mode used by + gnutls_certificate_verify_peers2. +- Make it possible to send empty data through gnutls_record_send, + to align with the send(2) API. +- Some changes in the certificate receiving part of handshake to prevent + some possible errors with non-blocking servers. +- Added numeric version symbols to permit simple CPP-based feature + tests, suggested by Daniel Stenberg . +- The (experimental) low-level crypto alternative to libgcrypt used + earlier (Nettle) has been replaced with crypto code from gnulib. + This leads to easier re-use of these components in other projects, + leading to more review and simpler maintenance. The new configure + parameter --with-builtin-crypto replace the old --with-nettle, and + must be used if you wish to enable this functionality. See README + under "Experimental" for more information. Internally, GnuTLS has + been updated to use the new "Generic Crypto" API in gl/gc.h. The + API is similar to the old crypto/gc.h, because the gnulib code were + based on GnuTLS's gc.h. +- Fix compiler warning in the "anonself" self test. +- API and ABI modifications: +gnutls_x509_crt_list_verify: Added 'const' to prototype in . + This doesn't reflect a change in behaviour, + so we don't break backwards compatibility. +GNUTLS_MAC_MD2: New gnutls_mac_algorithm_t value. +GNUTLS_DIG_MD2: New gnutls_digest_algorithm_t value. +GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD2, +GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD5: New gnutls_certificate_verify_flags values. + Use when calling + gnutls_x509_crt_list_verify, + gnutls_x509_crt_verify, or + gnutls_certificate_set_verify_flags. +GNUTLS_CERT_INSECURE_ALGORITHM: New gnutls_certificate_status_t value, + used when broken signature algorithms + is used (currently RSA-MD2/MD5). +LIBGNUTLS_VERSION_MAJOR, +LIBGNUTLS_VERSION_MINOR, +LIBGNUTLS_VERSION_PATCH, +LIBGNUTLS_VERSION_NUMBER: New CPP symbols, indicating the GnuTLS + version number, can be used for feature existence + tests. + +* Version 1.2.8 (2005-10-07) +- Libgcrypt 1.2.2 is required to fix a bug for forking GnuTLS servers. +- Don't install the auxilliary libexamples library used by the + examples in doc/examples/ on "make install", report and tiny patch + from Thomas Klausner . +- If you pass a X.509 CA or PGP trust database to the command line + tool, it will now abort the connection if the server certificate + validation fails. Use the parameter --insecure to continue even + after certificate validation failures. Inspired from discussion + with Alexander Kotelnikov . +- The test for socklen_t has been moved to gnulib. +- Link failures for duplicate or missing "program_name" symbol has been fixed, + patch from Martin Lambers . +- The command line tool and the examples no longer uses mmap or bzero, + to make them more portable, patch from Martin Lambers + . +- Made the PKCS #12 API handle null passwords. Based on patch by + Anton Altaparmakov . +- The GTK-DOC manual should build with current released tools. + (But a copy of the output is included, so the tools are not required.) +- The inet_ntop function is now used through gnulib. +- API and ABI modifications: + No changes since last version. + +* Version 1.2.7 (2005-09-09) +- The GnuTLS and GnuTLS-extra libraries are now built with versioned symbols. +- Certtool now complains when reading out-of-range X.509 serial + numbers, suggested by Fran . +- Certtool now uses the readline library (when available) when reading + X.509 serial numbers. +- Fixed build problems in getpass on uClibc and Mingw32 platforms. +- Fixed compile warning regarding socklen_t on Mingw32, reported by + Martin Lambers . +- Fixed examples in doc/examples/, suggested by Fran . +- Gnulib is now used for the core library, enabling future code cleanups. +- The gnutls-cli tool now use gnutls_certificate_verify_peers2, + suggested by Daniel Stenberg . +- Doc fixes for gnutls_transport_set_push and gnutls_transport_set_pull. +- Minilibtasn1 is now 0.2.17 (removed optional use of C99 macros). +- Disable zlib support if zlib.h is not present. +- A number of internal cleanups. +- API and ABI modifications: + No changes since last version. + +* Version 1.2.6 (2005-07-16) +- MiniLZO updated to version 2.01 and moved to separate directory. +- Collision between system LZO header files and MiniLZO header file + fixed, reported by Matthias Urlichs . +- Will now test for liblzo functionality in liblzo2 too, reported by + Thomas Klausner . +- Minilibtasn1 is now 0.2.14 (no code changes). +- Some code changes to avoid GTK-DOC warnings. +- API and ABI modifications: + No changes since last version. + +* Version 1.2.5 (2005-07-03) +- More builddir != srcdir fixes, reported by Mike Castle + . +- Fixed off-by-one bug in the size parameter of gnutls_x509_crt_get*_dn, + reported by Adam Langley . +- Corrected some stuff in minilzo detection. Pointed out by + Sergey Lipnevich. +- MiniLZO updated to version 2.00. +- gnutls_x509_crt_list_import now accept a DER formatted CRL. +- API and ABI modifications: + No changes since last version. + +* Version 1.2.4 (2005-05-28) +- Corrected some bugs that could affect 64 bit systems. +- Some corrections in the header files to include the prototype + of memmem properly (affected 64 bit systems). Report and patch + by Yoann Vandoorselaere . +- Introduced the --fix-key option to certtool, which can be used to + regenerate the (optional) parameters in a private key. It should + be used together with --key-info. +- Corrected a bug in certificate chain verification that could lead + to marking a trusted chain as non trusted, if the last certificate in + the chain was a self signed one. +- Gnulib portability files were updated. +- License were updated to reflect new FSF address. +- API and ABI modifications: + No changes since last version. + +* Version 1.2.3 (2005-04-28) +- Corrected bug in record packet parsing that could lead + to a denial of service attack. +- Corrected bug in RSA key export. Previously exported keys + can be fixed using certtool. Use certtool -k outfile +- API and ABI modifications: + gnutls_x509_privkey_fix(): Add. + +* Version 1.2.2 (2005-04-25) +- gnutls_error_to_alert() now considers + GNUTLS_E_UNEXPECTED_HANDSHAKE_PACKET. +- Fixed error in session resuming that could cause a crash in a session. +- Fixed pkcs12 friendly name and local key identifier decoding. +- Internal cleanups, removed duplicate typedef/struct definitions, + and made source code include external include file, to check + function prototypes during compile time. +- API and ABI modifications: + No changes since last version. At least not intentional, but due + to the include header changes, there may be inadvertant changes, + please let us know if you find any. + +* Version 1.2.1 (2005-04-04) +- gnutls_bye() will no longer fail when RDWR is used and application + data are available for reading. +- Added more strict checks for the SRP parameters (g,n), when they + are not in the included list. +- Added warning to certtool when MD5 is being used for digital + signatures. +- Optimizations ("-O2 -finline-functions") are not enabled by default, + instead the standard autoconf defaults are used. Use `./configure + CFLAGS="-O2 -finline-functions"' to get the old optimizations. +- Added the option --get-dh-params to certtool, in order to get the + parameters included in the library primes and generators. +- Improved the semantics of GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT, to + allow only trusted Version 1 CAs and introduced + GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT which has the old semantics. +- Nettle self tests now build properly, reported by Pierre + . +- Eliminated some memory leaks in DHE and RSA-EXPORT cipher suites. + Reported by Yoann Vandoorselaere . +- If the library has been compiled with features disabled, a warning is + issued during the compilation of any program. +- API and ABI modifications: + gnutls_x509_crt_list_import(): Add + gnutls_x509_crq_get_attribute_by_oid(): Add. + gnutls_x509_crq_set_attribute_by_oid(): Add + gnutls_x509_crt_set_extension_by_oid(): Add. + GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT: Modify semantics. + GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT: Add, old behaviour. + +* Version 1.2.0 (2005-01-27) +- Added the definitions and OIDs for the RIPEMD-160 hash algorithm. +- Introduced gnutls_x509_crt_sign2(), gnutls_x509_crq_sign2() and + gnutls_x509_crl_sign2(). +- Fixed license header in source code files. + +* Version 1.1.23 (2005-01-18) +- It is now possible to generate PKCS#12 structures without private + keys using "certtool --to-p12", suggested by Fabian Fagerholm + . +- Certtool now prints information for the RSA and DSA parameters of + certificates and private keys. +- Corrected the write of CRL distribution points. +- The certificate chain verification function now checks certificates + in the reverse order to minimize the spent resources. +- Corrected several bugs found by Marcin Garski +- The functions gnutls_x509_crl_get_issuer_dn, gnutls_x509_crq_get_dn, + gnutls_x509_crt_get_issuer_dn, gnutls_x509_crt_get_dn, and + gnutls_x509_rdn_get now set *sizeof_buf to the buffer length that is + required, instead of the string length. That is, the value has been + incremented by 1 to account for the terminating zero. Reported by + Martin Lambers . +- Debug output shouldn't crash on platforms that doesn't handle NULL + printf %s values. Reported by Michael.Ringe@aachen.utimaco.de. +- Sync included copy of libtasn1 with version 0.2.13. +- Client X.509 authenticated connections via gnutls-cli should now work again. + +* Version 1.1.22 (2004-11-04) +- Replace GNU LD version script with Libtool -export-symbols-regex, + from Joe Orton . +- Documentation improvements. +- Code indented using 'indent -i4 -kr'. +- The API manual is included in Devhelp format. (Was in last release too, + but the NEWS entry was forgotten.) +- The OpenSSL compatibility code now use the internal crypto interface. +- Added simple self test of OpenSSL compatibility library. +- Internally, libtool convenience libraries are used. +- Cleanups to configure.ac. + +* Version 1.1.21 (2004-10-27) +- Print DN of certificates with unknown characters in them, but in hexform + only. +- Added second precision to the X.509 parsing and generation functions. +- Corrected bug in _gnutls_x509_get_dn_oid(), and returns the + actual OID. +- Add parameter --la-file to libgnutls-config and libgnutls-extra-config, + tiny patch contributed by Joe Orton . +- Add pkg-config meta files, suggested by Stéphane LOEUILLET + . +- Fix memory initializaion bug in gnutls_certificate_set_x509_trust, + tiny patch by Aleix Conchillo Flaque . +- Add self test of PKCS#12 functionality in "certtool", based on test + vectors from Joe Orton . +- Fix library order in libgnutls*-config --libs output, to permit + static linking, reported by Yoann Vandoorselaere + . + +* Version 1.1.20 (2004-10-12) +- Fix compile problem in gl/getpass.c on some systems. + +* Version 1.1.19 (2004-10-07) +- Fix memory leak in gnutls_certificate_verify_peers and + gnutls_certificate_free_credentials, report and patch by Simon + Posnjak . +- Fix crash in `certtool --to-p12 --load-privkey foo', i.e. exporting + a key and no certificate to PKCS#12. +- Fix objdir != srcdir builds, reported by "Gerrit P. Haase" + . +- Fixes faulty getpass implementation in libextra/opencdk/, reported + by Yoann Vandoorselaere . +- Uses memmem instead of strnstr in lib/. +- Using more GNULib portability files, although not yet inside lib/. +- Added gnutls_certificate_verify_peers to gnutls/compat.h. + Nikos deprecated gnutls_certificate_verify_peers in favor of + gnutls_certificate_verify_peers2 earlier in the 1.1 branch. +- Improvements to the manual. +- Add new example "ex-rfc2818" for certificate verification, from Nikos. +- Known bug: the library require snprintf. This has not yet been + fixed, but will be handled via GNULib later on. + +* Version 1.1.18 (2004-08-24) +- Corrected handling of certificate with dates after year 2038. +- Corrected DER decoder which could incorrectly treat input as BER and fail. +- Correct certtool --smime-to-p7 end of line character handling. +- Added example client and server for anonymous authentication. +- Added self test that tests anonymous TLS client and server. +- Added self tests of Nettle and generic crypto layer. +- Added API reference manual in HTML format in doc/reference/ using GTK-DOC. + Online version at . +- Assume C89 or better; removed checks for size_t, ptrdiff_t and time_t. +- Man pages for API functions are included. + +* Version 1.1.17 (2004-08-18) +- Bug fix of padding string in RSA PKCS#1 v1.5 type 2 encryption, + reported by Robey Pointer . +- Generic crypto interface for secret key ciphers, hashes and randomness added. + See section "Experimental" within section "COMPILATION ISSUES" in README. +- Removed length limit on passwords read by 'certtool'. +- Documentation fixes. + +* Version 1.1.16 (2004-08-15) +- Fix missing gnulib linker parameter when building certtool. +- Add gnulib module 'progname', needed by module 'error'. +- Improve building with srcdir != objdir. + +* Version 1.1.15 (2004-08-15) +- Certtool has simplistic --smime-to-p7 to translate RFC 2633 messages into + PKCS #7 format. +- Ported to Mac OS X / Darwin. +- Ported to FreeBSD. + +* Version 1.1.14 (2004-08-09) +- Documentation converted to Texinfo format. +- Bug fix of test suite. +- Configure now print build information, used by Autobuild. + +* Version 1.1.13 (2004-08-05) +- Added simple self test suite. + +* Version 1.1.12 (2004-08-02) +- Updated the SRP authentication to conform to the + latest (yet unreleased) draft. Unfortunately this breaks + compatibility with previous versions. +- Changed the makefiles to be more portable. +- SRP ciphersuites were moved to the gnutls library. +- Added some default limits in the verification of certificate + chains, to avoid denial of service attacks. Also added + gnutls_certificate_set_verify_limits() to override them. + Issue pointed out by Patrik Hornik . +- Added gnutls_certificate_verify_peers2(). + +* Version 1.1.11 (2004-07-16) +- Added the '_t' suffix to all exported symbols. +- Fixed bug in RSA encryption, report and patch by Martijn Koster + . +- Corrected a bug in certificate verification. Pointed out by + Yoann Vandoorselaere +- Added the GNUTLS_VERIFY_DO_NOT_ALLOW_SAME flags to the + verification functions. +- The ephemeral DH and RSA parameters are no longer stored in the + session resume DB. +- Do not free the SRP (prime and generator) parameters obtained from the + callback if they are the static ones defined in extra.h +- Eliminated some memory leaks. Reported by Yoann Vandoorselaere. + +* Version 1.1.10 (2004-06-12) +- Added gnutls_sign_algorithm_get_name() and gnutls_pk_algorithm_get_name() +- Corrected bug in TLS renegotiation. +- Corrected bug in OpenPGP key loading using a callback. +- gnutls-srpcrypt was renamed to srptool +- Allow handshake requests by the client. +- Automatically disable certificate types that do not have corresponding + certificates. +- Added gnutls_auth_client_get_type() and gnutls_auth_server_get_type() +- Opencdk library is being included if not found. +- certtool can now add ip address SAN extension. +- certtool has now support for more X.520 DN attribute types. +- Better handling of EOF in gnutls_record_recv(). +- _gnutls_deinit() is no longer used. Sessions are not + automatically removed any more, on abnormal termination. +- Corrected session resuming in SRP ciphersuites. +- Updated to conform to the latest srp draft (draft-ietf-tls-srp-07) +- Added new functions to allow access to the ephemeral + Diffie Hellman parameters. +- Added the functions gnutls_x509_crt_get_pk_rsa_raw() and + gnutls_x509_crt_get_pk_dsa_raw() to retrieve parameters from certificates. +- Added the functions gnutls_dh_get_group(), gnutls_dh_get_pubkey() and + gnutls_rsa_export_get_pubkey() to retrieve parameters of the DH or + RSA-EXPORT key exchange. +- Some fixes in the session resuming code. +- Added gnutls_openpgp_keyring_check_id(). + +* Version 1.1.9 (2004-04-14) +- Added support for authority key identifier and the extended key usage + X.509 extension fields. The certtoool was updated to support them. +- The RC2 cipher is no more included. The one in libgcrypt is now used. +- Added batch support to certtool. Now it can use templates. + +* Version 1.1.8 (2004-04-07) +- Implemented all the tests for the SRP group parameters in + client side. This may lead to incompatibility with very + old gnutls servers. +- Corrected bug in RSA parameters handling which could cause + unexpected crashes. +- Optimized the copying of rsa_params. + +* Version 1.1.7 (2004-03-29) +- Added gnutls_certificate_set_params_function() and + gnutls_anon_set_params_function() that set the RSA or DH + parameters using a callback. +- Added functions gnutls_rsa_params_cpy(), gnutls_dh_params_cpy() + and gnutls_x509_privkey_cpy(). +- Corrected a compilation issue when opencdk was installed in a + non standard directory. +- Deprecated: gnutls_srp_server_set_select_function(), + gnutls_certificate_client_set_select_function(), gnutls_srp_server_set_select_function(). + +* Version 1.1.6 (2004-02-24) +- Several bug fixes, by Arne Thomassen. +- Fixed a bug where 'server name' extension was always sent. + +* Version 1.1.5 (2004-01-06) +- Added the gnutls_sign_algorithm type. + +* Version 1.1.4 (2004-01-04) +- Improved gnutls-cli's SRP behaviour in SRP ciphersuites. + If they are of highest priority then the abbreviated handshake + is used. +- Removed all references of missing files. +- Changed handshake behaviour to send the lowest TLS version + when an unsupported version was advertized. The current behaviour + is to send the maximum version we support. +- Corrected problem printing the DC attributes in a DN. + +* Version 1.1.3 (2003-12-30) +- Implemented TLS 1.1 (and also obsoleted the TLS 1.0 CBC protection + hack). + +* Version 1.1.2 (2003-12-28) +- Added CRL verification functionality to certtool. +- Corrected the CRL distribution point extension handling. + +* Version 1.1.1 (2003-12-26) +- Added PKCS #7 support to certtool utility. +- Added support for reading and generating CRL distribution + points extensions in certificates. +- Added support for generating CRLs in the library and the + certtool utility. +- Added support for the Subject Key ID PKIX extension. + +* Version 1.1.0 (2003-12-21) +- The error codes GNUTLS_E_NO_TEMPORARY_DH_PARAMS and GNUTLS_E_NO_TEMPORARY_RSA_PARAMS + are no longer returned by the handshake function. Ciphersuites that + require temporary parameters are removed when such parameters do not exist. +- Added the callbacks gnutls_certificate_client_retrieve_function() and + gnutls_certificate_server_retrieve_function(), to allow a client or a server + to specify certificates for the handshake without storing them to the + credentials structure. +- Added support for generating and exporting DSA private keys. +- Added gnutls_x509_crt_set_key_usage() and certtool can now set the + certificate's key usage. +- Added gnutls_openpgp_key_get_key_usage(). + +* Version 1.0.25 (2005-04-27) +- Corrected bug in record packet parsing that could lead + to a denial of service attack. +- Corrected bug in RSA key export. + +* Version 1.0.24 (2005-01-18) +- Corrected several bugs found by Marcin Garski + +* Version 1.0.23 (2004-11-13) +- Replace GNU LD version script with Libtool -export-symbols-regex, + from Joe Orton . +- Copy libtasn1 has been updated to version 0.2.11. +- Corrected the write of CRL distribution points. +- It is now possible to generate PKCS#12 structures without private + keys using "certtool --to-p12", suggested by Fabian Fagerholm + . + +* Version 1.0.22 (2004-10-28) +- Print DN of certificates with unknown characters in them, but in hexform + only. +- Corrected bug in _gnutls_x509_get_dn_oid(), and returns the + actual OID. +- Added second precision to the X.509 parsing functions. +- Add parameter --la-file to libgnutls-config and libgnutls-extra-config, + tiny patch contributed by Joe Orton . +- Add pkg-config meta files, suggested by Stéphane LOEUILLET + . +- Fix memory initializaion bug in gnutls_certificate_set_x509_trust, + tiny patch by Aleix Conchillo Flaque . +- Fix certtool --password for PKCS #12, back ported from 1.1.x branch. +- Fix library order in libgnutls*-config --libs output, to permit + static linking, reported by Yoann Vandoorselaere + . + +* Version 1.0.21 (2004-10-07) +- Fix memory leak in gnutls_certificate_verify_peers and + gnutls_certificate_free_credentials, report and patch by Simon + Posnjak . +- Fix crash in `certtool --to-p12 --load-privkey foo', i.e. exporting + a key and no certificate to PKCS#12. +- Fix objdir != srcdir builds, reported by "Gerrit P. Haase" + . +- Avoid redefining getpass if system already has it, reported by + Yoann Vandoorselaere . +- Add new example "ex-rfc2818" for certificate verification, from Nikos. +- Known bug: the library require snprintf. + +* Version 1.0.20 (2004-08-18) +- Bug fix of padding string in RSA PKCS#1 v1.5 type 2 encryption, + reported by Robey Pointer . + +* Version 1.0.19 (2004-08-09) +- Bug fix of test suite. + +* Version 1.0.18 (2004-08-05) +- Added simple self test suite. + +* Version 1.0.17 (2004-08-02) +- Updated the SRP authentication to conform to the + latest (yet unreleased) draft. Unfortunately this breaks + compatibility with previous versions. +- Changed the makefiles to be more portable. +- Added some default limits in the verification of certificate + chains, to avoid denial of service attacks. Also added + gnutls_certificate_set_verify_limits() to override them. + Issue pointed out by Patrik Hornik . +- Added gnutls_certificate_verify_peers2(). + +* Version 1.0.16 (2004-07-10) +- Do not free the SRP (prime and generator) parameters obtained from the + callback if they are the static ones defined in extra.h. +- Eliminated some memory leaks. Reported by Yoann Vandoorselaere. +- Some fixes in the makefiles. + +* Version 1.0.15 (2004-06-29) +- Fixed bug in RSA encryption, report and patch by Martijn Koster + . +- Corrected a bug in certificate verification. Pointed out by + Yoann Vandoorselaere . + +* Version 1.0.14 (2004-06-12) +- Automatically disable certificate types that do not have corresponding + certificates. +- Updates in the documentation. +- certtool can now add ip address SAN extension. +- certtool has now support for more X.520 DN attribute types. +- Opencdk library is being included if not found. +- Added gnutls_openpgp_keyring_check_id(). +- Corrected a serious bug in the included libtasn1 library. +- Corrected session resuming in SRP ciphersuites. +- Updated to conform to the latest srp draft (draft-ietf-tls-srp-07) +- Added the functions gnutls_x509_crt_get_pk_rsa_raw() and + gnutls_x509_crt_get_pk_dsa_raw() to retrieve parameters from certificates. +- Some fixes in the session resuming code. + +* Version 1.0.13 (2004-04-29) +- Some complilation fixes. +- Added the --xml parameter to the certtool utility. + +* Version 1.0.12 (2004-04-23) +- Corrected bug in OpenPGP key loading using a callback. +- Renamed gnutls-srpcrypt to srptool +- Allow handshake requests by the client. +* Things backported from the development branch: +- Added support for authority key identifier and the extended key usage + X.509 extension fields. The certtoool was updated to support them. +- Added batch support to certtool. Now it can use templates. +- The RC2 cipher is no more included. The one in libgcrypt is now used. + +* Version 1.0.11 (2004-04-17) +- Added gnutls_sign_algorithm_get_name() and gnutls_pk_algorithm_get_name() +- Corrected bug in TLS renegotiation. + +* Version 1.0.10 (2004-04-03) +- Corrected bug in RSA parameters handling which could cause + unexpected crashes. +- Corrected bug in SSL 3.0 authentication. + +* Version 1.0.9 (2004-03-29) +- Added gnutls_certificate_set_params_function() and + gnutls_anon_set_params_function() that set the RSA or DH + parameters using a callback. +- Added functions gnutls_rsa_params_cpy(), gnutls_dh_params_cpy() + and gnutls_x509_privkey_cpy(). +- Corrected a compilation issue when opencdk was installed in a + non standard directory. +- Documented the changes need in multi-threaded application due + to the new libgcrypt. + +* Version 1.0.8 (2004-02-28) +- Corrected bug in mutual certificate authentication in SSL 3.0. + +* Version 1.0.7 (2004-02-25) +- Implemented TLS 1.1 (and also obsoleted the TLS 1.0 CBC protection + hack). +- Some updates in the documentation. + +* Version 1.0.6 (2004-02-12) +* Backported things from the development branch (while maintaining + backwards compatibility): +- Improved gnutls-cli's SRP behaviour in SRP ciphersuites. + If they are of highest priority then the abbreviated handshake + is used. +- The error codes GNUTLS_E_NO_TEMPORARY_DH_PARAMS and GNUTLS_E_NO_TEMPORARY_RSA_PARAMS + are no longer returned by the handshake function. Ciphersuites that + require temporary parameters are removed when such parameters do not exist. +- Added the callbacks gnutls_certificate_client_retrieve_function() and + gnutls_certificate_server_retrieve_function(), to allow a client or a server + to specify certificates for the handshake without storing them to the + credentials structure. +- Added support for generating and exporting DSA private keys. + +* Version 1.0.5 (2004-02-11) +- Fixed a bug where 'server name' extension was always sent. +* Backported things from the development branch: +- Added CRL verification functionality to certtool. +- Corrected the CRL distribution point extension handling. +- Added PKCS #7 support to certtool utility. +- Added support for reading and generating CRL distribution + points extensions in certificates. +- Added support for generating CRLs in the library and the + certtool utility. +- Added support for the Subject Key ID PKIX extension. +- Added the gnutls_sign_algorithm type. + +* Version 1.0.4 (2004-01-04) +- Changed handshake behaviour to send the lowest TLS version + when an unsupported version was advertized. The current behaviour + is to send the maximum version we support. +- certtool no longer asks the password in unencrypted private + keys. +- The source is now compiled to use the reentrant libc functions. + +* Version 1.0.3 (2003-12-21) +- Corrected bug in gnutls_bye() which made it return an error code + of INVALID_REQUEST instead of success. +- Corrected a bug in the GNUTLS_KEY key usage definitions. + +* Version 1.0.2 (2003-12-18) +- Corrected a bug in the RSA key generation. This was + generating unusable RSA keys. + +* Version 1.0.1 (2003-12-10) +- Some minor fixes in the makefiles. They now include CFLAGS + from libgcrypt or opencdk if installed in a non standard directory. +- Fixed the SRP detection test in gnutls-cli-debug. +- Added gnutls_rsa_params_export_pkcs1() and gnutls_rsa_params_import_pkcs1(). + +* Version 1.0.0 (2003-12-04) +- Exported the static SRP group parameters. +- Some fixes in the certificate authenticated SRP ciphersuites. +- Improved the support for draft-ietf-tls-srp-05. The two-phase + handshake is now fully supported without any interaction with + the application layer (except for a callback). + +* Version 0.9.99 (2003-11-28) +- Some fixes in the gnutls.h header for the gnutls_server_name_set() + and gnutls_server_name_get() prototypes. +- Exported the gnutls_x509_privkey_sign_data(), gnutls_x509_privkey_verify_data() + and gnutls_x509_crt_verify_data(). +- Some fixes in the openpgp authentication. +- Removed the Twofish cipher. + +* Version 0.9.98 (2003-11-16) +- The openssl compatibility layer was moved to gnutls-openssl + library instead of being included in the gnutls-extra library. +- Added the RIPEMD ciphersuites defined in draft-ietf-tls-openpgp-keys-04. +- Building with openpgp support is now mandatory. +- gnutls4 compatibility header is no longer included by default in + gnutls.h. +- gnutls8 function usage yelds a deprecation warning in gcc3. +- gnutls_x509_*_set_dn_by_oid() and gnutls_x509_*_get_*_dn_by_oid() + functions have a raw_flag parameter added. +- Added gnutls_x509_*_get_dn_oid() and gnutls_x509_crt_get_extension_oid() + functions which return the available OIDs. + +* Version 0.9.97 (2003-11-11) +- The certtool utility can now generate PKCS #12 structures + without specifying a certificate. +- Added capability to read CRLs to certtool. +- Corrected some functions which return GNUTLS_E_SHORT_MEMORY_BUFFER + to properly set the required buffer size. +- Corrected a bug in libgcrypt detection. + +* Version 0.9.96 (2003-11-09) +- Some changes to allow compilation with mingw32. +- Several code cleanups. + +* Version 0.9.95 (2003-11-02) +- Improved the verification functions. Added new verification + output flags and removed the unused and redundant ones. +- Improved the OpenPGP key support. +- The prime utility was removed, and its functionality was moved + to certtool. + +* Version 0.9.94 (2003-10-30) +- Added manpages for the included programs. +- Documented and improved the certtool utility. +- Added PKCS #12 support to certtool utility. + +* Version 0.9.93 (2003-10-26) +- Corrected some compilation issues. +- Improved the certtool command line utility. + +* Version 0.9.92 (2003-10-25) +- The RFC2818 hostname verification is now case insensitive. +- Added support for generating X.509 certificates. +- Added the certtool, a tool for generating X.509 certificates + +* Version 0.9.91 (2003-10-17) +- Fixed a compilation issue in the openpgp authentication part. + +* Version 0.9.90 (2003-10-08) +- Updated the openpgp key API (depends on the unreleased new + opencdk). + +* Version 0.9.8 (2003-10-02) +- Updated the SRP implementation to follow the latest draft + (draft-ietf-tls-srp-05). +- Improved the gnutls-cli behaviour in error handling, + and added a check for the peer's hostname. +- Use versioned symbols in the library (where available). +- RIJNDAEL ciphersuites were renamed to AES. + +* Version 0.9.7 (2003-08-25) +- The tex files are now included in the distribution. +- The library can now decrypt PKCS #12 files encrypted with + the RC2-40 cipher. +- The missing rfc2818_hostname object is now included. +- Several corrections and bug fixes in the library by + Arne Thomassen . +- CR is now allowed in the base64 decoder. + +* Version 0.9.6 (2003-06-28) +- Added gnutls_x509_privkey_get_key_id() and gnutls_x509_crt_get_key_id() + functions which return a unique (per public key) ID. These can + be used to check if the private key corresponds to a given certificate. +- Corrections in the TLS layer openpgp certificate packet parser. +- Corrected a bug in the record layer buffering, which affected + the case where external pull function was used. Report and patch + by Sergey Poznyakoff . +- Corrected a bug in gnutls-srpcrypt where a non allocated variable + was freed. +- SRP programs are now built by default. +- Added API to read and write to PKCS #12 structures. Prototypes + in gnutls/pkcs12.h. +- The gnutls_transport_ptr type was changed to a pointer type (void*). + +* Version 0.9.5 (2003-04-06) +- Several improvements in the PKCS #7 handling +- Eliminated several hard coded constants in MPI parameters. + +* Version 0.9.4 (2003-03-28) +- Corrected a parsing error in the Certificate request message. +- Corrected behaviour when a certificate request message is received. + Now a certificate packet is always sent, and in SSL 3.0 cipher suites + a no_certificate alert is sent instead. +- Added functionality to generate PKCS #7 structures (with certificates). + +* Version 0.9.3 (2003-03-24) +- Support for MD2 was dropped. +- Improved the error logging functions, by adding a level, and + by allowing debugging messages just by increasing the level. +- The diffie Hellman ciphersuites are now of higher priority than + the plain RSA. +- The RSA premaster secret version check can no longer be disabled. +- Implemented the counter measure discussed in the paper "Attacking + RSA-based Sessions in SSL/TLS", against the attack described in the + same paper. +- Added the functions: gnutls_handshake_get_last_in(), + gnutls_handshake_get_last_out(). +- The gnutls_certificate_set_rsa_params() was renamed to + gnutls_certificate_set_rsa_export_params(). +- Added the new functions: gnutls_certificate_set_x509_key() + gnutls_certificate_set_x509_trust(), gnutls_certificate_set_x509_crl(), + gnutls_x509_crt_export(), gnutls_x509_crl_export(). +- Added support for encoding and decoding PKCS #8 2.0 encrypted + RSA private keys. + +* Version 0.9.2 (2003-03-15) +- Some corrections in the memory mapping code (file is unmapped after + it is read). +- Added support for PKCS#10 certificate requests generation. + +* Version 0.9.1 (2003-03-12) +- Corrected a bug in 64 bit architectures, which affected the + serial number calculation in the record layer. +- Added gnutls_certificate_free_keys() which deletes all the + private keys and certificates from the credentials structure. +- Corrected a broken buffer check in _gnutls_io_read_buffered(), + which caused some unexpected packet length errors. Report and patch + by Ian Peters . +- Added ability to generate RSA keys. +- Increased the maximum parameter size in order to read some large keys + by some CAs. Patch by Ian Peters . +- Added an strnstr() function and the requirement in some functions to + use null terminated PEM structures is no more. +- Use mmap() if available to read files. +- Fixed a memory leak in SRP code reported by Rupert Kittinger + . + +* Version 0.9.0 (2003-03-03) +- This version is not binary compatible with the previous ones. +- The library notifies the application on empty and illegal SRP usernames, + so that proper notification (via an alert) is sent to the peer. +- Added ability to send some messages back to the application using + the gnutls_global_set_log_function(). +- gnutls_dh_params_generate() and gnutls_rsa_params_generate() now use + gnutls_malloc() to allocate the output parameters. +- Added support for MD2 algorithm in certificate signature verification. +- The RSA and DH parameter generation interface was changed. Added + ability to import and export from and to PKCS3 structures. This + was needed to read parameters generated using the openssl dhparam tool. +- Several changes in the temporary (DH/RSA) parameter codebase. No DH + parameters are now included in the library. Also the credentials structure + can now hold only one temporary parameter of a kind. +- Added a new Certificate, CRL, Private key and PKCS7 structures handling + API, defined in gnutls/x509.h +- Added gnutls_certificate_set_verify_flags() function to allow setting the + verification flags in the credentials structure. They will be used in the + *verify_peers functions. +- Added protection against the new TLS 1.0 record layer timing attack. +- Added support for Certificate revocation lists. Functions defined + in gnutls/x509.h +- The only functions that were removed are: + gnutls_x509_certificate_to_xml() + gnutls_x509_extract_dn_string() +- Ported to libtasn1 0.2.x + +* Version 0.8.1 (2003-01-22) +- Improved the SRP support, to prevent attackers guessing the + available usernames by brute force. +- Improved the SRP detection in gnutls-cli-debug +- Some fixes which now allow compilation. + +* Version 0.8.0 (2003-01-20) +- Added gnutls_x509_extract_dn_string() which returns a + distinguished name in a single string. +- Added gnutls_openpgp_extract_key_name_string() which returns + an openpgp user ID in a single string. +- Added gnutls_x509_extract_certificate_ca_status() which returns + the CA status of the given certificate. +- Added SRP-6 support. Follows draft-ietf-tls-srp-04. +- If libtasn1 is not present in the system, it is included in + the main gnutls library. +- If liblzo is present in the system, then the included minilzo + will not be used, and libgnutls-extra will depend on liblzo. +- GNUTLS_E_PARSING_ERROR error code was replaced by GNUTLS_E_BASE64_DECODING_ERROR, + and GNUTLS_E_SRP_PWD_PARSING_ERROR. GNUTLS_E_ASCII_ARMOR_ERROR was also + replaced by GNUTLS_E_BASE64_DECODING_ERROR. + +* Version 0.6.0 (2002-12-08) +- Added "gnutls/compat4.h" header. This is included in gnutls.h + to emulate the old 0.4.x API. +- Example programs are now stored in doc/examples/ +- Several improvements and updates in the documentation. +- Added the certificate authenticated SRP cipher suites. +- gnutls_x509_extract_certificate_dn_string() was updated to return + an RFC2253 conforming string. +- Added the SRP related functions: + gnutls_srp_verifier() + gnutls_srp_base64_encode() + gnutls_srp_base64_decode() +- Added the function gnutls_srp_set_server_credentials_function() + to allow retrieving SRP parameters from an external backend - other + than password files. +- Added the function gnutls_openpgp_set_recv_key_function() + which can be used to set a callback, to get OpenPGP keys. +- Exported the functions: + gnutls_malloc() + gnutls_free() + which should be used by callback functions. +- Changed the semantics of gnutls_pem_base64_encode_alloc() + and gnutls_pem_base64_decode_alloc(). In the default case + were the gnutls library is used with malloc/realloc/free, + these are binary compatible. + +* Version 0.5.11 (2002-11-05) +- Some fixes in 'gnutls-cli' client program to prevent some segmentation + faults at exit. +- Example programs found in the documentation can now be generated by + running "make examples" in doc/tex directory. +- Added more descriptive error strings, to gnutls_strerror(). +- Documented error codes, and the function reference list is now sorted. +- Optimized buffering code. +- gnutls_x509_extract_certificate_dn_string() was rewritten. +- Added GNUTLS_E_SHORT_MEMORY_BUFFER error code, which is returned in the + case where the memory buffer provided is not long enough. +- Depends on the new OpenCDK 0.3.2. + +* Version 0.5.10 (2002-10-13) +- Updated documentation. +- Added server name extension. This allows clients to specify the + name of the server they connect to. Useful to HTTPS. +- Several corrections in the code base, mostly in signed/unsigned, + checkings. + +* Version 0.5.9 (2002-10-10) +- Corrected some code which worked fine in gcc 3.2, but not with any + other compiler. +- Updated 'gnutls-cli' with the '--starttls' option, to allow testing + starttls implementations. +- Added gnutls_x509_extract_key_pk_algorithm() function which extracts + the private key type, of a DER encoded key. +- Added gnutls_x509_extract_certificate_dn_string() which returns the + certificate's distinguished name in a single string. +- Added gnutls_set_default_priority() and gnutls_set_default_export_priority() + functions, to avoid calling all the *_priority() functions if the defaults + are acceptable. +- Added int gnutls_x509_check_certificates_hostname() which check whether + the given hostname matches the owner of the given X.509 certificate. + +* Version 0.5.8 (2002-09-25) +- Updated documentation. +- Added gnutls_record_get_direction() which replaces the obsolete + gnutls_handshake_get_direction(). +- Added function to convert error codes to alert descriptions +- Added LZO compression + +* Version 0.5.7 (2002-09-11) +- Some fixes in the memory allocation functions (realloc). +- Improved the string functions used in XML certificate generation. +- Removed dependency on libgdbm. +- Corrected bug in gnutls_dh_params_set() which affected + gnutls_dh_params_deinit(). +- Corrected bug in session resuming code in server side. + +* Version 0.5.6 (2002-09-06) +- Corrected bugs in SRP implementation, which prevented gnutls + to interoperate with other implementations. (interoperability testing + was done by David Taylor) +- Corrected bug in cert_type extension. +- Corrected extension type checks which used an 8 bit extension size, + instead of 16 bits. +- Added versioning in the XML output of certificate functions. +- Removed the X.509 test suite. + +* Version 0.5.5 (2002-09-03) +- Updated the SRP implementation to the latest draft. The blowfish + crypt implementation was removed, since the new draft does not allow + other hash algorithms except for the srpsha. +- Renamed all the constructed types in order to have more consistent + names. +- Improved the certificate and key read functions. Now they can read + the certificate and the private key from the same file. +- Updated and corrected documentation. + +* Version 0.5.4 (2002-08-27) +- Fixes in TLS 1.0 PRF and SSL3 random functions. +- gnutls_handshake_set_exportable_detection() was obsoleted. +- Added gnutls_openpgp_extract_key_id() which returns the key ID. +- Corrected bug in DHE key exchange +- Added support for temporary RSA keys which are needed for the + export cipher suites. +- Added the TLS_RSA_EXPORT_ARCFOUR_40_MD5 ciphersuite. + +* Version 0.5.3 (2002-08-23) +- No changes. Replaces the tarball of 0.5.2 which accidentally contained + code from the unstable branch. + +* Version 0.5.2 (2002-08-22) +- Added an error code that is returned in clients which connect + to export only servers. This must be enabled using the + gnutls_handshake_set_exportable_detection() function. +- Updated openssl compatibility layer. +- Added gnutls_handshake_get_direction() function which returns + the state of the handshake when interrupted. + +* Version 0.5.1 (2002-07-17) +- Corrected the m4 macros which used instead of + +- Documentation fixes +- Added gnutls_transport_set_ptr2() function, which accepts two + different pointers, to be used while receiving, and + while sending data. +- Semantic changes in gnutls_record_set_max_size(). The requested + size is now immediately enforced at the output buffers. +- gnutls_global_init_extra() now fails if the library versions do + not match. +- Fixes in client and server example programs. Null encryption can + be used in these programs, to assist in debuging. +- Fixes in zlib compression code. + +* Version 0.5.0 (2002-07-06) +- Added X.509 certificate tests in tests/ directory +- Removed stubs for SRP and Anonymous authentication. They served + no purpose since they are always included, unless it was requested + not to do so. +- Added gnutls_handshake_set_private_extensions() function. This + function can be used to enable private (gnutls specific) cipher suites + and compression algorithms. +- Added check for C99 macro support by the compiler. +- Added functions gnutls_b64_encode_fmt2() and gnutls_b64_decode_fmt2() +- Added the new libtasn1 library. +- Removed the gdbm backend. Applications are now responsible for the + session resuming backend. The gnutls-serv application contains an + simple example on how to use gdbm for resuming. +- Headers for the gnutls library are now installed in $(includedir)/gnutls +- Added an OpenSSL compatible interface (with some limitations). +- Added functions to convert DER encoded certificates to XML format. + +* Version 0.4.4 (2002-06-24) +- Corrected bug in PKCS-1 RSA encryption which prevented gnutls to encrypt + using keys of some specific size. + +* Version 0.4.3 (2002-05-23) +- The gnutls-extra library now compiles fine, if the opencdk library is + not present. +- Several bug fixes. +- Added gnutls_global_set_mem_func() function, to set the memory allocation + functions, if other than the defaults are to be used. +- The default memory allocation functions are now the ones in libc. + +* Version 0.4.2 (2002-05-21) +- Separated ASN.1 structures parser documentation and TLS library + documentation. +- Added gnutls_handshake_set_rsa_pms() function, which disables the + version check in RSA premaster secret. +- Added gnutls_session_is_resumed() function, which reports if a session + is a resumed one. +- Added gnutls_state_set_ptr() and gnutls_state_get_ptr() functions, to + assist in callback functions. +- Replaced the included 1024 bit prime for Diffie Hellman, with a new + random one. +- Relicensed the library under the GNU Lesser General Public License +- Added gnutls-extra library which contains the GPL covered code of gnutls. + +* Version 0.4.1 (2002-04-07) +- Now uses alloca() for temporary variables +- Optimized RSA signing +- Added functions to return the peer's certificate activation and + expiration time. +- Corrected time function's behaviour (the time value returned no longer + relate to local timezone). + +* Version 0.4.0 (2002-04-01) +- Added support for RFC2630 (PKCS7) X.509 certificate sets +- Added new functions: gnutls_x509_extract_certificate_pk_algorithm(), + gnutls_openpgp_extract_key_pk_algorithm(). +- Several optimizations in the Handshake protocol +- Several optimizations in RSA algorithm +- Unified the return values because of small buffers. + +* Version 0.3.92 (2002-03-23) +- Updated documentation +- Combined error codes of ASN.1 parser and gnutls +- Removed GNUTLS_CERT_TRUSTED from the CertificateStatus enumeration +- Added protection against CBC chosen plaintext attack (disabled by default) +- Improved and optimized compression support + +* Version 0.3.91 (2002-03-03) +- Added gnutls-cli-debug program +- Corrections in session resumption +- Rehandshake can now handle negotiation of different authentication + type. +- gnutls-cli, gnutls-serv, gnutls-srpcrypt and gnutls-cli-debug are + now being installed. + +* Version 0.3.90 (2002-02-24) +- Handshake messages are not kept in memory any more. Now we use + less memory during a handshake +- Added support for certificates with DSA parameters +- Added DHE_DSS cipher suites +- Key exchange methods changed so they do not depend on the + certificate type. Added certificate type negotiation TLS extension. +- Added openpgp key support (EXPERIMENTAL) +- Improved Diffie Hellman key exchange support. +- Bug fixes in the RSA key exchange. +- Added check for the requested TLS extensions +- TLS extensions now use a 16 bit type field. +- Added a minimal string library to assist in ASN.1 parsing +- Changes in ASN.1 parser to work with the new bison +- Added gnutls_x509_extract_subject_alt_name(), which deprecates + gnutls_x509_extract_subject_dns_name() +- gnutls_x509_set_trust_(file/mem) can now be called multiple times +- gnutls_srp_server_set_cred_file() can now be called multiple times + +* Version 0.3.5 (2002-01-25) +- Corrected the RSA key exchange method, to avoid attacks against + PKCS-1 formating. + +* Version 0.3.4 (2002-01-20) +- Corrected bugs in DHE_RSA key exchange method + +* Version 0.3.3 (2002-01-19) +- Added gnutls_x509pki_verify_certificate() +- Added gnutls_x509pki_set_trust_mem() and gnutls_x509pki_set_key_mem() +- Bug fixes in srpcrypt (based on patch by Marc Huber) +- Bug fixes in the Handshake protocol (based on patch by Guillaume Morin) +- Corrected library versioning + +* Version 0.3.2 (2002-01-05) +- Corrected bug which did not allow a client to accept multiple CA names +- Added gnutls_fingerprint() +- Added gnutls_x509pki_extract_certificate_serial() +- Added gnutls_b64_encode_fmt() and gnutls_b64_decode_fmt() +- Corrected behaviour in version advertizing +- Updated documentation +- Prefixed all types in gnutls.h with 'GNUTLS_' to avoid namespace collisions + +* Version 0.3.1 (2001-12-21) +- Corrections in the configuration files +- Fixes a bug in anonymous authentication + +* Version 0.3.0 (2001-12-17) +- Corrected bug in new integer formatting (now we use the old format again) +- Several corrections and usual cleanups + +* Version 0.2.91 (2001-12-10) +- Fixes in MPI handling (fixes possible bug with signed integers) +- Removed name indication extension +- Added gnutls_transport_get_ptr() and gnutls_db_get_ptr() +- Optimizations in server certificate callback. +- Fixes in anonymous authentication +- Corrections in client ciphersuite selection + +* Version 0.2.90 (2001-12-07) +- gnutls_handshake(), gnutls_read() etc. functions no longer require + the 'SOCKET cd' argument. This argument is set using the function + gnutls_set_transport_ptr(). +- introduced gnutls_x509pki_get_peer_certificate_list(). This function returns + a list containing peer's certificate and issuers DER encoded. +- Updated X.509 certificate handling API +- Added callback to select the server certificate +- More consistent function naming (changes in several function names) +- Buffer overflow checking in ASN.1 structures parser +- Updated documentation + +* Version 0.2.11 (2001-11-16) +- Changed the meaning of GNUTLS_E_REHANDSHAKE value. If this value + is returned, then the caller should perform a handshake or send + an alert to the peer. +- Made receive buffer dynamic. Normally if no large chunks are received + it occupies less space. +- Added max_record_size extension +- Bugfixes in session handling +- Improved non blocking IO support in the Handshake Protocol +- Usual bugfixes and cleanups +- Documentation updated (includes ASN.1 documentation) + +* Version 0.2.10 (2001-11-05) +- Corrected bugs and improved non blocking IO +- Added hooks to use external database to store sessions +- Usual cleanups + +* Version 0.2.9 (2001-10-27) +- AUTH_INFO types and structures were moved to library internals +- AUTH_FAILED is no longer returned in SRP authentication + (any fatal error in SRP means auth failed) +- Introduced GNUTLS_E_INTERRUPTED +- Added support for non blocking IO +- gnutls_recv() and gnutls_send() are now obsolete +- Changed semantics of gnutls_rehandshake() + +* Version 0.2.4 (2001-10-12) +- Better handling of X.509 certificate extensions +- Added DHE_RSA ciphersuites +- Updated the Name Indication (dnsname) extension +- Improvements in Diffie Hellman primes handling + +* Version 0.2.3 (2001-09-19) +- Memory optimizations in gnutls_recv() +- Fixed several memory leaks +- Added ability to specify callback for x509 client certificate selection +- Better documentation + +* Version 0.2.2 (2001-08-21) +- Several bugfixes (library and documentation) + +* Version 0.2.1 (2001-08-07) +- SRP fixes + +* Version 0.2.0 (2001-08-07) +- Partial support for X.509v3 Certificate extensions. +- Added Internal memory handlers +- Removed gnutls_x509_set_cn() +- Added X.509 client authentication +- Several bug fixes and protocol fixes + +* Version 0.1.9 (2001-07-30) +- Corrected bug(s) in ChangeCipherSpec packet (fixes renegotiate) +- SRP is updated to conform to the newest draft. +- Added support for DNSNAME extension. +- Reentracy fixes in ASN.1 Parsing. +- Optimizations in hash/hmac functions +- (Error) message handling has changed +- Better Protocol Version handling +- Added X.509 Certificate Verification +- gnutls_read() semantics are now closer to read(2) - added EOF +- Documented some part of gnutls in doc/tex/ using Latex + +* Version 0.1.4 (2001-06-22) +- Corrected (srp) base64 encoding. +- Changed bcrypt algorithm to include username. +- Added RSA Ciphersuites (no certificate checking). +- Fixes in SSL 2.0 client hello parsing. +- Added ASN.1 and DER parsers. +- Bugfixes in session resuming +- Updated Ciphersuite selection algorithm +- Added internal representation of X.509 structures. +- Added global state + +* Version 0.1.3 (2001-06-01) +- Updated API (and the way it is documented - we use inline documentation) +- Added function to access alert messages. +- Added support for renegotiating parameters. +- Better and Faster Resume Database handling. +- Several bugfixes + +* Version 0.1.2 (2001-05-14) +- Updated API +- Fixes in extension handling + +* Version 0.1.1 (2001-05-13) +- Added compatibility with Stanford's libsrp library + +* Version 0.1.0 (2001-05-09) +- Added SSL 2.0 client hello support +- GNUTLS is a gnu library +- Added support for TLS extensions. +- Added support for SRP + +* Version 0.0.7 (2001-01-11) +- Added server side session resuming (using gdbm) +- Added twofish algorithm + +* Version 0.0.6 (2000-12-20) +- Added client side session resuming +- Better documentation (check doc/API) +- Better socket handling (gnutls can be used with select()) +- Some primitive support for non blocking IO and socket options has been added. + +* Version 0.0.5 (2000-12-07) +- Added Compression (using ZLIB) +- Added SSL 3.0 support + +---------------------------------------------------------------------- +Copying and distribution of this file, with or without modification, +are permitted in any medium without royalty provided the copyright +notice and this notice are preserved. diff --git a/README.md b/README.md new file mode 100644 index 0000000..338ff0d --- /dev/null +++ b/README.md @@ -0,0 +1,178 @@ +[![CII Best Practices](https://bestpractices.coreinfrastructure.org/projects/330/badge)](https://bestpractices.coreinfrastructure.org/projects/330) + +|Branch|CI system|Status|Coverage| +|:----:|:-------:|-----:|:------:| +|Master|Gitlab|[![build status](https://gitlab.com/gnutls/gnutls/badges/master/build.svg)](https://gitlab.com/gnutls/gnutls/commits/master)|[![coverage report](https://gitlab.com/gnutls/gnutls/badges/master/coverage.svg)](https://gnutls.gitlab.io/coverage/master)| +|Master|Travis|[![build status](https://travis-ci.org/gnutls/gnutls.svg?branch=master)](https://travis-ci.org/gnutls/gnutls)|N/A| +|3.5.x|Gitlab|[![build status](https://gitlab.com/gnutls/gnutls/badges/gnutls_3_5_x/build.svg)](https://gitlab.com/gnutls/gnutls/commits/gnutls_3_5_x)|[![coverage report](https://gitlab.com/gnutls/gnutls/badges/gnutls_3_5_x/coverage.svg)](https://gnutls.gitlab.io/coverage/3.5.x)| +|3.5.x|Travis|[![build status](https://travis-ci.org/gnutls/gnutls.svg?branch=gnutls_3_5_x)](https://travis-ci.org/gnutls/gnutls)|N/A| +|3.3.x|Gitlab|[![build status](https://gitlab.com/gnutls/gnutls/badges/gnutls_3_3_x/build.svg)](https://gitlab.com/gnutls/gnutls/commits/gnutls_3_3_x)|N/A| + + +# GnuTLS -- Information for developers + +GnuTLS implements the TLS/SSL (Transport Layer Security aka Secure +Sockets Layer) protocol. Additional information can be found at +[www.gnutls.org](https://www.gnutls.org/). + +This file contains instructions for developers and advanced users that +want to build from version controlled sources. See [INSTALL.md](INSTALL.md) +for building released versions. + +We require several tools to check out and build the software, including: + +* [Make](https://www.gnu.org/software/make/) +* [Automake](https://www.gnu.org/software/automake/) (use 1.11.3 or later) +* [Autoconf](https://www.gnu.org/software/autoconf/) +* [Autogen](https://www.gnu.org/software/autogen/) (use 5.16 or later) +* [Libtool](https://www.gnu.org/software/libtool/) +* [Gettext](https://www.gnu.org/software/gettext/) +* [Texinfo](https://www.gnu.org/software/texinfo/) +* [Tar](https://www.gnu.org/software/tar/) +* [Gzip](https://www.gnu.org/software/gzip/) +* [Texlive & epsf](https://www.tug.org/texlive/) (for PDF manual) +* [GTK-DOC](https://www.gtk.org/gtk-doc/) (for API manual) +* [Git](https://git-scm.com/) +* [Perl](https://www.cpan.org/) +* [Nettle](https://www.lysator.liu.se/~nisse/nettle/) +* [Guile](https://www.gnu.org/software/guile/) +* [p11-kit](https://p11-glue.github.io/p11-glue/p11-kit.html) +* [gperf](https://www.gnu.org/software/gperf/) +* [libtasn1](https://www.gnu.org/software/libtasn1/) (optional) +* [Libidn2](https://www.gnu.org/software/libidn/#libidn2) (optional, for internationalization of DNS, IDNA 2008) +* [Libunistring](https://www.gnu.org/software/libunistring/) (optional, for internationalization) +* [AWK](https://www.gnu.org/software/awk/) (for make dist, pmccabe2html) +* [bison](https://www.gnu.org/software/bison) (for datetime parser in certtool) +* [libunbound](https://unbound.net/) (for DANE support) +* [libabigail](https://pagure.io/libabigail/) (for abi comparison in make dist) +* [tcsd](https://trousers.sourceforge.net/) (for TPM support; optional) +* [swtpm](https://github.com/stefanberger/swtpm) (for TPM test; optional) +* [ncat](https://nmap.org/download.html) (for TPM test; optional) +* [tpm-tools](https://trousers.sourceforge.net/) (for TPM test; optional) +* [expect](https://core.tcl.tk/expect/index) (for TPM test; optional) + +The required software is typically distributed with your operating +system, and the instructions for installing them differ. Here are +some hints: + +Debian/Ubuntu: +``` +apt-get install -y dash git-core autoconf libtool gettext autopoint +apt-get install -y automake autogen nettle-dev libp11-kit-dev libtspi-dev libunistring-dev +apt-get install -y guile-2.2-dev libtasn1-6-dev libidn2-0-dev gawk gperf +apt-get install -y libunbound-dev dns-root-data bison gtk-doc-tools +apt-get install -y texinfo texlive texlive-generic-recommended texlive-extra-utils +``` + +Fedora/RHEL: +``` +yum install -y dash git autoconf libtool gettext-devel automake autogen patch +yum install -y nettle-devel p11-kit-devel autogen-libopts-devel libunistring-devel +yum install -y trousers-devel guile22-devel libtasn1-devel libidn2-devel gawk gperf +yum install -y libtasn1-tools unbound-devel bison gtk-doc texinfo texlive +``` + +Sometimes, you may need to install more recent versions of Automake, +Nettle, P11-kit and Autogen, which you will need to build from sources. + +Dependencies that are used during make check or make dist are listed below. +Moreover, for basic interoperability testing you may want to install openssl +and mbedtls. + +* [Valgrind](https://valgrind.org/) (optional) +* [Libasan](https://gcc.gnu.org//) (optional) +* [datefudge](https://packages.debian.org/datefudge) (optional) +* [nodejs](https://nodejs.org/) (needed for certain test cases) +* [softhsm](https://www.opendnssec.org/softhsm/) (for testing smart card support) +* [dieharder](https://www.phy.duke.edu/~rgb/General/dieharder.php) (for testing PRNG) +* [lcov](https://linux-test-project.github.io/) (for code coverage) + +Debian/Ubuntu: +``` +apt-get install -y valgrind libasan1 libubsan0 nodejs softhsm2 datefudge lcov libssl-dev libcmocka-dev expect +apt-get install -y dieharder libpolarssl-runtime openssl abigail-tools socat net-tools ppp lockfile-progs +``` + +Fedora/RHEL: +``` +yum install -y valgrind libasan libasan-static libubsan nodejs softhsm datefudge lcov openssl-devel expect +yum install -y dieharder mbedtls-utils openssl libabigail libcmocka-devel socat lockfile-progs +``` + + +To download the version controlled sources: + +``` +$ git clone https://gitlab.com/gnutls/gnutls.git +$ cd gnutls +``` + +The next step is to bootstrap and ./configure: + +``` +$ ./bootstrap +$ ./configure +``` + +When built this way, some developer defaults will be enabled. See +cfg.mk for details. + +Then build the project normally, and run the test suite. + +``` +$ make +$ make check +``` + +To test the code coverage of the test suite use the following: +``` +$ ./configure --enable-code-coverage +$ make && make check && make code-coverage-capture +``` + +Individual tests that may require additional hardware (e.g., smart cards) +are: +``` +$ sh tests/suite/testpkcs11 +``` + +# Building for windows + +It is recommended to cross compile using Fedora and the following +dependencies: + +``` +yum install -y wine mingw32-nettle mingw32-libtasn1 mingw32-gcc +``` + +and build as: + +``` +mingw32-configure --enable-local-libopts --disable-non-suiteb-curves --disable-doc --without-p11-kit +mingw32-make +mingw32-make check +``` + +# Continuous Integration (CI) + +We utilize two continuous integration systems, the gitlab-ci and travis. +Gitlab-CI is used to test most of the Linux systems (see .gitlab-ci.yml), +and is split in two phases, build image creation and compilation/test. The +build image creation is done at the gnutls/build-images subproject and +uploads the image at the gitlab.com container registry. The compilation/test +phase is on every commit to gnutls project. + +The Travis based CI, is used to test compilation on MacOSX based systems. + + +# Contributing + +See [the contributing document](CONTRIBUTING.md). + + +Happy hacking! + +---------------------------------------------------------------------- +Copying and distribution of this file, with or without modification, +are permitted in any medium without royalty provided the copyright +notice and this notice are preserved. diff --git a/THANKS b/THANKS new file mode 100644 index 0000000..1e469b9 --- /dev/null +++ b/THANKS @@ -0,0 +1,168 @@ +GnuTLS THANKS -- Acknowledgements. +Copyright (C) 2005-2012 Free Software Foundation, Inc. +Copyright (C) 2000, 2001, 2002, 2003, 2004 Nikos Mavrogiannopoulos +See the end for copying conditions. + +Here is a list of people, who helped in GnuTLS development. Please +help us to keep it complete and free of errors. We apologise to those +whom we no doubt have forgotten. + +Werner Koch *wk [at] gnupg.org* +Tarun Upadhyay *tarun [at] poboxes.com* +Neil Spring *nspring [at] saavie.org* +Paul Sheer *psheer [at] icon.co.za* +Jon Nelson *jnelson [at] securepipe.com* +Simon Josefsson *jas [at] extundo.com* +Marco d'Itri *md [at] linux.it* +Mike Siers *mikes [at] poliac.com* +Marc Huber *Marc.Huber [at] web.de* +Guillaume Morin *guillaume [at] morinfr.org* +Jeff Johnson *jbj [at] redhat.com* +David Taylor *dtaylor [at] swiftdsl.com.au* +Ivo Timmermans *ivo [at] o2w.nl* +Ian Peters *itp [at] ximian.com* +Arne Thomassen *arne [at] arne-thomassen.de* +Casey Marshall *rsdio [at] metastatic.org* +Dimitri Papadopoulos-Orfanos *papadopo [at] shfj.cea.fr* +Michael Heironimus *mkh01 [at] earthlink.net* +Niels Bjergstrom *njb [at] chi-publishing.com* +Robey Pointer *robey [at] danger.com* +Simon Posnjak *simon.posnjak [at] cetrtapot.si* +Gerrit P. Haase *gp [at] familiehaase.de* +Yoann Vandoorselaere *yoann [at] prelude-ids.org* +Joe Orton *joe [at] manyfish.co.uk* +Stéphane LOEUILLET *stephane.loeuillet [at] tiscali.fr* +Aleix Conchillo Flaque *aleix [at] member.fsf.org* +Martijn Koster *mak [at] greenhills.co.uk* +Marcin Garski *mgarski [at] post.pl* +Martin Lambers *marlam [at] web.de* +Michael Ringe *Michael.Ringe [at] aachen.utimaco.de* +Daniel Black *dragonheart [at] gentoo.org* +Scott Bronson *bronson [at] rinspin.com* +Rupert Kittinger *rkit [at] mur.at* +Eric Leblond *eleblond [at] inl.fr* +Adam Langley *alangley [at] gmail.com* +Sergey Lipnevich *sergey [at] optimaltec.com* +Mike Castle *dalgoda [at] ix.netcom.com* +Thomas Klausner *tk [at] giga.or.at* +Matthias Urlichs *smurf [at] smurf.noris.de* +Ralph Giles *giles [at] onlinegamegroup.com* +Daniel Stenberg *daniel [at] haxx.se* +Jouni Malinen *jkmaline [at] cc.hut.fi* +Evgeny Legerov *admin [at] gleg.net* +John Heiden *JHeiden [at] UTNet.UToledo.Edu* +Andreas Metzler *ametzler [at] bebt.de* +Mario Lenz *mario.lenz [at] gmx.net* +Jefferson Ogata *Jefferson.Ogata [at] noaa.gov* +Sascha Ziemann *sascha.ziemann [at] secunet.com* +Roman Bogorodskiy *novel [at] FreeBSD.org* +Robert Millan *rmillan [at] ackstorm.es* +Kataja Kai *kai.kataja [at] op.fi* +Georg Schwarz *georg.schwarz [at] freenet.de* +Michael C. Vergallen *mvergall [at] telenet.be* +Andrey Nosenko *andrew.w.nosenko [at] gmail.com* +Nate Nielsen *nielsen-list [at] memberwebs.com* +Max Kellermann *max [at] duempel.org* +Ludovic Courtès *ludovic.courtes [at] laas.fr* +Paul Millar *p.millar [at] physics.gla.ac.uk* +Pavlov Konstantin *thresh [at] altlinux.ru* +Matthias Wimmer *m [at] tthias.eu* +Howard Chu *hyc [at] symas.com* +Dennis Vshivkov *walrus [at] amur.ru* +Kristofer T. Karas *ktk [at] enterprise.bidmc.harvard.edu* +Marc Haber *mh+debian-bugs [at] zugschlus.de* +Tim Mooney *tim [at] tim-the-enchanter.org* +Daniel Kahn Gillmor *dkg-debian.org [at] fifthhorseman.net* +Rainer Gerhards *rgerhards [at] gmail.com* +John Brooks *aspecialj [at] gmail.com* +Massimo Gaspari *massimo.gaspari [at] alice.it* +Marc F. Clemente *marc [at] mclemente.net* +Daniel Dehennin *nebuchadnezzar [at] asgardr.info* +martin f krafft *madduck [at] debian.org* +Sam Varshavchik *mrsam [at] courier-mta.com* +Tomas Mraz *tmraz [at] redhat.com* +Matthias Koenig *mkoenig [at] suse.de* +Christian Grothoff *christian [at] grothoff.org* +James Westby *jw+debian [at] jameswestby.net* +Kevin Quick *quick [at] sparq.org* +Arfrever Frehtes Taifersar Arahesis *arfrever.fta [at] gmail.com* +Jonathan Manktelow *jonathan [at] dyalog.com* +Thomas Viehmann *tv [at] beamnet.de* +Aaron Ucko *ucko [at] ncbi.nlm.nih.gov* +Anton Lavrentiev *lavr [at] ncbi.nlm.nih.gov* +Martin von Gagern *Martin.vGagern [at] gmx.net* +Douglas E. Engert *deengert [at] anl.gov* +Dagobert Michelsen *dam [at] opencsw.org* +Tom G. Christensen *tgc [at] jupiterrise.com* +Peter Hendrickson *pdh [at] wiredyne.com* +Tim Kosse *tim.kosse [at] filezilla-project.org* +Fabian Keil *fk [at] fabiankeil.de* +Brad Hards *bradh [at] frogmouth.net* +Daiki Ueno *ueno [at] unixuser.org* +Tomas Hoger *thoger [at] redhat.com* +Fabian Keil *fk [at] fabiankeil.de* +Jason Pettiss *jpettiss [at] yahoo.com* +Ilari Liusvaara *ilari.liusvaara [at] elisanet.fi* +Steve Dispensa *dispensa [at] phonefactor.com* +Vitaly Mayatskikh *v.mayatskih [at] gmail.com* +Claudio Saavedra *csaavedra [at] igalia.com* +Vincent Torri *vincent.torri [at] gmail.com* +Sjoerd Simons *sjoerd.simons [at] collabora.co.uk* +Micah Anderson *micah [at] riseup.net* +Michael Rommel *rommel [at] layer-7.net* +Mark Brand *mabrand [at] mabrand.nl* +Vitaly Kruglikov *vitaly.kruglikov [at] palm.com* +Kalle Olavi Niemitalo *kon [at] iki.fi* +Dash Shendy *admin [at] dash.za.net* +Rickard Bellgrim *rickard [at] opendnssec.org* +Petr Písař *petr.pisar [at] atlas.cz* +Dan Winship *danw [at] gnome.org* +Jonathan Nieder *jrnider [at] gmail.com* +J. Cameijo Cerdeira *cerdeira [at] co.sapo.pt* +Benjamin Hof *benjamin.hof [at] stusta.net* +Vincent Untz *vuntz [at] gnome.org* +Jan Misiak *fijam [at] archlinux.us* +David Hoyt *hoyt6 [at] llnl.gov* +Joseph Graham *joe [at] t67.eu* +Eli Zaretskii *eliz [at] gnu.org* +Patrick Pelletier *code [at] funwithsoftware.org* +Sean Buckheister *s_buckhe [at] cs.uni-kl.de* +Matthew Hall *mhall [at] mhcomputing.net* +Lucas Fisher *lucas.fisher [at] gmail.com* +Kikuchi Masashi *kikuchi [at] lepidum.co.jp* +Bartosz Brachaczek *b.brachaczek [at] gmail.com* +Bernhard R. Link *brlink [at] debian.org* +Rob McMahon *robmcmahoncv [at] gmail.com* +Mann Ern Kang *mann.ern.kang [at] gmail.com* +Daniel Mierswa *impulze [at] impulze.org* +B. Scott Michel *scottm [at] aero.org* +Bruce Korb *bkorb [at] gnu.org* +Nadhem Alfardan *Nadhem.Alfardan.2009 [at] live.rhul.ac.uk* +Pino Toscano *pino [at] debian.org* +Somchai Smythe *buraphalinuxserver [at] gmail.com* +Cedric Arbogast *arbogast.cedric [at] gmail.com* +Pavan Konjarla *pavan.konjarla [at] hp.com* +Bill Randle *billr [at] neocat.org* +Boyan Kasarov *bkasarov [at] gmail.com* +Michael Weiser *michael [at] weiser.dinsnail.net* +Emile van Bergen *emile [at] e-advies.nl* +David Marin Carreno *davefx [at] gmail.com* +Ruslan Ijbulatov (LRN) *lrn1986 [at] gmail.com* +Olga Smolenchuk *olyasib12 [at] gmail.com* +Ilya Tumaykin *itumaykin [at] gmail.com* +Frank Morgner *morgner [at] informatik.hu-berlin.de* +Jason Spafford *nullprogrammer [at] gmail.com* +Jared Wong *jaredlwong [at] gmail.com* +Alexandre Bique *bique.alexandre [at] gmail.com* +Alfredo Pironti *alfredo [at] pironti.eu* +Raj Raman *rajramanca [at] gmail.com* +Kurt Roeckx *kurt [at] roeckx.be* +Attila Molnar *attilamolnar [at] hush.com* +Giuseppe Scrivano *gscrivano [at] gnu.org* +Gustavo Zacarias *gustavo [at] zacarias.com.ar* + + +---------------------------------------------------------------------- +Copying and distribution of this file, with or without modification, +are permitted in any medium without royalty provided the copyright +notice and this notice are preserved. diff --git a/aclocal.m4 b/aclocal.m4 new file mode 100644 index 0000000..47030a4 --- /dev/null +++ b/aclocal.m4 @@ -0,0 +1,1447 @@ +# generated automatically by aclocal 1.16.1 -*- Autoconf -*- + +# Copyright (C) 1996-2018 Free Software Foundation, Inc. + +# This file is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +m4_ifndef([AC_CONFIG_MACRO_DIRS], [m4_defun([_AM_CONFIG_MACRO_DIRS], [])m4_defun([AC_CONFIG_MACRO_DIRS], [_AM_CONFIG_MACRO_DIRS($@)])]) +m4_ifndef([AC_AUTOCONF_VERSION], + [m4_copy([m4_PACKAGE_VERSION], [AC_AUTOCONF_VERSION])])dnl +m4_if(m4_defn([AC_AUTOCONF_VERSION]), [2.69],, +[m4_warning([this file was generated for autoconf 2.69. +You have another version of autoconf. It may work, but is not guaranteed to. +If you have problems, you may need to regenerate the build system entirely. +To do so, use the procedure documented by the package, typically 'autoreconf'.])]) + +# Copyright (C) 2002-2018 Free Software Foundation, Inc. +# +# This file is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# AM_AUTOMAKE_VERSION(VERSION) +# ---------------------------- +# Automake X.Y traces this macro to ensure aclocal.m4 has been +# generated from the m4 files accompanying Automake X.Y. +# (This private macro should not be called outside this file.) +AC_DEFUN([AM_AUTOMAKE_VERSION], +[am__api_version='1.16' +dnl Some users find AM_AUTOMAKE_VERSION and mistake it for a way to +dnl require some minimum version. Point them to the right macro. +m4_if([$1], [1.16.1], [], + [AC_FATAL([Do not call $0, use AM_INIT_AUTOMAKE([$1]).])])dnl +]) + +# _AM_AUTOCONF_VERSION(VERSION) +# ----------------------------- +# aclocal traces this macro to find the Autoconf version. +# This is a private macro too. Using m4_define simplifies +# the logic in aclocal, which can simply ignore this definition. +m4_define([_AM_AUTOCONF_VERSION], []) + +# AM_SET_CURRENT_AUTOMAKE_VERSION +# ------------------------------- +# Call AM_AUTOMAKE_VERSION and AM_AUTOMAKE_VERSION so they can be traced. +# This function is AC_REQUIREd by AM_INIT_AUTOMAKE. +AC_DEFUN([AM_SET_CURRENT_AUTOMAKE_VERSION], +[AM_AUTOMAKE_VERSION([1.16.1])dnl +m4_ifndef([AC_AUTOCONF_VERSION], + [m4_copy([m4_PACKAGE_VERSION], [AC_AUTOCONF_VERSION])])dnl +_AM_AUTOCONF_VERSION(m4_defn([AC_AUTOCONF_VERSION]))]) + +# Copyright (C) 2011-2018 Free Software Foundation, Inc. +# +# This file is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# AM_PROG_AR([ACT-IF-FAIL]) +# ------------------------- +# Try to determine the archiver interface, and trigger the ar-lib wrapper +# if it is needed. If the detection of archiver interface fails, run +# ACT-IF-FAIL (default is to abort configure with a proper error message). +AC_DEFUN([AM_PROG_AR], +[AC_BEFORE([$0], [LT_INIT])dnl +AC_BEFORE([$0], [AC_PROG_LIBTOOL])dnl +AC_REQUIRE([AM_AUX_DIR_EXPAND])dnl +AC_REQUIRE_AUX_FILE([ar-lib])dnl +AC_CHECK_TOOLS([AR], [ar lib "link -lib"], [false]) +: ${AR=ar} + +AC_CACHE_CHECK([the archiver ($AR) interface], [am_cv_ar_interface], + [AC_LANG_PUSH([C]) + am_cv_ar_interface=ar + AC_COMPILE_IFELSE([AC_LANG_SOURCE([[int some_variable = 0;]])], + [am_ar_try='$AR cru libconftest.a conftest.$ac_objext >&AS_MESSAGE_LOG_FD' + AC_TRY_EVAL([am_ar_try]) + if test "$ac_status" -eq 0; then + am_cv_ar_interface=ar + else + am_ar_try='$AR -NOLOGO -OUT:conftest.lib conftest.$ac_objext >&AS_MESSAGE_LOG_FD' + AC_TRY_EVAL([am_ar_try]) + if test "$ac_status" -eq 0; then + am_cv_ar_interface=lib + else + am_cv_ar_interface=unknown + fi + fi + rm -f conftest.lib libconftest.a + ]) + AC_LANG_POP([C])]) + +case $am_cv_ar_interface in +ar) + ;; +lib) + # Microsoft lib, so override with the ar-lib wrapper script. + # FIXME: It is wrong to rewrite AR. + # But if we don't then we get into trouble of one sort or another. + # A longer-term fix would be to have automake use am__AR in this case, + # and then we could set am__AR="$am_aux_dir/ar-lib \$(AR)" or something + # similar. + AR="$am_aux_dir/ar-lib $AR" + ;; +unknown) + m4_default([$1], + [AC_MSG_ERROR([could not determine $AR interface])]) + ;; +esac +AC_SUBST([AR])dnl +]) + +# Figure out how to run the assembler. -*- Autoconf -*- + +# Copyright (C) 2001-2018 Free Software Foundation, Inc. +# +# This file is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# AM_PROG_AS +# ---------- +AC_DEFUN([AM_PROG_AS], +[# By default we simply use the C compiler to build assembly code. +AC_REQUIRE([AC_PROG_CC]) +test "${CCAS+set}" = set || CCAS=$CC +test "${CCASFLAGS+set}" = set || CCASFLAGS=$CFLAGS +AC_ARG_VAR([CCAS], [assembler compiler command (defaults to CC)]) +AC_ARG_VAR([CCASFLAGS], [assembler compiler flags (defaults to CFLAGS)]) +_AM_IF_OPTION([no-dependencies],, [_AM_DEPENDENCIES([CCAS])])dnl +]) + +# AM_AUX_DIR_EXPAND -*- Autoconf -*- + +# Copyright (C) 2001-2018 Free Software Foundation, Inc. +# +# This file is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# For projects using AC_CONFIG_AUX_DIR([foo]), Autoconf sets +# $ac_aux_dir to '$srcdir/foo'. In other projects, it is set to +# '$srcdir', '$srcdir/..', or '$srcdir/../..'. +# +# Of course, Automake must honor this variable whenever it calls a +# tool from the auxiliary directory. The problem is that $srcdir (and +# therefore $ac_aux_dir as well) can be either absolute or relative, +# depending on how configure is run. This is pretty annoying, since +# it makes $ac_aux_dir quite unusable in subdirectories: in the top +# source directory, any form will work fine, but in subdirectories a +# relative path needs to be adjusted first. +# +# $ac_aux_dir/missing +# fails when called from a subdirectory if $ac_aux_dir is relative +# $top_srcdir/$ac_aux_dir/missing +# fails if $ac_aux_dir is absolute, +# fails when called from a subdirectory in a VPATH build with +# a relative $ac_aux_dir +# +# The reason of the latter failure is that $top_srcdir and $ac_aux_dir +# are both prefixed by $srcdir. In an in-source build this is usually +# harmless because $srcdir is '.', but things will broke when you +# start a VPATH build or use an absolute $srcdir. +# +# So we could use something similar to $top_srcdir/$ac_aux_dir/missing, +# iff we strip the leading $srcdir from $ac_aux_dir. That would be: +# am_aux_dir='\$(top_srcdir)/'`expr "$ac_aux_dir" : "$srcdir//*\(.*\)"` +# and then we would define $MISSING as +# MISSING="\${SHELL} $am_aux_dir/missing" +# This will work as long as MISSING is not called from configure, because +# unfortunately $(top_srcdir) has no meaning in configure. +# However there are other variables, like CC, which are often used in +# configure, and could therefore not use this "fixed" $ac_aux_dir. +# +# Another solution, used here, is to always expand $ac_aux_dir to an +# absolute PATH. The drawback is that using absolute paths prevent a +# configured tree to be moved without reconfiguration. + +AC_DEFUN([AM_AUX_DIR_EXPAND], +[AC_REQUIRE([AC_CONFIG_AUX_DIR_DEFAULT])dnl +# Expand $ac_aux_dir to an absolute path. +am_aux_dir=`cd "$ac_aux_dir" && pwd` +]) + +# AM_CONDITIONAL -*- Autoconf -*- + +# Copyright (C) 1997-2018 Free Software Foundation, Inc. +# +# This file is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# AM_CONDITIONAL(NAME, SHELL-CONDITION) +# ------------------------------------- +# Define a conditional. +AC_DEFUN([AM_CONDITIONAL], +[AC_PREREQ([2.52])dnl + m4_if([$1], [TRUE], [AC_FATAL([$0: invalid condition: $1])], + [$1], [FALSE], [AC_FATAL([$0: invalid condition: $1])])dnl +AC_SUBST([$1_TRUE])dnl +AC_SUBST([$1_FALSE])dnl +_AM_SUBST_NOTMAKE([$1_TRUE])dnl +_AM_SUBST_NOTMAKE([$1_FALSE])dnl +m4_define([_AM_COND_VALUE_$1], [$2])dnl +if $2; then + $1_TRUE= + $1_FALSE='#' +else + $1_TRUE='#' + $1_FALSE= +fi +AC_CONFIG_COMMANDS_PRE( +[if test -z "${$1_TRUE}" && test -z "${$1_FALSE}"; then + AC_MSG_ERROR([[conditional "$1" was never defined. +Usually this means the macro was only invoked conditionally.]]) +fi])]) + +# Copyright (C) 1999-2018 Free Software Foundation, Inc. +# +# This file is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + + +# There are a few dirty hacks below to avoid letting 'AC_PROG_CC' be +# written in clear, in which case automake, when reading aclocal.m4, +# will think it sees a *use*, and therefore will trigger all it's +# C support machinery. Also note that it means that autoscan, seeing +# CC etc. in the Makefile, will ask for an AC_PROG_CC use... + + +# _AM_DEPENDENCIES(NAME) +# ---------------------- +# See how the compiler implements dependency checking. +# NAME is "CC", "CXX", "OBJC", "OBJCXX", "UPC", or "GJC". +# We try a few techniques and use that to set a single cache variable. +# +# We don't AC_REQUIRE the corresponding AC_PROG_CC since the latter was +# modified to invoke _AM_DEPENDENCIES(CC); we would have a circular +# dependency, and given that the user is not expected to run this macro, +# just rely on AC_PROG_CC. +AC_DEFUN([_AM_DEPENDENCIES], +[AC_REQUIRE([AM_SET_DEPDIR])dnl +AC_REQUIRE([AM_OUTPUT_DEPENDENCY_COMMANDS])dnl +AC_REQUIRE([AM_MAKE_INCLUDE])dnl +AC_REQUIRE([AM_DEP_TRACK])dnl + +m4_if([$1], [CC], [depcc="$CC" am_compiler_list=], + [$1], [CXX], [depcc="$CXX" am_compiler_list=], + [$1], [OBJC], [depcc="$OBJC" am_compiler_list='gcc3 gcc'], + [$1], [OBJCXX], [depcc="$OBJCXX" am_compiler_list='gcc3 gcc'], + [$1], [UPC], [depcc="$UPC" am_compiler_list=], + [$1], [GCJ], [depcc="$GCJ" am_compiler_list='gcc3 gcc'], + [depcc="$$1" am_compiler_list=]) + +AC_CACHE_CHECK([dependency style of $depcc], + [am_cv_$1_dependencies_compiler_type], +[if test -z "$AMDEP_TRUE" && test -f "$am_depcomp"; then + # We make a subdir and do the tests there. Otherwise we can end up + # making bogus files that we don't know about and never remove. For + # instance it was reported that on HP-UX the gcc test will end up + # making a dummy file named 'D' -- because '-MD' means "put the output + # in D". + rm -rf conftest.dir + mkdir conftest.dir + # Copy depcomp to subdir because otherwise we won't find it if we're + # using a relative directory. + cp "$am_depcomp" conftest.dir + cd conftest.dir + # We will build objects and dependencies in a subdirectory because + # it helps to detect inapplicable dependency modes. For instance + # both Tru64's cc and ICC support -MD to output dependencies as a + # side effect of compilation, but ICC will put the dependencies in + # the current directory while Tru64 will put them in the object + # directory. + mkdir sub + + am_cv_$1_dependencies_compiler_type=none + if test "$am_compiler_list" = ""; then + am_compiler_list=`sed -n ['s/^#*\([a-zA-Z0-9]*\))$/\1/p'] < ./depcomp` + fi + am__universal=false + m4_case([$1], [CC], + [case " $depcc " in #( + *\ -arch\ *\ -arch\ *) am__universal=true ;; + esac], + [CXX], + [case " $depcc " in #( + *\ -arch\ *\ -arch\ *) am__universal=true ;; + esac]) + + for depmode in $am_compiler_list; do + # Setup a source with many dependencies, because some compilers + # like to wrap large dependency lists on column 80 (with \), and + # we should not choose a depcomp mode which is confused by this. + # + # We need to recreate these files for each test, as the compiler may + # overwrite some of them when testing with obscure command lines. + # This happens at least with the AIX C compiler. + : > sub/conftest.c + for i in 1 2 3 4 5 6; do + echo '#include "conftst'$i'.h"' >> sub/conftest.c + # Using ": > sub/conftst$i.h" creates only sub/conftst1.h with + # Solaris 10 /bin/sh. + echo '/* dummy */' > sub/conftst$i.h + done + echo "${am__include} ${am__quote}sub/conftest.Po${am__quote}" > confmf + + # We check with '-c' and '-o' for the sake of the "dashmstdout" + # mode. It turns out that the SunPro C++ compiler does not properly + # handle '-M -o', and we need to detect this. Also, some Intel + # versions had trouble with output in subdirs. + am__obj=sub/conftest.${OBJEXT-o} + am__minus_obj="-o $am__obj" + case $depmode in + gcc) + # This depmode causes a compiler race in universal mode. + test "$am__universal" = false || continue + ;; + nosideeffect) + # After this tag, mechanisms are not by side-effect, so they'll + # only be used when explicitly requested. + if test "x$enable_dependency_tracking" = xyes; then + continue + else + break + fi + ;; + msvc7 | msvc7msys | msvisualcpp | msvcmsys) + # This compiler won't grok '-c -o', but also, the minuso test has + # not run yet. These depmodes are late enough in the game, and + # so weak that their functioning should not be impacted. + am__obj=conftest.${OBJEXT-o} + am__minus_obj= + ;; + none) break ;; + esac + if depmode=$depmode \ + source=sub/conftest.c object=$am__obj \ + depfile=sub/conftest.Po tmpdepfile=sub/conftest.TPo \ + $SHELL ./depcomp $depcc -c $am__minus_obj sub/conftest.c \ + >/dev/null 2>conftest.err && + grep sub/conftst1.h sub/conftest.Po > /dev/null 2>&1 && + grep sub/conftst6.h sub/conftest.Po > /dev/null 2>&1 && + grep $am__obj sub/conftest.Po > /dev/null 2>&1 && + ${MAKE-make} -s -f confmf > /dev/null 2>&1; then + # icc doesn't choke on unknown options, it will just issue warnings + # or remarks (even with -Werror). So we grep stderr for any message + # that says an option was ignored or not supported. + # When given -MP, icc 7.0 and 7.1 complain thusly: + # icc: Command line warning: ignoring option '-M'; no argument required + # The diagnosis changed in icc 8.0: + # icc: Command line remark: option '-MP' not supported + if (grep 'ignoring option' conftest.err || + grep 'not supported' conftest.err) >/dev/null 2>&1; then :; else + am_cv_$1_dependencies_compiler_type=$depmode + break + fi + fi + done + + cd .. + rm -rf conftest.dir +else + am_cv_$1_dependencies_compiler_type=none +fi +]) +AC_SUBST([$1DEPMODE], [depmode=$am_cv_$1_dependencies_compiler_type]) +AM_CONDITIONAL([am__fastdep$1], [ + test "x$enable_dependency_tracking" != xno \ + && test "$am_cv_$1_dependencies_compiler_type" = gcc3]) +]) + + +# AM_SET_DEPDIR +# ------------- +# Choose a directory name for dependency files. +# This macro is AC_REQUIREd in _AM_DEPENDENCIES. +AC_DEFUN([AM_SET_DEPDIR], +[AC_REQUIRE([AM_SET_LEADING_DOT])dnl +AC_SUBST([DEPDIR], ["${am__leading_dot}deps"])dnl +]) + + +# AM_DEP_TRACK +# ------------ +AC_DEFUN([AM_DEP_TRACK], +[AC_ARG_ENABLE([dependency-tracking], [dnl +AS_HELP_STRING( + [--enable-dependency-tracking], + [do not reject slow dependency extractors]) +AS_HELP_STRING( + [--disable-dependency-tracking], + [speeds up one-time build])]) +if test "x$enable_dependency_tracking" != xno; then + am_depcomp="$ac_aux_dir/depcomp" + AMDEPBACKSLASH='\' + am__nodep='_no' +fi +AM_CONDITIONAL([AMDEP], [test "x$enable_dependency_tracking" != xno]) +AC_SUBST([AMDEPBACKSLASH])dnl +_AM_SUBST_NOTMAKE([AMDEPBACKSLASH])dnl +AC_SUBST([am__nodep])dnl +_AM_SUBST_NOTMAKE([am__nodep])dnl +]) + +# Generate code to set up dependency tracking. -*- Autoconf -*- + +# Copyright (C) 1999-2018 Free Software Foundation, Inc. +# +# This file is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# _AM_OUTPUT_DEPENDENCY_COMMANDS +# ------------------------------ +AC_DEFUN([_AM_OUTPUT_DEPENDENCY_COMMANDS], +[{ + # Older Autoconf quotes --file arguments for eval, but not when files + # are listed without --file. Let's play safe and only enable the eval + # if we detect the quoting. + # TODO: see whether this extra hack can be removed once we start + # requiring Autoconf 2.70 or later. + AS_CASE([$CONFIG_FILES], + [*\'*], [eval set x "$CONFIG_FILES"], + [*], [set x $CONFIG_FILES]) + shift + # Used to flag and report bootstrapping failures. + am_rc=0 + for am_mf + do + # Strip MF so we end up with the name of the file. + am_mf=`AS_ECHO(["$am_mf"]) | sed -e 's/:.*$//'` + # Check whether this is an Automake generated Makefile which includes + # dependency-tracking related rules and includes. + # Grep'ing the whole file directly is not great: AIX grep has a line + # limit of 2048, but all sed's we know have understand at least 4000. + sed -n 's,^am--depfiles:.*,X,p' "$am_mf" | grep X >/dev/null 2>&1 \ + || continue + am_dirpart=`AS_DIRNAME(["$am_mf"])` + am_filepart=`AS_BASENAME(["$am_mf"])` + AM_RUN_LOG([cd "$am_dirpart" \ + && sed -e '/# am--include-marker/d' "$am_filepart" \ + | $MAKE -f - am--depfiles]) || am_rc=$? + done + if test $am_rc -ne 0; then + AC_MSG_FAILURE([Something went wrong bootstrapping makefile fragments + for automatic dependency tracking. Try re-running configure with the + '--disable-dependency-tracking' option to at least be able to build + the package (albeit without support for automatic dependency tracking).]) + fi + AS_UNSET([am_dirpart]) + AS_UNSET([am_filepart]) + AS_UNSET([am_mf]) + AS_UNSET([am_rc]) + rm -f conftest-deps.mk +} +])# _AM_OUTPUT_DEPENDENCY_COMMANDS + + +# AM_OUTPUT_DEPENDENCY_COMMANDS +# ----------------------------- +# This macro should only be invoked once -- use via AC_REQUIRE. +# +# This code is only required when automatic dependency tracking is enabled. +# This creates each '.Po' and '.Plo' makefile fragment that we'll need in +# order to bootstrap the dependency handling code. +AC_DEFUN([AM_OUTPUT_DEPENDENCY_COMMANDS], +[AC_CONFIG_COMMANDS([depfiles], + [test x"$AMDEP_TRUE" != x"" || _AM_OUTPUT_DEPENDENCY_COMMANDS], + [AMDEP_TRUE="$AMDEP_TRUE" MAKE="${MAKE-make}"])]) + +# Do all the work for Automake. -*- Autoconf -*- + +# Copyright (C) 1996-2018 Free Software Foundation, Inc. +# +# This file is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This macro actually does too much. Some checks are only needed if +# your package does certain things. But this isn't really a big deal. + +dnl Redefine AC_PROG_CC to automatically invoke _AM_PROG_CC_C_O. +m4_define([AC_PROG_CC], +m4_defn([AC_PROG_CC]) +[_AM_PROG_CC_C_O +]) + +# AM_INIT_AUTOMAKE(PACKAGE, VERSION, [NO-DEFINE]) +# AM_INIT_AUTOMAKE([OPTIONS]) +# ----------------------------------------------- +# The call with PACKAGE and VERSION arguments is the old style +# call (pre autoconf-2.50), which is being phased out. PACKAGE +# and VERSION should now be passed to AC_INIT and removed from +# the call to AM_INIT_AUTOMAKE. +# We support both call styles for the transition. After +# the next Automake release, Autoconf can make the AC_INIT +# arguments mandatory, and then we can depend on a new Autoconf +# release and drop the old call support. +AC_DEFUN([AM_INIT_AUTOMAKE], +[AC_PREREQ([2.65])dnl +dnl Autoconf wants to disallow AM_ names. We explicitly allow +dnl the ones we care about. +m4_pattern_allow([^AM_[A-Z]+FLAGS$])dnl +AC_REQUIRE([AM_SET_CURRENT_AUTOMAKE_VERSION])dnl +AC_REQUIRE([AC_PROG_INSTALL])dnl +if test "`cd $srcdir && pwd`" != "`pwd`"; then + # Use -I$(srcdir) only when $(srcdir) != ., so that make's output + # is not polluted with repeated "-I." + AC_SUBST([am__isrc], [' -I$(srcdir)'])_AM_SUBST_NOTMAKE([am__isrc])dnl + # test to see if srcdir already configured + if test -f $srcdir/config.status; then + AC_MSG_ERROR([source directory already configured; run "make distclean" there first]) + fi +fi + +# test whether we have cygpath +if test -z "$CYGPATH_W"; then + if (cygpath --version) >/dev/null 2>/dev/null; then + CYGPATH_W='cygpath -w' + else + CYGPATH_W=echo + fi +fi +AC_SUBST([CYGPATH_W]) + +# Define the identity of the package. +dnl Distinguish between old-style and new-style calls. +m4_ifval([$2], +[AC_DIAGNOSE([obsolete], + [$0: two- and three-arguments forms are deprecated.]) +m4_ifval([$3], [_AM_SET_OPTION([no-define])])dnl + AC_SUBST([PACKAGE], [$1])dnl + AC_SUBST([VERSION], [$2])], +[_AM_SET_OPTIONS([$1])dnl +dnl Diagnose old-style AC_INIT with new-style AM_AUTOMAKE_INIT. +m4_if( + m4_ifdef([AC_PACKAGE_NAME], [ok]):m4_ifdef([AC_PACKAGE_VERSION], [ok]), + [ok:ok],, + [m4_fatal([AC_INIT should be called with package and version arguments])])dnl + AC_SUBST([PACKAGE], ['AC_PACKAGE_TARNAME'])dnl + AC_SUBST([VERSION], ['AC_PACKAGE_VERSION'])])dnl + +_AM_IF_OPTION([no-define],, +[AC_DEFINE_UNQUOTED([PACKAGE], ["$PACKAGE"], [Name of package]) + AC_DEFINE_UNQUOTED([VERSION], ["$VERSION"], [Version number of package])])dnl + +# Some tools Automake needs. +AC_REQUIRE([AM_SANITY_CHECK])dnl +AC_REQUIRE([AC_ARG_PROGRAM])dnl +AM_MISSING_PROG([ACLOCAL], [aclocal-${am__api_version}]) +AM_MISSING_PROG([AUTOCONF], [autoconf]) +AM_MISSING_PROG([AUTOMAKE], [automake-${am__api_version}]) +AM_MISSING_PROG([AUTOHEADER], [autoheader]) +AM_MISSING_PROG([MAKEINFO], [makeinfo]) +AC_REQUIRE([AM_PROG_INSTALL_SH])dnl +AC_REQUIRE([AM_PROG_INSTALL_STRIP])dnl +AC_REQUIRE([AC_PROG_MKDIR_P])dnl +# For better backward compatibility. To be removed once Automake 1.9.x +# dies out for good. For more background, see: +# +# +AC_SUBST([mkdir_p], ['$(MKDIR_P)']) +# We need awk for the "check" target (and possibly the TAP driver). The +# system "awk" is bad on some platforms. +AC_REQUIRE([AC_PROG_AWK])dnl +AC_REQUIRE([AC_PROG_MAKE_SET])dnl +AC_REQUIRE([AM_SET_LEADING_DOT])dnl +_AM_IF_OPTION([tar-ustar], [_AM_PROG_TAR([ustar])], + [_AM_IF_OPTION([tar-pax], [_AM_PROG_TAR([pax])], + [_AM_PROG_TAR([v7])])]) +_AM_IF_OPTION([no-dependencies],, +[AC_PROVIDE_IFELSE([AC_PROG_CC], + [_AM_DEPENDENCIES([CC])], + [m4_define([AC_PROG_CC], + m4_defn([AC_PROG_CC])[_AM_DEPENDENCIES([CC])])])dnl +AC_PROVIDE_IFELSE([AC_PROG_CXX], + [_AM_DEPENDENCIES([CXX])], + [m4_define([AC_PROG_CXX], + m4_defn([AC_PROG_CXX])[_AM_DEPENDENCIES([CXX])])])dnl +AC_PROVIDE_IFELSE([AC_PROG_OBJC], + [_AM_DEPENDENCIES([OBJC])], + [m4_define([AC_PROG_OBJC], + m4_defn([AC_PROG_OBJC])[_AM_DEPENDENCIES([OBJC])])])dnl +AC_PROVIDE_IFELSE([AC_PROG_OBJCXX], + [_AM_DEPENDENCIES([OBJCXX])], + [m4_define([AC_PROG_OBJCXX], + m4_defn([AC_PROG_OBJCXX])[_AM_DEPENDENCIES([OBJCXX])])])dnl +]) +AC_REQUIRE([AM_SILENT_RULES])dnl +dnl The testsuite driver may need to know about EXEEXT, so add the +dnl 'am__EXEEXT' conditional if _AM_COMPILER_EXEEXT was seen. This +dnl macro is hooked onto _AC_COMPILER_EXEEXT early, see below. +AC_CONFIG_COMMANDS_PRE(dnl +[m4_provide_if([_AM_COMPILER_EXEEXT], + [AM_CONDITIONAL([am__EXEEXT], [test -n "$EXEEXT"])])])dnl + +# POSIX will say in a future version that running "rm -f" with no argument +# is OK; and we want to be able to make that assumption in our Makefile +# recipes. So use an aggressive probe to check that the usage we want is +# actually supported "in the wild" to an acceptable degree. +# See automake bug#10828. +# To make any issue more visible, cause the running configure to be aborted +# by default if the 'rm' program in use doesn't match our expectations; the +# user can still override this though. +if rm -f && rm -fr && rm -rf; then : OK; else + cat >&2 <<'END' +Oops! + +Your 'rm' program seems unable to run without file operands specified +on the command line, even when the '-f' option is present. This is contrary +to the behaviour of most rm programs out there, and not conforming with +the upcoming POSIX standard: + +Please tell bug-automake@gnu.org about your system, including the value +of your $PATH and any error possibly output before this message. This +can help us improve future automake versions. + +END + if test x"$ACCEPT_INFERIOR_RM_PROGRAM" = x"yes"; then + echo 'Configuration will proceed anyway, since you have set the' >&2 + echo 'ACCEPT_INFERIOR_RM_PROGRAM variable to "yes"' >&2 + echo >&2 + else + cat >&2 <<'END' +Aborting the configuration process, to ensure you take notice of the issue. + +You can download and install GNU coreutils to get an 'rm' implementation +that behaves properly: . + +If you want to complete the configuration process using your problematic +'rm' anyway, export the environment variable ACCEPT_INFERIOR_RM_PROGRAM +to "yes", and re-run configure. + +END + AC_MSG_ERROR([Your 'rm' program is bad, sorry.]) + fi +fi +dnl The trailing newline in this macro's definition is deliberate, for +dnl backward compatibility and to allow trailing 'dnl'-style comments +dnl after the AM_INIT_AUTOMAKE invocation. See automake bug#16841. +]) + +dnl Hook into '_AC_COMPILER_EXEEXT' early to learn its expansion. Do not +dnl add the conditional right here, as _AC_COMPILER_EXEEXT may be further +dnl mangled by Autoconf and run in a shell conditional statement. +m4_define([_AC_COMPILER_EXEEXT], +m4_defn([_AC_COMPILER_EXEEXT])[m4_provide([_AM_COMPILER_EXEEXT])]) + +# When config.status generates a header, we must update the stamp-h file. +# This file resides in the same directory as the config header +# that is generated. The stamp files are numbered to have different names. + +# Autoconf calls _AC_AM_CONFIG_HEADER_HOOK (when defined) in the +# loop where config.status creates the headers, so we can generate +# our stamp files there. +AC_DEFUN([_AC_AM_CONFIG_HEADER_HOOK], +[# Compute $1's index in $config_headers. +_am_arg=$1 +_am_stamp_count=1 +for _am_header in $config_headers :; do + case $_am_header in + $_am_arg | $_am_arg:* ) + break ;; + * ) + _am_stamp_count=`expr $_am_stamp_count + 1` ;; + esac +done +echo "timestamp for $_am_arg" >`AS_DIRNAME(["$_am_arg"])`/stamp-h[]$_am_stamp_count]) + +# Copyright (C) 2001-2018 Free Software Foundation, Inc. +# +# This file is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# AM_PROG_INSTALL_SH +# ------------------ +# Define $install_sh. +AC_DEFUN([AM_PROG_INSTALL_SH], +[AC_REQUIRE([AM_AUX_DIR_EXPAND])dnl +if test x"${install_sh+set}" != xset; then + case $am_aux_dir in + *\ * | *\ *) + install_sh="\${SHELL} '$am_aux_dir/install-sh'" ;; + *) + install_sh="\${SHELL} $am_aux_dir/install-sh" + esac +fi +AC_SUBST([install_sh])]) + +# Copyright (C) 2003-2018 Free Software Foundation, Inc. +# +# This file is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# Check whether the underlying file-system supports filenames +# with a leading dot. For instance MS-DOS doesn't. +AC_DEFUN([AM_SET_LEADING_DOT], +[rm -rf .tst 2>/dev/null +mkdir .tst 2>/dev/null +if test -d .tst; then + am__leading_dot=. +else + am__leading_dot=_ +fi +rmdir .tst 2>/dev/null +AC_SUBST([am__leading_dot])]) + +# Add --enable-maintainer-mode option to configure. -*- Autoconf -*- +# From Jim Meyering + +# Copyright (C) 1996-2018 Free Software Foundation, Inc. +# +# This file is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# AM_MAINTAINER_MODE([DEFAULT-MODE]) +# ---------------------------------- +# Control maintainer-specific portions of Makefiles. +# Default is to disable them, unless 'enable' is passed literally. +# For symmetry, 'disable' may be passed as well. Anyway, the user +# can override the default with the --enable/--disable switch. +AC_DEFUN([AM_MAINTAINER_MODE], +[m4_case(m4_default([$1], [disable]), + [enable], [m4_define([am_maintainer_other], [disable])], + [disable], [m4_define([am_maintainer_other], [enable])], + [m4_define([am_maintainer_other], [enable]) + m4_warn([syntax], [unexpected argument to AM@&t@_MAINTAINER_MODE: $1])]) +AC_MSG_CHECKING([whether to enable maintainer-specific portions of Makefiles]) + dnl maintainer-mode's default is 'disable' unless 'enable' is passed + AC_ARG_ENABLE([maintainer-mode], + [AS_HELP_STRING([--]am_maintainer_other[-maintainer-mode], + am_maintainer_other[ make rules and dependencies not useful + (and sometimes confusing) to the casual installer])], + [USE_MAINTAINER_MODE=$enableval], + [USE_MAINTAINER_MODE=]m4_if(am_maintainer_other, [enable], [no], [yes])) + AC_MSG_RESULT([$USE_MAINTAINER_MODE]) + AM_CONDITIONAL([MAINTAINER_MODE], [test $USE_MAINTAINER_MODE = yes]) + MAINT=$MAINTAINER_MODE_TRUE + AC_SUBST([MAINT])dnl +] +) + +# Check to see how 'make' treats includes. -*- Autoconf -*- + +# Copyright (C) 2001-2018 Free Software Foundation, Inc. +# +# This file is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# AM_MAKE_INCLUDE() +# ----------------- +# Check whether make has an 'include' directive that can support all +# the idioms we need for our automatic dependency tracking code. +AC_DEFUN([AM_MAKE_INCLUDE], +[AC_MSG_CHECKING([whether ${MAKE-make} supports the include directive]) +cat > confinc.mk << 'END' +am__doit: + @echo this is the am__doit target >confinc.out +.PHONY: am__doit +END +am__include="#" +am__quote= +# BSD make does it like this. +echo '.include "confinc.mk" # ignored' > confmf.BSD +# Other make implementations (GNU, Solaris 10, AIX) do it like this. +echo 'include confinc.mk # ignored' > confmf.GNU +_am_result=no +for s in GNU BSD; do + AM_RUN_LOG([${MAKE-make} -f confmf.$s && cat confinc.out]) + AS_CASE([$?:`cat confinc.out 2>/dev/null`], + ['0:this is the am__doit target'], + [AS_CASE([$s], + [BSD], [am__include='.include' am__quote='"'], + [am__include='include' am__quote=''])]) + if test "$am__include" != "#"; then + _am_result="yes ($s style)" + break + fi +done +rm -f confinc.* confmf.* +AC_MSG_RESULT([${_am_result}]) +AC_SUBST([am__include])]) +AC_SUBST([am__quote])]) + +# Fake the existence of programs that GNU maintainers use. -*- Autoconf -*- + +# Copyright (C) 1997-2018 Free Software Foundation, Inc. +# +# This file is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# AM_MISSING_PROG(NAME, PROGRAM) +# ------------------------------ +AC_DEFUN([AM_MISSING_PROG], +[AC_REQUIRE([AM_MISSING_HAS_RUN]) +$1=${$1-"${am_missing_run}$2"} +AC_SUBST($1)]) + +# AM_MISSING_HAS_RUN +# ------------------ +# Define MISSING if not defined so far and test if it is modern enough. +# If it is, set am_missing_run to use it, otherwise, to nothing. +AC_DEFUN([AM_MISSING_HAS_RUN], +[AC_REQUIRE([AM_AUX_DIR_EXPAND])dnl +AC_REQUIRE_AUX_FILE([missing])dnl +if test x"${MISSING+set}" != xset; then + case $am_aux_dir in + *\ * | *\ *) + MISSING="\${SHELL} \"$am_aux_dir/missing\"" ;; + *) + MISSING="\${SHELL} $am_aux_dir/missing" ;; + esac +fi +# Use eval to expand $SHELL +if eval "$MISSING --is-lightweight"; then + am_missing_run="$MISSING " +else + am_missing_run= + AC_MSG_WARN(['missing' script is too old or missing]) +fi +]) + +# Helper functions for option handling. -*- Autoconf -*- + +# Copyright (C) 2001-2018 Free Software Foundation, Inc. +# +# This file is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# _AM_MANGLE_OPTION(NAME) +# ----------------------- +AC_DEFUN([_AM_MANGLE_OPTION], +[[_AM_OPTION_]m4_bpatsubst($1, [[^a-zA-Z0-9_]], [_])]) + +# _AM_SET_OPTION(NAME) +# -------------------- +# Set option NAME. Presently that only means defining a flag for this option. +AC_DEFUN([_AM_SET_OPTION], +[m4_define(_AM_MANGLE_OPTION([$1]), [1])]) + +# _AM_SET_OPTIONS(OPTIONS) +# ------------------------ +# OPTIONS is a space-separated list of Automake options. +AC_DEFUN([_AM_SET_OPTIONS], +[m4_foreach_w([_AM_Option], [$1], [_AM_SET_OPTION(_AM_Option)])]) + +# _AM_IF_OPTION(OPTION, IF-SET, [IF-NOT-SET]) +# ------------------------------------------- +# Execute IF-SET if OPTION is set, IF-NOT-SET otherwise. +AC_DEFUN([_AM_IF_OPTION], +[m4_ifset(_AM_MANGLE_OPTION([$1]), [$2], [$3])]) + +# Copyright (C) 1999-2018 Free Software Foundation, Inc. +# +# This file is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# _AM_PROG_CC_C_O +# --------------- +# Like AC_PROG_CC_C_O, but changed for automake. We rewrite AC_PROG_CC +# to automatically call this. +AC_DEFUN([_AM_PROG_CC_C_O], +[AC_REQUIRE([AM_AUX_DIR_EXPAND])dnl +AC_REQUIRE_AUX_FILE([compile])dnl +AC_LANG_PUSH([C])dnl +AC_CACHE_CHECK( + [whether $CC understands -c and -o together], + [am_cv_prog_cc_c_o], + [AC_LANG_CONFTEST([AC_LANG_PROGRAM([])]) + # Make sure it works both with $CC and with simple cc. + # Following AC_PROG_CC_C_O, we do the test twice because some + # compilers refuse to overwrite an existing .o file with -o, + # though they will create one. + am_cv_prog_cc_c_o=yes + for am_i in 1 2; do + if AM_RUN_LOG([$CC -c conftest.$ac_ext -o conftest2.$ac_objext]) \ + && test -f conftest2.$ac_objext; then + : OK + else + am_cv_prog_cc_c_o=no + break + fi + done + rm -f core conftest* + unset am_i]) +if test "$am_cv_prog_cc_c_o" != yes; then + # Losing compiler, so override with the script. + # FIXME: It is wrong to rewrite CC. + # But if we don't then we get into trouble of one sort or another. + # A longer-term fix would be to have automake use am__CC in this case, + # and then we could set am__CC="\$(top_srcdir)/compile \$(CC)" + CC="$am_aux_dir/compile $CC" +fi +AC_LANG_POP([C])]) + +# For backward compatibility. +AC_DEFUN_ONCE([AM_PROG_CC_C_O], [AC_REQUIRE([AC_PROG_CC])]) + +# Copyright (C) 2001-2018 Free Software Foundation, Inc. +# +# This file is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# AM_RUN_LOG(COMMAND) +# ------------------- +# Run COMMAND, save the exit status in ac_status, and log it. +# (This has been adapted from Autoconf's _AC_RUN_LOG macro.) +AC_DEFUN([AM_RUN_LOG], +[{ echo "$as_me:$LINENO: $1" >&AS_MESSAGE_LOG_FD + ($1) >&AS_MESSAGE_LOG_FD 2>&AS_MESSAGE_LOG_FD + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&AS_MESSAGE_LOG_FD + (exit $ac_status); }]) + +# Check to make sure that the build environment is sane. -*- Autoconf -*- + +# Copyright (C) 1996-2018 Free Software Foundation, Inc. +# +# This file is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# AM_SANITY_CHECK +# --------------- +AC_DEFUN([AM_SANITY_CHECK], +[AC_MSG_CHECKING([whether build environment is sane]) +# Reject unsafe characters in $srcdir or the absolute working directory +# name. Accept space and tab only in the latter. +am_lf=' +' +case `pwd` in + *[[\\\"\#\$\&\'\`$am_lf]]*) + AC_MSG_ERROR([unsafe absolute working directory name]);; +esac +case $srcdir in + *[[\\\"\#\$\&\'\`$am_lf\ \ ]]*) + AC_MSG_ERROR([unsafe srcdir value: '$srcdir']);; +esac + +# Do 'set' in a subshell so we don't clobber the current shell's +# arguments. Must try -L first in case configure is actually a +# symlink; some systems play weird games with the mod time of symlinks +# (eg FreeBSD returns the mod time of the symlink's containing +# directory). +if ( + am_has_slept=no + for am_try in 1 2; do + echo "timestamp, slept: $am_has_slept" > conftest.file + set X `ls -Lt "$srcdir/configure" conftest.file 2> /dev/null` + if test "$[*]" = "X"; then + # -L didn't work. + set X `ls -t "$srcdir/configure" conftest.file` + fi + if test "$[*]" != "X $srcdir/configure conftest.file" \ + && test "$[*]" != "X conftest.file $srcdir/configure"; then + + # If neither matched, then we have a broken ls. This can happen + # if, for instance, CONFIG_SHELL is bash and it inherits a + # broken ls alias from the environment. This has actually + # happened. Such a system could not be considered "sane". + AC_MSG_ERROR([ls -t appears to fail. Make sure there is not a broken + alias in your environment]) + fi + if test "$[2]" = conftest.file || test $am_try -eq 2; then + break + fi + # Just in case. + sleep 1 + am_has_slept=yes + done + test "$[2]" = conftest.file + ) +then + # Ok. + : +else + AC_MSG_ERROR([newly created file is older than distributed files! +Check your system clock]) +fi +AC_MSG_RESULT([yes]) +# If we didn't sleep, we still need to ensure time stamps of config.status and +# generated files are strictly newer. +am_sleep_pid= +if grep 'slept: no' conftest.file >/dev/null 2>&1; then + ( sleep 1 ) & + am_sleep_pid=$! +fi +AC_CONFIG_COMMANDS_PRE( + [AC_MSG_CHECKING([that generated files are newer than configure]) + if test -n "$am_sleep_pid"; then + # Hide warnings about reused PIDs. + wait $am_sleep_pid 2>/dev/null + fi + AC_MSG_RESULT([done])]) +rm -f conftest.file +]) + +# Copyright (C) 2009-2018 Free Software Foundation, Inc. +# +# This file is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# AM_SILENT_RULES([DEFAULT]) +# -------------------------- +# Enable less verbose build rules; with the default set to DEFAULT +# ("yes" being less verbose, "no" or empty being verbose). +AC_DEFUN([AM_SILENT_RULES], +[AC_ARG_ENABLE([silent-rules], [dnl +AS_HELP_STRING( + [--enable-silent-rules], + [less verbose build output (undo: "make V=1")]) +AS_HELP_STRING( + [--disable-silent-rules], + [verbose build output (undo: "make V=0")])dnl +]) +case $enable_silent_rules in @%:@ ((( + yes) AM_DEFAULT_VERBOSITY=0;; + no) AM_DEFAULT_VERBOSITY=1;; + *) AM_DEFAULT_VERBOSITY=m4_if([$1], [yes], [0], [1]);; +esac +dnl +dnl A few 'make' implementations (e.g., NonStop OS and NextStep) +dnl do not support nested variable expansions. +dnl See automake bug#9928 and bug#10237. +am_make=${MAKE-make} +AC_CACHE_CHECK([whether $am_make supports nested variables], + [am_cv_make_support_nested_variables], + [if AS_ECHO([['TRUE=$(BAR$(V)) +BAR0=false +BAR1=true +V=1 +am__doit: + @$(TRUE) +.PHONY: am__doit']]) | $am_make -f - >/dev/null 2>&1; then + am_cv_make_support_nested_variables=yes +else + am_cv_make_support_nested_variables=no +fi]) +if test $am_cv_make_support_nested_variables = yes; then + dnl Using '$V' instead of '$(V)' breaks IRIX make. + AM_V='$(V)' + AM_DEFAULT_V='$(AM_DEFAULT_VERBOSITY)' +else + AM_V=$AM_DEFAULT_VERBOSITY + AM_DEFAULT_V=$AM_DEFAULT_VERBOSITY +fi +AC_SUBST([AM_V])dnl +AM_SUBST_NOTMAKE([AM_V])dnl +AC_SUBST([AM_DEFAULT_V])dnl +AM_SUBST_NOTMAKE([AM_DEFAULT_V])dnl +AC_SUBST([AM_DEFAULT_VERBOSITY])dnl +AM_BACKSLASH='\' +AC_SUBST([AM_BACKSLASH])dnl +_AM_SUBST_NOTMAKE([AM_BACKSLASH])dnl +]) + +# Copyright (C) 2001-2018 Free Software Foundation, Inc. +# +# This file is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# AM_PROG_INSTALL_STRIP +# --------------------- +# One issue with vendor 'install' (even GNU) is that you can't +# specify the program used to strip binaries. This is especially +# annoying in cross-compiling environments, where the build's strip +# is unlikely to handle the host's binaries. +# Fortunately install-sh will honor a STRIPPROG variable, so we +# always use install-sh in "make install-strip", and initialize +# STRIPPROG with the value of the STRIP variable (set by the user). +AC_DEFUN([AM_PROG_INSTALL_STRIP], +[AC_REQUIRE([AM_PROG_INSTALL_SH])dnl +# Installed binaries are usually stripped using 'strip' when the user +# run "make install-strip". However 'strip' might not be the right +# tool to use in cross-compilation environments, therefore Automake +# will honor the 'STRIP' environment variable to overrule this program. +dnl Don't test for $cross_compiling = yes, because it might be 'maybe'. +if test "$cross_compiling" != no; then + AC_CHECK_TOOL([STRIP], [strip], :) +fi +INSTALL_STRIP_PROGRAM="\$(install_sh) -c -s" +AC_SUBST([INSTALL_STRIP_PROGRAM])]) + +# Copyright (C) 2006-2018 Free Software Foundation, Inc. +# +# This file is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# _AM_SUBST_NOTMAKE(VARIABLE) +# --------------------------- +# Prevent Automake from outputting VARIABLE = @VARIABLE@ in Makefile.in. +# This macro is traced by Automake. +AC_DEFUN([_AM_SUBST_NOTMAKE]) + +# AM_SUBST_NOTMAKE(VARIABLE) +# -------------------------- +# Public sister of _AM_SUBST_NOTMAKE. +AC_DEFUN([AM_SUBST_NOTMAKE], [_AM_SUBST_NOTMAKE($@)]) + +# Check how to create a tarball. -*- Autoconf -*- + +# Copyright (C) 2004-2018 Free Software Foundation, Inc. +# +# This file is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# _AM_PROG_TAR(FORMAT) +# -------------------- +# Check how to create a tarball in format FORMAT. +# FORMAT should be one of 'v7', 'ustar', or 'pax'. +# +# Substitute a variable $(am__tar) that is a command +# writing to stdout a FORMAT-tarball containing the directory +# $tardir. +# tardir=directory && $(am__tar) > result.tar +# +# Substitute a variable $(am__untar) that extract such +# a tarball read from stdin. +# $(am__untar) < result.tar +# +AC_DEFUN([_AM_PROG_TAR], +[# Always define AMTAR for backward compatibility. Yes, it's still used +# in the wild :-( We should find a proper way to deprecate it ... +AC_SUBST([AMTAR], ['$${TAR-tar}']) + +# We'll loop over all known methods to create a tar archive until one works. +_am_tools='gnutar m4_if([$1], [ustar], [plaintar]) pax cpio none' + +m4_if([$1], [v7], + [am__tar='$${TAR-tar} chof - "$$tardir"' am__untar='$${TAR-tar} xf -'], + + [m4_case([$1], + [ustar], + [# The POSIX 1988 'ustar' format is defined with fixed-size fields. + # There is notably a 21 bits limit for the UID and the GID. In fact, + # the 'pax' utility can hang on bigger UID/GID (see automake bug#8343 + # and bug#13588). + am_max_uid=2097151 # 2^21 - 1 + am_max_gid=$am_max_uid + # The $UID and $GID variables are not portable, so we need to resort + # to the POSIX-mandated id(1) utility. Errors in the 'id' calls + # below are definitely unexpected, so allow the users to see them + # (that is, avoid stderr redirection). + am_uid=`id -u || echo unknown` + am_gid=`id -g || echo unknown` + AC_MSG_CHECKING([whether UID '$am_uid' is supported by ustar format]) + if test $am_uid -le $am_max_uid; then + AC_MSG_RESULT([yes]) + else + AC_MSG_RESULT([no]) + _am_tools=none + fi + AC_MSG_CHECKING([whether GID '$am_gid' is supported by ustar format]) + if test $am_gid -le $am_max_gid; then + AC_MSG_RESULT([yes]) + else + AC_MSG_RESULT([no]) + _am_tools=none + fi], + + [pax], + [], + + [m4_fatal([Unknown tar format])]) + + AC_MSG_CHECKING([how to create a $1 tar archive]) + + # Go ahead even if we have the value already cached. We do so because we + # need to set the values for the 'am__tar' and 'am__untar' variables. + _am_tools=${am_cv_prog_tar_$1-$_am_tools} + + for _am_tool in $_am_tools; do + case $_am_tool in + gnutar) + for _am_tar in tar gnutar gtar; do + AM_RUN_LOG([$_am_tar --version]) && break + done + am__tar="$_am_tar --format=m4_if([$1], [pax], [posix], [$1]) -chf - "'"$$tardir"' + am__tar_="$_am_tar --format=m4_if([$1], [pax], [posix], [$1]) -chf - "'"$tardir"' + am__untar="$_am_tar -xf -" + ;; + plaintar) + # Must skip GNU tar: if it does not support --format= it doesn't create + # ustar tarball either. + (tar --version) >/dev/null 2>&1 && continue + am__tar='tar chf - "$$tardir"' + am__tar_='tar chf - "$tardir"' + am__untar='tar xf -' + ;; + pax) + am__tar='pax -L -x $1 -w "$$tardir"' + am__tar_='pax -L -x $1 -w "$tardir"' + am__untar='pax -r' + ;; + cpio) + am__tar='find "$$tardir" -print | cpio -o -H $1 -L' + am__tar_='find "$tardir" -print | cpio -o -H $1 -L' + am__untar='cpio -i -H $1 -d' + ;; + none) + am__tar=false + am__tar_=false + am__untar=false + ;; + esac + + # If the value was cached, stop now. We just wanted to have am__tar + # and am__untar set. + test -n "${am_cv_prog_tar_$1}" && break + + # tar/untar a dummy directory, and stop if the command works. + rm -rf conftest.dir + mkdir conftest.dir + echo GrepMe > conftest.dir/file + AM_RUN_LOG([tardir=conftest.dir && eval $am__tar_ >conftest.tar]) + rm -rf conftest.dir + if test -s conftest.tar; then + AM_RUN_LOG([$am__untar /dev/null 2>&1 && break + fi + done + rm -rf conftest.dir + + AC_CACHE_VAL([am_cv_prog_tar_$1], [am_cv_prog_tar_$1=$_am_tool]) + AC_MSG_RESULT([$am_cv_prog_tar_$1])]) + +AC_SUBST([am__tar]) +AC_SUBST([am__untar]) +]) # _AM_PROG_TAR + +m4_include([lib/unistring/m4/gnulib-comp.m4]) +m4_include([lib/unistring/m4/inline.m4]) +m4_include([lib/unistring/m4/libunistring-base.m4]) +m4_include([src/gl/m4/__inline.m4]) +m4_include([src/gl/m4/bison.m4]) +m4_include([src/gl/m4/clock_time.m4]) +m4_include([src/gl/m4/fseek.m4]) +m4_include([src/gl/m4/getaddrinfo.m4]) +m4_include([src/gl/m4/getpass.m4]) +m4_include([src/gl/m4/gettime.m4]) +m4_include([src/gl/m4/gnulib-comp.m4]) +m4_include([src/gl/m4/hostent.m4]) +m4_include([src/gl/m4/mktime.m4]) +m4_include([src/gl/m4/nstrftime.m4]) +m4_include([src/gl/m4/parse-datetime.m4]) +m4_include([src/gl/m4/servent.m4]) +m4_include([src/gl/m4/time_rz.m4]) +m4_include([src/gl/m4/timegm.m4]) +m4_include([src/gl/m4/timespec.m4]) +m4_include([src/gl/m4/tm_gmtoff.m4]) +m4_include([src/gl/m4/tzset.m4]) +m4_include([src/libopts/m4/libopts.m4]) +m4_include([src/libopts/m4/stdnoreturn.m4]) +m4_include([m4/00gnulib.m4]) +m4_include([m4/absolute-header.m4]) +m4_include([m4/alloca.m4]) +m4_include([m4/arpa_inet_h.m4]) +m4_include([m4/ax_ac_append_to_file.m4]) +m4_include([m4/ax_ac_print_to_file.m4]) +m4_include([m4/ax_add_am_macro_static.m4]) +m4_include([m4/ax_am_macros_static.m4]) +m4_include([m4/ax_check_gnu_make.m4]) +m4_include([m4/ax_code_coverage.m4]) +m4_include([m4/ax_file_escapes.m4]) +m4_include([m4/builtin-expect.m4]) +m4_include([m4/byteswap.m4]) +m4_include([m4/close.m4]) +m4_include([m4/codeset.m4]) +m4_include([m4/ctype.m4]) +m4_include([m4/dup2.m4]) +m4_include([m4/eealloc.m4]) +m4_include([m4/environ.m4]) +m4_include([m4/errno_h.m4]) +m4_include([m4/exponentd.m4]) +m4_include([m4/extensions.m4]) +m4_include([m4/extern-inline.m4]) +m4_include([m4/fcntl-o.m4]) +m4_include([m4/fcntl.m4]) +m4_include([m4/fcntl_h.m4]) +m4_include([m4/fdopen.m4]) +m4_include([m4/flexmember.m4]) +m4_include([m4/float_h.m4]) +m4_include([m4/fpieee.m4]) +m4_include([m4/fseeko.m4]) +m4_include([m4/fstat.m4]) +m4_include([m4/ftell.m4]) +m4_include([m4/ftello.m4]) +m4_include([m4/ftruncate.m4]) +m4_include([m4/func.m4]) +m4_include([m4/getcwd.m4]) +m4_include([m4/getdelim.m4]) +m4_include([m4/getdtablesize.m4]) +m4_include([m4/getline.m4]) +m4_include([m4/getpagesize.m4]) +m4_include([m4/gettext.m4]) +m4_include([m4/gettimeofday.m4]) +m4_include([m4/gnulib-common.m4]) +m4_include([m4/gnulib-comp.m4]) +m4_include([m4/gtk-doc.m4]) +m4_include([m4/guile.m4]) +m4_include([m4/hooks.m4]) +m4_include([m4/host-cpu-c-abi.m4]) +m4_include([m4/iconv.m4]) +m4_include([m4/include_next.m4]) +m4_include([m4/inet_ntop.m4]) +m4_include([m4/inet_pton.m4]) +m4_include([m4/intl-thread-locale.m4]) +m4_include([m4/intlmacosx.m4]) +m4_include([m4/intmax_t.m4]) +m4_include([m4/inttypes-pri.m4]) +m4_include([m4/inttypes.m4]) +m4_include([m4/inttypes_h.m4]) +m4_include([m4/ioctl.m4]) +m4_include([m4/isblank.m4]) +m4_include([m4/langinfo_h.m4]) +m4_include([m4/largefile.m4]) +m4_include([m4/lcmessage.m4]) +m4_include([m4/ld-output-def.m4]) +m4_include([m4/ld-version-script.m4]) +m4_include([m4/lib-ld.m4]) +m4_include([m4/lib-link.m4]) +m4_include([m4/lib-prefix.m4]) +m4_include([m4/libtool.m4]) +m4_include([m4/limits-h.m4]) +m4_include([m4/locale-fr.m4]) +m4_include([m4/locale-ja.m4]) +m4_include([m4/locale-tr.m4]) +m4_include([m4/locale-zh.m4]) +m4_include([m4/locale_h.m4]) +m4_include([m4/localename.m4]) +m4_include([m4/localtime-buffer.m4]) +m4_include([m4/lock.m4]) +m4_include([m4/longlong.m4]) +m4_include([m4/lseek.m4]) +m4_include([m4/lstat.m4]) +m4_include([m4/ltoptions.m4]) +m4_include([m4/ltsugar.m4]) +m4_include([m4/ltversion.m4]) +m4_include([m4/lt~obsolete.m4]) +m4_include([m4/malloc.m4]) +m4_include([m4/malloca.m4]) +m4_include([m4/manywarnings.m4]) +m4_include([m4/memchr.m4]) +m4_include([m4/memmem.m4]) +m4_include([m4/minmax.m4]) +m4_include([m4/mmap-anon.m4]) +m4_include([m4/mode_t.m4]) +m4_include([m4/msvc-inval.m4]) +m4_include([m4/msvc-nothrow.m4]) +m4_include([m4/multiarch.m4]) +m4_include([m4/nanosleep.m4]) +m4_include([m4/netdb_h.m4]) +m4_include([m4/netinet_in_h.m4]) +m4_include([m4/nls.m4]) +m4_include([m4/off_t.m4]) +m4_include([m4/open-cloexec.m4]) +m4_include([m4/open.m4]) +m4_include([m4/pathmax.m4]) +m4_include([m4/perror.m4]) +m4_include([m4/pipe.m4]) +m4_include([m4/pkg.m4]) +m4_include([m4/po.m4]) +m4_include([m4/printf.m4]) +m4_include([m4/progtest.m4]) +m4_include([m4/pthread_rwlock_rdlock.m4]) +m4_include([m4/putenv.m4]) +m4_include([m4/raise.m4]) +m4_include([m4/read-file.m4]) +m4_include([m4/realloc.m4]) +m4_include([m4/secure_getenv.m4]) +m4_include([m4/select.m4]) +m4_include([m4/setenv.m4]) +m4_include([m4/setlocale.m4]) +m4_include([m4/sigaction.m4]) +m4_include([m4/signal_h.m4]) +m4_include([m4/signalblocking.m4]) +m4_include([m4/size_max.m4]) +m4_include([m4/sleep.m4]) +m4_include([m4/snprintf.m4]) +m4_include([m4/socketlib.m4]) +m4_include([m4/sockets.m4]) +m4_include([m4/socklen.m4]) +m4_include([m4/sockpfaf.m4]) +m4_include([m4/ssize_t.m4]) +m4_include([m4/stat-time.m4]) +m4_include([m4/stat.m4]) +m4_include([m4/stdalign.m4]) +m4_include([m4/stdbool.m4]) +m4_include([m4/stddef_h.m4]) +m4_include([m4/stdint.m4]) +m4_include([m4/stdint_h.m4]) +m4_include([m4/stdio_h.m4]) +m4_include([m4/stdlib_h.m4]) +m4_include([m4/strcase.m4]) +m4_include([m4/strdup.m4]) +m4_include([m4/strerror.m4]) +m4_include([m4/strerror_r.m4]) +m4_include([m4/string_h.m4]) +m4_include([m4/strings_h.m4]) +m4_include([m4/strndup.m4]) +m4_include([m4/strnlen.m4]) +m4_include([m4/strtok_r.m4]) +m4_include([m4/strverscmp.m4]) +m4_include([m4/symlink.m4]) +m4_include([m4/sys_ioctl_h.m4]) +m4_include([m4/sys_select_h.m4]) +m4_include([m4/sys_socket_h.m4]) +m4_include([m4/sys_stat_h.m4]) +m4_include([m4/sys_time_h.m4]) +m4_include([m4/sys_types_h.m4]) +m4_include([m4/sys_uio_h.m4]) +m4_include([m4/threadlib.m4]) +m4_include([m4/time_h.m4]) +m4_include([m4/time_r.m4]) +m4_include([m4/ungetc.m4]) +m4_include([m4/unistd_h.m4]) +m4_include([m4/valgrind-tests.m4]) +m4_include([m4/vasnprintf.m4]) +m4_include([m4/vasprintf.m4]) +m4_include([m4/vsnprintf.m4]) +m4_include([m4/warn-on-use.m4]) +m4_include([m4/warnings.m4]) +m4_include([m4/wchar_h.m4]) +m4_include([m4/wchar_t.m4]) +m4_include([m4/wint_t.m4]) +m4_include([m4/xsize.m4]) diff --git a/aminclude_static.am b/aminclude_static.am new file mode 100644 index 0000000..b325041 --- /dev/null +++ b/aminclude_static.am @@ -0,0 +1,126 @@ + +# aminclude_static.am generated automatically by Autoconf +# from AX_AM_MACROS_STATIC on Tue May 28 07:09:17 CEST 2019 + + +# Code coverage +# +# Optional: +# - CODE_COVERAGE_DIRECTORY: Top-level directory for code coverage reporting. +# Multiple directories may be specified, separated by whitespace. +# (Default: $(top_builddir)) +# - CODE_COVERAGE_OUTPUT_FILE: Filename and path for the .info file generated +# by lcov for code coverage. (Default: +# $(PACKAGE_NAME)-$(PACKAGE_VERSION)-coverage.info) +# - CODE_COVERAGE_OUTPUT_DIRECTORY: Directory for generated code coverage +# reports to be created. (Default: +# $(PACKAGE_NAME)-$(PACKAGE_VERSION)-coverage) +# - CODE_COVERAGE_BRANCH_COVERAGE: Set to 1 to enforce branch coverage, +# set to 0 to disable it and leave empty to stay with the default. +# (Default: empty) +# - CODE_COVERAGE_LCOV_SHOPTS_DEFAULT: Extra options shared between both lcov +# instances. (Default: based on ) +# - CODE_COVERAGE_LCOV_SHOPTS: Extra options to shared between both lcov +# instances. (Default: ) +# - CODE_COVERAGE_LCOV_OPTIONS_GCOVPATH: --gcov-tool pathtogcov +# - CODE_COVERAGE_LCOV_OPTIONS_DEFAULT: Extra options to pass to the +# collecting lcov instance. (Default: ) +# - CODE_COVERAGE_LCOV_OPTIONS: Extra options to pass to the collecting lcov +# instance. (Default: ) +# - CODE_COVERAGE_LCOV_RMOPTS_DEFAULT: Extra options to pass to the filtering +# lcov instance. (Default: empty) +# - CODE_COVERAGE_LCOV_RMOPTS: Extra options to pass to the filtering lcov +# instance. (Default: ) +# - CODE_COVERAGE_GENHTML_OPTIONS_DEFAULT: Extra options to pass to the +# genhtml instance. (Default: based on ) +# - CODE_COVERAGE_GENHTML_OPTIONS: Extra options to pass to the genhtml +# instance. (Default: ) +# - CODE_COVERAGE_IGNORE_PATTERN: Extra glob pattern of files to ignore +# +# The generated report will be titled using the $(PACKAGE_NAME) and +# $(PACKAGE_VERSION). In order to add the current git hash to the title, +# use the git-version-gen script, available online. +# Optional variables +# run only on top dir +if CODE_COVERAGE_ENABLED + ifeq ($(abs_builddir), $(abs_top_builddir)) +CODE_COVERAGE_DIRECTORY ?= $(top_builddir) +CODE_COVERAGE_OUTPUT_FILE ?= $(PACKAGE_NAME)-$(PACKAGE_VERSION)-coverage.info +CODE_COVERAGE_OUTPUT_DIRECTORY ?= $(PACKAGE_NAME)-$(PACKAGE_VERSION)-coverage + +CODE_COVERAGE_BRANCH_COVERAGE ?= +CODE_COVERAGE_LCOV_SHOPTS_DEFAULT ?= $(if $(CODE_COVERAGE_BRANCH_COVERAGE),--rc lcov_branch_coverage=$(CODE_COVERAGE_BRANCH_COVERAGE)) +CODE_COVERAGE_LCOV_SHOPTS ?= $(CODE_COVERAGE_LCOV_SHOPTS_DEFAULT) +CODE_COVERAGE_LCOV_OPTIONS_GCOVPATH ?= --gcov-tool "$(GCOV)" +CODE_COVERAGE_LCOV_OPTIONS_DEFAULT ?= $(CODE_COVERAGE_LCOV_OPTIONS_GCOVPATH) +CODE_COVERAGE_LCOV_OPTIONS ?= $(CODE_COVERAGE_LCOV_OPTIONS_DEFAULT) +CODE_COVERAGE_LCOV_RMOPTS_DEFAULT ?= +CODE_COVERAGE_LCOV_RMOPTS ?= $(CODE_COVERAGE_LCOV_RMOPTS_DEFAULT) +CODE_COVERAGE_GENHTML_OPTIONS_DEFAULT ?=$(if $(CODE_COVERAGE_BRANCH_COVERAGE),--rc genhtml_branch_coverage=$(CODE_COVERAGE_BRANCH_COVERAGE)) +CODE_COVERAGE_GENHTML_OPTIONS ?= $(CODE_COVERAGE_GENHTML_OPTIONS_DEFAULT) +CODE_COVERAGE_IGNORE_PATTERN ?= + +GITIGNOREFILES = $(GITIGNOREFILES) $(CODE_COVERAGE_OUTPUT_FILE) $(CODE_COVERAGE_OUTPUT_DIRECTORY) +code_coverage_v_lcov_cap = $(code_coverage_v_lcov_cap_$(V)) +code_coverage_v_lcov_cap_ = $(code_coverage_v_lcov_cap_$(AM_DEFAULT_VERBOSITY)) +code_coverage_v_lcov_cap_0 = @echo " LCOV --capture" $(CODE_COVERAGE_OUTPUT_FILE); +code_coverage_v_lcov_ign = $(code_coverage_v_lcov_ign_$(V)) +code_coverage_v_lcov_ign_ = $(code_coverage_v_lcov_ign_$(AM_DEFAULT_VERBOSITY)) +code_coverage_v_lcov_ign_0 = @echo " LCOV --remove /tmp/*" $(CODE_COVERAGE_IGNORE_PATTERN); +code_coverage_v_genhtml = $(code_coverage_v_genhtml_$(V)) +code_coverage_v_genhtml_ = $(code_coverage_v_genhtml_$(AM_DEFAULT_VERBOSITY)) +code_coverage_v_genhtml_0 = @echo " GEN " "$(CODE_COVERAGE_OUTPUT_DIRECTORY)"; +code_coverage_quiet = $(code_coverage_quiet_$(V)) +code_coverage_quiet_ = $(code_coverage_quiet_$(AM_DEFAULT_VERBOSITY)) +code_coverage_quiet_0 = --quiet + +# sanitizes the test-name: replaces with underscores: dashes and dots +code_coverage_sanitize = $(subst -,_,$(subst .,_,$(1))) + +# Use recursive makes in order to ignore errors during check +check-code-coverage: + -$(AM_V_at)$(MAKE) $(AM_MAKEFLAGS) -k check + $(AM_V_at)$(MAKE) $(AM_MAKEFLAGS) code-coverage-capture + +# Capture code coverage data +code-coverage-capture: code-coverage-capture-hook + $(code_coverage_v_lcov_cap)$(LCOV) $(code_coverage_quiet) $(addprefix --directory ,$(CODE_COVERAGE_DIRECTORY)) --capture --output-file "$(CODE_COVERAGE_OUTPUT_FILE).tmp" --test-name "$(call code_coverage_sanitize,$(PACKAGE_NAME)-$(PACKAGE_VERSION))" --no-checksum --compat-libtool $(CODE_COVERAGE_LCOV_SHOPTS) $(CODE_COVERAGE_LCOV_OPTIONS) + $(code_coverage_v_lcov_ign)$(LCOV) $(code_coverage_quiet) $(addprefix --directory ,$(CODE_COVERAGE_DIRECTORY)) --remove "$(CODE_COVERAGE_OUTPUT_FILE).tmp" "/tmp/*" $(CODE_COVERAGE_IGNORE_PATTERN) --output-file "$(CODE_COVERAGE_OUTPUT_FILE)" $(CODE_COVERAGE_LCOV_SHOPTS) $(CODE_COVERAGE_LCOV_RMOPTS) + -@rm -f "$(CODE_COVERAGE_OUTPUT_FILE).tmp" + $(code_coverage_v_genhtml)LANG=C $(GENHTML) $(code_coverage_quiet) $(addprefix --prefix ,$(CODE_COVERAGE_DIRECTORY)) --output-directory "$(CODE_COVERAGE_OUTPUT_DIRECTORY)" --title "$(PACKAGE_NAME)-$(PACKAGE_VERSION) Code Coverage" --legend --show-details "$(CODE_COVERAGE_OUTPUT_FILE)" $(CODE_COVERAGE_GENHTML_OPTIONS) + @echo "file://$(abs_builddir)/$(CODE_COVERAGE_OUTPUT_DIRECTORY)/index.html" + +code-coverage-clean: + -$(LCOV) --directory $(top_builddir) -z + -rm -rf "$(CODE_COVERAGE_OUTPUT_FILE)" "$(CODE_COVERAGE_OUTPUT_FILE).tmp" "$(CODE_COVERAGE_OUTPUT_DIRECTORY)" + -find . \( -name "*.gcda" -o -name "*.gcno" -o -name "*.gcov" \) -delete + +code-coverage-dist-clean: + +AM_DISTCHECK_CONFIGURE_FLAGS = $(AM_DISTCHECK_CONFIGURE_FLAGS) --disable-code-coverage + else # ifneq ($(abs_builddir), $(abs_top_builddir)) +check-code-coverage: + +code-coverage-capture: code-coverage-capture-hook + +code-coverage-clean: + +code-coverage-dist-clean: + endif # ifeq ($(abs_builddir), $(abs_top_builddir)) +else #! CODE_COVERAGE_ENABLED +# Use recursive makes in order to ignore errors during check +check-code-coverage: + @echo "Need to reconfigure with --enable-code-coverage" +# Capture code coverage data +code-coverage-capture: code-coverage-capture-hook + @echo "Need to reconfigure with --enable-code-coverage" + +code-coverage-clean: + +code-coverage-dist-clean: + +endif #CODE_COVERAGE_ENABLED +# Hook rule executed before code-coverage-capture, overridable by the user +code-coverage-capture-hook: + +.PHONY: check-code-coverage code-coverage-capture code-coverage-dist-clean code-coverage-clean code-coverage-capture-hook diff --git a/build-aux/ar-lib b/build-aux/ar-lib new file mode 100755 index 0000000..0baa4f6 --- /dev/null +++ b/build-aux/ar-lib @@ -0,0 +1,270 @@ +#! /bin/sh +# Wrapper for Microsoft lib.exe + +me=ar-lib +scriptversion=2012-03-01.08; # UTC + +# Copyright (C) 2010-2018 Free Software Foundation, Inc. +# Written by Peter Rosin . +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2, or (at your option) +# any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +# As a special exception to the GNU General Public License, if you +# distribute this file as part of a program that contains a +# configuration script generated by Autoconf, you may include it under +# the same distribution terms that you use for the rest of that program. + +# This file is maintained in Automake, please report +# bugs to or send patches to +# . + + +# func_error message +func_error () +{ + echo "$me: $1" 1>&2 + exit 1 +} + +file_conv= + +# func_file_conv build_file +# Convert a $build file to $host form and store it in $file +# Currently only supports Windows hosts. +func_file_conv () +{ + file=$1 + case $file in + / | /[!/]*) # absolute file, and not a UNC file + if test -z "$file_conv"; then + # lazily determine how to convert abs files + case `uname -s` in + MINGW*) + file_conv=mingw + ;; + CYGWIN*) + file_conv=cygwin + ;; + *) + file_conv=wine + ;; + esac + fi + case $file_conv in + mingw) + file=`cmd //C echo "$file " | sed -e 's/"\(.*\) " *$/\1/'` + ;; + cygwin) + file=`cygpath -m "$file" || echo "$file"` + ;; + wine) + file=`winepath -w "$file" || echo "$file"` + ;; + esac + ;; + esac +} + +# func_at_file at_file operation archive +# Iterate over all members in AT_FILE performing OPERATION on ARCHIVE +# for each of them. +# When interpreting the content of the @FILE, do NOT use func_file_conv, +# since the user would need to supply preconverted file names to +# binutils ar, at least for MinGW. +func_at_file () +{ + operation=$2 + archive=$3 + at_file_contents=`cat "$1"` + eval set x "$at_file_contents" + shift + + for member + do + $AR -NOLOGO $operation:"$member" "$archive" || exit $? + done +} + +case $1 in + '') + func_error "no command. Try '$0 --help' for more information." + ;; + -h | --h*) + cat <. +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2, or (at your option) +# any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +# As a special exception to the GNU General Public License, if you +# distribute this file as part of a program that contains a +# configuration script generated by Autoconf, you may include it under +# the same distribution terms that you use for the rest of that program. + +# This file is maintained in Automake, please report +# bugs to or send patches to +# . + +nl=' +' + +# We need space, tab and new line, in precisely that order. Quoting is +# there to prevent tools from complaining about whitespace usage. +IFS=" "" $nl" + +file_conv= + +# func_file_conv build_file lazy +# Convert a $build file to $host form and store it in $file +# Currently only supports Windows hosts. If the determined conversion +# type is listed in (the comma separated) LAZY, no conversion will +# take place. +func_file_conv () +{ + file=$1 + case $file in + / | /[!/]*) # absolute file, and not a UNC file + if test -z "$file_conv"; then + # lazily determine how to convert abs files + case `uname -s` in + MINGW*) + file_conv=mingw + ;; + CYGWIN*) + file_conv=cygwin + ;; + *) + file_conv=wine + ;; + esac + fi + case $file_conv/,$2, in + *,$file_conv,*) + ;; + mingw/*) + file=`cmd //C echo "$file " | sed -e 's/"\(.*\) " *$/\1/'` + ;; + cygwin/*) + file=`cygpath -m "$file" || echo "$file"` + ;; + wine/*) + file=`winepath -w "$file" || echo "$file"` + ;; + esac + ;; + esac +} + +# func_cl_dashL linkdir +# Make cl look for libraries in LINKDIR +func_cl_dashL () +{ + func_file_conv "$1" + if test -z "$lib_path"; then + lib_path=$file + else + lib_path="$lib_path;$file" + fi + linker_opts="$linker_opts -LIBPATH:$file" +} + +# func_cl_dashl library +# Do a library search-path lookup for cl +func_cl_dashl () +{ + lib=$1 + found=no + save_IFS=$IFS + IFS=';' + for dir in $lib_path $LIB + do + IFS=$save_IFS + if $shared && test -f "$dir/$lib.dll.lib"; then + found=yes + lib=$dir/$lib.dll.lib + break + fi + if test -f "$dir/$lib.lib"; then + found=yes + lib=$dir/$lib.lib + break + fi + if test -f "$dir/lib$lib.a"; then + found=yes + lib=$dir/lib$lib.a + break + fi + done + IFS=$save_IFS + + if test "$found" != yes; then + lib=$lib.lib + fi +} + +# func_cl_wrapper cl arg... +# Adjust compile command to suit cl +func_cl_wrapper () +{ + # Assume a capable shell + lib_path= + shared=: + linker_opts= + for arg + do + if test -n "$eat"; then + eat= + else + case $1 in + -o) + # configure might choose to run compile as 'compile cc -o foo foo.c'. + eat=1 + case $2 in + *.o | *.[oO][bB][jJ]) + func_file_conv "$2" + set x "$@" -Fo"$file" + shift + ;; + *) + func_file_conv "$2" + set x "$@" -Fe"$file" + shift + ;; + esac + ;; + -I) + eat=1 + func_file_conv "$2" mingw + set x "$@" -I"$file" + shift + ;; + -I*) + func_file_conv "${1#-I}" mingw + set x "$@" -I"$file" + shift + ;; + -l) + eat=1 + func_cl_dashl "$2" + set x "$@" "$lib" + shift + ;; + -l*) + func_cl_dashl "${1#-l}" + set x "$@" "$lib" + shift + ;; + -L) + eat=1 + func_cl_dashL "$2" + ;; + -L*) + func_cl_dashL "${1#-L}" + ;; + -static) + shared=false + ;; + -Wl,*) + arg=${1#-Wl,} + save_ifs="$IFS"; IFS=',' + for flag in $arg; do + IFS="$save_ifs" + linker_opts="$linker_opts $flag" + done + IFS="$save_ifs" + ;; + -Xlinker) + eat=1 + linker_opts="$linker_opts $2" + ;; + -*) + set x "$@" "$1" + shift + ;; + *.cc | *.CC | *.cxx | *.CXX | *.[cC]++) + func_file_conv "$1" + set x "$@" -Tp"$file" + shift + ;; + *.c | *.cpp | *.CPP | *.lib | *.LIB | *.Lib | *.OBJ | *.obj | *.[oO]) + func_file_conv "$1" mingw + set x "$@" "$file" + shift + ;; + *) + set x "$@" "$1" + shift + ;; + esac + fi + shift + done + if test -n "$linker_opts"; then + linker_opts="-link$linker_opts" + fi + exec "$@" $linker_opts + exit 1 +} + +eat= + +case $1 in + '') + echo "$0: No command. Try '$0 --help' for more information." 1>&2 + exit 1; + ;; + -h | --h*) + cat <<\EOF +Usage: compile [--help] [--version] PROGRAM [ARGS] + +Wrapper for compilers which do not understand '-c -o'. +Remove '-o dest.o' from ARGS, run PROGRAM with the remaining +arguments, and rename the output as expected. + +If you are trying to build a whole package this is not the +right script to run: please start by reading the file 'INSTALL'. + +Report bugs to . +EOF + exit $? + ;; + -v | --v*) + echo "compile $scriptversion" + exit $? + ;; + cl | *[/\\]cl | cl.exe | *[/\\]cl.exe | \ + icl | *[/\\]icl | icl.exe | *[/\\]icl.exe ) + func_cl_wrapper "$@" # Doesn't return... + ;; +esac + +ofile= +cfile= + +for arg +do + if test -n "$eat"; then + eat= + else + case $1 in + -o) + # configure might choose to run compile as 'compile cc -o foo foo.c'. + # So we strip '-o arg' only if arg is an object. + eat=1 + case $2 in + *.o | *.obj) + ofile=$2 + ;; + *) + set x "$@" -o "$2" + shift + ;; + esac + ;; + *.c) + cfile=$1 + set x "$@" "$1" + shift + ;; + *) + set x "$@" "$1" + shift + ;; + esac + fi + shift +done + +if test -z "$ofile" || test -z "$cfile"; then + # If no '-o' option was seen then we might have been invoked from a + # pattern rule where we don't need one. That is ok -- this is a + # normal compilation that the losing compiler can handle. If no + # '.c' file was seen then we are probably linking. That is also + # ok. + exec "$@" +fi + +# Name of file we expect compiler to create. +cofile=`echo "$cfile" | sed 's|^.*[\\/]||; s|^[a-zA-Z]:||; s/\.c$/.o/'` + +# Create the lock directory. +# Note: use '[/\\:.-]' here to ensure that we don't use the same name +# that we are using for the .o file. Also, base the name on the expected +# object file name, since that is what matters with a parallel build. +lockdir=`echo "$cofile" | sed -e 's|[/\\:.-]|_|g'`.d +while true; do + if mkdir "$lockdir" >/dev/null 2>&1; then + break + fi + sleep 1 +done +# FIXME: race condition here if user kills between mkdir and trap. +trap "rmdir '$lockdir'; exit 1" 1 2 15 + +# Run the compile. +"$@" +ret=$? + +if test -f "$cofile"; then + test "$cofile" = "$ofile" || mv "$cofile" "$ofile" +elif test -f "${cofile}bj"; then + test "${cofile}bj" = "$ofile" || mv "${cofile}bj" "$ofile" +fi + +rmdir "$lockdir" +exit $ret + +# Local Variables: +# mode: shell-script +# sh-indentation: 2 +# eval: (add-hook 'before-save-hook 'time-stamp) +# time-stamp-start: "scriptversion=" +# time-stamp-format: "%:y-%02m-%02d.%02H" +# time-stamp-time-zone: "UTC0" +# time-stamp-end: "; # UTC" +# End: diff --git a/build-aux/config.guess b/build-aux/config.guess new file mode 100755 index 0000000..4cd9454 --- /dev/null +++ b/build-aux/config.guess @@ -0,0 +1,1658 @@ +#! /bin/sh +# Attempt to guess a canonical system name. +# Copyright 1992-2019 Free Software Foundation, Inc. + +timestamp='2019-04-28' + +# This file is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, see . +# +# As a special exception to the GNU General Public License, if you +# distribute this file as part of a program that contains a +# configuration script generated by Autoconf, you may include it under +# the same distribution terms that you use for the rest of that +# program. This Exception is an additional permission under section 7 +# of the GNU General Public License, version 3 ("GPLv3"). +# +# Originally written by Per Bothner; maintained since 2000 by Ben Elliston. +# +# You can get the latest version of this script from: +# https://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess +# +# Please send patches to . + + +me=`echo "$0" | sed -e 's,.*/,,'` + +usage="\ +Usage: $0 [OPTION] + +Output the configuration name of the system \`$me' is run on. + +Options: + -h, --help print this help, then exit + -t, --time-stamp print date of last modification, then exit + -v, --version print version number, then exit + +Report bugs and patches to ." + +version="\ +GNU config.guess ($timestamp) + +Originally written by Per Bothner. +Copyright 1992-2019 Free Software Foundation, Inc. + +This is free software; see the source for copying conditions. There is NO +warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." + +help=" +Try \`$me --help' for more information." + +# Parse command line +while test $# -gt 0 ; do + case $1 in + --time-stamp | --time* | -t ) + echo "$timestamp" ; exit ;; + --version | -v ) + echo "$version" ; exit ;; + --help | --h* | -h ) + echo "$usage"; exit ;; + -- ) # Stop option processing + shift; break ;; + - ) # Use stdin as input. + break ;; + -* ) + echo "$me: invalid option $1$help" >&2 + exit 1 ;; + * ) + break ;; + esac +done + +if test $# != 0; then + echo "$me: too many arguments$help" >&2 + exit 1 +fi + +# CC_FOR_BUILD -- compiler used by this script. Note that the use of a +# compiler to aid in system detection is discouraged as it requires +# temporary files to be created and, as you can see below, it is a +# headache to deal with in a portable fashion. + +# Historically, `CC_FOR_BUILD' used to be named `HOST_CC'. We still +# use `HOST_CC' if defined, but it is deprecated. + +# Portable tmp directory creation inspired by the Autoconf team. + +tmp= +# shellcheck disable=SC2172 +trap 'test -z "$tmp" || rm -fr "$tmp"' 0 1 2 13 15 + +set_cc_for_build() { + : "${TMPDIR=/tmp}" + # shellcheck disable=SC2039 + { tmp=`(umask 077 && mktemp -d "$TMPDIR/cgXXXXXX") 2>/dev/null` && test -n "$tmp" && test -d "$tmp" ; } || + { test -n "$RANDOM" && tmp=$TMPDIR/cg$$-$RANDOM && (umask 077 && mkdir "$tmp" 2>/dev/null) ; } || + { tmp=$TMPDIR/cg-$$ && (umask 077 && mkdir "$tmp" 2>/dev/null) && echo "Warning: creating insecure temp directory" >&2 ; } || + { echo "$me: cannot create a temporary directory in $TMPDIR" >&2 ; exit 1 ; } + dummy=$tmp/dummy + case ${CC_FOR_BUILD-},${HOST_CC-},${CC-} in + ,,) echo "int x;" > "$dummy.c" + for driver in cc gcc c89 c99 ; do + if ($driver -c -o "$dummy.o" "$dummy.c") >/dev/null 2>&1 ; then + CC_FOR_BUILD="$driver" + break + fi + done + if test x"$CC_FOR_BUILD" = x ; then + CC_FOR_BUILD=no_compiler_found + fi + ;; + ,,*) CC_FOR_BUILD=$CC ;; + ,*,*) CC_FOR_BUILD=$HOST_CC ;; + esac +} + +# This is needed to find uname on a Pyramid OSx when run in the BSD universe. +# (ghazi@noc.rutgers.edu 1994-08-24) +if test -f /.attbin/uname ; then + PATH=$PATH:/.attbin ; export PATH +fi + +UNAME_MACHINE=`(uname -m) 2>/dev/null` || UNAME_MACHINE=unknown +UNAME_RELEASE=`(uname -r) 2>/dev/null` || UNAME_RELEASE=unknown +UNAME_SYSTEM=`(uname -s) 2>/dev/null` || UNAME_SYSTEM=unknown +UNAME_VERSION=`(uname -v) 2>/dev/null` || UNAME_VERSION=unknown + +case "$UNAME_SYSTEM" in +Linux|GNU|GNU/*) + # If the system lacks a compiler, then just pick glibc. + # We could probably try harder. + LIBC=gnu + + set_cc_for_build + cat <<-EOF > "$dummy.c" + #include + #if defined(__UCLIBC__) + LIBC=uclibc + #elif defined(__dietlibc__) + LIBC=dietlibc + #else + LIBC=gnu + #endif + EOF + eval "`$CC_FOR_BUILD -E "$dummy.c" 2>/dev/null | grep '^LIBC' | sed 's, ,,g'`" + + # If ldd exists, use it to detect musl libc. + if command -v ldd >/dev/null && \ + ldd --version 2>&1 | grep -q ^musl + then + LIBC=musl + fi + ;; +esac + +# Note: order is significant - the case branches are not exclusive. + +case "$UNAME_MACHINE:$UNAME_SYSTEM:$UNAME_RELEASE:$UNAME_VERSION" in + *:NetBSD:*:*) + # NetBSD (nbsd) targets should (where applicable) match one or + # more of the tuples: *-*-netbsdelf*, *-*-netbsdaout*, + # *-*-netbsdecoff* and *-*-netbsd*. For targets that recently + # switched to ELF, *-*-netbsd* would select the old + # object file format. This provides both forward + # compatibility and a consistent mechanism for selecting the + # object file format. + # + # Note: NetBSD doesn't particularly care about the vendor + # portion of the name. We always set it to "unknown". + sysctl="sysctl -n hw.machine_arch" + UNAME_MACHINE_ARCH=`(uname -p 2>/dev/null || \ + "/sbin/$sysctl" 2>/dev/null || \ + "/usr/sbin/$sysctl" 2>/dev/null || \ + echo unknown)` + case "$UNAME_MACHINE_ARCH" in + armeb) machine=armeb-unknown ;; + arm*) machine=arm-unknown ;; + sh3el) machine=shl-unknown ;; + sh3eb) machine=sh-unknown ;; + sh5el) machine=sh5le-unknown ;; + earmv*) + arch=`echo "$UNAME_MACHINE_ARCH" | sed -e 's,^e\(armv[0-9]\).*$,\1,'` + endian=`echo "$UNAME_MACHINE_ARCH" | sed -ne 's,^.*\(eb\)$,\1,p'` + machine="${arch}${endian}"-unknown + ;; + *) machine="$UNAME_MACHINE_ARCH"-unknown ;; + esac + # The Operating System including object format, if it has switched + # to ELF recently (or will in the future) and ABI. + case "$UNAME_MACHINE_ARCH" in + earm*) + os=netbsdelf + ;; + arm*|i386|m68k|ns32k|sh3*|sparc|vax) + set_cc_for_build + if echo __ELF__ | $CC_FOR_BUILD -E - 2>/dev/null \ + | grep -q __ELF__ + then + # Once all utilities can be ECOFF (netbsdecoff) or a.out (netbsdaout). + # Return netbsd for either. FIX? + os=netbsd + else + os=netbsdelf + fi + ;; + *) + os=netbsd + ;; + esac + # Determine ABI tags. + case "$UNAME_MACHINE_ARCH" in + earm*) + expr='s/^earmv[0-9]/-eabi/;s/eb$//' + abi=`echo "$UNAME_MACHINE_ARCH" | sed -e "$expr"` + ;; + esac + # The OS release + # Debian GNU/NetBSD machines have a different userland, and + # thus, need a distinct triplet. However, they do not need + # kernel version information, so it can be replaced with a + # suitable tag, in the style of linux-gnu. + case "$UNAME_VERSION" in + Debian*) + release='-gnu' + ;; + *) + release=`echo "$UNAME_RELEASE" | sed -e 's/[-_].*//' | cut -d. -f1,2` + ;; + esac + # Since CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM: + # contains redundant information, the shorter form: + # CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM is used. + echo "$machine-${os}${release}${abi-}" + exit ;; + *:Bitrig:*:*) + UNAME_MACHINE_ARCH=`arch | sed 's/Bitrig.//'` + echo "$UNAME_MACHINE_ARCH"-unknown-bitrig"$UNAME_RELEASE" + exit ;; + *:OpenBSD:*:*) + UNAME_MACHINE_ARCH=`arch | sed 's/OpenBSD.//'` + echo "$UNAME_MACHINE_ARCH"-unknown-openbsd"$UNAME_RELEASE" + exit ;; + *:LibertyBSD:*:*) + UNAME_MACHINE_ARCH=`arch | sed 's/^.*BSD\.//'` + echo "$UNAME_MACHINE_ARCH"-unknown-libertybsd"$UNAME_RELEASE" + exit ;; + *:MidnightBSD:*:*) + echo "$UNAME_MACHINE"-unknown-midnightbsd"$UNAME_RELEASE" + exit ;; + *:ekkoBSD:*:*) + echo "$UNAME_MACHINE"-unknown-ekkobsd"$UNAME_RELEASE" + exit ;; + *:SolidBSD:*:*) + echo "$UNAME_MACHINE"-unknown-solidbsd"$UNAME_RELEASE" + exit ;; + macppc:MirBSD:*:*) + echo powerpc-unknown-mirbsd"$UNAME_RELEASE" + exit ;; + *:MirBSD:*:*) + echo "$UNAME_MACHINE"-unknown-mirbsd"$UNAME_RELEASE" + exit ;; + *:Sortix:*:*) + echo "$UNAME_MACHINE"-unknown-sortix + exit ;; + *:Redox:*:*) + echo "$UNAME_MACHINE"-unknown-redox + exit ;; + mips:OSF1:*.*) + echo mips-dec-osf1 + exit ;; + alpha:OSF1:*:*) + case $UNAME_RELEASE in + *4.0) + UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $3}'` + ;; + *5.*) + UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $4}'` + ;; + esac + # According to Compaq, /usr/sbin/psrinfo has been available on + # OSF/1 and Tru64 systems produced since 1995. I hope that + # covers most systems running today. This code pipes the CPU + # types through head -n 1, so we only detect the type of CPU 0. + ALPHA_CPU_TYPE=`/usr/sbin/psrinfo -v | sed -n -e 's/^ The alpha \(.*\) processor.*$/\1/p' | head -n 1` + case "$ALPHA_CPU_TYPE" in + "EV4 (21064)") + UNAME_MACHINE=alpha ;; + "EV4.5 (21064)") + UNAME_MACHINE=alpha ;; + "LCA4 (21066/21068)") + UNAME_MACHINE=alpha ;; + "EV5 (21164)") + UNAME_MACHINE=alphaev5 ;; + "EV5.6 (21164A)") + UNAME_MACHINE=alphaev56 ;; + "EV5.6 (21164PC)") + UNAME_MACHINE=alphapca56 ;; + "EV5.7 (21164PC)") + UNAME_MACHINE=alphapca57 ;; + "EV6 (21264)") + UNAME_MACHINE=alphaev6 ;; + "EV6.7 (21264A)") + UNAME_MACHINE=alphaev67 ;; + "EV6.8CB (21264C)") + UNAME_MACHINE=alphaev68 ;; + "EV6.8AL (21264B)") + UNAME_MACHINE=alphaev68 ;; + "EV6.8CX (21264D)") + UNAME_MACHINE=alphaev68 ;; + "EV6.9A (21264/EV69A)") + UNAME_MACHINE=alphaev69 ;; + "EV7 (21364)") + UNAME_MACHINE=alphaev7 ;; + "EV7.9 (21364A)") + UNAME_MACHINE=alphaev79 ;; + esac + # A Pn.n version is a patched version. + # A Vn.n version is a released version. + # A Tn.n version is a released field test version. + # A Xn.n version is an unreleased experimental baselevel. + # 1.2 uses "1.2" for uname -r. + echo "$UNAME_MACHINE"-dec-osf"`echo "$UNAME_RELEASE" | sed -e 's/^[PVTX]//' | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz`" + # Reset EXIT trap before exiting to avoid spurious non-zero exit code. + exitcode=$? + trap '' 0 + exit $exitcode ;; + Amiga*:UNIX_System_V:4.0:*) + echo m68k-unknown-sysv4 + exit ;; + *:[Aa]miga[Oo][Ss]:*:*) + echo "$UNAME_MACHINE"-unknown-amigaos + exit ;; + *:[Mm]orph[Oo][Ss]:*:*) + echo "$UNAME_MACHINE"-unknown-morphos + exit ;; + *:OS/390:*:*) + echo i370-ibm-openedition + exit ;; + *:z/VM:*:*) + echo s390-ibm-zvmoe + exit ;; + *:OS400:*:*) + echo powerpc-ibm-os400 + exit ;; + arm:RISC*:1.[012]*:*|arm:riscix:1.[012]*:*) + echo arm-acorn-riscix"$UNAME_RELEASE" + exit ;; + arm*:riscos:*:*|arm*:RISCOS:*:*) + echo arm-unknown-riscos + exit ;; + SR2?01:HI-UX/MPP:*:* | SR8000:HI-UX/MPP:*:*) + echo hppa1.1-hitachi-hiuxmpp + exit ;; + Pyramid*:OSx*:*:* | MIS*:OSx*:*:* | MIS*:SMP_DC-OSx*:*:*) + # akee@wpdis03.wpafb.af.mil (Earle F. Ake) contributed MIS and NILE. + if test "`(/bin/universe) 2>/dev/null`" = att ; then + echo pyramid-pyramid-sysv3 + else + echo pyramid-pyramid-bsd + fi + exit ;; + NILE*:*:*:dcosx) + echo pyramid-pyramid-svr4 + exit ;; + DRS?6000:unix:4.0:6*) + echo sparc-icl-nx6 + exit ;; + DRS?6000:UNIX_SV:4.2*:7* | DRS?6000:isis:4.2*:7*) + case `/usr/bin/uname -p` in + sparc) echo sparc-icl-nx7; exit ;; + esac ;; + s390x:SunOS:*:*) + echo "$UNAME_MACHINE"-ibm-solaris2"`echo "$UNAME_RELEASE" | sed -e 's/[^.]*//'`" + exit ;; + sun4H:SunOS:5.*:*) + echo sparc-hal-solaris2"`echo "$UNAME_RELEASE"|sed -e 's/[^.]*//'`" + exit ;; + sun4*:SunOS:5.*:* | tadpole*:SunOS:5.*:*) + echo sparc-sun-solaris2"`echo "$UNAME_RELEASE" | sed -e 's/[^.]*//'`" + exit ;; + i86pc:AuroraUX:5.*:* | i86xen:AuroraUX:5.*:*) + echo i386-pc-auroraux"$UNAME_RELEASE" + exit ;; + i86pc:SunOS:5.*:* | i86xen:SunOS:5.*:*) + set_cc_for_build + SUN_ARCH=i386 + # If there is a compiler, see if it is configured for 64-bit objects. + # Note that the Sun cc does not turn __LP64__ into 1 like gcc does. + # This test works for both compilers. + if [ "$CC_FOR_BUILD" != no_compiler_found ]; then + if (echo '#ifdef __amd64'; echo IS_64BIT_ARCH; echo '#endif') | \ + (CCOPTS="" $CC_FOR_BUILD -E - 2>/dev/null) | \ + grep IS_64BIT_ARCH >/dev/null + then + SUN_ARCH=x86_64 + fi + fi + echo "$SUN_ARCH"-pc-solaris2"`echo "$UNAME_RELEASE"|sed -e 's/[^.]*//'`" + exit ;; + sun4*:SunOS:6*:*) + # According to config.sub, this is the proper way to canonicalize + # SunOS6. Hard to guess exactly what SunOS6 will be like, but + # it's likely to be more like Solaris than SunOS4. + echo sparc-sun-solaris3"`echo "$UNAME_RELEASE"|sed -e 's/[^.]*//'`" + exit ;; + sun4*:SunOS:*:*) + case "`/usr/bin/arch -k`" in + Series*|S4*) + UNAME_RELEASE=`uname -v` + ;; + esac + # Japanese Language versions have a version number like `4.1.3-JL'. + echo sparc-sun-sunos"`echo "$UNAME_RELEASE"|sed -e 's/-/_/'`" + exit ;; + sun3*:SunOS:*:*) + echo m68k-sun-sunos"$UNAME_RELEASE" + exit ;; + sun*:*:4.2BSD:*) + UNAME_RELEASE=`(sed 1q /etc/motd | awk '{print substr($5,1,3)}') 2>/dev/null` + test "x$UNAME_RELEASE" = x && UNAME_RELEASE=3 + case "`/bin/arch`" in + sun3) + echo m68k-sun-sunos"$UNAME_RELEASE" + ;; + sun4) + echo sparc-sun-sunos"$UNAME_RELEASE" + ;; + esac + exit ;; + aushp:SunOS:*:*) + echo sparc-auspex-sunos"$UNAME_RELEASE" + exit ;; + # The situation for MiNT is a little confusing. The machine name + # can be virtually everything (everything which is not + # "atarist" or "atariste" at least should have a processor + # > m68000). The system name ranges from "MiNT" over "FreeMiNT" + # to the lowercase version "mint" (or "freemint"). Finally + # the system name "TOS" denotes a system which is actually not + # MiNT. But MiNT is downward compatible to TOS, so this should + # be no problem. + atarist[e]:*MiNT:*:* | atarist[e]:*mint:*:* | atarist[e]:*TOS:*:*) + echo m68k-atari-mint"$UNAME_RELEASE" + exit ;; + atari*:*MiNT:*:* | atari*:*mint:*:* | atarist[e]:*TOS:*:*) + echo m68k-atari-mint"$UNAME_RELEASE" + exit ;; + *falcon*:*MiNT:*:* | *falcon*:*mint:*:* | *falcon*:*TOS:*:*) + echo m68k-atari-mint"$UNAME_RELEASE" + exit ;; + milan*:*MiNT:*:* | milan*:*mint:*:* | *milan*:*TOS:*:*) + echo m68k-milan-mint"$UNAME_RELEASE" + exit ;; + hades*:*MiNT:*:* | hades*:*mint:*:* | *hades*:*TOS:*:*) + echo m68k-hades-mint"$UNAME_RELEASE" + exit ;; + *:*MiNT:*:* | *:*mint:*:* | *:*TOS:*:*) + echo m68k-unknown-mint"$UNAME_RELEASE" + exit ;; + m68k:machten:*:*) + echo m68k-apple-machten"$UNAME_RELEASE" + exit ;; + powerpc:machten:*:*) + echo powerpc-apple-machten"$UNAME_RELEASE" + exit ;; + RISC*:Mach:*:*) + echo mips-dec-mach_bsd4.3 + exit ;; + RISC*:ULTRIX:*:*) + echo mips-dec-ultrix"$UNAME_RELEASE" + exit ;; + VAX*:ULTRIX*:*:*) + echo vax-dec-ultrix"$UNAME_RELEASE" + exit ;; + 2020:CLIX:*:* | 2430:CLIX:*:*) + echo clipper-intergraph-clix"$UNAME_RELEASE" + exit ;; + mips:*:*:UMIPS | mips:*:*:RISCos) + set_cc_for_build + sed 's/^ //' << EOF > "$dummy.c" +#ifdef __cplusplus +#include /* for printf() prototype */ + int main (int argc, char *argv[]) { +#else + int main (argc, argv) int argc; char *argv[]; { +#endif + #if defined (host_mips) && defined (MIPSEB) + #if defined (SYSTYPE_SYSV) + printf ("mips-mips-riscos%ssysv\\n", argv[1]); exit (0); + #endif + #if defined (SYSTYPE_SVR4) + printf ("mips-mips-riscos%ssvr4\\n", argv[1]); exit (0); + #endif + #if defined (SYSTYPE_BSD43) || defined(SYSTYPE_BSD) + printf ("mips-mips-riscos%sbsd\\n", argv[1]); exit (0); + #endif + #endif + exit (-1); + } +EOF + $CC_FOR_BUILD -o "$dummy" "$dummy.c" && + dummyarg=`echo "$UNAME_RELEASE" | sed -n 's/\([0-9]*\).*/\1/p'` && + SYSTEM_NAME=`"$dummy" "$dummyarg"` && + { echo "$SYSTEM_NAME"; exit; } + echo mips-mips-riscos"$UNAME_RELEASE" + exit ;; + Motorola:PowerMAX_OS:*:*) + echo powerpc-motorola-powermax + exit ;; + Motorola:*:4.3:PL8-*) + echo powerpc-harris-powermax + exit ;; + Night_Hawk:*:*:PowerMAX_OS | Synergy:PowerMAX_OS:*:*) + echo powerpc-harris-powermax + exit ;; + Night_Hawk:Power_UNIX:*:*) + echo powerpc-harris-powerunix + exit ;; + m88k:CX/UX:7*:*) + echo m88k-harris-cxux7 + exit ;; + m88k:*:4*:R4*) + echo m88k-motorola-sysv4 + exit ;; + m88k:*:3*:R3*) + echo m88k-motorola-sysv3 + exit ;; + AViiON:dgux:*:*) + # DG/UX returns AViiON for all architectures + UNAME_PROCESSOR=`/usr/bin/uname -p` + if [ "$UNAME_PROCESSOR" = mc88100 ] || [ "$UNAME_PROCESSOR" = mc88110 ] + then + if [ "$TARGET_BINARY_INTERFACE"x = m88kdguxelfx ] || \ + [ "$TARGET_BINARY_INTERFACE"x = x ] + then + echo m88k-dg-dgux"$UNAME_RELEASE" + else + echo m88k-dg-dguxbcs"$UNAME_RELEASE" + fi + else + echo i586-dg-dgux"$UNAME_RELEASE" + fi + exit ;; + M88*:DolphinOS:*:*) # DolphinOS (SVR3) + echo m88k-dolphin-sysv3 + exit ;; + M88*:*:R3*:*) + # Delta 88k system running SVR3 + echo m88k-motorola-sysv3 + exit ;; + XD88*:*:*:*) # Tektronix XD88 system running UTekV (SVR3) + echo m88k-tektronix-sysv3 + exit ;; + Tek43[0-9][0-9]:UTek:*:*) # Tektronix 4300 system running UTek (BSD) + echo m68k-tektronix-bsd + exit ;; + *:IRIX*:*:*) + echo mips-sgi-irix"`echo "$UNAME_RELEASE"|sed -e 's/-/_/g'`" + exit ;; + ????????:AIX?:[12].1:2) # AIX 2.2.1 or AIX 2.1.1 is RT/PC AIX. + echo romp-ibm-aix # uname -m gives an 8 hex-code CPU id + exit ;; # Note that: echo "'`uname -s`'" gives 'AIX ' + i*86:AIX:*:*) + echo i386-ibm-aix + exit ;; + ia64:AIX:*:*) + if [ -x /usr/bin/oslevel ] ; then + IBM_REV=`/usr/bin/oslevel` + else + IBM_REV="$UNAME_VERSION.$UNAME_RELEASE" + fi + echo "$UNAME_MACHINE"-ibm-aix"$IBM_REV" + exit ;; + *:AIX:2:3) + if grep bos325 /usr/include/stdio.h >/dev/null 2>&1; then + set_cc_for_build + sed 's/^ //' << EOF > "$dummy.c" + #include + + main() + { + if (!__power_pc()) + exit(1); + puts("powerpc-ibm-aix3.2.5"); + exit(0); + } +EOF + if $CC_FOR_BUILD -o "$dummy" "$dummy.c" && SYSTEM_NAME=`"$dummy"` + then + echo "$SYSTEM_NAME" + else + echo rs6000-ibm-aix3.2.5 + fi + elif grep bos324 /usr/include/stdio.h >/dev/null 2>&1; then + echo rs6000-ibm-aix3.2.4 + else + echo rs6000-ibm-aix3.2 + fi + exit ;; + *:AIX:*:[4567]) + IBM_CPU_ID=`/usr/sbin/lsdev -C -c processor -S available | sed 1q | awk '{ print $1 }'` + if /usr/sbin/lsattr -El "$IBM_CPU_ID" | grep ' POWER' >/dev/null 2>&1; then + IBM_ARCH=rs6000 + else + IBM_ARCH=powerpc + fi + if [ -x /usr/bin/lslpp ] ; then + IBM_REV=`/usr/bin/lslpp -Lqc bos.rte.libc | + awk -F: '{ print $3 }' | sed s/[0-9]*$/0/` + else + IBM_REV="$UNAME_VERSION.$UNAME_RELEASE" + fi + echo "$IBM_ARCH"-ibm-aix"$IBM_REV" + exit ;; + *:AIX:*:*) + echo rs6000-ibm-aix + exit ;; + ibmrt:4.4BSD:*|romp-ibm:4.4BSD:*) + echo romp-ibm-bsd4.4 + exit ;; + ibmrt:*BSD:*|romp-ibm:BSD:*) # covers RT/PC BSD and + echo romp-ibm-bsd"$UNAME_RELEASE" # 4.3 with uname added to + exit ;; # report: romp-ibm BSD 4.3 + *:BOSX:*:*) + echo rs6000-bull-bosx + exit ;; + DPX/2?00:B.O.S.:*:*) + echo m68k-bull-sysv3 + exit ;; + 9000/[34]??:4.3bsd:1.*:*) + echo m68k-hp-bsd + exit ;; + hp300:4.4BSD:*:* | 9000/[34]??:4.3bsd:2.*:*) + echo m68k-hp-bsd4.4 + exit ;; + 9000/[34678]??:HP-UX:*:*) + HPUX_REV=`echo "$UNAME_RELEASE"|sed -e 's/[^.]*.[0B]*//'` + case "$UNAME_MACHINE" in + 9000/31?) HP_ARCH=m68000 ;; + 9000/[34]??) HP_ARCH=m68k ;; + 9000/[678][0-9][0-9]) + if [ -x /usr/bin/getconf ]; then + sc_cpu_version=`/usr/bin/getconf SC_CPU_VERSION 2>/dev/null` + sc_kernel_bits=`/usr/bin/getconf SC_KERNEL_BITS 2>/dev/null` + case "$sc_cpu_version" in + 523) HP_ARCH=hppa1.0 ;; # CPU_PA_RISC1_0 + 528) HP_ARCH=hppa1.1 ;; # CPU_PA_RISC1_1 + 532) # CPU_PA_RISC2_0 + case "$sc_kernel_bits" in + 32) HP_ARCH=hppa2.0n ;; + 64) HP_ARCH=hppa2.0w ;; + '') HP_ARCH=hppa2.0 ;; # HP-UX 10.20 + esac ;; + esac + fi + if [ "$HP_ARCH" = "" ]; then + set_cc_for_build + sed 's/^ //' << EOF > "$dummy.c" + + #define _HPUX_SOURCE + #include + #include + + int main () + { + #if defined(_SC_KERNEL_BITS) + long bits = sysconf(_SC_KERNEL_BITS); + #endif + long cpu = sysconf (_SC_CPU_VERSION); + + switch (cpu) + { + case CPU_PA_RISC1_0: puts ("hppa1.0"); break; + case CPU_PA_RISC1_1: puts ("hppa1.1"); break; + case CPU_PA_RISC2_0: + #if defined(_SC_KERNEL_BITS) + switch (bits) + { + case 64: puts ("hppa2.0w"); break; + case 32: puts ("hppa2.0n"); break; + default: puts ("hppa2.0"); break; + } break; + #else /* !defined(_SC_KERNEL_BITS) */ + puts ("hppa2.0"); break; + #endif + default: puts ("hppa1.0"); break; + } + exit (0); + } +EOF + (CCOPTS="" $CC_FOR_BUILD -o "$dummy" "$dummy.c" 2>/dev/null) && HP_ARCH=`"$dummy"` + test -z "$HP_ARCH" && HP_ARCH=hppa + fi ;; + esac + if [ "$HP_ARCH" = hppa2.0w ] + then + set_cc_for_build + + # hppa2.0w-hp-hpux* has a 64-bit kernel and a compiler generating + # 32-bit code. hppa64-hp-hpux* has the same kernel and a compiler + # generating 64-bit code. GNU and HP use different nomenclature: + # + # $ CC_FOR_BUILD=cc ./config.guess + # => hppa2.0w-hp-hpux11.23 + # $ CC_FOR_BUILD="cc +DA2.0w" ./config.guess + # => hppa64-hp-hpux11.23 + + if echo __LP64__ | (CCOPTS="" $CC_FOR_BUILD -E - 2>/dev/null) | + grep -q __LP64__ + then + HP_ARCH=hppa2.0w + else + HP_ARCH=hppa64 + fi + fi + echo "$HP_ARCH"-hp-hpux"$HPUX_REV" + exit ;; + ia64:HP-UX:*:*) + HPUX_REV=`echo "$UNAME_RELEASE"|sed -e 's/[^.]*.[0B]*//'` + echo ia64-hp-hpux"$HPUX_REV" + exit ;; + 3050*:HI-UX:*:*) + set_cc_for_build + sed 's/^ //' << EOF > "$dummy.c" + #include + int + main () + { + long cpu = sysconf (_SC_CPU_VERSION); + /* The order matters, because CPU_IS_HP_MC68K erroneously returns + true for CPU_PA_RISC1_0. CPU_IS_PA_RISC returns correct + results, however. */ + if (CPU_IS_PA_RISC (cpu)) + { + switch (cpu) + { + case CPU_PA_RISC1_0: puts ("hppa1.0-hitachi-hiuxwe2"); break; + case CPU_PA_RISC1_1: puts ("hppa1.1-hitachi-hiuxwe2"); break; + case CPU_PA_RISC2_0: puts ("hppa2.0-hitachi-hiuxwe2"); break; + default: puts ("hppa-hitachi-hiuxwe2"); break; + } + } + else if (CPU_IS_HP_MC68K (cpu)) + puts ("m68k-hitachi-hiuxwe2"); + else puts ("unknown-hitachi-hiuxwe2"); + exit (0); + } +EOF + $CC_FOR_BUILD -o "$dummy" "$dummy.c" && SYSTEM_NAME=`"$dummy"` && + { echo "$SYSTEM_NAME"; exit; } + echo unknown-hitachi-hiuxwe2 + exit ;; + 9000/7??:4.3bsd:*:* | 9000/8?[79]:4.3bsd:*:*) + echo hppa1.1-hp-bsd + exit ;; + 9000/8??:4.3bsd:*:*) + echo hppa1.0-hp-bsd + exit ;; + *9??*:MPE/iX:*:* | *3000*:MPE/iX:*:*) + echo hppa1.0-hp-mpeix + exit ;; + hp7??:OSF1:*:* | hp8?[79]:OSF1:*:*) + echo hppa1.1-hp-osf + exit ;; + hp8??:OSF1:*:*) + echo hppa1.0-hp-osf + exit ;; + i*86:OSF1:*:*) + if [ -x /usr/sbin/sysversion ] ; then + echo "$UNAME_MACHINE"-unknown-osf1mk + else + echo "$UNAME_MACHINE"-unknown-osf1 + fi + exit ;; + parisc*:Lites*:*:*) + echo hppa1.1-hp-lites + exit ;; + C1*:ConvexOS:*:* | convex:ConvexOS:C1*:*) + echo c1-convex-bsd + exit ;; + C2*:ConvexOS:*:* | convex:ConvexOS:C2*:*) + if getsysinfo -f scalar_acc + then echo c32-convex-bsd + else echo c2-convex-bsd + fi + exit ;; + C34*:ConvexOS:*:* | convex:ConvexOS:C34*:*) + echo c34-convex-bsd + exit ;; + C38*:ConvexOS:*:* | convex:ConvexOS:C38*:*) + echo c38-convex-bsd + exit ;; + C4*:ConvexOS:*:* | convex:ConvexOS:C4*:*) + echo c4-convex-bsd + exit ;; + CRAY*Y-MP:*:*:*) + echo ymp-cray-unicos"$UNAME_RELEASE" | sed -e 's/\.[^.]*$/.X/' + exit ;; + CRAY*[A-Z]90:*:*:*) + echo "$UNAME_MACHINE"-cray-unicos"$UNAME_RELEASE" \ + | sed -e 's/CRAY.*\([A-Z]90\)/\1/' \ + -e y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/ \ + -e 's/\.[^.]*$/.X/' + exit ;; + CRAY*TS:*:*:*) + echo t90-cray-unicos"$UNAME_RELEASE" | sed -e 's/\.[^.]*$/.X/' + exit ;; + CRAY*T3E:*:*:*) + echo alphaev5-cray-unicosmk"$UNAME_RELEASE" | sed -e 's/\.[^.]*$/.X/' + exit ;; + CRAY*SV1:*:*:*) + echo sv1-cray-unicos"$UNAME_RELEASE" | sed -e 's/\.[^.]*$/.X/' + exit ;; + *:UNICOS/mp:*:*) + echo craynv-cray-unicosmp"$UNAME_RELEASE" | sed -e 's/\.[^.]*$/.X/' + exit ;; + F30[01]:UNIX_System_V:*:* | F700:UNIX_System_V:*:*) + FUJITSU_PROC=`uname -m | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz` + FUJITSU_SYS=`uname -p | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz | sed -e 's/\///'` + FUJITSU_REL=`echo "$UNAME_RELEASE" | sed -e 's/ /_/'` + echo "${FUJITSU_PROC}-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}" + exit ;; + 5000:UNIX_System_V:4.*:*) + FUJITSU_SYS=`uname -p | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz | sed -e 's/\///'` + FUJITSU_REL=`echo "$UNAME_RELEASE" | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz | sed -e 's/ /_/'` + echo "sparc-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}" + exit ;; + i*86:BSD/386:*:* | i*86:BSD/OS:*:* | *:Ascend\ Embedded/OS:*:*) + echo "$UNAME_MACHINE"-pc-bsdi"$UNAME_RELEASE" + exit ;; + sparc*:BSD/OS:*:*) + echo sparc-unknown-bsdi"$UNAME_RELEASE" + exit ;; + *:BSD/OS:*:*) + echo "$UNAME_MACHINE"-unknown-bsdi"$UNAME_RELEASE" + exit ;; + arm:FreeBSD:*:*) + UNAME_PROCESSOR=`uname -p` + set_cc_for_build + if echo __ARM_PCS_VFP | $CC_FOR_BUILD -E - 2>/dev/null \ + | grep -q __ARM_PCS_VFP + then + echo "${UNAME_PROCESSOR}"-unknown-freebsd"`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`"-gnueabi + else + echo "${UNAME_PROCESSOR}"-unknown-freebsd"`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`"-gnueabihf + fi + exit ;; + *:FreeBSD:*:*) + UNAME_PROCESSOR=`/usr/bin/uname -p` + case "$UNAME_PROCESSOR" in + amd64) + UNAME_PROCESSOR=x86_64 ;; + i386) + UNAME_PROCESSOR=i586 ;; + esac + echo "$UNAME_PROCESSOR"-unknown-freebsd"`echo "$UNAME_RELEASE"|sed -e 's/[-(].*//'`" + exit ;; + i*:CYGWIN*:*) + echo "$UNAME_MACHINE"-pc-cygwin + exit ;; + *:MINGW64*:*) + echo "$UNAME_MACHINE"-pc-mingw64 + exit ;; + *:MINGW*:*) + echo "$UNAME_MACHINE"-pc-mingw32 + exit ;; + *:MSYS*:*) + echo "$UNAME_MACHINE"-pc-msys + exit ;; + i*:PW*:*) + echo "$UNAME_MACHINE"-pc-pw32 + exit ;; + *:Interix*:*) + case "$UNAME_MACHINE" in + x86) + echo i586-pc-interix"$UNAME_RELEASE" + exit ;; + authenticamd | genuineintel | EM64T) + echo x86_64-unknown-interix"$UNAME_RELEASE" + exit ;; + IA64) + echo ia64-unknown-interix"$UNAME_RELEASE" + exit ;; + esac ;; + i*:UWIN*:*) + echo "$UNAME_MACHINE"-pc-uwin + exit ;; + amd64:CYGWIN*:*:* | x86_64:CYGWIN*:*:*) + echo x86_64-pc-cygwin + exit ;; + prep*:SunOS:5.*:*) + echo powerpcle-unknown-solaris2"`echo "$UNAME_RELEASE"|sed -e 's/[^.]*//'`" + exit ;; + *:GNU:*:*) + # the GNU system + echo "`echo "$UNAME_MACHINE"|sed -e 's,[-/].*$,,'`-unknown-$LIBC`echo "$UNAME_RELEASE"|sed -e 's,/.*$,,'`" + exit ;; + *:GNU/*:*:*) + # other systems with GNU libc and userland + echo "$UNAME_MACHINE-unknown-`echo "$UNAME_SYSTEM" | sed 's,^[^/]*/,,' | tr "[:upper:]" "[:lower:]"``echo "$UNAME_RELEASE"|sed -e 's/[-(].*//'`-$LIBC" + exit ;; + *:Minix:*:*) + echo "$UNAME_MACHINE"-unknown-minix + exit ;; + aarch64:Linux:*:*) + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" + exit ;; + aarch64_be:Linux:*:*) + UNAME_MACHINE=aarch64_be + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" + exit ;; + alpha:Linux:*:*) + case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' < /proc/cpuinfo` in + EV5) UNAME_MACHINE=alphaev5 ;; + EV56) UNAME_MACHINE=alphaev56 ;; + PCA56) UNAME_MACHINE=alphapca56 ;; + PCA57) UNAME_MACHINE=alphapca56 ;; + EV6) UNAME_MACHINE=alphaev6 ;; + EV67) UNAME_MACHINE=alphaev67 ;; + EV68*) UNAME_MACHINE=alphaev68 ;; + esac + objdump --private-headers /bin/sh | grep -q ld.so.1 + if test "$?" = 0 ; then LIBC=gnulibc1 ; fi + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" + exit ;; + arc:Linux:*:* | arceb:Linux:*:*) + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" + exit ;; + arm*:Linux:*:*) + set_cc_for_build + if echo __ARM_EABI__ | $CC_FOR_BUILD -E - 2>/dev/null \ + | grep -q __ARM_EABI__ + then + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" + else + if echo __ARM_PCS_VFP | $CC_FOR_BUILD -E - 2>/dev/null \ + | grep -q __ARM_PCS_VFP + then + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC"eabi + else + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC"eabihf + fi + fi + exit ;; + avr32*:Linux:*:*) + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" + exit ;; + cris:Linux:*:*) + echo "$UNAME_MACHINE"-axis-linux-"$LIBC" + exit ;; + crisv32:Linux:*:*) + echo "$UNAME_MACHINE"-axis-linux-"$LIBC" + exit ;; + e2k:Linux:*:*) + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" + exit ;; + frv:Linux:*:*) + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" + exit ;; + hexagon:Linux:*:*) + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" + exit ;; + i*86:Linux:*:*) + echo "$UNAME_MACHINE"-pc-linux-"$LIBC" + exit ;; + ia64:Linux:*:*) + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" + exit ;; + k1om:Linux:*:*) + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" + exit ;; + m32r*:Linux:*:*) + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" + exit ;; + m68*:Linux:*:*) + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" + exit ;; + mips:Linux:*:* | mips64:Linux:*:*) + set_cc_for_build + IS_GLIBC=0 + test x"${LIBC}" = xgnu && IS_GLIBC=1 + sed 's/^ //' << EOF > "$dummy.c" + #undef CPU + #undef mips + #undef mipsel + #undef mips64 + #undef mips64el + #if ${IS_GLIBC} && defined(_ABI64) + LIBCABI=gnuabi64 + #else + #if ${IS_GLIBC} && defined(_ABIN32) + LIBCABI=gnuabin32 + #else + LIBCABI=${LIBC} + #endif + #endif + + #if ${IS_GLIBC} && defined(__mips64) && defined(__mips_isa_rev) && __mips_isa_rev>=6 + CPU=mipsisa64r6 + #else + #if ${IS_GLIBC} && !defined(__mips64) && defined(__mips_isa_rev) && __mips_isa_rev>=6 + CPU=mipsisa32r6 + #else + #if defined(__mips64) + CPU=mips64 + #else + CPU=mips + #endif + #endif + #endif + + #if defined(__MIPSEL__) || defined(__MIPSEL) || defined(_MIPSEL) || defined(MIPSEL) + MIPS_ENDIAN=el + #else + #if defined(__MIPSEB__) || defined(__MIPSEB) || defined(_MIPSEB) || defined(MIPSEB) + MIPS_ENDIAN= + #else + MIPS_ENDIAN= + #endif + #endif +EOF + eval "`$CC_FOR_BUILD -E "$dummy.c" 2>/dev/null | grep '^CPU\|^MIPS_ENDIAN\|^LIBCABI'`" + test "x$CPU" != x && { echo "$CPU${MIPS_ENDIAN}-unknown-linux-$LIBCABI"; exit; } + ;; + mips64el:Linux:*:*) + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" + exit ;; + openrisc*:Linux:*:*) + echo or1k-unknown-linux-"$LIBC" + exit ;; + or32:Linux:*:* | or1k*:Linux:*:*) + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" + exit ;; + padre:Linux:*:*) + echo sparc-unknown-linux-"$LIBC" + exit ;; + parisc64:Linux:*:* | hppa64:Linux:*:*) + echo hppa64-unknown-linux-"$LIBC" + exit ;; + parisc:Linux:*:* | hppa:Linux:*:*) + # Look for CPU level + case `grep '^cpu[^a-z]*:' /proc/cpuinfo 2>/dev/null | cut -d' ' -f2` in + PA7*) echo hppa1.1-unknown-linux-"$LIBC" ;; + PA8*) echo hppa2.0-unknown-linux-"$LIBC" ;; + *) echo hppa-unknown-linux-"$LIBC" ;; + esac + exit ;; + ppc64:Linux:*:*) + echo powerpc64-unknown-linux-"$LIBC" + exit ;; + ppc:Linux:*:*) + echo powerpc-unknown-linux-"$LIBC" + exit ;; + ppc64le:Linux:*:*) + echo powerpc64le-unknown-linux-"$LIBC" + exit ;; + ppcle:Linux:*:*) + echo powerpcle-unknown-linux-"$LIBC" + exit ;; + riscv32:Linux:*:* | riscv64:Linux:*:*) + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" + exit ;; + s390:Linux:*:* | s390x:Linux:*:*) + echo "$UNAME_MACHINE"-ibm-linux-"$LIBC" + exit ;; + sh64*:Linux:*:*) + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" + exit ;; + sh*:Linux:*:*) + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" + exit ;; + sparc:Linux:*:* | sparc64:Linux:*:*) + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" + exit ;; + tile*:Linux:*:*) + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" + exit ;; + vax:Linux:*:*) + echo "$UNAME_MACHINE"-dec-linux-"$LIBC" + exit ;; + x86_64:Linux:*:*) + echo "$UNAME_MACHINE"-pc-linux-"$LIBC" + exit ;; + xtensa*:Linux:*:*) + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" + exit ;; + i*86:DYNIX/ptx:4*:*) + # ptx 4.0 does uname -s correctly, with DYNIX/ptx in there. + # earlier versions are messed up and put the nodename in both + # sysname and nodename. + echo i386-sequent-sysv4 + exit ;; + i*86:UNIX_SV:4.2MP:2.*) + # Unixware is an offshoot of SVR4, but it has its own version + # number series starting with 2... + # I am not positive that other SVR4 systems won't match this, + # I just have to hope. -- rms. + # Use sysv4.2uw... so that sysv4* matches it. + echo "$UNAME_MACHINE"-pc-sysv4.2uw"$UNAME_VERSION" + exit ;; + i*86:OS/2:*:*) + # If we were able to find `uname', then EMX Unix compatibility + # is probably installed. + echo "$UNAME_MACHINE"-pc-os2-emx + exit ;; + i*86:XTS-300:*:STOP) + echo "$UNAME_MACHINE"-unknown-stop + exit ;; + i*86:atheos:*:*) + echo "$UNAME_MACHINE"-unknown-atheos + exit ;; + i*86:syllable:*:*) + echo "$UNAME_MACHINE"-pc-syllable + exit ;; + i*86:LynxOS:2.*:* | i*86:LynxOS:3.[01]*:* | i*86:LynxOS:4.[02]*:*) + echo i386-unknown-lynxos"$UNAME_RELEASE" + exit ;; + i*86:*DOS:*:*) + echo "$UNAME_MACHINE"-pc-msdosdjgpp + exit ;; + i*86:*:4.*:*) + UNAME_REL=`echo "$UNAME_RELEASE" | sed 's/\/MP$//'` + if grep Novell /usr/include/link.h >/dev/null 2>/dev/null; then + echo "$UNAME_MACHINE"-univel-sysv"$UNAME_REL" + else + echo "$UNAME_MACHINE"-pc-sysv"$UNAME_REL" + fi + exit ;; + i*86:*:5:[678]*) + # UnixWare 7.x, OpenUNIX and OpenServer 6. + case `/bin/uname -X | grep "^Machine"` in + *486*) UNAME_MACHINE=i486 ;; + *Pentium) UNAME_MACHINE=i586 ;; + *Pent*|*Celeron) UNAME_MACHINE=i686 ;; + esac + echo "$UNAME_MACHINE-unknown-sysv${UNAME_RELEASE}${UNAME_SYSTEM}${UNAME_VERSION}" + exit ;; + i*86:*:3.2:*) + if test -f /usr/options/cb.name; then + UNAME_REL=`sed -n 's/.*Version //p' /dev/null >/dev/null ; then + UNAME_REL=`(/bin/uname -X|grep Release|sed -e 's/.*= //')` + (/bin/uname -X|grep i80486 >/dev/null) && UNAME_MACHINE=i486 + (/bin/uname -X|grep '^Machine.*Pentium' >/dev/null) \ + && UNAME_MACHINE=i586 + (/bin/uname -X|grep '^Machine.*Pent *II' >/dev/null) \ + && UNAME_MACHINE=i686 + (/bin/uname -X|grep '^Machine.*Pentium Pro' >/dev/null) \ + && UNAME_MACHINE=i686 + echo "$UNAME_MACHINE"-pc-sco"$UNAME_REL" + else + echo "$UNAME_MACHINE"-pc-sysv32 + fi + exit ;; + pc:*:*:*) + # Left here for compatibility: + # uname -m prints for DJGPP always 'pc', but it prints nothing about + # the processor, so we play safe by assuming i586. + # Note: whatever this is, it MUST be the same as what config.sub + # prints for the "djgpp" host, or else GDB configure will decide that + # this is a cross-build. + echo i586-pc-msdosdjgpp + exit ;; + Intel:Mach:3*:*) + echo i386-pc-mach3 + exit ;; + paragon:*:*:*) + echo i860-intel-osf1 + exit ;; + i860:*:4.*:*) # i860-SVR4 + if grep Stardent /usr/include/sys/uadmin.h >/dev/null 2>&1 ; then + echo i860-stardent-sysv"$UNAME_RELEASE" # Stardent Vistra i860-SVR4 + else # Add other i860-SVR4 vendors below as they are discovered. + echo i860-unknown-sysv"$UNAME_RELEASE" # Unknown i860-SVR4 + fi + exit ;; + mini*:CTIX:SYS*5:*) + # "miniframe" + echo m68010-convergent-sysv + exit ;; + mc68k:UNIX:SYSTEM5:3.51m) + echo m68k-convergent-sysv + exit ;; + M680?0:D-NIX:5.3:*) + echo m68k-diab-dnix + exit ;; + M68*:*:R3V[5678]*:*) + test -r /sysV68 && { echo 'm68k-motorola-sysv'; exit; } ;; + 3[345]??:*:4.0:3.0 | 3[34]??A:*:4.0:3.0 | 3[34]??,*:*:4.0:3.0 | 3[34]??/*:*:4.0:3.0 | 4400:*:4.0:3.0 | 4850:*:4.0:3.0 | SKA40:*:4.0:3.0 | SDS2:*:4.0:3.0 | SHG2:*:4.0:3.0 | S7501*:*:4.0:3.0) + OS_REL='' + test -r /etc/.relid \ + && OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid` + /bin/uname -p 2>/dev/null | grep 86 >/dev/null \ + && { echo i486-ncr-sysv4.3"$OS_REL"; exit; } + /bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \ + && { echo i586-ncr-sysv4.3"$OS_REL"; exit; } ;; + 3[34]??:*:4.0:* | 3[34]??,*:*:4.0:*) + /bin/uname -p 2>/dev/null | grep 86 >/dev/null \ + && { echo i486-ncr-sysv4; exit; } ;; + NCR*:*:4.2:* | MPRAS*:*:4.2:*) + OS_REL='.3' + test -r /etc/.relid \ + && OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid` + /bin/uname -p 2>/dev/null | grep 86 >/dev/null \ + && { echo i486-ncr-sysv4.3"$OS_REL"; exit; } + /bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \ + && { echo i586-ncr-sysv4.3"$OS_REL"; exit; } + /bin/uname -p 2>/dev/null | /bin/grep pteron >/dev/null \ + && { echo i586-ncr-sysv4.3"$OS_REL"; exit; } ;; + m68*:LynxOS:2.*:* | m68*:LynxOS:3.0*:*) + echo m68k-unknown-lynxos"$UNAME_RELEASE" + exit ;; + mc68030:UNIX_System_V:4.*:*) + echo m68k-atari-sysv4 + exit ;; + TSUNAMI:LynxOS:2.*:*) + echo sparc-unknown-lynxos"$UNAME_RELEASE" + exit ;; + rs6000:LynxOS:2.*:*) + echo rs6000-unknown-lynxos"$UNAME_RELEASE" + exit ;; + PowerPC:LynxOS:2.*:* | PowerPC:LynxOS:3.[01]*:* | PowerPC:LynxOS:4.[02]*:*) + echo powerpc-unknown-lynxos"$UNAME_RELEASE" + exit ;; + SM[BE]S:UNIX_SV:*:*) + echo mips-dde-sysv"$UNAME_RELEASE" + exit ;; + RM*:ReliantUNIX-*:*:*) + echo mips-sni-sysv4 + exit ;; + RM*:SINIX-*:*:*) + echo mips-sni-sysv4 + exit ;; + *:SINIX-*:*:*) + if uname -p 2>/dev/null >/dev/null ; then + UNAME_MACHINE=`(uname -p) 2>/dev/null` + echo "$UNAME_MACHINE"-sni-sysv4 + else + echo ns32k-sni-sysv + fi + exit ;; + PENTIUM:*:4.0*:*) # Unisys `ClearPath HMP IX 4000' SVR4/MP effort + # says + echo i586-unisys-sysv4 + exit ;; + *:UNIX_System_V:4*:FTX*) + # From Gerald Hewes . + # How about differentiating between stratus architectures? -djm + echo hppa1.1-stratus-sysv4 + exit ;; + *:*:*:FTX*) + # From seanf@swdc.stratus.com. + echo i860-stratus-sysv4 + exit ;; + i*86:VOS:*:*) + # From Paul.Green@stratus.com. + echo "$UNAME_MACHINE"-stratus-vos + exit ;; + *:VOS:*:*) + # From Paul.Green@stratus.com. + echo hppa1.1-stratus-vos + exit ;; + mc68*:A/UX:*:*) + echo m68k-apple-aux"$UNAME_RELEASE" + exit ;; + news*:NEWS-OS:6*:*) + echo mips-sony-newsos6 + exit ;; + R[34]000:*System_V*:*:* | R4000:UNIX_SYSV:*:* | R*000:UNIX_SV:*:*) + if [ -d /usr/nec ]; then + echo mips-nec-sysv"$UNAME_RELEASE" + else + echo mips-unknown-sysv"$UNAME_RELEASE" + fi + exit ;; + BeBox:BeOS:*:*) # BeOS running on hardware made by Be, PPC only. + echo powerpc-be-beos + exit ;; + BeMac:BeOS:*:*) # BeOS running on Mac or Mac clone, PPC only. + echo powerpc-apple-beos + exit ;; + BePC:BeOS:*:*) # BeOS running on Intel PC compatible. + echo i586-pc-beos + exit ;; + BePC:Haiku:*:*) # Haiku running on Intel PC compatible. + echo i586-pc-haiku + exit ;; + x86_64:Haiku:*:*) + echo x86_64-unknown-haiku + exit ;; + SX-4:SUPER-UX:*:*) + echo sx4-nec-superux"$UNAME_RELEASE" + exit ;; + SX-5:SUPER-UX:*:*) + echo sx5-nec-superux"$UNAME_RELEASE" + exit ;; + SX-6:SUPER-UX:*:*) + echo sx6-nec-superux"$UNAME_RELEASE" + exit ;; + SX-7:SUPER-UX:*:*) + echo sx7-nec-superux"$UNAME_RELEASE" + exit ;; + SX-8:SUPER-UX:*:*) + echo sx8-nec-superux"$UNAME_RELEASE" + exit ;; + SX-8R:SUPER-UX:*:*) + echo sx8r-nec-superux"$UNAME_RELEASE" + exit ;; + SX-ACE:SUPER-UX:*:*) + echo sxace-nec-superux"$UNAME_RELEASE" + exit ;; + Power*:Rhapsody:*:*) + echo powerpc-apple-rhapsody"$UNAME_RELEASE" + exit ;; + *:Rhapsody:*:*) + echo "$UNAME_MACHINE"-apple-rhapsody"$UNAME_RELEASE" + exit ;; + *:Darwin:*:*) + UNAME_PROCESSOR=`uname -p` || UNAME_PROCESSOR=unknown + set_cc_for_build + if test "$UNAME_PROCESSOR" = unknown ; then + UNAME_PROCESSOR=powerpc + fi + if test "`echo "$UNAME_RELEASE" | sed -e 's/\..*//'`" -le 10 ; then + if [ "$CC_FOR_BUILD" != no_compiler_found ]; then + if (echo '#ifdef __LP64__'; echo IS_64BIT_ARCH; echo '#endif') | \ + (CCOPTS="" $CC_FOR_BUILD -E - 2>/dev/null) | \ + grep IS_64BIT_ARCH >/dev/null + then + case $UNAME_PROCESSOR in + i386) UNAME_PROCESSOR=x86_64 ;; + powerpc) UNAME_PROCESSOR=powerpc64 ;; + esac + fi + # On 10.4-10.6 one might compile for PowerPC via gcc -arch ppc + if (echo '#ifdef __POWERPC__'; echo IS_PPC; echo '#endif') | \ + (CCOPTS="" $CC_FOR_BUILD -E - 2>/dev/null) | \ + grep IS_PPC >/dev/null + then + UNAME_PROCESSOR=powerpc + fi + fi + elif test "$UNAME_PROCESSOR" = i386 ; then + # Avoid executing cc on OS X 10.9, as it ships with a stub + # that puts up a graphical alert prompting to install + # developer tools. Any system running Mac OS X 10.7 or + # later (Darwin 11 and later) is required to have a 64-bit + # processor. This is not true of the ARM version of Darwin + # that Apple uses in portable devices. + UNAME_PROCESSOR=x86_64 + fi + echo "$UNAME_PROCESSOR"-apple-darwin"$UNAME_RELEASE" + exit ;; + *:procnto*:*:* | *:QNX:[0123456789]*:*) + UNAME_PROCESSOR=`uname -p` + if test "$UNAME_PROCESSOR" = x86; then + UNAME_PROCESSOR=i386 + UNAME_MACHINE=pc + fi + echo "$UNAME_PROCESSOR"-"$UNAME_MACHINE"-nto-qnx"$UNAME_RELEASE" + exit ;; + *:QNX:*:4*) + echo i386-pc-qnx + exit ;; + NEO-*:NONSTOP_KERNEL:*:*) + echo neo-tandem-nsk"$UNAME_RELEASE" + exit ;; + NSE-*:NONSTOP_KERNEL:*:*) + echo nse-tandem-nsk"$UNAME_RELEASE" + exit ;; + NSR-*:NONSTOP_KERNEL:*:*) + echo nsr-tandem-nsk"$UNAME_RELEASE" + exit ;; + NSV-*:NONSTOP_KERNEL:*:*) + echo nsv-tandem-nsk"$UNAME_RELEASE" + exit ;; + NSX-*:NONSTOP_KERNEL:*:*) + echo nsx-tandem-nsk"$UNAME_RELEASE" + exit ;; + *:NonStop-UX:*:*) + echo mips-compaq-nonstopux + exit ;; + BS2000:POSIX*:*:*) + echo bs2000-siemens-sysv + exit ;; + DS/*:UNIX_System_V:*:*) + echo "$UNAME_MACHINE"-"$UNAME_SYSTEM"-"$UNAME_RELEASE" + exit ;; + *:Plan9:*:*) + # "uname -m" is not consistent, so use $cputype instead. 386 + # is converted to i386 for consistency with other x86 + # operating systems. + # shellcheck disable=SC2154 + if test "$cputype" = 386; then + UNAME_MACHINE=i386 + else + UNAME_MACHINE="$cputype" + fi + echo "$UNAME_MACHINE"-unknown-plan9 + exit ;; + *:TOPS-10:*:*) + echo pdp10-unknown-tops10 + exit ;; + *:TENEX:*:*) + echo pdp10-unknown-tenex + exit ;; + KS10:TOPS-20:*:* | KL10:TOPS-20:*:* | TYPE4:TOPS-20:*:*) + echo pdp10-dec-tops20 + exit ;; + XKL-1:TOPS-20:*:* | TYPE5:TOPS-20:*:*) + echo pdp10-xkl-tops20 + exit ;; + *:TOPS-20:*:*) + echo pdp10-unknown-tops20 + exit ;; + *:ITS:*:*) + echo pdp10-unknown-its + exit ;; + SEI:*:*:SEIUX) + echo mips-sei-seiux"$UNAME_RELEASE" + exit ;; + *:DragonFly:*:*) + echo "$UNAME_MACHINE"-unknown-dragonfly"`echo "$UNAME_RELEASE"|sed -e 's/[-(].*//'`" + exit ;; + *:*VMS:*:*) + UNAME_MACHINE=`(uname -p) 2>/dev/null` + case "$UNAME_MACHINE" in + A*) echo alpha-dec-vms ; exit ;; + I*) echo ia64-dec-vms ; exit ;; + V*) echo vax-dec-vms ; exit ;; + esac ;; + *:XENIX:*:SysV) + echo i386-pc-xenix + exit ;; + i*86:skyos:*:*) + echo "$UNAME_MACHINE"-pc-skyos"`echo "$UNAME_RELEASE" | sed -e 's/ .*$//'`" + exit ;; + i*86:rdos:*:*) + echo "$UNAME_MACHINE"-pc-rdos + exit ;; + i*86:AROS:*:*) + echo "$UNAME_MACHINE"-pc-aros + exit ;; + x86_64:VMkernel:*:*) + echo "$UNAME_MACHINE"-unknown-esx + exit ;; + amd64:Isilon\ OneFS:*:*) + echo x86_64-unknown-onefs + exit ;; + *:Unleashed:*:*) + echo "$UNAME_MACHINE"-unknown-unleashed"$UNAME_RELEASE" + exit ;; +esac + +# No uname command or uname output not recognized. +set_cc_for_build +cat > "$dummy.c" < +#include +#endif +#if defined(ultrix) || defined(_ultrix) || defined(__ultrix) || defined(__ultrix__) +#if defined (vax) || defined (__vax) || defined (__vax__) || defined(mips) || defined(__mips) || defined(__mips__) || defined(MIPS) || defined(__MIPS__) +#include +#if defined(_SIZE_T_) || defined(SIGLOST) +#include +#endif +#endif +#endif +main () +{ +#if defined (sony) +#if defined (MIPSEB) + /* BFD wants "bsd" instead of "newsos". Perhaps BFD should be changed, + I don't know.... */ + printf ("mips-sony-bsd\n"); exit (0); +#else +#include + printf ("m68k-sony-newsos%s\n", +#ifdef NEWSOS4 + "4" +#else + "" +#endif + ); exit (0); +#endif +#endif + +#if defined (NeXT) +#if !defined (__ARCHITECTURE__) +#define __ARCHITECTURE__ "m68k" +#endif + int version; + version=`(hostinfo | sed -n 's/.*NeXT Mach \([0-9]*\).*/\1/p') 2>/dev/null`; + if (version < 4) + printf ("%s-next-nextstep%d\n", __ARCHITECTURE__, version); + else + printf ("%s-next-openstep%d\n", __ARCHITECTURE__, version); + exit (0); +#endif + +#if defined (MULTIMAX) || defined (n16) +#if defined (UMAXV) + printf ("ns32k-encore-sysv\n"); exit (0); +#else +#if defined (CMU) + printf ("ns32k-encore-mach\n"); exit (0); +#else + printf ("ns32k-encore-bsd\n"); exit (0); +#endif +#endif +#endif + +#if defined (__386BSD__) + printf ("i386-pc-bsd\n"); exit (0); +#endif + +#if defined (sequent) +#if defined (i386) + printf ("i386-sequent-dynix\n"); exit (0); +#endif +#if defined (ns32000) + printf ("ns32k-sequent-dynix\n"); exit (0); +#endif +#endif + +#if defined (_SEQUENT_) + struct utsname un; + + uname(&un); + if (strncmp(un.version, "V2", 2) == 0) { + printf ("i386-sequent-ptx2\n"); exit (0); + } + if (strncmp(un.version, "V1", 2) == 0) { /* XXX is V1 correct? */ + printf ("i386-sequent-ptx1\n"); exit (0); + } + printf ("i386-sequent-ptx\n"); exit (0); +#endif + +#if defined (vax) +#if !defined (ultrix) +#include +#if defined (BSD) +#if BSD == 43 + printf ("vax-dec-bsd4.3\n"); exit (0); +#else +#if BSD == 199006 + printf ("vax-dec-bsd4.3reno\n"); exit (0); +#else + printf ("vax-dec-bsd\n"); exit (0); +#endif +#endif +#else + printf ("vax-dec-bsd\n"); exit (0); +#endif +#else +#if defined(_SIZE_T_) || defined(SIGLOST) + struct utsname un; + uname (&un); + printf ("vax-dec-ultrix%s\n", un.release); exit (0); +#else + printf ("vax-dec-ultrix\n"); exit (0); +#endif +#endif +#endif +#if defined(ultrix) || defined(_ultrix) || defined(__ultrix) || defined(__ultrix__) +#if defined(mips) || defined(__mips) || defined(__mips__) || defined(MIPS) || defined(__MIPS__) +#if defined(_SIZE_T_) || defined(SIGLOST) + struct utsname *un; + uname (&un); + printf ("mips-dec-ultrix%s\n", un.release); exit (0); +#else + printf ("mips-dec-ultrix\n"); exit (0); +#endif +#endif +#endif + +#if defined (alliant) && defined (i860) + printf ("i860-alliant-bsd\n"); exit (0); +#endif + + exit (1); +} +EOF + +$CC_FOR_BUILD -o "$dummy" "$dummy.c" 2>/dev/null && SYSTEM_NAME=`$dummy` && + { echo "$SYSTEM_NAME"; exit; } + +# Apollos put the system type in the environment. +test -d /usr/apollo && { echo "$ISP-apollo-$SYSTYPE"; exit; } + +echo "$0: unable to guess system type" >&2 + +case "$UNAME_MACHINE:$UNAME_SYSTEM" in + mips:Linux | mips64:Linux) + # If we got here on MIPS GNU/Linux, output extra information. + cat >&2 <&2 </dev/null || echo unknown` +uname -r = `(uname -r) 2>/dev/null || echo unknown` +uname -s = `(uname -s) 2>/dev/null || echo unknown` +uname -v = `(uname -v) 2>/dev/null || echo unknown` + +/usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null` +/bin/uname -X = `(/bin/uname -X) 2>/dev/null` + +hostinfo = `(hostinfo) 2>/dev/null` +/bin/universe = `(/bin/universe) 2>/dev/null` +/usr/bin/arch -k = `(/usr/bin/arch -k) 2>/dev/null` +/bin/arch = `(/bin/arch) 2>/dev/null` +/usr/bin/oslevel = `(/usr/bin/oslevel) 2>/dev/null` +/usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null` + +UNAME_MACHINE = "$UNAME_MACHINE" +UNAME_RELEASE = "$UNAME_RELEASE" +UNAME_SYSTEM = "$UNAME_SYSTEM" +UNAME_VERSION = "$UNAME_VERSION" +EOF + +exit 1 + +# Local variables: +# eval: (add-hook 'before-save-hook 'time-stamp) +# time-stamp-start: "timestamp='" +# time-stamp-format: "%:y-%02m-%02d" +# time-stamp-end: "'" +# End: diff --git a/build-aux/config.rpath b/build-aux/config.rpath new file mode 100755 index 0000000..be202c1 --- /dev/null +++ b/build-aux/config.rpath @@ -0,0 +1,684 @@ +#! /bin/sh +# Output a system dependent set of variables, describing how to set the +# run time search path of shared libraries in an executable. +# +# Copyright 1996-2019 Free Software Foundation, Inc. +# Taken from GNU libtool, 2001 +# Originally by Gordon Matzigkeit , 1996 +# +# This file is free software; the Free Software Foundation gives +# unlimited permission to copy and/or distribute it, with or without +# modifications, as long as this notice is preserved. +# +# The first argument passed to this file is the canonical host specification, +# CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM +# or +# CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM +# The environment variables CC, GCC, LDFLAGS, LD, with_gnu_ld +# should be set by the caller. +# +# The set of defined variables is at the end of this script. + +# Known limitations: +# - On IRIX 6.5 with CC="cc", the run time search patch must not be longer +# than 256 bytes, otherwise the compiler driver will dump core. The only +# known workaround is to choose shorter directory names for the build +# directory and/or the installation directory. + +# All known linkers require a '.a' archive for static linking (except MSVC, +# which needs '.lib'). +libext=a +shrext=.so + +host="$1" +host_cpu=`echo "$host" | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\1/'` +host_vendor=`echo "$host" | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\2/'` +host_os=`echo "$host" | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\3/'` + +# Code taken from libtool.m4's _LT_CC_BASENAME. + +for cc_temp in $CC""; do + case $cc_temp in + compile | *[\\/]compile | ccache | *[\\/]ccache ) ;; + distcc | *[\\/]distcc | purify | *[\\/]purify ) ;; + \-*) ;; + *) break;; + esac +done +cc_basename=`echo "$cc_temp" | sed -e 's%^.*/%%'` + +# Code taken from libtool.m4's _LT_COMPILER_PIC. + +wl= +if test "$GCC" = yes; then + wl='-Wl,' +else + case "$host_os" in + aix*) + wl='-Wl,' + ;; + mingw* | cygwin* | pw32* | os2* | cegcc*) + ;; + hpux9* | hpux10* | hpux11*) + wl='-Wl,' + ;; + irix5* | irix6* | nonstopux*) + wl='-Wl,' + ;; + linux* | k*bsd*-gnu | kopensolaris*-gnu) + case $cc_basename in + ecc*) + wl='-Wl,' + ;; + icc* | ifort*) + wl='-Wl,' + ;; + lf95*) + wl='-Wl,' + ;; + nagfor*) + wl='-Wl,-Wl,,' + ;; + pgcc* | pgf77* | pgf90* | pgf95* | pgfortran*) + wl='-Wl,' + ;; + ccc*) + wl='-Wl,' + ;; + xl* | bgxl* | bgf* | mpixl*) + wl='-Wl,' + ;; + como) + wl='-lopt=' + ;; + *) + case `$CC -V 2>&1 | sed 5q` in + *Sun\ F* | *Sun*Fortran*) + wl= + ;; + *Sun\ C*) + wl='-Wl,' + ;; + esac + ;; + esac + ;; + newsos6) + ;; + *nto* | *qnx*) + ;; + osf3* | osf4* | osf5*) + wl='-Wl,' + ;; + rdos*) + ;; + solaris*) + case $cc_basename in + f77* | f90* | f95* | sunf77* | sunf90* | sunf95*) + wl='-Qoption ld ' + ;; + *) + wl='-Wl,' + ;; + esac + ;; + sunos4*) + wl='-Qoption ld ' + ;; + sysv4 | sysv4.2uw2* | sysv4.3*) + wl='-Wl,' + ;; + sysv4*MP*) + ;; + sysv5* | unixware* | sco3.2v5* | sco5v6* | OpenUNIX*) + wl='-Wl,' + ;; + unicos*) + wl='-Wl,' + ;; + uts4*) + ;; + esac +fi + +# Code taken from libtool.m4's _LT_LINKER_SHLIBS. + +hardcode_libdir_flag_spec= +hardcode_libdir_separator= +hardcode_direct=no +hardcode_minus_L=no + +case "$host_os" in + cygwin* | mingw* | pw32* | cegcc*) + # FIXME: the MSVC++ port hasn't been tested in a loooong time + # When not using gcc, we currently assume that we are using + # Microsoft Visual C++. + if test "$GCC" != yes; then + with_gnu_ld=no + fi + ;; + interix*) + # we just hope/assume this is gcc and not c89 (= MSVC++) + with_gnu_ld=yes + ;; + openbsd*) + with_gnu_ld=no + ;; +esac + +ld_shlibs=yes +if test "$with_gnu_ld" = yes; then + # Set some defaults for GNU ld with shared library support. These + # are reset later if shared libraries are not supported. Putting them + # here allows them to be overridden if necessary. + # Unlike libtool, we use -rpath here, not --rpath, since the documented + # option of GNU ld is called -rpath, not --rpath. + hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir' + case "$host_os" in + aix[3-9]*) + # On AIX/PPC, the GNU linker is very broken + if test "$host_cpu" != ia64; then + ld_shlibs=no + fi + ;; + amigaos*) + case "$host_cpu" in + powerpc) + ;; + m68k) + hardcode_libdir_flag_spec='-L$libdir' + hardcode_minus_L=yes + ;; + esac + ;; + beos*) + if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then + : + else + ld_shlibs=no + fi + ;; + cygwin* | mingw* | pw32* | cegcc*) + # hardcode_libdir_flag_spec is actually meaningless, as there is + # no search path for DLLs. + hardcode_libdir_flag_spec='-L$libdir' + if $LD --help 2>&1 | grep 'auto-import' > /dev/null; then + : + else + ld_shlibs=no + fi + ;; + haiku*) + ;; + interix[3-9]*) + hardcode_direct=no + hardcode_libdir_flag_spec='${wl}-rpath,$libdir' + ;; + gnu* | linux* | tpf* | k*bsd*-gnu | kopensolaris*-gnu) + if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then + : + else + ld_shlibs=no + fi + ;; + netbsd*) + ;; + solaris*) + if $LD -v 2>&1 | grep 'BFD 2\.8' > /dev/null; then + ld_shlibs=no + elif $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then + : + else + ld_shlibs=no + fi + ;; + sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX*) + case `$LD -v 2>&1` in + *\ [01].* | *\ 2.[0-9].* | *\ 2.1[0-5].*) + ld_shlibs=no + ;; + *) + if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then + hardcode_libdir_flag_spec='`test -z "$SCOABSPATH" && echo ${wl}-rpath,$libdir`' + else + ld_shlibs=no + fi + ;; + esac + ;; + sunos4*) + hardcode_direct=yes + ;; + *) + if $LD --help 2>&1 | grep ': supported targets:.* elf' > /dev/null; then + : + else + ld_shlibs=no + fi + ;; + esac + if test "$ld_shlibs" = no; then + hardcode_libdir_flag_spec= + fi +else + case "$host_os" in + aix3*) + # Note: this linker hardcodes the directories in LIBPATH if there + # are no directories specified by -L. + hardcode_minus_L=yes + if test "$GCC" = yes; then + # Neither direct hardcoding nor static linking is supported with a + # broken collect2. + hardcode_direct=unsupported + fi + ;; + aix[4-9]*) + if test "$host_cpu" = ia64; then + # On IA64, the linker does run time linking by default, so we don't + # have to do anything special. + aix_use_runtimelinking=no + else + aix_use_runtimelinking=no + # Test if we are trying to use run time linking or normal + # AIX style linking. If -brtl is somewhere in LDFLAGS, we + # need to do runtime linking. + case $host_os in aix4.[23]|aix4.[23].*|aix[5-9]*) + for ld_flag in $LDFLAGS; do + if (test $ld_flag = "-brtl" || test $ld_flag = "-Wl,-brtl"); then + aix_use_runtimelinking=yes + break + fi + done + ;; + esac + fi + hardcode_direct=yes + hardcode_libdir_separator=':' + if test "$GCC" = yes; then + case $host_os in aix4.[012]|aix4.[012].*) + collect2name=`${CC} -print-prog-name=collect2` + if test -f "$collect2name" && \ + strings "$collect2name" | grep resolve_lib_name >/dev/null + then + # We have reworked collect2 + : + else + # We have old collect2 + hardcode_direct=unsupported + hardcode_minus_L=yes + hardcode_libdir_flag_spec='-L$libdir' + hardcode_libdir_separator= + fi + ;; + esac + fi + # Begin _LT_AC_SYS_LIBPATH_AIX. + echo 'int main () { return 0; }' > conftest.c + ${CC} ${LDFLAGS} conftest.c -o conftest + aix_libpath=`dump -H conftest 2>/dev/null | sed -n -e '/Import File Strings/,/^$/ { /^0/ { s/^0 *\(.*\)$/\1/; p; } +}'` + if test -z "$aix_libpath"; then + aix_libpath=`dump -HX64 conftest 2>/dev/null | sed -n -e '/Import File Strings/,/^$/ { /^0/ { s/^0 *\(.*\)$/\1/; p; } +}'` + fi + if test -z "$aix_libpath"; then + aix_libpath="/usr/lib:/lib" + fi + rm -f conftest.c conftest + # End _LT_AC_SYS_LIBPATH_AIX. + if test "$aix_use_runtimelinking" = yes; then + hardcode_libdir_flag_spec='${wl}-blibpath:$libdir:'"$aix_libpath" + else + if test "$host_cpu" = ia64; then + hardcode_libdir_flag_spec='${wl}-R $libdir:/usr/lib:/lib' + else + hardcode_libdir_flag_spec='${wl}-blibpath:$libdir:'"$aix_libpath" + fi + fi + ;; + amigaos*) + case "$host_cpu" in + powerpc) + ;; + m68k) + hardcode_libdir_flag_spec='-L$libdir' + hardcode_minus_L=yes + ;; + esac + ;; + bsdi[45]*) + ;; + cygwin* | mingw* | pw32* | cegcc*) + # When not using gcc, we currently assume that we are using + # Microsoft Visual C++. + # hardcode_libdir_flag_spec is actually meaningless, as there is + # no search path for DLLs. + hardcode_libdir_flag_spec=' ' + libext=lib + ;; + darwin* | rhapsody*) + hardcode_direct=no + if { case $cc_basename in ifort*) true;; *) test "$GCC" = yes;; esac; }; then + : + else + ld_shlibs=no + fi + ;; + dgux*) + hardcode_libdir_flag_spec='-L$libdir' + ;; + freebsd2.[01]*) + hardcode_direct=yes + hardcode_minus_L=yes + ;; + freebsd* | dragonfly*) + hardcode_libdir_flag_spec='-R$libdir' + hardcode_direct=yes + ;; + hpux9*) + hardcode_libdir_flag_spec='${wl}+b ${wl}$libdir' + hardcode_libdir_separator=: + hardcode_direct=yes + # hardcode_minus_L: Not really in the search PATH, + # but as the default location of the library. + hardcode_minus_L=yes + ;; + hpux10*) + if test "$with_gnu_ld" = no; then + hardcode_libdir_flag_spec='${wl}+b ${wl}$libdir' + hardcode_libdir_separator=: + hardcode_direct=yes + # hardcode_minus_L: Not really in the search PATH, + # but as the default location of the library. + hardcode_minus_L=yes + fi + ;; + hpux11*) + if test "$with_gnu_ld" = no; then + hardcode_libdir_flag_spec='${wl}+b ${wl}$libdir' + hardcode_libdir_separator=: + case $host_cpu in + hppa*64*|ia64*) + hardcode_direct=no + ;; + *) + hardcode_direct=yes + # hardcode_minus_L: Not really in the search PATH, + # but as the default location of the library. + hardcode_minus_L=yes + ;; + esac + fi + ;; + irix5* | irix6* | nonstopux*) + hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir' + hardcode_libdir_separator=: + ;; + netbsd*) + hardcode_libdir_flag_spec='-R$libdir' + hardcode_direct=yes + ;; + newsos6) + hardcode_direct=yes + hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir' + hardcode_libdir_separator=: + ;; + *nto* | *qnx*) + ;; + openbsd*) + if test -f /usr/libexec/ld.so; then + hardcode_direct=yes + if test -z "`echo __ELF__ | $CC -E - | grep __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then + hardcode_libdir_flag_spec='${wl}-rpath,$libdir' + else + case "$host_os" in + openbsd[01].* | openbsd2.[0-7] | openbsd2.[0-7].*) + hardcode_libdir_flag_spec='-R$libdir' + ;; + *) + hardcode_libdir_flag_spec='${wl}-rpath,$libdir' + ;; + esac + fi + else + ld_shlibs=no + fi + ;; + os2*) + hardcode_libdir_flag_spec='-L$libdir' + hardcode_minus_L=yes + ;; + osf3*) + hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir' + hardcode_libdir_separator=: + ;; + osf4* | osf5*) + if test "$GCC" = yes; then + hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir' + else + # Both cc and cxx compiler support -rpath directly + hardcode_libdir_flag_spec='-rpath $libdir' + fi + hardcode_libdir_separator=: + ;; + solaris*) + hardcode_libdir_flag_spec='-R$libdir' + ;; + sunos4*) + hardcode_libdir_flag_spec='-L$libdir' + hardcode_direct=yes + hardcode_minus_L=yes + ;; + sysv4) + case $host_vendor in + sni) + hardcode_direct=yes # is this really true??? + ;; + siemens) + hardcode_direct=no + ;; + motorola) + hardcode_direct=no #Motorola manual says yes, but my tests say they lie + ;; + esac + ;; + sysv4.3*) + ;; + sysv4*MP*) + if test -d /usr/nec; then + ld_shlibs=yes + fi + ;; + sysv4*uw2* | sysv5OpenUNIX* | sysv5UnixWare7.[01].[10]* | unixware7* | sco3.2v5.0.[024]*) + ;; + sysv5* | sco3.2v5* | sco5v6*) + hardcode_libdir_flag_spec='`test -z "$SCOABSPATH" && echo ${wl}-R,$libdir`' + hardcode_libdir_separator=':' + ;; + uts4*) + hardcode_libdir_flag_spec='-L$libdir' + ;; + *) + ld_shlibs=no + ;; + esac +fi + +# Check dynamic linker characteristics +# Code taken from libtool.m4's _LT_SYS_DYNAMIC_LINKER. +# Unlike libtool.m4, here we don't care about _all_ names of the library, but +# only about the one the linker finds when passed -lNAME. This is the last +# element of library_names_spec in libtool.m4, or possibly two of them if the +# linker has special search rules. +library_names_spec= # the last element of library_names_spec in libtool.m4 +libname_spec='lib$name' +case "$host_os" in + aix3*) + library_names_spec='$libname.a' + ;; + aix[4-9]*) + library_names_spec='$libname$shrext' + ;; + amigaos*) + case "$host_cpu" in + powerpc*) + library_names_spec='$libname$shrext' ;; + m68k) + library_names_spec='$libname.a' ;; + esac + ;; + beos*) + library_names_spec='$libname$shrext' + ;; + bsdi[45]*) + library_names_spec='$libname$shrext' + ;; + cygwin* | mingw* | pw32* | cegcc*) + shrext=.dll + library_names_spec='$libname.dll.a $libname.lib' + ;; + darwin* | rhapsody*) + shrext=.dylib + library_names_spec='$libname$shrext' + ;; + dgux*) + library_names_spec='$libname$shrext' + ;; + freebsd[23].*) + library_names_spec='$libname$shrext$versuffix' + ;; + freebsd* | dragonfly*) + library_names_spec='$libname$shrext' + ;; + gnu*) + library_names_spec='$libname$shrext' + ;; + haiku*) + library_names_spec='$libname$shrext' + ;; + hpux9* | hpux10* | hpux11*) + case $host_cpu in + ia64*) + shrext=.so + ;; + hppa*64*) + shrext=.sl + ;; + *) + shrext=.sl + ;; + esac + library_names_spec='$libname$shrext' + ;; + interix[3-9]*) + library_names_spec='$libname$shrext' + ;; + irix5* | irix6* | nonstopux*) + library_names_spec='$libname$shrext' + case "$host_os" in + irix5* | nonstopux*) + libsuff= shlibsuff= + ;; + *) + case $LD in + *-32|*"-32 "|*-melf32bsmip|*"-melf32bsmip ") libsuff= shlibsuff= ;; + *-n32|*"-n32 "|*-melf32bmipn32|*"-melf32bmipn32 ") libsuff=32 shlibsuff=N32 ;; + *-64|*"-64 "|*-melf64bmip|*"-melf64bmip ") libsuff=64 shlibsuff=64 ;; + *) libsuff= shlibsuff= ;; + esac + ;; + esac + ;; + linux*oldld* | linux*aout* | linux*coff*) + ;; + linux* | k*bsd*-gnu | kopensolaris*-gnu) + library_names_spec='$libname$shrext' + ;; + knetbsd*-gnu) + library_names_spec='$libname$shrext' + ;; + netbsd*) + library_names_spec='$libname$shrext' + ;; + newsos6) + library_names_spec='$libname$shrext' + ;; + *nto* | *qnx*) + library_names_spec='$libname$shrext' + ;; + openbsd*) + library_names_spec='$libname$shrext$versuffix' + ;; + os2*) + libname_spec='$name' + shrext=.dll + library_names_spec='$libname.a' + ;; + osf3* | osf4* | osf5*) + library_names_spec='$libname$shrext' + ;; + rdos*) + ;; + solaris*) + library_names_spec='$libname$shrext' + ;; + sunos4*) + library_names_spec='$libname$shrext$versuffix' + ;; + sysv4 | sysv4.3*) + library_names_spec='$libname$shrext' + ;; + sysv4*MP*) + library_names_spec='$libname$shrext' + ;; + sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*) + library_names_spec='$libname$shrext' + ;; + tpf*) + library_names_spec='$libname$shrext' + ;; + uts4*) + library_names_spec='$libname$shrext' + ;; +esac + +sed_quote_subst='s/\(["`$\\]\)/\\\1/g' +escaped_wl=`echo "X$wl" | sed -e 's/^X//' -e "$sed_quote_subst"` +shlibext=`echo "$shrext" | sed -e 's,^\.,,'` +escaped_libname_spec=`echo "X$libname_spec" | sed -e 's/^X//' -e "$sed_quote_subst"` +escaped_library_names_spec=`echo "X$library_names_spec" | sed -e 's/^X//' -e "$sed_quote_subst"` +escaped_hardcode_libdir_flag_spec=`echo "X$hardcode_libdir_flag_spec" | sed -e 's/^X//' -e "$sed_quote_subst"` + +LC_ALL=C sed -e 's/^\([a-zA-Z0-9_]*\)=/acl_cv_\1=/' <. +# +# As a special exception to the GNU General Public License, if you +# distribute this file as part of a program that contains a +# configuration script generated by Autoconf, you may include it under +# the same distribution terms that you use for the rest of that +# program. This Exception is an additional permission under section 7 +# of the GNU General Public License, version 3 ("GPLv3"). + + +# Please send patches to . +# +# Configuration subroutine to validate and canonicalize a configuration type. +# Supply the specified configuration type as an argument. +# If it is invalid, we print an error message on stderr and exit with code 1. +# Otherwise, we print the canonical config type on stdout and succeed. + +# You can get the latest version of this script from: +# https://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub + +# This file is supposed to be the same for all GNU packages +# and recognize all the CPU types, system types and aliases +# that are meaningful with *any* GNU software. +# Each package is responsible for reporting which valid configurations +# it does not support. The user should be able to distinguish +# a failure to support a valid configuration from a meaningless +# configuration. + +# The goal of this file is to map all the various variations of a given +# machine specification into a single specification in the form: +# CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM +# or in some cases, the newer four-part form: +# CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM +# It is wrong to echo any other type of specification. + +me=`echo "$0" | sed -e 's,.*/,,'` + +usage="\ +Usage: $0 [OPTION] CPU-MFR-OPSYS or ALIAS + +Canonicalize a configuration name. + +Options: + -h, --help print this help, then exit + -t, --time-stamp print date of last modification, then exit + -v, --version print version number, then exit + +Report bugs and patches to ." + +version="\ +GNU config.sub ($timestamp) + +Copyright 1992-2019 Free Software Foundation, Inc. + +This is free software; see the source for copying conditions. There is NO +warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." + +help=" +Try \`$me --help' for more information." + +# Parse command line +while test $# -gt 0 ; do + case $1 in + --time-stamp | --time* | -t ) + echo "$timestamp" ; exit ;; + --version | -v ) + echo "$version" ; exit ;; + --help | --h* | -h ) + echo "$usage"; exit ;; + -- ) # Stop option processing + shift; break ;; + - ) # Use stdin as input. + break ;; + -* ) + echo "$me: invalid option $1$help" >&2 + exit 1 ;; + + *local*) + # First pass through any local machine types. + echo "$1" + exit ;; + + * ) + break ;; + esac +done + +case $# in + 0) echo "$me: missing argument$help" >&2 + exit 1;; + 1) ;; + *) echo "$me: too many arguments$help" >&2 + exit 1;; +esac + +# Split fields of configuration type +# shellcheck disable=SC2162 +IFS="-" read field1 field2 field3 field4 <&2 + exit 1 + ;; + *-*-*-*) + basic_machine=$field1-$field2 + os=$field3-$field4 + ;; + *-*-*) + # Ambiguous whether COMPANY is present, or skipped and KERNEL-OS is two + # parts + maybe_os=$field2-$field3 + case $maybe_os in + nto-qnx* | linux-gnu* | linux-android* | linux-dietlibc \ + | linux-newlib* | linux-musl* | linux-uclibc* | uclinux-uclibc* \ + | uclinux-gnu* | kfreebsd*-gnu* | knetbsd*-gnu* | netbsd*-gnu* \ + | netbsd*-eabi* | kopensolaris*-gnu* | cloudabi*-eabi* \ + | storm-chaos* | os2-emx* | rtmk-nova*) + basic_machine=$field1 + os=$maybe_os + ;; + android-linux) + basic_machine=$field1-unknown + os=linux-android + ;; + *) + basic_machine=$field1-$field2 + os=$field3 + ;; + esac + ;; + *-*) + # A lone config we happen to match not fitting any pattern + case $field1-$field2 in + decstation-3100) + basic_machine=mips-dec + os= + ;; + *-*) + # Second component is usually, but not always the OS + case $field2 in + # Prevent following clause from handling this valid os + sun*os*) + basic_machine=$field1 + os=$field2 + ;; + # Manufacturers + dec* | mips* | sequent* | encore* | pc533* | sgi* | sony* \ + | att* | 7300* | 3300* | delta* | motorola* | sun[234]* \ + | unicom* | ibm* | next | hp | isi* | apollo | altos* \ + | convergent* | ncr* | news | 32* | 3600* | 3100* \ + | hitachi* | c[123]* | convex* | sun | crds | omron* | dg \ + | ultra | tti* | harris | dolphin | highlevel | gould \ + | cbm | ns | masscomp | apple | axis | knuth | cray \ + | microblaze* | sim | cisco \ + | oki | wec | wrs | winbond) + basic_machine=$field1-$field2 + os= + ;; + *) + basic_machine=$field1 + os=$field2 + ;; + esac + ;; + esac + ;; + *) + # Convert single-component short-hands not valid as part of + # multi-component configurations. + case $field1 in + 386bsd) + basic_machine=i386-pc + os=bsd + ;; + a29khif) + basic_machine=a29k-amd + os=udi + ;; + adobe68k) + basic_machine=m68010-adobe + os=scout + ;; + alliant) + basic_machine=fx80-alliant + os= + ;; + altos | altos3068) + basic_machine=m68k-altos + os= + ;; + am29k) + basic_machine=a29k-none + os=bsd + ;; + amdahl) + basic_machine=580-amdahl + os=sysv + ;; + amiga) + basic_machine=m68k-unknown + os= + ;; + amigaos | amigados) + basic_machine=m68k-unknown + os=amigaos + ;; + amigaunix | amix) + basic_machine=m68k-unknown + os=sysv4 + ;; + apollo68) + basic_machine=m68k-apollo + os=sysv + ;; + apollo68bsd) + basic_machine=m68k-apollo + os=bsd + ;; + aros) + basic_machine=i386-pc + os=aros + ;; + aux) + basic_machine=m68k-apple + os=aux + ;; + balance) + basic_machine=ns32k-sequent + os=dynix + ;; + blackfin) + basic_machine=bfin-unknown + os=linux + ;; + cegcc) + basic_machine=arm-unknown + os=cegcc + ;; + convex-c1) + basic_machine=c1-convex + os=bsd + ;; + convex-c2) + basic_machine=c2-convex + os=bsd + ;; + convex-c32) + basic_machine=c32-convex + os=bsd + ;; + convex-c34) + basic_machine=c34-convex + os=bsd + ;; + convex-c38) + basic_machine=c38-convex + os=bsd + ;; + cray) + basic_machine=j90-cray + os=unicos + ;; + crds | unos) + basic_machine=m68k-crds + os= + ;; + da30) + basic_machine=m68k-da30 + os= + ;; + decstation | pmax | pmin | dec3100 | decstatn) + basic_machine=mips-dec + os= + ;; + delta88) + basic_machine=m88k-motorola + os=sysv3 + ;; + dicos) + basic_machine=i686-pc + os=dicos + ;; + djgpp) + basic_machine=i586-pc + os=msdosdjgpp + ;; + ebmon29k) + basic_machine=a29k-amd + os=ebmon + ;; + es1800 | OSE68k | ose68k | ose | OSE) + basic_machine=m68k-ericsson + os=ose + ;; + gmicro) + basic_machine=tron-gmicro + os=sysv + ;; + go32) + basic_machine=i386-pc + os=go32 + ;; + h8300hms) + basic_machine=h8300-hitachi + os=hms + ;; + h8300xray) + basic_machine=h8300-hitachi + os=xray + ;; + h8500hms) + basic_machine=h8500-hitachi + os=hms + ;; + harris) + basic_machine=m88k-harris + os=sysv3 + ;; + hp300) + basic_machine=m68k-hp + ;; + hp300bsd) + basic_machine=m68k-hp + os=bsd + ;; + hp300hpux) + basic_machine=m68k-hp + os=hpux + ;; + hppaosf) + basic_machine=hppa1.1-hp + os=osf + ;; + hppro) + basic_machine=hppa1.1-hp + os=proelf + ;; + i386mach) + basic_machine=i386-mach + os=mach + ;; + vsta) + basic_machine=i386-pc + os=vsta + ;; + isi68 | isi) + basic_machine=m68k-isi + os=sysv + ;; + m68knommu) + basic_machine=m68k-unknown + os=linux + ;; + magnum | m3230) + basic_machine=mips-mips + os=sysv + ;; + merlin) + basic_machine=ns32k-utek + os=sysv + ;; + mingw64) + basic_machine=x86_64-pc + os=mingw64 + ;; + mingw32) + basic_machine=i686-pc + os=mingw32 + ;; + mingw32ce) + basic_machine=arm-unknown + os=mingw32ce + ;; + monitor) + basic_machine=m68k-rom68k + os=coff + ;; + morphos) + basic_machine=powerpc-unknown + os=morphos + ;; + moxiebox) + basic_machine=moxie-unknown + os=moxiebox + ;; + msdos) + basic_machine=i386-pc + os=msdos + ;; + msys) + basic_machine=i686-pc + os=msys + ;; + mvs) + basic_machine=i370-ibm + os=mvs + ;; + nacl) + basic_machine=le32-unknown + os=nacl + ;; + ncr3000) + basic_machine=i486-ncr + os=sysv4 + ;; + netbsd386) + basic_machine=i386-pc + os=netbsd + ;; + netwinder) + basic_machine=armv4l-rebel + os=linux + ;; + news | news700 | news800 | news900) + basic_machine=m68k-sony + os=newsos + ;; + news1000) + basic_machine=m68030-sony + os=newsos + ;; + necv70) + basic_machine=v70-nec + os=sysv + ;; + nh3000) + basic_machine=m68k-harris + os=cxux + ;; + nh[45]000) + basic_machine=m88k-harris + os=cxux + ;; + nindy960) + basic_machine=i960-intel + os=nindy + ;; + mon960) + basic_machine=i960-intel + os=mon960 + ;; + nonstopux) + basic_machine=mips-compaq + os=nonstopux + ;; + os400) + basic_machine=powerpc-ibm + os=os400 + ;; + OSE68000 | ose68000) + basic_machine=m68000-ericsson + os=ose + ;; + os68k) + basic_machine=m68k-none + os=os68k + ;; + paragon) + basic_machine=i860-intel + os=osf + ;; + parisc) + basic_machine=hppa-unknown + os=linux + ;; + pw32) + basic_machine=i586-unknown + os=pw32 + ;; + rdos | rdos64) + basic_machine=x86_64-pc + os=rdos + ;; + rdos32) + basic_machine=i386-pc + os=rdos + ;; + rom68k) + basic_machine=m68k-rom68k + os=coff + ;; + sa29200) + basic_machine=a29k-amd + os=udi + ;; + sei) + basic_machine=mips-sei + os=seiux + ;; + sequent) + basic_machine=i386-sequent + os= + ;; + sps7) + basic_machine=m68k-bull + os=sysv2 + ;; + st2000) + basic_machine=m68k-tandem + os= + ;; + stratus) + basic_machine=i860-stratus + os=sysv4 + ;; + sun2) + basic_machine=m68000-sun + os= + ;; + sun2os3) + basic_machine=m68000-sun + os=sunos3 + ;; + sun2os4) + basic_machine=m68000-sun + os=sunos4 + ;; + sun3) + basic_machine=m68k-sun + os= + ;; + sun3os3) + basic_machine=m68k-sun + os=sunos3 + ;; + sun3os4) + basic_machine=m68k-sun + os=sunos4 + ;; + sun4) + basic_machine=sparc-sun + os= + ;; + sun4os3) + basic_machine=sparc-sun + os=sunos3 + ;; + sun4os4) + basic_machine=sparc-sun + os=sunos4 + ;; + sun4sol2) + basic_machine=sparc-sun + os=solaris2 + ;; + sun386 | sun386i | roadrunner) + basic_machine=i386-sun + os= + ;; + sv1) + basic_machine=sv1-cray + os=unicos + ;; + symmetry) + basic_machine=i386-sequent + os=dynix + ;; + t3e) + basic_machine=alphaev5-cray + os=unicos + ;; + t90) + basic_machine=t90-cray + os=unicos + ;; + toad1) + basic_machine=pdp10-xkl + os=tops20 + ;; + tpf) + basic_machine=s390x-ibm + os=tpf + ;; + udi29k) + basic_machine=a29k-amd + os=udi + ;; + ultra3) + basic_machine=a29k-nyu + os=sym1 + ;; + v810 | necv810) + basic_machine=v810-nec + os=none + ;; + vaxv) + basic_machine=vax-dec + os=sysv + ;; + vms) + basic_machine=vax-dec + os=vms + ;; + vxworks960) + basic_machine=i960-wrs + os=vxworks + ;; + vxworks68) + basic_machine=m68k-wrs + os=vxworks + ;; + vxworks29k) + basic_machine=a29k-wrs + os=vxworks + ;; + xbox) + basic_machine=i686-pc + os=mingw32 + ;; + ymp) + basic_machine=ymp-cray + os=unicos + ;; + *) + basic_machine=$1 + os= + ;; + esac + ;; +esac + +# Decode 1-component or ad-hoc basic machines +case $basic_machine in + # Here we handle the default manufacturer of certain CPU types. It is in + # some cases the only manufacturer, in others, it is the most popular. + w89k) + cpu=hppa1.1 + vendor=winbond + ;; + op50n) + cpu=hppa1.1 + vendor=oki + ;; + op60c) + cpu=hppa1.1 + vendor=oki + ;; + ibm*) + cpu=i370 + vendor=ibm + ;; + orion105) + cpu=clipper + vendor=highlevel + ;; + mac | mpw | mac-mpw) + cpu=m68k + vendor=apple + ;; + pmac | pmac-mpw) + cpu=powerpc + vendor=apple + ;; + + # Recognize the various machine names and aliases which stand + # for a CPU type and a company and sometimes even an OS. + 3b1 | 7300 | 7300-att | att-7300 | pc7300 | safari | unixpc) + cpu=m68000 + vendor=att + ;; + 3b*) + cpu=we32k + vendor=att + ;; + bluegene*) + cpu=powerpc + vendor=ibm + os=cnk + ;; + decsystem10* | dec10*) + cpu=pdp10 + vendor=dec + os=tops10 + ;; + decsystem20* | dec20*) + cpu=pdp10 + vendor=dec + os=tops20 + ;; + delta | 3300 | motorola-3300 | motorola-delta \ + | 3300-motorola | delta-motorola) + cpu=m68k + vendor=motorola + ;; + dpx2*) + cpu=m68k + vendor=bull + os=sysv3 + ;; + encore | umax | mmax) + cpu=ns32k + vendor=encore + ;; + elxsi) + cpu=elxsi + vendor=elxsi + os=${os:-bsd} + ;; + fx2800) + cpu=i860 + vendor=alliant + ;; + genix) + cpu=ns32k + vendor=ns + ;; + h3050r* | hiux*) + cpu=hppa1.1 + vendor=hitachi + os=hiuxwe2 + ;; + hp3k9[0-9][0-9] | hp9[0-9][0-9]) + cpu=hppa1.0 + vendor=hp + ;; + hp9k2[0-9][0-9] | hp9k31[0-9]) + cpu=m68000 + vendor=hp + ;; + hp9k3[2-9][0-9]) + cpu=m68k + vendor=hp + ;; + hp9k6[0-9][0-9] | hp6[0-9][0-9]) + cpu=hppa1.0 + vendor=hp + ;; + hp9k7[0-79][0-9] | hp7[0-79][0-9]) + cpu=hppa1.1 + vendor=hp + ;; + hp9k78[0-9] | hp78[0-9]) + # FIXME: really hppa2.0-hp + cpu=hppa1.1 + vendor=hp + ;; + hp9k8[67]1 | hp8[67]1 | hp9k80[24] | hp80[24] | hp9k8[78]9 | hp8[78]9 | hp9k893 | hp893) + # FIXME: really hppa2.0-hp + cpu=hppa1.1 + vendor=hp + ;; + hp9k8[0-9][13679] | hp8[0-9][13679]) + cpu=hppa1.1 + vendor=hp + ;; + hp9k8[0-9][0-9] | hp8[0-9][0-9]) + cpu=hppa1.0 + vendor=hp + ;; + i*86v32) + cpu=`echo "$1" | sed -e 's/86.*/86/'` + vendor=pc + os=sysv32 + ;; + i*86v4*) + cpu=`echo "$1" | sed -e 's/86.*/86/'` + vendor=pc + os=sysv4 + ;; + i*86v) + cpu=`echo "$1" | sed -e 's/86.*/86/'` + vendor=pc + os=sysv + ;; + i*86sol2) + cpu=`echo "$1" | sed -e 's/86.*/86/'` + vendor=pc + os=solaris2 + ;; + j90 | j90-cray) + cpu=j90 + vendor=cray + os=${os:-unicos} + ;; + iris | iris4d) + cpu=mips + vendor=sgi + case $os in + irix*) + ;; + *) + os=irix4 + ;; + esac + ;; + miniframe) + cpu=m68000 + vendor=convergent + ;; + *mint | mint[0-9]* | *MiNT | *MiNT[0-9]*) + cpu=m68k + vendor=atari + os=mint + ;; + news-3600 | risc-news) + cpu=mips + vendor=sony + os=newsos + ;; + next | m*-next) + cpu=m68k + vendor=next + case $os in + openstep*) + ;; + nextstep*) + ;; + ns2*) + os=nextstep2 + ;; + *) + os=nextstep3 + ;; + esac + ;; + np1) + cpu=np1 + vendor=gould + ;; + op50n-* | op60c-*) + cpu=hppa1.1 + vendor=oki + os=proelf + ;; + pa-hitachi) + cpu=hppa1.1 + vendor=hitachi + os=hiuxwe2 + ;; + pbd) + cpu=sparc + vendor=tti + ;; + pbb) + cpu=m68k + vendor=tti + ;; + pc532) + cpu=ns32k + vendor=pc532 + ;; + pn) + cpu=pn + vendor=gould + ;; + power) + cpu=power + vendor=ibm + ;; + ps2) + cpu=i386 + vendor=ibm + ;; + rm[46]00) + cpu=mips + vendor=siemens + ;; + rtpc | rtpc-*) + cpu=romp + vendor=ibm + ;; + sde) + cpu=mipsisa32 + vendor=sde + os=${os:-elf} + ;; + simso-wrs) + cpu=sparclite + vendor=wrs + os=vxworks + ;; + tower | tower-32) + cpu=m68k + vendor=ncr + ;; + vpp*|vx|vx-*) + cpu=f301 + vendor=fujitsu + ;; + w65) + cpu=w65 + vendor=wdc + ;; + w89k-*) + cpu=hppa1.1 + vendor=winbond + os=proelf + ;; + none) + cpu=none + vendor=none + ;; + leon|leon[3-9]) + cpu=sparc + vendor=$basic_machine + ;; + leon-*|leon[3-9]-*) + cpu=sparc + vendor=`echo "$basic_machine" | sed 's/-.*//'` + ;; + + *-*) + # shellcheck disable=SC2162 + IFS="-" read cpu vendor <&2 + exit 1 + ;; + esac + ;; +esac + +# Here we canonicalize certain aliases for manufacturers. +case $vendor in + digital*) + vendor=dec + ;; + commodore*) + vendor=cbm + ;; + *) + ;; +esac + +# Decode manufacturer-specific aliases for certain operating systems. + +if [ x$os != x ] +then +case $os in + # First match some system type aliases that might get confused + # with valid system types. + # solaris* is a basic system type, with this one exception. + auroraux) + os=auroraux + ;; + bluegene*) + os=cnk + ;; + solaris1 | solaris1.*) + os=`echo $os | sed -e 's|solaris1|sunos4|'` + ;; + solaris) + os=solaris2 + ;; + unixware*) + os=sysv4.2uw + ;; + gnu/linux*) + os=`echo $os | sed -e 's|gnu/linux|linux-gnu|'` + ;; + # es1800 is here to avoid being matched by es* (a different OS) + es1800*) + os=ose + ;; + # Some version numbers need modification + chorusos*) + os=chorusos + ;; + isc) + os=isc2.2 + ;; + sco6) + os=sco5v6 + ;; + sco5) + os=sco3.2v5 + ;; + sco4) + os=sco3.2v4 + ;; + sco3.2.[4-9]*) + os=`echo $os | sed -e 's/sco3.2./sco3.2v/'` + ;; + sco3.2v[4-9]* | sco5v6*) + # Don't forget version if it is 3.2v4 or newer. + ;; + scout) + # Don't match below + ;; + sco*) + os=sco3.2v2 + ;; + psos*) + os=psos + ;; + # Now accept the basic system types. + # The portable systems comes first. + # Each alternative MUST end in a * to match a version number. + # sysv* is not here because it comes later, after sysvr4. + gnu* | bsd* | mach* | minix* | genix* | ultrix* | irix* \ + | *vms* | esix* | aix* | cnk* | sunos | sunos[34]*\ + | hpux* | unos* | osf* | luna* | dgux* | auroraux* | solaris* \ + | sym* | kopensolaris* | plan9* \ + | amigaos* | amigados* | msdos* | newsos* | unicos* | aof* \ + | aos* | aros* | cloudabi* | sortix* \ + | nindy* | vxsim* | vxworks* | ebmon* | hms* | mvs* \ + | clix* | riscos* | uniplus* | iris* | isc* | rtu* | xenix* \ + | knetbsd* | mirbsd* | netbsd* \ + | bitrig* | openbsd* | solidbsd* | libertybsd* \ + | ekkobsd* | kfreebsd* | freebsd* | riscix* | lynxos* \ + | bosx* | nextstep* | cxux* | aout* | elf* | oabi* \ + | ptx* | coff* | ecoff* | winnt* | domain* | vsta* \ + | udi* | eabi* | lites* | ieee* | go32* | aux* | hcos* \ + | chorusrdb* | cegcc* | glidix* \ + | cygwin* | msys* | pe* | moss* | proelf* | rtems* \ + | midipix* | mingw32* | mingw64* | linux-gnu* | linux-android* \ + | linux-newlib* | linux-musl* | linux-uclibc* \ + | uxpv* | beos* | mpeix* | udk* | moxiebox* \ + | interix* | uwin* | mks* | rhapsody* | darwin* \ + | openstep* | oskit* | conix* | pw32* | nonstopux* \ + | storm-chaos* | tops10* | tenex* | tops20* | its* \ + | os2* | vos* | palmos* | uclinux* | nucleus* \ + | morphos* | superux* | rtmk* | windiss* \ + | powermax* | dnix* | nx6 | nx7 | sei* | dragonfly* \ + | skyos* | haiku* | rdos* | toppers* | drops* | es* \ + | onefs* | tirtos* | phoenix* | fuchsia* | redox* | bme* \ + | midnightbsd* | amdhsa* | unleashed* | emscripten* | wasi*) + # Remember, each alternative MUST END IN *, to match a version number. + ;; + qnx*) + case $cpu in + x86 | i*86) + ;; + *) + os=nto-$os + ;; + esac + ;; + hiux*) + os=hiuxwe2 + ;; + nto-qnx*) + ;; + nto*) + os=`echo $os | sed -e 's|nto|nto-qnx|'` + ;; + sim | xray | os68k* | v88r* \ + | windows* | osx | abug | netware* | os9* \ + | macos* | mpw* | magic* | mmixware* | mon960* | lnews*) + ;; + linux-dietlibc) + os=linux-dietlibc + ;; + linux*) + os=`echo $os | sed -e 's|linux|linux-gnu|'` + ;; + lynx*178) + os=lynxos178 + ;; + lynx*5) + os=lynxos5 + ;; + lynx*) + os=lynxos + ;; + mac*) + os=`echo "$os" | sed -e 's|mac|macos|'` + ;; + opened*) + os=openedition + ;; + os400*) + os=os400 + ;; + sunos5*) + os=`echo "$os" | sed -e 's|sunos5|solaris2|'` + ;; + sunos6*) + os=`echo "$os" | sed -e 's|sunos6|solaris3|'` + ;; + wince*) + os=wince + ;; + utek*) + os=bsd + ;; + dynix*) + os=bsd + ;; + acis*) + os=aos + ;; + atheos*) + os=atheos + ;; + syllable*) + os=syllable + ;; + 386bsd) + os=bsd + ;; + ctix* | uts*) + os=sysv + ;; + nova*) + os=rtmk-nova + ;; + ns2) + os=nextstep2 + ;; + nsk*) + os=nsk + ;; + # Preserve the version number of sinix5. + sinix5.*) + os=`echo $os | sed -e 's|sinix|sysv|'` + ;; + sinix*) + os=sysv4 + ;; + tpf*) + os=tpf + ;; + triton*) + os=sysv3 + ;; + oss*) + os=sysv3 + ;; + svr4*) + os=sysv4 + ;; + svr3) + os=sysv3 + ;; + sysvr4) + os=sysv4 + ;; + # This must come after sysvr4. + sysv*) + ;; + ose*) + os=ose + ;; + *mint | mint[0-9]* | *MiNT | MiNT[0-9]*) + os=mint + ;; + zvmoe) + os=zvmoe + ;; + dicos*) + os=dicos + ;; + pikeos*) + # Until real need of OS specific support for + # particular features comes up, bare metal + # configurations are quite functional. + case $cpu in + arm*) + os=eabi + ;; + *) + os=elf + ;; + esac + ;; + nacl*) + ;; + ios) + ;; + none) + ;; + *-eabi) + ;; + *) + echo Invalid configuration \`"$1"\': system \`"$os"\' not recognized 1>&2 + exit 1 + ;; +esac +else + +# Here we handle the default operating systems that come with various machines. +# The value should be what the vendor currently ships out the door with their +# machine or put another way, the most popular os provided with the machine. + +# Note that if you're going to try to match "-MANUFACTURER" here (say, +# "-sun"), then you have to tell the case statement up towards the top +# that MANUFACTURER isn't an operating system. Otherwise, code above +# will signal an error saying that MANUFACTURER isn't an operating +# system, and we'll never get to this point. + +case $cpu-$vendor in + score-*) + os=elf + ;; + spu-*) + os=elf + ;; + *-acorn) + os=riscix1.2 + ;; + arm*-rebel) + os=linux + ;; + arm*-semi) + os=aout + ;; + c4x-* | tic4x-*) + os=coff + ;; + c8051-*) + os=elf + ;; + clipper-intergraph) + os=clix + ;; + hexagon-*) + os=elf + ;; + tic54x-*) + os=coff + ;; + tic55x-*) + os=coff + ;; + tic6x-*) + os=coff + ;; + # This must come before the *-dec entry. + pdp10-*) + os=tops20 + ;; + pdp11-*) + os=none + ;; + *-dec | vax-*) + os=ultrix4.2 + ;; + m68*-apollo) + os=domain + ;; + i386-sun) + os=sunos4.0.2 + ;; + m68000-sun) + os=sunos3 + ;; + m68*-cisco) + os=aout + ;; + mep-*) + os=elf + ;; + mips*-cisco) + os=elf + ;; + mips*-*) + os=elf + ;; + or32-*) + os=coff + ;; + *-tti) # must be before sparc entry or we get the wrong os. + os=sysv3 + ;; + sparc-* | *-sun) + os=sunos4.1.1 + ;; + pru-*) + os=elf + ;; + *-be) + os=beos + ;; + *-ibm) + os=aix + ;; + *-knuth) + os=mmixware + ;; + *-wec) + os=proelf + ;; + *-winbond) + os=proelf + ;; + *-oki) + os=proelf + ;; + *-hp) + os=hpux + ;; + *-hitachi) + os=hiux + ;; + i860-* | *-att | *-ncr | *-altos | *-motorola | *-convergent) + os=sysv + ;; + *-cbm) + os=amigaos + ;; + *-dg) + os=dgux + ;; + *-dolphin) + os=sysv3 + ;; + m68k-ccur) + os=rtu + ;; + m88k-omron*) + os=luna + ;; + *-next) + os=nextstep + ;; + *-sequent) + os=ptx + ;; + *-crds) + os=unos + ;; + *-ns) + os=genix + ;; + i370-*) + os=mvs + ;; + *-gould) + os=sysv + ;; + *-highlevel) + os=bsd + ;; + *-encore) + os=bsd + ;; + *-sgi) + os=irix + ;; + *-siemens) + os=sysv4 + ;; + *-masscomp) + os=rtu + ;; + f30[01]-fujitsu | f700-fujitsu) + os=uxpv + ;; + *-rom68k) + os=coff + ;; + *-*bug) + os=coff + ;; + *-apple) + os=macos + ;; + *-atari*) + os=mint + ;; + *-wrs) + os=vxworks + ;; + *) + os=none + ;; +esac +fi + +# Here we handle the case where we know the os, and the CPU type, but not the +# manufacturer. We pick the logical manufacturer. +case $vendor in + unknown) + case $os in + riscix*) + vendor=acorn + ;; + sunos*) + vendor=sun + ;; + cnk*|-aix*) + vendor=ibm + ;; + beos*) + vendor=be + ;; + hpux*) + vendor=hp + ;; + mpeix*) + vendor=hp + ;; + hiux*) + vendor=hitachi + ;; + unos*) + vendor=crds + ;; + dgux*) + vendor=dg + ;; + luna*) + vendor=omron + ;; + genix*) + vendor=ns + ;; + clix*) + vendor=intergraph + ;; + mvs* | opened*) + vendor=ibm + ;; + os400*) + vendor=ibm + ;; + ptx*) + vendor=sequent + ;; + tpf*) + vendor=ibm + ;; + vxsim* | vxworks* | windiss*) + vendor=wrs + ;; + aux*) + vendor=apple + ;; + hms*) + vendor=hitachi + ;; + mpw* | macos*) + vendor=apple + ;; + *mint | mint[0-9]* | *MiNT | MiNT[0-9]*) + vendor=atari + ;; + vos*) + vendor=stratus + ;; + esac + ;; +esac + +echo "$cpu-$vendor-$os" +exit + +# Local variables: +# eval: (add-hook 'before-save-hook 'time-stamp) +# time-stamp-start: "timestamp='" +# time-stamp-format: "%:y-%02m-%02d" +# time-stamp-end: "'" +# End: diff --git a/build-aux/depcomp b/build-aux/depcomp new file mode 100755 index 0000000..65cbf70 --- /dev/null +++ b/build-aux/depcomp @@ -0,0 +1,791 @@ +#! /bin/sh +# depcomp - compile a program generating dependencies as side-effects + +scriptversion=2018-03-07.03; # UTC + +# Copyright (C) 1999-2018 Free Software Foundation, Inc. + +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2, or (at your option) +# any later version. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +# As a special exception to the GNU General Public License, if you +# distribute this file as part of a program that contains a +# configuration script generated by Autoconf, you may include it under +# the same distribution terms that you use for the rest of that program. + +# Originally written by Alexandre Oliva . + +case $1 in + '') + echo "$0: No command. Try '$0 --help' for more information." 1>&2 + exit 1; + ;; + -h | --h*) + cat <<\EOF +Usage: depcomp [--help] [--version] PROGRAM [ARGS] + +Run PROGRAMS ARGS to compile a file, generating dependencies +as side-effects. + +Environment variables: + depmode Dependency tracking mode. + source Source file read by 'PROGRAMS ARGS'. + object Object file output by 'PROGRAMS ARGS'. + DEPDIR directory where to store dependencies. + depfile Dependency file to output. + tmpdepfile Temporary file to use when outputting dependencies. + libtool Whether libtool is used (yes/no). + +Report bugs to . +EOF + exit $? + ;; + -v | --v*) + echo "depcomp $scriptversion" + exit $? + ;; +esac + +# Get the directory component of the given path, and save it in the +# global variables '$dir'. Note that this directory component will +# be either empty or ending with a '/' character. This is deliberate. +set_dir_from () +{ + case $1 in + */*) dir=`echo "$1" | sed -e 's|/[^/]*$|/|'`;; + *) dir=;; + esac +} + +# Get the suffix-stripped basename of the given path, and save it the +# global variable '$base'. +set_base_from () +{ + base=`echo "$1" | sed -e 's|^.*/||' -e 's/\.[^.]*$//'` +} + +# If no dependency file was actually created by the compiler invocation, +# we still have to create a dummy depfile, to avoid errors with the +# Makefile "include basename.Plo" scheme. +make_dummy_depfile () +{ + echo "#dummy" > "$depfile" +} + +# Factor out some common post-processing of the generated depfile. +# Requires the auxiliary global variable '$tmpdepfile' to be set. +aix_post_process_depfile () +{ + # If the compiler actually managed to produce a dependency file, + # post-process it. + if test -f "$tmpdepfile"; then + # Each line is of the form 'foo.o: dependency.h'. + # Do two passes, one to just change these to + # $object: dependency.h + # and one to simply output + # dependency.h: + # which is needed to avoid the deleted-header problem. + { sed -e "s,^.*\.[$lower]*:,$object:," < "$tmpdepfile" + sed -e "s,^.*\.[$lower]*:[$tab ]*,," -e 's,$,:,' < "$tmpdepfile" + } > "$depfile" + rm -f "$tmpdepfile" + else + make_dummy_depfile + fi +} + +# A tabulation character. +tab=' ' +# A newline character. +nl=' +' +# Character ranges might be problematic outside the C locale. +# These definitions help. +upper=ABCDEFGHIJKLMNOPQRSTUVWXYZ +lower=abcdefghijklmnopqrstuvwxyz +digits=0123456789 +alpha=${upper}${lower} + +if test -z "$depmode" || test -z "$source" || test -z "$object"; then + echo "depcomp: Variables source, object and depmode must be set" 1>&2 + exit 1 +fi + +# Dependencies for sub/bar.o or sub/bar.obj go into sub/.deps/bar.Po. +depfile=${depfile-`echo "$object" | + sed 's|[^\\/]*$|'${DEPDIR-.deps}'/&|;s|\.\([^.]*\)$|.P\1|;s|Pobj$|Po|'`} +tmpdepfile=${tmpdepfile-`echo "$depfile" | sed 's/\.\([^.]*\)$/.T\1/'`} + +rm -f "$tmpdepfile" + +# Avoid interferences from the environment. +gccflag= dashmflag= + +# Some modes work just like other modes, but use different flags. We +# parameterize here, but still list the modes in the big case below, +# to make depend.m4 easier to write. Note that we *cannot* use a case +# here, because this file can only contain one case statement. +if test "$depmode" = hp; then + # HP compiler uses -M and no extra arg. + gccflag=-M + depmode=gcc +fi + +if test "$depmode" = dashXmstdout; then + # This is just like dashmstdout with a different argument. + dashmflag=-xM + depmode=dashmstdout +fi + +cygpath_u="cygpath -u -f -" +if test "$depmode" = msvcmsys; then + # This is just like msvisualcpp but w/o cygpath translation. + # Just convert the backslash-escaped backslashes to single forward + # slashes to satisfy depend.m4 + cygpath_u='sed s,\\\\,/,g' + depmode=msvisualcpp +fi + +if test "$depmode" = msvc7msys; then + # This is just like msvc7 but w/o cygpath translation. + # Just convert the backslash-escaped backslashes to single forward + # slashes to satisfy depend.m4 + cygpath_u='sed s,\\\\,/,g' + depmode=msvc7 +fi + +if test "$depmode" = xlc; then + # IBM C/C++ Compilers xlc/xlC can output gcc-like dependency information. + gccflag=-qmakedep=gcc,-MF + depmode=gcc +fi + +case "$depmode" in +gcc3) +## gcc 3 implements dependency tracking that does exactly what +## we want. Yay! Note: for some reason libtool 1.4 doesn't like +## it if -MD -MP comes after the -MF stuff. Hmm. +## Unfortunately, FreeBSD c89 acceptance of flags depends upon +## the command line argument order; so add the flags where they +## appear in depend2.am. Note that the slowdown incurred here +## affects only configure: in makefiles, %FASTDEP% shortcuts this. + for arg + do + case $arg in + -c) set fnord "$@" -MT "$object" -MD -MP -MF "$tmpdepfile" "$arg" ;; + *) set fnord "$@" "$arg" ;; + esac + shift # fnord + shift # $arg + done + "$@" + stat=$? + if test $stat -ne 0; then + rm -f "$tmpdepfile" + exit $stat + fi + mv "$tmpdepfile" "$depfile" + ;; + +gcc) +## Note that this doesn't just cater to obsosete pre-3.x GCC compilers. +## but also to in-use compilers like IMB xlc/xlC and the HP C compiler. +## (see the conditional assignment to $gccflag above). +## There are various ways to get dependency output from gcc. Here's +## why we pick this rather obscure method: +## - Don't want to use -MD because we'd like the dependencies to end +## up in a subdir. Having to rename by hand is ugly. +## (We might end up doing this anyway to support other compilers.) +## - The DEPENDENCIES_OUTPUT environment variable makes gcc act like +## -MM, not -M (despite what the docs say). Also, it might not be +## supported by the other compilers which use the 'gcc' depmode. +## - Using -M directly means running the compiler twice (even worse +## than renaming). + if test -z "$gccflag"; then + gccflag=-MD, + fi + "$@" -Wp,"$gccflag$tmpdepfile" + stat=$? + if test $stat -ne 0; then + rm -f "$tmpdepfile" + exit $stat + fi + rm -f "$depfile" + echo "$object : \\" > "$depfile" + # The second -e expression handles DOS-style file names with drive + # letters. + sed -e 's/^[^:]*: / /' \ + -e 's/^['$alpha']:\/[^:]*: / /' < "$tmpdepfile" >> "$depfile" +## This next piece of magic avoids the "deleted header file" problem. +## The problem is that when a header file which appears in a .P file +## is deleted, the dependency causes make to die (because there is +## typically no way to rebuild the header). We avoid this by adding +## dummy dependencies for each header file. Too bad gcc doesn't do +## this for us directly. +## Some versions of gcc put a space before the ':'. On the theory +## that the space means something, we add a space to the output as +## well. hp depmode also adds that space, but also prefixes the VPATH +## to the object. Take care to not repeat it in the output. +## Some versions of the HPUX 10.20 sed can't process this invocation +## correctly. Breaking it into two sed invocations is a workaround. + tr ' ' "$nl" < "$tmpdepfile" \ + | sed -e 's/^\\$//' -e '/^$/d' -e "s|.*$object$||" -e '/:$/d' \ + | sed -e 's/$/ :/' >> "$depfile" + rm -f "$tmpdepfile" + ;; + +hp) + # This case exists only to let depend.m4 do its work. It works by + # looking at the text of this script. This case will never be run, + # since it is checked for above. + exit 1 + ;; + +sgi) + if test "$libtool" = yes; then + "$@" "-Wp,-MDupdate,$tmpdepfile" + else + "$@" -MDupdate "$tmpdepfile" + fi + stat=$? + if test $stat -ne 0; then + rm -f "$tmpdepfile" + exit $stat + fi + rm -f "$depfile" + + if test -f "$tmpdepfile"; then # yes, the sourcefile depend on other files + echo "$object : \\" > "$depfile" + # Clip off the initial element (the dependent). Don't try to be + # clever and replace this with sed code, as IRIX sed won't handle + # lines with more than a fixed number of characters (4096 in + # IRIX 6.2 sed, 8192 in IRIX 6.5). We also remove comment lines; + # the IRIX cc adds comments like '#:fec' to the end of the + # dependency line. + tr ' ' "$nl" < "$tmpdepfile" \ + | sed -e 's/^.*\.o://' -e 's/#.*$//' -e '/^$/ d' \ + | tr "$nl" ' ' >> "$depfile" + echo >> "$depfile" + # The second pass generates a dummy entry for each header file. + tr ' ' "$nl" < "$tmpdepfile" \ + | sed -e 's/^.*\.o://' -e 's/#.*$//' -e '/^$/ d' -e 's/$/:/' \ + >> "$depfile" + else + make_dummy_depfile + fi + rm -f "$tmpdepfile" + ;; + +xlc) + # This case exists only to let depend.m4 do its work. It works by + # looking at the text of this script. This case will never be run, + # since it is checked for above. + exit 1 + ;; + +aix) + # The C for AIX Compiler uses -M and outputs the dependencies + # in a .u file. In older versions, this file always lives in the + # current directory. Also, the AIX compiler puts '$object:' at the + # start of each line; $object doesn't have directory information. + # Version 6 uses the directory in both cases. + set_dir_from "$object" + set_base_from "$object" + if test "$libtool" = yes; then + tmpdepfile1=$dir$base.u + tmpdepfile2=$base.u + tmpdepfile3=$dir.libs/$base.u + "$@" -Wc,-M + else + tmpdepfile1=$dir$base.u + tmpdepfile2=$dir$base.u + tmpdepfile3=$dir$base.u + "$@" -M + fi + stat=$? + if test $stat -ne 0; then + rm -f "$tmpdepfile1" "$tmpdepfile2" "$tmpdepfile3" + exit $stat + fi + + for tmpdepfile in "$tmpdepfile1" "$tmpdepfile2" "$tmpdepfile3" + do + test -f "$tmpdepfile" && break + done + aix_post_process_depfile + ;; + +tcc) + # tcc (Tiny C Compiler) understand '-MD -MF file' since version 0.9.26 + # FIXME: That version still under development at the moment of writing. + # Make that this statement remains true also for stable, released + # versions. + # It will wrap lines (doesn't matter whether long or short) with a + # trailing '\', as in: + # + # foo.o : \ + # foo.c \ + # foo.h \ + # + # It will put a trailing '\' even on the last line, and will use leading + # spaces rather than leading tabs (at least since its commit 0394caf7 + # "Emit spaces for -MD"). + "$@" -MD -MF "$tmpdepfile" + stat=$? + if test $stat -ne 0; then + rm -f "$tmpdepfile" + exit $stat + fi + rm -f "$depfile" + # Each non-empty line is of the form 'foo.o : \' or ' dep.h \'. + # We have to change lines of the first kind to '$object: \'. + sed -e "s|.*:|$object :|" < "$tmpdepfile" > "$depfile" + # And for each line of the second kind, we have to emit a 'dep.h:' + # dummy dependency, to avoid the deleted-header problem. + sed -n -e 's|^ *\(.*\) *\\$|\1:|p' < "$tmpdepfile" >> "$depfile" + rm -f "$tmpdepfile" + ;; + +## The order of this option in the case statement is important, since the +## shell code in configure will try each of these formats in the order +## listed in this file. A plain '-MD' option would be understood by many +## compilers, so we must ensure this comes after the gcc and icc options. +pgcc) + # Portland's C compiler understands '-MD'. + # Will always output deps to 'file.d' where file is the root name of the + # source file under compilation, even if file resides in a subdirectory. + # The object file name does not affect the name of the '.d' file. + # pgcc 10.2 will output + # foo.o: sub/foo.c sub/foo.h + # and will wrap long lines using '\' : + # foo.o: sub/foo.c ... \ + # sub/foo.h ... \ + # ... + set_dir_from "$object" + # Use the source, not the object, to determine the base name, since + # that's sadly what pgcc will do too. + set_base_from "$source" + tmpdepfile=$base.d + + # For projects that build the same source file twice into different object + # files, the pgcc approach of using the *source* file root name can cause + # problems in parallel builds. Use a locking strategy to avoid stomping on + # the same $tmpdepfile. + lockdir=$base.d-lock + trap " + echo '$0: caught signal, cleaning up...' >&2 + rmdir '$lockdir' + exit 1 + " 1 2 13 15 + numtries=100 + i=$numtries + while test $i -gt 0; do + # mkdir is a portable test-and-set. + if mkdir "$lockdir" 2>/dev/null; then + # This process acquired the lock. + "$@" -MD + stat=$? + # Release the lock. + rmdir "$lockdir" + break + else + # If the lock is being held by a different process, wait + # until the winning process is done or we timeout. + while test -d "$lockdir" && test $i -gt 0; do + sleep 1 + i=`expr $i - 1` + done + fi + i=`expr $i - 1` + done + trap - 1 2 13 15 + if test $i -le 0; then + echo "$0: failed to acquire lock after $numtries attempts" >&2 + echo "$0: check lockdir '$lockdir'" >&2 + exit 1 + fi + + if test $stat -ne 0; then + rm -f "$tmpdepfile" + exit $stat + fi + rm -f "$depfile" + # Each line is of the form `foo.o: dependent.h', + # or `foo.o: dep1.h dep2.h \', or ` dep3.h dep4.h \'. + # Do two passes, one to just change these to + # `$object: dependent.h' and one to simply `dependent.h:'. + sed "s,^[^:]*:,$object :," < "$tmpdepfile" > "$depfile" + # Some versions of the HPUX 10.20 sed can't process this invocation + # correctly. Breaking it into two sed invocations is a workaround. + sed 's,^[^:]*: \(.*\)$,\1,;s/^\\$//;/^$/d;/:$/d' < "$tmpdepfile" \ + | sed -e 's/$/ :/' >> "$depfile" + rm -f "$tmpdepfile" + ;; + +hp2) + # The "hp" stanza above does not work with aCC (C++) and HP's ia64 + # compilers, which have integrated preprocessors. The correct option + # to use with these is +Maked; it writes dependencies to a file named + # 'foo.d', which lands next to the object file, wherever that + # happens to be. + # Much of this is similar to the tru64 case; see comments there. + set_dir_from "$object" + set_base_from "$object" + if test "$libtool" = yes; then + tmpdepfile1=$dir$base.d + tmpdepfile2=$dir.libs/$base.d + "$@" -Wc,+Maked + else + tmpdepfile1=$dir$base.d + tmpdepfile2=$dir$base.d + "$@" +Maked + fi + stat=$? + if test $stat -ne 0; then + rm -f "$tmpdepfile1" "$tmpdepfile2" + exit $stat + fi + + for tmpdepfile in "$tmpdepfile1" "$tmpdepfile2" + do + test -f "$tmpdepfile" && break + done + if test -f "$tmpdepfile"; then + sed -e "s,^.*\.[$lower]*:,$object:," "$tmpdepfile" > "$depfile" + # Add 'dependent.h:' lines. + sed -ne '2,${ + s/^ *// + s/ \\*$// + s/$/:/ + p + }' "$tmpdepfile" >> "$depfile" + else + make_dummy_depfile + fi + rm -f "$tmpdepfile" "$tmpdepfile2" + ;; + +tru64) + # The Tru64 compiler uses -MD to generate dependencies as a side + # effect. 'cc -MD -o foo.o ...' puts the dependencies into 'foo.o.d'. + # At least on Alpha/Redhat 6.1, Compaq CCC V6.2-504 seems to put + # dependencies in 'foo.d' instead, so we check for that too. + # Subdirectories are respected. + set_dir_from "$object" + set_base_from "$object" + + if test "$libtool" = yes; then + # Libtool generates 2 separate objects for the 2 libraries. These + # two compilations output dependencies in $dir.libs/$base.o.d and + # in $dir$base.o.d. We have to check for both files, because + # one of the two compilations can be disabled. We should prefer + # $dir$base.o.d over $dir.libs/$base.o.d because the latter is + # automatically cleaned when .libs/ is deleted, while ignoring + # the former would cause a distcleancheck panic. + tmpdepfile1=$dir$base.o.d # libtool 1.5 + tmpdepfile2=$dir.libs/$base.o.d # Likewise. + tmpdepfile3=$dir.libs/$base.d # Compaq CCC V6.2-504 + "$@" -Wc,-MD + else + tmpdepfile1=$dir$base.d + tmpdepfile2=$dir$base.d + tmpdepfile3=$dir$base.d + "$@" -MD + fi + + stat=$? + if test $stat -ne 0; then + rm -f "$tmpdepfile1" "$tmpdepfile2" "$tmpdepfile3" + exit $stat + fi + + for tmpdepfile in "$tmpdepfile1" "$tmpdepfile2" "$tmpdepfile3" + do + test -f "$tmpdepfile" && break + done + # Same post-processing that is required for AIX mode. + aix_post_process_depfile + ;; + +msvc7) + if test "$libtool" = yes; then + showIncludes=-Wc,-showIncludes + else + showIncludes=-showIncludes + fi + "$@" $showIncludes > "$tmpdepfile" + stat=$? + grep -v '^Note: including file: ' "$tmpdepfile" + if test $stat -ne 0; then + rm -f "$tmpdepfile" + exit $stat + fi + rm -f "$depfile" + echo "$object : \\" > "$depfile" + # The first sed program below extracts the file names and escapes + # backslashes for cygpath. The second sed program outputs the file + # name when reading, but also accumulates all include files in the + # hold buffer in order to output them again at the end. This only + # works with sed implementations that can handle large buffers. + sed < "$tmpdepfile" -n ' +/^Note: including file: *\(.*\)/ { + s//\1/ + s/\\/\\\\/g + p +}' | $cygpath_u | sort -u | sed -n ' +s/ /\\ /g +s/\(.*\)/'"$tab"'\1 \\/p +s/.\(.*\) \\/\1:/ +H +$ { + s/.*/'"$tab"'/ + G + p +}' >> "$depfile" + echo >> "$depfile" # make sure the fragment doesn't end with a backslash + rm -f "$tmpdepfile" + ;; + +msvc7msys) + # This case exists only to let depend.m4 do its work. It works by + # looking at the text of this script. This case will never be run, + # since it is checked for above. + exit 1 + ;; + +#nosideeffect) + # This comment above is used by automake to tell side-effect + # dependency tracking mechanisms from slower ones. + +dashmstdout) + # Important note: in order to support this mode, a compiler *must* + # always write the preprocessed file to stdout, regardless of -o. + "$@" || exit $? + + # Remove the call to Libtool. + if test "$libtool" = yes; then + while test "X$1" != 'X--mode=compile'; do + shift + done + shift + fi + + # Remove '-o $object'. + IFS=" " + for arg + do + case $arg in + -o) + shift + ;; + $object) + shift + ;; + *) + set fnord "$@" "$arg" + shift # fnord + shift # $arg + ;; + esac + done + + test -z "$dashmflag" && dashmflag=-M + # Require at least two characters before searching for ':' + # in the target name. This is to cope with DOS-style filenames: + # a dependency such as 'c:/foo/bar' could be seen as target 'c' otherwise. + "$@" $dashmflag | + sed "s|^[$tab ]*[^:$tab ][^:][^:]*:[$tab ]*|$object: |" > "$tmpdepfile" + rm -f "$depfile" + cat < "$tmpdepfile" > "$depfile" + # Some versions of the HPUX 10.20 sed can't process this sed invocation + # correctly. Breaking it into two sed invocations is a workaround. + tr ' ' "$nl" < "$tmpdepfile" \ + | sed -e 's/^\\$//' -e '/^$/d' -e '/:$/d' \ + | sed -e 's/$/ :/' >> "$depfile" + rm -f "$tmpdepfile" + ;; + +dashXmstdout) + # This case only exists to satisfy depend.m4. It is never actually + # run, as this mode is specially recognized in the preamble. + exit 1 + ;; + +makedepend) + "$@" || exit $? + # Remove any Libtool call + if test "$libtool" = yes; then + while test "X$1" != 'X--mode=compile'; do + shift + done + shift + fi + # X makedepend + shift + cleared=no eat=no + for arg + do + case $cleared in + no) + set ""; shift + cleared=yes ;; + esac + if test $eat = yes; then + eat=no + continue + fi + case "$arg" in + -D*|-I*) + set fnord "$@" "$arg"; shift ;; + # Strip any option that makedepend may not understand. Remove + # the object too, otherwise makedepend will parse it as a source file. + -arch) + eat=yes ;; + -*|$object) + ;; + *) + set fnord "$@" "$arg"; shift ;; + esac + done + obj_suffix=`echo "$object" | sed 's/^.*\././'` + touch "$tmpdepfile" + ${MAKEDEPEND-makedepend} -o"$obj_suffix" -f"$tmpdepfile" "$@" + rm -f "$depfile" + # makedepend may prepend the VPATH from the source file name to the object. + # No need to regex-escape $object, excess matching of '.' is harmless. + sed "s|^.*\($object *:\)|\1|" "$tmpdepfile" > "$depfile" + # Some versions of the HPUX 10.20 sed can't process the last invocation + # correctly. Breaking it into two sed invocations is a workaround. + sed '1,2d' "$tmpdepfile" \ + | tr ' ' "$nl" \ + | sed -e 's/^\\$//' -e '/^$/d' -e '/:$/d' \ + | sed -e 's/$/ :/' >> "$depfile" + rm -f "$tmpdepfile" "$tmpdepfile".bak + ;; + +cpp) + # Important note: in order to support this mode, a compiler *must* + # always write the preprocessed file to stdout. + "$@" || exit $? + + # Remove the call to Libtool. + if test "$libtool" = yes; then + while test "X$1" != 'X--mode=compile'; do + shift + done + shift + fi + + # Remove '-o $object'. + IFS=" " + for arg + do + case $arg in + -o) + shift + ;; + $object) + shift + ;; + *) + set fnord "$@" "$arg" + shift # fnord + shift # $arg + ;; + esac + done + + "$@" -E \ + | sed -n -e '/^# [0-9][0-9]* "\([^"]*\)".*/ s:: \1 \\:p' \ + -e '/^#line [0-9][0-9]* "\([^"]*\)".*/ s:: \1 \\:p' \ + | sed '$ s: \\$::' > "$tmpdepfile" + rm -f "$depfile" + echo "$object : \\" > "$depfile" + cat < "$tmpdepfile" >> "$depfile" + sed < "$tmpdepfile" '/^$/d;s/^ //;s/ \\$//;s/$/ :/' >> "$depfile" + rm -f "$tmpdepfile" + ;; + +msvisualcpp) + # Important note: in order to support this mode, a compiler *must* + # always write the preprocessed file to stdout. + "$@" || exit $? + + # Remove the call to Libtool. + if test "$libtool" = yes; then + while test "X$1" != 'X--mode=compile'; do + shift + done + shift + fi + + IFS=" " + for arg + do + case "$arg" in + -o) + shift + ;; + $object) + shift + ;; + "-Gm"|"/Gm"|"-Gi"|"/Gi"|"-ZI"|"/ZI") + set fnord "$@" + shift + shift + ;; + *) + set fnord "$@" "$arg" + shift + shift + ;; + esac + done + "$@" -E 2>/dev/null | + sed -n '/^#line [0-9][0-9]* "\([^"]*\)"/ s::\1:p' | $cygpath_u | sort -u > "$tmpdepfile" + rm -f "$depfile" + echo "$object : \\" > "$depfile" + sed < "$tmpdepfile" -n -e 's% %\\ %g' -e '/^\(.*\)$/ s::'"$tab"'\1 \\:p' >> "$depfile" + echo "$tab" >> "$depfile" + sed < "$tmpdepfile" -n -e 's% %\\ %g' -e '/^\(.*\)$/ s::\1\::p' >> "$depfile" + rm -f "$tmpdepfile" + ;; + +msvcmsys) + # This case exists only to let depend.m4 do its work. It works by + # looking at the text of this script. This case will never be run, + # since it is checked for above. + exit 1 + ;; + +none) + exec "$@" + ;; + +*) + echo "Unknown depmode $depmode" 1>&2 + exit 1 + ;; +esac + +exit 0 + +# Local Variables: +# mode: shell-script +# sh-indentation: 2 +# eval: (add-hook 'before-save-hook 'time-stamp) +# time-stamp-start: "scriptversion=" +# time-stamp-format: "%:y-%02m-%02d.%02H" +# time-stamp-time-zone: "UTC0" +# time-stamp-end: "; # UTC" +# End: diff --git a/build-aux/gendocs.sh b/build-aux/gendocs.sh new file mode 100755 index 0000000..fd6a4b8 --- /dev/null +++ b/build-aux/gendocs.sh @@ -0,0 +1,510 @@ +#!/bin/sh -e +# gendocs.sh -- generate a GNU manual in many formats. This script is +# mentioned in maintain.texi. See the help message below for usage details. + +scriptversion=2019-01-01.00 + +# Copyright 2003-2019 Free Software Foundation, Inc. +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . +# +# Original author: Mohit Agarwal. +# Send bug reports and any other correspondence to bug-gnulib@gnu.org. +# +# The latest version of this script, and the companion template, is +# available from the Gnulib repository: +# +# https://git.savannah.gnu.org/cgit/gnulib.git/tree/build-aux/gendocs.sh +# https://git.savannah.gnu.org/cgit/gnulib.git/tree/doc/gendocs_template + +# TODO: +# - image importing was only implemented for HTML generated by +# makeinfo. But it should be simple enough to adjust. +# - images are not imported in the source tarball. All the needed +# formats (PDF, PNG, etc.) should be included. + +prog=`basename "$0"` +srcdir=`pwd` + +scripturl="https://git.savannah.gnu.org/cgit/gnulib.git/plain/build-aux/gendocs.sh" +templateurl="https://git.savannah.gnu.org/cgit/gnulib.git/plain/doc/gendocs_template" + +: ${SETLANG="env LANG= LC_MESSAGES= LC_ALL= LANGUAGE="} +: ${MAKEINFO="makeinfo"} +: ${TEXI2DVI="texi2dvi"} +: ${DOCBOOK2HTML="docbook2html"} +: ${DOCBOOK2PDF="docbook2pdf"} +: ${DOCBOOK2TXT="docbook2txt"} +: ${GENDOCS_TEMPLATE_DIR="."} +: ${PERL='perl'} +: ${TEXI2HTML="texi2html"} +unset CDPATH +unset use_texi2html + +MANUAL_TITLE= +PACKAGE= +EMAIL=webmasters@gnu.org # please override with --email +commonarg= # passed to all makeinfo/texi2html invcations. +dirargs= # passed to all tools (-I dir). +dirs= # -I directories. +htmlarg="--css-ref=/software/gnulib/manual.css -c TOP_NODE_UP_URL=/manual" +default_htmlarg=true +infoarg=--no-split +generate_ascii=true +generate_html=true +generate_info=true +generate_tex=true +outdir=manual +source_extra= +split=node +srcfile= +texarg="-t @finalout" + +version="gendocs.sh $scriptversion + +Copyright 2019 Free Software Foundation, Inc. +There is NO warranty. You may redistribute this software +under the terms of the GNU General Public License. +For more information about these matters, see the files named COPYING." + +usage="Usage: $prog [OPTION]... PACKAGE MANUAL-TITLE + +Generate output in various formats from PACKAGE.texinfo (or .texi or +.txi) source. See the GNU Maintainers document for a more extensive +discussion: + https://www.gnu.org/prep/maintain_toc.html + +Options: + --email ADR use ADR as contact in generated web pages; always give this. + + -s SRCFILE read Texinfo from SRCFILE, instead of PACKAGE.{texinfo|texi|txi} + -o OUTDIR write files into OUTDIR, instead of manual/. + -I DIR append DIR to the Texinfo search path. + --common ARG pass ARG in all invocations. + --html ARG pass ARG to makeinfo or texi2html for HTML targets, + instead of '$htmlarg'. + --info ARG pass ARG to makeinfo for Info, instead of --no-split. + --no-ascii skip generating the plain text output. + --no-html skip generating the html output. + --no-info skip generating the info output. + --no-tex skip generating the dvi and pdf output. + --source ARG include ARG in tar archive of sources. + --split HOW make split HTML by node, section, chapter; default node. + --tex ARG pass ARG to texi2dvi for DVI and PDF, instead of -t @finalout. + + --texi2html use texi2html to make HTML target, with all split versions. + --docbook convert through DocBook too (xml, txt, html, pdf). + + --help display this help and exit successfully. + --version display version information and exit successfully. + +Simple example: $prog --email bug-gnu-emacs@gnu.org emacs \"GNU Emacs Manual\" + +Typical sequence: + cd PACKAGESOURCE/doc + wget \"$scripturl\" + wget \"$templateurl\" + $prog --email BUGLIST MANUAL \"GNU MANUAL - One-line description\" + +Output will be in a new subdirectory \"manual\" (by default; +use -o OUTDIR to override). Move all the new files into your web CVS +tree, as explained in the Web Pages node of maintain.texi. + +Please use the --email ADDRESS option so your own bug-reporting +address will be used in the generated HTML pages. + +MANUAL-TITLE is included as part of the HTML of the overall +manual/index.html file. It should include the name of the package being +documented. manual/index.html is created by substitution from the file +$GENDOCS_TEMPLATE_DIR/gendocs_template. (Feel free to modify the +generic template for your own purposes.) + +If you have several manuals, you'll need to run this script several +times with different MANUAL values, specifying a different output +directory with -o each time. Then write (by hand) an overall index.html +with links to them all. + +If a manual's Texinfo sources are spread across several directories, +first copy or symlink all Texinfo sources into a single directory. +(Part of the script's work is to make a tar.gz of the sources.) + +As implied above, by default monolithic Info files are generated. +If you want split Info, or other Info options, use --info to override. + +You can set the environment variables MAKEINFO, TEXI2DVI, TEXI2HTML, +and PERL to control the programs that get executed, and +GENDOCS_TEMPLATE_DIR to control where the gendocs_template file is +looked for. With --docbook, the environment variables DOCBOOK2HTML, +DOCBOOK2PDF, and DOCBOOK2TXT are also consulted. + +By default, makeinfo and texi2dvi are run in the default (English) +locale, since that's the language of most Texinfo manuals. If you +happen to have a non-English manual and non-English web site, see the +SETLANG setting in the source. + +Email bug reports or enhancement requests to bug-gnulib@gnu.org. +" + +while test $# -gt 0; do + case $1 in + -s) shift; srcfile=$1;; + -o) shift; outdir=$1;; + -I) shift; dirargs="$dirargs -I '$1'"; dirs="$dirs $1";; + --common) shift; commonarg=$1;; + --docbook) docbook=yes;; + --email) shift; EMAIL=$1;; + --html) shift; default_htmlarg=false; htmlarg=$1;; + --info) shift; infoarg=$1;; + --no-ascii) generate_ascii=false;; + --no-html) generate_ascii=false;; + --no-info) generate_info=false;; + --no-tex) generate_tex=false;; + --source) shift; source_extra=$1;; + --split) shift; split=$1;; + --tex) shift; texarg=$1;; + --texi2html) use_texi2html=1;; + + --help) echo "$usage"; exit 0;; + --version) echo "$version"; exit 0;; + -*) + echo "$0: Unknown option \`$1'." >&2 + echo "$0: Try \`--help' for more information." >&2 + exit 1;; + *) + if test -z "$PACKAGE"; then + PACKAGE=$1 + elif test -z "$MANUAL_TITLE"; then + MANUAL_TITLE=$1 + else + echo "$0: extra non-option argument \`$1'." >&2 + exit 1 + fi;; + esac + shift +done + +# makeinfo uses the dirargs, but texi2dvi doesn't. +commonarg=" $dirargs $commonarg" + +# For most of the following, the base name is just $PACKAGE +base=$PACKAGE + +if $default_htmlarg && test -n "$use_texi2html"; then + # The legacy texi2html doesn't support TOP_NODE_UP_URL + htmlarg="--css-ref=/software/gnulib/manual.css" +fi + +if test -n "$srcfile"; then + # but here, we use the basename of $srcfile + base=`basename "$srcfile"` + case $base in + *.txi|*.texi|*.texinfo) base=`echo "$base"|sed 's/\.[texinfo]*$//'`;; + esac + PACKAGE=$base +elif test -s "$srcdir/$PACKAGE.texinfo"; then + srcfile=$srcdir/$PACKAGE.texinfo +elif test -s "$srcdir/$PACKAGE.texi"; then + srcfile=$srcdir/$PACKAGE.texi +elif test -s "$srcdir/$PACKAGE.txi"; then + srcfile=$srcdir/$PACKAGE.txi +else + echo "$0: cannot find .texinfo or .texi or .txi for $PACKAGE in $srcdir." >&2 + exit 1 +fi + +if test ! -r $GENDOCS_TEMPLATE_DIR/gendocs_template; then + echo "$0: cannot read $GENDOCS_TEMPLATE_DIR/gendocs_template." >&2 + echo "$0: it is available from $templateurl." >&2 + exit 1 +fi + +# Function to return size of $1 in something resembling kilobytes. +calcsize() +{ + size=`ls -ksl $1 | awk '{print $1}'` + echo $size +} + +# copy_images OUTDIR HTML-FILE... +# ------------------------------- +# Copy all the images needed by the HTML-FILEs into OUTDIR. +# Look for them in . and the -I directories; this is simpler than what +# makeinfo supports with -I, but hopefully it will suffice. +copy_images() +{ + local odir + odir=$1 + shift + $PERL -n -e " +BEGIN { + \$me = '$prog'; + \$odir = '$odir'; + @dirs = qw(. $dirs); +} +" -e ' +/<img src="(.*?)"/g && ++$need{$1}; + +END { + #print "$me: @{[keys %need]}\n"; # for debugging, show images found. + FILE: for my $f (keys %need) { + for my $d (@dirs) { + if (-f "$d/$f") { + use File::Basename; + my $dest = dirname ("$odir/$f"); + # + use File::Path; + -d $dest || mkpath ($dest) + || die "$me: cannot mkdir $dest: $!\n"; + # + use File::Copy; + copy ("$d/$f", $dest) + || die "$me: cannot copy $d/$f to $dest: $!\n"; + next FILE; + } + } + die "$me: $ARGV: cannot find image $f\n"; + } +} +' -- "$@" || exit 1 +} + +case $outdir in + /*) abs_outdir=$outdir;; + *) abs_outdir=$srcdir/$outdir;; +esac + +echo "Making output for $srcfile" +echo " in `pwd`" +mkdir -p "$outdir/" + +# +if $generate_info; then + cmd="$SETLANG $MAKEINFO -o $PACKAGE.info $commonarg $infoarg \"$srcfile\"" + echo "Generating info... ($cmd)" + rm -f $PACKAGE.info* # get rid of any strays + eval "$cmd" + tar czf "$outdir/$PACKAGE.info.tar.gz" $PACKAGE.info* + ls -l "$outdir/$PACKAGE.info.tar.gz" + info_tgz_size=`calcsize "$outdir/$PACKAGE.info.tar.gz"` + # do not mv the info files, there's no point in having them available + # separately on the web. +fi # end info + +# +if $generate_tex; then + cmd="$SETLANG $TEXI2DVI $dirargs $texarg \"$srcfile\"" + printf "\nGenerating dvi... ($cmd)\n" + eval "$cmd" + # compress/finish dvi: + gzip -f -9 $PACKAGE.dvi + dvi_gz_size=`calcsize $PACKAGE.dvi.gz` + mv $PACKAGE.dvi.gz "$outdir/" + ls -l "$outdir/$PACKAGE.dvi.gz" + + cmd="$SETLANG $TEXI2DVI --pdf $dirargs $texarg \"$srcfile\"" + printf "\nGenerating pdf... ($cmd)\n" + eval "$cmd" + pdf_size=`calcsize $PACKAGE.pdf` + mv $PACKAGE.pdf "$outdir/" + ls -l "$outdir/$PACKAGE.pdf" +fi # end tex (dvi + pdf) + +# +if $generate_ascii; then + opt="-o $PACKAGE.txt --no-split --no-headers $commonarg" + cmd="$SETLANG $MAKEINFO $opt \"$srcfile\"" + printf "\nGenerating ascii... ($cmd)\n" + eval "$cmd" + ascii_size=`calcsize $PACKAGE.txt` + gzip -f -9 -c $PACKAGE.txt >"$outdir/$PACKAGE.txt.gz" + ascii_gz_size=`calcsize "$outdir/$PACKAGE.txt.gz"` + mv $PACKAGE.txt "$outdir/" + ls -l "$outdir/$PACKAGE.txt" "$outdir/$PACKAGE.txt.gz" +fi + +# + +if $generate_html; then +# Split HTML at level $1. Used for texi2html. +html_split() +{ + opt="--split=$1 --node-files $commonarg $htmlarg" + cmd="$SETLANG $TEXI2HTML --output $PACKAGE.html $opt \"$srcfile\"" + printf "\nGenerating html by $1... ($cmd)\n" + eval "$cmd" + split_html_dir=$PACKAGE.html + ( + cd ${split_html_dir} || exit 1 + ln -sf ${PACKAGE}.html index.html + tar -czf "$abs_outdir/${PACKAGE}.html_$1.tar.gz" -- *.html + ) + eval html_$1_tgz_size=`calcsize "$outdir/${PACKAGE}.html_$1.tar.gz"` + rm -f "$outdir"/html_$1/*.html + mkdir -p "$outdir/html_$1/" + mv ${split_html_dir}/*.html "$outdir/html_$1/" + rmdir ${split_html_dir} +} + +if test -z "$use_texi2html"; then + opt="--no-split --html -o $PACKAGE.html $commonarg $htmlarg" + cmd="$SETLANG $MAKEINFO $opt \"$srcfile\"" + printf "\nGenerating monolithic html... ($cmd)\n" + rm -rf $PACKAGE.html # in case a directory is left over + eval "$cmd" + html_mono_size=`calcsize $PACKAGE.html` + gzip -f -9 -c $PACKAGE.html >"$outdir/$PACKAGE.html.gz" + html_mono_gz_size=`calcsize "$outdir/$PACKAGE.html.gz"` + copy_images "$outdir/" $PACKAGE.html + mv $PACKAGE.html "$outdir/" + ls -l "$outdir/$PACKAGE.html" "$outdir/$PACKAGE.html.gz" + + # Before Texinfo 5.0, makeinfo did not accept a --split=HOW option, + # it just always split by node. So if we're splitting by node anyway, + # leave it out. + if test "x$split" = xnode; then + split_arg= + else + split_arg=--split=$split + fi + # + opt="--html -o $PACKAGE.html $split_arg $commonarg $htmlarg" + cmd="$SETLANG $MAKEINFO $opt \"$srcfile\"" + printf "\nGenerating html by $split... ($cmd)\n" + eval "$cmd" + split_html_dir=$PACKAGE.html + copy_images $split_html_dir/ $split_html_dir/*.html + ( + cd $split_html_dir || exit 1 + tar -czf "$abs_outdir/$PACKAGE.html_$split.tar.gz" -- * + ) + eval \ + html_${split}_tgz_size=`calcsize "$outdir/$PACKAGE.html_$split.tar.gz"` + rm -rf "$outdir/html_$split/" + mv $split_html_dir "$outdir/html_$split/" + du -s "$outdir/html_$split/" + ls -l "$outdir/$PACKAGE.html_$split.tar.gz" + +else # use texi2html: + opt="--output $PACKAGE.html $commonarg $htmlarg" + cmd="$SETLANG $TEXI2HTML $opt \"$srcfile\"" + printf "\nGenerating monolithic html with texi2html... ($cmd)\n" + rm -rf $PACKAGE.html # in case a directory is left over + eval "$cmd" + html_mono_size=`calcsize $PACKAGE.html` + gzip -f -9 -c $PACKAGE.html >"$outdir/$PACKAGE.html.gz" + html_mono_gz_size=`calcsize "$outdir/$PACKAGE.html.gz"` + mv $PACKAGE.html "$outdir/" + + html_split node + html_split chapter + html_split section +fi +fi # end html + +# +printf "\nMaking .tar.gz for sources...\n" +d=`dirname $srcfile` +( + cd "$d" + srcfiles=`ls -d *.texinfo *.texi *.txi *.eps $source_extra 2>/dev/null` || true + tar czfh "$abs_outdir/$PACKAGE.texi.tar.gz" $srcfiles + ls -l "$abs_outdir/$PACKAGE.texi.tar.gz" +) +texi_tgz_size=`calcsize "$outdir/$PACKAGE.texi.tar.gz"` + +# +# Do everything again through docbook. +if test -n "$docbook"; then + opt="-o - --docbook $commonarg" + cmd="$SETLANG $MAKEINFO $opt \"$srcfile\" >${srcdir}/$PACKAGE-db.xml" + printf "\nGenerating docbook XML... ($cmd)\n" + eval "$cmd" + docbook_xml_size=`calcsize $PACKAGE-db.xml` + gzip -f -9 -c $PACKAGE-db.xml >"$outdir/$PACKAGE-db.xml.gz" + docbook_xml_gz_size=`calcsize "$outdir/$PACKAGE-db.xml.gz"` + mv $PACKAGE-db.xml "$outdir/" + + split_html_db_dir=html_node_db + opt="$commonarg -o $split_html_db_dir" + cmd="$DOCBOOK2HTML $opt \"${outdir}/$PACKAGE-db.xml\"" + printf "\nGenerating docbook HTML... ($cmd)\n" + eval "$cmd" + ( + cd ${split_html_db_dir} || exit 1 + tar -czf "$abs_outdir/${PACKAGE}.html_node_db.tar.gz" -- *.html + ) + html_node_db_tgz_size=`calcsize "$outdir/${PACKAGE}.html_node_db.tar.gz"` + rm -f "$outdir"/html_node_db/*.html + mkdir -p "$outdir/html_node_db" + mv ${split_html_db_dir}/*.html "$outdir/html_node_db/" + rmdir ${split_html_db_dir} + + cmd="$DOCBOOK2TXT \"${outdir}/$PACKAGE-db.xml\"" + printf "\nGenerating docbook ASCII... ($cmd)\n" + eval "$cmd" + docbook_ascii_size=`calcsize $PACKAGE-db.txt` + mv $PACKAGE-db.txt "$outdir/" + + cmd="$DOCBOOK2PDF \"${outdir}/$PACKAGE-db.xml\"" + printf "\nGenerating docbook PDF... ($cmd)\n" + eval "$cmd" + docbook_pdf_size=`calcsize $PACKAGE-db.pdf` + mv $PACKAGE-db.pdf "$outdir/" +fi + +# +printf "\nMaking index.html for $PACKAGE...\n" +if test -z "$use_texi2html"; then + CONDS="/%%IF *HTML_SECTION%%/,/%%ENDIF *HTML_SECTION%%/d;\ + /%%IF *HTML_CHAPTER%%/,/%%ENDIF *HTML_CHAPTER%%/d" +else + # should take account of --split here. + CONDS="/%%ENDIF.*%%/d;/%%IF *HTML_SECTION%%/d;/%%IF *HTML_CHAPTER%%/d" +fi + +curdate=`$SETLANG date '+%B %d, %Y'` +sed \ + -e "s!%%TITLE%%!$MANUAL_TITLE!g" \ + -e "s!%%EMAIL%%!$EMAIL!g" \ + -e "s!%%PACKAGE%%!$PACKAGE!g" \ + -e "s!%%DATE%%!$curdate!g" \ + -e "s!%%HTML_MONO_SIZE%%!$html_mono_size!g" \ + -e "s!%%HTML_MONO_GZ_SIZE%%!$html_mono_gz_size!g" \ + -e "s!%%HTML_NODE_TGZ_SIZE%%!$html_node_tgz_size!g" \ + -e "s!%%HTML_SECTION_TGZ_SIZE%%!$html_section_tgz_size!g" \ + -e "s!%%HTML_CHAPTER_TGZ_SIZE%%!$html_chapter_tgz_size!g" \ + -e "s!%%INFO_TGZ_SIZE%%!$info_tgz_size!g" \ + -e "s!%%DVI_GZ_SIZE%%!$dvi_gz_size!g" \ + -e "s!%%PDF_SIZE%%!$pdf_size!g" \ + -e "s!%%ASCII_SIZE%%!$ascii_size!g" \ + -e "s!%%ASCII_GZ_SIZE%%!$ascii_gz_size!g" \ + -e "s!%%TEXI_TGZ_SIZE%%!$texi_tgz_size!g" \ + -e "s!%%DOCBOOK_HTML_NODE_TGZ_SIZE%%!$html_node_db_tgz_size!g" \ + -e "s!%%DOCBOOK_ASCII_SIZE%%!$docbook_ascii_size!g" \ + -e "s!%%DOCBOOK_PDF_SIZE%%!$docbook_pdf_size!g" \ + -e "s!%%DOCBOOK_XML_SIZE%%!$docbook_xml_size!g" \ + -e "s!%%DOCBOOK_XML_GZ_SIZE%%!$docbook_xml_gz_size!g" \ + -e "s,%%SCRIPTURL%%,$scripturl,g" \ + -e "s!%%SCRIPTNAME%%!$prog!g" \ + -e "$CONDS" \ +$GENDOCS_TEMPLATE_DIR/gendocs_template >"$outdir/index.html" + +echo "Done, see $outdir/ subdirectory for new files." + +# Local variables: +# eval: (add-hook 'before-save-hook 'time-stamp) +# time-stamp-start: "scriptversion=" +# time-stamp-format: "%:y-%02m-%02d.%02H" +# time-stamp-end: "$" +# End: diff --git a/build-aux/install-sh b/build-aux/install-sh new file mode 100755 index 0000000..8175c64 --- /dev/null +++ b/build-aux/install-sh @@ -0,0 +1,518 @@ +#!/bin/sh +# install - install a program, script, or datafile + +scriptversion=2018-03-11.20; # UTC + +# This originates from X11R5 (mit/util/scripts/install.sh), which was +# later released in X11R6 (xc/config/util/install.sh) with the +# following copyright and license. +# +# Copyright (C) 1994 X Consortium +# +# Permission is hereby granted, free of charge, to any person obtaining a copy +# of this software and associated documentation files (the "Software"), to +# deal in the Software without restriction, including without limitation the +# rights to use, copy, modify, merge, publish, distribute, sublicense, and/or +# sell copies of the Software, and to permit persons to whom the Software is +# furnished to do so, subject to the following conditions: +# +# The above copyright notice and this permission notice shall be included in +# all copies or substantial portions of the Software. +# +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +# X CONSORTIUM BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN +# AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNEC- +# TION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. +# +# Except as contained in this notice, the name of the X Consortium shall not +# be used in advertising or otherwise to promote the sale, use or other deal- +# ings in this Software without prior written authorization from the X Consor- +# tium. +# +# +# FSF changes to this file are in the public domain. +# +# Calling this script install-sh is preferred over install.sh, to prevent +# 'make' implicit rules from creating a file called install from it +# when there is no Makefile. +# +# This script is compatible with the BSD install script, but was written +# from scratch. + +tab=' ' +nl=' +' +IFS=" $tab$nl" + +# Set DOITPROG to "echo" to test this script. + +doit=${DOITPROG-} +doit_exec=${doit:-exec} + +# Put in absolute file names if you don't have them in your path; +# or use environment vars. + +chgrpprog=${CHGRPPROG-chgrp} +chmodprog=${CHMODPROG-chmod} +chownprog=${CHOWNPROG-chown} +cmpprog=${CMPPROG-cmp} +cpprog=${CPPROG-cp} +mkdirprog=${MKDIRPROG-mkdir} +mvprog=${MVPROG-mv} +rmprog=${RMPROG-rm} +stripprog=${STRIPPROG-strip} + +posix_mkdir= + +# Desired mode of installed file. +mode=0755 + +chgrpcmd= +chmodcmd=$chmodprog +chowncmd= +mvcmd=$mvprog +rmcmd="$rmprog -f" +stripcmd= + +src= +dst= +dir_arg= +dst_arg= + +copy_on_change=false +is_target_a_directory=possibly + +usage="\ +Usage: $0 [OPTION]... [-T] SRCFILE DSTFILE + or: $0 [OPTION]... SRCFILES... DIRECTORY + or: $0 [OPTION]... -t DIRECTORY SRCFILES... + or: $0 [OPTION]... -d DIRECTORIES... + +In the 1st form, copy SRCFILE to DSTFILE. +In the 2nd and 3rd, copy all SRCFILES to DIRECTORY. +In the 4th, create DIRECTORIES. + +Options: + --help display this help and exit. + --version display version info and exit. + + -c (ignored) + -C install only if different (preserve the last data modification time) + -d create directories instead of installing files. + -g GROUP $chgrpprog installed files to GROUP. + -m MODE $chmodprog installed files to MODE. + -o USER $chownprog installed files to USER. + -s $stripprog installed files. + -t DIRECTORY install into DIRECTORY. + -T report an error if DSTFILE is a directory. + +Environment variables override the default commands: + CHGRPPROG CHMODPROG CHOWNPROG CMPPROG CPPROG MKDIRPROG MVPROG + RMPROG STRIPPROG +" + +while test $# -ne 0; do + case $1 in + -c) ;; + + -C) copy_on_change=true;; + + -d) dir_arg=true;; + + -g) chgrpcmd="$chgrpprog $2" + shift;; + + --help) echo "$usage"; exit $?;; + + -m) mode=$2 + case $mode in + *' '* | *"$tab"* | *"$nl"* | *'*'* | *'?'* | *'['*) + echo "$0: invalid mode: $mode" >&2 + exit 1;; + esac + shift;; + + -o) chowncmd="$chownprog $2" + shift;; + + -s) stripcmd=$stripprog;; + + -t) + is_target_a_directory=always + dst_arg=$2 + # Protect names problematic for 'test' and other utilities. + case $dst_arg in + -* | [=\(\)!]) dst_arg=./$dst_arg;; + esac + shift;; + + -T) is_target_a_directory=never;; + + --version) echo "$0 $scriptversion"; exit $?;; + + --) shift + break;; + + -*) echo "$0: invalid option: $1" >&2 + exit 1;; + + *) break;; + esac + shift +done + +# We allow the use of options -d and -T together, by making -d +# take the precedence; this is for compatibility with GNU install. + +if test -n "$dir_arg"; then + if test -n "$dst_arg"; then + echo "$0: target directory not allowed when installing a directory." >&2 + exit 1 + fi +fi + +if test $# -ne 0 && test -z "$dir_arg$dst_arg"; then + # When -d is used, all remaining arguments are directories to create. + # When -t is used, the destination is already specified. + # Otherwise, the last argument is the destination. Remove it from $@. + for arg + do + if test -n "$dst_arg"; then + # $@ is not empty: it contains at least $arg. + set fnord "$@" "$dst_arg" + shift # fnord + fi + shift # arg + dst_arg=$arg + # Protect names problematic for 'test' and other utilities. + case $dst_arg in + -* | [=\(\)!]) dst_arg=./$dst_arg;; + esac + done +fi + +if test $# -eq 0; then + if test -z "$dir_arg"; then + echo "$0: no input file specified." >&2 + exit 1 + fi + # It's OK to call 'install-sh -d' without argument. + # This can happen when creating conditional directories. + exit 0 +fi + +if test -z "$dir_arg"; then + if test $# -gt 1 || test "$is_target_a_directory" = always; then + if test ! -d "$dst_arg"; then + echo "$0: $dst_arg: Is not a directory." >&2 + exit 1 + fi + fi +fi + +if test -z "$dir_arg"; then + do_exit='(exit $ret); exit $ret' + trap "ret=129; $do_exit" 1 + trap "ret=130; $do_exit" 2 + trap "ret=141; $do_exit" 13 + trap "ret=143; $do_exit" 15 + + # Set umask so as not to create temps with too-generous modes. + # However, 'strip' requires both read and write access to temps. + case $mode in + # Optimize common cases. + *644) cp_umask=133;; + *755) cp_umask=22;; + + *[0-7]) + if test -z "$stripcmd"; then + u_plus_rw= + else + u_plus_rw='% 200' + fi + cp_umask=`expr '(' 777 - $mode % 1000 ')' $u_plus_rw`;; + *) + if test -z "$stripcmd"; then + u_plus_rw= + else + u_plus_rw=,u+rw + fi + cp_umask=$mode$u_plus_rw;; + esac +fi + +for src +do + # Protect names problematic for 'test' and other utilities. + case $src in + -* | [=\(\)!]) src=./$src;; + esac + + if test -n "$dir_arg"; then + dst=$src + dstdir=$dst + test -d "$dstdir" + dstdir_status=$? + else + + # Waiting for this to be detected by the "$cpprog $src $dsttmp" command + # might cause directories to be created, which would be especially bad + # if $src (and thus $dsttmp) contains '*'. + if test ! -f "$src" && test ! -d "$src"; then + echo "$0: $src does not exist." >&2 + exit 1 + fi + + if test -z "$dst_arg"; then + echo "$0: no destination specified." >&2 + exit 1 + fi + dst=$dst_arg + + # If destination is a directory, append the input filename. + if test -d "$dst"; then + if test "$is_target_a_directory" = never; then + echo "$0: $dst_arg: Is a directory" >&2 + exit 1 + fi + dstdir=$dst + dstbase=`basename "$src"` + case $dst in + */) dst=$dst$dstbase;; + *) dst=$dst/$dstbase;; + esac + dstdir_status=0 + else + dstdir=`dirname "$dst"` + test -d "$dstdir" + dstdir_status=$? + fi + fi + + case $dstdir in + */) dstdirslash=$dstdir;; + *) dstdirslash=$dstdir/;; + esac + + obsolete_mkdir_used=false + + if test $dstdir_status != 0; then + case $posix_mkdir in + '') + # Create intermediate dirs using mode 755 as modified by the umask. + # This is like FreeBSD 'install' as of 1997-10-28. + umask=`umask` + case $stripcmd.$umask in + # Optimize common cases. + *[2367][2367]) mkdir_umask=$umask;; + .*0[02][02] | .[02][02] | .[02]) mkdir_umask=22;; + + *[0-7]) + mkdir_umask=`expr $umask + 22 \ + - $umask % 100 % 40 + $umask % 20 \ + - $umask % 10 % 4 + $umask % 2 + `;; + *) mkdir_umask=$umask,go-w;; + esac + + # With -d, create the new directory with the user-specified mode. + # Otherwise, rely on $mkdir_umask. + if test -n "$dir_arg"; then + mkdir_mode=-m$mode + else + mkdir_mode= + fi + + posix_mkdir=false + case $umask in + *[123567][0-7][0-7]) + # POSIX mkdir -p sets u+wx bits regardless of umask, which + # is incompatible with FreeBSD 'install' when (umask & 300) != 0. + ;; + *) + # Note that $RANDOM variable is not portable (e.g. dash); Use it + # here however when possible just to lower collision chance. + tmpdir=${TMPDIR-/tmp}/ins$RANDOM-$$ + + trap 'ret=$?; rmdir "$tmpdir/a/b" "$tmpdir/a" "$tmpdir" 2>/dev/null; exit $ret' 0 + + # Because "mkdir -p" follows existing symlinks and we likely work + # directly in world-writeable /tmp, make sure that the '$tmpdir' + # directory is successfully created first before we actually test + # 'mkdir -p' feature. + if (umask $mkdir_umask && + $mkdirprog $mkdir_mode "$tmpdir" && + exec $mkdirprog $mkdir_mode -p -- "$tmpdir/a/b") >/dev/null 2>&1 + then + if test -z "$dir_arg" || { + # Check for POSIX incompatibilities with -m. + # HP-UX 11.23 and IRIX 6.5 mkdir -m -p sets group- or + # other-writable bit of parent directory when it shouldn't. + # FreeBSD 6.1 mkdir -m -p sets mode of existing directory. + test_tmpdir="$tmpdir/a" + ls_ld_tmpdir=`ls -ld "$test_tmpdir"` + case $ls_ld_tmpdir in + d????-?r-*) different_mode=700;; + d????-?--*) different_mode=755;; + *) false;; + esac && + $mkdirprog -m$different_mode -p -- "$test_tmpdir" && { + ls_ld_tmpdir_1=`ls -ld "$test_tmpdir"` + test "$ls_ld_tmpdir" = "$ls_ld_tmpdir_1" + } + } + then posix_mkdir=: + fi + rmdir "$tmpdir/a/b" "$tmpdir/a" "$tmpdir" + else + # Remove any dirs left behind by ancient mkdir implementations. + rmdir ./$mkdir_mode ./-p ./-- "$tmpdir" 2>/dev/null + fi + trap '' 0;; + esac;; + esac + + if + $posix_mkdir && ( + umask $mkdir_umask && + $doit_exec $mkdirprog $mkdir_mode -p -- "$dstdir" + ) + then : + else + + # The umask is ridiculous, or mkdir does not conform to POSIX, + # or it failed possibly due to a race condition. Create the + # directory the slow way, step by step, checking for races as we go. + + case $dstdir in + /*) prefix='/';; + [-=\(\)!]*) prefix='./';; + *) prefix='';; + esac + + oIFS=$IFS + IFS=/ + set -f + set fnord $dstdir + shift + set +f + IFS=$oIFS + + prefixes= + + for d + do + test X"$d" = X && continue + + prefix=$prefix$d + if test -d "$prefix"; then + prefixes= + else + if $posix_mkdir; then + (umask=$mkdir_umask && + $doit_exec $mkdirprog $mkdir_mode -p -- "$dstdir") && break + # Don't fail if two instances are running concurrently. + test -d "$prefix" || exit 1 + else + case $prefix in + *\'*) qprefix=`echo "$prefix" | sed "s/'/'\\\\\\\\''/g"`;; + *) qprefix=$prefix;; + esac + prefixes="$prefixes '$qprefix'" + fi + fi + prefix=$prefix/ + done + + if test -n "$prefixes"; then + # Don't fail if two instances are running concurrently. + (umask $mkdir_umask && + eval "\$doit_exec \$mkdirprog $prefixes") || + test -d "$dstdir" || exit 1 + obsolete_mkdir_used=true + fi + fi + fi + + if test -n "$dir_arg"; then + { test -z "$chowncmd" || $doit $chowncmd "$dst"; } && + { test -z "$chgrpcmd" || $doit $chgrpcmd "$dst"; } && + { test "$obsolete_mkdir_used$chowncmd$chgrpcmd" = false || + test -z "$chmodcmd" || $doit $chmodcmd $mode "$dst"; } || exit 1 + else + + # Make a couple of temp file names in the proper directory. + dsttmp=${dstdirslash}_inst.$$_ + rmtmp=${dstdirslash}_rm.$$_ + + # Trap to clean up those temp files at exit. + trap 'ret=$?; rm -f "$dsttmp" "$rmtmp" && exit $ret' 0 + + # Copy the file name to the temp name. + (umask $cp_umask && $doit_exec $cpprog "$src" "$dsttmp") && + + # and set any options; do chmod last to preserve setuid bits. + # + # If any of these fail, we abort the whole thing. If we want to + # ignore errors from any of these, just make sure not to ignore + # errors from the above "$doit $cpprog $src $dsttmp" command. + # + { test -z "$chowncmd" || $doit $chowncmd "$dsttmp"; } && + { test -z "$chgrpcmd" || $doit $chgrpcmd "$dsttmp"; } && + { test -z "$stripcmd" || $doit $stripcmd "$dsttmp"; } && + { test -z "$chmodcmd" || $doit $chmodcmd $mode "$dsttmp"; } && + + # If -C, don't bother to copy if it wouldn't change the file. + if $copy_on_change && + old=`LC_ALL=C ls -dlL "$dst" 2>/dev/null` && + new=`LC_ALL=C ls -dlL "$dsttmp" 2>/dev/null` && + set -f && + set X $old && old=:$2:$4:$5:$6 && + set X $new && new=:$2:$4:$5:$6 && + set +f && + test "$old" = "$new" && + $cmpprog "$dst" "$dsttmp" >/dev/null 2>&1 + then + rm -f "$dsttmp" + else + # Rename the file to the real destination. + $doit $mvcmd -f "$dsttmp" "$dst" 2>/dev/null || + + # The rename failed, perhaps because mv can't rename something else + # to itself, or perhaps because mv is so ancient that it does not + # support -f. + { + # Now remove or move aside any old file at destination location. + # We try this two ways since rm can't unlink itself on some + # systems and the destination file might be busy for other + # reasons. In this case, the final cleanup might fail but the new + # file should still install successfully. + { + test ! -f "$dst" || + $doit $rmcmd -f "$dst" 2>/dev/null || + { $doit $mvcmd -f "$dst" "$rmtmp" 2>/dev/null && + { $doit $rmcmd -f "$rmtmp" 2>/dev/null; :; } + } || + { echo "$0: cannot unlink or rename $dst" >&2 + (exit 1); exit 1 + } + } && + + # Now rename the file to the real destination. + $doit $mvcmd "$dsttmp" "$dst" + } + fi || exit 1 + + trap '' 0 + fi +done + +# Local variables: +# eval: (add-hook 'before-save-hook 'time-stamp) +# time-stamp-start: "scriptversion=" +# time-stamp-format: "%:y-%02m-%02d.%02H" +# time-stamp-time-zone: "UTC0" +# time-stamp-end: "; # UTC" +# End: diff --git a/build-aux/ltmain.sh b/build-aux/ltmain.sh new file mode 100644 index 0000000..617dde4 --- /dev/null +++ b/build-aux/ltmain.sh @@ -0,0 +1,11248 @@ +#! /bin/sh +## DO NOT EDIT - This file generated from ./build-aux/ltmain.in +## by inline-source v2014-01-03.01 + +# libtool (GNU libtool) 2.4.6 +# Provide generalized library-building support services. +# Written by Gordon Matzigkeit <gord@gnu.ai.mit.edu>, 1996 + +# Copyright (C) 1996-2015 Free Software Foundation, Inc. +# This is free software; see the source for copying conditions. There is NO +# warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. + +# GNU Libtool is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# As a special exception to the GNU General Public License, +# if you distribute this file as part of a program or library that +# is built using GNU Libtool, you may include this file under the +# same distribution terms that you use for the rest of that program. +# +# GNU Libtool is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + + +PROGRAM=libtool +PACKAGE=libtool +VERSION="2.4.6 Debian-2.4.6-8" +package_revision=2.4.6 + + +## ------ ## +## Usage. ## +## ------ ## + +# Run './libtool --help' for help with using this script from the +# command line. + + +## ------------------------------- ## +## User overridable command paths. ## +## ------------------------------- ## + +# After configure completes, it has a better idea of some of the +# shell tools we need than the defaults used by the functions shared +# with bootstrap, so set those here where they can still be over- +# ridden by the user, but otherwise take precedence. + +: ${AUTOCONF="autoconf"} +: ${AUTOMAKE="automake"} + + +## -------------------------- ## +## Source external libraries. ## +## -------------------------- ## + +# Much of our low-level functionality needs to be sourced from external +# libraries, which are installed to $pkgauxdir. + +# Set a version string for this script. +scriptversion=2015-01-20.17; # UTC + +# General shell script boiler plate, and helper functions. +# Written by Gary V. Vaughan, 2004 + +# Copyright (C) 2004-2015 Free Software Foundation, Inc. +# This is free software; see the source for copying conditions. There is NO +# warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. + +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 3 of the License, or +# (at your option) any later version. + +# As a special exception to the GNU General Public License, if you distribute +# this file as part of a program or library that is built using GNU Libtool, +# you may include this file under the same distribution terms that you use +# for the rest of that program. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNES FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + +# Please report bugs or propose patches to gary@gnu.org. + + +## ------ ## +## Usage. ## +## ------ ## + +# Evaluate this file near the top of your script to gain access to +# the functions and variables defined here: +# +# . `echo "$0" | ${SED-sed} 's|[^/]*$||'`/build-aux/funclib.sh +# +# If you need to override any of the default environment variable +# settings, do that before evaluating this file. + + +## -------------------- ## +## Shell normalisation. ## +## -------------------- ## + +# Some shells need a little help to be as Bourne compatible as possible. +# Before doing anything else, make sure all that help has been provided! + +DUALCASE=1; export DUALCASE # for MKS sh +if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then : + emulate sh + NULLCMD=: + # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which + # is contrary to our usage. Disable this feature. + alias -g '${1+"$@"}'='"$@"' + setopt NO_GLOB_SUBST +else + case `(set -o) 2>/dev/null` in *posix*) set -o posix ;; esac +fi + +# NLS nuisances: We save the old values in case they are required later. +_G_user_locale= +_G_safe_locale= +for _G_var in LANG LANGUAGE LC_ALL LC_CTYPE LC_COLLATE LC_MESSAGES +do + eval "if test set = \"\${$_G_var+set}\"; then + save_$_G_var=\$$_G_var + $_G_var=C + export $_G_var + _G_user_locale=\"$_G_var=\\\$save_\$_G_var; \$_G_user_locale\" + _G_safe_locale=\"$_G_var=C; \$_G_safe_locale\" + fi" +done + +# CDPATH. +(unset CDPATH) >/dev/null 2>&1 && unset CDPATH + +# Make sure IFS has a sensible default +sp=' ' +nl=' +' +IFS="$sp $nl" + +# There are apparently some retarded systems that use ';' as a PATH separator! +if test "${PATH_SEPARATOR+set}" != set; then + PATH_SEPARATOR=: + (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && { + (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 || + PATH_SEPARATOR=';' + } +fi + + + +## ------------------------- ## +## Locate command utilities. ## +## ------------------------- ## + + +# func_executable_p FILE +# ---------------------- +# Check that FILE is an executable regular file. +func_executable_p () +{ + test -f "$1" && test -x "$1" +} + + +# func_path_progs PROGS_LIST CHECK_FUNC [PATH] +# -------------------------------------------- +# Search for either a program that responds to --version with output +# containing "GNU", or else returned by CHECK_FUNC otherwise, by +# trying all the directories in PATH with each of the elements of +# PROGS_LIST. +# +# CHECK_FUNC should accept the path to a candidate program, and +# set $func_check_prog_result if it truncates its output less than +# $_G_path_prog_max characters. +func_path_progs () +{ + _G_progs_list=$1 + _G_check_func=$2 + _G_PATH=${3-"$PATH"} + + _G_path_prog_max=0 + _G_path_prog_found=false + _G_save_IFS=$IFS; IFS=${PATH_SEPARATOR-:} + for _G_dir in $_G_PATH; do + IFS=$_G_save_IFS + test -z "$_G_dir" && _G_dir=. + for _G_prog_name in $_G_progs_list; do + for _exeext in '' .EXE; do + _G_path_prog=$_G_dir/$_G_prog_name$_exeext + func_executable_p "$_G_path_prog" || continue + case `"$_G_path_prog" --version 2>&1` in + *GNU*) func_path_progs_result=$_G_path_prog _G_path_prog_found=: ;; + *) $_G_check_func $_G_path_prog + func_path_progs_result=$func_check_prog_result + ;; + esac + $_G_path_prog_found && break 3 + done + done + done + IFS=$_G_save_IFS + test -z "$func_path_progs_result" && { + echo "no acceptable sed could be found in \$PATH" >&2 + exit 1 + } +} + + +# We want to be able to use the functions in this file before configure +# has figured out where the best binaries are kept, which means we have +# to search for them ourselves - except when the results are already set +# where we skip the searches. + +# Unless the user overrides by setting SED, search the path for either GNU +# sed, or the sed that truncates its output the least. +test -z "$SED" && { + _G_sed_script=s/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb/ + for _G_i in 1 2 3 4 5 6 7; do + _G_sed_script=$_G_sed_script$nl$_G_sed_script + done + echo "$_G_sed_script" 2>/dev/null | sed 99q >conftest.sed + _G_sed_script= + + func_check_prog_sed () + { + _G_path_prog=$1 + + _G_count=0 + printf 0123456789 >conftest.in + while : + do + cat conftest.in conftest.in >conftest.tmp + mv conftest.tmp conftest.in + cp conftest.in conftest.nl + echo '' >> conftest.nl + "$_G_path_prog" -f conftest.sed <conftest.nl >conftest.out 2>/dev/null || break + diff conftest.out conftest.nl >/dev/null 2>&1 || break + _G_count=`expr $_G_count + 1` + if test "$_G_count" -gt "$_G_path_prog_max"; then + # Best one so far, save it but keep looking for a better one + func_check_prog_result=$_G_path_prog + _G_path_prog_max=$_G_count + fi + # 10*(2^10) chars as input seems more than enough + test 10 -lt "$_G_count" && break + done + rm -f conftest.in conftest.tmp conftest.nl conftest.out + } + + func_path_progs "sed gsed" func_check_prog_sed $PATH:/usr/xpg4/bin + rm -f conftest.sed + SED=$func_path_progs_result +} + + +# Unless the user overrides by setting GREP, search the path for either GNU +# grep, or the grep that truncates its output the least. +test -z "$GREP" && { + func_check_prog_grep () + { + _G_path_prog=$1 + + _G_count=0 + _G_path_prog_max=0 + printf 0123456789 >conftest.in + while : + do + cat conftest.in conftest.in >conftest.tmp + mv conftest.tmp conftest.in + cp conftest.in conftest.nl + echo 'GREP' >> conftest.nl + "$_G_path_prog" -e 'GREP$' -e '-(cannot match)-' <conftest.nl >conftest.out 2>/dev/null || break + diff conftest.out conftest.nl >/dev/null 2>&1 || break + _G_count=`expr $_G_count + 1` + if test "$_G_count" -gt "$_G_path_prog_max"; then + # Best one so far, save it but keep looking for a better one + func_check_prog_result=$_G_path_prog + _G_path_prog_max=$_G_count + fi + # 10*(2^10) chars as input seems more than enough + test 10 -lt "$_G_count" && break + done + rm -f conftest.in conftest.tmp conftest.nl conftest.out + } + + func_path_progs "grep ggrep" func_check_prog_grep $PATH:/usr/xpg4/bin + GREP=$func_path_progs_result +} + + +## ------------------------------- ## +## User overridable command paths. ## +## ------------------------------- ## + +# All uppercase variable names are used for environment variables. These +# variables can be overridden by the user before calling a script that +# uses them if a suitable command of that name is not already available +# in the command search PATH. + +: ${CP="cp -f"} +: ${ECHO="printf %s\n"} +: ${EGREP="$GREP -E"} +: ${FGREP="$GREP -F"} +: ${LN_S="ln -s"} +: ${MAKE="make"} +: ${MKDIR="mkdir"} +: ${MV="mv -f"} +: ${RM="rm -f"} +: ${SHELL="${CONFIG_SHELL-/bin/sh}"} + + +## -------------------- ## +## Useful sed snippets. ## +## -------------------- ## + +sed_dirname='s|/[^/]*$||' +sed_basename='s|^.*/||' + +# Sed substitution that helps us do robust quoting. It backslashifies +# metacharacters that are still active within double-quoted strings. +sed_quote_subst='s|\([`"$\\]\)|\\\1|g' + +# Same as above, but do not quote variable references. +sed_double_quote_subst='s/\(["`\\]\)/\\\1/g' + +# Sed substitution that turns a string into a regex matching for the +# string literally. +sed_make_literal_regex='s|[].[^$\\*\/]|\\&|g' + +# Sed substitution that converts a w32 file name or path +# that contains forward slashes, into one that contains +# (escaped) backslashes. A very naive implementation. +sed_naive_backslashify='s|\\\\*|\\|g;s|/|\\|g;s|\\|\\\\|g' + +# Re-'\' parameter expansions in output of sed_double_quote_subst that +# were '\'-ed in input to the same. If an odd number of '\' preceded a +# '$' in input to sed_double_quote_subst, that '$' was protected from +# expansion. Since each input '\' is now two '\'s, look for any number +# of runs of four '\'s followed by two '\'s and then a '$'. '\' that '$'. +_G_bs='\\' +_G_bs2='\\\\' +_G_bs4='\\\\\\\\' +_G_dollar='\$' +sed_double_backslash="\ + s/$_G_bs4/&\\ +/g + s/^$_G_bs2$_G_dollar/$_G_bs&/ + s/\\([^$_G_bs]\\)$_G_bs2$_G_dollar/\\1$_G_bs2$_G_bs$_G_dollar/g + s/\n//g" + + +## ----------------- ## +## Global variables. ## +## ----------------- ## + +# Except for the global variables explicitly listed below, the following +# functions in the '^func_' namespace, and the '^require_' namespace +# variables initialised in the 'Resource management' section, sourcing +# this file will not pollute your global namespace with anything +# else. There's no portable way to scope variables in Bourne shell +# though, so actually running these functions will sometimes place +# results into a variable named after the function, and often use +# temporary variables in the '^_G_' namespace. If you are careful to +# avoid using those namespaces casually in your sourcing script, things +# should continue to work as you expect. And, of course, you can freely +# overwrite any of the functions or variables defined here before +# calling anything to customize them. + +EXIT_SUCCESS=0 +EXIT_FAILURE=1 +EXIT_MISMATCH=63 # $? = 63 is used to indicate version mismatch to missing. +EXIT_SKIP=77 # $? = 77 is used to indicate a skipped test to automake. + +# Allow overriding, eg assuming that you follow the convention of +# putting '$debug_cmd' at the start of all your functions, you can get +# bash to show function call trace with: +# +# debug_cmd='eval echo "${FUNCNAME[0]} $*" >&2' bash your-script-name +debug_cmd=${debug_cmd-":"} +exit_cmd=: + +# By convention, finish your script with: +# +# exit $exit_status +# +# so that you can set exit_status to non-zero if you want to indicate +# something went wrong during execution without actually bailing out at +# the point of failure. +exit_status=$EXIT_SUCCESS + +# Work around backward compatibility issue on IRIX 6.5. On IRIX 6.4+, sh +# is ksh but when the shell is invoked as "sh" and the current value of +# the _XPG environment variable is not equal to 1 (one), the special +# positional parameter $0, within a function call, is the name of the +# function. +progpath=$0 + +# The name of this program. +progname=`$ECHO "$progpath" |$SED "$sed_basename"` + +# Make sure we have an absolute progpath for reexecution: +case $progpath in + [\\/]*|[A-Za-z]:\\*) ;; + *[\\/]*) + progdir=`$ECHO "$progpath" |$SED "$sed_dirname"` + progdir=`cd "$progdir" && pwd` + progpath=$progdir/$progname + ;; + *) + _G_IFS=$IFS + IFS=${PATH_SEPARATOR-:} + for progdir in $PATH; do + IFS=$_G_IFS + test -x "$progdir/$progname" && break + done + IFS=$_G_IFS + test -n "$progdir" || progdir=`pwd` + progpath=$progdir/$progname + ;; +esac + + +## ----------------- ## +## Standard options. ## +## ----------------- ## + +# The following options affect the operation of the functions defined +# below, and should be set appropriately depending on run-time para- +# meters passed on the command line. + +opt_dry_run=false +opt_quiet=false +opt_verbose=false + +# Categories 'all' and 'none' are always available. Append any others +# you will pass as the first argument to func_warning from your own +# code. +warning_categories= + +# By default, display warnings according to 'opt_warning_types'. Set +# 'warning_func' to ':' to elide all warnings, or func_fatal_error to +# treat the next displayed warning as a fatal error. +warning_func=func_warn_and_continue + +# Set to 'all' to display all warnings, 'none' to suppress all +# warnings, or a space delimited list of some subset of +# 'warning_categories' to display only the listed warnings. +opt_warning_types=all + + +## -------------------- ## +## Resource management. ## +## -------------------- ## + +# This section contains definitions for functions that each ensure a +# particular resource (a file, or a non-empty configuration variable for +# example) is available, and if appropriate to extract default values +# from pertinent package files. Call them using their associated +# 'require_*' variable to ensure that they are executed, at most, once. +# +# It's entirely deliberate that calling these functions can set +# variables that don't obey the namespace limitations obeyed by the rest +# of this file, in order that that they be as useful as possible to +# callers. + + +# require_term_colors +# ------------------- +# Allow display of bold text on terminals that support it. +require_term_colors=func_require_term_colors +func_require_term_colors () +{ + $debug_cmd + + test -t 1 && { + # COLORTERM and USE_ANSI_COLORS environment variables take + # precedence, because most terminfo databases neglect to describe + # whether color sequences are supported. + test -n "${COLORTERM+set}" && : ${USE_ANSI_COLORS="1"} + + if test 1 = "$USE_ANSI_COLORS"; then + # Standard ANSI escape sequences + tc_reset='' + tc_bold=''; tc_standout='' + tc_red=''; tc_green='' + tc_blue=''; tc_cyan='' + else + # Otherwise trust the terminfo database after all. + test -n "`tput sgr0 2>/dev/null`" && { + tc_reset=`tput sgr0` + test -n "`tput bold 2>/dev/null`" && tc_bold=`tput bold` + tc_standout=$tc_bold + test -n "`tput smso 2>/dev/null`" && tc_standout=`tput smso` + test -n "`tput setaf 1 2>/dev/null`" && tc_red=`tput setaf 1` + test -n "`tput setaf 2 2>/dev/null`" && tc_green=`tput setaf 2` + test -n "`tput setaf 4 2>/dev/null`" && tc_blue=`tput setaf 4` + test -n "`tput setaf 5 2>/dev/null`" && tc_cyan=`tput setaf 5` + } + fi + } + + require_term_colors=: +} + + +## ----------------- ## +## Function library. ## +## ----------------- ## + +# This section contains a variety of useful functions to call in your +# scripts. Take note of the portable wrappers for features provided by +# some modern shells, which will fall back to slower equivalents on +# less featureful shells. + + +# func_append VAR VALUE +# --------------------- +# Append VALUE onto the existing contents of VAR. + + # We should try to minimise forks, especially on Windows where they are + # unreasonably slow, so skip the feature probes when bash or zsh are + # being used: + if test set = "${BASH_VERSION+set}${ZSH_VERSION+set}"; then + : ${_G_HAVE_ARITH_OP="yes"} + : ${_G_HAVE_XSI_OPS="yes"} + # The += operator was introduced in bash 3.1 + case $BASH_VERSION in + [12].* | 3.0 | 3.0*) ;; + *) + : ${_G_HAVE_PLUSEQ_OP="yes"} + ;; + esac + fi + + # _G_HAVE_PLUSEQ_OP + # Can be empty, in which case the shell is probed, "yes" if += is + # useable or anything else if it does not work. + test -z "$_G_HAVE_PLUSEQ_OP" \ + && (eval 'x=a; x+=" b"; test "a b" = "$x"') 2>/dev/null \ + && _G_HAVE_PLUSEQ_OP=yes + +if test yes = "$_G_HAVE_PLUSEQ_OP" +then + # This is an XSI compatible shell, allowing a faster implementation... + eval 'func_append () + { + $debug_cmd + + eval "$1+=\$2" + }' +else + # ...otherwise fall back to using expr, which is often a shell builtin. + func_append () + { + $debug_cmd + + eval "$1=\$$1\$2" + } +fi + + +# func_append_quoted VAR VALUE +# ---------------------------- +# Quote VALUE and append to the end of shell variable VAR, separated +# by a space. +if test yes = "$_G_HAVE_PLUSEQ_OP"; then + eval 'func_append_quoted () + { + $debug_cmd + + func_quote_for_eval "$2" + eval "$1+=\\ \$func_quote_for_eval_result" + }' +else + func_append_quoted () + { + $debug_cmd + + func_quote_for_eval "$2" + eval "$1=\$$1\\ \$func_quote_for_eval_result" + } +fi + + +# func_append_uniq VAR VALUE +# -------------------------- +# Append unique VALUE onto the existing contents of VAR, assuming +# entries are delimited by the first character of VALUE. For example: +# +# func_append_uniq options " --another-option option-argument" +# +# will only append to $options if " --another-option option-argument " +# is not already present somewhere in $options already (note spaces at +# each end implied by leading space in second argument). +func_append_uniq () +{ + $debug_cmd + + eval _G_current_value='`$ECHO $'$1'`' + _G_delim=`expr "$2" : '\(.\)'` + + case $_G_delim$_G_current_value$_G_delim in + *"$2$_G_delim"*) ;; + *) func_append "$@" ;; + esac +} + + +# func_arith TERM... +# ------------------ +# Set func_arith_result to the result of evaluating TERMs. + test -z "$_G_HAVE_ARITH_OP" \ + && (eval 'test 2 = $(( 1 + 1 ))') 2>/dev/null \ + && _G_HAVE_ARITH_OP=yes + +if test yes = "$_G_HAVE_ARITH_OP"; then + eval 'func_arith () + { + $debug_cmd + + func_arith_result=$(( $* )) + }' +else + func_arith () + { + $debug_cmd + + func_arith_result=`expr "$@"` + } +fi + + +# func_basename FILE +# ------------------ +# Set func_basename_result to FILE with everything up to and including +# the last / stripped. +if test yes = "$_G_HAVE_XSI_OPS"; then + # If this shell supports suffix pattern removal, then use it to avoid + # forking. Hide the definitions single quotes in case the shell chokes + # on unsupported syntax... + _b='func_basename_result=${1##*/}' + _d='case $1 in + */*) func_dirname_result=${1%/*}$2 ;; + * ) func_dirname_result=$3 ;; + esac' + +else + # ...otherwise fall back to using sed. + _b='func_basename_result=`$ECHO "$1" |$SED "$sed_basename"`' + _d='func_dirname_result=`$ECHO "$1" |$SED "$sed_dirname"` + if test "X$func_dirname_result" = "X$1"; then + func_dirname_result=$3 + else + func_append func_dirname_result "$2" + fi' +fi + +eval 'func_basename () +{ + $debug_cmd + + '"$_b"' +}' + + +# func_dirname FILE APPEND NONDIR_REPLACEMENT +# ------------------------------------------- +# Compute the dirname of FILE. If nonempty, add APPEND to the result, +# otherwise set result to NONDIR_REPLACEMENT. +eval 'func_dirname () +{ + $debug_cmd + + '"$_d"' +}' + + +# func_dirname_and_basename FILE APPEND NONDIR_REPLACEMENT +# -------------------------------------------------------- +# Perform func_basename and func_dirname in a single function +# call: +# dirname: Compute the dirname of FILE. If nonempty, +# add APPEND to the result, otherwise set result +# to NONDIR_REPLACEMENT. +# value returned in "$func_dirname_result" +# basename: Compute filename of FILE. +# value retuned in "$func_basename_result" +# For efficiency, we do not delegate to the functions above but instead +# duplicate the functionality here. +eval 'func_dirname_and_basename () +{ + $debug_cmd + + '"$_b"' + '"$_d"' +}' + + +# func_echo ARG... +# ---------------- +# Echo program name prefixed message. +func_echo () +{ + $debug_cmd + + _G_message=$* + + func_echo_IFS=$IFS + IFS=$nl + for _G_line in $_G_message; do + IFS=$func_echo_IFS + $ECHO "$progname: $_G_line" + done + IFS=$func_echo_IFS +} + + +# func_echo_all ARG... +# -------------------- +# Invoke $ECHO with all args, space-separated. +func_echo_all () +{ + $ECHO "$*" +} + + +# func_echo_infix_1 INFIX ARG... +# ------------------------------ +# Echo program name, followed by INFIX on the first line, with any +# additional lines not showing INFIX. +func_echo_infix_1 () +{ + $debug_cmd + + $require_term_colors + + _G_infix=$1; shift + _G_indent=$_G_infix + _G_prefix="$progname: $_G_infix: " + _G_message=$* + + # Strip color escape sequences before counting printable length + for _G_tc in "$tc_reset" "$tc_bold" "$tc_standout" "$tc_red" "$tc_green" "$tc_blue" "$tc_cyan" + do + test -n "$_G_tc" && { + _G_esc_tc=`$ECHO "$_G_tc" | $SED "$sed_make_literal_regex"` + _G_indent=`$ECHO "$_G_indent" | $SED "s|$_G_esc_tc||g"` + } + done + _G_indent="$progname: "`echo "$_G_indent" | $SED 's|.| |g'`" " ## exclude from sc_prohibit_nested_quotes + + func_echo_infix_1_IFS=$IFS + IFS=$nl + for _G_line in $_G_message; do + IFS=$func_echo_infix_1_IFS + $ECHO "$_G_prefix$tc_bold$_G_line$tc_reset" >&2 + _G_prefix=$_G_indent + done + IFS=$func_echo_infix_1_IFS +} + + +# func_error ARG... +# ----------------- +# Echo program name prefixed message to standard error. +func_error () +{ + $debug_cmd + + $require_term_colors + + func_echo_infix_1 " $tc_standout${tc_red}error$tc_reset" "$*" >&2 +} + + +# func_fatal_error ARG... +# ----------------------- +# Echo program name prefixed message to standard error, and exit. +func_fatal_error () +{ + $debug_cmd + + func_error "$*" + exit $EXIT_FAILURE +} + + +# func_grep EXPRESSION FILENAME +# ----------------------------- +# Check whether EXPRESSION matches any line of FILENAME, without output. +func_grep () +{ + $debug_cmd + + $GREP "$1" "$2" >/dev/null 2>&1 +} + + +# func_len STRING +# --------------- +# Set func_len_result to the length of STRING. STRING may not +# start with a hyphen. + test -z "$_G_HAVE_XSI_OPS" \ + && (eval 'x=a/b/c; + test 5aa/bb/cc = "${#x}${x%%/*}${x%/*}${x#*/}${x##*/}"') 2>/dev/null \ + && _G_HAVE_XSI_OPS=yes + +if test yes = "$_G_HAVE_XSI_OPS"; then + eval 'func_len () + { + $debug_cmd + + func_len_result=${#1} + }' +else + func_len () + { + $debug_cmd + + func_len_result=`expr "$1" : ".*" 2>/dev/null || echo $max_cmd_len` + } +fi + + +# func_mkdir_p DIRECTORY-PATH +# --------------------------- +# Make sure the entire path to DIRECTORY-PATH is available. +func_mkdir_p () +{ + $debug_cmd + + _G_directory_path=$1 + _G_dir_list= + + if test -n "$_G_directory_path" && test : != "$opt_dry_run"; then + + # Protect directory names starting with '-' + case $_G_directory_path in + -*) _G_directory_path=./$_G_directory_path ;; + esac + + # While some portion of DIR does not yet exist... + while test ! -d "$_G_directory_path"; do + # ...make a list in topmost first order. Use a colon delimited + # list incase some portion of path contains whitespace. + _G_dir_list=$_G_directory_path:$_G_dir_list + + # If the last portion added has no slash in it, the list is done + case $_G_directory_path in */*) ;; *) break ;; esac + + # ...otherwise throw away the child directory and loop + _G_directory_path=`$ECHO "$_G_directory_path" | $SED -e "$sed_dirname"` + done + _G_dir_list=`$ECHO "$_G_dir_list" | $SED 's|:*$||'` + + func_mkdir_p_IFS=$IFS; IFS=: + for _G_dir in $_G_dir_list; do + IFS=$func_mkdir_p_IFS + # mkdir can fail with a 'File exist' error if two processes + # try to create one of the directories concurrently. Don't + # stop in that case! + $MKDIR "$_G_dir" 2>/dev/null || : + done + IFS=$func_mkdir_p_IFS + + # Bail out if we (or some other process) failed to create a directory. + test -d "$_G_directory_path" || \ + func_fatal_error "Failed to create '$1'" + fi +} + + +# func_mktempdir [BASENAME] +# ------------------------- +# Make a temporary directory that won't clash with other running +# libtool processes, and avoids race conditions if possible. If +# given, BASENAME is the basename for that directory. +func_mktempdir () +{ + $debug_cmd + + _G_template=${TMPDIR-/tmp}/${1-$progname} + + if test : = "$opt_dry_run"; then + # Return a directory name, but don't create it in dry-run mode + _G_tmpdir=$_G_template-$$ + else + + # If mktemp works, use that first and foremost + _G_tmpdir=`mktemp -d "$_G_template-XXXXXXXX" 2>/dev/null` + + if test ! -d "$_G_tmpdir"; then + # Failing that, at least try and use $RANDOM to avoid a race + _G_tmpdir=$_G_template-${RANDOM-0}$$ + + func_mktempdir_umask=`umask` + umask 0077 + $MKDIR "$_G_tmpdir" + umask $func_mktempdir_umask + fi + + # If we're not in dry-run mode, bomb out on failure + test -d "$_G_tmpdir" || \ + func_fatal_error "cannot create temporary directory '$_G_tmpdir'" + fi + + $ECHO "$_G_tmpdir" +} + + +# func_normal_abspath PATH +# ------------------------ +# Remove doubled-up and trailing slashes, "." path components, +# and cancel out any ".." path components in PATH after making +# it an absolute path. +func_normal_abspath () +{ + $debug_cmd + + # These SED scripts presuppose an absolute path with a trailing slash. + _G_pathcar='s|^/\([^/]*\).*$|\1|' + _G_pathcdr='s|^/[^/]*||' + _G_removedotparts=':dotsl + s|/\./|/|g + t dotsl + s|/\.$|/|' + _G_collapseslashes='s|/\{1,\}|/|g' + _G_finalslash='s|/*$|/|' + + # Start from root dir and reassemble the path. + func_normal_abspath_result= + func_normal_abspath_tpath=$1 + func_normal_abspath_altnamespace= + case $func_normal_abspath_tpath in + "") + # Empty path, that just means $cwd. + func_stripname '' '/' "`pwd`" + func_normal_abspath_result=$func_stripname_result + return + ;; + # The next three entries are used to spot a run of precisely + # two leading slashes without using negated character classes; + # we take advantage of case's first-match behaviour. + ///*) + # Unusual form of absolute path, do nothing. + ;; + //*) + # Not necessarily an ordinary path; POSIX reserves leading '//' + # and for example Cygwin uses it to access remote file shares + # over CIFS/SMB, so we conserve a leading double slash if found. + func_normal_abspath_altnamespace=/ + ;; + /*) + # Absolute path, do nothing. + ;; + *) + # Relative path, prepend $cwd. + func_normal_abspath_tpath=`pwd`/$func_normal_abspath_tpath + ;; + esac + + # Cancel out all the simple stuff to save iterations. We also want + # the path to end with a slash for ease of parsing, so make sure + # there is one (and only one) here. + func_normal_abspath_tpath=`$ECHO "$func_normal_abspath_tpath" | $SED \ + -e "$_G_removedotparts" -e "$_G_collapseslashes" -e "$_G_finalslash"` + while :; do + # Processed it all yet? + if test / = "$func_normal_abspath_tpath"; then + # If we ascended to the root using ".." the result may be empty now. + if test -z "$func_normal_abspath_result"; then + func_normal_abspath_result=/ + fi + break + fi + func_normal_abspath_tcomponent=`$ECHO "$func_normal_abspath_tpath" | $SED \ + -e "$_G_pathcar"` + func_normal_abspath_tpath=`$ECHO "$func_normal_abspath_tpath" | $SED \ + -e "$_G_pathcdr"` + # Figure out what to do with it + case $func_normal_abspath_tcomponent in + "") + # Trailing empty path component, ignore it. + ;; + ..) + # Parent dir; strip last assembled component from result. + func_dirname "$func_normal_abspath_result" + func_normal_abspath_result=$func_dirname_result + ;; + *) + # Actual path component, append it. + func_append func_normal_abspath_result "/$func_normal_abspath_tcomponent" + ;; + esac + done + # Restore leading double-slash if one was found on entry. + func_normal_abspath_result=$func_normal_abspath_altnamespace$func_normal_abspath_result +} + + +# func_notquiet ARG... +# -------------------- +# Echo program name prefixed message only when not in quiet mode. +func_notquiet () +{ + $debug_cmd + + $opt_quiet || func_echo ${1+"$@"} + + # A bug in bash halts the script if the last line of a function + # fails when set -e is in force, so we need another command to + # work around that: + : +} + + +# func_relative_path SRCDIR DSTDIR +# -------------------------------- +# Set func_relative_path_result to the relative path from SRCDIR to DSTDIR. +func_relative_path () +{ + $debug_cmd + + func_relative_path_result= + func_normal_abspath "$1" + func_relative_path_tlibdir=$func_normal_abspath_result + func_normal_abspath "$2" + func_relative_path_tbindir=$func_normal_abspath_result + + # Ascend the tree starting from libdir + while :; do + # check if we have found a prefix of bindir + case $func_relative_path_tbindir in + $func_relative_path_tlibdir) + # found an exact match + func_relative_path_tcancelled= + break + ;; + $func_relative_path_tlibdir*) + # found a matching prefix + func_stripname "$func_relative_path_tlibdir" '' "$func_relative_path_tbindir" + func_relative_path_tcancelled=$func_stripname_result + if test -z "$func_relative_path_result"; then + func_relative_path_result=. + fi + break + ;; + *) + func_dirname $func_relative_path_tlibdir + func_relative_path_tlibdir=$func_dirname_result + if test -z "$func_relative_path_tlibdir"; then + # Have to descend all the way to the root! + func_relative_path_result=../$func_relative_path_result + func_relative_path_tcancelled=$func_relative_path_tbindir + break + fi + func_relative_path_result=../$func_relative_path_result + ;; + esac + done + + # Now calculate path; take care to avoid doubling-up slashes. + func_stripname '' '/' "$func_relative_path_result" + func_relative_path_result=$func_stripname_result + func_stripname '/' '/' "$func_relative_path_tcancelled" + if test -n "$func_stripname_result"; then + func_append func_relative_path_result "/$func_stripname_result" + fi + + # Normalisation. If bindir is libdir, return '.' else relative path. + if test -n "$func_relative_path_result"; then + func_stripname './' '' "$func_relative_path_result" + func_relative_path_result=$func_stripname_result + fi + + test -n "$func_relative_path_result" || func_relative_path_result=. + + : +} + + +# func_quote_for_eval ARG... +# -------------------------- +# Aesthetically quote ARGs to be evaled later. +# This function returns two values: +# i) func_quote_for_eval_result +# double-quoted, suitable for a subsequent eval +# ii) func_quote_for_eval_unquoted_result +# has all characters that are still active within double +# quotes backslashified. +func_quote_for_eval () +{ + $debug_cmd + + func_quote_for_eval_unquoted_result= + func_quote_for_eval_result= + while test 0 -lt $#; do + case $1 in + *[\\\`\"\$]*) + _G_unquoted_arg=`printf '%s\n' "$1" |$SED "$sed_quote_subst"` ;; + *) + _G_unquoted_arg=$1 ;; + esac + if test -n "$func_quote_for_eval_unquoted_result"; then + func_append func_quote_for_eval_unquoted_result " $_G_unquoted_arg" + else + func_append func_quote_for_eval_unquoted_result "$_G_unquoted_arg" + fi + + case $_G_unquoted_arg in + # Double-quote args containing shell metacharacters to delay + # word splitting, command substitution and variable expansion + # for a subsequent eval. + # Many Bourne shells cannot handle close brackets correctly + # in scan sets, so we specify it separately. + *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \ ]*|*]*|"") + _G_quoted_arg=\"$_G_unquoted_arg\" + ;; + *) + _G_quoted_arg=$_G_unquoted_arg + ;; + esac + + if test -n "$func_quote_for_eval_result"; then + func_append func_quote_for_eval_result " $_G_quoted_arg" + else + func_append func_quote_for_eval_result "$_G_quoted_arg" + fi + shift + done +} + + +# func_quote_for_expand ARG +# ------------------------- +# Aesthetically quote ARG to be evaled later; same as above, +# but do not quote variable references. +func_quote_for_expand () +{ + $debug_cmd + + case $1 in + *[\\\`\"]*) + _G_arg=`$ECHO "$1" | $SED \ + -e "$sed_double_quote_subst" -e "$sed_double_backslash"` ;; + *) + _G_arg=$1 ;; + esac + + case $_G_arg in + # Double-quote args containing shell metacharacters to delay + # word splitting and command substitution for a subsequent eval. + # Many Bourne shells cannot handle close brackets correctly + # in scan sets, so we specify it separately. + *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \ ]*|*]*|"") + _G_arg=\"$_G_arg\" + ;; + esac + + func_quote_for_expand_result=$_G_arg +} + + +# func_stripname PREFIX SUFFIX NAME +# --------------------------------- +# strip PREFIX and SUFFIX from NAME, and store in func_stripname_result. +# PREFIX and SUFFIX must not contain globbing or regex special +# characters, hashes, percent signs, but SUFFIX may contain a leading +# dot (in which case that matches only a dot). +if test yes = "$_G_HAVE_XSI_OPS"; then + eval 'func_stripname () + { + $debug_cmd + + # pdksh 5.2.14 does not do ${X%$Y} correctly if both X and Y are + # positional parameters, so assign one to ordinary variable first. + func_stripname_result=$3 + func_stripname_result=${func_stripname_result#"$1"} + func_stripname_result=${func_stripname_result%"$2"} + }' +else + func_stripname () + { + $debug_cmd + + case $2 in + .*) func_stripname_result=`$ECHO "$3" | $SED -e "s%^$1%%" -e "s%\\\\$2\$%%"`;; + *) func_stripname_result=`$ECHO "$3" | $SED -e "s%^$1%%" -e "s%$2\$%%"`;; + esac + } +fi + + +# func_show_eval CMD [FAIL_EXP] +# ----------------------------- +# Unless opt_quiet is true, then output CMD. Then, if opt_dryrun is +# not true, evaluate CMD. If the evaluation of CMD fails, and FAIL_EXP +# is given, then evaluate it. +func_show_eval () +{ + $debug_cmd + + _G_cmd=$1 + _G_fail_exp=${2-':'} + + func_quote_for_expand "$_G_cmd" + eval "func_notquiet $func_quote_for_expand_result" + + $opt_dry_run || { + eval "$_G_cmd" + _G_status=$? + if test 0 -ne "$_G_status"; then + eval "(exit $_G_status); $_G_fail_exp" + fi + } +} + + +# func_show_eval_locale CMD [FAIL_EXP] +# ------------------------------------ +# Unless opt_quiet is true, then output CMD. Then, if opt_dryrun is +# not true, evaluate CMD. If the evaluation of CMD fails, and FAIL_EXP +# is given, then evaluate it. Use the saved locale for evaluation. +func_show_eval_locale () +{ + $debug_cmd + + _G_cmd=$1 + _G_fail_exp=${2-':'} + + $opt_quiet || { + func_quote_for_expand "$_G_cmd" + eval "func_echo $func_quote_for_expand_result" + } + + $opt_dry_run || { + eval "$_G_user_locale + $_G_cmd" + _G_status=$? + eval "$_G_safe_locale" + if test 0 -ne "$_G_status"; then + eval "(exit $_G_status); $_G_fail_exp" + fi + } +} + + +# func_tr_sh +# ---------- +# Turn $1 into a string suitable for a shell variable name. +# Result is stored in $func_tr_sh_result. All characters +# not in the set a-zA-Z0-9_ are replaced with '_'. Further, +# if $1 begins with a digit, a '_' is prepended as well. +func_tr_sh () +{ + $debug_cmd + + case $1 in + [0-9]* | *[!a-zA-Z0-9_]*) + func_tr_sh_result=`$ECHO "$1" | $SED -e 's/^\([0-9]\)/_\1/' -e 's/[^a-zA-Z0-9_]/_/g'` + ;; + * ) + func_tr_sh_result=$1 + ;; + esac +} + + +# func_verbose ARG... +# ------------------- +# Echo program name prefixed message in verbose mode only. +func_verbose () +{ + $debug_cmd + + $opt_verbose && func_echo "$*" + + : +} + + +# func_warn_and_continue ARG... +# ----------------------------- +# Echo program name prefixed warning message to standard error. +func_warn_and_continue () +{ + $debug_cmd + + $require_term_colors + + func_echo_infix_1 "${tc_red}warning$tc_reset" "$*" >&2 +} + + +# func_warning CATEGORY ARG... +# ---------------------------- +# Echo program name prefixed warning message to standard error. Warning +# messages can be filtered according to CATEGORY, where this function +# elides messages where CATEGORY is not listed in the global variable +# 'opt_warning_types'. +func_warning () +{ + $debug_cmd + + # CATEGORY must be in the warning_categories list! + case " $warning_categories " in + *" $1 "*) ;; + *) func_internal_error "invalid warning category '$1'" ;; + esac + + _G_category=$1 + shift + + case " $opt_warning_types " in + *" $_G_category "*) $warning_func ${1+"$@"} ;; + esac +} + + +# func_sort_ver VER1 VER2 +# ----------------------- +# 'sort -V' is not generally available. +# Note this deviates from the version comparison in automake +# in that it treats 1.5 < 1.5.0, and treats 1.4.4a < 1.4-p3a +# but this should suffice as we won't be specifying old +# version formats or redundant trailing .0 in bootstrap.conf. +# If we did want full compatibility then we should probably +# use m4_version_compare from autoconf. +func_sort_ver () +{ + $debug_cmd + + printf '%s\n%s\n' "$1" "$2" \ + | sort -t. -k 1,1n -k 2,2n -k 3,3n -k 4,4n -k 5,5n -k 6,6n -k 7,7n -k 8,8n -k 9,9n +} + +# func_lt_ver PREV CURR +# --------------------- +# Return true if PREV and CURR are in the correct order according to +# func_sort_ver, otherwise false. Use it like this: +# +# func_lt_ver "$prev_ver" "$proposed_ver" || func_fatal_error "..." +func_lt_ver () +{ + $debug_cmd + + test "x$1" = x`func_sort_ver "$1" "$2" | $SED 1q` +} + + +# Local variables: +# mode: shell-script +# sh-indentation: 2 +# eval: (add-hook 'before-save-hook 'time-stamp) +# time-stamp-pattern: "10/scriptversion=%:y-%02m-%02d.%02H; # UTC" +# time-stamp-time-zone: "UTC" +# End: +#! /bin/sh + +# Set a version string for this script. +scriptversion=2015-10-07.11; # UTC + +# A portable, pluggable option parser for Bourne shell. +# Written by Gary V. Vaughan, 2010 + +# Copyright (C) 2010-2015 Free Software Foundation, Inc. +# This is free software; see the source for copying conditions. There is NO +# warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. + +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + +# Please report bugs or propose patches to gary@gnu.org. + + +## ------ ## +## Usage. ## +## ------ ## + +# This file is a library for parsing options in your shell scripts along +# with assorted other useful supporting features that you can make use +# of too. +# +# For the simplest scripts you might need only: +# +# #!/bin/sh +# . relative/path/to/funclib.sh +# . relative/path/to/options-parser +# scriptversion=1.0 +# func_options ${1+"$@"} +# eval set dummy "$func_options_result"; shift +# ...rest of your script... +# +# In order for the '--version' option to work, you will need to have a +# suitably formatted comment like the one at the top of this file +# starting with '# Written by ' and ending with '# warranty; '. +# +# For '-h' and '--help' to work, you will also need a one line +# description of your script's purpose in a comment directly above the +# '# Written by ' line, like the one at the top of this file. +# +# The default options also support '--debug', which will turn on shell +# execution tracing (see the comment above debug_cmd below for another +# use), and '--verbose' and the func_verbose function to allow your script +# to display verbose messages only when your user has specified +# '--verbose'. +# +# After sourcing this file, you can plug processing for additional +# options by amending the variables from the 'Configuration' section +# below, and following the instructions in the 'Option parsing' +# section further down. + +## -------------- ## +## Configuration. ## +## -------------- ## + +# You should override these variables in your script after sourcing this +# file so that they reflect the customisations you have added to the +# option parser. + +# The usage line for option parsing errors and the start of '-h' and +# '--help' output messages. You can embed shell variables for delayed +# expansion at the time the message is displayed, but you will need to +# quote other shell meta-characters carefully to prevent them being +# expanded when the contents are evaled. +usage='$progpath [OPTION]...' + +# Short help message in response to '-h' and '--help'. Add to this or +# override it after sourcing this library to reflect the full set of +# options your script accepts. +usage_message="\ + --debug enable verbose shell tracing + -W, --warnings=CATEGORY + report the warnings falling in CATEGORY [all] + -v, --verbose verbosely report processing + --version print version information and exit + -h, --help print short or long help message and exit +" + +# Additional text appended to 'usage_message' in response to '--help'. +long_help_message=" +Warning categories include: + 'all' show all warnings + 'none' turn off all the warnings + 'error' warnings are treated as fatal errors" + +# Help message printed before fatal option parsing errors. +fatal_help="Try '\$progname --help' for more information." + + + +## ------------------------- ## +## Hook function management. ## +## ------------------------- ## + +# This section contains functions for adding, removing, and running hooks +# to the main code. A hook is just a named list of of function, that can +# be run in order later on. + +# func_hookable FUNC_NAME +# ----------------------- +# Declare that FUNC_NAME will run hooks added with +# 'func_add_hook FUNC_NAME ...'. +func_hookable () +{ + $debug_cmd + + func_append hookable_fns " $1" +} + + +# func_add_hook FUNC_NAME HOOK_FUNC +# --------------------------------- +# Request that FUNC_NAME call HOOK_FUNC before it returns. FUNC_NAME must +# first have been declared "hookable" by a call to 'func_hookable'. +func_add_hook () +{ + $debug_cmd + + case " $hookable_fns " in + *" $1 "*) ;; + *) func_fatal_error "'$1' does not accept hook functions." ;; + esac + + eval func_append ${1}_hooks '" $2"' +} + + +# func_remove_hook FUNC_NAME HOOK_FUNC +# ------------------------------------ +# Remove HOOK_FUNC from the list of functions called by FUNC_NAME. +func_remove_hook () +{ + $debug_cmd + + eval ${1}_hooks='`$ECHO "\$'$1'_hooks" |$SED "s| '$2'||"`' +} + + +# func_run_hooks FUNC_NAME [ARG]... +# --------------------------------- +# Run all hook functions registered to FUNC_NAME. +# It is assumed that the list of hook functions contains nothing more +# than a whitespace-delimited list of legal shell function names, and +# no effort is wasted trying to catch shell meta-characters or preserve +# whitespace. +func_run_hooks () +{ + $debug_cmd + + _G_rc_run_hooks=false + + case " $hookable_fns " in + *" $1 "*) ;; + *) func_fatal_error "'$1' does not support hook funcions.n" ;; + esac + + eval _G_hook_fns=\$$1_hooks; shift + + for _G_hook in $_G_hook_fns; do + if eval $_G_hook '"$@"'; then + # store returned options list back into positional + # parameters for next 'cmd' execution. + eval _G_hook_result=\$${_G_hook}_result + eval set dummy "$_G_hook_result"; shift + _G_rc_run_hooks=: + fi + done + + $_G_rc_run_hooks && func_run_hooks_result=$_G_hook_result +} + + + +## --------------- ## +## Option parsing. ## +## --------------- ## + +# In order to add your own option parsing hooks, you must accept the +# full positional parameter list in your hook function, you may remove/edit +# any options that you action, and then pass back the remaining unprocessed +# options in '<hooked_function_name>_result', escaped suitably for +# 'eval'. In this case you also must return $EXIT_SUCCESS to let the +# hook's caller know that it should pay attention to +# '<hooked_function_name>_result'. Returning $EXIT_FAILURE signalizes that +# arguments are left untouched by the hook and therefore caller will ignore the +# result variable. +# +# Like this: +# +# my_options_prep () +# { +# $debug_cmd +# +# # Extend the existing usage message. +# usage_message=$usage_message' +# -s, --silent don'\''t print informational messages +# ' +# # No change in '$@' (ignored completely by this hook). There is +# # no need to do the equivalent (but slower) action: +# # func_quote_for_eval ${1+"$@"} +# # my_options_prep_result=$func_quote_for_eval_result +# false +# } +# func_add_hook func_options_prep my_options_prep +# +# +# my_silent_option () +# { +# $debug_cmd +# +# args_changed=false +# +# # Note that for efficiency, we parse as many options as we can +# # recognise in a loop before passing the remainder back to the +# # caller on the first unrecognised argument we encounter. +# while test $# -gt 0; do +# opt=$1; shift +# case $opt in +# --silent|-s) opt_silent=: +# args_changed=: +# ;; +# # Separate non-argument short options: +# -s*) func_split_short_opt "$_G_opt" +# set dummy "$func_split_short_opt_name" \ +# "-$func_split_short_opt_arg" ${1+"$@"} +# shift +# args_changed=: +# ;; +# *) # Make sure the first unrecognised option "$_G_opt" +# # is added back to "$@", we could need that later +# # if $args_changed is true. +# set dummy "$_G_opt" ${1+"$@"}; shift; break ;; +# esac +# done +# +# if $args_changed; then +# func_quote_for_eval ${1+"$@"} +# my_silent_option_result=$func_quote_for_eval_result +# fi +# +# $args_changed +# } +# func_add_hook func_parse_options my_silent_option +# +# +# my_option_validation () +# { +# $debug_cmd +# +# $opt_silent && $opt_verbose && func_fatal_help "\ +# '--silent' and '--verbose' options are mutually exclusive." +# +# false +# } +# func_add_hook func_validate_options my_option_validation +# +# You'll also need to manually amend $usage_message to reflect the extra +# options you parse. It's preferable to append if you can, so that +# multiple option parsing hooks can be added safely. + + +# func_options_finish [ARG]... +# ---------------------------- +# Finishing the option parse loop (call 'func_options' hooks ATM). +func_options_finish () +{ + $debug_cmd + + _G_func_options_finish_exit=false + if func_run_hooks func_options ${1+"$@"}; then + func_options_finish_result=$func_run_hooks_result + _G_func_options_finish_exit=: + fi + + $_G_func_options_finish_exit +} + + +# func_options [ARG]... +# --------------------- +# All the functions called inside func_options are hookable. See the +# individual implementations for details. +func_hookable func_options +func_options () +{ + $debug_cmd + + _G_rc_options=false + + for my_func in options_prep parse_options validate_options options_finish + do + if eval func_$my_func '${1+"$@"}'; then + eval _G_res_var='$'"func_${my_func}_result" + eval set dummy "$_G_res_var" ; shift + _G_rc_options=: + fi + done + + # Save modified positional parameters for caller. As a top-level + # options-parser function we always need to set the 'func_options_result' + # variable (regardless the $_G_rc_options value). + if $_G_rc_options; then + func_options_result=$_G_res_var + else + func_quote_for_eval ${1+"$@"} + func_options_result=$func_quote_for_eval_result + fi + + $_G_rc_options +} + + +# func_options_prep [ARG]... +# -------------------------- +# All initialisations required before starting the option parse loop. +# Note that when calling hook functions, we pass through the list of +# positional parameters. If a hook function modifies that list, and +# needs to propagate that back to rest of this script, then the complete +# modified list must be put in 'func_run_hooks_result' before +# returning $EXIT_SUCCESS (otherwise $EXIT_FAILURE is returned). +func_hookable func_options_prep +func_options_prep () +{ + $debug_cmd + + # Option defaults: + opt_verbose=false + opt_warning_types= + + _G_rc_options_prep=false + if func_run_hooks func_options_prep ${1+"$@"}; then + _G_rc_options_prep=: + # save modified positional parameters for caller + func_options_prep_result=$func_run_hooks_result + fi + + $_G_rc_options_prep +} + + +# func_parse_options [ARG]... +# --------------------------- +# The main option parsing loop. +func_hookable func_parse_options +func_parse_options () +{ + $debug_cmd + + func_parse_options_result= + + _G_rc_parse_options=false + # this just eases exit handling + while test $# -gt 0; do + # Defer to hook functions for initial option parsing, so they + # get priority in the event of reusing an option name. + if func_run_hooks func_parse_options ${1+"$@"}; then + eval set dummy "$func_run_hooks_result"; shift + _G_rc_parse_options=: + fi + + # Break out of the loop if we already parsed every option. + test $# -gt 0 || break + + _G_match_parse_options=: + _G_opt=$1 + shift + case $_G_opt in + --debug|-x) debug_cmd='set -x' + func_echo "enabling shell trace mode" + $debug_cmd + ;; + + --no-warnings|--no-warning|--no-warn) + set dummy --warnings none ${1+"$@"} + shift + ;; + + --warnings|--warning|-W) + if test $# = 0 && func_missing_arg $_G_opt; then + _G_rc_parse_options=: + break + fi + case " $warning_categories $1" in + *" $1 "*) + # trailing space prevents matching last $1 above + func_append_uniq opt_warning_types " $1" + ;; + *all) + opt_warning_types=$warning_categories + ;; + *none) + opt_warning_types=none + warning_func=: + ;; + *error) + opt_warning_types=$warning_categories + warning_func=func_fatal_error + ;; + *) + func_fatal_error \ + "unsupported warning category: '$1'" + ;; + esac + shift + ;; + + --verbose|-v) opt_verbose=: ;; + --version) func_version ;; + -\?|-h) func_usage ;; + --help) func_help ;; + + # Separate optargs to long options (plugins may need this): + --*=*) func_split_equals "$_G_opt" + set dummy "$func_split_equals_lhs" \ + "$func_split_equals_rhs" ${1+"$@"} + shift + ;; + + # Separate optargs to short options: + -W*) + func_split_short_opt "$_G_opt" + set dummy "$func_split_short_opt_name" \ + "$func_split_short_opt_arg" ${1+"$@"} + shift + ;; + + # Separate non-argument short options: + -\?*|-h*|-v*|-x*) + func_split_short_opt "$_G_opt" + set dummy "$func_split_short_opt_name" \ + "-$func_split_short_opt_arg" ${1+"$@"} + shift + ;; + + --) _G_rc_parse_options=: ; break ;; + -*) func_fatal_help "unrecognised option: '$_G_opt'" ;; + *) set dummy "$_G_opt" ${1+"$@"}; shift + _G_match_parse_options=false + break + ;; + esac + + $_G_match_parse_options && _G_rc_parse_options=: + done + + + if $_G_rc_parse_options; then + # save modified positional parameters for caller + func_quote_for_eval ${1+"$@"} + func_parse_options_result=$func_quote_for_eval_result + fi + + $_G_rc_parse_options +} + + +# func_validate_options [ARG]... +# ------------------------------ +# Perform any sanity checks on option settings and/or unconsumed +# arguments. +func_hookable func_validate_options +func_validate_options () +{ + $debug_cmd + + _G_rc_validate_options=false + + # Display all warnings if -W was not given. + test -n "$opt_warning_types" || opt_warning_types=" $warning_categories" + + if func_run_hooks func_validate_options ${1+"$@"}; then + # save modified positional parameters for caller + func_validate_options_result=$func_run_hooks_result + _G_rc_validate_options=: + fi + + # Bail if the options were screwed! + $exit_cmd $EXIT_FAILURE + + $_G_rc_validate_options +} + + + +## ----------------- ## +## Helper functions. ## +## ----------------- ## + +# This section contains the helper functions used by the rest of the +# hookable option parser framework in ascii-betical order. + + +# func_fatal_help ARG... +# ---------------------- +# Echo program name prefixed message to standard error, followed by +# a help hint, and exit. +func_fatal_help () +{ + $debug_cmd + + eval \$ECHO \""Usage: $usage"\" + eval \$ECHO \""$fatal_help"\" + func_error ${1+"$@"} + exit $EXIT_FAILURE +} + + +# func_help +# --------- +# Echo long help message to standard output and exit. +func_help () +{ + $debug_cmd + + func_usage_message + $ECHO "$long_help_message" + exit 0 +} + + +# func_missing_arg ARGNAME +# ------------------------ +# Echo program name prefixed message to standard error and set global +# exit_cmd. +func_missing_arg () +{ + $debug_cmd + + func_error "Missing argument for '$1'." + exit_cmd=exit +} + + +# func_split_equals STRING +# ------------------------ +# Set func_split_equals_lhs and func_split_equals_rhs shell variables after +# splitting STRING at the '=' sign. +test -z "$_G_HAVE_XSI_OPS" \ + && (eval 'x=a/b/c; + test 5aa/bb/cc = "${#x}${x%%/*}${x%/*}${x#*/}${x##*/}"') 2>/dev/null \ + && _G_HAVE_XSI_OPS=yes + +if test yes = "$_G_HAVE_XSI_OPS" +then + # This is an XSI compatible shell, allowing a faster implementation... + eval 'func_split_equals () + { + $debug_cmd + + func_split_equals_lhs=${1%%=*} + func_split_equals_rhs=${1#*=} + test "x$func_split_equals_lhs" = "x$1" \ + && func_split_equals_rhs= + }' +else + # ...otherwise fall back to using expr, which is often a shell builtin. + func_split_equals () + { + $debug_cmd + + func_split_equals_lhs=`expr "x$1" : 'x\([^=]*\)'` + func_split_equals_rhs= + test "x$func_split_equals_lhs" = "x$1" \ + || func_split_equals_rhs=`expr "x$1" : 'x[^=]*=\(.*\)$'` + } +fi #func_split_equals + + +# func_split_short_opt SHORTOPT +# ----------------------------- +# Set func_split_short_opt_name and func_split_short_opt_arg shell +# variables after splitting SHORTOPT after the 2nd character. +if test yes = "$_G_HAVE_XSI_OPS" +then + # This is an XSI compatible shell, allowing a faster implementation... + eval 'func_split_short_opt () + { + $debug_cmd + + func_split_short_opt_arg=${1#??} + func_split_short_opt_name=${1%"$func_split_short_opt_arg"} + }' +else + # ...otherwise fall back to using expr, which is often a shell builtin. + func_split_short_opt () + { + $debug_cmd + + func_split_short_opt_name=`expr "x$1" : 'x-\(.\)'` + func_split_short_opt_arg=`expr "x$1" : 'x-.\(.*\)$'` + } +fi #func_split_short_opt + + +# func_usage +# ---------- +# Echo short help message to standard output and exit. +func_usage () +{ + $debug_cmd + + func_usage_message + $ECHO "Run '$progname --help |${PAGER-more}' for full usage" + exit 0 +} + + +# func_usage_message +# ------------------ +# Echo short help message to standard output. +func_usage_message () +{ + $debug_cmd + + eval \$ECHO \""Usage: $usage"\" + echo + $SED -n 's|^# || + /^Written by/{ + x;p;x + } + h + /^Written by/q' < "$progpath" + echo + eval \$ECHO \""$usage_message"\" +} + + +# func_version +# ------------ +# Echo version message to standard output and exit. +func_version () +{ + $debug_cmd + + printf '%s\n' "$progname $scriptversion" + $SED -n ' + /(C)/!b go + :more + /\./!{ + N + s|\n# | | + b more + } + :go + /^# Written by /,/# warranty; / { + s|^# || + s|^# *$|| + s|\((C)\)[ 0-9,-]*[ ,-]\([1-9][0-9]* \)|\1 \2| + p + } + /^# Written by / { + s|^# || + p + } + /^warranty; /q' < "$progpath" + + exit $? +} + + +# Local variables: +# mode: shell-script +# sh-indentation: 2 +# eval: (add-hook 'before-save-hook 'time-stamp) +# time-stamp-pattern: "10/scriptversion=%:y-%02m-%02d.%02H; # UTC" +# time-stamp-time-zone: "UTC" +# End: + +# Set a version string. +scriptversion='(GNU libtool) 2.4.6' + + +# func_echo ARG... +# ---------------- +# Libtool also displays the current mode in messages, so override +# funclib.sh func_echo with this custom definition. +func_echo () +{ + $debug_cmd + + _G_message=$* + + func_echo_IFS=$IFS + IFS=$nl + for _G_line in $_G_message; do + IFS=$func_echo_IFS + $ECHO "$progname${opt_mode+: $opt_mode}: $_G_line" + done + IFS=$func_echo_IFS +} + + +# func_warning ARG... +# ------------------- +# Libtool warnings are not categorized, so override funclib.sh +# func_warning with this simpler definition. +func_warning () +{ + $debug_cmd + + $warning_func ${1+"$@"} +} + + +## ---------------- ## +## Options parsing. ## +## ---------------- ## + +# Hook in the functions to make sure our own options are parsed during +# the option parsing loop. + +usage='$progpath [OPTION]... [MODE-ARG]...' + +# Short help message in response to '-h'. +usage_message="Options: + --config show all configuration variables + --debug enable verbose shell tracing + -n, --dry-run display commands without modifying any files + --features display basic configuration information and exit + --mode=MODE use operation mode MODE + --no-warnings equivalent to '-Wnone' + --preserve-dup-deps don't remove duplicate dependency libraries + --quiet, --silent don't print informational messages + --tag=TAG use configuration variables from tag TAG + -v, --verbose print more informational messages than default + --version print version information + -W, --warnings=CATEGORY report the warnings falling in CATEGORY [all] + -h, --help, --help-all print short, long, or detailed help message +" + +# Additional text appended to 'usage_message' in response to '--help'. +func_help () +{ + $debug_cmd + + func_usage_message + $ECHO "$long_help_message + +MODE must be one of the following: + + clean remove files from the build directory + compile compile a source file into a libtool object + execute automatically set library path, then run a program + finish complete the installation of libtool libraries + install install libraries or executables + link create a library or an executable + uninstall remove libraries from an installed directory + +MODE-ARGS vary depending on the MODE. When passed as first option, +'--mode=MODE' may be abbreviated as 'MODE' or a unique abbreviation of that. +Try '$progname --help --mode=MODE' for a more detailed description of MODE. + +When reporting a bug, please describe a test case to reproduce it and +include the following information: + + host-triplet: $host + shell: $SHELL + compiler: $LTCC + compiler flags: $LTCFLAGS + linker: $LD (gnu? $with_gnu_ld) + version: $progname $scriptversion Debian-2.4.6-8 + automake: `($AUTOMAKE --version) 2>/dev/null |$SED 1q` + autoconf: `($AUTOCONF --version) 2>/dev/null |$SED 1q` + +Report bugs to <bug-libtool@gnu.org>. +GNU libtool home page: <http://www.gnu.org/s/libtool/>. +General help using GNU software: <http://www.gnu.org/gethelp/>." + exit 0 +} + + +# func_lo2o OBJECT-NAME +# --------------------- +# Transform OBJECT-NAME from a '.lo' suffix to the platform specific +# object suffix. + +lo2o=s/\\.lo\$/.$objext/ +o2lo=s/\\.$objext\$/.lo/ + +if test yes = "$_G_HAVE_XSI_OPS"; then + eval 'func_lo2o () + { + case $1 in + *.lo) func_lo2o_result=${1%.lo}.$objext ;; + * ) func_lo2o_result=$1 ;; + esac + }' + + # func_xform LIBOBJ-OR-SOURCE + # --------------------------- + # Transform LIBOBJ-OR-SOURCE from a '.o' or '.c' (or otherwise) + # suffix to a '.lo' libtool-object suffix. + eval 'func_xform () + { + func_xform_result=${1%.*}.lo + }' +else + # ...otherwise fall back to using sed. + func_lo2o () + { + func_lo2o_result=`$ECHO "$1" | $SED "$lo2o"` + } + + func_xform () + { + func_xform_result=`$ECHO "$1" | $SED 's|\.[^.]*$|.lo|'` + } +fi + + +# func_fatal_configuration ARG... +# ------------------------------- +# Echo program name prefixed message to standard error, followed by +# a configuration failure hint, and exit. +func_fatal_configuration () +{ + func__fatal_error ${1+"$@"} \ + "See the $PACKAGE documentation for more information." \ + "Fatal configuration error." +} + + +# func_config +# ----------- +# Display the configuration for all the tags in this script. +func_config () +{ + re_begincf='^# ### BEGIN LIBTOOL' + re_endcf='^# ### END LIBTOOL' + + # Default configuration. + $SED "1,/$re_begincf CONFIG/d;/$re_endcf CONFIG/,\$d" < "$progpath" + + # Now print the configurations for the tags. + for tagname in $taglist; do + $SED -n "/$re_begincf TAG CONFIG: $tagname\$/,/$re_endcf TAG CONFIG: $tagname\$/p" < "$progpath" + done + + exit $? +} + + +# func_features +# ------------- +# Display the features supported by this script. +func_features () +{ + echo "host: $host" + if test yes = "$build_libtool_libs"; then + echo "enable shared libraries" + else + echo "disable shared libraries" + fi + if test yes = "$build_old_libs"; then + echo "enable static libraries" + else + echo "disable static libraries" + fi + + exit $? +} + + +# func_enable_tag TAGNAME +# ----------------------- +# Verify that TAGNAME is valid, and either flag an error and exit, or +# enable the TAGNAME tag. We also add TAGNAME to the global $taglist +# variable here. +func_enable_tag () +{ + # Global variable: + tagname=$1 + + re_begincf="^# ### BEGIN LIBTOOL TAG CONFIG: $tagname\$" + re_endcf="^# ### END LIBTOOL TAG CONFIG: $tagname\$" + sed_extractcf=/$re_begincf/,/$re_endcf/p + + # Validate tagname. + case $tagname in + *[!-_A-Za-z0-9,/]*) + func_fatal_error "invalid tag name: $tagname" + ;; + esac + + # Don't test for the "default" C tag, as we know it's + # there but not specially marked. + case $tagname in + CC) ;; + *) + if $GREP "$re_begincf" "$progpath" >/dev/null 2>&1; then + taglist="$taglist $tagname" + + # Evaluate the configuration. Be careful to quote the path + # and the sed script, to avoid splitting on whitespace, but + # also don't use non-portable quotes within backquotes within + # quotes we have to do it in 2 steps: + extractedcf=`$SED -n -e "$sed_extractcf" < "$progpath"` + eval "$extractedcf" + else + func_error "ignoring unknown tag $tagname" + fi + ;; + esac +} + + +# func_check_version_match +# ------------------------ +# Ensure that we are using m4 macros, and libtool script from the same +# release of libtool. +func_check_version_match () +{ + if test "$package_revision" != "$macro_revision"; then + if test "$VERSION" != "$macro_version"; then + if test -z "$macro_version"; then + cat >&2 <<_LT_EOF +$progname: Version mismatch error. This is $PACKAGE $VERSION, but the +$progname: definition of this LT_INIT comes from an older release. +$progname: You should recreate aclocal.m4 with macros from $PACKAGE $VERSION +$progname: and run autoconf again. +_LT_EOF + else + cat >&2 <<_LT_EOF +$progname: Version mismatch error. This is $PACKAGE $VERSION, but the +$progname: definition of this LT_INIT comes from $PACKAGE $macro_version. +$progname: You should recreate aclocal.m4 with macros from $PACKAGE $VERSION +$progname: and run autoconf again. +_LT_EOF + fi + else + cat >&2 <<_LT_EOF +$progname: Version mismatch error. This is $PACKAGE $VERSION, revision $package_revision, +$progname: but the definition of this LT_INIT comes from revision $macro_revision. +$progname: You should recreate aclocal.m4 with macros from revision $package_revision +$progname: of $PACKAGE $VERSION and run autoconf again. +_LT_EOF + fi + + exit $EXIT_MISMATCH + fi +} + + +# libtool_options_prep [ARG]... +# ----------------------------- +# Preparation for options parsed by libtool. +libtool_options_prep () +{ + $debug_mode + + # Option defaults: + opt_config=false + opt_dlopen= + opt_dry_run=false + opt_help=false + opt_mode= + opt_preserve_dup_deps=false + opt_quiet=false + + nonopt= + preserve_args= + + _G_rc_lt_options_prep=: + + # Shorthand for --mode=foo, only valid as the first argument + case $1 in + clean|clea|cle|cl) + shift; set dummy --mode clean ${1+"$@"}; shift + ;; + compile|compil|compi|comp|com|co|c) + shift; set dummy --mode compile ${1+"$@"}; shift + ;; + execute|execut|execu|exec|exe|ex|e) + shift; set dummy --mode execute ${1+"$@"}; shift + ;; + finish|finis|fini|fin|fi|f) + shift; set dummy --mode finish ${1+"$@"}; shift + ;; + install|instal|insta|inst|ins|in|i) + shift; set dummy --mode install ${1+"$@"}; shift + ;; + link|lin|li|l) + shift; set dummy --mode link ${1+"$@"}; shift + ;; + uninstall|uninstal|uninsta|uninst|unins|unin|uni|un|u) + shift; set dummy --mode uninstall ${1+"$@"}; shift + ;; + *) + _G_rc_lt_options_prep=false + ;; + esac + + if $_G_rc_lt_options_prep; then + # Pass back the list of options. + func_quote_for_eval ${1+"$@"} + libtool_options_prep_result=$func_quote_for_eval_result + fi + + $_G_rc_lt_options_prep +} +func_add_hook func_options_prep libtool_options_prep + + +# libtool_parse_options [ARG]... +# --------------------------------- +# Provide handling for libtool specific options. +libtool_parse_options () +{ + $debug_cmd + + _G_rc_lt_parse_options=false + + # Perform our own loop to consume as many options as possible in + # each iteration. + while test $# -gt 0; do + _G_match_lt_parse_options=: + _G_opt=$1 + shift + case $_G_opt in + --dry-run|--dryrun|-n) + opt_dry_run=: + ;; + + --config) func_config ;; + + --dlopen|-dlopen) + opt_dlopen="${opt_dlopen+$opt_dlopen +}$1" + shift + ;; + + --preserve-dup-deps) + opt_preserve_dup_deps=: ;; + + --features) func_features ;; + + --finish) set dummy --mode finish ${1+"$@"}; shift ;; + + --help) opt_help=: ;; + + --help-all) opt_help=': help-all' ;; + + --mode) test $# = 0 && func_missing_arg $_G_opt && break + opt_mode=$1 + case $1 in + # Valid mode arguments: + clean|compile|execute|finish|install|link|relink|uninstall) ;; + + # Catch anything else as an error + *) func_error "invalid argument for $_G_opt" + exit_cmd=exit + break + ;; + esac + shift + ;; + + --no-silent|--no-quiet) + opt_quiet=false + func_append preserve_args " $_G_opt" + ;; + + --no-warnings|--no-warning|--no-warn) + opt_warning=false + func_append preserve_args " $_G_opt" + ;; + + --no-verbose) + opt_verbose=false + func_append preserve_args " $_G_opt" + ;; + + --silent|--quiet) + opt_quiet=: + opt_verbose=false + func_append preserve_args " $_G_opt" + ;; + + --tag) test $# = 0 && func_missing_arg $_G_opt && break + opt_tag=$1 + func_append preserve_args " $_G_opt $1" + func_enable_tag "$1" + shift + ;; + + --verbose|-v) opt_quiet=false + opt_verbose=: + func_append preserve_args " $_G_opt" + ;; + + # An option not handled by this hook function: + *) set dummy "$_G_opt" ${1+"$@"} ; shift + _G_match_lt_parse_options=false + break + ;; + esac + $_G_match_lt_parse_options && _G_rc_lt_parse_options=: + done + + if $_G_rc_lt_parse_options; then + # save modified positional parameters for caller + func_quote_for_eval ${1+"$@"} + libtool_parse_options_result=$func_quote_for_eval_result + fi + + $_G_rc_lt_parse_options +} +func_add_hook func_parse_options libtool_parse_options + + + +# libtool_validate_options [ARG]... +# --------------------------------- +# Perform any sanity checks on option settings and/or unconsumed +# arguments. +libtool_validate_options () +{ + # save first non-option argument + if test 0 -lt $#; then + nonopt=$1 + shift + fi + + # preserve --debug + test : = "$debug_cmd" || func_append preserve_args " --debug" + + case $host in + # Solaris2 added to fix http://debbugs.gnu.org/cgi/bugreport.cgi?bug=16452 + # see also: http://gcc.gnu.org/bugzilla/show_bug.cgi?id=59788 + *cygwin* | *mingw* | *pw32* | *cegcc* | *solaris2* | *os2*) + # don't eliminate duplications in $postdeps and $predeps + opt_duplicate_compiler_generated_deps=: + ;; + *) + opt_duplicate_compiler_generated_deps=$opt_preserve_dup_deps + ;; + esac + + $opt_help || { + # Sanity checks first: + func_check_version_match + + test yes != "$build_libtool_libs" \ + && test yes != "$build_old_libs" \ + && func_fatal_configuration "not configured to build any kind of library" + + # Darwin sucks + eval std_shrext=\"$shrext_cmds\" + + # Only execute mode is allowed to have -dlopen flags. + if test -n "$opt_dlopen" && test execute != "$opt_mode"; then + func_error "unrecognized option '-dlopen'" + $ECHO "$help" 1>&2 + exit $EXIT_FAILURE + fi + + # Change the help message to a mode-specific one. + generic_help=$help + help="Try '$progname --help --mode=$opt_mode' for more information." + } + + # Pass back the unparsed argument list + func_quote_for_eval ${1+"$@"} + libtool_validate_options_result=$func_quote_for_eval_result +} +func_add_hook func_validate_options libtool_validate_options + + +# Process options as early as possible so that --help and --version +# can return quickly. +func_options ${1+"$@"} +eval set dummy "$func_options_result"; shift + + + +## ----------- ## +## Main. ## +## ----------- ## + +magic='%%%MAGIC variable%%%' +magic_exe='%%%MAGIC EXE variable%%%' + +# Global variables. +extracted_archives= +extracted_serial=0 + +# If this variable is set in any of the actions, the command in it +# will be execed at the end. This prevents here-documents from being +# left over by shells. +exec_cmd= + + +# A function that is used when there is no print builtin or printf. +func_fallback_echo () +{ + eval 'cat <<_LTECHO_EOF +$1 +_LTECHO_EOF' +} + +# func_generated_by_libtool +# True iff stdin has been generated by Libtool. This function is only +# a basic sanity check; it will hardly flush out determined imposters. +func_generated_by_libtool_p () +{ + $GREP "^# Generated by .*$PACKAGE" > /dev/null 2>&1 +} + +# func_lalib_p file +# True iff FILE is a libtool '.la' library or '.lo' object file. +# This function is only a basic sanity check; it will hardly flush out +# determined imposters. +func_lalib_p () +{ + test -f "$1" && + $SED -e 4q "$1" 2>/dev/null | func_generated_by_libtool_p +} + +# func_lalib_unsafe_p file +# True iff FILE is a libtool '.la' library or '.lo' object file. +# This function implements the same check as func_lalib_p without +# resorting to external programs. To this end, it redirects stdin and +# closes it afterwards, without saving the original file descriptor. +# As a safety measure, use it only where a negative result would be +# fatal anyway. Works if 'file' does not exist. +func_lalib_unsafe_p () +{ + lalib_p=no + if test -f "$1" && test -r "$1" && exec 5<&0 <"$1"; then + for lalib_p_l in 1 2 3 4 + do + read lalib_p_line + case $lalib_p_line in + \#\ Generated\ by\ *$PACKAGE* ) lalib_p=yes; break;; + esac + done + exec 0<&5 5<&- + fi + test yes = "$lalib_p" +} + +# func_ltwrapper_script_p file +# True iff FILE is a libtool wrapper script +# This function is only a basic sanity check; it will hardly flush out +# determined imposters. +func_ltwrapper_script_p () +{ + test -f "$1" && + $lt_truncate_bin < "$1" 2>/dev/null | func_generated_by_libtool_p +} + +# func_ltwrapper_executable_p file +# True iff FILE is a libtool wrapper executable +# This function is only a basic sanity check; it will hardly flush out +# determined imposters. +func_ltwrapper_executable_p () +{ + func_ltwrapper_exec_suffix= + case $1 in + *.exe) ;; + *) func_ltwrapper_exec_suffix=.exe ;; + esac + $GREP "$magic_exe" "$1$func_ltwrapper_exec_suffix" >/dev/null 2>&1 +} + +# func_ltwrapper_scriptname file +# Assumes file is an ltwrapper_executable +# uses $file to determine the appropriate filename for a +# temporary ltwrapper_script. +func_ltwrapper_scriptname () +{ + func_dirname_and_basename "$1" "" "." + func_stripname '' '.exe' "$func_basename_result" + func_ltwrapper_scriptname_result=$func_dirname_result/$objdir/${func_stripname_result}_ltshwrapper +} + +# func_ltwrapper_p file +# True iff FILE is a libtool wrapper script or wrapper executable +# This function is only a basic sanity check; it will hardly flush out +# determined imposters. +func_ltwrapper_p () +{ + func_ltwrapper_script_p "$1" || func_ltwrapper_executable_p "$1" +} + + +# func_execute_cmds commands fail_cmd +# Execute tilde-delimited COMMANDS. +# If FAIL_CMD is given, eval that upon failure. +# FAIL_CMD may read-access the current command in variable CMD! +func_execute_cmds () +{ + $debug_cmd + + save_ifs=$IFS; IFS='~' + for cmd in $1; do + IFS=$sp$nl + eval cmd=\"$cmd\" + IFS=$save_ifs + func_show_eval "$cmd" "${2-:}" + done + IFS=$save_ifs +} + + +# func_source file +# Source FILE, adding directory component if necessary. +# Note that it is not necessary on cygwin/mingw to append a dot to +# FILE even if both FILE and FILE.exe exist: automatic-append-.exe +# behavior happens only for exec(3), not for open(2)! Also, sourcing +# 'FILE.' does not work on cygwin managed mounts. +func_source () +{ + $debug_cmd + + case $1 in + */* | *\\*) . "$1" ;; + *) . "./$1" ;; + esac +} + + +# func_resolve_sysroot PATH +# Replace a leading = in PATH with a sysroot. Store the result into +# func_resolve_sysroot_result +func_resolve_sysroot () +{ + func_resolve_sysroot_result=$1 + case $func_resolve_sysroot_result in + =*) + func_stripname '=' '' "$func_resolve_sysroot_result" + func_resolve_sysroot_result=$lt_sysroot$func_stripname_result + ;; + esac +} + +# func_replace_sysroot PATH +# If PATH begins with the sysroot, replace it with = and +# store the result into func_replace_sysroot_result. +func_replace_sysroot () +{ + case $lt_sysroot:$1 in + ?*:"$lt_sysroot"*) + func_stripname "$lt_sysroot" '' "$1" + func_replace_sysroot_result='='$func_stripname_result + ;; + *) + # Including no sysroot. + func_replace_sysroot_result=$1 + ;; + esac +} + +# func_infer_tag arg +# Infer tagged configuration to use if any are available and +# if one wasn't chosen via the "--tag" command line option. +# Only attempt this if the compiler in the base compile +# command doesn't match the default compiler. +# arg is usually of the form 'gcc ...' +func_infer_tag () +{ + $debug_cmd + + if test -n "$available_tags" && test -z "$tagname"; then + CC_quoted= + for arg in $CC; do + func_append_quoted CC_quoted "$arg" + done + CC_expanded=`func_echo_all $CC` + CC_quoted_expanded=`func_echo_all $CC_quoted` + case $@ in + # Blanks in the command may have been stripped by the calling shell, + # but not from the CC environment variable when configure was run. + " $CC "* | "$CC "* | " $CC_expanded "* | "$CC_expanded "* | \ + " $CC_quoted"* | "$CC_quoted "* | " $CC_quoted_expanded "* | "$CC_quoted_expanded "*) ;; + # Blanks at the start of $base_compile will cause this to fail + # if we don't check for them as well. + *) + for z in $available_tags; do + if $GREP "^# ### BEGIN LIBTOOL TAG CONFIG: $z$" < "$progpath" > /dev/null; then + # Evaluate the configuration. + eval "`$SED -n -e '/^# ### BEGIN LIBTOOL TAG CONFIG: '$z'$/,/^# ### END LIBTOOL TAG CONFIG: '$z'$/p' < $progpath`" + CC_quoted= + for arg in $CC; do + # Double-quote args containing other shell metacharacters. + func_append_quoted CC_quoted "$arg" + done + CC_expanded=`func_echo_all $CC` + CC_quoted_expanded=`func_echo_all $CC_quoted` + case "$@ " in + " $CC "* | "$CC "* | " $CC_expanded "* | "$CC_expanded "* | \ + " $CC_quoted"* | "$CC_quoted "* | " $CC_quoted_expanded "* | "$CC_quoted_expanded "*) + # The compiler in the base compile command matches + # the one in the tagged configuration. + # Assume this is the tagged configuration we want. + tagname=$z + break + ;; + esac + fi + done + # If $tagname still isn't set, then no tagged configuration + # was found and let the user know that the "--tag" command + # line option must be used. + if test -z "$tagname"; then + func_echo "unable to infer tagged configuration" + func_fatal_error "specify a tag with '--tag'" +# else +# func_verbose "using $tagname tagged configuration" + fi + ;; + esac + fi +} + + + +# func_write_libtool_object output_name pic_name nonpic_name +# Create a libtool object file (analogous to a ".la" file), +# but don't create it if we're doing a dry run. +func_write_libtool_object () +{ + write_libobj=$1 + if test yes = "$build_libtool_libs"; then + write_lobj=\'$2\' + else + write_lobj=none + fi + + if test yes = "$build_old_libs"; then + write_oldobj=\'$3\' + else + write_oldobj=none + fi + + $opt_dry_run || { + cat >${write_libobj}T <<EOF +# $write_libobj - a libtool object file +# Generated by $PROGRAM (GNU $PACKAGE) $VERSION +# +# Please DO NOT delete this file! +# It is necessary for linking the library. + +# Name of the PIC object. +pic_object=$write_lobj + +# Name of the non-PIC object +non_pic_object=$write_oldobj + +EOF + $MV "${write_libobj}T" "$write_libobj" + } +} + + +################################################## +# FILE NAME AND PATH CONVERSION HELPER FUNCTIONS # +################################################## + +# func_convert_core_file_wine_to_w32 ARG +# Helper function used by file name conversion functions when $build is *nix, +# and $host is mingw, cygwin, or some other w32 environment. Relies on a +# correctly configured wine environment available, with the winepath program +# in $build's $PATH. +# +# ARG is the $build file name to be converted to w32 format. +# Result is available in $func_convert_core_file_wine_to_w32_result, and will +# be empty on error (or when ARG is empty) +func_convert_core_file_wine_to_w32 () +{ + $debug_cmd + + func_convert_core_file_wine_to_w32_result=$1 + if test -n "$1"; then + # Unfortunately, winepath does not exit with a non-zero error code, so we + # are forced to check the contents of stdout. On the other hand, if the + # command is not found, the shell will set an exit code of 127 and print + # *an error message* to stdout. So we must check for both error code of + # zero AND non-empty stdout, which explains the odd construction: + func_convert_core_file_wine_to_w32_tmp=`winepath -w "$1" 2>/dev/null` + if test "$?" -eq 0 && test -n "$func_convert_core_file_wine_to_w32_tmp"; then + func_convert_core_file_wine_to_w32_result=`$ECHO "$func_convert_core_file_wine_to_w32_tmp" | + $SED -e "$sed_naive_backslashify"` + else + func_convert_core_file_wine_to_w32_result= + fi + fi +} +# end: func_convert_core_file_wine_to_w32 + + +# func_convert_core_path_wine_to_w32 ARG +# Helper function used by path conversion functions when $build is *nix, and +# $host is mingw, cygwin, or some other w32 environment. Relies on a correctly +# configured wine environment available, with the winepath program in $build's +# $PATH. Assumes ARG has no leading or trailing path separator characters. +# +# ARG is path to be converted from $build format to win32. +# Result is available in $func_convert_core_path_wine_to_w32_result. +# Unconvertible file (directory) names in ARG are skipped; if no directory names +# are convertible, then the result may be empty. +func_convert_core_path_wine_to_w32 () +{ + $debug_cmd + + # unfortunately, winepath doesn't convert paths, only file names + func_convert_core_path_wine_to_w32_result= + if test -n "$1"; then + oldIFS=$IFS + IFS=: + for func_convert_core_path_wine_to_w32_f in $1; do + IFS=$oldIFS + func_convert_core_file_wine_to_w32 "$func_convert_core_path_wine_to_w32_f" + if test -n "$func_convert_core_file_wine_to_w32_result"; then + if test -z "$func_convert_core_path_wine_to_w32_result"; then + func_convert_core_path_wine_to_w32_result=$func_convert_core_file_wine_to_w32_result + else + func_append func_convert_core_path_wine_to_w32_result ";$func_convert_core_file_wine_to_w32_result" + fi + fi + done + IFS=$oldIFS + fi +} +# end: func_convert_core_path_wine_to_w32 + + +# func_cygpath ARGS... +# Wrapper around calling the cygpath program via LT_CYGPATH. This is used when +# when (1) $build is *nix and Cygwin is hosted via a wine environment; or (2) +# $build is MSYS and $host is Cygwin, or (3) $build is Cygwin. In case (1) or +# (2), returns the Cygwin file name or path in func_cygpath_result (input +# file name or path is assumed to be in w32 format, as previously converted +# from $build's *nix or MSYS format). In case (3), returns the w32 file name +# or path in func_cygpath_result (input file name or path is assumed to be in +# Cygwin format). Returns an empty string on error. +# +# ARGS are passed to cygpath, with the last one being the file name or path to +# be converted. +# +# Specify the absolute *nix (or w32) name to cygpath in the LT_CYGPATH +# environment variable; do not put it in $PATH. +func_cygpath () +{ + $debug_cmd + + if test -n "$LT_CYGPATH" && test -f "$LT_CYGPATH"; then + func_cygpath_result=`$LT_CYGPATH "$@" 2>/dev/null` + if test "$?" -ne 0; then + # on failure, ensure result is empty + func_cygpath_result= + fi + else + func_cygpath_result= + func_error "LT_CYGPATH is empty or specifies non-existent file: '$LT_CYGPATH'" + fi +} +#end: func_cygpath + + +# func_convert_core_msys_to_w32 ARG +# Convert file name or path ARG from MSYS format to w32 format. Return +# result in func_convert_core_msys_to_w32_result. +func_convert_core_msys_to_w32 () +{ + $debug_cmd + + # awkward: cmd appends spaces to result + func_convert_core_msys_to_w32_result=`( cmd //c echo "$1" ) 2>/dev/null | + $SED -e 's/[ ]*$//' -e "$sed_naive_backslashify"` +} +#end: func_convert_core_msys_to_w32 + + +# func_convert_file_check ARG1 ARG2 +# Verify that ARG1 (a file name in $build format) was converted to $host +# format in ARG2. Otherwise, emit an error message, but continue (resetting +# func_to_host_file_result to ARG1). +func_convert_file_check () +{ + $debug_cmd + + if test -z "$2" && test -n "$1"; then + func_error "Could not determine host file name corresponding to" + func_error " '$1'" + func_error "Continuing, but uninstalled executables may not work." + # Fallback: + func_to_host_file_result=$1 + fi +} +# end func_convert_file_check + + +# func_convert_path_check FROM_PATHSEP TO_PATHSEP FROM_PATH TO_PATH +# Verify that FROM_PATH (a path in $build format) was converted to $host +# format in TO_PATH. Otherwise, emit an error message, but continue, resetting +# func_to_host_file_result to a simplistic fallback value (see below). +func_convert_path_check () +{ + $debug_cmd + + if test -z "$4" && test -n "$3"; then + func_error "Could not determine the host path corresponding to" + func_error " '$3'" + func_error "Continuing, but uninstalled executables may not work." + # Fallback. This is a deliberately simplistic "conversion" and + # should not be "improved". See libtool.info. + if test "x$1" != "x$2"; then + lt_replace_pathsep_chars="s|$1|$2|g" + func_to_host_path_result=`echo "$3" | + $SED -e "$lt_replace_pathsep_chars"` + else + func_to_host_path_result=$3 + fi + fi +} +# end func_convert_path_check + + +# func_convert_path_front_back_pathsep FRONTPAT BACKPAT REPL ORIG +# Modifies func_to_host_path_result by prepending REPL if ORIG matches FRONTPAT +# and appending REPL if ORIG matches BACKPAT. +func_convert_path_front_back_pathsep () +{ + $debug_cmd + + case $4 in + $1 ) func_to_host_path_result=$3$func_to_host_path_result + ;; + esac + case $4 in + $2 ) func_append func_to_host_path_result "$3" + ;; + esac +} +# end func_convert_path_front_back_pathsep + + +################################################## +# $build to $host FILE NAME CONVERSION FUNCTIONS # +################################################## +# invoked via '$to_host_file_cmd ARG' +# +# In each case, ARG is the path to be converted from $build to $host format. +# Result will be available in $func_to_host_file_result. + + +# func_to_host_file ARG +# Converts the file name ARG from $build format to $host format. Return result +# in func_to_host_file_result. +func_to_host_file () +{ + $debug_cmd + + $to_host_file_cmd "$1" +} +# end func_to_host_file + + +# func_to_tool_file ARG LAZY +# converts the file name ARG from $build format to toolchain format. Return +# result in func_to_tool_file_result. If the conversion in use is listed +# in (the comma separated) LAZY, no conversion takes place. +func_to_tool_file () +{ + $debug_cmd + + case ,$2, in + *,"$to_tool_file_cmd",*) + func_to_tool_file_result=$1 + ;; + *) + $to_tool_file_cmd "$1" + func_to_tool_file_result=$func_to_host_file_result + ;; + esac +} +# end func_to_tool_file + + +# func_convert_file_noop ARG +# Copy ARG to func_to_host_file_result. +func_convert_file_noop () +{ + func_to_host_file_result=$1 +} +# end func_convert_file_noop + + +# func_convert_file_msys_to_w32 ARG +# Convert file name ARG from (mingw) MSYS to (mingw) w32 format; automatic +# conversion to w32 is not available inside the cwrapper. Returns result in +# func_to_host_file_result. +func_convert_file_msys_to_w32 () +{ + $debug_cmd + + func_to_host_file_result=$1 + if test -n "$1"; then + func_convert_core_msys_to_w32 "$1" + func_to_host_file_result=$func_convert_core_msys_to_w32_result + fi + func_convert_file_check "$1" "$func_to_host_file_result" +} +# end func_convert_file_msys_to_w32 + + +# func_convert_file_cygwin_to_w32 ARG +# Convert file name ARG from Cygwin to w32 format. Returns result in +# func_to_host_file_result. +func_convert_file_cygwin_to_w32 () +{ + $debug_cmd + + func_to_host_file_result=$1 + if test -n "$1"; then + # because $build is cygwin, we call "the" cygpath in $PATH; no need to use + # LT_CYGPATH in this case. + func_to_host_file_result=`cygpath -m "$1"` + fi + func_convert_file_check "$1" "$func_to_host_file_result" +} +# end func_convert_file_cygwin_to_w32 + + +# func_convert_file_nix_to_w32 ARG +# Convert file name ARG from *nix to w32 format. Requires a wine environment +# and a working winepath. Returns result in func_to_host_file_result. +func_convert_file_nix_to_w32 () +{ + $debug_cmd + + func_to_host_file_result=$1 + if test -n "$1"; then + func_convert_core_file_wine_to_w32 "$1" + func_to_host_file_result=$func_convert_core_file_wine_to_w32_result + fi + func_convert_file_check "$1" "$func_to_host_file_result" +} +# end func_convert_file_nix_to_w32 + + +# func_convert_file_msys_to_cygwin ARG +# Convert file name ARG from MSYS to Cygwin format. Requires LT_CYGPATH set. +# Returns result in func_to_host_file_result. +func_convert_file_msys_to_cygwin () +{ + $debug_cmd + + func_to_host_file_result=$1 + if test -n "$1"; then + func_convert_core_msys_to_w32 "$1" + func_cygpath -u "$func_convert_core_msys_to_w32_result" + func_to_host_file_result=$func_cygpath_result + fi + func_convert_file_check "$1" "$func_to_host_file_result" +} +# end func_convert_file_msys_to_cygwin + + +# func_convert_file_nix_to_cygwin ARG +# Convert file name ARG from *nix to Cygwin format. Requires Cygwin installed +# in a wine environment, working winepath, and LT_CYGPATH set. Returns result +# in func_to_host_file_result. +func_convert_file_nix_to_cygwin () +{ + $debug_cmd + + func_to_host_file_result=$1 + if test -n "$1"; then + # convert from *nix to w32, then use cygpath to convert from w32 to cygwin. + func_convert_core_file_wine_to_w32 "$1" + func_cygpath -u "$func_convert_core_file_wine_to_w32_result" + func_to_host_file_result=$func_cygpath_result + fi + func_convert_file_check "$1" "$func_to_host_file_result" +} +# end func_convert_file_nix_to_cygwin + + +############################################# +# $build to $host PATH CONVERSION FUNCTIONS # +############################################# +# invoked via '$to_host_path_cmd ARG' +# +# In each case, ARG is the path to be converted from $build to $host format. +# The result will be available in $func_to_host_path_result. +# +# Path separators are also converted from $build format to $host format. If +# ARG begins or ends with a path separator character, it is preserved (but +# converted to $host format) on output. +# +# All path conversion functions are named using the following convention: +# file name conversion function : func_convert_file_X_to_Y () +# path conversion function : func_convert_path_X_to_Y () +# where, for any given $build/$host combination the 'X_to_Y' value is the +# same. If conversion functions are added for new $build/$host combinations, +# the two new functions must follow this pattern, or func_init_to_host_path_cmd +# will break. + + +# func_init_to_host_path_cmd +# Ensures that function "pointer" variable $to_host_path_cmd is set to the +# appropriate value, based on the value of $to_host_file_cmd. +to_host_path_cmd= +func_init_to_host_path_cmd () +{ + $debug_cmd + + if test -z "$to_host_path_cmd"; then + func_stripname 'func_convert_file_' '' "$to_host_file_cmd" + to_host_path_cmd=func_convert_path_$func_stripname_result + fi +} + + +# func_to_host_path ARG +# Converts the path ARG from $build format to $host format. Return result +# in func_to_host_path_result. +func_to_host_path () +{ + $debug_cmd + + func_init_to_host_path_cmd + $to_host_path_cmd "$1" +} +# end func_to_host_path + + +# func_convert_path_noop ARG +# Copy ARG to func_to_host_path_result. +func_convert_path_noop () +{ + func_to_host_path_result=$1 +} +# end func_convert_path_noop + + +# func_convert_path_msys_to_w32 ARG +# Convert path ARG from (mingw) MSYS to (mingw) w32 format; automatic +# conversion to w32 is not available inside the cwrapper. Returns result in +# func_to_host_path_result. +func_convert_path_msys_to_w32 () +{ + $debug_cmd + + func_to_host_path_result=$1 + if test -n "$1"; then + # Remove leading and trailing path separator characters from ARG. MSYS + # behavior is inconsistent here; cygpath turns them into '.;' and ';.'; + # and winepath ignores them completely. + func_stripname : : "$1" + func_to_host_path_tmp1=$func_stripname_result + func_convert_core_msys_to_w32 "$func_to_host_path_tmp1" + func_to_host_path_result=$func_convert_core_msys_to_w32_result + func_convert_path_check : ";" \ + "$func_to_host_path_tmp1" "$func_to_host_path_result" + func_convert_path_front_back_pathsep ":*" "*:" ";" "$1" + fi +} +# end func_convert_path_msys_to_w32 + + +# func_convert_path_cygwin_to_w32 ARG +# Convert path ARG from Cygwin to w32 format. Returns result in +# func_to_host_file_result. +func_convert_path_cygwin_to_w32 () +{ + $debug_cmd + + func_to_host_path_result=$1 + if test -n "$1"; then + # See func_convert_path_msys_to_w32: + func_stripname : : "$1" + func_to_host_path_tmp1=$func_stripname_result + func_to_host_path_result=`cygpath -m -p "$func_to_host_path_tmp1"` + func_convert_path_check : ";" \ + "$func_to_host_path_tmp1" "$func_to_host_path_result" + func_convert_path_front_back_pathsep ":*" "*:" ";" "$1" + fi +} +# end func_convert_path_cygwin_to_w32 + + +# func_convert_path_nix_to_w32 ARG +# Convert path ARG from *nix to w32 format. Requires a wine environment and +# a working winepath. Returns result in func_to_host_file_result. +func_convert_path_nix_to_w32 () +{ + $debug_cmd + + func_to_host_path_result=$1 + if test -n "$1"; then + # See func_convert_path_msys_to_w32: + func_stripname : : "$1" + func_to_host_path_tmp1=$func_stripname_result + func_convert_core_path_wine_to_w32 "$func_to_host_path_tmp1" + func_to_host_path_result=$func_convert_core_path_wine_to_w32_result + func_convert_path_check : ";" \ + "$func_to_host_path_tmp1" "$func_to_host_path_result" + func_convert_path_front_back_pathsep ":*" "*:" ";" "$1" + fi +} +# end func_convert_path_nix_to_w32 + + +# func_convert_path_msys_to_cygwin ARG +# Convert path ARG from MSYS to Cygwin format. Requires LT_CYGPATH set. +# Returns result in func_to_host_file_result. +func_convert_path_msys_to_cygwin () +{ + $debug_cmd + + func_to_host_path_result=$1 + if test -n "$1"; then + # See func_convert_path_msys_to_w32: + func_stripname : : "$1" + func_to_host_path_tmp1=$func_stripname_result + func_convert_core_msys_to_w32 "$func_to_host_path_tmp1" + func_cygpath -u -p "$func_convert_core_msys_to_w32_result" + func_to_host_path_result=$func_cygpath_result + func_convert_path_check : : \ + "$func_to_host_path_tmp1" "$func_to_host_path_result" + func_convert_path_front_back_pathsep ":*" "*:" : "$1" + fi +} +# end func_convert_path_msys_to_cygwin + + +# func_convert_path_nix_to_cygwin ARG +# Convert path ARG from *nix to Cygwin format. Requires Cygwin installed in a +# a wine environment, working winepath, and LT_CYGPATH set. Returns result in +# func_to_host_file_result. +func_convert_path_nix_to_cygwin () +{ + $debug_cmd + + func_to_host_path_result=$1 + if test -n "$1"; then + # Remove leading and trailing path separator characters from + # ARG. msys behavior is inconsistent here, cygpath turns them + # into '.;' and ';.', and winepath ignores them completely. + func_stripname : : "$1" + func_to_host_path_tmp1=$func_stripname_result + func_convert_core_path_wine_to_w32 "$func_to_host_path_tmp1" + func_cygpath -u -p "$func_convert_core_path_wine_to_w32_result" + func_to_host_path_result=$func_cygpath_result + func_convert_path_check : : \ + "$func_to_host_path_tmp1" "$func_to_host_path_result" + func_convert_path_front_back_pathsep ":*" "*:" : "$1" + fi +} +# end func_convert_path_nix_to_cygwin + + +# func_dll_def_p FILE +# True iff FILE is a Windows DLL '.def' file. +# Keep in sync with _LT_DLL_DEF_P in libtool.m4 +func_dll_def_p () +{ + $debug_cmd + + func_dll_def_p_tmp=`$SED -n \ + -e 's/^[ ]*//' \ + -e '/^\(;.*\)*$/d' \ + -e 's/^\(EXPORTS\|LIBRARY\)\([ ].*\)*$/DEF/p' \ + -e q \ + "$1"` + test DEF = "$func_dll_def_p_tmp" +} + + +# func_mode_compile arg... +func_mode_compile () +{ + $debug_cmd + + # Get the compilation command and the source file. + base_compile= + srcfile=$nonopt # always keep a non-empty value in "srcfile" + suppress_opt=yes + suppress_output= + arg_mode=normal + libobj= + later= + pie_flag= + + for arg + do + case $arg_mode in + arg ) + # do not "continue". Instead, add this to base_compile + lastarg=$arg + arg_mode=normal + ;; + + target ) + libobj=$arg + arg_mode=normal + continue + ;; + + normal ) + # Accept any command-line options. + case $arg in + -o) + test -n "$libobj" && \ + func_fatal_error "you cannot specify '-o' more than once" + arg_mode=target + continue + ;; + + -pie | -fpie | -fPIE) + func_append pie_flag " $arg" + continue + ;; + + -shared | -static | -prefer-pic | -prefer-non-pic) + func_append later " $arg" + continue + ;; + + -no-suppress) + suppress_opt=no + continue + ;; + + -Xcompiler) + arg_mode=arg # the next one goes into the "base_compile" arg list + continue # The current "srcfile" will either be retained or + ;; # replaced later. I would guess that would be a bug. + + -Wc,*) + func_stripname '-Wc,' '' "$arg" + args=$func_stripname_result + lastarg= + save_ifs=$IFS; IFS=, + for arg in $args; do + IFS=$save_ifs + func_append_quoted lastarg "$arg" + done + IFS=$save_ifs + func_stripname ' ' '' "$lastarg" + lastarg=$func_stripname_result + + # Add the arguments to base_compile. + func_append base_compile " $lastarg" + continue + ;; + + *) + # Accept the current argument as the source file. + # The previous "srcfile" becomes the current argument. + # + lastarg=$srcfile + srcfile=$arg + ;; + esac # case $arg + ;; + esac # case $arg_mode + + # Aesthetically quote the previous argument. + func_append_quoted base_compile "$lastarg" + done # for arg + + case $arg_mode in + arg) + func_fatal_error "you must specify an argument for -Xcompile" + ;; + target) + func_fatal_error "you must specify a target with '-o'" + ;; + *) + # Get the name of the library object. + test -z "$libobj" && { + func_basename "$srcfile" + libobj=$func_basename_result + } + ;; + esac + + # Recognize several different file suffixes. + # If the user specifies -o file.o, it is replaced with file.lo + case $libobj in + *.[cCFSifmso] | \ + *.ada | *.adb | *.ads | *.asm | \ + *.c++ | *.cc | *.ii | *.class | *.cpp | *.cxx | \ + *.[fF][09]? | *.for | *.java | *.go | *.obj | *.sx | *.cu | *.cup) + func_xform "$libobj" + libobj=$func_xform_result + ;; + esac + + case $libobj in + *.lo) func_lo2o "$libobj"; obj=$func_lo2o_result ;; + *) + func_fatal_error "cannot determine name of library object from '$libobj'" + ;; + esac + + func_infer_tag $base_compile + + for arg in $later; do + case $arg in + -shared) + test yes = "$build_libtool_libs" \ + || func_fatal_configuration "cannot build a shared library" + build_old_libs=no + continue + ;; + + -static) + build_libtool_libs=no + build_old_libs=yes + continue + ;; + + -prefer-pic) + pic_mode=yes + continue + ;; + + -prefer-non-pic) + pic_mode=no + continue + ;; + esac + done + + func_quote_for_eval "$libobj" + test "X$libobj" != "X$func_quote_for_eval_result" \ + && $ECHO "X$libobj" | $GREP '[]~#^*{};<>?"'"'"' &()|`$[]' \ + && func_warning "libobj name '$libobj' may not contain shell special characters." + func_dirname_and_basename "$obj" "/" "" + objname=$func_basename_result + xdir=$func_dirname_result + lobj=$xdir$objdir/$objname + + test -z "$base_compile" && \ + func_fatal_help "you must specify a compilation command" + + # Delete any leftover library objects. + if test yes = "$build_old_libs"; then + removelist="$obj $lobj $libobj ${libobj}T" + else + removelist="$lobj $libobj ${libobj}T" + fi + + # On Cygwin there's no "real" PIC flag so we must build both object types + case $host_os in + cygwin* | mingw* | pw32* | os2* | cegcc*) + pic_mode=default + ;; + esac + if test no = "$pic_mode" && test pass_all != "$deplibs_check_method"; then + # non-PIC code in shared libraries is not supported + pic_mode=default + fi + + # Calculate the filename of the output object if compiler does + # not support -o with -c + if test no = "$compiler_c_o"; then + output_obj=`$ECHO "$srcfile" | $SED 's%^.*/%%; s%\.[^.]*$%%'`.$objext + lockfile=$output_obj.lock + else + output_obj= + need_locks=no + lockfile= + fi + + # Lock this critical section if it is needed + # We use this script file to make the link, it avoids creating a new file + if test yes = "$need_locks"; then + until $opt_dry_run || ln "$progpath" "$lockfile" 2>/dev/null; do + func_echo "Waiting for $lockfile to be removed" + sleep 2 + done + elif test warn = "$need_locks"; then + if test -f "$lockfile"; then + $ECHO "\ +*** ERROR, $lockfile exists and contains: +`cat $lockfile 2>/dev/null` + +This indicates that another process is trying to use the same +temporary object file, and libtool could not work around it because +your compiler does not support '-c' and '-o' together. If you +repeat this compilation, it may succeed, by chance, but you had better +avoid parallel builds (make -j) in this platform, or get a better +compiler." + + $opt_dry_run || $RM $removelist + exit $EXIT_FAILURE + fi + func_append removelist " $output_obj" + $ECHO "$srcfile" > "$lockfile" + fi + + $opt_dry_run || $RM $removelist + func_append removelist " $lockfile" + trap '$opt_dry_run || $RM $removelist; exit $EXIT_FAILURE' 1 2 15 + + func_to_tool_file "$srcfile" func_convert_file_msys_to_w32 + srcfile=$func_to_tool_file_result + func_quote_for_eval "$srcfile" + qsrcfile=$func_quote_for_eval_result + + # Only build a PIC object if we are building libtool libraries. + if test yes = "$build_libtool_libs"; then + # Without this assignment, base_compile gets emptied. + fbsd_hideous_sh_bug=$base_compile + + if test no != "$pic_mode"; then + command="$base_compile $qsrcfile $pic_flag" + else + # Don't build PIC code + command="$base_compile $qsrcfile" + fi + + func_mkdir_p "$xdir$objdir" + + if test -z "$output_obj"; then + # Place PIC objects in $objdir + func_append command " -o $lobj" + fi + + func_show_eval_locale "$command" \ + 'test -n "$output_obj" && $RM $removelist; exit $EXIT_FAILURE' + + if test warn = "$need_locks" && + test "X`cat $lockfile 2>/dev/null`" != "X$srcfile"; then + $ECHO "\ +*** ERROR, $lockfile contains: +`cat $lockfile 2>/dev/null` + +but it should contain: +$srcfile + +This indicates that another process is trying to use the same +temporary object file, and libtool could not work around it because +your compiler does not support '-c' and '-o' together. If you +repeat this compilation, it may succeed, by chance, but you had better +avoid parallel builds (make -j) in this platform, or get a better +compiler." + + $opt_dry_run || $RM $removelist + exit $EXIT_FAILURE + fi + + # Just move the object if needed, then go on to compile the next one + if test -n "$output_obj" && test "X$output_obj" != "X$lobj"; then + func_show_eval '$MV "$output_obj" "$lobj"' \ + 'error=$?; $opt_dry_run || $RM $removelist; exit $error' + fi + + # Allow error messages only from the first compilation. + if test yes = "$suppress_opt"; then + suppress_output=' >/dev/null 2>&1' + fi + fi + + # Only build a position-dependent object if we build old libraries. + if test yes = "$build_old_libs"; then + if test yes != "$pic_mode"; then + # Don't build PIC code + command="$base_compile $qsrcfile$pie_flag" + else + command="$base_compile $qsrcfile $pic_flag" + fi + if test yes = "$compiler_c_o"; then + func_append command " -o $obj" + fi + + # Suppress compiler output if we already did a PIC compilation. + func_append command "$suppress_output" + func_show_eval_locale "$command" \ + '$opt_dry_run || $RM $removelist; exit $EXIT_FAILURE' + + if test warn = "$need_locks" && + test "X`cat $lockfile 2>/dev/null`" != "X$srcfile"; then + $ECHO "\ +*** ERROR, $lockfile contains: +`cat $lockfile 2>/dev/null` + +but it should contain: +$srcfile + +This indicates that another process is trying to use the same +temporary object file, and libtool could not work around it because +your compiler does not support '-c' and '-o' together. If you +repeat this compilation, it may succeed, by chance, but you had better +avoid parallel builds (make -j) in this platform, or get a better +compiler." + + $opt_dry_run || $RM $removelist + exit $EXIT_FAILURE + fi + + # Just move the object if needed + if test -n "$output_obj" && test "X$output_obj" != "X$obj"; then + func_show_eval '$MV "$output_obj" "$obj"' \ + 'error=$?; $opt_dry_run || $RM $removelist; exit $error' + fi + fi + + $opt_dry_run || { + func_write_libtool_object "$libobj" "$objdir/$objname" "$objname" + + # Unlock the critical section if it was locked + if test no != "$need_locks"; then + removelist=$lockfile + $RM "$lockfile" + fi + } + + exit $EXIT_SUCCESS +} + +$opt_help || { + test compile = "$opt_mode" && func_mode_compile ${1+"$@"} +} + +func_mode_help () +{ + # We need to display help for each of the modes. + case $opt_mode in + "") + # Generic help is extracted from the usage comments + # at the start of this file. + func_help + ;; + + clean) + $ECHO \ +"Usage: $progname [OPTION]... --mode=clean RM [RM-OPTION]... FILE... + +Remove files from the build directory. + +RM is the name of the program to use to delete files associated with each FILE +(typically '/bin/rm'). RM-OPTIONS are options (such as '-f') to be passed +to RM. + +If FILE is a libtool library, object or program, all the files associated +with it are deleted. Otherwise, only FILE itself is deleted using RM." + ;; + + compile) + $ECHO \ +"Usage: $progname [OPTION]... --mode=compile COMPILE-COMMAND... SOURCEFILE + +Compile a source file into a libtool library object. + +This mode accepts the following additional options: + + -o OUTPUT-FILE set the output file name to OUTPUT-FILE + -no-suppress do not suppress compiler output for multiple passes + -prefer-pic try to build PIC objects only + -prefer-non-pic try to build non-PIC objects only + -shared do not build a '.o' file suitable for static linking + -static only build a '.o' file suitable for static linking + -Wc,FLAG pass FLAG directly to the compiler + +COMPILE-COMMAND is a command to be used in creating a 'standard' object file +from the given SOURCEFILE. + +The output file name is determined by removing the directory component from +SOURCEFILE, then substituting the C source code suffix '.c' with the +library object suffix, '.lo'." + ;; + + execute) + $ECHO \ +"Usage: $progname [OPTION]... --mode=execute COMMAND [ARGS]... + +Automatically set library path, then run a program. + +This mode accepts the following additional options: + + -dlopen FILE add the directory containing FILE to the library path + +This mode sets the library path environment variable according to '-dlopen' +flags. + +If any of the ARGS are libtool executable wrappers, then they are translated +into their corresponding uninstalled binary, and any of their required library +directories are added to the library path. + +Then, COMMAND is executed, with ARGS as arguments." + ;; + + finish) + $ECHO \ +"Usage: $progname [OPTION]... --mode=finish [LIBDIR]... + +Complete the installation of libtool libraries. + +Each LIBDIR is a directory that contains libtool libraries. + +The commands that this mode executes may require superuser privileges. Use +the '--dry-run' option if you just want to see what would be executed." + ;; + + install) + $ECHO \ +"Usage: $progname [OPTION]... --mode=install INSTALL-COMMAND... + +Install executables or libraries. + +INSTALL-COMMAND is the installation command. The first component should be +either the 'install' or 'cp' program. + +The following components of INSTALL-COMMAND are treated specially: + + -inst-prefix-dir PREFIX-DIR Use PREFIX-DIR as a staging area for installation + +The rest of the components are interpreted as arguments to that command (only +BSD-compatible install options are recognized)." + ;; + + link) + $ECHO \ +"Usage: $progname [OPTION]... --mode=link LINK-COMMAND... + +Link object files or libraries together to form another library, or to +create an executable program. + +LINK-COMMAND is a command using the C compiler that you would use to create +a program from several object files. + +The following components of LINK-COMMAND are treated specially: + + -all-static do not do any dynamic linking at all + -avoid-version do not add a version suffix if possible + -bindir BINDIR specify path to binaries directory (for systems where + libraries must be found in the PATH setting at runtime) + -dlopen FILE '-dlpreopen' FILE if it cannot be dlopened at runtime + -dlpreopen FILE link in FILE and add its symbols to lt_preloaded_symbols + -export-dynamic allow symbols from OUTPUT-FILE to be resolved with dlsym(3) + -export-symbols SYMFILE + try to export only the symbols listed in SYMFILE + -export-symbols-regex REGEX + try to export only the symbols matching REGEX + -LLIBDIR search LIBDIR for required installed libraries + -lNAME OUTPUT-FILE requires the installed library libNAME + -module build a library that can dlopened + -no-fast-install disable the fast-install mode + -no-install link a not-installable executable + -no-undefined declare that a library does not refer to external symbols + -o OUTPUT-FILE create OUTPUT-FILE from the specified objects + -objectlist FILE use a list of object files found in FILE to specify objects + -os2dllname NAME force a short DLL name on OS/2 (no effect on other OSes) + -precious-files-regex REGEX + don't remove output files matching REGEX + -release RELEASE specify package release information + -rpath LIBDIR the created library will eventually be installed in LIBDIR + -R[ ]LIBDIR add LIBDIR to the runtime path of programs and libraries + -shared only do dynamic linking of libtool libraries + -shrext SUFFIX override the standard shared library file extension + -static do not do any dynamic linking of uninstalled libtool libraries + -static-libtool-libs + do not do any dynamic linking of libtool libraries + -version-info CURRENT[:REVISION[:AGE]] + specify library version info [each variable defaults to 0] + -weak LIBNAME declare that the target provides the LIBNAME interface + -Wc,FLAG + -Xcompiler FLAG pass linker-specific FLAG directly to the compiler + -Wl,FLAG + -Xlinker FLAG pass linker-specific FLAG directly to the linker + -XCClinker FLAG pass link-specific FLAG to the compiler driver (CC) + +All other options (arguments beginning with '-') are ignored. + +Every other argument is treated as a filename. Files ending in '.la' are +treated as uninstalled libtool libraries, other files are standard or library +object files. + +If the OUTPUT-FILE ends in '.la', then a libtool library is created, +only library objects ('.lo' files) may be specified, and '-rpath' is +required, except when creating a convenience library. + +If OUTPUT-FILE ends in '.a' or '.lib', then a standard library is created +using 'ar' and 'ranlib', or on Windows using 'lib'. + +If OUTPUT-FILE ends in '.lo' or '.$objext', then a reloadable object file +is created, otherwise an executable program is created." + ;; + + uninstall) + $ECHO \ +"Usage: $progname [OPTION]... --mode=uninstall RM [RM-OPTION]... FILE... + +Remove libraries from an installation directory. + +RM is the name of the program to use to delete files associated with each FILE +(typically '/bin/rm'). RM-OPTIONS are options (such as '-f') to be passed +to RM. + +If FILE is a libtool library, all the files associated with it are deleted. +Otherwise, only FILE itself is deleted using RM." + ;; + + *) + func_fatal_help "invalid operation mode '$opt_mode'" + ;; + esac + + echo + $ECHO "Try '$progname --help' for more information about other modes." +} + +# Now that we've collected a possible --mode arg, show help if necessary +if $opt_help; then + if test : = "$opt_help"; then + func_mode_help + else + { + func_help noexit + for opt_mode in compile link execute install finish uninstall clean; do + func_mode_help + done + } | $SED -n '1p; 2,$s/^Usage:/ or: /p' + { + func_help noexit + for opt_mode in compile link execute install finish uninstall clean; do + echo + func_mode_help + done + } | + $SED '1d + /^When reporting/,/^Report/{ + H + d + } + $x + /information about other modes/d + /more detailed .*MODE/d + s/^Usage:.*--mode=\([^ ]*\) .*/Description of \1 mode:/' + fi + exit $? +fi + + +# func_mode_execute arg... +func_mode_execute () +{ + $debug_cmd + + # The first argument is the command name. + cmd=$nonopt + test -z "$cmd" && \ + func_fatal_help "you must specify a COMMAND" + + # Handle -dlopen flags immediately. + for file in $opt_dlopen; do + test -f "$file" \ + || func_fatal_help "'$file' is not a file" + + dir= + case $file in + *.la) + func_resolve_sysroot "$file" + file=$func_resolve_sysroot_result + + # Check to see that this really is a libtool archive. + func_lalib_unsafe_p "$file" \ + || func_fatal_help "'$lib' is not a valid libtool archive" + + # Read the libtool library. + dlname= + library_names= + func_source "$file" + + # Skip this library if it cannot be dlopened. + if test -z "$dlname"; then + # Warn if it was a shared library. + test -n "$library_names" && \ + func_warning "'$file' was not linked with '-export-dynamic'" + continue + fi + + func_dirname "$file" "" "." + dir=$func_dirname_result + + if test -f "$dir/$objdir/$dlname"; then + func_append dir "/$objdir" + else + if test ! -f "$dir/$dlname"; then + func_fatal_error "cannot find '$dlname' in '$dir' or '$dir/$objdir'" + fi + fi + ;; + + *.lo) + # Just add the directory containing the .lo file. + func_dirname "$file" "" "." + dir=$func_dirname_result + ;; + + *) + func_warning "'-dlopen' is ignored for non-libtool libraries and objects" + continue + ;; + esac + + # Get the absolute pathname. + absdir=`cd "$dir" && pwd` + test -n "$absdir" && dir=$absdir + + # Now add the directory to shlibpath_var. + if eval "test -z \"\$$shlibpath_var\""; then + eval "$shlibpath_var=\"\$dir\"" + else + eval "$shlibpath_var=\"\$dir:\$$shlibpath_var\"" + fi + done + + # This variable tells wrapper scripts just to set shlibpath_var + # rather than running their programs. + libtool_execute_magic=$magic + + # Check if any of the arguments is a wrapper script. + args= + for file + do + case $file in + -* | *.la | *.lo ) ;; + *) + # Do a test to see if this is really a libtool program. + if func_ltwrapper_script_p "$file"; then + func_source "$file" + # Transform arg to wrapped name. + file=$progdir/$program + elif func_ltwrapper_executable_p "$file"; then + func_ltwrapper_scriptname "$file" + func_source "$func_ltwrapper_scriptname_result" + # Transform arg to wrapped name. + file=$progdir/$program + fi + ;; + esac + # Quote arguments (to preserve shell metacharacters). + func_append_quoted args "$file" + done + + if $opt_dry_run; then + # Display what would be done. + if test -n "$shlibpath_var"; then + eval "\$ECHO \"\$shlibpath_var=\$$shlibpath_var\"" + echo "export $shlibpath_var" + fi + $ECHO "$cmd$args" + exit $EXIT_SUCCESS + else + if test -n "$shlibpath_var"; then + # Export the shlibpath_var. + eval "export $shlibpath_var" + fi + + # Restore saved environment variables + for lt_var in LANG LANGUAGE LC_ALL LC_CTYPE LC_COLLATE LC_MESSAGES + do + eval "if test \"\${save_$lt_var+set}\" = set; then + $lt_var=\$save_$lt_var; export $lt_var + else + $lt_unset $lt_var + fi" + done + + # Now prepare to actually exec the command. + exec_cmd=\$cmd$args + fi +} + +test execute = "$opt_mode" && func_mode_execute ${1+"$@"} + + +# func_mode_finish arg... +func_mode_finish () +{ + $debug_cmd + + libs= + libdirs= + admincmds= + + for opt in "$nonopt" ${1+"$@"} + do + if test -d "$opt"; then + func_append libdirs " $opt" + + elif test -f "$opt"; then + if func_lalib_unsafe_p "$opt"; then + func_append libs " $opt" + else + func_warning "'$opt' is not a valid libtool archive" + fi + + else + func_fatal_error "invalid argument '$opt'" + fi + done + + if test -n "$libs"; then + if test -n "$lt_sysroot"; then + sysroot_regex=`$ECHO "$lt_sysroot" | $SED "$sed_make_literal_regex"` + sysroot_cmd="s/\([ ']\)$sysroot_regex/\1/g;" + else + sysroot_cmd= + fi + + # Remove sysroot references + if $opt_dry_run; then + for lib in $libs; do + echo "removing references to $lt_sysroot and '=' prefixes from $lib" + done + else + tmpdir=`func_mktempdir` + for lib in $libs; do + $SED -e "$sysroot_cmd s/\([ ']-[LR]\)=/\1/g; s/\([ ']\)=/\1/g" $lib \ + > $tmpdir/tmp-la + mv -f $tmpdir/tmp-la $lib + done + ${RM}r "$tmpdir" + fi + fi + + if test -n "$finish_cmds$finish_eval" && test -n "$libdirs"; then + for libdir in $libdirs; do + if test -n "$finish_cmds"; then + # Do each command in the finish commands. + func_execute_cmds "$finish_cmds" 'admincmds="$admincmds +'"$cmd"'"' + fi + if test -n "$finish_eval"; then + # Do the single finish_eval. + eval cmds=\"$finish_eval\" + $opt_dry_run || eval "$cmds" || func_append admincmds " + $cmds" + fi + done + fi + + # Exit here if they wanted silent mode. + $opt_quiet && exit $EXIT_SUCCESS + + if test -n "$finish_cmds$finish_eval" && test -n "$libdirs"; then + echo "----------------------------------------------------------------------" + echo "Libraries have been installed in:" + for libdir in $libdirs; do + $ECHO " $libdir" + done + echo + echo "If you ever happen to want to link against installed libraries" + echo "in a given directory, LIBDIR, you must either use libtool, and" + echo "specify the full pathname of the library, or use the '-LLIBDIR'" + echo "flag during linking and do at least one of the following:" + if test -n "$shlibpath_var"; then + echo " - add LIBDIR to the '$shlibpath_var' environment variable" + echo " during execution" + fi + if test -n "$runpath_var"; then + echo " - add LIBDIR to the '$runpath_var' environment variable" + echo " during linking" + fi + if test -n "$hardcode_libdir_flag_spec"; then + libdir=LIBDIR + eval flag=\"$hardcode_libdir_flag_spec\" + + $ECHO " - use the '$flag' linker flag" + fi + if test -n "$admincmds"; then + $ECHO " - have your system administrator run these commands:$admincmds" + fi + if test -f /etc/ld.so.conf; then + echo " - have your system administrator add LIBDIR to '/etc/ld.so.conf'" + fi + echo + + echo "See any operating system documentation about shared libraries for" + case $host in + solaris2.[6789]|solaris2.1[0-9]) + echo "more information, such as the ld(1), crle(1) and ld.so(8) manual" + echo "pages." + ;; + *) + echo "more information, such as the ld(1) and ld.so(8) manual pages." + ;; + esac + echo "----------------------------------------------------------------------" + fi + exit $EXIT_SUCCESS +} + +test finish = "$opt_mode" && func_mode_finish ${1+"$@"} + + +# func_mode_install arg... +func_mode_install () +{ + $debug_cmd + + # There may be an optional sh(1) argument at the beginning of + # install_prog (especially on Windows NT). + if test "$SHELL" = "$nonopt" || test /bin/sh = "$nonopt" || + # Allow the use of GNU shtool's install command. + case $nonopt in *shtool*) :;; *) false;; esac + then + # Aesthetically quote it. + func_quote_for_eval "$nonopt" + install_prog="$func_quote_for_eval_result " + arg=$1 + shift + else + install_prog= + arg=$nonopt + fi + + # The real first argument should be the name of the installation program. + # Aesthetically quote it. + func_quote_for_eval "$arg" + func_append install_prog "$func_quote_for_eval_result" + install_shared_prog=$install_prog + case " $install_prog " in + *[\\\ /]cp\ *) install_cp=: ;; + *) install_cp=false ;; + esac + + # We need to accept at least all the BSD install flags. + dest= + files= + opts= + prev= + install_type= + isdir=false + stripme= + no_mode=: + for arg + do + arg2= + if test -n "$dest"; then + func_append files " $dest" + dest=$arg + continue + fi + + case $arg in + -d) isdir=: ;; + -f) + if $install_cp; then :; else + prev=$arg + fi + ;; + -g | -m | -o) + prev=$arg + ;; + -s) + stripme=" -s" + continue + ;; + -*) + ;; + *) + # If the previous option needed an argument, then skip it. + if test -n "$prev"; then + if test X-m = "X$prev" && test -n "$install_override_mode"; then + arg2=$install_override_mode + no_mode=false + fi + prev= + else + dest=$arg + continue + fi + ;; + esac + + # Aesthetically quote the argument. + func_quote_for_eval "$arg" + func_append install_prog " $func_quote_for_eval_result" + if test -n "$arg2"; then + func_quote_for_eval "$arg2" + fi + func_append install_shared_prog " $func_quote_for_eval_result" + done + + test -z "$install_prog" && \ + func_fatal_help "you must specify an install program" + + test -n "$prev" && \ + func_fatal_help "the '$prev' option requires an argument" + + if test -n "$install_override_mode" && $no_mode; then + if $install_cp; then :; else + func_quote_for_eval "$install_override_mode" + func_append install_shared_prog " -m $func_quote_for_eval_result" + fi + fi + + if test -z "$files"; then + if test -z "$dest"; then + func_fatal_help "no file or destination specified" + else + func_fatal_help "you must specify a destination" + fi + fi + + # Strip any trailing slash from the destination. + func_stripname '' '/' "$dest" + dest=$func_stripname_result + + # Check to see that the destination is a directory. + test -d "$dest" && isdir=: + if $isdir; then + destdir=$dest + destname= + else + func_dirname_and_basename "$dest" "" "." + destdir=$func_dirname_result + destname=$func_basename_result + + # Not a directory, so check to see that there is only one file specified. + set dummy $files; shift + test "$#" -gt 1 && \ + func_fatal_help "'$dest' is not a directory" + fi + case $destdir in + [\\/]* | [A-Za-z]:[\\/]*) ;; + *) + for file in $files; do + case $file in + *.lo) ;; + *) + func_fatal_help "'$destdir' must be an absolute directory name" + ;; + esac + done + ;; + esac + + # This variable tells wrapper scripts just to set variables rather + # than running their programs. + libtool_install_magic=$magic + + staticlibs= + future_libdirs= + current_libdirs= + for file in $files; do + + # Do each installation. + case $file in + *.$libext) + # Do the static libraries later. + func_append staticlibs " $file" + ;; + + *.la) + func_resolve_sysroot "$file" + file=$func_resolve_sysroot_result + + # Check to see that this really is a libtool archive. + func_lalib_unsafe_p "$file" \ + || func_fatal_help "'$file' is not a valid libtool archive" + + library_names= + old_library= + relink_command= + func_source "$file" + + # Add the libdir to current_libdirs if it is the destination. + if test "X$destdir" = "X$libdir"; then + case "$current_libdirs " in + *" $libdir "*) ;; + *) func_append current_libdirs " $libdir" ;; + esac + else + # Note the libdir as a future libdir. + case "$future_libdirs " in + *" $libdir "*) ;; + *) func_append future_libdirs " $libdir" ;; + esac + fi + + func_dirname "$file" "/" "" + dir=$func_dirname_result + func_append dir "$objdir" + + if test -n "$relink_command"; then + # Determine the prefix the user has applied to our future dir. + inst_prefix_dir=`$ECHO "$destdir" | $SED -e "s%$libdir\$%%"` + + # Don't allow the user to place us outside of our expected + # location b/c this prevents finding dependent libraries that + # are installed to the same prefix. + # At present, this check doesn't affect windows .dll's that + # are installed into $libdir/../bin (currently, that works fine) + # but it's something to keep an eye on. + test "$inst_prefix_dir" = "$destdir" && \ + func_fatal_error "error: cannot install '$file' to a directory not ending in $libdir" + + if test -n "$inst_prefix_dir"; then + # Stick the inst_prefix_dir data into the link command. + relink_command=`$ECHO "$relink_command" | $SED "s%@inst_prefix_dir@%-inst-prefix-dir $inst_prefix_dir%"` + else + relink_command=`$ECHO "$relink_command" | $SED "s%@inst_prefix_dir@%%"` + fi + + func_warning "relinking '$file'" + func_show_eval "$relink_command" \ + 'func_fatal_error "error: relink '\''$file'\'' with the above command before installing it"' + fi + + # See the names of the shared library. + set dummy $library_names; shift + if test -n "$1"; then + realname=$1 + shift + + srcname=$realname + test -n "$relink_command" && srcname=${realname}T + + # Install the shared library and build the symlinks. + func_show_eval "$install_shared_prog $dir/$srcname $destdir/$realname" \ + 'exit $?' + tstripme=$stripme + case $host_os in + cygwin* | mingw* | pw32* | cegcc*) + case $realname in + *.dll.a) + tstripme= + ;; + esac + ;; + os2*) + case $realname in + *_dll.a) + tstripme= + ;; + esac + ;; + esac + if test -n "$tstripme" && test -n "$striplib"; then + func_show_eval "$striplib $destdir/$realname" 'exit $?' + fi + + if test "$#" -gt 0; then + # Delete the old symlinks, and create new ones. + # Try 'ln -sf' first, because the 'ln' binary might depend on + # the symlink we replace! Solaris /bin/ln does not understand -f, + # so we also need to try rm && ln -s. + for linkname + do + test "$linkname" != "$realname" \ + && func_show_eval "(cd $destdir && { $LN_S -f $realname $linkname || { $RM $linkname && $LN_S $realname $linkname; }; })" + done + fi + + # Do each command in the postinstall commands. + lib=$destdir/$realname + func_execute_cmds "$postinstall_cmds" 'exit $?' + fi + + # Install the pseudo-library for information purposes. + func_basename "$file" + name=$func_basename_result + instname=$dir/${name}i + func_show_eval "$install_prog $instname $destdir/$name" 'exit $?' + + # Maybe install the static library, too. + test -n "$old_library" && func_append staticlibs " $dir/$old_library" + ;; + + *.lo) + # Install (i.e. copy) a libtool object. + + # Figure out destination file name, if it wasn't already specified. + if test -n "$destname"; then + destfile=$destdir/$destname + else + func_basename "$file" + destfile=$func_basename_result + destfile=$destdir/$destfile + fi + + # Deduce the name of the destination old-style object file. + case $destfile in + *.lo) + func_lo2o "$destfile" + staticdest=$func_lo2o_result + ;; + *.$objext) + staticdest=$destfile + destfile= + ;; + *) + func_fatal_help "cannot copy a libtool object to '$destfile'" + ;; + esac + + # Install the libtool object if requested. + test -n "$destfile" && \ + func_show_eval "$install_prog $file $destfile" 'exit $?' + + # Install the old object if enabled. + if test yes = "$build_old_libs"; then + # Deduce the name of the old-style object file. + func_lo2o "$file" + staticobj=$func_lo2o_result + func_show_eval "$install_prog \$staticobj \$staticdest" 'exit $?' + fi + exit $EXIT_SUCCESS + ;; + + *) + # Figure out destination file name, if it wasn't already specified. + if test -n "$destname"; then + destfile=$destdir/$destname + else + func_basename "$file" + destfile=$func_basename_result + destfile=$destdir/$destfile + fi + + # If the file is missing, and there is a .exe on the end, strip it + # because it is most likely a libtool script we actually want to + # install + stripped_ext= + case $file in + *.exe) + if test ! -f "$file"; then + func_stripname '' '.exe' "$file" + file=$func_stripname_result + stripped_ext=.exe + fi + ;; + esac + + # Do a test to see if this is really a libtool program. + case $host in + *cygwin* | *mingw*) + if func_ltwrapper_executable_p "$file"; then + func_ltwrapper_scriptname "$file" + wrapper=$func_ltwrapper_scriptname_result + else + func_stripname '' '.exe' "$file" + wrapper=$func_stripname_result + fi + ;; + *) + wrapper=$file + ;; + esac + if func_ltwrapper_script_p "$wrapper"; then + notinst_deplibs= + relink_command= + + func_source "$wrapper" + + # Check the variables that should have been set. + test -z "$generated_by_libtool_version" && \ + func_fatal_error "invalid libtool wrapper script '$wrapper'" + + finalize=: + for lib in $notinst_deplibs; do + # Check to see that each library is installed. + libdir= + if test -f "$lib"; then + func_source "$lib" + fi + libfile=$libdir/`$ECHO "$lib" | $SED 's%^.*/%%g'` + if test -n "$libdir" && test ! -f "$libfile"; then + func_warning "'$lib' has not been installed in '$libdir'" + finalize=false + fi + done + + relink_command= + func_source "$wrapper" + + outputname= + if test no = "$fast_install" && test -n "$relink_command"; then + $opt_dry_run || { + if $finalize; then + tmpdir=`func_mktempdir` + func_basename "$file$stripped_ext" + file=$func_basename_result + outputname=$tmpdir/$file + # Replace the output file specification. + relink_command=`$ECHO "$relink_command" | $SED 's%@OUTPUT@%'"$outputname"'%g'` + + $opt_quiet || { + func_quote_for_expand "$relink_command" + eval "func_echo $func_quote_for_expand_result" + } + if eval "$relink_command"; then : + else + func_error "error: relink '$file' with the above command before installing it" + $opt_dry_run || ${RM}r "$tmpdir" + continue + fi + file=$outputname + else + func_warning "cannot relink '$file'" + fi + } + else + # Install the binary that we compiled earlier. + file=`$ECHO "$file$stripped_ext" | $SED "s%\([^/]*\)$%$objdir/\1%"` + fi + fi + + # remove .exe since cygwin /usr/bin/install will append another + # one anyway + case $install_prog,$host in + */usr/bin/install*,*cygwin*) + case $file:$destfile in + *.exe:*.exe) + # this is ok + ;; + *.exe:*) + destfile=$destfile.exe + ;; + *:*.exe) + func_stripname '' '.exe' "$destfile" + destfile=$func_stripname_result + ;; + esac + ;; + esac + func_show_eval "$install_prog\$stripme \$file \$destfile" 'exit $?' + $opt_dry_run || if test -n "$outputname"; then + ${RM}r "$tmpdir" + fi + ;; + esac + done + + for file in $staticlibs; do + func_basename "$file" + name=$func_basename_result + + # Set up the ranlib parameters. + oldlib=$destdir/$name + func_to_tool_file "$oldlib" func_convert_file_msys_to_w32 + tool_oldlib=$func_to_tool_file_result + + func_show_eval "$install_prog \$file \$oldlib" 'exit $?' + + if test -n "$stripme" && test -n "$old_striplib"; then + func_show_eval "$old_striplib $tool_oldlib" 'exit $?' + fi + + # Do each command in the postinstall commands. + func_execute_cmds "$old_postinstall_cmds" 'exit $?' + done + + test -n "$future_libdirs" && \ + func_warning "remember to run '$progname --finish$future_libdirs'" + + if test -n "$current_libdirs"; then + # Maybe just do a dry run. + $opt_dry_run && current_libdirs=" -n$current_libdirs" + exec_cmd='$SHELL "$progpath" $preserve_args --finish$current_libdirs' + else + exit $EXIT_SUCCESS + fi +} + +test install = "$opt_mode" && func_mode_install ${1+"$@"} + + +# func_generate_dlsyms outputname originator pic_p +# Extract symbols from dlprefiles and create ${outputname}S.o with +# a dlpreopen symbol table. +func_generate_dlsyms () +{ + $debug_cmd + + my_outputname=$1 + my_originator=$2 + my_pic_p=${3-false} + my_prefix=`$ECHO "$my_originator" | $SED 's%[^a-zA-Z0-9]%_%g'` + my_dlsyms= + + if test -n "$dlfiles$dlprefiles" || test no != "$dlself"; then + if test -n "$NM" && test -n "$global_symbol_pipe"; then + my_dlsyms=${my_outputname}S.c + else + func_error "not configured to extract global symbols from dlpreopened files" + fi + fi + + if test -n "$my_dlsyms"; then + case $my_dlsyms in + "") ;; + *.c) + # Discover the nlist of each of the dlfiles. + nlist=$output_objdir/$my_outputname.nm + + func_show_eval "$RM $nlist ${nlist}S ${nlist}T" + + # Parse the name list into a source file. + func_verbose "creating $output_objdir/$my_dlsyms" + + $opt_dry_run || $ECHO > "$output_objdir/$my_dlsyms" "\ +/* $my_dlsyms - symbol resolution table for '$my_outputname' dlsym emulation. */ +/* Generated by $PROGRAM (GNU $PACKAGE) $VERSION */ + +#ifdef __cplusplus +extern \"C\" { +#endif + +#if defined __GNUC__ && (((__GNUC__ == 4) && (__GNUC_MINOR__ >= 4)) || (__GNUC__ > 4)) +#pragma GCC diagnostic ignored \"-Wstrict-prototypes\" +#endif + +/* Keep this code in sync between libtool.m4, ltmain, lt_system.h, and tests. */ +#if defined _WIN32 || defined __CYGWIN__ || defined _WIN32_WCE +/* DATA imports from DLLs on WIN32 can't be const, because runtime + relocations are performed -- see ld's documentation on pseudo-relocs. */ +# define LT_DLSYM_CONST +#elif defined __osf__ +/* This system does not cope well with relocations in const data. */ +# define LT_DLSYM_CONST +#else +# define LT_DLSYM_CONST const +#endif + +#define STREQ(s1, s2) (strcmp ((s1), (s2)) == 0) + +/* External symbol declarations for the compiler. */\ +" + + if test yes = "$dlself"; then + func_verbose "generating symbol list for '$output'" + + $opt_dry_run || echo ': @PROGRAM@ ' > "$nlist" + + # Add our own program objects to the symbol list. + progfiles=`$ECHO "$objs$old_deplibs" | $SP2NL | $SED "$lo2o" | $NL2SP` + for progfile in $progfiles; do + func_to_tool_file "$progfile" func_convert_file_msys_to_w32 + func_verbose "extracting global C symbols from '$func_to_tool_file_result'" + $opt_dry_run || eval "$NM $func_to_tool_file_result | $global_symbol_pipe >> '$nlist'" + done + + if test -n "$exclude_expsyms"; then + $opt_dry_run || { + eval '$EGREP -v " ($exclude_expsyms)$" "$nlist" > "$nlist"T' + eval '$MV "$nlist"T "$nlist"' + } + fi + + if test -n "$export_symbols_regex"; then + $opt_dry_run || { + eval '$EGREP -e "$export_symbols_regex" "$nlist" > "$nlist"T' + eval '$MV "$nlist"T "$nlist"' + } + fi + + # Prepare the list of exported symbols + if test -z "$export_symbols"; then + export_symbols=$output_objdir/$outputname.exp + $opt_dry_run || { + $RM $export_symbols + eval "$SED -n -e '/^: @PROGRAM@ $/d' -e 's/^.* \(.*\)$/\1/p' "'< "$nlist" > "$export_symbols"' + case $host in + *cygwin* | *mingw* | *cegcc* ) + eval "echo EXPORTS "'> "$output_objdir/$outputname.def"' + eval 'cat "$export_symbols" >> "$output_objdir/$outputname.def"' + ;; + esac + } + else + $opt_dry_run || { + eval "$SED -e 's/\([].[*^$]\)/\\\\\1/g' -e 's/^/ /' -e 's/$/$/'"' < "$export_symbols" > "$output_objdir/$outputname.exp"' + eval '$GREP -f "$output_objdir/$outputname.exp" < "$nlist" > "$nlist"T' + eval '$MV "$nlist"T "$nlist"' + case $host in + *cygwin* | *mingw* | *cegcc* ) + eval "echo EXPORTS "'> "$output_objdir/$outputname.def"' + eval 'cat "$nlist" >> "$output_objdir/$outputname.def"' + ;; + esac + } + fi + fi + + for dlprefile in $dlprefiles; do + func_verbose "extracting global C symbols from '$dlprefile'" + func_basename "$dlprefile" + name=$func_basename_result + case $host in + *cygwin* | *mingw* | *cegcc* ) + # if an import library, we need to obtain dlname + if func_win32_import_lib_p "$dlprefile"; then + func_tr_sh "$dlprefile" + eval "curr_lafile=\$libfile_$func_tr_sh_result" + dlprefile_dlbasename= + if test -n "$curr_lafile" && func_lalib_p "$curr_lafile"; then + # Use subshell, to avoid clobbering current variable values + dlprefile_dlname=`source "$curr_lafile" && echo "$dlname"` + if test -n "$dlprefile_dlname"; then + func_basename "$dlprefile_dlname" + dlprefile_dlbasename=$func_basename_result + else + # no lafile. user explicitly requested -dlpreopen <import library>. + $sharedlib_from_linklib_cmd "$dlprefile" + dlprefile_dlbasename=$sharedlib_from_linklib_result + fi + fi + $opt_dry_run || { + if test -n "$dlprefile_dlbasename"; then + eval '$ECHO ": $dlprefile_dlbasename" >> "$nlist"' + else + func_warning "Could not compute DLL name from $name" + eval '$ECHO ": $name " >> "$nlist"' + fi + func_to_tool_file "$dlprefile" func_convert_file_msys_to_w32 + eval "$NM \"$func_to_tool_file_result\" 2>/dev/null | $global_symbol_pipe | + $SED -e '/I __imp/d' -e 's/I __nm_/D /;s/_nm__//' >> '$nlist'" + } + else # not an import lib + $opt_dry_run || { + eval '$ECHO ": $name " >> "$nlist"' + func_to_tool_file "$dlprefile" func_convert_file_msys_to_w32 + eval "$NM \"$func_to_tool_file_result\" 2>/dev/null | $global_symbol_pipe >> '$nlist'" + } + fi + ;; + *) + $opt_dry_run || { + eval '$ECHO ": $name " >> "$nlist"' + func_to_tool_file "$dlprefile" func_convert_file_msys_to_w32 + eval "$NM \"$func_to_tool_file_result\" 2>/dev/null | $global_symbol_pipe >> '$nlist'" + } + ;; + esac + done + + $opt_dry_run || { + # Make sure we have at least an empty file. + test -f "$nlist" || : > "$nlist" + + if test -n "$exclude_expsyms"; then + $EGREP -v " ($exclude_expsyms)$" "$nlist" > "$nlist"T + $MV "$nlist"T "$nlist" + fi + + # Try sorting and uniquifying the output. + if $GREP -v "^: " < "$nlist" | + if sort -k 3 </dev/null >/dev/null 2>&1; then + sort -k 3 + else + sort +2 + fi | + uniq > "$nlist"S; then + : + else + $GREP -v "^: " < "$nlist" > "$nlist"S + fi + + if test -f "$nlist"S; then + eval "$global_symbol_to_cdecl"' < "$nlist"S >> "$output_objdir/$my_dlsyms"' + else + echo '/* NONE */' >> "$output_objdir/$my_dlsyms" + fi + + func_show_eval '$RM "${nlist}I"' + if test -n "$global_symbol_to_import"; then + eval "$global_symbol_to_import"' < "$nlist"S > "$nlist"I' + fi + + echo >> "$output_objdir/$my_dlsyms" "\ + +/* The mapping between symbol names and symbols. */ +typedef struct { + const char *name; + void *address; +} lt_dlsymlist; +extern LT_DLSYM_CONST lt_dlsymlist +lt_${my_prefix}_LTX_preloaded_symbols[];\ +" + + if test -s "$nlist"I; then + echo >> "$output_objdir/$my_dlsyms" "\ +static void lt_syminit(void) +{ + LT_DLSYM_CONST lt_dlsymlist *symbol = lt_${my_prefix}_LTX_preloaded_symbols; + for (; symbol->name; ++symbol) + {" + $SED 's/.*/ if (STREQ (symbol->name, \"&\")) symbol->address = (void *) \&&;/' < "$nlist"I >> "$output_objdir/$my_dlsyms" + echo >> "$output_objdir/$my_dlsyms" "\ + } +}" + fi + echo >> "$output_objdir/$my_dlsyms" "\ +LT_DLSYM_CONST lt_dlsymlist +lt_${my_prefix}_LTX_preloaded_symbols[] = +{ {\"$my_originator\", (void *) 0}," + + if test -s "$nlist"I; then + echo >> "$output_objdir/$my_dlsyms" "\ + {\"@INIT@\", (void *) <_syminit}," + fi + + case $need_lib_prefix in + no) + eval "$global_symbol_to_c_name_address" < "$nlist" >> "$output_objdir/$my_dlsyms" + ;; + *) + eval "$global_symbol_to_c_name_address_lib_prefix" < "$nlist" >> "$output_objdir/$my_dlsyms" + ;; + esac + echo >> "$output_objdir/$my_dlsyms" "\ + {0, (void *) 0} +}; + +/* This works around a problem in FreeBSD linker */ +#ifdef FREEBSD_WORKAROUND +static const void *lt_preloaded_setup() { + return lt_${my_prefix}_LTX_preloaded_symbols; +} +#endif + +#ifdef __cplusplus +} +#endif\ +" + } # !$opt_dry_run + + pic_flag_for_symtable= + case "$compile_command " in + *" -static "*) ;; + *) + case $host in + # compiling the symbol table file with pic_flag works around + # a FreeBSD bug that causes programs to crash when -lm is + # linked before any other PIC object. But we must not use + # pic_flag when linking with -static. The problem exists in + # FreeBSD 2.2.6 and is fixed in FreeBSD 3.1. + *-*-freebsd2.*|*-*-freebsd3.0*|*-*-freebsdelf3.0*) + pic_flag_for_symtable=" $pic_flag -DFREEBSD_WORKAROUND" ;; + *-*-hpux*) + pic_flag_for_symtable=" $pic_flag" ;; + *) + $my_pic_p && pic_flag_for_symtable=" $pic_flag" + ;; + esac + ;; + esac + symtab_cflags= + for arg in $LTCFLAGS; do + case $arg in + -pie | -fpie | -fPIE) ;; + *) func_append symtab_cflags " $arg" ;; + esac + done + + # Now compile the dynamic symbol file. + func_show_eval '(cd $output_objdir && $LTCC$symtab_cflags -c$no_builtin_flag$pic_flag_for_symtable "$my_dlsyms")' 'exit $?' + + # Clean up the generated files. + func_show_eval '$RM "$output_objdir/$my_dlsyms" "$nlist" "${nlist}S" "${nlist}T" "${nlist}I"' + + # Transform the symbol file into the correct name. + symfileobj=$output_objdir/${my_outputname}S.$objext + case $host in + *cygwin* | *mingw* | *cegcc* ) + if test -f "$output_objdir/$my_outputname.def"; then + compile_command=`$ECHO "$compile_command" | $SED "s%@SYMFILE@%$output_objdir/$my_outputname.def $symfileobj%"` + finalize_command=`$ECHO "$finalize_command" | $SED "s%@SYMFILE@%$output_objdir/$my_outputname.def $symfileobj%"` + else + compile_command=`$ECHO "$compile_command" | $SED "s%@SYMFILE@%$symfileobj%"` + finalize_command=`$ECHO "$finalize_command" | $SED "s%@SYMFILE@%$symfileobj%"` + fi + ;; + *) + compile_command=`$ECHO "$compile_command" | $SED "s%@SYMFILE@%$symfileobj%"` + finalize_command=`$ECHO "$finalize_command" | $SED "s%@SYMFILE@%$symfileobj%"` + ;; + esac + ;; + *) + func_fatal_error "unknown suffix for '$my_dlsyms'" + ;; + esac + else + # We keep going just in case the user didn't refer to + # lt_preloaded_symbols. The linker will fail if global_symbol_pipe + # really was required. + + # Nullify the symbol file. + compile_command=`$ECHO "$compile_command" | $SED "s% @SYMFILE@%%"` + finalize_command=`$ECHO "$finalize_command" | $SED "s% @SYMFILE@%%"` + fi +} + +# func_cygming_gnu_implib_p ARG +# This predicate returns with zero status (TRUE) if +# ARG is a GNU/binutils-style import library. Returns +# with nonzero status (FALSE) otherwise. +func_cygming_gnu_implib_p () +{ + $debug_cmd + + func_to_tool_file "$1" func_convert_file_msys_to_w32 + func_cygming_gnu_implib_tmp=`$NM "$func_to_tool_file_result" | eval "$global_symbol_pipe" | $EGREP ' (_head_[A-Za-z0-9_]+_[ad]l*|[A-Za-z0-9_]+_[ad]l*_iname)$'` + test -n "$func_cygming_gnu_implib_tmp" +} + +# func_cygming_ms_implib_p ARG +# This predicate returns with zero status (TRUE) if +# ARG is an MS-style import library. Returns +# with nonzero status (FALSE) otherwise. +func_cygming_ms_implib_p () +{ + $debug_cmd + + func_to_tool_file "$1" func_convert_file_msys_to_w32 + func_cygming_ms_implib_tmp=`$NM "$func_to_tool_file_result" | eval "$global_symbol_pipe" | $GREP '_NULL_IMPORT_DESCRIPTOR'` + test -n "$func_cygming_ms_implib_tmp" +} + +# func_win32_libid arg +# return the library type of file 'arg' +# +# Need a lot of goo to handle *both* DLLs and import libs +# Has to be a shell function in order to 'eat' the argument +# that is supplied when $file_magic_command is called. +# Despite the name, also deal with 64 bit binaries. +func_win32_libid () +{ + $debug_cmd + + win32_libid_type=unknown + win32_fileres=`file -L $1 2>/dev/null` + case $win32_fileres in + *ar\ archive\ import\ library*) # definitely import + win32_libid_type="x86 archive import" + ;; + *ar\ archive*) # could be an import, or static + # Keep the egrep pattern in sync with the one in _LT_CHECK_MAGIC_METHOD. + if eval $OBJDUMP -f $1 | $SED -e '10q' 2>/dev/null | + $EGREP 'file format (pei*-i386(.*architecture: i386)?|pe-arm-wince|pe-x86-64)' >/dev/null; then + case $nm_interface in + "MS dumpbin") + if func_cygming_ms_implib_p "$1" || + func_cygming_gnu_implib_p "$1" + then + win32_nmres=import + else + win32_nmres= + fi + ;; + *) + func_to_tool_file "$1" func_convert_file_msys_to_w32 + win32_nmres=`eval $NM -f posix -A \"$func_to_tool_file_result\" | + $SED -n -e ' + 1,100{ + / I /{ + s|.*|import| + p + q + } + }'` + ;; + esac + case $win32_nmres in + import*) win32_libid_type="x86 archive import";; + *) win32_libid_type="x86 archive static";; + esac + fi + ;; + *DLL*) + win32_libid_type="x86 DLL" + ;; + *executable*) # but shell scripts are "executable" too... + case $win32_fileres in + *MS\ Windows\ PE\ Intel*) + win32_libid_type="x86 DLL" + ;; + esac + ;; + esac + $ECHO "$win32_libid_type" +} + +# func_cygming_dll_for_implib ARG +# +# Platform-specific function to extract the +# name of the DLL associated with the specified +# import library ARG. +# Invoked by eval'ing the libtool variable +# $sharedlib_from_linklib_cmd +# Result is available in the variable +# $sharedlib_from_linklib_result +func_cygming_dll_for_implib () +{ + $debug_cmd + + sharedlib_from_linklib_result=`$DLLTOOL --identify-strict --identify "$1"` +} + +# func_cygming_dll_for_implib_fallback_core SECTION_NAME LIBNAMEs +# +# The is the core of a fallback implementation of a +# platform-specific function to extract the name of the +# DLL associated with the specified import library LIBNAME. +# +# SECTION_NAME is either .idata$6 or .idata$7, depending +# on the platform and compiler that created the implib. +# +# Echos the name of the DLL associated with the +# specified import library. +func_cygming_dll_for_implib_fallback_core () +{ + $debug_cmd + + match_literal=`$ECHO "$1" | $SED "$sed_make_literal_regex"` + $OBJDUMP -s --section "$1" "$2" 2>/dev/null | + $SED '/^Contents of section '"$match_literal"':/{ + # Place marker at beginning of archive member dllname section + s/.*/====MARK====/ + p + d + } + # These lines can sometimes be longer than 43 characters, but + # are always uninteresting + /:[ ]*file format pe[i]\{,1\}-/d + /^In archive [^:]*:/d + # Ensure marker is printed + /^====MARK====/p + # Remove all lines with less than 43 characters + /^.\{43\}/!d + # From remaining lines, remove first 43 characters + s/^.\{43\}//' | + $SED -n ' + # Join marker and all lines until next marker into a single line + /^====MARK====/ b para + H + $ b para + b + :para + x + s/\n//g + # Remove the marker + s/^====MARK====// + # Remove trailing dots and whitespace + s/[\. \t]*$// + # Print + /./p' | + # we now have a list, one entry per line, of the stringified + # contents of the appropriate section of all members of the + # archive that possess that section. Heuristic: eliminate + # all those that have a first or second character that is + # a '.' (that is, objdump's representation of an unprintable + # character.) This should work for all archives with less than + # 0x302f exports -- but will fail for DLLs whose name actually + # begins with a literal '.' or a single character followed by + # a '.'. + # + # Of those that remain, print the first one. + $SED -e '/^\./d;/^.\./d;q' +} + +# func_cygming_dll_for_implib_fallback ARG +# Platform-specific function to extract the +# name of the DLL associated with the specified +# import library ARG. +# +# This fallback implementation is for use when $DLLTOOL +# does not support the --identify-strict option. +# Invoked by eval'ing the libtool variable +# $sharedlib_from_linklib_cmd +# Result is available in the variable +# $sharedlib_from_linklib_result +func_cygming_dll_for_implib_fallback () +{ + $debug_cmd + + if func_cygming_gnu_implib_p "$1"; then + # binutils import library + sharedlib_from_linklib_result=`func_cygming_dll_for_implib_fallback_core '.idata$7' "$1"` + elif func_cygming_ms_implib_p "$1"; then + # ms-generated import library + sharedlib_from_linklib_result=`func_cygming_dll_for_implib_fallback_core '.idata$6' "$1"` + else + # unknown + sharedlib_from_linklib_result= + fi +} + + +# func_extract_an_archive dir oldlib +func_extract_an_archive () +{ + $debug_cmd + + f_ex_an_ar_dir=$1; shift + f_ex_an_ar_oldlib=$1 + if test yes = "$lock_old_archive_extraction"; then + lockfile=$f_ex_an_ar_oldlib.lock + until $opt_dry_run || ln "$progpath" "$lockfile" 2>/dev/null; do + func_echo "Waiting for $lockfile to be removed" + sleep 2 + done + fi + func_show_eval "(cd \$f_ex_an_ar_dir && $AR x \"\$f_ex_an_ar_oldlib\")" \ + 'stat=$?; rm -f "$lockfile"; exit $stat' + if test yes = "$lock_old_archive_extraction"; then + $opt_dry_run || rm -f "$lockfile" + fi + if ($AR t "$f_ex_an_ar_oldlib" | sort | sort -uc >/dev/null 2>&1); then + : + else + func_fatal_error "object name conflicts in archive: $f_ex_an_ar_dir/$f_ex_an_ar_oldlib" + fi +} + + +# func_extract_archives gentop oldlib ... +func_extract_archives () +{ + $debug_cmd + + my_gentop=$1; shift + my_oldlibs=${1+"$@"} + my_oldobjs= + my_xlib= + my_xabs= + my_xdir= + + for my_xlib in $my_oldlibs; do + # Extract the objects. + case $my_xlib in + [\\/]* | [A-Za-z]:[\\/]*) my_xabs=$my_xlib ;; + *) my_xabs=`pwd`"/$my_xlib" ;; + esac + func_basename "$my_xlib" + my_xlib=$func_basename_result + my_xlib_u=$my_xlib + while :; do + case " $extracted_archives " in + *" $my_xlib_u "*) + func_arith $extracted_serial + 1 + extracted_serial=$func_arith_result + my_xlib_u=lt$extracted_serial-$my_xlib ;; + *) break ;; + esac + done + extracted_archives="$extracted_archives $my_xlib_u" + my_xdir=$my_gentop/$my_xlib_u + + func_mkdir_p "$my_xdir" + + case $host in + *-darwin*) + func_verbose "Extracting $my_xabs" + # Do not bother doing anything if just a dry run + $opt_dry_run || { + darwin_orig_dir=`pwd` + cd $my_xdir || exit $? + darwin_archive=$my_xabs + darwin_curdir=`pwd` + func_basename "$darwin_archive" + darwin_base_archive=$func_basename_result + darwin_arches=`$LIPO -info "$darwin_archive" 2>/dev/null | $GREP Architectures 2>/dev/null || true` + if test -n "$darwin_arches"; then + darwin_arches=`$ECHO "$darwin_arches" | $SED -e 's/.*are://'` + darwin_arch= + func_verbose "$darwin_base_archive has multiple architectures $darwin_arches" + for darwin_arch in $darwin_arches; do + func_mkdir_p "unfat-$$/$darwin_base_archive-$darwin_arch" + $LIPO -thin $darwin_arch -output "unfat-$$/$darwin_base_archive-$darwin_arch/$darwin_base_archive" "$darwin_archive" + cd "unfat-$$/$darwin_base_archive-$darwin_arch" + func_extract_an_archive "`pwd`" "$darwin_base_archive" + cd "$darwin_curdir" + $RM "unfat-$$/$darwin_base_archive-$darwin_arch/$darwin_base_archive" + done # $darwin_arches + ## Okay now we've a bunch of thin objects, gotta fatten them up :) + darwin_filelist=`find unfat-$$ -type f -name \*.o -print -o -name \*.lo -print | $SED -e "$sed_basename" | sort -u` + darwin_file= + darwin_files= + for darwin_file in $darwin_filelist; do + darwin_files=`find unfat-$$ -name $darwin_file -print | sort | $NL2SP` + $LIPO -create -output "$darwin_file" $darwin_files + done # $darwin_filelist + $RM -rf unfat-$$ + cd "$darwin_orig_dir" + else + cd $darwin_orig_dir + func_extract_an_archive "$my_xdir" "$my_xabs" + fi # $darwin_arches + } # !$opt_dry_run + ;; + *) + func_extract_an_archive "$my_xdir" "$my_xabs" + ;; + esac + my_oldobjs="$my_oldobjs "`find $my_xdir -name \*.$objext -print -o -name \*.lo -print | sort | $NL2SP` + done + + func_extract_archives_result=$my_oldobjs +} + + +# func_emit_wrapper [arg=no] +# +# Emit a libtool wrapper script on stdout. +# Don't directly open a file because we may want to +# incorporate the script contents within a cygwin/mingw +# wrapper executable. Must ONLY be called from within +# func_mode_link because it depends on a number of variables +# set therein. +# +# ARG is the value that the WRAPPER_SCRIPT_BELONGS_IN_OBJDIR +# variable will take. If 'yes', then the emitted script +# will assume that the directory where it is stored is +# the $objdir directory. This is a cygwin/mingw-specific +# behavior. +func_emit_wrapper () +{ + func_emit_wrapper_arg1=${1-no} + + $ECHO "\ +#! $SHELL + +# $output - temporary wrapper script for $objdir/$outputname +# Generated by $PROGRAM (GNU $PACKAGE) $VERSION +# +# The $output program cannot be directly executed until all the libtool +# libraries that it depends on are installed. +# +# This wrapper script should never be moved out of the build directory. +# If it is, it will not operate correctly. + +# Sed substitution that helps us do robust quoting. It backslashifies +# metacharacters that are still active within double-quoted strings. +sed_quote_subst='$sed_quote_subst' + +# Be Bourne compatible +if test -n \"\${ZSH_VERSION+set}\" && (emulate sh) >/dev/null 2>&1; then + emulate sh + NULLCMD=: + # Zsh 3.x and 4.x performs word splitting on \${1+\"\$@\"}, which + # is contrary to our usage. Disable this feature. + alias -g '\${1+\"\$@\"}'='\"\$@\"' + setopt NO_GLOB_SUBST +else + case \`(set -o) 2>/dev/null\` in *posix*) set -o posix;; esac +fi +BIN_SH=xpg4; export BIN_SH # for Tru64 +DUALCASE=1; export DUALCASE # for MKS sh + +# The HP-UX ksh and POSIX shell print the target directory to stdout +# if CDPATH is set. +(unset CDPATH) >/dev/null 2>&1 && unset CDPATH + +relink_command=\"$relink_command\" + +# This environment variable determines our operation mode. +if test \"\$libtool_install_magic\" = \"$magic\"; then + # install mode needs the following variables: + generated_by_libtool_version='$macro_version' + notinst_deplibs='$notinst_deplibs' +else + # When we are sourced in execute mode, \$file and \$ECHO are already set. + if test \"\$libtool_execute_magic\" != \"$magic\"; then + file=\"\$0\"" + + qECHO=`$ECHO "$ECHO" | $SED "$sed_quote_subst"` + $ECHO "\ + +# A function that is used when there is no print builtin or printf. +func_fallback_echo () +{ + eval 'cat <<_LTECHO_EOF +\$1 +_LTECHO_EOF' +} + ECHO=\"$qECHO\" + fi + +# Very basic option parsing. These options are (a) specific to +# the libtool wrapper, (b) are identical between the wrapper +# /script/ and the wrapper /executable/ that is used only on +# windows platforms, and (c) all begin with the string "--lt-" +# (application programs are unlikely to have options that match +# this pattern). +# +# There are only two supported options: --lt-debug and +# --lt-dump-script. There is, deliberately, no --lt-help. +# +# The first argument to this parsing function should be the +# script's $0 value, followed by "$@". +lt_option_debug= +func_parse_lt_options () +{ + lt_script_arg0=\$0 + shift + for lt_opt + do + case \"\$lt_opt\" in + --lt-debug) lt_option_debug=1 ;; + --lt-dump-script) + lt_dump_D=\`\$ECHO \"X\$lt_script_arg0\" | $SED -e 's/^X//' -e 's%/[^/]*$%%'\` + test \"X\$lt_dump_D\" = \"X\$lt_script_arg0\" && lt_dump_D=. + lt_dump_F=\`\$ECHO \"X\$lt_script_arg0\" | $SED -e 's/^X//' -e 's%^.*/%%'\` + cat \"\$lt_dump_D/\$lt_dump_F\" + exit 0 + ;; + --lt-*) + \$ECHO \"Unrecognized --lt- option: '\$lt_opt'\" 1>&2 + exit 1 + ;; + esac + done + + # Print the debug banner immediately: + if test -n \"\$lt_option_debug\"; then + echo \"$outputname:$output:\$LINENO: libtool wrapper (GNU $PACKAGE) $VERSION\" 1>&2 + fi +} + +# Used when --lt-debug. Prints its arguments to stdout +# (redirection is the responsibility of the caller) +func_lt_dump_args () +{ + lt_dump_args_N=1; + for lt_arg + do + \$ECHO \"$outputname:$output:\$LINENO: newargv[\$lt_dump_args_N]: \$lt_arg\" + lt_dump_args_N=\`expr \$lt_dump_args_N + 1\` + done +} + +# Core function for launching the target application +func_exec_program_core () +{ +" + case $host in + # Backslashes separate directories on plain windows + *-*-mingw | *-*-os2* | *-cegcc*) + $ECHO "\ + if test -n \"\$lt_option_debug\"; then + \$ECHO \"$outputname:$output:\$LINENO: newargv[0]: \$progdir\\\\\$program\" 1>&2 + func_lt_dump_args \${1+\"\$@\"} 1>&2 + fi + exec \"\$progdir\\\\\$program\" \${1+\"\$@\"} +" + ;; + + *) + $ECHO "\ + if test -n \"\$lt_option_debug\"; then + \$ECHO \"$outputname:$output:\$LINENO: newargv[0]: \$progdir/\$program\" 1>&2 + func_lt_dump_args \${1+\"\$@\"} 1>&2 + fi + exec \"\$progdir/\$program\" \${1+\"\$@\"} +" + ;; + esac + $ECHO "\ + \$ECHO \"\$0: cannot exec \$program \$*\" 1>&2 + exit 1 +} + +# A function to encapsulate launching the target application +# Strips options in the --lt-* namespace from \$@ and +# launches target application with the remaining arguments. +func_exec_program () +{ + case \" \$* \" in + *\\ --lt-*) + for lt_wr_arg + do + case \$lt_wr_arg in + --lt-*) ;; + *) set x \"\$@\" \"\$lt_wr_arg\"; shift;; + esac + shift + done ;; + esac + func_exec_program_core \${1+\"\$@\"} +} + + # Parse options + func_parse_lt_options \"\$0\" \${1+\"\$@\"} + + # Find the directory that this script lives in. + thisdir=\`\$ECHO \"\$file\" | $SED 's%/[^/]*$%%'\` + test \"x\$thisdir\" = \"x\$file\" && thisdir=. + + # Follow symbolic links until we get to the real thisdir. + file=\`ls -ld \"\$file\" | $SED -n 's/.*-> //p'\` + while test -n \"\$file\"; do + destdir=\`\$ECHO \"\$file\" | $SED 's%/[^/]*\$%%'\` + + # If there was a directory component, then change thisdir. + if test \"x\$destdir\" != \"x\$file\"; then + case \"\$destdir\" in + [\\\\/]* | [A-Za-z]:[\\\\/]*) thisdir=\"\$destdir\" ;; + *) thisdir=\"\$thisdir/\$destdir\" ;; + esac + fi + + file=\`\$ECHO \"\$file\" | $SED 's%^.*/%%'\` + file=\`ls -ld \"\$thisdir/\$file\" | $SED -n 's/.*-> //p'\` + done + + # Usually 'no', except on cygwin/mingw when embedded into + # the cwrapper. + WRAPPER_SCRIPT_BELONGS_IN_OBJDIR=$func_emit_wrapper_arg1 + if test \"\$WRAPPER_SCRIPT_BELONGS_IN_OBJDIR\" = \"yes\"; then + # special case for '.' + if test \"\$thisdir\" = \".\"; then + thisdir=\`pwd\` + fi + # remove .libs from thisdir + case \"\$thisdir\" in + *[\\\\/]$objdir ) thisdir=\`\$ECHO \"\$thisdir\" | $SED 's%[\\\\/][^\\\\/]*$%%'\` ;; + $objdir ) thisdir=. ;; + esac + fi + + # Try to get the absolute directory name. + absdir=\`cd \"\$thisdir\" && pwd\` + test -n \"\$absdir\" && thisdir=\"\$absdir\" +" + + if test yes = "$fast_install"; then + $ECHO "\ + program=lt-'$outputname'$exeext + progdir=\"\$thisdir/$objdir\" + + if test ! -f \"\$progdir/\$program\" || + { file=\`ls -1dt \"\$progdir/\$program\" \"\$progdir/../\$program\" 2>/dev/null | $SED 1q\`; \\ + test \"X\$file\" != \"X\$progdir/\$program\"; }; then + + file=\"\$\$-\$program\" + + if test ! -d \"\$progdir\"; then + $MKDIR \"\$progdir\" + else + $RM \"\$progdir/\$file\" + fi" + + $ECHO "\ + + # relink executable if necessary + if test -n \"\$relink_command\"; then + if relink_command_output=\`eval \$relink_command 2>&1\`; then : + else + \$ECHO \"\$relink_command_output\" >&2 + $RM \"\$progdir/\$file\" + exit 1 + fi + fi + + $MV \"\$progdir/\$file\" \"\$progdir/\$program\" 2>/dev/null || + { $RM \"\$progdir/\$program\"; + $MV \"\$progdir/\$file\" \"\$progdir/\$program\"; } + $RM \"\$progdir/\$file\" + fi" + else + $ECHO "\ + program='$outputname' + progdir=\"\$thisdir/$objdir\" +" + fi + + $ECHO "\ + + if test -f \"\$progdir/\$program\"; then" + + # fixup the dll searchpath if we need to. + # + # Fix the DLL searchpath if we need to. Do this before prepending + # to shlibpath, because on Windows, both are PATH and uninstalled + # libraries must come first. + if test -n "$dllsearchpath"; then + $ECHO "\ + # Add the dll search path components to the executable PATH + PATH=$dllsearchpath:\$PATH +" + fi + + # Export our shlibpath_var if we have one. + if test yes = "$shlibpath_overrides_runpath" && test -n "$shlibpath_var" && test -n "$temp_rpath"; then + $ECHO "\ + # Add our own library path to $shlibpath_var + $shlibpath_var=\"$temp_rpath\$$shlibpath_var\" + + # Some systems cannot cope with colon-terminated $shlibpath_var + # The second colon is a workaround for a bug in BeOS R4 sed + $shlibpath_var=\`\$ECHO \"\$$shlibpath_var\" | $SED 's/::*\$//'\` + + export $shlibpath_var +" + fi + + $ECHO "\ + if test \"\$libtool_execute_magic\" != \"$magic\"; then + # Run the actual program with our arguments. + func_exec_program \${1+\"\$@\"} + fi + else + # The program doesn't exist. + \$ECHO \"\$0: error: '\$progdir/\$program' does not exist\" 1>&2 + \$ECHO \"This script is just a wrapper for \$program.\" 1>&2 + \$ECHO \"See the $PACKAGE documentation for more information.\" 1>&2 + exit 1 + fi +fi\ +" +} + + +# func_emit_cwrapperexe_src +# emit the source code for a wrapper executable on stdout +# Must ONLY be called from within func_mode_link because +# it depends on a number of variable set therein. +func_emit_cwrapperexe_src () +{ + cat <<EOF + +/* $cwrappersource - temporary wrapper executable for $objdir/$outputname + Generated by $PROGRAM (GNU $PACKAGE) $VERSION + + The $output program cannot be directly executed until all the libtool + libraries that it depends on are installed. + + This wrapper executable should never be moved out of the build directory. + If it is, it will not operate correctly. +*/ +EOF + cat <<"EOF" +#ifdef _MSC_VER +# define _CRT_SECURE_NO_DEPRECATE 1 +#endif +#include <stdio.h> +#include <stdlib.h> +#ifdef _MSC_VER +# include <direct.h> +# include <process.h> +# include <io.h> +#else +# include <unistd.h> +# include <stdint.h> +# ifdef __CYGWIN__ +# include <io.h> +# endif +#endif +#include <malloc.h> +#include <stdarg.h> +#include <assert.h> +#include <string.h> +#include <ctype.h> +#include <errno.h> +#include <fcntl.h> +#include <sys/stat.h> + +#define STREQ(s1, s2) (strcmp ((s1), (s2)) == 0) + +/* declarations of non-ANSI functions */ +#if defined __MINGW32__ +# ifdef __STRICT_ANSI__ +int _putenv (const char *); +# endif +#elif defined __CYGWIN__ +# ifdef __STRICT_ANSI__ +char *realpath (const char *, char *); +int putenv (char *); +int setenv (const char *, const char *, int); +# endif +/* #elif defined other_platform || defined ... */ +#endif + +/* portability defines, excluding path handling macros */ +#if defined _MSC_VER +# define setmode _setmode +# define stat _stat +# define chmod _chmod +# define getcwd _getcwd +# define putenv _putenv +# define S_IXUSR _S_IEXEC +#elif defined __MINGW32__ +# define setmode _setmode +# define stat _stat +# define chmod _chmod +# define getcwd _getcwd +# define putenv _putenv +#elif defined __CYGWIN__ +# define HAVE_SETENV +# define FOPEN_WB "wb" +/* #elif defined other platforms ... */ +#endif + +#if defined PATH_MAX +# define LT_PATHMAX PATH_MAX +#elif defined MAXPATHLEN +# define LT_PATHMAX MAXPATHLEN +#else +# define LT_PATHMAX 1024 +#endif + +#ifndef S_IXOTH +# define S_IXOTH 0 +#endif +#ifndef S_IXGRP +# define S_IXGRP 0 +#endif + +/* path handling portability macros */ +#ifndef DIR_SEPARATOR +# define DIR_SEPARATOR '/' +# define PATH_SEPARATOR ':' +#endif + +#if defined _WIN32 || defined __MSDOS__ || defined __DJGPP__ || \ + defined __OS2__ +# define HAVE_DOS_BASED_FILE_SYSTEM +# define FOPEN_WB "wb" +# ifndef DIR_SEPARATOR_2 +# define DIR_SEPARATOR_2 '\\' +# endif +# ifndef PATH_SEPARATOR_2 +# define PATH_SEPARATOR_2 ';' +# endif +#endif + +#ifndef DIR_SEPARATOR_2 +# define IS_DIR_SEPARATOR(ch) ((ch) == DIR_SEPARATOR) +#else /* DIR_SEPARATOR_2 */ +# define IS_DIR_SEPARATOR(ch) \ + (((ch) == DIR_SEPARATOR) || ((ch) == DIR_SEPARATOR_2)) +#endif /* DIR_SEPARATOR_2 */ + +#ifndef PATH_SEPARATOR_2 +# define IS_PATH_SEPARATOR(ch) ((ch) == PATH_SEPARATOR) +#else /* PATH_SEPARATOR_2 */ +# define IS_PATH_SEPARATOR(ch) ((ch) == PATH_SEPARATOR_2) +#endif /* PATH_SEPARATOR_2 */ + +#ifndef FOPEN_WB +# define FOPEN_WB "w" +#endif +#ifndef _O_BINARY +# define _O_BINARY 0 +#endif + +#define XMALLOC(type, num) ((type *) xmalloc ((num) * sizeof(type))) +#define XFREE(stale) do { \ + if (stale) { free (stale); stale = 0; } \ +} while (0) + +#if defined LT_DEBUGWRAPPER +static int lt_debug = 1; +#else +static int lt_debug = 0; +#endif + +const char *program_name = "libtool-wrapper"; /* in case xstrdup fails */ + +void *xmalloc (size_t num); +char *xstrdup (const char *string); +const char *base_name (const char *name); +char *find_executable (const char *wrapper); +char *chase_symlinks (const char *pathspec); +int make_executable (const char *path); +int check_executable (const char *path); +char *strendzap (char *str, const char *pat); +void lt_debugprintf (const char *file, int line, const char *fmt, ...); +void lt_fatal (const char *file, int line, const char *message, ...); +static const char *nonnull (const char *s); +static const char *nonempty (const char *s); +void lt_setenv (const char *name, const char *value); +char *lt_extend_str (const char *orig_value, const char *add, int to_end); +void lt_update_exe_path (const char *name, const char *value); +void lt_update_lib_path (const char *name, const char *value); +char **prepare_spawn (char **argv); +void lt_dump_script (FILE *f); +EOF + + cat <<EOF +#if __GNUC__ < 4 || (__GNUC__ == 4 && __GNUC_MINOR__ < 5) +# define externally_visible volatile +#else +# define externally_visible __attribute__((externally_visible)) volatile +#endif +externally_visible const char * MAGIC_EXE = "$magic_exe"; +const char * LIB_PATH_VARNAME = "$shlibpath_var"; +EOF + + if test yes = "$shlibpath_overrides_runpath" && test -n "$shlibpath_var" && test -n "$temp_rpath"; then + func_to_host_path "$temp_rpath" + cat <<EOF +const char * LIB_PATH_VALUE = "$func_to_host_path_result"; +EOF + else + cat <<"EOF" +const char * LIB_PATH_VALUE = ""; +EOF + fi + + if test -n "$dllsearchpath"; then + func_to_host_path "$dllsearchpath:" + cat <<EOF +const char * EXE_PATH_VARNAME = "PATH"; +const char * EXE_PATH_VALUE = "$func_to_host_path_result"; +EOF + else + cat <<"EOF" +const char * EXE_PATH_VARNAME = ""; +const char * EXE_PATH_VALUE = ""; +EOF + fi + + if test yes = "$fast_install"; then + cat <<EOF +const char * TARGET_PROGRAM_NAME = "lt-$outputname"; /* hopefully, no .exe */ +EOF + else + cat <<EOF +const char * TARGET_PROGRAM_NAME = "$outputname"; /* hopefully, no .exe */ +EOF + fi + + + cat <<"EOF" + +#define LTWRAPPER_OPTION_PREFIX "--lt-" + +static const char *ltwrapper_option_prefix = LTWRAPPER_OPTION_PREFIX; +static const char *dumpscript_opt = LTWRAPPER_OPTION_PREFIX "dump-script"; +static const char *debug_opt = LTWRAPPER_OPTION_PREFIX "debug"; + +int +main (int argc, char *argv[]) +{ + char **newargz; + int newargc; + char *tmp_pathspec; + char *actual_cwrapper_path; + char *actual_cwrapper_name; + char *target_name; + char *lt_argv_zero; + int rval = 127; + + int i; + + program_name = (char *) xstrdup (base_name (argv[0])); + newargz = XMALLOC (char *, (size_t) argc + 1); + + /* very simple arg parsing; don't want to rely on getopt + * also, copy all non cwrapper options to newargz, except + * argz[0], which is handled differently + */ + newargc=0; + for (i = 1; i < argc; i++) + { + if (STREQ (argv[i], dumpscript_opt)) + { +EOF + case $host in + *mingw* | *cygwin* ) + # make stdout use "unix" line endings + echo " setmode(1,_O_BINARY);" + ;; + esac + + cat <<"EOF" + lt_dump_script (stdout); + return 0; + } + if (STREQ (argv[i], debug_opt)) + { + lt_debug = 1; + continue; + } + if (STREQ (argv[i], ltwrapper_option_prefix)) + { + /* however, if there is an option in the LTWRAPPER_OPTION_PREFIX + namespace, but it is not one of the ones we know about and + have already dealt with, above (inluding dump-script), then + report an error. Otherwise, targets might begin to believe + they are allowed to use options in the LTWRAPPER_OPTION_PREFIX + namespace. The first time any user complains about this, we'll + need to make LTWRAPPER_OPTION_PREFIX a configure-time option + or a configure.ac-settable value. + */ + lt_fatal (__FILE__, __LINE__, + "unrecognized %s option: '%s'", + ltwrapper_option_prefix, argv[i]); + } + /* otherwise ... */ + newargz[++newargc] = xstrdup (argv[i]); + } + newargz[++newargc] = NULL; + +EOF + cat <<EOF + /* The GNU banner must be the first non-error debug message */ + lt_debugprintf (__FILE__, __LINE__, "libtool wrapper (GNU $PACKAGE) $VERSION\n"); +EOF + cat <<"EOF" + lt_debugprintf (__FILE__, __LINE__, "(main) argv[0]: %s\n", argv[0]); + lt_debugprintf (__FILE__, __LINE__, "(main) program_name: %s\n", program_name); + + tmp_pathspec = find_executable (argv[0]); + if (tmp_pathspec == NULL) + lt_fatal (__FILE__, __LINE__, "couldn't find %s", argv[0]); + lt_debugprintf (__FILE__, __LINE__, + "(main) found exe (before symlink chase) at: %s\n", + tmp_pathspec); + + actual_cwrapper_path = chase_symlinks (tmp_pathspec); + lt_debugprintf (__FILE__, __LINE__, + "(main) found exe (after symlink chase) at: %s\n", + actual_cwrapper_path); + XFREE (tmp_pathspec); + + actual_cwrapper_name = xstrdup (base_name (actual_cwrapper_path)); + strendzap (actual_cwrapper_path, actual_cwrapper_name); + + /* wrapper name transforms */ + strendzap (actual_cwrapper_name, ".exe"); + tmp_pathspec = lt_extend_str (actual_cwrapper_name, ".exe", 1); + XFREE (actual_cwrapper_name); + actual_cwrapper_name = tmp_pathspec; + tmp_pathspec = 0; + + /* target_name transforms -- use actual target program name; might have lt- prefix */ + target_name = xstrdup (base_name (TARGET_PROGRAM_NAME)); + strendzap (target_name, ".exe"); + tmp_pathspec = lt_extend_str (target_name, ".exe", 1); + XFREE (target_name); + target_name = tmp_pathspec; + tmp_pathspec = 0; + + lt_debugprintf (__FILE__, __LINE__, + "(main) libtool target name: %s\n", + target_name); +EOF + + cat <<EOF + newargz[0] = + XMALLOC (char, (strlen (actual_cwrapper_path) + + strlen ("$objdir") + 1 + strlen (actual_cwrapper_name) + 1)); + strcpy (newargz[0], actual_cwrapper_path); + strcat (newargz[0], "$objdir"); + strcat (newargz[0], "/"); +EOF + + cat <<"EOF" + /* stop here, and copy so we don't have to do this twice */ + tmp_pathspec = xstrdup (newargz[0]); + + /* do NOT want the lt- prefix here, so use actual_cwrapper_name */ + strcat (newargz[0], actual_cwrapper_name); + + /* DO want the lt- prefix here if it exists, so use target_name */ + lt_argv_zero = lt_extend_str (tmp_pathspec, target_name, 1); + XFREE (tmp_pathspec); + tmp_pathspec = NULL; +EOF + + case $host_os in + mingw*) + cat <<"EOF" + { + char* p; + while ((p = strchr (newargz[0], '\\')) != NULL) + { + *p = '/'; + } + while ((p = strchr (lt_argv_zero, '\\')) != NULL) + { + *p = '/'; + } + } +EOF + ;; + esac + + cat <<"EOF" + XFREE (target_name); + XFREE (actual_cwrapper_path); + XFREE (actual_cwrapper_name); + + lt_setenv ("BIN_SH", "xpg4"); /* for Tru64 */ + lt_setenv ("DUALCASE", "1"); /* for MSK sh */ + /* Update the DLL searchpath. EXE_PATH_VALUE ($dllsearchpath) must + be prepended before (that is, appear after) LIB_PATH_VALUE ($temp_rpath) + because on Windows, both *_VARNAMEs are PATH but uninstalled + libraries must come first. */ + lt_update_exe_path (EXE_PATH_VARNAME, EXE_PATH_VALUE); + lt_update_lib_path (LIB_PATH_VARNAME, LIB_PATH_VALUE); + + lt_debugprintf (__FILE__, __LINE__, "(main) lt_argv_zero: %s\n", + nonnull (lt_argv_zero)); + for (i = 0; i < newargc; i++) + { + lt_debugprintf (__FILE__, __LINE__, "(main) newargz[%d]: %s\n", + i, nonnull (newargz[i])); + } + +EOF + + case $host_os in + mingw*) + cat <<"EOF" + /* execv doesn't actually work on mingw as expected on unix */ + newargz = prepare_spawn (newargz); + rval = (int) _spawnv (_P_WAIT, lt_argv_zero, (const char * const *) newargz); + if (rval == -1) + { + /* failed to start process */ + lt_debugprintf (__FILE__, __LINE__, + "(main) failed to launch target \"%s\": %s\n", + lt_argv_zero, nonnull (strerror (errno))); + return 127; + } + return rval; +EOF + ;; + *) + cat <<"EOF" + execv (lt_argv_zero, newargz); + return rval; /* =127, but avoids unused variable warning */ +EOF + ;; + esac + + cat <<"EOF" +} + +void * +xmalloc (size_t num) +{ + void *p = (void *) malloc (num); + if (!p) + lt_fatal (__FILE__, __LINE__, "memory exhausted"); + + return p; +} + +char * +xstrdup (const char *string) +{ + return string ? strcpy ((char *) xmalloc (strlen (string) + 1), + string) : NULL; +} + +const char * +base_name (const char *name) +{ + const char *base; + +#if defined HAVE_DOS_BASED_FILE_SYSTEM + /* Skip over the disk name in MSDOS pathnames. */ + if (isalpha ((unsigned char) name[0]) && name[1] == ':') + name += 2; +#endif + + for (base = name; *name; name++) + if (IS_DIR_SEPARATOR (*name)) + base = name + 1; + return base; +} + +int +check_executable (const char *path) +{ + struct stat st; + + lt_debugprintf (__FILE__, __LINE__, "(check_executable): %s\n", + nonempty (path)); + if ((!path) || (!*path)) + return 0; + + if ((stat (path, &st) >= 0) + && (st.st_mode & (S_IXUSR | S_IXGRP | S_IXOTH))) + return 1; + else + return 0; +} + +int +make_executable (const char *path) +{ + int rval = 0; + struct stat st; + + lt_debugprintf (__FILE__, __LINE__, "(make_executable): %s\n", + nonempty (path)); + if ((!path) || (!*path)) + return 0; + + if (stat (path, &st) >= 0) + { + rval = chmod (path, st.st_mode | S_IXOTH | S_IXGRP | S_IXUSR); + } + return rval; +} + +/* Searches for the full path of the wrapper. Returns + newly allocated full path name if found, NULL otherwise + Does not chase symlinks, even on platforms that support them. +*/ +char * +find_executable (const char *wrapper) +{ + int has_slash = 0; + const char *p; + const char *p_next; + /* static buffer for getcwd */ + char tmp[LT_PATHMAX + 1]; + size_t tmp_len; + char *concat_name; + + lt_debugprintf (__FILE__, __LINE__, "(find_executable): %s\n", + nonempty (wrapper)); + + if ((wrapper == NULL) || (*wrapper == '\0')) + return NULL; + + /* Absolute path? */ +#if defined HAVE_DOS_BASED_FILE_SYSTEM + if (isalpha ((unsigned char) wrapper[0]) && wrapper[1] == ':') + { + concat_name = xstrdup (wrapper); + if (check_executable (concat_name)) + return concat_name; + XFREE (concat_name); + } + else + { +#endif + if (IS_DIR_SEPARATOR (wrapper[0])) + { + concat_name = xstrdup (wrapper); + if (check_executable (concat_name)) + return concat_name; + XFREE (concat_name); + } +#if defined HAVE_DOS_BASED_FILE_SYSTEM + } +#endif + + for (p = wrapper; *p; p++) + if (*p == '/') + { + has_slash = 1; + break; + } + if (!has_slash) + { + /* no slashes; search PATH */ + const char *path = getenv ("PATH"); + if (path != NULL) + { + for (p = path; *p; p = p_next) + { + const char *q; + size_t p_len; + for (q = p; *q; q++) + if (IS_PATH_SEPARATOR (*q)) + break; + p_len = (size_t) (q - p); + p_next = (*q == '\0' ? q : q + 1); + if (p_len == 0) + { + /* empty path: current directory */ + if (getcwd (tmp, LT_PATHMAX) == NULL) + lt_fatal (__FILE__, __LINE__, "getcwd failed: %s", + nonnull (strerror (errno))); + tmp_len = strlen (tmp); + concat_name = + XMALLOC (char, tmp_len + 1 + strlen (wrapper) + 1); + memcpy (concat_name, tmp, tmp_len); + concat_name[tmp_len] = '/'; + strcpy (concat_name + tmp_len + 1, wrapper); + } + else + { + concat_name = + XMALLOC (char, p_len + 1 + strlen (wrapper) + 1); + memcpy (concat_name, p, p_len); + concat_name[p_len] = '/'; + strcpy (concat_name + p_len + 1, wrapper); + } + if (check_executable (concat_name)) + return concat_name; + XFREE (concat_name); + } + } + /* not found in PATH; assume curdir */ + } + /* Relative path | not found in path: prepend cwd */ + if (getcwd (tmp, LT_PATHMAX) == NULL) + lt_fatal (__FILE__, __LINE__, "getcwd failed: %s", + nonnull (strerror (errno))); + tmp_len = strlen (tmp); + concat_name = XMALLOC (char, tmp_len + 1 + strlen (wrapper) + 1); + memcpy (concat_name, tmp, tmp_len); + concat_name[tmp_len] = '/'; + strcpy (concat_name + tmp_len + 1, wrapper); + + if (check_executable (concat_name)) + return concat_name; + XFREE (concat_name); + return NULL; +} + +char * +chase_symlinks (const char *pathspec) +{ +#ifndef S_ISLNK + return xstrdup (pathspec); +#else + char buf[LT_PATHMAX]; + struct stat s; + char *tmp_pathspec = xstrdup (pathspec); + char *p; + int has_symlinks = 0; + while (strlen (tmp_pathspec) && !has_symlinks) + { + lt_debugprintf (__FILE__, __LINE__, + "checking path component for symlinks: %s\n", + tmp_pathspec); + if (lstat (tmp_pathspec, &s) == 0) + { + if (S_ISLNK (s.st_mode) != 0) + { + has_symlinks = 1; + break; + } + + /* search backwards for last DIR_SEPARATOR */ + p = tmp_pathspec + strlen (tmp_pathspec) - 1; + while ((p > tmp_pathspec) && (!IS_DIR_SEPARATOR (*p))) + p--; + if ((p == tmp_pathspec) && (!IS_DIR_SEPARATOR (*p))) + { + /* no more DIR_SEPARATORS left */ + break; + } + *p = '\0'; + } + else + { + lt_fatal (__FILE__, __LINE__, + "error accessing file \"%s\": %s", + tmp_pathspec, nonnull (strerror (errno))); + } + } + XFREE (tmp_pathspec); + + if (!has_symlinks) + { + return xstrdup (pathspec); + } + + tmp_pathspec = realpath (pathspec, buf); + if (tmp_pathspec == 0) + { + lt_fatal (__FILE__, __LINE__, + "could not follow symlinks for %s", pathspec); + } + return xstrdup (tmp_pathspec); +#endif +} + +char * +strendzap (char *str, const char *pat) +{ + size_t len, patlen; + + assert (str != NULL); + assert (pat != NULL); + + len = strlen (str); + patlen = strlen (pat); + + if (patlen <= len) + { + str += len - patlen; + if (STREQ (str, pat)) + *str = '\0'; + } + return str; +} + +void +lt_debugprintf (const char *file, int line, const char *fmt, ...) +{ + va_list args; + if (lt_debug) + { + (void) fprintf (stderr, "%s:%s:%d: ", program_name, file, line); + va_start (args, fmt); + (void) vfprintf (stderr, fmt, args); + va_end (args); + } +} + +static void +lt_error_core (int exit_status, const char *file, + int line, const char *mode, + const char *message, va_list ap) +{ + fprintf (stderr, "%s:%s:%d: %s: ", program_name, file, line, mode); + vfprintf (stderr, message, ap); + fprintf (stderr, ".\n"); + + if (exit_status >= 0) + exit (exit_status); +} + +void +lt_fatal (const char *file, int line, const char *message, ...) +{ + va_list ap; + va_start (ap, message); + lt_error_core (EXIT_FAILURE, file, line, "FATAL", message, ap); + va_end (ap); +} + +static const char * +nonnull (const char *s) +{ + return s ? s : "(null)"; +} + +static const char * +nonempty (const char *s) +{ + return (s && !*s) ? "(empty)" : nonnull (s); +} + +void +lt_setenv (const char *name, const char *value) +{ + lt_debugprintf (__FILE__, __LINE__, + "(lt_setenv) setting '%s' to '%s'\n", + nonnull (name), nonnull (value)); + { +#ifdef HAVE_SETENV + /* always make a copy, for consistency with !HAVE_SETENV */ + char *str = xstrdup (value); + setenv (name, str, 1); +#else + size_t len = strlen (name) + 1 + strlen (value) + 1; + char *str = XMALLOC (char, len); + sprintf (str, "%s=%s", name, value); + if (putenv (str) != EXIT_SUCCESS) + { + XFREE (str); + } +#endif + } +} + +char * +lt_extend_str (const char *orig_value, const char *add, int to_end) +{ + char *new_value; + if (orig_value && *orig_value) + { + size_t orig_value_len = strlen (orig_value); + size_t add_len = strlen (add); + new_value = XMALLOC (char, add_len + orig_value_len + 1); + if (to_end) + { + strcpy (new_value, orig_value); + strcpy (new_value + orig_value_len, add); + } + else + { + strcpy (new_value, add); + strcpy (new_value + add_len, orig_value); + } + } + else + { + new_value = xstrdup (add); + } + return new_value; +} + +void +lt_update_exe_path (const char *name, const char *value) +{ + lt_debugprintf (__FILE__, __LINE__, + "(lt_update_exe_path) modifying '%s' by prepending '%s'\n", + nonnull (name), nonnull (value)); + + if (name && *name && value && *value) + { + char *new_value = lt_extend_str (getenv (name), value, 0); + /* some systems can't cope with a ':'-terminated path #' */ + size_t len = strlen (new_value); + while ((len > 0) && IS_PATH_SEPARATOR (new_value[len-1])) + { + new_value[--len] = '\0'; + } + lt_setenv (name, new_value); + XFREE (new_value); + } +} + +void +lt_update_lib_path (const char *name, const char *value) +{ + lt_debugprintf (__FILE__, __LINE__, + "(lt_update_lib_path) modifying '%s' by prepending '%s'\n", + nonnull (name), nonnull (value)); + + if (name && *name && value && *value) + { + char *new_value = lt_extend_str (getenv (name), value, 0); + lt_setenv (name, new_value); + XFREE (new_value); + } +} + +EOF + case $host_os in + mingw*) + cat <<"EOF" + +/* Prepares an argument vector before calling spawn(). + Note that spawn() does not by itself call the command interpreter + (getenv ("COMSPEC") != NULL ? getenv ("COMSPEC") : + ({ OSVERSIONINFO v; v.dwOSVersionInfoSize = sizeof(OSVERSIONINFO); + GetVersionEx(&v); + v.dwPlatformId == VER_PLATFORM_WIN32_NT; + }) ? "cmd.exe" : "command.com"). + Instead it simply concatenates the arguments, separated by ' ', and calls + CreateProcess(). We must quote the arguments since Win32 CreateProcess() + interprets characters like ' ', '\t', '\\', '"' (but not '<' and '>') in a + special way: + - Space and tab are interpreted as delimiters. They are not treated as + delimiters if they are surrounded by double quotes: "...". + - Unescaped double quotes are removed from the input. Their only effect is + that within double quotes, space and tab are treated like normal + characters. + - Backslashes not followed by double quotes are not special. + - But 2*n+1 backslashes followed by a double quote become + n backslashes followed by a double quote (n >= 0): + \" -> " + \\\" -> \" + \\\\\" -> \\" + */ +#define SHELL_SPECIAL_CHARS "\"\\ \001\002\003\004\005\006\007\010\011\012\013\014\015\016\017\020\021\022\023\024\025\026\027\030\031\032\033\034\035\036\037" +#define SHELL_SPACE_CHARS " \001\002\003\004\005\006\007\010\011\012\013\014\015\016\017\020\021\022\023\024\025\026\027\030\031\032\033\034\035\036\037" +char ** +prepare_spawn (char **argv) +{ + size_t argc; + char **new_argv; + size_t i; + + /* Count number of arguments. */ + for (argc = 0; argv[argc] != NULL; argc++) + ; + + /* Allocate new argument vector. */ + new_argv = XMALLOC (char *, argc + 1); + + /* Put quoted arguments into the new argument vector. */ + for (i = 0; i < argc; i++) + { + const char *string = argv[i]; + + if (string[0] == '\0') + new_argv[i] = xstrdup ("\"\""); + else if (strpbrk (string, SHELL_SPECIAL_CHARS) != NULL) + { + int quote_around = (strpbrk (string, SHELL_SPACE_CHARS) != NULL); + size_t length; + unsigned int backslashes; + const char *s; + char *quoted_string; + char *p; + + length = 0; + backslashes = 0; + if (quote_around) + length++; + for (s = string; *s != '\0'; s++) + { + char c = *s; + if (c == '"') + length += backslashes + 1; + length++; + if (c == '\\') + backslashes++; + else + backslashes = 0; + } + if (quote_around) + length += backslashes + 1; + + quoted_string = XMALLOC (char, length + 1); + + p = quoted_string; + backslashes = 0; + if (quote_around) + *p++ = '"'; + for (s = string; *s != '\0'; s++) + { + char c = *s; + if (c == '"') + { + unsigned int j; + for (j = backslashes + 1; j > 0; j--) + *p++ = '\\'; + } + *p++ = c; + if (c == '\\') + backslashes++; + else + backslashes = 0; + } + if (quote_around) + { + unsigned int j; + for (j = backslashes; j > 0; j--) + *p++ = '\\'; + *p++ = '"'; + } + *p = '\0'; + + new_argv[i] = quoted_string; + } + else + new_argv[i] = (char *) string; + } + new_argv[argc] = NULL; + + return new_argv; +} +EOF + ;; + esac + + cat <<"EOF" +void lt_dump_script (FILE* f) +{ +EOF + func_emit_wrapper yes | + $SED -n -e ' +s/^\(.\{79\}\)\(..*\)/\1\ +\2/ +h +s/\([\\"]\)/\\\1/g +s/$/\\n/ +s/\([^\n]*\).*/ fputs ("\1", f);/p +g +D' + cat <<"EOF" +} +EOF +} +# end: func_emit_cwrapperexe_src + +# func_win32_import_lib_p ARG +# True if ARG is an import lib, as indicated by $file_magic_cmd +func_win32_import_lib_p () +{ + $debug_cmd + + case `eval $file_magic_cmd \"\$1\" 2>/dev/null | $SED -e 10q` in + *import*) : ;; + *) false ;; + esac +} + +# func_suncc_cstd_abi +# !!ONLY CALL THIS FOR SUN CC AFTER $compile_command IS FULLY EXPANDED!! +# Several compiler flags select an ABI that is incompatible with the +# Cstd library. Avoid specifying it if any are in CXXFLAGS. +func_suncc_cstd_abi () +{ + $debug_cmd + + case " $compile_command " in + *" -compat=g "*|*\ -std=c++[0-9][0-9]\ *|*" -library=stdcxx4 "*|*" -library=stlport4 "*) + suncc_use_cstd_abi=no + ;; + *) + suncc_use_cstd_abi=yes + ;; + esac +} + +# func_mode_link arg... +func_mode_link () +{ + $debug_cmd + + case $host in + *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2* | *-cegcc*) + # It is impossible to link a dll without this setting, and + # we shouldn't force the makefile maintainer to figure out + # what system we are compiling for in order to pass an extra + # flag for every libtool invocation. + # allow_undefined=no + + # FIXME: Unfortunately, there are problems with the above when trying + # to make a dll that has undefined symbols, in which case not + # even a static library is built. For now, we need to specify + # -no-undefined on the libtool link line when we can be certain + # that all symbols are satisfied, otherwise we get a static library. + allow_undefined=yes + ;; + *) + allow_undefined=yes + ;; + esac + libtool_args=$nonopt + base_compile="$nonopt $@" + compile_command=$nonopt + finalize_command=$nonopt + + compile_rpath= + finalize_rpath= + compile_shlibpath= + finalize_shlibpath= + convenience= + old_convenience= + deplibs= + old_deplibs= + compiler_flags= + linker_flags= + dllsearchpath= + lib_search_path=`pwd` + inst_prefix_dir= + new_inherited_linker_flags= + + avoid_version=no + bindir= + dlfiles= + dlprefiles= + dlself=no + export_dynamic=no + export_symbols= + export_symbols_regex= + generated= + libobjs= + ltlibs= + module=no + no_install=no + objs= + os2dllname= + non_pic_objects= + precious_files_regex= + prefer_static_libs=no + preload=false + prev= + prevarg= + release= + rpath= + xrpath= + perm_rpath= + temp_rpath= + thread_safe=no + vinfo= + vinfo_number=no + weak_libs= + single_module=$wl-single_module + func_infer_tag $base_compile + + # We need to know -static, to get the right output filenames. + for arg + do + case $arg in + -shared) + test yes != "$build_libtool_libs" \ + && func_fatal_configuration "cannot build a shared library" + build_old_libs=no + break + ;; + -all-static | -static | -static-libtool-libs) + case $arg in + -all-static) + if test yes = "$build_libtool_libs" && test -z "$link_static_flag"; then + func_warning "complete static linking is impossible in this configuration" + fi + if test -n "$link_static_flag"; then + dlopen_self=$dlopen_self_static + fi + prefer_static_libs=yes + ;; + -static) + if test -z "$pic_flag" && test -n "$link_static_flag"; then + dlopen_self=$dlopen_self_static + fi + prefer_static_libs=built + ;; + -static-libtool-libs) + if test -z "$pic_flag" && test -n "$link_static_flag"; then + dlopen_self=$dlopen_self_static + fi + prefer_static_libs=yes + ;; + esac + build_libtool_libs=no + build_old_libs=yes + break + ;; + esac + done + + # See if our shared archives depend on static archives. + test -n "$old_archive_from_new_cmds" && build_old_libs=yes + + # Go through the arguments, transforming them on the way. + while test "$#" -gt 0; do + arg=$1 + shift + func_quote_for_eval "$arg" + qarg=$func_quote_for_eval_unquoted_result + func_append libtool_args " $func_quote_for_eval_result" + + # If the previous option needs an argument, assign it. + if test -n "$prev"; then + case $prev in + output) + func_append compile_command " @OUTPUT@" + func_append finalize_command " @OUTPUT@" + ;; + esac + + case $prev in + bindir) + bindir=$arg + prev= + continue + ;; + dlfiles|dlprefiles) + $preload || { + # Add the symbol object into the linking commands. + func_append compile_command " @SYMFILE@" + func_append finalize_command " @SYMFILE@" + preload=: + } + case $arg in + *.la | *.lo) ;; # We handle these cases below. + force) + if test no = "$dlself"; then + dlself=needless + export_dynamic=yes + fi + prev= + continue + ;; + self) + if test dlprefiles = "$prev"; then + dlself=yes + elif test dlfiles = "$prev" && test yes != "$dlopen_self"; then + dlself=yes + else + dlself=needless + export_dynamic=yes + fi + prev= + continue + ;; + *) + if test dlfiles = "$prev"; then + func_append dlfiles " $arg" + else + func_append dlprefiles " $arg" + fi + prev= + continue + ;; + esac + ;; + expsyms) + export_symbols=$arg + test -f "$arg" \ + || func_fatal_error "symbol file '$arg' does not exist" + prev= + continue + ;; + expsyms_regex) + export_symbols_regex=$arg + prev= + continue + ;; + framework) + case $host in + *-*-darwin*) + case "$deplibs " in + *" $qarg.ltframework "*) ;; + *) func_append deplibs " $qarg.ltframework" # this is fixed later + ;; + esac + ;; + esac + prev= + continue + ;; + inst_prefix) + inst_prefix_dir=$arg + prev= + continue + ;; + mllvm) + # Clang does not use LLVM to link, so we can simply discard any + # '-mllvm $arg' options when doing the link step. + prev= + continue + ;; + objectlist) + if test -f "$arg"; then + save_arg=$arg + moreargs= + for fil in `cat "$save_arg"` + do +# func_append moreargs " $fil" + arg=$fil + # A libtool-controlled object. + + # Check to see that this really is a libtool object. + if func_lalib_unsafe_p "$arg"; then + pic_object= + non_pic_object= + + # Read the .lo file + func_source "$arg" + + if test -z "$pic_object" || + test -z "$non_pic_object" || + test none = "$pic_object" && + test none = "$non_pic_object"; then + func_fatal_error "cannot find name of object for '$arg'" + fi + + # Extract subdirectory from the argument. + func_dirname "$arg" "/" "" + xdir=$func_dirname_result + + if test none != "$pic_object"; then + # Prepend the subdirectory the object is found in. + pic_object=$xdir$pic_object + + if test dlfiles = "$prev"; then + if test yes = "$build_libtool_libs" && test yes = "$dlopen_support"; then + func_append dlfiles " $pic_object" + prev= + continue + else + # If libtool objects are unsupported, then we need to preload. + prev=dlprefiles + fi + fi + + # CHECK ME: I think I busted this. -Ossama + if test dlprefiles = "$prev"; then + # Preload the old-style object. + func_append dlprefiles " $pic_object" + prev= + fi + + # A PIC object. + func_append libobjs " $pic_object" + arg=$pic_object + fi + + # Non-PIC object. + if test none != "$non_pic_object"; then + # Prepend the subdirectory the object is found in. + non_pic_object=$xdir$non_pic_object + + # A standard non-PIC object + func_append non_pic_objects " $non_pic_object" + if test -z "$pic_object" || test none = "$pic_object"; then + arg=$non_pic_object + fi + else + # If the PIC object exists, use it instead. + # $xdir was prepended to $pic_object above. + non_pic_object=$pic_object + func_append non_pic_objects " $non_pic_object" + fi + else + # Only an error if not doing a dry-run. + if $opt_dry_run; then + # Extract subdirectory from the argument. + func_dirname "$arg" "/" "" + xdir=$func_dirname_result + + func_lo2o "$arg" + pic_object=$xdir$objdir/$func_lo2o_result + non_pic_object=$xdir$func_lo2o_result + func_append libobjs " $pic_object" + func_append non_pic_objects " $non_pic_object" + else + func_fatal_error "'$arg' is not a valid libtool object" + fi + fi + done + else + func_fatal_error "link input file '$arg' does not exist" + fi + arg=$save_arg + prev= + continue + ;; + os2dllname) + os2dllname=$arg + prev= + continue + ;; + precious_regex) + precious_files_regex=$arg + prev= + continue + ;; + release) + release=-$arg + prev= + continue + ;; + rpath | xrpath) + # We need an absolute path. + case $arg in + [\\/]* | [A-Za-z]:[\\/]*) ;; + *) + func_fatal_error "only absolute run-paths are allowed" + ;; + esac + if test rpath = "$prev"; then + case "$rpath " in + *" $arg "*) ;; + *) func_append rpath " $arg" ;; + esac + else + case "$xrpath " in + *" $arg "*) ;; + *) func_append xrpath " $arg" ;; + esac + fi + prev= + continue + ;; + shrext) + shrext_cmds=$arg + prev= + continue + ;; + weak) + func_append weak_libs " $arg" + prev= + continue + ;; + xcclinker) + func_append linker_flags " $qarg" + func_append compiler_flags " $qarg" + prev= + func_append compile_command " $qarg" + func_append finalize_command " $qarg" + continue + ;; + xcompiler) + func_append compiler_flags " $qarg" + prev= + func_append compile_command " $qarg" + func_append finalize_command " $qarg" + continue + ;; + xlinker) + func_append linker_flags " $qarg" + func_append compiler_flags " $wl$qarg" + prev= + func_append compile_command " $wl$qarg" + func_append finalize_command " $wl$qarg" + continue + ;; + *) + eval "$prev=\"\$arg\"" + prev= + continue + ;; + esac + fi # test -n "$prev" + + prevarg=$arg + + case $arg in + -all-static) + if test -n "$link_static_flag"; then + # See comment for -static flag below, for more details. + func_append compile_command " $link_static_flag" + func_append finalize_command " $link_static_flag" + fi + continue + ;; + + -allow-undefined) + # FIXME: remove this flag sometime in the future. + func_fatal_error "'-allow-undefined' must not be used because it is the default" + ;; + + -avoid-version) + avoid_version=yes + continue + ;; + + -bindir) + prev=bindir + continue + ;; + + -dlopen) + prev=dlfiles + continue + ;; + + -dlpreopen) + prev=dlprefiles + continue + ;; + + -export-dynamic) + export_dynamic=yes + continue + ;; + + -export-symbols | -export-symbols-regex) + if test -n "$export_symbols" || test -n "$export_symbols_regex"; then + func_fatal_error "more than one -exported-symbols argument is not allowed" + fi + if test X-export-symbols = "X$arg"; then + prev=expsyms + else + prev=expsyms_regex + fi + continue + ;; + + -framework) + prev=framework + continue + ;; + + -inst-prefix-dir) + prev=inst_prefix + continue + ;; + + # The native IRIX linker understands -LANG:*, -LIST:* and -LNO:* + # so, if we see these flags be careful not to treat them like -L + -L[A-Z][A-Z]*:*) + case $with_gcc/$host in + no/*-*-irix* | /*-*-irix*) + func_append compile_command " $arg" + func_append finalize_command " $arg" + ;; + esac + continue + ;; + + -L*) + func_stripname "-L" '' "$arg" + if test -z "$func_stripname_result"; then + if test "$#" -gt 0; then + func_fatal_error "require no space between '-L' and '$1'" + else + func_fatal_error "need path for '-L' option" + fi + fi + func_resolve_sysroot "$func_stripname_result" + dir=$func_resolve_sysroot_result + # We need an absolute path. + case $dir in + [\\/]* | [A-Za-z]:[\\/]*) ;; + *) + absdir=`cd "$dir" && pwd` + test -z "$absdir" && \ + func_fatal_error "cannot determine absolute directory name of '$dir'" + dir=$absdir + ;; + esac + case "$deplibs " in + *" -L$dir "* | *" $arg "*) + # Will only happen for absolute or sysroot arguments + ;; + *) + # Preserve sysroot, but never include relative directories + case $dir in + [\\/]* | [A-Za-z]:[\\/]* | =*) func_append deplibs " $arg" ;; + *) func_append deplibs " -L$dir" ;; + esac + func_append lib_search_path " $dir" + ;; + esac + case $host in + *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2* | *-cegcc*) + testbindir=`$ECHO "$dir" | $SED 's*/lib$*/bin*'` + case :$dllsearchpath: in + *":$dir:"*) ;; + ::) dllsearchpath=$dir;; + *) func_append dllsearchpath ":$dir";; + esac + case :$dllsearchpath: in + *":$testbindir:"*) ;; + ::) dllsearchpath=$testbindir;; + *) func_append dllsearchpath ":$testbindir";; + esac + ;; + esac + continue + ;; + + -l*) + if test X-lc = "X$arg" || test X-lm = "X$arg"; then + case $host in + *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-beos* | *-cegcc* | *-*-haiku*) + # These systems don't actually have a C or math library (as such) + continue + ;; + *-*-os2*) + # These systems don't actually have a C library (as such) + test X-lc = "X$arg" && continue + ;; + *-*-openbsd* | *-*-freebsd* | *-*-dragonfly* | *-*-bitrig*) + # Do not include libc due to us having libc/libc_r. + test X-lc = "X$arg" && continue + ;; + *-*-rhapsody* | *-*-darwin1.[012]) + # Rhapsody C and math libraries are in the System framework + func_append deplibs " System.ltframework" + continue + ;; + *-*-sco3.2v5* | *-*-sco5v6*) + # Causes problems with __ctype + test X-lc = "X$arg" && continue + ;; + *-*-sysv4.2uw2* | *-*-sysv5* | *-*-unixware* | *-*-OpenUNIX*) + # Compiler inserts libc in the correct place for threads to work + test X-lc = "X$arg" && continue + ;; + esac + elif test X-lc_r = "X$arg"; then + case $host in + *-*-openbsd* | *-*-freebsd* | *-*-dragonfly* | *-*-bitrig*) + # Do not include libc_r directly, use -pthread flag. + continue + ;; + esac + fi + func_append deplibs " $arg" + continue + ;; + + -mllvm) + prev=mllvm + continue + ;; + + -module) + module=yes + continue + ;; + + # Tru64 UNIX uses -model [arg] to determine the layout of C++ + # classes, name mangling, and exception handling. + # Darwin uses the -arch flag to determine output architecture. + -model|-arch|-isysroot|--sysroot) + func_append compiler_flags " $arg" + func_append compile_command " $arg" + func_append finalize_command " $arg" + prev=xcompiler + continue + ;; + + -mt|-mthreads|-kthread|-Kthread|-pthread|-pthreads|--thread-safe \ + |-threads|-fopenmp|-openmp|-mp|-xopenmp|-omp|-qsmp=*) + func_append compiler_flags " $arg" + func_append compile_command " $arg" + func_append finalize_command " $arg" + case "$new_inherited_linker_flags " in + *" $arg "*) ;; + * ) func_append new_inherited_linker_flags " $arg" ;; + esac + continue + ;; + + -multi_module) + single_module=$wl-multi_module + continue + ;; + + -no-fast-install) + fast_install=no + continue + ;; + + -no-install) + case $host in + *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2* | *-*-darwin* | *-cegcc*) + # The PATH hackery in wrapper scripts is required on Windows + # and Darwin in order for the loader to find any dlls it needs. + func_warning "'-no-install' is ignored for $host" + func_warning "assuming '-no-fast-install' instead" + fast_install=no + ;; + *) no_install=yes ;; + esac + continue + ;; + + -no-undefined) + allow_undefined=no + continue + ;; + + -objectlist) + prev=objectlist + continue + ;; + + -os2dllname) + prev=os2dllname + continue + ;; + + -o) prev=output ;; + + -precious-files-regex) + prev=precious_regex + continue + ;; + + -release) + prev=release + continue + ;; + + -rpath) + prev=rpath + continue + ;; + + -R) + prev=xrpath + continue + ;; + + -R*) + func_stripname '-R' '' "$arg" + dir=$func_stripname_result + # We need an absolute path. + case $dir in + [\\/]* | [A-Za-z]:[\\/]*) ;; + =*) + func_stripname '=' '' "$dir" + dir=$lt_sysroot$func_stripname_result + ;; + *) + func_fatal_error "only absolute run-paths are allowed" + ;; + esac + case "$xrpath " in + *" $dir "*) ;; + *) func_append xrpath " $dir" ;; + esac + continue + ;; + + -shared) + # The effects of -shared are defined in a previous loop. + continue + ;; + + -shrext) + prev=shrext + continue + ;; + + -static | -static-libtool-libs) + # The effects of -static are defined in a previous loop. + # We used to do the same as -all-static on platforms that + # didn't have a PIC flag, but the assumption that the effects + # would be equivalent was wrong. It would break on at least + # Digital Unix and AIX. + continue + ;; + + -thread-safe) + thread_safe=yes + continue + ;; + + -version-info) + prev=vinfo + continue + ;; + + -version-number) + prev=vinfo + vinfo_number=yes + continue + ;; + + -weak) + prev=weak + continue + ;; + + -Wc,*) + func_stripname '-Wc,' '' "$arg" + args=$func_stripname_result + arg= + save_ifs=$IFS; IFS=, + for flag in $args; do + IFS=$save_ifs + func_quote_for_eval "$flag" + func_append arg " $func_quote_for_eval_result" + func_append compiler_flags " $func_quote_for_eval_result" + done + IFS=$save_ifs + func_stripname ' ' '' "$arg" + arg=$func_stripname_result + ;; + + -Wl,*) + func_stripname '-Wl,' '' "$arg" + args=$func_stripname_result + arg= + save_ifs=$IFS; IFS=, + for flag in $args; do + IFS=$save_ifs + func_quote_for_eval "$flag" + func_append arg " $wl$func_quote_for_eval_result" + func_append compiler_flags " $wl$func_quote_for_eval_result" + func_append linker_flags " $func_quote_for_eval_result" + done + IFS=$save_ifs + func_stripname ' ' '' "$arg" + arg=$func_stripname_result + ;; + + -Xcompiler) + prev=xcompiler + continue + ;; + + -Xlinker) + prev=xlinker + continue + ;; + + -XCClinker) + prev=xcclinker + continue + ;; + + # -msg_* for osf cc + -msg_*) + func_quote_for_eval "$arg" + arg=$func_quote_for_eval_result + ;; + + # Flags to be passed through unchanged, with rationale: + # -64, -mips[0-9] enable 64-bit mode for the SGI compiler + # -r[0-9][0-9]* specify processor for the SGI compiler + # -xarch=*, -xtarget=* enable 64-bit mode for the Sun compiler + # +DA*, +DD* enable 64-bit mode for the HP compiler + # -q* compiler args for the IBM compiler + # -m*, -t[45]*, -txscale* architecture-specific flags for GCC + # -F/path path to uninstalled frameworks, gcc on darwin + # -p, -pg, --coverage, -fprofile-* profiling flags for GCC + # -fstack-protector* stack protector flags for GCC + # @file GCC response files + # -tp=* Portland pgcc target processor selection + # --sysroot=* for sysroot support + # -O*, -g*, -flto*, -fwhopr*, -fuse-linker-plugin GCC link-time optimization + # -specs=* GCC specs files + # -stdlib=* select c++ std lib with clang + # -fsanitize=* Clang/GCC memory and address sanitizer + -64|-mips[0-9]|-r[0-9][0-9]*|-xarch=*|-xtarget=*|+DA*|+DD*|-q*|-m*| \ + -t[45]*|-txscale*|-p|-pg|--coverage|-fprofile-*|-F*|@*|-tp=*|--sysroot=*| \ + -O*|-g*|-flto*|-fwhopr*|-fuse-linker-plugin|-fstack-protector*|-stdlib=*| \ + -specs=*|-fsanitize=*) + func_quote_for_eval "$arg" + arg=$func_quote_for_eval_result + func_append compile_command " $arg" + func_append finalize_command " $arg" + func_append compiler_flags " $arg" + continue + ;; + + -Z*) + if test os2 = "`expr $host : '.*\(os2\)'`"; then + # OS/2 uses -Zxxx to specify OS/2-specific options + compiler_flags="$compiler_flags $arg" + func_append compile_command " $arg" + func_append finalize_command " $arg" + case $arg in + -Zlinker | -Zstack) + prev=xcompiler + ;; + esac + continue + else + # Otherwise treat like 'Some other compiler flag' below + func_quote_for_eval "$arg" + arg=$func_quote_for_eval_result + fi + ;; + + # Some other compiler flag. + -* | +*) + func_quote_for_eval "$arg" + arg=$func_quote_for_eval_result + ;; + + *.$objext) + # A standard object. + func_append objs " $arg" + ;; + + *.lo) + # A libtool-controlled object. + + # Check to see that this really is a libtool object. + if func_lalib_unsafe_p "$arg"; then + pic_object= + non_pic_object= + + # Read the .lo file + func_source "$arg" + + if test -z "$pic_object" || + test -z "$non_pic_object" || + test none = "$pic_object" && + test none = "$non_pic_object"; then + func_fatal_error "cannot find name of object for '$arg'" + fi + + # Extract subdirectory from the argument. + func_dirname "$arg" "/" "" + xdir=$func_dirname_result + + test none = "$pic_object" || { + # Prepend the subdirectory the object is found in. + pic_object=$xdir$pic_object + + if test dlfiles = "$prev"; then + if test yes = "$build_libtool_libs" && test yes = "$dlopen_support"; then + func_append dlfiles " $pic_object" + prev= + continue + else + # If libtool objects are unsupported, then we need to preload. + prev=dlprefiles + fi + fi + + # CHECK ME: I think I busted this. -Ossama + if test dlprefiles = "$prev"; then + # Preload the old-style object. + func_append dlprefiles " $pic_object" + prev= + fi + + # A PIC object. + func_append libobjs " $pic_object" + arg=$pic_object + } + + # Non-PIC object. + if test none != "$non_pic_object"; then + # Prepend the subdirectory the object is found in. + non_pic_object=$xdir$non_pic_object + + # A standard non-PIC object + func_append non_pic_objects " $non_pic_object" + if test -z "$pic_object" || test none = "$pic_object"; then + arg=$non_pic_object + fi + else + # If the PIC object exists, use it instead. + # $xdir was prepended to $pic_object above. + non_pic_object=$pic_object + func_append non_pic_objects " $non_pic_object" + fi + else + # Only an error if not doing a dry-run. + if $opt_dry_run; then + # Extract subdirectory from the argument. + func_dirname "$arg" "/" "" + xdir=$func_dirname_result + + func_lo2o "$arg" + pic_object=$xdir$objdir/$func_lo2o_result + non_pic_object=$xdir$func_lo2o_result + func_append libobjs " $pic_object" + func_append non_pic_objects " $non_pic_object" + else + func_fatal_error "'$arg' is not a valid libtool object" + fi + fi + ;; + + *.$libext) + # An archive. + func_append deplibs " $arg" + func_append old_deplibs " $arg" + continue + ;; + + *.la) + # A libtool-controlled library. + + func_resolve_sysroot "$arg" + if test dlfiles = "$prev"; then + # This library was specified with -dlopen. + func_append dlfiles " $func_resolve_sysroot_result" + prev= + elif test dlprefiles = "$prev"; then + # The library was specified with -dlpreopen. + func_append dlprefiles " $func_resolve_sysroot_result" + prev= + else + func_append deplibs " $func_resolve_sysroot_result" + fi + continue + ;; + + # Some other compiler argument. + *) + # Unknown arguments in both finalize_command and compile_command need + # to be aesthetically quoted because they are evaled later. + func_quote_for_eval "$arg" + arg=$func_quote_for_eval_result + ;; + esac # arg + + # Now actually substitute the argument into the commands. + if test -n "$arg"; then + func_append compile_command " $arg" + func_append finalize_command " $arg" + fi + done # argument parsing loop + + test -n "$prev" && \ + func_fatal_help "the '$prevarg' option requires an argument" + + if test yes = "$export_dynamic" && test -n "$export_dynamic_flag_spec"; then + eval arg=\"$export_dynamic_flag_spec\" + func_append compile_command " $arg" + func_append finalize_command " $arg" + fi + + oldlibs= + # calculate the name of the file, without its directory + func_basename "$output" + outputname=$func_basename_result + libobjs_save=$libobjs + + if test -n "$shlibpath_var"; then + # get the directories listed in $shlibpath_var + eval shlib_search_path=\`\$ECHO \"\$$shlibpath_var\" \| \$SED \'s/:/ /g\'\` + else + shlib_search_path= + fi + eval sys_lib_search_path=\"$sys_lib_search_path_spec\" + eval sys_lib_dlsearch_path=\"$sys_lib_dlsearch_path_spec\" + + # Definition is injected by LT_CONFIG during libtool generation. + func_munge_path_list sys_lib_dlsearch_path "$LT_SYS_LIBRARY_PATH" + + func_dirname "$output" "/" "" + output_objdir=$func_dirname_result$objdir + func_to_tool_file "$output_objdir/" + tool_output_objdir=$func_to_tool_file_result + # Create the object directory. + func_mkdir_p "$output_objdir" + + # Determine the type of output + case $output in + "") + func_fatal_help "you must specify an output file" + ;; + *.$libext) linkmode=oldlib ;; + *.lo | *.$objext) linkmode=obj ;; + *.la) linkmode=lib ;; + *) linkmode=prog ;; # Anything else should be a program. + esac + + specialdeplibs= + + libs= + # Find all interdependent deplibs by searching for libraries + # that are linked more than once (e.g. -la -lb -la) + for deplib in $deplibs; do + if $opt_preserve_dup_deps; then + case "$libs " in + *" $deplib "*) func_append specialdeplibs " $deplib" ;; + esac + fi + func_append libs " $deplib" + done + + if test lib = "$linkmode"; then + libs="$predeps $libs $compiler_lib_search_path $postdeps" + + # Compute libraries that are listed more than once in $predeps + # $postdeps and mark them as special (i.e., whose duplicates are + # not to be eliminated). + pre_post_deps= + if $opt_duplicate_compiler_generated_deps; then + for pre_post_dep in $predeps $postdeps; do + case "$pre_post_deps " in + *" $pre_post_dep "*) func_append specialdeplibs " $pre_post_deps" ;; + esac + func_append pre_post_deps " $pre_post_dep" + done + fi + pre_post_deps= + fi + + deplibs= + newdependency_libs= + newlib_search_path= + need_relink=no # whether we're linking any uninstalled libtool libraries + notinst_deplibs= # not-installed libtool libraries + notinst_path= # paths that contain not-installed libtool libraries + + case $linkmode in + lib) + passes="conv dlpreopen link" + for file in $dlfiles $dlprefiles; do + case $file in + *.la) ;; + *) + func_fatal_help "libraries can '-dlopen' only libtool libraries: $file" + ;; + esac + done + ;; + prog) + compile_deplibs= + finalize_deplibs= + alldeplibs=false + newdlfiles= + newdlprefiles= + passes="conv scan dlopen dlpreopen link" + ;; + *) passes="conv" + ;; + esac + + for pass in $passes; do + # The preopen pass in lib mode reverses $deplibs; put it back here + # so that -L comes before libs that need it for instance... + if test lib,link = "$linkmode,$pass"; then + ## FIXME: Find the place where the list is rebuilt in the wrong + ## order, and fix it there properly + tmp_deplibs= + for deplib in $deplibs; do + tmp_deplibs="$deplib $tmp_deplibs" + done + deplibs=$tmp_deplibs + fi + + if test lib,link = "$linkmode,$pass" || + test prog,scan = "$linkmode,$pass"; then + libs=$deplibs + deplibs= + fi + if test prog = "$linkmode"; then + case $pass in + dlopen) libs=$dlfiles ;; + dlpreopen) libs=$dlprefiles ;; + link) + libs="$deplibs %DEPLIBS%" + test "X$link_all_deplibs" != Xno && libs="$libs $dependency_libs" + ;; + esac + fi + if test lib,dlpreopen = "$linkmode,$pass"; then + # Collect and forward deplibs of preopened libtool libs + for lib in $dlprefiles; do + # Ignore non-libtool-libs + dependency_libs= + func_resolve_sysroot "$lib" + case $lib in + *.la) func_source "$func_resolve_sysroot_result" ;; + esac + + # Collect preopened libtool deplibs, except any this library + # has declared as weak libs + for deplib in $dependency_libs; do + func_basename "$deplib" + deplib_base=$func_basename_result + case " $weak_libs " in + *" $deplib_base "*) ;; + *) func_append deplibs " $deplib" ;; + esac + done + done + libs=$dlprefiles + fi + if test dlopen = "$pass"; then + # Collect dlpreopened libraries + save_deplibs=$deplibs + deplibs= + fi + + for deplib in $libs; do + lib= + found=false + case $deplib in + -mt|-mthreads|-kthread|-Kthread|-pthread|-pthreads|--thread-safe \ + |-threads|-fopenmp|-openmp|-mp|-xopenmp|-omp|-qsmp=*) + if test prog,link = "$linkmode,$pass"; then + compile_deplibs="$deplib $compile_deplibs" + finalize_deplibs="$deplib $finalize_deplibs" + else + func_append compiler_flags " $deplib" + if test lib = "$linkmode"; then + case "$new_inherited_linker_flags " in + *" $deplib "*) ;; + * ) func_append new_inherited_linker_flags " $deplib" ;; + esac + fi + fi + continue + ;; + -l*) + if test lib != "$linkmode" && test prog != "$linkmode"; then + func_warning "'-l' is ignored for archives/objects" + continue + fi + func_stripname '-l' '' "$deplib" + name=$func_stripname_result + if test lib = "$linkmode"; then + searchdirs="$newlib_search_path $lib_search_path $compiler_lib_search_dirs $sys_lib_search_path $shlib_search_path" + else + searchdirs="$newlib_search_path $lib_search_path $sys_lib_search_path $shlib_search_path" + fi + for searchdir in $searchdirs; do + for search_ext in .la $std_shrext .so .a; do + # Search the libtool library + lib=$searchdir/lib$name$search_ext + if test -f "$lib"; then + if test .la = "$search_ext"; then + found=: + else + found=false + fi + break 2 + fi + done + done + if $found; then + # deplib is a libtool library + # If $allow_libtool_libs_with_static_runtimes && $deplib is a stdlib, + # We need to do some special things here, and not later. + if test yes = "$allow_libtool_libs_with_static_runtimes"; then + case " $predeps $postdeps " in + *" $deplib "*) + if func_lalib_p "$lib"; then + library_names= + old_library= + func_source "$lib" + for l in $old_library $library_names; do + ll=$l + done + if test "X$ll" = "X$old_library"; then # only static version available + found=false + func_dirname "$lib" "" "." + ladir=$func_dirname_result + lib=$ladir/$old_library + if test prog,link = "$linkmode,$pass"; then + compile_deplibs="$deplib $compile_deplibs" + finalize_deplibs="$deplib $finalize_deplibs" + else + deplibs="$deplib $deplibs" + test lib = "$linkmode" && newdependency_libs="$deplib $newdependency_libs" + fi + continue + fi + fi + ;; + *) ;; + esac + fi + else + # deplib doesn't seem to be a libtool library + if test prog,link = "$linkmode,$pass"; then + compile_deplibs="$deplib $compile_deplibs" + finalize_deplibs="$deplib $finalize_deplibs" + else + deplibs="$deplib $deplibs" + test lib = "$linkmode" && newdependency_libs="$deplib $newdependency_libs" + fi + continue + fi + ;; # -l + *.ltframework) + if test prog,link = "$linkmode,$pass"; then + compile_deplibs="$deplib $compile_deplibs" + finalize_deplibs="$deplib $finalize_deplibs" + else + deplibs="$deplib $deplibs" + if test lib = "$linkmode"; then + case "$new_inherited_linker_flags " in + *" $deplib "*) ;; + * ) func_append new_inherited_linker_flags " $deplib" ;; + esac + fi + fi + continue + ;; + -L*) + case $linkmode in + lib) + deplibs="$deplib $deplibs" + test conv = "$pass" && continue + newdependency_libs="$deplib $newdependency_libs" + func_stripname '-L' '' "$deplib" + func_resolve_sysroot "$func_stripname_result" + func_append newlib_search_path " $func_resolve_sysroot_result" + ;; + prog) + if test conv = "$pass"; then + deplibs="$deplib $deplibs" + continue + fi + if test scan = "$pass"; then + deplibs="$deplib $deplibs" + else + compile_deplibs="$deplib $compile_deplibs" + finalize_deplibs="$deplib $finalize_deplibs" + fi + func_stripname '-L' '' "$deplib" + func_resolve_sysroot "$func_stripname_result" + func_append newlib_search_path " $func_resolve_sysroot_result" + ;; + *) + func_warning "'-L' is ignored for archives/objects" + ;; + esac # linkmode + continue + ;; # -L + -R*) + if test link = "$pass"; then + func_stripname '-R' '' "$deplib" + func_resolve_sysroot "$func_stripname_result" + dir=$func_resolve_sysroot_result + # Make sure the xrpath contains only unique directories. + case "$xrpath " in + *" $dir "*) ;; + *) func_append xrpath " $dir" ;; + esac + fi + deplibs="$deplib $deplibs" + continue + ;; + *.la) + func_resolve_sysroot "$deplib" + lib=$func_resolve_sysroot_result + ;; + *.$libext) + if test conv = "$pass"; then + deplibs="$deplib $deplibs" + continue + fi + case $linkmode in + lib) + # Linking convenience modules into shared libraries is allowed, + # but linking other static libraries is non-portable. + case " $dlpreconveniencelibs " in + *" $deplib "*) ;; + *) + valid_a_lib=false + case $deplibs_check_method in + match_pattern*) + set dummy $deplibs_check_method; shift + match_pattern_regex=`expr "$deplibs_check_method" : "$1 \(.*\)"` + if eval "\$ECHO \"$deplib\"" 2>/dev/null | $SED 10q \ + | $EGREP "$match_pattern_regex" > /dev/null; then + valid_a_lib=: + fi + ;; + pass_all) + valid_a_lib=: + ;; + esac + if $valid_a_lib; then + echo + $ECHO "*** Warning: Linking the shared library $output against the" + $ECHO "*** static library $deplib is not portable!" + deplibs="$deplib $deplibs" + else + echo + $ECHO "*** Warning: Trying to link with static lib archive $deplib." + echo "*** I have the capability to make that library automatically link in when" + echo "*** you link to this library. But I can only do this if you have a" + echo "*** shared version of the library, which you do not appear to have" + echo "*** because the file extensions .$libext of this argument makes me believe" + echo "*** that it is just a static archive that I should not use here." + fi + ;; + esac + continue + ;; + prog) + if test link != "$pass"; then + deplibs="$deplib $deplibs" + else + compile_deplibs="$deplib $compile_deplibs" + finalize_deplibs="$deplib $finalize_deplibs" + fi + continue + ;; + esac # linkmode + ;; # *.$libext + *.lo | *.$objext) + if test conv = "$pass"; then + deplibs="$deplib $deplibs" + elif test prog = "$linkmode"; then + if test dlpreopen = "$pass" || test yes != "$dlopen_support" || test no = "$build_libtool_libs"; then + # If there is no dlopen support or we're linking statically, + # we need to preload. + func_append newdlprefiles " $deplib" + compile_deplibs="$deplib $compile_deplibs" + finalize_deplibs="$deplib $finalize_deplibs" + else + func_append newdlfiles " $deplib" + fi + fi + continue + ;; + %DEPLIBS%) + alldeplibs=: + continue + ;; + esac # case $deplib + + $found || test -f "$lib" \ + || func_fatal_error "cannot find the library '$lib' or unhandled argument '$deplib'" + + # Check to see that this really is a libtool archive. + func_lalib_unsafe_p "$lib" \ + || func_fatal_error "'$lib' is not a valid libtool archive" + + func_dirname "$lib" "" "." + ladir=$func_dirname_result + + dlname= + dlopen= + dlpreopen= + libdir= + library_names= + old_library= + inherited_linker_flags= + # If the library was installed with an old release of libtool, + # it will not redefine variables installed, or shouldnotlink + installed=yes + shouldnotlink=no + avoidtemprpath= + + + # Read the .la file + func_source "$lib" + + # Convert "-framework foo" to "foo.ltframework" + if test -n "$inherited_linker_flags"; then + tmp_inherited_linker_flags=`$ECHO "$inherited_linker_flags" | $SED 's/-framework \([^ $]*\)/\1.ltframework/g'` + for tmp_inherited_linker_flag in $tmp_inherited_linker_flags; do + case " $new_inherited_linker_flags " in + *" $tmp_inherited_linker_flag "*) ;; + *) func_append new_inherited_linker_flags " $tmp_inherited_linker_flag";; + esac + done + fi + dependency_libs=`$ECHO " $dependency_libs" | $SED 's% \([^ $]*\).ltframework% -framework \1%g'` + if test lib,link = "$linkmode,$pass" || + test prog,scan = "$linkmode,$pass" || + { test prog != "$linkmode" && test lib != "$linkmode"; }; then + test -n "$dlopen" && func_append dlfiles " $dlopen" + test -n "$dlpreopen" && func_append dlprefiles " $dlpreopen" + fi + + if test conv = "$pass"; then + # Only check for convenience libraries + deplibs="$lib $deplibs" + if test -z "$libdir"; then + if test -z "$old_library"; then + func_fatal_error "cannot find name of link library for '$lib'" + fi + # It is a libtool convenience library, so add in its objects. + func_append convenience " $ladir/$objdir/$old_library" + func_append old_convenience " $ladir/$objdir/$old_library" + tmp_libs= + for deplib in $dependency_libs; do + deplibs="$deplib $deplibs" + if $opt_preserve_dup_deps; then + case "$tmp_libs " in + *" $deplib "*) func_append specialdeplibs " $deplib" ;; + esac + fi + func_append tmp_libs " $deplib" + done + elif test prog != "$linkmode" && test lib != "$linkmode"; then + func_fatal_error "'$lib' is not a convenience library" + fi + continue + fi # $pass = conv + + + # Get the name of the library we link against. + linklib= + if test -n "$old_library" && + { test yes = "$prefer_static_libs" || + test built,no = "$prefer_static_libs,$installed"; }; then + linklib=$old_library + else + for l in $old_library $library_names; do + linklib=$l + done + fi + if test -z "$linklib"; then + func_fatal_error "cannot find name of link library for '$lib'" + fi + + # This library was specified with -dlopen. + if test dlopen = "$pass"; then + test -z "$libdir" \ + && func_fatal_error "cannot -dlopen a convenience library: '$lib'" + if test -z "$dlname" || + test yes != "$dlopen_support" || + test no = "$build_libtool_libs" + then + # If there is no dlname, no dlopen support or we're linking + # statically, we need to preload. We also need to preload any + # dependent libraries so libltdl's deplib preloader doesn't + # bomb out in the load deplibs phase. + func_append dlprefiles " $lib $dependency_libs" + else + func_append newdlfiles " $lib" + fi + continue + fi # $pass = dlopen + + # We need an absolute path. + case $ladir in + [\\/]* | [A-Za-z]:[\\/]*) abs_ladir=$ladir ;; + *) + abs_ladir=`cd "$ladir" && pwd` + if test -z "$abs_ladir"; then + func_warning "cannot determine absolute directory name of '$ladir'" + func_warning "passing it literally to the linker, although it might fail" + abs_ladir=$ladir + fi + ;; + esac + func_basename "$lib" + laname=$func_basename_result + + # Find the relevant object directory and library name. + if test yes = "$installed"; then + if test ! -f "$lt_sysroot$libdir/$linklib" && test -f "$abs_ladir/$linklib"; then + func_warning "library '$lib' was moved." + dir=$ladir + absdir=$abs_ladir + libdir=$abs_ladir + else + dir=$lt_sysroot$libdir + absdir=$lt_sysroot$libdir + fi + test yes = "$hardcode_automatic" && avoidtemprpath=yes + else + if test ! -f "$ladir/$objdir/$linklib" && test -f "$abs_ladir/$linklib"; then + dir=$ladir + absdir=$abs_ladir + # Remove this search path later + func_append notinst_path " $abs_ladir" + else + dir=$ladir/$objdir + absdir=$abs_ladir/$objdir + # Remove this search path later + func_append notinst_path " $abs_ladir" + fi + fi # $installed = yes + func_stripname 'lib' '.la' "$laname" + name=$func_stripname_result + + # This library was specified with -dlpreopen. + if test dlpreopen = "$pass"; then + if test -z "$libdir" && test prog = "$linkmode"; then + func_fatal_error "only libraries may -dlpreopen a convenience library: '$lib'" + fi + case $host in + # special handling for platforms with PE-DLLs. + *cygwin* | *mingw* | *cegcc* ) + # Linker will automatically link against shared library if both + # static and shared are present. Therefore, ensure we extract + # symbols from the import library if a shared library is present + # (otherwise, the dlopen module name will be incorrect). We do + # this by putting the import library name into $newdlprefiles. + # We recover the dlopen module name by 'saving' the la file + # name in a special purpose variable, and (later) extracting the + # dlname from the la file. + if test -n "$dlname"; then + func_tr_sh "$dir/$linklib" + eval "libfile_$func_tr_sh_result=\$abs_ladir/\$laname" + func_append newdlprefiles " $dir/$linklib" + else + func_append newdlprefiles " $dir/$old_library" + # Keep a list of preopened convenience libraries to check + # that they are being used correctly in the link pass. + test -z "$libdir" && \ + func_append dlpreconveniencelibs " $dir/$old_library" + fi + ;; + * ) + # Prefer using a static library (so that no silly _DYNAMIC symbols + # are required to link). + if test -n "$old_library"; then + func_append newdlprefiles " $dir/$old_library" + # Keep a list of preopened convenience libraries to check + # that they are being used correctly in the link pass. + test -z "$libdir" && \ + func_append dlpreconveniencelibs " $dir/$old_library" + # Otherwise, use the dlname, so that lt_dlopen finds it. + elif test -n "$dlname"; then + func_append newdlprefiles " $dir/$dlname" + else + func_append newdlprefiles " $dir/$linklib" + fi + ;; + esac + fi # $pass = dlpreopen + + if test -z "$libdir"; then + # Link the convenience library + if test lib = "$linkmode"; then + deplibs="$dir/$old_library $deplibs" + elif test prog,link = "$linkmode,$pass"; then + compile_deplibs="$dir/$old_library $compile_deplibs" + finalize_deplibs="$dir/$old_library $finalize_deplibs" + else + deplibs="$lib $deplibs" # used for prog,scan pass + fi + continue + fi + + + if test prog = "$linkmode" && test link != "$pass"; then + func_append newlib_search_path " $ladir" + deplibs="$lib $deplibs" + + linkalldeplibs=false + if test no != "$link_all_deplibs" || test -z "$library_names" || + test no = "$build_libtool_libs"; then + linkalldeplibs=: + fi + + tmp_libs= + for deplib in $dependency_libs; do + case $deplib in + -L*) func_stripname '-L' '' "$deplib" + func_resolve_sysroot "$func_stripname_result" + func_append newlib_search_path " $func_resolve_sysroot_result" + ;; + esac + # Need to link against all dependency_libs? + if $linkalldeplibs; then + deplibs="$deplib $deplibs" + else + # Need to hardcode shared library paths + # or/and link against static libraries + newdependency_libs="$deplib $newdependency_libs" + fi + if $opt_preserve_dup_deps; then + case "$tmp_libs " in + *" $deplib "*) func_append specialdeplibs " $deplib" ;; + esac + fi + func_append tmp_libs " $deplib" + done # for deplib + continue + fi # $linkmode = prog... + + if test prog,link = "$linkmode,$pass"; then + if test -n "$library_names" && + { { test no = "$prefer_static_libs" || + test built,yes = "$prefer_static_libs,$installed"; } || + test -z "$old_library"; }; then + # We need to hardcode the library path + if test -n "$shlibpath_var" && test -z "$avoidtemprpath"; then + # Make sure the rpath contains only unique directories. + case $temp_rpath: in + *"$absdir:"*) ;; + *) func_append temp_rpath "$absdir:" ;; + esac + fi + + # Hardcode the library path. + # Skip directories that are in the system default run-time + # search path. + case " $sys_lib_dlsearch_path " in + *" $absdir "*) ;; + *) + case "$compile_rpath " in + *" $absdir "*) ;; + *) func_append compile_rpath " $absdir" ;; + esac + ;; + esac + case " $sys_lib_dlsearch_path " in + *" $libdir "*) ;; + *) + case "$finalize_rpath " in + *" $libdir "*) ;; + *) func_append finalize_rpath " $libdir" ;; + esac + ;; + esac + fi # $linkmode,$pass = prog,link... + + if $alldeplibs && + { test pass_all = "$deplibs_check_method" || + { test yes = "$build_libtool_libs" && + test -n "$library_names"; }; }; then + # We only need to search for static libraries + continue + fi + fi + + link_static=no # Whether the deplib will be linked statically + use_static_libs=$prefer_static_libs + if test built = "$use_static_libs" && test yes = "$installed"; then + use_static_libs=no + fi + if test -n "$library_names" && + { test no = "$use_static_libs" || test -z "$old_library"; }; then + case $host in + *cygwin* | *mingw* | *cegcc* | *os2*) + # No point in relinking DLLs because paths are not encoded + func_append notinst_deplibs " $lib" + need_relink=no + ;; + *) + if test no = "$installed"; then + func_append notinst_deplibs " $lib" + need_relink=yes + fi + ;; + esac + # This is a shared library + + # Warn about portability, can't link against -module's on some + # systems (darwin). Don't bleat about dlopened modules though! + dlopenmodule= + for dlpremoduletest in $dlprefiles; do + if test "X$dlpremoduletest" = "X$lib"; then + dlopenmodule=$dlpremoduletest + break + fi + done + if test -z "$dlopenmodule" && test yes = "$shouldnotlink" && test link = "$pass"; then + echo + if test prog = "$linkmode"; then + $ECHO "*** Warning: Linking the executable $output against the loadable module" + else + $ECHO "*** Warning: Linking the shared library $output against the loadable module" + fi + $ECHO "*** $linklib is not portable!" + fi + if test lib = "$linkmode" && + test yes = "$hardcode_into_libs"; then + # Hardcode the library path. + # Skip directories that are in the system default run-time + # search path. + case " $sys_lib_dlsearch_path " in + *" $absdir "*) ;; + *) + case "$compile_rpath " in + *" $absdir "*) ;; + *) func_append compile_rpath " $absdir" ;; + esac + ;; + esac + case " $sys_lib_dlsearch_path " in + *" $libdir "*) ;; + *) + case "$finalize_rpath " in + *" $libdir "*) ;; + *) func_append finalize_rpath " $libdir" ;; + esac + ;; + esac + fi + + if test -n "$old_archive_from_expsyms_cmds"; then + # figure out the soname + set dummy $library_names + shift + realname=$1 + shift + libname=`eval "\\$ECHO \"$libname_spec\""` + # use dlname if we got it. it's perfectly good, no? + if test -n "$dlname"; then + soname=$dlname + elif test -n "$soname_spec"; then + # bleh windows + case $host in + *cygwin* | mingw* | *cegcc* | *os2*) + func_arith $current - $age + major=$func_arith_result + versuffix=-$major + ;; + esac + eval soname=\"$soname_spec\" + else + soname=$realname + fi + + # Make a new name for the extract_expsyms_cmds to use + soroot=$soname + func_basename "$soroot" + soname=$func_basename_result + func_stripname 'lib' '.dll' "$soname" + newlib=libimp-$func_stripname_result.a + + # If the library has no export list, then create one now + if test -f "$output_objdir/$soname-def"; then : + else + func_verbose "extracting exported symbol list from '$soname'" + func_execute_cmds "$extract_expsyms_cmds" 'exit $?' + fi + + # Create $newlib + if test -f "$output_objdir/$newlib"; then :; else + func_verbose "generating import library for '$soname'" + func_execute_cmds "$old_archive_from_expsyms_cmds" 'exit $?' + fi + # make sure the library variables are pointing to the new library + dir=$output_objdir + linklib=$newlib + fi # test -n "$old_archive_from_expsyms_cmds" + + if test prog = "$linkmode" || test relink != "$opt_mode"; then + add_shlibpath= + add_dir= + add= + lib_linked=yes + case $hardcode_action in + immediate | unsupported) + if test no = "$hardcode_direct"; then + add=$dir/$linklib + case $host in + *-*-sco3.2v5.0.[024]*) add_dir=-L$dir ;; + *-*-sysv4*uw2*) add_dir=-L$dir ;; + *-*-sysv5OpenUNIX* | *-*-sysv5UnixWare7.[01].[10]* | \ + *-*-unixware7*) add_dir=-L$dir ;; + *-*-darwin* ) + # if the lib is a (non-dlopened) module then we cannot + # link against it, someone is ignoring the earlier warnings + if /usr/bin/file -L $add 2> /dev/null | + $GREP ": [^:]* bundle" >/dev/null; then + if test "X$dlopenmodule" != "X$lib"; then + $ECHO "*** Warning: lib $linklib is a module, not a shared library" + if test -z "$old_library"; then + echo + echo "*** And there doesn't seem to be a static archive available" + echo "*** The link will probably fail, sorry" + else + add=$dir/$old_library + fi + elif test -n "$old_library"; then + add=$dir/$old_library + fi + fi + esac + elif test no = "$hardcode_minus_L"; then + case $host in + *-*-sunos*) add_shlibpath=$dir ;; + esac + add_dir=-L$dir + add=-l$name + elif test no = "$hardcode_shlibpath_var"; then + add_shlibpath=$dir + add=-l$name + else + lib_linked=no + fi + ;; + relink) + if test yes = "$hardcode_direct" && + test no = "$hardcode_direct_absolute"; then + add=$dir/$linklib + elif test yes = "$hardcode_minus_L"; then + add_dir=-L$absdir + # Try looking first in the location we're being installed to. + if test -n "$inst_prefix_dir"; then + case $libdir in + [\\/]*) + func_append add_dir " -L$inst_prefix_dir$libdir" + ;; + esac + fi + add=-l$name + elif test yes = "$hardcode_shlibpath_var"; then + add_shlibpath=$dir + add=-l$name + else + lib_linked=no + fi + ;; + *) lib_linked=no ;; + esac + + if test yes != "$lib_linked"; then + func_fatal_configuration "unsupported hardcode properties" + fi + + if test -n "$add_shlibpath"; then + case :$compile_shlibpath: in + *":$add_shlibpath:"*) ;; + *) func_append compile_shlibpath "$add_shlibpath:" ;; + esac + fi + if test prog = "$linkmode"; then + test -n "$add_dir" && compile_deplibs="$add_dir $compile_deplibs" + test -n "$add" && compile_deplibs="$add $compile_deplibs" + else + test -n "$add_dir" && deplibs="$add_dir $deplibs" + test -n "$add" && deplibs="$add $deplibs" + if test yes != "$hardcode_direct" && + test yes != "$hardcode_minus_L" && + test yes = "$hardcode_shlibpath_var"; then + case :$finalize_shlibpath: in + *":$libdir:"*) ;; + *) func_append finalize_shlibpath "$libdir:" ;; + esac + fi + fi + fi + + if test prog = "$linkmode" || test relink = "$opt_mode"; then + add_shlibpath= + add_dir= + add= + # Finalize command for both is simple: just hardcode it. + if test yes = "$hardcode_direct" && + test no = "$hardcode_direct_absolute"; then + add=$libdir/$linklib + elif test yes = "$hardcode_minus_L"; then + add_dir=-L$libdir + add=-l$name + elif test yes = "$hardcode_shlibpath_var"; then + case :$finalize_shlibpath: in + *":$libdir:"*) ;; + *) func_append finalize_shlibpath "$libdir:" ;; + esac + add=-l$name + elif test yes = "$hardcode_automatic"; then + if test -n "$inst_prefix_dir" && + test -f "$inst_prefix_dir$libdir/$linklib"; then + add=$inst_prefix_dir$libdir/$linklib + else + add=$libdir/$linklib + fi + else + # We cannot seem to hardcode it, guess we'll fake it. + add_dir=-L$libdir + # Try looking first in the location we're being installed to. + if test -n "$inst_prefix_dir"; then + case $libdir in + [\\/]*) + func_append add_dir " -L$inst_prefix_dir$libdir" + ;; + esac + fi + add=-l$name + fi + + if test prog = "$linkmode"; then + test -n "$add_dir" && finalize_deplibs="$add_dir $finalize_deplibs" + test -n "$add" && finalize_deplibs="$add $finalize_deplibs" + else + test -n "$add_dir" && deplibs="$add_dir $deplibs" + test -n "$add" && deplibs="$add $deplibs" + fi + fi + elif test prog = "$linkmode"; then + # Here we assume that one of hardcode_direct or hardcode_minus_L + # is not unsupported. This is valid on all known static and + # shared platforms. + if test unsupported != "$hardcode_direct"; then + test -n "$old_library" && linklib=$old_library + compile_deplibs="$dir/$linklib $compile_deplibs" + finalize_deplibs="$dir/$linklib $finalize_deplibs" + else + compile_deplibs="-l$name -L$dir $compile_deplibs" + finalize_deplibs="-l$name -L$dir $finalize_deplibs" + fi + elif test yes = "$build_libtool_libs"; then + # Not a shared library + if test pass_all != "$deplibs_check_method"; then + # We're trying link a shared library against a static one + # but the system doesn't support it. + + # Just print a warning and add the library to dependency_libs so + # that the program can be linked against the static library. + echo + $ECHO "*** Warning: This system cannot link to static lib archive $lib." + echo "*** I have the capability to make that library automatically link in when" + echo "*** you link to this library. But I can only do this if you have a" + echo "*** shared version of the library, which you do not appear to have." + if test yes = "$module"; then + echo "*** But as you try to build a module library, libtool will still create " + echo "*** a static module, that should work as long as the dlopening application" + echo "*** is linked with the -dlopen flag to resolve symbols at runtime." + if test -z "$global_symbol_pipe"; then + echo + echo "*** However, this would only work if libtool was able to extract symbol" + echo "*** lists from a program, using 'nm' or equivalent, but libtool could" + echo "*** not find such a program. So, this module is probably useless." + echo "*** 'nm' from GNU binutils and a full rebuild may help." + fi + if test no = "$build_old_libs"; then + build_libtool_libs=module + build_old_libs=yes + else + build_libtool_libs=no + fi + fi + else + deplibs="$dir/$old_library $deplibs" + link_static=yes + fi + fi # link shared/static library? + + if test lib = "$linkmode"; then + if test -n "$dependency_libs" && + { test yes != "$hardcode_into_libs" || + test yes = "$build_old_libs" || + test yes = "$link_static"; }; then + # Extract -R from dependency_libs + temp_deplibs= + for libdir in $dependency_libs; do + case $libdir in + -R*) func_stripname '-R' '' "$libdir" + temp_xrpath=$func_stripname_result + case " $xrpath " in + *" $temp_xrpath "*) ;; + *) func_append xrpath " $temp_xrpath";; + esac;; + *) func_append temp_deplibs " $libdir";; + esac + done + dependency_libs=$temp_deplibs + fi + + func_append newlib_search_path " $absdir" + # Link against this library + test no = "$link_static" && newdependency_libs="$abs_ladir/$laname $newdependency_libs" + # ... and its dependency_libs + tmp_libs= + for deplib in $dependency_libs; do + newdependency_libs="$deplib $newdependency_libs" + case $deplib in + -L*) func_stripname '-L' '' "$deplib" + func_resolve_sysroot "$func_stripname_result";; + *) func_resolve_sysroot "$deplib" ;; + esac + if $opt_preserve_dup_deps; then + case "$tmp_libs " in + *" $func_resolve_sysroot_result "*) + func_append specialdeplibs " $func_resolve_sysroot_result" ;; + esac + fi + func_append tmp_libs " $func_resolve_sysroot_result" + done + + if test no != "$link_all_deplibs"; then + # Add the search paths of all dependency libraries + for deplib in $dependency_libs; do + path= + case $deplib in + -L*) path=$deplib ;; + *.la) + func_resolve_sysroot "$deplib" + deplib=$func_resolve_sysroot_result + func_dirname "$deplib" "" "." + dir=$func_dirname_result + # We need an absolute path. + case $dir in + [\\/]* | [A-Za-z]:[\\/]*) absdir=$dir ;; + *) + absdir=`cd "$dir" && pwd` + if test -z "$absdir"; then + func_warning "cannot determine absolute directory name of '$dir'" + absdir=$dir + fi + ;; + esac + if $GREP "^installed=no" $deplib > /dev/null; then + case $host in + *-*-darwin*) + depdepl= + eval deplibrary_names=`$SED -n -e 's/^library_names=\(.*\)$/\1/p' $deplib` + if test -n "$deplibrary_names"; then + for tmp in $deplibrary_names; do + depdepl=$tmp + done + if test -f "$absdir/$objdir/$depdepl"; then + depdepl=$absdir/$objdir/$depdepl + darwin_install_name=`$OTOOL -L $depdepl | awk '{if (NR == 2) {print $1;exit}}'` + if test -z "$darwin_install_name"; then + darwin_install_name=`$OTOOL64 -L $depdepl | awk '{if (NR == 2) {print $1;exit}}'` + fi + func_append compiler_flags " $wl-dylib_file $wl$darwin_install_name:$depdepl" + func_append linker_flags " -dylib_file $darwin_install_name:$depdepl" + path= + fi + fi + ;; + *) + path=-L$absdir/$objdir + ;; + esac + else + eval libdir=`$SED -n -e 's/^libdir=\(.*\)$/\1/p' $deplib` + test -z "$libdir" && \ + func_fatal_error "'$deplib' is not a valid libtool archive" + test "$absdir" != "$libdir" && \ + func_warning "'$deplib' seems to be moved" + + path=-L$absdir + fi + ;; + esac + case " $deplibs " in + *" $path "*) ;; + *) deplibs="$path $deplibs" ;; + esac + done + fi # link_all_deplibs != no + fi # linkmode = lib + done # for deplib in $libs + if test link = "$pass"; then + if test prog = "$linkmode"; then + compile_deplibs="$new_inherited_linker_flags $compile_deplibs" + finalize_deplibs="$new_inherited_linker_flags $finalize_deplibs" + else + compiler_flags="$compiler_flags "`$ECHO " $new_inherited_linker_flags" | $SED 's% \([^ $]*\).ltframework% -framework \1%g'` + fi + fi + dependency_libs=$newdependency_libs + if test dlpreopen = "$pass"; then + # Link the dlpreopened libraries before other libraries + for deplib in $save_deplibs; do + deplibs="$deplib $deplibs" + done + fi + if test dlopen != "$pass"; then + test conv = "$pass" || { + # Make sure lib_search_path contains only unique directories. + lib_search_path= + for dir in $newlib_search_path; do + case "$lib_search_path " in + *" $dir "*) ;; + *) func_append lib_search_path " $dir" ;; + esac + done + newlib_search_path= + } + + if test prog,link = "$linkmode,$pass"; then + vars="compile_deplibs finalize_deplibs" + else + vars=deplibs + fi + for var in $vars dependency_libs; do + # Add libraries to $var in reverse order + eval tmp_libs=\"\$$var\" + new_libs= + for deplib in $tmp_libs; do + # FIXME: Pedantically, this is the right thing to do, so + # that some nasty dependency loop isn't accidentally + # broken: + #new_libs="$deplib $new_libs" + # Pragmatically, this seems to cause very few problems in + # practice: + case $deplib in + -L*) new_libs="$deplib $new_libs" ;; + -R*) ;; + *) + # And here is the reason: when a library appears more + # than once as an explicit dependence of a library, or + # is implicitly linked in more than once by the + # compiler, it is considered special, and multiple + # occurrences thereof are not removed. Compare this + # with having the same library being listed as a + # dependency of multiple other libraries: in this case, + # we know (pedantically, we assume) the library does not + # need to be listed more than once, so we keep only the + # last copy. This is not always right, but it is rare + # enough that we require users that really mean to play + # such unportable linking tricks to link the library + # using -Wl,-lname, so that libtool does not consider it + # for duplicate removal. + case " $specialdeplibs " in + *" $deplib "*) new_libs="$deplib $new_libs" ;; + *) + case " $new_libs " in + *" $deplib "*) ;; + *) new_libs="$deplib $new_libs" ;; + esac + ;; + esac + ;; + esac + done + tmp_libs= + for deplib in $new_libs; do + case $deplib in + -L*) + case " $tmp_libs " in + *" $deplib "*) ;; + *) func_append tmp_libs " $deplib" ;; + esac + ;; + *) func_append tmp_libs " $deplib" ;; + esac + done + eval $var=\"$tmp_libs\" + done # for var + fi + + # Add Sun CC postdeps if required: + test CXX = "$tagname" && { + case $host_os in + linux*) + case `$CC -V 2>&1 | sed 5q` in + *Sun\ C*) # Sun C++ 5.9 + func_suncc_cstd_abi + + if test no != "$suncc_use_cstd_abi"; then + func_append postdeps ' -library=Cstd -library=Crun' + fi + ;; + esac + ;; + + solaris*) + func_cc_basename "$CC" + case $func_cc_basename_result in + CC* | sunCC*) + func_suncc_cstd_abi + + if test no != "$suncc_use_cstd_abi"; then + func_append postdeps ' -library=Cstd -library=Crun' + fi + ;; + esac + ;; + esac + } + + # Last step: remove runtime libs from dependency_libs + # (they stay in deplibs) + tmp_libs= + for i in $dependency_libs; do + case " $predeps $postdeps $compiler_lib_search_path " in + *" $i "*) + i= + ;; + esac + if test -n "$i"; then + func_append tmp_libs " $i" + fi + done + dependency_libs=$tmp_libs + done # for pass + if test prog = "$linkmode"; then + dlfiles=$newdlfiles + fi + if test prog = "$linkmode" || test lib = "$linkmode"; then + dlprefiles=$newdlprefiles + fi + + case $linkmode in + oldlib) + if test -n "$dlfiles$dlprefiles" || test no != "$dlself"; then + func_warning "'-dlopen' is ignored for archives" + fi + + case " $deplibs" in + *\ -l* | *\ -L*) + func_warning "'-l' and '-L' are ignored for archives" ;; + esac + + test -n "$rpath" && \ + func_warning "'-rpath' is ignored for archives" + + test -n "$xrpath" && \ + func_warning "'-R' is ignored for archives" + + test -n "$vinfo" && \ + func_warning "'-version-info/-version-number' is ignored for archives" + + test -n "$release" && \ + func_warning "'-release' is ignored for archives" + + test -n "$export_symbols$export_symbols_regex" && \ + func_warning "'-export-symbols' is ignored for archives" + + # Now set the variables for building old libraries. + build_libtool_libs=no + oldlibs=$output + func_append objs "$old_deplibs" + ;; + + lib) + # Make sure we only generate libraries of the form 'libNAME.la'. + case $outputname in + lib*) + func_stripname 'lib' '.la' "$outputname" + name=$func_stripname_result + eval shared_ext=\"$shrext_cmds\" + eval libname=\"$libname_spec\" + ;; + *) + test no = "$module" \ + && func_fatal_help "libtool library '$output' must begin with 'lib'" + + if test no != "$need_lib_prefix"; then + # Add the "lib" prefix for modules if required + func_stripname '' '.la' "$outputname" + name=$func_stripname_result + eval shared_ext=\"$shrext_cmds\" + eval libname=\"$libname_spec\" + else + func_stripname '' '.la' "$outputname" + libname=$func_stripname_result + fi + ;; + esac + + if test -n "$objs"; then + if test pass_all != "$deplibs_check_method"; then + func_fatal_error "cannot build libtool library '$output' from non-libtool objects on this host:$objs" + else + echo + $ECHO "*** Warning: Linking the shared library $output against the non-libtool" + $ECHO "*** objects $objs is not portable!" + func_append libobjs " $objs" + fi + fi + + test no = "$dlself" \ + || func_warning "'-dlopen self' is ignored for libtool libraries" + + set dummy $rpath + shift + test 1 -lt "$#" \ + && func_warning "ignoring multiple '-rpath's for a libtool library" + + install_libdir=$1 + + oldlibs= + if test -z "$rpath"; then + if test yes = "$build_libtool_libs"; then + # Building a libtool convenience library. + # Some compilers have problems with a '.al' extension so + # convenience libraries should have the same extension an + # archive normally would. + oldlibs="$output_objdir/$libname.$libext $oldlibs" + build_libtool_libs=convenience + build_old_libs=yes + fi + + test -n "$vinfo" && \ + func_warning "'-version-info/-version-number' is ignored for convenience libraries" + + test -n "$release" && \ + func_warning "'-release' is ignored for convenience libraries" + else + + # Parse the version information argument. + save_ifs=$IFS; IFS=: + set dummy $vinfo 0 0 0 + shift + IFS=$save_ifs + + test -n "$7" && \ + func_fatal_help "too many parameters to '-version-info'" + + # convert absolute version numbers to libtool ages + # this retains compatibility with .la files and attempts + # to make the code below a bit more comprehensible + + case $vinfo_number in + yes) + number_major=$1 + number_minor=$2 + number_revision=$3 + # + # There are really only two kinds -- those that + # use the current revision as the major version + # and those that subtract age and use age as + # a minor version. But, then there is irix + # that has an extra 1 added just for fun + # + case $version_type in + # correct linux to gnu/linux during the next big refactor + darwin|freebsd-elf|linux|osf|windows|none) + func_arith $number_major + $number_minor + current=$func_arith_result + age=$number_minor + revision=$number_revision + ;; + freebsd-aout|qnx|sunos) + current=$number_major + revision=$number_minor + age=0 + ;; + irix|nonstopux) + func_arith $number_major + $number_minor + current=$func_arith_result + age=$number_minor + revision=$number_minor + lt_irix_increment=no + ;; + *) + func_fatal_configuration "$modename: unknown library version type '$version_type'" + ;; + esac + ;; + no) + current=$1 + revision=$2 + age=$3 + ;; + esac + + # Check that each of the things are valid numbers. + case $current in + 0|[1-9]|[1-9][0-9]|[1-9][0-9][0-9]|[1-9][0-9][0-9][0-9]|[1-9][0-9][0-9][0-9][0-9]) ;; + *) + func_error "CURRENT '$current' must be a nonnegative integer" + func_fatal_error "'$vinfo' is not valid version information" + ;; + esac + + case $revision in + 0|[1-9]|[1-9][0-9]|[1-9][0-9][0-9]|[1-9][0-9][0-9][0-9]|[1-9][0-9][0-9][0-9][0-9]) ;; + *) + func_error "REVISION '$revision' must be a nonnegative integer" + func_fatal_error "'$vinfo' is not valid version information" + ;; + esac + + case $age in + 0|[1-9]|[1-9][0-9]|[1-9][0-9][0-9]|[1-9][0-9][0-9][0-9]|[1-9][0-9][0-9][0-9][0-9]) ;; + *) + func_error "AGE '$age' must be a nonnegative integer" + func_fatal_error "'$vinfo' is not valid version information" + ;; + esac + + if test "$age" -gt "$current"; then + func_error "AGE '$age' is greater than the current interface number '$current'" + func_fatal_error "'$vinfo' is not valid version information" + fi + + # Calculate the version variables. + major= + versuffix= + verstring= + case $version_type in + none) ;; + + darwin) + # Like Linux, but with the current version available in + # verstring for coding it into the library header + func_arith $current - $age + major=.$func_arith_result + versuffix=$major.$age.$revision + # Darwin ld doesn't like 0 for these options... + func_arith $current + 1 + minor_current=$func_arith_result + xlcverstring="$wl-compatibility_version $wl$minor_current $wl-current_version $wl$minor_current.$revision" + verstring="-compatibility_version $minor_current -current_version $minor_current.$revision" + # On Darwin other compilers + case $CC in + nagfor*) + verstring="$wl-compatibility_version $wl$minor_current $wl-current_version $wl$minor_current.$revision" + ;; + *) + verstring="-compatibility_version $minor_current -current_version $minor_current.$revision" + ;; + esac + ;; + + freebsd-aout) + major=.$current + versuffix=.$current.$revision + ;; + + freebsd-elf) + func_arith $current - $age + major=.$func_arith_result + versuffix=$major.$age.$revision + ;; + + irix | nonstopux) + if test no = "$lt_irix_increment"; then + func_arith $current - $age + else + func_arith $current - $age + 1 + fi + major=$func_arith_result + + case $version_type in + nonstopux) verstring_prefix=nonstopux ;; + *) verstring_prefix=sgi ;; + esac + verstring=$verstring_prefix$major.$revision + + # Add in all the interfaces that we are compatible with. + loop=$revision + while test 0 -ne "$loop"; do + func_arith $revision - $loop + iface=$func_arith_result + func_arith $loop - 1 + loop=$func_arith_result + verstring=$verstring_prefix$major.$iface:$verstring + done + + # Before this point, $major must not contain '.'. + major=.$major + versuffix=$major.$revision + ;; + + linux) # correct to gnu/linux during the next big refactor + func_arith $current - $age + major=.$func_arith_result + versuffix=$major.$age.$revision + ;; + + osf) + func_arith $current - $age + major=.$func_arith_result + versuffix=.$current.$age.$revision + verstring=$current.$age.$revision + + # Add in all the interfaces that we are compatible with. + loop=$age + while test 0 -ne "$loop"; do + func_arith $current - $loop + iface=$func_arith_result + func_arith $loop - 1 + loop=$func_arith_result + verstring=$verstring:$iface.0 + done + + # Make executables depend on our current version. + func_append verstring ":$current.0" + ;; + + qnx) + major=.$current + versuffix=.$current + ;; + + sco) + major=.$current + versuffix=.$current + ;; + + sunos) + major=.$current + versuffix=.$current.$revision + ;; + + windows) + # Use '-' rather than '.', since we only want one + # extension on DOS 8.3 file systems. + func_arith $current - $age + major=$func_arith_result + versuffix=-$major + ;; + + *) + func_fatal_configuration "unknown library version type '$version_type'" + ;; + esac + + # Clear the version info if we defaulted, and they specified a release. + if test -z "$vinfo" && test -n "$release"; then + major= + case $version_type in + darwin) + # we can't check for "0.0" in archive_cmds due to quoting + # problems, so we reset it completely + verstring= + ;; + *) + verstring=0.0 + ;; + esac + if test no = "$need_version"; then + versuffix= + else + versuffix=.0.0 + fi + fi + + # Remove version info from name if versioning should be avoided + if test yes,no = "$avoid_version,$need_version"; then + major= + versuffix= + verstring= + fi + + # Check to see if the archive will have undefined symbols. + if test yes = "$allow_undefined"; then + if test unsupported = "$allow_undefined_flag"; then + if test yes = "$build_old_libs"; then + func_warning "undefined symbols not allowed in $host shared libraries; building static only" + build_libtool_libs=no + else + func_fatal_error "can't build $host shared library unless -no-undefined is specified" + fi + fi + else + # Don't allow undefined symbols. + allow_undefined_flag=$no_undefined_flag + fi + + fi + + func_generate_dlsyms "$libname" "$libname" : + func_append libobjs " $symfileobj" + test " " = "$libobjs" && libobjs= + + if test relink != "$opt_mode"; then + # Remove our outputs, but don't remove object files since they + # may have been created when compiling PIC objects. + removelist= + tempremovelist=`$ECHO "$output_objdir/*"` + for p in $tempremovelist; do + case $p in + *.$objext | *.gcno) + ;; + $output_objdir/$outputname | $output_objdir/$libname.* | $output_objdir/$libname$release.*) + if test -n "$precious_files_regex"; then + if $ECHO "$p" | $EGREP -e "$precious_files_regex" >/dev/null 2>&1 + then + continue + fi + fi + func_append removelist " $p" + ;; + *) ;; + esac + done + test -n "$removelist" && \ + func_show_eval "${RM}r \$removelist" + fi + + # Now set the variables for building old libraries. + if test yes = "$build_old_libs" && test convenience != "$build_libtool_libs"; then + func_append oldlibs " $output_objdir/$libname.$libext" + + # Transform .lo files to .o files. + oldobjs="$objs "`$ECHO "$libobjs" | $SP2NL | $SED "/\.$libext$/d; $lo2o" | $NL2SP` + fi + + # Eliminate all temporary directories. + #for path in $notinst_path; do + # lib_search_path=`$ECHO "$lib_search_path " | $SED "s% $path % %g"` + # deplibs=`$ECHO "$deplibs " | $SED "s% -L$path % %g"` + # dependency_libs=`$ECHO "$dependency_libs " | $SED "s% -L$path % %g"` + #done + + if test -n "$xrpath"; then + # If the user specified any rpath flags, then add them. + temp_xrpath= + for libdir in $xrpath; do + func_replace_sysroot "$libdir" + func_append temp_xrpath " -R$func_replace_sysroot_result" + case "$finalize_rpath " in + *" $libdir "*) ;; + *) func_append finalize_rpath " $libdir" ;; + esac + done + if test yes != "$hardcode_into_libs" || test yes = "$build_old_libs"; then + dependency_libs="$temp_xrpath $dependency_libs" + fi + fi + + # Make sure dlfiles contains only unique files that won't be dlpreopened + old_dlfiles=$dlfiles + dlfiles= + for lib in $old_dlfiles; do + case " $dlprefiles $dlfiles " in + *" $lib "*) ;; + *) func_append dlfiles " $lib" ;; + esac + done + + # Make sure dlprefiles contains only unique files + old_dlprefiles=$dlprefiles + dlprefiles= + for lib in $old_dlprefiles; do + case "$dlprefiles " in + *" $lib "*) ;; + *) func_append dlprefiles " $lib" ;; + esac + done + + if test yes = "$build_libtool_libs"; then + if test -n "$rpath"; then + case $host in + *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2* | *-*-beos* | *-cegcc* | *-*-haiku*) + # these systems don't actually have a c library (as such)! + ;; + *-*-rhapsody* | *-*-darwin1.[012]) + # Rhapsody C library is in the System framework + func_append deplibs " System.ltframework" + ;; + *-*-netbsd*) + # Don't link with libc until the a.out ld.so is fixed. + ;; + *-*-openbsd* | *-*-freebsd* | *-*-dragonfly*) + # Do not include libc due to us having libc/libc_r. + ;; + *-*-sco3.2v5* | *-*-sco5v6*) + # Causes problems with __ctype + ;; + *-*-sysv4.2uw2* | *-*-sysv5* | *-*-unixware* | *-*-OpenUNIX*) + # Compiler inserts libc in the correct place for threads to work + ;; + *) + # Add libc to deplibs on all other systems if necessary. + if test yes = "$build_libtool_need_lc"; then + func_append deplibs " -lc" + fi + ;; + esac + fi + + # Transform deplibs into only deplibs that can be linked in shared. + name_save=$name + libname_save=$libname + release_save=$release + versuffix_save=$versuffix + major_save=$major + # I'm not sure if I'm treating the release correctly. I think + # release should show up in the -l (ie -lgmp5) so we don't want to + # add it in twice. Is that correct? + release= + versuffix= + major= + newdeplibs= + droppeddeps=no + case $deplibs_check_method in + pass_all) + # Don't check for shared/static. Everything works. + # This might be a little naive. We might want to check + # whether the library exists or not. But this is on + # osf3 & osf4 and I'm not really sure... Just + # implementing what was already the behavior. + newdeplibs=$deplibs + ;; + test_compile) + # This code stresses the "libraries are programs" paradigm to its + # limits. Maybe even breaks it. We compile a program, linking it + # against the deplibs as a proxy for the library. Then we can check + # whether they linked in statically or dynamically with ldd. + $opt_dry_run || $RM conftest.c + cat > conftest.c <<EOF + int main() { return 0; } +EOF + $opt_dry_run || $RM conftest + if $LTCC $LTCFLAGS -o conftest conftest.c $deplibs; then + ldd_output=`ldd conftest` + for i in $deplibs; do + case $i in + -l*) + func_stripname -l '' "$i" + name=$func_stripname_result + if test yes = "$allow_libtool_libs_with_static_runtimes"; then + case " $predeps $postdeps " in + *" $i "*) + func_append newdeplibs " $i" + i= + ;; + esac + fi + if test -n "$i"; then + libname=`eval "\\$ECHO \"$libname_spec\""` + deplib_matches=`eval "\\$ECHO \"$library_names_spec\""` + set dummy $deplib_matches; shift + deplib_match=$1 + if test `expr "$ldd_output" : ".*$deplib_match"` -ne 0; then + func_append newdeplibs " $i" + else + droppeddeps=yes + echo + $ECHO "*** Warning: dynamic linker does not accept needed library $i." + echo "*** I have the capability to make that library automatically link in when" + echo "*** you link to this library. But I can only do this if you have a" + echo "*** shared version of the library, which I believe you do not have" + echo "*** because a test_compile did reveal that the linker did not use it for" + echo "*** its dynamic dependency list that programs get resolved with at runtime." + fi + fi + ;; + *) + func_append newdeplibs " $i" + ;; + esac + done + else + # Error occurred in the first compile. Let's try to salvage + # the situation: Compile a separate program for each library. + for i in $deplibs; do + case $i in + -l*) + func_stripname -l '' "$i" + name=$func_stripname_result + $opt_dry_run || $RM conftest + if $LTCC $LTCFLAGS -o conftest conftest.c $i; then + ldd_output=`ldd conftest` + if test yes = "$allow_libtool_libs_with_static_runtimes"; then + case " $predeps $postdeps " in + *" $i "*) + func_append newdeplibs " $i" + i= + ;; + esac + fi + if test -n "$i"; then + libname=`eval "\\$ECHO \"$libname_spec\""` + deplib_matches=`eval "\\$ECHO \"$library_names_spec\""` + set dummy $deplib_matches; shift + deplib_match=$1 + if test `expr "$ldd_output" : ".*$deplib_match"` -ne 0; then + func_append newdeplibs " $i" + else + droppeddeps=yes + echo + $ECHO "*** Warning: dynamic linker does not accept needed library $i." + echo "*** I have the capability to make that library automatically link in when" + echo "*** you link to this library. But I can only do this if you have a" + echo "*** shared version of the library, which you do not appear to have" + echo "*** because a test_compile did reveal that the linker did not use this one" + echo "*** as a dynamic dependency that programs can get resolved with at runtime." + fi + fi + else + droppeddeps=yes + echo + $ECHO "*** Warning! Library $i is needed by this library but I was not able to" + echo "*** make it link in! You will probably need to install it or some" + echo "*** library that it depends on before this library will be fully" + echo "*** functional. Installing it before continuing would be even better." + fi + ;; + *) + func_append newdeplibs " $i" + ;; + esac + done + fi + ;; + file_magic*) + set dummy $deplibs_check_method; shift + file_magic_regex=`expr "$deplibs_check_method" : "$1 \(.*\)"` + for a_deplib in $deplibs; do + case $a_deplib in + -l*) + func_stripname -l '' "$a_deplib" + name=$func_stripname_result + if test yes = "$allow_libtool_libs_with_static_runtimes"; then + case " $predeps $postdeps " in + *" $a_deplib "*) + func_append newdeplibs " $a_deplib" + a_deplib= + ;; + esac + fi + if test -n "$a_deplib"; then + libname=`eval "\\$ECHO \"$libname_spec\""` + if test -n "$file_magic_glob"; then + libnameglob=`func_echo_all "$libname" | $SED -e $file_magic_glob` + else + libnameglob=$libname + fi + test yes = "$want_nocaseglob" && nocaseglob=`shopt -p nocaseglob` + for i in $lib_search_path $sys_lib_search_path $shlib_search_path; do + if test yes = "$want_nocaseglob"; then + shopt -s nocaseglob + potential_libs=`ls $i/$libnameglob[.-]* 2>/dev/null` + $nocaseglob + else + potential_libs=`ls $i/$libnameglob[.-]* 2>/dev/null` + fi + for potent_lib in $potential_libs; do + # Follow soft links. + if ls -lLd "$potent_lib" 2>/dev/null | + $GREP " -> " >/dev/null; then + continue + fi + # The statement above tries to avoid entering an + # endless loop below, in case of cyclic links. + # We might still enter an endless loop, since a link + # loop can be closed while we follow links, + # but so what? + potlib=$potent_lib + while test -h "$potlib" 2>/dev/null; do + potliblink=`ls -ld $potlib | $SED 's/.* -> //'` + case $potliblink in + [\\/]* | [A-Za-z]:[\\/]*) potlib=$potliblink;; + *) potlib=`$ECHO "$potlib" | $SED 's|[^/]*$||'`"$potliblink";; + esac + done + if eval $file_magic_cmd \"\$potlib\" 2>/dev/null | + $SED -e 10q | + $EGREP "$file_magic_regex" > /dev/null; then + func_append newdeplibs " $a_deplib" + a_deplib= + break 2 + fi + done + done + fi + if test -n "$a_deplib"; then + droppeddeps=yes + echo + $ECHO "*** Warning: linker path does not have real file for library $a_deplib." + echo "*** I have the capability to make that library automatically link in when" + echo "*** you link to this library. But I can only do this if you have a" + echo "*** shared version of the library, which you do not appear to have" + echo "*** because I did check the linker path looking for a file starting" + if test -z "$potlib"; then + $ECHO "*** with $libname but no candidates were found. (...for file magic test)" + else + $ECHO "*** with $libname and none of the candidates passed a file format test" + $ECHO "*** using a file magic. Last file checked: $potlib" + fi + fi + ;; + *) + # Add a -L argument. + func_append newdeplibs " $a_deplib" + ;; + esac + done # Gone through all deplibs. + ;; + match_pattern*) + set dummy $deplibs_check_method; shift + match_pattern_regex=`expr "$deplibs_check_method" : "$1 \(.*\)"` + for a_deplib in $deplibs; do + case $a_deplib in + -l*) + func_stripname -l '' "$a_deplib" + name=$func_stripname_result + if test yes = "$allow_libtool_libs_with_static_runtimes"; then + case " $predeps $postdeps " in + *" $a_deplib "*) + func_append newdeplibs " $a_deplib" + a_deplib= + ;; + esac + fi + if test -n "$a_deplib"; then + libname=`eval "\\$ECHO \"$libname_spec\""` + for i in $lib_search_path $sys_lib_search_path $shlib_search_path; do + potential_libs=`ls $i/$libname[.-]* 2>/dev/null` + for potent_lib in $potential_libs; do + potlib=$potent_lib # see symlink-check above in file_magic test + if eval "\$ECHO \"$potent_lib\"" 2>/dev/null | $SED 10q | \ + $EGREP "$match_pattern_regex" > /dev/null; then + func_append newdeplibs " $a_deplib" + a_deplib= + break 2 + fi + done + done + fi + if test -n "$a_deplib"; then + droppeddeps=yes + echo + $ECHO "*** Warning: linker path does not have real file for library $a_deplib." + echo "*** I have the capability to make that library automatically link in when" + echo "*** you link to this library. But I can only do this if you have a" + echo "*** shared version of the library, which you do not appear to have" + echo "*** because I did check the linker path looking for a file starting" + if test -z "$potlib"; then + $ECHO "*** with $libname but no candidates were found. (...for regex pattern test)" + else + $ECHO "*** with $libname and none of the candidates passed a file format test" + $ECHO "*** using a regex pattern. Last file checked: $potlib" + fi + fi + ;; + *) + # Add a -L argument. + func_append newdeplibs " $a_deplib" + ;; + esac + done # Gone through all deplibs. + ;; + none | unknown | *) + newdeplibs= + tmp_deplibs=`$ECHO " $deplibs" | $SED 's/ -lc$//; s/ -[LR][^ ]*//g'` + if test yes = "$allow_libtool_libs_with_static_runtimes"; then + for i in $predeps $postdeps; do + # can't use Xsed below, because $i might contain '/' + tmp_deplibs=`$ECHO " $tmp_deplibs" | $SED "s|$i||"` + done + fi + case $tmp_deplibs in + *[!\ \ ]*) + echo + if test none = "$deplibs_check_method"; then + echo "*** Warning: inter-library dependencies are not supported in this platform." + else + echo "*** Warning: inter-library dependencies are not known to be supported." + fi + echo "*** All declared inter-library dependencies are being dropped." + droppeddeps=yes + ;; + esac + ;; + esac + versuffix=$versuffix_save + major=$major_save + release=$release_save + libname=$libname_save + name=$name_save + + case $host in + *-*-rhapsody* | *-*-darwin1.[012]) + # On Rhapsody replace the C library with the System framework + newdeplibs=`$ECHO " $newdeplibs" | $SED 's/ -lc / System.ltframework /'` + ;; + esac + + if test yes = "$droppeddeps"; then + if test yes = "$module"; then + echo + echo "*** Warning: libtool could not satisfy all declared inter-library" + $ECHO "*** dependencies of module $libname. Therefore, libtool will create" + echo "*** a static module, that should work as long as the dlopening" + echo "*** application is linked with the -dlopen flag." + if test -z "$global_symbol_pipe"; then + echo + echo "*** However, this would only work if libtool was able to extract symbol" + echo "*** lists from a program, using 'nm' or equivalent, but libtool could" + echo "*** not find such a program. So, this module is probably useless." + echo "*** 'nm' from GNU binutils and a full rebuild may help." + fi + if test no = "$build_old_libs"; then + oldlibs=$output_objdir/$libname.$libext + build_libtool_libs=module + build_old_libs=yes + else + build_libtool_libs=no + fi + else + echo "*** The inter-library dependencies that have been dropped here will be" + echo "*** automatically added whenever a program is linked with this library" + echo "*** or is declared to -dlopen it." + + if test no = "$allow_undefined"; then + echo + echo "*** Since this library must not contain undefined symbols," + echo "*** because either the platform does not support them or" + echo "*** it was explicitly requested with -no-undefined," + echo "*** libtool will only create a static version of it." + if test no = "$build_old_libs"; then + oldlibs=$output_objdir/$libname.$libext + build_libtool_libs=module + build_old_libs=yes + else + build_libtool_libs=no + fi + fi + fi + fi + # Done checking deplibs! + deplibs=$newdeplibs + fi + # Time to change all our "foo.ltframework" stuff back to "-framework foo" + case $host in + *-*-darwin*) + newdeplibs=`$ECHO " $newdeplibs" | $SED 's% \([^ $]*\).ltframework% -framework \1%g'` + new_inherited_linker_flags=`$ECHO " $new_inherited_linker_flags" | $SED 's% \([^ $]*\).ltframework% -framework \1%g'` + deplibs=`$ECHO " $deplibs" | $SED 's% \([^ $]*\).ltframework% -framework \1%g'` + ;; + esac + + # move library search paths that coincide with paths to not yet + # installed libraries to the beginning of the library search list + new_libs= + for path in $notinst_path; do + case " $new_libs " in + *" -L$path/$objdir "*) ;; + *) + case " $deplibs " in + *" -L$path/$objdir "*) + func_append new_libs " -L$path/$objdir" ;; + esac + ;; + esac + done + for deplib in $deplibs; do + case $deplib in + -L*) + case " $new_libs " in + *" $deplib "*) ;; + *) func_append new_libs " $deplib" ;; + esac + ;; + *) func_append new_libs " $deplib" ;; + esac + done + deplibs=$new_libs + + # All the library-specific variables (install_libdir is set above). + library_names= + old_library= + dlname= + + # Test again, we may have decided not to build it any more + if test yes = "$build_libtool_libs"; then + # Remove $wl instances when linking with ld. + # FIXME: should test the right _cmds variable. + case $archive_cmds in + *\$LD\ *) wl= ;; + esac + if test yes = "$hardcode_into_libs"; then + # Hardcode the library paths + hardcode_libdirs= + dep_rpath= + rpath=$finalize_rpath + test relink = "$opt_mode" || rpath=$compile_rpath$rpath + for libdir in $rpath; do + if test -n "$hardcode_libdir_flag_spec"; then + if test -n "$hardcode_libdir_separator"; then + func_replace_sysroot "$libdir" + libdir=$func_replace_sysroot_result + if test -z "$hardcode_libdirs"; then + hardcode_libdirs=$libdir + else + # Just accumulate the unique libdirs. + case $hardcode_libdir_separator$hardcode_libdirs$hardcode_libdir_separator in + *"$hardcode_libdir_separator$libdir$hardcode_libdir_separator"*) + ;; + *) + func_append hardcode_libdirs "$hardcode_libdir_separator$libdir" + ;; + esac + fi + else + eval flag=\"$hardcode_libdir_flag_spec\" + func_append dep_rpath " $flag" + fi + elif test -n "$runpath_var"; then + case "$perm_rpath " in + *" $libdir "*) ;; + *) func_append perm_rpath " $libdir" ;; + esac + fi + done + # Substitute the hardcoded libdirs into the rpath. + if test -n "$hardcode_libdir_separator" && + test -n "$hardcode_libdirs"; then + libdir=$hardcode_libdirs + eval "dep_rpath=\"$hardcode_libdir_flag_spec\"" + fi + if test -n "$runpath_var" && test -n "$perm_rpath"; then + # We should set the runpath_var. + rpath= + for dir in $perm_rpath; do + func_append rpath "$dir:" + done + eval "$runpath_var='$rpath\$$runpath_var'; export $runpath_var" + fi + test -n "$dep_rpath" && deplibs="$dep_rpath $deplibs" + fi + + shlibpath=$finalize_shlibpath + test relink = "$opt_mode" || shlibpath=$compile_shlibpath$shlibpath + if test -n "$shlibpath"; then + eval "$shlibpath_var='$shlibpath\$$shlibpath_var'; export $shlibpath_var" + fi + + # Get the real and link names of the library. + eval shared_ext=\"$shrext_cmds\" + eval library_names=\"$library_names_spec\" + set dummy $library_names + shift + realname=$1 + shift + + if test -n "$soname_spec"; then + eval soname=\"$soname_spec\" + else + soname=$realname + fi + if test -z "$dlname"; then + dlname=$soname + fi + + lib=$output_objdir/$realname + linknames= + for link + do + func_append linknames " $link" + done + + # Use standard objects if they are pic + test -z "$pic_flag" && libobjs=`$ECHO "$libobjs" | $SP2NL | $SED "$lo2o" | $NL2SP` + test "X$libobjs" = "X " && libobjs= + + delfiles= + if test -n "$export_symbols" && test -n "$include_expsyms"; then + $opt_dry_run || cp "$export_symbols" "$output_objdir/$libname.uexp" + export_symbols=$output_objdir/$libname.uexp + func_append delfiles " $export_symbols" + fi + + orig_export_symbols= + case $host_os in + cygwin* | mingw* | cegcc*) + if test -n "$export_symbols" && test -z "$export_symbols_regex"; then + # exporting using user supplied symfile + func_dll_def_p "$export_symbols" || { + # and it's NOT already a .def file. Must figure out + # which of the given symbols are data symbols and tag + # them as such. So, trigger use of export_symbols_cmds. + # export_symbols gets reassigned inside the "prepare + # the list of exported symbols" if statement, so the + # include_expsyms logic still works. + orig_export_symbols=$export_symbols + export_symbols= + always_export_symbols=yes + } + fi + ;; + esac + + # Prepare the list of exported symbols + if test -z "$export_symbols"; then + if test yes = "$always_export_symbols" || test -n "$export_symbols_regex"; then + func_verbose "generating symbol list for '$libname.la'" + export_symbols=$output_objdir/$libname.exp + $opt_dry_run || $RM $export_symbols + cmds=$export_symbols_cmds + save_ifs=$IFS; IFS='~' + for cmd1 in $cmds; do + IFS=$save_ifs + # Take the normal branch if the nm_file_list_spec branch + # doesn't work or if tool conversion is not needed. + case $nm_file_list_spec~$to_tool_file_cmd in + *~func_convert_file_noop | *~func_convert_file_msys_to_w32 | ~*) + try_normal_branch=yes + eval cmd=\"$cmd1\" + func_len " $cmd" + len=$func_len_result + ;; + *) + try_normal_branch=no + ;; + esac + if test yes = "$try_normal_branch" \ + && { test "$len" -lt "$max_cmd_len" \ + || test "$max_cmd_len" -le -1; } + then + func_show_eval "$cmd" 'exit $?' + skipped_export=false + elif test -n "$nm_file_list_spec"; then + func_basename "$output" + output_la=$func_basename_result + save_libobjs=$libobjs + save_output=$output + output=$output_objdir/$output_la.nm + func_to_tool_file "$output" + libobjs=$nm_file_list_spec$func_to_tool_file_result + func_append delfiles " $output" + func_verbose "creating $NM input file list: $output" + for obj in $save_libobjs; do + func_to_tool_file "$obj" + $ECHO "$func_to_tool_file_result" + done > "$output" + eval cmd=\"$cmd1\" + func_show_eval "$cmd" 'exit $?' + output=$save_output + libobjs=$save_libobjs + skipped_export=false + else + # The command line is too long to execute in one step. + func_verbose "using reloadable object file for export list..." + skipped_export=: + # Break out early, otherwise skipped_export may be + # set to false by a later but shorter cmd. + break + fi + done + IFS=$save_ifs + if test -n "$export_symbols_regex" && test : != "$skipped_export"; then + func_show_eval '$EGREP -e "$export_symbols_regex" "$export_symbols" > "${export_symbols}T"' + func_show_eval '$MV "${export_symbols}T" "$export_symbols"' + fi + fi + fi + + if test -n "$export_symbols" && test -n "$include_expsyms"; then + tmp_export_symbols=$export_symbols + test -n "$orig_export_symbols" && tmp_export_symbols=$orig_export_symbols + $opt_dry_run || eval '$ECHO "$include_expsyms" | $SP2NL >> "$tmp_export_symbols"' + fi + + if test : != "$skipped_export" && test -n "$orig_export_symbols"; then + # The given exports_symbols file has to be filtered, so filter it. + func_verbose "filter symbol list for '$libname.la' to tag DATA exports" + # FIXME: $output_objdir/$libname.filter potentially contains lots of + # 's' commands, which not all seds can handle. GNU sed should be fine + # though. Also, the filter scales superlinearly with the number of + # global variables. join(1) would be nice here, but unfortunately + # isn't a blessed tool. + $opt_dry_run || $SED -e '/[ ,]DATA/!d;s,\(.*\)\([ \,].*\),s|^\1$|\1\2|,' < $export_symbols > $output_objdir/$libname.filter + func_append delfiles " $export_symbols $output_objdir/$libname.filter" + export_symbols=$output_objdir/$libname.def + $opt_dry_run || $SED -f $output_objdir/$libname.filter < $orig_export_symbols > $export_symbols + fi + + tmp_deplibs= + for test_deplib in $deplibs; do + case " $convenience " in + *" $test_deplib "*) ;; + *) + func_append tmp_deplibs " $test_deplib" + ;; + esac + done + deplibs=$tmp_deplibs + + if test -n "$convenience"; then + if test -n "$whole_archive_flag_spec" && + test yes = "$compiler_needs_object" && + test -z "$libobjs"; then + # extract the archives, so we have objects to list. + # TODO: could optimize this to just extract one archive. + whole_archive_flag_spec= + fi + if test -n "$whole_archive_flag_spec"; then + save_libobjs=$libobjs + eval libobjs=\"\$libobjs $whole_archive_flag_spec\" + test "X$libobjs" = "X " && libobjs= + else + gentop=$output_objdir/${outputname}x + func_append generated " $gentop" + + func_extract_archives $gentop $convenience + func_append libobjs " $func_extract_archives_result" + test "X$libobjs" = "X " && libobjs= + fi + fi + + if test yes = "$thread_safe" && test -n "$thread_safe_flag_spec"; then + eval flag=\"$thread_safe_flag_spec\" + func_append linker_flags " $flag" + fi + + # Make a backup of the uninstalled library when relinking + if test relink = "$opt_mode"; then + $opt_dry_run || eval '(cd $output_objdir && $RM ${realname}U && $MV $realname ${realname}U)' || exit $? + fi + + # Do each of the archive commands. + if test yes = "$module" && test -n "$module_cmds"; then + if test -n "$export_symbols" && test -n "$module_expsym_cmds"; then + eval test_cmds=\"$module_expsym_cmds\" + cmds=$module_expsym_cmds + else + eval test_cmds=\"$module_cmds\" + cmds=$module_cmds + fi + else + if test -n "$export_symbols" && test -n "$archive_expsym_cmds"; then + eval test_cmds=\"$archive_expsym_cmds\" + cmds=$archive_expsym_cmds + else + eval test_cmds=\"$archive_cmds\" + cmds=$archive_cmds + fi + fi + + if test : != "$skipped_export" && + func_len " $test_cmds" && + len=$func_len_result && + test "$len" -lt "$max_cmd_len" || test "$max_cmd_len" -le -1; then + : + else + # The command line is too long to link in one step, link piecewise + # or, if using GNU ld and skipped_export is not :, use a linker + # script. + + # Save the value of $output and $libobjs because we want to + # use them later. If we have whole_archive_flag_spec, we + # want to use save_libobjs as it was before + # whole_archive_flag_spec was expanded, because we can't + # assume the linker understands whole_archive_flag_spec. + # This may have to be revisited, in case too many + # convenience libraries get linked in and end up exceeding + # the spec. + if test -z "$convenience" || test -z "$whole_archive_flag_spec"; then + save_libobjs=$libobjs + fi + save_output=$output + func_basename "$output" + output_la=$func_basename_result + + # Clear the reloadable object creation command queue and + # initialize k to one. + test_cmds= + concat_cmds= + objlist= + last_robj= + k=1 + + if test -n "$save_libobjs" && test : != "$skipped_export" && test yes = "$with_gnu_ld"; then + output=$output_objdir/$output_la.lnkscript + func_verbose "creating GNU ld script: $output" + echo 'INPUT (' > $output + for obj in $save_libobjs + do + func_to_tool_file "$obj" + $ECHO "$func_to_tool_file_result" >> $output + done + echo ')' >> $output + func_append delfiles " $output" + func_to_tool_file "$output" + output=$func_to_tool_file_result + elif test -n "$save_libobjs" && test : != "$skipped_export" && test -n "$file_list_spec"; then + output=$output_objdir/$output_la.lnk + func_verbose "creating linker input file list: $output" + : > $output + set x $save_libobjs + shift + firstobj= + if test yes = "$compiler_needs_object"; then + firstobj="$1 " + shift + fi + for obj + do + func_to_tool_file "$obj" + $ECHO "$func_to_tool_file_result" >> $output + done + func_append delfiles " $output" + func_to_tool_file "$output" + output=$firstobj\"$file_list_spec$func_to_tool_file_result\" + else + if test -n "$save_libobjs"; then + func_verbose "creating reloadable object files..." + output=$output_objdir/$output_la-$k.$objext + eval test_cmds=\"$reload_cmds\" + func_len " $test_cmds" + len0=$func_len_result + len=$len0 + + # Loop over the list of objects to be linked. + for obj in $save_libobjs + do + func_len " $obj" + func_arith $len + $func_len_result + len=$func_arith_result + if test -z "$objlist" || + test "$len" -lt "$max_cmd_len"; then + func_append objlist " $obj" + else + # The command $test_cmds is almost too long, add a + # command to the queue. + if test 1 -eq "$k"; then + # The first file doesn't have a previous command to add. + reload_objs=$objlist + eval concat_cmds=\"$reload_cmds\" + else + # All subsequent reloadable object files will link in + # the last one created. + reload_objs="$objlist $last_robj" + eval concat_cmds=\"\$concat_cmds~$reload_cmds~\$RM $last_robj\" + fi + last_robj=$output_objdir/$output_la-$k.$objext + func_arith $k + 1 + k=$func_arith_result + output=$output_objdir/$output_la-$k.$objext + objlist=" $obj" + func_len " $last_robj" + func_arith $len0 + $func_len_result + len=$func_arith_result + fi + done + # Handle the remaining objects by creating one last + # reloadable object file. All subsequent reloadable object + # files will link in the last one created. + test -z "$concat_cmds" || concat_cmds=$concat_cmds~ + reload_objs="$objlist $last_robj" + eval concat_cmds=\"\$concat_cmds$reload_cmds\" + if test -n "$last_robj"; then + eval concat_cmds=\"\$concat_cmds~\$RM $last_robj\" + fi + func_append delfiles " $output" + + else + output= + fi + + ${skipped_export-false} && { + func_verbose "generating symbol list for '$libname.la'" + export_symbols=$output_objdir/$libname.exp + $opt_dry_run || $RM $export_symbols + libobjs=$output + # Append the command to create the export file. + test -z "$concat_cmds" || concat_cmds=$concat_cmds~ + eval concat_cmds=\"\$concat_cmds$export_symbols_cmds\" + if test -n "$last_robj"; then + eval concat_cmds=\"\$concat_cmds~\$RM $last_robj\" + fi + } + + test -n "$save_libobjs" && + func_verbose "creating a temporary reloadable object file: $output" + + # Loop through the commands generated above and execute them. + save_ifs=$IFS; IFS='~' + for cmd in $concat_cmds; do + IFS=$save_ifs + $opt_quiet || { + func_quote_for_expand "$cmd" + eval "func_echo $func_quote_for_expand_result" + } + $opt_dry_run || eval "$cmd" || { + lt_exit=$? + + # Restore the uninstalled library and exit + if test relink = "$opt_mode"; then + ( cd "$output_objdir" && \ + $RM "${realname}T" && \ + $MV "${realname}U" "$realname" ) + fi + + exit $lt_exit + } + done + IFS=$save_ifs + + if test -n "$export_symbols_regex" && ${skipped_export-false}; then + func_show_eval '$EGREP -e "$export_symbols_regex" "$export_symbols" > "${export_symbols}T"' + func_show_eval '$MV "${export_symbols}T" "$export_symbols"' + fi + fi + + ${skipped_export-false} && { + if test -n "$export_symbols" && test -n "$include_expsyms"; then + tmp_export_symbols=$export_symbols + test -n "$orig_export_symbols" && tmp_export_symbols=$orig_export_symbols + $opt_dry_run || eval '$ECHO "$include_expsyms" | $SP2NL >> "$tmp_export_symbols"' + fi + + if test -n "$orig_export_symbols"; then + # The given exports_symbols file has to be filtered, so filter it. + func_verbose "filter symbol list for '$libname.la' to tag DATA exports" + # FIXME: $output_objdir/$libname.filter potentially contains lots of + # 's' commands, which not all seds can handle. GNU sed should be fine + # though. Also, the filter scales superlinearly with the number of + # global variables. join(1) would be nice here, but unfortunately + # isn't a blessed tool. + $opt_dry_run || $SED -e '/[ ,]DATA/!d;s,\(.*\)\([ \,].*\),s|^\1$|\1\2|,' < $export_symbols > $output_objdir/$libname.filter + func_append delfiles " $export_symbols $output_objdir/$libname.filter" + export_symbols=$output_objdir/$libname.def + $opt_dry_run || $SED -f $output_objdir/$libname.filter < $orig_export_symbols > $export_symbols + fi + } + + libobjs=$output + # Restore the value of output. + output=$save_output + + if test -n "$convenience" && test -n "$whole_archive_flag_spec"; then + eval libobjs=\"\$libobjs $whole_archive_flag_spec\" + test "X$libobjs" = "X " && libobjs= + fi + # Expand the library linking commands again to reset the + # value of $libobjs for piecewise linking. + + # Do each of the archive commands. + if test yes = "$module" && test -n "$module_cmds"; then + if test -n "$export_symbols" && test -n "$module_expsym_cmds"; then + cmds=$module_expsym_cmds + else + cmds=$module_cmds + fi + else + if test -n "$export_symbols" && test -n "$archive_expsym_cmds"; then + cmds=$archive_expsym_cmds + else + cmds=$archive_cmds + fi + fi + fi + + if test -n "$delfiles"; then + # Append the command to remove temporary files to $cmds. + eval cmds=\"\$cmds~\$RM $delfiles\" + fi + + # Add any objects from preloaded convenience libraries + if test -n "$dlprefiles"; then + gentop=$output_objdir/${outputname}x + func_append generated " $gentop" + + func_extract_archives $gentop $dlprefiles + func_append libobjs " $func_extract_archives_result" + test "X$libobjs" = "X " && libobjs= + fi + + save_ifs=$IFS; IFS='~' + for cmd in $cmds; do + IFS=$sp$nl + eval cmd=\"$cmd\" + IFS=$save_ifs + $opt_quiet || { + func_quote_for_expand "$cmd" + eval "func_echo $func_quote_for_expand_result" + } + $opt_dry_run || eval "$cmd" || { + lt_exit=$? + + # Restore the uninstalled library and exit + if test relink = "$opt_mode"; then + ( cd "$output_objdir" && \ + $RM "${realname}T" && \ + $MV "${realname}U" "$realname" ) + fi + + exit $lt_exit + } + done + IFS=$save_ifs + + # Restore the uninstalled library and exit + if test relink = "$opt_mode"; then + $opt_dry_run || eval '(cd $output_objdir && $RM ${realname}T && $MV $realname ${realname}T && $MV ${realname}U $realname)' || exit $? + + if test -n "$convenience"; then + if test -z "$whole_archive_flag_spec"; then + func_show_eval '${RM}r "$gentop"' + fi + fi + + exit $EXIT_SUCCESS + fi + + # Create links to the real library. + for linkname in $linknames; do + if test "$realname" != "$linkname"; then + func_show_eval '(cd "$output_objdir" && $RM "$linkname" && $LN_S "$realname" "$linkname")' 'exit $?' + fi + done + + # If -module or -export-dynamic was specified, set the dlname. + if test yes = "$module" || test yes = "$export_dynamic"; then + # On all known operating systems, these are identical. + dlname=$soname + fi + fi + ;; + + obj) + if test -n "$dlfiles$dlprefiles" || test no != "$dlself"; then + func_warning "'-dlopen' is ignored for objects" + fi + + case " $deplibs" in + *\ -l* | *\ -L*) + func_warning "'-l' and '-L' are ignored for objects" ;; + esac + + test -n "$rpath" && \ + func_warning "'-rpath' is ignored for objects" + + test -n "$xrpath" && \ + func_warning "'-R' is ignored for objects" + + test -n "$vinfo" && \ + func_warning "'-version-info' is ignored for objects" + + test -n "$release" && \ + func_warning "'-release' is ignored for objects" + + case $output in + *.lo) + test -n "$objs$old_deplibs" && \ + func_fatal_error "cannot build library object '$output' from non-libtool objects" + + libobj=$output + func_lo2o "$libobj" + obj=$func_lo2o_result + ;; + *) + libobj= + obj=$output + ;; + esac + + # Delete the old objects. + $opt_dry_run || $RM $obj $libobj + + # Objects from convenience libraries. This assumes + # single-version convenience libraries. Whenever we create + # different ones for PIC/non-PIC, this we'll have to duplicate + # the extraction. + reload_conv_objs= + gentop= + # if reload_cmds runs $LD directly, get rid of -Wl from + # whole_archive_flag_spec and hope we can get by with turning comma + # into space. + case $reload_cmds in + *\$LD[\ \$]*) wl= ;; + esac + if test -n "$convenience"; then + if test -n "$whole_archive_flag_spec"; then + eval tmp_whole_archive_flags=\"$whole_archive_flag_spec\" + test -n "$wl" || tmp_whole_archive_flags=`$ECHO "$tmp_whole_archive_flags" | $SED 's|,| |g'` + reload_conv_objs=$reload_objs\ $tmp_whole_archive_flags + else + gentop=$output_objdir/${obj}x + func_append generated " $gentop" + + func_extract_archives $gentop $convenience + reload_conv_objs="$reload_objs $func_extract_archives_result" + fi + fi + + # If we're not building shared, we need to use non_pic_objs + test yes = "$build_libtool_libs" || libobjs=$non_pic_objects + + # Create the old-style object. + reload_objs=$objs$old_deplibs' '`$ECHO "$libobjs" | $SP2NL | $SED "/\.$libext$/d; /\.lib$/d; $lo2o" | $NL2SP`' '$reload_conv_objs + + output=$obj + func_execute_cmds "$reload_cmds" 'exit $?' + + # Exit if we aren't doing a library object file. + if test -z "$libobj"; then + if test -n "$gentop"; then + func_show_eval '${RM}r "$gentop"' + fi + + exit $EXIT_SUCCESS + fi + + test yes = "$build_libtool_libs" || { + if test -n "$gentop"; then + func_show_eval '${RM}r "$gentop"' + fi + + # Create an invalid libtool object if no PIC, so that we don't + # accidentally link it into a program. + # $show "echo timestamp > $libobj" + # $opt_dry_run || eval "echo timestamp > $libobj" || exit $? + exit $EXIT_SUCCESS + } + + if test -n "$pic_flag" || test default != "$pic_mode"; then + # Only do commands if we really have different PIC objects. + reload_objs="$libobjs $reload_conv_objs" + output=$libobj + func_execute_cmds "$reload_cmds" 'exit $?' + fi + + if test -n "$gentop"; then + func_show_eval '${RM}r "$gentop"' + fi + + exit $EXIT_SUCCESS + ;; + + prog) + case $host in + *cygwin*) func_stripname '' '.exe' "$output" + output=$func_stripname_result.exe;; + esac + test -n "$vinfo" && \ + func_warning "'-version-info' is ignored for programs" + + test -n "$release" && \ + func_warning "'-release' is ignored for programs" + + $preload \ + && test unknown,unknown,unknown = "$dlopen_support,$dlopen_self,$dlopen_self_static" \ + && func_warning "'LT_INIT([dlopen])' not used. Assuming no dlopen support." + + case $host in + *-*-rhapsody* | *-*-darwin1.[012]) + # On Rhapsody replace the C library is the System framework + compile_deplibs=`$ECHO " $compile_deplibs" | $SED 's/ -lc / System.ltframework /'` + finalize_deplibs=`$ECHO " $finalize_deplibs" | $SED 's/ -lc / System.ltframework /'` + ;; + esac + + case $host in + *-*-darwin*) + # Don't allow lazy linking, it breaks C++ global constructors + # But is supposedly fixed on 10.4 or later (yay!). + if test CXX = "$tagname"; then + case ${MACOSX_DEPLOYMENT_TARGET-10.0} in + 10.[0123]) + func_append compile_command " $wl-bind_at_load" + func_append finalize_command " $wl-bind_at_load" + ;; + esac + fi + # Time to change all our "foo.ltframework" stuff back to "-framework foo" + compile_deplibs=`$ECHO " $compile_deplibs" | $SED 's% \([^ $]*\).ltframework% -framework \1%g'` + finalize_deplibs=`$ECHO " $finalize_deplibs" | $SED 's% \([^ $]*\).ltframework% -framework \1%g'` + ;; + esac + + + # move library search paths that coincide with paths to not yet + # installed libraries to the beginning of the library search list + new_libs= + for path in $notinst_path; do + case " $new_libs " in + *" -L$path/$objdir "*) ;; + *) + case " $compile_deplibs " in + *" -L$path/$objdir "*) + func_append new_libs " -L$path/$objdir" ;; + esac + ;; + esac + done + for deplib in $compile_deplibs; do + case $deplib in + -L*) + case " $new_libs " in + *" $deplib "*) ;; + *) func_append new_libs " $deplib" ;; + esac + ;; + *) func_append new_libs " $deplib" ;; + esac + done + compile_deplibs=$new_libs + + + func_append compile_command " $compile_deplibs" + func_append finalize_command " $finalize_deplibs" + + if test -n "$rpath$xrpath"; then + # If the user specified any rpath flags, then add them. + for libdir in $rpath $xrpath; do + # This is the magic to use -rpath. + case "$finalize_rpath " in + *" $libdir "*) ;; + *) func_append finalize_rpath " $libdir" ;; + esac + done + fi + + # Now hardcode the library paths + rpath= + hardcode_libdirs= + for libdir in $compile_rpath $finalize_rpath; do + if test -n "$hardcode_libdir_flag_spec"; then + if test -n "$hardcode_libdir_separator"; then + if test -z "$hardcode_libdirs"; then + hardcode_libdirs=$libdir + else + # Just accumulate the unique libdirs. + case $hardcode_libdir_separator$hardcode_libdirs$hardcode_libdir_separator in + *"$hardcode_libdir_separator$libdir$hardcode_libdir_separator"*) + ;; + *) + func_append hardcode_libdirs "$hardcode_libdir_separator$libdir" + ;; + esac + fi + else + eval flag=\"$hardcode_libdir_flag_spec\" + func_append rpath " $flag" + fi + elif test -n "$runpath_var"; then + case "$perm_rpath " in + *" $libdir "*) ;; + *) func_append perm_rpath " $libdir" ;; + esac + fi + case $host in + *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2* | *-cegcc*) + testbindir=`$ECHO "$libdir" | $SED -e 's*/lib$*/bin*'` + case :$dllsearchpath: in + *":$libdir:"*) ;; + ::) dllsearchpath=$libdir;; + *) func_append dllsearchpath ":$libdir";; + esac + case :$dllsearchpath: in + *":$testbindir:"*) ;; + ::) dllsearchpath=$testbindir;; + *) func_append dllsearchpath ":$testbindir";; + esac + ;; + esac + done + # Substitute the hardcoded libdirs into the rpath. + if test -n "$hardcode_libdir_separator" && + test -n "$hardcode_libdirs"; then + libdir=$hardcode_libdirs + eval rpath=\" $hardcode_libdir_flag_spec\" + fi + compile_rpath=$rpath + + rpath= + hardcode_libdirs= + for libdir in $finalize_rpath; do + if test -n "$hardcode_libdir_flag_spec"; then + if test -n "$hardcode_libdir_separator"; then + if test -z "$hardcode_libdirs"; then + hardcode_libdirs=$libdir + else + # Just accumulate the unique libdirs. + case $hardcode_libdir_separator$hardcode_libdirs$hardcode_libdir_separator in + *"$hardcode_libdir_separator$libdir$hardcode_libdir_separator"*) + ;; + *) + func_append hardcode_libdirs "$hardcode_libdir_separator$libdir" + ;; + esac + fi + else + eval flag=\"$hardcode_libdir_flag_spec\" + func_append rpath " $flag" + fi + elif test -n "$runpath_var"; then + case "$finalize_perm_rpath " in + *" $libdir "*) ;; + *) func_append finalize_perm_rpath " $libdir" ;; + esac + fi + done + # Substitute the hardcoded libdirs into the rpath. + if test -n "$hardcode_libdir_separator" && + test -n "$hardcode_libdirs"; then + libdir=$hardcode_libdirs + eval rpath=\" $hardcode_libdir_flag_spec\" + fi + finalize_rpath=$rpath + + if test -n "$libobjs" && test yes = "$build_old_libs"; then + # Transform all the library objects into standard objects. + compile_command=`$ECHO "$compile_command" | $SP2NL | $SED "$lo2o" | $NL2SP` + finalize_command=`$ECHO "$finalize_command" | $SP2NL | $SED "$lo2o" | $NL2SP` + fi + + func_generate_dlsyms "$outputname" "@PROGRAM@" false + + # template prelinking step + if test -n "$prelink_cmds"; then + func_execute_cmds "$prelink_cmds" 'exit $?' + fi + + wrappers_required=: + case $host in + *cegcc* | *mingw32ce*) + # Disable wrappers for cegcc and mingw32ce hosts, we are cross compiling anyway. + wrappers_required=false + ;; + *cygwin* | *mingw* ) + test yes = "$build_libtool_libs" || wrappers_required=false + ;; + *) + if test no = "$need_relink" || test yes != "$build_libtool_libs"; then + wrappers_required=false + fi + ;; + esac + $wrappers_required || { + # Replace the output file specification. + compile_command=`$ECHO "$compile_command" | $SED 's%@OUTPUT@%'"$output"'%g'` + link_command=$compile_command$compile_rpath + + # We have no uninstalled library dependencies, so finalize right now. + exit_status=0 + func_show_eval "$link_command" 'exit_status=$?' + + if test -n "$postlink_cmds"; then + func_to_tool_file "$output" + postlink_cmds=`func_echo_all "$postlink_cmds" | $SED -e 's%@OUTPUT@%'"$output"'%g' -e 's%@TOOL_OUTPUT@%'"$func_to_tool_file_result"'%g'` + func_execute_cmds "$postlink_cmds" 'exit $?' + fi + + # Delete the generated files. + if test -f "$output_objdir/${outputname}S.$objext"; then + func_show_eval '$RM "$output_objdir/${outputname}S.$objext"' + fi + + exit $exit_status + } + + if test -n "$compile_shlibpath$finalize_shlibpath"; then + compile_command="$shlibpath_var=\"$compile_shlibpath$finalize_shlibpath\$$shlibpath_var\" $compile_command" + fi + if test -n "$finalize_shlibpath"; then + finalize_command="$shlibpath_var=\"$finalize_shlibpath\$$shlibpath_var\" $finalize_command" + fi + + compile_var= + finalize_var= + if test -n "$runpath_var"; then + if test -n "$perm_rpath"; then + # We should set the runpath_var. + rpath= + for dir in $perm_rpath; do + func_append rpath "$dir:" + done + compile_var="$runpath_var=\"$rpath\$$runpath_var\" " + fi + if test -n "$finalize_perm_rpath"; then + # We should set the runpath_var. + rpath= + for dir in $finalize_perm_rpath; do + func_append rpath "$dir:" + done + finalize_var="$runpath_var=\"$rpath\$$runpath_var\" " + fi + fi + + if test yes = "$no_install"; then + # We don't need to create a wrapper script. + link_command=$compile_var$compile_command$compile_rpath + # Replace the output file specification. + link_command=`$ECHO "$link_command" | $SED 's%@OUTPUT@%'"$output"'%g'` + # Delete the old output file. + $opt_dry_run || $RM $output + # Link the executable and exit + func_show_eval "$link_command" 'exit $?' + + if test -n "$postlink_cmds"; then + func_to_tool_file "$output" + postlink_cmds=`func_echo_all "$postlink_cmds" | $SED -e 's%@OUTPUT@%'"$output"'%g' -e 's%@TOOL_OUTPUT@%'"$func_to_tool_file_result"'%g'` + func_execute_cmds "$postlink_cmds" 'exit $?' + fi + + exit $EXIT_SUCCESS + fi + + case $hardcode_action,$fast_install in + relink,*) + # Fast installation is not supported + link_command=$compile_var$compile_command$compile_rpath + relink_command=$finalize_var$finalize_command$finalize_rpath + + func_warning "this platform does not like uninstalled shared libraries" + func_warning "'$output' will be relinked during installation" + ;; + *,yes) + link_command=$finalize_var$compile_command$finalize_rpath + relink_command=`$ECHO "$compile_var$compile_command$compile_rpath" | $SED 's%@OUTPUT@%\$progdir/\$file%g'` + ;; + *,no) + link_command=$compile_var$compile_command$compile_rpath + relink_command=$finalize_var$finalize_command$finalize_rpath + ;; + *,needless) + link_command=$finalize_var$compile_command$finalize_rpath + relink_command= + ;; + esac + + # Replace the output file specification. + link_command=`$ECHO "$link_command" | $SED 's%@OUTPUT@%'"$output_objdir/$outputname"'%g'` + + # Delete the old output files. + $opt_dry_run || $RM $output $output_objdir/$outputname $output_objdir/lt-$outputname + + func_show_eval "$link_command" 'exit $?' + + if test -n "$postlink_cmds"; then + func_to_tool_file "$output_objdir/$outputname" + postlink_cmds=`func_echo_all "$postlink_cmds" | $SED -e 's%@OUTPUT@%'"$output_objdir/$outputname"'%g' -e 's%@TOOL_OUTPUT@%'"$func_to_tool_file_result"'%g'` + func_execute_cmds "$postlink_cmds" 'exit $?' + fi + + # Now create the wrapper script. + func_verbose "creating $output" + + # Quote the relink command for shipping. + if test -n "$relink_command"; then + # Preserve any variables that may affect compiler behavior + for var in $variables_saved_for_relink; do + if eval test -z \"\${$var+set}\"; then + relink_command="{ test -z \"\${$var+set}\" || $lt_unset $var || { $var=; export $var; }; }; $relink_command" + elif eval var_value=\$$var; test -z "$var_value"; then + relink_command="$var=; export $var; $relink_command" + else + func_quote_for_eval "$var_value" + relink_command="$var=$func_quote_for_eval_result; export $var; $relink_command" + fi + done + relink_command="(cd `pwd`; $relink_command)" + relink_command=`$ECHO "$relink_command" | $SED "$sed_quote_subst"` + fi + + # Only actually do things if not in dry run mode. + $opt_dry_run || { + # win32 will think the script is a binary if it has + # a .exe suffix, so we strip it off here. + case $output in + *.exe) func_stripname '' '.exe' "$output" + output=$func_stripname_result ;; + esac + # test for cygwin because mv fails w/o .exe extensions + case $host in + *cygwin*) + exeext=.exe + func_stripname '' '.exe' "$outputname" + outputname=$func_stripname_result ;; + *) exeext= ;; + esac + case $host in + *cygwin* | *mingw* ) + func_dirname_and_basename "$output" "" "." + output_name=$func_basename_result + output_path=$func_dirname_result + cwrappersource=$output_path/$objdir/lt-$output_name.c + cwrapper=$output_path/$output_name.exe + $RM $cwrappersource $cwrapper + trap "$RM $cwrappersource $cwrapper; exit $EXIT_FAILURE" 1 2 15 + + func_emit_cwrapperexe_src > $cwrappersource + + # The wrapper executable is built using the $host compiler, + # because it contains $host paths and files. If cross- + # compiling, it, like the target executable, must be + # executed on the $host or under an emulation environment. + $opt_dry_run || { + $LTCC $LTCFLAGS -o $cwrapper $cwrappersource + $STRIP $cwrapper + } + + # Now, create the wrapper script for func_source use: + func_ltwrapper_scriptname $cwrapper + $RM $func_ltwrapper_scriptname_result + trap "$RM $func_ltwrapper_scriptname_result; exit $EXIT_FAILURE" 1 2 15 + $opt_dry_run || { + # note: this script will not be executed, so do not chmod. + if test "x$build" = "x$host"; then + $cwrapper --lt-dump-script > $func_ltwrapper_scriptname_result + else + func_emit_wrapper no > $func_ltwrapper_scriptname_result + fi + } + ;; + * ) + $RM $output + trap "$RM $output; exit $EXIT_FAILURE" 1 2 15 + + func_emit_wrapper no > $output + chmod +x $output + ;; + esac + } + exit $EXIT_SUCCESS + ;; + esac + + # See if we need to build an old-fashioned archive. + for oldlib in $oldlibs; do + + case $build_libtool_libs in + convenience) + oldobjs="$libobjs_save $symfileobj" + addlibs=$convenience + build_libtool_libs=no + ;; + module) + oldobjs=$libobjs_save + addlibs=$old_convenience + build_libtool_libs=no + ;; + *) + oldobjs="$old_deplibs $non_pic_objects" + $preload && test -f "$symfileobj" \ + && func_append oldobjs " $symfileobj" + addlibs=$old_convenience + ;; + esac + + if test -n "$addlibs"; then + gentop=$output_objdir/${outputname}x + func_append generated " $gentop" + + func_extract_archives $gentop $addlibs + func_append oldobjs " $func_extract_archives_result" + fi + + # Do each command in the archive commands. + if test -n "$old_archive_from_new_cmds" && test yes = "$build_libtool_libs"; then + cmds=$old_archive_from_new_cmds + else + + # Add any objects from preloaded convenience libraries + if test -n "$dlprefiles"; then + gentop=$output_objdir/${outputname}x + func_append generated " $gentop" + + func_extract_archives $gentop $dlprefiles + func_append oldobjs " $func_extract_archives_result" + fi + + # POSIX demands no paths to be encoded in archives. We have + # to avoid creating archives with duplicate basenames if we + # might have to extract them afterwards, e.g., when creating a + # static archive out of a convenience library, or when linking + # the entirety of a libtool archive into another (currently + # not supported by libtool). + if (for obj in $oldobjs + do + func_basename "$obj" + $ECHO "$func_basename_result" + done | sort | sort -uc >/dev/null 2>&1); then + : + else + echo "copying selected object files to avoid basename conflicts..." + gentop=$output_objdir/${outputname}x + func_append generated " $gentop" + func_mkdir_p "$gentop" + save_oldobjs=$oldobjs + oldobjs= + counter=1 + for obj in $save_oldobjs + do + func_basename "$obj" + objbase=$func_basename_result + case " $oldobjs " in + " ") oldobjs=$obj ;; + *[\ /]"$objbase "*) + while :; do + # Make sure we don't pick an alternate name that also + # overlaps. + newobj=lt$counter-$objbase + func_arith $counter + 1 + counter=$func_arith_result + case " $oldobjs " in + *[\ /]"$newobj "*) ;; + *) if test ! -f "$gentop/$newobj"; then break; fi ;; + esac + done + func_show_eval "ln $obj $gentop/$newobj || cp $obj $gentop/$newobj" + func_append oldobjs " $gentop/$newobj" + ;; + *) func_append oldobjs " $obj" ;; + esac + done + fi + func_to_tool_file "$oldlib" func_convert_file_msys_to_w32 + tool_oldlib=$func_to_tool_file_result + eval cmds=\"$old_archive_cmds\" + + func_len " $cmds" + len=$func_len_result + if test "$len" -lt "$max_cmd_len" || test "$max_cmd_len" -le -1; then + cmds=$old_archive_cmds + elif test -n "$archiver_list_spec"; then + func_verbose "using command file archive linking..." + for obj in $oldobjs + do + func_to_tool_file "$obj" + $ECHO "$func_to_tool_file_result" + done > $output_objdir/$libname.libcmd + func_to_tool_file "$output_objdir/$libname.libcmd" + oldobjs=" $archiver_list_spec$func_to_tool_file_result" + cmds=$old_archive_cmds + else + # the command line is too long to link in one step, link in parts + func_verbose "using piecewise archive linking..." + save_RANLIB=$RANLIB + RANLIB=: + objlist= + concat_cmds= + save_oldobjs=$oldobjs + oldobjs= + # Is there a better way of finding the last object in the list? + for obj in $save_oldobjs + do + last_oldobj=$obj + done + eval test_cmds=\"$old_archive_cmds\" + func_len " $test_cmds" + len0=$func_len_result + len=$len0 + for obj in $save_oldobjs + do + func_len " $obj" + func_arith $len + $func_len_result + len=$func_arith_result + func_append objlist " $obj" + if test "$len" -lt "$max_cmd_len"; then + : + else + # the above command should be used before it gets too long + oldobjs=$objlist + if test "$obj" = "$last_oldobj"; then + RANLIB=$save_RANLIB + fi + test -z "$concat_cmds" || concat_cmds=$concat_cmds~ + eval concat_cmds=\"\$concat_cmds$old_archive_cmds\" + objlist= + len=$len0 + fi + done + RANLIB=$save_RANLIB + oldobjs=$objlist + if test -z "$oldobjs"; then + eval cmds=\"\$concat_cmds\" + else + eval cmds=\"\$concat_cmds~\$old_archive_cmds\" + fi + fi + fi + func_execute_cmds "$cmds" 'exit $?' + done + + test -n "$generated" && \ + func_show_eval "${RM}r$generated" + + # Now create the libtool archive. + case $output in + *.la) + old_library= + test yes = "$build_old_libs" && old_library=$libname.$libext + func_verbose "creating $output" + + # Preserve any variables that may affect compiler behavior + for var in $variables_saved_for_relink; do + if eval test -z \"\${$var+set}\"; then + relink_command="{ test -z \"\${$var+set}\" || $lt_unset $var || { $var=; export $var; }; }; $relink_command" + elif eval var_value=\$$var; test -z "$var_value"; then + relink_command="$var=; export $var; $relink_command" + else + func_quote_for_eval "$var_value" + relink_command="$var=$func_quote_for_eval_result; export $var; $relink_command" + fi + done + # Quote the link command for shipping. + relink_command="(cd `pwd`; $SHELL \"$progpath\" $preserve_args --mode=relink $libtool_args @inst_prefix_dir@)" + relink_command=`$ECHO "$relink_command" | $SED "$sed_quote_subst"` + if test yes = "$hardcode_automatic"; then + relink_command= + fi + + # Only create the output if not a dry run. + $opt_dry_run || { + for installed in no yes; do + if test yes = "$installed"; then + if test -z "$install_libdir"; then + break + fi + output=$output_objdir/${outputname}i + # Replace all uninstalled libtool libraries with the installed ones + newdependency_libs= + for deplib in $dependency_libs; do + case $deplib in + *.la) + func_basename "$deplib" + name=$func_basename_result + func_resolve_sysroot "$deplib" + eval libdir=`$SED -n -e 's/^libdir=\(.*\)$/\1/p' $func_resolve_sysroot_result` + test -z "$libdir" && \ + func_fatal_error "'$deplib' is not a valid libtool archive" + func_append newdependency_libs " ${lt_sysroot:+=}$libdir/$name" + ;; + -L*) + func_stripname -L '' "$deplib" + func_replace_sysroot "$func_stripname_result" + func_append newdependency_libs " -L$func_replace_sysroot_result" + ;; + -R*) + func_stripname -R '' "$deplib" + func_replace_sysroot "$func_stripname_result" + func_append newdependency_libs " -R$func_replace_sysroot_result" + ;; + *) func_append newdependency_libs " $deplib" ;; + esac + done + dependency_libs=$newdependency_libs + newdlfiles= + + for lib in $dlfiles; do + case $lib in + *.la) + func_basename "$lib" + name=$func_basename_result + eval libdir=`$SED -n -e 's/^libdir=\(.*\)$/\1/p' $lib` + test -z "$libdir" && \ + func_fatal_error "'$lib' is not a valid libtool archive" + func_append newdlfiles " ${lt_sysroot:+=}$libdir/$name" + ;; + *) func_append newdlfiles " $lib" ;; + esac + done + dlfiles=$newdlfiles + newdlprefiles= + for lib in $dlprefiles; do + case $lib in + *.la) + # Only pass preopened files to the pseudo-archive (for + # eventual linking with the app. that links it) if we + # didn't already link the preopened objects directly into + # the library: + func_basename "$lib" + name=$func_basename_result + eval libdir=`$SED -n -e 's/^libdir=\(.*\)$/\1/p' $lib` + test -z "$libdir" && \ + func_fatal_error "'$lib' is not a valid libtool archive" + func_append newdlprefiles " ${lt_sysroot:+=}$libdir/$name" + ;; + esac + done + dlprefiles=$newdlprefiles + else + newdlfiles= + for lib in $dlfiles; do + case $lib in + [\\/]* | [A-Za-z]:[\\/]*) abs=$lib ;; + *) abs=`pwd`"/$lib" ;; + esac + func_append newdlfiles " $abs" + done + dlfiles=$newdlfiles + newdlprefiles= + for lib in $dlprefiles; do + case $lib in + [\\/]* | [A-Za-z]:[\\/]*) abs=$lib ;; + *) abs=`pwd`"/$lib" ;; + esac + func_append newdlprefiles " $abs" + done + dlprefiles=$newdlprefiles + fi + $RM $output + # place dlname in correct position for cygwin + # In fact, it would be nice if we could use this code for all target + # systems that can't hard-code library paths into their executables + # and that have no shared library path variable independent of PATH, + # but it turns out we can't easily determine that from inspecting + # libtool variables, so we have to hard-code the OSs to which it + # applies here; at the moment, that means platforms that use the PE + # object format with DLL files. See the long comment at the top of + # tests/bindir.at for full details. + tdlname=$dlname + case $host,$output,$installed,$module,$dlname in + *cygwin*,*lai,yes,no,*.dll | *mingw*,*lai,yes,no,*.dll | *cegcc*,*lai,yes,no,*.dll) + # If a -bindir argument was supplied, place the dll there. + if test -n "$bindir"; then + func_relative_path "$install_libdir" "$bindir" + tdlname=$func_relative_path_result/$dlname + else + # Otherwise fall back on heuristic. + tdlname=../bin/$dlname + fi + ;; + esac + $ECHO > $output "\ +# $outputname - a libtool library file +# Generated by $PROGRAM (GNU $PACKAGE) $VERSION +# +# Please DO NOT delete this file! +# It is necessary for linking the library. + +# The name that we can dlopen(3). +dlname='$tdlname' + +# Names of this library. +library_names='$library_names' + +# The name of the static archive. +old_library='$old_library' + +# Linker flags that cannot go in dependency_libs. +inherited_linker_flags='$new_inherited_linker_flags' + +# Libraries that this one depends upon. +dependency_libs='$dependency_libs' + +# Names of additional weak libraries provided by this library +weak_library_names='$weak_libs' + +# Version information for $libname. +current=$current +age=$age +revision=$revision + +# Is this an already installed library? +installed=$installed + +# Should we warn about portability when linking against -modules? +shouldnotlink=$module + +# Files to dlopen/dlpreopen +dlopen='$dlfiles' +dlpreopen='$dlprefiles' + +# Directory that this library needs to be installed in: +libdir='$install_libdir'" + if test no,yes = "$installed,$need_relink"; then + $ECHO >> $output "\ +relink_command=\"$relink_command\"" + fi + done + } + + # Do a symbolic link so that the libtool archive can be found in + # LD_LIBRARY_PATH before the program is installed. + func_show_eval '( cd "$output_objdir" && $RM "$outputname" && $LN_S "../$outputname" "$outputname" )' 'exit $?' + ;; + esac + exit $EXIT_SUCCESS +} + +if test link = "$opt_mode" || test relink = "$opt_mode"; then + func_mode_link ${1+"$@"} +fi + + +# func_mode_uninstall arg... +func_mode_uninstall () +{ + $debug_cmd + + RM=$nonopt + files= + rmforce=false + exit_status=0 + + # This variable tells wrapper scripts just to set variables rather + # than running their programs. + libtool_install_magic=$magic + + for arg + do + case $arg in + -f) func_append RM " $arg"; rmforce=: ;; + -*) func_append RM " $arg" ;; + *) func_append files " $arg" ;; + esac + done + + test -z "$RM" && \ + func_fatal_help "you must specify an RM program" + + rmdirs= + + for file in $files; do + func_dirname "$file" "" "." + dir=$func_dirname_result + if test . = "$dir"; then + odir=$objdir + else + odir=$dir/$objdir + fi + func_basename "$file" + name=$func_basename_result + test uninstall = "$opt_mode" && odir=$dir + + # Remember odir for removal later, being careful to avoid duplicates + if test clean = "$opt_mode"; then + case " $rmdirs " in + *" $odir "*) ;; + *) func_append rmdirs " $odir" ;; + esac + fi + + # Don't error if the file doesn't exist and rm -f was used. + if { test -L "$file"; } >/dev/null 2>&1 || + { test -h "$file"; } >/dev/null 2>&1 || + test -f "$file"; then + : + elif test -d "$file"; then + exit_status=1 + continue + elif $rmforce; then + continue + fi + + rmfiles=$file + + case $name in + *.la) + # Possibly a libtool archive, so verify it. + if func_lalib_p "$file"; then + func_source $dir/$name + + # Delete the libtool libraries and symlinks. + for n in $library_names; do + func_append rmfiles " $odir/$n" + done + test -n "$old_library" && func_append rmfiles " $odir/$old_library" + + case $opt_mode in + clean) + case " $library_names " in + *" $dlname "*) ;; + *) test -n "$dlname" && func_append rmfiles " $odir/$dlname" ;; + esac + test -n "$libdir" && func_append rmfiles " $odir/$name $odir/${name}i" + ;; + uninstall) + if test -n "$library_names"; then + # Do each command in the postuninstall commands. + func_execute_cmds "$postuninstall_cmds" '$rmforce || exit_status=1' + fi + + if test -n "$old_library"; then + # Do each command in the old_postuninstall commands. + func_execute_cmds "$old_postuninstall_cmds" '$rmforce || exit_status=1' + fi + # FIXME: should reinstall the best remaining shared library. + ;; + esac + fi + ;; + + *.lo) + # Possibly a libtool object, so verify it. + if func_lalib_p "$file"; then + + # Read the .lo file + func_source $dir/$name + + # Add PIC object to the list of files to remove. + if test -n "$pic_object" && test none != "$pic_object"; then + func_append rmfiles " $dir/$pic_object" + fi + + # Add non-PIC object to the list of files to remove. + if test -n "$non_pic_object" && test none != "$non_pic_object"; then + func_append rmfiles " $dir/$non_pic_object" + fi + fi + ;; + + *) + if test clean = "$opt_mode"; then + noexename=$name + case $file in + *.exe) + func_stripname '' '.exe' "$file" + file=$func_stripname_result + func_stripname '' '.exe' "$name" + noexename=$func_stripname_result + # $file with .exe has already been added to rmfiles, + # add $file without .exe + func_append rmfiles " $file" + ;; + esac + # Do a test to see if this is a libtool program. + if func_ltwrapper_p "$file"; then + if func_ltwrapper_executable_p "$file"; then + func_ltwrapper_scriptname "$file" + relink_command= + func_source $func_ltwrapper_scriptname_result + func_append rmfiles " $func_ltwrapper_scriptname_result" + else + relink_command= + func_source $dir/$noexename + fi + + # note $name still contains .exe if it was in $file originally + # as does the version of $file that was added into $rmfiles + func_append rmfiles " $odir/$name $odir/${name}S.$objext" + if test yes = "$fast_install" && test -n "$relink_command"; then + func_append rmfiles " $odir/lt-$name" + fi + if test "X$noexename" != "X$name"; then + func_append rmfiles " $odir/lt-$noexename.c" + fi + fi + fi + ;; + esac + func_show_eval "$RM $rmfiles" 'exit_status=1' + done + + # Try to remove the $objdir's in the directories where we deleted files + for dir in $rmdirs; do + if test -d "$dir"; then + func_show_eval "rmdir $dir >/dev/null 2>&1" + fi + done + + exit $exit_status +} + +if test uninstall = "$opt_mode" || test clean = "$opt_mode"; then + func_mode_uninstall ${1+"$@"} +fi + +test -z "$opt_mode" && { + help=$generic_help + func_fatal_help "you must specify a MODE" +} + +test -z "$exec_cmd" && \ + func_fatal_help "invalid operation mode '$opt_mode'" + +if test -n "$exec_cmd"; then + eval exec "$exec_cmd" + exit $EXIT_FAILURE +fi + +exit $exit_status + + +# The TAGs below are defined such that we never get into a situation +# where we disable both kinds of libraries. Given conflicting +# choices, we go for a static library, that is the most portable, +# since we can't tell whether shared libraries were disabled because +# the user asked for that or because the platform doesn't support +# them. This is particularly important on AIX, because we don't +# support having both static and shared libraries enabled at the same +# time on that platform, so we default to a shared-only configuration. +# If a disable-shared tag is given, we'll fallback to a static-only +# configuration. But we'll never go from static-only to shared-only. + +# ### BEGIN LIBTOOL TAG CONFIG: disable-shared +build_libtool_libs=no +build_old_libs=yes +# ### END LIBTOOL TAG CONFIG: disable-shared + +# ### BEGIN LIBTOOL TAG CONFIG: disable-static +build_old_libs=`case $build_libtool_libs in yes) echo no;; *) echo yes;; esac` +# ### END LIBTOOL TAG CONFIG: disable-static + +# Local Variables: +# mode:shell-script +# sh-indentation:2 +# End: diff --git a/build-aux/mdate-sh b/build-aux/mdate-sh new file mode 100755 index 0000000..8c7a590 --- /dev/null +++ b/build-aux/mdate-sh @@ -0,0 +1,228 @@ +#!/bin/sh +# Get modification time of a file or directory and pretty-print it. + +scriptversion=2018-03-07.03; # UTC + +# Copyright (C) 1995-2018 Free Software Foundation, Inc. +# written by Ulrich Drepper <drepper@gnu.ai.mit.edu>, June 1995 +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2, or (at your option) +# any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <https://www.gnu.org/licenses/>. + +# As a special exception to the GNU General Public License, if you +# distribute this file as part of a program that contains a +# configuration script generated by Autoconf, you may include it under +# the same distribution terms that you use for the rest of that program. + +# This file is maintained in Automake, please report +# bugs to <bug-automake@gnu.org> or send patches to +# <automake-patches@gnu.org>. + +if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then + emulate sh + NULLCMD=: + # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which + # is contrary to our usage. Disable this feature. + alias -g '${1+"$@"}'='"$@"' + setopt NO_GLOB_SUBST +fi + +case $1 in + '') + echo "$0: No file. Try '$0 --help' for more information." 1>&2 + exit 1; + ;; + -h | --h*) + cat <<\EOF +Usage: mdate-sh [--help] [--version] FILE + +Pretty-print the modification day of FILE, in the format: +1 January 1970 + +Report bugs to <bug-automake@gnu.org>. +EOF + exit $? + ;; + -v | --v*) + echo "mdate-sh $scriptversion" + exit $? + ;; +esac + +error () +{ + echo "$0: $1" >&2 + exit 1 +} + + +# Prevent date giving response in another language. +LANG=C +export LANG +LC_ALL=C +export LC_ALL +LC_TIME=C +export LC_TIME + +# Use UTC to get reproducible result. +TZ=UTC0 +export TZ + +# GNU ls changes its time format in response to the TIME_STYLE +# variable. Since we cannot assume 'unset' works, revert this +# variable to its documented default. +if test "${TIME_STYLE+set}" = set; then + TIME_STYLE=posix-long-iso + export TIME_STYLE +fi + +save_arg1=$1 + +# Find out how to get the extended ls output of a file or directory. +if ls -L /dev/null 1>/dev/null 2>&1; then + ls_command='ls -L -l -d' +else + ls_command='ls -l -d' +fi +# Avoid user/group names that might have spaces, when possible. +if ls -n /dev/null 1>/dev/null 2>&1; then + ls_command="$ls_command -n" +fi + +# A 'ls -l' line looks as follows on OS/2. +# drwxrwx--- 0 Aug 11 2001 foo +# This differs from Unix, which adds ownership information. +# drwxrwx--- 2 root root 4096 Aug 11 2001 foo +# +# To find the date, we split the line on spaces and iterate on words +# until we find a month. This cannot work with files whose owner is a +# user named "Jan", or "Feb", etc. However, it's unlikely that '/' +# will be owned by a user whose name is a month. So we first look at +# the extended ls output of the root directory to decide how many +# words should be skipped to get the date. + +# On HPUX /bin/sh, "set" interprets "-rw-r--r--" as options, so the "x" below. +set x`$ls_command /` + +# Find which argument is the month. +month= +command= +until test $month +do + test $# -gt 0 || error "failed parsing '$ls_command /' output" + shift + # Add another shift to the command. + command="$command shift;" + case $1 in + Jan) month=January; nummonth=1;; + Feb) month=February; nummonth=2;; + Mar) month=March; nummonth=3;; + Apr) month=April; nummonth=4;; + May) month=May; nummonth=5;; + Jun) month=June; nummonth=6;; + Jul) month=July; nummonth=7;; + Aug) month=August; nummonth=8;; + Sep) month=September; nummonth=9;; + Oct) month=October; nummonth=10;; + Nov) month=November; nummonth=11;; + Dec) month=December; nummonth=12;; + esac +done + +test -n "$month" || error "failed parsing '$ls_command /' output" + +# Get the extended ls output of the file or directory. +set dummy x`eval "$ls_command \"\\\$save_arg1\""` + +# Remove all preceding arguments +eval $command + +# Because of the dummy argument above, month is in $2. +# +# On a POSIX system, we should have +# +# $# = 5 +# $1 = file size +# $2 = month +# $3 = day +# $4 = year or time +# $5 = filename +# +# On Darwin 7.7.0 and 7.6.0, we have +# +# $# = 4 +# $1 = day +# $2 = month +# $3 = year or time +# $4 = filename + +# Get the month. +case $2 in + Jan) month=January; nummonth=1;; + Feb) month=February; nummonth=2;; + Mar) month=March; nummonth=3;; + Apr) month=April; nummonth=4;; + May) month=May; nummonth=5;; + Jun) month=June; nummonth=6;; + Jul) month=July; nummonth=7;; + Aug) month=August; nummonth=8;; + Sep) month=September; nummonth=9;; + Oct) month=October; nummonth=10;; + Nov) month=November; nummonth=11;; + Dec) month=December; nummonth=12;; +esac + +case $3 in + ???*) day=$1;; + *) day=$3; shift;; +esac + +# Here we have to deal with the problem that the ls output gives either +# the time of day or the year. +case $3 in + *:*) set `date`; eval year=\$$# + case $2 in + Jan) nummonthtod=1;; + Feb) nummonthtod=2;; + Mar) nummonthtod=3;; + Apr) nummonthtod=4;; + May) nummonthtod=5;; + Jun) nummonthtod=6;; + Jul) nummonthtod=7;; + Aug) nummonthtod=8;; + Sep) nummonthtod=9;; + Oct) nummonthtod=10;; + Nov) nummonthtod=11;; + Dec) nummonthtod=12;; + esac + # For the first six month of the year the time notation can also + # be used for files modified in the last year. + if (expr $nummonth \> $nummonthtod) > /dev/null; + then + year=`expr $year - 1` + fi;; + *) year=$3;; +esac + +# The result. +echo $day $month $year + +# Local Variables: +# mode: shell-script +# sh-indentation: 2 +# eval: (add-hook 'before-save-hook 'time-stamp) +# time-stamp-start: "scriptversion=" +# time-stamp-format: "%:y-%02m-%02d.%02H" +# time-stamp-time-zone: "UTC0" +# time-stamp-end: "; # UTC" +# End: diff --git a/build-aux/missing b/build-aux/missing new file mode 100755 index 0000000..625aeb1 --- /dev/null +++ b/build-aux/missing @@ -0,0 +1,215 @@ +#! /bin/sh +# Common wrapper for a few potentially missing GNU programs. + +scriptversion=2018-03-07.03; # UTC + +# Copyright (C) 1996-2018 Free Software Foundation, Inc. +# Originally written by Fran,cois Pinard <pinard@iro.umontreal.ca>, 1996. + +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2, or (at your option) +# any later version. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <https://www.gnu.org/licenses/>. + +# As a special exception to the GNU General Public License, if you +# distribute this file as part of a program that contains a +# configuration script generated by Autoconf, you may include it under +# the same distribution terms that you use for the rest of that program. + +if test $# -eq 0; then + echo 1>&2 "Try '$0 --help' for more information" + exit 1 +fi + +case $1 in + + --is-lightweight) + # Used by our autoconf macros to check whether the available missing + # script is modern enough. + exit 0 + ;; + + --run) + # Back-compat with the calling convention used by older automake. + shift + ;; + + -h|--h|--he|--hel|--help) + echo "\ +$0 [OPTION]... PROGRAM [ARGUMENT]... + +Run 'PROGRAM [ARGUMENT]...', returning a proper advice when this fails due +to PROGRAM being missing or too old. + +Options: + -h, --help display this help and exit + -v, --version output version information and exit + +Supported PROGRAM values: + aclocal autoconf autoheader autom4te automake makeinfo + bison yacc flex lex help2man + +Version suffixes to PROGRAM as well as the prefixes 'gnu-', 'gnu', and +'g' are ignored when checking the name. + +Send bug reports to <bug-automake@gnu.org>." + exit $? + ;; + + -v|--v|--ve|--ver|--vers|--versi|--versio|--version) + echo "missing $scriptversion (GNU Automake)" + exit $? + ;; + + -*) + echo 1>&2 "$0: unknown '$1' option" + echo 1>&2 "Try '$0 --help' for more information" + exit 1 + ;; + +esac + +# Run the given program, remember its exit status. +"$@"; st=$? + +# If it succeeded, we are done. +test $st -eq 0 && exit 0 + +# Also exit now if we it failed (or wasn't found), and '--version' was +# passed; such an option is passed most likely to detect whether the +# program is present and works. +case $2 in --version|--help) exit $st;; esac + +# Exit code 63 means version mismatch. This often happens when the user +# tries to use an ancient version of a tool on a file that requires a +# minimum version. +if test $st -eq 63; then + msg="probably too old" +elif test $st -eq 127; then + # Program was missing. + msg="missing on your system" +else + # Program was found and executed, but failed. Give up. + exit $st +fi + +perl_URL=https://www.perl.org/ +flex_URL=https://github.com/westes/flex +gnu_software_URL=https://www.gnu.org/software + +program_details () +{ + case $1 in + aclocal|automake) + echo "The '$1' program is part of the GNU Automake package:" + echo "<$gnu_software_URL/automake>" + echo "It also requires GNU Autoconf, GNU m4 and Perl in order to run:" + echo "<$gnu_software_URL/autoconf>" + echo "<$gnu_software_URL/m4/>" + echo "<$perl_URL>" + ;; + autoconf|autom4te|autoheader) + echo "The '$1' program is part of the GNU Autoconf package:" + echo "<$gnu_software_URL/autoconf/>" + echo "It also requires GNU m4 and Perl in order to run:" + echo "<$gnu_software_URL/m4/>" + echo "<$perl_URL>" + ;; + esac +} + +give_advice () +{ + # Normalize program name to check for. + normalized_program=`echo "$1" | sed ' + s/^gnu-//; t + s/^gnu//; t + s/^g//; t'` + + printf '%s\n' "'$1' is $msg." + + configure_deps="'configure.ac' or m4 files included by 'configure.ac'" + case $normalized_program in + autoconf*) + echo "You should only need it if you modified 'configure.ac'," + echo "or m4 files included by it." + program_details 'autoconf' + ;; + autoheader*) + echo "You should only need it if you modified 'acconfig.h' or" + echo "$configure_deps." + program_details 'autoheader' + ;; + automake*) + echo "You should only need it if you modified 'Makefile.am' or" + echo "$configure_deps." + program_details 'automake' + ;; + aclocal*) + echo "You should only need it if you modified 'acinclude.m4' or" + echo "$configure_deps." + program_details 'aclocal' + ;; + autom4te*) + echo "You might have modified some maintainer files that require" + echo "the 'autom4te' program to be rebuilt." + program_details 'autom4te' + ;; + bison*|yacc*) + echo "You should only need it if you modified a '.y' file." + echo "You may want to install the GNU Bison package:" + echo "<$gnu_software_URL/bison/>" + ;; + lex*|flex*) + echo "You should only need it if you modified a '.l' file." + echo "You may want to install the Fast Lexical Analyzer package:" + echo "<$flex_URL>" + ;; + help2man*) + echo "You should only need it if you modified a dependency" \ + "of a man page." + echo "You may want to install the GNU Help2man package:" + echo "<$gnu_software_URL/help2man/>" + ;; + makeinfo*) + echo "You should only need it if you modified a '.texi' file, or" + echo "any other file indirectly affecting the aspect of the manual." + echo "You might want to install the Texinfo package:" + echo "<$gnu_software_URL/texinfo/>" + echo "The spurious makeinfo call might also be the consequence of" + echo "using a buggy 'make' (AIX, DU, IRIX), in which case you might" + echo "want to install GNU make:" + echo "<$gnu_software_URL/make/>" + ;; + *) + echo "You might have modified some files without having the proper" + echo "tools for further handling them. Check the 'README' file, it" + echo "often tells you about the needed prerequisites for installing" + echo "this package. You may also peek at any GNU archive site, in" + echo "case some other package contains this missing '$1' program." + ;; + esac +} + +give_advice "$1" | sed -e '1s/^/WARNING: /' \ + -e '2,$s/^/ /' >&2 + +# Propagate the correct exit status (expected to be 127 for a program +# not found, 63 for a program that failed due to version mismatch). +exit $st + +# Local variables: +# eval: (add-hook 'before-save-hook 'time-stamp) +# time-stamp-start: "scriptversion=" +# time-stamp-format: "%:y-%02m-%02d.%02H" +# time-stamp-time-zone: "UTC0" +# time-stamp-end: "; # UTC" +# End: diff --git a/build-aux/pmccabe.css b/build-aux/pmccabe.css new file mode 100644 index 0000000..a10ee35 --- /dev/null +++ b/build-aux/pmccabe.css @@ -0,0 +1,159 @@ +body { + font-family: Helvetica, sans-serif; +} + +.page_title { + font: 18pt Georgia, serif; + color: darkred; +} + +.section_title { + font: 14pt Georgia, serif; + color: darkred; +} + +.report_timestamp { + color: darkred; + font-weight: bold; +} + +.function_src { + text-align: left; + background: white; +} + +.resume_table { +} + +.resume_header_entry { + color: black; +} + +.resume_number_entry { + color: darkred; + font-weight: bold; + text-align: right; +} + +.ranges_table { + border-spacing: 0px; + border-bottom: solid 2px black; + border-top: solid 2px black; + border-left: solid 2px black; + border-right: solid 2px black; +} + +.ranges_header_entry { + padding: 5px; + border-bottom: solid 1px black; + font-size: 1em; + font-weight: bold; + color: darkred; + text-align: left; +} + +.ranges_entry { +} + +.ranges_entry_simple { + background: #87ff75; +} + +.ranges_entry_moderate { + background: #fffc60; +} + +.ranges_entry_high { + background: #ff5a5d; +} + +.ranges_entry_untestable { + background: #993300 +} + + +.function_table { + border-spacing: 0px; + border-bottom: solid 2px black; + border-top: solid 2px black; + border-left: solid 2px black; + border-right: solid 2px black; +} + +.function_table_caption { + font-size: 1.1em; + font-weight: bold; + color: black; + padding: 5px; +} + +.function_table_header { +} + + +.function_table_header_entry { + padding: 5px; + border-bottom: solid 1px black; + font-size: 1em; + font-weight: bold; + color: darkred; + text-align: left; +} + +.function_entry { +} + + +.function_entry_simple { + background: #87ff75; +} + +.function_entry_moderate { + background: #fffc60; +} + +.function_entry_high { + background: #ff5a5d; +} + +.function_entry_untestable { + background: #993300 +} + + +.function_entry_name { + font-size: 1em; + text-align: left; + font-weight: bold; + text-valign: top; + + border-top: solid 1px black; + padding: 3px; +} + +.function_entry_cyclo { + font-size: 1em; + text-align: right; + text-valign: top; + + border-top: solid 1px black; + padding: 3px; +} + +.function_entry_number { + font-size: 1em; + text-align: right; + text-valign: top; + + border-top: solid 1px black; + padding: 3px; +} + +.function_entry_filename { + font-size: 1em; + text-align: left; + text-valign: top; + + border-top: solid 1px black; + padding: 3px; +} diff --git a/build-aux/pmccabe2html b/build-aux/pmccabe2html new file mode 100644 index 0000000..7dcfb0b --- /dev/null +++ b/build-aux/pmccabe2html @@ -0,0 +1,911 @@ +# pmccabe2html - AWK script to convert pmccabe output to html -*- awk -*- + +# Copyright (C) 2007-2019 Free Software Foundation, Inc. + +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <https://www.gnu.org/licenses/>. + +# Written by Jose E. Marchesi <jemarch@gnu.org>. +# Adapted for gnulib by Simon Josefsson <simon@josefsson.org>. +# Added support for C++ by Giuseppe Scrivano <gscrivano@gnu.org>. + +# Typical Invocation is from a Makefile.am: +# +# CYCLO_SOURCES = ${top_srcdir}/src/*.[ch] +# +# cyclo-$(PACKAGE).html: $(CYCLO_SOURCES) +# $(PMCCABE) $(CYCLO_SOURCES) \ +# | sort -nr \ +# | $(AWK) -f ${top_srcdir}/build-aux/pmccabe2html \ +# -v lang=html -v name="$(PACKAGE_NAME)" \ +# -v vcurl="https://git.savannah.gnu.org/gitweb/?p=$(PACKAGE).git;a=blob;f=%FILENAME%;hb=HEAD" \ +# -v url="https://www.gnu.org/software/$(PACKAGE)/" \ +# -v css=${top_srcdir}/build-aux/pmccabe.css \ +# -v cut_dir=${top_srcdir}/ \ +# > $@-tmp +# mv $@-tmp $@ +# +# The variables available are: +# lang output language, either 'html' or 'wiki' +# name project name +# url link to project's home page +# vcurl URL to version controlled source code browser, +# a %FILENAME% in the string is replaced with the relative +# source filename +# css CSS stylesheet filename, included verbatim in HTML output +# css_url link to CSS stylesheet, an URL + +# Prologue & configuration +BEGIN { + # Portable lookup of present time. + "date +%s" | getline epoch_time + "date" | getline chronos_time + + section_global_stats_p = 1 + section_function_cyclo_p = 1 + + # "html" or "wiki" + package_name = name + output_lang = lang + + # General Options + cyclo_simple_max = 10 + cyclo_moderate_max = 20 + cyclo_high_max = 50 + source_file_link_tmpl = vcurl + + # HTML options + if (url != "") + { + html_prolog = "<a href=\"" url "\">Back to " package_name " Homepage</a><br/><br/>" + } + html_epilog = "<hr color=\"black\" size=\"2\"/> \ +Copyright (c) 2007, 2008 Free Software Foundation, Inc." + html_doctype = "<!DOCTYPE html PUBLIC \"-//W3C//DTD HTML 4.01 Transitional//EN\" \ +\"http://www.w3.org/TR/html401/loose.dtd\">" + html_comment = "<!-- Generated by gnulib's pmccabe2html at " epoch_time " -->" + html_title = "Cyclomatic Complexity report for " package_name + + # Wiki options + wiki_prolog = "{{Note|This page has been automatically generated}}" + wiki_epilog = "" + + # Internal variables + nfuncs = 0; +} + +# Functions + +function build_stats() +{ + # Maximum modified cyclo + for (fcn in mcyclo) + { + num_of_functions++ + if (mcyclo[fcn] > max_mcyclo) + { + max_mcyclo = mcyclo[fcn] + } + + if (mcyclo[fcn] > cyclo_high_max) + { + num_of_untestable_functions++ + } + else if (mcyclo[fcn] > cyclo_moderate_max) + { + num_of_high_functions++ + } + else if (mcyclo[fcn] > cyclo_simple_max) + { + num_of_moderate_functions++ + } + else + { + num_of_simple_functions++ + } + } +} + +function html_fnc_table_complete (caption) +{ + html_fnc_table(caption, 1, 1, 0, 1, 1, 0, 1) +} + +function html_fnc_table_abbrev (caption) +{ + html_fnc_table(caption, 1, 1, 0, 0, 1, 0, 0) +} + + +function html_fnc_table (caption, + fname_p, + mcyclo_p, + cyclo_p, + num_statements_p, + num_lines_p, + first_line_p, + file_p) +{ + print "<table width=\"90%\" class=\"function_table\" cellpadding=\"0\" cellspacing=\"0\">" + if (caption != "") + { + print "<caption class=\"function_table_caption\">" caption "</caption>" + } + html_fnc_header(fname_p, + mcyclo_p, + cyclo_p, + num_statements_p, + num_lines_p, + first_line_p, + file_p) + for (nfnc = 1; nfnc <= nfuncs; nfnc++) + { + html_fnc(nfnc, + fname_p, + mcyclo_p, + cyclo_p, + num_statements_p, + num_lines_p, + first_line_p, + file_p) + } + print "</table>" +} + +function html_header () +{ + print html_doctype + print "<html>" + print html_comment + print "<head>" + print "<title>" html_title "" + print "" + print "" + print "" + print "" + print "" + print "" + print "" + print "" + + + if (css_url != "") + { + print "" + } + if (css != "") + { + print "" + close(css) + } + print "" + print "" +} + +function html_footer () +{ + print "" + print "" +} + +function html_fnc_header (fname_p, + mcyclo_p, + cyclo_p, + num_statements_p, + num_lines_p, + first_line_p, + file_p) +{ + print "" + if (fname_p) + { + # Function name + print "" + print "" + print "" + + print "" + print "Function Name" + print "" + } + if (mcyclo_p) + { + # Modified cyclo + print "" + print "Modified Cyclo" + print "" + } + if (cyclo_p) + { + # Cyclo + print "" + print "Cyclomatic" + print "
" + print "Complexity" + print "" + } + if (num_statements_p) + { + print "" + print "Number of" + print "
" + print "Statements" + print "" + } + if (num_lines_p) + { + print "" + print "Number of" + print "
" + print "Lines" + print "" + } + if (first_line_p) + { + print "" + print "First Line" + print "" + } + if (file_p) + { + print "" + print "Source File" + print "" + + } + print "" +} + +function html_fnc (nfun, + fname_p, + mcyclo_p, + cyclo_p, + num_statements_p, + num_lines_p, + first_line_p, + file_p) +{ + fname = fnames[nfun] + + # Function name + trclass = "function_entry_simple" + if (mcyclo[nfun] > cyclo_high_max) + { + trclass="function_entry_untestable" + } + else if (mcyclo[nfun] > cyclo_moderate_max) + { + trclass="function_entry_high" + } + else if (mcyclo[nfun] > cyclo_simple_max) + { + trclass="function_entry_moderate" + } + + print "" + if (fname_p) + { + print "" + if (file_p && mcyclo[nfun] > cyclo_simple_max) + { + print "\ +" + } + else + { + print " " + } + print "" + + print "" + print fname + print "" + } + if (mcyclo_p) + { + # Modified cyclo + print "" + print mcyclo[nfun] + print "" + } + if (cyclo_p) + { + # Cyclo + print "" + print cyclo[nfun] + print "" + } + if (num_statements_p) + { + # Number of statements + print "" + print num_statements[nfun] + print "" + } + if (num_lines_p) + { + # Number of lines + print "" + print num_lines[nfun] + print "" + } + if (first_line_p) + { + # First line + print "" + print first_line[nfun] + print "" + } + if (file_p) + { + href = "" + if (source_file_link_tmpl != "") + { + # Get href target + href = source_file_link_tmpl + sub(/%FILENAME%/, file[nfun], href) + } + + # Source file + print "" + if (href != "") + { + print "" file[nfun] "" + } + else + { + print file[nfun] + } + + print "" + + + print "" + + if (mcyclo[nfun] > cyclo_simple_max) + { + print "" + + num_columns = 1; + if (fname_p) { num_columns++ } + if (mcyclo_p) { num_columns++ } + if (cyclo_p) { num_columns++ } + if (num_statements_p) { num_columns++ } + if (num_lines_p) { num_columns++ } + if (first_line_p) { num_columns++ } + if (file_p) { num_columns++ } + + print "" + print "
" + print "
"
+
+            while ((getline codeline < (fname nfun "_fn.txt")) > 0)
+            {
+                gsub(/&/, "\\&", codeline)	# Must come first.
+                gsub(//, "\\>", codeline)
+
+                print codeline
+            }
+            close(fname nfun "_fn.txt")
+            system("rm " "'" fname "'" nfun "_fn.txt")
+            print "
" + print "
" + print "" + print "" + } + + } +} + +function html_global_stats () +{ + print "
Summary
" + + print "" + # Total number of functions + print "" + print "" + print "" + print "" + # Number of simple functions + print "" + print "" + print "" + print "" + # Number of moderate functions + print "" + print "" + print "" + print "" + # Number of high functions + print "" + print "" + print "" + print "" + # Number of untestable functions + print "" + print "" + print "" + print "" + print "
" + print "Total number of functions" + print "" + print num_of_functions + print "
" + print "Number of low risk functions" + print "" + print num_of_simple_functions + print "
" + print "Number of moderate risk functions" + print "" + print num_of_moderate_functions + print "
" + print "Number of high risk functions" + print "" + print num_of_high_functions + print "
" + print "Number of untestable functions" + print "" + print num_of_untestable_functions + print "
" + print "
" +} + +function html_function_cyclo () +{ + print "
Details for all functions
" + + print "" + print "" + print "" + print "" + print "" + print "" + # Simple + print "" + print "" + print "" + print "" + print "" + # Moderate + print "" + print "" + print "" + print "" + print "" + # High + print "" + print "" + print "" + print "" + print "" + # Untestable + print "" + print "" + print "" + print "" + print "" + print "
" + print " " + print "" + print "Cyclomatic Complexity" + print "" + print "Risk Evaluation" + print "
" + print " " + print "" + print "0 - " cyclo_simple_max + print "" + print "Simple module, without much risk" + print "
" + print " " + print "" + print cyclo_simple_max + 1 " - " cyclo_moderate_max + print "" + print "More complex module, moderate risk" + print "
" + print " " + print "" + print cyclo_moderate_max + 1 " - " cyclo_high_max + print "" + print "Complex module, high risk" + print "
" + print " " + print "" + print "greater than " cyclo_high_max + print "" + print "Untestable module, very high risk" + print "
" + print "
" + html_fnc_table_complete("") +} + +function wiki_global_stats () +{ + print "{| class=\"cyclo_summary_table\"" + # Total number of functions + print "|-" + print "| class=\"cyclo_summary_header_entry\" | Total number of functions" + print "| class=\"cyclo_summary_number_entry\" |" num_of_functions + # Number of simple functions + print "|-" + print "| class=\"cyclo_summary_header_entry\" | Number of low risk functions" + print "| class=\"cyclo_summary_number_entry\" |" num_of_simple_functions + # Number of moderate functions + print "|-" + print "| class=\"cyclo_summary_header_entry\" | Number of moderate risk functions" + print "| class=\"cyclo_summary_number_entry\" |" num_of_moderate_functions + # Number of high functions + print "|-" + print "| class=\"cyclo_summary_header_entry\" | Number of high risk functions" + print "| class=\"cyclo_summary_number_entry\" |" num_of_high_functions + # Number of untestable functions + print "|-" + print "| class=\"cyclo_summary_header_entry\" | Number of untestable functions" + print "| class=\"cyclo_summary_number_entry\" |" num_of_untestable_functions + print "|}" +} + +function wiki_function_cyclo () +{ + print "==Details for all functions==" + + print "Used ranges:" + + print "{| class =\"cyclo_ranges_table\"" + print "|-" + print "| class=\"cyclo_ranges_header_entry\" | " + print "| class=\"cyclo_ranges_header_entry\" | Cyclomatic Complexity" + print "| class=\"cyclo_ranges_header_entry\" | Risk Evaluation" + # Simple + print "|-" + print "| class=\"cyclo_ranges_entry_simple\" | " + print "| class=\"cyclo_ranges_entry\" | 0 - " cyclo_simple_max + print "| class=\"cyclo_ranges_entry\" | Simple module, without much risk" + # Moderate + print "|-" + print "| class=\"cyclo_ranges_entry_moderate\" | " + print "| class=\"cyclo_ranges_entry\" |" cyclo_simple_max + 1 " - " cyclo_moderate_max + print "| class=\"cyclo_ranges_entry\" | More complex module, moderate risk" + # High + print "|-" + print "| class=\"cyclo_ranges_entry_high\" | " + print "| class=\"cyclo_ranges_entry\" |" cyclo_moderate_max + 1 " - " cyclo_high_max + print "| class=\"cyclo_ranges_entry\" | Complex module, high risk" + # Untestable + print "|-" + print "| class=\"cyclo_ranges_entry_untestable\" | " + print "| class=\"cyclo_ranges_entry\" | greater than " cyclo_high_max + print "| class=\"cyclo_ranges_entry\" | Untestable module, very high risk" + print "|}" + + print "" + print "" + wiki_fnc_table_complete("") +} + +function wiki_fnc_table_complete (caption) +{ + wiki_fnc_table(caption, 1, 1, 0, 1, 1, 0, 1) +} + +function wiki_fnc_table_abbrev (caption) +{ + wiki_fnc_table(caption, 1, 0, 0, 0, 0, 0, 0) +} + +function wiki_fnc_table (caption, + fname_p, + mcyclo_p, + cyclo_p, + num_statements_p, + num_lines_p, + first_line_p, + file_p) +{ + print "{| width=\"90%\" class=\"cyclo_function_table\" cellpadding=\"0\" cellspacing=\"0\">" + if (caption != "") + { + print "|+" caption + } + wiki_fnc_header(fname_p, + mcyclo_p, + cyclo_p, + num_statements_p, + num_lines_p, + first_line_p, + file_p) + for (nfnc = 1; nfnc <= nfuncs; nfnc++) + { + wiki_fnc(nfnc, + fname_p, + mcyclo_p, + cyclo_p, + num_statements_p, + num_lines_p, + first_line_p, + file_p) + } + print "|}" +} + +function wiki_fnc_header (fname_p, + mcyclo_p, + cyclo_p, + num_statements_p, + num_lines_p, + first_line_p, + file_p) +{ + if (fname_p) + { + # Function name + print "! class=\"cyclo_function_table_header_entry\" | Function Name" + } + if (mcyclo_p) + { + # Modified cyclo + print "! class=\"cyclo_function_table_header_entry\" | Modified Cyclo" + } + if (cyclo_p) + { + # Cyclo + print "! class=\"cyclo_function_table_header_entry\" | Cyclomatic Complexity" + } + if (num_statements_p) + { + print "! class=\"cyclo_function_table_header_entry\" | Number of Statements" + } + if (num_lines_p) + { + print "! class=\"cyclo_function_table_header_entry\" | Number of Lines" + } + if (first_line_p) + { + print "! class=\"cyclo_function_table_header_entry\" | First Line" + } + if (file_p) + { + print "! class=\"cyclo_function_table_header_entry\" | Source File" + } +} + +function wiki_fnc (nfnc, + fname_p, + mcyclo_p, + cyclo_p, + num_statements_p, + num_lines_p, + first_line_p, + file_p) +{ + fname = fnames[nfnc] + + # Function name + trclass = "cyclo_function_entry_simple" + if (mcyclo[nfnc] > cyclo_high_max) + { + trclass="cyclo_function_entry_untestable" + } + else if (mcyclo[nfnc] > cyclo_moderate_max) + { + trclass="cyclo_function_entry_high" + } + else if (mcyclo[nfnc] > cyclo_simple_max) + { + trclass="cyclo_function_entry_moderate" + } + + print "|- class=\"" trclass "\"" + if (fname_p) + { + print "| class=\"cyclo_function_entry_name\" |" fname + } + if (mcyclo_p) + { + # Modified cyclo + print "| class=\"cyclo_function_entry_cyclo\" |" mcyclo[nfnc] + } + if (cyclo_p) + { + # Cyclo + print "| class=\"cyclo_function_entry_cyclo\" |" cyclo[nfnc] + } + if (num_statements_p) + { + # Number of statements + print "| class=\"cyclo_function_entry_number\" |" num_statements[nfnc] + } + if (num_lines_p) + { + # Number of lines + print "| class=\"cyclo_function_entry_number\" |" num_lines[nfnc] + } + if (first_line_p) + { + # First line + print "| class=\"cyclo_function_entry_number\" |" first_line[nfnc] + } + if (file_p) + { + href = "" + if (source_file_link_tmpl != "") + { + # Get href target + href = source_file_link_tmpl + sub(/%FILENAME%/, file[nfnc], href) + } + + # Source file + print "| class=\"cyclo_function_entry_filename\" |" \ + ((href != "") ? "[" href " " file[nfnc] "]" : "[" file[nfnc] "]") + } +} + +# Scan data from a line +{ + function_name = $7 + + nfuncs++; + fnames[nfuncs] = function_name + mcyclo[nfuncs] = $1 + cyclo[nfuncs] = $2 + num_statements[nfuncs] = $3 + first_line[nfuncs] = $4 + num_lines[nfuncs] = $5 + + # Build the filename from the file_spec ($6) + begin_util_path = index($6, cut_dir) + tmpfilename = substr($6, begin_util_path + length(cut_dir)) + sub(/\([0-9]+\):/, "", tmpfilename) + file[nfuncs] = tmpfilename + + if (mcyclo[nfuncs] > cyclo_simple_max) + { + # Extract function contents to a fn_txt file + filepath = $6 + + sub(/\([0-9]+\):/, "", filepath) + num_line = 0 + + while ((getline codeline < filepath) > 0) + { + num_line++; + if ((num_line >= first_line[nfuncs]) && + (num_line < first_line[nfuncs] + num_lines[nfuncs])) + { + print codeline > (function_name nfuncs "_fn.txt") + } + } + close (function_name nfuncs "_fn.txt") + close(filepath) + } + + # Initial values for statistics variables + num_of_functions = 0 + max_mcyclo = 0 + max_function_length = 0 + num_of_simple_functions = 0 + num_of_moderate_functions = 0 + num_of_high_functions = 0 + num_of_untestable_functions = 0 +} + +# Epilogue +END { + # Print header (only for html) + if (output_lang == "html") + { + html_header() + } + + # Print prolog + if ((output_lang == "html") && + (html_prolog != "")) + { + print html_prolog + } + if ((output_lang == "wiki") && + (wiki_prolog != "")) + { + print wiki_prolog + } + + if (output_lang == "html") + { + print "
" package_name " Cyclomatic Complexity Report
" + print "

Report generated at: " chronos_time "

" + } + if (output_lang == "wiki") + { + print "==" package_name " Cyclomatic Complexity Report==" + print "Report generated at: '''" chronos_time "'''" + } + + if (section_global_stats_p) + { + build_stats() + + if (output_lang == "html") + { + html_global_stats() + } + if (output_lang == "wiki") + { + wiki_global_stats() + } + } + if (section_function_cyclo_p) + { + if (output_lang == "html") + { + html_function_cyclo() + } + if (output_lang == "wiki") + { + wiki_function_cyclo() + } + } + + # Print epilog + if ((output_lang == "html") && + (html_epilog != "")) + { + print html_epilog + } + if ((output_lang == "wiki") && + (wiki_epilog != "")) + { + print wiki_epilog + } + + # Print footer (html only) + if (output_lang == "html") + { + html_footer() + } +} + +# End of pmccabe2html diff --git a/build-aux/test-driver b/build-aux/test-driver new file mode 100755 index 0000000..b8521a4 --- /dev/null +++ b/build-aux/test-driver @@ -0,0 +1,148 @@ +#! /bin/sh +# test-driver - basic testsuite driver script. + +scriptversion=2018-03-07.03; # UTC + +# Copyright (C) 2011-2018 Free Software Foundation, Inc. +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2, or (at your option) +# any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +# As a special exception to the GNU General Public License, if you +# distribute this file as part of a program that contains a +# configuration script generated by Autoconf, you may include it under +# the same distribution terms that you use for the rest of that program. + +# This file is maintained in Automake, please report +# bugs to or send patches to +# . + +# Make unconditional expansion of undefined variables an error. This +# helps a lot in preventing typo-related bugs. +set -u + +usage_error () +{ + echo "$0: $*" >&2 + print_usage >&2 + exit 2 +} + +print_usage () +{ + cat <$log_file 2>&1 +estatus=$? + +if test $enable_hard_errors = no && test $estatus -eq 99; then + tweaked_estatus=1 +else + tweaked_estatus=$estatus +fi + +case $tweaked_estatus:$expect_failure in + 0:yes) col=$red res=XPASS recheck=yes gcopy=yes;; + 0:*) col=$grn res=PASS recheck=no gcopy=no;; + 77:*) col=$blu res=SKIP recheck=no gcopy=yes;; + 99:*) col=$mgn res=ERROR recheck=yes gcopy=yes;; + *:yes) col=$lgn res=XFAIL recheck=no gcopy=yes;; + *:*) col=$red res=FAIL recheck=yes gcopy=yes;; +esac + +# Report the test outcome and exit status in the logs, so that one can +# know whether the test passed or failed simply by looking at the '.log' +# file, without the need of also peaking into the corresponding '.trs' +# file (automake bug#11814). +echo "$res $test_name (exit status: $estatus)" >>$log_file + +# Report outcome to console. +echo "${col}${res}${std}: $test_name" + +# Register the test result, and other relevant metadata. +echo ":test-result: $res" > $trs_file +echo ":global-test-result: $res" >> $trs_file +echo ":recheck: $recheck" >> $trs_file +echo ":copy-in-global-log: $gcopy" >> $trs_file + +# Local Variables: +# mode: shell-script +# sh-indentation: 2 +# eval: (add-hook 'before-save-hook 'time-stamp) +# time-stamp-start: "scriptversion=" +# time-stamp-format: "%:y-%02m-%02d.%02H" +# time-stamp-time-zone: "UTC0" +# time-stamp-end: "; # UTC" +# End: diff --git a/build-aux/texinfo.tex b/build-aux/texinfo.tex new file mode 100644 index 0000000..ccd1129 --- /dev/null +++ b/build-aux/texinfo.tex @@ -0,0 +1,11599 @@ +% texinfo.tex -- TeX macros to handle Texinfo files. +% +% Load plain if necessary, i.e., if running under initex. +\expandafter\ifx\csname fmtname\endcsname\relax\input plain\fi +% +\def\texinfoversion{2019-04-12.13} +% +% Copyright 1985, 1986, 1988, 1990-2019 Free Software Foundation, Inc. +% +% This texinfo.tex file is free software: you can redistribute it and/or +% modify it under the terms of the GNU General Public License as +% published by the Free Software Foundation, either version 3 of the +% License, or (at your option) any later version. +% +% This texinfo.tex file is distributed in the hope that it will be +% useful, but WITHOUT ANY WARRANTY; without even the implied warranty +% of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +% General Public License for more details. +% +% You should have received a copy of the GNU General Public License +% along with this program. If not, see . +% +% As a special exception, when this file is read by TeX when processing +% a Texinfo source document, you may use the result without +% restriction. This Exception is an additional permission under section 7 +% of the GNU General Public License, version 3 ("GPLv3"). +% +% Please try the latest version of texinfo.tex before submitting bug +% reports; you can get the latest version from: +% https://ftp.gnu.org/gnu/texinfo/ (the Texinfo release area), or +% https://ftpmirror.gnu.org/texinfo/ (same, via a mirror), or +% https://www.gnu.org/software/texinfo/ (the Texinfo home page) +% The texinfo.tex in any given distribution could well be out +% of date, so if that's what you're using, please check. +% +% Send bug reports to bug-texinfo@gnu.org. Please include including a +% complete document in each bug report with which we can reproduce the +% problem. Patches are, of course, greatly appreciated. +% +% To process a Texinfo manual with TeX, it's most reliable to use the +% texi2dvi shell script that comes with the distribution. For a simple +% manual foo.texi, however, you can get away with this: +% tex foo.texi +% texindex foo.?? +% tex foo.texi +% tex foo.texi +% dvips foo.dvi -o # or whatever; this makes foo.ps. +% The extra TeX runs get the cross-reference information correct. +% Sometimes one run after texindex suffices, and sometimes you need more +% than two; texi2dvi does it as many times as necessary. +% +% It is possible to adapt texinfo.tex for other languages, to some +% extent. You can get the existing language-specific files from the +% full Texinfo distribution. +% +% The GNU Texinfo home page is https://www.gnu.org/software/texinfo. + + +\message{Loading texinfo [version \texinfoversion]:} + +% If in a .fmt file, print the version number +% and turn on active characters that we couldn't do earlier because +% they might have appeared in the input file name. +\everyjob{\message{[Texinfo version \texinfoversion]}% + \catcode`+=\active \catcode`\_=\active} + +% LaTeX's \typeout. This ensures that the messages it is used for +% are identical in format to the corresponding ones from latex/pdflatex. +\def\typeout{\immediate\write17}% + +\chardef\other=12 + +% We never want plain's \outer definition of \+ in Texinfo. +% For @tex, we can use \tabalign. +\let\+ = \relax + +% Save some plain tex macros whose names we will redefine. +\let\ptexb=\b +\let\ptexbullet=\bullet +\let\ptexc=\c +\let\ptexcomma=\, +\let\ptexdot=\. +\let\ptexdots=\dots +\let\ptexend=\end +\let\ptexequiv=\equiv +\let\ptexexclam=\! +\let\ptexfootnote=\footnote +\let\ptexgtr=> +\let\ptexhat=^ +\let\ptexi=\i +\let\ptexindent=\indent +\let\ptexinsert=\insert +\let\ptexlbrace=\{ +\let\ptexless=< +\let\ptexnewwrite\newwrite +\let\ptexnoindent=\noindent +\let\ptexplus=+ +\let\ptexraggedright=\raggedright +\let\ptexrbrace=\} +\let\ptexslash=\/ +\let\ptexsp=\sp +\let\ptexstar=\* +\let\ptexsup=\sup +\let\ptext=\t +\let\ptextop=\top +{\catcode`\'=\active \global\let\ptexquoteright'}% active in plain's math mode + +% If this character appears in an error message or help string, it +% starts a new line in the output. +\newlinechar = `^^J + +% Use TeX 3.0's \inputlineno to get the line number, for better error +% messages, but if we're using an old version of TeX, don't do anything. +% +\ifx\inputlineno\thisisundefined + \let\linenumber = \empty % Pre-3.0. +\else + \def\linenumber{l.\the\inputlineno:\space} +\fi + +% Set up fixed words for English if not already set. +\ifx\putwordAppendix\undefined \gdef\putwordAppendix{Appendix}\fi +\ifx\putwordChapter\undefined \gdef\putwordChapter{Chapter}\fi +\ifx\putworderror\undefined \gdef\putworderror{error}\fi +\ifx\putwordfile\undefined \gdef\putwordfile{file}\fi +\ifx\putwordin\undefined \gdef\putwordin{in}\fi +\ifx\putwordIndexIsEmpty\undefined \gdef\putwordIndexIsEmpty{(Index is empty)}\fi +\ifx\putwordIndexNonexistent\undefined \gdef\putwordIndexNonexistent{(Index is nonexistent)}\fi +\ifx\putwordInfo\undefined \gdef\putwordInfo{Info}\fi +\ifx\putwordInstanceVariableof\undefined \gdef\putwordInstanceVariableof{Instance Variable of}\fi +\ifx\putwordMethodon\undefined \gdef\putwordMethodon{Method on}\fi +\ifx\putwordNoTitle\undefined \gdef\putwordNoTitle{No Title}\fi +\ifx\putwordof\undefined \gdef\putwordof{of}\fi +\ifx\putwordon\undefined \gdef\putwordon{on}\fi +\ifx\putwordpage\undefined \gdef\putwordpage{page}\fi +\ifx\putwordsection\undefined \gdef\putwordsection{section}\fi +\ifx\putwordSection\undefined \gdef\putwordSection{Section}\fi +\ifx\putwordsee\undefined \gdef\putwordsee{see}\fi +\ifx\putwordSee\undefined \gdef\putwordSee{See}\fi +\ifx\putwordShortTOC\undefined \gdef\putwordShortTOC{Short Contents}\fi +\ifx\putwordTOC\undefined \gdef\putwordTOC{Table of Contents}\fi +% +\ifx\putwordMJan\undefined \gdef\putwordMJan{January}\fi +\ifx\putwordMFeb\undefined \gdef\putwordMFeb{February}\fi +\ifx\putwordMMar\undefined \gdef\putwordMMar{March}\fi +\ifx\putwordMApr\undefined \gdef\putwordMApr{April}\fi +\ifx\putwordMMay\undefined \gdef\putwordMMay{May}\fi +\ifx\putwordMJun\undefined \gdef\putwordMJun{June}\fi +\ifx\putwordMJul\undefined \gdef\putwordMJul{July}\fi +\ifx\putwordMAug\undefined \gdef\putwordMAug{August}\fi +\ifx\putwordMSep\undefined \gdef\putwordMSep{September}\fi +\ifx\putwordMOct\undefined \gdef\putwordMOct{October}\fi +\ifx\putwordMNov\undefined \gdef\putwordMNov{November}\fi +\ifx\putwordMDec\undefined \gdef\putwordMDec{December}\fi +% +\ifx\putwordDefmac\undefined \gdef\putwordDefmac{Macro}\fi +\ifx\putwordDefspec\undefined \gdef\putwordDefspec{Special Form}\fi +\ifx\putwordDefvar\undefined \gdef\putwordDefvar{Variable}\fi +\ifx\putwordDefopt\undefined \gdef\putwordDefopt{User Option}\fi +\ifx\putwordDeffunc\undefined \gdef\putwordDeffunc{Function}\fi + +% Give the space character the catcode for a space. +\def\spaceisspace{\catcode`\ =10\relax} + +% Likewise for ^^M, the end of line character. +\def\endlineisspace{\catcode13=10\relax} + +\chardef\dashChar = `\- +\chardef\slashChar = `\/ +\chardef\underChar = `\_ + +% Ignore a token. +% +\def\gobble#1{} + +% The following is used inside several \edef's. +\def\makecsname#1{\expandafter\noexpand\csname#1\endcsname} + +% Hyphenation fixes. +\hyphenation{ + Flor-i-da Ghost-script Ghost-view Mac-OS Post-Script + ap-pen-dix bit-map bit-maps + data-base data-bases eshell fall-ing half-way long-est man-u-script + man-u-scripts mini-buf-fer mini-buf-fers over-view par-a-digm + par-a-digms rath-er rec-tan-gu-lar ro-bot-ics se-vere-ly set-up spa-ces + spell-ing spell-ings + stand-alone strong-est time-stamp time-stamps which-ever white-space + wide-spread wrap-around +} + +% Sometimes it is convenient to have everything in the transcript file +% and nothing on the terminal. We don't just call \tracingall here, +% since that produces some useless output on the terminal. We also make +% some effort to order the tracing commands to reduce output in the log +% file; cf. trace.sty in LaTeX. +% +\def\gloggingall{\begingroup \globaldefs = 1 \loggingall \endgroup}% +\def\loggingall{% + \tracingstats2 + \tracingpages1 + \tracinglostchars2 % 2 gives us more in etex + \tracingparagraphs1 + \tracingoutput1 + \tracingmacros2 + \tracingrestores1 + \showboxbreadth\maxdimen \showboxdepth\maxdimen + \ifx\eTeXversion\thisisundefined\else % etex gives us more logging + \tracingscantokens1 + \tracingifs1 + \tracinggroups1 + \tracingnesting2 + \tracingassigns1 + \fi + \tracingcommands3 % 3 gives us more in etex + \errorcontextlines16 +}% + +% @errormsg{MSG}. Do the index-like expansions on MSG, but if things +% aren't perfect, it's not the end of the world, being an error message, +% after all. +% +\def\errormsg{\begingroup \indexnofonts \doerrormsg} +\def\doerrormsg#1{\errmessage{#1}} + +% add check for \lastpenalty to plain's definitions. If the last thing +% we did was a \nobreak, we don't want to insert more space. +% +\def\smallbreak{\ifnum\lastpenalty<10000\par\ifdim\lastskip<\smallskipamount + \removelastskip\penalty-50\smallskip\fi\fi} +\def\medbreak{\ifnum\lastpenalty<10000\par\ifdim\lastskip<\medskipamount + \removelastskip\penalty-100\medskip\fi\fi} +\def\bigbreak{\ifnum\lastpenalty<10000\par\ifdim\lastskip<\bigskipamount + \removelastskip\penalty-200\bigskip\fi\fi} + +% Output routine +% + +% For a final copy, take out the rectangles +% that mark overfull boxes (in case you have decided +% that the text looks ok even though it passes the margin). +% +\def\finalout{\overfullrule=0pt } + +\newdimen\outerhsize \newdimen\outervsize % set by the paper size routines +\newdimen\topandbottommargin \topandbottommargin=.75in + +% Output a mark which sets \thischapter, \thissection and \thiscolor. +% We dump everything together because we only have one kind of mark. +% This works because we only use \botmark / \topmark, not \firstmark. +% +% A mark contains a subexpression of the \ifcase ... \fi construct. +% \get*marks macros below extract the needed part using \ifcase. +% +% Another complication is to let the user choose whether \thischapter +% (\thissection) refers to the chapter (section) in effect at the top +% of a page, or that at the bottom of a page. + +% \domark is called twice inside \chapmacro, to add one +% mark before the section break, and one after. +% In the second call \prevchapterdefs is the same as \currentchapterdefs, +% and \prevsectiondefs is the same as \currentsectiondefs. +% Then if the page is not broken at the mark, some of the previous +% section appears on the page, and we can get the name of this section +% from \firstmark for @everyheadingmarks top. +% @everyheadingmarks bottom uses \botmark. +% +% See page 260 of The TeXbook. +\def\domark{% + \toks0=\expandafter{\currentchapterdefs}% + \toks2=\expandafter{\currentsectiondefs}% + \toks4=\expandafter{\prevchapterdefs}% + \toks6=\expandafter{\prevsectiondefs}% + \toks8=\expandafter{\currentcolordefs}% + \mark{% + \the\toks0 \the\toks2 % 0: marks for @everyheadingmarks top + \noexpand\or \the\toks4 \the\toks6 % 1: for @everyheadingmarks bottom + \noexpand\else \the\toks8 % 2: color marks + }% +} + +% \gettopheadingmarks, \getbottomheadingmarks, +% \getcolormarks - extract needed part of mark. +% +% \topmark doesn't work for the very first chapter (after the title +% page or the contents), so we use \firstmark there -- this gets us +% the mark with the chapter defs, unless the user sneaks in, e.g., +% @setcolor (or @url, or @link, etc.) between @contents and the very +% first @chapter. +\def\gettopheadingmarks{% + \ifcase0\the\savedtopmark\fi + \ifx\thischapter\empty \ifcase0\firstmark\fi \fi +} +\def\getbottomheadingmarks{\ifcase1\botmark\fi} +\def\getcolormarks{\ifcase2\the\savedtopmark\fi} + +% Avoid "undefined control sequence" errors. +\def\currentchapterdefs{} +\def\currentsectiondefs{} +\def\currentsection{} +\def\prevchapterdefs{} +\def\prevsectiondefs{} +\def\currentcolordefs{} + +% Margin to add to right of even pages, to left of odd pages. +\newdimen\bindingoffset +\newdimen\normaloffset +\newdimen\txipagewidth \newdimen\txipageheight + +% Main output routine. +% +\chardef\PAGE = 255 +\newtoks\defaultoutput +\defaultoutput = {\savetopmark\onepageout{\pagecontents\PAGE}} +\output=\expandafter{\the\defaultoutput} + +\newbox\headlinebox +\newbox\footlinebox + +% When outputting the double column layout for indices, an output routine +% is run several times, which hides the original value of \topmark. This +% can lead to a page heading being output and duplicating the chapter heading +% of the index. Hence, save the contents of \topmark at the beginning of +% the output routine. The saved contents are valid until we actually +% \shipout a page. +% +% (We used to run a short output routine to actually set \topmark and +% \firstmark to the right values, but if this was called with an empty page +% containing whatsits for writing index entries, the whatsits would be thrown +% away and the index auxiliary file would remain empty.) +% +\newtoks\savedtopmark +\newif\iftopmarksaved +\topmarksavedtrue +\def\savetopmark{% + \iftopmarksaved\else + \global\savedtopmark=\expandafter{\topmark}% + \global\topmarksavedtrue + \fi +} + +% \onepageout takes a vbox as an argument. +% \shipout a vbox for a single page, adding an optional header, footer +% and footnote. This also causes index entries for this page to be written +% to the auxiliary files. +% +\def\onepageout#1{% + \hoffset=\normaloffset + % + \ifodd\pageno \advance\hoffset by \bindingoffset + \else \advance\hoffset by -\bindingoffset\fi + % + % Retrieve the information for the headings from the marks in the page, + % and call Plain TeX's \makeheadline and \makefootline, which use the + % values in \headline and \footline. + % + % This is used to check if we are on the first page of a chapter. + \ifcase1\the\savedtopmark\fi + \let\prevchaptername\thischaptername + \ifcase0\firstmark\fi + \let\curchaptername\thischaptername + % + \ifodd\pageno \getoddheadingmarks \else \getevenheadingmarks \fi + % + \ifx\curchaptername\prevchaptername + \let\thischapterheading\thischapter + \else + % \thischapterheading is the same as \thischapter except it is blank + % for the first page of a chapter. This is to prevent the chapter name + % being shown twice. + \def\thischapterheading{}% + \fi + % + % Common context changes for both heading and footing. + % Do this outside of the \shipout so @code etc. will be expanded in + % the headline as they should be, not taken literally (outputting ''code). + \def\commmonheadfootline{\let\hsize=\txipagewidth \texinfochars} + % + \global\setbox\headlinebox = \vbox{\commmonheadfootline \makeheadline}% + % + \ifodd\pageno \getoddfootingmarks \else \getevenfootingmarks \fi + \global\setbox\footlinebox = \vbox{\commmonheadfootline \makefootline}% + % + {% + % Set context for writing to auxiliary files like index files. + % Have to do this stuff outside the \shipout because we want it to + % take effect in \write's, yet the group defined by the \vbox ends + % before the \shipout runs. + % + \atdummies % don't expand commands in the output. + \turnoffactive + \shipout\vbox{% + % Do this early so pdf references go to the beginning of the page. + \ifpdfmakepagedest \pdfdest name{\the\pageno} xyz\fi + % + \unvbox\headlinebox + \pagebody{#1}% + \ifdim\ht\footlinebox > 0pt + % Only leave this space if the footline is nonempty. + % (We lessened \vsize for it in \oddfootingyyy.) + % The \baselineskip=24pt in plain's \makefootline has no effect. + \vskip 24pt + \unvbox\footlinebox + \fi + % + }% + }% + \global\topmarksavedfalse + \advancepageno + \ifnum\outputpenalty>-20000 \else\dosupereject\fi +} + +\newinsert\margin \dimen\margin=\maxdimen + +% Main part of page, including any footnotes +\def\pagebody#1{\vbox to\txipageheight{\boxmaxdepth=\maxdepth #1}} +{\catcode`\@ =11 +\gdef\pagecontents#1{\ifvoid\topins\else\unvbox\topins\fi +% marginal hacks, juha@viisa.uucp (Juha Takala) +\ifvoid\margin\else % marginal info is present + \rlap{\kern\hsize\vbox to\z@{\kern1pt\box\margin \vss}}\fi +\dimen@=\dp#1\relax \unvbox#1\relax +\ifvoid\footins\else\vskip\skip\footins\footnoterule \unvbox\footins\fi +\ifr@ggedbottom \kern-\dimen@ \vfil \fi} +} + + +% Argument parsing + +% Parse an argument, then pass it to #1. The argument is the rest of +% the input line (except we remove a trailing comment). #1 should be a +% macro which expects an ordinary undelimited TeX argument. +% For example, \def\foo{\parsearg\fooxxx}. +% +\def\parsearg{\parseargusing{}} +\def\parseargusing#1#2{% + \def\argtorun{#2}% + \begingroup + \obeylines + \spaceisspace + #1% + \parseargline\empty% Insert the \empty token, see \finishparsearg below. +} + +{\obeylines % + \gdef\parseargline#1^^M{% + \endgroup % End of the group started in \parsearg. + \argremovecomment #1\comment\ArgTerm% + }% +} + +% First remove any @comment, then any @c comment. Pass the result on to +% \argcheckspaces. +\def\argremovecomment#1\comment#2\ArgTerm{\argremovec #1\c\ArgTerm} +\def\argremovec#1\c#2\ArgTerm{\argcheckspaces#1\^^M\ArgTerm} + +% Each occurrence of `\^^M' or `\^^M' is replaced by a single space. +% +% \argremovec might leave us with trailing space, e.g., +% @end itemize @c foo +% This space token undergoes the same procedure and is eventually removed +% by \finishparsearg. +% +\def\argcheckspaces#1\^^M{\argcheckspacesX#1\^^M \^^M} +\def\argcheckspacesX#1 \^^M{\argcheckspacesY#1\^^M} +\def\argcheckspacesY#1\^^M#2\^^M#3\ArgTerm{% + \def\temp{#3}% + \ifx\temp\empty + % Do not use \next, perhaps the caller of \parsearg uses it; reuse \temp: + \let\temp\finishparsearg + \else + \let\temp\argcheckspaces + \fi + % Put the space token in: + \temp#1 #3\ArgTerm +} + +% If a _delimited_ argument is enclosed in braces, they get stripped; so +% to get _exactly_ the rest of the line, we had to prevent such situation. +% We prepended an \empty token at the very beginning and we expand it now, +% just before passing the control to \argtorun. +% (Similarly, we have to think about #3 of \argcheckspacesY above: it is +% either the null string, or it ends with \^^M---thus there is no danger +% that a pair of braces would be stripped. +% +% But first, we have to remove the trailing space token. +% +\def\finishparsearg#1 \ArgTerm{\expandafter\argtorun\expandafter{#1}} + + +% \parseargdef - define a command taking an argument on the line +% +% \parseargdef\foo{...} +% is roughly equivalent to +% \def\foo{\parsearg\Xfoo} +% \def\Xfoo#1{...} +\def\parseargdef#1{% + \expandafter \doparseargdef \csname\string#1\endcsname #1% +} +\def\doparseargdef#1#2{% + \def#2{\parsearg#1}% + \def#1##1% +} + +% Several utility definitions with active space: +{ + \obeyspaces + \gdef\obeyedspace{ } + + % Make each space character in the input produce a normal interword + % space in the output. Don't allow a line break at this space, as this + % is used only in environments like @example, where each line of input + % should produce a line of output anyway. + % + \gdef\sepspaces{\obeyspaces\let =\tie} + + % If an index command is used in an @example environment, any spaces + % therein should become regular spaces in the raw index file, not the + % expansion of \tie (\leavevmode \penalty \@M \ ). + \gdef\unsepspaces{\let =\space} +} + + +\def\flushcr{\ifx\par\lisppar \def\next##1{}\else \let\next=\relax \fi \next} + +% Define the framework for environments in texinfo.tex. It's used like this: +% +% \envdef\foo{...} +% \def\Efoo{...} +% +% It's the responsibility of \envdef to insert \begingroup before the +% actual body; @end closes the group after calling \Efoo. \envdef also +% defines \thisenv, so the current environment is known; @end checks +% whether the environment name matches. The \checkenv macro can also be +% used to check whether the current environment is the one expected. +% +% Non-false conditionals (@iftex, @ifset) don't fit into this, so they +% are not treated as environments; they don't open a group. (The +% implementation of @end takes care not to call \endgroup in this +% special case.) + + +% At run-time, environments start with this: +\def\startenvironment#1{\begingroup\def\thisenv{#1}} +% initialize +\let\thisenv\empty + +% ... but they get defined via ``\envdef\foo{...}'': +\long\def\envdef#1#2{\def#1{\startenvironment#1#2}} +\def\envparseargdef#1#2{\parseargdef#1{\startenvironment#1#2}} + +% Check whether we're in the right environment: +\def\checkenv#1{% + \def\temp{#1}% + \ifx\thisenv\temp + \else + \badenverr + \fi +} + +% Environment mismatch, #1 expected: +\def\badenverr{% + \errhelp = \EMsimple + \errmessage{This command can appear only \inenvironment\temp, + not \inenvironment\thisenv}% +} +\def\inenvironment#1{% + \ifx#1\empty + outside of any environment% + \else + in environment \expandafter\string#1% + \fi +} + +% @end foo executes the definition of \Efoo. +% But first, it executes a specialized version of \checkenv +% +\parseargdef\end{% + \if 1\csname iscond.#1\endcsname + \else + % The general wording of \badenverr may not be ideal. + \expandafter\checkenv\csname#1\endcsname + \csname E#1\endcsname + \endgroup + \fi +} + +\newhelp\EMsimple{Press RETURN to continue.} + + +% Be sure we're in horizontal mode when doing a tie, since we make space +% equivalent to this in @example-like environments. Otherwise, a space +% at the beginning of a line will start with \penalty -- and +% since \penalty is valid in vertical mode, we'd end up putting the +% penalty on the vertical list instead of in the new paragraph. +{\catcode`@ = 11 + % Avoid using \@M directly, because that causes trouble + % if the definition is written into an index file. + \global\let\tiepenalty = \@M + \gdef\tie{\leavevmode\penalty\tiepenalty\ } +} + +% @: forces normal size whitespace following. +\def\:{\spacefactor=1000 } + +% @* forces a line break. +\def\*{\unskip\hfil\break\hbox{}\ignorespaces} + +% @/ allows a line break. +\let\/=\allowbreak + +% @. is an end-of-sentence period. +\def\.{.\spacefactor=\endofsentencespacefactor\space} + +% @! is an end-of-sentence bang. +\def\!{!\spacefactor=\endofsentencespacefactor\space} + +% @? is an end-of-sentence query. +\def\?{?\spacefactor=\endofsentencespacefactor\space} + +% @frenchspacing on|off says whether to put extra space after punctuation. +% +\def\onword{on} +\def\offword{off} +% +\parseargdef\frenchspacing{% + \def\temp{#1}% + \ifx\temp\onword \plainfrenchspacing + \else\ifx\temp\offword \plainnonfrenchspacing + \else + \errhelp = \EMsimple + \errmessage{Unknown @frenchspacing option `\temp', must be on|off}% + \fi\fi +} + +% @w prevents a word break. Without the \leavevmode, @w at the +% beginning of a paragraph, when TeX is still in vertical mode, would +% produce a whole line of output instead of starting the paragraph. +\def\w#1{\leavevmode\hbox{#1}} + +% @group ... @end group forces ... to be all on one page, by enclosing +% it in a TeX vbox. We use \vtop instead of \vbox to construct the box +% to keep its height that of a normal line. According to the rules for +% \topskip (p.114 of the TeXbook), the glue inserted is +% max (\topskip - \ht (first item), 0). If that height is large, +% therefore, no glue is inserted, and the space between the headline and +% the text is small, which looks bad. +% +% Another complication is that the group might be very large. This can +% cause the glue on the previous page to be unduly stretched, because it +% does not have much material. In this case, it's better to add an +% explicit \vfill so that the extra space is at the bottom. The +% threshold for doing this is if the group is more than \vfilllimit +% percent of a page (\vfilllimit can be changed inside of @tex). +% +\newbox\groupbox +\def\vfilllimit{0.7} +% +\envdef\group{% + \ifnum\catcode`\^^M=\active \else + \errhelp = \groupinvalidhelp + \errmessage{@group invalid in context where filling is enabled}% + \fi + \startsavinginserts + % + \setbox\groupbox = \vtop\bgroup + % Do @comment since we are called inside an environment such as + % @example, where each end-of-line in the input causes an + % end-of-line in the output. We don't want the end-of-line after + % the `@group' to put extra space in the output. Since @group + % should appear on a line by itself (according to the Texinfo + % manual), we don't worry about eating any user text. + \comment +} +% +% The \vtop produces a box with normal height and large depth; thus, TeX puts +% \baselineskip glue before it, and (when the next line of text is done) +% \lineskip glue after it. Thus, space below is not quite equal to space +% above. But it's pretty close. +\def\Egroup{% + % To get correct interline space between the last line of the group + % and the first line afterwards, we have to propagate \prevdepth. + \endgraf % Not \par, as it may have been set to \lisppar. + \global\dimen1 = \prevdepth + \egroup % End the \vtop. + \addgroupbox + \prevdepth = \dimen1 + \checkinserts +} + +\def\addgroupbox{ + % \dimen0 is the vertical size of the group's box. + \dimen0 = \ht\groupbox \advance\dimen0 by \dp\groupbox + % \dimen2 is how much space is left on the page (more or less). + \dimen2 = \txipageheight \advance\dimen2 by -\pagetotal + % if the group doesn't fit on the current page, and it's a big big + % group, force a page break. + \ifdim \dimen0 > \dimen2 + \ifdim \pagetotal < \vfilllimit\txipageheight + \page + \fi + \fi + \box\groupbox +} + +% +% TeX puts in an \escapechar (i.e., `@') at the beginning of the help +% message, so this ends up printing `@group can only ...'. +% +\newhelp\groupinvalidhelp{% +group can only be used in environments such as @example,^^J% +where each line of input produces a line of output.} + +% @need space-in-mils +% forces a page break if there is not space-in-mils remaining. + +\newdimen\mil \mil=0.001in + +\parseargdef\need{% + % Ensure vertical mode, so we don't make a big box in the middle of a + % paragraph. + \par + % + % If the @need value is less than one line space, it's useless. + \dimen0 = #1\mil + \dimen2 = \ht\strutbox + \advance\dimen2 by \dp\strutbox + \ifdim\dimen0 > \dimen2 + % + % Do a \strut just to make the height of this box be normal, so the + % normal leading is inserted relative to the preceding line. + % And a page break here is fine. + \vtop to #1\mil{\strut\vfil}% + % + % TeX does not even consider page breaks if a penalty added to the + % main vertical list is 10000 or more. But in order to see if the + % empty box we just added fits on the page, we must make it consider + % page breaks. On the other hand, we don't want to actually break the + % page after the empty box. So we use a penalty of 9999. + % + % There is an extremely small chance that TeX will actually break the + % page at this \penalty, if there are no other feasible breakpoints in + % sight. (If the user is using lots of big @group commands, which + % almost-but-not-quite fill up a page, TeX will have a hard time doing + % good page breaking, for example.) However, I could not construct an + % example where a page broke at this \penalty; if it happens in a real + % document, then we can reconsider our strategy. + \penalty9999 + % + % Back up by the size of the box, whether we did a page break or not. + \kern -#1\mil + % + % Do not allow a page break right after this kern. + \nobreak + \fi +} + +% @br forces paragraph break (and is undocumented). + +\let\br = \par + +% @page forces the start of a new page. +% +\def\page{\par\vfill\supereject} + +% @exdent text.... +% outputs text on separate line in roman font, starting at standard page margin + +% This records the amount of indent in the innermost environment. +% That's how much \exdent should take out. +\newskip\exdentamount + +% This defn is used inside fill environments such as @defun. +\parseargdef\exdent{\hfil\break\hbox{\kern -\exdentamount{\rm#1}}\hfil\break} + +% This defn is used inside nofill environments such as @example. +\parseargdef\nofillexdent{{\advance \leftskip by -\exdentamount + \leftline{\hskip\leftskip{\rm#1}}}} + +% @inmargin{WHICH}{TEXT} puts TEXT in the WHICH margin next to the current +% paragraph. For more general purposes, use the \margin insertion +% class. WHICH is `l' or `r'. Not documented, written for gawk manual. +% +\newskip\inmarginspacing \inmarginspacing=1cm +\def\strutdepth{\dp\strutbox} +% +\def\doinmargin#1#2{\strut\vadjust{% + \nobreak + \kern-\strutdepth + \vtop to \strutdepth{% + \baselineskip=\strutdepth + \vss + % if you have multiple lines of stuff to put here, you'll need to + % make the vbox yourself of the appropriate size. + \ifx#1l% + \llap{\ignorespaces #2\hskip\inmarginspacing}% + \else + \rlap{\hskip\hsize \hskip\inmarginspacing \ignorespaces #2}% + \fi + \null + }% +}} +\def\inleftmargin{\doinmargin l} +\def\inrightmargin{\doinmargin r} +% +% @inmargin{TEXT [, RIGHT-TEXT]} +% (if RIGHT-TEXT is given, use TEXT for left page, RIGHT-TEXT for right; +% else use TEXT for both). +% +\def\inmargin#1{\parseinmargin #1,,\finish} +\def\parseinmargin#1,#2,#3\finish{% not perfect, but better than nothing. + \setbox0 = \hbox{\ignorespaces #2}% + \ifdim\wd0 > 0pt + \def\lefttext{#1}% have both texts + \def\righttext{#2}% + \else + \def\lefttext{#1}% have only one text + \def\righttext{#1}% + \fi + % + \ifodd\pageno + \def\temp{\inrightmargin\righttext}% odd page -> outside is right margin + \else + \def\temp{\inleftmargin\lefttext}% + \fi + \temp +} + +% @include FILE -- \input text of FILE. +% +\def\include{\parseargusing\filenamecatcodes\includezzz} +\def\includezzz#1{% + \pushthisfilestack + \def\thisfile{#1}% + {% + \makevalueexpandable % we want to expand any @value in FILE. + \turnoffactive % and allow special characters in the expansion + \indexnofonts % Allow `@@' and other weird things in file names. + \wlog{texinfo.tex: doing @include of #1^^J}% + \edef\temp{\noexpand\input #1 }% + % + % This trickery is to read FILE outside of a group, in case it makes + % definitions, etc. + \expandafter + }\temp + \popthisfilestack +} +\def\filenamecatcodes{% + \catcode`\\=\other + \catcode`~=\other + \catcode`^=\other + \catcode`_=\other + \catcode`|=\other + \catcode`<=\other + \catcode`>=\other + \catcode`+=\other + \catcode`-=\other + \catcode`\`=\other + \catcode`\'=\other +} + +\def\pushthisfilestack{% + \expandafter\pushthisfilestackX\popthisfilestack\StackTerm +} +\def\pushthisfilestackX{% + \expandafter\pushthisfilestackY\thisfile\StackTerm +} +\def\pushthisfilestackY #1\StackTerm #2\StackTerm {% + \gdef\popthisfilestack{\gdef\thisfile{#1}\gdef\popthisfilestack{#2}}% +} + +\def\popthisfilestack{\errthisfilestackempty} +\def\errthisfilestackempty{\errmessage{Internal error: + the stack of filenames is empty.}} +% +\def\thisfile{} + +% @center line +% outputs that line, centered. +% +\parseargdef\center{% + \ifhmode + \let\centersub\centerH + \else + \let\centersub\centerV + \fi + \centersub{\hfil \ignorespaces#1\unskip \hfil}% + \let\centersub\relax % don't let the definition persist, just in case +} +\def\centerH#1{{% + \hfil\break + \advance\hsize by -\leftskip + \advance\hsize by -\rightskip + \line{#1}% + \break +}} +% +\newcount\centerpenalty +\def\centerV#1{% + % The idea here is the same as in \startdefun, \cartouche, etc.: if + % @center is the first thing after a section heading, we need to wipe + % out the negative parskip inserted by \sectionheading, but still + % prevent a page break here. + \centerpenalty = \lastpenalty + \ifnum\centerpenalty>10000 \vskip\parskip \fi + \ifnum\centerpenalty>9999 \penalty\centerpenalty \fi + \line{\kern\leftskip #1\kern\rightskip}% +} + +% @sp n outputs n lines of vertical space +% +\parseargdef\sp{\vskip #1\baselineskip} + +% @comment ...line which is ignored... +% @c is the same as @comment +% @ignore ... @end ignore is another way to write a comment + + +\def\c{\begingroup \catcode`\^^M=\active% +\catcode`\@=\other \catcode`\{=\other \catcode`\}=\other% +\cxxx} +{\catcode`\^^M=\active \gdef\cxxx#1^^M{\endgroup}} +% +\let\comment\c + +% @paragraphindent NCHARS +% We'll use ems for NCHARS, close enough. +% NCHARS can also be the word `asis' or `none'. +% We cannot feasibly implement @paragraphindent asis, though. +% +\def\asisword{asis} % no translation, these are keywords +\def\noneword{none} +% +\parseargdef\paragraphindent{% + \def\temp{#1}% + \ifx\temp\asisword + \else + \ifx\temp\noneword + \defaultparindent = 0pt + \else + \defaultparindent = #1em + \fi + \fi + \parindent = \defaultparindent +} + +% @exampleindent NCHARS +% We'll use ems for NCHARS like @paragraphindent. +% It seems @exampleindent asis isn't necessary, but +% I preserve it to make it similar to @paragraphindent. +\parseargdef\exampleindent{% + \def\temp{#1}% + \ifx\temp\asisword + \else + \ifx\temp\noneword + \lispnarrowing = 0pt + \else + \lispnarrowing = #1em + \fi + \fi +} + +% @firstparagraphindent WORD +% If WORD is `none', then suppress indentation of the first paragraph +% after a section heading. If WORD is `insert', then do indent at such +% paragraphs. +% +% The paragraph indentation is suppressed or not by calling +% \suppressfirstparagraphindent, which the sectioning commands do. +% We switch the definition of this back and forth according to WORD. +% By default, we suppress indentation. +% +\def\suppressfirstparagraphindent{\dosuppressfirstparagraphindent} +\def\insertword{insert} +% +\parseargdef\firstparagraphindent{% + \def\temp{#1}% + \ifx\temp\noneword + \let\suppressfirstparagraphindent = \dosuppressfirstparagraphindent + \else\ifx\temp\insertword + \let\suppressfirstparagraphindent = \relax + \else + \errhelp = \EMsimple + \errmessage{Unknown @firstparagraphindent option `\temp'}% + \fi\fi +} + +% Here is how we actually suppress indentation. Redefine \everypar to +% \kern backwards by \parindent, and then reset itself to empty. +% +% We also make \indent itself not actually do anything until the next +% paragraph. +% +\gdef\dosuppressfirstparagraphindent{% + \gdef\indent {\restorefirstparagraphindent \indent}% + \gdef\noindent{\restorefirstparagraphindent \noindent}% + \global\everypar = {\kern -\parindent \restorefirstparagraphindent}% +} +% +\gdef\restorefirstparagraphindent{% + \global\let\indent = \ptexindent + \global\let\noindent = \ptexnoindent + \global\everypar = {}% +} + + +% @refill is a no-op. +\let\refill=\relax + +% @setfilename INFO-FILENAME - ignored +\let\setfilename=\comment + +% @bye. +\outer\def\bye{\pagealignmacro\tracingstats=1\ptexend} + + +\message{pdf,} +% adobe `portable' document format +\newcount\tempnum +\newcount\lnkcount +\newtoks\filename +\newcount\filenamelength +\newcount\pgn +\newtoks\toksA +\newtoks\toksB +\newtoks\toksC +\newtoks\toksD +\newbox\boxA +\newbox\boxB +\newcount\countA +\newif\ifpdf +\newif\ifpdfmakepagedest + +% +% For LuaTeX +% + +\newif\iftxiuseunicodedestname +\txiuseunicodedestnamefalse % For pdfTeX etc. + +\ifx\luatexversion\thisisundefined +\else + % Use Unicode destination names + \txiuseunicodedestnametrue + % Escape PDF strings with converting UTF-16 from UTF-8 + \begingroup + \catcode`\%=12 + \directlua{ + function UTF16oct(str) + tex.sprint(string.char(0x5c) .. '376' .. string.char(0x5c) .. '377') + for c in string.utfvalues(str) do + if c < 0x10000 then + tex.sprint( + string.format(string.char(0x5c) .. string.char(0x25) .. '03o' .. + string.char(0x5c) .. string.char(0x25) .. '03o', + (c / 256), (c % 256))) + else + c = c - 0x10000 + local c_hi = c / 1024 + 0xd800 + local c_lo = c % 1024 + 0xdc00 + tex.sprint( + string.format(string.char(0x5c) .. string.char(0x25) .. '03o' .. + string.char(0x5c) .. string.char(0x25) .. '03o' .. + string.char(0x5c) .. string.char(0x25) .. '03o' .. + string.char(0x5c) .. string.char(0x25) .. '03o', + (c_hi / 256), (c_hi % 256), + (c_lo / 256), (c_lo % 256))) + end + end + end + } + \endgroup + \def\pdfescapestrutfsixteen#1{\directlua{UTF16oct('\luaescapestring{#1}')}} + % Escape PDF strings without converting + \begingroup + \directlua{ + function PDFescstr(str) + for c in string.bytes(str) do + if c <= 0x20 or c >= 0x80 or c == 0x28 or c == 0x29 or c == 0x5c then + tex.sprint( + string.format(string.char(0x5c) .. string.char(0x25) .. '03o', + c)) + else + tex.sprint(string.char(c)) + end + end + end + } + \endgroup + \def\pdfescapestring#1{\directlua{PDFescstr('\luaescapestring{#1}')}} + \ifnum\luatexversion>84 + % For LuaTeX >= 0.85 + \def\pdfdest{\pdfextension dest} + \let\pdfoutput\outputmode + \def\pdfliteral{\pdfextension literal} + \def\pdfcatalog{\pdfextension catalog} + \def\pdftexversion{\numexpr\pdffeedback version\relax} + \let\pdfximage\saveimageresource + \let\pdfrefximage\useimageresource + \let\pdflastximage\lastsavedimageresourceindex + \def\pdfendlink{\pdfextension endlink\relax} + \def\pdfoutline{\pdfextension outline} + \def\pdfstartlink{\pdfextension startlink} + \def\pdffontattr{\pdfextension fontattr} + \def\pdfobj{\pdfextension obj} + \def\pdflastobj{\numexpr\pdffeedback lastobj\relax} + \let\pdfpagewidth\pagewidth + \let\pdfpageheight\pageheight + \edef\pdfhorigin{\pdfvariable horigin} + \edef\pdfvorigin{\pdfvariable vorigin} + \fi +\fi + +% when pdftex is run in dvi mode, \pdfoutput is defined (so \pdfoutput=1 +% can be set). So we test for \relax and 0 as well as being undefined. +\ifx\pdfoutput\thisisundefined +\else + \ifx\pdfoutput\relax + \else + \ifcase\pdfoutput + \else + \pdftrue + \fi + \fi +\fi + +\newif\ifpdforxetex +\pdforxetexfalse +\ifpdf + \pdforxetextrue +\fi +\ifx\XeTeXrevision\thisisundefined\else + \pdforxetextrue +\fi + + +% PDF uses PostScript string constants for the names of xref targets, +% for display in the outlines, and in other places. Thus, we have to +% double any backslashes. Otherwise, a name like "\node" will be +% interpreted as a newline (\n), followed by o, d, e. Not good. +% +% See http://www.ntg.nl/pipermail/ntg-pdftex/2004-July/000654.html and +% related messages. The final outcome is that it is up to the TeX user +% to double the backslashes and otherwise make the string valid, so +% that's what we do. pdftex 1.30.0 (ca.2005) introduced a primitive to +% do this reliably, so we use it. + +% #1 is a control sequence in which to do the replacements, +% which we \xdef. +\def\txiescapepdf#1{% + \ifx\pdfescapestring\thisisundefined + % No primitive available; should we give a warning or log? + % Many times it won't matter. + \xdef#1{#1}% + \else + % The expandable \pdfescapestring primitive escapes parentheses, + % backslashes, and other special chars. + \xdef#1{\pdfescapestring{#1}}% + \fi +} +\def\txiescapepdfutfsixteen#1{% + \ifx\pdfescapestrutfsixteen\thisisundefined + % No UTF-16 converting macro available. + \txiescapepdf{#1}% + \else + \xdef#1{\pdfescapestrutfsixteen{#1}}% + \fi +} + +\newhelp\nopdfimagehelp{Texinfo supports .png, .jpg, .jpeg, and .pdf images +with PDF output, and none of those formats could be found. (.eps cannot +be supported due to the design of the PDF format; use regular TeX (DVI +output) for that.)} + +\ifpdf + % + % Color manipulation macros using ideas from pdfcolor.tex, + % except using rgb instead of cmyk; the latter is said to render as a + % very dark gray on-screen and a very dark halftone in print, instead + % of actual black. The dark red here is dark enough to print on paper as + % nearly black, but still distinguishable for online viewing. We use + % black by default, though. + \def\rgbDarkRed{0.50 0.09 0.12} + \def\rgbBlack{0 0 0} + % + % rg sets the color for filling (usual text, etc.); + % RG sets the color for stroking (thin rules, e.g., normal _'s). + \def\pdfsetcolor#1{\pdfliteral{#1 rg #1 RG}} + % + % Set color, and create a mark which defines \thiscolor accordingly, + % so that \makeheadline knows which color to restore. + \def\setcolor#1{% + \xdef\currentcolordefs{\gdef\noexpand\thiscolor{#1}}% + \domark + \pdfsetcolor{#1}% + } + % + \def\maincolor{\rgbBlack} + \pdfsetcolor{\maincolor} + \edef\thiscolor{\maincolor} + \def\currentcolordefs{} + % + \def\makefootline{% + \baselineskip24pt + \line{\pdfsetcolor{\maincolor}\the\footline}% + } + % + \def\makeheadline{% + \vbox to 0pt{% + \vskip-22.5pt + \line{% + \vbox to8.5pt{}% + % Extract \thiscolor definition from the marks. + \getcolormarks + % Typeset the headline with \maincolor, then restore the color. + \pdfsetcolor{\maincolor}\the\headline\pdfsetcolor{\thiscolor}% + }% + \vss + }% + \nointerlineskip + } + % + % + \pdfcatalog{/PageMode /UseOutlines} + % + % #1 is image name, #2 width (might be empty/whitespace), #3 height (ditto). + \def\dopdfimage#1#2#3{% + \def\pdfimagewidth{#2}\setbox0 = \hbox{\ignorespaces #2}% + \def\pdfimageheight{#3}\setbox2 = \hbox{\ignorespaces #3}% + % + % pdftex (and the PDF format) support .pdf, .png, .jpg (among + % others). Let's try in that order, PDF first since if + % someone has a scalable image, presumably better to use that than a + % bitmap. + \let\pdfimgext=\empty + \begingroup + \openin 1 #1.pdf \ifeof 1 + \openin 1 #1.PDF \ifeof 1 + \openin 1 #1.png \ifeof 1 + \openin 1 #1.jpg \ifeof 1 + \openin 1 #1.jpeg \ifeof 1 + \openin 1 #1.JPG \ifeof 1 + \errhelp = \nopdfimagehelp + \errmessage{Could not find image file #1 for pdf}% + \else \gdef\pdfimgext{JPG}% + \fi + \else \gdef\pdfimgext{jpeg}% + \fi + \else \gdef\pdfimgext{jpg}% + \fi + \else \gdef\pdfimgext{png}% + \fi + \else \gdef\pdfimgext{PDF}% + \fi + \else \gdef\pdfimgext{pdf}% + \fi + \closein 1 + \endgroup + % + % without \immediate, ancient pdftex seg faults when the same image is + % included twice. (Version 3.14159-pre-1.0-unofficial-20010704.) + \ifnum\pdftexversion < 14 + \immediate\pdfimage + \else + \immediate\pdfximage + \fi + \ifdim \wd0 >0pt width \pdfimagewidth \fi + \ifdim \wd2 >0pt height \pdfimageheight \fi + \ifnum\pdftexversion<13 + #1.\pdfimgext + \else + {#1.\pdfimgext}% + \fi + \ifnum\pdftexversion < 14 \else + \pdfrefximage \pdflastximage + \fi} + % + \def\setpdfdestname#1{{% + % We have to set dummies so commands such as @code, and characters + % such as \, aren't expanded when present in a section title. + \indexnofonts + \makevalueexpandable + \turnoffactive + \iftxiuseunicodedestname + \ifx \declaredencoding \latone + % Pass through Latin-1 characters. + % LuaTeX with byte wise I/O converts Latin-1 characters to Unicode. + \else + \ifx \declaredencoding \utfeight + % Pass through Unicode characters. + \else + % Use ASCII approximations in destination names. + \passthroughcharsfalse + \fi + \fi + \else + % Use ASCII approximations in destination names. + \passthroughcharsfalse + \fi + \def\pdfdestname{#1}% + \txiescapepdf\pdfdestname + }} + % + \def\setpdfoutlinetext#1{{% + \indexnofonts + \makevalueexpandable + \turnoffactive + \ifx \declaredencoding \latone + % The PDF format can use an extended form of Latin-1 in bookmark + % strings. See Appendix D of the PDF Reference, Sixth Edition, for + % the "PDFDocEncoding". + \passthroughcharstrue + % Pass through Latin-1 characters. + % LuaTeX: Convert to Unicode + % pdfTeX: Use Latin-1 as PDFDocEncoding + \def\pdfoutlinetext{#1}% + \else + \ifx \declaredencoding \utfeight + \ifx\luatexversion\thisisundefined + % For pdfTeX with UTF-8. + % TODO: the PDF format can use UTF-16 in bookmark strings, + % but the code for this isn't done yet. + % Use ASCII approximations. + \passthroughcharsfalse + \def\pdfoutlinetext{#1}% + \else + % For LuaTeX with UTF-8. + % Pass through Unicode characters for title texts. + \passthroughcharstrue + \def\pdfoutlinetext{#1}% + \fi + \else + % For non-Latin-1 or non-UTF-8 encodings. + % Use ASCII approximations. + \passthroughcharsfalse + \def\pdfoutlinetext{#1}% + \fi + \fi + % LuaTeX: Convert to UTF-16 + % pdfTeX: Use Latin-1 as PDFDocEncoding + \txiescapepdfutfsixteen\pdfoutlinetext + }} + % + \def\pdfmkdest#1{% + \setpdfdestname{#1}% + \safewhatsit{\pdfdest name{\pdfdestname} xyz}% + } + % + % used to mark target names; must be expandable. + \def\pdfmkpgn#1{#1} + % + % by default, use black for everything. + \def\urlcolor{\rgbBlack} + \def\linkcolor{\rgbBlack} + \def\endlink{\setcolor{\maincolor}\pdfendlink} + % + % Adding outlines to PDF; macros for calculating structure of outlines + % come from Petr Olsak + \def\expnumber#1{\expandafter\ifx\csname#1\endcsname\relax 0% + \else \csname#1\endcsname \fi} + \def\advancenumber#1{\tempnum=\expnumber{#1}\relax + \advance\tempnum by 1 + \expandafter\xdef\csname#1\endcsname{\the\tempnum}} + % + % #1 is the section text, which is what will be displayed in the + % outline by the pdf viewer. #2 is the pdf expression for the number + % of subentries (or empty, for subsubsections). #3 is the node text, + % which might be empty if this toc entry had no corresponding node. + % #4 is the page number + % + \def\dopdfoutline#1#2#3#4{% + % Generate a link to the node text if that exists; else, use the + % page number. We could generate a destination for the section + % text in the case where a section has no node, but it doesn't + % seem worth the trouble, since most documents are normally structured. + \setpdfoutlinetext{#1} + \setpdfdestname{#3} + \ifx\pdfdestname\empty + \def\pdfdestname{#4}% + \fi + % + \pdfoutline goto name{\pdfmkpgn{\pdfdestname}}#2{\pdfoutlinetext}% + } + % + \def\pdfmakeoutlines{% + \begingroup + % Read toc silently, to get counts of subentries for \pdfoutline. + \def\partentry##1##2##3##4{}% ignore parts in the outlines + \def\numchapentry##1##2##3##4{% + \def\thischapnum{##2}% + \def\thissecnum{0}% + \def\thissubsecnum{0}% + }% + \def\numsecentry##1##2##3##4{% + \advancenumber{chap\thischapnum}% + \def\thissecnum{##2}% + \def\thissubsecnum{0}% + }% + \def\numsubsecentry##1##2##3##4{% + \advancenumber{sec\thissecnum}% + \def\thissubsecnum{##2}% + }% + \def\numsubsubsecentry##1##2##3##4{% + \advancenumber{subsec\thissubsecnum}% + }% + \def\thischapnum{0}% + \def\thissecnum{0}% + \def\thissubsecnum{0}% + % + % use \def rather than \let here because we redefine \chapentry et + % al. a second time, below. + \def\appentry{\numchapentry}% + \def\appsecentry{\numsecentry}% + \def\appsubsecentry{\numsubsecentry}% + \def\appsubsubsecentry{\numsubsubsecentry}% + \def\unnchapentry{\numchapentry}% + \def\unnsecentry{\numsecentry}% + \def\unnsubsecentry{\numsubsecentry}% + \def\unnsubsubsecentry{\numsubsubsecentry}% + \readdatafile{toc}% + % + % Read toc second time, this time actually producing the outlines. + % The `-' means take the \expnumber as the absolute number of + % subentries, which we calculated on our first read of the .toc above. + % + % We use the node names as the destinations. + \def\numchapentry##1##2##3##4{% + \dopdfoutline{##1}{count-\expnumber{chap##2}}{##3}{##4}}% + \def\numsecentry##1##2##3##4{% + \dopdfoutline{##1}{count-\expnumber{sec##2}}{##3}{##4}}% + \def\numsubsecentry##1##2##3##4{% + \dopdfoutline{##1}{count-\expnumber{subsec##2}}{##3}{##4}}% + \def\numsubsubsecentry##1##2##3##4{% count is always zero + \dopdfoutline{##1}{}{##3}{##4}}% + % + % PDF outlines are displayed using system fonts, instead of + % document fonts. Therefore we cannot use special characters, + % since the encoding is unknown. For example, the eogonek from + % Latin 2 (0xea) gets translated to a | character. Info from + % Staszek Wawrykiewicz, 19 Jan 2004 04:09:24 +0100. + % + % TODO this right, we have to translate 8-bit characters to + % their "best" equivalent, based on the @documentencoding. Too + % much work for too little return. Just use the ASCII equivalents + % we use for the index sort strings. + % + \indexnofonts + \setupdatafile + % We can have normal brace characters in the PDF outlines, unlike + % Texinfo index files. So set that up. + \def\{{\lbracecharliteral}% + \def\}{\rbracecharliteral}% + \catcode`\\=\active \otherbackslash + \input \tocreadfilename + \endgroup + } + {\catcode`[=1 \catcode`]=2 + \catcode`{=\other \catcode`}=\other + \gdef\lbracecharliteral[{]% + \gdef\rbracecharliteral[}]% + ] + % + \def\skipspaces#1{\def\PP{#1}\def\D{|}% + \ifx\PP\D\let\nextsp\relax + \else\let\nextsp\skipspaces + \addtokens{\filename}{\PP}% + \advance\filenamelength by 1 + \fi + \nextsp} + \def\getfilename#1{% + \filenamelength=0 + % If we don't expand the argument now, \skipspaces will get + % snagged on things like "@value{foo}". + \edef\temp{#1}% + \expandafter\skipspaces\temp|\relax + } + \ifnum\pdftexversion < 14 + \let \startlink \pdfannotlink + \else + \let \startlink \pdfstartlink + \fi + % make a live url in pdf output. + \def\pdfurl#1{% + \begingroup + % it seems we really need yet another set of dummies; have not + % tried to figure out what each command should do in the context + % of @url. for now, just make @/ a no-op, that's the only one + % people have actually reported a problem with. + % + \normalturnoffactive + \def\@{@}% + \let\/=\empty + \makevalueexpandable + % do we want to go so far as to use \indexnofonts instead of just + % special-casing \var here? + \def\var##1{##1}% + % + \leavevmode\setcolor{\urlcolor}% + \startlink attr{/Border [0 0 0]}% + user{/Subtype /Link /A << /S /URI /URI (#1) >>}% + \endgroup} + % \pdfgettoks - Surround page numbers in #1 with @pdflink. #1 may + % be a simple number, or a list of numbers in the case of an index + % entry. + \def\pdfgettoks#1.{\setbox\boxA=\hbox{\toksA={#1.}\toksB={}\maketoks}} + \def\addtokens#1#2{\edef\addtoks{\noexpand#1={\the#1#2}}\addtoks} + \def\adn#1{\addtokens{\toksC}{#1}\global\countA=1\let\next=\maketoks} + \def\poptoks#1#2|ENDTOKS|{\let\first=#1\toksD={#1}\toksA={#2}} + \def\maketoks{% + \expandafter\poptoks\the\toksA|ENDTOKS|\relax + \ifx\first0\adn0 + \else\ifx\first1\adn1 \else\ifx\first2\adn2 \else\ifx\first3\adn3 + \else\ifx\first4\adn4 \else\ifx\first5\adn5 \else\ifx\first6\adn6 + \else\ifx\first7\adn7 \else\ifx\first8\adn8 \else\ifx\first9\adn9 + \else + \ifnum0=\countA\else\makelink\fi + \ifx\first.\let\next=\done\else + \let\next=\maketoks + \addtokens{\toksB}{\the\toksD} + \ifx\first,\addtokens{\toksB}{\space}\fi + \fi + \fi\fi\fi\fi\fi\fi\fi\fi\fi\fi + \next} + \def\makelink{\addtokens{\toksB}% + {\noexpand\pdflink{\the\toksC}}\toksC={}\global\countA=0} + \def\pdflink#1{% + \startlink attr{/Border [0 0 0]} goto name{\pdfmkpgn{#1}} + \setcolor{\linkcolor}#1\endlink} + \def\done{\edef\st{\global\noexpand\toksA={\the\toksB}}\st} +\else + % non-pdf mode + \let\pdfmkdest = \gobble + \let\pdfurl = \gobble + \let\endlink = \relax + \let\setcolor = \gobble + \let\pdfsetcolor = \gobble + \let\pdfmakeoutlines = \relax +\fi % \ifx\pdfoutput + +% +% For XeTeX +% +\ifx\XeTeXrevision\thisisundefined +\else + % + % XeTeX version check + % + \ifnum\strcmp{\the\XeTeXversion\XeTeXrevision}{0.99996}>-1 + % TeX Live 2016 contains XeTeX 0.99996 and xdvipdfmx 20160307. + % It can use the `dvipdfmx:config' special (from TeX Live SVN r40941). + % For avoiding PDF destination name replacement, we use this special + % instead of xdvipdfmx's command line option `-C 0x0010'. + \special{dvipdfmx:config C 0x0010} + % XeTeX 0.99995+ comes with xdvipdfmx 20160307+. + % It can handle Unicode destination names for PDF. + \txiuseunicodedestnametrue + \else + % XeTeX < 0.99996 (TeX Live < 2016) cannot use the + % `dvipdfmx:config' special. + % So for avoiding PDF destination name replacement, + % xdvipdfmx's command line option `-C 0x0010' is necessary. + % + % XeTeX < 0.99995 can not handle Unicode destination names for PDF + % because xdvipdfmx 20150315 has a UTF-16 conversion issue. + % It is fixed by xdvipdfmx 20160106 (TeX Live SVN r39753). + \txiuseunicodedestnamefalse + \fi + % + % Color support + % + \def\rgbDarkRed{0.50 0.09 0.12} + \def\rgbBlack{0 0 0} + % + \def\pdfsetcolor#1{\special{pdf:scolor [#1]}} + % + % Set color, and create a mark which defines \thiscolor accordingly, + % so that \makeheadline knows which color to restore. + \def\setcolor#1{% + \xdef\currentcolordefs{\gdef\noexpand\thiscolor{#1}}% + \domark + \pdfsetcolor{#1}% + } + % + \def\maincolor{\rgbBlack} + \pdfsetcolor{\maincolor} + \edef\thiscolor{\maincolor} + \def\currentcolordefs{} + % + \def\makefootline{% + \baselineskip24pt + \line{\pdfsetcolor{\maincolor}\the\footline}% + } + % + \def\makeheadline{% + \vbox to 0pt{% + \vskip-22.5pt + \line{% + \vbox to8.5pt{}% + % Extract \thiscolor definition from the marks. + \getcolormarks + % Typeset the headline with \maincolor, then restore the color. + \pdfsetcolor{\maincolor}\the\headline\pdfsetcolor{\thiscolor}% + }% + \vss + }% + \nointerlineskip + } + % + % PDF outline support + % + % Emulate pdfTeX primitive + \def\pdfdest name#1 xyz{% + \special{pdf:dest (#1) [@thispage /XYZ @xpos @ypos null]}% + } + % + \def\setpdfdestname#1{{% + % We have to set dummies so commands such as @code, and characters + % such as \, aren't expanded when present in a section title. + \indexnofonts + \makevalueexpandable + \turnoffactive + \iftxiuseunicodedestname + % Pass through Unicode characters. + \else + % Use ASCII approximations in destination names. + \passthroughcharsfalse + \fi + \def\pdfdestname{#1}% + \txiescapepdf\pdfdestname + }} + % + \def\setpdfoutlinetext#1{{% + \turnoffactive + % Always use Unicode characters in title texts. + \def\pdfoutlinetext{#1}% + % For XeTeX, xdvipdfmx converts to UTF-16. + % So we do not convert. + \txiescapepdf\pdfoutlinetext + }} + % + \def\pdfmkdest#1{% + \setpdfdestname{#1}% + \safewhatsit{\pdfdest name{\pdfdestname} xyz}% + } + % + % by default, use black for everything. + \def\urlcolor{\rgbBlack} + \def\linkcolor{\rgbBlack} + \def\endlink{\setcolor{\maincolor}\pdfendlink} + % + \def\dopdfoutline#1#2#3#4{% + \setpdfoutlinetext{#1} + \setpdfdestname{#3} + \ifx\pdfdestname\empty + \def\pdfdestname{#4}% + \fi + % + \special{pdf:out [-] #2 << /Title (\pdfoutlinetext) /A + << /S /GoTo /D (\pdfdestname) >> >> }% + } + % + \def\pdfmakeoutlines{% + \begingroup + % + % For XeTeX, counts of subentries are not necessary. + % Therefore, we read toc only once. + % + % We use node names as destinations. + \def\partentry##1##2##3##4{}% ignore parts in the outlines + \def\numchapentry##1##2##3##4{% + \dopdfoutline{##1}{1}{##3}{##4}}% + \def\numsecentry##1##2##3##4{% + \dopdfoutline{##1}{2}{##3}{##4}}% + \def\numsubsecentry##1##2##3##4{% + \dopdfoutline{##1}{3}{##3}{##4}}% + \def\numsubsubsecentry##1##2##3##4{% + \dopdfoutline{##1}{4}{##3}{##4}}% + % + \let\appentry\numchapentry% + \let\appsecentry\numsecentry% + \let\appsubsecentry\numsubsecentry% + \let\appsubsubsecentry\numsubsubsecentry% + \let\unnchapentry\numchapentry% + \let\unnsecentry\numsecentry% + \let\unnsubsecentry\numsubsecentry% + \let\unnsubsubsecentry\numsubsubsecentry% + % + % For XeTeX, xdvipdfmx converts strings to UTF-16. + % Therefore, the encoding and the language may not be considered. + % + \indexnofonts + \setupdatafile + % We can have normal brace characters in the PDF outlines, unlike + % Texinfo index files. So set that up. + \def\{{\lbracecharliteral}% + \def\}{\rbracecharliteral}% + \catcode`\\=\active \otherbackslash + \input \tocreadfilename + \endgroup + } + {\catcode`[=1 \catcode`]=2 + \catcode`{=\other \catcode`}=\other + \gdef\lbracecharliteral[{]% + \gdef\rbracecharliteral[}]% + ] + + \special{pdf:docview << /PageMode /UseOutlines >> } + % ``\special{pdf:tounicode ...}'' is not necessary + % because xdvipdfmx converts strings from UTF-8 to UTF-16 without it. + % However, due to a UTF-16 conversion issue of xdvipdfmx 20150315, + % ``\special{pdf:dest ...}'' cannot handle non-ASCII strings. + % It is fixed by xdvipdfmx 20160106 (TeX Live SVN r39753). +% + \def\skipspaces#1{\def\PP{#1}\def\D{|}% + \ifx\PP\D\let\nextsp\relax + \else\let\nextsp\skipspaces + \addtokens{\filename}{\PP}% + \advance\filenamelength by 1 + \fi + \nextsp} + \def\getfilename#1{% + \filenamelength=0 + % If we don't expand the argument now, \skipspaces will get + % snagged on things like "@value{foo}". + \edef\temp{#1}% + \expandafter\skipspaces\temp|\relax + } + % make a live url in pdf output. + \def\pdfurl#1{% + \begingroup + % it seems we really need yet another set of dummies; have not + % tried to figure out what each command should do in the context + % of @url. for now, just make @/ a no-op, that's the only one + % people have actually reported a problem with. + % + \normalturnoffactive + \def\@{@}% + \let\/=\empty + \makevalueexpandable + % do we want to go so far as to use \indexnofonts instead of just + % special-casing \var here? + \def\var##1{##1}% + % + \leavevmode\setcolor{\urlcolor}% + \special{pdf:bann << /Border [0 0 0] + /Subtype /Link /A << /S /URI /URI (#1) >> >>}% + \endgroup} + \def\endlink{\setcolor{\maincolor}\special{pdf:eann}} + \def\pdfgettoks#1.{\setbox\boxA=\hbox{\toksA={#1.}\toksB={}\maketoks}} + \def\addtokens#1#2{\edef\addtoks{\noexpand#1={\the#1#2}}\addtoks} + \def\adn#1{\addtokens{\toksC}{#1}\global\countA=1\let\next=\maketoks} + \def\poptoks#1#2|ENDTOKS|{\let\first=#1\toksD={#1}\toksA={#2}} + \def\maketoks{% + \expandafter\poptoks\the\toksA|ENDTOKS|\relax + \ifx\first0\adn0 + \else\ifx\first1\adn1 \else\ifx\first2\adn2 \else\ifx\first3\adn3 + \else\ifx\first4\adn4 \else\ifx\first5\adn5 \else\ifx\first6\adn6 + \else\ifx\first7\adn7 \else\ifx\first8\adn8 \else\ifx\first9\adn9 + \else + \ifnum0=\countA\else\makelink\fi + \ifx\first.\let\next=\done\else + \let\next=\maketoks + \addtokens{\toksB}{\the\toksD} + \ifx\first,\addtokens{\toksB}{\space}\fi + \fi + \fi\fi\fi\fi\fi\fi\fi\fi\fi\fi + \next} + \def\makelink{\addtokens{\toksB}% + {\noexpand\pdflink{\the\toksC}}\toksC={}\global\countA=0} + \def\pdflink#1{% + \special{pdf:bann << /Border [0 0 0] + /Type /Annot /Subtype /Link /A << /S /GoTo /D (#1) >> >>}% + \setcolor{\linkcolor}#1\endlink} + \def\done{\edef\st{\global\noexpand\toksA={\the\toksB}}\st} +% + % + % @image support + % + % #1 is image name, #2 width (might be empty/whitespace), #3 height (ditto). + \def\doxeteximage#1#2#3{% + \def\xeteximagewidth{#2}\setbox0 = \hbox{\ignorespaces #2}% + \def\xeteximageheight{#3}\setbox2 = \hbox{\ignorespaces #3}% + % + % XeTeX (and the PDF format) supports .pdf, .png, .jpg (among + % others). Let's try in that order, PDF first since if + % someone has a scalable image, presumably better to use that than a + % bitmap. + \let\xeteximgext=\empty + \begingroup + \openin 1 #1.pdf \ifeof 1 + \openin 1 #1.PDF \ifeof 1 + \openin 1 #1.png \ifeof 1 + \openin 1 #1.jpg \ifeof 1 + \openin 1 #1.jpeg \ifeof 1 + \openin 1 #1.JPG \ifeof 1 + \errmessage{Could not find image file #1 for XeTeX}% + \else \gdef\xeteximgext{JPG}% + \fi + \else \gdef\xeteximgext{jpeg}% + \fi + \else \gdef\xeteximgext{jpg}% + \fi + \else \gdef\xeteximgext{png}% + \fi + \else \gdef\xeteximgext{PDF}% + \fi + \else \gdef\xeteximgext{pdf}% + \fi + \closein 1 + \endgroup + % + \def\xetexpdfext{pdf}% + \ifx\xeteximgext\xetexpdfext + \XeTeXpdffile "#1".\xeteximgext "" + \else + \def\xetexpdfext{PDF}% + \ifx\xeteximgext\xetexpdfext + \XeTeXpdffile "#1".\xeteximgext "" + \else + \XeTeXpicfile "#1".\xeteximgext "" + \fi + \fi + \ifdim \wd0 >0pt width \xeteximagewidth \fi + \ifdim \wd2 >0pt height \xeteximageheight \fi \relax + } +\fi + + +% +\message{fonts,} + +% Set the baselineskip to #1, and the lineskip and strut size +% correspondingly. There is no deep meaning behind these magic numbers +% used as factors; they just match (closely enough) what Knuth defined. +% +\def\lineskipfactor{.08333} +\def\strutheightpercent{.70833} +\def\strutdepthpercent {.29167} +% +% can get a sort of poor man's double spacing by redefining this. +\def\baselinefactor{1} +% +\newdimen\textleading +\def\setleading#1{% + \dimen0 = #1\relax + \normalbaselineskip = \baselinefactor\dimen0 + \normallineskip = \lineskipfactor\normalbaselineskip + \normalbaselines + \setbox\strutbox =\hbox{% + \vrule width0pt height\strutheightpercent\baselineskip + depth \strutdepthpercent \baselineskip + }% +} + +% PDF CMaps. See also LaTeX's t1.cmap. +% +% do nothing with this by default. +\expandafter\let\csname cmapOT1\endcsname\gobble +\expandafter\let\csname cmapOT1IT\endcsname\gobble +\expandafter\let\csname cmapOT1TT\endcsname\gobble + +% if we are producing pdf, and we have \pdffontattr, then define cmaps. +% (\pdffontattr was introduced many years ago, but people still run +% older pdftex's; it's easy to conditionalize, so we do.) +\ifpdf \ifx\pdffontattr\thisisundefined \else + \begingroup + \catcode`\^^M=\active \def^^M{^^J}% Output line endings as the ^^J char. + \catcode`\%=12 \immediate\pdfobj stream {%!PS-Adobe-3.0 Resource-CMap +%%DocumentNeededResources: ProcSet (CIDInit) +%%IncludeResource: ProcSet (CIDInit) +%%BeginResource: CMap (TeX-OT1-0) +%%Title: (TeX-OT1-0 TeX OT1 0) +%%Version: 1.000 +%%EndComments +/CIDInit /ProcSet findresource begin +12 dict begin +begincmap +/CIDSystemInfo +<< /Registry (TeX) +/Ordering (OT1) +/Supplement 0 +>> def +/CMapName /TeX-OT1-0 def +/CMapType 2 def +1 begincodespacerange +<00> <7F> +endcodespacerange +8 beginbfrange +<00> <01> <0393> +<09> <0A> <03A8> +<23> <26> <0023> +<28> <3B> <0028> +<3F> <5B> <003F> +<5D> <5E> <005D> +<61> <7A> <0061> +<7B> <7C> <2013> +endbfrange +40 beginbfchar +<02> <0398> +<03> <039B> +<04> <039E> +<05> <03A0> +<06> <03A3> +<07> <03D2> +<08> <03A6> +<0B> <00660066> +<0C> <00660069> +<0D> <0066006C> +<0E> <006600660069> +<0F> <00660066006C> +<10> <0131> +<11> <0237> +<12> <0060> +<13> <00B4> +<14> <02C7> +<15> <02D8> +<16> <00AF> +<17> <02DA> +<18> <00B8> +<19> <00DF> +<1A> <00E6> +<1B> <0153> +<1C> <00F8> +<1D> <00C6> +<1E> <0152> +<1F> <00D8> +<21> <0021> +<22> <201D> +<27> <2019> +<3C> <00A1> +<3D> <003D> +<3E> <00BF> +<5C> <201C> +<5F> <02D9> +<60> <2018> +<7D> <02DD> +<7E> <007E> +<7F> <00A8> +endbfchar +endcmap +CMapName currentdict /CMap defineresource pop +end +end +%%EndResource +%%EOF + }\endgroup + \expandafter\edef\csname cmapOT1\endcsname#1{% + \pdffontattr#1{/ToUnicode \the\pdflastobj\space 0 R}% + }% +% +% \cmapOT1IT + \begingroup + \catcode`\^^M=\active \def^^M{^^J}% Output line endings as the ^^J char. + \catcode`\%=12 \immediate\pdfobj stream {%!PS-Adobe-3.0 Resource-CMap +%%DocumentNeededResources: ProcSet (CIDInit) +%%IncludeResource: ProcSet (CIDInit) +%%BeginResource: CMap (TeX-OT1IT-0) +%%Title: (TeX-OT1IT-0 TeX OT1IT 0) +%%Version: 1.000 +%%EndComments +/CIDInit /ProcSet findresource begin +12 dict begin +begincmap +/CIDSystemInfo +<< /Registry (TeX) +/Ordering (OT1IT) +/Supplement 0 +>> def +/CMapName /TeX-OT1IT-0 def +/CMapType 2 def +1 begincodespacerange +<00> <7F> +endcodespacerange +8 beginbfrange +<00> <01> <0393> +<09> <0A> <03A8> +<25> <26> <0025> +<28> <3B> <0028> +<3F> <5B> <003F> +<5D> <5E> <005D> +<61> <7A> <0061> +<7B> <7C> <2013> +endbfrange +42 beginbfchar +<02> <0398> +<03> <039B> +<04> <039E> +<05> <03A0> +<06> <03A3> +<07> <03D2> +<08> <03A6> +<0B> <00660066> +<0C> <00660069> +<0D> <0066006C> +<0E> <006600660069> +<0F> <00660066006C> +<10> <0131> +<11> <0237> +<12> <0060> +<13> <00B4> +<14> <02C7> +<15> <02D8> +<16> <00AF> +<17> <02DA> +<18> <00B8> +<19> <00DF> +<1A> <00E6> +<1B> <0153> +<1C> <00F8> +<1D> <00C6> +<1E> <0152> +<1F> <00D8> +<21> <0021> +<22> <201D> +<23> <0023> +<24> <00A3> +<27> <2019> +<3C> <00A1> +<3D> <003D> +<3E> <00BF> +<5C> <201C> +<5F> <02D9> +<60> <2018> +<7D> <02DD> +<7E> <007E> +<7F> <00A8> +endbfchar +endcmap +CMapName currentdict /CMap defineresource pop +end +end +%%EndResource +%%EOF + }\endgroup + \expandafter\edef\csname cmapOT1IT\endcsname#1{% + \pdffontattr#1{/ToUnicode \the\pdflastobj\space 0 R}% + }% +% +% \cmapOT1TT + \begingroup + \catcode`\^^M=\active \def^^M{^^J}% Output line endings as the ^^J char. + \catcode`\%=12 \immediate\pdfobj stream {%!PS-Adobe-3.0 Resource-CMap +%%DocumentNeededResources: ProcSet (CIDInit) +%%IncludeResource: ProcSet (CIDInit) +%%BeginResource: CMap (TeX-OT1TT-0) +%%Title: (TeX-OT1TT-0 TeX OT1TT 0) +%%Version: 1.000 +%%EndComments +/CIDInit /ProcSet findresource begin +12 dict begin +begincmap +/CIDSystemInfo +<< /Registry (TeX) +/Ordering (OT1TT) +/Supplement 0 +>> def +/CMapName /TeX-OT1TT-0 def +/CMapType 2 def +1 begincodespacerange +<00> <7F> +endcodespacerange +5 beginbfrange +<00> <01> <0393> +<09> <0A> <03A8> +<21> <26> <0021> +<28> <5F> <0028> +<61> <7E> <0061> +endbfrange +32 beginbfchar +<02> <0398> +<03> <039B> +<04> <039E> +<05> <03A0> +<06> <03A3> +<07> <03D2> +<08> <03A6> +<0B> <2191> +<0C> <2193> +<0D> <0027> +<0E> <00A1> +<0F> <00BF> +<10> <0131> +<11> <0237> +<12> <0060> +<13> <00B4> +<14> <02C7> +<15> <02D8> +<16> <00AF> +<17> <02DA> +<18> <00B8> +<19> <00DF> +<1A> <00E6> +<1B> <0153> +<1C> <00F8> +<1D> <00C6> +<1E> <0152> +<1F> <00D8> +<20> <2423> +<27> <2019> +<60> <2018> +<7F> <00A8> +endbfchar +endcmap +CMapName currentdict /CMap defineresource pop +end +end +%%EndResource +%%EOF + }\endgroup + \expandafter\edef\csname cmapOT1TT\endcsname#1{% + \pdffontattr#1{/ToUnicode \the\pdflastobj\space 0 R}% + }% +\fi\fi + + +% Set the font macro #1 to the font named \fontprefix#2. +% #3 is the font's design size, #4 is a scale factor, #5 is the CMap +% encoding (only OT1, OT1IT and OT1TT are allowed, or empty to omit). +% Example: +% #1 = \textrm +% #2 = \rmshape +% #3 = 10 +% #4 = \mainmagstep +% #5 = OT1 +% +\def\setfont#1#2#3#4#5{% + \font#1=\fontprefix#2#3 scaled #4 + \csname cmap#5\endcsname#1% +} +% This is what gets called when #5 of \setfont is empty. +\let\cmap\gobble +% +% (end of cmaps) + +% Use cm as the default font prefix. +% To specify the font prefix, you must define \fontprefix +% before you read in texinfo.tex. +\ifx\fontprefix\thisisundefined +\def\fontprefix{cm} +\fi +% Support font families that don't use the same naming scheme as CM. +\def\rmshape{r} +\def\rmbshape{bx} % where the normal face is bold +\def\bfshape{b} +\def\bxshape{bx} +\def\ttshape{tt} +\def\ttbshape{tt} +\def\ttslshape{sltt} +\def\itshape{ti} +\def\itbshape{bxti} +\def\slshape{sl} +\def\slbshape{bxsl} +\def\sfshape{ss} +\def\sfbshape{ss} +\def\scshape{csc} +\def\scbshape{csc} + +% Definitions for a main text size of 11pt. (The default in Texinfo.) +% +\def\definetextfontsizexi{% +% Text fonts (11.2pt, magstep1). +\def\textnominalsize{11pt} +\edef\mainmagstep{\magstephalf} +\setfont\textrm\rmshape{10}{\mainmagstep}{OT1} +\setfont\texttt\ttshape{10}{\mainmagstep}{OT1TT} +\setfont\textbf\bfshape{10}{\mainmagstep}{OT1} +\setfont\textit\itshape{10}{\mainmagstep}{OT1IT} +\setfont\textsl\slshape{10}{\mainmagstep}{OT1} +\setfont\textsf\sfshape{10}{\mainmagstep}{OT1} +\setfont\textsc\scshape{10}{\mainmagstep}{OT1} +\setfont\textttsl\ttslshape{10}{\mainmagstep}{OT1TT} +\font\texti=cmmi10 scaled \mainmagstep +\font\textsy=cmsy10 scaled \mainmagstep +\def\textecsize{1095} + +% A few fonts for @defun names and args. +\setfont\defbf\bfshape{10}{\magstep1}{OT1} +\setfont\deftt\ttshape{10}{\magstep1}{OT1TT} +\setfont\defsl\slshape{10}{\magstep1}{OT1} +\setfont\defttsl\ttslshape{10}{\magstep1}{OT1TT} +\def\df{\let\ttfont=\deftt \let\bffont = \defbf +\let\ttslfont=\defttsl \let\slfont=\defsl \bf} + +% Fonts for indices, footnotes, small examples (9pt). +\def\smallnominalsize{9pt} +\setfont\smallrm\rmshape{9}{1000}{OT1} +\setfont\smalltt\ttshape{9}{1000}{OT1TT} +\setfont\smallbf\bfshape{10}{900}{OT1} +\setfont\smallit\itshape{9}{1000}{OT1IT} +\setfont\smallsl\slshape{9}{1000}{OT1} +\setfont\smallsf\sfshape{9}{1000}{OT1} +\setfont\smallsc\scshape{10}{900}{OT1} +\setfont\smallttsl\ttslshape{10}{900}{OT1TT} +\font\smalli=cmmi9 +\font\smallsy=cmsy9 +\def\smallecsize{0900} + +% Fonts for small examples (8pt). +\def\smallernominalsize{8pt} +\setfont\smallerrm\rmshape{8}{1000}{OT1} +\setfont\smallertt\ttshape{8}{1000}{OT1TT} +\setfont\smallerbf\bfshape{10}{800}{OT1} +\setfont\smallerit\itshape{8}{1000}{OT1IT} +\setfont\smallersl\slshape{8}{1000}{OT1} +\setfont\smallersf\sfshape{8}{1000}{OT1} +\setfont\smallersc\scshape{10}{800}{OT1} +\setfont\smallerttsl\ttslshape{10}{800}{OT1TT} +\font\smalleri=cmmi8 +\font\smallersy=cmsy8 +\def\smallerecsize{0800} + +% Fonts for math mode superscripts (7pt). +\def\sevennominalsize{7pt} +\setfont\sevenrm\rmshape{7}{1000}{OT1} +\setfont\seventt\ttshape{10}{700}{OT1TT} +\setfont\sevenbf\bfshape{10}{700}{OT1} +\setfont\sevenit\itshape{7}{1000}{OT1IT} +\setfont\sevensl\slshape{10}{700}{OT1} +\setfont\sevensf\sfshape{10}{700}{OT1} +\setfont\sevensc\scshape{10}{700}{OT1} +\setfont\seventtsl\ttslshape{10}{700}{OT1TT} +\font\seveni=cmmi7 +\font\sevensy=cmsy7 +\def\sevenecsize{0700} + +% Fonts for title page (20.4pt): +\def\titlenominalsize{20pt} +\setfont\titlerm\rmbshape{12}{\magstep3}{OT1} +\setfont\titleit\itbshape{10}{\magstep4}{OT1IT} +\setfont\titlesl\slbshape{10}{\magstep4}{OT1} +\setfont\titlett\ttbshape{12}{\magstep3}{OT1TT} +\setfont\titlettsl\ttslshape{10}{\magstep4}{OT1TT} +\setfont\titlesf\sfbshape{17}{\magstep1}{OT1} +\let\titlebf=\titlerm +\setfont\titlesc\scbshape{10}{\magstep4}{OT1} +\font\titlei=cmmi12 scaled \magstep3 +\font\titlesy=cmsy10 scaled \magstep4 +\def\titleecsize{2074} + +% Chapter (and unnumbered) fonts (17.28pt). +\def\chapnominalsize{17pt} +\setfont\chaprm\rmbshape{12}{\magstep2}{OT1} +\setfont\chapit\itbshape{10}{\magstep3}{OT1IT} +\setfont\chapsl\slbshape{10}{\magstep3}{OT1} +\setfont\chaptt\ttbshape{12}{\magstep2}{OT1TT} +\setfont\chapttsl\ttslshape{10}{\magstep3}{OT1TT} +\setfont\chapsf\sfbshape{17}{1000}{OT1} +\let\chapbf=\chaprm +\setfont\chapsc\scbshape{10}{\magstep3}{OT1} +\font\chapi=cmmi12 scaled \magstep2 +\font\chapsy=cmsy10 scaled \magstep3 +\def\chapecsize{1728} + +% Section fonts (14.4pt). +\def\secnominalsize{14pt} +\setfont\secrm\rmbshape{12}{\magstep1}{OT1} +\setfont\secrmnotbold\rmshape{12}{\magstep1}{OT1} +\setfont\secit\itbshape{10}{\magstep2}{OT1IT} +\setfont\secsl\slbshape{10}{\magstep2}{OT1} +\setfont\sectt\ttbshape{12}{\magstep1}{OT1TT} +\setfont\secttsl\ttslshape{10}{\magstep2}{OT1TT} +\setfont\secsf\sfbshape{12}{\magstep1}{OT1} +\let\secbf\secrm +\setfont\secsc\scbshape{10}{\magstep2}{OT1} +\font\seci=cmmi12 scaled \magstep1 +\font\secsy=cmsy10 scaled \magstep2 +\def\sececsize{1440} + +% Subsection fonts (13.15pt). +\def\ssecnominalsize{13pt} +\setfont\ssecrm\rmbshape{12}{\magstephalf}{OT1} +\setfont\ssecit\itbshape{10}{1315}{OT1IT} +\setfont\ssecsl\slbshape{10}{1315}{OT1} +\setfont\ssectt\ttbshape{12}{\magstephalf}{OT1TT} +\setfont\ssecttsl\ttslshape{10}{1315}{OT1TT} +\setfont\ssecsf\sfbshape{12}{\magstephalf}{OT1} +\let\ssecbf\ssecrm +\setfont\ssecsc\scbshape{10}{1315}{OT1} +\font\sseci=cmmi12 scaled \magstephalf +\font\ssecsy=cmsy10 scaled 1315 +\def\ssececsize{1200} + +% Reduced fonts for @acronym in text (10pt). +\def\reducednominalsize{10pt} +\setfont\reducedrm\rmshape{10}{1000}{OT1} +\setfont\reducedtt\ttshape{10}{1000}{OT1TT} +\setfont\reducedbf\bfshape{10}{1000}{OT1} +\setfont\reducedit\itshape{10}{1000}{OT1IT} +\setfont\reducedsl\slshape{10}{1000}{OT1} +\setfont\reducedsf\sfshape{10}{1000}{OT1} +\setfont\reducedsc\scshape{10}{1000}{OT1} +\setfont\reducedttsl\ttslshape{10}{1000}{OT1TT} +\font\reducedi=cmmi10 +\font\reducedsy=cmsy10 +\def\reducedecsize{1000} + +\textleading = 13.2pt % line spacing for 11pt CM +\textfonts % reset the current fonts +\rm +} % end of 11pt text font size definitions, \definetextfontsizexi + + +% Definitions to make the main text be 10pt Computer Modern, with +% section, chapter, etc., sizes following suit. This is for the GNU +% Press printing of the Emacs 22 manual. Maybe other manuals in the +% future. Used with @smallbook, which sets the leading to 12pt. +% +\def\definetextfontsizex{% +% Text fonts (10pt). +\def\textnominalsize{10pt} +\edef\mainmagstep{1000} +\setfont\textrm\rmshape{10}{\mainmagstep}{OT1} +\setfont\texttt\ttshape{10}{\mainmagstep}{OT1TT} +\setfont\textbf\bfshape{10}{\mainmagstep}{OT1} +\setfont\textit\itshape{10}{\mainmagstep}{OT1IT} +\setfont\textsl\slshape{10}{\mainmagstep}{OT1} +\setfont\textsf\sfshape{10}{\mainmagstep}{OT1} +\setfont\textsc\scshape{10}{\mainmagstep}{OT1} +\setfont\textttsl\ttslshape{10}{\mainmagstep}{OT1TT} +\font\texti=cmmi10 scaled \mainmagstep +\font\textsy=cmsy10 scaled \mainmagstep +\def\textecsize{1000} + +% A few fonts for @defun names and args. +\setfont\defbf\bfshape{10}{\magstephalf}{OT1} +\setfont\deftt\ttshape{10}{\magstephalf}{OT1TT} +\setfont\defsl\slshape{10}{\magstephalf}{OT1} +\setfont\defttsl\ttslshape{10}{\magstephalf}{OT1TT} +\def\df{\let\ttfont=\deftt \let\bffont = \defbf +\let\slfont=\defsl \let\ttslfont=\defttsl \bf} + +% Fonts for indices, footnotes, small examples (9pt). +\def\smallnominalsize{9pt} +\setfont\smallrm\rmshape{9}{1000}{OT1} +\setfont\smalltt\ttshape{9}{1000}{OT1TT} +\setfont\smallbf\bfshape{10}{900}{OT1} +\setfont\smallit\itshape{9}{1000}{OT1IT} +\setfont\smallsl\slshape{9}{1000}{OT1} +\setfont\smallsf\sfshape{9}{1000}{OT1} +\setfont\smallsc\scshape{10}{900}{OT1} +\setfont\smallttsl\ttslshape{10}{900}{OT1TT} +\font\smalli=cmmi9 +\font\smallsy=cmsy9 +\def\smallecsize{0900} + +% Fonts for small examples (8pt). +\def\smallernominalsize{8pt} +\setfont\smallerrm\rmshape{8}{1000}{OT1} +\setfont\smallertt\ttshape{8}{1000}{OT1TT} +\setfont\smallerbf\bfshape{10}{800}{OT1} +\setfont\smallerit\itshape{8}{1000}{OT1IT} +\setfont\smallersl\slshape{8}{1000}{OT1} +\setfont\smallersf\sfshape{8}{1000}{OT1} +\setfont\smallersc\scshape{10}{800}{OT1} +\setfont\smallerttsl\ttslshape{10}{800}{OT1TT} +\font\smalleri=cmmi8 +\font\smallersy=cmsy8 +\def\smallerecsize{0800} + +% Fonts for math mode superscripts (7pt). +\def\sevennominalsize{7pt} +\setfont\sevenrm\rmshape{7}{1000}{OT1} +\setfont\seventt\ttshape{10}{700}{OT1TT} +\setfont\sevenbf\bfshape{10}{700}{OT1} +\setfont\sevenit\itshape{7}{1000}{OT1IT} +\setfont\sevensl\slshape{10}{700}{OT1} +\setfont\sevensf\sfshape{10}{700}{OT1} +\setfont\sevensc\scshape{10}{700}{OT1} +\setfont\seventtsl\ttslshape{10}{700}{OT1TT} +\font\seveni=cmmi7 +\font\sevensy=cmsy7 +\def\sevenecsize{0700} + +% Fonts for title page (20.4pt): +\def\titlenominalsize{20pt} +\setfont\titlerm\rmbshape{12}{\magstep3}{OT1} +\setfont\titleit\itbshape{10}{\magstep4}{OT1IT} +\setfont\titlesl\slbshape{10}{\magstep4}{OT1} +\setfont\titlett\ttbshape{12}{\magstep3}{OT1TT} +\setfont\titlettsl\ttslshape{10}{\magstep4}{OT1TT} +\setfont\titlesf\sfbshape{17}{\magstep1}{OT1} +\let\titlebf=\titlerm +\setfont\titlesc\scbshape{10}{\magstep4}{OT1} +\font\titlei=cmmi12 scaled \magstep3 +\font\titlesy=cmsy10 scaled \magstep4 +\def\titleecsize{2074} + +% Chapter fonts (14.4pt). +\def\chapnominalsize{14pt} +\setfont\chaprm\rmbshape{12}{\magstep1}{OT1} +\setfont\chapit\itbshape{10}{\magstep2}{OT1IT} +\setfont\chapsl\slbshape{10}{\magstep2}{OT1} +\setfont\chaptt\ttbshape{12}{\magstep1}{OT1TT} +\setfont\chapttsl\ttslshape{10}{\magstep2}{OT1TT} +\setfont\chapsf\sfbshape{12}{\magstep1}{OT1} +\let\chapbf\chaprm +\setfont\chapsc\scbshape{10}{\magstep2}{OT1} +\font\chapi=cmmi12 scaled \magstep1 +\font\chapsy=cmsy10 scaled \magstep2 +\def\chapecsize{1440} + +% Section fonts (12pt). +\def\secnominalsize{12pt} +\setfont\secrm\rmbshape{12}{1000}{OT1} +\setfont\secit\itbshape{10}{\magstep1}{OT1IT} +\setfont\secsl\slbshape{10}{\magstep1}{OT1} +\setfont\sectt\ttbshape{12}{1000}{OT1TT} +\setfont\secttsl\ttslshape{10}{\magstep1}{OT1TT} +\setfont\secsf\sfbshape{12}{1000}{OT1} +\let\secbf\secrm +\setfont\secsc\scbshape{10}{\magstep1}{OT1} +\font\seci=cmmi12 +\font\secsy=cmsy10 scaled \magstep1 +\def\sececsize{1200} + +% Subsection fonts (10pt). +\def\ssecnominalsize{10pt} +\setfont\ssecrm\rmbshape{10}{1000}{OT1} +\setfont\ssecit\itbshape{10}{1000}{OT1IT} +\setfont\ssecsl\slbshape{10}{1000}{OT1} +\setfont\ssectt\ttbshape{10}{1000}{OT1TT} +\setfont\ssecttsl\ttslshape{10}{1000}{OT1TT} +\setfont\ssecsf\sfbshape{10}{1000}{OT1} +\let\ssecbf\ssecrm +\setfont\ssecsc\scbshape{10}{1000}{OT1} +\font\sseci=cmmi10 +\font\ssecsy=cmsy10 +\def\ssececsize{1000} + +% Reduced fonts for @acronym in text (9pt). +\def\reducednominalsize{9pt} +\setfont\reducedrm\rmshape{9}{1000}{OT1} +\setfont\reducedtt\ttshape{9}{1000}{OT1TT} +\setfont\reducedbf\bfshape{10}{900}{OT1} +\setfont\reducedit\itshape{9}{1000}{OT1IT} +\setfont\reducedsl\slshape{9}{1000}{OT1} +\setfont\reducedsf\sfshape{9}{1000}{OT1} +\setfont\reducedsc\scshape{10}{900}{OT1} +\setfont\reducedttsl\ttslshape{10}{900}{OT1TT} +\font\reducedi=cmmi9 +\font\reducedsy=cmsy9 +\def\reducedecsize{0900} + +\divide\parskip by 2 % reduce space between paragraphs +\textleading = 12pt % line spacing for 10pt CM +\textfonts % reset the current fonts +\rm +} % end of 10pt text font size definitions, \definetextfontsizex + +% Fonts for short table of contents. +\setfont\shortcontrm\rmshape{12}{1000}{OT1} +\setfont\shortcontbf\bfshape{10}{\magstep1}{OT1} % no cmb12 +\setfont\shortcontsl\slshape{12}{1000}{OT1} +\setfont\shortconttt\ttshape{12}{1000}{OT1TT} + + +% We provide the user-level command +% @fonttextsize 10 +% (or 11) to redefine the text font size. pt is assumed. +% +\def\xiword{11} +\def\xword{10} +\def\xwordpt{10pt} +% +\parseargdef\fonttextsize{% + \def\textsizearg{#1}% + %\wlog{doing @fonttextsize \textsizearg}% + % + % Set \globaldefs so that documents can use this inside @tex, since + % makeinfo 4.8 does not support it, but we need it nonetheless. + % + \begingroup \globaldefs=1 + \ifx\textsizearg\xword \definetextfontsizex + \else \ifx\textsizearg\xiword \definetextfontsizexi + \else + \errhelp=\EMsimple + \errmessage{@fonttextsize only supports `10' or `11', not `\textsizearg'} + \fi\fi + \endgroup +} + +% +% Change the current font style to #1, remembering it in \curfontstyle. +% For now, we do not accumulate font styles: @b{@i{foo}} prints foo in +% italics, not bold italics. +% +\def\setfontstyle#1{% + \def\curfontstyle{#1}% not as a control sequence, because we are \edef'd. + \csname #1font\endcsname % change the current font +} + +\def\rm{\fam=0 \setfontstyle{rm}} +\def\it{\fam=\itfam \setfontstyle{it}} +\def\sl{\fam=\slfam \setfontstyle{sl}} +\def\bf{\fam=\bffam \setfontstyle{bf}}\def\bfstylename{bf} +\def\tt{\fam=\ttfam \setfontstyle{tt}} + +% Texinfo sort of supports the sans serif font style, which plain TeX does not. +% So we set up a \sf. +\newfam\sffam +\def\sf{\fam=\sffam \setfontstyle{sf}} + +% We don't need math for this font style. +\def\ttsl{\setfontstyle{ttsl}} + + +% In order for the font changes to affect most math symbols and letters, +% we have to define the \textfont of the standard families. +% We don't bother to reset \scriptscriptfont; awaiting user need. +% +\def\resetmathfonts{% + \textfont0=\rmfont \textfont1=\ifont \textfont2=\syfont + \textfont\itfam=\itfont \textfont\slfam=\slfont \textfont\bffam=\bffont + \textfont\ttfam=\ttfont \textfont\sffam=\sffont + % + % Fonts for superscript. Note that the 7pt fonts are used regardless + % of the current font size. + \scriptfont0=\sevenrm \scriptfont1=\seveni \scriptfont2=\sevensy + \scriptfont\itfam=\sevenit \scriptfont\slfam=\sevensl + \scriptfont\bffam=\sevenbf \scriptfont\ttfam=\seventt + \scriptfont\sffam=\sevensf +} + +% + +% The font-changing commands (all called \...fonts) redefine the meanings +% of \STYLEfont, instead of just \STYLE. We do this because \STYLE needs +% to also set the current \fam for math mode. Our \STYLE (e.g., \rm) +% commands hardwire \STYLEfont to set the current font. +% +% The fonts used for \ifont are for "math italics" (\itfont is for italics +% in regular text). \syfont is also used in math mode only. +% +% Each font-changing command also sets the names \lsize (one size lower) +% and \lllsize (three sizes lower). These relative commands are used +% in, e.g., the LaTeX logo and acronyms. +% +% This all needs generalizing, badly. +% + +\def\assignfonts#1{% + \expandafter\let\expandafter\rmfont\csname #1rm\endcsname + \expandafter\let\expandafter\itfont\csname #1it\endcsname + \expandafter\let\expandafter\slfont\csname #1sl\endcsname + \expandafter\let\expandafter\bffont\csname #1bf\endcsname + \expandafter\let\expandafter\ttfont\csname #1tt\endcsname + \expandafter\let\expandafter\smallcaps\csname #1sc\endcsname + \expandafter\let\expandafter\sffont \csname #1sf\endcsname + \expandafter\let\expandafter\ifont \csname #1i\endcsname + \expandafter\let\expandafter\syfont \csname #1sy\endcsname + \expandafter\let\expandafter\ttslfont\csname #1ttsl\endcsname +} + +\newif\ifrmisbold + +% Select smaller font size with the current style. Used to change font size +% in, e.g., the LaTeX logo and acronyms. If we are using bold fonts for +% normal roman text, also use bold fonts for roman text in the smaller size. +\def\switchtolllsize{% + \expandafter\assignfonts\expandafter{\lllsize}% + \ifrmisbold + \let\rmfont\bffont + \fi + \csname\curfontstyle\endcsname +}% + +\def\switchtolsize{% + \expandafter\assignfonts\expandafter{\lsize}% + \ifrmisbold + \let\rmfont\bffont + \fi + \csname\curfontstyle\endcsname +}% + +\def\definefontsetatsize#1#2#3#4#5{% +\expandafter\def\csname #1fonts\endcsname{% + \def\curfontsize{#1}% + \def\lsize{#2}\def\lllsize{#3}% + \csname rmisbold#5\endcsname + \assignfonts{#1}% + \resetmathfonts + \setleading{#4}% +}} + +\definefontsetatsize{text} {reduced}{smaller}{\textleading}{false} +\definefontsetatsize{title} {chap} {subsec} {27pt} {true} +\definefontsetatsize{chap} {sec} {text} {19pt} {true} +\definefontsetatsize{sec} {subsec} {reduced}{17pt} {true} +\definefontsetatsize{ssec} {text} {small} {15pt} {true} +\definefontsetatsize{reduced}{small} {smaller}{10.5pt}{false} +\definefontsetatsize{small} {smaller}{smaller}{10.5pt}{false} +\definefontsetatsize{smaller}{smaller}{smaller}{9.5pt} {false} + +\def\titlefont#1{{\titlefonts\rm #1}} +\let\subsecfonts = \ssecfonts +\let\subsubsecfonts = \ssecfonts + +% Define these just so they can be easily changed for other fonts. +\def\angleleft{$\langle$} +\def\angleright{$\rangle$} + +% Set the fonts to use with the @small... environments. +\let\smallexamplefonts = \smallfonts + +% About \smallexamplefonts. If we use \smallfonts (9pt), @smallexample +% can fit this many characters: +% 8.5x11=86 smallbook=72 a4=90 a5=69 +% If we use \scriptfonts (8pt), then we can fit this many characters: +% 8.5x11=90+ smallbook=80 a4=90+ a5=77 +% For me, subjectively, the few extra characters that fit aren't worth +% the additional smallness of 8pt. So I'm making the default 9pt. +% +% By the way, for comparison, here's what fits with @example (10pt): +% 8.5x11=71 smallbook=60 a4=75 a5=58 +% --karl, 24jan03. + +% Set up the default fonts, so we can use them for creating boxes. +% +\definetextfontsizexi + + +\message{markup,} + +% Check if we are currently using a typewriter font. Since all the +% Computer Modern typewriter fonts have zero interword stretch (and +% shrink), and it is reasonable to expect all typewriter fonts to have +% this property, we can check that font parameter. +% +\def\ifmonospace{\ifdim\fontdimen3\font=0pt } + +% Markup style infrastructure. \defmarkupstylesetup\INITMACRO will +% define and register \INITMACRO to be called on markup style changes. +% \INITMACRO can check \currentmarkupstyle for the innermost +% style. + +\let\currentmarkupstyle\empty + +\def\setupmarkupstyle#1{% + \def\currentmarkupstyle{#1}% + \markupstylesetup +} + +\let\markupstylesetup\empty + +\def\defmarkupstylesetup#1{% + \expandafter\def\expandafter\markupstylesetup + \expandafter{\markupstylesetup #1}% + \def#1% +} + +% Markup style setup for left and right quotes. +\defmarkupstylesetup\markupsetuplq{% + \expandafter\let\expandafter \temp + \csname markupsetuplq\currentmarkupstyle\endcsname + \ifx\temp\relax \markupsetuplqdefault \else \temp \fi +} + +\defmarkupstylesetup\markupsetuprq{% + \expandafter\let\expandafter \temp + \csname markupsetuprq\currentmarkupstyle\endcsname + \ifx\temp\relax \markupsetuprqdefault \else \temp \fi +} + +{ +\catcode`\'=\active +\catcode`\`=\active + +\gdef\markupsetuplqdefault{\let`\lq} +\gdef\markupsetuprqdefault{\let'\rq} + +\gdef\markupsetcodequoteleft{\let`\codequoteleft} +\gdef\markupsetcodequoteright{\let'\codequoteright} +} + +\let\markupsetuplqcode \markupsetcodequoteleft +\let\markupsetuprqcode \markupsetcodequoteright +% +\let\markupsetuplqexample \markupsetcodequoteleft +\let\markupsetuprqexample \markupsetcodequoteright +% +\let\markupsetuplqkbd \markupsetcodequoteleft +\let\markupsetuprqkbd \markupsetcodequoteright +% +\let\markupsetuplqsamp \markupsetcodequoteleft +\let\markupsetuprqsamp \markupsetcodequoteright +% +\let\markupsetuplqverb \markupsetcodequoteleft +\let\markupsetuprqverb \markupsetcodequoteright +% +\let\markupsetuplqverbatim \markupsetcodequoteleft +\let\markupsetuprqverbatim \markupsetcodequoteright + +% Allow an option to not use regular directed right quote/apostrophe +% (char 0x27), but instead the undirected quote from cmtt (char 0x0d). +% The undirected quote is ugly, so don't make it the default, but it +% works for pasting with more pdf viewers (at least evince), the +% lilypond developers report. xpdf does work with the regular 0x27. +% +\def\codequoteright{% + \ifmonospace + \expandafter\ifx\csname SETtxicodequoteundirected\endcsname\relax + \expandafter\ifx\csname SETcodequoteundirected\endcsname\relax + '% + \else \char'15 \fi + \else \char'15 \fi + \else + '% + \fi +} +% +% and a similar option for the left quote char vs. a grave accent. +% Modern fonts display ASCII 0x60 as a grave accent, so some people like +% the code environments to do likewise. +% +\def\codequoteleft{% + \ifmonospace + \expandafter\ifx\csname SETtxicodequotebacktick\endcsname\relax + \expandafter\ifx\csname SETcodequotebacktick\endcsname\relax + % [Knuth] pp. 380,381,391 + % \relax disables Spanish ligatures ?` and !` of \tt font. + \relax`% + \else \char'22 \fi + \else \char'22 \fi + \else + \relax`% + \fi +} + +% Commands to set the quote options. +% +\parseargdef\codequoteundirected{% + \def\temp{#1}% + \ifx\temp\onword + \expandafter\let\csname SETtxicodequoteundirected\endcsname + = t% + \else\ifx\temp\offword + \expandafter\let\csname SETtxicodequoteundirected\endcsname + = \relax + \else + \errhelp = \EMsimple + \errmessage{Unknown @codequoteundirected value `\temp', must be on|off}% + \fi\fi +} +% +\parseargdef\codequotebacktick{% + \def\temp{#1}% + \ifx\temp\onword + \expandafter\let\csname SETtxicodequotebacktick\endcsname + = t% + \else\ifx\temp\offword + \expandafter\let\csname SETtxicodequotebacktick\endcsname + = \relax + \else + \errhelp = \EMsimple + \errmessage{Unknown @codequotebacktick value `\temp', must be on|off}% + \fi\fi +} + +% [Knuth] pp. 380,381,391, disable Spanish ligatures ?` and !` of \tt font. +\def\noligaturesquoteleft{\relax\lq} + +% Count depth in font-changes, for error checks +\newcount\fontdepth \fontdepth=0 + +% Font commands. + +% #1 is the font command (\sl or \it), #2 is the text to slant. +% If we are in a monospaced environment, however, 1) always use \ttsl, +% and 2) do not add an italic correction. +\def\dosmartslant#1#2{% + \ifusingtt + {{\ttsl #2}\let\next=\relax}% + {\def\next{{#1#2}\futurelet\next\smartitaliccorrection}}% + \next +} +\def\smartslanted{\dosmartslant\sl} +\def\smartitalic{\dosmartslant\it} + +% Output an italic correction unless \next (presumed to be the following +% character) is such as not to need one. +\def\smartitaliccorrection{% + \ifx\next,% + \else\ifx\next-% + \else\ifx\next.% + \else\ifx\next\.% + \else\ifx\next\comma% + \else\ptexslash + \fi\fi\fi\fi\fi + \aftersmartic +} + +% Unconditional use \ttsl, and no ic. @var is set to this for defuns. +\def\ttslanted#1{{\ttsl #1}} + +% @cite is like \smartslanted except unconditionally use \sl. We never want +% ttsl for book titles, do we? +\def\cite#1{{\sl #1}\futurelet\next\smartitaliccorrection} + +\def\aftersmartic{} +\def\var#1{% + \let\saveaftersmartic = \aftersmartic + \def\aftersmartic{\null\let\aftersmartic=\saveaftersmartic}% + \smartslanted{#1}% +} + +\let\i=\smartitalic +\let\slanted=\smartslanted +\let\dfn=\smartslanted +\let\emph=\smartitalic + +% Explicit font changes: @r, @sc, undocumented @ii. +\def\r#1{{\rm #1}} % roman font +\def\sc#1{{\smallcaps#1}} % smallcaps font +\def\ii#1{{\it #1}} % italic font + +% @b, explicit bold. Also @strong. +\def\b#1{{\bf #1}} +\let\strong=\b + +% @sansserif, explicit sans. +\def\sansserif#1{{\sf #1}} + +% We can't just use \exhyphenpenalty, because that only has effect at +% the end of a paragraph. Restore normal hyphenation at the end of the +% group within which \nohyphenation is presumably called. +% +\def\nohyphenation{\hyphenchar\font = -1 \aftergroup\restorehyphenation} +\def\restorehyphenation{\hyphenchar\font = `- } + +% Set sfcode to normal for the chars that usually have another value. +% Can't use plain's \frenchspacing because it uses the `\x notation, and +% sometimes \x has an active definition that messes things up. +% +\catcode`@=11 + \def\plainfrenchspacing{% + \sfcode`\.=\@m \sfcode`\?=\@m \sfcode`\!=\@m + \sfcode`\:=\@m \sfcode`\;=\@m \sfcode`\,=\@m + \def\endofsentencespacefactor{1000}% for @. and friends + } + \def\plainnonfrenchspacing{% + \sfcode`\.3000\sfcode`\?3000\sfcode`\!3000 + \sfcode`\:2000\sfcode`\;1500\sfcode`\,1250 + \def\endofsentencespacefactor{3000}% for @. and friends + } +\catcode`@=\other +\def\endofsentencespacefactor{3000}% default + +% @t, explicit typewriter. +\def\t#1{% + {\tt \plainfrenchspacing #1}% + \null +} + +% @samp. +\def\samp#1{{\setupmarkupstyle{samp}\lq\tclose{#1}\rq\null}} + +% @indicateurl is \samp, that is, with quotes. +\let\indicateurl=\samp + +% @code (and similar) prints in typewriter, but with spaces the same +% size as normal in the surrounding text, without hyphenation, etc. +% This is a subroutine for that. +\def\tclose#1{% + {% + % Change normal interword space to be same as for the current font. + \spaceskip = \fontdimen2\font + % + % Switch to typewriter. + \tt + % + % But `\ ' produces the large typewriter interword space. + \def\ {{\spaceskip = 0pt{} }}% + % + % Turn off hyphenation. + \nohyphenation + % + \plainfrenchspacing + #1% + }% + \null % reset spacefactor to 1000 +} + +% We *must* turn on hyphenation at `-' and `_' in @code. +% (But see \codedashfinish below.) +% Otherwise, it is too hard to avoid overfull hboxes +% in the Emacs manual, the Library manual, etc. +% +% Unfortunately, TeX uses one parameter (\hyphenchar) to control +% both hyphenation at - and hyphenation within words. +% We must therefore turn them both off (\tclose does that) +% and arrange explicitly to hyphenate at a dash. -- rms. +{ + \catcode`\-=\active \catcode`\_=\active + \catcode`\'=\active \catcode`\`=\active + \global\let'=\rq \global\let`=\lq % default definitions + % + \global\def\code{\begingroup + \setupmarkupstyle{code}% + % The following should really be moved into \setupmarkupstyle handlers. + \catcode\dashChar=\active \catcode\underChar=\active + \ifallowcodebreaks + \let-\codedash + \let_\codeunder + \else + \let-\normaldash + \let_\realunder + \fi + % Given -foo (with a single dash), we do not want to allow a break + % after the hyphen. + \global\let\codedashprev=\codedash + % + \codex + } + % + \gdef\codedash{\futurelet\next\codedashfinish} + \gdef\codedashfinish{% + \normaldash % always output the dash character itself. + % + % Now, output a discretionary to allow a line break, unless + % (a) the next character is a -, or + % (b) the preceding character is a -. + % E.g., given --posix, we do not want to allow a break after either -. + % Given --foo-bar, we do want to allow a break between the - and the b. + \ifx\next\codedash \else + \ifx\codedashprev\codedash + \else \discretionary{}{}{}\fi + \fi + % we need the space after the = for the case when \next itself is a + % space token; it would get swallowed otherwise. As in @code{- a}. + \global\let\codedashprev= \next + } +} +\def\normaldash{-} +% +\def\codex #1{\tclose{#1}\endgroup} + +\def\codeunder{% + % this is all so @math{@code{var_name}+1} can work. In math mode, _ + % is "active" (mathcode"8000) and \normalunderscore (or \char95, etc.) + % will therefore expand the active definition of _, which is us + % (inside @code that is), therefore an endless loop. + \ifusingtt{\ifmmode + \mathchar"075F % class 0=ordinary, family 7=ttfam, pos 0x5F=_. + \else\normalunderscore \fi + \discretionary{}{}{}}% + {\_}% +} + +% An additional complication: the above will allow breaks after, e.g., +% each of the four underscores in __typeof__. This is bad. +% @allowcodebreaks provides a document-level way to turn breaking at - +% and _ on and off. +% +\newif\ifallowcodebreaks \allowcodebreakstrue + +\def\keywordtrue{true} +\def\keywordfalse{false} + +\parseargdef\allowcodebreaks{% + \def\txiarg{#1}% + \ifx\txiarg\keywordtrue + \allowcodebreakstrue + \else\ifx\txiarg\keywordfalse + \allowcodebreaksfalse + \else + \errhelp = \EMsimple + \errmessage{Unknown @allowcodebreaks option `\txiarg', must be true|false}% + \fi\fi +} + +% For @command, @env, @file, @option quotes seem unnecessary, +% so use \code rather than \samp. +\let\command=\code +\let\env=\code +\let\file=\code +\let\option=\code + +% @uref (abbreviation for `urlref') aka @url takes an optional +% (comma-separated) second argument specifying the text to display and +% an optional third arg as text to display instead of (rather than in +% addition to) the url itself. First (mandatory) arg is the url. + +% TeX-only option to allow changing PDF output to show only the second +% arg (if given), and not the url (which is then just the link target). +\newif\ifurefurlonlylink + +% The main macro is \urefbreak, which allows breaking at expected +% places within the url. (There used to be another version, which +% didn't support automatic breaking.) +\def\urefbreak{\begingroup \urefcatcodes \dourefbreak} +\let\uref=\urefbreak +% +\def\dourefbreak#1{\urefbreakfinish #1,,,\finish} +\def\urefbreakfinish#1,#2,#3,#4\finish{% doesn't work in @example + \unsepspaces + \pdfurl{#1}% + \setbox0 = \hbox{\ignorespaces #3}% + \ifdim\wd0 > 0pt + \unhbox0 % third arg given, show only that + \else + \setbox0 = \hbox{\ignorespaces #2}% look for second arg + \ifdim\wd0 > 0pt + \ifpdf + % For pdfTeX and LuaTeX + \ifurefurlonlylink + % PDF plus option to not display url, show just arg + \unhbox0 + \else + % PDF, normally display both arg and url for consistency, + % visibility, if the pdf is eventually used to print, etc. + \unhbox0\ (\urefcode{#1})% + \fi + \else + \ifx\XeTeXrevision\thisisundefined + \unhbox0\ (\urefcode{#1})% DVI, always show arg and url + \else + % For XeTeX + \ifurefurlonlylink + % PDF plus option to not display url, show just arg + \unhbox0 + \else + % PDF, normally display both arg and url for consistency, + % visibility, if the pdf is eventually used to print, etc. + \unhbox0\ (\urefcode{#1})% + \fi + \fi + \fi + \else + \urefcode{#1}% only url given, so show it + \fi + \fi + \endlink +\endgroup} + +% Allow line breaks around only a few characters (only). +\def\urefcatcodes{% + \catcode`\&=\active \catcode`\.=\active + \catcode`\#=\active \catcode`\?=\active + \catcode`\/=\active +} +{ + \urefcatcodes + % + \global\def\urefcode{\begingroup + \setupmarkupstyle{code}% + \urefcatcodes + \let&\urefcodeamp + \let.\urefcodedot + \let#\urefcodehash + \let?\urefcodequest + \let/\urefcodeslash + \codex + } + % + % By default, they are just regular characters. + \global\def&{\normalamp} + \global\def.{\normaldot} + \global\def#{\normalhash} + \global\def?{\normalquest} + \global\def/{\normalslash} +} + +\def\urefcodeamp{\urefprebreak \&\urefpostbreak} +\def\urefcodedot{\urefprebreak .\urefpostbreak} +\def\urefcodehash{\urefprebreak \#\urefpostbreak} +\def\urefcodequest{\urefprebreak ?\urefpostbreak} +\def\urefcodeslash{\futurelet\next\urefcodeslashfinish} +{ + \catcode`\/=\active + \global\def\urefcodeslashfinish{% + \urefprebreak \slashChar + % Allow line break only after the final / in a sequence of + % slashes, to avoid line break between the slashes in http://. + \ifx\next/\else \urefpostbreak \fi + } +} + +% By default we'll break after the special characters, but some people like to +% break before the special chars, so allow that. Also allow no breaking at +% all, for manual control. +% +\parseargdef\urefbreakstyle{% + \def\txiarg{#1}% + \ifx\txiarg\wordnone + \def\urefprebreak{\nobreak}\def\urefpostbreak{\nobreak} + \else\ifx\txiarg\wordbefore + \def\urefprebreak{\urefallowbreak}\def\urefpostbreak{\nobreak} + \else\ifx\txiarg\wordafter + \def\urefprebreak{\nobreak}\def\urefpostbreak{\urefallowbreak} + \else + \errhelp = \EMsimple + \errmessage{Unknown @urefbreakstyle setting `\txiarg'}% + \fi\fi\fi +} +\def\wordafter{after} +\def\wordbefore{before} +\def\wordnone{none} + +% Allow a ragged right output to aid breaking long URL's. Putting stretch in +% between characters of the URL doesn't look good. +\def\urefallowbreak{% + \hskip 0pt plus 4 em\relax + \allowbreak + \hskip 0pt plus -4 em\relax +} + +\urefbreakstyle after + +% @url synonym for @uref, since that's how everyone uses it. +% +\let\url=\uref + +% rms does not like angle brackets --karl, 17may97. +% So now @email is just like @uref, unless we are pdf. +% +%\def\email#1{\angleleft{\tt #1}\angleright} +\ifpdforxetex + \def\email#1{\doemail#1,,\finish} + \def\doemail#1,#2,#3\finish{\begingroup + \unsepspaces + \pdfurl{mailto:#1}% + \setbox0 = \hbox{\ignorespaces #2}% + \ifdim\wd0>0pt\unhbox0\else\code{#1}\fi + \endlink + \endgroup} +\else + \let\email=\uref +\fi + +% @kbdinputstyle -- arg is `distinct' (@kbd uses slanted tty font always), +% `example' (@kbd uses ttsl only inside of @example and friends), +% or `code' (@kbd uses normal tty font always). +\parseargdef\kbdinputstyle{% + \def\txiarg{#1}% + \ifx\txiarg\worddistinct + \gdef\kbdexamplefont{\ttsl}\gdef\kbdfont{\ttsl}% + \else\ifx\txiarg\wordexample + \gdef\kbdexamplefont{\ttsl}\gdef\kbdfont{\tt}% + \else\ifx\txiarg\wordcode + \gdef\kbdexamplefont{\tt}\gdef\kbdfont{\tt}% + \else + \errhelp = \EMsimple + \errmessage{Unknown @kbdinputstyle setting `\txiarg'}% + \fi\fi\fi +} +\def\worddistinct{distinct} +\def\wordexample{example} +\def\wordcode{code} + +% Default is `distinct'. +\kbdinputstyle distinct + +% @kbd is like @code, except that if the argument is just one @key command, +% then @kbd has no effect. +\def\kbd#1{{\def\look{#1}\expandafter\kbdsub\look??\par}} + +\def\xkey{\key} +\def\kbdsub#1#2#3\par{% + \def\one{#1}\def\three{#3}\def\threex{??}% + \ifx\one\xkey\ifx\threex\three \key{#2}% + \else{\tclose{\kbdfont\setupmarkupstyle{kbd}\look}}\fi + \else{\tclose{\kbdfont\setupmarkupstyle{kbd}\look}}\fi +} + +% definition of @key that produces a lozenge. Doesn't adjust to text size. +%\setfont\keyrm\rmshape{8}{1000}{OT1} +%\font\keysy=cmsy9 +%\def\key#1{{\keyrm\textfont2=\keysy \leavevmode\hbox{% +% \raise0.4pt\hbox{\angleleft}\kern-.08em\vtop{% +% \vbox{\hrule\kern-0.4pt +% \hbox{\raise0.4pt\hbox{\vphantom{\angleleft}}#1}}% +% \kern-0.4pt\hrule}% +% \kern-.06em\raise0.4pt\hbox{\angleright}}}} + +% definition of @key with no lozenge. If the current font is already +% monospace, don't change it; that way, we respect @kbdinputstyle. But +% if it isn't monospace, then use \tt. +% +\def\key#1{{\setupmarkupstyle{key}% + \nohyphenation + \ifmonospace\else\tt\fi + #1}\null} + +% @clicksequence{File @click{} Open ...} +\def\clicksequence#1{\begingroup #1\endgroup} + +% @clickstyle @arrow (by default) +\parseargdef\clickstyle{\def\click{#1}} +\def\click{\arrow} + +% Typeset a dimension, e.g., `in' or `pt'. The only reason for the +% argument is to make the input look right: @dmn{pt} instead of @dmn{}pt. +% +\def\dmn#1{\thinspace #1} + +% @acronym for "FBI", "NATO", and the like. +% We print this one point size smaller, since it's intended for +% all-uppercase. +% +\def\acronym#1{\doacronym #1,,\finish} +\def\doacronym#1,#2,#3\finish{% + {\switchtolsize #1}% + \def\temp{#2}% + \ifx\temp\empty \else + \space ({\unsepspaces \ignorespaces \temp \unskip})% + \fi + \null % reset \spacefactor=1000 +} + +% @abbr for "Comput. J." and the like. +% No font change, but don't do end-of-sentence spacing. +% +\def\abbr#1{\doabbr #1,,\finish} +\def\doabbr#1,#2,#3\finish{% + {\plainfrenchspacing #1}% + \def\temp{#2}% + \ifx\temp\empty \else + \space ({\unsepspaces \ignorespaces \temp \unskip})% + \fi + \null % reset \spacefactor=1000 +} + +% @asis just yields its argument. Used with @table, for example. +% +\def\asis#1{#1} + +% @math outputs its argument in math mode. +% +% One complication: _ usually means subscripts, but it could also mean +% an actual _ character, as in @math{@var{some_variable} + 1}. So make +% _ active, and distinguish by seeing if the current family is \slfam, +% which is what @var uses. +{ + \catcode`\_ = \active + \gdef\mathunderscore{% + \catcode`\_=\active + \def_{\ifnum\fam=\slfam \_\else\sb\fi}% + } +} +% Another complication: we want \\ (and @\) to output a math (or tt) \. +% FYI, plain.tex uses \\ as a temporary control sequence (for no +% particular reason), but this is not advertised and we don't care. +% +% The \mathchar is class=0=ordinary, family=7=ttfam, position=5C=\. +\def\mathbackslash{\ifnum\fam=\ttfam \mathchar"075C \else\backslash \fi} +% +\def\math{% + \ifmmode\else % only go into math if not in math mode already + \tex + \mathunderscore + \let\\ = \mathbackslash + \mathactive + % make the texinfo accent commands work in math mode + \let\"=\ddot + \let\'=\acute + \let\==\bar + \let\^=\hat + \let\`=\grave + \let\u=\breve + \let\v=\check + \let\~=\tilde + \let\dotaccent=\dot + % have to provide another name for sup operator + \let\mathopsup=\sup + $\expandafter\finishmath\fi +} +\def\finishmath#1{#1$\endgroup} % Close the group opened by \tex. + +% Some active characters (such as <) are spaced differently in math. +% We have to reset their definitions in case the @math was an argument +% to a command which sets the catcodes (such as @item or @section). +% +{ + \catcode`^ = \active + \catcode`< = \active + \catcode`> = \active + \catcode`+ = \active + \catcode`' = \active + \gdef\mathactive{% + \let^ = \ptexhat + \let< = \ptexless + \let> = \ptexgtr + \let+ = \ptexplus + \let' = \ptexquoteright + } +} + +% for @sub and @sup, if in math mode, just do a normal sub/superscript. +% If in text, use math to place as sub/superscript, but switch +% into text mode, with smaller fonts. This is a different font than the +% one used for real math sub/superscripts (8pt vs. 7pt), but let's not +% fix it (significant additions to font machinery) until someone notices. +% +\def\sub{\ifmmode \expandafter\sb \else \expandafter\finishsub\fi} +\def\finishsub#1{$\sb{\hbox{\switchtolllsize #1}}$}% +% +\def\sup{\ifmmode \expandafter\ptexsp \else \expandafter\finishsup\fi} +\def\finishsup#1{$\ptexsp{\hbox{\switchtolllsize #1}}$}% + +% @inlinefmt{FMTNAME,PROCESSED-TEXT} and @inlineraw{FMTNAME,RAW-TEXT}. +% Ignore unless FMTNAME == tex; then it is like @iftex and @tex, +% except specified as a normal braced arg, so no newlines to worry about. +% +\def\outfmtnametex{tex} +% +\long\def\inlinefmt#1{\doinlinefmt #1,\finish} +\long\def\doinlinefmt#1,#2,\finish{% + \def\inlinefmtname{#1}% + \ifx\inlinefmtname\outfmtnametex \ignorespaces #2\fi +} +% +% @inlinefmtifelse{FMTNAME,THEN-TEXT,ELSE-TEXT} expands THEN-TEXT if +% FMTNAME is tex, else ELSE-TEXT. +\long\def\inlinefmtifelse#1{\doinlinefmtifelse #1,,,\finish} +\long\def\doinlinefmtifelse#1,#2,#3,#4,\finish{% + \def\inlinefmtname{#1}% + \ifx\inlinefmtname\outfmtnametex \ignorespaces #2\else \ignorespaces #3\fi +} +% +% For raw, must switch into @tex before parsing the argument, to avoid +% setting catcodes prematurely. Doing it this way means that, for +% example, @inlineraw{html, foo{bar} gets a parse error instead of being +% ignored. But this isn't important because if people want a literal +% *right* brace they would have to use a command anyway, so they may as +% well use a command to get a left brace too. We could re-use the +% delimiter character idea from \verb, but it seems like overkill. +% +\long\def\inlineraw{\tex \doinlineraw} +\long\def\doinlineraw#1{\doinlinerawtwo #1,\finish} +\def\doinlinerawtwo#1,#2,\finish{% + \def\inlinerawname{#1}% + \ifx\inlinerawname\outfmtnametex \ignorespaces #2\fi + \endgroup % close group opened by \tex. +} + +% @inlineifset{VAR, TEXT} expands TEXT if VAR is @set. +% +\long\def\inlineifset#1{\doinlineifset #1,\finish} +\long\def\doinlineifset#1,#2,\finish{% + \def\inlinevarname{#1}% + \expandafter\ifx\csname SET\inlinevarname\endcsname\relax + \else\ignorespaces#2\fi +} + +% @inlineifclear{VAR, TEXT} expands TEXT if VAR is not @set. +% +\long\def\inlineifclear#1{\doinlineifclear #1,\finish} +\long\def\doinlineifclear#1,#2,\finish{% + \def\inlinevarname{#1}% + \expandafter\ifx\csname SET\inlinevarname\endcsname\relax \ignorespaces#2\fi +} + + +\message{glyphs,} +% and logos. + +% @@ prints an @, as does @atchar{}. +\def\@{\char64 } +\let\atchar=\@ + +% @{ @} @lbracechar{} @rbracechar{} all generate brace characters. +\def\lbracechar{{\ifmonospace\char123\else\ensuremath\lbrace\fi}} +\def\rbracechar{{\ifmonospace\char125\else\ensuremath\rbrace\fi}} +\let\{=\lbracechar +\let\}=\rbracechar + +% @comma{} to avoid , parsing problems. +\let\comma = , + +% Accents: @, @dotaccent @ringaccent @ubaraccent @udotaccent +% Others are defined by plain TeX: @` @' @" @^ @~ @= @u @v @H. +\let\, = \ptexc +\let\dotaccent = \ptexdot +\def\ringaccent#1{{\accent23 #1}} +\let\tieaccent = \ptext +\let\ubaraccent = \ptexb +\let\udotaccent = \d + +% Other special characters: @questiondown @exclamdown @ordf @ordm +% Plain TeX defines: @AA @AE @O @OE @L (plus lowercase versions) @ss. +\def\questiondown{?`} +\def\exclamdown{!`} +\def\ordf{\leavevmode\raise1ex\hbox{\switchtolllsize \underbar{a}}} +\def\ordm{\leavevmode\raise1ex\hbox{\switchtolllsize \underbar{o}}} + +% Dotless i and dotless j, used for accents. +\def\imacro{i} +\def\jmacro{j} +\def\dotless#1{% + \def\temp{#1}% + \ifx\temp\imacro \ifmmode\imath \else\ptexi \fi + \else\ifx\temp\jmacro \ifmmode\jmath \else\j \fi + \else \errmessage{@dotless can be used only with i or j}% + \fi\fi +} + +% The \TeX{} logo, as in plain, but resetting the spacing so that a +% period following counts as ending a sentence. (Idea found in latex.) +% +\edef\TeX{\TeX \spacefactor=1000 } + +% @LaTeX{} logo. Not quite the same results as the definition in +% latex.ltx, since we use a different font for the raised A; it's most +% convenient for us to use an explicitly smaller font, rather than using +% the \scriptstyle font (since we don't reset \scriptstyle and +% \scriptscriptstyle). +% +\def\LaTeX{% + L\kern-.36em + {\setbox0=\hbox{T}% + \vbox to \ht0{\hbox{% + \ifx\textnominalsize\xwordpt + % for 10pt running text, lllsize (8pt) is too small for the A in LaTeX. + % Revert to plain's \scriptsize, which is 7pt. + \count255=\the\fam $\fam\count255 \scriptstyle A$% + \else + % For 11pt, we can use our lllsize. + \switchtolllsize A% + \fi + }% + \vss + }}% + \kern-.15em + \TeX +} + +% Some math mode symbols. Define \ensuremath to switch into math mode +% unless we are already there. Expansion tricks may not be needed here, +% but safer, and can't hurt. +\def\ensuremath{\ifmmode \expandafter\asis \else\expandafter\ensuredmath \fi} +\def\ensuredmath#1{$\relax#1$} +% +\def\bullet{\ensuremath\ptexbullet} +\def\geq{\ensuremath\ge} +\def\leq{\ensuremath\le} +\def\minus{\ensuremath-} + +% @dots{} outputs an ellipsis using the current font. +% We do .5em per period so that it has the same spacing in the cm +% typewriter fonts as three actual period characters; on the other hand, +% in other typewriter fonts three periods are wider than 1.5em. So do +% whichever is larger. +% +\def\dots{% + \leavevmode + \setbox0=\hbox{...}% get width of three periods + \ifdim\wd0 > 1.5em + \dimen0 = \wd0 + \else + \dimen0 = 1.5em + \fi + \hbox to \dimen0{% + \hskip 0pt plus.25fil + .\hskip 0pt plus1fil + .\hskip 0pt plus1fil + .\hskip 0pt plus.5fil + }% +} + +% @enddots{} is an end-of-sentence ellipsis. +% +\def\enddots{% + \dots + \spacefactor=\endofsentencespacefactor +} + +% @point{}, @result{}, @expansion{}, @print{}, @equiv{}. +% +% Since these characters are used in examples, they should be an even number of +% \tt widths. Each \tt character is 1en, so two makes it 1em. +% +\def\point{$\star$} +\def\arrow{\leavevmode\raise.05ex\hbox to 1em{\hfil$\rightarrow$\hfil}} +\def\result{\leavevmode\raise.05ex\hbox to 1em{\hfil$\Rightarrow$\hfil}} +\def\expansion{\leavevmode\hbox to 1em{\hfil$\mapsto$\hfil}} +\def\print{\leavevmode\lower.1ex\hbox to 1em{\hfil$\dashv$\hfil}} +\def\equiv{\leavevmode\hbox to 1em{\hfil$\ptexequiv$\hfil}} + +% The @error{} command. +% Adapted from the TeXbook's \boxit. +% +\newbox\errorbox +% +{\ttfont \global\dimen0 = 3em}% Width of the box. +\dimen2 = .55pt % Thickness of rules +% The text. (`r' is open on the right, `e' somewhat less so on the left.) +\setbox0 = \hbox{\kern-.75pt \reducedsf \putworderror\kern-1.5pt} +% +\setbox\errorbox=\hbox to \dimen0{\hfil + \hsize = \dimen0 \advance\hsize by -5.8pt % Space to left+right. + \advance\hsize by -2\dimen2 % Rules. + \vbox{% + \hrule height\dimen2 + \hbox{\vrule width\dimen2 \kern3pt % Space to left of text. + \vtop{\kern2.4pt \box0 \kern2.4pt}% Space above/below. + \kern3pt\vrule width\dimen2}% Space to right. + \hrule height\dimen2} + \hfil} +% +\def\error{\leavevmode\lower.7ex\copy\errorbox} + +% @pounds{} is a sterling sign, which Knuth put in the CM italic font. +% +\def\pounds{{\it\$}} + +% @euro{} comes from a separate font, depending on the current style. +% We use the free feym* fonts from the eurosym package by Henrik +% Theiling, which support regular, slanted, bold and bold slanted (and +% "outlined" (blackboard board, sort of) versions, which we don't need). +% It is available from http://www.ctan.org/tex-archive/fonts/eurosym. +% +% Although only regular is the truly official Euro symbol, we ignore +% that. The Euro is designed to be slightly taller than the regular +% font height. +% +% feymr - regular +% feymo - slanted +% feybr - bold +% feybo - bold slanted +% +% There is no good (free) typewriter version, to my knowledge. +% A feymr10 euro is ~7.3pt wide, while a normal cmtt10 char is ~5.25pt wide. +% Hmm. +% +% Also doesn't work in math. Do we need to do math with euro symbols? +% Hope not. +% +% +\def\euro{{\eurofont e}} +\def\eurofont{% + % We set the font at each command, rather than predefining it in + % \textfonts and the other font-switching commands, so that + % installations which never need the symbol don't have to have the + % font installed. + % + % There is only one designed size (nominal 10pt), so we always scale + % that to the current nominal size. + % + % By the way, simply using "at 1em" works for cmr10 and the like, but + % does not work for cmbx10 and other extended/shrunken fonts. + % + \def\eurosize{\csname\curfontsize nominalsize\endcsname}% + % + \ifx\curfontstyle\bfstylename + % bold: + \font\thiseurofont = \ifusingit{feybo10}{feybr10} at \eurosize + \else + % regular: + \font\thiseurofont = \ifusingit{feymo10}{feymr10} at \eurosize + \fi + \thiseurofont +} + +% Glyphs from the EC fonts. We don't use \let for the aliases, because +% sometimes we redefine the original macro, and the alias should reflect +% the redefinition. +% +% Use LaTeX names for the Icelandic letters. +\def\DH{{\ecfont \char"D0}} % Eth +\def\dh{{\ecfont \char"F0}} % eth +\def\TH{{\ecfont \char"DE}} % Thorn +\def\th{{\ecfont \char"FE}} % thorn +% +\def\guillemetleft{{\ecfont \char"13}} +\def\guillemotleft{\guillemetleft} +\def\guillemetright{{\ecfont \char"14}} +\def\guillemotright{\guillemetright} +\def\guilsinglleft{{\ecfont \char"0E}} +\def\guilsinglright{{\ecfont \char"0F}} +\def\quotedblbase{{\ecfont \char"12}} +\def\quotesinglbase{{\ecfont \char"0D}} +% +% This positioning is not perfect (see the ogonek LaTeX package), but +% we have the precomposed glyphs for the most common cases. We put the +% tests to use those glyphs in the single \ogonek macro so we have fewer +% dummy definitions to worry about for index entries, etc. +% +% ogonek is also used with other letters in Lithuanian (IOU), but using +% the precomposed glyphs for those is not so easy since they aren't in +% the same EC font. +\def\ogonek#1{{% + \def\temp{#1}% + \ifx\temp\macrocharA\Aogonek + \else\ifx\temp\macrochara\aogonek + \else\ifx\temp\macrocharE\Eogonek + \else\ifx\temp\macrochare\eogonek + \else + \ecfont \setbox0=\hbox{#1}% + \ifdim\ht0=1ex\accent"0C #1% + \else\ooalign{\unhbox0\crcr\hidewidth\char"0C \hidewidth}% + \fi + \fi\fi\fi\fi + }% +} +\def\Aogonek{{\ecfont \char"81}}\def\macrocharA{A} +\def\aogonek{{\ecfont \char"A1}}\def\macrochara{a} +\def\Eogonek{{\ecfont \char"86}}\def\macrocharE{E} +\def\eogonek{{\ecfont \char"A6}}\def\macrochare{e} +% +% Use the European Computer Modern fonts (cm-super in outline format) +% for non-CM glyphs. That is ec* for regular text and tc* for the text +% companion symbols (LaTeX TS1 encoding). Both are part of the ec +% package and follow the same conventions. +% +\def\ecfont{\etcfont{e}} +\def\tcfont{\etcfont{t}} +% +\def\etcfont#1{% + % We can't distinguish serif/sans and italic/slanted, but this + % is used for crude hacks anyway (like adding French and German + % quotes to documents typeset with CM, where we lose kerning), so + % hopefully nobody will notice/care. + \edef\ecsize{\csname\curfontsize ecsize\endcsname}% + \edef\nominalsize{\csname\curfontsize nominalsize\endcsname}% + \ifmonospace + % typewriter: + \font\thisecfont = #1ctt\ecsize \space at \nominalsize + \else + \ifx\curfontstyle\bfstylename + % bold: + \font\thisecfont = #1cb\ifusingit{i}{x}\ecsize \space at \nominalsize + \else + % regular: + \font\thisecfont = #1c\ifusingit{ti}{rm}\ecsize \space at \nominalsize + \fi + \fi + \thisecfont +} + +% @registeredsymbol - R in a circle. The font for the R should really +% be smaller yet, but lllsize is the best we can do for now. +% Adapted from the plain.tex definition of \copyright. +% +\def\registeredsymbol{% + $^{{\ooalign{\hfil\raise.07ex\hbox{\switchtolllsize R}% + \hfil\crcr\Orb}}% + }$% +} + +% @textdegree - the normal degrees sign. +% +\def\textdegree{$^\circ$} + +% Laurent Siebenmann reports \Orb undefined with: +% Textures 1.7.7 (preloaded format=plain 93.10.14) (68K) 16 APR 2004 02:38 +% so we'll define it if necessary. +% +\ifx\Orb\thisisundefined +\def\Orb{\mathhexbox20D} +\fi + +% Quotes. +\chardef\quotedblleft="5C +\chardef\quotedblright=`\" +\chardef\quoteleft=`\` +\chardef\quoteright=`\' + + +\message{page headings,} + +\newskip\titlepagetopglue \titlepagetopglue = 1.5in +\newskip\titlepagebottomglue \titlepagebottomglue = 2pc + +% First the title page. Must do @settitle before @titlepage. +\newif\ifseenauthor +\newif\iffinishedtitlepage + +% @setcontentsaftertitlepage used to do an implicit @contents or +% @shortcontents after @end titlepage, but it is now obsolete. +\def\setcontentsaftertitlepage{% + \errmessage{@setcontentsaftertitlepage has been removed as a Texinfo + command; move your @contents command if you want the contents + after the title page.}}% +\def\setshortcontentsaftertitlepage{% + \errmessage{@setshortcontentsaftertitlepage has been removed as a Texinfo + command; move your @shortcontents and @contents commands if you + want the contents after the title page.}}% + +\parseargdef\shorttitlepage{% + \begingroup \hbox{}\vskip 1.5in \chaprm \centerline{#1}% + \endgroup\page\hbox{}\page} + +\envdef\titlepage{% + % Open one extra group, as we want to close it in the middle of \Etitlepage. + \begingroup + \parindent=0pt \textfonts + % Leave some space at the very top of the page. + \vglue\titlepagetopglue + % No rule at page bottom unless we print one at the top with @title. + \finishedtitlepagetrue + % + % Most title ``pages'' are actually two pages long, with space + % at the top of the second. We don't want the ragged left on the second. + \let\oldpage = \page + \def\page{% + \iffinishedtitlepage\else + \finishtitlepage + \fi + \let\page = \oldpage + \page + \null + }% +} + +\def\Etitlepage{% + \iffinishedtitlepage\else + \finishtitlepage + \fi + % It is important to do the page break before ending the group, + % because the headline and footline are only empty inside the group. + % If we use the new definition of \page, we always get a blank page + % after the title page, which we certainly don't want. + \oldpage + \endgroup + % + % Need this before the \...aftertitlepage checks so that if they are + % in effect the toc pages will come out with page numbers. + \HEADINGSon +} + +\def\finishtitlepage{% + \vskip4pt \hrule height 2pt width \hsize + \vskip\titlepagebottomglue + \finishedtitlepagetrue +} + +% Settings used for typesetting titles: no hyphenation, no indentation, +% don't worry much about spacing, ragged right. This should be used +% inside a \vbox, and fonts need to be set appropriately first. \par should +% be specified before the end of the \vbox, since a vbox is a group. +% +\def\raggedtitlesettings{% + \rm + \hyphenpenalty=10000 + \parindent=0pt + \tolerance=5000 + \ptexraggedright +} + +% Macros to be used within @titlepage: + +\let\subtitlerm=\rmfont +\def\subtitlefont{\subtitlerm \normalbaselineskip = 13pt \normalbaselines} + +\parseargdef\title{% + \checkenv\titlepage + \vbox{\titlefonts \raggedtitlesettings #1\par}% + % print a rule at the page bottom also. + \finishedtitlepagefalse + \vskip4pt \hrule height 4pt width \hsize \vskip4pt +} + +\parseargdef\subtitle{% + \checkenv\titlepage + {\subtitlefont \rightline{#1}}% +} + +% @author should come last, but may come many times. +% It can also be used inside @quotation. +% +\parseargdef\author{% + \def\temp{\quotation}% + \ifx\thisenv\temp + \def\quotationauthor{#1}% printed in \Equotation. + \else + \checkenv\titlepage + \ifseenauthor\else \vskip 0pt plus 1filll \seenauthortrue \fi + {\secfonts\rm \leftline{#1}}% + \fi +} + + +% Set up page headings and footings. + +\let\thispage=\folio + +\newtoks\evenheadline % headline on even pages +\newtoks\oddheadline % headline on odd pages +\newtoks\evenfootline % footline on even pages +\newtoks\oddfootline % footline on odd pages + +% Now make \makeheadline and \makefootline in Plain TeX use those variables +\headline={{\textfonts\rm \ifodd\pageno \the\oddheadline + \else \the\evenheadline \fi}} +\footline={{\textfonts\rm \ifodd\pageno \the\oddfootline + \else \the\evenfootline \fi}\HEADINGShook} +\let\HEADINGShook=\relax + +% Commands to set those variables. +% For example, this is what @headings on does +% @evenheading @thistitle|@thispage|@thischapter +% @oddheading @thischapter|@thispage|@thistitle +% @evenfooting @thisfile|| +% @oddfooting ||@thisfile + + +\def\evenheading{\parsearg\evenheadingxxx} +\def\evenheadingxxx #1{\evenheadingyyy #1\|\|\|\|\finish} +\def\evenheadingyyy #1\|#2\|#3\|#4\finish{% +\global\evenheadline={\rlap{\centerline{#2}}\line{#1\hfil#3}}} + +\def\oddheading{\parsearg\oddheadingxxx} +\def\oddheadingxxx #1{\oddheadingyyy #1\|\|\|\|\finish} +\def\oddheadingyyy #1\|#2\|#3\|#4\finish{% +\global\oddheadline={\rlap{\centerline{#2}}\line{#1\hfil#3}}} + +\parseargdef\everyheading{\oddheadingxxx{#1}\evenheadingxxx{#1}}% + +\def\evenfooting{\parsearg\evenfootingxxx} +\def\evenfootingxxx #1{\evenfootingyyy #1\|\|\|\|\finish} +\def\evenfootingyyy #1\|#2\|#3\|#4\finish{% +\global\evenfootline={\rlap{\centerline{#2}}\line{#1\hfil#3}}} + +\def\oddfooting{\parsearg\oddfootingxxx} +\def\oddfootingxxx #1{\oddfootingyyy #1\|\|\|\|\finish} +\def\oddfootingyyy #1\|#2\|#3\|#4\finish{% + \global\oddfootline = {\rlap{\centerline{#2}}\line{#1\hfil#3}}% + % + % Leave some space for the footline. Hopefully ok to assume + % @evenfooting will not be used by itself. + \global\advance\txipageheight by -12pt + \global\advance\vsize by -12pt +} + +\parseargdef\everyfooting{\oddfootingxxx{#1}\evenfootingxxx{#1}} + +% @evenheadingmarks top \thischapter <- chapter at the top of a page +% @evenheadingmarks bottom \thischapter <- chapter at the bottom of a page +% +% The same set of arguments for: +% +% @oddheadingmarks +% @evenfootingmarks +% @oddfootingmarks +% @everyheadingmarks +% @everyfootingmarks + +% These define \getoddheadingmarks, \getevenheadingmarks, +% \getoddfootingmarks, and \getevenfootingmarks, each to one of +% \gettopheadingmarks, \getbottomheadingmarks. +% +\def\evenheadingmarks{\headingmarks{even}{heading}} +\def\oddheadingmarks{\headingmarks{odd}{heading}} +\def\evenfootingmarks{\headingmarks{even}{footing}} +\def\oddfootingmarks{\headingmarks{odd}{footing}} +\parseargdef\everyheadingmarks{\headingmarks{even}{heading}{#1} + \headingmarks{odd}{heading}{#1} } +\parseargdef\everyfootingmarks{\headingmarks{even}{footing}{#1} + \headingmarks{odd}{footing}{#1} } +% #1 = even/odd, #2 = heading/footing, #3 = top/bottom. +\def\headingmarks#1#2#3 {% + \expandafter\let\expandafter\temp \csname get#3headingmarks\endcsname + \global\expandafter\let\csname get#1#2marks\endcsname \temp +} + +\everyheadingmarks bottom +\everyfootingmarks bottom + +% @headings double turns headings on for double-sided printing. +% @headings single turns headings on for single-sided printing. +% @headings off turns them off. +% @headings on same as @headings double, retained for compatibility. +% @headings after turns on double-sided headings after this page. +% @headings doubleafter turns on double-sided headings after this page. +% @headings singleafter turns on single-sided headings after this page. +% By default, they are off at the start of a document, +% and turned `on' after @end titlepage. + +\parseargdef\headings{\csname HEADINGS#1\endcsname} + +\def\headingsoff{% non-global headings elimination + \evenheadline={\hfil}\evenfootline={\hfil}% + \oddheadline={\hfil}\oddfootline={\hfil}% +} + +\def\HEADINGSoff{{\globaldefs=1 \headingsoff}} % global setting +\HEADINGSoff % it's the default + +% When we turn headings on, set the page number to 1. +% For double-sided printing, put current file name in lower left corner, +% chapter name on inside top of right hand pages, document +% title on inside top of left hand pages, and page numbers on outside top +% edge of all pages. +\def\HEADINGSdouble{% +\global\pageno=1 +\global\evenfootline={\hfil} +\global\oddfootline={\hfil} +\global\evenheadline={\line{\folio\hfil\thistitle}} +\global\oddheadline={\line{\thischapterheading\hfil\folio}} +\global\let\contentsalignmacro = \chapoddpage +} +\let\contentsalignmacro = \chappager + +% For single-sided printing, chapter title goes across top left of page, +% page number on top right. +\def\HEADINGSsingle{% +\global\pageno=1 +\global\evenfootline={\hfil} +\global\oddfootline={\hfil} +\global\evenheadline={\line{\thischapterheading\hfil\folio}} +\global\oddheadline={\line{\thischapterheading\hfil\folio}} +\global\let\contentsalignmacro = \chappager +} +\def\HEADINGSon{\HEADINGSdouble} + +\def\HEADINGSafter{\let\HEADINGShook=\HEADINGSdoublex} +\let\HEADINGSdoubleafter=\HEADINGSafter +\def\HEADINGSdoublex{% +\global\evenfootline={\hfil} +\global\oddfootline={\hfil} +\global\evenheadline={\line{\folio\hfil\thistitle}} +\global\oddheadline={\line{\thischapterheading\hfil\folio}} +\global\let\contentsalignmacro = \chapoddpage +} + +\def\HEADINGSsingleafter{\let\HEADINGShook=\HEADINGSsinglex} +\def\HEADINGSsinglex{% +\global\evenfootline={\hfil} +\global\oddfootline={\hfil} +\global\evenheadline={\line{\thischapterheading\hfil\folio}} +\global\oddheadline={\line{\thischapterheading\hfil\folio}} +\global\let\contentsalignmacro = \chappager +} + +% Subroutines used in generating headings +% This produces Day Month Year style of output. +% Only define if not already defined, in case a txi-??.tex file has set +% up a different format (e.g., txi-cs.tex does this). +\ifx\today\thisisundefined +\def\today{% + \number\day\space + \ifcase\month + \or\putwordMJan\or\putwordMFeb\or\putwordMMar\or\putwordMApr + \or\putwordMMay\or\putwordMJun\or\putwordMJul\or\putwordMAug + \or\putwordMSep\or\putwordMOct\or\putwordMNov\or\putwordMDec + \fi + \space\number\year} +\fi + +% @settitle line... specifies the title of the document, for headings. +% It generates no output of its own. +\def\thistitle{\putwordNoTitle} +\def\settitle{\parsearg{\gdef\thistitle}} + + +\message{tables,} +% Tables -- @table, @ftable, @vtable, @item(x). + +% default indentation of table text +\newdimen\tableindent \tableindent=.8in +% default indentation of @itemize and @enumerate text +\newdimen\itemindent \itemindent=.3in +% margin between end of table item and start of table text. +\newdimen\itemmargin \itemmargin=.1in + +% used internally for \itemindent minus \itemmargin +\newdimen\itemmax + +% Note @table, @ftable, and @vtable define @item, @itemx, etc., with +% these defs. +% They also define \itemindex +% to index the item name in whatever manner is desired (perhaps none). + +\newif\ifitemxneedsnegativevskip + +\def\itemxpar{\par\ifitemxneedsnegativevskip\nobreak\vskip-\parskip\nobreak\fi} + +\def\internalBitem{\smallbreak \parsearg\itemzzz} +\def\internalBitemx{\itemxpar \parsearg\itemzzz} + +\def\itemzzz #1{\begingroup % + \advance\hsize by -\rightskip + \advance\hsize by -\tableindent + \setbox0=\hbox{\itemindicate{#1}}% + \itemindex{#1}% + \nobreak % This prevents a break before @itemx. + % + % If the item text does not fit in the space we have, put it on a line + % by itself, and do not allow a page break either before or after that + % line. We do not start a paragraph here because then if the next + % command is, e.g., @kindex, the whatsit would get put into the + % horizontal list on a line by itself, resulting in extra blank space. + \ifdim \wd0>\itemmax + % + % Make this a paragraph so we get the \parskip glue and wrapping, + % but leave it ragged-right. + \begingroup + \advance\leftskip by-\tableindent + \advance\hsize by\tableindent + \advance\rightskip by0pt plus1fil\relax + \leavevmode\unhbox0\par + \endgroup + % + % We're going to be starting a paragraph, but we don't want the + % \parskip glue -- logically it's part of the @item we just started. + \nobreak \vskip-\parskip + % + % Stop a page break at the \parskip glue coming up. However, if + % what follows is an environment such as @example, there will be no + % \parskip glue; then the negative vskip we just inserted would + % cause the example and the item to crash together. So we use this + % bizarre value of 10001 as a signal to \aboveenvbreak to insert + % \parskip glue after all. Section titles are handled this way also. + % + \penalty 10001 + \endgroup + \itemxneedsnegativevskipfalse + \else + % The item text fits into the space. Start a paragraph, so that the + % following text (if any) will end up on the same line. + \noindent + % Do this with kerns and \unhbox so that if there is a footnote in + % the item text, it can migrate to the main vertical list and + % eventually be printed. + \nobreak\kern-\tableindent + \dimen0 = \itemmax \advance\dimen0 by \itemmargin \advance\dimen0 by -\wd0 + \unhbox0 + \nobreak\kern\dimen0 + \endgroup + \itemxneedsnegativevskiptrue + \fi +} + +\def\item{\errmessage{@item while not in a list environment}} +\def\itemx{\errmessage{@itemx while not in a list environment}} + +% @table, @ftable, @vtable. +\envdef\table{% + \let\itemindex\gobble + \tablecheck{table}% +} +\envdef\ftable{% + \def\itemindex ##1{\doind {fn}{\code{##1}}}% + \tablecheck{ftable}% +} +\envdef\vtable{% + \def\itemindex ##1{\doind {vr}{\code{##1}}}% + \tablecheck{vtable}% +} +\def\tablecheck#1{% + \ifnum \the\catcode`\^^M=\active + \endgroup + \errmessage{This command won't work in this context; perhaps the problem is + that we are \inenvironment\thisenv}% + \def\next{\doignore{#1}}% + \else + \let\next\tablex + \fi + \next +} +\def\tablex#1{% + \def\itemindicate{#1}% + \parsearg\tabley +} +\def\tabley#1{% + {% + \makevalueexpandable + \edef\temp{\noexpand\tablez #1\space\space\space}% + \expandafter + }\temp \endtablez +} +\def\tablez #1 #2 #3 #4\endtablez{% + \aboveenvbreak + \ifnum 0#1>0 \advance \leftskip by #1\mil \fi + \ifnum 0#2>0 \tableindent=#2\mil \fi + \ifnum 0#3>0 \advance \rightskip by #3\mil \fi + \itemmax=\tableindent + \advance \itemmax by -\itemmargin + \advance \leftskip by \tableindent + \exdentamount=\tableindent + \parindent = 0pt + \parskip = \smallskipamount + \ifdim \parskip=0pt \parskip=2pt \fi + \let\item = \internalBitem + \let\itemx = \internalBitemx +} +\def\Etable{\endgraf\afterenvbreak} +\let\Eftable\Etable +\let\Evtable\Etable +\let\Eitemize\Etable +\let\Eenumerate\Etable + +% This is the counter used by @enumerate, which is really @itemize + +\newcount \itemno + +\envdef\itemize{\parsearg\doitemize} + +\def\doitemize#1{% + \aboveenvbreak + \itemmax=\itemindent + \advance\itemmax by -\itemmargin + \advance\leftskip by \itemindent + \exdentamount=\itemindent + \parindent=0pt + \parskip=\smallskipamount + \ifdim\parskip=0pt \parskip=2pt \fi + % + % Try typesetting the item mark so that if the document erroneously says + % something like @itemize @samp (intending @table), there's an error + % right away at the @itemize. It's not the best error message in the + % world, but it's better than leaving it to the @item. This means if + % the user wants an empty mark, they have to say @w{} not just @w. + \def\itemcontents{#1}% + \setbox0 = \hbox{\itemcontents}% + % + % @itemize with no arg is equivalent to @itemize @bullet. + \ifx\itemcontents\empty\def\itemcontents{\bullet}\fi + % + \let\item=\itemizeitem +} + +% Definition of @item while inside @itemize and @enumerate. +% +\def\itemizeitem{% + \advance\itemno by 1 % for enumerations + {\let\par=\endgraf \smallbreak}% reasonable place to break + {% + % If the document has an @itemize directly after a section title, a + % \nobreak will be last on the list, and \sectionheading will have + % done a \vskip-\parskip. In that case, we don't want to zero + % parskip, or the item text will crash with the heading. On the + % other hand, when there is normal text preceding the item (as there + % usually is), we do want to zero parskip, or there would be too much + % space. In that case, we won't have a \nobreak before. At least + % that's the theory. + \ifnum\lastpenalty<10000 \parskip=0in \fi + \noindent + \hbox to 0pt{\hss \itemcontents \kern\itemmargin}% + % + \ifinner\else + \vadjust{\penalty 1200}% not good to break after first line of item. + \fi + % We can be in inner vertical mode in a footnote, although an + % @itemize looks awful there. + }% + \flushcr +} + +% \splitoff TOKENS\endmark defines \first to be the first token in +% TOKENS, and \rest to be the remainder. +% +\def\splitoff#1#2\endmark{\def\first{#1}\def\rest{#2}}% + +% Allow an optional argument of an uppercase letter, lowercase letter, +% or number, to specify the first label in the enumerated list. No +% argument is the same as `1'. +% +\envparseargdef\enumerate{\enumeratey #1 \endenumeratey} +\def\enumeratey #1 #2\endenumeratey{% + % If we were given no argument, pretend we were given `1'. + \def\thearg{#1}% + \ifx\thearg\empty \def\thearg{1}\fi + % + % Detect if the argument is a single token. If so, it might be a + % letter. Otherwise, the only valid thing it can be is a number. + % (We will always have one token, because of the test we just made. + % This is a good thing, since \splitoff doesn't work given nothing at + % all -- the first parameter is undelimited.) + \expandafter\splitoff\thearg\endmark + \ifx\rest\empty + % Only one token in the argument. It could still be anything. + % A ``lowercase letter'' is one whose \lccode is nonzero. + % An ``uppercase letter'' is one whose \lccode is both nonzero, and + % not equal to itself. + % Otherwise, we assume it's a number. + % + % We need the \relax at the end of the \ifnum lines to stop TeX from + % continuing to look for a . + % + \ifnum\lccode\expandafter`\thearg=0\relax + \numericenumerate % a number (we hope) + \else + % It's a letter. + \ifnum\lccode\expandafter`\thearg=\expandafter`\thearg\relax + \lowercaseenumerate % lowercase letter + \else + \uppercaseenumerate % uppercase letter + \fi + \fi + \else + % Multiple tokens in the argument. We hope it's a number. + \numericenumerate + \fi +} + +% An @enumerate whose labels are integers. The starting integer is +% given in \thearg. +% +\def\numericenumerate{% + \itemno = \thearg + \startenumeration{\the\itemno}% +} + +% The starting (lowercase) letter is in \thearg. +\def\lowercaseenumerate{% + \itemno = \expandafter`\thearg + \startenumeration{% + % Be sure we're not beyond the end of the alphabet. + \ifnum\itemno=0 + \errmessage{No more lowercase letters in @enumerate; get a bigger + alphabet}% + \fi + \char\lccode\itemno + }% +} + +% The starting (uppercase) letter is in \thearg. +\def\uppercaseenumerate{% + \itemno = \expandafter`\thearg + \startenumeration{% + % Be sure we're not beyond the end of the alphabet. + \ifnum\itemno=0 + \errmessage{No more uppercase letters in @enumerate; get a bigger + alphabet} + \fi + \char\uccode\itemno + }% +} + +% Call \doitemize, adding a period to the first argument and supplying the +% common last two arguments. Also subtract one from the initial value in +% \itemno, since @item increments \itemno. +% +\def\startenumeration#1{% + \advance\itemno by -1 + \doitemize{#1.}\flushcr +} + +% @alphaenumerate and @capsenumerate are abbreviations for giving an arg +% to @enumerate. +% +\def\alphaenumerate{\enumerate{a}} +\def\capsenumerate{\enumerate{A}} +\def\Ealphaenumerate{\Eenumerate} +\def\Ecapsenumerate{\Eenumerate} + + +% @multitable macros +% Amy Hendrickson, 8/18/94, 3/6/96 +% +% @multitable ... @end multitable will make as many columns as desired. +% Contents of each column will wrap at width given in preamble. Width +% can be specified either with sample text given in a template line, +% or in percent of \hsize, the current width of text on page. + +% Table can continue over pages but will only break between lines. + +% To make preamble: +% +% Either define widths of columns in terms of percent of \hsize: +% @multitable @columnfractions .25 .3 .45 +% @item ... +% +% Numbers following @columnfractions are the percent of the total +% current hsize to be used for each column. You may use as many +% columns as desired. + + +% Or use a template: +% @multitable {Column 1 template} {Column 2 template} {Column 3 template} +% @item ... +% using the widest term desired in each column. + +% Each new table line starts with @item, each subsequent new column +% starts with @tab. Empty columns may be produced by supplying @tab's +% with nothing between them for as many times as empty columns are needed, +% ie, @tab@tab@tab will produce two empty columns. + +% @item, @tab do not need to be on their own lines, but it will not hurt +% if they are. + +% Sample multitable: + +% @multitable {Column 1 template} {Column 2 template} {Column 3 template} +% @item first col stuff @tab second col stuff @tab third col +% @item +% first col stuff +% @tab +% second col stuff +% @tab +% third col +% @item first col stuff @tab second col stuff +% @tab Many paragraphs of text may be used in any column. +% +% They will wrap at the width determined by the template. +% @item@tab@tab This will be in third column. +% @end multitable + +% Default dimensions may be reset by user. +% @multitableparskip is vertical space between paragraphs in table. +% @multitableparindent is paragraph indent in table. +% @multitablecolmargin is horizontal space to be left between columns. +% @multitablelinespace is space to leave between table items, baseline +% to baseline. +% 0pt means it depends on current normal line spacing. +% +\newskip\multitableparskip +\newskip\multitableparindent +\newdimen\multitablecolspace +\newskip\multitablelinespace +\multitableparskip=0pt +\multitableparindent=6pt +\multitablecolspace=12pt +\multitablelinespace=0pt + +% Macros used to set up halign preamble: +% +\let\endsetuptable\relax +\def\xendsetuptable{\endsetuptable} +\let\columnfractions\relax +\def\xcolumnfractions{\columnfractions} +\newif\ifsetpercent + +% #1 is the @columnfraction, usually a decimal number like .5, but might +% be just 1. We just use it, whatever it is. +% +\def\pickupwholefraction#1 {% + \global\advance\colcount by 1 + \expandafter\xdef\csname col\the\colcount\endcsname{#1\hsize}% + \setuptable +} + +\newcount\colcount +\def\setuptable#1{% + \def\firstarg{#1}% + \ifx\firstarg\xendsetuptable + \let\go = \relax + \else + \ifx\firstarg\xcolumnfractions + \global\setpercenttrue + \else + \ifsetpercent + \let\go\pickupwholefraction + \else + \global\advance\colcount by 1 + \setbox0=\hbox{#1\unskip\space}% Add a normal word space as a + % separator; typically that is always in the input, anyway. + \expandafter\xdef\csname col\the\colcount\endcsname{\the\wd0}% + \fi + \fi + \ifx\go\pickupwholefraction + % Put the argument back for the \pickupwholefraction call, so + % we'll always have a period there to be parsed. + \def\go{\pickupwholefraction#1}% + \else + \let\go = \setuptable + \fi% + \fi + \go +} + +% multitable-only commands. +% +% @headitem starts a heading row, which we typeset in bold. Assignments +% have to be global since we are inside the implicit group of an +% alignment entry. \everycr below resets \everytab so we don't have to +% undo it ourselves. +\def\headitemfont{\b}% for people to use in the template row; not changeable +\def\headitem{% + \checkenv\multitable + \crcr + \gdef\headitemcrhook{\nobreak}% attempt to avoid page break after headings + \global\everytab={\bf}% can't use \headitemfont since the parsing differs + \the\everytab % for the first item +}% +% +% default for tables with no headings. +\let\headitemcrhook=\relax +% +% A \tab used to include \hskip1sp. But then the space in a template +% line is not enough. That is bad. So let's go back to just `&' until +% we again encounter the problem the 1sp was intended to solve. +% --karl, nathan@acm.org, 20apr99. +\def\tab{\checkenv\multitable &\the\everytab}% + +% @multitable ... @end multitable definitions: +% +\newtoks\everytab % insert after every tab. +% +\envdef\multitable{% + \vskip\parskip + \startsavinginserts + % + % @item within a multitable starts a normal row. + % We use \def instead of \let so that if one of the multitable entries + % contains an @itemize, we don't choke on the \item (seen as \crcr aka + % \endtemplate) expanding \doitemize. + \def\item{\crcr}% + % + \tolerance=9500 + \hbadness=9500 + \setmultitablespacing + \parskip=\multitableparskip + \parindent=\multitableparindent + \overfullrule=0pt + \global\colcount=0 + % + \everycr = {% + \noalign{% + \global\everytab={}% Reset from possible headitem. + \global\colcount=0 % Reset the column counter. + % + % Check for saved footnotes, etc.: + \checkinserts + % + % Perhaps a \nobreak, then reset: + \headitemcrhook + \global\let\headitemcrhook=\relax + }% + }% + % + \parsearg\domultitable +} +\def\domultitable#1{% + % To parse everything between @multitable and @item: + \setuptable#1 \endsetuptable + % + % This preamble sets up a generic column definition, which will + % be used as many times as user calls for columns. + % \vtop will set a single line and will also let text wrap and + % continue for many paragraphs if desired. + \halign\bgroup &% + \global\advance\colcount by 1 + \multistrut + \vtop{% + % Use the current \colcount to find the correct column width: + \hsize=\expandafter\csname col\the\colcount\endcsname + % + % In order to keep entries from bumping into each other + % we will add a \leftskip of \multitablecolspace to all columns after + % the first one. + % + % If a template has been used, we will add \multitablecolspace + % to the width of each template entry. + % + % If the user has set preamble in terms of percent of \hsize we will + % use that dimension as the width of the column, and the \leftskip + % will keep entries from bumping into each other. Table will start at + % left margin and final column will justify at right margin. + % + % Make sure we don't inherit \rightskip from the outer environment. + \rightskip=0pt + \ifnum\colcount=1 + % The first column will be indented with the surrounding text. + \advance\hsize by\leftskip + \else + \ifsetpercent \else + % If user has not set preamble in terms of percent of \hsize + % we will advance \hsize by \multitablecolspace. + \advance\hsize by \multitablecolspace + \fi + % In either case we will make \leftskip=\multitablecolspace: + \leftskip=\multitablecolspace + \fi + % Ignoring space at the beginning and end avoids an occasional spurious + % blank line, when TeX decides to break the line at the space before the + % box from the multistrut, so the strut ends up on a line by itself. + % For example: + % @multitable @columnfractions .11 .89 + % @item @code{#} + % @tab Legal holiday which is valid in major parts of the whole country. + % Is automatically provided with highlighting sequences respectively + % marking characters. + \noindent\ignorespaces##\unskip\multistrut + }\cr +} +\def\Emultitable{% + \crcr + \egroup % end the \halign + \global\setpercentfalse +} + +\def\setmultitablespacing{% + \def\multistrut{\strut}% just use the standard line spacing + % + % Compute \multitablelinespace (if not defined by user) for use in + % \multitableparskip calculation. We used define \multistrut based on + % this, but (ironically) that caused the spacing to be off. + % See bug-texinfo report from Werner Lemberg, 31 Oct 2004 12:52:20 +0100. +\ifdim\multitablelinespace=0pt +\setbox0=\vbox{X}\global\multitablelinespace=\the\baselineskip +\global\advance\multitablelinespace by-\ht0 +\fi +% Test to see if parskip is larger than space between lines of +% table. If not, do nothing. +% If so, set to same dimension as multitablelinespace. +\ifdim\multitableparskip>\multitablelinespace +\global\multitableparskip=\multitablelinespace +\global\advance\multitableparskip-7pt % to keep parskip somewhat smaller + % than skip between lines in the table. +\fi% +\ifdim\multitableparskip=0pt +\global\multitableparskip=\multitablelinespace +\global\advance\multitableparskip-7pt % to keep parskip somewhat smaller + % than skip between lines in the table. +\fi} + + +\message{conditionals,} + +% @iftex, @ifnotdocbook, @ifnothtml, @ifnotinfo, @ifnotplaintext, +% @ifnotxml always succeed. They currently do nothing; we don't +% attempt to check whether the conditionals are properly nested. But we +% have to remember that they are conditionals, so that @end doesn't +% attempt to close an environment group. +% +\def\makecond#1{% + \expandafter\let\csname #1\endcsname = \relax + \expandafter\let\csname iscond.#1\endcsname = 1 +} +\makecond{iftex} +\makecond{ifnotdocbook} +\makecond{ifnothtml} +\makecond{ifnotinfo} +\makecond{ifnotplaintext} +\makecond{ifnotxml} + +% Ignore @ignore, @ifhtml, @ifinfo, and the like. +% +\def\direntry{\doignore{direntry}} +\def\documentdescription{\doignore{documentdescription}} +\def\docbook{\doignore{docbook}} +\def\html{\doignore{html}} +\def\ifdocbook{\doignore{ifdocbook}} +\def\ifhtml{\doignore{ifhtml}} +\def\ifinfo{\doignore{ifinfo}} +\def\ifnottex{\doignore{ifnottex}} +\def\ifplaintext{\doignore{ifplaintext}} +\def\ifxml{\doignore{ifxml}} +\def\ignore{\doignore{ignore}} +\def\menu{\doignore{menu}} +\def\xml{\doignore{xml}} + +% Ignore text until a line `@end #1', keeping track of nested conditionals. +% +% A count to remember the depth of nesting. +\newcount\doignorecount + +\def\doignore#1{\begingroup + % Scan in ``verbatim'' mode: + \obeylines + \catcode`\@ = \other + \catcode`\{ = \other + \catcode`\} = \other + % + % Make sure that spaces turn into tokens that match what \doignoretext wants. + \spaceisspace + % + % Count number of #1's that we've seen. + \doignorecount = 0 + % + % Swallow text until we reach the matching `@end #1'. + \dodoignore{#1}% +} + +{ \catcode`_=11 % We want to use \_STOP_ which cannot appear in texinfo source. + \obeylines % + % + \gdef\dodoignore#1{% + % #1 contains the command name as a string, e.g., `ifinfo'. + % + % Define a command to find the next `@end #1'. + \long\def\doignoretext##1^^M@end #1{% + \doignoretextyyy##1^^M@#1\_STOP_}% + % + % And this command to find another #1 command, at the beginning of a + % line. (Otherwise, we would consider a line `@c @ifset', for + % example, to count as an @ifset for nesting.) + \long\def\doignoretextyyy##1^^M@#1##2\_STOP_{\doignoreyyy{##2}\_STOP_}% + % + % And now expand that command. + \doignoretext ^^M% + }% +} + +\def\doignoreyyy#1{% + \def\temp{#1}% + \ifx\temp\empty % Nothing found. + \let\next\doignoretextzzz + \else % Found a nested condition, ... + \advance\doignorecount by 1 + \let\next\doignoretextyyy % ..., look for another. + % If we're here, #1 ends with ^^M\ifinfo (for example). + \fi + \next #1% the token \_STOP_ is present just after this macro. +} + +% We have to swallow the remaining "\_STOP_". +% +\def\doignoretextzzz#1{% + \ifnum\doignorecount = 0 % We have just found the outermost @end. + \let\next\enddoignore + \else % Still inside a nested condition. + \advance\doignorecount by -1 + \let\next\doignoretext % Look for the next @end. + \fi + \next +} + +% Finish off ignored text. +{ \obeylines% + % Ignore anything after the last `@end #1'; this matters in verbatim + % environments, where otherwise the newline after an ignored conditional + % would result in a blank line in the output. + \gdef\enddoignore#1^^M{\endgroup\ignorespaces}% +} + + +% @set VAR sets the variable VAR to an empty value. +% @set VAR REST-OF-LINE sets VAR to the value REST-OF-LINE. +% +% Since we want to separate VAR from REST-OF-LINE (which might be +% empty), we can't just use \parsearg; we have to insert a space of our +% own to delimit the rest of the line, and then take it out again if we +% didn't need it. +% We rely on the fact that \parsearg sets \catcode`\ =10. +% +\parseargdef\set{\setyyy#1 \endsetyyy} +\def\setyyy#1 #2\endsetyyy{% + {% + \makevalueexpandable + \def\temp{#2}% + \edef\next{\gdef\makecsname{SET#1}}% + \ifx\temp\empty + \next{}% + \else + \setzzz#2\endsetzzz + \fi + }% +} +% Remove the trailing space \setxxx inserted. +\def\setzzz#1 \endsetzzz{\next{#1}} + +% @clear VAR clears (i.e., unsets) the variable VAR. +% +\parseargdef\clear{% + {% + \makevalueexpandable + \global\expandafter\let\csname SET#1\endcsname=\relax + }% +} + +% @value{foo} gets the text saved in variable foo. +\def\value{\begingroup\makevalueexpandable\valuexxx} +\def\valuexxx#1{\expandablevalue{#1}\endgroup} +{ + \catcode`\-=\active \catcode`\_=\active + % + \gdef\makevalueexpandable{% + \let\value = \expandablevalue + % We don't want these characters active, ... + \catcode`\-=\other \catcode`\_=\other + % ..., but we might end up with active ones in the argument if + % we're called from @code, as @code{@value{foo-bar_}}, though. + % So \let them to their normal equivalents. + \let-\normaldash \let_\normalunderscore + } +} + +\def\expandablevalue#1{% + \expandafter\ifx\csname SET#1\endcsname\relax + {[No value for ``#1'']}% + \message{Variable `#1', used in @value, is not set.}% + \else + \csname SET#1\endcsname + \fi +} + +% Like \expandablevalue, but completely expandable (the \message in the +% definition above operates at the execution level of TeX). Used when +% writing to auxiliary files, due to the expansion that \write does. +% If flag is undefined, pass through an unexpanded @value command: maybe it +% will be set by the time it is read back in. +% +% NB flag names containing - or _ may not work here. +\def\dummyvalue#1{% + \expandafter\ifx\csname SET#1\endcsname\relax + \noexpand\value{#1}% + \else + \csname SET#1\endcsname + \fi +} + +% Used for @value's in index entries to form the sort key: expand the @value +% if possible, otherwise sort late. +\def\indexnofontsvalue#1{% + \expandafter\ifx\csname SET#1\endcsname\relax + ZZZZZZZ% + \else + \csname SET#1\endcsname + \fi +} + +% @ifset VAR ... @end ifset reads the `...' iff VAR has been defined +% with @set. +% +% To get the special treatment we need for `@end ifset,' we call +% \makecond and then redefine. +% +\makecond{ifset} +\def\ifset{\parsearg{\doifset{\let\next=\ifsetfail}}} +\def\doifset#1#2{% + {% + \makevalueexpandable + \let\next=\empty + \expandafter\ifx\csname SET#2\endcsname\relax + #1% If not set, redefine \next. + \fi + \expandafter + }\next +} +\def\ifsetfail{\doignore{ifset}} + +% @ifclear VAR ... @end executes the `...' iff VAR has never been +% defined with @set, or has been undefined with @clear. +% +% The `\else' inside the `\doifset' parameter is a trick to reuse the +% above code: if the variable is not set, do nothing, if it is set, +% then redefine \next to \ifclearfail. +% +\makecond{ifclear} +\def\ifclear{\parsearg{\doifset{\else \let\next=\ifclearfail}}} +\def\ifclearfail{\doignore{ifclear}} + +% @ifcommandisdefined CMD ... @end executes the `...' if CMD (written +% without the @) is in fact defined. We can only feasibly check at the +% TeX level, so something like `mathcode' is going to considered +% defined even though it is not a Texinfo command. +% +\makecond{ifcommanddefined} +\def\ifcommanddefined{\parsearg{\doifcmddefined{\let\next=\ifcmddefinedfail}}} +% +\def\doifcmddefined#1#2{{% + \makevalueexpandable + \let\next=\empty + \expandafter\ifx\csname #2\endcsname\relax + #1% If not defined, \let\next as above. + \fi + \expandafter + }\next +} +\def\ifcmddefinedfail{\doignore{ifcommanddefined}} + +% @ifcommandnotdefined CMD ... handled similar to @ifclear above. +\makecond{ifcommandnotdefined} +\def\ifcommandnotdefined{% + \parsearg{\doifcmddefined{\else \let\next=\ifcmdnotdefinedfail}}} +\def\ifcmdnotdefinedfail{\doignore{ifcommandnotdefined}} + +% Set the `txicommandconditionals' variable, so documents have a way to +% test if the @ifcommand...defined conditionals are available. +\set txicommandconditionals + +% @dircategory CATEGORY -- specify a category of the dir file +% which this file should belong to. Ignore this in TeX. +\let\dircategory=\comment + +% @defininfoenclose. +\let\definfoenclose=\comment + + +\message{indexing,} +% Index generation facilities + +% Define \newwrite to be identical to plain tex's \newwrite +% except not \outer, so it can be used within macros and \if's. +\edef\newwrite{\makecsname{ptexnewwrite}} + +% \newindex {foo} defines an index named IX. +% It automatically defines \IXindex such that +% \IXindex ...rest of line... puts an entry in the index IX. +% It also defines \IXindfile to be the number of the output channel for +% the file that accumulates this index. The file's extension is IX. +% The name of an index should be no more than 2 characters long +% for the sake of vms. +% +\def\newindex#1{% + \expandafter\chardef\csname#1indfile\endcsname=0 + \expandafter\xdef\csname#1index\endcsname{% % Define @#1index + \noexpand\doindex{#1}} +} + +% @defindex foo == \newindex{foo} +% +\def\defindex{\parsearg\newindex} + +% Define @defcodeindex, like @defindex except put all entries in @code. +% +\def\defcodeindex{\parsearg\newcodeindex} +% +\def\newcodeindex#1{% + \expandafter\chardef\csname#1indfile\endcsname=0 + \expandafter\xdef\csname#1index\endcsname{% + \noexpand\docodeindex{#1}}% +} + +% The default indices: +\newindex{cp}% concepts, +\newcodeindex{fn}% functions, +\newcodeindex{vr}% variables, +\newcodeindex{tp}% types, +\newcodeindex{ky}% keys +\newcodeindex{pg}% and programs. + + +% @synindex foo bar makes index foo feed into index bar. +% Do this instead of @defindex foo if you don't want it as a separate index. +% +% @syncodeindex foo bar similar, but put all entries made for index foo +% inside @code. +% +\def\synindex#1 #2 {\dosynindex\doindex{#1}{#2}} +\def\syncodeindex#1 #2 {\dosynindex\docodeindex{#1}{#2}} + +% #1 is \doindex or \docodeindex, #2 the index getting redefined (foo), +% #3 the target index (bar). +\def\dosynindex#1#2#3{% + \requireopenindexfile{#3}% + % redefine \fooindfile: + \expandafter\let\expandafter\temp\expandafter=\csname#3indfile\endcsname + \expandafter\let\csname#2indfile\endcsname=\temp + % redefine \fooindex: + \expandafter\xdef\csname#2index\endcsname{\noexpand#1{#3}}% +} + +% Define \doindex, the driver for all index macros. +% Argument #1 is generated by the calling \fooindex macro, +% and it is the two-letter name of the index. + +\def\doindex#1{\edef\indexname{#1}\parsearg\doindexxxx} +\def\doindexxxx #1{\doind{\indexname}{#1}} + +% like the previous two, but they put @code around the argument. +\def\docodeindex#1{\edef\indexname{#1}\parsearg\docodeindexxxx} +\def\docodeindexxxx #1{\doind{\indexname}{\code{#1}}} + + +% Used for the aux, toc and index files to prevent expansion of Texinfo +% commands. +% +\def\atdummies{% + \definedummyletter\@% + \definedummyletter\ % + \definedummyletter\{% + \definedummyletter\}% + % + % Do the redefinitions. + \definedummies + \otherbackslash +} + +% \definedummyword defines \#1 as \string\#1\space, thus effectively +% preventing its expansion. This is used only for control words, +% not control letters, because the \space would be incorrect for +% control characters, but is needed to separate the control word +% from whatever follows. +% +% These can be used both for control words that take an argument and +% those that do not. If it is followed by {arg} in the input, then +% that will dutifully get written to the index (or wherever). +% +% For control letters, we have \definedummyletter, which omits the +% space. +% +\def\definedummyword #1{\def#1{\string#1\space}}% +\def\definedummyletter#1{\def#1{\string#1}}% +\let\definedummyaccent\definedummyletter + +% Called from \atdummies to prevent the expansion of commands. +% +\def\definedummies{% + % + \let\commondummyword\definedummyword + \let\commondummyletter\definedummyletter + \let\commondummyaccent\definedummyaccent + \commondummiesnofonts + % + \definedummyletter\_% + \definedummyletter\-% + % + % Non-English letters. + \definedummyword\AA + \definedummyword\AE + \definedummyword\DH + \definedummyword\L + \definedummyword\O + \definedummyword\OE + \definedummyword\TH + \definedummyword\aa + \definedummyword\ae + \definedummyword\dh + \definedummyword\exclamdown + \definedummyword\l + \definedummyword\o + \definedummyword\oe + \definedummyword\ordf + \definedummyword\ordm + \definedummyword\questiondown + \definedummyword\ss + \definedummyword\th + % + % Although these internal commands shouldn't show up, sometimes they do. + \definedummyword\bf + \definedummyword\gtr + \definedummyword\hat + \definedummyword\less + \definedummyword\sf + \definedummyword\sl + \definedummyword\tclose + \definedummyword\tt + % + \definedummyword\LaTeX + \definedummyword\TeX + % + % Assorted special characters. + \definedummyword\atchar + \definedummyword\arrow + \definedummyword\backslashchar + \definedummyword\bullet + \definedummyword\comma + \definedummyword\copyright + \definedummyword\registeredsymbol + \definedummyword\dots + \definedummyword\enddots + \definedummyword\entrybreak + \definedummyword\equiv + \definedummyword\error + \definedummyword\euro + \definedummyword\expansion + \definedummyword\geq + \definedummyword\guillemetleft + \definedummyword\guillemetright + \definedummyword\guilsinglleft + \definedummyword\guilsinglright + \definedummyword\lbracechar + \definedummyword\leq + \definedummyword\mathopsup + \definedummyword\minus + \definedummyword\ogonek + \definedummyword\pounds + \definedummyword\point + \definedummyword\print + \definedummyword\quotedblbase + \definedummyword\quotedblleft + \definedummyword\quotedblright + \definedummyword\quoteleft + \definedummyword\quoteright + \definedummyword\quotesinglbase + \definedummyword\rbracechar + \definedummyword\result + \definedummyword\sub + \definedummyword\sup + \definedummyword\textdegree + % + % We want to disable all macros so that they are not expanded by \write. + \macrolist + \let\value\dummyvalue + % + \normalturnoffactive +} + +% \commondummiesnofonts: common to \definedummies and \indexnofonts. +% Define \commondummyletter, \commondummyaccent and \commondummyword before +% using. Used for accents, font commands, and various control letters. +% +\def\commondummiesnofonts{% + % Control letters and accents. + \commondummyletter\!% + \commondummyaccent\"% + \commondummyaccent\'% + \commondummyletter\*% + \commondummyaccent\,% + \commondummyletter\.% + \commondummyletter\/% + \commondummyletter\:% + \commondummyaccent\=% + \commondummyletter\?% + \commondummyaccent\^% + \commondummyaccent\`% + \commondummyaccent\~% + \commondummyword\u + \commondummyword\v + \commondummyword\H + \commondummyword\dotaccent + \commondummyword\ogonek + \commondummyword\ringaccent + \commondummyword\tieaccent + \commondummyword\ubaraccent + \commondummyword\udotaccent + \commondummyword\dotless + % + % Texinfo font commands. + \commondummyword\b + \commondummyword\i + \commondummyword\r + \commondummyword\sansserif + \commondummyword\sc + \commondummyword\slanted + \commondummyword\t + % + % Commands that take arguments. + \commondummyword\abbr + \commondummyword\acronym + \commondummyword\anchor + \commondummyword\cite + \commondummyword\code + \commondummyword\command + \commondummyword\dfn + \commondummyword\dmn + \commondummyword\email + \commondummyword\emph + \commondummyword\env + \commondummyword\file + \commondummyword\image + \commondummyword\indicateurl + \commondummyword\inforef + \commondummyword\kbd + \commondummyword\key + \commondummyword\math + \commondummyword\option + \commondummyword\pxref + \commondummyword\ref + \commondummyword\samp + \commondummyword\strong + \commondummyword\tie + \commondummyword\U + \commondummyword\uref + \commondummyword\url + \commondummyword\var + \commondummyword\verb + \commondummyword\w + \commondummyword\xref +} + +\let\indexlbrace\relax +\let\indexrbrace\relax +\let\indexatchar\relax +\let\indexbackslash\relax + +{\catcode`\@=0 +\catcode`\\=13 + @gdef@backslashdisappear{@def\{}} +} + +{ +\catcode`\<=13 +\catcode`\-=13 +\catcode`\`=13 + \gdef\indexnonalnumdisappear{% + \expandafter\ifx\csname SETtxiindexlquoteignore\endcsname\relax\else + % @set txiindexlquoteignore makes us ignore left quotes in the sort term. + % (Introduced for FSFS 2nd ed.) + \let`=\empty + \fi + % + \expandafter\ifx\csname SETtxiindexbackslashignore\endcsname\relax\else + \backslashdisappear + \fi + % + \expandafter\ifx\csname SETtxiindexhyphenignore\endcsname\relax\else + \def-{}% + \fi + \expandafter\ifx\csname SETtxiindexlessthanignore\endcsname\relax\else + \def<{}% + \fi + \expandafter\ifx\csname SETtxiindexatsignignore\endcsname\relax\else + \def\@{}% + \fi + } + + \gdef\indexnonalnumreappear{% + \let-\normaldash + \let<\normalless + } +} + + +% \indexnofonts is used when outputting the strings to sort the index +% by, and when constructing control sequence names. It eliminates all +% control sequences and just writes whatever the best ASCII sort string +% would be for a given command (usually its argument). +% +\def\indexnofonts{% + % Accent commands should become @asis. + \def\commondummyaccent##1{\let##1\asis}% + % We can just ignore other control letters. + \def\commondummyletter##1{\let##1\empty}% + % All control words become @asis by default; overrides below. + \let\commondummyword\commondummyaccent + \commondummiesnofonts + % + % Don't no-op \tt, since it isn't a user-level command + % and is used in the definitions of the active chars like <, >, |, etc. + % Likewise with the other plain tex font commands. + %\let\tt=\asis + % + \def\ { }% + \def\@{@}% + \def\_{\normalunderscore}% + \def\-{}% @- shouldn't affect sorting + % + \uccode`\1=`\{ \uppercase{\def\{{1}}% + \uccode`\1=`\} \uppercase{\def\}{1}}% + \let\lbracechar\{% + \let\rbracechar\}% + % + % Non-English letters. + \def\AA{AA}% + \def\AE{AE}% + \def\DH{DZZ}% + \def\L{L}% + \def\OE{OE}% + \def\O{O}% + \def\TH{TH}% + \def\aa{aa}% + \def\ae{ae}% + \def\dh{dzz}% + \def\exclamdown{!}% + \def\l{l}% + \def\oe{oe}% + \def\ordf{a}% + \def\ordm{o}% + \def\o{o}% + \def\questiondown{?}% + \def\ss{ss}% + \def\th{th}% + % + \def\LaTeX{LaTeX}% + \def\TeX{TeX}% + % + % Assorted special characters. \defglyph gives the control sequence a + % definition that removes the {} that follows its use. + \defglyph\atchar{@}% + \defglyph\arrow{->}% + \defglyph\bullet{bullet}% + \defglyph\comma{,}% + \defglyph\copyright{copyright}% + \defglyph\dots{...}% + \defglyph\enddots{...}% + \defglyph\equiv{==}% + \defglyph\error{error}% + \defglyph\euro{euro}% + \defglyph\expansion{==>}% + \defglyph\geq{>=}% + \defglyph\guillemetleft{<<}% + \defglyph\guillemetright{>>}% + \defglyph\guilsinglleft{<}% + \defglyph\guilsinglright{>}% + \defglyph\leq{<=}% + \defglyph\lbracechar{\{}% + \defglyph\minus{-}% + \defglyph\point{.}% + \defglyph\pounds{pounds}% + \defglyph\print{-|}% + \defglyph\quotedblbase{"}% + \defglyph\quotedblleft{"}% + \defglyph\quotedblright{"}% + \defglyph\quoteleft{`}% + \defglyph\quoteright{'}% + \defglyph\quotesinglbase{,}% + \defglyph\rbracechar{\}}% + \defglyph\registeredsymbol{R}% + \defglyph\result{=>}% + \defglyph\textdegree{o}% + % + % We need to get rid of all macros, leaving only the arguments (if present). + % Of course this is not nearly correct, but it is the best we can do for now. + % makeinfo does not expand macros in the argument to @deffn, which ends up + % writing an index entry, and texindex isn't prepared for an index sort entry + % that starts with \. + % + % Since macro invocations are followed by braces, we can just redefine them + % to take a single TeX argument. The case of a macro invocation that + % goes to end-of-line is not handled. + % + \macrolist + \let\value\indexnofontsvalue +} +\def\defglyph#1#2{\def#1##1{#2}} % see above + + + + +% #1 is the index name, #2 is the entry text. +\def\doind#1#2{% + \iflinks + {% + % + \requireopenindexfile{#1}% + \edef\writeto{\csname#1indfile\endcsname}% + % + \def\indextext{#2}% + \safewhatsit\doindwrite + }% + \fi +} + +% Check if an index file has been opened, and if not, open it. +\def\requireopenindexfile#1{% +\ifnum\csname #1indfile\endcsname=0 + \expandafter\newwrite \csname#1indfile\endcsname + \edef\suffix{#1}% + % A .fls suffix would conflict with the file extension for the output + % of -recorder, so use .f1s instead. + \ifx\suffix\indexisfl\def\suffix{f1}\fi + % Open the file + \immediate\openout\csname#1indfile\endcsname \jobname.\suffix + % Using \immediate above here prevents an object entering into the current + % box, which could confound checks such as those in \safewhatsit for + % preceding skips. + \typeout{Writing index file \jobname.\suffix}% +\fi} +\def\indexisfl{fl} + +% Definition for writing index entry sort key. +{ +\catcode`\-=13 +\gdef\indexwritesortas{% + \begingroup + \indexnonalnumreappear + \indexwritesortasxxx} +\gdef\indexwritesortasxxx#1{% + \xdef\indexsortkey{#1}\endgroup} +} + +\def\indexwriteseealso#1{ + \gdef\pagenumbertext{@seealso{#1}}% +} +\def\indexwriteseeentry#1{ + \gdef\pagenumbertext{@seeentry{#1}}% +} + +% The default definitions +\def\sortas#1{}% +\def\seealso#1{\i{\putwordSeeAlso}\ #1}% for sorted index file only +\def\putwordSeeAlso{See also} +\def\seeentry#1{\i{\putwordSee}\ #1}% for sorted index file only + + +% Given index entry text like "aaa @subentry bbb @sortas{ZZZ}": +% * Set \bracedtext to "{aaa}{bbb}" +% * Set \fullindexsortkey to "aaa @subentry ZZZ" +% * If @seealso occurs, set \pagenumbertext +% +\def\splitindexentry#1{% + \gdef\fullindexsortkey{}% + \xdef\bracedtext{}% + \def\sep{}% + \def\seealso##1{}% + \def\seeentry##1{}% + \expandafter\doindexsegment#1\subentry\finish\subentry +} + +% append the results from the next segment +\def\doindexsegment#1\subentry{% + \def\segment{#1}% + \ifx\segment\isfinish + \else + % + % Fully expand the segment, throwing away any @sortas directives, and + % trim spaces. + \edef\trimmed{\segment}% + \edef\trimmed{\expandafter\eatspaces\expandafter{\trimmed}}% + % + \xdef\bracedtext{\bracedtext{\trimmed}}% + % + % Get the string to sort by. Process the segment with all + % font commands turned off. + \bgroup + \let\sortas\indexwritesortas + \let\seealso\indexwriteseealso + \let\seeentry\indexwriteseeentry + \indexnofonts + % The braces around the commands are recognized by texindex. + \def\lbracechar{{\string\indexlbrace}}% + \def\rbracechar{{\string\indexrbrace}}% + \let\{=\lbracechar + \let\}=\rbracechar + \def\@{{\string\indexatchar}}% + \def\atchar##1{\@}% + \def\backslashchar{{\string\indexbackslash}}% + \uccode`\~=`\\ \uppercase{\let~\backslashchar}% + % + \let\indexsortkey\empty + \global\let\pagenumbertext\empty + % Execute the segment and throw away the typeset output. This executes + % any @sortas or @seealso commands in this segment. + \setbox\dummybox = \hbox{\segment}% + \ifx\indexsortkey\empty{% + \indexnonalnumdisappear + \xdef\trimmed{\segment}% + \xdef\trimmed{\expandafter\eatspaces\expandafter{\trimmed}}% + \xdef\indexsortkey{\trimmed}% + \ifx\indexsortkey\empty\xdef\indexsortkey{ }\fi + }\fi + % + % Append to \fullindexsortkey. + \edef\tmp{\gdef\noexpand\fullindexsortkey{% + \fullindexsortkey\sep\indexsortkey}}% + \tmp + \egroup + \def\sep{\subentry}% + % + \expandafter\doindexsegment + \fi +} +\def\isfinish{\finish}% +\newbox\dummybox % used above + +\let\subentry\relax + +% Use \ instead of @ in index files. To support old texi2dvi and texindex. +% This works without changing the escape character used in the toc or aux +% files because the index entries are fully expanded here, and \string uses +% the current value of \escapechar. +\def\escapeisbackslash{\escapechar=`\\} + +% Write the entry in \indextext to the index file. +% +\def\doindwrite{% + \maybemarginindex + % + \atdummies + % + \expandafter\ifx\csname SETtxiindexescapeisbackslash\endcsname\relax\else + \escapeisbackslash + \fi + % + % For texindex which always views { and } as separators. + \def\{{\lbracechar{}}% + \def\}{\rbracechar{}}% + \uccode`\~=`\\ \uppercase{\def~{\backslashchar{}}}% + % + % Split the entry into primary entry and any subentries, and get the index + % sort key. + \splitindexentry\indextext + % + % Set up the complete index entry, with both the sort key and + % the original text, including any font commands. We write + % three arguments to \entry to the .?? file (four in the + % subentry case), texindex reduces to two when writing the .??s + % sorted result. + % + \edef\temp{% + \write\writeto{% + \string\entry{\fullindexsortkey}% + {\ifx\pagenumbertext\empty\noexpand\folio\else\pagenumbertext\fi}% + \bracedtext}% + }% + \temp +} + +% Put the index entry in the margin if desired (undocumented). +\def\maybemarginindex{% + \ifx\SETmarginindex\relax\else + \insert\margin{\hbox{\vrule height8pt depth3pt width0pt \relax\indextext}}% + \fi +} +\let\SETmarginindex=\relax + + +% Take care of unwanted page breaks/skips around a whatsit: +% +% If a skip is the last thing on the list now, preserve it +% by backing up by \lastskip, doing the \write, then inserting +% the skip again. Otherwise, the whatsit generated by the +% \write or \pdfdest will make \lastskip zero. The result is that +% sequences like this: +% @end defun +% @tindex whatever +% @defun ... +% will have extra space inserted, because the \medbreak in the +% start of the @defun won't see the skip inserted by the @end of +% the previous defun. +% +% But don't do any of this if we're not in vertical mode. We +% don't want to do a \vskip and prematurely end a paragraph. +% +% Avoid page breaks due to these extra skips, too. +% +% But wait, there is a catch there: +% We'll have to check whether \lastskip is zero skip. \ifdim is not +% sufficient for this purpose, as it ignores stretch and shrink parts +% of the skip. The only way seems to be to check the textual +% representation of the skip. +% +% The following is almost like \def\zeroskipmacro{0.0pt} except that +% the ``p'' and ``t'' characters have catcode \other, not 11 (letter). +% +\edef\zeroskipmacro{\expandafter\the\csname z@skip\endcsname} +% +\newskip\whatsitskip +\newcount\whatsitpenalty +% +% ..., ready, GO: +% +\def\safewhatsit#1{\ifhmode + #1% + \else + % \lastskip and \lastpenalty cannot both be nonzero simultaneously. + \whatsitskip = \lastskip + \edef\lastskipmacro{\the\lastskip}% + \whatsitpenalty = \lastpenalty + % + % If \lastskip is nonzero, that means the last item was a + % skip. And since a skip is discardable, that means this + % -\whatsitskip glue we're inserting is preceded by a + % non-discardable item, therefore it is not a potential + % breakpoint, therefore no \nobreak needed. + \ifx\lastskipmacro\zeroskipmacro + \else + \vskip-\whatsitskip + \fi + % + #1% + % + \ifx\lastskipmacro\zeroskipmacro + % If \lastskip was zero, perhaps the last item was a penalty, and + % perhaps it was >=10000, e.g., a \nobreak. In that case, we want + % to re-insert the same penalty (values >10000 are used for various + % signals); since we just inserted a non-discardable item, any + % following glue (such as a \parskip) would be a breakpoint. For example: + % @deffn deffn-whatever + % @vindex index-whatever + % Description. + % would allow a break between the index-whatever whatsit + % and the "Description." paragraph. + \ifnum\whatsitpenalty>9999 \penalty\whatsitpenalty \fi + \else + % On the other hand, if we had a nonzero \lastskip, + % this make-up glue would be preceded by a non-discardable item + % (the whatsit from the \write), so we must insert a \nobreak. + \nobreak\vskip\whatsitskip + \fi +\fi} + +% The index entry written in the file actually looks like +% \entry {sortstring}{page}{topic} +% or +% \entry {sortstring}{page}{topic}{subtopic} +% The texindex program reads in these files and writes files +% containing these kinds of lines: +% \initial {c} +% before the first topic whose initial is c +% \entry {topic}{pagelist} +% for a topic that is used without subtopics +% \primary {topic} +% \entry {topic}{} +% for the beginning of a topic that is used with subtopics +% \secondary {subtopic}{pagelist} +% for each subtopic. +% \secondary {subtopic}{} +% for a subtopic with sub-subtopics +% \tertiary {subtopic}{subsubtopic}{pagelist} +% for each sub-subtopic. + +% Define the user-accessible indexing commands +% @findex, @vindex, @kindex, @cindex. + +\def\findex {\fnindex} +\def\kindex {\kyindex} +\def\cindex {\cpindex} +\def\vindex {\vrindex} +\def\tindex {\tpindex} +\def\pindex {\pgindex} + +% Define the macros used in formatting output of the sorted index material. + +% @printindex causes a particular index (the ??s file) to get printed. +% It does not print any chapter heading (usually an @unnumbered). +% +\parseargdef\printindex{\begingroup + \dobreak \chapheadingskip{10000}% + % + \smallfonts \rm + \tolerance = 9500 + \plainfrenchspacing + \everypar = {}% don't want the \kern\-parindent from indentation suppression. + % + % See comment in \requireopenindexfile. + \def\indexname{#1}\ifx\indexname\indexisfl\def\indexname{f1}\fi + % + % See if the index file exists and is nonempty. + \openin 1 \jobname.\indexname s + \ifeof 1 + % \enddoublecolumns gets confused if there is no text in the index, + % and it loses the chapter title and the aux file entries for the + % index. The easiest way to prevent this problem is to make sure + % there is some text. + \putwordIndexNonexistent + \typeout{No file \jobname.\indexname s.}% + \else + % If the index file exists but is empty, then \openin leaves \ifeof + % false. We have to make TeX try to read something from the file, so + % it can discover if there is anything in it. + \read 1 to \thisline + \ifeof 1 + \putwordIndexIsEmpty + \else + \expandafter\printindexzz\thisline\relax\relax\finish% + \fi + \fi + \closein 1 +\endgroup} + +% If the index file starts with a backslash, forgo reading the index +% file altogether. If somebody upgrades texinfo.tex they may still have +% old index files using \ as the escape character. Reading this would +% at best lead to typesetting garbage, at worst a TeX syntax error. +\def\printindexzz#1#2\finish{% + \expandafter\ifx\csname SETtxiindexescapeisbackslash\endcsname\relax + \uccode`\~=`\\ \uppercase{\if\noexpand~}\noexpand#1 + \expandafter\ifx\csname SETtxiskipindexfileswithbackslash\endcsname\relax +\errmessage{% +ERROR: A sorted index file in an obsolete format was skipped. +To fix this problem, please upgrade your version of 'texi2dvi' +or 'texi2pdf' to that at . +If you are using an old version of 'texindex' (part of the Texinfo +distribution), you may also need to upgrade to a newer version (at least 6.0). +You may be able to typeset the index if you run +'texindex \jobname.\indexname' yourself. +You could also try setting the 'txiindexescapeisbackslash' flag by +running a command like +'texi2dvi -t "@set txiindexescapeisbackslash" \jobname.texi'. If you do +this, Texinfo will try to use index files in the old format. +If you continue to have problems, deleting the index files and starting again +might help (with 'rm \jobname.?? \jobname.??s')% +}% + \else + (Skipped sorted index file in obsolete format) + \fi + \else + \begindoublecolumns + \input \jobname.\indexname s + \enddoublecolumns + \fi + \else + \message{trying to print index \indexname}% + \begindoublecolumns + \catcode`\\=0\relax + \catcode`\@=12\relax + \input \jobname.\indexname s + \enddoublecolumns + \fi +} + +% These macros are used by the sorted index file itself. +% Change them to control the appearance of the index. + +{\catcode`\/=13 \catcode`\-=13 \catcode`\^=13 \catcode`\~=13 \catcode`\_=13 +\catcode`\|=13 \catcode`\<=13 \catcode`\>=13 \catcode`\+=13 \catcode`\"=13 +\catcode`\$=3 +\gdef\initialglyphs{% + % special control sequences used in the index sort key + \let\indexlbrace\{% + \let\indexrbrace\}% + \let\indexatchar\@% + \def\indexbackslash{\math{\backslash}}% + % + % Some changes for non-alphabetic characters. Using the glyphs from the + % math fonts looks more consistent than the typewriter font used elsewhere + % for these characters. + \uccode`\~=`\\ \uppercase{\def~{\math{\backslash}}} + % + % In case @\ is used for backslash + \uppercase{\let\\=~} + % Can't get bold backslash so don't use bold forward slash + \catcode`\/=13 + \def/{{\secrmnotbold \normalslash}}% + \def-{{\normaldash\normaldash}}% en dash `--' + \def^{{\chapbf \normalcaret}}% + \def~{{\chapbf \normaltilde}}% + \def\_{% + \leavevmode \kern.07em \vbox{\hrule width.3em height.1ex}\kern .07em }% + \def|{$\vert$}% + \def<{$\less$}% + \def>{$\gtr$}% + \def+{$\normalplus$}% +}} + +\def\initial{% + \bgroup + \initialglyphs + \initialx +} + +\def\initialx#1{% + % Remove any glue we may have, we'll be inserting our own. + \removelastskip + % + % We like breaks before the index initials, so insert a bonus. + % The glue before the bonus allows a little bit of space at the + % bottom of a column to reduce an increase in inter-line spacing. + \nobreak + \vskip 0pt plus 5\baselineskip + \penalty -300 + \vskip 0pt plus -5\baselineskip + % + % Typeset the initial. Making this add up to a whole number of + % baselineskips increases the chance of the dots lining up from column + % to column. It still won't often be perfect, because of the stretch + % we need before each entry, but it's better. + % + % No shrink because it confuses \balancecolumns. + \vskip 1.67\baselineskip plus 1\baselineskip + \leftline{\secfonts \kern-0.05em \secbf #1}% + % \secfonts is inside the argument of \leftline so that the change of + % \baselineskip will not affect any glue inserted before the vbox that + % \leftline creates. + % Do our best not to break after the initial. + \nobreak + \vskip .33\baselineskip plus .1\baselineskip + \egroup % \initialglyphs +} + +\newdimen\entryrightmargin +\entryrightmargin=0pt + +% \entry typesets a paragraph consisting of the text (#1), dot leaders, and +% then page number (#2) flushed to the right margin. It is used for index +% and table of contents entries. The paragraph is indented by \leftskip. +% +\def\entry{% + \begingroup + % + % Start a new paragraph if necessary, so our assignments below can't + % affect previous text. + \par + % + % No extra space above this paragraph. + \parskip = 0in + % + % When reading the text of entry, convert explicit line breaks + % from @* into spaces. The user might give these in long section + % titles, for instance. + \def\*{\unskip\space\ignorespaces}% + \def\entrybreak{\hfil\break}% An undocumented command + % + % Swallow the left brace of the text (first parameter): + \afterassignment\doentry + \let\temp = +} +\def\entrybreak{\unskip\space\ignorespaces}% +\def\doentry{% + % Save the text of the entry + \global\setbox\boxA=\hbox\bgroup + \bgroup % Instead of the swallowed brace. + \noindent + \aftergroup\finishentry + % And now comes the text of the entry. + % Not absorbing as a macro argument reduces the chance of problems + % with catcodes occurring. +} +{\catcode`\@=11 +\gdef\finishentry#1{% + \egroup % end box A + \dimen@ = \wd\boxA % Length of text of entry + \global\setbox\boxA=\hbox\bgroup + \unhbox\boxA + % #1 is the page number. + % + % Get the width of the page numbers, and only use + % leaders if they are present. + \global\setbox\boxB = \hbox{#1}% + \ifdim\wd\boxB = 0pt + \null\nobreak\hfill\ % + \else + % + \null\nobreak\indexdotfill % Have leaders before the page number. + % + \ifpdforxetex + \pdfgettoks#1.% + \hskip\skip\thinshrinkable\the\toksA + \else + \hskip\skip\thinshrinkable #1% + \fi + \fi + \egroup % end \boxA + \ifdim\wd\boxB = 0pt + \noindent\unhbox\boxA\par + \nobreak + \else\bgroup + % We want the text of the entries to be aligned to the left, and the + % page numbers to be aligned to the right. + % + \parindent = 0pt + \advance\leftskip by 0pt plus 1fil + \advance\leftskip by 0pt plus -1fill + \rightskip = 0pt plus -1fil + \advance\rightskip by 0pt plus 1fill + % Cause last line, which could consist of page numbers on their own + % if the list of page numbers is long, to be aligned to the right. + \parfillskip=0pt plus -1fill + % + \advance\rightskip by \entryrightmargin + % Determine how far we can stretch into the margin. + % This allows, e.g., "Appendix H GNU Free Documentation License" to + % fit on one line in @letterpaper format. + \ifdim\entryrightmargin>2.1em + \dimen@i=2.1em + \else + \dimen@i=0em + \fi + \advance \parfillskip by 0pt minus 1\dimen@i + % + \dimen@ii = \hsize + \advance\dimen@ii by -1\leftskip + \advance\dimen@ii by -1\entryrightmargin + \advance\dimen@ii by 1\dimen@i + \ifdim\wd\boxA > \dimen@ii % If the entry doesn't fit in one line + \ifdim\dimen@ > 0.8\dimen@ii % due to long index text + % Try to split the text roughly evenly. \dimen@ will be the length of + % the first line. + \dimen@ = 0.7\dimen@ + \dimen@ii = \hsize + \ifnum\dimen@>\dimen@ii + % If the entry is too long (for example, if it needs more than + % two lines), use all the space in the first line. + \dimen@ = \dimen@ii + \fi + \advance\leftskip by 0pt plus 1fill % ragged right + \advance \dimen@ by 1\rightskip + \parshape = 2 0pt \dimen@ 0em \dimen@ii + % Ideally we'd add a finite glue at the end of the first line only, + % instead of using \parshape with explicit line lengths, but TeX + % doesn't seem to provide a way to do such a thing. + % + % Indent all lines but the first one. + \advance\leftskip by 1em + \advance\parindent by -1em + \fi\fi + \indent % start paragraph + \unhbox\boxA + % + % Do not prefer a separate line ending with a hyphen to fewer lines. + \finalhyphendemerits = 0 + % + % Word spacing - no stretch + \spaceskip=\fontdimen2\font minus \fontdimen4\font + % + \linepenalty=1000 % Discourage line breaks. + \hyphenpenalty=5000 % Discourage hyphenation. + % + \par % format the paragraph + \egroup % The \vbox + \fi + \endgroup +}} + +\newskip\thinshrinkable +\skip\thinshrinkable=.15em minus .15em + +% Like plain.tex's \dotfill, except uses up at least 1 em. +% The filll stretch here overpowers both the fil and fill stretch to push +% the page number to the right. +\def\indexdotfill{\cleaders + \hbox{$\mathsurround=0pt \mkern1.5mu.\mkern1.5mu$}\hskip 1em plus 1filll} + + +\def\primary #1{\line{#1\hfil}} + +\def\secondary{\indententry{0.5cm}} +\def\tertiary{\indententry{1cm}} + +\def\indententry#1#2#3{% + \bgroup + \leftskip=#1 + \entry{#2}{#3}% + \egroup +} + +% Define two-column mode, which we use to typeset indexes. +% Adapted from the TeXbook, page 416, which is to say, +% the manmac.tex format used to print the TeXbook itself. +\catcode`\@=11 % private names + +\newbox\partialpage +\newdimen\doublecolumnhsize + +\def\begindoublecolumns{\begingroup % ended by \enddoublecolumns + % If not much space left on page, start a new page. + \ifdim\pagetotal>0.8\vsize\vfill\eject\fi + % + % Grab any single-column material above us. + \output = {% + \savetopmark + % + \global\setbox\partialpage = \vbox{% + % Unvbox the main output page. + \unvbox\PAGE + \kern-\topskip \kern\baselineskip + }% + }% + \eject % run that output routine to set \partialpage + % + % Use the double-column output routine for subsequent pages. + \output = {\doublecolumnout}% + % + % Change the page size parameters. We could do this once outside this + % routine, in each of @smallbook, @afourpaper, and the default 8.5x11 + % format, but then we repeat the same computation. Repeating a couple + % of assignments once per index is clearly meaningless for the + % execution time, so we may as well do it in one place. + % + % First we halve the line length, less a little for the gutter between + % the columns. We compute the gutter based on the line length, so it + % changes automatically with the paper format. The magic constant + % below is chosen so that the gutter has the same value (well, +-<1pt) + % as it did when we hard-coded it. + % + % We put the result in a separate register, \doublecolumhsize, so we + % can restore it in \pagesofar, after \hsize itself has (potentially) + % been clobbered. + % + \doublecolumnhsize = \hsize + \advance\doublecolumnhsize by -.04154\hsize + \divide\doublecolumnhsize by 2 + \hsize = \doublecolumnhsize + % + % Get the available space for the double columns -- the normal + % (undoubled) page height minus any material left over from the + % previous page. + \advance\vsize by -\ht\partialpage + \vsize = 2\vsize + % + % For the benefit of balancing columns + \advance\baselineskip by 0pt plus 0.5pt +} + +% The double-column output routine for all double-column pages except +% the last, which is done by \balancecolumns. +% +\def\doublecolumnout{% + % + \savetopmark + \splittopskip=\topskip \splitmaxdepth=\maxdepth + \dimen@ = \vsize + \divide\dimen@ by 2 + % + % box0 will be the left-hand column, box2 the right. + \setbox0=\vsplit\PAGE to\dimen@ \setbox2=\vsplit\PAGE to\dimen@ + \global\advance\vsize by 2\ht\partialpage + \onepageout\pagesofar % empty except for the first time we are called + \unvbox\PAGE + \penalty\outputpenalty +} +% +% Re-output the contents of the output page -- any previous material, +% followed by the two boxes we just split, in box0 and box2. +\def\pagesofar{% + \unvbox\partialpage + % + \hsize = \doublecolumnhsize + \wd0=\hsize \wd2=\hsize + \hbox to\txipagewidth{\box0\hfil\box2}% +} + + +% Finished with with double columns. +\def\enddoublecolumns{% + % The following penalty ensures that the page builder is exercised + % _before_ we change the output routine. This is necessary in the + % following situation: + % + % The last section of the index consists only of a single entry. + % Before this section, \pagetotal is less than \pagegoal, so no + % break occurs before the last section starts. However, the last + % section, consisting of \initial and the single \entry, does not + % fit on the page and has to be broken off. Without the following + % penalty the page builder will not be exercised until \eject + % below, and by that time we'll already have changed the output + % routine to the \balancecolumns version, so the next-to-last + % double-column page will be processed with \balancecolumns, which + % is wrong: The two columns will go to the main vertical list, with + % the broken-off section in the recent contributions. As soon as + % the output routine finishes, TeX starts reconsidering the page + % break. The two columns and the broken-off section both fit on the + % page, because the two columns now take up only half of the page + % goal. When TeX sees \eject from below which follows the final + % section, it invokes the new output routine that we've set after + % \balancecolumns below; \onepageout will try to fit the two columns + % and the final section into the vbox of \txipageheight (see + % \pagebody), causing an overfull box. + % + % Note that glue won't work here, because glue does not exercise the + % page builder, unlike penalties (see The TeXbook, pp. 280-281). + \penalty0 + % + \output = {% + % Split the last of the double-column material. + \savetopmark + \balancecolumns + }% + \eject % call the \output just set + \ifdim\pagetotal=0pt + % Having called \balancecolumns once, we do not + % want to call it again. Therefore, reset \output to its normal + % definition right away. + \global\output=\expandafter{\the\defaultoutput} + % + \endgroup % started in \begindoublecolumns + % Leave the double-column material on the current page, no automatic + % page break. + \box\balancedcolumns + % + % \pagegoal was set to the doubled \vsize above, since we restarted + % the current page. We're now back to normal single-column + % typesetting, so reset \pagegoal to the normal \vsize. + \global\vsize = \txipageheight % + \pagegoal = \txipageheight % + \else + % We had some left-over material. This might happen when \doublecolumnout + % is called in \balancecolumns. Try again. + \expandafter\enddoublecolumns + \fi +} +\newbox\balancedcolumns +\setbox\balancedcolumns=\vbox{shouldnt see this}% +% +% Only called for the last of the double column material. \doublecolumnout +% does the others. +\def\balancecolumns{% + \setbox0 = \vbox{\unvbox\PAGE}% like \box255 but more efficient, see p.120. + \dimen@ = \ht0 + \ifdim\dimen@<7\baselineskip + % Don't split a short final column in two. + \setbox2=\vbox{}% + \global\setbox\balancedcolumns=\vbox{\pagesofar}% + \else + % double the leading vertical space + \advance\dimen@ by \topskip + \advance\dimen@ by-\baselineskip + \divide\dimen@ by 2 % target to split to + \dimen@ii = \dimen@ + \splittopskip = \topskip + % Loop until left column is at least as high as the right column. + {% + \vbadness = 10000 + \loop + \global\setbox3 = \copy0 + \global\setbox1 = \vsplit3 to \dimen@ + \ifdim\ht1<\ht3 + \global\advance\dimen@ by 1pt + \repeat + }% + % Now the left column is in box 1, and the right column in box 3. + % + % Check whether the left column has come out higher than the page itself. + % (Note that we have doubled \vsize for the double columns, so + % the actual height of the page is 0.5\vsize). + \ifdim2\ht1>\vsize + % It appears that we have been called upon to balance too much material. + % Output some of it with \doublecolumnout, leaving the rest on the page. + \setbox\PAGE=\box0 + \doublecolumnout + \else + % Compare the heights of the two columns. + \ifdim4\ht1>5\ht3 + % Column heights are too different, so don't make their bottoms + % flush with each other. + \setbox2=\vbox to \ht1 {\unvbox3\vfill}% + \setbox0=\vbox to \ht1 {\unvbox1\vfill}% + \else + % Make column bottoms flush with each other. + \setbox2=\vbox to\ht1{\unvbox3\unskip}% + \setbox0=\vbox to\ht1{\unvbox1\unskip}% + \fi + \global\setbox\balancedcolumns=\vbox{\pagesofar}% + \fi + \fi + % +} +\catcode`\@ = \other + + +\message{sectioning,} +% Chapters, sections, etc. + +% Let's start with @part. +\outer\parseargdef\part{\partzzz{#1}} +\def\partzzz#1{% + \chapoddpage + \null + \vskip.3\vsize % move it down on the page a bit + \begingroup + \noindent \titlefonts\rm #1\par % the text + \let\lastnode=\empty % no node to associate with + \writetocentry{part}{#1}{}% but put it in the toc + \headingsoff % no headline or footline on the part page + % This outputs a mark at the end of the page that clears \thischapter + % and \thissection, as is done in \startcontents. + \let\pchapsepmacro\relax + \chapmacro{}{Yomitfromtoc}{}% + \chapoddpage + \endgroup +} + +% \unnumberedno is an oxymoron. But we count the unnumbered +% sections so that we can refer to them unambiguously in the pdf +% outlines by their "section number". We avoid collisions with chapter +% numbers by starting them at 10000. (If a document ever has 10000 +% chapters, we're in trouble anyway, I'm sure.) +\newcount\unnumberedno \unnumberedno = 10000 +\newcount\chapno +\newcount\secno \secno=0 +\newcount\subsecno \subsecno=0 +\newcount\subsubsecno \subsubsecno=0 + +% This counter is funny since it counts through charcodes of letters A, B, ... +\newcount\appendixno \appendixno = `\@ +% +% \def\appendixletter{\char\the\appendixno} +% We do the following ugly conditional instead of the above simple +% construct for the sake of pdftex, which needs the actual +% letter in the expansion, not just typeset. +% +\def\appendixletter{% + \ifnum\appendixno=`A A% + \else\ifnum\appendixno=`B B% + \else\ifnum\appendixno=`C C% + \else\ifnum\appendixno=`D D% + \else\ifnum\appendixno=`E E% + \else\ifnum\appendixno=`F F% + \else\ifnum\appendixno=`G G% + \else\ifnum\appendixno=`H H% + \else\ifnum\appendixno=`I I% + \else\ifnum\appendixno=`J J% + \else\ifnum\appendixno=`K K% + \else\ifnum\appendixno=`L L% + \else\ifnum\appendixno=`M M% + \else\ifnum\appendixno=`N N% + \else\ifnum\appendixno=`O O% + \else\ifnum\appendixno=`P P% + \else\ifnum\appendixno=`Q Q% + \else\ifnum\appendixno=`R R% + \else\ifnum\appendixno=`S S% + \else\ifnum\appendixno=`T T% + \else\ifnum\appendixno=`U U% + \else\ifnum\appendixno=`V V% + \else\ifnum\appendixno=`W W% + \else\ifnum\appendixno=`X X% + \else\ifnum\appendixno=`Y Y% + \else\ifnum\appendixno=`Z Z% + % The \the is necessary, despite appearances, because \appendixletter is + % expanded while writing the .toc file. \char\appendixno is not + % expandable, thus it is written literally, thus all appendixes come out + % with the same letter (or @) in the toc without it. + \else\char\the\appendixno + \fi\fi\fi\fi\fi\fi\fi\fi\fi\fi\fi\fi\fi + \fi\fi\fi\fi\fi\fi\fi\fi\fi\fi\fi\fi\fi} + +% Each @chapter defines these (using marks) as the number+name, number +% and name of the chapter. Page headings and footings can use +% these. @section does likewise. +\def\thischapter{} +\def\thischapternum{} +\def\thischaptername{} +\def\thissection{} +\def\thissectionnum{} +\def\thissectionname{} + +\newcount\absseclevel % used to calculate proper heading level +\newcount\secbase\secbase=0 % @raisesections/@lowersections modify this count + +% @raisesections: treat @section as chapter, @subsection as section, etc. +\def\raisesections{\global\advance\secbase by -1} + +% @lowersections: treat @chapter as section, @section as subsection, etc. +\def\lowersections{\global\advance\secbase by 1} + +% we only have subsub. +\chardef\maxseclevel = 3 +% +% A numbered section within an unnumbered changes to unnumbered too. +% To achieve this, remember the "biggest" unnum. sec. we are currently in: +\chardef\unnlevel = \maxseclevel +% +% Trace whether the current chapter is an appendix or not: +% \chapheadtype is "N" or "A", unnumbered chapters are ignored. +\def\chapheadtype{N} + +% Choose a heading macro +% #1 is heading type +% #2 is heading level +% #3 is text for heading +\def\genhead#1#2#3{% + % Compute the abs. sec. level: + \absseclevel=#2 + \advance\absseclevel by \secbase + % Make sure \absseclevel doesn't fall outside the range: + \ifnum \absseclevel < 0 + \absseclevel = 0 + \else + \ifnum \absseclevel > 3 + \absseclevel = 3 + \fi + \fi + % The heading type: + \def\headtype{#1}% + \if \headtype U% + \ifnum \absseclevel < \unnlevel + \chardef\unnlevel = \absseclevel + \fi + \else + % Check for appendix sections: + \ifnum \absseclevel = 0 + \edef\chapheadtype{\headtype}% + \else + \if \headtype A\if \chapheadtype N% + \errmessage{@appendix... within a non-appendix chapter}% + \fi\fi + \fi + % Check for numbered within unnumbered: + \ifnum \absseclevel > \unnlevel + \def\headtype{U}% + \else + \chardef\unnlevel = 3 + \fi + \fi + % Now print the heading: + \if \headtype U% + \ifcase\absseclevel + \unnumberedzzz{#3}% + \or \unnumberedseczzz{#3}% + \or \unnumberedsubseczzz{#3}% + \or \unnumberedsubsubseczzz{#3}% + \fi + \else + \if \headtype A% + \ifcase\absseclevel + \appendixzzz{#3}% + \or \appendixsectionzzz{#3}% + \or \appendixsubseczzz{#3}% + \or \appendixsubsubseczzz{#3}% + \fi + \else + \ifcase\absseclevel + \chapterzzz{#3}% + \or \seczzz{#3}% + \or \numberedsubseczzz{#3}% + \or \numberedsubsubseczzz{#3}% + \fi + \fi + \fi + \suppressfirstparagraphindent +} + +% an interface: +\def\numhead{\genhead N} +\def\apphead{\genhead A} +\def\unnmhead{\genhead U} + +% @chapter, @appendix, @unnumbered. Increment top-level counter, reset +% all lower-level sectioning counters to zero. +% +% Also set \chaplevelprefix, which we prepend to @float sequence numbers +% (e.g., figures), q.v. By default (before any chapter), that is empty. +\let\chaplevelprefix = \empty +% +\outer\parseargdef\chapter{\numhead0{#1}} % normally numhead0 calls chapterzzz +\def\chapterzzz#1{% + % section resetting is \global in case the chapter is in a group, such + % as an @include file. + \global\secno=0 \global\subsecno=0 \global\subsubsecno=0 + \global\advance\chapno by 1 + % + % Used for \float. + \gdef\chaplevelprefix{\the\chapno.}% + \resetallfloatnos + % + % \putwordChapter can contain complex things in translations. + \toks0=\expandafter{\putwordChapter}% + \message{\the\toks0 \space \the\chapno}% + % + % Write the actual heading. + \chapmacro{#1}{Ynumbered}{\the\chapno}% + % + % So @section and the like are numbered underneath this chapter. + \global\let\section = \numberedsec + \global\let\subsection = \numberedsubsec + \global\let\subsubsection = \numberedsubsubsec +} + +\outer\parseargdef\appendix{\apphead0{#1}} % normally calls appendixzzz +% +\def\appendixzzz#1{% + \global\secno=0 \global\subsecno=0 \global\subsubsecno=0 + \global\advance\appendixno by 1 + \gdef\chaplevelprefix{\appendixletter.}% + \resetallfloatnos + % + % \putwordAppendix can contain complex things in translations. + \toks0=\expandafter{\putwordAppendix}% + \message{\the\toks0 \space \appendixletter}% + % + \chapmacro{#1}{Yappendix}{\appendixletter}% + % + \global\let\section = \appendixsec + \global\let\subsection = \appendixsubsec + \global\let\subsubsection = \appendixsubsubsec +} + +% normally unnmhead0 calls unnumberedzzz: +\outer\parseargdef\unnumbered{\unnmhead0{#1}} +\def\unnumberedzzz#1{% + \global\secno=0 \global\subsecno=0 \global\subsubsecno=0 + \global\advance\unnumberedno by 1 + % + % Since an unnumbered has no number, no prefix for figures. + \global\let\chaplevelprefix = \empty + \resetallfloatnos + % + % This used to be simply \message{#1}, but TeX fully expands the + % argument to \message. Therefore, if #1 contained @-commands, TeX + % expanded them. For example, in `@unnumbered The @cite{Book}', TeX + % expanded @cite (which turns out to cause errors because \cite is meant + % to be executed, not expanded). + % + % Anyway, we don't want the fully-expanded definition of @cite to appear + % as a result of the \message, we just want `@cite' itself. We use + % \the to achieve this: TeX expands \the only once, + % simply yielding the contents of . (We also do this for + % the toc entries.) + \toks0 = {#1}% + \message{(\the\toks0)}% + % + \chapmacro{#1}{Ynothing}{\the\unnumberedno}% + % + \global\let\section = \unnumberedsec + \global\let\subsection = \unnumberedsubsec + \global\let\subsubsection = \unnumberedsubsubsec +} + +% @centerchap is like @unnumbered, but the heading is centered. +\outer\parseargdef\centerchap{% + \let\centerparametersmaybe = \centerparameters + \unnmhead0{#1}% + \let\centerparametersmaybe = \relax +} + +% @top is like @unnumbered. +\let\top\unnumbered + +% Sections. +% +\outer\parseargdef\numberedsec{\numhead1{#1}} % normally calls seczzz +\def\seczzz#1{% + \global\subsecno=0 \global\subsubsecno=0 \global\advance\secno by 1 + \sectionheading{#1}{sec}{Ynumbered}{\the\chapno.\the\secno}% +} + +% normally calls appendixsectionzzz: +\outer\parseargdef\appendixsection{\apphead1{#1}} +\def\appendixsectionzzz#1{% + \global\subsecno=0 \global\subsubsecno=0 \global\advance\secno by 1 + \sectionheading{#1}{sec}{Yappendix}{\appendixletter.\the\secno}% +} +\let\appendixsec\appendixsection + +% normally calls unnumberedseczzz: +\outer\parseargdef\unnumberedsec{\unnmhead1{#1}} +\def\unnumberedseczzz#1{% + \global\subsecno=0 \global\subsubsecno=0 \global\advance\secno by 1 + \sectionheading{#1}{sec}{Ynothing}{\the\unnumberedno.\the\secno}% +} + +% Subsections. +% +% normally calls numberedsubseczzz: +\outer\parseargdef\numberedsubsec{\numhead2{#1}} +\def\numberedsubseczzz#1{% + \global\subsubsecno=0 \global\advance\subsecno by 1 + \sectionheading{#1}{subsec}{Ynumbered}{\the\chapno.\the\secno.\the\subsecno}% +} + +% normally calls appendixsubseczzz: +\outer\parseargdef\appendixsubsec{\apphead2{#1}} +\def\appendixsubseczzz#1{% + \global\subsubsecno=0 \global\advance\subsecno by 1 + \sectionheading{#1}{subsec}{Yappendix}% + {\appendixletter.\the\secno.\the\subsecno}% +} + +% normally calls unnumberedsubseczzz: +\outer\parseargdef\unnumberedsubsec{\unnmhead2{#1}} +\def\unnumberedsubseczzz#1{% + \global\subsubsecno=0 \global\advance\subsecno by 1 + \sectionheading{#1}{subsec}{Ynothing}% + {\the\unnumberedno.\the\secno.\the\subsecno}% +} + +% Subsubsections. +% +% normally numberedsubsubseczzz: +\outer\parseargdef\numberedsubsubsec{\numhead3{#1}} +\def\numberedsubsubseczzz#1{% + \global\advance\subsubsecno by 1 + \sectionheading{#1}{subsubsec}{Ynumbered}% + {\the\chapno.\the\secno.\the\subsecno.\the\subsubsecno}% +} + +% normally appendixsubsubseczzz: +\outer\parseargdef\appendixsubsubsec{\apphead3{#1}} +\def\appendixsubsubseczzz#1{% + \global\advance\subsubsecno by 1 + \sectionheading{#1}{subsubsec}{Yappendix}% + {\appendixletter.\the\secno.\the\subsecno.\the\subsubsecno}% +} + +% normally unnumberedsubsubseczzz: +\outer\parseargdef\unnumberedsubsubsec{\unnmhead3{#1}} +\def\unnumberedsubsubseczzz#1{% + \global\advance\subsubsecno by 1 + \sectionheading{#1}{subsubsec}{Ynothing}% + {\the\unnumberedno.\the\secno.\the\subsecno.\the\subsubsecno}% +} + +% These macros control what the section commands do, according +% to what kind of chapter we are in (ordinary, appendix, or unnumbered). +% Define them by default for a numbered chapter. +\let\section = \numberedsec +\let\subsection = \numberedsubsec +\let\subsubsection = \numberedsubsubsec + +% Define @majorheading, @heading and @subheading + +\def\majorheading{% + {\advance\chapheadingskip by 10pt \chapbreak }% + \parsearg\chapheadingzzz +} + +\def\chapheading{\chapbreak \parsearg\chapheadingzzz} +\def\chapheadingzzz#1{% + \vbox{\chapfonts \raggedtitlesettings #1\par}% + \nobreak\bigskip \nobreak + \suppressfirstparagraphindent +} + +% @heading, @subheading, @subsubheading. +\parseargdef\heading{\sectionheading{#1}{sec}{Yomitfromtoc}{} + \suppressfirstparagraphindent} +\parseargdef\subheading{\sectionheading{#1}{subsec}{Yomitfromtoc}{} + \suppressfirstparagraphindent} +\parseargdef\subsubheading{\sectionheading{#1}{subsubsec}{Yomitfromtoc}{} + \suppressfirstparagraphindent} + +% These macros generate a chapter, section, etc. heading only +% (including whitespace, linebreaking, etc. around it), +% given all the information in convenient, parsed form. + +% Args are the skip and penalty (usually negative) +\def\dobreak#1#2{\par\ifdim\lastskip<#1\removelastskip\penalty#2\vskip#1\fi} + +% Parameter controlling skip before chapter headings (if needed) +\newskip\chapheadingskip + +% Define plain chapter starts, and page on/off switching for it. +\def\chapbreak{\dobreak \chapheadingskip {-4000}} + +% Start a new page +\def\chappager{\par\vfill\supereject} + +% \chapoddpage - start on an odd page for a new chapter +% Because \domark is called before \chapoddpage, the filler page will +% get the headings for the next chapter, which is wrong. But we don't +% care -- we just disable all headings on the filler page. +\def\chapoddpage{% + \chappager + \ifodd\pageno \else + \begingroup + \headingsoff + \null + \chappager + \endgroup + \fi +} + +\parseargdef\setchapternewpage{\csname CHAPPAG#1\endcsname} + +\def\CHAPPAGoff{% +\global\let\contentsalignmacro = \chappager +\global\let\pchapsepmacro=\chapbreak +\global\let\pagealignmacro=\chappager} + +\def\CHAPPAGon{% +\global\let\contentsalignmacro = \chappager +\global\let\pchapsepmacro=\chappager +\global\let\pagealignmacro=\chappager +\global\def\HEADINGSon{\HEADINGSsingle}} + +\def\CHAPPAGodd{% +\global\let\contentsalignmacro = \chapoddpage +\global\let\pchapsepmacro=\chapoddpage +\global\let\pagealignmacro=\chapoddpage +\global\def\HEADINGSon{\HEADINGSdouble}} + +\CHAPPAGon + +% \chapmacro - Chapter opening. +% +% #1 is the text, #2 is the section type (Ynumbered, Ynothing, +% Yappendix, Yomitfromtoc), #3 the chapter number. +% Not used for @heading series. +% +% To test against our argument. +\def\Ynothingkeyword{Ynothing} +\def\Yappendixkeyword{Yappendix} +\def\Yomitfromtockeyword{Yomitfromtoc} +% +\def\chapmacro#1#2#3{% + \expandafter\ifx\thisenv\titlepage\else + \checkenv{}% chapters, etc., should not start inside an environment. + \fi + % Insert the first mark before the heading break (see notes for \domark). + \let\prevchapterdefs=\currentchapterdefs + \let\prevsectiondefs=\currentsectiondefs + \gdef\currentsectiondefs{\gdef\thissectionname{}\gdef\thissectionnum{}% + \gdef\thissection{}}% + % + \def\temptype{#2}% + \ifx\temptype\Ynothingkeyword + \gdef\currentchapterdefs{\gdef\thischaptername{#1}\gdef\thischapternum{}% + \gdef\thischapter{\thischaptername}}% + \else\ifx\temptype\Yomitfromtockeyword + \gdef\currentchapterdefs{\gdef\thischaptername{#1}\gdef\thischapternum{}% + \gdef\thischapter{}}% + \else\ifx\temptype\Yappendixkeyword + \toks0={#1}% + \xdef\currentchapterdefs{% + \gdef\noexpand\thischaptername{\the\toks0}% + \gdef\noexpand\thischapternum{\appendixletter}% + % \noexpand\putwordAppendix avoids expanding indigestible + % commands in some of the translations. + \gdef\noexpand\thischapter{\noexpand\putwordAppendix{} + \noexpand\thischapternum: + \noexpand\thischaptername}% + }% + \else + \toks0={#1}% + \xdef\currentchapterdefs{% + \gdef\noexpand\thischaptername{\the\toks0}% + \gdef\noexpand\thischapternum{\the\chapno}% + % \noexpand\putwordChapter avoids expanding indigestible + % commands in some of the translations. + \gdef\noexpand\thischapter{\noexpand\putwordChapter{} + \noexpand\thischapternum: + \noexpand\thischaptername}% + }% + \fi\fi\fi + % + % Output the mark. Pass it through \safewhatsit, to take care of + % the preceding space. + \safewhatsit\domark + % + % Insert the chapter heading break. + \pchapsepmacro + % + % Now the second mark, after the heading break. No break points + % between here and the heading. + \let\prevchapterdefs=\currentchapterdefs + \let\prevsectiondefs=\currentsectiondefs + \domark + % + {% + \chapfonts \rm + \let\footnote=\errfootnoteheading % give better error message + % + % Have to define \currentsection before calling \donoderef, because the + % xref code eventually uses it. On the other hand, it has to be called + % after \pchapsepmacro, or the headline will change too soon. + \gdef\currentsection{#1}% + % + % Only insert the separating space if we have a chapter/appendix + % number, and don't print the unnumbered ``number''. + \ifx\temptype\Ynothingkeyword + \setbox0 = \hbox{}% + \def\toctype{unnchap}% + \else\ifx\temptype\Yomitfromtockeyword + \setbox0 = \hbox{}% contents like unnumbered, but no toc entry + \def\toctype{omit}% + \else\ifx\temptype\Yappendixkeyword + \setbox0 = \hbox{\putwordAppendix{} #3\enspace}% + \def\toctype{app}% + \else + \setbox0 = \hbox{#3\enspace}% + \def\toctype{numchap}% + \fi\fi\fi + % + % Write the toc entry for this chapter. Must come before the + % \donoderef, because we include the current node name in the toc + % entry, and \donoderef resets it to empty. + \writetocentry{\toctype}{#1}{#3}% + % + % For pdftex, we have to write out the node definition (aka, make + % the pdfdest) after any page break, but before the actual text has + % been typeset. If the destination for the pdf outline is after the + % text, then jumping from the outline may wind up with the text not + % being visible, for instance under high magnification. + \donoderef{#2}% + % + % Typeset the actual heading. + \nobreak % Avoid page breaks at the interline glue. + \vbox{\raggedtitlesettings \hangindent=\wd0 \centerparametersmaybe + \unhbox0 #1\par}% + }% + \nobreak\bigskip % no page break after a chapter title + \nobreak +} + +% @centerchap -- centered and unnumbered. +\let\centerparametersmaybe = \relax +\def\centerparameters{% + \advance\rightskip by 3\rightskip + \leftskip = \rightskip + \parfillskip = 0pt +} + + +% Section titles. These macros combine the section number parts and +% call the generic \sectionheading to do the printing. +% +\newskip\secheadingskip +\def\secheadingbreak{\dobreak \secheadingskip{-1000}} + +% Subsection titles. +\newskip\subsecheadingskip +\def\subsecheadingbreak{\dobreak \subsecheadingskip{-500}} + +% Subsubsection titles. +\def\subsubsecheadingskip{\subsecheadingskip} +\def\subsubsecheadingbreak{\subsecheadingbreak} + + +% Print any size, any type, section title. +% +% #1 is the text of the title, +% #2 is the section level (sec/subsec/subsubsec), +% #3 is the section type (Ynumbered, Ynothing, Yappendix, Yomitfromtoc), +% #4 is the section number. +% +\def\seckeyword{sec} +% +\def\sectionheading#1#2#3#4{% + {% + \def\sectionlevel{#2}% + \def\temptype{#3}% + % + % It is ok for the @heading series commands to appear inside an + % environment (it's been historically allowed, though the logic is + % dubious), but not the others. + \ifx\temptype\Yomitfromtockeyword\else + \checkenv{}% non-@*heading should not be in an environment. + \fi + \let\footnote=\errfootnoteheading + % + % Switch to the right set of fonts. + \csname #2fonts\endcsname \rm + % + % Insert first mark before the heading break (see notes for \domark). + \let\prevsectiondefs=\currentsectiondefs + \ifx\temptype\Ynothingkeyword + \ifx\sectionlevel\seckeyword + \gdef\currentsectiondefs{\gdef\thissectionname{#1}\gdef\thissectionnum{}% + \gdef\thissection{\thissectionname}}% + \fi + \else\ifx\temptype\Yomitfromtockeyword + % Don't redefine \thissection. + \else\ifx\temptype\Yappendixkeyword + \ifx\sectionlevel\seckeyword + \toks0={#1}% + \xdef\currentsectiondefs{% + \gdef\noexpand\thissectionname{\the\toks0}% + \gdef\noexpand\thissectionnum{#4}% + % \noexpand\putwordSection avoids expanding indigestible + % commands in some of the translations. + \gdef\noexpand\thissection{\noexpand\putwordSection{} + \noexpand\thissectionnum: + \noexpand\thissectionname}% + }% + \fi + \else + \ifx\sectionlevel\seckeyword + \toks0={#1}% + \xdef\currentsectiondefs{% + \gdef\noexpand\thissectionname{\the\toks0}% + \gdef\noexpand\thissectionnum{#4}% + % \noexpand\putwordSection avoids expanding indigestible + % commands in some of the translations. + \gdef\noexpand\thissection{\noexpand\putwordSection{} + \noexpand\thissectionnum: + \noexpand\thissectionname}% + }% + \fi + \fi\fi\fi + % + % Go into vertical mode. Usually we'll already be there, but we + % don't want the following whatsit to end up in a preceding paragraph + % if the document didn't happen to have a blank line. + \par + % + % Output the mark. Pass it through \safewhatsit, to take care of + % the preceding space. + \safewhatsit\domark + % + % Insert space above the heading. + \csname #2headingbreak\endcsname + % + % Now the second mark, after the heading break. No break points + % between here and the heading. + \global\let\prevsectiondefs=\currentsectiondefs + \domark + % + % Only insert the space after the number if we have a section number. + \ifx\temptype\Ynothingkeyword + \setbox0 = \hbox{}% + \def\toctype{unn}% + \gdef\currentsection{#1}% + \else\ifx\temptype\Yomitfromtockeyword + % for @headings -- no section number, don't include in toc, + % and don't redefine \currentsection. + \setbox0 = \hbox{}% + \def\toctype{omit}% + \let\sectionlevel=\empty + \else\ifx\temptype\Yappendixkeyword + \setbox0 = \hbox{#4\enspace}% + \def\toctype{app}% + \gdef\currentsection{#1}% + \else + \setbox0 = \hbox{#4\enspace}% + \def\toctype{num}% + \gdef\currentsection{#1}% + \fi\fi\fi + % + % Write the toc entry (before \donoderef). See comments in \chapmacro. + \writetocentry{\toctype\sectionlevel}{#1}{#4}% + % + % Write the node reference (= pdf destination for pdftex). + % Again, see comments in \chapmacro. + \donoderef{#3}% + % + % Interline glue will be inserted when the vbox is completed. + % That glue will be a valid breakpoint for the page, since it'll be + % preceded by a whatsit (usually from the \donoderef, or from the + % \writetocentry if there was no node). We don't want to allow that + % break, since then the whatsits could end up on page n while the + % section is on page n+1, thus toc/etc. are wrong. Debian bug 276000. + \nobreak + % + % Output the actual section heading. + \vbox{\hyphenpenalty=10000 \tolerance=5000 \parindent=0pt \ptexraggedright + \hangindent=\wd0 % zero if no section number + \unhbox0 #1}% + }% + % Add extra space after the heading -- half of whatever came above it. + % Don't allow stretch, though. + \kern .5 \csname #2headingskip\endcsname + % + % Do not let the kern be a potential breakpoint, as it would be if it + % was followed by glue. + \nobreak + % + % We'll almost certainly start a paragraph next, so don't let that + % glue accumulate. (Not a breakpoint because it's preceded by a + % discardable item.) However, when a paragraph is not started next + % (\startdefun, \cartouche, \center, etc.), this needs to be wiped out + % or the negative glue will cause weirdly wrong output, typically + % obscuring the section heading with something else. + \vskip-\parskip + % + % This is so the last item on the main vertical list is a known + % \penalty > 10000, so \startdefun, etc., can recognize the situation + % and do the needful. + \penalty 10001 +} + + +\message{toc,} +% Table of contents. +\newwrite\tocfile + +% Write an entry to the toc file, opening it if necessary. +% Called from @chapter, etc. +% +% Example usage: \writetocentry{sec}{Section Name}{\the\chapno.\the\secno} +% We append the current node name (if any) and page number as additional +% arguments for the \{chap,sec,...}entry macros which will eventually +% read this. The node name is used in the pdf outlines as the +% destination to jump to. +% +% We open the .toc file for writing here instead of at @setfilename (or +% any other fixed time) so that @contents can be anywhere in the document. +% But if #1 is `omit', then we don't do anything. This is used for the +% table of contents chapter openings themselves. +% +\newif\iftocfileopened +\def\omitkeyword{omit}% +% +\def\writetocentry#1#2#3{% + \edef\writetoctype{#1}% + \ifx\writetoctype\omitkeyword \else + \iftocfileopened\else + \immediate\openout\tocfile = \jobname.toc + \global\tocfileopenedtrue + \fi + % + \iflinks + {\atdummies + \edef\temp{% + \write\tocfile{@#1entry{#2}{#3}{\lastnode}{\noexpand\folio}}}% + \temp + }% + \fi + \fi + % + % Tell \shipout to create a pdf destination on each page, if we're + % writing pdf. These are used in the table of contents. We can't + % just write one on every page because the title pages are numbered + % 1 and 2 (the page numbers aren't printed), and so are the first + % two pages of the document. Thus, we'd have two destinations named + % `1', and two named `2'. + \ifpdforxetex + \global\pdfmakepagedesttrue + \fi +} + + +% These characters do not print properly in the Computer Modern roman +% fonts, so we must take special care. This is more or less redundant +% with the Texinfo input format setup at the end of this file. +% +\def\activecatcodes{% + \catcode`\"=\active + \catcode`\$=\active + \catcode`\<=\active + \catcode`\>=\active + \catcode`\\=\active + \catcode`\^=\active + \catcode`\_=\active + \catcode`\|=\active + \catcode`\~=\active +} + + +% Read the toc file, which is essentially Texinfo input. +\def\readtocfile{% + \setupdatafile + \activecatcodes + \input \tocreadfilename +} + +\newskip\contentsrightmargin \contentsrightmargin=1in +\newcount\savepageno +\newcount\lastnegativepageno \lastnegativepageno = -1 + +% Prepare to read what we've written to \tocfile. +% +\def\startcontents#1{% + % If @setchapternewpage on, and @headings double, the contents should + % start on an odd page, unlike chapters. Thus, we maintain + % \contentsalignmacro in parallel with \pagealignmacro. + % From: Torbjorn Granlund + \contentsalignmacro + \immediate\closeout\tocfile + % + % Don't need to put `Contents' or `Short Contents' in the headline. + % It is abundantly clear what they are. + \chapmacro{#1}{Yomitfromtoc}{}% + % + \savepageno = \pageno + \begingroup % Set up to handle contents files properly. + \raggedbottom % Worry more about breakpoints than the bottom. + \entryrightmargin=\contentsrightmargin % Don't use the full line length. + % + % Roman numerals for page numbers. + \ifnum \pageno>0 \global\pageno = \lastnegativepageno \fi +} + +% redefined for the two-volume lispref. We always output on +% \jobname.toc even if this is redefined. +% +\def\tocreadfilename{\jobname.toc} + +% Normal (long) toc. +% +\def\contents{% + \startcontents{\putwordTOC}% + \openin 1 \tocreadfilename\space + \ifeof 1 \else + \readtocfile + \fi + \vfill \eject + \contentsalignmacro % in case @setchapternewpage odd is in effect + \ifeof 1 \else + \pdfmakeoutlines + \fi + \closein 1 + \endgroup + \lastnegativepageno = \pageno + \global\pageno = \savepageno +} + +% And just the chapters. +\def\summarycontents{% + \startcontents{\putwordShortTOC}% + % + \let\partentry = \shortpartentry + \let\numchapentry = \shortchapentry + \let\appentry = \shortchapentry + \let\unnchapentry = \shortunnchapentry + % We want a true roman here for the page numbers. + \secfonts + \let\rm=\shortcontrm \let\bf=\shortcontbf + \let\sl=\shortcontsl \let\tt=\shortconttt + \rm + \hyphenpenalty = 10000 + \advance\baselineskip by 1pt % Open it up a little. + \def\numsecentry##1##2##3##4{} + \let\appsecentry = \numsecentry + \let\unnsecentry = \numsecentry + \let\numsubsecentry = \numsecentry + \let\appsubsecentry = \numsecentry + \let\unnsubsecentry = \numsecentry + \let\numsubsubsecentry = \numsecentry + \let\appsubsubsecentry = \numsecentry + \let\unnsubsubsecentry = \numsecentry + \openin 1 \tocreadfilename\space + \ifeof 1 \else + \readtocfile + \fi + \closein 1 + \vfill \eject + \contentsalignmacro % in case @setchapternewpage odd is in effect + \endgroup + \lastnegativepageno = \pageno + \global\pageno = \savepageno +} +\let\shortcontents = \summarycontents + +% Typeset the label for a chapter or appendix for the short contents. +% The arg is, e.g., `A' for an appendix, or `3' for a chapter. +% +\def\shortchaplabel#1{% + % This space should be enough, since a single number is .5em, and the + % widest letter (M) is 1em, at least in the Computer Modern fonts. + % But use \hss just in case. + % (This space doesn't include the extra space that gets added after + % the label; that gets put in by \shortchapentry above.) + % + % We'd like to right-justify chapter numbers, but that looks strange + % with appendix letters. And right-justifying numbers and + % left-justifying letters looks strange when there is less than 10 + % chapters. Have to read the whole toc once to know how many chapters + % there are before deciding ... + \hbox to 1em{#1\hss}% +} + +% These macros generate individual entries in the table of contents. +% The first argument is the chapter or section name. +% The last argument is the page number. +% The arguments in between are the chapter number, section number, ... + +% Parts, in the main contents. Replace the part number, which doesn't +% exist, with an empty box. Let's hope all the numbers have the same width. +% Also ignore the page number, which is conventionally not printed. +\def\numeralbox{\setbox0=\hbox{8}\hbox to \wd0{\hfil}} +\def\partentry#1#2#3#4{% + % Add stretch and a bonus for breaking the page before the part heading. + % This reduces the chance of the page being broken immediately after the + % part heading, before a following chapter heading. + \vskip 0pt plus 5\baselineskip + \penalty-300 + \vskip 0pt plus -5\baselineskip + \dochapentry{\numeralbox\labelspace#1}{}% +} +% +% Parts, in the short toc. +\def\shortpartentry#1#2#3#4{% + \penalty-300 + \vskip.5\baselineskip plus.15\baselineskip minus.1\baselineskip + \shortchapentry{{\bf #1}}{\numeralbox}{}{}% +} + +% Chapters, in the main contents. +\def\numchapentry#1#2#3#4{\dochapentry{#2\labelspace#1}{#4}} + +% Chapters, in the short toc. +% See comments in \dochapentry re vbox and related settings. +\def\shortchapentry#1#2#3#4{% + \tocentry{\shortchaplabel{#2}\labelspace #1}{\doshortpageno\bgroup#4\egroup}% +} + +% Appendices, in the main contents. +% Need the word Appendix, and a fixed-size box. +% +\def\appendixbox#1{% + % We use M since it's probably the widest letter. + \setbox0 = \hbox{\putwordAppendix{} M}% + \hbox to \wd0{\putwordAppendix{} #1\hss}} +% +\def\appentry#1#2#3#4{\dochapentry{\appendixbox{#2}\hskip.7em#1}{#4}} + +% Unnumbered chapters. +\def\unnchapentry#1#2#3#4{\dochapentry{#1}{#4}} +\def\shortunnchapentry#1#2#3#4{\tocentry{#1}{\doshortpageno\bgroup#4\egroup}} + +% Sections. +\def\numsecentry#1#2#3#4{\dosecentry{#2\labelspace#1}{#4}} +\let\appsecentry=\numsecentry +\def\unnsecentry#1#2#3#4{\dosecentry{#1}{#4}} + +% Subsections. +\def\numsubsecentry#1#2#3#4{\dosubsecentry{#2\labelspace#1}{#4}} +\let\appsubsecentry=\numsubsecentry +\def\unnsubsecentry#1#2#3#4{\dosubsecentry{#1}{#4}} + +% And subsubsections. +\def\numsubsubsecentry#1#2#3#4{\dosubsubsecentry{#2\labelspace#1}{#4}} +\let\appsubsubsecentry=\numsubsubsecentry +\def\unnsubsubsecentry#1#2#3#4{\dosubsubsecentry{#1}{#4}} + +% This parameter controls the indentation of the various levels. +% Same as \defaultparindent. +\newdimen\tocindent \tocindent = 15pt + +% Now for the actual typesetting. In all these, #1 is the text and #2 is the +% page number. +% +% If the toc has to be broken over pages, we want it to be at chapters +% if at all possible; hence the \penalty. +\def\dochapentry#1#2{% + \penalty-300 \vskip1\baselineskip plus.33\baselineskip minus.25\baselineskip + \begingroup + % Move the page numbers slightly to the right + \advance\entryrightmargin by -0.05em + \chapentryfonts + \tocentry{#1}{\dopageno\bgroup#2\egroup}% + \endgroup + \nobreak\vskip .25\baselineskip plus.1\baselineskip +} + +\def\dosecentry#1#2{\begingroup + \secentryfonts \leftskip=\tocindent + \tocentry{#1}{\dopageno\bgroup#2\egroup}% +\endgroup} + +\def\dosubsecentry#1#2{\begingroup + \subsecentryfonts \leftskip=2\tocindent + \tocentry{#1}{\dopageno\bgroup#2\egroup}% +\endgroup} + +\def\dosubsubsecentry#1#2{\begingroup + \subsubsecentryfonts \leftskip=3\tocindent + \tocentry{#1}{\dopageno\bgroup#2\egroup}% +\endgroup} + +% We use the same \entry macro as for the index entries. +\let\tocentry = \entry + +% Space between chapter (or whatever) number and the title. +\def\labelspace{\hskip1em \relax} + +\def\dopageno#1{{\rm #1}} +\def\doshortpageno#1{{\rm #1}} + +\def\chapentryfonts{\secfonts \rm} +\def\secentryfonts{\textfonts} +\def\subsecentryfonts{\textfonts} +\def\subsubsecentryfonts{\textfonts} + + +\message{environments,} +% @foo ... @end foo. + +% @tex ... @end tex escapes into raw TeX temporarily. +% One exception: @ is still an escape character, so that @end tex works. +% But \@ or @@ will get a plain @ character. + +\envdef\tex{% + \setupmarkupstyle{tex}% + \catcode `\\=0 \catcode `\{=1 \catcode `\}=2 + \catcode `\$=3 \catcode `\&=4 \catcode `\#=6 + \catcode `\^=7 \catcode `\_=8 \catcode `\~=\active \let~=\tie + \catcode `\%=14 + \catcode `\+=\other + \catcode `\"=\other + \catcode `\|=\other + \catcode `\<=\other + \catcode `\>=\other + \catcode `\`=\other + \catcode `\'=\other + % + % ' is active in math mode (mathcode"8000). So reset it, and all our + % other math active characters (just in case), to plain's definitions. + \mathactive + % + % Inverse of the list at the beginning of the file. + \let\b=\ptexb + \let\bullet=\ptexbullet + \let\c=\ptexc + \let\,=\ptexcomma + \let\.=\ptexdot + \let\dots=\ptexdots + \let\equiv=\ptexequiv + \let\!=\ptexexclam + \let\i=\ptexi + \let\indent=\ptexindent + \let\noindent=\ptexnoindent + \let\{=\ptexlbrace + \let\+=\tabalign + \let\}=\ptexrbrace + \let\/=\ptexslash + \let\sp=\ptexsp + \let\*=\ptexstar + %\let\sup=\ptexsup % do not redefine, we want @sup to work in math mode + \let\t=\ptext + \expandafter \let\csname top\endcsname=\ptextop % we've made it outer + \let\frenchspacing=\plainfrenchspacing + % + \def\endldots{\mathinner{\ldots\ldots\ldots\ldots}}% + \def\enddots{\relax\ifmmode\endldots\else$\mathsurround=0pt \endldots\,$\fi}% + \def\@{@}% +} +% There is no need to define \Etex. + +% Define @lisp ... @end lisp. +% @lisp environment forms a group so it can rebind things, +% including the definition of @end lisp (which normally is erroneous). + +% Amount to narrow the margins by for @lisp. +\newskip\lispnarrowing \lispnarrowing=0.4in + +% This is the definition that ^^M gets inside @lisp, @example, and other +% such environments. \null is better than a space, since it doesn't +% have any width. +\def\lisppar{\null\endgraf} + +% This space is always present above and below environments. +\newskip\envskipamount \envskipamount = 0pt + +% Make spacing and below environment symmetrical. We use \parskip here +% to help in doing that, since in @example-like environments \parskip +% is reset to zero; thus the \afterenvbreak inserts no space -- but the +% start of the next paragraph will insert \parskip. +% +\def\aboveenvbreak{{% + % =10000 instead of <10000 because of a special case in \itemzzz and + % \sectionheading, q.v. + \ifnum \lastpenalty=10000 \else + \advance\envskipamount by \parskip + \endgraf + \ifdim\lastskip<\envskipamount + \removelastskip + \ifnum\lastpenalty<10000 + % Penalize breaking before the environment, because preceding text + % often leads into it. + \penalty100 + \fi + \vskip\envskipamount + \fi + \fi +}} + +\def\afterenvbreak{{% + % =10000 instead of <10000 because of a special case in \itemzzz and + % \sectionheading, q.v. + \ifnum \lastpenalty=10000 \else + \advance\envskipamount by \parskip + \endgraf + \ifdim\lastskip<\envskipamount + \removelastskip + % it's not a good place to break if the last penalty was \nobreak + % or better ... + \ifnum\lastpenalty<10000 \penalty-50 \fi + \vskip\envskipamount + \fi + \fi +}} + +% \nonarrowing is a flag. If "set", @lisp etc don't narrow margins; it will +% also clear it, so that its embedded environments do the narrowing again. +\let\nonarrowing=\relax + +% @cartouche ... @end cartouche: draw rectangle w/rounded corners around +% environment contents. + +% +\def\ctl{{\circle\char'013\hskip -6pt}}% 6pt from pl file: 1/2charwidth +\def\ctr{{\hskip 6pt\circle\char'010}} +\def\cbl{{\circle\char'012\hskip -6pt}} +\def\cbr{{\hskip 6pt\circle\char'011}} +\def\carttop{\hbox to \cartouter{\hskip\lskip + \ctl\leaders\hrule height\circthick\hfil\ctr + \hskip\rskip}} +\def\cartbot{\hbox to \cartouter{\hskip\lskip + \cbl\leaders\hrule height\circthick\hfil\cbr + \hskip\rskip}} +% +\newskip\lskip\newskip\rskip + +% only require the font if @cartouche is actually used +\def\cartouchefontdefs{% + \font\circle=lcircle10\relax + \circthick=\fontdimen8\circle +} +\newdimen\circthick +\newdimen\cartouter\newdimen\cartinner +\newskip\normbskip\newskip\normpskip\newskip\normlskip + + +\envdef\cartouche{% + \cartouchefontdefs + \ifhmode\par\fi % can't be in the midst of a paragraph. + \startsavinginserts + \lskip=\leftskip \rskip=\rightskip + \leftskip=0pt\rightskip=0pt % we want these *outside*. + \cartinner=\hsize \advance\cartinner by-\lskip + \advance\cartinner by-\rskip + \cartouter=\hsize + \advance\cartouter by 18.4pt % allow for 3pt kerns on either + % side, and for 6pt waste from + % each corner char, and rule thickness + \normbskip=\baselineskip \normpskip=\parskip \normlskip=\lineskip + % + % If this cartouche directly follows a sectioning command, we need the + % \parskip glue (backspaced over by default) or the cartouche can + % collide with the section heading. + \ifnum\lastpenalty>10000 \vskip\parskip \penalty\lastpenalty \fi + % + \setbox\groupbox=\vbox\bgroup + \baselineskip=0pt\parskip=0pt\lineskip=0pt + \carttop + \hbox\bgroup + \hskip\lskip + \vrule\kern3pt + \vbox\bgroup + \kern3pt + \hsize=\cartinner + \baselineskip=\normbskip + \lineskip=\normlskip + \parskip=\normpskip + \vskip -\parskip + \comment % For explanation, see the end of def\group. +} +\def\Ecartouche{% + \ifhmode\par\fi + \kern3pt + \egroup + \kern3pt\vrule + \hskip\rskip + \egroup + \cartbot + \egroup + \addgroupbox + \checkinserts +} + + +% This macro is called at the beginning of all the @example variants, +% inside a group. +\newdimen\nonfillparindent +\def\nonfillstart{% + \aboveenvbreak + \ifdim\hfuzz < 12pt \hfuzz = 12pt \fi % Don't be fussy + \sepspaces % Make spaces be word-separators rather than space tokens. + \let\par = \lisppar % don't ignore blank lines + \obeylines % each line of input is a line of output + \parskip = 0pt + % Turn off paragraph indentation but redefine \indent to emulate + % the normal \indent. + \nonfillparindent=\parindent + \parindent = 0pt + \let\indent\nonfillindent + % + \emergencystretch = 0pt % don't try to avoid overfull boxes + \ifx\nonarrowing\relax + \advance \leftskip by \lispnarrowing + \exdentamount=\lispnarrowing + \else + \let\nonarrowing = \relax + \fi + \let\exdent=\nofillexdent +} + +\begingroup +\obeyspaces +% We want to swallow spaces (but not other tokens) after the fake +% @indent in our nonfill-environments, where spaces are normally +% active and set to @tie, resulting in them not being ignored after +% @indent. +\gdef\nonfillindent{\futurelet\temp\nonfillindentcheck}% +\gdef\nonfillindentcheck{% +\ifx\temp % +\expandafter\nonfillindentgobble% +\else% +\leavevmode\nonfillindentbox% +\fi% +}% +\endgroup +\def\nonfillindentgobble#1{\nonfillindent} +\def\nonfillindentbox{\hbox to \nonfillparindent{\hss}} + +% If you want all examples etc. small: @set dispenvsize small. +% If you want even small examples the full size: @set dispenvsize nosmall. +% This affects the following displayed environments: +% @example, @display, @format, @lisp +% +\def\smallword{small} +\def\nosmallword{nosmall} +\let\SETdispenvsize\relax +\def\setnormaldispenv{% + \ifx\SETdispenvsize\smallword + % end paragraph for sake of leading, in case document has no blank + % line. This is redundant with what happens in \aboveenvbreak, but + % we need to do it before changing the fonts, and it's inconvenient + % to change the fonts afterward. + \ifnum \lastpenalty=10000 \else \endgraf \fi + \smallexamplefonts \rm + \fi +} +\def\setsmalldispenv{% + \ifx\SETdispenvsize\nosmallword + \else + \ifnum \lastpenalty=10000 \else \endgraf \fi + \smallexamplefonts \rm + \fi +} + +% We often define two environments, @foo and @smallfoo. +% Let's do it in one command. #1 is the env name, #2 the definition. +\def\makedispenvdef#1#2{% + \expandafter\envdef\csname#1\endcsname {\setnormaldispenv #2}% + \expandafter\envdef\csname small#1\endcsname {\setsmalldispenv #2}% + \expandafter\let\csname E#1\endcsname \afterenvbreak + \expandafter\let\csname Esmall#1\endcsname \afterenvbreak +} + +% Define two environment synonyms (#1 and #2) for an environment. +\def\maketwodispenvdef#1#2#3{% + \makedispenvdef{#1}{#3}% + \makedispenvdef{#2}{#3}% +} +% +% @lisp: indented, narrowed, typewriter font; +% @example: same as @lisp. +% +% @smallexample and @smalllisp: use smaller fonts. +% Originally contributed by Pavel@xerox. +% +\maketwodispenvdef{lisp}{example}{% + \nonfillstart + \tt\setupmarkupstyle{example}% + \let\kbdfont = \kbdexamplefont % Allow @kbd to do something special. + \gobble % eat return +} +% @display/@smalldisplay: same as @lisp except keep current font. +% +\makedispenvdef{display}{% + \nonfillstart + \gobble +} + +% @format/@smallformat: same as @display except don't narrow margins. +% +\makedispenvdef{format}{% + \let\nonarrowing = t% + \nonfillstart + \gobble +} + +% @flushleft: same as @format, but doesn't obey \SETdispenvsize. +\envdef\flushleft{% + \let\nonarrowing = t% + \nonfillstart + \gobble +} +\let\Eflushleft = \afterenvbreak + +% @flushright. +% +\envdef\flushright{% + \let\nonarrowing = t% + \nonfillstart + \advance\leftskip by 0pt plus 1fill\relax + \gobble +} +\let\Eflushright = \afterenvbreak + + +% @raggedright does more-or-less normal line breaking but no right +% justification. From plain.tex. +\envdef\raggedright{% + \rightskip0pt plus2.4em \spaceskip.3333em \xspaceskip.5em\relax +} +\let\Eraggedright\par + +\envdef\raggedleft{% + \parindent=0pt \leftskip0pt plus2em + \spaceskip.3333em \xspaceskip.5em \parfillskip=0pt + \hbadness=10000 % Last line will usually be underfull, so turn off + % badness reporting. +} +\let\Eraggedleft\par + +\envdef\raggedcenter{% + \parindent=0pt \rightskip0pt plus1em \leftskip0pt plus1em + \spaceskip.3333em \xspaceskip.5em \parfillskip=0pt + \hbadness=10000 % Last line will usually be underfull, so turn off + % badness reporting. +} +\let\Eraggedcenter\par + + +% @quotation does normal linebreaking (hence we can't use \nonfillstart) +% and narrows the margins. We keep \parskip nonzero in general, since +% we're doing normal filling. So, when using \aboveenvbreak and +% \afterenvbreak, temporarily make \parskip 0. +% +\makedispenvdef{quotation}{\quotationstart} +% +\def\quotationstart{% + \indentedblockstart % same as \indentedblock, but increase right margin too. + \ifx\nonarrowing\relax + \advance\rightskip by \lispnarrowing + \fi + \parsearg\quotationlabel +} + +% We have retained a nonzero parskip for the environment, since we're +% doing normal filling. +% +\def\Equotation{% + \par + \ifx\quotationauthor\thisisundefined\else + % indent a bit. + \leftline{\kern 2\leftskip \sl ---\quotationauthor}% + \fi + {\parskip=0pt \afterenvbreak}% +} +\def\Esmallquotation{\Equotation} + +% If we're given an argument, typeset it in bold with a colon after. +\def\quotationlabel#1{% + \def\temp{#1}% + \ifx\temp\empty \else + {\bf #1: }% + \fi +} + +% @indentedblock is like @quotation, but indents only on the left and +% has no optional argument. +% +\makedispenvdef{indentedblock}{\indentedblockstart} +% +\def\indentedblockstart{% + {\parskip=0pt \aboveenvbreak}% because \aboveenvbreak inserts \parskip + \parindent=0pt + % + % @cartouche defines \nonarrowing to inhibit narrowing at next level down. + \ifx\nonarrowing\relax + \advance\leftskip by \lispnarrowing + \exdentamount = \lispnarrowing + \else + \let\nonarrowing = \relax + \fi +} + +% Keep a nonzero parskip for the environment, since we're doing normal filling. +% +\def\Eindentedblock{% + \par + {\parskip=0pt \afterenvbreak}% +} +\def\Esmallindentedblock{\Eindentedblock} + + +% LaTeX-like @verbatim...@end verbatim and @verb{...} +% If we want to allow any as delimiter, +% we need the curly braces so that makeinfo sees the @verb command, eg: +% `@verbx...x' would look like the '@verbx' command. --janneke@gnu.org +% +% [Knuth]: Donald Ervin Knuth, 1996. The TeXbook. +% +% [Knuth] p.344; only we need to do the other characters Texinfo sets +% active too. Otherwise, they get lost as the first character on a +% verbatim line. +\def\dospecials{% + \do\ \do\\\do\{\do\}\do\$\do\&% + \do\#\do\^\do\^^K\do\_\do\^^A\do\%\do\~% + \do\<\do\>\do\|\do\@\do+\do\"% + % Don't do the quotes -- if we do, @set txicodequoteundirected and + % @set txicodequotebacktick will not have effect on @verb and + % @verbatim, and ?` and !` ligatures won't get disabled. + %\do\`\do\'% +} +% +% [Knuth] p. 380 +\def\uncatcodespecials{% + \def\do##1{\catcode`##1=\other}\dospecials} +% +% Setup for the @verb command. +% +% Eight spaces for a tab +\begingroup + \catcode`\^^I=\active + \gdef\tabeightspaces{\catcode`\^^I=\active\def^^I{\ \ \ \ \ \ \ \ }} +\endgroup +% +\def\setupverb{% + \tt % easiest (and conventionally used) font for verbatim + \def\par{\leavevmode\endgraf}% + \setupmarkupstyle{verb}% + \tabeightspaces + % Respect line breaks, + % print special symbols as themselves, and + % make each space count + % must do in this order: + \obeylines \uncatcodespecials \sepspaces +} + +% Setup for the @verbatim environment +% +% Real tab expansion. +\newdimen\tabw \setbox0=\hbox{\tt\space} \tabw=8\wd0 % tab amount +% +% We typeset each line of the verbatim in an \hbox, so we can handle +% tabs. The \global is in case the verbatim line starts with an accent, +% or some other command that starts with a begin-group. Otherwise, the +% entire \verbbox would disappear at the corresponding end-group, before +% it is typeset. Meanwhile, we can't have nested verbatim commands +% (can we?), so the \global won't be overwriting itself. +\newbox\verbbox +\def\starttabbox{\global\setbox\verbbox=\hbox\bgroup} +% +\begingroup + \catcode`\^^I=\active + \gdef\tabexpand{% + \catcode`\^^I=\active + \def^^I{\leavevmode\egroup + \dimen\verbbox=\wd\verbbox % the width so far, or since the previous tab + \divide\dimen\verbbox by\tabw + \multiply\dimen\verbbox by\tabw % compute previous multiple of \tabw + \advance\dimen\verbbox by\tabw % advance to next multiple of \tabw + \wd\verbbox=\dimen\verbbox \box\verbbox \starttabbox + }% + } +\endgroup + +% start the verbatim environment. +\def\setupverbatim{% + \let\nonarrowing = t% + \nonfillstart + \tt % easiest (and conventionally used) font for verbatim + % The \leavevmode here is for blank lines. Otherwise, we would + % never \starttabbox and the \egroup would end verbatim mode. + \def\par{\leavevmode\egroup\box\verbbox\endgraf}% + \tabexpand + \setupmarkupstyle{verbatim}% + % Respect line breaks, + % print special symbols as themselves, and + % make each space count. + % Must do in this order: + \obeylines \uncatcodespecials \sepspaces + \everypar{\starttabbox}% +} + +% Do the @verb magic: verbatim text is quoted by unique +% delimiter characters. Before first delimiter expect a +% right brace, after last delimiter expect closing brace: +% +% \def\doverb'{'#1'}'{#1} +% +% [Knuth] p. 382; only eat outer {} +\begingroup + \catcode`[=1\catcode`]=2\catcode`\{=\other\catcode`\}=\other + \gdef\doverb{#1[\def\next##1#1}[##1\endgroup]\next] +\endgroup +% +\def\verb{\begingroup\setupverb\doverb} +% +% +% Do the @verbatim magic: define the macro \doverbatim so that +% the (first) argument ends when '@end verbatim' is reached, ie: +% +% \def\doverbatim#1@end verbatim{#1} +% +% For Texinfo it's a lot easier than for LaTeX, +% because texinfo's \verbatim doesn't stop at '\end{verbatim}': +% we need not redefine '\', '{' and '}'. +% +% Inspired by LaTeX's verbatim command set [latex.ltx] +% +\begingroup + \catcode`\ =\active + \obeylines % + % ignore everything up to the first ^^M, that's the newline at the end + % of the @verbatim input line itself. Otherwise we get an extra blank + % line in the output. + \xdef\doverbatim#1^^M#2@end verbatim{#2\noexpand\end\gobble verbatim}% + % We really want {...\end verbatim} in the body of the macro, but + % without the active space; thus we have to use \xdef and \gobble. +\endgroup +% +\envdef\verbatim{% + \setupverbatim\doverbatim +} +\let\Everbatim = \afterenvbreak + + +% @verbatiminclude FILE - insert text of file in verbatim environment. +% +\def\verbatiminclude{\parseargusing\filenamecatcodes\doverbatiminclude} +% +\def\doverbatiminclude#1{% + {% + \makevalueexpandable + \setupverbatim + {% + \indexnofonts % Allow `@@' and other weird things in file names. + \wlog{texinfo.tex: doing @verbatiminclude of #1^^J}% + \edef\tmp{\noexpand\input #1 } + \expandafter + }\tmp + \afterenvbreak + }% +} + +% @copying ... @end copying. +% Save the text away for @insertcopying later. +% +% We save the uninterpreted tokens, rather than creating a box. +% Saving the text in a box would be much easier, but then all the +% typesetting commands (@smallbook, font changes, etc.) have to be done +% beforehand -- and a) we want @copying to be done first in the source +% file; b) letting users define the frontmatter in as flexible order as +% possible is desirable. +% +\def\copying{\checkenv{}\begingroup\scanargctxt\docopying} +\def\docopying#1@end copying{\endgroup\def\copyingtext{#1}} +% +\def\insertcopying{% + \begingroup + \parindent = 0pt % paragraph indentation looks wrong on title page + \scanexp\copyingtext + \endgroup +} + + +\message{defuns,} +% @defun etc. + +\newskip\defbodyindent \defbodyindent=.4in +\newskip\defargsindent \defargsindent=50pt +\newskip\deflastargmargin \deflastargmargin=18pt +\newcount\defunpenalty + +% Start the processing of @deffn: +\def\startdefun{% + \ifnum\lastpenalty<10000 + \medbreak + \defunpenalty=10003 % Will keep this @deffn together with the + % following @def command, see below. + \else + % If there are two @def commands in a row, we'll have a \nobreak, + % which is there to keep the function description together with its + % header. But if there's nothing but headers, we need to allow a + % break somewhere. Check specifically for penalty 10002, inserted + % by \printdefunline, instead of 10000, since the sectioning + % commands also insert a nobreak penalty, and we don't want to allow + % a break between a section heading and a defun. + % + % As a further refinement, we avoid "club" headers by signalling + % with penalty of 10003 after the very first @deffn in the + % sequence (see above), and penalty of 10002 after any following + % @def command. + \ifnum\lastpenalty=10002 \penalty2000 \else \defunpenalty=10002 \fi + % + % Similarly, after a section heading, do not allow a break. + % But do insert the glue. + \medskip % preceded by discardable penalty, so not a breakpoint + \fi + % + \parindent=0in + \advance\leftskip by \defbodyindent + \exdentamount=\defbodyindent +} + +\def\dodefunx#1{% + % First, check whether we are in the right environment: + \checkenv#1% + % + % As above, allow line break if we have multiple x headers in a row. + % It's not a great place, though. + \ifnum\lastpenalty=10002 \penalty3000 \else \defunpenalty=10002 \fi + % + % And now, it's time to reuse the body of the original defun: + \expandafter\gobbledefun#1% +} +\def\gobbledefun#1\startdefun{} + +% \printdefunline \deffnheader{text} +% +\def\printdefunline#1#2{% + \begingroup + % call \deffnheader: + #1#2 \endheader + % common ending: + \interlinepenalty = 10000 + \advance\rightskip by 0pt plus 1fil\relax + \endgraf + \nobreak\vskip -\parskip + \penalty\defunpenalty % signal to \startdefun and \dodefunx + % Some of the @defun-type tags do not enable magic parentheses, + % rendering the following check redundant. But we don't optimize. + \checkparencounts + \endgroup +} + +\def\Edefun{\endgraf\medbreak} + +% \makedefun{deffn} creates \deffn, \deffnx and \Edeffn; +% the only thing remaining is to define \deffnheader. +% +\def\makedefun#1{% + \expandafter\let\csname E#1\endcsname = \Edefun + \edef\temp{\noexpand\domakedefun + \makecsname{#1}\makecsname{#1x}\makecsname{#1header}}% + \temp +} + +% \domakedefun \deffn \deffnx \deffnheader { (defn. of \deffnheader) } +% +% Define \deffn and \deffnx, without parameters. +% \deffnheader has to be defined explicitly. +% +\def\domakedefun#1#2#3{% + \envdef#1{% + \startdefun + \doingtypefnfalse % distinguish typed functions from all else + \parseargusing\activeparens{\printdefunline#3}% + }% + \def#2{\dodefunx#1}% + \def#3% +} + +\newif\ifdoingtypefn % doing typed function? +\newif\ifrettypeownline % typeset return type on its own line? + +% @deftypefnnewline on|off says whether the return type of typed functions +% are printed on their own line. This affects @deftypefn, @deftypefun, +% @deftypeop, and @deftypemethod. +% +\parseargdef\deftypefnnewline{% + \def\temp{#1}% + \ifx\temp\onword + \expandafter\let\csname SETtxideftypefnnl\endcsname + = \empty + \else\ifx\temp\offword + \expandafter\let\csname SETtxideftypefnnl\endcsname + = \relax + \else + \errhelp = \EMsimple + \errmessage{Unknown @txideftypefnnl value `\temp', + must be on|off}% + \fi\fi +} + +% \dosubind {index}{topic}{subtopic} +% +% If SUBTOPIC is present, precede it with a space, and call \doind. +% (At some time during the 20th century, this made a two-level entry in an +% index such as the operation index. Nobody seemed to notice the change in +% behaviour though.) +\def\dosubind#1#2#3{% + \def\thirdarg{#3}% + \ifx\thirdarg\empty + \doind{#1}{#2}% + \else + \doind{#1}{#2\space#3}% + \fi +} + +% Untyped functions: + +% @deffn category name args +\makedefun{deffn}{\deffngeneral{}} + +% @deffn category class name args +\makedefun{defop}#1 {\defopon{#1\ \putwordon}} + +% \defopon {category on}class name args +\def\defopon#1#2 {\deffngeneral{\putwordon\ \code{#2}}{#1\ \code{#2}} } + +% \deffngeneral {subind}category name args +% +\def\deffngeneral#1#2 #3 #4\endheader{% + \dosubind{fn}{\code{#3}}{#1}% + \defname{#2}{}{#3}\magicamp\defunargs{#4\unskip}% +} + +% Typed functions: + +% @deftypefn category type name args +\makedefun{deftypefn}{\deftypefngeneral{}} + +% @deftypeop category class type name args +\makedefun{deftypeop}#1 {\deftypeopon{#1\ \putwordon}} + +% \deftypeopon {category on}class type name args +\def\deftypeopon#1#2 {\deftypefngeneral{\putwordon\ \code{#2}}{#1\ \code{#2}} } + +% \deftypefngeneral {subind}category type name args +% +\def\deftypefngeneral#1#2 #3 #4 #5\endheader{% + \dosubind{fn}{\code{#4}}{#1}% + \doingtypefntrue + \defname{#2}{#3}{#4}\defunargs{#5\unskip}% +} + +% Typed variables: + +% @deftypevr category type var args +\makedefun{deftypevr}{\deftypecvgeneral{}} + +% @deftypecv category class type var args +\makedefun{deftypecv}#1 {\deftypecvof{#1\ \putwordof}} + +% \deftypecvof {category of}class type var args +\def\deftypecvof#1#2 {\deftypecvgeneral{\putwordof\ \code{#2}}{#1\ \code{#2}} } + +% \deftypecvgeneral {subind}category type var args +% +\def\deftypecvgeneral#1#2 #3 #4 #5\endheader{% + \dosubind{vr}{\code{#4}}{#1}% + \defname{#2}{#3}{#4}\defunargs{#5\unskip}% +} + +% Untyped variables: + +% @defvr category var args +\makedefun{defvr}#1 {\deftypevrheader{#1} {} } + +% @defcv category class var args +\makedefun{defcv}#1 {\defcvof{#1\ \putwordof}} + +% \defcvof {category of}class var args +\def\defcvof#1#2 {\deftypecvof{#1}#2 {} } + +% Types: + +% @deftp category name args +\makedefun{deftp}#1 #2 #3\endheader{% + \doind{tp}{\code{#2}}% + \defname{#1}{}{#2}\defunargs{#3\unskip}% +} + +% Remaining @defun-like shortcuts: +\makedefun{defun}{\deffnheader{\putwordDeffunc} } +\makedefun{defmac}{\deffnheader{\putwordDefmac} } +\makedefun{defspec}{\deffnheader{\putwordDefspec} } +\makedefun{deftypefun}{\deftypefnheader{\putwordDeffunc} } +\makedefun{defvar}{\defvrheader{\putwordDefvar} } +\makedefun{defopt}{\defvrheader{\putwordDefopt} } +\makedefun{deftypevar}{\deftypevrheader{\putwordDefvar} } +\makedefun{defmethod}{\defopon\putwordMethodon} +\makedefun{deftypemethod}{\deftypeopon\putwordMethodon} +\makedefun{defivar}{\defcvof\putwordInstanceVariableof} +\makedefun{deftypeivar}{\deftypecvof\putwordInstanceVariableof} + +% \defname, which formats the name of the @def (not the args). +% #1 is the category, such as "Function". +% #2 is the return type, if any. +% #3 is the function name. +% +% We are followed by (but not passed) the arguments, if any. +% +\def\defname#1#2#3{% + \par + % Get the values of \leftskip and \rightskip as they were outside the @def... + \advance\leftskip by -\defbodyindent + % + % Determine if we are typesetting the return type of a typed function + % on a line by itself. + \rettypeownlinefalse + \ifdoingtypefn % doing a typed function specifically? + % then check user option for putting return type on its own line: + \expandafter\ifx\csname SETtxideftypefnnl\endcsname\relax \else + \rettypeownlinetrue + \fi + \fi + % + % How we'll format the category name. Putting it in brackets helps + % distinguish it from the body text that may end up on the next line + % just below it. + \def\temp{#1}% + \setbox0=\hbox{\kern\deflastargmargin \ifx\temp\empty\else [\rm\temp]\fi} + % + % Figure out line sizes for the paragraph shape. We'll always have at + % least two. + \tempnum = 2 + % + % The first line needs space for \box0; but if \rightskip is nonzero, + % we need only space for the part of \box0 which exceeds it: + \dimen0=\hsize \advance\dimen0 by -\wd0 \advance\dimen0 by \rightskip + % + % If doing a return type on its own line, we'll have another line. + \ifrettypeownline + \advance\tempnum by 1 + \def\maybeshapeline{0in \hsize}% + \else + \def\maybeshapeline{}% + \fi + % + % The continuations: + \dimen2=\hsize \advance\dimen2 by -\defargsindent + % + % The final paragraph shape: + \parshape \tempnum 0in \dimen0 \maybeshapeline \defargsindent \dimen2 + % + % Put the category name at the right margin. + \noindent + \hbox to 0pt{% + \hfil\box0 \kern-\hsize + % \hsize has to be shortened this way: + \kern\leftskip + % Intentionally do not respect \rightskip, since we need the space. + }% + % + % Allow all lines to be underfull without complaint: + \tolerance=10000 \hbadness=10000 + \exdentamount=\defbodyindent + {% + % defun fonts. We use typewriter by default (used to be bold) because: + % . we're printing identifiers, they should be in tt in principle. + % . in languages with many accents, such as Czech or French, it's + % common to leave accents off identifiers. The result looks ok in + % tt, but exceedingly strange in rm. + % . we don't want -- and --- to be treated as ligatures. + % . this still does not fix the ?` and !` ligatures, but so far no + % one has made identifiers using them :). + \df \tt + \def\temp{#2}% text of the return type + \ifx\temp\empty\else + \tclose{\temp}% typeset the return type + \ifrettypeownline + % put return type on its own line; prohibit line break following: + \hfil\vadjust{\nobreak}\break + \else + \space % type on same line, so just followed by a space + \fi + \fi % no return type + #3% output function name + }% + {\rm\enskip}% hskip 0.5 em of \rmfont + % + \boldbrax + % arguments will be output next, if any. +} + +% Print arguments in slanted roman (not ttsl), inconsistently with using +% tt for the name. This is because literal text is sometimes needed in +% the argument list (groff manual), and ttsl and tt are not very +% distinguishable. Prevent hyphenation at `-' chars. +% +\def\defunargs#1{% + % use sl by default (not ttsl), + % tt for the names. + \df \sl \hyphenchar\font=0 + % + % On the other hand, if an argument has two dashes (for instance), we + % want a way to get ttsl. We used to recommend @var for that, so + % leave the code in, but it's strange for @var to lead to typewriter. + % Nowadays we recommend @code, since the difference between a ttsl hyphen + % and a tt hyphen is pretty tiny. @code also disables ?` !`. + \def\var##1{{\setupmarkupstyle{var}\ttslanted{##1}}}% + #1% + \sl\hyphenchar\font=45 +} + +% We want ()&[] to print specially on the defun line. +% +\def\activeparens{% + \catcode`\(=\active \catcode`\)=\active + \catcode`\[=\active \catcode`\]=\active + \catcode`\&=\active +} + +% Make control sequences which act like normal parenthesis chars. +\let\lparen = ( \let\rparen = ) + +% Be sure that we always have a definition for `(', etc. For example, +% if the fn name has parens in it, \boldbrax will not be in effect yet, +% so TeX would otherwise complain about undefined control sequence. +{ + \activeparens + \global\let(=\lparen \global\let)=\rparen + \global\let[=\lbrack \global\let]=\rbrack + \global\let& = \& + + \gdef\boldbrax{\let(=\opnr\let)=\clnr\let[=\lbrb\let]=\rbrb} + \gdef\magicamp{\let&=\amprm} +} +\let\ampchar\& + +\newcount\parencount + +% If we encounter &foo, then turn on ()-hacking afterwards +\newif\ifampseen +\def\amprm#1 {\ampseentrue{\bf\ }} + +\def\parenfont{% + \ifampseen + % At the first level, print parens in roman, + % otherwise use the default font. + \ifnum \parencount=1 \rm \fi + \else + % The \sf parens (in \boldbrax) actually are a little bolder than + % the contained text. This is especially needed for [ and ] . + \sf + \fi +} +\def\infirstlevel#1{% + \ifampseen + \ifnum\parencount=1 + #1% + \fi + \fi +} +\def\bfafterword#1 {#1 \bf} + +\def\opnr{% + \global\advance\parencount by 1 + {\parenfont(}% + \infirstlevel \bfafterword +} +\def\clnr{% + {\parenfont)}% + \infirstlevel \sl + \global\advance\parencount by -1 +} + +\newcount\brackcount +\def\lbrb{% + \global\advance\brackcount by 1 + {\bf[}% +} +\def\rbrb{% + {\bf]}% + \global\advance\brackcount by -1 +} + +\def\checkparencounts{% + \ifnum\parencount=0 \else \badparencount \fi + \ifnum\brackcount=0 \else \badbrackcount \fi +} +% these should not use \errmessage; the glibc manual, at least, actually +% has such constructs (when documenting function pointers). +\def\badparencount{% + \message{Warning: unbalanced parentheses in @def...}% + \global\parencount=0 +} +\def\badbrackcount{% + \message{Warning: unbalanced square brackets in @def...}% + \global\brackcount=0 +} + + +\message{macros,} +% @macro. + +% To do this right we need a feature of e-TeX, \scantokens, +% which we arrange to emulate with a temporary file in ordinary TeX. +\ifx\eTeXversion\thisisundefined + \newwrite\macscribble + \def\scantokens#1{% + \toks0={#1}% + \immediate\openout\macscribble=\jobname.tmp + \immediate\write\macscribble{\the\toks0}% + \immediate\closeout\macscribble + \input \jobname.tmp + } +\fi + +% Used at the time of macro expansion. +% Argument is macro body with arguments substituted +\def\scanmacro#1{% + \newlinechar`\^^M + \def\xeatspaces{\eatspaces}% + % + % Process the macro body under the current catcode regime. + \scantokens{#1@comment}% + % + % The \comment is to remove the \newlinechar added by \scantokens, and + % can be noticed by \parsearg. Note \c isn't used because this means cedilla + % in math mode. +} + +% Used for copying and captions +\def\scanexp#1{% + \expandafter\scanmacro\expandafter{#1}% +} + +\newcount\paramno % Count of parameters +\newtoks\macname % Macro name +\newif\ifrecursive % Is it recursive? + +% List of all defined macros in the form +% \commondummyword\macro1\commondummyword\macro2... +% Currently is also contains all @aliases; the list can be split +% if there is a need. +\def\macrolist{} + +% Add the macro to \macrolist +\def\addtomacrolist#1{\expandafter \addtomacrolistxxx \csname#1\endcsname} +\def\addtomacrolistxxx#1{% + \toks0 = \expandafter{\macrolist\commondummyword#1}% + \xdef\macrolist{\the\toks0}% +} + +% Utility routines. +% This does \let #1 = #2, with \csnames; that is, +% \let \csname#1\endcsname = \csname#2\endcsname +% (except of course we have to play expansion games). +% +\def\cslet#1#2{% + \expandafter\let + \csname#1\expandafter\endcsname + \csname#2\endcsname +} + +% Trim leading and trailing spaces off a string. +% Concepts from aro-bend problem 15 (see CTAN). +{\catcode`\@=11 +\gdef\eatspaces #1{\expandafter\trim@\expandafter{#1 }} +\gdef\trim@ #1{\trim@@ @#1 @ #1 @ @@} +\gdef\trim@@ #1@ #2@ #3@@{\trim@@@\empty #2 @} +\def\unbrace#1{#1} +\unbrace{\gdef\trim@@@ #1 } #2@{#1} +} + +% Trim a single trailing ^^M off a string. +{\catcode`\^^M=\other \catcode`\Q=3% +\gdef\eatcr #1{\eatcra #1Q^^MQ}% +\gdef\eatcra#1^^MQ{\eatcrb#1Q}% +\gdef\eatcrb#1Q#2Q{#1}% +} + +% Macro bodies are absorbed as an argument in a context where +% all characters are catcode 10, 11 or 12, except \ which is active +% (as in normal texinfo). It is necessary to change the definition of \ +% to recognize macro arguments; this is the job of \mbodybackslash. +% +% Non-ASCII encodings make 8-bit characters active, so un-activate +% them to avoid their expansion. Must do this non-globally, to +% confine the change to the current group. +% +% It's necessary to have hard CRs when the macro is executed. This is +% done by making ^^M (\endlinechar) catcode 12 when reading the macro +% body, and then making it the \newlinechar in \scanmacro. +% +\def\scanctxt{% used as subroutine + \catcode`\"=\other + \catcode`\+=\other + \catcode`\<=\other + \catcode`\>=\other + \catcode`\^=\other + \catcode`\_=\other + \catcode`\|=\other + \catcode`\~=\other + \passthroughcharstrue +} + +\def\scanargctxt{% used for copying and captions, not macros. + \scanctxt + \catcode`\@=\other + \catcode`\\=\other + \catcode`\^^M=\other +} + +\def\macrobodyctxt{% used for @macro definitions + \scanctxt + \catcode`\ =\other + \catcode`\@=\other + \catcode`\{=\other + \catcode`\}=\other + \catcode`\^^M=\other + \usembodybackslash +} + +% Used when scanning braced macro arguments. Note, however, that catcode +% changes here are ineffectual if the macro invocation was nested inside +% an argument to another Texinfo command. +\def\macroargctxt{% + \scanctxt + \catcode`\ =\active + \catcode`\@=\other + \catcode`\^^M=\other + \catcode`\\=\active +} + +\def\macrolineargctxt{% used for whole-line arguments without braces + \scanctxt + \catcode`\@=\other + \catcode`\{=\other + \catcode`\}=\other +} + +% \mbodybackslash is the definition of \ in @macro bodies. +% It maps \foo\ => \csname macarg.foo\endcsname => #N +% where N is the macro parameter number. +% We define \csname macarg.\endcsname to be \realbackslash, so +% \\ in macro replacement text gets you a backslash. +% +{\catcode`@=0 @catcode`@\=@active + @gdef@usembodybackslash{@let\=@mbodybackslash} + @gdef@mbodybackslash#1\{@csname macarg.#1@endcsname} +} +\expandafter\def\csname macarg.\endcsname{\realbackslash} + +\def\margbackslash#1{\char`\#1 } + +\def\macro{\recursivefalse\parsearg\macroxxx} +\def\rmacro{\recursivetrue\parsearg\macroxxx} + +\def\macroxxx#1{% + \getargs{#1}% now \macname is the macname and \argl the arglist + \ifx\argl\empty % no arguments + \paramno=0\relax + \else + \expandafter\parsemargdef \argl;% + \if\paramno>256\relax + \ifx\eTeXversion\thisisundefined + \errhelp = \EMsimple + \errmessage{You need eTeX to compile a file with macros with more than 256 arguments} + \fi + \fi + \fi + \if1\csname ismacro.\the\macname\endcsname + \message{Warning: redefining \the\macname}% + \else + \expandafter\ifx\csname \the\macname\endcsname \relax + \else \errmessage{Macro name \the\macname\space already defined}\fi + \global\cslet{macsave.\the\macname}{\the\macname}% + \global\expandafter\let\csname ismacro.\the\macname\endcsname=1% + \addtomacrolist{\the\macname}% + \fi + \begingroup \macrobodyctxt + \ifrecursive \expandafter\parsermacbody + \else \expandafter\parsemacbody + \fi} + +\parseargdef\unmacro{% + \if1\csname ismacro.#1\endcsname + \global\cslet{#1}{macsave.#1}% + \global\expandafter\let \csname ismacro.#1\endcsname=0% + % Remove the macro name from \macrolist: + \begingroup + \expandafter\let\csname#1\endcsname \relax + \let\commondummyword\unmacrodo + \xdef\macrolist{\macrolist}% + \endgroup + \else + \errmessage{Macro #1 not defined}% + \fi +} + +% Called by \do from \dounmacro on each macro. The idea is to omit any +% macro definitions that have been changed to \relax. +% +\def\unmacrodo#1{% + \ifx #1\relax + % remove this + \else + \noexpand\commondummyword \noexpand#1% + \fi +} + +% \getargs -- Parse the arguments to a @macro line. Set \macname to +% the name of the macro, and \argl to the braced argument list. +\def\getargs#1{\getargsxxx#1{}} +\def\getargsxxx#1#{\getmacname #1 \relax\getmacargs} +\def\getmacname#1 #2\relax{\macname={#1}} +\def\getmacargs#1{\def\argl{#1}} +% This made use of the feature that if the last token of a +% is #, then the preceding argument is delimited by +% an opening brace, and that opening brace is not consumed. + +% Parse the optional {params} list to @macro or @rmacro. +% Set \paramno to the number of arguments, +% and \paramlist to a parameter text for the macro (e.g. #1,#2,#3 for a +% three-param macro.) Define \macarg.BLAH for each BLAH in the params +% list to some hook where the argument is to be expanded. If there are +% less than 10 arguments that hook is to be replaced by ##N where N +% is the position in that list, that is to say the macro arguments are to be +% defined `a la TeX in the macro body. +% +% That gets used by \mbodybackslash (above). +% +% If there are 10 or more arguments, a different technique is used: see +% \parsemmanyargdef. +% +\def\parsemargdef#1;{% + \paramno=0\def\paramlist{}% + \let\hash\relax + % \hash is redefined to `#' later to get it into definitions + \let\xeatspaces\relax + \parsemargdefxxx#1,;,% + \ifnum\paramno<10\relax\else + \paramno0\relax + \parsemmanyargdef@@#1,;,% 10 or more arguments + \fi +} +\def\parsemargdefxxx#1,{% + \if#1;\let\next=\relax + \else \let\next=\parsemargdefxxx + \advance\paramno by 1 + \expandafter\edef\csname macarg.\eatspaces{#1}\endcsname + {\xeatspaces{\hash\the\paramno}}% + \edef\paramlist{\paramlist\hash\the\paramno,}% + \fi\next} + +% \parsemacbody, \parsermacbody +% +% Read recursive and nonrecursive macro bodies. (They're different since +% rec and nonrec macros end differently.) +% +% We are in \macrobodyctxt, and the \xdef causes backslashshes in the macro +% body to be transformed. +% Set \macrobody to the body of the macro, and call \defmacro. +% +{\catcode`\ =\other\long\gdef\parsemacbody#1@end macro{% +\xdef\macrobody{\eatcr{#1}}\endgroup\defmacro}}% +{\catcode`\ =\other\long\gdef\parsermacbody#1@end rmacro{% +\xdef\macrobody{\eatcr{#1}}\endgroup\defmacro}}% + +% Make @ a letter, so that we can make private-to-Texinfo macro names. +\edef\texiatcatcode{\the\catcode`\@} +\catcode `@=11\relax + +%%%%%%%%%%%%%% Code for > 10 arguments only %%%%%%%%%%%%%%%%%% + +% If there are 10 or more arguments, a different technique is used, where the +% hook remains in the body, and when macro is to be expanded the body is +% processed again to replace the arguments. +% +% In that case, the hook is \the\toks N-1, and we simply set \toks N-1 to the +% argument N value and then \edef the body (nothing else will expand because of +% the catcode regime under which the body was input). +% +% If you compile with TeX (not eTeX), and you have macros with 10 or more +% arguments, no macro can have more than 256 arguments (else error). +% +% In case that there are 10 or more arguments we parse again the arguments +% list to set new definitions for the \macarg.BLAH macros corresponding to +% each BLAH argument. It was anyhow needed to parse already once this list +% in order to count the arguments, and as macros with at most 9 arguments +% are by far more frequent than macro with 10 or more arguments, defining +% twice the \macarg.BLAH macros does not cost too much processing power. +\def\parsemmanyargdef@@#1,{% + \if#1;\let\next=\relax + \else + \let\next=\parsemmanyargdef@@ + \edef\tempb{\eatspaces{#1}}% + \expandafter\def\expandafter\tempa + \expandafter{\csname macarg.\tempb\endcsname}% + % Note that we need some extra \noexpand\noexpand, this is because we + % don't want \the to be expanded in the \parsermacbody as it uses an + % \xdef . + \expandafter\edef\tempa + {\noexpand\noexpand\noexpand\the\toks\the\paramno}% + \advance\paramno by 1\relax + \fi\next} + + +\let\endargs@\relax +\let\nil@\relax +\def\nilm@{\nil@}% +\long\def\nillm@{\nil@}% + +% This macro is expanded during the Texinfo macro expansion, not during its +% definition. It gets all the arguments' values and assigns them to macros +% macarg.ARGNAME +% +% #1 is the macro name +% #2 is the list of argument names +% #3 is the list of argument values +\def\getargvals@#1#2#3{% + \def\macargdeflist@{}% + \def\saveparamlist@{#2}% Need to keep a copy for parameter expansion. + \def\paramlist{#2,\nil@}% + \def\macroname{#1}% + \begingroup + \macroargctxt + \def\argvaluelist{#3,\nil@}% + \def\@tempa{#3}% + \ifx\@tempa\empty + \setemptyargvalues@ + \else + \getargvals@@ + \fi +} +\def\getargvals@@{% + \ifx\paramlist\nilm@ + % Some sanity check needed here that \argvaluelist is also empty. + \ifx\argvaluelist\nillm@ + \else + \errhelp = \EMsimple + \errmessage{Too many arguments in macro `\macroname'!}% + \fi + \let\next\macargexpandinbody@ + \else + \ifx\argvaluelist\nillm@ + % No more arguments values passed to macro. Set remaining named-arg + % macros to empty. + \let\next\setemptyargvalues@ + \else + % pop current arg name into \@tempb + \def\@tempa##1{\pop@{\@tempb}{\paramlist}##1\endargs@}% + \expandafter\@tempa\expandafter{\paramlist}% + % pop current argument value into \@tempc + \def\@tempa##1{\longpop@{\@tempc}{\argvaluelist}##1\endargs@}% + \expandafter\@tempa\expandafter{\argvaluelist}% + % Here \@tempb is the current arg name and \@tempc is the current arg value. + % First place the new argument macro definition into \@tempd + \expandafter\macname\expandafter{\@tempc}% + \expandafter\let\csname macarg.\@tempb\endcsname\relax + \expandafter\def\expandafter\@tempe\expandafter{% + \csname macarg.\@tempb\endcsname}% + \edef\@tempd{\long\def\@tempe{\the\macname}}% + \push@\@tempd\macargdeflist@ + \let\next\getargvals@@ + \fi + \fi + \next +} + +\def\push@#1#2{% + \expandafter\expandafter\expandafter\def + \expandafter\expandafter\expandafter#2% + \expandafter\expandafter\expandafter{% + \expandafter#1#2}% +} + +% Replace arguments by their values in the macro body, and place the result +% in macro \@tempa. +% +\def\macvalstoargs@{% + % To do this we use the property that token registers that are \the'ed + % within an \edef expand only once. So we are going to place all argument + % values into respective token registers. + % + % First we save the token context, and initialize argument numbering. + \begingroup + \paramno0\relax + % Then, for each argument number #N, we place the corresponding argument + % value into a new token list register \toks#N + \expandafter\putargsintokens@\saveparamlist@,;,% + % Then, we expand the body so that argument are replaced by their + % values. The trick for values not to be expanded themselves is that they + % are within tokens and that tokens expand only once in an \edef . + \edef\@tempc{\csname mac.\macroname .body\endcsname}% + % Now we restore the token stack pointer to free the token list registers + % which we have used, but we make sure that expanded body is saved after + % group. + \expandafter + \endgroup + \expandafter\def\expandafter\@tempa\expandafter{\@tempc}% + } + +% Define the named-macro outside of this group and then close this group. +% +\def\macargexpandinbody@{% + \expandafter + \endgroup + \macargdeflist@ + % First the replace in body the macro arguments by their values, the result + % is in \@tempa . + \macvalstoargs@ + % Then we point at the \norecurse or \gobble (for recursive) macro value + % with \@tempb . + \expandafter\let\expandafter\@tempb\csname mac.\macroname .recurse\endcsname + % Depending on whether it is recursive or not, we need some tailing + % \egroup . + \ifx\@tempb\gobble + \let\@tempc\relax + \else + \let\@tempc\egroup + \fi + % And now we do the real job: + \edef\@tempd{\noexpand\@tempb{\macroname}\noexpand\scanmacro{\@tempa}\@tempc}% + \@tempd +} + +\def\putargsintokens@#1,{% + \if#1;\let\next\relax + \else + \let\next\putargsintokens@ + % First we allocate the new token list register, and give it a temporary + % alias \@tempb . + \toksdef\@tempb\the\paramno + % Then we place the argument value into that token list register. + \expandafter\let\expandafter\@tempa\csname macarg.#1\endcsname + \expandafter\@tempb\expandafter{\@tempa}% + \advance\paramno by 1\relax + \fi + \next +} + +% Trailing missing arguments are set to empty. +% +\def\setemptyargvalues@{% + \ifx\paramlist\nilm@ + \let\next\macargexpandinbody@ + \else + \expandafter\setemptyargvaluesparser@\paramlist\endargs@ + \let\next\setemptyargvalues@ + \fi + \next +} + +\def\setemptyargvaluesparser@#1,#2\endargs@{% + \expandafter\def\expandafter\@tempa\expandafter{% + \expandafter\def\csname macarg.#1\endcsname{}}% + \push@\@tempa\macargdeflist@ + \def\paramlist{#2}% +} + +% #1 is the element target macro +% #2 is the list macro +% #3,#4\endargs@ is the list value +\def\pop@#1#2#3,#4\endargs@{% + \def#1{#3}% + \def#2{#4}% +} +\long\def\longpop@#1#2#3,#4\endargs@{% + \long\def#1{#3}% + \long\def#2{#4}% +} + + +%%%%%%%%%%%%%% End of code for > 10 arguments %%%%%%%%%%%%%%%%%% + + +% This defines a Texinfo @macro or @rmacro, called by \parsemacbody. +% \macrobody has the body of the macro in it, with placeholders for +% its parameters, looking like "\xeatspaces{\hash 1}". +% \paramno is the number of parameters +% \paramlist is a TeX parameter text, e.g. "#1,#2,#3," +% There are four cases: macros of zero, one, up to nine, and many arguments. +% \xdef is used so that macro definitions will survive the file +% they're defined in: @include reads the file inside a group. +% +\def\defmacro{% + \let\hash=##% convert placeholders to macro parameter chars + \ifnum\paramno=1 + \def\xeatspaces##1{##1}% + % This removes the pair of braces around the argument. We don't + % use \eatspaces, because this can cause ends of lines to be lost + % when the argument to \eatspaces is read, leading to line-based + % commands like "@itemize" not being read correctly. + \else + \let\xeatspaces\relax % suppress expansion + \fi + \ifcase\paramno + % 0 + \expandafter\xdef\csname\the\macname\endcsname{% + \bgroup + \noexpand\spaceisspace + \noexpand\endlineisspace + \noexpand\expandafter % skip any whitespace after the macro name. + \expandafter\noexpand\csname\the\macname @@@\endcsname}% + \expandafter\xdef\csname\the\macname @@@\endcsname{% + \egroup + \noexpand\scanmacro{\macrobody}}% + \or % 1 + \expandafter\xdef\csname\the\macname\endcsname{% + \bgroup + \noexpand\braceorline + \expandafter\noexpand\csname\the\macname @@@\endcsname}% + \expandafter\xdef\csname\the\macname @@@\endcsname##1{% + \egroup + \noexpand\scanmacro{\macrobody}% + }% + \else % at most 9 + \ifnum\paramno<10\relax + % @MACNAME sets the context for reading the macro argument + % @MACNAME@@ gets the argument, processes backslashes and appends a + % comma. + % @MACNAME@@@ removes braces surrounding the argument list. + % @MACNAME@@@@ scans the macro body with arguments substituted. + \expandafter\xdef\csname\the\macname\endcsname{% + \bgroup + \noexpand\expandafter % This \expandafter skip any spaces after the + \noexpand\macroargctxt % macro before we change the catcode of space. + \noexpand\expandafter + \expandafter\noexpand\csname\the\macname @@\endcsname}% + \expandafter\xdef\csname\the\macname @@\endcsname##1{% + \noexpand\passargtomacro + \expandafter\noexpand\csname\the\macname @@@\endcsname{##1,}}% + \expandafter\xdef\csname\the\macname @@@\endcsname##1{% + \expandafter\noexpand\csname\the\macname @@@@\endcsname ##1}% + \expandafter\expandafter + \expandafter\xdef + \expandafter\expandafter + \csname\the\macname @@@@\endcsname\paramlist{% + \egroup\noexpand\scanmacro{\macrobody}}% + \else % 10 or more: + \expandafter\xdef\csname\the\macname\endcsname{% + \noexpand\getargvals@{\the\macname}{\argl}% + }% + \global\expandafter\let\csname mac.\the\macname .body\endcsname\macrobody + \global\expandafter\let\csname mac.\the\macname .recurse\endcsname\gobble + \fi + \fi} + +\catcode `\@\texiatcatcode\relax % end private-to-Texinfo catcodes + +\def\norecurse#1{\bgroup\cslet{#1}{macsave.#1}} + + +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% +% +{\catcode`\@=0 \catcode`\\=13 % We need to manipulate \ so use @ as escape +@catcode`@_=11 % private names +@catcode`@!=11 % used as argument separator + +% \passargtomacro#1#2 - +% Call #1 with a list of tokens #2, with any doubled backslashes in #2 +% compressed to one. +% +% This implementation works by expansion, and not execution (so we cannot use +% \def or similar). This reduces the risk of this failing in contexts where +% complete expansion is done with no execution (for example, in writing out to +% an auxiliary file for an index entry). +% +% State is kept in the input stream: the argument passed to +% @look_ahead, @gobble_and_check_finish and @add_segment is +% +% THE_MACRO ARG_RESULT ! {PENDING_BS} NEXT_TOKEN (... rest of input) +% +% where: +% THE_MACRO - name of the macro we want to call +% ARG_RESULT - argument list we build to pass to that macro +% PENDING_BS - either a backslash or nothing +% NEXT_TOKEN - used to look ahead in the input stream to see what's coming next + +@gdef@passargtomacro#1#2{% + @add_segment #1!{}@relax#2\@_finish\% +} +@gdef@_finish{@_finishx} @global@let@_finishx@relax + +% #1 - THE_MACRO ARG_RESULT +% #2 - PENDING_BS +% #3 - NEXT_TOKEN +% #4 used to look ahead +% +% If the next token is not a backslash, process the rest of the argument; +% otherwise, remove the next token. +@gdef@look_ahead#1!#2#3#4{% + @ifx#4\% + @expandafter@gobble_and_check_finish + @else + @expandafter@add_segment + @fi#1!{#2}#4#4% +} + +% #1 - THE_MACRO ARG_RESULT +% #2 - PENDING_BS +% #3 - NEXT_TOKEN +% #4 should be a backslash, which is gobbled. +% #5 looks ahead +% +% Double backslash found. Add a single backslash, and look ahead. +@gdef@gobble_and_check_finish#1!#2#3#4#5{% + @add_segment#1\!{}#5#5% +} + +@gdef@is_fi{@fi} + +% #1 - THE_MACRO ARG_RESULT +% #2 - PENDING_BS +% #3 - NEXT_TOKEN +% #4 is input stream until next backslash +% +% Input stream is either at the start of the argument, or just after a +% backslash sequence, either a lone backslash, or a doubled backslash. +% NEXT_TOKEN contains the first token in the input stream: if it is \finish, +% finish; otherwise, append to ARG_RESULT the segment of the argument up until +% the next backslash. PENDING_BACKSLASH contains a backslash to represent +% a backslash just before the start of the input stream that has not been +% added to ARG_RESULT. +@gdef@add_segment#1!#2#3#4\{% +@ifx#3@_finish + @call_the_macro#1!% +@else + % append the pending backslash to the result, followed by the next segment + @expandafter@is_fi@look_ahead#1#2#4!{\}@fi + % this @fi is discarded by @look_ahead. + % we can't get rid of it with \expandafter because we don't know how + % long #4 is. +} + +% #1 - THE_MACRO +% #2 - ARG_RESULT +% #3 discards the res of the conditional in @add_segment, and @is_fi ends the +% conditional. +@gdef@call_the_macro#1#2!#3@fi{@is_fi #1{#2}} + +} +%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% + +% \braceorline MAC is used for a one-argument macro MAC. It checks +% whether the next non-whitespace character is a {. It sets the context +% for reading the argument (slightly different in the two cases). Then, +% to read the argument, in the whole-line case, it then calls the regular +% \parsearg MAC; in the lbrace case, it calls \passargtomacro MAC. +% +\def\braceorline#1{\let\macnamexxx=#1\futurelet\nchar\braceorlinexxx} +\def\braceorlinexxx{% + \ifx\nchar\bgroup + \macroargctxt + \expandafter\passargtomacro + \else + \macrolineargctxt\expandafter\parsearg + \fi \macnamexxx} + + +% @alias. +% We need some trickery to remove the optional spaces around the equal +% sign. Make them active and then expand them all to nothing. +% +\def\alias{\parseargusing\obeyspaces\aliasxxx} +\def\aliasxxx #1{\aliasyyy#1\relax} +\def\aliasyyy #1=#2\relax{% + {% + \expandafter\let\obeyedspace=\empty + \addtomacrolist{#1}% + \xdef\next{\global\let\makecsname{#1}=\makecsname{#2}}% + }% + \next +} + + +\message{cross references,} + +\newwrite\auxfile +\newif\ifhavexrefs % True if xref values are known. +\newif\ifwarnedxrefs % True if we warned once that they aren't known. + +% @inforef is relatively simple. +\def\inforef #1{\inforefzzz #1,,,,**} +\def\inforefzzz #1,#2,#3,#4**{% + \putwordSee{} \putwordInfo{} \putwordfile{} \file{\ignorespaces #3{}}, + node \samp{\ignorespaces#1{}}} + +% @node's only job in TeX is to define \lastnode, which is used in +% cross-references. The @node line might or might not have commas, and +% might or might not have spaces before the first comma, like: +% @node foo , bar , ... +% We don't want such trailing spaces in the node name. +% +\parseargdef\node{\checkenv{}\donode #1 ,\finishnodeparse} +% +% also remove a trailing comma, in case of something like this: +% @node Help-Cross, , , Cross-refs +\def\donode#1 ,#2\finishnodeparse{\dodonode #1,\finishnodeparse} +\def\dodonode#1,#2\finishnodeparse{\gdef\lastnode{#1}\omittopnode} + +% Used so that the @top node doesn't have to be wrapped in an @ifnottex +% conditional. +% \doignore goes to more effort to skip nested conditionals but we don't need +% that here. +\def\omittopnode{% + \ifx\lastnode\wordTop + \expandafter\ignorenode\fi +} +\def\wordTop{Top} + +% Until the next @node or @bye command, divert output to a box that is not +% output. +\def\ignorenode{\setbox\dummybox\vbox\bgroup\def\node{\egroup\node}% +\ignorenodebye +} + +{\let\bye\relax +\gdef\ignorenodebye{\let\bye\ignorenodebyedef} +\gdef\ignorenodebyedef{\egroup(`Top' node ignored)\bye}} +% The redefinition of \bye here is because it is declared \outer + +\let\lastnode=\empty + +% Write a cross-reference definition for the current node. #1 is the +% type (Ynumbered, Yappendix, Ynothing). +% +\def\donoderef#1{% + \ifx\lastnode\empty\else + \setref{\lastnode}{#1}% + \global\let\lastnode=\empty + \fi +} + +% @anchor{NAME} -- define xref target at arbitrary point. +% +\newcount\savesfregister +% +\def\savesf{\relax \ifhmode \savesfregister=\spacefactor \fi} +\def\restoresf{\relax \ifhmode \spacefactor=\savesfregister \fi} +\def\anchor#1{\savesf \setref{#1}{Ynothing}\restoresf \ignorespaces} + +% \setref{NAME}{SNT} defines a cross-reference point NAME (a node or an +% anchor), which consists of three parts: +% 1) NAME-title - the current sectioning name taken from \currentsection, +% or the anchor name. +% 2) NAME-snt - section number and type, passed as the SNT arg, or +% empty for anchors. +% 3) NAME-pg - the page number. +% +% This is called from \donoderef, \anchor, and \dofloat. In the case of +% floats, there is an additional part, which is not written here: +% 4) NAME-lof - the text as it should appear in a @listoffloats. +% +\def\setref#1#2{% + \pdfmkdest{#1}% + \iflinks + {% + \requireauxfile + \atdummies % preserve commands, but don't expand them + % match definition in \xrdef, \refx, \xrefX. + \def\value##1{##1}% + \edef\writexrdef##1##2{% + \write\auxfile{@xrdef{#1-% #1 of \setref, expanded by the \edef + ##1}{##2}}% these are parameters of \writexrdef + }% + \toks0 = \expandafter{\currentsection}% + \immediate \writexrdef{title}{\the\toks0 }% + \immediate \writexrdef{snt}{\csname #2\endcsname}% \Ynumbered etc. + \safewhatsit{\writexrdef{pg}{\folio}}% will be written later, at \shipout + }% + \fi +} + +% @xrefautosectiontitle on|off says whether @section(ing) names are used +% automatically in xrefs, if the third arg is not explicitly specified. +% This was provided as a "secret" @set xref-automatic-section-title +% variable, now it's official. +% +\parseargdef\xrefautomaticsectiontitle{% + \def\temp{#1}% + \ifx\temp\onword + \expandafter\let\csname SETxref-automatic-section-title\endcsname + = \empty + \else\ifx\temp\offword + \expandafter\let\csname SETxref-automatic-section-title\endcsname + = \relax + \else + \errhelp = \EMsimple + \errmessage{Unknown @xrefautomaticsectiontitle value `\temp', + must be on|off}% + \fi\fi +} + +% +% @xref, @pxref, and @ref generate cross-references. For \xrefX, #1 is +% the node name, #2 the name of the Info cross-reference, #3 the printed +% node name, #4 the name of the Info file, #5 the name of the printed +% manual. All but the node name can be omitted. +% +\def\pxref{\putwordsee{} \xrefXX} +\def\xref{\putwordSee{} \xrefXX} +\def\ref{\xrefXX} + +\def\xrefXX#1{\def\xrefXXarg{#1}\futurelet\tokenafterxref\xrefXXX} +\def\xrefXXX{\expandafter\xrefX\expandafter[\xrefXXarg,,,,,,,]} +% +\newbox\toprefbox +\newbox\printedrefnamebox +\newbox\infofilenamebox +\newbox\printedmanualbox +% +\def\xrefX[#1,#2,#3,#4,#5,#6]{\begingroup + \unsepspaces + % + % Get args without leading/trailing spaces. + \def\printedrefname{\ignorespaces #3}% + \setbox\printedrefnamebox = \hbox{\printedrefname\unskip}% + % + \def\infofilename{\ignorespaces #4}% + \setbox\infofilenamebox = \hbox{\infofilename\unskip}% + % + \def\printedmanual{\ignorespaces #5}% + \setbox\printedmanualbox = \hbox{\printedmanual\unskip}% + % + % If the printed reference name (arg #3) was not explicitly given in + % the @xref, figure out what we want to use. + \ifdim \wd\printedrefnamebox = 0pt + % No printed node name was explicitly given. + \expandafter\ifx\csname SETxref-automatic-section-title\endcsname \relax + % Not auto section-title: use node name inside the square brackets. + \def\printedrefname{\ignorespaces #1}% + \else + % Auto section-title: use chapter/section title inside + % the square brackets if we have it. + \ifdim \wd\printedmanualbox > 0pt + % It is in another manual, so we don't have it; use node name. + \def\printedrefname{\ignorespaces #1}% + \else + \ifhavexrefs + % We (should) know the real title if we have the xref values. + \def\printedrefname{\refx{#1-title}{}}% + \else + % Otherwise just copy the Info node name. + \def\printedrefname{\ignorespaces #1}% + \fi% + \fi + \fi + \fi + % + % Make link in pdf output. + \ifpdf + % For pdfTeX and LuaTeX + {\indexnofonts + \makevalueexpandable + \turnoffactive + % This expands tokens, so do it after making catcode changes, so _ + % etc. don't get their TeX definitions. This ignores all spaces in + % #4, including (wrongly) those in the middle of the filename. + \getfilename{#4}% + % + % This (wrongly) does not take account of leading or trailing + % spaces in #1, which should be ignored. + \setpdfdestname{#1}% + % + \ifx\pdfdestname\empty + \def\pdfdestname{Top}% no empty targets + \fi + % + \leavevmode + \startlink attr{/Border [0 0 0]}% + \ifnum\filenamelength>0 + goto file{\the\filename.pdf} name{\pdfdestname}% + \else + goto name{\pdfmkpgn{\pdfdestname}}% + \fi + }% + \setcolor{\linkcolor}% + \else + \ifx\XeTeXrevision\thisisundefined + \else + % For XeTeX + {\indexnofonts + \makevalueexpandable + \turnoffactive + % This expands tokens, so do it after making catcode changes, so _ + % etc. don't get their TeX definitions. This ignores all spaces in + % #4, including (wrongly) those in the middle of the filename. + \getfilename{#4}% + % + % This (wrongly) does not take account of leading or trailing + % spaces in #1, which should be ignored. + \setpdfdestname{#1}% + % + \ifx\pdfdestname\empty + \def\pdfdestname{Top}% no empty targets + \fi + % + \leavevmode + \ifnum\filenamelength>0 + % With default settings, + % XeTeX (xdvipdfmx) replaces link destination names with integers. + % In this case, the replaced destination names of + % remote PDFs are no longer known. In order to avoid a replacement, + % you can use xdvipdfmx's command line option `-C 0x0010'. + % If you use XeTeX 0.99996+ (TeX Live 2016+), + % this command line option is no longer necessary + % because we can use the `dvipdfmx:config' special. + \special{pdf:bann << /Border [0 0 0] /Type /Annot /Subtype /Link /A + << /S /GoToR /F (\the\filename.pdf) /D (\pdfdestname) >> >>}% + \else + \special{pdf:bann << /Border [0 0 0] /Type /Annot /Subtype /Link /A + << /S /GoTo /D (\pdfdestname) >> >>}% + \fi + }% + \setcolor{\linkcolor}% + \fi + \fi + {% + % Have to otherify everything special to allow the \csname to + % include an _ in the xref name, etc. + \indexnofonts + \turnoffactive + \def\value##1{##1}% + \expandafter\global\expandafter\let\expandafter\Xthisreftitle + \csname XR#1-title\endcsname + }% + % + % Float references are printed completely differently: "Figure 1.2" + % instead of "[somenode], p.3". \iffloat distinguishes them by + % \Xthisreftitle being set to a magic string. + \iffloat\Xthisreftitle + % If the user specified the print name (third arg) to the ref, + % print it instead of our usual "Figure 1.2". + \ifdim\wd\printedrefnamebox = 0pt + \refx{#1-snt}{}% + \else + \printedrefname + \fi + % + % If the user also gave the printed manual name (fifth arg), append + % "in MANUALNAME". + \ifdim \wd\printedmanualbox > 0pt + \space \putwordin{} \cite{\printedmanual}% + \fi + \else + % node/anchor (non-float) references. + % + % If we use \unhbox to print the node names, TeX does not insert + % empty discretionaries after hyphens, which means that it will not + % find a line break at a hyphen in a node names. Since some manuals + % are best written with fairly long node names, containing hyphens, + % this is a loss. Therefore, we give the text of the node name + % again, so it is as if TeX is seeing it for the first time. + % + \ifdim \wd\printedmanualbox > 0pt + % Cross-manual reference with a printed manual name. + % + \crossmanualxref{\cite{\printedmanual\unskip}}% + % + \else\ifdim \wd\infofilenamebox > 0pt + % Cross-manual reference with only an info filename (arg 4), no + % printed manual name (arg 5). This is essentially the same as + % the case above; we output the filename, since we have nothing else. + % + \crossmanualxref{\code{\infofilename\unskip}}% + % + \else + % Reference within this manual. + % + % _ (for example) has to be the character _ for the purposes of the + % control sequence corresponding to the node, but it has to expand + % into the usual \leavevmode...\vrule stuff for purposes of + % printing. So we \turnoffactive for the \refx-snt, back on for the + % printing, back off for the \refx-pg. + {\turnoffactive + % Only output a following space if the -snt ref is nonempty; for + % @unnumbered and @anchor, it won't be. + \setbox2 = \hbox{\ignorespaces \refx{#1-snt}{}}% + \ifdim \wd2 > 0pt \refx{#1-snt}\space\fi + }% + % output the `[mynode]' via the macro below so it can be overridden. + \xrefprintnodename\printedrefname + % + % But we always want a comma and a space: + ,\space + % + % output the `page 3'. + \turnoffactive \putwordpage\tie\refx{#1-pg}{}% + % Add a , if xref followed by a space + \if\space\noexpand\tokenafterxref ,% + \else\ifx\ \tokenafterxref ,% @TAB + \else\ifx\*\tokenafterxref ,% @* + \else\ifx\ \tokenafterxref ,% @SPACE + \else\ifx\ + \tokenafterxref ,% @NL + \else\ifx\tie\tokenafterxref ,% @tie + \fi\fi\fi\fi\fi\fi + \fi\fi + \fi + \endlink +\endgroup} + +% Output a cross-manual xref to #1. Used just above (twice). +% +% Only include the text "Section ``foo'' in" if the foo is neither +% missing or Top. Thus, @xref{,,,foo,The Foo Manual} outputs simply +% "see The Foo Manual", the idea being to refer to the whole manual. +% +% But, this being TeX, we can't easily compare our node name against the +% string "Top" while ignoring the possible spaces before and after in +% the input. By adding the arbitrary 7sp below, we make it much less +% likely that a real node name would have the same width as "Top" (e.g., +% in a monospaced font). Hopefully it will never happen in practice. +% +% For the same basic reason, we retypeset the "Top" at every +% reference, since the current font is indeterminate. +% +\def\crossmanualxref#1{% + \setbox\toprefbox = \hbox{Top\kern7sp}% + \setbox2 = \hbox{\ignorespaces \printedrefname \unskip \kern7sp}% + \ifdim \wd2 > 7sp % nonempty? + \ifdim \wd2 = \wd\toprefbox \else % same as Top? + \putwordSection{} ``\printedrefname'' \putwordin{}\space + \fi + \fi + #1% +} + +% This macro is called from \xrefX for the `[nodename]' part of xref +% output. It's a separate macro only so it can be changed more easily, +% since square brackets don't work well in some documents. Particularly +% one that Bob is working on :). +% +\def\xrefprintnodename#1{[#1]} + +% Things referred to by \setref. +% +\def\Ynothing{} +\def\Yomitfromtoc{} +\def\Ynumbered{% + \ifnum\secno=0 + \putwordChapter@tie \the\chapno + \else \ifnum\subsecno=0 + \putwordSection@tie \the\chapno.\the\secno + \else \ifnum\subsubsecno=0 + \putwordSection@tie \the\chapno.\the\secno.\the\subsecno + \else + \putwordSection@tie \the\chapno.\the\secno.\the\subsecno.\the\subsubsecno + \fi\fi\fi +} +\def\Yappendix{% + \ifnum\secno=0 + \putwordAppendix@tie @char\the\appendixno{}% + \else \ifnum\subsecno=0 + \putwordSection@tie @char\the\appendixno.\the\secno + \else \ifnum\subsubsecno=0 + \putwordSection@tie @char\the\appendixno.\the\secno.\the\subsecno + \else + \putwordSection@tie + @char\the\appendixno.\the\secno.\the\subsecno.\the\subsubsecno + \fi\fi\fi +} + +% \refx{NAME}{SUFFIX} - reference a cross-reference string named NAME. SUFFIX +% is output afterwards if non-empty. +\def\refx#1#2{% + \requireauxfile + {% + \indexnofonts + \otherbackslash + \def\value##1{##1}% + \expandafter\global\expandafter\let\expandafter\thisrefX + \csname XR#1\endcsname + }% + \ifx\thisrefX\relax + % If not defined, say something at least. + \angleleft un\-de\-fined\angleright + \iflinks + \ifhavexrefs + {\toks0 = {#1}% avoid expansion of possibly-complex value + \message{\linenumber Undefined cross reference `\the\toks0'.}}% + \else + \ifwarnedxrefs\else + \global\warnedxrefstrue + \message{Cross reference values unknown; you must run TeX again.}% + \fi + \fi + \fi + \else + % It's defined, so just use it. + \thisrefX + \fi + #2% Output the suffix in any case. +} + +% This is the macro invoked by entries in the aux file. Define a control +% sequence for a cross-reference target (we prepend XR to the control sequence +% name to avoid collisions). The value is the page number. If this is a float +% type, we have more work to do. +% +\def\xrdef#1#2{% + {% Expand the node or anchor name to remove control sequences. + % \turnoffactive stops 8-bit characters being changed to commands + % like @'e. \refx does the same to retrieve the value in the definition. + \indexnofonts + \turnoffactive + \def\value##1{##1}% + \xdef\safexrefname{#1}% + }% + % + \bgroup + \expandafter\gdef\csname XR\safexrefname\endcsname{#2}% + \egroup + % We put the \gdef inside a group to avoid the definitions building up on + % TeX's save stack, which can cause it to run out of space for aux files with + % thousands of lines. \gdef doesn't use the save stack, but \csname does + % when it defines an unknown control sequence as \relax. + % + % Was that xref control sequence that we just defined for a float? + \expandafter\iffloat\csname XR\safexrefname\endcsname + % it was a float, and we have the (safe) float type in \iffloattype. + \expandafter\let\expandafter\floatlist + \csname floatlist\iffloattype\endcsname + % + % Is this the first time we've seen this float type? + \expandafter\ifx\floatlist\relax + \toks0 = {\do}% yes, so just \do + \else + % had it before, so preserve previous elements in list. + \toks0 = \expandafter{\floatlist\do}% + \fi + % + % Remember this xref in the control sequence \floatlistFLOATTYPE, + % for later use in \listoffloats. + \expandafter\xdef\csname floatlist\iffloattype\endcsname{\the\toks0 + {\safexrefname}}% + \fi +} + +% If working on a large document in chapters, it is convenient to +% be able to disable indexing, cross-referencing, and contents, for test runs. +% This is done with @novalidate at the beginning of the file. +% +\newif\iflinks \linkstrue % by default we want the aux files. +\let\novalidate = \linksfalse + +% Used when writing to the aux file, or when using data from it. +\def\requireauxfile{% + \iflinks + \tryauxfile + % Open the new aux file. TeX will close it automatically at exit. + \immediate\openout\auxfile=\jobname.aux + \fi + \global\let\requireauxfile=\relax % Only do this once. +} + +% Read the last existing aux file, if any. No error if none exists. +% +\def\tryauxfile{% + \openin 1 \jobname.aux + \ifeof 1 \else + \readdatafile{aux}% + \global\havexrefstrue + \fi + \closein 1 +} + +\def\setupdatafile{% + \catcode`\^^@=\other + \catcode`\^^A=\other + \catcode`\^^B=\other + \catcode`\^^C=\other + \catcode`\^^D=\other + \catcode`\^^E=\other + \catcode`\^^F=\other + \catcode`\^^G=\other + \catcode`\^^H=\other + \catcode`\^^K=\other + \catcode`\^^L=\other + \catcode`\^^N=\other + \catcode`\^^P=\other + \catcode`\^^Q=\other + \catcode`\^^R=\other + \catcode`\^^S=\other + \catcode`\^^T=\other + \catcode`\^^U=\other + \catcode`\^^V=\other + \catcode`\^^W=\other + \catcode`\^^X=\other + \catcode`\^^Z=\other + \catcode`\^^[=\other + \catcode`\^^\=\other + \catcode`\^^]=\other + \catcode`\^^^=\other + \catcode`\^^_=\other + \catcode`\^=\other + % + % Special characters. Should be turned off anyway, but... + \catcode`\~=\other + \catcode`\[=\other + \catcode`\]=\other + \catcode`\"=\other + \catcode`\_=\other + \catcode`\|=\other + \catcode`\<=\other + \catcode`\>=\other + \catcode`\$=\other + \catcode`\#=\other + \catcode`\&=\other + \catcode`\%=\other + \catcode`+=\other % avoid \+ for paranoia even though we've turned it off + % + \catcode`\\=\active + % + % @ is our escape character in .aux files, and we need braces. + \catcode`\{=1 + \catcode`\}=2 + \catcode`\@=0 +} + +\def\readdatafile#1{% +\begingroup + \setupdatafile + \input\jobname.#1 +\endgroup} + + +\message{insertions,} +% including footnotes. + +\newcount \footnoteno + +% The trailing space in the following definition for supereject is +% vital for proper filling; pages come out unaligned when you do a +% pagealignmacro call if that space before the closing brace is +% removed. (Generally, numeric constants should always be followed by a +% space to prevent strange expansion errors.) +\def\supereject{\par\penalty -20000\footnoteno =0 } + +% @footnotestyle is meaningful for Info output only. +\let\footnotestyle=\comment + +{\catcode `\@=11 +% +% Auto-number footnotes. Otherwise like plain. +\gdef\footnote{% + \global\advance\footnoteno by \@ne + \edef\thisfootno{$^{\the\footnoteno}$}% + % + % In case the footnote comes at the end of a sentence, preserve the + % extra spacing after we do the footnote number. + \let\@sf\empty + \ifhmode\edef\@sf{\spacefactor\the\spacefactor}\ptexslash\fi + % + % Remove inadvertent blank space before typesetting the footnote number. + \unskip + \thisfootno\@sf + \dofootnote +}% + +% Don't bother with the trickery in plain.tex to not require the +% footnote text as a parameter. Our footnotes don't need to be so general. +% +% Oh yes, they do; otherwise, @ifset (and anything else that uses +% \parseargline) fails inside footnotes because the tokens are fixed when +% the footnote is read. --karl, 16nov96. +% +\gdef\dofootnote{% + \insert\footins\bgroup + % + % Nested footnotes are not supported in TeX, that would take a lot + % more work. (\startsavinginserts does not suffice.) + \let\footnote=\errfootnotenest + % + % We want to typeset this text as a normal paragraph, even if the + % footnote reference occurs in (for example) a display environment. + % So reset some parameters. + \hsize=\txipagewidth + \interlinepenalty\interfootnotelinepenalty + \splittopskip\ht\strutbox % top baseline for broken footnotes + \splitmaxdepth\dp\strutbox + \floatingpenalty\@MM + \leftskip\z@skip + \rightskip\z@skip + \spaceskip\z@skip + \xspaceskip\z@skip + \parindent\defaultparindent + % + \smallfonts \rm + % + % Because we use hanging indentation in footnotes, a @noindent appears + % to exdent this text, so make it be a no-op. makeinfo does not use + % hanging indentation so @noindent can still be needed within footnote + % text after an @example or the like (not that this is good style). + \let\noindent = \relax + % + % Hang the footnote text off the number. Use \everypar in case the + % footnote extends for more than one paragraph. + \everypar = {\hang}% + \textindent{\thisfootno}% + % + % Don't crash into the line above the footnote text. Since this + % expands into a box, it must come within the paragraph, lest it + % provide a place where TeX can split the footnote. + \footstrut + % + % Invoke rest of plain TeX footnote routine. + \futurelet\next\fo@t +} +}%end \catcode `\@=11 + +\def\errfootnotenest{% + \errhelp=\EMsimple + \errmessage{Nested footnotes not supported in texinfo.tex, + even though they work in makeinfo; sorry} +} + +\def\errfootnoteheading{% + \errhelp=\EMsimple + \errmessage{Footnotes in chapters, sections, etc., are not supported} +} + +% In case a @footnote appears in a vbox, save the footnote text and create +% the real \insert just after the vbox finished. Otherwise, the insertion +% would be lost. +% Similarly, if a @footnote appears inside an alignment, save the footnote +% text to a box and make the \insert when a row of the table is finished. +% And the same can be done for other insert classes. --kasal, 16nov03. +% +% Replace the \insert primitive by a cheating macro. +% Deeper inside, just make sure that the saved insertions are not spilled +% out prematurely. +% +\def\startsavinginserts{% + \ifx \insert\ptexinsert + \let\insert\saveinsert + \else + \let\checkinserts\relax + \fi +} + +% This \insert replacement works for both \insert\footins{foo} and +% \insert\footins\bgroup foo\egroup, but it doesn't work for \insert27{foo}. +% +\def\saveinsert#1{% + \edef\next{\noexpand\savetobox \makeSAVEname#1}% + \afterassignment\next + % swallow the left brace + \let\temp = +} +\def\makeSAVEname#1{\makecsname{SAVE\expandafter\gobble\string#1}} +\def\savetobox#1{\global\setbox#1 = \vbox\bgroup \unvbox#1} + +\def\checksaveins#1{\ifvoid#1\else \placesaveins#1\fi} + +\def\placesaveins#1{% + \ptexinsert \csname\expandafter\gobblesave\string#1\endcsname + {\box#1}% +} + +% eat @SAVE -- beware, all of them have catcode \other: +{ + \def\dospecials{\do S\do A\do V\do E} \uncatcodespecials % ;-) + \gdef\gobblesave @SAVE{} +} + +% initialization: +\def\newsaveins #1{% + \edef\next{\noexpand\newsaveinsX \makeSAVEname#1}% + \next +} +\def\newsaveinsX #1{% + \csname newbox\endcsname #1% + \expandafter\def\expandafter\checkinserts\expandafter{\checkinserts + \checksaveins #1}% +} + +% initialize: +\let\checkinserts\empty +\newsaveins\footins +\newsaveins\margin + + +% @image. We use the macros from epsf.tex to support this. +% If epsf.tex is not installed and @image is used, we complain. +% +% Check for and read epsf.tex up front. If we read it only at @image +% time, we might be inside a group, and then its definitions would get +% undone and the next image would fail. +\openin 1 = epsf.tex +\ifeof 1 \else + % Do not bother showing banner with epsf.tex v2.7k (available in + % doc/epsf.tex and on ctan). + \def\epsfannounce{\toks0 = }% + \input epsf.tex +\fi +\closein 1 +% +% We will only complain once about lack of epsf.tex. +\newif\ifwarnednoepsf +\newhelp\noepsfhelp{epsf.tex must be installed for images to + work. It is also included in the Texinfo distribution, or you can get + it from https://ctan.org/texarchive/macros/texinfo/texinfo/doc/epsf.tex.} +% +\def\image#1{% + \ifx\epsfbox\thisisundefined + \ifwarnednoepsf \else + \errhelp = \noepsfhelp + \errmessage{epsf.tex not found, images will be ignored}% + \global\warnednoepsftrue + \fi + \else + \imagexxx #1,,,,,\finish + \fi +} +% +% Arguments to @image: +% #1 is (mandatory) image filename; we tack on .eps extension. +% #2 is (optional) width, #3 is (optional) height. +% #4 is (ignored optional) html alt text. +% #5 is (ignored optional) extension. +% #6 is just the usual extra ignored arg for parsing stuff. +\newif\ifimagevmode +\def\imagexxx#1,#2,#3,#4,#5,#6\finish{\begingroup + \catcode`\^^M = 5 % in case we're inside an example + \normalturnoffactive % allow _ et al. in names + \def\xprocessmacroarg{\eatspaces}% in case we are being used via a macro + % If the image is by itself, center it. + \ifvmode + \imagevmodetrue + \else \ifx\centersub\centerV + % for @center @image, we need a vbox so we can have our vertical space + \imagevmodetrue + \vbox\bgroup % vbox has better behavior than vtop herev + \fi\fi + % + \ifimagevmode + \nobreak\medskip + % Usually we'll have text after the image which will insert + % \parskip glue, so insert it here too to equalize the space + % above and below. + \nobreak\vskip\parskip + \nobreak + \fi + % + % Leave vertical mode so that indentation from an enclosing + % environment such as @quotation is respected. + % However, if we're at the top level, we don't want the + % normal paragraph indentation. + % On the other hand, if we are in the case of @center @image, we don't + % want to start a paragraph, which will create a hsize-width box and + % eradicate the centering. + \ifx\centersub\centerV\else \noindent \fi + % + % Output the image. + \ifpdf + % For pdfTeX and LuaTeX <= 0.80 + \dopdfimage{#1}{#2}{#3}% + \else + \ifx\XeTeXrevision\thisisundefined + % For epsf.tex + % \epsfbox itself resets \epsf?size at each figure. + \setbox0 = \hbox{\ignorespaces #2}% + \ifdim\wd0 > 0pt \epsfxsize=#2\relax \fi + \setbox0 = \hbox{\ignorespaces #3}% + \ifdim\wd0 > 0pt \epsfysize=#3\relax \fi + \epsfbox{#1.eps}% + \else + % For XeTeX + \doxeteximage{#1}{#2}{#3}% + \fi + \fi + % + \ifimagevmode + \medskip % space after a standalone image + \fi + \ifx\centersub\centerV \egroup \fi +\endgroup} + + +% @float FLOATTYPE,LABEL,LOC ... @end float for displayed figures, tables, +% etc. We don't actually implement floating yet, we always include the +% float "here". But it seemed the best name for the future. +% +\envparseargdef\float{\eatcommaspace\eatcommaspace\dofloat#1, , ,\finish} + +% There may be a space before second and/or third parameter; delete it. +\def\eatcommaspace#1, {#1,} + +% #1 is the optional FLOATTYPE, the text label for this float, typically +% "Figure", "Table", "Example", etc. Can't contain commas. If omitted, +% this float will not be numbered and cannot be referred to. +% +% #2 is the optional xref label. Also must be present for the float to +% be referable. +% +% #3 is the optional positioning argument; for now, it is ignored. It +% will somehow specify the positions allowed to float to (here, top, bottom). +% +% We keep a separate counter for each FLOATTYPE, which we reset at each +% chapter-level command. +\let\resetallfloatnos=\empty +% +\def\dofloat#1,#2,#3,#4\finish{% + \let\thiscaption=\empty + \let\thisshortcaption=\empty + % + % don't lose footnotes inside @float. + % + % BEWARE: when the floats start float, we have to issue warning whenever an + % insert appears inside a float which could possibly float. --kasal, 26may04 + % + \startsavinginserts + % + % We can't be used inside a paragraph. + \par + % + \vtop\bgroup + \def\floattype{#1}% + \def\floatlabel{#2}% + \def\floatloc{#3}% we do nothing with this yet. + % + \ifx\floattype\empty + \let\safefloattype=\empty + \else + {% + % the floattype might have accents or other special characters, + % but we need to use it in a control sequence name. + \indexnofonts + \turnoffactive + \xdef\safefloattype{\floattype}% + }% + \fi + % + % If label is given but no type, we handle that as the empty type. + \ifx\floatlabel\empty \else + % We want each FLOATTYPE to be numbered separately (Figure 1, + % Table 1, Figure 2, ...). (And if no label, no number.) + % + \expandafter\getfloatno\csname\safefloattype floatno\endcsname + \global\advance\floatno by 1 + % + {% + % This magic value for \currentsection is output by \setref as the + % XREFLABEL-title value. \xrefX uses it to distinguish float + % labels (which have a completely different output format) from + % node and anchor labels. And \xrdef uses it to construct the + % lists of floats. + % + \edef\currentsection{\floatmagic=\safefloattype}% + \setref{\floatlabel}{Yfloat}% + }% + \fi + % + % start with \parskip glue, I guess. + \vskip\parskip + % + % Don't suppress indentation if a float happens to start a section. + \restorefirstparagraphindent +} + +% we have these possibilities: +% @float Foo,lbl & @caption{Cap}: Foo 1.1: Cap +% @float Foo,lbl & no caption: Foo 1.1 +% @float Foo & @caption{Cap}: Foo: Cap +% @float Foo & no caption: Foo +% @float ,lbl & Caption{Cap}: 1.1: Cap +% @float ,lbl & no caption: 1.1 +% @float & @caption{Cap}: Cap +% @float & no caption: +% +\def\Efloat{% + \let\floatident = \empty + % + % In all cases, if we have a float type, it comes first. + \ifx\floattype\empty \else \def\floatident{\floattype}\fi + % + % If we have an xref label, the number comes next. + \ifx\floatlabel\empty \else + \ifx\floattype\empty \else % if also had float type, need tie first. + \appendtomacro\floatident{\tie}% + \fi + % the number. + \appendtomacro\floatident{\chaplevelprefix\the\floatno}% + \fi + % + % Start the printed caption with what we've constructed in + % \floatident, but keep it separate; we need \floatident again. + \let\captionline = \floatident + % + \ifx\thiscaption\empty \else + \ifx\floatident\empty \else + \appendtomacro\captionline{: }% had ident, so need a colon between + \fi + % + % caption text. + \appendtomacro\captionline{\scanexp\thiscaption}% + \fi + % + % If we have anything to print, print it, with space before. + % Eventually this needs to become an \insert. + \ifx\captionline\empty \else + \vskip.5\parskip + \captionline + % + % Space below caption. + \vskip\parskip + \fi + % + % If have an xref label, write the list of floats info. Do this + % after the caption, to avoid chance of it being a breakpoint. + \ifx\floatlabel\empty \else + % Write the text that goes in the lof to the aux file as + % \floatlabel-lof. Besides \floatident, we include the short + % caption if specified, else the full caption if specified, else nothing. + {% + \requireauxfile + \atdummies + % + \ifx\thisshortcaption\empty + \def\gtemp{\thiscaption}% + \else + \def\gtemp{\thisshortcaption}% + \fi + \immediate\write\auxfile{@xrdef{\floatlabel-lof}{\floatident + \ifx\gtemp\empty \else : \gtemp \fi}}% + }% + \fi + \egroup % end of \vtop + % + \checkinserts +} + +% Append the tokens #2 to the definition of macro #1, not expanding either. +% +\def\appendtomacro#1#2{% + \expandafter\def\expandafter#1\expandafter{#1#2}% +} + +% @caption, @shortcaption +% +\def\caption{\docaption\thiscaption} +\def\shortcaption{\docaption\thisshortcaption} +\def\docaption{\checkenv\float \bgroup\scanargctxt\defcaption} +\def\defcaption#1#2{\egroup \def#1{#2}} + +% The parameter is the control sequence identifying the counter we are +% going to use. Create it if it doesn't exist and assign it to \floatno. +\def\getfloatno#1{% + \ifx#1\relax + % Haven't seen this figure type before. + \csname newcount\endcsname #1% + % + % Remember to reset this floatno at the next chap. + \expandafter\gdef\expandafter\resetallfloatnos + \expandafter{\resetallfloatnos #1=0 }% + \fi + \let\floatno#1% +} + +% \setref calls this to get the XREFLABEL-snt value. We want an @xref +% to the FLOATLABEL to expand to "Figure 3.1". We call \setref when we +% first read the @float command. +% +\def\Yfloat{\floattype@tie \chaplevelprefix\the\floatno}% + +% Magic string used for the XREFLABEL-title value, so \xrefX can +% distinguish floats from other xref types. +\def\floatmagic{!!float!!} + +% #1 is the control sequence we are passed; we expand into a conditional +% which is true if #1 represents a float ref. That is, the magic +% \currentsection value which we \setref above. +% +\def\iffloat#1{\expandafter\doiffloat#1==\finish} +% +% #1 is (maybe) the \floatmagic string. If so, #2 will be the +% (safe) float type for this float. We set \iffloattype to #2. +% +\def\doiffloat#1=#2=#3\finish{% + \def\temp{#1}% + \def\iffloattype{#2}% + \ifx\temp\floatmagic +} + +% @listoffloats FLOATTYPE - print a list of floats like a table of contents. +% +\parseargdef\listoffloats{% + \def\floattype{#1}% floattype + {% + % the floattype might have accents or other special characters, + % but we need to use it in a control sequence name. + \indexnofonts + \turnoffactive + \xdef\safefloattype{\floattype}% + }% + % + % \xrdef saves the floats as a \do-list in \floatlistSAFEFLOATTYPE. + \expandafter\ifx\csname floatlist\safefloattype\endcsname \relax + \ifhavexrefs + % if the user said @listoffloats foo but never @float foo. + \message{\linenumber No `\safefloattype' floats to list.}% + \fi + \else + \begingroup + \leftskip=\tocindent % indent these entries like a toc + \let\do=\listoffloatsdo + \csname floatlist\safefloattype\endcsname + \endgroup + \fi +} + +% This is called on each entry in a list of floats. We're passed the +% xref label, in the form LABEL-title, which is how we save it in the +% aux file. We strip off the -title and look up \XRLABEL-lof, which +% has the text we're supposed to typeset here. +% +% Figures without xref labels will not be included in the list (since +% they won't appear in the aux file). +% +\def\listoffloatsdo#1{\listoffloatsdoentry#1\finish} +\def\listoffloatsdoentry#1-title\finish{{% + % Can't fully expand XR#1-lof because it can contain anything. Just + % pass the control sequence. On the other hand, XR#1-pg is just the + % page number, and we want to fully expand that so we can get a link + % in pdf output. + \toksA = \expandafter{\csname XR#1-lof\endcsname}% + % + % use the same \entry macro we use to generate the TOC and index. + \edef\writeentry{\noexpand\entry{\the\toksA}{\csname XR#1-pg\endcsname}}% + \writeentry +}} + + +\message{localization,} + +% For single-language documents, @documentlanguage is usually given very +% early, just after @documentencoding. Single argument is the language +% (de) or locale (de_DE) abbreviation. +% +{ + \catcode`\_ = \active + \globaldefs=1 +\parseargdef\documentlanguage{% + \tex % read txi-??.tex file in plain TeX. + % Read the file by the name they passed if it exists. + \let_ = \normalunderscore % normal _ character for filename test + \openin 1 txi-#1.tex + \ifeof 1 + \documentlanguagetrywithoutunderscore #1_\finish + \else + \globaldefs = 1 % everything in the txi-LL files needs to persist + \input txi-#1.tex + \fi + \closein 1 + \endgroup % end raw TeX +} +% +% If they passed de_DE, and txi-de_DE.tex doesn't exist, +% try txi-de.tex. +% +\gdef\documentlanguagetrywithoutunderscore#1_#2\finish{% + \openin 1 txi-#1.tex + \ifeof 1 + \errhelp = \nolanghelp + \errmessage{Cannot read language file txi-#1.tex}% + \else + \globaldefs = 1 % everything in the txi-LL files needs to persist + \input txi-#1.tex + \fi + \closein 1 +} +}% end of special _ catcode +% +\newhelp\nolanghelp{The given language definition file cannot be found or +is empty. Maybe you need to install it? Putting it in the current +directory should work if nowhere else does.} + +% This macro is called from txi-??.tex files; the first argument is the +% \language name to set (without the "\lang@" prefix), the second and +% third args are \{left,right}hyphenmin. +% +% The language names to pass are determined when the format is built. +% See the etex.log file created at that time, e.g., +% /usr/local/texlive/2008/texmf-var/web2c/pdftex/etex.log. +% +% With TeX Live 2008, etex now includes hyphenation patterns for all +% available languages. This means we can support hyphenation in +% Texinfo, at least to some extent. (This still doesn't solve the +% accented characters problem.) +% +\catcode`@=11 +\def\txisetlanguage#1#2#3{% + % do not set the language if the name is undefined in the current TeX. + \expandafter\ifx\csname lang@#1\endcsname \relax + \message{no patterns for #1}% + \else + \global\language = \csname lang@#1\endcsname + \fi + % but there is no harm in adjusting the hyphenmin values regardless. + \global\lefthyphenmin = #2\relax + \global\righthyphenmin = #3\relax +} + +% XeTeX and LuaTeX can handle Unicode natively. +% Their default I/O uses UTF-8 sequences instead of a byte-wise operation. +% Other TeX engines' I/O (pdfTeX, etc.) is byte-wise. +% +\newif\iftxinativeunicodecapable +\newif\iftxiusebytewiseio + +\ifx\XeTeXrevision\thisisundefined + \ifx\luatexversion\thisisundefined + \txinativeunicodecapablefalse + \txiusebytewiseiotrue + \else + \txinativeunicodecapabletrue + \txiusebytewiseiofalse + \fi +\else + \txinativeunicodecapabletrue + \txiusebytewiseiofalse +\fi + +% Set I/O by bytes instead of UTF-8 sequence for XeTeX and LuaTex +% for non-UTF-8 (byte-wise) encodings. +% +\def\setbytewiseio{% + \ifx\XeTeXrevision\thisisundefined + \else + \XeTeXdefaultencoding "bytes" % For subsequent files to be read + \XeTeXinputencoding "bytes" % For document root file + % Unfortunately, there seems to be no corresponding XeTeX command for + % output encoding. This is a problem for auxiliary index and TOC files. + % The only solution would be perhaps to write out @U{...} sequences in + % place of non-ASCII characters. + \fi + + \ifx\luatexversion\thisisundefined + \else + \directlua{ + local utf8_char, byte, gsub = unicode.utf8.char, string.byte, string.gsub + local function convert_char (char) + return utf8_char(byte(char)) + end + + local function convert_line (line) + return gsub(line, ".", convert_char) + end + + callback.register("process_input_buffer", convert_line) + + local function convert_line_out (line) + local line_out = "" + for c in string.utfvalues(line) do + line_out = line_out .. string.char(c) + end + return line_out + end + + callback.register("process_output_buffer", convert_line_out) + } + \fi + + \txiusebytewiseiotrue +} + + +% Helpers for encodings. +% Set the catcode of characters 128 through 255 to the specified number. +% +\def\setnonasciicharscatcode#1{% + \count255=128 + \loop\ifnum\count255<256 + \global\catcode\count255=#1\relax + \advance\count255 by 1 + \repeat +} + +\def\setnonasciicharscatcodenonglobal#1{% + \count255=128 + \loop\ifnum\count255<256 + \catcode\count255=#1\relax + \advance\count255 by 1 + \repeat +} + +% @documentencoding sets the definition of non-ASCII characters +% according to the specified encoding. +% +\def\documentencoding{\parseargusing\filenamecatcodes\documentencodingzzz} +\def\documentencodingzzz#1{% + % + % Encoding being declared for the document. + \def\declaredencoding{\csname #1.enc\endcsname}% + % + % Supported encodings: names converted to tokens in order to be able + % to compare them with \ifx. + \def\ascii{\csname US-ASCII.enc\endcsname}% + \def\latnine{\csname ISO-8859-15.enc\endcsname}% + \def\latone{\csname ISO-8859-1.enc\endcsname}% + \def\lattwo{\csname ISO-8859-2.enc\endcsname}% + \def\utfeight{\csname UTF-8.enc\endcsname}% + % + \ifx \declaredencoding \ascii + \asciichardefs + % + \else \ifx \declaredencoding \lattwo + \iftxinativeunicodecapable + \setbytewiseio + \fi + \setnonasciicharscatcode\active + \lattwochardefs + % + \else \ifx \declaredencoding \latone + \iftxinativeunicodecapable + \setbytewiseio + \fi + \setnonasciicharscatcode\active + \latonechardefs + % + \else \ifx \declaredencoding \latnine + \iftxinativeunicodecapable + \setbytewiseio + \fi + \setnonasciicharscatcode\active + \latninechardefs + % + \else \ifx \declaredencoding \utfeight + \iftxinativeunicodecapable + % For native Unicode handling (XeTeX and LuaTeX) + \nativeunicodechardefs + \else + % For treating UTF-8 as byte sequences (TeX, eTeX and pdfTeX) + \setnonasciicharscatcode\active + % since we already invoked \utfeightchardefs at the top level + % (below), do not re-invoke it, otherwise our check for duplicated + % definitions gets triggered. Making non-ascii chars active is + % sufficient. + \fi + % + \else + \message{Ignoring unknown document encoding: #1.}% + % + \fi % utfeight + \fi % latnine + \fi % latone + \fi % lattwo + \fi % ascii + % + \ifx\XeTeXrevision\thisisundefined + \else + \ifx \declaredencoding \utfeight + \else + \ifx \declaredencoding \ascii + \else + \message{Warning: XeTeX with non-UTF-8 encodings cannot handle % + non-ASCII characters in auxiliary files.}% + \fi + \fi + \fi +} + +% emacs-page +% A message to be logged when using a character that isn't available +% the default font encoding (OT1). +% +\def\missingcharmsg#1{\message{Character missing, sorry: #1.}} + +% Take account of \c (plain) vs. \, (Texinfo) difference. +\def\cedilla#1{\ifx\c\ptexc\c{#1}\else\,{#1}\fi} + +% First, make active non-ASCII characters in order for them to be +% correctly categorized when TeX reads the replacement text of +% macros containing the character definitions. +\setnonasciicharscatcode\active +% + +\def\gdefchar#1#2{% +\gdef#1{% + \ifpassthroughchars + \string#1% + \else + #2% + \fi +}} + +% Latin1 (ISO-8859-1) character definitions. +\def\latonechardefs{% + \gdefchar^^a0{\tie} + \gdefchar^^a1{\exclamdown} + \gdefchar^^a2{{\tcfont \char162}} % cent + \gdefchar^^a3{\pounds{}} + \gdefchar^^a4{{\tcfont \char164}} % currency + \gdefchar^^a5{{\tcfont \char165}} % yen + \gdefchar^^a6{{\tcfont \char166}} % broken bar + \gdefchar^^a7{\S} + \gdefchar^^a8{\"{}} + \gdefchar^^a9{\copyright{}} + \gdefchar^^aa{\ordf} + \gdefchar^^ab{\guillemetleft{}} + \gdefchar^^ac{\ensuremath\lnot} + \gdefchar^^ad{\-} + \gdefchar^^ae{\registeredsymbol{}} + \gdefchar^^af{\={}} + % + \gdefchar^^b0{\textdegree} + \gdefchar^^b1{$\pm$} + \gdefchar^^b2{$^2$} + \gdefchar^^b3{$^3$} + \gdefchar^^b4{\'{}} + \gdefchar^^b5{$\mu$} + \gdefchar^^b6{\P} + \gdefchar^^b7{\ensuremath\cdot} + \gdefchar^^b8{\cedilla\ } + \gdefchar^^b9{$^1$} + \gdefchar^^ba{\ordm} + \gdefchar^^bb{\guillemetright{}} + \gdefchar^^bc{$1\over4$} + \gdefchar^^bd{$1\over2$} + \gdefchar^^be{$3\over4$} + \gdefchar^^bf{\questiondown} + % + \gdefchar^^c0{\`A} + \gdefchar^^c1{\'A} + \gdefchar^^c2{\^A} + \gdefchar^^c3{\~A} + \gdefchar^^c4{\"A} + \gdefchar^^c5{\ringaccent A} + \gdefchar^^c6{\AE} + \gdefchar^^c7{\cedilla C} + \gdefchar^^c8{\`E} + \gdefchar^^c9{\'E} + \gdefchar^^ca{\^E} + \gdefchar^^cb{\"E} + \gdefchar^^cc{\`I} + \gdefchar^^cd{\'I} + \gdefchar^^ce{\^I} + \gdefchar^^cf{\"I} + % + \gdefchar^^d0{\DH} + \gdefchar^^d1{\~N} + \gdefchar^^d2{\`O} + \gdefchar^^d3{\'O} + \gdefchar^^d4{\^O} + \gdefchar^^d5{\~O} + \gdefchar^^d6{\"O} + \gdefchar^^d7{$\times$} + \gdefchar^^d8{\O} + \gdefchar^^d9{\`U} + \gdefchar^^da{\'U} + \gdefchar^^db{\^U} + \gdefchar^^dc{\"U} + \gdefchar^^dd{\'Y} + \gdefchar^^de{\TH} + \gdefchar^^df{\ss} + % + \gdefchar^^e0{\`a} + \gdefchar^^e1{\'a} + \gdefchar^^e2{\^a} + \gdefchar^^e3{\~a} + \gdefchar^^e4{\"a} + \gdefchar^^e5{\ringaccent a} + \gdefchar^^e6{\ae} + \gdefchar^^e7{\cedilla c} + \gdefchar^^e8{\`e} + \gdefchar^^e9{\'e} + \gdefchar^^ea{\^e} + \gdefchar^^eb{\"e} + \gdefchar^^ec{\`{\dotless i}} + \gdefchar^^ed{\'{\dotless i}} + \gdefchar^^ee{\^{\dotless i}} + \gdefchar^^ef{\"{\dotless i}} + % + \gdefchar^^f0{\dh} + \gdefchar^^f1{\~n} + \gdefchar^^f2{\`o} + \gdefchar^^f3{\'o} + \gdefchar^^f4{\^o} + \gdefchar^^f5{\~o} + \gdefchar^^f6{\"o} + \gdefchar^^f7{$\div$} + \gdefchar^^f8{\o} + \gdefchar^^f9{\`u} + \gdefchar^^fa{\'u} + \gdefchar^^fb{\^u} + \gdefchar^^fc{\"u} + \gdefchar^^fd{\'y} + \gdefchar^^fe{\th} + \gdefchar^^ff{\"y} +} + +% Latin9 (ISO-8859-15) encoding character definitions. +\def\latninechardefs{% + % Encoding is almost identical to Latin1. + \latonechardefs + % + \gdefchar^^a4{\euro{}} + \gdefchar^^a6{\v S} + \gdefchar^^a8{\v s} + \gdefchar^^b4{\v Z} + \gdefchar^^b8{\v z} + \gdefchar^^bc{\OE} + \gdefchar^^bd{\oe} + \gdefchar^^be{\"Y} +} + +% Latin2 (ISO-8859-2) character definitions. +\def\lattwochardefs{% + \gdefchar^^a0{\tie} + \gdefchar^^a1{\ogonek{A}} + \gdefchar^^a2{\u{}} + \gdefchar^^a3{\L} + \gdefchar^^a4{\missingcharmsg{CURRENCY SIGN}} + \gdefchar^^a5{\v L} + \gdefchar^^a6{\'S} + \gdefchar^^a7{\S} + \gdefchar^^a8{\"{}} + \gdefchar^^a9{\v S} + \gdefchar^^aa{\cedilla S} + \gdefchar^^ab{\v T} + \gdefchar^^ac{\'Z} + \gdefchar^^ad{\-} + \gdefchar^^ae{\v Z} + \gdefchar^^af{\dotaccent Z} + % + \gdefchar^^b0{\textdegree{}} + \gdefchar^^b1{\ogonek{a}} + \gdefchar^^b2{\ogonek{ }} + \gdefchar^^b3{\l} + \gdefchar^^b4{\'{}} + \gdefchar^^b5{\v l} + \gdefchar^^b6{\'s} + \gdefchar^^b7{\v{}} + \gdefchar^^b8{\cedilla\ } + \gdefchar^^b9{\v s} + \gdefchar^^ba{\cedilla s} + \gdefchar^^bb{\v t} + \gdefchar^^bc{\'z} + \gdefchar^^bd{\H{}} + \gdefchar^^be{\v z} + \gdefchar^^bf{\dotaccent z} + % + \gdefchar^^c0{\'R} + \gdefchar^^c1{\'A} + \gdefchar^^c2{\^A} + \gdefchar^^c3{\u A} + \gdefchar^^c4{\"A} + \gdefchar^^c5{\'L} + \gdefchar^^c6{\'C} + \gdefchar^^c7{\cedilla C} + \gdefchar^^c8{\v C} + \gdefchar^^c9{\'E} + \gdefchar^^ca{\ogonek{E}} + \gdefchar^^cb{\"E} + \gdefchar^^cc{\v E} + \gdefchar^^cd{\'I} + \gdefchar^^ce{\^I} + \gdefchar^^cf{\v D} + % + \gdefchar^^d0{\DH} + \gdefchar^^d1{\'N} + \gdefchar^^d2{\v N} + \gdefchar^^d3{\'O} + \gdefchar^^d4{\^O} + \gdefchar^^d5{\H O} + \gdefchar^^d6{\"O} + \gdefchar^^d7{$\times$} + \gdefchar^^d8{\v R} + \gdefchar^^d9{\ringaccent U} + \gdefchar^^da{\'U} + \gdefchar^^db{\H U} + \gdefchar^^dc{\"U} + \gdefchar^^dd{\'Y} + \gdefchar^^de{\cedilla T} + \gdefchar^^df{\ss} + % + \gdefchar^^e0{\'r} + \gdefchar^^e1{\'a} + \gdefchar^^e2{\^a} + \gdefchar^^e3{\u a} + \gdefchar^^e4{\"a} + \gdefchar^^e5{\'l} + \gdefchar^^e6{\'c} + \gdefchar^^e7{\cedilla c} + \gdefchar^^e8{\v c} + \gdefchar^^e9{\'e} + \gdefchar^^ea{\ogonek{e}} + \gdefchar^^eb{\"e} + \gdefchar^^ec{\v e} + \gdefchar^^ed{\'{\dotless{i}}} + \gdefchar^^ee{\^{\dotless{i}}} + \gdefchar^^ef{\v d} + % + \gdefchar^^f0{\dh} + \gdefchar^^f1{\'n} + \gdefchar^^f2{\v n} + \gdefchar^^f3{\'o} + \gdefchar^^f4{\^o} + \gdefchar^^f5{\H o} + \gdefchar^^f6{\"o} + \gdefchar^^f7{$\div$} + \gdefchar^^f8{\v r} + \gdefchar^^f9{\ringaccent u} + \gdefchar^^fa{\'u} + \gdefchar^^fb{\H u} + \gdefchar^^fc{\"u} + \gdefchar^^fd{\'y} + \gdefchar^^fe{\cedilla t} + \gdefchar^^ff{\dotaccent{}} +} + +% UTF-8 character definitions. +% +% This code to support UTF-8 is based on LaTeX's utf8.def, with some +% changes for Texinfo conventions. It is included here under the GPL by +% permission from Frank Mittelbach and the LaTeX team. +% +\newcount\countUTFx +\newcount\countUTFy +\newcount\countUTFz + +\gdef\UTFviiiTwoOctets#1#2{\expandafter + \UTFviiiDefined\csname u8:#1\string #2\endcsname} +% +\gdef\UTFviiiThreeOctets#1#2#3{\expandafter + \UTFviiiDefined\csname u8:#1\string #2\string #3\endcsname} +% +\gdef\UTFviiiFourOctets#1#2#3#4{\expandafter + \UTFviiiDefined\csname u8:#1\string #2\string #3\string #4\endcsname} + +\gdef\UTFviiiDefined#1{% + \ifx #1\relax + \message{\linenumber Unicode char \string #1 not defined for Texinfo}% + \else + \expandafter #1% + \fi +} + +% Give non-ASCII bytes the active definitions for processing UTF-8 sequences +\begingroup + \catcode`\~13 + \catcode`\$12 + \catcode`\"12 + + % Loop from \countUTFx to \countUTFy, performing \UTFviiiTmp + % substituting ~ and $ with a character token of that value. + \def\UTFviiiLoop{% + \global\catcode\countUTFx\active + \uccode`\~\countUTFx + \uccode`\$\countUTFx + \uppercase\expandafter{\UTFviiiTmp}% + \advance\countUTFx by 1 + \ifnum\countUTFx < \countUTFy + \expandafter\UTFviiiLoop + \fi} + + % For bytes other than the first in a UTF-8 sequence. Not expected to + % be expanded except when writing to auxiliary files. + \countUTFx = "80 + \countUTFy = "C2 + \def\UTFviiiTmp{% + \gdef~{% + \ifpassthroughchars $\fi}}% + \UTFviiiLoop + + \countUTFx = "C2 + \countUTFy = "E0 + \def\UTFviiiTmp{% + \gdef~{% + \ifpassthroughchars $% + \else\expandafter\UTFviiiTwoOctets\expandafter$\fi}}% + \UTFviiiLoop + + \countUTFx = "E0 + \countUTFy = "F0 + \def\UTFviiiTmp{% + \gdef~{% + \ifpassthroughchars $% + \else\expandafter\UTFviiiThreeOctets\expandafter$\fi}}% + \UTFviiiLoop + + \countUTFx = "F0 + \countUTFy = "F4 + \def\UTFviiiTmp{% + \gdef~{% + \ifpassthroughchars $% + \else\expandafter\UTFviiiFourOctets\expandafter$\fi + }}% + \UTFviiiLoop +\endgroup + +\def\globallet{\global\let} % save some \expandafter's below + +% @U{xxxx} to produce U+xxxx, if we support it. +\def\U#1{% + \expandafter\ifx\csname uni:#1\endcsname \relax + \iftxinativeunicodecapable + % All Unicode characters can be used if native Unicode handling is + % active. However, if the font does not have the glyph, + % letters are missing. + \begingroup + \uccode`\.="#1\relax + \uppercase{.} + \endgroup + \else + \errhelp = \EMsimple + \errmessage{Unicode character U+#1 not supported, sorry}% + \fi + \else + \csname uni:#1\endcsname + \fi +} + +% These macros are used here to construct the name of a control +% sequence to be defined. +\def\UTFviiiTwoOctetsName#1#2{% + \csname u8:#1\string #2\endcsname}% +\def\UTFviiiThreeOctetsName#1#2#3{% + \csname u8:#1\string #2\string #3\endcsname}% +\def\UTFviiiFourOctetsName#1#2#3#4{% + \csname u8:#1\string #2\string #3\string #4\endcsname}% + +% For UTF-8 byte sequences (TeX, e-TeX and pdfTeX), +% provide a definition macro to replace a Unicode character; +% this gets used by the @U command +% +\begingroup + \catcode`\"=12 + \catcode`\<=12 + \catcode`\.=12 + \catcode`\,=12 + \catcode`\;=12 + \catcode`\!=12 + \catcode`\~=13 + \gdef\DeclareUnicodeCharacterUTFviii#1#2{% + \countUTFz = "#1\relax + \begingroup + \parseXMLCharref + + % Give \u8:... its definition. The sequence of seven \expandafter's + % expands after the \gdef three times, e.g. + % + % 1. \UTFviiTwoOctetsName B1 B2 + % 2. \csname u8:B1 \string B2 \endcsname + % 3. \u8: B1 B2 (a single control sequence token) + % + \expandafter\expandafter + \expandafter\expandafter + \expandafter\expandafter + \expandafter\gdef \UTFviiiTmp{#2}% + % + \expandafter\ifx\csname uni:#1\endcsname \relax \else + \message{Internal error, already defined: #1}% + \fi + % + % define an additional control sequence for this code point. + \expandafter\globallet\csname uni:#1\endcsname \UTFviiiTmp + \endgroup} + % + % Given the value in \countUTFz as a Unicode code point, set \UTFviiiTmp + % to the corresponding UTF-8 sequence. + \gdef\parseXMLCharref{% + \ifnum\countUTFz < "A0\relax + \errhelp = \EMsimple + \errmessage{Cannot define Unicode char value < 00A0}% + \else\ifnum\countUTFz < "800\relax + \parseUTFviiiA,% + \parseUTFviiiB C\UTFviiiTwoOctetsName.,% + \else\ifnum\countUTFz < "10000\relax + \parseUTFviiiA;% + \parseUTFviiiA,% + \parseUTFviiiB E\UTFviiiThreeOctetsName.{,;}% + \else + \parseUTFviiiA;% + \parseUTFviiiA,% + \parseUTFviiiA!% + \parseUTFviiiB F\UTFviiiFourOctetsName.{!,;}% + \fi\fi\fi + } + + % Extract a byte from the end of the UTF-8 representation of \countUTFx. + % It must be a non-initial byte in the sequence. + % Change \uccode of #1 for it to be used in \parseUTFviiiB as one + % of the bytes. + \gdef\parseUTFviiiA#1{% + \countUTFx = \countUTFz + \divide\countUTFz by 64 + \countUTFy = \countUTFz % Save to be the future value of \countUTFz. + \multiply\countUTFz by 64 + + % \countUTFz is now \countUTFx with the last 5 bits cleared. Subtract + % in order to get the last five bits. + \advance\countUTFx by -\countUTFz + + % Convert this to the byte in the UTF-8 sequence. + \advance\countUTFx by 128 + \uccode `#1\countUTFx + \countUTFz = \countUTFy} + + % Used to put a UTF-8 byte sequence into \UTFviiiTmp + % #1 is the increment for \countUTFz to yield a the first byte of the UTF-8 + % sequence. + % #2 is one of the \UTFviii*OctetsName macros. + % #3 is always a full stop (.) + % #4 is a template for the other bytes in the sequence. The values for these + % bytes is substituted in here with \uppercase using the \uccode's. + \gdef\parseUTFviiiB#1#2#3#4{% + \advance\countUTFz by "#10\relax + \uccode `#3\countUTFz + \uppercase{\gdef\UTFviiiTmp{#2#3#4}}} +\endgroup + +% For native Unicode handling (XeTeX and LuaTeX), +% provide a definition macro that sets a catcode to `other' non-globally +% +\def\DeclareUnicodeCharacterNativeOther#1#2{% + \catcode"#1=\other +} + +% https://en.wikipedia.org/wiki/Plane_(Unicode)#Basic_M +% U+0000..U+007F = https://en.wikipedia.org/wiki/Basic_Latin_(Unicode_block) +% U+0080..U+00FF = https://en.wikipedia.org/wiki/Latin-1_Supplement_(Unicode_block) +% U+0100..U+017F = https://en.wikipedia.org/wiki/Latin_Extended-A +% U+0180..U+024F = https://en.wikipedia.org/wiki/Latin_Extended-B +% +% Many of our renditions are less than wonderful, and all the missing +% characters are available somewhere. Loading the necessary fonts +% awaits user request. We can't truly support Unicode without +% reimplementing everything that's been done in LaTeX for many years, +% plus probably using luatex or xetex, and who knows what else. +% We won't be doing that here in this simple file. But we can try to at +% least make most of the characters not bomb out. +% +\def\unicodechardefs{% + \DeclareUnicodeCharacter{00A0}{\tie}% + \DeclareUnicodeCharacter{00A1}{\exclamdown}% + \DeclareUnicodeCharacter{00A2}{{\tcfont \char162}}% 0242=cent + \DeclareUnicodeCharacter{00A3}{\pounds{}}% + \DeclareUnicodeCharacter{00A4}{{\tcfont \char164}}% 0244=currency + \DeclareUnicodeCharacter{00A5}{{\tcfont \char165}}% 0245=yen + \DeclareUnicodeCharacter{00A6}{{\tcfont \char166}}% 0246=brokenbar + \DeclareUnicodeCharacter{00A7}{\S}% + \DeclareUnicodeCharacter{00A8}{\"{ }}% + \DeclareUnicodeCharacter{00A9}{\copyright{}}% + \DeclareUnicodeCharacter{00AA}{\ordf}% + \DeclareUnicodeCharacter{00AB}{\guillemetleft{}}% + \DeclareUnicodeCharacter{00AC}{\ensuremath\lnot}% + \DeclareUnicodeCharacter{00AD}{\-}% + \DeclareUnicodeCharacter{00AE}{\registeredsymbol{}}% + \DeclareUnicodeCharacter{00AF}{\={ }}% + % + \DeclareUnicodeCharacter{00B0}{\ringaccent{ }}% + \DeclareUnicodeCharacter{00B1}{\ensuremath\pm}% + \DeclareUnicodeCharacter{00B2}{$^2$}% + \DeclareUnicodeCharacter{00B3}{$^3$}% + \DeclareUnicodeCharacter{00B4}{\'{ }}% + \DeclareUnicodeCharacter{00B5}{$\mu$}% + \DeclareUnicodeCharacter{00B6}{\P}% + \DeclareUnicodeCharacter{00B7}{\ensuremath\cdot}% + \DeclareUnicodeCharacter{00B8}{\cedilla{ }}% + \DeclareUnicodeCharacter{00B9}{$^1$}% + \DeclareUnicodeCharacter{00BA}{\ordm}% + \DeclareUnicodeCharacter{00BB}{\guillemetright{}}% + \DeclareUnicodeCharacter{00BC}{$1\over4$}% + \DeclareUnicodeCharacter{00BD}{$1\over2$}% + \DeclareUnicodeCharacter{00BE}{$3\over4$}% + \DeclareUnicodeCharacter{00BF}{\questiondown}% + % + \DeclareUnicodeCharacter{00C0}{\`A}% + \DeclareUnicodeCharacter{00C1}{\'A}% + \DeclareUnicodeCharacter{00C2}{\^A}% + \DeclareUnicodeCharacter{00C3}{\~A}% + \DeclareUnicodeCharacter{00C4}{\"A}% + \DeclareUnicodeCharacter{00C5}{\AA}% + \DeclareUnicodeCharacter{00C6}{\AE}% + \DeclareUnicodeCharacter{00C7}{\cedilla{C}}% + \DeclareUnicodeCharacter{00C8}{\`E}% + \DeclareUnicodeCharacter{00C9}{\'E}% + \DeclareUnicodeCharacter{00CA}{\^E}% + \DeclareUnicodeCharacter{00CB}{\"E}% + \DeclareUnicodeCharacter{00CC}{\`I}% + \DeclareUnicodeCharacter{00CD}{\'I}% + \DeclareUnicodeCharacter{00CE}{\^I}% + \DeclareUnicodeCharacter{00CF}{\"I}% + % + \DeclareUnicodeCharacter{00D0}{\DH}% + \DeclareUnicodeCharacter{00D1}{\~N}% + \DeclareUnicodeCharacter{00D2}{\`O}% + \DeclareUnicodeCharacter{00D3}{\'O}% + \DeclareUnicodeCharacter{00D4}{\^O}% + \DeclareUnicodeCharacter{00D5}{\~O}% + \DeclareUnicodeCharacter{00D6}{\"O}% + \DeclareUnicodeCharacter{00D7}{\ensuremath\times}% + \DeclareUnicodeCharacter{00D8}{\O}% + \DeclareUnicodeCharacter{00D9}{\`U}% + \DeclareUnicodeCharacter{00DA}{\'U}% + \DeclareUnicodeCharacter{00DB}{\^U}% + \DeclareUnicodeCharacter{00DC}{\"U}% + \DeclareUnicodeCharacter{00DD}{\'Y}% + \DeclareUnicodeCharacter{00DE}{\TH}% + \DeclareUnicodeCharacter{00DF}{\ss}% + % + \DeclareUnicodeCharacter{00E0}{\`a}% + \DeclareUnicodeCharacter{00E1}{\'a}% + \DeclareUnicodeCharacter{00E2}{\^a}% + \DeclareUnicodeCharacter{00E3}{\~a}% + \DeclareUnicodeCharacter{00E4}{\"a}% + \DeclareUnicodeCharacter{00E5}{\aa}% + \DeclareUnicodeCharacter{00E6}{\ae}% + \DeclareUnicodeCharacter{00E7}{\cedilla{c}}% + \DeclareUnicodeCharacter{00E8}{\`e}% + \DeclareUnicodeCharacter{00E9}{\'e}% + \DeclareUnicodeCharacter{00EA}{\^e}% + \DeclareUnicodeCharacter{00EB}{\"e}% + \DeclareUnicodeCharacter{00EC}{\`{\dotless{i}}}% + \DeclareUnicodeCharacter{00ED}{\'{\dotless{i}}}% + \DeclareUnicodeCharacter{00EE}{\^{\dotless{i}}}% + \DeclareUnicodeCharacter{00EF}{\"{\dotless{i}}}% + % + \DeclareUnicodeCharacter{00F0}{\dh}% + \DeclareUnicodeCharacter{00F1}{\~n}% + \DeclareUnicodeCharacter{00F2}{\`o}% + \DeclareUnicodeCharacter{00F3}{\'o}% + \DeclareUnicodeCharacter{00F4}{\^o}% + \DeclareUnicodeCharacter{00F5}{\~o}% + \DeclareUnicodeCharacter{00F6}{\"o}% + \DeclareUnicodeCharacter{00F7}{\ensuremath\div}% + \DeclareUnicodeCharacter{00F8}{\o}% + \DeclareUnicodeCharacter{00F9}{\`u}% + \DeclareUnicodeCharacter{00FA}{\'u}% + \DeclareUnicodeCharacter{00FB}{\^u}% + \DeclareUnicodeCharacter{00FC}{\"u}% + \DeclareUnicodeCharacter{00FD}{\'y}% + \DeclareUnicodeCharacter{00FE}{\th}% + \DeclareUnicodeCharacter{00FF}{\"y}% + % + \DeclareUnicodeCharacter{0100}{\=A}% + \DeclareUnicodeCharacter{0101}{\=a}% + \DeclareUnicodeCharacter{0102}{\u{A}}% + \DeclareUnicodeCharacter{0103}{\u{a}}% + \DeclareUnicodeCharacter{0104}{\ogonek{A}}% + \DeclareUnicodeCharacter{0105}{\ogonek{a}}% + \DeclareUnicodeCharacter{0106}{\'C}% + \DeclareUnicodeCharacter{0107}{\'c}% + \DeclareUnicodeCharacter{0108}{\^C}% + \DeclareUnicodeCharacter{0109}{\^c}% + \DeclareUnicodeCharacter{010A}{\dotaccent{C}}% + \DeclareUnicodeCharacter{010B}{\dotaccent{c}}% + \DeclareUnicodeCharacter{010C}{\v{C}}% + \DeclareUnicodeCharacter{010D}{\v{c}}% + \DeclareUnicodeCharacter{010E}{\v{D}}% + \DeclareUnicodeCharacter{010F}{d'}% + % + \DeclareUnicodeCharacter{0110}{\DH}% + \DeclareUnicodeCharacter{0111}{\dh}% + \DeclareUnicodeCharacter{0112}{\=E}% + \DeclareUnicodeCharacter{0113}{\=e}% + \DeclareUnicodeCharacter{0114}{\u{E}}% + \DeclareUnicodeCharacter{0115}{\u{e}}% + \DeclareUnicodeCharacter{0116}{\dotaccent{E}}% + \DeclareUnicodeCharacter{0117}{\dotaccent{e}}% + \DeclareUnicodeCharacter{0118}{\ogonek{E}}% + \DeclareUnicodeCharacter{0119}{\ogonek{e}}% + \DeclareUnicodeCharacter{011A}{\v{E}}% + \DeclareUnicodeCharacter{011B}{\v{e}}% + \DeclareUnicodeCharacter{011C}{\^G}% + \DeclareUnicodeCharacter{011D}{\^g}% + \DeclareUnicodeCharacter{011E}{\u{G}}% + \DeclareUnicodeCharacter{011F}{\u{g}}% + % + \DeclareUnicodeCharacter{0120}{\dotaccent{G}}% + \DeclareUnicodeCharacter{0121}{\dotaccent{g}}% + \DeclareUnicodeCharacter{0122}{\cedilla{G}}% + \DeclareUnicodeCharacter{0123}{\cedilla{g}}% + \DeclareUnicodeCharacter{0124}{\^H}% + \DeclareUnicodeCharacter{0125}{\^h}% + \DeclareUnicodeCharacter{0126}{\missingcharmsg{H WITH STROKE}}% + \DeclareUnicodeCharacter{0127}{\missingcharmsg{h WITH STROKE}}% + \DeclareUnicodeCharacter{0128}{\~I}% + \DeclareUnicodeCharacter{0129}{\~{\dotless{i}}}% + \DeclareUnicodeCharacter{012A}{\=I}% + \DeclareUnicodeCharacter{012B}{\={\dotless{i}}}% + \DeclareUnicodeCharacter{012C}{\u{I}}% + \DeclareUnicodeCharacter{012D}{\u{\dotless{i}}}% + \DeclareUnicodeCharacter{012E}{\ogonek{I}}% + \DeclareUnicodeCharacter{012F}{\ogonek{i}}% + % + \DeclareUnicodeCharacter{0130}{\dotaccent{I}}% + \DeclareUnicodeCharacter{0131}{\dotless{i}}% + \DeclareUnicodeCharacter{0132}{IJ}% + \DeclareUnicodeCharacter{0133}{ij}% + \DeclareUnicodeCharacter{0134}{\^J}% + \DeclareUnicodeCharacter{0135}{\^{\dotless{j}}}% + \DeclareUnicodeCharacter{0136}{\cedilla{K}}% + \DeclareUnicodeCharacter{0137}{\cedilla{k}}% + \DeclareUnicodeCharacter{0138}{\ensuremath\kappa}% + \DeclareUnicodeCharacter{0139}{\'L}% + \DeclareUnicodeCharacter{013A}{\'l}% + \DeclareUnicodeCharacter{013B}{\cedilla{L}}% + \DeclareUnicodeCharacter{013C}{\cedilla{l}}% + \DeclareUnicodeCharacter{013D}{L'}% should kern + \DeclareUnicodeCharacter{013E}{l'}% should kern + \DeclareUnicodeCharacter{013F}{L\U{00B7}}% + % + \DeclareUnicodeCharacter{0140}{l\U{00B7}}% + \DeclareUnicodeCharacter{0141}{\L}% + \DeclareUnicodeCharacter{0142}{\l}% + \DeclareUnicodeCharacter{0143}{\'N}% + \DeclareUnicodeCharacter{0144}{\'n}% + \DeclareUnicodeCharacter{0145}{\cedilla{N}}% + \DeclareUnicodeCharacter{0146}{\cedilla{n}}% + \DeclareUnicodeCharacter{0147}{\v{N}}% + \DeclareUnicodeCharacter{0148}{\v{n}}% + \DeclareUnicodeCharacter{0149}{'n}% + \DeclareUnicodeCharacter{014A}{\missingcharmsg{ENG}}% + \DeclareUnicodeCharacter{014B}{\missingcharmsg{eng}}% + \DeclareUnicodeCharacter{014C}{\=O}% + \DeclareUnicodeCharacter{014D}{\=o}% + \DeclareUnicodeCharacter{014E}{\u{O}}% + \DeclareUnicodeCharacter{014F}{\u{o}}% + % + \DeclareUnicodeCharacter{0150}{\H{O}}% + \DeclareUnicodeCharacter{0151}{\H{o}}% + \DeclareUnicodeCharacter{0152}{\OE}% + \DeclareUnicodeCharacter{0153}{\oe}% + \DeclareUnicodeCharacter{0154}{\'R}% + \DeclareUnicodeCharacter{0155}{\'r}% + \DeclareUnicodeCharacter{0156}{\cedilla{R}}% + \DeclareUnicodeCharacter{0157}{\cedilla{r}}% + \DeclareUnicodeCharacter{0158}{\v{R}}% + \DeclareUnicodeCharacter{0159}{\v{r}}% + \DeclareUnicodeCharacter{015A}{\'S}% + \DeclareUnicodeCharacter{015B}{\'s}% + \DeclareUnicodeCharacter{015C}{\^S}% + \DeclareUnicodeCharacter{015D}{\^s}% + \DeclareUnicodeCharacter{015E}{\cedilla{S}}% + \DeclareUnicodeCharacter{015F}{\cedilla{s}}% + % + \DeclareUnicodeCharacter{0160}{\v{S}}% + \DeclareUnicodeCharacter{0161}{\v{s}}% + \DeclareUnicodeCharacter{0162}{\cedilla{T}}% + \DeclareUnicodeCharacter{0163}{\cedilla{t}}% + \DeclareUnicodeCharacter{0164}{\v{T}}% + \DeclareUnicodeCharacter{0165}{\v{t}}% + \DeclareUnicodeCharacter{0166}{\missingcharmsg{H WITH STROKE}}% + \DeclareUnicodeCharacter{0167}{\missingcharmsg{h WITH STROKE}}% + \DeclareUnicodeCharacter{0168}{\~U}% + \DeclareUnicodeCharacter{0169}{\~u}% + \DeclareUnicodeCharacter{016A}{\=U}% + \DeclareUnicodeCharacter{016B}{\=u}% + \DeclareUnicodeCharacter{016C}{\u{U}}% + \DeclareUnicodeCharacter{016D}{\u{u}}% + \DeclareUnicodeCharacter{016E}{\ringaccent{U}}% + \DeclareUnicodeCharacter{016F}{\ringaccent{u}}% + % + \DeclareUnicodeCharacter{0170}{\H{U}}% + \DeclareUnicodeCharacter{0171}{\H{u}}% + \DeclareUnicodeCharacter{0172}{\ogonek{U}}% + \DeclareUnicodeCharacter{0173}{\ogonek{u}}% + \DeclareUnicodeCharacter{0174}{\^W}% + \DeclareUnicodeCharacter{0175}{\^w}% + \DeclareUnicodeCharacter{0176}{\^Y}% + \DeclareUnicodeCharacter{0177}{\^y}% + \DeclareUnicodeCharacter{0178}{\"Y}% + \DeclareUnicodeCharacter{0179}{\'Z}% + \DeclareUnicodeCharacter{017A}{\'z}% + \DeclareUnicodeCharacter{017B}{\dotaccent{Z}}% + \DeclareUnicodeCharacter{017C}{\dotaccent{z}}% + \DeclareUnicodeCharacter{017D}{\v{Z}}% + \DeclareUnicodeCharacter{017E}{\v{z}}% + \DeclareUnicodeCharacter{017F}{\missingcharmsg{LONG S}}% + % + \DeclareUnicodeCharacter{01C4}{D\v{Z}}% + \DeclareUnicodeCharacter{01C5}{D\v{z}}% + \DeclareUnicodeCharacter{01C6}{d\v{z}}% + \DeclareUnicodeCharacter{01C7}{LJ}% + \DeclareUnicodeCharacter{01C8}{Lj}% + \DeclareUnicodeCharacter{01C9}{lj}% + \DeclareUnicodeCharacter{01CA}{NJ}% + \DeclareUnicodeCharacter{01CB}{Nj}% + \DeclareUnicodeCharacter{01CC}{nj}% + \DeclareUnicodeCharacter{01CD}{\v{A}}% + \DeclareUnicodeCharacter{01CE}{\v{a}}% + \DeclareUnicodeCharacter{01CF}{\v{I}}% + % + \DeclareUnicodeCharacter{01D0}{\v{\dotless{i}}}% + \DeclareUnicodeCharacter{01D1}{\v{O}}% + \DeclareUnicodeCharacter{01D2}{\v{o}}% + \DeclareUnicodeCharacter{01D3}{\v{U}}% + \DeclareUnicodeCharacter{01D4}{\v{u}}% + % + \DeclareUnicodeCharacter{01E2}{\={\AE}}% + \DeclareUnicodeCharacter{01E3}{\={\ae}}% + \DeclareUnicodeCharacter{01E6}{\v{G}}% + \DeclareUnicodeCharacter{01E7}{\v{g}}% + \DeclareUnicodeCharacter{01E8}{\v{K}}% + \DeclareUnicodeCharacter{01E9}{\v{k}}% + % + \DeclareUnicodeCharacter{01F0}{\v{\dotless{j}}}% + \DeclareUnicodeCharacter{01F1}{DZ}% + \DeclareUnicodeCharacter{01F2}{Dz}% + \DeclareUnicodeCharacter{01F3}{dz}% + \DeclareUnicodeCharacter{01F4}{\'G}% + \DeclareUnicodeCharacter{01F5}{\'g}% + \DeclareUnicodeCharacter{01F8}{\`N}% + \DeclareUnicodeCharacter{01F9}{\`n}% + \DeclareUnicodeCharacter{01FC}{\'{\AE}}% + \DeclareUnicodeCharacter{01FD}{\'{\ae}}% + \DeclareUnicodeCharacter{01FE}{\'{\O}}% + \DeclareUnicodeCharacter{01FF}{\'{\o}}% + % + \DeclareUnicodeCharacter{021E}{\v{H}}% + \DeclareUnicodeCharacter{021F}{\v{h}}% + % + \DeclareUnicodeCharacter{0226}{\dotaccent{A}}% + \DeclareUnicodeCharacter{0227}{\dotaccent{a}}% + \DeclareUnicodeCharacter{0228}{\cedilla{E}}% + \DeclareUnicodeCharacter{0229}{\cedilla{e}}% + \DeclareUnicodeCharacter{022E}{\dotaccent{O}}% + \DeclareUnicodeCharacter{022F}{\dotaccent{o}}% + % + \DeclareUnicodeCharacter{0232}{\=Y}% + \DeclareUnicodeCharacter{0233}{\=y}% + \DeclareUnicodeCharacter{0237}{\dotless{j}}% + % + \DeclareUnicodeCharacter{02DB}{\ogonek{ }}% + % + % Greek letters upper case + \DeclareUnicodeCharacter{0391}{{\it A}}% + \DeclareUnicodeCharacter{0392}{{\it B}}% + \DeclareUnicodeCharacter{0393}{\ensuremath{\mit\Gamma}}% + \DeclareUnicodeCharacter{0394}{\ensuremath{\mit\Delta}}% + \DeclareUnicodeCharacter{0395}{{\it E}}% + \DeclareUnicodeCharacter{0396}{{\it Z}}% + \DeclareUnicodeCharacter{0397}{{\it H}}% + \DeclareUnicodeCharacter{0398}{\ensuremath{\mit\Theta}}% + \DeclareUnicodeCharacter{0399}{{\it I}}% + \DeclareUnicodeCharacter{039A}{{\it K}}% + \DeclareUnicodeCharacter{039B}{\ensuremath{\mit\Lambda}}% + \DeclareUnicodeCharacter{039C}{{\it M}}% + \DeclareUnicodeCharacter{039D}{{\it N}}% + \DeclareUnicodeCharacter{039E}{\ensuremath{\mit\Xi}}% + \DeclareUnicodeCharacter{039F}{{\it O}}% + \DeclareUnicodeCharacter{03A0}{\ensuremath{\mit\Pi}}% + \DeclareUnicodeCharacter{03A1}{{\it P}}% + %\DeclareUnicodeCharacter{03A2}{} % none - corresponds to final sigma + \DeclareUnicodeCharacter{03A3}{\ensuremath{\mit\Sigma}}% + \DeclareUnicodeCharacter{03A4}{{\it T}}% + \DeclareUnicodeCharacter{03A5}{\ensuremath{\mit\Upsilon}}% + \DeclareUnicodeCharacter{03A6}{\ensuremath{\mit\Phi}}% + \DeclareUnicodeCharacter{03A7}{{\it X}}% + \DeclareUnicodeCharacter{03A8}{\ensuremath{\mit\Psi}}% + \DeclareUnicodeCharacter{03A9}{\ensuremath{\mit\Omega}}% + % + % Vowels with accents + \DeclareUnicodeCharacter{0390}{\ensuremath{\ddot{\acute\iota}}}% + \DeclareUnicodeCharacter{03AC}{\ensuremath{\acute\alpha}}% + \DeclareUnicodeCharacter{03AD}{\ensuremath{\acute\epsilon}}% + \DeclareUnicodeCharacter{03AE}{\ensuremath{\acute\eta}}% + \DeclareUnicodeCharacter{03AF}{\ensuremath{\acute\iota}}% + \DeclareUnicodeCharacter{03B0}{\ensuremath{\acute{\ddot\upsilon}}}% + % + % Standalone accent + \DeclareUnicodeCharacter{0384}{\ensuremath{\acute{\ }}}% + % + % Greek letters lower case + \DeclareUnicodeCharacter{03B1}{\ensuremath\alpha}% + \DeclareUnicodeCharacter{03B2}{\ensuremath\beta}% + \DeclareUnicodeCharacter{03B3}{\ensuremath\gamma}% + \DeclareUnicodeCharacter{03B4}{\ensuremath\delta}% + \DeclareUnicodeCharacter{03B5}{\ensuremath\epsilon}% + \DeclareUnicodeCharacter{03B6}{\ensuremath\zeta}% + \DeclareUnicodeCharacter{03B7}{\ensuremath\eta}% + \DeclareUnicodeCharacter{03B8}{\ensuremath\theta}% + \DeclareUnicodeCharacter{03B9}{\ensuremath\iota}% + \DeclareUnicodeCharacter{03BA}{\ensuremath\kappa}% + \DeclareUnicodeCharacter{03BB}{\ensuremath\lambda}% + \DeclareUnicodeCharacter{03BC}{\ensuremath\mu}% + \DeclareUnicodeCharacter{03BD}{\ensuremath\nu}% + \DeclareUnicodeCharacter{03BE}{\ensuremath\xi}% + \DeclareUnicodeCharacter{03BF}{{\it o}}% omicron + \DeclareUnicodeCharacter{03C0}{\ensuremath\pi}% + \DeclareUnicodeCharacter{03C1}{\ensuremath\rho}% + \DeclareUnicodeCharacter{03C2}{\ensuremath\varsigma}% + \DeclareUnicodeCharacter{03C3}{\ensuremath\sigma}% + \DeclareUnicodeCharacter{03C4}{\ensuremath\tau}% + \DeclareUnicodeCharacter{03C5}{\ensuremath\upsilon}% + \DeclareUnicodeCharacter{03C6}{\ensuremath\phi}% + \DeclareUnicodeCharacter{03C7}{\ensuremath\chi}% + \DeclareUnicodeCharacter{03C8}{\ensuremath\psi}% + \DeclareUnicodeCharacter{03C9}{\ensuremath\omega}% + % + % More Greek vowels with accents + \DeclareUnicodeCharacter{03CA}{\ensuremath{\ddot\iota}}% + \DeclareUnicodeCharacter{03CB}{\ensuremath{\ddot\upsilon}}% + \DeclareUnicodeCharacter{03CC}{\ensuremath{\acute o}}% + \DeclareUnicodeCharacter{03CD}{\ensuremath{\acute\upsilon}}% + \DeclareUnicodeCharacter{03CE}{\ensuremath{\acute\omega}}% + % + % Variant Greek letters + \DeclareUnicodeCharacter{03D1}{\ensuremath\vartheta}% + \DeclareUnicodeCharacter{03D6}{\ensuremath\varpi}% + \DeclareUnicodeCharacter{03F1}{\ensuremath\varrho}% + % + \DeclareUnicodeCharacter{1E02}{\dotaccent{B}}% + \DeclareUnicodeCharacter{1E03}{\dotaccent{b}}% + \DeclareUnicodeCharacter{1E04}{\udotaccent{B}}% + \DeclareUnicodeCharacter{1E05}{\udotaccent{b}}% + \DeclareUnicodeCharacter{1E06}{\ubaraccent{B}}% + \DeclareUnicodeCharacter{1E07}{\ubaraccent{b}}% + \DeclareUnicodeCharacter{1E0A}{\dotaccent{D}}% + \DeclareUnicodeCharacter{1E0B}{\dotaccent{d}}% + \DeclareUnicodeCharacter{1E0C}{\udotaccent{D}}% + \DeclareUnicodeCharacter{1E0D}{\udotaccent{d}}% + \DeclareUnicodeCharacter{1E0E}{\ubaraccent{D}}% + \DeclareUnicodeCharacter{1E0F}{\ubaraccent{d}}% + % + \DeclareUnicodeCharacter{1E1E}{\dotaccent{F}}% + \DeclareUnicodeCharacter{1E1F}{\dotaccent{f}}% + % + \DeclareUnicodeCharacter{1E20}{\=G}% + \DeclareUnicodeCharacter{1E21}{\=g}% + \DeclareUnicodeCharacter{1E22}{\dotaccent{H}}% + \DeclareUnicodeCharacter{1E23}{\dotaccent{h}}% + \DeclareUnicodeCharacter{1E24}{\udotaccent{H}}% + \DeclareUnicodeCharacter{1E25}{\udotaccent{h}}% + \DeclareUnicodeCharacter{1E26}{\"H}% + \DeclareUnicodeCharacter{1E27}{\"h}% + % + \DeclareUnicodeCharacter{1E30}{\'K}% + \DeclareUnicodeCharacter{1E31}{\'k}% + \DeclareUnicodeCharacter{1E32}{\udotaccent{K}}% + \DeclareUnicodeCharacter{1E33}{\udotaccent{k}}% + \DeclareUnicodeCharacter{1E34}{\ubaraccent{K}}% + \DeclareUnicodeCharacter{1E35}{\ubaraccent{k}}% + \DeclareUnicodeCharacter{1E36}{\udotaccent{L}}% + \DeclareUnicodeCharacter{1E37}{\udotaccent{l}}% + \DeclareUnicodeCharacter{1E3A}{\ubaraccent{L}}% + \DeclareUnicodeCharacter{1E3B}{\ubaraccent{l}}% + \DeclareUnicodeCharacter{1E3E}{\'M}% + \DeclareUnicodeCharacter{1E3F}{\'m}% + % + \DeclareUnicodeCharacter{1E40}{\dotaccent{M}}% + \DeclareUnicodeCharacter{1E41}{\dotaccent{m}}% + \DeclareUnicodeCharacter{1E42}{\udotaccent{M}}% + \DeclareUnicodeCharacter{1E43}{\udotaccent{m}}% + \DeclareUnicodeCharacter{1E44}{\dotaccent{N}}% + \DeclareUnicodeCharacter{1E45}{\dotaccent{n}}% + \DeclareUnicodeCharacter{1E46}{\udotaccent{N}}% + \DeclareUnicodeCharacter{1E47}{\udotaccent{n}}% + \DeclareUnicodeCharacter{1E48}{\ubaraccent{N}}% + \DeclareUnicodeCharacter{1E49}{\ubaraccent{n}}% + % + \DeclareUnicodeCharacter{1E54}{\'P}% + \DeclareUnicodeCharacter{1E55}{\'p}% + \DeclareUnicodeCharacter{1E56}{\dotaccent{P}}% + \DeclareUnicodeCharacter{1E57}{\dotaccent{p}}% + \DeclareUnicodeCharacter{1E58}{\dotaccent{R}}% + \DeclareUnicodeCharacter{1E59}{\dotaccent{r}}% + \DeclareUnicodeCharacter{1E5A}{\udotaccent{R}}% + \DeclareUnicodeCharacter{1E5B}{\udotaccent{r}}% + \DeclareUnicodeCharacter{1E5E}{\ubaraccent{R}}% + \DeclareUnicodeCharacter{1E5F}{\ubaraccent{r}}% + % + \DeclareUnicodeCharacter{1E60}{\dotaccent{S}}% + \DeclareUnicodeCharacter{1E61}{\dotaccent{s}}% + \DeclareUnicodeCharacter{1E62}{\udotaccent{S}}% + \DeclareUnicodeCharacter{1E63}{\udotaccent{s}}% + \DeclareUnicodeCharacter{1E6A}{\dotaccent{T}}% + \DeclareUnicodeCharacter{1E6B}{\dotaccent{t}}% + \DeclareUnicodeCharacter{1E6C}{\udotaccent{T}}% + \DeclareUnicodeCharacter{1E6D}{\udotaccent{t}}% + \DeclareUnicodeCharacter{1E6E}{\ubaraccent{T}}% + \DeclareUnicodeCharacter{1E6F}{\ubaraccent{t}}% + % + \DeclareUnicodeCharacter{1E7C}{\~V}% + \DeclareUnicodeCharacter{1E7D}{\~v}% + \DeclareUnicodeCharacter{1E7E}{\udotaccent{V}}% + \DeclareUnicodeCharacter{1E7F}{\udotaccent{v}}% + % + \DeclareUnicodeCharacter{1E80}{\`W}% + \DeclareUnicodeCharacter{1E81}{\`w}% + \DeclareUnicodeCharacter{1E82}{\'W}% + \DeclareUnicodeCharacter{1E83}{\'w}% + \DeclareUnicodeCharacter{1E84}{\"W}% + \DeclareUnicodeCharacter{1E85}{\"w}% + \DeclareUnicodeCharacter{1E86}{\dotaccent{W}}% + \DeclareUnicodeCharacter{1E87}{\dotaccent{w}}% + \DeclareUnicodeCharacter{1E88}{\udotaccent{W}}% + \DeclareUnicodeCharacter{1E89}{\udotaccent{w}}% + \DeclareUnicodeCharacter{1E8A}{\dotaccent{X}}% + \DeclareUnicodeCharacter{1E8B}{\dotaccent{x}}% + \DeclareUnicodeCharacter{1E8C}{\"X}% + \DeclareUnicodeCharacter{1E8D}{\"x}% + \DeclareUnicodeCharacter{1E8E}{\dotaccent{Y}}% + \DeclareUnicodeCharacter{1E8F}{\dotaccent{y}}% + % + \DeclareUnicodeCharacter{1E90}{\^Z}% + \DeclareUnicodeCharacter{1E91}{\^z}% + \DeclareUnicodeCharacter{1E92}{\udotaccent{Z}}% + \DeclareUnicodeCharacter{1E93}{\udotaccent{z}}% + \DeclareUnicodeCharacter{1E94}{\ubaraccent{Z}}% + \DeclareUnicodeCharacter{1E95}{\ubaraccent{z}}% + \DeclareUnicodeCharacter{1E96}{\ubaraccent{h}}% + \DeclareUnicodeCharacter{1E97}{\"t}% + \DeclareUnicodeCharacter{1E98}{\ringaccent{w}}% + \DeclareUnicodeCharacter{1E99}{\ringaccent{y}}% + % + \DeclareUnicodeCharacter{1EA0}{\udotaccent{A}}% + \DeclareUnicodeCharacter{1EA1}{\udotaccent{a}}% + % + \DeclareUnicodeCharacter{1EB8}{\udotaccent{E}}% + \DeclareUnicodeCharacter{1EB9}{\udotaccent{e}}% + \DeclareUnicodeCharacter{1EBC}{\~E}% + \DeclareUnicodeCharacter{1EBD}{\~e}% + % + \DeclareUnicodeCharacter{1ECA}{\udotaccent{I}}% + \DeclareUnicodeCharacter{1ECB}{\udotaccent{i}}% + \DeclareUnicodeCharacter{1ECC}{\udotaccent{O}}% + \DeclareUnicodeCharacter{1ECD}{\udotaccent{o}}% + % + \DeclareUnicodeCharacter{1EE4}{\udotaccent{U}}% + \DeclareUnicodeCharacter{1EE5}{\udotaccent{u}}% + % + \DeclareUnicodeCharacter{1EF2}{\`Y}% + \DeclareUnicodeCharacter{1EF3}{\`y}% + \DeclareUnicodeCharacter{1EF4}{\udotaccent{Y}}% + % + \DeclareUnicodeCharacter{1EF8}{\~Y}% + \DeclareUnicodeCharacter{1EF9}{\~y}% + % + % Punctuation + \DeclareUnicodeCharacter{2013}{--}% + \DeclareUnicodeCharacter{2014}{---}% + \DeclareUnicodeCharacter{2018}{\quoteleft{}}% + \DeclareUnicodeCharacter{2019}{\quoteright{}}% + \DeclareUnicodeCharacter{201A}{\quotesinglbase{}}% + \DeclareUnicodeCharacter{201C}{\quotedblleft{}}% + \DeclareUnicodeCharacter{201D}{\quotedblright{}}% + \DeclareUnicodeCharacter{201E}{\quotedblbase{}}% + \DeclareUnicodeCharacter{2020}{\ensuremath\dagger}% + \DeclareUnicodeCharacter{2021}{\ensuremath\ddagger}% + \DeclareUnicodeCharacter{2022}{\bullet{}}% + \DeclareUnicodeCharacter{202F}{\thinspace}% + \DeclareUnicodeCharacter{2026}{\dots{}}% + \DeclareUnicodeCharacter{2039}{\guilsinglleft{}}% + \DeclareUnicodeCharacter{203A}{\guilsinglright{}}% + % + \DeclareUnicodeCharacter{20AC}{\euro{}}% + % + \DeclareUnicodeCharacter{2192}{\expansion{}}% + \DeclareUnicodeCharacter{21D2}{\result{}}% + % + % Mathematical symbols + \DeclareUnicodeCharacter{2200}{\ensuremath\forall}% + \DeclareUnicodeCharacter{2203}{\ensuremath\exists}% + \DeclareUnicodeCharacter{2208}{\ensuremath\in}% + \DeclareUnicodeCharacter{2212}{\minus{}}% + \DeclareUnicodeCharacter{2217}{\ast}% + \DeclareUnicodeCharacter{221E}{\ensuremath\infty}% + \DeclareUnicodeCharacter{2225}{\ensuremath\parallel}% + \DeclareUnicodeCharacter{2227}{\ensuremath\wedge}% + \DeclareUnicodeCharacter{2229}{\ensuremath\cap}% + \DeclareUnicodeCharacter{2261}{\equiv{}}% + \DeclareUnicodeCharacter{2264}{\ensuremath\leq}% + \DeclareUnicodeCharacter{2265}{\ensuremath\geq}% + \DeclareUnicodeCharacter{2282}{\ensuremath\subset}% + \DeclareUnicodeCharacter{2287}{\ensuremath\supseteq}% + % + \DeclareUnicodeCharacter{2016}{\ensuremath\Vert}% + \DeclareUnicodeCharacter{2032}{\ensuremath\prime}% + \DeclareUnicodeCharacter{210F}{\ensuremath\hbar}% + \DeclareUnicodeCharacter{2111}{\ensuremath\Im}% + \DeclareUnicodeCharacter{2113}{\ensuremath\ell}% + \DeclareUnicodeCharacter{2118}{\ensuremath\wp}% + \DeclareUnicodeCharacter{211C}{\ensuremath\Re}% + \DeclareUnicodeCharacter{2135}{\ensuremath\aleph}% + \DeclareUnicodeCharacter{2190}{\ensuremath\leftarrow}% + \DeclareUnicodeCharacter{2191}{\ensuremath\uparrow}% + \DeclareUnicodeCharacter{2193}{\ensuremath\downarrow}% + \DeclareUnicodeCharacter{2194}{\ensuremath\leftrightarrow}% + \DeclareUnicodeCharacter{2195}{\ensuremath\updownarrow}% + \DeclareUnicodeCharacter{2196}{\ensuremath\nwarrow}% + \DeclareUnicodeCharacter{2197}{\ensuremath\nearrow}% + \DeclareUnicodeCharacter{2198}{\ensuremath\searrow}% + \DeclareUnicodeCharacter{2199}{\ensuremath\swarrow}% + \DeclareUnicodeCharacter{21A6}{\ensuremath\mapsto}% + \DeclareUnicodeCharacter{21A9}{\ensuremath\hookleftarrow}% + \DeclareUnicodeCharacter{21AA}{\ensuremath\hookrightarrow}% + \DeclareUnicodeCharacter{21BC}{\ensuremath\leftharpoonup}% + \DeclareUnicodeCharacter{21BD}{\ensuremath\leftharpoondown}% + \DeclareUnicodeCharacter{21C0}{\ensuremath\rightharpoonup}% + \DeclareUnicodeCharacter{21C1}{\ensuremath\rightharpoondown}% + \DeclareUnicodeCharacter{21CC}{\ensuremath\rightleftharpoons}% + \DeclareUnicodeCharacter{21D0}{\ensuremath\Leftarrow}% + \DeclareUnicodeCharacter{21D1}{\ensuremath\Uparrow}% + \DeclareUnicodeCharacter{21D3}{\ensuremath\Downarrow}% + \DeclareUnicodeCharacter{21D4}{\ensuremath\Leftrightarrow}% + \DeclareUnicodeCharacter{21D5}{\ensuremath\Updownarrow}% + \DeclareUnicodeCharacter{2202}{\ensuremath\partial}% + \DeclareUnicodeCharacter{2205}{\ensuremath\emptyset}% + \DeclareUnicodeCharacter{2207}{\ensuremath\nabla}% + \DeclareUnicodeCharacter{2209}{\ensuremath\notin}% + \DeclareUnicodeCharacter{220B}{\ensuremath\owns}% + \DeclareUnicodeCharacter{220F}{\ensuremath\prod}% + \DeclareUnicodeCharacter{2210}{\ensuremath\coprod}% + \DeclareUnicodeCharacter{2211}{\ensuremath\sum}% + \DeclareUnicodeCharacter{2213}{\ensuremath\mp}% + \DeclareUnicodeCharacter{2218}{\ensuremath\circ}% + \DeclareUnicodeCharacter{221A}{\ensuremath\surd}% + \DeclareUnicodeCharacter{221D}{\ensuremath\propto}% + \DeclareUnicodeCharacter{2220}{\ensuremath\angle}% + \DeclareUnicodeCharacter{2223}{\ensuremath\mid}% + \DeclareUnicodeCharacter{2228}{\ensuremath\vee}% + \DeclareUnicodeCharacter{222A}{\ensuremath\cup}% + \DeclareUnicodeCharacter{222B}{\ensuremath\smallint}% + \DeclareUnicodeCharacter{222E}{\ensuremath\oint}% + \DeclareUnicodeCharacter{223C}{\ensuremath\sim}% + \DeclareUnicodeCharacter{2240}{\ensuremath\wr}% + \DeclareUnicodeCharacter{2243}{\ensuremath\simeq}% + \DeclareUnicodeCharacter{2245}{\ensuremath\cong}% + \DeclareUnicodeCharacter{2248}{\ensuremath\approx}% + \DeclareUnicodeCharacter{224D}{\ensuremath\asymp}% + \DeclareUnicodeCharacter{2250}{\ensuremath\doteq}% + \DeclareUnicodeCharacter{2260}{\ensuremath\neq}% + \DeclareUnicodeCharacter{226A}{\ensuremath\ll}% + \DeclareUnicodeCharacter{226B}{\ensuremath\gg}% + \DeclareUnicodeCharacter{227A}{\ensuremath\prec}% + \DeclareUnicodeCharacter{227B}{\ensuremath\succ}% + \DeclareUnicodeCharacter{2283}{\ensuremath\supset}% + \DeclareUnicodeCharacter{2286}{\ensuremath\subseteq}% + \DeclareUnicodeCharacter{228E}{\ensuremath\uplus}% + \DeclareUnicodeCharacter{2291}{\ensuremath\sqsubseteq}% + \DeclareUnicodeCharacter{2292}{\ensuremath\sqsupseteq}% + \DeclareUnicodeCharacter{2293}{\ensuremath\sqcap}% + \DeclareUnicodeCharacter{2294}{\ensuremath\sqcup}% + \DeclareUnicodeCharacter{2295}{\ensuremath\oplus}% + \DeclareUnicodeCharacter{2296}{\ensuremath\ominus}% + \DeclareUnicodeCharacter{2297}{\ensuremath\otimes}% + \DeclareUnicodeCharacter{2298}{\ensuremath\oslash}% + \DeclareUnicodeCharacter{2299}{\ensuremath\odot}% + \DeclareUnicodeCharacter{22A2}{\ensuremath\vdash}% + \DeclareUnicodeCharacter{22A3}{\ensuremath\dashv}% + \DeclareUnicodeCharacter{22A4}{\ensuremath\ptextop}% + \DeclareUnicodeCharacter{22A5}{\ensuremath\bot}% + \DeclareUnicodeCharacter{22A8}{\ensuremath\models}% + \DeclareUnicodeCharacter{22C0}{\ensuremath\bigwedge}% + \DeclareUnicodeCharacter{22C1}{\ensuremath\bigvee}% + \DeclareUnicodeCharacter{22C2}{\ensuremath\bigcap}% + \DeclareUnicodeCharacter{22C3}{\ensuremath\bigcup}% + \DeclareUnicodeCharacter{22C4}{\ensuremath\diamond}% + \DeclareUnicodeCharacter{22C5}{\ensuremath\cdot}% + \DeclareUnicodeCharacter{22C6}{\ensuremath\star}% + \DeclareUnicodeCharacter{22C8}{\ensuremath\bowtie}% + \DeclareUnicodeCharacter{2308}{\ensuremath\lceil}% + \DeclareUnicodeCharacter{2309}{\ensuremath\rceil}% + \DeclareUnicodeCharacter{230A}{\ensuremath\lfloor}% + \DeclareUnicodeCharacter{230B}{\ensuremath\rfloor}% + \DeclareUnicodeCharacter{2322}{\ensuremath\frown}% + \DeclareUnicodeCharacter{2323}{\ensuremath\smile}% + % + \DeclareUnicodeCharacter{25B3}{\ensuremath\triangle}% + \DeclareUnicodeCharacter{25B7}{\ensuremath\triangleright}% + \DeclareUnicodeCharacter{25BD}{\ensuremath\bigtriangledown}% + \DeclareUnicodeCharacter{25C1}{\ensuremath\triangleleft}% + \DeclareUnicodeCharacter{25C7}{\ensuremath\diamond}% + \DeclareUnicodeCharacter{2660}{\ensuremath\spadesuit}% + \DeclareUnicodeCharacter{2661}{\ensuremath\heartsuit}% + \DeclareUnicodeCharacter{2662}{\ensuremath\diamondsuit}% + \DeclareUnicodeCharacter{2663}{\ensuremath\clubsuit}% + \DeclareUnicodeCharacter{266D}{\ensuremath\flat}% + \DeclareUnicodeCharacter{266E}{\ensuremath\natural}% + \DeclareUnicodeCharacter{266F}{\ensuremath\sharp}% + \DeclareUnicodeCharacter{26AA}{\ensuremath\bigcirc}% + \DeclareUnicodeCharacter{27B9}{\ensuremath\rangle}% + \DeclareUnicodeCharacter{27C2}{\ensuremath\perp}% + \DeclareUnicodeCharacter{27E8}{\ensuremath\langle}% + \DeclareUnicodeCharacter{27F5}{\ensuremath\longleftarrow}% + \DeclareUnicodeCharacter{27F6}{\ensuremath\longrightarrow}% + \DeclareUnicodeCharacter{27F7}{\ensuremath\longleftrightarrow}% + \DeclareUnicodeCharacter{27FC}{\ensuremath\longmapsto}% + \DeclareUnicodeCharacter{29F5}{\ensuremath\setminus}% + \DeclareUnicodeCharacter{2A00}{\ensuremath\bigodot}% + \DeclareUnicodeCharacter{2A01}{\ensuremath\bigoplus}% + \DeclareUnicodeCharacter{2A02}{\ensuremath\bigotimes}% + \DeclareUnicodeCharacter{2A04}{\ensuremath\biguplus}% + \DeclareUnicodeCharacter{2A06}{\ensuremath\bigsqcup}% + \DeclareUnicodeCharacter{2A3F}{\ensuremath\amalg}% + \DeclareUnicodeCharacter{2AAF}{\ensuremath\preceq}% + \DeclareUnicodeCharacter{2AB0}{\ensuremath\succeq}% + % + \global\mathchardef\checkmark="1370% actually the square root sign + \DeclareUnicodeCharacter{2713}{\ensuremath\checkmark}% +}% end of \unicodechardefs + +% UTF-8 byte sequence (pdfTeX) definitions (replacing and @U command) +% It makes the setting that replace UTF-8 byte sequence. +\def\utfeightchardefs{% + \let\DeclareUnicodeCharacter\DeclareUnicodeCharacterUTFviii + \unicodechardefs +} + +% Whether the active definitions of non-ASCII characters expand to +% non-active tokens with the same character code. This is used to +% write characters literally, instead of using active definitions for +% printing the correct glyphs. +\newif\ifpassthroughchars +\passthroughcharsfalse + +% For native Unicode handling (XeTeX and LuaTeX), +% provide a definition macro to replace/pass-through a Unicode character +% +\def\DeclareUnicodeCharacterNative#1#2{% + \catcode"#1=\active + \def\dodeclareunicodecharacternative##1##2##3{% + \begingroup + \uccode`\~="##2\relax + \uppercase{\gdef~}{% + \ifpassthroughchars + ##1% + \else + ##3% + \fi + } + \endgroup + } + \begingroup + \uccode`\.="#1\relax + \uppercase{\def\UTFNativeTmp{.}}% + \expandafter\dodeclareunicodecharacternative\UTFNativeTmp{#1}{#2}% + \endgroup +} + +% Native Unicode handling (XeTeX and LuaTeX) character replacing definition. +% It activates the setting that replaces Unicode characters. +\def\nativeunicodechardefs{% + \let\DeclareUnicodeCharacter\DeclareUnicodeCharacterNative + \unicodechardefs +} + +% For native Unicode handling (XeTeX and LuaTeX), +% make the character token expand +% to the sequences given in \unicodechardefs for printing. +\def\DeclareUnicodeCharacterNativeAtU#1#2{% + \def\UTFAtUTmp{#2} + \expandafter\globallet\csname uni:#1\endcsname \UTFAtUTmp +} + +% @U command definitions for native Unicode handling (XeTeX and LuaTeX). +\def\nativeunicodechardefsatu{% + \let\DeclareUnicodeCharacter\DeclareUnicodeCharacterNativeAtU + \unicodechardefs +} + +% US-ASCII character definitions. +\def\asciichardefs{% nothing need be done + \relax +} + +% Define all Unicode characters we know about. This makes UTF-8 the default +% input encoding and allows @U to work. +\iftxinativeunicodecapable + \nativeunicodechardefsatu +\else + \utfeightchardefs +\fi + +\message{formatting,} + +\newdimen\defaultparindent \defaultparindent = 15pt + +\chapheadingskip = 15pt plus 4pt minus 2pt +\secheadingskip = 12pt plus 3pt minus 2pt +\subsecheadingskip = 9pt plus 2pt minus 2pt + +% Prevent underfull vbox error messages. +\vbadness = 10000 + +% Don't be very finicky about underfull hboxes, either. +\hbadness = 6666 + +% Following George Bush, get rid of widows and orphans. +\widowpenalty=10000 +\clubpenalty=10000 + +% Use TeX 3.0's \emergencystretch to help line breaking, but if we're +% using an old version of TeX, don't do anything. We want the amount of +% stretch added to depend on the line length, hence the dependence on +% \hsize. We call this whenever the paper size is set. +% +\def\setemergencystretch{% + \ifx\emergencystretch\thisisundefined + % Allow us to assign to \emergencystretch anyway. + \def\emergencystretch{\dimen0}% + \else + \emergencystretch = .15\hsize + \fi +} + +% Parameters in order: 1) textheight; 2) textwidth; +% 3) voffset; 4) hoffset; 5) binding offset; 6) topskip; +% 7) physical page height; 8) physical page width. +% +% We also call \setleading{\textleading}, so the caller should define +% \textleading. The caller should also set \parskip. +% +\def\internalpagesizes#1#2#3#4#5#6#7#8{% + \voffset = #3\relax + \topskip = #6\relax + \splittopskip = \topskip + % + \vsize = #1\relax + \advance\vsize by \topskip + \outervsize = \vsize + \advance\outervsize by 2\topandbottommargin + \txipageheight = \vsize + % + \hsize = #2\relax + \outerhsize = \hsize + \advance\outerhsize by 0.5in + \txipagewidth = \hsize + % + \normaloffset = #4\relax + \bindingoffset = #5\relax + % + \ifpdf + \pdfpageheight #7\relax + \pdfpagewidth #8\relax + % if we don't reset these, they will remain at "1 true in" of + % whatever layout pdftex was dumped with. + \pdfhorigin = 1 true in + \pdfvorigin = 1 true in + \else + \ifx\XeTeXrevision\thisisundefined + \special{papersize=#8,#7}% + \else + \pdfpageheight #7\relax + \pdfpagewidth #8\relax + % XeTeX does not have \pdfhorigin and \pdfvorigin. + \fi + \fi + % + \setleading{\textleading} + % + \parindent = \defaultparindent + \setemergencystretch +} + +% @letterpaper (the default). +\def\letterpaper{{\globaldefs = 1 + \parskip = 3pt plus 2pt minus 1pt + \textleading = 13.2pt + % + % If page is nothing but text, make it come out even. + \internalpagesizes{607.2pt}{6in}% that's 46 lines + {\voffset}{.25in}% + {\bindingoffset}{36pt}% + {11in}{8.5in}% +}} + +% Use @smallbook to reset parameters for 7x9.25 trim size. +\def\smallbook{{\globaldefs = 1 + \parskip = 2pt plus 1pt + \textleading = 12pt + % + \internalpagesizes{7.5in}{5in}% + {-.2in}{0in}% + {\bindingoffset}{16pt}% + {9.25in}{7in}% + % + \lispnarrowing = 0.3in + \tolerance = 700 + \contentsrightmargin = 0pt + \defbodyindent = .5cm +}} + +% Use @smallerbook to reset parameters for 6x9 trim size. +% (Just testing, parameters still in flux.) +\def\smallerbook{{\globaldefs = 1 + \parskip = 1.5pt plus 1pt + \textleading = 12pt + % + \internalpagesizes{7.4in}{4.8in}% + {-.2in}{-.4in}% + {0pt}{14pt}% + {9in}{6in}% + % + \lispnarrowing = 0.25in + \tolerance = 700 + \contentsrightmargin = 0pt + \defbodyindent = .4cm +}} + +% Use @afourpaper to print on European A4 paper. +\def\afourpaper{{\globaldefs = 1 + \parskip = 3pt plus 2pt minus 1pt + \textleading = 13.2pt + % + % Double-side printing via postscript on Laserjet 4050 + % prints double-sided nicely when \bindingoffset=10mm and \hoffset=-6mm. + % To change the settings for a different printer or situation, adjust + % \normaloffset until the front-side and back-side texts align. Then + % do the same for \bindingoffset. You can set these for testing in + % your texinfo source file like this: + % @tex + % \global\normaloffset = -6mm + % \global\bindingoffset = 10mm + % @end tex + \internalpagesizes{673.2pt}{160mm}% that's 51 lines + {\voffset}{\hoffset}% + {\bindingoffset}{44pt}% + {297mm}{210mm}% + % + \tolerance = 700 + \contentsrightmargin = 0pt + \defbodyindent = 5mm +}} + +% Use @afivepaper to print on European A5 paper. +% From romildo@urano.iceb.ufop.br, 2 July 2000. +% He also recommends making @example and @lisp be small. +\def\afivepaper{{\globaldefs = 1 + \parskip = 2pt plus 1pt minus 0.1pt + \textleading = 12.5pt + % + \internalpagesizes{160mm}{120mm}% + {\voffset}{\hoffset}% + {\bindingoffset}{8pt}% + {210mm}{148mm}% + % + \lispnarrowing = 0.2in + \tolerance = 800 + \contentsrightmargin = 0pt + \defbodyindent = 2mm + \tableindent = 12mm +}} + +% A specific text layout, 24x15cm overall, intended for A4 paper. +\def\afourlatex{{\globaldefs = 1 + \afourpaper + \internalpagesizes{237mm}{150mm}% + {\voffset}{4.6mm}% + {\bindingoffset}{7mm}% + {297mm}{210mm}% + % + % Must explicitly reset to 0 because we call \afourpaper. + \globaldefs = 0 +}} + +% Use @afourwide to print on A4 paper in landscape format. +\def\afourwide{{\globaldefs = 1 + \afourpaper + \internalpagesizes{241mm}{165mm}% + {\voffset}{-2.95mm}% + {\bindingoffset}{7mm}% + {297mm}{210mm}% + \globaldefs = 0 +}} + +% @pagesizes TEXTHEIGHT[,TEXTWIDTH] +% Perhaps we should allow setting the margins, \topskip, \parskip, +% and/or leading, also. Or perhaps we should compute them somehow. +% +\parseargdef\pagesizes{\pagesizesyyy #1,,\finish} +\def\pagesizesyyy#1,#2,#3\finish{{% + \setbox0 = \hbox{\ignorespaces #2}\ifdim\wd0 > 0pt \hsize=#2\relax \fi + \globaldefs = 1 + % + \parskip = 3pt plus 2pt minus 1pt + \setleading{\textleading}% + % + \dimen0 = #1\relax + \advance\dimen0 by \voffset + \advance\dimen0 by 1in % reference point for DVI is 1 inch from top of page + % + \dimen2 = \hsize + \advance\dimen2 by \normaloffset + \advance\dimen2 by 1in % reference point is 1 inch from left edge of page + % + \internalpagesizes{#1}{\hsize}% + {\voffset}{\normaloffset}% + {\bindingoffset}{44pt}% + {\dimen0}{\dimen2}% +}} + +% Set default to letter. +% +\letterpaper + +% Default value of \hfuzz, for suppressing warnings about overfull hboxes. +\hfuzz = 1pt + + +\message{and turning on texinfo input format.} + +\def^^L{\par} % remove \outer, so ^L can appear in an @comment + +% DEL is a comment character, in case @c does not suffice. +\catcode`\^^? = 14 + +% Define macros to output various characters with catcode for normal text. +\catcode`\"=\other \def\normaldoublequote{"} +\catcode`\$=\other \def\normaldollar{$}%$ font-lock fix +\catcode`\+=\other \def\normalplus{+} +\catcode`\<=\other \def\normalless{<} +\catcode`\>=\other \def\normalgreater{>} +\catcode`\^=\other \def\normalcaret{^} +\catcode`\_=\other \def\normalunderscore{_} +\catcode`\|=\other \def\normalverticalbar{|} +\catcode`\~=\other \def\normaltilde{~} + +% This macro is used to make a character print one way in \tt +% (where it can probably be output as-is), and another way in other fonts, +% where something hairier probably needs to be done. +% +% #1 is what to print if we are indeed using \tt; #2 is what to print +% otherwise. Since all the Computer Modern typewriter fonts have zero +% interword stretch (and shrink), and it is reasonable to expect all +% typewriter fonts to have this, we can check that font parameter. +% +\def\ifusingtt#1#2{\ifdim \fontdimen3\font=0pt #1\else #2\fi} + +% Same as above, but check for italic font. Actually this also catches +% non-italic slanted fonts since it is impossible to distinguish them from +% italic fonts. But since this is only used by $ and it uses \sl anyway +% this is not a problem. +\def\ifusingit#1#2{\ifdim \fontdimen1\font>0pt #1\else #2\fi} + +% Set catcodes for Texinfo file + +% Active characters for printing the wanted glyph. +% Most of these we simply print from the \tt font, but for some, we can +% use math or other variants that look better in normal text. +% +\catcode`\"=\active +\def\activedoublequote{{\tt\char34}} +\let"=\activedoublequote +\catcode`\~=\active \def\activetilde{{\tt\char126}} \let~ = \activetilde +\chardef\hatchar=`\^ +\catcode`\^=\active \def\activehat{{\tt \hatchar}} \let^ = \activehat + +\catcode`\_=\active +\def_{\ifusingtt\normalunderscore\_} +\def\_{\leavevmode \kern.07em \vbox{\hrule width.3em height.1ex}\kern .07em } +\let\realunder=_ + +\catcode`\|=\active \def|{{\tt\char124}} + +\chardef \less=`\< +\catcode`\<=\active \def\activeless{{\tt \less}}\let< = \activeless +\chardef \gtr=`\> +\catcode`\>=\active \def\activegtr{{\tt \gtr}}\let> = \activegtr +\catcode`\+=\active \def+{{\tt \char 43}} +\catcode`\$=\active \def${\ifusingit{{\sl\$}}\normaldollar}%$ font-lock fix +\catcode`\-=\active \let-=\normaldash + + +% used for headline/footline in the output routine, in case the page +% breaks in the middle of an @tex block. +\def\texinfochars{% + \let< = \activeless + \let> = \activegtr + \let~ = \activetilde + \let^ = \activehat + \markupsetuplqdefault \markupsetuprqdefault + \let\b = \strong + \let\i = \smartitalic + % in principle, all other definitions in \tex have to be undone too. +} + +% Used sometimes to turn off (effectively) the active characters even after +% parsing them. +\def\turnoffactive{% + \normalturnoffactive + \otherbackslash +} + +\catcode`\@=0 + +% \backslashcurfont outputs one backslash character in current font, +% as in \char`\\. +\global\chardef\backslashcurfont=`\\ + +% \realbackslash is an actual character `\' with catcode other. +{\catcode`\\=\other @gdef@realbackslash{\}} + +% In Texinfo, backslash is an active character; it prints the backslash +% in fixed width font. +\catcode`\\=\active % @ for escape char from now on. + +% Print a typewriter backslash. For math mode, we can't simply use +% \backslashcurfont: the story here is that in math mode, the \char +% of \backslashcurfont ends up printing the roman \ from the math symbol +% font (because \char in math mode uses the \mathcode, and plain.tex +% sets \mathcode`\\="026E). Hence we use an explicit \mathchar, +% which is the decimal equivalent of "715c (class 7, e.g., use \fam; +% ignored family value; char position "5C). We can't use " for the +% usual hex value because it has already been made active. + +@def@ttbackslash{{@tt @ifmmode @mathchar29020 @else @backslashcurfont @fi}} +@let@backslashchar = @ttbackslash % @backslashchar{} is for user documents. + +% \otherbackslash defines an active \ to be a literal `\' character with +% catcode other. +@gdef@otherbackslash{@let\=@realbackslash} + +% Same as @turnoffactive except outputs \ as {\tt\char`\\} instead of +% the literal character `\'. +% +{@catcode`- = @active + @gdef@normalturnoffactive{% + @passthroughcharstrue + @let-=@normaldash + @let"=@normaldoublequote + @let$=@normaldollar %$ font-lock fix + @let+=@normalplus + @let<=@normalless + @let>=@normalgreater + @let^=@normalcaret + @let_=@normalunderscore + @let|=@normalverticalbar + @let~=@normaltilde + @let\=@ttbackslash + @markupsetuplqdefault + @markupsetuprqdefault + @unsepspaces + } +} + +% If a .fmt file is being used, characters that might appear in a file +% name cannot be active until we have parsed the command line. +% So turn them off again, and have @fixbackslash turn them back on. +@catcode`+=@other @catcode`@_=@other + +% \enablebackslashhack - allow file to begin `\input texinfo' +% +% If a .fmt file is being used, we don't want the `\input texinfo' to show up. +% That is what \eatinput is for; after that, the `\' should revert to printing +% a backslash. +% If the file did not have a `\input texinfo', then it is turned off after +% the first line; otherwise the first `\' in the file would cause an error. +% This is used on the very last line of this file, texinfo.tex. +% We also use @c to call @fixbackslash, in case ends of lines are hidden. +{ +@catcode`@^=7 +@catcode`@^^M=13@gdef@enablebackslashhack{% + @global@let\ = @eatinput% + @catcode`@^^M=13% + @def@c{@fixbackslash@c}% + % Definition for the newline at the end of this file. + @def ^^M{@let^^M@secondlinenl}% + % Definition for a newline in the main Texinfo file. + @gdef @secondlinenl{@fixbackslash}% + % In case the first line has a whole-line command on it + @let@originalparsearg@parsearg + @def@parsearg{@fixbackslash@originalparsearg} +}} + +{@catcode`@^=7 @catcode`@^^M=13% +@gdef@eatinput input texinfo#1^^M{@fixbackslash}} + +% Emergency active definition of newline, in case an active newline token +% appears by mistake. +{@catcode`@^=7 @catcode13=13% +@gdef@enableemergencynewline{% + @gdef^^M{% + @par% + %@par% +}}} + + +@gdef@fixbackslash{% + @ifx\@eatinput @let\ = @ttbackslash @fi + @catcode13=5 % regular end of line + @enableemergencynewline + @let@c=@comment + @let@parsearg@originalparsearg + % Also turn back on active characters that might appear in the input + % file name, in case not using a pre-dumped format. + @catcode`+=@active + @catcode`@_=@active + % + % If texinfo.cnf is present on the system, read it. + % Useful for site-wide @afourpaper, etc. This macro, @fixbackslash, gets + % called at the beginning of every Texinfo file. Not opening texinfo.cnf + % directly in this file, texinfo.tex, makes it possible to make a format + % file for Texinfo. + % + @openin 1 texinfo.cnf + @ifeof 1 @else @input texinfo.cnf @fi + @closein 1 +} + + +% Say @foo, not \foo, in error messages. +@escapechar = `@@ + +% These (along with & and #) are made active for url-breaking, so need +% active definitions as the normal characters. +@def@normaldot{.} +@def@normalquest{?} +@def@normalslash{/} + +% These look ok in all fonts, so just make them not special. +% @hashchar{} gets its own user-level command, because of #line. +@catcode`@& = @other @def@normalamp{&} +@catcode`@# = @other @def@normalhash{#} +@catcode`@% = @other @def@normalpercent{%} + +@let @hashchar = @normalhash + +@c Finally, make ` and ' active, so that txicodequoteundirected and +@c txicodequotebacktick work right in, e.g., @w{@code{`foo'}}. If we +@c don't make ` and ' active, @code will not get them as active chars. +@c Do this last of all since we use ` in the previous @catcode assignments. +@catcode`@'=@active +@catcode`@`=@active +@markupsetuplqdefault +@markupsetuprqdefault + +@c Local variables: +@c eval: (add-hook 'before-save-hook 'time-stamp) +@c page-delimiter: "^\\\\message\\|emacs-page" +@c time-stamp-start: "def\\\\texinfoversion{" +@c time-stamp-format: "%:y-%02m-%02d.%02H" +@c time-stamp-end: "}" +@c End: + +@c vim:sw=2: + +@enablebackslashhack diff --git a/build-aux/useless-if-before-free b/build-aux/useless-if-before-free new file mode 100755 index 0000000..6d6b8d4 --- /dev/null +++ b/build-aux/useless-if-before-free @@ -0,0 +1,210 @@ +eval '(exit $?0)' && eval 'exec perl -wST "$0" "$@"' + & eval 'exec perl -wST "$0" $argv:q' + if 0; +# Detect instances of "if (p) free (p);". +# Likewise "if (p != 0)", "if (0 != p)", or with NULL; and with braces. + +my $VERSION = '2018-03-07 03:47'; # UTC +# The definition above must lie within the first 8 lines in order +# for the Emacs time-stamp write hook (at end) to update it. +# If you change this file with Emacs, please let the write hook +# do its job. Otherwise, update this string manually. + +# Copyright (C) 2008-2019 Free Software Foundation, Inc. + +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +# Written by Jim Meyering + +use strict; +use warnings; +use Getopt::Long; + +(my $ME = $0) =~ s|.*/||; + +# use File::Coda; # https://meyering.net/code/Coda/ +END { + defined fileno STDOUT or return; + close STDOUT and return; + warn "$ME: failed to close standard output: $!\n"; + $? ||= 1; +} + +sub usage ($) +{ + my ($exit_code) = @_; + my $STREAM = ($exit_code == 0 ? *STDOUT : *STDERR); + if ($exit_code != 0) + { + print $STREAM "Try '$ME --help' for more information.\n"; + } + else + { + print $STREAM < sub { usage 0 }, + version => sub { print "$ME version $VERSION\n"; exit }, + list => \$list, + 'name=s@' => \@name, + ) or usage 1; + + # Make sure we have the right number of non-option arguments. + # Always tell the user why we fail. + @ARGV < 1 + and (warn "$ME: missing FILE argument\n"), usage EXIT_ERROR; + + my $or = join '|', @name; + my $regexp = qr/(?:$or)/; + + # Set the input record separator. + # Note: this makes it impractical to print line numbers. + $/ = '"'; + + my $found_match = 0; + FILE: + foreach my $file (@ARGV) + { + open FH, '<', $file + or (warn "$ME: can't open '$file' for reading: $!\n"), + $err = EXIT_ERROR, next; + while (defined (my $line = )) + { + # Skip non-matching lines early to save time + $line =~ /\bif\b/ + or next; + while ($line =~ + /\b(if\s*\(\s*([^)]+?)(?:\s*!=\s*([^)]+?))?\s*\) + # 1 2 3 + (?: \s*$regexp\s*\((?:\s*\([^)]+\))?\s*([^)]+)\)\s*;| + \s*\{\s*$regexp\s*\((?:\s*\([^)]+\))?\s*([^)]+)\)\s*;\s*\}))/sxg) + { + my $all = $1; + my ($lhs, $rhs) = ($2, $3); + my ($free_opnd, $braced_free_opnd) = ($4, $5); + my $non_NULL; + if (!defined $rhs) { $non_NULL = $lhs } + elsif (is_NULL $rhs) { $non_NULL = $lhs } + elsif (is_NULL $lhs) { $non_NULL = $rhs } + else { next } + + # Compare the non-NULL part of the "if" expression and the + # free'd expression, without regard to white space. + $non_NULL =~ tr/ \t//d; + my $e2 = defined $free_opnd ? $free_opnd : $braced_free_opnd; + $e2 =~ tr/ \t//d; + if ($non_NULL eq $e2) + { + $found_match = 1; + $list + and (print "$file\0"), next FILE; + print "$file: $all\n"; + } + } + } + } + continue + { + close FH; + } + + $found_match && $err == EXIT_NO_MATCH + and $err = EXIT_MATCH; + + exit $err; +} + +my $foo = <<'EOF'; +# The above is to *find* them. +# This adjusts them, removing the unnecessary "if (p)" part. + +# FIXME: do something like this as an option (doesn't do braces): +free=xfree +git grep -l -z "$free *(" \ + | xargs -0 useless-if-before-free -l --name="$free" \ + | xargs -0 perl -0x3b -pi -e \ + 's/\bif\s*\(\s*(\S+?)(?:\s*!=\s*(?:0|NULL))?\s*\)\s+('"$free"'\s*\((?:\s*\([^)]+\))?\s*\1\s*\)\s*;)/$2/s' + +# Use the following to remove redundant uses of kfree inside braces. +# Note that -0777 puts perl in slurp-whole-file mode; +# but we have plenty of memory, these days... +free=kfree +git grep -l -z "$free *(" \ + | xargs -0 useless-if-before-free -l --name="$free" \ + | xargs -0 perl -0777 -pi -e \ + 's/\bif\s*\(\s*(\S+?)(?:\s*!=\s*(?:0|NULL))?\s*\)\s*\{\s*('"$free"'\s*\((?:\s*\([^)]+\))?\s*\1\s*\);)\s*\}[^\n]*$/$2/gms' + +Be careful that the result of the above transformation is valid. +If the matched string is followed by "else", then obviously, it won't be. + +When modifying files, refuse to process anything other than a regular file. +EOF + +## Local Variables: +## mode: perl +## indent-tabs-mode: nil +## eval: (add-hook 'before-save-hook 'time-stamp) +## time-stamp-start: "my $VERSION = '" +## time-stamp-format: "%:y-%02m-%02d %02H:%02M" +## time-stamp-time-zone: "UTC0" +## time-stamp-end: "'; # UTC" +## End: diff --git a/build-aux/vc-list-files b/build-aux/vc-list-files new file mode 100755 index 0000000..af6b1c0 --- /dev/null +++ b/build-aux/vc-list-files @@ -0,0 +1,113 @@ +#!/bin/sh +# List version-controlled file names. + +# Print a version string. +scriptversion=2018-03-07.03; # UTC + +# Copyright (C) 2006-2019 Free Software Foundation, Inc. + +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + + +# List the specified version-controlled files. +# With no argument, list them all. With a single DIRECTORY argument, +# list the version-controlled files in that directory. + +# If there's an argument, it must be a single, "."-relative directory name. +# cvsu is part of the cvsutils package: http://www.red-bean.com/cvsutils/ + +postprocess= +case $1 in + --help) cat <. +EOF + exit ;; + + --version) + year=`echo "$scriptversion" | sed 's/[^0-9].*//'` + cat < +This is free software: you are free to change and redistribute it. +There is NO WARRANTY, to the extent permitted by law. +EOF + exit ;; + + -C) + test "$2" = . || postprocess="| sed 's|^|$2/|'" + cd "$2" || exit 1 + shift; shift ;; +esac + +test $# = 0 && set . + +for dir +do + if test -d .git || test -f .git; then + test "x$dir" = x. \ + && dir= sed_esc= \ + || { dir="$dir/"; sed_esc=`echo "$dir"|env sed 's,\([\\/]\),\\\\\1,g'`; } + # Ignore git symlinks - either they point into the tree, in which case + # we don't need to visit the target twice, or they point somewhere + # else (often into a submodule), in which case the content does not + # belong to this package. + eval exec git ls-tree -r 'HEAD:"$dir"' \ + \| sed -n '"s/^100[^ ]*./$sed_esc/p"' $postprocess + elif test -d .hg; then + eval exec hg locate '"$dir/*"' $postprocess + elif test -d .bzr; then + test "$postprocess" = '' && postprocess="| sed 's|^\./||'" + eval exec bzr ls -R --versioned '"$dir"' $postprocess + elif test -d CVS; then + test "$postprocess" = '' && postprocess="| sed 's|^\./||'" + if test -x build-aux/cvsu; then + eval build-aux/cvsu --find --types=AFGM '"$dir"' $postprocess + elif (cvsu --help) >/dev/null 2>&1; then + eval cvsu --find --types=AFGM '"$dir"' $postprocess + else + eval awk -F/ \''{ \ + if (!$1 && $3 !~ /^-/) { \ + f=FILENAME; \ + if (f ~ /CVS\/Entries$/) \ + f = substr(f, 1, length(f)-11); \ + print f $2; \ + }}'\'' \ + `find "$dir" -name Entries -print` /dev/null' $postprocess + fi + elif test -d .svn; then + eval exec svn list -R '"$dir"' $postprocess + else + echo "$0: Failed to determine type of version control used in `pwd`" 1>&2 + exit 1 + fi +done + +# Local variables: +# eval: (add-hook 'before-save-hook 'time-stamp) +# time-stamp-start: "scriptversion=" +# time-stamp-format: "%:y-%02m-%02d.%02H" +# time-stamp-time-zone: "UTC0" +# time-stamp-end: "; # UTC" +# End: diff --git a/build-aux/ylwrap b/build-aux/ylwrap new file mode 100755 index 0000000..5943168 --- /dev/null +++ b/build-aux/ylwrap @@ -0,0 +1,247 @@ +#! /bin/sh +# ylwrap - wrapper for lex/yacc invocations. + +scriptversion=2018-03-07.03; # UTC + +# Copyright (C) 1996-2018 Free Software Foundation, Inc. +# +# Written by Tom Tromey . +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2, or (at your option) +# any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +# As a special exception to the GNU General Public License, if you +# distribute this file as part of a program that contains a +# configuration script generated by Autoconf, you may include it under +# the same distribution terms that you use for the rest of that program. + +# This file is maintained in Automake, please report +# bugs to or send patches to +# . + +get_dirname () +{ + case $1 in + */*|*\\*) printf '%s\n' "$1" | sed -e 's|\([\\/]\)[^\\/]*$|\1|';; + # Otherwise, we want the empty string (not "."). + esac +} + +# guard FILE +# ---------- +# The CPP macro used to guard inclusion of FILE. +guard () +{ + printf '%s\n' "$1" \ + | sed \ + -e 'y/abcdefghijklmnopqrstuvwxyz/ABCDEFGHIJKLMNOPQRSTUVWXYZ/' \ + -e 's/[^ABCDEFGHIJKLMNOPQRSTUVWXYZ]/_/g' \ + -e 's/__*/_/g' +} + +# quote_for_sed [STRING] +# ---------------------- +# Return STRING (or stdin) quoted to be used as a sed pattern. +quote_for_sed () +{ + case $# in + 0) cat;; + 1) printf '%s\n' "$1";; + esac \ + | sed -e 's|[][\\.*]|\\&|g' +} + +case "$1" in + '') + echo "$0: No files given. Try '$0 --help' for more information." 1>&2 + exit 1 + ;; + --basedir) + basedir=$2 + shift 2 + ;; + -h|--h*) + cat <<\EOF +Usage: ylwrap [--help|--version] INPUT [OUTPUT DESIRED]... -- PROGRAM [ARGS]... + +Wrapper for lex/yacc invocations, renaming files as desired. + + INPUT is the input file + OUTPUT is one file PROG generates + DESIRED is the file we actually want instead of OUTPUT + PROGRAM is program to run + ARGS are passed to PROG + +Any number of OUTPUT,DESIRED pairs may be used. + +Report bugs to . +EOF + exit $? + ;; + -v|--v*) + echo "ylwrap $scriptversion" + exit $? + ;; +esac + + +# The input. +input=$1 +shift +# We'll later need for a correct munging of "#line" directives. +input_sub_rx=`get_dirname "$input" | quote_for_sed` +case $input in + [\\/]* | ?:[\\/]*) + # Absolute path; do nothing. + ;; + *) + # Relative path. Make it absolute. + input=`pwd`/$input + ;; +esac +input_rx=`get_dirname "$input" | quote_for_sed` + +# Since DOS filename conventions don't allow two dots, +# the DOS version of Bison writes out y_tab.c instead of y.tab.c +# and y_tab.h instead of y.tab.h. Test to see if this is the case. +y_tab_nodot=false +if test -f y_tab.c || test -f y_tab.h; then + y_tab_nodot=true +fi + +# The parser itself, the first file, is the destination of the .y.c +# rule in the Makefile. +parser=$1 + +# A sed program to s/FROM/TO/g for all the FROM/TO so that, for +# instance, we rename #include "y.tab.h" into #include "parse.h" +# during the conversion from y.tab.c to parse.c. +sed_fix_filenames= + +# Also rename header guards, as Bison 2.7 for instance uses its header +# guard in its implementation file. +sed_fix_header_guards= + +while test $# -ne 0; do + if test x"$1" = x"--"; then + shift + break + fi + from=$1 + # Handle y_tab.c and y_tab.h output by DOS + if $y_tab_nodot; then + case $from in + "y.tab.c") from=y_tab.c;; + "y.tab.h") from=y_tab.h;; + esac + fi + shift + to=$1 + shift + sed_fix_filenames="${sed_fix_filenames}s|"`quote_for_sed "$from"`"|$to|g;" + sed_fix_header_guards="${sed_fix_header_guards}s|"`guard "$from"`"|"`guard "$to"`"|g;" +done + +# The program to run. +prog=$1 +shift +# Make any relative path in $prog absolute. +case $prog in + [\\/]* | ?:[\\/]*) ;; + *[\\/]*) prog=`pwd`/$prog ;; +esac + +dirname=ylwrap$$ +do_exit="cd '`pwd`' && rm -rf $dirname > /dev/null 2>&1;"' (exit $ret); exit $ret' +trap "ret=129; $do_exit" 1 +trap "ret=130; $do_exit" 2 +trap "ret=141; $do_exit" 13 +trap "ret=143; $do_exit" 15 +mkdir $dirname || exit 1 + +cd $dirname + +case $# in + 0) "$prog" "$input" ;; + *) "$prog" "$@" "$input" ;; +esac +ret=$? + +if test $ret -eq 0; then + for from in * + do + to=`printf '%s\n' "$from" | sed "$sed_fix_filenames"` + if test -f "$from"; then + # If $2 is an absolute path name, then just use that, + # otherwise prepend '../'. + case $to in + [\\/]* | ?:[\\/]*) target=$to;; + *) target=../$to;; + esac + + # Do not overwrite unchanged header files to avoid useless + # recompilations. Always update the parser itself: it is the + # destination of the .y.c rule in the Makefile. Divert the + # output of all other files to a temporary file so we can + # compare them to existing versions. + if test $from != $parser; then + realtarget=$target + target=tmp-`printf '%s\n' "$target" | sed 's|.*[\\/]||g'` + fi + + # Munge "#line" or "#" directives. Don't let the resulting + # debug information point at an absolute srcdir. Use the real + # output file name, not yy.lex.c for instance. Adjust the + # include guards too. + sed -e "/^#/!b" \ + -e "s|$input_rx|$input_sub_rx|" \ + -e "$sed_fix_filenames" \ + -e "$sed_fix_header_guards" \ + "$from" >"$target" || ret=$? + + # Check whether files must be updated. + if test "$from" != "$parser"; then + if test -f "$realtarget" && cmp -s "$realtarget" "$target"; then + echo "$to is unchanged" + rm -f "$target" + else + echo "updating $to" + mv -f "$target" "$realtarget" + fi + fi + else + # A missing file is only an error for the parser. This is a + # blatant hack to let us support using "yacc -d". If -d is not + # specified, don't fail when the header file is "missing". + if test "$from" = "$parser"; then + ret=1 + fi + fi + done +fi + +# Remove the directory. +cd .. +rm -rf $dirname + +exit $ret + +# Local Variables: +# mode: shell-script +# sh-indentation: 2 +# eval: (add-hook 'before-save-hook 'time-stamp) +# time-stamp-start: "scriptversion=" +# time-stamp-format: "%:y-%02m-%02d.%02H" +# time-stamp-time-zone: "UTC0" +# time-stamp-end: "; # UTC" +# End: diff --git a/cfg.mk b/cfg.mk new file mode 100644 index 0000000..200f421 --- /dev/null +++ b/cfg.mk @@ -0,0 +1,245 @@ +# Copyright (C) 2006-2012 Free Software Foundation, Inc. +# +# Author: Simon Josefsson +# +# This file is part of GnuTLS. +# +# This file is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 3 of the License, or +# (at your option) any later version. +# +# This file is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this file; if not, write to the Free Software Foundation, +# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +WFLAGS ?= --enable-gcc-warnings +ADDFLAGS ?= +CFGFLAGS ?= --enable-gtk-doc --enable-gtk-doc-pdf --enable-gtk-doc-html $(ADDFLAGS) $(WFLAGS) +PACKAGE ?= gnutls + +.PHONY: config glimport + +INDENT_SOURCES = `find . -name \*.[ch] -o -name gnutls.h.in | grep -v -e ^./build-aux/ -e ^./lib/minitasn1/ -e ^./lib/build-aux/ -e ^./gl/ -e ^./src/libopts/ -e -args.[ch] -e asn1_tab.c -e ^./tests/suite/` + +ifeq ($(.DEFAULT_GOAL),abort-due-to-no-makefile) +.DEFAULT_GOAL := bootstrap +endif + +local-checks-to-skip = sc_GPL_version sc_bindtextdomain \ + sc_immutable_NEWS sc_program_name sc_prohibit_atoi_atof \ + sc_prohibit_always_true_header_tests \ + sc_prohibit_empty_lines_at_EOF sc_prohibit_hash_without_use \ + sc_prohibit_have_config_h sc_prohibit_magic_number_exit \ + sc_prohibit_strcmp sc_require_config_h \ + sc_require_config_h_first sc_texinfo_acronym sc_trailing_blank \ + sc_unmarked_diagnostics sc_useless_cpp_parens \ + sc_two_space_separator_in_usage + +VC_LIST_ALWAYS_EXCLUDE_REGEX = ^maint.mk|gtk-doc.make|m4/pkg|doc/fdl-1.3.texi|src/.*\.bak|src/crywrap/|(devel/perlasm/|lib/accelerated/x86/|build-aux/|gl/|src/libopts/|tests/suite/ecore/|doc/protocol/).*$$ +update-copyright-env = UPDATE_COPYRIGHT_USE_INTERVALS=1 + +# Explicit syntax-check exceptions. +exclude_file_name_regexp--sc_error_message_period = ^src/crywrap/crywrap.c$$ +exclude_file_name_regexp--sc_error_message_uppercase = ^doc/examples/ex-cxx.cpp|guile/src/core.c|src/certtool.c|src/ocsptool.c|src/crywrap/crywrap.c|tests/pkcs12_encode.c$$ +exclude_file_name_regexp--sc_file_system = ^doc/doxygen/Doxyfile +exclude_file_name_regexp--sc_prohibit_cvs_keyword = ^lib/nettle/.*$$ +exclude_file_name_regexp--sc_prohibit_undesirable_word_seq = ^tests/nist-pkits/gnutls-nist-tests.html$$ +exclude_file_name_regexp--sc_space_tab = ^doc/.*.(pdf|png)|\.crl|\.pdf|\.zip|tests/nist-pkits/|tests/data/|devel/|tests/suite/x509paths/.*|fuzz/.*\.repro|fuzz/.*\.in/.*$$ +_makefile_at_at_check_exceptions = ' && !/CODE_COVERAGE_RULES/ && !/VERSION/' +exclude_file_name_regexp--sc_m4_quote_check='lib/unistring/m4/absolute-header.m4' +exclude_file_name_regexp--sc_makefile_at_at_check='lib/unistring/Makefile.am' +exclude_file_name_regexp--sc_prohibit_stddef_without_use='u*-normalize.c' +exclude_file_name_regexp--sc_prohibit_strncpy='unistr.in.h' +gl_public_submodule_commit = + +autoreconf: + ./bootstrap + +config: + ./configure $(CFGFLAGS) + +.submodule.stamp: + git submodule init + git submodule update + touch $@ + +bootstrap: autoreconf .submodule.stamp + +glimport: + pushd gnulib && git checkout master && git pull && popd + echo "If everything looks well, commit the gnulib update with:" + echo " git commit -m "Update gnulib submodule" gnulib" + +# Code Coverage + +clang: + $(MAKE) clean + scan-build ./configure + rm -rf scan.tmp + scan-build -o scan.tmp $(MAKE) + +clang-copy: + rm -fv `find $(htmldir)/clang -type f | grep -v CVS` + mkdir -p $(htmldir)/clang/ + cp -rv scan.tmp/*/* $(htmldir)/clang/ + +# Release + +# ChangeLog must be PHONY, else it isn't generated on 'make distcheck' +.PHONY: ChangeLog +ChangeLog: + (cd "$(srcdir)" ; if test -d .git ; then git log --no-merges --no-decorate --pretty --since="2014 November 07"|grep -v ^'commit' ; else echo "Empty" ; fi) > ChangeLog + +tag = $(PACKAGE)_`echo $(VERSION) | sed 's/\./_/g'` + +release: syntax-check prepare upload-tarballs + +prepare: + ! git tag -l $(tag) | grep $(PACKAGE) > /dev/null + git tag -u 96865171! -m $(VERSION) $(tag) + +upload-tarballs: dist + gpg --sign --detached $(distdir).tar.xz + scp $(distdir).tar.xz* trithemius.gnupg.org:/home/ftp/gcrypt/gnutls/v$(MAJOR_VERSION).$(MINOR_VERSION) + +web: + echo generating documentation for $(PACKAGE) + mkdir -p $(htmldir)/manual + mkdir -p $(htmldir)/reference + $(MAKE) -C doc gnutls.html + cd doc && cp gnutls.html *.png ../$(htmldir)/manual/ + cd doc && makeinfo --html --split=node -o ../$(htmldir)/manual/html_node/ --css-include=./texinfo.css gnutls.texi + cd doc && cp *.png ../$(htmldir)/manual/html_node/ + sed 's/\@VERSION\@/$(VERSION)/g' -i $(htmldir)/manual/html_node/*.html $(htmldir)/manual/gnutls.html + -cd doc && $(MAKE) gnutls.epub && cp gnutls.epub ../$(htmldir)/manual/ + cd doc/latex && $(MAKE) gnutls.pdf && cp gnutls.pdf ../../$(htmldir)/manual/ + $(MAKE) -C doc gnutls-guile.html gnutls-guile.pdf + cd doc && makeinfo --html --split=node -o ../$(htmldir)/manual/gnutls-guile/ --css-include=./texinfo.css gnutls-guile.texi + cd doc && cp gnutls-guile.pdf gnutls-guile.html ../$(htmldir)/manual/ + -cp -v doc/reference/html/*.html doc/reference/html/*.png doc/reference/html/*.devhelp* doc/reference/html/*.css $(htmldir)/reference/ + +ASM_SOURCES_XXX := \ + lib/accelerated/aarch64/XXX/ghash-aarch64.s \ + lib/accelerated/aarch64/XXX/aes-aarch64.s \ + lib/accelerated/aarch64/XXX/sha1-armv8.s \ + lib/accelerated/aarch64/XXX/sha256-armv8.s \ + lib/accelerated/aarch64/XXX/sha512-armv8.s \ + lib/accelerated/x86/XXX/cpuid-x86_64.s \ + lib/accelerated/x86/XXX/cpuid-x86.s \ + lib/accelerated/x86/XXX/ghash-x86_64.s \ + lib/accelerated/x86/XXX/aesni-x86_64.s \ + lib/accelerated/x86/XXX/aesni-x86.s \ + lib/accelerated/x86/XXX/sha1-ssse3-x86.s \ + lib/accelerated/x86/XXX/sha1-ssse3-x86_64.s \ + lib/accelerated/x86/XXX/sha256-ssse3-x86.s \ + lib/accelerated/x86/XXX/sha512-ssse3-x86.s \ + lib/accelerated/x86/XXX/sha512-ssse3-x86_64.s \ + lib/accelerated/x86/XXX/aesni-gcm-x86_64.s \ + lib/accelerated/x86/XXX/aes-ssse3-x86.s \ + lib/accelerated/x86/XXX/aes-ssse3-x86_64.s + +ASM_SOURCES_ELF := $(subst XXX,elf,$(ASM_SOURCES_XXX)) +ASM_SOURCES_COFF := $(subst XXX,coff,$(ASM_SOURCES_XXX)) +ASM_SOURCES_MACOSX := $(subst XXX,macosx,$(ASM_SOURCES_XXX)) + +asm-sources: $(ASM_SOURCES_ELF) $(ASM_SOURCES_COFF) $(ASM_SOURCES_MACOSX) lib/accelerated/x86/files.mk + +asm-sources-clean: + rm -f $(ASM_SOURCES_ELF) $(ASM_SOURCES_COFF) $(ASM_SOURCES_MACOSX) lib/accelerated/x86/files.mk + +X86_FILES=XXX/aesni-x86.s XXX/cpuid-x86.s XXX/sha1-ssse3-x86.s \ + XXX/sha256-ssse3-x86.s XXX/sha512-ssse3-x86.s XXX/aes-ssse3-x86.s + +X86_64_FILES=XXX/aesni-x86_64.s XXX/cpuid-x86_64.s XXX/ghash-x86_64.s \ + XXX/sha1-ssse3-x86_64.s XXX/sha512-ssse3-x86_64.s XXX/aes-ssse3-x86_64.s \ + XXX/aesni-gcm-x86_64.s + +X86_PADLOCK_FILES=XXX/e_padlock-x86.s +X86_64_PADLOCK_FILES=XXX/e_padlock-x86_64.s + +X86_FILES_ELF := $(subst XXX,elf,$(X86_FILES)) +X86_FILES_COFF := $(subst XXX,coff,$(X86_FILES)) +X86_FILES_MACOSX := $(subst XXX,macosx,$(X86_FILES)) +X86_64_FILES_ELF := $(subst XXX,elf,$(X86_64_FILES)) +X86_64_FILES_COFF := $(subst XXX,coff,$(X86_64_FILES)) +X86_64_FILES_MACOSX := $(subst XXX,macosx,$(X86_64_FILES)) + +X86_PADLOCK_FILES_ELF := $(subst XXX,elf,$(X86_PADLOCK_FILES)) +X86_PADLOCK_FILES_COFF := $(subst XXX,coff,$(X86_PADLOCK_FILES)) +X86_PADLOCK_FILES_MACOSX := $(subst XXX,macosx,$(X86_PADLOCK_FILES)) +X86_64_PADLOCK_FILES_ELF := $(subst XXX,elf,$(X86_64_PADLOCK_FILES)) +X86_64_PADLOCK_FILES_COFF := $(subst XXX,coff,$(X86_64_PADLOCK_FILES)) +X86_64_PADLOCK_FILES_MACOSX := $(subst XXX,macosx,$(X86_64_PADLOCK_FILES)) + +lib/accelerated/x86/files.mk: $(ASM_SOURCES_ELF) + echo X86_FILES_ELF=$(X86_FILES_ELF) > $@.tmp + echo X86_FILES_COFF=$(X86_FILES_COFF) >> $@.tmp + echo X86_FILES_MACOSX=$(X86_FILES_MACOSX) >> $@.tmp + echo X86_64_FILES_ELF=$(X86_64_FILES_ELF) >> $@.tmp + echo X86_64_FILES_COFF=$(X86_64_FILES_COFF) >> $@.tmp + echo X86_64_FILES_MACOSX=$(X86_64_FILES_MACOSX) >> $@.tmp + echo X86_PADLOCK_FILES_ELF=$(X86_PADLOCK_FILES_ELF) >> $@.tmp + echo X86_PADLOCK_FILES_COFF=$(X86_PADLOCK_FILES_COFF) >> $@.tmp + echo X86_PADLOCK_FILES_MACOSX=$(X86_PADLOCK_FILES_MACOSX) >> $@.tmp + echo X86_64_PADLOCK_FILES_ELF=$(X86_64_PADLOCK_FILES_ELF) >> $@.tmp + echo X86_64_PADLOCK_FILES_COFF=$(X86_64_PADLOCK_FILES_COFF) >> $@.tmp + echo X86_64_PADLOCK_FILES_MACOSX=$(X86_64_PADLOCK_FILES_MACOSX) >> $@.tmp + mv $@.tmp $@ + +# Appro's code +lib/accelerated/x86/elf/%.s: devel/perlasm/%.pl .submodule.stamp + cat $<.license > $@ + CC=gcc perl $< elf >> $@ + echo "" >> $@ + echo ".section .note.GNU-stack,\"\",%progbits" >> $@ + sed -i 's/OPENSSL_ia32cap_P/_gnutls_x86_cpuid_s/g' $@ + +lib/accelerated/x86/coff/%-x86.s: devel/perlasm/%-x86.pl .submodule.stamp + cat $<.license > $@ + CC=gcc perl $< coff >> $@ + echo "" >> $@ + sed -i 's/OPENSSL_ia32cap_P/_gnutls_x86_cpuid_s/g' $@ + +lib/accelerated/x86/coff/%-x86_64.s: devel/perlasm/%-x86_64.pl .submodule.stamp + cat $<.license > $@ + CC=gcc perl $< mingw64 >> $@ + echo "" >> $@ + sed -i 's/OPENSSL_ia32cap_P/_gnutls_x86_cpuid_s/g' $@ + +lib/accelerated/x86/macosx/%.s: devel/perlasm/%.pl .submodule.stamp + cat $<.license > $@ + CC=gcc perl $< macosx >> $@ + echo "" >> $@ + sed -i 's/OPENSSL_ia32cap_P/_gnutls_x86_cpuid_s/g' $@ + +lib/accelerated/aarch64/elf/%.s: devel/perlasm/%.pl .submodule.stamp + rm -f $@tmp + CC=aarch64-linux-gnu-gcc perl $< linux64 $@.tmp + cat $@.tmp | /usr/bin/perl -ne '/^#(line)?\s*[0-9]+/ or print' > $@.tmp.S + echo "" >> $@.tmp.S + sed -i 's/OPENSSL_armcap_P/_gnutls_arm_cpuid_s/g' $@.tmp.S + sed -i 's/arm_arch.h/aarch64-common.h/g' $@.tmp.S + aarch64-linux-gnu-gcc -D__ARM_MAX_ARCH__=8 -Ilib/accelerated/aarch64 -Wa,--noexecstack -E $@.tmp.S -o $@.tmp.s + cat $<.license $@.tmp.s > $@ + echo ".section .note.GNU-stack,\"\",%progbits" >> $@ + rm -f $@.tmp.S $@.tmp.s $@.tmp + +lib/accelerated/aarch64/macosx/%.s: devel/perlasm/%.pl .submodule.stamp + rm -f $@tmp + CC=aarch64-linux-gnu-gcc perl $< ios64 $@.tmp + cat $@.tmp | /usr/bin/perl -ne '/^#(line)?\s*[0-9]+/ or print' > $@.tmp.S + echo "" >> $@.tmp.S + sed -i 's/OPENSSL_armcap_P/_gnutls_arm_cpuid_s/g' $@.tmp.S + sed -i 's/arm_arch.h/aarch64-common.h/g' $@.tmp.S + aarch64-linux-gnu-gcc -D__ARM_MAX_ARCH__=8 -Ilib/accelerated/aarch64 -Wa,--noexecstack -E $@.tmp.S -o $@.tmp.s + cat $<.license $@.tmp.s > $@ + rm -f $@.tmp.S $@.tmp.s $@.tmp + +lib/accelerated/aarch64/coff/%.s: devel/perlasm/%.pl .submodule.stamp + @true diff --git a/config.h.in b/config.h.in new file mode 100644 index 0000000..1d47455 --- /dev/null +++ b/config.h.in @@ -0,0 +1,2047 @@ +/* config.h.in. Generated from configure.ac by autoheader. */ + +/* Define if building universal (internal helper macro) */ +#undef AC_APPLE_UNIVERSAL_BUILD + +/* allow SHA1 as an acceptable hash for digital signatures */ +#undef ALLOW_SHA1 + +/* Define to the number of bits in type 'ptrdiff_t'. */ +#undef BITSIZEOF_PTRDIFF_T + +/* Define to the number of bits in type 'sig_atomic_t'. */ +#undef BITSIZEOF_SIG_ATOMIC_T + +/* Define to the number of bits in type 'size_t'. */ +#undef BITSIZEOF_SIZE_T + +/* Define to the number of bits in type 'wchar_t'. */ +#undef BITSIZEOF_WCHAR_T + +/* Define to the number of bits in type 'wint_t'. */ +#undef BITSIZEOF_WINT_T + +/* C99 macros are supported */ +#undef C99_MACROS + +/* Define to one of `_getb67', `GETB67', `getb67' for Cray-2 and Cray-YMP + systems. This function is required for `alloca.c' support on those systems. + */ +#undef CRAY_STACKSEG_END + +/* Define to 1 if using `alloca.c'. */ +#undef C_ALLOCA + +/* Define as the bit index in the word where to find bit 0 of the exponent of + 'double'. */ +#undef DBL_EXPBIT0_BIT + +/* Define as the word index where to find the exponent of 'double'. */ +#undef DBL_EXPBIT0_WORD + +/* use the given certificate blacklist file */ +#undef DEFAULT_BLACKLIST_FILE + +/* use the given CRL file */ +#undef DEFAULT_CRL_FILE + +/* The default priority string */ +#undef DEFAULT_PRIORITY_STRING + +/* use the given directory as default trust store */ +#undef DEFAULT_TRUST_STORE_DIR + +/* use the given file default trust store */ +#undef DEFAULT_TRUST_STORE_FILE + +/* use the given pkcs11 uri as default trust store */ +#undef DEFAULT_TRUST_STORE_PKCS11 + +/* enable ALPN support */ +#undef ENABLE_ALPN + +/* enable anonymous authentication */ +#undef ENABLE_ANON + +/* Enable cryptodev support */ +#undef ENABLE_CRYPTODEV + +/* enable DHE */ +#undef ENABLE_DHE + +/* enable DTLS-SRTP support */ +#undef ENABLE_DTLS_SRTP + +/* enable DHE */ +#undef ENABLE_ECDHE + +/* Enable FIPS140-2 mode */ +#undef ENABLE_FIPS140 + +/* enable GOST */ +#undef ENABLE_GOST + +/* enable heartbeat support */ +#undef ENABLE_HEARTBEAT + +/* nls support in libopts */ +#undef ENABLE_NLS + +/* Enable all curves */ +#undef ENABLE_NON_SUITEB_CURVES + +/* enable OCSP support */ +#undef ENABLE_OCSP + +/* Enable padlock acceleration */ +#undef ENABLE_PADLOCK + +/* Build PKCS#11 support */ +#undef ENABLE_PKCS11 + +/* enable PSK authentication */ +#undef ENABLE_PSK + +/* enable SRP authentication */ +#undef ENABLE_SRP + +/* enable SSL2.0 support for client hello */ +#undef ENABLE_SSL2 + +/* enable SSL3.0 support */ +#undef ENABLE_SSL3 + +/* Define this to 1 if F_DUPFD behavior does not match POSIX */ +#undef FCNTL_DUPFD_BUGGY + +/* The FIPS140-2 integrity key */ +#undef FIPS_KEY + +/* Define to nothing if C supports flexible array members, and to 1 if it does + not. That way, with a declaration like 'struct s { int n; double + d[FLEXIBLE_ARRAY_MEMBER]; };', the struct hack can be used with pre-C99 + compilers. When computing the size of such an object, don't use 'sizeof + (struct s)' as it overestimates the size. Use 'offsetof (struct s, d)' + instead. Don't use 'offsetof (struct s, d[0])', as this doesn't work with + MSVC and with C++ compilers. */ +#undef FLEXIBLE_ARRAY_MEMBER + +/* fopen(3) accepts a 'b' in the mode flag */ +#undef FOPEN_BINARY_FLAG + +/* fopen(3) accepts a 't' in the mode flag */ +#undef FOPEN_TEXT_FLAG + +/* Define to 1 if the system's ftello function has the Solaris bug. */ +#undef FTELLO_BROKEN_AFTER_SWITCHING_FROM_READ_TO_WRITE + +/* Define to 1 if ungetc is broken when used on arbitrary bytes. */ +#undef FUNC_UNGETC_BROKEN + +/* Enable fuzzer target -not for production */ +#undef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION + +/* Define if gettimeofday clobbers the localtime buffer. */ +#undef GETTIMEOFDAY_CLOBBERS_LOCALTIME + +/* Define this to 'void' or 'struct timezone' to match the system's + declaration of the second argument to gettimeofday. */ +#undef GETTIMEOFDAY_TIMEZONE + +/* Define to a C preprocessor expression that evaluates to 1 or 0, depending + whether the gnulib module fscanf shall be considered present. */ +#undef GNULIB_FSCANF + +/* Define to a C preprocessor expression that evaluates to 1 or 0, depending + whether the gnulib module lock shall be considered present. */ +#undef GNULIB_LOCK + +/* Define to a C preprocessor expression that evaluates to 1 or 0, depending + whether the gnulib module msvc-nothrow shall be considered present. */ +#undef GNULIB_MSVC_NOTHROW + +/* Define to 1 if printf and friends should be labeled with attribute + "__gnu_printf__" instead of "__printf__" */ +#undef GNULIB_PRINTF_ATTRIBUTE_FLAVOR_GNU + +/* Define to a C preprocessor expression that evaluates to 1 or 0, depending + whether the gnulib module scanf shall be considered present. */ +#undef GNULIB_SCANF + +/* Define to a C preprocessor expression that evaluates to 1 or 0, depending + whether the gnulib module snprintf shall be considered present. */ +#undef GNULIB_SNPRINTF + +/* Define to a C preprocessor expression that evaluates to 1 or 0, depending + whether the gnulib module strerror shall be considered present. */ +#undef GNULIB_STRERROR + +/* Define to a C preprocessor expression that evaluates to 1 or 0, depending + whether the gnulib module strerror_r-posix shall be considered present. */ +#undef GNULIB_STRERROR_R_POSIX + +/* Define to 1 when the gnulib module accept should be tested. */ +#undef GNULIB_TEST_ACCEPT + +/* Define to 1 when the gnulib module bind should be tested. */ +#undef GNULIB_TEST_BIND + +/* Define to 1 when the gnulib module cloexec should be tested. */ +#undef GNULIB_TEST_CLOEXEC + +/* Define to 1 when the gnulib module close should be tested. */ +#undef GNULIB_TEST_CLOSE + +/* Define to 1 when the gnulib module connect should be tested. */ +#undef GNULIB_TEST_CONNECT + +/* Define to 1 when the gnulib module dup2 should be tested. */ +#undef GNULIB_TEST_DUP2 + +/* Define to 1 when the gnulib module environ should be tested. */ +#undef GNULIB_TEST_ENVIRON + +/* Define to 1 when the gnulib module fcntl should be tested. */ +#undef GNULIB_TEST_FCNTL + +/* Define to 1 when the gnulib module fdopen should be tested. */ +#undef GNULIB_TEST_FDOPEN + +/* Define to 1 when the gnulib module fseek should be tested. */ +#undef GNULIB_TEST_FSEEK + +/* Define to 1 when the gnulib module fseeko should be tested. */ +#undef GNULIB_TEST_FSEEKO + +/* Define to 1 when the gnulib module fstat should be tested. */ +#undef GNULIB_TEST_FSTAT + +/* Define to 1 when the gnulib module ftell should be tested. */ +#undef GNULIB_TEST_FTELL + +/* Define to 1 when the gnulib module ftello should be tested. */ +#undef GNULIB_TEST_FTELLO + +/* Define to 1 when the gnulib module ftruncate should be tested. */ +#undef GNULIB_TEST_FTRUNCATE + +/* Define to 1 when the gnulib module getaddrinfo should be tested. */ +#undef GNULIB_TEST_GETADDRINFO + +/* Define to 1 when the gnulib module getcwd should be tested. */ +#undef GNULIB_TEST_GETCWD + +/* Define to 1 when the gnulib module getdelim should be tested. */ +#undef GNULIB_TEST_GETDELIM + +/* Define to 1 when the gnulib module getdtablesize should be tested. */ +#undef GNULIB_TEST_GETDTABLESIZE + +/* Define to 1 when the gnulib module getline should be tested. */ +#undef GNULIB_TEST_GETLINE + +/* Define to 1 when the gnulib module getpagesize should be tested. */ +#undef GNULIB_TEST_GETPAGESIZE + +/* Define to 1 when the gnulib module getpass should be tested. */ +#undef GNULIB_TEST_GETPASS + +/* Define to 1 when the gnulib module getpeername should be tested. */ +#undef GNULIB_TEST_GETPEERNAME + +/* Define to 1 when the gnulib module gettimeofday should be tested. */ +#undef GNULIB_TEST_GETTIMEOFDAY + +/* Define to 1 when the gnulib module ioctl should be tested. */ +#undef GNULIB_TEST_IOCTL + +/* Define to 1 when the gnulib module listen should be tested. */ +#undef GNULIB_TEST_LISTEN + +/* Define to 1 when the gnulib module localename should be tested. */ +#undef GNULIB_TEST_LOCALENAME + +/* Define to 1 when the gnulib module lseek should be tested. */ +#undef GNULIB_TEST_LSEEK + +/* Define to 1 when the gnulib module lstat should be tested. */ +#undef GNULIB_TEST_LSTAT + +/* Define to 1 when the gnulib module malloc-posix should be tested. */ +#undef GNULIB_TEST_MALLOC_POSIX + +/* Define to 1 when the gnulib module memchr should be tested. */ +#undef GNULIB_TEST_MEMCHR + +/* Define to 1 when the gnulib module memmem should be tested. */ +#undef GNULIB_TEST_MEMMEM + +/* Define to 1 when the gnulib module mktime should be tested. */ +#undef GNULIB_TEST_MKTIME + +/* Define to 1 when the gnulib module nanosleep should be tested. */ +#undef GNULIB_TEST_NANOSLEEP + +/* Define to 1 when the gnulib module open should be tested. */ +#undef GNULIB_TEST_OPEN + +/* Define to 1 when the gnulib module perror should be tested. */ +#undef GNULIB_TEST_PERROR + +/* Define to 1 when the gnulib module pipe should be tested. */ +#undef GNULIB_TEST_PIPE + +/* Define to 1 when the gnulib module putenv should be tested. */ +#undef GNULIB_TEST_PUTENV + +/* Define to 1 when the gnulib module raise should be tested. */ +#undef GNULIB_TEST_RAISE + +/* Define to 1 when the gnulib module realloc-posix should be tested. */ +#undef GNULIB_TEST_REALLOC_POSIX + +/* Define to 1 when the gnulib module recv should be tested. */ +#undef GNULIB_TEST_RECV + +/* Define to 1 when the gnulib module recvfrom should be tested. */ +#undef GNULIB_TEST_RECVFROM + +/* Define to 1 when the gnulib module secure_getenv should be tested. */ +#undef GNULIB_TEST_SECURE_GETENV + +/* Define to 1 when the gnulib module select should be tested. */ +#undef GNULIB_TEST_SELECT + +/* Define to 1 when the gnulib module send should be tested. */ +#undef GNULIB_TEST_SEND + +/* Define to 1 when the gnulib module sendto should be tested. */ +#undef GNULIB_TEST_SENDTO + +/* Define to 1 when the gnulib module setenv should be tested. */ +#undef GNULIB_TEST_SETENV + +/* Define to 1 when the gnulib module setlocale should be tested. */ +#undef GNULIB_TEST_SETLOCALE + +/* Define to 1 when the gnulib module setsockopt should be tested. */ +#undef GNULIB_TEST_SETSOCKOPT + +/* Define to 1 when the gnulib module shutdown should be tested. */ +#undef GNULIB_TEST_SHUTDOWN + +/* Define to 1 when the gnulib module sigaction should be tested. */ +#undef GNULIB_TEST_SIGACTION + +/* Define to 1 when the gnulib module sigprocmask should be tested. */ +#undef GNULIB_TEST_SIGPROCMASK + +/* Define to 1 when the gnulib module sleep should be tested. */ +#undef GNULIB_TEST_SLEEP + +/* Define to 1 when the gnulib module snprintf should be tested. */ +#undef GNULIB_TEST_SNPRINTF + +/* Define to 1 when the gnulib module socket should be tested. */ +#undef GNULIB_TEST_SOCKET + +/* Define to 1 when the gnulib module stat should be tested. */ +#undef GNULIB_TEST_STAT + +/* Define to 1 when the gnulib module strdup should be tested. */ +#undef GNULIB_TEST_STRDUP + +/* Define to 1 when the gnulib module strerror should be tested. */ +#undef GNULIB_TEST_STRERROR + +/* Define to 1 when the gnulib module strerror_r should be tested. */ +#undef GNULIB_TEST_STRERROR_R + +/* Define to 1 when the gnulib module strndup should be tested. */ +#undef GNULIB_TEST_STRNDUP + +/* Define to 1 when the gnulib module strnlen should be tested. */ +#undef GNULIB_TEST_STRNLEN + +/* Define to 1 when the gnulib module strtok_r should be tested. */ +#undef GNULIB_TEST_STRTOK_R + +/* Define to 1 when the gnulib module strverscmp should be tested. */ +#undef GNULIB_TEST_STRVERSCMP + +/* Define to 1 when the gnulib module symlink should be tested. */ +#undef GNULIB_TEST_SYMLINK + +/* Define to 1 when the gnulib module timegm should be tested. */ +#undef GNULIB_TEST_TIMEGM + +/* Define to 1 when the gnulib module time_r should be tested. */ +#undef GNULIB_TEST_TIME_R + +/* Define to 1 when the gnulib module time_rz should be tested. */ +#undef GNULIB_TEST_TIME_RZ + +/* Define to 1 when the gnulib module tzset should be tested. */ +#undef GNULIB_TEST_TZSET + +/* Define to 1 when the gnulib module uninorm/u16-normalize should be tested. + */ +#undef GNULIB_TEST_UNINORM_U16_NORMALIZE + +/* Define to 1 when the gnulib module uninorm/u32-normalize should be tested. + */ +#undef GNULIB_TEST_UNINORM_U32_NORMALIZE + +/* Define to 1 when the gnulib module uninorm/u8-normalize should be tested. + */ +#undef GNULIB_TEST_UNINORM_U8_NORMALIZE + +/* Define to 1 when the gnulib module unsetenv should be tested. */ +#undef GNULIB_TEST_UNSETENV + +/* Define to 1 when the gnulib module vasprintf should be tested. */ +#undef GNULIB_TEST_VASPRINTF + +/* Define to 1 when the gnulib module vsnprintf should be tested. */ +#undef GNULIB_TEST_VSNPRINTF + +/* Define to a C preprocessor expression that evaluates to 1 or 0, depending + whether the gnulib module unistr/u16-mbtoucr shall be considered present. + */ +#undef GNULIB_UNISTR_U16_MBTOUCR + +/* Define to a C preprocessor expression that evaluates to 1 or 0, depending + whether the gnulib module unistr/u16-mbtouc-unsafe shall be considered + present. */ +#undef GNULIB_UNISTR_U16_MBTOUC_UNSAFE + +/* Define to a C preprocessor expression that evaluates to 1 or 0, depending + whether the gnulib module unistr/u16-uctomb shall be considered present. */ +#undef GNULIB_UNISTR_U16_UCTOMB + +/* Define to a C preprocessor expression that evaluates to 1 or 0, depending + whether the gnulib module unistr/u32-mbtouc-unsafe shall be considered + present. */ +#undef GNULIB_UNISTR_U32_MBTOUC_UNSAFE + +/* Define to a C preprocessor expression that evaluates to 1 or 0, depending + whether the gnulib module unistr/u32-uctomb shall be considered present. */ +#undef GNULIB_UNISTR_U32_UCTOMB + +/* Define to a C preprocessor expression that evaluates to 1 or 0, depending + whether the gnulib module unistr/u8-mbtoucr shall be considered present. */ +#undef GNULIB_UNISTR_U8_MBTOUCR + +/* Define to a C preprocessor expression that evaluates to 1 or 0, depending + whether the gnulib module unistr/u8-mbtouc-unsafe shall be considered + present. */ +#undef GNULIB_UNISTR_U8_MBTOUC_UNSAFE + +/* Define to a C preprocessor expression that evaluates to 1 or 0, depending + whether the gnulib module unistr/u8-uctomb shall be considered present. */ +#undef GNULIB_UNISTR_U8_UCTOMB + +/* Make sure we don't use old features in code. */ +#undef GNUTLS_COMPAT_H + +/* We allow temporarily usage of deprecated functions - until they are + removed. */ +#undef GNUTLS_INTERNAL_BUILD + +/* Additional cast to bring void* to a type castable to int. */ +#undef GNUTLS_POINTER_TO_INT_CAST + +/* Define to 1 if you have 'alloca' after including , a header that + may be supplied by this distribution. */ +#undef HAVE_ALLOCA + +/* Define to 1 if you have and it should be used (not on Ultrix). + */ +#undef HAVE_ALLOCA_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_ARPA_INET_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_BP_SYM_H + +/* Define to 1 if nanosleep mishandles large arguments. */ +#undef HAVE_BUG_BIG_NANOSLEEP + +/* Define to 1 if you have the header file. */ +#undef HAVE_BYTESWAP_H + +/* Define to 1 if you have the `canonicalize_file_name' function. */ +#undef HAVE_CANONICALIZE_FILE_NAME + +/* Define to 1 if you have the `catgets' function. */ +#undef HAVE_CATGETS + +/* Define to 1 if you have the Mac OS X function CFLocaleCopyCurrent in the + CoreFoundation framework. */ +#undef HAVE_CFLOCALECOPYCURRENT + +/* Define to 1 if you have the Mac OS X function + CFLocaleCopyPreferredLanguages in the CoreFoundation framework. */ +#undef HAVE_CFLOCALECOPYPREFERREDLANGUAGES + +/* Define to 1 if you have the Mac OS X function CFPreferencesCopyAppValue in + the CoreFoundation framework. */ +#undef HAVE_CFPREFERENCESCOPYAPPVALUE + +/* Define to 1 if you have the `chmod' function. */ +#undef HAVE_CHMOD + +/* Define to 1 if you have the `chsize' function. */ +#undef HAVE_CHSIZE + +/* Define to 1 if you have the `clock_gettime' function. */ +#undef HAVE_CLOCK_GETTIME + +/* Define to 1 if you have the `clock_settime' function. */ +#undef HAVE_CLOCK_SETTIME + +/* Define if you have compound literals. */ +#undef HAVE_COMPOUND_LITERALS + +/* Define to 1 if you have the header file. */ +#undef HAVE_CPUID_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_CRTDEFS_H + +/* Define to 1 if you have the `daemon' function. */ +#undef HAVE_DAEMON + +/* Enable the DANE library */ +#undef HAVE_DANE + +/* Define if the GNU dcgettext() function is already present or preinstalled. + */ +#undef HAVE_DCGETTEXT + +/* Define to 1 if you have the declaration of `alarm', and to 0 if you don't. + */ +#undef HAVE_DECL_ALARM + +/* Define to 1 if you have the declaration of `fflush_unlocked', and to 0 if + you don't. */ +#undef HAVE_DECL_FFLUSH_UNLOCKED + +/* Define to 1 if you have the declaration of `flockfile', and to 0 if you + don't. */ +#undef HAVE_DECL_FLOCKFILE + +/* Define to 1 if you have the declaration of `fputs_unlocked', and to 0 if + you don't. */ +#undef HAVE_DECL_FPUTS_UNLOCKED + +/* Define to 1 if you have the declaration of `freeaddrinfo', and to 0 if you + don't. */ +#undef HAVE_DECL_FREEADDRINFO + +/* Define to 1 if you have the declaration of `fseeko', and to 0 if you don't. + */ +#undef HAVE_DECL_FSEEKO + +/* Define to 1 if you have the declaration of `ftello', and to 0 if you don't. + */ +#undef HAVE_DECL_FTELLO + +/* Define to 1 if you have the declaration of `funlockfile', and to 0 if you + don't. */ +#undef HAVE_DECL_FUNLOCKFILE + +/* Define to 1 if you have the declaration of `gai_strerror', and to 0 if you + don't. */ +#undef HAVE_DECL_GAI_STRERROR + +/* Define to 1 if you have the declaration of `gai_strerrorA', and to 0 if you + don't. */ +#undef HAVE_DECL_GAI_STRERRORA + +/* Define to 1 if you have the declaration of `getaddrinfo', and to 0 if you + don't. */ +#undef HAVE_DECL_GETADDRINFO + +/* Define to 1 if you have the declaration of `getc_unlocked', and to 0 if you + don't. */ +#undef HAVE_DECL_GETC_UNLOCKED + +/* Define to 1 if you have the declaration of `getdelim', and to 0 if you + don't. */ +#undef HAVE_DECL_GETDELIM + +/* Define to 1 if you have the declaration of `getdtablesize', and to 0 if you + don't. */ +#undef HAVE_DECL_GETDTABLESIZE + +/* Define to 1 if you have the declaration of `getline', and to 0 if you + don't. */ +#undef HAVE_DECL_GETLINE + +/* Define to 1 if you have the declaration of `getnameinfo', and to 0 if you + don't. */ +#undef HAVE_DECL_GETNAMEINFO + +/* Define to 1 if you have the declaration of `inet_ntop', and to 0 if you + don't. */ +#undef HAVE_DECL_INET_NTOP + +/* Define to 1 if you have the declaration of `inet_pton', and to 0 if you + don't. */ +#undef HAVE_DECL_INET_PTON + +/* Define to 1 if you have the declaration of `localtime_r', and to 0 if you + don't. */ +#undef HAVE_DECL_LOCALTIME_R + +/* Define to 1 if you have the declaration of `memmem', and to 0 if you don't. + */ +#undef HAVE_DECL_MEMMEM + +/* Define to 1 if you have the declaration of `program_invocation_name', and + to 0 if you don't. */ +#undef HAVE_DECL_PROGRAM_INVOCATION_NAME + +/* Define to 1 if you have the declaration of `program_invocation_short_name', + and to 0 if you don't. */ +#undef HAVE_DECL_PROGRAM_INVOCATION_SHORT_NAME + +/* Define to 1 if you have the declaration of `putc_unlocked', and to 0 if you + don't. */ +#undef HAVE_DECL_PUTC_UNLOCKED + +/* Define to 1 if you have the declaration of `setenv', and to 0 if you don't. + */ +#undef HAVE_DECL_SETENV + +/* Define to 1 if you have the declaration of `sleep', and to 0 if you don't. + */ +#undef HAVE_DECL_SLEEP + +/* Define to 1 if you have the declaration of `snprintf', and to 0 if you + don't. */ +#undef HAVE_DECL_SNPRINTF + +/* Define to 1 if you have the declaration of `strdup', and to 0 if you don't. + */ +#undef HAVE_DECL_STRDUP + +/* Define to 1 if you have the declaration of `strerror_r', and to 0 if you + don't. */ +#undef HAVE_DECL_STRERROR_R + +/* Define to 1 if you have the declaration of `strncasecmp', and to 0 if you + don't. */ +#undef HAVE_DECL_STRNCASECMP + +/* Define to 1 if you have the declaration of `strndup', and to 0 if you + don't. */ +#undef HAVE_DECL_STRNDUP + +/* Define to 1 if you have the declaration of `strnlen', and to 0 if you + don't. */ +#undef HAVE_DECL_STRNLEN + +/* Define to 1 if you have the declaration of `strtok_r', and to 0 if you + don't. */ +#undef HAVE_DECL_STRTOK_R + +/* Define to 1 if you have the declaration of `tzname', and to 0 if you don't. + */ +#undef HAVE_DECL_TZNAME + +/* Define to 1 if you have the declaration of `unsetenv', and to 0 if you + don't. */ +#undef HAVE_DECL_UNSETENV + +/* Define to 1 if you have the declaration of `vsnprintf', and to 0 if you + don't. */ +#undef HAVE_DECL_VSNPRINTF + +/* Define to 1 if you have the declaration of `_fseeki64', and to 0 if you + don't. */ +#undef HAVE_DECL__FSEEKI64 + +/* Define to 1 if you have the declaration of `_putenv', and to 0 if you + don't. */ +#undef HAVE_DECL__PUTENV + +/* Define to 1 if you have the declaration of `_snprintf', and to 0 if you + don't. */ +#undef HAVE_DECL__SNPRINTF + +/* Define to 1 if you have the declaration of `__fsetlocking', and to 0 if you + don't. */ +#undef HAVE_DECL___FSETLOCKING + +/* Define this if /dev/zero is readable device */ +#undef HAVE_DEV_ZERO + +/* Define to 1 if you have the header file, and it defines `DIR'. + */ +#undef HAVE_DIRENT_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_DLFCN_H + +/* Define to 1 if you don't have `vprintf' but do have `_doprnt.' */ +#undef HAVE_DOPRNT + +/* Define to 1 if you have the 'dup2' function. */ +#undef HAVE_DUP2 + +/* Define to 1 if you have the `duplocale' function. */ +#undef HAVE_DUPLOCALE + +/* Define if you have the declaration of environ. */ +#undef HAVE_ENVIRON_DECL + +/* Define to 1 if you have the header file. */ +#undef HAVE_ERRNO_H + +/* Define to 1 if you have the `explicit_bzero' function. */ +#undef HAVE_EXPLICIT_BZERO + +/* Define if the locale_t type contains insufficient information, as on + OpenBSD. */ +#undef HAVE_FAKE_LOCALES + +/* Define to 1 if you have the `fchmod' function. */ +#undef HAVE_FCHMOD + +/* Define to 1 if you have the `fcntl' function. */ +#undef HAVE_FCNTL + +/* Define to 1 if you have the header file. */ +#undef HAVE_FCNTL_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_FEATURES_H + +/* Define to 1 if you have the `flockfile' function. */ +#undef HAVE_FLOCKFILE + +/* Define to 1 if you have the `fmemopen' function. */ +#undef HAVE_FMEMOPEN + +/* Define to 1 if you have the `fork' function. */ +#undef HAVE_FORK + +/* Define to 1 if you have the `freelocale' function. */ +#undef HAVE_FREELOCALE + +/* Define to 1 if fseeko (and presumably ftello) exists and is declared. */ +#undef HAVE_FSEEKO + +/* Define to 1 if you have the `fstat' function. */ +#undef HAVE_FSTAT + +/* Define to 1 if you have the `ftruncate' function. */ +#undef HAVE_FTRUNCATE + +/* Define to 1 if you have the `funlockfile' function. */ +#undef HAVE_FUNLOCKFILE + +/* Define to 1 if you have the `getauxval' function. */ +#undef HAVE_GETAUXVAL + +/* Define to 1 if you have the `getdelim' function. */ +#undef HAVE_GETDELIM + +/* Define to 1 if you have the `getdtablesize' function. */ +#undef HAVE_GETDTABLESIZE + +/* Define to 1 if you have the `getegid' function. */ +#undef HAVE_GETEGID + +/* Enable the OpenBSD getentropy function */ +#undef HAVE_GETENTROPY + +/* Define to 1 if you have the `geteuid' function. */ +#undef HAVE_GETEUID + +/* Define to 1 if you have the `getgid' function. */ +#undef HAVE_GETGID + +/* Define to 1 if you have the `gethostbyname' function. */ +#undef HAVE_GETHOSTBYNAME + +/* Define to 1 if you have the `getlocalename_l' function. */ +#undef HAVE_GETLOCALENAME_L + +/* Define to 1 if you have the `getpass' function. */ +#undef HAVE_GETPASS + +/* Define to 1 if you have the `getpid' function. */ +#undef HAVE_GETPID + +/* Define to 1 if you have the `getpwuid_r' function. */ +#undef HAVE_GETPWUID_R + +/* Enable the Linux getrandom function */ +#undef HAVE_GETRANDOM + +/* Define to 1 if you have the `getrusage' function. */ +#undef HAVE_GETRUSAGE + +/* Define to 1 if you have the `getservbyname' function. */ +#undef HAVE_GETSERVBYNAME + +/* Define if the GNU gettext() function is already present or preinstalled. */ +#undef HAVE_GETTEXT + +/* Define to 1 if you have the `gettimeofday' function. */ +#undef HAVE_GETTIMEOFDAY + +/* Define to 1 if you have the `getuid' function. */ +#undef HAVE_GETUID + +/* Define if you have the iconv() function and it works. */ +#undef HAVE_ICONV + +/* Define to 1 if you have the `inet_ntop' function. */ +#undef HAVE_INET_NTOP + +/* Define to 1 if you have the `inet_pton' function. */ +#undef HAVE_INET_PTON + +/* Define to 1 if the compiler supports one of the keywords 'inline', + '__inline__', '__inline' and effectively inlines functions marked as such. + */ +#undef HAVE_INLINE + +/* Define to 1 if the system has the type `int16_t'. */ +#undef HAVE_INT16_T + +/* Define to 1 if the system has the type `int32_t'. */ +#undef HAVE_INT32_T + +/* Define to 1 if the system has the type `int8_t'. */ +#undef HAVE_INT8_T + +/* Define if you have the 'intmax_t' type in or . */ +#undef HAVE_INTMAX_T + +/* Define to 1 if the system has the type `intptr_t'. */ +#undef HAVE_INTPTR_T + +/* Define to 1 if you have the header file. */ +#undef HAVE_INTTYPES_H + +/* Define if exists, doesn't clash with , and + declares uintmax_t. */ +#undef HAVE_INTTYPES_H_WITH_UINTMAX + +/* Define to 1 if you have the `ioctl' function. */ +#undef HAVE_IOCTL + +/* Define to 1 if defines AF_INET. */ +#undef HAVE_IPV4 + +/* Define to 1 if defines AF_INET6. */ +#undef HAVE_IPV6 + +/* Define to 1 if you have the `isblank' function. */ +#undef HAVE_ISBLANK + +/* Define to 1 if you have the `issetugid' function. */ +#undef HAVE_ISSETUGID + +/* Define if you have and nl_langinfo(CODESET). */ +#undef HAVE_LANGINFO_CODESET + +/* Define to 1 if you have the header file. */ +#undef HAVE_LANGINFO_H + +/* Define if your file defines LC_MESSAGES. */ +#undef HAVE_LC_MESSAGES + +/* Define if you have the libcrypto library. */ +#undef HAVE_LIBCRYPTO + +/* Define if you have the libdl library. */ +#undef HAVE_LIBDL + +/* Define to 1 if you have the `gen' library (-lgen). */ +#undef HAVE_LIBGEN + +/* Define to 1 if you have the header file. */ +#undef HAVE_LIBGEN_H + +/* Define if IDNA 2008 support is enabled. */ +#undef HAVE_LIBIDN2 + +/* Define to 1 if you have the `intl' library (-lintl). */ +#undef HAVE_LIBINTL + +/* Define to 1 if you have the header file. */ +#undef HAVE_LIBINTL_H + +/* nettle is enabled */ +#undef HAVE_LIBNETTLE + +/* Define if you have the libpthread library. */ +#undef HAVE_LIBPTHREAD + +/* Define if you have the librt library. */ +#undef HAVE_LIBRT + +/* Define if you have the libseccomp library. */ +#undef HAVE_LIBSECCOMP + +/* Define to 1 if you have the header file. */ +#undef HAVE_LIMITS_H + +/* Define to 1 if you have the `localtime' function. */ +#undef HAVE_LOCALTIME + +/* Define if localtime-like functions can loop forever on extreme arguments. + */ +#undef HAVE_LOCALTIME_INFLOOP_BUG + +/* Define to 1 if you have the `localtime_r' function. */ +#undef HAVE_LOCALTIME_R + +/* Define to 1 if the system has the type 'long long int'. */ +#undef HAVE_LONG_LONG_INT + +/* Define to 1 if you have the `lstat' function. */ +#undef HAVE_LSTAT + +/* Define if the 'malloc' function is POSIX compliant. */ +#undef HAVE_MALLOC_POSIX + +/* Define to 1 if mmap()'s MAP_ANONYMOUS flag is available after including + config.h and . */ +#undef HAVE_MAP_ANONYMOUS + +/* Define to 1 if you have the `mbrtowc' function. */ +#undef HAVE_MBRTOWC + +/* Define to 1 if you have the `memmem' function. */ +#undef HAVE_MEMMEM + +/* Define to 1 if you have the header file. */ +#undef HAVE_MEMORY_H + +/* Define to 1 if defines the MIN and MAX macros. */ +#undef HAVE_MINMAX_IN_LIMITS_H + +/* Define to 1 if defines the MIN and MAX macros. */ +#undef HAVE_MINMAX_IN_SYS_PARAM_H + +/* Define to 1 if you have the `mmap' function. */ +#undef HAVE_MMAP + +/* Define to 1 if you have the `mprotect' function. */ +#undef HAVE_MPROTECT + +/* Define to 1 on MSVC platforms that have the "invalid parameter handler" + concept. */ +#undef HAVE_MSVC_INVALID_PARAMETER_HANDLER + +/* Define if the locale_t type does not contain the name of each locale + category. */ +#undef HAVE_NAMELESS_LOCALES + +/* Define to 1 if you have the `nanosleep' function. */ +#undef HAVE_NANOSLEEP + +/* Define to 1 if you have the header file, and it defines `DIR'. */ +#undef HAVE_NDIR_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_NETDB_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_NETINET_IN_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_NETINET_TCP_H + +/* Define to 1 if you have the `nettle_cfb8_encrypt' function. */ +#undef HAVE_NETTLE_CFB8_ENCRYPT + +/* Define to 1 if you have the `nettle_cmac128_update' function. */ +#undef HAVE_NETTLE_CMAC128_UPDATE + +/* Define to 1 if you have the `nettle_rsa_sec_decrypt' function. */ +#undef HAVE_NETTLE_RSA_SEC_DECRYPT + +/* Define to 1 if you have the `newlocale' function. */ +#undef HAVE_NEWLOCALE + +/* Define to 1 if you have the header file. */ +#undef HAVE_OS_H + +/* Define this if pathfind(3) works */ +#undef HAVE_PATHFIND + +/* Define to 1 if the system has the type `pid_t'. */ +#undef HAVE_PID_T + +/* Define to 1 if you have the `pipe' function. */ +#undef HAVE_PIPE + +/* Define to 1 if you have the `pthread_mutex_lock' function. */ +#undef HAVE_PTHREAD_MUTEX_LOCK + +/* Define if the defines PTHREAD_MUTEX_RECURSIVE. */ +#undef HAVE_PTHREAD_MUTEX_RECURSIVE + +/* Define if the POSIX multithreading library has read/write locks. */ +#undef HAVE_PTHREAD_RWLOCK + +/* Define if the 'pthread_rwlock_rdlock' function prefers a writer to a + reader. */ +#undef HAVE_PTHREAD_RWLOCK_RDLOCK_PREFER_WRITER + +/* Define to 1 if the system has the type `ptrdiff_t'. */ +#undef HAVE_PTRDIFF_T + +/* Define to 1 if you have the `raise' function. */ +#undef HAVE_RAISE + +/* Define if the 'realloc' function is POSIX compliant. */ +#undef HAVE_REALLOC_POSIX + +/* Define this if we have a functional realpath(3C) */ +#undef HAVE_REALPATH + +/* Define to 1 if you have the header file. */ +#undef HAVE_RUNETYPE_H + +/* Define to 1 if you have run the test for working tzset. */ +#undef HAVE_RUN_TZSET_TEST + +/* Define to 1 if the system has the type `sa_family_t'. */ +#undef HAVE_SA_FAMILY_T + +/* Define to 1 if you have the `scm_gc_malloc_pointerless' function. */ +#undef HAVE_SCM_GC_MALLOC_POINTERLESS + +/* Define to 1 if you have the header file. */ +#undef HAVE_SEARCH_H + +/* Define to 1 if you have the `secure_getenv' function. */ +#undef HAVE_SECURE_GETENV + +/* Define to 1 if you have the `setdtablesize' function. */ +#undef HAVE_SETDTABLESIZE + +/* Define to 1 if you have the `setenv' function. */ +#undef HAVE_SETENV + +/* Define to 1 if you have the `setitimer' function. */ +#undef HAVE_SETITIMER + +/* Define to 1 if you have the header file. */ +#undef HAVE_SETJMP_H + +/* Define to 1 if you have the `shutdown' function. */ +#undef HAVE_SHUTDOWN + +/* Define to 1 if you have the `sigaction' function. */ +#undef HAVE_SIGACTION + +/* Define to 1 if you have the `sigaltstack' function. */ +#undef HAVE_SIGALTSTACK + +/* Define to 1 if the system has the type `siginfo_t'. */ +#undef HAVE_SIGINFO_T + +/* Define to 1 if you have the `siginterrupt' function. */ +#undef HAVE_SIGINTERRUPT + +/* Define to 1 if 'sig_atomic_t' is a signed integer type. */ +#undef HAVE_SIGNED_SIG_ATOMIC_T + +/* Define to 1 if 'wchar_t' is a signed integer type. */ +#undef HAVE_SIGNED_WCHAR_T + +/* Define to 1 if 'wint_t' is a signed integer type. */ +#undef HAVE_SIGNED_WINT_T + +/* Define to 1 if the system has the type `sigset_t'. */ +#undef HAVE_SIGSET_T + +/* Define to 1 if the system has the type `size_t'. */ +#undef HAVE_SIZE_T + +/* Define to 1 if you have the `sleep' function. */ +#undef HAVE_SLEEP + +/* Define to 1 if you have the `snprintf' function. */ +#undef HAVE_SNPRINTF + +/* Define if the return value of the snprintf function is the number of of + bytes (excluding the terminating NUL) that would have been produced if the + buffer had been large enough. */ +#undef HAVE_SNPRINTF_RETVAL_C99 + +/* Define if the locale_t type is as on Solaris 11.4. */ +#undef HAVE_SOLARIS114_LOCALES + +/* Define to 1 if you have the header file. */ +#undef HAVE_STDARG_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_STDATOMIC_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_STDBOOL_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_STDINT_H + +/* Define if exists, doesn't clash with , and declares + uintmax_t. */ +#undef HAVE_STDINT_H_WITH_UINTMAX + +/* Define to 1 if you have the header file. */ +#undef HAVE_STDIO_EXT_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_STDLIB_H + +/* Define to 1 if you have the `strcasecmp' function. */ +#undef HAVE_STRCASECMP + +/* Define to 1 if you have the `strchr' function. */ +#undef HAVE_STRCHR + +/* Define to 1 if you have the `strdup' function. */ +#undef HAVE_STRDUP + +/* Define to 1 if you have the `strerror_r' function. */ +#undef HAVE_STRERROR_R + +/* Define this if strftime() works */ +#undef HAVE_STRFTIME + +/* Define to 1 if you have the header file. */ +#undef HAVE_STRINGS_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_STRING_H + +/* Define to 1 if you have the `strncasecmp' function. */ +#undef HAVE_STRNCASECMP + +/* Define to 1 if you have the `strndup' function. */ +#undef HAVE_STRNDUP + +/* Define to 1 if you have the `strnlen' function. */ +#undef HAVE_STRNLEN + +/* Define to 1 if you have the `strrchr' function. */ +#undef HAVE_STRRCHR + +/* Define to 1 if you have the `strsignal' function. */ +#undef HAVE_STRSIGNAL + +/* Define to 1 if you have the `strtok_r' function. */ +#undef HAVE_STRTOK_R + +/* Define to 1 if the system has the type `struct addrinfo'. */ +#undef HAVE_STRUCT_ADDRINFO + +/* Define to 1 if `iov_base' is a member of `struct iovec'. */ +#undef HAVE_STRUCT_IOVEC_IOV_BASE + +/* Define to 1 if `sa_sigaction' is a member of `struct sigaction'. */ +#undef HAVE_STRUCT_SIGACTION_SA_SIGACTION + +/* Define to 1 if `sa_len' is a member of `struct sockaddr'. */ +#undef HAVE_STRUCT_SOCKADDR_SA_LEN + +/* Define to 1 if the system has the type `struct sockaddr_storage'. */ +#undef HAVE_STRUCT_SOCKADDR_STORAGE + +/* Define to 1 if `ss_family' is a member of `struct sockaddr_storage'. */ +#undef HAVE_STRUCT_SOCKADDR_STORAGE_SS_FAMILY + +/* Define to 1 if `st_atimensec' is a member of `struct stat'. */ +#undef HAVE_STRUCT_STAT_ST_ATIMENSEC + +/* Define to 1 if `st_atimespec.tv_nsec' is a member of `struct stat'. */ +#undef HAVE_STRUCT_STAT_ST_ATIMESPEC_TV_NSEC + +/* Define to 1 if `st_atim.st__tim.tv_nsec' is a member of `struct stat'. */ +#undef HAVE_STRUCT_STAT_ST_ATIM_ST__TIM_TV_NSEC + +/* Define to 1 if `st_atim.tv_nsec' is a member of `struct stat'. */ +#undef HAVE_STRUCT_STAT_ST_ATIM_TV_NSEC + +/* Define to 1 if `st_birthtimensec' is a member of `struct stat'. */ +#undef HAVE_STRUCT_STAT_ST_BIRTHTIMENSEC + +/* Define to 1 if `st_birthtimespec.tv_nsec' is a member of `struct stat'. */ +#undef HAVE_STRUCT_STAT_ST_BIRTHTIMESPEC_TV_NSEC + +/* Define to 1 if `st_birthtim.tv_nsec' is a member of `struct stat'. */ +#undef HAVE_STRUCT_STAT_ST_BIRTHTIM_TV_NSEC + +/* Define to 1 if `tm_zone' is a member of `struct tm'. */ +#undef HAVE_STRUCT_TM_TM_ZONE + +/* Define to 1 if you have the `strverscmp' function. */ +#undef HAVE_STRVERSCMP + +/* Define to 1 if you have the `symlink' function. */ +#undef HAVE_SYMLINK + +/* Define to 1 if you have the header file. */ +#undef HAVE_SYSEXITS_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_SYS_BITYPES_H + +/* Define to 1 if you have the header file, and it defines `DIR'. + */ +#undef HAVE_SYS_DIR_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_SYS_INTTYPES_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_SYS_IOCTL_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_SYS_LIMITS_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_SYS_MMAN_H + +/* Define to 1 if you have the header file, and it defines `DIR'. + */ +#undef HAVE_SYS_NDIR_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_SYS_PARAM_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_SYS_POLL_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_SYS_PROCSET_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_SYS_SELECT_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_SYS_SOCKET_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_SYS_STAT_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_SYS_STROPTS_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_SYS_TIME_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_SYS_TYPES_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_SYS_UIO_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_SYS_UN_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_SYS_WAIT_H + +/* Define to 1 if the system has the 'tcgetattr' function. */ +#undef HAVE_TCGETATTR + +/* Define to 1 if the system has the 'tcsetattr' function. */ +#undef HAVE_TCSETATTR + +/* Define to 1 if you have the header file. */ +#undef HAVE_TERMIOS_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_THREADS_H + +/* Define to 1 if you have the `timegm' function. */ +#undef HAVE_TIMEGM + +/* Define to 1 if the system has the type `timezone_t'. */ +#undef HAVE_TIMEZONE_T + +/* Define if struct tm has the tm_gmtoff member. */ +#undef HAVE_TM_GMTOFF + +/* Define to 1 if your `struct tm' has `tm_zone'. Deprecated, use + `HAVE_STRUCT_TM_TM_ZONE' instead. */ +#undef HAVE_TM_ZONE + +/* Enable TPM */ +#undef HAVE_TROUSERS + +/* Define to 1 if you have the `tsearch' function. */ +#undef HAVE_TSEARCH + +/* Define to 1 if you don't have `tm_zone' but do have the external array + `tzname'. */ +#undef HAVE_TZNAME + +/* Define to 1 if you have the `tzset' function. */ +#undef HAVE_TZSET + +/* Define to 1 if the system has the type `uint16_t'. */ +#undef HAVE_UINT16_T + +/* Define to 1 if the system has the type `uint32_t'. */ +#undef HAVE_UINT32_T + +/* Define to 1 if the system has the type `uint8_t'. */ +#undef HAVE_UINT8_T + +/* Define to 1 if the system has the type `uintptr_t'. */ +#undef HAVE_UINTPTR_T + +/* Define to 1 if the system has the type `uint_t'. */ +#undef HAVE_UINT_T + +/* Define to 1 if you have the header file. */ +#undef HAVE_UNISTD_H + +/* Define to 1 if you have the `unsetenv' function. */ +#undef HAVE_UNSETENV + +/* Define to 1 if the system has the type 'unsigned long long int'. */ +#undef HAVE_UNSIGNED_LONG_LONG_INT + +/* Define to 1 if you have the `uselocale' function. */ +#undef HAVE_USELOCALE + +/* Define to 1 if you have the header file. */ +#undef HAVE_UTIME_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_VALUES_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_VARARGS_H + +/* Define to 1 if you have the `vasnprintf' function. */ +#undef HAVE_VASNPRINTF + +/* Define to 1 if you have the `vasprintf' function. */ +#undef HAVE_VASPRINTF + +/* Define to 1 if you have the `vfork' function. */ +#undef HAVE_VFORK + +/* Define to 1 if you have the header file. */ +#undef HAVE_VFORK_H + +/* Define to 1 if you have the `vprintf' function. */ +#undef HAVE_VPRINTF + +/* Define to 1 if you have the `vsnprintf' function. */ +#undef HAVE_VSNPRINTF + +/* Define to 1 if you have the header file. */ +#undef HAVE_WCHAR_H + +/* Define to 1 if the system has the type `wchar_t'. */ +#undef HAVE_WCHAR_T + +/* Define to 1 if you have the `wcrtomb' function. */ +#undef HAVE_WCRTOMB + +/* Define to 1 if you have the `wcslen' function. */ +#undef HAVE_WCSLEN + +/* Define to 1 if you have the `wcsnlen' function. */ +#undef HAVE_WCSNLEN + +/* Define to 1 if you have the header file. */ +#undef HAVE_WINSOCK2_H + +/* Define to 1 if the system has the type `wint_t'. */ +#undef HAVE_WINT_T + +/* Define to 1 if `fork' works. */ +#undef HAVE_WORKING_FORK + +/* Define to 1 if O_NOATIME works. */ +#undef HAVE_WORKING_O_NOATIME + +/* Define to 1 if O_NOFOLLOW works. */ +#undef HAVE_WORKING_O_NOFOLLOW + +/* Define if the uselocale function exists any may safely be called. */ +#undef HAVE_WORKING_USELOCALE + +/* Define to 1 if `vfork' works. */ +#undef HAVE_WORKING_VFORK + +/* Define to 1 if you have the header file. */ +#undef HAVE_WS2TCPIP_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_XLOCALE_H + +/* Define to 1 if you have the `xts_encrypt_message' function. */ +#undef HAVE_XTS_ENCRYPT_MESSAGE + +/* Define to 1 if the system has the type `_Bool'. */ +#undef HAVE__BOOL + +/* Define to 1 if you have the `_fseeki64' function. */ +#undef HAVE__FSEEKI64 + +/* Define to 1 if you have the `_ftelli64' function. */ +#undef HAVE__FTELLI64 + +/* Define to 1 if you have the `_set_invalid_parameter_handler' function. */ +#undef HAVE__SET_INVALID_PARAMETER_HANDLER + +/* Define to 1 if the compiler supports __builtin_expect, + and to 2 if does. */ +#undef HAVE___BUILTIN_EXPECT +#ifndef HAVE___BUILTIN_EXPECT +# define __builtin_expect(e, c) (e) +#elif HAVE___BUILTIN_EXPECT == 2 +# include +#endif + + +/* Define to 1 if you have the `__fsetlocking' function. */ +#undef HAVE___FSETLOCKING + +/* Define to 1 if the compiler supports the keyword '__inline'. */ +#undef HAVE___INLINE + +/* Define to 1 if you have the `__register_atfork' function. */ +#undef HAVE___REGISTER_ATFORK + +/* Define to 1 if you have the `__secure_getenv' function. */ +#undef HAVE___SECURE_GETENV + +/* Define to 1 if you have the `__xpg_strerror_r' function. */ +#undef HAVE___XPG_STRERROR_R + +/* Define to 1 if lseek does not detect pipes. */ +#undef LSEEK_PIPE_BROKEN + +/* Define to 1 if 'lstat' dereferences a symlink specified with a trailing + slash. */ +#undef LSTAT_FOLLOWS_SLASHED_SYMLINK + +/* Define to the sub-directory where libtool stores uninstalled libraries. */ +#undef LT_OBJDIR + +/* If malloc(0) is != NULL, define this to 1. Otherwise define this to 0. */ +#undef MALLOC_0_IS_NONNULL + +/* Define to a substitute value for mmap()'s MAP_ANONYMOUS flag. */ +#undef MAP_ANONYMOUS + +/* Use GNU style printf and scanf. */ +#ifndef __USE_MINGW_ANSI_STDIO +# undef __USE_MINGW_ANSI_STDIO +#endif + + +/* Define if the compilation of mktime.c should define 'mktime_internal'. */ +#undef NEED_MKTIME_INTERNAL + +/* Define if the compilation of mktime.c should define 'mktime' with the + native Windows TZ workaround. */ +#undef NEED_MKTIME_WINDOWS + +/* Define if the compilation of mktime.c should define 'mktime' with the + algorithmic workarounds. */ +#undef NEED_MKTIME_WORKING + +/* Define this if optional arguments are disallowed */ +#undef NO_OPTIONAL_OPT_ARGS + +/* Define to 1 if open() fails to recognize a trailing slash. */ +#undef OPEN_TRAILING_SLASH_BUG + +/* Name of package */ +#undef PACKAGE + +/* Define to the address where bug reports for this package should be sent. */ +#undef PACKAGE_BUGREPORT + +/* Define to the full name of this package. */ +#undef PACKAGE_NAME + +/* Define to the full name and version of this package. */ +#undef PACKAGE_STRING + +/* Define to the one symbol short name of this package. */ +#undef PACKAGE_TARNAME + +/* Define to the home page for this package. */ +#undef PACKAGE_URL + +/* Define to the version of this package. */ +#undef PACKAGE_VERSION + +/* define to a working POSIX compliant shell */ +#undef POSIX_SHELL + +/* Define if exists and defines unusable PRI* macros. */ +#undef PRI_MACROS_BROKEN + +/* Define to the type that is the result of default argument promotions of + type mode_t. */ +#undef PROMOTED_MODE_T + +/* Define if the pthread_in_use() detection is hard. */ +#undef PTHREAD_IN_USE_DETECTION_HARD + +/* Define to l, ll, u, ul, ull, etc., as suitable for constants of type + 'ptrdiff_t'. */ +#undef PTRDIFF_T_SUFFIX + +/* name of regex header file */ +#undef REGEX_HEADER + +/* Define to 1 if stat needs help when passed a file name with a trailing + slash */ +#undef REPLACE_FUNC_STAT_FILE + +/* Define to 1 if strerror(0) does not return a message implying success. */ +#undef REPLACE_STRERROR_0 + +/* Define if vasnprintf exists but is overridden by gnulib. */ +#undef REPLACE_VASNPRINTF + +/* Define to l, ll, u, ul, ull, etc., as suitable for constants of type + 'sig_atomic_t'. */ +#undef SIG_ATOMIC_T_SUFFIX + +/* The size of `char *', as computed by sizeof. */ +#undef SIZEOF_CHAR_P + +/* The size of `int', as computed by sizeof. */ +#undef SIZEOF_INT + +/* The size of `long', as computed by sizeof. */ +#undef SIZEOF_LONG + +/* The size of `long long', as computed by sizeof. */ +#undef SIZEOF_LONG_LONG + +/* The size of `short', as computed by sizeof. */ +#undef SIZEOF_SHORT + +/* The size of `time_t', as computed by sizeof. */ +#undef SIZEOF_TIME_T + +/* The size of `unsigned int', as computed by sizeof. */ +#undef SIZEOF_UNSIGNED_INT + +/* The size of `unsigned long int', as computed by sizeof. */ +#undef SIZEOF_UNSIGNED_LONG_INT + +/* The size of `void *', as computed by sizeof. */ +#undef SIZEOF_VOID_P + +/* Define as the maximum value of type 'size_t', if the system doesn't define + it. */ +#ifndef SIZE_MAX +# undef SIZE_MAX +#endif + +/* Define to l, ll, u, ul, ull, etc., as suitable for constants of type + 'size_t'. */ +#undef SIZE_T_SUFFIX + +/* If using the C implementation of alloca, define if you know the + direction of stack growth for your system; otherwise it will be + automatically deduced at runtime. + STACK_DIRECTION > 0 => grows toward higher addresses + STACK_DIRECTION < 0 => grows toward lower addresses + STACK_DIRECTION = 0 => direction of growth unknown */ +#undef STACK_DIRECTION + +/* Define to 1 if the `S_IS*' macros in do not work properly. */ +#undef STAT_MACROS_BROKEN + +/* Define to 1 if you have the ANSI C header files. */ +#undef STDC_HEADERS + +/* The system priority file */ +#undef SYSTEM_PRIORITY_FILE + +/* Define to 1 if time_t is signed. */ +#undef TIME_T_IS_SIGNED + +/* Define to 1 if your declares `struct tm'. */ +#undef TM_IN_SYS_TIME + +/* the location of the trousers library */ +#undef TROUSERS_LIB + +/* Define to 1 if the type of the st_atim member of a struct stat is struct + timespec. */ +#undef TYPEOF_STRUCT_STAT_ST_ATIM_IS_STRUCT_TIMESPEC + +/* Define if tzset clobbers localtime's static buffer. */ +#undef TZSET_CLOBBERS_LOCALTIME + +/* The DNSSEC root key file */ +#undef UNBOUND_ROOT_KEY_FILE + +/* Define if the POSIX multithreading library can be used. */ +#undef USE_POSIX_THREADS + +/* Define if references to the POSIX multithreading library should be made + weak. */ +#undef USE_POSIX_THREADS_WEAK + +/* Define if the GNU Pth multithreading library can be used. */ +#undef USE_PTH_THREADS + +/* Define if references to the GNU Pth multithreading library should be made + weak. */ +#undef USE_PTH_THREADS_WEAK + +/* Define if the old Solaris multithreading library can be used. */ +#undef USE_SOLARIS_THREADS + +/* Define if references to the old Solaris multithreading library should be + made weak. */ +#undef USE_SOLARIS_THREADS_WEAK + +/* Enable extensions on AIX 3, Interix. */ +#ifndef _ALL_SOURCE +# undef _ALL_SOURCE +#endif +/* Enable general extensions on macOS. */ +#ifndef _DARWIN_C_SOURCE +# undef _DARWIN_C_SOURCE +#endif +/* Enable GNU extensions on systems that have them. */ +#ifndef _GNU_SOURCE +# undef _GNU_SOURCE +#endif +/* Enable NetBSD extensions on NetBSD. */ +#ifndef _NETBSD_SOURCE +# undef _NETBSD_SOURCE +#endif +/* Enable OpenBSD extensions on NetBSD. */ +#ifndef _OPENBSD_SOURCE +# undef _OPENBSD_SOURCE +#endif +/* Enable threading extensions on Solaris. */ +#ifndef _POSIX_PTHREAD_SEMANTICS +# undef _POSIX_PTHREAD_SEMANTICS +#endif +/* Enable extensions specified by ISO/IEC TS 18661-5:2014. */ +#ifndef __STDC_WANT_IEC_60559_ATTRIBS_EXT__ +# undef __STDC_WANT_IEC_60559_ATTRIBS_EXT__ +#endif +/* Enable extensions specified by ISO/IEC TS 18661-1:2014. */ +#ifndef __STDC_WANT_IEC_60559_BFP_EXT__ +# undef __STDC_WANT_IEC_60559_BFP_EXT__ +#endif +/* Enable extensions specified by ISO/IEC TS 18661-2:2015. */ +#ifndef __STDC_WANT_IEC_60559_DFP_EXT__ +# undef __STDC_WANT_IEC_60559_DFP_EXT__ +#endif +/* Enable extensions specified by ISO/IEC TS 18661-4:2015. */ +#ifndef __STDC_WANT_IEC_60559_FUNCS_EXT__ +# undef __STDC_WANT_IEC_60559_FUNCS_EXT__ +#endif +/* Enable extensions specified by ISO/IEC TS 18661-3:2015. */ +#ifndef __STDC_WANT_IEC_60559_TYPES_EXT__ +# undef __STDC_WANT_IEC_60559_TYPES_EXT__ +#endif +/* Enable extensions specified by ISO/IEC TR 24731-2:2010. */ +#ifndef __STDC_WANT_LIB_EXT2__ +# undef __STDC_WANT_LIB_EXT2__ +#endif +/* Enable extensions specified by ISO/IEC 24747:2009. */ +#ifndef __STDC_WANT_MATH_SPEC_FUNCS__ +# undef __STDC_WANT_MATH_SPEC_FUNCS__ +#endif +/* Enable extensions on HP NonStop. */ +#ifndef _TANDEM_SOURCE +# undef _TANDEM_SOURCE +#endif +/* Enable X/Open extensions if necessary. HP-UX 11.11 defines + mbstate_t only if _XOPEN_SOURCE is defined to 500, regardless of + whether compiling with -Ae or -D_HPUX_SOURCE=1. */ +#ifndef _XOPEN_SOURCE +# undef _XOPEN_SOURCE +#endif +/* Enable X/Open compliant socket functions that do not require linking + with -lxnet on HP-UX 11.11. */ +#ifndef _HPUX_ALT_XOPEN_SOCKET_API +# undef _HPUX_ALT_XOPEN_SOCKET_API +#endif +/* Enable general extensions on Solaris. */ +#ifndef __EXTENSIONS__ +# undef __EXTENSIONS__ +#endif + + +/* Define if the native Windows multithreading API can be used. */ +#undef USE_WINDOWS_THREADS + +/* Version number of package */ +#undef VERSION + +/* Define to 1 if unsetenv returns void instead of int. */ +#undef VOID_UNSETENV + +/* Define to l, ll, u, ul, ull, etc., as suitable for constants of type + 'wchar_t'. */ +#undef WCHAR_T_SUFFIX + +/* Define if WSAStartup is needed. */ +#undef WINDOWS_SOCKETS + +/* Define to l, ll, u, ul, ull, etc., as suitable for constants of type + 'wint_t'. */ +#undef WINT_T_SUFFIX + +/* Define this if a working libregex can be found */ +#undef WITH_LIBREGEX + +/* Define WORDS_BIGENDIAN to 1 if your processor stores words with the most + significant byte first (like Motorola and SPARC, unlike Intel). */ +#if defined AC_APPLE_UNIVERSAL_BUILD +# if defined __BIG_ENDIAN__ +# define WORDS_BIGENDIAN 1 +# endif +#else +# ifndef WORDS_BIGENDIAN +# undef WORDS_BIGENDIAN +# endif +#endif + +/* Enable large inode numbers on Mac OS X 10.5. */ +#undef _DARWIN_USE_64_BIT_INODE + +/* Number of bits in a file offset, on hosts where this is settable. */ +#undef _FILE_OFFSET_BITS + +/* Define to 1 to make fseeko visible on some hosts (e.g. glibc 2.2). */ +#undef _LARGEFILE_SOURCE + +/* Define for large files, on AIX-style hosts. */ +#undef _LARGE_FILES + +/* Define to 1 on Solaris. */ +#undef _LCONV_C99 + +/* Define to 1 if on MINIX. */ +#undef _MINIX + +/* Define to 1 to make NetBSD features available. MINIX 3 needs this. */ +#undef _NETBSD_SOURCE + +/* The _Noreturn keyword of C11. */ +#ifndef _Noreturn +# if (defined __cplusplus \ + && ((201103 <= __cplusplus && !(__GNUC__ == 4 && __GNUC_MINOR__ == 7)) \ + || (defined _MSC_VER && 1900 <= _MSC_VER))) +# define _Noreturn [[noreturn]] +# elif ((!defined __cplusplus || defined __clang__) \ + && (201112 <= (defined __STDC_VERSION__ ? __STDC_VERSION__ : 0) \ + || 4 < __GNUC__ + (7 <= __GNUC_MINOR__))) + /* _Noreturn works as-is. */ +# elif 2 < __GNUC__ + (8 <= __GNUC_MINOR__) || 0x5110 <= __SUNPRO_C +# define _Noreturn __attribute__ ((__noreturn__)) +# elif 1200 <= (defined _MSC_VER ? _MSC_VER : 0) +# define _Noreturn __declspec (noreturn) +# else +# define _Noreturn +# endif +#endif + + +/* Define to 2 if the system does not provide POSIX.1 features except with + this defined. */ +#undef _POSIX_1_SOURCE + +/* Define to 1 in order to get the POSIX compatible declarations of socket + functions. */ +#undef _POSIX_PII_SOCKET + +/* Define to 1 if you need to in order for 'stat' and other things to work. */ +#undef _POSIX_SOURCE + +/* Defined to 1 for Unicode (wide chars) APIs */ +#undef _UNICODE + +/* For standard stat data types on VMS. */ +#undef _USE_STD_STAT + +/* Define to 1 if the system predates C++11. */ +#undef __STDC_CONSTANT_MACROS + +/* Define to 1 if the system predates C++11. */ +#undef __STDC_LIMIT_MACROS + +/* Define as a replacement for the ISO C99 __func__ variable. */ +#undef __func__ + +/* The _GL_ASYNC_SAFE marker should be attached to functions that are + signal handlers (for signals other than SIGABRT, SIGPIPE) or can be + invoked from such signal handlers. Such functions have some restrictions: + * All functions that it calls should be marked _GL_ASYNC_SAFE as well, + or should be listed as async-signal-safe in POSIX + + section 2.4.3. Note that malloc(), sprintf(), and fwrite(), in + particular, are NOT async-signal-safe. + * All memory locations (variables and struct fields) that these functions + access must be marked 'volatile'. This holds for both read and write + accesses. Otherwise the compiler might optimize away stores to and + reads from such locations that occur in the program, depending on its + data flow analysis. For example, when the program contains a loop + that is intended to inspect a variable set from within a signal handler + while (!signal_occurred) + ; + the compiler is allowed to transform this into an endless loop if the + variable 'signal_occurred' is not declared 'volatile'. + Additionally, recall that: + * A signal handler should not modify errno (except if it is a handler + for a fatal signal and ends by raising the same signal again, thus + provoking the termination of the process). If it invokes a function + that may clobber errno, it needs to save and restore the value of + errno. */ +#define _GL_ASYNC_SAFE + + +/* Please see the Gnulib manual for how to use these macros. + + Suppress extern inline with HP-UX cc, as it appears to be broken; see + . + + Suppress extern inline with Sun C in standards-conformance mode, as it + mishandles inline functions that call each other. E.g., for 'inline void f + (void) { } inline void g (void) { f (); }', c99 incorrectly complains + 'reference to static identifier "f" in extern inline function'. + This bug was observed with Sun C 5.12 SunOS_i386 2011/11/16. + + Suppress extern inline (with or without __attribute__ ((__gnu_inline__))) + on configurations that mistakenly use 'static inline' to implement + functions or macros in standard C headers like . For example, + if isdigit is mistakenly implemented via a static inline function, + a program containing an extern inline function that calls isdigit + may not work since the C standard prohibits extern inline functions + from calling static functions (ISO C 99 section 6.7.4.(3). + This bug is known to occur on: + + OS X 10.8 and earlier; see: + https://lists.gnu.org/r/bug-gnulib/2012-12/msg00023.html + + DragonFly; see + http://muscles.dragonflybsd.org/bulk/bleeding-edge-potential/latest-per-pkg/ah-tty-0.3.12.log + + FreeBSD; see: + https://lists.gnu.org/r/bug-gnulib/2014-07/msg00104.html + + OS X 10.9 has a macro __header_inline indicating the bug is fixed for C and + for clang but remains for g++; see . + Assume DragonFly and FreeBSD will be similar. + + GCC 4.3 and above with -std=c99 or -std=gnu99 implements ISO C99 + inline semantics, unless -fgnu89-inline is used. It defines a macro + __GNUC_STDC_INLINE__ to indicate this situation or a macro + __GNUC_GNU_INLINE__ to indicate the opposite situation. + GCC 4.2 with -std=c99 or -std=gnu99 implements the GNU C inline + semantics but warns, unless -fgnu89-inline is used: + warning: C99 inline functions are not supported; using GNU89 + warning: to disable this warning use -fgnu89-inline or the gnu_inline function attribute + It defines a macro __GNUC_GNU_INLINE__ to indicate this situation. + */ +#if (((defined __APPLE__ && defined __MACH__) \ + || defined __DragonFly__ || defined __FreeBSD__) \ + && (defined __header_inline \ + ? (defined __cplusplus && defined __GNUC_STDC_INLINE__ \ + && ! defined __clang__) \ + : ((! defined _DONT_USE_CTYPE_INLINE_ \ + && (defined __GNUC__ || defined __cplusplus)) \ + || (defined _FORTIFY_SOURCE && 0 < _FORTIFY_SOURCE \ + && defined __GNUC__ && ! defined __cplusplus)))) +# define _GL_EXTERN_INLINE_STDHEADER_BUG +#endif +#if ((__GNUC__ \ + ? defined __GNUC_STDC_INLINE__ && __GNUC_STDC_INLINE__ \ + : (199901L <= __STDC_VERSION__ \ + && !defined __HP_cc \ + && !defined __PGI \ + && !(defined __SUNPRO_C && __STDC__))) \ + && !defined _GL_EXTERN_INLINE_STDHEADER_BUG) +# define _GL_INLINE inline +# define _GL_EXTERN_INLINE extern inline +# define _GL_EXTERN_INLINE_IN_USE +#elif (2 < __GNUC__ + (7 <= __GNUC_MINOR__) && !defined __STRICT_ANSI__ \ + && !defined _GL_EXTERN_INLINE_STDHEADER_BUG) +# if defined __GNUC_GNU_INLINE__ && __GNUC_GNU_INLINE__ + /* __gnu_inline__ suppresses a GCC 4.2 diagnostic. */ +# define _GL_INLINE extern inline __attribute__ ((__gnu_inline__)) +# else +# define _GL_INLINE extern inline +# endif +# define _GL_EXTERN_INLINE extern +# define _GL_EXTERN_INLINE_IN_USE +#else +# define _GL_INLINE static _GL_UNUSED +# define _GL_EXTERN_INLINE static _GL_UNUSED +#endif + +/* In GCC 4.6 (inclusive) to 5.1 (exclusive), + suppress bogus "no previous prototype for 'FOO'" + and "no previous declaration for 'FOO'" diagnostics, + when FOO is an inline function in the header; see + and + . */ +#if __GNUC__ == 4 && 6 <= __GNUC_MINOR__ +# if defined __GNUC_STDC_INLINE__ && __GNUC_STDC_INLINE__ +# define _GL_INLINE_HEADER_CONST_PRAGMA +# else +# define _GL_INLINE_HEADER_CONST_PRAGMA \ + _Pragma ("GCC diagnostic ignored \"-Wsuggest-attribute=const\"") +# endif +# define _GL_INLINE_HEADER_BEGIN \ + _Pragma ("GCC diagnostic push") \ + _Pragma ("GCC diagnostic ignored \"-Wmissing-prototypes\"") \ + _Pragma ("GCC diagnostic ignored \"-Wmissing-declarations\"") \ + _GL_INLINE_HEADER_CONST_PRAGMA +# define _GL_INLINE_HEADER_END \ + _Pragma ("GCC diagnostic pop") +#else +# define _GL_INLINE_HEADER_BEGIN +# define _GL_INLINE_HEADER_END +#endif + +/* static lib rename */ +#undef fread_file + +/* Define to `int' if doesn't define. */ +#undef gid_t + +/* Define to `__inline__' or `__inline' if that's what the C compiler + calls it, or to nothing if 'inline' is not supported under any name. */ +#ifndef __cplusplus +#undef inline +#endif + +/* Define to long or long long if and don't define. */ +#undef intmax_t + +/* Work around a bug in Apple GCC 4.0.1 build 5465: In C99 mode, it supports + the ISO C 99 semantics of 'extern inline' (unlike the GNU C semantics of + earlier versions), but does not display it by setting __GNUC_STDC_INLINE__. + __APPLE__ && __MACH__ test for Mac OS X. + __APPLE_CC__ tests for the Apple compiler and its version. + __STDC_VERSION__ tests for the C99 mode. */ +#if defined __APPLE__ && defined __MACH__ && __APPLE_CC__ >= 5465 && !defined __cplusplus && __STDC_VERSION__ >= 199901L && !defined __GNUC_STDC_INLINE__ +# define __GNUC_STDC_INLINE__ 1 +#endif + +/* Define to the real name of the mktime_internal function. */ +#undef mktime_internal + +/* Define to `int' if does not define. */ +#undef mode_t + +/* Define to the name of the strftime replacement function. */ +#undef my_strftime + +/* Define to the type of st_nlink in struct stat, or a supertype. */ +#undef nlink_t + +/* Define to `int' if does not define. */ +#undef pid_t + +/* Define as the type of the result of subtracting two pointers, if the system + doesn't define it. */ +#undef ptrdiff_t + +/* static lib rename */ +#undef read_binary_file + +/* static lib rename */ +#undef read_file + +/* Define to the equivalent of the C99 'restrict' keyword, or to + nothing if this is not supported. Do not define if restrict is + supported directly. */ +#undef restrict +/* Work around a bug in Sun C++: it does not support _Restrict or + __restrict__, even though the corresponding Sun C compiler ends up with + "#define restrict _Restrict" or "#define restrict __restrict__" in the + previous line. Perhaps some future version of Sun C++ will work with + restrict; if so, hopefully it defines __RESTRICT like Sun C does. */ +#if defined __SUNPRO_CC && !defined __RESTRICT +# define _Restrict +# define __restrict__ +#endif + +/* Define to `unsigned int' if does not define. */ +#undef size_t + +/* type to use in place of socklen_t if not defined */ +#undef socklen_t + +/* Define as a signed type of the same size as size_t. */ +#undef ssize_t + +/* Define to `int' if doesn't define. */ +#undef uid_t + +/* Define as a marker that can be attached to declarations that might not + be used. This helps to reduce warnings, such as from + GCC -Wunused-parameter. */ +#if __GNUC__ >= 3 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 7) +# define _GL_UNUSED __attribute__ ((__unused__)) +#else +# define _GL_UNUSED +#endif +/* The name _UNUSED_PARAMETER_ is an earlier spelling, although the name + is a misnomer outside of parameter lists. */ +#define _UNUSED_PARAMETER_ _GL_UNUSED + +/* gcc supports the "unused" attribute on possibly unused labels, and + g++ has since version 4.5. Note to support C++ as well as C, + _GL_UNUSED_LABEL should be used with a trailing ; */ +#if !defined __cplusplus || __GNUC__ > 4 \ + || (__GNUC__ == 4 && __GNUC_MINOR__ >= 5) +# define _GL_UNUSED_LABEL _GL_UNUSED +#else +# define _GL_UNUSED_LABEL +#endif + +/* The __pure__ attribute was added in gcc 2.96. */ +#if __GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 96) +# define _GL_ATTRIBUTE_PURE __attribute__ ((__pure__)) +#else +# define _GL_ATTRIBUTE_PURE /* empty */ +#endif + +/* The __const__ attribute was added in gcc 2.95. */ +#if __GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 95) +# define _GL_ATTRIBUTE_CONST __attribute__ ((__const__)) +#else +# define _GL_ATTRIBUTE_CONST /* empty */ +#endif + +/* The __malloc__ attribute was added in gcc 3. */ +#if 3 <= __GNUC__ +# define _GL_ATTRIBUTE_MALLOC __attribute__ ((__malloc__)) +#else +# define _GL_ATTRIBUTE_MALLOC /* empty */ +#endif + + +/* Define as `fork' if `vfork' does not work. */ +#undef vfork diff --git a/configure b/configure new file mode 100755 index 0000000..fe9de90 --- /dev/null +++ b/configure @@ -0,0 +1,67112 @@ +#! /bin/sh +# Guess values for system-dependent variables and create Makefiles. +# Generated by GNU Autoconf 2.69 for GnuTLS 3.6.8. +# +# Report bugs to . +# +# +# Copyright (C) 1992-1996, 1998-2012 Free Software Foundation, Inc. +# +# +# This configure script is free software; the Free Software Foundation +# gives unlimited permission to copy, distribute and modify it. +## -------------------- ## +## M4sh Initialization. ## +## -------------------- ## + +# Be more Bourne compatible +DUALCASE=1; export DUALCASE # for MKS sh +if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then : + emulate sh + NULLCMD=: + # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which + # is contrary to our usage. Disable this feature. + alias -g '${1+"$@"}'='"$@"' + setopt NO_GLOB_SUBST +else + case `(set -o) 2>/dev/null` in #( + *posix*) : + set -o posix ;; #( + *) : + ;; +esac +fi + + +as_nl=' +' +export as_nl +# Printing a long string crashes Solaris 7 /usr/bin/printf. +as_echo='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\' +as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo +as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo$as_echo +# Prefer a ksh shell builtin over an external printf program on Solaris, +# but without wasting forks for bash or zsh. +if test -z "$BASH_VERSION$ZSH_VERSION" \ + && (test "X`print -r -- $as_echo`" = "X$as_echo") 2>/dev/null; then + as_echo='print -r --' + as_echo_n='print -rn --' +elif (test "X`printf %s $as_echo`" = "X$as_echo") 2>/dev/null; then + as_echo='printf %s\n' + as_echo_n='printf %s' +else + if test "X`(/usr/ucb/echo -n -n $as_echo) 2>/dev/null`" = "X-n $as_echo"; then + as_echo_body='eval /usr/ucb/echo -n "$1$as_nl"' + as_echo_n='/usr/ucb/echo -n' + else + as_echo_body='eval expr "X$1" : "X\\(.*\\)"' + as_echo_n_body='eval + arg=$1; + case $arg in #( + *"$as_nl"*) + expr "X$arg" : "X\\(.*\\)$as_nl"; + arg=`expr "X$arg" : ".*$as_nl\\(.*\\)"`;; + esac; + expr "X$arg" : "X\\(.*\\)" | tr -d "$as_nl" + ' + export as_echo_n_body + as_echo_n='sh -c $as_echo_n_body as_echo' + fi + export as_echo_body + as_echo='sh -c $as_echo_body as_echo' +fi + +# The user is always right. +if test "${PATH_SEPARATOR+set}" != set; then + PATH_SEPARATOR=: + (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && { + (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 || + PATH_SEPARATOR=';' + } +fi + + +# IFS +# We need space, tab and new line, in precisely that order. Quoting is +# there to prevent editors from complaining about space-tab. +# (If _AS_PATH_WALK were called with IFS unset, it would disable word +# splitting by setting IFS to empty value.) +IFS=" "" $as_nl" + +# Find who we are. Look in the path if we contain no directory separator. +as_myself= +case $0 in #(( + *[\\/]* ) as_myself=$0 ;; + *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break + done +IFS=$as_save_IFS + + ;; +esac +# We did not find ourselves, most probably we were run as `sh COMMAND' +# in which case we are not to be found in the path. +if test "x$as_myself" = x; then + as_myself=$0 +fi +if test ! -f "$as_myself"; then + $as_echo "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2 + exit 1 +fi + +# Unset variables that we do not need and which cause bugs (e.g. in +# pre-3.0 UWIN ksh). But do not cause bugs in bash 2.01; the "|| exit 1" +# suppresses any "Segmentation fault" message there. '((' could +# trigger a bug in pdksh 5.2.14. +for as_var in BASH_ENV ENV MAIL MAILPATH +do eval test x\${$as_var+set} = xset \ + && ( (unset $as_var) || exit 1) >/dev/null 2>&1 && unset $as_var || : +done +PS1='$ ' +PS2='> ' +PS4='+ ' + +# NLS nuisances. +LC_ALL=C +export LC_ALL +LANGUAGE=C +export LANGUAGE + +# CDPATH. +(unset CDPATH) >/dev/null 2>&1 && unset CDPATH + +# Use a proper internal environment variable to ensure we don't fall + # into an infinite loop, continuously re-executing ourselves. + if test x"${_as_can_reexec}" != xno && test "x$CONFIG_SHELL" != x; then + _as_can_reexec=no; export _as_can_reexec; + # We cannot yet assume a decent shell, so we have to provide a +# neutralization value for shells without unset; and this also +# works around shells that cannot unset nonexistent variables. +# Preserve -v and -x to the replacement shell. +BASH_ENV=/dev/null +ENV=/dev/null +(unset BASH_ENV) >/dev/null 2>&1 && unset BASH_ENV ENV +case $- in # (((( + *v*x* | *x*v* ) as_opts=-vx ;; + *v* ) as_opts=-v ;; + *x* ) as_opts=-x ;; + * ) as_opts= ;; +esac +exec $CONFIG_SHELL $as_opts "$as_myself" ${1+"$@"} +# Admittedly, this is quite paranoid, since all the known shells bail +# out after a failed `exec'. +$as_echo "$0: could not re-execute with $CONFIG_SHELL" >&2 +as_fn_exit 255 + fi + # We don't want this to propagate to other subprocesses. + { _as_can_reexec=; unset _as_can_reexec;} +if test "x$CONFIG_SHELL" = x; then + as_bourne_compatible="if test -n \"\${ZSH_VERSION+set}\" && (emulate sh) >/dev/null 2>&1; then : + emulate sh + NULLCMD=: + # Pre-4.2 versions of Zsh do word splitting on \${1+\"\$@\"}, which + # is contrary to our usage. Disable this feature. + alias -g '\${1+\"\$@\"}'='\"\$@\"' + setopt NO_GLOB_SUBST +else + case \`(set -o) 2>/dev/null\` in #( + *posix*) : + set -o posix ;; #( + *) : + ;; +esac +fi +" + as_required="as_fn_return () { (exit \$1); } +as_fn_success () { as_fn_return 0; } +as_fn_failure () { as_fn_return 1; } +as_fn_ret_success () { return 0; } +as_fn_ret_failure () { return 1; } + +exitcode=0 +as_fn_success || { exitcode=1; echo as_fn_success failed.; } +as_fn_failure && { exitcode=1; echo as_fn_failure succeeded.; } +as_fn_ret_success || { exitcode=1; echo as_fn_ret_success failed.; } +as_fn_ret_failure && { exitcode=1; echo as_fn_ret_failure succeeded.; } +if ( set x; as_fn_ret_success y && test x = \"\$1\" ); then : + +else + exitcode=1; echo positional parameters were not saved. +fi +test x\$exitcode = x0 || exit 1 +test -x / || exit 1" + as_suggested=" as_lineno_1=";as_suggested=$as_suggested$LINENO;as_suggested=$as_suggested" as_lineno_1a=\$LINENO + as_lineno_2=";as_suggested=$as_suggested$LINENO;as_suggested=$as_suggested" as_lineno_2a=\$LINENO + eval 'test \"x\$as_lineno_1'\$as_run'\" != \"x\$as_lineno_2'\$as_run'\" && + test \"x\`expr \$as_lineno_1'\$as_run' + 1\`\" = \"x\$as_lineno_2'\$as_run'\"' || exit 1 +test \$(( 1 + 1 )) = 2 || exit 1 + + test -n \"\${ZSH_VERSION+set}\${BASH_VERSION+set}\" || ( + ECHO='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\' + ECHO=\$ECHO\$ECHO\$ECHO\$ECHO\$ECHO + ECHO=\$ECHO\$ECHO\$ECHO\$ECHO\$ECHO\$ECHO + PATH=/empty FPATH=/empty; export PATH FPATH + test \"X\`printf %s \$ECHO\`\" = \"X\$ECHO\" \\ + || test \"X\`print -r -- \$ECHO\`\" = \"X\$ECHO\" ) || exit 1" + if (eval "$as_required") 2>/dev/null; then : + as_have_required=yes +else + as_have_required=no +fi + if test x$as_have_required = xyes && (eval "$as_suggested") 2>/dev/null; then : + +else + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +as_found=false +for as_dir in /bin$PATH_SEPARATOR/usr/bin$PATH_SEPARATOR$PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + as_found=: + case $as_dir in #( + /*) + for as_base in sh bash ksh sh5; do + # Try only shells that exist, to save several forks. + as_shell=$as_dir/$as_base + if { test -f "$as_shell" || test -f "$as_shell.exe"; } && + { $as_echo "$as_bourne_compatible""$as_required" | as_run=a "$as_shell"; } 2>/dev/null; then : + CONFIG_SHELL=$as_shell as_have_required=yes + if { $as_echo "$as_bourne_compatible""$as_suggested" | as_run=a "$as_shell"; } 2>/dev/null; then : + break 2 +fi +fi + done;; + esac + as_found=false +done +$as_found || { if { test -f "$SHELL" || test -f "$SHELL.exe"; } && + { $as_echo "$as_bourne_compatible""$as_required" | as_run=a "$SHELL"; } 2>/dev/null; then : + CONFIG_SHELL=$SHELL as_have_required=yes +fi; } +IFS=$as_save_IFS + + + if test "x$CONFIG_SHELL" != x; then : + export CONFIG_SHELL + # We cannot yet assume a decent shell, so we have to provide a +# neutralization value for shells without unset; and this also +# works around shells that cannot unset nonexistent variables. +# Preserve -v and -x to the replacement shell. +BASH_ENV=/dev/null +ENV=/dev/null +(unset BASH_ENV) >/dev/null 2>&1 && unset BASH_ENV ENV +case $- in # (((( + *v*x* | *x*v* ) as_opts=-vx ;; + *v* ) as_opts=-v ;; + *x* ) as_opts=-x ;; + * ) as_opts= ;; +esac +exec $CONFIG_SHELL $as_opts "$as_myself" ${1+"$@"} +# Admittedly, this is quite paranoid, since all the known shells bail +# out after a failed `exec'. +$as_echo "$0: could not re-execute with $CONFIG_SHELL" >&2 +exit 255 +fi + + if test x$as_have_required = xno; then : + $as_echo "$0: This script requires a shell more modern than all" + $as_echo "$0: the shells that I found on your system." + if test x${ZSH_VERSION+set} = xset ; then + $as_echo "$0: In particular, zsh $ZSH_VERSION has bugs and should" + $as_echo "$0: be upgraded to zsh 4.3.4 or later." + else + $as_echo "$0: Please tell bug-autoconf@gnu.org and bugs@gnutls.org +$0: about your system, including any error possibly output +$0: before this message. Then install a modern shell, or +$0: manually run the script under such a shell if you do +$0: have one." + fi + exit 1 +fi +fi +fi +SHELL=${CONFIG_SHELL-/bin/sh} +export SHELL +# Unset more variables known to interfere with behavior of common tools. +CLICOLOR_FORCE= GREP_OPTIONS= +unset CLICOLOR_FORCE GREP_OPTIONS + +## --------------------- ## +## M4sh Shell Functions. ## +## --------------------- ## +# as_fn_unset VAR +# --------------- +# Portably unset VAR. +as_fn_unset () +{ + { eval $1=; unset $1;} +} +as_unset=as_fn_unset + +# as_fn_set_status STATUS +# ----------------------- +# Set $? to STATUS, without forking. +as_fn_set_status () +{ + return $1 +} # as_fn_set_status + +# as_fn_exit STATUS +# ----------------- +# Exit the shell with STATUS, even in a "trap 0" or "set -e" context. +as_fn_exit () +{ + set +e + as_fn_set_status $1 + exit $1 +} # as_fn_exit + +# as_fn_mkdir_p +# ------------- +# Create "$as_dir" as a directory, including parents if necessary. +as_fn_mkdir_p () +{ + + case $as_dir in #( + -*) as_dir=./$as_dir;; + esac + test -d "$as_dir" || eval $as_mkdir_p || { + as_dirs= + while :; do + case $as_dir in #( + *\'*) as_qdir=`$as_echo "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'( + *) as_qdir=$as_dir;; + esac + as_dirs="'$as_qdir' $as_dirs" + as_dir=`$as_dirname -- "$as_dir" || +$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$as_dir" : 'X\(//\)[^/]' \| \ + X"$as_dir" : 'X\(//\)$' \| \ + X"$as_dir" : 'X\(/\)' \| . 2>/dev/null || +$as_echo X"$as_dir" | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ + s//\1/ + q + } + /^X\(\/\/\)[^/].*/{ + s//\1/ + q + } + /^X\(\/\/\)$/{ + s//\1/ + q + } + /^X\(\/\).*/{ + s//\1/ + q + } + s/.*/./; q'` + test -d "$as_dir" && break + done + test -z "$as_dirs" || eval "mkdir $as_dirs" + } || test -d "$as_dir" || as_fn_error $? "cannot create directory $as_dir" + + +} # as_fn_mkdir_p + +# as_fn_executable_p FILE +# ----------------------- +# Test if FILE is an executable regular file. +as_fn_executable_p () +{ + test -f "$1" && test -x "$1" +} # as_fn_executable_p +# as_fn_append VAR VALUE +# ---------------------- +# Append the text in VALUE to the end of the definition contained in VAR. Take +# advantage of any shell optimizations that allow amortized linear growth over +# repeated appends, instead of the typical quadratic growth present in naive +# implementations. +if (eval "as_var=1; as_var+=2; test x\$as_var = x12") 2>/dev/null; then : + eval 'as_fn_append () + { + eval $1+=\$2 + }' +else + as_fn_append () + { + eval $1=\$$1\$2 + } +fi # as_fn_append + +# as_fn_arith ARG... +# ------------------ +# Perform arithmetic evaluation on the ARGs, and store the result in the +# global $as_val. Take advantage of shells that can avoid forks. The arguments +# must be portable across $(()) and expr. +if (eval "test \$(( 1 + 1 )) = 2") 2>/dev/null; then : + eval 'as_fn_arith () + { + as_val=$(( $* )) + }' +else + as_fn_arith () + { + as_val=`expr "$@" || test $? -eq 1` + } +fi # as_fn_arith + + +# as_fn_error STATUS ERROR [LINENO LOG_FD] +# ---------------------------------------- +# Output "`basename $0`: error: ERROR" to stderr. If LINENO and LOG_FD are +# provided, also output the error to LOG_FD, referencing LINENO. Then exit the +# script with STATUS, using 1 if that was 0. +as_fn_error () +{ + as_status=$1; test $as_status -eq 0 && as_status=1 + if test "$4"; then + as_lineno=${as_lineno-"$3"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + $as_echo "$as_me:${as_lineno-$LINENO}: error: $2" >&$4 + fi + $as_echo "$as_me: error: $2" >&2 + as_fn_exit $as_status +} # as_fn_error + +if expr a : '\(a\)' >/dev/null 2>&1 && + test "X`expr 00001 : '.*\(...\)'`" = X001; then + as_expr=expr +else + as_expr=false +fi + +if (basename -- /) >/dev/null 2>&1 && test "X`basename -- / 2>&1`" = "X/"; then + as_basename=basename +else + as_basename=false +fi + +if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then + as_dirname=dirname +else + as_dirname=false +fi + +as_me=`$as_basename -- "$0" || +$as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \ + X"$0" : 'X\(//\)$' \| \ + X"$0" : 'X\(/\)' \| . 2>/dev/null || +$as_echo X/"$0" | + sed '/^.*\/\([^/][^/]*\)\/*$/{ + s//\1/ + q + } + /^X\/\(\/\/\)$/{ + s//\1/ + q + } + /^X\/\(\/\).*/{ + s//\1/ + q + } + s/.*/./; q'` + +# Avoid depending upon Character Ranges. +as_cr_letters='abcdefghijklmnopqrstuvwxyz' +as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ' +as_cr_Letters=$as_cr_letters$as_cr_LETTERS +as_cr_digits='0123456789' +as_cr_alnum=$as_cr_Letters$as_cr_digits + + + as_lineno_1=$LINENO as_lineno_1a=$LINENO + as_lineno_2=$LINENO as_lineno_2a=$LINENO + eval 'test "x$as_lineno_1'$as_run'" != "x$as_lineno_2'$as_run'" && + test "x`expr $as_lineno_1'$as_run' + 1`" = "x$as_lineno_2'$as_run'"' || { + # Blame Lee E. McMahon (1931-1989) for sed's syntax. :-) + sed -n ' + p + /[$]LINENO/= + ' <$as_myself | + sed ' + s/[$]LINENO.*/&-/ + t lineno + b + :lineno + N + :loop + s/[$]LINENO\([^'$as_cr_alnum'_].*\n\)\(.*\)/\2\1\2/ + t loop + s/-\n.*// + ' >$as_me.lineno && + chmod +x "$as_me.lineno" || + { $as_echo "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2; as_fn_exit 1; } + + # If we had to re-execute with $CONFIG_SHELL, we're ensured to have + # already done that, so ensure we don't try to do so again and fall + # in an infinite loop. This has already happened in practice. + _as_can_reexec=no; export _as_can_reexec + # Don't try to exec as it changes $[0], causing all sort of problems + # (the dirname of $[0] is not the place where we might find the + # original and so on. Autoconf is especially sensitive to this). + . "./$as_me.lineno" + # Exit status is that of the last command. + exit +} + +ECHO_C= ECHO_N= ECHO_T= +case `echo -n x` in #((((( +-n*) + case `echo 'xy\c'` in + *c*) ECHO_T=' ';; # ECHO_T is single tab character. + xy) ECHO_C='\c';; + *) echo `echo ksh88 bug on AIX 6.1` > /dev/null + ECHO_T=' ';; + esac;; +*) + ECHO_N='-n';; +esac + +rm -f conf$$ conf$$.exe conf$$.file +if test -d conf$$.dir; then + rm -f conf$$.dir/conf$$.file +else + rm -f conf$$.dir + mkdir conf$$.dir 2>/dev/null +fi +if (echo >conf$$.file) 2>/dev/null; then + if ln -s conf$$.file conf$$ 2>/dev/null; then + as_ln_s='ln -s' + # ... but there are two gotchas: + # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail. + # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable. + # In both cases, we have to default to `cp -pR'. + ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe || + as_ln_s='cp -pR' + elif ln conf$$.file conf$$ 2>/dev/null; then + as_ln_s=ln + else + as_ln_s='cp -pR' + fi +else + as_ln_s='cp -pR' +fi +rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file +rmdir conf$$.dir 2>/dev/null + +if mkdir -p . 2>/dev/null; then + as_mkdir_p='mkdir -p "$as_dir"' +else + test -d ./-p && rmdir ./-p + as_mkdir_p=false +fi + +as_test_x='test -x' +as_executable_p=as_fn_executable_p + +# Sed expression to map a string onto a valid CPP name. +as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'" + +# Sed expression to map a string onto a valid variable name. +as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'" + +SHELL=${CONFIG_SHELL-/bin/sh} + + +test -n "$DJDIR" || exec 7<&0 &1 + +# Name of the host. +# hostname on some systems (SVR3.2, old GNU/Linux) returns a bogus exit status, +# so uname gets run too. +ac_hostname=`(hostname || uname -n) 2>/dev/null | sed 1q` + +# +# Initializations. +# +ac_default_prefix=/usr/local +ac_clean_files= +ac_config_libobj_dir=. +LIBOBJS= +cross_compiling=no +subdirs= +MFLAGS= +MAKEFLAGS= + +# Identity of this package. +PACKAGE_NAME='GnuTLS' +PACKAGE_TARNAME='gnutls' +PACKAGE_VERSION='3.6.8' +PACKAGE_STRING='GnuTLS 3.6.8' +PACKAGE_BUGREPORT='bugs@gnutls.org' +PACKAGE_URL='' + +# Factoring default headers for most tests. +ac_includes_default="\ +#include +#ifdef HAVE_SYS_TYPES_H +# include +#endif +#ifdef HAVE_SYS_STAT_H +# include +#endif +#ifdef STDC_HEADERS +# include +# include +#else +# ifdef HAVE_STDLIB_H +# include +# endif +#endif +#ifdef HAVE_STRING_H +# if !defined STDC_HEADERS && defined HAVE_MEMORY_H +# include +# endif +# include +#endif +#ifdef HAVE_STRINGS_H +# include +#endif +#ifdef HAVE_INTTYPES_H +# include +#endif +#ifdef HAVE_STDINT_H +# include +#endif +#ifdef HAVE_UNISTD_H +# include +#endif" + +gl_use_threads_default= +ac_header_list= +gt_needs= +ac_func_list= +ac_subst_vars='unistringtests_LTLIBOBJS +unistringtests_LIBOBJS +unistring_LTLIBOBJS +unistring_LIBOBJS +ggltests_LTLIBOBJS +ggltests_LIBOBJS +ggl_LTLIBOBJS +ggl_LIBOBJS +gltests_LTLIBOBJS +gltests_LIBOBJS +gl_LTLIBOBJS +gl_LIBOBJS +CONFIG_INCLUDE +am__EXEEXT_FALSE +am__EXEEXT_TRUE +LTLIBOBJS +LIBOBJS +YEAR +NEEDS_LIBRT_FALSE +NEEDS_LIBRT_TRUE +LIBGNUTLS_CFLAGS +LIBGNUTLS_LIBS +HAVE_GUILD_FALSE +HAVE_GUILD_TRUE +HAVE_GUILE_FALSE +HAVE_GUILE_TRUE +GUILE_LDFLAGS +GUILE_LTLIBS +GUILE_LIBS +GUILE_CFLAGS +GUILE_EXTENSION +GUILE_SITE_CCACHE +GUILE_SITE +GUILE_TOOLS +GUILE_CONFIG +GUILE +GUILE_EFFECTIVE_VERSION +GUILD +guile_snarf +guileextensiondir +guilesiteccachedir +guilesitedir +HAVE_PKCS11_TRUST_STORE_FALSE +HAVE_PKCS11_TRUST_STORE_TRUE +GNUTLS_REQUIRES_PRIVATE +ac_cv_sizeof_time_t +LIBOPTS_DIR +LIBOPTS_CFLAGS +LIBOPTS_LDADD +NEED_LIBOPTS_FALSE +NEED_LIBOPTS_TRUE +INSTALL_LIBOPTS_FALSE +INSTALL_LIBOPTS_TRUE +POSIX_SHELL +GL_GENERATE_STDNORETURN_H_FALSE +GL_GENERATE_STDNORETURN_H_TRUE +STDNORETURN_H +autogen +AUTOGEN +TROUSERS_LIB +ENABLE_TROUSERS_FALSE +ENABLE_TROUSERS_TRUE +TSS_CFLAGS +TSS_LIBS +ENABLE_PKCS11_FALSE +ENABLE_PKCS11_TRUE +P11KIT_0_23_11_API_FALSE +P11KIT_0_23_11_API_TRUE +P11_KIT_LIBS +P11_KIT_CFLAGS +ENABLE_DANE_FALSE +ENABLE_DANE_TRUE +UNBOUND_CFLAGS +UNBOUND_LIBS +ENABLE_NON_SUITEB_CURVES_FALSE +ENABLE_NON_SUITEB_CURVES_TRUE +HAVE_LIBIDN2_FALSE +HAVE_LIBIDN2_TRUE +LIBIDN2_LIBS +LIBIDN2_CFLAGS +HAVE_CMOCKA_FALSE +HAVE_CMOCKA_TRUE +CMOCKA_LIBS +CMOCKA_CFLAGS +FIPS140_LIBS +ENABLE_FIPS140_FALSE +ENABLE_FIPS140_TRUE +LIBDL_PREFIX +LTLIBDL +LIBDL +HAVE_LIBDL +CXXCPP +LT_SYS_LIBRARY_PATH +OTOOL64 +OTOOL +LIPO +NMEDIT +DSYMUTIL +MANIFEST_TOOL +DLLTOOL +OBJDUMP +NM +ac_ct_DUMPBIN +DUMPBIN +LD +FGREP +LIBTOOL +LN_S +WERROR_CFLAGS +WARN_CFLAGS +WSTACK_CFLAGS +WANT_TEST_SUITE_FALSE +WANT_TEST_SUITE_TRUE +unistringtests_WITNESS +LIBUNISTRING_UNITYPES_H +LIBUNISTRING_COMPILE_UNISTR_U8_UCTOMB_FALSE +LIBUNISTRING_COMPILE_UNISTR_U8_UCTOMB_TRUE +LIBUNISTRING_COMPILE_UNISTR_U8_TO_U32_FALSE +LIBUNISTRING_COMPILE_UNISTR_U8_TO_U32_TRUE +LIBUNISTRING_COMPILE_UNISTR_U8_TO_U16_FALSE +LIBUNISTRING_COMPILE_UNISTR_U8_TO_U16_TRUE +LIBUNISTRING_COMPILE_UNISTR_U8_MBTOUCR_FALSE +LIBUNISTRING_COMPILE_UNISTR_U8_MBTOUCR_TRUE +LIBUNISTRING_COMPILE_UNISTR_U8_MBTOUC_UNSAFE_FALSE +LIBUNISTRING_COMPILE_UNISTR_U8_MBTOUC_UNSAFE_TRUE +LIBUNISTRING_COMPILE_UNISTR_U8_CPY_FALSE +LIBUNISTRING_COMPILE_UNISTR_U8_CPY_TRUE +LIBUNISTRING_COMPILE_UNISTR_U8_CHECK_FALSE +LIBUNISTRING_COMPILE_UNISTR_U8_CHECK_TRUE +LIBUNISTRING_COMPILE_UNISTR_U32_UCTOMB_FALSE +LIBUNISTRING_COMPILE_UNISTR_U32_UCTOMB_TRUE +LIBUNISTRING_COMPILE_UNISTR_U32_TO_U8_FALSE +LIBUNISTRING_COMPILE_UNISTR_U32_TO_U8_TRUE +LIBUNISTRING_COMPILE_UNISTR_U32_MBTOUC_UNSAFE_FALSE +LIBUNISTRING_COMPILE_UNISTR_U32_MBTOUC_UNSAFE_TRUE +LIBUNISTRING_COMPILE_UNISTR_U32_CPY_FALSE +LIBUNISTRING_COMPILE_UNISTR_U32_CPY_TRUE +LIBUNISTRING_COMPILE_UNISTR_U16_UCTOMB_FALSE +LIBUNISTRING_COMPILE_UNISTR_U16_UCTOMB_TRUE +LIBUNISTRING_COMPILE_UNISTR_U16_TO_U8_FALSE +LIBUNISTRING_COMPILE_UNISTR_U16_TO_U8_TRUE +LIBUNISTRING_COMPILE_UNISTR_U16_MBTOUCR_FALSE +LIBUNISTRING_COMPILE_UNISTR_U16_MBTOUCR_TRUE +LIBUNISTRING_COMPILE_UNISTR_U16_MBTOUC_UNSAFE_FALSE +LIBUNISTRING_COMPILE_UNISTR_U16_MBTOUC_UNSAFE_TRUE +LIBUNISTRING_COMPILE_UNISTR_U16_CPY_FALSE +LIBUNISTRING_COMPILE_UNISTR_U16_CPY_TRUE +LIBUNISTRING_UNISTR_H +LIBUNISTRING_COMPILE_UNINORM_U8_NORMALIZE_FALSE +LIBUNISTRING_COMPILE_UNINORM_U8_NORMALIZE_TRUE +LIBUNISTRING_COMPILE_UNINORM_U32_NORMALIZE_FALSE +LIBUNISTRING_COMPILE_UNINORM_U32_NORMALIZE_TRUE +LIBUNISTRING_COMPILE_UNINORM_U16_NORMALIZE_FALSE +LIBUNISTRING_COMPILE_UNINORM_U16_NORMALIZE_TRUE +LIBUNISTRING_COMPILE_UNINORM_NFKD_FALSE +LIBUNISTRING_COMPILE_UNINORM_NFKD_TRUE +LIBUNISTRING_COMPILE_UNINORM_NFKC_FALSE +LIBUNISTRING_COMPILE_UNINORM_NFKC_TRUE +LIBUNISTRING_COMPILE_UNINORM_NFD_FALSE +LIBUNISTRING_COMPILE_UNINORM_NFD_TRUE +LIBUNISTRING_COMPILE_UNINORM_NFC_FALSE +LIBUNISTRING_COMPILE_UNINORM_NFC_TRUE +LIBUNISTRING_COMPILE_UNINORM_DECOMPOSITION_FALSE +LIBUNISTRING_COMPILE_UNINORM_DECOMPOSITION_TRUE +LIBUNISTRING_COMPILE_UNINORM_COMPOSITION_FALSE +LIBUNISTRING_COMPILE_UNINORM_COMPOSITION_TRUE +LIBUNISTRING_COMPILE_UNINORM_CANONICAL_DECOMPOSITION_FALSE +LIBUNISTRING_COMPILE_UNINORM_CANONICAL_DECOMPOSITION_TRUE +LIBUNISTRING_UNINORM_H +LIBUNISTRING_COMPILE_UNICTYPE_PROPERTY_NOT_A_CHARACTER_FALSE +LIBUNISTRING_COMPILE_UNICTYPE_PROPERTY_NOT_A_CHARACTER_TRUE +LIBUNISTRING_COMPILE_UNICTYPE_PROPERTY_JOIN_CONTROL_FALSE +LIBUNISTRING_COMPILE_UNICTYPE_PROPERTY_JOIN_CONTROL_TRUE +LIBUNISTRING_COMPILE_UNICTYPE_PROPERTY_DEFAULT_IGNORABLE_CODE_POINT_FALSE +LIBUNISTRING_COMPILE_UNICTYPE_PROPERTY_DEFAULT_IGNORABLE_CODE_POINT_TRUE +LIBUNISTRING_COMPILE_UNICTYPE_COMBINING_CLASS_FALSE +LIBUNISTRING_COMPILE_UNICTYPE_COMBINING_CLASS_TRUE +LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_TEST_FALSE +LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_TEST_TRUE +LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_OR_FALSE +LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_OR_TRUE +LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_OF_FALSE +LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_OF_TRUE +LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_NONE_FALSE +LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_NONE_TRUE +LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_NAME_FALSE +LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_NAME_TRUE +LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_LONGNAME_FALSE +LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_LONGNAME_TRUE +LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_BYNAME_FALSE +LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_BYNAME_TRUE +LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_AND_NOT_FALSE +LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_AND_NOT_TRUE +LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_AND_FALSE +LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_AND_TRUE +LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_ZS_FALSE +LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_ZS_TRUE +LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_ZP_FALSE +LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_ZP_TRUE +LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_ZL_FALSE +LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_ZL_TRUE +LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_Z_FALSE +LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_Z_TRUE +LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_SO_FALSE +LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_SO_TRUE +LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_SM_FALSE +LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_SM_TRUE +LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_SK_FALSE +LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_SK_TRUE +LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_SC_FALSE +LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_SC_TRUE +LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_S_FALSE +LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_S_TRUE +LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_PS_FALSE +LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_PS_TRUE +LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_PO_FALSE +LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_PO_TRUE +LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_PI_FALSE +LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_PI_TRUE +LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_PF_FALSE +LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_PF_TRUE +LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_PE_FALSE +LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_PE_TRUE +LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_PD_FALSE +LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_PD_TRUE +LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_PC_FALSE +LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_PC_TRUE +LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_P_FALSE +LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_P_TRUE +LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_NO_FALSE +LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_NO_TRUE +LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_NL_FALSE +LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_NL_TRUE +LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_ND_FALSE +LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_ND_TRUE +LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_N_FALSE +LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_N_TRUE +LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_MN_FALSE +LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_MN_TRUE +LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_ME_FALSE +LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_ME_TRUE +LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_MC_FALSE +LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_MC_TRUE +LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_M_FALSE +LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_M_TRUE +LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_LU_FALSE +LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_LU_TRUE +LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_LT_FALSE +LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_LT_TRUE +LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_LO_FALSE +LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_LO_TRUE +LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_LM_FALSE +LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_LM_TRUE +LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_LL_FALSE +LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_LL_TRUE +LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_LC_FALSE +LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_LC_TRUE +LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_L_FALSE +LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_L_TRUE +LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_CS_FALSE +LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_CS_TRUE +LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_CO_FALSE +LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_CO_TRUE +LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_CN_FALSE +LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_CN_TRUE +LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_CF_FALSE +LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_CF_TRUE +LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_CC_FALSE +LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_CC_TRUE +LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_C_FALSE +LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_C_TRUE +LIBUNISTRING_UNICTYPE_H +ggltests_WITNESS +GETADDRINFO_LIB +SERVENT_LIB +HOSTENT_LIB +LIB_CLOCK_GETTIME +LIBTESTS_LIBDEPS +abs_aux_dir +NEXT_AS_FIRST_DIRECTIVE_SYS_IOCTL_H +NEXT_SYS_IOCTL_H +HAVE_SYS_IOCTL_H +NEXT_AS_FIRST_DIRECTIVE_SIGNAL_H +NEXT_SIGNAL_H +LOCALE_ZH_CN +LOCALE_JA +LOCALE_FR_UTF8 +REPLACE_RAISE +REPLACE_PTHREAD_SIGMASK +HAVE_SIGHANDLER_T +HAVE_TYPE_VOLATILE_SIG_ATOMIC_T +HAVE_STRUCT_SIGACTION_SA_SIGACTION +HAVE_SIGACTION +HAVE_SIGINFO_T +HAVE_SIGSET_T +HAVE_RAISE +HAVE_PTHREAD_SIGMASK +HAVE_POSIX_SIGNALBLOCKING +GNULIB_SIGACTION +GNULIB_SIGPROCMASK +GNULIB_SIGNAL_H_SIGPIPE +GNULIB_RAISE +GNULIB_PTHREAD_SIGMASK +LIB_NANOSLEEP +LIB_SELECT +HAVE_SYS_SELECT_H +NEXT_AS_FIRST_DIRECTIVE_SYS_SELECT_H +NEXT_SYS_SELECT_H +REPLACE_SELECT +REPLACE_PSELECT +HAVE_PSELECT +GNULIB_SELECT +GNULIB_PSELECT +LTLIBMULTITHREAD +LIBMULTITHREAD +LTLIBTHREAD +LIBTHREAD +LIBPTH_PREFIX +LTLIBPTH +LIBPTH +NEXT_AS_FIRST_DIRECTIVE_LOCALE_H +NEXT_LOCALE_H +HAVE_XLOCALE_H +REPLACE_STRUCT_LCONV +REPLACE_FREELOCALE +REPLACE_DUPLOCALE +REPLACE_NEWLOCALE +REPLACE_SETLOCALE +REPLACE_LOCALECONV +HAVE_FREELOCALE +HAVE_DUPLOCALE +HAVE_NEWLOCALE +GNULIB_LOCALENAME +GNULIB_DUPLOCALE +GNULIB_SETLOCALE +GNULIB_LOCALECONV +HAVE_LANGINFO_YESEXPR +HAVE_LANGINFO_ERA +HAVE_LANGINFO_ALTMON +HAVE_LANGINFO_T_FMT_AMPM +HAVE_LANGINFO_CODESET +HAVE_LANGINFO_H +NEXT_AS_FIRST_DIRECTIVE_LANGINFO_H +NEXT_LANGINFO_H +REPLACE_NL_LANGINFO +HAVE_NL_LANGINFO +GNULIB_NL_LANGINFO +NEXT_AS_FIRST_DIRECTIVE_INTTYPES_H +NEXT_INTTYPES_H +UINT64_MAX_EQ_ULONG_MAX +UINT32_MAX_LT_UINTMAX_MAX +PRIPTR_PREFIX +PRI_MACROS_BROKEN +INT64_MAX_EQ_LONG_MAX +INT32_MAX_LT_INTMAX_MAX +REPLACE_STRTOUMAX +REPLACE_STRTOIMAX +HAVE_IMAXDIV_T +HAVE_DECL_STRTOUMAX +HAVE_DECL_STRTOIMAX +HAVE_DECL_IMAXDIV +HAVE_DECL_IMAXABS +GNULIB_STRTOUMAX +GNULIB_STRTOIMAX +GNULIB_IMAXDIV +GNULIB_IMAXABS +NEXT_AS_FIRST_DIRECTIVE_FCNTL_H +NEXT_FCNTL_H +REPLACE_OPENAT +REPLACE_OPEN +REPLACE_FCNTL +HAVE_OPENAT +HAVE_FCNTL +GNULIB_OPENAT +GNULIB_OPEN +GNULIB_NONBLOCKING +GNULIB_FCNTL +NEXT_AS_FIRST_DIRECTIVE_CTYPE_H +NEXT_CTYPE_H +HAVE_ISBLANK +GNULIB_ISBLANK +LOCALE_TR_UTF8 +LOCALE_FR +gltests_WITNESS +HAVE_CRTDEFS_H +HAVE_WINT_T +NEXT_AS_FIRST_DIRECTIVE_WCHAR_H +NEXT_WCHAR_H +REPLACE_WCSFTIME +REPLACE_WCSWIDTH +REPLACE_WCWIDTH +REPLACE_WCSNRTOMBS +REPLACE_WCSRTOMBS +REPLACE_WCRTOMB +REPLACE_MBSNRTOWCS +REPLACE_MBSRTOWCS +REPLACE_MBRLEN +REPLACE_MBRTOWC +REPLACE_MBSINIT +REPLACE_WCTOB +REPLACE_BTOWC +REPLACE_MBSTATE_T +HAVE_DECL_WCWIDTH +HAVE_DECL_WCTOB +HAVE_WCSFTIME +HAVE_WCSWIDTH +HAVE_WCSTOK +HAVE_WCSSTR +HAVE_WCSPBRK +HAVE_WCSSPN +HAVE_WCSCSPN +HAVE_WCSRCHR +HAVE_WCSCHR +HAVE_WCSDUP +HAVE_WCSXFRM +HAVE_WCSCOLL +HAVE_WCSNCASECMP +HAVE_WCSCASECMP +HAVE_WCSNCMP +HAVE_WCSCMP +HAVE_WCSNCAT +HAVE_WCSCAT +HAVE_WCPNCPY +HAVE_WCSNCPY +HAVE_WCPCPY +HAVE_WCSCPY +HAVE_WCSNLEN +HAVE_WCSLEN +HAVE_WMEMSET +HAVE_WMEMMOVE +HAVE_WMEMCPY +HAVE_WMEMCMP +HAVE_WMEMCHR +HAVE_WCSNRTOMBS +HAVE_WCSRTOMBS +HAVE_WCRTOMB +HAVE_MBSNRTOWCS +HAVE_MBSRTOWCS +HAVE_MBRLEN +HAVE_MBRTOWC +HAVE_MBSINIT +HAVE_BTOWC +GNULIB_WCSFTIME +GNULIB_WCSWIDTH +GNULIB_WCSTOK +GNULIB_WCSSTR +GNULIB_WCSPBRK +GNULIB_WCSSPN +GNULIB_WCSCSPN +GNULIB_WCSRCHR +GNULIB_WCSCHR +GNULIB_WCSDUP +GNULIB_WCSXFRM +GNULIB_WCSCOLL +GNULIB_WCSNCASECMP +GNULIB_WCSCASECMP +GNULIB_WCSNCMP +GNULIB_WCSCMP +GNULIB_WCSNCAT +GNULIB_WCSCAT +GNULIB_WCPNCPY +GNULIB_WCSNCPY +GNULIB_WCPCPY +GNULIB_WCSCPY +GNULIB_WCSNLEN +GNULIB_WCSLEN +GNULIB_WMEMSET +GNULIB_WMEMMOVE +GNULIB_WMEMCPY +GNULIB_WMEMCMP +GNULIB_WMEMCHR +GNULIB_WCWIDTH +GNULIB_WCSNRTOMBS +GNULIB_WCSRTOMBS +GNULIB_WCRTOMB +GNULIB_MBSNRTOWCS +GNULIB_MBSRTOWCS +GNULIB_MBRLEN +GNULIB_MBRTOWC +GNULIB_MBSINIT +GNULIB_WCTOB +GNULIB_BTOWC +VALGRIND +HAVE_UNISTD_H +NEXT_AS_FIRST_DIRECTIVE_UNISTD_H +NEXT_UNISTD_H +UNISTD_H_DEFINES_STRUCT_TIMESPEC +PTHREAD_H_DEFINES_STRUCT_TIMESPEC +SYS_TIME_H_DEFINES_STRUCT_TIMESPEC +TIME_H_DEFINES_STRUCT_TIMESPEC +NEXT_AS_FIRST_DIRECTIVE_TIME_H +NEXT_TIME_H +HAVE_SYS_UIO_H +NEXT_AS_FIRST_DIRECTIVE_SYS_UIO_H +NEXT_SYS_UIO_H +HAVE_STRINGS_H +NEXT_AS_FIRST_DIRECTIVE_STRINGS_H +NEXT_STRINGS_H +NEXT_AS_FIRST_DIRECTIVE_STRING_H +NEXT_STRING_H +HAVE_DECL_STRNCASECMP +HAVE_STRCASECMP +HAVE_FFS +GNULIB_FFS +NEXT_AS_FIRST_DIRECTIVE_STDLIB_H +NEXT_STDLIB_H +NEXT_AS_FIRST_DIRECTIVE_STDIO_H +NEXT_STDIO_H +GL_GENERATE_STDINT_H_FALSE +GL_GENERATE_STDINT_H_TRUE +STDINT_H +HAVE_SYS_INTTYPES_H +HAVE_SYS_BITYPES_H +HAVE_C99_STDINT_H +WINT_T_SUFFIX +WCHAR_T_SUFFIX +SIG_ATOMIC_T_SUFFIX +SIZE_T_SUFFIX +PTRDIFF_T_SUFFIX +HAVE_SIGNED_WINT_T +HAVE_SIGNED_WCHAR_T +HAVE_SIGNED_SIG_ATOMIC_T +BITSIZEOF_WINT_T +BITSIZEOF_WCHAR_T +BITSIZEOF_SIG_ATOMIC_T +BITSIZEOF_SIZE_T +BITSIZEOF_PTRDIFF_T +HAVE_STDINT_H +NEXT_AS_FIRST_DIRECTIVE_STDINT_H +NEXT_STDINT_H +HAVE_SYS_TYPES_H +HAVE_INTTYPES_H +HAVE_WCHAR_H +HAVE_UNSIGNED_LONG_LONG_INT +HAVE_LONG_LONG_INT +GNULIB_OVERRIDES_WINT_T +NEXT_AS_FIRST_DIRECTIVE_STDDEF_H +NEXT_STDDEF_H +GL_GENERATE_STDDEF_H_FALSE +GL_GENERATE_STDDEF_H_TRUE +STDDEF_H +HAVE_WCHAR_T +HAVE_MAX_ALIGN_T +REPLACE_NULL +HAVE__BOOL +GL_GENERATE_STDBOOL_H_FALSE +GL_GENERATE_STDBOOL_H_TRUE +STDBOOL_H +GL_GENERATE_STDALIGN_H_FALSE +GL_GENERATE_STDALIGN_H_TRUE +STDALIGN_H +PMCCABE +GL_GENERATE_NETINET_IN_H_FALSE +GL_GENERATE_NETINET_IN_H_TRUE +NETINET_IN_H +HAVE_NETINET_IN_H +NEXT_AS_FIRST_DIRECTIVE_NETINET_IN_H +NEXT_NETINET_IN_H +HAVE_NETDB_H +NEXT_AS_FIRST_DIRECTIVE_NETDB_H +NEXT_NETDB_H +REPLACE_GAI_STRERROR +HAVE_DECL_GETNAMEINFO +HAVE_DECL_GETADDRINFO +HAVE_DECL_GAI_STRERROR +HAVE_DECL_FREEADDRINFO +HAVE_STRUCT_ADDRINFO +GNULIB_GETADDRINFO +APPLE_UNIVERSAL_BUILD +HAVE_MSVC_INVALID_PARAMETER_HANDLER +UNDEFINE_STRTOK_R +REPLACE_STRSIGNAL +REPLACE_STRERROR_R +REPLACE_STRERROR +REPLACE_STRTOK_R +REPLACE_STRCASESTR +REPLACE_STRSTR +REPLACE_STRNLEN +REPLACE_STRNDUP +REPLACE_STRNCAT +REPLACE_STRDUP +REPLACE_STRCHRNUL +REPLACE_STPNCPY +REPLACE_MEMMEM +REPLACE_MEMCHR +HAVE_STRVERSCMP +HAVE_DECL_STRSIGNAL +HAVE_DECL_STRERROR_R +HAVE_DECL_STRTOK_R +HAVE_STRCASESTR +HAVE_STRSEP +HAVE_STRPBRK +HAVE_DECL_STRNLEN +HAVE_DECL_STRNDUP +HAVE_DECL_STRDUP +HAVE_STRCHRNUL +HAVE_STPNCPY +HAVE_STPCPY +HAVE_RAWMEMCHR +HAVE_DECL_MEMRCHR +HAVE_MEMPCPY +HAVE_DECL_MEMMEM +HAVE_MEMCHR +HAVE_FFSLL +HAVE_FFSL +HAVE_EXPLICIT_BZERO +HAVE_MBSLEN +GNULIB_STRVERSCMP +GNULIB_STRSIGNAL +GNULIB_STRERROR_R +GNULIB_STRERROR +GNULIB_MBSTOK_R +GNULIB_MBSSEP +GNULIB_MBSSPN +GNULIB_MBSPBRK +GNULIB_MBSCSPN +GNULIB_MBSCASESTR +GNULIB_MBSPCASECMP +GNULIB_MBSNCASECMP +GNULIB_MBSCASECMP +GNULIB_MBSSTR +GNULIB_MBSRCHR +GNULIB_MBSCHR +GNULIB_MBSNLEN +GNULIB_MBSLEN +GNULIB_STRTOK_R +GNULIB_STRCASESTR +GNULIB_STRSTR +GNULIB_STRSEP +GNULIB_STRPBRK +GNULIB_STRNLEN +GNULIB_STRNDUP +GNULIB_STRNCAT +GNULIB_STRDUP +GNULIB_STRCHRNUL +GNULIB_STPNCPY +GNULIB_STPCPY +GNULIB_RAWMEMCHR +GNULIB_MEMRCHR +GNULIB_MEMPCPY +GNULIB_MEMMEM +GNULIB_MEMCHR +GNULIB_FFSLL +GNULIB_FFSL +GNULIB_EXPLICIT_BZERO +REPLACE_WCTOMB +REPLACE_UNSETENV +REPLACE_STRTOLD +REPLACE_STRTOD +REPLACE_SETSTATE +REPLACE_SETENV +REPLACE_REALPATH +REPLACE_REALLOC +REPLACE_RANDOM_R +REPLACE_RANDOM +REPLACE_QSORT_R +REPLACE_PUTENV +REPLACE_PTSNAME_R +REPLACE_PTSNAME +REPLACE_MKSTEMP +REPLACE_MBTOWC +REPLACE_MALLOC +REPLACE_INITSTATE +REPLACE_CANONICALIZE_FILE_NAME +REPLACE_CALLOC +HAVE_DECL_UNSETENV +HAVE_UNLOCKPT +HAVE_SYS_LOADAVG_H +HAVE_STRUCT_RANDOM_DATA +HAVE_STRTOULL +HAVE_STRTOLL +HAVE_STRTOLD +HAVE_STRTOD +HAVE_DECL_SETSTATE +HAVE_SETSTATE +HAVE_DECL_SETENV +HAVE_SETENV +HAVE_SECURE_GETENV +HAVE_RPMATCH +HAVE_REALPATH +HAVE_REALLOCARRAY +HAVE_RANDOM_R +HAVE_RANDOM_H +HAVE_RANDOM +HAVE_QSORT_R +HAVE_PTSNAME_R +HAVE_PTSNAME +HAVE_POSIX_OPENPT +HAVE_MKSTEMPS +HAVE_MKSTEMP +HAVE_MKOSTEMPS +HAVE_MKOSTEMP +HAVE_MKDTEMP +HAVE_MBTOWC +HAVE_DECL_INITSTATE +HAVE_INITSTATE +HAVE_GRANTPT +HAVE_GETSUBOPT +HAVE_DECL_GETLOADAVG +HAVE_CANONICALIZE_FILE_NAME +HAVE_ATOLL +HAVE__EXIT +GNULIB_WCTOMB +GNULIB_UNSETENV +GNULIB_UNLOCKPT +GNULIB_SYSTEM_POSIX +GNULIB_STRTOULL +GNULIB_STRTOLL +GNULIB_STRTOLD +GNULIB_STRTOD +GNULIB_SETENV +GNULIB_SECURE_GETENV +GNULIB_RPMATCH +GNULIB_REALPATH +GNULIB_REALLOC_POSIX +GNULIB_REALLOCARRAY +GNULIB_RANDOM_R +GNULIB_RANDOM +GNULIB_QSORT_R +GNULIB_PUTENV +GNULIB_PTSNAME_R +GNULIB_PTSNAME +GNULIB_POSIX_OPENPT +GNULIB_MKSTEMPS +GNULIB_MKSTEMP +GNULIB_MKOSTEMPS +GNULIB_MKOSTEMP +GNULIB_MKDTEMP +GNULIB_MBTOWC +GNULIB_MALLOC_POSIX +GNULIB_GRANTPT +GNULIB_GETSUBOPT +GNULIB_GETLOADAVG +GNULIB_CANONICALIZE_FILE_NAME +GNULIB_CALLOC_POSIX +GNULIB_ATOLL +GNULIB__EXIT +GL_GENERATE_LIMITS_H_FALSE +GL_GENERATE_LIMITS_H_TRUE +LIMITS_H +NEXT_AS_FIRST_DIRECTIVE_LIMITS_H +NEXT_LIMITS_H +HAVE_LD_VERSION_SCRIPT_FALSE +HAVE_LD_VERSION_SCRIPT_TRUE +HAVE_LD_OUTPUT_DEF_FALSE +HAVE_LD_OUTPUT_DEF_TRUE +INET_PTON_LIB +HAVE_WS2TCPIP_H +HAVE_SYS_SOCKET_H +NEXT_AS_FIRST_DIRECTIVE_SYS_SOCKET_H +NEXT_SYS_SOCKET_H +HAVE_ACCEPT4 +HAVE_SA_FAMILY_T +HAVE_STRUCT_SOCKADDR_STORAGE_SS_FAMILY +HAVE_STRUCT_SOCKADDR_STORAGE +GNULIB_ACCEPT4 +GNULIB_SHUTDOWN +GNULIB_SETSOCKOPT +GNULIB_SENDTO +GNULIB_RECVFROM +GNULIB_SEND +GNULIB_RECV +GNULIB_LISTEN +GNULIB_GETSOCKOPT +GNULIB_GETSOCKNAME +GNULIB_GETPEERNAME +GNULIB_BIND +GNULIB_ACCEPT +GNULIB_CONNECT +GNULIB_SOCKET +INET_NTOP_LIB +REPLACE_LOCALTIME +REPLACE_GMTIME +REPLACE_TZSET +REPLACE_TIMEGM +REPLACE_STRFTIME +REPLACE_NANOSLEEP +REPLACE_MKTIME +REPLACE_LOCALTIME_R +REPLACE_CTIME +HAVE_TIMEZONE_T +HAVE_TZSET +HAVE_TIMEGM +HAVE_STRPTIME +HAVE_NANOSLEEP +HAVE_DECL_LOCALTIME_R +GNULIB_TZSET +GNULIB_TIME_RZ +GNULIB_TIME_R +GNULIB_TIMEGM +GNULIB_STRPTIME +GNULIB_STRFTIME +GNULIB_NANOSLEEP +GNULIB_LOCALTIME +GNULIB_MKTIME +GNULIB_CTIME +NEXT_AS_FIRST_DIRECTIVE_SYS_TIME_H +NEXT_SYS_TIME_H +REPLACE_STRUCT_TIMEVAL +REPLACE_GETTIMEOFDAY +HAVE_SYS_TIME_H +HAVE_STRUCT_TIMEVAL +HAVE_GETTIMEOFDAY +GNULIB_GETTIMEOFDAY +WINDOWS_STAT_INODES +WINDOWS_64_BIT_OFF_T +NEXT_AS_FIRST_DIRECTIVE_SYS_TYPES_H +NEXT_SYS_TYPES_H +REPLACE_VSPRINTF +REPLACE_VSNPRINTF +REPLACE_VPRINTF +REPLACE_VFPRINTF +REPLACE_VDPRINTF +REPLACE_VASPRINTF +REPLACE_TMPFILE +REPLACE_STDIO_WRITE_FUNCS +REPLACE_STDIO_READ_FUNCS +REPLACE_SPRINTF +REPLACE_SNPRINTF +REPLACE_RENAMEAT +REPLACE_RENAME +REPLACE_REMOVE +REPLACE_PRINTF +REPLACE_POPEN +REPLACE_PERROR +REPLACE_OBSTACK_PRINTF +REPLACE_GETLINE +REPLACE_GETDELIM +REPLACE_FTELLO +REPLACE_FTELL +REPLACE_FSEEKO +REPLACE_FSEEK +REPLACE_FREOPEN +REPLACE_FPURGE +REPLACE_FPRINTF +REPLACE_FOPEN +REPLACE_FFLUSH +REPLACE_FDOPEN +REPLACE_FCLOSE +REPLACE_DPRINTF +HAVE_VDPRINTF +HAVE_VASPRINTF +HAVE_RENAMEAT +HAVE_POPEN +HAVE_PCLOSE +HAVE_FTELLO +HAVE_FSEEKO +HAVE_DPRINTF +HAVE_DECL_VSNPRINTF +HAVE_DECL_SNPRINTF +HAVE_DECL_OBSTACK_PRINTF +HAVE_DECL_GETLINE +HAVE_DECL_GETDELIM +HAVE_DECL_FTELLO +HAVE_DECL_FSEEKO +HAVE_DECL_FPURGE +GNULIB_VSPRINTF_POSIX +GNULIB_VSNPRINTF +GNULIB_VPRINTF_POSIX +GNULIB_VPRINTF +GNULIB_VFPRINTF_POSIX +GNULIB_VFPRINTF +GNULIB_VDPRINTF +GNULIB_VSCANF +GNULIB_VFSCANF +GNULIB_VASPRINTF +GNULIB_TMPFILE +GNULIB_STDIO_H_SIGPIPE +GNULIB_STDIO_H_NONBLOCKING +GNULIB_SPRINTF_POSIX +GNULIB_SNPRINTF +GNULIB_SCANF +GNULIB_RENAMEAT +GNULIB_RENAME +GNULIB_REMOVE +GNULIB_PUTS +GNULIB_PUTCHAR +GNULIB_PUTC +GNULIB_PRINTF_POSIX +GNULIB_PRINTF +GNULIB_POPEN +GNULIB_PERROR +GNULIB_PCLOSE +GNULIB_OBSTACK_PRINTF_POSIX +GNULIB_OBSTACK_PRINTF +GNULIB_GETLINE +GNULIB_GETDELIM +GNULIB_GETCHAR +GNULIB_GETC +GNULIB_FWRITE +GNULIB_FTELLO +GNULIB_FTELL +GNULIB_FSEEKO +GNULIB_FSEEK +GNULIB_FSCANF +GNULIB_FREOPEN +GNULIB_FREAD +GNULIB_FPUTS +GNULIB_FPUTC +GNULIB_FPURGE +GNULIB_FPRINTF_POSIX +GNULIB_FPRINTF +GNULIB_FOPEN +GNULIB_FGETS +GNULIB_FGETC +GNULIB_FFLUSH +GNULIB_FDOPEN +GNULIB_FCLOSE +GNULIB_DPRINTF +WINDOWS_64_BIT_ST_SIZE +WINDOWS_STAT_TIMESPEC +NEXT_AS_FIRST_DIRECTIVE_SYS_STAT_H +NEXT_SYS_STAT_H +REPLACE_UTIMENSAT +REPLACE_STAT +REPLACE_MKNOD +REPLACE_MKFIFO +REPLACE_MKDIR +REPLACE_LSTAT +REPLACE_FUTIMENS +REPLACE_FSTATAT +REPLACE_FSTAT +HAVE_UTIMENSAT +HAVE_MKNODAT +HAVE_MKNOD +HAVE_MKFIFOAT +HAVE_MKFIFO +HAVE_MKDIRAT +HAVE_LSTAT +HAVE_LCHMOD +HAVE_FUTIMENS +HAVE_FSTATAT +HAVE_FCHMODAT +GNULIB_OVERRIDES_STRUCT_STAT +GNULIB_UTIMENSAT +GNULIB_STAT +GNULIB_MKNODAT +GNULIB_MKNOD +GNULIB_MKFIFOAT +GNULIB_MKFIFO +GNULIB_MKDIRAT +GNULIB_LSTAT +GNULIB_LCHMOD +GNULIB_FUTIMENS +GNULIB_FSTATAT +GNULIB_FSTAT +GNULIB_FCHMODAT +REPLACE_ITOLD +GL_GENERATE_FLOAT_H_FALSE +GL_GENERATE_FLOAT_H_TRUE +FLOAT_H +NEXT_AS_FIRST_DIRECTIVE_FLOAT_H +NEXT_FLOAT_H +EOVERFLOW_VALUE +EOVERFLOW_HIDDEN +ENOLINK_VALUE +ENOLINK_HIDDEN +EMULTIHOP_VALUE +EMULTIHOP_HIDDEN +GL_GENERATE_ERRNO_H_FALSE +GL_GENERATE_ERRNO_H_TRUE +ERRNO_H +NEXT_AS_FIRST_DIRECTIVE_ERRNO_H +NEXT_ERRNO_H +GL_GENERATE_BYTESWAP_H_FALSE +GL_GENERATE_BYTESWAP_H_TRUE +BYTESWAP_H +HAVE_FEATURES_H +NEXT_AS_FIRST_DIRECTIVE_ARPA_INET_H +NEXT_ARPA_INET_H +PRAGMA_COLUMNS +PRAGMA_SYSTEM_HEADER +INCLUDE_NEXT_AS_FIRST_DIRECTIVE +INCLUDE_NEXT +HAVE_ARPA_INET_H +REPLACE_INET_PTON +REPLACE_INET_NTOP +HAVE_DECL_INET_PTON +HAVE_DECL_INET_NTOP +GNULIB_INET_PTON +GNULIB_INET_NTOP +HAVE_ALLOCA_H +GL_GENERATE_ALLOCA_H_FALSE +GL_GENERATE_ALLOCA_H_TRUE +ALLOCA_H +ALLOCA +LTALLOCA +GL_COND_LIBTOOL_FALSE +GL_COND_LIBTOOL_TRUE +HAVE_LIBUNISTRING_FALSE +HAVE_LIBUNISTRING_TRUE +LIBUNISTRING +LIBPTHREAD_PREFIX +LTLIBPTHREAD +LIBPTHREAD +HAVE_LIBPTHREAD +LIBRT_PREFIX +LTLIBRT +LIBRT +HAVE_LIBRT +HAVE_LIBCRYPTO_FALSE +HAVE_LIBCRYPTO_TRUE +LIBCRYPTO_PREFIX +LTLIBCRYPTO +LIBCRYPTO +HAVE_LIBCRYPTO +LIBSECCOMP_PREFIX +LTLIBSECCOMP +LIBSECCOMP +HAVE_LIBSECCOMP +HAVE_SECCOMP_TESTS_FALSE +HAVE_SECCOMP_TESTS_TRUE +HAVE_FORK_FALSE +HAVE_FORK_TRUE +POSUB +LTLIBINTL +LIBINTL +INTLLIBS +LTLIBICONV +LIBICONV +INTL_MACOSX_LIBS +XGETTEXT_EXTRA_OPTIONS +MSGMERGE +XGETTEXT_015 +XGETTEXT +GMSGFMT_015 +MSGFMT_015 +GMSGFMT +MSGFMT +GETTEXT_MACRO_VERSION +USE_NLS +GTK_DOC_USE_REBASE_FALSE +GTK_DOC_USE_REBASE_TRUE +GTK_DOC_USE_LIBTOOL_FALSE +GTK_DOC_USE_LIBTOOL_TRUE +GTK_DOC_BUILD_PDF_FALSE +GTK_DOC_BUILD_PDF_TRUE +GTK_DOC_BUILD_HTML_FALSE +GTK_DOC_BUILD_HTML_TRUE +ENABLE_GTK_DOC_FALSE +ENABLE_GTK_DOC_TRUE +HAVE_GTK_DOC_FALSE +HAVE_GTK_DOC_TRUE +GTKDOC_DEPS_LIBS +GTKDOC_DEPS_CFLAGS +HTML_DIR +GTKDOC_MKPDF +GTKDOC_REBASE +GTKDOC_CHECK_PATH +GTKDOC_CHECK +ENABLE_TESTS_FALSE +ENABLE_TESTS_TRUE +LIBSOCKET +HAVE_WINSOCK2_H +REPLACE_IOCTL +SYS_IOCTL_H_HAVE_WINSOCK2_H_AND_USE_SOCKETS +SYS_IOCTL_H_HAVE_WINSOCK2_H +GNULIB_IOCTL +UNISTD_H_HAVE_WINSOCK2_H_AND_USE_SOCKETS +UNISTD_H_HAVE_WINSOCK2_H +REPLACE_WRITE +REPLACE_USLEEP +REPLACE_UNLINKAT +REPLACE_UNLINK +REPLACE_TTYNAME_R +REPLACE_TRUNCATE +REPLACE_SYMLINKAT +REPLACE_SYMLINK +REPLACE_SLEEP +REPLACE_RMDIR +REPLACE_READLINKAT +REPLACE_READLINK +REPLACE_READ +REPLACE_PWRITE +REPLACE_PREAD +REPLACE_LSEEK +REPLACE_LINKAT +REPLACE_LINK +REPLACE_LCHOWN +REPLACE_ISATTY +REPLACE_GETPASS +REPLACE_GETPAGESIZE +REPLACE_GETGROUPS +REPLACE_GETLOGIN_R +REPLACE_GETDTABLESIZE +REPLACE_GETDOMAINNAME +REPLACE_GETCWD +REPLACE_FTRUNCATE +REPLACE_FCHOWNAT +REPLACE_FACCESSAT +REPLACE_DUP2 +REPLACE_DUP +REPLACE_CLOSE +REPLACE_CHOWN +HAVE_SYS_PARAM_H +HAVE_OS_H +HAVE_DECL_TTYNAME_R +HAVE_DECL_TRUNCATE +HAVE_DECL_SETHOSTNAME +HAVE_DECL_GETUSERSHELL +HAVE_DECL_GETPAGESIZE +HAVE_DECL_GETLOGIN_R +HAVE_DECL_GETLOGIN +HAVE_DECL_GETDOMAINNAME +HAVE_DECL_FDATASYNC +HAVE_DECL_FCHDIR +HAVE_DECL_ENVIRON +HAVE_USLEEP +HAVE_UNLINKAT +HAVE_SYMLINKAT +HAVE_SYMLINK +HAVE_SLEEP +HAVE_SETHOSTNAME +HAVE_READLINKAT +HAVE_READLINK +HAVE_PWRITE +HAVE_PREAD +HAVE_PIPE2 +HAVE_PIPE +HAVE_LINKAT +HAVE_LINK +HAVE_LCHOWN +HAVE_GROUP_MEMBER +HAVE_GETPASS +HAVE_GETPAGESIZE +HAVE_GETLOGIN +HAVE_GETHOSTNAME +HAVE_GETGROUPS +HAVE_GETDTABLESIZE +HAVE_FTRUNCATE +HAVE_FSYNC +HAVE_FDATASYNC +HAVE_FCHOWNAT +HAVE_FCHDIR +HAVE_FACCESSAT +HAVE_EUIDACCESS +HAVE_DUP3 +HAVE_DUP2 +HAVE_CHOWN +GNULIB_WRITE +GNULIB_USLEEP +GNULIB_UNLINKAT +GNULIB_UNLINK +GNULIB_UNISTD_H_SIGPIPE +GNULIB_UNISTD_H_NONBLOCKING +GNULIB_TTYNAME_R +GNULIB_TRUNCATE +GNULIB_SYMLINKAT +GNULIB_SYMLINK +GNULIB_SLEEP +GNULIB_SETHOSTNAME +GNULIB_RMDIR +GNULIB_READLINKAT +GNULIB_READLINK +GNULIB_READ +GNULIB_PWRITE +GNULIB_PREAD +GNULIB_PIPE2 +GNULIB_PIPE +GNULIB_LSEEK +GNULIB_LINKAT +GNULIB_LINK +GNULIB_LCHOWN +GNULIB_ISATTY +GNULIB_GROUP_MEMBER +GNULIB_GETUSERSHELL +GNULIB_GETPASS +GNULIB_GETPAGESIZE +GNULIB_GETLOGIN_R +GNULIB_GETLOGIN +GNULIB_GETHOSTNAME +GNULIB_GETGROUPS +GNULIB_GETDTABLESIZE +GNULIB_GETDOMAINNAME +GNULIB_GETCWD +GNULIB_FTRUNCATE +GNULIB_FSYNC +GNULIB_FDATASYNC +GNULIB_FCHOWNAT +GNULIB_FCHDIR +GNULIB_FACCESSAT +GNULIB_EUIDACCESS +GNULIB_ENVIRON +GNULIB_DUP3 +GNULIB_DUP2 +GNULIB_DUP +GNULIB_CLOSE +GNULIB_CHOWN +GNULIB_CHDIR +ENABLE_OPENSSL_FALSE +ENABLE_OPENSSL_TRUE +ENABLE_OCSP_FALSE +ENABLE_OCSP_TRUE +ENABLE_GOST_FALSE +ENABLE_GOST_TRUE +ENABLE_ECDHE_FALSE +ENABLE_ECDHE_TRUE +ENABLE_DHE_FALSE +ENABLE_DHE_TRUE +ENABLE_ANON_FALSE +ENABLE_ANON_TRUE +ENABLE_PSK_FALSE +ENABLE_PSK_TRUE +ENABLE_SRP_FALSE +ENABLE_SRP_TRUE +ENABLE_HEARTBEAT_FALSE +ENABLE_HEARTBEAT_TRUE +ENABLE_ALPN_FALSE +ENABLE_ALPN_TRUE +ENABLE_DTLS_SRTP_FALSE +ENABLE_DTLS_SRTP_TRUE +ENABLE_SSL2_FALSE +ENABLE_SSL2_TRUE +ENABLE_SSL3_FALSE +ENABLE_SSL3_TRUE +ALLOW_SHA1_FALSE +ALLOW_SHA1_TRUE +ENABLE_MINITASN1_FALSE +ENABLE_MINITASN1_TRUE +LIBTASN1_LIBS +LIBTASN1_CFLAGS +GMP_LIBS +GMP_CFLAGS +ENABLE_NETTLE_FALSE +ENABLE_NETTLE_TRUE +HOGWEED_LIBS +HOGWEED_CFLAGS +NETTLE_LIBS +NETTLE_CFLAGS +DLL_SSL_VERSION +DLL_VERSION +CRYWRAP_PATCHLEVEL +CXX_LT_AGE +CXX_LT_REVISION +CXX_LT_CURRENT +LT_XSSL_AGE +LT_XSSL_REVISION +LT_XSSL_CURRENT +LT_DANE_AGE +LT_DANE_REVISION +LT_DANE_CURRENT +LT_SSL_AGE +LT_SSL_REVISION +LT_SSL_CURRENT +LT_AGE +LT_REVISION +LT_CURRENT +HAVE_GETENTROPY_FALSE +HAVE_GETENTROPY_TRUE +HAVE_GCC_FALSE +HAVE_GCC_TRUE +HAVE_GCC_GNU89_INLINE_OPTION_FALSE +HAVE_GCC_GNU89_INLINE_OPTION_TRUE +ASM_X86_FALSE +ASM_X86_TRUE +ASM_X86_32_FALSE +ASM_X86_32_TRUE +ASM_X86_64_FALSE +ASM_X86_64_TRUE +ASM_AARCH64_FALSE +ASM_AARCH64_TRUE +ENABLE_PADLOCK_FALSE +ENABLE_PADLOCK_TRUE +ENABLE_PADLOCK +LIBATOMIC_LIBS +DEFINE_IOVEC_T +ENABLE_TLS13_INTEROP_FALSE +ENABLE_TLS13_INTEROP_TRUE +ELF_FALSE +ELF_TRUE +MACOSX_FALSE +MACOSX_TRUE +WINDOWS_FALSE +WINDOWS_TRUE +ANDROID_FALSE +ANDROID_TRUE +ENABLE_CXX_FALSE +ENABLE_CXX_TRUE +NUMBER_VERSION +PATCH_VERSION +MINOR_VERSION +MAJOR_VERSION +ENABLE_TOOLS_FALSE +ENABLE_TOOLS_TRUE +ENABLE_MANPAGES_FALSE +ENABLE_MANPAGES_TRUE +ENABLE_DOC_FALSE +ENABLE_DOC_TRUE +DISABLE_BASH_TESTS_FALSE +DISABLE_BASH_TESTS_TRUE +MAINT +MAINTAINER_MODE_FALSE +MAINTAINER_MODE_TRUE +CODE_COVERAGE_LIBS +CODE_COVERAGE_CXXFLAGS +CODE_COVERAGE_CFLAGS +CODE_COVERAGE_CPPFLAGS +GENHTML +LCOV +GCOV +ifnGNUmake +ifGNUmake +CODE_COVERAGE_ENABLED +CODE_COVERAGE_ENABLED_FALSE +CODE_COVERAGE_ENABLED_TRUE +SED +YFLAGS +YACC +am__fastdepCXX_FALSE +am__fastdepCXX_TRUE +CXXDEPMODE +ac_ct_CXX +CXXFLAGS +CXX +am__fastdepCCAS_FALSE +am__fastdepCCAS_TRUE +CCASDEPMODE +CCASFLAGS +CCAS +RANLIB +ARFLAGS +ac_ct_AR +AR +EGREP +GREP +CPP +am__fastdepCC_FALSE +am__fastdepCC_TRUE +CCDEPMODE +am__nodep +AMDEPBACKSLASH +AMDEP_FALSE +AMDEP_TRUE +am__include +DEPDIR +OBJEXT +EXEEXT +ac_ct_CC +CPPFLAGS +LDFLAGS +CFLAGS +CC +PKG_CONFIG_LIBDIR +PKG_CONFIG_PATH +PKG_CONFIG +AM_BACKSLASH +AM_DEFAULT_VERBOSITY +AM_DEFAULT_V +AM_V +am__untar +am__tar +AMTAR +am__leading_dot +SET_MAKE +AWK +mkdir_p +MKDIR_P +INSTALL_STRIP_PROGRAM +STRIP +install_sh +MAKEINFO +AUTOHEADER +AUTOMAKE +AUTOCONF +ACLOCAL +VERSION +PACKAGE +CYGPATH_W +am__isrc +INSTALL_DATA +INSTALL_SCRIPT +INSTALL_PROGRAM +host_os +host_vendor +host_cpu +host +build_os +build_vendor +build_cpu +build +target_alias +host_alias +build_alias +LIBS +ECHO_T +ECHO_N +ECHO_C +DEFS +mandir +localedir +libdir +psdir +pdfdir +dvidir +htmldir +infodir +docdir +oldincludedir +includedir +runstatedir +localstatedir +sharedstatedir +sysconfdir +datadir +datarootdir +libexecdir +sbindir +bindir +program_transform_name +prefix +exec_prefix +PACKAGE_URL +PACKAGE_BUGREPORT +PACKAGE_STRING +PACKAGE_VERSION +PACKAGE_TARNAME +PACKAGE_NAME +PATH_SEPARATOR +SHELL +am__quote' +ac_subst_files='' +ac_user_opts=' +enable_option_checking +enable_silent_rules +enable_dependency_tracking +enable_largefile +enable_threads +with_gcov +enable_code_coverage +enable_maintainer_mode +enable_bash_tests +enable_doc +enable_manpages +enable_tools +enable_cxx +enable_hardware_acceleration +enable_tls13_interop +enable_padlock +with_nettle_mini +with_included_libtasn1 +enable_sha1_support +enable_ssl3_support +enable_ssl2_support +enable_dtls_srtp_support +enable_alpn_support +enable_heartbeat_support +enable_srp_authentication +enable_psk_authentication +enable_anon_authentication +enable_dhe +enable_ecdhe +enable_gost +enable_cryptodev +enable_ocsp +enable_openssl_compatibility +enable_tests +enable_fuzzer_target +with_html_dir +enable_gtk_doc +enable_gtk_doc_html +enable_gtk_doc_pdf +enable_nls +with_gnu_ld +enable_rpath +with_libiconv_prefix +with_libintl_prefix +enable_seccomp_tests +with_libseccomp_prefix +with_libcrypto_prefix +with_librt_prefix +with_libpthread_prefix +with_included_unistring +enable_ld_version_script +enable_valgrind_tests +with_libpth_prefix +enable_full_test_suite +enable_gcc_warnings +enable_static +enable_shared +with_pic +enable_fast_install +with_aix_soname +with_sysroot +enable_libtool_lock +with_libdl_prefix +enable_fips140_mode +with_fips140_key +with_idn +enable_non_suiteb_curves +enable_libdane +with_unbound_root_key_file +with_system_priority_file +with_default_priority_string +with_p11_kit +with_tpm +with_trousers_lib +enable_local_libopts +enable_libopts_install +with_autoopts_config +with_regex_header +with_libregex +with_libregex_cflags +with_libregex_libs +enable_optional_args +with_default_trust_store_pkcs11 +with_default_trust_store_dir +with_default_trust_store_file +with_default_crl_file +with_default_blacklist_file +enable_guile +with_guile_site_dir +with_guile_site_ccache_dir +with_guile_extension_dir +' + ac_precious_vars='build_alias +host_alias +target_alias +PKG_CONFIG +PKG_CONFIG_PATH +PKG_CONFIG_LIBDIR +CC +CFLAGS +LDFLAGS +LIBS +CPPFLAGS +CPP +CCAS +CCASFLAGS +CXX +CXXFLAGS +CCC +YACC +YFLAGS +NETTLE_CFLAGS +NETTLE_LIBS +HOGWEED_CFLAGS +HOGWEED_LIBS +GMP_CFLAGS +GMP_LIBS +LIBTASN1_CFLAGS +LIBTASN1_LIBS +GTKDOC_DEPS_CFLAGS +GTKDOC_DEPS_LIBS +LT_SYS_LIBRARY_PATH +CXXCPP +CMOCKA_CFLAGS +CMOCKA_LIBS +P11_KIT_CFLAGS +P11_KIT_LIBS +GUILE_CFLAGS +GUILE_LIBS' + + +# Initialize some variables set by options. +ac_init_help= +ac_init_version=false +ac_unrecognized_opts= +ac_unrecognized_sep= +# The variables have the same names as the options, with +# dashes changed to underlines. +cache_file=/dev/null +exec_prefix=NONE +no_create= +no_recursion= +prefix=NONE +program_prefix=NONE +program_suffix=NONE +program_transform_name=s,x,x, +silent= +site= +srcdir= +verbose= +x_includes=NONE +x_libraries=NONE + +# Installation directory options. +# These are left unexpanded so users can "make install exec_prefix=/foo" +# and all the variables that are supposed to be based on exec_prefix +# by default will actually change. +# Use braces instead of parens because sh, perl, etc. also accept them. +# (The list follows the same order as the GNU Coding Standards.) +bindir='${exec_prefix}/bin' +sbindir='${exec_prefix}/sbin' +libexecdir='${exec_prefix}/libexec' +datarootdir='${prefix}/share' +datadir='${datarootdir}' +sysconfdir='${prefix}/etc' +sharedstatedir='${prefix}/com' +localstatedir='${prefix}/var' +runstatedir='${localstatedir}/run' +includedir='${prefix}/include' +oldincludedir='/usr/include' +docdir='${datarootdir}/doc/${PACKAGE_TARNAME}' +infodir='${datarootdir}/info' +htmldir='${docdir}' +dvidir='${docdir}' +pdfdir='${docdir}' +psdir='${docdir}' +libdir='${exec_prefix}/lib' +localedir='${datarootdir}/locale' +mandir='${datarootdir}/man' + +ac_prev= +ac_dashdash= +for ac_option +do + # If the previous option needs an argument, assign it. + if test -n "$ac_prev"; then + eval $ac_prev=\$ac_option + ac_prev= + continue + fi + + case $ac_option in + *=?*) ac_optarg=`expr "X$ac_option" : '[^=]*=\(.*\)'` ;; + *=) ac_optarg= ;; + *) ac_optarg=yes ;; + esac + + # Accept the important Cygnus configure options, so we can diagnose typos. + + case $ac_dashdash$ac_option in + --) + ac_dashdash=yes ;; + + -bindir | --bindir | --bindi | --bind | --bin | --bi) + ac_prev=bindir ;; + -bindir=* | --bindir=* | --bindi=* | --bind=* | --bin=* | --bi=*) + bindir=$ac_optarg ;; + + -build | --build | --buil | --bui | --bu) + ac_prev=build_alias ;; + -build=* | --build=* | --buil=* | --bui=* | --bu=*) + build_alias=$ac_optarg ;; + + -cache-file | --cache-file | --cache-fil | --cache-fi \ + | --cache-f | --cache- | --cache | --cach | --cac | --ca | --c) + ac_prev=cache_file ;; + -cache-file=* | --cache-file=* | --cache-fil=* | --cache-fi=* \ + | --cache-f=* | --cache-=* | --cache=* | --cach=* | --cac=* | --ca=* | --c=*) + cache_file=$ac_optarg ;; + + --config-cache | -C) + cache_file=config.cache ;; + + -datadir | --datadir | --datadi | --datad) + ac_prev=datadir ;; + -datadir=* | --datadir=* | --datadi=* | --datad=*) + datadir=$ac_optarg ;; + + -datarootdir | --datarootdir | --datarootdi | --datarootd | --dataroot \ + | --dataroo | --dataro | --datar) + ac_prev=datarootdir ;; + -datarootdir=* | --datarootdir=* | --datarootdi=* | --datarootd=* \ + | --dataroot=* | --dataroo=* | --dataro=* | --datar=*) + datarootdir=$ac_optarg ;; + + -disable-* | --disable-*) + ac_useropt=`expr "x$ac_option" : 'x-*disable-\(.*\)'` + # Reject names that are not valid shell variable names. + expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && + as_fn_error $? "invalid feature name: $ac_useropt" + ac_useropt_orig=$ac_useropt + ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'` + case $ac_user_opts in + *" +"enable_$ac_useropt" +"*) ;; + *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--disable-$ac_useropt_orig" + ac_unrecognized_sep=', ';; + esac + eval enable_$ac_useropt=no ;; + + -docdir | --docdir | --docdi | --doc | --do) + ac_prev=docdir ;; + -docdir=* | --docdir=* | --docdi=* | --doc=* | --do=*) + docdir=$ac_optarg ;; + + -dvidir | --dvidir | --dvidi | --dvid | --dvi | --dv) + ac_prev=dvidir ;; + -dvidir=* | --dvidir=* | --dvidi=* | --dvid=* | --dvi=* | --dv=*) + dvidir=$ac_optarg ;; + + -enable-* | --enable-*) + ac_useropt=`expr "x$ac_option" : 'x-*enable-\([^=]*\)'` + # Reject names that are not valid shell variable names. + expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && + as_fn_error $? "invalid feature name: $ac_useropt" + ac_useropt_orig=$ac_useropt + ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'` + case $ac_user_opts in + *" +"enable_$ac_useropt" +"*) ;; + *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--enable-$ac_useropt_orig" + ac_unrecognized_sep=', ';; + esac + eval enable_$ac_useropt=\$ac_optarg ;; + + -exec-prefix | --exec_prefix | --exec-prefix | --exec-prefi \ + | --exec-pref | --exec-pre | --exec-pr | --exec-p | --exec- \ + | --exec | --exe | --ex) + ac_prev=exec_prefix ;; + -exec-prefix=* | --exec_prefix=* | --exec-prefix=* | --exec-prefi=* \ + | --exec-pref=* | --exec-pre=* | --exec-pr=* | --exec-p=* | --exec-=* \ + | --exec=* | --exe=* | --ex=*) + exec_prefix=$ac_optarg ;; + + -gas | --gas | --ga | --g) + # Obsolete; use --with-gas. + with_gas=yes ;; + + -help | --help | --hel | --he | -h) + ac_init_help=long ;; + -help=r* | --help=r* | --hel=r* | --he=r* | -hr*) + ac_init_help=recursive ;; + -help=s* | --help=s* | --hel=s* | --he=s* | -hs*) + ac_init_help=short ;; + + -host | --host | --hos | --ho) + ac_prev=host_alias ;; + -host=* | --host=* | --hos=* | --ho=*) + host_alias=$ac_optarg ;; + + -htmldir | --htmldir | --htmldi | --htmld | --html | --htm | --ht) + ac_prev=htmldir ;; + -htmldir=* | --htmldir=* | --htmldi=* | --htmld=* | --html=* | --htm=* \ + | --ht=*) + htmldir=$ac_optarg ;; + + -includedir | --includedir | --includedi | --included | --include \ + | --includ | --inclu | --incl | --inc) + ac_prev=includedir ;; + -includedir=* | --includedir=* | --includedi=* | --included=* | --include=* \ + | --includ=* | --inclu=* | --incl=* | --inc=*) + includedir=$ac_optarg ;; + + -infodir | --infodir | --infodi | --infod | --info | --inf) + ac_prev=infodir ;; + -infodir=* | --infodir=* | --infodi=* | --infod=* | --info=* | --inf=*) + infodir=$ac_optarg ;; + + -libdir | --libdir | --libdi | --libd) + ac_prev=libdir ;; + -libdir=* | --libdir=* | --libdi=* | --libd=*) + libdir=$ac_optarg ;; + + -libexecdir | --libexecdir | --libexecdi | --libexecd | --libexec \ + | --libexe | --libex | --libe) + ac_prev=libexecdir ;; + -libexecdir=* | --libexecdir=* | --libexecdi=* | --libexecd=* | --libexec=* \ + | --libexe=* | --libex=* | --libe=*) + libexecdir=$ac_optarg ;; + + -localedir | --localedir | --localedi | --localed | --locale) + ac_prev=localedir ;; + -localedir=* | --localedir=* | --localedi=* | --localed=* | --locale=*) + localedir=$ac_optarg ;; + + -localstatedir | --localstatedir | --localstatedi | --localstated \ + | --localstate | --localstat | --localsta | --localst | --locals) + ac_prev=localstatedir ;; + -localstatedir=* | --localstatedir=* | --localstatedi=* | --localstated=* \ + | --localstate=* | --localstat=* | --localsta=* | --localst=* | --locals=*) + localstatedir=$ac_optarg ;; + + -mandir | --mandir | --mandi | --mand | --man | --ma | --m) + ac_prev=mandir ;; + -mandir=* | --mandir=* | --mandi=* | --mand=* | --man=* | --ma=* | --m=*) + mandir=$ac_optarg ;; + + -nfp | --nfp | --nf) + # Obsolete; use --without-fp. + with_fp=no ;; + + -no-create | --no-create | --no-creat | --no-crea | --no-cre \ + | --no-cr | --no-c | -n) + no_create=yes ;; + + -no-recursion | --no-recursion | --no-recursio | --no-recursi \ + | --no-recurs | --no-recur | --no-recu | --no-rec | --no-re | --no-r) + no_recursion=yes ;; + + -oldincludedir | --oldincludedir | --oldincludedi | --oldincluded \ + | --oldinclude | --oldinclud | --oldinclu | --oldincl | --oldinc \ + | --oldin | --oldi | --old | --ol | --o) + ac_prev=oldincludedir ;; + -oldincludedir=* | --oldincludedir=* | --oldincludedi=* | --oldincluded=* \ + | --oldinclude=* | --oldinclud=* | --oldinclu=* | --oldincl=* | --oldinc=* \ + | --oldin=* | --oldi=* | --old=* | --ol=* | --o=*) + oldincludedir=$ac_optarg ;; + + -prefix | --prefix | --prefi | --pref | --pre | --pr | --p) + ac_prev=prefix ;; + -prefix=* | --prefix=* | --prefi=* | --pref=* | --pre=* | --pr=* | --p=*) + prefix=$ac_optarg ;; + + -program-prefix | --program-prefix | --program-prefi | --program-pref \ + | --program-pre | --program-pr | --program-p) + ac_prev=program_prefix ;; + -program-prefix=* | --program-prefix=* | --program-prefi=* \ + | --program-pref=* | --program-pre=* | --program-pr=* | --program-p=*) + program_prefix=$ac_optarg ;; + + -program-suffix | --program-suffix | --program-suffi | --program-suff \ + | --program-suf | --program-su | --program-s) + ac_prev=program_suffix ;; + -program-suffix=* | --program-suffix=* | --program-suffi=* \ + | --program-suff=* | --program-suf=* | --program-su=* | --program-s=*) + program_suffix=$ac_optarg ;; + + -program-transform-name | --program-transform-name \ + | --program-transform-nam | --program-transform-na \ + | --program-transform-n | --program-transform- \ + | --program-transform | --program-transfor \ + | --program-transfo | --program-transf \ + | --program-trans | --program-tran \ + | --progr-tra | --program-tr | --program-t) + ac_prev=program_transform_name ;; + -program-transform-name=* | --program-transform-name=* \ + | --program-transform-nam=* | --program-transform-na=* \ + | --program-transform-n=* | --program-transform-=* \ + | --program-transform=* | --program-transfor=* \ + | --program-transfo=* | --program-transf=* \ + | --program-trans=* | --program-tran=* \ + | --progr-tra=* | --program-tr=* | --program-t=*) + program_transform_name=$ac_optarg ;; + + -pdfdir | --pdfdir | --pdfdi | --pdfd | --pdf | --pd) + ac_prev=pdfdir ;; + -pdfdir=* | --pdfdir=* | --pdfdi=* | --pdfd=* | --pdf=* | --pd=*) + pdfdir=$ac_optarg ;; + + -psdir | --psdir | --psdi | --psd | --ps) + ac_prev=psdir ;; + -psdir=* | --psdir=* | --psdi=* | --psd=* | --ps=*) + psdir=$ac_optarg ;; + + -q | -quiet | --quiet | --quie | --qui | --qu | --q \ + | -silent | --silent | --silen | --sile | --sil) + silent=yes ;; + + -runstatedir | --runstatedir | --runstatedi | --runstated \ + | --runstate | --runstat | --runsta | --runst | --runs \ + | --run | --ru | --r) + ac_prev=runstatedir ;; + -runstatedir=* | --runstatedir=* | --runstatedi=* | --runstated=* \ + | --runstate=* | --runstat=* | --runsta=* | --runst=* | --runs=* \ + | --run=* | --ru=* | --r=*) + runstatedir=$ac_optarg ;; + + -sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb) + ac_prev=sbindir ;; + -sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \ + | --sbi=* | --sb=*) + sbindir=$ac_optarg ;; + + -sharedstatedir | --sharedstatedir | --sharedstatedi \ + | --sharedstated | --sharedstate | --sharedstat | --sharedsta \ + | --sharedst | --shareds | --shared | --share | --shar \ + | --sha | --sh) + ac_prev=sharedstatedir ;; + -sharedstatedir=* | --sharedstatedir=* | --sharedstatedi=* \ + | --sharedstated=* | --sharedstate=* | --sharedstat=* | --sharedsta=* \ + | --sharedst=* | --shareds=* | --shared=* | --share=* | --shar=* \ + | --sha=* | --sh=*) + sharedstatedir=$ac_optarg ;; + + -site | --site | --sit) + ac_prev=site ;; + -site=* | --site=* | --sit=*) + site=$ac_optarg ;; + + -srcdir | --srcdir | --srcdi | --srcd | --src | --sr) + ac_prev=srcdir ;; + -srcdir=* | --srcdir=* | --srcdi=* | --srcd=* | --src=* | --sr=*) + srcdir=$ac_optarg ;; + + -sysconfdir | --sysconfdir | --sysconfdi | --sysconfd | --sysconf \ + | --syscon | --sysco | --sysc | --sys | --sy) + ac_prev=sysconfdir ;; + -sysconfdir=* | --sysconfdir=* | --sysconfdi=* | --sysconfd=* | --sysconf=* \ + | --syscon=* | --sysco=* | --sysc=* | --sys=* | --sy=*) + sysconfdir=$ac_optarg ;; + + -target | --target | --targe | --targ | --tar | --ta | --t) + ac_prev=target_alias ;; + -target=* | --target=* | --targe=* | --targ=* | --tar=* | --ta=* | --t=*) + target_alias=$ac_optarg ;; + + -v | -verbose | --verbose | --verbos | --verbo | --verb) + verbose=yes ;; + + -version | --version | --versio | --versi | --vers | -V) + ac_init_version=: ;; + + -with-* | --with-*) + ac_useropt=`expr "x$ac_option" : 'x-*with-\([^=]*\)'` + # Reject names that are not valid shell variable names. + expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && + as_fn_error $? "invalid package name: $ac_useropt" + ac_useropt_orig=$ac_useropt + ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'` + case $ac_user_opts in + *" +"with_$ac_useropt" +"*) ;; + *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--with-$ac_useropt_orig" + ac_unrecognized_sep=', ';; + esac + eval with_$ac_useropt=\$ac_optarg ;; + + -without-* | --without-*) + ac_useropt=`expr "x$ac_option" : 'x-*without-\(.*\)'` + # Reject names that are not valid shell variable names. + expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && + as_fn_error $? "invalid package name: $ac_useropt" + ac_useropt_orig=$ac_useropt + ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'` + case $ac_user_opts in + *" +"with_$ac_useropt" +"*) ;; + *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--without-$ac_useropt_orig" + ac_unrecognized_sep=', ';; + esac + eval with_$ac_useropt=no ;; + + --x) + # Obsolete; use --with-x. + with_x=yes ;; + + -x-includes | --x-includes | --x-include | --x-includ | --x-inclu \ + | --x-incl | --x-inc | --x-in | --x-i) + ac_prev=x_includes ;; + -x-includes=* | --x-includes=* | --x-include=* | --x-includ=* | --x-inclu=* \ + | --x-incl=* | --x-inc=* | --x-in=* | --x-i=*) + x_includes=$ac_optarg ;; + + -x-libraries | --x-libraries | --x-librarie | --x-librari \ + | --x-librar | --x-libra | --x-libr | --x-lib | --x-li | --x-l) + ac_prev=x_libraries ;; + -x-libraries=* | --x-libraries=* | --x-librarie=* | --x-librari=* \ + | --x-librar=* | --x-libra=* | --x-libr=* | --x-lib=* | --x-li=* | --x-l=*) + x_libraries=$ac_optarg ;; + + -*) as_fn_error $? "unrecognized option: \`$ac_option' +Try \`$0 --help' for more information" + ;; + + *=*) + ac_envvar=`expr "x$ac_option" : 'x\([^=]*\)='` + # Reject names that are not valid shell variable names. + case $ac_envvar in #( + '' | [0-9]* | *[!_$as_cr_alnum]* ) + as_fn_error $? "invalid variable name: \`$ac_envvar'" ;; + esac + eval $ac_envvar=\$ac_optarg + export $ac_envvar ;; + + *) + # FIXME: should be removed in autoconf 3.0. + $as_echo "$as_me: WARNING: you should use --build, --host, --target" >&2 + expr "x$ac_option" : ".*[^-._$as_cr_alnum]" >/dev/null && + $as_echo "$as_me: WARNING: invalid host type: $ac_option" >&2 + : "${build_alias=$ac_option} ${host_alias=$ac_option} ${target_alias=$ac_option}" + ;; + + esac +done + +if test -n "$ac_prev"; then + ac_option=--`echo $ac_prev | sed 's/_/-/g'` + as_fn_error $? "missing argument to $ac_option" +fi + +if test -n "$ac_unrecognized_opts"; then + case $enable_option_checking in + no) ;; + fatal) as_fn_error $? "unrecognized options: $ac_unrecognized_opts" ;; + *) $as_echo "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2 ;; + esac +fi + +# Check all directory arguments for consistency. +for ac_var in exec_prefix prefix bindir sbindir libexecdir datarootdir \ + datadir sysconfdir sharedstatedir localstatedir includedir \ + oldincludedir docdir infodir htmldir dvidir pdfdir psdir \ + libdir localedir mandir runstatedir +do + eval ac_val=\$$ac_var + # Remove trailing slashes. + case $ac_val in + */ ) + ac_val=`expr "X$ac_val" : 'X\(.*[^/]\)' \| "X$ac_val" : 'X\(.*\)'` + eval $ac_var=\$ac_val;; + esac + # Be sure to have absolute directory names. + case $ac_val in + [\\/$]* | ?:[\\/]* ) continue;; + NONE | '' ) case $ac_var in *prefix ) continue;; esac;; + esac + as_fn_error $? "expected an absolute directory name for --$ac_var: $ac_val" +done + +# There might be people who depend on the old broken behavior: `$host' +# used to hold the argument of --host etc. +# FIXME: To remove some day. +build=$build_alias +host=$host_alias +target=$target_alias + +# FIXME: To remove some day. +if test "x$host_alias" != x; then + if test "x$build_alias" = x; then + cross_compiling=maybe + elif test "x$build_alias" != "x$host_alias"; then + cross_compiling=yes + fi +fi + +ac_tool_prefix= +test -n "$host_alias" && ac_tool_prefix=$host_alias- + +test "$silent" = yes && exec 6>/dev/null + + +ac_pwd=`pwd` && test -n "$ac_pwd" && +ac_ls_di=`ls -di .` && +ac_pwd_ls_di=`cd "$ac_pwd" && ls -di .` || + as_fn_error $? "working directory cannot be determined" +test "X$ac_ls_di" = "X$ac_pwd_ls_di" || + as_fn_error $? "pwd does not report name of working directory" + + +# Find the source files, if location was not specified. +if test -z "$srcdir"; then + ac_srcdir_defaulted=yes + # Try the directory containing this script, then the parent directory. + ac_confdir=`$as_dirname -- "$as_myself" || +$as_expr X"$as_myself" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$as_myself" : 'X\(//\)[^/]' \| \ + X"$as_myself" : 'X\(//\)$' \| \ + X"$as_myself" : 'X\(/\)' \| . 2>/dev/null || +$as_echo X"$as_myself" | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ + s//\1/ + q + } + /^X\(\/\/\)[^/].*/{ + s//\1/ + q + } + /^X\(\/\/\)$/{ + s//\1/ + q + } + /^X\(\/\).*/{ + s//\1/ + q + } + s/.*/./; q'` + srcdir=$ac_confdir + if test ! -r "$srcdir/$ac_unique_file"; then + srcdir=.. + fi +else + ac_srcdir_defaulted=no +fi +if test ! -r "$srcdir/$ac_unique_file"; then + test "$ac_srcdir_defaulted" = yes && srcdir="$ac_confdir or .." + as_fn_error $? "cannot find sources ($ac_unique_file) in $srcdir" +fi +ac_msg="sources are in $srcdir, but \`cd $srcdir' does not work" +ac_abs_confdir=`( + cd "$srcdir" && test -r "./$ac_unique_file" || as_fn_error $? "$ac_msg" + pwd)` +# When building in place, set srcdir=. +if test "$ac_abs_confdir" = "$ac_pwd"; then + srcdir=. +fi +# Remove unnecessary trailing slashes from srcdir. +# Double slashes in file names in object file debugging info +# mess up M-x gdb in Emacs. +case $srcdir in +*/) srcdir=`expr "X$srcdir" : 'X\(.*[^/]\)' \| "X$srcdir" : 'X\(.*\)'`;; +esac +for ac_var in $ac_precious_vars; do + eval ac_env_${ac_var}_set=\${${ac_var}+set} + eval ac_env_${ac_var}_value=\$${ac_var} + eval ac_cv_env_${ac_var}_set=\${${ac_var}+set} + eval ac_cv_env_${ac_var}_value=\$${ac_var} +done + +# +# Report the --help message. +# +if test "$ac_init_help" = "long"; then + # Omit some internal or obsolete options to make the list less imposing. + # This message is too long to be a string in the A/UX 3.1 sh. + cat <<_ACEOF +\`configure' configures GnuTLS 3.6.8 to adapt to many kinds of systems. + +Usage: $0 [OPTION]... [VAR=VALUE]... + +To assign environment variables (e.g., CC, CFLAGS...), specify them as +VAR=VALUE. See below for descriptions of some of the useful variables. + +Defaults for the options are specified in brackets. + +Configuration: + -h, --help display this help and exit + --help=short display options specific to this package + --help=recursive display the short help of all the included packages + -V, --version display version information and exit + -q, --quiet, --silent do not print \`checking ...' messages + --cache-file=FILE cache test results in FILE [disabled] + -C, --config-cache alias for \`--cache-file=config.cache' + -n, --no-create do not create output files + --srcdir=DIR find the sources in DIR [configure dir or \`..'] + +Installation directories: + --prefix=PREFIX install architecture-independent files in PREFIX + [$ac_default_prefix] + --exec-prefix=EPREFIX install architecture-dependent files in EPREFIX + [PREFIX] + +By default, \`make install' will install all the files in +\`$ac_default_prefix/bin', \`$ac_default_prefix/lib' etc. You can specify +an installation prefix other than \`$ac_default_prefix' using \`--prefix', +for instance \`--prefix=\$HOME'. + +For better control, use the options below. + +Fine tuning of the installation directories: + --bindir=DIR user executables [EPREFIX/bin] + --sbindir=DIR system admin executables [EPREFIX/sbin] + --libexecdir=DIR program executables [EPREFIX/libexec] + --sysconfdir=DIR read-only single-machine data [PREFIX/etc] + --sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com] + --localstatedir=DIR modifiable single-machine data [PREFIX/var] + --runstatedir=DIR modifiable per-process data [LOCALSTATEDIR/run] + --libdir=DIR object code libraries [EPREFIX/lib] + --includedir=DIR C header files [PREFIX/include] + --oldincludedir=DIR C header files for non-gcc [/usr/include] + --datarootdir=DIR read-only arch.-independent data root [PREFIX/share] + --datadir=DIR read-only architecture-independent data [DATAROOTDIR] + --infodir=DIR info documentation [DATAROOTDIR/info] + --localedir=DIR locale-dependent data [DATAROOTDIR/locale] + --mandir=DIR man documentation [DATAROOTDIR/man] + --docdir=DIR documentation root [DATAROOTDIR/doc/gnutls] + --htmldir=DIR html documentation [DOCDIR] + --dvidir=DIR dvi documentation [DOCDIR] + --pdfdir=DIR pdf documentation [DOCDIR] + --psdir=DIR ps documentation [DOCDIR] +_ACEOF + + cat <<\_ACEOF + +Program names: + --program-prefix=PREFIX prepend PREFIX to installed program names + --program-suffix=SUFFIX append SUFFIX to installed program names + --program-transform-name=PROGRAM run sed PROGRAM on installed program names + +System types: + --build=BUILD configure for building on BUILD [guessed] + --host=HOST cross-compile to build programs to run on HOST [BUILD] +_ACEOF +fi + +if test -n "$ac_init_help"; then + case $ac_init_help in + short | recursive ) echo "Configuration of GnuTLS 3.6.8:";; + esac + cat <<\_ACEOF + +Optional Features: + --disable-option-checking ignore unrecognized --enable/--with options + --disable-FEATURE do not include FEATURE (same as --enable-FEATURE=no) + --enable-FEATURE[=ARG] include FEATURE [ARG=yes] + --enable-silent-rules less verbose build output (undo: "make V=1") + --disable-silent-rules verbose build output (undo: "make V=0") + --enable-dependency-tracking + do not reject slow dependency extractors + --disable-dependency-tracking + speeds up one-time build + --disable-largefile omit support for large files + --enable-threads={posix|solaris|pth|windows} + specify multithreading API + --disable-threads build without multithread safety + --enable-code-coverage Whether to enable code coverage support + --disable-maintainer-mode + disable make rules and dependencies not useful (and + sometimes confusing) to the casual installer + --disable-bash-tests skip some tests that badly need bash + --disable-doc don't generate any documentation + --enable-manpages install manpages even if disable-doc is given + --disable-tools don't compile any tools + --disable-cxx unconditionally disable the C++ library + --disable-hardware-acceleration + unconditionally disable hardware acceleration + --disable-tls13-interop disable TLS1.3 interoperability testing with openssl + --disable-padlock unconditionally disable padlock acceleration + --enable-sha1-support allow SHA1 as an acceptable hash for cert digital + signatures + --enable-ssl3-support enable support for the SSL 3.0 protocol + --disable-ssl2-support disable support for the SSL 2.0 client hello + --disable-dtls-srtp-support + disable support for the DTLS-SRTP extension + --disable-alpn-support disable support for the Application Layer Protocol + Negotiation (ALPN) extension + --disable-heartbeat-support + disable support for the heartbeat extension + --disable-srp-authentication + disable the SRP authentication support + --disable-psk-authentication + disable the PSK authentication support + --disable-anon-authentication + disable the anonymous authentication support + --disable-dhe disable the DHE support + --disable-ecdhe disable the ECDHE support + --disable-gost disable the GOST support + --enable-cryptodev enable cryptodev support + --disable-ocsp disable OCSP support + --enable-openssl-compatibility + enable the OpenSSL compatibility library + --disable-tests don't compile or run any tests + --enable-fuzzer-target make a library intended for testing - not production + --enable-gtk-doc use gtk-doc to build documentation [[default=no]] + --enable-gtk-doc-html build documentation in html format [[default=yes]] + --enable-gtk-doc-pdf build documentation in pdf format [[default=no]] + --disable-nls do not use Native Language Support + --disable-rpath do not hardcode runtime library paths + --enable-seccomp-tests unconditionally enable tests with seccomp + --enable-ld-version-script + enable linker version script (default is enabled + when possible) + --enable-valgrind-tests try to run self tests under valgrind + --disable-full-test-suite + disable running very slow components of test suite + --disable-gcc-warnings turn off lots of GCC warnings (for developers) + --enable-static[=PKGS] build static libraries [default=no] + --enable-shared[=PKGS] build shared libraries [default=yes] + --enable-fast-install[=PKGS] + optimize for fast installation [default=yes] + --disable-libtool-lock avoid locking (might break parallel builds) + --enable-fips140-mode enable FIPS140-2 mode + --disable-non-suiteb-curves + disable curves not in SuiteB + --disable-libdane disable the built of libdane + --disable-nls disable nls support in libopts + --enable-local-libopts Use the supplied libopts tearoff code + --enable-libopts-install + Install libopts with client installation + --disable-optional-args not wanting optional option args + --enable-guile build GNU Guile bindings + +Optional Packages: + --with-PACKAGE[=ARG] use PACKAGE [ARG=yes] + --without-PACKAGE do not use PACKAGE (same as --with-PACKAGE=no) + --with-gcov=GCOV use given GCOV for coverage (GCOV=gcov). + --with-nettle-mini Link against a mini-nettle (that includes mini-gmp) + --with-included-libtasn1 + use the included libtasn1 + --with-html-dir=PATH path to installed docs + --with-gnu-ld assume the C compiler uses GNU ld [default=no] + --with-libiconv-prefix[=DIR] search for libiconv in DIR/include and DIR/lib + --without-libiconv-prefix don't search for libiconv in includedir and libdir + --with-libintl-prefix[=DIR] search for libintl in DIR/include and DIR/lib + --without-libintl-prefix don't search for libintl in includedir and libdir + --with-libseccomp-prefix[=DIR] search for libseccomp in DIR/include and DIR/lib + --without-libseccomp-prefix don't search for libseccomp in includedir and libdir + --with-libcrypto-prefix[=DIR] search for libcrypto in DIR/include and DIR/lib + --without-libcrypto-prefix don't search for libcrypto in includedir and libdir + --with-librt-prefix[=DIR] search for librt in DIR/include and DIR/lib + --without-librt-prefix don't search for librt in includedir and libdir + --with-libpthread-prefix[=DIR] search for libpthread in DIR/include and DIR/lib + --without-libpthread-prefix don't search for libpthread in includedir and libdir + --with-included-unistring + disable linking with system libunistring + --with-libpth-prefix[=DIR] search for libpth in DIR/include and DIR/lib + --without-libpth-prefix don't search for libpth in includedir and libdir + --with-pic[=PKGS] try to use only PIC/non-PIC objects [default=use + both] + --with-aix-soname=aix|svr4|both + shared library versioning (aka "SONAME") variant to + provide on AIX, [default=aix]. + --with-gnu-ld assume the C compiler uses GNU ld [default=no] + --with-sysroot[=DIR] Search for dependent libraries within DIR (or the + compiler's sysroot if not specified). + --with-libdl-prefix[=DIR] search for libdl in DIR/include and DIR/lib + --without-libdl-prefix don't search for libdl in includedir and libdir + --with-fips140-key specify the FIPS140 HMAC key for integrity + --without-idn disable support for IDNA + --with-unbound-root-key-file + specify the unbound root key file + --with-system-priority-file + specify the system priority file + --with-default-priority-string + specify the default priority string (e.g. @SYSTEM) + --without-p11-kit Build without p11-kit and PKCS#11 support + --without-tpm Disable TPM (trousers) support. + --with-trousers-lib=LIB set the location of the trousers library + --with-autoopts-config specify the config-info script + --with-regex-header a reg expr header is specified + --with-libregex libregex installation prefix + --with-libregex-cflags libregex compile flags + --with-libregex-libs libregex link command arguments + --with-default-trust-store-pkcs11=URI + use the given pkcs11 uri as default trust store + --with-default-trust-store-dir=DIR + use the given directory as default trust store + --with-default-trust-store-file=FILE + use the given file default trust store + --with-default-crl-file=FILE + use the given CRL file as default + --with-default-blacklist-file=FILE + use the given certificate blacklist file as default + --with-guile-site-dir=DIR + guile site directory for gnutls, default is guile + system settings + --with-guile-site-ccache-dir=DIR + guile ccache directory for gnutls, default is guile + system settings + --with-guile-extension-dir=DIR + guile extension directory for gnutls, default is + guile system settings + +Some influential environment variables: + PKG_CONFIG path to pkg-config utility + PKG_CONFIG_PATH + directories to add to pkg-config's search path + PKG_CONFIG_LIBDIR + path overriding pkg-config's built-in search path + CC C compiler command + CFLAGS C compiler flags + LDFLAGS linker flags, e.g. -L if you have libraries in a + nonstandard directory + LIBS libraries to pass to the linker, e.g. -l + CPPFLAGS (Objective) C/C++ preprocessor flags, e.g. -I if + you have headers in a nonstandard directory + CPP C preprocessor + CCAS assembler compiler command (defaults to CC) + CCASFLAGS assembler compiler flags (defaults to CFLAGS) + CXX C++ compiler command + CXXFLAGS C++ compiler flags + YACC The `Yet Another Compiler Compiler' implementation to use. + Defaults to the first program found out of: `bison -y', `byacc', + `yacc'. + YFLAGS The list of arguments that will be passed by default to $YACC. + This script will default YFLAGS to the empty string to avoid a + default value of `-d' given by some make applications. + NETTLE_CFLAGS + C compiler flags for NETTLE, overriding pkg-config + NETTLE_LIBS linker flags for NETTLE, overriding pkg-config + HOGWEED_CFLAGS + C compiler flags for HOGWEED, overriding pkg-config + HOGWEED_LIBS + linker flags for HOGWEED, overriding pkg-config + GMP_CFLAGS C compiler flags for gmp + GMP_LIBS linker flags for gmp + LIBTASN1_CFLAGS + C compiler flags for LIBTASN1, overriding pkg-config + LIBTASN1_LIBS + linker flags for LIBTASN1, overriding pkg-config + GTKDOC_DEPS_CFLAGS + C compiler flags for GTKDOC_DEPS, overriding pkg-config + GTKDOC_DEPS_LIBS + linker flags for GTKDOC_DEPS, overriding pkg-config + LT_SYS_LIBRARY_PATH + User-defined run-time library search path. + CXXCPP C++ preprocessor + CMOCKA_CFLAGS + C compiler flags for CMOCKA, overriding pkg-config + CMOCKA_LIBS linker flags for CMOCKA, overriding pkg-config + P11_KIT_CFLAGS + C compiler flags for P11_KIT, overriding pkg-config + P11_KIT_LIBS + linker flags for P11_KIT, overriding pkg-config + GUILE_CFLAGS + C compiler flags for GUILE, overriding pkg-config + GUILE_LIBS linker flags for GUILE, overriding pkg-config + +Use these variables to override the choices made by `configure' or to help +it to find libraries and programs with nonstandard names/locations. + +Report bugs to . +_ACEOF +ac_status=$? +fi + +if test "$ac_init_help" = "recursive"; then + # If there are subdirs, report their specific --help. + for ac_dir in : $ac_subdirs_all; do test "x$ac_dir" = x: && continue + test -d "$ac_dir" || + { cd "$srcdir" && ac_pwd=`pwd` && srcdir=. && test -d "$ac_dir"; } || + continue + ac_builddir=. + +case "$ac_dir" in +.) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;; +*) + ac_dir_suffix=/`$as_echo "$ac_dir" | sed 's|^\.[\\/]||'` + # A ".." for each directory in $ac_dir_suffix. + ac_top_builddir_sub=`$as_echo "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'` + case $ac_top_builddir_sub in + "") ac_top_builddir_sub=. ac_top_build_prefix= ;; + *) ac_top_build_prefix=$ac_top_builddir_sub/ ;; + esac ;; +esac +ac_abs_top_builddir=$ac_pwd +ac_abs_builddir=$ac_pwd$ac_dir_suffix +# for backward compatibility: +ac_top_builddir=$ac_top_build_prefix + +case $srcdir in + .) # We are building in place. + ac_srcdir=. + ac_top_srcdir=$ac_top_builddir_sub + ac_abs_top_srcdir=$ac_pwd ;; + [\\/]* | ?:[\\/]* ) # Absolute name. + ac_srcdir=$srcdir$ac_dir_suffix; + ac_top_srcdir=$srcdir + ac_abs_top_srcdir=$srcdir ;; + *) # Relative name. + ac_srcdir=$ac_top_build_prefix$srcdir$ac_dir_suffix + ac_top_srcdir=$ac_top_build_prefix$srcdir + ac_abs_top_srcdir=$ac_pwd/$srcdir ;; +esac +ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix + + cd "$ac_dir" || { ac_status=$?; continue; } + # Check for guested configure. + if test -f "$ac_srcdir/configure.gnu"; then + echo && + $SHELL "$ac_srcdir/configure.gnu" --help=recursive + elif test -f "$ac_srcdir/configure"; then + echo && + $SHELL "$ac_srcdir/configure" --help=recursive + else + $as_echo "$as_me: WARNING: no configuration information is in $ac_dir" >&2 + fi || ac_status=$? + cd "$ac_pwd" || { ac_status=$?; break; } + done +fi + +test -n "$ac_init_help" && exit $ac_status +if $ac_init_version; then + cat <<\_ACEOF +GnuTLS configure 3.6.8 +generated by GNU Autoconf 2.69 + +Copyright (C) 2012 Free Software Foundation, Inc. +This configure script is free software; the Free Software Foundation +gives unlimited permission to copy, distribute and modify it. +_ACEOF + exit +fi + +## ------------------------ ## +## Autoconf initialization. ## +## ------------------------ ## + +# ac_fn_c_try_compile LINENO +# -------------------------- +# Try to compile conftest.$ac_ext, and return whether this succeeded. +ac_fn_c_try_compile () +{ + as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + rm -f conftest.$ac_objext + if { { ac_try="$ac_compile" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +$as_echo "$ac_try_echo"; } >&5 + (eval "$ac_compile") 2>conftest.err + ac_status=$? + if test -s conftest.err; then + grep -v '^ *+' conftest.err >conftest.er1 + cat conftest.er1 >&5 + mv -f conftest.er1 conftest.err + fi + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } && { + test -z "$ac_c_werror_flag" || + test ! -s conftest.err + } && test -s conftest.$ac_objext; then : + ac_retval=0 +else + $as_echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + ac_retval=1 +fi + eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno + as_fn_set_status $ac_retval + +} # ac_fn_c_try_compile + +# ac_fn_c_try_cpp LINENO +# ---------------------- +# Try to preprocess conftest.$ac_ext, and return whether this succeeded. +ac_fn_c_try_cpp () +{ + as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + if { { ac_try="$ac_cpp conftest.$ac_ext" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +$as_echo "$ac_try_echo"; } >&5 + (eval "$ac_cpp conftest.$ac_ext") 2>conftest.err + ac_status=$? + if test -s conftest.err; then + grep -v '^ *+' conftest.err >conftest.er1 + cat conftest.er1 >&5 + mv -f conftest.er1 conftest.err + fi + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } > conftest.i && { + test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" || + test ! -s conftest.err + }; then : + ac_retval=0 +else + $as_echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + ac_retval=1 +fi + eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno + as_fn_set_status $ac_retval + +} # ac_fn_c_try_cpp + +# ac_fn_c_check_header_mongrel LINENO HEADER VAR INCLUDES +# ------------------------------------------------------- +# Tests whether HEADER exists, giving a warning if it cannot be compiled using +# the include files in INCLUDES and setting the cache variable VAR +# accordingly. +ac_fn_c_check_header_mongrel () +{ + as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + if eval \${$3+:} false; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 +$as_echo_n "checking for $2... " >&6; } +if eval \${$3+:} false; then : + $as_echo_n "(cached) " >&6 +fi +eval ac_res=\$$3 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 +$as_echo "$ac_res" >&6; } +else + # Is the header compilable? +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking $2 usability" >&5 +$as_echo_n "checking $2 usability... " >&6; } +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +$4 +#include <$2> +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_header_compiler=yes +else + ac_header_compiler=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_header_compiler" >&5 +$as_echo "$ac_header_compiler" >&6; } + +# Is the header present? +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking $2 presence" >&5 +$as_echo_n "checking $2 presence... " >&6; } +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include <$2> +_ACEOF +if ac_fn_c_try_cpp "$LINENO"; then : + ac_header_preproc=yes +else + ac_header_preproc=no +fi +rm -f conftest.err conftest.i conftest.$ac_ext +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_header_preproc" >&5 +$as_echo "$ac_header_preproc" >&6; } + +# So? What about this header? +case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in #(( + yes:no: ) + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: accepted by the compiler, rejected by the preprocessor!" >&5 +$as_echo "$as_me: WARNING: $2: accepted by the compiler, rejected by the preprocessor!" >&2;} + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: proceeding with the compiler's result" >&5 +$as_echo "$as_me: WARNING: $2: proceeding with the compiler's result" >&2;} + ;; + no:yes:* ) + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: present but cannot be compiled" >&5 +$as_echo "$as_me: WARNING: $2: present but cannot be compiled" >&2;} + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: check for missing prerequisite headers?" >&5 +$as_echo "$as_me: WARNING: $2: check for missing prerequisite headers?" >&2;} + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: see the Autoconf documentation" >&5 +$as_echo "$as_me: WARNING: $2: see the Autoconf documentation" >&2;} + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: section \"Present But Cannot Be Compiled\"" >&5 +$as_echo "$as_me: WARNING: $2: section \"Present But Cannot Be Compiled\"" >&2;} + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: proceeding with the compiler's result" >&5 +$as_echo "$as_me: WARNING: $2: proceeding with the compiler's result" >&2;} +( $as_echo "## ------------------------------ ## +## Report this to bugs@gnutls.org ## +## ------------------------------ ##" + ) | sed "s/^/$as_me: WARNING: /" >&2 + ;; +esac + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 +$as_echo_n "checking for $2... " >&6; } +if eval \${$3+:} false; then : + $as_echo_n "(cached) " >&6 +else + eval "$3=\$ac_header_compiler" +fi +eval ac_res=\$$3 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 +$as_echo "$ac_res" >&6; } +fi + eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno + +} # ac_fn_c_check_header_mongrel + +# ac_fn_c_try_run LINENO +# ---------------------- +# Try to link conftest.$ac_ext, and return whether this succeeded. Assumes +# that executables *can* be run. +ac_fn_c_try_run () +{ + as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + if { { ac_try="$ac_link" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +$as_echo "$ac_try_echo"; } >&5 + (eval "$ac_link") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } && { ac_try='./conftest$ac_exeext' + { { case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +$as_echo "$ac_try_echo"; } >&5 + (eval "$ac_try") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; }; then : + ac_retval=0 +else + $as_echo "$as_me: program exited with status $ac_status" >&5 + $as_echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + ac_retval=$ac_status +fi + rm -rf conftest.dSYM conftest_ipa8_conftest.oo + eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno + as_fn_set_status $ac_retval + +} # ac_fn_c_try_run + +# ac_fn_c_check_header_compile LINENO HEADER VAR INCLUDES +# ------------------------------------------------------- +# Tests whether HEADER exists and can be compiled using the include files in +# INCLUDES, setting the cache variable VAR accordingly. +ac_fn_c_check_header_compile () +{ + as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 +$as_echo_n "checking for $2... " >&6; } +if eval \${$3+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +$4 +#include <$2> +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + eval "$3=yes" +else + eval "$3=no" +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +eval ac_res=\$$3 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 +$as_echo "$ac_res" >&6; } + eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno + +} # ac_fn_c_check_header_compile + +# ac_fn_c_try_link LINENO +# ----------------------- +# Try to link conftest.$ac_ext, and return whether this succeeded. +ac_fn_c_try_link () +{ + as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + rm -f conftest.$ac_objext conftest$ac_exeext + if { { ac_try="$ac_link" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +$as_echo "$ac_try_echo"; } >&5 + (eval "$ac_link") 2>conftest.err + ac_status=$? + if test -s conftest.err; then + grep -v '^ *+' conftest.err >conftest.er1 + cat conftest.er1 >&5 + mv -f conftest.er1 conftest.err + fi + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } && { + test -z "$ac_c_werror_flag" || + test ! -s conftest.err + } && test -s conftest$ac_exeext && { + test "$cross_compiling" = yes || + test -x conftest$ac_exeext + }; then : + ac_retval=0 +else + $as_echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + ac_retval=1 +fi + # Delete the IPA/IPO (Inter Procedural Analysis/Optimization) information + # created by the PGI compiler (conftest_ipa8_conftest.oo), as it would + # interfere with the next link command; also delete a directory that is + # left behind by Apple's compiler. We do this before executing the actions. + rm -rf conftest.dSYM conftest_ipa8_conftest.oo + eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno + as_fn_set_status $ac_retval + +} # ac_fn_c_try_link + +# ac_fn_cxx_try_compile LINENO +# ---------------------------- +# Try to compile conftest.$ac_ext, and return whether this succeeded. +ac_fn_cxx_try_compile () +{ + as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + rm -f conftest.$ac_objext + if { { ac_try="$ac_compile" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +$as_echo "$ac_try_echo"; } >&5 + (eval "$ac_compile") 2>conftest.err + ac_status=$? + if test -s conftest.err; then + grep -v '^ *+' conftest.err >conftest.er1 + cat conftest.er1 >&5 + mv -f conftest.er1 conftest.err + fi + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } && { + test -z "$ac_cxx_werror_flag" || + test ! -s conftest.err + } && test -s conftest.$ac_objext; then : + ac_retval=0 +else + $as_echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + ac_retval=1 +fi + eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno + as_fn_set_status $ac_retval + +} # ac_fn_cxx_try_compile + +# ac_fn_c_check_member LINENO AGGR MEMBER VAR INCLUDES +# ---------------------------------------------------- +# Tries to find if the field MEMBER exists in type AGGR, after including +# INCLUDES, setting cache variable VAR accordingly. +ac_fn_c_check_member () +{ + as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2.$3" >&5 +$as_echo_n "checking for $2.$3... " >&6; } +if eval \${$4+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +$5 +int +main () +{ +static $2 ac_aggr; +if (ac_aggr.$3) +return 0; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + eval "$4=yes" +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +$5 +int +main () +{ +static $2 ac_aggr; +if (sizeof ac_aggr.$3) +return 0; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + eval "$4=yes" +else + eval "$4=no" +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +eval ac_res=\$$4 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 +$as_echo "$ac_res" >&6; } + eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno + +} # ac_fn_c_check_member + +# ac_fn_c_compute_int LINENO EXPR VAR INCLUDES +# -------------------------------------------- +# Tries to find the compile-time value of EXPR in a program that includes +# INCLUDES, setting VAR accordingly. Returns whether the value could be +# computed +ac_fn_c_compute_int () +{ + as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + if test "$cross_compiling" = yes; then + # Depending upon the size, compute the lo and hi bounds. +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +$4 +int +main () +{ +static int test_array [1 - 2 * !(($2) >= 0)]; +test_array [0] = 0; +return test_array [0]; + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_lo=0 ac_mid=0 + while :; do + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +$4 +int +main () +{ +static int test_array [1 - 2 * !(($2) <= $ac_mid)]; +test_array [0] = 0; +return test_array [0]; + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_hi=$ac_mid; break +else + as_fn_arith $ac_mid + 1 && ac_lo=$as_val + if test $ac_lo -le $ac_mid; then + ac_lo= ac_hi= + break + fi + as_fn_arith 2 '*' $ac_mid + 1 && ac_mid=$as_val +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + done +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +$4 +int +main () +{ +static int test_array [1 - 2 * !(($2) < 0)]; +test_array [0] = 0; +return test_array [0]; + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_hi=-1 ac_mid=-1 + while :; do + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +$4 +int +main () +{ +static int test_array [1 - 2 * !(($2) >= $ac_mid)]; +test_array [0] = 0; +return test_array [0]; + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_lo=$ac_mid; break +else + as_fn_arith '(' $ac_mid ')' - 1 && ac_hi=$as_val + if test $ac_mid -le $ac_hi; then + ac_lo= ac_hi= + break + fi + as_fn_arith 2 '*' $ac_mid && ac_mid=$as_val +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + done +else + ac_lo= ac_hi= +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +# Binary search between lo and hi bounds. +while test "x$ac_lo" != "x$ac_hi"; do + as_fn_arith '(' $ac_hi - $ac_lo ')' / 2 + $ac_lo && ac_mid=$as_val + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +$4 +int +main () +{ +static int test_array [1 - 2 * !(($2) <= $ac_mid)]; +test_array [0] = 0; +return test_array [0]; + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_hi=$ac_mid +else + as_fn_arith '(' $ac_mid ')' + 1 && ac_lo=$as_val +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +done +case $ac_lo in #(( +?*) eval "$3=\$ac_lo"; ac_retval=0 ;; +'') ac_retval=1 ;; +esac + else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +$4 +static long int longval () { return $2; } +static unsigned long int ulongval () { return $2; } +#include +#include +int +main () +{ + + FILE *f = fopen ("conftest.val", "w"); + if (! f) + return 1; + if (($2) < 0) + { + long int i = longval (); + if (i != ($2)) + return 1; + fprintf (f, "%ld", i); + } + else + { + unsigned long int i = ulongval (); + if (i != ($2)) + return 1; + fprintf (f, "%lu", i); + } + /* Do not output a trailing newline, as this causes \r\n confusion + on some platforms. */ + return ferror (f) || fclose (f) != 0; + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_run "$LINENO"; then : + echo >>conftest.val; read $3 &5 +$as_echo_n "checking for $2... " >&6; } +if eval \${$3+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +/* Define $2 to an innocuous variant, in case declares $2. + For example, HP-UX 11i declares gettimeofday. */ +#define $2 innocuous_$2 + +/* System header to define __stub macros and hopefully few prototypes, + which can conflict with char $2 (); below. + Prefer to if __STDC__ is defined, since + exists even on freestanding compilers. */ + +#ifdef __STDC__ +# include +#else +# include +#endif + +#undef $2 + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char $2 (); +/* The GNU C library defines this for functions which it implements + to always fail with ENOSYS. Some functions are actually named + something starting with __ and the normal name is an alias. */ +#if defined __stub_$2 || defined __stub___$2 +choke me +#endif + +int +main () +{ +return $2 (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + eval "$3=yes" +else + eval "$3=no" +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +fi +eval ac_res=\$$3 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 +$as_echo "$ac_res" >&6; } + eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno + +} # ac_fn_c_check_func + +# ac_fn_c_check_type LINENO TYPE VAR INCLUDES +# ------------------------------------------- +# Tests whether TYPE exists after having included INCLUDES, setting cache +# variable VAR accordingly. +ac_fn_c_check_type () +{ + as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 +$as_echo_n "checking for $2... " >&6; } +if eval \${$3+:} false; then : + $as_echo_n "(cached) " >&6 +else + eval "$3=no" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +$4 +int +main () +{ +if (sizeof ($2)) + return 0; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +$4 +int +main () +{ +if (sizeof (($2))) + return 0; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + +else + eval "$3=yes" +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +eval ac_res=\$$3 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 +$as_echo "$ac_res" >&6; } + eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno + +} # ac_fn_c_check_type + +# ac_fn_c_check_decl LINENO SYMBOL VAR INCLUDES +# --------------------------------------------- +# Tests whether SYMBOL is declared in INCLUDES, setting cache variable VAR +# accordingly. +ac_fn_c_check_decl () +{ + as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + as_decl_name=`echo $2|sed 's/ *(.*//'` + as_decl_use=`echo $2|sed -e 's/(/((/' -e 's/)/) 0&/' -e 's/,/) 0& (/g'` + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $as_decl_name is declared" >&5 +$as_echo_n "checking whether $as_decl_name is declared... " >&6; } +if eval \${$3+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +$4 +int +main () +{ +#ifndef $as_decl_name +#ifdef __cplusplus + (void) $as_decl_use; +#else + (void) $as_decl_name; +#endif +#endif + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + eval "$3=yes" +else + eval "$3=no" +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +eval ac_res=\$$3 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 +$as_echo "$ac_res" >&6; } + eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno + +} # ac_fn_c_check_decl + +# ac_fn_cxx_try_cpp LINENO +# ------------------------ +# Try to preprocess conftest.$ac_ext, and return whether this succeeded. +ac_fn_cxx_try_cpp () +{ + as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + if { { ac_try="$ac_cpp conftest.$ac_ext" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +$as_echo "$ac_try_echo"; } >&5 + (eval "$ac_cpp conftest.$ac_ext") 2>conftest.err + ac_status=$? + if test -s conftest.err; then + grep -v '^ *+' conftest.err >conftest.er1 + cat conftest.er1 >&5 + mv -f conftest.er1 conftest.err + fi + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } > conftest.i && { + test -z "$ac_cxx_preproc_warn_flag$ac_cxx_werror_flag" || + test ! -s conftest.err + }; then : + ac_retval=0 +else + $as_echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + ac_retval=1 +fi + eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno + as_fn_set_status $ac_retval + +} # ac_fn_cxx_try_cpp + +# ac_fn_cxx_try_link LINENO +# ------------------------- +# Try to link conftest.$ac_ext, and return whether this succeeded. +ac_fn_cxx_try_link () +{ + as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + rm -f conftest.$ac_objext conftest$ac_exeext + if { { ac_try="$ac_link" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +$as_echo "$ac_try_echo"; } >&5 + (eval "$ac_link") 2>conftest.err + ac_status=$? + if test -s conftest.err; then + grep -v '^ *+' conftest.err >conftest.er1 + cat conftest.er1 >&5 + mv -f conftest.er1 conftest.err + fi + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } && { + test -z "$ac_cxx_werror_flag" || + test ! -s conftest.err + } && test -s conftest$ac_exeext && { + test "$cross_compiling" = yes || + test -x conftest$ac_exeext + }; then : + ac_retval=0 +else + $as_echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + ac_retval=1 +fi + # Delete the IPA/IPO (Inter Procedural Analysis/Optimization) information + # created by the PGI compiler (conftest_ipa8_conftest.oo), as it would + # interfere with the next link command; also delete a directory that is + # left behind by Apple's compiler. We do this before executing the actions. + rm -rf conftest.dSYM conftest_ipa8_conftest.oo + eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno + as_fn_set_status $ac_retval + +} # ac_fn_cxx_try_link +cat >config.log <<_ACEOF +This file contains any messages produced by compilers while +running configure, to aid debugging if configure makes a mistake. + +It was created by GnuTLS $as_me 3.6.8, which was +generated by GNU Autoconf 2.69. Invocation command line was + + $ $0 $@ + +_ACEOF +exec 5>>config.log +{ +cat <<_ASUNAME +## --------- ## +## Platform. ## +## --------- ## + +hostname = `(hostname || uname -n) 2>/dev/null | sed 1q` +uname -m = `(uname -m) 2>/dev/null || echo unknown` +uname -r = `(uname -r) 2>/dev/null || echo unknown` +uname -s = `(uname -s) 2>/dev/null || echo unknown` +uname -v = `(uname -v) 2>/dev/null || echo unknown` + +/usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null || echo unknown` +/bin/uname -X = `(/bin/uname -X) 2>/dev/null || echo unknown` + +/bin/arch = `(/bin/arch) 2>/dev/null || echo unknown` +/usr/bin/arch -k = `(/usr/bin/arch -k) 2>/dev/null || echo unknown` +/usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null || echo unknown` +/usr/bin/hostinfo = `(/usr/bin/hostinfo) 2>/dev/null || echo unknown` +/bin/machine = `(/bin/machine) 2>/dev/null || echo unknown` +/usr/bin/oslevel = `(/usr/bin/oslevel) 2>/dev/null || echo unknown` +/bin/universe = `(/bin/universe) 2>/dev/null || echo unknown` + +_ASUNAME + +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + $as_echo "PATH: $as_dir" + done +IFS=$as_save_IFS + +} >&5 + +cat >&5 <<_ACEOF + + +## ----------- ## +## Core tests. ## +## ----------- ## + +_ACEOF + + +# Keep a trace of the command line. +# Strip out --no-create and --no-recursion so they do not pile up. +# Strip out --silent because we don't want to record it for future runs. +# Also quote any args containing shell meta-characters. +# Make two passes to allow for proper duplicate-argument suppression. +ac_configure_args= +ac_configure_args0= +ac_configure_args1= +ac_must_keep_next=false +for ac_pass in 1 2 +do + for ac_arg + do + case $ac_arg in + -no-create | --no-c* | -n | -no-recursion | --no-r*) continue ;; + -q | -quiet | --quiet | --quie | --qui | --qu | --q \ + | -silent | --silent | --silen | --sile | --sil) + continue ;; + *\'*) + ac_arg=`$as_echo "$ac_arg" | sed "s/'/'\\\\\\\\''/g"` ;; + esac + case $ac_pass in + 1) as_fn_append ac_configure_args0 " '$ac_arg'" ;; + 2) + as_fn_append ac_configure_args1 " '$ac_arg'" + if test $ac_must_keep_next = true; then + ac_must_keep_next=false # Got value, back to normal. + else + case $ac_arg in + *=* | --config-cache | -C | -disable-* | --disable-* \ + | -enable-* | --enable-* | -gas | --g* | -nfp | --nf* \ + | -q | -quiet | --q* | -silent | --sil* | -v | -verb* \ + | -with-* | --with-* | -without-* | --without-* | --x) + case "$ac_configure_args0 " in + "$ac_configure_args1"*" '$ac_arg' "* ) continue ;; + esac + ;; + -* ) ac_must_keep_next=true ;; + esac + fi + as_fn_append ac_configure_args " '$ac_arg'" + ;; + esac + done +done +{ ac_configure_args0=; unset ac_configure_args0;} +{ ac_configure_args1=; unset ac_configure_args1;} + +# When interrupted or exit'd, cleanup temporary files, and complete +# config.log. We remove comments because anyway the quotes in there +# would cause problems or look ugly. +# WARNING: Use '\'' to represent an apostrophe within the trap. +# WARNING: Do not start the trap code with a newline, due to a FreeBSD 4.0 bug. +trap 'exit_status=$? + # Save into config.log some information that might help in debugging. + { + echo + + $as_echo "## ---------------- ## +## Cache variables. ## +## ---------------- ##" + echo + # The following way of writing the cache mishandles newlines in values, +( + for ac_var in `(set) 2>&1 | sed -n '\''s/^\([a-zA-Z_][a-zA-Z0-9_]*\)=.*/\1/p'\''`; do + eval ac_val=\$$ac_var + case $ac_val in #( + *${as_nl}*) + case $ac_var in #( + *_cv_*) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cache variable $ac_var contains a newline" >&5 +$as_echo "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;; + esac + case $ac_var in #( + _ | IFS | as_nl) ;; #( + BASH_ARGV | BASH_SOURCE) eval $ac_var= ;; #( + *) { eval $ac_var=; unset $ac_var;} ;; + esac ;; + esac + done + (set) 2>&1 | + case $as_nl`(ac_space='\'' '\''; set) 2>&1` in #( + *${as_nl}ac_space=\ *) + sed -n \ + "s/'\''/'\''\\\\'\'''\''/g; + s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\''\\2'\''/p" + ;; #( + *) + sed -n "/^[_$as_cr_alnum]*_cv_[_$as_cr_alnum]*=/p" + ;; + esac | + sort +) + echo + + $as_echo "## ----------------- ## +## Output variables. ## +## ----------------- ##" + echo + for ac_var in $ac_subst_vars + do + eval ac_val=\$$ac_var + case $ac_val in + *\'\''*) ac_val=`$as_echo "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;; + esac + $as_echo "$ac_var='\''$ac_val'\''" + done | sort + echo + + if test -n "$ac_subst_files"; then + $as_echo "## ------------------- ## +## File substitutions. ## +## ------------------- ##" + echo + for ac_var in $ac_subst_files + do + eval ac_val=\$$ac_var + case $ac_val in + *\'\''*) ac_val=`$as_echo "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;; + esac + $as_echo "$ac_var='\''$ac_val'\''" + done | sort + echo + fi + + if test -s confdefs.h; then + $as_echo "## ----------- ## +## confdefs.h. ## +## ----------- ##" + echo + cat confdefs.h + echo + fi + test "$ac_signal" != 0 && + $as_echo "$as_me: caught signal $ac_signal" + $as_echo "$as_me: exit $exit_status" + } >&5 + rm -f core *.core core.conftest.* && + rm -f -r conftest* confdefs* conf$$* $ac_clean_files && + exit $exit_status +' 0 +for ac_signal in 1 2 13 15; do + trap 'ac_signal='$ac_signal'; as_fn_exit 1' $ac_signal +done +ac_signal=0 + +# confdefs.h avoids OS command line length limits that DEFS can exceed. +rm -f -r conftest* confdefs.h + +$as_echo "/* confdefs.h */" > confdefs.h + +# Predefined preprocessor variables. + +cat >>confdefs.h <<_ACEOF +#define PACKAGE_NAME "$PACKAGE_NAME" +_ACEOF + +cat >>confdefs.h <<_ACEOF +#define PACKAGE_TARNAME "$PACKAGE_TARNAME" +_ACEOF + +cat >>confdefs.h <<_ACEOF +#define PACKAGE_VERSION "$PACKAGE_VERSION" +_ACEOF + +cat >>confdefs.h <<_ACEOF +#define PACKAGE_STRING "$PACKAGE_STRING" +_ACEOF + +cat >>confdefs.h <<_ACEOF +#define PACKAGE_BUGREPORT "$PACKAGE_BUGREPORT" +_ACEOF + +cat >>confdefs.h <<_ACEOF +#define PACKAGE_URL "$PACKAGE_URL" +_ACEOF + + +# Let the site file select an alternate cache file if it wants to. +# Prefer an explicitly selected file to automatically selected ones. +ac_site_file1=NONE +ac_site_file2=NONE +if test -n "$CONFIG_SITE"; then + # We do not want a PATH search for config.site. + case $CONFIG_SITE in #(( + -*) ac_site_file1=./$CONFIG_SITE;; + */*) ac_site_file1=$CONFIG_SITE;; + *) ac_site_file1=./$CONFIG_SITE;; + esac +elif test "x$prefix" != xNONE; then + ac_site_file1=$prefix/share/config.site + ac_site_file2=$prefix/etc/config.site +else + ac_site_file1=$ac_default_prefix/share/config.site + ac_site_file2=$ac_default_prefix/etc/config.site +fi +for ac_site_file in "$ac_site_file1" "$ac_site_file2" +do + test "x$ac_site_file" = xNONE && continue + if test /dev/null != "$ac_site_file" && test -r "$ac_site_file"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: loading site script $ac_site_file" >&5 +$as_echo "$as_me: loading site script $ac_site_file" >&6;} + sed 's/^/| /' "$ac_site_file" >&5 + . "$ac_site_file" \ + || { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error $? "failed to load site script $ac_site_file +See \`config.log' for more details" "$LINENO" 5; } + fi +done + +if test -r "$cache_file"; then + # Some versions of bash will fail to source /dev/null (special files + # actually), so we avoid doing that. DJGPP emulates it as a regular file. + if test /dev/null != "$cache_file" && test -f "$cache_file"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: loading cache $cache_file" >&5 +$as_echo "$as_me: loading cache $cache_file" >&6;} + case $cache_file in + [\\/]* | ?:[\\/]* ) . "$cache_file";; + *) . "./$cache_file";; + esac + fi +else + { $as_echo "$as_me:${as_lineno-$LINENO}: creating cache $cache_file" >&5 +$as_echo "$as_me: creating cache $cache_file" >&6;} + >$cache_file +fi + +as_fn_append ac_header_list " sys/socket.h" +gt_needs="$gt_needs " +as_fn_append ac_header_list " arpa/inet.h" +as_fn_append ac_header_list " features.h" +as_fn_append ac_header_list " sys/stat.h" +as_fn_append ac_func_list " getdelim" +as_fn_append ac_header_list " sys/time.h" +as_fn_append ac_func_list " gettimeofday" +as_fn_append ac_header_list " netdb.h" +as_fn_append ac_header_list " netinet/in.h" +as_fn_append ac_header_list " limits.h" +as_fn_append ac_header_list " unistd.h" +as_fn_append ac_header_list " sys/mman.h" +as_fn_append ac_func_list " mprotect" +as_fn_append ac_func_list " _set_invalid_parameter_handler" +as_fn_append ac_header_list " sys/param.h" +as_fn_append ac_func_list " secure_getenv" +as_fn_append ac_func_list " getuid" +as_fn_append ac_func_list " geteuid" +as_fn_append ac_func_list " getgid" +as_fn_append ac_func_list " getegid" +as_fn_append ac_func_list " snprintf" +as_fn_append ac_header_list " wchar.h" +as_fn_append ac_header_list " stdint.h" +as_fn_append ac_func_list " strdup" +as_fn_append ac_header_list " strings.h" +as_fn_append ac_func_list " strndup" +as_fn_append ac_header_list " sys/uio.h" +as_fn_append ac_func_list " localtime_r" +as_fn_append ac_func_list " vasnprintf" +as_fn_append ac_header_list " crtdefs.h" +as_fn_append ac_func_list " fcntl" +as_fn_append ac_func_list " symlink" +as_fn_append ac_func_list " ftruncate" +as_fn_append ac_func_list " getdtablesize" +as_fn_append ac_header_list " inttypes.h" +as_fn_append ac_func_list " isblank" +as_fn_append ac_header_list " langinfo.h" +as_fn_append ac_header_list " xlocale.h" +as_fn_append ac_func_list " newlocale" +as_fn_append ac_func_list " uselocale" +as_fn_append ac_func_list " duplocale" +as_fn_append ac_func_list " freelocale" +as_fn_append ac_func_list " lstat" +as_fn_append ac_header_list " sys/select.h" +as_fn_append ac_func_list " strerror_r" +as_fn_append ac_func_list " __xpg_strerror_r" +as_fn_append ac_func_list " pipe" +as_fn_append ac_header_list " sys/wait.h" +as_fn_append ac_func_list " setenv" +as_fn_append ac_func_list " sigaction" +as_fn_append ac_func_list " sigaltstack" +as_fn_append ac_func_list " siginterrupt" +as_fn_append ac_func_list " sleep" +as_fn_append ac_func_list " catgets" +as_fn_append ac_header_list " sys/ioctl.h" +as_fn_append ac_func_list " shutdown" +as_fn_append ac_func_list " getpass" +as_fn_append ac_header_list " stdio_ext.h" +as_fn_append ac_header_list " termios.h" +as_fn_append ac_func_list " __fsetlocking" +as_fn_append ac_func_list " tzset" +as_fn_append ac_func_list " timegm" +# Check that the precious variables saved in the cache have kept the same +# value. +ac_cache_corrupted=false +for ac_var in $ac_precious_vars; do + eval ac_old_set=\$ac_cv_env_${ac_var}_set + eval ac_new_set=\$ac_env_${ac_var}_set + eval ac_old_val=\$ac_cv_env_${ac_var}_value + eval ac_new_val=\$ac_env_${ac_var}_value + case $ac_old_set,$ac_new_set in + set,) + { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&5 +$as_echo "$as_me: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&2;} + ac_cache_corrupted=: ;; + ,set) + { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' was not set in the previous run" >&5 +$as_echo "$as_me: error: \`$ac_var' was not set in the previous run" >&2;} + ac_cache_corrupted=: ;; + ,);; + *) + if test "x$ac_old_val" != "x$ac_new_val"; then + # differences in whitespace do not lead to failure. + ac_old_val_w=`echo x $ac_old_val` + ac_new_val_w=`echo x $ac_new_val` + if test "$ac_old_val_w" != "$ac_new_val_w"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' has changed since the previous run:" >&5 +$as_echo "$as_me: error: \`$ac_var' has changed since the previous run:" >&2;} + ac_cache_corrupted=: + else + { $as_echo "$as_me:${as_lineno-$LINENO}: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&5 +$as_echo "$as_me: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&2;} + eval $ac_var=\$ac_old_val + fi + { $as_echo "$as_me:${as_lineno-$LINENO}: former value: \`$ac_old_val'" >&5 +$as_echo "$as_me: former value: \`$ac_old_val'" >&2;} + { $as_echo "$as_me:${as_lineno-$LINENO}: current value: \`$ac_new_val'" >&5 +$as_echo "$as_me: current value: \`$ac_new_val'" >&2;} + fi;; + esac + # Pass precious variables to config.status. + if test "$ac_new_set" = set; then + case $ac_new_val in + *\'*) ac_arg=$ac_var=`$as_echo "$ac_new_val" | sed "s/'/'\\\\\\\\''/g"` ;; + *) ac_arg=$ac_var=$ac_new_val ;; + esac + case " $ac_configure_args " in + *" '$ac_arg' "*) ;; # Avoid dups. Use of quotes ensures accuracy. + *) as_fn_append ac_configure_args " '$ac_arg'" ;; + esac + fi +done +if $ac_cache_corrupted; then + { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} + { $as_echo "$as_me:${as_lineno-$LINENO}: error: changes in the environment can compromise the build" >&5 +$as_echo "$as_me: error: changes in the environment can compromise the build" >&2;} + as_fn_error $? "run \`make distclean' and/or \`rm $cache_file' and start over" "$LINENO" 5 +fi +## -------------------- ## +## Main body of script. ## +## -------------------- ## + +ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu + + +ac_aux_dir= +for ac_dir in build-aux "$srcdir"/build-aux; do + if test -f "$ac_dir/install-sh"; then + ac_aux_dir=$ac_dir + ac_install_sh="$ac_aux_dir/install-sh -c" + break + elif test -f "$ac_dir/install.sh"; then + ac_aux_dir=$ac_dir + ac_install_sh="$ac_aux_dir/install.sh -c" + break + elif test -f "$ac_dir/shtool"; then + ac_aux_dir=$ac_dir + ac_install_sh="$ac_aux_dir/shtool install -c" + break + fi +done +if test -z "$ac_aux_dir"; then + as_fn_error $? "cannot find install-sh, install.sh, or shtool in build-aux \"$srcdir\"/build-aux" "$LINENO" 5 +fi + +# These three variables are undocumented and unsupported, +# and are intended to be withdrawn in a future Autoconf release. +# They can cause serious problems if a builder's source tree is in a directory +# whose full name contains unusual characters. +ac_config_guess="$SHELL $ac_aux_dir/config.guess" # Please don't use this var. +ac_config_sub="$SHELL $ac_aux_dir/config.sub" # Please don't use this var. +ac_configure="$SHELL $ac_aux_dir/configure" # Please don't use this var. + + + +# Make sure we can run config.sub. +$SHELL "$ac_aux_dir/config.sub" sun4 >/dev/null 2>&1 || + as_fn_error $? "cannot run $SHELL $ac_aux_dir/config.sub" "$LINENO" 5 + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking build system type" >&5 +$as_echo_n "checking build system type... " >&6; } +if ${ac_cv_build+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_build_alias=$build_alias +test "x$ac_build_alias" = x && + ac_build_alias=`$SHELL "$ac_aux_dir/config.guess"` +test "x$ac_build_alias" = x && + as_fn_error $? "cannot guess build type; you must specify one" "$LINENO" 5 +ac_cv_build=`$SHELL "$ac_aux_dir/config.sub" $ac_build_alias` || + as_fn_error $? "$SHELL $ac_aux_dir/config.sub $ac_build_alias failed" "$LINENO" 5 + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_build" >&5 +$as_echo "$ac_cv_build" >&6; } +case $ac_cv_build in +*-*-*) ;; +*) as_fn_error $? "invalid value of canonical build" "$LINENO" 5;; +esac +build=$ac_cv_build +ac_save_IFS=$IFS; IFS='-' +set x $ac_cv_build +shift +build_cpu=$1 +build_vendor=$2 +shift; shift +# Remember, the first character of IFS is used to create $*, +# except with old shells: +build_os=$* +IFS=$ac_save_IFS +case $build_os in *\ *) build_os=`echo "$build_os" | sed 's/ /-/g'`;; esac + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking host system type" >&5 +$as_echo_n "checking host system type... " >&6; } +if ${ac_cv_host+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test "x$host_alias" = x; then + ac_cv_host=$ac_cv_build +else + ac_cv_host=`$SHELL "$ac_aux_dir/config.sub" $host_alias` || + as_fn_error $? "$SHELL $ac_aux_dir/config.sub $host_alias failed" "$LINENO" 5 +fi + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_host" >&5 +$as_echo "$ac_cv_host" >&6; } +case $ac_cv_host in +*-*-*) ;; +*) as_fn_error $? "invalid value of canonical host" "$LINENO" 5;; +esac +host=$ac_cv_host +ac_save_IFS=$IFS; IFS='-' +set x $ac_cv_host +shift +host_cpu=$1 +host_vendor=$2 +shift; shift +# Remember, the first character of IFS is used to create $*, +# except with old shells: +host_os=$* +IFS=$ac_save_IFS +case $host_os in *\ *) host_os=`echo "$host_os" | sed 's/ /-/g'`;; esac + + + +am__api_version='1.16' + +# Find a good install program. We prefer a C program (faster), +# so one script is as good as another. But avoid the broken or +# incompatible versions: +# SysV /etc/install, /usr/sbin/install +# SunOS /usr/etc/install +# IRIX /sbin/install +# AIX /bin/install +# AmigaOS /C/install, which installs bootblocks on floppy discs +# AIX 4 /usr/bin/installbsd, which doesn't work without a -g flag +# AFS /usr/afsws/bin/install, which mishandles nonexistent args +# SVR4 /usr/ucb/install, which tries to use the nonexistent group "staff" +# OS/2's system install, which has a completely different semantic +# ./install, which can be erroneously created by make from ./install.sh. +# Reject install programs that cannot install multiple files. +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for a BSD-compatible install" >&5 +$as_echo_n "checking for a BSD-compatible install... " >&6; } +if test -z "$INSTALL"; then +if ${ac_cv_path_install+:} false; then : + $as_echo_n "(cached) " >&6 +else + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + # Account for people who put trailing slashes in PATH elements. +case $as_dir/ in #(( + ./ | .// | /[cC]/* | \ + /etc/* | /usr/sbin/* | /usr/etc/* | /sbin/* | /usr/afsws/bin/* | \ + ?:[\\/]os2[\\/]install[\\/]* | ?:[\\/]OS2[\\/]INSTALL[\\/]* | \ + /usr/ucb/* ) ;; + *) + # OSF1 and SCO ODT 3.0 have their own names for install. + # Don't use installbsd from OSF since it installs stuff as root + # by default. + for ac_prog in ginstall scoinst install; do + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_prog$ac_exec_ext"; then + if test $ac_prog = install && + grep dspmsg "$as_dir/$ac_prog$ac_exec_ext" >/dev/null 2>&1; then + # AIX install. It has an incompatible calling convention. + : + elif test $ac_prog = install && + grep pwplus "$as_dir/$ac_prog$ac_exec_ext" >/dev/null 2>&1; then + # program-specific install script used by HP pwplus--don't use. + : + else + rm -rf conftest.one conftest.two conftest.dir + echo one > conftest.one + echo two > conftest.two + mkdir conftest.dir + if "$as_dir/$ac_prog$ac_exec_ext" -c conftest.one conftest.two "`pwd`/conftest.dir" && + test -s conftest.one && test -s conftest.two && + test -s conftest.dir/conftest.one && + test -s conftest.dir/conftest.two + then + ac_cv_path_install="$as_dir/$ac_prog$ac_exec_ext -c" + break 3 + fi + fi + fi + done + done + ;; +esac + + done +IFS=$as_save_IFS + +rm -rf conftest.one conftest.two conftest.dir + +fi + if test "${ac_cv_path_install+set}" = set; then + INSTALL=$ac_cv_path_install + else + # As a last resort, use the slow shell script. Don't cache a + # value for INSTALL within a source directory, because that will + # break other packages using the cache if that directory is + # removed, or if the value is a relative name. + INSTALL=$ac_install_sh + fi +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $INSTALL" >&5 +$as_echo "$INSTALL" >&6; } + +# Use test -z because SunOS4 sh mishandles braces in ${var-val}. +# It thinks the first close brace ends the variable substitution. +test -z "$INSTALL_PROGRAM" && INSTALL_PROGRAM='${INSTALL}' + +test -z "$INSTALL_SCRIPT" && INSTALL_SCRIPT='${INSTALL}' + +test -z "$INSTALL_DATA" && INSTALL_DATA='${INSTALL} -m 644' + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether build environment is sane" >&5 +$as_echo_n "checking whether build environment is sane... " >&6; } +# Reject unsafe characters in $srcdir or the absolute working directory +# name. Accept space and tab only in the latter. +am_lf=' +' +case `pwd` in + *[\\\"\#\$\&\'\`$am_lf]*) + as_fn_error $? "unsafe absolute working directory name" "$LINENO" 5;; +esac +case $srcdir in + *[\\\"\#\$\&\'\`$am_lf\ \ ]*) + as_fn_error $? "unsafe srcdir value: '$srcdir'" "$LINENO" 5;; +esac + +# Do 'set' in a subshell so we don't clobber the current shell's +# arguments. Must try -L first in case configure is actually a +# symlink; some systems play weird games with the mod time of symlinks +# (eg FreeBSD returns the mod time of the symlink's containing +# directory). +if ( + am_has_slept=no + for am_try in 1 2; do + echo "timestamp, slept: $am_has_slept" > conftest.file + set X `ls -Lt "$srcdir/configure" conftest.file 2> /dev/null` + if test "$*" = "X"; then + # -L didn't work. + set X `ls -t "$srcdir/configure" conftest.file` + fi + if test "$*" != "X $srcdir/configure conftest.file" \ + && test "$*" != "X conftest.file $srcdir/configure"; then + + # If neither matched, then we have a broken ls. This can happen + # if, for instance, CONFIG_SHELL is bash and it inherits a + # broken ls alias from the environment. This has actually + # happened. Such a system could not be considered "sane". + as_fn_error $? "ls -t appears to fail. Make sure there is not a broken + alias in your environment" "$LINENO" 5 + fi + if test "$2" = conftest.file || test $am_try -eq 2; then + break + fi + # Just in case. + sleep 1 + am_has_slept=yes + done + test "$2" = conftest.file + ) +then + # Ok. + : +else + as_fn_error $? "newly created file is older than distributed files! +Check your system clock" "$LINENO" 5 +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } +# If we didn't sleep, we still need to ensure time stamps of config.status and +# generated files are strictly newer. +am_sleep_pid= +if grep 'slept: no' conftest.file >/dev/null 2>&1; then + ( sleep 1 ) & + am_sleep_pid=$! +fi + +rm -f conftest.file + +test "$program_prefix" != NONE && + program_transform_name="s&^&$program_prefix&;$program_transform_name" +# Use a double $ so make ignores it. +test "$program_suffix" != NONE && + program_transform_name="s&\$&$program_suffix&;$program_transform_name" +# Double any \ or $. +# By default was `s,x,x', remove it if useless. +ac_script='s/[\\$]/&&/g;s/;s,x,x,$//' +program_transform_name=`$as_echo "$program_transform_name" | sed "$ac_script"` + +# Expand $ac_aux_dir to an absolute path. +am_aux_dir=`cd "$ac_aux_dir" && pwd` + +if test x"${MISSING+set}" != xset; then + case $am_aux_dir in + *\ * | *\ *) + MISSING="\${SHELL} \"$am_aux_dir/missing\"" ;; + *) + MISSING="\${SHELL} $am_aux_dir/missing" ;; + esac +fi +# Use eval to expand $SHELL +if eval "$MISSING --is-lightweight"; then + am_missing_run="$MISSING " +else + am_missing_run= + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: 'missing' script is too old or missing" >&5 +$as_echo "$as_me: WARNING: 'missing' script is too old or missing" >&2;} +fi + +if test x"${install_sh+set}" != xset; then + case $am_aux_dir in + *\ * | *\ *) + install_sh="\${SHELL} '$am_aux_dir/install-sh'" ;; + *) + install_sh="\${SHELL} $am_aux_dir/install-sh" + esac +fi + +# Installed binaries are usually stripped using 'strip' when the user +# run "make install-strip". However 'strip' might not be the right +# tool to use in cross-compilation environments, therefore Automake +# will honor the 'STRIP' environment variable to overrule this program. +if test "$cross_compiling" != no; then + if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}strip", so it can be a program name with args. +set dummy ${ac_tool_prefix}strip; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_STRIP+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$STRIP"; then + ac_cv_prog_STRIP="$STRIP" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_STRIP="${ac_tool_prefix}strip" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +STRIP=$ac_cv_prog_STRIP +if test -n "$STRIP"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $STRIP" >&5 +$as_echo "$STRIP" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + +fi +if test -z "$ac_cv_prog_STRIP"; then + ac_ct_STRIP=$STRIP + # Extract the first word of "strip", so it can be a program name with args. +set dummy strip; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_ac_ct_STRIP+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$ac_ct_STRIP"; then + ac_cv_prog_ac_ct_STRIP="$ac_ct_STRIP" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_ac_ct_STRIP="strip" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +ac_ct_STRIP=$ac_cv_prog_ac_ct_STRIP +if test -n "$ac_ct_STRIP"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_STRIP" >&5 +$as_echo "$ac_ct_STRIP" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + if test "x$ac_ct_STRIP" = x; then + STRIP=":" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +ac_tool_warned=yes ;; +esac + STRIP=$ac_ct_STRIP + fi +else + STRIP="$ac_cv_prog_STRIP" +fi + +fi +INSTALL_STRIP_PROGRAM="\$(install_sh) -c -s" + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for a thread-safe mkdir -p" >&5 +$as_echo_n "checking for a thread-safe mkdir -p... " >&6; } +if test -z "$MKDIR_P"; then + if ${ac_cv_path_mkdir+:} false; then : + $as_echo_n "(cached) " >&6 +else + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH$PATH_SEPARATOR/opt/sfw/bin +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_prog in mkdir gmkdir; do + for ac_exec_ext in '' $ac_executable_extensions; do + as_fn_executable_p "$as_dir/$ac_prog$ac_exec_ext" || continue + case `"$as_dir/$ac_prog$ac_exec_ext" --version 2>&1` in #( + 'mkdir (GNU coreutils) '* | \ + 'mkdir (coreutils) '* | \ + 'mkdir (fileutils) '4.1*) + ac_cv_path_mkdir=$as_dir/$ac_prog$ac_exec_ext + break 3;; + esac + done + done + done +IFS=$as_save_IFS + +fi + + test -d ./--version && rmdir ./--version + if test "${ac_cv_path_mkdir+set}" = set; then + MKDIR_P="$ac_cv_path_mkdir -p" + else + # As a last resort, use the slow shell script. Don't cache a + # value for MKDIR_P within a source directory, because that will + # break other packages using the cache if that directory is + # removed, or if the value is a relative name. + MKDIR_P="$ac_install_sh -d" + fi +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $MKDIR_P" >&5 +$as_echo "$MKDIR_P" >&6; } + +for ac_prog in gawk mawk nawk awk +do + # Extract the first word of "$ac_prog", so it can be a program name with args. +set dummy $ac_prog; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_AWK+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$AWK"; then + ac_cv_prog_AWK="$AWK" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_AWK="$ac_prog" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +AWK=$ac_cv_prog_AWK +if test -n "$AWK"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $AWK" >&5 +$as_echo "$AWK" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + + test -n "$AWK" && break +done + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether ${MAKE-make} sets \$(MAKE)" >&5 +$as_echo_n "checking whether ${MAKE-make} sets \$(MAKE)... " >&6; } +set x ${MAKE-make} +ac_make=`$as_echo "$2" | sed 's/+/p/g; s/[^a-zA-Z0-9_]/_/g'` +if eval \${ac_cv_prog_make_${ac_make}_set+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat >conftest.make <<\_ACEOF +SHELL = /bin/sh +all: + @echo '@@@%%%=$(MAKE)=@@@%%%' +_ACEOF +# GNU make sometimes prints "make[1]: Entering ...", which would confuse us. +case `${MAKE-make} -f conftest.make 2>/dev/null` in + *@@@%%%=?*=@@@%%%*) + eval ac_cv_prog_make_${ac_make}_set=yes;; + *) + eval ac_cv_prog_make_${ac_make}_set=no;; +esac +rm -f conftest.make +fi +if eval test \$ac_cv_prog_make_${ac_make}_set = yes; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + SET_MAKE= +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + SET_MAKE="MAKE=${MAKE-make}" +fi + +rm -rf .tst 2>/dev/null +mkdir .tst 2>/dev/null +if test -d .tst; then + am__leading_dot=. +else + am__leading_dot=_ +fi +rmdir .tst 2>/dev/null + +# Check whether --enable-silent-rules was given. +if test "${enable_silent_rules+set}" = set; then : + enableval=$enable_silent_rules; +fi + +case $enable_silent_rules in # ((( + yes) AM_DEFAULT_VERBOSITY=0;; + no) AM_DEFAULT_VERBOSITY=1;; + *) AM_DEFAULT_VERBOSITY=1;; +esac +am_make=${MAKE-make} +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $am_make supports nested variables" >&5 +$as_echo_n "checking whether $am_make supports nested variables... " >&6; } +if ${am_cv_make_support_nested_variables+:} false; then : + $as_echo_n "(cached) " >&6 +else + if $as_echo 'TRUE=$(BAR$(V)) +BAR0=false +BAR1=true +V=1 +am__doit: + @$(TRUE) +.PHONY: am__doit' | $am_make -f - >/dev/null 2>&1; then + am_cv_make_support_nested_variables=yes +else + am_cv_make_support_nested_variables=no +fi +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_make_support_nested_variables" >&5 +$as_echo "$am_cv_make_support_nested_variables" >&6; } +if test $am_cv_make_support_nested_variables = yes; then + AM_V='$(V)' + AM_DEFAULT_V='$(AM_DEFAULT_VERBOSITY)' +else + AM_V=$AM_DEFAULT_VERBOSITY + AM_DEFAULT_V=$AM_DEFAULT_VERBOSITY +fi +AM_BACKSLASH='\' + +if test "`cd $srcdir && pwd`" != "`pwd`"; then + # Use -I$(srcdir) only when $(srcdir) != ., so that make's output + # is not polluted with repeated "-I." + am__isrc=' -I$(srcdir)' + # test to see if srcdir already configured + if test -f $srcdir/config.status; then + as_fn_error $? "source directory already configured; run \"make distclean\" there first" "$LINENO" 5 + fi +fi + +# test whether we have cygpath +if test -z "$CYGPATH_W"; then + if (cygpath --version) >/dev/null 2>/dev/null; then + CYGPATH_W='cygpath -w' + else + CYGPATH_W=echo + fi +fi + + +# Define the identity of the package. + PACKAGE='gnutls' + VERSION='3.6.8' + + +cat >>confdefs.h <<_ACEOF +#define PACKAGE "$PACKAGE" +_ACEOF + + +cat >>confdefs.h <<_ACEOF +#define VERSION "$VERSION" +_ACEOF + +# Some tools Automake needs. + +ACLOCAL=${ACLOCAL-"${am_missing_run}aclocal-${am__api_version}"} + + +AUTOCONF=${AUTOCONF-"${am_missing_run}autoconf"} + + +AUTOMAKE=${AUTOMAKE-"${am_missing_run}automake-${am__api_version}"} + + +AUTOHEADER=${AUTOHEADER-"${am_missing_run}autoheader"} + + +MAKEINFO=${MAKEINFO-"${am_missing_run}makeinfo"} + +# For better backward compatibility. To be removed once Automake 1.9.x +# dies out for good. For more background, see: +# +# +mkdir_p='$(MKDIR_P)' + +# We need awk for the "check" target (and possibly the TAP driver). The +# system "awk" is bad on some platforms. +# Always define AMTAR for backward compatibility. Yes, it's still used +# in the wild :-( We should find a proper way to deprecate it ... +AMTAR='$${TAR-tar}' + + +# We'll loop over all known methods to create a tar archive until one works. +_am_tools='gnutar pax cpio none' + +am__tar='$${TAR-tar} chof - "$$tardir"' am__untar='$${TAR-tar} xf -' + + + + + + +# POSIX will say in a future version that running "rm -f" with no argument +# is OK; and we want to be able to make that assumption in our Makefile +# recipes. So use an aggressive probe to check that the usage we want is +# actually supported "in the wild" to an acceptable degree. +# See automake bug#10828. +# To make any issue more visible, cause the running configure to be aborted +# by default if the 'rm' program in use doesn't match our expectations; the +# user can still override this though. +if rm -f && rm -fr && rm -rf; then : OK; else + cat >&2 <<'END' +Oops! + +Your 'rm' program seems unable to run without file operands specified +on the command line, even when the '-f' option is present. This is contrary +to the behaviour of most rm programs out there, and not conforming with +the upcoming POSIX standard: + +Please tell bug-automake@gnu.org about your system, including the value +of your $PATH and any error possibly output before this message. This +can help us improve future automake versions. + +END + if test x"$ACCEPT_INFERIOR_RM_PROGRAM" = x"yes"; then + echo 'Configuration will proceed anyway, since you have set the' >&2 + echo 'ACCEPT_INFERIOR_RM_PROGRAM variable to "yes"' >&2 + echo >&2 + else + cat >&2 <<'END' +Aborting the configuration process, to ensure you take notice of the issue. + +You can download and install GNU coreutils to get an 'rm' implementation +that behaves properly: . + +If you want to complete the configuration process using your problematic +'rm' anyway, export the environment variable ACCEPT_INFERIOR_RM_PROGRAM +to "yes", and re-run configure. + +END + as_fn_error $? "Your 'rm' program is bad, sorry." "$LINENO" 5 + fi +fi + +# Check whether --enable-silent-rules was given. +if test "${enable_silent_rules+set}" = set; then : + enableval=$enable_silent_rules; +fi + +case $enable_silent_rules in # ((( + yes) AM_DEFAULT_VERBOSITY=0;; + no) AM_DEFAULT_VERBOSITY=1;; + *) AM_DEFAULT_VERBOSITY=0;; +esac +am_make=${MAKE-make} +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $am_make supports nested variables" >&5 +$as_echo_n "checking whether $am_make supports nested variables... " >&6; } +if ${am_cv_make_support_nested_variables+:} false; then : + $as_echo_n "(cached) " >&6 +else + if $as_echo 'TRUE=$(BAR$(V)) +BAR0=false +BAR1=true +V=1 +am__doit: + @$(TRUE) +.PHONY: am__doit' | $am_make -f - >/dev/null 2>&1; then + am_cv_make_support_nested_variables=yes +else + am_cv_make_support_nested_variables=no +fi +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_make_support_nested_variables" >&5 +$as_echo "$am_cv_make_support_nested_variables" >&6; } +if test $am_cv_make_support_nested_variables = yes; then + AM_V='$(V)' + AM_DEFAULT_V='$(AM_DEFAULT_VERBOSITY)' +else + AM_V=$AM_DEFAULT_VERBOSITY + AM_DEFAULT_V=$AM_DEFAULT_VERBOSITY +fi +AM_BACKSLASH='\' + +ac_config_headers="$ac_config_headers config.h" + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: *** +*** Checking for compilation programs... +" >&5 +$as_echo "*** +*** Checking for compilation programs... +" >&6; } + + + + + + + + +if test "x$ac_cv_env_PKG_CONFIG_set" != "xset"; then + if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}pkg-config", so it can be a program name with args. +set dummy ${ac_tool_prefix}pkg-config; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_path_PKG_CONFIG+:} false; then : + $as_echo_n "(cached) " >&6 +else + case $PKG_CONFIG in + [\\/]* | ?:[\\/]*) + ac_cv_path_PKG_CONFIG="$PKG_CONFIG" # Let the user override the test with a path. + ;; + *) + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_path_PKG_CONFIG="$as_dir/$ac_word$ac_exec_ext" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + + ;; +esac +fi +PKG_CONFIG=$ac_cv_path_PKG_CONFIG +if test -n "$PKG_CONFIG"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PKG_CONFIG" >&5 +$as_echo "$PKG_CONFIG" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + +fi +if test -z "$ac_cv_path_PKG_CONFIG"; then + ac_pt_PKG_CONFIG=$PKG_CONFIG + # Extract the first word of "pkg-config", so it can be a program name with args. +set dummy pkg-config; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_path_ac_pt_PKG_CONFIG+:} false; then : + $as_echo_n "(cached) " >&6 +else + case $ac_pt_PKG_CONFIG in + [\\/]* | ?:[\\/]*) + ac_cv_path_ac_pt_PKG_CONFIG="$ac_pt_PKG_CONFIG" # Let the user override the test with a path. + ;; + *) + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_path_ac_pt_PKG_CONFIG="$as_dir/$ac_word$ac_exec_ext" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + + ;; +esac +fi +ac_pt_PKG_CONFIG=$ac_cv_path_ac_pt_PKG_CONFIG +if test -n "$ac_pt_PKG_CONFIG"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_pt_PKG_CONFIG" >&5 +$as_echo "$ac_pt_PKG_CONFIG" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + if test "x$ac_pt_PKG_CONFIG" = x; then + PKG_CONFIG="" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +ac_tool_warned=yes ;; +esac + PKG_CONFIG=$ac_pt_PKG_CONFIG + fi +else + PKG_CONFIG="$ac_cv_path_PKG_CONFIG" +fi + +fi +if test -n "$PKG_CONFIG"; then + _pkg_min_version=0.9.0 + { $as_echo "$as_me:${as_lineno-$LINENO}: checking pkg-config is at least version $_pkg_min_version" >&5 +$as_echo_n "checking pkg-config is at least version $_pkg_min_version... " >&6; } + if $PKG_CONFIG --atleast-pkgconfig-version $_pkg_min_version; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + PKG_CONFIG="" + fi +fi +ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu +if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}gcc", so it can be a program name with args. +set dummy ${ac_tool_prefix}gcc; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_CC+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$CC"; then + ac_cv_prog_CC="$CC" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_CC="${ac_tool_prefix}gcc" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +CC=$ac_cv_prog_CC +if test -n "$CC"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 +$as_echo "$CC" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + +fi +if test -z "$ac_cv_prog_CC"; then + ac_ct_CC=$CC + # Extract the first word of "gcc", so it can be a program name with args. +set dummy gcc; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_ac_ct_CC+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$ac_ct_CC"; then + ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_ac_ct_CC="gcc" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +ac_ct_CC=$ac_cv_prog_ac_ct_CC +if test -n "$ac_ct_CC"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5 +$as_echo "$ac_ct_CC" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + if test "x$ac_ct_CC" = x; then + CC="" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +ac_tool_warned=yes ;; +esac + CC=$ac_ct_CC + fi +else + CC="$ac_cv_prog_CC" +fi + +if test -z "$CC"; then + if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}cc", so it can be a program name with args. +set dummy ${ac_tool_prefix}cc; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_CC+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$CC"; then + ac_cv_prog_CC="$CC" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_CC="${ac_tool_prefix}cc" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +CC=$ac_cv_prog_CC +if test -n "$CC"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 +$as_echo "$CC" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + + fi +fi +if test -z "$CC"; then + # Extract the first word of "cc", so it can be a program name with args. +set dummy cc; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_CC+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$CC"; then + ac_cv_prog_CC="$CC" # Let the user override the test. +else + ac_prog_rejected=no +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + if test "$as_dir/$ac_word$ac_exec_ext" = "/usr/ucb/cc"; then + ac_prog_rejected=yes + continue + fi + ac_cv_prog_CC="cc" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +if test $ac_prog_rejected = yes; then + # We found a bogon in the path, so make sure we never use it. + set dummy $ac_cv_prog_CC + shift + if test $# != 0; then + # We chose a different compiler from the bogus one. + # However, it has the same basename, so the bogon will be chosen + # first if we set CC to just the basename; use the full file name. + shift + ac_cv_prog_CC="$as_dir/$ac_word${1+' '}$@" + fi +fi +fi +fi +CC=$ac_cv_prog_CC +if test -n "$CC"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 +$as_echo "$CC" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + +fi +if test -z "$CC"; then + if test -n "$ac_tool_prefix"; then + for ac_prog in cl.exe + do + # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args. +set dummy $ac_tool_prefix$ac_prog; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_CC+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$CC"; then + ac_cv_prog_CC="$CC" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_CC="$ac_tool_prefix$ac_prog" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +CC=$ac_cv_prog_CC +if test -n "$CC"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 +$as_echo "$CC" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + + test -n "$CC" && break + done +fi +if test -z "$CC"; then + ac_ct_CC=$CC + for ac_prog in cl.exe +do + # Extract the first word of "$ac_prog", so it can be a program name with args. +set dummy $ac_prog; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_ac_ct_CC+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$ac_ct_CC"; then + ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_ac_ct_CC="$ac_prog" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +ac_ct_CC=$ac_cv_prog_ac_ct_CC +if test -n "$ac_ct_CC"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5 +$as_echo "$ac_ct_CC" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + + test -n "$ac_ct_CC" && break +done + + if test "x$ac_ct_CC" = x; then + CC="" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +ac_tool_warned=yes ;; +esac + CC=$ac_ct_CC + fi +fi + +fi + + +test -z "$CC" && { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error $? "no acceptable C compiler found in \$PATH +See \`config.log' for more details" "$LINENO" 5; } + +# Provide some information about the compiler. +$as_echo "$as_me:${as_lineno-$LINENO}: checking for C compiler version" >&5 +set X $ac_compile +ac_compiler=$2 +for ac_option in --version -v -V -qversion; do + { { ac_try="$ac_compiler $ac_option >&5" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +$as_echo "$ac_try_echo"; } >&5 + (eval "$ac_compiler $ac_option >&5") 2>conftest.err + ac_status=$? + if test -s conftest.err; then + sed '10a\ +... rest of stderr output deleted ... + 10q' conftest.err >conftest.er1 + cat conftest.er1 >&5 + fi + rm -f conftest.er1 conftest.err + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } +done + +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +ac_clean_files_save=$ac_clean_files +ac_clean_files="$ac_clean_files a.out a.out.dSYM a.exe b.out" +# Try to create an executable without -o first, disregard a.out. +# It will help us diagnose broken compilers, and finding out an intuition +# of exeext. +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the C compiler works" >&5 +$as_echo_n "checking whether the C compiler works... " >&6; } +ac_link_default=`$as_echo "$ac_link" | sed 's/ -o *conftest[^ ]*//'` + +# The possible output files: +ac_files="a.out conftest.exe conftest a.exe a_out.exe b.out conftest.*" + +ac_rmfiles= +for ac_file in $ac_files +do + case $ac_file in + *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) ;; + * ) ac_rmfiles="$ac_rmfiles $ac_file";; + esac +done +rm -f $ac_rmfiles + +if { { ac_try="$ac_link_default" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +$as_echo "$ac_try_echo"; } >&5 + (eval "$ac_link_default") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then : + # Autoconf-2.13 could set the ac_cv_exeext variable to `no'. +# So ignore a value of `no', otherwise this would lead to `EXEEXT = no' +# in a Makefile. We should not override ac_cv_exeext if it was cached, +# so that the user can short-circuit this test for compilers unknown to +# Autoconf. +for ac_file in $ac_files '' +do + test -f "$ac_file" || continue + case $ac_file in + *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) + ;; + [ab].out ) + # We found the default executable, but exeext='' is most + # certainly right. + break;; + *.* ) + if test "${ac_cv_exeext+set}" = set && test "$ac_cv_exeext" != no; + then :; else + ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'` + fi + # We set ac_cv_exeext here because the later test for it is not + # safe: cross compilers may not add the suffix if given an `-o' + # argument, so we may need to know it at that point already. + # Even if this section looks crufty: it has the advantage of + # actually working. + break;; + * ) + break;; + esac +done +test "$ac_cv_exeext" = no && ac_cv_exeext= + +else + ac_file='' +fi +if test -z "$ac_file"; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +$as_echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +{ { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error 77 "C compiler cannot create executables +See \`config.log' for more details" "$LINENO" 5; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for C compiler default output file name" >&5 +$as_echo_n "checking for C compiler default output file name... " >&6; } +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_file" >&5 +$as_echo "$ac_file" >&6; } +ac_exeext=$ac_cv_exeext + +rm -f -r a.out a.out.dSYM a.exe conftest$ac_cv_exeext b.out +ac_clean_files=$ac_clean_files_save +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for suffix of executables" >&5 +$as_echo_n "checking for suffix of executables... " >&6; } +if { { ac_try="$ac_link" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +$as_echo "$ac_try_echo"; } >&5 + (eval "$ac_link") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then : + # If both `conftest.exe' and `conftest' are `present' (well, observable) +# catch `conftest.exe'. For instance with Cygwin, `ls conftest' will +# work properly (i.e., refer to `conftest.exe'), while it won't with +# `rm'. +for ac_file in conftest.exe conftest conftest.*; do + test -f "$ac_file" || continue + case $ac_file in + *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) ;; + *.* ) ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'` + break;; + * ) break;; + esac +done +else + { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error $? "cannot compute suffix of executables: cannot compile and link +See \`config.log' for more details" "$LINENO" 5; } +fi +rm -f conftest conftest$ac_cv_exeext +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_exeext" >&5 +$as_echo "$ac_cv_exeext" >&6; } + +rm -f conftest.$ac_ext +EXEEXT=$ac_cv_exeext +ac_exeext=$EXEEXT +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +int +main () +{ +FILE *f = fopen ("conftest.out", "w"); + return ferror (f) || fclose (f) != 0; + + ; + return 0; +} +_ACEOF +ac_clean_files="$ac_clean_files conftest.out" +# Check that the compiler produces executables we can run. If not, either +# the compiler is broken, or we cross compile. +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are cross compiling" >&5 +$as_echo_n "checking whether we are cross compiling... " >&6; } +if test "$cross_compiling" != yes; then + { { ac_try="$ac_link" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +$as_echo "$ac_try_echo"; } >&5 + (eval "$ac_link") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } + if { ac_try='./conftest$ac_cv_exeext' + { { case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +$as_echo "$ac_try_echo"; } >&5 + (eval "$ac_try") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; }; then + cross_compiling=no + else + if test "$cross_compiling" = maybe; then + cross_compiling=yes + else + { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error $? "cannot run C compiled programs. +If you meant to cross compile, use \`--host'. +See \`config.log' for more details" "$LINENO" 5; } + fi + fi +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $cross_compiling" >&5 +$as_echo "$cross_compiling" >&6; } + +rm -f conftest.$ac_ext conftest$ac_cv_exeext conftest.out +ac_clean_files=$ac_clean_files_save +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for suffix of object files" >&5 +$as_echo_n "checking for suffix of object files... " >&6; } +if ${ac_cv_objext+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +rm -f conftest.o conftest.obj +if { { ac_try="$ac_compile" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +$as_echo "$ac_try_echo"; } >&5 + (eval "$ac_compile") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then : + for ac_file in conftest.o conftest.obj conftest.*; do + test -f "$ac_file" || continue; + case $ac_file in + *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM ) ;; + *) ac_cv_objext=`expr "$ac_file" : '.*\.\(.*\)'` + break;; + esac +done +else + $as_echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +{ { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error $? "cannot compute suffix of object files: cannot compile +See \`config.log' for more details" "$LINENO" 5; } +fi +rm -f conftest.$ac_cv_objext conftest.$ac_ext +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_objext" >&5 +$as_echo "$ac_cv_objext" >&6; } +OBJEXT=$ac_cv_objext +ac_objext=$OBJEXT +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are using the GNU C compiler" >&5 +$as_echo_n "checking whether we are using the GNU C compiler... " >&6; } +if ${ac_cv_c_compiler_gnu+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ +#ifndef __GNUC__ + choke me +#endif + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_compiler_gnu=yes +else + ac_compiler_gnu=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +ac_cv_c_compiler_gnu=$ac_compiler_gnu + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_compiler_gnu" >&5 +$as_echo "$ac_cv_c_compiler_gnu" >&6; } +if test $ac_compiler_gnu = yes; then + GCC=yes +else + GCC= +fi +ac_test_CFLAGS=${CFLAGS+set} +ac_save_CFLAGS=$CFLAGS +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $CC accepts -g" >&5 +$as_echo_n "checking whether $CC accepts -g... " >&6; } +if ${ac_cv_prog_cc_g+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_save_c_werror_flag=$ac_c_werror_flag + ac_c_werror_flag=yes + ac_cv_prog_cc_g=no + CFLAGS="-g" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_cv_prog_cc_g=yes +else + CFLAGS="" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + +else + ac_c_werror_flag=$ac_save_c_werror_flag + CFLAGS="-g" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_cv_prog_cc_g=yes +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + ac_c_werror_flag=$ac_save_c_werror_flag +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_g" >&5 +$as_echo "$ac_cv_prog_cc_g" >&6; } +if test "$ac_test_CFLAGS" = set; then + CFLAGS=$ac_save_CFLAGS +elif test $ac_cv_prog_cc_g = yes; then + if test "$GCC" = yes; then + CFLAGS="-g -O2" + else + CFLAGS="-g" + fi +else + if test "$GCC" = yes; then + CFLAGS="-O2" + else + CFLAGS= + fi +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $CC option to accept ISO C89" >&5 +$as_echo_n "checking for $CC option to accept ISO C89... " >&6; } +if ${ac_cv_prog_cc_c89+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_cv_prog_cc_c89=no +ac_save_CC=$CC +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +#include +struct stat; +/* Most of the following tests are stolen from RCS 5.7's src/conf.sh. */ +struct buf { int x; }; +FILE * (*rcsopen) (struct buf *, struct stat *, int); +static char *e (p, i) + char **p; + int i; +{ + return p[i]; +} +static char *f (char * (*g) (char **, int), char **p, ...) +{ + char *s; + va_list v; + va_start (v,p); + s = g (p, va_arg (v,int)); + va_end (v); + return s; +} + +/* OSF 4.0 Compaq cc is some sort of almost-ANSI by default. It has + function prototypes and stuff, but not '\xHH' hex character constants. + These don't provoke an error unfortunately, instead are silently treated + as 'x'. The following induces an error, until -std is added to get + proper ANSI mode. Curiously '\x00'!='x' always comes out true, for an + array size at least. It's necessary to write '\x00'==0 to get something + that's true only with -std. */ +int osf4_cc_array ['\x00' == 0 ? 1 : -1]; + +/* IBM C 6 for AIX is almost-ANSI by default, but it replaces macro parameters + inside strings and character constants. */ +#define FOO(x) 'x' +int xlc6_cc_array[FOO(a) == 'x' ? 1 : -1]; + +int test (int i, double x); +struct s1 {int (*f) (int a);}; +struct s2 {int (*f) (double a);}; +int pairnames (int, char **, FILE *(*)(struct buf *, struct stat *, int), int, int); +int argc; +char **argv; +int +main () +{ +return f (e, argv, 0) != argv[0] || f (e, argv, 1) != argv[1]; + ; + return 0; +} +_ACEOF +for ac_arg in '' -qlanglvl=extc89 -qlanglvl=ansi -std \ + -Ae "-Aa -D_HPUX_SOURCE" "-Xc -D__EXTENSIONS__" +do + CC="$ac_save_CC $ac_arg" + if ac_fn_c_try_compile "$LINENO"; then : + ac_cv_prog_cc_c89=$ac_arg +fi +rm -f core conftest.err conftest.$ac_objext + test "x$ac_cv_prog_cc_c89" != "xno" && break +done +rm -f conftest.$ac_ext +CC=$ac_save_CC + +fi +# AC_CACHE_VAL +case "x$ac_cv_prog_cc_c89" in + x) + { $as_echo "$as_me:${as_lineno-$LINENO}: result: none needed" >&5 +$as_echo "none needed" >&6; } ;; + xno) + { $as_echo "$as_me:${as_lineno-$LINENO}: result: unsupported" >&5 +$as_echo "unsupported" >&6; } ;; + *) + CC="$CC $ac_cv_prog_cc_c89" + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c89" >&5 +$as_echo "$ac_cv_prog_cc_c89" >&6; } ;; +esac +if test "x$ac_cv_prog_cc_c89" != xno; then : + +fi + +ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu + +ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $CC understands -c and -o together" >&5 +$as_echo_n "checking whether $CC understands -c and -o together... " >&6; } +if ${am_cv_prog_cc_c_o+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF + # Make sure it works both with $CC and with simple cc. + # Following AC_PROG_CC_C_O, we do the test twice because some + # compilers refuse to overwrite an existing .o file with -o, + # though they will create one. + am_cv_prog_cc_c_o=yes + for am_i in 1 2; do + if { echo "$as_me:$LINENO: $CC -c conftest.$ac_ext -o conftest2.$ac_objext" >&5 + ($CC -c conftest.$ac_ext -o conftest2.$ac_objext) >&5 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } \ + && test -f conftest2.$ac_objext; then + : OK + else + am_cv_prog_cc_c_o=no + break + fi + done + rm -f core conftest* + unset am_i +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_prog_cc_c_o" >&5 +$as_echo "$am_cv_prog_cc_c_o" >&6; } +if test "$am_cv_prog_cc_c_o" != yes; then + # Losing compiler, so override with the script. + # FIXME: It is wrong to rewrite CC. + # But if we don't then we get into trouble of one sort or another. + # A longer-term fix would be to have automake use am__CC in this case, + # and then we could set am__CC="\$(top_srcdir)/compile \$(CC)" + CC="$am_aux_dir/compile $CC" +fi +ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu + +DEPDIR="${am__leading_dot}deps" + +ac_config_commands="$ac_config_commands depfiles" + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether ${MAKE-make} supports the include directive" >&5 +$as_echo_n "checking whether ${MAKE-make} supports the include directive... " >&6; } +cat > confinc.mk << 'END' +am__doit: + @echo this is the am__doit target >confinc.out +.PHONY: am__doit +END +am__include="#" +am__quote= +# BSD make does it like this. +echo '.include "confinc.mk" # ignored' > confmf.BSD +# Other make implementations (GNU, Solaris 10, AIX) do it like this. +echo 'include confinc.mk # ignored' > confmf.GNU +_am_result=no +for s in GNU BSD; do + { echo "$as_me:$LINENO: ${MAKE-make} -f confmf.$s && cat confinc.out" >&5 + (${MAKE-make} -f confmf.$s && cat confinc.out) >&5 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } + case $?:`cat confinc.out 2>/dev/null` in #( + '0:this is the am__doit target') : + case $s in #( + BSD) : + am__include='.include' am__quote='"' ;; #( + *) : + am__include='include' am__quote='' ;; +esac ;; #( + *) : + ;; +esac + if test "$am__include" != "#"; then + _am_result="yes ($s style)" + break + fi +done +rm -f confinc.* confmf.* +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: ${_am_result}" >&5 +$as_echo "${_am_result}" >&6; } + +# Check whether --enable-dependency-tracking was given. +if test "${enable_dependency_tracking+set}" = set; then : + enableval=$enable_dependency_tracking; +fi + +if test "x$enable_dependency_tracking" != xno; then + am_depcomp="$ac_aux_dir/depcomp" + AMDEPBACKSLASH='\' + am__nodep='_no' +fi + if test "x$enable_dependency_tracking" != xno; then + AMDEP_TRUE= + AMDEP_FALSE='#' +else + AMDEP_TRUE='#' + AMDEP_FALSE= +fi + + + +depcc="$CC" am_compiler_list= + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking dependency style of $depcc" >&5 +$as_echo_n "checking dependency style of $depcc... " >&6; } +if ${am_cv_CC_dependencies_compiler_type+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -z "$AMDEP_TRUE" && test -f "$am_depcomp"; then + # We make a subdir and do the tests there. Otherwise we can end up + # making bogus files that we don't know about and never remove. For + # instance it was reported that on HP-UX the gcc test will end up + # making a dummy file named 'D' -- because '-MD' means "put the output + # in D". + rm -rf conftest.dir + mkdir conftest.dir + # Copy depcomp to subdir because otherwise we won't find it if we're + # using a relative directory. + cp "$am_depcomp" conftest.dir + cd conftest.dir + # We will build objects and dependencies in a subdirectory because + # it helps to detect inapplicable dependency modes. For instance + # both Tru64's cc and ICC support -MD to output dependencies as a + # side effect of compilation, but ICC will put the dependencies in + # the current directory while Tru64 will put them in the object + # directory. + mkdir sub + + am_cv_CC_dependencies_compiler_type=none + if test "$am_compiler_list" = ""; then + am_compiler_list=`sed -n 's/^#*\([a-zA-Z0-9]*\))$/\1/p' < ./depcomp` + fi + am__universal=false + case " $depcc " in #( + *\ -arch\ *\ -arch\ *) am__universal=true ;; + esac + + for depmode in $am_compiler_list; do + # Setup a source with many dependencies, because some compilers + # like to wrap large dependency lists on column 80 (with \), and + # we should not choose a depcomp mode which is confused by this. + # + # We need to recreate these files for each test, as the compiler may + # overwrite some of them when testing with obscure command lines. + # This happens at least with the AIX C compiler. + : > sub/conftest.c + for i in 1 2 3 4 5 6; do + echo '#include "conftst'$i'.h"' >> sub/conftest.c + # Using ": > sub/conftst$i.h" creates only sub/conftst1.h with + # Solaris 10 /bin/sh. + echo '/* dummy */' > sub/conftst$i.h + done + echo "${am__include} ${am__quote}sub/conftest.Po${am__quote}" > confmf + + # We check with '-c' and '-o' for the sake of the "dashmstdout" + # mode. It turns out that the SunPro C++ compiler does not properly + # handle '-M -o', and we need to detect this. Also, some Intel + # versions had trouble with output in subdirs. + am__obj=sub/conftest.${OBJEXT-o} + am__minus_obj="-o $am__obj" + case $depmode in + gcc) + # This depmode causes a compiler race in universal mode. + test "$am__universal" = false || continue + ;; + nosideeffect) + # After this tag, mechanisms are not by side-effect, so they'll + # only be used when explicitly requested. + if test "x$enable_dependency_tracking" = xyes; then + continue + else + break + fi + ;; + msvc7 | msvc7msys | msvisualcpp | msvcmsys) + # This compiler won't grok '-c -o', but also, the minuso test has + # not run yet. These depmodes are late enough in the game, and + # so weak that their functioning should not be impacted. + am__obj=conftest.${OBJEXT-o} + am__minus_obj= + ;; + none) break ;; + esac + if depmode=$depmode \ + source=sub/conftest.c object=$am__obj \ + depfile=sub/conftest.Po tmpdepfile=sub/conftest.TPo \ + $SHELL ./depcomp $depcc -c $am__minus_obj sub/conftest.c \ + >/dev/null 2>conftest.err && + grep sub/conftst1.h sub/conftest.Po > /dev/null 2>&1 && + grep sub/conftst6.h sub/conftest.Po > /dev/null 2>&1 && + grep $am__obj sub/conftest.Po > /dev/null 2>&1 && + ${MAKE-make} -s -f confmf > /dev/null 2>&1; then + # icc doesn't choke on unknown options, it will just issue warnings + # or remarks (even with -Werror). So we grep stderr for any message + # that says an option was ignored or not supported. + # When given -MP, icc 7.0 and 7.1 complain thusly: + # icc: Command line warning: ignoring option '-M'; no argument required + # The diagnosis changed in icc 8.0: + # icc: Command line remark: option '-MP' not supported + if (grep 'ignoring option' conftest.err || + grep 'not supported' conftest.err) >/dev/null 2>&1; then :; else + am_cv_CC_dependencies_compiler_type=$depmode + break + fi + fi + done + + cd .. + rm -rf conftest.dir +else + am_cv_CC_dependencies_compiler_type=none +fi + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_CC_dependencies_compiler_type" >&5 +$as_echo "$am_cv_CC_dependencies_compiler_type" >&6; } +CCDEPMODE=depmode=$am_cv_CC_dependencies_compiler_type + + if + test "x$enable_dependency_tracking" != xno \ + && test "$am_cv_CC_dependencies_compiler_type" = gcc3; then + am__fastdepCC_TRUE= + am__fastdepCC_FALSE='#' +else + am__fastdepCC_TRUE='#' + am__fastdepCC_FALSE= +fi + + + +ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking how to run the C preprocessor" >&5 +$as_echo_n "checking how to run the C preprocessor... " >&6; } +# On Suns, sometimes $CPP names a directory. +if test -n "$CPP" && test -d "$CPP"; then + CPP= +fi +if test -z "$CPP"; then + if ${ac_cv_prog_CPP+:} false; then : + $as_echo_n "(cached) " >&6 +else + # Double quotes because CPP needs to be expanded + for CPP in "$CC -E" "$CC -E -traditional-cpp" "/lib/cpp" + do + ac_preproc_ok=false +for ac_c_preproc_warn_flag in '' yes +do + # Use a header file that comes with gcc, so configuring glibc + # with a fresh cross-compiler works. + # Prefer to if __STDC__ is defined, since + # exists even on freestanding compilers. + # On the NeXT, cc -E runs the code through the compiler's parser, + # not just through cpp. "Syntax error" is here to catch this case. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#ifdef __STDC__ +# include +#else +# include +#endif + Syntax error +_ACEOF +if ac_fn_c_try_cpp "$LINENO"; then : + +else + # Broken: fails on valid input. +continue +fi +rm -f conftest.err conftest.i conftest.$ac_ext + + # OK, works on sane cases. Now check whether nonexistent headers + # can be detected and how. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +_ACEOF +if ac_fn_c_try_cpp "$LINENO"; then : + # Broken: success on invalid input. +continue +else + # Passes both tests. +ac_preproc_ok=: +break +fi +rm -f conftest.err conftest.i conftest.$ac_ext + +done +# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped. +rm -f conftest.i conftest.err conftest.$ac_ext +if $ac_preproc_ok; then : + break +fi + + done + ac_cv_prog_CPP=$CPP + +fi + CPP=$ac_cv_prog_CPP +else + ac_cv_prog_CPP=$CPP +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $CPP" >&5 +$as_echo "$CPP" >&6; } +ac_preproc_ok=false +for ac_c_preproc_warn_flag in '' yes +do + # Use a header file that comes with gcc, so configuring glibc + # with a fresh cross-compiler works. + # Prefer to if __STDC__ is defined, since + # exists even on freestanding compilers. + # On the NeXT, cc -E runs the code through the compiler's parser, + # not just through cpp. "Syntax error" is here to catch this case. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#ifdef __STDC__ +# include +#else +# include +#endif + Syntax error +_ACEOF +if ac_fn_c_try_cpp "$LINENO"; then : + +else + # Broken: fails on valid input. +continue +fi +rm -f conftest.err conftest.i conftest.$ac_ext + + # OK, works on sane cases. Now check whether nonexistent headers + # can be detected and how. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +_ACEOF +if ac_fn_c_try_cpp "$LINENO"; then : + # Broken: success on invalid input. +continue +else + # Passes both tests. +ac_preproc_ok=: +break +fi +rm -f conftest.err conftest.i conftest.$ac_ext + +done +# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped. +rm -f conftest.i conftest.err conftest.$ac_ext +if $ac_preproc_ok; then : + +else + { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error $? "C preprocessor \"$CPP\" fails sanity check +See \`config.log' for more details" "$LINENO" 5; } +fi + +ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for grep that handles long lines and -e" >&5 +$as_echo_n "checking for grep that handles long lines and -e... " >&6; } +if ${ac_cv_path_GREP+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -z "$GREP"; then + ac_path_GREP_found=false + # Loop through the user's path and test for each of PROGNAME-LIST + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_prog in grep ggrep; do + for ac_exec_ext in '' $ac_executable_extensions; do + ac_path_GREP="$as_dir/$ac_prog$ac_exec_ext" + as_fn_executable_p "$ac_path_GREP" || continue +# Check for GNU ac_path_GREP and select it if it is found. + # Check for GNU $ac_path_GREP +case `"$ac_path_GREP" --version 2>&1` in +*GNU*) + ac_cv_path_GREP="$ac_path_GREP" ac_path_GREP_found=:;; +*) + ac_count=0 + $as_echo_n 0123456789 >"conftest.in" + while : + do + cat "conftest.in" "conftest.in" >"conftest.tmp" + mv "conftest.tmp" "conftest.in" + cp "conftest.in" "conftest.nl" + $as_echo 'GREP' >> "conftest.nl" + "$ac_path_GREP" -e 'GREP$' -e '-(cannot match)-' < "conftest.nl" >"conftest.out" 2>/dev/null || break + diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break + as_fn_arith $ac_count + 1 && ac_count=$as_val + if test $ac_count -gt ${ac_path_GREP_max-0}; then + # Best one so far, save it but keep looking for a better one + ac_cv_path_GREP="$ac_path_GREP" + ac_path_GREP_max=$ac_count + fi + # 10*(2^10) chars as input seems more than enough + test $ac_count -gt 10 && break + done + rm -f conftest.in conftest.tmp conftest.nl conftest.out;; +esac + + $ac_path_GREP_found && break 3 + done + done + done +IFS=$as_save_IFS + if test -z "$ac_cv_path_GREP"; then + as_fn_error $? "no acceptable grep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5 + fi +else + ac_cv_path_GREP=$GREP +fi + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_GREP" >&5 +$as_echo "$ac_cv_path_GREP" >&6; } + GREP="$ac_cv_path_GREP" + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for egrep" >&5 +$as_echo_n "checking for egrep... " >&6; } +if ${ac_cv_path_EGREP+:} false; then : + $as_echo_n "(cached) " >&6 +else + if echo a | $GREP -E '(a|b)' >/dev/null 2>&1 + then ac_cv_path_EGREP="$GREP -E" + else + if test -z "$EGREP"; then + ac_path_EGREP_found=false + # Loop through the user's path and test for each of PROGNAME-LIST + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_prog in egrep; do + for ac_exec_ext in '' $ac_executable_extensions; do + ac_path_EGREP="$as_dir/$ac_prog$ac_exec_ext" + as_fn_executable_p "$ac_path_EGREP" || continue +# Check for GNU ac_path_EGREP and select it if it is found. + # Check for GNU $ac_path_EGREP +case `"$ac_path_EGREP" --version 2>&1` in +*GNU*) + ac_cv_path_EGREP="$ac_path_EGREP" ac_path_EGREP_found=:;; +*) + ac_count=0 + $as_echo_n 0123456789 >"conftest.in" + while : + do + cat "conftest.in" "conftest.in" >"conftest.tmp" + mv "conftest.tmp" "conftest.in" + cp "conftest.in" "conftest.nl" + $as_echo 'EGREP' >> "conftest.nl" + "$ac_path_EGREP" 'EGREP$' < "conftest.nl" >"conftest.out" 2>/dev/null || break + diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break + as_fn_arith $ac_count + 1 && ac_count=$as_val + if test $ac_count -gt ${ac_path_EGREP_max-0}; then + # Best one so far, save it but keep looking for a better one + ac_cv_path_EGREP="$ac_path_EGREP" + ac_path_EGREP_max=$ac_count + fi + # 10*(2^10) chars as input seems more than enough + test $ac_count -gt 10 && break + done + rm -f conftest.in conftest.tmp conftest.nl conftest.out;; +esac + + $ac_path_EGREP_found && break 3 + done + done + done +IFS=$as_save_IFS + if test -z "$ac_cv_path_EGREP"; then + as_fn_error $? "no acceptable egrep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5 + fi +else + ac_cv_path_EGREP=$EGREP +fi + + fi +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_EGREP" >&5 +$as_echo "$ac_cv_path_EGREP" >&6; } + EGREP="$ac_cv_path_EGREP" + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for ANSI C header files" >&5 +$as_echo_n "checking for ANSI C header files... " >&6; } +if ${ac_cv_header_stdc+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +#include +#include +#include + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_cv_header_stdc=yes +else + ac_cv_header_stdc=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + +if test $ac_cv_header_stdc = yes; then + # SunOS 4.x string.h does not declare mem*, contrary to ANSI. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + +_ACEOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + $EGREP "memchr" >/dev/null 2>&1; then : + +else + ac_cv_header_stdc=no +fi +rm -f conftest* + +fi + +if test $ac_cv_header_stdc = yes; then + # ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + +_ACEOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + $EGREP "free" >/dev/null 2>&1; then : + +else + ac_cv_header_stdc=no +fi +rm -f conftest* + +fi + +if test $ac_cv_header_stdc = yes; then + # /bin/cc in Irix-4.0.5 gets non-ANSI ctype macros unless using -ansi. + if test "$cross_compiling" = yes; then : + : +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +#include +#if ((' ' & 0x0FF) == 0x020) +# define ISLOWER(c) ('a' <= (c) && (c) <= 'z') +# define TOUPPER(c) (ISLOWER(c) ? 'A' + ((c) - 'a') : (c)) +#else +# define ISLOWER(c) \ + (('a' <= (c) && (c) <= 'i') \ + || ('j' <= (c) && (c) <= 'r') \ + || ('s' <= (c) && (c) <= 'z')) +# define TOUPPER(c) (ISLOWER(c) ? ((c) | 0x40) : (c)) +#endif + +#define XOR(e, f) (((e) && !(f)) || (!(e) && (f))) +int +main () +{ + int i; + for (i = 0; i < 256; i++) + if (XOR (islower (i), ISLOWER (i)) + || toupper (i) != TOUPPER (i)) + return 2; + return 0; +} +_ACEOF +if ac_fn_c_try_run "$LINENO"; then : + +else + ac_cv_header_stdc=no +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + +fi +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_header_stdc" >&5 +$as_echo "$ac_cv_header_stdc" >&6; } +if test $ac_cv_header_stdc = yes; then + +$as_echo "#define STDC_HEADERS 1" >>confdefs.h + +fi + +# On IRIX 5.3, sys/types and inttypes.h are conflicting. +for ac_header in sys/types.h sys/stat.h stdlib.h string.h memory.h strings.h \ + inttypes.h stdint.h unistd.h +do : + as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` +ac_fn_c_check_header_compile "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default +" +if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : + cat >>confdefs.h <<_ACEOF +#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 +_ACEOF + +fi + +done + + + + ac_fn_c_check_header_mongrel "$LINENO" "minix/config.h" "ac_cv_header_minix_config_h" "$ac_includes_default" +if test "x$ac_cv_header_minix_config_h" = xyes; then : + MINIX=yes +else + MINIX= +fi + + + if test "$MINIX" = yes; then + +$as_echo "#define _POSIX_SOURCE 1" >>confdefs.h + + +$as_echo "#define _POSIX_1_SOURCE 2" >>confdefs.h + + +$as_echo "#define _MINIX 1" >>confdefs.h + + +$as_echo "#define _NETBSD_SOURCE 1" >>confdefs.h + + fi + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether it is safe to define __EXTENSIONS__" >&5 +$as_echo_n "checking whether it is safe to define __EXTENSIONS__... " >&6; } +if ${ac_cv_safe_to_define___extensions__+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +# define __EXTENSIONS__ 1 + $ac_includes_default +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_cv_safe_to_define___extensions__=yes +else + ac_cv_safe_to_define___extensions__=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_safe_to_define___extensions__" >&5 +$as_echo "$ac_cv_safe_to_define___extensions__" >&6; } + test $ac_cv_safe_to_define___extensions__ = yes && + $as_echo "#define __EXTENSIONS__ 1" >>confdefs.h + + $as_echo "#define _ALL_SOURCE 1" >>confdefs.h + + $as_echo "#define _DARWIN_C_SOURCE 1" >>confdefs.h + + $as_echo "#define _GNU_SOURCE 1" >>confdefs.h + + $as_echo "#define _NETBSD_SOURCE 1" >>confdefs.h + + $as_echo "#define _OPENBSD_SOURCE 1" >>confdefs.h + + $as_echo "#define _POSIX_PTHREAD_SEMANTICS 1" >>confdefs.h + + $as_echo "#define __STDC_WANT_IEC_60559_ATTRIBS_EXT__ 1" >>confdefs.h + + $as_echo "#define __STDC_WANT_IEC_60559_BFP_EXT__ 1" >>confdefs.h + + $as_echo "#define __STDC_WANT_IEC_60559_DFP_EXT__ 1" >>confdefs.h + + $as_echo "#define __STDC_WANT_IEC_60559_FUNCS_EXT__ 1" >>confdefs.h + + $as_echo "#define __STDC_WANT_IEC_60559_TYPES_EXT__ 1" >>confdefs.h + + $as_echo "#define __STDC_WANT_LIB_EXT2__ 1" >>confdefs.h + + $as_echo "#define __STDC_WANT_MATH_SPEC_FUNCS__ 1" >>confdefs.h + + $as_echo "#define _TANDEM_SOURCE 1" >>confdefs.h + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether _XOPEN_SOURCE should be defined" >&5 +$as_echo_n "checking whether _XOPEN_SOURCE should be defined... " >&6; } +if ${ac_cv_should_define__xopen_source+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_cv_should_define__xopen_source=no + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + #include + mbstate_t x; +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + #define _XOPEN_SOURCE 500 + #include + mbstate_t x; +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_cv_should_define__xopen_source=yes +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_should_define__xopen_source" >&5 +$as_echo "$ac_cv_should_define__xopen_source" >&6; } + test $ac_cv_should_define__xopen_source = yes && + $as_echo "#define _XOPEN_SOURCE 500" >>confdefs.h + + $as_echo "#define _HPUX_ALT_XOPEN_SOCKET_API 1" >>confdefs.h + + + + + + + + + + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for Minix Amsterdam compiler" >&5 +$as_echo_n "checking for Minix Amsterdam compiler... " >&6; } +if ${gl_cv_c_amsterdam_compiler+:} false; then : + $as_echo_n "(cached) " >&6 +else + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#ifdef __ACK__ +Amsterdam +#endif + +_ACEOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + $EGREP "Amsterdam" >/dev/null 2>&1; then : + gl_cv_c_amsterdam_compiler=yes +else + gl_cv_c_amsterdam_compiler=no +fi +rm -f conftest* + + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_c_amsterdam_compiler" >&5 +$as_echo "$gl_cv_c_amsterdam_compiler" >&6; } + + if test $gl_cv_c_amsterdam_compiler = yes; then + if test -z "$AR"; then + AR='cc -c.a' + fi + if test -z "$ARFLAGS"; then + ARFLAGS='-o' + fi + else + if test -n "$ac_tool_prefix"; then + for ac_prog in ar lib "link -lib" + do + # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args. +set dummy $ac_tool_prefix$ac_prog; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_AR+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$AR"; then + ac_cv_prog_AR="$AR" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_AR="$ac_tool_prefix$ac_prog" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +AR=$ac_cv_prog_AR +if test -n "$AR"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $AR" >&5 +$as_echo "$AR" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + + test -n "$AR" && break + done +fi +if test -z "$AR"; then + ac_ct_AR=$AR + for ac_prog in ar lib "link -lib" +do + # Extract the first word of "$ac_prog", so it can be a program name with args. +set dummy $ac_prog; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_ac_ct_AR+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$ac_ct_AR"; then + ac_cv_prog_ac_ct_AR="$ac_ct_AR" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_ac_ct_AR="$ac_prog" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +ac_ct_AR=$ac_cv_prog_ac_ct_AR +if test -n "$ac_ct_AR"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_AR" >&5 +$as_echo "$ac_ct_AR" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + + test -n "$ac_ct_AR" && break +done + + if test "x$ac_ct_AR" = x; then + AR="false" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +ac_tool_warned=yes ;; +esac + AR=$ac_ct_AR + fi +fi + +: ${AR=ar} + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking the archiver ($AR) interface" >&5 +$as_echo_n "checking the archiver ($AR) interface... " >&6; } +if ${am_cv_ar_interface+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu + + am_cv_ar_interface=ar + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +int some_variable = 0; +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + am_ar_try='$AR cru libconftest.a conftest.$ac_objext >&5' + { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$am_ar_try\""; } >&5 + (eval $am_ar_try) 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } + if test "$ac_status" -eq 0; then + am_cv_ar_interface=ar + else + am_ar_try='$AR -NOLOGO -OUT:conftest.lib conftest.$ac_objext >&5' + { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$am_ar_try\""; } >&5 + (eval $am_ar_try) 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } + if test "$ac_status" -eq 0; then + am_cv_ar_interface=lib + else + am_cv_ar_interface=unknown + fi + fi + rm -f conftest.lib libconftest.a + +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_ar_interface" >&5 +$as_echo "$am_cv_ar_interface" >&6; } + +case $am_cv_ar_interface in +ar) + ;; +lib) + # Microsoft lib, so override with the ar-lib wrapper script. + # FIXME: It is wrong to rewrite AR. + # But if we don't then we get into trouble of one sort or another. + # A longer-term fix would be to have automake use am__AR in this case, + # and then we could set am__AR="$am_aux_dir/ar-lib \$(AR)" or something + # similar. + AR="$am_aux_dir/ar-lib $AR" + ;; +unknown) + as_fn_error $? "could not determine $AR interface" "$LINENO" 5 + ;; +esac + + fi + + if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}ar", so it can be a program name with args. +set dummy ${ac_tool_prefix}ar; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_AR+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$AR"; then + ac_cv_prog_AR="$AR" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_AR="${ac_tool_prefix}ar" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +AR=$ac_cv_prog_AR +if test -n "$AR"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $AR" >&5 +$as_echo "$AR" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + +fi +if test -z "$ac_cv_prog_AR"; then + ac_ct_AR=$AR + # Extract the first word of "ar", so it can be a program name with args. +set dummy ar; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_ac_ct_AR+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$ac_ct_AR"; then + ac_cv_prog_ac_ct_AR="$ac_ct_AR" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_ac_ct_AR="ar" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +ac_ct_AR=$ac_cv_prog_ac_ct_AR +if test -n "$ac_ct_AR"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_AR" >&5 +$as_echo "$ac_ct_AR" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + if test "x$ac_ct_AR" = x; then + AR="ar" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +ac_tool_warned=yes ;; +esac + AR=$ac_ct_AR + fi +else + AR="$ac_cv_prog_AR" +fi + + if test -z "$ARFLAGS"; then + ARFLAGS='cr' + fi + + + + if test -z "$RANLIB"; then + if test $gl_cv_c_amsterdam_compiler = yes; then + RANLIB=':' + else + if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}ranlib", so it can be a program name with args. +set dummy ${ac_tool_prefix}ranlib; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_RANLIB+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$RANLIB"; then + ac_cv_prog_RANLIB="$RANLIB" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_RANLIB="${ac_tool_prefix}ranlib" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +RANLIB=$ac_cv_prog_RANLIB +if test -n "$RANLIB"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $RANLIB" >&5 +$as_echo "$RANLIB" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + +fi +if test -z "$ac_cv_prog_RANLIB"; then + ac_ct_RANLIB=$RANLIB + # Extract the first word of "ranlib", so it can be a program name with args. +set dummy ranlib; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_ac_ct_RANLIB+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$ac_ct_RANLIB"; then + ac_cv_prog_ac_ct_RANLIB="$ac_ct_RANLIB" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_ac_ct_RANLIB="ranlib" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +ac_ct_RANLIB=$ac_cv_prog_ac_ct_RANLIB +if test -n "$ac_ct_RANLIB"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_RANLIB" >&5 +$as_echo "$ac_ct_RANLIB" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + if test "x$ac_ct_RANLIB" = x; then + RANLIB=":" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +ac_tool_warned=yes ;; +esac + RANLIB=$ac_ct_RANLIB + fi +else + RANLIB="$ac_cv_prog_RANLIB" +fi + + fi + fi + + + + + + # IEEE behaviour is the default on all CPUs except Alpha and SH + # (according to the test results of Bruno Haible's ieeefp/fenv_default.m4 + # and the GCC 4.1.2 manual). + case "$host_cpu" in + alpha*) + # On Alpha systems, a compiler option provides the behaviour. + # See the ieee(3) manual page, also available at + # + if test -n "$GCC"; then + # GCC has the option -mieee. + # For full IEEE compliance (rarely needed), use option -mieee-with-inexact. + CPPFLAGS="$CPPFLAGS -mieee" + else + # Compaq (ex-DEC) C has the option -ieee, equivalent to -ieee_with_no_inexact. + # For full IEEE compliance (rarely needed), use option -ieee_with_inexact. + CPPFLAGS="$CPPFLAGS -ieee" + fi + ;; + sh*) + if test -n "$GCC"; then + # GCC has the option -mieee. + CPPFLAGS="$CPPFLAGS -mieee" + fi + ;; + esac + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for _LARGEFILE_SOURCE value needed for large files" >&5 +$as_echo_n "checking for _LARGEFILE_SOURCE value needed for large files... " >&6; } +if ${ac_cv_sys_largefile_source+:} false; then : + $as_echo_n "(cached) " >&6 +else + while :; do + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include /* for off_t */ + #include +int +main () +{ +int (*fp) (FILE *, off_t, int) = fseeko; + return fseeko (stdin, 0, 0) && fp (stdin, 0, 0); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + ac_cv_sys_largefile_source=no; break +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#define _LARGEFILE_SOURCE 1 +#include /* for off_t */ + #include +int +main () +{ +int (*fp) (FILE *, off_t, int) = fseeko; + return fseeko (stdin, 0, 0) && fp (stdin, 0, 0); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + ac_cv_sys_largefile_source=1; break +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + ac_cv_sys_largefile_source=unknown + break +done +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sys_largefile_source" >&5 +$as_echo "$ac_cv_sys_largefile_source" >&6; } +case $ac_cv_sys_largefile_source in #( + no | unknown) ;; + *) +cat >>confdefs.h <<_ACEOF +#define _LARGEFILE_SOURCE $ac_cv_sys_largefile_source +_ACEOF +;; +esac +rm -rf conftest* + +# We used to try defining _XOPEN_SOURCE=500 too, to work around a bug +# in glibc 2.1.3, but that breaks too many other things. +# If you want fseeko and ftello with glibc, upgrade to a fixed glibc. +if test $ac_cv_sys_largefile_source != unknown; then + +$as_echo "#define HAVE_FSEEKO 1" >>confdefs.h + +fi + +# Check whether --enable-largefile was given. +if test "${enable_largefile+set}" = set; then : + enableval=$enable_largefile; +fi + +if test "$enable_largefile" != no; then + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for special C compiler options needed for large files" >&5 +$as_echo_n "checking for special C compiler options needed for large files... " >&6; } +if ${ac_cv_sys_largefile_CC+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_cv_sys_largefile_CC=no + if test "$GCC" != yes; then + ac_save_CC=$CC + while :; do + # IRIX 6.2 and later do not support large files by default, + # so use the C compiler's -n32 option if that helps. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + /* Check that off_t can represent 2**63 - 1 correctly. + We can't simply define LARGE_OFF_T to be 9223372036854775807, + since some C++ compilers masquerading as C compilers + incorrectly reject 9223372036854775807. */ +#define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62)) + int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721 + && LARGE_OFF_T % 2147483647 == 1) + ? 1 : -1]; +int +main () +{ + + ; + return 0; +} +_ACEOF + if ac_fn_c_try_compile "$LINENO"; then : + break +fi +rm -f core conftest.err conftest.$ac_objext + CC="$CC -n32" + if ac_fn_c_try_compile "$LINENO"; then : + ac_cv_sys_largefile_CC=' -n32'; break +fi +rm -f core conftest.err conftest.$ac_objext + break + done + CC=$ac_save_CC + rm -f conftest.$ac_ext + fi +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sys_largefile_CC" >&5 +$as_echo "$ac_cv_sys_largefile_CC" >&6; } + if test "$ac_cv_sys_largefile_CC" != no; then + CC=$CC$ac_cv_sys_largefile_CC + fi + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for _FILE_OFFSET_BITS value needed for large files" >&5 +$as_echo_n "checking for _FILE_OFFSET_BITS value needed for large files... " >&6; } +if ${ac_cv_sys_file_offset_bits+:} false; then : + $as_echo_n "(cached) " >&6 +else + while :; do + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + /* Check that off_t can represent 2**63 - 1 correctly. + We can't simply define LARGE_OFF_T to be 9223372036854775807, + since some C++ compilers masquerading as C compilers + incorrectly reject 9223372036854775807. */ +#define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62)) + int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721 + && LARGE_OFF_T % 2147483647 == 1) + ? 1 : -1]; +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_cv_sys_file_offset_bits=no; break +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#define _FILE_OFFSET_BITS 64 +#include + /* Check that off_t can represent 2**63 - 1 correctly. + We can't simply define LARGE_OFF_T to be 9223372036854775807, + since some C++ compilers masquerading as C compilers + incorrectly reject 9223372036854775807. */ +#define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62)) + int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721 + && LARGE_OFF_T % 2147483647 == 1) + ? 1 : -1]; +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_cv_sys_file_offset_bits=64; break +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + ac_cv_sys_file_offset_bits=unknown + break +done +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sys_file_offset_bits" >&5 +$as_echo "$ac_cv_sys_file_offset_bits" >&6; } +case $ac_cv_sys_file_offset_bits in #( + no | unknown) ;; + *) +cat >>confdefs.h <<_ACEOF +#define _FILE_OFFSET_BITS $ac_cv_sys_file_offset_bits +_ACEOF +;; +esac +rm -rf conftest* + if test $ac_cv_sys_file_offset_bits = unknown; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for _LARGE_FILES value needed for large files" >&5 +$as_echo_n "checking for _LARGE_FILES value needed for large files... " >&6; } +if ${ac_cv_sys_large_files+:} false; then : + $as_echo_n "(cached) " >&6 +else + while :; do + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + /* Check that off_t can represent 2**63 - 1 correctly. + We can't simply define LARGE_OFF_T to be 9223372036854775807, + since some C++ compilers masquerading as C compilers + incorrectly reject 9223372036854775807. */ +#define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62)) + int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721 + && LARGE_OFF_T % 2147483647 == 1) + ? 1 : -1]; +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_cv_sys_large_files=no; break +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#define _LARGE_FILES 1 +#include + /* Check that off_t can represent 2**63 - 1 correctly. + We can't simply define LARGE_OFF_T to be 9223372036854775807, + since some C++ compilers masquerading as C compilers + incorrectly reject 9223372036854775807. */ +#define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62)) + int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721 + && LARGE_OFF_T % 2147483647 == 1) + ? 1 : -1]; +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_cv_sys_large_files=1; break +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + ac_cv_sys_large_files=unknown + break +done +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sys_large_files" >&5 +$as_echo "$ac_cv_sys_large_files" >&6; } +case $ac_cv_sys_large_files in #( + no | unknown) ;; + *) +cat >>confdefs.h <<_ACEOF +#define _LARGE_FILES $ac_cv_sys_large_files +_ACEOF +;; +esac +rm -rf conftest* + fi + + +$as_echo "#define _DARWIN_USE_64_BIT_INODE 1" >>confdefs.h + +fi + + + + + + + # Check whether --enable-threads was given. +if test "${enable_threads+set}" = set; then : + enableval=$enable_threads; gl_use_threads=$enableval +else + if test -n "$gl_use_threads_default"; then + gl_use_threads="$gl_use_threads_default" + else + case "$host_os" in + osf*) gl_use_threads=no ;; + cygwin*) + case `uname -r` in + 1.[0-5].*) gl_use_threads=no ;; + *) gl_use_threads=yes ;; + esac + ;; + *) gl_use_threads=yes ;; + esac + fi + +fi + + if test "$gl_use_threads" = yes || test "$gl_use_threads" = posix; then + # For using : + case "$host_os" in + osf*) + # On OSF/1, the compiler needs the flag -D_REENTRANT so that it + # groks . cc also understands the flag -pthread, but + # we don't use it because 1. gcc-2.95 doesn't understand -pthread, + # 2. putting a flag into CPPFLAGS that has an effect on the linker + # causes the AC_LINK_IFELSE test below to succeed unexpectedly, + # leading to wrong values of LIBTHREAD and LTLIBTHREAD. + CPPFLAGS="$CPPFLAGS -D_REENTRANT" + ;; + esac + # Some systems optimize for single-threaded programs by default, and + # need special flags to disable these optimizations. For example, the + # definition of 'errno' in . + case "$host_os" in + aix* | freebsd*) CPPFLAGS="$CPPFLAGS -D_THREAD_SAFE" ;; + solaris*) CPPFLAGS="$CPPFLAGS -D_REENTRANT" ;; + esac + fi + + + + # Pre-early section. + + + + # Code from module absolute-header: + # Code from module accept: + # Code from module accept-tests: + # Code from module alloca: + # Code from module alloca-opt: + # Code from module alloca-opt-tests: + # Code from module arpa_inet: + # Code from module arpa_inet-tests: + # Code from module binary-io: + # Code from module binary-io-tests: + # Code from module bind: + # Code from module bind-tests: + # Code from module builtin-expect: + # Code from module byteswap: + # Code from module byteswap-tests: + # Code from module c-ctype: + # Code from module c-ctype-tests: + # Code from module c-strcase: + # Code from module c-strcase-tests: + # Code from module cloexec: + # Code from module cloexec-tests: + # Code from module close: + # Code from module close-tests: + # Code from module connect: + # Code from module connect-tests: + # Code from module ctype: + # Code from module ctype-tests: + # Code from module dosname: + # Code from module dup2: + # Code from module dup2-tests: + # Code from module environ: + # Code from module environ-tests: + # Code from module errno: + # Code from module errno-tests: + # Code from module extensions: + # Code from module extern-inline: + # Code from module fcntl: + # Code from module fcntl-h: + # Code from module fcntl-h-tests: + # Code from module fcntl-tests: + # Code from module fd-hook: + # Code from module fdopen: + # Code from module fdopen-tests: + # Code from module fgetc-tests: + # Code from module filename: + # Code from module flexmember: + # Code from module float: + # Code from module float-tests: + # Code from module fpieee: + + # Code from module fpucw: + # Code from module fputc-tests: + # Code from module fread-tests: + # Code from module fstat: + # Code from module fstat-tests: + # Code from module ftell: + # Code from module ftell-tests: + # Code from module ftello: + + # Code from module ftello-tests: + # Code from module ftruncate: + # Code from module ftruncate-tests: + # Code from module func: + # Code from module func-tests: + # Code from module fwrite-tests: + # Code from module gendocs: + # Code from module getcwd-lgpl: + # Code from module getcwd-lgpl-tests: + # Code from module getdelim: + # Code from module getdelim-tests: + # Code from module getdtablesize: + # Code from module getdtablesize-tests: + # Code from module getline: + # Code from module getline-tests: + # Code from module getpagesize: + # Code from module gettext-h: + # Code from module gettimeofday: + # Code from module gettimeofday-tests: + # Code from module gnumakefile: + # Code from module hash-pjw-bare: + # Code from module havelib: + # Code from module ignore-value: + # Code from module ignore-value-tests: + # Code from module include_next: + # Code from module inet_ntop: + # Code from module inet_ntop-tests: + # Code from module inet_pton: + # Code from module inet_pton-tests: + # Code from module intprops: + # Code from module intprops-tests: + # Code from module inttypes: + # Code from module inttypes-incomplete: + # Code from module inttypes-tests: + # Code from module ioctl: + # Code from module ioctl-tests: + # Code from module isblank: + # Code from module isblank-tests: + # Code from module langinfo: + # Code from module langinfo-tests: + # Code from module largefile: + + # Code from module lib-msvc-compat: + # Code from module lib-symbol-versions: + # Code from module limits-h: + # Code from module limits-h-tests: + # Code from module listen: + # Code from module listen-tests: + # Code from module locale: + # Code from module locale-tests: + # Code from module localename: + # Code from module localename-tests: + # Code from module localtime-buffer: + # Code from module lock: + # Code from module lseek: + # Code from module lstat: + # Code from module lstat-tests: + # Code from module maintainer-makefile: + # Code from module malloc-posix: + # Code from module malloca: + # Code from module malloca-tests: + # Code from module manywarnings: + # Code from module memchr: + # Code from module memchr-tests: + # Code from module memmem-simple: + # Code from module minmax: + # Code from module msvc-inval: + # Code from module msvc-nothrow: + # Code from module multiarch: + # Code from module nanosleep: + # Code from module nanosleep-tests: + # Code from module netdb: + # Code from module netdb-tests: + # Code from module netinet_in: + # Code from module netinet_in-tests: + # Code from module open: + # Code from module open-tests: + # Code from module pathmax: + # Code from module pathmax-tests: + # Code from module perror: + # Code from module perror-tests: + # Code from module pipe-posix: + # Code from module pipe-posix-tests: + # Code from module pmccabe2html: + # Code from module putenv: + # Code from module raise: + # Code from module raise-tests: + # Code from module read-file: + # Code from module read-file-tests: + # Code from module realloc-posix: + # Code from module same-inode: + # Code from module secure_getenv: + # Code from module select: + # Code from module select-tests: + # Code from module setenv: + # Code from module setenv-tests: + # Code from module setlocale: + # Code from module setlocale-tests: + # Code from module setsockopt: + # Code from module setsockopt-tests: + # Code from module sigaction: + # Code from module sigaction-tests: + # Code from module signal-h: + # Code from module signal-h-tests: + # Code from module sigprocmask: + # Code from module sigprocmask-tests: + # Code from module size_max: + # Code from module sleep: + # Code from module sleep-tests: + # Code from module snippet/_Noreturn: + # Code from module snippet/arg-nonnull: + # Code from module snippet/c++defs: + # Code from module snippet/warn-on-use: + # Code from module snprintf: + # Code from module snprintf-tests: + # Code from module socket: + # Code from module socketlib: + # Code from module sockets: + # Code from module sockets-tests: + # Code from module socklen: + # Code from module ssize_t: + # Code from module stat: + # Code from module stat-tests: + # Code from module stat-time: + # Code from module stat-time-tests: + # Code from module stdalign: + # Code from module stdalign-tests: + # Code from module stdbool: + # Code from module stdbool-tests: + # Code from module stddef: + # Code from module stddef-tests: + # Code from module stdint: + # Code from module stdint-tests: + # Code from module stdio: + # Code from module stdio-tests: + # Code from module stdlib: + # Code from module stdlib-tests: + # Code from module strcase: + # Code from module strdup-posix: + # Code from module strerror: + # Code from module strerror-override: + # Code from module strerror-tests: + # Code from module strerror_r-posix: + # Code from module strerror_r-posix-tests: + # Code from module string: + # Code from module string-tests: + # Code from module strings: + # Code from module strings-tests: + # Code from module strndup: + # Code from module strnlen: + # Code from module strnlen-tests: + # Code from module strtok_r: + # Code from module strverscmp: + # Code from module strverscmp-tests: + # Code from module symlink: + # Code from module symlink-tests: + # Code from module sys_ioctl: + # Code from module sys_ioctl-tests: + # Code from module sys_select: + # Code from module sys_select-tests: + # Code from module sys_socket: + # Code from module sys_socket-tests: + # Code from module sys_stat: + # Code from module sys_stat-tests: + # Code from module sys_time: + # Code from module sys_time-tests: + # Code from module sys_types: + # Code from module sys_types-tests: + # Code from module sys_uio: + # Code from module sys_uio-tests: + # Code from module test-framework-sh: + # Code from module test-framework-sh-tests: + # Code from module threadlib: + + + + # Code from module time: + # Code from module time-tests: + # Code from module time_r: + # Code from module unistd: + # Code from module unistd-tests: + # Code from module unsetenv: + # Code from module unsetenv-tests: + # Code from module useless-if-before-free: + # Code from module valgrind-tests: + # Code from module vasnprintf: + # Code from module vasnprintf-tests: + # Code from module vasprintf: + # Code from module vasprintf-tests: + # Code from module vc-list-files: + # Code from module vc-list-files-tests: + # Code from module verify: + # Code from module verify-tests: + # Code from module vsnprintf: + # Code from module vsnprintf-tests: + # Code from module warnings: + # Code from module wchar: + # Code from module wchar-tests: + # Code from module xalloc-oversized: + # Code from module xsize: + + + + # Pre-early section. + + + + # Code from module absolute-header: + # Code from module accept: + # Code from module alloca: + # Code from module alloca-opt: + # Code from module arpa_inet: + # Code from module bind: + # Code from module c-ctype: + # Code from module clock-time: + # Code from module close: + # Code from module connect: + # Code from module dup2: + # Code from module environ: + # Code from module errno: + # Code from module extensions: + # Code from module extern-inline: + # Code from module fd-hook: + # Code from module flexmember: + # Code from module float: + # Code from module fseek: + # Code from module fseeko: + + # Code from module fstat: + # Code from module ftell: + # Code from module ftello: + + # Code from module getaddrinfo: + # Code from module getdelim: + # Code from module getline: + # Code from module getpass: + # Code from module getpeername: + # Code from module gettext-h: + # Code from module gettime: + # Code from module gettimeofday: + # Code from module hostent: + # Code from module include_next: + # Code from module inet_ntop: + # Code from module inet_pton: + # Code from module intprops: + # Code from module inttypes: + # Code from module inttypes-incomplete: + # Code from module largefile: + + # Code from module libc-config: + # Code from module limits-h: + # Code from module listen: + # Code from module localtime-buffer: + # Code from module lseek: + # Code from module malloc-posix: + # Code from module malloca: + # Code from module memchr: + # Code from module minmax: + # Code from module mktime: + # Code from module mktime-internal: + # Code from module msvc-inval: + # Code from module msvc-nothrow: + # Code from module multiarch: + # Code from module netdb: + # Code from module netinet_in: + # Code from module nstrftime: + # Code from module parse-datetime: + # Code from module pathmax: + # Code from module progname: + # Code from module read-file: + # Code from module realloc-posix: + # Code from module recv: + # Code from module recvfrom: + # Code from module select: + # Code from module send: + # Code from module sendto: + # Code from module servent: + # Code from module setenv: + # Code from module setsockopt: + # Code from module shutdown: + # Code from module signal-h: + # Code from module size_max: + # Code from module snippet/_Noreturn: + # Code from module snippet/arg-nonnull: + # Code from module snippet/c++defs: + # Code from module snippet/warn-on-use: + # Code from module snprintf: + # Code from module socket: + # Code from module socketlib: + # Code from module sockets: + # Code from module socklen: + # Code from module ssize_t: + # Code from module stat-time: + # Code from module stdalign: + # Code from module stdbool: + # Code from module stddef: + # Code from module stdint: + # Code from module stdio: + # Code from module stdlib: + # Code from module strdup-posix: + # Code from module string: + # Code from module sys_select: + # Code from module sys_socket: + # Code from module sys_stat: + # Code from module sys_time: + # Code from module sys_types: + # Code from module sys_uio: + # Code from module time: + # Code from module time_r: + # Code from module time_rz: + # Code from module timegm: + # Code from module timespec: + # Code from module tzset: + # Code from module unistd: + # Code from module unsetenv: + # Code from module vasnprintf: + # Code from module verify: + # Code from module wchar: + # Code from module xalloc-oversized: + # Code from module xsize: + + + + + # Pre-early section. + + + + # Code from module absolute-header: + # Code from module array-mergesort: + # Code from module gperf: + # Code from module include_next: + # Code from module inline: + # Code from module limits-h: + # Code from module multiarch: + # Code from module snippet/unused-parameter: + # Code from module ssize_t: + # Code from module stdbool: + # Code from module stdint: + # Code from module sys_types: + # Code from module unictype/base: + # Code from module unictype/category-C: + # Code from module unictype/category-Cc: + # Code from module unictype/category-Cf: + # Code from module unictype/category-Cn: + # Code from module unictype/category-Co: + # Code from module unictype/category-Cs: + # Code from module unictype/category-L: + # Code from module unictype/category-LC: + # Code from module unictype/category-Ll: + # Code from module unictype/category-Lm: + # Code from module unictype/category-Lo: + # Code from module unictype/category-Lt: + # Code from module unictype/category-Lu: + # Code from module unictype/category-M: + # Code from module unictype/category-Mc: + # Code from module unictype/category-Me: + # Code from module unictype/category-Mn: + # Code from module unictype/category-N: + # Code from module unictype/category-Nd: + # Code from module unictype/category-Nl: + # Code from module unictype/category-No: + # Code from module unictype/category-P: + # Code from module unictype/category-Pc: + # Code from module unictype/category-Pd: + # Code from module unictype/category-Pe: + # Code from module unictype/category-Pf: + # Code from module unictype/category-Pi: + # Code from module unictype/category-Po: + # Code from module unictype/category-Ps: + # Code from module unictype/category-S: + # Code from module unictype/category-Sc: + # Code from module unictype/category-Sk: + # Code from module unictype/category-Sm: + # Code from module unictype/category-So: + # Code from module unictype/category-Z: + # Code from module unictype/category-Zl: + # Code from module unictype/category-Zp: + # Code from module unictype/category-Zs: + # Code from module unictype/category-all: + # Code from module unictype/category-and: + # Code from module unictype/category-and-not: + # Code from module unictype/category-byname: + # Code from module unictype/category-longname: + # Code from module unictype/category-name: + # Code from module unictype/category-none: + # Code from module unictype/category-of: + # Code from module unictype/category-or: + # Code from module unictype/category-test: + # Code from module unictype/category-test-withtable: + # Code from module unictype/combining-class: + # Code from module unictype/property-default-ignorable-code-point: + # Code from module unictype/property-join-control: + # Code from module unictype/property-not-a-character: + # Code from module uninorm/base: + # Code from module uninorm/canonical-decomposition: + # Code from module uninorm/compat-decomposition: + # Code from module uninorm/composition: + # Code from module uninorm/decompose-internal: + # Code from module uninorm/decomposition: + # Code from module uninorm/decomposition-table: + # Code from module uninorm/nfc: + # Code from module uninorm/nfd: + # Code from module uninorm/nfkc: + # Code from module uninorm/nfkd: + # Code from module uninorm/u16-normalize: + # Code from module uninorm/u32-normalize: + # Code from module uninorm/u8-normalize: + # Code from module unistr/base: + # Code from module unistr/u16-cpy: + # Code from module unistr/u16-mbtouc-unsafe: + # Code from module unistr/u16-mbtoucr: + # Code from module unistr/u16-to-u8: + # Code from module unistr/u16-uctomb: + # Code from module unistr/u32-cpy: + # Code from module unistr/u32-mbtouc-unsafe: + # Code from module unistr/u32-to-u8: + # Code from module unistr/u32-uctomb: + # Code from module unistr/u8-check: + # Code from module unistr/u8-cpy: + # Code from module unistr/u8-mbtouc-unsafe: + # Code from module unistr/u8-mbtoucr: + # Code from module unistr/u8-to-u16: + # Code from module unistr/u8-to-u32: + # Code from module unistr/u8-uctomb: + # Code from module unitypes: + +# By default we simply use the C compiler to build assembly code. + +test "${CCAS+set}" = set || CCAS=$CC +test "${CCASFLAGS+set}" = set || CCASFLAGS=$CFLAGS + + + +depcc="$CCAS" am_compiler_list= + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking dependency style of $depcc" >&5 +$as_echo_n "checking dependency style of $depcc... " >&6; } +if ${am_cv_CCAS_dependencies_compiler_type+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -z "$AMDEP_TRUE" && test -f "$am_depcomp"; then + # We make a subdir and do the tests there. Otherwise we can end up + # making bogus files that we don't know about and never remove. For + # instance it was reported that on HP-UX the gcc test will end up + # making a dummy file named 'D' -- because '-MD' means "put the output + # in D". + rm -rf conftest.dir + mkdir conftest.dir + # Copy depcomp to subdir because otherwise we won't find it if we're + # using a relative directory. + cp "$am_depcomp" conftest.dir + cd conftest.dir + # We will build objects and dependencies in a subdirectory because + # it helps to detect inapplicable dependency modes. For instance + # both Tru64's cc and ICC support -MD to output dependencies as a + # side effect of compilation, but ICC will put the dependencies in + # the current directory while Tru64 will put them in the object + # directory. + mkdir sub + + am_cv_CCAS_dependencies_compiler_type=none + if test "$am_compiler_list" = ""; then + am_compiler_list=`sed -n 's/^#*\([a-zA-Z0-9]*\))$/\1/p' < ./depcomp` + fi + am__universal=false + + + for depmode in $am_compiler_list; do + # Setup a source with many dependencies, because some compilers + # like to wrap large dependency lists on column 80 (with \), and + # we should not choose a depcomp mode which is confused by this. + # + # We need to recreate these files for each test, as the compiler may + # overwrite some of them when testing with obscure command lines. + # This happens at least with the AIX C compiler. + : > sub/conftest.c + for i in 1 2 3 4 5 6; do + echo '#include "conftst'$i'.h"' >> sub/conftest.c + # Using ": > sub/conftst$i.h" creates only sub/conftst1.h with + # Solaris 10 /bin/sh. + echo '/* dummy */' > sub/conftst$i.h + done + echo "${am__include} ${am__quote}sub/conftest.Po${am__quote}" > confmf + + # We check with '-c' and '-o' for the sake of the "dashmstdout" + # mode. It turns out that the SunPro C++ compiler does not properly + # handle '-M -o', and we need to detect this. Also, some Intel + # versions had trouble with output in subdirs. + am__obj=sub/conftest.${OBJEXT-o} + am__minus_obj="-o $am__obj" + case $depmode in + gcc) + # This depmode causes a compiler race in universal mode. + test "$am__universal" = false || continue + ;; + nosideeffect) + # After this tag, mechanisms are not by side-effect, so they'll + # only be used when explicitly requested. + if test "x$enable_dependency_tracking" = xyes; then + continue + else + break + fi + ;; + msvc7 | msvc7msys | msvisualcpp | msvcmsys) + # This compiler won't grok '-c -o', but also, the minuso test has + # not run yet. These depmodes are late enough in the game, and + # so weak that their functioning should not be impacted. + am__obj=conftest.${OBJEXT-o} + am__minus_obj= + ;; + none) break ;; + esac + if depmode=$depmode \ + source=sub/conftest.c object=$am__obj \ + depfile=sub/conftest.Po tmpdepfile=sub/conftest.TPo \ + $SHELL ./depcomp $depcc -c $am__minus_obj sub/conftest.c \ + >/dev/null 2>conftest.err && + grep sub/conftst1.h sub/conftest.Po > /dev/null 2>&1 && + grep sub/conftst6.h sub/conftest.Po > /dev/null 2>&1 && + grep $am__obj sub/conftest.Po > /dev/null 2>&1 && + ${MAKE-make} -s -f confmf > /dev/null 2>&1; then + # icc doesn't choke on unknown options, it will just issue warnings + # or remarks (even with -Werror). So we grep stderr for any message + # that says an option was ignored or not supported. + # When given -MP, icc 7.0 and 7.1 complain thusly: + # icc: Command line warning: ignoring option '-M'; no argument required + # The diagnosis changed in icc 8.0: + # icc: Command line remark: option '-MP' not supported + if (grep 'ignoring option' conftest.err || + grep 'not supported' conftest.err) >/dev/null 2>&1; then :; else + am_cv_CCAS_dependencies_compiler_type=$depmode + break + fi + fi + done + + cd .. + rm -rf conftest.dir +else + am_cv_CCAS_dependencies_compiler_type=none +fi + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_CCAS_dependencies_compiler_type" >&5 +$as_echo "$am_cv_CCAS_dependencies_compiler_type" >&6; } +CCASDEPMODE=depmode=$am_cv_CCAS_dependencies_compiler_type + + if + test "x$enable_dependency_tracking" != xno \ + && test "$am_cv_CCAS_dependencies_compiler_type" = gcc3; then + am__fastdepCCAS_TRUE= + am__fastdepCCAS_FALSE='#' +else + am__fastdepCCAS_TRUE='#' + am__fastdepCCAS_FALSE= +fi + + +if test -n "$ac_tool_prefix"; then + for ac_prog in ar lib "link -lib" + do + # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args. +set dummy $ac_tool_prefix$ac_prog; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_AR+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$AR"; then + ac_cv_prog_AR="$AR" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_AR="$ac_tool_prefix$ac_prog" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +AR=$ac_cv_prog_AR +if test -n "$AR"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $AR" >&5 +$as_echo "$AR" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + + test -n "$AR" && break + done +fi +if test -z "$AR"; then + ac_ct_AR=$AR + for ac_prog in ar lib "link -lib" +do + # Extract the first word of "$ac_prog", so it can be a program name with args. +set dummy $ac_prog; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_ac_ct_AR+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$ac_ct_AR"; then + ac_cv_prog_ac_ct_AR="$ac_ct_AR" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_ac_ct_AR="$ac_prog" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +ac_ct_AR=$ac_cv_prog_ac_ct_AR +if test -n "$ac_ct_AR"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_AR" >&5 +$as_echo "$ac_ct_AR" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + + test -n "$ac_ct_AR" && break +done + + if test "x$ac_ct_AR" = x; then + AR="false" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +ac_tool_warned=yes ;; +esac + AR=$ac_ct_AR + fi +fi + +: ${AR=ar} + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking the archiver ($AR) interface" >&5 +$as_echo_n "checking the archiver ($AR) interface... " >&6; } +if ${am_cv_ar_interface+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu + + am_cv_ar_interface=ar + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +int some_variable = 0; +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + am_ar_try='$AR cru libconftest.a conftest.$ac_objext >&5' + { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$am_ar_try\""; } >&5 + (eval $am_ar_try) 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } + if test "$ac_status" -eq 0; then + am_cv_ar_interface=ar + else + am_ar_try='$AR -NOLOGO -OUT:conftest.lib conftest.$ac_objext >&5' + { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$am_ar_try\""; } >&5 + (eval $am_ar_try) 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } + if test "$ac_status" -eq 0; then + am_cv_ar_interface=lib + else + am_cv_ar_interface=unknown + fi + fi + rm -f conftest.lib libconftest.a + +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_ar_interface" >&5 +$as_echo "$am_cv_ar_interface" >&6; } + +case $am_cv_ar_interface in +ar) + ;; +lib) + # Microsoft lib, so override with the ar-lib wrapper script. + # FIXME: It is wrong to rewrite AR. + # But if we don't then we get into trouble of one sort or another. + # A longer-term fix would be to have automake use am__AR in this case, + # and then we could set am__AR="$am_aux_dir/ar-lib \$(AR)" or something + # similar. + AR="$am_aux_dir/ar-lib $AR" + ;; +unknown) + as_fn_error $? "could not determine $AR interface" "$LINENO" 5 + ;; +esac + +ac_ext=cpp +ac_cpp='$CXXCPP $CPPFLAGS' +ac_compile='$CXX -c $CXXFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CXX -o conftest$ac_exeext $CXXFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_cxx_compiler_gnu +if test -z "$CXX"; then + if test -n "$CCC"; then + CXX=$CCC + else + if test -n "$ac_tool_prefix"; then + for ac_prog in g++ c++ gpp aCC CC cxx cc++ cl.exe FCC KCC RCC xlC_r xlC + do + # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args. +set dummy $ac_tool_prefix$ac_prog; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_CXX+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$CXX"; then + ac_cv_prog_CXX="$CXX" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_CXX="$ac_tool_prefix$ac_prog" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +CXX=$ac_cv_prog_CXX +if test -n "$CXX"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CXX" >&5 +$as_echo "$CXX" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + + test -n "$CXX" && break + done +fi +if test -z "$CXX"; then + ac_ct_CXX=$CXX + for ac_prog in g++ c++ gpp aCC CC cxx cc++ cl.exe FCC KCC RCC xlC_r xlC +do + # Extract the first word of "$ac_prog", so it can be a program name with args. +set dummy $ac_prog; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_ac_ct_CXX+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$ac_ct_CXX"; then + ac_cv_prog_ac_ct_CXX="$ac_ct_CXX" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_ac_ct_CXX="$ac_prog" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +ac_ct_CXX=$ac_cv_prog_ac_ct_CXX +if test -n "$ac_ct_CXX"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CXX" >&5 +$as_echo "$ac_ct_CXX" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + + test -n "$ac_ct_CXX" && break +done + + if test "x$ac_ct_CXX" = x; then + CXX="g++" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +ac_tool_warned=yes ;; +esac + CXX=$ac_ct_CXX + fi +fi + + fi +fi +# Provide some information about the compiler. +$as_echo "$as_me:${as_lineno-$LINENO}: checking for C++ compiler version" >&5 +set X $ac_compile +ac_compiler=$2 +for ac_option in --version -v -V -qversion; do + { { ac_try="$ac_compiler $ac_option >&5" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +$as_echo "$ac_try_echo"; } >&5 + (eval "$ac_compiler $ac_option >&5") 2>conftest.err + ac_status=$? + if test -s conftest.err; then + sed '10a\ +... rest of stderr output deleted ... + 10q' conftest.err >conftest.er1 + cat conftest.er1 >&5 + fi + rm -f conftest.er1 conftest.err + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } +done + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are using the GNU C++ compiler" >&5 +$as_echo_n "checking whether we are using the GNU C++ compiler... " >&6; } +if ${ac_cv_cxx_compiler_gnu+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ +#ifndef __GNUC__ + choke me +#endif + + ; + return 0; +} +_ACEOF +if ac_fn_cxx_try_compile "$LINENO"; then : + ac_compiler_gnu=yes +else + ac_compiler_gnu=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +ac_cv_cxx_compiler_gnu=$ac_compiler_gnu + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_cxx_compiler_gnu" >&5 +$as_echo "$ac_cv_cxx_compiler_gnu" >&6; } +if test $ac_compiler_gnu = yes; then + GXX=yes +else + GXX= +fi +ac_test_CXXFLAGS=${CXXFLAGS+set} +ac_save_CXXFLAGS=$CXXFLAGS +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $CXX accepts -g" >&5 +$as_echo_n "checking whether $CXX accepts -g... " >&6; } +if ${ac_cv_prog_cxx_g+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_save_cxx_werror_flag=$ac_cxx_werror_flag + ac_cxx_werror_flag=yes + ac_cv_prog_cxx_g=no + CXXFLAGS="-g" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_cxx_try_compile "$LINENO"; then : + ac_cv_prog_cxx_g=yes +else + CXXFLAGS="" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_cxx_try_compile "$LINENO"; then : + +else + ac_cxx_werror_flag=$ac_save_cxx_werror_flag + CXXFLAGS="-g" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_cxx_try_compile "$LINENO"; then : + ac_cv_prog_cxx_g=yes +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + ac_cxx_werror_flag=$ac_save_cxx_werror_flag +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cxx_g" >&5 +$as_echo "$ac_cv_prog_cxx_g" >&6; } +if test "$ac_test_CXXFLAGS" = set; then + CXXFLAGS=$ac_save_CXXFLAGS +elif test $ac_cv_prog_cxx_g = yes; then + if test "$GXX" = yes; then + CXXFLAGS="-g -O2" + else + CXXFLAGS="-g" + fi +else + if test "$GXX" = yes; then + CXXFLAGS="-O2" + else + CXXFLAGS= + fi +fi +ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu + +depcc="$CXX" am_compiler_list= + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking dependency style of $depcc" >&5 +$as_echo_n "checking dependency style of $depcc... " >&6; } +if ${am_cv_CXX_dependencies_compiler_type+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -z "$AMDEP_TRUE" && test -f "$am_depcomp"; then + # We make a subdir and do the tests there. Otherwise we can end up + # making bogus files that we don't know about and never remove. For + # instance it was reported that on HP-UX the gcc test will end up + # making a dummy file named 'D' -- because '-MD' means "put the output + # in D". + rm -rf conftest.dir + mkdir conftest.dir + # Copy depcomp to subdir because otherwise we won't find it if we're + # using a relative directory. + cp "$am_depcomp" conftest.dir + cd conftest.dir + # We will build objects and dependencies in a subdirectory because + # it helps to detect inapplicable dependency modes. For instance + # both Tru64's cc and ICC support -MD to output dependencies as a + # side effect of compilation, but ICC will put the dependencies in + # the current directory while Tru64 will put them in the object + # directory. + mkdir sub + + am_cv_CXX_dependencies_compiler_type=none + if test "$am_compiler_list" = ""; then + am_compiler_list=`sed -n 's/^#*\([a-zA-Z0-9]*\))$/\1/p' < ./depcomp` + fi + am__universal=false + case " $depcc " in #( + *\ -arch\ *\ -arch\ *) am__universal=true ;; + esac + + for depmode in $am_compiler_list; do + # Setup a source with many dependencies, because some compilers + # like to wrap large dependency lists on column 80 (with \), and + # we should not choose a depcomp mode which is confused by this. + # + # We need to recreate these files for each test, as the compiler may + # overwrite some of them when testing with obscure command lines. + # This happens at least with the AIX C compiler. + : > sub/conftest.c + for i in 1 2 3 4 5 6; do + echo '#include "conftst'$i'.h"' >> sub/conftest.c + # Using ": > sub/conftst$i.h" creates only sub/conftst1.h with + # Solaris 10 /bin/sh. + echo '/* dummy */' > sub/conftst$i.h + done + echo "${am__include} ${am__quote}sub/conftest.Po${am__quote}" > confmf + + # We check with '-c' and '-o' for the sake of the "dashmstdout" + # mode. It turns out that the SunPro C++ compiler does not properly + # handle '-M -o', and we need to detect this. Also, some Intel + # versions had trouble with output in subdirs. + am__obj=sub/conftest.${OBJEXT-o} + am__minus_obj="-o $am__obj" + case $depmode in + gcc) + # This depmode causes a compiler race in universal mode. + test "$am__universal" = false || continue + ;; + nosideeffect) + # After this tag, mechanisms are not by side-effect, so they'll + # only be used when explicitly requested. + if test "x$enable_dependency_tracking" = xyes; then + continue + else + break + fi + ;; + msvc7 | msvc7msys | msvisualcpp | msvcmsys) + # This compiler won't grok '-c -o', but also, the minuso test has + # not run yet. These depmodes are late enough in the game, and + # so weak that their functioning should not be impacted. + am__obj=conftest.${OBJEXT-o} + am__minus_obj= + ;; + none) break ;; + esac + if depmode=$depmode \ + source=sub/conftest.c object=$am__obj \ + depfile=sub/conftest.Po tmpdepfile=sub/conftest.TPo \ + $SHELL ./depcomp $depcc -c $am__minus_obj sub/conftest.c \ + >/dev/null 2>conftest.err && + grep sub/conftst1.h sub/conftest.Po > /dev/null 2>&1 && + grep sub/conftst6.h sub/conftest.Po > /dev/null 2>&1 && + grep $am__obj sub/conftest.Po > /dev/null 2>&1 && + ${MAKE-make} -s -f confmf > /dev/null 2>&1; then + # icc doesn't choke on unknown options, it will just issue warnings + # or remarks (even with -Werror). So we grep stderr for any message + # that says an option was ignored or not supported. + # When given -MP, icc 7.0 and 7.1 complain thusly: + # icc: Command line warning: ignoring option '-M'; no argument required + # The diagnosis changed in icc 8.0: + # icc: Command line remark: option '-MP' not supported + if (grep 'ignoring option' conftest.err || + grep 'not supported' conftest.err) >/dev/null 2>&1; then :; else + am_cv_CXX_dependencies_compiler_type=$depmode + break + fi + fi + done + + cd .. + rm -rf conftest.dir +else + am_cv_CXX_dependencies_compiler_type=none +fi + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_CXX_dependencies_compiler_type" >&5 +$as_echo "$am_cv_CXX_dependencies_compiler_type" >&6; } +CXXDEPMODE=depmode=$am_cv_CXX_dependencies_compiler_type + + if + test "x$enable_dependency_tracking" != xno \ + && test "$am_cv_CXX_dependencies_compiler_type" = gcc3; then + am__fastdepCXX_TRUE= + am__fastdepCXX_FALSE='#' +else + am__fastdepCXX_TRUE='#' + am__fastdepCXX_FALSE= +fi + + + +for ac_prog in 'bison -y' byacc +do + # Extract the first word of "$ac_prog", so it can be a program name with args. +set dummy $ac_prog; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_YACC+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$YACC"; then + ac_cv_prog_YACC="$YACC" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_YACC="$ac_prog" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +YACC=$ac_cv_prog_YACC +if test -n "$YACC"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $YACC" >&5 +$as_echo "$YACC" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + + test -n "$YACC" && break +done +test -n "$YACC" || YACC="yacc" + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for a sed that does not truncate output" >&5 +$as_echo_n "checking for a sed that does not truncate output... " >&6; } +if ${ac_cv_path_SED+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_script=s/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb/ + for ac_i in 1 2 3 4 5 6 7; do + ac_script="$ac_script$as_nl$ac_script" + done + echo "$ac_script" 2>/dev/null | sed 99q >conftest.sed + { ac_script=; unset ac_script;} + if test -z "$SED"; then + ac_path_SED_found=false + # Loop through the user's path and test for each of PROGNAME-LIST + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_prog in sed gsed; do + for ac_exec_ext in '' $ac_executable_extensions; do + ac_path_SED="$as_dir/$ac_prog$ac_exec_ext" + as_fn_executable_p "$ac_path_SED" || continue +# Check for GNU ac_path_SED and select it if it is found. + # Check for GNU $ac_path_SED +case `"$ac_path_SED" --version 2>&1` in +*GNU*) + ac_cv_path_SED="$ac_path_SED" ac_path_SED_found=:;; +*) + ac_count=0 + $as_echo_n 0123456789 >"conftest.in" + while : + do + cat "conftest.in" "conftest.in" >"conftest.tmp" + mv "conftest.tmp" "conftest.in" + cp "conftest.in" "conftest.nl" + $as_echo '' >> "conftest.nl" + "$ac_path_SED" -f conftest.sed < "conftest.nl" >"conftest.out" 2>/dev/null || break + diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break + as_fn_arith $ac_count + 1 && ac_count=$as_val + if test $ac_count -gt ${ac_path_SED_max-0}; then + # Best one so far, save it but keep looking for a better one + ac_cv_path_SED="$ac_path_SED" + ac_path_SED_max=$ac_count + fi + # 10*(2^10) chars as input seems more than enough + test $ac_count -gt 10 && break + done + rm -f conftest.in conftest.tmp conftest.nl conftest.out;; +esac + + $ac_path_SED_found && break 3 + done + done + done +IFS=$as_save_IFS + if test -z "$ac_cv_path_SED"; then + as_fn_error $? "no acceptable sed could be found in \$PATH" "$LINENO" 5 + fi +else + ac_cv_path_SED=$SED +fi + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_SED" >&5 +$as_echo "$ac_cv_path_SED" >&6; } + SED="$ac_cv_path_SED" + rm -f conftest.sed + + + + +# +# Require C99 support +# + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $CC option to accept ISO C99" >&5 +$as_echo_n "checking for $CC option to accept ISO C99... " >&6; } +if ${ac_cv_prog_cc_c99+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_cv_prog_cc_c99=no +ac_save_CC=$CC +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +#include +#include +#include +#include + +// Check varargs macros. These examples are taken from C99 6.10.3.5. +#define debug(...) fprintf (stderr, __VA_ARGS__) +#define showlist(...) puts (#__VA_ARGS__) +#define report(test,...) ((test) ? puts (#test) : printf (__VA_ARGS__)) +static void +test_varargs_macros (void) +{ + int x = 1234; + int y = 5678; + debug ("Flag"); + debug ("X = %d\n", x); + showlist (The first, second, and third items.); + report (x>y, "x is %d but y is %d", x, y); +} + +// Check long long types. +#define BIG64 18446744073709551615ull +#define BIG32 4294967295ul +#define BIG_OK (BIG64 / BIG32 == 4294967297ull && BIG64 % BIG32 == 0) +#if !BIG_OK + your preprocessor is broken; +#endif +#if BIG_OK +#else + your preprocessor is broken; +#endif +static long long int bignum = -9223372036854775807LL; +static unsigned long long int ubignum = BIG64; + +struct incomplete_array +{ + int datasize; + double data[]; +}; + +struct named_init { + int number; + const wchar_t *name; + double average; +}; + +typedef const char *ccp; + +static inline int +test_restrict (ccp restrict text) +{ + // See if C++-style comments work. + // Iterate through items via the restricted pointer. + // Also check for declarations in for loops. + for (unsigned int i = 0; *(text+i) != '\0'; ++i) + continue; + return 0; +} + +// Check varargs and va_copy. +static void +test_varargs (const char *format, ...) +{ + va_list args; + va_start (args, format); + va_list args_copy; + va_copy (args_copy, args); + + const char *str; + int number; + float fnumber; + + while (*format) + { + switch (*format++) + { + case 's': // string + str = va_arg (args_copy, const char *); + break; + case 'd': // int + number = va_arg (args_copy, int); + break; + case 'f': // float + fnumber = va_arg (args_copy, double); + break; + default: + break; + } + } + va_end (args_copy); + va_end (args); +} + +int +main () +{ + + // Check bool. + _Bool success = false; + + // Check restrict. + if (test_restrict ("String literal") == 0) + success = true; + char *restrict newvar = "Another string"; + + // Check varargs. + test_varargs ("s, d' f .", "string", 65, 34.234); + test_varargs_macros (); + + // Check flexible array members. + struct incomplete_array *ia = + malloc (sizeof (struct incomplete_array) + (sizeof (double) * 10)); + ia->datasize = 10; + for (int i = 0; i < ia->datasize; ++i) + ia->data[i] = i * 1.234; + + // Check named initializers. + struct named_init ni = { + .number = 34, + .name = L"Test wide string", + .average = 543.34343, + }; + + ni.number = 58; + + int dynamic_array[ni.number]; + dynamic_array[ni.number - 1] = 543; + + // work around unused variable warnings + return (!success || bignum == 0LL || ubignum == 0uLL || newvar[0] == 'x' + || dynamic_array[ni.number - 1] != 543); + + ; + return 0; +} +_ACEOF +for ac_arg in '' -std=gnu99 -std=c99 -c99 -AC99 -D_STDC_C99= -qlanglvl=extc99 +do + CC="$ac_save_CC $ac_arg" + if ac_fn_c_try_compile "$LINENO"; then : + ac_cv_prog_cc_c99=$ac_arg +fi +rm -f core conftest.err conftest.$ac_objext + test "x$ac_cv_prog_cc_c99" != "xno" && break +done +rm -f conftest.$ac_ext +CC=$ac_save_CC + +fi +# AC_CACHE_VAL +case "x$ac_cv_prog_cc_c99" in + x) + { $as_echo "$as_me:${as_lineno-$LINENO}: result: none needed" >&5 +$as_echo "none needed" >&6; } ;; + xno) + { $as_echo "$as_me:${as_lineno-$LINENO}: result: unsupported" >&5 +$as_echo "unsupported" >&6; } ;; + *) + CC="$CC $ac_cv_prog_cc_c99" + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c99" >&5 +$as_echo "$ac_cv_prog_cc_c99" >&6; } ;; +esac +if test "x$ac_cv_prog_cc_c99" != xno; then : + +fi + + +if test "$ac_cv_prog_cc_c99" = "no"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Compiler does not support C99. It may not be able to compile the project." >&5 +$as_echo "$as_me: WARNING: Compiler does not support C99. It may not be able to compile the project." >&2;} +fi + + + + + + + + + + + + + + + + # allow to override gcov location + +# Check whether --with-gcov was given. +if test "${with_gcov+set}" = set; then : + withval=$with_gcov; _AX_CODE_COVERAGE_GCOV_PROG_WITH=$with_gcov +else + _AX_CODE_COVERAGE_GCOV_PROG_WITH=gcov +fi + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to build with code coverage support" >&5 +$as_echo_n "checking whether to build with code coverage support... " >&6; } + # Check whether --enable-code-coverage was given. +if test "${enable_code_coverage+set}" = set; then : + enableval=$enable_code_coverage; +else + enable_code_coverage=no +fi + + + if test "x$enable_code_coverage" = xyes; then + CODE_COVERAGE_ENABLED_TRUE= + CODE_COVERAGE_ENABLED_FALSE='#' +else + CODE_COVERAGE_ENABLED_TRUE='#' + CODE_COVERAGE_ENABLED_FALSE= +fi + + CODE_COVERAGE_ENABLED=$enable_code_coverage + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_code_coverage" >&5 +$as_echo "$enable_code_coverage" >&6; } + + if test "x$enable_code_coverage" = xyes ; then : + + + for ac_prog in gawk mawk nawk awk +do + # Extract the first word of "$ac_prog", so it can be a program name with args. +set dummy $ac_prog; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_AWK+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$AWK"; then + ac_cv_prog_AWK="$AWK" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_AWK="$ac_prog" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +AWK=$ac_cv_prog_AWK +if test -n "$AWK"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $AWK" >&5 +$as_echo "$AWK" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + + test -n "$AWK" && break +done + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for GNU make" >&5 +$as_echo_n "checking for GNU make... " >&6; } +if ${_cv_gnu_make_command+:} false; then : + $as_echo_n "(cached) " >&6 +else + _cv_gnu_make_command="" ; + for a in "$MAKE" make gmake gnumake ; do + if test -z "$a" ; then continue ; fi ; + if "$a" --version 2> /dev/null | grep GNU 2>&1 > /dev/null ; then + _cv_gnu_make_command=$a ; + AX_CHECK_GNU_MAKE_HEADLINE=$("$a" --version 2> /dev/null | grep "GNU Make") + ax_check_gnu_make_version=$(echo ${AX_CHECK_GNU_MAKE_HEADLINE} | ${AWK} -F " " '{ print $(NF); }') + break ; + fi + done ; +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $_cv_gnu_make_command" >&5 +$as_echo "$_cv_gnu_make_command" >&6; } + if test "x$_cv_gnu_make_command" = x""; then : + ifGNUmake="#" +else + ifGNUmake="" +fi + if test "x$_cv_gnu_make_command" = x""; then : + ifnGNUmake="" +else + ifGNUmake="#" +fi + if test "x$_cv_gnu_make_command" = x""; then : + { ax_cv_gnu_make_command=; unset ax_cv_gnu_make_command;} +else + ax_cv_gnu_make_command=${_cv_gnu_make_command} +fi + if test "x$_cv_gnu_make_command" = x""; then : + as_fn_error $? "not using GNU make that is needed for coverage" "$LINENO" 5 +fi + + + + + # check for gcov + if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}$_AX_CODE_COVERAGE_GCOV_PROG_WITH", so it can be a program name with args. +set dummy ${ac_tool_prefix}$_AX_CODE_COVERAGE_GCOV_PROG_WITH; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_GCOV+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$GCOV"; then + ac_cv_prog_GCOV="$GCOV" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_GCOV="${ac_tool_prefix}$_AX_CODE_COVERAGE_GCOV_PROG_WITH" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +GCOV=$ac_cv_prog_GCOV +if test -n "$GCOV"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $GCOV" >&5 +$as_echo "$GCOV" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + +fi +if test -z "$ac_cv_prog_GCOV"; then + ac_ct_GCOV=$GCOV + # Extract the first word of "$_AX_CODE_COVERAGE_GCOV_PROG_WITH", so it can be a program name with args. +set dummy $_AX_CODE_COVERAGE_GCOV_PROG_WITH; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_ac_ct_GCOV+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$ac_ct_GCOV"; then + ac_cv_prog_ac_ct_GCOV="$ac_ct_GCOV" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_ac_ct_GCOV="$_AX_CODE_COVERAGE_GCOV_PROG_WITH" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +ac_ct_GCOV=$ac_cv_prog_ac_ct_GCOV +if test -n "$ac_ct_GCOV"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_GCOV" >&5 +$as_echo "$ac_ct_GCOV" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + if test "x$ac_ct_GCOV" = x; then + GCOV=":" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +ac_tool_warned=yes ;; +esac + GCOV=$ac_ct_GCOV + fi +else + GCOV="$ac_cv_prog_GCOV" +fi + + if test "X$GCOV" = "X:"; then : + as_fn_error $? "gcov is needed to do coverage" "$LINENO" 5 +fi + + + if test "$GCC" = "no" ; then : + + as_fn_error $? "not compiling with gcc, which is required for gcov code coverage" "$LINENO" 5 + +fi + + # Extract the first word of "lcov", so it can be a program name with args. +set dummy lcov; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_LCOV+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$LCOV"; then + ac_cv_prog_LCOV="$LCOV" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_LCOV="lcov" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +LCOV=$ac_cv_prog_LCOV +if test -n "$LCOV"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $LCOV" >&5 +$as_echo "$LCOV" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + + # Extract the first word of "genhtml", so it can be a program name with args. +set dummy genhtml; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_GENHTML+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$GENHTML"; then + ac_cv_prog_GENHTML="$GENHTML" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_GENHTML="genhtml" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +GENHTML=$ac_cv_prog_GENHTML +if test -n "$GENHTML"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $GENHTML" >&5 +$as_echo "$GENHTML" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + + + if test x"$LCOV" = x ; then : + + as_fn_error $? "To enable code coverage reporting you must have lcov installed" "$LINENO" 5 + +fi + + if test x"$GENHTML" = x ; then : + + as_fn_error $? "Could not find genhtml from the lcov package" "$LINENO" 5 + +fi + + CODE_COVERAGE_CPPFLAGS="-DNDEBUG" + CODE_COVERAGE_CFLAGS="-O0 -g -fprofile-arcs -ftest-coverage" + CODE_COVERAGE_CXXFLAGS="-O0 -g -fprofile-arcs -ftest-coverage" + CODE_COVERAGE_LIBS="-lgcov" + + + + + + + +fi + + + + + + + + + + + + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to enable maintainer-specific portions of Makefiles" >&5 +$as_echo_n "checking whether to enable maintainer-specific portions of Makefiles... " >&6; } + # Check whether --enable-maintainer-mode was given. +if test "${enable_maintainer_mode+set}" = set; then : + enableval=$enable_maintainer_mode; USE_MAINTAINER_MODE=$enableval +else + USE_MAINTAINER_MODE=yes +fi + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $USE_MAINTAINER_MODE" >&5 +$as_echo "$USE_MAINTAINER_MODE" >&6; } + if test $USE_MAINTAINER_MODE = yes; then + MAINTAINER_MODE_TRUE= + MAINTAINER_MODE_FALSE='#' +else + MAINTAINER_MODE_TRUE='#' + MAINTAINER_MODE_FALSE= +fi + + MAINT=$MAINTAINER_MODE_TRUE + + + +# Check whether --enable-bash-tests was given. +if test "${enable_bash_tests+set}" = set; then : + enableval=$enable_bash_tests; enable_bash_tests=$enableval +else + enable_bash_tests=yes +fi + + if test "$enable_bash_tests" != "yes"; then + DISABLE_BASH_TESTS_TRUE= + DISABLE_BASH_TESTS_FALSE='#' +else + DISABLE_BASH_TESTS_TRUE='#' + DISABLE_BASH_TESTS_FALSE= +fi + + +# Check whether --enable-doc was given. +if test "${enable_doc+set}" = set; then : + enableval=$enable_doc; enable_doc=$enableval +else + enable_doc=yes +fi + + if test "$enable_doc" != "no"; then + ENABLE_DOC_TRUE= + ENABLE_DOC_FALSE='#' +else + ENABLE_DOC_TRUE='#' + ENABLE_DOC_FALSE= +fi + + +# Check whether --enable-manpages was given. +if test "${enable_manpages+set}" = set; then : + enableval=$enable_manpages; enable_manpages=$enableval +else + enable_manpages=auto +fi + + +if test "${enable_manpages}" = "auto";then + enable_manpages="${enable_doc}" +fi + + if test "$enable_manpages" != "no"; then + ENABLE_MANPAGES_TRUE= + ENABLE_MANPAGES_FALSE='#' +else + ENABLE_MANPAGES_TRUE='#' + ENABLE_MANPAGES_FALSE= +fi + + +# Check whether --enable-tools was given. +if test "${enable_tools+set}" = set; then : + enableval=$enable_tools; enable_tools=$enableval +else + enable_tools=yes +fi + + if test "$enable_tools" != "no"; then + ENABLE_TOOLS_TRUE= + ENABLE_TOOLS_FALSE='#' +else + ENABLE_TOOLS_TRUE='#' + ENABLE_TOOLS_FALSE= +fi + + +# For includes/gnutls/gnutls.h.in. +MAJOR_VERSION=`echo $PACKAGE_VERSION | sed 's/\(.*\)\..*\..*/\1/g'` + +MINOR_VERSION=`echo $PACKAGE_VERSION | sed 's/.*\.\(.*\)\..*/\1/g'` + +PATCH_VERSION=`echo $PACKAGE_VERSION | sed 's/.*\..*\.\([0-9]*\).*/\1/g'` + +NUMBER_VERSION=`printf "0x%02x%02x%02x" $MAJOR_VERSION $MINOR_VERSION $PATCH_VERSION` + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for inline" >&5 +$as_echo_n "checking for inline... " >&6; } +if ${ac_cv_c_inline+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_cv_c_inline=no +for ac_kw in inline __inline__ __inline; do + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#ifndef __cplusplus +typedef int foo_t; +static $ac_kw foo_t static_foo () {return 0; } +$ac_kw foo_t foo () {return 0; } +#endif + +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_cv_c_inline=$ac_kw +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + test "$ac_cv_c_inline" != no && break +done + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_inline" >&5 +$as_echo "$ac_cv_c_inline" >&6; } + +case $ac_cv_c_inline in + inline | yes) ;; + *) + case $ac_cv_c_inline in + no) ac_val=;; + *) ac_val=$ac_cv_c_inline;; + esac + cat >>confdefs.h <<_ACEOF +#ifndef __cplusplus +#define inline $ac_val +#endif +_ACEOF + ;; +esac + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for ANSI C header files" >&5 +$as_echo_n "checking for ANSI C header files... " >&6; } +if ${ac_cv_header_stdc+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +#include +#include +#include + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_cv_header_stdc=yes +else + ac_cv_header_stdc=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + +if test $ac_cv_header_stdc = yes; then + # SunOS 4.x string.h does not declare mem*, contrary to ANSI. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + +_ACEOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + $EGREP "memchr" >/dev/null 2>&1; then : + +else + ac_cv_header_stdc=no +fi +rm -f conftest* + +fi + +if test $ac_cv_header_stdc = yes; then + # ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + +_ACEOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + $EGREP "free" >/dev/null 2>&1; then : + +else + ac_cv_header_stdc=no +fi +rm -f conftest* + +fi + +if test $ac_cv_header_stdc = yes; then + # /bin/cc in Irix-4.0.5 gets non-ANSI ctype macros unless using -ansi. + if test "$cross_compiling" = yes; then : + : +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +#include +#if ((' ' & 0x0FF) == 0x020) +# define ISLOWER(c) ('a' <= (c) && (c) <= 'z') +# define TOUPPER(c) (ISLOWER(c) ? 'A' + ((c) - 'a') : (c)) +#else +# define ISLOWER(c) \ + (('a' <= (c) && (c) <= 'i') \ + || ('j' <= (c) && (c) <= 'r') \ + || ('s' <= (c) && (c) <= 'z')) +# define TOUPPER(c) (ISLOWER(c) ? ((c) | 0x40) : (c)) +#endif + +#define XOR(e, f) (((e) && !(f)) || (!(e) && (f))) +int +main () +{ + int i; + for (i = 0; i < 256; i++) + if (XOR (islower (i), ISLOWER (i)) + || toupper (i) != TOUPPER (i)) + return 2; + return 0; +} +_ACEOF +if ac_fn_c_try_run "$LINENO"; then : + +else + ac_cv_header_stdc=no +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + +fi +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_header_stdc" >&5 +$as_echo "$ac_cv_header_stdc" >&6; } +if test $ac_cv_header_stdc = yes; then + +$as_echo "#define STDC_HEADERS 1" >>confdefs.h + +fi + + +# For the C++ code +# Check whether --enable-cxx was given. +if test "${enable_cxx+set}" = set; then : + enableval=$enable_cxx; use_cxx=$enableval +else + use_cxx=yes +fi + +if test "$use_cxx" != "no"; then + ac_ext=cpp +ac_cpp='$CXXCPP $CPPFLAGS' +ac_compile='$CXX -c $CXXFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CXX -o conftest$ac_exeext $CXXFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_cxx_compiler_gnu + + +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_cxx_try_compile "$LINENO"; then : + use_cxx=yes +else + use_cxx=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu + +fi + if test "$use_cxx" != "no"; then + ENABLE_CXX_TRUE= + ENABLE_CXX_FALSE='#' +else + ENABLE_CXX_TRUE='#' + ENABLE_CXX_FALSE= +fi + + +use_accel=yes +case "$host" in + *android*) + have_android=yes + have_elf=yes + ;; + *mingw32* | *mingw64*) + have_win=yes + +$as_echo "#define _UNICODE 1" >>confdefs.h + + ;; + *darwin*) + have_macosx=yes + save_LDFLAGS="$LDFLAGS" + LDFLAGS="$LDFLAGS -Wl,-no_weak_imports" + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the linker supports -Wl,-no_weak_imports" >&5 +$as_echo_n "checking whether the linker supports -Wl,-no_weak_imports... " >&6; } + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; }; LDFLAGS="$save_LDFLAGS" +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + ;; + *solaris*) + have_elf=yes + use_accel=no + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: +*** +*** In solaris hardware acceleration is disabled by default due to issues +*** with the assembler. Use --enable-hardware-acceleration to enable it. +*** " >&5 +$as_echo "$as_me: WARNING: +*** +*** In solaris hardware acceleration is disabled by default due to issues +*** with the assembler. Use --enable-hardware-acceleration to enable it. +*** " >&2;} + ;; + *) + have_elf=yes + ;; +esac + + if test "$have_android" = yes; then + ANDROID_TRUE= + ANDROID_FALSE='#' +else + ANDROID_TRUE='#' + ANDROID_FALSE= +fi + + if test "$have_win" = yes; then + WINDOWS_TRUE= + WINDOWS_FALSE='#' +else + WINDOWS_TRUE='#' + WINDOWS_FALSE= +fi + + if test "$have_macosx" = yes; then + MACOSX_TRUE= + MACOSX_FALSE='#' +else + MACOSX_TRUE='#' + MACOSX_FALSE= +fi + + if test "$have_elf" = yes; then + ELF_TRUE= + ELF_FALSE='#' +else + ELF_TRUE='#' + ELF_FALSE= +fi + + +# Check whether --enable-hardware-acceleration was given. +if test "${enable_hardware_acceleration+set}" = set; then : + enableval=$enable_hardware_acceleration; use_accel=$enableval +fi + +hw_accel=none + + +use_padlock=no +if test "$use_accel" != "no"; then +case $host_cpu in + armv8 | aarch64) + hw_accel="aarch64" + case $host_os in + *_ilp32) + hw_accel="none" + ;; + esac + ;; + i?86 | x86_64 | amd64) + for ac_header in cpuid.h +do : + ac_fn_c_check_header_mongrel "$LINENO" "cpuid.h" "ac_cv_header_cpuid_h" "$ac_includes_default" +if test "x$ac_cv_header_cpuid_h" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_CPUID_H 1 +_ACEOF + +fi + +done + + if test "$host_cpu" = "x86_64" || test "$host_cpu" = "amd64"; then + hw_accel="x86-64" + else + hw_accel="x86" + fi + use_padlock=yes + ;; + *) + ;; +esac + +fi + +# Check whether --enable-tls13-interop was given. +if test "${enable_tls13_interop+set}" = set; then : + enableval=$enable_tls13_interop; enable_tls13_interop=$enableval +else + enable_tls13_interop=yes +fi + + + if test "$enable_tls13_interop" != "no"; then + ENABLE_TLS13_INTEROP_TRUE= + ENABLE_TLS13_INTEROP_FALSE='#' +else + ENABLE_TLS13_INTEROP_TRUE='#' + ENABLE_TLS13_INTEROP_FALSE= +fi + + +ac_fn_c_check_member "$LINENO" "struct iovec" "iov_base" "ac_cv_member_struct_iovec_iov_base" "#include + +" +if test "x$ac_cv_member_struct_iovec_iov_base" = xyes; then : + +cat >>confdefs.h <<_ACEOF +#define HAVE_STRUCT_IOVEC_IOV_BASE 1 +_ACEOF + + + DEFINE_IOVEC_T="#include +typedef struct iovec giovec_t;" + + +else + + DEFINE_IOVEC_T="typedef struct { + void *iov_base; + size_t iov_len; +} giovec_t;" + + +fi + + + +for ac_header in netinet/tcp.h +do : + ac_fn_c_check_header_mongrel "$LINENO" "netinet/tcp.h" "ac_cv_header_netinet_tcp_h" "$ac_includes_default" +if test "x$ac_cv_header_netinet_tcp_h" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_NETINET_TCP_H 1 +_ACEOF + +fi + +done + +for ac_header in stdatomic.h +do : + ac_fn_c_check_header_mongrel "$LINENO" "stdatomic.h" "ac_cv_header_stdatomic_h" "$ac_includes_default" +if test "x$ac_cv_header_stdatomic_h" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_STDATOMIC_H 1 +_ACEOF + +fi + +done + + +save_LIBS=$LIBS +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing __atomic_load_4" >&5 +$as_echo_n "checking for library containing __atomic_load_4... " >&6; } +if ${ac_cv_search___atomic_load_4+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_func_search_save_LIBS=$LIBS +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char __atomic_load_4 (); +int +main () +{ +return __atomic_load_4 (); + ; + return 0; +} +_ACEOF +for ac_lib in '' atomic; do + if test -z "$ac_lib"; then + ac_res="none required" + else + ac_res=-l$ac_lib + LIBS="-l$ac_lib $ac_func_search_save_LIBS" + fi + if ac_fn_c_try_link "$LINENO"; then : + ac_cv_search___atomic_load_4=$ac_res +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext + if ${ac_cv_search___atomic_load_4+:} false; then : + break +fi +done +if ${ac_cv_search___atomic_load_4+:} false; then : + +else + ac_cv_search___atomic_load_4=no +fi +rm conftest.$ac_ext +LIBS=$ac_func_search_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search___atomic_load_4" >&5 +$as_echo "$ac_cv_search___atomic_load_4" >&6; } +ac_res=$ac_cv_search___atomic_load_4 +if test "$ac_res" != no; then : + test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" + +else + { $as_echo "$as_me:${as_lineno-$LINENO}: Could not detect libatomic" >&5 +$as_echo "$as_me: Could not detect libatomic" >&6;} +fi + +LIBS=$save_LIBS + +if test "$ac_cv_search___atomic_load_4" = "none required" || test "$ac_cv_search___atomic_load_4" = "no"; then : + +else + LIBATOMIC_LIBS=$ac_cv_search___atomic_load_4 + +fi + +for ac_header in threads.h +do : + ac_fn_c_check_header_mongrel "$LINENO" "threads.h" "ac_cv_header_threads_h" "$ac_includes_default" +if test "x$ac_cv_header_threads_h" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_THREADS_H 1 +_ACEOF + +fi + +done + + +# Check whether --enable-padlock was given. +if test "${enable_padlock+set}" = set; then : + enableval=$enable_padlock; use_padlock=$enableval +fi + + +if test "$use_padlock" != "no"; then + +$as_echo "#define ENABLE_PADLOCK 1" >>confdefs.h + + +fi + if test "$use_padlock" = "yes"; then + ENABLE_PADLOCK_TRUE= + ENABLE_PADLOCK_FALSE='#' +else + ENABLE_PADLOCK_TRUE='#' + ENABLE_PADLOCK_FALSE= +fi + + if test x"$hw_accel" = x"aarch64"; then + ASM_AARCH64_TRUE= + ASM_AARCH64_FALSE='#' +else + ASM_AARCH64_TRUE='#' + ASM_AARCH64_FALSE= +fi + + if test x"$hw_accel" = x"x86-64"; then + ASM_X86_64_TRUE= + ASM_X86_64_FALSE='#' +else + ASM_X86_64_TRUE='#' + ASM_X86_64_FALSE= +fi + + if test x"$hw_accel" = x"x86"; then + ASM_X86_32_TRUE= + ASM_X86_32_FALSE='#' +else + ASM_X86_32_TRUE='#' + ASM_X86_32_FALSE= +fi + + if test x"$hw_accel" = x"x86" || test x"$hw_accel" = x"x86-64"; then + ASM_X86_TRUE= + ASM_X86_FALSE='#' +else + ASM_X86_TRUE='#' + ASM_X86_FALSE= +fi + + if test "$gnu89_inline" = "yes"]; then + HAVE_GCC_GNU89_INLINE_OPTION_TRUE= + HAVE_GCC_GNU89_INLINE_OPTION_FALSE='#' +else + HAVE_GCC_GNU89_INLINE_OPTION_TRUE='#' + HAVE_GCC_GNU89_INLINE_OPTION_FALSE= +fi + + if test "$GCC" = "yes"; then + HAVE_GCC_TRUE= + HAVE_GCC_FALSE='#' +else + HAVE_GCC_TRUE='#' + HAVE_GCC_FALSE= +fi + + +rnd_variant="auto-detect" +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for getrandom" >&5 +$as_echo_n "checking for getrandom... " >&6; } +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + #include +int +main () +{ + + getrandom(0, 0, 0); + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + +$as_echo "#define HAVE_GETRANDOM 1" >>confdefs.h + + rnd_variant=getrandom +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for getentropy" >&5 +$as_echo_n "checking for getentropy... " >&6; } +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + #include + #ifdef __APPLE__ + #include + #endif + #ifdef __linux__ + #error 1 + #endif + +int +main () +{ + + getentropy(0, 0); + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + +$as_echo "#define HAVE_GETENTROPY 1" >>confdefs.h + + rnd_variant=getentropy +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + + if test "$rnd_variant" = "getentropy"; then + HAVE_GETENTROPY_TRUE= + HAVE_GETENTROPY_FALSE='#' +else + HAVE_GETENTROPY_TRUE='#' + HAVE_GETENTROPY_FALSE= +fi + + + + # Library code modified: REVISION++ + # Interfaces changed/added/removed: CURRENT++ REVISION=0 + # Interfaces added: AGE++ + # + add new version symbol in libgnutls.map, see Symbol and library versioning + # in CONTRIBUTION.md for more info. + # + # Interfaces removed: AGE=0 (+bump all symbol versions in .map) + LT_CURRENT=54 + + LT_REVISION=0 + + LT_AGE=24 + + + LT_SSL_CURRENT=27 + + LT_SSL_REVISION=2 + + LT_SSL_AGE=0 + + + LT_DANE_CURRENT=4 + + LT_DANE_REVISION=1 + + LT_DANE_AGE=4 + + + LT_XSSL_CURRENT=0 + + LT_XSSL_REVISION=0 + + LT_XSSL_AGE=0 + + + CXX_LT_CURRENT=29 + + CXX_LT_REVISION=0 + + CXX_LT_AGE=1 + + + CRYWRAP_PATCHLEVEL=3 + + + # Used when creating the Windows libgnutls-XX.def files. + DLL_VERSION=`expr ${LT_CURRENT} - ${LT_AGE}` + + DLL_SSL_VERSION=`expr ${LT_SSL_CURRENT} - ${LT_SSL_AGE}` + + +NETTLE_MINIMUM=3.4.1 + +pkg_failed=no +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for NETTLE" >&5 +$as_echo_n "checking for NETTLE... " >&6; } + +if test -n "$NETTLE_CFLAGS"; then + pkg_cv_NETTLE_CFLAGS="$NETTLE_CFLAGS" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"nettle >= \$NETTLE_MINIMUM\""; } >&5 + ($PKG_CONFIG --exists --print-errors "nettle >= $NETTLE_MINIMUM") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + pkg_cv_NETTLE_CFLAGS=`$PKG_CONFIG --cflags "nettle >= $NETTLE_MINIMUM" 2>/dev/null` + test "x$?" != "x0" && pkg_failed=yes +else + pkg_failed=yes +fi + else + pkg_failed=untried +fi +if test -n "$NETTLE_LIBS"; then + pkg_cv_NETTLE_LIBS="$NETTLE_LIBS" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"nettle >= \$NETTLE_MINIMUM\""; } >&5 + ($PKG_CONFIG --exists --print-errors "nettle >= $NETTLE_MINIMUM") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + pkg_cv_NETTLE_LIBS=`$PKG_CONFIG --libs "nettle >= $NETTLE_MINIMUM" 2>/dev/null` + test "x$?" != "x0" && pkg_failed=yes +else + pkg_failed=yes +fi + else + pkg_failed=untried +fi + + + +if test $pkg_failed = yes; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + +if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then + _pkg_short_errors_supported=yes +else + _pkg_short_errors_supported=no +fi + if test $_pkg_short_errors_supported = yes; then + NETTLE_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "nettle >= $NETTLE_MINIMUM" 2>&1` + else + NETTLE_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "nettle >= $NETTLE_MINIMUM" 2>&1` + fi + # Put the nasty error message in config.log where it belongs + echo "$NETTLE_PKG_ERRORS" >&5 + + +as_fn_error $? " + *** + *** Libnettle $NETTLE_MINIMUM was not found. +" "$LINENO" 5 + +elif test $pkg_failed = untried; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + +as_fn_error $? " + *** + *** Libnettle $NETTLE_MINIMUM was not found. +" "$LINENO" 5 + +else + NETTLE_CFLAGS=$pkg_cv_NETTLE_CFLAGS + NETTLE_LIBS=$pkg_cv_NETTLE_LIBS + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + cryptolib="nettle" +fi + +pkg_failed=no +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for HOGWEED" >&5 +$as_echo_n "checking for HOGWEED... " >&6; } + +if test -n "$HOGWEED_CFLAGS"; then + pkg_cv_HOGWEED_CFLAGS="$HOGWEED_CFLAGS" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"hogweed >= \$NETTLE_MINIMUM \""; } >&5 + ($PKG_CONFIG --exists --print-errors "hogweed >= $NETTLE_MINIMUM ") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + pkg_cv_HOGWEED_CFLAGS=`$PKG_CONFIG --cflags "hogweed >= $NETTLE_MINIMUM " 2>/dev/null` + test "x$?" != "x0" && pkg_failed=yes +else + pkg_failed=yes +fi + else + pkg_failed=untried +fi +if test -n "$HOGWEED_LIBS"; then + pkg_cv_HOGWEED_LIBS="$HOGWEED_LIBS" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"hogweed >= \$NETTLE_MINIMUM \""; } >&5 + ($PKG_CONFIG --exists --print-errors "hogweed >= $NETTLE_MINIMUM ") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + pkg_cv_HOGWEED_LIBS=`$PKG_CONFIG --libs "hogweed >= $NETTLE_MINIMUM " 2>/dev/null` + test "x$?" != "x0" && pkg_failed=yes +else + pkg_failed=yes +fi + else + pkg_failed=untried +fi + + + +if test $pkg_failed = yes; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + +if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then + _pkg_short_errors_supported=yes +else + _pkg_short_errors_supported=no +fi + if test $_pkg_short_errors_supported = yes; then + HOGWEED_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "hogweed >= $NETTLE_MINIMUM " 2>&1` + else + HOGWEED_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "hogweed >= $NETTLE_MINIMUM " 2>&1` + fi + # Put the nasty error message in config.log where it belongs + echo "$HOGWEED_PKG_ERRORS" >&5 + + +as_fn_error $? " + *** + *** Libhogweed (nettle's companion library) $NETTLE_MINIMUM was not found. Note that you must compile nettle with gmp support. +" "$LINENO" 5 + +elif test $pkg_failed = untried; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + +as_fn_error $? " + *** + *** Libhogweed (nettle's companion library) $NETTLE_MINIMUM was not found. Note that you must compile nettle with gmp support. +" "$LINENO" 5 + +else + HOGWEED_CFLAGS=$pkg_cv_HOGWEED_CFLAGS + HOGWEED_LIBS=$pkg_cv_HOGWEED_LIBS + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + +fi + if test "$cryptolib" = "nettle"; then + ENABLE_NETTLE_TRUE= + ENABLE_NETTLE_FALSE='#' +else + ENABLE_NETTLE_TRUE='#' + ENABLE_NETTLE_FALSE= +fi + + +$as_echo "#define HAVE_LIBNETTLE 1" >>confdefs.h + + + GNUTLS_REQUIRES_PRIVATE="Requires.private: nettle, hogweed" + + +# Check whether --with-nettle-mini was given. +if test "${with_nettle_mini+set}" = set; then : + withval=$with_nettle_mini; mini_nettle=$withval +else + mini_nettle=no +fi + + + + + if test "$mini_nettle" != no;then + GMP_CFLAGS="" + GMP_LIBS="" + else + if test x$GMP_LIBS = x; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for __gmpz_cmp in -lgmp" >&5 +$as_echo_n "checking for __gmpz_cmp in -lgmp... " >&6; } +if ${ac_cv_lib_gmp___gmpz_cmp+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-lgmp $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char __gmpz_cmp (); +int +main () +{ +return __gmpz_cmp (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + ac_cv_lib_gmp___gmpz_cmp=yes +else + ac_cv_lib_gmp___gmpz_cmp=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_gmp___gmpz_cmp" >&5 +$as_echo "$ac_cv_lib_gmp___gmpz_cmp" >&6; } +if test "x$ac_cv_lib_gmp___gmpz_cmp" = xyes; then : + GMP_LIBS="-lgmp" +else + as_fn_error $? " +*** +*** gmp was not found. +" "$LINENO" 5 +fi + + fi + fi + + + +LIBTASN1_MINIMUM=4.9 + +# Check whether --with-included-libtasn1 was given. +if test "${with_included_libtasn1+set}" = set; then : + withval=$with_included_libtasn1; included_libtasn1=$withval +else + included_libtasn1=no +fi + + if test "$included_libtasn1" = "no"; then + +pkg_failed=no +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for LIBTASN1" >&5 +$as_echo_n "checking for LIBTASN1... " >&6; } + +if test -n "$LIBTASN1_CFLAGS"; then + pkg_cv_LIBTASN1_CFLAGS="$LIBTASN1_CFLAGS" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libtasn1 >= \$LIBTASN1_MINIMUM\""; } >&5 + ($PKG_CONFIG --exists --print-errors "libtasn1 >= $LIBTASN1_MINIMUM") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + pkg_cv_LIBTASN1_CFLAGS=`$PKG_CONFIG --cflags "libtasn1 >= $LIBTASN1_MINIMUM" 2>/dev/null` + test "x$?" != "x0" && pkg_failed=yes +else + pkg_failed=yes +fi + else + pkg_failed=untried +fi +if test -n "$LIBTASN1_LIBS"; then + pkg_cv_LIBTASN1_LIBS="$LIBTASN1_LIBS" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libtasn1 >= \$LIBTASN1_MINIMUM\""; } >&5 + ($PKG_CONFIG --exists --print-errors "libtasn1 >= $LIBTASN1_MINIMUM") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + pkg_cv_LIBTASN1_LIBS=`$PKG_CONFIG --libs "libtasn1 >= $LIBTASN1_MINIMUM" 2>/dev/null` + test "x$?" != "x0" && pkg_failed=yes +else + pkg_failed=yes +fi + else + pkg_failed=untried +fi + + + +if test $pkg_failed = yes; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + +if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then + _pkg_short_errors_supported=yes +else + _pkg_short_errors_supported=no +fi + if test $_pkg_short_errors_supported = yes; then + LIBTASN1_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "libtasn1 >= $LIBTASN1_MINIMUM" 2>&1` + else + LIBTASN1_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "libtasn1 >= $LIBTASN1_MINIMUM" 2>&1` + fi + # Put the nasty error message in config.log where it belongs + echo "$LIBTASN1_PKG_ERRORS" >&5 + + included_libtasn1=yes +elif test $pkg_failed = untried; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + included_libtasn1=yes +else + LIBTASN1_CFLAGS=$pkg_cv_LIBTASN1_CFLAGS + LIBTASN1_LIBS=$pkg_cv_LIBTASN1_LIBS + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + +fi + if test "$included_libtasn1" = yes; then + as_fn_error $? " + *** + *** Libtasn1 $LIBTASN1_MINIMUM was not found. To use the included one, use --with-included-libtasn1 + " "$LINENO" 5 + fi + fi + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to use the included minitasn1" >&5 +$as_echo_n "checking whether to use the included minitasn1... " >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $included_libtasn1" >&5 +$as_echo "$included_libtasn1" >&6; } + if test "$included_libtasn1" = "yes"; then + ENABLE_MINITASN1_TRUE= + ENABLE_MINITASN1_FALSE='#' +else + ENABLE_MINITASN1_TRUE='#' + ENABLE_MINITASN1_FALSE= +fi + + + if test "$included_libtasn1" = "no"; then + GNUTLS_REQUIRES_PRIVATE="${GNUTLS_REQUIRES_PRIVATE}, libtasn1" + fi + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether C99 macros are supported" >&5 +$as_echo_n "checking whether C99 macros are supported... " >&6; } + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ + + #define test_mac(...) + int z,y,x; + test_mac(x,y,z); + return 0; + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + + +$as_echo "#define C99_MACROS 1" >>confdefs.h + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + +else + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: C99 macros not supported. This may affect compiling." >&5 +$as_echo "$as_me: WARNING: C99 macros not supported. This may affect compiling." >&2;} + +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + + ac_allow_sha1=no + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to allow SHA1 as an acceptable hash for cert digital signatures" >&5 +$as_echo_n "checking whether to allow SHA1 as an acceptable hash for cert digital signatures... " >&6; } + # Check whether --enable-sha1-support was given. +if test "${enable_sha1_support+set}" = set; then : + enableval=$enable_sha1_support; ac_allow_sha1=$enableval +fi + + if test x$ac_allow_sha1 != xno; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + +$as_echo "#define ALLOW_SHA1 1" >>confdefs.h + + else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + fi + if test "$ac_allow_sha1" != "no"; then + ALLOW_SHA1_TRUE= + ALLOW_SHA1_FALSE='#' +else + ALLOW_SHA1_TRUE='#' + ALLOW_SHA1_FALSE= +fi + + + ac_enable_ssl3=no + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to disable the SSL 3.0 protocol" >&5 +$as_echo_n "checking whether to disable the SSL 3.0 protocol... " >&6; } + # Check whether --enable-ssl3-support was given. +if test "${enable_ssl3_support+set}" = set; then : + enableval=$enable_ssl3_support; ac_enable_ssl3=$enableval +fi + + if test x$ac_enable_ssl3 != xno; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + +$as_echo "#define ENABLE_SSL3 1" >>confdefs.h + + else + ac_full=0 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + fi + + if test "$ac_enable_ssl3" != "no"; then + ENABLE_SSL3_TRUE= + ENABLE_SSL3_FALSE='#' +else + ENABLE_SSL3_TRUE='#' + ENABLE_SSL3_FALSE= +fi + + + ac_enable_ssl2=yes + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to disable the SSL 2.0 client hello" >&5 +$as_echo_n "checking whether to disable the SSL 2.0 client hello... " >&6; } + # Check whether --enable-ssl2-support was given. +if test "${enable_ssl2_support+set}" = set; then : + enableval=$enable_ssl2_support; ac_enable_ssl2=$enableval +fi + + if test x$ac_enable_ssl2 != xno; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + +$as_echo "#define ENABLE_SSL2 1" >>confdefs.h + + else + ac_full=0 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + fi + if test "$ac_enable_ssl2" != "no"; then + ENABLE_SSL2_TRUE= + ENABLE_SSL2_FALSE='#' +else + ENABLE_SSL2_TRUE='#' + ENABLE_SSL2_FALSE= +fi + + + ac_enable_srtp=yes + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to disable DTLS-SRTP extension" >&5 +$as_echo_n "checking whether to disable DTLS-SRTP extension... " >&6; } + # Check whether --enable-dtls-srtp-support was given. +if test "${enable_dtls_srtp_support+set}" = set; then : + enableval=$enable_dtls_srtp_support; ac_enable_srtp=$enableval +fi + + if test x$ac_enable_srtp != xno; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + +$as_echo "#define ENABLE_DTLS_SRTP 1" >>confdefs.h + + else + ac_full=0 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + fi + if test "$ac_enable_srtp" != "no"; then + ENABLE_DTLS_SRTP_TRUE= + ENABLE_DTLS_SRTP_FALSE='#' +else + ENABLE_DTLS_SRTP_TRUE='#' + ENABLE_DTLS_SRTP_FALSE= +fi + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to disable ALPN extension" >&5 +$as_echo_n "checking whether to disable ALPN extension... " >&6; } + # Check whether --enable-alpn-support was given. +if test "${enable_alpn_support+set}" = set; then : + enableval=$enable_alpn_support; ac_enable_alpn=$enableval +else + ac_enable_alpn=yes +fi + + if test x$ac_enable_alpn != xno; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + +$as_echo "#define ENABLE_ALPN 1" >>confdefs.h + + else + ac_full=0 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + fi + if test "$ac_enable_alpn" != "no"; then + ENABLE_ALPN_TRUE= + ENABLE_ALPN_FALSE='#' +else + ENABLE_ALPN_TRUE='#' + ENABLE_ALPN_FALSE= +fi + + + ac_enable_heartbeat=yes + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to enable TLS heartbeat support" >&5 +$as_echo_n "checking whether to enable TLS heartbeat support... " >&6; } + # Check whether --enable-heartbeat-support was given. +if test "${enable_heartbeat_support+set}" = set; then : + enableval=$enable_heartbeat_support; ac_enable_heartbeat=$enableval +fi + + if test x$ac_enable_heartbeat != xno; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + +$as_echo "#define ENABLE_HEARTBEAT 1" >>confdefs.h + + else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + fi + if test "$ac_enable_heartbeat" != "no"; then + ENABLE_HEARTBEAT_TRUE= + ENABLE_HEARTBEAT_FALSE='#' +else + ENABLE_HEARTBEAT_TRUE='#' + ENABLE_HEARTBEAT_FALSE= +fi + + + ac_enable_srp=yes + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to disable SRP authentication support" >&5 +$as_echo_n "checking whether to disable SRP authentication support... " >&6; } + # Check whether --enable-srp-authentication was given. +if test "${enable_srp_authentication+set}" = set; then : + enableval=$enable_srp_authentication; ac_enable_srp=$enableval +fi + + if test x$ac_enable_srp != xno; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + +$as_echo "#define ENABLE_SRP 1" >>confdefs.h + + else + ac_full=0 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + fi + if test "$ac_enable_srp" != "no"; then + ENABLE_SRP_TRUE= + ENABLE_SRP_FALSE='#' +else + ENABLE_SRP_TRUE='#' + ENABLE_SRP_FALSE= +fi + + + ac_enable_psk=yes + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to disable PSK authentication support" >&5 +$as_echo_n "checking whether to disable PSK authentication support... " >&6; } + # Check whether --enable-psk-authentication was given. +if test "${enable_psk_authentication+set}" = set; then : + enableval=$enable_psk_authentication; ac_enable_psk=$enableval +fi + + if test x$ac_enable_psk != xno; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + +$as_echo "#define ENABLE_PSK 1" >>confdefs.h + + else + ac_full=0 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + fi + if test "$ac_enable_psk" != "no"; then + ENABLE_PSK_TRUE= + ENABLE_PSK_FALSE='#' +else + ENABLE_PSK_TRUE='#' + ENABLE_PSK_FALSE= +fi + + + ac_enable_anon=yes + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to disable anonymous authentication support" >&5 +$as_echo_n "checking whether to disable anonymous authentication support... " >&6; } + # Check whether --enable-anon-authentication was given. +if test "${enable_anon_authentication+set}" = set; then : + enableval=$enable_anon_authentication; ac_enable_anon=$enableval +fi + + if test x$ac_enable_anon != xno; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + +$as_echo "#define ENABLE_ANON 1" >>confdefs.h + + else + ac_full=0 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + fi + if test "$ac_enable_anon" != "no"; then + ENABLE_ANON_TRUE= + ENABLE_ANON_FALSE='#' +else + ENABLE_ANON_TRUE='#' + ENABLE_ANON_FALSE= +fi + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to disable DHE support" >&5 +$as_echo_n "checking whether to disable DHE support... " >&6; } + # Check whether --enable-dhe was given. +if test "${enable_dhe+set}" = set; then : + enableval=$enable_dhe; ac_enable_dhe=$enableval +else + ac_enable_dhe=yes +fi + + if test x$ac_enable_dhe != xno; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + +$as_echo "#define ENABLE_DHE 1" >>confdefs.h + + else + ac_full=0 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + fi + if test "$ac_enable_dhe" != "no"; then + ENABLE_DHE_TRUE= + ENABLE_DHE_FALSE='#' +else + ENABLE_DHE_TRUE='#' + ENABLE_DHE_FALSE= +fi + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to disable ECDHE support" >&5 +$as_echo_n "checking whether to disable ECDHE support... " >&6; } + # Check whether --enable-ecdhe was given. +if test "${enable_ecdhe+set}" = set; then : + enableval=$enable_ecdhe; ac_enable_ecdhe=$enableval +else + ac_enable_ecdhe=yes +fi + + if test x$ac_enable_ecdhe != xno; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + +$as_echo "#define ENABLE_ECDHE 1" >>confdefs.h + + else + ac_full=0 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + fi + if test "$ac_enable_ecdhe" != "no"; then + ENABLE_ECDHE_TRUE= + ENABLE_ECDHE_FALSE='#' +else + ENABLE_ECDHE_TRUE='#' + ENABLE_ECDHE_FALSE= +fi + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to disable GOST support" >&5 +$as_echo_n "checking whether to disable GOST support... " >&6; } + # Check whether --enable-gost was given. +if test "${enable_gost+set}" = set; then : + enableval=$enable_gost; ac_enable_gost=$enableval +else + ac_enable_gost=yes +fi + + if test x$ac_enable_gost != xno; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + +$as_echo "#define ENABLE_GOST 1" >>confdefs.h + + else + ac_full=0 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + fi + if test "$ac_enable_gost" != "no"; then + ENABLE_GOST_TRUE= + ENABLE_GOST_FALSE='#' +else + ENABLE_GOST_TRUE='#' + ENABLE_GOST_FALSE= +fi + + + # For cryptodev + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to add cryptodev support" >&5 +$as_echo_n "checking whether to add cryptodev support... " >&6; } + # Check whether --enable-cryptodev was given. +if test "${enable_cryptodev+set}" = set; then : + enableval=$enable_cryptodev; enable_cryptodev=$enableval +else + enable_cryptodev=no +fi + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_cryptodev" >&5 +$as_echo "$enable_cryptodev" >&6; } + + if test "$enable_cryptodev" = "yes"; then + +$as_echo "#define ENABLE_CRYPTODEV 1" >>confdefs.h + + fi + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to disable OCSP support" >&5 +$as_echo_n "checking whether to disable OCSP support... " >&6; } + # Check whether --enable-ocsp was given. +if test "${enable_ocsp+set}" = set; then : + enableval=$enable_ocsp; ac_enable_ocsp=$enableval +else + ac_enable_ocsp=yes +fi + + if test x$ac_enable_ocsp != xno; then + ac_enable_ocsp=yes + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + +$as_echo "#define ENABLE_OCSP 1" >>confdefs.h + + else + ac_full=0 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + fi + if test "$ac_enable_ocsp" != "no"; then + ENABLE_OCSP_TRUE= + ENABLE_OCSP_FALSE='#' +else + ENABLE_OCSP_TRUE='#' + ENABLE_OCSP_FALSE= +fi + + + # For storing integers in pointers without warnings + # https://developer.gnome.org/doc/API/2.0/glib/glib-Type-Conversion-Macros.html#desc + # The cast to long int works around a bug in the HP C Compiler +# version HP92453-01 B.11.11.23709.GP, which incorrectly rejects +# declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'. +# This bug is HP SR number 8606223364. +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking size of void *" >&5 +$as_echo_n "checking size of void *... " >&6; } +if ${ac_cv_sizeof_void_p+:} false; then : + $as_echo_n "(cached) " >&6 +else + if ac_fn_c_compute_int "$LINENO" "(long int) (sizeof (void *))" "ac_cv_sizeof_void_p" "$ac_includes_default"; then : + +else + if test "$ac_cv_type_void_p" = yes; then + { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error 77 "cannot compute sizeof (void *) +See \`config.log' for more details" "$LINENO" 5; } + else + ac_cv_sizeof_void_p=0 + fi +fi + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sizeof_void_p" >&5 +$as_echo "$ac_cv_sizeof_void_p" >&6; } + + + +cat >>confdefs.h <<_ACEOF +#define SIZEOF_VOID_P $ac_cv_sizeof_void_p +_ACEOF + + + # The cast to long int works around a bug in the HP C Compiler +# version HP92453-01 B.11.11.23709.GP, which incorrectly rejects +# declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'. +# This bug is HP SR number 8606223364. +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking size of long long" >&5 +$as_echo_n "checking size of long long... " >&6; } +if ${ac_cv_sizeof_long_long+:} false; then : + $as_echo_n "(cached) " >&6 +else + if ac_fn_c_compute_int "$LINENO" "(long int) (sizeof (long long))" "ac_cv_sizeof_long_long" "$ac_includes_default"; then : + +else + if test "$ac_cv_type_long_long" = yes; then + { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error 77 "cannot compute sizeof (long long) +See \`config.log' for more details" "$LINENO" 5; } + else + ac_cv_sizeof_long_long=0 + fi +fi + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sizeof_long_long" >&5 +$as_echo "$ac_cv_sizeof_long_long" >&6; } + + + +cat >>confdefs.h <<_ACEOF +#define SIZEOF_LONG_LONG $ac_cv_sizeof_long_long +_ACEOF + + + # The cast to long int works around a bug in the HP C Compiler +# version HP92453-01 B.11.11.23709.GP, which incorrectly rejects +# declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'. +# This bug is HP SR number 8606223364. +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking size of long" >&5 +$as_echo_n "checking size of long... " >&6; } +if ${ac_cv_sizeof_long+:} false; then : + $as_echo_n "(cached) " >&6 +else + if ac_fn_c_compute_int "$LINENO" "(long int) (sizeof (long))" "ac_cv_sizeof_long" "$ac_includes_default"; then : + +else + if test "$ac_cv_type_long" = yes; then + { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error 77 "cannot compute sizeof (long) +See \`config.log' for more details" "$LINENO" 5; } + else + ac_cv_sizeof_long=0 + fi +fi + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sizeof_long" >&5 +$as_echo "$ac_cv_sizeof_long" >&6; } + + + +cat >>confdefs.h <<_ACEOF +#define SIZEOF_LONG $ac_cv_sizeof_long +_ACEOF + + + # The cast to long int works around a bug in the HP C Compiler +# version HP92453-01 B.11.11.23709.GP, which incorrectly rejects +# declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'. +# This bug is HP SR number 8606223364. +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking size of int" >&5 +$as_echo_n "checking size of int... " >&6; } +if ${ac_cv_sizeof_int+:} false; then : + $as_echo_n "(cached) " >&6 +else + if ac_fn_c_compute_int "$LINENO" "(long int) (sizeof (int))" "ac_cv_sizeof_int" "$ac_includes_default"; then : + +else + if test "$ac_cv_type_int" = yes; then + { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error 77 "cannot compute sizeof (int) +See \`config.log' for more details" "$LINENO" 5; } + else + ac_cv_sizeof_int=0 + fi +fi + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sizeof_int" >&5 +$as_echo "$ac_cv_sizeof_int" >&6; } + + + +cat >>confdefs.h <<_ACEOF +#define SIZEOF_INT $ac_cv_sizeof_int +_ACEOF + + + if test x$ac_cv_sizeof_void_p = x$ac_cv_sizeof_long;then + +$as_echo "#define GNUTLS_POINTER_TO_INT_CAST (long)" >>confdefs.h + + elif test x$ac_cv_sizeof_void_p = x$ac_cv_sizeof_long_long;then + +$as_echo "#define GNUTLS_POINTER_TO_INT_CAST (long long)" >>confdefs.h + + else + $as_echo "#define GNUTLS_POINTER_TO_INT_CAST /**/" >>confdefs.h + + fi + + + + GNULIB_CHDIR=0; + GNULIB_CHOWN=0; + GNULIB_CLOSE=0; + GNULIB_DUP=0; + GNULIB_DUP2=0; + GNULIB_DUP3=0; + GNULIB_ENVIRON=0; + GNULIB_EUIDACCESS=0; + GNULIB_FACCESSAT=0; + GNULIB_FCHDIR=0; + GNULIB_FCHOWNAT=0; + GNULIB_FDATASYNC=0; + GNULIB_FSYNC=0; + GNULIB_FTRUNCATE=0; + GNULIB_GETCWD=0; + GNULIB_GETDOMAINNAME=0; + GNULIB_GETDTABLESIZE=0; + GNULIB_GETGROUPS=0; + GNULIB_GETHOSTNAME=0; + GNULIB_GETLOGIN=0; + GNULIB_GETLOGIN_R=0; + GNULIB_GETPAGESIZE=0; + GNULIB_GETPASS=0; + GNULIB_GETUSERSHELL=0; + GNULIB_GROUP_MEMBER=0; + GNULIB_ISATTY=0; + GNULIB_LCHOWN=0; + GNULIB_LINK=0; + GNULIB_LINKAT=0; + GNULIB_LSEEK=0; + GNULIB_PIPE=0; + GNULIB_PIPE2=0; + GNULIB_PREAD=0; + GNULIB_PWRITE=0; + GNULIB_READ=0; + GNULIB_READLINK=0; + GNULIB_READLINKAT=0; + GNULIB_RMDIR=0; + GNULIB_SETHOSTNAME=0; + GNULIB_SLEEP=0; + GNULIB_SYMLINK=0; + GNULIB_SYMLINKAT=0; + GNULIB_TRUNCATE=0; + GNULIB_TTYNAME_R=0; + GNULIB_UNISTD_H_NONBLOCKING=0; + GNULIB_UNISTD_H_SIGPIPE=0; + GNULIB_UNLINK=0; + GNULIB_UNLINKAT=0; + GNULIB_USLEEP=0; + GNULIB_WRITE=0; + HAVE_CHOWN=1; + HAVE_DUP2=1; + HAVE_DUP3=1; + HAVE_EUIDACCESS=1; + HAVE_FACCESSAT=1; + HAVE_FCHDIR=1; + HAVE_FCHOWNAT=1; + HAVE_FDATASYNC=1; + HAVE_FSYNC=1; + HAVE_FTRUNCATE=1; + HAVE_GETDTABLESIZE=1; + HAVE_GETGROUPS=1; + HAVE_GETHOSTNAME=1; + HAVE_GETLOGIN=1; + HAVE_GETPAGESIZE=1; + HAVE_GETPASS=1; + HAVE_GROUP_MEMBER=1; + HAVE_LCHOWN=1; + HAVE_LINK=1; + HAVE_LINKAT=1; + HAVE_PIPE=1; + HAVE_PIPE2=1; + HAVE_PREAD=1; + HAVE_PWRITE=1; + HAVE_READLINK=1; + HAVE_READLINKAT=1; + HAVE_SETHOSTNAME=1; + HAVE_SLEEP=1; + HAVE_SYMLINK=1; + HAVE_SYMLINKAT=1; + HAVE_UNLINKAT=1; + HAVE_USLEEP=1; + HAVE_DECL_ENVIRON=1; + HAVE_DECL_FCHDIR=1; + HAVE_DECL_FDATASYNC=1; + HAVE_DECL_GETDOMAINNAME=1; + HAVE_DECL_GETLOGIN=1; + HAVE_DECL_GETLOGIN_R=1; + HAVE_DECL_GETPAGESIZE=1; + HAVE_DECL_GETUSERSHELL=1; + HAVE_DECL_SETHOSTNAME=1; + HAVE_DECL_TRUNCATE=1; + HAVE_DECL_TTYNAME_R=1; + HAVE_OS_H=0; + HAVE_SYS_PARAM_H=0; + REPLACE_CHOWN=0; + REPLACE_CLOSE=0; + REPLACE_DUP=0; + REPLACE_DUP2=0; + REPLACE_FACCESSAT=0; + REPLACE_FCHOWNAT=0; + REPLACE_FTRUNCATE=0; + REPLACE_GETCWD=0; + REPLACE_GETDOMAINNAME=0; + REPLACE_GETDTABLESIZE=0; + REPLACE_GETLOGIN_R=0; + REPLACE_GETGROUPS=0; + REPLACE_GETPAGESIZE=0; + REPLACE_GETPASS=0; + REPLACE_ISATTY=0; + REPLACE_LCHOWN=0; + REPLACE_LINK=0; + REPLACE_LINKAT=0; + REPLACE_LSEEK=0; + REPLACE_PREAD=0; + REPLACE_PWRITE=0; + REPLACE_READ=0; + REPLACE_READLINK=0; + REPLACE_READLINKAT=0; + REPLACE_RMDIR=0; + REPLACE_SLEEP=0; + REPLACE_SYMLINK=0; + REPLACE_SYMLINKAT=0; + REPLACE_TRUNCATE=0; + REPLACE_TTYNAME_R=0; + REPLACE_UNLINK=0; + REPLACE_UNLINKAT=0; + REPLACE_USLEEP=0; + REPLACE_WRITE=0; + UNISTD_H_HAVE_WINSOCK2_H=0; + UNISTD_H_HAVE_WINSOCK2_H_AND_USE_SOCKETS=0; + + + + GNULIB_IOCTL=0; + SYS_IOCTL_H_HAVE_WINSOCK2_H=0; + SYS_IOCTL_H_HAVE_WINSOCK2_H_AND_USE_SOCKETS=0; + + REPLACE_IOCTL=0; + + + + + for ac_header in $ac_header_list +do : + as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` +ac_fn_c_check_header_compile "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default +" +if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : + cat >>confdefs.h <<_ACEOF +#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 +_ACEOF + +fi + +done + + + + + + + + + if test $ac_cv_header_sys_socket_h != yes; then + for ac_header in winsock2.h +do : + ac_fn_c_check_header_mongrel "$LINENO" "winsock2.h" "ac_cv_header_winsock2_h" "$ac_includes_default" +if test "x$ac_cv_header_winsock2_h" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_WINSOCK2_H 1 +_ACEOF + +fi + +done + + fi + if test "$ac_cv_header_winsock2_h" = yes; then + HAVE_WINSOCK2_H=1 + UNISTD_H_HAVE_WINSOCK2_H=1 + SYS_IOCTL_H_HAVE_WINSOCK2_H=1 + else + HAVE_WINSOCK2_H=0 + fi + + LIBSOCKET= + if test $HAVE_WINSOCK2_H = 1; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if we need to call WSAStartup in winsock2.h and -lws2_32" >&5 +$as_echo_n "checking if we need to call WSAStartup in winsock2.h and -lws2_32... " >&6; } +if ${gl_cv_func_wsastartup+:} false; then : + $as_echo_n "(cached) " >&6 +else + + gl_save_LIBS="$LIBS" + LIBS="$LIBS -lws2_32" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#ifdef HAVE_WINSOCK2_H +# include +#endif +int +main () +{ + + WORD wVersionRequested = MAKEWORD(1, 1); + WSADATA wsaData; + int err = WSAStartup(wVersionRequested, &wsaData); + WSACleanup (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + gl_cv_func_wsastartup=yes +else + gl_cv_func_wsastartup=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + LIBS="$gl_save_LIBS" + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_func_wsastartup" >&5 +$as_echo "$gl_cv_func_wsastartup" >&6; } + if test "$gl_cv_func_wsastartup" = "yes"; then + +$as_echo "#define WINDOWS_SOCKETS 1" >>confdefs.h + + LIBSOCKET='-lws2_32' + fi + else + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing setsockopt" >&5 +$as_echo_n "checking for library containing setsockopt... " >&6; } +if ${gl_cv_lib_socket+:} false; then : + $as_echo_n "(cached) " >&6 +else + + gl_cv_lib_socket= + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +extern +#ifdef __cplusplus +"C" +#endif +char setsockopt(); +int +main () +{ +setsockopt(); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + +else + gl_save_LIBS="$LIBS" + LIBS="$gl_save_LIBS -lsocket" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +extern +#ifdef __cplusplus +"C" +#endif +char setsockopt(); +int +main () +{ +setsockopt(); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + gl_cv_lib_socket="-lsocket" +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + if test -z "$gl_cv_lib_socket"; then + LIBS="$gl_save_LIBS -lnetwork" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +extern +#ifdef __cplusplus +"C" +#endif +char setsockopt(); +int +main () +{ +setsockopt(); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + gl_cv_lib_socket="-lnetwork" +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + if test -z "$gl_cv_lib_socket"; then + LIBS="$gl_save_LIBS -lnet" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +extern +#ifdef __cplusplus +"C" +#endif +char setsockopt(); +int +main () +{ +setsockopt(); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + gl_cv_lib_socket="-lnet" +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + fi + fi + LIBS="$gl_save_LIBS" + +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + if test -z "$gl_cv_lib_socket"; then + gl_cv_lib_socket="none needed" + fi + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_lib_socket" >&5 +$as_echo "$gl_cv_lib_socket" >&6; } + if test "$gl_cv_lib_socket" != "none needed"; then + LIBSOCKET="$gl_cv_lib_socket" + fi + fi + + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to build OpenSSL compatibility layer" >&5 +$as_echo_n "checking whether to build OpenSSL compatibility layer... " >&6; } + # Check whether --enable-openssl-compatibility was given. +if test "${enable_openssl_compatibility+set}" = set; then : + enableval=$enable_openssl_compatibility; enable_openssl=$enableval +else + enable_openssl=no +fi + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_openssl" >&5 +$as_echo "$enable_openssl" >&6; } + if test "$enable_openssl" = "yes"; then + ENABLE_OPENSSL_TRUE= + ENABLE_OPENSSL_FALSE='#' +else + ENABLE_OPENSSL_TRUE='#' + ENABLE_OPENSSL_FALSE= +fi + + + # We link to ../lib's gnulib, which needs -lws2_32 via LIBSOCKET in Makefile.am. + + + + + : + + + + +# Check whether --enable-tests was given. +if test "${enable_tests+set}" = set; then : + enableval=$enable_tests; enable_tests=$enableval +else + enable_tests=$enable_tools +fi + + if test "$enable_tests" != "no"; then + ENABLE_TESTS_TRUE= + ENABLE_TESTS_FALSE='#' +else + ENABLE_TESTS_TRUE='#' + ENABLE_TESTS_FALSE= +fi + + +# Check whether --enable-fuzzer-target was given. +if test "${enable_fuzzer_target+set}" = set; then : + enableval=$enable_fuzzer_target; enable_fuzzer_target=$enableval +else + enable_fuzzer_target=no +fi + +if test "$enable_fuzzer_target" != "no";then + +$as_echo "#define FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION 1" >>confdefs.h + +fi + + + + + + gtk_doc_requires="gtk-doc >= 1.14" + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for gtk-doc" >&5 +$as_echo_n "checking for gtk-doc... " >&6; } + if test -n "$PKG_CONFIG" && \ + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"\$gtk_doc_requires\""; } >&5 + ($PKG_CONFIG --exists --print-errors "$gtk_doc_requires") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + have_gtk_doc=yes +else + have_gtk_doc=no +fi + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $have_gtk_doc" >&5 +$as_echo "$have_gtk_doc" >&6; } + + if test "$have_gtk_doc" = "no"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: + You will not be able to create source packages with 'make dist' + because $gtk_doc_requires is not found." >&5 +$as_echo "$as_me: WARNING: + You will not be able to create source packages with 'make dist' + because $gtk_doc_requires is not found." >&2;} + fi + + # Extract the first word of "gtkdoc-check", so it can be a program name with args. +set dummy gtkdoc-check; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_GTKDOC_CHECK+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$GTKDOC_CHECK"; then + ac_cv_prog_GTKDOC_CHECK="$GTKDOC_CHECK" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_GTKDOC_CHECK="gtkdoc-check.test" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +GTKDOC_CHECK=$ac_cv_prog_GTKDOC_CHECK +if test -n "$GTKDOC_CHECK"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $GTKDOC_CHECK" >&5 +$as_echo "$GTKDOC_CHECK" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + + # Extract the first word of "gtkdoc-check", so it can be a program name with args. +set dummy gtkdoc-check; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_path_GTKDOC_CHECK_PATH+:} false; then : + $as_echo_n "(cached) " >&6 +else + case $GTKDOC_CHECK_PATH in + [\\/]* | ?:[\\/]*) + ac_cv_path_GTKDOC_CHECK_PATH="$GTKDOC_CHECK_PATH" # Let the user override the test with a path. + ;; + *) + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_path_GTKDOC_CHECK_PATH="$as_dir/$ac_word$ac_exec_ext" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + + ;; +esac +fi +GTKDOC_CHECK_PATH=$ac_cv_path_GTKDOC_CHECK_PATH +if test -n "$GTKDOC_CHECK_PATH"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $GTKDOC_CHECK_PATH" >&5 +$as_echo "$GTKDOC_CHECK_PATH" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + + for ac_prog in gtkdoc-rebase +do + # Extract the first word of "$ac_prog", so it can be a program name with args. +set dummy $ac_prog; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_path_GTKDOC_REBASE+:} false; then : + $as_echo_n "(cached) " >&6 +else + case $GTKDOC_REBASE in + [\\/]* | ?:[\\/]*) + ac_cv_path_GTKDOC_REBASE="$GTKDOC_REBASE" # Let the user override the test with a path. + ;; + *) + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_path_GTKDOC_REBASE="$as_dir/$ac_word$ac_exec_ext" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + + ;; +esac +fi +GTKDOC_REBASE=$ac_cv_path_GTKDOC_REBASE +if test -n "$GTKDOC_REBASE"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $GTKDOC_REBASE" >&5 +$as_echo "$GTKDOC_REBASE" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + + test -n "$GTKDOC_REBASE" && break +done +test -n "$GTKDOC_REBASE" || GTKDOC_REBASE="true" + + # Extract the first word of "gtkdoc-mkpdf", so it can be a program name with args. +set dummy gtkdoc-mkpdf; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_path_GTKDOC_MKPDF+:} false; then : + $as_echo_n "(cached) " >&6 +else + case $GTKDOC_MKPDF in + [\\/]* | ?:[\\/]*) + ac_cv_path_GTKDOC_MKPDF="$GTKDOC_MKPDF" # Let the user override the test with a path. + ;; + *) + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_path_GTKDOC_MKPDF="$as_dir/$ac_word$ac_exec_ext" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + + ;; +esac +fi +GTKDOC_MKPDF=$ac_cv_path_GTKDOC_MKPDF +if test -n "$GTKDOC_MKPDF"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $GTKDOC_MKPDF" >&5 +$as_echo "$GTKDOC_MKPDF" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + + + +# Check whether --with-html-dir was given. +if test "${with_html_dir+set}" = set; then : + withval=$with_html_dir; +else + with_html_dir='${datadir}/gtk-doc/html' +fi + + HTML_DIR="$with_html_dir" + + + # Check whether --enable-gtk-doc was given. +if test "${enable_gtk_doc+set}" = set; then : + enableval=$enable_gtk_doc; +else + enable_gtk_doc=no +fi + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to build gtk-doc documentation" >&5 +$as_echo_n "checking whether to build gtk-doc documentation... " >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_gtk_doc" >&5 +$as_echo "$enable_gtk_doc" >&6; } + + if test "x$enable_gtk_doc" = "xyes" && test "$have_gtk_doc" = "no"; then + as_fn_error $? " + You must have $gtk_doc_requires installed to build documentation for + $PACKAGE_NAME. Please install gtk-doc or disable building the + documentation by adding '--disable-gtk-doc' to '$0'." "$LINENO" 5 + fi + + if test "x$PACKAGE_NAME" != "xglib"; then + +pkg_failed=no +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for GTKDOC_DEPS" >&5 +$as_echo_n "checking for GTKDOC_DEPS... " >&6; } + +if test -n "$GTKDOC_DEPS_CFLAGS"; then + pkg_cv_GTKDOC_DEPS_CFLAGS="$GTKDOC_DEPS_CFLAGS" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"glib-2.0 >= 2.10.0 gobject-2.0 >= 2.10.0\""; } >&5 + ($PKG_CONFIG --exists --print-errors "glib-2.0 >= 2.10.0 gobject-2.0 >= 2.10.0") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + pkg_cv_GTKDOC_DEPS_CFLAGS=`$PKG_CONFIG --cflags "glib-2.0 >= 2.10.0 gobject-2.0 >= 2.10.0" 2>/dev/null` + test "x$?" != "x0" && pkg_failed=yes +else + pkg_failed=yes +fi + else + pkg_failed=untried +fi +if test -n "$GTKDOC_DEPS_LIBS"; then + pkg_cv_GTKDOC_DEPS_LIBS="$GTKDOC_DEPS_LIBS" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"glib-2.0 >= 2.10.0 gobject-2.0 >= 2.10.0\""; } >&5 + ($PKG_CONFIG --exists --print-errors "glib-2.0 >= 2.10.0 gobject-2.0 >= 2.10.0") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + pkg_cv_GTKDOC_DEPS_LIBS=`$PKG_CONFIG --libs "glib-2.0 >= 2.10.0 gobject-2.0 >= 2.10.0" 2>/dev/null` + test "x$?" != "x0" && pkg_failed=yes +else + pkg_failed=yes +fi + else + pkg_failed=untried +fi + + + +if test $pkg_failed = yes; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + +if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then + _pkg_short_errors_supported=yes +else + _pkg_short_errors_supported=no +fi + if test $_pkg_short_errors_supported = yes; then + GTKDOC_DEPS_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "glib-2.0 >= 2.10.0 gobject-2.0 >= 2.10.0" 2>&1` + else + GTKDOC_DEPS_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "glib-2.0 >= 2.10.0 gobject-2.0 >= 2.10.0" 2>&1` + fi + # Put the nasty error message in config.log where it belongs + echo "$GTKDOC_DEPS_PKG_ERRORS" >&5 + + : +elif test $pkg_failed = untried; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + : +else + GTKDOC_DEPS_CFLAGS=$pkg_cv_GTKDOC_DEPS_CFLAGS + GTKDOC_DEPS_LIBS=$pkg_cv_GTKDOC_DEPS_LIBS + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + +fi + fi + + # Check whether --enable-gtk-doc-html was given. +if test "${enable_gtk_doc_html+set}" = set; then : + enableval=$enable_gtk_doc_html; +else + enable_gtk_doc_html=yes +fi + + # Check whether --enable-gtk-doc-pdf was given. +if test "${enable_gtk_doc_pdf+set}" = set; then : + enableval=$enable_gtk_doc_pdf; +else + enable_gtk_doc_pdf=no +fi + + + if test -z "$GTKDOC_MKPDF"; then + enable_gtk_doc_pdf=no + fi + + if test -z "$AM_DEFAULT_VERBOSITY"; then + AM_DEFAULT_VERBOSITY=1 + fi + + + if test x$have_gtk_doc = xyes; then + HAVE_GTK_DOC_TRUE= + HAVE_GTK_DOC_FALSE='#' +else + HAVE_GTK_DOC_TRUE='#' + HAVE_GTK_DOC_FALSE= +fi + + if test x$enable_gtk_doc = xyes; then + ENABLE_GTK_DOC_TRUE= + ENABLE_GTK_DOC_FALSE='#' +else + ENABLE_GTK_DOC_TRUE='#' + ENABLE_GTK_DOC_FALSE= +fi + + if test x$enable_gtk_doc_html = xyes; then + GTK_DOC_BUILD_HTML_TRUE= + GTK_DOC_BUILD_HTML_FALSE='#' +else + GTK_DOC_BUILD_HTML_TRUE='#' + GTK_DOC_BUILD_HTML_FALSE= +fi + + if test x$enable_gtk_doc_pdf = xyes; then + GTK_DOC_BUILD_PDF_TRUE= + GTK_DOC_BUILD_PDF_FALSE='#' +else + GTK_DOC_BUILD_PDF_TRUE='#' + GTK_DOC_BUILD_PDF_FALSE= +fi + + if test -n "$LIBTOOL"; then + GTK_DOC_USE_LIBTOOL_TRUE= + GTK_DOC_USE_LIBTOOL_FALSE='#' +else + GTK_DOC_USE_LIBTOOL_TRUE='#' + GTK_DOC_USE_LIBTOOL_FALSE= +fi + + if test -n "$GTKDOC_REBASE"; then + GTK_DOC_USE_REBASE_TRUE= + GTK_DOC_USE_REBASE_FALSE='#' +else + GTK_DOC_USE_REBASE_TRUE='#' + GTK_DOC_USE_REBASE_FALSE= +fi + + + +# needed for some older versions of gtk-doc + + if false; then + GTK_DOC_USE_LIBTOOL_TRUE= + GTK_DOC_USE_LIBTOOL_FALSE='#' +else + GTK_DOC_USE_LIBTOOL_TRUE='#' + GTK_DOC_USE_LIBTOOL_FALSE= +fi + + + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether NLS is requested" >&5 +$as_echo_n "checking whether NLS is requested... " >&6; } + # Check whether --enable-nls was given. +if test "${enable_nls+set}" = set; then : + enableval=$enable_nls; USE_NLS=$enableval +else + USE_NLS=yes +fi + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $USE_NLS" >&5 +$as_echo "$USE_NLS" >&6; } + + + + + GETTEXT_MACRO_VERSION=0.19 + + + + +# Prepare PATH_SEPARATOR. +# The user is always right. +if test "${PATH_SEPARATOR+set}" != set; then + # Determine PATH_SEPARATOR by trying to find /bin/sh in a PATH which + # contains only /bin. Note that ksh looks also at the FPATH variable, + # so we have to set that as well for the test. + PATH_SEPARATOR=: + (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 \ + && { (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 \ + || PATH_SEPARATOR=';' + } +fi + +# Find out how to test for executable files. Don't use a zero-byte file, +# as systems may use methods other than mode bits to determine executability. +cat >conf$$.file <<_ASEOF +#! /bin/sh +exit 0 +_ASEOF +chmod +x conf$$.file +if test -x conf$$.file >/dev/null 2>&1; then + ac_executable_p="test -x" +else + ac_executable_p="test -f" +fi +rm -f conf$$.file + +# Extract the first word of "msgfmt", so it can be a program name with args. +set dummy msgfmt; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_path_MSGFMT+:} false; then : + $as_echo_n "(cached) " >&6 +else + case "$MSGFMT" in + [\\/]* | ?:[\\/]*) + ac_cv_path_MSGFMT="$MSGFMT" # Let the user override the test with a path. + ;; + *) + ac_save_IFS="$IFS"; IFS=$PATH_SEPARATOR + for ac_dir in $PATH; do + IFS="$ac_save_IFS" + test -z "$ac_dir" && ac_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if $ac_executable_p "$ac_dir/$ac_word$ac_exec_ext"; then + echo "$as_me: trying $ac_dir/$ac_word..." >&5 + if $ac_dir/$ac_word --statistics /dev/null >&5 2>&1 && + (if $ac_dir/$ac_word --statistics /dev/null 2>&1 >/dev/null | grep usage >/dev/null; then exit 1; else exit 0; fi); then + ac_cv_path_MSGFMT="$ac_dir/$ac_word$ac_exec_ext" + break 2 + fi + fi + done + done + IFS="$ac_save_IFS" + test -z "$ac_cv_path_MSGFMT" && ac_cv_path_MSGFMT=":" + ;; +esac +fi +MSGFMT="$ac_cv_path_MSGFMT" +if test "$MSGFMT" != ":"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $MSGFMT" >&5 +$as_echo "$MSGFMT" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + # Extract the first word of "gmsgfmt", so it can be a program name with args. +set dummy gmsgfmt; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_path_GMSGFMT+:} false; then : + $as_echo_n "(cached) " >&6 +else + case $GMSGFMT in + [\\/]* | ?:[\\/]*) + ac_cv_path_GMSGFMT="$GMSGFMT" # Let the user override the test with a path. + ;; + *) + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_path_GMSGFMT="$as_dir/$ac_word$ac_exec_ext" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + + test -z "$ac_cv_path_GMSGFMT" && ac_cv_path_GMSGFMT="$MSGFMT" + ;; +esac +fi +GMSGFMT=$ac_cv_path_GMSGFMT +if test -n "$GMSGFMT"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $GMSGFMT" >&5 +$as_echo "$GMSGFMT" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + + + case `$MSGFMT --version | sed 1q | sed -e 's,^[^0-9]*,,'` in + '' | 0.[0-9] | 0.[0-9].* | 0.1[0-4] | 0.1[0-4].*) MSGFMT_015=: ;; + *) MSGFMT_015=$MSGFMT ;; + esac + + case `$GMSGFMT --version | sed 1q | sed -e 's,^[^0-9]*,,'` in + '' | 0.[0-9] | 0.[0-9].* | 0.1[0-4] | 0.1[0-4].*) GMSGFMT_015=: ;; + *) GMSGFMT_015=$GMSGFMT ;; + esac + + + +# Prepare PATH_SEPARATOR. +# The user is always right. +if test "${PATH_SEPARATOR+set}" != set; then + # Determine PATH_SEPARATOR by trying to find /bin/sh in a PATH which + # contains only /bin. Note that ksh looks also at the FPATH variable, + # so we have to set that as well for the test. + PATH_SEPARATOR=: + (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 \ + && { (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 \ + || PATH_SEPARATOR=';' + } +fi + +# Find out how to test for executable files. Don't use a zero-byte file, +# as systems may use methods other than mode bits to determine executability. +cat >conf$$.file <<_ASEOF +#! /bin/sh +exit 0 +_ASEOF +chmod +x conf$$.file +if test -x conf$$.file >/dev/null 2>&1; then + ac_executable_p="test -x" +else + ac_executable_p="test -f" +fi +rm -f conf$$.file + +# Extract the first word of "xgettext", so it can be a program name with args. +set dummy xgettext; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_path_XGETTEXT+:} false; then : + $as_echo_n "(cached) " >&6 +else + case "$XGETTEXT" in + [\\/]* | ?:[\\/]*) + ac_cv_path_XGETTEXT="$XGETTEXT" # Let the user override the test with a path. + ;; + *) + ac_save_IFS="$IFS"; IFS=$PATH_SEPARATOR + for ac_dir in $PATH; do + IFS="$ac_save_IFS" + test -z "$ac_dir" && ac_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if $ac_executable_p "$ac_dir/$ac_word$ac_exec_ext"; then + echo "$as_me: trying $ac_dir/$ac_word..." >&5 + if $ac_dir/$ac_word --omit-header --copyright-holder= --msgid-bugs-address= /dev/null >&5 2>&1 && + (if $ac_dir/$ac_word --omit-header --copyright-holder= --msgid-bugs-address= /dev/null 2>&1 >/dev/null | grep usage >/dev/null; then exit 1; else exit 0; fi); then + ac_cv_path_XGETTEXT="$ac_dir/$ac_word$ac_exec_ext" + break 2 + fi + fi + done + done + IFS="$ac_save_IFS" + test -z "$ac_cv_path_XGETTEXT" && ac_cv_path_XGETTEXT=":" + ;; +esac +fi +XGETTEXT="$ac_cv_path_XGETTEXT" +if test "$XGETTEXT" != ":"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $XGETTEXT" >&5 +$as_echo "$XGETTEXT" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + rm -f messages.po + + case `$XGETTEXT --version | sed 1q | sed -e 's,^[^0-9]*,,'` in + '' | 0.[0-9] | 0.[0-9].* | 0.1[0-4] | 0.1[0-4].*) XGETTEXT_015=: ;; + *) XGETTEXT_015=$XGETTEXT ;; + esac + + + +# Prepare PATH_SEPARATOR. +# The user is always right. +if test "${PATH_SEPARATOR+set}" != set; then + # Determine PATH_SEPARATOR by trying to find /bin/sh in a PATH which + # contains only /bin. Note that ksh looks also at the FPATH variable, + # so we have to set that as well for the test. + PATH_SEPARATOR=: + (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 \ + && { (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 \ + || PATH_SEPARATOR=';' + } +fi + +# Find out how to test for executable files. Don't use a zero-byte file, +# as systems may use methods other than mode bits to determine executability. +cat >conf$$.file <<_ASEOF +#! /bin/sh +exit 0 +_ASEOF +chmod +x conf$$.file +if test -x conf$$.file >/dev/null 2>&1; then + ac_executable_p="test -x" +else + ac_executable_p="test -f" +fi +rm -f conf$$.file + +# Extract the first word of "msgmerge", so it can be a program name with args. +set dummy msgmerge; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_path_MSGMERGE+:} false; then : + $as_echo_n "(cached) " >&6 +else + case "$MSGMERGE" in + [\\/]* | ?:[\\/]*) + ac_cv_path_MSGMERGE="$MSGMERGE" # Let the user override the test with a path. + ;; + *) + ac_save_IFS="$IFS"; IFS=$PATH_SEPARATOR + for ac_dir in $PATH; do + IFS="$ac_save_IFS" + test -z "$ac_dir" && ac_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if $ac_executable_p "$ac_dir/$ac_word$ac_exec_ext"; then + echo "$as_me: trying $ac_dir/$ac_word..." >&5 + if $ac_dir/$ac_word --update -q /dev/null /dev/null >&5 2>&1; then + ac_cv_path_MSGMERGE="$ac_dir/$ac_word$ac_exec_ext" + break 2 + fi + fi + done + done + IFS="$ac_save_IFS" + test -z "$ac_cv_path_MSGMERGE" && ac_cv_path_MSGMERGE=":" + ;; +esac +fi +MSGMERGE="$ac_cv_path_MSGMERGE" +if test "$MSGMERGE" != ":"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $MSGMERGE" >&5 +$as_echo "$MSGMERGE" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + + test -n "$localedir" || localedir='${datadir}/locale' + + + test -n "${XGETTEXT_EXTRA_OPTIONS+set}" || XGETTEXT_EXTRA_OPTIONS= + + + ac_config_commands="$ac_config_commands po-directories" + + + + if test "X$prefix" = "XNONE"; then + acl_final_prefix="$ac_default_prefix" + else + acl_final_prefix="$prefix" + fi + if test "X$exec_prefix" = "XNONE"; then + acl_final_exec_prefix='${prefix}' + else + acl_final_exec_prefix="$exec_prefix" + fi + acl_save_prefix="$prefix" + prefix="$acl_final_prefix" + eval acl_final_exec_prefix=\"$acl_final_exec_prefix\" + prefix="$acl_save_prefix" + + + +# Check whether --with-gnu-ld was given. +if test "${with_gnu_ld+set}" = set; then : + withval=$with_gnu_ld; test "$withval" = no || with_gnu_ld=yes +else + with_gnu_ld=no +fi + +# Prepare PATH_SEPARATOR. +# The user is always right. +if test "${PATH_SEPARATOR+set}" != set; then + # Determine PATH_SEPARATOR by trying to find /bin/sh in a PATH which + # contains only /bin. Note that ksh looks also at the FPATH variable, + # so we have to set that as well for the test. + PATH_SEPARATOR=: + (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 \ + && { (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 \ + || PATH_SEPARATOR=';' + } +fi + +if test -n "$LD"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ld" >&5 +$as_echo_n "checking for ld... " >&6; } +elif test "$GCC" = yes; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ld used by $CC" >&5 +$as_echo_n "checking for ld used by $CC... " >&6; } +elif test "$with_gnu_ld" = yes; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for GNU ld" >&5 +$as_echo_n "checking for GNU ld... " >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for non-GNU ld" >&5 +$as_echo_n "checking for non-GNU ld... " >&6; } +fi +if test -n "$LD"; then + # Let the user override the test with a path. + : +else + if ${acl_cv_path_LD+:} false; then : + $as_echo_n "(cached) " >&6 +else + + acl_cv_path_LD= # Final result of this test + ac_prog=ld # Program to search in $PATH + if test "$GCC" = yes; then + # Check if gcc -print-prog-name=ld gives a path. + case $host in + *-*-mingw*) + # gcc leaves a trailing carriage return which upsets mingw + acl_output=`($CC -print-prog-name=ld) 2>&5 | tr -d '\015'` ;; + *) + acl_output=`($CC -print-prog-name=ld) 2>&5` ;; + esac + case $acl_output in + # Accept absolute paths. + [\\/]* | ?:[\\/]*) + re_direlt='/[^/][^/]*/\.\./' + # Canonicalize the pathname of ld + acl_output=`echo "$acl_output" | sed 's%\\\\%/%g'` + while echo "$acl_output" | grep "$re_direlt" > /dev/null 2>&1; do + acl_output=`echo $acl_output | sed "s%$re_direlt%/%"` + done + # Got the pathname. No search in PATH is needed. + acl_cv_path_LD="$acl_output" + ac_prog= + ;; + "") + # If it fails, then pretend we aren't using GCC. + ;; + *) + # If it is relative, then search for the first ld in PATH. + with_gnu_ld=unknown + ;; + esac + fi + if test -n "$ac_prog"; then + # Search for $ac_prog in $PATH. + acl_save_ifs="$IFS"; IFS=$PATH_SEPARATOR + for ac_dir in $PATH; do + IFS="$acl_save_ifs" + test -z "$ac_dir" && ac_dir=. + if test -f "$ac_dir/$ac_prog" || test -f "$ac_dir/$ac_prog$ac_exeext"; then + acl_cv_path_LD="$ac_dir/$ac_prog" + # Check to see if the program is GNU ld. I'd rather use --version, + # but apparently some variants of GNU ld only accept -v. + # Break only if it was the GNU/non-GNU ld that we prefer. + case `"$acl_cv_path_LD" -v 2>&1 conftest.$ac_ext +/* end confdefs.h. */ +#if defined __powerpc64__ || defined _ARCH_PPC64 + int ok; + #else + error fail + #endif + +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + # The compiler produces 64-bit code. Add option '-b64' so that the + # linker groks 64-bit object files. + case "$acl_cv_path_LD " in + *" -b64 "*) ;; + *) acl_cv_path_LD="$acl_cv_path_LD -b64" ;; + esac + +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + ;; + sparc64-*-netbsd*) + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#if defined __sparcv9 || defined __arch64__ + int ok; + #else + error fail + #endif + +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + +else + # The compiler produces 32-bit code. Add option '-m elf32_sparc' + # so that the linker groks 32-bit object files. + case "$acl_cv_path_LD " in + *" -m elf32_sparc "*) ;; + *) acl_cv_path_LD="$acl_cv_path_LD -m elf32_sparc" ;; + esac + +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + ;; + esac + +fi + + LD="$acl_cv_path_LD" +fi +if test -n "$LD"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $LD" >&5 +$as_echo "$LD" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + as_fn_error $? "no acceptable ld found in \$PATH" "$LINENO" 5 +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if the linker ($LD) is GNU ld" >&5 +$as_echo_n "checking if the linker ($LD) is GNU ld... " >&6; } +if ${acl_cv_prog_gnu_ld+:} false; then : + $as_echo_n "(cached) " >&6 +else + # I'd rather use --version here, but apparently some GNU lds only accept -v. +case `$LD -v 2>&1 &5 +$as_echo "$acl_cv_prog_gnu_ld" >&6; } +with_gnu_ld=$acl_cv_prog_gnu_ld + + + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for shared library run path origin" >&5 +$as_echo_n "checking for shared library run path origin... " >&6; } +if ${acl_cv_rpath+:} false; then : + $as_echo_n "(cached) " >&6 +else + + CC="$CC" GCC="$GCC" LDFLAGS="$LDFLAGS" LD="$LD" with_gnu_ld="$with_gnu_ld" \ + ${CONFIG_SHELL-/bin/sh} "$ac_aux_dir/config.rpath" "$host" > conftest.sh + . ./conftest.sh + rm -f ./conftest.sh + acl_cv_rpath=done + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $acl_cv_rpath" >&5 +$as_echo "$acl_cv_rpath" >&6; } + wl="$acl_cv_wl" + acl_libext="$acl_cv_libext" + acl_shlibext="$acl_cv_shlibext" + acl_libname_spec="$acl_cv_libname_spec" + acl_library_names_spec="$acl_cv_library_names_spec" + acl_hardcode_libdir_flag_spec="$acl_cv_hardcode_libdir_flag_spec" + acl_hardcode_libdir_separator="$acl_cv_hardcode_libdir_separator" + acl_hardcode_direct="$acl_cv_hardcode_direct" + acl_hardcode_minus_L="$acl_cv_hardcode_minus_L" + # Check whether --enable-rpath was given. +if test "${enable_rpath+set}" = set; then : + enableval=$enable_rpath; : +else + enable_rpath=yes +fi + + + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking 32-bit host C ABI" >&5 +$as_echo_n "checking 32-bit host C ABI... " >&6; } +if ${gl_cv_host_cpu_c_abi_32bit+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$gl_cv_host_cpu_c_abi"; then + case "$gl_cv_host_cpu_c_abi" in + i386 | x86_64-x32 | arm | armhf | arm64-ilp32 | hppa | ia64-ilp32 | mips | mipsn32 | powerpc | riscv*-ilp32* | s390 | sparc) + gl_cv_host_cpu_c_abi_32bit=yes ;; + *) + gl_cv_host_cpu_c_abi_32bit=no ;; + esac + else + case "$host_cpu" in + + i[4567]86 ) + gl_cv_host_cpu_c_abi_32bit=yes + ;; + + x86_64 ) + # On x86_64 systems, the C compiler may be generating code in one of + # these ABIs: + # - 64-bit instruction set, 64-bit pointers, 64-bit 'long': x86_64. + # - 64-bit instruction set, 64-bit pointers, 32-bit 'long': x86_64 + # with native Windows (mingw, MSVC). + # - 64-bit instruction set, 32-bit pointers, 32-bit 'long': x86_64-x32. + # - 32-bit instruction set, 32-bit pointers, 32-bit 'long': i386. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#if (defined __x86_64__ || defined __amd64__ \ + || defined _M_X64 || defined _M_AMD64) \ + && !(defined __ILP32__ || defined _ILP32) + int ok; + #else + error fail + #endif + +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + gl_cv_host_cpu_c_abi_32bit=no +else + gl_cv_host_cpu_c_abi_32bit=yes +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + ;; + + arm* | aarch64 ) + # Assume arm with EABI. + # On arm64 systems, the C compiler may be generating code in one of + # these ABIs: + # - aarch64 instruction set, 64-bit pointers, 64-bit 'long': arm64. + # - aarch64 instruction set, 32-bit pointers, 32-bit 'long': arm64-ilp32. + # - 32-bit instruction set, 32-bit pointers, 32-bit 'long': arm or armhf. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#if defined __aarch64__ && !(defined __ILP32__ || defined _ILP32) + int ok; + #else + error fail + #endif + +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + gl_cv_host_cpu_c_abi_32bit=no +else + gl_cv_host_cpu_c_abi_32bit=yes +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + ;; + + hppa1.0 | hppa1.1 | hppa2.0* | hppa64 ) + # On hppa, the C compiler may be generating 32-bit code or 64-bit + # code. In the latter case, it defines _LP64 and __LP64__. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#ifdef __LP64__ + int ok; + #else + error fail + #endif + +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + gl_cv_host_cpu_c_abi_32bit=no +else + gl_cv_host_cpu_c_abi_32bit=yes +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + ;; + + ia64* ) + # On ia64 on HP-UX, the C compiler may be generating 64-bit code or + # 32-bit code. In the latter case, it defines _ILP32. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#ifdef _ILP32 + int ok; + #else + error fail + #endif + +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + gl_cv_host_cpu_c_abi_32bit=yes +else + gl_cv_host_cpu_c_abi_32bit=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + ;; + + mips* ) + # We should also check for (_MIPS_SZPTR == 64), but gcc keeps this + # at 32. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#if defined _MIPS_SZLONG && (_MIPS_SZLONG == 64) + int ok; + #else + error fail + #endif + +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + gl_cv_host_cpu_c_abi_32bit=no +else + gl_cv_host_cpu_c_abi_32bit=yes +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + ;; + + powerpc* ) + # Different ABIs are in use on AIX vs. Mac OS X vs. Linux,*BSD. + # No need to distinguish them here; the caller may distinguish + # them based on the OS. + # On powerpc64 systems, the C compiler may still be generating + # 32-bit code. And on powerpc-ibm-aix systems, the C compiler may + # be generating 64-bit code. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#if defined __powerpc64__ || defined _ARCH_PPC64 + int ok; + #else + error fail + #endif + +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + gl_cv_host_cpu_c_abi_32bit=no +else + gl_cv_host_cpu_c_abi_32bit=yes +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + ;; + + rs6000 ) + gl_cv_host_cpu_c_abi_32bit=yes + ;; + + riscv32 | riscv64 ) + # There are 6 ABIs: ilp32, ilp32f, ilp32d, lp64, lp64f, lp64d. + # Size of 'long' and 'void *': + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#if defined __LP64__ + int ok; + #else + error fail + #endif + +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + gl_cv_host_cpu_c_abi_32bit=no +else + gl_cv_host_cpu_c_abi_32bit=yes +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + ;; + + s390* ) + # On s390x, the C compiler may be generating 64-bit (= s390x) code + # or 31-bit (= s390) code. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#if defined __LP64__ || defined __s390x__ + int ok; + #else + error fail + #endif + +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + gl_cv_host_cpu_c_abi_32bit=no +else + gl_cv_host_cpu_c_abi_32bit=yes +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + ;; + + sparc | sparc64 ) + # UltraSPARCs running Linux have `uname -m` = "sparc64", but the + # C compiler still generates 32-bit code. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#if defined __sparcv9 || defined __arch64__ + int ok; + #else + error fail + #endif + +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + gl_cv_host_cpu_c_abi_32bit=no +else + gl_cv_host_cpu_c_abi_32bit=yes +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + ;; + + *) + gl_cv_host_cpu_c_abi_32bit=no + ;; + esac + fi + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_host_cpu_c_abi_32bit" >&5 +$as_echo "$gl_cv_host_cpu_c_abi_32bit" >&6; } + + HOST_CPU_C_ABI_32BIT="$gl_cv_host_cpu_c_abi_32bit" + + + + + + case "$host_os" in + solaris*) + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for 64-bit host" >&5 +$as_echo_n "checking for 64-bit host... " >&6; } +if ${gl_cv_solaris_64bit+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#ifdef _LP64 + int ok; + #else + error fail + #endif + +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + gl_cv_solaris_64bit=yes +else + gl_cv_solaris_64bit=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_solaris_64bit" >&5 +$as_echo "$gl_cv_solaris_64bit" >&6; };; + esac + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for the common suffixes of directories in the library search path" >&5 +$as_echo_n "checking for the common suffixes of directories in the library search path... " >&6; } +if ${acl_cv_libdirstems+:} false; then : + $as_echo_n "(cached) " >&6 +else + acl_libdirstem=lib + acl_libdirstem2= + case "$host_os" in + solaris*) + if test $gl_cv_solaris_64bit = yes; then + acl_libdirstem=lib/64 + case "$host_cpu" in + sparc*) acl_libdirstem2=lib/sparcv9 ;; + i*86 | x86_64) acl_libdirstem2=lib/amd64 ;; + esac + fi + ;; + *) + if test "$HOST_CPU_C_ABI_32BIT" != yes; then + searchpath=`(if test -f /usr/bin/gcc \ + && LC_ALL=C /usr/bin/gcc -print-search-dirs >/dev/null 2>/dev/null; then \ + LC_ALL=C /usr/bin/gcc -print-search-dirs; \ + else \ + LC_ALL=C $CC -print-search-dirs; \ + fi) 2>/dev/null \ + | sed -n -e 's,^libraries: ,,p' | sed -e 's,^=,,'` + if test -n "$searchpath"; then + acl_save_IFS="${IFS= }"; IFS=":" + for searchdir in $searchpath; do + if test -d "$searchdir"; then + case "$searchdir" in + */lib64/ | */lib64 ) acl_libdirstem=lib64 ;; + */../ | */.. ) + # Better ignore directories of this form. They are misleading. + ;; + *) searchdir=`cd "$searchdir" && pwd` + case "$searchdir" in + */lib64 ) acl_libdirstem=lib64 ;; + esac ;; + esac + fi + done + IFS="$acl_save_IFS" + fi + fi + ;; + esac + test -n "$acl_libdirstem2" || acl_libdirstem2="$acl_libdirstem" + acl_cv_libdirstems="$acl_libdirstem,$acl_libdirstem2" + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $acl_cv_libdirstems" >&5 +$as_echo "$acl_cv_libdirstems" >&6; } + # Decompose acl_cv_libdirstems into acl_libdirstem and acl_libdirstem2. + acl_libdirstem=`echo "$acl_cv_libdirstems" | sed -e 's/,.*//'` + acl_libdirstem2=`echo "$acl_cv_libdirstems" | sed -e '/,/s/.*,//'` + + + + + + + + + + + + use_additional=yes + + acl_save_prefix="$prefix" + prefix="$acl_final_prefix" + acl_save_exec_prefix="$exec_prefix" + exec_prefix="$acl_final_exec_prefix" + + eval additional_includedir=\"$includedir\" + eval additional_libdir=\"$libdir\" + + exec_prefix="$acl_save_exec_prefix" + prefix="$acl_save_prefix" + + +# Check whether --with-libiconv-prefix was given. +if test "${with_libiconv_prefix+set}" = set; then : + withval=$with_libiconv_prefix; + if test "X$withval" = "Xno"; then + use_additional=no + else + if test "X$withval" = "X"; then + + acl_save_prefix="$prefix" + prefix="$acl_final_prefix" + acl_save_exec_prefix="$exec_prefix" + exec_prefix="$acl_final_exec_prefix" + + eval additional_includedir=\"$includedir\" + eval additional_libdir=\"$libdir\" + + exec_prefix="$acl_save_exec_prefix" + prefix="$acl_save_prefix" + + else + additional_includedir="$withval/include" + additional_libdir="$withval/$acl_libdirstem" + if test "$acl_libdirstem2" != "$acl_libdirstem" \ + && test ! -d "$withval/$acl_libdirstem"; then + additional_libdir="$withval/$acl_libdirstem2" + fi + fi + fi + +fi + + LIBICONV= + LTLIBICONV= + INCICONV= + LIBICONV_PREFIX= + HAVE_LIBICONV= + rpathdirs= + ltrpathdirs= + names_already_handled= + names_next_round='iconv ' + while test -n "$names_next_round"; do + names_this_round="$names_next_round" + names_next_round= + for name in $names_this_round; do + already_handled= + for n in $names_already_handled; do + if test "$n" = "$name"; then + already_handled=yes + break + fi + done + if test -z "$already_handled"; then + names_already_handled="$names_already_handled $name" + uppername=`echo "$name" | sed -e 'y|abcdefghijklmnopqrstuvwxyz./+-|ABCDEFGHIJKLMNOPQRSTUVWXYZ____|'` + eval value=\"\$HAVE_LIB$uppername\" + if test -n "$value"; then + if test "$value" = yes; then + eval value=\"\$LIB$uppername\" + test -z "$value" || LIBICONV="${LIBICONV}${LIBICONV:+ }$value" + eval value=\"\$LTLIB$uppername\" + test -z "$value" || LTLIBICONV="${LTLIBICONV}${LTLIBICONV:+ }$value" + else + : + fi + else + found_dir= + found_la= + found_so= + found_a= + eval libname=\"$acl_libname_spec\" # typically: libname=lib$name + if test -n "$acl_shlibext"; then + shrext=".$acl_shlibext" # typically: shrext=.so + else + shrext= + fi + if test $use_additional = yes; then + dir="$additional_libdir" + if test -n "$acl_shlibext"; then + if test -f "$dir/$libname$shrext"; then + found_dir="$dir" + found_so="$dir/$libname$shrext" + else + if test "$acl_library_names_spec" = '$libname$shrext$versuffix'; then + ver=`(cd "$dir" && \ + for f in "$libname$shrext".*; do echo "$f"; done \ + | sed -e "s,^$libname$shrext\\\\.,," \ + | sort -t '.' -n -r -k1,1 -k2,2 -k3,3 -k4,4 -k5,5 \ + | sed 1q ) 2>/dev/null` + if test -n "$ver" && test -f "$dir/$libname$shrext.$ver"; then + found_dir="$dir" + found_so="$dir/$libname$shrext.$ver" + fi + else + eval library_names=\"$acl_library_names_spec\" + for f in $library_names; do + if test -f "$dir/$f"; then + found_dir="$dir" + found_so="$dir/$f" + break + fi + done + fi + fi + fi + if test "X$found_dir" = "X"; then + if test -f "$dir/$libname.$acl_libext"; then + found_dir="$dir" + found_a="$dir/$libname.$acl_libext" + fi + fi + if test "X$found_dir" != "X"; then + if test -f "$dir/$libname.la"; then + found_la="$dir/$libname.la" + fi + fi + fi + if test "X$found_dir" = "X"; then + for x in $LDFLAGS $LTLIBICONV; do + + acl_save_prefix="$prefix" + prefix="$acl_final_prefix" + acl_save_exec_prefix="$exec_prefix" + exec_prefix="$acl_final_exec_prefix" + eval x=\"$x\" + exec_prefix="$acl_save_exec_prefix" + prefix="$acl_save_prefix" + + case "$x" in + -L*) + dir=`echo "X$x" | sed -e 's/^X-L//'` + if test -n "$acl_shlibext"; then + if test -f "$dir/$libname$shrext"; then + found_dir="$dir" + found_so="$dir/$libname$shrext" + else + if test "$acl_library_names_spec" = '$libname$shrext$versuffix'; then + ver=`(cd "$dir" && \ + for f in "$libname$shrext".*; do echo "$f"; done \ + | sed -e "s,^$libname$shrext\\\\.,," \ + | sort -t '.' -n -r -k1,1 -k2,2 -k3,3 -k4,4 -k5,5 \ + | sed 1q ) 2>/dev/null` + if test -n "$ver" && test -f "$dir/$libname$shrext.$ver"; then + found_dir="$dir" + found_so="$dir/$libname$shrext.$ver" + fi + else + eval library_names=\"$acl_library_names_spec\" + for f in $library_names; do + if test -f "$dir/$f"; then + found_dir="$dir" + found_so="$dir/$f" + break + fi + done + fi + fi + fi + if test "X$found_dir" = "X"; then + if test -f "$dir/$libname.$acl_libext"; then + found_dir="$dir" + found_a="$dir/$libname.$acl_libext" + fi + fi + if test "X$found_dir" != "X"; then + if test -f "$dir/$libname.la"; then + found_la="$dir/$libname.la" + fi + fi + ;; + esac + if test "X$found_dir" != "X"; then + break + fi + done + fi + if test "X$found_dir" != "X"; then + LTLIBICONV="${LTLIBICONV}${LTLIBICONV:+ }-L$found_dir -l$name" + if test "X$found_so" != "X"; then + if test "$enable_rpath" = no \ + || test "X$found_dir" = "X/usr/$acl_libdirstem" \ + || test "X$found_dir" = "X/usr/$acl_libdirstem2"; then + LIBICONV="${LIBICONV}${LIBICONV:+ }$found_so" + else + haveit= + for x in $ltrpathdirs; do + if test "X$x" = "X$found_dir"; then + haveit=yes + break + fi + done + if test -z "$haveit"; then + ltrpathdirs="$ltrpathdirs $found_dir" + fi + if test "$acl_hardcode_direct" = yes; then + LIBICONV="${LIBICONV}${LIBICONV:+ }$found_so" + else + if test -n "$acl_hardcode_libdir_flag_spec" && test "$acl_hardcode_minus_L" = no; then + LIBICONV="${LIBICONV}${LIBICONV:+ }$found_so" + haveit= + for x in $rpathdirs; do + if test "X$x" = "X$found_dir"; then + haveit=yes + break + fi + done + if test -z "$haveit"; then + rpathdirs="$rpathdirs $found_dir" + fi + else + haveit= + for x in $LDFLAGS $LIBICONV; do + + acl_save_prefix="$prefix" + prefix="$acl_final_prefix" + acl_save_exec_prefix="$exec_prefix" + exec_prefix="$acl_final_exec_prefix" + eval x=\"$x\" + exec_prefix="$acl_save_exec_prefix" + prefix="$acl_save_prefix" + + if test "X$x" = "X-L$found_dir"; then + haveit=yes + break + fi + done + if test -z "$haveit"; then + LIBICONV="${LIBICONV}${LIBICONV:+ }-L$found_dir" + fi + if test "$acl_hardcode_minus_L" != no; then + LIBICONV="${LIBICONV}${LIBICONV:+ }$found_so" + else + LIBICONV="${LIBICONV}${LIBICONV:+ }-l$name" + fi + fi + fi + fi + else + if test "X$found_a" != "X"; then + LIBICONV="${LIBICONV}${LIBICONV:+ }$found_a" + else + LIBICONV="${LIBICONV}${LIBICONV:+ }-L$found_dir -l$name" + fi + fi + additional_includedir= + case "$found_dir" in + */$acl_libdirstem | */$acl_libdirstem/) + basedir=`echo "X$found_dir" | sed -e 's,^X,,' -e "s,/$acl_libdirstem/"'*$,,'` + if test "$name" = 'iconv'; then + LIBICONV_PREFIX="$basedir" + fi + additional_includedir="$basedir/include" + ;; + */$acl_libdirstem2 | */$acl_libdirstem2/) + basedir=`echo "X$found_dir" | sed -e 's,^X,,' -e "s,/$acl_libdirstem2/"'*$,,'` + if test "$name" = 'iconv'; then + LIBICONV_PREFIX="$basedir" + fi + additional_includedir="$basedir/include" + ;; + esac + if test "X$additional_includedir" != "X"; then + if test "X$additional_includedir" != "X/usr/include"; then + haveit= + if test "X$additional_includedir" = "X/usr/local/include"; then + if test -n "$GCC"; then + case $host_os in + linux* | gnu* | k*bsd*-gnu) haveit=yes;; + esac + fi + fi + if test -z "$haveit"; then + for x in $CPPFLAGS $INCICONV; do + + acl_save_prefix="$prefix" + prefix="$acl_final_prefix" + acl_save_exec_prefix="$exec_prefix" + exec_prefix="$acl_final_exec_prefix" + eval x=\"$x\" + exec_prefix="$acl_save_exec_prefix" + prefix="$acl_save_prefix" + + if test "X$x" = "X-I$additional_includedir"; then + haveit=yes + break + fi + done + if test -z "$haveit"; then + if test -d "$additional_includedir"; then + INCICONV="${INCICONV}${INCICONV:+ }-I$additional_includedir" + fi + fi + fi + fi + fi + if test -n "$found_la"; then + save_libdir="$libdir" + case "$found_la" in + */* | *\\*) . "$found_la" ;; + *) . "./$found_la" ;; + esac + libdir="$save_libdir" + for dep in $dependency_libs; do + case "$dep" in + -L*) + additional_libdir=`echo "X$dep" | sed -e 's/^X-L//'` + if test "X$additional_libdir" != "X/usr/$acl_libdirstem" \ + && test "X$additional_libdir" != "X/usr/$acl_libdirstem2"; then + haveit= + if test "X$additional_libdir" = "X/usr/local/$acl_libdirstem" \ + || test "X$additional_libdir" = "X/usr/local/$acl_libdirstem2"; then + if test -n "$GCC"; then + case $host_os in + linux* | gnu* | k*bsd*-gnu) haveit=yes;; + esac + fi + fi + if test -z "$haveit"; then + haveit= + for x in $LDFLAGS $LIBICONV; do + + acl_save_prefix="$prefix" + prefix="$acl_final_prefix" + acl_save_exec_prefix="$exec_prefix" + exec_prefix="$acl_final_exec_prefix" + eval x=\"$x\" + exec_prefix="$acl_save_exec_prefix" + prefix="$acl_save_prefix" + + if test "X$x" = "X-L$additional_libdir"; then + haveit=yes + break + fi + done + if test -z "$haveit"; then + if test -d "$additional_libdir"; then + LIBICONV="${LIBICONV}${LIBICONV:+ }-L$additional_libdir" + fi + fi + haveit= + for x in $LDFLAGS $LTLIBICONV; do + + acl_save_prefix="$prefix" + prefix="$acl_final_prefix" + acl_save_exec_prefix="$exec_prefix" + exec_prefix="$acl_final_exec_prefix" + eval x=\"$x\" + exec_prefix="$acl_save_exec_prefix" + prefix="$acl_save_prefix" + + if test "X$x" = "X-L$additional_libdir"; then + haveit=yes + break + fi + done + if test -z "$haveit"; then + if test -d "$additional_libdir"; then + LTLIBICONV="${LTLIBICONV}${LTLIBICONV:+ }-L$additional_libdir" + fi + fi + fi + fi + ;; + -R*) + dir=`echo "X$dep" | sed -e 's/^X-R//'` + if test "$enable_rpath" != no; then + haveit= + for x in $rpathdirs; do + if test "X$x" = "X$dir"; then + haveit=yes + break + fi + done + if test -z "$haveit"; then + rpathdirs="$rpathdirs $dir" + fi + haveit= + for x in $ltrpathdirs; do + if test "X$x" = "X$dir"; then + haveit=yes + break + fi + done + if test -z "$haveit"; then + ltrpathdirs="$ltrpathdirs $dir" + fi + fi + ;; + -l*) + names_next_round="$names_next_round "`echo "X$dep" | sed -e 's/^X-l//'` + ;; + *.la) + names_next_round="$names_next_round "`echo "X$dep" | sed -e 's,^X.*/,,' -e 's,^lib,,' -e 's,\.la$,,'` + ;; + *) + LIBICONV="${LIBICONV}${LIBICONV:+ }$dep" + LTLIBICONV="${LTLIBICONV}${LTLIBICONV:+ }$dep" + ;; + esac + done + fi + else + LIBICONV="${LIBICONV}${LIBICONV:+ }-l$name" + LTLIBICONV="${LTLIBICONV}${LTLIBICONV:+ }-l$name" + fi + fi + fi + done + done + if test "X$rpathdirs" != "X"; then + if test -n "$acl_hardcode_libdir_separator"; then + alldirs= + for found_dir in $rpathdirs; do + alldirs="${alldirs}${alldirs:+$acl_hardcode_libdir_separator}$found_dir" + done + acl_save_libdir="$libdir" + libdir="$alldirs" + eval flag=\"$acl_hardcode_libdir_flag_spec\" + libdir="$acl_save_libdir" + LIBICONV="${LIBICONV}${LIBICONV:+ }$flag" + else + for found_dir in $rpathdirs; do + acl_save_libdir="$libdir" + libdir="$found_dir" + eval flag=\"$acl_hardcode_libdir_flag_spec\" + libdir="$acl_save_libdir" + LIBICONV="${LIBICONV}${LIBICONV:+ }$flag" + done + fi + fi + if test "X$ltrpathdirs" != "X"; then + for found_dir in $ltrpathdirs; do + LTLIBICONV="${LTLIBICONV}${LTLIBICONV:+ }-R$found_dir" + done + fi + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for CFPreferencesCopyAppValue" >&5 +$as_echo_n "checking for CFPreferencesCopyAppValue... " >&6; } +if ${gt_cv_func_CFPreferencesCopyAppValue+:} false; then : + $as_echo_n "(cached) " >&6 +else + gt_save_LIBS="$LIBS" + LIBS="$LIBS -Wl,-framework -Wl,CoreFoundation" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +int +main () +{ +CFPreferencesCopyAppValue(NULL, NULL) + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + gt_cv_func_CFPreferencesCopyAppValue=yes +else + gt_cv_func_CFPreferencesCopyAppValue=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + LIBS="$gt_save_LIBS" +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gt_cv_func_CFPreferencesCopyAppValue" >&5 +$as_echo "$gt_cv_func_CFPreferencesCopyAppValue" >&6; } + if test $gt_cv_func_CFPreferencesCopyAppValue = yes; then + +$as_echo "#define HAVE_CFPREFERENCESCOPYAPPVALUE 1" >>confdefs.h + + fi + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for CFLocaleCopyCurrent" >&5 +$as_echo_n "checking for CFLocaleCopyCurrent... " >&6; } +if ${gt_cv_func_CFLocaleCopyCurrent+:} false; then : + $as_echo_n "(cached) " >&6 +else + gt_save_LIBS="$LIBS" + LIBS="$LIBS -Wl,-framework -Wl,CoreFoundation" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +int +main () +{ +CFLocaleCopyCurrent(); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + gt_cv_func_CFLocaleCopyCurrent=yes +else + gt_cv_func_CFLocaleCopyCurrent=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + LIBS="$gt_save_LIBS" +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gt_cv_func_CFLocaleCopyCurrent" >&5 +$as_echo "$gt_cv_func_CFLocaleCopyCurrent" >&6; } + if test $gt_cv_func_CFLocaleCopyCurrent = yes; then + +$as_echo "#define HAVE_CFLOCALECOPYCURRENT 1" >>confdefs.h + + fi + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for CFLocaleCopyPreferredLanguages" >&5 +$as_echo_n "checking for CFLocaleCopyPreferredLanguages... " >&6; } +if ${gt_cv_func_CFLocaleCopyPreferredLanguages+:} false; then : + $as_echo_n "(cached) " >&6 +else + gt_save_LIBS="$LIBS" + LIBS="$LIBS -Wl,-framework -Wl,CoreFoundation" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +int +main () +{ +CFLocaleCopyPreferredLanguages(); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + gt_cv_func_CFLocaleCopyPreferredLanguages=yes +else + gt_cv_func_CFLocaleCopyPreferredLanguages=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + LIBS="$gt_save_LIBS" +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gt_cv_func_CFLocaleCopyPreferredLanguages" >&5 +$as_echo "$gt_cv_func_CFLocaleCopyPreferredLanguages" >&6; } + if test $gt_cv_func_CFLocaleCopyPreferredLanguages = yes; then + +$as_echo "#define HAVE_CFLOCALECOPYPREFERREDLANGUAGES 1" >>confdefs.h + + fi + INTL_MACOSX_LIBS= + if test $gt_cv_func_CFPreferencesCopyAppValue = yes \ + || test $gt_cv_func_CFLocaleCopyCurrent = yes \ + || test $gt_cv_func_CFLocaleCopyPreferredLanguages = yes; then + INTL_MACOSX_LIBS="-Wl,-framework -Wl,CoreFoundation" + fi + + + + + + + LIBINTL= + LTLIBINTL= + POSUB= + + case " $gt_needs " in + *" need-formatstring-macros "*) gt_api_version=3 ;; + *" need-ngettext "*) gt_api_version=2 ;; + *) gt_api_version=1 ;; + esac + gt_func_gnugettext_libc="gt_cv_func_gnugettext${gt_api_version}_libc" + gt_func_gnugettext_libintl="gt_cv_func_gnugettext${gt_api_version}_libintl" + + if test "$USE_NLS" = "yes"; then + gt_use_preinstalled_gnugettext=no + + + if test $gt_api_version -ge 3; then + gt_revision_test_code=' +#ifndef __GNU_GETTEXT_SUPPORTED_REVISION +#define __GNU_GETTEXT_SUPPORTED_REVISION(major) ((major) == 0 ? 0 : -1) +#endif +typedef int array [2 * (__GNU_GETTEXT_SUPPORTED_REVISION(0) >= 1) - 1]; +' + else + gt_revision_test_code= + fi + if test $gt_api_version -ge 2; then + gt_expression_test_code=' + * ngettext ("", "", 0)' + else + gt_expression_test_code= + fi + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for GNU gettext in libc" >&5 +$as_echo_n "checking for GNU gettext in libc... " >&6; } +if eval \${$gt_func_gnugettext_libc+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +$gt_revision_test_code +extern int _nl_msg_cat_cntr; +extern int *_nl_domain_bindings; + +int +main () +{ + +bindtextdomain ("", ""); +return * gettext ("")$gt_expression_test_code + _nl_msg_cat_cntr + *_nl_domain_bindings + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + eval "$gt_func_gnugettext_libc=yes" +else + eval "$gt_func_gnugettext_libc=no" +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +fi +eval ac_res=\$$gt_func_gnugettext_libc + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 +$as_echo "$ac_res" >&6; } + + if { eval "gt_val=\$$gt_func_gnugettext_libc"; test "$gt_val" != "yes"; }; then + + + + + + am_save_CPPFLAGS="$CPPFLAGS" + + for element in $INCICONV; do + haveit= + for x in $CPPFLAGS; do + + acl_save_prefix="$prefix" + prefix="$acl_final_prefix" + acl_save_exec_prefix="$exec_prefix" + exec_prefix="$acl_final_exec_prefix" + eval x=\"$x\" + exec_prefix="$acl_save_exec_prefix" + prefix="$acl_save_prefix" + + if test "X$x" = "X$element"; then + haveit=yes + break + fi + done + if test -z "$haveit"; then + CPPFLAGS="${CPPFLAGS}${CPPFLAGS:+ }$element" + fi + done + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for iconv" >&5 +$as_echo_n "checking for iconv... " >&6; } +if ${am_cv_func_iconv+:} false; then : + $as_echo_n "(cached) " >&6 +else + + am_cv_func_iconv="no, consider installing GNU libiconv" + am_cv_lib_iconv=no + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include + +int +main () +{ +iconv_t cd = iconv_open("",""); + iconv(cd,NULL,NULL,NULL,NULL); + iconv_close(cd); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + am_cv_func_iconv=yes +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + if test "$am_cv_func_iconv" != yes; then + am_save_LIBS="$LIBS" + LIBS="$LIBS $LIBICONV" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include + +int +main () +{ +iconv_t cd = iconv_open("",""); + iconv(cd,NULL,NULL,NULL,NULL); + iconv_close(cd); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + am_cv_lib_iconv=yes + am_cv_func_iconv=yes +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + LIBS="$am_save_LIBS" + fi + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_func_iconv" >&5 +$as_echo "$am_cv_func_iconv" >&6; } + if test "$am_cv_func_iconv" = yes; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for working iconv" >&5 +$as_echo_n "checking for working iconv... " >&6; } +if ${am_cv_func_iconv_works+:} false; then : + $as_echo_n "(cached) " >&6 +else + + am_save_LIBS="$LIBS" + if test $am_cv_lib_iconv = yes; then + LIBS="$LIBS $LIBICONV" + fi + if test "$cross_compiling" = yes; then : + + case "$host_os" in + aix* | hpux*) am_cv_func_iconv_works="guessing no" ;; + *) am_cv_func_iconv_works="guessing yes" ;; + esac + +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include +int main () +{ + int result = 0; + /* Test against AIX 5.1 bug: Failures are not distinguishable from successful + returns. */ + { + iconv_t cd_utf8_to_88591 = iconv_open ("ISO8859-1", "UTF-8"); + if (cd_utf8_to_88591 != (iconv_t)(-1)) + { + static const char input[] = "\342\202\254"; /* EURO SIGN */ + char buf[10]; + const char *inptr = input; + size_t inbytesleft = strlen (input); + char *outptr = buf; + size_t outbytesleft = sizeof (buf); + size_t res = iconv (cd_utf8_to_88591, + (char **) &inptr, &inbytesleft, + &outptr, &outbytesleft); + if (res == 0) + result |= 1; + iconv_close (cd_utf8_to_88591); + } + } + /* Test against Solaris 10 bug: Failures are not distinguishable from + successful returns. */ + { + iconv_t cd_ascii_to_88591 = iconv_open ("ISO8859-1", "646"); + if (cd_ascii_to_88591 != (iconv_t)(-1)) + { + static const char input[] = "\263"; + char buf[10]; + const char *inptr = input; + size_t inbytesleft = strlen (input); + char *outptr = buf; + size_t outbytesleft = sizeof (buf); + size_t res = iconv (cd_ascii_to_88591, + (char **) &inptr, &inbytesleft, + &outptr, &outbytesleft); + if (res == 0) + result |= 2; + iconv_close (cd_ascii_to_88591); + } + } + /* Test against AIX 6.1..7.1 bug: Buffer overrun. */ + { + iconv_t cd_88591_to_utf8 = iconv_open ("UTF-8", "ISO-8859-1"); + if (cd_88591_to_utf8 != (iconv_t)(-1)) + { + static const char input[] = "\304"; + static char buf[2] = { (char)0xDE, (char)0xAD }; + const char *inptr = input; + size_t inbytesleft = 1; + char *outptr = buf; + size_t outbytesleft = 1; + size_t res = iconv (cd_88591_to_utf8, + (char **) &inptr, &inbytesleft, + &outptr, &outbytesleft); + if (res != (size_t)(-1) || outptr - buf > 1 || buf[1] != (char)0xAD) + result |= 4; + iconv_close (cd_88591_to_utf8); + } + } +#if 0 /* This bug could be worked around by the caller. */ + /* Test against HP-UX 11.11 bug: Positive return value instead of 0. */ + { + iconv_t cd_88591_to_utf8 = iconv_open ("utf8", "iso88591"); + if (cd_88591_to_utf8 != (iconv_t)(-1)) + { + static const char input[] = "\304rger mit b\366sen B\374bchen ohne Augenma\337"; + char buf[50]; + const char *inptr = input; + size_t inbytesleft = strlen (input); + char *outptr = buf; + size_t outbytesleft = sizeof (buf); + size_t res = iconv (cd_88591_to_utf8, + (char **) &inptr, &inbytesleft, + &outptr, &outbytesleft); + if ((int)res > 0) + result |= 8; + iconv_close (cd_88591_to_utf8); + } + } +#endif + /* Test against HP-UX 11.11 bug: No converter from EUC-JP to UTF-8 is + provided. */ + if (/* Try standardized names. */ + iconv_open ("UTF-8", "EUC-JP") == (iconv_t)(-1) + /* Try IRIX, OSF/1 names. */ + && iconv_open ("UTF-8", "eucJP") == (iconv_t)(-1) + /* Try AIX names. */ + && iconv_open ("UTF-8", "IBM-eucJP") == (iconv_t)(-1) + /* Try HP-UX names. */ + && iconv_open ("utf8", "eucJP") == (iconv_t)(-1)) + result |= 16; + return result; +} +_ACEOF +if ac_fn_c_try_run "$LINENO"; then : + am_cv_func_iconv_works=yes +else + am_cv_func_iconv_works=no +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + + LIBS="$am_save_LIBS" + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_func_iconv_works" >&5 +$as_echo "$am_cv_func_iconv_works" >&6; } + case "$am_cv_func_iconv_works" in + *no) am_func_iconv=no am_cv_lib_iconv=no ;; + *) am_func_iconv=yes ;; + esac + else + am_func_iconv=no am_cv_lib_iconv=no + fi + if test "$am_func_iconv" = yes; then + +$as_echo "#define HAVE_ICONV 1" >>confdefs.h + + fi + if test "$am_cv_lib_iconv" = yes; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking how to link with libiconv" >&5 +$as_echo_n "checking how to link with libiconv... " >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $LIBICONV" >&5 +$as_echo "$LIBICONV" >&6; } + else + CPPFLAGS="$am_save_CPPFLAGS" + LIBICONV= + LTLIBICONV= + fi + + + + + + + + + + + use_additional=yes + + acl_save_prefix="$prefix" + prefix="$acl_final_prefix" + acl_save_exec_prefix="$exec_prefix" + exec_prefix="$acl_final_exec_prefix" + + eval additional_includedir=\"$includedir\" + eval additional_libdir=\"$libdir\" + + exec_prefix="$acl_save_exec_prefix" + prefix="$acl_save_prefix" + + +# Check whether --with-libintl-prefix was given. +if test "${with_libintl_prefix+set}" = set; then : + withval=$with_libintl_prefix; + if test "X$withval" = "Xno"; then + use_additional=no + else + if test "X$withval" = "X"; then + + acl_save_prefix="$prefix" + prefix="$acl_final_prefix" + acl_save_exec_prefix="$exec_prefix" + exec_prefix="$acl_final_exec_prefix" + + eval additional_includedir=\"$includedir\" + eval additional_libdir=\"$libdir\" + + exec_prefix="$acl_save_exec_prefix" + prefix="$acl_save_prefix" + + else + additional_includedir="$withval/include" + additional_libdir="$withval/$acl_libdirstem" + if test "$acl_libdirstem2" != "$acl_libdirstem" \ + && test ! -d "$withval/$acl_libdirstem"; then + additional_libdir="$withval/$acl_libdirstem2" + fi + fi + fi + +fi + + LIBINTL= + LTLIBINTL= + INCINTL= + LIBINTL_PREFIX= + HAVE_LIBINTL= + rpathdirs= + ltrpathdirs= + names_already_handled= + names_next_round='intl ' + while test -n "$names_next_round"; do + names_this_round="$names_next_round" + names_next_round= + for name in $names_this_round; do + already_handled= + for n in $names_already_handled; do + if test "$n" = "$name"; then + already_handled=yes + break + fi + done + if test -z "$already_handled"; then + names_already_handled="$names_already_handled $name" + uppername=`echo "$name" | sed -e 'y|abcdefghijklmnopqrstuvwxyz./+-|ABCDEFGHIJKLMNOPQRSTUVWXYZ____|'` + eval value=\"\$HAVE_LIB$uppername\" + if test -n "$value"; then + if test "$value" = yes; then + eval value=\"\$LIB$uppername\" + test -z "$value" || LIBINTL="${LIBINTL}${LIBINTL:+ }$value" + eval value=\"\$LTLIB$uppername\" + test -z "$value" || LTLIBINTL="${LTLIBINTL}${LTLIBINTL:+ }$value" + else + : + fi + else + found_dir= + found_la= + found_so= + found_a= + eval libname=\"$acl_libname_spec\" # typically: libname=lib$name + if test -n "$acl_shlibext"; then + shrext=".$acl_shlibext" # typically: shrext=.so + else + shrext= + fi + if test $use_additional = yes; then + dir="$additional_libdir" + if test -n "$acl_shlibext"; then + if test -f "$dir/$libname$shrext"; then + found_dir="$dir" + found_so="$dir/$libname$shrext" + else + if test "$acl_library_names_spec" = '$libname$shrext$versuffix'; then + ver=`(cd "$dir" && \ + for f in "$libname$shrext".*; do echo "$f"; done \ + | sed -e "s,^$libname$shrext\\\\.,," \ + | sort -t '.' -n -r -k1,1 -k2,2 -k3,3 -k4,4 -k5,5 \ + | sed 1q ) 2>/dev/null` + if test -n "$ver" && test -f "$dir/$libname$shrext.$ver"; then + found_dir="$dir" + found_so="$dir/$libname$shrext.$ver" + fi + else + eval library_names=\"$acl_library_names_spec\" + for f in $library_names; do + if test -f "$dir/$f"; then + found_dir="$dir" + found_so="$dir/$f" + break + fi + done + fi + fi + fi + if test "X$found_dir" = "X"; then + if test -f "$dir/$libname.$acl_libext"; then + found_dir="$dir" + found_a="$dir/$libname.$acl_libext" + fi + fi + if test "X$found_dir" != "X"; then + if test -f "$dir/$libname.la"; then + found_la="$dir/$libname.la" + fi + fi + fi + if test "X$found_dir" = "X"; then + for x in $LDFLAGS $LTLIBINTL; do + + acl_save_prefix="$prefix" + prefix="$acl_final_prefix" + acl_save_exec_prefix="$exec_prefix" + exec_prefix="$acl_final_exec_prefix" + eval x=\"$x\" + exec_prefix="$acl_save_exec_prefix" + prefix="$acl_save_prefix" + + case "$x" in + -L*) + dir=`echo "X$x" | sed -e 's/^X-L//'` + if test -n "$acl_shlibext"; then + if test -f "$dir/$libname$shrext"; then + found_dir="$dir" + found_so="$dir/$libname$shrext" + else + if test "$acl_library_names_spec" = '$libname$shrext$versuffix'; then + ver=`(cd "$dir" && \ + for f in "$libname$shrext".*; do echo "$f"; done \ + | sed -e "s,^$libname$shrext\\\\.,," \ + | sort -t '.' -n -r -k1,1 -k2,2 -k3,3 -k4,4 -k5,5 \ + | sed 1q ) 2>/dev/null` + if test -n "$ver" && test -f "$dir/$libname$shrext.$ver"; then + found_dir="$dir" + found_so="$dir/$libname$shrext.$ver" + fi + else + eval library_names=\"$acl_library_names_spec\" + for f in $library_names; do + if test -f "$dir/$f"; then + found_dir="$dir" + found_so="$dir/$f" + break + fi + done + fi + fi + fi + if test "X$found_dir" = "X"; then + if test -f "$dir/$libname.$acl_libext"; then + found_dir="$dir" + found_a="$dir/$libname.$acl_libext" + fi + fi + if test "X$found_dir" != "X"; then + if test -f "$dir/$libname.la"; then + found_la="$dir/$libname.la" + fi + fi + ;; + esac + if test "X$found_dir" != "X"; then + break + fi + done + fi + if test "X$found_dir" != "X"; then + LTLIBINTL="${LTLIBINTL}${LTLIBINTL:+ }-L$found_dir -l$name" + if test "X$found_so" != "X"; then + if test "$enable_rpath" = no \ + || test "X$found_dir" = "X/usr/$acl_libdirstem" \ + || test "X$found_dir" = "X/usr/$acl_libdirstem2"; then + LIBINTL="${LIBINTL}${LIBINTL:+ }$found_so" + else + haveit= + for x in $ltrpathdirs; do + if test "X$x" = "X$found_dir"; then + haveit=yes + break + fi + done + if test -z "$haveit"; then + ltrpathdirs="$ltrpathdirs $found_dir" + fi + if test "$acl_hardcode_direct" = yes; then + LIBINTL="${LIBINTL}${LIBINTL:+ }$found_so" + else + if test -n "$acl_hardcode_libdir_flag_spec" && test "$acl_hardcode_minus_L" = no; then + LIBINTL="${LIBINTL}${LIBINTL:+ }$found_so" + haveit= + for x in $rpathdirs; do + if test "X$x" = "X$found_dir"; then + haveit=yes + break + fi + done + if test -z "$haveit"; then + rpathdirs="$rpathdirs $found_dir" + fi + else + haveit= + for x in $LDFLAGS $LIBINTL; do + + acl_save_prefix="$prefix" + prefix="$acl_final_prefix" + acl_save_exec_prefix="$exec_prefix" + exec_prefix="$acl_final_exec_prefix" + eval x=\"$x\" + exec_prefix="$acl_save_exec_prefix" + prefix="$acl_save_prefix" + + if test "X$x" = "X-L$found_dir"; then + haveit=yes + break + fi + done + if test -z "$haveit"; then + LIBINTL="${LIBINTL}${LIBINTL:+ }-L$found_dir" + fi + if test "$acl_hardcode_minus_L" != no; then + LIBINTL="${LIBINTL}${LIBINTL:+ }$found_so" + else + LIBINTL="${LIBINTL}${LIBINTL:+ }-l$name" + fi + fi + fi + fi + else + if test "X$found_a" != "X"; then + LIBINTL="${LIBINTL}${LIBINTL:+ }$found_a" + else + LIBINTL="${LIBINTL}${LIBINTL:+ }-L$found_dir -l$name" + fi + fi + additional_includedir= + case "$found_dir" in + */$acl_libdirstem | */$acl_libdirstem/) + basedir=`echo "X$found_dir" | sed -e 's,^X,,' -e "s,/$acl_libdirstem/"'*$,,'` + if test "$name" = 'intl'; then + LIBINTL_PREFIX="$basedir" + fi + additional_includedir="$basedir/include" + ;; + */$acl_libdirstem2 | */$acl_libdirstem2/) + basedir=`echo "X$found_dir" | sed -e 's,^X,,' -e "s,/$acl_libdirstem2/"'*$,,'` + if test "$name" = 'intl'; then + LIBINTL_PREFIX="$basedir" + fi + additional_includedir="$basedir/include" + ;; + esac + if test "X$additional_includedir" != "X"; then + if test "X$additional_includedir" != "X/usr/include"; then + haveit= + if test "X$additional_includedir" = "X/usr/local/include"; then + if test -n "$GCC"; then + case $host_os in + linux* | gnu* | k*bsd*-gnu) haveit=yes;; + esac + fi + fi + if test -z "$haveit"; then + for x in $CPPFLAGS $INCINTL; do + + acl_save_prefix="$prefix" + prefix="$acl_final_prefix" + acl_save_exec_prefix="$exec_prefix" + exec_prefix="$acl_final_exec_prefix" + eval x=\"$x\" + exec_prefix="$acl_save_exec_prefix" + prefix="$acl_save_prefix" + + if test "X$x" = "X-I$additional_includedir"; then + haveit=yes + break + fi + done + if test -z "$haveit"; then + if test -d "$additional_includedir"; then + INCINTL="${INCINTL}${INCINTL:+ }-I$additional_includedir" + fi + fi + fi + fi + fi + if test -n "$found_la"; then + save_libdir="$libdir" + case "$found_la" in + */* | *\\*) . "$found_la" ;; + *) . "./$found_la" ;; + esac + libdir="$save_libdir" + for dep in $dependency_libs; do + case "$dep" in + -L*) + additional_libdir=`echo "X$dep" | sed -e 's/^X-L//'` + if test "X$additional_libdir" != "X/usr/$acl_libdirstem" \ + && test "X$additional_libdir" != "X/usr/$acl_libdirstem2"; then + haveit= + if test "X$additional_libdir" = "X/usr/local/$acl_libdirstem" \ + || test "X$additional_libdir" = "X/usr/local/$acl_libdirstem2"; then + if test -n "$GCC"; then + case $host_os in + linux* | gnu* | k*bsd*-gnu) haveit=yes;; + esac + fi + fi + if test -z "$haveit"; then + haveit= + for x in $LDFLAGS $LIBINTL; do + + acl_save_prefix="$prefix" + prefix="$acl_final_prefix" + acl_save_exec_prefix="$exec_prefix" + exec_prefix="$acl_final_exec_prefix" + eval x=\"$x\" + exec_prefix="$acl_save_exec_prefix" + prefix="$acl_save_prefix" + + if test "X$x" = "X-L$additional_libdir"; then + haveit=yes + break + fi + done + if test -z "$haveit"; then + if test -d "$additional_libdir"; then + LIBINTL="${LIBINTL}${LIBINTL:+ }-L$additional_libdir" + fi + fi + haveit= + for x in $LDFLAGS $LTLIBINTL; do + + acl_save_prefix="$prefix" + prefix="$acl_final_prefix" + acl_save_exec_prefix="$exec_prefix" + exec_prefix="$acl_final_exec_prefix" + eval x=\"$x\" + exec_prefix="$acl_save_exec_prefix" + prefix="$acl_save_prefix" + + if test "X$x" = "X-L$additional_libdir"; then + haveit=yes + break + fi + done + if test -z "$haveit"; then + if test -d "$additional_libdir"; then + LTLIBINTL="${LTLIBINTL}${LTLIBINTL:+ }-L$additional_libdir" + fi + fi + fi + fi + ;; + -R*) + dir=`echo "X$dep" | sed -e 's/^X-R//'` + if test "$enable_rpath" != no; then + haveit= + for x in $rpathdirs; do + if test "X$x" = "X$dir"; then + haveit=yes + break + fi + done + if test -z "$haveit"; then + rpathdirs="$rpathdirs $dir" + fi + haveit= + for x in $ltrpathdirs; do + if test "X$x" = "X$dir"; then + haveit=yes + break + fi + done + if test -z "$haveit"; then + ltrpathdirs="$ltrpathdirs $dir" + fi + fi + ;; + -l*) + names_next_round="$names_next_round "`echo "X$dep" | sed -e 's/^X-l//'` + ;; + *.la) + names_next_round="$names_next_round "`echo "X$dep" | sed -e 's,^X.*/,,' -e 's,^lib,,' -e 's,\.la$,,'` + ;; + *) + LIBINTL="${LIBINTL}${LIBINTL:+ }$dep" + LTLIBINTL="${LTLIBINTL}${LTLIBINTL:+ }$dep" + ;; + esac + done + fi + else + LIBINTL="${LIBINTL}${LIBINTL:+ }-l$name" + LTLIBINTL="${LTLIBINTL}${LTLIBINTL:+ }-l$name" + fi + fi + fi + done + done + if test "X$rpathdirs" != "X"; then + if test -n "$acl_hardcode_libdir_separator"; then + alldirs= + for found_dir in $rpathdirs; do + alldirs="${alldirs}${alldirs:+$acl_hardcode_libdir_separator}$found_dir" + done + acl_save_libdir="$libdir" + libdir="$alldirs" + eval flag=\"$acl_hardcode_libdir_flag_spec\" + libdir="$acl_save_libdir" + LIBINTL="${LIBINTL}${LIBINTL:+ }$flag" + else + for found_dir in $rpathdirs; do + acl_save_libdir="$libdir" + libdir="$found_dir" + eval flag=\"$acl_hardcode_libdir_flag_spec\" + libdir="$acl_save_libdir" + LIBINTL="${LIBINTL}${LIBINTL:+ }$flag" + done + fi + fi + if test "X$ltrpathdirs" != "X"; then + for found_dir in $ltrpathdirs; do + LTLIBINTL="${LTLIBINTL}${LTLIBINTL:+ }-R$found_dir" + done + fi + + + + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for GNU gettext in libintl" >&5 +$as_echo_n "checking for GNU gettext in libintl... " >&6; } +if eval \${$gt_func_gnugettext_libintl+:} false; then : + $as_echo_n "(cached) " >&6 +else + gt_save_CPPFLAGS="$CPPFLAGS" + CPPFLAGS="$CPPFLAGS $INCINTL" + gt_save_LIBS="$LIBS" + LIBS="$LIBS $LIBINTL" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +$gt_revision_test_code +extern int _nl_msg_cat_cntr; +extern +#ifdef __cplusplus +"C" +#endif +const char *_nl_expand_alias (const char *); + +int +main () +{ + +bindtextdomain ("", ""); +return * gettext ("")$gt_expression_test_code + _nl_msg_cat_cntr + *_nl_expand_alias ("") + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + eval "$gt_func_gnugettext_libintl=yes" +else + eval "$gt_func_gnugettext_libintl=no" +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + if { eval "gt_val=\$$gt_func_gnugettext_libintl"; test "$gt_val" != yes; } && test -n "$LIBICONV"; then + LIBS="$LIBS $LIBICONV" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +$gt_revision_test_code +extern int _nl_msg_cat_cntr; +extern +#ifdef __cplusplus +"C" +#endif +const char *_nl_expand_alias (const char *); + +int +main () +{ + +bindtextdomain ("", ""); +return * gettext ("")$gt_expression_test_code + _nl_msg_cat_cntr + *_nl_expand_alias ("") + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + LIBINTL="$LIBINTL $LIBICONV" + LTLIBINTL="$LTLIBINTL $LTLIBICONV" + eval "$gt_func_gnugettext_libintl=yes" + +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + fi + CPPFLAGS="$gt_save_CPPFLAGS" + LIBS="$gt_save_LIBS" +fi +eval ac_res=\$$gt_func_gnugettext_libintl + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 +$as_echo "$ac_res" >&6; } + fi + + if { eval "gt_val=\$$gt_func_gnugettext_libc"; test "$gt_val" = "yes"; } \ + || { { eval "gt_val=\$$gt_func_gnugettext_libintl"; test "$gt_val" = "yes"; } \ + && test "$PACKAGE" != gettext-runtime \ + && test "$PACKAGE" != gettext-tools; }; then + gt_use_preinstalled_gnugettext=yes + else + LIBINTL= + LTLIBINTL= + INCINTL= + fi + + + + if test -n "$INTL_MACOSX_LIBS"; then + if test "$gt_use_preinstalled_gnugettext" = "yes" \ + || test "$nls_cv_use_gnu_gettext" = "yes"; then + LIBINTL="$LIBINTL $INTL_MACOSX_LIBS" + LTLIBINTL="$LTLIBINTL $INTL_MACOSX_LIBS" + fi + fi + + if test "$gt_use_preinstalled_gnugettext" = "yes" \ + || test "$nls_cv_use_gnu_gettext" = "yes"; then + +$as_echo "#define ENABLE_NLS 1" >>confdefs.h + + else + USE_NLS=no + fi + fi + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to use NLS" >&5 +$as_echo_n "checking whether to use NLS... " >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $USE_NLS" >&5 +$as_echo "$USE_NLS" >&6; } + if test "$USE_NLS" = "yes"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking where the gettext function comes from" >&5 +$as_echo_n "checking where the gettext function comes from... " >&6; } + if test "$gt_use_preinstalled_gnugettext" = "yes"; then + if { eval "gt_val=\$$gt_func_gnugettext_libintl"; test "$gt_val" = "yes"; }; then + gt_source="external libintl" + else + gt_source="libc" + fi + else + gt_source="included intl directory" + fi + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $gt_source" >&5 +$as_echo "$gt_source" >&6; } + fi + + if test "$USE_NLS" = "yes"; then + + if test "$gt_use_preinstalled_gnugettext" = "yes"; then + if { eval "gt_val=\$$gt_func_gnugettext_libintl"; test "$gt_val" = "yes"; }; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking how to link with libintl" >&5 +$as_echo_n "checking how to link with libintl... " >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $LIBINTL" >&5 +$as_echo "$LIBINTL" >&6; } + + for element in $INCINTL; do + haveit= + for x in $CPPFLAGS; do + + acl_save_prefix="$prefix" + prefix="$acl_final_prefix" + acl_save_exec_prefix="$exec_prefix" + exec_prefix="$acl_final_exec_prefix" + eval x=\"$x\" + exec_prefix="$acl_save_exec_prefix" + prefix="$acl_save_prefix" + + if test "X$x" = "X$element"; then + haveit=yes + break + fi + done + if test -z "$haveit"; then + CPPFLAGS="${CPPFLAGS}${CPPFLAGS:+ }$element" + fi + done + + fi + + +$as_echo "#define HAVE_GETTEXT 1" >>confdefs.h + + +$as_echo "#define HAVE_DCGETTEXT 1" >>confdefs.h + + fi + + POSUB=po + fi + + + + INTLLIBS="$LIBINTL" + + + + + + + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether byte ordering is bigendian" >&5 +$as_echo_n "checking whether byte ordering is bigendian... " >&6; } +if ${ac_cv_c_bigendian+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_cv_c_bigendian=unknown + # See if we're dealing with a universal compiler. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#ifndef __APPLE_CC__ + not a universal capable compiler + #endif + typedef int dummy; + +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + + # Check for potential -arch flags. It is not universal unless + # there are at least two -arch flags with different values. + ac_arch= + ac_prev= + for ac_word in $CC $CFLAGS $CPPFLAGS $LDFLAGS; do + if test -n "$ac_prev"; then + case $ac_word in + i?86 | x86_64 | ppc | ppc64) + if test -z "$ac_arch" || test "$ac_arch" = "$ac_word"; then + ac_arch=$ac_word + else + ac_cv_c_bigendian=universal + break + fi + ;; + esac + ac_prev= + elif test "x$ac_word" = "x-arch"; then + ac_prev=arch + fi + done +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + if test $ac_cv_c_bigendian = unknown; then + # See if sys/param.h defines the BYTE_ORDER macro. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + #include + +int +main () +{ +#if ! (defined BYTE_ORDER && defined BIG_ENDIAN \ + && defined LITTLE_ENDIAN && BYTE_ORDER && BIG_ENDIAN \ + && LITTLE_ENDIAN) + bogus endian macros + #endif + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + # It does; now see whether it defined to BIG_ENDIAN or not. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + #include + +int +main () +{ +#if BYTE_ORDER != BIG_ENDIAN + not big endian + #endif + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_cv_c_bigendian=yes +else + ac_cv_c_bigendian=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + fi + if test $ac_cv_c_bigendian = unknown; then + # See if defines _LITTLE_ENDIAN or _BIG_ENDIAN (e.g., Solaris). + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + +int +main () +{ +#if ! (defined _LITTLE_ENDIAN || defined _BIG_ENDIAN) + bogus endian macros + #endif + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + # It does; now see whether it defined to _BIG_ENDIAN or not. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + +int +main () +{ +#ifndef _BIG_ENDIAN + not big endian + #endif + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_cv_c_bigendian=yes +else + ac_cv_c_bigendian=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + fi + if test $ac_cv_c_bigendian = unknown; then + # Compile a test program. + if test "$cross_compiling" = yes; then : + # Try to guess by grepping values from an object file. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +short int ascii_mm[] = + { 0x4249, 0x4765, 0x6E44, 0x6961, 0x6E53, 0x7953, 0 }; + short int ascii_ii[] = + { 0x694C, 0x5454, 0x656C, 0x6E45, 0x6944, 0x6E61, 0 }; + int use_ascii (int i) { + return ascii_mm[i] + ascii_ii[i]; + } + short int ebcdic_ii[] = + { 0x89D3, 0xE3E3, 0x8593, 0x95C5, 0x89C4, 0x9581, 0 }; + short int ebcdic_mm[] = + { 0xC2C9, 0xC785, 0x95C4, 0x8981, 0x95E2, 0xA8E2, 0 }; + int use_ebcdic (int i) { + return ebcdic_mm[i] + ebcdic_ii[i]; + } + extern int foo; + +int +main () +{ +return use_ascii (foo) == use_ebcdic (foo); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + if grep BIGenDianSyS conftest.$ac_objext >/dev/null; then + ac_cv_c_bigendian=yes + fi + if grep LiTTleEnDian conftest.$ac_objext >/dev/null ; then + if test "$ac_cv_c_bigendian" = unknown; then + ac_cv_c_bigendian=no + else + # finding both strings is unlikely to happen, but who knows? + ac_cv_c_bigendian=unknown + fi + fi +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +$ac_includes_default +int +main () +{ + + /* Are we little or big endian? From Harbison&Steele. */ + union + { + long int l; + char c[sizeof (long int)]; + } u; + u.l = 1; + return u.c[sizeof (long int) - 1] == 1; + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_run "$LINENO"; then : + ac_cv_c_bigendian=no +else + ac_cv_c_bigendian=yes +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + + fi +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_bigendian" >&5 +$as_echo "$ac_cv_c_bigendian" >&6; } + case $ac_cv_c_bigendian in #( + yes) + $as_echo "#define WORDS_BIGENDIAN 1" >>confdefs.h +;; #( + no) + ;; #( + universal) + +$as_echo "#define AC_APPLE_UNIVERSAL_BUILD 1" >>confdefs.h + + ;; #( + *) + as_fn_error $? "unknown endianness + presetting ac_cv_c_bigendian=no (or yes) will help" "$LINENO" 5 ;; + esac + + +for ac_func in fork setitimer getrusage getpwuid_r nanosleep daemon getpid localtime mmap explicit_bzero +do : + as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` +ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" +if eval test \"x\$"$as_ac_var"\" = x"yes"; then : + cat >>confdefs.h <<_ACEOF +#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 +_ACEOF + +fi +done + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for clock_gettime" >&5 +$as_echo_n "checking for clock_gettime... " >&6; } +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +int +main () +{ +clock_gettime(0, 0); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; }; ac_cv_func_clock_gettime=yes + +$as_echo "#define HAVE_CLOCK_GETTIME 1" >>confdefs.h + +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; }; ac_cv_func_clock_gettime=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for fmemopen" >&5 +$as_echo_n "checking for fmemopen... " >&6; } +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +int +main () +{ +fmemopen(0, 0, 0); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; }; ac_cv_func_fmemopen=yes + +$as_echo "#define HAVE_FMEMOPEN 1" >>confdefs.h + +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; }; ac_cv_func_fmemopen=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + + if test "$ac_cv_func_fork" != "no"; then + HAVE_FORK_TRUE= + HAVE_FORK_FALSE='#' +else + HAVE_FORK_TRUE='#' + HAVE_FORK_FALSE= +fi + + +for ac_func in __register_atfork secure_getenv getauxval +do : + as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` +ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" +if eval test \"x\$"$as_ac_var"\" = x"yes"; then : + cat >>confdefs.h <<_ACEOF +#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 +_ACEOF + +fi +done + + +# Check whether --enable-seccomp-tests was given. +if test "${enable_seccomp_tests+set}" = set; then : + enableval=$enable_seccomp_tests; seccomp_tests=$enableval +else + seccomp_tests=no +fi + + + if test "$seccomp_tests" = "yes"; then + HAVE_SECCOMP_TESTS_TRUE= + HAVE_SECCOMP_TESTS_FALSE='#' +else + HAVE_SECCOMP_TESTS_TRUE='#' + HAVE_SECCOMP_TESTS_FALSE= +fi + + +# check for libseccomp - used in test programs + + + + + + + + + + + + + use_additional=yes + + acl_save_prefix="$prefix" + prefix="$acl_final_prefix" + acl_save_exec_prefix="$exec_prefix" + exec_prefix="$acl_final_exec_prefix" + + eval additional_includedir=\"$includedir\" + eval additional_libdir=\"$libdir\" + + exec_prefix="$acl_save_exec_prefix" + prefix="$acl_save_prefix" + + +# Check whether --with-libseccomp-prefix was given. +if test "${with_libseccomp_prefix+set}" = set; then : + withval=$with_libseccomp_prefix; + if test "X$withval" = "Xno"; then + use_additional=no + else + if test "X$withval" = "X"; then + + acl_save_prefix="$prefix" + prefix="$acl_final_prefix" + acl_save_exec_prefix="$exec_prefix" + exec_prefix="$acl_final_exec_prefix" + + eval additional_includedir=\"$includedir\" + eval additional_libdir=\"$libdir\" + + exec_prefix="$acl_save_exec_prefix" + prefix="$acl_save_prefix" + + else + additional_includedir="$withval/include" + additional_libdir="$withval/$acl_libdirstem" + if test "$acl_libdirstem2" != "$acl_libdirstem" \ + && test ! -d "$withval/$acl_libdirstem"; then + additional_libdir="$withval/$acl_libdirstem2" + fi + fi + fi + +fi + + LIBSECCOMP= + LTLIBSECCOMP= + INCSECCOMP= + LIBSECCOMP_PREFIX= + HAVE_LIBSECCOMP= + rpathdirs= + ltrpathdirs= + names_already_handled= + names_next_round='seccomp ' + while test -n "$names_next_round"; do + names_this_round="$names_next_round" + names_next_round= + for name in $names_this_round; do + already_handled= + for n in $names_already_handled; do + if test "$n" = "$name"; then + already_handled=yes + break + fi + done + if test -z "$already_handled"; then + names_already_handled="$names_already_handled $name" + uppername=`echo "$name" | sed -e 'y|abcdefghijklmnopqrstuvwxyz./+-|ABCDEFGHIJKLMNOPQRSTUVWXYZ____|'` + eval value=\"\$HAVE_LIB$uppername\" + if test -n "$value"; then + if test "$value" = yes; then + eval value=\"\$LIB$uppername\" + test -z "$value" || LIBSECCOMP="${LIBSECCOMP}${LIBSECCOMP:+ }$value" + eval value=\"\$LTLIB$uppername\" + test -z "$value" || LTLIBSECCOMP="${LTLIBSECCOMP}${LTLIBSECCOMP:+ }$value" + else + : + fi + else + found_dir= + found_la= + found_so= + found_a= + eval libname=\"$acl_libname_spec\" # typically: libname=lib$name + if test -n "$acl_shlibext"; then + shrext=".$acl_shlibext" # typically: shrext=.so + else + shrext= + fi + if test $use_additional = yes; then + dir="$additional_libdir" + if test -n "$acl_shlibext"; then + if test -f "$dir/$libname$shrext"; then + found_dir="$dir" + found_so="$dir/$libname$shrext" + else + if test "$acl_library_names_spec" = '$libname$shrext$versuffix'; then + ver=`(cd "$dir" && \ + for f in "$libname$shrext".*; do echo "$f"; done \ + | sed -e "s,^$libname$shrext\\\\.,," \ + | sort -t '.' -n -r -k1,1 -k2,2 -k3,3 -k4,4 -k5,5 \ + | sed 1q ) 2>/dev/null` + if test -n "$ver" && test -f "$dir/$libname$shrext.$ver"; then + found_dir="$dir" + found_so="$dir/$libname$shrext.$ver" + fi + else + eval library_names=\"$acl_library_names_spec\" + for f in $library_names; do + if test -f "$dir/$f"; then + found_dir="$dir" + found_so="$dir/$f" + break + fi + done + fi + fi + fi + if test "X$found_dir" = "X"; then + if test -f "$dir/$libname.$acl_libext"; then + found_dir="$dir" + found_a="$dir/$libname.$acl_libext" + fi + fi + if test "X$found_dir" != "X"; then + if test -f "$dir/$libname.la"; then + found_la="$dir/$libname.la" + fi + fi + fi + if test "X$found_dir" = "X"; then + for x in $LDFLAGS $LTLIBSECCOMP; do + + acl_save_prefix="$prefix" + prefix="$acl_final_prefix" + acl_save_exec_prefix="$exec_prefix" + exec_prefix="$acl_final_exec_prefix" + eval x=\"$x\" + exec_prefix="$acl_save_exec_prefix" + prefix="$acl_save_prefix" + + case "$x" in + -L*) + dir=`echo "X$x" | sed -e 's/^X-L//'` + if test -n "$acl_shlibext"; then + if test -f "$dir/$libname$shrext"; then + found_dir="$dir" + found_so="$dir/$libname$shrext" + else + if test "$acl_library_names_spec" = '$libname$shrext$versuffix'; then + ver=`(cd "$dir" && \ + for f in "$libname$shrext".*; do echo "$f"; done \ + | sed -e "s,^$libname$shrext\\\\.,," \ + | sort -t '.' -n -r -k1,1 -k2,2 -k3,3 -k4,4 -k5,5 \ + | sed 1q ) 2>/dev/null` + if test -n "$ver" && test -f "$dir/$libname$shrext.$ver"; then + found_dir="$dir" + found_so="$dir/$libname$shrext.$ver" + fi + else + eval library_names=\"$acl_library_names_spec\" + for f in $library_names; do + if test -f "$dir/$f"; then + found_dir="$dir" + found_so="$dir/$f" + break + fi + done + fi + fi + fi + if test "X$found_dir" = "X"; then + if test -f "$dir/$libname.$acl_libext"; then + found_dir="$dir" + found_a="$dir/$libname.$acl_libext" + fi + fi + if test "X$found_dir" != "X"; then + if test -f "$dir/$libname.la"; then + found_la="$dir/$libname.la" + fi + fi + ;; + esac + if test "X$found_dir" != "X"; then + break + fi + done + fi + if test "X$found_dir" != "X"; then + LTLIBSECCOMP="${LTLIBSECCOMP}${LTLIBSECCOMP:+ }-L$found_dir -l$name" + if test "X$found_so" != "X"; then + if test "$enable_rpath" = no \ + || test "X$found_dir" = "X/usr/$acl_libdirstem" \ + || test "X$found_dir" = "X/usr/$acl_libdirstem2"; then + LIBSECCOMP="${LIBSECCOMP}${LIBSECCOMP:+ }$found_so" + else + haveit= + for x in $ltrpathdirs; do + if test "X$x" = "X$found_dir"; then + haveit=yes + break + fi + done + if test -z "$haveit"; then + ltrpathdirs="$ltrpathdirs $found_dir" + fi + if test "$acl_hardcode_direct" = yes; then + LIBSECCOMP="${LIBSECCOMP}${LIBSECCOMP:+ }$found_so" + else + if test -n "$acl_hardcode_libdir_flag_spec" && test "$acl_hardcode_minus_L" = no; then + LIBSECCOMP="${LIBSECCOMP}${LIBSECCOMP:+ }$found_so" + haveit= + for x in $rpathdirs; do + if test "X$x" = "X$found_dir"; then + haveit=yes + break + fi + done + if test -z "$haveit"; then + rpathdirs="$rpathdirs $found_dir" + fi + else + haveit= + for x in $LDFLAGS $LIBSECCOMP; do + + acl_save_prefix="$prefix" + prefix="$acl_final_prefix" + acl_save_exec_prefix="$exec_prefix" + exec_prefix="$acl_final_exec_prefix" + eval x=\"$x\" + exec_prefix="$acl_save_exec_prefix" + prefix="$acl_save_prefix" + + if test "X$x" = "X-L$found_dir"; then + haveit=yes + break + fi + done + if test -z "$haveit"; then + LIBSECCOMP="${LIBSECCOMP}${LIBSECCOMP:+ }-L$found_dir" + fi + if test "$acl_hardcode_minus_L" != no; then + LIBSECCOMP="${LIBSECCOMP}${LIBSECCOMP:+ }$found_so" + else + LIBSECCOMP="${LIBSECCOMP}${LIBSECCOMP:+ }-l$name" + fi + fi + fi + fi + else + if test "X$found_a" != "X"; then + LIBSECCOMP="${LIBSECCOMP}${LIBSECCOMP:+ }$found_a" + else + LIBSECCOMP="${LIBSECCOMP}${LIBSECCOMP:+ }-L$found_dir -l$name" + fi + fi + additional_includedir= + case "$found_dir" in + */$acl_libdirstem | */$acl_libdirstem/) + basedir=`echo "X$found_dir" | sed -e 's,^X,,' -e "s,/$acl_libdirstem/"'*$,,'` + if test "$name" = 'seccomp'; then + LIBSECCOMP_PREFIX="$basedir" + fi + additional_includedir="$basedir/include" + ;; + */$acl_libdirstem2 | */$acl_libdirstem2/) + basedir=`echo "X$found_dir" | sed -e 's,^X,,' -e "s,/$acl_libdirstem2/"'*$,,'` + if test "$name" = 'seccomp'; then + LIBSECCOMP_PREFIX="$basedir" + fi + additional_includedir="$basedir/include" + ;; + esac + if test "X$additional_includedir" != "X"; then + if test "X$additional_includedir" != "X/usr/include"; then + haveit= + if test "X$additional_includedir" = "X/usr/local/include"; then + if test -n "$GCC"; then + case $host_os in + linux* | gnu* | k*bsd*-gnu) haveit=yes;; + esac + fi + fi + if test -z "$haveit"; then + for x in $CPPFLAGS $INCSECCOMP; do + + acl_save_prefix="$prefix" + prefix="$acl_final_prefix" + acl_save_exec_prefix="$exec_prefix" + exec_prefix="$acl_final_exec_prefix" + eval x=\"$x\" + exec_prefix="$acl_save_exec_prefix" + prefix="$acl_save_prefix" + + if test "X$x" = "X-I$additional_includedir"; then + haveit=yes + break + fi + done + if test -z "$haveit"; then + if test -d "$additional_includedir"; then + INCSECCOMP="${INCSECCOMP}${INCSECCOMP:+ }-I$additional_includedir" + fi + fi + fi + fi + fi + if test -n "$found_la"; then + save_libdir="$libdir" + case "$found_la" in + */* | *\\*) . "$found_la" ;; + *) . "./$found_la" ;; + esac + libdir="$save_libdir" + for dep in $dependency_libs; do + case "$dep" in + -L*) + additional_libdir=`echo "X$dep" | sed -e 's/^X-L//'` + if test "X$additional_libdir" != "X/usr/$acl_libdirstem" \ + && test "X$additional_libdir" != "X/usr/$acl_libdirstem2"; then + haveit= + if test "X$additional_libdir" = "X/usr/local/$acl_libdirstem" \ + || test "X$additional_libdir" = "X/usr/local/$acl_libdirstem2"; then + if test -n "$GCC"; then + case $host_os in + linux* | gnu* | k*bsd*-gnu) haveit=yes;; + esac + fi + fi + if test -z "$haveit"; then + haveit= + for x in $LDFLAGS $LIBSECCOMP; do + + acl_save_prefix="$prefix" + prefix="$acl_final_prefix" + acl_save_exec_prefix="$exec_prefix" + exec_prefix="$acl_final_exec_prefix" + eval x=\"$x\" + exec_prefix="$acl_save_exec_prefix" + prefix="$acl_save_prefix" + + if test "X$x" = "X-L$additional_libdir"; then + haveit=yes + break + fi + done + if test -z "$haveit"; then + if test -d "$additional_libdir"; then + LIBSECCOMP="${LIBSECCOMP}${LIBSECCOMP:+ }-L$additional_libdir" + fi + fi + haveit= + for x in $LDFLAGS $LTLIBSECCOMP; do + + acl_save_prefix="$prefix" + prefix="$acl_final_prefix" + acl_save_exec_prefix="$exec_prefix" + exec_prefix="$acl_final_exec_prefix" + eval x=\"$x\" + exec_prefix="$acl_save_exec_prefix" + prefix="$acl_save_prefix" + + if test "X$x" = "X-L$additional_libdir"; then + haveit=yes + break + fi + done + if test -z "$haveit"; then + if test -d "$additional_libdir"; then + LTLIBSECCOMP="${LTLIBSECCOMP}${LTLIBSECCOMP:+ }-L$additional_libdir" + fi + fi + fi + fi + ;; + -R*) + dir=`echo "X$dep" | sed -e 's/^X-R//'` + if test "$enable_rpath" != no; then + haveit= + for x in $rpathdirs; do + if test "X$x" = "X$dir"; then + haveit=yes + break + fi + done + if test -z "$haveit"; then + rpathdirs="$rpathdirs $dir" + fi + haveit= + for x in $ltrpathdirs; do + if test "X$x" = "X$dir"; then + haveit=yes + break + fi + done + if test -z "$haveit"; then + ltrpathdirs="$ltrpathdirs $dir" + fi + fi + ;; + -l*) + names_next_round="$names_next_round "`echo "X$dep" | sed -e 's/^X-l//'` + ;; + *.la) + names_next_round="$names_next_round "`echo "X$dep" | sed -e 's,^X.*/,,' -e 's,^lib,,' -e 's,\.la$,,'` + ;; + *) + LIBSECCOMP="${LIBSECCOMP}${LIBSECCOMP:+ }$dep" + LTLIBSECCOMP="${LTLIBSECCOMP}${LTLIBSECCOMP:+ }$dep" + ;; + esac + done + fi + else + LIBSECCOMP="${LIBSECCOMP}${LIBSECCOMP:+ }-l$name" + LTLIBSECCOMP="${LTLIBSECCOMP}${LTLIBSECCOMP:+ }-l$name" + fi + fi + fi + done + done + if test "X$rpathdirs" != "X"; then + if test -n "$acl_hardcode_libdir_separator"; then + alldirs= + for found_dir in $rpathdirs; do + alldirs="${alldirs}${alldirs:+$acl_hardcode_libdir_separator}$found_dir" + done + acl_save_libdir="$libdir" + libdir="$alldirs" + eval flag=\"$acl_hardcode_libdir_flag_spec\" + libdir="$acl_save_libdir" + LIBSECCOMP="${LIBSECCOMP}${LIBSECCOMP:+ }$flag" + else + for found_dir in $rpathdirs; do + acl_save_libdir="$libdir" + libdir="$found_dir" + eval flag=\"$acl_hardcode_libdir_flag_spec\" + libdir="$acl_save_libdir" + LIBSECCOMP="${LIBSECCOMP}${LIBSECCOMP:+ }$flag" + done + fi + fi + if test "X$ltrpathdirs" != "X"; then + for found_dir in $ltrpathdirs; do + LTLIBSECCOMP="${LTLIBSECCOMP}${LTLIBSECCOMP:+ }-R$found_dir" + done + fi + + + + + + + ac_save_CPPFLAGS="$CPPFLAGS" + + for element in $INCSECCOMP; do + haveit= + for x in $CPPFLAGS; do + + acl_save_prefix="$prefix" + prefix="$acl_final_prefix" + acl_save_exec_prefix="$exec_prefix" + exec_prefix="$acl_final_exec_prefix" + eval x=\"$x\" + exec_prefix="$acl_save_exec_prefix" + prefix="$acl_save_prefix" + + if test "X$x" = "X$element"; then + haveit=yes + break + fi + done + if test -z "$haveit"; then + CPPFLAGS="${CPPFLAGS}${CPPFLAGS:+ }$element" + fi + done + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for libseccomp" >&5 +$as_echo_n "checking for libseccomp... " >&6; } +if ${ac_cv_libseccomp+:} false; then : + $as_echo_n "(cached) " >&6 +else + + ac_save_LIBS="$LIBS" + case " $LIBSECCOMP" in + *" -l"*) LIBS="$LIBS $LIBSECCOMP" ;; + *) LIBS="$LIBSECCOMP $LIBS" ;; + esac + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + +int +main () +{ +seccomp_init(0); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + ac_cv_libseccomp=yes +else + ac_cv_libseccomp='no' +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + LIBS="$ac_save_LIBS" + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_libseccomp" >&5 +$as_echo "$ac_cv_libseccomp" >&6; } + if test "$ac_cv_libseccomp" = yes; then + HAVE_LIBSECCOMP=yes + +$as_echo "#define HAVE_LIBSECCOMP 1" >>confdefs.h + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking how to link with libseccomp" >&5 +$as_echo_n "checking how to link with libseccomp... " >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $LIBSECCOMP" >&5 +$as_echo "$LIBSECCOMP" >&6; } + else + HAVE_LIBSECCOMP=no + CPPFLAGS="$ac_save_CPPFLAGS" + LIBSECCOMP= + LTLIBSECCOMP= + LIBSECCOMP_PREFIX= + fi + + + + + + + + +# check for libcrypto - used in test programs + + + + + + + + + + + + + use_additional=yes + + acl_save_prefix="$prefix" + prefix="$acl_final_prefix" + acl_save_exec_prefix="$exec_prefix" + exec_prefix="$acl_final_exec_prefix" + + eval additional_includedir=\"$includedir\" + eval additional_libdir=\"$libdir\" + + exec_prefix="$acl_save_exec_prefix" + prefix="$acl_save_prefix" + + +# Check whether --with-libcrypto-prefix was given. +if test "${with_libcrypto_prefix+set}" = set; then : + withval=$with_libcrypto_prefix; + if test "X$withval" = "Xno"; then + use_additional=no + else + if test "X$withval" = "X"; then + + acl_save_prefix="$prefix" + prefix="$acl_final_prefix" + acl_save_exec_prefix="$exec_prefix" + exec_prefix="$acl_final_exec_prefix" + + eval additional_includedir=\"$includedir\" + eval additional_libdir=\"$libdir\" + + exec_prefix="$acl_save_exec_prefix" + prefix="$acl_save_prefix" + + else + additional_includedir="$withval/include" + additional_libdir="$withval/$acl_libdirstem" + if test "$acl_libdirstem2" != "$acl_libdirstem" \ + && test ! -d "$withval/$acl_libdirstem"; then + additional_libdir="$withval/$acl_libdirstem2" + fi + fi + fi + +fi + + LIBCRYPTO= + LTLIBCRYPTO= + INCCRYPTO= + LIBCRYPTO_PREFIX= + HAVE_LIBCRYPTO= + rpathdirs= + ltrpathdirs= + names_already_handled= + names_next_round='crypto ' + while test -n "$names_next_round"; do + names_this_round="$names_next_round" + names_next_round= + for name in $names_this_round; do + already_handled= + for n in $names_already_handled; do + if test "$n" = "$name"; then + already_handled=yes + break + fi + done + if test -z "$already_handled"; then + names_already_handled="$names_already_handled $name" + uppername=`echo "$name" | sed -e 'y|abcdefghijklmnopqrstuvwxyz./+-|ABCDEFGHIJKLMNOPQRSTUVWXYZ____|'` + eval value=\"\$HAVE_LIB$uppername\" + if test -n "$value"; then + if test "$value" = yes; then + eval value=\"\$LIB$uppername\" + test -z "$value" || LIBCRYPTO="${LIBCRYPTO}${LIBCRYPTO:+ }$value" + eval value=\"\$LTLIB$uppername\" + test -z "$value" || LTLIBCRYPTO="${LTLIBCRYPTO}${LTLIBCRYPTO:+ }$value" + else + : + fi + else + found_dir= + found_la= + found_so= + found_a= + eval libname=\"$acl_libname_spec\" # typically: libname=lib$name + if test -n "$acl_shlibext"; then + shrext=".$acl_shlibext" # typically: shrext=.so + else + shrext= + fi + if test $use_additional = yes; then + dir="$additional_libdir" + if test -n "$acl_shlibext"; then + if test -f "$dir/$libname$shrext"; then + found_dir="$dir" + found_so="$dir/$libname$shrext" + else + if test "$acl_library_names_spec" = '$libname$shrext$versuffix'; then + ver=`(cd "$dir" && \ + for f in "$libname$shrext".*; do echo "$f"; done \ + | sed -e "s,^$libname$shrext\\\\.,," \ + | sort -t '.' -n -r -k1,1 -k2,2 -k3,3 -k4,4 -k5,5 \ + | sed 1q ) 2>/dev/null` + if test -n "$ver" && test -f "$dir/$libname$shrext.$ver"; then + found_dir="$dir" + found_so="$dir/$libname$shrext.$ver" + fi + else + eval library_names=\"$acl_library_names_spec\" + for f in $library_names; do + if test -f "$dir/$f"; then + found_dir="$dir" + found_so="$dir/$f" + break + fi + done + fi + fi + fi + if test "X$found_dir" = "X"; then + if test -f "$dir/$libname.$acl_libext"; then + found_dir="$dir" + found_a="$dir/$libname.$acl_libext" + fi + fi + if test "X$found_dir" != "X"; then + if test -f "$dir/$libname.la"; then + found_la="$dir/$libname.la" + fi + fi + fi + if test "X$found_dir" = "X"; then + for x in $LDFLAGS $LTLIBCRYPTO; do + + acl_save_prefix="$prefix" + prefix="$acl_final_prefix" + acl_save_exec_prefix="$exec_prefix" + exec_prefix="$acl_final_exec_prefix" + eval x=\"$x\" + exec_prefix="$acl_save_exec_prefix" + prefix="$acl_save_prefix" + + case "$x" in + -L*) + dir=`echo "X$x" | sed -e 's/^X-L//'` + if test -n "$acl_shlibext"; then + if test -f "$dir/$libname$shrext"; then + found_dir="$dir" + found_so="$dir/$libname$shrext" + else + if test "$acl_library_names_spec" = '$libname$shrext$versuffix'; then + ver=`(cd "$dir" && \ + for f in "$libname$shrext".*; do echo "$f"; done \ + | sed -e "s,^$libname$shrext\\\\.,," \ + | sort -t '.' -n -r -k1,1 -k2,2 -k3,3 -k4,4 -k5,5 \ + | sed 1q ) 2>/dev/null` + if test -n "$ver" && test -f "$dir/$libname$shrext.$ver"; then + found_dir="$dir" + found_so="$dir/$libname$shrext.$ver" + fi + else + eval library_names=\"$acl_library_names_spec\" + for f in $library_names; do + if test -f "$dir/$f"; then + found_dir="$dir" + found_so="$dir/$f" + break + fi + done + fi + fi + fi + if test "X$found_dir" = "X"; then + if test -f "$dir/$libname.$acl_libext"; then + found_dir="$dir" + found_a="$dir/$libname.$acl_libext" + fi + fi + if test "X$found_dir" != "X"; then + if test -f "$dir/$libname.la"; then + found_la="$dir/$libname.la" + fi + fi + ;; + esac + if test "X$found_dir" != "X"; then + break + fi + done + fi + if test "X$found_dir" != "X"; then + LTLIBCRYPTO="${LTLIBCRYPTO}${LTLIBCRYPTO:+ }-L$found_dir -l$name" + if test "X$found_so" != "X"; then + if test "$enable_rpath" = no \ + || test "X$found_dir" = "X/usr/$acl_libdirstem" \ + || test "X$found_dir" = "X/usr/$acl_libdirstem2"; then + LIBCRYPTO="${LIBCRYPTO}${LIBCRYPTO:+ }$found_so" + else + haveit= + for x in $ltrpathdirs; do + if test "X$x" = "X$found_dir"; then + haveit=yes + break + fi + done + if test -z "$haveit"; then + ltrpathdirs="$ltrpathdirs $found_dir" + fi + if test "$acl_hardcode_direct" = yes; then + LIBCRYPTO="${LIBCRYPTO}${LIBCRYPTO:+ }$found_so" + else + if test -n "$acl_hardcode_libdir_flag_spec" && test "$acl_hardcode_minus_L" = no; then + LIBCRYPTO="${LIBCRYPTO}${LIBCRYPTO:+ }$found_so" + haveit= + for x in $rpathdirs; do + if test "X$x" = "X$found_dir"; then + haveit=yes + break + fi + done + if test -z "$haveit"; then + rpathdirs="$rpathdirs $found_dir" + fi + else + haveit= + for x in $LDFLAGS $LIBCRYPTO; do + + acl_save_prefix="$prefix" + prefix="$acl_final_prefix" + acl_save_exec_prefix="$exec_prefix" + exec_prefix="$acl_final_exec_prefix" + eval x=\"$x\" + exec_prefix="$acl_save_exec_prefix" + prefix="$acl_save_prefix" + + if test "X$x" = "X-L$found_dir"; then + haveit=yes + break + fi + done + if test -z "$haveit"; then + LIBCRYPTO="${LIBCRYPTO}${LIBCRYPTO:+ }-L$found_dir" + fi + if test "$acl_hardcode_minus_L" != no; then + LIBCRYPTO="${LIBCRYPTO}${LIBCRYPTO:+ }$found_so" + else + LIBCRYPTO="${LIBCRYPTO}${LIBCRYPTO:+ }-l$name" + fi + fi + fi + fi + else + if test "X$found_a" != "X"; then + LIBCRYPTO="${LIBCRYPTO}${LIBCRYPTO:+ }$found_a" + else + LIBCRYPTO="${LIBCRYPTO}${LIBCRYPTO:+ }-L$found_dir -l$name" + fi + fi + additional_includedir= + case "$found_dir" in + */$acl_libdirstem | */$acl_libdirstem/) + basedir=`echo "X$found_dir" | sed -e 's,^X,,' -e "s,/$acl_libdirstem/"'*$,,'` + if test "$name" = 'crypto'; then + LIBCRYPTO_PREFIX="$basedir" + fi + additional_includedir="$basedir/include" + ;; + */$acl_libdirstem2 | */$acl_libdirstem2/) + basedir=`echo "X$found_dir" | sed -e 's,^X,,' -e "s,/$acl_libdirstem2/"'*$,,'` + if test "$name" = 'crypto'; then + LIBCRYPTO_PREFIX="$basedir" + fi + additional_includedir="$basedir/include" + ;; + esac + if test "X$additional_includedir" != "X"; then + if test "X$additional_includedir" != "X/usr/include"; then + haveit= + if test "X$additional_includedir" = "X/usr/local/include"; then + if test -n "$GCC"; then + case $host_os in + linux* | gnu* | k*bsd*-gnu) haveit=yes;; + esac + fi + fi + if test -z "$haveit"; then + for x in $CPPFLAGS $INCCRYPTO; do + + acl_save_prefix="$prefix" + prefix="$acl_final_prefix" + acl_save_exec_prefix="$exec_prefix" + exec_prefix="$acl_final_exec_prefix" + eval x=\"$x\" + exec_prefix="$acl_save_exec_prefix" + prefix="$acl_save_prefix" + + if test "X$x" = "X-I$additional_includedir"; then + haveit=yes + break + fi + done + if test -z "$haveit"; then + if test -d "$additional_includedir"; then + INCCRYPTO="${INCCRYPTO}${INCCRYPTO:+ }-I$additional_includedir" + fi + fi + fi + fi + fi + if test -n "$found_la"; then + save_libdir="$libdir" + case "$found_la" in + */* | *\\*) . "$found_la" ;; + *) . "./$found_la" ;; + esac + libdir="$save_libdir" + for dep in $dependency_libs; do + case "$dep" in + -L*) + additional_libdir=`echo "X$dep" | sed -e 's/^X-L//'` + if test "X$additional_libdir" != "X/usr/$acl_libdirstem" \ + && test "X$additional_libdir" != "X/usr/$acl_libdirstem2"; then + haveit= + if test "X$additional_libdir" = "X/usr/local/$acl_libdirstem" \ + || test "X$additional_libdir" = "X/usr/local/$acl_libdirstem2"; then + if test -n "$GCC"; then + case $host_os in + linux* | gnu* | k*bsd*-gnu) haveit=yes;; + esac + fi + fi + if test -z "$haveit"; then + haveit= + for x in $LDFLAGS $LIBCRYPTO; do + + acl_save_prefix="$prefix" + prefix="$acl_final_prefix" + acl_save_exec_prefix="$exec_prefix" + exec_prefix="$acl_final_exec_prefix" + eval x=\"$x\" + exec_prefix="$acl_save_exec_prefix" + prefix="$acl_save_prefix" + + if test "X$x" = "X-L$additional_libdir"; then + haveit=yes + break + fi + done + if test -z "$haveit"; then + if test -d "$additional_libdir"; then + LIBCRYPTO="${LIBCRYPTO}${LIBCRYPTO:+ }-L$additional_libdir" + fi + fi + haveit= + for x in $LDFLAGS $LTLIBCRYPTO; do + + acl_save_prefix="$prefix" + prefix="$acl_final_prefix" + acl_save_exec_prefix="$exec_prefix" + exec_prefix="$acl_final_exec_prefix" + eval x=\"$x\" + exec_prefix="$acl_save_exec_prefix" + prefix="$acl_save_prefix" + + if test "X$x" = "X-L$additional_libdir"; then + haveit=yes + break + fi + done + if test -z "$haveit"; then + if test -d "$additional_libdir"; then + LTLIBCRYPTO="${LTLIBCRYPTO}${LTLIBCRYPTO:+ }-L$additional_libdir" + fi + fi + fi + fi + ;; + -R*) + dir=`echo "X$dep" | sed -e 's/^X-R//'` + if test "$enable_rpath" != no; then + haveit= + for x in $rpathdirs; do + if test "X$x" = "X$dir"; then + haveit=yes + break + fi + done + if test -z "$haveit"; then + rpathdirs="$rpathdirs $dir" + fi + haveit= + for x in $ltrpathdirs; do + if test "X$x" = "X$dir"; then + haveit=yes + break + fi + done + if test -z "$haveit"; then + ltrpathdirs="$ltrpathdirs $dir" + fi + fi + ;; + -l*) + names_next_round="$names_next_round "`echo "X$dep" | sed -e 's/^X-l//'` + ;; + *.la) + names_next_round="$names_next_round "`echo "X$dep" | sed -e 's,^X.*/,,' -e 's,^lib,,' -e 's,\.la$,,'` + ;; + *) + LIBCRYPTO="${LIBCRYPTO}${LIBCRYPTO:+ }$dep" + LTLIBCRYPTO="${LTLIBCRYPTO}${LTLIBCRYPTO:+ }$dep" + ;; + esac + done + fi + else + LIBCRYPTO="${LIBCRYPTO}${LIBCRYPTO:+ }-l$name" + LTLIBCRYPTO="${LTLIBCRYPTO}${LTLIBCRYPTO:+ }-l$name" + fi + fi + fi + done + done + if test "X$rpathdirs" != "X"; then + if test -n "$acl_hardcode_libdir_separator"; then + alldirs= + for found_dir in $rpathdirs; do + alldirs="${alldirs}${alldirs:+$acl_hardcode_libdir_separator}$found_dir" + done + acl_save_libdir="$libdir" + libdir="$alldirs" + eval flag=\"$acl_hardcode_libdir_flag_spec\" + libdir="$acl_save_libdir" + LIBCRYPTO="${LIBCRYPTO}${LIBCRYPTO:+ }$flag" + else + for found_dir in $rpathdirs; do + acl_save_libdir="$libdir" + libdir="$found_dir" + eval flag=\"$acl_hardcode_libdir_flag_spec\" + libdir="$acl_save_libdir" + LIBCRYPTO="${LIBCRYPTO}${LIBCRYPTO:+ }$flag" + done + fi + fi + if test "X$ltrpathdirs" != "X"; then + for found_dir in $ltrpathdirs; do + LTLIBCRYPTO="${LTLIBCRYPTO}${LTLIBCRYPTO:+ }-R$found_dir" + done + fi + + + + + + + ac_save_CPPFLAGS="$CPPFLAGS" + + for element in $INCCRYPTO; do + haveit= + for x in $CPPFLAGS; do + + acl_save_prefix="$prefix" + prefix="$acl_final_prefix" + acl_save_exec_prefix="$exec_prefix" + exec_prefix="$acl_final_exec_prefix" + eval x=\"$x\" + exec_prefix="$acl_save_exec_prefix" + prefix="$acl_save_prefix" + + if test "X$x" = "X$element"; then + haveit=yes + break + fi + done + if test -z "$haveit"; then + CPPFLAGS="${CPPFLAGS}${CPPFLAGS:+ }$element" + fi + done + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for libcrypto" >&5 +$as_echo_n "checking for libcrypto... " >&6; } +if ${ac_cv_libcrypto+:} false; then : + $as_echo_n "(cached) " >&6 +else + + ac_save_LIBS="$LIBS" + case " $LIBCRYPTO" in + *" -l"*) LIBS="$LIBS $LIBCRYPTO" ;; + *) LIBS="$LIBCRYPTO $LIBS" ;; + esac + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + +int +main () +{ +EVP_CIPHER_CTX_init(NULL); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + ac_cv_libcrypto=yes +else + ac_cv_libcrypto='no' +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + LIBS="$ac_save_LIBS" + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_libcrypto" >&5 +$as_echo "$ac_cv_libcrypto" >&6; } + if test "$ac_cv_libcrypto" = yes; then + HAVE_LIBCRYPTO=yes + +$as_echo "#define HAVE_LIBCRYPTO 1" >>confdefs.h + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking how to link with libcrypto" >&5 +$as_echo_n "checking how to link with libcrypto... " >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $LIBCRYPTO" >&5 +$as_echo "$LIBCRYPTO" >&6; } + else + HAVE_LIBCRYPTO=no + CPPFLAGS="$ac_save_CPPFLAGS" + LIBCRYPTO= + LTLIBCRYPTO= + LIBCRYPTO_PREFIX= + fi + + + + + + + + + if test "$HAVE_LIBCRYPTO" = "yes"; then + HAVE_LIBCRYPTO_TRUE= + HAVE_LIBCRYPTO_FALSE='#' +else + HAVE_LIBCRYPTO_TRUE='#' + HAVE_LIBCRYPTO_FALSE= +fi + + + + + + + + + + + + + + + use_additional=yes + + acl_save_prefix="$prefix" + prefix="$acl_final_prefix" + acl_save_exec_prefix="$exec_prefix" + exec_prefix="$acl_final_exec_prefix" + + eval additional_includedir=\"$includedir\" + eval additional_libdir=\"$libdir\" + + exec_prefix="$acl_save_exec_prefix" + prefix="$acl_save_prefix" + + +# Check whether --with-librt-prefix was given. +if test "${with_librt_prefix+set}" = set; then : + withval=$with_librt_prefix; + if test "X$withval" = "Xno"; then + use_additional=no + else + if test "X$withval" = "X"; then + + acl_save_prefix="$prefix" + prefix="$acl_final_prefix" + acl_save_exec_prefix="$exec_prefix" + exec_prefix="$acl_final_exec_prefix" + + eval additional_includedir=\"$includedir\" + eval additional_libdir=\"$libdir\" + + exec_prefix="$acl_save_exec_prefix" + prefix="$acl_save_prefix" + + else + additional_includedir="$withval/include" + additional_libdir="$withval/$acl_libdirstem" + if test "$acl_libdirstem2" != "$acl_libdirstem" \ + && test ! -d "$withval/$acl_libdirstem"; then + additional_libdir="$withval/$acl_libdirstem2" + fi + fi + fi + +fi + + LIBRT= + LTLIBRT= + INCRT= + LIBRT_PREFIX= + HAVE_LIBRT= + rpathdirs= + ltrpathdirs= + names_already_handled= + names_next_round='rt ' + while test -n "$names_next_round"; do + names_this_round="$names_next_round" + names_next_round= + for name in $names_this_round; do + already_handled= + for n in $names_already_handled; do + if test "$n" = "$name"; then + already_handled=yes + break + fi + done + if test -z "$already_handled"; then + names_already_handled="$names_already_handled $name" + uppername=`echo "$name" | sed -e 'y|abcdefghijklmnopqrstuvwxyz./+-|ABCDEFGHIJKLMNOPQRSTUVWXYZ____|'` + eval value=\"\$HAVE_LIB$uppername\" + if test -n "$value"; then + if test "$value" = yes; then + eval value=\"\$LIB$uppername\" + test -z "$value" || LIBRT="${LIBRT}${LIBRT:+ }$value" + eval value=\"\$LTLIB$uppername\" + test -z "$value" || LTLIBRT="${LTLIBRT}${LTLIBRT:+ }$value" + else + : + fi + else + found_dir= + found_la= + found_so= + found_a= + eval libname=\"$acl_libname_spec\" # typically: libname=lib$name + if test -n "$acl_shlibext"; then + shrext=".$acl_shlibext" # typically: shrext=.so + else + shrext= + fi + if test $use_additional = yes; then + dir="$additional_libdir" + if test -n "$acl_shlibext"; then + if test -f "$dir/$libname$shrext"; then + found_dir="$dir" + found_so="$dir/$libname$shrext" + else + if test "$acl_library_names_spec" = '$libname$shrext$versuffix'; then + ver=`(cd "$dir" && \ + for f in "$libname$shrext".*; do echo "$f"; done \ + | sed -e "s,^$libname$shrext\\\\.,," \ + | sort -t '.' -n -r -k1,1 -k2,2 -k3,3 -k4,4 -k5,5 \ + | sed 1q ) 2>/dev/null` + if test -n "$ver" && test -f "$dir/$libname$shrext.$ver"; then + found_dir="$dir" + found_so="$dir/$libname$shrext.$ver" + fi + else + eval library_names=\"$acl_library_names_spec\" + for f in $library_names; do + if test -f "$dir/$f"; then + found_dir="$dir" + found_so="$dir/$f" + break + fi + done + fi + fi + fi + if test "X$found_dir" = "X"; then + if test -f "$dir/$libname.$acl_libext"; then + found_dir="$dir" + found_a="$dir/$libname.$acl_libext" + fi + fi + if test "X$found_dir" != "X"; then + if test -f "$dir/$libname.la"; then + found_la="$dir/$libname.la" + fi + fi + fi + if test "X$found_dir" = "X"; then + for x in $LDFLAGS $LTLIBRT; do + + acl_save_prefix="$prefix" + prefix="$acl_final_prefix" + acl_save_exec_prefix="$exec_prefix" + exec_prefix="$acl_final_exec_prefix" + eval x=\"$x\" + exec_prefix="$acl_save_exec_prefix" + prefix="$acl_save_prefix" + + case "$x" in + -L*) + dir=`echo "X$x" | sed -e 's/^X-L//'` + if test -n "$acl_shlibext"; then + if test -f "$dir/$libname$shrext"; then + found_dir="$dir" + found_so="$dir/$libname$shrext" + else + if test "$acl_library_names_spec" = '$libname$shrext$versuffix'; then + ver=`(cd "$dir" && \ + for f in "$libname$shrext".*; do echo "$f"; done \ + | sed -e "s,^$libname$shrext\\\\.,," \ + | sort -t '.' -n -r -k1,1 -k2,2 -k3,3 -k4,4 -k5,5 \ + | sed 1q ) 2>/dev/null` + if test -n "$ver" && test -f "$dir/$libname$shrext.$ver"; then + found_dir="$dir" + found_so="$dir/$libname$shrext.$ver" + fi + else + eval library_names=\"$acl_library_names_spec\" + for f in $library_names; do + if test -f "$dir/$f"; then + found_dir="$dir" + found_so="$dir/$f" + break + fi + done + fi + fi + fi + if test "X$found_dir" = "X"; then + if test -f "$dir/$libname.$acl_libext"; then + found_dir="$dir" + found_a="$dir/$libname.$acl_libext" + fi + fi + if test "X$found_dir" != "X"; then + if test -f "$dir/$libname.la"; then + found_la="$dir/$libname.la" + fi + fi + ;; + esac + if test "X$found_dir" != "X"; then + break + fi + done + fi + if test "X$found_dir" != "X"; then + LTLIBRT="${LTLIBRT}${LTLIBRT:+ }-L$found_dir -l$name" + if test "X$found_so" != "X"; then + if test "$enable_rpath" = no \ + || test "X$found_dir" = "X/usr/$acl_libdirstem" \ + || test "X$found_dir" = "X/usr/$acl_libdirstem2"; then + LIBRT="${LIBRT}${LIBRT:+ }$found_so" + else + haveit= + for x in $ltrpathdirs; do + if test "X$x" = "X$found_dir"; then + haveit=yes + break + fi + done + if test -z "$haveit"; then + ltrpathdirs="$ltrpathdirs $found_dir" + fi + if test "$acl_hardcode_direct" = yes; then + LIBRT="${LIBRT}${LIBRT:+ }$found_so" + else + if test -n "$acl_hardcode_libdir_flag_spec" && test "$acl_hardcode_minus_L" = no; then + LIBRT="${LIBRT}${LIBRT:+ }$found_so" + haveit= + for x in $rpathdirs; do + if test "X$x" = "X$found_dir"; then + haveit=yes + break + fi + done + if test -z "$haveit"; then + rpathdirs="$rpathdirs $found_dir" + fi + else + haveit= + for x in $LDFLAGS $LIBRT; do + + acl_save_prefix="$prefix" + prefix="$acl_final_prefix" + acl_save_exec_prefix="$exec_prefix" + exec_prefix="$acl_final_exec_prefix" + eval x=\"$x\" + exec_prefix="$acl_save_exec_prefix" + prefix="$acl_save_prefix" + + if test "X$x" = "X-L$found_dir"; then + haveit=yes + break + fi + done + if test -z "$haveit"; then + LIBRT="${LIBRT}${LIBRT:+ }-L$found_dir" + fi + if test "$acl_hardcode_minus_L" != no; then + LIBRT="${LIBRT}${LIBRT:+ }$found_so" + else + LIBRT="${LIBRT}${LIBRT:+ }-l$name" + fi + fi + fi + fi + else + if test "X$found_a" != "X"; then + LIBRT="${LIBRT}${LIBRT:+ }$found_a" + else + LIBRT="${LIBRT}${LIBRT:+ }-L$found_dir -l$name" + fi + fi + additional_includedir= + case "$found_dir" in + */$acl_libdirstem | */$acl_libdirstem/) + basedir=`echo "X$found_dir" | sed -e 's,^X,,' -e "s,/$acl_libdirstem/"'*$,,'` + if test "$name" = 'rt'; then + LIBRT_PREFIX="$basedir" + fi + additional_includedir="$basedir/include" + ;; + */$acl_libdirstem2 | */$acl_libdirstem2/) + basedir=`echo "X$found_dir" | sed -e 's,^X,,' -e "s,/$acl_libdirstem2/"'*$,,'` + if test "$name" = 'rt'; then + LIBRT_PREFIX="$basedir" + fi + additional_includedir="$basedir/include" + ;; + esac + if test "X$additional_includedir" != "X"; then + if test "X$additional_includedir" != "X/usr/include"; then + haveit= + if test "X$additional_includedir" = "X/usr/local/include"; then + if test -n "$GCC"; then + case $host_os in + linux* | gnu* | k*bsd*-gnu) haveit=yes;; + esac + fi + fi + if test -z "$haveit"; then + for x in $CPPFLAGS $INCRT; do + + acl_save_prefix="$prefix" + prefix="$acl_final_prefix" + acl_save_exec_prefix="$exec_prefix" + exec_prefix="$acl_final_exec_prefix" + eval x=\"$x\" + exec_prefix="$acl_save_exec_prefix" + prefix="$acl_save_prefix" + + if test "X$x" = "X-I$additional_includedir"; then + haveit=yes + break + fi + done + if test -z "$haveit"; then + if test -d "$additional_includedir"; then + INCRT="${INCRT}${INCRT:+ }-I$additional_includedir" + fi + fi + fi + fi + fi + if test -n "$found_la"; then + save_libdir="$libdir" + case "$found_la" in + */* | *\\*) . "$found_la" ;; + *) . "./$found_la" ;; + esac + libdir="$save_libdir" + for dep in $dependency_libs; do + case "$dep" in + -L*) + additional_libdir=`echo "X$dep" | sed -e 's/^X-L//'` + if test "X$additional_libdir" != "X/usr/$acl_libdirstem" \ + && test "X$additional_libdir" != "X/usr/$acl_libdirstem2"; then + haveit= + if test "X$additional_libdir" = "X/usr/local/$acl_libdirstem" \ + || test "X$additional_libdir" = "X/usr/local/$acl_libdirstem2"; then + if test -n "$GCC"; then + case $host_os in + linux* | gnu* | k*bsd*-gnu) haveit=yes;; + esac + fi + fi + if test -z "$haveit"; then + haveit= + for x in $LDFLAGS $LIBRT; do + + acl_save_prefix="$prefix" + prefix="$acl_final_prefix" + acl_save_exec_prefix="$exec_prefix" + exec_prefix="$acl_final_exec_prefix" + eval x=\"$x\" + exec_prefix="$acl_save_exec_prefix" + prefix="$acl_save_prefix" + + if test "X$x" = "X-L$additional_libdir"; then + haveit=yes + break + fi + done + if test -z "$haveit"; then + if test -d "$additional_libdir"; then + LIBRT="${LIBRT}${LIBRT:+ }-L$additional_libdir" + fi + fi + haveit= + for x in $LDFLAGS $LTLIBRT; do + + acl_save_prefix="$prefix" + prefix="$acl_final_prefix" + acl_save_exec_prefix="$exec_prefix" + exec_prefix="$acl_final_exec_prefix" + eval x=\"$x\" + exec_prefix="$acl_save_exec_prefix" + prefix="$acl_save_prefix" + + if test "X$x" = "X-L$additional_libdir"; then + haveit=yes + break + fi + done + if test -z "$haveit"; then + if test -d "$additional_libdir"; then + LTLIBRT="${LTLIBRT}${LTLIBRT:+ }-L$additional_libdir" + fi + fi + fi + fi + ;; + -R*) + dir=`echo "X$dep" | sed -e 's/^X-R//'` + if test "$enable_rpath" != no; then + haveit= + for x in $rpathdirs; do + if test "X$x" = "X$dir"; then + haveit=yes + break + fi + done + if test -z "$haveit"; then + rpathdirs="$rpathdirs $dir" + fi + haveit= + for x in $ltrpathdirs; do + if test "X$x" = "X$dir"; then + haveit=yes + break + fi + done + if test -z "$haveit"; then + ltrpathdirs="$ltrpathdirs $dir" + fi + fi + ;; + -l*) + names_next_round="$names_next_round "`echo "X$dep" | sed -e 's/^X-l//'` + ;; + *.la) + names_next_round="$names_next_round "`echo "X$dep" | sed -e 's,^X.*/,,' -e 's,^lib,,' -e 's,\.la$,,'` + ;; + *) + LIBRT="${LIBRT}${LIBRT:+ }$dep" + LTLIBRT="${LTLIBRT}${LTLIBRT:+ }$dep" + ;; + esac + done + fi + else + LIBRT="${LIBRT}${LIBRT:+ }-l$name" + LTLIBRT="${LTLIBRT}${LTLIBRT:+ }-l$name" + fi + fi + fi + done + done + if test "X$rpathdirs" != "X"; then + if test -n "$acl_hardcode_libdir_separator"; then + alldirs= + for found_dir in $rpathdirs; do + alldirs="${alldirs}${alldirs:+$acl_hardcode_libdir_separator}$found_dir" + done + acl_save_libdir="$libdir" + libdir="$alldirs" + eval flag=\"$acl_hardcode_libdir_flag_spec\" + libdir="$acl_save_libdir" + LIBRT="${LIBRT}${LIBRT:+ }$flag" + else + for found_dir in $rpathdirs; do + acl_save_libdir="$libdir" + libdir="$found_dir" + eval flag=\"$acl_hardcode_libdir_flag_spec\" + libdir="$acl_save_libdir" + LIBRT="${LIBRT}${LIBRT:+ }$flag" + done + fi + fi + if test "X$ltrpathdirs" != "X"; then + for found_dir in $ltrpathdirs; do + LTLIBRT="${LTLIBRT}${LTLIBRT:+ }-R$found_dir" + done + fi + + + + + + + ac_save_CPPFLAGS="$CPPFLAGS" + + for element in $INCRT; do + haveit= + for x in $CPPFLAGS; do + + acl_save_prefix="$prefix" + prefix="$acl_final_prefix" + acl_save_exec_prefix="$exec_prefix" + exec_prefix="$acl_final_exec_prefix" + eval x=\"$x\" + exec_prefix="$acl_save_exec_prefix" + prefix="$acl_save_prefix" + + if test "X$x" = "X$element"; then + haveit=yes + break + fi + done + if test -z "$haveit"; then + CPPFLAGS="${CPPFLAGS}${CPPFLAGS:+ }$element" + fi + done + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for librt" >&5 +$as_echo_n "checking for librt... " >&6; } +if ${ac_cv_librt+:} false; then : + $as_echo_n "(cached) " >&6 +else + + ac_save_LIBS="$LIBS" + case " $LIBRT" in + *" -l"*) LIBS="$LIBS $LIBRT" ;; + *) LIBS="$LIBRT $LIBS" ;; + esac + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +#include + +int +main () +{ +timer_create (0,0,0); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + ac_cv_librt=yes +else + ac_cv_librt='no' +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + LIBS="$ac_save_LIBS" + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_librt" >&5 +$as_echo "$ac_cv_librt" >&6; } + if test "$ac_cv_librt" = yes; then + HAVE_LIBRT=yes + +$as_echo "#define HAVE_LIBRT 1" >>confdefs.h + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking how to link with librt" >&5 +$as_echo_n "checking how to link with librt... " >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $LIBRT" >&5 +$as_echo "$LIBRT" >&6; } + else + HAVE_LIBRT=no + CPPFLAGS="$ac_save_CPPFLAGS" + LIBRT= + LTLIBRT= + LIBRT_PREFIX= + fi + + + + + + + + +if test "$have_win" != "yes";then + for ac_func in pthread_mutex_lock +do : + ac_fn_c_check_func "$LINENO" "pthread_mutex_lock" "ac_cv_func_pthread_mutex_lock" +if test "x$ac_cv_func_pthread_mutex_lock" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_PTHREAD_MUTEX_LOCK 1 +_ACEOF + +fi +done + + if test "$ac_cv_func_pthread_mutex_lock" != "yes";then + + + + + + + + + + + + + use_additional=yes + + acl_save_prefix="$prefix" + prefix="$acl_final_prefix" + acl_save_exec_prefix="$exec_prefix" + exec_prefix="$acl_final_exec_prefix" + + eval additional_includedir=\"$includedir\" + eval additional_libdir=\"$libdir\" + + exec_prefix="$acl_save_exec_prefix" + prefix="$acl_save_prefix" + + +# Check whether --with-libpthread-prefix was given. +if test "${with_libpthread_prefix+set}" = set; then : + withval=$with_libpthread_prefix; + if test "X$withval" = "Xno"; then + use_additional=no + else + if test "X$withval" = "X"; then + + acl_save_prefix="$prefix" + prefix="$acl_final_prefix" + acl_save_exec_prefix="$exec_prefix" + exec_prefix="$acl_final_exec_prefix" + + eval additional_includedir=\"$includedir\" + eval additional_libdir=\"$libdir\" + + exec_prefix="$acl_save_exec_prefix" + prefix="$acl_save_prefix" + + else + additional_includedir="$withval/include" + additional_libdir="$withval/$acl_libdirstem" + if test "$acl_libdirstem2" != "$acl_libdirstem" \ + && test ! -d "$withval/$acl_libdirstem"; then + additional_libdir="$withval/$acl_libdirstem2" + fi + fi + fi + +fi + + LIBPTHREAD= + LTLIBPTHREAD= + INCPTHREAD= + LIBPTHREAD_PREFIX= + HAVE_LIBPTHREAD= + rpathdirs= + ltrpathdirs= + names_already_handled= + names_next_round='pthread ' + while test -n "$names_next_round"; do + names_this_round="$names_next_round" + names_next_round= + for name in $names_this_round; do + already_handled= + for n in $names_already_handled; do + if test "$n" = "$name"; then + already_handled=yes + break + fi + done + if test -z "$already_handled"; then + names_already_handled="$names_already_handled $name" + uppername=`echo "$name" | sed -e 'y|abcdefghijklmnopqrstuvwxyz./+-|ABCDEFGHIJKLMNOPQRSTUVWXYZ____|'` + eval value=\"\$HAVE_LIB$uppername\" + if test -n "$value"; then + if test "$value" = yes; then + eval value=\"\$LIB$uppername\" + test -z "$value" || LIBPTHREAD="${LIBPTHREAD}${LIBPTHREAD:+ }$value" + eval value=\"\$LTLIB$uppername\" + test -z "$value" || LTLIBPTHREAD="${LTLIBPTHREAD}${LTLIBPTHREAD:+ }$value" + else + : + fi + else + found_dir= + found_la= + found_so= + found_a= + eval libname=\"$acl_libname_spec\" # typically: libname=lib$name + if test -n "$acl_shlibext"; then + shrext=".$acl_shlibext" # typically: shrext=.so + else + shrext= + fi + if test $use_additional = yes; then + dir="$additional_libdir" + if test -n "$acl_shlibext"; then + if test -f "$dir/$libname$shrext"; then + found_dir="$dir" + found_so="$dir/$libname$shrext" + else + if test "$acl_library_names_spec" = '$libname$shrext$versuffix'; then + ver=`(cd "$dir" && \ + for f in "$libname$shrext".*; do echo "$f"; done \ + | sed -e "s,^$libname$shrext\\\\.,," \ + | sort -t '.' -n -r -k1,1 -k2,2 -k3,3 -k4,4 -k5,5 \ + | sed 1q ) 2>/dev/null` + if test -n "$ver" && test -f "$dir/$libname$shrext.$ver"; then + found_dir="$dir" + found_so="$dir/$libname$shrext.$ver" + fi + else + eval library_names=\"$acl_library_names_spec\" + for f in $library_names; do + if test -f "$dir/$f"; then + found_dir="$dir" + found_so="$dir/$f" + break + fi + done + fi + fi + fi + if test "X$found_dir" = "X"; then + if test -f "$dir/$libname.$acl_libext"; then + found_dir="$dir" + found_a="$dir/$libname.$acl_libext" + fi + fi + if test "X$found_dir" != "X"; then + if test -f "$dir/$libname.la"; then + found_la="$dir/$libname.la" + fi + fi + fi + if test "X$found_dir" = "X"; then + for x in $LDFLAGS $LTLIBPTHREAD; do + + acl_save_prefix="$prefix" + prefix="$acl_final_prefix" + acl_save_exec_prefix="$exec_prefix" + exec_prefix="$acl_final_exec_prefix" + eval x=\"$x\" + exec_prefix="$acl_save_exec_prefix" + prefix="$acl_save_prefix" + + case "$x" in + -L*) + dir=`echo "X$x" | sed -e 's/^X-L//'` + if test -n "$acl_shlibext"; then + if test -f "$dir/$libname$shrext"; then + found_dir="$dir" + found_so="$dir/$libname$shrext" + else + if test "$acl_library_names_spec" = '$libname$shrext$versuffix'; then + ver=`(cd "$dir" && \ + for f in "$libname$shrext".*; do echo "$f"; done \ + | sed -e "s,^$libname$shrext\\\\.,," \ + | sort -t '.' -n -r -k1,1 -k2,2 -k3,3 -k4,4 -k5,5 \ + | sed 1q ) 2>/dev/null` + if test -n "$ver" && test -f "$dir/$libname$shrext.$ver"; then + found_dir="$dir" + found_so="$dir/$libname$shrext.$ver" + fi + else + eval library_names=\"$acl_library_names_spec\" + for f in $library_names; do + if test -f "$dir/$f"; then + found_dir="$dir" + found_so="$dir/$f" + break + fi + done + fi + fi + fi + if test "X$found_dir" = "X"; then + if test -f "$dir/$libname.$acl_libext"; then + found_dir="$dir" + found_a="$dir/$libname.$acl_libext" + fi + fi + if test "X$found_dir" != "X"; then + if test -f "$dir/$libname.la"; then + found_la="$dir/$libname.la" + fi + fi + ;; + esac + if test "X$found_dir" != "X"; then + break + fi + done + fi + if test "X$found_dir" != "X"; then + LTLIBPTHREAD="${LTLIBPTHREAD}${LTLIBPTHREAD:+ }-L$found_dir -l$name" + if test "X$found_so" != "X"; then + if test "$enable_rpath" = no \ + || test "X$found_dir" = "X/usr/$acl_libdirstem" \ + || test "X$found_dir" = "X/usr/$acl_libdirstem2"; then + LIBPTHREAD="${LIBPTHREAD}${LIBPTHREAD:+ }$found_so" + else + haveit= + for x in $ltrpathdirs; do + if test "X$x" = "X$found_dir"; then + haveit=yes + break + fi + done + if test -z "$haveit"; then + ltrpathdirs="$ltrpathdirs $found_dir" + fi + if test "$acl_hardcode_direct" = yes; then + LIBPTHREAD="${LIBPTHREAD}${LIBPTHREAD:+ }$found_so" + else + if test -n "$acl_hardcode_libdir_flag_spec" && test "$acl_hardcode_minus_L" = no; then + LIBPTHREAD="${LIBPTHREAD}${LIBPTHREAD:+ }$found_so" + haveit= + for x in $rpathdirs; do + if test "X$x" = "X$found_dir"; then + haveit=yes + break + fi + done + if test -z "$haveit"; then + rpathdirs="$rpathdirs $found_dir" + fi + else + haveit= + for x in $LDFLAGS $LIBPTHREAD; do + + acl_save_prefix="$prefix" + prefix="$acl_final_prefix" + acl_save_exec_prefix="$exec_prefix" + exec_prefix="$acl_final_exec_prefix" + eval x=\"$x\" + exec_prefix="$acl_save_exec_prefix" + prefix="$acl_save_prefix" + + if test "X$x" = "X-L$found_dir"; then + haveit=yes + break + fi + done + if test -z "$haveit"; then + LIBPTHREAD="${LIBPTHREAD}${LIBPTHREAD:+ }-L$found_dir" + fi + if test "$acl_hardcode_minus_L" != no; then + LIBPTHREAD="${LIBPTHREAD}${LIBPTHREAD:+ }$found_so" + else + LIBPTHREAD="${LIBPTHREAD}${LIBPTHREAD:+ }-l$name" + fi + fi + fi + fi + else + if test "X$found_a" != "X"; then + LIBPTHREAD="${LIBPTHREAD}${LIBPTHREAD:+ }$found_a" + else + LIBPTHREAD="${LIBPTHREAD}${LIBPTHREAD:+ }-L$found_dir -l$name" + fi + fi + additional_includedir= + case "$found_dir" in + */$acl_libdirstem | */$acl_libdirstem/) + basedir=`echo "X$found_dir" | sed -e 's,^X,,' -e "s,/$acl_libdirstem/"'*$,,'` + if test "$name" = 'pthread'; then + LIBPTHREAD_PREFIX="$basedir" + fi + additional_includedir="$basedir/include" + ;; + */$acl_libdirstem2 | */$acl_libdirstem2/) + basedir=`echo "X$found_dir" | sed -e 's,^X,,' -e "s,/$acl_libdirstem2/"'*$,,'` + if test "$name" = 'pthread'; then + LIBPTHREAD_PREFIX="$basedir" + fi + additional_includedir="$basedir/include" + ;; + esac + if test "X$additional_includedir" != "X"; then + if test "X$additional_includedir" != "X/usr/include"; then + haveit= + if test "X$additional_includedir" = "X/usr/local/include"; then + if test -n "$GCC"; then + case $host_os in + linux* | gnu* | k*bsd*-gnu) haveit=yes;; + esac + fi + fi + if test -z "$haveit"; then + for x in $CPPFLAGS $INCPTHREAD; do + + acl_save_prefix="$prefix" + prefix="$acl_final_prefix" + acl_save_exec_prefix="$exec_prefix" + exec_prefix="$acl_final_exec_prefix" + eval x=\"$x\" + exec_prefix="$acl_save_exec_prefix" + prefix="$acl_save_prefix" + + if test "X$x" = "X-I$additional_includedir"; then + haveit=yes + break + fi + done + if test -z "$haveit"; then + if test -d "$additional_includedir"; then + INCPTHREAD="${INCPTHREAD}${INCPTHREAD:+ }-I$additional_includedir" + fi + fi + fi + fi + fi + if test -n "$found_la"; then + save_libdir="$libdir" + case "$found_la" in + */* | *\\*) . "$found_la" ;; + *) . "./$found_la" ;; + esac + libdir="$save_libdir" + for dep in $dependency_libs; do + case "$dep" in + -L*) + additional_libdir=`echo "X$dep" | sed -e 's/^X-L//'` + if test "X$additional_libdir" != "X/usr/$acl_libdirstem" \ + && test "X$additional_libdir" != "X/usr/$acl_libdirstem2"; then + haveit= + if test "X$additional_libdir" = "X/usr/local/$acl_libdirstem" \ + || test "X$additional_libdir" = "X/usr/local/$acl_libdirstem2"; then + if test -n "$GCC"; then + case $host_os in + linux* | gnu* | k*bsd*-gnu) haveit=yes;; + esac + fi + fi + if test -z "$haveit"; then + haveit= + for x in $LDFLAGS $LIBPTHREAD; do + + acl_save_prefix="$prefix" + prefix="$acl_final_prefix" + acl_save_exec_prefix="$exec_prefix" + exec_prefix="$acl_final_exec_prefix" + eval x=\"$x\" + exec_prefix="$acl_save_exec_prefix" + prefix="$acl_save_prefix" + + if test "X$x" = "X-L$additional_libdir"; then + haveit=yes + break + fi + done + if test -z "$haveit"; then + if test -d "$additional_libdir"; then + LIBPTHREAD="${LIBPTHREAD}${LIBPTHREAD:+ }-L$additional_libdir" + fi + fi + haveit= + for x in $LDFLAGS $LTLIBPTHREAD; do + + acl_save_prefix="$prefix" + prefix="$acl_final_prefix" + acl_save_exec_prefix="$exec_prefix" + exec_prefix="$acl_final_exec_prefix" + eval x=\"$x\" + exec_prefix="$acl_save_exec_prefix" + prefix="$acl_save_prefix" + + if test "X$x" = "X-L$additional_libdir"; then + haveit=yes + break + fi + done + if test -z "$haveit"; then + if test -d "$additional_libdir"; then + LTLIBPTHREAD="${LTLIBPTHREAD}${LTLIBPTHREAD:+ }-L$additional_libdir" + fi + fi + fi + fi + ;; + -R*) + dir=`echo "X$dep" | sed -e 's/^X-R//'` + if test "$enable_rpath" != no; then + haveit= + for x in $rpathdirs; do + if test "X$x" = "X$dir"; then + haveit=yes + break + fi + done + if test -z "$haveit"; then + rpathdirs="$rpathdirs $dir" + fi + haveit= + for x in $ltrpathdirs; do + if test "X$x" = "X$dir"; then + haveit=yes + break + fi + done + if test -z "$haveit"; then + ltrpathdirs="$ltrpathdirs $dir" + fi + fi + ;; + -l*) + names_next_round="$names_next_round "`echo "X$dep" | sed -e 's/^X-l//'` + ;; + *.la) + names_next_round="$names_next_round "`echo "X$dep" | sed -e 's,^X.*/,,' -e 's,^lib,,' -e 's,\.la$,,'` + ;; + *) + LIBPTHREAD="${LIBPTHREAD}${LIBPTHREAD:+ }$dep" + LTLIBPTHREAD="${LTLIBPTHREAD}${LTLIBPTHREAD:+ }$dep" + ;; + esac + done + fi + else + LIBPTHREAD="${LIBPTHREAD}${LIBPTHREAD:+ }-l$name" + LTLIBPTHREAD="${LTLIBPTHREAD}${LTLIBPTHREAD:+ }-l$name" + fi + fi + fi + done + done + if test "X$rpathdirs" != "X"; then + if test -n "$acl_hardcode_libdir_separator"; then + alldirs= + for found_dir in $rpathdirs; do + alldirs="${alldirs}${alldirs:+$acl_hardcode_libdir_separator}$found_dir" + done + acl_save_libdir="$libdir" + libdir="$alldirs" + eval flag=\"$acl_hardcode_libdir_flag_spec\" + libdir="$acl_save_libdir" + LIBPTHREAD="${LIBPTHREAD}${LIBPTHREAD:+ }$flag" + else + for found_dir in $rpathdirs; do + acl_save_libdir="$libdir" + libdir="$found_dir" + eval flag=\"$acl_hardcode_libdir_flag_spec\" + libdir="$acl_save_libdir" + LIBPTHREAD="${LIBPTHREAD}${LIBPTHREAD:+ }$flag" + done + fi + fi + if test "X$ltrpathdirs" != "X"; then + for found_dir in $ltrpathdirs; do + LTLIBPTHREAD="${LTLIBPTHREAD}${LTLIBPTHREAD:+ }-R$found_dir" + done + fi + + + + + + + ac_save_CPPFLAGS="$CPPFLAGS" + + for element in $INCPTHREAD; do + haveit= + for x in $CPPFLAGS; do + + acl_save_prefix="$prefix" + prefix="$acl_final_prefix" + acl_save_exec_prefix="$exec_prefix" + exec_prefix="$acl_final_exec_prefix" + eval x=\"$x\" + exec_prefix="$acl_save_exec_prefix" + prefix="$acl_save_prefix" + + if test "X$x" = "X$element"; then + haveit=yes + break + fi + done + if test -z "$haveit"; then + CPPFLAGS="${CPPFLAGS}${CPPFLAGS:+ }$element" + fi + done + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for libpthread" >&5 +$as_echo_n "checking for libpthread... " >&6; } +if ${ac_cv_libpthread+:} false; then : + $as_echo_n "(cached) " >&6 +else + + ac_save_LIBS="$LIBS" + case " $LIBPTHREAD" in + *" -l"*) LIBS="$LIBS $LIBPTHREAD" ;; + *) LIBS="$LIBPTHREAD $LIBS" ;; + esac + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +int +main () +{ +pthread_mutex_lock (0); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + ac_cv_libpthread=yes +else + ac_cv_libpthread='no' +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + LIBS="$ac_save_LIBS" + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_libpthread" >&5 +$as_echo "$ac_cv_libpthread" >&6; } + if test "$ac_cv_libpthread" = yes; then + HAVE_LIBPTHREAD=yes + +$as_echo "#define HAVE_LIBPTHREAD 1" >>confdefs.h + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking how to link with libpthread" >&5 +$as_echo_n "checking how to link with libpthread... " >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $LIBPTHREAD" >&5 +$as_echo "$LIBPTHREAD" >&6; } + else + HAVE_LIBPTHREAD=no + CPPFLAGS="$ac_save_CPPFLAGS" + LIBPTHREAD= + LTLIBPTHREAD= + LIBPTHREAD_PREFIX= + fi + + + + + + + + fi +fi + +if test "$ac_cv_func_nanosleep" != "yes";then + + + + + + + + + + + + + use_additional=yes + + acl_save_prefix="$prefix" + prefix="$acl_final_prefix" + acl_save_exec_prefix="$exec_prefix" + exec_prefix="$acl_final_exec_prefix" + + eval additional_includedir=\"$includedir\" + eval additional_libdir=\"$libdir\" + + exec_prefix="$acl_save_exec_prefix" + prefix="$acl_save_prefix" + + +# Check whether --with-librt-prefix was given. +if test "${with_librt_prefix+set}" = set; then : + withval=$with_librt_prefix; + if test "X$withval" = "Xno"; then + use_additional=no + else + if test "X$withval" = "X"; then + + acl_save_prefix="$prefix" + prefix="$acl_final_prefix" + acl_save_exec_prefix="$exec_prefix" + exec_prefix="$acl_final_exec_prefix" + + eval additional_includedir=\"$includedir\" + eval additional_libdir=\"$libdir\" + + exec_prefix="$acl_save_exec_prefix" + prefix="$acl_save_prefix" + + else + additional_includedir="$withval/include" + additional_libdir="$withval/$acl_libdirstem" + if test "$acl_libdirstem2" != "$acl_libdirstem" \ + && test ! -d "$withval/$acl_libdirstem"; then + additional_libdir="$withval/$acl_libdirstem2" + fi + fi + fi + +fi + + LIBRT= + LTLIBRT= + INCRT= + LIBRT_PREFIX= + HAVE_LIBRT= + rpathdirs= + ltrpathdirs= + names_already_handled= + names_next_round='rt ' + while test -n "$names_next_round"; do + names_this_round="$names_next_round" + names_next_round= + for name in $names_this_round; do + already_handled= + for n in $names_already_handled; do + if test "$n" = "$name"; then + already_handled=yes + break + fi + done + if test -z "$already_handled"; then + names_already_handled="$names_already_handled $name" + uppername=`echo "$name" | sed -e 'y|abcdefghijklmnopqrstuvwxyz./+-|ABCDEFGHIJKLMNOPQRSTUVWXYZ____|'` + eval value=\"\$HAVE_LIB$uppername\" + if test -n "$value"; then + if test "$value" = yes; then + eval value=\"\$LIB$uppername\" + test -z "$value" || LIBRT="${LIBRT}${LIBRT:+ }$value" + eval value=\"\$LTLIB$uppername\" + test -z "$value" || LTLIBRT="${LTLIBRT}${LTLIBRT:+ }$value" + else + : + fi + else + found_dir= + found_la= + found_so= + found_a= + eval libname=\"$acl_libname_spec\" # typically: libname=lib$name + if test -n "$acl_shlibext"; then + shrext=".$acl_shlibext" # typically: shrext=.so + else + shrext= + fi + if test $use_additional = yes; then + dir="$additional_libdir" + if test -n "$acl_shlibext"; then + if test -f "$dir/$libname$shrext"; then + found_dir="$dir" + found_so="$dir/$libname$shrext" + else + if test "$acl_library_names_spec" = '$libname$shrext$versuffix'; then + ver=`(cd "$dir" && \ + for f in "$libname$shrext".*; do echo "$f"; done \ + | sed -e "s,^$libname$shrext\\\\.,," \ + | sort -t '.' -n -r -k1,1 -k2,2 -k3,3 -k4,4 -k5,5 \ + | sed 1q ) 2>/dev/null` + if test -n "$ver" && test -f "$dir/$libname$shrext.$ver"; then + found_dir="$dir" + found_so="$dir/$libname$shrext.$ver" + fi + else + eval library_names=\"$acl_library_names_spec\" + for f in $library_names; do + if test -f "$dir/$f"; then + found_dir="$dir" + found_so="$dir/$f" + break + fi + done + fi + fi + fi + if test "X$found_dir" = "X"; then + if test -f "$dir/$libname.$acl_libext"; then + found_dir="$dir" + found_a="$dir/$libname.$acl_libext" + fi + fi + if test "X$found_dir" != "X"; then + if test -f "$dir/$libname.la"; then + found_la="$dir/$libname.la" + fi + fi + fi + if test "X$found_dir" = "X"; then + for x in $LDFLAGS $LTLIBRT; do + + acl_save_prefix="$prefix" + prefix="$acl_final_prefix" + acl_save_exec_prefix="$exec_prefix" + exec_prefix="$acl_final_exec_prefix" + eval x=\"$x\" + exec_prefix="$acl_save_exec_prefix" + prefix="$acl_save_prefix" + + case "$x" in + -L*) + dir=`echo "X$x" | sed -e 's/^X-L//'` + if test -n "$acl_shlibext"; then + if test -f "$dir/$libname$shrext"; then + found_dir="$dir" + found_so="$dir/$libname$shrext" + else + if test "$acl_library_names_spec" = '$libname$shrext$versuffix'; then + ver=`(cd "$dir" && \ + for f in "$libname$shrext".*; do echo "$f"; done \ + | sed -e "s,^$libname$shrext\\\\.,," \ + | sort -t '.' -n -r -k1,1 -k2,2 -k3,3 -k4,4 -k5,5 \ + | sed 1q ) 2>/dev/null` + if test -n "$ver" && test -f "$dir/$libname$shrext.$ver"; then + found_dir="$dir" + found_so="$dir/$libname$shrext.$ver" + fi + else + eval library_names=\"$acl_library_names_spec\" + for f in $library_names; do + if test -f "$dir/$f"; then + found_dir="$dir" + found_so="$dir/$f" + break + fi + done + fi + fi + fi + if test "X$found_dir" = "X"; then + if test -f "$dir/$libname.$acl_libext"; then + found_dir="$dir" + found_a="$dir/$libname.$acl_libext" + fi + fi + if test "X$found_dir" != "X"; then + if test -f "$dir/$libname.la"; then + found_la="$dir/$libname.la" + fi + fi + ;; + esac + if test "X$found_dir" != "X"; then + break + fi + done + fi + if test "X$found_dir" != "X"; then + LTLIBRT="${LTLIBRT}${LTLIBRT:+ }-L$found_dir -l$name" + if test "X$found_so" != "X"; then + if test "$enable_rpath" = no \ + || test "X$found_dir" = "X/usr/$acl_libdirstem" \ + || test "X$found_dir" = "X/usr/$acl_libdirstem2"; then + LIBRT="${LIBRT}${LIBRT:+ }$found_so" + else + haveit= + for x in $ltrpathdirs; do + if test "X$x" = "X$found_dir"; then + haveit=yes + break + fi + done + if test -z "$haveit"; then + ltrpathdirs="$ltrpathdirs $found_dir" + fi + if test "$acl_hardcode_direct" = yes; then + LIBRT="${LIBRT}${LIBRT:+ }$found_so" + else + if test -n "$acl_hardcode_libdir_flag_spec" && test "$acl_hardcode_minus_L" = no; then + LIBRT="${LIBRT}${LIBRT:+ }$found_so" + haveit= + for x in $rpathdirs; do + if test "X$x" = "X$found_dir"; then + haveit=yes + break + fi + done + if test -z "$haveit"; then + rpathdirs="$rpathdirs $found_dir" + fi + else + haveit= + for x in $LDFLAGS $LIBRT; do + + acl_save_prefix="$prefix" + prefix="$acl_final_prefix" + acl_save_exec_prefix="$exec_prefix" + exec_prefix="$acl_final_exec_prefix" + eval x=\"$x\" + exec_prefix="$acl_save_exec_prefix" + prefix="$acl_save_prefix" + + if test "X$x" = "X-L$found_dir"; then + haveit=yes + break + fi + done + if test -z "$haveit"; then + LIBRT="${LIBRT}${LIBRT:+ }-L$found_dir" + fi + if test "$acl_hardcode_minus_L" != no; then + LIBRT="${LIBRT}${LIBRT:+ }$found_so" + else + LIBRT="${LIBRT}${LIBRT:+ }-l$name" + fi + fi + fi + fi + else + if test "X$found_a" != "X"; then + LIBRT="${LIBRT}${LIBRT:+ }$found_a" + else + LIBRT="${LIBRT}${LIBRT:+ }-L$found_dir -l$name" + fi + fi + additional_includedir= + case "$found_dir" in + */$acl_libdirstem | */$acl_libdirstem/) + basedir=`echo "X$found_dir" | sed -e 's,^X,,' -e "s,/$acl_libdirstem/"'*$,,'` + if test "$name" = 'rt'; then + LIBRT_PREFIX="$basedir" + fi + additional_includedir="$basedir/include" + ;; + */$acl_libdirstem2 | */$acl_libdirstem2/) + basedir=`echo "X$found_dir" | sed -e 's,^X,,' -e "s,/$acl_libdirstem2/"'*$,,'` + if test "$name" = 'rt'; then + LIBRT_PREFIX="$basedir" + fi + additional_includedir="$basedir/include" + ;; + esac + if test "X$additional_includedir" != "X"; then + if test "X$additional_includedir" != "X/usr/include"; then + haveit= + if test "X$additional_includedir" = "X/usr/local/include"; then + if test -n "$GCC"; then + case $host_os in + linux* | gnu* | k*bsd*-gnu) haveit=yes;; + esac + fi + fi + if test -z "$haveit"; then + for x in $CPPFLAGS $INCRT; do + + acl_save_prefix="$prefix" + prefix="$acl_final_prefix" + acl_save_exec_prefix="$exec_prefix" + exec_prefix="$acl_final_exec_prefix" + eval x=\"$x\" + exec_prefix="$acl_save_exec_prefix" + prefix="$acl_save_prefix" + + if test "X$x" = "X-I$additional_includedir"; then + haveit=yes + break + fi + done + if test -z "$haveit"; then + if test -d "$additional_includedir"; then + INCRT="${INCRT}${INCRT:+ }-I$additional_includedir" + fi + fi + fi + fi + fi + if test -n "$found_la"; then + save_libdir="$libdir" + case "$found_la" in + */* | *\\*) . "$found_la" ;; + *) . "./$found_la" ;; + esac + libdir="$save_libdir" + for dep in $dependency_libs; do + case "$dep" in + -L*) + additional_libdir=`echo "X$dep" | sed -e 's/^X-L//'` + if test "X$additional_libdir" != "X/usr/$acl_libdirstem" \ + && test "X$additional_libdir" != "X/usr/$acl_libdirstem2"; then + haveit= + if test "X$additional_libdir" = "X/usr/local/$acl_libdirstem" \ + || test "X$additional_libdir" = "X/usr/local/$acl_libdirstem2"; then + if test -n "$GCC"; then + case $host_os in + linux* | gnu* | k*bsd*-gnu) haveit=yes;; + esac + fi + fi + if test -z "$haveit"; then + haveit= + for x in $LDFLAGS $LIBRT; do + + acl_save_prefix="$prefix" + prefix="$acl_final_prefix" + acl_save_exec_prefix="$exec_prefix" + exec_prefix="$acl_final_exec_prefix" + eval x=\"$x\" + exec_prefix="$acl_save_exec_prefix" + prefix="$acl_save_prefix" + + if test "X$x" = "X-L$additional_libdir"; then + haveit=yes + break + fi + done + if test -z "$haveit"; then + if test -d "$additional_libdir"; then + LIBRT="${LIBRT}${LIBRT:+ }-L$additional_libdir" + fi + fi + haveit= + for x in $LDFLAGS $LTLIBRT; do + + acl_save_prefix="$prefix" + prefix="$acl_final_prefix" + acl_save_exec_prefix="$exec_prefix" + exec_prefix="$acl_final_exec_prefix" + eval x=\"$x\" + exec_prefix="$acl_save_exec_prefix" + prefix="$acl_save_prefix" + + if test "X$x" = "X-L$additional_libdir"; then + haveit=yes + break + fi + done + if test -z "$haveit"; then + if test -d "$additional_libdir"; then + LTLIBRT="${LTLIBRT}${LTLIBRT:+ }-L$additional_libdir" + fi + fi + fi + fi + ;; + -R*) + dir=`echo "X$dep" | sed -e 's/^X-R//'` + if test "$enable_rpath" != no; then + haveit= + for x in $rpathdirs; do + if test "X$x" = "X$dir"; then + haveit=yes + break + fi + done + if test -z "$haveit"; then + rpathdirs="$rpathdirs $dir" + fi + haveit= + for x in $ltrpathdirs; do + if test "X$x" = "X$dir"; then + haveit=yes + break + fi + done + if test -z "$haveit"; then + ltrpathdirs="$ltrpathdirs $dir" + fi + fi + ;; + -l*) + names_next_round="$names_next_round "`echo "X$dep" | sed -e 's/^X-l//'` + ;; + *.la) + names_next_round="$names_next_round "`echo "X$dep" | sed -e 's,^X.*/,,' -e 's,^lib,,' -e 's,\.la$,,'` + ;; + *) + LIBRT="${LIBRT}${LIBRT:+ }$dep" + LTLIBRT="${LTLIBRT}${LTLIBRT:+ }$dep" + ;; + esac + done + fi + else + LIBRT="${LIBRT}${LIBRT:+ }-l$name" + LTLIBRT="${LTLIBRT}${LTLIBRT:+ }-l$name" + fi + fi + fi + done + done + if test "X$rpathdirs" != "X"; then + if test -n "$acl_hardcode_libdir_separator"; then + alldirs= + for found_dir in $rpathdirs; do + alldirs="${alldirs}${alldirs:+$acl_hardcode_libdir_separator}$found_dir" + done + acl_save_libdir="$libdir" + libdir="$alldirs" + eval flag=\"$acl_hardcode_libdir_flag_spec\" + libdir="$acl_save_libdir" + LIBRT="${LIBRT}${LIBRT:+ }$flag" + else + for found_dir in $rpathdirs; do + acl_save_libdir="$libdir" + libdir="$found_dir" + eval flag=\"$acl_hardcode_libdir_flag_spec\" + libdir="$acl_save_libdir" + LIBRT="${LIBRT}${LIBRT:+ }$flag" + done + fi + fi + if test "X$ltrpathdirs" != "X"; then + for found_dir in $ltrpathdirs; do + LTLIBRT="${LTLIBRT}${LTLIBRT:+ }-R$found_dir" + done + fi + + + + + + + ac_save_CPPFLAGS="$CPPFLAGS" + + for element in $INCRT; do + haveit= + for x in $CPPFLAGS; do + + acl_save_prefix="$prefix" + prefix="$acl_final_prefix" + acl_save_exec_prefix="$exec_prefix" + exec_prefix="$acl_final_exec_prefix" + eval x=\"$x\" + exec_prefix="$acl_save_exec_prefix" + prefix="$acl_save_prefix" + + if test "X$x" = "X$element"; then + haveit=yes + break + fi + done + if test -z "$haveit"; then + CPPFLAGS="${CPPFLAGS}${CPPFLAGS:+ }$element" + fi + done + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for librt" >&5 +$as_echo_n "checking for librt... " >&6; } +if ${ac_cv_librt+:} false; then : + $as_echo_n "(cached) " >&6 +else + + ac_save_LIBS="$LIBS" + case " $LIBRT" in + *" -l"*) LIBS="$LIBS $LIBRT" ;; + *) LIBS="$LIBRT $LIBS" ;; + esac + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +int +main () +{ +nanosleep (0, 0); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + ac_cv_librt=yes +else + ac_cv_librt='no' +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + LIBS="$ac_save_LIBS" + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_librt" >&5 +$as_echo "$ac_cv_librt" >&6; } + if test "$ac_cv_librt" = yes; then + HAVE_LIBRT=yes + +$as_echo "#define HAVE_LIBRT 1" >>confdefs.h + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking how to link with librt" >&5 +$as_echo_n "checking how to link with librt... " >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $LIBRT" >&5 +$as_echo "$LIBRT" >&6; } + else + HAVE_LIBRT=no + CPPFLAGS="$ac_save_CPPFLAGS" + LIBRT= + LTLIBRT= + LIBRT_PREFIX= + fi + + + + + + + + gnutls_needs_librt=yes +fi + +if test "$ac_cv_func_clock_gettime" != "yes";then + + + + + + + + + + + + + use_additional=yes + + acl_save_prefix="$prefix" + prefix="$acl_final_prefix" + acl_save_exec_prefix="$exec_prefix" + exec_prefix="$acl_final_exec_prefix" + + eval additional_includedir=\"$includedir\" + eval additional_libdir=\"$libdir\" + + exec_prefix="$acl_save_exec_prefix" + prefix="$acl_save_prefix" + + +# Check whether --with-librt-prefix was given. +if test "${with_librt_prefix+set}" = set; then : + withval=$with_librt_prefix; + if test "X$withval" = "Xno"; then + use_additional=no + else + if test "X$withval" = "X"; then + + acl_save_prefix="$prefix" + prefix="$acl_final_prefix" + acl_save_exec_prefix="$exec_prefix" + exec_prefix="$acl_final_exec_prefix" + + eval additional_includedir=\"$includedir\" + eval additional_libdir=\"$libdir\" + + exec_prefix="$acl_save_exec_prefix" + prefix="$acl_save_prefix" + + else + additional_includedir="$withval/include" + additional_libdir="$withval/$acl_libdirstem" + if test "$acl_libdirstem2" != "$acl_libdirstem" \ + && test ! -d "$withval/$acl_libdirstem"; then + additional_libdir="$withval/$acl_libdirstem2" + fi + fi + fi + +fi + + LIBRT= + LTLIBRT= + INCRT= + LIBRT_PREFIX= + HAVE_LIBRT= + rpathdirs= + ltrpathdirs= + names_already_handled= + names_next_round='rt ' + while test -n "$names_next_round"; do + names_this_round="$names_next_round" + names_next_round= + for name in $names_this_round; do + already_handled= + for n in $names_already_handled; do + if test "$n" = "$name"; then + already_handled=yes + break + fi + done + if test -z "$already_handled"; then + names_already_handled="$names_already_handled $name" + uppername=`echo "$name" | sed -e 'y|abcdefghijklmnopqrstuvwxyz./+-|ABCDEFGHIJKLMNOPQRSTUVWXYZ____|'` + eval value=\"\$HAVE_LIB$uppername\" + if test -n "$value"; then + if test "$value" = yes; then + eval value=\"\$LIB$uppername\" + test -z "$value" || LIBRT="${LIBRT}${LIBRT:+ }$value" + eval value=\"\$LTLIB$uppername\" + test -z "$value" || LTLIBRT="${LTLIBRT}${LTLIBRT:+ }$value" + else + : + fi + else + found_dir= + found_la= + found_so= + found_a= + eval libname=\"$acl_libname_spec\" # typically: libname=lib$name + if test -n "$acl_shlibext"; then + shrext=".$acl_shlibext" # typically: shrext=.so + else + shrext= + fi + if test $use_additional = yes; then + dir="$additional_libdir" + if test -n "$acl_shlibext"; then + if test -f "$dir/$libname$shrext"; then + found_dir="$dir" + found_so="$dir/$libname$shrext" + else + if test "$acl_library_names_spec" = '$libname$shrext$versuffix'; then + ver=`(cd "$dir" && \ + for f in "$libname$shrext".*; do echo "$f"; done \ + | sed -e "s,^$libname$shrext\\\\.,," \ + | sort -t '.' -n -r -k1,1 -k2,2 -k3,3 -k4,4 -k5,5 \ + | sed 1q ) 2>/dev/null` + if test -n "$ver" && test -f "$dir/$libname$shrext.$ver"; then + found_dir="$dir" + found_so="$dir/$libname$shrext.$ver" + fi + else + eval library_names=\"$acl_library_names_spec\" + for f in $library_names; do + if test -f "$dir/$f"; then + found_dir="$dir" + found_so="$dir/$f" + break + fi + done + fi + fi + fi + if test "X$found_dir" = "X"; then + if test -f "$dir/$libname.$acl_libext"; then + found_dir="$dir" + found_a="$dir/$libname.$acl_libext" + fi + fi + if test "X$found_dir" != "X"; then + if test -f "$dir/$libname.la"; then + found_la="$dir/$libname.la" + fi + fi + fi + if test "X$found_dir" = "X"; then + for x in $LDFLAGS $LTLIBRT; do + + acl_save_prefix="$prefix" + prefix="$acl_final_prefix" + acl_save_exec_prefix="$exec_prefix" + exec_prefix="$acl_final_exec_prefix" + eval x=\"$x\" + exec_prefix="$acl_save_exec_prefix" + prefix="$acl_save_prefix" + + case "$x" in + -L*) + dir=`echo "X$x" | sed -e 's/^X-L//'` + if test -n "$acl_shlibext"; then + if test -f "$dir/$libname$shrext"; then + found_dir="$dir" + found_so="$dir/$libname$shrext" + else + if test "$acl_library_names_spec" = '$libname$shrext$versuffix'; then + ver=`(cd "$dir" && \ + for f in "$libname$shrext".*; do echo "$f"; done \ + | sed -e "s,^$libname$shrext\\\\.,," \ + | sort -t '.' -n -r -k1,1 -k2,2 -k3,3 -k4,4 -k5,5 \ + | sed 1q ) 2>/dev/null` + if test -n "$ver" && test -f "$dir/$libname$shrext.$ver"; then + found_dir="$dir" + found_so="$dir/$libname$shrext.$ver" + fi + else + eval library_names=\"$acl_library_names_spec\" + for f in $library_names; do + if test -f "$dir/$f"; then + found_dir="$dir" + found_so="$dir/$f" + break + fi + done + fi + fi + fi + if test "X$found_dir" = "X"; then + if test -f "$dir/$libname.$acl_libext"; then + found_dir="$dir" + found_a="$dir/$libname.$acl_libext" + fi + fi + if test "X$found_dir" != "X"; then + if test -f "$dir/$libname.la"; then + found_la="$dir/$libname.la" + fi + fi + ;; + esac + if test "X$found_dir" != "X"; then + break + fi + done + fi + if test "X$found_dir" != "X"; then + LTLIBRT="${LTLIBRT}${LTLIBRT:+ }-L$found_dir -l$name" + if test "X$found_so" != "X"; then + if test "$enable_rpath" = no \ + || test "X$found_dir" = "X/usr/$acl_libdirstem" \ + || test "X$found_dir" = "X/usr/$acl_libdirstem2"; then + LIBRT="${LIBRT}${LIBRT:+ }$found_so" + else + haveit= + for x in $ltrpathdirs; do + if test "X$x" = "X$found_dir"; then + haveit=yes + break + fi + done + if test -z "$haveit"; then + ltrpathdirs="$ltrpathdirs $found_dir" + fi + if test "$acl_hardcode_direct" = yes; then + LIBRT="${LIBRT}${LIBRT:+ }$found_so" + else + if test -n "$acl_hardcode_libdir_flag_spec" && test "$acl_hardcode_minus_L" = no; then + LIBRT="${LIBRT}${LIBRT:+ }$found_so" + haveit= + for x in $rpathdirs; do + if test "X$x" = "X$found_dir"; then + haveit=yes + break + fi + done + if test -z "$haveit"; then + rpathdirs="$rpathdirs $found_dir" + fi + else + haveit= + for x in $LDFLAGS $LIBRT; do + + acl_save_prefix="$prefix" + prefix="$acl_final_prefix" + acl_save_exec_prefix="$exec_prefix" + exec_prefix="$acl_final_exec_prefix" + eval x=\"$x\" + exec_prefix="$acl_save_exec_prefix" + prefix="$acl_save_prefix" + + if test "X$x" = "X-L$found_dir"; then + haveit=yes + break + fi + done + if test -z "$haveit"; then + LIBRT="${LIBRT}${LIBRT:+ }-L$found_dir" + fi + if test "$acl_hardcode_minus_L" != no; then + LIBRT="${LIBRT}${LIBRT:+ }$found_so" + else + LIBRT="${LIBRT}${LIBRT:+ }-l$name" + fi + fi + fi + fi + else + if test "X$found_a" != "X"; then + LIBRT="${LIBRT}${LIBRT:+ }$found_a" + else + LIBRT="${LIBRT}${LIBRT:+ }-L$found_dir -l$name" + fi + fi + additional_includedir= + case "$found_dir" in + */$acl_libdirstem | */$acl_libdirstem/) + basedir=`echo "X$found_dir" | sed -e 's,^X,,' -e "s,/$acl_libdirstem/"'*$,,'` + if test "$name" = 'rt'; then + LIBRT_PREFIX="$basedir" + fi + additional_includedir="$basedir/include" + ;; + */$acl_libdirstem2 | */$acl_libdirstem2/) + basedir=`echo "X$found_dir" | sed -e 's,^X,,' -e "s,/$acl_libdirstem2/"'*$,,'` + if test "$name" = 'rt'; then + LIBRT_PREFIX="$basedir" + fi + additional_includedir="$basedir/include" + ;; + esac + if test "X$additional_includedir" != "X"; then + if test "X$additional_includedir" != "X/usr/include"; then + haveit= + if test "X$additional_includedir" = "X/usr/local/include"; then + if test -n "$GCC"; then + case $host_os in + linux* | gnu* | k*bsd*-gnu) haveit=yes;; + esac + fi + fi + if test -z "$haveit"; then + for x in $CPPFLAGS $INCRT; do + + acl_save_prefix="$prefix" + prefix="$acl_final_prefix" + acl_save_exec_prefix="$exec_prefix" + exec_prefix="$acl_final_exec_prefix" + eval x=\"$x\" + exec_prefix="$acl_save_exec_prefix" + prefix="$acl_save_prefix" + + if test "X$x" = "X-I$additional_includedir"; then + haveit=yes + break + fi + done + if test -z "$haveit"; then + if test -d "$additional_includedir"; then + INCRT="${INCRT}${INCRT:+ }-I$additional_includedir" + fi + fi + fi + fi + fi + if test -n "$found_la"; then + save_libdir="$libdir" + case "$found_la" in + */* | *\\*) . "$found_la" ;; + *) . "./$found_la" ;; + esac + libdir="$save_libdir" + for dep in $dependency_libs; do + case "$dep" in + -L*) + additional_libdir=`echo "X$dep" | sed -e 's/^X-L//'` + if test "X$additional_libdir" != "X/usr/$acl_libdirstem" \ + && test "X$additional_libdir" != "X/usr/$acl_libdirstem2"; then + haveit= + if test "X$additional_libdir" = "X/usr/local/$acl_libdirstem" \ + || test "X$additional_libdir" = "X/usr/local/$acl_libdirstem2"; then + if test -n "$GCC"; then + case $host_os in + linux* | gnu* | k*bsd*-gnu) haveit=yes;; + esac + fi + fi + if test -z "$haveit"; then + haveit= + for x in $LDFLAGS $LIBRT; do + + acl_save_prefix="$prefix" + prefix="$acl_final_prefix" + acl_save_exec_prefix="$exec_prefix" + exec_prefix="$acl_final_exec_prefix" + eval x=\"$x\" + exec_prefix="$acl_save_exec_prefix" + prefix="$acl_save_prefix" + + if test "X$x" = "X-L$additional_libdir"; then + haveit=yes + break + fi + done + if test -z "$haveit"; then + if test -d "$additional_libdir"; then + LIBRT="${LIBRT}${LIBRT:+ }-L$additional_libdir" + fi + fi + haveit= + for x in $LDFLAGS $LTLIBRT; do + + acl_save_prefix="$prefix" + prefix="$acl_final_prefix" + acl_save_exec_prefix="$exec_prefix" + exec_prefix="$acl_final_exec_prefix" + eval x=\"$x\" + exec_prefix="$acl_save_exec_prefix" + prefix="$acl_save_prefix" + + if test "X$x" = "X-L$additional_libdir"; then + haveit=yes + break + fi + done + if test -z "$haveit"; then + if test -d "$additional_libdir"; then + LTLIBRT="${LTLIBRT}${LTLIBRT:+ }-L$additional_libdir" + fi + fi + fi + fi + ;; + -R*) + dir=`echo "X$dep" | sed -e 's/^X-R//'` + if test "$enable_rpath" != no; then + haveit= + for x in $rpathdirs; do + if test "X$x" = "X$dir"; then + haveit=yes + break + fi + done + if test -z "$haveit"; then + rpathdirs="$rpathdirs $dir" + fi + haveit= + for x in $ltrpathdirs; do + if test "X$x" = "X$dir"; then + haveit=yes + break + fi + done + if test -z "$haveit"; then + ltrpathdirs="$ltrpathdirs $dir" + fi + fi + ;; + -l*) + names_next_round="$names_next_round "`echo "X$dep" | sed -e 's/^X-l//'` + ;; + *.la) + names_next_round="$names_next_round "`echo "X$dep" | sed -e 's,^X.*/,,' -e 's,^lib,,' -e 's,\.la$,,'` + ;; + *) + LIBRT="${LIBRT}${LIBRT:+ }$dep" + LTLIBRT="${LTLIBRT}${LTLIBRT:+ }$dep" + ;; + esac + done + fi + else + LIBRT="${LIBRT}${LIBRT:+ }-l$name" + LTLIBRT="${LTLIBRT}${LTLIBRT:+ }-l$name" + fi + fi + fi + done + done + if test "X$rpathdirs" != "X"; then + if test -n "$acl_hardcode_libdir_separator"; then + alldirs= + for found_dir in $rpathdirs; do + alldirs="${alldirs}${alldirs:+$acl_hardcode_libdir_separator}$found_dir" + done + acl_save_libdir="$libdir" + libdir="$alldirs" + eval flag=\"$acl_hardcode_libdir_flag_spec\" + libdir="$acl_save_libdir" + LIBRT="${LIBRT}${LIBRT:+ }$flag" + else + for found_dir in $rpathdirs; do + acl_save_libdir="$libdir" + libdir="$found_dir" + eval flag=\"$acl_hardcode_libdir_flag_spec\" + libdir="$acl_save_libdir" + LIBRT="${LIBRT}${LIBRT:+ }$flag" + done + fi + fi + if test "X$ltrpathdirs" != "X"; then + for found_dir in $ltrpathdirs; do + LTLIBRT="${LTLIBRT}${LTLIBRT:+ }-R$found_dir" + done + fi + + + + + + + ac_save_CPPFLAGS="$CPPFLAGS" + + for element in $INCRT; do + haveit= + for x in $CPPFLAGS; do + + acl_save_prefix="$prefix" + prefix="$acl_final_prefix" + acl_save_exec_prefix="$exec_prefix" + exec_prefix="$acl_final_exec_prefix" + eval x=\"$x\" + exec_prefix="$acl_save_exec_prefix" + prefix="$acl_save_prefix" + + if test "X$x" = "X$element"; then + haveit=yes + break + fi + done + if test -z "$haveit"; then + CPPFLAGS="${CPPFLAGS}${CPPFLAGS:+ }$element" + fi + done + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for librt" >&5 +$as_echo_n "checking for librt... " >&6; } +if ${ac_cv_librt+:} false; then : + $as_echo_n "(cached) " >&6 +else + + ac_save_LIBS="$LIBS" + case " $LIBRT" in + *" -l"*) LIBS="$LIBS $LIBRT" ;; + *) LIBS="$LIBRT $LIBS" ;; + esac + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +int +main () +{ +clock_gettime (0, 0); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + ac_cv_librt=yes +else + ac_cv_librt='no' +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + LIBS="$ac_save_LIBS" + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_librt" >&5 +$as_echo "$ac_cv_librt" >&6; } + if test "$ac_cv_librt" = yes; then + HAVE_LIBRT=yes + +$as_echo "#define HAVE_LIBRT 1" >>confdefs.h + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking how to link with librt" >&5 +$as_echo_n "checking how to link with librt... " >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $LIBRT" >&5 +$as_echo "$LIBRT" >&6; } + else + HAVE_LIBRT=no + CPPFLAGS="$ac_save_CPPFLAGS" + LIBRT= + LTLIBRT= + LIBRT_PREFIX= + fi + + + + + + + + gnutls_needs_librt=yes +fi + + +# Check whether --with-included-unistring was given. +if test "${with_included_unistring+set}" = set; then : + withval=$with_included_unistring; included_unistring="$withval" +else + included_unistring=no +fi + + +if test "$included_unistring" = yes;then + ac_have_unistring=no +else + save_LIBS=$LIBS + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing u8_normalize" >&5 +$as_echo_n "checking for library containing u8_normalize... " >&6; } +if ${ac_cv_search_u8_normalize+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_func_search_save_LIBS=$LIBS +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char u8_normalize (); +int +main () +{ +return u8_normalize (); + ; + return 0; +} +_ACEOF +for ac_lib in '' unistring; do + if test -z "$ac_lib"; then + ac_res="none required" + else + ac_res=-l$ac_lib + LIBS="-l$ac_lib $ac_func_search_save_LIBS" + fi + if ac_fn_c_try_link "$LINENO"; then : + ac_cv_search_u8_normalize=$ac_res +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext + if ${ac_cv_search_u8_normalize+:} false; then : + break +fi +done +if ${ac_cv_search_u8_normalize+:} false; then : + +else + ac_cv_search_u8_normalize=no +fi +rm conftest.$ac_ext +LIBS=$ac_func_search_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_u8_normalize" >&5 +$as_echo "$ac_cv_search_u8_normalize" >&6; } +ac_res=$ac_cv_search_u8_normalize +if test "$ac_res" != no; then : + test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" + + included_unistring=no + ac_have_unistring=yes + LIBUNISTRING=$ac_cv_search_u8_normalize + + +else + + ac_cv_libunistring=no + as_fn_error $? " + *** + *** Libunistring was not found. To use the included one, use --with-included-unistring + " "$LINENO" 5 + +fi + + LIBS=$save_LIBS +fi + + if test "$ac_have_unistring" = "yes"; then + HAVE_LIBUNISTRING_TRUE= + HAVE_LIBUNISTRING_FALSE='#' +else + HAVE_LIBUNISTRING_TRUE='#' + HAVE_LIBUNISTRING_FALSE= +fi + + + + + + + + + LIBC_FATAL_STDERR_=1 + export LIBC_FATAL_STDERR_ + +ac_fn_c_check_type "$LINENO" "size_t" "ac_cv_type_size_t" "$ac_includes_default" +if test "x$ac_cv_type_size_t" = xyes; then : + +else + +cat >>confdefs.h <<_ACEOF +#define size_t unsigned int +_ACEOF + +fi + +# The Ultrix 4.2 mips builtin alloca declared by alloca.h only works +# for constant arguments. Useless! +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for working alloca.h" >&5 +$as_echo_n "checking for working alloca.h... " >&6; } +if ${ac_cv_working_alloca_h+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +int +main () +{ +char *p = (char *) alloca (2 * sizeof (int)); + if (p) return 0; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + ac_cv_working_alloca_h=yes +else + ac_cv_working_alloca_h=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_working_alloca_h" >&5 +$as_echo "$ac_cv_working_alloca_h" >&6; } +if test $ac_cv_working_alloca_h = yes; then + +$as_echo "#define HAVE_ALLOCA_H 1" >>confdefs.h + +fi + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for alloca" >&5 +$as_echo_n "checking for alloca... " >&6; } +if ${ac_cv_func_alloca_works+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#ifdef __GNUC__ +# define alloca __builtin_alloca +#else +# ifdef _MSC_VER +# include +# define alloca _alloca +# else +# ifdef HAVE_ALLOCA_H +# include +# else +# ifdef _AIX + #pragma alloca +# else +# ifndef alloca /* predefined by HP cc +Olibcalls */ +void *alloca (size_t); +# endif +# endif +# endif +# endif +#endif + +int +main () +{ +char *p = (char *) alloca (1); + if (p) return 0; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + ac_cv_func_alloca_works=yes +else + ac_cv_func_alloca_works=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_func_alloca_works" >&5 +$as_echo "$ac_cv_func_alloca_works" >&6; } + +if test $ac_cv_func_alloca_works = yes; then + +$as_echo "#define HAVE_ALLOCA 1" >>confdefs.h + +else + # The SVR3 libPW and SVR4 libucb both contain incompatible functions +# that cause trouble. Some versions do not even contain alloca or +# contain a buggy version. If you still want to use their alloca, +# use ar to extract alloca.o from them instead of compiling alloca.c. + + + + + +ALLOCA=\${LIBOBJDIR}alloca.$ac_objext + +$as_echo "#define C_ALLOCA 1" >>confdefs.h + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether \`alloca.c' needs Cray hooks" >&5 +$as_echo_n "checking whether \`alloca.c' needs Cray hooks... " >&6; } +if ${ac_cv_os_cray+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#if defined CRAY && ! defined CRAY2 +webecray +#else +wenotbecray +#endif + +_ACEOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + $EGREP "webecray" >/dev/null 2>&1; then : + ac_cv_os_cray=yes +else + ac_cv_os_cray=no +fi +rm -f conftest* + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_os_cray" >&5 +$as_echo "$ac_cv_os_cray" >&6; } +if test $ac_cv_os_cray = yes; then + for ac_func in _getb67 GETB67 getb67; do + as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` +ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" +if eval test \"x\$"$as_ac_var"\" = x"yes"; then : + +cat >>confdefs.h <<_ACEOF +#define CRAY_STACKSEG_END $ac_func +_ACEOF + + break +fi + + done +fi + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking stack direction for C alloca" >&5 +$as_echo_n "checking stack direction for C alloca... " >&6; } +if ${ac_cv_c_stack_direction+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test "$cross_compiling" = yes; then : + ac_cv_c_stack_direction=0 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +$ac_includes_default +int +find_stack_direction (int *addr, int depth) +{ + int dir, dummy = 0; + if (! addr) + addr = &dummy; + *addr = addr < &dummy ? 1 : addr == &dummy ? 0 : -1; + dir = depth ? find_stack_direction (addr, depth - 1) : 0; + return dir + dummy; +} + +int +main (int argc, char **argv) +{ + return find_stack_direction (0, argc + !argv + 20) < 0; +} +_ACEOF +if ac_fn_c_try_run "$LINENO"; then : + ac_cv_c_stack_direction=1 +else + ac_cv_c_stack_direction=-1 +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_stack_direction" >&5 +$as_echo "$ac_cv_c_stack_direction" >&6; } +cat >>confdefs.h <<_ACEOF +#define STACK_DIRECTION $ac_cv_c_stack_direction +_ACEOF + + +fi + + + GNULIB_INET_NTOP=0; + GNULIB_INET_PTON=0; + HAVE_DECL_INET_NTOP=1; + HAVE_DECL_INET_PTON=1; + REPLACE_INET_NTOP=0; + REPLACE_INET_PTON=0; + + + + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the preprocessor supports include_next" >&5 +$as_echo_n "checking whether the preprocessor supports include_next... " >&6; } +if ${gl_cv_have_include_next+:} false; then : + $as_echo_n "(cached) " >&6 +else + rm -rf conftestd1a conftestd1b conftestd2 + mkdir conftestd1a conftestd1b conftestd2 + cat < conftestd1a/conftest.h +#define DEFINED_IN_CONFTESTD1 +#include_next +#ifdef DEFINED_IN_CONFTESTD2 +int foo; +#else +#error "include_next doesn't work" +#endif +EOF + cat < conftestd1b/conftest.h +#define DEFINED_IN_CONFTESTD1 +#include +#include_next +#ifdef DEFINED_IN_CONFTESTD2 +int foo; +#else +#error "include_next doesn't work" +#endif +EOF + cat < conftestd2/conftest.h +#ifndef DEFINED_IN_CONFTESTD1 +#error "include_next test doesn't work" +#endif +#define DEFINED_IN_CONFTESTD2 +EOF + gl_save_CPPFLAGS="$CPPFLAGS" + CPPFLAGS="$gl_save_CPPFLAGS -Iconftestd1b -Iconftestd2" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + gl_cv_have_include_next=yes +else + CPPFLAGS="$gl_save_CPPFLAGS -Iconftestd1a -Iconftestd2" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + gl_cv_have_include_next=buggy +else + gl_cv_have_include_next=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + CPPFLAGS="$gl_save_CPPFLAGS" + rm -rf conftestd1a conftestd1b conftestd2 + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_have_include_next" >&5 +$as_echo "$gl_cv_have_include_next" >&6; } + PRAGMA_SYSTEM_HEADER= + if test $gl_cv_have_include_next = yes; then + INCLUDE_NEXT=include_next + INCLUDE_NEXT_AS_FIRST_DIRECTIVE=include_next + if test -n "$GCC"; then + PRAGMA_SYSTEM_HEADER='#pragma GCC system_header' + fi + else + if test $gl_cv_have_include_next = buggy; then + INCLUDE_NEXT=include + INCLUDE_NEXT_AS_FIRST_DIRECTIVE=include_next + else + INCLUDE_NEXT=include + INCLUDE_NEXT_AS_FIRST_DIRECTIVE=include + fi + fi + + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether system header files limit the line length" >&5 +$as_echo_n "checking whether system header files limit the line length... " >&6; } +if ${gl_cv_pragma_columns+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#ifdef __TANDEM +choke me +#endif + +_ACEOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + $EGREP "choke me" >/dev/null 2>&1; then : + gl_cv_pragma_columns=yes +else + gl_cv_pragma_columns=no +fi +rm -f conftest* + + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_pragma_columns" >&5 +$as_echo "$gl_cv_pragma_columns" >&6; } + if test $gl_cv_pragma_columns = yes; then + PRAGMA_COLUMNS="#pragma COLUMNS 10000" + else + PRAGMA_COLUMNS= + fi + + + + + + + if test $ac_cv_header_features_h = yes; then + HAVE_FEATURES_H=1 + else + HAVE_FEATURES_H=0 + fi + + + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for complete errno.h" >&5 +$as_echo_n "checking for complete errno.h... " >&6; } +if ${gl_cv_header_errno_h_complete+:} false; then : + $as_echo_n "(cached) " >&6 +else + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#if !defined ETXTBSY +booboo +#endif +#if !defined ENOMSG +booboo +#endif +#if !defined EIDRM +booboo +#endif +#if !defined ENOLINK +booboo +#endif +#if !defined EPROTO +booboo +#endif +#if !defined EMULTIHOP +booboo +#endif +#if !defined EBADMSG +booboo +#endif +#if !defined EOVERFLOW +booboo +#endif +#if !defined ENOTSUP +booboo +#endif +#if !defined ENETRESET +booboo +#endif +#if !defined ECONNABORTED +booboo +#endif +#if !defined ESTALE +booboo +#endif +#if !defined EDQUOT +booboo +#endif +#if !defined ECANCELED +booboo +#endif +#if !defined EOWNERDEAD +booboo +#endif +#if !defined ENOTRECOVERABLE +booboo +#endif +#if !defined EILSEQ +booboo +#endif + +_ACEOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + $EGREP "booboo" >/dev/null 2>&1; then : + gl_cv_header_errno_h_complete=no +else + gl_cv_header_errno_h_complete=yes +fi +rm -f conftest* + + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_header_errno_h_complete" >&5 +$as_echo "$gl_cv_header_errno_h_complete" >&6; } + if test $gl_cv_header_errno_h_complete = yes; then + ERRNO_H='' + else + + + + + + + + + if test $gl_cv_have_include_next = yes; then + gl_cv_next_errno_h='<'errno.h'>' + else + { $as_echo "$as_me:${as_lineno-$LINENO}: checking absolute name of " >&5 +$as_echo_n "checking absolute name of ... " >&6; } +if ${gl_cv_next_errno_h+:} false; then : + $as_echo_n "(cached) " >&6 +else + + + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +_ACEOF + case "$host_os" in + aix*) gl_absname_cpp="$ac_cpp -C" ;; + *) gl_absname_cpp="$ac_cpp" ;; + esac + + case "$host_os" in + mingw*) + gl_dirsep_regex='[/\\]' + ;; + *) + gl_dirsep_regex='\/' + ;; + esac + gl_make_literal_regex_sed='s,[]$^\\.*/[],\\&,g' + gl_header_literal_regex=`echo 'errno.h' \ + | sed -e "$gl_make_literal_regex_sed"` + gl_absolute_header_sed="/${gl_dirsep_regex}${gl_header_literal_regex}/"'{ + s/.*"\(.*'"${gl_dirsep_regex}${gl_header_literal_regex}"'\)".*/\1/ + s|^/[^/]|//&| + p + q + }' + + gl_cv_absolute_errno_h=`(eval "$gl_absname_cpp conftest.$ac_ext") 2>&5 | + sed -n "$gl_absolute_header_sed"` + + gl_header=$gl_cv_absolute_errno_h + gl_cv_next_errno_h='"'$gl_header'"' + + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_next_errno_h" >&5 +$as_echo "$gl_cv_next_errno_h" >&6; } + fi + NEXT_ERRNO_H=$gl_cv_next_errno_h + + if test $gl_cv_have_include_next = yes || test $gl_cv_have_include_next = buggy; then + # INCLUDE_NEXT_AS_FIRST_DIRECTIVE='include_next' + gl_next_as_first_directive='<'errno.h'>' + else + # INCLUDE_NEXT_AS_FIRST_DIRECTIVE='include' + gl_next_as_first_directive=$gl_cv_next_errno_h + fi + NEXT_AS_FIRST_DIRECTIVE_ERRNO_H=$gl_next_as_first_directive + + + + + ERRNO_H='errno.h' + fi + + if test -n "$ERRNO_H"; then + GL_GENERATE_ERRNO_H_TRUE= + GL_GENERATE_ERRNO_H_FALSE='#' +else + GL_GENERATE_ERRNO_H_TRUE='#' + GL_GENERATE_ERRNO_H_FALSE= +fi + + + if test -n "$ERRNO_H"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for EMULTIHOP value" >&5 +$as_echo_n "checking for EMULTIHOP value... " >&6; } +if ${gl_cv_header_errno_h_EMULTIHOP+:} false; then : + $as_echo_n "(cached) " >&6 +else + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#ifdef EMULTIHOP +yes +#endif + +_ACEOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + $EGREP "yes" >/dev/null 2>&1; then : + gl_cv_header_errno_h_EMULTIHOP=yes +else + gl_cv_header_errno_h_EMULTIHOP=no +fi +rm -f conftest* + + if test $gl_cv_header_errno_h_EMULTIHOP = no; then + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#define _XOPEN_SOURCE_EXTENDED 1 +#include +#ifdef EMULTIHOP +yes +#endif + +_ACEOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + $EGREP "yes" >/dev/null 2>&1; then : + gl_cv_header_errno_h_EMULTIHOP=hidden +fi +rm -f conftest* + + if test $gl_cv_header_errno_h_EMULTIHOP = hidden; then + if ac_fn_c_compute_int "$LINENO" "EMULTIHOP" "gl_cv_header_errno_h_EMULTIHOP" " +#define _XOPEN_SOURCE_EXTENDED 1 +#include +/* The following two lines are a workaround against an autoconf-2.52 bug. */ +#include +#include +"; then : + +fi + + fi + fi + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_header_errno_h_EMULTIHOP" >&5 +$as_echo "$gl_cv_header_errno_h_EMULTIHOP" >&6; } + case $gl_cv_header_errno_h_EMULTIHOP in + yes | no) + EMULTIHOP_HIDDEN=0; EMULTIHOP_VALUE= + ;; + *) + EMULTIHOP_HIDDEN=1; EMULTIHOP_VALUE="$gl_cv_header_errno_h_EMULTIHOP" + ;; + esac + + + fi + + + if test -n "$ERRNO_H"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ENOLINK value" >&5 +$as_echo_n "checking for ENOLINK value... " >&6; } +if ${gl_cv_header_errno_h_ENOLINK+:} false; then : + $as_echo_n "(cached) " >&6 +else + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#ifdef ENOLINK +yes +#endif + +_ACEOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + $EGREP "yes" >/dev/null 2>&1; then : + gl_cv_header_errno_h_ENOLINK=yes +else + gl_cv_header_errno_h_ENOLINK=no +fi +rm -f conftest* + + if test $gl_cv_header_errno_h_ENOLINK = no; then + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#define _XOPEN_SOURCE_EXTENDED 1 +#include +#ifdef ENOLINK +yes +#endif + +_ACEOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + $EGREP "yes" >/dev/null 2>&1; then : + gl_cv_header_errno_h_ENOLINK=hidden +fi +rm -f conftest* + + if test $gl_cv_header_errno_h_ENOLINK = hidden; then + if ac_fn_c_compute_int "$LINENO" "ENOLINK" "gl_cv_header_errno_h_ENOLINK" " +#define _XOPEN_SOURCE_EXTENDED 1 +#include +/* The following two lines are a workaround against an autoconf-2.52 bug. */ +#include +#include +"; then : + +fi + + fi + fi + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_header_errno_h_ENOLINK" >&5 +$as_echo "$gl_cv_header_errno_h_ENOLINK" >&6; } + case $gl_cv_header_errno_h_ENOLINK in + yes | no) + ENOLINK_HIDDEN=0; ENOLINK_VALUE= + ;; + *) + ENOLINK_HIDDEN=1; ENOLINK_VALUE="$gl_cv_header_errno_h_ENOLINK" + ;; + esac + + + fi + + + if test -n "$ERRNO_H"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for EOVERFLOW value" >&5 +$as_echo_n "checking for EOVERFLOW value... " >&6; } +if ${gl_cv_header_errno_h_EOVERFLOW+:} false; then : + $as_echo_n "(cached) " >&6 +else + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#ifdef EOVERFLOW +yes +#endif + +_ACEOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + $EGREP "yes" >/dev/null 2>&1; then : + gl_cv_header_errno_h_EOVERFLOW=yes +else + gl_cv_header_errno_h_EOVERFLOW=no +fi +rm -f conftest* + + if test $gl_cv_header_errno_h_EOVERFLOW = no; then + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#define _XOPEN_SOURCE_EXTENDED 1 +#include +#ifdef EOVERFLOW +yes +#endif + +_ACEOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + $EGREP "yes" >/dev/null 2>&1; then : + gl_cv_header_errno_h_EOVERFLOW=hidden +fi +rm -f conftest* + + if test $gl_cv_header_errno_h_EOVERFLOW = hidden; then + if ac_fn_c_compute_int "$LINENO" "EOVERFLOW" "gl_cv_header_errno_h_EOVERFLOW" " +#define _XOPEN_SOURCE_EXTENDED 1 +#include +/* The following two lines are a workaround against an autoconf-2.52 bug. */ +#include +#include +"; then : + +fi + + fi + fi + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_header_errno_h_EOVERFLOW" >&5 +$as_echo "$gl_cv_header_errno_h_EOVERFLOW" >&6; } + case $gl_cv_header_errno_h_EOVERFLOW in + yes | no) + EOVERFLOW_HIDDEN=0; EOVERFLOW_VALUE= + ;; + *) + EOVERFLOW_HIDDEN=1; EOVERFLOW_VALUE="$gl_cv_header_errno_h_EOVERFLOW" + ;; + esac + + + fi + + + + + + + GNULIB_FCHMODAT=0; + GNULIB_FSTAT=0; + GNULIB_FSTATAT=0; + GNULIB_FUTIMENS=0; + GNULIB_LCHMOD=0; + GNULIB_LSTAT=0; + GNULIB_MKDIRAT=0; + GNULIB_MKFIFO=0; + GNULIB_MKFIFOAT=0; + GNULIB_MKNOD=0; + GNULIB_MKNODAT=0; + GNULIB_STAT=0; + GNULIB_UTIMENSAT=0; + GNULIB_OVERRIDES_STRUCT_STAT=0; + HAVE_FCHMODAT=1; + HAVE_FSTATAT=1; + HAVE_FUTIMENS=1; + HAVE_LCHMOD=1; + HAVE_LSTAT=1; + HAVE_MKDIRAT=1; + HAVE_MKFIFO=1; + HAVE_MKFIFOAT=1; + HAVE_MKNOD=1; + HAVE_MKNODAT=1; + HAVE_UTIMENSAT=1; + REPLACE_FSTAT=0; + REPLACE_FSTATAT=0; + REPLACE_FUTIMENS=0; + REPLACE_LSTAT=0; + REPLACE_MKDIR=0; + REPLACE_MKFIFO=0; + REPLACE_MKNOD=0; + REPLACE_STAT=0; + REPLACE_UTIMENSAT=0; + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether stat file-mode macros are broken" >&5 +$as_echo_n "checking whether stat file-mode macros are broken... " >&6; } +if ${ac_cv_header_stat_broken+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +#include + +#if defined S_ISBLK && defined S_IFDIR +extern char c1[S_ISBLK (S_IFDIR) ? -1 : 1]; +#endif + +#if defined S_ISBLK && defined S_IFCHR +extern char c2[S_ISBLK (S_IFCHR) ? -1 : 1]; +#endif + +#if defined S_ISLNK && defined S_IFREG +extern char c3[S_ISLNK (S_IFREG) ? -1 : 1]; +#endif + +#if defined S_ISSOCK && defined S_IFREG +extern char c4[S_ISSOCK (S_IFREG) ? -1 : 1]; +#endif + +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_cv_header_stat_broken=no +else + ac_cv_header_stat_broken=yes +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_header_stat_broken" >&5 +$as_echo "$ac_cv_header_stat_broken" >&6; } +if test $ac_cv_header_stat_broken = yes; then + +$as_echo "#define STAT_MACROS_BROKEN 1" >>confdefs.h + +fi + + + +ac_fn_c_check_type "$LINENO" "mode_t" "ac_cv_type_mode_t" "$ac_includes_default" +if test "x$ac_cv_type_mode_t" = xyes; then : + +else + +cat >>confdefs.h <<_ACEOF +#define mode_t int +_ACEOF + +fi + + + + case "$host_os" in + mingw*) + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for 64-bit off_t" >&5 +$as_echo_n "checking for 64-bit off_t... " >&6; } +if ${gl_cv_type_off_t_64+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + int verify_off_t_size[sizeof (off_t) >= 8 ? 1 : -1]; + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + gl_cv_type_off_t_64=yes +else + gl_cv_type_off_t_64=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_type_off_t_64" >&5 +$as_echo "$gl_cv_type_off_t_64" >&6; } + if test $gl_cv_type_off_t_64 = no; then + WINDOWS_64_BIT_OFF_T=1 + else + WINDOWS_64_BIT_OFF_T=0 + fi + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for 64-bit st_size" >&5 +$as_echo_n "checking for 64-bit st_size... " >&6; } +if ${gl_cv_member_st_size_64+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + struct stat buf; + int verify_st_size_size[sizeof (buf.st_size) >= 8 ? 1 : -1]; + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + gl_cv_member_st_size_64=yes +else + gl_cv_member_st_size_64=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_member_st_size_64" >&5 +$as_echo "$gl_cv_member_st_size_64" >&6; } + if test $gl_cv_member_st_size_64 = no; then + WINDOWS_64_BIT_ST_SIZE=1 + else + WINDOWS_64_BIT_ST_SIZE=0 + fi + ;; + *) + WINDOWS_64_BIT_OFF_T=0 + WINDOWS_64_BIT_ST_SIZE=0 + ;; + esac + + + + + + + + + + + + + + + + if test $gl_cv_have_include_next = yes; then + gl_cv_next_sys_stat_h='<'sys/stat.h'>' + else + { $as_echo "$as_me:${as_lineno-$LINENO}: checking absolute name of " >&5 +$as_echo_n "checking absolute name of ... " >&6; } +if ${gl_cv_next_sys_stat_h+:} false; then : + $as_echo_n "(cached) " >&6 +else + + if test $ac_cv_header_sys_stat_h = yes; then + + + + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +_ACEOF + case "$host_os" in + aix*) gl_absname_cpp="$ac_cpp -C" ;; + *) gl_absname_cpp="$ac_cpp" ;; + esac + + case "$host_os" in + mingw*) + gl_dirsep_regex='[/\\]' + ;; + *) + gl_dirsep_regex='\/' + ;; + esac + gl_make_literal_regex_sed='s,[]$^\\.*/[],\\&,g' + gl_header_literal_regex=`echo 'sys/stat.h' \ + | sed -e "$gl_make_literal_regex_sed"` + gl_absolute_header_sed="/${gl_dirsep_regex}${gl_header_literal_regex}/"'{ + s/.*"\(.*'"${gl_dirsep_regex}${gl_header_literal_regex}"'\)".*/\1/ + s|^/[^/]|//&| + p + q + }' + + gl_cv_absolute_sys_stat_h=`(eval "$gl_absname_cpp conftest.$ac_ext") 2>&5 | + sed -n "$gl_absolute_header_sed"` + + gl_header=$gl_cv_absolute_sys_stat_h + gl_cv_next_sys_stat_h='"'$gl_header'"' + else + gl_cv_next_sys_stat_h='<'sys/stat.h'>' + fi + + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_next_sys_stat_h" >&5 +$as_echo "$gl_cv_next_sys_stat_h" >&6; } + fi + NEXT_SYS_STAT_H=$gl_cv_next_sys_stat_h + + if test $gl_cv_have_include_next = yes || test $gl_cv_have_include_next = buggy; then + # INCLUDE_NEXT_AS_FIRST_DIRECTIVE='include_next' + gl_next_as_first_directive='<'sys/stat.h'>' + else + # INCLUDE_NEXT_AS_FIRST_DIRECTIVE='include' + gl_next_as_first_directive=$gl_cv_next_sys_stat_h + fi + NEXT_AS_FIRST_DIRECTIVE_SYS_STAT_H=$gl_next_as_first_directive + + + + + + + + + WINDOWS_STAT_TIMESPEC=0 + + + + + + + + + ac_fn_c_check_type "$LINENO" "nlink_t" "ac_cv_type_nlink_t" "#include + #include +" +if test "x$ac_cv_type_nlink_t" = xyes; then : + +else + +$as_echo "#define nlink_t int" >>confdefs.h + +fi + + + + + + + + GNULIB_DPRINTF=0; + GNULIB_FCLOSE=0; + GNULIB_FDOPEN=0; + GNULIB_FFLUSH=0; + GNULIB_FGETC=0; + GNULIB_FGETS=0; + GNULIB_FOPEN=0; + GNULIB_FPRINTF=0; + GNULIB_FPRINTF_POSIX=0; + GNULIB_FPURGE=0; + GNULIB_FPUTC=0; + GNULIB_FPUTS=0; + GNULIB_FREAD=0; + GNULIB_FREOPEN=0; + GNULIB_FSCANF=0; + GNULIB_FSEEK=0; + GNULIB_FSEEKO=0; + GNULIB_FTELL=0; + GNULIB_FTELLO=0; + GNULIB_FWRITE=0; + GNULIB_GETC=0; + GNULIB_GETCHAR=0; + GNULIB_GETDELIM=0; + GNULIB_GETLINE=0; + GNULIB_OBSTACK_PRINTF=0; + GNULIB_OBSTACK_PRINTF_POSIX=0; + GNULIB_PCLOSE=0; + GNULIB_PERROR=0; + GNULIB_POPEN=0; + GNULIB_PRINTF=0; + GNULIB_PRINTF_POSIX=0; + GNULIB_PUTC=0; + GNULIB_PUTCHAR=0; + GNULIB_PUTS=0; + GNULIB_REMOVE=0; + GNULIB_RENAME=0; + GNULIB_RENAMEAT=0; + GNULIB_SCANF=0; + GNULIB_SNPRINTF=0; + GNULIB_SPRINTF_POSIX=0; + GNULIB_STDIO_H_NONBLOCKING=0; + GNULIB_STDIO_H_SIGPIPE=0; + GNULIB_TMPFILE=0; + GNULIB_VASPRINTF=0; + GNULIB_VFSCANF=0; + GNULIB_VSCANF=0; + GNULIB_VDPRINTF=0; + GNULIB_VFPRINTF=0; + GNULIB_VFPRINTF_POSIX=0; + GNULIB_VPRINTF=0; + GNULIB_VPRINTF_POSIX=0; + GNULIB_VSNPRINTF=0; + GNULIB_VSPRINTF_POSIX=0; + HAVE_DECL_FPURGE=1; + HAVE_DECL_FSEEKO=1; + HAVE_DECL_FTELLO=1; + HAVE_DECL_GETDELIM=1; + HAVE_DECL_GETLINE=1; + HAVE_DECL_OBSTACK_PRINTF=1; + HAVE_DECL_SNPRINTF=1; + HAVE_DECL_VSNPRINTF=1; + HAVE_DPRINTF=1; + HAVE_FSEEKO=1; + HAVE_FTELLO=1; + HAVE_PCLOSE=1; + HAVE_POPEN=1; + HAVE_RENAMEAT=1; + HAVE_VASPRINTF=1; + HAVE_VDPRINTF=1; + REPLACE_DPRINTF=0; + REPLACE_FCLOSE=0; + REPLACE_FDOPEN=0; + REPLACE_FFLUSH=0; + REPLACE_FOPEN=0; + REPLACE_FPRINTF=0; + REPLACE_FPURGE=0; + REPLACE_FREOPEN=0; + REPLACE_FSEEK=0; + REPLACE_FSEEKO=0; + REPLACE_FTELL=0; + REPLACE_FTELLO=0; + REPLACE_GETDELIM=0; + REPLACE_GETLINE=0; + REPLACE_OBSTACK_PRINTF=0; + REPLACE_PERROR=0; + REPLACE_POPEN=0; + REPLACE_PRINTF=0; + REPLACE_REMOVE=0; + REPLACE_RENAME=0; + REPLACE_RENAMEAT=0; + REPLACE_SNPRINTF=0; + REPLACE_SPRINTF=0; + REPLACE_STDIO_READ_FUNCS=0; + REPLACE_STDIO_WRITE_FUNCS=0; + REPLACE_TMPFILE=0; + REPLACE_VASPRINTF=0; + REPLACE_VDPRINTF=0; + REPLACE_VFPRINTF=0; + REPLACE_VPRINTF=0; + REPLACE_VSNPRINTF=0; + REPLACE_VSPRINTF=0; + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether stdin defaults to large file offsets" >&5 +$as_echo_n "checking whether stdin defaults to large file offsets... " >&6; } +if ${gl_cv_var_stdin_large_offset+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +int +main () +{ +#if defined __SL64 && defined __SCLE /* cygwin */ + /* Cygwin 1.5.24 and earlier fail to put stdin in 64-bit mode, making + fseeko/ftello needlessly fail. This bug was fixed in 1.5.25, and + it is easier to do a version check than building a runtime test. */ +# include +# if CYGWIN_VERSION_DLL_COMBINED < CYGWIN_VERSION_DLL_MAKE_COMBINED (1005, 25) + choke me +# endif +#endif + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + gl_cv_var_stdin_large_offset=yes +else + gl_cv_var_stdin_large_offset=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_var_stdin_large_offset" >&5 +$as_echo "$gl_cv_var_stdin_large_offset" >&6; } + + + +ac_fn_c_check_type "$LINENO" "pid_t" "ac_cv_type_pid_t" "$ac_includes_default" +if test "x$ac_cv_type_pid_t" = xyes; then : + +else + +cat >>confdefs.h <<_ACEOF +#define pid_t int +_ACEOF + +fi + + + + + + + + + +$as_echo "#define _USE_STD_STAT 1" >>confdefs.h + + + + + + + + + + + + if test $gl_cv_have_include_next = yes; then + gl_cv_next_sys_types_h='<'sys/types.h'>' + else + { $as_echo "$as_me:${as_lineno-$LINENO}: checking absolute name of " >&5 +$as_echo_n "checking absolute name of ... " >&6; } +if ${gl_cv_next_sys_types_h+:} false; then : + $as_echo_n "(cached) " >&6 +else + + + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +_ACEOF + case "$host_os" in + aix*) gl_absname_cpp="$ac_cpp -C" ;; + *) gl_absname_cpp="$ac_cpp" ;; + esac + + case "$host_os" in + mingw*) + gl_dirsep_regex='[/\\]' + ;; + *) + gl_dirsep_regex='\/' + ;; + esac + gl_make_literal_regex_sed='s,[]$^\\.*/[],\\&,g' + gl_header_literal_regex=`echo 'sys/types.h' \ + | sed -e "$gl_make_literal_regex_sed"` + gl_absolute_header_sed="/${gl_dirsep_regex}${gl_header_literal_regex}/"'{ + s/.*"\(.*'"${gl_dirsep_regex}${gl_header_literal_regex}"'\)".*/\1/ + s|^/[^/]|//&| + p + q + }' + + gl_cv_absolute_sys_types_h=`(eval "$gl_absname_cpp conftest.$ac_ext") 2>&5 | + sed -n "$gl_absolute_header_sed"` + + gl_header=$gl_cv_absolute_sys_types_h + gl_cv_next_sys_types_h='"'$gl_header'"' + + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_next_sys_types_h" >&5 +$as_echo "$gl_cv_next_sys_types_h" >&6; } + fi + NEXT_SYS_TYPES_H=$gl_cv_next_sys_types_h + + if test $gl_cv_have_include_next = yes || test $gl_cv_have_include_next = buggy; then + # INCLUDE_NEXT_AS_FIRST_DIRECTIVE='include_next' + gl_next_as_first_directive='<'sys/types.h'>' + else + # INCLUDE_NEXT_AS_FIRST_DIRECTIVE='include' + gl_next_as_first_directive=$gl_cv_next_sys_types_h + fi + NEXT_AS_FIRST_DIRECTIVE_SYS_TYPES_H=$gl_next_as_first_directive + + + + + + + + + + + + + WINDOWS_STAT_INODES=0 + + + +ac_fn_c_check_decl "$LINENO" "ftello" "ac_cv_have_decl_ftello" "$ac_includes_default" +if test "x$ac_cv_have_decl_ftello" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 +fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_FTELLO $ac_have_decl +_ACEOF + + + + + + + + + + + if test $ac_cv_have_decl_ftello = no; then + HAVE_DECL_FTELLO=0 + fi + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ftello" >&5 +$as_echo_n "checking for ftello... " >&6; } +if ${gl_cv_func_ftello+:} false; then : + $as_echo_n "(cached) " >&6 +else + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +int +main () +{ +ftello (stdin); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + gl_cv_func_ftello=yes +else + gl_cv_func_ftello=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_func_ftello" >&5 +$as_echo "$gl_cv_func_ftello" >&6; } + if test $gl_cv_func_ftello = no; then + HAVE_FTELLO=0 + else + if test $WINDOWS_64_BIT_OFF_T = 1; then + REPLACE_FTELLO=1 + fi + if test $gl_cv_var_stdin_large_offset = no; then + REPLACE_FTELLO=1 + fi + if test $REPLACE_FTELLO = 0; then + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether ftello works" >&5 +$as_echo_n "checking whether ftello works... " >&6; } +if ${gl_cv_func_ftello_works+:} false; then : + $as_echo_n "(cached) " >&6 +else + + case "$host_os" in + # Guess no on Solaris. + solaris*) gl_cv_func_ftello_works="guessing no" ;; + # Guess yes on native Windows. + mingw*) gl_cv_func_ftello_works="guessing yes" ;; + # Guess yes otherwise. + *) gl_cv_func_ftello_works="guessing yes" ;; + esac + if test "$cross_compiling" = yes; then : + : +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include +#include +#define TESTFILE "conftest.tmp" +int +main (void) +{ + FILE *fp; + + /* Create a file with some contents. */ + fp = fopen (TESTFILE, "w"); + if (fp == NULL) + return 70; + if (fwrite ("foogarsh", 1, 8, fp) < 8) + { fclose (fp); return 71; } + if (fclose (fp)) + return 72; + + /* The file's contents is now "foogarsh". */ + + /* Try writing after reading to EOF. */ + fp = fopen (TESTFILE, "r+"); + if (fp == NULL) + return 73; + if (fseek (fp, -1, SEEK_END)) + { fclose (fp); return 74; } + if (!(getc (fp) == 'h')) + { fclose (fp); return 1; } + if (!(getc (fp) == EOF)) + { fclose (fp); return 2; } + if (!(ftell (fp) == 8)) + { fclose (fp); return 3; } + if (!(ftell (fp) == 8)) + { fclose (fp); return 4; } + if (!(putc ('!', fp) == '!')) + { fclose (fp); return 5; } + if (!(ftell (fp) == 9)) + { fclose (fp); return 6; } + if (!(fclose (fp) == 0)) + return 7; + fp = fopen (TESTFILE, "r"); + if (fp == NULL) + return 75; + { + char buf[10]; + if (!(fread (buf, 1, 10, fp) == 9)) + { fclose (fp); return 10; } + if (!(memcmp (buf, "foogarsh!", 9) == 0)) + { fclose (fp); return 11; } + } + if (!(fclose (fp) == 0)) + return 12; + + /* The file's contents is now "foogarsh!". */ + + return 0; +} +_ACEOF +if ac_fn_c_try_run "$LINENO"; then : + gl_cv_func_ftello_works=yes +else + gl_cv_func_ftello_works=no +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_func_ftello_works" >&5 +$as_echo "$gl_cv_func_ftello_works" >&6; } + case "$gl_cv_func_ftello_works" in + *yes) ;; + *) + REPLACE_FTELLO=1 + +$as_echo "#define FTELLO_BROKEN_AFTER_SWITCHING_FROM_READ_TO_WRITE 1" >>confdefs.h + + ;; + esac + fi + fi + +ac_fn_c_check_decl "$LINENO" "getdelim" "ac_cv_have_decl_getdelim" "$ac_includes_default" +if test "x$ac_cv_have_decl_getdelim" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 +fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_GETDELIM $ac_have_decl +_ACEOF + + + + + for ac_func in $ac_func_list +do : + as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` +ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" +if eval test \"x\$"$as_ac_var"\" = x"yes"; then : + cat >>confdefs.h <<_ACEOF +#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 +_ACEOF + +fi +done + + + +ac_fn_c_check_decl "$LINENO" "getline" "ac_cv_have_decl_getline" "$ac_includes_default" +if test "x$ac_cv_have_decl_getline" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 +fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_GETLINE $ac_have_decl +_ACEOF + + + GNULIB_GETTIMEOFDAY=0; + HAVE_GETTIMEOFDAY=1; + HAVE_STRUCT_TIMEVAL=1; + HAVE_SYS_TIME_H=1; + REPLACE_GETTIMEOFDAY=0; + REPLACE_STRUCT_TIMEVAL=0; + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for C/C++ restrict keyword" >&5 +$as_echo_n "checking for C/C++ restrict keyword... " >&6; } +if ${ac_cv_c_restrict+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_cv_c_restrict=no + # The order here caters to the fact that C++ does not require restrict. + for ac_kw in __restrict __restrict__ _Restrict restrict; do + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +typedef int *int_ptr; + int foo (int_ptr $ac_kw ip) { return ip[0]; } + int bar (int [$ac_kw]); /* Catch GCC bug 14050. */ + int bar (int ip[$ac_kw]) { return ip[0]; } + +int +main () +{ +int s[1]; + int *$ac_kw t = s; + t[0] = 0; + return foo (t) + bar (t); + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_cv_c_restrict=$ac_kw +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + test "$ac_cv_c_restrict" != no && break + done + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_restrict" >&5 +$as_echo "$ac_cv_c_restrict" >&6; } + + case $ac_cv_c_restrict in + restrict) ;; + no) $as_echo "#define restrict /**/" >>confdefs.h + ;; + *) cat >>confdefs.h <<_ACEOF +#define restrict $ac_cv_c_restrict +_ACEOF + ;; + esac + + + + + + + + + + + + + + + + + if test $gl_cv_have_include_next = yes; then + gl_cv_next_sys_time_h='<'sys/time.h'>' + else + { $as_echo "$as_me:${as_lineno-$LINENO}: checking absolute name of " >&5 +$as_echo_n "checking absolute name of ... " >&6; } +if ${gl_cv_next_sys_time_h+:} false; then : + $as_echo_n "(cached) " >&6 +else + + if test $ac_cv_header_sys_time_h = yes; then + + + + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +_ACEOF + case "$host_os" in + aix*) gl_absname_cpp="$ac_cpp -C" ;; + *) gl_absname_cpp="$ac_cpp" ;; + esac + + case "$host_os" in + mingw*) + gl_dirsep_regex='[/\\]' + ;; + *) + gl_dirsep_regex='\/' + ;; + esac + gl_make_literal_regex_sed='s,[]$^\\.*/[],\\&,g' + gl_header_literal_regex=`echo 'sys/time.h' \ + | sed -e "$gl_make_literal_regex_sed"` + gl_absolute_header_sed="/${gl_dirsep_regex}${gl_header_literal_regex}/"'{ + s/.*"\(.*'"${gl_dirsep_regex}${gl_header_literal_regex}"'\)".*/\1/ + s|^/[^/]|//&| + p + q + }' + + gl_cv_absolute_sys_time_h=`(eval "$gl_absname_cpp conftest.$ac_ext") 2>&5 | + sed -n "$gl_absolute_header_sed"` + + gl_header=$gl_cv_absolute_sys_time_h + gl_cv_next_sys_time_h='"'$gl_header'"' + else + gl_cv_next_sys_time_h='<'sys/time.h'>' + fi + + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_next_sys_time_h" >&5 +$as_echo "$gl_cv_next_sys_time_h" >&6; } + fi + NEXT_SYS_TIME_H=$gl_cv_next_sys_time_h + + if test $gl_cv_have_include_next = yes || test $gl_cv_have_include_next = buggy; then + # INCLUDE_NEXT_AS_FIRST_DIRECTIVE='include_next' + gl_next_as_first_directive='<'sys/time.h'>' + else + # INCLUDE_NEXT_AS_FIRST_DIRECTIVE='include' + gl_next_as_first_directive=$gl_cv_next_sys_time_h + fi + NEXT_AS_FIRST_DIRECTIVE_SYS_TIME_H=$gl_next_as_first_directive + + + + + + if test $ac_cv_header_sys_time_h != yes; then + HAVE_SYS_TIME_H=0 + fi + + + + + + if test $ac_cv_header_sys_socket_h != yes; then + for ac_header in winsock2.h +do : + ac_fn_c_check_header_mongrel "$LINENO" "winsock2.h" "ac_cv_header_winsock2_h" "$ac_includes_default" +if test "x$ac_cv_header_winsock2_h" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_WINSOCK2_H 1 +_ACEOF + +fi + +done + + fi + if test "$ac_cv_header_winsock2_h" = yes; then + HAVE_WINSOCK2_H=1 + UNISTD_H_HAVE_WINSOCK2_H=1 + SYS_IOCTL_H_HAVE_WINSOCK2_H=1 + else + HAVE_WINSOCK2_H=0 + fi + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for struct timeval" >&5 +$as_echo_n "checking for struct timeval... " >&6; } +if ${gl_cv_sys_struct_timeval+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#if HAVE_SYS_TIME_H + #include + #endif + #include + #if HAVE_WINSOCK2_H + # include + #endif + +int +main () +{ +static struct timeval x; x.tv_sec = x.tv_usec; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + gl_cv_sys_struct_timeval=yes +else + gl_cv_sys_struct_timeval=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_sys_struct_timeval" >&5 +$as_echo "$gl_cv_sys_struct_timeval" >&6; } + if test $gl_cv_sys_struct_timeval != yes; then + HAVE_STRUCT_TIMEVAL=0 + else + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for wide-enough struct timeval.tv_sec member" >&5 +$as_echo_n "checking for wide-enough struct timeval.tv_sec member... " >&6; } +if ${gl_cv_sys_struct_timeval_tv_sec+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#if HAVE_SYS_TIME_H + #include + #endif + #include + #if HAVE_WINSOCK2_H + # include + #endif + +int +main () +{ +static struct timeval x; + typedef int verify_tv_sec_type[ + sizeof (time_t) <= sizeof x.tv_sec ? 1 : -1 + ]; + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + gl_cv_sys_struct_timeval_tv_sec=yes +else + gl_cv_sys_struct_timeval_tv_sec=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_sys_struct_timeval_tv_sec" >&5 +$as_echo "$gl_cv_sys_struct_timeval_tv_sec" >&6; } + if test $gl_cv_sys_struct_timeval_tv_sec != yes; then + REPLACE_STRUCT_TIMEVAL=1 + fi + fi + + + + + + + + + + + + NEED_LOCALTIME_BUFFER=0 + + + GNULIB_CTIME=0; + GNULIB_MKTIME=0; + GNULIB_LOCALTIME=0; + GNULIB_NANOSLEEP=0; + GNULIB_STRFTIME=0; + GNULIB_STRPTIME=0; + GNULIB_TIMEGM=0; + GNULIB_TIME_R=0; + GNULIB_TIME_RZ=0; + GNULIB_TZSET=0; + HAVE_DECL_LOCALTIME_R=1; + HAVE_NANOSLEEP=1; + HAVE_STRPTIME=1; + HAVE_TIMEGM=1; + HAVE_TZSET=1; + HAVE_TIMEZONE_T=0; + REPLACE_CTIME=GNULIB_PORTCHECK; + REPLACE_LOCALTIME_R=GNULIB_PORTCHECK; + REPLACE_MKTIME=GNULIB_PORTCHECK; + REPLACE_NANOSLEEP=GNULIB_PORTCHECK; + REPLACE_STRFTIME=GNULIB_PORTCHECK; + REPLACE_TIMEGM=GNULIB_PORTCHECK; + REPLACE_TZSET=GNULIB_PORTCHECK; + + : ${GNULIB_GETTIMEOFDAY=0}; + REPLACE_GMTIME=0; + REPLACE_LOCALTIME=0; + + + + + GNULIB_SOCKET=0; + GNULIB_CONNECT=0; + GNULIB_ACCEPT=0; + GNULIB_BIND=0; + GNULIB_GETPEERNAME=0; + GNULIB_GETSOCKNAME=0; + GNULIB_GETSOCKOPT=0; + GNULIB_LISTEN=0; + GNULIB_RECV=0; + GNULIB_SEND=0; + GNULIB_RECVFROM=0; + GNULIB_SENDTO=0; + GNULIB_SETSOCKOPT=0; + GNULIB_SHUTDOWN=0; + GNULIB_ACCEPT4=0; + HAVE_STRUCT_SOCKADDR_STORAGE=1; + HAVE_STRUCT_SOCKADDR_STORAGE_SS_FAMILY=1; + + HAVE_SA_FAMILY_T=1; + HAVE_ACCEPT4=1; + + + if test $ac_cv_header_sys_socket_h = no; then + for ac_header in ws2tcpip.h +do : + ac_fn_c_check_header_mongrel "$LINENO" "ws2tcpip.h" "ac_cv_header_ws2tcpip_h" "$ac_includes_default" +if test "x$ac_cv_header_ws2tcpip_h" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_WS2TCPIP_H 1 +_ACEOF + +fi + +done + + fi + + + + + + case "$host_os" in + osf*) + +$as_echo "#define _POSIX_PII_SOCKET 1" >>confdefs.h + + ;; + esac + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether is self-contained" >&5 +$as_echo_n "checking whether is self-contained... " >&6; } +if ${gl_cv_header_sys_socket_h_selfcontained+:} false; then : + $as_echo_n "(cached) " >&6 +else + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + gl_cv_header_sys_socket_h_selfcontained=yes +else + gl_cv_header_sys_socket_h_selfcontained=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_header_sys_socket_h_selfcontained" >&5 +$as_echo "$gl_cv_header_sys_socket_h_selfcontained" >&6; } + if test $gl_cv_header_sys_socket_h_selfcontained = yes; then + for ac_func in shutdown +do : + ac_fn_c_check_func "$LINENO" "shutdown" "ac_cv_func_shutdown" +if test "x$ac_cv_func_shutdown" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_SHUTDOWN 1 +_ACEOF + +fi +done + + if test $ac_cv_func_shutdown = yes; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether defines the SHUT_* macros" >&5 +$as_echo_n "checking whether defines the SHUT_* macros... " >&6; } +if ${gl_cv_header_sys_socket_h_shut+:} false; then : + $as_echo_n "(cached) " >&6 +else + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +int +main () +{ +int a[] = { SHUT_RD, SHUT_WR, SHUT_RDWR }; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + gl_cv_header_sys_socket_h_shut=yes +else + gl_cv_header_sys_socket_h_shut=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_header_sys_socket_h_shut" >&5 +$as_echo "$gl_cv_header_sys_socket_h_shut" >&6; } + if test $gl_cv_header_sys_socket_h_shut = no; then + SYS_SOCKET_H='sys/socket.h' + fi + fi + fi + # We need to check for ws2tcpip.h now. + + + + + + + + + + + + if test $gl_cv_have_include_next = yes; then + gl_cv_next_sys_socket_h='<'sys/socket.h'>' + else + { $as_echo "$as_me:${as_lineno-$LINENO}: checking absolute name of " >&5 +$as_echo_n "checking absolute name of ... " >&6; } +if ${gl_cv_next_sys_socket_h+:} false; then : + $as_echo_n "(cached) " >&6 +else + + if test $ac_cv_header_sys_socket_h = yes; then + + + + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +_ACEOF + case "$host_os" in + aix*) gl_absname_cpp="$ac_cpp -C" ;; + *) gl_absname_cpp="$ac_cpp" ;; + esac + + case "$host_os" in + mingw*) + gl_dirsep_regex='[/\\]' + ;; + *) + gl_dirsep_regex='\/' + ;; + esac + gl_make_literal_regex_sed='s,[]$^\\.*/[],\\&,g' + gl_header_literal_regex=`echo 'sys/socket.h' \ + | sed -e "$gl_make_literal_regex_sed"` + gl_absolute_header_sed="/${gl_dirsep_regex}${gl_header_literal_regex}/"'{ + s/.*"\(.*'"${gl_dirsep_regex}${gl_header_literal_regex}"'\)".*/\1/ + s|^/[^/]|//&| + p + q + }' + + gl_cv_absolute_sys_socket_h=`(eval "$gl_absname_cpp conftest.$ac_ext") 2>&5 | + sed -n "$gl_absolute_header_sed"` + + gl_header=$gl_cv_absolute_sys_socket_h + gl_cv_next_sys_socket_h='"'$gl_header'"' + else + gl_cv_next_sys_socket_h='<'sys/socket.h'>' + fi + + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_next_sys_socket_h" >&5 +$as_echo "$gl_cv_next_sys_socket_h" >&6; } + fi + NEXT_SYS_SOCKET_H=$gl_cv_next_sys_socket_h + + if test $gl_cv_have_include_next = yes || test $gl_cv_have_include_next = buggy; then + # INCLUDE_NEXT_AS_FIRST_DIRECTIVE='include_next' + gl_next_as_first_directive='<'sys/socket.h'>' + else + # INCLUDE_NEXT_AS_FIRST_DIRECTIVE='include' + gl_next_as_first_directive=$gl_cv_next_sys_socket_h + fi + NEXT_AS_FIRST_DIRECTIVE_SYS_SOCKET_H=$gl_next_as_first_directive + + + + + if test $ac_cv_header_sys_socket_h = yes; then + HAVE_SYS_SOCKET_H=1 + HAVE_WS2TCPIP_H=0 + else + HAVE_SYS_SOCKET_H=0 + if test $ac_cv_header_ws2tcpip_h = yes; then + HAVE_WS2TCPIP_H=1 + else + HAVE_WS2TCPIP_H=0 + fi + fi + + + + ac_fn_c_check_type "$LINENO" "struct sockaddr_storage" "ac_cv_type_struct_sockaddr_storage" " + /* sys/types.h is not needed according to POSIX, but the + sys/socket.h in i386-unknown-freebsd4.10 and + powerpc-apple-darwin5.5 required it. */ +#include +#ifdef HAVE_SYS_SOCKET_H +#include +#endif +#ifdef HAVE_WS2TCPIP_H +#include +#endif + +" +if test "x$ac_cv_type_struct_sockaddr_storage" = xyes; then : + +cat >>confdefs.h <<_ACEOF +#define HAVE_STRUCT_SOCKADDR_STORAGE 1 +_ACEOF + + +fi +ac_fn_c_check_type "$LINENO" "sa_family_t" "ac_cv_type_sa_family_t" " + /* sys/types.h is not needed according to POSIX, but the + sys/socket.h in i386-unknown-freebsd4.10 and + powerpc-apple-darwin5.5 required it. */ +#include +#ifdef HAVE_SYS_SOCKET_H +#include +#endif +#ifdef HAVE_WS2TCPIP_H +#include +#endif + +" +if test "x$ac_cv_type_sa_family_t" = xyes; then : + +cat >>confdefs.h <<_ACEOF +#define HAVE_SA_FAMILY_T 1 +_ACEOF + + +fi + + if test $ac_cv_type_struct_sockaddr_storage = no; then + HAVE_STRUCT_SOCKADDR_STORAGE=0 + fi + if test $ac_cv_type_sa_family_t = no; then + HAVE_SA_FAMILY_T=0 + fi + if test $ac_cv_type_struct_sockaddr_storage != no; then + ac_fn_c_check_member "$LINENO" "struct sockaddr_storage" "ss_family" "ac_cv_member_struct_sockaddr_storage_ss_family" "#include + #ifdef HAVE_SYS_SOCKET_H + #include + #endif + #ifdef HAVE_WS2TCPIP_H + #include + #endif + +" +if test "x$ac_cv_member_struct_sockaddr_storage_ss_family" = xyes; then : + +cat >>confdefs.h <<_ACEOF +#define HAVE_STRUCT_SOCKADDR_STORAGE_SS_FAMILY 1 +_ACEOF + + +else + HAVE_STRUCT_SOCKADDR_STORAGE_SS_FAMILY=0 +fi + + fi + if test $HAVE_STRUCT_SOCKADDR_STORAGE = 0 || test $HAVE_SA_FAMILY_T = 0 \ + || test $HAVE_STRUCT_SOCKADDR_STORAGE_SS_FAMILY = 0; then + SYS_SOCKET_H='sys/socket.h' + fi + + + + + if test $ac_cv_header_sys_socket_h != yes; then + for ac_header in winsock2.h +do : + ac_fn_c_check_header_mongrel "$LINENO" "winsock2.h" "ac_cv_header_winsock2_h" "$ac_includes_default" +if test "x$ac_cv_header_winsock2_h" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_WINSOCK2_H 1 +_ACEOF + +fi + +done + + fi + if test "$ac_cv_header_winsock2_h" = yes; then + HAVE_WINSOCK2_H=1 + UNISTD_H_HAVE_WINSOCK2_H=1 + SYS_IOCTL_H_HAVE_WINSOCK2_H=1 + else + HAVE_WINSOCK2_H=0 + fi + + + + + + + + + + + + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for IPv4 sockets" >&5 +$as_echo_n "checking for IPv4 sockets... " >&6; } +if ${gl_cv_socket_ipv4+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +#ifdef HAVE_SYS_SOCKET_H +#include +#endif +#ifdef HAVE_NETINET_IN_H +#include +#endif +#ifdef HAVE_WINSOCK2_H +#include +#endif +int +main () +{ +int x = AF_INET; struct in_addr y; struct sockaddr_in z; + if (&x && &y && &z) return 0; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + gl_cv_socket_ipv4=yes +else + gl_cv_socket_ipv4=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_socket_ipv4" >&5 +$as_echo "$gl_cv_socket_ipv4" >&6; } + if test $gl_cv_socket_ipv4 = yes; then + +$as_echo "#define HAVE_IPV4 1" >>confdefs.h + + fi + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for IPv6 sockets" >&5 +$as_echo_n "checking for IPv6 sockets... " >&6; } +if ${gl_cv_socket_ipv6+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +#ifdef HAVE_SYS_SOCKET_H +#include +#endif +#ifdef HAVE_NETINET_IN_H +#include +#endif +#ifdef HAVE_WINSOCK2_H +#include +#endif +#ifdef HAVE_WS2TCPIP_H +#include +#endif +int +main () +{ +int x = AF_INET6; struct in6_addr y; struct sockaddr_in6 z; + if (&x && &y && &z) return 0; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + gl_cv_socket_ipv6=yes +else + gl_cv_socket_ipv6=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_socket_ipv6" >&5 +$as_echo "$gl_cv_socket_ipv6" >&6; } + if test $gl_cv_socket_ipv6 = yes; then + +$as_echo "#define HAVE_IPV6 1" >>confdefs.h + + fi + + + + + + + + + + + + + + if test $gl_cv_have_include_next = yes; then + gl_cv_next_limits_h='<'limits.h'>' + else + { $as_echo "$as_me:${as_lineno-$LINENO}: checking absolute name of " >&5 +$as_echo_n "checking absolute name of ... " >&6; } +if ${gl_cv_next_limits_h+:} false; then : + $as_echo_n "(cached) " >&6 +else + + if test $ac_cv_header_limits_h = yes; then + + + + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +_ACEOF + case "$host_os" in + aix*) gl_absname_cpp="$ac_cpp -C" ;; + *) gl_absname_cpp="$ac_cpp" ;; + esac + + case "$host_os" in + mingw*) + gl_dirsep_regex='[/\\]' + ;; + *) + gl_dirsep_regex='\/' + ;; + esac + gl_make_literal_regex_sed='s,[]$^\\.*/[],\\&,g' + gl_header_literal_regex=`echo 'limits.h' \ + | sed -e "$gl_make_literal_regex_sed"` + gl_absolute_header_sed="/${gl_dirsep_regex}${gl_header_literal_regex}/"'{ + s/.*"\(.*'"${gl_dirsep_regex}${gl_header_literal_regex}"'\)".*/\1/ + s|^/[^/]|//&| + p + q + }' + + gl_cv_absolute_limits_h=`(eval "$gl_absname_cpp conftest.$ac_ext") 2>&5 | + sed -n "$gl_absolute_header_sed"` + + gl_header=$gl_cv_absolute_limits_h + gl_cv_next_limits_h='"'$gl_header'"' + else + gl_cv_next_limits_h='<'limits.h'>' + fi + + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_next_limits_h" >&5 +$as_echo "$gl_cv_next_limits_h" >&6; } + fi + NEXT_LIMITS_H=$gl_cv_next_limits_h + + if test $gl_cv_have_include_next = yes || test $gl_cv_have_include_next = buggy; then + # INCLUDE_NEXT_AS_FIRST_DIRECTIVE='include_next' + gl_next_as_first_directive='<'limits.h'>' + else + # INCLUDE_NEXT_AS_FIRST_DIRECTIVE='include' + gl_next_as_first_directive=$gl_cv_next_limits_h + fi + NEXT_AS_FIRST_DIRECTIVE_LIMITS_H=$gl_next_as_first_directive + + + + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether limits.h has LLONG_MAX, WORD_BIT, ULLONG_WIDTH etc." >&5 +$as_echo_n "checking whether limits.h has LLONG_MAX, WORD_BIT, ULLONG_WIDTH etc.... " >&6; } +if ${gl_cv_header_limits_width+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#ifndef __STDC_WANT_IEC_60559_BFP_EXT__ + #define __STDC_WANT_IEC_60559_BFP_EXT__ 1 + #endif + #include + long long llm = LLONG_MAX; + int wb = WORD_BIT; + int ullw = ULLONG_WIDTH; + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + gl_cv_header_limits_width=yes +else + gl_cv_header_limits_width=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_header_limits_width" >&5 +$as_echo "$gl_cv_header_limits_width" >&6; } + if test "$gl_cv_header_limits_width" = yes; then + LIMITS_H= + else + LIMITS_H=limits.h + fi + + if test -n "$LIMITS_H"; then + GL_GENERATE_LIMITS_H_TRUE= + GL_GENERATE_LIMITS_H_FALSE='#' +else + GL_GENERATE_LIMITS_H_TRUE='#' + GL_GENERATE_LIMITS_H_FALSE= +fi + + + + + + GNULIB__EXIT=0; + GNULIB_ATOLL=0; + GNULIB_CALLOC_POSIX=0; + GNULIB_CANONICALIZE_FILE_NAME=0; + GNULIB_GETLOADAVG=0; + GNULIB_GETSUBOPT=0; + GNULIB_GRANTPT=0; + GNULIB_MALLOC_POSIX=0; + GNULIB_MBTOWC=0; + GNULIB_MKDTEMP=0; + GNULIB_MKOSTEMP=0; + GNULIB_MKOSTEMPS=0; + GNULIB_MKSTEMP=0; + GNULIB_MKSTEMPS=0; + GNULIB_POSIX_OPENPT=0; + GNULIB_PTSNAME=0; + GNULIB_PTSNAME_R=0; + GNULIB_PUTENV=0; + GNULIB_QSORT_R=0; + GNULIB_RANDOM=0; + GNULIB_RANDOM_R=0; + GNULIB_REALLOCARRAY=0; + GNULIB_REALLOC_POSIX=0; + GNULIB_REALPATH=0; + GNULIB_RPMATCH=0; + GNULIB_SECURE_GETENV=0; + GNULIB_SETENV=0; + GNULIB_STRTOD=0; + GNULIB_STRTOLD=0; + GNULIB_STRTOLL=0; + GNULIB_STRTOULL=0; + GNULIB_SYSTEM_POSIX=0; + GNULIB_UNLOCKPT=0; + GNULIB_UNSETENV=0; + GNULIB_WCTOMB=0; + HAVE__EXIT=1; + HAVE_ATOLL=1; + HAVE_CANONICALIZE_FILE_NAME=1; + HAVE_DECL_GETLOADAVG=1; + HAVE_GETSUBOPT=1; + HAVE_GRANTPT=1; + HAVE_INITSTATE=1; + HAVE_DECL_INITSTATE=1; + HAVE_MBTOWC=1; + HAVE_MKDTEMP=1; + HAVE_MKOSTEMP=1; + HAVE_MKOSTEMPS=1; + HAVE_MKSTEMP=1; + HAVE_MKSTEMPS=1; + HAVE_POSIX_OPENPT=1; + HAVE_PTSNAME=1; + HAVE_PTSNAME_R=1; + HAVE_QSORT_R=1; + HAVE_RANDOM=1; + HAVE_RANDOM_H=1; + HAVE_RANDOM_R=1; + HAVE_REALLOCARRAY=1; + HAVE_REALPATH=1; + HAVE_RPMATCH=1; + HAVE_SECURE_GETENV=1; + HAVE_SETENV=1; + HAVE_DECL_SETENV=1; + HAVE_SETSTATE=1; + HAVE_DECL_SETSTATE=1; + HAVE_STRTOD=1; + HAVE_STRTOLD=1; + HAVE_STRTOLL=1; + HAVE_STRTOULL=1; + HAVE_STRUCT_RANDOM_DATA=1; + HAVE_SYS_LOADAVG_H=0; + HAVE_UNLOCKPT=1; + HAVE_DECL_UNSETENV=1; + REPLACE_CALLOC=0; + REPLACE_CANONICALIZE_FILE_NAME=0; + REPLACE_INITSTATE=0; + REPLACE_MALLOC=0; + REPLACE_MBTOWC=0; + REPLACE_MKSTEMP=0; + REPLACE_PTSNAME=0; + REPLACE_PTSNAME_R=0; + REPLACE_PUTENV=0; + REPLACE_QSORT_R=0; + REPLACE_RANDOM=0; + REPLACE_RANDOM_R=0; + REPLACE_REALLOC=0; + REPLACE_REALPATH=0; + REPLACE_SETENV=0; + REPLACE_SETSTATE=0; + REPLACE_STRTOD=0; + REPLACE_STRTOLD=0; + REPLACE_UNSETENV=0; + REPLACE_WCTOMB=0; + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether malloc, realloc, calloc are POSIX compliant" >&5 +$as_echo_n "checking whether malloc, realloc, calloc are POSIX compliant... " >&6; } +if ${gl_cv_func_malloc_posix+:} false; then : + $as_echo_n "(cached) " >&6 +else + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ +#if defined _WIN32 && ! defined __CYGWIN__ + choke me + #endif + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + gl_cv_func_malloc_posix=yes +else + gl_cv_func_malloc_posix=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_func_malloc_posix" >&5 +$as_echo "$gl_cv_func_malloc_posix" >&6; } + + + + + + + GNULIB_EXPLICIT_BZERO=0; + GNULIB_FFSL=0; + GNULIB_FFSLL=0; + GNULIB_MEMCHR=0; + GNULIB_MEMMEM=0; + GNULIB_MEMPCPY=0; + GNULIB_MEMRCHR=0; + GNULIB_RAWMEMCHR=0; + GNULIB_STPCPY=0; + GNULIB_STPNCPY=0; + GNULIB_STRCHRNUL=0; + GNULIB_STRDUP=0; + GNULIB_STRNCAT=0; + GNULIB_STRNDUP=0; + GNULIB_STRNLEN=0; + GNULIB_STRPBRK=0; + GNULIB_STRSEP=0; + GNULIB_STRSTR=0; + GNULIB_STRCASESTR=0; + GNULIB_STRTOK_R=0; + GNULIB_MBSLEN=0; + GNULIB_MBSNLEN=0; + GNULIB_MBSCHR=0; + GNULIB_MBSRCHR=0; + GNULIB_MBSSTR=0; + GNULIB_MBSCASECMP=0; + GNULIB_MBSNCASECMP=0; + GNULIB_MBSPCASECMP=0; + GNULIB_MBSCASESTR=0; + GNULIB_MBSCSPN=0; + GNULIB_MBSPBRK=0; + GNULIB_MBSSPN=0; + GNULIB_MBSSEP=0; + GNULIB_MBSTOK_R=0; + GNULIB_STRERROR=0; + GNULIB_STRERROR_R=0; + GNULIB_STRSIGNAL=0; + GNULIB_STRVERSCMP=0; + HAVE_MBSLEN=0; + HAVE_EXPLICIT_BZERO=1; + HAVE_FFSL=1; + HAVE_FFSLL=1; + HAVE_MEMCHR=1; + HAVE_DECL_MEMMEM=1; + HAVE_MEMPCPY=1; + HAVE_DECL_MEMRCHR=1; + HAVE_RAWMEMCHR=1; + HAVE_STPCPY=1; + HAVE_STPNCPY=1; + HAVE_STRCHRNUL=1; + HAVE_DECL_STRDUP=1; + HAVE_DECL_STRNDUP=1; + HAVE_DECL_STRNLEN=1; + HAVE_STRPBRK=1; + HAVE_STRSEP=1; + HAVE_STRCASESTR=1; + HAVE_DECL_STRTOK_R=1; + HAVE_DECL_STRERROR_R=1; + HAVE_DECL_STRSIGNAL=1; + HAVE_STRVERSCMP=1; + REPLACE_MEMCHR=0; + REPLACE_MEMMEM=0; + REPLACE_STPNCPY=0; + REPLACE_STRCHRNUL=0; + REPLACE_STRDUP=0; + REPLACE_STRNCAT=0; + REPLACE_STRNDUP=0; + REPLACE_STRNLEN=0; + REPLACE_STRSTR=0; + REPLACE_STRCASESTR=0; + REPLACE_STRTOK_R=0; + REPLACE_STRERROR=0; + REPLACE_STRERROR_R=0; + REPLACE_STRSIGNAL=0; + UNDEFINE_STRTOK_R=0; + + + + + + + # Check for mmap(). Don't use AC_FUNC_MMAP, because it checks too much: it + # fails on HP-UX 11, because MAP_FIXED mappings do not work. But this is + # irrelevant for anonymous mappings. + ac_fn_c_check_func "$LINENO" "mmap" "ac_cv_func_mmap" +if test "x$ac_cv_func_mmap" = xyes; then : + gl_have_mmap=yes +else + gl_have_mmap=no +fi + + + # Try to allow MAP_ANONYMOUS. + gl_have_mmap_anonymous=no + if test $gl_have_mmap = yes; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for MAP_ANONYMOUS" >&5 +$as_echo_n "checking for MAP_ANONYMOUS... " >&6; } + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#ifdef MAP_ANONYMOUS + I cannot identify this map +#endif + +_ACEOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + $EGREP "I cannot identify this map" >/dev/null 2>&1; then : + gl_have_mmap_anonymous=yes +fi +rm -f conftest* + + if test $gl_have_mmap_anonymous != yes; then + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#ifdef MAP_ANON + I cannot identify this map +#endif + +_ACEOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + $EGREP "I cannot identify this map" >/dev/null 2>&1; then : + +$as_echo "#define MAP_ANONYMOUS MAP_ANON" >>confdefs.h + + gl_have_mmap_anonymous=yes +fi +rm -f conftest* + + fi + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_have_mmap_anonymous" >&5 +$as_echo "$gl_have_mmap_anonymous" >&6; } + if test $gl_have_mmap_anonymous = yes; then + +$as_echo "#define HAVE_MAP_ANONYMOUS 1" >>confdefs.h + + fi + fi + + + + + + + if test $HAVE_MEMCHR = 1; then + # Detect platform-specific bugs in some versions of glibc: + # memchr should not dereference anything with length 0 + # https://bugzilla.redhat.com/show_bug.cgi?id=499689 + # memchr should not dereference overestimated length after a match + # https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=521737 + # https://sourceware.org/bugzilla/show_bug.cgi?id=10162 + # memchr should cast the second argument to 'unsigned char'. + # This bug exists in Android 4.3. + # Assume that memchr works on platforms that lack mprotect. + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether memchr works" >&5 +$as_echo_n "checking whether memchr works... " >&6; } +if ${gl_cv_func_memchr_works+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test "$cross_compiling" = yes; then : + case "$host_os" in + # Guess no on Android. + linux*-android*) gl_cv_func_memchr_works="guessing no" ;; + # Guess yes on native Windows. + mingw*) gl_cv_func_memchr_works="guessing yes" ;; + # Be pessimistic for now. + *) gl_cv_func_memchr_works="guessing no" ;; + esac + +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#if HAVE_SYS_MMAN_H +# include +# include +# include +# include +# ifndef MAP_FILE +# define MAP_FILE 0 +# endif +#endif + +int +main () +{ + + int result = 0; + char *fence = NULL; +#if HAVE_SYS_MMAN_H && HAVE_MPROTECT +# if HAVE_MAP_ANONYMOUS + const int flags = MAP_ANONYMOUS | MAP_PRIVATE; + const int fd = -1; +# else /* !HAVE_MAP_ANONYMOUS */ + const int flags = MAP_FILE | MAP_PRIVATE; + int fd = open ("/dev/zero", O_RDONLY, 0666); + if (fd >= 0) +# endif + { + int pagesize = getpagesize (); + char *two_pages = + (char *) mmap (NULL, 2 * pagesize, PROT_READ | PROT_WRITE, + flags, fd, 0); + if (two_pages != (char *)(-1) + && mprotect (two_pages + pagesize, pagesize, PROT_NONE) == 0) + fence = two_pages + pagesize; + } +#endif + if (fence) + { + if (memchr (fence, 0, 0)) + result |= 1; + strcpy (fence - 9, "12345678"); + if (memchr (fence - 9, 0, 79) != fence - 1) + result |= 2; + if (memchr (fence - 1, 0, 3) != fence - 1) + result |= 4; + } + /* Test against bug on Android 4.3. */ + { + char input[3]; + input[0] = 'a'; + input[1] = 'b'; + input[2] = 'c'; + if (memchr (input, 0x789abc00 | 'b', 3) != input + 1) + result |= 8; + } + return result; + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_run "$LINENO"; then : + gl_cv_func_memchr_works=yes +else + gl_cv_func_memchr_works=no +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_func_memchr_works" >&5 +$as_echo "$gl_cv_func_memchr_works" >&6; } + case "$gl_cv_func_memchr_works" in + *yes) ;; + *) REPLACE_MEMCHR=1 ;; + esac + fi + +ac_fn_c_check_decl "$LINENO" "memmem" "ac_cv_have_decl_memmem" "$ac_includes_default" +if test "x$ac_cv_have_decl_memmem" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 +fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_MEMMEM $ac_have_decl +_ACEOF + + + + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether defines MIN and MAX" >&5 +$as_echo_n "checking whether defines MIN and MAX... " >&6; } +if ${gl_cv_minmax_in_limits_h+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + int x = MIN (42, 17); +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + gl_cv_minmax_in_limits_h=yes +else + gl_cv_minmax_in_limits_h=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_minmax_in_limits_h" >&5 +$as_echo "$gl_cv_minmax_in_limits_h" >&6; } + if test $gl_cv_minmax_in_limits_h = yes; then + +$as_echo "#define HAVE_MINMAX_IN_LIMITS_H 1" >>confdefs.h + + fi + + + + + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether defines MIN and MAX" >&5 +$as_echo_n "checking whether defines MIN and MAX... " >&6; } +if ${gl_cv_minmax_in_sys_param_h+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + int x = MIN (42, 17); +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + gl_cv_minmax_in_sys_param_h=yes +else + gl_cv_minmax_in_sys_param_h=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_minmax_in_sys_param_h" >&5 +$as_echo "$gl_cv_minmax_in_sys_param_h" >&6; } + if test $gl_cv_minmax_in_sys_param_h = yes; then + +$as_echo "#define HAVE_MINMAX_IN_SYS_PARAM_H 1" >>confdefs.h + + fi + + + + + + + + + if test $ac_cv_func__set_invalid_parameter_handler = yes; then + HAVE_MSVC_INVALID_PARAMETER_HANDLER=1 + +$as_echo "#define HAVE_MSVC_INVALID_PARAMETER_HANDLER 1" >>confdefs.h + + else + HAVE_MSVC_INVALID_PARAMETER_HANDLER=0 + fi + + + + + + + gl_cv_c_multiarch=no + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#ifndef __APPLE_CC__ + not a universal capable compiler + #endif + typedef int dummy; + +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + + arch= + prev= + for word in ${CC} ${CFLAGS} ${CPPFLAGS} ${LDFLAGS}; do + if test -n "$prev"; then + case $word in + i?86 | x86_64 | ppc | ppc64) + if test -z "$arch" || test "$arch" = "$word"; then + arch="$word" + else + gl_cv_c_multiarch=yes + fi + ;; + esac + prev= + else + if test "x$word" = "x-arch"; then + prev=arch + fi + fi + done + +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + if test $gl_cv_c_multiarch = yes; then + APPLE_UNIVERSAL_BUILD=1 + else + APPLE_UNIVERSAL_BUILD=0 + fi + + + + GNULIB_GETADDRINFO=0; + HAVE_STRUCT_ADDRINFO=1; + HAVE_DECL_FREEADDRINFO=1; + HAVE_DECL_GAI_STRERROR=1; + HAVE_DECL_GETADDRINFO=1; + HAVE_DECL_GETNAMEINFO=1; + REPLACE_GAI_STRERROR=0; + + + + + + + + + + + + + + + + + + + + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether snprintf returns a byte count as in C99" >&5 +$as_echo_n "checking whether snprintf returns a byte count as in C99... " >&6; } +if ${gl_cv_func_snprintf_retval_c99+:} false; then : + $as_echo_n "(cached) " >&6 +else + + if test "$cross_compiling" = yes; then : + case "$host_os" in + # Guess yes on glibc systems. + *-gnu* | gnu*) gl_cv_func_snprintf_retval_c99="guessing yes";; + # Guess yes on musl systems. + *-musl*) gl_cv_func_snprintf_retval_c99="guessing yes";; + # Guess yes on FreeBSD >= 5. + freebsd[1-4].*) gl_cv_func_snprintf_retval_c99="guessing no";; + freebsd* | kfreebsd*) gl_cv_func_snprintf_retval_c99="guessing yes";; + # Guess yes on Mac OS X >= 10.3. + darwin[1-6].*) gl_cv_func_snprintf_retval_c99="guessing no";; + darwin*) gl_cv_func_snprintf_retval_c99="guessing yes";; + # Guess yes on OpenBSD >= 3.9. + openbsd[1-2].* | openbsd3.[0-8] | openbsd3.[0-8].*) + gl_cv_func_snprintf_retval_c99="guessing no";; + openbsd*) gl_cv_func_snprintf_retval_c99="guessing yes";; + # Guess yes on Solaris >= 2.10. + solaris2.[1-9][0-9]*) gl_cv_func_printf_sizes_c99="guessing yes";; + solaris*) gl_cv_func_printf_sizes_c99="guessing no";; + # Guess yes on AIX >= 4. + aix[1-3]*) gl_cv_func_snprintf_retval_c99="guessing no";; + aix*) gl_cv_func_snprintf_retval_c99="guessing yes";; + # Guess yes on NetBSD >= 3. + netbsd[1-2]* | netbsdelf[1-2]* | netbsdaout[1-2]* | netbsdcoff[1-2]*) + gl_cv_func_snprintf_retval_c99="guessing no";; + netbsd*) gl_cv_func_snprintf_retval_c99="guessing yes";; + # Guess yes on BeOS. + beos*) gl_cv_func_snprintf_retval_c99="guessing yes";; + # Guess yes on Android. + linux*-android*) gl_cv_func_snprintf_retval_c99="guessing yes";; + # Guess yes on MSVC, no on mingw. + mingw*) cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#ifdef _MSC_VER + Known +#endif + +_ACEOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + $EGREP "Known" >/dev/null 2>&1; then : + gl_cv_func_snprintf_retval_c99="guessing yes" +else + gl_cv_func_snprintf_retval_c99="guessing no" +fi +rm -f conftest* + + ;; + # If we don't know, assume the worst. + *) gl_cv_func_snprintf_retval_c99="guessing no";; + esac + +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include +#if HAVE_SNPRINTF +# define my_snprintf snprintf +#else +# include +static int my_snprintf (char *buf, int size, const char *format, ...) +{ + va_list args; + int ret; + va_start (args, format); + ret = vsnprintf (buf, size, format, args); + va_end (args); + return ret; +} +#endif +static char buf[100]; +int main () +{ + strcpy (buf, "ABCDEF"); + if (my_snprintf (buf, 3, "%d %d", 4567, 89) != 7) + return 1; + if (my_snprintf (buf, 0, "%d %d", 4567, 89) != 7) + return 2; + if (my_snprintf (NULL, 0, "%d %d", 4567, 89) != 7) + return 3; + return 0; +} +_ACEOF +if ac_fn_c_try_run "$LINENO"; then : + gl_cv_func_snprintf_retval_c99=yes +else + gl_cv_func_snprintf_retval_c99=no +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_func_snprintf_retval_c99" >&5 +$as_echo "$gl_cv_func_snprintf_retval_c99" >&6; } + +ac_fn_c_check_decl "$LINENO" "snprintf" "ac_cv_have_decl_snprintf" "$ac_includes_default" +if test "x$ac_cv_have_decl_snprintf" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 +fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_SNPRINTF $ac_have_decl +_ACEOF + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for stdbool.h that conforms to C99" >&5 +$as_echo_n "checking for stdbool.h that conforms to C99... " >&6; } +if ${ac_cv_header_stdbool_h+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + #include + + #ifdef __cplusplus + typedef bool Bool; + #else + typedef _Bool Bool; + #ifndef bool + "error: bool is not defined" + #endif + #ifndef false + "error: false is not defined" + #endif + #if false + "error: false is not 0" + #endif + #ifndef true + "error: true is not defined" + #endif + #if true != 1 + "error: true is not 1" + #endif + #endif + + #ifndef __bool_true_false_are_defined + "error: __bool_true_false_are_defined is not defined" + #endif + + struct s { Bool s: 1; Bool t; bool u: 1; bool v; } s; + + char a[true == 1 ? 1 : -1]; + char b[false == 0 ? 1 : -1]; + char c[__bool_true_false_are_defined == 1 ? 1 : -1]; + char d[(bool) 0.5 == true ? 1 : -1]; + /* See body of main program for 'e'. */ + char f[(Bool) 0.0 == false ? 1 : -1]; + char g[true]; + char h[sizeof (Bool)]; + char i[sizeof s.t]; + enum { j = false, k = true, l = false * true, m = true * 256 }; + /* The following fails for + HP aC++/ANSI C B3910B A.05.55 [Dec 04 2003]. */ + Bool n[m]; + char o[sizeof n == m * sizeof n[0] ? 1 : -1]; + char p[-1 - (Bool) 0 < 0 && -1 - (bool) 0 < 0 ? 1 : -1]; + /* Catch a bug in an HP-UX C compiler. See + https://gcc.gnu.org/ml/gcc-patches/2003-12/msg02303.html + https://lists.gnu.org/r/bug-coreutils/2005-11/msg00161.html + */ + Bool q = true; + Bool *pq = &q; + bool *qq = &q; + +int +main () +{ + + bool e = &s; + *pq |= q; *pq |= ! q; + *qq |= q; *qq |= ! q; + /* Refer to every declared value, to avoid compiler optimizations. */ + return (!a + !b + !c + !d + !e + !f + !g + !h + !i + !!j + !k + !!l + + !m + !n + !o + !p + !q + !pq + !qq); + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_cv_header_stdbool_h=yes +else + ac_cv_header_stdbool_h=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_header_stdbool_h" >&5 +$as_echo "$ac_cv_header_stdbool_h" >&6; } + ac_fn_c_check_type "$LINENO" "_Bool" "ac_cv_type__Bool" "$ac_includes_default" +if test "x$ac_cv_type__Bool" = xyes; then : + +cat >>confdefs.h <<_ACEOF +#define HAVE__BOOL 1 +_ACEOF + + +fi + + + + REPLACE_NULL=0; + HAVE_MAX_ALIGN_T=1; + HAVE_WCHAR_T=1; + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for wchar_t" >&5 +$as_echo_n "checking for wchar_t... " >&6; } +if ${gt_cv_c_wchar_t+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + wchar_t foo = (wchar_t)'\0'; +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + gt_cv_c_wchar_t=yes +else + gt_cv_c_wchar_t=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gt_cv_c_wchar_t" >&5 +$as_echo "$gt_cv_c_wchar_t" >&6; } + if test $gt_cv_c_wchar_t = yes; then + +$as_echo "#define HAVE_WCHAR_T 1" >>confdefs.h + + fi + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for wint_t" >&5 +$as_echo_n "checking for wint_t... " >&6; } +if ${gt_cv_c_wint_t+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Tru64 with Desktop Toolkit C has a bug: must be included before + . + BSD/OS 4.0.1 has a bug: , and must be included + before . */ +#include +#include +#include +#include + wint_t foo = (wchar_t)'\0'; +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + gt_cv_c_wint_t=yes +else + gt_cv_c_wint_t=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gt_cv_c_wint_t" >&5 +$as_echo "$gt_cv_c_wint_t" >&6; } + if test $gt_cv_c_wint_t = yes; then + +$as_echo "#define HAVE_WINT_T 1" >>confdefs.h + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether wint_t is too small" >&5 +$as_echo_n "checking whether wint_t is too small... " >&6; } +if ${gl_cv_type_wint_t_too_small+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Tru64 with Desktop Toolkit C has a bug: must be included before + . + BSD/OS 4.0.1 has a bug: , and must be + included before . */ +#if !(defined __GLIBC__ && !defined __UCLIBC__) +# include +# include +# include +#endif +#include + int verify[sizeof (wint_t) < sizeof (int) ? -1 : 1]; + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + gl_cv_type_wint_t_too_small=no +else + gl_cv_type_wint_t_too_small=yes +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_type_wint_t_too_small" >&5 +$as_echo "$gl_cv_type_wint_t_too_small" >&6; } + if test $gl_cv_type_wint_t_too_small = yes; then + GNULIB_OVERRIDES_WINT_T=1 + else + GNULIB_OVERRIDES_WINT_T=0 + fi + else + GNULIB_OVERRIDES_WINT_T=0 + fi + + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for unsigned long long int" >&5 +$as_echo_n "checking for unsigned long long int... " >&6; } +if ${ac_cv_type_unsigned_long_long_int+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_cv_type_unsigned_long_long_int=yes + if test "x${ac_cv_prog_cc_c99-no}" = xno; then + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + /* For now, do not test the preprocessor; as of 2007 there are too many + implementations with broken preprocessors. Perhaps this can + be revisited in 2012. In the meantime, code should not expect + #if to work with literals wider than 32 bits. */ + /* Test literals. */ + long long int ll = 9223372036854775807ll; + long long int nll = -9223372036854775807LL; + unsigned long long int ull = 18446744073709551615ULL; + /* Test constant expressions. */ + typedef int a[((-9223372036854775807LL < 0 && 0 < 9223372036854775807ll) + ? 1 : -1)]; + typedef int b[(18446744073709551615ULL <= (unsigned long long int) -1 + ? 1 : -1)]; + int i = 63; +int +main () +{ +/* Test availability of runtime routines for shift and division. */ + long long int llmax = 9223372036854775807ll; + unsigned long long int ullmax = 18446744073709551615ull; + return ((ll << 63) | (ll >> 63) | (ll < i) | (ll > i) + | (llmax / ll) | (llmax % ll) + | (ull << 63) | (ull >> 63) | (ull << i) | (ull >> i) + | (ullmax / ull) | (ullmax % ull)); + ; + return 0; +} + +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + +else + ac_cv_type_unsigned_long_long_int=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + fi +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_type_unsigned_long_long_int" >&5 +$as_echo "$ac_cv_type_unsigned_long_long_int" >&6; } + if test $ac_cv_type_unsigned_long_long_int = yes; then + +$as_echo "#define HAVE_UNSIGNED_LONG_LONG_INT 1" >>confdefs.h + + fi + + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for long long int" >&5 +$as_echo_n "checking for long long int... " >&6; } +if ${ac_cv_type_long_long_int+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_cv_type_long_long_int=yes + if test "x${ac_cv_prog_cc_c99-no}" = xno; then + ac_cv_type_long_long_int=$ac_cv_type_unsigned_long_long_int + if test $ac_cv_type_long_long_int = yes; then + if test "$cross_compiling" = yes; then : + : +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + #ifndef LLONG_MAX + # define HALF \ + (1LL << (sizeof (long long int) * CHAR_BIT - 2)) + # define LLONG_MAX (HALF - 1 + HALF) + #endif +int +main () +{ +long long int n = 1; + int i; + for (i = 0; ; i++) + { + long long int m = n << i; + if (m >> i != n) + return 1; + if (LLONG_MAX / 2 < m) + break; + } + return 0; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_run "$LINENO"; then : + +else + ac_cv_type_long_long_int=no +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + + fi + fi +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_type_long_long_int" >&5 +$as_echo "$ac_cv_type_long_long_int" >&6; } + if test $ac_cv_type_long_long_int = yes; then + +$as_echo "#define HAVE_LONG_LONG_INT 1" >>confdefs.h + + fi + + + + + + + + + + + + if test $ac_cv_type_long_long_int = yes; then + HAVE_LONG_LONG_INT=1 + else + HAVE_LONG_LONG_INT=0 + fi + + + if test $ac_cv_type_unsigned_long_long_int = yes; then + HAVE_UNSIGNED_LONG_LONG_INT=1 + else + HAVE_UNSIGNED_LONG_LONG_INT=0 + fi + + + + if test $ac_cv_header_wchar_h = yes; then + HAVE_WCHAR_H=1 + else + HAVE_WCHAR_H=0 + fi + + + if test $ac_cv_header_inttypes_h = yes; then + HAVE_INTTYPES_H=1 + else + HAVE_INTTYPES_H=0 + fi + + + if test $ac_cv_header_sys_types_h = yes; then + HAVE_SYS_TYPES_H=1 + else + HAVE_SYS_TYPES_H=0 + fi + + + + + + + + + + + + if test $gl_cv_have_include_next = yes; then + gl_cv_next_stdint_h='<'stdint.h'>' + else + { $as_echo "$as_me:${as_lineno-$LINENO}: checking absolute name of " >&5 +$as_echo_n "checking absolute name of ... " >&6; } +if ${gl_cv_next_stdint_h+:} false; then : + $as_echo_n "(cached) " >&6 +else + + if test $ac_cv_header_stdint_h = yes; then + + + + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +_ACEOF + case "$host_os" in + aix*) gl_absname_cpp="$ac_cpp -C" ;; + *) gl_absname_cpp="$ac_cpp" ;; + esac + + case "$host_os" in + mingw*) + gl_dirsep_regex='[/\\]' + ;; + *) + gl_dirsep_regex='\/' + ;; + esac + gl_make_literal_regex_sed='s,[]$^\\.*/[],\\&,g' + gl_header_literal_regex=`echo 'stdint.h' \ + | sed -e "$gl_make_literal_regex_sed"` + gl_absolute_header_sed="/${gl_dirsep_regex}${gl_header_literal_regex}/"'{ + s/.*"\(.*'"${gl_dirsep_regex}${gl_header_literal_regex}"'\)".*/\1/ + s|^/[^/]|//&| + p + q + }' + + gl_cv_absolute_stdint_h=`(eval "$gl_absname_cpp conftest.$ac_ext") 2>&5 | + sed -n "$gl_absolute_header_sed"` + + gl_header=$gl_cv_absolute_stdint_h + gl_cv_next_stdint_h='"'$gl_header'"' + else + gl_cv_next_stdint_h='<'stdint.h'>' + fi + + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_next_stdint_h" >&5 +$as_echo "$gl_cv_next_stdint_h" >&6; } + fi + NEXT_STDINT_H=$gl_cv_next_stdint_h + + if test $gl_cv_have_include_next = yes || test $gl_cv_have_include_next = buggy; then + # INCLUDE_NEXT_AS_FIRST_DIRECTIVE='include_next' + gl_next_as_first_directive='<'stdint.h'>' + else + # INCLUDE_NEXT_AS_FIRST_DIRECTIVE='include' + gl_next_as_first_directive=$gl_cv_next_stdint_h + fi + NEXT_AS_FIRST_DIRECTIVE_STDINT_H=$gl_next_as_first_directive + + + + + if test $ac_cv_header_stdint_h = yes; then + HAVE_STDINT_H=1 + else + HAVE_STDINT_H=0 + fi + + + if test $ac_cv_header_stdint_h = yes; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether stdint.h conforms to C99" >&5 +$as_echo_n "checking whether stdint.h conforms to C99... " >&6; } +if ${gl_cv_header_working_stdint_h+:} false; then : + $as_echo_n "(cached) " >&6 +else + gl_cv_header_working_stdint_h=no + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + +#define _GL_JUST_INCLUDE_SYSTEM_STDINT_H 1 /* work if build isn't clean */ +#define __STDC_CONSTANT_MACROS 1 +#define __STDC_LIMIT_MACROS 1 +#include +/* Dragonfly defines WCHAR_MIN, WCHAR_MAX only in . */ +#if !(defined WCHAR_MIN && defined WCHAR_MAX) +#error "WCHAR_MIN, WCHAR_MAX not defined in " +#endif + + + /* BSD/OS 4.0.1 has a bug: , and must be + included before . */ + #include + #include + #if HAVE_WCHAR_H + # include + # include + # include + #endif + + +#ifdef INT8_MAX +int8_t a1 = INT8_MAX; +int8_t a1min = INT8_MIN; +#endif +#ifdef INT16_MAX +int16_t a2 = INT16_MAX; +int16_t a2min = INT16_MIN; +#endif +#ifdef INT32_MAX +int32_t a3 = INT32_MAX; +int32_t a3min = INT32_MIN; +#endif +#ifdef INT64_MAX +int64_t a4 = INT64_MAX; +int64_t a4min = INT64_MIN; +#endif +#ifdef UINT8_MAX +uint8_t b1 = UINT8_MAX; +#else +typedef int b1[(unsigned char) -1 != 255 ? 1 : -1]; +#endif +#ifdef UINT16_MAX +uint16_t b2 = UINT16_MAX; +#endif +#ifdef UINT32_MAX +uint32_t b3 = UINT32_MAX; +#endif +#ifdef UINT64_MAX +uint64_t b4 = UINT64_MAX; +#endif +int_least8_t c1 = INT8_C (0x7f); +int_least8_t c1max = INT_LEAST8_MAX; +int_least8_t c1min = INT_LEAST8_MIN; +int_least16_t c2 = INT16_C (0x7fff); +int_least16_t c2max = INT_LEAST16_MAX; +int_least16_t c2min = INT_LEAST16_MIN; +int_least32_t c3 = INT32_C (0x7fffffff); +int_least32_t c3max = INT_LEAST32_MAX; +int_least32_t c3min = INT_LEAST32_MIN; +int_least64_t c4 = INT64_C (0x7fffffffffffffff); +int_least64_t c4max = INT_LEAST64_MAX; +int_least64_t c4min = INT_LEAST64_MIN; +uint_least8_t d1 = UINT8_C (0xff); +uint_least8_t d1max = UINT_LEAST8_MAX; +uint_least16_t d2 = UINT16_C (0xffff); +uint_least16_t d2max = UINT_LEAST16_MAX; +uint_least32_t d3 = UINT32_C (0xffffffff); +uint_least32_t d3max = UINT_LEAST32_MAX; +uint_least64_t d4 = UINT64_C (0xffffffffffffffff); +uint_least64_t d4max = UINT_LEAST64_MAX; +int_fast8_t e1 = INT_FAST8_MAX; +int_fast8_t e1min = INT_FAST8_MIN; +int_fast16_t e2 = INT_FAST16_MAX; +int_fast16_t e2min = INT_FAST16_MIN; +int_fast32_t e3 = INT_FAST32_MAX; +int_fast32_t e3min = INT_FAST32_MIN; +int_fast64_t e4 = INT_FAST64_MAX; +int_fast64_t e4min = INT_FAST64_MIN; +uint_fast8_t f1 = UINT_FAST8_MAX; +uint_fast16_t f2 = UINT_FAST16_MAX; +uint_fast32_t f3 = UINT_FAST32_MAX; +uint_fast64_t f4 = UINT_FAST64_MAX; +#ifdef INTPTR_MAX +intptr_t g = INTPTR_MAX; +intptr_t gmin = INTPTR_MIN; +#endif +#ifdef UINTPTR_MAX +uintptr_t h = UINTPTR_MAX; +#endif +intmax_t i = INTMAX_MAX; +uintmax_t j = UINTMAX_MAX; + +/* Check that SIZE_MAX has the correct type, if possible. */ +#if 201112 <= __STDC_VERSION__ +int k = _Generic (SIZE_MAX, size_t: 0); +#elif (2 <= __GNUC__ || defined __IBM__TYPEOF__ \ + || (0x5110 <= __SUNPRO_C && !__STDC__)) +extern size_t k; +extern __typeof__ (SIZE_MAX) k; +#endif + +#include /* for CHAR_BIT */ +#define TYPE_MINIMUM(t) \ + ((t) ((t) 0 < (t) -1 ? (t) 0 : ~ TYPE_MAXIMUM (t))) +#define TYPE_MAXIMUM(t) \ + ((t) ((t) 0 < (t) -1 \ + ? (t) -1 \ + : ((((t) 1 << (sizeof (t) * CHAR_BIT - 2)) - 1) * 2 + 1))) +struct s { + int check_PTRDIFF: + PTRDIFF_MIN == TYPE_MINIMUM (ptrdiff_t) + && PTRDIFF_MAX == TYPE_MAXIMUM (ptrdiff_t) + ? 1 : -1; + /* Detect bug in FreeBSD 6.0 / ia64. */ + int check_SIG_ATOMIC: + SIG_ATOMIC_MIN == TYPE_MINIMUM (sig_atomic_t) + && SIG_ATOMIC_MAX == TYPE_MAXIMUM (sig_atomic_t) + ? 1 : -1; + int check_SIZE: SIZE_MAX == TYPE_MAXIMUM (size_t) ? 1 : -1; + int check_WCHAR: + WCHAR_MIN == TYPE_MINIMUM (wchar_t) + && WCHAR_MAX == TYPE_MAXIMUM (wchar_t) + ? 1 : -1; + /* Detect bug in mingw. */ + int check_WINT: + WINT_MIN == TYPE_MINIMUM (wint_t) + && WINT_MAX == TYPE_MAXIMUM (wint_t) + ? 1 : -1; + + /* Detect bugs in glibc 2.4 and Solaris 10 stdint.h, among others. */ + int check_UINT8_C: + (-1 < UINT8_C (0)) == (-1 < (uint_least8_t) 0) ? 1 : -1; + int check_UINT16_C: + (-1 < UINT16_C (0)) == (-1 < (uint_least16_t) 0) ? 1 : -1; + + /* Detect bugs in OpenBSD 3.9 stdint.h. */ +#ifdef UINT8_MAX + int check_uint8: (uint8_t) -1 == UINT8_MAX ? 1 : -1; +#endif +#ifdef UINT16_MAX + int check_uint16: (uint16_t) -1 == UINT16_MAX ? 1 : -1; +#endif +#ifdef UINT32_MAX + int check_uint32: (uint32_t) -1 == UINT32_MAX ? 1 : -1; +#endif +#ifdef UINT64_MAX + int check_uint64: (uint64_t) -1 == UINT64_MAX ? 1 : -1; +#endif + int check_uint_least8: (uint_least8_t) -1 == UINT_LEAST8_MAX ? 1 : -1; + int check_uint_least16: (uint_least16_t) -1 == UINT_LEAST16_MAX ? 1 : -1; + int check_uint_least32: (uint_least32_t) -1 == UINT_LEAST32_MAX ? 1 : -1; + int check_uint_least64: (uint_least64_t) -1 == UINT_LEAST64_MAX ? 1 : -1; + int check_uint_fast8: (uint_fast8_t) -1 == UINT_FAST8_MAX ? 1 : -1; + int check_uint_fast16: (uint_fast16_t) -1 == UINT_FAST16_MAX ? 1 : -1; + int check_uint_fast32: (uint_fast32_t) -1 == UINT_FAST32_MAX ? 1 : -1; + int check_uint_fast64: (uint_fast64_t) -1 == UINT_FAST64_MAX ? 1 : -1; + int check_uintptr: (uintptr_t) -1 == UINTPTR_MAX ? 1 : -1; + int check_uintmax: (uintmax_t) -1 == UINTMAX_MAX ? 1 : -1; + int check_size: (size_t) -1 == SIZE_MAX ? 1 : -1; +}; + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + if test "$cross_compiling" = yes; then : + case "$host_os" in + # Guess yes on native Windows. + mingw*) gl_cv_header_working_stdint_h="guessing yes" ;; + # In general, assume it works. + *) gl_cv_header_working_stdint_h="guessing yes" ;; + esac + +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + +#define _GL_JUST_INCLUDE_SYSTEM_STDINT_H 1 /* work if build isn't clean */ +#define __STDC_CONSTANT_MACROS 1 +#define __STDC_LIMIT_MACROS 1 +#include + + + /* BSD/OS 4.0.1 has a bug: , and must be + included before . */ + #include + #include + #if HAVE_WCHAR_H + # include + # include + # include + #endif + + +#include +#include +#define MVAL(macro) MVAL1(macro) +#define MVAL1(expression) #expression +static const char *macro_values[] = + { +#ifdef INT8_MAX + MVAL (INT8_MAX), +#endif +#ifdef INT16_MAX + MVAL (INT16_MAX), +#endif +#ifdef INT32_MAX + MVAL (INT32_MAX), +#endif +#ifdef INT64_MAX + MVAL (INT64_MAX), +#endif +#ifdef UINT8_MAX + MVAL (UINT8_MAX), +#endif +#ifdef UINT16_MAX + MVAL (UINT16_MAX), +#endif +#ifdef UINT32_MAX + MVAL (UINT32_MAX), +#endif +#ifdef UINT64_MAX + MVAL (UINT64_MAX), +#endif + NULL + }; + +int +main () +{ + + const char **mv; + for (mv = macro_values; *mv != NULL; mv++) + { + const char *value = *mv; + /* Test whether it looks like a cast expression. */ + if (strncmp (value, "((unsigned int)"/*)*/, 15) == 0 + || strncmp (value, "((unsigned short)"/*)*/, 17) == 0 + || strncmp (value, "((unsigned char)"/*)*/, 16) == 0 + || strncmp (value, "((int)"/*)*/, 6) == 0 + || strncmp (value, "((signed short)"/*)*/, 15) == 0 + || strncmp (value, "((signed char)"/*)*/, 14) == 0) + return mv - macro_values + 1; + } + return 0; + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_run "$LINENO"; then : + gl_cv_header_working_stdint_h=yes +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + + +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_header_working_stdint_h" >&5 +$as_echo "$gl_cv_header_working_stdint_h" >&6; } + fi + + HAVE_C99_STDINT_H=0 + HAVE_SYS_BITYPES_H=0 + HAVE_SYS_INTTYPES_H=0 + STDINT_H=stdint.h + case "$gl_cv_header_working_stdint_h" in + *yes) + HAVE_C99_STDINT_H=1 + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether stdint.h predates C++11" >&5 +$as_echo_n "checking whether stdint.h predates C++11... " >&6; } +if ${gl_cv_header_stdint_predates_cxx11_h+:} false; then : + $as_echo_n "(cached) " >&6 +else + gl_cv_header_stdint_predates_cxx11_h=yes + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + +#define _GL_JUST_INCLUDE_SYSTEM_STDINT_H 1 /* work if build isn't clean */ +#include + + + /* BSD/OS 4.0.1 has a bug: , and must be + included before . */ + #include + #include + #if HAVE_WCHAR_H + # include + # include + # include + #endif + + +intmax_t im = INTMAX_MAX; +int32_t i32 = INT32_C (0x7fffffff); + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + gl_cv_header_stdint_predates_cxx11_h=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_header_stdint_predates_cxx11_h" >&5 +$as_echo "$gl_cv_header_stdint_predates_cxx11_h" >&6; } + + if test "$gl_cv_header_stdint_predates_cxx11_h" = yes; then + +$as_echo "#define __STDC_CONSTANT_MACROS 1" >>confdefs.h + + +$as_echo "#define __STDC_LIMIT_MACROS 1" >>confdefs.h + + fi + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether stdint.h has UINTMAX_WIDTH etc." >&5 +$as_echo_n "checking whether stdint.h has UINTMAX_WIDTH etc.... " >&6; } +if ${gl_cv_header_stdint_width+:} false; then : + $as_echo_n "(cached) " >&6 +else + gl_cv_header_stdint_width=no + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + /* Work if build is not clean. */ + #define _GL_JUST_INCLUDE_SYSTEM_STDINT_H 1 + #ifndef __STDC_WANT_IEC_60559_BFP_EXT__ + #define __STDC_WANT_IEC_60559_BFP_EXT__ 1 + #endif + #include + + /* BSD/OS 4.0.1 has a bug: , and must be + included before . */ + #include + #include + #if HAVE_WCHAR_H + # include + # include + # include + #endif + + int iw = UINTMAX_WIDTH; + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + gl_cv_header_stdint_width=yes +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_header_stdint_width" >&5 +$as_echo "$gl_cv_header_stdint_width" >&6; } + if test "$gl_cv_header_stdint_width" = yes; then + STDINT_H= + fi + ;; + *) + for ac_header in sys/inttypes.h sys/bitypes.h +do : + as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` +ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default" +if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : + cat >>confdefs.h <<_ACEOF +#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 +_ACEOF + +fi + +done + + if test $ac_cv_header_sys_inttypes_h = yes; then + HAVE_SYS_INTTYPES_H=1 + fi + if test $ac_cv_header_sys_bitypes_h = yes; then + HAVE_SYS_BITYPES_H=1 + fi + + + if test $APPLE_UNIVERSAL_BUILD = 0; then + + + for gltype in ptrdiff_t size_t ; do + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for bit size of $gltype" >&5 +$as_echo_n "checking for bit size of $gltype... " >&6; } +if eval \${gl_cv_bitsizeof_${gltype}+:} false; then : + $as_echo_n "(cached) " >&6 +else + if ac_fn_c_compute_int "$LINENO" "sizeof ($gltype) * CHAR_BIT" "result" " + /* BSD/OS 4.0.1 has a bug: , and must be + included before . */ + #include + #include + #if HAVE_WCHAR_H + # include + # include + # include + #endif + +#include "; then : + +else + result=unknown +fi + + eval gl_cv_bitsizeof_${gltype}=\$result + +fi +eval ac_res=\$gl_cv_bitsizeof_${gltype} + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 +$as_echo "$ac_res" >&6; } + eval result=\$gl_cv_bitsizeof_${gltype} + if test $result = unknown; then + result=0 + fi + GLTYPE=`echo "$gltype" | tr 'abcdefghijklmnopqrstuvwxyz ' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ_'` + cat >>confdefs.h <<_ACEOF +#define BITSIZEOF_${GLTYPE} $result +_ACEOF + + eval BITSIZEOF_${GLTYPE}=\$result + done + + + fi + + + for gltype in sig_atomic_t wchar_t wint_t ; do + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for bit size of $gltype" >&5 +$as_echo_n "checking for bit size of $gltype... " >&6; } +if eval \${gl_cv_bitsizeof_${gltype}+:} false; then : + $as_echo_n "(cached) " >&6 +else + if ac_fn_c_compute_int "$LINENO" "sizeof ($gltype) * CHAR_BIT" "result" " + /* BSD/OS 4.0.1 has a bug: , and must be + included before . */ + #include + #include + #if HAVE_WCHAR_H + # include + # include + # include + #endif + +#include "; then : + +else + result=unknown +fi + + eval gl_cv_bitsizeof_${gltype}=\$result + +fi +eval ac_res=\$gl_cv_bitsizeof_${gltype} + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 +$as_echo "$ac_res" >&6; } + eval result=\$gl_cv_bitsizeof_${gltype} + if test $result = unknown; then + result=0 + fi + GLTYPE=`echo "$gltype" | tr 'abcdefghijklmnopqrstuvwxyz ' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ_'` + cat >>confdefs.h <<_ACEOF +#define BITSIZEOF_${GLTYPE} $result +_ACEOF + + eval BITSIZEOF_${GLTYPE}=\$result + done + + + + + for gltype in sig_atomic_t wchar_t wint_t ; do + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $gltype is signed" >&5 +$as_echo_n "checking whether $gltype is signed... " >&6; } +if eval \${gl_cv_type_${gltype}_signed+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + /* BSD/OS 4.0.1 has a bug: , and must be + included before . */ + #include + #include + #if HAVE_WCHAR_H + # include + # include + # include + #endif + + int verify[2 * (($gltype) -1 < ($gltype) 0) - 1]; +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + result=yes +else + result=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + eval gl_cv_type_${gltype}_signed=\$result + +fi +eval ac_res=\$gl_cv_type_${gltype}_signed + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 +$as_echo "$ac_res" >&6; } + eval result=\$gl_cv_type_${gltype}_signed + GLTYPE=`echo $gltype | tr 'abcdefghijklmnopqrstuvwxyz ' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ_'` + if test "$result" = yes; then + cat >>confdefs.h <<_ACEOF +#define HAVE_SIGNED_${GLTYPE} 1 +_ACEOF + + eval HAVE_SIGNED_${GLTYPE}=1 + else + eval HAVE_SIGNED_${GLTYPE}=0 + fi + done + + + gl_cv_type_ptrdiff_t_signed=yes + gl_cv_type_size_t_signed=no + if test $APPLE_UNIVERSAL_BUILD = 0; then + + + for gltype in ptrdiff_t size_t ; do + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $gltype integer literal suffix" >&5 +$as_echo_n "checking for $gltype integer literal suffix... " >&6; } +if eval \${gl_cv_type_${gltype}_suffix+:} false; then : + $as_echo_n "(cached) " >&6 +else + eval gl_cv_type_${gltype}_suffix=no + eval result=\$gl_cv_type_${gltype}_signed + if test "$result" = yes; then + glsufu= + else + glsufu=u + fi + for glsuf in "$glsufu" ${glsufu}l ${glsufu}ll ${glsufu}i64; do + case $glsuf in + '') gltype1='int';; + l) gltype1='long int';; + ll) gltype1='long long int';; + i64) gltype1='__int64';; + u) gltype1='unsigned int';; + ul) gltype1='unsigned long int';; + ull) gltype1='unsigned long long int';; + ui64)gltype1='unsigned __int64';; + esac + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + /* BSD/OS 4.0.1 has a bug: , and must be + included before . */ + #include + #include + #if HAVE_WCHAR_H + # include + # include + # include + #endif + + extern $gltype foo; + extern $gltype1 foo; +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + eval gl_cv_type_${gltype}_suffix=\$glsuf +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + eval result=\$gl_cv_type_${gltype}_suffix + test "$result" != no && break + done +fi +eval ac_res=\$gl_cv_type_${gltype}_suffix + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 +$as_echo "$ac_res" >&6; } + GLTYPE=`echo $gltype | tr 'abcdefghijklmnopqrstuvwxyz ' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ_'` + eval result=\$gl_cv_type_${gltype}_suffix + test "$result" = no && result= + eval ${GLTYPE}_SUFFIX=\$result + cat >>confdefs.h <<_ACEOF +#define ${GLTYPE}_SUFFIX $result +_ACEOF + + done + + + fi + + + for gltype in sig_atomic_t wchar_t wint_t ; do + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $gltype integer literal suffix" >&5 +$as_echo_n "checking for $gltype integer literal suffix... " >&6; } +if eval \${gl_cv_type_${gltype}_suffix+:} false; then : + $as_echo_n "(cached) " >&6 +else + eval gl_cv_type_${gltype}_suffix=no + eval result=\$gl_cv_type_${gltype}_signed + if test "$result" = yes; then + glsufu= + else + glsufu=u + fi + for glsuf in "$glsufu" ${glsufu}l ${glsufu}ll ${glsufu}i64; do + case $glsuf in + '') gltype1='int';; + l) gltype1='long int';; + ll) gltype1='long long int';; + i64) gltype1='__int64';; + u) gltype1='unsigned int';; + ul) gltype1='unsigned long int';; + ull) gltype1='unsigned long long int';; + ui64)gltype1='unsigned __int64';; + esac + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + /* BSD/OS 4.0.1 has a bug: , and must be + included before . */ + #include + #include + #if HAVE_WCHAR_H + # include + # include + # include + #endif + + extern $gltype foo; + extern $gltype1 foo; +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + eval gl_cv_type_${gltype}_suffix=\$glsuf +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + eval result=\$gl_cv_type_${gltype}_suffix + test "$result" != no && break + done +fi +eval ac_res=\$gl_cv_type_${gltype}_suffix + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 +$as_echo "$ac_res" >&6; } + GLTYPE=`echo $gltype | tr 'abcdefghijklmnopqrstuvwxyz ' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ_'` + eval result=\$gl_cv_type_${gltype}_suffix + test "$result" = no && result= + eval ${GLTYPE}_SUFFIX=\$result + cat >>confdefs.h <<_ACEOF +#define ${GLTYPE}_SUFFIX $result +_ACEOF + + done + + + + if test $GNULIB_OVERRIDES_WINT_T = 1; then + BITSIZEOF_WINT_T=32 + fi + + ;; + esac + + + + LIMITS_H='limits.h' + if test -n "$LIMITS_H"; then + GL_GENERATE_LIMITS_H_TRUE= + GL_GENERATE_LIMITS_H_FALSE='#' +else + GL_GENERATE_LIMITS_H_TRUE='#' + GL_GENERATE_LIMITS_H_FALSE= +fi + + + + + + + + if test -n "$STDINT_H"; then + GL_GENERATE_STDINT_H_TRUE= + GL_GENERATE_STDINT_H_FALSE='#' +else + GL_GENERATE_STDINT_H_TRUE='#' + GL_GENERATE_STDINT_H_FALSE= +fi + + + + GNULIB_FFS=0; + HAVE_FFS=1; + HAVE_STRCASECMP=1; + HAVE_DECL_STRNCASECMP=1; + + + +ac_fn_c_check_decl "$LINENO" "strdup" "ac_cv_have_decl_strdup" "$ac_includes_default" +if test "x$ac_cv_have_decl_strdup" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 +fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_STRDUP $ac_have_decl +_ACEOF + + + + + + + + + + + + + if test $gl_cv_have_include_next = yes; then + gl_cv_next_string_h='<'string.h'>' + else + { $as_echo "$as_me:${as_lineno-$LINENO}: checking absolute name of " >&5 +$as_echo_n "checking absolute name of ... " >&6; } +if ${gl_cv_next_string_h+:} false; then : + $as_echo_n "(cached) " >&6 +else + + + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +_ACEOF + case "$host_os" in + aix*) gl_absname_cpp="$ac_cpp -C" ;; + *) gl_absname_cpp="$ac_cpp" ;; + esac + + case "$host_os" in + mingw*) + gl_dirsep_regex='[/\\]' + ;; + *) + gl_dirsep_regex='\/' + ;; + esac + gl_make_literal_regex_sed='s,[]$^\\.*/[],\\&,g' + gl_header_literal_regex=`echo 'string.h' \ + | sed -e "$gl_make_literal_regex_sed"` + gl_absolute_header_sed="/${gl_dirsep_regex}${gl_header_literal_regex}/"'{ + s/.*"\(.*'"${gl_dirsep_regex}${gl_header_literal_regex}"'\)".*/\1/ + s|^/[^/]|//&| + p + q + }' + + gl_cv_absolute_string_h=`(eval "$gl_absname_cpp conftest.$ac_ext") 2>&5 | + sed -n "$gl_absolute_header_sed"` + + gl_header=$gl_cv_absolute_string_h + gl_cv_next_string_h='"'$gl_header'"' + + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_next_string_h" >&5 +$as_echo "$gl_cv_next_string_h" >&6; } + fi + NEXT_STRING_H=$gl_cv_next_string_h + + if test $gl_cv_have_include_next = yes || test $gl_cv_have_include_next = buggy; then + # INCLUDE_NEXT_AS_FIRST_DIRECTIVE='include_next' + gl_next_as_first_directive='<'string.h'>' + else + # INCLUDE_NEXT_AS_FIRST_DIRECTIVE='include' + gl_next_as_first_directive=$gl_cv_next_string_h + fi + NEXT_AS_FIRST_DIRECTIVE_STRING_H=$gl_next_as_first_directive + + + + + + + + + + + + + + + + + + + + + + + + if test $gl_cv_have_include_next = yes; then + gl_cv_next_strings_h='<'strings.h'>' + else + { $as_echo "$as_me:${as_lineno-$LINENO}: checking absolute name of " >&5 +$as_echo_n "checking absolute name of ... " >&6; } +if ${gl_cv_next_strings_h+:} false; then : + $as_echo_n "(cached) " >&6 +else + + if test $ac_cv_header_strings_h = yes; then + + + + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +_ACEOF + case "$host_os" in + aix*) gl_absname_cpp="$ac_cpp -C" ;; + *) gl_absname_cpp="$ac_cpp" ;; + esac + + case "$host_os" in + mingw*) + gl_dirsep_regex='[/\\]' + ;; + *) + gl_dirsep_regex='\/' + ;; + esac + gl_make_literal_regex_sed='s,[]$^\\.*/[],\\&,g' + gl_header_literal_regex=`echo 'strings.h' \ + | sed -e "$gl_make_literal_regex_sed"` + gl_absolute_header_sed="/${gl_dirsep_regex}${gl_header_literal_regex}/"'{ + s/.*"\(.*'"${gl_dirsep_regex}${gl_header_literal_regex}"'\)".*/\1/ + s|^/[^/]|//&| + p + q + }' + + gl_cv_absolute_strings_h=`(eval "$gl_absname_cpp conftest.$ac_ext") 2>&5 | + sed -n "$gl_absolute_header_sed"` + + gl_header=$gl_cv_absolute_strings_h + gl_cv_next_strings_h='"'$gl_header'"' + else + gl_cv_next_strings_h='<'strings.h'>' + fi + + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_next_strings_h" >&5 +$as_echo "$gl_cv_next_strings_h" >&6; } + fi + NEXT_STRINGS_H=$gl_cv_next_strings_h + + if test $gl_cv_have_include_next = yes || test $gl_cv_have_include_next = buggy; then + # INCLUDE_NEXT_AS_FIRST_DIRECTIVE='include_next' + gl_next_as_first_directive='<'strings.h'>' + else + # INCLUDE_NEXT_AS_FIRST_DIRECTIVE='include' + gl_next_as_first_directive=$gl_cv_next_strings_h + fi + NEXT_AS_FIRST_DIRECTIVE_STRINGS_H=$gl_next_as_first_directive + + + + + if test $ac_cv_header_strings_h = yes; then + HAVE_STRINGS_H=1 + else + HAVE_STRINGS_H=0 + fi + + + + + + +ac_fn_c_check_decl "$LINENO" "strndup" "ac_cv_have_decl_strndup" "$ac_includes_default" +if test "x$ac_cv_have_decl_strndup" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 +fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_STRNDUP $ac_have_decl +_ACEOF + + + +ac_fn_c_check_decl "$LINENO" "strnlen" "ac_cv_have_decl_strnlen" "$ac_includes_default" +if test "x$ac_cv_have_decl_strnlen" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 +fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_STRNLEN $ac_have_decl +_ACEOF + +ac_fn_c_check_decl "$LINENO" "strtok_r" "ac_cv_have_decl_strtok_r" "$ac_includes_default" +if test "x$ac_cv_have_decl_strtok_r" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 +fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_STRTOK_R $ac_have_decl +_ACEOF + + + + + + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for struct timespec in " >&5 +$as_echo_n "checking for struct timespec in ... " >&6; } +if ${gl_cv_sys_struct_timespec_in_time_h+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + +int +main () +{ +static struct timespec x; x.tv_sec = x.tv_nsec; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + gl_cv_sys_struct_timespec_in_time_h=yes +else + gl_cv_sys_struct_timespec_in_time_h=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_sys_struct_timespec_in_time_h" >&5 +$as_echo "$gl_cv_sys_struct_timespec_in_time_h" >&6; } + + TIME_H_DEFINES_STRUCT_TIMESPEC=0 + SYS_TIME_H_DEFINES_STRUCT_TIMESPEC=0 + PTHREAD_H_DEFINES_STRUCT_TIMESPEC=0 + UNISTD_H_DEFINES_STRUCT_TIMESPEC=0 + if test $gl_cv_sys_struct_timespec_in_time_h = yes; then + TIME_H_DEFINES_STRUCT_TIMESPEC=1 + else + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for struct timespec in " >&5 +$as_echo_n "checking for struct timespec in ... " >&6; } +if ${gl_cv_sys_struct_timespec_in_sys_time_h+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + +int +main () +{ +static struct timespec x; x.tv_sec = x.tv_nsec; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + gl_cv_sys_struct_timespec_in_sys_time_h=yes +else + gl_cv_sys_struct_timespec_in_sys_time_h=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_sys_struct_timespec_in_sys_time_h" >&5 +$as_echo "$gl_cv_sys_struct_timespec_in_sys_time_h" >&6; } + if test $gl_cv_sys_struct_timespec_in_sys_time_h = yes; then + SYS_TIME_H_DEFINES_STRUCT_TIMESPEC=1 + else + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for struct timespec in " >&5 +$as_echo_n "checking for struct timespec in ... " >&6; } +if ${gl_cv_sys_struct_timespec_in_pthread_h+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + +int +main () +{ +static struct timespec x; x.tv_sec = x.tv_nsec; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + gl_cv_sys_struct_timespec_in_pthread_h=yes +else + gl_cv_sys_struct_timespec_in_pthread_h=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_sys_struct_timespec_in_pthread_h" >&5 +$as_echo "$gl_cv_sys_struct_timespec_in_pthread_h" >&6; } + if test $gl_cv_sys_struct_timespec_in_pthread_h = yes; then + PTHREAD_H_DEFINES_STRUCT_TIMESPEC=1 + else + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for struct timespec in " >&5 +$as_echo_n "checking for struct timespec in ... " >&6; } +if ${gl_cv_sys_struct_timespec_in_unistd_h+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + +int +main () +{ +static struct timespec x; x.tv_sec = x.tv_nsec; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + gl_cv_sys_struct_timespec_in_unistd_h=yes +else + gl_cv_sys_struct_timespec_in_unistd_h=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_sys_struct_timespec_in_unistd_h" >&5 +$as_echo "$gl_cv_sys_struct_timespec_in_unistd_h" >&6; } + if test $gl_cv_sys_struct_timespec_in_unistd_h = yes; then + UNISTD_H_DEFINES_STRUCT_TIMESPEC=1 + fi + fi + fi + fi + + + + + + + + + + + + + + + + + if test $gl_cv_have_include_next = yes; then + gl_cv_next_time_h='<'time.h'>' + else + { $as_echo "$as_me:${as_lineno-$LINENO}: checking absolute name of " >&5 +$as_echo_n "checking absolute name of ... " >&6; } +if ${gl_cv_next_time_h+:} false; then : + $as_echo_n "(cached) " >&6 +else + + + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +_ACEOF + case "$host_os" in + aix*) gl_absname_cpp="$ac_cpp -C" ;; + *) gl_absname_cpp="$ac_cpp" ;; + esac + + case "$host_os" in + mingw*) + gl_dirsep_regex='[/\\]' + ;; + *) + gl_dirsep_regex='\/' + ;; + esac + gl_make_literal_regex_sed='s,[]$^\\.*/[],\\&,g' + gl_header_literal_regex=`echo 'time.h' \ + | sed -e "$gl_make_literal_regex_sed"` + gl_absolute_header_sed="/${gl_dirsep_regex}${gl_header_literal_regex}/"'{ + s/.*"\(.*'"${gl_dirsep_regex}${gl_header_literal_regex}"'\)".*/\1/ + s|^/[^/]|//&| + p + q + }' + + gl_cv_absolute_time_h=`(eval "$gl_absname_cpp conftest.$ac_ext") 2>&5 | + sed -n "$gl_absolute_header_sed"` + + gl_header=$gl_cv_absolute_time_h + gl_cv_next_time_h='"'$gl_header'"' + + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_next_time_h" >&5 +$as_echo "$gl_cv_next_time_h" >&6; } + fi + NEXT_TIME_H=$gl_cv_next_time_h + + if test $gl_cv_have_include_next = yes || test $gl_cv_have_include_next = buggy; then + # INCLUDE_NEXT_AS_FIRST_DIRECTIVE='include_next' + gl_next_as_first_directive='<'time.h'>' + else + # INCLUDE_NEXT_AS_FIRST_DIRECTIVE='include' + gl_next_as_first_directive=$gl_cv_next_time_h + fi + NEXT_AS_FIRST_DIRECTIVE_TIME_H=$gl_next_as_first_directive + + + + + + + + + + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for inttypes.h" >&5 +$as_echo_n "checking for inttypes.h... " >&6; } +if ${gl_cv_header_inttypes_h+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include + +int +main () +{ +uintmax_t i = (uintmax_t) -1; return !i; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + gl_cv_header_inttypes_h=yes +else + gl_cv_header_inttypes_h=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_header_inttypes_h" >&5 +$as_echo "$gl_cv_header_inttypes_h" >&6; } + if test $gl_cv_header_inttypes_h = yes; then + +cat >>confdefs.h <<_ACEOF +#define HAVE_INTTYPES_H_WITH_UINTMAX 1 +_ACEOF + + fi + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for stdint.h" >&5 +$as_echo_n "checking for stdint.h... " >&6; } +if ${gl_cv_header_stdint_h+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + #include +int +main () +{ +uintmax_t i = (uintmax_t) -1; return !i; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + gl_cv_header_stdint_h=yes +else + gl_cv_header_stdint_h=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_header_stdint_h" >&5 +$as_echo "$gl_cv_header_stdint_h" >&6; } + if test $gl_cv_header_stdint_h = yes; then + +cat >>confdefs.h <<_ACEOF +#define HAVE_STDINT_H_WITH_UINTMAX 1 +_ACEOF + + fi + + + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for intmax_t" >&5 +$as_echo_n "checking for intmax_t... " >&6; } +if ${gt_cv_c_intmax_t+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include +#if HAVE_STDINT_H_WITH_UINTMAX +#include +#endif +#if HAVE_INTTYPES_H_WITH_UINTMAX +#include +#endif + +int +main () +{ +intmax_t x = -1; return !x; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + gt_cv_c_intmax_t=yes +else + gt_cv_c_intmax_t=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gt_cv_c_intmax_t" >&5 +$as_echo "$gt_cv_c_intmax_t" >&6; } + if test $gt_cv_c_intmax_t = yes; then + +$as_echo "#define HAVE_INTMAX_T 1" >>confdefs.h + + else + + test $ac_cv_type_long_long_int = yes \ + && ac_type='long long' \ + || ac_type='long' + +cat >>confdefs.h <<_ACEOF +#define intmax_t $ac_type +_ACEOF + + fi + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking where to find the exponent in a 'double'" >&5 +$as_echo_n "checking where to find the exponent in a 'double'... " >&6; } +if ${gl_cv_cc_double_expbit0+:} false; then : + $as_echo_n "(cached) " >&6 +else + + if test "$cross_compiling" = yes; then : + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#if defined arm || defined __arm || defined __arm__ + mixed_endianness +#endif + +_ACEOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + $EGREP "mixed_endianness" >/dev/null 2>&1; then : + gl_cv_cc_double_expbit0="unknown" +else + + : +if ${ac_cv_c_bigendian+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_cv_c_bigendian=unknown + # See if we're dealing with a universal compiler. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#ifndef __APPLE_CC__ + not a universal capable compiler + #endif + typedef int dummy; + +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + + # Check for potential -arch flags. It is not universal unless + # there are at least two -arch flags with different values. + ac_arch= + ac_prev= + for ac_word in $CC $CFLAGS $CPPFLAGS $LDFLAGS; do + if test -n "$ac_prev"; then + case $ac_word in + i?86 | x86_64 | ppc | ppc64) + if test -z "$ac_arch" || test "$ac_arch" = "$ac_word"; then + ac_arch=$ac_word + else + ac_cv_c_bigendian=universal + break + fi + ;; + esac + ac_prev= + elif test "x$ac_word" = "x-arch"; then + ac_prev=arch + fi + done +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + if test $ac_cv_c_bigendian = unknown; then + # See if sys/param.h defines the BYTE_ORDER macro. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + #include + +int +main () +{ +#if ! (defined BYTE_ORDER && defined BIG_ENDIAN \ + && defined LITTLE_ENDIAN && BYTE_ORDER && BIG_ENDIAN \ + && LITTLE_ENDIAN) + bogus endian macros + #endif + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + # It does; now see whether it defined to BIG_ENDIAN or not. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + #include + +int +main () +{ +#if BYTE_ORDER != BIG_ENDIAN + not big endian + #endif + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_cv_c_bigendian=yes +else + ac_cv_c_bigendian=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + fi + if test $ac_cv_c_bigendian = unknown; then + # See if defines _LITTLE_ENDIAN or _BIG_ENDIAN (e.g., Solaris). + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + +int +main () +{ +#if ! (defined _LITTLE_ENDIAN || defined _BIG_ENDIAN) + bogus endian macros + #endif + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + # It does; now see whether it defined to _BIG_ENDIAN or not. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + +int +main () +{ +#ifndef _BIG_ENDIAN + not big endian + #endif + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_cv_c_bigendian=yes +else + ac_cv_c_bigendian=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + fi + if test $ac_cv_c_bigendian = unknown; then + # Compile a test program. + if test "$cross_compiling" = yes; then : + # Try to guess by grepping values from an object file. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +short int ascii_mm[] = + { 0x4249, 0x4765, 0x6E44, 0x6961, 0x6E53, 0x7953, 0 }; + short int ascii_ii[] = + { 0x694C, 0x5454, 0x656C, 0x6E45, 0x6944, 0x6E61, 0 }; + int use_ascii (int i) { + return ascii_mm[i] + ascii_ii[i]; + } + short int ebcdic_ii[] = + { 0x89D3, 0xE3E3, 0x8593, 0x95C5, 0x89C4, 0x9581, 0 }; + short int ebcdic_mm[] = + { 0xC2C9, 0xC785, 0x95C4, 0x8981, 0x95E2, 0xA8E2, 0 }; + int use_ebcdic (int i) { + return ebcdic_mm[i] + ebcdic_ii[i]; + } + extern int foo; + +int +main () +{ +return use_ascii (foo) == use_ebcdic (foo); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + if grep BIGenDianSyS conftest.$ac_objext >/dev/null; then + ac_cv_c_bigendian=yes + fi + if grep LiTTleEnDian conftest.$ac_objext >/dev/null ; then + if test "$ac_cv_c_bigendian" = unknown; then + ac_cv_c_bigendian=no + else + # finding both strings is unlikely to happen, but who knows? + ac_cv_c_bigendian=unknown + fi + fi +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +$ac_includes_default +int +main () +{ + + /* Are we little or big endian? From Harbison&Steele. */ + union + { + long int l; + char c[sizeof (long int)]; + } u; + u.l = 1; + return u.c[sizeof (long int) - 1] == 1; + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_run "$LINENO"; then : + ac_cv_c_bigendian=no +else + ac_cv_c_bigendian=yes +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + + fi +fi +: + case $ac_cv_c_bigendian in #( + yes) + gl_cv_cc_double_expbit0="word 0 bit 20";; #( + no) + gl_cv_cc_double_expbit0="word 1 bit 20" ;; #( + universal) + +$as_echo "#define AC_APPLE_UNIVERSAL_BUILD 1" >>confdefs.h + + ;; #( + *) + gl_cv_cc_double_expbit0="unknown" ;; + esac + + +fi +rm -f conftest* + + +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include +#include +#include +#define NWORDS \ + ((sizeof (double) + sizeof (unsigned int) - 1) / sizeof (unsigned int)) +typedef union { double value; unsigned int word[NWORDS]; } memory_double; +static unsigned int ored_words[NWORDS]; +static unsigned int anded_words[NWORDS]; +static void add_to_ored_words (double x) +{ + memory_double m; + size_t i; + /* Clear it first, in case sizeof (double) < sizeof (memory_double). */ + memset (&m, 0, sizeof (memory_double)); + m.value = x; + for (i = 0; i < NWORDS; i++) + { + ored_words[i] |= m.word[i]; + anded_words[i] &= m.word[i]; + } +} +int main () +{ + size_t j; + FILE *fp = fopen ("conftest.out", "w"); + if (fp == NULL) + return 1; + for (j = 0; j < NWORDS; j++) + anded_words[j] = ~ (unsigned int) 0; + add_to_ored_words (0.25); + add_to_ored_words (0.5); + add_to_ored_words (1.0); + add_to_ored_words (2.0); + add_to_ored_words (4.0); + /* Remove bits that are common (e.g. if representation of the first mantissa + bit is explicit). */ + for (j = 0; j < NWORDS; j++) + ored_words[j] &= ~anded_words[j]; + /* Now find the nonzero word. */ + for (j = 0; j < NWORDS; j++) + if (ored_words[j] != 0) + break; + if (j < NWORDS) + { + size_t i; + for (i = j + 1; i < NWORDS; i++) + if (ored_words[i] != 0) + { + fprintf (fp, "unknown"); + return (fclose (fp) != 0); + } + for (i = 0; ; i++) + if ((ored_words[j] >> i) & 1) + { + fprintf (fp, "word %d bit %d", (int) j, (int) i); + return (fclose (fp) != 0); + } + } + fprintf (fp, "unknown"); + return (fclose (fp) != 0); +} + +_ACEOF +if ac_fn_c_try_run "$LINENO"; then : + gl_cv_cc_double_expbit0=`cat conftest.out` +else + gl_cv_cc_double_expbit0="unknown" +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + + rm -f conftest.out + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_cc_double_expbit0" >&5 +$as_echo "$gl_cv_cc_double_expbit0" >&6; } + case "$gl_cv_cc_double_expbit0" in + word*bit*) + word=`echo "$gl_cv_cc_double_expbit0" | sed -e 's/word //' -e 's/ bit.*//'` + bit=`echo "$gl_cv_cc_double_expbit0" | sed -e 's/word.*bit //'` + +cat >>confdefs.h <<_ACEOF +#define DBL_EXPBIT0_WORD $word +_ACEOF + + +cat >>confdefs.h <<_ACEOF +#define DBL_EXPBIT0_BIT $bit +_ACEOF + + ;; + esac + + + + + + + for ac_func in snprintf strnlen wcslen wcsnlen mbrtowc wcrtomb +do : + as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` +ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" +if eval test \"x\$"$as_ac_var"\" = x"yes"; then : + cat >>confdefs.h <<_ACEOF +#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 +_ACEOF + +fi +done + + ac_fn_c_check_decl "$LINENO" "_snprintf" "ac_cv_have_decl__snprintf" "#include +" +if test "x$ac_cv_have_decl__snprintf" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 +fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL__SNPRINTF $ac_have_decl +_ACEOF + + + + case "$gl_cv_func_snprintf_retval_c99" in + *yes) + +$as_echo "#define HAVE_SNPRINTF_RETVAL_C99 1" >>confdefs.h + + ;; + esac + + + XGETTEXT_EXTRA_OPTIONS= + +ac_fn_c_check_decl "$LINENO" "vsnprintf" "ac_cv_have_decl_vsnprintf" "$ac_includes_default" +if test "x$ac_cv_have_decl_vsnprintf" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 +fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_VSNPRINTF $ac_have_decl +_ACEOF + + + GNULIB_BTOWC=0; + GNULIB_WCTOB=0; + GNULIB_MBSINIT=0; + GNULIB_MBRTOWC=0; + GNULIB_MBRLEN=0; + GNULIB_MBSRTOWCS=0; + GNULIB_MBSNRTOWCS=0; + GNULIB_WCRTOMB=0; + GNULIB_WCSRTOMBS=0; + GNULIB_WCSNRTOMBS=0; + GNULIB_WCWIDTH=0; + GNULIB_WMEMCHR=0; + GNULIB_WMEMCMP=0; + GNULIB_WMEMCPY=0; + GNULIB_WMEMMOVE=0; + GNULIB_WMEMSET=0; + GNULIB_WCSLEN=0; + GNULIB_WCSNLEN=0; + GNULIB_WCSCPY=0; + GNULIB_WCPCPY=0; + GNULIB_WCSNCPY=0; + GNULIB_WCPNCPY=0; + GNULIB_WCSCAT=0; + GNULIB_WCSNCAT=0; + GNULIB_WCSCMP=0; + GNULIB_WCSNCMP=0; + GNULIB_WCSCASECMP=0; + GNULIB_WCSNCASECMP=0; + GNULIB_WCSCOLL=0; + GNULIB_WCSXFRM=0; + GNULIB_WCSDUP=0; + GNULIB_WCSCHR=0; + GNULIB_WCSRCHR=0; + GNULIB_WCSCSPN=0; + GNULIB_WCSSPN=0; + GNULIB_WCSPBRK=0; + GNULIB_WCSSTR=0; + GNULIB_WCSTOK=0; + GNULIB_WCSWIDTH=0; + GNULIB_WCSFTIME=0; + HAVE_BTOWC=1; + HAVE_MBSINIT=1; + HAVE_MBRTOWC=1; + HAVE_MBRLEN=1; + HAVE_MBSRTOWCS=1; + HAVE_MBSNRTOWCS=1; + HAVE_WCRTOMB=1; + HAVE_WCSRTOMBS=1; + HAVE_WCSNRTOMBS=1; + HAVE_WMEMCHR=1; + HAVE_WMEMCMP=1; + HAVE_WMEMCPY=1; + HAVE_WMEMMOVE=1; + HAVE_WMEMSET=1; + HAVE_WCSLEN=1; + HAVE_WCSNLEN=1; + HAVE_WCSCPY=1; + HAVE_WCPCPY=1; + HAVE_WCSNCPY=1; + HAVE_WCPNCPY=1; + HAVE_WCSCAT=1; + HAVE_WCSNCAT=1; + HAVE_WCSCMP=1; + HAVE_WCSNCMP=1; + HAVE_WCSCASECMP=1; + HAVE_WCSNCASECMP=1; + HAVE_WCSCOLL=1; + HAVE_WCSXFRM=1; + HAVE_WCSDUP=1; + HAVE_WCSCHR=1; + HAVE_WCSRCHR=1; + HAVE_WCSCSPN=1; + HAVE_WCSSPN=1; + HAVE_WCSPBRK=1; + HAVE_WCSSTR=1; + HAVE_WCSTOK=1; + HAVE_WCSWIDTH=1; + HAVE_WCSFTIME=1; + HAVE_DECL_WCTOB=1; + HAVE_DECL_WCWIDTH=1; + REPLACE_MBSTATE_T=0; + REPLACE_BTOWC=0; + REPLACE_WCTOB=0; + REPLACE_MBSINIT=0; + REPLACE_MBRTOWC=0; + REPLACE_MBRLEN=0; + REPLACE_MBSRTOWCS=0; + REPLACE_MBSNRTOWCS=0; + REPLACE_WCRTOMB=0; + REPLACE_WCSRTOMBS=0; + REPLACE_WCSNRTOMBS=0; + REPLACE_WCWIDTH=0; + REPLACE_WCSWIDTH=0; + REPLACE_WCSFTIME=0; + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether uses 'inline' correctly" >&5 +$as_echo_n "checking whether uses 'inline' correctly... " >&6; } +if ${gl_cv_header_wchar_h_correct_inline+:} false; then : + $as_echo_n "(cached) " >&6 +else + gl_cv_header_wchar_h_correct_inline=yes + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + #define wcstod renamed_wcstod +/* Tru64 with Desktop Toolkit C has a bug: must be included before + . + BSD/OS 4.0.1 has a bug: , and must be + included before . */ +#include +#include +#include +#include +extern int zero (void); +int main () { return zero(); } + +_ACEOF + save_ac_compile="$ac_compile" + ac_compile=`echo "$save_ac_compile" | sed s/conftest/conftest1/` + if echo '#include "conftest.c"' >conftest1.c && + { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5 + (eval $ac_compile) 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + #define wcstod renamed_wcstod +/* Tru64 with Desktop Toolkit C has a bug: must be included before + . + BSD/OS 4.0.1 has a bug: , and must be + included before . */ +#include +#include +#include +#include +int zero (void) { return 0; } + +_ACEOF + ac_compile=`echo "$save_ac_compile" | sed s/conftest/conftest2/` + if echo '#include "conftest.c"' >conftest2.c && + { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5 + (eval $ac_compile) 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + if $CC -o conftest$ac_exeext $CFLAGS $LDFLAGS conftest1.$ac_objext conftest2.$ac_objext $LIBS >&5 2>&1; then + : + else + gl_cv_header_wchar_h_correct_inline=no + fi + fi + fi + ac_compile="$save_ac_compile" + rm -f conftest12.c conftest12.$ac_objext conftest$ac_exeext + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_header_wchar_h_correct_inline" >&5 +$as_echo "$gl_cv_header_wchar_h_correct_inline" >&6; } + if test $gl_cv_header_wchar_h_correct_inline = no; then + as_fn_error $? " cannot be used with this compiler ($CC $CFLAGS $CPPFLAGS). +This is a known interoperability problem of glibc <= 2.5 with gcc >= 4.3 in +C99 mode. You have four options: + - Add the flag -fgnu89-inline to CC and reconfigure, or + - Fix your include files, using parts of + , or + - Use a gcc version older than 4.3, or + - Don't use the flags -std=c99 or -std=gnu99. +Configuration aborted." "$LINENO" 5 + fi + + + + + + if test $ac_cv_header_crtdefs_h = yes; then + HAVE_CRTDEFS_H=1 + else + HAVE_CRTDEFS_H=0 + fi + + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for nl_langinfo and CODESET" >&5 +$as_echo_n "checking for nl_langinfo and CODESET... " >&6; } +if ${am_cv_langinfo_codeset+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +int +main () +{ +char* cs = nl_langinfo(CODESET); return !cs; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + am_cv_langinfo_codeset=yes +else + am_cv_langinfo_codeset=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_langinfo_codeset" >&5 +$as_echo "$am_cv_langinfo_codeset" >&6; } + if test $am_cv_langinfo_codeset = yes; then + +$as_echo "#define HAVE_LANGINFO_CODESET 1" >>confdefs.h + + fi + + + GNULIB_ISBLANK=0; + HAVE_ISBLANK=1; + + + + + + + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if environ is properly declared" >&5 +$as_echo_n "checking if environ is properly declared... " >&6; } +if ${gt_cv_var_environ_declaration+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#if HAVE_UNISTD_H + #include + #endif + /* mingw, BeOS, Haiku declare environ in , not in . */ + #include + + extern struct { int foo; } environ; +int +main () +{ +environ.foo = 1; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + gt_cv_var_environ_declaration=no +else + gt_cv_var_environ_declaration=yes +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gt_cv_var_environ_declaration" >&5 +$as_echo "$gt_cv_var_environ_declaration" >&6; } + if test $gt_cv_var_environ_declaration = yes; then + +$as_echo "#define HAVE_ENVIRON_DECL 1" >>confdefs.h + + fi + + + if test $gt_cv_var_environ_declaration != yes; then + HAVE_DECL_ENVIRON=0 + fi + + + GNULIB_FCNTL=0; + GNULIB_NONBLOCKING=0; + GNULIB_OPEN=0; + GNULIB_OPENAT=0; + HAVE_FCNTL=1; + HAVE_OPENAT=1; + REPLACE_FCNTL=0; + REPLACE_OPEN=0; + REPLACE_OPENAT=0; + + + + + + + + + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for working fcntl.h" >&5 +$as_echo_n "checking for working fcntl.h... " >&6; } +if ${gl_cv_header_working_fcntl_h+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test "$cross_compiling" = yes; then : + case "$host_os" in + # Guess 'no' on native Windows. + mingw*) gl_cv_header_working_fcntl_h='no' ;; + *) gl_cv_header_working_fcntl_h=cross-compiling ;; + esac + +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + #include + #if HAVE_UNISTD_H + # include + #else /* on Windows with MSVC */ + # include + # include + # defined sleep(n) _sleep ((n) * 1000) + #endif + #include + #ifndef O_NOATIME + #define O_NOATIME 0 + #endif + #ifndef O_NOFOLLOW + #define O_NOFOLLOW 0 + #endif + static int const constants[] = + { + O_CREAT, O_EXCL, O_NOCTTY, O_TRUNC, O_APPEND, + O_NONBLOCK, O_SYNC, O_ACCMODE, O_RDONLY, O_RDWR, O_WRONLY + }; + +int +main () +{ + + int result = !constants; + #if HAVE_SYMLINK + { + static char const sym[] = "conftest.sym"; + if (symlink ("/dev/null", sym) != 0) + result |= 2; + else + { + int fd = open (sym, O_WRONLY | O_NOFOLLOW | O_CREAT, 0); + if (fd >= 0) + { + close (fd); + result |= 4; + } + } + if (unlink (sym) != 0 || symlink (".", sym) != 0) + result |= 2; + else + { + int fd = open (sym, O_RDONLY | O_NOFOLLOW); + if (fd >= 0) + { + close (fd); + result |= 4; + } + } + unlink (sym); + } + #endif + { + static char const file[] = "confdefs.h"; + int fd = open (file, O_RDONLY | O_NOATIME); + if (fd < 0) + result |= 8; + else + { + struct stat st0; + if (fstat (fd, &st0) != 0) + result |= 16; + else + { + char c; + sleep (1); + if (read (fd, &c, 1) != 1) + result |= 24; + else + { + if (close (fd) != 0) + result |= 32; + else + { + struct stat st1; + if (stat (file, &st1) != 0) + result |= 40; + else + if (st0.st_atime != st1.st_atime) + result |= 64; + } + } + } + } + } + return result; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_run "$LINENO"; then : + gl_cv_header_working_fcntl_h=yes +else + case $? in #( + 4) gl_cv_header_working_fcntl_h='no (bad O_NOFOLLOW)';; #( + 64) gl_cv_header_working_fcntl_h='no (bad O_NOATIME)';; #( + 68) gl_cv_header_working_fcntl_h='no (bad O_NOATIME, O_NOFOLLOW)';; #( + *) gl_cv_header_working_fcntl_h='no';; + esac +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_header_working_fcntl_h" >&5 +$as_echo "$gl_cv_header_working_fcntl_h" >&6; } + + case $gl_cv_header_working_fcntl_h in #( + *O_NOATIME* | no | cross-compiling) ac_val=0;; #( + *) ac_val=1;; + esac + +cat >>confdefs.h <<_ACEOF +#define HAVE_WORKING_O_NOATIME $ac_val +_ACEOF + + + case $gl_cv_header_working_fcntl_h in #( + *O_NOFOLLOW* | no | cross-compiling) ac_val=0;; #( + *) ac_val=1;; + esac + +cat >>confdefs.h <<_ACEOF +#define HAVE_WORKING_O_NOFOLLOW $ac_val +_ACEOF + + + + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether ungetc works on arbitrary bytes" >&5 +$as_echo_n "checking whether ungetc works on arbitrary bytes... " >&6; } +if ${gl_cv_func_ungetc_works+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test "$cross_compiling" = yes; then : + case "$host_os" in + # Guess yes on glibc systems. + *-gnu* | gnu*) gl_cv_func_ungetc_works="guessing yes" ;; + # Guess yes on musl systems. + *-musl*) gl_cv_func_ungetc_works="guessing yes" ;; + # Guess yes on bionic systems. + *-android*) gl_cv_func_ungetc_works="guessing yes" ;; + # Guess yes on native Windows. + mingw*) gl_cv_func_ungetc_works="guessing yes" ;; + # If we don't know, assume the worst. + *) gl_cv_func_ungetc_works="guessing no" ;; + esac + +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include + +int +main () +{ +FILE *f; + if (!(f = fopen ("conftest.tmp", "w+"))) + return 1; + if (fputs ("abc", f) < 0) + { fclose (f); return 2; } + rewind (f); + if (fgetc (f) != 'a') + { fclose (f); return 3; } + if (fgetc (f) != 'b') + { fclose (f); return 4; } + if (ungetc ('d', f) != 'd') + { fclose (f); return 5; } + if (ftell (f) != 1) + { fclose (f); return 6; } + if (fgetc (f) != 'd') + { fclose (f); return 7; } + if (ftell (f) != 2) + { fclose (f); return 8; } + if (fseek (f, 0, SEEK_CUR) != 0) + { fclose (f); return 9; } + if (ftell (f) != 2) + { fclose (f); return 10; } + if (fgetc (f) != 'c') + { fclose (f); return 11; } + fclose (f); + remove ("conftest.tmp"); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_run "$LINENO"; then : + gl_cv_func_ungetc_works=yes +else + gl_cv_func_ungetc_works=no +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_func_ungetc_works" >&5 +$as_echo "$gl_cv_func_ungetc_works" >&6; } + case "$gl_cv_func_ungetc_works" in + *yes) ;; + *) + +$as_echo "#define FUNC_UNGETC_BROKEN 1" >>confdefs.h + + ;; + esac + + + + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether getcwd (NULL, 0) allocates memory for result" >&5 +$as_echo_n "checking whether getcwd (NULL, 0) allocates memory for result... " >&6; } +if ${gl_cv_func_getcwd_null+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test "$cross_compiling" = yes; then : + case "$host_os" in + # Guess yes on glibc systems. + *-gnu* | gnu*) gl_cv_func_getcwd_null="guessing yes";; + # Guess yes on musl systems. + *-musl*) gl_cv_func_getcwd_null="guessing yes";; + # Guess yes on Cygwin. + cygwin*) gl_cv_func_getcwd_null="guessing yes";; + # If we don't know, assume the worst. + *) gl_cv_func_getcwd_null="guessing no";; + esac + +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +# include +# if HAVE_UNISTD_H +# include +# else /* on Windows with MSVC */ +# include +# endif +# ifndef getcwd + char *getcwd (); +# endif + +int +main () +{ + +#if defined _WIN32 && ! defined __CYGWIN__ +/* mingw cwd does not start with '/', but getcwd does allocate. + However, mingw fails to honor non-zero size. */ +#else + if (chdir ("/") != 0) + return 1; + else + { + char *f = getcwd (NULL, 0); + if (! f) + return 2; + if (f[0] != '/') + { free (f); return 3; } + if (f[1] != '\0') + { free (f); return 4; } + free (f); + return 0; + } +#endif + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_run "$LINENO"; then : + gl_cv_func_getcwd_null=yes +else + gl_cv_func_getcwd_null=no +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_func_getcwd_null" >&5 +$as_echo "$gl_cv_func_getcwd_null" >&6; } + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for getcwd with POSIX signature" >&5 +$as_echo_n "checking for getcwd with POSIX signature... " >&6; } +if ${gl_cv_func_getcwd_posix_signature+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +int +main () +{ +extern + #ifdef __cplusplus + "C" + #endif + char *getcwd (char *, size_t); + + ; + return 0; +} + +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + gl_cv_func_getcwd_posix_signature=yes +else + gl_cv_func_getcwd_posix_signature=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_func_getcwd_posix_signature" >&5 +$as_echo "$gl_cv_func_getcwd_posix_signature" >&6; } + + + +ac_fn_c_check_decl "$LINENO" "getdtablesize" "ac_cv_have_decl_getdtablesize" "$ac_includes_default" +if test "x$ac_cv_have_decl_getdtablesize" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 +fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_GETDTABLESIZE $ac_have_decl +_ACEOF + + + + + GNULIB_IMAXABS=0; + GNULIB_IMAXDIV=0; + GNULIB_STRTOIMAX=0; + GNULIB_STRTOUMAX=0; + HAVE_DECL_IMAXABS=1; + HAVE_DECL_IMAXDIV=1; + HAVE_DECL_STRTOIMAX=1; + HAVE_DECL_STRTOUMAX=1; + HAVE_IMAXDIV_T=1; + REPLACE_STRTOIMAX=0; + REPLACE_STRTOUMAX=0; + INT32_MAX_LT_INTMAX_MAX=1; + INT64_MAX_EQ_LONG_MAX='defined _LP64'; + PRI_MACROS_BROKEN=0; + PRIPTR_PREFIX=__PRIPTR_PREFIX; + UINT32_MAX_LT_UINTMAX_MAX=1; + UINT64_MAX_EQ_ULONG_MAX='defined _LP64'; + + + + + + + + + + + + + + + + if test $gl_cv_have_include_next = yes; then + gl_cv_next_inttypes_h='<'inttypes.h'>' + else + { $as_echo "$as_me:${as_lineno-$LINENO}: checking absolute name of " >&5 +$as_echo_n "checking absolute name of ... " >&6; } +if ${gl_cv_next_inttypes_h+:} false; then : + $as_echo_n "(cached) " >&6 +else + + if test $ac_cv_header_inttypes_h = yes; then + + + + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +_ACEOF + case "$host_os" in + aix*) gl_absname_cpp="$ac_cpp -C" ;; + *) gl_absname_cpp="$ac_cpp" ;; + esac + + case "$host_os" in + mingw*) + gl_dirsep_regex='[/\\]' + ;; + *) + gl_dirsep_regex='\/' + ;; + esac + gl_make_literal_regex_sed='s,[]$^\\.*/[],\\&,g' + gl_header_literal_regex=`echo 'inttypes.h' \ + | sed -e "$gl_make_literal_regex_sed"` + gl_absolute_header_sed="/${gl_dirsep_regex}${gl_header_literal_regex}/"'{ + s/.*"\(.*'"${gl_dirsep_regex}${gl_header_literal_regex}"'\)".*/\1/ + s|^/[^/]|//&| + p + q + }' + + gl_cv_absolute_inttypes_h=`(eval "$gl_absname_cpp conftest.$ac_ext") 2>&5 | + sed -n "$gl_absolute_header_sed"` + + gl_header=$gl_cv_absolute_inttypes_h + gl_cv_next_inttypes_h='"'$gl_header'"' + else + gl_cv_next_inttypes_h='<'inttypes.h'>' + fi + + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_next_inttypes_h" >&5 +$as_echo "$gl_cv_next_inttypes_h" >&6; } + fi + NEXT_INTTYPES_H=$gl_cv_next_inttypes_h + + if test $gl_cv_have_include_next = yes || test $gl_cv_have_include_next = buggy; then + # INCLUDE_NEXT_AS_FIRST_DIRECTIVE='include_next' + gl_next_as_first_directive='<'inttypes.h'>' + else + # INCLUDE_NEXT_AS_FIRST_DIRECTIVE='include' + gl_next_as_first_directive=$gl_cv_next_inttypes_h + fi + NEXT_AS_FIRST_DIRECTIVE_INTTYPES_H=$gl_next_as_first_directive + + + + + + + + + + + + + for ac_header in inttypes.h +do : + ac_fn_c_check_header_mongrel "$LINENO" "inttypes.h" "ac_cv_header_inttypes_h" "$ac_includes_default" +if test "x$ac_cv_header_inttypes_h" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_INTTYPES_H 1 +_ACEOF + +fi + +done + + if test $ac_cv_header_inttypes_h = yes; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the inttypes.h PRIxNN macros are broken" >&5 +$as_echo_n "checking whether the inttypes.h PRIxNN macros are broken... " >&6; } +if ${gt_cv_inttypes_pri_broken+:} false; then : + $as_echo_n "(cached) " >&6 +else + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#ifdef PRId32 +char *p = PRId32; +#endif + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + gt_cv_inttypes_pri_broken=no +else + gt_cv_inttypes_pri_broken=yes +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gt_cv_inttypes_pri_broken" >&5 +$as_echo "$gt_cv_inttypes_pri_broken" >&6; } + fi + if test "$gt_cv_inttypes_pri_broken" = yes; then + +cat >>confdefs.h <<_ACEOF +#define PRI_MACROS_BROKEN 1 +_ACEOF + + PRI_MACROS_BROKEN=1 + else + PRI_MACROS_BROKEN=0 + fi + + + + + + GNULIB_NL_LANGINFO=0; + HAVE_NL_LANGINFO=1; + REPLACE_NL_LANGINFO=0; + + + + + GNULIB_LOCALECONV=0; + GNULIB_SETLOCALE=0; + GNULIB_DUPLOCALE=0; + GNULIB_LOCALENAME=0; + HAVE_NEWLOCALE=1; + HAVE_DUPLOCALE=1; + HAVE_FREELOCALE=1; + REPLACE_LOCALECONV=0; + REPLACE_SETLOCALE=0; + REPLACE_NEWLOCALE=0; + REPLACE_DUPLOCALE=0; + REPLACE_FREELOCALE=0; + REPLACE_STRUCT_LCONV=0; + + + + + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for LC_MESSAGES" >&5 +$as_echo_n "checking for LC_MESSAGES... " >&6; } +if ${gt_cv_val_LC_MESSAGES+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +int +main () +{ +return LC_MESSAGES + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + gt_cv_val_LC_MESSAGES=yes +else + gt_cv_val_LC_MESSAGES=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gt_cv_val_LC_MESSAGES" >&5 +$as_echo "$gt_cv_val_LC_MESSAGES" >&6; } + if test $gt_cv_val_LC_MESSAGES = yes; then + +$as_echo "#define HAVE_LC_MESSAGES 1" >>confdefs.h + + fi + + + + + + + + + + + + + + if test $ac_cv_func_uselocale = yes; then + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether uselocale works" >&5 +$as_echo_n "checking whether uselocale works... " >&6; } +if ${gt_cv_func_uselocale_works+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test "$cross_compiling" = yes; then : + # Guess no on AIX, yes otherwise. + case "$host_os" in + aix*) gt_cv_func_uselocale_works="guessing no" ;; + *) gt_cv_func_uselocale_works="guessing yes" ;; + esac + +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#if HAVE_XLOCALE_H +# include +#endif +int main () +{ + uselocale (NULL); + setlocale (LC_ALL, "en_US.UTF-8"); + return 0; +} +_ACEOF +if ac_fn_c_try_run "$LINENO"; then : + gt_cv_func_uselocale_works=yes +else + gt_cv_func_uselocale_works=no +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gt_cv_func_uselocale_works" >&5 +$as_echo "$gt_cv_func_uselocale_works" >&6; } + else + gt_cv_func_uselocale_works=no + fi + case "$gt_cv_func_uselocale_works" in + *yes) + +$as_echo "#define HAVE_WORKING_USELOCALE 1" >>confdefs.h + + ;; + esac + + + case "$gt_cv_func_uselocale_works" in + *yes) + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for fake locale system (OpenBSD)" >&5 +$as_echo_n "checking for fake locale system (OpenBSD)... " >&6; } +if ${gt_cv_locale_fake+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test "$cross_compiling" = yes; then : + case "$host_os" in + openbsd*) gt_cv_locale_fake="guessing yes" ;; + *) gt_cv_locale_fake="guessing no" ;; + esac + +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#if HAVE_XLOCALE_H +# include +#endif +int main () +{ + locale_t loc1, loc2; + if (setlocale (LC_ALL, "de_DE.UTF-8") == NULL) return 1; + if (setlocale (LC_ALL, "fr_FR.UTF-8") == NULL) return 1; + loc1 = newlocale (LC_ALL_MASK, "de_DE.UTF-8", (locale_t)0); + loc2 = newlocale (LC_ALL_MASK, "fr_FR.UTF-8", (locale_t)0); + return !(loc1 == loc2); +} +_ACEOF +if ac_fn_c_try_run "$LINENO"; then : + gt_cv_locale_fake=yes +else + gt_cv_locale_fake=no +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gt_cv_locale_fake" >&5 +$as_echo "$gt_cv_locale_fake" >&6; } + ;; + *) gt_cv_locale_fake=no ;; + esac + case "$gt_cv_locale_fake" in + *yes) + +$as_echo "#define HAVE_FAKE_LOCALES 1" >>confdefs.h + + ;; + esac + + case "$gt_cv_func_uselocale_works" in + *yes) + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for Solaris 11.4 locale system" >&5 +$as_echo_n "checking for Solaris 11.4 locale system... " >&6; } +if ${gt_cv_locale_solaris114+:} false; then : + $as_echo_n "(cached) " >&6 +else + case "$host_os" in + solaris*) + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + #include + struct _LC_locale_t *x; + locale_t y; + +int +main () +{ +*y = x; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + gt_cv_locale_solaris114=yes +else + gt_cv_locale_solaris114=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + ;; + *) gt_cv_locale_solaris114=no ;; + esac + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gt_cv_locale_solaris114" >&5 +$as_echo "$gt_cv_locale_solaris114" >&6; } + ;; + *) gt_cv_locale_solaris114=no ;; + esac + if test $gt_cv_locale_solaris114 = yes; then + +$as_echo "#define HAVE_SOLARIS114_LOCALES 1" >>confdefs.h + + fi + + case "$gt_cv_func_uselocale_works" in + *yes) + for ac_func in getlocalename_l +do : + ac_fn_c_check_func "$LINENO" "getlocalename_l" "ac_cv_func_getlocalename_l" +if test "x$ac_cv_func_getlocalename_l" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_GETLOCALENAME_L 1 +_ACEOF + +fi +done + + ;; + esac + + gt_nameless_locales=no + if false; then + gt_nameless_locales=yes + +$as_echo "#define HAVE_NAMELESS_LOCALES 1" >>confdefs.h + + fi + + + + + + + + gl_threads_api=none + LIBTHREAD= + LTLIBTHREAD= + LIBMULTITHREAD= + LTLIBMULTITHREAD= + if test "$gl_use_threads" != no; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether imported symbols can be declared weak" >&5 +$as_echo_n "checking whether imported symbols can be declared weak... " >&6; } +if ${gl_cv_have_weak+:} false; then : + $as_echo_n "(cached) " >&6 +else + gl_cv_have_weak=no + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +extern void xyzzy (); +#pragma weak xyzzy +int +main () +{ +xyzzy(); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + gl_cv_have_weak=maybe +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + if test $gl_cv_have_weak = maybe; then + if test "$cross_compiling" = yes; then : + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#ifdef __ELF__ + Extensible Linking Format + #endif + +_ACEOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + $EGREP "Extensible Linking Format" >/dev/null 2>&1; then : + gl_cv_have_weak="guessing yes" +else + gl_cv_have_weak="guessing no" +fi +rm -f conftest* + + +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#pragma weak fputs +int main () +{ + return (fputs == NULL); +} +_ACEOF +if ac_fn_c_try_run "$LINENO"; then : + gl_cv_have_weak=yes +else + gl_cv_have_weak=no +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + + fi + case " $LDFLAGS " in + *" -static "*) gl_cv_have_weak=no ;; + esac + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_have_weak" >&5 +$as_echo "$gl_cv_have_weak" >&6; } + if test "$gl_use_threads" = yes || test "$gl_use_threads" = posix; then + # On OSF/1, the compiler needs the flag -pthread or -D_REENTRANT so that + # it groks . It's added above, in gl_THREADLIB_EARLY_BODY. + ac_fn_c_check_header_mongrel "$LINENO" "pthread.h" "ac_cv_header_pthread_h" "$ac_includes_default" +if test "x$ac_cv_header_pthread_h" = xyes; then : + gl_have_pthread_h=yes +else + gl_have_pthread_h=no +fi + + + if test "$gl_have_pthread_h" = yes; then + # Other possible tests: + # -lpthreads (FSU threads, PCthreads) + # -lgthreads + gl_have_pthread= + # Test whether both pthread_mutex_lock and pthread_mutexattr_init exist + # in libc. IRIX 6.5 has the first one in both libc and libpthread, but + # the second one only in libpthread, and lock.c needs it. + # + # If -pthread works, prefer it to -lpthread, since Ubuntu 14.04 + # needs -pthread for some reason. See: + # https://lists.gnu.org/r/bug-gnulib/2014-09/msg00023.html + save_LIBS=$LIBS + for gl_pthread in '' '-pthread'; do + LIBS="$LIBS $gl_pthread" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + pthread_mutex_t m; + pthread_mutexattr_t ma; + +int +main () +{ +pthread_mutex_lock (&m); + pthread_mutexattr_init (&ma); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + gl_have_pthread=yes + LIBTHREAD=$gl_pthread LTLIBTHREAD=$gl_pthread + LIBMULTITHREAD=$gl_pthread LTLIBMULTITHREAD=$gl_pthread +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + LIBS=$save_LIBS + test -n "$gl_have_pthread" && break + done + + # Test for libpthread by looking for pthread_kill. (Not pthread_self, + # since it is defined as a macro on OSF/1.) + if test -n "$gl_have_pthread" && test -z "$LIBTHREAD"; then + # The program links fine without libpthread. But it may actually + # need to link with libpthread in order to create multiple threads. + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for pthread_kill in -lpthread" >&5 +$as_echo_n "checking for pthread_kill in -lpthread... " >&6; } +if ${ac_cv_lib_pthread_pthread_kill+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-lpthread $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char pthread_kill (); +int +main () +{ +return pthread_kill (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + ac_cv_lib_pthread_pthread_kill=yes +else + ac_cv_lib_pthread_pthread_kill=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_pthread_pthread_kill" >&5 +$as_echo "$ac_cv_lib_pthread_pthread_kill" >&6; } +if test "x$ac_cv_lib_pthread_pthread_kill" = xyes; then : + LIBMULTITHREAD=-lpthread LTLIBMULTITHREAD=-lpthread + # On Solaris and HP-UX, most pthread functions exist also in libc. + # Therefore pthread_in_use() needs to actually try to create a + # thread: pthread_create from libc will fail, whereas + # pthread_create will actually create a thread. + # On Solaris 10 or newer, this test is no longer needed, because + # libc contains the fully functional pthread functions. + case "$host_os" in + solaris | solaris2.1-9 | solaris2.1-9.* | hpux*) + +$as_echo "#define PTHREAD_IN_USE_DETECTION_HARD 1" >>confdefs.h + + esac + +fi + + elif test -z "$gl_have_pthread"; then + # Some library is needed. Try libpthread and libc_r. + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for pthread_kill in -lpthread" >&5 +$as_echo_n "checking for pthread_kill in -lpthread... " >&6; } +if ${ac_cv_lib_pthread_pthread_kill+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-lpthread $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char pthread_kill (); +int +main () +{ +return pthread_kill (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + ac_cv_lib_pthread_pthread_kill=yes +else + ac_cv_lib_pthread_pthread_kill=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_pthread_pthread_kill" >&5 +$as_echo "$ac_cv_lib_pthread_pthread_kill" >&6; } +if test "x$ac_cv_lib_pthread_pthread_kill" = xyes; then : + gl_have_pthread=yes + LIBTHREAD=-lpthread LTLIBTHREAD=-lpthread + LIBMULTITHREAD=-lpthread LTLIBMULTITHREAD=-lpthread +fi + + if test -z "$gl_have_pthread"; then + # For FreeBSD 4. + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for pthread_kill in -lc_r" >&5 +$as_echo_n "checking for pthread_kill in -lc_r... " >&6; } +if ${ac_cv_lib_c_r_pthread_kill+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-lc_r $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char pthread_kill (); +int +main () +{ +return pthread_kill (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + ac_cv_lib_c_r_pthread_kill=yes +else + ac_cv_lib_c_r_pthread_kill=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_c_r_pthread_kill" >&5 +$as_echo "$ac_cv_lib_c_r_pthread_kill" >&6; } +if test "x$ac_cv_lib_c_r_pthread_kill" = xyes; then : + gl_have_pthread=yes + LIBTHREAD=-lc_r LTLIBTHREAD=-lc_r + LIBMULTITHREAD=-lc_r LTLIBMULTITHREAD=-lc_r +fi + + fi + fi + if test -n "$gl_have_pthread"; then + gl_threads_api=posix + +$as_echo "#define USE_POSIX_THREADS 1" >>confdefs.h + + if test -n "$LIBMULTITHREAD" || test -n "$LTLIBMULTITHREAD"; then + if case "$gl_cv_have_weak" in *yes) true;; *) false;; esac; then + +$as_echo "#define USE_POSIX_THREADS_WEAK 1" >>confdefs.h + + LIBTHREAD= + LTLIBTHREAD= + fi + fi + fi + fi + fi + if test -z "$gl_have_pthread"; then + if test "$gl_use_threads" = yes || test "$gl_use_threads" = solaris; then + gl_have_solaristhread= + gl_save_LIBS="$LIBS" + LIBS="$LIBS -lthread" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include + +int +main () +{ +thr_self(); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + gl_have_solaristhread=yes +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + LIBS="$gl_save_LIBS" + if test -n "$gl_have_solaristhread"; then + gl_threads_api=solaris + LIBTHREAD=-lthread + LTLIBTHREAD=-lthread + LIBMULTITHREAD="$LIBTHREAD" + LTLIBMULTITHREAD="$LTLIBTHREAD" + +$as_echo "#define USE_SOLARIS_THREADS 1" >>confdefs.h + + if case "$gl_cv_have_weak" in *yes) true;; *) false;; esac; then + +$as_echo "#define USE_SOLARIS_THREADS_WEAK 1" >>confdefs.h + + LIBTHREAD= + LTLIBTHREAD= + fi + fi + fi + fi + if test "$gl_use_threads" = pth; then + gl_save_CPPFLAGS="$CPPFLAGS" + + + + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking how to link with libpth" >&5 +$as_echo_n "checking how to link with libpth... " >&6; } +if ${ac_cv_libpth_libs+:} false; then : + $as_echo_n "(cached) " >&6 +else + + + + + + + + use_additional=yes + + acl_save_prefix="$prefix" + prefix="$acl_final_prefix" + acl_save_exec_prefix="$exec_prefix" + exec_prefix="$acl_final_exec_prefix" + + eval additional_includedir=\"$includedir\" + eval additional_libdir=\"$libdir\" + + exec_prefix="$acl_save_exec_prefix" + prefix="$acl_save_prefix" + + +# Check whether --with-libpth-prefix was given. +if test "${with_libpth_prefix+set}" = set; then : + withval=$with_libpth_prefix; + if test "X$withval" = "Xno"; then + use_additional=no + else + if test "X$withval" = "X"; then + + acl_save_prefix="$prefix" + prefix="$acl_final_prefix" + acl_save_exec_prefix="$exec_prefix" + exec_prefix="$acl_final_exec_prefix" + + eval additional_includedir=\"$includedir\" + eval additional_libdir=\"$libdir\" + + exec_prefix="$acl_save_exec_prefix" + prefix="$acl_save_prefix" + + else + additional_includedir="$withval/include" + additional_libdir="$withval/$acl_libdirstem" + if test "$acl_libdirstem2" != "$acl_libdirstem" \ + && test ! -d "$withval/$acl_libdirstem"; then + additional_libdir="$withval/$acl_libdirstem2" + fi + fi + fi + +fi + + LIBPTH= + LTLIBPTH= + INCPTH= + LIBPTH_PREFIX= + HAVE_LIBPTH= + rpathdirs= + ltrpathdirs= + names_already_handled= + names_next_round='pth ' + while test -n "$names_next_round"; do + names_this_round="$names_next_round" + names_next_round= + for name in $names_this_round; do + already_handled= + for n in $names_already_handled; do + if test "$n" = "$name"; then + already_handled=yes + break + fi + done + if test -z "$already_handled"; then + names_already_handled="$names_already_handled $name" + uppername=`echo "$name" | sed -e 'y|abcdefghijklmnopqrstuvwxyz./+-|ABCDEFGHIJKLMNOPQRSTUVWXYZ____|'` + eval value=\"\$HAVE_LIB$uppername\" + if test -n "$value"; then + if test "$value" = yes; then + eval value=\"\$LIB$uppername\" + test -z "$value" || LIBPTH="${LIBPTH}${LIBPTH:+ }$value" + eval value=\"\$LTLIB$uppername\" + test -z "$value" || LTLIBPTH="${LTLIBPTH}${LTLIBPTH:+ }$value" + else + : + fi + else + found_dir= + found_la= + found_so= + found_a= + eval libname=\"$acl_libname_spec\" # typically: libname=lib$name + if test -n "$acl_shlibext"; then + shrext=".$acl_shlibext" # typically: shrext=.so + else + shrext= + fi + if test $use_additional = yes; then + dir="$additional_libdir" + if test -n "$acl_shlibext"; then + if test -f "$dir/$libname$shrext"; then + found_dir="$dir" + found_so="$dir/$libname$shrext" + else + if test "$acl_library_names_spec" = '$libname$shrext$versuffix'; then + ver=`(cd "$dir" && \ + for f in "$libname$shrext".*; do echo "$f"; done \ + | sed -e "s,^$libname$shrext\\\\.,," \ + | sort -t '.' -n -r -k1,1 -k2,2 -k3,3 -k4,4 -k5,5 \ + | sed 1q ) 2>/dev/null` + if test -n "$ver" && test -f "$dir/$libname$shrext.$ver"; then + found_dir="$dir" + found_so="$dir/$libname$shrext.$ver" + fi + else + eval library_names=\"$acl_library_names_spec\" + for f in $library_names; do + if test -f "$dir/$f"; then + found_dir="$dir" + found_so="$dir/$f" + break + fi + done + fi + fi + fi + if test "X$found_dir" = "X"; then + if test -f "$dir/$libname.$acl_libext"; then + found_dir="$dir" + found_a="$dir/$libname.$acl_libext" + fi + fi + if test "X$found_dir" != "X"; then + if test -f "$dir/$libname.la"; then + found_la="$dir/$libname.la" + fi + fi + fi + if test "X$found_dir" = "X"; then + for x in $LDFLAGS $LTLIBPTH; do + + acl_save_prefix="$prefix" + prefix="$acl_final_prefix" + acl_save_exec_prefix="$exec_prefix" + exec_prefix="$acl_final_exec_prefix" + eval x=\"$x\" + exec_prefix="$acl_save_exec_prefix" + prefix="$acl_save_prefix" + + case "$x" in + -L*) + dir=`echo "X$x" | sed -e 's/^X-L//'` + if test -n "$acl_shlibext"; then + if test -f "$dir/$libname$shrext"; then + found_dir="$dir" + found_so="$dir/$libname$shrext" + else + if test "$acl_library_names_spec" = '$libname$shrext$versuffix'; then + ver=`(cd "$dir" && \ + for f in "$libname$shrext".*; do echo "$f"; done \ + | sed -e "s,^$libname$shrext\\\\.,," \ + | sort -t '.' -n -r -k1,1 -k2,2 -k3,3 -k4,4 -k5,5 \ + | sed 1q ) 2>/dev/null` + if test -n "$ver" && test -f "$dir/$libname$shrext.$ver"; then + found_dir="$dir" + found_so="$dir/$libname$shrext.$ver" + fi + else + eval library_names=\"$acl_library_names_spec\" + for f in $library_names; do + if test -f "$dir/$f"; then + found_dir="$dir" + found_so="$dir/$f" + break + fi + done + fi + fi + fi + if test "X$found_dir" = "X"; then + if test -f "$dir/$libname.$acl_libext"; then + found_dir="$dir" + found_a="$dir/$libname.$acl_libext" + fi + fi + if test "X$found_dir" != "X"; then + if test -f "$dir/$libname.la"; then + found_la="$dir/$libname.la" + fi + fi + ;; + esac + if test "X$found_dir" != "X"; then + break + fi + done + fi + if test "X$found_dir" != "X"; then + LTLIBPTH="${LTLIBPTH}${LTLIBPTH:+ }-L$found_dir -l$name" + if test "X$found_so" != "X"; then + if test "$enable_rpath" = no \ + || test "X$found_dir" = "X/usr/$acl_libdirstem" \ + || test "X$found_dir" = "X/usr/$acl_libdirstem2"; then + LIBPTH="${LIBPTH}${LIBPTH:+ }$found_so" + else + haveit= + for x in $ltrpathdirs; do + if test "X$x" = "X$found_dir"; then + haveit=yes + break + fi + done + if test -z "$haveit"; then + ltrpathdirs="$ltrpathdirs $found_dir" + fi + if test "$acl_hardcode_direct" = yes; then + LIBPTH="${LIBPTH}${LIBPTH:+ }$found_so" + else + if test -n "$acl_hardcode_libdir_flag_spec" && test "$acl_hardcode_minus_L" = no; then + LIBPTH="${LIBPTH}${LIBPTH:+ }$found_so" + haveit= + for x in $rpathdirs; do + if test "X$x" = "X$found_dir"; then + haveit=yes + break + fi + done + if test -z "$haveit"; then + rpathdirs="$rpathdirs $found_dir" + fi + else + haveit= + for x in $LDFLAGS $LIBPTH; do + + acl_save_prefix="$prefix" + prefix="$acl_final_prefix" + acl_save_exec_prefix="$exec_prefix" + exec_prefix="$acl_final_exec_prefix" + eval x=\"$x\" + exec_prefix="$acl_save_exec_prefix" + prefix="$acl_save_prefix" + + if test "X$x" = "X-L$found_dir"; then + haveit=yes + break + fi + done + if test -z "$haveit"; then + LIBPTH="${LIBPTH}${LIBPTH:+ }-L$found_dir" + fi + if test "$acl_hardcode_minus_L" != no; then + LIBPTH="${LIBPTH}${LIBPTH:+ }$found_so" + else + LIBPTH="${LIBPTH}${LIBPTH:+ }-l$name" + fi + fi + fi + fi + else + if test "X$found_a" != "X"; then + LIBPTH="${LIBPTH}${LIBPTH:+ }$found_a" + else + LIBPTH="${LIBPTH}${LIBPTH:+ }-L$found_dir -l$name" + fi + fi + additional_includedir= + case "$found_dir" in + */$acl_libdirstem | */$acl_libdirstem/) + basedir=`echo "X$found_dir" | sed -e 's,^X,,' -e "s,/$acl_libdirstem/"'*$,,'` + if test "$name" = 'pth'; then + LIBPTH_PREFIX="$basedir" + fi + additional_includedir="$basedir/include" + ;; + */$acl_libdirstem2 | */$acl_libdirstem2/) + basedir=`echo "X$found_dir" | sed -e 's,^X,,' -e "s,/$acl_libdirstem2/"'*$,,'` + if test "$name" = 'pth'; then + LIBPTH_PREFIX="$basedir" + fi + additional_includedir="$basedir/include" + ;; + esac + if test "X$additional_includedir" != "X"; then + if test "X$additional_includedir" != "X/usr/include"; then + haveit= + if test "X$additional_includedir" = "X/usr/local/include"; then + if test -n "$GCC"; then + case $host_os in + linux* | gnu* | k*bsd*-gnu) haveit=yes;; + esac + fi + fi + if test -z "$haveit"; then + for x in $CPPFLAGS $INCPTH; do + + acl_save_prefix="$prefix" + prefix="$acl_final_prefix" + acl_save_exec_prefix="$exec_prefix" + exec_prefix="$acl_final_exec_prefix" + eval x=\"$x\" + exec_prefix="$acl_save_exec_prefix" + prefix="$acl_save_prefix" + + if test "X$x" = "X-I$additional_includedir"; then + haveit=yes + break + fi + done + if test -z "$haveit"; then + if test -d "$additional_includedir"; then + INCPTH="${INCPTH}${INCPTH:+ }-I$additional_includedir" + fi + fi + fi + fi + fi + if test -n "$found_la"; then + save_libdir="$libdir" + case "$found_la" in + */* | *\\*) . "$found_la" ;; + *) . "./$found_la" ;; + esac + libdir="$save_libdir" + for dep in $dependency_libs; do + case "$dep" in + -L*) + additional_libdir=`echo "X$dep" | sed -e 's/^X-L//'` + if test "X$additional_libdir" != "X/usr/$acl_libdirstem" \ + && test "X$additional_libdir" != "X/usr/$acl_libdirstem2"; then + haveit= + if test "X$additional_libdir" = "X/usr/local/$acl_libdirstem" \ + || test "X$additional_libdir" = "X/usr/local/$acl_libdirstem2"; then + if test -n "$GCC"; then + case $host_os in + linux* | gnu* | k*bsd*-gnu) haveit=yes;; + esac + fi + fi + if test -z "$haveit"; then + haveit= + for x in $LDFLAGS $LIBPTH; do + + acl_save_prefix="$prefix" + prefix="$acl_final_prefix" + acl_save_exec_prefix="$exec_prefix" + exec_prefix="$acl_final_exec_prefix" + eval x=\"$x\" + exec_prefix="$acl_save_exec_prefix" + prefix="$acl_save_prefix" + + if test "X$x" = "X-L$additional_libdir"; then + haveit=yes + break + fi + done + if test -z "$haveit"; then + if test -d "$additional_libdir"; then + LIBPTH="${LIBPTH}${LIBPTH:+ }-L$additional_libdir" + fi + fi + haveit= + for x in $LDFLAGS $LTLIBPTH; do + + acl_save_prefix="$prefix" + prefix="$acl_final_prefix" + acl_save_exec_prefix="$exec_prefix" + exec_prefix="$acl_final_exec_prefix" + eval x=\"$x\" + exec_prefix="$acl_save_exec_prefix" + prefix="$acl_save_prefix" + + if test "X$x" = "X-L$additional_libdir"; then + haveit=yes + break + fi + done + if test -z "$haveit"; then + if test -d "$additional_libdir"; then + LTLIBPTH="${LTLIBPTH}${LTLIBPTH:+ }-L$additional_libdir" + fi + fi + fi + fi + ;; + -R*) + dir=`echo "X$dep" | sed -e 's/^X-R//'` + if test "$enable_rpath" != no; then + haveit= + for x in $rpathdirs; do + if test "X$x" = "X$dir"; then + haveit=yes + break + fi + done + if test -z "$haveit"; then + rpathdirs="$rpathdirs $dir" + fi + haveit= + for x in $ltrpathdirs; do + if test "X$x" = "X$dir"; then + haveit=yes + break + fi + done + if test -z "$haveit"; then + ltrpathdirs="$ltrpathdirs $dir" + fi + fi + ;; + -l*) + names_next_round="$names_next_round "`echo "X$dep" | sed -e 's/^X-l//'` + ;; + *.la) + names_next_round="$names_next_round "`echo "X$dep" | sed -e 's,^X.*/,,' -e 's,^lib,,' -e 's,\.la$,,'` + ;; + *) + LIBPTH="${LIBPTH}${LIBPTH:+ }$dep" + LTLIBPTH="${LTLIBPTH}${LTLIBPTH:+ }$dep" + ;; + esac + done + fi + else + LIBPTH="${LIBPTH}${LIBPTH:+ }-l$name" + LTLIBPTH="${LTLIBPTH}${LTLIBPTH:+ }-l$name" + fi + fi + fi + done + done + if test "X$rpathdirs" != "X"; then + if test -n "$acl_hardcode_libdir_separator"; then + alldirs= + for found_dir in $rpathdirs; do + alldirs="${alldirs}${alldirs:+$acl_hardcode_libdir_separator}$found_dir" + done + acl_save_libdir="$libdir" + libdir="$alldirs" + eval flag=\"$acl_hardcode_libdir_flag_spec\" + libdir="$acl_save_libdir" + LIBPTH="${LIBPTH}${LIBPTH:+ }$flag" + else + for found_dir in $rpathdirs; do + acl_save_libdir="$libdir" + libdir="$found_dir" + eval flag=\"$acl_hardcode_libdir_flag_spec\" + libdir="$acl_save_libdir" + LIBPTH="${LIBPTH}${LIBPTH:+ }$flag" + done + fi + fi + if test "X$ltrpathdirs" != "X"; then + for found_dir in $ltrpathdirs; do + LTLIBPTH="${LTLIBPTH}${LTLIBPTH:+ }-R$found_dir" + done + fi + + + + + + ac_cv_libpth_libs="$LIBPTH" + ac_cv_libpth_ltlibs="$LTLIBPTH" + ac_cv_libpth_cppflags="$INCPTH" + ac_cv_libpth_prefix="$LIBPTH_PREFIX" + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_libpth_libs" >&5 +$as_echo "$ac_cv_libpth_libs" >&6; } + LIBPTH="$ac_cv_libpth_libs" + LTLIBPTH="$ac_cv_libpth_ltlibs" + INCPTH="$ac_cv_libpth_cppflags" + LIBPTH_PREFIX="$ac_cv_libpth_prefix" + + for element in $INCPTH; do + haveit= + for x in $CPPFLAGS; do + + acl_save_prefix="$prefix" + prefix="$acl_final_prefix" + acl_save_exec_prefix="$exec_prefix" + exec_prefix="$acl_final_exec_prefix" + eval x=\"$x\" + exec_prefix="$acl_save_exec_prefix" + prefix="$acl_save_prefix" + + if test "X$x" = "X$element"; then + haveit=yes + break + fi + done + if test -z "$haveit"; then + CPPFLAGS="${CPPFLAGS}${CPPFLAGS:+ }$element" + fi + done + + + + + HAVE_LIBPTH=yes + + + + gl_have_pth= + gl_save_LIBS="$LIBS" + LIBS="$LIBS $LIBPTH" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +int +main () +{ +pth_self(); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + gl_have_pth=yes +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + LIBS="$gl_save_LIBS" + if test -n "$gl_have_pth"; then + gl_threads_api=pth + LIBTHREAD="$LIBPTH" + LTLIBTHREAD="$LTLIBPTH" + LIBMULTITHREAD="$LIBTHREAD" + LTLIBMULTITHREAD="$LTLIBTHREAD" + +$as_echo "#define USE_PTH_THREADS 1" >>confdefs.h + + if test -n "$LIBMULTITHREAD" || test -n "$LTLIBMULTITHREAD"; then + if case "$gl_cv_have_weak" in *yes) true;; *) false;; esac; then + +$as_echo "#define USE_PTH_THREADS_WEAK 1" >>confdefs.h + + LIBTHREAD= + LTLIBTHREAD= + fi + fi + else + CPPFLAGS="$gl_save_CPPFLAGS" + fi + fi + if test -z "$gl_have_pthread"; then + case "$gl_use_threads" in + yes | windows | win32) # The 'win32' is for backward compatibility. + if { case "$host_os" in + mingw*) true;; + *) false;; + esac + }; then + gl_threads_api=windows + +$as_echo "#define USE_WINDOWS_THREADS 1" >>confdefs.h + + fi + ;; + esac + fi + fi + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for multithread API to use" >&5 +$as_echo_n "checking for multithread API to use... " >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_threads_api" >&5 +$as_echo "$gl_threads_api" >&6; } + + + + + + + + + + + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether lstat correctly handles trailing slash" >&5 +$as_echo_n "checking whether lstat correctly handles trailing slash... " >&6; } +if ${gl_cv_func_lstat_dereferences_slashed_symlink+:} false; then : + $as_echo_n "(cached) " >&6 +else + rm -f conftest.sym conftest.file + echo >conftest.file + if test "$cross_compiling" = yes; then : + case "$host_os" in + linux-* | linux) + # Guess yes on Linux systems. + gl_cv_func_lstat_dereferences_slashed_symlink="guessing yes" ;; + *-gnu* | gnu*) + # Guess yes on glibc systems. + gl_cv_func_lstat_dereferences_slashed_symlink="guessing yes" ;; + mingw*) + # Guess no on native Windows. + gl_cv_func_lstat_dereferences_slashed_symlink="guessing no" ;; + *) + # If we don't know, assume the worst. + gl_cv_func_lstat_dereferences_slashed_symlink="guessing no" ;; + esac + +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +$ac_includes_default +int +main () +{ +struct stat sbuf; + if (symlink ("conftest.file", "conftest.sym") != 0) + return 1; + /* Linux will dereference the symlink and fail, as required by + POSIX. That is better in the sense that it means we will not + have to compile and use the lstat wrapper. */ + return lstat ("conftest.sym/", &sbuf) == 0; + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_run "$LINENO"; then : + gl_cv_func_lstat_dereferences_slashed_symlink=yes +else + gl_cv_func_lstat_dereferences_slashed_symlink=no +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + + rm -f conftest.sym conftest.file + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_func_lstat_dereferences_slashed_symlink" >&5 +$as_echo "$gl_cv_func_lstat_dereferences_slashed_symlink" >&6; } + case "$gl_cv_func_lstat_dereferences_slashed_symlink" in + *yes) + +cat >>confdefs.h <<_ACEOF +#define LSTAT_FOLLOWS_SLASHED_SYMLINK 1 +_ACEOF + + ;; + esac + + + + for ac_header in stdlib.h +do : + ac_fn_c_check_header_mongrel "$LINENO" "stdlib.h" "ac_cv_header_stdlib_h" "$ac_includes_default" +if test "x$ac_cv_header_stdlib_h" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_STDLIB_H 1 +_ACEOF + +fi + +done + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for GNU libc compatible malloc" >&5 +$as_echo_n "checking for GNU libc compatible malloc... " >&6; } +if ${ac_cv_func_malloc_0_nonnull+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test "$cross_compiling" = yes; then : + case "$host_os" in + # Guess yes on platforms where we know the result. + *-gnu* | gnu* | *-musl* | freebsd* | netbsd* | openbsd* \ + | hpux* | solaris* | cygwin* | mingw*) + ac_cv_func_malloc_0_nonnull="guessing yes" ;; + # If we don't know, assume the worst. + *) ac_cv_func_malloc_0_nonnull="guessing no" ;; + esac + +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#if defined STDC_HEADERS || defined HAVE_STDLIB_H + # include + #else + char *malloc (); + #endif + +int +main () +{ +char *p = malloc (0); + int result = !p; + free (p); + return result; + ; + return 0; +} + +_ACEOF +if ac_fn_c_try_run "$LINENO"; then : + ac_cv_func_malloc_0_nonnull=yes +else + ac_cv_func_malloc_0_nonnull=no +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_func_malloc_0_nonnull" >&5 +$as_echo "$ac_cv_func_malloc_0_nonnull" >&6; } + case "$ac_cv_func_malloc_0_nonnull" in + *yes) + gl_cv_func_malloc_0_nonnull=1 + ;; + *) + gl_cv_func_malloc_0_nonnull=0 + ;; + esac + + +cat >>confdefs.h <<_ACEOF +#define MALLOC_0_IS_NONNULL $gl_cv_func_malloc_0_nonnull +_ACEOF + + + + GNULIB_PSELECT=0; + GNULIB_SELECT=0; + HAVE_PSELECT=1; + REPLACE_PSELECT=0; + REPLACE_SELECT=0; + + + + + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether is self-contained" >&5 +$as_echo_n "checking whether is self-contained... " >&6; } +if ${gl_cv_header_sys_select_h_selfcontained+:} false; then : + $as_echo_n "(cached) " >&6 +else + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +int +main () +{ +struct timeval b; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + gl_cv_header_sys_select_h_selfcontained=yes +else + gl_cv_header_sys_select_h_selfcontained=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + if test $gl_cv_header_sys_select_h_selfcontained = yes; then + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +int +main () +{ +int memset; int bzero; + ; + return 0; +} + +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +int +main () +{ + + #undef memset + #define memset nonexistent_memset + extern + #ifdef __cplusplus + "C" + #endif + void *memset (void *, int, unsigned long); + #undef bzero + #define bzero nonexistent_bzero + extern + #ifdef __cplusplus + "C" + #endif + void bzero (void *, unsigned long); + fd_set fds; + FD_ZERO (&fds); + + ; + return 0; +} + +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + +else + gl_cv_header_sys_select_h_selfcontained=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + fi + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_header_sys_select_h_selfcontained" >&5 +$as_echo "$gl_cv_header_sys_select_h_selfcontained" >&6; } + + + + + + + + + + if test $gl_cv_have_include_next = yes; then + gl_cv_next_sys_select_h='<'sys/select.h'>' + else + { $as_echo "$as_me:${as_lineno-$LINENO}: checking absolute name of " >&5 +$as_echo_n "checking absolute name of ... " >&6; } +if ${gl_cv_next_sys_select_h+:} false; then : + $as_echo_n "(cached) " >&6 +else + + if test $ac_cv_header_sys_select_h = yes; then + + + + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +_ACEOF + case "$host_os" in + aix*) gl_absname_cpp="$ac_cpp -C" ;; + *) gl_absname_cpp="$ac_cpp" ;; + esac + + case "$host_os" in + mingw*) + gl_dirsep_regex='[/\\]' + ;; + *) + gl_dirsep_regex='\/' + ;; + esac + gl_make_literal_regex_sed='s,[]$^\\.*/[],\\&,g' + gl_header_literal_regex=`echo 'sys/select.h' \ + | sed -e "$gl_make_literal_regex_sed"` + gl_absolute_header_sed="/${gl_dirsep_regex}${gl_header_literal_regex}/"'{ + s/.*"\(.*'"${gl_dirsep_regex}${gl_header_literal_regex}"'\)".*/\1/ + s|^/[^/]|//&| + p + q + }' + + gl_cv_absolute_sys_select_h=`(eval "$gl_absname_cpp conftest.$ac_ext") 2>&5 | + sed -n "$gl_absolute_header_sed"` + + gl_header=$gl_cv_absolute_sys_select_h + gl_cv_next_sys_select_h='"'$gl_header'"' + else + gl_cv_next_sys_select_h='<'sys/select.h'>' + fi + + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_next_sys_select_h" >&5 +$as_echo "$gl_cv_next_sys_select_h" >&6; } + fi + NEXT_SYS_SELECT_H=$gl_cv_next_sys_select_h + + if test $gl_cv_have_include_next = yes || test $gl_cv_have_include_next = buggy; then + # INCLUDE_NEXT_AS_FIRST_DIRECTIVE='include_next' + gl_next_as_first_directive='<'sys/select.h'>' + else + # INCLUDE_NEXT_AS_FIRST_DIRECTIVE='include' + gl_next_as_first_directive=$gl_cv_next_sys_select_h + fi + NEXT_AS_FIRST_DIRECTIVE_SYS_SELECT_H=$gl_next_as_first_directive + + + + + if test $ac_cv_header_sys_select_h = yes; then + HAVE_SYS_SELECT_H=1 + else + HAVE_SYS_SELECT_H=0 + fi + + + + + + if test $ac_cv_header_sys_socket_h != yes; then + for ac_header in winsock2.h +do : + ac_fn_c_check_header_mongrel "$LINENO" "winsock2.h" "ac_cv_header_winsock2_h" "$ac_includes_default" +if test "x$ac_cv_header_winsock2_h" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_WINSOCK2_H 1 +_ACEOF + +fi + +done + + fi + if test "$ac_cv_header_winsock2_h" = yes; then + HAVE_WINSOCK2_H=1 + UNISTD_H_HAVE_WINSOCK2_H=1 + SYS_IOCTL_H_HAVE_WINSOCK2_H=1 + else + HAVE_WINSOCK2_H=0 + fi + + + + + + + + + + + + if test "$ac_cv_header_winsock2_h" = yes; then + REPLACE_SELECT=1 + else + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether select supports a 0 argument" >&5 +$as_echo_n "checking whether select supports a 0 argument... " >&6; } +if ${gl_cv_func_select_supports0+:} false; then : + $as_echo_n "(cached) " >&6 +else + + if test "$cross_compiling" = yes; then : + + case "$host_os" in + # Guess no on Interix. + interix*) gl_cv_func_select_supports0="guessing no";; + # Guess yes otherwise. + *) gl_cv_func_select_supports0="guessing yes";; + esac + +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include +#if HAVE_SYS_SELECT_H +#include +#endif +int main () +{ + struct timeval timeout; + timeout.tv_sec = 0; + timeout.tv_usec = 5; + return select (0, (fd_set *)0, (fd_set *)0, (fd_set *)0, &timeout) < 0; +} +_ACEOF +if ac_fn_c_try_run "$LINENO"; then : + gl_cv_func_select_supports0=yes +else + gl_cv_func_select_supports0=no +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_func_select_supports0" >&5 +$as_echo "$gl_cv_func_select_supports0" >&6; } + case "$gl_cv_func_select_supports0" in + *yes) ;; + *) REPLACE_SELECT=1 ;; + esac + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether select detects invalid fds" >&5 +$as_echo_n "checking whether select detects invalid fds... " >&6; } +if ${gl_cv_func_select_detects_ebadf+:} false; then : + $as_echo_n "(cached) " >&6 +else + + if test "$cross_compiling" = yes; then : + + case "$host_os" in + # Guess yes on Linux systems. + linux-* | linux) gl_cv_func_select_detects_ebadf="guessing yes" ;; + # Guess yes on glibc systems. + *-gnu* | gnu*) gl_cv_func_select_detects_ebadf="guessing yes" ;; + # If we don't know, assume the worst. + *) gl_cv_func_select_detects_ebadf="guessing no" ;; + esac + +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include +#if HAVE_SYS_SELECT_H +# include +#endif +#include +#include + +int +main () +{ + + fd_set set; + dup2(0, 16); + FD_ZERO(&set); + FD_SET(16, &set); + close(16); + struct timeval timeout; + timeout.tv_sec = 0; + timeout.tv_usec = 5; + return select (17, &set, NULL, NULL, &timeout) != -1 || errno != EBADF; + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_run "$LINENO"; then : + gl_cv_func_select_detects_ebadf=yes +else + gl_cv_func_select_detects_ebadf=no +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_func_select_detects_ebadf" >&5 +$as_echo "$gl_cv_func_select_detects_ebadf" >&6; } + case $gl_cv_func_select_detects_ebadf in + *yes) ;; + *) REPLACE_SELECT=1 ;; + esac + fi + + LIB_SELECT="$LIBSOCKET" + if test $REPLACE_SELECT = 1; then + case "$host_os" in + mingw*) + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#define WIN32_LEAN_AND_MEAN +#include +int +main () +{ + MsgWaitForMultipleObjects (0, NULL, 0, 0, 0); + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + +else + LIB_SELECT="$LIB_SELECT -luser32" +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + ;; + esac + fi + + +ac_fn_c_check_decl "$LINENO" "alarm" "ac_cv_have_decl_alarm" "$ac_includes_default" +if test "x$ac_cv_have_decl_alarm" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 +fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_ALARM $ac_have_decl +_ACEOF + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for O_CLOEXEC" >&5 +$as_echo_n "checking for O_CLOEXEC... " >&6; } +if ${gl_cv_macro_O_CLOEXEC+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + #ifndef O_CLOEXEC + choke me; + #endif + +int +main () +{ +return O_CLOEXEC; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + gl_cv_macro_O_CLOEXEC=yes +else + gl_cv_macro_O_CLOEXEC=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_macro_O_CLOEXEC" >&5 +$as_echo "$gl_cv_macro_O_CLOEXEC" >&6; } + + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for promoted mode_t type" >&5 +$as_echo_n "checking for promoted mode_t type... " >&6; } +if ${gl_cv_promoted_mode_t+:} false; then : + $as_echo_n "(cached) " >&6 +else + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +int +main () +{ +typedef int array[2 * (sizeof (mode_t) < sizeof (int)) - 1]; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + gl_cv_promoted_mode_t='int' +else + gl_cv_promoted_mode_t='mode_t' +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_promoted_mode_t" >&5 +$as_echo "$gl_cv_promoted_mode_t" >&6; } + +cat >>confdefs.h <<_ACEOF +#define PROMOTED_MODE_T $gl_cv_promoted_mode_t +_ACEOF + + + + REPLACE_STRERROR_0=0 + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether strerror(0) succeeds" >&5 +$as_echo_n "checking whether strerror(0) succeeds... " >&6; } +if ${gl_cv_func_strerror_0_works+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test "$cross_compiling" = yes; then : + case "$host_os" in + # Guess yes on glibc systems. + *-gnu* | gnu*) gl_cv_func_strerror_0_works="guessing yes" ;; + # Guess yes on musl systems. + *-musl*) gl_cv_func_strerror_0_works="guessing yes" ;; + # Guess yes on native Windows. + mingw*) gl_cv_func_strerror_0_works="guessing yes" ;; + # If we don't know, assume the worst. + *) gl_cv_func_strerror_0_works="guessing no" ;; + esac + +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + #include + +int +main () +{ +int result = 0; + char *str; + errno = 0; + str = strerror (0); + if (!*str) result |= 1; + if (errno) result |= 2; + if (strstr (str, "nknown") || strstr (str, "ndefined")) + result |= 4; + return result; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_run "$LINENO"; then : + gl_cv_func_strerror_0_works=yes +else + gl_cv_func_strerror_0_works=no +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_func_strerror_0_works" >&5 +$as_echo "$gl_cv_func_strerror_0_works" >&6; } + case "$gl_cv_func_strerror_0_works" in + *yes) ;; + *) + REPLACE_STRERROR_0=1 + +$as_echo "#define REPLACE_STRERROR_0 1" >>confdefs.h + + ;; + esac + + + + + + + + + + + if test $ac_cv_func_strerror_r = yes; then + if test "$ERRNO_H:$REPLACE_STRERROR_0" = :0; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for strerror_r with POSIX signature" >&5 +$as_echo_n "checking for strerror_r with POSIX signature... " >&6; } +if ${gl_cv_func_strerror_r_posix_signature+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + int strerror_r (int, char *, size_t); + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + gl_cv_func_strerror_r_posix_signature=yes +else + gl_cv_func_strerror_r_posix_signature=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_func_strerror_r_posix_signature" >&5 +$as_echo "$gl_cv_func_strerror_r_posix_signature" >&6; } + if test $gl_cv_func_strerror_r_posix_signature = yes; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether strerror_r works" >&5 +$as_echo_n "checking whether strerror_r works... " >&6; } +if ${gl_cv_func_strerror_r_works+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test "$cross_compiling" = yes; then : + + case "$host_os" in + # Guess no on AIX. + aix*) gl_cv_func_strerror_r_works="guessing no";; + # Guess no on HP-UX. + hpux*) gl_cv_func_strerror_r_works="guessing no";; + # Guess no on BSD variants. + *bsd*) gl_cv_func_strerror_r_works="guessing no";; + # Guess yes otherwise. + *) gl_cv_func_strerror_r_works="guessing yes";; + esac + +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + #include + +int +main () +{ +int result = 0; + char buf[79]; + if (strerror_r (EACCES, buf, 0) < 0) + result |= 1; + errno = 0; + if (strerror_r (EACCES, buf, sizeof buf) != 0) + result |= 2; + strcpy (buf, "Unknown"); + if (strerror_r (0, buf, sizeof buf) != 0) + result |= 4; + if (errno) + result |= 8; + if (strstr (buf, "nknown") || strstr (buf, "ndefined")) + result |= 0x10; + errno = 0; + *buf = 0; + if (strerror_r (-3, buf, sizeof buf) < 0) + result |= 0x20; + if (errno) + result |= 0x40; + if (!*buf) + result |= 0x80; + return result; + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_run "$LINENO"; then : + gl_cv_func_strerror_r_works=yes +else + gl_cv_func_strerror_r_works=no +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_func_strerror_r_works" >&5 +$as_echo "$gl_cv_func_strerror_r_works" >&6; } + else + + if test $ac_cv_func___xpg_strerror_r = yes; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether __xpg_strerror_r works" >&5 +$as_echo_n "checking whether __xpg_strerror_r works... " >&6; } +if ${gl_cv_func_strerror_r_works+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test "$cross_compiling" = yes; then : + gl_cv_func_strerror_r_works="guessing no" + +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + #include + extern + #ifdef __cplusplus + "C" + #endif + int __xpg_strerror_r(int, char *, size_t); + +int +main () +{ +int result = 0; + char buf[256] = "^"; + char copy[256]; + char *str = strerror (-1); + strcpy (copy, str); + if (__xpg_strerror_r (-2, buf, 1) == 0) + result |= 1; + if (*buf) + result |= 2; + __xpg_strerror_r (-2, buf, 256); + if (strcmp (str, copy)) + result |= 4; + return result; + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_run "$LINENO"; then : + gl_cv_func_strerror_r_works=yes +else + gl_cv_func_strerror_r_works=no +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_func_strerror_r_works" >&5 +$as_echo "$gl_cv_func_strerror_r_works" >&6; } + fi + fi + fi + fi + +ac_fn_c_check_decl "$LINENO" "strerror_r" "ac_cv_have_decl_strerror_r" "$ac_includes_default" +if test "x$ac_cv_have_decl_strerror_r" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 +fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_STRERROR_R $ac_have_decl +_ACEOF + + + + + + + + + if test $ac_cv_have_decl_strerror_r = no; then + HAVE_DECL_STRERROR_R=0 + fi + + if test $ac_cv_func_strerror_r = yes; then + if test "$ERRNO_H:$REPLACE_STRERROR_0" = :0; then + if test $gl_cv_func_strerror_r_posix_signature = yes; then + case "$gl_cv_func_strerror_r_works" in + *no) REPLACE_STRERROR_R=1 ;; + esac + else + REPLACE_STRERROR_R=1 + fi + else + REPLACE_STRERROR_R=1 + fi + fi + + + + + GNULIB_PTHREAD_SIGMASK=0; + GNULIB_RAISE=0; + GNULIB_SIGNAL_H_SIGPIPE=0; + GNULIB_SIGPROCMASK=0; + GNULIB_SIGACTION=0; + HAVE_POSIX_SIGNALBLOCKING=1; + HAVE_PTHREAD_SIGMASK=1; + HAVE_RAISE=1; + HAVE_SIGSET_T=1; + HAVE_SIGINFO_T=1; + HAVE_SIGACTION=1; + HAVE_STRUCT_SIGACTION_SA_SIGACTION=1; + + HAVE_TYPE_VOLATILE_SIG_ATOMIC_T=1; + + HAVE_SIGHANDLER_T=1; + REPLACE_PTHREAD_SIGMASK=0; + REPLACE_RAISE=0; + + + ac_fn_c_check_type "$LINENO" "sigset_t" "ac_cv_type_sigset_t" " + #include + /* Mingw defines sigset_t not in , but in . */ + #include + +" +if test "x$ac_cv_type_sigset_t" = xyes; then : + +cat >>confdefs.h <<_ACEOF +#define HAVE_SIGSET_T 1 +_ACEOF + +gl_cv_type_sigset_t=yes +else + gl_cv_type_sigset_t=no +fi + + if test $gl_cv_type_sigset_t != yes; then + HAVE_SIGSET_T=0 + fi + + + +ac_fn_c_check_decl "$LINENO" "setenv" "ac_cv_have_decl_setenv" "$ac_includes_default" +if test "x$ac_cv_have_decl_setenv" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 +fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_SETENV $ac_have_decl +_ACEOF + + + + + + + if test $ac_cv_have_decl_setenv = no; then + HAVE_DECL_SETENV=0 + fi + + + + + + for ac_header in search.h +do : + ac_fn_c_check_header_mongrel "$LINENO" "search.h" "ac_cv_header_search_h" "$ac_includes_default" +if test "x$ac_cv_header_search_h" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_SEARCH_H 1 +_ACEOF + +fi + +done + + for ac_func in tsearch +do : + ac_fn_c_check_func "$LINENO" "tsearch" "ac_cv_func_tsearch" +if test "x$ac_cv_func_tsearch" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_TSEARCH 1 +_ACEOF + +fi +done + + + + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for uid_t in sys/types.h" >&5 +$as_echo_n "checking for uid_t in sys/types.h... " >&6; } +if ${ac_cv_type_uid_t+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + +_ACEOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + $EGREP "uid_t" >/dev/null 2>&1; then : + ac_cv_type_uid_t=yes +else + ac_cv_type_uid_t=no +fi +rm -f conftest* + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_type_uid_t" >&5 +$as_echo "$ac_cv_type_uid_t" >&6; } +if test $ac_cv_type_uid_t = no; then + +$as_echo "#define uid_t int" >>confdefs.h + + +$as_echo "#define gid_t int" >>confdefs.h + +fi + + + + + + + + + + + + + +ac_fn_c_check_decl "$LINENO" "unsetenv" "ac_cv_have_decl_unsetenv" "$ac_includes_default" +if test "x$ac_cv_have_decl_unsetenv" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 +fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_UNSETENV $ac_have_decl +_ACEOF + + + if true; then + GL_COND_LIBTOOL_TRUE= + GL_COND_LIBTOOL_FALSE='#' +else + GL_COND_LIBTOOL_TRUE='#' + GL_COND_LIBTOOL_FALSE= +fi + + gl_cond_libtool=true + gl_m4_base='m4' + + + + + + + + + + gl_source_base='gl' +LTALLOCA=`echo "$ALLOCA" | sed -e 's/\.[^.]* /.lo /g;s/\.[^.]*$/.lo/'` + + + + if test $ac_cv_func_alloca_works = no; then + : + fi + + # Define an additional variable used in the Makefile substitution. + if test $ac_cv_working_alloca_h = yes; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for alloca as a compiler built-in" >&5 +$as_echo_n "checking for alloca as a compiler built-in... " >&6; } +if ${gl_cv_rpl_alloca+:} false; then : + $as_echo_n "(cached) " >&6 +else + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#if defined __GNUC__ || defined _AIX || defined _MSC_VER + Need own alloca +#endif + +_ACEOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + $EGREP "Need own alloca" >/dev/null 2>&1; then : + gl_cv_rpl_alloca=yes +else + gl_cv_rpl_alloca=no +fi +rm -f conftest* + + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_rpl_alloca" >&5 +$as_echo "$gl_cv_rpl_alloca" >&6; } + if test $gl_cv_rpl_alloca = yes; then + +$as_echo "#define HAVE_ALLOCA 1" >>confdefs.h + + ALLOCA_H=alloca.h + else + ALLOCA_H= + fi + else + ALLOCA_H=alloca.h + fi + + if test -n "$ALLOCA_H"; then + GL_GENERATE_ALLOCA_H_TRUE= + GL_GENERATE_ALLOCA_H_FALSE='#' +else + GL_GENERATE_ALLOCA_H_TRUE='#' + GL_GENERATE_ALLOCA_H_FALSE= +fi + + + if test $ac_cv_working_alloca_h = yes; then + HAVE_ALLOCA_H=1 + else + HAVE_ALLOCA_H=0 + fi + + + + + + + if test $ac_cv_header_arpa_inet_h = yes; then + HAVE_ARPA_INET_H=1 + else + HAVE_ARPA_INET_H=0 + fi + + + + + + + + + + + if test $gl_cv_have_include_next = yes; then + gl_cv_next_arpa_inet_h='<'arpa/inet.h'>' + else + { $as_echo "$as_me:${as_lineno-$LINENO}: checking absolute name of " >&5 +$as_echo_n "checking absolute name of ... " >&6; } +if ${gl_cv_next_arpa_inet_h+:} false; then : + $as_echo_n "(cached) " >&6 +else + + if test $ac_cv_header_arpa_inet_h = yes; then + + + + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +_ACEOF + case "$host_os" in + aix*) gl_absname_cpp="$ac_cpp -C" ;; + *) gl_absname_cpp="$ac_cpp" ;; + esac + + case "$host_os" in + mingw*) + gl_dirsep_regex='[/\\]' + ;; + *) + gl_dirsep_regex='\/' + ;; + esac + gl_make_literal_regex_sed='s,[]$^\\.*/[],\\&,g' + gl_header_literal_regex=`echo 'arpa/inet.h' \ + | sed -e "$gl_make_literal_regex_sed"` + gl_absolute_header_sed="/${gl_dirsep_regex}${gl_header_literal_regex}/"'{ + s/.*"\(.*'"${gl_dirsep_regex}${gl_header_literal_regex}"'\)".*/\1/ + s|^/[^/]|//&| + p + q + }' + + gl_cv_absolute_arpa_inet_h=`(eval "$gl_absname_cpp conftest.$ac_ext") 2>&5 | + sed -n "$gl_absolute_header_sed"` + + gl_header=$gl_cv_absolute_arpa_inet_h + gl_cv_next_arpa_inet_h='"'$gl_header'"' + else + gl_cv_next_arpa_inet_h='<'arpa/inet.h'>' + fi + + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_next_arpa_inet_h" >&5 +$as_echo "$gl_cv_next_arpa_inet_h" >&6; } + fi + NEXT_ARPA_INET_H=$gl_cv_next_arpa_inet_h + + if test $gl_cv_have_include_next = yes || test $gl_cv_have_include_next = buggy; then + # INCLUDE_NEXT_AS_FIRST_DIRECTIVE='include_next' + gl_next_as_first_directive='<'arpa/inet.h'>' + else + # INCLUDE_NEXT_AS_FIRST_DIRECTIVE='include' + gl_next_as_first_directive=$gl_cv_next_arpa_inet_h + fi + NEXT_AS_FIRST_DIRECTIVE_ARPA_INET_H=$gl_next_as_first_directive + + + + + + + + + + + + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for __builtin_expect" >&5 +$as_echo_n "checking for __builtin_expect... " >&6; } +if ${gl_cv___builtin_expect+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + int + main (int argc, char **argv) + { + argc = __builtin_expect (argc, 100); + return argv[argc != 100][0]; + } +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + gl_cv___builtin_expect=yes +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + #include + int + main (int argc, char **argv) + { + argc = __builtin_expect (argc, 100); + return argv[argc != 100][0]; + } +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + gl_cv___builtin_expect="in " +else + gl_cv___builtin_expect=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv___builtin_expect" >&5 +$as_echo "$gl_cv___builtin_expect" >&6; } + if test "$gl_cv___builtin_expect" = yes; then + $as_echo "#define HAVE___BUILTIN_EXPECT 1" >>confdefs.h + + elif test "$gl_cv___builtin_expect" = "in "; then + $as_echo "#define HAVE___BUILTIN_EXPECT 2" >>confdefs.h + + fi + + + + for ac_header in byteswap.h +do : + ac_fn_c_check_header_mongrel "$LINENO" "byteswap.h" "ac_cv_header_byteswap_h" "$ac_includes_default" +if test "x$ac_cv_header_byteswap_h" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_BYTESWAP_H 1 +_ACEOF + + BYTESWAP_H='' + +else + + BYTESWAP_H='byteswap.h' + +fi + +done + + + if test -n "$BYTESWAP_H"; then + GL_GENERATE_BYTESWAP_H_TRUE= + GL_GENERATE_BYTESWAP_H_FALSE='#' +else + GL_GENERATE_BYTESWAP_H_TRUE='#' + GL_GENERATE_BYTESWAP_H_FALSE= +fi + + + + + + + + FLOAT_H= + REPLACE_FLOAT_LDBL=0 + case "$host_os" in + aix* | beos* | openbsd* | mirbsd* | irix*) + FLOAT_H=float.h + ;; + freebsd* | dragonfly*) + case "$host_cpu" in + i[34567]86 ) + FLOAT_H=float.h + ;; + x86_64 ) + # On x86_64 systems, the C compiler may still be generating + # 32-bit code. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#if defined __LP64__ || defined __x86_64__ || defined __amd64__ + int ok; + #else + error fail + #endif + +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + +else + FLOAT_H=float.h +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + ;; + esac + ;; + linux*) + case "$host_cpu" in + powerpc*) + FLOAT_H=float.h + ;; + esac + ;; + esac + case "$host_os" in + aix* | freebsd* | dragonfly* | linux*) + if test -n "$FLOAT_H"; then + REPLACE_FLOAT_LDBL=1 + fi + ;; + esac + + REPLACE_ITOLD=0 + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether conversion from 'int' to 'long double' works" >&5 +$as_echo_n "checking whether conversion from 'int' to 'long double' works... " >&6; } +if ${gl_cv_func_itold_works+:} false; then : + $as_echo_n "(cached) " >&6 +else + + if test "$cross_compiling" = yes; then : + case "$host" in + sparc*-*-linux*) + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#if defined __LP64__ || defined __arch64__ + int ok; + #else + error fail + #endif + +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + gl_cv_func_itold_works="guessing no" +else + gl_cv_func_itold_works="guessing yes" +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + ;; + # Guess yes on native Windows. + mingw*) gl_cv_func_itold_works="guessing yes" ;; + *) gl_cv_func_itold_works="guessing yes" ;; + esac + +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int i = -1; +volatile long double ld; +int main () +{ + ld += i * 1.0L; + if (ld > 0) + return 1; + return 0; +} +_ACEOF +if ac_fn_c_try_run "$LINENO"; then : + gl_cv_func_itold_works=yes +else + gl_cv_func_itold_works=no +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_func_itold_works" >&5 +$as_echo "$gl_cv_func_itold_works" >&6; } + case "$gl_cv_func_itold_works" in + *no) + REPLACE_ITOLD=1 + FLOAT_H=float.h + ;; + esac + + if test -n "$FLOAT_H"; then + + + + + + + + + if test $gl_cv_have_include_next = yes; then + gl_cv_next_float_h='<'float.h'>' + else + { $as_echo "$as_me:${as_lineno-$LINENO}: checking absolute name of " >&5 +$as_echo_n "checking absolute name of ... " >&6; } +if ${gl_cv_next_float_h+:} false; then : + $as_echo_n "(cached) " >&6 +else + + + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +_ACEOF + case "$host_os" in + aix*) gl_absname_cpp="$ac_cpp -C" ;; + *) gl_absname_cpp="$ac_cpp" ;; + esac + + case "$host_os" in + mingw*) + gl_dirsep_regex='[/\\]' + ;; + *) + gl_dirsep_regex='\/' + ;; + esac + gl_make_literal_regex_sed='s,[]$^\\.*/[],\\&,g' + gl_header_literal_regex=`echo 'float.h' \ + | sed -e "$gl_make_literal_regex_sed"` + gl_absolute_header_sed="/${gl_dirsep_regex}${gl_header_literal_regex}/"'{ + s/.*"\(.*'"${gl_dirsep_regex}${gl_header_literal_regex}"'\)".*/\1/ + s|^/[^/]|//&| + p + q + }' + + gl_cv_absolute_float_h=`(eval "$gl_absname_cpp conftest.$ac_ext") 2>&5 | + sed -n "$gl_absolute_header_sed"` + + gl_header=$gl_cv_absolute_float_h + gl_cv_next_float_h='"'$gl_header'"' + + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_next_float_h" >&5 +$as_echo "$gl_cv_next_float_h" >&6; } + fi + NEXT_FLOAT_H=$gl_cv_next_float_h + + if test $gl_cv_have_include_next = yes || test $gl_cv_have_include_next = buggy; then + # INCLUDE_NEXT_AS_FIRST_DIRECTIVE='include_next' + gl_next_as_first_directive='<'float.h'>' + else + # INCLUDE_NEXT_AS_FIRST_DIRECTIVE='include' + gl_next_as_first_directive=$gl_cv_next_float_h + fi + NEXT_AS_FIRST_DIRECTIVE_FLOAT_H=$gl_next_as_first_directive + + + + + fi + + if test -n "$FLOAT_H"; then + GL_GENERATE_FLOAT_H_TRUE= + GL_GENERATE_FLOAT_H_FALSE='#' +else + GL_GENERATE_FLOAT_H_TRUE='#' + GL_GENERATE_FLOAT_H_FALSE= +fi + + + + if test $REPLACE_FLOAT_LDBL = 1; then + + + + + + + + + gl_LIBOBJS="$gl_LIBOBJS float.$ac_objext" + + fi + if test $REPLACE_ITOLD = 1; then + + + + + + + + + gl_LIBOBJS="$gl_LIBOBJS itold.$ac_objext" + + fi + + + + + case "$host_os" in + mingw* | solaris*) + REPLACE_FSTAT=1 + ;; + esac + + + + if test $REPLACE_FSTAT = 1; then + + + + + + + + + gl_LIBOBJS="$gl_LIBOBJS fstat.$ac_objext" + + case "$host_os" in + mingw*) + + + + + + + + + gl_LIBOBJS="$gl_LIBOBJS stat-w32.$ac_objext" + + ;; + esac + + + : + + fi + + + + + + GNULIB_FSTAT=1 + + + + + +$as_echo "#define GNULIB_TEST_FSTAT 1" >>confdefs.h + + + + + + + if test $HAVE_FTELLO = 0 || test $REPLACE_FTELLO = 1; then + REPLACE_FTELL=1 + fi + + if test $REPLACE_FTELL = 1; then + + + + + + + + + gl_LIBOBJS="$gl_LIBOBJS ftell.$ac_objext" + + fi + + + + + + GNULIB_FTELL=1 + + + + + +$as_echo "#define GNULIB_TEST_FTELL 1" >>confdefs.h + + + + + + + + + + + + + if test $ac_cv_have_decl_ftello = no; then + HAVE_DECL_FTELLO=0 + fi + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ftello" >&5 +$as_echo_n "checking for ftello... " >&6; } +if ${gl_cv_func_ftello+:} false; then : + $as_echo_n "(cached) " >&6 +else + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +int +main () +{ +ftello (stdin); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + gl_cv_func_ftello=yes +else + gl_cv_func_ftello=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_func_ftello" >&5 +$as_echo "$gl_cv_func_ftello" >&6; } + if test $gl_cv_func_ftello = no; then + HAVE_FTELLO=0 + else + if test $WINDOWS_64_BIT_OFF_T = 1; then + REPLACE_FTELLO=1 + fi + if test $gl_cv_var_stdin_large_offset = no; then + REPLACE_FTELLO=1 + fi + if test $REPLACE_FTELLO = 0; then + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether ftello works" >&5 +$as_echo_n "checking whether ftello works... " >&6; } +if ${gl_cv_func_ftello_works+:} false; then : + $as_echo_n "(cached) " >&6 +else + + case "$host_os" in + # Guess no on Solaris. + solaris*) gl_cv_func_ftello_works="guessing no" ;; + # Guess yes on native Windows. + mingw*) gl_cv_func_ftello_works="guessing yes" ;; + # Guess yes otherwise. + *) gl_cv_func_ftello_works="guessing yes" ;; + esac + if test "$cross_compiling" = yes; then : + : +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include +#include +#define TESTFILE "conftest.tmp" +int +main (void) +{ + FILE *fp; + + /* Create a file with some contents. */ + fp = fopen (TESTFILE, "w"); + if (fp == NULL) + return 70; + if (fwrite ("foogarsh", 1, 8, fp) < 8) + { fclose (fp); return 71; } + if (fclose (fp)) + return 72; + + /* The file's contents is now "foogarsh". */ + + /* Try writing after reading to EOF. */ + fp = fopen (TESTFILE, "r+"); + if (fp == NULL) + return 73; + if (fseek (fp, -1, SEEK_END)) + { fclose (fp); return 74; } + if (!(getc (fp) == 'h')) + { fclose (fp); return 1; } + if (!(getc (fp) == EOF)) + { fclose (fp); return 2; } + if (!(ftell (fp) == 8)) + { fclose (fp); return 3; } + if (!(ftell (fp) == 8)) + { fclose (fp); return 4; } + if (!(putc ('!', fp) == '!')) + { fclose (fp); return 5; } + if (!(ftell (fp) == 9)) + { fclose (fp); return 6; } + if (!(fclose (fp) == 0)) + return 7; + fp = fopen (TESTFILE, "r"); + if (fp == NULL) + return 75; + { + char buf[10]; + if (!(fread (buf, 1, 10, fp) == 9)) + { fclose (fp); return 10; } + if (!(memcmp (buf, "foogarsh!", 9) == 0)) + { fclose (fp); return 11; } + } + if (!(fclose (fp) == 0)) + return 12; + + /* The file's contents is now "foogarsh!". */ + + return 0; +} +_ACEOF +if ac_fn_c_try_run "$LINENO"; then : + gl_cv_func_ftello_works=yes +else + gl_cv_func_ftello_works=no +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_func_ftello_works" >&5 +$as_echo "$gl_cv_func_ftello_works" >&6; } + case "$gl_cv_func_ftello_works" in + *yes) ;; + *) + REPLACE_FTELLO=1 + +$as_echo "#define FTELLO_BROKEN_AFTER_SWITCHING_FROM_READ_TO_WRITE 1" >>confdefs.h + + ;; + esac + fi + fi + + if test $HAVE_FTELLO = 0 || test $REPLACE_FTELLO = 1; then + + + + + + + + + gl_LIBOBJS="$gl_LIBOBJS ftello.$ac_objext" + + + for ac_func in _ftelli64 +do : + ac_fn_c_check_func "$LINENO" "_ftelli64" "ac_cv_func__ftelli64" +if test "x$ac_cv_func__ftelli64" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE__FTELLI64 1 +_ACEOF + +fi +done + + + fi + + + + + + GNULIB_FTELLO=1 + + + + + +$as_echo "#define GNULIB_TEST_FTELLO 1" >>confdefs.h + + + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether __func__ is available" >&5 +$as_echo_n "checking whether __func__ is available... " >&6; } +if ${gl_cv_var_func+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ +const char *str = __func__; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + gl_cv_var_func=yes +else + gl_cv_var_func=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_var_func" >&5 +$as_echo "$gl_cv_var_func" >&6; } + if test "$gl_cv_var_func" != yes; then + +$as_echo "#define __func__ \"\"" >>confdefs.h + + fi + + + + + + + + + + if test $ac_cv_func_getdelim = yes; then + HAVE_GETDELIM=1 + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for working getdelim function" >&5 +$as_echo_n "checking for working getdelim function... " >&6; } +if ${gl_cv_func_working_getdelim+:} false; then : + $as_echo_n "(cached) " >&6 +else + echo fooNbarN | tr -d '\012' | tr N '\012' > conftest.data + if test "$cross_compiling" = yes; then : + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#ifdef __GNU_LIBRARY__ + #if (__GLIBC__ >= 2) && !defined __UCLIBC__ + Lucky GNU user + #endif +#endif + +_ACEOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + $EGREP "Lucky GNU user" >/dev/null 2>&1; then : + gl_cv_func_working_getdelim="guessing yes" +else + case "$host_os" in + *-musl*) gl_cv_func_working_getdelim="guessing yes" ;; + *) gl_cv_func_working_getdelim="guessing no" ;; + esac + +fi +rm -f conftest* + + +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +# include +# include +# include + int main () + { + FILE *in = fopen ("./conftest.data", "r"); + if (!in) + return 1; + { + /* Test result for a NULL buffer and a zero size. + Based on a test program from Karl Heuer. */ + char *line = NULL; + size_t siz = 0; + int len = getdelim (&line, &siz, '\n', in); + if (!(len == 4 && line && strcmp (line, "foo\n") == 0)) + { free (line); fclose (in); return 2; } + } + { + /* Test result for a NULL buffer and a non-zero size. + This crashes on FreeBSD 8.0. */ + char *line = NULL; + size_t siz = (size_t)(~0) / 4; + if (getdelim (&line, &siz, '\n', in) == -1) + { fclose (in); return 3; } + free (line); + } + fclose (in); + return 0; + } + +_ACEOF +if ac_fn_c_try_run "$LINENO"; then : + gl_cv_func_working_getdelim=yes +else + gl_cv_func_working_getdelim=no +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_func_working_getdelim" >&5 +$as_echo "$gl_cv_func_working_getdelim" >&6; } + case "$gl_cv_func_working_getdelim" in + *yes) ;; + *) REPLACE_GETDELIM=1 ;; + esac + else + HAVE_GETDELIM=0 + fi + + if test $ac_cv_have_decl_getdelim = no; then + HAVE_DECL_GETDELIM=0 + fi + + if test $HAVE_GETDELIM = 0 || test $REPLACE_GETDELIM = 1; then + + + + + + + + + gl_LIBOBJS="$gl_LIBOBJS getdelim.$ac_objext" + + + for ac_func in flockfile funlockfile +do : + as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` +ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" +if eval test \"x\$"$as_ac_var"\" = x"yes"; then : + cat >>confdefs.h <<_ACEOF +#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 +_ACEOF + +fi +done + + ac_fn_c_check_decl "$LINENO" "getc_unlocked" "ac_cv_have_decl_getc_unlocked" "$ac_includes_default" +if test "x$ac_cv_have_decl_getc_unlocked" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 +fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_GETC_UNLOCKED $ac_have_decl +_ACEOF + + + fi + + + + + + GNULIB_GETDELIM=1 + + + + + +$as_echo "#define GNULIB_TEST_GETDELIM 1" >>confdefs.h + + + + + + + + + + + gl_getline_needs_run_time_check=no + ac_fn_c_check_func "$LINENO" "getline" "ac_cv_func_getline" +if test "x$ac_cv_func_getline" = xyes; then : + gl_getline_needs_run_time_check=yes +else + am_cv_func_working_getline=no +fi + + if test $gl_getline_needs_run_time_check = yes; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for working getline function" >&5 +$as_echo_n "checking for working getline function... " >&6; } +if ${am_cv_func_working_getline+:} false; then : + $as_echo_n "(cached) " >&6 +else + echo fooNbarN | tr -d '\012' | tr N '\012' > conftest.data + if test "$cross_compiling" = yes; then : + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#ifdef __GNU_LIBRARY__ + #if (__GLIBC__ >= 2) && !defined __UCLIBC__ + Lucky GNU user + #endif +#endif + +_ACEOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + $EGREP "Lucky GNU user" >/dev/null 2>&1; then : + am_cv_func_working_getline="guessing yes" +else + case "$host_os" in + *-musl*) am_cv_func_working_getline="guessing yes" ;; + *) am_cv_func_working_getline="guessing no" ;; + esac + +fi +rm -f conftest* + + +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +# include +# include +# include + int main () + { + FILE *in = fopen ("./conftest.data", "r"); + if (!in) + return 1; + { + /* Test result for a NULL buffer and a zero size. + Based on a test program from Karl Heuer. */ + char *line = NULL; + size_t siz = 0; + int len = getline (&line, &siz, in); + if (!(len == 4 && line && strcmp (line, "foo\n") == 0)) + { free (line); fclose (in); return 2; } + free (line); + } + { + /* Test result for a NULL buffer and a non-zero size. + This crashes on FreeBSD 8.0. */ + char *line = NULL; + size_t siz = (size_t)(~0) / 4; + if (getline (&line, &siz, in) == -1) + { fclose (in); return 3; } + free (line); + } + fclose (in); + return 0; + } + +_ACEOF +if ac_fn_c_try_run "$LINENO"; then : + am_cv_func_working_getline=yes +else + am_cv_func_working_getline=no +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_func_working_getline" >&5 +$as_echo "$am_cv_func_working_getline" >&6; } + fi + + if test $ac_cv_have_decl_getline = no; then + HAVE_DECL_GETLINE=0 + fi + + case "$am_cv_func_working_getline" in + *yes) ;; + *) + REPLACE_GETLINE=1 + ;; + esac + + if test $REPLACE_GETLINE = 1; then + + + + + + + + + gl_LIBOBJS="$gl_LIBOBJS getline.$ac_objext" + + + : + + fi + + + + + + GNULIB_GETLINE=1 + + + + + +$as_echo "#define GNULIB_TEST_GETLINE 1" >>confdefs.h + + + + + + + + + + + + + gl_gettimeofday_timezone=void + if test $ac_cv_func_gettimeofday != yes; then + HAVE_GETTIMEOFDAY=0 + else + + + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether gettimeofday clobbers localtime buffer" >&5 +$as_echo_n "checking whether gettimeofday clobbers localtime buffer... " >&6; } +if ${gl_cv_func_gettimeofday_clobber+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test "$cross_compiling" = yes; then : + # When cross-compiling: + case "$host_os" in + # Guess all is fine on glibc systems. + *-gnu* | gnu*) gl_cv_func_gettimeofday_clobber="guessing no" ;; + # Guess all is fine on musl systems. + *-musl*) gl_cv_func_gettimeofday_clobber="guessing no" ;; + # Guess no on native Windows. + mingw*) gl_cv_func_gettimeofday_clobber="guessing no" ;; + # If we don't know, assume the worst. + *) gl_cv_func_gettimeofday_clobber="guessing yes" ;; + esac + +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + #include + #include + #include + +int +main () +{ + + time_t t = 0; + struct tm *lt; + struct tm saved_lt; + struct timeval tv; + lt = localtime (&t); + saved_lt = *lt; + gettimeofday (&tv, NULL); + return memcmp (lt, &saved_lt, sizeof (struct tm)) != 0; + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_run "$LINENO"; then : + gl_cv_func_gettimeofday_clobber=no +else + gl_cv_func_gettimeofday_clobber=yes +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_func_gettimeofday_clobber" >&5 +$as_echo "$gl_cv_func_gettimeofday_clobber" >&6; } + + case "$gl_cv_func_gettimeofday_clobber" in + *yes) + REPLACE_GETTIMEOFDAY=1 + +$as_echo "#define GETTIMEOFDAY_CLOBBERS_LOCALTIME 1" >>confdefs.h + + + + + NEED_LOCALTIME_BUFFER=1 + REPLACE_GMTIME=1 + REPLACE_LOCALTIME=1 + + ;; + esac + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for gettimeofday with POSIX signature" >&5 +$as_echo_n "checking for gettimeofday with POSIX signature... " >&6; } +if ${gl_cv_func_gettimeofday_posix_signature+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + struct timeval c; + int gettimeofday (struct timeval *restrict, void *restrict); + +int +main () +{ +/* glibc uses struct timezone * rather than the POSIX void * + if _GNU_SOURCE is defined. However, since the only portable + use of gettimeofday uses NULL as the second parameter, and + since the glibc definition is actually more typesafe, it is + not worth wrapping this to get a compliant signature. */ + int (*f) (struct timeval *restrict, void *restrict) + = gettimeofday; + int x = f (&c, 0); + return !(x | c.tv_sec | c.tv_usec); + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + gl_cv_func_gettimeofday_posix_signature=yes +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +int gettimeofday (struct timeval *restrict, struct timezone *restrict); + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + gl_cv_func_gettimeofday_posix_signature=almost +else + gl_cv_func_gettimeofday_posix_signature=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_func_gettimeofday_posix_signature" >&5 +$as_echo "$gl_cv_func_gettimeofday_posix_signature" >&6; } + if test $gl_cv_func_gettimeofday_posix_signature = almost; then + gl_gettimeofday_timezone='struct timezone' + elif test $gl_cv_func_gettimeofday_posix_signature != yes; then + REPLACE_GETTIMEOFDAY=1 + fi + if test $REPLACE_STRUCT_TIMEVAL = 1; then + REPLACE_GETTIMEOFDAY=1 + fi + case "$host_os" in + mingw*) REPLACE_GETTIMEOFDAY=1 ;; + esac + fi + +cat >>confdefs.h <<_ACEOF +#define GETTIMEOFDAY_TIMEZONE $gl_gettimeofday_timezone +_ACEOF + + + if test $HAVE_GETTIMEOFDAY = 0 || test $REPLACE_GETTIMEOFDAY = 1; then + + + + + + + + + gl_LIBOBJS="$gl_LIBOBJS gettimeofday.$ac_objext" + + : + fi + + + + + + GNULIB_GETTIMEOFDAY=1 + + + + + +$as_echo "#define GNULIB_TEST_GETTIMEOFDAY 1" >>confdefs.h + + + + # Autoconf 2.61a.99 and earlier don't support linking a file only + # in VPATH builds. But since GNUmakefile is for maintainer use + # only, it does not matter if we skip the link with older autoconf. + # Automake 1.10.1 and earlier try to remove GNUmakefile in non-VPATH + # builds, so use a shell variable to bypass this. + GNUmakefile=GNUmakefile + ac_config_links="$ac_config_links $GNUmakefile:$GNUmakefile" + + + + + + + + + HAVE_INET_NTOP=1 + INET_NTOP_LIB= + + + + + if test $ac_cv_header_sys_socket_h != yes; then + for ac_header in winsock2.h +do : + ac_fn_c_check_header_mongrel "$LINENO" "winsock2.h" "ac_cv_header_winsock2_h" "$ac_includes_default" +if test "x$ac_cv_header_winsock2_h" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_WINSOCK2_H 1 +_ACEOF + +fi + +done + + fi + if test "$ac_cv_header_winsock2_h" = yes; then + HAVE_WINSOCK2_H=1 + UNISTD_H_HAVE_WINSOCK2_H=1 + SYS_IOCTL_H_HAVE_WINSOCK2_H=1 + else + HAVE_WINSOCK2_H=0 + fi + + + if test $HAVE_WINSOCK2_H = 1; then + ac_fn_c_check_decl "$LINENO" "inet_ntop" "ac_cv_have_decl_inet_ntop" "#include +" +if test "x$ac_cv_have_decl_inet_ntop" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 +fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_INET_NTOP $ac_have_decl +_ACEOF + + if test $ac_cv_have_decl_inet_ntop = yes; then + REPLACE_INET_NTOP=1 + INET_NTOP_LIB="-lws2_32" + else + HAVE_DECL_INET_NTOP=0 + HAVE_INET_NTOP=0 + fi + else + gl_save_LIBS=$LIBS + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing inet_ntop" >&5 +$as_echo_n "checking for library containing inet_ntop... " >&6; } +if ${ac_cv_search_inet_ntop+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_func_search_save_LIBS=$LIBS +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char inet_ntop (); +int +main () +{ +return inet_ntop (); + ; + return 0; +} +_ACEOF +for ac_lib in '' nsl resolv network; do + if test -z "$ac_lib"; then + ac_res="none required" + else + ac_res=-l$ac_lib + LIBS="-l$ac_lib $ac_func_search_save_LIBS" + fi + if ac_fn_c_try_link "$LINENO"; then : + ac_cv_search_inet_ntop=$ac_res +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext + if ${ac_cv_search_inet_ntop+:} false; then : + break +fi +done +if ${ac_cv_search_inet_ntop+:} false; then : + +else + ac_cv_search_inet_ntop=no +fi +rm conftest.$ac_ext +LIBS=$ac_func_search_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_inet_ntop" >&5 +$as_echo "$ac_cv_search_inet_ntop" >&6; } +ac_res=$ac_cv_search_inet_ntop +if test "$ac_res" != no; then : + test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" + +else + for ac_func in inet_ntop +do : + ac_fn_c_check_func "$LINENO" "inet_ntop" "ac_cv_func_inet_ntop" +if test "x$ac_cv_func_inet_ntop" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_INET_NTOP 1 +_ACEOF + +fi +done + + if test $ac_cv_func_inet_ntop = no; then + HAVE_INET_NTOP=0 + fi + +fi + + LIBS=$gl_save_LIBS + + if test "$ac_cv_search_inet_ntop" != "no" \ + && test "$ac_cv_search_inet_ntop" != "none required"; then + INET_NTOP_LIB="$ac_cv_search_inet_ntop" + fi + + + ac_fn_c_check_decl "$LINENO" "inet_ntop" "ac_cv_have_decl_inet_ntop" "#include + #if HAVE_NETDB_H + # include + #endif + +" +if test "x$ac_cv_have_decl_inet_ntop" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 +fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_INET_NTOP $ac_have_decl +_ACEOF + + if test $ac_cv_have_decl_inet_ntop = no; then + HAVE_DECL_INET_NTOP=0 + fi + fi + + + if test $HAVE_INET_NTOP = 0 || test $REPLACE_INET_NTOP = 1; then + + + + + + + + + gl_LIBOBJS="$gl_LIBOBJS inet_ntop.$ac_objext" + + + + + fi + + + + + + GNULIB_INET_NTOP=1 + + + + + + + + + + + + HAVE_INET_PTON=1 + INET_PTON_LIB= + + + + + if test $ac_cv_header_sys_socket_h != yes; then + for ac_header in winsock2.h +do : + ac_fn_c_check_header_mongrel "$LINENO" "winsock2.h" "ac_cv_header_winsock2_h" "$ac_includes_default" +if test "x$ac_cv_header_winsock2_h" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_WINSOCK2_H 1 +_ACEOF + +fi + +done + + fi + if test "$ac_cv_header_winsock2_h" = yes; then + HAVE_WINSOCK2_H=1 + UNISTD_H_HAVE_WINSOCK2_H=1 + SYS_IOCTL_H_HAVE_WINSOCK2_H=1 + else + HAVE_WINSOCK2_H=0 + fi + + + if test $HAVE_WINSOCK2_H = 1; then + ac_fn_c_check_decl "$LINENO" "inet_pton" "ac_cv_have_decl_inet_pton" "#include +" +if test "x$ac_cv_have_decl_inet_pton" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 +fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_INET_PTON $ac_have_decl +_ACEOF + + if test $ac_cv_have_decl_inet_pton = yes; then + REPLACE_INET_PTON=1 + INET_PTON_LIB="-lws2_32" + else + HAVE_DECL_INET_PTON=0 + HAVE_INET_PTON=0 + fi + else + gl_save_LIBS=$LIBS + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing inet_pton" >&5 +$as_echo_n "checking for library containing inet_pton... " >&6; } +if ${ac_cv_search_inet_pton+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_func_search_save_LIBS=$LIBS +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char inet_pton (); +int +main () +{ +return inet_pton (); + ; + return 0; +} +_ACEOF +for ac_lib in '' nsl resolv network; do + if test -z "$ac_lib"; then + ac_res="none required" + else + ac_res=-l$ac_lib + LIBS="-l$ac_lib $ac_func_search_save_LIBS" + fi + if ac_fn_c_try_link "$LINENO"; then : + ac_cv_search_inet_pton=$ac_res +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext + if ${ac_cv_search_inet_pton+:} false; then : + break +fi +done +if ${ac_cv_search_inet_pton+:} false; then : + +else + ac_cv_search_inet_pton=no +fi +rm conftest.$ac_ext +LIBS=$ac_func_search_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_inet_pton" >&5 +$as_echo "$ac_cv_search_inet_pton" >&6; } +ac_res=$ac_cv_search_inet_pton +if test "$ac_res" != no; then : + test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" + +else + for ac_func in inet_pton +do : + ac_fn_c_check_func "$LINENO" "inet_pton" "ac_cv_func_inet_pton" +if test "x$ac_cv_func_inet_pton" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_INET_PTON 1 +_ACEOF + +fi +done + + if test $ac_cv_func_inet_pton = no; then + HAVE_INET_PTON=0 + fi + +fi + + LIBS=$gl_save_LIBS + + if test "$ac_cv_search_inet_pton" != "no" \ + && test "$ac_cv_search_inet_pton" != "none required"; then + INET_PTON_LIB="$ac_cv_search_inet_pton" + fi + + + ac_fn_c_check_decl "$LINENO" "inet_pton" "ac_cv_have_decl_inet_pton" "#include + #if HAVE_NETDB_H + # include + #endif + +" +if test "x$ac_cv_have_decl_inet_pton" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 +fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_INET_PTON $ac_have_decl +_ACEOF + + if test $ac_cv_have_decl_inet_pton = no; then + HAVE_DECL_INET_PTON=0 + fi + fi + + + if test $HAVE_INET_PTON = 0 || test $REPLACE_INET_NTOP = 1; then + + + + + + + + + gl_LIBOBJS="$gl_LIBOBJS inet_pton.$ac_objext" + + + + + fi + + + + + + GNULIB_INET_PTON=1 + + + + + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if gcc/ld supports -Wl,--output-def" >&5 +$as_echo_n "checking if gcc/ld supports -Wl,--output-def... " >&6; } +if ${gl_cv_ld_output_def+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test "$enable_shared" = no; then + gl_cv_ld_output_def="not needed, shared libraries are disabled" + else + gl_ldflags_save=$LDFLAGS + LDFLAGS="-Wl,--output-def,conftest.def" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + gl_cv_ld_output_def=yes +else + gl_cv_ld_output_def=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + rm -f conftest.def + LDFLAGS="$gl_ldflags_save" + fi +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_ld_output_def" >&5 +$as_echo "$gl_cv_ld_output_def" >&6; } + if test "x$gl_cv_ld_output_def" = "xyes"; then + HAVE_LD_OUTPUT_DEF_TRUE= + HAVE_LD_OUTPUT_DEF_FALSE='#' +else + HAVE_LD_OUTPUT_DEF_TRUE='#' + HAVE_LD_OUTPUT_DEF_FALSE= +fi + + + + # Check whether --enable-ld-version-script was given. +if test "${enable_ld_version_script+set}" = set; then : + enableval=$enable_ld_version_script; have_ld_version_script=$enableval +else + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if LD -Wl,--version-script works" >&5 +$as_echo_n "checking if LD -Wl,--version-script works... " >&6; } +if ${gl_cv_sys_ld_version_script+:} false; then : + $as_echo_n "(cached) " >&6 +else + gl_cv_sys_ld_version_script=no + save_LDFLAGS=$LDFLAGS + LDFLAGS="$LDFLAGS -Wl,--version-script=conftest.map" + echo foo >conftest.map + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + +else + cat > conftest.map <conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + gl_cv_sys_ld_version_script=yes +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + rm -f conftest.map + LDFLAGS=$save_LDFLAGS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_sys_ld_version_script" >&5 +$as_echo "$gl_cv_sys_ld_version_script" >&6; } + have_ld_version_script=$gl_cv_sys_ld_version_script +fi + + if test "$have_ld_version_script" = yes; then + HAVE_LD_VERSION_SCRIPT_TRUE= + HAVE_LD_VERSION_SCRIPT_FALSE='#' +else + HAVE_LD_VERSION_SCRIPT_TRUE='#' + HAVE_LD_VERSION_SCRIPT_FALSE= +fi + + + + + + + + + + + + + gl_LIBOBJS="$gl_LIBOBJS localtime-buffer.$ac_objext" + + + + + + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether lseek detects pipes" >&5 +$as_echo_n "checking whether lseek detects pipes... " >&6; } +if ${gl_cv_func_lseek_pipe+:} false; then : + $as_echo_n "(cached) " >&6 +else + case "$host_os" in + mingw*) + gl_cv_func_lseek_pipe=no + ;; + *) + if test $cross_compiling = no; then + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include /* for off_t */ +#include /* for SEEK_CUR */ +#if HAVE_UNISTD_H +# include +#else /* on Windows with MSVC */ +# include +#endif + +int +main () +{ + + /* Exit with success only if stdin is seekable. */ + return lseek (0, (off_t)0, SEEK_CUR) < 0; + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + if test -s conftest$ac_exeext \ + && ./conftest$ac_exeext < conftest.$ac_ext \ + && test 1 = "`echo hi \ + | { ./conftest$ac_exeext; echo $?; cat >/dev/null; }`"; then + gl_cv_func_lseek_pipe=yes + else + gl_cv_func_lseek_pipe=no + fi + +else + gl_cv_func_lseek_pipe=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#if defined __BEOS__ +/* BeOS mistakenly return 0 when trying to seek on pipes. */ + Choke me. +#endif +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + gl_cv_func_lseek_pipe=yes +else + gl_cv_func_lseek_pipe=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + fi + ;; + esac + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_func_lseek_pipe" >&5 +$as_echo "$gl_cv_func_lseek_pipe" >&6; } + if test $gl_cv_func_lseek_pipe = no; then + REPLACE_LSEEK=1 + +$as_echo "#define LSEEK_PIPE_BROKEN 1" >>confdefs.h + + fi + + + if test $WINDOWS_64_BIT_OFF_T = 1; then + REPLACE_LSEEK=1 + fi + + if test $REPLACE_LSEEK = 1; then + + + + + + + + + gl_LIBOBJS="$gl_LIBOBJS lseek.$ac_objext" + + fi + + + + + + GNULIB_LSEEK=1 + + + + + +$as_echo "#define GNULIB_TEST_LSEEK 1" >>confdefs.h + + + + + + + + + + if test $gl_cv_func_malloc_posix = yes; then + +$as_echo "#define HAVE_MALLOC_POSIX 1" >>confdefs.h + + else + REPLACE_MALLOC=1 + fi + + if test $REPLACE_MALLOC = 1; then + + + + + + + + + gl_LIBOBJS="$gl_LIBOBJS malloc.$ac_objext" + + fi + + + + + + GNULIB_MALLOC_POSIX=1 + + + + + +$as_echo "#define GNULIB_TEST_MALLOC_POSIX 1" >>confdefs.h + + + + + if test $HAVE_MEMCHR = 0 || test $REPLACE_MEMCHR = 1; then + + + + + + + + + gl_LIBOBJS="$gl_LIBOBJS memchr.$ac_objext" + + + for ac_header in bp-sym.h +do : + ac_fn_c_check_header_mongrel "$LINENO" "bp-sym.h" "ac_cv_header_bp_sym_h" "$ac_includes_default" +if test "x$ac_cv_header_bp_sym_h" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_BP_SYM_H 1 +_ACEOF + +fi + +done + + + fi + + + + + + GNULIB_MEMCHR=1 + + + + + +$as_echo "#define GNULIB_TEST_MEMCHR 1" >>confdefs.h + + + + + + + + for ac_func in memmem +do : + ac_fn_c_check_func "$LINENO" "memmem" "ac_cv_func_memmem" +if test "x$ac_cv_func_memmem" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_MEMMEM 1 +_ACEOF + +fi +done + + if test $ac_cv_func_memmem = yes; then + HAVE_MEMMEM=1 + else + HAVE_MEMMEM=0 + fi + + if test $ac_cv_have_decl_memmem = no; then + HAVE_DECL_MEMMEM=0 + else + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether memmem works" >&5 +$as_echo_n "checking whether memmem works... " >&6; } +if ${gl_cv_func_memmem_works_always+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test "$cross_compiling" = yes; then : + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#ifdef __GNU_LIBRARY__ + #include + #if ((__GLIBC__ == 2 && ((__GLIBC_MINOR > 0 && __GLIBC_MINOR__ < 9) \ + || __GLIBC_MINOR__ > 12)) \ + || (__GLIBC__ > 2)) \ + || defined __UCLIBC__ + Lucky user + #endif +#elif defined __CYGWIN__ + #include + #if CYGWIN_VERSION_DLL_COMBINED > CYGWIN_VERSION_DLL_MAKE_COMBINED (1007, 7) + Lucky user + #endif +#else + Lucky user +#endif + +_ACEOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + $EGREP "Lucky user" >/dev/null 2>&1; then : + gl_cv_func_memmem_works_always="guessing yes" +else + gl_cv_func_memmem_works_always="guessing no" +fi +rm -f conftest* + + +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include /* for memmem */ +#define P "_EF_BF_BD" +#define HAYSTACK "F_BD_CE_BD" P P P P "_C3_88_20" P P P "_C3_A7_20" P +#define NEEDLE P P P P P + +int +main () +{ + + int result = 0; + if (memmem (HAYSTACK, strlen (HAYSTACK), NEEDLE, strlen (NEEDLE))) + result |= 1; + /* Check for empty needle behavior. */ + { + const char *haystack = "AAA"; + if (memmem (haystack, 3, NULL, 0) != haystack) + result |= 2; + } + return result; + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_run "$LINENO"; then : + gl_cv_func_memmem_works_always=yes +else + gl_cv_func_memmem_works_always=no +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_func_memmem_works_always" >&5 +$as_echo "$gl_cv_func_memmem_works_always" >&6; } + case "$gl_cv_func_memmem_works_always" in + *yes) ;; + *) + REPLACE_MEMMEM=1 + ;; + esac + fi + : + + if test $HAVE_MEMMEM = 0 || test $REPLACE_MEMMEM = 1; then + + + + + + + + + gl_LIBOBJS="$gl_LIBOBJS memmem.$ac_objext" + + fi + + + + + + GNULIB_MEMMEM=1 + + + + + +$as_echo "#define GNULIB_TEST_MEMMEM 1" >>confdefs.h + + + + + + + + if test $HAVE_MSVC_INVALID_PARAMETER_HANDLER = 1; then + + + + + + + + + gl_LIBOBJS="$gl_LIBOBJS msvc-inval.$ac_objext" + + fi + + if test $HAVE_MSVC_INVALID_PARAMETER_HANDLER = 1; then + + + + + + + + + gl_LIBOBJS="$gl_LIBOBJS msvc-nothrow.$ac_objext" + + fi + + +cat >>confdefs.h <<_ACEOF +#define GNULIB_MSVC_NOTHROW 1 +_ACEOF + + + + + + + + + + + + + + + if test $gl_cv_have_include_next = yes; then + gl_cv_next_netdb_h='<'netdb.h'>' + else + { $as_echo "$as_me:${as_lineno-$LINENO}: checking absolute name of " >&5 +$as_echo_n "checking absolute name of ... " >&6; } +if ${gl_cv_next_netdb_h+:} false; then : + $as_echo_n "(cached) " >&6 +else + + if test $ac_cv_header_netdb_h = yes; then + + + + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +_ACEOF + case "$host_os" in + aix*) gl_absname_cpp="$ac_cpp -C" ;; + *) gl_absname_cpp="$ac_cpp" ;; + esac + + case "$host_os" in + mingw*) + gl_dirsep_regex='[/\\]' + ;; + *) + gl_dirsep_regex='\/' + ;; + esac + gl_make_literal_regex_sed='s,[]$^\\.*/[],\\&,g' + gl_header_literal_regex=`echo 'netdb.h' \ + | sed -e "$gl_make_literal_regex_sed"` + gl_absolute_header_sed="/${gl_dirsep_regex}${gl_header_literal_regex}/"'{ + s/.*"\(.*'"${gl_dirsep_regex}${gl_header_literal_regex}"'\)".*/\1/ + s|^/[^/]|//&| + p + q + }' + + gl_cv_absolute_netdb_h=`(eval "$gl_absname_cpp conftest.$ac_ext") 2>&5 | + sed -n "$gl_absolute_header_sed"` + + gl_header=$gl_cv_absolute_netdb_h + gl_cv_next_netdb_h='"'$gl_header'"' + else + gl_cv_next_netdb_h='<'netdb.h'>' + fi + + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_next_netdb_h" >&5 +$as_echo "$gl_cv_next_netdb_h" >&6; } + fi + NEXT_NETDB_H=$gl_cv_next_netdb_h + + if test $gl_cv_have_include_next = yes || test $gl_cv_have_include_next = buggy; then + # INCLUDE_NEXT_AS_FIRST_DIRECTIVE='include_next' + gl_next_as_first_directive='<'netdb.h'>' + else + # INCLUDE_NEXT_AS_FIRST_DIRECTIVE='include' + gl_next_as_first_directive=$gl_cv_next_netdb_h + fi + NEXT_AS_FIRST_DIRECTIVE_NETDB_H=$gl_next_as_first_directive + + + + + if test $ac_cv_header_netdb_h = yes; then + HAVE_NETDB_H=1 + else + HAVE_NETDB_H=0 + fi + + + + + + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether is self-contained" >&5 +$as_echo_n "checking whether is self-contained... " >&6; } +if ${gl_cv_header_netinet_in_h_selfcontained+:} false; then : + $as_echo_n "(cached) " >&6 +else + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + gl_cv_header_netinet_in_h_selfcontained=yes +else + gl_cv_header_netinet_in_h_selfcontained=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_header_netinet_in_h_selfcontained" >&5 +$as_echo "$gl_cv_header_netinet_in_h_selfcontained" >&6; } + if test $gl_cv_header_netinet_in_h_selfcontained = yes; then + NETINET_IN_H='' + else + NETINET_IN_H='netinet/in.h' + for ac_header in netinet/in.h +do : + ac_fn_c_check_header_mongrel "$LINENO" "netinet/in.h" "ac_cv_header_netinet_in_h" "$ac_includes_default" +if test "x$ac_cv_header_netinet_in_h" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_NETINET_IN_H 1 +_ACEOF + +fi + +done + + + + + + + + + + + if test $gl_cv_have_include_next = yes; then + gl_cv_next_netinet_in_h='<'netinet/in.h'>' + else + { $as_echo "$as_me:${as_lineno-$LINENO}: checking absolute name of " >&5 +$as_echo_n "checking absolute name of ... " >&6; } +if ${gl_cv_next_netinet_in_h+:} false; then : + $as_echo_n "(cached) " >&6 +else + + if test $ac_cv_header_netinet_in_h = yes; then + + + + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +_ACEOF + case "$host_os" in + aix*) gl_absname_cpp="$ac_cpp -C" ;; + *) gl_absname_cpp="$ac_cpp" ;; + esac + + case "$host_os" in + mingw*) + gl_dirsep_regex='[/\\]' + ;; + *) + gl_dirsep_regex='\/' + ;; + esac + gl_make_literal_regex_sed='s,[]$^\\.*/[],\\&,g' + gl_header_literal_regex=`echo 'netinet/in.h' \ + | sed -e "$gl_make_literal_regex_sed"` + gl_absolute_header_sed="/${gl_dirsep_regex}${gl_header_literal_regex}/"'{ + s/.*"\(.*'"${gl_dirsep_regex}${gl_header_literal_regex}"'\)".*/\1/ + s|^/[^/]|//&| + p + q + }' + + gl_cv_absolute_netinet_in_h=`(eval "$gl_absname_cpp conftest.$ac_ext") 2>&5 | + sed -n "$gl_absolute_header_sed"` + + gl_header=$gl_cv_absolute_netinet_in_h + gl_cv_next_netinet_in_h='"'$gl_header'"' + else + gl_cv_next_netinet_in_h='<'netinet/in.h'>' + fi + + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_next_netinet_in_h" >&5 +$as_echo "$gl_cv_next_netinet_in_h" >&6; } + fi + NEXT_NETINET_IN_H=$gl_cv_next_netinet_in_h + + if test $gl_cv_have_include_next = yes || test $gl_cv_have_include_next = buggy; then + # INCLUDE_NEXT_AS_FIRST_DIRECTIVE='include_next' + gl_next_as_first_directive='<'netinet/in.h'>' + else + # INCLUDE_NEXT_AS_FIRST_DIRECTIVE='include' + gl_next_as_first_directive=$gl_cv_next_netinet_in_h + fi + NEXT_AS_FIRST_DIRECTIVE_NETINET_IN_H=$gl_next_as_first_directive + + + + + if test $ac_cv_header_netinet_in_h = yes; then + HAVE_NETINET_IN_H=1 + else + HAVE_NETINET_IN_H=0 + fi + + fi + + if test -n "$NETINET_IN_H"; then + GL_GENERATE_NETINET_IN_H_TRUE= + GL_GENERATE_NETINET_IN_H_FALSE='#' +else + GL_GENERATE_NETINET_IN_H_TRUE='#' + GL_GENERATE_NETINET_IN_H_FALSE= +fi + + + + + + + # Extract the first word of "pmccabe", so it can be a program name with args. +set dummy pmccabe; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_path_PMCCABE+:} false; then : + $as_echo_n "(cached) " >&6 +else + case $PMCCABE in + [\\/]* | ?:[\\/]*) + ac_cv_path_PMCCABE="$PMCCABE" # Let the user override the test with a path. + ;; + *) + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_path_PMCCABE="$as_dir/$ac_word$ac_exec_ext" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + + test -z "$ac_cv_path_PMCCABE" && ac_cv_path_PMCCABE="false" + ;; +esac +fi +PMCCABE=$ac_cv_path_PMCCABE +if test -n "$PMCCABE"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PMCCABE" >&5 +$as_echo "$PMCCABE" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + + : + + + + if test $gl_cv_func_malloc_posix = yes; then + +$as_echo "#define HAVE_REALLOC_POSIX 1" >>confdefs.h + + else + REPLACE_REALLOC=1 + fi + + if test $REPLACE_REALLOC = 1; then + + + + + + + + + gl_LIBOBJS="$gl_LIBOBJS realloc.$ac_objext" + + fi + + + + + + GNULIB_REALLOC_POSIX=1 + + + + + +$as_echo "#define GNULIB_TEST_REALLOC_POSIX 1" >>confdefs.h + + + + + + + + + if test $ac_cv_func_secure_getenv = no; then + HAVE_SECURE_GETENV=0 + fi + + if test $HAVE_SECURE_GETENV = 0; then + + + + + + + + + gl_LIBOBJS="$gl_LIBOBJS secure_getenv.$ac_objext" + + + for ac_func in __secure_getenv +do : + ac_fn_c_check_func "$LINENO" "__secure_getenv" "ac_cv_func___secure_getenv" +if test "x$ac_cv_func___secure_getenv" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE___SECURE_GETENV 1 +_ACEOF + +fi +done + + if test $ac_cv_func___secure_getenv = no; then + for ac_func in issetugid +do : + ac_fn_c_check_func "$LINENO" "issetugid" "ac_cv_func_issetugid" +if test "x$ac_cv_func_issetugid" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_ISSETUGID 1 +_ACEOF + +fi +done + + fi + + + fi + + + + + + GNULIB_SECURE_GETENV=1 + + + + + +$as_echo "#define GNULIB_TEST_SECURE_GETENV 1" >>confdefs.h + + + + + if test "$ac_cv_header_winsock2_h" = yes; then + + + + + + + + + gl_LIBOBJS="$gl_LIBOBJS setsockopt.$ac_objext" + + fi + + + + + + GNULIB_SETSOCKOPT=1 + + + + + +$as_echo "#define GNULIB_TEST_SETSOCKOPT 1" >>confdefs.h + + + + + for ac_header in stdint.h +do : + ac_fn_c_check_header_mongrel "$LINENO" "stdint.h" "ac_cv_header_stdint_h" "$ac_includes_default" +if test "x$ac_cv_header_stdint_h" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_STDINT_H 1 +_ACEOF + +fi + +done + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for SIZE_MAX" >&5 +$as_echo_n "checking for SIZE_MAX... " >&6; } +if ${gl_cv_size_max+:} false; then : + $as_echo_n "(cached) " >&6 +else + + gl_cv_size_max= + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#if HAVE_STDINT_H +#include +#endif +#ifdef SIZE_MAX +Found it +#endif + +_ACEOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + $EGREP "Found it" >/dev/null 2>&1; then : + gl_cv_size_max=yes +fi +rm -f conftest* + + if test -z "$gl_cv_size_max"; then + if ac_fn_c_compute_int "$LINENO" "sizeof (size_t) * CHAR_BIT - 1" "size_t_bits_minus_1" "#include +#include "; then : + +else + size_t_bits_minus_1= +fi + + if ac_fn_c_compute_int "$LINENO" "sizeof (size_t) <= sizeof (unsigned int)" "fits_in_uint" "#include "; then : + +else + fits_in_uint= +fi + + if test -n "$size_t_bits_minus_1" && test -n "$fits_in_uint"; then + if test $fits_in_uint = 1; then + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + extern size_t foo; + extern unsigned long foo; + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + fits_in_uint=0 +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + fi + if test $fits_in_uint = 1; then + gl_cv_size_max="(((1U << $size_t_bits_minus_1) - 1) * 2 + 1)" + else + gl_cv_size_max="(((1UL << $size_t_bits_minus_1) - 1) * 2 + 1)" + fi + else + gl_cv_size_max='((size_t)~(size_t)0)' + fi + fi + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_size_max" >&5 +$as_echo "$gl_cv_size_max" >&6; } + if test "$gl_cv_size_max" != yes; then + +cat >>confdefs.h <<_ACEOF +#define SIZE_MAX $gl_cv_size_max +_ACEOF + + fi + + + + + gl_cv_func_snprintf_usable=no + for ac_func in snprintf +do : + ac_fn_c_check_func "$LINENO" "snprintf" "ac_cv_func_snprintf" +if test "x$ac_cv_func_snprintf" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_SNPRINTF 1 +_ACEOF + +fi +done + + if test $ac_cv_func_snprintf = yes; then + + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether snprintf respects a size of 1" >&5 +$as_echo_n "checking whether snprintf respects a size of 1... " >&6; } +if ${gl_cv_func_snprintf_size1+:} false; then : + $as_echo_n "(cached) " >&6 +else + + if test "$cross_compiling" = yes; then : + case "$host_os" in + # Guess yes on Android. + linux*-android*) gl_cv_func_snprintf_size1="guessing yes" ;; + # Guess yes on native Windows. + mingw*) gl_cv_func_snprintf_size1="guessing yes" ;; + *) gl_cv_func_snprintf_size1="guessing yes" ;; + esac + +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#if HAVE_SNPRINTF +# define my_snprintf snprintf +#else +# include +static int my_snprintf (char *buf, int size, const char *format, ...) +{ + va_list args; + int ret; + va_start (args, format); + ret = vsnprintf (buf, size, format, args); + va_end (args); + return ret; +} +#endif +int main() +{ + static char buf[8] = { 'D', 'E', 'A', 'D', 'B', 'E', 'E', 'F' }; + my_snprintf (buf, 1, "%d", 12345); + return buf[1] != 'E'; +} +_ACEOF +if ac_fn_c_try_run "$LINENO"; then : + gl_cv_func_snprintf_size1=yes +else + gl_cv_func_snprintf_size1=no +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_func_snprintf_size1" >&5 +$as_echo "$gl_cv_func_snprintf_size1" >&6; } + + case "$gl_cv_func_snprintf_size1" in + *yes) + + case "$gl_cv_func_snprintf_retval_c99" in + *yes) + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether printf supports POSIX/XSI format strings with positions" >&5 +$as_echo_n "checking whether printf supports POSIX/XSI format strings with positions... " >&6; } +if ${gl_cv_func_printf_positions+:} false; then : + $as_echo_n "(cached) " >&6 +else + + if test "$cross_compiling" = yes; then : + + case "$host_os" in + netbsd[1-3]* | netbsdelf[1-3]* | netbsdaout[1-3]* | netbsdcoff[1-3]*) + gl_cv_func_printf_positions="guessing no";; + beos*) gl_cv_func_printf_positions="guessing no";; + # Guess yes on Android. + linux*-android*) gl_cv_func_printf_positions="guessing yes";; + # Guess no on native Windows. + mingw* | pw*) gl_cv_func_printf_positions="guessing no";; + *) gl_cv_func_printf_positions="guessing yes";; + esac + +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include +/* The string "%2$d %1$d", with dollar characters protected from the shell's + dollar expansion (possibly an autoconf bug). */ +static char format[] = { '%', '2', '$', 'd', ' ', '%', '1', '$', 'd', '\0' }; +static char buf[100]; +int main () +{ + sprintf (buf, format, 33, 55); + return (strcmp (buf, "55 33") != 0); +} +_ACEOF +if ac_fn_c_try_run "$LINENO"; then : + gl_cv_func_printf_positions=yes +else + gl_cv_func_printf_positions=no +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_func_printf_positions" >&5 +$as_echo "$gl_cv_func_printf_positions" >&6; } + + case "$gl_cv_func_printf_positions" in + *yes) + gl_cv_func_snprintf_usable=yes + ;; + esac + ;; + esac + ;; + esac + fi + if test $gl_cv_func_snprintf_usable = no; then + + + + + + + + + + + gl_LIBOBJS="$gl_LIBOBJS snprintf.$ac_objext" + + if test $ac_cv_func_snprintf = yes; then + REPLACE_SNPRINTF=1 + else + + if test $ac_cv_have_decl_snprintf = yes; then + REPLACE_SNPRINTF=1 + fi + fi + : + + fi + + if test $ac_cv_have_decl_snprintf = no; then + HAVE_DECL_SNPRINTF=0 + fi + + + + + + + GNULIB_SNPRINTF=1 + + + + + +$as_echo "#define GNULIB_TEST_SNPRINTF 1" >>confdefs.h + + + + + +cat >>confdefs.h <<_ACEOF +#define GNULIB_SNPRINTF 1 +_ACEOF + + + + ac_fn_c_check_type "$LINENO" "socklen_t" "ac_cv_type_socklen_t" " +/* is not needed according to POSIX, but the + in i386-unknown-freebsd4.10 and + powerpc-apple-darwin5.5 required it. */ +#include +#if HAVE_SYS_SOCKET_H +# include +#elif HAVE_WS2TCPIP_H +# include +#endif + +" +if test "x$ac_cv_type_socklen_t" = xyes; then : + +else + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for socklen_t equivalent" >&5 +$as_echo_n "checking for socklen_t equivalent... " >&6; } +if ${gl_cv_socklen_t_equiv+:} false; then : + $as_echo_n "(cached) " >&6 +else + # Systems have either "struct sockaddr *" or + # "void *" as the second argument to getpeername + gl_cv_socklen_t_equiv= + for arg2 in "struct sockaddr" void; do + for t in int size_t "unsigned int" "long int" "unsigned long int"; do + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + #include + + int getpeername (int, $arg2 *, $t *); +int +main () +{ +$t len; + getpeername (0, 0, &len); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + gl_cv_socklen_t_equiv="$t" +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + test "$gl_cv_socklen_t_equiv" != "" && break + done + test "$gl_cv_socklen_t_equiv" != "" && break + done + if test "$gl_cv_socklen_t_equiv" = ""; then + as_fn_error $? "Cannot find a type to use in place of socklen_t" "$LINENO" 5 + fi + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_socklen_t_equiv" >&5 +$as_echo "$gl_cv_socklen_t_equiv" >&6; } + +cat >>confdefs.h <<_ACEOF +#define socklen_t $gl_cv_socklen_t_equiv +_ACEOF + +fi + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ssize_t" >&5 +$as_echo_n "checking for ssize_t... " >&6; } +if ${gt_cv_ssize_t+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +int +main () +{ +int x = sizeof (ssize_t *) + sizeof (ssize_t); + return !x; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + gt_cv_ssize_t=yes +else + gt_cv_ssize_t=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gt_cv_ssize_t" >&5 +$as_echo "$gt_cv_ssize_t" >&6; } + if test $gt_cv_ssize_t = no; then + +$as_echo "#define ssize_t int" >>confdefs.h + + fi + + + + + + ac_fn_c_check_member "$LINENO" "struct stat" "st_atim.tv_nsec" "ac_cv_member_struct_stat_st_atim_tv_nsec" "#include + #include +" +if test "x$ac_cv_member_struct_stat_st_atim_tv_nsec" = xyes; then : + +cat >>confdefs.h <<_ACEOF +#define HAVE_STRUCT_STAT_ST_ATIM_TV_NSEC 1 +_ACEOF + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether struct stat.st_atim is of type struct timespec" >&5 +$as_echo_n "checking whether struct stat.st_atim is of type struct timespec... " >&6; } +if ${ac_cv_typeof_struct_stat_st_atim_is_struct_timespec+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + #include + #include + #if HAVE_SYS_TIME_H + # include + #endif + #include + struct timespec ts; + struct stat st; + +int +main () +{ + + st.st_atim = ts; + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_cv_typeof_struct_stat_st_atim_is_struct_timespec=yes +else + ac_cv_typeof_struct_stat_st_atim_is_struct_timespec=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_typeof_struct_stat_st_atim_is_struct_timespec" >&5 +$as_echo "$ac_cv_typeof_struct_stat_st_atim_is_struct_timespec" >&6; } + if test $ac_cv_typeof_struct_stat_st_atim_is_struct_timespec = yes; then + +$as_echo "#define TYPEOF_STRUCT_STAT_ST_ATIM_IS_STRUCT_TIMESPEC 1" >>confdefs.h + + fi +else + ac_fn_c_check_member "$LINENO" "struct stat" "st_atimespec.tv_nsec" "ac_cv_member_struct_stat_st_atimespec_tv_nsec" "#include + #include +" +if test "x$ac_cv_member_struct_stat_st_atimespec_tv_nsec" = xyes; then : + +cat >>confdefs.h <<_ACEOF +#define HAVE_STRUCT_STAT_ST_ATIMESPEC_TV_NSEC 1 +_ACEOF + + +else + ac_fn_c_check_member "$LINENO" "struct stat" "st_atimensec" "ac_cv_member_struct_stat_st_atimensec" "#include + #include +" +if test "x$ac_cv_member_struct_stat_st_atimensec" = xyes; then : + +cat >>confdefs.h <<_ACEOF +#define HAVE_STRUCT_STAT_ST_ATIMENSEC 1 +_ACEOF + + +else + ac_fn_c_check_member "$LINENO" "struct stat" "st_atim.st__tim.tv_nsec" "ac_cv_member_struct_stat_st_atim_st__tim_tv_nsec" "#include + #include +" +if test "x$ac_cv_member_struct_stat_st_atim_st__tim_tv_nsec" = xyes; then : + +cat >>confdefs.h <<_ACEOF +#define HAVE_STRUCT_STAT_ST_ATIM_ST__TIM_TV_NSEC 1 +_ACEOF + + +fi + +fi + +fi + +fi + + + + + + ac_fn_c_check_member "$LINENO" "struct stat" "st_birthtimespec.tv_nsec" "ac_cv_member_struct_stat_st_birthtimespec_tv_nsec" "#include + #include +" +if test "x$ac_cv_member_struct_stat_st_birthtimespec_tv_nsec" = xyes; then : + +cat >>confdefs.h <<_ACEOF +#define HAVE_STRUCT_STAT_ST_BIRTHTIMESPEC_TV_NSEC 1 +_ACEOF + + +else + ac_fn_c_check_member "$LINENO" "struct stat" "st_birthtimensec" "ac_cv_member_struct_stat_st_birthtimensec" "#include + #include +" +if test "x$ac_cv_member_struct_stat_st_birthtimensec" = xyes; then : + +cat >>confdefs.h <<_ACEOF +#define HAVE_STRUCT_STAT_ST_BIRTHTIMENSEC 1 +_ACEOF + + +else + ac_fn_c_check_member "$LINENO" "struct stat" "st_birthtim.tv_nsec" "ac_cv_member_struct_stat_st_birthtim_tv_nsec" "#include + #include +" +if test "x$ac_cv_member_struct_stat_st_birthtim_tv_nsec" = xyes; then : + +cat >>confdefs.h <<_ACEOF +#define HAVE_STRUCT_STAT_ST_BIRTHTIM_TV_NSEC 1 +_ACEOF + + +fi + +fi + +fi + + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for working stdalign.h" >&5 +$as_echo_n "checking for working stdalign.h... " >&6; } +if ${gl_cv_header_working_stdalign_h+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + #include + + /* Test that alignof yields a result consistent with offsetof. + This catches GCC bug 52023 + . */ + #ifdef __cplusplus + template struct alignof_helper { char a; t b; }; + # define ao(type) offsetof (alignof_helper, b) + #else + # define ao(type) offsetof (struct { char a; type b; }, b) + #endif + char test_double[ao (double) % _Alignof (double) == 0 ? 1 : -1]; + char test_long[ao (long int) % _Alignof (long int) == 0 ? 1 : -1]; + char test_alignof[alignof (double) == _Alignof (double) ? 1 : -1]; + + /* Test _Alignas only on platforms where gnulib can help. */ + #if \ + ((defined __cplusplus && 201103 <= __cplusplus) \ + || (defined __APPLE__ && defined __MACH__ \ + ? 4 < __GNUC__ + (1 <= __GNUC_MINOR__) \ + : __GNUC__) \ + || (__ia64 && (61200 <= __HP_cc || 61200 <= __HP_aCC)) \ + || __ICC || 0x590 <= __SUNPRO_C || 0x0600 <= __xlC__ \ + || 1300 <= _MSC_VER) + struct alignas_test { char c; char alignas (8) alignas_8; }; + char test_alignas[offsetof (struct alignas_test, alignas_8) == 8 + ? 1 : -1]; + #endif + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + gl_cv_header_working_stdalign_h=yes +else + gl_cv_header_working_stdalign_h=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_header_working_stdalign_h" >&5 +$as_echo "$gl_cv_header_working_stdalign_h" >&6; } + + if test $gl_cv_header_working_stdalign_h = yes; then + STDALIGN_H='' + else + STDALIGN_H='stdalign.h' + fi + + + if test -n "$STDALIGN_H"; then + GL_GENERATE_STDALIGN_H_TRUE= + GL_GENERATE_STDALIGN_H_FALSE='#' +else + GL_GENERATE_STDALIGN_H_TRUE='#' + GL_GENERATE_STDALIGN_H_FALSE= +fi + + + + + + # Define two additional variables used in the Makefile substitution. + + if test "$ac_cv_header_stdbool_h" = yes; then + STDBOOL_H='' + else + STDBOOL_H='stdbool.h' + fi + + if test -n "$STDBOOL_H"; then + GL_GENERATE_STDBOOL_H_TRUE= + GL_GENERATE_STDBOOL_H_FALSE='#' +else + GL_GENERATE_STDBOOL_H_TRUE='#' + GL_GENERATE_STDBOOL_H_FALSE= +fi + + + if test "$ac_cv_type__Bool" = yes; then + HAVE__BOOL=1 + else + HAVE__BOOL=0 + fi + + + + + + STDDEF_H= + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for good max_align_t" >&5 +$as_echo_n "checking for good max_align_t... " >&6; } +if ${gl_cv_type_max_align_t+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + unsigned int s = sizeof (max_align_t); + #if defined __GNUC__ || defined __IBM__ALIGNOF__ + int check1[2 * (__alignof__ (double) <= __alignof__ (max_align_t)) - 1]; + int check2[2 * (__alignof__ (long double) <= __alignof__ (max_align_t)) - 1]; + #endif + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + gl_cv_type_max_align_t=yes +else + gl_cv_type_max_align_t=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_type_max_align_t" >&5 +$as_echo "$gl_cv_type_max_align_t" >&6; } + if test $gl_cv_type_max_align_t = no; then + HAVE_MAX_ALIGN_T=0 + STDDEF_H=stddef.h + fi + + if test $gt_cv_c_wchar_t = no; then + HAVE_WCHAR_T=0 + STDDEF_H=stddef.h + fi + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether NULL can be used in arbitrary expressions" >&5 +$as_echo_n "checking whether NULL can be used in arbitrary expressions... " >&6; } +if ${gl_cv_decl_null_works+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + int test[2 * (sizeof NULL == sizeof (void *)) -1]; + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + gl_cv_decl_null_works=yes +else + gl_cv_decl_null_works=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_decl_null_works" >&5 +$as_echo "$gl_cv_decl_null_works" >&6; } + if test $gl_cv_decl_null_works = no; then + REPLACE_NULL=1 + STDDEF_H=stddef.h + fi + + + if test -n "$STDDEF_H"; then + GL_GENERATE_STDDEF_H_TRUE= + GL_GENERATE_STDDEF_H_FALSE='#' +else + GL_GENERATE_STDDEF_H_TRUE='#' + GL_GENERATE_STDDEF_H_FALSE= +fi + + if test -n "$STDDEF_H"; then + + + + + + + + + if test $gl_cv_have_include_next = yes; then + gl_cv_next_stddef_h='<'stddef.h'>' + else + { $as_echo "$as_me:${as_lineno-$LINENO}: checking absolute name of " >&5 +$as_echo_n "checking absolute name of ... " >&6; } +if ${gl_cv_next_stddef_h+:} false; then : + $as_echo_n "(cached) " >&6 +else + + + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +_ACEOF + case "$host_os" in + aix*) gl_absname_cpp="$ac_cpp -C" ;; + *) gl_absname_cpp="$ac_cpp" ;; + esac + + case "$host_os" in + mingw*) + gl_dirsep_regex='[/\\]' + ;; + *) + gl_dirsep_regex='\/' + ;; + esac + gl_make_literal_regex_sed='s,[]$^\\.*/[],\\&,g' + gl_header_literal_regex=`echo 'stddef.h' \ + | sed -e "$gl_make_literal_regex_sed"` + gl_absolute_header_sed="/${gl_dirsep_regex}${gl_header_literal_regex}/"'{ + s/.*"\(.*'"${gl_dirsep_regex}${gl_header_literal_regex}"'\)".*/\1/ + s|^/[^/]|//&| + p + q + }' + + gl_cv_absolute_stddef_h=`(eval "$gl_absname_cpp conftest.$ac_ext") 2>&5 | + sed -n "$gl_absolute_header_sed"` + + gl_header=$gl_cv_absolute_stddef_h + gl_cv_next_stddef_h='"'$gl_header'"' + + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_next_stddef_h" >&5 +$as_echo "$gl_cv_next_stddef_h" >&6; } + fi + NEXT_STDDEF_H=$gl_cv_next_stddef_h + + if test $gl_cv_have_include_next = yes || test $gl_cv_have_include_next = buggy; then + # INCLUDE_NEXT_AS_FIRST_DIRECTIVE='include_next' + gl_next_as_first_directive='<'stddef.h'>' + else + # INCLUDE_NEXT_AS_FIRST_DIRECTIVE='include' + gl_next_as_first_directive=$gl_cv_next_stddef_h + fi + NEXT_AS_FIRST_DIRECTIVE_STDDEF_H=$gl_next_as_first_directive + + + + + fi + + + + + $as_echo "#define __USE_MINGW_ANSI_STDIO 1" >>confdefs.h + + + + + + + + + + + if test $gl_cv_have_include_next = yes; then + gl_cv_next_stdio_h='<'stdio.h'>' + else + { $as_echo "$as_me:${as_lineno-$LINENO}: checking absolute name of " >&5 +$as_echo_n "checking absolute name of ... " >&6; } +if ${gl_cv_next_stdio_h+:} false; then : + $as_echo_n "(cached) " >&6 +else + + + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +_ACEOF + case "$host_os" in + aix*) gl_absname_cpp="$ac_cpp -C" ;; + *) gl_absname_cpp="$ac_cpp" ;; + esac + + case "$host_os" in + mingw*) + gl_dirsep_regex='[/\\]' + ;; + *) + gl_dirsep_regex='\/' + ;; + esac + gl_make_literal_regex_sed='s,[]$^\\.*/[],\\&,g' + gl_header_literal_regex=`echo 'stdio.h' \ + | sed -e "$gl_make_literal_regex_sed"` + gl_absolute_header_sed="/${gl_dirsep_regex}${gl_header_literal_regex}/"'{ + s/.*"\(.*'"${gl_dirsep_regex}${gl_header_literal_regex}"'\)".*/\1/ + s|^/[^/]|//&| + p + q + }' + + gl_cv_absolute_stdio_h=`(eval "$gl_absname_cpp conftest.$ac_ext") 2>&5 | + sed -n "$gl_absolute_header_sed"` + + gl_header=$gl_cv_absolute_stdio_h + gl_cv_next_stdio_h='"'$gl_header'"' + + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_next_stdio_h" >&5 +$as_echo "$gl_cv_next_stdio_h" >&6; } + fi + NEXT_STDIO_H=$gl_cv_next_stdio_h + + if test $gl_cv_have_include_next = yes || test $gl_cv_have_include_next = buggy; then + # INCLUDE_NEXT_AS_FIRST_DIRECTIVE='include_next' + gl_next_as_first_directive='<'stdio.h'>' + else + # INCLUDE_NEXT_AS_FIRST_DIRECTIVE='include' + gl_next_as_first_directive=$gl_cv_next_stdio_h + fi + NEXT_AS_FIRST_DIRECTIVE_STDIO_H=$gl_next_as_first_directive + + + + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking which flavor of printf attribute matches inttypes macros" >&5 +$as_echo_n "checking which flavor of printf attribute matches inttypes macros... " >&6; } +if ${gl_cv_func_printf_attribute_flavor+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + #define __STDC_FORMAT_MACROS 1 + #include + #include + /* For non-mingw systems, compilation will trivially succeed. + For mingw, compilation will succeed for older mingw (system + printf, "I64d") and fail for newer mingw (gnu printf, "lld"). */ + #if (defined _WIN32 && ! defined __CYGWIN__) && \ + (__GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 4)) + extern char PRIdMAX_probe[sizeof PRIdMAX == sizeof "I64d" ? 1 : -1]; + #endif + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + gl_cv_func_printf_attribute_flavor=system +else + gl_cv_func_printf_attribute_flavor=gnu +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_func_printf_attribute_flavor" >&5 +$as_echo "$gl_cv_func_printf_attribute_flavor" >&6; } + if test "$gl_cv_func_printf_attribute_flavor" = gnu; then + +$as_echo "#define GNULIB_PRINTF_ATTRIBUTE_FLAVOR_GNU 1" >>confdefs.h + + fi + + GNULIB_FSCANF=1 + + +cat >>confdefs.h <<_ACEOF +#define GNULIB_FSCANF 1 +_ACEOF + + + GNULIB_SCANF=1 + + +cat >>confdefs.h <<_ACEOF +#define GNULIB_SCANF 1 +_ACEOF + + + GNULIB_FGETC=1 + GNULIB_GETC=1 + GNULIB_GETCHAR=1 + GNULIB_FGETS=1 + GNULIB_FREAD=1 + + + GNULIB_FPRINTF=1 + GNULIB_PRINTF=1 + GNULIB_VFPRINTF=1 + GNULIB_VPRINTF=1 + GNULIB_FPUTC=1 + GNULIB_PUTC=1 + GNULIB_PUTCHAR=1 + GNULIB_FPUTS=1 + GNULIB_PUTS=1 + GNULIB_FWRITE=1 + + + + + + + + + + + + + + + + + + if test $gl_cv_have_include_next = yes; then + gl_cv_next_stdlib_h='<'stdlib.h'>' + else + { $as_echo "$as_me:${as_lineno-$LINENO}: checking absolute name of " >&5 +$as_echo_n "checking absolute name of ... " >&6; } +if ${gl_cv_next_stdlib_h+:} false; then : + $as_echo_n "(cached) " >&6 +else + + + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +_ACEOF + case "$host_os" in + aix*) gl_absname_cpp="$ac_cpp -C" ;; + *) gl_absname_cpp="$ac_cpp" ;; + esac + + case "$host_os" in + mingw*) + gl_dirsep_regex='[/\\]' + ;; + *) + gl_dirsep_regex='\/' + ;; + esac + gl_make_literal_regex_sed='s,[]$^\\.*/[],\\&,g' + gl_header_literal_regex=`echo 'stdlib.h' \ + | sed -e "$gl_make_literal_regex_sed"` + gl_absolute_header_sed="/${gl_dirsep_regex}${gl_header_literal_regex}/"'{ + s/.*"\(.*'"${gl_dirsep_regex}${gl_header_literal_regex}"'\)".*/\1/ + s|^/[^/]|//&| + p + q + }' + + gl_cv_absolute_stdlib_h=`(eval "$gl_absname_cpp conftest.$ac_ext") 2>&5 | + sed -n "$gl_absolute_header_sed"` + + gl_header=$gl_cv_absolute_stdlib_h + gl_cv_next_stdlib_h='"'$gl_header'"' + + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_next_stdlib_h" >&5 +$as_echo "$gl_cv_next_stdlib_h" >&6; } + fi + NEXT_STDLIB_H=$gl_cv_next_stdlib_h + + if test $gl_cv_have_include_next = yes || test $gl_cv_have_include_next = buggy; then + # INCLUDE_NEXT_AS_FIRST_DIRECTIVE='include_next' + gl_next_as_first_directive='<'stdlib.h'>' + else + # INCLUDE_NEXT_AS_FIRST_DIRECTIVE='include' + gl_next_as_first_directive=$gl_cv_next_stdlib_h + fi + NEXT_AS_FIRST_DIRECTIVE_STDLIB_H=$gl_next_as_first_directive + + + + + + + + + + + + + for ac_func in strcasecmp +do : + ac_fn_c_check_func "$LINENO" "strcasecmp" "ac_cv_func_strcasecmp" +if test "x$ac_cv_func_strcasecmp" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_STRCASECMP 1 +_ACEOF + +fi +done + + if test $ac_cv_func_strcasecmp = no; then + HAVE_STRCASECMP=0 + fi + + + + for ac_func in strncasecmp +do : + ac_fn_c_check_func "$LINENO" "strncasecmp" "ac_cv_func_strncasecmp" +if test "x$ac_cv_func_strncasecmp" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_STRNCASECMP 1 +_ACEOF + +fi +done + + if test $ac_cv_func_strncasecmp = yes; then + HAVE_STRNCASECMP=1 + else + HAVE_STRNCASECMP=0 + fi + ac_fn_c_check_decl "$LINENO" "strncasecmp" "ac_cv_have_decl_strncasecmp" "$ac_includes_default" +if test "x$ac_cv_have_decl_strncasecmp" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 +fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_STRNCASECMP $ac_have_decl +_ACEOF + + if test $ac_cv_have_decl_strncasecmp = no; then + HAVE_DECL_STRNCASECMP=0 + fi + + + if test $HAVE_STRCASECMP = 0; then + + + + + + + + + gl_LIBOBJS="$gl_LIBOBJS strcasecmp.$ac_objext" + + + : + + fi + if test $HAVE_STRNCASECMP = 0; then + + + + + + + + + gl_LIBOBJS="$gl_LIBOBJS strncasecmp.$ac_objext" + + + : + + fi + + + + + if test $ac_cv_func_strdup = yes; then + if test $gl_cv_func_malloc_posix != yes; then + REPLACE_STRDUP=1 + fi + fi + + if test $ac_cv_have_decl_strdup = no; then + HAVE_DECL_STRDUP=0 + fi + + if test $ac_cv_func_strdup = no || test $REPLACE_STRDUP = 1; then + + + + + + + + + gl_LIBOBJS="$gl_LIBOBJS strdup.$ac_objext" + + : + fi + + + + + + GNULIB_STRDUP=1 + + + + + +$as_echo "#define GNULIB_TEST_STRDUP 1" >>confdefs.h + + + + + + + + + + + + + + + + if test $ac_cv_have_decl_strndup = no; then + HAVE_DECL_STRNDUP=0 + fi + + if test $ac_cv_func_strndup = yes; then + HAVE_STRNDUP=1 + # AIX 4.3.3, AIX 5.1 have a function that fails to add the terminating '\0'. + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for working strndup" >&5 +$as_echo_n "checking for working strndup... " >&6; } +if ${gl_cv_func_strndup_works+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test "$cross_compiling" = yes; then : + + case $host_os in + aix | aix[3-6]*) gl_cv_func_strndup_works="guessing no";; + *) gl_cv_func_strndup_works="guessing yes";; + esac + +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + #include + #include +int +main () +{ + +#if !HAVE_DECL_STRNDUP + extern + #ifdef __cplusplus + "C" + #endif + char *strndup (const char *, size_t); +#endif + int result; + char *s; + s = strndup ("some longer string", 15); + free (s); + s = strndup ("shorter string", 13); + result = s[13] != '\0'; + free (s); + return result; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_run "$LINENO"; then : + gl_cv_func_strndup_works=yes +else + gl_cv_func_strndup_works=no +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_func_strndup_works" >&5 +$as_echo "$gl_cv_func_strndup_works" >&6; } + case $gl_cv_func_strndup_works in + *no) REPLACE_STRNDUP=1 ;; + esac + else + HAVE_STRNDUP=0 + fi + + if test $HAVE_STRNDUP = 0 || test $REPLACE_STRNDUP = 1; then + + + + + + + + + gl_LIBOBJS="$gl_LIBOBJS strndup.$ac_objext" + + fi + + + + + + GNULIB_STRNDUP=1 + + + + + +$as_echo "#define GNULIB_TEST_STRNDUP 1" >>confdefs.h + + + + + + + + + + if test $ac_cv_have_decl_strnlen = no; then + HAVE_DECL_STRNLEN=0 + else + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for working strnlen" >&5 +$as_echo_n "checking for working strnlen... " >&6; } +if ${ac_cv_func_strnlen_working+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test "$cross_compiling" = yes; then : + # Guess no on AIX systems, yes otherwise. + case "$host_os" in + aix*) ac_cv_func_strnlen_working=no;; + *) ac_cv_func_strnlen_working=yes;; + esac +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +$ac_includes_default +int +main () +{ + +#define S "foobar" +#define S_LEN (sizeof S - 1) + + /* At least one implementation is buggy: that of AIX 4.3 would + give strnlen (S, 1) == 3. */ + + int i; + for (i = 0; i < S_LEN + 1; ++i) + { + int expected = i <= S_LEN ? i : S_LEN; + if (strnlen (S, i) != expected) + return 1; + } + return 0; + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_run "$LINENO"; then : + ac_cv_func_strnlen_working=yes +else + ac_cv_func_strnlen_working=no +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_func_strnlen_working" >&5 +$as_echo "$ac_cv_func_strnlen_working" >&6; } +test $ac_cv_func_strnlen_working = no && : + + + if test $ac_cv_func_strnlen_working = no; then + REPLACE_STRNLEN=1 + fi + fi + + if test $HAVE_DECL_STRNLEN = 0 || test $REPLACE_STRNLEN = 1; then + + + + + + + + + gl_LIBOBJS="$gl_LIBOBJS strnlen.$ac_objext" + + : + fi + + + + + + GNULIB_STRNLEN=1 + + + + + +$as_echo "#define GNULIB_TEST_STRNLEN 1" >>confdefs.h + + + + + + + + for ac_func in strtok_r +do : + ac_fn_c_check_func "$LINENO" "strtok_r" "ac_cv_func_strtok_r" +if test "x$ac_cv_func_strtok_r" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_STRTOK_R 1 +_ACEOF + +fi +done + + if test $ac_cv_func_strtok_r = yes; then + HAVE_STRTOK_R=1 + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether strtok_r works" >&5 +$as_echo_n "checking whether strtok_r works... " >&6; } +if ${gl_cv_func_strtok_r_works+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test "$cross_compiling" = yes; then : + case "$host_os" in + # Guess no on glibc systems. + *-gnu* | gnu*) gl_cv_func_strtok_r_works="guessing no" ;; + # Guess yes on native Windows. + mingw*) gl_cv_func_strtok_r_works="guessing yes" ;; + *) gl_cv_func_strtok_r_works="guessing yes" ;; + esac + +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + #ifndef __OPTIMIZE__ + # define __OPTIMIZE__ 1 + #endif + #undef __OPTIMIZE_SIZE__ + #undef __NO_INLINE__ + #include + #include + +int +main () +{ +static const char dummy[] = "\177\01a"; + char delimiters[] = "xxxxxxxx"; + char *save_ptr = (char *) dummy; + strtok_r (delimiters, "x", &save_ptr); + strtok_r (NULL, "x", &save_ptr); + return 0; + + ; + return 0; +} + +_ACEOF +if ac_fn_c_try_run "$LINENO"; then : + gl_cv_func_strtok_r_works=yes +else + gl_cv_func_strtok_r_works=no +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_func_strtok_r_works" >&5 +$as_echo "$gl_cv_func_strtok_r_works" >&6; } + case "$gl_cv_func_strtok_r_works" in + *no) + UNDEFINE_STRTOK_R=1 + ;; + esac + else + HAVE_STRTOK_R=0 + fi + + if test $ac_cv_have_decl_strtok_r = no; then + HAVE_DECL_STRTOK_R=0 + fi + + if test $HAVE_STRTOK_R = 0 || test $REPLACE_STRTOK_R = 1; then + + + + + + + + + gl_LIBOBJS="$gl_LIBOBJS strtok_r.$ac_objext" + + + : + + fi + + + + + + GNULIB_STRTOK_R=1 + + + + + +$as_echo "#define GNULIB_TEST_STRTOK_R 1" >>confdefs.h + + + + + + + + for ac_func in strverscmp +do : + ac_fn_c_check_func "$LINENO" "strverscmp" "ac_cv_func_strverscmp" +if test "x$ac_cv_func_strverscmp" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_STRVERSCMP 1 +_ACEOF + +fi +done + + if test $ac_cv_func_strverscmp = no; then + HAVE_STRVERSCMP=0 + fi + + if test $HAVE_STRVERSCMP = 0; then + + + + + + + + + gl_LIBOBJS="$gl_LIBOBJS strverscmp.$ac_objext" + + + : + + fi + + + + + + GNULIB_STRVERSCMP=1 + + + + + +$as_echo "#define GNULIB_TEST_STRVERSCMP 1" >>confdefs.h + + + + + + + + + + + + + + + + + + + + if test $gl_cv_have_include_next = yes; then + gl_cv_next_sys_stat_h='<'sys/stat.h'>' + else + { $as_echo "$as_me:${as_lineno-$LINENO}: checking absolute name of " >&5 +$as_echo_n "checking absolute name of ... " >&6; } +if ${gl_cv_next_sys_stat_h+:} false; then : + $as_echo_n "(cached) " >&6 +else + + if test $ac_cv_header_sys_stat_h = yes; then + + + + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +_ACEOF + case "$host_os" in + aix*) gl_absname_cpp="$ac_cpp -C" ;; + *) gl_absname_cpp="$ac_cpp" ;; + esac + + case "$host_os" in + mingw*) + gl_dirsep_regex='[/\\]' + ;; + *) + gl_dirsep_regex='\/' + ;; + esac + gl_make_literal_regex_sed='s,[]$^\\.*/[],\\&,g' + gl_header_literal_regex=`echo 'sys/stat.h' \ + | sed -e "$gl_make_literal_regex_sed"` + gl_absolute_header_sed="/${gl_dirsep_regex}${gl_header_literal_regex}/"'{ + s/.*"\(.*'"${gl_dirsep_regex}${gl_header_literal_regex}"'\)".*/\1/ + s|^/[^/]|//&| + p + q + }' + + gl_cv_absolute_sys_stat_h=`(eval "$gl_absname_cpp conftest.$ac_ext") 2>&5 | + sed -n "$gl_absolute_header_sed"` + + gl_header=$gl_cv_absolute_sys_stat_h + gl_cv_next_sys_stat_h='"'$gl_header'"' + else + gl_cv_next_sys_stat_h='<'sys/stat.h'>' + fi + + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_next_sys_stat_h" >&5 +$as_echo "$gl_cv_next_sys_stat_h" >&6; } + fi + NEXT_SYS_STAT_H=$gl_cv_next_sys_stat_h + + if test $gl_cv_have_include_next = yes || test $gl_cv_have_include_next = buggy; then + # INCLUDE_NEXT_AS_FIRST_DIRECTIVE='include_next' + gl_next_as_first_directive='<'sys/stat.h'>' + else + # INCLUDE_NEXT_AS_FIRST_DIRECTIVE='include' + gl_next_as_first_directive=$gl_cv_next_sys_stat_h + fi + NEXT_AS_FIRST_DIRECTIVE_SYS_STAT_H=$gl_next_as_first_directive + + + + + + + + + WINDOWS_STAT_TIMESPEC=0 + + + + + + + + + ac_fn_c_check_type "$LINENO" "nlink_t" "ac_cv_type_nlink_t" "#include + #include +" +if test "x$ac_cv_type_nlink_t" = xyes; then : + +else + +$as_echo "#define nlink_t int" >>confdefs.h + +fi + + + + + + + + + + + + + + + + + + + + + + + + + if test $gl_cv_have_include_next = yes; then + gl_cv_next_sys_uio_h='<'sys/uio.h'>' + else + { $as_echo "$as_me:${as_lineno-$LINENO}: checking absolute name of " >&5 +$as_echo_n "checking absolute name of ... " >&6; } +if ${gl_cv_next_sys_uio_h+:} false; then : + $as_echo_n "(cached) " >&6 +else + + if test $ac_cv_header_sys_uio_h = yes; then + + + + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +_ACEOF + case "$host_os" in + aix*) gl_absname_cpp="$ac_cpp -C" ;; + *) gl_absname_cpp="$ac_cpp" ;; + esac + + case "$host_os" in + mingw*) + gl_dirsep_regex='[/\\]' + ;; + *) + gl_dirsep_regex='\/' + ;; + esac + gl_make_literal_regex_sed='s,[]$^\\.*/[],\\&,g' + gl_header_literal_regex=`echo 'sys/uio.h' \ + | sed -e "$gl_make_literal_regex_sed"` + gl_absolute_header_sed="/${gl_dirsep_regex}${gl_header_literal_regex}/"'{ + s/.*"\(.*'"${gl_dirsep_regex}${gl_header_literal_regex}"'\)".*/\1/ + s|^/[^/]|//&| + p + q + }' + + gl_cv_absolute_sys_uio_h=`(eval "$gl_absname_cpp conftest.$ac_ext") 2>&5 | + sed -n "$gl_absolute_header_sed"` + + gl_header=$gl_cv_absolute_sys_uio_h + gl_cv_next_sys_uio_h='"'$gl_header'"' + else + gl_cv_next_sys_uio_h='<'sys/uio.h'>' + fi + + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_next_sys_uio_h" >&5 +$as_echo "$gl_cv_next_sys_uio_h" >&6; } + fi + NEXT_SYS_UIO_H=$gl_cv_next_sys_uio_h + + if test $gl_cv_have_include_next = yes || test $gl_cv_have_include_next = buggy; then + # INCLUDE_NEXT_AS_FIRST_DIRECTIVE='include_next' + gl_next_as_first_directive='<'sys/uio.h'>' + else + # INCLUDE_NEXT_AS_FIRST_DIRECTIVE='include' + gl_next_as_first_directive=$gl_cv_next_sys_uio_h + fi + NEXT_AS_FIRST_DIRECTIVE_SYS_UIO_H=$gl_next_as_first_directive + + + + + if test $ac_cv_header_sys_uio_h = yes; then + HAVE_SYS_UIO_H=1 + else + HAVE_SYS_UIO_H=0 + fi + + + + + + + + + + + + + ac_fn_c_check_decl "$LINENO" "localtime_r" "ac_cv_have_decl_localtime_r" "#include +" +if test "x$ac_cv_have_decl_localtime_r" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 +fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_LOCALTIME_R $ac_have_decl +_ACEOF + + if test $ac_cv_have_decl_localtime_r = no; then + HAVE_DECL_LOCALTIME_R=0 + fi + + + if test $ac_cv_func_localtime_r = yes; then + HAVE_LOCALTIME_R=1 + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether localtime_r is compatible with its POSIX signature" >&5 +$as_echo_n "checking whether localtime_r is compatible with its POSIX signature... " >&6; } +if ${gl_cv_time_r_posix+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +int +main () +{ +/* We don't need to append 'restrict's to the argument types, + even though the POSIX signature has the 'restrict's, + since C99 says they can't affect type compatibility. */ + struct tm * (*ptr) (time_t const *, struct tm *) = localtime_r; + if (ptr) return 0; + /* Check the return type is a pointer. + On HP-UX 10 it is 'int'. */ + *localtime_r (0, 0); + ; + return 0; +} + +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + gl_cv_time_r_posix=yes +else + gl_cv_time_r_posix=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_time_r_posix" >&5 +$as_echo "$gl_cv_time_r_posix" >&6; } + if test $gl_cv_time_r_posix = yes; then + REPLACE_LOCALTIME_R=0 + else + REPLACE_LOCALTIME_R=1 + fi + else + HAVE_LOCALTIME_R=0 + fi + + if test $HAVE_LOCALTIME_R = 0 || test $REPLACE_LOCALTIME_R = 1; then + + + + + + + + + gl_LIBOBJS="$gl_LIBOBJS time_r.$ac_objext" + + + : + + fi + + + + + + GNULIB_TIME_R=1 + + + + + +$as_echo "#define GNULIB_TEST_TIME_R 1" >>confdefs.h + + + + + + + + + + + + + + + + if test $gl_cv_have_include_next = yes; then + gl_cv_next_unistd_h='<'unistd.h'>' + else + { $as_echo "$as_me:${as_lineno-$LINENO}: checking absolute name of " >&5 +$as_echo_n "checking absolute name of ... " >&6; } +if ${gl_cv_next_unistd_h+:} false; then : + $as_echo_n "(cached) " >&6 +else + + if test $ac_cv_header_unistd_h = yes; then + + + + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +_ACEOF + case "$host_os" in + aix*) gl_absname_cpp="$ac_cpp -C" ;; + *) gl_absname_cpp="$ac_cpp" ;; + esac + + case "$host_os" in + mingw*) + gl_dirsep_regex='[/\\]' + ;; + *) + gl_dirsep_regex='\/' + ;; + esac + gl_make_literal_regex_sed='s,[]$^\\.*/[],\\&,g' + gl_header_literal_regex=`echo 'unistd.h' \ + | sed -e "$gl_make_literal_regex_sed"` + gl_absolute_header_sed="/${gl_dirsep_regex}${gl_header_literal_regex}/"'{ + s/.*"\(.*'"${gl_dirsep_regex}${gl_header_literal_regex}"'\)".*/\1/ + s|^/[^/]|//&| + p + q + }' + + gl_cv_absolute_unistd_h=`(eval "$gl_absname_cpp conftest.$ac_ext") 2>&5 | + sed -n "$gl_absolute_header_sed"` + + gl_header=$gl_cv_absolute_unistd_h + gl_cv_next_unistd_h='"'$gl_header'"' + else + gl_cv_next_unistd_h='<'unistd.h'>' + fi + + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_next_unistd_h" >&5 +$as_echo "$gl_cv_next_unistd_h" >&6; } + fi + NEXT_UNISTD_H=$gl_cv_next_unistd_h + + if test $gl_cv_have_include_next = yes || test $gl_cv_have_include_next = buggy; then + # INCLUDE_NEXT_AS_FIRST_DIRECTIVE='include_next' + gl_next_as_first_directive='<'unistd.h'>' + else + # INCLUDE_NEXT_AS_FIRST_DIRECTIVE='include' + gl_next_as_first_directive=$gl_cv_next_unistd_h + fi + NEXT_AS_FIRST_DIRECTIVE_UNISTD_H=$gl_next_as_first_directive + + + + + if test $ac_cv_header_unistd_h = yes; then + HAVE_UNISTD_H=1 + else + HAVE_UNISTD_H=0 + fi + + + + + + + + + + + + # Check whether --enable-valgrind-tests was given. +if test "${enable_valgrind_tests+set}" = set; then : + enableval=$enable_valgrind_tests; opt_valgrind_tests=$enableval +else + opt_valgrind_tests=no +fi + + + # Run self-tests under valgrind? + if test "$opt_valgrind_tests" = "yes" && test "$cross_compiling" = no; then + for ac_prog in valgrind +do + # Extract the first word of "$ac_prog", so it can be a program name with args. +set dummy $ac_prog; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_VALGRIND+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$VALGRIND"; then + ac_cv_prog_VALGRIND="$VALGRIND" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_VALGRIND="$ac_prog" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +VALGRIND=$ac_cv_prog_VALGRIND +if test -n "$VALGRIND"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $VALGRIND" >&5 +$as_echo "$VALGRIND" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + + test -n "$VALGRIND" && break +done + + + if test "$VALGRIND"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for valgrind options for tests" >&5 +$as_echo_n "checking for valgrind options for tests... " >&6; } +if ${gl_cv_opt_valgrind_tests+:} false; then : + $as_echo_n "(cached) " >&6 +else + gl_cv_opt_valgrind_tests="-q --error-exitcode=1 --leak-check=full --suppressions=\$(srcdir)/suppressions.valgrind" + $VALGRIND $gl_valgrind_opts ls > /dev/null 2>&1 || + gl_cv_opt_valgrind_tests=no +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_opt_valgrind_tests" >&5 +$as_echo "$gl_cv_opt_valgrind_tests" >&6; } + + if test "$gl_cv_opt_valgrind_tests" != no; then + VALGRIND="$VALGRIND $gl_cv_opt_valgrind_tests" + else + VALGRIND= + fi + fi + fi + + + + if test $ac_cv_func_vasnprintf = no; then + + + + + + + + + + + gl_LIBOBJS="$gl_LIBOBJS vasnprintf.$ac_objext" + + + + + + + + + + gl_LIBOBJS="$gl_LIBOBJS printf-args.$ac_objext" + + + + + + + + + + gl_LIBOBJS="$gl_LIBOBJS printf-parse.$ac_objext" + + + + + + + + + + gl_LIBOBJS="$gl_LIBOBJS asnprintf.$ac_objext" + + if test $ac_cv_func_vasnprintf = yes; then + +$as_echo "#define REPLACE_VASNPRINTF 1" >>confdefs.h + + fi + + + + + + + + + + + + ac_fn_c_check_type "$LINENO" "ptrdiff_t" "ac_cv_type_ptrdiff_t" "$ac_includes_default" +if test "x$ac_cv_type_ptrdiff_t" = xyes; then : + +else + +$as_echo "#define ptrdiff_t long" >>confdefs.h + + +fi + + + + + + + + fi + + + for ac_func in vasprintf +do : + ac_fn_c_check_func "$LINENO" "vasprintf" "ac_cv_func_vasprintf" +if test "x$ac_cv_func_vasprintf" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_VASPRINTF 1 +_ACEOF + +fi +done + + if test $ac_cv_func_vasprintf = no; then + + + + + + + + + + gl_LIBOBJS="$gl_LIBOBJS vasprintf.$ac_objext" + + + + + + + + + + gl_LIBOBJS="$gl_LIBOBJS asprintf.$ac_objext" + + + if test $ac_cv_func_vasprintf = yes; then + REPLACE_VASPRINTF=1 + else + HAVE_VASPRINTF=0 + fi + + + + + + + + + fi + + + + + + + GNULIB_VASPRINTF=1 + + + + + +$as_echo "#define GNULIB_TEST_VASPRINTF 1" >>confdefs.h + + + + + + XGETTEXT_EXTRA_OPTIONS="$XGETTEXT_EXTRA_OPTIONS --flag=asprintf:2:c-format" + + + + XGETTEXT_EXTRA_OPTIONS="$XGETTEXT_EXTRA_OPTIONS --flag=vasprintf:2:c-format" + + + + gl_cv_func_vsnprintf_usable=no + for ac_func in vsnprintf +do : + ac_fn_c_check_func "$LINENO" "vsnprintf" "ac_cv_func_vsnprintf" +if test "x$ac_cv_func_vsnprintf" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_VSNPRINTF 1 +_ACEOF + +fi +done + + if test $ac_cv_func_vsnprintf = yes; then + + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether snprintf respects a size of 1" >&5 +$as_echo_n "checking whether snprintf respects a size of 1... " >&6; } +if ${gl_cv_func_snprintf_size1+:} false; then : + $as_echo_n "(cached) " >&6 +else + + if test "$cross_compiling" = yes; then : + case "$host_os" in + # Guess yes on Android. + linux*-android*) gl_cv_func_snprintf_size1="guessing yes" ;; + # Guess yes on native Windows. + mingw*) gl_cv_func_snprintf_size1="guessing yes" ;; + *) gl_cv_func_snprintf_size1="guessing yes" ;; + esac + +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#if HAVE_SNPRINTF +# define my_snprintf snprintf +#else +# include +static int my_snprintf (char *buf, int size, const char *format, ...) +{ + va_list args; + int ret; + va_start (args, format); + ret = vsnprintf (buf, size, format, args); + va_end (args); + return ret; +} +#endif +int main() +{ + static char buf[8] = { 'D', 'E', 'A', 'D', 'B', 'E', 'E', 'F' }; + my_snprintf (buf, 1, "%d", 12345); + return buf[1] != 'E'; +} +_ACEOF +if ac_fn_c_try_run "$LINENO"; then : + gl_cv_func_snprintf_size1=yes +else + gl_cv_func_snprintf_size1=no +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_func_snprintf_size1" >&5 +$as_echo "$gl_cv_func_snprintf_size1" >&6; } + + case "$gl_cv_func_snprintf_size1" in + *yes) + + case "$gl_cv_func_snprintf_retval_c99" in + *yes) + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether printf supports POSIX/XSI format strings with positions" >&5 +$as_echo_n "checking whether printf supports POSIX/XSI format strings with positions... " >&6; } +if ${gl_cv_func_printf_positions+:} false; then : + $as_echo_n "(cached) " >&6 +else + + if test "$cross_compiling" = yes; then : + + case "$host_os" in + netbsd[1-3]* | netbsdelf[1-3]* | netbsdaout[1-3]* | netbsdcoff[1-3]*) + gl_cv_func_printf_positions="guessing no";; + beos*) gl_cv_func_printf_positions="guessing no";; + # Guess yes on Android. + linux*-android*) gl_cv_func_printf_positions="guessing yes";; + # Guess no on native Windows. + mingw* | pw*) gl_cv_func_printf_positions="guessing no";; + *) gl_cv_func_printf_positions="guessing yes";; + esac + +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include +/* The string "%2$d %1$d", with dollar characters protected from the shell's + dollar expansion (possibly an autoconf bug). */ +static char format[] = { '%', '2', '$', 'd', ' ', '%', '1', '$', 'd', '\0' }; +static char buf[100]; +int main () +{ + sprintf (buf, format, 33, 55); + return (strcmp (buf, "55 33") != 0); +} +_ACEOF +if ac_fn_c_try_run "$LINENO"; then : + gl_cv_func_printf_positions=yes +else + gl_cv_func_printf_positions=no +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_func_printf_positions" >&5 +$as_echo "$gl_cv_func_printf_positions" >&6; } + + case "$gl_cv_func_printf_positions" in + *yes) + gl_cv_func_vsnprintf_usable=yes + ;; + esac + ;; + esac + ;; + esac + fi + if test $gl_cv_func_vsnprintf_usable = no; then + + + + + + + + + + + gl_LIBOBJS="$gl_LIBOBJS vsnprintf.$ac_objext" + + if test $ac_cv_func_vsnprintf = yes; then + REPLACE_VSNPRINTF=1 + else + + if test $ac_cv_have_decl_vsnprintf = yes; then + REPLACE_VSNPRINTF=1 + fi + fi + : + + fi + + if test $ac_cv_have_decl_vsnprintf = no; then + HAVE_DECL_VSNPRINTF=0 + fi + + + + + + + GNULIB_VSNPRINTF=1 + + + + + +$as_echo "#define GNULIB_TEST_VSNPRINTF 1" >>confdefs.h + + + + + + + + + + + + + + + + if test $gl_cv_have_include_next = yes; then + gl_cv_next_wchar_h='<'wchar.h'>' + else + { $as_echo "$as_me:${as_lineno-$LINENO}: checking absolute name of " >&5 +$as_echo_n "checking absolute name of ... " >&6; } +if ${gl_cv_next_wchar_h+:} false; then : + $as_echo_n "(cached) " >&6 +else + + if test $ac_cv_header_wchar_h = yes; then + + + + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +_ACEOF + case "$host_os" in + aix*) gl_absname_cpp="$ac_cpp -C" ;; + *) gl_absname_cpp="$ac_cpp" ;; + esac + + case "$host_os" in + mingw*) + gl_dirsep_regex='[/\\]' + ;; + *) + gl_dirsep_regex='\/' + ;; + esac + gl_make_literal_regex_sed='s,[]$^\\.*/[],\\&,g' + gl_header_literal_regex=`echo 'wchar.h' \ + | sed -e "$gl_make_literal_regex_sed"` + gl_absolute_header_sed="/${gl_dirsep_regex}${gl_header_literal_regex}/"'{ + s/.*"\(.*'"${gl_dirsep_regex}${gl_header_literal_regex}"'\)".*/\1/ + s|^/[^/]|//&| + p + q + }' + + gl_cv_absolute_wchar_h=`(eval "$gl_absname_cpp conftest.$ac_ext") 2>&5 | + sed -n "$gl_absolute_header_sed"` + + gl_header=$gl_cv_absolute_wchar_h + gl_cv_next_wchar_h='"'$gl_header'"' + else + gl_cv_next_wchar_h='<'wchar.h'>' + fi + + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_next_wchar_h" >&5 +$as_echo "$gl_cv_next_wchar_h" >&6; } + fi + NEXT_WCHAR_H=$gl_cv_next_wchar_h + + if test $gl_cv_have_include_next = yes || test $gl_cv_have_include_next = buggy; then + # INCLUDE_NEXT_AS_FIRST_DIRECTIVE='include_next' + gl_next_as_first_directive='<'wchar.h'>' + else + # INCLUDE_NEXT_AS_FIRST_DIRECTIVE='include' + gl_next_as_first_directive=$gl_cv_next_wchar_h + fi + NEXT_AS_FIRST_DIRECTIVE_WCHAR_H=$gl_next_as_first_directive + + + + + if test $ac_cv_header_wchar_h = yes; then + HAVE_WCHAR_H=1 + else + HAVE_WCHAR_H=0 + fi + + + + + + if test $gt_cv_c_wint_t = yes; then + HAVE_WINT_T=1 + else + HAVE_WINT_T=0 + fi + + + + + + + + + + + for ac_header in stdint.h +do : + ac_fn_c_check_header_mongrel "$LINENO" "stdint.h" "ac_cv_header_stdint_h" "$ac_includes_default" +if test "x$ac_cv_header_stdint_h" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_STDINT_H 1 +_ACEOF + +fi + +done + + + # End of code from modules + + + + + + + + + + gltests_libdeps= + gltests_ltlibdeps= + + + + + + + + + + gl_source_base='gl/tests' + gltests_WITNESS=IN_`echo "${PACKAGE-$PACKAGE_TARNAME}" | LC_ALL=C tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ | LC_ALL=C sed -e 's/[^A-Z0-9_]/_/g'`_GNULIB_TESTS + + gl_module_indicator_condition=$gltests_WITNESS + + + if test "$ac_cv_header_winsock2_h" = yes; then + + + + + + + + + gltests_LIBOBJS="$gltests_LIBOBJS accept.$ac_objext" + + fi + + + + + + if test "$GNULIB_ACCEPT" != 1; then + if test "$GNULIB_ACCEPT" = 0; then + GNULIB_ACCEPT=$gl_module_indicator_condition + else + GNULIB_ACCEPT="($GNULIB_ACCEPT || $gl_module_indicator_condition)" + fi + fi + + + + + +$as_echo "#define GNULIB_TEST_ACCEPT 1" >>confdefs.h + + + + + if test "$ac_cv_header_winsock2_h" = yes; then + + + + + + + + + gltests_LIBOBJS="$gltests_LIBOBJS bind.$ac_objext" + + fi + + + + + + if test "$GNULIB_BIND" != 1; then + if test "$GNULIB_BIND" = 0; then + GNULIB_BIND=$gl_module_indicator_condition + else + GNULIB_BIND="($GNULIB_BIND || $gl_module_indicator_condition)" + fi + fi + + + + + +$as_echo "#define GNULIB_TEST_BIND 1" >>confdefs.h + + + + + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for a traditional french locale" >&5 +$as_echo_n "checking for a traditional french locale... " >&6; } +if ${gt_cv_locale_fr+:} false; then : + $as_echo_n "(cached) " >&6 +else + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include +#if HAVE_LANGINFO_CODESET +# include +#endif +#include +#include +struct tm t; +char buf[16]; +int main () { + /* On BeOS and Haiku, locales are not implemented in libc. Rather, libintl + imitates locale dependent behaviour by looking at the environment + variables, and all locales use the UTF-8 encoding. */ +#if defined __BEOS__ || defined __HAIKU__ + return 1; +#else + /* Check whether the given locale name is recognized by the system. */ +# if defined _WIN32 && !defined __CYGWIN__ + /* On native Windows, setlocale(category, "") looks at the system settings, + not at the environment variables. Also, when an encoding suffix such + as ".65001" or ".54936" is specified, it succeeds but sets the LC_CTYPE + category of the locale to "C". */ + if (setlocale (LC_ALL, getenv ("LC_ALL")) == NULL + || strcmp (setlocale (LC_CTYPE, NULL), "C") == 0) + return 1; +# else + if (setlocale (LC_ALL, "") == NULL) return 1; +# endif + /* Check whether nl_langinfo(CODESET) is nonempty and not "ASCII" or "646". + On Mac OS X 10.3.5 (Darwin 7.5) in the fr_FR locale, nl_langinfo(CODESET) + is empty, and the behaviour of Tcl 8.4 in this locale is not useful. + On OpenBSD 4.0, when an unsupported locale is specified, setlocale() + succeeds but then nl_langinfo(CODESET) is "646". In this situation, + some unit tests fail. + On MirBSD 10, when an unsupported locale is specified, setlocale() + succeeds but then nl_langinfo(CODESET) is "UTF-8". */ +# if HAVE_LANGINFO_CODESET + { + const char *cs = nl_langinfo (CODESET); + if (cs[0] == '\0' || strcmp (cs, "ASCII") == 0 || strcmp (cs, "646") == 0 + || strcmp (cs, "UTF-8") == 0) + return 1; + } +# endif +# ifdef __CYGWIN__ + /* On Cygwin, avoid locale names without encoding suffix, because the + locale_charset() function relies on the encoding suffix. Note that + LC_ALL is set on the command line. */ + if (strchr (getenv ("LC_ALL"), '.') == NULL) return 1; +# endif + /* Check whether in the abbreviation of the second month, the second + character (should be U+00E9: LATIN SMALL LETTER E WITH ACUTE) is only + one byte long. This excludes the UTF-8 encoding. */ + t.tm_year = 1975 - 1900; t.tm_mon = 2 - 1; t.tm_mday = 4; + if (strftime (buf, sizeof (buf), "%b", &t) < 3 || buf[2] != 'v') return 1; +# if !defined __BIONIC__ /* Bionic libc's 'struct lconv' is just a dummy. */ + /* Check whether the decimal separator is a comma. + On NetBSD 3.0 in the fr_FR.ISO8859-1 locale, localeconv()->decimal_point + are nl_langinfo(RADIXCHAR) are both ".". */ + if (localeconv () ->decimal_point[0] != ',') return 1; +# endif + return 0; +#endif +} + +_ACEOF + if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_link\""; } >&5 + (eval $ac_link) 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } && test -s conftest$ac_exeext; then + case "$host_os" in + # Handle native Windows specially, because there setlocale() interprets + # "ar" as "Arabic" or "Arabic_Saudi Arabia.1256", + # "fr" or "fra" as "French" or "French_France.1252", + # "ge"(!) or "deu"(!) as "German" or "German_Germany.1252", + # "ja" as "Japanese" or "Japanese_Japan.932", + # and similar. + mingw*) + # Test for the native Windows locale name. + if (LC_ALL=French_France.1252 LC_TIME= LC_CTYPE= ./conftest; exit) 2>/dev/null; then + gt_cv_locale_fr=French_France.1252 + else + # None found. + gt_cv_locale_fr=none + fi + ;; + *) + # Setting LC_ALL is not enough. Need to set LC_TIME to empty, because + # otherwise on Mac OS X 10.3.5 the LC_TIME=C from the beginning of the + # configure script would override the LC_ALL setting. Likewise for + # LC_CTYPE, which is also set at the beginning of the configure script. + # Test for the usual locale name. + if (LC_ALL=fr_FR LC_TIME= LC_CTYPE= ./conftest; exit) 2>/dev/null; then + gt_cv_locale_fr=fr_FR + else + # Test for the locale name with explicit encoding suffix. + if (LC_ALL=fr_FR.ISO-8859-1 LC_TIME= LC_CTYPE= ./conftest; exit) 2>/dev/null; then + gt_cv_locale_fr=fr_FR.ISO-8859-1 + else + # Test for the AIX, OSF/1, FreeBSD, NetBSD, OpenBSD locale name. + if (LC_ALL=fr_FR.ISO8859-1 LC_TIME= LC_CTYPE= ./conftest; exit) 2>/dev/null; then + gt_cv_locale_fr=fr_FR.ISO8859-1 + else + # Test for the HP-UX locale name. + if (LC_ALL=fr_FR.iso88591 LC_TIME= LC_CTYPE= ./conftest; exit) 2>/dev/null; then + gt_cv_locale_fr=fr_FR.iso88591 + else + # Test for the Solaris 7 locale name. + if (LC_ALL=fr LC_TIME= LC_CTYPE= ./conftest; exit) 2>/dev/null; then + gt_cv_locale_fr=fr + else + # None found. + gt_cv_locale_fr=none + fi + fi + fi + fi + fi + ;; + esac + fi + rm -fr conftest* + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gt_cv_locale_fr" >&5 +$as_echo "$gt_cv_locale_fr" >&6; } + LOCALE_FR=$gt_cv_locale_fr + + + + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for a turkish Unicode locale" >&5 +$as_echo_n "checking for a turkish Unicode locale... " >&6; } +if ${gt_cv_locale_tr_utf8+:} false; then : + $as_echo_n "(cached) " >&6 +else + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include +#if HAVE_LANGINFO_CODESET +# include +#endif +#include +#include +struct tm t; +char buf[16]; +int main () { + /* On BeOS, locales are not implemented in libc. Rather, libintl + imitates locale dependent behaviour by looking at the environment + variables, and all locales use the UTF-8 encoding. But BeOS does not + implement the Turkish upper-/lowercase mappings. Therefore, let this + program return 1 on BeOS. */ + /* Check whether the given locale name is recognized by the system. */ +#if defined _WIN32 && !defined __CYGWIN__ + /* On native Windows, setlocale(category, "") looks at the system settings, + not at the environment variables. Also, when an encoding suffix such + as ".65001" or ".54936" is specified, it succeeds but sets the LC_CTYPE + category of the locale to "C". */ + if (setlocale (LC_ALL, getenv ("LC_ALL")) == NULL + || strcmp (setlocale (LC_CTYPE, NULL), "C") == 0) + return 1; +#else + if (setlocale (LC_ALL, "") == NULL) return 1; +#endif + /* Check whether nl_langinfo(CODESET) is nonempty and not "ASCII" or "646". + On Mac OS X 10.3.5 (Darwin 7.5) in the tr_TR locale, nl_langinfo(CODESET) + is empty, and the behaviour of Tcl 8.4 in this locale is not useful. + On OpenBSD 4.0, when an unsupported locale is specified, setlocale() + succeeds but then nl_langinfo(CODESET) is "646". In this situation, + some unit tests fail. */ +#if HAVE_LANGINFO_CODESET + { + const char *cs = nl_langinfo (CODESET); + if (cs[0] == '\0' || strcmp (cs, "ASCII") == 0 || strcmp (cs, "646") == 0) + return 1; + } +#endif +#ifdef __CYGWIN__ + /* On Cygwin, avoid locale names without encoding suffix, because the + locale_charset() function relies on the encoding suffix. Note that + LC_ALL is set on the command line. */ + if (strchr (getenv ("LC_ALL"), '.') == NULL) return 1; +#endif + /* Check whether in the abbreviation of the eighth month, the second + character (should be U+011F: LATIN SMALL LETTER G WITH BREVE) is + two bytes long, with UTF-8 encoding. */ + t.tm_year = 1992 - 1900; t.tm_mon = 8 - 1; t.tm_mday = 19; + if (strftime (buf, sizeof (buf), "%b", &t) < 4 + || buf[1] != (char) 0xc4 || buf[2] != (char) 0x9f) + return 1; + /* Check whether the upper-/lowercase mappings are as expected for + Turkish. */ + if (towupper ('i') != 0x0130 || towlower (0x0130) != 'i' + || towupper(0x0131) != 'I' || towlower ('I') != 0x0131) + return 1; + return 0; +} + +_ACEOF + if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_link\""; } >&5 + (eval $ac_link) 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } && test -s conftest$ac_exeext; then + case "$host_os" in + # Handle native Windows specially, because there setlocale() interprets + # "ar" as "Arabic" or "Arabic_Saudi Arabia.1256", + # "fr" or "fra" as "French" or "French_France.1252", + # "ge"(!) or "deu"(!) as "German" or "German_Germany.1252", + # "ja" as "Japanese" or "Japanese_Japan.932", + # and similar. + mingw*) + # Test for the hypothetical native Windows locale name. + if (LC_ALL=Turkish_Turkey.65001 LC_TIME= LC_CTYPE= ./conftest; exit) 2>/dev/null; then + gt_cv_locale_tr_utf8=Turkish_Turkey.65001 + else + # None found. + gt_cv_locale_tr_utf8=none + fi + ;; + *) + # Setting LC_ALL is not enough. Need to set LC_TIME to empty, because + # otherwise on Mac OS X 10.3.5 the LC_TIME=C from the beginning of the + # configure script would override the LC_ALL setting. Likewise for + # LC_CTYPE, which is also set at the beginning of the configure script. + # Test for the usual locale name. + if (LC_ALL=tr_TR LC_TIME= LC_CTYPE= ./conftest; exit) 2>/dev/null; then + gt_cv_locale_tr_utf8=tr_TR + else + # Test for the locale name with explicit encoding suffix. + if (LC_ALL=tr_TR.UTF-8 LC_TIME= LC_CTYPE= ./conftest; exit) 2>/dev/null; then + gt_cv_locale_tr_utf8=tr_TR.UTF-8 + else + # Test for the Solaris 7 locale name. + if (LC_ALL=tr.UTF-8 LC_TIME= LC_CTYPE= ./conftest; exit) 2>/dev/null; then + gt_cv_locale_tr_utf8=tr.UTF-8 + else + # None found. + gt_cv_locale_tr_utf8=none + fi + fi + fi + ;; + esac + else + gt_cv_locale_tr_utf8=none + fi + rm -fr conftest* + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gt_cv_locale_tr_utf8" >&5 +$as_echo "$gt_cv_locale_tr_utf8" >&6; } + LOCALE_TR_UTF8=$gt_cv_locale_tr_utf8 + + + + +$as_echo "#define GNULIB_TEST_CLOEXEC 1" >>confdefs.h + + + + + + + if test $HAVE_MSVC_INVALID_PARAMETER_HANDLER = 1; then + REPLACE_CLOSE=1 + fi + + + + + + + if test $ac_cv_header_sys_socket_h != yes; then + for ac_header in winsock2.h +do : + ac_fn_c_check_header_mongrel "$LINENO" "winsock2.h" "ac_cv_header_winsock2_h" "$ac_includes_default" +if test "x$ac_cv_header_winsock2_h" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_WINSOCK2_H 1 +_ACEOF + +fi + +done + + fi + if test "$ac_cv_header_winsock2_h" = yes; then + HAVE_WINSOCK2_H=1 + UNISTD_H_HAVE_WINSOCK2_H=1 + SYS_IOCTL_H_HAVE_WINSOCK2_H=1 + else + HAVE_WINSOCK2_H=0 + fi + + + if test $UNISTD_H_HAVE_WINSOCK2_H = 1; then + REPLACE_CLOSE=1 + fi + + + + if test $REPLACE_CLOSE = 1; then + + + + + + + + + gltests_LIBOBJS="$gltests_LIBOBJS close.$ac_objext" + + fi + + + + + + if test "$GNULIB_CLOSE" != 1; then + if test "$GNULIB_CLOSE" = 0; then + GNULIB_CLOSE=$gl_module_indicator_condition + else + GNULIB_CLOSE="($GNULIB_CLOSE || $gl_module_indicator_condition)" + fi + fi + + + + + +$as_echo "#define GNULIB_TEST_CLOSE 1" >>confdefs.h + + + + + if test "$ac_cv_header_winsock2_h" = yes; then + + + + + + + + + gltests_LIBOBJS="$gltests_LIBOBJS connect.$ac_objext" + + fi + + + + + + if test "$GNULIB_CONNECT" != 1; then + if test "$GNULIB_CONNECT" = 0; then + GNULIB_CONNECT=$gl_module_indicator_condition + else + GNULIB_CONNECT="($GNULIB_CONNECT || $gl_module_indicator_condition)" + fi + fi + + + + + +$as_echo "#define GNULIB_TEST_CONNECT 1" >>confdefs.h + + + + + + + + + + + + + + + if test $gl_cv_have_include_next = yes; then + gl_cv_next_ctype_h='<'ctype.h'>' + else + { $as_echo "$as_me:${as_lineno-$LINENO}: checking absolute name of " >&5 +$as_echo_n "checking absolute name of ... " >&6; } +if ${gl_cv_next_ctype_h+:} false; then : + $as_echo_n "(cached) " >&6 +else + + + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +_ACEOF + case "$host_os" in + aix*) gl_absname_cpp="$ac_cpp -C" ;; + *) gl_absname_cpp="$ac_cpp" ;; + esac + + case "$host_os" in + mingw*) + gl_dirsep_regex='[/\\]' + ;; + *) + gl_dirsep_regex='\/' + ;; + esac + gl_make_literal_regex_sed='s,[]$^\\.*/[],\\&,g' + gl_header_literal_regex=`echo 'ctype.h' \ + | sed -e "$gl_make_literal_regex_sed"` + gl_absolute_header_sed="/${gl_dirsep_regex}${gl_header_literal_regex}/"'{ + s/.*"\(.*'"${gl_dirsep_regex}${gl_header_literal_regex}"'\)".*/\1/ + s|^/[^/]|//&| + p + q + }' + + gl_cv_absolute_ctype_h=`(eval "$gl_absname_cpp conftest.$ac_ext") 2>&5 | + sed -n "$gl_absolute_header_sed"` + + gl_header=$gl_cv_absolute_ctype_h + gl_cv_next_ctype_h='"'$gl_header'"' + + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_next_ctype_h" >&5 +$as_echo "$gl_cv_next_ctype_h" >&6; } + fi + NEXT_CTYPE_H=$gl_cv_next_ctype_h + + if test $gl_cv_have_include_next = yes || test $gl_cv_have_include_next = buggy; then + # INCLUDE_NEXT_AS_FIRST_DIRECTIVE='include_next' + gl_next_as_first_directive='<'ctype.h'>' + else + # INCLUDE_NEXT_AS_FIRST_DIRECTIVE='include' + gl_next_as_first_directive=$gl_cv_next_ctype_h + fi + NEXT_AS_FIRST_DIRECTIVE_CTYPE_H=$gl_next_as_first_directive + + + + + + + + + + + + + + +$as_echo "#define HAVE_DUP2 1" >>confdefs.h + + + if test $HAVE_DUP2 = 1; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether dup2 works" >&5 +$as_echo_n "checking whether dup2 works... " >&6; } +if ${gl_cv_func_dup2_works+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test "$cross_compiling" = yes; then : + case "$host_os" in + mingw*) # on this platform, dup2 always returns 0 for success + gl_cv_func_dup2_works="guessing no" ;; + cygwin*) # on cygwin 1.5.x, dup2(1,1) returns 0 + gl_cv_func_dup2_works="guessing no" ;; + aix* | freebsd*) + # on AIX 7.1 and FreeBSD 6.1, dup2 (1,toobig) gives EMFILE, + # not EBADF. + gl_cv_func_dup2_works="guessing no" ;; + haiku*) # on Haiku alpha 2, dup2(1, 1) resets FD_CLOEXEC. + gl_cv_func_dup2_works="guessing no" ;; + *-android*) # implemented using dup3(), which fails if oldfd == newfd + gl_cv_func_dup2_works="guessing no" ;; + os2*) # on OS/2 kLIBC, dup2() does not work on a directory fd. + gl_cv_func_dup2_works="guessing no" ;; + *) gl_cv_func_dup2_works="guessing yes" ;; + esac +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + #include + #include + #include + #include + #include + #ifndef RLIM_SAVED_CUR + # define RLIM_SAVED_CUR RLIM_INFINITY + #endif + #ifndef RLIM_SAVED_MAX + # define RLIM_SAVED_MAX RLIM_INFINITY + #endif + +int +main () +{ +int result = 0; + int bad_fd = INT_MAX; + struct rlimit rlim; + if (getrlimit (RLIMIT_NOFILE, &rlim) == 0 + && 0 <= rlim.rlim_cur && rlim.rlim_cur <= INT_MAX + && rlim.rlim_cur != RLIM_INFINITY + && rlim.rlim_cur != RLIM_SAVED_MAX + && rlim.rlim_cur != RLIM_SAVED_CUR) + bad_fd = rlim.rlim_cur; + #ifdef FD_CLOEXEC + if (fcntl (1, F_SETFD, FD_CLOEXEC) == -1) + result |= 1; + #endif + if (dup2 (1, 1) != 1) + result |= 2; + #ifdef FD_CLOEXEC + if (fcntl (1, F_GETFD) != FD_CLOEXEC) + result |= 4; + #endif + close (0); + if (dup2 (0, 0) != -1) + result |= 8; + /* Many gnulib modules require POSIX conformance of EBADF. */ + if (dup2 (2, bad_fd) == -1 && errno != EBADF) + result |= 16; + /* Flush out some cygwin core dumps. */ + if (dup2 (2, -1) != -1 || errno != EBADF) + result |= 32; + dup2 (2, 255); + dup2 (2, 256); + /* On OS/2 kLIBC, dup2() does not work on a directory fd. */ + { + int fd = open (".", O_RDONLY); + if (fd == -1) + result |= 64; + else if (dup2 (fd, fd + 1) == -1) + result |= 128; + + close (fd); + } + return result; + ; + return 0; +} + +_ACEOF +if ac_fn_c_try_run "$LINENO"; then : + gl_cv_func_dup2_works=yes +else + gl_cv_func_dup2_works=no +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_func_dup2_works" >&5 +$as_echo "$gl_cv_func_dup2_works" >&6; } + case "$gl_cv_func_dup2_works" in + *yes) ;; + *) + REPLACE_DUP2=1 + for ac_func in setdtablesize +do : + ac_fn_c_check_func "$LINENO" "setdtablesize" "ac_cv_func_setdtablesize" +if test "x$ac_cv_func_setdtablesize" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_SETDTABLESIZE 1 +_ACEOF + +fi +done + + ;; + esac + fi + + + if test $HAVE_DUP2 = 0 || test $REPLACE_DUP2 = 1; then + + + + + + + + + gltests_LIBOBJS="$gltests_LIBOBJS dup2.$ac_objext" + + + fi + + + + + + if test "$GNULIB_DUP2" != 1; then + if test "$GNULIB_DUP2" = 0; then + GNULIB_DUP2=$gl_module_indicator_condition + else + GNULIB_DUP2="($GNULIB_DUP2 || $gl_module_indicator_condition)" + fi + fi + + + + + +$as_echo "#define GNULIB_TEST_DUP2 1" >>confdefs.h + + + + + + + + + + if test "$GNULIB_ENVIRON" != 1; then + if test "$GNULIB_ENVIRON" = 0; then + GNULIB_ENVIRON=$gl_module_indicator_condition + else + GNULIB_ENVIRON="($GNULIB_ENVIRON || $gl_module_indicator_condition)" + fi + fi + + + + + +$as_echo "#define GNULIB_TEST_ENVIRON 1" >>confdefs.h + + + + + + + + + if test $ac_cv_func_fcntl = no; then + + + + if test $ac_cv_func_fcntl = no; then + HAVE_FCNTL=0 + else + REPLACE_FCNTL=1 + fi + + else + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether fcntl handles F_DUPFD correctly" >&5 +$as_echo_n "checking whether fcntl handles F_DUPFD correctly... " >&6; } +if ${gl_cv_func_fcntl_f_dupfd_works+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test "$cross_compiling" = yes; then : + case $host_os in + aix* | cygwin* | haiku*) + gl_cv_func_fcntl_f_dupfd_works="guessing no" ;; + *) gl_cv_func_fcntl_f_dupfd_works="guessing yes" ;; + esac +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + #include + #include + #include + #include + #ifndef RLIM_SAVED_CUR + # define RLIM_SAVED_CUR RLIM_INFINITY + #endif + #ifndef RLIM_SAVED_MAX + # define RLIM_SAVED_MAX RLIM_INFINITY + #endif + +int +main () +{ +int result = 0; + int bad_fd = INT_MAX; + struct rlimit rlim; + if (getrlimit (RLIMIT_NOFILE, &rlim) == 0 + && 0 <= rlim.rlim_cur && rlim.rlim_cur <= INT_MAX + && rlim.rlim_cur != RLIM_INFINITY + && rlim.rlim_cur != RLIM_SAVED_MAX + && rlim.rlim_cur != RLIM_SAVED_CUR) + bad_fd = rlim.rlim_cur; + if (fcntl (0, F_DUPFD, -1) != -1) result |= 1; + if (errno != EINVAL) result |= 2; + if (fcntl (0, F_DUPFD, bad_fd) != -1) result |= 4; + if (errno != EINVAL) result |= 8; + /* On OS/2 kLIBC, F_DUPFD does not work on a directory fd */ + { + int fd; + fd = open (".", O_RDONLY); + if (fd == -1) + result |= 16; + else if (fcntl (fd, F_DUPFD, STDERR_FILENO + 1) == -1) + result |= 32; + + close (fd); + } + return result; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_run "$LINENO"; then : + gl_cv_func_fcntl_f_dupfd_works=yes +else + gl_cv_func_fcntl_f_dupfd_works=no +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_func_fcntl_f_dupfd_works" >&5 +$as_echo "$gl_cv_func_fcntl_f_dupfd_works" >&6; } + case $gl_cv_func_fcntl_f_dupfd_works in + *yes) ;; + *) + + + if test $ac_cv_func_fcntl = no; then + HAVE_FCNTL=0 + else + REPLACE_FCNTL=1 + fi + + +$as_echo "#define FCNTL_DUPFD_BUGGY 1" >>confdefs.h + ;; + esac + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether fcntl understands F_DUPFD_CLOEXEC" >&5 +$as_echo_n "checking whether fcntl understands F_DUPFD_CLOEXEC... " >&6; } +if ${gl_cv_func_fcntl_f_dupfd_cloexec+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#ifndef F_DUPFD_CLOEXEC +choke me +#endif + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#ifdef __linux__ +/* The Linux kernel only added F_DUPFD_CLOEXEC in 2.6.24, so we always replace + it to support the semantics on older kernels that failed with EINVAL. */ +choke me +#endif + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + gl_cv_func_fcntl_f_dupfd_cloexec=yes +else + gl_cv_func_fcntl_f_dupfd_cloexec="needs runtime check" +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +else + gl_cv_func_fcntl_f_dupfd_cloexec=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_func_fcntl_f_dupfd_cloexec" >&5 +$as_echo "$gl_cv_func_fcntl_f_dupfd_cloexec" >&6; } + if test "$gl_cv_func_fcntl_f_dupfd_cloexec" != yes; then + + + + if test $ac_cv_func_fcntl = no; then + HAVE_FCNTL=0 + else + REPLACE_FCNTL=1 + fi + + fi + fi + + + if test $HAVE_FCNTL = 0 || test $REPLACE_FCNTL = 1; then + + + + + + + + + gltests_LIBOBJS="$gltests_LIBOBJS fcntl.$ac_objext" + + fi + + + + + + if test "$GNULIB_FCNTL" != 1; then + if test "$GNULIB_FCNTL" = 0; then + GNULIB_FCNTL=$gl_module_indicator_condition + else + GNULIB_FCNTL="($GNULIB_FCNTL || $gl_module_indicator_condition)" + fi + fi + + + + + +$as_echo "#define GNULIB_TEST_FCNTL 1" >>confdefs.h + + + + + + + + + + + + + + + if test $gl_cv_have_include_next = yes; then + gl_cv_next_fcntl_h='<'fcntl.h'>' + else + { $as_echo "$as_me:${as_lineno-$LINENO}: checking absolute name of " >&5 +$as_echo_n "checking absolute name of ... " >&6; } +if ${gl_cv_next_fcntl_h+:} false; then : + $as_echo_n "(cached) " >&6 +else + + + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +_ACEOF + case "$host_os" in + aix*) gl_absname_cpp="$ac_cpp -C" ;; + *) gl_absname_cpp="$ac_cpp" ;; + esac + + case "$host_os" in + mingw*) + gl_dirsep_regex='[/\\]' + ;; + *) + gl_dirsep_regex='\/' + ;; + esac + gl_make_literal_regex_sed='s,[]$^\\.*/[],\\&,g' + gl_header_literal_regex=`echo 'fcntl.h' \ + | sed -e "$gl_make_literal_regex_sed"` + gl_absolute_header_sed="/${gl_dirsep_regex}${gl_header_literal_regex}/"'{ + s/.*"\(.*'"${gl_dirsep_regex}${gl_header_literal_regex}"'\)".*/\1/ + s|^/[^/]|//&| + p + q + }' + + gl_cv_absolute_fcntl_h=`(eval "$gl_absname_cpp conftest.$ac_ext") 2>&5 | + sed -n "$gl_absolute_header_sed"` + + gl_header=$gl_cv_absolute_fcntl_h + gl_cv_next_fcntl_h='"'$gl_header'"' + + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_next_fcntl_h" >&5 +$as_echo "$gl_cv_next_fcntl_h" >&6; } + fi + NEXT_FCNTL_H=$gl_cv_next_fcntl_h + + if test $gl_cv_have_include_next = yes || test $gl_cv_have_include_next = buggy; then + # INCLUDE_NEXT_AS_FIRST_DIRECTIVE='include_next' + gl_next_as_first_directive='<'fcntl.h'>' + else + # INCLUDE_NEXT_AS_FIRST_DIRECTIVE='include' + gl_next_as_first_directive=$gl_cv_next_fcntl_h + fi + NEXT_AS_FIRST_DIRECTIVE_FCNTL_H=$gl_next_as_first_directive + + + + + + + + + + + + + + + + + + if test $HAVE_MSVC_INVALID_PARAMETER_HANDLER = 1; then + REPLACE_FDOPEN=1 + fi + + if test $REPLACE_FDOPEN = 0; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether fdopen sets errno" >&5 +$as_echo_n "checking whether fdopen sets errno... " >&6; } +if ${gl_cv_func_fdopen_works+:} false; then : + $as_echo_n "(cached) " >&6 +else + + if test "$cross_compiling" = yes; then : + case "$host_os" in + mingw*) gl_cv_func_fdopen_works="guessing no" ;; + *) gl_cv_func_fdopen_works="guessing yes" ;; + esac + +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include +int +main (void) +{ + FILE *fp; + errno = 0; + fp = fdopen (-1, "r"); + if (fp == NULL && errno == 0) + return 1; + return 0; +} +_ACEOF +if ac_fn_c_try_run "$LINENO"; then : + gl_cv_func_fdopen_works=yes +else + gl_cv_func_fdopen_works=no +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_func_fdopen_works" >&5 +$as_echo "$gl_cv_func_fdopen_works" >&6; } + case "$gl_cv_func_fdopen_works" in + *no) REPLACE_FDOPEN=1 ;; + esac + fi + + if test $REPLACE_FDOPEN = 1; then + + + + + + + + + gltests_LIBOBJS="$gltests_LIBOBJS fdopen.$ac_objext" + + + fi + + + + + + if test "$GNULIB_FDOPEN" != 1; then + if test "$GNULIB_FDOPEN" = 0; then + GNULIB_FDOPEN=$gl_module_indicator_condition + else + GNULIB_FDOPEN="($GNULIB_FDOPEN || $gl_module_indicator_condition)" + fi + fi + + + + + +$as_echo "#define GNULIB_TEST_FDOPEN 1" >>confdefs.h + + + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for flexible array member" >&5 +$as_echo_n "checking for flexible array member... " >&6; } +if ${ac_cv_c_flexmember+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + #include + #include + struct m { struct m *next, **list; char name[]; }; + struct s { struct s *p; struct m *m; int n; double d[]; }; +int +main () +{ +int m = getchar (); + size_t nbytes = offsetof (struct s, d) + m * sizeof (double); + nbytes += sizeof (struct s) - 1; + nbytes -= nbytes % sizeof (struct s); + struct s *p = malloc (nbytes); + p->p = p; + p->m = NULL; + p->d[0] = 0.0; + return p->d != (double *) NULL; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_cv_c_flexmember=yes +else + ac_cv_c_flexmember=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_flexmember" >&5 +$as_echo "$ac_cv_c_flexmember" >&6; } + if test $ac_cv_c_flexmember = yes; then + +$as_echo "#define FLEXIBLE_ARRAY_MEMBER /**/" >>confdefs.h + + else + $as_echo "#define FLEXIBLE_ARRAY_MEMBER 1" >>confdefs.h + + fi + + + + + + + if test $ac_cv_func_ftruncate = yes; then + + + case "$host_os" in + mingw*) + REPLACE_FTRUNCATE=1 + ;; + esac + + else + HAVE_FTRUNCATE=0 + fi + + if test $HAVE_FTRUNCATE = 0 || test $REPLACE_FTRUNCATE = 1; then + + + + + + + + + gltests_LIBOBJS="$gltests_LIBOBJS ftruncate.$ac_objext" + + + for ac_func in chsize +do : + ac_fn_c_check_func "$LINENO" "chsize" "ac_cv_func_chsize" +if test "x$ac_cv_func_chsize" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_CHSIZE 1 +_ACEOF + +fi +done + + + fi + + + + + + if test "$GNULIB_FTRUNCATE" != 1; then + if test "$GNULIB_FTRUNCATE" = 0; then + GNULIB_FTRUNCATE=$gl_module_indicator_condition + else + GNULIB_FTRUNCATE="($GNULIB_FTRUNCATE || $gl_module_indicator_condition)" + fi + fi + + + + + +$as_echo "#define GNULIB_TEST_FTRUNCATE 1" >>confdefs.h + + + + + + + + + case $gl_cv_func_getcwd_null,$gl_cv_func_getcwd_posix_signature in + *yes,yes) ;; + *) + REPLACE_GETCWD=1 + ;; + esac + + if test $REPLACE_GETCWD = 1; then + + + + + + + + + gltests_LIBOBJS="$gltests_LIBOBJS getcwd-lgpl.$ac_objext" + + fi + + + + + + if test "$GNULIB_GETCWD" != 1; then + if test "$GNULIB_GETCWD" = 0; then + GNULIB_GETCWD=$gl_module_indicator_condition + else + GNULIB_GETCWD="($GNULIB_GETCWD || $gl_module_indicator_condition)" + fi + fi + + + + + +$as_echo "#define GNULIB_TEST_GETCWD 1" >>confdefs.h + + + + + + + + + if test $ac_cv_func_getdtablesize = yes && + test $ac_cv_have_decl_getdtablesize = yes; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether getdtablesize works" >&5 +$as_echo_n "checking whether getdtablesize works... " >&6; } +if ${gl_cv_func_getdtablesize_works+:} false; then : + $as_echo_n "(cached) " >&6 +else + case "$host_os" in + vms*) gl_cv_func_getdtablesize_works="no (limitation)" ;; + *) + if test "$cross_compiling" = yes; then : + case "$host_os" in + cygwin*) # on cygwin 1.5.25, getdtablesize() automatically grows + gl_cv_func_getdtablesize_works="guessing no" ;; + *) gl_cv_func_getdtablesize_works="guessing yes" ;; + esac + +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + #include +int +main () +{ +int size = getdtablesize(); + if (dup2 (0, getdtablesize()) != -1) + return 1; + if (size != getdtablesize()) + return 2; + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_run "$LINENO"; then : + gl_cv_func_getdtablesize_works=yes +else + gl_cv_func_getdtablesize_works=no +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + + ;; + esac + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_func_getdtablesize_works" >&5 +$as_echo "$gl_cv_func_getdtablesize_works" >&6; } + case "$gl_cv_func_getdtablesize_works" in + *yes | "no (limitation)") ;; + *) REPLACE_GETDTABLESIZE=1 ;; + esac + else + HAVE_GETDTABLESIZE=0 + fi + + if test $HAVE_GETDTABLESIZE = 0 || test $REPLACE_GETDTABLESIZE = 1; then + + + + + + + + + gltests_LIBOBJS="$gltests_LIBOBJS getdtablesize.$ac_objext" + + : + fi + + + + + + if test "$GNULIB_GETDTABLESIZE" != 1; then + if test "$GNULIB_GETDTABLESIZE" = 0; then + GNULIB_GETDTABLESIZE=$gl_module_indicator_condition + else + GNULIB_GETDTABLESIZE="($GNULIB_GETDTABLESIZE || $gl_module_indicator_condition)" + fi + fi + + + + + +$as_echo "#define GNULIB_TEST_GETDTABLESIZE 1" >>confdefs.h + + + + + + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for getpagesize" >&5 +$as_echo_n "checking for getpagesize... " >&6; } +if ${gl_cv_func_getpagesize+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +int +main () +{ +return getpagesize(); + ; + return 0; +} + +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + gl_cv_func_getpagesize=yes +else + gl_cv_func_getpagesize=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_func_getpagesize" >&5 +$as_echo "$gl_cv_func_getpagesize" >&6; } + + if test $gl_cv_func_getpagesize = no; then + HAVE_GETPAGESIZE=0 + for ac_header in OS.h +do : + ac_fn_c_check_header_mongrel "$LINENO" "OS.h" "ac_cv_header_OS_h" "$ac_includes_default" +if test "x$ac_cv_header_OS_h" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_OS_H 1 +_ACEOF + +fi + +done + + if test $ac_cv_header_OS_h = yes; then + HAVE_OS_H=1 + fi + for ac_header in sys/param.h +do : + ac_fn_c_check_header_mongrel "$LINENO" "sys/param.h" "ac_cv_header_sys_param_h" "$ac_includes_default" +if test "x$ac_cv_header_sys_param_h" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_SYS_PARAM_H 1 +_ACEOF + +fi + +done + + if test $ac_cv_header_sys_param_h = yes; then + HAVE_SYS_PARAM_H=1 + fi + fi + case "$host_os" in + mingw*) + REPLACE_GETPAGESIZE=1 + ;; + esac + ac_fn_c_check_decl "$LINENO" "getpagesize" "ac_cv_have_decl_getpagesize" "$ac_includes_default" +if test "x$ac_cv_have_decl_getpagesize" = xyes; then : + +else + HAVE_DECL_GETPAGESIZE=0 +fi + + + if test $REPLACE_GETPAGESIZE = 1; then + + + + + + + + + gltests_LIBOBJS="$gltests_LIBOBJS getpagesize.$ac_objext" + + fi + + + + + + if test "$GNULIB_GETPAGESIZE" != 1; then + if test "$GNULIB_GETPAGESIZE" = 0; then + GNULIB_GETPAGESIZE=$gl_module_indicator_condition + else + GNULIB_GETPAGESIZE="($GNULIB_GETPAGESIZE || $gl_module_indicator_condition)" + fi + fi + + + + + +$as_echo "#define GNULIB_TEST_GETPAGESIZE 1" >>confdefs.h + + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether byte ordering is bigendian" >&5 +$as_echo_n "checking whether byte ordering is bigendian... " >&6; } +if ${ac_cv_c_bigendian+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_cv_c_bigendian=unknown + # See if we're dealing with a universal compiler. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#ifndef __APPLE_CC__ + not a universal capable compiler + #endif + typedef int dummy; + +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + + # Check for potential -arch flags. It is not universal unless + # there are at least two -arch flags with different values. + ac_arch= + ac_prev= + for ac_word in $CC $CFLAGS $CPPFLAGS $LDFLAGS; do + if test -n "$ac_prev"; then + case $ac_word in + i?86 | x86_64 | ppc | ppc64) + if test -z "$ac_arch" || test "$ac_arch" = "$ac_word"; then + ac_arch=$ac_word + else + ac_cv_c_bigendian=universal + break + fi + ;; + esac + ac_prev= + elif test "x$ac_word" = "x-arch"; then + ac_prev=arch + fi + done +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + if test $ac_cv_c_bigendian = unknown; then + # See if sys/param.h defines the BYTE_ORDER macro. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + #include + +int +main () +{ +#if ! (defined BYTE_ORDER && defined BIG_ENDIAN \ + && defined LITTLE_ENDIAN && BYTE_ORDER && BIG_ENDIAN \ + && LITTLE_ENDIAN) + bogus endian macros + #endif + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + # It does; now see whether it defined to BIG_ENDIAN or not. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + #include + +int +main () +{ +#if BYTE_ORDER != BIG_ENDIAN + not big endian + #endif + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_cv_c_bigendian=yes +else + ac_cv_c_bigendian=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + fi + if test $ac_cv_c_bigendian = unknown; then + # See if defines _LITTLE_ENDIAN or _BIG_ENDIAN (e.g., Solaris). + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + +int +main () +{ +#if ! (defined _LITTLE_ENDIAN || defined _BIG_ENDIAN) + bogus endian macros + #endif + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + # It does; now see whether it defined to _BIG_ENDIAN or not. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + +int +main () +{ +#ifndef _BIG_ENDIAN + not big endian + #endif + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_cv_c_bigendian=yes +else + ac_cv_c_bigendian=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + fi + if test $ac_cv_c_bigendian = unknown; then + # Compile a test program. + if test "$cross_compiling" = yes; then : + # Try to guess by grepping values from an object file. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +short int ascii_mm[] = + { 0x4249, 0x4765, 0x6E44, 0x6961, 0x6E53, 0x7953, 0 }; + short int ascii_ii[] = + { 0x694C, 0x5454, 0x656C, 0x6E45, 0x6944, 0x6E61, 0 }; + int use_ascii (int i) { + return ascii_mm[i] + ascii_ii[i]; + } + short int ebcdic_ii[] = + { 0x89D3, 0xE3E3, 0x8593, 0x95C5, 0x89C4, 0x9581, 0 }; + short int ebcdic_mm[] = + { 0xC2C9, 0xC785, 0x95C4, 0x8981, 0x95E2, 0xA8E2, 0 }; + int use_ebcdic (int i) { + return ebcdic_mm[i] + ebcdic_ii[i]; + } + extern int foo; + +int +main () +{ +return use_ascii (foo) == use_ebcdic (foo); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + if grep BIGenDianSyS conftest.$ac_objext >/dev/null; then + ac_cv_c_bigendian=yes + fi + if grep LiTTleEnDian conftest.$ac_objext >/dev/null ; then + if test "$ac_cv_c_bigendian" = unknown; then + ac_cv_c_bigendian=no + else + # finding both strings is unlikely to happen, but who knows? + ac_cv_c_bigendian=unknown + fi + fi +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +$ac_includes_default +int +main () +{ + + /* Are we little or big endian? From Harbison&Steele. */ + union + { + long int l; + char c[sizeof (long int)]; + } u; + u.l = 1; + return u.c[sizeof (long int) - 1] == 1; + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_run "$LINENO"; then : + ac_cv_c_bigendian=no +else + ac_cv_c_bigendian=yes +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + + fi +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_bigendian" >&5 +$as_echo "$ac_cv_c_bigendian" >&6; } + case $ac_cv_c_bigendian in #( + yes) + $as_echo "#define WORDS_BIGENDIAN 1" >>confdefs.h +;; #( + no) + ;; #( + universal) + +$as_echo "#define AC_APPLE_UNIVERSAL_BUILD 1" >>confdefs.h + + ;; #( + *) + as_fn_error $? "unknown endianness + presetting ac_cv_c_bigendian=no (or yes) will help" "$LINENO" 5 ;; + esac + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether byte ordering is bigendian" >&5 +$as_echo_n "checking whether byte ordering is bigendian... " >&6; } +if ${ac_cv_c_bigendian+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_cv_c_bigendian=unknown + # See if we're dealing with a universal compiler. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#ifndef __APPLE_CC__ + not a universal capable compiler + #endif + typedef int dummy; + +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + + # Check for potential -arch flags. It is not universal unless + # there are at least two -arch flags with different values. + ac_arch= + ac_prev= + for ac_word in $CC $CFLAGS $CPPFLAGS $LDFLAGS; do + if test -n "$ac_prev"; then + case $ac_word in + i?86 | x86_64 | ppc | ppc64) + if test -z "$ac_arch" || test "$ac_arch" = "$ac_word"; then + ac_arch=$ac_word + else + ac_cv_c_bigendian=universal + break + fi + ;; + esac + ac_prev= + elif test "x$ac_word" = "x-arch"; then + ac_prev=arch + fi + done +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + if test $ac_cv_c_bigendian = unknown; then + # See if sys/param.h defines the BYTE_ORDER macro. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + #include + +int +main () +{ +#if ! (defined BYTE_ORDER && defined BIG_ENDIAN \ + && defined LITTLE_ENDIAN && BYTE_ORDER && BIG_ENDIAN \ + && LITTLE_ENDIAN) + bogus endian macros + #endif + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + # It does; now see whether it defined to BIG_ENDIAN or not. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + #include + +int +main () +{ +#if BYTE_ORDER != BIG_ENDIAN + not big endian + #endif + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_cv_c_bigendian=yes +else + ac_cv_c_bigendian=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + fi + if test $ac_cv_c_bigendian = unknown; then + # See if defines _LITTLE_ENDIAN or _BIG_ENDIAN (e.g., Solaris). + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + +int +main () +{ +#if ! (defined _LITTLE_ENDIAN || defined _BIG_ENDIAN) + bogus endian macros + #endif + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + # It does; now see whether it defined to _BIG_ENDIAN or not. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + +int +main () +{ +#ifndef _BIG_ENDIAN + not big endian + #endif + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_cv_c_bigendian=yes +else + ac_cv_c_bigendian=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + fi + if test $ac_cv_c_bigendian = unknown; then + # Compile a test program. + if test "$cross_compiling" = yes; then : + # Try to guess by grepping values from an object file. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +short int ascii_mm[] = + { 0x4249, 0x4765, 0x6E44, 0x6961, 0x6E53, 0x7953, 0 }; + short int ascii_ii[] = + { 0x694C, 0x5454, 0x656C, 0x6E45, 0x6944, 0x6E61, 0 }; + int use_ascii (int i) { + return ascii_mm[i] + ascii_ii[i]; + } + short int ebcdic_ii[] = + { 0x89D3, 0xE3E3, 0x8593, 0x95C5, 0x89C4, 0x9581, 0 }; + short int ebcdic_mm[] = + { 0xC2C9, 0xC785, 0x95C4, 0x8981, 0x95E2, 0xA8E2, 0 }; + int use_ebcdic (int i) { + return ebcdic_mm[i] + ebcdic_ii[i]; + } + extern int foo; + +int +main () +{ +return use_ascii (foo) == use_ebcdic (foo); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + if grep BIGenDianSyS conftest.$ac_objext >/dev/null; then + ac_cv_c_bigendian=yes + fi + if grep LiTTleEnDian conftest.$ac_objext >/dev/null ; then + if test "$ac_cv_c_bigendian" = unknown; then + ac_cv_c_bigendian=no + else + # finding both strings is unlikely to happen, but who knows? + ac_cv_c_bigendian=unknown + fi + fi +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +$ac_includes_default +int +main () +{ + + /* Are we little or big endian? From Harbison&Steele. */ + union + { + long int l; + char c[sizeof (long int)]; + } u; + u.l = 1; + return u.c[sizeof (long int) - 1] == 1; + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_run "$LINENO"; then : + ac_cv_c_bigendian=no +else + ac_cv_c_bigendian=yes +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + + fi +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_bigendian" >&5 +$as_echo "$ac_cv_c_bigendian" >&6; } + case $ac_cv_c_bigendian in #( + yes) + $as_echo "#define WORDS_BIGENDIAN 1" >>confdefs.h +;; #( + no) + ;; #( + universal) + +$as_echo "#define AC_APPLE_UNIVERSAL_BUILD 1" >>confdefs.h + + ;; #( + *) + as_fn_error $? "unknown endianness + presetting ac_cv_c_bigendian=no (or yes) will help" "$LINENO" 5 ;; + esac + + + + + + + PRIPTR_PREFIX= + if test -n "$STDINT_H"; then + PRIPTR_PREFIX='"l"' + else + for glpfx in '' l ll I64; do + case $glpfx in + '') gltype1='int';; + l) gltype1='long int';; + ll) gltype1='long long int';; + I64) gltype1='__int64';; + esac + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + extern intptr_t foo; + extern $gltype1 foo; +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + PRIPTR_PREFIX='"'$glpfx'"' +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + test -n "$PRIPTR_PREFIX" && break + done + fi + + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether INT32_MAX < INTMAX_MAX" >&5 +$as_echo_n "checking whether INT32_MAX < INTMAX_MAX... " >&6; } +if ${gl_cv_test_INT32_MAX_LT_INTMAX_MAX+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +/* Work also in C++ mode. */ + #define __STDC_LIMIT_MACROS 1 + + /* Work if build is not clean. */ + #define _GL_JUST_INCLUDE_SYSTEM_STDINT_H + + #include + #if HAVE_STDINT_H + #include + #endif + + #if defined INT32_MAX && defined INTMAX_MAX + #define CONDITION (INT32_MAX < INTMAX_MAX) + #elif HAVE_LONG_LONG_INT + #define CONDITION (sizeof (int) < sizeof (long long int)) + #else + #define CONDITION 0 + #endif + int test[CONDITION ? 1 : -1]; +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + gl_cv_test_INT32_MAX_LT_INTMAX_MAX=yes +else + gl_cv_test_INT32_MAX_LT_INTMAX_MAX=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_test_INT32_MAX_LT_INTMAX_MAX" >&5 +$as_echo "$gl_cv_test_INT32_MAX_LT_INTMAX_MAX" >&6; } + if test $gl_cv_test_INT32_MAX_LT_INTMAX_MAX = yes; then + INT32_MAX_LT_INTMAX_MAX=1; + else + INT32_MAX_LT_INTMAX_MAX=0; + fi + + + if test $APPLE_UNIVERSAL_BUILD = 0; then + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether INT64_MAX == LONG_MAX" >&5 +$as_echo_n "checking whether INT64_MAX == LONG_MAX... " >&6; } +if ${gl_cv_test_INT64_MAX_EQ_LONG_MAX+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +/* Work also in C++ mode. */ + #define __STDC_LIMIT_MACROS 1 + + /* Work if build is not clean. */ + #define _GL_JUST_INCLUDE_SYSTEM_STDINT_H + + #include + #if HAVE_STDINT_H + #include + #endif + + #if defined INT64_MAX + #define CONDITION (INT64_MAX == LONG_MAX) + #elif HAVE_LONG_LONG_INT + #define CONDITION (sizeof (long long int) == sizeof (long int)) + #else + #define CONDITION 0 + #endif + int test[CONDITION ? 1 : -1]; +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + gl_cv_test_INT64_MAX_EQ_LONG_MAX=yes +else + gl_cv_test_INT64_MAX_EQ_LONG_MAX=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_test_INT64_MAX_EQ_LONG_MAX" >&5 +$as_echo "$gl_cv_test_INT64_MAX_EQ_LONG_MAX" >&6; } + if test $gl_cv_test_INT64_MAX_EQ_LONG_MAX = yes; then + INT64_MAX_EQ_LONG_MAX=1; + else + INT64_MAX_EQ_LONG_MAX=0; + fi + + + else + INT64_MAX_EQ_LONG_MAX=-1 + fi + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether UINT32_MAX < UINTMAX_MAX" >&5 +$as_echo_n "checking whether UINT32_MAX < UINTMAX_MAX... " >&6; } +if ${gl_cv_test_UINT32_MAX_LT_UINTMAX_MAX+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +/* Work also in C++ mode. */ + #define __STDC_LIMIT_MACROS 1 + + /* Work if build is not clean. */ + #define _GL_JUST_INCLUDE_SYSTEM_STDINT_H + + #include + #if HAVE_STDINT_H + #include + #endif + + #if defined UINT32_MAX && defined UINTMAX_MAX + #define CONDITION (UINT32_MAX < UINTMAX_MAX) + #elif HAVE_LONG_LONG_INT + #define CONDITION (sizeof (unsigned int) < sizeof (unsigned long long int)) + #else + #define CONDITION 0 + #endif + int test[CONDITION ? 1 : -1]; +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + gl_cv_test_UINT32_MAX_LT_UINTMAX_MAX=yes +else + gl_cv_test_UINT32_MAX_LT_UINTMAX_MAX=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_test_UINT32_MAX_LT_UINTMAX_MAX" >&5 +$as_echo "$gl_cv_test_UINT32_MAX_LT_UINTMAX_MAX" >&6; } + if test $gl_cv_test_UINT32_MAX_LT_UINTMAX_MAX = yes; then + UINT32_MAX_LT_UINTMAX_MAX=1; + else + UINT32_MAX_LT_UINTMAX_MAX=0; + fi + + + if test $APPLE_UNIVERSAL_BUILD = 0; then + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether UINT64_MAX == ULONG_MAX" >&5 +$as_echo_n "checking whether UINT64_MAX == ULONG_MAX... " >&6; } +if ${gl_cv_test_UINT64_MAX_EQ_ULONG_MAX+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +/* Work also in C++ mode. */ + #define __STDC_LIMIT_MACROS 1 + + /* Work if build is not clean. */ + #define _GL_JUST_INCLUDE_SYSTEM_STDINT_H + + #include + #if HAVE_STDINT_H + #include + #endif + + #if defined UINT64_MAX + #define CONDITION (UINT64_MAX == ULONG_MAX) + #elif HAVE_LONG_LONG_INT + #define CONDITION (sizeof (unsigned long long int) == sizeof (unsigned long int)) + #else + #define CONDITION 0 + #endif + int test[CONDITION ? 1 : -1]; +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + gl_cv_test_UINT64_MAX_EQ_ULONG_MAX=yes +else + gl_cv_test_UINT64_MAX_EQ_ULONG_MAX=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_test_UINT64_MAX_EQ_ULONG_MAX" >&5 +$as_echo "$gl_cv_test_UINT64_MAX_EQ_ULONG_MAX" >&6; } + if test $gl_cv_test_UINT64_MAX_EQ_ULONG_MAX = yes; then + UINT64_MAX_EQ_ULONG_MAX=1; + else + UINT64_MAX_EQ_ULONG_MAX=0; + fi + + + else + UINT64_MAX_EQ_ULONG_MAX=-1 + fi + + + + + + + HAVE_IOCTL=1 + if test "$ac_cv_header_winsock2_h" = yes; then + HAVE_IOCTL=0 + else + for ac_func in ioctl +do : + ac_fn_c_check_func "$LINENO" "ioctl" "ac_cv_func_ioctl" +if test "x$ac_cv_func_ioctl" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_IOCTL 1 +_ACEOF + +fi +done + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ioctl with POSIX signature" >&5 +$as_echo_n "checking for ioctl with POSIX signature... " >&6; } +if ${gl_cv_func_ioctl_posix_signature+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + /* On some platforms, ioctl() is declared in . */ + #include + +int +main () +{ +extern + #ifdef __cplusplus + "C" + #endif + int ioctl (int, int, ...); + + ; + return 0; +} + +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + gl_cv_func_ioctl_posix_signature=yes +else + gl_cv_func_ioctl_posix_signature=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_func_ioctl_posix_signature" >&5 +$as_echo "$gl_cv_func_ioctl_posix_signature" >&6; } + if test $gl_cv_func_ioctl_posix_signature != yes; then + REPLACE_IOCTL=1 + fi + fi + + if test $HAVE_IOCTL = 0 || test $REPLACE_IOCTL = 1; then + + + + + + + + + gltests_LIBOBJS="$gltests_LIBOBJS ioctl.$ac_objext" + + fi + + + + + + if test "$GNULIB_IOCTL" != 1; then + if test "$GNULIB_IOCTL" = 0; then + GNULIB_IOCTL=$gl_module_indicator_condition + else + GNULIB_IOCTL="($GNULIB_IOCTL || $gl_module_indicator_condition)" + fi + fi + + + + + +$as_echo "#define GNULIB_TEST_IOCTL 1" >>confdefs.h + + + + + + + + + if test $ac_cv_func_isblank = no; then + HAVE_ISBLANK=0 + fi + + if test $HAVE_ISBLANK = 0; then + + + + + + + + + gltests_LIBOBJS="$gltests_LIBOBJS isblank.$ac_objext" + + fi + + + + + + if test "$GNULIB_ISBLANK" != 1; then + if test "$GNULIB_ISBLANK" = 0; then + GNULIB_ISBLANK=$gl_module_indicator_condition + else + GNULIB_ISBLANK="($GNULIB_ISBLANK || $gl_module_indicator_condition)" + fi + fi + + + + + + + + + + + + + + + + + + + if test $gl_cv_have_include_next = yes; then + gl_cv_next_langinfo_h='<'langinfo.h'>' + else + { $as_echo "$as_me:${as_lineno-$LINENO}: checking absolute name of " >&5 +$as_echo_n "checking absolute name of ... " >&6; } +if ${gl_cv_next_langinfo_h+:} false; then : + $as_echo_n "(cached) " >&6 +else + + if test $ac_cv_header_langinfo_h = yes; then + + + + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +_ACEOF + case "$host_os" in + aix*) gl_absname_cpp="$ac_cpp -C" ;; + *) gl_absname_cpp="$ac_cpp" ;; + esac + + case "$host_os" in + mingw*) + gl_dirsep_regex='[/\\]' + ;; + *) + gl_dirsep_regex='\/' + ;; + esac + gl_make_literal_regex_sed='s,[]$^\\.*/[],\\&,g' + gl_header_literal_regex=`echo 'langinfo.h' \ + | sed -e "$gl_make_literal_regex_sed"` + gl_absolute_header_sed="/${gl_dirsep_regex}${gl_header_literal_regex}/"'{ + s/.*"\(.*'"${gl_dirsep_regex}${gl_header_literal_regex}"'\)".*/\1/ + s|^/[^/]|//&| + p + q + }' + + gl_cv_absolute_langinfo_h=`(eval "$gl_absname_cpp conftest.$ac_ext") 2>&5 | + sed -n "$gl_absolute_header_sed"` + + gl_header=$gl_cv_absolute_langinfo_h + gl_cv_next_langinfo_h='"'$gl_header'"' + else + gl_cv_next_langinfo_h='<'langinfo.h'>' + fi + + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_next_langinfo_h" >&5 +$as_echo "$gl_cv_next_langinfo_h" >&6; } + fi + NEXT_LANGINFO_H=$gl_cv_next_langinfo_h + + if test $gl_cv_have_include_next = yes || test $gl_cv_have_include_next = buggy; then + # INCLUDE_NEXT_AS_FIRST_DIRECTIVE='include_next' + gl_next_as_first_directive='<'langinfo.h'>' + else + # INCLUDE_NEXT_AS_FIRST_DIRECTIVE='include' + gl_next_as_first_directive=$gl_cv_next_langinfo_h + fi + NEXT_AS_FIRST_DIRECTIVE_LANGINFO_H=$gl_next_as_first_directive + + + + + + HAVE_LANGINFO_CODESET=0 + HAVE_LANGINFO_T_FMT_AMPM=0 + HAVE_LANGINFO_ALTMON=0 + HAVE_LANGINFO_ERA=0 + HAVE_LANGINFO_YESEXPR=0 + + if test $ac_cv_header_langinfo_h = yes; then + HAVE_LANGINFO_H=1 + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether langinfo.h defines CODESET" >&5 +$as_echo_n "checking whether langinfo.h defines CODESET... " >&6; } +if ${gl_cv_header_langinfo_codeset+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +int a = CODESET; + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + gl_cv_header_langinfo_codeset=yes +else + gl_cv_header_langinfo_codeset=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_header_langinfo_codeset" >&5 +$as_echo "$gl_cv_header_langinfo_codeset" >&6; } + if test $gl_cv_header_langinfo_codeset = yes; then + HAVE_LANGINFO_CODESET=1 + fi + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether langinfo.h defines T_FMT_AMPM" >&5 +$as_echo_n "checking whether langinfo.h defines T_FMT_AMPM... " >&6; } +if ${gl_cv_header_langinfo_t_fmt_ampm+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +int a = T_FMT_AMPM; + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + gl_cv_header_langinfo_t_fmt_ampm=yes +else + gl_cv_header_langinfo_t_fmt_ampm=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_header_langinfo_t_fmt_ampm" >&5 +$as_echo "$gl_cv_header_langinfo_t_fmt_ampm" >&6; } + if test $gl_cv_header_langinfo_t_fmt_ampm = yes; then + HAVE_LANGINFO_T_FMT_AMPM=1 + fi + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether langinfo.h defines ALTMON_1" >&5 +$as_echo_n "checking whether langinfo.h defines ALTMON_1... " >&6; } +if ${gl_cv_header_langinfo_altmon+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +int a = ALTMON_1; + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + gl_cv_header_langinfo_altmon=yes +else + gl_cv_header_langinfo_altmon=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_header_langinfo_altmon" >&5 +$as_echo "$gl_cv_header_langinfo_altmon" >&6; } + if test $gl_cv_header_langinfo_altmon = yes; then + HAVE_LANGINFO_ALTMON=1 + fi + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether langinfo.h defines ERA" >&5 +$as_echo_n "checking whether langinfo.h defines ERA... " >&6; } +if ${gl_cv_header_langinfo_era+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +int a = ERA; + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + gl_cv_header_langinfo_era=yes +else + gl_cv_header_langinfo_era=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_header_langinfo_era" >&5 +$as_echo "$gl_cv_header_langinfo_era" >&6; } + if test $gl_cv_header_langinfo_era = yes; then + HAVE_LANGINFO_ERA=1 + fi + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether langinfo.h defines YESEXPR" >&5 +$as_echo_n "checking whether langinfo.h defines YESEXPR... " >&6; } +if ${gl_cv_header_langinfo_yesexpr+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +int a = YESEXPR; + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + gl_cv_header_langinfo_yesexpr=yes +else + gl_cv_header_langinfo_yesexpr=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_header_langinfo_yesexpr" >&5 +$as_echo "$gl_cv_header_langinfo_yesexpr" >&6; } + if test $gl_cv_header_langinfo_yesexpr = yes; then + HAVE_LANGINFO_YESEXPR=1 + fi + else + HAVE_LANGINFO_H=0 + fi + + + + + + + + + + + + + if test "$ac_cv_header_winsock2_h" = yes; then + + + + + + + + + gltests_LIBOBJS="$gltests_LIBOBJS listen.$ac_objext" + + fi + + + + + + if test "$GNULIB_LISTEN" != 1; then + if test "$GNULIB_LISTEN" = 0; then + GNULIB_LISTEN=$gl_module_indicator_condition + else + GNULIB_LISTEN="($GNULIB_LISTEN || $gl_module_indicator_condition)" + fi + fi + + + + + +$as_echo "#define GNULIB_TEST_LISTEN 1" >>confdefs.h + + + + + + + + + + + + case "$host_os" in + solaris*) + +$as_echo "#define _LCONV_C99 1" >>confdefs.h + + ;; + esac + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether locale.h conforms to POSIX:2001" >&5 +$as_echo_n "checking whether locale.h conforms to POSIX:2001... " >&6; } +if ${gl_cv_header_locale_h_posix2001+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + int x = LC_MESSAGES; + int y = sizeof (((struct lconv *) 0)->decimal_point); +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + gl_cv_header_locale_h_posix2001=yes +else + gl_cv_header_locale_h_posix2001=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_header_locale_h_posix2001" >&5 +$as_echo "$gl_cv_header_locale_h_posix2001" >&6; } + + + if test $ac_cv_header_xlocale_h = yes; then + HAVE_XLOCALE_H=1 + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether locale.h defines locale_t" >&5 +$as_echo_n "checking whether locale.h defines locale_t... " >&6; } +if ${gl_cv_header_locale_has_locale_t+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + locale_t x; +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + gl_cv_header_locale_has_locale_t=yes +else + gl_cv_header_locale_has_locale_t=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_header_locale_has_locale_t" >&5 +$as_echo "$gl_cv_header_locale_has_locale_t" >&6; } + if test $gl_cv_header_locale_has_locale_t = yes; then + gl_cv_header_locale_h_needs_xlocale_h=no + else + gl_cv_header_locale_h_needs_xlocale_h=yes + fi + else + HAVE_XLOCALE_H=0 + gl_cv_header_locale_h_needs_xlocale_h=no + fi + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether struct lconv is properly defined" >&5 +$as_echo_n "checking whether struct lconv is properly defined... " >&6; } +if ${gl_cv_sys_struct_lconv_ok+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + struct lconv l; + int x = sizeof (l.decimal_point); + int y = sizeof (l.int_p_cs_precedes); +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + gl_cv_sys_struct_lconv_ok=yes +else + gl_cv_sys_struct_lconv_ok=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_sys_struct_lconv_ok" >&5 +$as_echo "$gl_cv_sys_struct_lconv_ok" >&6; } + if test $gl_cv_sys_struct_lconv_ok = no; then + REPLACE_STRUCT_LCONV=1 + fi + + + + + + + + + + if test $gl_cv_have_include_next = yes; then + gl_cv_next_locale_h='<'locale.h'>' + else + { $as_echo "$as_me:${as_lineno-$LINENO}: checking absolute name of " >&5 +$as_echo_n "checking absolute name of ... " >&6; } +if ${gl_cv_next_locale_h+:} false; then : + $as_echo_n "(cached) " >&6 +else + + + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +_ACEOF + case "$host_os" in + aix*) gl_absname_cpp="$ac_cpp -C" ;; + *) gl_absname_cpp="$ac_cpp" ;; + esac + + case "$host_os" in + mingw*) + gl_dirsep_regex='[/\\]' + ;; + *) + gl_dirsep_regex='\/' + ;; + esac + gl_make_literal_regex_sed='s,[]$^\\.*/[],\\&,g' + gl_header_literal_regex=`echo 'locale.h' \ + | sed -e "$gl_make_literal_regex_sed"` + gl_absolute_header_sed="/${gl_dirsep_regex}${gl_header_literal_regex}/"'{ + s/.*"\(.*'"${gl_dirsep_regex}${gl_header_literal_regex}"'\)".*/\1/ + s|^/[^/]|//&| + p + q + }' + + gl_cv_absolute_locale_h=`(eval "$gl_absname_cpp conftest.$ac_ext") 2>&5 | + sed -n "$gl_absolute_header_sed"` + + gl_header=$gl_cv_absolute_locale_h + gl_cv_next_locale_h='"'$gl_header'"' + + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_next_locale_h" >&5 +$as_echo "$gl_cv_next_locale_h" >&6; } + fi + NEXT_LOCALE_H=$gl_cv_next_locale_h + + if test $gl_cv_have_include_next = yes || test $gl_cv_have_include_next = buggy; then + # INCLUDE_NEXT_AS_FIRST_DIRECTIVE='include_next' + gl_next_as_first_directive='<'locale.h'>' + else + # INCLUDE_NEXT_AS_FIRST_DIRECTIVE='include' + gl_next_as_first_directive=$gl_cv_next_locale_h + fi + NEXT_AS_FIRST_DIRECTIVE_LOCALE_H=$gl_next_as_first_directive + + + + + + + + + + + + + + + + + + if test $ac_cv_func_newlocale != yes; then + HAVE_NEWLOCALE=0 + fi + if test $ac_cv_func_duplocale != yes; then + HAVE_DUPLOCALE=0 + fi + if test $ac_cv_func_freelocale != yes; then + HAVE_FREELOCALE=0 + fi + if test $gt_nameless_locales = yes; then + REPLACE_NEWLOCALE=1 + REPLACE_DUPLOCALE=1 + REPLACE_FREELOCALE=1 + fi + + + + + + + if test "$GNULIB_LOCALENAME" != 1; then + if test "$GNULIB_LOCALENAME" = 0; then + GNULIB_LOCALENAME=$gl_module_indicator_condition + else + GNULIB_LOCALENAME="($GNULIB_LOCALENAME || $gl_module_indicator_condition)" + fi + fi + + + + + +$as_echo "#define GNULIB_TEST_LOCALENAME 1" >>confdefs.h + + + + + + + if test "$gl_threads_api" = posix; then + # OSF/1 4.0 and Mac OS X 10.1 lack the pthread_rwlock_t type and the + # pthread_rwlock_* functions. + has_rwlock=false + ac_fn_c_check_type "$LINENO" "pthread_rwlock_t" "ac_cv_type_pthread_rwlock_t" "#include +" +if test "x$ac_cv_type_pthread_rwlock_t" = xyes; then : + has_rwlock=true + +$as_echo "#define HAVE_PTHREAD_RWLOCK 1" >>confdefs.h + +fi + + if $has_rwlock; then + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether pthread_rwlock_rdlock prefers a writer to a reader" >&5 +$as_echo_n "checking whether pthread_rwlock_rdlock prefers a writer to a reader... " >&6; } +if ${gl_cv_pthread_rwlock_rdlock_prefer_writer+:} false; then : + $as_echo_n "(cached) " >&6 +else + save_LIBS="$LIBS" + LIBS="$LIBS $LIBMULTITHREAD" + if test "$cross_compiling" = yes; then : + gl_cv_pthread_rwlock_rdlock_prefer_writer="guessing yes" +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include +#include +#include + +#define SUCCEED() exit (0) +#define FAILURE() exit (1) +#define UNEXPECTED(n) (exit (10 + (n))) + +/* The main thread creates the waiting writer and the requesting reader threads + in the default way; this guarantees that they have the same priority. + We can reuse the main thread as first reader thread. */ + +static pthread_rwlock_t lock; +static pthread_t reader1; +static pthread_t writer; +static pthread_t reader2; +static pthread_t timer; +/* Used to pass control from writer to reader2 and from reader2 to timer, + as in a relay race. + Passing control from one running thread to another running thread + is most likely faster than to create the second thread. */ +static pthread_mutex_t baton; + +static void * +timer_func (void *ignored) +{ + /* Step 13 (can be before or after step 12): + The timer thread takes the baton, then waits a moment to make sure + it can tell whether the second reader thread is blocked at step 12. */ + if (pthread_mutex_lock (&baton)) + UNEXPECTED (13); + usleep (100000); + /* By the time we get here, it's clear that the second reader thread is + blocked at step 12. This is the desired behaviour. */ + SUCCEED (); +} + +static void * +reader2_func (void *ignored) +{ + int err; + + /* Step 8 (can be before or after step 7): + The second reader thread takes the baton, then waits a moment to make sure + the writer thread has reached step 7. */ + if (pthread_mutex_lock (&baton)) + UNEXPECTED (8); + usleep (100000); + /* Step 9: The second reader thread requests the lock. */ + err = pthread_rwlock_tryrdlock (&lock); + if (err == 0) + FAILURE (); + else if (err != EBUSY) + UNEXPECTED (9); + /* Step 10: Launch a timer, to test whether the next call blocks. */ + if (pthread_create (&timer, NULL, timer_func, NULL)) + UNEXPECTED (10); + /* Step 11: Release the baton. */ + if (pthread_mutex_unlock (&baton)) + UNEXPECTED (11); + /* Step 12: The second reader thread requests the lock. */ + err = pthread_rwlock_rdlock (&lock); + if (err == 0) + FAILURE (); + else + UNEXPECTED (12); +} + +static void * +writer_func (void *ignored) +{ + /* Step 4: Take the baton, so that the second reader thread does not go ahead + too early. */ + if (pthread_mutex_lock (&baton)) + UNEXPECTED (4); + /* Step 5: Create the second reader thread. */ + if (pthread_create (&reader2, NULL, reader2_func, NULL)) + UNEXPECTED (5); + /* Step 6: Release the baton. */ + if (pthread_mutex_unlock (&baton)) + UNEXPECTED (6); + /* Step 7: The writer thread requests the lock. */ + if (pthread_rwlock_wrlock (&lock)) + UNEXPECTED (7); + return NULL; +} + +int +main () +{ + reader1 = pthread_self (); + + /* Step 1: The main thread initializes the lock and the baton. */ + if (pthread_rwlock_init (&lock, NULL)) + UNEXPECTED (1); + if (pthread_mutex_init (&baton, NULL)) + UNEXPECTED (1); + /* Step 2: The main thread acquires the lock as a reader. */ + if (pthread_rwlock_rdlock (&lock)) + UNEXPECTED (2); + /* Step 3: Create the writer thread. */ + if (pthread_create (&writer, NULL, writer_func, NULL)) + UNEXPECTED (3); + /* Job done. Go to sleep. */ + for (;;) + { + sleep (1); + } +} + +_ACEOF +if ac_fn_c_try_run "$LINENO"; then : + gl_cv_pthread_rwlock_rdlock_prefer_writer=yes +else + gl_cv_pthread_rwlock_rdlock_prefer_writer=no +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + + LIBS="$save_LIBS" + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_pthread_rwlock_rdlock_prefer_writer" >&5 +$as_echo "$gl_cv_pthread_rwlock_rdlock_prefer_writer" >&6; } + case "$gl_cv_pthread_rwlock_rdlock_prefer_writer" in + *yes) + +$as_echo "#define HAVE_PTHREAD_RWLOCK_RDLOCK_PREFER_WRITER 1" >>confdefs.h + + ;; + esac + + fi + # glibc defines PTHREAD_MUTEX_RECURSIVE as enum, not as a macro. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + #include +int +main () +{ + +#if __FreeBSD__ == 4 +error "No, in FreeBSD 4.0 recursive mutexes actually don't work." +#elif (defined __ENVIRONMENT_MAC_OS_X_VERSION_MIN_REQUIRED__ \ + && __ENVIRONMENT_MAC_OS_X_VERSION_MIN_REQUIRED__ < 1070) +error "No, in Mac OS X < 10.7 recursive mutexes actually don't work." +#else +int x = (int)PTHREAD_MUTEX_RECURSIVE; +return !x; +#endif + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + +$as_echo "#define HAVE_PTHREAD_MUTEX_RECURSIVE 1" >>confdefs.h + +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + fi + : + + + +cat >>confdefs.h <<_ACEOF +#define GNULIB_LOCK $gl_module_indicator_condition +_ACEOF + + + + + + + if test $ac_cv_func_lstat = yes; then + + case $host_os,$gl_cv_func_lstat_dereferences_slashed_symlink in + solaris* | *no) + REPLACE_LSTAT=1 + ;; + esac + else + HAVE_LSTAT=0 + fi + + if test $REPLACE_LSTAT = 1; then + + + + + + + + + gltests_LIBOBJS="$gltests_LIBOBJS lstat.$ac_objext" + + : + fi + + + + + + if test "$GNULIB_LSTAT" != 1; then + if test "$GNULIB_LSTAT" = 0; then + GNULIB_LSTAT=$gl_module_indicator_condition + else + GNULIB_LSTAT="($GNULIB_LSTAT || $gl_module_indicator_condition)" + fi + fi + + + + + +$as_echo "#define GNULIB_TEST_LSTAT 1" >>confdefs.h + + + + + + + + + + + # Check for mmap(). Don't use AC_FUNC_MMAP, because it checks too much: it + # fails on HP-UX 11, because MAP_FIXED mappings do not work. But this is + # irrelevant for anonymous mappings. + ac_fn_c_check_func "$LINENO" "mmap" "ac_cv_func_mmap" +if test "x$ac_cv_func_mmap" = xyes; then : + gl_have_mmap=yes +else + gl_have_mmap=no +fi + + + # Try to allow MAP_ANONYMOUS. + gl_have_mmap_anonymous=no + if test $gl_have_mmap = yes; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for MAP_ANONYMOUS" >&5 +$as_echo_n "checking for MAP_ANONYMOUS... " >&6; } + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#ifdef MAP_ANONYMOUS + I cannot identify this map +#endif + +_ACEOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + $EGREP "I cannot identify this map" >/dev/null 2>&1; then : + gl_have_mmap_anonymous=yes +fi +rm -f conftest* + + if test $gl_have_mmap_anonymous != yes; then + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#ifdef MAP_ANON + I cannot identify this map +#endif + +_ACEOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + $EGREP "I cannot identify this map" >/dev/null 2>&1; then : + +$as_echo "#define MAP_ANONYMOUS MAP_ANON" >>confdefs.h + + gl_have_mmap_anonymous=yes +fi +rm -f conftest* + + fi + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_have_mmap_anonymous" >&5 +$as_echo "$gl_have_mmap_anonymous" >&6; } + if test $gl_have_mmap_anonymous = yes; then + +$as_echo "#define HAVE_MAP_ANONYMOUS 1" >>confdefs.h + + fi + fi + + + + + + + + + + + + + + nanosleep_save_libs=$LIBS + + # Solaris 2.5.1 needs -lposix4 to get the nanosleep function. + # Solaris 7 prefers the library name -lrt to the obsolescent name -lposix4. + LIB_NANOSLEEP= + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing nanosleep" >&5 +$as_echo_n "checking for library containing nanosleep... " >&6; } +if ${ac_cv_search_nanosleep+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_func_search_save_LIBS=$LIBS +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char nanosleep (); +int +main () +{ +return nanosleep (); + ; + return 0; +} +_ACEOF +for ac_lib in '' rt posix4; do + if test -z "$ac_lib"; then + ac_res="none required" + else + ac_res=-l$ac_lib + LIBS="-l$ac_lib $ac_func_search_save_LIBS" + fi + if ac_fn_c_try_link "$LINENO"; then : + ac_cv_search_nanosleep=$ac_res +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext + if ${ac_cv_search_nanosleep+:} false; then : + break +fi +done +if ${ac_cv_search_nanosleep+:} false; then : + +else + ac_cv_search_nanosleep=no +fi +rm conftest.$ac_ext +LIBS=$ac_func_search_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_nanosleep" >&5 +$as_echo "$ac_cv_search_nanosleep" >&6; } +ac_res=$ac_cv_search_nanosleep +if test "$ac_res" != no; then : + test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" + test "$ac_cv_search_nanosleep" = "none required" || + LIB_NANOSLEEP=$ac_cv_search_nanosleep +fi + + if test "x$ac_cv_search_nanosleep" != xno; then + + + if test $APPLE_UNIVERSAL_BUILD = 1; then + # A universal build on Apple Mac OS X platforms. + # The test result would be 'no (mishandles large arguments)' in 64-bit + # mode but 'yes' in 32-bit mode. But we need a configuration result that + # is valid in both modes. + gl_cv_func_nanosleep='no (mishandles large arguments)' + fi + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for working nanosleep" >&5 +$as_echo_n "checking for working nanosleep... " >&6; } +if ${gl_cv_func_nanosleep+:} false; then : + $as_echo_n "(cached) " >&6 +else + + if test "$cross_compiling" = yes; then : + case "$host_os" in linux*) # Guess it halfway works when the kernel is Linux. + gl_cv_func_nanosleep='guessing no (mishandles large arguments)' ;; + mingw*) # Guess no on native Windows. + gl_cv_func_nanosleep='guessing no' ;; + *) # If we don't know, assume the worst. + gl_cv_func_nanosleep='guessing no' ;; + esac + +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + #include + #include + #include + #if HAVE_SYS_TIME_H + #include + #endif + #include + #include + #define TYPE_SIGNED(t) (! ((t) 0 < (t) -1)) + #define TYPE_MAXIMUM(t) \ + ((t) (! TYPE_SIGNED (t) \ + ? (t) -1 \ + : ((((t) 1 << (sizeof (t) * CHAR_BIT - 2)) - 1) * 2 + 1))) + + #if HAVE_DECL_ALARM + static void + check_for_SIGALRM (int sig) + { + if (sig != SIGALRM) + _exit (1); + } + #endif + + int + main () + { + static struct timespec ts_sleep; + static struct timespec ts_remaining; + /* Test for major problems first. */ + if (! nanosleep) + return 2; + ts_sleep.tv_sec = 0; + ts_sleep.tv_nsec = 1; + #if HAVE_DECL_ALARM + { + static struct sigaction act; + act.sa_handler = check_for_SIGALRM; + sigemptyset (&act.sa_mask); + sigaction (SIGALRM, &act, NULL); + alarm (1); + if (nanosleep (&ts_sleep, NULL) != 0) + return 3; + /* Test for a minor problem: the handling of large arguments. */ + ts_sleep.tv_sec = TYPE_MAXIMUM (time_t); + ts_sleep.tv_nsec = 999999999; + alarm (1); + if (nanosleep (&ts_sleep, &ts_remaining) != -1) + return 4; + if (errno != EINTR) + return 5; + if (ts_remaining.tv_sec <= TYPE_MAXIMUM (time_t) - 10) + return 6; + } + #else /* A simpler test for native Windows. */ + if (nanosleep (&ts_sleep, &ts_remaining) < 0) + return 3; + #endif + return 0; + } +_ACEOF +if ac_fn_c_try_run "$LINENO"; then : + gl_cv_func_nanosleep=yes +else + case $? in 4|5|6) gl_cv_func_nanosleep='no (mishandles large arguments)';; *) gl_cv_func_nanosleep=no;; + esac +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_func_nanosleep" >&5 +$as_echo "$gl_cv_func_nanosleep" >&6; } + case "$gl_cv_func_nanosleep" in + *yes) + REPLACE_NANOSLEEP=0 + ;; + *) + REPLACE_NANOSLEEP=1 + case "$gl_cv_func_nanosleep" in + *"mishandles large arguments"*) + +$as_echo "#define HAVE_BUG_BIG_NANOSLEEP 1" >>confdefs.h + + ;; + *) + # The replacement uses select(). Add $LIBSOCKET to $LIB_NANOSLEEP. + for ac_lib in $LIBSOCKET; do + case " $LIB_NANOSLEEP " in + *" $ac_lib "*) ;; + *) LIB_NANOSLEEP="$LIB_NANOSLEEP $ac_lib";; + esac + done + ;; + esac + ;; + esac + else + HAVE_NANOSLEEP=0 + fi + LIBS=$nanosleep_save_libs + + if test $HAVE_NANOSLEEP = 0 || test $REPLACE_NANOSLEEP = 1; then + + + + + + + + + gltests_LIBOBJS="$gltests_LIBOBJS nanosleep.$ac_objext" + + + + : + + fi + + + + + + if test "$GNULIB_NANOSLEEP" != 1; then + if test "$GNULIB_NANOSLEEP" = 0; then + GNULIB_NANOSLEEP=$gl_module_indicator_condition + else + GNULIB_NANOSLEEP="($GNULIB_NANOSLEEP || $gl_module_indicator_condition)" + fi + fi + + + + + +$as_echo "#define GNULIB_TEST_NANOSLEEP 1" >>confdefs.h + + + + + + + + case "$host_os" in + mingw* | pw*) + REPLACE_OPEN=1 + ;; + *) + + if test "$gl_cv_macro_O_CLOEXEC" != yes; then + REPLACE_OPEN=1 + fi + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether open recognizes a trailing slash" >&5 +$as_echo_n "checking whether open recognizes a trailing slash... " >&6; } +if ${gl_cv_func_open_slash+:} false; then : + $as_echo_n "(cached) " >&6 +else + # Assume that if we have lstat, we can also check symlinks. + if test $ac_cv_func_lstat = yes; then + touch conftest.tmp + ln -s conftest.tmp conftest.lnk + fi + if test "$cross_compiling" = yes; then : + + case "$host_os" in + freebsd* | aix* | hpux* | solaris2.[0-9] | solaris2.[0-9].*) + gl_cv_func_open_slash="guessing no" ;; + *) + gl_cv_func_open_slash="guessing yes" ;; + esac + +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#if HAVE_UNISTD_H +# include +#endif +int main () +{ + int result = 0; +#if HAVE_LSTAT + if (open ("conftest.lnk/", O_RDONLY) != -1) + result |= 1; +#endif + if (open ("conftest.sl/", O_CREAT, 0600) >= 0) + result |= 2; + return result; +} +_ACEOF +if ac_fn_c_try_run "$LINENO"; then : + gl_cv_func_open_slash=yes +else + gl_cv_func_open_slash=no +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + + rm -f conftest.sl conftest.tmp conftest.lnk + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_func_open_slash" >&5 +$as_echo "$gl_cv_func_open_slash" >&6; } + case "$gl_cv_func_open_slash" in + *no) + +$as_echo "#define OPEN_TRAILING_SLASH_BUG 1" >>confdefs.h + + REPLACE_OPEN=1 + ;; + esac + ;; + esac + + + + if test $REPLACE_OPEN = 1; then + + + + + + + + + gltests_LIBOBJS="$gltests_LIBOBJS open.$ac_objext" + + + + : + + fi + + + + + + if test "$GNULIB_OPEN" != 1; then + if test "$GNULIB_OPEN" = 0; then + GNULIB_OPEN=$gl_module_indicator_condition + else + GNULIB_OPEN="($GNULIB_OPEN || $gl_module_indicator_condition)" + fi + fi + + + + + +$as_echo "#define GNULIB_TEST_OPEN 1" >>confdefs.h + + + + + + + + + if test "$ERRNO_H:$REPLACE_STRERROR_0" != :0; then + REPLACE_PERROR=1 + fi + case ${gl_cv_func_strerror_r_works-unset} in + unset|*yes) + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether perror matches strerror" >&5 +$as_echo_n "checking whether perror matches strerror... " >&6; } +if ${gl_cv_func_perror_works+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test "$cross_compiling" = yes; then : + case "$host_os" in + # Guess yes on musl systems. + *-musl*) gl_cv_func_perror_works="guessing yes" ;; + # Guess yes on native Windows. + mingw*) gl_cv_func_perror_works="guessing yes" ;; + # Otherwise guess no. + *) gl_cv_func_perror_works="guessing no" ;; + esac + +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + #include + #include + #include + +int +main () +{ +char *str = strerror (-1); + if (!getenv("CONFTEST_OUTPUT")) return 0; + if (!str) str = ""; + puts (str); + errno = -1; + perror (""); + return 0; + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_run "$LINENO"; then : + if CONFTEST_OUTPUT=1 ./conftest$EXEEXT >conftest.txt1 2>conftest.txt2 \ + && cmp conftest.txt1 conftest.txt2 >/dev/null; then + gl_cv_func_perror_works=yes + else + gl_cv_func_perror_works=no + fi + rm -rf conftest.txt1 conftest.txt2 +else + gl_cv_func_perror_works=no +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_func_perror_works" >&5 +$as_echo "$gl_cv_func_perror_works" >&6; } + case "$gl_cv_func_perror_works" in + *yes) ;; + *) REPLACE_PERROR=1 ;; + esac + ;; + *) + REPLACE_PERROR=1 + ;; + esac + + if test $REPLACE_PERROR = 1; then + + + + + + + + + gltests_LIBOBJS="$gltests_LIBOBJS perror.$ac_objext" + + fi + + + + + + if test "$GNULIB_PERROR" != 1; then + if test "$GNULIB_PERROR" = 0; then + GNULIB_PERROR=$gl_module_indicator_condition + else + GNULIB_PERROR="($GNULIB_PERROR || $gl_module_indicator_condition)" + fi + fi + + + + + +$as_echo "#define GNULIB_TEST_PERROR 1" >>confdefs.h + + + + + + + + if test $ac_cv_func_pipe != yes; then + HAVE_PIPE=0 + fi + + if test $HAVE_PIPE = 0; then + + + + + + + + + gltests_LIBOBJS="$gltests_LIBOBJS pipe.$ac_objext" + + fi + + + + + + if test "$GNULIB_PIPE" != 1; then + if test "$GNULIB_PIPE" = 0; then + GNULIB_PIPE=$gl_module_indicator_condition + else + GNULIB_PIPE="($GNULIB_PIPE || $gl_module_indicator_condition)" + fi + fi + + + + + +$as_echo "#define GNULIB_TEST_PIPE 1" >>confdefs.h + + + + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for putenv compatible with GNU and SVID" >&5 +$as_echo_n "checking for putenv compatible with GNU and SVID... " >&6; } +if ${gl_cv_func_svid_putenv+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test "$cross_compiling" = yes; then : + case "$host_os" in + # Guess yes on glibc systems. + *-gnu* | gnu*) gl_cv_func_svid_putenv="guessing yes" ;; + # Guess yes on musl systems. + *-musl*) gl_cv_func_svid_putenv="guessing yes" ;; + # Guess no on native Windows. + mingw*) gl_cv_func_svid_putenv="guessing no" ;; + # If we don't know, assume the worst. + *) gl_cv_func_svid_putenv="guessing no" ;; + esac + +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +$ac_includes_default +int +main () +{ + + /* Put it in env. */ + if (putenv ("CONFTEST_putenv=val")) + return 1; + + /* Try to remove it. */ + if (putenv ("CONFTEST_putenv")) + return 2; + + /* Make sure it was deleted. */ + if (getenv ("CONFTEST_putenv") != 0) + return 3; + + return 0; + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_run "$LINENO"; then : + gl_cv_func_svid_putenv=yes +else + gl_cv_func_svid_putenv=no +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_func_svid_putenv" >&5 +$as_echo "$gl_cv_func_svid_putenv" >&6; } + case "$gl_cv_func_svid_putenv" in + *yes) ;; + *) + REPLACE_PUTENV=1 + ;; + esac + + if test $REPLACE_PUTENV = 1; then + + + + + + + + + gltests_LIBOBJS="$gltests_LIBOBJS putenv.$ac_objext" + + + ac_fn_c_check_decl "$LINENO" "_putenv" "ac_cv_have_decl__putenv" "$ac_includes_default" +if test "x$ac_cv_have_decl__putenv" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 +fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL__PUTENV $ac_have_decl +_ACEOF + + + fi + + + + + + if test "$GNULIB_PUTENV" != 1; then + if test "$GNULIB_PUTENV" = 0; then + GNULIB_PUTENV=$gl_module_indicator_condition + else + GNULIB_PUTENV="($GNULIB_PUTENV || $gl_module_indicator_condition)" + fi + fi + + + + + +$as_echo "#define GNULIB_TEST_PUTENV 1" >>confdefs.h + + + + + + + for ac_func in raise +do : + ac_fn_c_check_func "$LINENO" "raise" "ac_cv_func_raise" +if test "x$ac_cv_func_raise" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_RAISE 1 +_ACEOF + +fi +done + + if test $ac_cv_func_raise = no; then + HAVE_RAISE=0 + else + + + if test $HAVE_MSVC_INVALID_PARAMETER_HANDLER = 1; then + REPLACE_RAISE=1 + fi + + + + + + if test $gl_cv_type_sigset_t = yes; then + ac_fn_c_check_func "$LINENO" "sigprocmask" "ac_cv_func_sigprocmask" +if test "x$ac_cv_func_sigprocmask" = xyes; then : + gl_cv_func_sigprocmask=1 +fi + + fi + if test -z "$gl_cv_func_sigprocmask"; then + HAVE_POSIX_SIGNALBLOCKING=0 + fi + + if test $HAVE_POSIX_SIGNALBLOCKING = 0; then + : + fi + + fi + + if test $HAVE_RAISE = 0 || test $REPLACE_RAISE = 1; then + + + + + + + + + gltests_LIBOBJS="$gltests_LIBOBJS raise.$ac_objext" + + : + fi + + + + + + if test "$GNULIB_RAISE" != 1; then + if test "$GNULIB_RAISE" = 0; then + GNULIB_RAISE=$gl_module_indicator_condition + else + GNULIB_RAISE="($GNULIB_RAISE || $gl_module_indicator_condition)" + fi + fi + + + + + +$as_echo "#define GNULIB_TEST_RAISE 1" >>confdefs.h + + + + + + + + if test "$ac_cv_header_winsock2_h" = yes; then + REPLACE_SELECT=1 + else + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether select supports a 0 argument" >&5 +$as_echo_n "checking whether select supports a 0 argument... " >&6; } +if ${gl_cv_func_select_supports0+:} false; then : + $as_echo_n "(cached) " >&6 +else + + if test "$cross_compiling" = yes; then : + + case "$host_os" in + # Guess no on Interix. + interix*) gl_cv_func_select_supports0="guessing no";; + # Guess yes otherwise. + *) gl_cv_func_select_supports0="guessing yes";; + esac + +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include +#if HAVE_SYS_SELECT_H +#include +#endif +int main () +{ + struct timeval timeout; + timeout.tv_sec = 0; + timeout.tv_usec = 5; + return select (0, (fd_set *)0, (fd_set *)0, (fd_set *)0, &timeout) < 0; +} +_ACEOF +if ac_fn_c_try_run "$LINENO"; then : + gl_cv_func_select_supports0=yes +else + gl_cv_func_select_supports0=no +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_func_select_supports0" >&5 +$as_echo "$gl_cv_func_select_supports0" >&6; } + case "$gl_cv_func_select_supports0" in + *yes) ;; + *) REPLACE_SELECT=1 ;; + esac + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether select detects invalid fds" >&5 +$as_echo_n "checking whether select detects invalid fds... " >&6; } +if ${gl_cv_func_select_detects_ebadf+:} false; then : + $as_echo_n "(cached) " >&6 +else + + if test "$cross_compiling" = yes; then : + + case "$host_os" in + # Guess yes on Linux systems. + linux-* | linux) gl_cv_func_select_detects_ebadf="guessing yes" ;; + # Guess yes on glibc systems. + *-gnu* | gnu*) gl_cv_func_select_detects_ebadf="guessing yes" ;; + # If we don't know, assume the worst. + *) gl_cv_func_select_detects_ebadf="guessing no" ;; + esac + +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include +#if HAVE_SYS_SELECT_H +# include +#endif +#include +#include + +int +main () +{ + + fd_set set; + dup2(0, 16); + FD_ZERO(&set); + FD_SET(16, &set); + close(16); + struct timeval timeout; + timeout.tv_sec = 0; + timeout.tv_usec = 5; + return select (17, &set, NULL, NULL, &timeout) != -1 || errno != EBADF; + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_run "$LINENO"; then : + gl_cv_func_select_detects_ebadf=yes +else + gl_cv_func_select_detects_ebadf=no +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_func_select_detects_ebadf" >&5 +$as_echo "$gl_cv_func_select_detects_ebadf" >&6; } + case $gl_cv_func_select_detects_ebadf in + *yes) ;; + *) REPLACE_SELECT=1 ;; + esac + fi + + LIB_SELECT="$LIBSOCKET" + if test $REPLACE_SELECT = 1; then + case "$host_os" in + mingw*) + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#define WIN32_LEAN_AND_MEAN +#include +int +main () +{ + MsgWaitForMultipleObjects (0, NULL, 0, 0, 0); + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + +else + LIB_SELECT="$LIB_SELECT -luser32" +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + ;; + esac + fi + + + if test $REPLACE_SELECT = 1; then + + + + + + + + + gltests_LIBOBJS="$gltests_LIBOBJS select.$ac_objext" + + fi + + + + + + if test "$GNULIB_SELECT" != 1; then + if test "$GNULIB_SELECT" = 0; then + GNULIB_SELECT=$gl_module_indicator_condition + else + GNULIB_SELECT="($GNULIB_SELECT || $gl_module_indicator_condition)" + fi + fi + + + + + +$as_echo "#define GNULIB_TEST_SELECT 1" >>confdefs.h + + + + + + + if test $ac_cv_func_setenv = no; then + HAVE_SETENV=0 + else + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether setenv validates arguments" >&5 +$as_echo_n "checking whether setenv validates arguments... " >&6; } +if ${gl_cv_func_setenv_works+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test "$cross_compiling" = yes; then : + case "$host_os" in + # Guess yes on glibc systems. + *-gnu* | gnu*) gl_cv_func_setenv_works="guessing yes" ;; + # Guess yes on musl systems. + *-musl*) gl_cv_func_setenv_works="guessing yes" ;; + # If we don't know, assume the worst. + *) gl_cv_func_setenv_works="guessing no" ;; + esac + +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + #include + #include + #include + +int +main () +{ + + int result = 0; + { + if (setenv ("", "", 0) != -1) + result |= 1; + else if (errno != EINVAL) + result |= 2; + } + { + if (setenv ("a", "=", 1) != 0) + result |= 4; + else if (strcmp (getenv ("a"), "=") != 0) + result |= 8; + } + return result; + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_run "$LINENO"; then : + gl_cv_func_setenv_works=yes +else + gl_cv_func_setenv_works=no +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_func_setenv_works" >&5 +$as_echo "$gl_cv_func_setenv_works" >&6; } + case "$gl_cv_func_setenv_works" in + *yes) ;; + *) + REPLACE_SETENV=1 + ;; + esac + fi + + if test $HAVE_SETENV = 0 || test $REPLACE_SETENV = 1; then + + + + + + + + + gltests_LIBOBJS="$gltests_LIBOBJS setenv.$ac_objext" + + fi + + + + + + if test "$GNULIB_SETENV" != 1; then + if test "$GNULIB_SETENV" = 0; then + GNULIB_SETENV=$gl_module_indicator_condition + else + GNULIB_SETENV="($GNULIB_SETENV || $gl_module_indicator_condition)" + fi + fi + + + + + +$as_echo "#define GNULIB_TEST_SETENV 1" >>confdefs.h + + + + + + + case "$host_os" in + mingw*) REPLACE_SETLOCALE=1 ;; + cygwin*) + case `uname -r` in + 1.5.*) REPLACE_SETLOCALE=1 ;; + esac + ;; + *) + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether setlocale supports the C locale" >&5 +$as_echo_n "checking whether setlocale supports the C locale... " >&6; } +if ${gl_cv_func_setlocale_works+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test "$cross_compiling" = yes; then : + case "$host_os" in + # Guess no on Android. + linux*-android*) gl_cv_func_setlocale_works="guessing no";; + # Guess yes otherwise. + *) gl_cv_func_setlocale_works="guessing yes";; + esac + +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +int main () +{ + return setlocale (LC_ALL, "C") == NULL; +} +_ACEOF +if ac_fn_c_try_run "$LINENO"; then : + gl_cv_func_setlocale_works=yes +else + gl_cv_func_setlocale_works=no +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_func_setlocale_works" >&5 +$as_echo "$gl_cv_func_setlocale_works" >&6; } + case "$gl_cv_func_setlocale_works" in + *yes) ;; + *) REPLACE_SETLOCALE=1 ;; + esac + ;; + esac + + if test $REPLACE_SETLOCALE = 1; then + + + + + + + + + gltests_LIBOBJS="$gltests_LIBOBJS setlocale.$ac_objext" + + + : + + fi + + + + + + if test "$GNULIB_SETLOCALE" != 1; then + if test "$GNULIB_SETLOCALE" = 0; then + GNULIB_SETLOCALE=$gl_module_indicator_condition + else + GNULIB_SETLOCALE="($GNULIB_SETLOCALE || $gl_module_indicator_condition)" + fi + fi + + + + + +$as_echo "#define GNULIB_TEST_SETLOCALE 1" >>confdefs.h + + + + + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for a traditional french locale" >&5 +$as_echo_n "checking for a traditional french locale... " >&6; } +if ${gt_cv_locale_fr+:} false; then : + $as_echo_n "(cached) " >&6 +else + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include +#if HAVE_LANGINFO_CODESET +# include +#endif +#include +#include +struct tm t; +char buf[16]; +int main () { + /* On BeOS and Haiku, locales are not implemented in libc. Rather, libintl + imitates locale dependent behaviour by looking at the environment + variables, and all locales use the UTF-8 encoding. */ +#if defined __BEOS__ || defined __HAIKU__ + return 1; +#else + /* Check whether the given locale name is recognized by the system. */ +# if defined _WIN32 && !defined __CYGWIN__ + /* On native Windows, setlocale(category, "") looks at the system settings, + not at the environment variables. Also, when an encoding suffix such + as ".65001" or ".54936" is specified, it succeeds but sets the LC_CTYPE + category of the locale to "C". */ + if (setlocale (LC_ALL, getenv ("LC_ALL")) == NULL + || strcmp (setlocale (LC_CTYPE, NULL), "C") == 0) + return 1; +# else + if (setlocale (LC_ALL, "") == NULL) return 1; +# endif + /* Check whether nl_langinfo(CODESET) is nonempty and not "ASCII" or "646". + On Mac OS X 10.3.5 (Darwin 7.5) in the fr_FR locale, nl_langinfo(CODESET) + is empty, and the behaviour of Tcl 8.4 in this locale is not useful. + On OpenBSD 4.0, when an unsupported locale is specified, setlocale() + succeeds but then nl_langinfo(CODESET) is "646". In this situation, + some unit tests fail. + On MirBSD 10, when an unsupported locale is specified, setlocale() + succeeds but then nl_langinfo(CODESET) is "UTF-8". */ +# if HAVE_LANGINFO_CODESET + { + const char *cs = nl_langinfo (CODESET); + if (cs[0] == '\0' || strcmp (cs, "ASCII") == 0 || strcmp (cs, "646") == 0 + || strcmp (cs, "UTF-8") == 0) + return 1; + } +# endif +# ifdef __CYGWIN__ + /* On Cygwin, avoid locale names without encoding suffix, because the + locale_charset() function relies on the encoding suffix. Note that + LC_ALL is set on the command line. */ + if (strchr (getenv ("LC_ALL"), '.') == NULL) return 1; +# endif + /* Check whether in the abbreviation of the second month, the second + character (should be U+00E9: LATIN SMALL LETTER E WITH ACUTE) is only + one byte long. This excludes the UTF-8 encoding. */ + t.tm_year = 1975 - 1900; t.tm_mon = 2 - 1; t.tm_mday = 4; + if (strftime (buf, sizeof (buf), "%b", &t) < 3 || buf[2] != 'v') return 1; +# if !defined __BIONIC__ /* Bionic libc's 'struct lconv' is just a dummy. */ + /* Check whether the decimal separator is a comma. + On NetBSD 3.0 in the fr_FR.ISO8859-1 locale, localeconv()->decimal_point + are nl_langinfo(RADIXCHAR) are both ".". */ + if (localeconv () ->decimal_point[0] != ',') return 1; +# endif + return 0; +#endif +} + +_ACEOF + if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_link\""; } >&5 + (eval $ac_link) 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } && test -s conftest$ac_exeext; then + case "$host_os" in + # Handle native Windows specially, because there setlocale() interprets + # "ar" as "Arabic" or "Arabic_Saudi Arabia.1256", + # "fr" or "fra" as "French" or "French_France.1252", + # "ge"(!) or "deu"(!) as "German" or "German_Germany.1252", + # "ja" as "Japanese" or "Japanese_Japan.932", + # and similar. + mingw*) + # Test for the native Windows locale name. + if (LC_ALL=French_France.1252 LC_TIME= LC_CTYPE= ./conftest; exit) 2>/dev/null; then + gt_cv_locale_fr=French_France.1252 + else + # None found. + gt_cv_locale_fr=none + fi + ;; + *) + # Setting LC_ALL is not enough. Need to set LC_TIME to empty, because + # otherwise on Mac OS X 10.3.5 the LC_TIME=C from the beginning of the + # configure script would override the LC_ALL setting. Likewise for + # LC_CTYPE, which is also set at the beginning of the configure script. + # Test for the usual locale name. + if (LC_ALL=fr_FR LC_TIME= LC_CTYPE= ./conftest; exit) 2>/dev/null; then + gt_cv_locale_fr=fr_FR + else + # Test for the locale name with explicit encoding suffix. + if (LC_ALL=fr_FR.ISO-8859-1 LC_TIME= LC_CTYPE= ./conftest; exit) 2>/dev/null; then + gt_cv_locale_fr=fr_FR.ISO-8859-1 + else + # Test for the AIX, OSF/1, FreeBSD, NetBSD, OpenBSD locale name. + if (LC_ALL=fr_FR.ISO8859-1 LC_TIME= LC_CTYPE= ./conftest; exit) 2>/dev/null; then + gt_cv_locale_fr=fr_FR.ISO8859-1 + else + # Test for the HP-UX locale name. + if (LC_ALL=fr_FR.iso88591 LC_TIME= LC_CTYPE= ./conftest; exit) 2>/dev/null; then + gt_cv_locale_fr=fr_FR.iso88591 + else + # Test for the Solaris 7 locale name. + if (LC_ALL=fr LC_TIME= LC_CTYPE= ./conftest; exit) 2>/dev/null; then + gt_cv_locale_fr=fr + else + # None found. + gt_cv_locale_fr=none + fi + fi + fi + fi + fi + ;; + esac + fi + rm -fr conftest* + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gt_cv_locale_fr" >&5 +$as_echo "$gt_cv_locale_fr" >&6; } + LOCALE_FR=$gt_cv_locale_fr + + + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for a french Unicode locale" >&5 +$as_echo_n "checking for a french Unicode locale... " >&6; } +if ${gt_cv_locale_fr_utf8+:} false; then : + $as_echo_n "(cached) " >&6 +else + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include +#if HAVE_LANGINFO_CODESET +# include +#endif +#include +#include +struct tm t; +char buf[16]; +int main () { + /* On BeOS and Haiku, locales are not implemented in libc. Rather, libintl + imitates locale dependent behaviour by looking at the environment + variables, and all locales use the UTF-8 encoding. */ +#if !(defined __BEOS__ || defined __HAIKU__) + /* Check whether the given locale name is recognized by the system. */ +# if defined _WIN32 && !defined __CYGWIN__ + /* On native Windows, setlocale(category, "") looks at the system settings, + not at the environment variables. Also, when an encoding suffix such + as ".65001" or ".54936" is specified, it succeeds but sets the LC_CTYPE + category of the locale to "C". */ + if (setlocale (LC_ALL, getenv ("LC_ALL")) == NULL + || strcmp (setlocale (LC_CTYPE, NULL), "C") == 0) + return 1; +# else + if (setlocale (LC_ALL, "") == NULL) return 1; +# endif + /* Check whether nl_langinfo(CODESET) is nonempty and not "ASCII" or "646". + On Mac OS X 10.3.5 (Darwin 7.5) in the fr_FR locale, nl_langinfo(CODESET) + is empty, and the behaviour of Tcl 8.4 in this locale is not useful. + On OpenBSD 4.0, when an unsupported locale is specified, setlocale() + succeeds but then nl_langinfo(CODESET) is "646". In this situation, + some unit tests fail. */ +# if HAVE_LANGINFO_CODESET + { + const char *cs = nl_langinfo (CODESET); + if (cs[0] == '\0' || strcmp (cs, "ASCII") == 0 || strcmp (cs, "646") == 0) + return 1; + } +# endif +# ifdef __CYGWIN__ + /* On Cygwin, avoid locale names without encoding suffix, because the + locale_charset() function relies on the encoding suffix. Note that + LC_ALL is set on the command line. */ + if (strchr (getenv ("LC_ALL"), '.') == NULL) return 1; +# endif + /* Check whether in the abbreviation of the second month, the second + character (should be U+00E9: LATIN SMALL LETTER E WITH ACUTE) is + two bytes long, with UTF-8 encoding. */ + t.tm_year = 1975 - 1900; t.tm_mon = 2 - 1; t.tm_mday = 4; + if (strftime (buf, sizeof (buf), "%b", &t) < 4 + || buf[1] != (char) 0xc3 || buf[2] != (char) 0xa9 || buf[3] != 'v') + return 1; +#endif +#if !defined __BIONIC__ /* Bionic libc's 'struct lconv' is just a dummy. */ + /* Check whether the decimal separator is a comma. + On NetBSD 3.0 in the fr_FR.ISO8859-1 locale, localeconv()->decimal_point + are nl_langinfo(RADIXCHAR) are both ".". */ + if (localeconv () ->decimal_point[0] != ',') return 1; +#endif + return 0; +} + +_ACEOF + if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_link\""; } >&5 + (eval $ac_link) 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } && test -s conftest$ac_exeext; then + case "$host_os" in + # Handle native Windows specially, because there setlocale() interprets + # "ar" as "Arabic" or "Arabic_Saudi Arabia.1256", + # "fr" or "fra" as "French" or "French_France.1252", + # "ge"(!) or "deu"(!) as "German" or "German_Germany.1252", + # "ja" as "Japanese" or "Japanese_Japan.932", + # and similar. + mingw*) + # Test for the hypothetical native Windows locale name. + if (LC_ALL=French_France.65001 LC_TIME= LC_CTYPE= ./conftest; exit) 2>/dev/null; then + gt_cv_locale_fr_utf8=French_France.65001 + else + # None found. + gt_cv_locale_fr_utf8=none + fi + ;; + *) + # Setting LC_ALL is not enough. Need to set LC_TIME to empty, because + # otherwise on Mac OS X 10.3.5 the LC_TIME=C from the beginning of the + # configure script would override the LC_ALL setting. Likewise for + # LC_CTYPE, which is also set at the beginning of the configure script. + # Test for the usual locale name. + if (LC_ALL=fr_FR LC_TIME= LC_CTYPE= ./conftest; exit) 2>/dev/null; then + gt_cv_locale_fr_utf8=fr_FR + else + # Test for the locale name with explicit encoding suffix. + if (LC_ALL=fr_FR.UTF-8 LC_TIME= LC_CTYPE= ./conftest; exit) 2>/dev/null; then + gt_cv_locale_fr_utf8=fr_FR.UTF-8 + else + # Test for the Solaris 7 locale name. + if (LC_ALL=fr.UTF-8 LC_TIME= LC_CTYPE= ./conftest; exit) 2>/dev/null; then + gt_cv_locale_fr_utf8=fr.UTF-8 + else + # None found. + gt_cv_locale_fr_utf8=none + fi + fi + fi + ;; + esac + fi + rm -fr conftest* + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gt_cv_locale_fr_utf8" >&5 +$as_echo "$gt_cv_locale_fr_utf8" >&6; } + LOCALE_FR_UTF8=$gt_cv_locale_fr_utf8 + + + + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for a traditional japanese locale" >&5 +$as_echo_n "checking for a traditional japanese locale... " >&6; } +if ${gt_cv_locale_ja+:} false; then : + $as_echo_n "(cached) " >&6 +else + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include +#if HAVE_LANGINFO_CODESET +# include +#endif +#include +#include +struct tm t; +char buf[16]; +int main () +{ + /* On BeOS and Haiku, locales are not implemented in libc. Rather, libintl + imitates locale dependent behaviour by looking at the environment + variables, and all locales use the UTF-8 encoding. */ +#if defined __BEOS__ || defined __HAIKU__ + return 1; +#else + /* Check whether the given locale name is recognized by the system. */ +# if defined _WIN32 && !defined __CYGWIN__ + /* On native Windows, setlocale(category, "") looks at the system settings, + not at the environment variables. Also, when an encoding suffix such + as ".65001" or ".54936" is specified, it succeeds but sets the LC_CTYPE + category of the locale to "C". */ + if (setlocale (LC_ALL, getenv ("LC_ALL")) == NULL + || strcmp (setlocale (LC_CTYPE, NULL), "C") == 0) + return 1; +# else + if (setlocale (LC_ALL, "") == NULL) return 1; +# endif + /* Check whether nl_langinfo(CODESET) is nonempty and not "ASCII" or "646". + On Mac OS X 10.3.5 (Darwin 7.5) in the fr_FR locale, nl_langinfo(CODESET) + is empty, and the behaviour of Tcl 8.4 in this locale is not useful. + On OpenBSD 4.0, when an unsupported locale is specified, setlocale() + succeeds but then nl_langinfo(CODESET) is "646". In this situation, + some unit tests fail. + On MirBSD 10, when an unsupported locale is specified, setlocale() + succeeds but then nl_langinfo(CODESET) is "UTF-8". */ +# if HAVE_LANGINFO_CODESET + { + const char *cs = nl_langinfo (CODESET); + if (cs[0] == '\0' || strcmp (cs, "ASCII") == 0 || strcmp (cs, "646") == 0 + || strcmp (cs, "UTF-8") == 0) + return 1; + } +# endif +# ifdef __CYGWIN__ + /* On Cygwin, avoid locale names without encoding suffix, because the + locale_charset() function relies on the encoding suffix. Note that + LC_ALL is set on the command line. */ + if (strchr (getenv ("LC_ALL"), '.') == NULL) return 1; +# endif + /* Check whether MB_CUR_MAX is > 1. This excludes the dysfunctional locales + on Cygwin 1.5.x. */ + if (MB_CUR_MAX == 1) + return 1; + /* Check whether in a month name, no byte in the range 0x80..0x9F occurs. + This excludes the UTF-8 encoding (except on MirBSD). */ + { + const char *p; + t.tm_year = 1975 - 1900; t.tm_mon = 2 - 1; t.tm_mday = 4; + if (strftime (buf, sizeof (buf), "%B", &t) < 2) return 1; + for (p = buf; *p != '\0'; p++) + if ((unsigned char) *p >= 0x80 && (unsigned char) *p < 0xa0) + return 1; + } + return 0; +#endif +} + +_ACEOF + if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_link\""; } >&5 + (eval $ac_link) 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } && test -s conftest$ac_exeext; then + case "$host_os" in + # Handle native Windows specially, because there setlocale() interprets + # "ar" as "Arabic" or "Arabic_Saudi Arabia.1256", + # "fr" or "fra" as "French" or "French_France.1252", + # "ge"(!) or "deu"(!) as "German" or "German_Germany.1252", + # "ja" as "Japanese" or "Japanese_Japan.932", + # and similar. + mingw*) + # Note that on native Windows, the Japanese locale is + # Japanese_Japan.932, and CP932 is very different from EUC-JP, so we + # cannot use it here. + gt_cv_locale_ja=none + ;; + *) + # Setting LC_ALL is not enough. Need to set LC_TIME to empty, because + # otherwise on Mac OS X 10.3.5 the LC_TIME=C from the beginning of the + # configure script would override the LC_ALL setting. Likewise for + # LC_CTYPE, which is also set at the beginning of the configure script. + # Test for the AIX locale name. + if (LC_ALL=ja_JP LC_TIME= LC_CTYPE= ./conftest; exit) 2>/dev/null; then + gt_cv_locale_ja=ja_JP + else + # Test for the locale name with explicit encoding suffix. + if (LC_ALL=ja_JP.EUC-JP LC_TIME= LC_CTYPE= ./conftest; exit) 2>/dev/null; then + gt_cv_locale_ja=ja_JP.EUC-JP + else + # Test for the HP-UX, OSF/1, NetBSD locale name. + if (LC_ALL=ja_JP.eucJP LC_TIME= LC_CTYPE= ./conftest; exit) 2>/dev/null; then + gt_cv_locale_ja=ja_JP.eucJP + else + # Test for the IRIX, FreeBSD locale name. + if (LC_ALL=ja_JP.EUC LC_TIME= LC_CTYPE= ./conftest; exit) 2>/dev/null; then + gt_cv_locale_ja=ja_JP.EUC + else + # Test for the Solaris 7 locale name. + if (LC_ALL=ja LC_TIME= LC_CTYPE= ./conftest; exit) 2>/dev/null; then + gt_cv_locale_ja=ja + else + # Special test for NetBSD 1.6. + if test -f /usr/share/locale/ja_JP.eucJP/LC_CTYPE; then + gt_cv_locale_ja=ja_JP.eucJP + else + # None found. + gt_cv_locale_ja=none + fi + fi + fi + fi + fi + fi + ;; + esac + fi + rm -fr conftest* + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gt_cv_locale_ja" >&5 +$as_echo "$gt_cv_locale_ja" >&6; } + LOCALE_JA=$gt_cv_locale_ja + + + + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for a transitional chinese locale" >&5 +$as_echo_n "checking for a transitional chinese locale... " >&6; } +if ${gt_cv_locale_zh_CN+:} false; then : + $as_echo_n "(cached) " >&6 +else + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include +#include +#if HAVE_LANGINFO_CODESET +# include +#endif +#include +#include +struct tm t; +char buf[16]; +int main () +{ + /* On BeOS and Haiku, locales are not implemented in libc. Rather, libintl + imitates locale dependent behaviour by looking at the environment + variables, and all locales use the UTF-8 encoding. */ +#if defined __BEOS__ || defined __HAIKU__ + return 1; +#else + /* Check whether the given locale name is recognized by the system. */ +# if defined _WIN32 && !defined __CYGWIN__ + /* On native Windows, setlocale(category, "") looks at the system settings, + not at the environment variables. Also, when an encoding suffix such + as ".65001" or ".54936" is specified, it succeeds but sets the LC_CTYPE + category of the locale to "C". */ + if (setlocale (LC_ALL, getenv ("LC_ALL")) == NULL + || strcmp (setlocale (LC_CTYPE, NULL), "C") == 0) + return 1; +# else + if (setlocale (LC_ALL, "") == NULL) return 1; +# endif + /* Check whether nl_langinfo(CODESET) is nonempty and not "ASCII" or "646". + On Mac OS X 10.3.5 (Darwin 7.5) in the fr_FR locale, nl_langinfo(CODESET) + is empty, and the behaviour of Tcl 8.4 in this locale is not useful. + On OpenBSD 4.0, when an unsupported locale is specified, setlocale() + succeeds but then nl_langinfo(CODESET) is "646". In this situation, + some unit tests fail. + On MirBSD 10, when an unsupported locale is specified, setlocale() + succeeds but then nl_langinfo(CODESET) is "UTF-8". */ +# if HAVE_LANGINFO_CODESET + { + const char *cs = nl_langinfo (CODESET); + if (cs[0] == '\0' || strcmp (cs, "ASCII") == 0 || strcmp (cs, "646") == 0 + || strcmp (cs, "UTF-8") == 0) + return 1; + } +# endif +# ifdef __CYGWIN__ + /* On Cygwin, avoid locale names without encoding suffix, because the + locale_charset() function relies on the encoding suffix. Note that + LC_ALL is set on the command line. */ + if (strchr (getenv ("LC_ALL"), '.') == NULL) return 1; +# endif + /* Check whether in a month name, no byte in the range 0x80..0x9F occurs. + This excludes the UTF-8 encoding (except on MirBSD). */ + { + const char *p; + t.tm_year = 1975 - 1900; t.tm_mon = 2 - 1; t.tm_mday = 4; + if (strftime (buf, sizeof (buf), "%B", &t) < 2) return 1; + for (p = buf; *p != '\0'; p++) + if ((unsigned char) *p >= 0x80 && (unsigned char) *p < 0xa0) + return 1; + } + /* Check whether a typical GB18030 multibyte sequence is recognized as a + single wide character. This excludes the GB2312 and GBK encodings. */ + if (mblen ("\203\062\332\066", 5) != 4) + return 1; + return 0; +#endif +} + +_ACEOF + if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_link\""; } >&5 + (eval $ac_link) 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } && test -s conftest$ac_exeext; then + case "$host_os" in + # Handle native Windows specially, because there setlocale() interprets + # "ar" as "Arabic" or "Arabic_Saudi Arabia.1256", + # "fr" or "fra" as "French" or "French_France.1252", + # "ge"(!) or "deu"(!) as "German" or "German_Germany.1252", + # "ja" as "Japanese" or "Japanese_Japan.932", + # and similar. + mingw*) + # Test for the hypothetical native Windows locale name. + if (LC_ALL=Chinese_China.54936 LC_TIME= LC_CTYPE= ./conftest; exit) 2>/dev/null; then + gt_cv_locale_zh_CN=Chinese_China.54936 + else + # None found. + gt_cv_locale_zh_CN=none + fi + ;; + solaris2.8) + # On Solaris 8, the locales zh_CN.GB18030, zh_CN.GBK, zh.GBK are + # broken. One witness is the test case in gl_MBRTOWC_SANITYCHECK. + # Another witness is that "LC_ALL=zh_CN.GB18030 bash -c true" dumps core. + gt_cv_locale_zh_CN=none + ;; + *) + # Setting LC_ALL is not enough. Need to set LC_TIME to empty, because + # otherwise on Mac OS X 10.3.5 the LC_TIME=C from the beginning of the + # configure script would override the LC_ALL setting. Likewise for + # LC_CTYPE, which is also set at the beginning of the configure script. + # Test for the locale name without encoding suffix. + if (LC_ALL=zh_CN LC_TIME= LC_CTYPE= ./conftest; exit) 2>/dev/null; then + gt_cv_locale_zh_CN=zh_CN + else + # Test for the locale name with explicit encoding suffix. + if (LC_ALL=zh_CN.GB18030 LC_TIME= LC_CTYPE= ./conftest; exit) 2>/dev/null; then + gt_cv_locale_zh_CN=zh_CN.GB18030 + else + # None found. + gt_cv_locale_zh_CN=none + fi + fi + ;; + esac + else + # If there was a link error, due to mblen(), the system is so old that + # it certainly doesn't have a chinese locale. + gt_cv_locale_zh_CN=none + fi + rm -fr conftest* + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gt_cv_locale_zh_CN" >&5 +$as_echo "$gt_cv_locale_zh_CN" >&6; } + LOCALE_ZH_CN=$gt_cv_locale_zh_CN + + + + + + if test $ac_cv_func_sigaction = yes; then + ac_fn_c_check_member "$LINENO" "struct sigaction" "sa_sigaction" "ac_cv_member_struct_sigaction_sa_sigaction" "#include +" +if test "x$ac_cv_member_struct_sigaction_sa_sigaction" = xyes; then : + +cat >>confdefs.h <<_ACEOF +#define HAVE_STRUCT_SIGACTION_SA_SIGACTION 1 +_ACEOF + + +fi + + if test $ac_cv_member_struct_sigaction_sa_sigaction = no; then + HAVE_STRUCT_SIGACTION_SA_SIGACTION=0 + fi + else + HAVE_SIGACTION=0 + fi + + if test $HAVE_SIGACTION = 0; then + + + + + + + + + gltests_LIBOBJS="$gltests_LIBOBJS sigaction.$ac_objext" + + + + + + + + ac_fn_c_check_type "$LINENO" "siginfo_t" "ac_cv_type_siginfo_t" " +#include + +" +if test "x$ac_cv_type_siginfo_t" = xyes; then : + +cat >>confdefs.h <<_ACEOF +#define HAVE_SIGINFO_T 1 +_ACEOF + + +fi + + if test $ac_cv_type_siginfo_t = no; then + HAVE_SIGINFO_T=0 + fi + + fi + + + + + + if test "$GNULIB_SIGACTION" != 1; then + if test "$GNULIB_SIGACTION" = 0; then + GNULIB_SIGACTION=$gl_module_indicator_condition + else + GNULIB_SIGACTION="($GNULIB_SIGACTION || $gl_module_indicator_condition)" + fi + fi + + + + + +$as_echo "#define GNULIB_TEST_SIGACTION 1" >>confdefs.h + + + + + + + + + + + + + + + if test $gl_cv_have_include_next = yes; then + gl_cv_next_signal_h='<'signal.h'>' + else + { $as_echo "$as_me:${as_lineno-$LINENO}: checking absolute name of " >&5 +$as_echo_n "checking absolute name of ... " >&6; } +if ${gl_cv_next_signal_h+:} false; then : + $as_echo_n "(cached) " >&6 +else + + + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +_ACEOF + case "$host_os" in + aix*) gl_absname_cpp="$ac_cpp -C" ;; + *) gl_absname_cpp="$ac_cpp" ;; + esac + + case "$host_os" in + mingw*) + gl_dirsep_regex='[/\\]' + ;; + *) + gl_dirsep_regex='\/' + ;; + esac + gl_make_literal_regex_sed='s,[]$^\\.*/[],\\&,g' + gl_header_literal_regex=`echo 'signal.h' \ + | sed -e "$gl_make_literal_regex_sed"` + gl_absolute_header_sed="/${gl_dirsep_regex}${gl_header_literal_regex}/"'{ + s/.*"\(.*'"${gl_dirsep_regex}${gl_header_literal_regex}"'\)".*/\1/ + s|^/[^/]|//&| + p + q + }' + + gl_cv_absolute_signal_h=`(eval "$gl_absname_cpp conftest.$ac_ext") 2>&5 | + sed -n "$gl_absolute_header_sed"` + + gl_header=$gl_cv_absolute_signal_h + gl_cv_next_signal_h='"'$gl_header'"' + + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_next_signal_h" >&5 +$as_echo "$gl_cv_next_signal_h" >&6; } + fi + NEXT_SIGNAL_H=$gl_cv_next_signal_h + + if test $gl_cv_have_include_next = yes || test $gl_cv_have_include_next = buggy; then + # INCLUDE_NEXT_AS_FIRST_DIRECTIVE='include_next' + gl_next_as_first_directive='<'signal.h'>' + else + # INCLUDE_NEXT_AS_FIRST_DIRECTIVE='include' + gl_next_as_first_directive=$gl_cv_next_signal_h + fi + NEXT_AS_FIRST_DIRECTIVE_SIGNAL_H=$gl_next_as_first_directive + + + + + +# AIX declares sig_atomic_t to already include volatile, and C89 compilers +# then choke on 'volatile sig_atomic_t'. C99 requires that it compile. + ac_fn_c_check_type "$LINENO" "volatile sig_atomic_t" "ac_cv_type_volatile_sig_atomic_t" " +#include + +" +if test "x$ac_cv_type_volatile_sig_atomic_t" = xyes; then : + +else + HAVE_TYPE_VOLATILE_SIG_ATOMIC_T=0 +fi + + + + + + + + ac_fn_c_check_type "$LINENO" "sighandler_t" "ac_cv_type_sighandler_t" " +#include + +" +if test "x$ac_cv_type_sighandler_t" = xyes; then : + +else + HAVE_SIGHANDLER_T=0 +fi + + + + + + + + + + if test $gl_cv_type_sigset_t = yes; then + ac_fn_c_check_func "$LINENO" "sigprocmask" "ac_cv_func_sigprocmask" +if test "x$ac_cv_func_sigprocmask" = xyes; then : + gl_cv_func_sigprocmask=1 +fi + + fi + if test -z "$gl_cv_func_sigprocmask"; then + HAVE_POSIX_SIGNALBLOCKING=0 + fi + + if test $HAVE_POSIX_SIGNALBLOCKING = 0; then + + + + + + + + + gltests_LIBOBJS="$gltests_LIBOBJS sigprocmask.$ac_objext" + + : + fi + + + + + + if test "$GNULIB_SIGPROCMASK" != 1; then + if test "$GNULIB_SIGPROCMASK" = 0; then + GNULIB_SIGPROCMASK=$gl_module_indicator_condition + else + GNULIB_SIGPROCMASK="($GNULIB_SIGPROCMASK || $gl_module_indicator_condition)" + fi + fi + + + + + +$as_echo "#define GNULIB_TEST_SIGPROCMASK 1" >>confdefs.h + + + + + + ac_fn_c_check_decl "$LINENO" "sleep" "ac_cv_have_decl_sleep" "#include +" +if test "x$ac_cv_have_decl_sleep" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 +fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_SLEEP $ac_have_decl +_ACEOF + + + if test $ac_cv_have_decl_sleep != yes; then + HAVE_SLEEP=0 + else + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for working sleep" >&5 +$as_echo_n "checking for working sleep... " >&6; } +if ${gl_cv_func_sleep_works+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test "$cross_compiling" = yes; then : + case "$host_os" in + # Guess yes on glibc systems. + *-gnu* | gnu*) gl_cv_func_sleep_works="guessing yes" ;; + # Guess yes on musl systems. + *-musl*) gl_cv_func_sleep_works="guessing yes" ;; + # Guess no on native Windows. + mingw*) gl_cv_func_sleep_works="guessing no" ;; + # If we don't know, assume the worst. + *) gl_cv_func_sleep_works="guessing no" ;; + esac + +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include +#include +static void +handle_alarm (int sig) +{ + if (sig != SIGALRM) + _exit (2); +} + +int +main () +{ + + /* Failure to compile this test due to missing alarm is okay, + since all such platforms (mingw) also lack sleep. */ + unsigned int pentecost = 50 * 24 * 60 * 60; /* 50 days. */ + unsigned int remaining; + signal (SIGALRM, handle_alarm); + alarm (1); + remaining = sleep (pentecost); + if (remaining > pentecost) + return 3; + if (remaining <= pentecost - 10) + return 4; + return 0; + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_run "$LINENO"; then : + gl_cv_func_sleep_works=yes +else + gl_cv_func_sleep_works=no +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_func_sleep_works" >&5 +$as_echo "$gl_cv_func_sleep_works" >&6; } + case "$gl_cv_func_sleep_works" in + *yes) ;; + *) + REPLACE_SLEEP=1 + ;; + esac + fi + + if test $HAVE_SLEEP = 0 || test $REPLACE_SLEEP = 1; then + + + + + + + + + gltests_LIBOBJS="$gltests_LIBOBJS sleep.$ac_objext" + + fi + + + + + + if test "$GNULIB_SLEEP" != 1; then + if test "$GNULIB_SLEEP" = 0; then + GNULIB_SLEEP=$gl_module_indicator_condition + else + GNULIB_SLEEP="($GNULIB_SLEEP || $gl_module_indicator_condition)" + fi + fi + + + + + +$as_echo "#define GNULIB_TEST_SLEEP 1" >>confdefs.h + + + + + + if test "$ac_cv_header_winsock2_h" = yes; then + + + + + + + + + gltests_LIBOBJS="$gltests_LIBOBJS socket.$ac_objext" + + fi + # When this module is used, sockets may actually occur as file descriptors, + # hence it is worth warning if the modules 'close' and 'ioctl' are not used. + + + + if test "$ac_cv_header_winsock2_h" = yes; then + UNISTD_H_HAVE_WINSOCK2_H_AND_USE_SOCKETS=1 + SYS_IOCTL_H_HAVE_WINSOCK2_H_AND_USE_SOCKETS=1 + fi + + + + + + if test "$GNULIB_SOCKET" != 1; then + if test "$GNULIB_SOCKET" = 0; then + GNULIB_SOCKET=$gl_module_indicator_condition + else + GNULIB_SOCKET="($GNULIB_SOCKET || $gl_module_indicator_condition)" + fi + fi + + + + + +$as_echo "#define GNULIB_TEST_SOCKET 1" >>confdefs.h + + + + + + + + + case "$host_os" in + mingw*) + REPLACE_STAT=1 + ;; + *) + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether stat handles trailing slashes on files" >&5 +$as_echo_n "checking whether stat handles trailing slashes on files... " >&6; } +if ${gl_cv_func_stat_file_slash+:} false; then : + $as_echo_n "(cached) " >&6 +else + touch conftest.tmp + # Assume that if we have lstat, we can also check symlinks. + if test $ac_cv_func_lstat = yes; then + ln -s conftest.tmp conftest.lnk + fi + if test "$cross_compiling" = yes; then : + case "$host_os" in + # Guess yes on Linux systems. + linux-* | linux) gl_cv_func_stat_file_slash="guessing yes" ;; + # Guess yes on glibc systems. + *-gnu* | gnu*) gl_cv_func_stat_file_slash="guessing yes" ;; + # If we don't know, assume the worst. + *) gl_cv_func_stat_file_slash="guessing no" ;; + esac + +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + +int +main () +{ +int result = 0; + struct stat st; + if (!stat ("conftest.tmp/", &st)) + result |= 1; +#if HAVE_LSTAT + if (!stat ("conftest.lnk/", &st)) + result |= 2; +#endif + return result; + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_run "$LINENO"; then : + gl_cv_func_stat_file_slash=yes +else + gl_cv_func_stat_file_slash=no +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + + rm -f conftest.tmp conftest.lnk +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_func_stat_file_slash" >&5 +$as_echo "$gl_cv_func_stat_file_slash" >&6; } + case $gl_cv_func_stat_file_slash in + *no) + REPLACE_STAT=1 + +$as_echo "#define REPLACE_FUNC_STAT_FILE 1" >>confdefs.h +;; + esac + case $host_os in + solaris*) + REPLACE_FSTAT=1 ;; + esac + ;; + esac + + if test $REPLACE_STAT = 1; then + + + + + + + + + gltests_LIBOBJS="$gltests_LIBOBJS stat.$ac_objext" + + case "$host_os" in + mingw*) + + + + + + + + + gltests_LIBOBJS="$gltests_LIBOBJS stat-w32.$ac_objext" + + ;; + esac + + + : + + fi + + + + + + if test "$GNULIB_STAT" != 1; then + if test "$GNULIB_STAT" = 0; then + GNULIB_STAT=$gl_module_indicator_condition + else + GNULIB_STAT="($GNULIB_STAT || $gl_module_indicator_condition)" + fi + fi + + + + + +$as_echo "#define GNULIB_TEST_STAT 1" >>confdefs.h + + + + + + + + + + + + + if test "$ERRNO_H:$REPLACE_STRERROR_0" = :0; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for working strerror function" >&5 +$as_echo_n "checking for working strerror function... " >&6; } +if ${gl_cv_func_working_strerror+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test "$cross_compiling" = yes; then : + case "$host_os" in + # Guess yes on glibc systems. + *-gnu* | gnu*) gl_cv_func_working_strerror="guessing yes" ;; + # Guess yes on musl systems. + *-musl*) gl_cv_func_working_strerror="guessing yes" ;; + # If we don't know, assume the worst. + *) gl_cv_func_working_strerror="guessing no" ;; + esac + +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + +int +main () +{ +if (!*strerror (-2)) return 1; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_run "$LINENO"; then : + gl_cv_func_working_strerror=yes +else + gl_cv_func_working_strerror=no +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_func_working_strerror" >&5 +$as_echo "$gl_cv_func_working_strerror" >&6; } + case "$gl_cv_func_working_strerror" in + *yes) ;; + *) + REPLACE_STRERROR=1 + ;; + esac + + case "$gl_cv_func_strerror_r_works" in + *no) REPLACE_STRERROR=1 ;; + esac + + else + REPLACE_STRERROR=1 + fi + + if test $REPLACE_STRERROR = 1; then + + + + + + + + + gltests_LIBOBJS="$gltests_LIBOBJS strerror.$ac_objext" + + fi + + +cat >>confdefs.h <<_ACEOF +#define GNULIB_STRERROR $gl_module_indicator_condition +_ACEOF + + + + + + + + if test "$GNULIB_STRERROR" != 1; then + if test "$GNULIB_STRERROR" = 0; then + GNULIB_STRERROR=$gl_module_indicator_condition + else + GNULIB_STRERROR="($GNULIB_STRERROR || $gl_module_indicator_condition)" + fi + fi + + + + + +$as_echo "#define GNULIB_TEST_STRERROR 1" >>confdefs.h + + + + + + if test -n "$ERRNO_H" || test $REPLACE_STRERROR_0 = 1; then + + + + + + + + + gltests_LIBOBJS="$gltests_LIBOBJS strerror-override.$ac_objext" + + + + + + if test $ac_cv_header_sys_socket_h != yes; then + for ac_header in winsock2.h +do : + ac_fn_c_check_header_mongrel "$LINENO" "winsock2.h" "ac_cv_header_winsock2_h" "$ac_includes_default" +if test "x$ac_cv_header_winsock2_h" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_WINSOCK2_H 1 +_ACEOF + +fi + +done + + fi + if test "$ac_cv_header_winsock2_h" = yes; then + HAVE_WINSOCK2_H=1 + UNISTD_H_HAVE_WINSOCK2_H=1 + SYS_IOCTL_H_HAVE_WINSOCK2_H=1 + else + HAVE_WINSOCK2_H=0 + fi + + + fi + + + + + + + + if test $ac_cv_have_decl_strerror_r = no; then + HAVE_DECL_STRERROR_R=0 + fi + + if test $ac_cv_func_strerror_r = yes; then + if test "$ERRNO_H:$REPLACE_STRERROR_0" = :0; then + if test $gl_cv_func_strerror_r_posix_signature = yes; then + case "$gl_cv_func_strerror_r_works" in + *no) REPLACE_STRERROR_R=1 ;; + esac + else + REPLACE_STRERROR_R=1 + fi + else + REPLACE_STRERROR_R=1 + fi + fi + + if test $HAVE_DECL_STRERROR_R = 0 || test $REPLACE_STRERROR_R = 1; then + + + + + + + + + gltests_LIBOBJS="$gltests_LIBOBJS strerror_r.$ac_objext" + + + + + + + fi + + + + + + if test "$GNULIB_STRERROR_R" != 1; then + if test "$GNULIB_STRERROR_R" = 0; then + GNULIB_STRERROR_R=$gl_module_indicator_condition + else + GNULIB_STRERROR_R="($GNULIB_STRERROR_R || $gl_module_indicator_condition)" + fi + fi + + + + + +$as_echo "#define GNULIB_TEST_STRERROR_R 1" >>confdefs.h + + + + + +cat >>confdefs.h <<_ACEOF +#define GNULIB_STRERROR_R_POSIX $gl_module_indicator_condition +_ACEOF + + + + + + # Check for mmap(). Don't use AC_FUNC_MMAP, because it checks too much: it + # fails on HP-UX 11, because MAP_FIXED mappings do not work. But this is + # irrelevant for anonymous mappings. + ac_fn_c_check_func "$LINENO" "mmap" "ac_cv_func_mmap" +if test "x$ac_cv_func_mmap" = xyes; then : + gl_have_mmap=yes +else + gl_have_mmap=no +fi + + + # Try to allow MAP_ANONYMOUS. + gl_have_mmap_anonymous=no + if test $gl_have_mmap = yes; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for MAP_ANONYMOUS" >&5 +$as_echo_n "checking for MAP_ANONYMOUS... " >&6; } + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#ifdef MAP_ANONYMOUS + I cannot identify this map +#endif + +_ACEOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + $EGREP "I cannot identify this map" >/dev/null 2>&1; then : + gl_have_mmap_anonymous=yes +fi +rm -f conftest* + + if test $gl_have_mmap_anonymous != yes; then + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#ifdef MAP_ANON + I cannot identify this map +#endif + +_ACEOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + $EGREP "I cannot identify this map" >/dev/null 2>&1; then : + +$as_echo "#define MAP_ANONYMOUS MAP_ANON" >>confdefs.h + + gl_have_mmap_anonymous=yes +fi +rm -f conftest* + + fi + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_have_mmap_anonymous" >&5 +$as_echo "$gl_have_mmap_anonymous" >&6; } + if test $gl_have_mmap_anonymous = yes; then + +$as_echo "#define HAVE_MAP_ANONYMOUS 1" >>confdefs.h + + fi + fi + + + + + + + if test $ac_cv_func_symlink = no; then + HAVE_SYMLINK=0 + else + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether symlink handles trailing slash correctly" >&5 +$as_echo_n "checking whether symlink handles trailing slash correctly... " >&6; } +if ${gl_cv_func_symlink_works+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test "$cross_compiling" = yes; then : + case "$host_os" in + # Guess yes on Linux systems. + linux-* | linux) gl_cv_func_symlink_works="guessing yes" ;; + # Guess yes on glibc systems. + *-gnu* | gnu*) gl_cv_func_symlink_works="guessing yes" ;; + # If we don't know, assume the worst. + *) gl_cv_func_symlink_works="guessing no" ;; + esac + +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + +int +main () +{ +int result = 0; + if (!symlink ("a", "conftest.link/")) + result |= 1; + if (symlink ("conftest.f", "conftest.lnk2")) + result |= 2; + else if (!symlink ("a", "conftest.lnk2/")) + result |= 4; + return result; + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_run "$LINENO"; then : + gl_cv_func_symlink_works=yes +else + gl_cv_func_symlink_works=no +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + + rm -f conftest.f conftest.link conftest.lnk2 +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_func_symlink_works" >&5 +$as_echo "$gl_cv_func_symlink_works" >&6; } + case "$gl_cv_func_symlink_works" in + *yes) ;; + *) + REPLACE_SYMLINK=1 + ;; + esac + fi + + if test $HAVE_SYMLINK = 0 || test $REPLACE_SYMLINK = 1; then + + + + + + + + + gltests_LIBOBJS="$gltests_LIBOBJS symlink.$ac_objext" + + fi + + + + + + if test "$GNULIB_SYMLINK" != 1; then + if test "$GNULIB_SYMLINK" = 0; then + GNULIB_SYMLINK=$gl_module_indicator_condition + else + GNULIB_SYMLINK="($GNULIB_SYMLINK || $gl_module_indicator_condition)" + fi + fi + + + + + +$as_echo "#define GNULIB_TEST_SYMLINK 1" >>confdefs.h + + + + + + + + if test $ac_cv_header_sys_ioctl_h = yes; then + HAVE_SYS_IOCTL_H=1 + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether declares ioctl" >&5 +$as_echo_n "checking whether declares ioctl... " >&6; } +if ${gl_cv_decl_ioctl_in_sys_ioctl_h+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + +int +main () +{ +(void) ioctl; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + gl_cv_decl_ioctl_in_sys_ioctl_h=yes +else + gl_cv_decl_ioctl_in_sys_ioctl_h=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_decl_ioctl_in_sys_ioctl_h" >&5 +$as_echo "$gl_cv_decl_ioctl_in_sys_ioctl_h" >&6; } + else + HAVE_SYS_IOCTL_H=0 + fi + + + + + + + + + + + if test $gl_cv_have_include_next = yes; then + gl_cv_next_sys_ioctl_h='<'sys/ioctl.h'>' + else + { $as_echo "$as_me:${as_lineno-$LINENO}: checking absolute name of " >&5 +$as_echo_n "checking absolute name of ... " >&6; } +if ${gl_cv_next_sys_ioctl_h+:} false; then : + $as_echo_n "(cached) " >&6 +else + + if test $ac_cv_header_sys_ioctl_h = yes; then + + + + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +_ACEOF + case "$host_os" in + aix*) gl_absname_cpp="$ac_cpp -C" ;; + *) gl_absname_cpp="$ac_cpp" ;; + esac + + case "$host_os" in + mingw*) + gl_dirsep_regex='[/\\]' + ;; + *) + gl_dirsep_regex='\/' + ;; + esac + gl_make_literal_regex_sed='s,[]$^\\.*/[],\\&,g' + gl_header_literal_regex=`echo 'sys/ioctl.h' \ + | sed -e "$gl_make_literal_regex_sed"` + gl_absolute_header_sed="/${gl_dirsep_regex}${gl_header_literal_regex}/"'{ + s/.*"\(.*'"${gl_dirsep_regex}${gl_header_literal_regex}"'\)".*/\1/ + s|^/[^/]|//&| + p + q + }' + + gl_cv_absolute_sys_ioctl_h=`(eval "$gl_absname_cpp conftest.$ac_ext") 2>&5 | + sed -n "$gl_absolute_header_sed"` + + gl_header=$gl_cv_absolute_sys_ioctl_h + gl_cv_next_sys_ioctl_h='"'$gl_header'"' + else + gl_cv_next_sys_ioctl_h='<'sys/ioctl.h'>' + fi + + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_next_sys_ioctl_h" >&5 +$as_echo "$gl_cv_next_sys_ioctl_h" >&6; } + fi + NEXT_SYS_IOCTL_H=$gl_cv_next_sys_ioctl_h + + if test $gl_cv_have_include_next = yes || test $gl_cv_have_include_next = buggy; then + # INCLUDE_NEXT_AS_FIRST_DIRECTIVE='include_next' + gl_next_as_first_directive='<'sys/ioctl.h'>' + else + # INCLUDE_NEXT_AS_FIRST_DIRECTIVE='include' + gl_next_as_first_directive=$gl_cv_next_sys_ioctl_h + fi + NEXT_AS_FIRST_DIRECTIVE_SYS_IOCTL_H=$gl_next_as_first_directive + + + + + + + + + + + + + + + + + + + + + if test $ac_cv_have_decl_unsetenv = no; then + HAVE_DECL_UNSETENV=0 + fi + for ac_func in unsetenv +do : + ac_fn_c_check_func "$LINENO" "unsetenv" "ac_cv_func_unsetenv" +if test "x$ac_cv_func_unsetenv" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_UNSETENV 1 +_ACEOF + +fi +done + + if test $ac_cv_func_unsetenv = no; then + HAVE_UNSETENV=0 + else + HAVE_UNSETENV=1 + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for unsetenv() return type" >&5 +$as_echo_n "checking for unsetenv() return type... " >&6; } +if ${gt_cv_func_unsetenv_ret+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#undef _BSD +#define _BSD 1 /* unhide unsetenv declaration in OSF/1 5.1 */ +#include +extern +#ifdef __cplusplus +"C" +#endif +int unsetenv (const char *name); + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + gt_cv_func_unsetenv_ret='int' +else + gt_cv_func_unsetenv_ret='void' +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gt_cv_func_unsetenv_ret" >&5 +$as_echo "$gt_cv_func_unsetenv_ret" >&6; } + if test $gt_cv_func_unsetenv_ret = 'void'; then + +$as_echo "#define VOID_UNSETENV 1" >>confdefs.h + + REPLACE_UNSETENV=1 + fi + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether unsetenv obeys POSIX" >&5 +$as_echo_n "checking whether unsetenv obeys POSIX... " >&6; } +if ${gl_cv_func_unsetenv_works+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test "$cross_compiling" = yes; then : + case "$host_os" in + # Guess yes on glibc systems. + *-gnu*) gl_cv_func_unsetenv_works="guessing yes" ;; + # If we don't know, assume the worst. + *) gl_cv_func_unsetenv_works="guessing no" ;; + esac + +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + #include + #include + extern char **environ; + +int +main () +{ + + char entry1[] = "a=1"; + char entry2[] = "b=2"; + char *env[] = { entry1, entry2, NULL }; + if (putenv ((char *) "a=1")) return 1; + if (putenv (entry2)) return 2; + entry2[0] = 'a'; + unsetenv ("a"); + if (getenv ("a")) return 3; + if (!unsetenv ("") || errno != EINVAL) return 4; + entry2[0] = 'b'; + environ = env; + if (!getenv ("a")) return 5; + entry2[0] = 'a'; + unsetenv ("a"); + if (getenv ("a")) return 6; + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_run "$LINENO"; then : + gl_cv_func_unsetenv_works=yes +else + gl_cv_func_unsetenv_works=no +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_func_unsetenv_works" >&5 +$as_echo "$gl_cv_func_unsetenv_works" >&6; } + case "$gl_cv_func_unsetenv_works" in + *yes) ;; + *) + REPLACE_UNSETENV=1 + ;; + esac + fi + + if test $HAVE_UNSETENV = 0 || test $REPLACE_UNSETENV = 1; then + + + + + + + + + gltests_LIBOBJS="$gltests_LIBOBJS unsetenv.$ac_objext" + + + + + + fi + + + + + + if test "$GNULIB_UNSETENV" != 1; then + if test "$GNULIB_UNSETENV" = 0; then + GNULIB_UNSETENV=$gl_module_indicator_condition + else + GNULIB_UNSETENV="($GNULIB_UNSETENV || $gl_module_indicator_condition)" + fi + fi + + + + + +$as_echo "#define GNULIB_TEST_UNSETENV 1" >>confdefs.h + + + + + # Check whether --enable-valgrind-tests was given. +if test "${enable_valgrind_tests+set}" = set; then : + enableval=$enable_valgrind_tests; opt_valgrind_tests=$enableval +else + opt_valgrind_tests=no +fi + + + # Run self-tests under valgrind? + if test "$opt_valgrind_tests" = "yes" && test "$cross_compiling" = no; then + for ac_prog in valgrind +do + # Extract the first word of "$ac_prog", so it can be a program name with args. +set dummy $ac_prog; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_VALGRIND+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$VALGRIND"; then + ac_cv_prog_VALGRIND="$VALGRIND" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_VALGRIND="$ac_prog" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +VALGRIND=$ac_cv_prog_VALGRIND +if test -n "$VALGRIND"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $VALGRIND" >&5 +$as_echo "$VALGRIND" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + + test -n "$VALGRIND" && break +done + + + if test "$VALGRIND"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for valgrind options for tests" >&5 +$as_echo_n "checking for valgrind options for tests... " >&6; } +if ${gl_cv_opt_valgrind_tests+:} false; then : + $as_echo_n "(cached) " >&6 +else + gl_cv_opt_valgrind_tests="-q --error-exitcode=1 --leak-check=full --suppressions=\$(srcdir)/suppressions.valgrind" + $VALGRIND $gl_valgrind_opts ls > /dev/null 2>&1 || + gl_cv_opt_valgrind_tests=no +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_opt_valgrind_tests" >&5 +$as_echo "$gl_cv_opt_valgrind_tests" >&6; } + + if test "$gl_cv_opt_valgrind_tests" != no; then + VALGRIND="$VALGRIND $gl_cv_opt_valgrind_tests" + else + VALGRIND= + fi + fi + fi + + abs_aux_dir=`cd "$ac_aux_dir"; pwd` + + + + + + + + + + + + LIBTESTS_LIBDEPS="$gltests_libdeps" + + +ac_fn_c_check_decl "$LINENO" "fseeko" "ac_cv_have_decl_fseeko" "$ac_includes_default" +if test "x$ac_cv_have_decl_fseeko" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 +fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_FSEEKO $ac_have_decl +_ACEOF + + + + + + + + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for fseeko" >&5 +$as_echo_n "checking for fseeko... " >&6; } +if ${gl_cv_func_fseeko+:} false; then : + $as_echo_n "(cached) " >&6 +else + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + +int +main () +{ +fseeko (stdin, 0, 0); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + gl_cv_func_fseeko=yes +else + gl_cv_func_fseeko=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_func_fseeko" >&5 +$as_echo "$gl_cv_func_fseeko" >&6; } + + + if test $ac_cv_have_decl_fseeko = no; then + HAVE_DECL_FSEEKO=0 + fi + + if test $gl_cv_func_fseeko = no; then + HAVE_FSEEKO=0 + else + if test $WINDOWS_64_BIT_OFF_T = 1; then + REPLACE_FSEEKO=1 + fi + if test $gl_cv_var_stdin_large_offset = no; then + REPLACE_FSEEKO=1 + fi + + fi + + + HOSTENT_LIB= + gl_saved_libs="$LIBS" + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing gethostbyname" >&5 +$as_echo_n "checking for library containing gethostbyname... " >&6; } +if ${ac_cv_search_gethostbyname+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_func_search_save_LIBS=$LIBS +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char gethostbyname (); +int +main () +{ +return gethostbyname (); + ; + return 0; +} +_ACEOF +for ac_lib in '' nsl network net; do + if test -z "$ac_lib"; then + ac_res="none required" + else + ac_res=-l$ac_lib + LIBS="-l$ac_lib $ac_func_search_save_LIBS" + fi + if ac_fn_c_try_link "$LINENO"; then : + ac_cv_search_gethostbyname=$ac_res +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext + if ${ac_cv_search_gethostbyname+:} false; then : + break +fi +done +if ${ac_cv_search_gethostbyname+:} false; then : + +else + ac_cv_search_gethostbyname=no +fi +rm conftest.$ac_ext +LIBS=$ac_func_search_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_gethostbyname" >&5 +$as_echo "$ac_cv_search_gethostbyname" >&6; } +ac_res=$ac_cv_search_gethostbyname +if test "$ac_res" != no; then : + test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" + if test "$ac_cv_search_gethostbyname" != "none required"; then + HOSTENT_LIB="$ac_cv_search_gethostbyname" + fi +fi + + LIBS="$gl_saved_libs" + if test -z "$HOSTENT_LIB"; then + for ac_func in gethostbyname +do : + ac_fn_c_check_func "$LINENO" "gethostbyname" "ac_cv_func_gethostbyname" +if test "x$ac_cv_func_gethostbyname" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_GETHOSTBYNAME 1 +_ACEOF + +else + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for gethostbyname in winsock2.h and -lws2_32" >&5 +$as_echo_n "checking for gethostbyname in winsock2.h and -lws2_32... " >&6; } +if ${gl_cv_w32_gethostbyname+:} false; then : + $as_echo_n "(cached) " >&6 +else + gl_cv_w32_gethostbyname=no + gl_save_LIBS="$LIBS" + LIBS="$LIBS -lws2_32" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#ifdef HAVE_WINSOCK2_H +#include +#endif +#include + +int +main () +{ +gethostbyname(NULL); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + gl_cv_w32_gethostbyname=yes +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + LIBS="$gl_save_LIBS" + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_w32_gethostbyname" >&5 +$as_echo "$gl_cv_w32_gethostbyname" >&6; } + if test "$gl_cv_w32_gethostbyname" = "yes"; then + HOSTENT_LIB="-lws2_32" + fi + +fi +done + + fi + + + + SERVENT_LIB= + gl_saved_libs="$LIBS" + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing getservbyname" >&5 +$as_echo_n "checking for library containing getservbyname... " >&6; } +if ${ac_cv_search_getservbyname+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_func_search_save_LIBS=$LIBS +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char getservbyname (); +int +main () +{ +return getservbyname (); + ; + return 0; +} +_ACEOF +for ac_lib in '' socket network net; do + if test -z "$ac_lib"; then + ac_res="none required" + else + ac_res=-l$ac_lib + LIBS="-l$ac_lib $ac_func_search_save_LIBS" + fi + if ac_fn_c_try_link "$LINENO"; then : + ac_cv_search_getservbyname=$ac_res +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext + if ${ac_cv_search_getservbyname+:} false; then : + break +fi +done +if ${ac_cv_search_getservbyname+:} false; then : + +else + ac_cv_search_getservbyname=no +fi +rm conftest.$ac_ext +LIBS=$ac_func_search_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_getservbyname" >&5 +$as_echo "$ac_cv_search_getservbyname" >&6; } +ac_res=$ac_cv_search_getservbyname +if test "$ac_res" != no; then : + test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" + if test "$ac_cv_search_getservbyname" != "none required"; then + SERVENT_LIB="$ac_cv_search_getservbyname" + fi +fi + + LIBS="$gl_saved_libs" + if test -z "$SERVENT_LIB"; then + for ac_func in getservbyname +do : + ac_fn_c_check_func "$LINENO" "getservbyname" "ac_cv_func_getservbyname" +if test "x$ac_cv_func_getservbyname" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_GETSERVBYNAME 1 +_ACEOF + +else + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for getservbyname in winsock2.h and -lws2_32" >&5 +$as_echo_n "checking for getservbyname in winsock2.h and -lws2_32... " >&6; } +if ${gl_cv_w32_getservbyname+:} false; then : + $as_echo_n "(cached) " >&6 +else + gl_cv_w32_getservbyname=no + gl_save_LIBS="$LIBS" + LIBS="$LIBS -lws2_32" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#ifdef HAVE_WINSOCK2_H +#include +#endif +#include + +int +main () +{ +getservbyname(NULL,NULL); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + gl_cv_w32_getservbyname=yes +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + LIBS="$gl_save_LIBS" + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_w32_getservbyname" >&5 +$as_echo "$gl_cv_w32_getservbyname" >&6; } + if test "$gl_cv_w32_getservbyname" = "yes"; then + SERVENT_LIB="-lws2_32" + fi + +fi +done + + fi + + + + + + + + + + + if test $ac_cv_func_getpass = no; then + HAVE_GETPASS=0 + fi + + + + + + + +ac_fn_c_check_decl "$LINENO" "fflush_unlocked" "ac_cv_have_decl_fflush_unlocked" "$ac_includes_default" +if test "x$ac_cv_have_decl_fflush_unlocked" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 +fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_FFLUSH_UNLOCKED $ac_have_decl +_ACEOF + +ac_fn_c_check_decl "$LINENO" "flockfile" "ac_cv_have_decl_flockfile" "$ac_includes_default" +if test "x$ac_cv_have_decl_flockfile" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 +fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_FLOCKFILE $ac_have_decl +_ACEOF + +ac_fn_c_check_decl "$LINENO" "fputs_unlocked" "ac_cv_have_decl_fputs_unlocked" "$ac_includes_default" +if test "x$ac_cv_have_decl_fputs_unlocked" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 +fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_FPUTS_UNLOCKED $ac_have_decl +_ACEOF + +ac_fn_c_check_decl "$LINENO" "funlockfile" "ac_cv_have_decl_funlockfile" "$ac_includes_default" +if test "x$ac_cv_have_decl_funlockfile" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 +fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_FUNLOCKFILE $ac_have_decl +_ACEOF + +ac_fn_c_check_decl "$LINENO" "putc_unlocked" "ac_cv_have_decl_putc_unlocked" "$ac_includes_default" +if test "x$ac_cv_have_decl_putc_unlocked" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 +fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_PUTC_UNLOCKED $ac_have_decl +_ACEOF + +: + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether time_t is signed" >&5 +$as_echo_n "checking whether time_t is signed... " >&6; } +if ${gl_cv_time_t_is_signed+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + char time_t_signed[(time_t) -1 < 0 ? 1 : -1]; +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + gl_cv_time_t_is_signed=yes +else + gl_cv_time_t_is_signed=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_time_t_is_signed" >&5 +$as_echo "$gl_cv_time_t_is_signed" >&6; } + if test $gl_cv_time_t_is_signed = yes; then + +$as_echo "#define TIME_T_IS_SIGNED 1" >>confdefs.h + + fi + + + + + + + + + + + if test $APPLE_UNIVERSAL_BUILD = 1; then + # A universal build on Apple Mac OS X platforms. + # The test result would be 'yes' in 32-bit mode and 'no' in 64-bit mode. + # But we need a configuration result that is valid in both modes. + gl_cv_func_working_mktime=no + fi + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for working mktime" >&5 +$as_echo_n "checking for working mktime... " >&6; } +if ${gl_cv_func_working_mktime+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test "$cross_compiling" = yes; then : + case "$host_os" in + # Guess no on native Windows. + mingw*) gl_cv_func_working_mktime="guessing no" ;; + *) gl_cv_func_working_mktime="guessing no" ;; + esac + +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +/* Test program from Paul Eggert and Tony Leneis. */ +#include +#include +#include + +#ifdef HAVE_UNISTD_H +# include +#endif + +#if HAVE_DECL_ALARM +# include +#endif + +#ifndef TIME_T_IS_SIGNED +# define TIME_T_IS_SIGNED 0 +#endif + +/* Work around redefinition to rpl_putenv by other config tests. */ +#undef putenv + +static time_t time_t_max; +static time_t time_t_min; + +/* Values we'll use to set the TZ environment variable. */ +static char *tz_strings[] = { + (char *) 0, "TZ=GMT0", "TZ=JST-9", + "TZ=EST+3EDT+2,M10.1.0/00:00:00,M2.3.0/00:00:00" +}; +#define N_STRINGS (sizeof (tz_strings) / sizeof (tz_strings[0])) + +/* Return 0 if mktime fails to convert a date in the spring-forward gap. + Based on a problem report from Andreas Jaeger. */ +static int +spring_forward_gap () +{ + /* glibc (up to about 1998-10-07) failed this test. */ + struct tm tm; + + /* Use the portable POSIX.1 specification "TZ=PST8PDT,M4.1.0,M10.5.0" + instead of "TZ=America/Vancouver" in order to detect the bug even + on systems that don't support the Olson extension, or don't have the + full zoneinfo tables installed. */ + putenv ("TZ=PST8PDT,M4.1.0,M10.5.0"); + + tm.tm_year = 98; + tm.tm_mon = 3; + tm.tm_mday = 5; + tm.tm_hour = 2; + tm.tm_min = 0; + tm.tm_sec = 0; + tm.tm_isdst = -1; + return mktime (&tm) != (time_t) -1; +} + +static int +mktime_test1 (time_t now) +{ + struct tm *lt; + return ! (lt = localtime (&now)) || mktime (lt) == now; +} + +static int +mktime_test (time_t now) +{ + return (mktime_test1 (now) + && mktime_test1 ((time_t) (time_t_max - now)) + && mktime_test1 ((time_t) (time_t_min + now))); +} + +static int +irix_6_4_bug () +{ + /* Based on code from Ariel Faigon. */ + struct tm tm; + tm.tm_year = 96; + tm.tm_mon = 3; + tm.tm_mday = 0; + tm.tm_hour = 0; + tm.tm_min = 0; + tm.tm_sec = 0; + tm.tm_isdst = -1; + mktime (&tm); + return tm.tm_mon == 2 && tm.tm_mday == 31; +} + +static int +bigtime_test (int j) +{ + struct tm tm; + time_t now; + tm.tm_year = tm.tm_mon = tm.tm_mday = tm.tm_hour = tm.tm_min = tm.tm_sec = j; + now = mktime (&tm); + if (now != (time_t) -1) + { + struct tm *lt = localtime (&now); + if (! (lt + && lt->tm_year == tm.tm_year + && lt->tm_mon == tm.tm_mon + && lt->tm_mday == tm.tm_mday + && lt->tm_hour == tm.tm_hour + && lt->tm_min == tm.tm_min + && lt->tm_sec == tm.tm_sec + && lt->tm_yday == tm.tm_yday + && lt->tm_wday == tm.tm_wday + && ((lt->tm_isdst < 0 ? -1 : 0 < lt->tm_isdst) + == (tm.tm_isdst < 0 ? -1 : 0 < tm.tm_isdst)))) + return 0; + } + return 1; +} + +static int +year_2050_test () +{ + /* The correct answer for 2050-02-01 00:00:00 in Pacific time, + ignoring leap seconds. */ + unsigned long int answer = 2527315200UL; + + struct tm tm; + time_t t; + tm.tm_year = 2050 - 1900; + tm.tm_mon = 2 - 1; + tm.tm_mday = 1; + tm.tm_hour = tm.tm_min = tm.tm_sec = 0; + tm.tm_isdst = -1; + + /* Use the portable POSIX.1 specification "TZ=PST8PDT,M4.1.0,M10.5.0" + instead of "TZ=America/Vancouver" in order to detect the bug even + on systems that don't support the Olson extension, or don't have the + full zoneinfo tables installed. */ + putenv ("TZ=PST8PDT,M4.1.0,M10.5.0"); + + t = mktime (&tm); + + /* Check that the result is either a failure, or close enough + to the correct answer that we can assume the discrepancy is + due to leap seconds. */ + return (t == (time_t) -1 + || (0 < t && answer - 120 <= t && t <= answer + 120)); +} + +int +main () +{ + int result = 0; + time_t t, delta; + int i, j; + int time_t_signed_magnitude = (time_t) ~ (time_t) 0 < (time_t) -1; + +#if HAVE_DECL_ALARM + /* This test makes some buggy mktime implementations loop. + Give up after 60 seconds; a mktime slower than that + isn't worth using anyway. */ + signal (SIGALRM, SIG_DFL); + alarm (60); +#endif + + time_t_max = (! TIME_T_IS_SIGNED + ? (time_t) -1 + : ((((time_t) 1 << (sizeof (time_t) * CHAR_BIT - 2)) - 1) + * 2 + 1)); + time_t_min = (! TIME_T_IS_SIGNED + ? (time_t) 0 + : time_t_signed_magnitude + ? ~ (time_t) 0 + : ~ time_t_max); + + delta = time_t_max / 997; /* a suitable prime number */ + for (i = 0; i < N_STRINGS; i++) + { + if (tz_strings[i]) + putenv (tz_strings[i]); + + for (t = 0; t <= time_t_max - delta && (result & 1) == 0; t += delta) + if (! mktime_test (t)) + result |= 1; + if ((result & 2) == 0 + && ! (mktime_test ((time_t) 1) + && mktime_test ((time_t) (60 * 60)) + && mktime_test ((time_t) (60 * 60 * 24)))) + result |= 2; + + for (j = 1; (result & 4) == 0; j <<= 1) + { + if (! bigtime_test (j)) + result |= 4; + if (INT_MAX / 2 < j) + break; + } + if ((result & 8) == 0 && ! bigtime_test (INT_MAX)) + result |= 8; + } + if (! irix_6_4_bug ()) + result |= 16; + if (! spring_forward_gap ()) + result |= 32; + if (! year_2050_test ()) + result |= 64; + return result; +} +_ACEOF +if ac_fn_c_try_run "$LINENO"; then : + gl_cv_func_working_mktime=yes +else + gl_cv_func_working_mktime=no +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_func_working_mktime" >&5 +$as_echo "$gl_cv_func_working_mktime" >&6; } + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether struct tm is in sys/time.h or time.h" >&5 +$as_echo_n "checking whether struct tm is in sys/time.h or time.h... " >&6; } +if ${ac_cv_struct_tm+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +#include + +int +main () +{ +struct tm tm; + int *p = &tm.tm_sec; + return !p; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_cv_struct_tm=time.h +else + ac_cv_struct_tm=sys/time.h +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_struct_tm" >&5 +$as_echo "$ac_cv_struct_tm" >&6; } +if test $ac_cv_struct_tm = sys/time.h; then + +$as_echo "#define TM_IN_SYS_TIME 1" >>confdefs.h + +fi + +ac_fn_c_check_member "$LINENO" "struct tm" "tm_zone" "ac_cv_member_struct_tm_tm_zone" "#include +#include <$ac_cv_struct_tm> + +" +if test "x$ac_cv_member_struct_tm_tm_zone" = xyes; then : + +cat >>confdefs.h <<_ACEOF +#define HAVE_STRUCT_TM_TM_ZONE 1 +_ACEOF + + +fi + +if test "$ac_cv_member_struct_tm_tm_zone" = yes; then + +$as_echo "#define HAVE_TM_ZONE 1" >>confdefs.h + +else + ac_fn_c_check_decl "$LINENO" "tzname" "ac_cv_have_decl_tzname" "#include +" +if test "x$ac_cv_have_decl_tzname" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 +fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_TZNAME $ac_have_decl +_ACEOF + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for tzname" >&5 +$as_echo_n "checking for tzname... " >&6; } +if ${ac_cv_var_tzname+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +#if !HAVE_DECL_TZNAME +extern char *tzname[]; +#endif + +int +main () +{ +return tzname[0][0]; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + ac_cv_var_tzname=yes +else + ac_cv_var_tzname=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_var_tzname" >&5 +$as_echo "$ac_cv_var_tzname" >&6; } + if test $ac_cv_var_tzname = yes; then + +$as_echo "#define HAVE_TZNAME 1" >>confdefs.h + + fi +fi + + + ac_fn_c_check_member "$LINENO" "struct tm" "tm_gmtoff" "ac_cv_member_struct_tm_tm_gmtoff" "#include +" +if test "x$ac_cv_member_struct_tm_tm_gmtoff" = xyes; then : + +$as_echo "#define HAVE_TM_GMTOFF 1" >>confdefs.h + +fi + + + + # parse-datetime.y works with bison only. + : ${YACC='bison -o y.tab.c'} + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for compound literals" >&5 +$as_echo_n "checking for compound literals... " >&6; } +if ${gl_cv_compound_literals+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +struct s { int i, j; }; +int +main () +{ +struct s t = (struct s) { 3, 4 }; + if (t.i != 0) return 0; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + gl_cv_compound_literals=yes +else + gl_cv_compound_literals=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_compound_literals" >&5 +$as_echo "$gl_cv_compound_literals" >&6; } + if test $gl_cv_compound_literals = yes; then + +$as_echo "#define HAVE_COMPOUND_LITERALS 1" >>confdefs.h + + fi + + + + + if true; then + GL_COND_LIBTOOL_TRUE= + GL_COND_LIBTOOL_FALSE='#' +else + GL_COND_LIBTOOL_TRUE='#' + GL_COND_LIBTOOL_FALSE= +fi + + gl_cond_libtool=true + gl_m4_base='src/gl/m4' + + + + + + + + + + gl_source_base='src/gl' + + if test "$ac_cv_header_winsock2_h" = yes; then + + + + + + + + + ggl_LIBOBJS="$ggl_LIBOBJS accept.$ac_objext" + + fi + + + + + + GNULIB_ACCEPT=1 + + + + + +$as_echo "#define GNULIB_TEST_ACCEPT 1" >>confdefs.h + + + +LTALLOCA=`echo "$ALLOCA" | sed -e 's/\.[^.]* /.lo /g;s/\.[^.]*$/.lo/'` + + + + if test $ac_cv_func_alloca_works = no; then + : + fi + + # Define an additional variable used in the Makefile substitution. + if test $ac_cv_working_alloca_h = yes; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for alloca as a compiler built-in" >&5 +$as_echo_n "checking for alloca as a compiler built-in... " >&6; } +if ${gl_cv_rpl_alloca+:} false; then : + $as_echo_n "(cached) " >&6 +else + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#if defined __GNUC__ || defined _AIX || defined _MSC_VER + Need own alloca +#endif + +_ACEOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + $EGREP "Need own alloca" >/dev/null 2>&1; then : + gl_cv_rpl_alloca=yes +else + gl_cv_rpl_alloca=no +fi +rm -f conftest* + + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_rpl_alloca" >&5 +$as_echo "$gl_cv_rpl_alloca" >&6; } + if test $gl_cv_rpl_alloca = yes; then + +$as_echo "#define HAVE_ALLOCA 1" >>confdefs.h + + ALLOCA_H=alloca.h + else + ALLOCA_H= + fi + else + ALLOCA_H=alloca.h + fi + + if test -n "$ALLOCA_H"; then + GL_GENERATE_ALLOCA_H_TRUE= + GL_GENERATE_ALLOCA_H_FALSE='#' +else + GL_GENERATE_ALLOCA_H_TRUE='#' + GL_GENERATE_ALLOCA_H_FALSE= +fi + + + if test $ac_cv_working_alloca_h = yes; then + HAVE_ALLOCA_H=1 + else + HAVE_ALLOCA_H=0 + fi + + + + + + + if test $ac_cv_header_arpa_inet_h = yes; then + HAVE_ARPA_INET_H=1 + else + HAVE_ARPA_INET_H=0 + fi + + + + + + + + + + + if test $gl_cv_have_include_next = yes; then + gl_cv_next_arpa_inet_h='<'arpa/inet.h'>' + else + { $as_echo "$as_me:${as_lineno-$LINENO}: checking absolute name of " >&5 +$as_echo_n "checking absolute name of ... " >&6; } +if ${gl_cv_next_arpa_inet_h+:} false; then : + $as_echo_n "(cached) " >&6 +else + + if test $ac_cv_header_arpa_inet_h = yes; then + + + + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +_ACEOF + case "$host_os" in + aix*) gl_absname_cpp="$ac_cpp -C" ;; + *) gl_absname_cpp="$ac_cpp" ;; + esac + + case "$host_os" in + mingw*) + gl_dirsep_regex='[/\\]' + ;; + *) + gl_dirsep_regex='\/' + ;; + esac + gl_make_literal_regex_sed='s,[]$^\\.*/[],\\&,g' + gl_header_literal_regex=`echo 'arpa/inet.h' \ + | sed -e "$gl_make_literal_regex_sed"` + gl_absolute_header_sed="/${gl_dirsep_regex}${gl_header_literal_regex}/"'{ + s/.*"\(.*'"${gl_dirsep_regex}${gl_header_literal_regex}"'\)".*/\1/ + s|^/[^/]|//&| + p + q + }' + + gl_cv_absolute_arpa_inet_h=`(eval "$gl_absname_cpp conftest.$ac_ext") 2>&5 | + sed -n "$gl_absolute_header_sed"` + + gl_header=$gl_cv_absolute_arpa_inet_h + gl_cv_next_arpa_inet_h='"'$gl_header'"' + else + gl_cv_next_arpa_inet_h='<'arpa/inet.h'>' + fi + + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_next_arpa_inet_h" >&5 +$as_echo "$gl_cv_next_arpa_inet_h" >&6; } + fi + NEXT_ARPA_INET_H=$gl_cv_next_arpa_inet_h + + if test $gl_cv_have_include_next = yes || test $gl_cv_have_include_next = buggy; then + # INCLUDE_NEXT_AS_FIRST_DIRECTIVE='include_next' + gl_next_as_first_directive='<'arpa/inet.h'>' + else + # INCLUDE_NEXT_AS_FIRST_DIRECTIVE='include' + gl_next_as_first_directive=$gl_cv_next_arpa_inet_h + fi + NEXT_AS_FIRST_DIRECTIVE_ARPA_INET_H=$gl_next_as_first_directive + + + + + + + + + + + + + + if test "$ac_cv_header_winsock2_h" = yes; then + + + + + + + + + ggl_LIBOBJS="$ggl_LIBOBJS bind.$ac_objext" + + fi + + + + + + GNULIB_BIND=1 + + + + + +$as_echo "#define GNULIB_TEST_BIND 1" >>confdefs.h + + + + + + + # Solaris 2.5.1 needs -lposix4 to get the clock_gettime function. + # Solaris 7 prefers the library name -lrt to the obsolescent name -lposix4. + + # Save and restore LIBS so e.g., -lrt, isn't added to it. Otherwise, *all* + # programs in the package would end up linked with that potentially-shared + # library, inducing unnecessary run-time overhead. + LIB_CLOCK_GETTIME= + + gl_saved_libs=$LIBS + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing clock_gettime" >&5 +$as_echo_n "checking for library containing clock_gettime... " >&6; } +if ${ac_cv_search_clock_gettime+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_func_search_save_LIBS=$LIBS +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char clock_gettime (); +int +main () +{ +return clock_gettime (); + ; + return 0; +} +_ACEOF +for ac_lib in '' rt posix4; do + if test -z "$ac_lib"; then + ac_res="none required" + else + ac_res=-l$ac_lib + LIBS="-l$ac_lib $ac_func_search_save_LIBS" + fi + if ac_fn_c_try_link "$LINENO"; then : + ac_cv_search_clock_gettime=$ac_res +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext + if ${ac_cv_search_clock_gettime+:} false; then : + break +fi +done +if ${ac_cv_search_clock_gettime+:} false; then : + +else + ac_cv_search_clock_gettime=no +fi +rm conftest.$ac_ext +LIBS=$ac_func_search_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_clock_gettime" >&5 +$as_echo "$ac_cv_search_clock_gettime" >&6; } +ac_res=$ac_cv_search_clock_gettime +if test "$ac_res" != no; then : + test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" + test "$ac_cv_search_clock_gettime" = "none required" || + LIB_CLOCK_GETTIME=$ac_cv_search_clock_gettime +fi + + for ac_func in clock_gettime clock_settime +do : + as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` +ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" +if eval test \"x\$"$as_ac_var"\" = x"yes"; then : + cat >>confdefs.h <<_ACEOF +#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 +_ACEOF + +fi +done + + LIBS=$gl_saved_libs + + + + + + if test $HAVE_MSVC_INVALID_PARAMETER_HANDLER = 1; then + REPLACE_CLOSE=1 + fi + + + + + + + if test $ac_cv_header_sys_socket_h != yes; then + for ac_header in winsock2.h +do : + ac_fn_c_check_header_mongrel "$LINENO" "winsock2.h" "ac_cv_header_winsock2_h" "$ac_includes_default" +if test "x$ac_cv_header_winsock2_h" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_WINSOCK2_H 1 +_ACEOF + +fi + +done + + fi + if test "$ac_cv_header_winsock2_h" = yes; then + HAVE_WINSOCK2_H=1 + UNISTD_H_HAVE_WINSOCK2_H=1 + SYS_IOCTL_H_HAVE_WINSOCK2_H=1 + else + HAVE_WINSOCK2_H=0 + fi + + + if test $UNISTD_H_HAVE_WINSOCK2_H = 1; then + REPLACE_CLOSE=1 + fi + + + + if test $REPLACE_CLOSE = 1; then + + + + + + + + + ggl_LIBOBJS="$ggl_LIBOBJS close.$ac_objext" + + fi + + + + + + GNULIB_CLOSE=1 + + + + + +$as_echo "#define GNULIB_TEST_CLOSE 1" >>confdefs.h + + + + + if test "$ac_cv_header_winsock2_h" = yes; then + + + + + + + + + ggl_LIBOBJS="$ggl_LIBOBJS connect.$ac_objext" + + fi + + + + + + GNULIB_CONNECT=1 + + + + + +$as_echo "#define GNULIB_TEST_CONNECT 1" >>confdefs.h + + + + + + + + +$as_echo "#define HAVE_DUP2 1" >>confdefs.h + + + if test $HAVE_DUP2 = 1; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether dup2 works" >&5 +$as_echo_n "checking whether dup2 works... " >&6; } +if ${gl_cv_func_dup2_works+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test "$cross_compiling" = yes; then : + case "$host_os" in + mingw*) # on this platform, dup2 always returns 0 for success + gl_cv_func_dup2_works="guessing no" ;; + cygwin*) # on cygwin 1.5.x, dup2(1,1) returns 0 + gl_cv_func_dup2_works="guessing no" ;; + aix* | freebsd*) + # on AIX 7.1 and FreeBSD 6.1, dup2 (1,toobig) gives EMFILE, + # not EBADF. + gl_cv_func_dup2_works="guessing no" ;; + haiku*) # on Haiku alpha 2, dup2(1, 1) resets FD_CLOEXEC. + gl_cv_func_dup2_works="guessing no" ;; + *-android*) # implemented using dup3(), which fails if oldfd == newfd + gl_cv_func_dup2_works="guessing no" ;; + os2*) # on OS/2 kLIBC, dup2() does not work on a directory fd. + gl_cv_func_dup2_works="guessing no" ;; + *) gl_cv_func_dup2_works="guessing yes" ;; + esac +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + #include + #include + #include + #include + #include + #ifndef RLIM_SAVED_CUR + # define RLIM_SAVED_CUR RLIM_INFINITY + #endif + #ifndef RLIM_SAVED_MAX + # define RLIM_SAVED_MAX RLIM_INFINITY + #endif + +int +main () +{ +int result = 0; + int bad_fd = INT_MAX; + struct rlimit rlim; + if (getrlimit (RLIMIT_NOFILE, &rlim) == 0 + && 0 <= rlim.rlim_cur && rlim.rlim_cur <= INT_MAX + && rlim.rlim_cur != RLIM_INFINITY + && rlim.rlim_cur != RLIM_SAVED_MAX + && rlim.rlim_cur != RLIM_SAVED_CUR) + bad_fd = rlim.rlim_cur; + #ifdef FD_CLOEXEC + if (fcntl (1, F_SETFD, FD_CLOEXEC) == -1) + result |= 1; + #endif + if (dup2 (1, 1) != 1) + result |= 2; + #ifdef FD_CLOEXEC + if (fcntl (1, F_GETFD) != FD_CLOEXEC) + result |= 4; + #endif + close (0); + if (dup2 (0, 0) != -1) + result |= 8; + /* Many gnulib modules require POSIX conformance of EBADF. */ + if (dup2 (2, bad_fd) == -1 && errno != EBADF) + result |= 16; + /* Flush out some cygwin core dumps. */ + if (dup2 (2, -1) != -1 || errno != EBADF) + result |= 32; + dup2 (2, 255); + dup2 (2, 256); + /* On OS/2 kLIBC, dup2() does not work on a directory fd. */ + { + int fd = open (".", O_RDONLY); + if (fd == -1) + result |= 64; + else if (dup2 (fd, fd + 1) == -1) + result |= 128; + + close (fd); + } + return result; + ; + return 0; +} + +_ACEOF +if ac_fn_c_try_run "$LINENO"; then : + gl_cv_func_dup2_works=yes +else + gl_cv_func_dup2_works=no +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_func_dup2_works" >&5 +$as_echo "$gl_cv_func_dup2_works" >&6; } + case "$gl_cv_func_dup2_works" in + *yes) ;; + *) + REPLACE_DUP2=1 + for ac_func in setdtablesize +do : + ac_fn_c_check_func "$LINENO" "setdtablesize" "ac_cv_func_setdtablesize" +if test "x$ac_cv_func_setdtablesize" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_SETDTABLESIZE 1 +_ACEOF + +fi +done + + ;; + esac + fi + + + if test $HAVE_DUP2 = 0 || test $REPLACE_DUP2 = 1; then + + + + + + + + + ggl_LIBOBJS="$ggl_LIBOBJS dup2.$ac_objext" + + + fi + + + + + + GNULIB_DUP2=1 + + + + + +$as_echo "#define GNULIB_TEST_DUP2 1" >>confdefs.h + + + + + + + + + + GNULIB_ENVIRON=1 + + + + + +$as_echo "#define GNULIB_TEST_ENVIRON 1" >>confdefs.h + + + + + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for flexible array member" >&5 +$as_echo_n "checking for flexible array member... " >&6; } +if ${ac_cv_c_flexmember+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + #include + #include + struct m { struct m *next, **list; char name[]; }; + struct s { struct s *p; struct m *m; int n; double d[]; }; +int +main () +{ +int m = getchar (); + size_t nbytes = offsetof (struct s, d) + m * sizeof (double); + nbytes += sizeof (struct s) - 1; + nbytes -= nbytes % sizeof (struct s); + struct s *p = malloc (nbytes); + p->p = p; + p->m = NULL; + p->d[0] = 0.0; + return p->d != (double *) NULL; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_cv_c_flexmember=yes +else + ac_cv_c_flexmember=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_flexmember" >&5 +$as_echo "$ac_cv_c_flexmember" >&6; } + if test $ac_cv_c_flexmember = yes; then + +$as_echo "#define FLEXIBLE_ARRAY_MEMBER /**/" >>confdefs.h + + else + $as_echo "#define FLEXIBLE_ARRAY_MEMBER 1" >>confdefs.h + + fi + + + + + FLOAT_H= + REPLACE_FLOAT_LDBL=0 + case "$host_os" in + aix* | beos* | openbsd* | mirbsd* | irix*) + FLOAT_H=float.h + ;; + freebsd* | dragonfly*) + case "$host_cpu" in + i[34567]86 ) + FLOAT_H=float.h + ;; + x86_64 ) + # On x86_64 systems, the C compiler may still be generating + # 32-bit code. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#if defined __LP64__ || defined __x86_64__ || defined __amd64__ + int ok; + #else + error fail + #endif + +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + +else + FLOAT_H=float.h +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + ;; + esac + ;; + linux*) + case "$host_cpu" in + powerpc*) + FLOAT_H=float.h + ;; + esac + ;; + esac + case "$host_os" in + aix* | freebsd* | dragonfly* | linux*) + if test -n "$FLOAT_H"; then + REPLACE_FLOAT_LDBL=1 + fi + ;; + esac + + REPLACE_ITOLD=0 + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether conversion from 'int' to 'long double' works" >&5 +$as_echo_n "checking whether conversion from 'int' to 'long double' works... " >&6; } +if ${gl_cv_func_itold_works+:} false; then : + $as_echo_n "(cached) " >&6 +else + + if test "$cross_compiling" = yes; then : + case "$host" in + sparc*-*-linux*) + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#if defined __LP64__ || defined __arch64__ + int ok; + #else + error fail + #endif + +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + gl_cv_func_itold_works="guessing no" +else + gl_cv_func_itold_works="guessing yes" +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + ;; + # Guess yes on native Windows. + mingw*) gl_cv_func_itold_works="guessing yes" ;; + *) gl_cv_func_itold_works="guessing yes" ;; + esac + +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int i = -1; +volatile long double ld; +int main () +{ + ld += i * 1.0L; + if (ld > 0) + return 1; + return 0; +} +_ACEOF +if ac_fn_c_try_run "$LINENO"; then : + gl_cv_func_itold_works=yes +else + gl_cv_func_itold_works=no +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_func_itold_works" >&5 +$as_echo "$gl_cv_func_itold_works" >&6; } + case "$gl_cv_func_itold_works" in + *no) + REPLACE_ITOLD=1 + FLOAT_H=float.h + ;; + esac + + if test -n "$FLOAT_H"; then + + + + + + + + + if test $gl_cv_have_include_next = yes; then + gl_cv_next_float_h='<'float.h'>' + else + { $as_echo "$as_me:${as_lineno-$LINENO}: checking absolute name of " >&5 +$as_echo_n "checking absolute name of ... " >&6; } +if ${gl_cv_next_float_h+:} false; then : + $as_echo_n "(cached) " >&6 +else + + + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +_ACEOF + case "$host_os" in + aix*) gl_absname_cpp="$ac_cpp -C" ;; + *) gl_absname_cpp="$ac_cpp" ;; + esac + + case "$host_os" in + mingw*) + gl_dirsep_regex='[/\\]' + ;; + *) + gl_dirsep_regex='\/' + ;; + esac + gl_make_literal_regex_sed='s,[]$^\\.*/[],\\&,g' + gl_header_literal_regex=`echo 'float.h' \ + | sed -e "$gl_make_literal_regex_sed"` + gl_absolute_header_sed="/${gl_dirsep_regex}${gl_header_literal_regex}/"'{ + s/.*"\(.*'"${gl_dirsep_regex}${gl_header_literal_regex}"'\)".*/\1/ + s|^/[^/]|//&| + p + q + }' + + gl_cv_absolute_float_h=`(eval "$gl_absname_cpp conftest.$ac_ext") 2>&5 | + sed -n "$gl_absolute_header_sed"` + + gl_header=$gl_cv_absolute_float_h + gl_cv_next_float_h='"'$gl_header'"' + + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_next_float_h" >&5 +$as_echo "$gl_cv_next_float_h" >&6; } + fi + NEXT_FLOAT_H=$gl_cv_next_float_h + + if test $gl_cv_have_include_next = yes || test $gl_cv_have_include_next = buggy; then + # INCLUDE_NEXT_AS_FIRST_DIRECTIVE='include_next' + gl_next_as_first_directive='<'float.h'>' + else + # INCLUDE_NEXT_AS_FIRST_DIRECTIVE='include' + gl_next_as_first_directive=$gl_cv_next_float_h + fi + NEXT_AS_FIRST_DIRECTIVE_FLOAT_H=$gl_next_as_first_directive + + + + + fi + + if test -n "$FLOAT_H"; then + GL_GENERATE_FLOAT_H_TRUE= + GL_GENERATE_FLOAT_H_FALSE='#' +else + GL_GENERATE_FLOAT_H_TRUE='#' + GL_GENERATE_FLOAT_H_FALSE= +fi + + + + if test $REPLACE_FLOAT_LDBL = 1; then + + + + + + + + + ggl_LIBOBJS="$ggl_LIBOBJS float.$ac_objext" + + fi + if test $REPLACE_ITOLD = 1; then + + + + + + + + + ggl_LIBOBJS="$ggl_LIBOBJS itold.$ac_objext" + + fi + + + + if test $HAVE_FSEEKO = 0 || test $REPLACE_FSEEKO = 1; then + REPLACE_FSEEK=1 + fi + + if test $REPLACE_FSEEK = 1; then + + + + + + + + + ggl_LIBOBJS="$ggl_LIBOBJS fseek.$ac_objext" + + fi + + + + + + GNULIB_FSEEK=1 + + + + + +$as_echo "#define GNULIB_TEST_FSEEK 1" >>confdefs.h + + + + + + + + + + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for fseeko" >&5 +$as_echo_n "checking for fseeko... " >&6; } +if ${gl_cv_func_fseeko+:} false; then : + $as_echo_n "(cached) " >&6 +else + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + +int +main () +{ +fseeko (stdin, 0, 0); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + gl_cv_func_fseeko=yes +else + gl_cv_func_fseeko=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_func_fseeko" >&5 +$as_echo "$gl_cv_func_fseeko" >&6; } + + + if test $ac_cv_have_decl_fseeko = no; then + HAVE_DECL_FSEEKO=0 + fi + + if test $gl_cv_func_fseeko = no; then + HAVE_FSEEKO=0 + else + if test $WINDOWS_64_BIT_OFF_T = 1; then + REPLACE_FSEEKO=1 + fi + if test $gl_cv_var_stdin_large_offset = no; then + REPLACE_FSEEKO=1 + fi + + fi + + if test $HAVE_FSEEKO = 0 || test $REPLACE_FSEEKO = 1; then + + + + + + + + + ggl_LIBOBJS="$ggl_LIBOBJS fseeko.$ac_objext" + + + for ac_func in _fseeki64 +do : + ac_fn_c_check_func "$LINENO" "_fseeki64" "ac_cv_func__fseeki64" +if test "x$ac_cv_func__fseeki64" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE__FSEEKI64 1 +_ACEOF + +fi +done + + if test $ac_cv_func__fseeki64 = yes; then + ac_fn_c_check_decl "$LINENO" "_fseeki64" "ac_cv_have_decl__fseeki64" "$ac_includes_default" +if test "x$ac_cv_have_decl__fseeki64" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 +fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL__FSEEKI64 $ac_have_decl +_ACEOF + + fi + + fi + + + + + + GNULIB_FSEEKO=1 + + + + + +$as_echo "#define GNULIB_TEST_FSEEKO 1" >>confdefs.h + + + + + + + + case "$host_os" in + mingw* | solaris*) + REPLACE_FSTAT=1 + ;; + esac + + + + if test $REPLACE_FSTAT = 1; then + + + + + + + + + ggl_LIBOBJS="$ggl_LIBOBJS fstat.$ac_objext" + + case "$host_os" in + mingw*) + + + + + + + + + ggl_LIBOBJS="$ggl_LIBOBJS stat-w32.$ac_objext" + + ;; + esac + + + : + + fi + + + + + + GNULIB_FSTAT=1 + + + + + +$as_echo "#define GNULIB_TEST_FSTAT 1" >>confdefs.h + + + + + + + if test $HAVE_FTELLO = 0 || test $REPLACE_FTELLO = 1; then + REPLACE_FTELL=1 + fi + + if test $REPLACE_FTELL = 1; then + + + + + + + + + ggl_LIBOBJS="$ggl_LIBOBJS ftell.$ac_objext" + + fi + + + + + + GNULIB_FTELL=1 + + + + + +$as_echo "#define GNULIB_TEST_FTELL 1" >>confdefs.h + + + + + + + + + + + + + if test $ac_cv_have_decl_ftello = no; then + HAVE_DECL_FTELLO=0 + fi + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ftello" >&5 +$as_echo_n "checking for ftello... " >&6; } +if ${gl_cv_func_ftello+:} false; then : + $as_echo_n "(cached) " >&6 +else + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +int +main () +{ +ftello (stdin); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + gl_cv_func_ftello=yes +else + gl_cv_func_ftello=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_func_ftello" >&5 +$as_echo "$gl_cv_func_ftello" >&6; } + if test $gl_cv_func_ftello = no; then + HAVE_FTELLO=0 + else + if test $WINDOWS_64_BIT_OFF_T = 1; then + REPLACE_FTELLO=1 + fi + if test $gl_cv_var_stdin_large_offset = no; then + REPLACE_FTELLO=1 + fi + if test $REPLACE_FTELLO = 0; then + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether ftello works" >&5 +$as_echo_n "checking whether ftello works... " >&6; } +if ${gl_cv_func_ftello_works+:} false; then : + $as_echo_n "(cached) " >&6 +else + + case "$host_os" in + # Guess no on Solaris. + solaris*) gl_cv_func_ftello_works="guessing no" ;; + # Guess yes on native Windows. + mingw*) gl_cv_func_ftello_works="guessing yes" ;; + # Guess yes otherwise. + *) gl_cv_func_ftello_works="guessing yes" ;; + esac + if test "$cross_compiling" = yes; then : + : +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include +#include +#define TESTFILE "conftest.tmp" +int +main (void) +{ + FILE *fp; + + /* Create a file with some contents. */ + fp = fopen (TESTFILE, "w"); + if (fp == NULL) + return 70; + if (fwrite ("foogarsh", 1, 8, fp) < 8) + { fclose (fp); return 71; } + if (fclose (fp)) + return 72; + + /* The file's contents is now "foogarsh". */ + + /* Try writing after reading to EOF. */ + fp = fopen (TESTFILE, "r+"); + if (fp == NULL) + return 73; + if (fseek (fp, -1, SEEK_END)) + { fclose (fp); return 74; } + if (!(getc (fp) == 'h')) + { fclose (fp); return 1; } + if (!(getc (fp) == EOF)) + { fclose (fp); return 2; } + if (!(ftell (fp) == 8)) + { fclose (fp); return 3; } + if (!(ftell (fp) == 8)) + { fclose (fp); return 4; } + if (!(putc ('!', fp) == '!')) + { fclose (fp); return 5; } + if (!(ftell (fp) == 9)) + { fclose (fp); return 6; } + if (!(fclose (fp) == 0)) + return 7; + fp = fopen (TESTFILE, "r"); + if (fp == NULL) + return 75; + { + char buf[10]; + if (!(fread (buf, 1, 10, fp) == 9)) + { fclose (fp); return 10; } + if (!(memcmp (buf, "foogarsh!", 9) == 0)) + { fclose (fp); return 11; } + } + if (!(fclose (fp) == 0)) + return 12; + + /* The file's contents is now "foogarsh!". */ + + return 0; +} +_ACEOF +if ac_fn_c_try_run "$LINENO"; then : + gl_cv_func_ftello_works=yes +else + gl_cv_func_ftello_works=no +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_func_ftello_works" >&5 +$as_echo "$gl_cv_func_ftello_works" >&6; } + case "$gl_cv_func_ftello_works" in + *yes) ;; + *) + REPLACE_FTELLO=1 + +$as_echo "#define FTELLO_BROKEN_AFTER_SWITCHING_FROM_READ_TO_WRITE 1" >>confdefs.h + + ;; + esac + fi + fi + + if test $HAVE_FTELLO = 0 || test $REPLACE_FTELLO = 1; then + + + + + + + + + ggl_LIBOBJS="$ggl_LIBOBJS ftello.$ac_objext" + + + for ac_func in _ftelli64 +do : + ac_fn_c_check_func "$LINENO" "_ftelli64" "ac_cv_func__ftelli64" +if test "x$ac_cv_func__ftelli64" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE__FTELLI64 1 +_ACEOF + +fi +done + + + fi + + + + + + GNULIB_FTELLO=1 + + + + + +$as_echo "#define GNULIB_TEST_FTELLO 1" >>confdefs.h + + + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking how to do getaddrinfo, freeaddrinfo and getnameinfo" >&5 +$as_echo_n "checking how to do getaddrinfo, freeaddrinfo and getnameinfo... " >&6; } + GETADDRINFO_LIB= + gai_saved_LIBS="$LIBS" + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing getaddrinfo" >&5 +$as_echo_n "checking for library containing getaddrinfo... " >&6; } +if ${ac_cv_search_getaddrinfo+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_func_search_save_LIBS=$LIBS +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char getaddrinfo (); +int +main () +{ +return getaddrinfo (); + ; + return 0; +} +_ACEOF +for ac_lib in '' socket network net; do + if test -z "$ac_lib"; then + ac_res="none required" + else + ac_res=-l$ac_lib + LIBS="-l$ac_lib $ac_func_search_save_LIBS" + fi + if ac_fn_c_try_link "$LINENO"; then : + ac_cv_search_getaddrinfo=$ac_res +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext + if ${ac_cv_search_getaddrinfo+:} false; then : + break +fi +done +if ${ac_cv_search_getaddrinfo+:} false; then : + +else + ac_cv_search_getaddrinfo=no +fi +rm conftest.$ac_ext +LIBS=$ac_func_search_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_getaddrinfo" >&5 +$as_echo "$ac_cv_search_getaddrinfo" >&6; } +ac_res=$ac_cv_search_getaddrinfo +if test "$ac_res" != no; then : + test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" + if test "$ac_cv_search_getaddrinfo" != "none required"; then + GETADDRINFO_LIB="$ac_cv_search_getaddrinfo" + fi +fi + + LIBS="$gai_saved_LIBS $GETADDRINFO_LIB" + + HAVE_GETADDRINFO=1 + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for getaddrinfo" >&5 +$as_echo_n "checking for getaddrinfo... " >&6; } +if ${gl_cv_func_getaddrinfo+:} false; then : + $as_echo_n "(cached) " >&6 +else + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#ifdef HAVE_SYS_SOCKET_H +#include +#endif +#ifdef HAVE_NETDB_H +#include +#endif +#include + +int +main () +{ +getaddrinfo("", "", NULL, NULL); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + gl_cv_func_getaddrinfo=yes +else + gl_cv_func_getaddrinfo=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_func_getaddrinfo" >&5 +$as_echo "$gl_cv_func_getaddrinfo" >&6; } + if test $gl_cv_func_getaddrinfo = no; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for getaddrinfo in ws2tcpip.h and -lws2_32" >&5 +$as_echo_n "checking for getaddrinfo in ws2tcpip.h and -lws2_32... " >&6; } +if ${gl_cv_w32_getaddrinfo+:} false; then : + $as_echo_n "(cached) " >&6 +else + + gl_cv_w32_getaddrinfo=no + am_save_LIBS="$LIBS" + LIBS="$LIBS -lws2_32" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#ifdef HAVE_WS2TCPIP_H +#include +#endif +#include + +int +main () +{ +getaddrinfo(NULL, NULL, NULL, NULL); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + gl_cv_w32_getaddrinfo=yes +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + LIBS="$am_save_LIBS" + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_w32_getaddrinfo" >&5 +$as_echo "$gl_cv_w32_getaddrinfo" >&6; } + if test "$gl_cv_w32_getaddrinfo" = "yes"; then + GETADDRINFO_LIB="-lws2_32" + LIBS="$gai_saved_LIBS $GETADDRINFO_LIB" + else + HAVE_GETADDRINFO=0 + fi + fi + + # We can't use AC_REPLACE_FUNCS here because gai_strerror may be an + # inline function declared in ws2tcpip.h, so we need to get that + # header included somehow. + ac_fn_c_check_decl "$LINENO" "gai_strerror" "ac_cv_have_decl_gai_strerror" " +#include +#ifdef HAVE_SYS_SOCKET_H +#include +#endif +#ifdef HAVE_NETDB_H +#include +#endif +#ifdef HAVE_WS2TCPIP_H +#include +#endif +#include + +" +if test "x$ac_cv_have_decl_gai_strerror" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 +fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_GAI_STRERROR $ac_have_decl +_ACEOF + + if test $ac_cv_have_decl_gai_strerror = yes; then + ac_fn_c_check_decl "$LINENO" "gai_strerrorA" "ac_cv_have_decl_gai_strerrorA" " +#include +#ifdef HAVE_SYS_SOCKET_H +#include +#endif +#ifdef HAVE_NETDB_H +#include +#endif +#ifdef HAVE_WS2TCPIP_H +#include +#endif +#include + +" +if test "x$ac_cv_have_decl_gai_strerrorA" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 +fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_GAI_STRERRORA $ac_have_decl +_ACEOF + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for gai_strerror with POSIX signature" >&5 +$as_echo_n "checking for gai_strerror with POSIX signature... " >&6; } +if ${gl_cv_func_gai_strerror_posix_signature+:} false; then : + $as_echo_n "(cached) " >&6 +else + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#ifdef HAVE_SYS_SOCKET_H +#include +#endif +#ifdef HAVE_NETDB_H +#include +#endif +#ifdef HAVE_WS2TCPIP_H +#include +#endif +#include +extern +#ifdef __cplusplus +"C" +#endif +const char *gai_strerror(int); +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + gl_cv_func_gai_strerror_posix_signature=yes +else + gl_cv_func_gai_strerror_posix_signature=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_func_gai_strerror_posix_signature" >&5 +$as_echo "$gl_cv_func_gai_strerror_posix_signature" >&6; } + if test $gl_cv_func_gai_strerror_posix_signature = no; then + REPLACE_GAI_STRERROR=1 + fi + fi + + LIBS="$gai_saved_LIBS" + + + + + + + + + ac_fn_c_check_member "$LINENO" "struct sockaddr" "sa_len" "ac_cv_member_struct_sockaddr_sa_len" " +#include +#include + +" +if test "x$ac_cv_member_struct_sockaddr_sa_len" = xyes; then : + +cat >>confdefs.h <<_ACEOF +#define HAVE_STRUCT_SOCKADDR_SA_LEN 1 +_ACEOF + + +fi + + + + + ac_fn_c_check_decl "$LINENO" "getaddrinfo" "ac_cv_have_decl_getaddrinfo" " + /* sys/types.h is not needed according to POSIX, but the + sys/socket.h in i386-unknown-freebsd4.10 and + powerpc-apple-darwin5.5 required it. */ +#include +#ifdef HAVE_SYS_SOCKET_H +#include +#endif +#ifdef HAVE_NETDB_H +#include +#endif +#ifdef HAVE_WS2TCPIP_H +#include +#endif + +" +if test "x$ac_cv_have_decl_getaddrinfo" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 +fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_GETADDRINFO $ac_have_decl +_ACEOF +ac_fn_c_check_decl "$LINENO" "freeaddrinfo" "ac_cv_have_decl_freeaddrinfo" " + /* sys/types.h is not needed according to POSIX, but the + sys/socket.h in i386-unknown-freebsd4.10 and + powerpc-apple-darwin5.5 required it. */ +#include +#ifdef HAVE_SYS_SOCKET_H +#include +#endif +#ifdef HAVE_NETDB_H +#include +#endif +#ifdef HAVE_WS2TCPIP_H +#include +#endif + +" +if test "x$ac_cv_have_decl_freeaddrinfo" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 +fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_FREEADDRINFO $ac_have_decl +_ACEOF +ac_fn_c_check_decl "$LINENO" "getnameinfo" "ac_cv_have_decl_getnameinfo" " + /* sys/types.h is not needed according to POSIX, but the + sys/socket.h in i386-unknown-freebsd4.10 and + powerpc-apple-darwin5.5 required it. */ +#include +#ifdef HAVE_SYS_SOCKET_H +#include +#endif +#ifdef HAVE_NETDB_H +#include +#endif +#ifdef HAVE_WS2TCPIP_H +#include +#endif + +" +if test "x$ac_cv_have_decl_getnameinfo" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 +fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_GETNAMEINFO $ac_have_decl +_ACEOF + + if test $ac_cv_have_decl_getaddrinfo = no; then + HAVE_DECL_GETADDRINFO=0 + fi + if test $ac_cv_have_decl_freeaddrinfo = no; then + HAVE_DECL_FREEADDRINFO=0 + fi + if test $ac_cv_have_decl_gai_strerror = no; then + HAVE_DECL_GAI_STRERROR=0 + fi + if test $ac_cv_have_decl_getnameinfo = no; then + HAVE_DECL_GETNAMEINFO=0 + fi + + ac_fn_c_check_type "$LINENO" "struct addrinfo" "ac_cv_type_struct_addrinfo" " +#include +#ifdef HAVE_SYS_SOCKET_H +#include +#endif +#ifdef HAVE_NETDB_H +#include +#endif +#ifdef HAVE_WS2TCPIP_H +#include +#endif + +" +if test "x$ac_cv_type_struct_addrinfo" = xyes; then : + +cat >>confdefs.h <<_ACEOF +#define HAVE_STRUCT_ADDRINFO 1 +_ACEOF + + +fi + + if test $ac_cv_type_struct_addrinfo = no; then + HAVE_STRUCT_ADDRINFO=0 + fi + + case " $GETADDRINFO_LIB " in + *" $HOSTENT_LIB "*) ;; + *) GETADDRINFO_LIB="$GETADDRINFO_LIB $HOSTENT_LIB" ;; + esac + + case " $GETADDRINFO_LIB " in + *" $SERVENT_LIB "*) ;; + *) GETADDRINFO_LIB="$GETADDRINFO_LIB $SERVENT_LIB" ;; + esac + + case " $GETADDRINFO_LIB " in + *" $INET_NTOP_LIB "*) ;; + *) GETADDRINFO_LIB="$GETADDRINFO_LIB $INET_NTOP_LIB" ;; + esac + + + + + if test $HAVE_GETADDRINFO = 0; then + + + + + + + + + ggl_LIBOBJS="$ggl_LIBOBJS getaddrinfo.$ac_objext" + + fi + if test $HAVE_DECL_GAI_STRERROR = 0 || test $REPLACE_GAI_STRERROR = 1; then + + + + + + + + + ggl_LIBOBJS="$ggl_LIBOBJS gai_strerror.$ac_objext" + + fi + + + + + + GNULIB_GETADDRINFO=1 + + + + + +$as_echo "#define GNULIB_TEST_GETADDRINFO 1" >>confdefs.h + + + + + + + + + + + + if test $ac_cv_func_getdelim = yes; then + HAVE_GETDELIM=1 + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for working getdelim function" >&5 +$as_echo_n "checking for working getdelim function... " >&6; } +if ${gl_cv_func_working_getdelim+:} false; then : + $as_echo_n "(cached) " >&6 +else + echo fooNbarN | tr -d '\012' | tr N '\012' > conftest.data + if test "$cross_compiling" = yes; then : + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#ifdef __GNU_LIBRARY__ + #if (__GLIBC__ >= 2) && !defined __UCLIBC__ + Lucky GNU user + #endif +#endif + +_ACEOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + $EGREP "Lucky GNU user" >/dev/null 2>&1; then : + gl_cv_func_working_getdelim="guessing yes" +else + case "$host_os" in + *-musl*) gl_cv_func_working_getdelim="guessing yes" ;; + *) gl_cv_func_working_getdelim="guessing no" ;; + esac + +fi +rm -f conftest* + + +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +# include +# include +# include + int main () + { + FILE *in = fopen ("./conftest.data", "r"); + if (!in) + return 1; + { + /* Test result for a NULL buffer and a zero size. + Based on a test program from Karl Heuer. */ + char *line = NULL; + size_t siz = 0; + int len = getdelim (&line, &siz, '\n', in); + if (!(len == 4 && line && strcmp (line, "foo\n") == 0)) + { free (line); fclose (in); return 2; } + } + { + /* Test result for a NULL buffer and a non-zero size. + This crashes on FreeBSD 8.0. */ + char *line = NULL; + size_t siz = (size_t)(~0) / 4; + if (getdelim (&line, &siz, '\n', in) == -1) + { fclose (in); return 3; } + free (line); + } + fclose (in); + return 0; + } + +_ACEOF +if ac_fn_c_try_run "$LINENO"; then : + gl_cv_func_working_getdelim=yes +else + gl_cv_func_working_getdelim=no +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_func_working_getdelim" >&5 +$as_echo "$gl_cv_func_working_getdelim" >&6; } + case "$gl_cv_func_working_getdelim" in + *yes) ;; + *) REPLACE_GETDELIM=1 ;; + esac + else + HAVE_GETDELIM=0 + fi + + if test $ac_cv_have_decl_getdelim = no; then + HAVE_DECL_GETDELIM=0 + fi + + if test $HAVE_GETDELIM = 0 || test $REPLACE_GETDELIM = 1; then + + + + + + + + + ggl_LIBOBJS="$ggl_LIBOBJS getdelim.$ac_objext" + + + for ac_func in flockfile funlockfile +do : + as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` +ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" +if eval test \"x\$"$as_ac_var"\" = x"yes"; then : + cat >>confdefs.h <<_ACEOF +#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 +_ACEOF + +fi +done + + ac_fn_c_check_decl "$LINENO" "getc_unlocked" "ac_cv_have_decl_getc_unlocked" "$ac_includes_default" +if test "x$ac_cv_have_decl_getc_unlocked" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 +fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_GETC_UNLOCKED $ac_have_decl +_ACEOF + + + fi + + + + + + GNULIB_GETDELIM=1 + + + + + +$as_echo "#define GNULIB_TEST_GETDELIM 1" >>confdefs.h + + + + + + + + + + + gl_getline_needs_run_time_check=no + ac_fn_c_check_func "$LINENO" "getline" "ac_cv_func_getline" +if test "x$ac_cv_func_getline" = xyes; then : + gl_getline_needs_run_time_check=yes +else + am_cv_func_working_getline=no +fi + + if test $gl_getline_needs_run_time_check = yes; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for working getline function" >&5 +$as_echo_n "checking for working getline function... " >&6; } +if ${am_cv_func_working_getline+:} false; then : + $as_echo_n "(cached) " >&6 +else + echo fooNbarN | tr -d '\012' | tr N '\012' > conftest.data + if test "$cross_compiling" = yes; then : + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#ifdef __GNU_LIBRARY__ + #if (__GLIBC__ >= 2) && !defined __UCLIBC__ + Lucky GNU user + #endif +#endif + +_ACEOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + $EGREP "Lucky GNU user" >/dev/null 2>&1; then : + am_cv_func_working_getline="guessing yes" +else + case "$host_os" in + *-musl*) am_cv_func_working_getline="guessing yes" ;; + *) am_cv_func_working_getline="guessing no" ;; + esac + +fi +rm -f conftest* + + +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +# include +# include +# include + int main () + { + FILE *in = fopen ("./conftest.data", "r"); + if (!in) + return 1; + { + /* Test result for a NULL buffer and a zero size. + Based on a test program from Karl Heuer. */ + char *line = NULL; + size_t siz = 0; + int len = getline (&line, &siz, in); + if (!(len == 4 && line && strcmp (line, "foo\n") == 0)) + { free (line); fclose (in); return 2; } + free (line); + } + { + /* Test result for a NULL buffer and a non-zero size. + This crashes on FreeBSD 8.0. */ + char *line = NULL; + size_t siz = (size_t)(~0) / 4; + if (getline (&line, &siz, in) == -1) + { fclose (in); return 3; } + free (line); + } + fclose (in); + return 0; + } + +_ACEOF +if ac_fn_c_try_run "$LINENO"; then : + am_cv_func_working_getline=yes +else + am_cv_func_working_getline=no +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_func_working_getline" >&5 +$as_echo "$am_cv_func_working_getline" >&6; } + fi + + if test $ac_cv_have_decl_getline = no; then + HAVE_DECL_GETLINE=0 + fi + + case "$am_cv_func_working_getline" in + *yes) ;; + *) + REPLACE_GETLINE=1 + ;; + esac + + if test $REPLACE_GETLINE = 1; then + + + + + + + + + ggl_LIBOBJS="$ggl_LIBOBJS getline.$ac_objext" + + + : + + fi + + + + + + GNULIB_GETLINE=1 + + + + + +$as_echo "#define GNULIB_TEST_GETLINE 1" >>confdefs.h + + + + + if test $HAVE_GETPASS = 0 || test $REPLACE_GETPASS = 1; then + + + + + + + + + ggl_LIBOBJS="$ggl_LIBOBJS getpass.$ac_objext" + + + + + ac_fn_c_check_decl "$LINENO" "__fsetlocking" "ac_cv_have_decl___fsetlocking" "#include + #if HAVE_STDIO_EXT_H + #include + #endif +" +if test "x$ac_cv_have_decl___fsetlocking" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 +fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL___FSETLOCKING $ac_have_decl +_ACEOF + + + + + + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for tcgetattr" >&5 +$as_echo_n "checking for tcgetattr... " >&6; } +if ${gl_cv_func_tcgetattr+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + struct termios x; + +int +main () +{ +return tcgetattr(0,&x); + ; + return 0; +} + +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + gl_cv_func_tcgetattr=yes +else + gl_cv_func_tcgetattr=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_func_tcgetattr" >&5 +$as_echo "$gl_cv_func_tcgetattr" >&6; } + if test $gl_cv_func_tcgetattr = yes; then + HAVE_TCGETATTR=1 + else + HAVE_TCGETATTR=0 + fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_TCGETATTR $HAVE_TCGETATTR +_ACEOF + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for tcsetattr" >&5 +$as_echo_n "checking for tcsetattr... " >&6; } +if ${gl_cv_func_tcsetattr+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + struct termios x; + +int +main () +{ +return tcsetattr(0,0,&x); + ; + return 0; +} + +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + gl_cv_func_tcsetattr=yes +else + gl_cv_func_tcsetattr=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_func_tcsetattr" >&5 +$as_echo "$gl_cv_func_tcsetattr" >&6; } + if test $gl_cv_func_tcsetattr = yes; then + HAVE_TCSETATTR=1 + else + HAVE_TCSETATTR=0 + fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_TCSETATTR $HAVE_TCSETATTR +_ACEOF + + + fi + + + + + + GNULIB_GETPASS=1 + + + + + +$as_echo "#define GNULIB_TEST_GETPASS 1" >>confdefs.h + + + + + if test "$ac_cv_header_winsock2_h" = yes; then + + + + + + + + + ggl_LIBOBJS="$ggl_LIBOBJS getpeername.$ac_objext" + + fi + + + + + + GNULIB_GETPEERNAME=1 + + + + + +$as_echo "#define GNULIB_TEST_GETPEERNAME 1" >>confdefs.h + + + + + + + + + + + + + + + + + + gl_gettimeofday_timezone=void + if test $ac_cv_func_gettimeofday != yes; then + HAVE_GETTIMEOFDAY=0 + else + + + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether gettimeofday clobbers localtime buffer" >&5 +$as_echo_n "checking whether gettimeofday clobbers localtime buffer... " >&6; } +if ${gl_cv_func_gettimeofday_clobber+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test "$cross_compiling" = yes; then : + # When cross-compiling: + case "$host_os" in + # Guess all is fine on glibc systems. + *-gnu* | gnu*) gl_cv_func_gettimeofday_clobber="guessing no" ;; + # Guess all is fine on musl systems. + *-musl*) gl_cv_func_gettimeofday_clobber="guessing no" ;; + # Guess no on native Windows. + mingw*) gl_cv_func_gettimeofday_clobber="guessing no" ;; + # If we don't know, assume the worst. + *) gl_cv_func_gettimeofday_clobber="guessing yes" ;; + esac + +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + #include + #include + #include + +int +main () +{ + + time_t t = 0; + struct tm *lt; + struct tm saved_lt; + struct timeval tv; + lt = localtime (&t); + saved_lt = *lt; + gettimeofday (&tv, NULL); + return memcmp (lt, &saved_lt, sizeof (struct tm)) != 0; + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_run "$LINENO"; then : + gl_cv_func_gettimeofday_clobber=no +else + gl_cv_func_gettimeofday_clobber=yes +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_func_gettimeofday_clobber" >&5 +$as_echo "$gl_cv_func_gettimeofday_clobber" >&6; } + + case "$gl_cv_func_gettimeofday_clobber" in + *yes) + REPLACE_GETTIMEOFDAY=1 + +$as_echo "#define GETTIMEOFDAY_CLOBBERS_LOCALTIME 1" >>confdefs.h + + + + + NEED_LOCALTIME_BUFFER=1 + REPLACE_GMTIME=1 + REPLACE_LOCALTIME=1 + + ;; + esac + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for gettimeofday with POSIX signature" >&5 +$as_echo_n "checking for gettimeofday with POSIX signature... " >&6; } +if ${gl_cv_func_gettimeofday_posix_signature+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + struct timeval c; + int gettimeofday (struct timeval *restrict, void *restrict); + +int +main () +{ +/* glibc uses struct timezone * rather than the POSIX void * + if _GNU_SOURCE is defined. However, since the only portable + use of gettimeofday uses NULL as the second parameter, and + since the glibc definition is actually more typesafe, it is + not worth wrapping this to get a compliant signature. */ + int (*f) (struct timeval *restrict, void *restrict) + = gettimeofday; + int x = f (&c, 0); + return !(x | c.tv_sec | c.tv_usec); + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + gl_cv_func_gettimeofday_posix_signature=yes +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +int gettimeofday (struct timeval *restrict, struct timezone *restrict); + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + gl_cv_func_gettimeofday_posix_signature=almost +else + gl_cv_func_gettimeofday_posix_signature=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_func_gettimeofday_posix_signature" >&5 +$as_echo "$gl_cv_func_gettimeofday_posix_signature" >&6; } + if test $gl_cv_func_gettimeofday_posix_signature = almost; then + gl_gettimeofday_timezone='struct timezone' + elif test $gl_cv_func_gettimeofday_posix_signature != yes; then + REPLACE_GETTIMEOFDAY=1 + fi + if test $REPLACE_STRUCT_TIMEVAL = 1; then + REPLACE_GETTIMEOFDAY=1 + fi + case "$host_os" in + mingw*) REPLACE_GETTIMEOFDAY=1 ;; + esac + fi + +cat >>confdefs.h <<_ACEOF +#define GETTIMEOFDAY_TIMEZONE $gl_gettimeofday_timezone +_ACEOF + + + if test $HAVE_GETTIMEOFDAY = 0 || test $REPLACE_GETTIMEOFDAY = 1; then + + + + + + + + + ggl_LIBOBJS="$ggl_LIBOBJS gettimeofday.$ac_objext" + + : + fi + + + + + + GNULIB_GETTIMEOFDAY=1 + + + + + +$as_echo "#define GNULIB_TEST_GETTIMEOFDAY 1" >>confdefs.h + + + + + HOSTENT_LIB= + gl_saved_libs="$LIBS" + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing gethostbyname" >&5 +$as_echo_n "checking for library containing gethostbyname... " >&6; } +if ${ac_cv_search_gethostbyname+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_func_search_save_LIBS=$LIBS +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char gethostbyname (); +int +main () +{ +return gethostbyname (); + ; + return 0; +} +_ACEOF +for ac_lib in '' nsl network net; do + if test -z "$ac_lib"; then + ac_res="none required" + else + ac_res=-l$ac_lib + LIBS="-l$ac_lib $ac_func_search_save_LIBS" + fi + if ac_fn_c_try_link "$LINENO"; then : + ac_cv_search_gethostbyname=$ac_res +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext + if ${ac_cv_search_gethostbyname+:} false; then : + break +fi +done +if ${ac_cv_search_gethostbyname+:} false; then : + +else + ac_cv_search_gethostbyname=no +fi +rm conftest.$ac_ext +LIBS=$ac_func_search_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_gethostbyname" >&5 +$as_echo "$ac_cv_search_gethostbyname" >&6; } +ac_res=$ac_cv_search_gethostbyname +if test "$ac_res" != no; then : + test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" + if test "$ac_cv_search_gethostbyname" != "none required"; then + HOSTENT_LIB="$ac_cv_search_gethostbyname" + fi +fi + + LIBS="$gl_saved_libs" + if test -z "$HOSTENT_LIB"; then + for ac_func in gethostbyname +do : + ac_fn_c_check_func "$LINENO" "gethostbyname" "ac_cv_func_gethostbyname" +if test "x$ac_cv_func_gethostbyname" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_GETHOSTBYNAME 1 +_ACEOF + +else + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for gethostbyname in winsock2.h and -lws2_32" >&5 +$as_echo_n "checking for gethostbyname in winsock2.h and -lws2_32... " >&6; } +if ${gl_cv_w32_gethostbyname+:} false; then : + $as_echo_n "(cached) " >&6 +else + gl_cv_w32_gethostbyname=no + gl_save_LIBS="$LIBS" + LIBS="$LIBS -lws2_32" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#ifdef HAVE_WINSOCK2_H +#include +#endif +#include + +int +main () +{ +gethostbyname(NULL); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + gl_cv_w32_gethostbyname=yes +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + LIBS="$gl_save_LIBS" + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_w32_gethostbyname" >&5 +$as_echo "$gl_cv_w32_gethostbyname" >&6; } + if test "$gl_cv_w32_gethostbyname" = "yes"; then + HOSTENT_LIB="-lws2_32" + fi + +fi +done + + fi + + + + + + + + + + HAVE_INET_NTOP=1 + INET_NTOP_LIB= + + + + + if test $ac_cv_header_sys_socket_h != yes; then + for ac_header in winsock2.h +do : + ac_fn_c_check_header_mongrel "$LINENO" "winsock2.h" "ac_cv_header_winsock2_h" "$ac_includes_default" +if test "x$ac_cv_header_winsock2_h" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_WINSOCK2_H 1 +_ACEOF + +fi + +done + + fi + if test "$ac_cv_header_winsock2_h" = yes; then + HAVE_WINSOCK2_H=1 + UNISTD_H_HAVE_WINSOCK2_H=1 + SYS_IOCTL_H_HAVE_WINSOCK2_H=1 + else + HAVE_WINSOCK2_H=0 + fi + + + if test $HAVE_WINSOCK2_H = 1; then + ac_fn_c_check_decl "$LINENO" "inet_ntop" "ac_cv_have_decl_inet_ntop" "#include +" +if test "x$ac_cv_have_decl_inet_ntop" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 +fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_INET_NTOP $ac_have_decl +_ACEOF + + if test $ac_cv_have_decl_inet_ntop = yes; then + REPLACE_INET_NTOP=1 + INET_NTOP_LIB="-lws2_32" + else + HAVE_DECL_INET_NTOP=0 + HAVE_INET_NTOP=0 + fi + else + gl_save_LIBS=$LIBS + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing inet_ntop" >&5 +$as_echo_n "checking for library containing inet_ntop... " >&6; } +if ${ac_cv_search_inet_ntop+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_func_search_save_LIBS=$LIBS +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char inet_ntop (); +int +main () +{ +return inet_ntop (); + ; + return 0; +} +_ACEOF +for ac_lib in '' nsl resolv network; do + if test -z "$ac_lib"; then + ac_res="none required" + else + ac_res=-l$ac_lib + LIBS="-l$ac_lib $ac_func_search_save_LIBS" + fi + if ac_fn_c_try_link "$LINENO"; then : + ac_cv_search_inet_ntop=$ac_res +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext + if ${ac_cv_search_inet_ntop+:} false; then : + break +fi +done +if ${ac_cv_search_inet_ntop+:} false; then : + +else + ac_cv_search_inet_ntop=no +fi +rm conftest.$ac_ext +LIBS=$ac_func_search_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_inet_ntop" >&5 +$as_echo "$ac_cv_search_inet_ntop" >&6; } +ac_res=$ac_cv_search_inet_ntop +if test "$ac_res" != no; then : + test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" + +else + for ac_func in inet_ntop +do : + ac_fn_c_check_func "$LINENO" "inet_ntop" "ac_cv_func_inet_ntop" +if test "x$ac_cv_func_inet_ntop" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_INET_NTOP 1 +_ACEOF + +fi +done + + if test $ac_cv_func_inet_ntop = no; then + HAVE_INET_NTOP=0 + fi + +fi + + LIBS=$gl_save_LIBS + + if test "$ac_cv_search_inet_ntop" != "no" \ + && test "$ac_cv_search_inet_ntop" != "none required"; then + INET_NTOP_LIB="$ac_cv_search_inet_ntop" + fi + + + ac_fn_c_check_decl "$LINENO" "inet_ntop" "ac_cv_have_decl_inet_ntop" "#include + #if HAVE_NETDB_H + # include + #endif + +" +if test "x$ac_cv_have_decl_inet_ntop" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 +fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_INET_NTOP $ac_have_decl +_ACEOF + + if test $ac_cv_have_decl_inet_ntop = no; then + HAVE_DECL_INET_NTOP=0 + fi + fi + + + if test $HAVE_INET_NTOP = 0 || test $REPLACE_INET_NTOP = 1; then + + + + + + + + + ggl_LIBOBJS="$ggl_LIBOBJS inet_ntop.$ac_objext" + + + + + fi + + + + + + GNULIB_INET_NTOP=1 + + + + + + + + + + + + HAVE_INET_PTON=1 + INET_PTON_LIB= + + + + + if test $ac_cv_header_sys_socket_h != yes; then + for ac_header in winsock2.h +do : + ac_fn_c_check_header_mongrel "$LINENO" "winsock2.h" "ac_cv_header_winsock2_h" "$ac_includes_default" +if test "x$ac_cv_header_winsock2_h" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_WINSOCK2_H 1 +_ACEOF + +fi + +done + + fi + if test "$ac_cv_header_winsock2_h" = yes; then + HAVE_WINSOCK2_H=1 + UNISTD_H_HAVE_WINSOCK2_H=1 + SYS_IOCTL_H_HAVE_WINSOCK2_H=1 + else + HAVE_WINSOCK2_H=0 + fi + + + if test $HAVE_WINSOCK2_H = 1; then + ac_fn_c_check_decl "$LINENO" "inet_pton" "ac_cv_have_decl_inet_pton" "#include +" +if test "x$ac_cv_have_decl_inet_pton" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 +fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_INET_PTON $ac_have_decl +_ACEOF + + if test $ac_cv_have_decl_inet_pton = yes; then + REPLACE_INET_PTON=1 + INET_PTON_LIB="-lws2_32" + else + HAVE_DECL_INET_PTON=0 + HAVE_INET_PTON=0 + fi + else + gl_save_LIBS=$LIBS + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing inet_pton" >&5 +$as_echo_n "checking for library containing inet_pton... " >&6; } +if ${ac_cv_search_inet_pton+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_func_search_save_LIBS=$LIBS +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char inet_pton (); +int +main () +{ +return inet_pton (); + ; + return 0; +} +_ACEOF +for ac_lib in '' nsl resolv network; do + if test -z "$ac_lib"; then + ac_res="none required" + else + ac_res=-l$ac_lib + LIBS="-l$ac_lib $ac_func_search_save_LIBS" + fi + if ac_fn_c_try_link "$LINENO"; then : + ac_cv_search_inet_pton=$ac_res +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext + if ${ac_cv_search_inet_pton+:} false; then : + break +fi +done +if ${ac_cv_search_inet_pton+:} false; then : + +else + ac_cv_search_inet_pton=no +fi +rm conftest.$ac_ext +LIBS=$ac_func_search_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_inet_pton" >&5 +$as_echo "$ac_cv_search_inet_pton" >&6; } +ac_res=$ac_cv_search_inet_pton +if test "$ac_res" != no; then : + test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" + +else + for ac_func in inet_pton +do : + ac_fn_c_check_func "$LINENO" "inet_pton" "ac_cv_func_inet_pton" +if test "x$ac_cv_func_inet_pton" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_INET_PTON 1 +_ACEOF + +fi +done + + if test $ac_cv_func_inet_pton = no; then + HAVE_INET_PTON=0 + fi + +fi + + LIBS=$gl_save_LIBS + + if test "$ac_cv_search_inet_pton" != "no" \ + && test "$ac_cv_search_inet_pton" != "none required"; then + INET_PTON_LIB="$ac_cv_search_inet_pton" + fi + + + ac_fn_c_check_decl "$LINENO" "inet_pton" "ac_cv_have_decl_inet_pton" "#include + #if HAVE_NETDB_H + # include + #endif + +" +if test "x$ac_cv_have_decl_inet_pton" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 +fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_INET_PTON $ac_have_decl +_ACEOF + + if test $ac_cv_have_decl_inet_pton = no; then + HAVE_DECL_INET_PTON=0 + fi + fi + + + if test $HAVE_INET_PTON = 0 || test $REPLACE_INET_NTOP = 1; then + + + + + + + + + ggl_LIBOBJS="$ggl_LIBOBJS inet_pton.$ac_objext" + + + + + fi + + + + + + GNULIB_INET_PTON=1 + + + + + + + + + + PRIPTR_PREFIX= + if test -n "$STDINT_H"; then + PRIPTR_PREFIX='"l"' + else + for glpfx in '' l ll I64; do + case $glpfx in + '') gltype1='int';; + l) gltype1='long int';; + ll) gltype1='long long int';; + I64) gltype1='__int64';; + esac + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + extern intptr_t foo; + extern $gltype1 foo; +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + PRIPTR_PREFIX='"'$glpfx'"' +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + test -n "$PRIPTR_PREFIX" && break + done + fi + + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether INT32_MAX < INTMAX_MAX" >&5 +$as_echo_n "checking whether INT32_MAX < INTMAX_MAX... " >&6; } +if ${gl_cv_test_INT32_MAX_LT_INTMAX_MAX+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +/* Work also in C++ mode. */ + #define __STDC_LIMIT_MACROS 1 + + /* Work if build is not clean. */ + #define _GL_JUST_INCLUDE_SYSTEM_STDINT_H + + #include + #if HAVE_STDINT_H + #include + #endif + + #if defined INT32_MAX && defined INTMAX_MAX + #define CONDITION (INT32_MAX < INTMAX_MAX) + #elif HAVE_LONG_LONG_INT + #define CONDITION (sizeof (int) < sizeof (long long int)) + #else + #define CONDITION 0 + #endif + int test[CONDITION ? 1 : -1]; +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + gl_cv_test_INT32_MAX_LT_INTMAX_MAX=yes +else + gl_cv_test_INT32_MAX_LT_INTMAX_MAX=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_test_INT32_MAX_LT_INTMAX_MAX" >&5 +$as_echo "$gl_cv_test_INT32_MAX_LT_INTMAX_MAX" >&6; } + if test $gl_cv_test_INT32_MAX_LT_INTMAX_MAX = yes; then + INT32_MAX_LT_INTMAX_MAX=1; + else + INT32_MAX_LT_INTMAX_MAX=0; + fi + + + if test $APPLE_UNIVERSAL_BUILD = 0; then + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether INT64_MAX == LONG_MAX" >&5 +$as_echo_n "checking whether INT64_MAX == LONG_MAX... " >&6; } +if ${gl_cv_test_INT64_MAX_EQ_LONG_MAX+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +/* Work also in C++ mode. */ + #define __STDC_LIMIT_MACROS 1 + + /* Work if build is not clean. */ + #define _GL_JUST_INCLUDE_SYSTEM_STDINT_H + + #include + #if HAVE_STDINT_H + #include + #endif + + #if defined INT64_MAX + #define CONDITION (INT64_MAX == LONG_MAX) + #elif HAVE_LONG_LONG_INT + #define CONDITION (sizeof (long long int) == sizeof (long int)) + #else + #define CONDITION 0 + #endif + int test[CONDITION ? 1 : -1]; +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + gl_cv_test_INT64_MAX_EQ_LONG_MAX=yes +else + gl_cv_test_INT64_MAX_EQ_LONG_MAX=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_test_INT64_MAX_EQ_LONG_MAX" >&5 +$as_echo "$gl_cv_test_INT64_MAX_EQ_LONG_MAX" >&6; } + if test $gl_cv_test_INT64_MAX_EQ_LONG_MAX = yes; then + INT64_MAX_EQ_LONG_MAX=1; + else + INT64_MAX_EQ_LONG_MAX=0; + fi + + + else + INT64_MAX_EQ_LONG_MAX=-1 + fi + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether UINT32_MAX < UINTMAX_MAX" >&5 +$as_echo_n "checking whether UINT32_MAX < UINTMAX_MAX... " >&6; } +if ${gl_cv_test_UINT32_MAX_LT_UINTMAX_MAX+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +/* Work also in C++ mode. */ + #define __STDC_LIMIT_MACROS 1 + + /* Work if build is not clean. */ + #define _GL_JUST_INCLUDE_SYSTEM_STDINT_H + + #include + #if HAVE_STDINT_H + #include + #endif + + #if defined UINT32_MAX && defined UINTMAX_MAX + #define CONDITION (UINT32_MAX < UINTMAX_MAX) + #elif HAVE_LONG_LONG_INT + #define CONDITION (sizeof (unsigned int) < sizeof (unsigned long long int)) + #else + #define CONDITION 0 + #endif + int test[CONDITION ? 1 : -1]; +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + gl_cv_test_UINT32_MAX_LT_UINTMAX_MAX=yes +else + gl_cv_test_UINT32_MAX_LT_UINTMAX_MAX=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_test_UINT32_MAX_LT_UINTMAX_MAX" >&5 +$as_echo "$gl_cv_test_UINT32_MAX_LT_UINTMAX_MAX" >&6; } + if test $gl_cv_test_UINT32_MAX_LT_UINTMAX_MAX = yes; then + UINT32_MAX_LT_UINTMAX_MAX=1; + else + UINT32_MAX_LT_UINTMAX_MAX=0; + fi + + + if test $APPLE_UNIVERSAL_BUILD = 0; then + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether UINT64_MAX == ULONG_MAX" >&5 +$as_echo_n "checking whether UINT64_MAX == ULONG_MAX... " >&6; } +if ${gl_cv_test_UINT64_MAX_EQ_ULONG_MAX+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +/* Work also in C++ mode. */ + #define __STDC_LIMIT_MACROS 1 + + /* Work if build is not clean. */ + #define _GL_JUST_INCLUDE_SYSTEM_STDINT_H + + #include + #if HAVE_STDINT_H + #include + #endif + + #if defined UINT64_MAX + #define CONDITION (UINT64_MAX == ULONG_MAX) + #elif HAVE_LONG_LONG_INT + #define CONDITION (sizeof (unsigned long long int) == sizeof (unsigned long int)) + #else + #define CONDITION 0 + #endif + int test[CONDITION ? 1 : -1]; +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + gl_cv_test_UINT64_MAX_EQ_ULONG_MAX=yes +else + gl_cv_test_UINT64_MAX_EQ_ULONG_MAX=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_test_UINT64_MAX_EQ_ULONG_MAX" >&5 +$as_echo "$gl_cv_test_UINT64_MAX_EQ_ULONG_MAX" >&6; } + if test $gl_cv_test_UINT64_MAX_EQ_ULONG_MAX = yes; then + UINT64_MAX_EQ_ULONG_MAX=1; + else + UINT64_MAX_EQ_ULONG_MAX=0; + fi + + + else + UINT64_MAX_EQ_ULONG_MAX=-1 + fi + + + + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the compiler supports the __inline keyword" >&5 +$as_echo_n "checking whether the compiler supports the __inline keyword... " >&6; } +if ${gl_cv_c___inline+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +typedef int foo_t; + static __inline foo_t foo (void) { return 0; } +int +main () +{ +return foo (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + gl_cv_c___inline=yes +else + gl_cv_c___inline=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_c___inline" >&5 +$as_echo "$gl_cv_c___inline" >&6; } + if test $gl_cv_c___inline = yes; then + +$as_echo "#define HAVE___INLINE 1" >>confdefs.h + + fi + + + + if test "$ac_cv_header_winsock2_h" = yes; then + + + + + + + + + ggl_LIBOBJS="$ggl_LIBOBJS listen.$ac_objext" + + fi + + + + + + GNULIB_LISTEN=1 + + + + + +$as_echo "#define GNULIB_TEST_LISTEN 1" >>confdefs.h + + + + + + + + + + + + + ggl_LIBOBJS="$ggl_LIBOBJS localtime-buffer.$ac_objext" + + + + + + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether lseek detects pipes" >&5 +$as_echo_n "checking whether lseek detects pipes... " >&6; } +if ${gl_cv_func_lseek_pipe+:} false; then : + $as_echo_n "(cached) " >&6 +else + case "$host_os" in + mingw*) + gl_cv_func_lseek_pipe=no + ;; + *) + if test $cross_compiling = no; then + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include /* for off_t */ +#include /* for SEEK_CUR */ +#if HAVE_UNISTD_H +# include +#else /* on Windows with MSVC */ +# include +#endif + +int +main () +{ + + /* Exit with success only if stdin is seekable. */ + return lseek (0, (off_t)0, SEEK_CUR) < 0; + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + if test -s conftest$ac_exeext \ + && ./conftest$ac_exeext < conftest.$ac_ext \ + && test 1 = "`echo hi \ + | { ./conftest$ac_exeext; echo $?; cat >/dev/null; }`"; then + gl_cv_func_lseek_pipe=yes + else + gl_cv_func_lseek_pipe=no + fi + +else + gl_cv_func_lseek_pipe=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#if defined __BEOS__ +/* BeOS mistakenly return 0 when trying to seek on pipes. */ + Choke me. +#endif +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + gl_cv_func_lseek_pipe=yes +else + gl_cv_func_lseek_pipe=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + fi + ;; + esac + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_func_lseek_pipe" >&5 +$as_echo "$gl_cv_func_lseek_pipe" >&6; } + if test $gl_cv_func_lseek_pipe = no; then + REPLACE_LSEEK=1 + +$as_echo "#define LSEEK_PIPE_BROKEN 1" >>confdefs.h + + fi + + + if test $WINDOWS_64_BIT_OFF_T = 1; then + REPLACE_LSEEK=1 + fi + + if test $REPLACE_LSEEK = 1; then + + + + + + + + + ggl_LIBOBJS="$ggl_LIBOBJS lseek.$ac_objext" + + fi + + + + + + GNULIB_LSEEK=1 + + + + + +$as_echo "#define GNULIB_TEST_LSEEK 1" >>confdefs.h + + + + + + + if test $gl_cv_func_malloc_posix = yes; then + +$as_echo "#define HAVE_MALLOC_POSIX 1" >>confdefs.h + + else + REPLACE_MALLOC=1 + fi + + if test $REPLACE_MALLOC = 1; then + + + + + + + + + ggl_LIBOBJS="$ggl_LIBOBJS malloc.$ac_objext" + + fi + + + + + + GNULIB_MALLOC_POSIX=1 + + + + + +$as_echo "#define GNULIB_TEST_MALLOC_POSIX 1" >>confdefs.h + + + + + + + + + if test $HAVE_MEMCHR = 0 || test $REPLACE_MEMCHR = 1; then + + + + + + + + + ggl_LIBOBJS="$ggl_LIBOBJS memchr.$ac_objext" + + + for ac_header in bp-sym.h +do : + ac_fn_c_check_header_mongrel "$LINENO" "bp-sym.h" "ac_cv_header_bp_sym_h" "$ac_includes_default" +if test "x$ac_cv_header_bp_sym_h" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_BP_SYM_H 1 +_ACEOF + +fi + +done + + + fi + + + + + + GNULIB_MEMCHR=1 + + + + + +$as_echo "#define GNULIB_TEST_MEMCHR 1" >>confdefs.h + + + + + + + + + + + + REPLACE_MKTIME=0 + if test "$gl_cv_func_working_mktime" != yes; then + REPLACE_MKTIME=1 + +$as_echo "#define NEED_MKTIME_WORKING 1" >>confdefs.h + + fi + case "$host_os" in + mingw*) + REPLACE_MKTIME=1 + +$as_echo "#define NEED_MKTIME_WINDOWS 1" >>confdefs.h + + ;; + esac + + if test $REPLACE_MKTIME = 1; then + + + + + + + + + ggl_LIBOBJS="$ggl_LIBOBJS mktime.$ac_objext" + + : + fi + + + + + + GNULIB_MKTIME=1 + + + + + +$as_echo "#define GNULIB_TEST_MKTIME 1" >>confdefs.h + + + + + + + WANT_MKTIME_INTERNAL=0 + ac_fn_c_check_func "$LINENO" "__mktime_internal" "ac_cv_func___mktime_internal" +if test "x$ac_cv_func___mktime_internal" = xyes; then : + +$as_echo "#define mktime_internal __mktime_internal" >>confdefs.h + + +else + WANT_MKTIME_INTERNAL=1 + +$as_echo "#define NEED_MKTIME_INTERNAL 1" >>confdefs.h + + +fi + + + if test $WANT_MKTIME_INTERNAL = 1; then + + + + + + + + + ggl_LIBOBJS="$ggl_LIBOBJS mktime.$ac_objext" + + : + fi + + if test $HAVE_MSVC_INVALID_PARAMETER_HANDLER = 1; then + + + + + + + + + ggl_LIBOBJS="$ggl_LIBOBJS msvc-inval.$ac_objext" + + fi + + if test $HAVE_MSVC_INVALID_PARAMETER_HANDLER = 1; then + + + + + + + + + ggl_LIBOBJS="$ggl_LIBOBJS msvc-nothrow.$ac_objext" + + fi + + +cat >>confdefs.h <<_ACEOF +#define GNULIB_MSVC_NOTHROW 1 +_ACEOF + + + + + + + + + + + + + + + if test $gl_cv_have_include_next = yes; then + gl_cv_next_netdb_h='<'netdb.h'>' + else + { $as_echo "$as_me:${as_lineno-$LINENO}: checking absolute name of " >&5 +$as_echo_n "checking absolute name of ... " >&6; } +if ${gl_cv_next_netdb_h+:} false; then : + $as_echo_n "(cached) " >&6 +else + + if test $ac_cv_header_netdb_h = yes; then + + + + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +_ACEOF + case "$host_os" in + aix*) gl_absname_cpp="$ac_cpp -C" ;; + *) gl_absname_cpp="$ac_cpp" ;; + esac + + case "$host_os" in + mingw*) + gl_dirsep_regex='[/\\]' + ;; + *) + gl_dirsep_regex='\/' + ;; + esac + gl_make_literal_regex_sed='s,[]$^\\.*/[],\\&,g' + gl_header_literal_regex=`echo 'netdb.h' \ + | sed -e "$gl_make_literal_regex_sed"` + gl_absolute_header_sed="/${gl_dirsep_regex}${gl_header_literal_regex}/"'{ + s/.*"\(.*'"${gl_dirsep_regex}${gl_header_literal_regex}"'\)".*/\1/ + s|^/[^/]|//&| + p + q + }' + + gl_cv_absolute_netdb_h=`(eval "$gl_absname_cpp conftest.$ac_ext") 2>&5 | + sed -n "$gl_absolute_header_sed"` + + gl_header=$gl_cv_absolute_netdb_h + gl_cv_next_netdb_h='"'$gl_header'"' + else + gl_cv_next_netdb_h='<'netdb.h'>' + fi + + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_next_netdb_h" >&5 +$as_echo "$gl_cv_next_netdb_h" >&6; } + fi + NEXT_NETDB_H=$gl_cv_next_netdb_h + + if test $gl_cv_have_include_next = yes || test $gl_cv_have_include_next = buggy; then + # INCLUDE_NEXT_AS_FIRST_DIRECTIVE='include_next' + gl_next_as_first_directive='<'netdb.h'>' + else + # INCLUDE_NEXT_AS_FIRST_DIRECTIVE='include' + gl_next_as_first_directive=$gl_cv_next_netdb_h + fi + NEXT_AS_FIRST_DIRECTIVE_NETDB_H=$gl_next_as_first_directive + + + + + if test $ac_cv_header_netdb_h = yes; then + HAVE_NETDB_H=1 + else + HAVE_NETDB_H=0 + fi + + + + + + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether is self-contained" >&5 +$as_echo_n "checking whether is self-contained... " >&6; } +if ${gl_cv_header_netinet_in_h_selfcontained+:} false; then : + $as_echo_n "(cached) " >&6 +else + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + gl_cv_header_netinet_in_h_selfcontained=yes +else + gl_cv_header_netinet_in_h_selfcontained=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_header_netinet_in_h_selfcontained" >&5 +$as_echo "$gl_cv_header_netinet_in_h_selfcontained" >&6; } + if test $gl_cv_header_netinet_in_h_selfcontained = yes; then + NETINET_IN_H='' + else + NETINET_IN_H='netinet/in.h' + for ac_header in netinet/in.h +do : + ac_fn_c_check_header_mongrel "$LINENO" "netinet/in.h" "ac_cv_header_netinet_in_h" "$ac_includes_default" +if test "x$ac_cv_header_netinet_in_h" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_NETINET_IN_H 1 +_ACEOF + +fi + +done + + + + + + + + + + + if test $gl_cv_have_include_next = yes; then + gl_cv_next_netinet_in_h='<'netinet/in.h'>' + else + { $as_echo "$as_me:${as_lineno-$LINENO}: checking absolute name of " >&5 +$as_echo_n "checking absolute name of ... " >&6; } +if ${gl_cv_next_netinet_in_h+:} false; then : + $as_echo_n "(cached) " >&6 +else + + if test $ac_cv_header_netinet_in_h = yes; then + + + + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +_ACEOF + case "$host_os" in + aix*) gl_absname_cpp="$ac_cpp -C" ;; + *) gl_absname_cpp="$ac_cpp" ;; + esac + + case "$host_os" in + mingw*) + gl_dirsep_regex='[/\\]' + ;; + *) + gl_dirsep_regex='\/' + ;; + esac + gl_make_literal_regex_sed='s,[]$^\\.*/[],\\&,g' + gl_header_literal_regex=`echo 'netinet/in.h' \ + | sed -e "$gl_make_literal_regex_sed"` + gl_absolute_header_sed="/${gl_dirsep_regex}${gl_header_literal_regex}/"'{ + s/.*"\(.*'"${gl_dirsep_regex}${gl_header_literal_regex}"'\)".*/\1/ + s|^/[^/]|//&| + p + q + }' + + gl_cv_absolute_netinet_in_h=`(eval "$gl_absname_cpp conftest.$ac_ext") 2>&5 | + sed -n "$gl_absolute_header_sed"` + + gl_header=$gl_cv_absolute_netinet_in_h + gl_cv_next_netinet_in_h='"'$gl_header'"' + else + gl_cv_next_netinet_in_h='<'netinet/in.h'>' + fi + + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_next_netinet_in_h" >&5 +$as_echo "$gl_cv_next_netinet_in_h" >&6; } + fi + NEXT_NETINET_IN_H=$gl_cv_next_netinet_in_h + + if test $gl_cv_have_include_next = yes || test $gl_cv_have_include_next = buggy; then + # INCLUDE_NEXT_AS_FIRST_DIRECTIVE='include_next' + gl_next_as_first_directive='<'netinet/in.h'>' + else + # INCLUDE_NEXT_AS_FIRST_DIRECTIVE='include' + gl_next_as_first_directive=$gl_cv_next_netinet_in_h + fi + NEXT_AS_FIRST_DIRECTIVE_NETINET_IN_H=$gl_next_as_first_directive + + + + + if test $ac_cv_header_netinet_in_h = yes; then + HAVE_NETINET_IN_H=1 + else + HAVE_NETINET_IN_H=0 + fi + + fi + + if test -n "$NETINET_IN_H"; then + GL_GENERATE_NETINET_IN_H_TRUE= + GL_GENERATE_NETINET_IN_H_FALSE='#' +else + GL_GENERATE_NETINET_IN_H_TRUE='#' + GL_GENERATE_NETINET_IN_H_FALSE= +fi + + + + + # This defines (or not) HAVE_TZNAME and HAVE_TM_ZONE. + + + + + + + +$as_echo "#define my_strftime nstrftime" >>confdefs.h + + + + + + + + + ac_fn_c_check_member "$LINENO" "struct tm" "tm_zone" "ac_cv_member_struct_tm_tm_zone" "#include +#include <$ac_cv_struct_tm> + +" +if test "x$ac_cv_member_struct_tm_tm_zone" = xyes; then : + +cat >>confdefs.h <<_ACEOF +#define HAVE_STRUCT_TM_TM_ZONE 1 +_ACEOF + + +fi + +if test "$ac_cv_member_struct_tm_tm_zone" = yes; then + +$as_echo "#define HAVE_TM_ZONE 1" >>confdefs.h + +else + ac_fn_c_check_decl "$LINENO" "tzname" "ac_cv_have_decl_tzname" "#include +" +if test "x$ac_cv_have_decl_tzname" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 +fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_TZNAME $ac_have_decl +_ACEOF + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for tzname" >&5 +$as_echo_n "checking for tzname... " >&6; } +if ${ac_cv_var_tzname+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +#if !HAVE_DECL_TZNAME +extern char *tzname[]; +#endif + +int +main () +{ +return tzname[0][0]; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + ac_cv_var_tzname=yes +else + ac_cv_var_tzname=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_var_tzname" >&5 +$as_echo "$ac_cv_var_tzname" >&6; } + if test $ac_cv_var_tzname = yes; then + +$as_echo "#define HAVE_TZNAME 1" >>confdefs.h + + fi +fi + + + + + + + + ac_fn_c_check_decl "$LINENO" "program_invocation_name" "ac_cv_have_decl_program_invocation_name" "#include +" +if test "x$ac_cv_have_decl_program_invocation_name" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 +fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_PROGRAM_INVOCATION_NAME $ac_have_decl +_ACEOF + + ac_fn_c_check_decl "$LINENO" "program_invocation_short_name" "ac_cv_have_decl_program_invocation_short_name" "#include +" +if test "x$ac_cv_have_decl_program_invocation_short_name" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 +fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_PROGRAM_INVOCATION_SHORT_NAME $ac_have_decl +_ACEOF + + : + + + + if test $gl_cv_func_malloc_posix = yes; then + +$as_echo "#define HAVE_REALLOC_POSIX 1" >>confdefs.h + + else + REPLACE_REALLOC=1 + fi + + if test $REPLACE_REALLOC = 1; then + + + + + + + + + ggl_LIBOBJS="$ggl_LIBOBJS realloc.$ac_objext" + + fi + + + + + + GNULIB_REALLOC_POSIX=1 + + + + + +$as_echo "#define GNULIB_TEST_REALLOC_POSIX 1" >>confdefs.h + + + + + if test "$ac_cv_header_winsock2_h" = yes; then + + + + + + + + + ggl_LIBOBJS="$ggl_LIBOBJS recv.$ac_objext" + + fi + + + + + + GNULIB_RECV=1 + + + + + +$as_echo "#define GNULIB_TEST_RECV 1" >>confdefs.h + + + + + if test "$ac_cv_header_winsock2_h" = yes; then + + + + + + + + + ggl_LIBOBJS="$ggl_LIBOBJS recvfrom.$ac_objext" + + fi + + + + + + GNULIB_RECVFROM=1 + + + + + +$as_echo "#define GNULIB_TEST_RECVFROM 1" >>confdefs.h + + + + + + + + if test "$ac_cv_header_winsock2_h" = yes; then + REPLACE_SELECT=1 + else + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether select supports a 0 argument" >&5 +$as_echo_n "checking whether select supports a 0 argument... " >&6; } +if ${gl_cv_func_select_supports0+:} false; then : + $as_echo_n "(cached) " >&6 +else + + if test "$cross_compiling" = yes; then : + + case "$host_os" in + # Guess no on Interix. + interix*) gl_cv_func_select_supports0="guessing no";; + # Guess yes otherwise. + *) gl_cv_func_select_supports0="guessing yes";; + esac + +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include +#if HAVE_SYS_SELECT_H +#include +#endif +int main () +{ + struct timeval timeout; + timeout.tv_sec = 0; + timeout.tv_usec = 5; + return select (0, (fd_set *)0, (fd_set *)0, (fd_set *)0, &timeout) < 0; +} +_ACEOF +if ac_fn_c_try_run "$LINENO"; then : + gl_cv_func_select_supports0=yes +else + gl_cv_func_select_supports0=no +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_func_select_supports0" >&5 +$as_echo "$gl_cv_func_select_supports0" >&6; } + case "$gl_cv_func_select_supports0" in + *yes) ;; + *) REPLACE_SELECT=1 ;; + esac + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether select detects invalid fds" >&5 +$as_echo_n "checking whether select detects invalid fds... " >&6; } +if ${gl_cv_func_select_detects_ebadf+:} false; then : + $as_echo_n "(cached) " >&6 +else + + if test "$cross_compiling" = yes; then : + + case "$host_os" in + # Guess yes on Linux systems. + linux-* | linux) gl_cv_func_select_detects_ebadf="guessing yes" ;; + # Guess yes on glibc systems. + *-gnu* | gnu*) gl_cv_func_select_detects_ebadf="guessing yes" ;; + # If we don't know, assume the worst. + *) gl_cv_func_select_detects_ebadf="guessing no" ;; + esac + +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include +#if HAVE_SYS_SELECT_H +# include +#endif +#include +#include + +int +main () +{ + + fd_set set; + dup2(0, 16); + FD_ZERO(&set); + FD_SET(16, &set); + close(16); + struct timeval timeout; + timeout.tv_sec = 0; + timeout.tv_usec = 5; + return select (17, &set, NULL, NULL, &timeout) != -1 || errno != EBADF; + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_run "$LINENO"; then : + gl_cv_func_select_detects_ebadf=yes +else + gl_cv_func_select_detects_ebadf=no +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_func_select_detects_ebadf" >&5 +$as_echo "$gl_cv_func_select_detects_ebadf" >&6; } + case $gl_cv_func_select_detects_ebadf in + *yes) ;; + *) REPLACE_SELECT=1 ;; + esac + fi + + LIB_SELECT="$LIBSOCKET" + if test $REPLACE_SELECT = 1; then + case "$host_os" in + mingw*) + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#define WIN32_LEAN_AND_MEAN +#include +int +main () +{ + MsgWaitForMultipleObjects (0, NULL, 0, 0, 0); + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + +else + LIB_SELECT="$LIB_SELECT -luser32" +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + ;; + esac + fi + + + if test $REPLACE_SELECT = 1; then + + + + + + + + + ggl_LIBOBJS="$ggl_LIBOBJS select.$ac_objext" + + fi + + + + + + GNULIB_SELECT=1 + + + + + +$as_echo "#define GNULIB_TEST_SELECT 1" >>confdefs.h + + + + + if test "$ac_cv_header_winsock2_h" = yes; then + + + + + + + + + ggl_LIBOBJS="$ggl_LIBOBJS send.$ac_objext" + + fi + + + + + + GNULIB_SEND=1 + + + + + +$as_echo "#define GNULIB_TEST_SEND 1" >>confdefs.h + + + + + if test "$ac_cv_header_winsock2_h" = yes; then + + + + + + + + + ggl_LIBOBJS="$ggl_LIBOBJS sendto.$ac_objext" + + fi + + + + + + GNULIB_SENDTO=1 + + + + + +$as_echo "#define GNULIB_TEST_SENDTO 1" >>confdefs.h + + + + + SERVENT_LIB= + gl_saved_libs="$LIBS" + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing getservbyname" >&5 +$as_echo_n "checking for library containing getservbyname... " >&6; } +if ${ac_cv_search_getservbyname+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_func_search_save_LIBS=$LIBS +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char getservbyname (); +int +main () +{ +return getservbyname (); + ; + return 0; +} +_ACEOF +for ac_lib in '' socket network net; do + if test -z "$ac_lib"; then + ac_res="none required" + else + ac_res=-l$ac_lib + LIBS="-l$ac_lib $ac_func_search_save_LIBS" + fi + if ac_fn_c_try_link "$LINENO"; then : + ac_cv_search_getservbyname=$ac_res +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext + if ${ac_cv_search_getservbyname+:} false; then : + break +fi +done +if ${ac_cv_search_getservbyname+:} false; then : + +else + ac_cv_search_getservbyname=no +fi +rm conftest.$ac_ext +LIBS=$ac_func_search_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_getservbyname" >&5 +$as_echo "$ac_cv_search_getservbyname" >&6; } +ac_res=$ac_cv_search_getservbyname +if test "$ac_res" != no; then : + test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" + if test "$ac_cv_search_getservbyname" != "none required"; then + SERVENT_LIB="$ac_cv_search_getservbyname" + fi +fi + + LIBS="$gl_saved_libs" + if test -z "$SERVENT_LIB"; then + for ac_func in getservbyname +do : + ac_fn_c_check_func "$LINENO" "getservbyname" "ac_cv_func_getservbyname" +if test "x$ac_cv_func_getservbyname" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_GETSERVBYNAME 1 +_ACEOF + +else + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for getservbyname in winsock2.h and -lws2_32" >&5 +$as_echo_n "checking for getservbyname in winsock2.h and -lws2_32... " >&6; } +if ${gl_cv_w32_getservbyname+:} false; then : + $as_echo_n "(cached) " >&6 +else + gl_cv_w32_getservbyname=no + gl_save_LIBS="$LIBS" + LIBS="$LIBS -lws2_32" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#ifdef HAVE_WINSOCK2_H +#include +#endif +#include + +int +main () +{ +getservbyname(NULL,NULL); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + gl_cv_w32_getservbyname=yes +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + LIBS="$gl_save_LIBS" + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_w32_getservbyname" >&5 +$as_echo "$gl_cv_w32_getservbyname" >&6; } + if test "$gl_cv_w32_getservbyname" = "yes"; then + SERVENT_LIB="-lws2_32" + fi + +fi +done + + fi + + + + + if test $ac_cv_func_setenv = no; then + HAVE_SETENV=0 + else + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether setenv validates arguments" >&5 +$as_echo_n "checking whether setenv validates arguments... " >&6; } +if ${gl_cv_func_setenv_works+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test "$cross_compiling" = yes; then : + case "$host_os" in + # Guess yes on glibc systems. + *-gnu* | gnu*) gl_cv_func_setenv_works="guessing yes" ;; + # Guess yes on musl systems. + *-musl*) gl_cv_func_setenv_works="guessing yes" ;; + # If we don't know, assume the worst. + *) gl_cv_func_setenv_works="guessing no" ;; + esac + +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + #include + #include + #include + +int +main () +{ + + int result = 0; + { + if (setenv ("", "", 0) != -1) + result |= 1; + else if (errno != EINVAL) + result |= 2; + } + { + if (setenv ("a", "=", 1) != 0) + result |= 4; + else if (strcmp (getenv ("a"), "=") != 0) + result |= 8; + } + return result; + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_run "$LINENO"; then : + gl_cv_func_setenv_works=yes +else + gl_cv_func_setenv_works=no +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_func_setenv_works" >&5 +$as_echo "$gl_cv_func_setenv_works" >&6; } + case "$gl_cv_func_setenv_works" in + *yes) ;; + *) + REPLACE_SETENV=1 + ;; + esac + fi + + if test $HAVE_SETENV = 0 || test $REPLACE_SETENV = 1; then + + + + + + + + + ggl_LIBOBJS="$ggl_LIBOBJS setenv.$ac_objext" + + fi + + + + + + GNULIB_SETENV=1 + + + + + +$as_echo "#define GNULIB_TEST_SETENV 1" >>confdefs.h + + + + + if test "$ac_cv_header_winsock2_h" = yes; then + + + + + + + + + ggl_LIBOBJS="$ggl_LIBOBJS setsockopt.$ac_objext" + + fi + + + + + + GNULIB_SETSOCKOPT=1 + + + + + +$as_echo "#define GNULIB_TEST_SETSOCKOPT 1" >>confdefs.h + + + + + if test "$ac_cv_header_winsock2_h" = yes; then + + + + + + + + + ggl_LIBOBJS="$ggl_LIBOBJS shutdown.$ac_objext" + + fi + + + + + + GNULIB_SHUTDOWN=1 + + + + + +$as_echo "#define GNULIB_TEST_SHUTDOWN 1" >>confdefs.h + + + + + + + + + + + + + + + if test $gl_cv_have_include_next = yes; then + gl_cv_next_signal_h='<'signal.h'>' + else + { $as_echo "$as_me:${as_lineno-$LINENO}: checking absolute name of " >&5 +$as_echo_n "checking absolute name of ... " >&6; } +if ${gl_cv_next_signal_h+:} false; then : + $as_echo_n "(cached) " >&6 +else + + + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +_ACEOF + case "$host_os" in + aix*) gl_absname_cpp="$ac_cpp -C" ;; + *) gl_absname_cpp="$ac_cpp" ;; + esac + + case "$host_os" in + mingw*) + gl_dirsep_regex='[/\\]' + ;; + *) + gl_dirsep_regex='\/' + ;; + esac + gl_make_literal_regex_sed='s,[]$^\\.*/[],\\&,g' + gl_header_literal_regex=`echo 'signal.h' \ + | sed -e "$gl_make_literal_regex_sed"` + gl_absolute_header_sed="/${gl_dirsep_regex}${gl_header_literal_regex}/"'{ + s/.*"\(.*'"${gl_dirsep_regex}${gl_header_literal_regex}"'\)".*/\1/ + s|^/[^/]|//&| + p + q + }' + + gl_cv_absolute_signal_h=`(eval "$gl_absname_cpp conftest.$ac_ext") 2>&5 | + sed -n "$gl_absolute_header_sed"` + + gl_header=$gl_cv_absolute_signal_h + gl_cv_next_signal_h='"'$gl_header'"' + + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_next_signal_h" >&5 +$as_echo "$gl_cv_next_signal_h" >&6; } + fi + NEXT_SIGNAL_H=$gl_cv_next_signal_h + + if test $gl_cv_have_include_next = yes || test $gl_cv_have_include_next = buggy; then + # INCLUDE_NEXT_AS_FIRST_DIRECTIVE='include_next' + gl_next_as_first_directive='<'signal.h'>' + else + # INCLUDE_NEXT_AS_FIRST_DIRECTIVE='include' + gl_next_as_first_directive=$gl_cv_next_signal_h + fi + NEXT_AS_FIRST_DIRECTIVE_SIGNAL_H=$gl_next_as_first_directive + + + + + +# AIX declares sig_atomic_t to already include volatile, and C89 compilers +# then choke on 'volatile sig_atomic_t'. C99 requires that it compile. + ac_fn_c_check_type "$LINENO" "volatile sig_atomic_t" "ac_cv_type_volatile_sig_atomic_t" " +#include + +" +if test "x$ac_cv_type_volatile_sig_atomic_t" = xyes; then : + +else + HAVE_TYPE_VOLATILE_SIG_ATOMIC_T=0 +fi + + + + + + + + ac_fn_c_check_type "$LINENO" "sighandler_t" "ac_cv_type_sighandler_t" " +#include + +" +if test "x$ac_cv_type_sighandler_t" = xyes; then : + +else + HAVE_SIGHANDLER_T=0 +fi + + + + + + + + for ac_header in stdint.h +do : + ac_fn_c_check_header_mongrel "$LINENO" "stdint.h" "ac_cv_header_stdint_h" "$ac_includes_default" +if test "x$ac_cv_header_stdint_h" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_STDINT_H 1 +_ACEOF + +fi + +done + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for SIZE_MAX" >&5 +$as_echo_n "checking for SIZE_MAX... " >&6; } +if ${gl_cv_size_max+:} false; then : + $as_echo_n "(cached) " >&6 +else + + gl_cv_size_max= + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#if HAVE_STDINT_H +#include +#endif +#ifdef SIZE_MAX +Found it +#endif + +_ACEOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + $EGREP "Found it" >/dev/null 2>&1; then : + gl_cv_size_max=yes +fi +rm -f conftest* + + if test -z "$gl_cv_size_max"; then + if ac_fn_c_compute_int "$LINENO" "sizeof (size_t) * CHAR_BIT - 1" "size_t_bits_minus_1" "#include +#include "; then : + +else + size_t_bits_minus_1= +fi + + if ac_fn_c_compute_int "$LINENO" "sizeof (size_t) <= sizeof (unsigned int)" "fits_in_uint" "#include "; then : + +else + fits_in_uint= +fi + + if test -n "$size_t_bits_minus_1" && test -n "$fits_in_uint"; then + if test $fits_in_uint = 1; then + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + extern size_t foo; + extern unsigned long foo; + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + fits_in_uint=0 +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + fi + if test $fits_in_uint = 1; then + gl_cv_size_max="(((1U << $size_t_bits_minus_1) - 1) * 2 + 1)" + else + gl_cv_size_max="(((1UL << $size_t_bits_minus_1) - 1) * 2 + 1)" + fi + else + gl_cv_size_max='((size_t)~(size_t)0)' + fi + fi + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_size_max" >&5 +$as_echo "$gl_cv_size_max" >&6; } + if test "$gl_cv_size_max" != yes; then + +cat >>confdefs.h <<_ACEOF +#define SIZE_MAX $gl_cv_size_max +_ACEOF + + fi + + + + + gl_cv_func_snprintf_usable=no + for ac_func in snprintf +do : + ac_fn_c_check_func "$LINENO" "snprintf" "ac_cv_func_snprintf" +if test "x$ac_cv_func_snprintf" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_SNPRINTF 1 +_ACEOF + +fi +done + + if test $ac_cv_func_snprintf = yes; then + + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether snprintf respects a size of 1" >&5 +$as_echo_n "checking whether snprintf respects a size of 1... " >&6; } +if ${gl_cv_func_snprintf_size1+:} false; then : + $as_echo_n "(cached) " >&6 +else + + if test "$cross_compiling" = yes; then : + case "$host_os" in + # Guess yes on Android. + linux*-android*) gl_cv_func_snprintf_size1="guessing yes" ;; + # Guess yes on native Windows. + mingw*) gl_cv_func_snprintf_size1="guessing yes" ;; + *) gl_cv_func_snprintf_size1="guessing yes" ;; + esac + +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#if HAVE_SNPRINTF +# define my_snprintf snprintf +#else +# include +static int my_snprintf (char *buf, int size, const char *format, ...) +{ + va_list args; + int ret; + va_start (args, format); + ret = vsnprintf (buf, size, format, args); + va_end (args); + return ret; +} +#endif +int main() +{ + static char buf[8] = { 'D', 'E', 'A', 'D', 'B', 'E', 'E', 'F' }; + my_snprintf (buf, 1, "%d", 12345); + return buf[1] != 'E'; +} +_ACEOF +if ac_fn_c_try_run "$LINENO"; then : + gl_cv_func_snprintf_size1=yes +else + gl_cv_func_snprintf_size1=no +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_func_snprintf_size1" >&5 +$as_echo "$gl_cv_func_snprintf_size1" >&6; } + + case "$gl_cv_func_snprintf_size1" in + *yes) + + case "$gl_cv_func_snprintf_retval_c99" in + *yes) + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether printf supports POSIX/XSI format strings with positions" >&5 +$as_echo_n "checking whether printf supports POSIX/XSI format strings with positions... " >&6; } +if ${gl_cv_func_printf_positions+:} false; then : + $as_echo_n "(cached) " >&6 +else + + if test "$cross_compiling" = yes; then : + + case "$host_os" in + netbsd[1-3]* | netbsdelf[1-3]* | netbsdaout[1-3]* | netbsdcoff[1-3]*) + gl_cv_func_printf_positions="guessing no";; + beos*) gl_cv_func_printf_positions="guessing no";; + # Guess yes on Android. + linux*-android*) gl_cv_func_printf_positions="guessing yes";; + # Guess no on native Windows. + mingw* | pw*) gl_cv_func_printf_positions="guessing no";; + *) gl_cv_func_printf_positions="guessing yes";; + esac + +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include +/* The string "%2$d %1$d", with dollar characters protected from the shell's + dollar expansion (possibly an autoconf bug). */ +static char format[] = { '%', '2', '$', 'd', ' ', '%', '1', '$', 'd', '\0' }; +static char buf[100]; +int main () +{ + sprintf (buf, format, 33, 55); + return (strcmp (buf, "55 33") != 0); +} +_ACEOF +if ac_fn_c_try_run "$LINENO"; then : + gl_cv_func_printf_positions=yes +else + gl_cv_func_printf_positions=no +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_func_printf_positions" >&5 +$as_echo "$gl_cv_func_printf_positions" >&6; } + + case "$gl_cv_func_printf_positions" in + *yes) + gl_cv_func_snprintf_usable=yes + ;; + esac + ;; + esac + ;; + esac + fi + if test $gl_cv_func_snprintf_usable = no; then + + + + + + + + + + + ggl_LIBOBJS="$ggl_LIBOBJS snprintf.$ac_objext" + + if test $ac_cv_func_snprintf = yes; then + REPLACE_SNPRINTF=1 + else + + if test $ac_cv_have_decl_snprintf = yes; then + REPLACE_SNPRINTF=1 + fi + fi + : + + fi + + if test $ac_cv_have_decl_snprintf = no; then + HAVE_DECL_SNPRINTF=0 + fi + + + + + + + GNULIB_SNPRINTF=1 + + + + + +$as_echo "#define GNULIB_TEST_SNPRINTF 1" >>confdefs.h + + + + + +cat >>confdefs.h <<_ACEOF +#define GNULIB_SNPRINTF 1 +_ACEOF + + + + if test "$ac_cv_header_winsock2_h" = yes; then + + + + + + + + + ggl_LIBOBJS="$ggl_LIBOBJS socket.$ac_objext" + + fi + # When this module is used, sockets may actually occur as file descriptors, + # hence it is worth warning if the modules 'close' and 'ioctl' are not used. + + + + if test "$ac_cv_header_winsock2_h" = yes; then + UNISTD_H_HAVE_WINSOCK2_H_AND_USE_SOCKETS=1 + SYS_IOCTL_H_HAVE_WINSOCK2_H_AND_USE_SOCKETS=1 + fi + + + + + + GNULIB_SOCKET=1 + + + + + +$as_echo "#define GNULIB_TEST_SOCKET 1" >>confdefs.h + + + + + + ac_fn_c_check_type "$LINENO" "socklen_t" "ac_cv_type_socklen_t" " +/* is not needed according to POSIX, but the + in i386-unknown-freebsd4.10 and + powerpc-apple-darwin5.5 required it. */ +#include +#if HAVE_SYS_SOCKET_H +# include +#elif HAVE_WS2TCPIP_H +# include +#endif + +" +if test "x$ac_cv_type_socklen_t" = xyes; then : + +else + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for socklen_t equivalent" >&5 +$as_echo_n "checking for socklen_t equivalent... " >&6; } +if ${gl_cv_socklen_t_equiv+:} false; then : + $as_echo_n "(cached) " >&6 +else + # Systems have either "struct sockaddr *" or + # "void *" as the second argument to getpeername + gl_cv_socklen_t_equiv= + for arg2 in "struct sockaddr" void; do + for t in int size_t "unsigned int" "long int" "unsigned long int"; do + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + #include + + int getpeername (int, $arg2 *, $t *); +int +main () +{ +$t len; + getpeername (0, 0, &len); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + gl_cv_socklen_t_equiv="$t" +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + test "$gl_cv_socklen_t_equiv" != "" && break + done + test "$gl_cv_socklen_t_equiv" != "" && break + done + if test "$gl_cv_socklen_t_equiv" = ""; then + as_fn_error $? "Cannot find a type to use in place of socklen_t" "$LINENO" 5 + fi + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_socklen_t_equiv" >&5 +$as_echo "$gl_cv_socklen_t_equiv" >&6; } + +cat >>confdefs.h <<_ACEOF +#define socklen_t $gl_cv_socklen_t_equiv +_ACEOF + +fi + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ssize_t" >&5 +$as_echo_n "checking for ssize_t... " >&6; } +if ${gt_cv_ssize_t+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +int +main () +{ +int x = sizeof (ssize_t *) + sizeof (ssize_t); + return !x; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + gt_cv_ssize_t=yes +else + gt_cv_ssize_t=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gt_cv_ssize_t" >&5 +$as_echo "$gt_cv_ssize_t" >&6; } + if test $gt_cv_ssize_t = no; then + +$as_echo "#define ssize_t int" >>confdefs.h + + fi + + + + + + ac_fn_c_check_member "$LINENO" "struct stat" "st_atim.tv_nsec" "ac_cv_member_struct_stat_st_atim_tv_nsec" "#include + #include +" +if test "x$ac_cv_member_struct_stat_st_atim_tv_nsec" = xyes; then : + +cat >>confdefs.h <<_ACEOF +#define HAVE_STRUCT_STAT_ST_ATIM_TV_NSEC 1 +_ACEOF + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether struct stat.st_atim is of type struct timespec" >&5 +$as_echo_n "checking whether struct stat.st_atim is of type struct timespec... " >&6; } +if ${ac_cv_typeof_struct_stat_st_atim_is_struct_timespec+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + #include + #include + #if HAVE_SYS_TIME_H + # include + #endif + #include + struct timespec ts; + struct stat st; + +int +main () +{ + + st.st_atim = ts; + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_cv_typeof_struct_stat_st_atim_is_struct_timespec=yes +else + ac_cv_typeof_struct_stat_st_atim_is_struct_timespec=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_typeof_struct_stat_st_atim_is_struct_timespec" >&5 +$as_echo "$ac_cv_typeof_struct_stat_st_atim_is_struct_timespec" >&6; } + if test $ac_cv_typeof_struct_stat_st_atim_is_struct_timespec = yes; then + +$as_echo "#define TYPEOF_STRUCT_STAT_ST_ATIM_IS_STRUCT_TIMESPEC 1" >>confdefs.h + + fi +else + ac_fn_c_check_member "$LINENO" "struct stat" "st_atimespec.tv_nsec" "ac_cv_member_struct_stat_st_atimespec_tv_nsec" "#include + #include +" +if test "x$ac_cv_member_struct_stat_st_atimespec_tv_nsec" = xyes; then : + +cat >>confdefs.h <<_ACEOF +#define HAVE_STRUCT_STAT_ST_ATIMESPEC_TV_NSEC 1 +_ACEOF + + +else + ac_fn_c_check_member "$LINENO" "struct stat" "st_atimensec" "ac_cv_member_struct_stat_st_atimensec" "#include + #include +" +if test "x$ac_cv_member_struct_stat_st_atimensec" = xyes; then : + +cat >>confdefs.h <<_ACEOF +#define HAVE_STRUCT_STAT_ST_ATIMENSEC 1 +_ACEOF + + +else + ac_fn_c_check_member "$LINENO" "struct stat" "st_atim.st__tim.tv_nsec" "ac_cv_member_struct_stat_st_atim_st__tim_tv_nsec" "#include + #include +" +if test "x$ac_cv_member_struct_stat_st_atim_st__tim_tv_nsec" = xyes; then : + +cat >>confdefs.h <<_ACEOF +#define HAVE_STRUCT_STAT_ST_ATIM_ST__TIM_TV_NSEC 1 +_ACEOF + + +fi + +fi + +fi + +fi + + + + + + ac_fn_c_check_member "$LINENO" "struct stat" "st_birthtimespec.tv_nsec" "ac_cv_member_struct_stat_st_birthtimespec_tv_nsec" "#include + #include +" +if test "x$ac_cv_member_struct_stat_st_birthtimespec_tv_nsec" = xyes; then : + +cat >>confdefs.h <<_ACEOF +#define HAVE_STRUCT_STAT_ST_BIRTHTIMESPEC_TV_NSEC 1 +_ACEOF + + +else + ac_fn_c_check_member "$LINENO" "struct stat" "st_birthtimensec" "ac_cv_member_struct_stat_st_birthtimensec" "#include + #include +" +if test "x$ac_cv_member_struct_stat_st_birthtimensec" = xyes; then : + +cat >>confdefs.h <<_ACEOF +#define HAVE_STRUCT_STAT_ST_BIRTHTIMENSEC 1 +_ACEOF + + +else + ac_fn_c_check_member "$LINENO" "struct stat" "st_birthtim.tv_nsec" "ac_cv_member_struct_stat_st_birthtim_tv_nsec" "#include + #include +" +if test "x$ac_cv_member_struct_stat_st_birthtim_tv_nsec" = xyes; then : + +cat >>confdefs.h <<_ACEOF +#define HAVE_STRUCT_STAT_ST_BIRTHTIM_TV_NSEC 1 +_ACEOF + + +fi + +fi + +fi + + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for working stdalign.h" >&5 +$as_echo_n "checking for working stdalign.h... " >&6; } +if ${gl_cv_header_working_stdalign_h+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + #include + + /* Test that alignof yields a result consistent with offsetof. + This catches GCC bug 52023 + . */ + #ifdef __cplusplus + template struct alignof_helper { char a; t b; }; + # define ao(type) offsetof (alignof_helper, b) + #else + # define ao(type) offsetof (struct { char a; type b; }, b) + #endif + char test_double[ao (double) % _Alignof (double) == 0 ? 1 : -1]; + char test_long[ao (long int) % _Alignof (long int) == 0 ? 1 : -1]; + char test_alignof[alignof (double) == _Alignof (double) ? 1 : -1]; + + /* Test _Alignas only on platforms where gnulib can help. */ + #if \ + ((defined __cplusplus && 201103 <= __cplusplus) \ + || (defined __APPLE__ && defined __MACH__ \ + ? 4 < __GNUC__ + (1 <= __GNUC_MINOR__) \ + : __GNUC__) \ + || (__ia64 && (61200 <= __HP_cc || 61200 <= __HP_aCC)) \ + || __ICC || 0x590 <= __SUNPRO_C || 0x0600 <= __xlC__ \ + || 1300 <= _MSC_VER) + struct alignas_test { char c; char alignas (8) alignas_8; }; + char test_alignas[offsetof (struct alignas_test, alignas_8) == 8 + ? 1 : -1]; + #endif + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + gl_cv_header_working_stdalign_h=yes +else + gl_cv_header_working_stdalign_h=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_header_working_stdalign_h" >&5 +$as_echo "$gl_cv_header_working_stdalign_h" >&6; } + + if test $gl_cv_header_working_stdalign_h = yes; then + STDALIGN_H='' + else + STDALIGN_H='stdalign.h' + fi + + + if test -n "$STDALIGN_H"; then + GL_GENERATE_STDALIGN_H_TRUE= + GL_GENERATE_STDALIGN_H_FALSE='#' +else + GL_GENERATE_STDALIGN_H_TRUE='#' + GL_GENERATE_STDALIGN_H_FALSE= +fi + + + + + + # Define two additional variables used in the Makefile substitution. + + if test "$ac_cv_header_stdbool_h" = yes; then + STDBOOL_H='' + else + STDBOOL_H='stdbool.h' + fi + + if test -n "$STDBOOL_H"; then + GL_GENERATE_STDBOOL_H_TRUE= + GL_GENERATE_STDBOOL_H_FALSE='#' +else + GL_GENERATE_STDBOOL_H_TRUE='#' + GL_GENERATE_STDBOOL_H_FALSE= +fi + + + if test "$ac_cv_type__Bool" = yes; then + HAVE__BOOL=1 + else + HAVE__BOOL=0 + fi + + + + + + STDDEF_H= + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for good max_align_t" >&5 +$as_echo_n "checking for good max_align_t... " >&6; } +if ${gl_cv_type_max_align_t+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + unsigned int s = sizeof (max_align_t); + #if defined __GNUC__ || defined __IBM__ALIGNOF__ + int check1[2 * (__alignof__ (double) <= __alignof__ (max_align_t)) - 1]; + int check2[2 * (__alignof__ (long double) <= __alignof__ (max_align_t)) - 1]; + #endif + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + gl_cv_type_max_align_t=yes +else + gl_cv_type_max_align_t=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_type_max_align_t" >&5 +$as_echo "$gl_cv_type_max_align_t" >&6; } + if test $gl_cv_type_max_align_t = no; then + HAVE_MAX_ALIGN_T=0 + STDDEF_H=stddef.h + fi + + if test $gt_cv_c_wchar_t = no; then + HAVE_WCHAR_T=0 + STDDEF_H=stddef.h + fi + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether NULL can be used in arbitrary expressions" >&5 +$as_echo_n "checking whether NULL can be used in arbitrary expressions... " >&6; } +if ${gl_cv_decl_null_works+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + int test[2 * (sizeof NULL == sizeof (void *)) -1]; + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + gl_cv_decl_null_works=yes +else + gl_cv_decl_null_works=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_decl_null_works" >&5 +$as_echo "$gl_cv_decl_null_works" >&6; } + if test $gl_cv_decl_null_works = no; then + REPLACE_NULL=1 + STDDEF_H=stddef.h + fi + + + if test -n "$STDDEF_H"; then + GL_GENERATE_STDDEF_H_TRUE= + GL_GENERATE_STDDEF_H_FALSE='#' +else + GL_GENERATE_STDDEF_H_TRUE='#' + GL_GENERATE_STDDEF_H_FALSE= +fi + + if test -n "$STDDEF_H"; then + + + + + + + + + if test $gl_cv_have_include_next = yes; then + gl_cv_next_stddef_h='<'stddef.h'>' + else + { $as_echo "$as_me:${as_lineno-$LINENO}: checking absolute name of " >&5 +$as_echo_n "checking absolute name of ... " >&6; } +if ${gl_cv_next_stddef_h+:} false; then : + $as_echo_n "(cached) " >&6 +else + + + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +_ACEOF + case "$host_os" in + aix*) gl_absname_cpp="$ac_cpp -C" ;; + *) gl_absname_cpp="$ac_cpp" ;; + esac + + case "$host_os" in + mingw*) + gl_dirsep_regex='[/\\]' + ;; + *) + gl_dirsep_regex='\/' + ;; + esac + gl_make_literal_regex_sed='s,[]$^\\.*/[],\\&,g' + gl_header_literal_regex=`echo 'stddef.h' \ + | sed -e "$gl_make_literal_regex_sed"` + gl_absolute_header_sed="/${gl_dirsep_regex}${gl_header_literal_regex}/"'{ + s/.*"\(.*'"${gl_dirsep_regex}${gl_header_literal_regex}"'\)".*/\1/ + s|^/[^/]|//&| + p + q + }' + + gl_cv_absolute_stddef_h=`(eval "$gl_absname_cpp conftest.$ac_ext") 2>&5 | + sed -n "$gl_absolute_header_sed"` + + gl_header=$gl_cv_absolute_stddef_h + gl_cv_next_stddef_h='"'$gl_header'"' + + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_next_stddef_h" >&5 +$as_echo "$gl_cv_next_stddef_h" >&6; } + fi + NEXT_STDDEF_H=$gl_cv_next_stddef_h + + if test $gl_cv_have_include_next = yes || test $gl_cv_have_include_next = buggy; then + # INCLUDE_NEXT_AS_FIRST_DIRECTIVE='include_next' + gl_next_as_first_directive='<'stddef.h'>' + else + # INCLUDE_NEXT_AS_FIRST_DIRECTIVE='include' + gl_next_as_first_directive=$gl_cv_next_stddef_h + fi + NEXT_AS_FIRST_DIRECTIVE_STDDEF_H=$gl_next_as_first_directive + + + + + fi + + + + + $as_echo "#define __USE_MINGW_ANSI_STDIO 1" >>confdefs.h + + + + + + + + + + + if test $gl_cv_have_include_next = yes; then + gl_cv_next_stdio_h='<'stdio.h'>' + else + { $as_echo "$as_me:${as_lineno-$LINENO}: checking absolute name of " >&5 +$as_echo_n "checking absolute name of ... " >&6; } +if ${gl_cv_next_stdio_h+:} false; then : + $as_echo_n "(cached) " >&6 +else + + + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +_ACEOF + case "$host_os" in + aix*) gl_absname_cpp="$ac_cpp -C" ;; + *) gl_absname_cpp="$ac_cpp" ;; + esac + + case "$host_os" in + mingw*) + gl_dirsep_regex='[/\\]' + ;; + *) + gl_dirsep_regex='\/' + ;; + esac + gl_make_literal_regex_sed='s,[]$^\\.*/[],\\&,g' + gl_header_literal_regex=`echo 'stdio.h' \ + | sed -e "$gl_make_literal_regex_sed"` + gl_absolute_header_sed="/${gl_dirsep_regex}${gl_header_literal_regex}/"'{ + s/.*"\(.*'"${gl_dirsep_regex}${gl_header_literal_regex}"'\)".*/\1/ + s|^/[^/]|//&| + p + q + }' + + gl_cv_absolute_stdio_h=`(eval "$gl_absname_cpp conftest.$ac_ext") 2>&5 | + sed -n "$gl_absolute_header_sed"` + + gl_header=$gl_cv_absolute_stdio_h + gl_cv_next_stdio_h='"'$gl_header'"' + + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_next_stdio_h" >&5 +$as_echo "$gl_cv_next_stdio_h" >&6; } + fi + NEXT_STDIO_H=$gl_cv_next_stdio_h + + if test $gl_cv_have_include_next = yes || test $gl_cv_have_include_next = buggy; then + # INCLUDE_NEXT_AS_FIRST_DIRECTIVE='include_next' + gl_next_as_first_directive='<'stdio.h'>' + else + # INCLUDE_NEXT_AS_FIRST_DIRECTIVE='include' + gl_next_as_first_directive=$gl_cv_next_stdio_h + fi + NEXT_AS_FIRST_DIRECTIVE_STDIO_H=$gl_next_as_first_directive + + + + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking which flavor of printf attribute matches inttypes macros" >&5 +$as_echo_n "checking which flavor of printf attribute matches inttypes macros... " >&6; } +if ${gl_cv_func_printf_attribute_flavor+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + #define __STDC_FORMAT_MACROS 1 + #include + #include + /* For non-mingw systems, compilation will trivially succeed. + For mingw, compilation will succeed for older mingw (system + printf, "I64d") and fail for newer mingw (gnu printf, "lld"). */ + #if (defined _WIN32 && ! defined __CYGWIN__) && \ + (__GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 4)) + extern char PRIdMAX_probe[sizeof PRIdMAX == sizeof "I64d" ? 1 : -1]; + #endif + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + gl_cv_func_printf_attribute_flavor=system +else + gl_cv_func_printf_attribute_flavor=gnu +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_func_printf_attribute_flavor" >&5 +$as_echo "$gl_cv_func_printf_attribute_flavor" >&6; } + if test "$gl_cv_func_printf_attribute_flavor" = gnu; then + +$as_echo "#define GNULIB_PRINTF_ATTRIBUTE_FLAVOR_GNU 1" >>confdefs.h + + fi + + GNULIB_FSCANF=1 + + +cat >>confdefs.h <<_ACEOF +#define GNULIB_FSCANF 1 +_ACEOF + + + GNULIB_SCANF=1 + + +cat >>confdefs.h <<_ACEOF +#define GNULIB_SCANF 1 +_ACEOF + + + GNULIB_FGETC=1 + GNULIB_GETC=1 + GNULIB_GETCHAR=1 + GNULIB_FGETS=1 + GNULIB_FREAD=1 + + + GNULIB_FPRINTF=1 + GNULIB_PRINTF=1 + GNULIB_VFPRINTF=1 + GNULIB_VPRINTF=1 + GNULIB_FPUTC=1 + GNULIB_PUTC=1 + GNULIB_PUTCHAR=1 + GNULIB_FPUTS=1 + GNULIB_PUTS=1 + GNULIB_FWRITE=1 + + + + + + + + + + + + + + + + + + if test $gl_cv_have_include_next = yes; then + gl_cv_next_stdlib_h='<'stdlib.h'>' + else + { $as_echo "$as_me:${as_lineno-$LINENO}: checking absolute name of " >&5 +$as_echo_n "checking absolute name of ... " >&6; } +if ${gl_cv_next_stdlib_h+:} false; then : + $as_echo_n "(cached) " >&6 +else + + + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +_ACEOF + case "$host_os" in + aix*) gl_absname_cpp="$ac_cpp -C" ;; + *) gl_absname_cpp="$ac_cpp" ;; + esac + + case "$host_os" in + mingw*) + gl_dirsep_regex='[/\\]' + ;; + *) + gl_dirsep_regex='\/' + ;; + esac + gl_make_literal_regex_sed='s,[]$^\\.*/[],\\&,g' + gl_header_literal_regex=`echo 'stdlib.h' \ + | sed -e "$gl_make_literal_regex_sed"` + gl_absolute_header_sed="/${gl_dirsep_regex}${gl_header_literal_regex}/"'{ + s/.*"\(.*'"${gl_dirsep_regex}${gl_header_literal_regex}"'\)".*/\1/ + s|^/[^/]|//&| + p + q + }' + + gl_cv_absolute_stdlib_h=`(eval "$gl_absname_cpp conftest.$ac_ext") 2>&5 | + sed -n "$gl_absolute_header_sed"` + + gl_header=$gl_cv_absolute_stdlib_h + gl_cv_next_stdlib_h='"'$gl_header'"' + + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_next_stdlib_h" >&5 +$as_echo "$gl_cv_next_stdlib_h" >&6; } + fi + NEXT_STDLIB_H=$gl_cv_next_stdlib_h + + if test $gl_cv_have_include_next = yes || test $gl_cv_have_include_next = buggy; then + # INCLUDE_NEXT_AS_FIRST_DIRECTIVE='include_next' + gl_next_as_first_directive='<'stdlib.h'>' + else + # INCLUDE_NEXT_AS_FIRST_DIRECTIVE='include' + gl_next_as_first_directive=$gl_cv_next_stdlib_h + fi + NEXT_AS_FIRST_DIRECTIVE_STDLIB_H=$gl_next_as_first_directive + + + + + + + + + + + + + + if test $ac_cv_func_strdup = yes; then + if test $gl_cv_func_malloc_posix != yes; then + REPLACE_STRDUP=1 + fi + fi + + if test $ac_cv_have_decl_strdup = no; then + HAVE_DECL_STRDUP=0 + fi + + if test $ac_cv_func_strdup = no || test $REPLACE_STRDUP = 1; then + + + + + + + + + ggl_LIBOBJS="$ggl_LIBOBJS strdup.$ac_objext" + + : + fi + + + + + + GNULIB_STRDUP=1 + + + + + +$as_echo "#define GNULIB_TEST_STRDUP 1" >>confdefs.h + + + + + + + + + + + + + + + + + + + + + + + + + if test $gl_cv_have_include_next = yes; then + gl_cv_next_sys_stat_h='<'sys/stat.h'>' + else + { $as_echo "$as_me:${as_lineno-$LINENO}: checking absolute name of " >&5 +$as_echo_n "checking absolute name of ... " >&6; } +if ${gl_cv_next_sys_stat_h+:} false; then : + $as_echo_n "(cached) " >&6 +else + + if test $ac_cv_header_sys_stat_h = yes; then + + + + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +_ACEOF + case "$host_os" in + aix*) gl_absname_cpp="$ac_cpp -C" ;; + *) gl_absname_cpp="$ac_cpp" ;; + esac + + case "$host_os" in + mingw*) + gl_dirsep_regex='[/\\]' + ;; + *) + gl_dirsep_regex='\/' + ;; + esac + gl_make_literal_regex_sed='s,[]$^\\.*/[],\\&,g' + gl_header_literal_regex=`echo 'sys/stat.h' \ + | sed -e "$gl_make_literal_regex_sed"` + gl_absolute_header_sed="/${gl_dirsep_regex}${gl_header_literal_regex}/"'{ + s/.*"\(.*'"${gl_dirsep_regex}${gl_header_literal_regex}"'\)".*/\1/ + s|^/[^/]|//&| + p + q + }' + + gl_cv_absolute_sys_stat_h=`(eval "$gl_absname_cpp conftest.$ac_ext") 2>&5 | + sed -n "$gl_absolute_header_sed"` + + gl_header=$gl_cv_absolute_sys_stat_h + gl_cv_next_sys_stat_h='"'$gl_header'"' + else + gl_cv_next_sys_stat_h='<'sys/stat.h'>' + fi + + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_next_sys_stat_h" >&5 +$as_echo "$gl_cv_next_sys_stat_h" >&6; } + fi + NEXT_SYS_STAT_H=$gl_cv_next_sys_stat_h + + if test $gl_cv_have_include_next = yes || test $gl_cv_have_include_next = buggy; then + # INCLUDE_NEXT_AS_FIRST_DIRECTIVE='include_next' + gl_next_as_first_directive='<'sys/stat.h'>' + else + # INCLUDE_NEXT_AS_FIRST_DIRECTIVE='include' + gl_next_as_first_directive=$gl_cv_next_sys_stat_h + fi + NEXT_AS_FIRST_DIRECTIVE_SYS_STAT_H=$gl_next_as_first_directive + + + + + + + + + WINDOWS_STAT_TIMESPEC=0 + + + + + + + + + ac_fn_c_check_type "$LINENO" "nlink_t" "ac_cv_type_nlink_t" "#include + #include +" +if test "x$ac_cv_type_nlink_t" = xyes; then : + +else + +$as_echo "#define nlink_t int" >>confdefs.h + +fi + + + + + + + + + + + + + + + + + + + + + + + + + if test $gl_cv_have_include_next = yes; then + gl_cv_next_sys_uio_h='<'sys/uio.h'>' + else + { $as_echo "$as_me:${as_lineno-$LINENO}: checking absolute name of " >&5 +$as_echo_n "checking absolute name of ... " >&6; } +if ${gl_cv_next_sys_uio_h+:} false; then : + $as_echo_n "(cached) " >&6 +else + + if test $ac_cv_header_sys_uio_h = yes; then + + + + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +_ACEOF + case "$host_os" in + aix*) gl_absname_cpp="$ac_cpp -C" ;; + *) gl_absname_cpp="$ac_cpp" ;; + esac + + case "$host_os" in + mingw*) + gl_dirsep_regex='[/\\]' + ;; + *) + gl_dirsep_regex='\/' + ;; + esac + gl_make_literal_regex_sed='s,[]$^\\.*/[],\\&,g' + gl_header_literal_regex=`echo 'sys/uio.h' \ + | sed -e "$gl_make_literal_regex_sed"` + gl_absolute_header_sed="/${gl_dirsep_regex}${gl_header_literal_regex}/"'{ + s/.*"\(.*'"${gl_dirsep_regex}${gl_header_literal_regex}"'\)".*/\1/ + s|^/[^/]|//&| + p + q + }' + + gl_cv_absolute_sys_uio_h=`(eval "$gl_absname_cpp conftest.$ac_ext") 2>&5 | + sed -n "$gl_absolute_header_sed"` + + gl_header=$gl_cv_absolute_sys_uio_h + gl_cv_next_sys_uio_h='"'$gl_header'"' + else + gl_cv_next_sys_uio_h='<'sys/uio.h'>' + fi + + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_next_sys_uio_h" >&5 +$as_echo "$gl_cv_next_sys_uio_h" >&6; } + fi + NEXT_SYS_UIO_H=$gl_cv_next_sys_uio_h + + if test $gl_cv_have_include_next = yes || test $gl_cv_have_include_next = buggy; then + # INCLUDE_NEXT_AS_FIRST_DIRECTIVE='include_next' + gl_next_as_first_directive='<'sys/uio.h'>' + else + # INCLUDE_NEXT_AS_FIRST_DIRECTIVE='include' + gl_next_as_first_directive=$gl_cv_next_sys_uio_h + fi + NEXT_AS_FIRST_DIRECTIVE_SYS_UIO_H=$gl_next_as_first_directive + + + + + if test $ac_cv_header_sys_uio_h = yes; then + HAVE_SYS_UIO_H=1 + else + HAVE_SYS_UIO_H=0 + fi + + + + + + + + + + + + + ac_fn_c_check_decl "$LINENO" "localtime_r" "ac_cv_have_decl_localtime_r" "#include +" +if test "x$ac_cv_have_decl_localtime_r" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 +fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_LOCALTIME_R $ac_have_decl +_ACEOF + + if test $ac_cv_have_decl_localtime_r = no; then + HAVE_DECL_LOCALTIME_R=0 + fi + + + if test $ac_cv_func_localtime_r = yes; then + HAVE_LOCALTIME_R=1 + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether localtime_r is compatible with its POSIX signature" >&5 +$as_echo_n "checking whether localtime_r is compatible with its POSIX signature... " >&6; } +if ${gl_cv_time_r_posix+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +int +main () +{ +/* We don't need to append 'restrict's to the argument types, + even though the POSIX signature has the 'restrict's, + since C99 says they can't affect type compatibility. */ + struct tm * (*ptr) (time_t const *, struct tm *) = localtime_r; + if (ptr) return 0; + /* Check the return type is a pointer. + On HP-UX 10 it is 'int'. */ + *localtime_r (0, 0); + ; + return 0; +} + +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + gl_cv_time_r_posix=yes +else + gl_cv_time_r_posix=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_time_r_posix" >&5 +$as_echo "$gl_cv_time_r_posix" >&6; } + if test $gl_cv_time_r_posix = yes; then + REPLACE_LOCALTIME_R=0 + else + REPLACE_LOCALTIME_R=1 + fi + else + HAVE_LOCALTIME_R=0 + fi + + if test $HAVE_LOCALTIME_R = 0 || test $REPLACE_LOCALTIME_R = 1; then + + + + + + + + + ggl_LIBOBJS="$ggl_LIBOBJS time_r.$ac_objext" + + + : + + fi + + + + + + GNULIB_TIME_R=1 + + + + + +$as_echo "#define GNULIB_TEST_TIME_R 1" >>confdefs.h + + + + + + + + + # Mac OS X 10.6 loops forever with some time_t values. + # See Bug#27706, Bug#27736, and + # https://lists.gnu.org/r/bug-gnulib/2017-07/msg00142.html + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether localtime loops forever near extrema" >&5 +$as_echo_n "checking whether localtime loops forever near extrema... " >&6; } +if ${gl_cv_func_localtime_infloop_bug+:} false; then : + $as_echo_n "(cached) " >&6 +else + gl_cv_func_localtime_infloop_bug=no + if test "$cross_compiling" = yes; then : + gl_cv_func_localtime_infloop_bug="guessing no" +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + #include + #include + #include + +int +main () +{ + + time_t t = -67768038400666600; + struct tm *tm; + char *tz = getenv ("TZ"); + if (! (tz && strcmp (tz, "QQQ0") == 0)) + return 0; + alarm (2); + tm = localtime (&t); + /* Use TM and *TM to suppress over-optimization. */ + return tm && tm->tm_isdst; + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_run "$LINENO"; then : + (TZ=QQQ0 ./conftest$EXEEXT) >/dev/null 2>&1 || + gl_cv_func_localtime_infloop_bug=yes +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_func_localtime_infloop_bug" >&5 +$as_echo "$gl_cv_func_localtime_infloop_bug" >&6; } + if test "$gl_cv_func_localtime_infloop_bug" = yes; then + +$as_echo "#define HAVE_LOCALTIME_INFLOOP_BUG 1" >>confdefs.h + + fi + + ac_fn_c_check_type "$LINENO" "timezone_t" "ac_cv_type_timezone_t" "#include +" +if test "x$ac_cv_type_timezone_t" = xyes; then : + +cat >>confdefs.h <<_ACEOF +#define HAVE_TIMEZONE_T 1 +_ACEOF + + +fi + + if test "$ac_cv_type_timezone_t" = yes; then + HAVE_TIMEZONE_T=1 + fi + + if test $HAVE_TIMEZONE_T = 0; then + + + + + + + + + ggl_LIBOBJS="$ggl_LIBOBJS time_rz.$ac_objext" + + fi + + + + + + GNULIB_TIME_RZ=1 + + + + + +$as_echo "#define GNULIB_TEST_TIME_RZ 1" >>confdefs.h + + + + + + + REPLACE_TIMEGM=0 + + if test $ac_cv_func_timegm = yes; then + if test "$gl_cv_func_working_mktime" != yes; then + # Assume that timegm is buggy if mktime is. + REPLACE_TIMEGM=1 + fi + else + HAVE_TIMEGM=0 + fi + + if test $HAVE_TIMEGM = 0 || test $REPLACE_TIMEGM = 1; then + + + + + + + + + ggl_LIBOBJS="$ggl_LIBOBJS timegm.$ac_objext" + + + : + + fi + + + + + + GNULIB_TIMEGM=1 + + + + + +$as_echo "#define GNULIB_TEST_TIMEGM 1" >>confdefs.h + + + + : + + + + + + if test $ac_cv_func_tzset = no; then + HAVE_TZSET=0 + fi + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether tzset clobbers localtime buffer" >&5 +$as_echo_n "checking whether tzset clobbers localtime buffer... " >&6; } +if ${gl_cv_func_tzset_clobber+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test "$cross_compiling" = yes; then : + case "$host_os" in + # Guess all is fine on glibc systems. + *-gnu* | gnu*) gl_cv_func_tzset_clobber="guessing no" ;; + # Guess all is fine on musl systems. + *-musl*) gl_cv_func_tzset_clobber="guessing no" ;; + # Guess no on native Windows. + mingw*) gl_cv_func_tzset_clobber="guessing no" ;; + # If we don't know, assume the worst. + *) gl_cv_func_tzset_clobber="guessing yes" ;; + esac + +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include + +int +main () +{ + time_t t1 = 853958121; + struct tm *p, s; + putenv ("TZ=GMT0"); + p = localtime (&t1); + s = *p; + putenv ("TZ=EST+3EDT+2,M10.1.0/00:00:00,M2.3.0/00:00:00"); + tzset (); + return (p->tm_year != s.tm_year + || p->tm_mon != s.tm_mon + || p->tm_mday != s.tm_mday + || p->tm_hour != s.tm_hour + || p->tm_min != s.tm_min + || p->tm_sec != s.tm_sec); +} + +_ACEOF +if ac_fn_c_try_run "$LINENO"; then : + gl_cv_func_tzset_clobber=no +else + gl_cv_func_tzset_clobber=yes +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_func_tzset_clobber" >&5 +$as_echo "$gl_cv_func_tzset_clobber" >&6; } + + +$as_echo "#define HAVE_RUN_TZSET_TEST 1" >>confdefs.h + + + REPLACE_TZSET=0 + case "$gl_cv_func_tzset_clobber" in + *yes) + REPLACE_TZSET=1 + +$as_echo "#define TZSET_CLOBBERS_LOCALTIME 1" >>confdefs.h + + + + + NEED_LOCALTIME_BUFFER=1 + REPLACE_GMTIME=1 + REPLACE_LOCALTIME=1 + + ;; + esac + case "$host_os" in + mingw*) REPLACE_TZSET=1 ;; + esac + + if test $HAVE_TZSET = 0 || test $REPLACE_TZSET = 1; then + + + + + + + + + ggl_LIBOBJS="$ggl_LIBOBJS tzset.$ac_objext" + + fi + + + + + + GNULIB_TZSET=1 + + + + + +$as_echo "#define GNULIB_TEST_TZSET 1" >>confdefs.h + + + + + + + + + + + + + + + + if test $gl_cv_have_include_next = yes; then + gl_cv_next_unistd_h='<'unistd.h'>' + else + { $as_echo "$as_me:${as_lineno-$LINENO}: checking absolute name of " >&5 +$as_echo_n "checking absolute name of ... " >&6; } +if ${gl_cv_next_unistd_h+:} false; then : + $as_echo_n "(cached) " >&6 +else + + if test $ac_cv_header_unistd_h = yes; then + + + + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +_ACEOF + case "$host_os" in + aix*) gl_absname_cpp="$ac_cpp -C" ;; + *) gl_absname_cpp="$ac_cpp" ;; + esac + + case "$host_os" in + mingw*) + gl_dirsep_regex='[/\\]' + ;; + *) + gl_dirsep_regex='\/' + ;; + esac + gl_make_literal_regex_sed='s,[]$^\\.*/[],\\&,g' + gl_header_literal_regex=`echo 'unistd.h' \ + | sed -e "$gl_make_literal_regex_sed"` + gl_absolute_header_sed="/${gl_dirsep_regex}${gl_header_literal_regex}/"'{ + s/.*"\(.*'"${gl_dirsep_regex}${gl_header_literal_regex}"'\)".*/\1/ + s|^/[^/]|//&| + p + q + }' + + gl_cv_absolute_unistd_h=`(eval "$gl_absname_cpp conftest.$ac_ext") 2>&5 | + sed -n "$gl_absolute_header_sed"` + + gl_header=$gl_cv_absolute_unistd_h + gl_cv_next_unistd_h='"'$gl_header'"' + else + gl_cv_next_unistd_h='<'unistd.h'>' + fi + + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_next_unistd_h" >&5 +$as_echo "$gl_cv_next_unistd_h" >&6; } + fi + NEXT_UNISTD_H=$gl_cv_next_unistd_h + + if test $gl_cv_have_include_next = yes || test $gl_cv_have_include_next = buggy; then + # INCLUDE_NEXT_AS_FIRST_DIRECTIVE='include_next' + gl_next_as_first_directive='<'unistd.h'>' + else + # INCLUDE_NEXT_AS_FIRST_DIRECTIVE='include' + gl_next_as_first_directive=$gl_cv_next_unistd_h + fi + NEXT_AS_FIRST_DIRECTIVE_UNISTD_H=$gl_next_as_first_directive + + + + + if test $ac_cv_header_unistd_h = yes; then + HAVE_UNISTD_H=1 + else + HAVE_UNISTD_H=0 + fi + + + + + + + + + + + + + + if test $ac_cv_have_decl_unsetenv = no; then + HAVE_DECL_UNSETENV=0 + fi + for ac_func in unsetenv +do : + ac_fn_c_check_func "$LINENO" "unsetenv" "ac_cv_func_unsetenv" +if test "x$ac_cv_func_unsetenv" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_UNSETENV 1 +_ACEOF + +fi +done + + if test $ac_cv_func_unsetenv = no; then + HAVE_UNSETENV=0 + else + HAVE_UNSETENV=1 + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for unsetenv() return type" >&5 +$as_echo_n "checking for unsetenv() return type... " >&6; } +if ${gt_cv_func_unsetenv_ret+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#undef _BSD +#define _BSD 1 /* unhide unsetenv declaration in OSF/1 5.1 */ +#include +extern +#ifdef __cplusplus +"C" +#endif +int unsetenv (const char *name); + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + gt_cv_func_unsetenv_ret='int' +else + gt_cv_func_unsetenv_ret='void' +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gt_cv_func_unsetenv_ret" >&5 +$as_echo "$gt_cv_func_unsetenv_ret" >&6; } + if test $gt_cv_func_unsetenv_ret = 'void'; then + +$as_echo "#define VOID_UNSETENV 1" >>confdefs.h + + REPLACE_UNSETENV=1 + fi + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether unsetenv obeys POSIX" >&5 +$as_echo_n "checking whether unsetenv obeys POSIX... " >&6; } +if ${gl_cv_func_unsetenv_works+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test "$cross_compiling" = yes; then : + case "$host_os" in + # Guess yes on glibc systems. + *-gnu*) gl_cv_func_unsetenv_works="guessing yes" ;; + # If we don't know, assume the worst. + *) gl_cv_func_unsetenv_works="guessing no" ;; + esac + +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + #include + #include + extern char **environ; + +int +main () +{ + + char entry1[] = "a=1"; + char entry2[] = "b=2"; + char *env[] = { entry1, entry2, NULL }; + if (putenv ((char *) "a=1")) return 1; + if (putenv (entry2)) return 2; + entry2[0] = 'a'; + unsetenv ("a"); + if (getenv ("a")) return 3; + if (!unsetenv ("") || errno != EINVAL) return 4; + entry2[0] = 'b'; + environ = env; + if (!getenv ("a")) return 5; + entry2[0] = 'a'; + unsetenv ("a"); + if (getenv ("a")) return 6; + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_run "$LINENO"; then : + gl_cv_func_unsetenv_works=yes +else + gl_cv_func_unsetenv_works=no +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_func_unsetenv_works" >&5 +$as_echo "$gl_cv_func_unsetenv_works" >&6; } + case "$gl_cv_func_unsetenv_works" in + *yes) ;; + *) + REPLACE_UNSETENV=1 + ;; + esac + fi + + if test $HAVE_UNSETENV = 0 || test $REPLACE_UNSETENV = 1; then + + + + + + + + + ggl_LIBOBJS="$ggl_LIBOBJS unsetenv.$ac_objext" + + + + + + fi + + + + + + GNULIB_UNSETENV=1 + + + + + +$as_echo "#define GNULIB_TEST_UNSETENV 1" >>confdefs.h + + + + + + if test $ac_cv_func_vasnprintf = no; then + + + + + + + + + + + ggl_LIBOBJS="$ggl_LIBOBJS vasnprintf.$ac_objext" + + + + + + + + + + ggl_LIBOBJS="$ggl_LIBOBJS printf-args.$ac_objext" + + + + + + + + + + ggl_LIBOBJS="$ggl_LIBOBJS printf-parse.$ac_objext" + + + + + + + + + + ggl_LIBOBJS="$ggl_LIBOBJS asnprintf.$ac_objext" + + if test $ac_cv_func_vasnprintf = yes; then + +$as_echo "#define REPLACE_VASNPRINTF 1" >>confdefs.h + + fi + + + + + + + + + + + + ac_fn_c_check_type "$LINENO" "ptrdiff_t" "ac_cv_type_ptrdiff_t" "$ac_includes_default" +if test "x$ac_cv_type_ptrdiff_t" = xyes; then : + +else + +$as_echo "#define ptrdiff_t long" >>confdefs.h + + +fi + + + + + + + + fi + + + + + + + + + + + + + + if test $gl_cv_have_include_next = yes; then + gl_cv_next_wchar_h='<'wchar.h'>' + else + { $as_echo "$as_me:${as_lineno-$LINENO}: checking absolute name of " >&5 +$as_echo_n "checking absolute name of ... " >&6; } +if ${gl_cv_next_wchar_h+:} false; then : + $as_echo_n "(cached) " >&6 +else + + if test $ac_cv_header_wchar_h = yes; then + + + + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +_ACEOF + case "$host_os" in + aix*) gl_absname_cpp="$ac_cpp -C" ;; + *) gl_absname_cpp="$ac_cpp" ;; + esac + + case "$host_os" in + mingw*) + gl_dirsep_regex='[/\\]' + ;; + *) + gl_dirsep_regex='\/' + ;; + esac + gl_make_literal_regex_sed='s,[]$^\\.*/[],\\&,g' + gl_header_literal_regex=`echo 'wchar.h' \ + | sed -e "$gl_make_literal_regex_sed"` + gl_absolute_header_sed="/${gl_dirsep_regex}${gl_header_literal_regex}/"'{ + s/.*"\(.*'"${gl_dirsep_regex}${gl_header_literal_regex}"'\)".*/\1/ + s|^/[^/]|//&| + p + q + }' + + gl_cv_absolute_wchar_h=`(eval "$gl_absname_cpp conftest.$ac_ext") 2>&5 | + sed -n "$gl_absolute_header_sed"` + + gl_header=$gl_cv_absolute_wchar_h + gl_cv_next_wchar_h='"'$gl_header'"' + else + gl_cv_next_wchar_h='<'wchar.h'>' + fi + + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_next_wchar_h" >&5 +$as_echo "$gl_cv_next_wchar_h" >&6; } + fi + NEXT_WCHAR_H=$gl_cv_next_wchar_h + + if test $gl_cv_have_include_next = yes || test $gl_cv_have_include_next = buggy; then + # INCLUDE_NEXT_AS_FIRST_DIRECTIVE='include_next' + gl_next_as_first_directive='<'wchar.h'>' + else + # INCLUDE_NEXT_AS_FIRST_DIRECTIVE='include' + gl_next_as_first_directive=$gl_cv_next_wchar_h + fi + NEXT_AS_FIRST_DIRECTIVE_WCHAR_H=$gl_next_as_first_directive + + + + + if test $ac_cv_header_wchar_h = yes; then + HAVE_WCHAR_H=1 + else + HAVE_WCHAR_H=0 + fi + + + + + + if test $gt_cv_c_wint_t = yes; then + HAVE_WINT_T=1 + else + HAVE_WINT_T=0 + fi + + + + + + + + + + + for ac_header in stdint.h +do : + ac_fn_c_check_header_mongrel "$LINENO" "stdint.h" "ac_cv_header_stdint_h" "$ac_includes_default" +if test "x$ac_cv_header_stdint_h" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_STDINT_H 1 +_ACEOF + +fi + +done + + + # End of code from modules + + + + + + + + + + gltests_libdeps= + gltests_ltlibdeps= + + + + + + + + + + gl_source_base='tests' + ggltests_WITNESS=IN_`echo "${PACKAGE-$PACKAGE_TARNAME}" | LC_ALL=C tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ | LC_ALL=C sed -e 's/[^A-Z0-9_]/_/g'`_GNULIB_TESTS + + gl_module_indicator_condition=$ggltests_WITNESS + + + + + + + + + + + + + + + + +gl_libunistring_sed_extract_major='/^[0-9]/{s/^\([0-9]*\).*/\1/p;q;} +i\ +0 +q +' +gl_libunistring_sed_extract_minor='/^[0-9][0-9]*[.][0-9]/{s/^[0-9]*[.]\([0-9]*\).*/\1/p;q;} +i\ +0 +q +' +gl_libunistring_sed_extract_subminor='/^[0-9][0-9]*[.][0-9][0-9]*[.][0-9]/{s/^[0-9]*[.][0-9]*[.]\([0-9]*\).*/\1/p;q;} +i\ +0 +q +' + + + if test "$HAVE_LIBUNISTRING" = yes; then + LIBUNISTRING_VERSION_MAJOR=`echo "$LIBUNISTRING_VERSION" | sed -n -e "$gl_libunistring_sed_extract_major"` + LIBUNISTRING_VERSION_MINOR=`echo "$LIBUNISTRING_VERSION" | sed -n -e "$gl_libunistring_sed_extract_minor"` + LIBUNISTRING_VERSION_SUBMINOR=`echo "$LIBUNISTRING_VERSION" | sed -n -e "$gl_libunistring_sed_extract_subminor"` + fi + + + if true; then + GL_COND_LIBTOOL_TRUE= + GL_COND_LIBTOOL_FALSE='#' +else + GL_COND_LIBTOOL_TRUE='#' + GL_COND_LIBTOOL_FALSE= +fi + + gl_cond_libtool=true + gl_m4_base='lib/unistring/m4' + + + + + + + + + + gl_source_base='lib/unistring' + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the compiler generally respects inline" >&5 +$as_echo_n "checking whether the compiler generally respects inline... " >&6; } +if ${gl_cv_c_inline_effective+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test $ac_cv_c_inline = no; then + gl_cv_c_inline_effective=no + else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ +#ifdef __NO_INLINE__ + #error "inline is not effective" + #endif + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + gl_cv_c_inline_effective=yes +else + gl_cv_c_inline_effective=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + fi + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_c_inline_effective" >&5 +$as_echo "$gl_cv_c_inline_effective" >&6; } + if test $gl_cv_c_inline_effective = yes; then + +$as_echo "#define HAVE_INLINE 1" >>confdefs.h + + fi + + + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ssize_t" >&5 +$as_echo_n "checking for ssize_t... " >&6; } +if ${gt_cv_ssize_t+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +int +main () +{ +int x = sizeof (ssize_t *) + sizeof (ssize_t); + return !x; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + gt_cv_ssize_t=yes +else + gt_cv_ssize_t=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gt_cv_ssize_t" >&5 +$as_echo "$gt_cv_ssize_t" >&6; } + if test $gt_cv_ssize_t = no; then + +$as_echo "#define ssize_t int" >>confdefs.h + + fi + + + + + # Define two additional variables used in the Makefile substitution. + + if test "$ac_cv_header_stdbool_h" = yes; then + STDBOOL_H='' + else + STDBOOL_H='stdbool.h' + fi + + if test -n "$STDBOOL_H"; then + GL_GENERATE_STDBOOL_H_TRUE= + GL_GENERATE_STDBOOL_H_FALSE='#' +else + GL_GENERATE_STDBOOL_H_TRUE='#' + GL_GENERATE_STDBOOL_H_FALSE= +fi + + + if test "$ac_cv_type__Bool" = yes; then + HAVE__BOOL=1 + else + HAVE__BOOL=0 + fi + + + + + + + + if { test "$HAVE_LIBUNISTRING" != yes \ + || { + + + + test $LIBUNISTRING_VERSION_MAJOR -lt 0 \ + || { test $LIBUNISTRING_VERSION_MAJOR -eq 0 \ + && { test $LIBUNISTRING_VERSION_MINOR -lt 9 \ + || { test $LIBUNISTRING_VERSION_MINOR -eq 9 \ + && test $LIBUNISTRING_VERSION_SUBMINOR -lt 4 + } + } + } + + + + + } + }; then + LIBUNISTRING_UNICTYPE_H='unictype.h' + else + LIBUNISTRING_UNICTYPE_H= + fi + + + + + if { test "$HAVE_LIBUNISTRING" != yes \ + || { + + + + test $LIBUNISTRING_VERSION_MAJOR -lt 0 \ + || { test $LIBUNISTRING_VERSION_MAJOR -eq 0 \ + && { test $LIBUNISTRING_VERSION_MINOR -lt 9 \ + || { test $LIBUNISTRING_VERSION_MINOR -eq 9 \ + && test $LIBUNISTRING_VERSION_SUBMINOR -lt 8 + } + } + } + + + + + } + }; then + LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_C_TRUE= + LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_C_FALSE='#' +else + LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_C_TRUE='#' + LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_C_FALSE= +fi + + + + + if { test "$HAVE_LIBUNISTRING" != yes \ + || { + + + + test $LIBUNISTRING_VERSION_MAJOR -lt 0 \ + || { test $LIBUNISTRING_VERSION_MAJOR -eq 0 \ + && { test $LIBUNISTRING_VERSION_MINOR -lt 9 \ + || { test $LIBUNISTRING_VERSION_MINOR -eq 9 \ + && test $LIBUNISTRING_VERSION_SUBMINOR -lt 8 + } + } + } + + + + + } + }; then + LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_CC_TRUE= + LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_CC_FALSE='#' +else + LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_CC_TRUE='#' + LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_CC_FALSE= +fi + + + + + if { test "$HAVE_LIBUNISTRING" != yes \ + || { + + + + test $LIBUNISTRING_VERSION_MAJOR -lt 0 \ + || { test $LIBUNISTRING_VERSION_MAJOR -eq 0 \ + && { test $LIBUNISTRING_VERSION_MINOR -lt 9 \ + || { test $LIBUNISTRING_VERSION_MINOR -eq 9 \ + && test $LIBUNISTRING_VERSION_SUBMINOR -lt 8 + } + } + } + + + + + } + }; then + LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_CF_TRUE= + LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_CF_FALSE='#' +else + LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_CF_TRUE='#' + LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_CF_FALSE= +fi + + + + + if { test "$HAVE_LIBUNISTRING" != yes \ + || { + + + + test $LIBUNISTRING_VERSION_MAJOR -lt 0 \ + || { test $LIBUNISTRING_VERSION_MAJOR -eq 0 \ + && { test $LIBUNISTRING_VERSION_MINOR -lt 9 \ + || { test $LIBUNISTRING_VERSION_MINOR -eq 9 \ + && test $LIBUNISTRING_VERSION_SUBMINOR -lt 8 + } + } + } + + + + + } + }; then + LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_CN_TRUE= + LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_CN_FALSE='#' +else + LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_CN_TRUE='#' + LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_CN_FALSE= +fi + + + + + if { test "$HAVE_LIBUNISTRING" != yes \ + || { + + + + test $LIBUNISTRING_VERSION_MAJOR -lt 0 \ + || { test $LIBUNISTRING_VERSION_MAJOR -eq 0 \ + && { test $LIBUNISTRING_VERSION_MINOR -lt 9 \ + || { test $LIBUNISTRING_VERSION_MINOR -eq 9 \ + && test $LIBUNISTRING_VERSION_SUBMINOR -lt 8 + } + } + } + + + + + } + }; then + LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_CO_TRUE= + LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_CO_FALSE='#' +else + LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_CO_TRUE='#' + LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_CO_FALSE= +fi + + + + + if { test "$HAVE_LIBUNISTRING" != yes \ + || { + + + + test $LIBUNISTRING_VERSION_MAJOR -lt 0 \ + || { test $LIBUNISTRING_VERSION_MAJOR -eq 0 \ + && { test $LIBUNISTRING_VERSION_MINOR -lt 9 \ + || { test $LIBUNISTRING_VERSION_MINOR -eq 9 \ + && test $LIBUNISTRING_VERSION_SUBMINOR -lt 8 + } + } + } + + + + + } + }; then + LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_CS_TRUE= + LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_CS_FALSE='#' +else + LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_CS_TRUE='#' + LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_CS_FALSE= +fi + + + + + if { test "$HAVE_LIBUNISTRING" != yes \ + || { + + + + test $LIBUNISTRING_VERSION_MAJOR -lt 0 \ + || { test $LIBUNISTRING_VERSION_MAJOR -eq 0 \ + && { test $LIBUNISTRING_VERSION_MINOR -lt 9 \ + || { test $LIBUNISTRING_VERSION_MINOR -eq 9 \ + && test $LIBUNISTRING_VERSION_SUBMINOR -lt 8 + } + } + } + + + + + } + }; then + LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_L_TRUE= + LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_L_FALSE='#' +else + LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_L_TRUE='#' + LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_L_FALSE= +fi + + + + + if { test "$HAVE_LIBUNISTRING" != yes \ + || { + + + + test $LIBUNISTRING_VERSION_MAJOR -lt 0 \ + || { test $LIBUNISTRING_VERSION_MAJOR -eq 0 \ + && { test $LIBUNISTRING_VERSION_MINOR -lt 9 \ + || { test $LIBUNISTRING_VERSION_MINOR -eq 9 \ + && test $LIBUNISTRING_VERSION_SUBMINOR -lt 8 + } + } + } + + + + + } + }; then + LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_LC_TRUE= + LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_LC_FALSE='#' +else + LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_LC_TRUE='#' + LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_LC_FALSE= +fi + + + + + if { test "$HAVE_LIBUNISTRING" != yes \ + || { + + + + test $LIBUNISTRING_VERSION_MAJOR -lt 0 \ + || { test $LIBUNISTRING_VERSION_MAJOR -eq 0 \ + && { test $LIBUNISTRING_VERSION_MINOR -lt 9 \ + || { test $LIBUNISTRING_VERSION_MINOR -eq 9 \ + && test $LIBUNISTRING_VERSION_SUBMINOR -lt 8 + } + } + } + + + + + } + }; then + LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_LL_TRUE= + LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_LL_FALSE='#' +else + LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_LL_TRUE='#' + LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_LL_FALSE= +fi + + + + + if { test "$HAVE_LIBUNISTRING" != yes \ + || { + + + + test $LIBUNISTRING_VERSION_MAJOR -lt 0 \ + || { test $LIBUNISTRING_VERSION_MAJOR -eq 0 \ + && { test $LIBUNISTRING_VERSION_MINOR -lt 9 \ + || { test $LIBUNISTRING_VERSION_MINOR -eq 9 \ + && test $LIBUNISTRING_VERSION_SUBMINOR -lt 8 + } + } + } + + + + + } + }; then + LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_LM_TRUE= + LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_LM_FALSE='#' +else + LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_LM_TRUE='#' + LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_LM_FALSE= +fi + + + + + if { test "$HAVE_LIBUNISTRING" != yes \ + || { + + + + test $LIBUNISTRING_VERSION_MAJOR -lt 0 \ + || { test $LIBUNISTRING_VERSION_MAJOR -eq 0 \ + && { test $LIBUNISTRING_VERSION_MINOR -lt 9 \ + || { test $LIBUNISTRING_VERSION_MINOR -eq 9 \ + && test $LIBUNISTRING_VERSION_SUBMINOR -lt 8 + } + } + } + + + + + } + }; then + LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_LO_TRUE= + LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_LO_FALSE='#' +else + LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_LO_TRUE='#' + LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_LO_FALSE= +fi + + + + + if { test "$HAVE_LIBUNISTRING" != yes \ + || { + + + + test $LIBUNISTRING_VERSION_MAJOR -lt 0 \ + || { test $LIBUNISTRING_VERSION_MAJOR -eq 0 \ + && { test $LIBUNISTRING_VERSION_MINOR -lt 9 \ + || { test $LIBUNISTRING_VERSION_MINOR -eq 9 \ + && test $LIBUNISTRING_VERSION_SUBMINOR -lt 8 + } + } + } + + + + + } + }; then + LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_LT_TRUE= + LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_LT_FALSE='#' +else + LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_LT_TRUE='#' + LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_LT_FALSE= +fi + + + + + if { test "$HAVE_LIBUNISTRING" != yes \ + || { + + + + test $LIBUNISTRING_VERSION_MAJOR -lt 0 \ + || { test $LIBUNISTRING_VERSION_MAJOR -eq 0 \ + && { test $LIBUNISTRING_VERSION_MINOR -lt 9 \ + || { test $LIBUNISTRING_VERSION_MINOR -eq 9 \ + && test $LIBUNISTRING_VERSION_SUBMINOR -lt 8 + } + } + } + + + + + } + }; then + LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_LU_TRUE= + LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_LU_FALSE='#' +else + LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_LU_TRUE='#' + LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_LU_FALSE= +fi + + + + + if { test "$HAVE_LIBUNISTRING" != yes \ + || { + + + + test $LIBUNISTRING_VERSION_MAJOR -lt 0 \ + || { test $LIBUNISTRING_VERSION_MAJOR -eq 0 \ + && { test $LIBUNISTRING_VERSION_MINOR -lt 9 \ + || { test $LIBUNISTRING_VERSION_MINOR -eq 9 \ + && test $LIBUNISTRING_VERSION_SUBMINOR -lt 8 + } + } + } + + + + + } + }; then + LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_M_TRUE= + LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_M_FALSE='#' +else + LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_M_TRUE='#' + LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_M_FALSE= +fi + + + + + if { test "$HAVE_LIBUNISTRING" != yes \ + || { + + + + test $LIBUNISTRING_VERSION_MAJOR -lt 0 \ + || { test $LIBUNISTRING_VERSION_MAJOR -eq 0 \ + && { test $LIBUNISTRING_VERSION_MINOR -lt 9 \ + || { test $LIBUNISTRING_VERSION_MINOR -eq 9 \ + && test $LIBUNISTRING_VERSION_SUBMINOR -lt 8 + } + } + } + + + + + } + }; then + LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_MC_TRUE= + LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_MC_FALSE='#' +else + LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_MC_TRUE='#' + LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_MC_FALSE= +fi + + + + + if { test "$HAVE_LIBUNISTRING" != yes \ + || { + + + + test $LIBUNISTRING_VERSION_MAJOR -lt 0 \ + || { test $LIBUNISTRING_VERSION_MAJOR -eq 0 \ + && { test $LIBUNISTRING_VERSION_MINOR -lt 9 \ + || { test $LIBUNISTRING_VERSION_MINOR -eq 9 \ + && test $LIBUNISTRING_VERSION_SUBMINOR -lt 8 + } + } + } + + + + + } + }; then + LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_ME_TRUE= + LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_ME_FALSE='#' +else + LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_ME_TRUE='#' + LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_ME_FALSE= +fi + + + + + if { test "$HAVE_LIBUNISTRING" != yes \ + || { + + + + test $LIBUNISTRING_VERSION_MAJOR -lt 0 \ + || { test $LIBUNISTRING_VERSION_MAJOR -eq 0 \ + && { test $LIBUNISTRING_VERSION_MINOR -lt 9 \ + || { test $LIBUNISTRING_VERSION_MINOR -eq 9 \ + && test $LIBUNISTRING_VERSION_SUBMINOR -lt 8 + } + } + } + + + + + } + }; then + LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_MN_TRUE= + LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_MN_FALSE='#' +else + LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_MN_TRUE='#' + LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_MN_FALSE= +fi + + + + + if { test "$HAVE_LIBUNISTRING" != yes \ + || { + + + + test $LIBUNISTRING_VERSION_MAJOR -lt 0 \ + || { test $LIBUNISTRING_VERSION_MAJOR -eq 0 \ + && { test $LIBUNISTRING_VERSION_MINOR -lt 9 \ + || { test $LIBUNISTRING_VERSION_MINOR -eq 9 \ + && test $LIBUNISTRING_VERSION_SUBMINOR -lt 8 + } + } + } + + + + + } + }; then + LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_N_TRUE= + LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_N_FALSE='#' +else + LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_N_TRUE='#' + LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_N_FALSE= +fi + + + + + if { test "$HAVE_LIBUNISTRING" != yes \ + || { + + + + test $LIBUNISTRING_VERSION_MAJOR -lt 0 \ + || { test $LIBUNISTRING_VERSION_MAJOR -eq 0 \ + && { test $LIBUNISTRING_VERSION_MINOR -lt 9 \ + || { test $LIBUNISTRING_VERSION_MINOR -eq 9 \ + && test $LIBUNISTRING_VERSION_SUBMINOR -lt 8 + } + } + } + + + + + } + }; then + LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_ND_TRUE= + LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_ND_FALSE='#' +else + LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_ND_TRUE='#' + LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_ND_FALSE= +fi + + + + + if { test "$HAVE_LIBUNISTRING" != yes \ + || { + + + + test $LIBUNISTRING_VERSION_MAJOR -lt 0 \ + || { test $LIBUNISTRING_VERSION_MAJOR -eq 0 \ + && { test $LIBUNISTRING_VERSION_MINOR -lt 9 \ + || { test $LIBUNISTRING_VERSION_MINOR -eq 9 \ + && test $LIBUNISTRING_VERSION_SUBMINOR -lt 8 + } + } + } + + + + + } + }; then + LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_NL_TRUE= + LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_NL_FALSE='#' +else + LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_NL_TRUE='#' + LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_NL_FALSE= +fi + + + + + if { test "$HAVE_LIBUNISTRING" != yes \ + || { + + + + test $LIBUNISTRING_VERSION_MAJOR -lt 0 \ + || { test $LIBUNISTRING_VERSION_MAJOR -eq 0 \ + && { test $LIBUNISTRING_VERSION_MINOR -lt 9 \ + || { test $LIBUNISTRING_VERSION_MINOR -eq 9 \ + && test $LIBUNISTRING_VERSION_SUBMINOR -lt 8 + } + } + } + + + + + } + }; then + LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_NO_TRUE= + LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_NO_FALSE='#' +else + LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_NO_TRUE='#' + LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_NO_FALSE= +fi + + + + + if { test "$HAVE_LIBUNISTRING" != yes \ + || { + + + + test $LIBUNISTRING_VERSION_MAJOR -lt 0 \ + || { test $LIBUNISTRING_VERSION_MAJOR -eq 0 \ + && { test $LIBUNISTRING_VERSION_MINOR -lt 9 \ + || { test $LIBUNISTRING_VERSION_MINOR -eq 9 \ + && test $LIBUNISTRING_VERSION_SUBMINOR -lt 8 + } + } + } + + + + + } + }; then + LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_P_TRUE= + LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_P_FALSE='#' +else + LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_P_TRUE='#' + LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_P_FALSE= +fi + + + + + if { test "$HAVE_LIBUNISTRING" != yes \ + || { + + + + test $LIBUNISTRING_VERSION_MAJOR -lt 0 \ + || { test $LIBUNISTRING_VERSION_MAJOR -eq 0 \ + && { test $LIBUNISTRING_VERSION_MINOR -lt 9 \ + || { test $LIBUNISTRING_VERSION_MINOR -eq 9 \ + && test $LIBUNISTRING_VERSION_SUBMINOR -lt 8 + } + } + } + + + + + } + }; then + LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_PC_TRUE= + LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_PC_FALSE='#' +else + LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_PC_TRUE='#' + LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_PC_FALSE= +fi + + + + + if { test "$HAVE_LIBUNISTRING" != yes \ + || { + + + + test $LIBUNISTRING_VERSION_MAJOR -lt 0 \ + || { test $LIBUNISTRING_VERSION_MAJOR -eq 0 \ + && { test $LIBUNISTRING_VERSION_MINOR -lt 9 \ + || { test $LIBUNISTRING_VERSION_MINOR -eq 9 \ + && test $LIBUNISTRING_VERSION_SUBMINOR -lt 8 + } + } + } + + + + + } + }; then + LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_PD_TRUE= + LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_PD_FALSE='#' +else + LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_PD_TRUE='#' + LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_PD_FALSE= +fi + + + + + if { test "$HAVE_LIBUNISTRING" != yes \ + || { + + + + test $LIBUNISTRING_VERSION_MAJOR -lt 0 \ + || { test $LIBUNISTRING_VERSION_MAJOR -eq 0 \ + && { test $LIBUNISTRING_VERSION_MINOR -lt 9 \ + || { test $LIBUNISTRING_VERSION_MINOR -eq 9 \ + && test $LIBUNISTRING_VERSION_SUBMINOR -lt 8 + } + } + } + + + + + } + }; then + LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_PE_TRUE= + LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_PE_FALSE='#' +else + LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_PE_TRUE='#' + LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_PE_FALSE= +fi + + + + + if { test "$HAVE_LIBUNISTRING" != yes \ + || { + + + + test $LIBUNISTRING_VERSION_MAJOR -lt 0 \ + || { test $LIBUNISTRING_VERSION_MAJOR -eq 0 \ + && { test $LIBUNISTRING_VERSION_MINOR -lt 9 \ + || { test $LIBUNISTRING_VERSION_MINOR -eq 9 \ + && test $LIBUNISTRING_VERSION_SUBMINOR -lt 8 + } + } + } + + + + + } + }; then + LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_PF_TRUE= + LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_PF_FALSE='#' +else + LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_PF_TRUE='#' + LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_PF_FALSE= +fi + + + + + if { test "$HAVE_LIBUNISTRING" != yes \ + || { + + + + test $LIBUNISTRING_VERSION_MAJOR -lt 0 \ + || { test $LIBUNISTRING_VERSION_MAJOR -eq 0 \ + && { test $LIBUNISTRING_VERSION_MINOR -lt 9 \ + || { test $LIBUNISTRING_VERSION_MINOR -eq 9 \ + && test $LIBUNISTRING_VERSION_SUBMINOR -lt 8 + } + } + } + + + + + } + }; then + LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_PI_TRUE= + LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_PI_FALSE='#' +else + LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_PI_TRUE='#' + LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_PI_FALSE= +fi + + + + + if { test "$HAVE_LIBUNISTRING" != yes \ + || { + + + + test $LIBUNISTRING_VERSION_MAJOR -lt 0 \ + || { test $LIBUNISTRING_VERSION_MAJOR -eq 0 \ + && { test $LIBUNISTRING_VERSION_MINOR -lt 9 \ + || { test $LIBUNISTRING_VERSION_MINOR -eq 9 \ + && test $LIBUNISTRING_VERSION_SUBMINOR -lt 8 + } + } + } + + + + + } + }; then + LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_PO_TRUE= + LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_PO_FALSE='#' +else + LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_PO_TRUE='#' + LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_PO_FALSE= +fi + + + + + if { test "$HAVE_LIBUNISTRING" != yes \ + || { + + + + test $LIBUNISTRING_VERSION_MAJOR -lt 0 \ + || { test $LIBUNISTRING_VERSION_MAJOR -eq 0 \ + && { test $LIBUNISTRING_VERSION_MINOR -lt 9 \ + || { test $LIBUNISTRING_VERSION_MINOR -eq 9 \ + && test $LIBUNISTRING_VERSION_SUBMINOR -lt 8 + } + } + } + + + + + } + }; then + LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_PS_TRUE= + LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_PS_FALSE='#' +else + LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_PS_TRUE='#' + LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_PS_FALSE= +fi + + + + + if { test "$HAVE_LIBUNISTRING" != yes \ + || { + + + + test $LIBUNISTRING_VERSION_MAJOR -lt 0 \ + || { test $LIBUNISTRING_VERSION_MAJOR -eq 0 \ + && { test $LIBUNISTRING_VERSION_MINOR -lt 9 \ + || { test $LIBUNISTRING_VERSION_MINOR -eq 9 \ + && test $LIBUNISTRING_VERSION_SUBMINOR -lt 8 + } + } + } + + + + + } + }; then + LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_S_TRUE= + LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_S_FALSE='#' +else + LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_S_TRUE='#' + LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_S_FALSE= +fi + + + + + if { test "$HAVE_LIBUNISTRING" != yes \ + || { + + + + test $LIBUNISTRING_VERSION_MAJOR -lt 0 \ + || { test $LIBUNISTRING_VERSION_MAJOR -eq 0 \ + && { test $LIBUNISTRING_VERSION_MINOR -lt 9 \ + || { test $LIBUNISTRING_VERSION_MINOR -eq 9 \ + && test $LIBUNISTRING_VERSION_SUBMINOR -lt 8 + } + } + } + + + + + } + }; then + LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_SC_TRUE= + LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_SC_FALSE='#' +else + LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_SC_TRUE='#' + LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_SC_FALSE= +fi + + + + + if { test "$HAVE_LIBUNISTRING" != yes \ + || { + + + + test $LIBUNISTRING_VERSION_MAJOR -lt 0 \ + || { test $LIBUNISTRING_VERSION_MAJOR -eq 0 \ + && { test $LIBUNISTRING_VERSION_MINOR -lt 9 \ + || { test $LIBUNISTRING_VERSION_MINOR -eq 9 \ + && test $LIBUNISTRING_VERSION_SUBMINOR -lt 8 + } + } + } + + + + + } + }; then + LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_SK_TRUE= + LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_SK_FALSE='#' +else + LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_SK_TRUE='#' + LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_SK_FALSE= +fi + + + + + if { test "$HAVE_LIBUNISTRING" != yes \ + || { + + + + test $LIBUNISTRING_VERSION_MAJOR -lt 0 \ + || { test $LIBUNISTRING_VERSION_MAJOR -eq 0 \ + && { test $LIBUNISTRING_VERSION_MINOR -lt 9 \ + || { test $LIBUNISTRING_VERSION_MINOR -eq 9 \ + && test $LIBUNISTRING_VERSION_SUBMINOR -lt 8 + } + } + } + + + + + } + }; then + LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_SM_TRUE= + LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_SM_FALSE='#' +else + LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_SM_TRUE='#' + LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_SM_FALSE= +fi + + + + + if { test "$HAVE_LIBUNISTRING" != yes \ + || { + + + + test $LIBUNISTRING_VERSION_MAJOR -lt 0 \ + || { test $LIBUNISTRING_VERSION_MAJOR -eq 0 \ + && { test $LIBUNISTRING_VERSION_MINOR -lt 9 \ + || { test $LIBUNISTRING_VERSION_MINOR -eq 9 \ + && test $LIBUNISTRING_VERSION_SUBMINOR -lt 8 + } + } + } + + + + + } + }; then + LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_SO_TRUE= + LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_SO_FALSE='#' +else + LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_SO_TRUE='#' + LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_SO_FALSE= +fi + + + + + if { test "$HAVE_LIBUNISTRING" != yes \ + || { + + + + test $LIBUNISTRING_VERSION_MAJOR -lt 0 \ + || { test $LIBUNISTRING_VERSION_MAJOR -eq 0 \ + && { test $LIBUNISTRING_VERSION_MINOR -lt 9 \ + || { test $LIBUNISTRING_VERSION_MINOR -eq 9 \ + && test $LIBUNISTRING_VERSION_SUBMINOR -lt 8 + } + } + } + + + + + } + }; then + LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_Z_TRUE= + LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_Z_FALSE='#' +else + LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_Z_TRUE='#' + LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_Z_FALSE= +fi + + + + + if { test "$HAVE_LIBUNISTRING" != yes \ + || { + + + + test $LIBUNISTRING_VERSION_MAJOR -lt 0 \ + || { test $LIBUNISTRING_VERSION_MAJOR -eq 0 \ + && { test $LIBUNISTRING_VERSION_MINOR -lt 9 \ + || { test $LIBUNISTRING_VERSION_MINOR -eq 9 \ + && test $LIBUNISTRING_VERSION_SUBMINOR -lt 8 + } + } + } + + + + + } + }; then + LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_ZL_TRUE= + LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_ZL_FALSE='#' +else + LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_ZL_TRUE='#' + LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_ZL_FALSE= +fi + + + + + if { test "$HAVE_LIBUNISTRING" != yes \ + || { + + + + test $LIBUNISTRING_VERSION_MAJOR -lt 0 \ + || { test $LIBUNISTRING_VERSION_MAJOR -eq 0 \ + && { test $LIBUNISTRING_VERSION_MINOR -lt 9 \ + || { test $LIBUNISTRING_VERSION_MINOR -eq 9 \ + && test $LIBUNISTRING_VERSION_SUBMINOR -lt 8 + } + } + } + + + + + } + }; then + LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_ZP_TRUE= + LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_ZP_FALSE='#' +else + LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_ZP_TRUE='#' + LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_ZP_FALSE= +fi + + + + + if { test "$HAVE_LIBUNISTRING" != yes \ + || { + + + + test $LIBUNISTRING_VERSION_MAJOR -lt 0 \ + || { test $LIBUNISTRING_VERSION_MAJOR -eq 0 \ + && { test $LIBUNISTRING_VERSION_MINOR -lt 9 \ + || { test $LIBUNISTRING_VERSION_MINOR -eq 9 \ + && test $LIBUNISTRING_VERSION_SUBMINOR -lt 8 + } + } + } + + + + + } + }; then + LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_ZS_TRUE= + LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_ZS_FALSE='#' +else + LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_ZS_TRUE='#' + LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_ZS_FALSE= +fi + + + + + if { test "$HAVE_LIBUNISTRING" != yes \ + || { + + + + test $LIBUNISTRING_VERSION_MAJOR -lt 0 \ + || { test $LIBUNISTRING_VERSION_MAJOR -eq 0 \ + && { test $LIBUNISTRING_VERSION_MINOR -lt 9 \ + || { test $LIBUNISTRING_VERSION_MINOR -eq 9 \ + && test $LIBUNISTRING_VERSION_SUBMINOR -lt 8 + } + } + } + + + + + } + }; then + LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_AND_TRUE= + LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_AND_FALSE='#' +else + LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_AND_TRUE='#' + LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_AND_FALSE= +fi + + + + + if { test "$HAVE_LIBUNISTRING" != yes \ + || { + + + + test $LIBUNISTRING_VERSION_MAJOR -lt 0 \ + || { test $LIBUNISTRING_VERSION_MAJOR -eq 0 \ + && { test $LIBUNISTRING_VERSION_MINOR -lt 9 \ + || { test $LIBUNISTRING_VERSION_MINOR -eq 9 \ + && test $LIBUNISTRING_VERSION_SUBMINOR -lt 8 + } + } + } + + + + + } + }; then + LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_AND_NOT_TRUE= + LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_AND_NOT_FALSE='#' +else + LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_AND_NOT_TRUE='#' + LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_AND_NOT_FALSE= +fi + + + + + if { test "$HAVE_LIBUNISTRING" != yes \ + || { + + + + test $LIBUNISTRING_VERSION_MAJOR -lt 0 \ + || { test $LIBUNISTRING_VERSION_MAJOR -eq 0 \ + && { test $LIBUNISTRING_VERSION_MINOR -lt 9 \ + || { test $LIBUNISTRING_VERSION_MINOR -eq 9 \ + && test $LIBUNISTRING_VERSION_SUBMINOR -lt 8 + } + } + } + + + + + } + }; then + LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_BYNAME_TRUE= + LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_BYNAME_FALSE='#' +else + LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_BYNAME_TRUE='#' + LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_BYNAME_FALSE= +fi + + + + + if { test "$HAVE_LIBUNISTRING" != yes \ + || { + + + + test $LIBUNISTRING_VERSION_MAJOR -lt 0 \ + || { test $LIBUNISTRING_VERSION_MAJOR -eq 0 \ + && { test $LIBUNISTRING_VERSION_MINOR -lt 9 \ + || { test $LIBUNISTRING_VERSION_MINOR -eq 9 \ + && test $LIBUNISTRING_VERSION_SUBMINOR -lt 8 + } + } + } + + + + + } + }; then + LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_LONGNAME_TRUE= + LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_LONGNAME_FALSE='#' +else + LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_LONGNAME_TRUE='#' + LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_LONGNAME_FALSE= +fi + + + + + if { test "$HAVE_LIBUNISTRING" != yes \ + || { + + + + test $LIBUNISTRING_VERSION_MAJOR -lt 0 \ + || { test $LIBUNISTRING_VERSION_MAJOR -eq 0 \ + && { test $LIBUNISTRING_VERSION_MINOR -lt 9 \ + || { test $LIBUNISTRING_VERSION_MINOR -eq 9 \ + && test $LIBUNISTRING_VERSION_SUBMINOR -lt 8 + } + } + } + + + + + } + }; then + LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_NAME_TRUE= + LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_NAME_FALSE='#' +else + LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_NAME_TRUE='#' + LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_NAME_FALSE= +fi + + + + + if { test "$HAVE_LIBUNISTRING" != yes \ + || { + + + + test $LIBUNISTRING_VERSION_MAJOR -lt 0 \ + || { test $LIBUNISTRING_VERSION_MAJOR -eq 0 \ + && { test $LIBUNISTRING_VERSION_MINOR -lt 9 \ + || { test $LIBUNISTRING_VERSION_MINOR -eq 9 \ + && test $LIBUNISTRING_VERSION_SUBMINOR -lt 8 + } + } + } + + + + + } + }; then + LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_NONE_TRUE= + LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_NONE_FALSE='#' +else + LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_NONE_TRUE='#' + LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_NONE_FALSE= +fi + + + + + + if { test "$HAVE_LIBUNISTRING" != yes \ + || { + + + + test $LIBUNISTRING_VERSION_MAJOR -lt 0 \ + || { test $LIBUNISTRING_VERSION_MAJOR -eq 0 \ + && { test $LIBUNISTRING_VERSION_MINOR -lt 9 \ + || { test $LIBUNISTRING_VERSION_MINOR -eq 9 \ + && test $LIBUNISTRING_VERSION_SUBMINOR -lt 8 + } + } + } + + + + + } + }; then + LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_OF_TRUE= + LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_OF_FALSE='#' +else + LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_OF_TRUE='#' + LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_OF_FALSE= +fi + + + + + if { test "$HAVE_LIBUNISTRING" != yes \ + || { + + + + test $LIBUNISTRING_VERSION_MAJOR -lt 0 \ + || { test $LIBUNISTRING_VERSION_MAJOR -eq 0 \ + && { test $LIBUNISTRING_VERSION_MINOR -lt 9 \ + || { test $LIBUNISTRING_VERSION_MINOR -eq 9 \ + && test $LIBUNISTRING_VERSION_SUBMINOR -lt 8 + } + } + } + + + + + } + }; then + LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_OR_TRUE= + LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_OR_FALSE='#' +else + LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_OR_TRUE='#' + LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_OR_FALSE= +fi + + + + + + if { test "$HAVE_LIBUNISTRING" != yes \ + || { + + + + test $LIBUNISTRING_VERSION_MAJOR -lt 0 \ + || { test $LIBUNISTRING_VERSION_MAJOR -eq 0 \ + && { test $LIBUNISTRING_VERSION_MINOR -lt 9 \ + || { test $LIBUNISTRING_VERSION_MINOR -eq 9 \ + && test $LIBUNISTRING_VERSION_SUBMINOR -lt 8 + } + } + } + + + + + } + }; then + LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_TEST_TRUE= + LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_TEST_FALSE='#' +else + LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_TEST_TRUE='#' + LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_TEST_FALSE= +fi + + + + + if { test "$HAVE_LIBUNISTRING" != yes \ + || { + + + + test $LIBUNISTRING_VERSION_MAJOR -lt 0 \ + || { test $LIBUNISTRING_VERSION_MAJOR -eq 0 \ + && { test $LIBUNISTRING_VERSION_MINOR -lt 9 \ + || { test $LIBUNISTRING_VERSION_MINOR -eq 9 \ + && test $LIBUNISTRING_VERSION_SUBMINOR -lt 8 + } + } + } + + + + + } + }; then + LIBUNISTRING_COMPILE_UNICTYPE_COMBINING_CLASS_TRUE= + LIBUNISTRING_COMPILE_UNICTYPE_COMBINING_CLASS_FALSE='#' +else + LIBUNISTRING_COMPILE_UNICTYPE_COMBINING_CLASS_TRUE='#' + LIBUNISTRING_COMPILE_UNICTYPE_COMBINING_CLASS_FALSE= +fi + + + + + + if { test "$HAVE_LIBUNISTRING" != yes \ + || { + + + + test $LIBUNISTRING_VERSION_MAJOR -lt 0 \ + || { test $LIBUNISTRING_VERSION_MAJOR -eq 0 \ + && { test $LIBUNISTRING_VERSION_MINOR -lt 9 \ + || { test $LIBUNISTRING_VERSION_MINOR -eq 9 \ + && test $LIBUNISTRING_VERSION_SUBMINOR -lt 8 + } + } + } + + + + + } + }; then + LIBUNISTRING_COMPILE_UNICTYPE_PROPERTY_DEFAULT_IGNORABLE_CODE_POINT_TRUE= + LIBUNISTRING_COMPILE_UNICTYPE_PROPERTY_DEFAULT_IGNORABLE_CODE_POINT_FALSE='#' +else + LIBUNISTRING_COMPILE_UNICTYPE_PROPERTY_DEFAULT_IGNORABLE_CODE_POINT_TRUE='#' + LIBUNISTRING_COMPILE_UNICTYPE_PROPERTY_DEFAULT_IGNORABLE_CODE_POINT_FALSE= +fi + + + + + + if { test "$HAVE_LIBUNISTRING" != yes \ + || { + + + + test $LIBUNISTRING_VERSION_MAJOR -lt 0 \ + || { test $LIBUNISTRING_VERSION_MAJOR -eq 0 \ + && { test $LIBUNISTRING_VERSION_MINOR -lt 9 \ + || { test $LIBUNISTRING_VERSION_MINOR -eq 9 \ + && test $LIBUNISTRING_VERSION_SUBMINOR -lt 8 + } + } + } + + + + + } + }; then + LIBUNISTRING_COMPILE_UNICTYPE_PROPERTY_JOIN_CONTROL_TRUE= + LIBUNISTRING_COMPILE_UNICTYPE_PROPERTY_JOIN_CONTROL_FALSE='#' +else + LIBUNISTRING_COMPILE_UNICTYPE_PROPERTY_JOIN_CONTROL_TRUE='#' + LIBUNISTRING_COMPILE_UNICTYPE_PROPERTY_JOIN_CONTROL_FALSE= +fi + + + + + + if { test "$HAVE_LIBUNISTRING" != yes \ + || { + + + + test $LIBUNISTRING_VERSION_MAJOR -lt 0 \ + || { test $LIBUNISTRING_VERSION_MAJOR -eq 0 \ + && { test $LIBUNISTRING_VERSION_MINOR -lt 9 \ + || { test $LIBUNISTRING_VERSION_MINOR -eq 9 \ + && test $LIBUNISTRING_VERSION_SUBMINOR -lt 8 + } + } + } + + + + + } + }; then + LIBUNISTRING_COMPILE_UNICTYPE_PROPERTY_NOT_A_CHARACTER_TRUE= + LIBUNISTRING_COMPILE_UNICTYPE_PROPERTY_NOT_A_CHARACTER_FALSE='#' +else + LIBUNISTRING_COMPILE_UNICTYPE_PROPERTY_NOT_A_CHARACTER_TRUE='#' + LIBUNISTRING_COMPILE_UNICTYPE_PROPERTY_NOT_A_CHARACTER_FALSE= +fi + + + + + if { test "$HAVE_LIBUNISTRING" != yes \ + || { + + + + test $LIBUNISTRING_VERSION_MAJOR -lt 0 \ + || { test $LIBUNISTRING_VERSION_MAJOR -eq 0 \ + && { test $LIBUNISTRING_VERSION_MINOR -lt 9 \ + || { test $LIBUNISTRING_VERSION_MINOR -eq 9 \ + && test $LIBUNISTRING_VERSION_SUBMINOR -lt 4 + } + } + } + + + + + } + }; then + LIBUNISTRING_UNINORM_H='uninorm.h' + else + LIBUNISTRING_UNINORM_H= + fi + + + + + if { test "$HAVE_LIBUNISTRING" != yes \ + || { + + + + test $LIBUNISTRING_VERSION_MAJOR -lt 0 \ + || { test $LIBUNISTRING_VERSION_MAJOR -eq 0 \ + && { test $LIBUNISTRING_VERSION_MINOR -lt 9 \ + || { test $LIBUNISTRING_VERSION_MINOR -eq 9 \ + && test $LIBUNISTRING_VERSION_SUBMINOR -lt 8 + } + } + } + + + + + } + }; then + LIBUNISTRING_COMPILE_UNINORM_CANONICAL_DECOMPOSITION_TRUE= + LIBUNISTRING_COMPILE_UNINORM_CANONICAL_DECOMPOSITION_FALSE='#' +else + LIBUNISTRING_COMPILE_UNINORM_CANONICAL_DECOMPOSITION_TRUE='#' + LIBUNISTRING_COMPILE_UNINORM_CANONICAL_DECOMPOSITION_FALSE= +fi + + + + + if { test "$HAVE_LIBUNISTRING" != yes \ + || { + + + + test $LIBUNISTRING_VERSION_MAJOR -lt 0 \ + || { test $LIBUNISTRING_VERSION_MAJOR -eq 0 \ + && { test $LIBUNISTRING_VERSION_MINOR -lt 9 \ + || { test $LIBUNISTRING_VERSION_MINOR -eq 9 \ + && test $LIBUNISTRING_VERSION_SUBMINOR -lt 8 + } + } + } + + + + + } + }; then + LIBUNISTRING_COMPILE_UNINORM_COMPOSITION_TRUE= + LIBUNISTRING_COMPILE_UNINORM_COMPOSITION_FALSE='#' +else + LIBUNISTRING_COMPILE_UNINORM_COMPOSITION_TRUE='#' + LIBUNISTRING_COMPILE_UNINORM_COMPOSITION_FALSE= +fi + + + + + if { test "$HAVE_LIBUNISTRING" != yes \ + || { + + + + test $LIBUNISTRING_VERSION_MAJOR -lt 0 \ + || { test $LIBUNISTRING_VERSION_MAJOR -eq 0 \ + && { test $LIBUNISTRING_VERSION_MINOR -lt 9 \ + || { test $LIBUNISTRING_VERSION_MINOR -eq 9 \ + && test $LIBUNISTRING_VERSION_SUBMINOR -lt 8 + } + } + } + + + + + } + }; then + LIBUNISTRING_COMPILE_UNINORM_DECOMPOSITION_TRUE= + LIBUNISTRING_COMPILE_UNINORM_DECOMPOSITION_FALSE='#' +else + LIBUNISTRING_COMPILE_UNINORM_DECOMPOSITION_TRUE='#' + LIBUNISTRING_COMPILE_UNINORM_DECOMPOSITION_FALSE= +fi + + + + + + if { test "$HAVE_LIBUNISTRING" != yes \ + || { + + + + test $LIBUNISTRING_VERSION_MAJOR -lt 0 \ + || { test $LIBUNISTRING_VERSION_MAJOR -eq 0 \ + && { test $LIBUNISTRING_VERSION_MINOR -lt 9 \ + || { test $LIBUNISTRING_VERSION_MINOR -eq 9 \ + && test $LIBUNISTRING_VERSION_SUBMINOR -lt 8 + } + } + } + + + + + } + }; then + LIBUNISTRING_COMPILE_UNINORM_NFC_TRUE= + LIBUNISTRING_COMPILE_UNINORM_NFC_FALSE='#' +else + LIBUNISTRING_COMPILE_UNINORM_NFC_TRUE='#' + LIBUNISTRING_COMPILE_UNINORM_NFC_FALSE= +fi + + + + + if { test "$HAVE_LIBUNISTRING" != yes \ + || { + + + + test $LIBUNISTRING_VERSION_MAJOR -lt 0 \ + || { test $LIBUNISTRING_VERSION_MAJOR -eq 0 \ + && { test $LIBUNISTRING_VERSION_MINOR -lt 9 \ + || { test $LIBUNISTRING_VERSION_MINOR -eq 9 \ + && test $LIBUNISTRING_VERSION_SUBMINOR -lt 8 + } + } + } + + + + + } + }; then + LIBUNISTRING_COMPILE_UNINORM_NFD_TRUE= + LIBUNISTRING_COMPILE_UNINORM_NFD_FALSE='#' +else + LIBUNISTRING_COMPILE_UNINORM_NFD_TRUE='#' + LIBUNISTRING_COMPILE_UNINORM_NFD_FALSE= +fi + + + + + if { test "$HAVE_LIBUNISTRING" != yes \ + || { + + + + test $LIBUNISTRING_VERSION_MAJOR -lt 0 \ + || { test $LIBUNISTRING_VERSION_MAJOR -eq 0 \ + && { test $LIBUNISTRING_VERSION_MINOR -lt 9 \ + || { test $LIBUNISTRING_VERSION_MINOR -eq 9 \ + && test $LIBUNISTRING_VERSION_SUBMINOR -lt 8 + } + } + } + + + + + } + }; then + LIBUNISTRING_COMPILE_UNINORM_NFKC_TRUE= + LIBUNISTRING_COMPILE_UNINORM_NFKC_FALSE='#' +else + LIBUNISTRING_COMPILE_UNINORM_NFKC_TRUE='#' + LIBUNISTRING_COMPILE_UNINORM_NFKC_FALSE= +fi + + + + + if { test "$HAVE_LIBUNISTRING" != yes \ + || { + + + + test $LIBUNISTRING_VERSION_MAJOR -lt 0 \ + || { test $LIBUNISTRING_VERSION_MAJOR -eq 0 \ + && { test $LIBUNISTRING_VERSION_MINOR -lt 9 \ + || { test $LIBUNISTRING_VERSION_MINOR -eq 9 \ + && test $LIBUNISTRING_VERSION_SUBMINOR -lt 8 + } + } + } + + + + + } + }; then + LIBUNISTRING_COMPILE_UNINORM_NFKD_TRUE= + LIBUNISTRING_COMPILE_UNINORM_NFKD_FALSE='#' +else + LIBUNISTRING_COMPILE_UNINORM_NFKD_TRUE='#' + LIBUNISTRING_COMPILE_UNINORM_NFKD_FALSE= +fi + + + + +$as_echo "#define GNULIB_TEST_UNINORM_U16_NORMALIZE 1" >>confdefs.h + + + + + if { test "$HAVE_LIBUNISTRING" != yes \ + || { + + + + test $LIBUNISTRING_VERSION_MAJOR -lt 0 \ + || { test $LIBUNISTRING_VERSION_MAJOR -eq 0 \ + && { test $LIBUNISTRING_VERSION_MINOR -lt 9 \ + || { test $LIBUNISTRING_VERSION_MINOR -eq 9 \ + && test $LIBUNISTRING_VERSION_SUBMINOR -lt 8 + } + } + } + + + + + } + }; then + LIBUNISTRING_COMPILE_UNINORM_U16_NORMALIZE_TRUE= + LIBUNISTRING_COMPILE_UNINORM_U16_NORMALIZE_FALSE='#' +else + LIBUNISTRING_COMPILE_UNINORM_U16_NORMALIZE_TRUE='#' + LIBUNISTRING_COMPILE_UNINORM_U16_NORMALIZE_FALSE= +fi + + + + +$as_echo "#define GNULIB_TEST_UNINORM_U32_NORMALIZE 1" >>confdefs.h + + + + + if { test "$HAVE_LIBUNISTRING" != yes \ + || { + + + + test $LIBUNISTRING_VERSION_MAJOR -lt 0 \ + || { test $LIBUNISTRING_VERSION_MAJOR -eq 0 \ + && { test $LIBUNISTRING_VERSION_MINOR -lt 9 \ + || { test $LIBUNISTRING_VERSION_MINOR -eq 9 \ + && test $LIBUNISTRING_VERSION_SUBMINOR -lt 8 + } + } + } + + + + + } + }; then + LIBUNISTRING_COMPILE_UNINORM_U32_NORMALIZE_TRUE= + LIBUNISTRING_COMPILE_UNINORM_U32_NORMALIZE_FALSE='#' +else + LIBUNISTRING_COMPILE_UNINORM_U32_NORMALIZE_TRUE='#' + LIBUNISTRING_COMPILE_UNINORM_U32_NORMALIZE_FALSE= +fi + + + + +$as_echo "#define GNULIB_TEST_UNINORM_U8_NORMALIZE 1" >>confdefs.h + + + + + if { test "$HAVE_LIBUNISTRING" != yes \ + || { + + + + test $LIBUNISTRING_VERSION_MAJOR -lt 0 \ + || { test $LIBUNISTRING_VERSION_MAJOR -eq 0 \ + && { test $LIBUNISTRING_VERSION_MINOR -lt 9 \ + || { test $LIBUNISTRING_VERSION_MINOR -eq 9 \ + && test $LIBUNISTRING_VERSION_SUBMINOR -lt 8 + } + } + } + + + + + } + }; then + LIBUNISTRING_COMPILE_UNINORM_U8_NORMALIZE_TRUE= + LIBUNISTRING_COMPILE_UNINORM_U8_NORMALIZE_FALSE='#' +else + LIBUNISTRING_COMPILE_UNINORM_U8_NORMALIZE_TRUE='#' + LIBUNISTRING_COMPILE_UNINORM_U8_NORMALIZE_FALSE= +fi + + + + + if { test "$HAVE_LIBUNISTRING" != yes \ + || { + + + + test $LIBUNISTRING_VERSION_MAJOR -lt 0 \ + || { test $LIBUNISTRING_VERSION_MAJOR -eq 0 \ + && { test $LIBUNISTRING_VERSION_MINOR -lt 9 \ + || { test $LIBUNISTRING_VERSION_MINOR -eq 9 \ + && test $LIBUNISTRING_VERSION_SUBMINOR -lt 4 + } + } + } + + + + + } + }; then + LIBUNISTRING_UNISTR_H='unistr.h' + else + LIBUNISTRING_UNISTR_H= + fi + + + + + if { test "$HAVE_LIBUNISTRING" != yes \ + || { + + + + test $LIBUNISTRING_VERSION_MAJOR -lt 0 \ + || { test $LIBUNISTRING_VERSION_MAJOR -eq 0 \ + && { test $LIBUNISTRING_VERSION_MINOR -lt 9 \ + || { test $LIBUNISTRING_VERSION_MINOR -eq 9 \ + && test $LIBUNISTRING_VERSION_SUBMINOR -lt 0 + } + } + } + + + + + } + }; then + LIBUNISTRING_COMPILE_UNISTR_U16_CPY_TRUE= + LIBUNISTRING_COMPILE_UNISTR_U16_CPY_FALSE='#' +else + LIBUNISTRING_COMPILE_UNISTR_U16_CPY_TRUE='#' + LIBUNISTRING_COMPILE_UNISTR_U16_CPY_FALSE= +fi + + + + +cat >>confdefs.h <<_ACEOF +#define GNULIB_UNISTR_U16_MBTOUC_UNSAFE 1 +_ACEOF + + + + + if { test "$HAVE_LIBUNISTRING" != yes \ + || { + + + + test $LIBUNISTRING_VERSION_MAJOR -lt 0 \ + || { test $LIBUNISTRING_VERSION_MAJOR -eq 0 \ + && { test $LIBUNISTRING_VERSION_MINOR -lt 9 \ + || { test $LIBUNISTRING_VERSION_MINOR -eq 9 \ + && test $LIBUNISTRING_VERSION_SUBMINOR -lt 0 + } + } + } + + + + + } + }; then + LIBUNISTRING_COMPILE_UNISTR_U16_MBTOUC_UNSAFE_TRUE= + LIBUNISTRING_COMPILE_UNISTR_U16_MBTOUC_UNSAFE_FALSE='#' +else + LIBUNISTRING_COMPILE_UNISTR_U16_MBTOUC_UNSAFE_TRUE='#' + LIBUNISTRING_COMPILE_UNISTR_U16_MBTOUC_UNSAFE_FALSE= +fi + + + + +cat >>confdefs.h <<_ACEOF +#define GNULIB_UNISTR_U16_MBTOUCR 1 +_ACEOF + + + + + if { test "$HAVE_LIBUNISTRING" != yes \ + || { + + + + test $LIBUNISTRING_VERSION_MAJOR -lt 0 \ + || { test $LIBUNISTRING_VERSION_MAJOR -eq 0 \ + && { test $LIBUNISTRING_VERSION_MINOR -lt 9 \ + || { test $LIBUNISTRING_VERSION_MINOR -eq 9 \ + && test $LIBUNISTRING_VERSION_SUBMINOR -lt 0 + } + } + } + + + + + } + }; then + LIBUNISTRING_COMPILE_UNISTR_U16_MBTOUCR_TRUE= + LIBUNISTRING_COMPILE_UNISTR_U16_MBTOUCR_FALSE='#' +else + LIBUNISTRING_COMPILE_UNISTR_U16_MBTOUCR_TRUE='#' + LIBUNISTRING_COMPILE_UNISTR_U16_MBTOUCR_FALSE= +fi + + + + + if { test "$HAVE_LIBUNISTRING" != yes \ + || { + + + + test $LIBUNISTRING_VERSION_MAJOR -lt 0 \ + || { test $LIBUNISTRING_VERSION_MAJOR -eq 0 \ + && { test $LIBUNISTRING_VERSION_MINOR -lt 9 \ + || { test $LIBUNISTRING_VERSION_MINOR -eq 9 \ + && test $LIBUNISTRING_VERSION_SUBMINOR -lt 3 + } + } + } + + + + + } + }; then + LIBUNISTRING_COMPILE_UNISTR_U16_TO_U8_TRUE= + LIBUNISTRING_COMPILE_UNISTR_U16_TO_U8_FALSE='#' +else + LIBUNISTRING_COMPILE_UNISTR_U16_TO_U8_TRUE='#' + LIBUNISTRING_COMPILE_UNISTR_U16_TO_U8_FALSE= +fi + + + + +cat >>confdefs.h <<_ACEOF +#define GNULIB_UNISTR_U16_UCTOMB 1 +_ACEOF + + + + + if { test "$HAVE_LIBUNISTRING" != yes \ + || { + + + + test $LIBUNISTRING_VERSION_MAJOR -lt 0 \ + || { test $LIBUNISTRING_VERSION_MAJOR -eq 0 \ + && { test $LIBUNISTRING_VERSION_MINOR -lt 9 \ + || { test $LIBUNISTRING_VERSION_MINOR -eq 9 \ + && test $LIBUNISTRING_VERSION_SUBMINOR -lt 0 + } + } + } + + + + + } + }; then + LIBUNISTRING_COMPILE_UNISTR_U16_UCTOMB_TRUE= + LIBUNISTRING_COMPILE_UNISTR_U16_UCTOMB_FALSE='#' +else + LIBUNISTRING_COMPILE_UNISTR_U16_UCTOMB_TRUE='#' + LIBUNISTRING_COMPILE_UNISTR_U16_UCTOMB_FALSE= +fi + + + + + if { test "$HAVE_LIBUNISTRING" != yes \ + || { + + + + test $LIBUNISTRING_VERSION_MAJOR -lt 0 \ + || { test $LIBUNISTRING_VERSION_MAJOR -eq 0 \ + && { test $LIBUNISTRING_VERSION_MINOR -lt 9 \ + || { test $LIBUNISTRING_VERSION_MINOR -eq 9 \ + && test $LIBUNISTRING_VERSION_SUBMINOR -lt 0 + } + } + } + + + + + } + }; then + LIBUNISTRING_COMPILE_UNISTR_U32_CPY_TRUE= + LIBUNISTRING_COMPILE_UNISTR_U32_CPY_FALSE='#' +else + LIBUNISTRING_COMPILE_UNISTR_U32_CPY_TRUE='#' + LIBUNISTRING_COMPILE_UNISTR_U32_CPY_FALSE= +fi + + + + +cat >>confdefs.h <<_ACEOF +#define GNULIB_UNISTR_U32_MBTOUC_UNSAFE 1 +_ACEOF + + + + + if { test "$HAVE_LIBUNISTRING" != yes \ + || { + + + + test $LIBUNISTRING_VERSION_MAJOR -lt 0 \ + || { test $LIBUNISTRING_VERSION_MAJOR -eq 0 \ + && { test $LIBUNISTRING_VERSION_MINOR -lt 9 \ + || { test $LIBUNISTRING_VERSION_MINOR -eq 9 \ + && test $LIBUNISTRING_VERSION_SUBMINOR -lt 0 + } + } + } + + + + + } + }; then + LIBUNISTRING_COMPILE_UNISTR_U32_MBTOUC_UNSAFE_TRUE= + LIBUNISTRING_COMPILE_UNISTR_U32_MBTOUC_UNSAFE_FALSE='#' +else + LIBUNISTRING_COMPILE_UNISTR_U32_MBTOUC_UNSAFE_TRUE='#' + LIBUNISTRING_COMPILE_UNISTR_U32_MBTOUC_UNSAFE_FALSE= +fi + + + + + if { test "$HAVE_LIBUNISTRING" != yes \ + || { + + + + test $LIBUNISTRING_VERSION_MAJOR -lt 0 \ + || { test $LIBUNISTRING_VERSION_MAJOR -eq 0 \ + && { test $LIBUNISTRING_VERSION_MINOR -lt 9 \ + || { test $LIBUNISTRING_VERSION_MINOR -eq 9 \ + && test $LIBUNISTRING_VERSION_SUBMINOR -lt 0 + } + } + } + + + + + } + }; then + LIBUNISTRING_COMPILE_UNISTR_U32_TO_U8_TRUE= + LIBUNISTRING_COMPILE_UNISTR_U32_TO_U8_FALSE='#' +else + LIBUNISTRING_COMPILE_UNISTR_U32_TO_U8_TRUE='#' + LIBUNISTRING_COMPILE_UNISTR_U32_TO_U8_FALSE= +fi + + + + +cat >>confdefs.h <<_ACEOF +#define GNULIB_UNISTR_U32_UCTOMB 1 +_ACEOF + + + + + if { test "$HAVE_LIBUNISTRING" != yes \ + || { + + + + test $LIBUNISTRING_VERSION_MAJOR -lt 0 \ + || { test $LIBUNISTRING_VERSION_MAJOR -eq 0 \ + && { test $LIBUNISTRING_VERSION_MINOR -lt 9 \ + || { test $LIBUNISTRING_VERSION_MINOR -eq 9 \ + && test $LIBUNISTRING_VERSION_SUBMINOR -lt 0 + } + } + } + + + + + } + }; then + LIBUNISTRING_COMPILE_UNISTR_U32_UCTOMB_TRUE= + LIBUNISTRING_COMPILE_UNISTR_U32_UCTOMB_FALSE='#' +else + LIBUNISTRING_COMPILE_UNISTR_U32_UCTOMB_TRUE='#' + LIBUNISTRING_COMPILE_UNISTR_U32_UCTOMB_FALSE= +fi + + + + + if { test "$HAVE_LIBUNISTRING" != yes \ + || { + + + + test $LIBUNISTRING_VERSION_MAJOR -lt 0 \ + || { test $LIBUNISTRING_VERSION_MAJOR -eq 0 \ + && { test $LIBUNISTRING_VERSION_MINOR -lt 9 \ + || { test $LIBUNISTRING_VERSION_MINOR -eq 9 \ + && test $LIBUNISTRING_VERSION_SUBMINOR -lt 0 + } + } + } + + + + + } + }; then + LIBUNISTRING_COMPILE_UNISTR_U8_CHECK_TRUE= + LIBUNISTRING_COMPILE_UNISTR_U8_CHECK_FALSE='#' +else + LIBUNISTRING_COMPILE_UNISTR_U8_CHECK_TRUE='#' + LIBUNISTRING_COMPILE_UNISTR_U8_CHECK_FALSE= +fi + + + + + if { test "$HAVE_LIBUNISTRING" != yes \ + || { + + + + test $LIBUNISTRING_VERSION_MAJOR -lt 0 \ + || { test $LIBUNISTRING_VERSION_MAJOR -eq 0 \ + && { test $LIBUNISTRING_VERSION_MINOR -lt 9 \ + || { test $LIBUNISTRING_VERSION_MINOR -eq 9 \ + && test $LIBUNISTRING_VERSION_SUBMINOR -lt 0 + } + } + } + + + + + } + }; then + LIBUNISTRING_COMPILE_UNISTR_U8_CPY_TRUE= + LIBUNISTRING_COMPILE_UNISTR_U8_CPY_FALSE='#' +else + LIBUNISTRING_COMPILE_UNISTR_U8_CPY_TRUE='#' + LIBUNISTRING_COMPILE_UNISTR_U8_CPY_FALSE= +fi + + + + +cat >>confdefs.h <<_ACEOF +#define GNULIB_UNISTR_U8_MBTOUC_UNSAFE 1 +_ACEOF + + + + + if { test "$HAVE_LIBUNISTRING" != yes \ + || { + + + + test $LIBUNISTRING_VERSION_MAJOR -lt 0 \ + || { test $LIBUNISTRING_VERSION_MAJOR -eq 0 \ + && { test $LIBUNISTRING_VERSION_MINOR -lt 9 \ + || { test $LIBUNISTRING_VERSION_MINOR -eq 9 \ + && test $LIBUNISTRING_VERSION_SUBMINOR -lt 4 + } + } + } + + + + + } + }; then + LIBUNISTRING_COMPILE_UNISTR_U8_MBTOUC_UNSAFE_TRUE= + LIBUNISTRING_COMPILE_UNISTR_U8_MBTOUC_UNSAFE_FALSE='#' +else + LIBUNISTRING_COMPILE_UNISTR_U8_MBTOUC_UNSAFE_TRUE='#' + LIBUNISTRING_COMPILE_UNISTR_U8_MBTOUC_UNSAFE_FALSE= +fi + + + + +cat >>confdefs.h <<_ACEOF +#define GNULIB_UNISTR_U8_MBTOUCR 1 +_ACEOF + + + + + if { test "$HAVE_LIBUNISTRING" != yes \ + || { + + + + test $LIBUNISTRING_VERSION_MAJOR -lt 0 \ + || { test $LIBUNISTRING_VERSION_MAJOR -eq 0 \ + && { test $LIBUNISTRING_VERSION_MINOR -lt 9 \ + || { test $LIBUNISTRING_VERSION_MINOR -eq 9 \ + && test $LIBUNISTRING_VERSION_SUBMINOR -lt 0 + } + } + } + + + + + } + }; then + LIBUNISTRING_COMPILE_UNISTR_U8_MBTOUCR_TRUE= + LIBUNISTRING_COMPILE_UNISTR_U8_MBTOUCR_FALSE='#' +else + LIBUNISTRING_COMPILE_UNISTR_U8_MBTOUCR_TRUE='#' + LIBUNISTRING_COMPILE_UNISTR_U8_MBTOUCR_FALSE= +fi + + + + + if { test "$HAVE_LIBUNISTRING" != yes \ + || { + + + + test $LIBUNISTRING_VERSION_MAJOR -lt 0 \ + || { test $LIBUNISTRING_VERSION_MAJOR -eq 0 \ + && { test $LIBUNISTRING_VERSION_MINOR -lt 9 \ + || { test $LIBUNISTRING_VERSION_MINOR -eq 9 \ + && test $LIBUNISTRING_VERSION_SUBMINOR -lt 3 + } + } + } + + + + + } + }; then + LIBUNISTRING_COMPILE_UNISTR_U8_TO_U16_TRUE= + LIBUNISTRING_COMPILE_UNISTR_U8_TO_U16_FALSE='#' +else + LIBUNISTRING_COMPILE_UNISTR_U8_TO_U16_TRUE='#' + LIBUNISTRING_COMPILE_UNISTR_U8_TO_U16_FALSE= +fi + + + + + if { test "$HAVE_LIBUNISTRING" != yes \ + || { + + + + test $LIBUNISTRING_VERSION_MAJOR -lt 0 \ + || { test $LIBUNISTRING_VERSION_MAJOR -eq 0 \ + && { test $LIBUNISTRING_VERSION_MINOR -lt 9 \ + || { test $LIBUNISTRING_VERSION_MINOR -eq 9 \ + && test $LIBUNISTRING_VERSION_SUBMINOR -lt 3 + } + } + } + + + + + } + }; then + LIBUNISTRING_COMPILE_UNISTR_U8_TO_U32_TRUE= + LIBUNISTRING_COMPILE_UNISTR_U8_TO_U32_FALSE='#' +else + LIBUNISTRING_COMPILE_UNISTR_U8_TO_U32_TRUE='#' + LIBUNISTRING_COMPILE_UNISTR_U8_TO_U32_FALSE= +fi + + + + +cat >>confdefs.h <<_ACEOF +#define GNULIB_UNISTR_U8_UCTOMB 1 +_ACEOF + + + + + if { test "$HAVE_LIBUNISTRING" != yes \ + || { + + + + test $LIBUNISTRING_VERSION_MAJOR -lt 0 \ + || { test $LIBUNISTRING_VERSION_MAJOR -eq 0 \ + && { test $LIBUNISTRING_VERSION_MINOR -lt 9 \ + || { test $LIBUNISTRING_VERSION_MINOR -eq 9 \ + && test $LIBUNISTRING_VERSION_SUBMINOR -lt 0 + } + } + } + + + + + } + }; then + LIBUNISTRING_COMPILE_UNISTR_U8_UCTOMB_TRUE= + LIBUNISTRING_COMPILE_UNISTR_U8_UCTOMB_FALSE='#' +else + LIBUNISTRING_COMPILE_UNISTR_U8_UCTOMB_TRUE='#' + LIBUNISTRING_COMPILE_UNISTR_U8_UCTOMB_FALSE= +fi + + + + + if { test "$HAVE_LIBUNISTRING" != yes \ + || { + + + + test $LIBUNISTRING_VERSION_MAJOR -lt 0 \ + || { test $LIBUNISTRING_VERSION_MAJOR -eq 0 \ + && { test $LIBUNISTRING_VERSION_MINOR -lt 9 \ + || { test $LIBUNISTRING_VERSION_MINOR -eq 9 \ + && test $LIBUNISTRING_VERSION_SUBMINOR -lt 4 + } + } + } + + + + + } + }; then + LIBUNISTRING_UNITYPES_H='unitypes.h' + else + LIBUNISTRING_UNITYPES_H= + fi + + + # End of code from modules + + + + + + + + gltests_libdeps= + gltests_ltlibdeps= + + + + + + + + + + gl_source_base='tests' + unistringtests_WITNESS=IN_`echo "${PACKAGE-$PACKAGE_TARNAME}" | LC_ALL=C tr abcdefghijklmnopqrstuvwxyz ABCDEFGHIJKLMNOPQRSTUVWXYZ | LC_ALL=C sed -e 's/[^A-Z0-9_]/_/g'`_GNULIB_TESTS + + gl_module_indicator_condition=$unistringtests_WITNESS + + + + + + + + + + + +# disable the extended test suite at tests/suite if asked, or if we are not running in git master +# Check whether --enable-full-test-suite was given. +if test "${enable_full_test_suite+set}" = set; then : + enableval=$enable_full_test_suite; full_test_suite=$enableval +else + full_test_suite=yes +fi + + +# test if we are in git master or in release build. In release +# builds we do not use valgrind. +SUITE_FILE="${srcdir}/tests/suite/mini-eagain2.c" +if test "$full_test_suite" = yes && test ! -f "$SUITE_FILE";then + full_test_suite=no +fi + + if test "$full_test_suite" = "yes"; then + WANT_TEST_SUITE_TRUE= + WANT_TEST_SUITE_FALSE='#' +else + WANT_TEST_SUITE_TRUE='#' + WANT_TEST_SUITE_FALSE= +fi + + + +# Check whether --enable-gcc-warnings was given. +if test "${enable_gcc_warnings+set}" = set; then : + enableval=$enable_gcc_warnings; case $enableval in + yes|no) ;; + *) as_fn_error $? "bad value $enableval for gcc-warnings option" "$LINENO" 5 ;; + esac + gl_gcc_warnings=$enableval +else + gl_gcc_warnings=yes + +fi + + +if test "$gl_gcc_warnings" = yes; then + + ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether C compiler handles -Werror -Wunknown-warning-option" >&5 +$as_echo_n "checking whether C compiler handles -Werror -Wunknown-warning-option... " >&6; } +if ${gl_cv_warn_c__Werror__Wunknown_warning_option+:} false; then : + $as_echo_n "(cached) " >&6 +else + + gl_save_compiler_FLAGS="$CFLAGS" + as_fn_append CFLAGS " $gl_unknown_warnings_are_errors -Werror -Wunknown-warning-option" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + gl_cv_warn_c__Werror__Wunknown_warning_option=yes +else + gl_cv_warn_c__Werror__Wunknown_warning_option=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + CFLAGS="$gl_save_compiler_FLAGS" + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_warn_c__Werror__Wunknown_warning_option" >&5 +$as_echo "$gl_cv_warn_c__Werror__Wunknown_warning_option" >&6; } +if test "x$gl_cv_warn_c__Werror__Wunknown_warning_option" = xyes; then : + gl_unknown_warnings_are_errors='-Wunknown-warning-option -Werror' +else + gl_unknown_warnings_are_errors= +fi + + ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu + + + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether C compiler handles -Wtype-limits" >&5 +$as_echo_n "checking whether C compiler handles -Wtype-limits... " >&6; } +if ${gl_cv_warn_c__Wtype_limits+:} false; then : + $as_echo_n "(cached) " >&6 +else + + gl_save_compiler_FLAGS="$CFLAGS" + as_fn_append CFLAGS " $gl_unknown_warnings_are_errors -Wtype-limits" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + gl_cv_warn_c__Wtype_limits=yes +else + gl_cv_warn_c__Wtype_limits=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + CFLAGS="$gl_save_compiler_FLAGS" + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_warn_c__Wtype_limits" >&5 +$as_echo "$gl_cv_warn_c__Wtype_limits" >&6; } +if test "x$gl_cv_warn_c__Wtype_limits" = xyes; then : + as_fn_append WSTACK_CFLAGS " -Wtype-limits" +fi + + + + nw="$nw -Wsystem-headers" # Don't let system headers trigger warnings + nw="$nw -Wc++-compat" # We don't care about C++ compilers + nw="$nw -Wundef" # Warns on '#if GNULIB_FOO' etc in gnulib + nw="$nw -Wtraditional" # Warns on #elif which we use often + nw="$nw -Wpadded" # Our structs are not padded + nw="$nw -Wtraditional-conversion" # Too many warnings for now + nw="$nw -Wswitch-default" # Too many warnings for now + nw="$nw -Wformat-y2k" # Too many warnings for now + nw="$nw -Woverlength-strings" # We use some in tests/ + nw="$nw -Wvla" # There is no point to avoid C99 variable length arrays + nw="$nw -Wformat-nonliteral" # Incompatible with gettext _() + nw="$nw -Wformat-signedness" # Too many to handle + nw="$nw -Wstrict-overflow" + nw="$nw -Wmissing-noreturn" + nw="$nw -Winline" # Too compiler dependent + nw="$nw -Wsuggest-attribute=pure" # Is it worth using attributes? + nw="$nw -Wsuggest-attribute=const" # Is it worth using attributes? + nw="$nw -Wsuggest-attribute=noreturn" # Is it worth using attributes? + nw="$nw -Wstack-protector" # Some functions cannot be protected + nw="$nw -Wunsafe-loop-optimizations" # Warnings with no point + nw="$nw -Wredundant-decls" # Some files cannot be compiled with that (gl_fd_to_handle) + + + ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu + + + + if test -n "$GCC"; then + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether -Wno-missing-field-initializers is supported" >&5 +$as_echo_n "checking whether -Wno-missing-field-initializers is supported... " >&6; } +if ${gl_cv_cc_nomfi_supported+:} false; then : + $as_echo_n "(cached) " >&6 +else + gl_save_CFLAGS="$CFLAGS" + CFLAGS="$CFLAGS -W -Werror -Wno-missing-field-initializers" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + gl_cv_cc_nomfi_supported=yes +else + gl_cv_cc_nomfi_supported=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + CFLAGS="$gl_save_CFLAGS" + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_cc_nomfi_supported" >&5 +$as_echo "$gl_cv_cc_nomfi_supported" >&6; } + + if test "$gl_cv_cc_nomfi_supported" = yes; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether -Wno-missing-field-initializers is needed" >&5 +$as_echo_n "checking whether -Wno-missing-field-initializers is needed... " >&6; } +if ${gl_cv_cc_nomfi_needed+:} false; then : + $as_echo_n "(cached) " >&6 +else + gl_save_CFLAGS="$CFLAGS" + CFLAGS="$CFLAGS -W -Werror" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +int f (void) + { + typedef struct { int a; int b; } s_t; + s_t s1 = { 0, }; + return s1.b; + } + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + gl_cv_cc_nomfi_needed=no +else + gl_cv_cc_nomfi_needed=yes +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + CFLAGS="$gl_save_CFLAGS" + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_cc_nomfi_needed" >&5 +$as_echo "$gl_cv_cc_nomfi_needed" >&6; } + fi + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether -Wuninitialized is supported" >&5 +$as_echo_n "checking whether -Wuninitialized is supported... " >&6; } +if ${gl_cv_cc_uninitialized_supported+:} false; then : + $as_echo_n "(cached) " >&6 +else + gl_save_CFLAGS="$CFLAGS" + CFLAGS="$CFLAGS -Werror -Wuninitialized" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + gl_cv_cc_uninitialized_supported=yes +else + gl_cv_cc_uninitialized_supported=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + CFLAGS="$gl_save_CFLAGS" + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_cc_uninitialized_supported" >&5 +$as_echo "$gl_cv_cc_uninitialized_supported" >&6; } + + fi + + # List all gcc warning categories. + # To compare this list to your installed GCC's, run this Bash command: + # + # comm -3 \ + # <((sed -n 's/^ *\(-[^ 0-9][^ ]*\) .*/\1/p' manywarnings.m4; \ + # awk '/^[^#]/ {print ws}' ../build-aux/gcc-warning.spec) | sort) \ + # <(LC_ALL=C gcc --help=warnings | sed -n 's/^ \(-[^ ]*\) .*/\1/p' | sort) + + gl_manywarn_set= + for gl_manywarn_item in -fno-common \ + -W \ + -Wabsolute-value \ + -Waddress \ + -Waddress-of-packed-member \ + -Waggressive-loop-optimizations \ + -Wall \ + -Wattribute-warning \ + -Wattributes \ + -Wbad-function-cast \ + -Wbool-compare \ + -Wbool-operation \ + -Wbuiltin-declaration-mismatch \ + -Wbuiltin-macro-redefined \ + -Wcannot-profile \ + -Wcast-align \ + -Wcast-align=strict \ + -Wcast-function-type \ + -Wchar-subscripts \ + -Wclobbered \ + -Wcomment \ + -Wcomments \ + -Wcoverage-mismatch \ + -Wcpp \ + -Wdangling-else \ + -Wdate-time \ + -Wdeprecated \ + -Wdeprecated-declarations \ + -Wdesignated-init \ + -Wdisabled-optimization \ + -Wdiscarded-array-qualifiers \ + -Wdiscarded-qualifiers \ + -Wdiv-by-zero \ + -Wdouble-promotion \ + -Wduplicated-branches \ + -Wduplicated-cond \ + -Wduplicate-decl-specifier \ + -Wempty-body \ + -Wendif-labels \ + -Wenum-compare \ + -Wexpansion-to-defined \ + -Wextra \ + -Wformat-contains-nul \ + -Wformat-extra-args \ + -Wformat-nonliteral \ + -Wformat-security \ + -Wformat-signedness \ + -Wformat-y2k \ + -Wformat-zero-length \ + -Wframe-address \ + -Wfree-nonheap-object \ + -Whsa \ + -Wif-not-aligned \ + -Wignored-attributes \ + -Wignored-qualifiers \ + -Wimplicit \ + -Wimplicit-function-declaration \ + -Wimplicit-int \ + -Wincompatible-pointer-types \ + -Winit-self \ + -Winline \ + -Wint-conversion \ + -Wint-in-bool-context \ + -Wint-to-pointer-cast \ + -Winvalid-memory-model \ + -Winvalid-pch \ + -Wlogical-not-parentheses \ + -Wlogical-op \ + -Wmain \ + -Wmaybe-uninitialized \ + -Wmemset-elt-size \ + -Wmemset-transposed-args \ + -Wmisleading-indentation \ + -Wmissing-attributes \ + -Wmissing-braces \ + -Wmissing-declarations \ + -Wmissing-field-initializers \ + -Wmissing-include-dirs \ + -Wmissing-parameter-type \ + -Wmissing-profile \ + -Wmissing-prototypes \ + -Wmultichar \ + -Wmultistatement-macros \ + -Wnarrowing \ + -Wnested-externs \ + -Wnonnull \ + -Wnonnull-compare \ + -Wnull-dereference \ + -Wodr \ + -Wold-style-declaration \ + -Wold-style-definition \ + -Wopenmp-simd \ + -Woverflow \ + -Woverlength-strings \ + -Woverride-init \ + -Wpacked \ + -Wpacked-bitfield-compat \ + -Wpacked-not-aligned \ + -Wparentheses \ + -Wpointer-arith \ + -Wpointer-compare \ + -Wpointer-sign \ + -Wpointer-to-int-cast \ + -Wpragmas \ + -Wpsabi \ + -Wrestrict \ + -Wreturn-local-addr \ + -Wreturn-type \ + -Wscalar-storage-order \ + -Wsequence-point \ + -Wshadow \ + -Wshift-count-negative \ + -Wshift-count-overflow \ + -Wshift-negative-value \ + -Wsizeof-array-argument \ + -Wsizeof-pointer-div \ + -Wsizeof-pointer-memaccess \ + -Wstack-protector \ + -Wstrict-aliasing \ + -Wstrict-overflow \ + -Wstrict-prototypes \ + -Wstringop-truncation \ + -Wsuggest-attribute=cold \ + -Wsuggest-attribute=const \ + -Wsuggest-attribute=format \ + -Wsuggest-attribute=malloc \ + -Wsuggest-attribute=noreturn \ + -Wsuggest-attribute=pure \ + -Wsuggest-final-methods \ + -Wsuggest-final-types \ + -Wswitch \ + -Wswitch-bool \ + -Wswitch-unreachable \ + -Wsync-nand \ + -Wsystem-headers \ + -Wtautological-compare \ + -Wtrampolines \ + -Wtrigraphs \ + -Wtype-limits \ + -Wuninitialized \ + -Wunknown-pragmas \ + -Wunsafe-loop-optimizations \ + -Wunused \ + -Wunused-but-set-parameter \ + -Wunused-but-set-variable \ + -Wunused-function \ + -Wunused-label \ + -Wunused-local-typedefs \ + -Wunused-macros \ + -Wunused-parameter \ + -Wunused-result \ + -Wunused-value \ + -Wunused-variable \ + -Wvarargs \ + -Wvariadic-macros \ + -Wvector-operation-performance \ + -Wvla \ + -Wvolatile-register-var \ + -Wwrite-strings \ + \ + ; do + gl_manywarn_set="$gl_manywarn_set $gl_manywarn_item" + done + + # gcc --help=warnings outputs an unusual form for these options; list + # them here so that the above 'comm' command doesn't report a false match. + # Would prefer "min (PTRDIFF_MAX, SIZE_MAX)", but it must be a literal. + # Also, AC_COMPUTE_INT requires it to fit in a long; it is 2**63 on + # the only platforms where it does not fit in a long, so make that + # a special case. + { $as_echo "$as_me:${as_lineno-$LINENO}: checking max safe object size" >&5 +$as_echo_n "checking max safe object size... " >&6; } + if ac_fn_c_compute_int "$LINENO" "LONG_MAX < (PTRDIFF_MAX < (size_t) -1 ? PTRDIFF_MAX : (size_t) -1) + ? -1 + : PTRDIFF_MAX < (size_t) -1 ? (long) PTRDIFF_MAX : (long) (size_t) -1" "gl_alloc_max" "#include + #include + #include + "; then : + +else + gl_alloc_max=2147483647 +fi + + case $gl_alloc_max in + -1) gl_alloc_max=9223372036854775807;; + esac + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_alloc_max" >&5 +$as_echo "$gl_alloc_max" >&6; } + gl_manywarn_set="$gl_manywarn_set -Walloc-size-larger-than=$gl_alloc_max" + gl_manywarn_set="$gl_manywarn_set -Warray-bounds=2" + gl_manywarn_set="$gl_manywarn_set -Wattribute-alias=2" + gl_manywarn_set="$gl_manywarn_set -Wformat-overflow=2" + gl_manywarn_set="$gl_manywarn_set -Wformat-truncation=2" + gl_manywarn_set="$gl_manywarn_set -Wimplicit-fallthrough=5" + gl_manywarn_set="$gl_manywarn_set -Wnormalized=nfc" + gl_manywarn_set="$gl_manywarn_set -Wshift-overflow=2" + gl_manywarn_set="$gl_manywarn_set -Wstringop-overflow=2" + gl_manywarn_set="$gl_manywarn_set -Wunused-const-variable=2" + gl_manywarn_set="$gl_manywarn_set -Wvla-larger-than=4031" + + # These are needed for older GCC versions. + if test -n "$GCC"; then + case `($CC --version) 2>/dev/null` in + 'gcc (GCC) '[0-3].* | \ + 'gcc (GCC) '4.[0-7].*) + gl_manywarn_set="$gl_manywarn_set -fdiagnostics-show-option" + gl_manywarn_set="$gl_manywarn_set -funit-at-a-time" + ;; + esac + fi + + # Disable specific options as needed. + if test "$gl_cv_cc_nomfi_needed" = yes; then + gl_manywarn_set="$gl_manywarn_set -Wno-missing-field-initializers" + fi + + if test "$gl_cv_cc_uninitialized_supported" = no; then + gl_manywarn_set="$gl_manywarn_set -Wno-uninitialized" + fi + + ws=$gl_manywarn_set + + ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu + + + + gl_warn_set= + set x $ws; shift + for gl_warn_item + do + case " $nw " in + *" $gl_warn_item "*) + ;; + *) + gl_warn_set="$gl_warn_set $gl_warn_item" + ;; + esac + done + ws=$gl_warn_set + + for w in $ws; do + + +as_gl_Warn=`$as_echo "gl_cv_warn_c_$w" | $as_tr_sh` +gl_positive="$w" +case $gl_positive in + -Wno-*) gl_positive=-W`expr "X$gl_positive" : 'X-Wno-\(.*\)'` ;; +esac +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether C compiler handles $w" >&5 +$as_echo_n "checking whether C compiler handles $w... " >&6; } +if eval \${$as_gl_Warn+:} false; then : + $as_echo_n "(cached) " >&6 +else + + gl_save_compiler_FLAGS="$CFLAGS" + as_fn_append CFLAGS " $gl_unknown_warnings_are_errors $gl_positive" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + eval "$as_gl_Warn=yes" +else + eval "$as_gl_Warn=no" +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + CFLAGS="$gl_save_compiler_FLAGS" + +fi +eval ac_res=\$$as_gl_Warn + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 +$as_echo "$ac_res" >&6; } +if eval test \"x\$"$as_gl_Warn"\" = x"yes"; then : + as_fn_append WARN_CFLAGS " $w" +fi + + + done + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether C compiler handles -Wno-missing-field-initializers" >&5 +$as_echo_n "checking whether C compiler handles -Wno-missing-field-initializers... " >&6; } +if ${gl_cv_warn_c__Wno_missing_field_initializers+:} false; then : + $as_echo_n "(cached) " >&6 +else + + gl_save_compiler_FLAGS="$CFLAGS" + as_fn_append CFLAGS " $gl_unknown_warnings_are_errors -Wmissing-field-initializers" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + gl_cv_warn_c__Wno_missing_field_initializers=yes +else + gl_cv_warn_c__Wno_missing_field_initializers=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + CFLAGS="$gl_save_compiler_FLAGS" + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_warn_c__Wno_missing_field_initializers" >&5 +$as_echo "$gl_cv_warn_c__Wno_missing_field_initializers" >&6; } +if test "x$gl_cv_warn_c__Wno_missing_field_initializers" = xyes; then : + as_fn_append WARN_CFLAGS " -Wno-missing-field-initializers" +fi + + # We need this one + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether C compiler handles -Wno-unused-parameter" >&5 +$as_echo_n "checking whether C compiler handles -Wno-unused-parameter... " >&6; } +if ${gl_cv_warn_c__Wno_unused_parameter+:} false; then : + $as_echo_n "(cached) " >&6 +else + + gl_save_compiler_FLAGS="$CFLAGS" + as_fn_append CFLAGS " $gl_unknown_warnings_are_errors -Wunused-parameter" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + gl_cv_warn_c__Wno_unused_parameter=yes +else + gl_cv_warn_c__Wno_unused_parameter=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + CFLAGS="$gl_save_compiler_FLAGS" + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_warn_c__Wno_unused_parameter" >&5 +$as_echo "$gl_cv_warn_c__Wno_unused_parameter" >&6; } +if test "x$gl_cv_warn_c__Wno_unused_parameter" = xyes; then : + as_fn_append WARN_CFLAGS " -Wno-unused-parameter" +fi + + # Too many warnings for now + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether C compiler handles -Wno-format-truncation" >&5 +$as_echo_n "checking whether C compiler handles -Wno-format-truncation... " >&6; } +if ${gl_cv_warn_c__Wno_format_truncation+:} false; then : + $as_echo_n "(cached) " >&6 +else + + gl_save_compiler_FLAGS="$CFLAGS" + as_fn_append CFLAGS " $gl_unknown_warnings_are_errors -Wformat-truncation" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + gl_cv_warn_c__Wno_format_truncation=yes +else + gl_cv_warn_c__Wno_format_truncation=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + CFLAGS="$gl_save_compiler_FLAGS" + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_warn_c__Wno_format_truncation" >&5 +$as_echo "$gl_cv_warn_c__Wno_format_truncation" >&6; } +if test "x$gl_cv_warn_c__Wno_format_truncation" = xyes; then : + as_fn_append WARN_CFLAGS " -Wno-format-truncation" +fi + + # Many warnings with no point + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether C compiler handles -Wimplicit-fallthrough=2" >&5 +$as_echo_n "checking whether C compiler handles -Wimplicit-fallthrough=2... " >&6; } +if ${gl_cv_warn_c__Wimplicit_fallthrough_2+:} false; then : + $as_echo_n "(cached) " >&6 +else + + gl_save_compiler_FLAGS="$CFLAGS" + as_fn_append CFLAGS " $gl_unknown_warnings_are_errors -Wimplicit-fallthrough=2" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + gl_cv_warn_c__Wimplicit_fallthrough_2=yes +else + gl_cv_warn_c__Wimplicit_fallthrough_2=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + CFLAGS="$gl_save_compiler_FLAGS" + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_warn_c__Wimplicit_fallthrough_2" >&5 +$as_echo "$gl_cv_warn_c__Wimplicit_fallthrough_2" >&6; } +if test "x$gl_cv_warn_c__Wimplicit_fallthrough_2" = xyes; then : + as_fn_append WARN_CFLAGS " -Wimplicit-fallthrough=2" +fi + + + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether C compiler handles -Wabi=11" >&5 +$as_echo_n "checking whether C compiler handles -Wabi=11... " >&6; } +if ${gl_cv_warn_c__Wabi_11+:} false; then : + $as_echo_n "(cached) " >&6 +else + + gl_save_compiler_FLAGS="$CFLAGS" + as_fn_append CFLAGS " $gl_unknown_warnings_are_errors -Wabi=11" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + gl_cv_warn_c__Wabi_11=yes +else + gl_cv_warn_c__Wabi_11=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + CFLAGS="$gl_save_compiler_FLAGS" + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_warn_c__Wabi_11" >&5 +$as_echo "$gl_cv_warn_c__Wabi_11" >&6; } +if test "x$gl_cv_warn_c__Wabi_11" = xyes; then : + as_fn_append WARN_CFLAGS " -Wabi=11" +fi + + + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether C compiler handles -fdiagnostics-show-option" >&5 +$as_echo_n "checking whether C compiler handles -fdiagnostics-show-option... " >&6; } +if ${gl_cv_warn_c__fdiagnostics_show_option+:} false; then : + $as_echo_n "(cached) " >&6 +else + + gl_save_compiler_FLAGS="$CFLAGS" + as_fn_append CFLAGS " $gl_unknown_warnings_are_errors -fdiagnostics-show-option" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + gl_cv_warn_c__fdiagnostics_show_option=yes +else + gl_cv_warn_c__fdiagnostics_show_option=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + CFLAGS="$gl_save_compiler_FLAGS" + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_warn_c__fdiagnostics_show_option" >&5 +$as_echo "$gl_cv_warn_c__fdiagnostics_show_option" >&6; } +if test "x$gl_cv_warn_c__fdiagnostics_show_option" = xyes; then : + as_fn_append WARN_CFLAGS " -fdiagnostics-show-option" +fi + + +fi + + + + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether ln -s works" >&5 +$as_echo_n "checking whether ln -s works... " >&6; } +LN_S=$as_ln_s +if test "$LN_S" = "ln -s"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no, using $LN_S" >&5 +$as_echo "no, using $LN_S" >&6; } +fi + +case `pwd` in + *\ * | *\ *) + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Libtool does not cope well with whitespace in \`pwd\`" >&5 +$as_echo "$as_me: WARNING: Libtool does not cope well with whitespace in \`pwd\`" >&2;} ;; +esac + + + +macro_version='2.4.6' +macro_revision='2.4.6' + + + + + + + + + + + + + +ltmain=$ac_aux_dir/ltmain.sh + +# Backslashify metacharacters that are still active within +# double-quoted strings. +sed_quote_subst='s/\(["`$\\]\)/\\\1/g' + +# Same as above, but do not quote variable references. +double_quote_subst='s/\(["`\\]\)/\\\1/g' + +# Sed substitution to delay expansion of an escaped shell variable in a +# double_quote_subst'ed string. +delay_variable_subst='s/\\\\\\\\\\\$/\\\\\\$/g' + +# Sed substitution to delay expansion of an escaped single quote. +delay_single_quote_subst='s/'\''/'\'\\\\\\\'\''/g' + +# Sed substitution to avoid accidental globbing in evaled expressions +no_glob_subst='s/\*/\\\*/g' + +ECHO='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\' +ECHO=$ECHO$ECHO$ECHO$ECHO$ECHO +ECHO=$ECHO$ECHO$ECHO$ECHO$ECHO$ECHO + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking how to print strings" >&5 +$as_echo_n "checking how to print strings... " >&6; } +# Test print first, because it will be a builtin if present. +if test "X`( print -r -- -n ) 2>/dev/null`" = X-n && \ + test "X`print -r -- $ECHO 2>/dev/null`" = "X$ECHO"; then + ECHO='print -r --' +elif test "X`printf %s $ECHO 2>/dev/null`" = "X$ECHO"; then + ECHO='printf %s\n' +else + # Use this function as a fallback that always works. + func_fallback_echo () + { + eval 'cat <<_LTECHO_EOF +$1 +_LTECHO_EOF' + } + ECHO='func_fallback_echo' +fi + +# func_echo_all arg... +# Invoke $ECHO with all args, space-separated. +func_echo_all () +{ + $ECHO "" +} + +case $ECHO in + printf*) { $as_echo "$as_me:${as_lineno-$LINENO}: result: printf" >&5 +$as_echo "printf" >&6; } ;; + print*) { $as_echo "$as_me:${as_lineno-$LINENO}: result: print -r" >&5 +$as_echo "print -r" >&6; } ;; + *) { $as_echo "$as_me:${as_lineno-$LINENO}: result: cat" >&5 +$as_echo "cat" >&6; } ;; +esac + + + + + + + + + + + + + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for a sed that does not truncate output" >&5 +$as_echo_n "checking for a sed that does not truncate output... " >&6; } +if ${ac_cv_path_SED+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_script=s/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb/ + for ac_i in 1 2 3 4 5 6 7; do + ac_script="$ac_script$as_nl$ac_script" + done + echo "$ac_script" 2>/dev/null | sed 99q >conftest.sed + { ac_script=; unset ac_script;} + if test -z "$SED"; then + ac_path_SED_found=false + # Loop through the user's path and test for each of PROGNAME-LIST + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_prog in sed gsed; do + for ac_exec_ext in '' $ac_executable_extensions; do + ac_path_SED="$as_dir/$ac_prog$ac_exec_ext" + as_fn_executable_p "$ac_path_SED" || continue +# Check for GNU ac_path_SED and select it if it is found. + # Check for GNU $ac_path_SED +case `"$ac_path_SED" --version 2>&1` in +*GNU*) + ac_cv_path_SED="$ac_path_SED" ac_path_SED_found=:;; +*) + ac_count=0 + $as_echo_n 0123456789 >"conftest.in" + while : + do + cat "conftest.in" "conftest.in" >"conftest.tmp" + mv "conftest.tmp" "conftest.in" + cp "conftest.in" "conftest.nl" + $as_echo '' >> "conftest.nl" + "$ac_path_SED" -f conftest.sed < "conftest.nl" >"conftest.out" 2>/dev/null || break + diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break + as_fn_arith $ac_count + 1 && ac_count=$as_val + if test $ac_count -gt ${ac_path_SED_max-0}; then + # Best one so far, save it but keep looking for a better one + ac_cv_path_SED="$ac_path_SED" + ac_path_SED_max=$ac_count + fi + # 10*(2^10) chars as input seems more than enough + test $ac_count -gt 10 && break + done + rm -f conftest.in conftest.tmp conftest.nl conftest.out;; +esac + + $ac_path_SED_found && break 3 + done + done + done +IFS=$as_save_IFS + if test -z "$ac_cv_path_SED"; then + as_fn_error $? "no acceptable sed could be found in \$PATH" "$LINENO" 5 + fi +else + ac_cv_path_SED=$SED +fi + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_SED" >&5 +$as_echo "$ac_cv_path_SED" >&6; } + SED="$ac_cv_path_SED" + rm -f conftest.sed + +test -z "$SED" && SED=sed +Xsed="$SED -e 1s/^X//" + + + + + + + + + + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for fgrep" >&5 +$as_echo_n "checking for fgrep... " >&6; } +if ${ac_cv_path_FGREP+:} false; then : + $as_echo_n "(cached) " >&6 +else + if echo 'ab*c' | $GREP -F 'ab*c' >/dev/null 2>&1 + then ac_cv_path_FGREP="$GREP -F" + else + if test -z "$FGREP"; then + ac_path_FGREP_found=false + # Loop through the user's path and test for each of PROGNAME-LIST + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_prog in fgrep; do + for ac_exec_ext in '' $ac_executable_extensions; do + ac_path_FGREP="$as_dir/$ac_prog$ac_exec_ext" + as_fn_executable_p "$ac_path_FGREP" || continue +# Check for GNU ac_path_FGREP and select it if it is found. + # Check for GNU $ac_path_FGREP +case `"$ac_path_FGREP" --version 2>&1` in +*GNU*) + ac_cv_path_FGREP="$ac_path_FGREP" ac_path_FGREP_found=:;; +*) + ac_count=0 + $as_echo_n 0123456789 >"conftest.in" + while : + do + cat "conftest.in" "conftest.in" >"conftest.tmp" + mv "conftest.tmp" "conftest.in" + cp "conftest.in" "conftest.nl" + $as_echo 'FGREP' >> "conftest.nl" + "$ac_path_FGREP" FGREP < "conftest.nl" >"conftest.out" 2>/dev/null || break + diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break + as_fn_arith $ac_count + 1 && ac_count=$as_val + if test $ac_count -gt ${ac_path_FGREP_max-0}; then + # Best one so far, save it but keep looking for a better one + ac_cv_path_FGREP="$ac_path_FGREP" + ac_path_FGREP_max=$ac_count + fi + # 10*(2^10) chars as input seems more than enough + test $ac_count -gt 10 && break + done + rm -f conftest.in conftest.tmp conftest.nl conftest.out;; +esac + + $ac_path_FGREP_found && break 3 + done + done + done +IFS=$as_save_IFS + if test -z "$ac_cv_path_FGREP"; then + as_fn_error $? "no acceptable fgrep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5 + fi +else + ac_cv_path_FGREP=$FGREP +fi + + fi +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_FGREP" >&5 +$as_echo "$ac_cv_path_FGREP" >&6; } + FGREP="$ac_cv_path_FGREP" + + +test -z "$GREP" && GREP=grep + + + + + + + + + + + + + + + + + + + +# Check whether --with-gnu-ld was given. +if test "${with_gnu_ld+set}" = set; then : + withval=$with_gnu_ld; test no = "$withval" || with_gnu_ld=yes +else + with_gnu_ld=no +fi + +ac_prog=ld +if test yes = "$GCC"; then + # Check if gcc -print-prog-name=ld gives a path. + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ld used by $CC" >&5 +$as_echo_n "checking for ld used by $CC... " >&6; } + case $host in + *-*-mingw*) + # gcc leaves a trailing carriage return, which upsets mingw + ac_prog=`($CC -print-prog-name=ld) 2>&5 | tr -d '\015'` ;; + *) + ac_prog=`($CC -print-prog-name=ld) 2>&5` ;; + esac + case $ac_prog in + # Accept absolute paths. + [\\/]* | ?:[\\/]*) + re_direlt='/[^/][^/]*/\.\./' + # Canonicalize the pathname of ld + ac_prog=`$ECHO "$ac_prog"| $SED 's%\\\\%/%g'` + while $ECHO "$ac_prog" | $GREP "$re_direlt" > /dev/null 2>&1; do + ac_prog=`$ECHO $ac_prog| $SED "s%$re_direlt%/%"` + done + test -z "$LD" && LD=$ac_prog + ;; + "") + # If it fails, then pretend we aren't using GCC. + ac_prog=ld + ;; + *) + # If it is relative, then search for the first ld in PATH. + with_gnu_ld=unknown + ;; + esac +elif test yes = "$with_gnu_ld"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for GNU ld" >&5 +$as_echo_n "checking for GNU ld... " >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for non-GNU ld" >&5 +$as_echo_n "checking for non-GNU ld... " >&6; } +fi +if ${lt_cv_path_LD+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -z "$LD"; then + lt_save_ifs=$IFS; IFS=$PATH_SEPARATOR + for ac_dir in $PATH; do + IFS=$lt_save_ifs + test -z "$ac_dir" && ac_dir=. + if test -f "$ac_dir/$ac_prog" || test -f "$ac_dir/$ac_prog$ac_exeext"; then + lt_cv_path_LD=$ac_dir/$ac_prog + # Check to see if the program is GNU ld. I'd rather use --version, + # but apparently some variants of GNU ld only accept -v. + # Break only if it was the GNU/non-GNU ld that we prefer. + case `"$lt_cv_path_LD" -v 2>&1 &5 +$as_echo "$LD" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi +test -z "$LD" && as_fn_error $? "no acceptable ld found in \$PATH" "$LINENO" 5 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if the linker ($LD) is GNU ld" >&5 +$as_echo_n "checking if the linker ($LD) is GNU ld... " >&6; } +if ${lt_cv_prog_gnu_ld+:} false; then : + $as_echo_n "(cached) " >&6 +else + # I'd rather use --version here, but apparently some GNU lds only accept -v. +case `$LD -v 2>&1 &5 +$as_echo "$lt_cv_prog_gnu_ld" >&6; } +with_gnu_ld=$lt_cv_prog_gnu_ld + + + + + + + + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for BSD- or MS-compatible name lister (nm)" >&5 +$as_echo_n "checking for BSD- or MS-compatible name lister (nm)... " >&6; } +if ${lt_cv_path_NM+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$NM"; then + # Let the user override the test. + lt_cv_path_NM=$NM +else + lt_nm_to_check=${ac_tool_prefix}nm + if test -n "$ac_tool_prefix" && test "$build" = "$host"; then + lt_nm_to_check="$lt_nm_to_check nm" + fi + for lt_tmp_nm in $lt_nm_to_check; do + lt_save_ifs=$IFS; IFS=$PATH_SEPARATOR + for ac_dir in $PATH /usr/ccs/bin/elf /usr/ccs/bin /usr/ucb /bin; do + IFS=$lt_save_ifs + test -z "$ac_dir" && ac_dir=. + tmp_nm=$ac_dir/$lt_tmp_nm + if test -f "$tmp_nm" || test -f "$tmp_nm$ac_exeext"; then + # Check to see if the nm accepts a BSD-compat flag. + # Adding the 'sed 1q' prevents false positives on HP-UX, which says: + # nm: unknown option "B" ignored + # Tru64's nm complains that /dev/null is an invalid object file + # MSYS converts /dev/null to NUL, MinGW nm treats NUL as empty + case $build_os in + mingw*) lt_bad_file=conftest.nm/nofile ;; + *) lt_bad_file=/dev/null ;; + esac + case `"$tmp_nm" -B $lt_bad_file 2>&1 | sed '1q'` in + *$lt_bad_file* | *'Invalid file or object type'*) + lt_cv_path_NM="$tmp_nm -B" + break 2 + ;; + *) + case `"$tmp_nm" -p /dev/null 2>&1 | sed '1q'` in + */dev/null*) + lt_cv_path_NM="$tmp_nm -p" + break 2 + ;; + *) + lt_cv_path_NM=${lt_cv_path_NM="$tmp_nm"} # keep the first match, but + continue # so that we can try to find one that supports BSD flags + ;; + esac + ;; + esac + fi + done + IFS=$lt_save_ifs + done + : ${lt_cv_path_NM=no} +fi +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_path_NM" >&5 +$as_echo "$lt_cv_path_NM" >&6; } +if test no != "$lt_cv_path_NM"; then + NM=$lt_cv_path_NM +else + # Didn't find any BSD compatible name lister, look for dumpbin. + if test -n "$DUMPBIN"; then : + # Let the user override the test. + else + if test -n "$ac_tool_prefix"; then + for ac_prog in dumpbin "link -dump" + do + # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args. +set dummy $ac_tool_prefix$ac_prog; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_DUMPBIN+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$DUMPBIN"; then + ac_cv_prog_DUMPBIN="$DUMPBIN" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_DUMPBIN="$ac_tool_prefix$ac_prog" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +DUMPBIN=$ac_cv_prog_DUMPBIN +if test -n "$DUMPBIN"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $DUMPBIN" >&5 +$as_echo "$DUMPBIN" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + + test -n "$DUMPBIN" && break + done +fi +if test -z "$DUMPBIN"; then + ac_ct_DUMPBIN=$DUMPBIN + for ac_prog in dumpbin "link -dump" +do + # Extract the first word of "$ac_prog", so it can be a program name with args. +set dummy $ac_prog; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_ac_ct_DUMPBIN+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$ac_ct_DUMPBIN"; then + ac_cv_prog_ac_ct_DUMPBIN="$ac_ct_DUMPBIN" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_ac_ct_DUMPBIN="$ac_prog" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +ac_ct_DUMPBIN=$ac_cv_prog_ac_ct_DUMPBIN +if test -n "$ac_ct_DUMPBIN"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_DUMPBIN" >&5 +$as_echo "$ac_ct_DUMPBIN" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + + test -n "$ac_ct_DUMPBIN" && break +done + + if test "x$ac_ct_DUMPBIN" = x; then + DUMPBIN=":" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +ac_tool_warned=yes ;; +esac + DUMPBIN=$ac_ct_DUMPBIN + fi +fi + + case `$DUMPBIN -symbols -headers /dev/null 2>&1 | sed '1q'` in + *COFF*) + DUMPBIN="$DUMPBIN -symbols -headers" + ;; + *) + DUMPBIN=: + ;; + esac + fi + + if test : != "$DUMPBIN"; then + NM=$DUMPBIN + fi +fi +test -z "$NM" && NM=nm + + + + + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking the name lister ($NM) interface" >&5 +$as_echo_n "checking the name lister ($NM) interface... " >&6; } +if ${lt_cv_nm_interface+:} false; then : + $as_echo_n "(cached) " >&6 +else + lt_cv_nm_interface="BSD nm" + echo "int some_variable = 0;" > conftest.$ac_ext + (eval echo "\"\$as_me:$LINENO: $ac_compile\"" >&5) + (eval "$ac_compile" 2>conftest.err) + cat conftest.err >&5 + (eval echo "\"\$as_me:$LINENO: $NM \\\"conftest.$ac_objext\\\"\"" >&5) + (eval "$NM \"conftest.$ac_objext\"" 2>conftest.err > conftest.out) + cat conftest.err >&5 + (eval echo "\"\$as_me:$LINENO: output\"" >&5) + cat conftest.out >&5 + if $GREP 'External.*some_variable' conftest.out > /dev/null; then + lt_cv_nm_interface="MS dumpbin" + fi + rm -f conftest* +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_nm_interface" >&5 +$as_echo "$lt_cv_nm_interface" >&6; } + +# find the maximum length of command line arguments +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking the maximum length of command line arguments" >&5 +$as_echo_n "checking the maximum length of command line arguments... " >&6; } +if ${lt_cv_sys_max_cmd_len+:} false; then : + $as_echo_n "(cached) " >&6 +else + i=0 + teststring=ABCD + + case $build_os in + msdosdjgpp*) + # On DJGPP, this test can blow up pretty badly due to problems in libc + # (any single argument exceeding 2000 bytes causes a buffer overrun + # during glob expansion). Even if it were fixed, the result of this + # check would be larger than it should be. + lt_cv_sys_max_cmd_len=12288; # 12K is about right + ;; + + gnu*) + # Under GNU Hurd, this test is not required because there is + # no limit to the length of command line arguments. + # Libtool will interpret -1 as no limit whatsoever + lt_cv_sys_max_cmd_len=-1; + ;; + + cygwin* | mingw* | cegcc*) + # On Win9x/ME, this test blows up -- it succeeds, but takes + # about 5 minutes as the teststring grows exponentially. + # Worse, since 9x/ME are not pre-emptively multitasking, + # you end up with a "frozen" computer, even though with patience + # the test eventually succeeds (with a max line length of 256k). + # Instead, let's just punt: use the minimum linelength reported by + # all of the supported platforms: 8192 (on NT/2K/XP). + lt_cv_sys_max_cmd_len=8192; + ;; + + mint*) + # On MiNT this can take a long time and run out of memory. + lt_cv_sys_max_cmd_len=8192; + ;; + + amigaos*) + # On AmigaOS with pdksh, this test takes hours, literally. + # So we just punt and use a minimum line length of 8192. + lt_cv_sys_max_cmd_len=8192; + ;; + + bitrig* | darwin* | dragonfly* | freebsd* | netbsd* | openbsd*) + # This has been around since 386BSD, at least. Likely further. + if test -x /sbin/sysctl; then + lt_cv_sys_max_cmd_len=`/sbin/sysctl -n kern.argmax` + elif test -x /usr/sbin/sysctl; then + lt_cv_sys_max_cmd_len=`/usr/sbin/sysctl -n kern.argmax` + else + lt_cv_sys_max_cmd_len=65536 # usable default for all BSDs + fi + # And add a safety zone + lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 4` + lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \* 3` + ;; + + interix*) + # We know the value 262144 and hardcode it with a safety zone (like BSD) + lt_cv_sys_max_cmd_len=196608 + ;; + + os2*) + # The test takes a long time on OS/2. + lt_cv_sys_max_cmd_len=8192 + ;; + + osf*) + # Dr. Hans Ekkehard Plesser reports seeing a kernel panic running configure + # due to this test when exec_disable_arg_limit is 1 on Tru64. It is not + # nice to cause kernel panics so lets avoid the loop below. + # First set a reasonable default. + lt_cv_sys_max_cmd_len=16384 + # + if test -x /sbin/sysconfig; then + case `/sbin/sysconfig -q proc exec_disable_arg_limit` in + *1*) lt_cv_sys_max_cmd_len=-1 ;; + esac + fi + ;; + sco3.2v5*) + lt_cv_sys_max_cmd_len=102400 + ;; + sysv5* | sco5v6* | sysv4.2uw2*) + kargmax=`grep ARG_MAX /etc/conf/cf.d/stune 2>/dev/null` + if test -n "$kargmax"; then + lt_cv_sys_max_cmd_len=`echo $kargmax | sed 's/.*[ ]//'` + else + lt_cv_sys_max_cmd_len=32768 + fi + ;; + *) + lt_cv_sys_max_cmd_len=`(getconf ARG_MAX) 2> /dev/null` + if test -n "$lt_cv_sys_max_cmd_len" && \ + test undefined != "$lt_cv_sys_max_cmd_len"; then + lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 4` + lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \* 3` + else + # Make teststring a little bigger before we do anything with it. + # a 1K string should be a reasonable start. + for i in 1 2 3 4 5 6 7 8; do + teststring=$teststring$teststring + done + SHELL=${SHELL-${CONFIG_SHELL-/bin/sh}} + # If test is not a shell built-in, we'll probably end up computing a + # maximum length that is only half of the actual maximum length, but + # we can't tell. + while { test X`env echo "$teststring$teststring" 2>/dev/null` \ + = "X$teststring$teststring"; } >/dev/null 2>&1 && + test 17 != "$i" # 1/2 MB should be enough + do + i=`expr $i + 1` + teststring=$teststring$teststring + done + # Only check the string length outside the loop. + lt_cv_sys_max_cmd_len=`expr "X$teststring" : ".*" 2>&1` + teststring= + # Add a significant safety factor because C++ compilers can tack on + # massive amounts of additional arguments before passing them to the + # linker. It appears as though 1/2 is a usable value. + lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 2` + fi + ;; + esac + +fi + +if test -n "$lt_cv_sys_max_cmd_len"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_sys_max_cmd_len" >&5 +$as_echo "$lt_cv_sys_max_cmd_len" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: none" >&5 +$as_echo "none" >&6; } +fi +max_cmd_len=$lt_cv_sys_max_cmd_len + + + + + + +: ${CP="cp -f"} +: ${MV="mv -f"} +: ${RM="rm -f"} + +if ( (MAIL=60; unset MAIL) || exit) >/dev/null 2>&1; then + lt_unset=unset +else + lt_unset=false +fi + + + + + +# test EBCDIC or ASCII +case `echo X|tr X '\101'` in + A) # ASCII based system + # \n is not interpreted correctly by Solaris 8 /usr/ucb/tr + lt_SP2NL='tr \040 \012' + lt_NL2SP='tr \015\012 \040\040' + ;; + *) # EBCDIC based system + lt_SP2NL='tr \100 \n' + lt_NL2SP='tr \r\n \100\100' + ;; +esac + + + + + + + + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking how to convert $build file names to $host format" >&5 +$as_echo_n "checking how to convert $build file names to $host format... " >&6; } +if ${lt_cv_to_host_file_cmd+:} false; then : + $as_echo_n "(cached) " >&6 +else + case $host in + *-*-mingw* ) + case $build in + *-*-mingw* ) # actually msys + lt_cv_to_host_file_cmd=func_convert_file_msys_to_w32 + ;; + *-*-cygwin* ) + lt_cv_to_host_file_cmd=func_convert_file_cygwin_to_w32 + ;; + * ) # otherwise, assume *nix + lt_cv_to_host_file_cmd=func_convert_file_nix_to_w32 + ;; + esac + ;; + *-*-cygwin* ) + case $build in + *-*-mingw* ) # actually msys + lt_cv_to_host_file_cmd=func_convert_file_msys_to_cygwin + ;; + *-*-cygwin* ) + lt_cv_to_host_file_cmd=func_convert_file_noop + ;; + * ) # otherwise, assume *nix + lt_cv_to_host_file_cmd=func_convert_file_nix_to_cygwin + ;; + esac + ;; + * ) # unhandled hosts (and "normal" native builds) + lt_cv_to_host_file_cmd=func_convert_file_noop + ;; +esac + +fi + +to_host_file_cmd=$lt_cv_to_host_file_cmd +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_to_host_file_cmd" >&5 +$as_echo "$lt_cv_to_host_file_cmd" >&6; } + + + + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking how to convert $build file names to toolchain format" >&5 +$as_echo_n "checking how to convert $build file names to toolchain format... " >&6; } +if ${lt_cv_to_tool_file_cmd+:} false; then : + $as_echo_n "(cached) " >&6 +else + #assume ordinary cross tools, or native build. +lt_cv_to_tool_file_cmd=func_convert_file_noop +case $host in + *-*-mingw* ) + case $build in + *-*-mingw* ) # actually msys + lt_cv_to_tool_file_cmd=func_convert_file_msys_to_w32 + ;; + esac + ;; +esac + +fi + +to_tool_file_cmd=$lt_cv_to_tool_file_cmd +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_to_tool_file_cmd" >&5 +$as_echo "$lt_cv_to_tool_file_cmd" >&6; } + + + + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $LD option to reload object files" >&5 +$as_echo_n "checking for $LD option to reload object files... " >&6; } +if ${lt_cv_ld_reload_flag+:} false; then : + $as_echo_n "(cached) " >&6 +else + lt_cv_ld_reload_flag='-r' +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_ld_reload_flag" >&5 +$as_echo "$lt_cv_ld_reload_flag" >&6; } +reload_flag=$lt_cv_ld_reload_flag +case $reload_flag in +"" | " "*) ;; +*) reload_flag=" $reload_flag" ;; +esac +reload_cmds='$LD$reload_flag -o $output$reload_objs' +case $host_os in + cygwin* | mingw* | pw32* | cegcc*) + if test yes != "$GCC"; then + reload_cmds=false + fi + ;; + darwin*) + if test yes = "$GCC"; then + reload_cmds='$LTCC $LTCFLAGS -nostdlib $wl-r -o $output$reload_objs' + else + reload_cmds='$LD$reload_flag -o $output$reload_objs' + fi + ;; +esac + + + + + + + + + +if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}objdump", so it can be a program name with args. +set dummy ${ac_tool_prefix}objdump; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_OBJDUMP+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$OBJDUMP"; then + ac_cv_prog_OBJDUMP="$OBJDUMP" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_OBJDUMP="${ac_tool_prefix}objdump" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +OBJDUMP=$ac_cv_prog_OBJDUMP +if test -n "$OBJDUMP"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $OBJDUMP" >&5 +$as_echo "$OBJDUMP" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + +fi +if test -z "$ac_cv_prog_OBJDUMP"; then + ac_ct_OBJDUMP=$OBJDUMP + # Extract the first word of "objdump", so it can be a program name with args. +set dummy objdump; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_ac_ct_OBJDUMP+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$ac_ct_OBJDUMP"; then + ac_cv_prog_ac_ct_OBJDUMP="$ac_ct_OBJDUMP" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_ac_ct_OBJDUMP="objdump" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +ac_ct_OBJDUMP=$ac_cv_prog_ac_ct_OBJDUMP +if test -n "$ac_ct_OBJDUMP"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_OBJDUMP" >&5 +$as_echo "$ac_ct_OBJDUMP" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + if test "x$ac_ct_OBJDUMP" = x; then + OBJDUMP="false" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +ac_tool_warned=yes ;; +esac + OBJDUMP=$ac_ct_OBJDUMP + fi +else + OBJDUMP="$ac_cv_prog_OBJDUMP" +fi + +test -z "$OBJDUMP" && OBJDUMP=objdump + + + + + + + + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking how to recognize dependent libraries" >&5 +$as_echo_n "checking how to recognize dependent libraries... " >&6; } +if ${lt_cv_deplibs_check_method+:} false; then : + $as_echo_n "(cached) " >&6 +else + lt_cv_file_magic_cmd='$MAGIC_CMD' +lt_cv_file_magic_test_file= +lt_cv_deplibs_check_method='unknown' +# Need to set the preceding variable on all platforms that support +# interlibrary dependencies. +# 'none' -- dependencies not supported. +# 'unknown' -- same as none, but documents that we really don't know. +# 'pass_all' -- all dependencies passed with no checks. +# 'test_compile' -- check by making test program. +# 'file_magic [[regex]]' -- check by looking for files in library path +# that responds to the $file_magic_cmd with a given extended regex. +# If you have 'file' or equivalent on your system and you're not sure +# whether 'pass_all' will *always* work, you probably want this one. + +case $host_os in +aix[4-9]*) + lt_cv_deplibs_check_method=pass_all + ;; + +beos*) + lt_cv_deplibs_check_method=pass_all + ;; + +bsdi[45]*) + lt_cv_deplibs_check_method='file_magic ELF [0-9][0-9]*-bit [ML]SB (shared object|dynamic lib)' + lt_cv_file_magic_cmd='/usr/bin/file -L' + lt_cv_file_magic_test_file=/shlib/libc.so + ;; + +cygwin*) + # func_win32_libid is a shell function defined in ltmain.sh + lt_cv_deplibs_check_method='file_magic ^x86 archive import|^x86 DLL' + lt_cv_file_magic_cmd='func_win32_libid' + ;; + +mingw* | pw32*) + # Base MSYS/MinGW do not provide the 'file' command needed by + # func_win32_libid shell function, so use a weaker test based on 'objdump', + # unless we find 'file', for example because we are cross-compiling. + if ( file / ) >/dev/null 2>&1; then + lt_cv_deplibs_check_method='file_magic ^x86 archive import|^x86 DLL' + lt_cv_file_magic_cmd='func_win32_libid' + else + # Keep this pattern in sync with the one in func_win32_libid. + lt_cv_deplibs_check_method='file_magic file format (pei*-i386(.*architecture: i386)?|pe-arm-wince|pe-x86-64)' + lt_cv_file_magic_cmd='$OBJDUMP -f' + fi + ;; + +cegcc*) + # use the weaker test based on 'objdump'. See mingw*. + lt_cv_deplibs_check_method='file_magic file format pe-arm-.*little(.*architecture: arm)?' + lt_cv_file_magic_cmd='$OBJDUMP -f' + ;; + +darwin* | rhapsody*) + lt_cv_deplibs_check_method=pass_all + ;; + +freebsd* | dragonfly*) + if echo __ELF__ | $CC -E - | $GREP __ELF__ > /dev/null; then + case $host_cpu in + i*86 ) + # Not sure whether the presence of OpenBSD here was a mistake. + # Let's accept both of them until this is cleared up. + lt_cv_deplibs_check_method='file_magic (FreeBSD|OpenBSD|DragonFly)/i[3-9]86 (compact )?demand paged shared library' + lt_cv_file_magic_cmd=/usr/bin/file + lt_cv_file_magic_test_file=`echo /usr/lib/libc.so.*` + ;; + esac + else + lt_cv_deplibs_check_method=pass_all + fi + ;; + +haiku*) + lt_cv_deplibs_check_method=pass_all + ;; + +hpux10.20* | hpux11*) + lt_cv_file_magic_cmd=/usr/bin/file + case $host_cpu in + ia64*) + lt_cv_deplibs_check_method='file_magic (s[0-9][0-9][0-9]|ELF-[0-9][0-9]) shared object file - IA64' + lt_cv_file_magic_test_file=/usr/lib/hpux32/libc.so + ;; + hppa*64*) + lt_cv_deplibs_check_method='file_magic (s[0-9][0-9][0-9]|ELF[ -][0-9][0-9])(-bit)?( [LM]SB)? shared object( file)?[, -]* PA-RISC [0-9]\.[0-9]' + lt_cv_file_magic_test_file=/usr/lib/pa20_64/libc.sl + ;; + *) + lt_cv_deplibs_check_method='file_magic (s[0-9][0-9][0-9]|PA-RISC[0-9]\.[0-9]) shared library' + lt_cv_file_magic_test_file=/usr/lib/libc.sl + ;; + esac + ;; + +interix[3-9]*) + # PIC code is broken on Interix 3.x, that's why |\.a not |_pic\.a here + lt_cv_deplibs_check_method='match_pattern /lib[^/]+(\.so|\.a)$' + ;; + +irix5* | irix6* | nonstopux*) + case $LD in + *-32|*"-32 ") libmagic=32-bit;; + *-n32|*"-n32 ") libmagic=N32;; + *-64|*"-64 ") libmagic=64-bit;; + *) libmagic=never-match;; + esac + lt_cv_deplibs_check_method=pass_all + ;; + +# This must be glibc/ELF. +linux* | k*bsd*-gnu | kopensolaris*-gnu | gnu*) + lt_cv_deplibs_check_method=pass_all + ;; + +netbsd* | netbsdelf*-gnu) + if echo __ELF__ | $CC -E - | $GREP __ELF__ > /dev/null; then + lt_cv_deplibs_check_method='match_pattern /lib[^/]+(\.so\.[0-9]+\.[0-9]+|_pic\.a)$' + else + lt_cv_deplibs_check_method='match_pattern /lib[^/]+(\.so|_pic\.a)$' + fi + ;; + +newos6*) + lt_cv_deplibs_check_method='file_magic ELF [0-9][0-9]*-bit [ML]SB (executable|dynamic lib)' + lt_cv_file_magic_cmd=/usr/bin/file + lt_cv_file_magic_test_file=/usr/lib/libnls.so + ;; + +*nto* | *qnx*) + lt_cv_deplibs_check_method=pass_all + ;; + +openbsd* | bitrig*) + if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`"; then + lt_cv_deplibs_check_method='match_pattern /lib[^/]+(\.so\.[0-9]+\.[0-9]+|\.so|_pic\.a)$' + else + lt_cv_deplibs_check_method='match_pattern /lib[^/]+(\.so\.[0-9]+\.[0-9]+|_pic\.a)$' + fi + ;; + +osf3* | osf4* | osf5*) + lt_cv_deplibs_check_method=pass_all + ;; + +rdos*) + lt_cv_deplibs_check_method=pass_all + ;; + +solaris*) + lt_cv_deplibs_check_method=pass_all + ;; + +sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*) + lt_cv_deplibs_check_method=pass_all + ;; + +sysv4 | sysv4.3*) + case $host_vendor in + motorola) + lt_cv_deplibs_check_method='file_magic ELF [0-9][0-9]*-bit [ML]SB (shared object|dynamic lib) M[0-9][0-9]* Version [0-9]' + lt_cv_file_magic_test_file=`echo /usr/lib/libc.so*` + ;; + ncr) + lt_cv_deplibs_check_method=pass_all + ;; + sequent) + lt_cv_file_magic_cmd='/bin/file' + lt_cv_deplibs_check_method='file_magic ELF [0-9][0-9]*-bit [LM]SB (shared object|dynamic lib )' + ;; + sni) + lt_cv_file_magic_cmd='/bin/file' + lt_cv_deplibs_check_method="file_magic ELF [0-9][0-9]*-bit [LM]SB dynamic lib" + lt_cv_file_magic_test_file=/lib/libc.so + ;; + siemens) + lt_cv_deplibs_check_method=pass_all + ;; + pc) + lt_cv_deplibs_check_method=pass_all + ;; + esac + ;; + +tpf*) + lt_cv_deplibs_check_method=pass_all + ;; +os2*) + lt_cv_deplibs_check_method=pass_all + ;; +esac + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_deplibs_check_method" >&5 +$as_echo "$lt_cv_deplibs_check_method" >&6; } + +file_magic_glob= +want_nocaseglob=no +if test "$build" = "$host"; then + case $host_os in + mingw* | pw32*) + if ( shopt | grep nocaseglob ) >/dev/null 2>&1; then + want_nocaseglob=yes + else + file_magic_glob=`echo aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ | $SED -e "s/\(..\)/s\/[\1]\/[\1]\/g;/g"` + fi + ;; + esac +fi + +file_magic_cmd=$lt_cv_file_magic_cmd +deplibs_check_method=$lt_cv_deplibs_check_method +test -z "$deplibs_check_method" && deplibs_check_method=unknown + + + + + + + + + + + + + + + + + + + + + + +if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}dlltool", so it can be a program name with args. +set dummy ${ac_tool_prefix}dlltool; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_DLLTOOL+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$DLLTOOL"; then + ac_cv_prog_DLLTOOL="$DLLTOOL" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_DLLTOOL="${ac_tool_prefix}dlltool" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +DLLTOOL=$ac_cv_prog_DLLTOOL +if test -n "$DLLTOOL"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $DLLTOOL" >&5 +$as_echo "$DLLTOOL" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + +fi +if test -z "$ac_cv_prog_DLLTOOL"; then + ac_ct_DLLTOOL=$DLLTOOL + # Extract the first word of "dlltool", so it can be a program name with args. +set dummy dlltool; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_ac_ct_DLLTOOL+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$ac_ct_DLLTOOL"; then + ac_cv_prog_ac_ct_DLLTOOL="$ac_ct_DLLTOOL" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_ac_ct_DLLTOOL="dlltool" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +ac_ct_DLLTOOL=$ac_cv_prog_ac_ct_DLLTOOL +if test -n "$ac_ct_DLLTOOL"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_DLLTOOL" >&5 +$as_echo "$ac_ct_DLLTOOL" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + if test "x$ac_ct_DLLTOOL" = x; then + DLLTOOL="false" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +ac_tool_warned=yes ;; +esac + DLLTOOL=$ac_ct_DLLTOOL + fi +else + DLLTOOL="$ac_cv_prog_DLLTOOL" +fi + +test -z "$DLLTOOL" && DLLTOOL=dlltool + + + + + + + + + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking how to associate runtime and link libraries" >&5 +$as_echo_n "checking how to associate runtime and link libraries... " >&6; } +if ${lt_cv_sharedlib_from_linklib_cmd+:} false; then : + $as_echo_n "(cached) " >&6 +else + lt_cv_sharedlib_from_linklib_cmd='unknown' + +case $host_os in +cygwin* | mingw* | pw32* | cegcc*) + # two different shell functions defined in ltmain.sh; + # decide which one to use based on capabilities of $DLLTOOL + case `$DLLTOOL --help 2>&1` in + *--identify-strict*) + lt_cv_sharedlib_from_linklib_cmd=func_cygming_dll_for_implib + ;; + *) + lt_cv_sharedlib_from_linklib_cmd=func_cygming_dll_for_implib_fallback + ;; + esac + ;; +*) + # fallback: assume linklib IS sharedlib + lt_cv_sharedlib_from_linklib_cmd=$ECHO + ;; +esac + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_sharedlib_from_linklib_cmd" >&5 +$as_echo "$lt_cv_sharedlib_from_linklib_cmd" >&6; } +sharedlib_from_linklib_cmd=$lt_cv_sharedlib_from_linklib_cmd +test -z "$sharedlib_from_linklib_cmd" && sharedlib_from_linklib_cmd=$ECHO + + + + + + + +if test -n "$ac_tool_prefix"; then + for ac_prog in ar + do + # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args. +set dummy $ac_tool_prefix$ac_prog; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_AR+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$AR"; then + ac_cv_prog_AR="$AR" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_AR="$ac_tool_prefix$ac_prog" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +AR=$ac_cv_prog_AR +if test -n "$AR"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $AR" >&5 +$as_echo "$AR" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + + test -n "$AR" && break + done +fi +if test -z "$AR"; then + ac_ct_AR=$AR + for ac_prog in ar +do + # Extract the first word of "$ac_prog", so it can be a program name with args. +set dummy $ac_prog; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_ac_ct_AR+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$ac_ct_AR"; then + ac_cv_prog_ac_ct_AR="$ac_ct_AR" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_ac_ct_AR="$ac_prog" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +ac_ct_AR=$ac_cv_prog_ac_ct_AR +if test -n "$ac_ct_AR"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_AR" >&5 +$as_echo "$ac_ct_AR" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + + test -n "$ac_ct_AR" && break +done + + if test "x$ac_ct_AR" = x; then + AR="false" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +ac_tool_warned=yes ;; +esac + AR=$ac_ct_AR + fi +fi + +: ${AR=ar} +: ${AR_FLAGS=cru} + + + + + + + + + + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for archiver @FILE support" >&5 +$as_echo_n "checking for archiver @FILE support... " >&6; } +if ${lt_cv_ar_at_file+:} false; then : + $as_echo_n "(cached) " >&6 +else + lt_cv_ar_at_file=no + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + echo conftest.$ac_objext > conftest.lst + lt_ar_try='$AR $AR_FLAGS libconftest.a @conftest.lst >&5' + { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$lt_ar_try\""; } >&5 + (eval $lt_ar_try) 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } + if test 0 -eq "$ac_status"; then + # Ensure the archiver fails upon bogus file names. + rm -f conftest.$ac_objext libconftest.a + { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$lt_ar_try\""; } >&5 + (eval $lt_ar_try) 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } + if test 0 -ne "$ac_status"; then + lt_cv_ar_at_file=@ + fi + fi + rm -f conftest.* libconftest.a + +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_ar_at_file" >&5 +$as_echo "$lt_cv_ar_at_file" >&6; } + +if test no = "$lt_cv_ar_at_file"; then + archiver_list_spec= +else + archiver_list_spec=$lt_cv_ar_at_file +fi + + + + + + + +if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}strip", so it can be a program name with args. +set dummy ${ac_tool_prefix}strip; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_STRIP+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$STRIP"; then + ac_cv_prog_STRIP="$STRIP" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_STRIP="${ac_tool_prefix}strip" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +STRIP=$ac_cv_prog_STRIP +if test -n "$STRIP"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $STRIP" >&5 +$as_echo "$STRIP" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + +fi +if test -z "$ac_cv_prog_STRIP"; then + ac_ct_STRIP=$STRIP + # Extract the first word of "strip", so it can be a program name with args. +set dummy strip; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_ac_ct_STRIP+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$ac_ct_STRIP"; then + ac_cv_prog_ac_ct_STRIP="$ac_ct_STRIP" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_ac_ct_STRIP="strip" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +ac_ct_STRIP=$ac_cv_prog_ac_ct_STRIP +if test -n "$ac_ct_STRIP"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_STRIP" >&5 +$as_echo "$ac_ct_STRIP" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + if test "x$ac_ct_STRIP" = x; then + STRIP=":" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +ac_tool_warned=yes ;; +esac + STRIP=$ac_ct_STRIP + fi +else + STRIP="$ac_cv_prog_STRIP" +fi + +test -z "$STRIP" && STRIP=: + + + + + + +if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}ranlib", so it can be a program name with args. +set dummy ${ac_tool_prefix}ranlib; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_RANLIB+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$RANLIB"; then + ac_cv_prog_RANLIB="$RANLIB" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_RANLIB="${ac_tool_prefix}ranlib" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +RANLIB=$ac_cv_prog_RANLIB +if test -n "$RANLIB"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $RANLIB" >&5 +$as_echo "$RANLIB" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + +fi +if test -z "$ac_cv_prog_RANLIB"; then + ac_ct_RANLIB=$RANLIB + # Extract the first word of "ranlib", so it can be a program name with args. +set dummy ranlib; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_ac_ct_RANLIB+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$ac_ct_RANLIB"; then + ac_cv_prog_ac_ct_RANLIB="$ac_ct_RANLIB" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_ac_ct_RANLIB="ranlib" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +ac_ct_RANLIB=$ac_cv_prog_ac_ct_RANLIB +if test -n "$ac_ct_RANLIB"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_RANLIB" >&5 +$as_echo "$ac_ct_RANLIB" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + if test "x$ac_ct_RANLIB" = x; then + RANLIB=":" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +ac_tool_warned=yes ;; +esac + RANLIB=$ac_ct_RANLIB + fi +else + RANLIB="$ac_cv_prog_RANLIB" +fi + +test -z "$RANLIB" && RANLIB=: + + + + + + +# Determine commands to create old-style static archives. +old_archive_cmds='$AR $AR_FLAGS $oldlib$oldobjs' +old_postinstall_cmds='chmod 644 $oldlib' +old_postuninstall_cmds= + +if test -n "$RANLIB"; then + case $host_os in + bitrig* | openbsd*) + old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB -t \$tool_oldlib" + ;; + *) + old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB \$tool_oldlib" + ;; + esac + old_archive_cmds="$old_archive_cmds~\$RANLIB \$tool_oldlib" +fi + +case $host_os in + darwin*) + lock_old_archive_extraction=yes ;; + *) + lock_old_archive_extraction=no ;; +esac + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +# If no C compiler was specified, use CC. +LTCC=${LTCC-"$CC"} + +# If no C compiler flags were specified, use CFLAGS. +LTCFLAGS=${LTCFLAGS-"$CFLAGS"} + +# Allow CC to be a program name with arguments. +compiler=$CC + + +# Check for command to grab the raw symbol name followed by C symbol from nm. +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking command to parse $NM output from $compiler object" >&5 +$as_echo_n "checking command to parse $NM output from $compiler object... " >&6; } +if ${lt_cv_sys_global_symbol_pipe+:} false; then : + $as_echo_n "(cached) " >&6 +else + +# These are sane defaults that work on at least a few old systems. +# [They come from Ultrix. What could be older than Ultrix?!! ;)] + +# Character class describing NM global symbol codes. +symcode='[BCDEGRST]' + +# Regexp to match symbols that can be accessed directly from C. +sympat='\([_A-Za-z][_A-Za-z0-9]*\)' + +# Define system-specific variables. +case $host_os in +aix*) + symcode='[BCDT]' + ;; +cygwin* | mingw* | pw32* | cegcc*) + symcode='[ABCDGISTW]' + ;; +hpux*) + if test ia64 = "$host_cpu"; then + symcode='[ABCDEGRST]' + fi + ;; +irix* | nonstopux*) + symcode='[BCDEGRST]' + ;; +osf*) + symcode='[BCDEGQRST]' + ;; +solaris*) + symcode='[BDRT]' + ;; +sco3.2v5*) + symcode='[DT]' + ;; +sysv4.2uw2*) + symcode='[DT]' + ;; +sysv5* | sco5v6* | unixware* | OpenUNIX*) + symcode='[ABDT]' + ;; +sysv4) + symcode='[DFNSTU]' + ;; +esac + +# If we're using GNU nm, then use its standard symbol codes. +case `$NM -V 2>&1` in +*GNU* | *'with BFD'*) + symcode='[ABCDGIRSTW]' ;; +esac + +if test "$lt_cv_nm_interface" = "MS dumpbin"; then + # Gets list of data symbols to import. + lt_cv_sys_global_symbol_to_import="sed -n -e 's/^I .* \(.*\)$/\1/p'" + # Adjust the below global symbol transforms to fixup imported variables. + lt_cdecl_hook=" -e 's/^I .* \(.*\)$/extern __declspec(dllimport) char \1;/p'" + lt_c_name_hook=" -e 's/^I .* \(.*\)$/ {\"\1\", (void *) 0},/p'" + lt_c_name_lib_hook="\ + -e 's/^I .* \(lib.*\)$/ {\"\1\", (void *) 0},/p'\ + -e 's/^I .* \(.*\)$/ {\"lib\1\", (void *) 0},/p'" +else + # Disable hooks by default. + lt_cv_sys_global_symbol_to_import= + lt_cdecl_hook= + lt_c_name_hook= + lt_c_name_lib_hook= +fi + +# Transform an extracted symbol line into a proper C declaration. +# Some systems (esp. on ia64) link data and code symbols differently, +# so use this general approach. +lt_cv_sys_global_symbol_to_cdecl="sed -n"\ +$lt_cdecl_hook\ +" -e 's/^T .* \(.*\)$/extern int \1();/p'"\ +" -e 's/^$symcode$symcode* .* \(.*\)$/extern char \1;/p'" + +# Transform an extracted symbol line into symbol name and symbol address +lt_cv_sys_global_symbol_to_c_name_address="sed -n"\ +$lt_c_name_hook\ +" -e 's/^: \(.*\) .*$/ {\"\1\", (void *) 0},/p'"\ +" -e 's/^$symcode$symcode* .* \(.*\)$/ {\"\1\", (void *) \&\1},/p'" + +# Transform an extracted symbol line into symbol name with lib prefix and +# symbol address. +lt_cv_sys_global_symbol_to_c_name_address_lib_prefix="sed -n"\ +$lt_c_name_lib_hook\ +" -e 's/^: \(.*\) .*$/ {\"\1\", (void *) 0},/p'"\ +" -e 's/^$symcode$symcode* .* \(lib.*\)$/ {\"\1\", (void *) \&\1},/p'"\ +" -e 's/^$symcode$symcode* .* \(.*\)$/ {\"lib\1\", (void *) \&\1},/p'" + +# Handle CRLF in mingw tool chain +opt_cr= +case $build_os in +mingw*) + opt_cr=`$ECHO 'x\{0,1\}' | tr x '\015'` # option cr in regexp + ;; +esac + +# Try without a prefix underscore, then with it. +for ac_symprfx in "" "_"; do + + # Transform symcode, sympat, and symprfx into a raw symbol and a C symbol. + symxfrm="\\1 $ac_symprfx\\2 \\2" + + # Write the raw and C identifiers. + if test "$lt_cv_nm_interface" = "MS dumpbin"; then + # Fake it for dumpbin and say T for any non-static function, + # D for any global variable and I for any imported variable. + # Also find C++ and __fastcall symbols from MSVC++, + # which start with @ or ?. + lt_cv_sys_global_symbol_pipe="$AWK '"\ +" {last_section=section; section=\$ 3};"\ +" /^COFF SYMBOL TABLE/{for(i in hide) delete hide[i]};"\ +" /Section length .*#relocs.*(pick any)/{hide[last_section]=1};"\ +" /^ *Symbol name *: /{split(\$ 0,sn,\":\"); si=substr(sn[2],2)};"\ +" /^ *Type *: code/{print \"T\",si,substr(si,length(prfx))};"\ +" /^ *Type *: data/{print \"I\",si,substr(si,length(prfx))};"\ +" \$ 0!~/External *\|/{next};"\ +" / 0+ UNDEF /{next}; / UNDEF \([^|]\)*()/{next};"\ +" {if(hide[section]) next};"\ +" {f=\"D\"}; \$ 0~/\(\).*\|/{f=\"T\"};"\ +" {split(\$ 0,a,/\||\r/); split(a[2],s)};"\ +" s[1]~/^[@?]/{print f,s[1],s[1]; next};"\ +" s[1]~prfx {split(s[1],t,\"@\"); print f,t[1],substr(t[1],length(prfx))}"\ +" ' prfx=^$ac_symprfx" + else + lt_cv_sys_global_symbol_pipe="sed -n -e 's/^.*[ ]\($symcode$symcode*\)[ ][ ]*$ac_symprfx$sympat$opt_cr$/$symxfrm/p'" + fi + lt_cv_sys_global_symbol_pipe="$lt_cv_sys_global_symbol_pipe | sed '/ __gnu_lto/d'" + + # Check to see that the pipe works correctly. + pipe_works=no + + rm -f conftest* + cat > conftest.$ac_ext <<_LT_EOF +#ifdef __cplusplus +extern "C" { +#endif +char nm_test_var; +void nm_test_func(void); +void nm_test_func(void){} +#ifdef __cplusplus +} +#endif +int main(){nm_test_var='a';nm_test_func();return(0);} +_LT_EOF + + if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5 + (eval $ac_compile) 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + # Now try to grab the symbols. + nlist=conftest.nm + $ECHO "$as_me:$LINENO: $NM conftest.$ac_objext | $lt_cv_sys_global_symbol_pipe > $nlist" >&5 + if eval "$NM" conftest.$ac_objext \| "$lt_cv_sys_global_symbol_pipe" \> $nlist 2>&5 && test -s "$nlist"; then + # Try sorting and uniquifying the output. + if sort "$nlist" | uniq > "$nlist"T; then + mv -f "$nlist"T "$nlist" + else + rm -f "$nlist"T + fi + + # Make sure that we snagged all the symbols we need. + if $GREP ' nm_test_var$' "$nlist" >/dev/null; then + if $GREP ' nm_test_func$' "$nlist" >/dev/null; then + cat <<_LT_EOF > conftest.$ac_ext +/* Keep this code in sync between libtool.m4, ltmain, lt_system.h, and tests. */ +#if defined _WIN32 || defined __CYGWIN__ || defined _WIN32_WCE +/* DATA imports from DLLs on WIN32 can't be const, because runtime + relocations are performed -- see ld's documentation on pseudo-relocs. */ +# define LT_DLSYM_CONST +#elif defined __osf__ +/* This system does not cope well with relocations in const data. */ +# define LT_DLSYM_CONST +#else +# define LT_DLSYM_CONST const +#endif + +#ifdef __cplusplus +extern "C" { +#endif + +_LT_EOF + # Now generate the symbol file. + eval "$lt_cv_sys_global_symbol_to_cdecl"' < "$nlist" | $GREP -v main >> conftest.$ac_ext' + + cat <<_LT_EOF >> conftest.$ac_ext + +/* The mapping between symbol names and symbols. */ +LT_DLSYM_CONST struct { + const char *name; + void *address; +} +lt__PROGRAM__LTX_preloaded_symbols[] = +{ + { "@PROGRAM@", (void *) 0 }, +_LT_EOF + $SED "s/^$symcode$symcode* .* \(.*\)$/ {\"\1\", (void *) \&\1},/" < "$nlist" | $GREP -v main >> conftest.$ac_ext + cat <<\_LT_EOF >> conftest.$ac_ext + {0, (void *) 0} +}; + +/* This works around a problem in FreeBSD linker */ +#ifdef FREEBSD_WORKAROUND +static const void *lt_preloaded_setup() { + return lt__PROGRAM__LTX_preloaded_symbols; +} +#endif + +#ifdef __cplusplus +} +#endif +_LT_EOF + # Now try linking the two files. + mv conftest.$ac_objext conftstm.$ac_objext + lt_globsym_save_LIBS=$LIBS + lt_globsym_save_CFLAGS=$CFLAGS + LIBS=conftstm.$ac_objext + CFLAGS="$CFLAGS$lt_prog_compiler_no_builtin_flag" + if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_link\""; } >&5 + (eval $ac_link) 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } && test -s conftest$ac_exeext; then + pipe_works=yes + fi + LIBS=$lt_globsym_save_LIBS + CFLAGS=$lt_globsym_save_CFLAGS + else + echo "cannot find nm_test_func in $nlist" >&5 + fi + else + echo "cannot find nm_test_var in $nlist" >&5 + fi + else + echo "cannot run $lt_cv_sys_global_symbol_pipe" >&5 + fi + else + echo "$progname: failed program was:" >&5 + cat conftest.$ac_ext >&5 + fi + rm -rf conftest* conftst* + + # Do not use the global_symbol_pipe unless it works. + if test yes = "$pipe_works"; then + break + else + lt_cv_sys_global_symbol_pipe= + fi +done + +fi + +if test -z "$lt_cv_sys_global_symbol_pipe"; then + lt_cv_sys_global_symbol_to_cdecl= +fi +if test -z "$lt_cv_sys_global_symbol_pipe$lt_cv_sys_global_symbol_to_cdecl"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: failed" >&5 +$as_echo "failed" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: ok" >&5 +$as_echo "ok" >&6; } +fi + +# Response file support. +if test "$lt_cv_nm_interface" = "MS dumpbin"; then + nm_file_list_spec='@' +elif $NM --help 2>/dev/null | grep '[@]FILE' >/dev/null; then + nm_file_list_spec='@' +fi + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for sysroot" >&5 +$as_echo_n "checking for sysroot... " >&6; } + +# Check whether --with-sysroot was given. +if test "${with_sysroot+set}" = set; then : + withval=$with_sysroot; +else + with_sysroot=no +fi + + +lt_sysroot= +case $with_sysroot in #( + yes) + if test yes = "$GCC"; then + lt_sysroot=`$CC --print-sysroot 2>/dev/null` + fi + ;; #( + /*) + lt_sysroot=`echo "$with_sysroot" | sed -e "$sed_quote_subst"` + ;; #( + no|'') + ;; #( + *) + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $with_sysroot" >&5 +$as_echo "$with_sysroot" >&6; } + as_fn_error $? "The sysroot must be an absolute path." "$LINENO" 5 + ;; +esac + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: ${lt_sysroot:-no}" >&5 +$as_echo "${lt_sysroot:-no}" >&6; } + + + + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for a working dd" >&5 +$as_echo_n "checking for a working dd... " >&6; } +if ${ac_cv_path_lt_DD+:} false; then : + $as_echo_n "(cached) " >&6 +else + printf 0123456789abcdef0123456789abcdef >conftest.i +cat conftest.i conftest.i >conftest2.i +: ${lt_DD:=$DD} +if test -z "$lt_DD"; then + ac_path_lt_DD_found=false + # Loop through the user's path and test for each of PROGNAME-LIST + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_prog in dd; do + for ac_exec_ext in '' $ac_executable_extensions; do + ac_path_lt_DD="$as_dir/$ac_prog$ac_exec_ext" + as_fn_executable_p "$ac_path_lt_DD" || continue +if "$ac_path_lt_DD" bs=32 count=1 conftest.out 2>/dev/null; then + cmp -s conftest.i conftest.out \ + && ac_cv_path_lt_DD="$ac_path_lt_DD" ac_path_lt_DD_found=: +fi + $ac_path_lt_DD_found && break 3 + done + done + done +IFS=$as_save_IFS + if test -z "$ac_cv_path_lt_DD"; then + : + fi +else + ac_cv_path_lt_DD=$lt_DD +fi + +rm -f conftest.i conftest2.i conftest.out +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_lt_DD" >&5 +$as_echo "$ac_cv_path_lt_DD" >&6; } + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking how to truncate binary pipes" >&5 +$as_echo_n "checking how to truncate binary pipes... " >&6; } +if ${lt_cv_truncate_bin+:} false; then : + $as_echo_n "(cached) " >&6 +else + printf 0123456789abcdef0123456789abcdef >conftest.i +cat conftest.i conftest.i >conftest2.i +lt_cv_truncate_bin= +if "$ac_cv_path_lt_DD" bs=32 count=1 conftest.out 2>/dev/null; then + cmp -s conftest.i conftest.out \ + && lt_cv_truncate_bin="$ac_cv_path_lt_DD bs=4096 count=1" +fi +rm -f conftest.i conftest2.i conftest.out +test -z "$lt_cv_truncate_bin" && lt_cv_truncate_bin="$SED -e 4q" +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_truncate_bin" >&5 +$as_echo "$lt_cv_truncate_bin" >&6; } + + + + + + + +# Calculate cc_basename. Skip known compiler wrappers and cross-prefix. +func_cc_basename () +{ + for cc_temp in $*""; do + case $cc_temp in + compile | *[\\/]compile | ccache | *[\\/]ccache ) ;; + distcc | *[\\/]distcc | purify | *[\\/]purify ) ;; + \-*) ;; + *) break;; + esac + done + func_cc_basename_result=`$ECHO "$cc_temp" | $SED "s%.*/%%; s%^$host_alias-%%"` +} + +# Check whether --enable-libtool-lock was given. +if test "${enable_libtool_lock+set}" = set; then : + enableval=$enable_libtool_lock; +fi + +test no = "$enable_libtool_lock" || enable_libtool_lock=yes + +# Some flags need to be propagated to the compiler or linker for good +# libtool support. +case $host in +ia64-*-hpux*) + # Find out what ABI is being produced by ac_compile, and set mode + # options accordingly. + echo 'int i;' > conftest.$ac_ext + if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5 + (eval $ac_compile) 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + case `/usr/bin/file conftest.$ac_objext` in + *ELF-32*) + HPUX_IA64_MODE=32 + ;; + *ELF-64*) + HPUX_IA64_MODE=64 + ;; + esac + fi + rm -rf conftest* + ;; +*-*-irix6*) + # Find out what ABI is being produced by ac_compile, and set linker + # options accordingly. + echo '#line '$LINENO' "configure"' > conftest.$ac_ext + if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5 + (eval $ac_compile) 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + if test yes = "$lt_cv_prog_gnu_ld"; then + case `/usr/bin/file conftest.$ac_objext` in + *32-bit*) + LD="${LD-ld} -melf32bsmip" + ;; + *N32*) + LD="${LD-ld} -melf32bmipn32" + ;; + *64-bit*) + LD="${LD-ld} -melf64bmip" + ;; + esac + else + case `/usr/bin/file conftest.$ac_objext` in + *32-bit*) + LD="${LD-ld} -32" + ;; + *N32*) + LD="${LD-ld} -n32" + ;; + *64-bit*) + LD="${LD-ld} -64" + ;; + esac + fi + fi + rm -rf conftest* + ;; + +mips64*-*linux*) + # Find out what ABI is being produced by ac_compile, and set linker + # options accordingly. + echo '#line '$LINENO' "configure"' > conftest.$ac_ext + if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5 + (eval $ac_compile) 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + emul=elf + case `/usr/bin/file conftest.$ac_objext` in + *32-bit*) + emul="${emul}32" + ;; + *64-bit*) + emul="${emul}64" + ;; + esac + case `/usr/bin/file conftest.$ac_objext` in + *MSB*) + emul="${emul}btsmip" + ;; + *LSB*) + emul="${emul}ltsmip" + ;; + esac + case `/usr/bin/file conftest.$ac_objext` in + *N32*) + emul="${emul}n32" + ;; + esac + LD="${LD-ld} -m $emul" + fi + rm -rf conftest* + ;; + +x86_64-*kfreebsd*-gnu|x86_64-*linux*|powerpc*-*linux*| \ +s390*-*linux*|s390*-*tpf*|sparc*-*linux*) + # Find out what ABI is being produced by ac_compile, and set linker + # options accordingly. Note that the listed cases only cover the + # situations where additional linker options are needed (such as when + # doing 32-bit compilation for a host where ld defaults to 64-bit, or + # vice versa); the common cases where no linker options are needed do + # not appear in the list. + echo 'int i;' > conftest.$ac_ext + if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5 + (eval $ac_compile) 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + case `/usr/bin/file conftest.o` in + *32-bit*) + case $host in + x86_64-*kfreebsd*-gnu) + LD="${LD-ld} -m elf_i386_fbsd" + ;; + x86_64-*linux*) + case `/usr/bin/file conftest.o` in + *x86-64*) + LD="${LD-ld} -m elf32_x86_64" + ;; + *) + LD="${LD-ld} -m elf_i386" + ;; + esac + ;; + powerpc64le-*linux*) + LD="${LD-ld} -m elf32lppclinux" + ;; + powerpc64-*linux*) + LD="${LD-ld} -m elf32ppclinux" + ;; + s390x-*linux*) + LD="${LD-ld} -m elf_s390" + ;; + sparc64-*linux*) + LD="${LD-ld} -m elf32_sparc" + ;; + esac + ;; + *64-bit*) + case $host in + x86_64-*kfreebsd*-gnu) + LD="${LD-ld} -m elf_x86_64_fbsd" + ;; + x86_64-*linux*) + LD="${LD-ld} -m elf_x86_64" + ;; + powerpcle-*linux*) + LD="${LD-ld} -m elf64lppc" + ;; + powerpc-*linux*) + LD="${LD-ld} -m elf64ppc" + ;; + s390*-*linux*|s390*-*tpf*) + LD="${LD-ld} -m elf64_s390" + ;; + sparc*-*linux*) + LD="${LD-ld} -m elf64_sparc" + ;; + esac + ;; + esac + fi + rm -rf conftest* + ;; + +*-*-sco3.2v5*) + # On SCO OpenServer 5, we need -belf to get full-featured binaries. + SAVE_CFLAGS=$CFLAGS + CFLAGS="$CFLAGS -belf" + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the C compiler needs -belf" >&5 +$as_echo_n "checking whether the C compiler needs -belf... " >&6; } +if ${lt_cv_cc_needs_belf+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + lt_cv_cc_needs_belf=yes +else + lt_cv_cc_needs_belf=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_cc_needs_belf" >&5 +$as_echo "$lt_cv_cc_needs_belf" >&6; } + if test yes != "$lt_cv_cc_needs_belf"; then + # this is probably gcc 2.8.0, egcs 1.0 or newer; no need for -belf + CFLAGS=$SAVE_CFLAGS + fi + ;; +*-*solaris*) + # Find out what ABI is being produced by ac_compile, and set linker + # options accordingly. + echo 'int i;' > conftest.$ac_ext + if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5 + (eval $ac_compile) 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + case `/usr/bin/file conftest.o` in + *64-bit*) + case $lt_cv_prog_gnu_ld in + yes*) + case $host in + i?86-*-solaris*|x86_64-*-solaris*) + LD="${LD-ld} -m elf_x86_64" + ;; + sparc*-*-solaris*) + LD="${LD-ld} -m elf64_sparc" + ;; + esac + # GNU ld 2.21 introduced _sol2 emulations. Use them if available. + if ${LD-ld} -V | grep _sol2 >/dev/null 2>&1; then + LD=${LD-ld}_sol2 + fi + ;; + *) + if ${LD-ld} -64 -r -o conftest2.o conftest.o >/dev/null 2>&1; then + LD="${LD-ld} -64" + fi + ;; + esac + ;; + esac + fi + rm -rf conftest* + ;; +esac + +need_locks=$enable_libtool_lock + +if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}mt", so it can be a program name with args. +set dummy ${ac_tool_prefix}mt; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_MANIFEST_TOOL+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$MANIFEST_TOOL"; then + ac_cv_prog_MANIFEST_TOOL="$MANIFEST_TOOL" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_MANIFEST_TOOL="${ac_tool_prefix}mt" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +MANIFEST_TOOL=$ac_cv_prog_MANIFEST_TOOL +if test -n "$MANIFEST_TOOL"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $MANIFEST_TOOL" >&5 +$as_echo "$MANIFEST_TOOL" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + +fi +if test -z "$ac_cv_prog_MANIFEST_TOOL"; then + ac_ct_MANIFEST_TOOL=$MANIFEST_TOOL + # Extract the first word of "mt", so it can be a program name with args. +set dummy mt; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_ac_ct_MANIFEST_TOOL+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$ac_ct_MANIFEST_TOOL"; then + ac_cv_prog_ac_ct_MANIFEST_TOOL="$ac_ct_MANIFEST_TOOL" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_ac_ct_MANIFEST_TOOL="mt" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +ac_ct_MANIFEST_TOOL=$ac_cv_prog_ac_ct_MANIFEST_TOOL +if test -n "$ac_ct_MANIFEST_TOOL"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_MANIFEST_TOOL" >&5 +$as_echo "$ac_ct_MANIFEST_TOOL" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + if test "x$ac_ct_MANIFEST_TOOL" = x; then + MANIFEST_TOOL=":" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +ac_tool_warned=yes ;; +esac + MANIFEST_TOOL=$ac_ct_MANIFEST_TOOL + fi +else + MANIFEST_TOOL="$ac_cv_prog_MANIFEST_TOOL" +fi + +test -z "$MANIFEST_TOOL" && MANIFEST_TOOL=mt +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if $MANIFEST_TOOL is a manifest tool" >&5 +$as_echo_n "checking if $MANIFEST_TOOL is a manifest tool... " >&6; } +if ${lt_cv_path_mainfest_tool+:} false; then : + $as_echo_n "(cached) " >&6 +else + lt_cv_path_mainfest_tool=no + echo "$as_me:$LINENO: $MANIFEST_TOOL '-?'" >&5 + $MANIFEST_TOOL '-?' 2>conftest.err > conftest.out + cat conftest.err >&5 + if $GREP 'Manifest Tool' conftest.out > /dev/null; then + lt_cv_path_mainfest_tool=yes + fi + rm -f conftest* +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_path_mainfest_tool" >&5 +$as_echo "$lt_cv_path_mainfest_tool" >&6; } +if test yes != "$lt_cv_path_mainfest_tool"; then + MANIFEST_TOOL=: +fi + + + + + + + case $host_os in + rhapsody* | darwin*) + if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}dsymutil", so it can be a program name with args. +set dummy ${ac_tool_prefix}dsymutil; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_DSYMUTIL+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$DSYMUTIL"; then + ac_cv_prog_DSYMUTIL="$DSYMUTIL" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_DSYMUTIL="${ac_tool_prefix}dsymutil" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +DSYMUTIL=$ac_cv_prog_DSYMUTIL +if test -n "$DSYMUTIL"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $DSYMUTIL" >&5 +$as_echo "$DSYMUTIL" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + +fi +if test -z "$ac_cv_prog_DSYMUTIL"; then + ac_ct_DSYMUTIL=$DSYMUTIL + # Extract the first word of "dsymutil", so it can be a program name with args. +set dummy dsymutil; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_ac_ct_DSYMUTIL+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$ac_ct_DSYMUTIL"; then + ac_cv_prog_ac_ct_DSYMUTIL="$ac_ct_DSYMUTIL" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_ac_ct_DSYMUTIL="dsymutil" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +ac_ct_DSYMUTIL=$ac_cv_prog_ac_ct_DSYMUTIL +if test -n "$ac_ct_DSYMUTIL"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_DSYMUTIL" >&5 +$as_echo "$ac_ct_DSYMUTIL" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + if test "x$ac_ct_DSYMUTIL" = x; then + DSYMUTIL=":" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +ac_tool_warned=yes ;; +esac + DSYMUTIL=$ac_ct_DSYMUTIL + fi +else + DSYMUTIL="$ac_cv_prog_DSYMUTIL" +fi + + if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}nmedit", so it can be a program name with args. +set dummy ${ac_tool_prefix}nmedit; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_NMEDIT+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$NMEDIT"; then + ac_cv_prog_NMEDIT="$NMEDIT" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_NMEDIT="${ac_tool_prefix}nmedit" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +NMEDIT=$ac_cv_prog_NMEDIT +if test -n "$NMEDIT"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $NMEDIT" >&5 +$as_echo "$NMEDIT" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + +fi +if test -z "$ac_cv_prog_NMEDIT"; then + ac_ct_NMEDIT=$NMEDIT + # Extract the first word of "nmedit", so it can be a program name with args. +set dummy nmedit; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_ac_ct_NMEDIT+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$ac_ct_NMEDIT"; then + ac_cv_prog_ac_ct_NMEDIT="$ac_ct_NMEDIT" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_ac_ct_NMEDIT="nmedit" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +ac_ct_NMEDIT=$ac_cv_prog_ac_ct_NMEDIT +if test -n "$ac_ct_NMEDIT"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_NMEDIT" >&5 +$as_echo "$ac_ct_NMEDIT" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + if test "x$ac_ct_NMEDIT" = x; then + NMEDIT=":" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +ac_tool_warned=yes ;; +esac + NMEDIT=$ac_ct_NMEDIT + fi +else + NMEDIT="$ac_cv_prog_NMEDIT" +fi + + if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}lipo", so it can be a program name with args. +set dummy ${ac_tool_prefix}lipo; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_LIPO+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$LIPO"; then + ac_cv_prog_LIPO="$LIPO" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_LIPO="${ac_tool_prefix}lipo" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +LIPO=$ac_cv_prog_LIPO +if test -n "$LIPO"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $LIPO" >&5 +$as_echo "$LIPO" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + +fi +if test -z "$ac_cv_prog_LIPO"; then + ac_ct_LIPO=$LIPO + # Extract the first word of "lipo", so it can be a program name with args. +set dummy lipo; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_ac_ct_LIPO+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$ac_ct_LIPO"; then + ac_cv_prog_ac_ct_LIPO="$ac_ct_LIPO" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_ac_ct_LIPO="lipo" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +ac_ct_LIPO=$ac_cv_prog_ac_ct_LIPO +if test -n "$ac_ct_LIPO"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_LIPO" >&5 +$as_echo "$ac_ct_LIPO" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + if test "x$ac_ct_LIPO" = x; then + LIPO=":" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +ac_tool_warned=yes ;; +esac + LIPO=$ac_ct_LIPO + fi +else + LIPO="$ac_cv_prog_LIPO" +fi + + if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}otool", so it can be a program name with args. +set dummy ${ac_tool_prefix}otool; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_OTOOL+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$OTOOL"; then + ac_cv_prog_OTOOL="$OTOOL" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_OTOOL="${ac_tool_prefix}otool" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +OTOOL=$ac_cv_prog_OTOOL +if test -n "$OTOOL"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $OTOOL" >&5 +$as_echo "$OTOOL" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + +fi +if test -z "$ac_cv_prog_OTOOL"; then + ac_ct_OTOOL=$OTOOL + # Extract the first word of "otool", so it can be a program name with args. +set dummy otool; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_ac_ct_OTOOL+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$ac_ct_OTOOL"; then + ac_cv_prog_ac_ct_OTOOL="$ac_ct_OTOOL" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_ac_ct_OTOOL="otool" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +ac_ct_OTOOL=$ac_cv_prog_ac_ct_OTOOL +if test -n "$ac_ct_OTOOL"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_OTOOL" >&5 +$as_echo "$ac_ct_OTOOL" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + if test "x$ac_ct_OTOOL" = x; then + OTOOL=":" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +ac_tool_warned=yes ;; +esac + OTOOL=$ac_ct_OTOOL + fi +else + OTOOL="$ac_cv_prog_OTOOL" +fi + + if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}otool64", so it can be a program name with args. +set dummy ${ac_tool_prefix}otool64; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_OTOOL64+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$OTOOL64"; then + ac_cv_prog_OTOOL64="$OTOOL64" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_OTOOL64="${ac_tool_prefix}otool64" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +OTOOL64=$ac_cv_prog_OTOOL64 +if test -n "$OTOOL64"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $OTOOL64" >&5 +$as_echo "$OTOOL64" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + +fi +if test -z "$ac_cv_prog_OTOOL64"; then + ac_ct_OTOOL64=$OTOOL64 + # Extract the first word of "otool64", so it can be a program name with args. +set dummy otool64; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_ac_ct_OTOOL64+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$ac_ct_OTOOL64"; then + ac_cv_prog_ac_ct_OTOOL64="$ac_ct_OTOOL64" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_ac_ct_OTOOL64="otool64" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +ac_ct_OTOOL64=$ac_cv_prog_ac_ct_OTOOL64 +if test -n "$ac_ct_OTOOL64"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_OTOOL64" >&5 +$as_echo "$ac_ct_OTOOL64" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + if test "x$ac_ct_OTOOL64" = x; then + OTOOL64=":" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +ac_tool_warned=yes ;; +esac + OTOOL64=$ac_ct_OTOOL64 + fi +else + OTOOL64="$ac_cv_prog_OTOOL64" +fi + + + + + + + + + + + + + + + + + + + + + + + + + + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for -single_module linker flag" >&5 +$as_echo_n "checking for -single_module linker flag... " >&6; } +if ${lt_cv_apple_cc_single_mod+:} false; then : + $as_echo_n "(cached) " >&6 +else + lt_cv_apple_cc_single_mod=no + if test -z "$LT_MULTI_MODULE"; then + # By default we will add the -single_module flag. You can override + # by either setting the environment variable LT_MULTI_MODULE + # non-empty at configure time, or by adding -multi_module to the + # link flags. + rm -rf libconftest.dylib* + echo "int foo(void){return 1;}" > conftest.c + echo "$LTCC $LTCFLAGS $LDFLAGS -o libconftest.dylib \ +-dynamiclib -Wl,-single_module conftest.c" >&5 + $LTCC $LTCFLAGS $LDFLAGS -o libconftest.dylib \ + -dynamiclib -Wl,-single_module conftest.c 2>conftest.err + _lt_result=$? + # If there is a non-empty error log, and "single_module" + # appears in it, assume the flag caused a linker warning + if test -s conftest.err && $GREP single_module conftest.err; then + cat conftest.err >&5 + # Otherwise, if the output was created with a 0 exit code from + # the compiler, it worked. + elif test -f libconftest.dylib && test 0 = "$_lt_result"; then + lt_cv_apple_cc_single_mod=yes + else + cat conftest.err >&5 + fi + rm -rf libconftest.dylib* + rm -f conftest.* + fi +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_apple_cc_single_mod" >&5 +$as_echo "$lt_cv_apple_cc_single_mod" >&6; } + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for -exported_symbols_list linker flag" >&5 +$as_echo_n "checking for -exported_symbols_list linker flag... " >&6; } +if ${lt_cv_ld_exported_symbols_list+:} false; then : + $as_echo_n "(cached) " >&6 +else + lt_cv_ld_exported_symbols_list=no + save_LDFLAGS=$LDFLAGS + echo "_main" > conftest.sym + LDFLAGS="$LDFLAGS -Wl,-exported_symbols_list,conftest.sym" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + lt_cv_ld_exported_symbols_list=yes +else + lt_cv_ld_exported_symbols_list=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + LDFLAGS=$save_LDFLAGS + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_ld_exported_symbols_list" >&5 +$as_echo "$lt_cv_ld_exported_symbols_list" >&6; } + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for -force_load linker flag" >&5 +$as_echo_n "checking for -force_load linker flag... " >&6; } +if ${lt_cv_ld_force_load+:} false; then : + $as_echo_n "(cached) " >&6 +else + lt_cv_ld_force_load=no + cat > conftest.c << _LT_EOF +int forced_loaded() { return 2;} +_LT_EOF + echo "$LTCC $LTCFLAGS -c -o conftest.o conftest.c" >&5 + $LTCC $LTCFLAGS -c -o conftest.o conftest.c 2>&5 + echo "$AR cru libconftest.a conftest.o" >&5 + $AR cru libconftest.a conftest.o 2>&5 + echo "$RANLIB libconftest.a" >&5 + $RANLIB libconftest.a 2>&5 + cat > conftest.c << _LT_EOF +int main() { return 0;} +_LT_EOF + echo "$LTCC $LTCFLAGS $LDFLAGS -o conftest conftest.c -Wl,-force_load,./libconftest.a" >&5 + $LTCC $LTCFLAGS $LDFLAGS -o conftest conftest.c -Wl,-force_load,./libconftest.a 2>conftest.err + _lt_result=$? + if test -s conftest.err && $GREP force_load conftest.err; then + cat conftest.err >&5 + elif test -f conftest && test 0 = "$_lt_result" && $GREP forced_load conftest >/dev/null 2>&1; then + lt_cv_ld_force_load=yes + else + cat conftest.err >&5 + fi + rm -f conftest.err libconftest.a conftest conftest.c + rm -rf conftest.dSYM + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_ld_force_load" >&5 +$as_echo "$lt_cv_ld_force_load" >&6; } + case $host_os in + rhapsody* | darwin1.[012]) + _lt_dar_allow_undefined='$wl-undefined ${wl}suppress' ;; + darwin1.*) + _lt_dar_allow_undefined='$wl-flat_namespace $wl-undefined ${wl}suppress' ;; + darwin*) # darwin 5.x on + # if running on 10.5 or later, the deployment target defaults + # to the OS version, if on x86, and 10.4, the deployment + # target defaults to 10.4. Don't you love it? + case ${MACOSX_DEPLOYMENT_TARGET-10.0},$host in + 10.0,*86*-darwin8*|10.0,*-darwin[91]*) + _lt_dar_allow_undefined='$wl-undefined ${wl}dynamic_lookup' ;; + 10.[012][,.]*) + _lt_dar_allow_undefined='$wl-flat_namespace $wl-undefined ${wl}suppress' ;; + 10.*) + _lt_dar_allow_undefined='$wl-undefined ${wl}dynamic_lookup' ;; + esac + ;; + esac + if test yes = "$lt_cv_apple_cc_single_mod"; then + _lt_dar_single_mod='$single_module' + fi + if test yes = "$lt_cv_ld_exported_symbols_list"; then + _lt_dar_export_syms=' $wl-exported_symbols_list,$output_objdir/$libname-symbols.expsym' + else + _lt_dar_export_syms='~$NMEDIT -s $output_objdir/$libname-symbols.expsym $lib' + fi + if test : != "$DSYMUTIL" && test no = "$lt_cv_ld_force_load"; then + _lt_dsymutil='~$DSYMUTIL $lib || :' + else + _lt_dsymutil= + fi + ;; + esac + +# func_munge_path_list VARIABLE PATH +# ----------------------------------- +# VARIABLE is name of variable containing _space_ separated list of +# directories to be munged by the contents of PATH, which is string +# having a format: +# "DIR[:DIR]:" +# string "DIR[ DIR]" will be prepended to VARIABLE +# ":DIR[:DIR]" +# string "DIR[ DIR]" will be appended to VARIABLE +# "DIRP[:DIRP]::[DIRA:]DIRA" +# string "DIRP[ DIRP]" will be prepended to VARIABLE and string +# "DIRA[ DIRA]" will be appended to VARIABLE +# "DIR[:DIR]" +# VARIABLE will be replaced by "DIR[ DIR]" +func_munge_path_list () +{ + case x$2 in + x) + ;; + *:) + eval $1=\"`$ECHO $2 | $SED 's/:/ /g'` \$$1\" + ;; + x:*) + eval $1=\"\$$1 `$ECHO $2 | $SED 's/:/ /g'`\" + ;; + *::*) + eval $1=\"\$$1\ `$ECHO $2 | $SED -e 's/.*:://' -e 's/:/ /g'`\" + eval $1=\"`$ECHO $2 | $SED -e 's/::.*//' -e 's/:/ /g'`\ \$$1\" + ;; + *) + eval $1=\"`$ECHO $2 | $SED 's/:/ /g'`\" + ;; + esac +} + +for ac_header in dlfcn.h +do : + ac_fn_c_check_header_compile "$LINENO" "dlfcn.h" "ac_cv_header_dlfcn_h" "$ac_includes_default +" +if test "x$ac_cv_header_dlfcn_h" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_DLFCN_H 1 +_ACEOF + +fi + +done + + + +func_stripname_cnf () +{ + case $2 in + .*) func_stripname_result=`$ECHO "$3" | $SED "s%^$1%%; s%\\\\$2\$%%"`;; + *) func_stripname_result=`$ECHO "$3" | $SED "s%^$1%%; s%$2\$%%"`;; + esac +} # func_stripname_cnf + + + + + +# Set options +# Check whether --enable-static was given. +if test "${enable_static+set}" = set; then : + enableval=$enable_static; p=${PACKAGE-default} + case $enableval in + yes) enable_static=yes ;; + no) enable_static=no ;; + *) + enable_static=no + # Look at the argument we got. We use all the common list separators. + lt_save_ifs=$IFS; IFS=$IFS$PATH_SEPARATOR, + for pkg in $enableval; do + IFS=$lt_save_ifs + if test "X$pkg" = "X$p"; then + enable_static=yes + fi + done + IFS=$lt_save_ifs + ;; + esac +else + enable_static=no +fi + + + + + + + + + + + enable_dlopen=no + + + enable_win32_dll=no + + + # Check whether --enable-shared was given. +if test "${enable_shared+set}" = set; then : + enableval=$enable_shared; p=${PACKAGE-default} + case $enableval in + yes) enable_shared=yes ;; + no) enable_shared=no ;; + *) + enable_shared=no + # Look at the argument we got. We use all the common list separators. + lt_save_ifs=$IFS; IFS=$IFS$PATH_SEPARATOR, + for pkg in $enableval; do + IFS=$lt_save_ifs + if test "X$pkg" = "X$p"; then + enable_shared=yes + fi + done + IFS=$lt_save_ifs + ;; + esac +else + enable_shared=yes +fi + + + + + + + + + + + +# Check whether --with-pic was given. +if test "${with_pic+set}" = set; then : + withval=$with_pic; lt_p=${PACKAGE-default} + case $withval in + yes|no) pic_mode=$withval ;; + *) + pic_mode=default + # Look at the argument we got. We use all the common list separators. + lt_save_ifs=$IFS; IFS=$IFS$PATH_SEPARATOR, + for lt_pkg in $withval; do + IFS=$lt_save_ifs + if test "X$lt_pkg" = "X$lt_p"; then + pic_mode=yes + fi + done + IFS=$lt_save_ifs + ;; + esac +else + pic_mode=default +fi + + + + + + + + + # Check whether --enable-fast-install was given. +if test "${enable_fast_install+set}" = set; then : + enableval=$enable_fast_install; p=${PACKAGE-default} + case $enableval in + yes) enable_fast_install=yes ;; + no) enable_fast_install=no ;; + *) + enable_fast_install=no + # Look at the argument we got. We use all the common list separators. + lt_save_ifs=$IFS; IFS=$IFS$PATH_SEPARATOR, + for pkg in $enableval; do + IFS=$lt_save_ifs + if test "X$pkg" = "X$p"; then + enable_fast_install=yes + fi + done + IFS=$lt_save_ifs + ;; + esac +else + enable_fast_install=yes +fi + + + + + + + + + shared_archive_member_spec= +case $host,$enable_shared in +power*-*-aix[5-9]*,yes) + { $as_echo "$as_me:${as_lineno-$LINENO}: checking which variant of shared library versioning to provide" >&5 +$as_echo_n "checking which variant of shared library versioning to provide... " >&6; } + +# Check whether --with-aix-soname was given. +if test "${with_aix_soname+set}" = set; then : + withval=$with_aix_soname; case $withval in + aix|svr4|both) + ;; + *) + as_fn_error $? "Unknown argument to --with-aix-soname" "$LINENO" 5 + ;; + esac + lt_cv_with_aix_soname=$with_aix_soname +else + if ${lt_cv_with_aix_soname+:} false; then : + $as_echo_n "(cached) " >&6 +else + lt_cv_with_aix_soname=aix +fi + + with_aix_soname=$lt_cv_with_aix_soname +fi + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $with_aix_soname" >&5 +$as_echo "$with_aix_soname" >&6; } + if test aix != "$with_aix_soname"; then + # For the AIX way of multilib, we name the shared archive member + # based on the bitwidth used, traditionally 'shr.o' or 'shr_64.o', + # and 'shr.imp' or 'shr_64.imp', respectively, for the Import File. + # Even when GNU compilers ignore OBJECT_MODE but need '-maix64' flag, + # the AIX toolchain works better with OBJECT_MODE set (default 32). + if test 64 = "${OBJECT_MODE-32}"; then + shared_archive_member_spec=shr_64 + else + shared_archive_member_spec=shr + fi + fi + ;; +*) + with_aix_soname=aix + ;; +esac + + + + + + + + + + +# This can be used to rebuild libtool when needed +LIBTOOL_DEPS=$ltmain + +# Always use our own libtool. +LIBTOOL='$(SHELL) $(top_builddir)/libtool' + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +test -z "$LN_S" && LN_S="ln -s" + + + + + + + + + + + + + + +if test -n "${ZSH_VERSION+set}"; then + setopt NO_GLOB_SUBST +fi + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for objdir" >&5 +$as_echo_n "checking for objdir... " >&6; } +if ${lt_cv_objdir+:} false; then : + $as_echo_n "(cached) " >&6 +else + rm -f .libs 2>/dev/null +mkdir .libs 2>/dev/null +if test -d .libs; then + lt_cv_objdir=.libs +else + # MS-DOS does not allow filenames that begin with a dot. + lt_cv_objdir=_libs +fi +rmdir .libs 2>/dev/null +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_objdir" >&5 +$as_echo "$lt_cv_objdir" >&6; } +objdir=$lt_cv_objdir + + + + + +cat >>confdefs.h <<_ACEOF +#define LT_OBJDIR "$lt_cv_objdir/" +_ACEOF + + + + +case $host_os in +aix3*) + # AIX sometimes has problems with the GCC collect2 program. For some + # reason, if we set the COLLECT_NAMES environment variable, the problems + # vanish in a puff of smoke. + if test set != "${COLLECT_NAMES+set}"; then + COLLECT_NAMES= + export COLLECT_NAMES + fi + ;; +esac + +# Global variables: +ofile=libtool +can_build_shared=yes + +# All known linkers require a '.a' archive for static linking (except MSVC, +# which needs '.lib'). +libext=a + +with_gnu_ld=$lt_cv_prog_gnu_ld + +old_CC=$CC +old_CFLAGS=$CFLAGS + +# Set sane defaults for various variables +test -z "$CC" && CC=cc +test -z "$LTCC" && LTCC=$CC +test -z "$LTCFLAGS" && LTCFLAGS=$CFLAGS +test -z "$LD" && LD=ld +test -z "$ac_objext" && ac_objext=o + +func_cc_basename $compiler +cc_basename=$func_cc_basename_result + + +# Only perform the check for file, if the check method requires it +test -z "$MAGIC_CMD" && MAGIC_CMD=file +case $deplibs_check_method in +file_magic*) + if test "$file_magic_cmd" = '$MAGIC_CMD'; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ${ac_tool_prefix}file" >&5 +$as_echo_n "checking for ${ac_tool_prefix}file... " >&6; } +if ${lt_cv_path_MAGIC_CMD+:} false; then : + $as_echo_n "(cached) " >&6 +else + case $MAGIC_CMD in +[\\/*] | ?:[\\/]*) + lt_cv_path_MAGIC_CMD=$MAGIC_CMD # Let the user override the test with a path. + ;; +*) + lt_save_MAGIC_CMD=$MAGIC_CMD + lt_save_ifs=$IFS; IFS=$PATH_SEPARATOR + ac_dummy="/usr/bin$PATH_SEPARATOR$PATH" + for ac_dir in $ac_dummy; do + IFS=$lt_save_ifs + test -z "$ac_dir" && ac_dir=. + if test -f "$ac_dir/${ac_tool_prefix}file"; then + lt_cv_path_MAGIC_CMD=$ac_dir/"${ac_tool_prefix}file" + if test -n "$file_magic_test_file"; then + case $deplibs_check_method in + "file_magic "*) + file_magic_regex=`expr "$deplibs_check_method" : "file_magic \(.*\)"` + MAGIC_CMD=$lt_cv_path_MAGIC_CMD + if eval $file_magic_cmd \$file_magic_test_file 2> /dev/null | + $EGREP "$file_magic_regex" > /dev/null; then + : + else + cat <<_LT_EOF 1>&2 + +*** Warning: the command libtool uses to detect shared libraries, +*** $file_magic_cmd, produces output that libtool cannot recognize. +*** The result is that libtool may fail to recognize shared libraries +*** as such. This will affect the creation of libtool libraries that +*** depend on shared libraries, but programs linked with such libtool +*** libraries will work regardless of this problem. Nevertheless, you +*** may want to report the problem to your system manager and/or to +*** bug-libtool@gnu.org + +_LT_EOF + fi ;; + esac + fi + break + fi + done + IFS=$lt_save_ifs + MAGIC_CMD=$lt_save_MAGIC_CMD + ;; +esac +fi + +MAGIC_CMD=$lt_cv_path_MAGIC_CMD +if test -n "$MAGIC_CMD"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $MAGIC_CMD" >&5 +$as_echo "$MAGIC_CMD" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + + + + +if test -z "$lt_cv_path_MAGIC_CMD"; then + if test -n "$ac_tool_prefix"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for file" >&5 +$as_echo_n "checking for file... " >&6; } +if ${lt_cv_path_MAGIC_CMD+:} false; then : + $as_echo_n "(cached) " >&6 +else + case $MAGIC_CMD in +[\\/*] | ?:[\\/]*) + lt_cv_path_MAGIC_CMD=$MAGIC_CMD # Let the user override the test with a path. + ;; +*) + lt_save_MAGIC_CMD=$MAGIC_CMD + lt_save_ifs=$IFS; IFS=$PATH_SEPARATOR + ac_dummy="/usr/bin$PATH_SEPARATOR$PATH" + for ac_dir in $ac_dummy; do + IFS=$lt_save_ifs + test -z "$ac_dir" && ac_dir=. + if test -f "$ac_dir/file"; then + lt_cv_path_MAGIC_CMD=$ac_dir/"file" + if test -n "$file_magic_test_file"; then + case $deplibs_check_method in + "file_magic "*) + file_magic_regex=`expr "$deplibs_check_method" : "file_magic \(.*\)"` + MAGIC_CMD=$lt_cv_path_MAGIC_CMD + if eval $file_magic_cmd \$file_magic_test_file 2> /dev/null | + $EGREP "$file_magic_regex" > /dev/null; then + : + else + cat <<_LT_EOF 1>&2 + +*** Warning: the command libtool uses to detect shared libraries, +*** $file_magic_cmd, produces output that libtool cannot recognize. +*** The result is that libtool may fail to recognize shared libraries +*** as such. This will affect the creation of libtool libraries that +*** depend on shared libraries, but programs linked with such libtool +*** libraries will work regardless of this problem. Nevertheless, you +*** may want to report the problem to your system manager and/or to +*** bug-libtool@gnu.org + +_LT_EOF + fi ;; + esac + fi + break + fi + done + IFS=$lt_save_ifs + MAGIC_CMD=$lt_save_MAGIC_CMD + ;; +esac +fi + +MAGIC_CMD=$lt_cv_path_MAGIC_CMD +if test -n "$MAGIC_CMD"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $MAGIC_CMD" >&5 +$as_echo "$MAGIC_CMD" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + + else + MAGIC_CMD=: + fi +fi + + fi + ;; +esac + +# Use C for the default configuration in the libtool script + +lt_save_CC=$CC +ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu + + +# Source file extension for C test sources. +ac_ext=c + +# Object file extension for compiled C test sources. +objext=o +objext=$objext + +# Code to be used in simple compile tests +lt_simple_compile_test_code="int some_variable = 0;" + +# Code to be used in simple link tests +lt_simple_link_test_code='int main(){return(0);}' + + + + + + + +# If no C compiler was specified, use CC. +LTCC=${LTCC-"$CC"} + +# If no C compiler flags were specified, use CFLAGS. +LTCFLAGS=${LTCFLAGS-"$CFLAGS"} + +# Allow CC to be a program name with arguments. +compiler=$CC + +# Save the default compiler, since it gets overwritten when the other +# tags are being tested, and _LT_TAGVAR(compiler, []) is a NOP. +compiler_DEFAULT=$CC + +# save warnings/boilerplate of simple test code +ac_outfile=conftest.$ac_objext +echo "$lt_simple_compile_test_code" >conftest.$ac_ext +eval "$ac_compile" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err +_lt_compiler_boilerplate=`cat conftest.err` +$RM conftest* + +ac_outfile=conftest.$ac_objext +echo "$lt_simple_link_test_code" >conftest.$ac_ext +eval "$ac_link" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err +_lt_linker_boilerplate=`cat conftest.err` +$RM -r conftest* + + +## CAVEAT EMPTOR: +## There is no encapsulation within the following macros, do not change +## the running order or otherwise move them around unless you know exactly +## what you are doing... +if test -n "$compiler"; then + +lt_prog_compiler_no_builtin_flag= + +if test yes = "$GCC"; then + case $cc_basename in + nvcc*) + lt_prog_compiler_no_builtin_flag=' -Xcompiler -fno-builtin' ;; + *) + lt_prog_compiler_no_builtin_flag=' -fno-builtin' ;; + esac + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $compiler supports -fno-rtti -fno-exceptions" >&5 +$as_echo_n "checking if $compiler supports -fno-rtti -fno-exceptions... " >&6; } +if ${lt_cv_prog_compiler_rtti_exceptions+:} false; then : + $as_echo_n "(cached) " >&6 +else + lt_cv_prog_compiler_rtti_exceptions=no + ac_outfile=conftest.$ac_objext + echo "$lt_simple_compile_test_code" > conftest.$ac_ext + lt_compiler_flag="-fno-rtti -fno-exceptions" ## exclude from sc_useless_quotes_in_assignment + # Insert the option either (1) after the last *FLAGS variable, or + # (2) before a word containing "conftest.", or (3) at the end. + # Note that $ac_compile itself does not contain backslashes and begins + # with a dollar sign (not a hyphen), so the echo should work correctly. + # The option is referenced via a variable to avoid confusing sed. + lt_compile=`echo "$ac_compile" | $SED \ + -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ + -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ + -e 's:$: $lt_compiler_flag:'` + (eval echo "\"\$as_me:$LINENO: $lt_compile\"" >&5) + (eval "$lt_compile" 2>conftest.err) + ac_status=$? + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + if (exit $ac_status) && test -s "$ac_outfile"; then + # The compiler can only warn and ignore the option if not recognized + # So say no if there are warnings other than the usual output. + $ECHO "$_lt_compiler_boilerplate" | $SED '/^$/d' >conftest.exp + $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2 + if test ! -s conftest.er2 || diff conftest.exp conftest.er2 >/dev/null; then + lt_cv_prog_compiler_rtti_exceptions=yes + fi + fi + $RM conftest* + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_rtti_exceptions" >&5 +$as_echo "$lt_cv_prog_compiler_rtti_exceptions" >&6; } + +if test yes = "$lt_cv_prog_compiler_rtti_exceptions"; then + lt_prog_compiler_no_builtin_flag="$lt_prog_compiler_no_builtin_flag -fno-rtti -fno-exceptions" +else + : +fi + +fi + + + + + + + lt_prog_compiler_wl= +lt_prog_compiler_pic= +lt_prog_compiler_static= + + + if test yes = "$GCC"; then + lt_prog_compiler_wl='-Wl,' + lt_prog_compiler_static='-static' + + case $host_os in + aix*) + # All AIX code is PIC. + if test ia64 = "$host_cpu"; then + # AIX 5 now supports IA64 processor + lt_prog_compiler_static='-Bstatic' + fi + lt_prog_compiler_pic='-fPIC' + ;; + + amigaos*) + case $host_cpu in + powerpc) + # see comment about AmigaOS4 .so support + lt_prog_compiler_pic='-fPIC' + ;; + m68k) + # FIXME: we need at least 68020 code to build shared libraries, but + # adding the '-m68020' flag to GCC prevents building anything better, + # like '-m68040'. + lt_prog_compiler_pic='-m68020 -resident32 -malways-restore-a4' + ;; + esac + ;; + + beos* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*) + # PIC is the default for these OSes. + ;; + + mingw* | cygwin* | pw32* | os2* | cegcc*) + # This hack is so that the source file can tell whether it is being + # built for inclusion in a dll (and should export symbols for example). + # Although the cygwin gcc ignores -fPIC, still need this for old-style + # (--disable-auto-import) libraries + lt_prog_compiler_pic='-DDLL_EXPORT' + case $host_os in + os2*) + lt_prog_compiler_static='$wl-static' + ;; + esac + ;; + + darwin* | rhapsody*) + # PIC is the default on this platform + # Common symbols not allowed in MH_DYLIB files + lt_prog_compiler_pic='-fno-common' + ;; + + haiku*) + # PIC is the default for Haiku. + # The "-static" flag exists, but is broken. + lt_prog_compiler_static= + ;; + + hpux*) + # PIC is the default for 64-bit PA HP-UX, but not for 32-bit + # PA HP-UX. On IA64 HP-UX, PIC is the default but the pic flag + # sets the default TLS model and affects inlining. + case $host_cpu in + hppa*64*) + # +Z the default + ;; + *) + lt_prog_compiler_pic='-fPIC' + ;; + esac + ;; + + interix[3-9]*) + # Interix 3.x gcc -fpic/-fPIC options generate broken code. + # Instead, we relocate shared libraries at runtime. + ;; + + msdosdjgpp*) + # Just because we use GCC doesn't mean we suddenly get shared libraries + # on systems that don't support them. + lt_prog_compiler_can_build_shared=no + enable_shared=no + ;; + + *nto* | *qnx*) + # QNX uses GNU C++, but need to define -shared option too, otherwise + # it will coredump. + lt_prog_compiler_pic='-fPIC -shared' + ;; + + sysv4*MP*) + if test -d /usr/nec; then + lt_prog_compiler_pic=-Kconform_pic + fi + ;; + + *) + lt_prog_compiler_pic='-fPIC' + ;; + esac + + case $cc_basename in + nvcc*) # Cuda Compiler Driver 2.2 + lt_prog_compiler_wl='-Xlinker ' + if test -n "$lt_prog_compiler_pic"; then + lt_prog_compiler_pic="-Xcompiler $lt_prog_compiler_pic" + fi + ;; + esac + else + # PORTME Check for flag to pass linker flags through the system compiler. + case $host_os in + aix*) + lt_prog_compiler_wl='-Wl,' + if test ia64 = "$host_cpu"; then + # AIX 5 now supports IA64 processor + lt_prog_compiler_static='-Bstatic' + else + lt_prog_compiler_static='-bnso -bI:/lib/syscalls.exp' + fi + ;; + + darwin* | rhapsody*) + # PIC is the default on this platform + # Common symbols not allowed in MH_DYLIB files + lt_prog_compiler_pic='-fno-common' + case $cc_basename in + nagfor*) + # NAG Fortran compiler + lt_prog_compiler_wl='-Wl,-Wl,,' + lt_prog_compiler_pic='-PIC' + lt_prog_compiler_static='-Bstatic' + ;; + esac + ;; + + mingw* | cygwin* | pw32* | os2* | cegcc*) + # This hack is so that the source file can tell whether it is being + # built for inclusion in a dll (and should export symbols for example). + lt_prog_compiler_pic='-DDLL_EXPORT' + case $host_os in + os2*) + lt_prog_compiler_static='$wl-static' + ;; + esac + ;; + + hpux9* | hpux10* | hpux11*) + lt_prog_compiler_wl='-Wl,' + # PIC is the default for IA64 HP-UX and 64-bit HP-UX, but + # not for PA HP-UX. + case $host_cpu in + hppa*64*|ia64*) + # +Z the default + ;; + *) + lt_prog_compiler_pic='+Z' + ;; + esac + # Is there a better lt_prog_compiler_static that works with the bundled CC? + lt_prog_compiler_static='$wl-a ${wl}archive' + ;; + + irix5* | irix6* | nonstopux*) + lt_prog_compiler_wl='-Wl,' + # PIC (with -KPIC) is the default. + lt_prog_compiler_static='-non_shared' + ;; + + linux* | k*bsd*-gnu | kopensolaris*-gnu | gnu*) + case $cc_basename in + # old Intel for x86_64, which still supported -KPIC. + ecc*) + lt_prog_compiler_wl='-Wl,' + lt_prog_compiler_pic='-KPIC' + lt_prog_compiler_static='-static' + ;; + # icc used to be incompatible with GCC. + # ICC 10 doesn't accept -KPIC any more. + icc* | ifort*) + lt_prog_compiler_wl='-Wl,' + lt_prog_compiler_pic='-fPIC' + lt_prog_compiler_static='-static' + ;; + # Lahey Fortran 8.1. + lf95*) + lt_prog_compiler_wl='-Wl,' + lt_prog_compiler_pic='--shared' + lt_prog_compiler_static='--static' + ;; + nagfor*) + # NAG Fortran compiler + lt_prog_compiler_wl='-Wl,-Wl,,' + lt_prog_compiler_pic='-PIC' + lt_prog_compiler_static='-Bstatic' + ;; + tcc*) + # Fabrice Bellard et al's Tiny C Compiler + lt_prog_compiler_wl='-Wl,' + lt_prog_compiler_pic='-fPIC' + lt_prog_compiler_static='-static' + ;; + pgcc* | pgf77* | pgf90* | pgf95* | pgfortran*) + # Portland Group compilers (*not* the Pentium gcc compiler, + # which looks to be a dead project) + lt_prog_compiler_wl='-Wl,' + lt_prog_compiler_pic='-fpic' + lt_prog_compiler_static='-Bstatic' + ;; + ccc*) + lt_prog_compiler_wl='-Wl,' + # All Alpha code is PIC. + lt_prog_compiler_static='-non_shared' + ;; + xl* | bgxl* | bgf* | mpixl*) + # IBM XL C 8.0/Fortran 10.1, 11.1 on PPC and BlueGene + lt_prog_compiler_wl='-Wl,' + lt_prog_compiler_pic='-qpic' + lt_prog_compiler_static='-qstaticlink' + ;; + *) + case `$CC -V 2>&1 | sed 5q` in + *Sun\ Ceres\ Fortran* | *Sun*Fortran*\ [1-7].* | *Sun*Fortran*\ 8.[0-3]*) + # Sun Fortran 8.3 passes all unrecognized flags to the linker + lt_prog_compiler_pic='-KPIC' + lt_prog_compiler_static='-Bstatic' + lt_prog_compiler_wl='' + ;; + *Sun\ F* | *Sun*Fortran*) + lt_prog_compiler_pic='-KPIC' + lt_prog_compiler_static='-Bstatic' + lt_prog_compiler_wl='-Qoption ld ' + ;; + *Sun\ C*) + # Sun C 5.9 + lt_prog_compiler_pic='-KPIC' + lt_prog_compiler_static='-Bstatic' + lt_prog_compiler_wl='-Wl,' + ;; + *Intel*\ [CF]*Compiler*) + lt_prog_compiler_wl='-Wl,' + lt_prog_compiler_pic='-fPIC' + lt_prog_compiler_static='-static' + ;; + *Portland\ Group*) + lt_prog_compiler_wl='-Wl,' + lt_prog_compiler_pic='-fpic' + lt_prog_compiler_static='-Bstatic' + ;; + esac + ;; + esac + ;; + + newsos6) + lt_prog_compiler_pic='-KPIC' + lt_prog_compiler_static='-Bstatic' + ;; + + *nto* | *qnx*) + # QNX uses GNU C++, but need to define -shared option too, otherwise + # it will coredump. + lt_prog_compiler_pic='-fPIC -shared' + ;; + + osf3* | osf4* | osf5*) + lt_prog_compiler_wl='-Wl,' + # All OSF/1 code is PIC. + lt_prog_compiler_static='-non_shared' + ;; + + rdos*) + lt_prog_compiler_static='-non_shared' + ;; + + solaris*) + lt_prog_compiler_pic='-KPIC' + lt_prog_compiler_static='-Bstatic' + case $cc_basename in + f77* | f90* | f95* | sunf77* | sunf90* | sunf95*) + lt_prog_compiler_wl='-Qoption ld ';; + *) + lt_prog_compiler_wl='-Wl,';; + esac + ;; + + sunos4*) + lt_prog_compiler_wl='-Qoption ld ' + lt_prog_compiler_pic='-PIC' + lt_prog_compiler_static='-Bstatic' + ;; + + sysv4 | sysv4.2uw2* | sysv4.3*) + lt_prog_compiler_wl='-Wl,' + lt_prog_compiler_pic='-KPIC' + lt_prog_compiler_static='-Bstatic' + ;; + + sysv4*MP*) + if test -d /usr/nec; then + lt_prog_compiler_pic='-Kconform_pic' + lt_prog_compiler_static='-Bstatic' + fi + ;; + + sysv5* | unixware* | sco3.2v5* | sco5v6* | OpenUNIX*) + lt_prog_compiler_wl='-Wl,' + lt_prog_compiler_pic='-KPIC' + lt_prog_compiler_static='-Bstatic' + ;; + + unicos*) + lt_prog_compiler_wl='-Wl,' + lt_prog_compiler_can_build_shared=no + ;; + + uts4*) + lt_prog_compiler_pic='-pic' + lt_prog_compiler_static='-Bstatic' + ;; + + *) + lt_prog_compiler_can_build_shared=no + ;; + esac + fi + +case $host_os in + # For platforms that do not support PIC, -DPIC is meaningless: + *djgpp*) + lt_prog_compiler_pic= + ;; + *) + lt_prog_compiler_pic="$lt_prog_compiler_pic -DPIC" + ;; +esac + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $compiler option to produce PIC" >&5 +$as_echo_n "checking for $compiler option to produce PIC... " >&6; } +if ${lt_cv_prog_compiler_pic+:} false; then : + $as_echo_n "(cached) " >&6 +else + lt_cv_prog_compiler_pic=$lt_prog_compiler_pic +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_pic" >&5 +$as_echo "$lt_cv_prog_compiler_pic" >&6; } +lt_prog_compiler_pic=$lt_cv_prog_compiler_pic + +# +# Check to make sure the PIC flag actually works. +# +if test -n "$lt_prog_compiler_pic"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $compiler PIC flag $lt_prog_compiler_pic works" >&5 +$as_echo_n "checking if $compiler PIC flag $lt_prog_compiler_pic works... " >&6; } +if ${lt_cv_prog_compiler_pic_works+:} false; then : + $as_echo_n "(cached) " >&6 +else + lt_cv_prog_compiler_pic_works=no + ac_outfile=conftest.$ac_objext + echo "$lt_simple_compile_test_code" > conftest.$ac_ext + lt_compiler_flag="$lt_prog_compiler_pic -DPIC" ## exclude from sc_useless_quotes_in_assignment + # Insert the option either (1) after the last *FLAGS variable, or + # (2) before a word containing "conftest.", or (3) at the end. + # Note that $ac_compile itself does not contain backslashes and begins + # with a dollar sign (not a hyphen), so the echo should work correctly. + # The option is referenced via a variable to avoid confusing sed. + lt_compile=`echo "$ac_compile" | $SED \ + -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ + -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ + -e 's:$: $lt_compiler_flag:'` + (eval echo "\"\$as_me:$LINENO: $lt_compile\"" >&5) + (eval "$lt_compile" 2>conftest.err) + ac_status=$? + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + if (exit $ac_status) && test -s "$ac_outfile"; then + # The compiler can only warn and ignore the option if not recognized + # So say no if there are warnings other than the usual output. + $ECHO "$_lt_compiler_boilerplate" | $SED '/^$/d' >conftest.exp + $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2 + if test ! -s conftest.er2 || diff conftest.exp conftest.er2 >/dev/null; then + lt_cv_prog_compiler_pic_works=yes + fi + fi + $RM conftest* + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_pic_works" >&5 +$as_echo "$lt_cv_prog_compiler_pic_works" >&6; } + +if test yes = "$lt_cv_prog_compiler_pic_works"; then + case $lt_prog_compiler_pic in + "" | " "*) ;; + *) lt_prog_compiler_pic=" $lt_prog_compiler_pic" ;; + esac +else + lt_prog_compiler_pic= + lt_prog_compiler_can_build_shared=no +fi + +fi + + + + + + + + + + + +# +# Check to make sure the static flag actually works. +# +wl=$lt_prog_compiler_wl eval lt_tmp_static_flag=\"$lt_prog_compiler_static\" +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if $compiler static flag $lt_tmp_static_flag works" >&5 +$as_echo_n "checking if $compiler static flag $lt_tmp_static_flag works... " >&6; } +if ${lt_cv_prog_compiler_static_works+:} false; then : + $as_echo_n "(cached) " >&6 +else + lt_cv_prog_compiler_static_works=no + save_LDFLAGS=$LDFLAGS + LDFLAGS="$LDFLAGS $lt_tmp_static_flag" + echo "$lt_simple_link_test_code" > conftest.$ac_ext + if (eval $ac_link 2>conftest.err) && test -s conftest$ac_exeext; then + # The linker can only warn and ignore the option if not recognized + # So say no if there are warnings + if test -s conftest.err; then + # Append any errors to the config.log. + cat conftest.err 1>&5 + $ECHO "$_lt_linker_boilerplate" | $SED '/^$/d' > conftest.exp + $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2 + if diff conftest.exp conftest.er2 >/dev/null; then + lt_cv_prog_compiler_static_works=yes + fi + else + lt_cv_prog_compiler_static_works=yes + fi + fi + $RM -r conftest* + LDFLAGS=$save_LDFLAGS + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_static_works" >&5 +$as_echo "$lt_cv_prog_compiler_static_works" >&6; } + +if test yes = "$lt_cv_prog_compiler_static_works"; then + : +else + lt_prog_compiler_static= +fi + + + + + + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $compiler supports -c -o file.$ac_objext" >&5 +$as_echo_n "checking if $compiler supports -c -o file.$ac_objext... " >&6; } +if ${lt_cv_prog_compiler_c_o+:} false; then : + $as_echo_n "(cached) " >&6 +else + lt_cv_prog_compiler_c_o=no + $RM -r conftest 2>/dev/null + mkdir conftest + cd conftest + mkdir out + echo "$lt_simple_compile_test_code" > conftest.$ac_ext + + lt_compiler_flag="-o out/conftest2.$ac_objext" + # Insert the option either (1) after the last *FLAGS variable, or + # (2) before a word containing "conftest.", or (3) at the end. + # Note that $ac_compile itself does not contain backslashes and begins + # with a dollar sign (not a hyphen), so the echo should work correctly. + lt_compile=`echo "$ac_compile" | $SED \ + -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ + -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ + -e 's:$: $lt_compiler_flag:'` + (eval echo "\"\$as_me:$LINENO: $lt_compile\"" >&5) + (eval "$lt_compile" 2>out/conftest.err) + ac_status=$? + cat out/conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + if (exit $ac_status) && test -s out/conftest2.$ac_objext + then + # The compiler can only warn and ignore the option if not recognized + # So say no if there are warnings + $ECHO "$_lt_compiler_boilerplate" | $SED '/^$/d' > out/conftest.exp + $SED '/^$/d; /^ *+/d' out/conftest.err >out/conftest.er2 + if test ! -s out/conftest.er2 || diff out/conftest.exp out/conftest.er2 >/dev/null; then + lt_cv_prog_compiler_c_o=yes + fi + fi + chmod u+w . 2>&5 + $RM conftest* + # SGI C++ compiler will create directory out/ii_files/ for + # template instantiation + test -d out/ii_files && $RM out/ii_files/* && rmdir out/ii_files + $RM out/* && rmdir out + cd .. + $RM -r conftest + $RM conftest* + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_c_o" >&5 +$as_echo "$lt_cv_prog_compiler_c_o" >&6; } + + + + + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $compiler supports -c -o file.$ac_objext" >&5 +$as_echo_n "checking if $compiler supports -c -o file.$ac_objext... " >&6; } +if ${lt_cv_prog_compiler_c_o+:} false; then : + $as_echo_n "(cached) " >&6 +else + lt_cv_prog_compiler_c_o=no + $RM -r conftest 2>/dev/null + mkdir conftest + cd conftest + mkdir out + echo "$lt_simple_compile_test_code" > conftest.$ac_ext + + lt_compiler_flag="-o out/conftest2.$ac_objext" + # Insert the option either (1) after the last *FLAGS variable, or + # (2) before a word containing "conftest.", or (3) at the end. + # Note that $ac_compile itself does not contain backslashes and begins + # with a dollar sign (not a hyphen), so the echo should work correctly. + lt_compile=`echo "$ac_compile" | $SED \ + -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ + -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ + -e 's:$: $lt_compiler_flag:'` + (eval echo "\"\$as_me:$LINENO: $lt_compile\"" >&5) + (eval "$lt_compile" 2>out/conftest.err) + ac_status=$? + cat out/conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + if (exit $ac_status) && test -s out/conftest2.$ac_objext + then + # The compiler can only warn and ignore the option if not recognized + # So say no if there are warnings + $ECHO "$_lt_compiler_boilerplate" | $SED '/^$/d' > out/conftest.exp + $SED '/^$/d; /^ *+/d' out/conftest.err >out/conftest.er2 + if test ! -s out/conftest.er2 || diff out/conftest.exp out/conftest.er2 >/dev/null; then + lt_cv_prog_compiler_c_o=yes + fi + fi + chmod u+w . 2>&5 + $RM conftest* + # SGI C++ compiler will create directory out/ii_files/ for + # template instantiation + test -d out/ii_files && $RM out/ii_files/* && rmdir out/ii_files + $RM out/* && rmdir out + cd .. + $RM -r conftest + $RM conftest* + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_c_o" >&5 +$as_echo "$lt_cv_prog_compiler_c_o" >&6; } + + + + +hard_links=nottested +if test no = "$lt_cv_prog_compiler_c_o" && test no != "$need_locks"; then + # do not overwrite the value of need_locks provided by the user + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if we can lock with hard links" >&5 +$as_echo_n "checking if we can lock with hard links... " >&6; } + hard_links=yes + $RM conftest* + ln conftest.a conftest.b 2>/dev/null && hard_links=no + touch conftest.a + ln conftest.a conftest.b 2>&5 || hard_links=no + ln conftest.a conftest.b 2>/dev/null && hard_links=no + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $hard_links" >&5 +$as_echo "$hard_links" >&6; } + if test no = "$hard_links"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: '$CC' does not support '-c -o', so 'make -j' may be unsafe" >&5 +$as_echo "$as_me: WARNING: '$CC' does not support '-c -o', so 'make -j' may be unsafe" >&2;} + need_locks=warn + fi +else + need_locks=no +fi + + + + + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the $compiler linker ($LD) supports shared libraries" >&5 +$as_echo_n "checking whether the $compiler linker ($LD) supports shared libraries... " >&6; } + + runpath_var= + allow_undefined_flag= + always_export_symbols=no + archive_cmds= + archive_expsym_cmds= + compiler_needs_object=no + enable_shared_with_static_runtimes=no + export_dynamic_flag_spec= + export_symbols_cmds='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols' + hardcode_automatic=no + hardcode_direct=no + hardcode_direct_absolute=no + hardcode_libdir_flag_spec= + hardcode_libdir_separator= + hardcode_minus_L=no + hardcode_shlibpath_var=unsupported + inherit_rpath=no + link_all_deplibs=unknown + module_cmds= + module_expsym_cmds= + old_archive_from_new_cmds= + old_archive_from_expsyms_cmds= + thread_safe_flag_spec= + whole_archive_flag_spec= + # include_expsyms should be a list of space-separated symbols to be *always* + # included in the symbol list + include_expsyms= + # exclude_expsyms can be an extended regexp of symbols to exclude + # it will be wrapped by ' (' and ')$', so one must not match beginning or + # end of line. Example: 'a|bc|.*d.*' will exclude the symbols 'a' and 'bc', + # as well as any symbol that contains 'd'. + exclude_expsyms='_GLOBAL_OFFSET_TABLE_|_GLOBAL__F[ID]_.*' + # Although _GLOBAL_OFFSET_TABLE_ is a valid symbol C name, most a.out + # platforms (ab)use it in PIC code, but their linkers get confused if + # the symbol is explicitly referenced. Since portable code cannot + # rely on this symbol name, it's probably fine to never include it in + # preloaded symbol tables. + # Exclude shared library initialization/finalization symbols. + extract_expsyms_cmds= + + case $host_os in + cygwin* | mingw* | pw32* | cegcc*) + # FIXME: the MSVC++ port hasn't been tested in a loooong time + # When not using gcc, we currently assume that we are using + # Microsoft Visual C++. + if test yes != "$GCC"; then + with_gnu_ld=no + fi + ;; + interix*) + # we just hope/assume this is gcc and not c89 (= MSVC++) + with_gnu_ld=yes + ;; + openbsd* | bitrig*) + with_gnu_ld=no + ;; + linux* | k*bsd*-gnu | gnu*) + link_all_deplibs=no + ;; + esac + + ld_shlibs=yes + + # On some targets, GNU ld is compatible enough with the native linker + # that we're better off using the native interface for both. + lt_use_gnu_ld_interface=no + if test yes = "$with_gnu_ld"; then + case $host_os in + aix*) + # The AIX port of GNU ld has always aspired to compatibility + # with the native linker. However, as the warning in the GNU ld + # block says, versions before 2.19.5* couldn't really create working + # shared libraries, regardless of the interface used. + case `$LD -v 2>&1` in + *\ \(GNU\ Binutils\)\ 2.19.5*) ;; + *\ \(GNU\ Binutils\)\ 2.[2-9]*) ;; + *\ \(GNU\ Binutils\)\ [3-9]*) ;; + *) + lt_use_gnu_ld_interface=yes + ;; + esac + ;; + *) + lt_use_gnu_ld_interface=yes + ;; + esac + fi + + if test yes = "$lt_use_gnu_ld_interface"; then + # If archive_cmds runs LD, not CC, wlarc should be empty + wlarc='$wl' + + # Set some defaults for GNU ld with shared library support. These + # are reset later if shared libraries are not supported. Putting them + # here allows them to be overridden if necessary. + runpath_var=LD_RUN_PATH + hardcode_libdir_flag_spec='$wl-rpath $wl$libdir' + export_dynamic_flag_spec='$wl--export-dynamic' + # ancient GNU ld didn't support --whole-archive et. al. + if $LD --help 2>&1 | $GREP 'no-whole-archive' > /dev/null; then + whole_archive_flag_spec=$wlarc'--whole-archive$convenience '$wlarc'--no-whole-archive' + else + whole_archive_flag_spec= + fi + supports_anon_versioning=no + case `$LD -v | $SED -e 's/(^)\+)\s\+//' 2>&1` in + *GNU\ gold*) supports_anon_versioning=yes ;; + *\ [01].* | *\ 2.[0-9].* | *\ 2.10.*) ;; # catch versions < 2.11 + *\ 2.11.93.0.2\ *) supports_anon_versioning=yes ;; # RH7.3 ... + *\ 2.11.92.0.12\ *) supports_anon_versioning=yes ;; # Mandrake 8.2 ... + *\ 2.11.*) ;; # other 2.11 versions + *) supports_anon_versioning=yes ;; + esac + + # See if GNU ld supports shared libraries. + case $host_os in + aix[3-9]*) + # On AIX/PPC, the GNU linker is very broken + if test ia64 != "$host_cpu"; then + ld_shlibs=no + cat <<_LT_EOF 1>&2 + +*** Warning: the GNU linker, at least up to release 2.19, is reported +*** to be unable to reliably create shared libraries on AIX. +*** Therefore, libtool is disabling shared libraries support. If you +*** really care for shared libraries, you may want to install binutils +*** 2.20 or above, or modify your PATH so that a non-GNU linker is found. +*** You will then need to restart the configuration process. + +_LT_EOF + fi + ;; + + amigaos*) + case $host_cpu in + powerpc) + # see comment about AmigaOS4 .so support + archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib' + archive_expsym_cmds='' + ;; + m68k) + archive_cmds='$RM $output_objdir/a2ixlibrary.data~$ECHO "#define NAME $libname" > $output_objdir/a2ixlibrary.data~$ECHO "#define LIBRARY_ID 1" >> $output_objdir/a2ixlibrary.data~$ECHO "#define VERSION $major" >> $output_objdir/a2ixlibrary.data~$ECHO "#define REVISION $revision" >> $output_objdir/a2ixlibrary.data~$AR $AR_FLAGS $lib $libobjs~$RANLIB $lib~(cd $output_objdir && a2ixlibrary -32)' + hardcode_libdir_flag_spec='-L$libdir' + hardcode_minus_L=yes + ;; + esac + ;; + + beos*) + if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then + allow_undefined_flag=unsupported + # Joseph Beckenbach says some releases of gcc + # support --undefined. This deserves some investigation. FIXME + archive_cmds='$CC -nostart $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib' + else + ld_shlibs=no + fi + ;; + + cygwin* | mingw* | pw32* | cegcc*) + # _LT_TAGVAR(hardcode_libdir_flag_spec, ) is actually meaningless, + # as there is no search path for DLLs. + hardcode_libdir_flag_spec='-L$libdir' + export_dynamic_flag_spec='$wl--export-all-symbols' + allow_undefined_flag=unsupported + always_export_symbols=no + enable_shared_with_static_runtimes=yes + export_symbols_cmds='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[BCDGRS][ ]/s/.*[ ]\([^ ]*\)/\1 DATA/;s/^.*[ ]__nm__\([^ ]*\)[ ][^ ]*/\1 DATA/;/^I[ ]/d;/^[AITW][ ]/s/.* //'\'' | sort | uniq > $export_symbols' + exclude_expsyms='[_]+GLOBAL_OFFSET_TABLE_|[_]+GLOBAL__[FID]_.*|[_]+head_[A-Za-z0-9_]+_dll|[A-Za-z0-9_]+_dll_iname' + + if $LD --help 2>&1 | $GREP 'auto-import' > /dev/null; then + archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags -o $output_objdir/$soname $wl--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib' + # If the export-symbols file already is a .def file, use it as + # is; otherwise, prepend EXPORTS... + archive_expsym_cmds='if test DEF = "`$SED -n -e '\''s/^[ ]*//'\'' -e '\''/^\(;.*\)*$/d'\'' -e '\''s/^\(EXPORTS\|LIBRARY\)\([ ].*\)*$/DEF/p'\'' -e q $export_symbols`" ; then + cp $export_symbols $output_objdir/$soname.def; + else + echo EXPORTS > $output_objdir/$soname.def; + cat $export_symbols >> $output_objdir/$soname.def; + fi~ + $CC -shared $output_objdir/$soname.def $libobjs $deplibs $compiler_flags -o $output_objdir/$soname $wl--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib' + else + ld_shlibs=no + fi + ;; + + haiku*) + archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib' + link_all_deplibs=yes + ;; + + os2*) + hardcode_libdir_flag_spec='-L$libdir' + hardcode_minus_L=yes + allow_undefined_flag=unsupported + shrext_cmds=.dll + archive_cmds='$ECHO "LIBRARY ${soname%$shared_ext} INITINSTANCE TERMINSTANCE" > $output_objdir/$libname.def~ + $ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~ + $ECHO "DATA MULTIPLE NONSHARED" >> $output_objdir/$libname.def~ + $ECHO EXPORTS >> $output_objdir/$libname.def~ + emxexp $libobjs | $SED /"_DLL_InitTerm"/d >> $output_objdir/$libname.def~ + $CC -Zdll -Zcrtdll -o $output_objdir/$soname $libobjs $deplibs $compiler_flags $output_objdir/$libname.def~ + emximp -o $lib $output_objdir/$libname.def' + archive_expsym_cmds='$ECHO "LIBRARY ${soname%$shared_ext} INITINSTANCE TERMINSTANCE" > $output_objdir/$libname.def~ + $ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~ + $ECHO "DATA MULTIPLE NONSHARED" >> $output_objdir/$libname.def~ + $ECHO EXPORTS >> $output_objdir/$libname.def~ + prefix_cmds="$SED"~ + if test EXPORTS = "`$SED 1q $export_symbols`"; then + prefix_cmds="$prefix_cmds -e 1d"; + fi~ + prefix_cmds="$prefix_cmds -e \"s/^\(.*\)$/_\1/g\""~ + cat $export_symbols | $prefix_cmds >> $output_objdir/$libname.def~ + $CC -Zdll -Zcrtdll -o $output_objdir/$soname $libobjs $deplibs $compiler_flags $output_objdir/$libname.def~ + emximp -o $lib $output_objdir/$libname.def' + old_archive_From_new_cmds='emximp -o $output_objdir/${libname}_dll.a $output_objdir/$libname.def' + enable_shared_with_static_runtimes=yes + ;; + + interix[3-9]*) + hardcode_direct=no + hardcode_shlibpath_var=no + hardcode_libdir_flag_spec='$wl-rpath,$libdir' + export_dynamic_flag_spec='$wl-E' + # Hack: On Interix 3.x, we cannot compile PIC because of a broken gcc. + # Instead, shared libraries are loaded at an image base (0x10000000 by + # default) and relocated if they conflict, which is a slow very memory + # consuming and fragmenting process. To avoid this, we pick a random, + # 256 KiB-aligned image base between 0x50000000 and 0x6FFC0000 at link + # time. Moving up from 0x10000000 also allows more sbrk(2) space. + archive_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-h,$soname $wl--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib' + archive_expsym_cmds='sed "s|^|_|" $export_symbols >$output_objdir/$soname.expsym~$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-h,$soname $wl--retain-symbols-file,$output_objdir/$soname.expsym $wl--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib' + ;; + + gnu* | linux* | tpf* | k*bsd*-gnu | kopensolaris*-gnu) + tmp_diet=no + if test linux-dietlibc = "$host_os"; then + case $cc_basename in + diet\ *) tmp_diet=yes;; # linux-dietlibc with static linking (!diet-dyn) + esac + fi + if $LD --help 2>&1 | $EGREP ': supported targets:.* elf' > /dev/null \ + && test no = "$tmp_diet" + then + tmp_addflag=' $pic_flag' + tmp_sharedflag='-shared' + case $cc_basename,$host_cpu in + pgcc*) # Portland Group C compiler + whole_archive_flag_spec='$wl--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` $wl--no-whole-archive' + tmp_addflag=' $pic_flag' + ;; + pgf77* | pgf90* | pgf95* | pgfortran*) + # Portland Group f77 and f90 compilers + whole_archive_flag_spec='$wl--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` $wl--no-whole-archive' + tmp_addflag=' $pic_flag -Mnomain' ;; + ecc*,ia64* | icc*,ia64*) # Intel C compiler on ia64 + tmp_addflag=' -i_dynamic' ;; + efc*,ia64* | ifort*,ia64*) # Intel Fortran compiler on ia64 + tmp_addflag=' -i_dynamic -nofor_main' ;; + ifc* | ifort*) # Intel Fortran compiler + tmp_addflag=' -nofor_main' ;; + lf95*) # Lahey Fortran 8.1 + whole_archive_flag_spec= + tmp_sharedflag='--shared' ;; + nagfor*) # NAGFOR 5.3 + tmp_sharedflag='-Wl,-shared' ;; + xl[cC]* | bgxl[cC]* | mpixl[cC]*) # IBM XL C 8.0 on PPC (deal with xlf below) + tmp_sharedflag='-qmkshrobj' + tmp_addflag= ;; + nvcc*) # Cuda Compiler Driver 2.2 + whole_archive_flag_spec='$wl--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` $wl--no-whole-archive' + compiler_needs_object=yes + ;; + esac + case `$CC -V 2>&1 | sed 5q` in + *Sun\ C*) # Sun C 5.9 + whole_archive_flag_spec='$wl--whole-archive`new_convenience=; for conv in $convenience\"\"; do test -z \"$conv\" || new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` $wl--no-whole-archive' + compiler_needs_object=yes + tmp_sharedflag='-G' ;; + *Sun\ F*) # Sun Fortran 8.3 + tmp_sharedflag='-G' ;; + esac + archive_cmds='$CC '"$tmp_sharedflag""$tmp_addflag"' $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib' + + if test yes = "$supports_anon_versioning"; then + archive_expsym_cmds='echo "{ global:" > $output_objdir/$libname.ver~ + cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~ + echo "local: *; };" >> $output_objdir/$libname.ver~ + $CC '"$tmp_sharedflag""$tmp_addflag"' $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-version-script $wl$output_objdir/$libname.ver -o $lib' + fi + + case $cc_basename in + tcc*) + export_dynamic_flag_spec='-rdynamic' + ;; + xlf* | bgf* | bgxlf* | mpixlf*) + # IBM XL Fortran 10.1 on PPC cannot create shared libs itself + whole_archive_flag_spec='--whole-archive$convenience --no-whole-archive' + hardcode_libdir_flag_spec='$wl-rpath $wl$libdir' + archive_cmds='$LD -shared $libobjs $deplibs $linker_flags -soname $soname -o $lib' + if test yes = "$supports_anon_versioning"; then + archive_expsym_cmds='echo "{ global:" > $output_objdir/$libname.ver~ + cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~ + echo "local: *; };" >> $output_objdir/$libname.ver~ + $LD -shared $libobjs $deplibs $linker_flags -soname $soname -version-script $output_objdir/$libname.ver -o $lib' + fi + ;; + esac + else + ld_shlibs=no + fi + ;; + + netbsd* | netbsdelf*-gnu) + if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then + archive_cmds='$LD -Bshareable $libobjs $deplibs $linker_flags -o $lib' + wlarc= + else + archive_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib' + archive_expsym_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib' + fi + ;; + + solaris*) + if $LD -v 2>&1 | $GREP 'BFD 2\.8' > /dev/null; then + ld_shlibs=no + cat <<_LT_EOF 1>&2 + +*** Warning: The releases 2.8.* of the GNU linker cannot reliably +*** create shared libraries on Solaris systems. Therefore, libtool +*** is disabling shared libraries support. We urge you to upgrade GNU +*** binutils to release 2.9.1 or newer. Another option is to modify +*** your PATH or compiler configuration so that the native linker is +*** used, and then restart. + +_LT_EOF + elif $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then + archive_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib' + archive_expsym_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib' + else + ld_shlibs=no + fi + ;; + + sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX*) + case `$LD -v 2>&1` in + *\ [01].* | *\ 2.[0-9].* | *\ 2.1[0-5].*) + ld_shlibs=no + cat <<_LT_EOF 1>&2 + +*** Warning: Releases of the GNU linker prior to 2.16.91.0.3 cannot +*** reliably create shared libraries on SCO systems. Therefore, libtool +*** is disabling shared libraries support. We urge you to upgrade GNU +*** binutils to release 2.16.91.0.3 or newer. Another option is to modify +*** your PATH or compiler configuration so that the native linker is +*** used, and then restart. + +_LT_EOF + ;; + *) + # For security reasons, it is highly recommended that you always + # use absolute paths for naming shared libraries, and exclude the + # DT_RUNPATH tag from executables and libraries. But doing so + # requires that you compile everything twice, which is a pain. + if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then + hardcode_libdir_flag_spec='$wl-rpath $wl$libdir' + archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib' + archive_expsym_cmds='$CC -shared $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib' + else + ld_shlibs=no + fi + ;; + esac + ;; + + sunos4*) + archive_cmds='$LD -assert pure-text -Bshareable -o $lib $libobjs $deplibs $linker_flags' + wlarc= + hardcode_direct=yes + hardcode_shlibpath_var=no + ;; + + *) + if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then + archive_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib' + archive_expsym_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib' + else + ld_shlibs=no + fi + ;; + esac + + if test no = "$ld_shlibs"; then + runpath_var= + hardcode_libdir_flag_spec= + export_dynamic_flag_spec= + whole_archive_flag_spec= + fi + else + # PORTME fill in a description of your system's linker (not GNU ld) + case $host_os in + aix3*) + allow_undefined_flag=unsupported + always_export_symbols=yes + archive_expsym_cmds='$LD -o $output_objdir/$soname $libobjs $deplibs $linker_flags -bE:$export_symbols -T512 -H512 -bM:SRE~$AR $AR_FLAGS $lib $output_objdir/$soname' + # Note: this linker hardcodes the directories in LIBPATH if there + # are no directories specified by -L. + hardcode_minus_L=yes + if test yes = "$GCC" && test -z "$lt_prog_compiler_static"; then + # Neither direct hardcoding nor static linking is supported with a + # broken collect2. + hardcode_direct=unsupported + fi + ;; + + aix[4-9]*) + if test ia64 = "$host_cpu"; then + # On IA64, the linker does run time linking by default, so we don't + # have to do anything special. + aix_use_runtimelinking=no + exp_sym_flag='-Bexport' + no_entry_flag= + else + # If we're using GNU nm, then we don't want the "-C" option. + # -C means demangle to GNU nm, but means don't demangle to AIX nm. + # Without the "-l" option, or with the "-B" option, AIX nm treats + # weak defined symbols like other global defined symbols, whereas + # GNU nm marks them as "W". + # While the 'weak' keyword is ignored in the Export File, we need + # it in the Import File for the 'aix-soname' feature, so we have + # to replace the "-B" option with "-P" for AIX nm. + if $NM -V 2>&1 | $GREP 'GNU' > /dev/null; then + export_symbols_cmds='$NM -Bpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "W")) && (substr(\$ 3,1,1) != ".")) { if (\$ 2 == "W") { print \$ 3 " weak" } else { print \$ 3 } } }'\'' | sort -u > $export_symbols' + else + export_symbols_cmds='`func_echo_all $NM | $SED -e '\''s/B\([^B]*\)$/P\1/'\''` -PCpgl $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "W") || (\$ 2 == "V") || (\$ 2 == "Z")) && (substr(\$ 1,1,1) != ".")) { if ((\$ 2 == "W") || (\$ 2 == "V") || (\$ 2 == "Z")) { print \$ 1 " weak" } else { print \$ 1 } } }'\'' | sort -u > $export_symbols' + fi + aix_use_runtimelinking=no + + # Test if we are trying to use run time linking or normal + # AIX style linking. If -brtl is somewhere in LDFLAGS, we + # have runtime linking enabled, and use it for executables. + # For shared libraries, we enable/disable runtime linking + # depending on the kind of the shared library created - + # when "with_aix_soname,aix_use_runtimelinking" is: + # "aix,no" lib.a(lib.so.V) shared, rtl:no, for executables + # "aix,yes" lib.so shared, rtl:yes, for executables + # lib.a static archive + # "both,no" lib.so.V(shr.o) shared, rtl:yes + # lib.a(lib.so.V) shared, rtl:no, for executables + # "both,yes" lib.so.V(shr.o) shared, rtl:yes, for executables + # lib.a(lib.so.V) shared, rtl:no + # "svr4,*" lib.so.V(shr.o) shared, rtl:yes, for executables + # lib.a static archive + case $host_os in aix4.[23]|aix4.[23].*|aix[5-9]*) + for ld_flag in $LDFLAGS; do + if (test x-brtl = "x$ld_flag" || test x-Wl,-brtl = "x$ld_flag"); then + aix_use_runtimelinking=yes + break + fi + done + if test svr4,no = "$with_aix_soname,$aix_use_runtimelinking"; then + # With aix-soname=svr4, we create the lib.so.V shared archives only, + # so we don't have lib.a shared libs to link our executables. + # We have to force runtime linking in this case. + aix_use_runtimelinking=yes + LDFLAGS="$LDFLAGS -Wl,-brtl" + fi + ;; + esac + + exp_sym_flag='-bexport' + no_entry_flag='-bnoentry' + fi + + # When large executables or shared objects are built, AIX ld can + # have problems creating the table of contents. If linking a library + # or program results in "error TOC overflow" add -mminimal-toc to + # CXXFLAGS/CFLAGS for g++/gcc. In the cases where that is not + # enough to fix the problem, add -Wl,-bbigtoc to LDFLAGS. + + archive_cmds='' + hardcode_direct=yes + hardcode_direct_absolute=yes + hardcode_libdir_separator=':' + link_all_deplibs=yes + file_list_spec='$wl-f,' + case $with_aix_soname,$aix_use_runtimelinking in + aix,*) ;; # traditional, no import file + svr4,* | *,yes) # use import file + # The Import File defines what to hardcode. + hardcode_direct=no + hardcode_direct_absolute=no + ;; + esac + + if test yes = "$GCC"; then + case $host_os in aix4.[012]|aix4.[012].*) + # We only want to do this on AIX 4.2 and lower, the check + # below for broken collect2 doesn't work under 4.3+ + collect2name=`$CC -print-prog-name=collect2` + if test -f "$collect2name" && + strings "$collect2name" | $GREP resolve_lib_name >/dev/null + then + # We have reworked collect2 + : + else + # We have old collect2 + hardcode_direct=unsupported + # It fails to find uninstalled libraries when the uninstalled + # path is not listed in the libpath. Setting hardcode_minus_L + # to unsupported forces relinking + hardcode_minus_L=yes + hardcode_libdir_flag_spec='-L$libdir' + hardcode_libdir_separator= + fi + ;; + esac + shared_flag='-shared' + if test yes = "$aix_use_runtimelinking"; then + shared_flag="$shared_flag "'$wl-G' + fi + # Need to ensure runtime linking is disabled for the traditional + # shared library, or the linker may eventually find shared libraries + # /with/ Import File - we do not want to mix them. + shared_flag_aix='-shared' + shared_flag_svr4='-shared $wl-G' + else + # not using gcc + if test ia64 = "$host_cpu"; then + # VisualAge C++, Version 5.5 for AIX 5L for IA-64, Beta 3 Release + # chokes on -Wl,-G. The following line is correct: + shared_flag='-G' + else + if test yes = "$aix_use_runtimelinking"; then + shared_flag='$wl-G' + else + shared_flag='$wl-bM:SRE' + fi + shared_flag_aix='$wl-bM:SRE' + shared_flag_svr4='$wl-G' + fi + fi + + export_dynamic_flag_spec='$wl-bexpall' + # It seems that -bexpall does not export symbols beginning with + # underscore (_), so it is better to generate a list of symbols to export. + always_export_symbols=yes + if test aix,yes = "$with_aix_soname,$aix_use_runtimelinking"; then + # Warning - without using the other runtime loading flags (-brtl), + # -berok will link without error, but may produce a broken library. + allow_undefined_flag='-berok' + # Determine the default libpath from the value encoded in an + # empty executable. + if test set = "${lt_cv_aix_libpath+set}"; then + aix_libpath=$lt_cv_aix_libpath +else + if ${lt_cv_aix_libpath_+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + + lt_aix_libpath_sed=' + /Import File Strings/,/^$/ { + /^0/ { + s/^0 *\([^ ]*\) *$/\1/ + p + } + }' + lt_cv_aix_libpath_=`dump -H conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"` + # Check for a 64-bit object if we didn't find anything. + if test -z "$lt_cv_aix_libpath_"; then + lt_cv_aix_libpath_=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"` + fi +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + if test -z "$lt_cv_aix_libpath_"; then + lt_cv_aix_libpath_=/usr/lib:/lib + fi + +fi + + aix_libpath=$lt_cv_aix_libpath_ +fi + + hardcode_libdir_flag_spec='$wl-blibpath:$libdir:'"$aix_libpath" + archive_expsym_cmds='$CC -o $output_objdir/$soname $libobjs $deplibs $wl'$no_entry_flag' $compiler_flags `if test -n "$allow_undefined_flag"; then func_echo_all "$wl$allow_undefined_flag"; else :; fi` $wl'$exp_sym_flag:\$export_symbols' '$shared_flag + else + if test ia64 = "$host_cpu"; then + hardcode_libdir_flag_spec='$wl-R $libdir:/usr/lib:/lib' + allow_undefined_flag="-z nodefs" + archive_expsym_cmds="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs '"\$wl$no_entry_flag"' $compiler_flags $wl$allow_undefined_flag '"\$wl$exp_sym_flag:\$export_symbols" + else + # Determine the default libpath from the value encoded in an + # empty executable. + if test set = "${lt_cv_aix_libpath+set}"; then + aix_libpath=$lt_cv_aix_libpath +else + if ${lt_cv_aix_libpath_+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + + lt_aix_libpath_sed=' + /Import File Strings/,/^$/ { + /^0/ { + s/^0 *\([^ ]*\) *$/\1/ + p + } + }' + lt_cv_aix_libpath_=`dump -H conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"` + # Check for a 64-bit object if we didn't find anything. + if test -z "$lt_cv_aix_libpath_"; then + lt_cv_aix_libpath_=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"` + fi +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + if test -z "$lt_cv_aix_libpath_"; then + lt_cv_aix_libpath_=/usr/lib:/lib + fi + +fi + + aix_libpath=$lt_cv_aix_libpath_ +fi + + hardcode_libdir_flag_spec='$wl-blibpath:$libdir:'"$aix_libpath" + # Warning - without using the other run time loading flags, + # -berok will link without error, but may produce a broken library. + no_undefined_flag=' $wl-bernotok' + allow_undefined_flag=' $wl-berok' + if test yes = "$with_gnu_ld"; then + # We only use this code for GNU lds that support --whole-archive. + whole_archive_flag_spec='$wl--whole-archive$convenience $wl--no-whole-archive' + else + # Exported symbols can be pulled into shared objects from archives + whole_archive_flag_spec='$convenience' + fi + archive_cmds_need_lc=yes + archive_expsym_cmds='$RM -r $output_objdir/$realname.d~$MKDIR $output_objdir/$realname.d' + # -brtl affects multiple linker settings, -berok does not and is overridden later + compiler_flags_filtered='`func_echo_all "$compiler_flags " | $SED -e "s%-brtl\\([, ]\\)%-berok\\1%g"`' + if test svr4 != "$with_aix_soname"; then + # This is similar to how AIX traditionally builds its shared libraries. + archive_expsym_cmds="$archive_expsym_cmds"'~$CC '$shared_flag_aix' -o $output_objdir/$realname.d/$soname $libobjs $deplibs $wl-bnoentry '$compiler_flags_filtered'$wl-bE:$export_symbols$allow_undefined_flag~$AR $AR_FLAGS $output_objdir/$libname$release.a $output_objdir/$realname.d/$soname' + fi + if test aix != "$with_aix_soname"; then + archive_expsym_cmds="$archive_expsym_cmds"'~$CC '$shared_flag_svr4' -o $output_objdir/$realname.d/$shared_archive_member_spec.o $libobjs $deplibs $wl-bnoentry '$compiler_flags_filtered'$wl-bE:$export_symbols$allow_undefined_flag~$STRIP -e $output_objdir/$realname.d/$shared_archive_member_spec.o~( func_echo_all "#! $soname($shared_archive_member_spec.o)"; if test shr_64 = "$shared_archive_member_spec"; then func_echo_all "# 64"; else func_echo_all "# 32"; fi; cat $export_symbols ) > $output_objdir/$realname.d/$shared_archive_member_spec.imp~$AR $AR_FLAGS $output_objdir/$soname $output_objdir/$realname.d/$shared_archive_member_spec.o $output_objdir/$realname.d/$shared_archive_member_spec.imp' + else + # used by -dlpreopen to get the symbols + archive_expsym_cmds="$archive_expsym_cmds"'~$MV $output_objdir/$realname.d/$soname $output_objdir' + fi + archive_expsym_cmds="$archive_expsym_cmds"'~$RM -r $output_objdir/$realname.d' + fi + fi + ;; + + amigaos*) + case $host_cpu in + powerpc) + # see comment about AmigaOS4 .so support + archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib' + archive_expsym_cmds='' + ;; + m68k) + archive_cmds='$RM $output_objdir/a2ixlibrary.data~$ECHO "#define NAME $libname" > $output_objdir/a2ixlibrary.data~$ECHO "#define LIBRARY_ID 1" >> $output_objdir/a2ixlibrary.data~$ECHO "#define VERSION $major" >> $output_objdir/a2ixlibrary.data~$ECHO "#define REVISION $revision" >> $output_objdir/a2ixlibrary.data~$AR $AR_FLAGS $lib $libobjs~$RANLIB $lib~(cd $output_objdir && a2ixlibrary -32)' + hardcode_libdir_flag_spec='-L$libdir' + hardcode_minus_L=yes + ;; + esac + ;; + + bsdi[45]*) + export_dynamic_flag_spec=-rdynamic + ;; + + cygwin* | mingw* | pw32* | cegcc*) + # When not using gcc, we currently assume that we are using + # Microsoft Visual C++. + # hardcode_libdir_flag_spec is actually meaningless, as there is + # no search path for DLLs. + case $cc_basename in + cl*) + # Native MSVC + hardcode_libdir_flag_spec=' ' + allow_undefined_flag=unsupported + always_export_symbols=yes + file_list_spec='@' + # Tell ltmain to make .lib files, not .a files. + libext=lib + # Tell ltmain to make .dll files, not .so files. + shrext_cmds=.dll + # FIXME: Setting linknames here is a bad hack. + archive_cmds='$CC -o $output_objdir/$soname $libobjs $compiler_flags $deplibs -Wl,-DLL,-IMPLIB:"$tool_output_objdir$libname.dll.lib"~linknames=' + archive_expsym_cmds='if test DEF = "`$SED -n -e '\''s/^[ ]*//'\'' -e '\''/^\(;.*\)*$/d'\'' -e '\''s/^\(EXPORTS\|LIBRARY\)\([ ].*\)*$/DEF/p'\'' -e q $export_symbols`" ; then + cp "$export_symbols" "$output_objdir/$soname.def"; + echo "$tool_output_objdir$soname.def" > "$output_objdir/$soname.exp"; + else + $SED -e '\''s/^/-link -EXPORT:/'\'' < $export_symbols > $output_objdir/$soname.exp; + fi~ + $CC -o $tool_output_objdir$soname $libobjs $compiler_flags $deplibs "@$tool_output_objdir$soname.exp" -Wl,-DLL,-IMPLIB:"$tool_output_objdir$libname.dll.lib"~ + linknames=' + # The linker will not automatically build a static lib if we build a DLL. + # _LT_TAGVAR(old_archive_from_new_cmds, )='true' + enable_shared_with_static_runtimes=yes + exclude_expsyms='_NULL_IMPORT_DESCRIPTOR|_IMPORT_DESCRIPTOR_.*' + export_symbols_cmds='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[BCDGRS][ ]/s/.*[ ]\([^ ]*\)/\1,DATA/'\'' | $SED -e '\''/^[AITW][ ]/s/.*[ ]//'\'' | sort | uniq > $export_symbols' + # Don't use ranlib + old_postinstall_cmds='chmod 644 $oldlib' + postlink_cmds='lt_outputfile="@OUTPUT@"~ + lt_tool_outputfile="@TOOL_OUTPUT@"~ + case $lt_outputfile in + *.exe|*.EXE) ;; + *) + lt_outputfile=$lt_outputfile.exe + lt_tool_outputfile=$lt_tool_outputfile.exe + ;; + esac~ + if test : != "$MANIFEST_TOOL" && test -f "$lt_outputfile.manifest"; then + $MANIFEST_TOOL -manifest "$lt_tool_outputfile.manifest" -outputresource:"$lt_tool_outputfile" || exit 1; + $RM "$lt_outputfile.manifest"; + fi' + ;; + *) + # Assume MSVC wrapper + hardcode_libdir_flag_spec=' ' + allow_undefined_flag=unsupported + # Tell ltmain to make .lib files, not .a files. + libext=lib + # Tell ltmain to make .dll files, not .so files. + shrext_cmds=.dll + # FIXME: Setting linknames here is a bad hack. + archive_cmds='$CC -o $lib $libobjs $compiler_flags `func_echo_all "$deplibs" | $SED '\''s/ -lc$//'\''` -link -dll~linknames=' + # The linker will automatically build a .lib file if we build a DLL. + old_archive_from_new_cmds='true' + # FIXME: Should let the user specify the lib program. + old_archive_cmds='lib -OUT:$oldlib$oldobjs$old_deplibs' + enable_shared_with_static_runtimes=yes + ;; + esac + ;; + + darwin* | rhapsody*) + + + archive_cmds_need_lc=no + hardcode_direct=no + hardcode_automatic=yes + hardcode_shlibpath_var=unsupported + if test yes = "$lt_cv_ld_force_load"; then + whole_archive_flag_spec='`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience $wl-force_load,$conv\"; done; func_echo_all \"$new_convenience\"`' + + else + whole_archive_flag_spec='' + fi + link_all_deplibs=yes + allow_undefined_flag=$_lt_dar_allow_undefined + case $cc_basename in + ifort*|nagfor*) _lt_dar_can_shared=yes ;; + *) _lt_dar_can_shared=$GCC ;; + esac + if test yes = "$_lt_dar_can_shared"; then + output_verbose_link_cmd=func_echo_all + archive_cmds="\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring $_lt_dar_single_mod$_lt_dsymutil" + module_cmds="\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags$_lt_dsymutil" + archive_expsym_cmds="sed 's|^|_|' < \$export_symbols > \$output_objdir/\$libname-symbols.expsym~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring $_lt_dar_single_mod$_lt_dar_export_syms$_lt_dsymutil" + module_expsym_cmds="sed -e 's|^|_|' < \$export_symbols > \$output_objdir/\$libname-symbols.expsym~\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags$_lt_dar_export_syms$_lt_dsymutil" + + else + ld_shlibs=no + fi + + ;; + + dgux*) + archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' + hardcode_libdir_flag_spec='-L$libdir' + hardcode_shlibpath_var=no + ;; + + # FreeBSD 2.2.[012] allows us to include c++rt0.o to get C++ constructor + # support. Future versions do this automatically, but an explicit c++rt0.o + # does not break anything, and helps significantly (at the cost of a little + # extra space). + freebsd2.2*) + archive_cmds='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags /usr/lib/c++rt0.o' + hardcode_libdir_flag_spec='-R$libdir' + hardcode_direct=yes + hardcode_shlibpath_var=no + ;; + + # Unfortunately, older versions of FreeBSD 2 do not have this feature. + freebsd2.*) + archive_cmds='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags' + hardcode_direct=yes + hardcode_minus_L=yes + hardcode_shlibpath_var=no + ;; + + # FreeBSD 3 and greater uses gcc -shared to do shared libraries. + freebsd* | dragonfly*) + archive_cmds='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags' + hardcode_libdir_flag_spec='-R$libdir' + hardcode_direct=yes + hardcode_shlibpath_var=no + ;; + + hpux9*) + if test yes = "$GCC"; then + archive_cmds='$RM $output_objdir/$soname~$CC -shared $pic_flag $wl+b $wl$install_libdir -o $output_objdir/$soname $libobjs $deplibs $compiler_flags~test "x$output_objdir/$soname" = "x$lib" || mv $output_objdir/$soname $lib' + else + archive_cmds='$RM $output_objdir/$soname~$LD -b +b $install_libdir -o $output_objdir/$soname $libobjs $deplibs $linker_flags~test "x$output_objdir/$soname" = "x$lib" || mv $output_objdir/$soname $lib' + fi + hardcode_libdir_flag_spec='$wl+b $wl$libdir' + hardcode_libdir_separator=: + hardcode_direct=yes + + # hardcode_minus_L: Not really in the search PATH, + # but as the default location of the library. + hardcode_minus_L=yes + export_dynamic_flag_spec='$wl-E' + ;; + + hpux10*) + if test yes,no = "$GCC,$with_gnu_ld"; then + archive_cmds='$CC -shared $pic_flag $wl+h $wl$soname $wl+b $wl$install_libdir -o $lib $libobjs $deplibs $compiler_flags' + else + archive_cmds='$LD -b +h $soname +b $install_libdir -o $lib $libobjs $deplibs $linker_flags' + fi + if test no = "$with_gnu_ld"; then + hardcode_libdir_flag_spec='$wl+b $wl$libdir' + hardcode_libdir_separator=: + hardcode_direct=yes + hardcode_direct_absolute=yes + export_dynamic_flag_spec='$wl-E' + # hardcode_minus_L: Not really in the search PATH, + # but as the default location of the library. + hardcode_minus_L=yes + fi + ;; + + hpux11*) + if test yes,no = "$GCC,$with_gnu_ld"; then + case $host_cpu in + hppa*64*) + archive_cmds='$CC -shared $wl+h $wl$soname -o $lib $libobjs $deplibs $compiler_flags' + ;; + ia64*) + archive_cmds='$CC -shared $pic_flag $wl+h $wl$soname $wl+nodefaultrpath -o $lib $libobjs $deplibs $compiler_flags' + ;; + *) + archive_cmds='$CC -shared $pic_flag $wl+h $wl$soname $wl+b $wl$install_libdir -o $lib $libobjs $deplibs $compiler_flags' + ;; + esac + else + case $host_cpu in + hppa*64*) + archive_cmds='$CC -b $wl+h $wl$soname -o $lib $libobjs $deplibs $compiler_flags' + ;; + ia64*) + archive_cmds='$CC -b $wl+h $wl$soname $wl+nodefaultrpath -o $lib $libobjs $deplibs $compiler_flags' + ;; + *) + + # Older versions of the 11.00 compiler do not understand -b yet + # (HP92453-01 A.11.01.20 doesn't, HP92453-01 B.11.X.35175-35176.GP does) + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC understands -b" >&5 +$as_echo_n "checking if $CC understands -b... " >&6; } +if ${lt_cv_prog_compiler__b+:} false; then : + $as_echo_n "(cached) " >&6 +else + lt_cv_prog_compiler__b=no + save_LDFLAGS=$LDFLAGS + LDFLAGS="$LDFLAGS -b" + echo "$lt_simple_link_test_code" > conftest.$ac_ext + if (eval $ac_link 2>conftest.err) && test -s conftest$ac_exeext; then + # The linker can only warn and ignore the option if not recognized + # So say no if there are warnings + if test -s conftest.err; then + # Append any errors to the config.log. + cat conftest.err 1>&5 + $ECHO "$_lt_linker_boilerplate" | $SED '/^$/d' > conftest.exp + $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2 + if diff conftest.exp conftest.er2 >/dev/null; then + lt_cv_prog_compiler__b=yes + fi + else + lt_cv_prog_compiler__b=yes + fi + fi + $RM -r conftest* + LDFLAGS=$save_LDFLAGS + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler__b" >&5 +$as_echo "$lt_cv_prog_compiler__b" >&6; } + +if test yes = "$lt_cv_prog_compiler__b"; then + archive_cmds='$CC -b $wl+h $wl$soname $wl+b $wl$install_libdir -o $lib $libobjs $deplibs $compiler_flags' +else + archive_cmds='$LD -b +h $soname +b $install_libdir -o $lib $libobjs $deplibs $linker_flags' +fi + + ;; + esac + fi + if test no = "$with_gnu_ld"; then + hardcode_libdir_flag_spec='$wl+b $wl$libdir' + hardcode_libdir_separator=: + + case $host_cpu in + hppa*64*|ia64*) + hardcode_direct=no + hardcode_shlibpath_var=no + ;; + *) + hardcode_direct=yes + hardcode_direct_absolute=yes + export_dynamic_flag_spec='$wl-E' + + # hardcode_minus_L: Not really in the search PATH, + # but as the default location of the library. + hardcode_minus_L=yes + ;; + esac + fi + ;; + + irix5* | irix6* | nonstopux*) + if test yes = "$GCC"; then + archive_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations -o $lib' + # Try to use the -exported_symbol ld option, if it does not + # work, assume that -exports_file does not work either and + # implicitly export all symbols. + # This should be the same for all languages, so no per-tag cache variable. + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the $host_os linker accepts -exported_symbol" >&5 +$as_echo_n "checking whether the $host_os linker accepts -exported_symbol... " >&6; } +if ${lt_cv_irix_exported_symbol+:} false; then : + $as_echo_n "(cached) " >&6 +else + save_LDFLAGS=$LDFLAGS + LDFLAGS="$LDFLAGS -shared $wl-exported_symbol ${wl}foo $wl-update_registry $wl/dev/null" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +int foo (void) { return 0; } +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + lt_cv_irix_exported_symbol=yes +else + lt_cv_irix_exported_symbol=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + LDFLAGS=$save_LDFLAGS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_irix_exported_symbol" >&5 +$as_echo "$lt_cv_irix_exported_symbol" >&6; } + if test yes = "$lt_cv_irix_exported_symbol"; then + archive_expsym_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations $wl-exports_file $wl$export_symbols -o $lib' + fi + link_all_deplibs=no + else + archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib' + archive_expsym_cmds='$CC -shared $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -exports_file $export_symbols -o $lib' + fi + archive_cmds_need_lc='no' + hardcode_libdir_flag_spec='$wl-rpath $wl$libdir' + hardcode_libdir_separator=: + inherit_rpath=yes + link_all_deplibs=yes + ;; + + linux*) + case $cc_basename in + tcc*) + # Fabrice Bellard et al's Tiny C Compiler + ld_shlibs=yes + archive_cmds='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags' + ;; + esac + ;; + + netbsd* | netbsdelf*-gnu) + if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then + archive_cmds='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags' # a.out + else + archive_cmds='$LD -shared -o $lib $libobjs $deplibs $linker_flags' # ELF + fi + hardcode_libdir_flag_spec='-R$libdir' + hardcode_direct=yes + hardcode_shlibpath_var=no + ;; + + newsos6) + archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' + hardcode_direct=yes + hardcode_libdir_flag_spec='$wl-rpath $wl$libdir' + hardcode_libdir_separator=: + hardcode_shlibpath_var=no + ;; + + *nto* | *qnx*) + ;; + + openbsd* | bitrig*) + if test -f /usr/libexec/ld.so; then + hardcode_direct=yes + hardcode_shlibpath_var=no + hardcode_direct_absolute=yes + if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`"; then + archive_cmds='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags' + archive_expsym_cmds='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags $wl-retain-symbols-file,$export_symbols' + hardcode_libdir_flag_spec='$wl-rpath,$libdir' + export_dynamic_flag_spec='$wl-E' + else + archive_cmds='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags' + hardcode_libdir_flag_spec='$wl-rpath,$libdir' + fi + else + ld_shlibs=no + fi + ;; + + os2*) + hardcode_libdir_flag_spec='-L$libdir' + hardcode_minus_L=yes + allow_undefined_flag=unsupported + shrext_cmds=.dll + archive_cmds='$ECHO "LIBRARY ${soname%$shared_ext} INITINSTANCE TERMINSTANCE" > $output_objdir/$libname.def~ + $ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~ + $ECHO "DATA MULTIPLE NONSHARED" >> $output_objdir/$libname.def~ + $ECHO EXPORTS >> $output_objdir/$libname.def~ + emxexp $libobjs | $SED /"_DLL_InitTerm"/d >> $output_objdir/$libname.def~ + $CC -Zdll -Zcrtdll -o $output_objdir/$soname $libobjs $deplibs $compiler_flags $output_objdir/$libname.def~ + emximp -o $lib $output_objdir/$libname.def' + archive_expsym_cmds='$ECHO "LIBRARY ${soname%$shared_ext} INITINSTANCE TERMINSTANCE" > $output_objdir/$libname.def~ + $ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~ + $ECHO "DATA MULTIPLE NONSHARED" >> $output_objdir/$libname.def~ + $ECHO EXPORTS >> $output_objdir/$libname.def~ + prefix_cmds="$SED"~ + if test EXPORTS = "`$SED 1q $export_symbols`"; then + prefix_cmds="$prefix_cmds -e 1d"; + fi~ + prefix_cmds="$prefix_cmds -e \"s/^\(.*\)$/_\1/g\""~ + cat $export_symbols | $prefix_cmds >> $output_objdir/$libname.def~ + $CC -Zdll -Zcrtdll -o $output_objdir/$soname $libobjs $deplibs $compiler_flags $output_objdir/$libname.def~ + emximp -o $lib $output_objdir/$libname.def' + old_archive_From_new_cmds='emximp -o $output_objdir/${libname}_dll.a $output_objdir/$libname.def' + enable_shared_with_static_runtimes=yes + ;; + + osf3*) + if test yes = "$GCC"; then + allow_undefined_flag=' $wl-expect_unresolved $wl\*' + archive_cmds='$CC -shared$allow_undefined_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations -o $lib' + else + allow_undefined_flag=' -expect_unresolved \*' + archive_cmds='$CC -shared$allow_undefined_flag $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib' + fi + archive_cmds_need_lc='no' + hardcode_libdir_flag_spec='$wl-rpath $wl$libdir' + hardcode_libdir_separator=: + ;; + + osf4* | osf5*) # as osf3* with the addition of -msym flag + if test yes = "$GCC"; then + allow_undefined_flag=' $wl-expect_unresolved $wl\*' + archive_cmds='$CC -shared$allow_undefined_flag $pic_flag $libobjs $deplibs $compiler_flags $wl-msym $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations -o $lib' + hardcode_libdir_flag_spec='$wl-rpath $wl$libdir' + else + allow_undefined_flag=' -expect_unresolved \*' + archive_cmds='$CC -shared$allow_undefined_flag $libobjs $deplibs $compiler_flags -msym -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib' + archive_expsym_cmds='for i in `cat $export_symbols`; do printf "%s %s\\n" -exported_symbol "\$i" >> $lib.exp; done; printf "%s\\n" "-hidden">> $lib.exp~ + $CC -shared$allow_undefined_flag $wl-input $wl$lib.exp $compiler_flags $libobjs $deplibs -soname $soname `test -n "$verstring" && $ECHO "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib~$RM $lib.exp' + + # Both c and cxx compiler support -rpath directly + hardcode_libdir_flag_spec='-rpath $libdir' + fi + archive_cmds_need_lc='no' + hardcode_libdir_separator=: + ;; + + solaris*) + no_undefined_flag=' -z defs' + if test yes = "$GCC"; then + wlarc='$wl' + archive_cmds='$CC -shared $pic_flag $wl-z ${wl}text $wl-h $wl$soname -o $lib $libobjs $deplibs $compiler_flags' + archive_expsym_cmds='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~ + $CC -shared $pic_flag $wl-z ${wl}text $wl-M $wl$lib.exp $wl-h $wl$soname -o $lib $libobjs $deplibs $compiler_flags~$RM $lib.exp' + else + case `$CC -V 2>&1` in + *"Compilers 5.0"*) + wlarc='' + archive_cmds='$LD -G$allow_undefined_flag -h $soname -o $lib $libobjs $deplibs $linker_flags' + archive_expsym_cmds='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~ + $LD -G$allow_undefined_flag -M $lib.exp -h $soname -o $lib $libobjs $deplibs $linker_flags~$RM $lib.exp' + ;; + *) + wlarc='$wl' + archive_cmds='$CC -G$allow_undefined_flag -h $soname -o $lib $libobjs $deplibs $compiler_flags' + archive_expsym_cmds='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~ + $CC -G$allow_undefined_flag -M $lib.exp -h $soname -o $lib $libobjs $deplibs $compiler_flags~$RM $lib.exp' + ;; + esac + fi + hardcode_libdir_flag_spec='-R$libdir' + hardcode_shlibpath_var=no + case $host_os in + solaris2.[0-5] | solaris2.[0-5].*) ;; + *) + # The compiler driver will combine and reorder linker options, + # but understands '-z linker_flag'. GCC discards it without '$wl', + # but is careful enough not to reorder. + # Supported since Solaris 2.6 (maybe 2.5.1?) + if test yes = "$GCC"; then + whole_archive_flag_spec='$wl-z ${wl}allextract$convenience $wl-z ${wl}defaultextract' + else + whole_archive_flag_spec='-z allextract$convenience -z defaultextract' + fi + ;; + esac + link_all_deplibs=yes + ;; + + sunos4*) + if test sequent = "$host_vendor"; then + # Use $CC to link under sequent, because it throws in some extra .o + # files that make .init and .fini sections work. + archive_cmds='$CC -G $wl-h $soname -o $lib $libobjs $deplibs $compiler_flags' + else + archive_cmds='$LD -assert pure-text -Bstatic -o $lib $libobjs $deplibs $linker_flags' + fi + hardcode_libdir_flag_spec='-L$libdir' + hardcode_direct=yes + hardcode_minus_L=yes + hardcode_shlibpath_var=no + ;; + + sysv4) + case $host_vendor in + sni) + archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' + hardcode_direct=yes # is this really true??? + ;; + siemens) + ## LD is ld it makes a PLAMLIB + ## CC just makes a GrossModule. + archive_cmds='$LD -G -o $lib $libobjs $deplibs $linker_flags' + reload_cmds='$CC -r -o $output$reload_objs' + hardcode_direct=no + ;; + motorola) + archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' + hardcode_direct=no #Motorola manual says yes, but my tests say they lie + ;; + esac + runpath_var='LD_RUN_PATH' + hardcode_shlibpath_var=no + ;; + + sysv4.3*) + archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' + hardcode_shlibpath_var=no + export_dynamic_flag_spec='-Bexport' + ;; + + sysv4*MP*) + if test -d /usr/nec; then + archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' + hardcode_shlibpath_var=no + runpath_var=LD_RUN_PATH + hardcode_runpath_var=yes + ld_shlibs=yes + fi + ;; + + sysv4*uw2* | sysv5OpenUNIX* | sysv5UnixWare7.[01].[10]* | unixware7* | sco3.2v5.0.[024]*) + no_undefined_flag='$wl-z,text' + archive_cmds_need_lc=no + hardcode_shlibpath_var=no + runpath_var='LD_RUN_PATH' + + if test yes = "$GCC"; then + archive_cmds='$CC -shared $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + archive_expsym_cmds='$CC -shared $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + else + archive_cmds='$CC -G $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + archive_expsym_cmds='$CC -G $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + fi + ;; + + sysv5* | sco3.2v5* | sco5v6*) + # Note: We CANNOT use -z defs as we might desire, because we do not + # link with -lc, and that would cause any symbols used from libc to + # always be unresolved, which means just about no library would + # ever link correctly. If we're not using GNU ld we use -z text + # though, which does catch some bad symbols but isn't as heavy-handed + # as -z defs. + no_undefined_flag='$wl-z,text' + allow_undefined_flag='$wl-z,nodefs' + archive_cmds_need_lc=no + hardcode_shlibpath_var=no + hardcode_libdir_flag_spec='$wl-R,$libdir' + hardcode_libdir_separator=':' + link_all_deplibs=yes + export_dynamic_flag_spec='$wl-Bexport' + runpath_var='LD_RUN_PATH' + + if test yes = "$GCC"; then + archive_cmds='$CC -shared $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + archive_expsym_cmds='$CC -shared $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + else + archive_cmds='$CC -G $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + archive_expsym_cmds='$CC -G $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + fi + ;; + + uts4*) + archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' + hardcode_libdir_flag_spec='-L$libdir' + hardcode_shlibpath_var=no + ;; + + *) + ld_shlibs=no + ;; + esac + + if test sni = "$host_vendor"; then + case $host in + sysv4 | sysv4.2uw2* | sysv4.3* | sysv5*) + export_dynamic_flag_spec='$wl-Blargedynsym' + ;; + esac + fi + fi + +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ld_shlibs" >&5 +$as_echo "$ld_shlibs" >&6; } +test no = "$ld_shlibs" && can_build_shared=no + +with_gnu_ld=$with_gnu_ld + + + + + + + + + + + + + + + +# +# Do we need to explicitly link libc? +# +case "x$archive_cmds_need_lc" in +x|xyes) + # Assume -lc should be added + archive_cmds_need_lc=yes + + if test yes,yes = "$GCC,$enable_shared"; then + case $archive_cmds in + *'~'*) + # FIXME: we may have to deal with multi-command sequences. + ;; + '$CC '*) + # Test whether the compiler implicitly links with -lc since on some + # systems, -lgcc has to come before -lc. If gcc already passes -lc + # to ld, don't add -lc before -lgcc. + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether -lc should be explicitly linked in" >&5 +$as_echo_n "checking whether -lc should be explicitly linked in... " >&6; } +if ${lt_cv_archive_cmds_need_lc+:} false; then : + $as_echo_n "(cached) " >&6 +else + $RM conftest* + echo "$lt_simple_compile_test_code" > conftest.$ac_ext + + if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5 + (eval $ac_compile) 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } 2>conftest.err; then + soname=conftest + lib=conftest + libobjs=conftest.$ac_objext + deplibs= + wl=$lt_prog_compiler_wl + pic_flag=$lt_prog_compiler_pic + compiler_flags=-v + linker_flags=-v + verstring= + output_objdir=. + libname=conftest + lt_save_allow_undefined_flag=$allow_undefined_flag + allow_undefined_flag= + if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$archive_cmds 2\>\&1 \| $GREP \" -lc \" \>/dev/null 2\>\&1\""; } >&5 + (eval $archive_cmds 2\>\&1 \| $GREP \" -lc \" \>/dev/null 2\>\&1) 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } + then + lt_cv_archive_cmds_need_lc=no + else + lt_cv_archive_cmds_need_lc=yes + fi + allow_undefined_flag=$lt_save_allow_undefined_flag + else + cat conftest.err 1>&5 + fi + $RM conftest* + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_archive_cmds_need_lc" >&5 +$as_echo "$lt_cv_archive_cmds_need_lc" >&6; } + archive_cmds_need_lc=$lt_cv_archive_cmds_need_lc + ;; + esac + fi + ;; +esac + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking dynamic linker characteristics" >&5 +$as_echo_n "checking dynamic linker characteristics... " >&6; } + +if test yes = "$GCC"; then + case $host_os in + darwin*) lt_awk_arg='/^libraries:/,/LR/' ;; + *) lt_awk_arg='/^libraries:/' ;; + esac + case $host_os in + mingw* | cegcc*) lt_sed_strip_eq='s|=\([A-Za-z]:\)|\1|g' ;; + *) lt_sed_strip_eq='s|=/|/|g' ;; + esac + lt_search_path_spec=`$CC -print-search-dirs | awk $lt_awk_arg | $SED -e "s/^libraries://" -e $lt_sed_strip_eq` + case $lt_search_path_spec in + *\;*) + # if the path contains ";" then we assume it to be the separator + # otherwise default to the standard path separator (i.e. ":") - it is + # assumed that no part of a normal pathname contains ";" but that should + # okay in the real world where ";" in dirpaths is itself problematic. + lt_search_path_spec=`$ECHO "$lt_search_path_spec" | $SED 's/;/ /g'` + ;; + *) + lt_search_path_spec=`$ECHO "$lt_search_path_spec" | $SED "s/$PATH_SEPARATOR/ /g"` + ;; + esac + # Ok, now we have the path, separated by spaces, we can step through it + # and add multilib dir if necessary... + lt_tmp_lt_search_path_spec= + lt_multi_os_dir=/`$CC $CPPFLAGS $CFLAGS $LDFLAGS -print-multi-os-directory 2>/dev/null` + # ...but if some path component already ends with the multilib dir we assume + # that all is fine and trust -print-search-dirs as is (GCC 4.2? or newer). + case "$lt_multi_os_dir; $lt_search_path_spec " in + "/; "* | "/.; "* | "/./; "* | *"$lt_multi_os_dir "* | *"$lt_multi_os_dir/ "*) + lt_multi_os_dir= + ;; + esac + for lt_sys_path in $lt_search_path_spec; do + if test -d "$lt_sys_path$lt_multi_os_dir"; then + lt_tmp_lt_search_path_spec="$lt_tmp_lt_search_path_spec $lt_sys_path$lt_multi_os_dir" + elif test -n "$lt_multi_os_dir"; then + test -d "$lt_sys_path" && \ + lt_tmp_lt_search_path_spec="$lt_tmp_lt_search_path_spec $lt_sys_path" + fi + done + lt_search_path_spec=`$ECHO "$lt_tmp_lt_search_path_spec" | awk ' +BEGIN {RS = " "; FS = "/|\n";} { + lt_foo = ""; + lt_count = 0; + for (lt_i = NF; lt_i > 0; lt_i--) { + if ($lt_i != "" && $lt_i != ".") { + if ($lt_i == "..") { + lt_count++; + } else { + if (lt_count == 0) { + lt_foo = "/" $lt_i lt_foo; + } else { + lt_count--; + } + } + } + } + if (lt_foo != "") { lt_freq[lt_foo]++; } + if (lt_freq[lt_foo] == 1) { print lt_foo; } +}'` + # AWK program above erroneously prepends '/' to C:/dos/paths + # for these hosts. + case $host_os in + mingw* | cegcc*) lt_search_path_spec=`$ECHO "$lt_search_path_spec" |\ + $SED 's|/\([A-Za-z]:\)|\1|g'` ;; + esac + sys_lib_search_path_spec=`$ECHO "$lt_search_path_spec" | $lt_NL2SP` +else + sys_lib_search_path_spec="/lib /usr/lib /usr/local/lib" +fi +library_names_spec= +libname_spec='lib$name' +soname_spec= +shrext_cmds=.so +postinstall_cmds= +postuninstall_cmds= +finish_cmds= +finish_eval= +shlibpath_var= +shlibpath_overrides_runpath=unknown +version_type=none +dynamic_linker="$host_os ld.so" +sys_lib_dlsearch_path_spec="/lib /usr/lib" +need_lib_prefix=unknown +hardcode_into_libs=no + +# when you set need_version to no, make sure it does not cause -set_version +# flags to be left without arguments +need_version=unknown + + + +case $host_os in +aix3*) + version_type=linux # correct to gnu/linux during the next big refactor + library_names_spec='$libname$release$shared_ext$versuffix $libname.a' + shlibpath_var=LIBPATH + + # AIX 3 has no versioning support, so we append a major version to the name. + soname_spec='$libname$release$shared_ext$major' + ;; + +aix[4-9]*) + version_type=linux # correct to gnu/linux during the next big refactor + need_lib_prefix=no + need_version=no + hardcode_into_libs=yes + if test ia64 = "$host_cpu"; then + # AIX 5 supports IA64 + library_names_spec='$libname$release$shared_ext$major $libname$release$shared_ext$versuffix $libname$shared_ext' + shlibpath_var=LD_LIBRARY_PATH + else + # With GCC up to 2.95.x, collect2 would create an import file + # for dependence libraries. The import file would start with + # the line '#! .'. This would cause the generated library to + # depend on '.', always an invalid library. This was fixed in + # development snapshots of GCC prior to 3.0. + case $host_os in + aix4 | aix4.[01] | aix4.[01].*) + if { echo '#if __GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 97)' + echo ' yes ' + echo '#endif'; } | $CC -E - | $GREP yes > /dev/null; then + : + else + can_build_shared=no + fi + ;; + esac + # Using Import Files as archive members, it is possible to support + # filename-based versioning of shared library archives on AIX. While + # this would work for both with and without runtime linking, it will + # prevent static linking of such archives. So we do filename-based + # shared library versioning with .so extension only, which is used + # when both runtime linking and shared linking is enabled. + # Unfortunately, runtime linking may impact performance, so we do + # not want this to be the default eventually. Also, we use the + # versioned .so libs for executables only if there is the -brtl + # linker flag in LDFLAGS as well, or --with-aix-soname=svr4 only. + # To allow for filename-based versioning support, we need to create + # libNAME.so.V as an archive file, containing: + # *) an Import File, referring to the versioned filename of the + # archive as well as the shared archive member, telling the + # bitwidth (32 or 64) of that shared object, and providing the + # list of exported symbols of that shared object, eventually + # decorated with the 'weak' keyword + # *) the shared object with the F_LOADONLY flag set, to really avoid + # it being seen by the linker. + # At run time we better use the real file rather than another symlink, + # but for link time we create the symlink libNAME.so -> libNAME.so.V + + case $with_aix_soname,$aix_use_runtimelinking in + # AIX (on Power*) has no versioning support, so currently we cannot hardcode correct + # soname into executable. Probably we can add versioning support to + # collect2, so additional links can be useful in future. + aix,yes) # traditional libtool + dynamic_linker='AIX unversionable lib.so' + # If using run time linking (on AIX 4.2 or later) use lib.so + # instead of lib.a to let people know that these are not + # typical AIX shared libraries. + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + ;; + aix,no) # traditional AIX only + dynamic_linker='AIX lib.a(lib.so.V)' + # We preserve .a as extension for shared libraries through AIX4.2 + # and later when we are not doing run time linking. + library_names_spec='$libname$release.a $libname.a' + soname_spec='$libname$release$shared_ext$major' + ;; + svr4,*) # full svr4 only + dynamic_linker="AIX lib.so.V($shared_archive_member_spec.o)" + library_names_spec='$libname$release$shared_ext$major $libname$shared_ext' + # We do not specify a path in Import Files, so LIBPATH fires. + shlibpath_overrides_runpath=yes + ;; + *,yes) # both, prefer svr4 + dynamic_linker="AIX lib.so.V($shared_archive_member_spec.o), lib.a(lib.so.V)" + library_names_spec='$libname$release$shared_ext$major $libname$shared_ext' + # unpreferred sharedlib libNAME.a needs extra handling + postinstall_cmds='test -n "$linkname" || linkname="$realname"~func_stripname "" ".so" "$linkname"~$install_shared_prog "$dir/$func_stripname_result.$libext" "$destdir/$func_stripname_result.$libext"~test -z "$tstripme" || test -z "$striplib" || $striplib "$destdir/$func_stripname_result.$libext"' + postuninstall_cmds='for n in $library_names $old_library; do :; done~func_stripname "" ".so" "$n"~test "$func_stripname_result" = "$n" || func_append rmfiles " $odir/$func_stripname_result.$libext"' + # We do not specify a path in Import Files, so LIBPATH fires. + shlibpath_overrides_runpath=yes + ;; + *,no) # both, prefer aix + dynamic_linker="AIX lib.a(lib.so.V), lib.so.V($shared_archive_member_spec.o)" + library_names_spec='$libname$release.a $libname.a' + soname_spec='$libname$release$shared_ext$major' + # unpreferred sharedlib libNAME.so.V and symlink libNAME.so need extra handling + postinstall_cmds='test -z "$dlname" || $install_shared_prog $dir/$dlname $destdir/$dlname~test -z "$tstripme" || test -z "$striplib" || $striplib $destdir/$dlname~test -n "$linkname" || linkname=$realname~func_stripname "" ".a" "$linkname"~(cd "$destdir" && $LN_S -f $dlname $func_stripname_result.so)' + postuninstall_cmds='test -z "$dlname" || func_append rmfiles " $odir/$dlname"~for n in $old_library $library_names; do :; done~func_stripname "" ".a" "$n"~func_append rmfiles " $odir/$func_stripname_result.so"' + ;; + esac + shlibpath_var=LIBPATH + fi + ;; + +amigaos*) + case $host_cpu in + powerpc) + # Since July 2007 AmigaOS4 officially supports .so libraries. + # When compiling the executable, add -use-dynld -Lsobjs: to the compileline. + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + ;; + m68k) + library_names_spec='$libname.ixlibrary $libname.a' + # Create ${libname}_ixlibrary.a entries in /sys/libs. + finish_eval='for lib in `ls $libdir/*.ixlibrary 2>/dev/null`; do libname=`func_echo_all "$lib" | $SED '\''s%^.*/\([^/]*\)\.ixlibrary$%\1%'\''`; $RM /sys/libs/${libname}_ixlibrary.a; $show "cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a"; cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a || exit 1; done' + ;; + esac + ;; + +beos*) + library_names_spec='$libname$shared_ext' + dynamic_linker="$host_os ld.so" + shlibpath_var=LIBRARY_PATH + ;; + +bsdi[45]*) + version_type=linux # correct to gnu/linux during the next big refactor + need_version=no + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + soname_spec='$libname$release$shared_ext$major' + finish_cmds='PATH="\$PATH:/sbin" ldconfig $libdir' + shlibpath_var=LD_LIBRARY_PATH + sys_lib_search_path_spec="/shlib /usr/lib /usr/X11/lib /usr/contrib/lib /lib /usr/local/lib" + sys_lib_dlsearch_path_spec="/shlib /usr/lib /usr/local/lib" + # the default ld.so.conf also contains /usr/contrib/lib and + # /usr/X11R6/lib (/usr/X11 is a link to /usr/X11R6), but let us allow + # libtool to hard-code these into programs + ;; + +cygwin* | mingw* | pw32* | cegcc*) + version_type=windows + shrext_cmds=.dll + need_version=no + need_lib_prefix=no + + case $GCC,$cc_basename in + yes,*) + # gcc + library_names_spec='$libname.dll.a' + # DLL is installed to $(libdir)/../bin by postinstall_cmds + postinstall_cmds='base_file=`basename \$file`~ + dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\$base_file'\''i; echo \$dlname'\''`~ + dldir=$destdir/`dirname \$dlpath`~ + test -d \$dldir || mkdir -p \$dldir~ + $install_prog $dir/$dlname \$dldir/$dlname~ + chmod a+x \$dldir/$dlname~ + if test -n '\''$stripme'\'' && test -n '\''$striplib'\''; then + eval '\''$striplib \$dldir/$dlname'\'' || exit \$?; + fi' + postuninstall_cmds='dldll=`$SHELL 2>&1 -c '\''. $file; echo \$dlname'\''`~ + dlpath=$dir/\$dldll~ + $RM \$dlpath' + shlibpath_overrides_runpath=yes + + case $host_os in + cygwin*) + # Cygwin DLLs use 'cyg' prefix rather than 'lib' + soname_spec='`echo $libname | sed -e 's/^lib/cyg/'``echo $release | $SED -e 's/[.]/-/g'`$versuffix$shared_ext' + + sys_lib_search_path_spec="$sys_lib_search_path_spec /usr/lib/w32api" + ;; + mingw* | cegcc*) + # MinGW DLLs use traditional 'lib' prefix + soname_spec='$libname`echo $release | $SED -e 's/[.]/-/g'`$versuffix$shared_ext' + ;; + pw32*) + # pw32 DLLs use 'pw' prefix rather than 'lib' + library_names_spec='`echo $libname | sed -e 's/^lib/pw/'``echo $release | $SED -e 's/[.]/-/g'`$versuffix$shared_ext' + ;; + esac + dynamic_linker='Win32 ld.exe' + ;; + + *,cl*) + # Native MSVC + libname_spec='$name' + soname_spec='$libname`echo $release | $SED -e 's/[.]/-/g'`$versuffix$shared_ext' + library_names_spec='$libname.dll.lib' + + case $build_os in + mingw*) + sys_lib_search_path_spec= + lt_save_ifs=$IFS + IFS=';' + for lt_path in $LIB + do + IFS=$lt_save_ifs + # Let DOS variable expansion print the short 8.3 style file name. + lt_path=`cd "$lt_path" 2>/dev/null && cmd //C "for %i in (".") do @echo %~si"` + sys_lib_search_path_spec="$sys_lib_search_path_spec $lt_path" + done + IFS=$lt_save_ifs + # Convert to MSYS style. + sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | sed -e 's|\\\\|/|g' -e 's| \\([a-zA-Z]\\):| /\\1|g' -e 's|^ ||'` + ;; + cygwin*) + # Convert to unix form, then to dos form, then back to unix form + # but this time dos style (no spaces!) so that the unix form looks + # like /cygdrive/c/PROGRA~1:/cygdr... + sys_lib_search_path_spec=`cygpath --path --unix "$LIB"` + sys_lib_search_path_spec=`cygpath --path --dos "$sys_lib_search_path_spec" 2>/dev/null` + sys_lib_search_path_spec=`cygpath --path --unix "$sys_lib_search_path_spec" | $SED -e "s/$PATH_SEPARATOR/ /g"` + ;; + *) + sys_lib_search_path_spec=$LIB + if $ECHO "$sys_lib_search_path_spec" | $GREP ';[c-zC-Z]:/' >/dev/null; then + # It is most probably a Windows format PATH. + sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | $SED -e 's/;/ /g'` + else + sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | $SED -e "s/$PATH_SEPARATOR/ /g"` + fi + # FIXME: find the short name or the path components, as spaces are + # common. (e.g. "Program Files" -> "PROGRA~1") + ;; + esac + + # DLL is installed to $(libdir)/../bin by postinstall_cmds + postinstall_cmds='base_file=`basename \$file`~ + dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\$base_file'\''i; echo \$dlname'\''`~ + dldir=$destdir/`dirname \$dlpath`~ + test -d \$dldir || mkdir -p \$dldir~ + $install_prog $dir/$dlname \$dldir/$dlname' + postuninstall_cmds='dldll=`$SHELL 2>&1 -c '\''. $file; echo \$dlname'\''`~ + dlpath=$dir/\$dldll~ + $RM \$dlpath' + shlibpath_overrides_runpath=yes + dynamic_linker='Win32 link.exe' + ;; + + *) + # Assume MSVC wrapper + library_names_spec='$libname`echo $release | $SED -e 's/[.]/-/g'`$versuffix$shared_ext $libname.lib' + dynamic_linker='Win32 ld.exe' + ;; + esac + # FIXME: first we should search . and the directory the executable is in + shlibpath_var=PATH + ;; + +darwin* | rhapsody*) + dynamic_linker="$host_os dyld" + version_type=darwin + need_lib_prefix=no + need_version=no + library_names_spec='$libname$release$major$shared_ext $libname$shared_ext' + soname_spec='$libname$release$major$shared_ext' + shlibpath_overrides_runpath=yes + shlibpath_var=DYLD_LIBRARY_PATH + shrext_cmds='`test .$module = .yes && echo .so || echo .dylib`' + + sys_lib_search_path_spec="$sys_lib_search_path_spec /usr/local/lib" + sys_lib_dlsearch_path_spec='/usr/local/lib /lib /usr/lib' + ;; + +dgux*) + version_type=linux # correct to gnu/linux during the next big refactor + need_lib_prefix=no + need_version=no + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + soname_spec='$libname$release$shared_ext$major' + shlibpath_var=LD_LIBRARY_PATH + ;; + +freebsd* | dragonfly*) + # DragonFly does not have aout. When/if they implement a new + # versioning mechanism, adjust this. + if test -x /usr/bin/objformat; then + objformat=`/usr/bin/objformat` + else + case $host_os in + freebsd[23].*) objformat=aout ;; + *) objformat=elf ;; + esac + fi + version_type=freebsd-$objformat + case $version_type in + freebsd-elf*) + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + soname_spec='$libname$release$shared_ext$major' + need_version=no + need_lib_prefix=no + ;; + freebsd-*) + library_names_spec='$libname$release$shared_ext$versuffix $libname$shared_ext$versuffix' + need_version=yes + ;; + esac + shlibpath_var=LD_LIBRARY_PATH + case $host_os in + freebsd2.*) + shlibpath_overrides_runpath=yes + ;; + freebsd3.[01]* | freebsdelf3.[01]*) + shlibpath_overrides_runpath=yes + hardcode_into_libs=yes + ;; + freebsd3.[2-9]* | freebsdelf3.[2-9]* | \ + freebsd4.[0-5] | freebsdelf4.[0-5] | freebsd4.1.1 | freebsdelf4.1.1) + shlibpath_overrides_runpath=no + hardcode_into_libs=yes + ;; + *) # from 4.6 on, and DragonFly + shlibpath_overrides_runpath=yes + hardcode_into_libs=yes + ;; + esac + ;; + +haiku*) + version_type=linux # correct to gnu/linux during the next big refactor + need_lib_prefix=no + need_version=no + dynamic_linker="$host_os runtime_loader" + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + soname_spec='$libname$release$shared_ext$major' + shlibpath_var=LIBRARY_PATH + shlibpath_overrides_runpath=no + sys_lib_dlsearch_path_spec='/boot/home/config/lib /boot/common/lib /boot/system/lib' + hardcode_into_libs=yes + ;; + +hpux9* | hpux10* | hpux11*) + # Give a soname corresponding to the major version so that dld.sl refuses to + # link against other versions. + version_type=sunos + need_lib_prefix=no + need_version=no + case $host_cpu in + ia64*) + shrext_cmds='.so' + hardcode_into_libs=yes + dynamic_linker="$host_os dld.so" + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=yes # Unless +noenvvar is specified. + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + soname_spec='$libname$release$shared_ext$major' + if test 32 = "$HPUX_IA64_MODE"; then + sys_lib_search_path_spec="/usr/lib/hpux32 /usr/local/lib/hpux32 /usr/local/lib" + sys_lib_dlsearch_path_spec=/usr/lib/hpux32 + else + sys_lib_search_path_spec="/usr/lib/hpux64 /usr/local/lib/hpux64" + sys_lib_dlsearch_path_spec=/usr/lib/hpux64 + fi + ;; + hppa*64*) + shrext_cmds='.sl' + hardcode_into_libs=yes + dynamic_linker="$host_os dld.sl" + shlibpath_var=LD_LIBRARY_PATH # How should we handle SHLIB_PATH + shlibpath_overrides_runpath=yes # Unless +noenvvar is specified. + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + soname_spec='$libname$release$shared_ext$major' + sys_lib_search_path_spec="/usr/lib/pa20_64 /usr/ccs/lib/pa20_64" + sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec + ;; + *) + shrext_cmds='.sl' + dynamic_linker="$host_os dld.sl" + shlibpath_var=SHLIB_PATH + shlibpath_overrides_runpath=no # +s is required to enable SHLIB_PATH + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + soname_spec='$libname$release$shared_ext$major' + ;; + esac + # HP-UX runs *really* slowly unless shared libraries are mode 555, ... + postinstall_cmds='chmod 555 $lib' + # or fails outright, so override atomically: + install_override_mode=555 + ;; + +interix[3-9]*) + version_type=linux # correct to gnu/linux during the next big refactor + need_lib_prefix=no + need_version=no + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + soname_spec='$libname$release$shared_ext$major' + dynamic_linker='Interix 3.x ld.so.1 (PE, like ELF)' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=no + hardcode_into_libs=yes + ;; + +irix5* | irix6* | nonstopux*) + case $host_os in + nonstopux*) version_type=nonstopux ;; + *) + if test yes = "$lt_cv_prog_gnu_ld"; then + version_type=linux # correct to gnu/linux during the next big refactor + else + version_type=irix + fi ;; + esac + need_lib_prefix=no + need_version=no + soname_spec='$libname$release$shared_ext$major' + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$release$shared_ext $libname$shared_ext' + case $host_os in + irix5* | nonstopux*) + libsuff= shlibsuff= + ;; + *) + case $LD in # libtool.m4 will add one of these switches to LD + *-32|*"-32 "|*-melf32bsmip|*"-melf32bsmip ") + libsuff= shlibsuff= libmagic=32-bit;; + *-n32|*"-n32 "|*-melf32bmipn32|*"-melf32bmipn32 ") + libsuff=32 shlibsuff=N32 libmagic=N32;; + *-64|*"-64 "|*-melf64bmip|*"-melf64bmip ") + libsuff=64 shlibsuff=64 libmagic=64-bit;; + *) libsuff= shlibsuff= libmagic=never-match;; + esac + ;; + esac + shlibpath_var=LD_LIBRARY${shlibsuff}_PATH + shlibpath_overrides_runpath=no + sys_lib_search_path_spec="/usr/lib$libsuff /lib$libsuff /usr/local/lib$libsuff" + sys_lib_dlsearch_path_spec="/usr/lib$libsuff /lib$libsuff" + hardcode_into_libs=yes + ;; + +# No shared lib support for Linux oldld, aout, or coff. +linux*oldld* | linux*aout* | linux*coff*) + dynamic_linker=no + ;; + +linux*android*) + version_type=none # Android doesn't support versioned libraries. + need_lib_prefix=no + need_version=no + library_names_spec='$libname$release$shared_ext' + soname_spec='$libname$release$shared_ext' + finish_cmds= + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=yes + + # This implies no fast_install, which is unacceptable. + # Some rework will be needed to allow for fast_install + # before this can be enabled. + hardcode_into_libs=yes + + dynamic_linker='Android linker' + # Don't embed -rpath directories since the linker doesn't support them. + hardcode_libdir_flag_spec='-L$libdir' + ;; + +# This must be glibc/ELF. +linux* | k*bsd*-gnu | kopensolaris*-gnu | gnu*) + version_type=linux # correct to gnu/linux during the next big refactor + need_lib_prefix=no + need_version=no + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + soname_spec='$libname$release$shared_ext$major' + finish_cmds='PATH="\$PATH:/sbin" ldconfig -n $libdir' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=no + + # Some binutils ld are patched to set DT_RUNPATH + if ${lt_cv_shlibpath_overrides_runpath+:} false; then : + $as_echo_n "(cached) " >&6 +else + lt_cv_shlibpath_overrides_runpath=no + save_LDFLAGS=$LDFLAGS + save_libdir=$libdir + eval "libdir=/foo; wl=\"$lt_prog_compiler_wl\"; \ + LDFLAGS=\"\$LDFLAGS $hardcode_libdir_flag_spec\"" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + if ($OBJDUMP -p conftest$ac_exeext) 2>/dev/null | grep "RUNPATH.*$libdir" >/dev/null; then : + lt_cv_shlibpath_overrides_runpath=yes +fi +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + LDFLAGS=$save_LDFLAGS + libdir=$save_libdir + +fi + + shlibpath_overrides_runpath=$lt_cv_shlibpath_overrides_runpath + + # This implies no fast_install, which is unacceptable. + # Some rework will be needed to allow for fast_install + # before this can be enabled. + hardcode_into_libs=yes + + # Ideally, we could use ldconfig to report *all* directores which are + # searched for libraries, however this is still not possible. Aside from not + # being certain /sbin/ldconfig is available, command + # 'ldconfig -N -X -v | grep ^/' on 64bit Fedora does not report /usr/lib64, + # even though it is searched at run-time. Try to do the best guess by + # appending ld.so.conf contents (and includes) to the search path. + if test -f /etc/ld.so.conf; then + lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s 2>/dev/null", \$2)); skip = 1; } { if (!skip) print \$0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;/^[ ]*hwcap[ ]/d;s/[:, ]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;s/"//g;/^$/d' | tr '\n' ' '` + sys_lib_dlsearch_path_spec="/lib /usr/lib $lt_ld_extra" + fi + + # We used to test for /lib/ld.so.1 and disable shared libraries on + # powerpc, because MkLinux only supported shared libraries with the + # GNU dynamic linker. Since this was broken with cross compilers, + # most powerpc-linux boxes support dynamic linking these days and + # people can always --disable-shared, the test was removed, and we + # assume the GNU/Linux dynamic linker is in use. + dynamic_linker='GNU/Linux ld.so' + ;; + +netbsdelf*-gnu) + version_type=linux + need_lib_prefix=no + need_version=no + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}' + soname_spec='${libname}${release}${shared_ext}$major' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=no + hardcode_into_libs=yes + dynamic_linker='NetBSD ld.elf_so' + ;; + +netbsd*) + version_type=sunos + need_lib_prefix=no + need_version=no + if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then + library_names_spec='$libname$release$shared_ext$versuffix $libname$shared_ext$versuffix' + finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir' + dynamic_linker='NetBSD (a.out) ld.so' + else + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + soname_spec='$libname$release$shared_ext$major' + dynamic_linker='NetBSD ld.elf_so' + fi + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=yes + hardcode_into_libs=yes + ;; + +newsos6) + version_type=linux # correct to gnu/linux during the next big refactor + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=yes + ;; + +*nto* | *qnx*) + version_type=qnx + need_lib_prefix=no + need_version=no + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + soname_spec='$libname$release$shared_ext$major' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=no + hardcode_into_libs=yes + dynamic_linker='ldqnx.so' + ;; + +openbsd* | bitrig*) + version_type=sunos + sys_lib_dlsearch_path_spec=/usr/lib + need_lib_prefix=no + if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`"; then + need_version=no + else + need_version=yes + fi + library_names_spec='$libname$release$shared_ext$versuffix $libname$shared_ext$versuffix' + finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=yes + ;; + +os2*) + libname_spec='$name' + version_type=windows + shrext_cmds=.dll + need_version=no + need_lib_prefix=no + # OS/2 can only load a DLL with a base name of 8 characters or less. + soname_spec='`test -n "$os2dllname" && libname="$os2dllname"; + v=$($ECHO $release$versuffix | tr -d .-); + n=$($ECHO $libname | cut -b -$((8 - ${#v})) | tr . _); + $ECHO $n$v`$shared_ext' + library_names_spec='${libname}_dll.$libext' + dynamic_linker='OS/2 ld.exe' + shlibpath_var=BEGINLIBPATH + sys_lib_search_path_spec="/lib /usr/lib /usr/local/lib" + sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec + postinstall_cmds='base_file=`basename \$file`~ + dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\$base_file'\''i; $ECHO \$dlname'\''`~ + dldir=$destdir/`dirname \$dlpath`~ + test -d \$dldir || mkdir -p \$dldir~ + $install_prog $dir/$dlname \$dldir/$dlname~ + chmod a+x \$dldir/$dlname~ + if test -n '\''$stripme'\'' && test -n '\''$striplib'\''; then + eval '\''$striplib \$dldir/$dlname'\'' || exit \$?; + fi' + postuninstall_cmds='dldll=`$SHELL 2>&1 -c '\''. $file; $ECHO \$dlname'\''`~ + dlpath=$dir/\$dldll~ + $RM \$dlpath' + ;; + +osf3* | osf4* | osf5*) + version_type=osf + need_lib_prefix=no + need_version=no + soname_spec='$libname$release$shared_ext$major' + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + shlibpath_var=LD_LIBRARY_PATH + sys_lib_search_path_spec="/usr/shlib /usr/ccs/lib /usr/lib/cmplrs/cc /usr/lib /usr/local/lib /var/shlib" + sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec + ;; + +rdos*) + dynamic_linker=no + ;; + +solaris*) + version_type=linux # correct to gnu/linux during the next big refactor + need_lib_prefix=no + need_version=no + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + soname_spec='$libname$release$shared_ext$major' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=yes + hardcode_into_libs=yes + # ldd complains unless libraries are executable + postinstall_cmds='chmod +x $lib' + ;; + +sunos4*) + version_type=sunos + library_names_spec='$libname$release$shared_ext$versuffix $libname$shared_ext$versuffix' + finish_cmds='PATH="\$PATH:/usr/etc" ldconfig $libdir' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=yes + if test yes = "$with_gnu_ld"; then + need_lib_prefix=no + fi + need_version=yes + ;; + +sysv4 | sysv4.3*) + version_type=linux # correct to gnu/linux during the next big refactor + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + soname_spec='$libname$release$shared_ext$major' + shlibpath_var=LD_LIBRARY_PATH + case $host_vendor in + sni) + shlibpath_overrides_runpath=no + need_lib_prefix=no + runpath_var=LD_RUN_PATH + ;; + siemens) + need_lib_prefix=no + ;; + motorola) + need_lib_prefix=no + need_version=no + shlibpath_overrides_runpath=no + sys_lib_search_path_spec='/lib /usr/lib /usr/ccs/lib' + ;; + esac + ;; + +sysv4*MP*) + if test -d /usr/nec; then + version_type=linux # correct to gnu/linux during the next big refactor + library_names_spec='$libname$shared_ext.$versuffix $libname$shared_ext.$major $libname$shared_ext' + soname_spec='$libname$shared_ext.$major' + shlibpath_var=LD_LIBRARY_PATH + fi + ;; + +sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*) + version_type=sco + need_lib_prefix=no + need_version=no + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext $libname$shared_ext' + soname_spec='$libname$release$shared_ext$major' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=yes + hardcode_into_libs=yes + if test yes = "$with_gnu_ld"; then + sys_lib_search_path_spec='/usr/local/lib /usr/gnu/lib /usr/ccs/lib /usr/lib /lib' + else + sys_lib_search_path_spec='/usr/ccs/lib /usr/lib' + case $host_os in + sco3.2v5*) + sys_lib_search_path_spec="$sys_lib_search_path_spec /lib" + ;; + esac + fi + sys_lib_dlsearch_path_spec='/usr/lib' + ;; + +tpf*) + # TPF is a cross-target only. Preferred cross-host = GNU/Linux. + version_type=linux # correct to gnu/linux during the next big refactor + need_lib_prefix=no + need_version=no + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=no + hardcode_into_libs=yes + ;; + +uts4*) + version_type=linux # correct to gnu/linux during the next big refactor + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + soname_spec='$libname$release$shared_ext$major' + shlibpath_var=LD_LIBRARY_PATH + ;; + +*) + dynamic_linker=no + ;; +esac +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $dynamic_linker" >&5 +$as_echo "$dynamic_linker" >&6; } +test no = "$dynamic_linker" && can_build_shared=no + +variables_saved_for_relink="PATH $shlibpath_var $runpath_var" +if test yes = "$GCC"; then + variables_saved_for_relink="$variables_saved_for_relink GCC_EXEC_PREFIX COMPILER_PATH LIBRARY_PATH" +fi + +if test set = "${lt_cv_sys_lib_search_path_spec+set}"; then + sys_lib_search_path_spec=$lt_cv_sys_lib_search_path_spec +fi + +if test set = "${lt_cv_sys_lib_dlsearch_path_spec+set}"; then + sys_lib_dlsearch_path_spec=$lt_cv_sys_lib_dlsearch_path_spec +fi + +# remember unaugmented sys_lib_dlsearch_path content for libtool script decls... +configure_time_dlsearch_path=$sys_lib_dlsearch_path_spec + +# ... but it needs LT_SYS_LIBRARY_PATH munging for other configure-time code +func_munge_path_list sys_lib_dlsearch_path_spec "$LT_SYS_LIBRARY_PATH" + +# to be used as default LT_SYS_LIBRARY_PATH value in generated libtool +configure_time_lt_sys_library_path=$LT_SYS_LIBRARY_PATH + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking how to hardcode library paths into programs" >&5 +$as_echo_n "checking how to hardcode library paths into programs... " >&6; } +hardcode_action= +if test -n "$hardcode_libdir_flag_spec" || + test -n "$runpath_var" || + test yes = "$hardcode_automatic"; then + + # We can hardcode non-existent directories. + if test no != "$hardcode_direct" && + # If the only mechanism to avoid hardcoding is shlibpath_var, we + # have to relink, otherwise we might link with an installed library + # when we should be linking with a yet-to-be-installed one + ## test no != "$_LT_TAGVAR(hardcode_shlibpath_var, )" && + test no != "$hardcode_minus_L"; then + # Linking always hardcodes the temporary library directory. + hardcode_action=relink + else + # We can link without hardcoding, and we can hardcode nonexisting dirs. + hardcode_action=immediate + fi +else + # We cannot hardcode anything, or else we can only hardcode existing + # directories. + hardcode_action=unsupported +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $hardcode_action" >&5 +$as_echo "$hardcode_action" >&6; } + +if test relink = "$hardcode_action" || + test yes = "$inherit_rpath"; then + # Fast installation is not supported + enable_fast_install=no +elif test yes = "$shlibpath_overrides_runpath" || + test no = "$enable_shared"; then + # Fast installation is not necessary + enable_fast_install=needless +fi + + + + + + + if test yes != "$enable_dlopen"; then + enable_dlopen=unknown + enable_dlopen_self=unknown + enable_dlopen_self_static=unknown +else + lt_cv_dlopen=no + lt_cv_dlopen_libs= + + case $host_os in + beos*) + lt_cv_dlopen=load_add_on + lt_cv_dlopen_libs= + lt_cv_dlopen_self=yes + ;; + + mingw* | pw32* | cegcc*) + lt_cv_dlopen=LoadLibrary + lt_cv_dlopen_libs= + ;; + + cygwin*) + lt_cv_dlopen=dlopen + lt_cv_dlopen_libs= + ;; + + darwin*) + # if libdl is installed we need to link against it + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for dlopen in -ldl" >&5 +$as_echo_n "checking for dlopen in -ldl... " >&6; } +if ${ac_cv_lib_dl_dlopen+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-ldl $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char dlopen (); +int +main () +{ +return dlopen (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + ac_cv_lib_dl_dlopen=yes +else + ac_cv_lib_dl_dlopen=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dl_dlopen" >&5 +$as_echo "$ac_cv_lib_dl_dlopen" >&6; } +if test "x$ac_cv_lib_dl_dlopen" = xyes; then : + lt_cv_dlopen=dlopen lt_cv_dlopen_libs=-ldl +else + + lt_cv_dlopen=dyld + lt_cv_dlopen_libs= + lt_cv_dlopen_self=yes + +fi + + ;; + + tpf*) + # Don't try to run any link tests for TPF. We know it's impossible + # because TPF is a cross-compiler, and we know how we open DSOs. + lt_cv_dlopen=dlopen + lt_cv_dlopen_libs= + lt_cv_dlopen_self=no + ;; + + *) + ac_fn_c_check_func "$LINENO" "shl_load" "ac_cv_func_shl_load" +if test "x$ac_cv_func_shl_load" = xyes; then : + lt_cv_dlopen=shl_load +else + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for shl_load in -ldld" >&5 +$as_echo_n "checking for shl_load in -ldld... " >&6; } +if ${ac_cv_lib_dld_shl_load+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-ldld $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char shl_load (); +int +main () +{ +return shl_load (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + ac_cv_lib_dld_shl_load=yes +else + ac_cv_lib_dld_shl_load=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dld_shl_load" >&5 +$as_echo "$ac_cv_lib_dld_shl_load" >&6; } +if test "x$ac_cv_lib_dld_shl_load" = xyes; then : + lt_cv_dlopen=shl_load lt_cv_dlopen_libs=-ldld +else + ac_fn_c_check_func "$LINENO" "dlopen" "ac_cv_func_dlopen" +if test "x$ac_cv_func_dlopen" = xyes; then : + lt_cv_dlopen=dlopen +else + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for dlopen in -ldl" >&5 +$as_echo_n "checking for dlopen in -ldl... " >&6; } +if ${ac_cv_lib_dl_dlopen+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-ldl $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char dlopen (); +int +main () +{ +return dlopen (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + ac_cv_lib_dl_dlopen=yes +else + ac_cv_lib_dl_dlopen=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dl_dlopen" >&5 +$as_echo "$ac_cv_lib_dl_dlopen" >&6; } +if test "x$ac_cv_lib_dl_dlopen" = xyes; then : + lt_cv_dlopen=dlopen lt_cv_dlopen_libs=-ldl +else + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for dlopen in -lsvld" >&5 +$as_echo_n "checking for dlopen in -lsvld... " >&6; } +if ${ac_cv_lib_svld_dlopen+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-lsvld $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char dlopen (); +int +main () +{ +return dlopen (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + ac_cv_lib_svld_dlopen=yes +else + ac_cv_lib_svld_dlopen=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_svld_dlopen" >&5 +$as_echo "$ac_cv_lib_svld_dlopen" >&6; } +if test "x$ac_cv_lib_svld_dlopen" = xyes; then : + lt_cv_dlopen=dlopen lt_cv_dlopen_libs=-lsvld +else + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for dld_link in -ldld" >&5 +$as_echo_n "checking for dld_link in -ldld... " >&6; } +if ${ac_cv_lib_dld_dld_link+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-ldld $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char dld_link (); +int +main () +{ +return dld_link (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + ac_cv_lib_dld_dld_link=yes +else + ac_cv_lib_dld_dld_link=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dld_dld_link" >&5 +$as_echo "$ac_cv_lib_dld_dld_link" >&6; } +if test "x$ac_cv_lib_dld_dld_link" = xyes; then : + lt_cv_dlopen=dld_link lt_cv_dlopen_libs=-ldld +fi + + +fi + + +fi + + +fi + + +fi + + +fi + + ;; + esac + + if test no = "$lt_cv_dlopen"; then + enable_dlopen=no + else + enable_dlopen=yes + fi + + case $lt_cv_dlopen in + dlopen) + save_CPPFLAGS=$CPPFLAGS + test yes = "$ac_cv_header_dlfcn_h" && CPPFLAGS="$CPPFLAGS -DHAVE_DLFCN_H" + + save_LDFLAGS=$LDFLAGS + wl=$lt_prog_compiler_wl eval LDFLAGS=\"\$LDFLAGS $export_dynamic_flag_spec\" + + save_LIBS=$LIBS + LIBS="$lt_cv_dlopen_libs $LIBS" + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether a program can dlopen itself" >&5 +$as_echo_n "checking whether a program can dlopen itself... " >&6; } +if ${lt_cv_dlopen_self+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test yes = "$cross_compiling"; then : + lt_cv_dlopen_self=cross +else + lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 + lt_status=$lt_dlunknown + cat > conftest.$ac_ext <<_LT_EOF +#line $LINENO "configure" +#include "confdefs.h" + +#if HAVE_DLFCN_H +#include +#endif + +#include + +#ifdef RTLD_GLOBAL +# define LT_DLGLOBAL RTLD_GLOBAL +#else +# ifdef DL_GLOBAL +# define LT_DLGLOBAL DL_GLOBAL +# else +# define LT_DLGLOBAL 0 +# endif +#endif + +/* We may have to define LT_DLLAZY_OR_NOW in the command line if we + find out it does not work in some platform. */ +#ifndef LT_DLLAZY_OR_NOW +# ifdef RTLD_LAZY +# define LT_DLLAZY_OR_NOW RTLD_LAZY +# else +# ifdef DL_LAZY +# define LT_DLLAZY_OR_NOW DL_LAZY +# else +# ifdef RTLD_NOW +# define LT_DLLAZY_OR_NOW RTLD_NOW +# else +# ifdef DL_NOW +# define LT_DLLAZY_OR_NOW DL_NOW +# else +# define LT_DLLAZY_OR_NOW 0 +# endif +# endif +# endif +# endif +#endif + +/* When -fvisibility=hidden is used, assume the code has been annotated + correspondingly for the symbols needed. */ +#if defined __GNUC__ && (((__GNUC__ == 3) && (__GNUC_MINOR__ >= 3)) || (__GNUC__ > 3)) +int fnord () __attribute__((visibility("default"))); +#endif + +int fnord () { return 42; } +int main () +{ + void *self = dlopen (0, LT_DLGLOBAL|LT_DLLAZY_OR_NOW); + int status = $lt_dlunknown; + + if (self) + { + if (dlsym (self,"fnord")) status = $lt_dlno_uscore; + else + { + if (dlsym( self,"_fnord")) status = $lt_dlneed_uscore; + else puts (dlerror ()); + } + /* dlclose (self); */ + } + else + puts (dlerror ()); + + return status; +} +_LT_EOF + if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_link\""; } >&5 + (eval $ac_link) 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } && test -s "conftest$ac_exeext" 2>/dev/null; then + (./conftest; exit; ) >&5 2>/dev/null + lt_status=$? + case x$lt_status in + x$lt_dlno_uscore) lt_cv_dlopen_self=yes ;; + x$lt_dlneed_uscore) lt_cv_dlopen_self=yes ;; + x$lt_dlunknown|x*) lt_cv_dlopen_self=no ;; + esac + else : + # compilation failed + lt_cv_dlopen_self=no + fi +fi +rm -fr conftest* + + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_dlopen_self" >&5 +$as_echo "$lt_cv_dlopen_self" >&6; } + + if test yes = "$lt_cv_dlopen_self"; then + wl=$lt_prog_compiler_wl eval LDFLAGS=\"\$LDFLAGS $lt_prog_compiler_static\" + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether a statically linked program can dlopen itself" >&5 +$as_echo_n "checking whether a statically linked program can dlopen itself... " >&6; } +if ${lt_cv_dlopen_self_static+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test yes = "$cross_compiling"; then : + lt_cv_dlopen_self_static=cross +else + lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 + lt_status=$lt_dlunknown + cat > conftest.$ac_ext <<_LT_EOF +#line $LINENO "configure" +#include "confdefs.h" + +#if HAVE_DLFCN_H +#include +#endif + +#include + +#ifdef RTLD_GLOBAL +# define LT_DLGLOBAL RTLD_GLOBAL +#else +# ifdef DL_GLOBAL +# define LT_DLGLOBAL DL_GLOBAL +# else +# define LT_DLGLOBAL 0 +# endif +#endif + +/* We may have to define LT_DLLAZY_OR_NOW in the command line if we + find out it does not work in some platform. */ +#ifndef LT_DLLAZY_OR_NOW +# ifdef RTLD_LAZY +# define LT_DLLAZY_OR_NOW RTLD_LAZY +# else +# ifdef DL_LAZY +# define LT_DLLAZY_OR_NOW DL_LAZY +# else +# ifdef RTLD_NOW +# define LT_DLLAZY_OR_NOW RTLD_NOW +# else +# ifdef DL_NOW +# define LT_DLLAZY_OR_NOW DL_NOW +# else +# define LT_DLLAZY_OR_NOW 0 +# endif +# endif +# endif +# endif +#endif + +/* When -fvisibility=hidden is used, assume the code has been annotated + correspondingly for the symbols needed. */ +#if defined __GNUC__ && (((__GNUC__ == 3) && (__GNUC_MINOR__ >= 3)) || (__GNUC__ > 3)) +int fnord () __attribute__((visibility("default"))); +#endif + +int fnord () { return 42; } +int main () +{ + void *self = dlopen (0, LT_DLGLOBAL|LT_DLLAZY_OR_NOW); + int status = $lt_dlunknown; + + if (self) + { + if (dlsym (self,"fnord")) status = $lt_dlno_uscore; + else + { + if (dlsym( self,"_fnord")) status = $lt_dlneed_uscore; + else puts (dlerror ()); + } + /* dlclose (self); */ + } + else + puts (dlerror ()); + + return status; +} +_LT_EOF + if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_link\""; } >&5 + (eval $ac_link) 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } && test -s "conftest$ac_exeext" 2>/dev/null; then + (./conftest; exit; ) >&5 2>/dev/null + lt_status=$? + case x$lt_status in + x$lt_dlno_uscore) lt_cv_dlopen_self_static=yes ;; + x$lt_dlneed_uscore) lt_cv_dlopen_self_static=yes ;; + x$lt_dlunknown|x*) lt_cv_dlopen_self_static=no ;; + esac + else : + # compilation failed + lt_cv_dlopen_self_static=no + fi +fi +rm -fr conftest* + + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_dlopen_self_static" >&5 +$as_echo "$lt_cv_dlopen_self_static" >&6; } + fi + + CPPFLAGS=$save_CPPFLAGS + LDFLAGS=$save_LDFLAGS + LIBS=$save_LIBS + ;; + esac + + case $lt_cv_dlopen_self in + yes|no) enable_dlopen_self=$lt_cv_dlopen_self ;; + *) enable_dlopen_self=unknown ;; + esac + + case $lt_cv_dlopen_self_static in + yes|no) enable_dlopen_self_static=$lt_cv_dlopen_self_static ;; + *) enable_dlopen_self_static=unknown ;; + esac +fi + + + + + + + + + + + + + + + + + +striplib= +old_striplib= +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether stripping libraries is possible" >&5 +$as_echo_n "checking whether stripping libraries is possible... " >&6; } +if test -n "$STRIP" && $STRIP -V 2>&1 | $GREP "GNU strip" >/dev/null; then + test -z "$old_striplib" && old_striplib="$STRIP --strip-debug" + test -z "$striplib" && striplib="$STRIP --strip-unneeded" + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } +else +# FIXME - insert some real tests, host_os isn't really good enough + case $host_os in + darwin*) + if test -n "$STRIP"; then + striplib="$STRIP -x" + old_striplib="$STRIP -S" + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + fi + ;; + *) + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + ;; + esac +fi + + + + + + + + + + + + + # Report what library types will actually be built + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if libtool supports shared libraries" >&5 +$as_echo_n "checking if libtool supports shared libraries... " >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $can_build_shared" >&5 +$as_echo "$can_build_shared" >&6; } + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to build shared libraries" >&5 +$as_echo_n "checking whether to build shared libraries... " >&6; } + test no = "$can_build_shared" && enable_shared=no + + # On AIX, shared libraries and static libraries use the same namespace, and + # are all built from PIC. + case $host_os in + aix3*) + test yes = "$enable_shared" && enable_static=no + if test -n "$RANLIB"; then + archive_cmds="$archive_cmds~\$RANLIB \$lib" + postinstall_cmds='$RANLIB $lib' + fi + ;; + + aix[4-9]*) + if test ia64 != "$host_cpu"; then + case $enable_shared,$with_aix_soname,$aix_use_runtimelinking in + yes,aix,yes) ;; # shared object as lib.so file only + yes,svr4,*) ;; # shared object as lib.so archive member only + yes,*) enable_static=no ;; # shared object in lib.a archive as well + esac + fi + ;; + esac + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_shared" >&5 +$as_echo "$enable_shared" >&6; } + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to build static libraries" >&5 +$as_echo_n "checking whether to build static libraries... " >&6; } + # Make sure either enable_shared or enable_static is yes. + test yes = "$enable_shared" || enable_static=yes + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_static" >&5 +$as_echo "$enable_static" >&6; } + + + + +fi +ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu + +CC=$lt_save_CC + + if test -n "$CXX" && ( test no != "$CXX" && + ( (test g++ = "$CXX" && `g++ -v >/dev/null 2>&1` ) || + (test g++ != "$CXX"))); then + ac_ext=cpp +ac_cpp='$CXXCPP $CPPFLAGS' +ac_compile='$CXX -c $CXXFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CXX -o conftest$ac_exeext $CXXFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_cxx_compiler_gnu +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking how to run the C++ preprocessor" >&5 +$as_echo_n "checking how to run the C++ preprocessor... " >&6; } +if test -z "$CXXCPP"; then + if ${ac_cv_prog_CXXCPP+:} false; then : + $as_echo_n "(cached) " >&6 +else + # Double quotes because CXXCPP needs to be expanded + for CXXCPP in "$CXX -E" "/lib/cpp" + do + ac_preproc_ok=false +for ac_cxx_preproc_warn_flag in '' yes +do + # Use a header file that comes with gcc, so configuring glibc + # with a fresh cross-compiler works. + # Prefer to if __STDC__ is defined, since + # exists even on freestanding compilers. + # On the NeXT, cc -E runs the code through the compiler's parser, + # not just through cpp. "Syntax error" is here to catch this case. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#ifdef __STDC__ +# include +#else +# include +#endif + Syntax error +_ACEOF +if ac_fn_cxx_try_cpp "$LINENO"; then : + +else + # Broken: fails on valid input. +continue +fi +rm -f conftest.err conftest.i conftest.$ac_ext + + # OK, works on sane cases. Now check whether nonexistent headers + # can be detected and how. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +_ACEOF +if ac_fn_cxx_try_cpp "$LINENO"; then : + # Broken: success on invalid input. +continue +else + # Passes both tests. +ac_preproc_ok=: +break +fi +rm -f conftest.err conftest.i conftest.$ac_ext + +done +# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped. +rm -f conftest.i conftest.err conftest.$ac_ext +if $ac_preproc_ok; then : + break +fi + + done + ac_cv_prog_CXXCPP=$CXXCPP + +fi + CXXCPP=$ac_cv_prog_CXXCPP +else + ac_cv_prog_CXXCPP=$CXXCPP +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $CXXCPP" >&5 +$as_echo "$CXXCPP" >&6; } +ac_preproc_ok=false +for ac_cxx_preproc_warn_flag in '' yes +do + # Use a header file that comes with gcc, so configuring glibc + # with a fresh cross-compiler works. + # Prefer to if __STDC__ is defined, since + # exists even on freestanding compilers. + # On the NeXT, cc -E runs the code through the compiler's parser, + # not just through cpp. "Syntax error" is here to catch this case. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#ifdef __STDC__ +# include +#else +# include +#endif + Syntax error +_ACEOF +if ac_fn_cxx_try_cpp "$LINENO"; then : + +else + # Broken: fails on valid input. +continue +fi +rm -f conftest.err conftest.i conftest.$ac_ext + + # OK, works on sane cases. Now check whether nonexistent headers + # can be detected and how. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +_ACEOF +if ac_fn_cxx_try_cpp "$LINENO"; then : + # Broken: success on invalid input. +continue +else + # Passes both tests. +ac_preproc_ok=: +break +fi +rm -f conftest.err conftest.i conftest.$ac_ext + +done +# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped. +rm -f conftest.i conftest.err conftest.$ac_ext +if $ac_preproc_ok; then : + +else + { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error $? "C++ preprocessor \"$CXXCPP\" fails sanity check +See \`config.log' for more details" "$LINENO" 5; } +fi + +ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu + +else + _lt_caught_CXX_error=yes +fi + +ac_ext=cpp +ac_cpp='$CXXCPP $CPPFLAGS' +ac_compile='$CXX -c $CXXFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CXX -o conftest$ac_exeext $CXXFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_cxx_compiler_gnu + +archive_cmds_need_lc_CXX=no +allow_undefined_flag_CXX= +always_export_symbols_CXX=no +archive_expsym_cmds_CXX= +compiler_needs_object_CXX=no +export_dynamic_flag_spec_CXX= +hardcode_direct_CXX=no +hardcode_direct_absolute_CXX=no +hardcode_libdir_flag_spec_CXX= +hardcode_libdir_separator_CXX= +hardcode_minus_L_CXX=no +hardcode_shlibpath_var_CXX=unsupported +hardcode_automatic_CXX=no +inherit_rpath_CXX=no +module_cmds_CXX= +module_expsym_cmds_CXX= +link_all_deplibs_CXX=unknown +old_archive_cmds_CXX=$old_archive_cmds +reload_flag_CXX=$reload_flag +reload_cmds_CXX=$reload_cmds +no_undefined_flag_CXX= +whole_archive_flag_spec_CXX= +enable_shared_with_static_runtimes_CXX=no + +# Source file extension for C++ test sources. +ac_ext=cpp + +# Object file extension for compiled C++ test sources. +objext=o +objext_CXX=$objext + +# No sense in running all these tests if we already determined that +# the CXX compiler isn't working. Some variables (like enable_shared) +# are currently assumed to apply to all compilers on this platform, +# and will be corrupted by setting them based on a non-working compiler. +if test yes != "$_lt_caught_CXX_error"; then + # Code to be used in simple compile tests + lt_simple_compile_test_code="int some_variable = 0;" + + # Code to be used in simple link tests + lt_simple_link_test_code='int main(int, char *[]) { return(0); }' + + # ltmain only uses $CC for tagged configurations so make sure $CC is set. + + + + + + +# If no C compiler was specified, use CC. +LTCC=${LTCC-"$CC"} + +# If no C compiler flags were specified, use CFLAGS. +LTCFLAGS=${LTCFLAGS-"$CFLAGS"} + +# Allow CC to be a program name with arguments. +compiler=$CC + + + # save warnings/boilerplate of simple test code + ac_outfile=conftest.$ac_objext +echo "$lt_simple_compile_test_code" >conftest.$ac_ext +eval "$ac_compile" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err +_lt_compiler_boilerplate=`cat conftest.err` +$RM conftest* + + ac_outfile=conftest.$ac_objext +echo "$lt_simple_link_test_code" >conftest.$ac_ext +eval "$ac_link" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err +_lt_linker_boilerplate=`cat conftest.err` +$RM -r conftest* + + + # Allow CC to be a program name with arguments. + lt_save_CC=$CC + lt_save_CFLAGS=$CFLAGS + lt_save_LD=$LD + lt_save_GCC=$GCC + GCC=$GXX + lt_save_with_gnu_ld=$with_gnu_ld + lt_save_path_LD=$lt_cv_path_LD + if test -n "${lt_cv_prog_gnu_ldcxx+set}"; then + lt_cv_prog_gnu_ld=$lt_cv_prog_gnu_ldcxx + else + $as_unset lt_cv_prog_gnu_ld + fi + if test -n "${lt_cv_path_LDCXX+set}"; then + lt_cv_path_LD=$lt_cv_path_LDCXX + else + $as_unset lt_cv_path_LD + fi + test -z "${LDCXX+set}" || LD=$LDCXX + CC=${CXX-"c++"} + CFLAGS=$CXXFLAGS + compiler=$CC + compiler_CXX=$CC + func_cc_basename $compiler +cc_basename=$func_cc_basename_result + + + if test -n "$compiler"; then + # We don't want -fno-exception when compiling C++ code, so set the + # no_builtin_flag separately + if test yes = "$GXX"; then + lt_prog_compiler_no_builtin_flag_CXX=' -fno-builtin' + else + lt_prog_compiler_no_builtin_flag_CXX= + fi + + if test yes = "$GXX"; then + # Set up default GNU C++ configuration + + + +# Check whether --with-gnu-ld was given. +if test "${with_gnu_ld+set}" = set; then : + withval=$with_gnu_ld; test no = "$withval" || with_gnu_ld=yes +else + with_gnu_ld=no +fi + +ac_prog=ld +if test yes = "$GCC"; then + # Check if gcc -print-prog-name=ld gives a path. + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ld used by $CC" >&5 +$as_echo_n "checking for ld used by $CC... " >&6; } + case $host in + *-*-mingw*) + # gcc leaves a trailing carriage return, which upsets mingw + ac_prog=`($CC -print-prog-name=ld) 2>&5 | tr -d '\015'` ;; + *) + ac_prog=`($CC -print-prog-name=ld) 2>&5` ;; + esac + case $ac_prog in + # Accept absolute paths. + [\\/]* | ?:[\\/]*) + re_direlt='/[^/][^/]*/\.\./' + # Canonicalize the pathname of ld + ac_prog=`$ECHO "$ac_prog"| $SED 's%\\\\%/%g'` + while $ECHO "$ac_prog" | $GREP "$re_direlt" > /dev/null 2>&1; do + ac_prog=`$ECHO $ac_prog| $SED "s%$re_direlt%/%"` + done + test -z "$LD" && LD=$ac_prog + ;; + "") + # If it fails, then pretend we aren't using GCC. + ac_prog=ld + ;; + *) + # If it is relative, then search for the first ld in PATH. + with_gnu_ld=unknown + ;; + esac +elif test yes = "$with_gnu_ld"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for GNU ld" >&5 +$as_echo_n "checking for GNU ld... " >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for non-GNU ld" >&5 +$as_echo_n "checking for non-GNU ld... " >&6; } +fi +if ${lt_cv_path_LD+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -z "$LD"; then + lt_save_ifs=$IFS; IFS=$PATH_SEPARATOR + for ac_dir in $PATH; do + IFS=$lt_save_ifs + test -z "$ac_dir" && ac_dir=. + if test -f "$ac_dir/$ac_prog" || test -f "$ac_dir/$ac_prog$ac_exeext"; then + lt_cv_path_LD=$ac_dir/$ac_prog + # Check to see if the program is GNU ld. I'd rather use --version, + # but apparently some variants of GNU ld only accept -v. + # Break only if it was the GNU/non-GNU ld that we prefer. + case `"$lt_cv_path_LD" -v 2>&1 &5 +$as_echo "$LD" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi +test -z "$LD" && as_fn_error $? "no acceptable ld found in \$PATH" "$LINENO" 5 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if the linker ($LD) is GNU ld" >&5 +$as_echo_n "checking if the linker ($LD) is GNU ld... " >&6; } +if ${lt_cv_prog_gnu_ld+:} false; then : + $as_echo_n "(cached) " >&6 +else + # I'd rather use --version here, but apparently some GNU lds only accept -v. +case `$LD -v 2>&1 &5 +$as_echo "$lt_cv_prog_gnu_ld" >&6; } +with_gnu_ld=$lt_cv_prog_gnu_ld + + + + + + + + # Check if GNU C++ uses GNU ld as the underlying linker, since the + # archiving commands below assume that GNU ld is being used. + if test yes = "$with_gnu_ld"; then + archive_cmds_CXX='$CC $pic_flag -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname -o $lib' + archive_expsym_cmds_CXX='$CC $pic_flag -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib' + + hardcode_libdir_flag_spec_CXX='$wl-rpath $wl$libdir' + export_dynamic_flag_spec_CXX='$wl--export-dynamic' + + # If archive_cmds runs LD, not CC, wlarc should be empty + # XXX I think wlarc can be eliminated in ltcf-cxx, but I need to + # investigate it a little bit more. (MM) + wlarc='$wl' + + # ancient GNU ld didn't support --whole-archive et. al. + if eval "`$CC -print-prog-name=ld` --help 2>&1" | + $GREP 'no-whole-archive' > /dev/null; then + whole_archive_flag_spec_CXX=$wlarc'--whole-archive$convenience '$wlarc'--no-whole-archive' + else + whole_archive_flag_spec_CXX= + fi + else + with_gnu_ld=no + wlarc= + + # A generic and very simple default shared library creation + # command for GNU C++ for the case where it uses the native + # linker, instead of GNU ld. If possible, this setting should + # overridden to take advantage of the native linker features on + # the platform it is being used on. + archive_cmds_CXX='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $lib' + fi + + # Commands to make compiler produce verbose output that lists + # what "hidden" libraries, object files and flags are used when + # linking a shared library. + output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP -v "^Configured with:" | $GREP " \-L"' + + else + GXX=no + with_gnu_ld=no + wlarc= + fi + + # PORTME: fill in a description of your system's C++ link characteristics + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the $compiler linker ($LD) supports shared libraries" >&5 +$as_echo_n "checking whether the $compiler linker ($LD) supports shared libraries... " >&6; } + ld_shlibs_CXX=yes + case $host_os in + aix3*) + # FIXME: insert proper C++ library support + ld_shlibs_CXX=no + ;; + aix[4-9]*) + if test ia64 = "$host_cpu"; then + # On IA64, the linker does run time linking by default, so we don't + # have to do anything special. + aix_use_runtimelinking=no + exp_sym_flag='-Bexport' + no_entry_flag= + else + aix_use_runtimelinking=no + + # Test if we are trying to use run time linking or normal + # AIX style linking. If -brtl is somewhere in LDFLAGS, we + # have runtime linking enabled, and use it for executables. + # For shared libraries, we enable/disable runtime linking + # depending on the kind of the shared library created - + # when "with_aix_soname,aix_use_runtimelinking" is: + # "aix,no" lib.a(lib.so.V) shared, rtl:no, for executables + # "aix,yes" lib.so shared, rtl:yes, for executables + # lib.a static archive + # "both,no" lib.so.V(shr.o) shared, rtl:yes + # lib.a(lib.so.V) shared, rtl:no, for executables + # "both,yes" lib.so.V(shr.o) shared, rtl:yes, for executables + # lib.a(lib.so.V) shared, rtl:no + # "svr4,*" lib.so.V(shr.o) shared, rtl:yes, for executables + # lib.a static archive + case $host_os in aix4.[23]|aix4.[23].*|aix[5-9]*) + for ld_flag in $LDFLAGS; do + case $ld_flag in + *-brtl*) + aix_use_runtimelinking=yes + break + ;; + esac + done + if test svr4,no = "$with_aix_soname,$aix_use_runtimelinking"; then + # With aix-soname=svr4, we create the lib.so.V shared archives only, + # so we don't have lib.a shared libs to link our executables. + # We have to force runtime linking in this case. + aix_use_runtimelinking=yes + LDFLAGS="$LDFLAGS -Wl,-brtl" + fi + ;; + esac + + exp_sym_flag='-bexport' + no_entry_flag='-bnoentry' + fi + + # When large executables or shared objects are built, AIX ld can + # have problems creating the table of contents. If linking a library + # or program results in "error TOC overflow" add -mminimal-toc to + # CXXFLAGS/CFLAGS for g++/gcc. In the cases where that is not + # enough to fix the problem, add -Wl,-bbigtoc to LDFLAGS. + + archive_cmds_CXX='' + hardcode_direct_CXX=yes + hardcode_direct_absolute_CXX=yes + hardcode_libdir_separator_CXX=':' + link_all_deplibs_CXX=yes + file_list_spec_CXX='$wl-f,' + case $with_aix_soname,$aix_use_runtimelinking in + aix,*) ;; # no import file + svr4,* | *,yes) # use import file + # The Import File defines what to hardcode. + hardcode_direct_CXX=no + hardcode_direct_absolute_CXX=no + ;; + esac + + if test yes = "$GXX"; then + case $host_os in aix4.[012]|aix4.[012].*) + # We only want to do this on AIX 4.2 and lower, the check + # below for broken collect2 doesn't work under 4.3+ + collect2name=`$CC -print-prog-name=collect2` + if test -f "$collect2name" && + strings "$collect2name" | $GREP resolve_lib_name >/dev/null + then + # We have reworked collect2 + : + else + # We have old collect2 + hardcode_direct_CXX=unsupported + # It fails to find uninstalled libraries when the uninstalled + # path is not listed in the libpath. Setting hardcode_minus_L + # to unsupported forces relinking + hardcode_minus_L_CXX=yes + hardcode_libdir_flag_spec_CXX='-L$libdir' + hardcode_libdir_separator_CXX= + fi + esac + shared_flag='-shared' + if test yes = "$aix_use_runtimelinking"; then + shared_flag=$shared_flag' $wl-G' + fi + # Need to ensure runtime linking is disabled for the traditional + # shared library, or the linker may eventually find shared libraries + # /with/ Import File - we do not want to mix them. + shared_flag_aix='-shared' + shared_flag_svr4='-shared $wl-G' + else + # not using gcc + if test ia64 = "$host_cpu"; then + # VisualAge C++, Version 5.5 for AIX 5L for IA-64, Beta 3 Release + # chokes on -Wl,-G. The following line is correct: + shared_flag='-G' + else + if test yes = "$aix_use_runtimelinking"; then + shared_flag='$wl-G' + else + shared_flag='$wl-bM:SRE' + fi + shared_flag_aix='$wl-bM:SRE' + shared_flag_svr4='$wl-G' + fi + fi + + export_dynamic_flag_spec_CXX='$wl-bexpall' + # It seems that -bexpall does not export symbols beginning with + # underscore (_), so it is better to generate a list of symbols to + # export. + always_export_symbols_CXX=yes + if test aix,yes = "$with_aix_soname,$aix_use_runtimelinking"; then + # Warning - without using the other runtime loading flags (-brtl), + # -berok will link without error, but may produce a broken library. + # The "-G" linker flag allows undefined symbols. + no_undefined_flag_CXX='-bernotok' + # Determine the default libpath from the value encoded in an empty + # executable. + if test set = "${lt_cv_aix_libpath+set}"; then + aix_libpath=$lt_cv_aix_libpath +else + if ${lt_cv_aix_libpath__CXX+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_cxx_try_link "$LINENO"; then : + + lt_aix_libpath_sed=' + /Import File Strings/,/^$/ { + /^0/ { + s/^0 *\([^ ]*\) *$/\1/ + p + } + }' + lt_cv_aix_libpath__CXX=`dump -H conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"` + # Check for a 64-bit object if we didn't find anything. + if test -z "$lt_cv_aix_libpath__CXX"; then + lt_cv_aix_libpath__CXX=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"` + fi +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + if test -z "$lt_cv_aix_libpath__CXX"; then + lt_cv_aix_libpath__CXX=/usr/lib:/lib + fi + +fi + + aix_libpath=$lt_cv_aix_libpath__CXX +fi + + hardcode_libdir_flag_spec_CXX='$wl-blibpath:$libdir:'"$aix_libpath" + + archive_expsym_cmds_CXX='$CC -o $output_objdir/$soname $libobjs $deplibs $wl'$no_entry_flag' $compiler_flags `if test -n "$allow_undefined_flag"; then func_echo_all "$wl$allow_undefined_flag"; else :; fi` $wl'$exp_sym_flag:\$export_symbols' '$shared_flag + else + if test ia64 = "$host_cpu"; then + hardcode_libdir_flag_spec_CXX='$wl-R $libdir:/usr/lib:/lib' + allow_undefined_flag_CXX="-z nodefs" + archive_expsym_cmds_CXX="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs '"\$wl$no_entry_flag"' $compiler_flags $wl$allow_undefined_flag '"\$wl$exp_sym_flag:\$export_symbols" + else + # Determine the default libpath from the value encoded in an + # empty executable. + if test set = "${lt_cv_aix_libpath+set}"; then + aix_libpath=$lt_cv_aix_libpath +else + if ${lt_cv_aix_libpath__CXX+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_cxx_try_link "$LINENO"; then : + + lt_aix_libpath_sed=' + /Import File Strings/,/^$/ { + /^0/ { + s/^0 *\([^ ]*\) *$/\1/ + p + } + }' + lt_cv_aix_libpath__CXX=`dump -H conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"` + # Check for a 64-bit object if we didn't find anything. + if test -z "$lt_cv_aix_libpath__CXX"; then + lt_cv_aix_libpath__CXX=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"` + fi +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + if test -z "$lt_cv_aix_libpath__CXX"; then + lt_cv_aix_libpath__CXX=/usr/lib:/lib + fi + +fi + + aix_libpath=$lt_cv_aix_libpath__CXX +fi + + hardcode_libdir_flag_spec_CXX='$wl-blibpath:$libdir:'"$aix_libpath" + # Warning - without using the other run time loading flags, + # -berok will link without error, but may produce a broken library. + no_undefined_flag_CXX=' $wl-bernotok' + allow_undefined_flag_CXX=' $wl-berok' + if test yes = "$with_gnu_ld"; then + # We only use this code for GNU lds that support --whole-archive. + whole_archive_flag_spec_CXX='$wl--whole-archive$convenience $wl--no-whole-archive' + else + # Exported symbols can be pulled into shared objects from archives + whole_archive_flag_spec_CXX='$convenience' + fi + archive_cmds_need_lc_CXX=yes + archive_expsym_cmds_CXX='$RM -r $output_objdir/$realname.d~$MKDIR $output_objdir/$realname.d' + # -brtl affects multiple linker settings, -berok does not and is overridden later + compiler_flags_filtered='`func_echo_all "$compiler_flags " | $SED -e "s%-brtl\\([, ]\\)%-berok\\1%g"`' + if test svr4 != "$with_aix_soname"; then + # This is similar to how AIX traditionally builds its shared + # libraries. Need -bnortl late, we may have -brtl in LDFLAGS. + archive_expsym_cmds_CXX="$archive_expsym_cmds_CXX"'~$CC '$shared_flag_aix' -o $output_objdir/$realname.d/$soname $libobjs $deplibs $wl-bnoentry '$compiler_flags_filtered'$wl-bE:$export_symbols$allow_undefined_flag~$AR $AR_FLAGS $output_objdir/$libname$release.a $output_objdir/$realname.d/$soname' + fi + if test aix != "$with_aix_soname"; then + archive_expsym_cmds_CXX="$archive_expsym_cmds_CXX"'~$CC '$shared_flag_svr4' -o $output_objdir/$realname.d/$shared_archive_member_spec.o $libobjs $deplibs $wl-bnoentry '$compiler_flags_filtered'$wl-bE:$export_symbols$allow_undefined_flag~$STRIP -e $output_objdir/$realname.d/$shared_archive_member_spec.o~( func_echo_all "#! $soname($shared_archive_member_spec.o)"; if test shr_64 = "$shared_archive_member_spec"; then func_echo_all "# 64"; else func_echo_all "# 32"; fi; cat $export_symbols ) > $output_objdir/$realname.d/$shared_archive_member_spec.imp~$AR $AR_FLAGS $output_objdir/$soname $output_objdir/$realname.d/$shared_archive_member_spec.o $output_objdir/$realname.d/$shared_archive_member_spec.imp' + else + # used by -dlpreopen to get the symbols + archive_expsym_cmds_CXX="$archive_expsym_cmds_CXX"'~$MV $output_objdir/$realname.d/$soname $output_objdir' + fi + archive_expsym_cmds_CXX="$archive_expsym_cmds_CXX"'~$RM -r $output_objdir/$realname.d' + fi + fi + ;; + + beos*) + if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then + allow_undefined_flag_CXX=unsupported + # Joseph Beckenbach says some releases of gcc + # support --undefined. This deserves some investigation. FIXME + archive_cmds_CXX='$CC -nostart $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib' + else + ld_shlibs_CXX=no + fi + ;; + + chorus*) + case $cc_basename in + *) + # FIXME: insert proper C++ library support + ld_shlibs_CXX=no + ;; + esac + ;; + + cygwin* | mingw* | pw32* | cegcc*) + case $GXX,$cc_basename in + ,cl* | no,cl*) + # Native MSVC + # hardcode_libdir_flag_spec is actually meaningless, as there is + # no search path for DLLs. + hardcode_libdir_flag_spec_CXX=' ' + allow_undefined_flag_CXX=unsupported + always_export_symbols_CXX=yes + file_list_spec_CXX='@' + # Tell ltmain to make .lib files, not .a files. + libext=lib + # Tell ltmain to make .dll files, not .so files. + shrext_cmds=.dll + # FIXME: Setting linknames here is a bad hack. + archive_cmds_CXX='$CC -o $output_objdir/$soname $libobjs $compiler_flags $deplibs -Wl,-DLL,-IMPLIB:"$tool_output_objdir$libname.dll.lib"~linknames=' + archive_expsym_cmds_CXX='if test DEF = "`$SED -n -e '\''s/^[ ]*//'\'' -e '\''/^\(;.*\)*$/d'\'' -e '\''s/^\(EXPORTS\|LIBRARY\)\([ ].*\)*$/DEF/p'\'' -e q $export_symbols`" ; then + cp "$export_symbols" "$output_objdir/$soname.def"; + echo "$tool_output_objdir$soname.def" > "$output_objdir/$soname.exp"; + else + $SED -e '\''s/^/-link -EXPORT:/'\'' < $export_symbols > $output_objdir/$soname.exp; + fi~ + $CC -o $tool_output_objdir$soname $libobjs $compiler_flags $deplibs "@$tool_output_objdir$soname.exp" -Wl,-DLL,-IMPLIB:"$tool_output_objdir$libname.dll.lib"~ + linknames=' + # The linker will not automatically build a static lib if we build a DLL. + # _LT_TAGVAR(old_archive_from_new_cmds, CXX)='true' + enable_shared_with_static_runtimes_CXX=yes + # Don't use ranlib + old_postinstall_cmds_CXX='chmod 644 $oldlib' + postlink_cmds_CXX='lt_outputfile="@OUTPUT@"~ + lt_tool_outputfile="@TOOL_OUTPUT@"~ + case $lt_outputfile in + *.exe|*.EXE) ;; + *) + lt_outputfile=$lt_outputfile.exe + lt_tool_outputfile=$lt_tool_outputfile.exe + ;; + esac~ + func_to_tool_file "$lt_outputfile"~ + if test : != "$MANIFEST_TOOL" && test -f "$lt_outputfile.manifest"; then + $MANIFEST_TOOL -manifest "$lt_tool_outputfile.manifest" -outputresource:"$lt_tool_outputfile" || exit 1; + $RM "$lt_outputfile.manifest"; + fi' + ;; + *) + # g++ + # _LT_TAGVAR(hardcode_libdir_flag_spec, CXX) is actually meaningless, + # as there is no search path for DLLs. + hardcode_libdir_flag_spec_CXX='-L$libdir' + export_dynamic_flag_spec_CXX='$wl--export-all-symbols' + allow_undefined_flag_CXX=unsupported + always_export_symbols_CXX=no + enable_shared_with_static_runtimes_CXX=yes + + if $LD --help 2>&1 | $GREP 'auto-import' > /dev/null; then + archive_cmds_CXX='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $output_objdir/$soname $wl--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib' + # If the export-symbols file already is a .def file, use it as + # is; otherwise, prepend EXPORTS... + archive_expsym_cmds_CXX='if test DEF = "`$SED -n -e '\''s/^[ ]*//'\'' -e '\''/^\(;.*\)*$/d'\'' -e '\''s/^\(EXPORTS\|LIBRARY\)\([ ].*\)*$/DEF/p'\'' -e q $export_symbols`" ; then + cp $export_symbols $output_objdir/$soname.def; + else + echo EXPORTS > $output_objdir/$soname.def; + cat $export_symbols >> $output_objdir/$soname.def; + fi~ + $CC -shared -nostdlib $output_objdir/$soname.def $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $output_objdir/$soname $wl--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib' + else + ld_shlibs_CXX=no + fi + ;; + esac + ;; + darwin* | rhapsody*) + + + archive_cmds_need_lc_CXX=no + hardcode_direct_CXX=no + hardcode_automatic_CXX=yes + hardcode_shlibpath_var_CXX=unsupported + if test yes = "$lt_cv_ld_force_load"; then + whole_archive_flag_spec_CXX='`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience $wl-force_load,$conv\"; done; func_echo_all \"$new_convenience\"`' + + else + whole_archive_flag_spec_CXX='' + fi + link_all_deplibs_CXX=yes + allow_undefined_flag_CXX=$_lt_dar_allow_undefined + case $cc_basename in + ifort*|nagfor*) _lt_dar_can_shared=yes ;; + *) _lt_dar_can_shared=$GCC ;; + esac + if test yes = "$_lt_dar_can_shared"; then + output_verbose_link_cmd=func_echo_all + archive_cmds_CXX="\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring $_lt_dar_single_mod$_lt_dsymutil" + module_cmds_CXX="\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags$_lt_dsymutil" + archive_expsym_cmds_CXX="sed 's|^|_|' < \$export_symbols > \$output_objdir/\$libname-symbols.expsym~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring $_lt_dar_single_mod$_lt_dar_export_syms$_lt_dsymutil" + module_expsym_cmds_CXX="sed -e 's|^|_|' < \$export_symbols > \$output_objdir/\$libname-symbols.expsym~\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags$_lt_dar_export_syms$_lt_dsymutil" + if test yes != "$lt_cv_apple_cc_single_mod"; then + archive_cmds_CXX="\$CC -r -keep_private_externs -nostdlib -o \$lib-master.o \$libobjs~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$lib-master.o \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring$_lt_dsymutil" + archive_expsym_cmds_CXX="sed 's|^|_|' < \$export_symbols > \$output_objdir/\$libname-symbols.expsym~\$CC -r -keep_private_externs -nostdlib -o \$lib-master.o \$libobjs~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$lib-master.o \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring$_lt_dar_export_syms$_lt_dsymutil" + fi + + else + ld_shlibs_CXX=no + fi + + ;; + + os2*) + hardcode_libdir_flag_spec_CXX='-L$libdir' + hardcode_minus_L_CXX=yes + allow_undefined_flag_CXX=unsupported + shrext_cmds=.dll + archive_cmds_CXX='$ECHO "LIBRARY ${soname%$shared_ext} INITINSTANCE TERMINSTANCE" > $output_objdir/$libname.def~ + $ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~ + $ECHO "DATA MULTIPLE NONSHARED" >> $output_objdir/$libname.def~ + $ECHO EXPORTS >> $output_objdir/$libname.def~ + emxexp $libobjs | $SED /"_DLL_InitTerm"/d >> $output_objdir/$libname.def~ + $CC -Zdll -Zcrtdll -o $output_objdir/$soname $libobjs $deplibs $compiler_flags $output_objdir/$libname.def~ + emximp -o $lib $output_objdir/$libname.def' + archive_expsym_cmds_CXX='$ECHO "LIBRARY ${soname%$shared_ext} INITINSTANCE TERMINSTANCE" > $output_objdir/$libname.def~ + $ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~ + $ECHO "DATA MULTIPLE NONSHARED" >> $output_objdir/$libname.def~ + $ECHO EXPORTS >> $output_objdir/$libname.def~ + prefix_cmds="$SED"~ + if test EXPORTS = "`$SED 1q $export_symbols`"; then + prefix_cmds="$prefix_cmds -e 1d"; + fi~ + prefix_cmds="$prefix_cmds -e \"s/^\(.*\)$/_\1/g\""~ + cat $export_symbols | $prefix_cmds >> $output_objdir/$libname.def~ + $CC -Zdll -Zcrtdll -o $output_objdir/$soname $libobjs $deplibs $compiler_flags $output_objdir/$libname.def~ + emximp -o $lib $output_objdir/$libname.def' + old_archive_From_new_cmds_CXX='emximp -o $output_objdir/${libname}_dll.a $output_objdir/$libname.def' + enable_shared_with_static_runtimes_CXX=yes + ;; + + dgux*) + case $cc_basename in + ec++*) + # FIXME: insert proper C++ library support + ld_shlibs_CXX=no + ;; + ghcx*) + # Green Hills C++ Compiler + # FIXME: insert proper C++ library support + ld_shlibs_CXX=no + ;; + *) + # FIXME: insert proper C++ library support + ld_shlibs_CXX=no + ;; + esac + ;; + + freebsd2.*) + # C++ shared libraries reported to be fairly broken before + # switch to ELF + ld_shlibs_CXX=no + ;; + + freebsd-elf*) + archive_cmds_need_lc_CXX=no + ;; + + freebsd* | dragonfly*) + # FreeBSD 3 and later use GNU C++ and GNU ld with standard ELF + # conventions + ld_shlibs_CXX=yes + ;; + + haiku*) + archive_cmds_CXX='$CC -shared $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib' + link_all_deplibs_CXX=yes + ;; + + hpux9*) + hardcode_libdir_flag_spec_CXX='$wl+b $wl$libdir' + hardcode_libdir_separator_CXX=: + export_dynamic_flag_spec_CXX='$wl-E' + hardcode_direct_CXX=yes + hardcode_minus_L_CXX=yes # Not in the search PATH, + # but as the default + # location of the library. + + case $cc_basename in + CC*) + # FIXME: insert proper C++ library support + ld_shlibs_CXX=no + ;; + aCC*) + archive_cmds_CXX='$RM $output_objdir/$soname~$CC -b $wl+b $wl$install_libdir -o $output_objdir/$soname $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~test "x$output_objdir/$soname" = "x$lib" || mv $output_objdir/$soname $lib' + # Commands to make compiler produce verbose output that lists + # what "hidden" libraries, object files and flags are used when + # linking a shared library. + # + # There doesn't appear to be a way to prevent this compiler from + # explicitly linking system object files so we need to strip them + # from the output so that they don't get included in the library + # dependencies. + output_verbose_link_cmd='templist=`($CC -b $CFLAGS -v conftest.$objext 2>&1) | $EGREP " \-L"`; list= ; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; func_echo_all "$list"' + ;; + *) + if test yes = "$GXX"; then + archive_cmds_CXX='$RM $output_objdir/$soname~$CC -shared -nostdlib $pic_flag $wl+b $wl$install_libdir -o $output_objdir/$soname $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~test "x$output_objdir/$soname" = "x$lib" || mv $output_objdir/$soname $lib' + else + # FIXME: insert proper C++ library support + ld_shlibs_CXX=no + fi + ;; + esac + ;; + + hpux10*|hpux11*) + if test no = "$with_gnu_ld"; then + hardcode_libdir_flag_spec_CXX='$wl+b $wl$libdir' + hardcode_libdir_separator_CXX=: + + case $host_cpu in + hppa*64*|ia64*) + ;; + *) + export_dynamic_flag_spec_CXX='$wl-E' + ;; + esac + fi + case $host_cpu in + hppa*64*|ia64*) + hardcode_direct_CXX=no + hardcode_shlibpath_var_CXX=no + ;; + *) + hardcode_direct_CXX=yes + hardcode_direct_absolute_CXX=yes + hardcode_minus_L_CXX=yes # Not in the search PATH, + # but as the default + # location of the library. + ;; + esac + + case $cc_basename in + CC*) + # FIXME: insert proper C++ library support + ld_shlibs_CXX=no + ;; + aCC*) + case $host_cpu in + hppa*64*) + archive_cmds_CXX='$CC -b $wl+h $wl$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' + ;; + ia64*) + archive_cmds_CXX='$CC -b $wl+h $wl$soname $wl+nodefaultrpath -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' + ;; + *) + archive_cmds_CXX='$CC -b $wl+h $wl$soname $wl+b $wl$install_libdir -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' + ;; + esac + # Commands to make compiler produce verbose output that lists + # what "hidden" libraries, object files and flags are used when + # linking a shared library. + # + # There doesn't appear to be a way to prevent this compiler from + # explicitly linking system object files so we need to strip them + # from the output so that they don't get included in the library + # dependencies. + output_verbose_link_cmd='templist=`($CC -b $CFLAGS -v conftest.$objext 2>&1) | $GREP " \-L"`; list= ; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; func_echo_all "$list"' + ;; + *) + if test yes = "$GXX"; then + if test no = "$with_gnu_ld"; then + case $host_cpu in + hppa*64*) + archive_cmds_CXX='$CC -shared -nostdlib -fPIC $wl+h $wl$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' + ;; + ia64*) + archive_cmds_CXX='$CC -shared -nostdlib $pic_flag $wl+h $wl$soname $wl+nodefaultrpath -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' + ;; + *) + archive_cmds_CXX='$CC -shared -nostdlib $pic_flag $wl+h $wl$soname $wl+b $wl$install_libdir -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' + ;; + esac + fi + else + # FIXME: insert proper C++ library support + ld_shlibs_CXX=no + fi + ;; + esac + ;; + + interix[3-9]*) + hardcode_direct_CXX=no + hardcode_shlibpath_var_CXX=no + hardcode_libdir_flag_spec_CXX='$wl-rpath,$libdir' + export_dynamic_flag_spec_CXX='$wl-E' + # Hack: On Interix 3.x, we cannot compile PIC because of a broken gcc. + # Instead, shared libraries are loaded at an image base (0x10000000 by + # default) and relocated if they conflict, which is a slow very memory + # consuming and fragmenting process. To avoid this, we pick a random, + # 256 KiB-aligned image base between 0x50000000 and 0x6FFC0000 at link + # time. Moving up from 0x10000000 also allows more sbrk(2) space. + archive_cmds_CXX='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-h,$soname $wl--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib' + archive_expsym_cmds_CXX='sed "s|^|_|" $export_symbols >$output_objdir/$soname.expsym~$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-h,$soname $wl--retain-symbols-file,$output_objdir/$soname.expsym $wl--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib' + ;; + irix5* | irix6*) + case $cc_basename in + CC*) + # SGI C++ + archive_cmds_CXX='$CC -shared -all -multigot $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib' + + # Archives containing C++ object files must be created using + # "CC -ar", where "CC" is the IRIX C++ compiler. This is + # necessary to make sure instantiated templates are included + # in the archive. + old_archive_cmds_CXX='$CC -ar -WR,-u -o $oldlib $oldobjs' + ;; + *) + if test yes = "$GXX"; then + if test no = "$with_gnu_ld"; then + archive_cmds_CXX='$CC -shared $pic_flag -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations -o $lib' + else + archive_cmds_CXX='$CC -shared $pic_flag -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` -o $lib' + fi + fi + link_all_deplibs_CXX=yes + ;; + esac + hardcode_libdir_flag_spec_CXX='$wl-rpath $wl$libdir' + hardcode_libdir_separator_CXX=: + inherit_rpath_CXX=yes + ;; + + linux* | k*bsd*-gnu | kopensolaris*-gnu | gnu*) + case $cc_basename in + KCC*) + # Kuck and Associates, Inc. (KAI) C++ Compiler + + # KCC will only create a shared library if the output file + # ends with ".so" (or ".sl" for HP-UX), so rename the library + # to its proper name (with version) after linking. + archive_cmds_CXX='tempext=`echo $shared_ext | $SED -e '\''s/\([^()0-9A-Za-z{}]\)/\\\\\1/g'\''`; templib=`echo $lib | $SED -e "s/\$tempext\..*/.so/"`; $CC $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags --soname $soname -o \$templib; mv \$templib $lib' + archive_expsym_cmds_CXX='tempext=`echo $shared_ext | $SED -e '\''s/\([^()0-9A-Za-z{}]\)/\\\\\1/g'\''`; templib=`echo $lib | $SED -e "s/\$tempext\..*/.so/"`; $CC $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags --soname $soname -o \$templib $wl-retain-symbols-file,$export_symbols; mv \$templib $lib' + # Commands to make compiler produce verbose output that lists + # what "hidden" libraries, object files and flags are used when + # linking a shared library. + # + # There doesn't appear to be a way to prevent this compiler from + # explicitly linking system object files so we need to strip them + # from the output so that they don't get included in the library + # dependencies. + output_verbose_link_cmd='templist=`$CC $CFLAGS -v conftest.$objext -o libconftest$shared_ext 2>&1 | $GREP "ld"`; rm -f libconftest$shared_ext; list= ; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; func_echo_all "$list"' + + hardcode_libdir_flag_spec_CXX='$wl-rpath,$libdir' + export_dynamic_flag_spec_CXX='$wl--export-dynamic' + + # Archives containing C++ object files must be created using + # "CC -Bstatic", where "CC" is the KAI C++ compiler. + old_archive_cmds_CXX='$CC -Bstatic -o $oldlib $oldobjs' + ;; + icpc* | ecpc* ) + # Intel C++ + with_gnu_ld=yes + # version 8.0 and above of icpc choke on multiply defined symbols + # if we add $predep_objects and $postdep_objects, however 7.1 and + # earlier do not add the objects themselves. + case `$CC -V 2>&1` in + *"Version 7."*) + archive_cmds_CXX='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname -o $lib' + archive_expsym_cmds_CXX='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib' + ;; + *) # Version 8.0 or newer + tmp_idyn= + case $host_cpu in + ia64*) tmp_idyn=' -i_dynamic';; + esac + archive_cmds_CXX='$CC -shared'"$tmp_idyn"' $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib' + archive_expsym_cmds_CXX='$CC -shared'"$tmp_idyn"' $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib' + ;; + esac + archive_cmds_need_lc_CXX=no + hardcode_libdir_flag_spec_CXX='$wl-rpath,$libdir' + export_dynamic_flag_spec_CXX='$wl--export-dynamic' + whole_archive_flag_spec_CXX='$wl--whole-archive$convenience $wl--no-whole-archive' + ;; + pgCC* | pgcpp*) + # Portland Group C++ compiler + case `$CC -V` in + *pgCC\ [1-5].* | *pgcpp\ [1-5].*) + prelink_cmds_CXX='tpldir=Template.dir~ + rm -rf $tpldir~ + $CC --prelink_objects --instantiation_dir $tpldir $objs $libobjs $compile_deplibs~ + compile_command="$compile_command `find $tpldir -name \*.o | sort | $NL2SP`"' + old_archive_cmds_CXX='tpldir=Template.dir~ + rm -rf $tpldir~ + $CC --prelink_objects --instantiation_dir $tpldir $oldobjs$old_deplibs~ + $AR $AR_FLAGS $oldlib$oldobjs$old_deplibs `find $tpldir -name \*.o | sort | $NL2SP`~ + $RANLIB $oldlib' + archive_cmds_CXX='tpldir=Template.dir~ + rm -rf $tpldir~ + $CC --prelink_objects --instantiation_dir $tpldir $predep_objects $libobjs $deplibs $convenience $postdep_objects~ + $CC -shared $pic_flag $predep_objects $libobjs $deplibs `find $tpldir -name \*.o | sort | $NL2SP` $postdep_objects $compiler_flags $wl-soname $wl$soname -o $lib' + archive_expsym_cmds_CXX='tpldir=Template.dir~ + rm -rf $tpldir~ + $CC --prelink_objects --instantiation_dir $tpldir $predep_objects $libobjs $deplibs $convenience $postdep_objects~ + $CC -shared $pic_flag $predep_objects $libobjs $deplibs `find $tpldir -name \*.o | sort | $NL2SP` $postdep_objects $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib' + ;; + *) # Version 6 and above use weak symbols + archive_cmds_CXX='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname -o $lib' + archive_expsym_cmds_CXX='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib' + ;; + esac + + hardcode_libdir_flag_spec_CXX='$wl--rpath $wl$libdir' + export_dynamic_flag_spec_CXX='$wl--export-dynamic' + whole_archive_flag_spec_CXX='$wl--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` $wl--no-whole-archive' + ;; + cxx*) + # Compaq C++ + archive_cmds_CXX='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname -o $lib' + archive_expsym_cmds_CXX='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname -o $lib $wl-retain-symbols-file $wl$export_symbols' + + runpath_var=LD_RUN_PATH + hardcode_libdir_flag_spec_CXX='-rpath $libdir' + hardcode_libdir_separator_CXX=: + + # Commands to make compiler produce verbose output that lists + # what "hidden" libraries, object files and flags are used when + # linking a shared library. + # + # There doesn't appear to be a way to prevent this compiler from + # explicitly linking system object files so we need to strip them + # from the output so that they don't get included in the library + # dependencies. + output_verbose_link_cmd='templist=`$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP "ld"`; templist=`func_echo_all "$templist" | $SED "s/\(^.*ld.*\)\( .*ld .*$\)/\1/"`; list= ; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; func_echo_all "X$list" | $Xsed' + ;; + xl* | mpixl* | bgxl*) + # IBM XL 8.0 on PPC, with GNU ld + hardcode_libdir_flag_spec_CXX='$wl-rpath $wl$libdir' + export_dynamic_flag_spec_CXX='$wl--export-dynamic' + archive_cmds_CXX='$CC -qmkshrobj $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib' + if test yes = "$supports_anon_versioning"; then + archive_expsym_cmds_CXX='echo "{ global:" > $output_objdir/$libname.ver~ + cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~ + echo "local: *; };" >> $output_objdir/$libname.ver~ + $CC -qmkshrobj $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-version-script $wl$output_objdir/$libname.ver -o $lib' + fi + ;; + *) + case `$CC -V 2>&1 | sed 5q` in + *Sun\ C*) + # Sun C++ 5.9 + no_undefined_flag_CXX=' -zdefs' + archive_cmds_CXX='$CC -G$allow_undefined_flag -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' + archive_expsym_cmds_CXX='$CC -G$allow_undefined_flag -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-retain-symbols-file $wl$export_symbols' + hardcode_libdir_flag_spec_CXX='-R$libdir' + whole_archive_flag_spec_CXX='$wl--whole-archive`new_convenience=; for conv in $convenience\"\"; do test -z \"$conv\" || new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` $wl--no-whole-archive' + compiler_needs_object_CXX=yes + + # Not sure whether something based on + # $CC $CFLAGS -v conftest.$objext -o libconftest$shared_ext 2>&1 + # would be better. + output_verbose_link_cmd='func_echo_all' + + # Archives containing C++ object files must be created using + # "CC -xar", where "CC" is the Sun C++ compiler. This is + # necessary to make sure instantiated templates are included + # in the archive. + old_archive_cmds_CXX='$CC -xar -o $oldlib $oldobjs' + ;; + esac + ;; + esac + ;; + + lynxos*) + # FIXME: insert proper C++ library support + ld_shlibs_CXX=no + ;; + + m88k*) + # FIXME: insert proper C++ library support + ld_shlibs_CXX=no + ;; + + mvs*) + case $cc_basename in + cxx*) + # FIXME: insert proper C++ library support + ld_shlibs_CXX=no + ;; + *) + # FIXME: insert proper C++ library support + ld_shlibs_CXX=no + ;; + esac + ;; + + netbsd*) + if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then + archive_cmds_CXX='$LD -Bshareable -o $lib $predep_objects $libobjs $deplibs $postdep_objects $linker_flags' + wlarc= + hardcode_libdir_flag_spec_CXX='-R$libdir' + hardcode_direct_CXX=yes + hardcode_shlibpath_var_CXX=no + fi + # Workaround some broken pre-1.5 toolchains + output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP conftest.$objext | $SED -e "s:-lgcc -lc -lgcc::"' + ;; + + *nto* | *qnx*) + ld_shlibs_CXX=yes + ;; + + openbsd* | bitrig*) + if test -f /usr/libexec/ld.so; then + hardcode_direct_CXX=yes + hardcode_shlibpath_var_CXX=no + hardcode_direct_absolute_CXX=yes + archive_cmds_CXX='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $lib' + hardcode_libdir_flag_spec_CXX='$wl-rpath,$libdir' + if test -z "`echo __ELF__ | $CC -E - | grep __ELF__`"; then + archive_expsym_cmds_CXX='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-retain-symbols-file,$export_symbols -o $lib' + export_dynamic_flag_spec_CXX='$wl-E' + whole_archive_flag_spec_CXX=$wlarc'--whole-archive$convenience '$wlarc'--no-whole-archive' + fi + output_verbose_link_cmd=func_echo_all + else + ld_shlibs_CXX=no + fi + ;; + + osf3* | osf4* | osf5*) + case $cc_basename in + KCC*) + # Kuck and Associates, Inc. (KAI) C++ Compiler + + # KCC will only create a shared library if the output file + # ends with ".so" (or ".sl" for HP-UX), so rename the library + # to its proper name (with version) after linking. + archive_cmds_CXX='tempext=`echo $shared_ext | $SED -e '\''s/\([^()0-9A-Za-z{}]\)/\\\\\1/g'\''`; templib=`echo "$lib" | $SED -e "s/\$tempext\..*/.so/"`; $CC $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags --soname $soname -o \$templib; mv \$templib $lib' + + hardcode_libdir_flag_spec_CXX='$wl-rpath,$libdir' + hardcode_libdir_separator_CXX=: + + # Archives containing C++ object files must be created using + # the KAI C++ compiler. + case $host in + osf3*) old_archive_cmds_CXX='$CC -Bstatic -o $oldlib $oldobjs' ;; + *) old_archive_cmds_CXX='$CC -o $oldlib $oldobjs' ;; + esac + ;; + RCC*) + # Rational C++ 2.4.1 + # FIXME: insert proper C++ library support + ld_shlibs_CXX=no + ;; + cxx*) + case $host in + osf3*) + allow_undefined_flag_CXX=' $wl-expect_unresolved $wl\*' + archive_cmds_CXX='$CC -shared$allow_undefined_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $soname `test -n "$verstring" && func_echo_all "$wl-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib' + hardcode_libdir_flag_spec_CXX='$wl-rpath $wl$libdir' + ;; + *) + allow_undefined_flag_CXX=' -expect_unresolved \*' + archive_cmds_CXX='$CC -shared$allow_undefined_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -msym -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib' + archive_expsym_cmds_CXX='for i in `cat $export_symbols`; do printf "%s %s\\n" -exported_symbol "\$i" >> $lib.exp; done~ + echo "-hidden">> $lib.exp~ + $CC -shared$allow_undefined_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -msym -soname $soname $wl-input $wl$lib.exp `test -n "$verstring" && $ECHO "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib~ + $RM $lib.exp' + hardcode_libdir_flag_spec_CXX='-rpath $libdir' + ;; + esac + + hardcode_libdir_separator_CXX=: + + # Commands to make compiler produce verbose output that lists + # what "hidden" libraries, object files and flags are used when + # linking a shared library. + # + # There doesn't appear to be a way to prevent this compiler from + # explicitly linking system object files so we need to strip them + # from the output so that they don't get included in the library + # dependencies. + output_verbose_link_cmd='templist=`$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP "ld" | $GREP -v "ld:"`; templist=`func_echo_all "$templist" | $SED "s/\(^.*ld.*\)\( .*ld.*$\)/\1/"`; list= ; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; func_echo_all "$list"' + ;; + *) + if test yes,no = "$GXX,$with_gnu_ld"; then + allow_undefined_flag_CXX=' $wl-expect_unresolved $wl\*' + case $host in + osf3*) + archive_cmds_CXX='$CC -shared -nostdlib $allow_undefined_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations -o $lib' + ;; + *) + archive_cmds_CXX='$CC -shared $pic_flag -nostdlib $allow_undefined_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-msym $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations -o $lib' + ;; + esac + + hardcode_libdir_flag_spec_CXX='$wl-rpath $wl$libdir' + hardcode_libdir_separator_CXX=: + + # Commands to make compiler produce verbose output that lists + # what "hidden" libraries, object files and flags are used when + # linking a shared library. + output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP -v "^Configured with:" | $GREP " \-L"' + + else + # FIXME: insert proper C++ library support + ld_shlibs_CXX=no + fi + ;; + esac + ;; + + psos*) + # FIXME: insert proper C++ library support + ld_shlibs_CXX=no + ;; + + sunos4*) + case $cc_basename in + CC*) + # Sun C++ 4.x + # FIXME: insert proper C++ library support + ld_shlibs_CXX=no + ;; + lcc*) + # Lucid + # FIXME: insert proper C++ library support + ld_shlibs_CXX=no + ;; + *) + # FIXME: insert proper C++ library support + ld_shlibs_CXX=no + ;; + esac + ;; + + solaris*) + case $cc_basename in + CC* | sunCC*) + # Sun C++ 4.2, 5.x and Centerline C++ + archive_cmds_need_lc_CXX=yes + no_undefined_flag_CXX=' -zdefs' + archive_cmds_CXX='$CC -G$allow_undefined_flag -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' + archive_expsym_cmds_CXX='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~ + $CC -G$allow_undefined_flag $wl-M $wl$lib.exp -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~$RM $lib.exp' + + hardcode_libdir_flag_spec_CXX='-R$libdir' + hardcode_shlibpath_var_CXX=no + case $host_os in + solaris2.[0-5] | solaris2.[0-5].*) ;; + *) + # The compiler driver will combine and reorder linker options, + # but understands '-z linker_flag'. + # Supported since Solaris 2.6 (maybe 2.5.1?) + whole_archive_flag_spec_CXX='-z allextract$convenience -z defaultextract' + ;; + esac + link_all_deplibs_CXX=yes + + output_verbose_link_cmd='func_echo_all' + + # Archives containing C++ object files must be created using + # "CC -xar", where "CC" is the Sun C++ compiler. This is + # necessary to make sure instantiated templates are included + # in the archive. + old_archive_cmds_CXX='$CC -xar -o $oldlib $oldobjs' + ;; + gcx*) + # Green Hills C++ Compiler + archive_cmds_CXX='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-h $wl$soname -o $lib' + + # The C++ compiler must be used to create the archive. + old_archive_cmds_CXX='$CC $LDFLAGS -archive -o $oldlib $oldobjs' + ;; + *) + # GNU C++ compiler with Solaris linker + if test yes,no = "$GXX,$with_gnu_ld"; then + no_undefined_flag_CXX=' $wl-z ${wl}defs' + if $CC --version | $GREP -v '^2\.7' > /dev/null; then + archive_cmds_CXX='$CC -shared $pic_flag -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-h $wl$soname -o $lib' + archive_expsym_cmds_CXX='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~ + $CC -shared $pic_flag -nostdlib $wl-M $wl$lib.exp $wl-h $wl$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~$RM $lib.exp' + + # Commands to make compiler produce verbose output that lists + # what "hidden" libraries, object files and flags are used when + # linking a shared library. + output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP -v "^Configured with:" | $GREP " \-L"' + else + # g++ 2.7 appears to require '-G' NOT '-shared' on this + # platform. + archive_cmds_CXX='$CC -G -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-h $wl$soname -o $lib' + archive_expsym_cmds_CXX='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~ + $CC -G -nostdlib $wl-M $wl$lib.exp $wl-h $wl$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~$RM $lib.exp' + + # Commands to make compiler produce verbose output that lists + # what "hidden" libraries, object files and flags are used when + # linking a shared library. + output_verbose_link_cmd='$CC -G $CFLAGS -v conftest.$objext 2>&1 | $GREP -v "^Configured with:" | $GREP " \-L"' + fi + + hardcode_libdir_flag_spec_CXX='$wl-R $wl$libdir' + case $host_os in + solaris2.[0-5] | solaris2.[0-5].*) ;; + *) + whole_archive_flag_spec_CXX='$wl-z ${wl}allextract$convenience $wl-z ${wl}defaultextract' + ;; + esac + fi + ;; + esac + ;; + + sysv4*uw2* | sysv5OpenUNIX* | sysv5UnixWare7.[01].[10]* | unixware7* | sco3.2v5.0.[024]*) + no_undefined_flag_CXX='$wl-z,text' + archive_cmds_need_lc_CXX=no + hardcode_shlibpath_var_CXX=no + runpath_var='LD_RUN_PATH' + + case $cc_basename in + CC*) + archive_cmds_CXX='$CC -G $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + archive_expsym_cmds_CXX='$CC -G $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + ;; + *) + archive_cmds_CXX='$CC -shared $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + archive_expsym_cmds_CXX='$CC -shared $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + ;; + esac + ;; + + sysv5* | sco3.2v5* | sco5v6*) + # Note: We CANNOT use -z defs as we might desire, because we do not + # link with -lc, and that would cause any symbols used from libc to + # always be unresolved, which means just about no library would + # ever link correctly. If we're not using GNU ld we use -z text + # though, which does catch some bad symbols but isn't as heavy-handed + # as -z defs. + no_undefined_flag_CXX='$wl-z,text' + allow_undefined_flag_CXX='$wl-z,nodefs' + archive_cmds_need_lc_CXX=no + hardcode_shlibpath_var_CXX=no + hardcode_libdir_flag_spec_CXX='$wl-R,$libdir' + hardcode_libdir_separator_CXX=':' + link_all_deplibs_CXX=yes + export_dynamic_flag_spec_CXX='$wl-Bexport' + runpath_var='LD_RUN_PATH' + + case $cc_basename in + CC*) + archive_cmds_CXX='$CC -G $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + archive_expsym_cmds_CXX='$CC -G $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + old_archive_cmds_CXX='$CC -Tprelink_objects $oldobjs~ + '"$old_archive_cmds_CXX" + reload_cmds_CXX='$CC -Tprelink_objects $reload_objs~ + '"$reload_cmds_CXX" + ;; + *) + archive_cmds_CXX='$CC -shared $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + archive_expsym_cmds_CXX='$CC -shared $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + ;; + esac + ;; + + tandem*) + case $cc_basename in + NCC*) + # NonStop-UX NCC 3.20 + # FIXME: insert proper C++ library support + ld_shlibs_CXX=no + ;; + *) + # FIXME: insert proper C++ library support + ld_shlibs_CXX=no + ;; + esac + ;; + + vxworks*) + # FIXME: insert proper C++ library support + ld_shlibs_CXX=no + ;; + + *) + # FIXME: insert proper C++ library support + ld_shlibs_CXX=no + ;; + esac + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ld_shlibs_CXX" >&5 +$as_echo "$ld_shlibs_CXX" >&6; } + test no = "$ld_shlibs_CXX" && can_build_shared=no + + GCC_CXX=$GXX + LD_CXX=$LD + + ## CAVEAT EMPTOR: + ## There is no encapsulation within the following macros, do not change + ## the running order or otherwise move them around unless you know exactly + ## what you are doing... + # Dependencies to place before and after the object being linked: +predep_objects_CXX= +postdep_objects_CXX= +predeps_CXX= +postdeps_CXX= +compiler_lib_search_path_CXX= + +cat > conftest.$ac_ext <<_LT_EOF +class Foo +{ +public: + Foo (void) { a = 0; } +private: + int a; +}; +_LT_EOF + + +_lt_libdeps_save_CFLAGS=$CFLAGS +case "$CC $CFLAGS " in #( +*\ -flto*\ *) CFLAGS="$CFLAGS -fno-lto" ;; +*\ -fwhopr*\ *) CFLAGS="$CFLAGS -fno-whopr" ;; +*\ -fuse-linker-plugin*\ *) CFLAGS="$CFLAGS -fno-use-linker-plugin" ;; +esac + +if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5 + (eval $ac_compile) 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + # Parse the compiler output and extract the necessary + # objects, libraries and library flags. + + # Sentinel used to keep track of whether or not we are before + # the conftest object file. + pre_test_object_deps_done=no + + for p in `eval "$output_verbose_link_cmd"`; do + case $prev$p in + + -L* | -R* | -l*) + # Some compilers place space between "-{L,R}" and the path. + # Remove the space. + if test x-L = "$p" || + test x-R = "$p"; then + prev=$p + continue + fi + + # Expand the sysroot to ease extracting the directories later. + if test -z "$prev"; then + case $p in + -L*) func_stripname_cnf '-L' '' "$p"; prev=-L; p=$func_stripname_result ;; + -R*) func_stripname_cnf '-R' '' "$p"; prev=-R; p=$func_stripname_result ;; + -l*) func_stripname_cnf '-l' '' "$p"; prev=-l; p=$func_stripname_result ;; + esac + fi + case $p in + =*) func_stripname_cnf '=' '' "$p"; p=$lt_sysroot$func_stripname_result ;; + esac + if test no = "$pre_test_object_deps_done"; then + case $prev in + -L | -R) + # Internal compiler library paths should come after those + # provided the user. The postdeps already come after the + # user supplied libs so there is no need to process them. + if test -z "$compiler_lib_search_path_CXX"; then + compiler_lib_search_path_CXX=$prev$p + else + compiler_lib_search_path_CXX="${compiler_lib_search_path_CXX} $prev$p" + fi + ;; + # The "-l" case would never come before the object being + # linked, so don't bother handling this case. + esac + else + if test -z "$postdeps_CXX"; then + postdeps_CXX=$prev$p + else + postdeps_CXX="${postdeps_CXX} $prev$p" + fi + fi + prev= + ;; + + *.lto.$objext) ;; # Ignore GCC LTO objects + *.$objext) + # This assumes that the test object file only shows up + # once in the compiler output. + if test "$p" = "conftest.$objext"; then + pre_test_object_deps_done=yes + continue + fi + + if test no = "$pre_test_object_deps_done"; then + if test -z "$predep_objects_CXX"; then + predep_objects_CXX=$p + else + predep_objects_CXX="$predep_objects_CXX $p" + fi + else + if test -z "$postdep_objects_CXX"; then + postdep_objects_CXX=$p + else + postdep_objects_CXX="$postdep_objects_CXX $p" + fi + fi + ;; + + *) ;; # Ignore the rest. + + esac + done + + # Clean up. + rm -f a.out a.exe +else + echo "libtool.m4: error: problem compiling CXX test program" +fi + +$RM -f confest.$objext +CFLAGS=$_lt_libdeps_save_CFLAGS + +# PORTME: override above test on systems where it is broken +case $host_os in +interix[3-9]*) + # Interix 3.5 installs completely hosed .la files for C++, so rather than + # hack all around it, let's just trust "g++" to DTRT. + predep_objects_CXX= + postdep_objects_CXX= + postdeps_CXX= + ;; +esac + + +case " $postdeps_CXX " in +*" -lc "*) archive_cmds_need_lc_CXX=no ;; +esac + compiler_lib_search_dirs_CXX= +if test -n "${compiler_lib_search_path_CXX}"; then + compiler_lib_search_dirs_CXX=`echo " ${compiler_lib_search_path_CXX}" | $SED -e 's! -L! !g' -e 's!^ !!'` +fi + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + lt_prog_compiler_wl_CXX= +lt_prog_compiler_pic_CXX= +lt_prog_compiler_static_CXX= + + + # C++ specific cases for pic, static, wl, etc. + if test yes = "$GXX"; then + lt_prog_compiler_wl_CXX='-Wl,' + lt_prog_compiler_static_CXX='-static' + + case $host_os in + aix*) + # All AIX code is PIC. + if test ia64 = "$host_cpu"; then + # AIX 5 now supports IA64 processor + lt_prog_compiler_static_CXX='-Bstatic' + fi + lt_prog_compiler_pic_CXX='-fPIC' + ;; + + amigaos*) + case $host_cpu in + powerpc) + # see comment about AmigaOS4 .so support + lt_prog_compiler_pic_CXX='-fPIC' + ;; + m68k) + # FIXME: we need at least 68020 code to build shared libraries, but + # adding the '-m68020' flag to GCC prevents building anything better, + # like '-m68040'. + lt_prog_compiler_pic_CXX='-m68020 -resident32 -malways-restore-a4' + ;; + esac + ;; + + beos* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*) + # PIC is the default for these OSes. + ;; + mingw* | cygwin* | os2* | pw32* | cegcc*) + # This hack is so that the source file can tell whether it is being + # built for inclusion in a dll (and should export symbols for example). + # Although the cygwin gcc ignores -fPIC, still need this for old-style + # (--disable-auto-import) libraries + lt_prog_compiler_pic_CXX='-DDLL_EXPORT' + case $host_os in + os2*) + lt_prog_compiler_static_CXX='$wl-static' + ;; + esac + ;; + darwin* | rhapsody*) + # PIC is the default on this platform + # Common symbols not allowed in MH_DYLIB files + lt_prog_compiler_pic_CXX='-fno-common' + ;; + *djgpp*) + # DJGPP does not support shared libraries at all + lt_prog_compiler_pic_CXX= + ;; + haiku*) + # PIC is the default for Haiku. + # The "-static" flag exists, but is broken. + lt_prog_compiler_static_CXX= + ;; + interix[3-9]*) + # Interix 3.x gcc -fpic/-fPIC options generate broken code. + # Instead, we relocate shared libraries at runtime. + ;; + sysv4*MP*) + if test -d /usr/nec; then + lt_prog_compiler_pic_CXX=-Kconform_pic + fi + ;; + hpux*) + # PIC is the default for 64-bit PA HP-UX, but not for 32-bit + # PA HP-UX. On IA64 HP-UX, PIC is the default but the pic flag + # sets the default TLS model and affects inlining. + case $host_cpu in + hppa*64*) + ;; + *) + lt_prog_compiler_pic_CXX='-fPIC' + ;; + esac + ;; + *qnx* | *nto*) + # QNX uses GNU C++, but need to define -shared option too, otherwise + # it will coredump. + lt_prog_compiler_pic_CXX='-fPIC -shared' + ;; + *) + lt_prog_compiler_pic_CXX='-fPIC' + ;; + esac + else + case $host_os in + aix[4-9]*) + # All AIX code is PIC. + if test ia64 = "$host_cpu"; then + # AIX 5 now supports IA64 processor + lt_prog_compiler_static_CXX='-Bstatic' + else + lt_prog_compiler_static_CXX='-bnso -bI:/lib/syscalls.exp' + fi + ;; + chorus*) + case $cc_basename in + cxch68*) + # Green Hills C++ Compiler + # _LT_TAGVAR(lt_prog_compiler_static, CXX)="--no_auto_instantiation -u __main -u __premain -u _abort -r $COOL_DIR/lib/libOrb.a $MVME_DIR/lib/CC/libC.a $MVME_DIR/lib/classix/libcx.s.a" + ;; + esac + ;; + mingw* | cygwin* | os2* | pw32* | cegcc*) + # This hack is so that the source file can tell whether it is being + # built for inclusion in a dll (and should export symbols for example). + lt_prog_compiler_pic_CXX='-DDLL_EXPORT' + ;; + dgux*) + case $cc_basename in + ec++*) + lt_prog_compiler_pic_CXX='-KPIC' + ;; + ghcx*) + # Green Hills C++ Compiler + lt_prog_compiler_pic_CXX='-pic' + ;; + *) + ;; + esac + ;; + freebsd* | dragonfly*) + # FreeBSD uses GNU C++ + ;; + hpux9* | hpux10* | hpux11*) + case $cc_basename in + CC*) + lt_prog_compiler_wl_CXX='-Wl,' + lt_prog_compiler_static_CXX='$wl-a ${wl}archive' + if test ia64 != "$host_cpu"; then + lt_prog_compiler_pic_CXX='+Z' + fi + ;; + aCC*) + lt_prog_compiler_wl_CXX='-Wl,' + lt_prog_compiler_static_CXX='$wl-a ${wl}archive' + case $host_cpu in + hppa*64*|ia64*) + # +Z the default + ;; + *) + lt_prog_compiler_pic_CXX='+Z' + ;; + esac + ;; + *) + ;; + esac + ;; + interix*) + # This is c89, which is MS Visual C++ (no shared libs) + # Anyone wants to do a port? + ;; + irix5* | irix6* | nonstopux*) + case $cc_basename in + CC*) + lt_prog_compiler_wl_CXX='-Wl,' + lt_prog_compiler_static_CXX='-non_shared' + # CC pic flag -KPIC is the default. + ;; + *) + ;; + esac + ;; + linux* | k*bsd*-gnu | kopensolaris*-gnu | gnu*) + case $cc_basename in + KCC*) + # KAI C++ Compiler + lt_prog_compiler_wl_CXX='--backend -Wl,' + lt_prog_compiler_pic_CXX='-fPIC' + ;; + ecpc* ) + # old Intel C++ for x86_64, which still supported -KPIC. + lt_prog_compiler_wl_CXX='-Wl,' + lt_prog_compiler_pic_CXX='-KPIC' + lt_prog_compiler_static_CXX='-static' + ;; + icpc* ) + # Intel C++, used to be incompatible with GCC. + # ICC 10 doesn't accept -KPIC any more. + lt_prog_compiler_wl_CXX='-Wl,' + lt_prog_compiler_pic_CXX='-fPIC' + lt_prog_compiler_static_CXX='-static' + ;; + pgCC* | pgcpp*) + # Portland Group C++ compiler + lt_prog_compiler_wl_CXX='-Wl,' + lt_prog_compiler_pic_CXX='-fpic' + lt_prog_compiler_static_CXX='-Bstatic' + ;; + cxx*) + # Compaq C++ + # Make sure the PIC flag is empty. It appears that all Alpha + # Linux and Compaq Tru64 Unix objects are PIC. + lt_prog_compiler_pic_CXX= + lt_prog_compiler_static_CXX='-non_shared' + ;; + xlc* | xlC* | bgxl[cC]* | mpixl[cC]*) + # IBM XL 8.0, 9.0 on PPC and BlueGene + lt_prog_compiler_wl_CXX='-Wl,' + lt_prog_compiler_pic_CXX='-qpic' + lt_prog_compiler_static_CXX='-qstaticlink' + ;; + *) + case `$CC -V 2>&1 | sed 5q` in + *Sun\ C*) + # Sun C++ 5.9 + lt_prog_compiler_pic_CXX='-KPIC' + lt_prog_compiler_static_CXX='-Bstatic' + lt_prog_compiler_wl_CXX='-Qoption ld ' + ;; + esac + ;; + esac + ;; + lynxos*) + ;; + m88k*) + ;; + mvs*) + case $cc_basename in + cxx*) + lt_prog_compiler_pic_CXX='-W c,exportall' + ;; + *) + ;; + esac + ;; + netbsd* | netbsdelf*-gnu) + ;; + *qnx* | *nto*) + # QNX uses GNU C++, but need to define -shared option too, otherwise + # it will coredump. + lt_prog_compiler_pic_CXX='-fPIC -shared' + ;; + osf3* | osf4* | osf5*) + case $cc_basename in + KCC*) + lt_prog_compiler_wl_CXX='--backend -Wl,' + ;; + RCC*) + # Rational C++ 2.4.1 + lt_prog_compiler_pic_CXX='-pic' + ;; + cxx*) + # Digital/Compaq C++ + lt_prog_compiler_wl_CXX='-Wl,' + # Make sure the PIC flag is empty. It appears that all Alpha + # Linux and Compaq Tru64 Unix objects are PIC. + lt_prog_compiler_pic_CXX= + lt_prog_compiler_static_CXX='-non_shared' + ;; + *) + ;; + esac + ;; + psos*) + ;; + solaris*) + case $cc_basename in + CC* | sunCC*) + # Sun C++ 4.2, 5.x and Centerline C++ + lt_prog_compiler_pic_CXX='-KPIC' + lt_prog_compiler_static_CXX='-Bstatic' + lt_prog_compiler_wl_CXX='-Qoption ld ' + ;; + gcx*) + # Green Hills C++ Compiler + lt_prog_compiler_pic_CXX='-PIC' + ;; + *) + ;; + esac + ;; + sunos4*) + case $cc_basename in + CC*) + # Sun C++ 4.x + lt_prog_compiler_pic_CXX='-pic' + lt_prog_compiler_static_CXX='-Bstatic' + ;; + lcc*) + # Lucid + lt_prog_compiler_pic_CXX='-pic' + ;; + *) + ;; + esac + ;; + sysv5* | unixware* | sco3.2v5* | sco5v6* | OpenUNIX*) + case $cc_basename in + CC*) + lt_prog_compiler_wl_CXX='-Wl,' + lt_prog_compiler_pic_CXX='-KPIC' + lt_prog_compiler_static_CXX='-Bstatic' + ;; + esac + ;; + tandem*) + case $cc_basename in + NCC*) + # NonStop-UX NCC 3.20 + lt_prog_compiler_pic_CXX='-KPIC' + ;; + *) + ;; + esac + ;; + vxworks*) + ;; + *) + lt_prog_compiler_can_build_shared_CXX=no + ;; + esac + fi + +case $host_os in + # For platforms that do not support PIC, -DPIC is meaningless: + *djgpp*) + lt_prog_compiler_pic_CXX= + ;; + *) + lt_prog_compiler_pic_CXX="$lt_prog_compiler_pic_CXX -DPIC" + ;; +esac + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $compiler option to produce PIC" >&5 +$as_echo_n "checking for $compiler option to produce PIC... " >&6; } +if ${lt_cv_prog_compiler_pic_CXX+:} false; then : + $as_echo_n "(cached) " >&6 +else + lt_cv_prog_compiler_pic_CXX=$lt_prog_compiler_pic_CXX +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_pic_CXX" >&5 +$as_echo "$lt_cv_prog_compiler_pic_CXX" >&6; } +lt_prog_compiler_pic_CXX=$lt_cv_prog_compiler_pic_CXX + +# +# Check to make sure the PIC flag actually works. +# +if test -n "$lt_prog_compiler_pic_CXX"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $compiler PIC flag $lt_prog_compiler_pic_CXX works" >&5 +$as_echo_n "checking if $compiler PIC flag $lt_prog_compiler_pic_CXX works... " >&6; } +if ${lt_cv_prog_compiler_pic_works_CXX+:} false; then : + $as_echo_n "(cached) " >&6 +else + lt_cv_prog_compiler_pic_works_CXX=no + ac_outfile=conftest.$ac_objext + echo "$lt_simple_compile_test_code" > conftest.$ac_ext + lt_compiler_flag="$lt_prog_compiler_pic_CXX -DPIC" ## exclude from sc_useless_quotes_in_assignment + # Insert the option either (1) after the last *FLAGS variable, or + # (2) before a word containing "conftest.", or (3) at the end. + # Note that $ac_compile itself does not contain backslashes and begins + # with a dollar sign (not a hyphen), so the echo should work correctly. + # The option is referenced via a variable to avoid confusing sed. + lt_compile=`echo "$ac_compile" | $SED \ + -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ + -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ + -e 's:$: $lt_compiler_flag:'` + (eval echo "\"\$as_me:$LINENO: $lt_compile\"" >&5) + (eval "$lt_compile" 2>conftest.err) + ac_status=$? + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + if (exit $ac_status) && test -s "$ac_outfile"; then + # The compiler can only warn and ignore the option if not recognized + # So say no if there are warnings other than the usual output. + $ECHO "$_lt_compiler_boilerplate" | $SED '/^$/d' >conftest.exp + $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2 + if test ! -s conftest.er2 || diff conftest.exp conftest.er2 >/dev/null; then + lt_cv_prog_compiler_pic_works_CXX=yes + fi + fi + $RM conftest* + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_pic_works_CXX" >&5 +$as_echo "$lt_cv_prog_compiler_pic_works_CXX" >&6; } + +if test yes = "$lt_cv_prog_compiler_pic_works_CXX"; then + case $lt_prog_compiler_pic_CXX in + "" | " "*) ;; + *) lt_prog_compiler_pic_CXX=" $lt_prog_compiler_pic_CXX" ;; + esac +else + lt_prog_compiler_pic_CXX= + lt_prog_compiler_can_build_shared_CXX=no +fi + +fi + + + + + +# +# Check to make sure the static flag actually works. +# +wl=$lt_prog_compiler_wl_CXX eval lt_tmp_static_flag=\"$lt_prog_compiler_static_CXX\" +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if $compiler static flag $lt_tmp_static_flag works" >&5 +$as_echo_n "checking if $compiler static flag $lt_tmp_static_flag works... " >&6; } +if ${lt_cv_prog_compiler_static_works_CXX+:} false; then : + $as_echo_n "(cached) " >&6 +else + lt_cv_prog_compiler_static_works_CXX=no + save_LDFLAGS=$LDFLAGS + LDFLAGS="$LDFLAGS $lt_tmp_static_flag" + echo "$lt_simple_link_test_code" > conftest.$ac_ext + if (eval $ac_link 2>conftest.err) && test -s conftest$ac_exeext; then + # The linker can only warn and ignore the option if not recognized + # So say no if there are warnings + if test -s conftest.err; then + # Append any errors to the config.log. + cat conftest.err 1>&5 + $ECHO "$_lt_linker_boilerplate" | $SED '/^$/d' > conftest.exp + $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2 + if diff conftest.exp conftest.er2 >/dev/null; then + lt_cv_prog_compiler_static_works_CXX=yes + fi + else + lt_cv_prog_compiler_static_works_CXX=yes + fi + fi + $RM -r conftest* + LDFLAGS=$save_LDFLAGS + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_static_works_CXX" >&5 +$as_echo "$lt_cv_prog_compiler_static_works_CXX" >&6; } + +if test yes = "$lt_cv_prog_compiler_static_works_CXX"; then + : +else + lt_prog_compiler_static_CXX= +fi + + + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $compiler supports -c -o file.$ac_objext" >&5 +$as_echo_n "checking if $compiler supports -c -o file.$ac_objext... " >&6; } +if ${lt_cv_prog_compiler_c_o_CXX+:} false; then : + $as_echo_n "(cached) " >&6 +else + lt_cv_prog_compiler_c_o_CXX=no + $RM -r conftest 2>/dev/null + mkdir conftest + cd conftest + mkdir out + echo "$lt_simple_compile_test_code" > conftest.$ac_ext + + lt_compiler_flag="-o out/conftest2.$ac_objext" + # Insert the option either (1) after the last *FLAGS variable, or + # (2) before a word containing "conftest.", or (3) at the end. + # Note that $ac_compile itself does not contain backslashes and begins + # with a dollar sign (not a hyphen), so the echo should work correctly. + lt_compile=`echo "$ac_compile" | $SED \ + -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ + -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ + -e 's:$: $lt_compiler_flag:'` + (eval echo "\"\$as_me:$LINENO: $lt_compile\"" >&5) + (eval "$lt_compile" 2>out/conftest.err) + ac_status=$? + cat out/conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + if (exit $ac_status) && test -s out/conftest2.$ac_objext + then + # The compiler can only warn and ignore the option if not recognized + # So say no if there are warnings + $ECHO "$_lt_compiler_boilerplate" | $SED '/^$/d' > out/conftest.exp + $SED '/^$/d; /^ *+/d' out/conftest.err >out/conftest.er2 + if test ! -s out/conftest.er2 || diff out/conftest.exp out/conftest.er2 >/dev/null; then + lt_cv_prog_compiler_c_o_CXX=yes + fi + fi + chmod u+w . 2>&5 + $RM conftest* + # SGI C++ compiler will create directory out/ii_files/ for + # template instantiation + test -d out/ii_files && $RM out/ii_files/* && rmdir out/ii_files + $RM out/* && rmdir out + cd .. + $RM -r conftest + $RM conftest* + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_c_o_CXX" >&5 +$as_echo "$lt_cv_prog_compiler_c_o_CXX" >&6; } + + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $compiler supports -c -o file.$ac_objext" >&5 +$as_echo_n "checking if $compiler supports -c -o file.$ac_objext... " >&6; } +if ${lt_cv_prog_compiler_c_o_CXX+:} false; then : + $as_echo_n "(cached) " >&6 +else + lt_cv_prog_compiler_c_o_CXX=no + $RM -r conftest 2>/dev/null + mkdir conftest + cd conftest + mkdir out + echo "$lt_simple_compile_test_code" > conftest.$ac_ext + + lt_compiler_flag="-o out/conftest2.$ac_objext" + # Insert the option either (1) after the last *FLAGS variable, or + # (2) before a word containing "conftest.", or (3) at the end. + # Note that $ac_compile itself does not contain backslashes and begins + # with a dollar sign (not a hyphen), so the echo should work correctly. + lt_compile=`echo "$ac_compile" | $SED \ + -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ + -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ + -e 's:$: $lt_compiler_flag:'` + (eval echo "\"\$as_me:$LINENO: $lt_compile\"" >&5) + (eval "$lt_compile" 2>out/conftest.err) + ac_status=$? + cat out/conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + if (exit $ac_status) && test -s out/conftest2.$ac_objext + then + # The compiler can only warn and ignore the option if not recognized + # So say no if there are warnings + $ECHO "$_lt_compiler_boilerplate" | $SED '/^$/d' > out/conftest.exp + $SED '/^$/d; /^ *+/d' out/conftest.err >out/conftest.er2 + if test ! -s out/conftest.er2 || diff out/conftest.exp out/conftest.er2 >/dev/null; then + lt_cv_prog_compiler_c_o_CXX=yes + fi + fi + chmod u+w . 2>&5 + $RM conftest* + # SGI C++ compiler will create directory out/ii_files/ for + # template instantiation + test -d out/ii_files && $RM out/ii_files/* && rmdir out/ii_files + $RM out/* && rmdir out + cd .. + $RM -r conftest + $RM conftest* + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_c_o_CXX" >&5 +$as_echo "$lt_cv_prog_compiler_c_o_CXX" >&6; } + + + + +hard_links=nottested +if test no = "$lt_cv_prog_compiler_c_o_CXX" && test no != "$need_locks"; then + # do not overwrite the value of need_locks provided by the user + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if we can lock with hard links" >&5 +$as_echo_n "checking if we can lock with hard links... " >&6; } + hard_links=yes + $RM conftest* + ln conftest.a conftest.b 2>/dev/null && hard_links=no + touch conftest.a + ln conftest.a conftest.b 2>&5 || hard_links=no + ln conftest.a conftest.b 2>/dev/null && hard_links=no + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $hard_links" >&5 +$as_echo "$hard_links" >&6; } + if test no = "$hard_links"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: '$CC' does not support '-c -o', so 'make -j' may be unsafe" >&5 +$as_echo "$as_me: WARNING: '$CC' does not support '-c -o', so 'make -j' may be unsafe" >&2;} + need_locks=warn + fi +else + need_locks=no +fi + + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the $compiler linker ($LD) supports shared libraries" >&5 +$as_echo_n "checking whether the $compiler linker ($LD) supports shared libraries... " >&6; } + + export_symbols_cmds_CXX='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols' + exclude_expsyms_CXX='_GLOBAL_OFFSET_TABLE_|_GLOBAL__F[ID]_.*' + case $host_os in + aix[4-9]*) + # If we're using GNU nm, then we don't want the "-C" option. + # -C means demangle to GNU nm, but means don't demangle to AIX nm. + # Without the "-l" option, or with the "-B" option, AIX nm treats + # weak defined symbols like other global defined symbols, whereas + # GNU nm marks them as "W". + # While the 'weak' keyword is ignored in the Export File, we need + # it in the Import File for the 'aix-soname' feature, so we have + # to replace the "-B" option with "-P" for AIX nm. + if $NM -V 2>&1 | $GREP 'GNU' > /dev/null; then + export_symbols_cmds_CXX='$NM -Bpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "W")) && (substr(\$ 3,1,1) != ".")) { if (\$ 2 == "W") { print \$ 3 " weak" } else { print \$ 3 } } }'\'' | sort -u > $export_symbols' + else + export_symbols_cmds_CXX='`func_echo_all $NM | $SED -e '\''s/B\([^B]*\)$/P\1/'\''` -PCpgl $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "W") || (\$ 2 == "V") || (\$ 2 == "Z")) && (substr(\$ 1,1,1) != ".")) { if ((\$ 2 == "W") || (\$ 2 == "V") || (\$ 2 == "Z")) { print \$ 1 " weak" } else { print \$ 1 } } }'\'' | sort -u > $export_symbols' + fi + ;; + pw32*) + export_symbols_cmds_CXX=$ltdll_cmds + ;; + cygwin* | mingw* | cegcc*) + case $cc_basename in + cl*) + exclude_expsyms_CXX='_NULL_IMPORT_DESCRIPTOR|_IMPORT_DESCRIPTOR_.*' + ;; + *) + export_symbols_cmds_CXX='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[BCDGRS][ ]/s/.*[ ]\([^ ]*\)/\1 DATA/;s/^.*[ ]__nm__\([^ ]*\)[ ][^ ]*/\1 DATA/;/^I[ ]/d;/^[AITW][ ]/s/.* //'\'' | sort | uniq > $export_symbols' + exclude_expsyms_CXX='[_]+GLOBAL_OFFSET_TABLE_|[_]+GLOBAL__[FID]_.*|[_]+head_[A-Za-z0-9_]+_dll|[A-Za-z0-9_]+_dll_iname' + ;; + esac + ;; + linux* | k*bsd*-gnu | gnu*) + link_all_deplibs_CXX=no + ;; + *) + export_symbols_cmds_CXX='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols' + ;; + esac + +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ld_shlibs_CXX" >&5 +$as_echo "$ld_shlibs_CXX" >&6; } +test no = "$ld_shlibs_CXX" && can_build_shared=no + +with_gnu_ld_CXX=$with_gnu_ld + + + + + + +# +# Do we need to explicitly link libc? +# +case "x$archive_cmds_need_lc_CXX" in +x|xyes) + # Assume -lc should be added + archive_cmds_need_lc_CXX=yes + + if test yes,yes = "$GCC,$enable_shared"; then + case $archive_cmds_CXX in + *'~'*) + # FIXME: we may have to deal with multi-command sequences. + ;; + '$CC '*) + # Test whether the compiler implicitly links with -lc since on some + # systems, -lgcc has to come before -lc. If gcc already passes -lc + # to ld, don't add -lc before -lgcc. + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether -lc should be explicitly linked in" >&5 +$as_echo_n "checking whether -lc should be explicitly linked in... " >&6; } +if ${lt_cv_archive_cmds_need_lc_CXX+:} false; then : + $as_echo_n "(cached) " >&6 +else + $RM conftest* + echo "$lt_simple_compile_test_code" > conftest.$ac_ext + + if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5 + (eval $ac_compile) 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } 2>conftest.err; then + soname=conftest + lib=conftest + libobjs=conftest.$ac_objext + deplibs= + wl=$lt_prog_compiler_wl_CXX + pic_flag=$lt_prog_compiler_pic_CXX + compiler_flags=-v + linker_flags=-v + verstring= + output_objdir=. + libname=conftest + lt_save_allow_undefined_flag=$allow_undefined_flag_CXX + allow_undefined_flag_CXX= + if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$archive_cmds_CXX 2\>\&1 \| $GREP \" -lc \" \>/dev/null 2\>\&1\""; } >&5 + (eval $archive_cmds_CXX 2\>\&1 \| $GREP \" -lc \" \>/dev/null 2\>\&1) 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } + then + lt_cv_archive_cmds_need_lc_CXX=no + else + lt_cv_archive_cmds_need_lc_CXX=yes + fi + allow_undefined_flag_CXX=$lt_save_allow_undefined_flag + else + cat conftest.err 1>&5 + fi + $RM conftest* + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_archive_cmds_need_lc_CXX" >&5 +$as_echo "$lt_cv_archive_cmds_need_lc_CXX" >&6; } + archive_cmds_need_lc_CXX=$lt_cv_archive_cmds_need_lc_CXX + ;; + esac + fi + ;; +esac + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking dynamic linker characteristics" >&5 +$as_echo_n "checking dynamic linker characteristics... " >&6; } + +library_names_spec= +libname_spec='lib$name' +soname_spec= +shrext_cmds=.so +postinstall_cmds= +postuninstall_cmds= +finish_cmds= +finish_eval= +shlibpath_var= +shlibpath_overrides_runpath=unknown +version_type=none +dynamic_linker="$host_os ld.so" +sys_lib_dlsearch_path_spec="/lib /usr/lib" +need_lib_prefix=unknown +hardcode_into_libs=no + +# when you set need_version to no, make sure it does not cause -set_version +# flags to be left without arguments +need_version=unknown + + + +case $host_os in +aix3*) + version_type=linux # correct to gnu/linux during the next big refactor + library_names_spec='$libname$release$shared_ext$versuffix $libname.a' + shlibpath_var=LIBPATH + + # AIX 3 has no versioning support, so we append a major version to the name. + soname_spec='$libname$release$shared_ext$major' + ;; + +aix[4-9]*) + version_type=linux # correct to gnu/linux during the next big refactor + need_lib_prefix=no + need_version=no + hardcode_into_libs=yes + if test ia64 = "$host_cpu"; then + # AIX 5 supports IA64 + library_names_spec='$libname$release$shared_ext$major $libname$release$shared_ext$versuffix $libname$shared_ext' + shlibpath_var=LD_LIBRARY_PATH + else + # With GCC up to 2.95.x, collect2 would create an import file + # for dependence libraries. The import file would start with + # the line '#! .'. This would cause the generated library to + # depend on '.', always an invalid library. This was fixed in + # development snapshots of GCC prior to 3.0. + case $host_os in + aix4 | aix4.[01] | aix4.[01].*) + if { echo '#if __GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 97)' + echo ' yes ' + echo '#endif'; } | $CC -E - | $GREP yes > /dev/null; then + : + else + can_build_shared=no + fi + ;; + esac + # Using Import Files as archive members, it is possible to support + # filename-based versioning of shared library archives on AIX. While + # this would work for both with and without runtime linking, it will + # prevent static linking of such archives. So we do filename-based + # shared library versioning with .so extension only, which is used + # when both runtime linking and shared linking is enabled. + # Unfortunately, runtime linking may impact performance, so we do + # not want this to be the default eventually. Also, we use the + # versioned .so libs for executables only if there is the -brtl + # linker flag in LDFLAGS as well, or --with-aix-soname=svr4 only. + # To allow for filename-based versioning support, we need to create + # libNAME.so.V as an archive file, containing: + # *) an Import File, referring to the versioned filename of the + # archive as well as the shared archive member, telling the + # bitwidth (32 or 64) of that shared object, and providing the + # list of exported symbols of that shared object, eventually + # decorated with the 'weak' keyword + # *) the shared object with the F_LOADONLY flag set, to really avoid + # it being seen by the linker. + # At run time we better use the real file rather than another symlink, + # but for link time we create the symlink libNAME.so -> libNAME.so.V + + case $with_aix_soname,$aix_use_runtimelinking in + # AIX (on Power*) has no versioning support, so currently we cannot hardcode correct + # soname into executable. Probably we can add versioning support to + # collect2, so additional links can be useful in future. + aix,yes) # traditional libtool + dynamic_linker='AIX unversionable lib.so' + # If using run time linking (on AIX 4.2 or later) use lib.so + # instead of lib.a to let people know that these are not + # typical AIX shared libraries. + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + ;; + aix,no) # traditional AIX only + dynamic_linker='AIX lib.a(lib.so.V)' + # We preserve .a as extension for shared libraries through AIX4.2 + # and later when we are not doing run time linking. + library_names_spec='$libname$release.a $libname.a' + soname_spec='$libname$release$shared_ext$major' + ;; + svr4,*) # full svr4 only + dynamic_linker="AIX lib.so.V($shared_archive_member_spec.o)" + library_names_spec='$libname$release$shared_ext$major $libname$shared_ext' + # We do not specify a path in Import Files, so LIBPATH fires. + shlibpath_overrides_runpath=yes + ;; + *,yes) # both, prefer svr4 + dynamic_linker="AIX lib.so.V($shared_archive_member_spec.o), lib.a(lib.so.V)" + library_names_spec='$libname$release$shared_ext$major $libname$shared_ext' + # unpreferred sharedlib libNAME.a needs extra handling + postinstall_cmds='test -n "$linkname" || linkname="$realname"~func_stripname "" ".so" "$linkname"~$install_shared_prog "$dir/$func_stripname_result.$libext" "$destdir/$func_stripname_result.$libext"~test -z "$tstripme" || test -z "$striplib" || $striplib "$destdir/$func_stripname_result.$libext"' + postuninstall_cmds='for n in $library_names $old_library; do :; done~func_stripname "" ".so" "$n"~test "$func_stripname_result" = "$n" || func_append rmfiles " $odir/$func_stripname_result.$libext"' + # We do not specify a path in Import Files, so LIBPATH fires. + shlibpath_overrides_runpath=yes + ;; + *,no) # both, prefer aix + dynamic_linker="AIX lib.a(lib.so.V), lib.so.V($shared_archive_member_spec.o)" + library_names_spec='$libname$release.a $libname.a' + soname_spec='$libname$release$shared_ext$major' + # unpreferred sharedlib libNAME.so.V and symlink libNAME.so need extra handling + postinstall_cmds='test -z "$dlname" || $install_shared_prog $dir/$dlname $destdir/$dlname~test -z "$tstripme" || test -z "$striplib" || $striplib $destdir/$dlname~test -n "$linkname" || linkname=$realname~func_stripname "" ".a" "$linkname"~(cd "$destdir" && $LN_S -f $dlname $func_stripname_result.so)' + postuninstall_cmds='test -z "$dlname" || func_append rmfiles " $odir/$dlname"~for n in $old_library $library_names; do :; done~func_stripname "" ".a" "$n"~func_append rmfiles " $odir/$func_stripname_result.so"' + ;; + esac + shlibpath_var=LIBPATH + fi + ;; + +amigaos*) + case $host_cpu in + powerpc) + # Since July 2007 AmigaOS4 officially supports .so libraries. + # When compiling the executable, add -use-dynld -Lsobjs: to the compileline. + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + ;; + m68k) + library_names_spec='$libname.ixlibrary $libname.a' + # Create ${libname}_ixlibrary.a entries in /sys/libs. + finish_eval='for lib in `ls $libdir/*.ixlibrary 2>/dev/null`; do libname=`func_echo_all "$lib" | $SED '\''s%^.*/\([^/]*\)\.ixlibrary$%\1%'\''`; $RM /sys/libs/${libname}_ixlibrary.a; $show "cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a"; cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a || exit 1; done' + ;; + esac + ;; + +beos*) + library_names_spec='$libname$shared_ext' + dynamic_linker="$host_os ld.so" + shlibpath_var=LIBRARY_PATH + ;; + +bsdi[45]*) + version_type=linux # correct to gnu/linux during the next big refactor + need_version=no + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + soname_spec='$libname$release$shared_ext$major' + finish_cmds='PATH="\$PATH:/sbin" ldconfig $libdir' + shlibpath_var=LD_LIBRARY_PATH + sys_lib_search_path_spec="/shlib /usr/lib /usr/X11/lib /usr/contrib/lib /lib /usr/local/lib" + sys_lib_dlsearch_path_spec="/shlib /usr/lib /usr/local/lib" + # the default ld.so.conf also contains /usr/contrib/lib and + # /usr/X11R6/lib (/usr/X11 is a link to /usr/X11R6), but let us allow + # libtool to hard-code these into programs + ;; + +cygwin* | mingw* | pw32* | cegcc*) + version_type=windows + shrext_cmds=.dll + need_version=no + need_lib_prefix=no + + case $GCC,$cc_basename in + yes,*) + # gcc + library_names_spec='$libname.dll.a' + # DLL is installed to $(libdir)/../bin by postinstall_cmds + postinstall_cmds='base_file=`basename \$file`~ + dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\$base_file'\''i; echo \$dlname'\''`~ + dldir=$destdir/`dirname \$dlpath`~ + test -d \$dldir || mkdir -p \$dldir~ + $install_prog $dir/$dlname \$dldir/$dlname~ + chmod a+x \$dldir/$dlname~ + if test -n '\''$stripme'\'' && test -n '\''$striplib'\''; then + eval '\''$striplib \$dldir/$dlname'\'' || exit \$?; + fi' + postuninstall_cmds='dldll=`$SHELL 2>&1 -c '\''. $file; echo \$dlname'\''`~ + dlpath=$dir/\$dldll~ + $RM \$dlpath' + shlibpath_overrides_runpath=yes + + case $host_os in + cygwin*) + # Cygwin DLLs use 'cyg' prefix rather than 'lib' + soname_spec='`echo $libname | sed -e 's/^lib/cyg/'``echo $release | $SED -e 's/[.]/-/g'`$versuffix$shared_ext' + + ;; + mingw* | cegcc*) + # MinGW DLLs use traditional 'lib' prefix + soname_spec='$libname`echo $release | $SED -e 's/[.]/-/g'`$versuffix$shared_ext' + ;; + pw32*) + # pw32 DLLs use 'pw' prefix rather than 'lib' + library_names_spec='`echo $libname | sed -e 's/^lib/pw/'``echo $release | $SED -e 's/[.]/-/g'`$versuffix$shared_ext' + ;; + esac + dynamic_linker='Win32 ld.exe' + ;; + + *,cl*) + # Native MSVC + libname_spec='$name' + soname_spec='$libname`echo $release | $SED -e 's/[.]/-/g'`$versuffix$shared_ext' + library_names_spec='$libname.dll.lib' + + case $build_os in + mingw*) + sys_lib_search_path_spec= + lt_save_ifs=$IFS + IFS=';' + for lt_path in $LIB + do + IFS=$lt_save_ifs + # Let DOS variable expansion print the short 8.3 style file name. + lt_path=`cd "$lt_path" 2>/dev/null && cmd //C "for %i in (".") do @echo %~si"` + sys_lib_search_path_spec="$sys_lib_search_path_spec $lt_path" + done + IFS=$lt_save_ifs + # Convert to MSYS style. + sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | sed -e 's|\\\\|/|g' -e 's| \\([a-zA-Z]\\):| /\\1|g' -e 's|^ ||'` + ;; + cygwin*) + # Convert to unix form, then to dos form, then back to unix form + # but this time dos style (no spaces!) so that the unix form looks + # like /cygdrive/c/PROGRA~1:/cygdr... + sys_lib_search_path_spec=`cygpath --path --unix "$LIB"` + sys_lib_search_path_spec=`cygpath --path --dos "$sys_lib_search_path_spec" 2>/dev/null` + sys_lib_search_path_spec=`cygpath --path --unix "$sys_lib_search_path_spec" | $SED -e "s/$PATH_SEPARATOR/ /g"` + ;; + *) + sys_lib_search_path_spec=$LIB + if $ECHO "$sys_lib_search_path_spec" | $GREP ';[c-zC-Z]:/' >/dev/null; then + # It is most probably a Windows format PATH. + sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | $SED -e 's/;/ /g'` + else + sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | $SED -e "s/$PATH_SEPARATOR/ /g"` + fi + # FIXME: find the short name or the path components, as spaces are + # common. (e.g. "Program Files" -> "PROGRA~1") + ;; + esac + + # DLL is installed to $(libdir)/../bin by postinstall_cmds + postinstall_cmds='base_file=`basename \$file`~ + dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\$base_file'\''i; echo \$dlname'\''`~ + dldir=$destdir/`dirname \$dlpath`~ + test -d \$dldir || mkdir -p \$dldir~ + $install_prog $dir/$dlname \$dldir/$dlname' + postuninstall_cmds='dldll=`$SHELL 2>&1 -c '\''. $file; echo \$dlname'\''`~ + dlpath=$dir/\$dldll~ + $RM \$dlpath' + shlibpath_overrides_runpath=yes + dynamic_linker='Win32 link.exe' + ;; + + *) + # Assume MSVC wrapper + library_names_spec='$libname`echo $release | $SED -e 's/[.]/-/g'`$versuffix$shared_ext $libname.lib' + dynamic_linker='Win32 ld.exe' + ;; + esac + # FIXME: first we should search . and the directory the executable is in + shlibpath_var=PATH + ;; + +darwin* | rhapsody*) + dynamic_linker="$host_os dyld" + version_type=darwin + need_lib_prefix=no + need_version=no + library_names_spec='$libname$release$major$shared_ext $libname$shared_ext' + soname_spec='$libname$release$major$shared_ext' + shlibpath_overrides_runpath=yes + shlibpath_var=DYLD_LIBRARY_PATH + shrext_cmds='`test .$module = .yes && echo .so || echo .dylib`' + + sys_lib_dlsearch_path_spec='/usr/local/lib /lib /usr/lib' + ;; + +dgux*) + version_type=linux # correct to gnu/linux during the next big refactor + need_lib_prefix=no + need_version=no + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + soname_spec='$libname$release$shared_ext$major' + shlibpath_var=LD_LIBRARY_PATH + ;; + +freebsd* | dragonfly*) + # DragonFly does not have aout. When/if they implement a new + # versioning mechanism, adjust this. + if test -x /usr/bin/objformat; then + objformat=`/usr/bin/objformat` + else + case $host_os in + freebsd[23].*) objformat=aout ;; + *) objformat=elf ;; + esac + fi + version_type=freebsd-$objformat + case $version_type in + freebsd-elf*) + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + soname_spec='$libname$release$shared_ext$major' + need_version=no + need_lib_prefix=no + ;; + freebsd-*) + library_names_spec='$libname$release$shared_ext$versuffix $libname$shared_ext$versuffix' + need_version=yes + ;; + esac + shlibpath_var=LD_LIBRARY_PATH + case $host_os in + freebsd2.*) + shlibpath_overrides_runpath=yes + ;; + freebsd3.[01]* | freebsdelf3.[01]*) + shlibpath_overrides_runpath=yes + hardcode_into_libs=yes + ;; + freebsd3.[2-9]* | freebsdelf3.[2-9]* | \ + freebsd4.[0-5] | freebsdelf4.[0-5] | freebsd4.1.1 | freebsdelf4.1.1) + shlibpath_overrides_runpath=no + hardcode_into_libs=yes + ;; + *) # from 4.6 on, and DragonFly + shlibpath_overrides_runpath=yes + hardcode_into_libs=yes + ;; + esac + ;; + +haiku*) + version_type=linux # correct to gnu/linux during the next big refactor + need_lib_prefix=no + need_version=no + dynamic_linker="$host_os runtime_loader" + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + soname_spec='$libname$release$shared_ext$major' + shlibpath_var=LIBRARY_PATH + shlibpath_overrides_runpath=no + sys_lib_dlsearch_path_spec='/boot/home/config/lib /boot/common/lib /boot/system/lib' + hardcode_into_libs=yes + ;; + +hpux9* | hpux10* | hpux11*) + # Give a soname corresponding to the major version so that dld.sl refuses to + # link against other versions. + version_type=sunos + need_lib_prefix=no + need_version=no + case $host_cpu in + ia64*) + shrext_cmds='.so' + hardcode_into_libs=yes + dynamic_linker="$host_os dld.so" + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=yes # Unless +noenvvar is specified. + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + soname_spec='$libname$release$shared_ext$major' + if test 32 = "$HPUX_IA64_MODE"; then + sys_lib_search_path_spec="/usr/lib/hpux32 /usr/local/lib/hpux32 /usr/local/lib" + sys_lib_dlsearch_path_spec=/usr/lib/hpux32 + else + sys_lib_search_path_spec="/usr/lib/hpux64 /usr/local/lib/hpux64" + sys_lib_dlsearch_path_spec=/usr/lib/hpux64 + fi + ;; + hppa*64*) + shrext_cmds='.sl' + hardcode_into_libs=yes + dynamic_linker="$host_os dld.sl" + shlibpath_var=LD_LIBRARY_PATH # How should we handle SHLIB_PATH + shlibpath_overrides_runpath=yes # Unless +noenvvar is specified. + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + soname_spec='$libname$release$shared_ext$major' + sys_lib_search_path_spec="/usr/lib/pa20_64 /usr/ccs/lib/pa20_64" + sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec + ;; + *) + shrext_cmds='.sl' + dynamic_linker="$host_os dld.sl" + shlibpath_var=SHLIB_PATH + shlibpath_overrides_runpath=no # +s is required to enable SHLIB_PATH + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + soname_spec='$libname$release$shared_ext$major' + ;; + esac + # HP-UX runs *really* slowly unless shared libraries are mode 555, ... + postinstall_cmds='chmod 555 $lib' + # or fails outright, so override atomically: + install_override_mode=555 + ;; + +interix[3-9]*) + version_type=linux # correct to gnu/linux during the next big refactor + need_lib_prefix=no + need_version=no + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + soname_spec='$libname$release$shared_ext$major' + dynamic_linker='Interix 3.x ld.so.1 (PE, like ELF)' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=no + hardcode_into_libs=yes + ;; + +irix5* | irix6* | nonstopux*) + case $host_os in + nonstopux*) version_type=nonstopux ;; + *) + if test yes = "$lt_cv_prog_gnu_ld"; then + version_type=linux # correct to gnu/linux during the next big refactor + else + version_type=irix + fi ;; + esac + need_lib_prefix=no + need_version=no + soname_spec='$libname$release$shared_ext$major' + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$release$shared_ext $libname$shared_ext' + case $host_os in + irix5* | nonstopux*) + libsuff= shlibsuff= + ;; + *) + case $LD in # libtool.m4 will add one of these switches to LD + *-32|*"-32 "|*-melf32bsmip|*"-melf32bsmip ") + libsuff= shlibsuff= libmagic=32-bit;; + *-n32|*"-n32 "|*-melf32bmipn32|*"-melf32bmipn32 ") + libsuff=32 shlibsuff=N32 libmagic=N32;; + *-64|*"-64 "|*-melf64bmip|*"-melf64bmip ") + libsuff=64 shlibsuff=64 libmagic=64-bit;; + *) libsuff= shlibsuff= libmagic=never-match;; + esac + ;; + esac + shlibpath_var=LD_LIBRARY${shlibsuff}_PATH + shlibpath_overrides_runpath=no + sys_lib_search_path_spec="/usr/lib$libsuff /lib$libsuff /usr/local/lib$libsuff" + sys_lib_dlsearch_path_spec="/usr/lib$libsuff /lib$libsuff" + hardcode_into_libs=yes + ;; + +# No shared lib support for Linux oldld, aout, or coff. +linux*oldld* | linux*aout* | linux*coff*) + dynamic_linker=no + ;; + +linux*android*) + version_type=none # Android doesn't support versioned libraries. + need_lib_prefix=no + need_version=no + library_names_spec='$libname$release$shared_ext' + soname_spec='$libname$release$shared_ext' + finish_cmds= + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=yes + + # This implies no fast_install, which is unacceptable. + # Some rework will be needed to allow for fast_install + # before this can be enabled. + hardcode_into_libs=yes + + dynamic_linker='Android linker' + # Don't embed -rpath directories since the linker doesn't support them. + hardcode_libdir_flag_spec_CXX='-L$libdir' + ;; + +# This must be glibc/ELF. +linux* | k*bsd*-gnu | kopensolaris*-gnu | gnu*) + version_type=linux # correct to gnu/linux during the next big refactor + need_lib_prefix=no + need_version=no + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + soname_spec='$libname$release$shared_ext$major' + finish_cmds='PATH="\$PATH:/sbin" ldconfig -n $libdir' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=no + + # Some binutils ld are patched to set DT_RUNPATH + if ${lt_cv_shlibpath_overrides_runpath+:} false; then : + $as_echo_n "(cached) " >&6 +else + lt_cv_shlibpath_overrides_runpath=no + save_LDFLAGS=$LDFLAGS + save_libdir=$libdir + eval "libdir=/foo; wl=\"$lt_prog_compiler_wl_CXX\"; \ + LDFLAGS=\"\$LDFLAGS $hardcode_libdir_flag_spec_CXX\"" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_cxx_try_link "$LINENO"; then : + if ($OBJDUMP -p conftest$ac_exeext) 2>/dev/null | grep "RUNPATH.*$libdir" >/dev/null; then : + lt_cv_shlibpath_overrides_runpath=yes +fi +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + LDFLAGS=$save_LDFLAGS + libdir=$save_libdir + +fi + + shlibpath_overrides_runpath=$lt_cv_shlibpath_overrides_runpath + + # This implies no fast_install, which is unacceptable. + # Some rework will be needed to allow for fast_install + # before this can be enabled. + hardcode_into_libs=yes + + # Ideally, we could use ldconfig to report *all* directores which are + # searched for libraries, however this is still not possible. Aside from not + # being certain /sbin/ldconfig is available, command + # 'ldconfig -N -X -v | grep ^/' on 64bit Fedora does not report /usr/lib64, + # even though it is searched at run-time. Try to do the best guess by + # appending ld.so.conf contents (and includes) to the search path. + if test -f /etc/ld.so.conf; then + lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s 2>/dev/null", \$2)); skip = 1; } { if (!skip) print \$0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;/^[ ]*hwcap[ ]/d;s/[:, ]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;s/"//g;/^$/d' | tr '\n' ' '` + sys_lib_dlsearch_path_spec="/lib /usr/lib $lt_ld_extra" + fi + + # We used to test for /lib/ld.so.1 and disable shared libraries on + # powerpc, because MkLinux only supported shared libraries with the + # GNU dynamic linker. Since this was broken with cross compilers, + # most powerpc-linux boxes support dynamic linking these days and + # people can always --disable-shared, the test was removed, and we + # assume the GNU/Linux dynamic linker is in use. + dynamic_linker='GNU/Linux ld.so' + ;; + +netbsdelf*-gnu) + version_type=linux + need_lib_prefix=no + need_version=no + library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}' + soname_spec='${libname}${release}${shared_ext}$major' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=no + hardcode_into_libs=yes + dynamic_linker='NetBSD ld.elf_so' + ;; + +netbsd*) + version_type=sunos + need_lib_prefix=no + need_version=no + if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then + library_names_spec='$libname$release$shared_ext$versuffix $libname$shared_ext$versuffix' + finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir' + dynamic_linker='NetBSD (a.out) ld.so' + else + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + soname_spec='$libname$release$shared_ext$major' + dynamic_linker='NetBSD ld.elf_so' + fi + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=yes + hardcode_into_libs=yes + ;; + +newsos6) + version_type=linux # correct to gnu/linux during the next big refactor + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=yes + ;; + +*nto* | *qnx*) + version_type=qnx + need_lib_prefix=no + need_version=no + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + soname_spec='$libname$release$shared_ext$major' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=no + hardcode_into_libs=yes + dynamic_linker='ldqnx.so' + ;; + +openbsd* | bitrig*) + version_type=sunos + sys_lib_dlsearch_path_spec=/usr/lib + need_lib_prefix=no + if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`"; then + need_version=no + else + need_version=yes + fi + library_names_spec='$libname$release$shared_ext$versuffix $libname$shared_ext$versuffix' + finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=yes + ;; + +os2*) + libname_spec='$name' + version_type=windows + shrext_cmds=.dll + need_version=no + need_lib_prefix=no + # OS/2 can only load a DLL with a base name of 8 characters or less. + soname_spec='`test -n "$os2dllname" && libname="$os2dllname"; + v=$($ECHO $release$versuffix | tr -d .-); + n=$($ECHO $libname | cut -b -$((8 - ${#v})) | tr . _); + $ECHO $n$v`$shared_ext' + library_names_spec='${libname}_dll.$libext' + dynamic_linker='OS/2 ld.exe' + shlibpath_var=BEGINLIBPATH + sys_lib_search_path_spec="/lib /usr/lib /usr/local/lib" + sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec + postinstall_cmds='base_file=`basename \$file`~ + dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\$base_file'\''i; $ECHO \$dlname'\''`~ + dldir=$destdir/`dirname \$dlpath`~ + test -d \$dldir || mkdir -p \$dldir~ + $install_prog $dir/$dlname \$dldir/$dlname~ + chmod a+x \$dldir/$dlname~ + if test -n '\''$stripme'\'' && test -n '\''$striplib'\''; then + eval '\''$striplib \$dldir/$dlname'\'' || exit \$?; + fi' + postuninstall_cmds='dldll=`$SHELL 2>&1 -c '\''. $file; $ECHO \$dlname'\''`~ + dlpath=$dir/\$dldll~ + $RM \$dlpath' + ;; + +osf3* | osf4* | osf5*) + version_type=osf + need_lib_prefix=no + need_version=no + soname_spec='$libname$release$shared_ext$major' + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + shlibpath_var=LD_LIBRARY_PATH + sys_lib_search_path_spec="/usr/shlib /usr/ccs/lib /usr/lib/cmplrs/cc /usr/lib /usr/local/lib /var/shlib" + sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec + ;; + +rdos*) + dynamic_linker=no + ;; + +solaris*) + version_type=linux # correct to gnu/linux during the next big refactor + need_lib_prefix=no + need_version=no + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + soname_spec='$libname$release$shared_ext$major' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=yes + hardcode_into_libs=yes + # ldd complains unless libraries are executable + postinstall_cmds='chmod +x $lib' + ;; + +sunos4*) + version_type=sunos + library_names_spec='$libname$release$shared_ext$versuffix $libname$shared_ext$versuffix' + finish_cmds='PATH="\$PATH:/usr/etc" ldconfig $libdir' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=yes + if test yes = "$with_gnu_ld"; then + need_lib_prefix=no + fi + need_version=yes + ;; + +sysv4 | sysv4.3*) + version_type=linux # correct to gnu/linux during the next big refactor + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + soname_spec='$libname$release$shared_ext$major' + shlibpath_var=LD_LIBRARY_PATH + case $host_vendor in + sni) + shlibpath_overrides_runpath=no + need_lib_prefix=no + runpath_var=LD_RUN_PATH + ;; + siemens) + need_lib_prefix=no + ;; + motorola) + need_lib_prefix=no + need_version=no + shlibpath_overrides_runpath=no + sys_lib_search_path_spec='/lib /usr/lib /usr/ccs/lib' + ;; + esac + ;; + +sysv4*MP*) + if test -d /usr/nec; then + version_type=linux # correct to gnu/linux during the next big refactor + library_names_spec='$libname$shared_ext.$versuffix $libname$shared_ext.$major $libname$shared_ext' + soname_spec='$libname$shared_ext.$major' + shlibpath_var=LD_LIBRARY_PATH + fi + ;; + +sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*) + version_type=sco + need_lib_prefix=no + need_version=no + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext $libname$shared_ext' + soname_spec='$libname$release$shared_ext$major' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=yes + hardcode_into_libs=yes + if test yes = "$with_gnu_ld"; then + sys_lib_search_path_spec='/usr/local/lib /usr/gnu/lib /usr/ccs/lib /usr/lib /lib' + else + sys_lib_search_path_spec='/usr/ccs/lib /usr/lib' + case $host_os in + sco3.2v5*) + sys_lib_search_path_spec="$sys_lib_search_path_spec /lib" + ;; + esac + fi + sys_lib_dlsearch_path_spec='/usr/lib' + ;; + +tpf*) + # TPF is a cross-target only. Preferred cross-host = GNU/Linux. + version_type=linux # correct to gnu/linux during the next big refactor + need_lib_prefix=no + need_version=no + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=no + hardcode_into_libs=yes + ;; + +uts4*) + version_type=linux # correct to gnu/linux during the next big refactor + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + soname_spec='$libname$release$shared_ext$major' + shlibpath_var=LD_LIBRARY_PATH + ;; + +*) + dynamic_linker=no + ;; +esac +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $dynamic_linker" >&5 +$as_echo "$dynamic_linker" >&6; } +test no = "$dynamic_linker" && can_build_shared=no + +variables_saved_for_relink="PATH $shlibpath_var $runpath_var" +if test yes = "$GCC"; then + variables_saved_for_relink="$variables_saved_for_relink GCC_EXEC_PREFIX COMPILER_PATH LIBRARY_PATH" +fi + +if test set = "${lt_cv_sys_lib_search_path_spec+set}"; then + sys_lib_search_path_spec=$lt_cv_sys_lib_search_path_spec +fi + +if test set = "${lt_cv_sys_lib_dlsearch_path_spec+set}"; then + sys_lib_dlsearch_path_spec=$lt_cv_sys_lib_dlsearch_path_spec +fi + +# remember unaugmented sys_lib_dlsearch_path content for libtool script decls... +configure_time_dlsearch_path=$sys_lib_dlsearch_path_spec + +# ... but it needs LT_SYS_LIBRARY_PATH munging for other configure-time code +func_munge_path_list sys_lib_dlsearch_path_spec "$LT_SYS_LIBRARY_PATH" + +# to be used as default LT_SYS_LIBRARY_PATH value in generated libtool +configure_time_lt_sys_library_path=$LT_SYS_LIBRARY_PATH + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking how to hardcode library paths into programs" >&5 +$as_echo_n "checking how to hardcode library paths into programs... " >&6; } +hardcode_action_CXX= +if test -n "$hardcode_libdir_flag_spec_CXX" || + test -n "$runpath_var_CXX" || + test yes = "$hardcode_automatic_CXX"; then + + # We can hardcode non-existent directories. + if test no != "$hardcode_direct_CXX" && + # If the only mechanism to avoid hardcoding is shlibpath_var, we + # have to relink, otherwise we might link with an installed library + # when we should be linking with a yet-to-be-installed one + ## test no != "$_LT_TAGVAR(hardcode_shlibpath_var, CXX)" && + test no != "$hardcode_minus_L_CXX"; then + # Linking always hardcodes the temporary library directory. + hardcode_action_CXX=relink + else + # We can link without hardcoding, and we can hardcode nonexisting dirs. + hardcode_action_CXX=immediate + fi +else + # We cannot hardcode anything, or else we can only hardcode existing + # directories. + hardcode_action_CXX=unsupported +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $hardcode_action_CXX" >&5 +$as_echo "$hardcode_action_CXX" >&6; } + +if test relink = "$hardcode_action_CXX" || + test yes = "$inherit_rpath_CXX"; then + # Fast installation is not supported + enable_fast_install=no +elif test yes = "$shlibpath_overrides_runpath" || + test no = "$enable_shared"; then + # Fast installation is not necessary + enable_fast_install=needless +fi + + + + + + + + fi # test -n "$compiler" + + CC=$lt_save_CC + CFLAGS=$lt_save_CFLAGS + LDCXX=$LD + LD=$lt_save_LD + GCC=$lt_save_GCC + with_gnu_ld=$lt_save_with_gnu_ld + lt_cv_path_LDCXX=$lt_cv_path_LD + lt_cv_path_LD=$lt_save_path_LD + lt_cv_prog_gnu_ldcxx=$lt_cv_prog_gnu_ld + lt_cv_prog_gnu_ld=$lt_save_with_gnu_ld +fi # test yes != "$_lt_caught_CXX_error" + +ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu + + + + + + + + + + + + + + + + ac_config_commands="$ac_config_commands libtool" + + + + +# Only expand once: + + + + + + + + + + + + + + + + + + use_additional=yes + + acl_save_prefix="$prefix" + prefix="$acl_final_prefix" + acl_save_exec_prefix="$exec_prefix" + exec_prefix="$acl_final_exec_prefix" + + eval additional_includedir=\"$includedir\" + eval additional_libdir=\"$libdir\" + + exec_prefix="$acl_save_exec_prefix" + prefix="$acl_save_prefix" + + +# Check whether --with-libdl-prefix was given. +if test "${with_libdl_prefix+set}" = set; then : + withval=$with_libdl_prefix; + if test "X$withval" = "Xno"; then + use_additional=no + else + if test "X$withval" = "X"; then + + acl_save_prefix="$prefix" + prefix="$acl_final_prefix" + acl_save_exec_prefix="$exec_prefix" + exec_prefix="$acl_final_exec_prefix" + + eval additional_includedir=\"$includedir\" + eval additional_libdir=\"$libdir\" + + exec_prefix="$acl_save_exec_prefix" + prefix="$acl_save_prefix" + + else + additional_includedir="$withval/include" + additional_libdir="$withval/$acl_libdirstem" + if test "$acl_libdirstem2" != "$acl_libdirstem" \ + && test ! -d "$withval/$acl_libdirstem"; then + additional_libdir="$withval/$acl_libdirstem2" + fi + fi + fi + +fi + + LIBDL= + LTLIBDL= + INCDL= + LIBDL_PREFIX= + HAVE_LIBDL= + rpathdirs= + ltrpathdirs= + names_already_handled= + names_next_round='dl ' + while test -n "$names_next_round"; do + names_this_round="$names_next_round" + names_next_round= + for name in $names_this_round; do + already_handled= + for n in $names_already_handled; do + if test "$n" = "$name"; then + already_handled=yes + break + fi + done + if test -z "$already_handled"; then + names_already_handled="$names_already_handled $name" + uppername=`echo "$name" | sed -e 'y|abcdefghijklmnopqrstuvwxyz./+-|ABCDEFGHIJKLMNOPQRSTUVWXYZ____|'` + eval value=\"\$HAVE_LIB$uppername\" + if test -n "$value"; then + if test "$value" = yes; then + eval value=\"\$LIB$uppername\" + test -z "$value" || LIBDL="${LIBDL}${LIBDL:+ }$value" + eval value=\"\$LTLIB$uppername\" + test -z "$value" || LTLIBDL="${LTLIBDL}${LTLIBDL:+ }$value" + else + : + fi + else + found_dir= + found_la= + found_so= + found_a= + eval libname=\"$acl_libname_spec\" # typically: libname=lib$name + if test -n "$acl_shlibext"; then + shrext=".$acl_shlibext" # typically: shrext=.so + else + shrext= + fi + if test $use_additional = yes; then + dir="$additional_libdir" + if test -n "$acl_shlibext"; then + if test -f "$dir/$libname$shrext"; then + found_dir="$dir" + found_so="$dir/$libname$shrext" + else + if test "$acl_library_names_spec" = '$libname$shrext$versuffix'; then + ver=`(cd "$dir" && \ + for f in "$libname$shrext".*; do echo "$f"; done \ + | sed -e "s,^$libname$shrext\\\\.,," \ + | sort -t '.' -n -r -k1,1 -k2,2 -k3,3 -k4,4 -k5,5 \ + | sed 1q ) 2>/dev/null` + if test -n "$ver" && test -f "$dir/$libname$shrext.$ver"; then + found_dir="$dir" + found_so="$dir/$libname$shrext.$ver" + fi + else + eval library_names=\"$acl_library_names_spec\" + for f in $library_names; do + if test -f "$dir/$f"; then + found_dir="$dir" + found_so="$dir/$f" + break + fi + done + fi + fi + fi + if test "X$found_dir" = "X"; then + if test -f "$dir/$libname.$acl_libext"; then + found_dir="$dir" + found_a="$dir/$libname.$acl_libext" + fi + fi + if test "X$found_dir" != "X"; then + if test -f "$dir/$libname.la"; then + found_la="$dir/$libname.la" + fi + fi + fi + if test "X$found_dir" = "X"; then + for x in $LDFLAGS $LTLIBDL; do + + acl_save_prefix="$prefix" + prefix="$acl_final_prefix" + acl_save_exec_prefix="$exec_prefix" + exec_prefix="$acl_final_exec_prefix" + eval x=\"$x\" + exec_prefix="$acl_save_exec_prefix" + prefix="$acl_save_prefix" + + case "$x" in + -L*) + dir=`echo "X$x" | sed -e 's/^X-L//'` + if test -n "$acl_shlibext"; then + if test -f "$dir/$libname$shrext"; then + found_dir="$dir" + found_so="$dir/$libname$shrext" + else + if test "$acl_library_names_spec" = '$libname$shrext$versuffix'; then + ver=`(cd "$dir" && \ + for f in "$libname$shrext".*; do echo "$f"; done \ + | sed -e "s,^$libname$shrext\\\\.,," \ + | sort -t '.' -n -r -k1,1 -k2,2 -k3,3 -k4,4 -k5,5 \ + | sed 1q ) 2>/dev/null` + if test -n "$ver" && test -f "$dir/$libname$shrext.$ver"; then + found_dir="$dir" + found_so="$dir/$libname$shrext.$ver" + fi + else + eval library_names=\"$acl_library_names_spec\" + for f in $library_names; do + if test -f "$dir/$f"; then + found_dir="$dir" + found_so="$dir/$f" + break + fi + done + fi + fi + fi + if test "X$found_dir" = "X"; then + if test -f "$dir/$libname.$acl_libext"; then + found_dir="$dir" + found_a="$dir/$libname.$acl_libext" + fi + fi + if test "X$found_dir" != "X"; then + if test -f "$dir/$libname.la"; then + found_la="$dir/$libname.la" + fi + fi + ;; + esac + if test "X$found_dir" != "X"; then + break + fi + done + fi + if test "X$found_dir" != "X"; then + LTLIBDL="${LTLIBDL}${LTLIBDL:+ }-L$found_dir -l$name" + if test "X$found_so" != "X"; then + if test "$enable_rpath" = no \ + || test "X$found_dir" = "X/usr/$acl_libdirstem" \ + || test "X$found_dir" = "X/usr/$acl_libdirstem2"; then + LIBDL="${LIBDL}${LIBDL:+ }$found_so" + else + haveit= + for x in $ltrpathdirs; do + if test "X$x" = "X$found_dir"; then + haveit=yes + break + fi + done + if test -z "$haveit"; then + ltrpathdirs="$ltrpathdirs $found_dir" + fi + if test "$acl_hardcode_direct" = yes; then + LIBDL="${LIBDL}${LIBDL:+ }$found_so" + else + if test -n "$acl_hardcode_libdir_flag_spec" && test "$acl_hardcode_minus_L" = no; then + LIBDL="${LIBDL}${LIBDL:+ }$found_so" + haveit= + for x in $rpathdirs; do + if test "X$x" = "X$found_dir"; then + haveit=yes + break + fi + done + if test -z "$haveit"; then + rpathdirs="$rpathdirs $found_dir" + fi + else + haveit= + for x in $LDFLAGS $LIBDL; do + + acl_save_prefix="$prefix" + prefix="$acl_final_prefix" + acl_save_exec_prefix="$exec_prefix" + exec_prefix="$acl_final_exec_prefix" + eval x=\"$x\" + exec_prefix="$acl_save_exec_prefix" + prefix="$acl_save_prefix" + + if test "X$x" = "X-L$found_dir"; then + haveit=yes + break + fi + done + if test -z "$haveit"; then + LIBDL="${LIBDL}${LIBDL:+ }-L$found_dir" + fi + if test "$acl_hardcode_minus_L" != no; then + LIBDL="${LIBDL}${LIBDL:+ }$found_so" + else + LIBDL="${LIBDL}${LIBDL:+ }-l$name" + fi + fi + fi + fi + else + if test "X$found_a" != "X"; then + LIBDL="${LIBDL}${LIBDL:+ }$found_a" + else + LIBDL="${LIBDL}${LIBDL:+ }-L$found_dir -l$name" + fi + fi + additional_includedir= + case "$found_dir" in + */$acl_libdirstem | */$acl_libdirstem/) + basedir=`echo "X$found_dir" | sed -e 's,^X,,' -e "s,/$acl_libdirstem/"'*$,,'` + if test "$name" = 'dl'; then + LIBDL_PREFIX="$basedir" + fi + additional_includedir="$basedir/include" + ;; + */$acl_libdirstem2 | */$acl_libdirstem2/) + basedir=`echo "X$found_dir" | sed -e 's,^X,,' -e "s,/$acl_libdirstem2/"'*$,,'` + if test "$name" = 'dl'; then + LIBDL_PREFIX="$basedir" + fi + additional_includedir="$basedir/include" + ;; + esac + if test "X$additional_includedir" != "X"; then + if test "X$additional_includedir" != "X/usr/include"; then + haveit= + if test "X$additional_includedir" = "X/usr/local/include"; then + if test -n "$GCC"; then + case $host_os in + linux* | gnu* | k*bsd*-gnu) haveit=yes;; + esac + fi + fi + if test -z "$haveit"; then + for x in $CPPFLAGS $INCDL; do + + acl_save_prefix="$prefix" + prefix="$acl_final_prefix" + acl_save_exec_prefix="$exec_prefix" + exec_prefix="$acl_final_exec_prefix" + eval x=\"$x\" + exec_prefix="$acl_save_exec_prefix" + prefix="$acl_save_prefix" + + if test "X$x" = "X-I$additional_includedir"; then + haveit=yes + break + fi + done + if test -z "$haveit"; then + if test -d "$additional_includedir"; then + INCDL="${INCDL}${INCDL:+ }-I$additional_includedir" + fi + fi + fi + fi + fi + if test -n "$found_la"; then + save_libdir="$libdir" + case "$found_la" in + */* | *\\*) . "$found_la" ;; + *) . "./$found_la" ;; + esac + libdir="$save_libdir" + for dep in $dependency_libs; do + case "$dep" in + -L*) + additional_libdir=`echo "X$dep" | sed -e 's/^X-L//'` + if test "X$additional_libdir" != "X/usr/$acl_libdirstem" \ + && test "X$additional_libdir" != "X/usr/$acl_libdirstem2"; then + haveit= + if test "X$additional_libdir" = "X/usr/local/$acl_libdirstem" \ + || test "X$additional_libdir" = "X/usr/local/$acl_libdirstem2"; then + if test -n "$GCC"; then + case $host_os in + linux* | gnu* | k*bsd*-gnu) haveit=yes;; + esac + fi + fi + if test -z "$haveit"; then + haveit= + for x in $LDFLAGS $LIBDL; do + + acl_save_prefix="$prefix" + prefix="$acl_final_prefix" + acl_save_exec_prefix="$exec_prefix" + exec_prefix="$acl_final_exec_prefix" + eval x=\"$x\" + exec_prefix="$acl_save_exec_prefix" + prefix="$acl_save_prefix" + + if test "X$x" = "X-L$additional_libdir"; then + haveit=yes + break + fi + done + if test -z "$haveit"; then + if test -d "$additional_libdir"; then + LIBDL="${LIBDL}${LIBDL:+ }-L$additional_libdir" + fi + fi + haveit= + for x in $LDFLAGS $LTLIBDL; do + + acl_save_prefix="$prefix" + prefix="$acl_final_prefix" + acl_save_exec_prefix="$exec_prefix" + exec_prefix="$acl_final_exec_prefix" + eval x=\"$x\" + exec_prefix="$acl_save_exec_prefix" + prefix="$acl_save_prefix" + + if test "X$x" = "X-L$additional_libdir"; then + haveit=yes + break + fi + done + if test -z "$haveit"; then + if test -d "$additional_libdir"; then + LTLIBDL="${LTLIBDL}${LTLIBDL:+ }-L$additional_libdir" + fi + fi + fi + fi + ;; + -R*) + dir=`echo "X$dep" | sed -e 's/^X-R//'` + if test "$enable_rpath" != no; then + haveit= + for x in $rpathdirs; do + if test "X$x" = "X$dir"; then + haveit=yes + break + fi + done + if test -z "$haveit"; then + rpathdirs="$rpathdirs $dir" + fi + haveit= + for x in $ltrpathdirs; do + if test "X$x" = "X$dir"; then + haveit=yes + break + fi + done + if test -z "$haveit"; then + ltrpathdirs="$ltrpathdirs $dir" + fi + fi + ;; + -l*) + names_next_round="$names_next_round "`echo "X$dep" | sed -e 's/^X-l//'` + ;; + *.la) + names_next_round="$names_next_round "`echo "X$dep" | sed -e 's,^X.*/,,' -e 's,^lib,,' -e 's,\.la$,,'` + ;; + *) + LIBDL="${LIBDL}${LIBDL:+ }$dep" + LTLIBDL="${LTLIBDL}${LTLIBDL:+ }$dep" + ;; + esac + done + fi + else + LIBDL="${LIBDL}${LIBDL:+ }-l$name" + LTLIBDL="${LTLIBDL}${LTLIBDL:+ }-l$name" + fi + fi + fi + done + done + if test "X$rpathdirs" != "X"; then + if test -n "$acl_hardcode_libdir_separator"; then + alldirs= + for found_dir in $rpathdirs; do + alldirs="${alldirs}${alldirs:+$acl_hardcode_libdir_separator}$found_dir" + done + acl_save_libdir="$libdir" + libdir="$alldirs" + eval flag=\"$acl_hardcode_libdir_flag_spec\" + libdir="$acl_save_libdir" + LIBDL="${LIBDL}${LIBDL:+ }$flag" + else + for found_dir in $rpathdirs; do + acl_save_libdir="$libdir" + libdir="$found_dir" + eval flag=\"$acl_hardcode_libdir_flag_spec\" + libdir="$acl_save_libdir" + LIBDL="${LIBDL}${LIBDL:+ }$flag" + done + fi + fi + if test "X$ltrpathdirs" != "X"; then + for found_dir in $ltrpathdirs; do + LTLIBDL="${LTLIBDL}${LTLIBDL:+ }-R$found_dir" + done + fi + + + + + + + ac_save_CPPFLAGS="$CPPFLAGS" + + for element in $INCDL; do + haveit= + for x in $CPPFLAGS; do + + acl_save_prefix="$prefix" + prefix="$acl_final_prefix" + acl_save_exec_prefix="$exec_prefix" + exec_prefix="$acl_final_exec_prefix" + eval x=\"$x\" + exec_prefix="$acl_save_exec_prefix" + prefix="$acl_save_prefix" + + if test "X$x" = "X$element"; then + haveit=yes + break + fi + done + if test -z "$haveit"; then + CPPFLAGS="${CPPFLAGS}${CPPFLAGS:+ }$element" + fi + done + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for libdl" >&5 +$as_echo_n "checking for libdl... " >&6; } +if ${ac_cv_libdl+:} false; then : + $as_echo_n "(cached) " >&6 +else + + ac_save_LIBS="$LIBS" + case " $LIBDL" in + *" -l"*) LIBS="$LIBS $LIBDL" ;; + *) LIBS="$LIBDL $LIBS" ;; + esac + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +int +main () +{ +dladdr (0, 0); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + ac_cv_libdl=yes +else + ac_cv_libdl='no' +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + LIBS="$ac_save_LIBS" + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_libdl" >&5 +$as_echo "$ac_cv_libdl" >&6; } + if test "$ac_cv_libdl" = yes; then + HAVE_LIBDL=yes + +$as_echo "#define HAVE_LIBDL 1" >>confdefs.h + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking how to link with libdl" >&5 +$as_echo_n "checking how to link with libdl... " >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $LIBDL" >&5 +$as_echo "$LIBDL" >&6; } + else + HAVE_LIBDL=no + CPPFLAGS="$ac_save_CPPFLAGS" + LIBDL= + LTLIBDL= + LIBDL_PREFIX= + fi + + + + + + + + +# Check whether --enable-fips140-mode was given. +if test "${enable_fips140_mode+set}" = set; then : + enableval=$enable_fips140_mode; enable_fips=$enableval +else + enable_fips=no +fi + + if test "$enable_fips" = "yes"; then + ENABLE_FIPS140_TRUE= + ENABLE_FIPS140_FALSE='#' +else + ENABLE_FIPS140_TRUE='#' + ENABLE_FIPS140_FALSE= +fi + +if test "$enable_fips" = "yes" ;then + if test "x$HAVE_LIBDL" = "xyes";then + +$as_echo "#define ENABLE_FIPS140 1" >>confdefs.h + + FIPS140_LIBS=$LIBDL + + +# Check whether --with-fips140-key was given. +if test "${with_fips140_key+set}" = set; then : + withval=$with_fips140_key; fips_key="$withval" +else + fips_key="orboDeJITITejsirpADONivirpUkvarP" +fi + + + +cat >>confdefs.h <<_ACEOF +#define FIPS_KEY "$fips_key" +_ACEOF + + else + enable_fips=no + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: +*** +*** This system is not supported in FIPS140 mode. +*** libdl and dladdr() are required. +*** " >&5 +$as_echo "$as_me: WARNING: +*** +*** This system is not supported in FIPS140 mode. +*** libdl and dladdr() are required. +*** " >&2;} + fi +fi + + +pkg_failed=no +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for CMOCKA" >&5 +$as_echo_n "checking for CMOCKA... " >&6; } + +if test -n "$CMOCKA_CFLAGS"; then + pkg_cv_CMOCKA_CFLAGS="$CMOCKA_CFLAGS" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"cmocka >= 1.0.1\""; } >&5 + ($PKG_CONFIG --exists --print-errors "cmocka >= 1.0.1") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + pkg_cv_CMOCKA_CFLAGS=`$PKG_CONFIG --cflags "cmocka >= 1.0.1" 2>/dev/null` + test "x$?" != "x0" && pkg_failed=yes +else + pkg_failed=yes +fi + else + pkg_failed=untried +fi +if test -n "$CMOCKA_LIBS"; then + pkg_cv_CMOCKA_LIBS="$CMOCKA_LIBS" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"cmocka >= 1.0.1\""; } >&5 + ($PKG_CONFIG --exists --print-errors "cmocka >= 1.0.1") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + pkg_cv_CMOCKA_LIBS=`$PKG_CONFIG --libs "cmocka >= 1.0.1" 2>/dev/null` + test "x$?" != "x0" && pkg_failed=yes +else + pkg_failed=yes +fi + else + pkg_failed=untried +fi + + + +if test $pkg_failed = yes; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + +if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then + _pkg_short_errors_supported=yes +else + _pkg_short_errors_supported=no +fi + if test $_pkg_short_errors_supported = yes; then + CMOCKA_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "cmocka >= 1.0.1" 2>&1` + else + CMOCKA_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "cmocka >= 1.0.1" 2>&1` + fi + # Put the nasty error message in config.log where it belongs + echo "$CMOCKA_PKG_ERRORS" >&5 + + with_cmocka=no +elif test $pkg_failed = untried; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + with_cmocka=no +else + CMOCKA_CFLAGS=$pkg_cv_CMOCKA_CFLAGS + CMOCKA_LIBS=$pkg_cv_CMOCKA_LIBS + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + with_cmocka=yes +fi + if test "$with_cmocka" != "no"; then + HAVE_CMOCKA_TRUE= + HAVE_CMOCKA_FALSE='#' +else + HAVE_CMOCKA_TRUE='#' + HAVE_CMOCKA_FALSE= +fi + + + +# Check whether --with-idn was given. +if test "${with_idn+set}" = set; then : + withval=$with_idn; try_libidn2="$withval" +else + try_libidn2=yes +fi + + +idna_support=no +with_libidn2=no + +if test "$try_libidn2" = yes;then + save_LIBS=$LIBS + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing idn2_lookup_u8" >&5 +$as_echo_n "checking for library containing idn2_lookup_u8... " >&6; } +if ${ac_cv_search_idn2_lookup_u8+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_func_search_save_LIBS=$LIBS +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char idn2_lookup_u8 (); +int +main () +{ +return idn2_lookup_u8 (); + ; + return 0; +} +_ACEOF +for ac_lib in '' idn2; do + if test -z "$ac_lib"; then + ac_res="none required" + else + ac_res=-l$ac_lib + LIBS="-l$ac_lib $ac_func_search_save_LIBS" + fi + if ac_fn_c_try_link "$LINENO"; then : + ac_cv_search_idn2_lookup_u8=$ac_res +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext + if ${ac_cv_search_idn2_lookup_u8+:} false; then : + break +fi +done +if ${ac_cv_search_idn2_lookup_u8+:} false; then : + +else + ac_cv_search_idn2_lookup_u8=no +fi +rm conftest.$ac_ext +LIBS=$ac_func_search_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_idn2_lookup_u8" >&5 +$as_echo "$ac_cv_search_idn2_lookup_u8" >&6; } +ac_res=$ac_cv_search_idn2_lookup_u8 +if test "$ac_res" != no; then : + test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" + + with_libidn2=yes; + idna_support="IDNA 2008 (libidn2)" + +$as_echo "#define HAVE_LIBIDN2 1" >>confdefs.h + + + LIBIDN2_LIBS=-lidn2 + +else + + with_libidn2=no; + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: *** LIBIDN2 was not found. You will not be able to use IDN2008 support" >&5 +$as_echo "$as_me: WARNING: *** LIBIDN2 was not found. You will not be able to use IDN2008 support" >&2;} + +fi + + LIBS=$save_LIBS +else + with_libidn2=no +fi + + if test "$with_libidn2" != "no"; then + HAVE_LIBIDN2_TRUE= + HAVE_LIBIDN2_FALSE='#' +else + HAVE_LIBIDN2_TRUE='#' + HAVE_LIBIDN2_FALSE= +fi + + +# Check whether --enable-non-suiteb-curves was given. +if test "${enable_non_suiteb_curves+set}" = set; then : + enableval=$enable_non_suiteb_curves; enable_non_suiteb=$enableval +else + enable_non_suiteb=yes +fi + + +if test "$enable_non_suiteb" = "yes";then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for nettle_secp_192r1 in -lhogweed" >&5 +$as_echo_n "checking for nettle_secp_192r1 in -lhogweed... " >&6; } +if ${ac_cv_lib_hogweed_nettle_secp_192r1+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-lhogweed $HOGWEED_LIBS $NETTLE_LIBS $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char nettle_secp_192r1 (); +int +main () +{ +return nettle_secp_192r1 (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + ac_cv_lib_hogweed_nettle_secp_192r1=yes +else + ac_cv_lib_hogweed_nettle_secp_192r1=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_hogweed_nettle_secp_192r1" >&5 +$as_echo "$ac_cv_lib_hogweed_nettle_secp_192r1" >&6; } +if test "x$ac_cv_lib_hogweed_nettle_secp_192r1" = xyes; then : + enable_non_suiteb=yes +else + enable_non_suiteb=no +fi + + + if test "$enable_non_suiteb" = "yes";then + +$as_echo "#define ENABLE_NON_SUITEB_CURVES 1" >>confdefs.h + + fi +fi + if test "$enable_non_suiteb" = "yes"; then + ENABLE_NON_SUITEB_CURVES_TRUE= + ENABLE_NON_SUITEB_CURVES_FALSE='#' +else + ENABLE_NON_SUITEB_CURVES_TRUE='#' + ENABLE_NON_SUITEB_CURVES_FALSE= +fi + + +# We MUST require a Nettle version that has rsa_sec_decrypt now. +save_LIBS=$LIBS +LIBS="$LIBS $HOGWEED_LIBS $NETTLE_LIBS" +for ac_func in nettle_rsa_sec_decrypt +do : + ac_fn_c_check_func "$LINENO" "nettle_rsa_sec_decrypt" "ac_cv_func_nettle_rsa_sec_decrypt" +if test "x$ac_cv_func_nettle_rsa_sec_decrypt" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_NETTLE_RSA_SEC_DECRYPT 1 +_ACEOF + +else + as_fn_error $? "Nettle lacks the required rsa_sec_decrypt function" "$LINENO" 5 + +fi +done + +LIBS=$save_LIBS + +# Check if nettle has CFB8 support +save_LIBS=$LIBS +LIBS="$LIBS $NETTLE_LIBS" +for ac_func in nettle_cfb8_encrypt +do : + ac_fn_c_check_func "$LINENO" "nettle_cfb8_encrypt" "ac_cv_func_nettle_cfb8_encrypt" +if test "x$ac_cv_func_nettle_cfb8_encrypt" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_NETTLE_CFB8_ENCRYPT 1 +_ACEOF + +fi +done + +LIBS=$save_LIBS + +# Check if nettle has CMAC support +save_LIBS=$LIBS +LIBS="$LIBS $NETTLE_LIBS" +for ac_func in nettle_cmac128_update +do : + ac_fn_c_check_func "$LINENO" "nettle_cmac128_update" "ac_cv_func_nettle_cmac128_update" +if test "x$ac_cv_func_nettle_cmac128_update" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_NETTLE_CMAC128_UPDATE 1 +_ACEOF + +fi +done + +LIBS=$save_LIBS + +# Check if nettle has XTS support +save_LIBS=$LIBS +LIBS="$LIBS $NETTLE_LIBS" +for ac_func in xts_encrypt_message +do : + ac_fn_c_check_func "$LINENO" "xts_encrypt_message" "ac_cv_func_xts_encrypt_message" +if test "x$ac_cv_func_xts_encrypt_message" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_XTS_ENCRYPT_MESSAGE 1 +_ACEOF + +fi +done + +LIBS=$save_LIBS + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to build libdane" >&5 +$as_echo_n "checking whether to build libdane... " >&6; } +# Check whether --enable-libdane was given. +if test "${enable_libdane+set}" = set; then : + enableval=$enable_libdane; enable_dane=$enableval +else + enable_dane=yes +fi + +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_dane" >&5 +$as_echo "$enable_dane" >&6; } + +if test "$enable_dane" != "no"; then + LIBS="$oldlibs -lunbound" + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for unbound library" >&5 +$as_echo_n "checking for unbound library... " >&6; } + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + #include +int +main () +{ + + struct ub_ctx* ctx; + ctx = ub_ctx_create(); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + UNBOUND_LIBS=-lunbound + + + +$as_echo "#define HAVE_DANE 1" >>confdefs.h + + enable_dane=yes +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: +*** +*** libunbound was not found. Libdane will not be built. +*** " >&5 +$as_echo "$as_me: WARNING: +*** +*** libunbound was not found. Libdane will not be built. +*** " >&2;} + enable_dane=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + LIBS="$oldlibs" +fi + + if test "$enable_dane" = "yes"; then + ENABLE_DANE_TRUE= + ENABLE_DANE_FALSE='#' +else + ENABLE_DANE_TRUE='#' + ENABLE_DANE_FALSE= +fi + + + +# Check whether --with-unbound-root-key-file was given. +if test "${with_unbound_root_key_file+set}" = set; then : + withval=$with_unbound_root_key_file; unbound_root_key_file="$withval" +else + if test "$have_win" = yes; then + unbound_root_key_file="C:\\Program Files\\Unbound\\root.key" +else + if test -f /var/lib/unbound/root.key;then + unbound_root_key_file="/var/lib/unbound/root.key" + else + if test -f /usr/share/dns/root.key;then + unbound_root_key_file="/usr/share/dns/root.key" + else + unbound_root_key_file="/etc/unbound/root.key" + fi + fi +fi + +fi + + + +cat >>confdefs.h <<_ACEOF +#define UNBOUND_ROOT_KEY_FILE "$unbound_root_key_file" +_ACEOF + + + +# Check whether --with-system-priority-file was given. +if test "${with_system_priority_file+set}" = set; then : + withval=$with_system_priority_file; system_priority_file="$withval" +else + system_priority_file="/etc/gnutls/default-priorities" + +fi + + + +cat >>confdefs.h <<_ACEOF +#define SYSTEM_PRIORITY_FILE "$system_priority_file" +_ACEOF + + + +# Check whether --with-default-priority-string was given. +if test "${with_default_priority_string+set}" = set; then : + withval=$with_default_priority_string; prio_string="$withval" +else + prio_string="NORMAL" +fi + + + +cat >>confdefs.h <<_ACEOF +#define DEFAULT_PRIORITY_STRING "$prio_string" +_ACEOF + + +P11_KIT_MINIMUM=0.23.1 + +# Check whether --with-p11-kit was given. +if test "${with_p11_kit+set}" = set; then : + withval=$with_p11_kit; +fi + +if test "$with_p11_kit" != "no"; then + +pkg_failed=no +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for P11_KIT" >&5 +$as_echo_n "checking for P11_KIT... " >&6; } + +if test -n "$P11_KIT_CFLAGS"; then + pkg_cv_P11_KIT_CFLAGS="$P11_KIT_CFLAGS" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"p11-kit-1 >= \$P11_KIT_MINIMUM\""; } >&5 + ($PKG_CONFIG --exists --print-errors "p11-kit-1 >= $P11_KIT_MINIMUM") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + pkg_cv_P11_KIT_CFLAGS=`$PKG_CONFIG --cflags "p11-kit-1 >= $P11_KIT_MINIMUM" 2>/dev/null` + test "x$?" != "x0" && pkg_failed=yes +else + pkg_failed=yes +fi + else + pkg_failed=untried +fi +if test -n "$P11_KIT_LIBS"; then + pkg_cv_P11_KIT_LIBS="$P11_KIT_LIBS" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"p11-kit-1 >= \$P11_KIT_MINIMUM\""; } >&5 + ($PKG_CONFIG --exists --print-errors "p11-kit-1 >= $P11_KIT_MINIMUM") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + pkg_cv_P11_KIT_LIBS=`$PKG_CONFIG --libs "p11-kit-1 >= $P11_KIT_MINIMUM" 2>/dev/null` + test "x$?" != "x0" && pkg_failed=yes +else + pkg_failed=yes +fi + else + pkg_failed=untried +fi + + + +if test $pkg_failed = yes; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + +if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then + _pkg_short_errors_supported=yes +else + _pkg_short_errors_supported=no +fi + if test $_pkg_short_errors_supported = yes; then + P11_KIT_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "p11-kit-1 >= $P11_KIT_MINIMUM" 2>&1` + else + P11_KIT_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "p11-kit-1 >= $P11_KIT_MINIMUM" 2>&1` + fi + # Put the nasty error message in config.log where it belongs + echo "$P11_KIT_PKG_ERRORS" >&5 + + with_p11_kit=no +elif test $pkg_failed = untried; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + with_p11_kit=no +else + P11_KIT_CFLAGS=$pkg_cv_P11_KIT_CFLAGS + P11_KIT_LIBS=$pkg_cv_P11_KIT_LIBS + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + with_p11_kit=yes +fi + if test "$with_p11_kit" != "no";then + +$as_echo "#define ENABLE_PKCS11 1" >>confdefs.h + + if test "x$GNUTLS_REQUIRES_PRIVATE" = "x"; then + GNUTLS_REQUIRES_PRIVATE="Requires.private: p11-kit-1" + else + GNUTLS_REQUIRES_PRIVATE="${GNUTLS_REQUIRES_PRIVATE}, p11-kit-1" + fi + else + with_p11_kit=no + as_fn_error $? " +*** +*** p11-kit >= $P11_KIT_MINIMUM was not found. To disable PKCS #11 support +*** use --without-p11-kit, otherwise you may get p11-kit from +*** https://p11-glue.freedesktop.org/p11-kit.html +*** " "$LINENO" 5 + fi +fi + + if $PKG_CONFIG --atleast-version=0.23.11 p11-kit-1; then + P11KIT_0_23_11_API_TRUE= + P11KIT_0_23_11_API_FALSE='#' +else + P11KIT_0_23_11_API_TRUE='#' + P11KIT_0_23_11_API_FALSE= +fi + + + if test "$with_p11_kit" != "no"; then + ENABLE_PKCS11_TRUE= + ENABLE_PKCS11_FALSE='#' +else + ENABLE_PKCS11_TRUE='#' + ENABLE_PKCS11_FALSE= +fi + + + +# Check whether --with-tpm was given. +if test "${with_tpm+set}" = set; then : + withval=$with_tpm; with_tpm=$withval +else + with_tpm=yes +fi + +if test "$with_tpm" != "no"; then + LIBS="$oldlibs -ltspi" + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for tss library" >&5 +$as_echo_n "checking for tss library... " >&6; } + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + #include + #include +int +main () +{ + + int err = Tspi_Context_Create((void *)0); + Trspi_Error_String(err); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + TSS_LIBS=-ltspi + + + +$as_echo "#define HAVE_TROUSERS 1" >>confdefs.h + + with_tpm=yes +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: +*** +*** trousers was not found. TPM support will be disabled. +*** " >&5 +$as_echo "$as_me: WARNING: +*** +*** trousers was not found. TPM support will be disabled. +*** " >&2;} + with_tpm=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + LIBS="$oldlibs" +fi + + if test "$with_tpm" != "no"; then + ENABLE_TROUSERS_TRUE= + ENABLE_TROUSERS_FALSE='#' +else + ENABLE_TROUSERS_TRUE='#' + ENABLE_TROUSERS_FALSE= +fi + + +for l in /usr/lib64 /usr/lib /lib64 /lib /usr/lib/x86_64-linux-gnu/; do + if test -f "${l}/libtspi.so.1";then + default_trousers_lib="${l}/libtspi.so.1" + break + fi +done + + +# Check whether --with-trousers-lib was given. +if test "${with_trousers_lib+set}" = set; then : + withval=$with_trousers_lib; ac_trousers_lib=$withval +else + ac_trousers_lib=$default_trousers_lib +fi + + +if test "$with_tpm" != "no" && test -z "$ac_trousers_lib"; then + as_fn_error $? " + *** + *** unable to find trousers library, please specify with --with-trousers-lib= + *** + " "$LINENO" 5 +fi + + +cat >>confdefs.h <<_ACEOF +#define TROUSERS_LIB "$ac_trousers_lib" +_ACEOF + + + + +AUTOGEN=${AUTOGEN-"${am_missing_run}autogen"} + + +included_libopts=no +if test "$enable_tools" != "no" || test "$enable_doc" != "no"; then + for ac_prog in autogen +do + # Extract the first word of "$ac_prog", so it can be a program name with args. +set dummy $ac_prog; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_autogen+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$autogen"; then + ac_cv_prog_autogen="$autogen" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_autogen="$ac_prog" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +autogen=$ac_cv_prog_autogen +if test -n "$autogen"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $autogen" >&5 +$as_echo "$autogen" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + + test -n "$autogen" && break +done + + + if test -z "$autogen"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: +*** +*** autogen not found. Will not link against system libopts. +*** " >&5 +$as_echo "$as_me: WARNING: +*** +*** autogen not found. Will not link against system libopts. +*** " >&2;} + enable_local_libopts=yes + fi + + + ac_header_dirent=no +for ac_hdr in dirent.h sys/ndir.h sys/dir.h ndir.h; do + as_ac_Header=`$as_echo "ac_cv_header_dirent_$ac_hdr" | $as_tr_sh` +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_hdr that defines DIR" >&5 +$as_echo_n "checking for $ac_hdr that defines DIR... " >&6; } +if eval \${$as_ac_Header+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +#include <$ac_hdr> + +int +main () +{ +if ((DIR *) 0) +return 0; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + eval "$as_ac_Header=yes" +else + eval "$as_ac_Header=no" +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +eval ac_res=\$$as_ac_Header + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 +$as_echo "$ac_res" >&6; } +if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : + cat >>confdefs.h <<_ACEOF +#define `$as_echo "HAVE_$ac_hdr" | $as_tr_cpp` 1 +_ACEOF + +ac_header_dirent=$ac_hdr; break +fi + +done +# Two versions of opendir et al. are in -ldir and -lx on SCO Xenix. +if test $ac_header_dirent = dirent.h; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing opendir" >&5 +$as_echo_n "checking for library containing opendir... " >&6; } +if ${ac_cv_search_opendir+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_func_search_save_LIBS=$LIBS +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char opendir (); +int +main () +{ +return opendir (); + ; + return 0; +} +_ACEOF +for ac_lib in '' dir; do + if test -z "$ac_lib"; then + ac_res="none required" + else + ac_res=-l$ac_lib + LIBS="-l$ac_lib $ac_func_search_save_LIBS" + fi + if ac_fn_c_try_link "$LINENO"; then : + ac_cv_search_opendir=$ac_res +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext + if ${ac_cv_search_opendir+:} false; then : + break +fi +done +if ${ac_cv_search_opendir+:} false; then : + +else + ac_cv_search_opendir=no +fi +rm conftest.$ac_ext +LIBS=$ac_func_search_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_opendir" >&5 +$as_echo "$ac_cv_search_opendir" >&6; } +ac_res=$ac_cv_search_opendir +if test "$ac_res" != no; then : + test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" + +fi + +else + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing opendir" >&5 +$as_echo_n "checking for library containing opendir... " >&6; } +if ${ac_cv_search_opendir+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_func_search_save_LIBS=$LIBS +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char opendir (); +int +main () +{ +return opendir (); + ; + return 0; +} +_ACEOF +for ac_lib in '' x; do + if test -z "$ac_lib"; then + ac_res="none required" + else + ac_res=-l$ac_lib + LIBS="-l$ac_lib $ac_func_search_save_LIBS" + fi + if ac_fn_c_try_link "$LINENO"; then : + ac_cv_search_opendir=$ac_res +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext + if ${ac_cv_search_opendir+:} false; then : + break +fi +done +if ${ac_cv_search_opendir+:} false; then : + +else + ac_cv_search_opendir=no +fi +rm conftest.$ac_ext +LIBS=$ac_func_search_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_opendir" >&5 +$as_echo "$ac_cv_search_opendir" >&6; } +ac_res=$ac_cv_search_opendir +if test "$ac_res" != no; then : + test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" + +fi + +fi + + + # ================= + # AC_CHECK_HEADERS + # ================= + for ac_header in \ + sys/mman.h sys/param.h sys/poll.h sys/procset.h \ + sys/select.h sys/socket.h sys/stropts.h sys/time.h \ + sys/un.h sys/wait.h dlfcn.h errno.h \ + fcntl.h libgen.h libintl.h memory.h \ + netinet/in.h setjmp.h stdbool.h sysexits.h \ + unistd.h utime.h +do : + as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` +ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default" +if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : + cat >>confdefs.h <<_ACEOF +#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 +_ACEOF + +fi + +done + + + for ac_header in stdarg.h varargs.h +do : + as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` +ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default" +if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : + cat >>confdefs.h <<_ACEOF +#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 +_ACEOF + lo_have_arg_hdr=true;break +else + lo_have_arg_hdr=false +fi + +done + + + for ac_header in string.h strings.h +do : + as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` +ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default" +if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : + cat >>confdefs.h <<_ACEOF +#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 +_ACEOF + lo_have_str_hdr=true;break +else + lo_have_str_hdr=false +fi + +done + + + for ac_header in limits.h sys/limits.h values.h +do : + as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` +ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default" +if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : + cat >>confdefs.h <<_ACEOF +#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 +_ACEOF + lo_have_lim_hdr=true;break +else + lo_have_lim_hdr=false +fi + +done + + + for ac_header in inttypes.h stdint.h +do : + as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` +ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default" +if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : + cat >>confdefs.h <<_ACEOF +#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 +_ACEOF + lo_have_typ_hdr=true;break +else + lo_have_typ_hdr=false +fi + +done + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for working stdnoreturn.h" >&5 +$as_echo_n "checking for working stdnoreturn.h... " >&6; } +if ${gl_cv_header_working_stdnoreturn_h+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + #include + /* Do not check for 'noreturn' after the return type. + C11 allows it, but it's rarely done that way + and circa-2012 bleeding-edge GCC rejects it when given + -Werror=old-style-declaration. */ + noreturn void foo1 (void) { exit (0); } + _Noreturn void foo2 (void) { exit (0); } + int testit (int argc, char **argv) { + if (argc & 1) + return 0; + (argv[0][0] ? foo1 : foo2) (); + } + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + gl_cv_header_working_stdnoreturn_h=yes +else + gl_cv_header_working_stdnoreturn_h=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_header_working_stdnoreturn_h" >&5 +$as_echo "$gl_cv_header_working_stdnoreturn_h" >&6; } + + if test $gl_cv_header_working_stdnoreturn_h = yes; then + STDNORETURN_H='' + else + STDNORETURN_H='stdnoreturn.h' + fi + + + if test -n "$STDNORETURN_H"; then + GL_GENERATE_STDNORETURN_H_TRUE= + GL_GENERATE_STDNORETURN_H_FALSE='#' +else + GL_GENERATE_STDNORETURN_H_TRUE='#' + GL_GENERATE_STDNORETURN_H_FALSE= +fi + + + + # ---------------------------------------------------------------------- + # check for various programs used during the build. + # On OS/X, "wchar.h" needs "runetype.h" to work properly. + # ---------------------------------------------------------------------- + for ac_header in runetype.h wchar.h +do : + as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` +ac_fn_c_check_header_compile "$LINENO" "$ac_header" "$as_ac_Header" " + $ac_includes_default + #if HAVE_RUNETYPE_H + # include + #endif + +" +if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : + cat >>confdefs.h <<_ACEOF +#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 +_ACEOF + +fi + +done + + + # Check whether --enable-nls was given. +if test "${enable_nls+set}" = set; then : + enableval=$enable_nls; +fi + + if test "x$enable_nls" != "xno" && \ + test "X${ac_cv_header_libintl_h}" = Xyes; then : + + +$as_echo "#define ENABLE_NLS 1" >>confdefs.h + +fi + + # -------------------------------------------- + # Verify certain entries from AC_CHECK_HEADERS + # -------------------------------------------- + ${lo_have_arg_hdr} || \ + as_fn_error $? "you must have stdarg.h or varargs.h on your system" "$LINENO" 5 + + ${lo_have_str_hdr} || \ + as_fn_error $? "you must have string.h or strings.h on your system" "$LINENO" 5 + + ${lo_have_lim_hdr} || \ + as_fn_error $? "you must have one of limits.h, sys/limits.h or values.h" "$LINENO" 5 + + ${lo_have_typ_hdr} || \ + as_fn_error $? "you must have inttypes.h or stdint.h on your system" "$LINENO" 5 + + for f in sys_types sys_param sys_stat string errno stdlib memory setjmp + do eval as_ac_var=\${ac_cv_header_${f}_h} + test "X${as_ac_var}" = Xyes || { + as_fn_error $? "you must have ${f}.h on your system" "$LINENO" 5 + } + done + test "X${ac_cv_header_inttypes_h-no}" = Xyes || \ + echo '#include ' > inttypes.h + + # ---------------------------------------------------------------------- + # Checks for typedefs + # ---------------------------------------------------------------------- + ac_fn_c_check_type "$LINENO" "wchar_t" "ac_cv_type_wchar_t" "$ac_includes_default" +if test "x$ac_cv_type_wchar_t" = xyes; then : + +cat >>confdefs.h <<_ACEOF +#define HAVE_WCHAR_T 1 +_ACEOF + + +fi + + ac_fn_c_check_type "$LINENO" "wint_t" "ac_cv_type_wint_t" " + $ac_includes_default + #if HAVE_RUNETYPE_H + # include + #endif + #if HAVE_WCHAR_H + # include + #endif + +" +if test "x$ac_cv_type_wint_t" = xyes; then : + +cat >>confdefs.h <<_ACEOF +#define HAVE_WINT_T 1 +_ACEOF + + +fi + + ac_fn_c_check_type "$LINENO" "int8_t" "ac_cv_type_int8_t" "$ac_includes_default" +if test "x$ac_cv_type_int8_t" = xyes; then : + +cat >>confdefs.h <<_ACEOF +#define HAVE_INT8_T 1 +_ACEOF + + +fi +ac_fn_c_check_type "$LINENO" "uint8_t" "ac_cv_type_uint8_t" "$ac_includes_default" +if test "x$ac_cv_type_uint8_t" = xyes; then : + +cat >>confdefs.h <<_ACEOF +#define HAVE_UINT8_T 1 +_ACEOF + + +fi +ac_fn_c_check_type "$LINENO" "int16_t" "ac_cv_type_int16_t" "$ac_includes_default" +if test "x$ac_cv_type_int16_t" = xyes; then : + +cat >>confdefs.h <<_ACEOF +#define HAVE_INT16_T 1 +_ACEOF + + +fi +ac_fn_c_check_type "$LINENO" "uint16_t" "ac_cv_type_uint16_t" "$ac_includes_default" +if test "x$ac_cv_type_uint16_t" = xyes; then : + +cat >>confdefs.h <<_ACEOF +#define HAVE_UINT16_T 1 +_ACEOF + + +fi +ac_fn_c_check_type "$LINENO" "int32_t" "ac_cv_type_int32_t" "$ac_includes_default" +if test "x$ac_cv_type_int32_t" = xyes; then : + +cat >>confdefs.h <<_ACEOF +#define HAVE_INT32_T 1 +_ACEOF + + +fi +ac_fn_c_check_type "$LINENO" "uint32_t" "ac_cv_type_uint32_t" "$ac_includes_default" +if test "x$ac_cv_type_uint32_t" = xyes; then : + +cat >>confdefs.h <<_ACEOF +#define HAVE_UINT32_T 1 +_ACEOF + + +fi +ac_fn_c_check_type "$LINENO" "intptr_t" "ac_cv_type_intptr_t" "$ac_includes_default" +if test "x$ac_cv_type_intptr_t" = xyes; then : + +cat >>confdefs.h <<_ACEOF +#define HAVE_INTPTR_T 1 +_ACEOF + + +fi +ac_fn_c_check_type "$LINENO" "uintptr_t" "ac_cv_type_uintptr_t" "$ac_includes_default" +if test "x$ac_cv_type_uintptr_t" = xyes; then : + +cat >>confdefs.h <<_ACEOF +#define HAVE_UINTPTR_T 1 +_ACEOF + + +fi +ac_fn_c_check_type "$LINENO" "uint_t" "ac_cv_type_uint_t" "$ac_includes_default" +if test "x$ac_cv_type_uint_t" = xyes; then : + +cat >>confdefs.h <<_ACEOF +#define HAVE_UINT_T 1 +_ACEOF + + +fi +ac_fn_c_check_type "$LINENO" "pid_t" "ac_cv_type_pid_t" "$ac_includes_default" +if test "x$ac_cv_type_pid_t" = xyes; then : + +cat >>confdefs.h <<_ACEOF +#define HAVE_PID_T 1 +_ACEOF + + +fi +ac_fn_c_check_type "$LINENO" "size_t" "ac_cv_type_size_t" "$ac_includes_default" +if test "x$ac_cv_type_size_t" = xyes; then : + +cat >>confdefs.h <<_ACEOF +#define HAVE_SIZE_T 1 +_ACEOF + + +fi +ac_fn_c_check_type "$LINENO" "ptrdiff_t" "ac_cv_type_ptrdiff_t" "$ac_includes_default" +if test "x$ac_cv_type_ptrdiff_t" = xyes; then : + +cat >>confdefs.h <<_ACEOF +#define HAVE_PTRDIFF_T 1 +_ACEOF + + +fi + + # The cast to long int works around a bug in the HP C Compiler +# version HP92453-01 B.11.11.23709.GP, which incorrectly rejects +# declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'. +# This bug is HP SR number 8606223364. +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking size of char *" >&5 +$as_echo_n "checking size of char *... " >&6; } +if ${ac_cv_sizeof_char_p+:} false; then : + $as_echo_n "(cached) " >&6 +else + if ac_fn_c_compute_int "$LINENO" "(long int) (sizeof (char *))" "ac_cv_sizeof_char_p" "$ac_includes_default"; then : + +else + if test "$ac_cv_type_char_p" = yes; then + { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error 77 "cannot compute sizeof (char *) +See \`config.log' for more details" "$LINENO" 5; } + else + ac_cv_sizeof_char_p=0 + fi +fi + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sizeof_char_p" >&5 +$as_echo "$ac_cv_sizeof_char_p" >&6; } + + + +cat >>confdefs.h <<_ACEOF +#define SIZEOF_CHAR_P $ac_cv_sizeof_char_p +_ACEOF + + + # The cast to long int works around a bug in the HP C Compiler +# version HP92453-01 B.11.11.23709.GP, which incorrectly rejects +# declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'. +# This bug is HP SR number 8606223364. +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking size of int" >&5 +$as_echo_n "checking size of int... " >&6; } +if ${ac_cv_sizeof_int+:} false; then : + $as_echo_n "(cached) " >&6 +else + if ac_fn_c_compute_int "$LINENO" "(long int) (sizeof (int))" "ac_cv_sizeof_int" "$ac_includes_default"; then : + +else + if test "$ac_cv_type_int" = yes; then + { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error 77 "cannot compute sizeof (int) +See \`config.log' for more details" "$LINENO" 5; } + else + ac_cv_sizeof_int=0 + fi +fi + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sizeof_int" >&5 +$as_echo "$ac_cv_sizeof_int" >&6; } + + + +cat >>confdefs.h <<_ACEOF +#define SIZEOF_INT $ac_cv_sizeof_int +_ACEOF + + + # The cast to long int works around a bug in the HP C Compiler +# version HP92453-01 B.11.11.23709.GP, which incorrectly rejects +# declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'. +# This bug is HP SR number 8606223364. +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking size of long" >&5 +$as_echo_n "checking size of long... " >&6; } +if ${ac_cv_sizeof_long+:} false; then : + $as_echo_n "(cached) " >&6 +else + if ac_fn_c_compute_int "$LINENO" "(long int) (sizeof (long))" "ac_cv_sizeof_long" "$ac_includes_default"; then : + +else + if test "$ac_cv_type_long" = yes; then + { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error 77 "cannot compute sizeof (long) +See \`config.log' for more details" "$LINENO" 5; } + else + ac_cv_sizeof_long=0 + fi +fi + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sizeof_long" >&5 +$as_echo "$ac_cv_sizeof_long" >&6; } + + + +cat >>confdefs.h <<_ACEOF +#define SIZEOF_LONG $ac_cv_sizeof_long +_ACEOF + + + # The cast to long int works around a bug in the HP C Compiler +# version HP92453-01 B.11.11.23709.GP, which incorrectly rejects +# declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'. +# This bug is HP SR number 8606223364. +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking size of short" >&5 +$as_echo_n "checking size of short... " >&6; } +if ${ac_cv_sizeof_short+:} false; then : + $as_echo_n "(cached) " >&6 +else + if ac_fn_c_compute_int "$LINENO" "(long int) (sizeof (short))" "ac_cv_sizeof_short" "$ac_includes_default"; then : + +else + if test "$ac_cv_type_short" = yes; then + { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error 77 "cannot compute sizeof (short) +See \`config.log' for more details" "$LINENO" 5; } + else + ac_cv_sizeof_short=0 + fi +fi + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sizeof_short" >&5 +$as_echo "$ac_cv_sizeof_short" >&6; } + + + +cat >>confdefs.h <<_ACEOF +#define SIZEOF_SHORT $ac_cv_sizeof_short +_ACEOF + + + + # ------------ + # AC_CHECK_LIB + # ------------ + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for pathfind in -lgen" >&5 +$as_echo_n "checking for pathfind in -lgen... " >&6; } +if ${ac_cv_lib_gen_pathfind+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-lgen $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char pathfind (); +int +main () +{ +return pathfind (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + ac_cv_lib_gen_pathfind=yes +else + ac_cv_lib_gen_pathfind=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_gen_pathfind" >&5 +$as_echo "$ac_cv_lib_gen_pathfind" >&6; } +if test "x$ac_cv_lib_gen_pathfind" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_LIBGEN 1 +_ACEOF + + LIBS="-lgen $LIBS" + +fi + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for gettext in -lintl" >&5 +$as_echo_n "checking for gettext in -lintl... " >&6; } +if ${ac_cv_lib_intl_gettext+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-lintl $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char gettext (); +int +main () +{ +return gettext (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + ac_cv_lib_intl_gettext=yes +else + ac_cv_lib_intl_gettext=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_intl_gettext" >&5 +$as_echo "$ac_cv_lib_intl_gettext" >&6; } +if test "x$ac_cv_lib_intl_gettext" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_LIBINTL 1 +_ACEOF + + LIBS="-lintl $LIBS" + +fi + + for ac_func in vprintf +do : + ac_fn_c_check_func "$LINENO" "vprintf" "ac_cv_func_vprintf" +if test "x$ac_cv_func_vprintf" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_VPRINTF 1 +_ACEOF + +ac_fn_c_check_func "$LINENO" "_doprnt" "ac_cv_func__doprnt" +if test "x$ac_cv_func__doprnt" = xyes; then : + +$as_echo "#define HAVE_DOPRNT 1" >>confdefs.h + +fi + +fi +done + + + for ac_header in vfork.h +do : + ac_fn_c_check_header_mongrel "$LINENO" "vfork.h" "ac_cv_header_vfork_h" "$ac_includes_default" +if test "x$ac_cv_header_vfork_h" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_VFORK_H 1 +_ACEOF + +fi + +done + +for ac_func in fork vfork +do : + as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` +ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" +if eval test \"x\$"$as_ac_var"\" = x"yes"; then : + cat >>confdefs.h <<_ACEOF +#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 +_ACEOF + +fi +done + +if test "x$ac_cv_func_fork" = xyes; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for working fork" >&5 +$as_echo_n "checking for working fork... " >&6; } +if ${ac_cv_func_fork_works+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test "$cross_compiling" = yes; then : + ac_cv_func_fork_works=cross +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +$ac_includes_default +int +main () +{ + + /* By Ruediger Kuhlmann. */ + return fork () < 0; + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_run "$LINENO"; then : + ac_cv_func_fork_works=yes +else + ac_cv_func_fork_works=no +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_func_fork_works" >&5 +$as_echo "$ac_cv_func_fork_works" >&6; } + +else + ac_cv_func_fork_works=$ac_cv_func_fork +fi +if test "x$ac_cv_func_fork_works" = xcross; then + case $host in + *-*-amigaos* | *-*-msdosdjgpp*) + # Override, as these systems have only a dummy fork() stub + ac_cv_func_fork_works=no + ;; + *) + ac_cv_func_fork_works=yes + ;; + esac + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: result $ac_cv_func_fork_works guessed because of cross compilation" >&5 +$as_echo "$as_me: WARNING: result $ac_cv_func_fork_works guessed because of cross compilation" >&2;} +fi +ac_cv_func_vfork_works=$ac_cv_func_vfork +if test "x$ac_cv_func_vfork" = xyes; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for working vfork" >&5 +$as_echo_n "checking for working vfork... " >&6; } +if ${ac_cv_func_vfork_works+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test "$cross_compiling" = yes; then : + ac_cv_func_vfork_works=cross +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +/* Thanks to Paul Eggert for this test. */ +$ac_includes_default +#include +#ifdef HAVE_VFORK_H +# include +#endif +/* On some sparc systems, changes by the child to local and incoming + argument registers are propagated back to the parent. The compiler + is told about this with #include , but some compilers + (e.g. gcc -O) don't grok . Test for this by using a + static variable whose address is put into a register that is + clobbered by the vfork. */ +static void +#ifdef __cplusplus +sparc_address_test (int arg) +# else +sparc_address_test (arg) int arg; +#endif +{ + static pid_t child; + if (!child) { + child = vfork (); + if (child < 0) { + perror ("vfork"); + _exit(2); + } + if (!child) { + arg = getpid(); + write(-1, "", 0); + _exit (arg); + } + } +} + +int +main () +{ + pid_t parent = getpid (); + pid_t child; + + sparc_address_test (0); + + child = vfork (); + + if (child == 0) { + /* Here is another test for sparc vfork register problems. This + test uses lots of local variables, at least as many local + variables as main has allocated so far including compiler + temporaries. 4 locals are enough for gcc 1.40.3 on a Solaris + 4.1.3 sparc, but we use 8 to be safe. A buggy compiler should + reuse the register of parent for one of the local variables, + since it will think that parent can't possibly be used any more + in this routine. Assigning to the local variable will thus + munge parent in the parent process. */ + pid_t + p = getpid(), p1 = getpid(), p2 = getpid(), p3 = getpid(), + p4 = getpid(), p5 = getpid(), p6 = getpid(), p7 = getpid(); + /* Convince the compiler that p..p7 are live; otherwise, it might + use the same hardware register for all 8 local variables. */ + if (p != p1 || p != p2 || p != p3 || p != p4 + || p != p5 || p != p6 || p != p7) + _exit(1); + + /* On some systems (e.g. IRIX 3.3), vfork doesn't separate parent + from child file descriptors. If the child closes a descriptor + before it execs or exits, this munges the parent's descriptor + as well. Test for this by closing stdout in the child. */ + _exit(close(fileno(stdout)) != 0); + } else { + int status; + struct stat st; + + while (wait(&status) != child) + ; + return ( + /* Was there some problem with vforking? */ + child < 0 + + /* Did the child fail? (This shouldn't happen.) */ + || status + + /* Did the vfork/compiler bug occur? */ + || parent != getpid() + + /* Did the file descriptor bug occur? */ + || fstat(fileno(stdout), &st) != 0 + ); + } +} +_ACEOF +if ac_fn_c_try_run "$LINENO"; then : + ac_cv_func_vfork_works=yes +else + ac_cv_func_vfork_works=no +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_func_vfork_works" >&5 +$as_echo "$ac_cv_func_vfork_works" >&6; } + +fi; +if test "x$ac_cv_func_fork_works" = xcross; then + ac_cv_func_vfork_works=$ac_cv_func_vfork + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: result $ac_cv_func_vfork_works guessed because of cross compilation" >&5 +$as_echo "$as_me: WARNING: result $ac_cv_func_vfork_works guessed because of cross compilation" >&2;} +fi + +if test "x$ac_cv_func_vfork_works" = xyes; then + +$as_echo "#define HAVE_WORKING_VFORK 1" >>confdefs.h + +else + +$as_echo "#define vfork fork" >>confdefs.h + +fi +if test "x$ac_cv_func_fork_works" = xyes; then + +$as_echo "#define HAVE_WORKING_FORK 1" >>confdefs.h + +fi + + for ac_func in mmap canonicalize_file_name snprintf strdup strchr \ + strrchr strsignal fchmod fstat chmod +do : + as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` +ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" +if eval test \"x\$"$as_ac_var"\" = x"yes"; then : + cat >>confdefs.h <<_ACEOF +#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 +_ACEOF + +fi +done + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for a sed that does not truncate output" >&5 +$as_echo_n "checking for a sed that does not truncate output... " >&6; } +if ${ac_cv_path_SED+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_script=s/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb/ + for ac_i in 1 2 3 4 5 6 7; do + ac_script="$ac_script$as_nl$ac_script" + done + echo "$ac_script" 2>/dev/null | sed 99q >conftest.sed + { ac_script=; unset ac_script;} + if test -z "$SED"; then + ac_path_SED_found=false + # Loop through the user's path and test for each of PROGNAME-LIST + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_prog in sed gsed; do + for ac_exec_ext in '' $ac_executable_extensions; do + ac_path_SED="$as_dir/$ac_prog$ac_exec_ext" + as_fn_executable_p "$ac_path_SED" || continue +# Check for GNU ac_path_SED and select it if it is found. + # Check for GNU $ac_path_SED +case `"$ac_path_SED" --version 2>&1` in +*GNU*) + ac_cv_path_SED="$ac_path_SED" ac_path_SED_found=:;; +*) + ac_count=0 + $as_echo_n 0123456789 >"conftest.in" + while : + do + cat "conftest.in" "conftest.in" >"conftest.tmp" + mv "conftest.tmp" "conftest.in" + cp "conftest.in" "conftest.nl" + $as_echo '' >> "conftest.nl" + "$ac_path_SED" -f conftest.sed < "conftest.nl" >"conftest.out" 2>/dev/null || break + diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break + as_fn_arith $ac_count + 1 && ac_count=$as_val + if test $ac_count -gt ${ac_path_SED_max-0}; then + # Best one so far, save it but keep looking for a better one + ac_cv_path_SED="$ac_path_SED" + ac_path_SED_max=$ac_count + fi + # 10*(2^10) chars as input seems more than enough + test $ac_count -gt 10 && break + done + rm -f conftest.in conftest.tmp conftest.nl conftest.out;; +esac + + $ac_path_SED_found && break 3 + done + done + done +IFS=$as_save_IFS + if test -z "$ac_cv_path_SED"; then + as_fn_error $? "no acceptable sed could be found in \$PATH" "$LINENO" 5 + fi +else + ac_cv_path_SED=$SED +fi + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_SED" >&5 +$as_echo "$ac_cv_path_SED" >&6; } + SED="$ac_cv_path_SED" + rm -f conftest.sed + + while : + do + POSIX_SHELL=`which bash` + test -x "$POSIX_SHELL" && break + POSIX_SHELL=`which dash` + test -x "$POSIX_SHELL" && break + POSIX_SHELL=/usr/xpg4/bin/sh + test -x "$POSIX_SHELL" && break + POSIX_SHELL=`/bin/sh -c ' + exec 2>/dev/null + if ! true ; then exit 1 ; fi + echo /bin/sh'` + test -x "$POSIX_SHELL" && break + as_fn_error $? "cannot locate a working POSIX shell" "$LINENO" 5 + done + +cat >>confdefs.h <<_ACEOF +#define POSIX_SHELL "${POSIX_SHELL}" +_ACEOF + + + + + + LIBOPTS_BUILD_BLOCKED='' + + + NEED_LIBOPTS_DIR='' + + # Check whether --enable-local-libopts was given. +if test "${enable_local_libopts+set}" = set; then : + enableval=$enable_local_libopts; + if test x$enableval = xyes ; then + { $as_echo "$as_me:${as_lineno-$LINENO}: Using supplied libopts tearoff" >&5 +$as_echo "$as_me: Using supplied libopts tearoff" >&6;} + LIBOPTS_CFLAGS='-I$(top_srcdir)/src/libopts' + NEED_LIBOPTS_DIR=true + LIBOPTS_LDADD='$(top_builddir)/src/libopts/libopts.la' + fi +fi + + + # Check whether --enable-libopts-install was given. +if test "${enable_libopts_install+set}" = set; then : + enableval=$enable_libopts_install; +fi + + if test "X${enable_libopts_install}" = Xyes; then + INSTALL_LIBOPTS_TRUE= + INSTALL_LIBOPTS_FALSE='#' +else + INSTALL_LIBOPTS_TRUE='#' + INSTALL_LIBOPTS_FALSE= +fi + + + if test -z "${NEED_LIBOPTS_DIR}" ; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether autoopts-config can be found" >&5 +$as_echo_n "checking whether autoopts-config can be found... " >&6; } + +# Check whether --with-autoopts-config was given. +if test "${with_autoopts_config+set}" = set; then : + withval=$with_autoopts_config; lo_cv_with_autoopts_config=${with_autoopts_config} +else + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether autoopts-config is specified" >&5 +$as_echo_n "checking whether autoopts-config is specified... " >&6; } +if ${lo_cv_with_autoopts_config+:} false; then : + $as_echo_n "(cached) " >&6 +else + if autoopts-config --help 2>/dev/null 1>&2 + then lo_cv_with_autoopts_config=autoopts-config + elif libopts-config --help 2>/dev/null 1>&2 + then lo_cv_with_autoopts_config=libopts-config + else lo_cv_with_autoopts_config=no ; fi +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lo_cv_with_autoopts_config" >&5 +$as_echo "$lo_cv_with_autoopts_config" >&6; } + +fi + # end of AC_ARG_WITH + + if ${lo_cv_test_autoopts+:} false; then : + $as_echo_n "(cached) " >&6 +else + + if test -z "${lo_cv_with_autoopts_config}" \ + -o X"${lo_cv_with_autoopts_config}" = Xno + then + if autoopts-config --help 2>/dev/null 1>&2 + then lo_cv_with_autoopts_config=autoopts-config + elif libopts-config --help 2>/dev/null 1>&2 + then lo_cv_with_autoopts_config=libopts-config + else lo_cv_with_autoopts_config=false ; fi + fi + lo_cv_test_autoopts=` + ${lo_cv_with_autoopts_config} --libs` 2> /dev/null + if test $? -ne 0 -o -z "${lo_cv_test_autoopts}" + then lo_cv_test_autoopts=no ; fi + +fi + # end of CACHE_VAL + { $as_echo "$as_me:${as_lineno-$LINENO}: result: ${lo_cv_test_autoopts}" >&5 +$as_echo "${lo_cv_test_autoopts}" >&6; } + + if test "X${lo_cv_test_autoopts}" != Xno + then + LIBOPTS_LDADD="${lo_cv_test_autoopts}" + LIBOPTS_CFLAGS="`${lo_cv_with_autoopts_config} --cflags`" + else + LIBOPTS_LDADD='$(top_builddir)/src/libopts/libopts.la' + LIBOPTS_CFLAGS='-I$(top_srcdir)/src/libopts' + NEED_LIBOPTS_DIR=true + fi + fi # end of if test -z "${NEED_LIBOPTS_DIR}" + if test -n "${LIBOPTS_BUILD_BLOCKED}" ; then + NEED_LIBOPTS_DIR='' + fi + if test -n "${NEED_LIBOPTS_DIR}"; then + NEED_LIBOPTS_TRUE= + NEED_LIBOPTS_FALSE='#' +else + NEED_LIBOPTS_TRUE='#' + NEED_LIBOPTS_FALSE= +fi + + + + LIBOPTS_DIR=src/libopts + + +# end of AC_DEFUN of LIBOPTS_CHECK_COMMON + + + if test -z "$NEED_LIBOPTS_TRUE"; then : + + + + # Check to see if a reg expr header is specified. + + +# Check whether --with-regex-header was given. +if test "${with_regex_header+set}" = set; then : + withval=$with_regex_header; libopts_cv_with_regex_header=${with_regex_header} +else + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether a reg expr header is specified" >&5 +$as_echo_n "checking whether a reg expr header is specified... " >&6; } +if ${libopts_cv_with_regex_header+:} false; then : + $as_echo_n "(cached) " >&6 +else + libopts_cv_with_regex_header=no +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $libopts_cv_with_regex_header" >&5 +$as_echo "$libopts_cv_with_regex_header" >&6; } + +fi + # end of AC_ARG_WITH + if test "X${libopts_cv_with_regex_header}" != Xno + then + cat >>confdefs.h <<_ACEOF +#define REGEX_HEADER <${libopts_cv_with_regex_header}> +_ACEOF + + else + +$as_echo "#define REGEX_HEADER " >>confdefs.h + + fi + + + + # Check to see if a working libregex can be found. + + +# Check whether --with-libregex was given. +if test "${with_libregex+set}" = set; then : + withval=$with_libregex; libopts_cv_with_libregex_root=${with_libregex} +else + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether with-libregex was specified" >&5 +$as_echo_n "checking whether with-libregex was specified... " >&6; } +if ${libopts_cv_with_libregex_root+:} false; then : + $as_echo_n "(cached) " >&6 +else + libopts_cv_with_libregex_root=no +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $libopts_cv_with_libregex_root" >&5 +$as_echo "$libopts_cv_with_libregex_root" >&6; } + +fi + # end of AC_ARG_WITH libregex + + if test "${with_libregex+set}" = set && \ + test "X${withval}" = Xno + then ## disabled by request + libopts_cv_with_libregex_root=no + libopts_cv_with_libregex_cflags=no + libopts_cv_with_libregex_libs=no + else + + +# Check whether --with-libregex-cflags was given. +if test "${with_libregex_cflags+set}" = set; then : + withval=$with_libregex_cflags; libopts_cv_with_libregex_cflags=${with_libregex_cflags} +else + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether with-libregex-cflags was specified" >&5 +$as_echo_n "checking whether with-libregex-cflags was specified... " >&6; } +if ${libopts_cv_with_libregex_cflags+:} false; then : + $as_echo_n "(cached) " >&6 +else + libopts_cv_with_libregex_cflags=no +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $libopts_cv_with_libregex_cflags" >&5 +$as_echo "$libopts_cv_with_libregex_cflags" >&6; } + +fi + # end of AC_ARG_WITH libregex-cflags + + +# Check whether --with-libregex-libs was given. +if test "${with_libregex_libs+set}" = set; then : + withval=$with_libregex_libs; libopts_cv_with_libregex_libs=${with_libregex_libs} +else + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether with-libregex-libs was specified" >&5 +$as_echo_n "checking whether with-libregex-libs was specified... " >&6; } +if ${libopts_cv_with_libregex_libs+:} false; then : + $as_echo_n "(cached) " >&6 +else + libopts_cv_with_libregex_libs=no +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $libopts_cv_with_libregex_libs" >&5 +$as_echo "$libopts_cv_with_libregex_libs" >&6; } + +fi + # end of AC_ARG_WITH libregex-libs + + case "X${libopts_cv_with_libregex_cflags}" in + Xyes|Xno|X ) + case "X${libopts_cv_with_libregex_root}" in + Xyes|Xno|X ) libopts_cv_with_libregex_cflags=no ;; + * ) libopts_cv_with_libregex_cflags=-I${libopts_cv_with_libregex_root}/include ;; + esac + esac + case "X${libopts_cv_with_libregex_libs}" in + Xyes|Xno|X ) + case "X${libopts_cv_with_libregex_root}" in + Xyes|Xno|X ) libopts_cv_with_libregex_libs=no ;; + * ) libopts_cv_with_libregex_libs="-L${libopts_cv_with_libregex_root}/lib -lregex" ;; + esac + esac + libopts_save_CPPFLAGS="${CPPFLAGS}" + libopts_save_LIBS="${LIBS}" + case "X${libopts_cv_with_libregex_cflags}" in + Xyes|Xno|X ) + libopts_cv_with_libregex_cflags="" ;; + * ) CPPFLAGS="${CPPFLAGS} ${libopts_cv_with_libregex_cflags}" ;; + esac + case "X${libopts_cv_with_libregex_libs}" in + Xyes|Xno|X ) + libopts_cv_with_libregex_libs="" ;; + * ) + LIBS="${LIBS} ${libopts_cv_with_libregex_libs}" ;; + esac + LIBREGEX_CFLAGS="" + LIBREGEX_LIBS="" + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether libregex functions properly" >&5 +$as_echo_n "checking whether libregex functions properly... " >&6; } + if ${libopts_cv_with_libregex+:} false; then : + $as_echo_n "(cached) " >&6 +else + + if test "$cross_compiling" = yes; then : + libopts_cv_with_libregex=no +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +#include +#include +#include REGEX_HEADER +static regex_t re; +void comp_re(char const * pzPat) { + int res = regcomp( &re, pzPat, REG_EXTENDED|REG_ICASE|REG_NEWLINE ); + if (res == 0) return; + exit( res ); } +int main() { + regmatch_t m[2]; + comp_re( "^.*\$" ); + comp_re( "()|no.*" ); + comp_re( "." ); + if (regexec( &re, "X", 2, m, 0 ) != 0) return 1; + if ((m[0].rm_so != 0) || (m[0].rm_eo != 1)) { + fputs( "error: regex -->.<-- did not match\n", stderr ); + return 1; + } + return 0; } +_ACEOF +if ac_fn_c_try_run "$LINENO"; then : + libopts_cv_with_libregex=yes +else + libopts_cv_with_libregex=no +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + # end of AC_RUN_IFELSE + +fi + # end of AC_CACHE_VAL for libopts_cv_with_libregex + fi ## disabled by request + { $as_echo "$as_me:${as_lineno-$LINENO}: result: ${libopts_cv_with_libregex}" >&5 +$as_echo "${libopts_cv_with_libregex}" >&6; } + if test "X${libopts_cv_with_libregex}" != Xno + then + +$as_echo "#define WITH_LIBREGEX 1" >>confdefs.h + + else + CPPFLAGS="${libopts_save_CPPFLAGS}" + LIBS="${libopts_save_LIBS}" + libopts_cv_with_libregex_root=no +libopts_cv_with_libregex_cflags=no +libopts_cv_with_libregex_libs=no +libopts_cv_with_libregex=no + fi + + + + # Check to see if pathfind(3) works. + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether pathfind(3) works" >&5 +$as_echo_n "checking whether pathfind(3) works... " >&6; } + if ${libopts_cv_run_pathfind+:} false; then : + $as_echo_n "(cached) " >&6 +else + + if test "$cross_compiling" = yes; then : + libopts_cv_run_pathfind=no + +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +#include +int main (int argc, char ** argv) { + char * pz = pathfind( getenv( "PATH" ), "sh", "x" ); + return (pz == 0) ? 1 : 0; +} +_ACEOF +if ac_fn_c_try_run "$LINENO"; then : + libopts_cv_run_pathfind=yes +else + libopts_cv_run_pathfind=no +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + # end of RUN_IFELSE + +fi + # end of AC_CACHE_VAL for libopts_cv_run_pathfind + { $as_echo "$as_me:${as_lineno-$LINENO}: result: ${libopts_cv_run_pathfind}" >&5 +$as_echo "${libopts_cv_run_pathfind}" >&6; } + if test "X${libopts_cv_run_pathfind}" != Xno + then + +$as_echo "#define HAVE_PATHFIND 1" >>confdefs.h + + fi + + + + # Check to see if /dev/zero is readable device. + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether /dev/zero is readable device" >&5 +$as_echo_n "checking whether /dev/zero is readable device... " >&6; } + if ${libopts_cv_test_dev_zero+:} false; then : + $as_echo_n "(cached) " >&6 +else + + libopts_cv_test_dev_zero=`exec 2> /dev/null +dzero=\`ls -lL /dev/zero | egrep ^c......r\` +test -z "${dzero}" && exit 1 +echo ${dzero}` + if test $? -ne 0 || test -z "$libopts_cv_test_dev_zero" + then libopts_cv_test_dev_zero=no + fi + +fi + # end of CACHE_VAL of libopts_cv_test_dev_zero + { $as_echo "$as_me:${as_lineno-$LINENO}: result: ${libopts_cv_test_dev_zero}" >&5 +$as_echo "${libopts_cv_test_dev_zero}" >&6; } + if test "X${libopts_cv_test_dev_zero}" != Xno + then + +$as_echo "#define HAVE_DEV_ZERO 1" >>confdefs.h + + fi + + + + # Check to see if we have a functional realpath(3C). + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we have a functional realpath(3C)" >&5 +$as_echo_n "checking whether we have a functional realpath(3C)... " >&6; } + if ${libopts_cv_run_realpath+:} false; then : + $as_echo_n "(cached) " >&6 +else + + if test "$cross_compiling" = yes; then : + libopts_cv_run_realpath=no + +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +#include +int main (int argc, char ** argv) { +#ifndef PATH_MAX +choke me!! +#else + char zPath[PATH_MAX+1]; +#endif + char *pz = realpath(argv[0], zPath); + return (pz == zPath) ? 0 : 1; +} +_ACEOF +if ac_fn_c_try_run "$LINENO"; then : + libopts_cv_run_realpath=yes +else + libopts_cv_run_realpath=no +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + # end of RUN_IFELSE + +fi + # end of AC_CACHE_VAL for libopts_cv_run_realpath + { $as_echo "$as_me:${as_lineno-$LINENO}: result: ${libopts_cv_run_realpath}" >&5 +$as_echo "${libopts_cv_run_realpath}" >&6; } + if test "X${libopts_cv_run_realpath}" != Xno + then + +$as_echo "#define HAVE_REALPATH 1" >>confdefs.h + + fi + + + + # Check to see if strftime() works. + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether strftime() works" >&5 +$as_echo_n "checking whether strftime() works... " >&6; } + if ${libopts_cv_run_strftime+:} false; then : + $as_echo_n "(cached) " >&6 +else + + if test "$cross_compiling" = yes; then : + libopts_cv_run_strftime=no + +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +#include +char t_buf[ 64 ]; +int main() { + static char const z[] = "Thursday Aug 28 240"; + struct tm tm; + tm.tm_sec = 36; /* seconds after the minute [0, 61] */ + tm.tm_min = 44; /* minutes after the hour [0, 59] */ + tm.tm_hour = 12; /* hour since midnight [0, 23] */ + tm.tm_mday = 28; /* day of the month [1, 31] */ + tm.tm_mon = 7; /* months since January [0, 11] */ + tm.tm_year = 86; /* years since 1900 */ + tm.tm_wday = 4; /* days since Sunday [0, 6] */ + tm.tm_yday = 239; /* days since January 1 [0, 365] */ + tm.tm_isdst = 1; /* flag for daylight savings time */ + strftime( t_buf, sizeof( t_buf ), "%A %b %d %j", &tm ); + return (strcmp( t_buf, z ) != 0); } +_ACEOF +if ac_fn_c_try_run "$LINENO"; then : + libopts_cv_run_strftime=yes +else + libopts_cv_run_strftime=no +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + # end of RUN_IFELSE + +fi + # end of AC_CACHE_VAL for libopts_cv_run_strftime + { $as_echo "$as_me:${as_lineno-$LINENO}: result: ${libopts_cv_run_strftime}" >&5 +$as_echo "${libopts_cv_run_strftime}" >&6; } + if test "X${libopts_cv_run_strftime}" != Xno + then + +$as_echo "#define HAVE_STRFTIME 1" >>confdefs.h + + fi + + + + # Check to see if fopen accepts "b" mode. + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether fopen accepts \"b\" mode" >&5 +$as_echo_n "checking whether fopen accepts \"b\" mode... " >&6; } + if ${libopts_cv_run_fopen_binary+:} false; then : + $as_echo_n "(cached) " >&6 +else + + if test "$cross_compiling" = yes; then : + libopts_cv_run_fopen_binary=no + +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +int main (int argc, char ** argv) { +FILE * fp = fopen("conftest.$ac_ext", "rb"); +return (fp == NULL) ? 1 : fclose(fp); } +_ACEOF +if ac_fn_c_try_run "$LINENO"; then : + libopts_cv_run_fopen_binary=yes +else + libopts_cv_run_fopen_binary=no +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + # end of RUN_IFELSE + +fi + # end of AC_CACHE_VAL for libopts_cv_run_fopen_binary + { $as_echo "$as_me:${as_lineno-$LINENO}: result: ${libopts_cv_run_fopen_binary}" >&5 +$as_echo "${libopts_cv_run_fopen_binary}" >&6; } + if test "X${libopts_cv_run_fopen_binary}" != Xno + then + +$as_echo "#define FOPEN_BINARY_FLAG \"b\"" >>confdefs.h + + else + +$as_echo "#define FOPEN_BINARY_FLAG \"\"" >>confdefs.h + + fi + + + + # Check to see if fopen accepts "t" mode. + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether fopen accepts \"t\" mode" >&5 +$as_echo_n "checking whether fopen accepts \"t\" mode... " >&6; } + if ${libopts_cv_run_fopen_text+:} false; then : + $as_echo_n "(cached) " >&6 +else + + if test "$cross_compiling" = yes; then : + libopts_cv_run_fopen_text=no + +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +int main (int argc, char ** argv) { +FILE * fp = fopen("conftest.$ac_ext", "rt"); +return (fp == NULL) ? 1 : fclose(fp); } +_ACEOF +if ac_fn_c_try_run "$LINENO"; then : + libopts_cv_run_fopen_text=yes +else + libopts_cv_run_fopen_text=no +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + # end of RUN_IFELSE + +fi + # end of AC_CACHE_VAL for libopts_cv_run_fopen_text + { $as_echo "$as_me:${as_lineno-$LINENO}: result: ${libopts_cv_run_fopen_text}" >&5 +$as_echo "${libopts_cv_run_fopen_text}" >&6; } + if test "X${libopts_cv_run_fopen_text}" != Xno + then + +$as_echo "#define FOPEN_TEXT_FLAG \"t\"" >>confdefs.h + + else + +$as_echo "#define FOPEN_TEXT_FLAG \"\"" >>confdefs.h + + fi + + + + # Check to see if not wanting optional option args. + + # Check whether --enable-optional-args was given. +if test "${enable_optional_args+set}" = set; then : + enableval=$enable_optional_args; libopts_cv_enable_optional_args=${enable_optional_args} +else + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether not wanting optional option args" >&5 +$as_echo_n "checking whether not wanting optional option args... " >&6; } +if ${libopts_cv_enable_optional_args+:} false; then : + $as_echo_n "(cached) " >&6 +else + libopts_cv_enable_optional_args=yes +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $libopts_cv_enable_optional_args" >&5 +$as_echo "$libopts_cv_enable_optional_args" >&6; } + +fi + # end of AC_ARG_ENABLE + if test "X${libopts_cv_enable_optional_args}" = Xno + then + +$as_echo "#define NO_OPTIONAL_OPT_ARGS 1" >>confdefs.h + + fi + + + + + + fi + ac_config_files="$ac_config_files src/libopts/Makefile" + + # end of AC_DEFUN of LIBOPTS_CHECK + + if test "$NEED_LIBOPTS_DIR" = "true";then + included_libopts=yes + fi +else + # Need to ensure the relevant conditionals get set + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for working stdnoreturn.h" >&5 +$as_echo_n "checking for working stdnoreturn.h... " >&6; } +if ${gl_cv_header_working_stdnoreturn_h+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + #include + /* Do not check for 'noreturn' after the return type. + C11 allows it, but it's rarely done that way + and circa-2012 bleeding-edge GCC rejects it when given + -Werror=old-style-declaration. */ + noreturn void foo1 (void) { exit (0); } + _Noreturn void foo2 (void) { exit (0); } + int testit (int argc, char **argv) { + if (argc & 1) + return 0; + (argv[0][0] ? foo1 : foo2) (); + } + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + gl_cv_header_working_stdnoreturn_h=yes +else + gl_cv_header_working_stdnoreturn_h=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_header_working_stdnoreturn_h" >&5 +$as_echo "$gl_cv_header_working_stdnoreturn_h" >&6; } + + if test $gl_cv_header_working_stdnoreturn_h = yes; then + STDNORETURN_H='' + else + STDNORETURN_H='stdnoreturn.h' + fi + + + if test -n "$STDNORETURN_H"; then + GL_GENERATE_STDNORETURN_H_TRUE= + GL_GENERATE_STDNORETURN_H_FALSE='#' +else + GL_GENERATE_STDNORETURN_H_TRUE='#' + GL_GENERATE_STDNORETURN_H_FALSE= +fi + + + if false; then + INSTALL_LIBOPTS_TRUE= + INSTALL_LIBOPTS_FALSE='#' +else + INSTALL_LIBOPTS_TRUE='#' + INSTALL_LIBOPTS_FALSE= +fi + +fi + + if test "$included_libopts" = "yes"; then + NEED_LIBOPTS_TRUE= + NEED_LIBOPTS_FALSE='#' +else + NEED_LIBOPTS_TRUE='#' + NEED_LIBOPTS_FALSE= +fi + + +# For minitasn1. +# The cast to long int works around a bug in the HP C Compiler +# version HP92453-01 B.11.11.23709.GP, which incorrectly rejects +# declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'. +# This bug is HP SR number 8606223364. +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking size of unsigned long int" >&5 +$as_echo_n "checking size of unsigned long int... " >&6; } +if ${ac_cv_sizeof_unsigned_long_int+:} false; then : + $as_echo_n "(cached) " >&6 +else + if ac_fn_c_compute_int "$LINENO" "(long int) (sizeof (unsigned long int))" "ac_cv_sizeof_unsigned_long_int" "$ac_includes_default"; then : + +else + if test "$ac_cv_type_unsigned_long_int" = yes; then + { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error 77 "cannot compute sizeof (unsigned long int) +See \`config.log' for more details" "$LINENO" 5; } + else + ac_cv_sizeof_unsigned_long_int=0 + fi +fi + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sizeof_unsigned_long_int" >&5 +$as_echo "$ac_cv_sizeof_unsigned_long_int" >&6; } + + + +cat >>confdefs.h <<_ACEOF +#define SIZEOF_UNSIGNED_LONG_INT $ac_cv_sizeof_unsigned_long_int +_ACEOF + + +# The cast to long int works around a bug in the HP C Compiler +# version HP92453-01 B.11.11.23709.GP, which incorrectly rejects +# declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'. +# This bug is HP SR number 8606223364. +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking size of unsigned int" >&5 +$as_echo_n "checking size of unsigned int... " >&6; } +if ${ac_cv_sizeof_unsigned_int+:} false; then : + $as_echo_n "(cached) " >&6 +else + if ac_fn_c_compute_int "$LINENO" "(long int) (sizeof (unsigned int))" "ac_cv_sizeof_unsigned_int" "$ac_includes_default"; then : + +else + if test "$ac_cv_type_unsigned_int" = yes; then + { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error 77 "cannot compute sizeof (unsigned int) +See \`config.log' for more details" "$LINENO" 5; } + else + ac_cv_sizeof_unsigned_int=0 + fi +fi + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sizeof_unsigned_int" >&5 +$as_echo "$ac_cv_sizeof_unsigned_int" >&6; } + + + +cat >>confdefs.h <<_ACEOF +#define SIZEOF_UNSIGNED_INT $ac_cv_sizeof_unsigned_int +_ACEOF + + +# The cast to long int works around a bug in the HP C Compiler +# version HP92453-01 B.11.11.23709.GP, which incorrectly rejects +# declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'. +# This bug is HP SR number 8606223364. +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking size of time_t" >&5 +$as_echo_n "checking size of time_t... " >&6; } +if ${ac_cv_sizeof_time_t+:} false; then : + $as_echo_n "(cached) " >&6 +else + if ac_fn_c_compute_int "$LINENO" "(long int) (sizeof (time_t))" "ac_cv_sizeof_time_t" "$ac_includes_default"; then : + +else + if test "$ac_cv_type_time_t" = yes; then + { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error 77 "cannot compute sizeof (time_t) +See \`config.log' for more details" "$LINENO" 5; } + else + ac_cv_sizeof_time_t=0 + fi +fi + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sizeof_time_t" >&5 +$as_echo "$ac_cv_sizeof_time_t" >&6; } + + + +cat >>confdefs.h <<_ACEOF +#define SIZEOF_TIME_T $ac_cv_sizeof_time_t +_ACEOF + + + +# export for use in scripts + + + + + + +# Check whether --with-default-trust-store-pkcs11 was given. +if test "${with_default_trust_store_pkcs11+set}" = set; then : + withval=$with_default_trust_store_pkcs11; +fi + + +if test "x$with_default_trust_store_pkcs11" != x; then + if test "x$with_p11_kit" = xno; then + as_fn_error $? "cannot use pkcs11 store without p11-kit" "$LINENO" 5 + fi + +cat >>confdefs.h <<_ACEOF +#define DEFAULT_TRUST_STORE_PKCS11 "$with_default_trust_store_pkcs11" +_ACEOF + +fi + + if test -n "${with_default_trust_store_pkcs11}"; then + HAVE_PKCS11_TRUST_STORE_TRUE= + HAVE_PKCS11_TRUST_STORE_FALSE='#' +else + HAVE_PKCS11_TRUST_STORE_TRUE='#' + HAVE_PKCS11_TRUST_STORE_FALSE= +fi + + + +# Check whether --with-default-trust-store-dir was given. +if test "${with_default_trust_store_dir+set}" = set; then : + withval=$with_default_trust_store_dir; +fi + + +if test "x$with_default_trust_store_dir" != x; then + +cat >>confdefs.h <<_ACEOF +#define DEFAULT_TRUST_STORE_DIR "$with_default_trust_store_dir" +_ACEOF + +fi + + +# Check whether --with-default-trust-store-file was given. +if test "${with_default_trust_store_file+set}" = set; then : + withval=$with_default_trust_store_file; with_default_trust_store_file="$withval" +else + if test "$build" = "$host" && test x$with_default_trust_store_pkcs11 = x && test x$with_default_trust_store_dir = x && test x$have_macosx = x;then + for i in \ + /etc/ssl/ca-bundle.pem \ + /etc/ssl/certs/ca-certificates.crt \ + /etc/pki/tls/cert.pem \ + /usr/local/share/certs/ca-root-nss.crt \ + /etc/ssl/cert.pem + do + if test -e "$i"; then + with_default_trust_store_file="$i" + break + fi + done + fi + +fi + + +if test "$with_default_trust_store_file" = "no";then + with_default_trust_store_file="" +fi + + +# Check whether --with-default-crl-file was given. +if test "${with_default_crl_file+set}" = set; then : + withval=$with_default_crl_file; +fi + + + +# Check whether --with-default-blacklist-file was given. +if test "${with_default_blacklist_file+set}" = set; then : + withval=$with_default_blacklist_file; +fi + + +if test "x$with_default_trust_store_file" != x; then + +cat >>confdefs.h <<_ACEOF +#define DEFAULT_TRUST_STORE_FILE "$with_default_trust_store_file" +_ACEOF + +fi + +if test "x$with_default_crl_file" != x; then + +cat >>confdefs.h <<_ACEOF +#define DEFAULT_CRL_FILE "$with_default_crl_file" +_ACEOF + +fi + +if test "x$with_default_blacklist_file" != x; then + +cat >>confdefs.h <<_ACEOF +#define DEFAULT_BLACKLIST_FILE "$with_default_blacklist_file" +_ACEOF + +fi + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether building Guile bindings" >&5 +$as_echo_n "checking whether building Guile bindings... " >&6; } +# Check whether --enable-guile was given. +if test "${enable_guile+set}" = set; then : + enableval=$enable_guile; opt_guile_bindings=$enableval +else + opt_guile_bindings=yes +fi + +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $opt_guile_bindings" >&5 +$as_echo "$opt_guile_bindings" >&6; } + + +# Check whether --with-guile-site-dir was given. +if test "${with_guile_site_dir+set}" = set; then : + withval=$with_guile_site_dir; guilesitedir="${withval}" +else + guilesitedir='$(GUILE_SITE)' +fi + + +# Check whether --with-guile-site-ccache-dir was given. +if test "${with_guile_site_ccache_dir+set}" = set; then : + withval=$with_guile_site_ccache_dir; guilesiteccachedir="${withval}" +else + guilesiteccachedir='$(GUILE_SITE_CCACHE)' +fi + + +# Check whether --with-guile-extension-dir was given. +if test "${with_guile_extension_dir+set}" = set; then : + withval=$with_guile_extension_dir; guileextensiondir="${withval}" +else + guileextensiondir='$(GUILE_EXTENSION)' +fi + + + + + +if test "$opt_guile_bindings" = "yes"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: *** +*** Detecting GNU Guile... +" >&5 +$as_echo "*** +*** Detecting GNU Guile... +" >&6; } + + # Extract the first word of "guile-snarf", so it can be a program name with args. +set dummy guile-snarf; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_path_guile_snarf+:} false; then : + $as_echo_n "(cached) " >&6 +else + case $guile_snarf in + [\\/]* | ?:[\\/]*) + ac_cv_path_guile_snarf="$guile_snarf" # Let the user override the test with a path. + ;; + *) + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_path_guile_snarf="$as_dir/$ac_word$ac_exec_ext" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + + ;; +esac +fi +guile_snarf=$ac_cv_path_guile_snarf +if test -n "$guile_snarf"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $guile_snarf" >&5 +$as_echo "$guile_snarf" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + + if test "x$guile_snarf" = "x"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: \`guile-snarf' from Guile not found. Guile bindings not built." >&5 +$as_echo "$as_me: WARNING: \`guile-snarf' from Guile not found. Guile bindings not built." >&2;} + opt_guile_bindings=no + else + # Extract the first word of "guild", so it can be a program name with args. +set dummy guild; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_path_GUILD+:} false; then : + $as_echo_n "(cached) " >&6 +else + case $GUILD in + [\\/]* | ?:[\\/]*) + ac_cv_path_GUILD="$GUILD" # Let the user override the test with a path. + ;; + *) + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_path_GUILD="$as_dir/$ac_word$ac_exec_ext" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + + ;; +esac +fi +GUILD=$ac_cv_path_GUILD +if test -n "$GUILD"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $GUILD" >&5 +$as_echo "$GUILD" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + + + + + + + + + + +if test "x$ac_cv_env_PKG_CONFIG_set" != "xset"; then + if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}pkg-config", so it can be a program name with args. +set dummy ${ac_tool_prefix}pkg-config; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_path_PKG_CONFIG+:} false; then : + $as_echo_n "(cached) " >&6 +else + case $PKG_CONFIG in + [\\/]* | ?:[\\/]*) + ac_cv_path_PKG_CONFIG="$PKG_CONFIG" # Let the user override the test with a path. + ;; + *) + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_path_PKG_CONFIG="$as_dir/$ac_word$ac_exec_ext" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + + ;; +esac +fi +PKG_CONFIG=$ac_cv_path_PKG_CONFIG +if test -n "$PKG_CONFIG"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PKG_CONFIG" >&5 +$as_echo "$PKG_CONFIG" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + +fi +if test -z "$ac_cv_path_PKG_CONFIG"; then + ac_pt_PKG_CONFIG=$PKG_CONFIG + # Extract the first word of "pkg-config", so it can be a program name with args. +set dummy pkg-config; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_path_ac_pt_PKG_CONFIG+:} false; then : + $as_echo_n "(cached) " >&6 +else + case $ac_pt_PKG_CONFIG in + [\\/]* | ?:[\\/]*) + ac_cv_path_ac_pt_PKG_CONFIG="$ac_pt_PKG_CONFIG" # Let the user override the test with a path. + ;; + *) + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_path_ac_pt_PKG_CONFIG="$as_dir/$ac_word$ac_exec_ext" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + + ;; +esac +fi +ac_pt_PKG_CONFIG=$ac_cv_path_ac_pt_PKG_CONFIG +if test -n "$ac_pt_PKG_CONFIG"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_pt_PKG_CONFIG" >&5 +$as_echo "$ac_pt_PKG_CONFIG" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + if test "x$ac_pt_PKG_CONFIG" = x; then + PKG_CONFIG="" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +ac_tool_warned=yes ;; +esac + PKG_CONFIG=$ac_pt_PKG_CONFIG + fi +else + PKG_CONFIG="$ac_cv_path_PKG_CONFIG" +fi + +fi +if test -n "$PKG_CONFIG"; then + _pkg_min_version=0.9.0 + { $as_echo "$as_me:${as_lineno-$LINENO}: checking pkg-config is at least version $_pkg_min_version" >&5 +$as_echo_n "checking pkg-config is at least version $_pkg_min_version... " >&6; } + if $PKG_CONFIG --atleast-pkgconfig-version $_pkg_min_version; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + PKG_CONFIG="" + fi +fi + _guile_versions_to_search="2.2 2.0 1.8" + if test -n "$GUILE_EFFECTIVE_VERSION"; then + _guile_tmp="" + for v in $_guile_versions_to_search; do + if test "$v" = "$GUILE_EFFECTIVE_VERSION"; then + _guile_tmp=$v + fi + done + if test -z "$_guile_tmp"; then + { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error $? "searching for guile development files for versions $_guile_versions_to_search, but previously found $GUILE version $GUILE_EFFECTIVE_VERSION +See \`config.log' for more details" "$LINENO" 5; } + fi + _guile_versions_to_search=$GUILE_EFFECTIVE_VERSION + fi + GUILE_EFFECTIVE_VERSION="" + _guile_errors="" + for v in $_guile_versions_to_search; do + if test -z "$GUILE_EFFECTIVE_VERSION"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for guile $v" >&5 +$as_echo "$as_me: checking for guile $v" >&6;} + if test -n "$PKG_CONFIG" && \ + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"guile-\$v\""; } >&5 + ($PKG_CONFIG --exists --print-errors "guile-$v") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + GUILE_EFFECTIVE_VERSION=$v +fi + fi + done + + if test -z "$GUILE_EFFECTIVE_VERSION"; then + as_fn_error $? " +No Guile development packages were found. + +Please verify that you have Guile installed. If you installed Guile +from a binary distribution, please verify that you have also installed +the development packages. If you installed it yourself, you might need +to adjust your PKG_CONFIG_PATH; see the pkg-config man page for more. +" "$LINENO" 5 + fi + { $as_echo "$as_me:${as_lineno-$LINENO}: found guile $GUILE_EFFECTIVE_VERSION" >&5 +$as_echo "$as_me: found guile $GUILE_EFFECTIVE_VERSION" >&6;} + + + _guile_required_version="$GUILE_EFFECTIVE_VERSION" + if test -z "$_guile_required_version"; then + _guile_required_version=2.2 + fi + + _guile_candidates=guile + _tmp= + for v in `echo "$_guile_required_version" | tr . ' '`; do + if test -n "$_tmp"; then _tmp=$_tmp.; fi + _tmp=$_tmp$v + _guile_candidates="guile-$_tmp guile$_tmp $_guile_candidates" + done + + for ac_prog in $_guile_candidates +do + # Extract the first word of "$ac_prog", so it can be a program name with args. +set dummy $ac_prog; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_path_GUILE+:} false; then : + $as_echo_n "(cached) " >&6 +else + case $GUILE in + [\\/]* | ?:[\\/]*) + ac_cv_path_GUILE="$GUILE" # Let the user override the test with a path. + ;; + *) + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_path_GUILE="$as_dir/$ac_word$ac_exec_ext" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + + ;; +esac +fi +GUILE=$ac_cv_path_GUILE +if test -n "$GUILE"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $GUILE" >&5 +$as_echo "$GUILE" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + + test -n "$GUILE" && break +done + + if test -z "$GUILE"; then + as_fn_error $? "guile required but not found" "$LINENO" 5 + fi + + _guile_suffix=`echo "$GUILE" | sed -e 's,^.*/guile\(.*\)$,\1,'` + _guile_effective_version=`$GUILE -c "(display (effective-version))"` + if test -z "$GUILE_EFFECTIVE_VERSION"; then + GUILE_EFFECTIVE_VERSION=$_guile_effective_version + elif test "$GUILE_EFFECTIVE_VERSION" != "$_guile_effective_version"; then + as_fn_error $? "found development files for Guile $GUILE_EFFECTIVE_VERSION, but $GUILE has effective version $_guile_effective_version" "$LINENO" 5 + fi + + _guile_major_version=`$GUILE -c "(display (major-version))"` + _guile_minor_version=`$GUILE -c "(display (minor-version))"` + _guile_micro_version=`$GUILE -c "(display (micro-version))"` + _guile_prog_version="$_guile_major_version.$_guile_minor_version.$_guile_micro_version" + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for Guile version >= $_guile_required_version" >&5 +$as_echo_n "checking for Guile version >= $_guile_required_version... " >&6; } + _major_version=`echo $_guile_required_version | cut -d . -f 1` + _minor_version=`echo $_guile_required_version | cut -d . -f 2` + _micro_version=`echo $_guile_required_version | cut -d . -f 3` + if test "$_guile_major_version" -gt "$_major_version"; then + true + elif test "$_guile_major_version" -eq "$_major_version"; then + if test "$_guile_minor_version" -gt "$_minor_version"; then + true + elif test "$_guile_minor_version" -eq "$_minor_version"; then + if test -n "$_micro_version"; then + if test "$_guile_micro_version" -lt "$_micro_version"; then + as_fn_error $? "Guile $_guile_required_version required, but $_guile_prog_version found" "$LINENO" 5 + fi + fi + elif test "$GUILE_EFFECTIVE_VERSION" = "$_major_version.$_minor_version" -a -z "$_micro_version"; then + # Allow prereleases that have the right effective version. + true + else + as_fn_error $? "Guile $_guile_required_version required, but $_guile_prog_version found" "$LINENO" 5 + fi + elif test "$GUILE_EFFECTIVE_VERSION" = "$_major_version.$_minor_version" -a -z "$_micro_version"; then + # Allow prereleases that have the right effective version. + true + else + as_fn_error $? "Guile $_guile_required_version required, but $_guile_prog_version found" "$LINENO" 5 + fi + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $_guile_prog_version" >&5 +$as_echo "$_guile_prog_version" >&6; } + + # Extract the first word of "guild$_guile_suffix", so it can be a program name with args. +set dummy guild$_guile_suffix; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_path_GUILD+:} false; then : + $as_echo_n "(cached) " >&6 +else + case $GUILD in + [\\/]* | ?:[\\/]*) + ac_cv_path_GUILD="$GUILD" # Let the user override the test with a path. + ;; + *) + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_path_GUILD="$as_dir/$ac_word$ac_exec_ext" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + + ;; +esac +fi +GUILD=$ac_cv_path_GUILD +if test -n "$GUILD"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $GUILD" >&5 +$as_echo "$GUILD" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + + + + # Extract the first word of "guile-config$_guile_suffix", so it can be a program name with args. +set dummy guile-config$_guile_suffix; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_path_GUILE_CONFIG+:} false; then : + $as_echo_n "(cached) " >&6 +else + case $GUILE_CONFIG in + [\\/]* | ?:[\\/]*) + ac_cv_path_GUILE_CONFIG="$GUILE_CONFIG" # Let the user override the test with a path. + ;; + *) + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_path_GUILE_CONFIG="$as_dir/$ac_word$ac_exec_ext" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + + ;; +esac +fi +GUILE_CONFIG=$ac_cv_path_GUILE_CONFIG +if test -n "$GUILE_CONFIG"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $GUILE_CONFIG" >&5 +$as_echo "$GUILE_CONFIG" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + + + if test -n "$GUILD"; then + GUILE_TOOLS=$GUILD + else + # Extract the first word of "guile-tools$_guile_suffix", so it can be a program name with args. +set dummy guile-tools$_guile_suffix; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_path_GUILE_TOOLS+:} false; then : + $as_echo_n "(cached) " >&6 +else + case $GUILE_TOOLS in + [\\/]* | ?:[\\/]*) + ac_cv_path_GUILE_TOOLS="$GUILE_TOOLS" # Let the user override the test with a path. + ;; + *) + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_path_GUILE_TOOLS="$as_dir/$ac_word$ac_exec_ext" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + + ;; +esac +fi +GUILE_TOOLS=$ac_cv_path_GUILE_TOOLS +if test -n "$GUILE_TOOLS"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $GUILE_TOOLS" >&5 +$as_echo "$GUILE_TOOLS" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + + fi + + + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for Guile site directory" >&5 +$as_echo_n "checking for Guile site directory... " >&6; } + GUILE_SITE=`$PKG_CONFIG --print-errors --variable=sitedir guile-$GUILE_EFFECTIVE_VERSION` + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $GUILE_SITE" >&5 +$as_echo "$GUILE_SITE" >&6; } + if test "$GUILE_SITE" = ""; then + { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error $? "sitedir not found +See \`config.log' for more details" "$LINENO" 5; } + fi + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for Guile site-ccache directory using pkgconfig" >&5 +$as_echo_n "checking for Guile site-ccache directory using pkgconfig... " >&6; } + GUILE_SITE_CCACHE=`$PKG_CONFIG --variable=siteccachedir guile-$GUILE_EFFECTIVE_VERSION` + if test "$GUILE_SITE_CCACHE" = ""; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for Guile site-ccache directory using interpreter" >&5 +$as_echo_n "checking for Guile site-ccache directory using interpreter... " >&6; } + GUILE_SITE_CCACHE=`$GUILE -c "(display (if (defined? '%site-ccache-dir) (%site-ccache-dir) \"\"))"` + if test $? != "0" -o "$GUILE_SITE_CCACHE" = ""; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + GUILE_SITE_CCACHE="" + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: siteccachedir not found" >&5 +$as_echo "$as_me: WARNING: siteccachedir not found" >&2;} + fi + fi + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $GUILE_SITE_CCACHE" >&5 +$as_echo "$GUILE_SITE_CCACHE" >&6; } + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for Guile extensions directory" >&5 +$as_echo_n "checking for Guile extensions directory... " >&6; } + GUILE_EXTENSION=`$PKG_CONFIG --print-errors --variable=extensiondir guile-$GUILE_EFFECTIVE_VERSION` + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $GUILE_EXTENSION" >&5 +$as_echo "$GUILE_EXTENSION" >&6; } + if test "$GUILE_EXTENSION" = ""; then + GUILE_EXTENSION="" + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: extensiondir not found" >&5 +$as_echo "$as_me: WARNING: extensiondir not found" >&2;} + fi + + + + +pkg_failed=no +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for GUILE" >&5 +$as_echo_n "checking for GUILE... " >&6; } + +if test -n "$GUILE_CFLAGS"; then + pkg_cv_GUILE_CFLAGS="$GUILE_CFLAGS" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"guile-\$GUILE_EFFECTIVE_VERSION\""; } >&5 + ($PKG_CONFIG --exists --print-errors "guile-$GUILE_EFFECTIVE_VERSION") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + pkg_cv_GUILE_CFLAGS=`$PKG_CONFIG --cflags "guile-$GUILE_EFFECTIVE_VERSION" 2>/dev/null` + test "x$?" != "x0" && pkg_failed=yes +else + pkg_failed=yes +fi + else + pkg_failed=untried +fi +if test -n "$GUILE_LIBS"; then + pkg_cv_GUILE_LIBS="$GUILE_LIBS" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"guile-\$GUILE_EFFECTIVE_VERSION\""; } >&5 + ($PKG_CONFIG --exists --print-errors "guile-$GUILE_EFFECTIVE_VERSION") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + pkg_cv_GUILE_LIBS=`$PKG_CONFIG --libs "guile-$GUILE_EFFECTIVE_VERSION" 2>/dev/null` + test "x$?" != "x0" && pkg_failed=yes +else + pkg_failed=yes +fi + else + pkg_failed=untried +fi + + + +if test $pkg_failed = yes; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + +if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then + _pkg_short_errors_supported=yes +else + _pkg_short_errors_supported=no +fi + if test $_pkg_short_errors_supported = yes; then + GUILE_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "guile-$GUILE_EFFECTIVE_VERSION" 2>&1` + else + GUILE_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "guile-$GUILE_EFFECTIVE_VERSION" 2>&1` + fi + # Put the nasty error message in config.log where it belongs + echo "$GUILE_PKG_ERRORS" >&5 + + as_fn_error $? "Package requirements (guile-$GUILE_EFFECTIVE_VERSION) were not met: + +$GUILE_PKG_ERRORS + +Consider adjusting the PKG_CONFIG_PATH environment variable if you +installed software in a non-standard prefix. + +Alternatively, you may set the environment variables GUILE_CFLAGS +and GUILE_LIBS to avoid the need to call pkg-config. +See the pkg-config man page for more details." "$LINENO" 5 +elif test $pkg_failed = untried; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error $? "The pkg-config script could not be found or is too old. Make sure it +is in your PATH or set the PKG_CONFIG environment variable to the full +path to pkg-config. + +Alternatively, you may set the environment variables GUILE_CFLAGS +and GUILE_LIBS to avoid the need to call pkg-config. +See the pkg-config man page for more details. + +To get pkg-config, see . +See \`config.log' for more details" "$LINENO" 5; } +else + GUILE_CFLAGS=$pkg_cv_GUILE_CFLAGS + GUILE_LIBS=$pkg_cv_GUILE_LIBS + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + +fi + + + GUILE_LDFLAGS=$GUILE_LIBS + + + + + GUILE_LIBS= + if test "$enable_rpath" != no; then + if test -n "$acl_hardcode_libdir_flag_spec" && test "$acl_hardcode_minus_L" = no; then + rpathdirs= + next= + for opt in $GUILE_LDFLAGS; do + if test -n "$next"; then + dir="$next" + if test "X$dir" != "X/usr/$acl_libdirstem" \ + && test "X$dir" != "X/usr/$acl_libdirstem2"; then + rpathdirs="$rpathdirs $dir" + fi + next= + else + case $opt in + -L) next=yes ;; + -L*) dir=`echo "X$opt" | sed -e 's,^X-L,,'` + if test "X$dir" != "X/usr/$acl_libdirstem" \ + && test "X$dir" != "X/usr/$acl_libdirstem2"; then + rpathdirs="$rpathdirs $dir" + fi + next= ;; + *) next= ;; + esac + fi + done + if test "X$rpathdirs" != "X"; then + if test -n """"; then + for dir in $rpathdirs; do + GUILE_LIBS="${GUILE_LIBS}${GUILE_LIBS:+ }-R$dir" + done + else + if test -n "$acl_hardcode_libdir_separator"; then + alldirs= + for dir in $rpathdirs; do + alldirs="${alldirs}${alldirs:+$acl_hardcode_libdir_separator}$dir" + done + acl_save_libdir="$libdir" + libdir="$alldirs" + eval flag=\"$acl_hardcode_libdir_flag_spec\" + libdir="$acl_save_libdir" + GUILE_LIBS="$flag" + else + for dir in $rpathdirs; do + acl_save_libdir="$libdir" + libdir="$dir" + eval flag=\"$acl_hardcode_libdir_flag_spec\" + libdir="$acl_save_libdir" + GUILE_LIBS="${GUILE_LIBS}${GUILE_LIBS:+ }$flag" + done + fi + fi + fi + fi + fi + + + GUILE_LIBS="$GUILE_LDFLAGS $GUILE_LIBS" + + + + GUILE_LTLIBS= + if test "$enable_rpath" != no; then + if test -n "$acl_hardcode_libdir_flag_spec" && test "$acl_hardcode_minus_L" = no; then + rpathdirs= + next= + for opt in $GUILE_LDFLAGS; do + if test -n "$next"; then + dir="$next" + if test "X$dir" != "X/usr/$acl_libdirstem" \ + && test "X$dir" != "X/usr/$acl_libdirstem2"; then + rpathdirs="$rpathdirs $dir" + fi + next= + else + case $opt in + -L) next=yes ;; + -L*) dir=`echo "X$opt" | sed -e 's,^X-L,,'` + if test "X$dir" != "X/usr/$acl_libdirstem" \ + && test "X$dir" != "X/usr/$acl_libdirstem2"; then + rpathdirs="$rpathdirs $dir" + fi + next= ;; + *) next= ;; + esac + fi + done + if test "X$rpathdirs" != "X"; then + if test -n ""yes""; then + for dir in $rpathdirs; do + GUILE_LTLIBS="${GUILE_LTLIBS}${GUILE_LTLIBS:+ }-R$dir" + done + else + if test -n "$acl_hardcode_libdir_separator"; then + alldirs= + for dir in $rpathdirs; do + alldirs="${alldirs}${alldirs:+$acl_hardcode_libdir_separator}$dir" + done + acl_save_libdir="$libdir" + libdir="$alldirs" + eval flag=\"$acl_hardcode_libdir_flag_spec\" + libdir="$acl_save_libdir" + GUILE_LTLIBS="$flag" + else + for dir in $rpathdirs; do + acl_save_libdir="$libdir" + libdir="$dir" + eval flag=\"$acl_hardcode_libdir_flag_spec\" + libdir="$acl_save_libdir" + GUILE_LTLIBS="${GUILE_LTLIBS}${GUILE_LTLIBS:+ }$flag" + done + fi + fi + fi + fi + fi + + + GUILE_LTLIBS="$GUILE_LDFLAGS $GUILE_LTLIBS" + + + + + + + + + # Backward compatibility with &5 +$as_echo "$as_me: Found &6;} + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for GUILE_SITE_CCACHE via pkg-config" >&5 +$as_echo_n "checking for GUILE_SITE_CCACHE via pkg-config... " >&6; } + GUILE_SITE_CCACHE=`$PKG_CONFIG --variable=siteccachedir guile-$GUILE_EFFECTIVE_VERSION` + { $as_echo "$as_me:${as_lineno-$LINENO}: result: ${GUILE_SITE_CCACHE}" >&5 +$as_echo "${GUILE_SITE_CCACHE}" >&6; } + if test -z "${GUILE_SITE_CCACHE}"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for GUILE_SITE_CCACHE via guile" >&5 +$as_echo_n "checking for GUILE_SITE_CCACHE via guile... " >&6; } + GUILE_SITE_CCACHE=`$GUILE -c "(display (if (defined? '%site-ccache-dir) (%site-ccache-dir) \"\"))"` + { $as_echo "$as_me:${as_lineno-$LINENO}: result: ${GUILE_SITE_CCACHE}" >&5 +$as_echo "${GUILE_SITE_CCACHE}" >&6; } + fi + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for GUILE_EXTENSION" >&5 +$as_echo_n "checking for GUILE_EXTENSION... " >&6; } + GUILE_EXTENSION=`$PKG_CONFIG --print-errors --variable=extensiondir guile-$GUILE_EFFECTIVE_VERSION` + { $as_echo "$as_me:${as_lineno-$LINENO}: result: ${GUILE_EXTENSION}" >&5 +$as_echo "${GUILE_EXTENSION}" >&6; } + + fi + + save_CFLAGS="$CFLAGS" + save_LIBS="$LIBS" + CFLAGS="$CFLAGS $GUILE_CFLAGS" + LIBS="$LIBS $GUILE_LDFLAGS" + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether GNU Guile is recent enough" >&5 +$as_echo_n "checking whether GNU Guile is recent enough... " >&6; } + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ +scm_from_locale_string ("") + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + +else + opt_guile_bindings=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + CFLAGS="$save_CFLAGS" + LIBS="$save_LIBS" + + if test "$opt_guile_bindings" = "yes"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether gcc supports -fgnu89-inline" >&5 +$as_echo_n "checking whether gcc supports -fgnu89-inline... " >&6; } + _gcc_cflags_save="$CFLAGS" + CFLAGS="${CFLAGS} -fgnu89-inline" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + gnu89_inline=yes +else + gnu89_inline=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $gnu89_inline" >&5 +$as_echo "$gnu89_inline" >&6; } + CFLAGS="$_gcc_cflags_save" + + # Optional Guile functions. + save_CFLAGS="$CFLAGS" + save_LIBS="$LIBS" + CFLAGS="$CFLAGS $GUILE_CFLAGS" + LIBS="$LIBS $GUILE_LDFLAGS" + for ac_func in scm_gc_malloc_pointerless +do : + ac_fn_c_check_func "$LINENO" "scm_gc_malloc_pointerless" "ac_cv_func_scm_gc_malloc_pointerless" +if test "x$ac_cv_func_scm_gc_malloc_pointerless" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_SCM_GC_MALLOC_POINTERLESS 1 +_ACEOF + +fi +done + + CFLAGS="$save_CFLAGS" + LIBS="$save_LIBS" + else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: A sufficiently recent GNU Guile not found. Guile bindings not built." >&5 +$as_echo "$as_me: WARNING: A sufficiently recent GNU Guile not found. Guile bindings not built." >&2;} + opt_guile_bindings=no + fi + fi +fi + + if test "$opt_guile_bindings" = "yes"; then + HAVE_GUILE_TRUE= + HAVE_GUILE_FALSE='#' +else + HAVE_GUILE_TRUE='#' + HAVE_GUILE_FALSE= +fi + + if test "x$GUILD" != "x"; then + HAVE_GUILD_TRUE= + HAVE_GUILD_FALSE='#' +else + HAVE_GUILD_TRUE='#' + HAVE_GUILD_FALSE= +fi + + +LIBGNUTLS_LIBS="-L${libdir} -lgnutls $LIBS" +LIBGNUTLS_CFLAGS="-I${includedir}" + + + + if test "$gnutls_needs_librt" = "yes"; then + NEEDS_LIBRT_TRUE= + NEEDS_LIBRT_FALSE='#' +else + NEEDS_LIBRT_TRUE='#' + NEEDS_LIBRT_FALSE= +fi + + + +$as_echo "#define GNUTLS_COMPAT_H 1" >>confdefs.h + + +$as_echo "#define GNUTLS_INTERNAL_BUILD 1" >>confdefs.h + + + +$as_echo "#define fread_file _gnutls_fread_file" >>confdefs.h + + +$as_echo "#define read_file _gnutls_read_file" >>confdefs.h + + +$as_echo "#define read_binary_file _gnutls_read_binary_file" >>confdefs.h + + +YEAR=`date +%Y` +YEAR=$YEAR + + +ac_config_files="$ac_config_files guile/pre-inst-guile" + +ac_config_files="$ac_config_files Makefile doc/Makefile doc/credentials/Makefile doc/credentials/srp/Makefile doc/credentials/x509/Makefile doc/doxygen/Doxyfile doc/examples/Makefile doc/latex/Makefile doc/manpages/Makefile doc/reference/Makefile doc/reference/version.xml doc/scripts/Makefile extra/Makefile extra/includes/Makefile libdane/Makefile libdane/includes/Makefile libdane/gnutls-dane.pc gl/Makefile gl/tests/Makefile guile/Makefile guile/src/Makefile lib/Makefile lib/accelerated/Makefile lib/accelerated/x86/Makefile lib/accelerated/aarch64/Makefile lib/algorithms/Makefile lib/auth/Makefile lib/ext/Makefile lib/extras/Makefile lib/gnutls.pc lib/includes/Makefile lib/includes/gnutls/gnutls.h lib/minitasn1/Makefile lib/nettle/Makefile lib/x509/Makefile lib/unistring/Makefile po/Makefile.in src/Makefile src/args-std.def src/gl/Makefile tests/Makefile tests/windows/Makefile tests/cert-tests/Makefile tests/slow/Makefile tests/suite/Makefile fuzz/Makefile" + + +cat >confcache <<\_ACEOF +# This file is a shell script that caches the results of configure +# tests run on this system so they can be shared between configure +# scripts and configure runs, see configure's option --config-cache. +# It is not useful on other systems. If it contains results you don't +# want to keep, you may remove or edit it. +# +# config.status only pays attention to the cache file if you give it +# the --recheck option to rerun configure. +# +# `ac_cv_env_foo' variables (set or unset) will be overridden when +# loading this file, other *unset* `ac_cv_foo' will be assigned the +# following values. + +_ACEOF + +# The following way of writing the cache mishandles newlines in values, +# but we know of no workaround that is simple, portable, and efficient. +# So, we kill variables containing newlines. +# Ultrix sh set writes to stderr and can't be redirected directly, +# and sets the high bit in the cache file unless we assign to the vars. +( + for ac_var in `(set) 2>&1 | sed -n 's/^\([a-zA-Z_][a-zA-Z0-9_]*\)=.*/\1/p'`; do + eval ac_val=\$$ac_var + case $ac_val in #( + *${as_nl}*) + case $ac_var in #( + *_cv_*) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cache variable $ac_var contains a newline" >&5 +$as_echo "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;; + esac + case $ac_var in #( + _ | IFS | as_nl) ;; #( + BASH_ARGV | BASH_SOURCE) eval $ac_var= ;; #( + *) { eval $ac_var=; unset $ac_var;} ;; + esac ;; + esac + done + + (set) 2>&1 | + case $as_nl`(ac_space=' '; set) 2>&1` in #( + *${as_nl}ac_space=\ *) + # `set' does not quote correctly, so add quotes: double-quote + # substitution turns \\\\ into \\, and sed turns \\ into \. + sed -n \ + "s/'/'\\\\''/g; + s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\\2'/p" + ;; #( + *) + # `set' quotes correctly as required by POSIX, so do not add quotes. + sed -n "/^[_$as_cr_alnum]*_cv_[_$as_cr_alnum]*=/p" + ;; + esac | + sort +) | + sed ' + /^ac_cv_env_/b end + t clear + :clear + s/^\([^=]*\)=\(.*[{}].*\)$/test "${\1+set}" = set || &/ + t end + s/^\([^=]*\)=\(.*\)$/\1=${\1=\2}/ + :end' >>confcache +if diff "$cache_file" confcache >/dev/null 2>&1; then :; else + if test -w "$cache_file"; then + if test "x$cache_file" != "x/dev/null"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: updating cache $cache_file" >&5 +$as_echo "$as_me: updating cache $cache_file" >&6;} + if test ! -f "$cache_file" || test -h "$cache_file"; then + cat confcache >"$cache_file" + else + case $cache_file in #( + */* | ?:*) + mv -f confcache "$cache_file"$$ && + mv -f "$cache_file"$$ "$cache_file" ;; #( + *) + mv -f confcache "$cache_file" ;; + esac + fi + fi + else + { $as_echo "$as_me:${as_lineno-$LINENO}: not updating unwritable cache $cache_file" >&5 +$as_echo "$as_me: not updating unwritable cache $cache_file" >&6;} + fi +fi +rm -f confcache + +test "x$prefix" = xNONE && prefix=$ac_default_prefix +# Let make expand exec_prefix. +test "x$exec_prefix" = xNONE && exec_prefix='${prefix}' + +DEFS=-DHAVE_CONFIG_H + +ac_libobjs= +ac_ltlibobjs= +U= +for ac_i in : $LIBOBJS; do test "x$ac_i" = x: && continue + # 1. Remove the extension, and $U if already installed. + ac_script='s/\$U\././;s/\.o$//;s/\.obj$//' + ac_i=`$as_echo "$ac_i" | sed "$ac_script"` + # 2. Prepend LIBOBJDIR. When used with automake>=1.10 LIBOBJDIR + # will be set to the directory where LIBOBJS objects are built. + as_fn_append ac_libobjs " \${LIBOBJDIR}$ac_i\$U.$ac_objext" + as_fn_append ac_ltlibobjs " \${LIBOBJDIR}$ac_i"'$U.lo' +done +LIBOBJS=$ac_libobjs + +LTLIBOBJS=$ac_ltlibobjs + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking that generated files are newer than configure" >&5 +$as_echo_n "checking that generated files are newer than configure... " >&6; } + if test -n "$am_sleep_pid"; then + # Hide warnings about reused PIDs. + wait $am_sleep_pid 2>/dev/null + fi + { $as_echo "$as_me:${as_lineno-$LINENO}: result: done" >&5 +$as_echo "done" >&6; } + if test -n "$EXEEXT"; then + am__EXEEXT_TRUE= + am__EXEEXT_FALSE='#' +else + am__EXEEXT_TRUE='#' + am__EXEEXT_FALSE= +fi + +if test -z "${AMDEP_TRUE}" && test -z "${AMDEP_FALSE}"; then + as_fn_error $? "conditional \"AMDEP\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${am__fastdepCC_TRUE}" && test -z "${am__fastdepCC_FALSE}"; then + as_fn_error $? "conditional \"am__fastdepCC\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${am__fastdepCCAS_TRUE}" && test -z "${am__fastdepCCAS_FALSE}"; then + as_fn_error $? "conditional \"am__fastdepCCAS\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${am__fastdepCXX_TRUE}" && test -z "${am__fastdepCXX_FALSE}"; then + as_fn_error $? "conditional \"am__fastdepCXX\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${CODE_COVERAGE_ENABLED_TRUE}" && test -z "${CODE_COVERAGE_ENABLED_FALSE}"; then + as_fn_error $? "conditional \"CODE_COVERAGE_ENABLED\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${MAINTAINER_MODE_TRUE}" && test -z "${MAINTAINER_MODE_FALSE}"; then + as_fn_error $? "conditional \"MAINTAINER_MODE\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${DISABLE_BASH_TESTS_TRUE}" && test -z "${DISABLE_BASH_TESTS_FALSE}"; then + as_fn_error $? "conditional \"DISABLE_BASH_TESTS\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${ENABLE_DOC_TRUE}" && test -z "${ENABLE_DOC_FALSE}"; then + as_fn_error $? "conditional \"ENABLE_DOC\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${ENABLE_MANPAGES_TRUE}" && test -z "${ENABLE_MANPAGES_FALSE}"; then + as_fn_error $? "conditional \"ENABLE_MANPAGES\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${ENABLE_TOOLS_TRUE}" && test -z "${ENABLE_TOOLS_FALSE}"; then + as_fn_error $? "conditional \"ENABLE_TOOLS\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${ENABLE_CXX_TRUE}" && test -z "${ENABLE_CXX_FALSE}"; then + as_fn_error $? "conditional \"ENABLE_CXX\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${ANDROID_TRUE}" && test -z "${ANDROID_FALSE}"; then + as_fn_error $? "conditional \"ANDROID\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${WINDOWS_TRUE}" && test -z "${WINDOWS_FALSE}"; then + as_fn_error $? "conditional \"WINDOWS\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${MACOSX_TRUE}" && test -z "${MACOSX_FALSE}"; then + as_fn_error $? "conditional \"MACOSX\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${ELF_TRUE}" && test -z "${ELF_FALSE}"; then + as_fn_error $? "conditional \"ELF\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${ENABLE_TLS13_INTEROP_TRUE}" && test -z "${ENABLE_TLS13_INTEROP_FALSE}"; then + as_fn_error $? "conditional \"ENABLE_TLS13_INTEROP\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${ENABLE_PADLOCK_TRUE}" && test -z "${ENABLE_PADLOCK_FALSE}"; then + as_fn_error $? "conditional \"ENABLE_PADLOCK\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${ASM_AARCH64_TRUE}" && test -z "${ASM_AARCH64_FALSE}"; then + as_fn_error $? "conditional \"ASM_AARCH64\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${ASM_X86_64_TRUE}" && test -z "${ASM_X86_64_FALSE}"; then + as_fn_error $? "conditional \"ASM_X86_64\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${ASM_X86_32_TRUE}" && test -z "${ASM_X86_32_FALSE}"; then + as_fn_error $? "conditional \"ASM_X86_32\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${ASM_X86_TRUE}" && test -z "${ASM_X86_FALSE}"; then + as_fn_error $? "conditional \"ASM_X86\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${HAVE_GCC_GNU89_INLINE_OPTION_TRUE}" && test -z "${HAVE_GCC_GNU89_INLINE_OPTION_FALSE}"; then + as_fn_error $? "conditional \"HAVE_GCC_GNU89_INLINE_OPTION\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${HAVE_GCC_TRUE}" && test -z "${HAVE_GCC_FALSE}"; then + as_fn_error $? "conditional \"HAVE_GCC\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${HAVE_GETENTROPY_TRUE}" && test -z "${HAVE_GETENTROPY_FALSE}"; then + as_fn_error $? "conditional \"HAVE_GETENTROPY\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${ENABLE_NETTLE_TRUE}" && test -z "${ENABLE_NETTLE_FALSE}"; then + as_fn_error $? "conditional \"ENABLE_NETTLE\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${ENABLE_MINITASN1_TRUE}" && test -z "${ENABLE_MINITASN1_FALSE}"; then + as_fn_error $? "conditional \"ENABLE_MINITASN1\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${ALLOW_SHA1_TRUE}" && test -z "${ALLOW_SHA1_FALSE}"; then + as_fn_error $? "conditional \"ALLOW_SHA1\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${ENABLE_SSL3_TRUE}" && test -z "${ENABLE_SSL3_FALSE}"; then + as_fn_error $? "conditional \"ENABLE_SSL3\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${ENABLE_SSL2_TRUE}" && test -z "${ENABLE_SSL2_FALSE}"; then + as_fn_error $? "conditional \"ENABLE_SSL2\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${ENABLE_DTLS_SRTP_TRUE}" && test -z "${ENABLE_DTLS_SRTP_FALSE}"; then + as_fn_error $? "conditional \"ENABLE_DTLS_SRTP\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${ENABLE_ALPN_TRUE}" && test -z "${ENABLE_ALPN_FALSE}"; then + as_fn_error $? "conditional \"ENABLE_ALPN\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${ENABLE_HEARTBEAT_TRUE}" && test -z "${ENABLE_HEARTBEAT_FALSE}"; then + as_fn_error $? "conditional \"ENABLE_HEARTBEAT\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${ENABLE_SRP_TRUE}" && test -z "${ENABLE_SRP_FALSE}"; then + as_fn_error $? "conditional \"ENABLE_SRP\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${ENABLE_PSK_TRUE}" && test -z "${ENABLE_PSK_FALSE}"; then + as_fn_error $? "conditional \"ENABLE_PSK\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${ENABLE_ANON_TRUE}" && test -z "${ENABLE_ANON_FALSE}"; then + as_fn_error $? "conditional \"ENABLE_ANON\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${ENABLE_DHE_TRUE}" && test -z "${ENABLE_DHE_FALSE}"; then + as_fn_error $? "conditional \"ENABLE_DHE\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${ENABLE_ECDHE_TRUE}" && test -z "${ENABLE_ECDHE_FALSE}"; then + as_fn_error $? "conditional \"ENABLE_ECDHE\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${ENABLE_GOST_TRUE}" && test -z "${ENABLE_GOST_FALSE}"; then + as_fn_error $? "conditional \"ENABLE_GOST\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${ENABLE_OCSP_TRUE}" && test -z "${ENABLE_OCSP_FALSE}"; then + as_fn_error $? "conditional \"ENABLE_OCSP\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${ENABLE_OPENSSL_TRUE}" && test -z "${ENABLE_OPENSSL_FALSE}"; then + as_fn_error $? "conditional \"ENABLE_OPENSSL\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${ENABLE_TESTS_TRUE}" && test -z "${ENABLE_TESTS_FALSE}"; then + as_fn_error $? "conditional \"ENABLE_TESTS\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${HAVE_GTK_DOC_TRUE}" && test -z "${HAVE_GTK_DOC_FALSE}"; then + as_fn_error $? "conditional \"HAVE_GTK_DOC\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${ENABLE_GTK_DOC_TRUE}" && test -z "${ENABLE_GTK_DOC_FALSE}"; then + as_fn_error $? "conditional \"ENABLE_GTK_DOC\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${GTK_DOC_BUILD_HTML_TRUE}" && test -z "${GTK_DOC_BUILD_HTML_FALSE}"; then + as_fn_error $? "conditional \"GTK_DOC_BUILD_HTML\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${GTK_DOC_BUILD_PDF_TRUE}" && test -z "${GTK_DOC_BUILD_PDF_FALSE}"; then + as_fn_error $? "conditional \"GTK_DOC_BUILD_PDF\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${GTK_DOC_USE_LIBTOOL_TRUE}" && test -z "${GTK_DOC_USE_LIBTOOL_FALSE}"; then + as_fn_error $? "conditional \"GTK_DOC_USE_LIBTOOL\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${GTK_DOC_USE_REBASE_TRUE}" && test -z "${GTK_DOC_USE_REBASE_FALSE}"; then + as_fn_error $? "conditional \"GTK_DOC_USE_REBASE\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${GTK_DOC_USE_LIBTOOL_TRUE}" && test -z "${GTK_DOC_USE_LIBTOOL_FALSE}"; then + as_fn_error $? "conditional \"GTK_DOC_USE_LIBTOOL\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi + +if test -z "${HAVE_FORK_TRUE}" && test -z "${HAVE_FORK_FALSE}"; then + as_fn_error $? "conditional \"HAVE_FORK\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${HAVE_SECCOMP_TESTS_TRUE}" && test -z "${HAVE_SECCOMP_TESTS_FALSE}"; then + as_fn_error $? "conditional \"HAVE_SECCOMP_TESTS\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${HAVE_LIBCRYPTO_TRUE}" && test -z "${HAVE_LIBCRYPTO_FALSE}"; then + as_fn_error $? "conditional \"HAVE_LIBCRYPTO\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${HAVE_LIBUNISTRING_TRUE}" && test -z "${HAVE_LIBUNISTRING_FALSE}"; then + as_fn_error $? "conditional \"HAVE_LIBUNISTRING\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${GL_COND_LIBTOOL_TRUE}" && test -z "${GL_COND_LIBTOOL_FALSE}"; then + as_fn_error $? "conditional \"GL_COND_LIBTOOL\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${GL_GENERATE_ALLOCA_H_TRUE}" && test -z "${GL_GENERATE_ALLOCA_H_FALSE}"; then + as_fn_error $? "conditional \"GL_GENERATE_ALLOCA_H\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${GL_GENERATE_BYTESWAP_H_TRUE}" && test -z "${GL_GENERATE_BYTESWAP_H_FALSE}"; then + as_fn_error $? "conditional \"GL_GENERATE_BYTESWAP_H\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${GL_GENERATE_ERRNO_H_TRUE}" && test -z "${GL_GENERATE_ERRNO_H_FALSE}"; then + as_fn_error $? "conditional \"GL_GENERATE_ERRNO_H\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${GL_GENERATE_FLOAT_H_TRUE}" && test -z "${GL_GENERATE_FLOAT_H_FALSE}"; then + as_fn_error $? "conditional \"GL_GENERATE_FLOAT_H\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${HAVE_LD_OUTPUT_DEF_TRUE}" && test -z "${HAVE_LD_OUTPUT_DEF_FALSE}"; then + as_fn_error $? "conditional \"HAVE_LD_OUTPUT_DEF\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${HAVE_LD_VERSION_SCRIPT_TRUE}" && test -z "${HAVE_LD_VERSION_SCRIPT_FALSE}"; then + as_fn_error $? "conditional \"HAVE_LD_VERSION_SCRIPT\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${GL_GENERATE_LIMITS_H_TRUE}" && test -z "${GL_GENERATE_LIMITS_H_FALSE}"; then + as_fn_error $? "conditional \"GL_GENERATE_LIMITS_H\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +CONFIG_INCLUDE=config.h + +if test -z "${GL_GENERATE_NETINET_IN_H_TRUE}" && test -z "${GL_GENERATE_NETINET_IN_H_FALSE}"; then + as_fn_error $? "conditional \"GL_GENERATE_NETINET_IN_H\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${GL_GENERATE_STDALIGN_H_TRUE}" && test -z "${GL_GENERATE_STDALIGN_H_FALSE}"; then + as_fn_error $? "conditional \"GL_GENERATE_STDALIGN_H\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${GL_GENERATE_STDBOOL_H_TRUE}" && test -z "${GL_GENERATE_STDBOOL_H_FALSE}"; then + as_fn_error $? "conditional \"GL_GENERATE_STDBOOL_H\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${GL_GENERATE_STDDEF_H_TRUE}" && test -z "${GL_GENERATE_STDDEF_H_FALSE}"; then + as_fn_error $? "conditional \"GL_GENERATE_STDDEF_H\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${GL_GENERATE_LIMITS_H_TRUE}" && test -z "${GL_GENERATE_LIMITS_H_FALSE}"; then + as_fn_error $? "conditional \"GL_GENERATE_LIMITS_H\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${GL_GENERATE_STDINT_H_TRUE}" && test -z "${GL_GENERATE_STDINT_H_FALSE}"; then + as_fn_error $? "conditional \"GL_GENERATE_STDINT_H\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi + + + gl_libobjs= + gl_ltlibobjs= + if test -n "$gl_LIBOBJS"; then + # Remove the extension. + sed_drop_objext='s/\.o$//;s/\.obj$//' + for i in `for i in $gl_LIBOBJS; do echo "$i"; done | sed -e "$sed_drop_objext" | sort | uniq`; do + gl_libobjs="$gl_libobjs $i.$ac_objext" + gl_ltlibobjs="$gl_ltlibobjs $i.lo" + done + fi + gl_LIBOBJS=$gl_libobjs + + gl_LTLIBOBJS=$gl_ltlibobjs + + + + + + gltests_libobjs= + gltests_ltlibobjs= + if test -n "$gltests_LIBOBJS"; then + # Remove the extension. + sed_drop_objext='s/\.o$//;s/\.obj$//' + for i in `for i in $gltests_LIBOBJS; do echo "$i"; done | sed -e "$sed_drop_objext" | sort | uniq`; do + gltests_libobjs="$gltests_libobjs $i.$ac_objext" + gltests_ltlibobjs="$gltests_ltlibobjs $i.lo" + done + fi + gltests_LIBOBJS=$gltests_libobjs + + gltests_LTLIBOBJS=$gltests_ltlibobjs + + +if test -z "${GL_COND_LIBTOOL_TRUE}" && test -z "${GL_COND_LIBTOOL_FALSE}"; then + as_fn_error $? "conditional \"GL_COND_LIBTOOL\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${GL_GENERATE_ALLOCA_H_TRUE}" && test -z "${GL_GENERATE_ALLOCA_H_FALSE}"; then + as_fn_error $? "conditional \"GL_GENERATE_ALLOCA_H\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${GL_GENERATE_FLOAT_H_TRUE}" && test -z "${GL_GENERATE_FLOAT_H_FALSE}"; then + as_fn_error $? "conditional \"GL_GENERATE_FLOAT_H\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${GL_GENERATE_NETINET_IN_H_TRUE}" && test -z "${GL_GENERATE_NETINET_IN_H_FALSE}"; then + as_fn_error $? "conditional \"GL_GENERATE_NETINET_IN_H\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${GL_GENERATE_STDALIGN_H_TRUE}" && test -z "${GL_GENERATE_STDALIGN_H_FALSE}"; then + as_fn_error $? "conditional \"GL_GENERATE_STDALIGN_H\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${GL_GENERATE_STDBOOL_H_TRUE}" && test -z "${GL_GENERATE_STDBOOL_H_FALSE}"; then + as_fn_error $? "conditional \"GL_GENERATE_STDBOOL_H\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${GL_GENERATE_STDDEF_H_TRUE}" && test -z "${GL_GENERATE_STDDEF_H_FALSE}"; then + as_fn_error $? "conditional \"GL_GENERATE_STDDEF_H\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi + + ggl_libobjs= + ggl_ltlibobjs= + if test -n "$ggl_LIBOBJS"; then + # Remove the extension. + sed_drop_objext='s/\.o$//;s/\.obj$//' + for i in `for i in $ggl_LIBOBJS; do echo "$i"; done | sed -e "$sed_drop_objext" | sort | uniq`; do + ggl_libobjs="$ggl_libobjs $i.$ac_objext" + ggl_ltlibobjs="$ggl_ltlibobjs $i.lo" + done + fi + ggl_LIBOBJS=$ggl_libobjs + + ggl_LTLIBOBJS=$ggl_ltlibobjs + + + + ggltests_libobjs= + ggltests_ltlibobjs= + if test -n "$ggltests_LIBOBJS"; then + # Remove the extension. + sed_drop_objext='s/\.o$//;s/\.obj$//' + for i in `for i in $ggltests_LIBOBJS; do echo "$i"; done | sed -e "$sed_drop_objext" | sort | uniq`; do + ggltests_libobjs="$ggltests_libobjs $i.$ac_objext" + ggltests_ltlibobjs="$ggltests_ltlibobjs $i.lo" + done + fi + ggltests_LIBOBJS=$ggltests_libobjs + + ggltests_LTLIBOBJS=$ggltests_ltlibobjs + + +if test -z "${GL_COND_LIBTOOL_TRUE}" && test -z "${GL_COND_LIBTOOL_FALSE}"; then + as_fn_error $? "conditional \"GL_COND_LIBTOOL\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${GL_GENERATE_STDBOOL_H_TRUE}" && test -z "${GL_GENERATE_STDBOOL_H_FALSE}"; then + as_fn_error $? "conditional \"GL_GENERATE_STDBOOL_H\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_C_TRUE}" && test -z "${LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_C_FALSE}"; then + as_fn_error $? "conditional \"LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_C\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_CC_TRUE}" && test -z "${LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_CC_FALSE}"; then + as_fn_error $? "conditional \"LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_CC\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_CF_TRUE}" && test -z "${LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_CF_FALSE}"; then + as_fn_error $? "conditional \"LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_CF\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_CN_TRUE}" && test -z "${LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_CN_FALSE}"; then + as_fn_error $? "conditional \"LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_CN\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_CO_TRUE}" && test -z "${LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_CO_FALSE}"; then + as_fn_error $? "conditional \"LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_CO\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_CS_TRUE}" && test -z "${LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_CS_FALSE}"; then + as_fn_error $? "conditional \"LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_CS\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_L_TRUE}" && test -z "${LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_L_FALSE}"; then + as_fn_error $? "conditional \"LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_L\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_LC_TRUE}" && test -z "${LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_LC_FALSE}"; then + as_fn_error $? "conditional \"LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_LC\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_LL_TRUE}" && test -z "${LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_LL_FALSE}"; then + as_fn_error $? "conditional \"LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_LL\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_LM_TRUE}" && test -z "${LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_LM_FALSE}"; then + as_fn_error $? "conditional \"LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_LM\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_LO_TRUE}" && test -z "${LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_LO_FALSE}"; then + as_fn_error $? "conditional \"LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_LO\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_LT_TRUE}" && test -z "${LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_LT_FALSE}"; then + as_fn_error $? "conditional \"LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_LT\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_LU_TRUE}" && test -z "${LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_LU_FALSE}"; then + as_fn_error $? "conditional \"LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_LU\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_M_TRUE}" && test -z "${LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_M_FALSE}"; then + as_fn_error $? "conditional \"LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_M\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_MC_TRUE}" && test -z "${LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_MC_FALSE}"; then + as_fn_error $? "conditional \"LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_MC\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_ME_TRUE}" && test -z "${LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_ME_FALSE}"; then + as_fn_error $? "conditional \"LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_ME\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_MN_TRUE}" && test -z "${LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_MN_FALSE}"; then + as_fn_error $? "conditional \"LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_MN\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_N_TRUE}" && test -z "${LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_N_FALSE}"; then + as_fn_error $? "conditional \"LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_N\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_ND_TRUE}" && test -z "${LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_ND_FALSE}"; then + as_fn_error $? "conditional \"LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_ND\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_NL_TRUE}" && test -z "${LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_NL_FALSE}"; then + as_fn_error $? "conditional \"LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_NL\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_NO_TRUE}" && test -z "${LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_NO_FALSE}"; then + as_fn_error $? "conditional \"LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_NO\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_P_TRUE}" && test -z "${LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_P_FALSE}"; then + as_fn_error $? "conditional \"LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_P\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_PC_TRUE}" && test -z "${LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_PC_FALSE}"; then + as_fn_error $? "conditional \"LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_PC\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_PD_TRUE}" && test -z "${LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_PD_FALSE}"; then + as_fn_error $? "conditional \"LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_PD\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_PE_TRUE}" && test -z "${LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_PE_FALSE}"; then + as_fn_error $? "conditional \"LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_PE\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_PF_TRUE}" && test -z "${LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_PF_FALSE}"; then + as_fn_error $? "conditional \"LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_PF\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_PI_TRUE}" && test -z "${LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_PI_FALSE}"; then + as_fn_error $? "conditional \"LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_PI\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_PO_TRUE}" && test -z "${LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_PO_FALSE}"; then + as_fn_error $? "conditional \"LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_PO\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_PS_TRUE}" && test -z "${LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_PS_FALSE}"; then + as_fn_error $? "conditional \"LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_PS\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_S_TRUE}" && test -z "${LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_S_FALSE}"; then + as_fn_error $? "conditional \"LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_S\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_SC_TRUE}" && test -z "${LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_SC_FALSE}"; then + as_fn_error $? "conditional \"LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_SC\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_SK_TRUE}" && test -z "${LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_SK_FALSE}"; then + as_fn_error $? "conditional \"LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_SK\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_SM_TRUE}" && test -z "${LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_SM_FALSE}"; then + as_fn_error $? "conditional \"LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_SM\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_SO_TRUE}" && test -z "${LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_SO_FALSE}"; then + as_fn_error $? "conditional \"LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_SO\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_Z_TRUE}" && test -z "${LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_Z_FALSE}"; then + as_fn_error $? "conditional \"LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_Z\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_ZL_TRUE}" && test -z "${LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_ZL_FALSE}"; then + as_fn_error $? "conditional \"LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_ZL\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_ZP_TRUE}" && test -z "${LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_ZP_FALSE}"; then + as_fn_error $? "conditional \"LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_ZP\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_ZS_TRUE}" && test -z "${LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_ZS_FALSE}"; then + as_fn_error $? "conditional \"LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_ZS\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_AND_TRUE}" && test -z "${LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_AND_FALSE}"; then + as_fn_error $? "conditional \"LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_AND\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_AND_NOT_TRUE}" && test -z "${LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_AND_NOT_FALSE}"; then + as_fn_error $? "conditional \"LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_AND_NOT\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_BYNAME_TRUE}" && test -z "${LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_BYNAME_FALSE}"; then + as_fn_error $? "conditional \"LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_BYNAME\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_LONGNAME_TRUE}" && test -z "${LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_LONGNAME_FALSE}"; then + as_fn_error $? "conditional \"LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_LONGNAME\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_NAME_TRUE}" && test -z "${LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_NAME_FALSE}"; then + as_fn_error $? "conditional \"LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_NAME\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_NONE_TRUE}" && test -z "${LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_NONE_FALSE}"; then + as_fn_error $? "conditional \"LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_NONE\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_OF_TRUE}" && test -z "${LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_OF_FALSE}"; then + as_fn_error $? "conditional \"LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_OF\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_OR_TRUE}" && test -z "${LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_OR_FALSE}"; then + as_fn_error $? "conditional \"LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_OR\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_TEST_TRUE}" && test -z "${LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_TEST_FALSE}"; then + as_fn_error $? "conditional \"LIBUNISTRING_COMPILE_UNICTYPE_CATEGORY_TEST\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${LIBUNISTRING_COMPILE_UNICTYPE_COMBINING_CLASS_TRUE}" && test -z "${LIBUNISTRING_COMPILE_UNICTYPE_COMBINING_CLASS_FALSE}"; then + as_fn_error $? "conditional \"LIBUNISTRING_COMPILE_UNICTYPE_COMBINING_CLASS\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${LIBUNISTRING_COMPILE_UNICTYPE_PROPERTY_DEFAULT_IGNORABLE_CODE_POINT_TRUE}" && test -z "${LIBUNISTRING_COMPILE_UNICTYPE_PROPERTY_DEFAULT_IGNORABLE_CODE_POINT_FALSE}"; then + as_fn_error $? "conditional \"LIBUNISTRING_COMPILE_UNICTYPE_PROPERTY_DEFAULT_IGNORABLE_CODE_POINT\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${LIBUNISTRING_COMPILE_UNICTYPE_PROPERTY_JOIN_CONTROL_TRUE}" && test -z "${LIBUNISTRING_COMPILE_UNICTYPE_PROPERTY_JOIN_CONTROL_FALSE}"; then + as_fn_error $? "conditional \"LIBUNISTRING_COMPILE_UNICTYPE_PROPERTY_JOIN_CONTROL\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${LIBUNISTRING_COMPILE_UNICTYPE_PROPERTY_NOT_A_CHARACTER_TRUE}" && test -z "${LIBUNISTRING_COMPILE_UNICTYPE_PROPERTY_NOT_A_CHARACTER_FALSE}"; then + as_fn_error $? "conditional \"LIBUNISTRING_COMPILE_UNICTYPE_PROPERTY_NOT_A_CHARACTER\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${LIBUNISTRING_COMPILE_UNINORM_CANONICAL_DECOMPOSITION_TRUE}" && test -z "${LIBUNISTRING_COMPILE_UNINORM_CANONICAL_DECOMPOSITION_FALSE}"; then + as_fn_error $? "conditional \"LIBUNISTRING_COMPILE_UNINORM_CANONICAL_DECOMPOSITION\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${LIBUNISTRING_COMPILE_UNINORM_COMPOSITION_TRUE}" && test -z "${LIBUNISTRING_COMPILE_UNINORM_COMPOSITION_FALSE}"; then + as_fn_error $? "conditional \"LIBUNISTRING_COMPILE_UNINORM_COMPOSITION\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${LIBUNISTRING_COMPILE_UNINORM_DECOMPOSITION_TRUE}" && test -z "${LIBUNISTRING_COMPILE_UNINORM_DECOMPOSITION_FALSE}"; then + as_fn_error $? "conditional \"LIBUNISTRING_COMPILE_UNINORM_DECOMPOSITION\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${LIBUNISTRING_COMPILE_UNINORM_NFC_TRUE}" && test -z "${LIBUNISTRING_COMPILE_UNINORM_NFC_FALSE}"; then + as_fn_error $? "conditional \"LIBUNISTRING_COMPILE_UNINORM_NFC\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${LIBUNISTRING_COMPILE_UNINORM_NFD_TRUE}" && test -z "${LIBUNISTRING_COMPILE_UNINORM_NFD_FALSE}"; then + as_fn_error $? "conditional \"LIBUNISTRING_COMPILE_UNINORM_NFD\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${LIBUNISTRING_COMPILE_UNINORM_NFKC_TRUE}" && test -z "${LIBUNISTRING_COMPILE_UNINORM_NFKC_FALSE}"; then + as_fn_error $? "conditional \"LIBUNISTRING_COMPILE_UNINORM_NFKC\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${LIBUNISTRING_COMPILE_UNINORM_NFKD_TRUE}" && test -z "${LIBUNISTRING_COMPILE_UNINORM_NFKD_FALSE}"; then + as_fn_error $? "conditional \"LIBUNISTRING_COMPILE_UNINORM_NFKD\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${LIBUNISTRING_COMPILE_UNINORM_U16_NORMALIZE_TRUE}" && test -z "${LIBUNISTRING_COMPILE_UNINORM_U16_NORMALIZE_FALSE}"; then + as_fn_error $? "conditional \"LIBUNISTRING_COMPILE_UNINORM_U16_NORMALIZE\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${LIBUNISTRING_COMPILE_UNINORM_U32_NORMALIZE_TRUE}" && test -z "${LIBUNISTRING_COMPILE_UNINORM_U32_NORMALIZE_FALSE}"; then + as_fn_error $? "conditional \"LIBUNISTRING_COMPILE_UNINORM_U32_NORMALIZE\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${LIBUNISTRING_COMPILE_UNINORM_U8_NORMALIZE_TRUE}" && test -z "${LIBUNISTRING_COMPILE_UNINORM_U8_NORMALIZE_FALSE}"; then + as_fn_error $? "conditional \"LIBUNISTRING_COMPILE_UNINORM_U8_NORMALIZE\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${LIBUNISTRING_COMPILE_UNISTR_U16_CPY_TRUE}" && test -z "${LIBUNISTRING_COMPILE_UNISTR_U16_CPY_FALSE}"; then + as_fn_error $? "conditional \"LIBUNISTRING_COMPILE_UNISTR_U16_CPY\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${LIBUNISTRING_COMPILE_UNISTR_U16_MBTOUC_UNSAFE_TRUE}" && test -z "${LIBUNISTRING_COMPILE_UNISTR_U16_MBTOUC_UNSAFE_FALSE}"; then + as_fn_error $? "conditional \"LIBUNISTRING_COMPILE_UNISTR_U16_MBTOUC_UNSAFE\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${LIBUNISTRING_COMPILE_UNISTR_U16_MBTOUCR_TRUE}" && test -z "${LIBUNISTRING_COMPILE_UNISTR_U16_MBTOUCR_FALSE}"; then + as_fn_error $? "conditional \"LIBUNISTRING_COMPILE_UNISTR_U16_MBTOUCR\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${LIBUNISTRING_COMPILE_UNISTR_U16_TO_U8_TRUE}" && test -z "${LIBUNISTRING_COMPILE_UNISTR_U16_TO_U8_FALSE}"; then + as_fn_error $? "conditional \"LIBUNISTRING_COMPILE_UNISTR_U16_TO_U8\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${LIBUNISTRING_COMPILE_UNISTR_U16_UCTOMB_TRUE}" && test -z "${LIBUNISTRING_COMPILE_UNISTR_U16_UCTOMB_FALSE}"; then + as_fn_error $? "conditional \"LIBUNISTRING_COMPILE_UNISTR_U16_UCTOMB\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${LIBUNISTRING_COMPILE_UNISTR_U32_CPY_TRUE}" && test -z "${LIBUNISTRING_COMPILE_UNISTR_U32_CPY_FALSE}"; then + as_fn_error $? "conditional \"LIBUNISTRING_COMPILE_UNISTR_U32_CPY\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${LIBUNISTRING_COMPILE_UNISTR_U32_MBTOUC_UNSAFE_TRUE}" && test -z "${LIBUNISTRING_COMPILE_UNISTR_U32_MBTOUC_UNSAFE_FALSE}"; then + as_fn_error $? "conditional \"LIBUNISTRING_COMPILE_UNISTR_U32_MBTOUC_UNSAFE\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${LIBUNISTRING_COMPILE_UNISTR_U32_TO_U8_TRUE}" && test -z "${LIBUNISTRING_COMPILE_UNISTR_U32_TO_U8_FALSE}"; then + as_fn_error $? "conditional \"LIBUNISTRING_COMPILE_UNISTR_U32_TO_U8\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${LIBUNISTRING_COMPILE_UNISTR_U32_UCTOMB_TRUE}" && test -z "${LIBUNISTRING_COMPILE_UNISTR_U32_UCTOMB_FALSE}"; then + as_fn_error $? "conditional \"LIBUNISTRING_COMPILE_UNISTR_U32_UCTOMB\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${LIBUNISTRING_COMPILE_UNISTR_U8_CHECK_TRUE}" && test -z "${LIBUNISTRING_COMPILE_UNISTR_U8_CHECK_FALSE}"; then + as_fn_error $? "conditional \"LIBUNISTRING_COMPILE_UNISTR_U8_CHECK\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${LIBUNISTRING_COMPILE_UNISTR_U8_CPY_TRUE}" && test -z "${LIBUNISTRING_COMPILE_UNISTR_U8_CPY_FALSE}"; then + as_fn_error $? "conditional \"LIBUNISTRING_COMPILE_UNISTR_U8_CPY\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${LIBUNISTRING_COMPILE_UNISTR_U8_MBTOUC_UNSAFE_TRUE}" && test -z "${LIBUNISTRING_COMPILE_UNISTR_U8_MBTOUC_UNSAFE_FALSE}"; then + as_fn_error $? "conditional \"LIBUNISTRING_COMPILE_UNISTR_U8_MBTOUC_UNSAFE\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${LIBUNISTRING_COMPILE_UNISTR_U8_MBTOUCR_TRUE}" && test -z "${LIBUNISTRING_COMPILE_UNISTR_U8_MBTOUCR_FALSE}"; then + as_fn_error $? "conditional \"LIBUNISTRING_COMPILE_UNISTR_U8_MBTOUCR\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${LIBUNISTRING_COMPILE_UNISTR_U8_TO_U16_TRUE}" && test -z "${LIBUNISTRING_COMPILE_UNISTR_U8_TO_U16_FALSE}"; then + as_fn_error $? "conditional \"LIBUNISTRING_COMPILE_UNISTR_U8_TO_U16\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${LIBUNISTRING_COMPILE_UNISTR_U8_TO_U32_TRUE}" && test -z "${LIBUNISTRING_COMPILE_UNISTR_U8_TO_U32_FALSE}"; then + as_fn_error $? "conditional \"LIBUNISTRING_COMPILE_UNISTR_U8_TO_U32\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${LIBUNISTRING_COMPILE_UNISTR_U8_UCTOMB_TRUE}" && test -z "${LIBUNISTRING_COMPILE_UNISTR_U8_UCTOMB_FALSE}"; then + as_fn_error $? "conditional \"LIBUNISTRING_COMPILE_UNISTR_U8_UCTOMB\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi + + unistring_libobjs= + unistring_ltlibobjs= + if test -n "$unistring_LIBOBJS"; then + # Remove the extension. + sed_drop_objext='s/\.o$//;s/\.obj$//' + for i in `for i in $unistring_LIBOBJS; do echo "$i"; done | sed -e "$sed_drop_objext" | sort | uniq`; do + unistring_libobjs="$unistring_libobjs $i.$ac_objext" + unistring_ltlibobjs="$unistring_ltlibobjs $i.lo" + done + fi + unistring_LIBOBJS=$unistring_libobjs + + unistring_LTLIBOBJS=$unistring_ltlibobjs + + + + unistringtests_libobjs= + unistringtests_ltlibobjs= + if test -n "$unistringtests_LIBOBJS"; then + # Remove the extension. + sed_drop_objext='s/\.o$//;s/\.obj$//' + for i in `for i in $unistringtests_LIBOBJS; do echo "$i"; done | sed -e "$sed_drop_objext" | sort | uniq`; do + unistringtests_libobjs="$unistringtests_libobjs $i.$ac_objext" + unistringtests_ltlibobjs="$unistringtests_ltlibobjs $i.lo" + done + fi + unistringtests_LIBOBJS=$unistringtests_libobjs + + unistringtests_LTLIBOBJS=$unistringtests_ltlibobjs + + +if test -z "${WANT_TEST_SUITE_TRUE}" && test -z "${WANT_TEST_SUITE_FALSE}"; then + as_fn_error $? "conditional \"WANT_TEST_SUITE\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${ENABLE_FIPS140_TRUE}" && test -z "${ENABLE_FIPS140_FALSE}"; then + as_fn_error $? "conditional \"ENABLE_FIPS140\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${HAVE_CMOCKA_TRUE}" && test -z "${HAVE_CMOCKA_FALSE}"; then + as_fn_error $? "conditional \"HAVE_CMOCKA\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${HAVE_LIBIDN2_TRUE}" && test -z "${HAVE_LIBIDN2_FALSE}"; then + as_fn_error $? "conditional \"HAVE_LIBIDN2\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${ENABLE_NON_SUITEB_CURVES_TRUE}" && test -z "${ENABLE_NON_SUITEB_CURVES_FALSE}"; then + as_fn_error $? "conditional \"ENABLE_NON_SUITEB_CURVES\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${ENABLE_DANE_TRUE}" && test -z "${ENABLE_DANE_FALSE}"; then + as_fn_error $? "conditional \"ENABLE_DANE\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${P11KIT_0_23_11_API_TRUE}" && test -z "${P11KIT_0_23_11_API_FALSE}"; then + as_fn_error $? "conditional \"P11KIT_0_23_11_API\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${ENABLE_PKCS11_TRUE}" && test -z "${ENABLE_PKCS11_FALSE}"; then + as_fn_error $? "conditional \"ENABLE_PKCS11\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${ENABLE_TROUSERS_TRUE}" && test -z "${ENABLE_TROUSERS_FALSE}"; then + as_fn_error $? "conditional \"ENABLE_TROUSERS\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${GL_GENERATE_STDNORETURN_H_TRUE}" && test -z "${GL_GENERATE_STDNORETURN_H_FALSE}"; then + as_fn_error $? "conditional \"GL_GENERATE_STDNORETURN_H\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${INSTALL_LIBOPTS_TRUE}" && test -z "${INSTALL_LIBOPTS_FALSE}"; then + as_fn_error $? "conditional \"INSTALL_LIBOPTS\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${NEED_LIBOPTS_TRUE}" && test -z "${NEED_LIBOPTS_FALSE}"; then + as_fn_error $? "conditional \"NEED_LIBOPTS\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${GL_GENERATE_STDNORETURN_H_TRUE}" && test -z "${GL_GENERATE_STDNORETURN_H_FALSE}"; then + as_fn_error $? "conditional \"GL_GENERATE_STDNORETURN_H\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${INSTALL_LIBOPTS_TRUE}" && test -z "${INSTALL_LIBOPTS_FALSE}"; then + as_fn_error $? "conditional \"INSTALL_LIBOPTS\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${NEED_LIBOPTS_TRUE}" && test -z "${NEED_LIBOPTS_FALSE}"; then + as_fn_error $? "conditional \"NEED_LIBOPTS\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${HAVE_PKCS11_TRUST_STORE_TRUE}" && test -z "${HAVE_PKCS11_TRUST_STORE_FALSE}"; then + as_fn_error $? "conditional \"HAVE_PKCS11_TRUST_STORE\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${HAVE_GUILE_TRUE}" && test -z "${HAVE_GUILE_FALSE}"; then + as_fn_error $? "conditional \"HAVE_GUILE\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${HAVE_GUILD_TRUE}" && test -z "${HAVE_GUILD_FALSE}"; then + as_fn_error $? "conditional \"HAVE_GUILD\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${NEEDS_LIBRT_TRUE}" && test -z "${NEEDS_LIBRT_FALSE}"; then + as_fn_error $? "conditional \"NEEDS_LIBRT\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi + +: "${CONFIG_STATUS=./config.status}" +ac_write_fail=0 +ac_clean_files_save=$ac_clean_files +ac_clean_files="$ac_clean_files $CONFIG_STATUS" +{ $as_echo "$as_me:${as_lineno-$LINENO}: creating $CONFIG_STATUS" >&5 +$as_echo "$as_me: creating $CONFIG_STATUS" >&6;} +as_write_fail=0 +cat >$CONFIG_STATUS <<_ASEOF || as_write_fail=1 +#! $SHELL +# Generated by $as_me. +# Run this file to recreate the current configuration. +# Compiler output produced by configure, useful for debugging +# configure, is in config.log if it exists. + +debug=false +ac_cs_recheck=false +ac_cs_silent=false + +SHELL=\${CONFIG_SHELL-$SHELL} +export SHELL +_ASEOF +cat >>$CONFIG_STATUS <<\_ASEOF || as_write_fail=1 +## -------------------- ## +## M4sh Initialization. ## +## -------------------- ## + +# Be more Bourne compatible +DUALCASE=1; export DUALCASE # for MKS sh +if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then : + emulate sh + NULLCMD=: + # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which + # is contrary to our usage. Disable this feature. + alias -g '${1+"$@"}'='"$@"' + setopt NO_GLOB_SUBST +else + case `(set -o) 2>/dev/null` in #( + *posix*) : + set -o posix ;; #( + *) : + ;; +esac +fi + + +as_nl=' +' +export as_nl +# Printing a long string crashes Solaris 7 /usr/bin/printf. +as_echo='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\' +as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo +as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo$as_echo +# Prefer a ksh shell builtin over an external printf program on Solaris, +# but without wasting forks for bash or zsh. +if test -z "$BASH_VERSION$ZSH_VERSION" \ + && (test "X`print -r -- $as_echo`" = "X$as_echo") 2>/dev/null; then + as_echo='print -r --' + as_echo_n='print -rn --' +elif (test "X`printf %s $as_echo`" = "X$as_echo") 2>/dev/null; then + as_echo='printf %s\n' + as_echo_n='printf %s' +else + if test "X`(/usr/ucb/echo -n -n $as_echo) 2>/dev/null`" = "X-n $as_echo"; then + as_echo_body='eval /usr/ucb/echo -n "$1$as_nl"' + as_echo_n='/usr/ucb/echo -n' + else + as_echo_body='eval expr "X$1" : "X\\(.*\\)"' + as_echo_n_body='eval + arg=$1; + case $arg in #( + *"$as_nl"*) + expr "X$arg" : "X\\(.*\\)$as_nl"; + arg=`expr "X$arg" : ".*$as_nl\\(.*\\)"`;; + esac; + expr "X$arg" : "X\\(.*\\)" | tr -d "$as_nl" + ' + export as_echo_n_body + as_echo_n='sh -c $as_echo_n_body as_echo' + fi + export as_echo_body + as_echo='sh -c $as_echo_body as_echo' +fi + +# The user is always right. +if test "${PATH_SEPARATOR+set}" != set; then + PATH_SEPARATOR=: + (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && { + (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 || + PATH_SEPARATOR=';' + } +fi + + +# IFS +# We need space, tab and new line, in precisely that order. Quoting is +# there to prevent editors from complaining about space-tab. +# (If _AS_PATH_WALK were called with IFS unset, it would disable word +# splitting by setting IFS to empty value.) +IFS=" "" $as_nl" + +# Find who we are. Look in the path if we contain no directory separator. +as_myself= +case $0 in #(( + *[\\/]* ) as_myself=$0 ;; + *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break + done +IFS=$as_save_IFS + + ;; +esac +# We did not find ourselves, most probably we were run as `sh COMMAND' +# in which case we are not to be found in the path. +if test "x$as_myself" = x; then + as_myself=$0 +fi +if test ! -f "$as_myself"; then + $as_echo "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2 + exit 1 +fi + +# Unset variables that we do not need and which cause bugs (e.g. in +# pre-3.0 UWIN ksh). But do not cause bugs in bash 2.01; the "|| exit 1" +# suppresses any "Segmentation fault" message there. '((' could +# trigger a bug in pdksh 5.2.14. +for as_var in BASH_ENV ENV MAIL MAILPATH +do eval test x\${$as_var+set} = xset \ + && ( (unset $as_var) || exit 1) >/dev/null 2>&1 && unset $as_var || : +done +PS1='$ ' +PS2='> ' +PS4='+ ' + +# NLS nuisances. +LC_ALL=C +export LC_ALL +LANGUAGE=C +export LANGUAGE + +# CDPATH. +(unset CDPATH) >/dev/null 2>&1 && unset CDPATH + + +# as_fn_error STATUS ERROR [LINENO LOG_FD] +# ---------------------------------------- +# Output "`basename $0`: error: ERROR" to stderr. If LINENO and LOG_FD are +# provided, also output the error to LOG_FD, referencing LINENO. Then exit the +# script with STATUS, using 1 if that was 0. +as_fn_error () +{ + as_status=$1; test $as_status -eq 0 && as_status=1 + if test "$4"; then + as_lineno=${as_lineno-"$3"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + $as_echo "$as_me:${as_lineno-$LINENO}: error: $2" >&$4 + fi + $as_echo "$as_me: error: $2" >&2 + as_fn_exit $as_status +} # as_fn_error + + +# as_fn_set_status STATUS +# ----------------------- +# Set $? to STATUS, without forking. +as_fn_set_status () +{ + return $1 +} # as_fn_set_status + +# as_fn_exit STATUS +# ----------------- +# Exit the shell with STATUS, even in a "trap 0" or "set -e" context. +as_fn_exit () +{ + set +e + as_fn_set_status $1 + exit $1 +} # as_fn_exit + +# as_fn_unset VAR +# --------------- +# Portably unset VAR. +as_fn_unset () +{ + { eval $1=; unset $1;} +} +as_unset=as_fn_unset +# as_fn_append VAR VALUE +# ---------------------- +# Append the text in VALUE to the end of the definition contained in VAR. Take +# advantage of any shell optimizations that allow amortized linear growth over +# repeated appends, instead of the typical quadratic growth present in naive +# implementations. +if (eval "as_var=1; as_var+=2; test x\$as_var = x12") 2>/dev/null; then : + eval 'as_fn_append () + { + eval $1+=\$2 + }' +else + as_fn_append () + { + eval $1=\$$1\$2 + } +fi # as_fn_append + +# as_fn_arith ARG... +# ------------------ +# Perform arithmetic evaluation on the ARGs, and store the result in the +# global $as_val. Take advantage of shells that can avoid forks. The arguments +# must be portable across $(()) and expr. +if (eval "test \$(( 1 + 1 )) = 2") 2>/dev/null; then : + eval 'as_fn_arith () + { + as_val=$(( $* )) + }' +else + as_fn_arith () + { + as_val=`expr "$@" || test $? -eq 1` + } +fi # as_fn_arith + + +if expr a : '\(a\)' >/dev/null 2>&1 && + test "X`expr 00001 : '.*\(...\)'`" = X001; then + as_expr=expr +else + as_expr=false +fi + +if (basename -- /) >/dev/null 2>&1 && test "X`basename -- / 2>&1`" = "X/"; then + as_basename=basename +else + as_basename=false +fi + +if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then + as_dirname=dirname +else + as_dirname=false +fi + +as_me=`$as_basename -- "$0" || +$as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \ + X"$0" : 'X\(//\)$' \| \ + X"$0" : 'X\(/\)' \| . 2>/dev/null || +$as_echo X/"$0" | + sed '/^.*\/\([^/][^/]*\)\/*$/{ + s//\1/ + q + } + /^X\/\(\/\/\)$/{ + s//\1/ + q + } + /^X\/\(\/\).*/{ + s//\1/ + q + } + s/.*/./; q'` + +# Avoid depending upon Character Ranges. +as_cr_letters='abcdefghijklmnopqrstuvwxyz' +as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ' +as_cr_Letters=$as_cr_letters$as_cr_LETTERS +as_cr_digits='0123456789' +as_cr_alnum=$as_cr_Letters$as_cr_digits + +ECHO_C= ECHO_N= ECHO_T= +case `echo -n x` in #((((( +-n*) + case `echo 'xy\c'` in + *c*) ECHO_T=' ';; # ECHO_T is single tab character. + xy) ECHO_C='\c';; + *) echo `echo ksh88 bug on AIX 6.1` > /dev/null + ECHO_T=' ';; + esac;; +*) + ECHO_N='-n';; +esac + +rm -f conf$$ conf$$.exe conf$$.file +if test -d conf$$.dir; then + rm -f conf$$.dir/conf$$.file +else + rm -f conf$$.dir + mkdir conf$$.dir 2>/dev/null +fi +if (echo >conf$$.file) 2>/dev/null; then + if ln -s conf$$.file conf$$ 2>/dev/null; then + as_ln_s='ln -s' + # ... but there are two gotchas: + # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail. + # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable. + # In both cases, we have to default to `cp -pR'. + ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe || + as_ln_s='cp -pR' + elif ln conf$$.file conf$$ 2>/dev/null; then + as_ln_s=ln + else + as_ln_s='cp -pR' + fi +else + as_ln_s='cp -pR' +fi +rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file +rmdir conf$$.dir 2>/dev/null + + +# as_fn_mkdir_p +# ------------- +# Create "$as_dir" as a directory, including parents if necessary. +as_fn_mkdir_p () +{ + + case $as_dir in #( + -*) as_dir=./$as_dir;; + esac + test -d "$as_dir" || eval $as_mkdir_p || { + as_dirs= + while :; do + case $as_dir in #( + *\'*) as_qdir=`$as_echo "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'( + *) as_qdir=$as_dir;; + esac + as_dirs="'$as_qdir' $as_dirs" + as_dir=`$as_dirname -- "$as_dir" || +$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$as_dir" : 'X\(//\)[^/]' \| \ + X"$as_dir" : 'X\(//\)$' \| \ + X"$as_dir" : 'X\(/\)' \| . 2>/dev/null || +$as_echo X"$as_dir" | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ + s//\1/ + q + } + /^X\(\/\/\)[^/].*/{ + s//\1/ + q + } + /^X\(\/\/\)$/{ + s//\1/ + q + } + /^X\(\/\).*/{ + s//\1/ + q + } + s/.*/./; q'` + test -d "$as_dir" && break + done + test -z "$as_dirs" || eval "mkdir $as_dirs" + } || test -d "$as_dir" || as_fn_error $? "cannot create directory $as_dir" + + +} # as_fn_mkdir_p +if mkdir -p . 2>/dev/null; then + as_mkdir_p='mkdir -p "$as_dir"' +else + test -d ./-p && rmdir ./-p + as_mkdir_p=false +fi + + +# as_fn_executable_p FILE +# ----------------------- +# Test if FILE is an executable regular file. +as_fn_executable_p () +{ + test -f "$1" && test -x "$1" +} # as_fn_executable_p +as_test_x='test -x' +as_executable_p=as_fn_executable_p + +# Sed expression to map a string onto a valid CPP name. +as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'" + +# Sed expression to map a string onto a valid variable name. +as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'" + + +exec 6>&1 +## ----------------------------------- ## +## Main body of $CONFIG_STATUS script. ## +## ----------------------------------- ## +_ASEOF +test $as_write_fail = 0 && chmod +x $CONFIG_STATUS || ac_write_fail=1 + +cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 +# Save the log message, to keep $0 and so on meaningful, and to +# report actual input values of CONFIG_FILES etc. instead of their +# values after options handling. +ac_log=" +This file was extended by GnuTLS $as_me 3.6.8, which was +generated by GNU Autoconf 2.69. Invocation command line was + + CONFIG_FILES = $CONFIG_FILES + CONFIG_HEADERS = $CONFIG_HEADERS + CONFIG_LINKS = $CONFIG_LINKS + CONFIG_COMMANDS = $CONFIG_COMMANDS + $ $0 $@ + +on `(hostname || uname -n) 2>/dev/null | sed 1q` +" + +_ACEOF + +case $ac_config_files in *" +"*) set x $ac_config_files; shift; ac_config_files=$*;; +esac + +case $ac_config_headers in *" +"*) set x $ac_config_headers; shift; ac_config_headers=$*;; +esac + + +cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 +# Files that config.status was made for. +config_files="$ac_config_files" +config_headers="$ac_config_headers" +config_links="$ac_config_links" +config_commands="$ac_config_commands" + +_ACEOF + +cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 +ac_cs_usage="\ +\`$as_me' instantiates files and other configuration actions +from templates according to the current configuration. Unless the files +and actions are specified as TAGs, all are instantiated by default. + +Usage: $0 [OPTION]... [TAG]... + + -h, --help print this help, then exit + -V, --version print version number and configuration settings, then exit + --config print configuration, then exit + -q, --quiet, --silent + do not print progress messages + -d, --debug don't remove temporary files + --recheck update $as_me by reconfiguring in the same conditions + --file=FILE[:TEMPLATE] + instantiate the configuration file FILE + --header=FILE[:TEMPLATE] + instantiate the configuration header FILE + +Configuration files: +$config_files + +Configuration headers: +$config_headers + +Configuration links: +$config_links + +Configuration commands: +$config_commands + +Report bugs to ." + +_ACEOF +cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 +ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" +ac_cs_version="\\ +GnuTLS config.status 3.6.8 +configured by $0, generated by GNU Autoconf 2.69, + with options \\"\$ac_cs_config\\" + +Copyright (C) 2012 Free Software Foundation, Inc. +This config.status script is free software; the Free Software Foundation +gives unlimited permission to copy, distribute and modify it." + +ac_pwd='$ac_pwd' +srcdir='$srcdir' +INSTALL='$INSTALL' +MKDIR_P='$MKDIR_P' +AWK='$AWK' +test -n "\$AWK" || AWK=awk +_ACEOF + +cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 +# The default lists apply if the user does not specify any file. +ac_need_defaults=: +while test $# != 0 +do + case $1 in + --*=?*) + ac_option=`expr "X$1" : 'X\([^=]*\)='` + ac_optarg=`expr "X$1" : 'X[^=]*=\(.*\)'` + ac_shift=: + ;; + --*=) + ac_option=`expr "X$1" : 'X\([^=]*\)='` + ac_optarg= + ac_shift=: + ;; + *) + ac_option=$1 + ac_optarg=$2 + ac_shift=shift + ;; + esac + + case $ac_option in + # Handling of the options. + -recheck | --recheck | --rechec | --reche | --rech | --rec | --re | --r) + ac_cs_recheck=: ;; + --version | --versio | --versi | --vers | --ver | --ve | --v | -V ) + $as_echo "$ac_cs_version"; exit ;; + --config | --confi | --conf | --con | --co | --c ) + $as_echo "$ac_cs_config"; exit ;; + --debug | --debu | --deb | --de | --d | -d ) + debug=: ;; + --file | --fil | --fi | --f ) + $ac_shift + case $ac_optarg in + *\'*) ac_optarg=`$as_echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` ;; + '') as_fn_error $? "missing file argument" ;; + esac + as_fn_append CONFIG_FILES " '$ac_optarg'" + ac_need_defaults=false;; + --header | --heade | --head | --hea ) + $ac_shift + case $ac_optarg in + *\'*) ac_optarg=`$as_echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` ;; + esac + as_fn_append CONFIG_HEADERS " '$ac_optarg'" + ac_need_defaults=false;; + --he | --h) + # Conflict between --help and --header + as_fn_error $? "ambiguous option: \`$1' +Try \`$0 --help' for more information.";; + --help | --hel | -h ) + $as_echo "$ac_cs_usage"; exit ;; + -q | -quiet | --quiet | --quie | --qui | --qu | --q \ + | -silent | --silent | --silen | --sile | --sil | --si | --s) + ac_cs_silent=: ;; + + # This is an error. + -*) as_fn_error $? "unrecognized option: \`$1' +Try \`$0 --help' for more information." ;; + + *) as_fn_append ac_config_targets " $1" + ac_need_defaults=false ;; + + esac + shift +done + +ac_configure_extra_args= + +if $ac_cs_silent; then + exec 6>/dev/null + ac_configure_extra_args="$ac_configure_extra_args --silent" +fi + +_ACEOF +cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 +if \$ac_cs_recheck; then + set X $SHELL '$0' $ac_configure_args \$ac_configure_extra_args --no-create --no-recursion + shift + \$as_echo "running CONFIG_SHELL=$SHELL \$*" >&6 + CONFIG_SHELL='$SHELL' + export CONFIG_SHELL + exec "\$@" +fi + +_ACEOF +cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 +exec 5>>config.log +{ + echo + sed 'h;s/./-/g;s/^.../## /;s/...$/ ##/;p;x;p;x' <<_ASBOX +## Running $as_me. ## +_ASBOX + $as_echo "$ac_log" +} >&5 + +_ACEOF +cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 +# +# INIT-COMMANDS +# +AMDEP_TRUE="$AMDEP_TRUE" MAKE="${MAKE-make}" +# Capture the value of obsolete ALL_LINGUAS because we need it to compute + # POFILES, UPDATEPOFILES, DUMMYPOFILES, GMOFILES, CATALOGS. But hide it + # from automake < 1.5. + eval 'OBSOLETE_ALL_LINGUAS''="$ALL_LINGUAS"' + # Capture the value of LINGUAS because we need it to compute CATALOGS. + LINGUAS="${LINGUAS-%UNSET%}" + +GNUmakefile=$GNUmakefile + + +# The HP-UX ksh and POSIX shell print the target directory to stdout +# if CDPATH is set. +(unset CDPATH) >/dev/null 2>&1 && unset CDPATH + +sed_quote_subst='$sed_quote_subst' +double_quote_subst='$double_quote_subst' +delay_variable_subst='$delay_variable_subst' +macro_version='`$ECHO "$macro_version" | $SED "$delay_single_quote_subst"`' +macro_revision='`$ECHO "$macro_revision" | $SED "$delay_single_quote_subst"`' +enable_static='`$ECHO "$enable_static" | $SED "$delay_single_quote_subst"`' +enable_shared='`$ECHO "$enable_shared" | $SED "$delay_single_quote_subst"`' +pic_mode='`$ECHO "$pic_mode" | $SED "$delay_single_quote_subst"`' +enable_fast_install='`$ECHO "$enable_fast_install" | $SED "$delay_single_quote_subst"`' +shared_archive_member_spec='`$ECHO "$shared_archive_member_spec" | $SED "$delay_single_quote_subst"`' +SHELL='`$ECHO "$SHELL" | $SED "$delay_single_quote_subst"`' +ECHO='`$ECHO "$ECHO" | $SED "$delay_single_quote_subst"`' +PATH_SEPARATOR='`$ECHO "$PATH_SEPARATOR" | $SED "$delay_single_quote_subst"`' +host_alias='`$ECHO "$host_alias" | $SED "$delay_single_quote_subst"`' +host='`$ECHO "$host" | $SED "$delay_single_quote_subst"`' +host_os='`$ECHO "$host_os" | $SED "$delay_single_quote_subst"`' +build_alias='`$ECHO "$build_alias" | $SED "$delay_single_quote_subst"`' +build='`$ECHO "$build" | $SED "$delay_single_quote_subst"`' +build_os='`$ECHO "$build_os" | $SED "$delay_single_quote_subst"`' +SED='`$ECHO "$SED" | $SED "$delay_single_quote_subst"`' +Xsed='`$ECHO "$Xsed" | $SED "$delay_single_quote_subst"`' +GREP='`$ECHO "$GREP" | $SED "$delay_single_quote_subst"`' +EGREP='`$ECHO "$EGREP" | $SED "$delay_single_quote_subst"`' +FGREP='`$ECHO "$FGREP" | $SED "$delay_single_quote_subst"`' +LD='`$ECHO "$LD" | $SED "$delay_single_quote_subst"`' +NM='`$ECHO "$NM" | $SED "$delay_single_quote_subst"`' +LN_S='`$ECHO "$LN_S" | $SED "$delay_single_quote_subst"`' +max_cmd_len='`$ECHO "$max_cmd_len" | $SED "$delay_single_quote_subst"`' +ac_objext='`$ECHO "$ac_objext" | $SED "$delay_single_quote_subst"`' +exeext='`$ECHO "$exeext" | $SED "$delay_single_quote_subst"`' +lt_unset='`$ECHO "$lt_unset" | $SED "$delay_single_quote_subst"`' +lt_SP2NL='`$ECHO "$lt_SP2NL" | $SED "$delay_single_quote_subst"`' +lt_NL2SP='`$ECHO "$lt_NL2SP" | $SED "$delay_single_quote_subst"`' +lt_cv_to_host_file_cmd='`$ECHO "$lt_cv_to_host_file_cmd" | $SED "$delay_single_quote_subst"`' +lt_cv_to_tool_file_cmd='`$ECHO "$lt_cv_to_tool_file_cmd" | $SED "$delay_single_quote_subst"`' +reload_flag='`$ECHO "$reload_flag" | $SED "$delay_single_quote_subst"`' +reload_cmds='`$ECHO "$reload_cmds" | $SED "$delay_single_quote_subst"`' +OBJDUMP='`$ECHO "$OBJDUMP" | $SED "$delay_single_quote_subst"`' +deplibs_check_method='`$ECHO "$deplibs_check_method" | $SED "$delay_single_quote_subst"`' +file_magic_cmd='`$ECHO "$file_magic_cmd" | $SED "$delay_single_quote_subst"`' +file_magic_glob='`$ECHO "$file_magic_glob" | $SED "$delay_single_quote_subst"`' +want_nocaseglob='`$ECHO "$want_nocaseglob" | $SED "$delay_single_quote_subst"`' +DLLTOOL='`$ECHO "$DLLTOOL" | $SED "$delay_single_quote_subst"`' +sharedlib_from_linklib_cmd='`$ECHO "$sharedlib_from_linklib_cmd" | $SED "$delay_single_quote_subst"`' +AR='`$ECHO "$AR" | $SED "$delay_single_quote_subst"`' +AR_FLAGS='`$ECHO "$AR_FLAGS" | $SED "$delay_single_quote_subst"`' +archiver_list_spec='`$ECHO "$archiver_list_spec" | $SED "$delay_single_quote_subst"`' +STRIP='`$ECHO "$STRIP" | $SED "$delay_single_quote_subst"`' +RANLIB='`$ECHO "$RANLIB" | $SED "$delay_single_quote_subst"`' +old_postinstall_cmds='`$ECHO "$old_postinstall_cmds" | $SED "$delay_single_quote_subst"`' +old_postuninstall_cmds='`$ECHO "$old_postuninstall_cmds" | $SED "$delay_single_quote_subst"`' +old_archive_cmds='`$ECHO "$old_archive_cmds" | $SED "$delay_single_quote_subst"`' +lock_old_archive_extraction='`$ECHO "$lock_old_archive_extraction" | $SED "$delay_single_quote_subst"`' +CC='`$ECHO "$CC" | $SED "$delay_single_quote_subst"`' +CFLAGS='`$ECHO "$CFLAGS" | $SED "$delay_single_quote_subst"`' +compiler='`$ECHO "$compiler" | $SED "$delay_single_quote_subst"`' +GCC='`$ECHO "$GCC" | $SED "$delay_single_quote_subst"`' +lt_cv_sys_global_symbol_pipe='`$ECHO "$lt_cv_sys_global_symbol_pipe" | $SED "$delay_single_quote_subst"`' +lt_cv_sys_global_symbol_to_cdecl='`$ECHO "$lt_cv_sys_global_symbol_to_cdecl" | $SED "$delay_single_quote_subst"`' +lt_cv_sys_global_symbol_to_import='`$ECHO "$lt_cv_sys_global_symbol_to_import" | $SED "$delay_single_quote_subst"`' +lt_cv_sys_global_symbol_to_c_name_address='`$ECHO "$lt_cv_sys_global_symbol_to_c_name_address" | $SED "$delay_single_quote_subst"`' +lt_cv_sys_global_symbol_to_c_name_address_lib_prefix='`$ECHO "$lt_cv_sys_global_symbol_to_c_name_address_lib_prefix" | $SED "$delay_single_quote_subst"`' +lt_cv_nm_interface='`$ECHO "$lt_cv_nm_interface" | $SED "$delay_single_quote_subst"`' +nm_file_list_spec='`$ECHO "$nm_file_list_spec" | $SED "$delay_single_quote_subst"`' +lt_sysroot='`$ECHO "$lt_sysroot" | $SED "$delay_single_quote_subst"`' +lt_cv_truncate_bin='`$ECHO "$lt_cv_truncate_bin" | $SED "$delay_single_quote_subst"`' +objdir='`$ECHO "$objdir" | $SED "$delay_single_quote_subst"`' +MAGIC_CMD='`$ECHO "$MAGIC_CMD" | $SED "$delay_single_quote_subst"`' +lt_prog_compiler_no_builtin_flag='`$ECHO "$lt_prog_compiler_no_builtin_flag" | $SED "$delay_single_quote_subst"`' +lt_prog_compiler_pic='`$ECHO "$lt_prog_compiler_pic" | $SED "$delay_single_quote_subst"`' +lt_prog_compiler_wl='`$ECHO "$lt_prog_compiler_wl" | $SED "$delay_single_quote_subst"`' +lt_prog_compiler_static='`$ECHO "$lt_prog_compiler_static" | $SED "$delay_single_quote_subst"`' +lt_cv_prog_compiler_c_o='`$ECHO "$lt_cv_prog_compiler_c_o" | $SED "$delay_single_quote_subst"`' +need_locks='`$ECHO "$need_locks" | $SED "$delay_single_quote_subst"`' +MANIFEST_TOOL='`$ECHO "$MANIFEST_TOOL" | $SED "$delay_single_quote_subst"`' +DSYMUTIL='`$ECHO "$DSYMUTIL" | $SED "$delay_single_quote_subst"`' +NMEDIT='`$ECHO "$NMEDIT" | $SED "$delay_single_quote_subst"`' +LIPO='`$ECHO "$LIPO" | $SED "$delay_single_quote_subst"`' +OTOOL='`$ECHO "$OTOOL" | $SED "$delay_single_quote_subst"`' +OTOOL64='`$ECHO "$OTOOL64" | $SED "$delay_single_quote_subst"`' +libext='`$ECHO "$libext" | $SED "$delay_single_quote_subst"`' +shrext_cmds='`$ECHO "$shrext_cmds" | $SED "$delay_single_quote_subst"`' +extract_expsyms_cmds='`$ECHO "$extract_expsyms_cmds" | $SED "$delay_single_quote_subst"`' +archive_cmds_need_lc='`$ECHO "$archive_cmds_need_lc" | $SED "$delay_single_quote_subst"`' +enable_shared_with_static_runtimes='`$ECHO "$enable_shared_with_static_runtimes" | $SED "$delay_single_quote_subst"`' +export_dynamic_flag_spec='`$ECHO "$export_dynamic_flag_spec" | $SED "$delay_single_quote_subst"`' +whole_archive_flag_spec='`$ECHO "$whole_archive_flag_spec" | $SED "$delay_single_quote_subst"`' +compiler_needs_object='`$ECHO "$compiler_needs_object" | $SED "$delay_single_quote_subst"`' +old_archive_from_new_cmds='`$ECHO "$old_archive_from_new_cmds" | $SED "$delay_single_quote_subst"`' +old_archive_from_expsyms_cmds='`$ECHO "$old_archive_from_expsyms_cmds" | $SED "$delay_single_quote_subst"`' +archive_cmds='`$ECHO "$archive_cmds" | $SED "$delay_single_quote_subst"`' +archive_expsym_cmds='`$ECHO "$archive_expsym_cmds" | $SED "$delay_single_quote_subst"`' +module_cmds='`$ECHO "$module_cmds" | $SED "$delay_single_quote_subst"`' +module_expsym_cmds='`$ECHO "$module_expsym_cmds" | $SED "$delay_single_quote_subst"`' +with_gnu_ld='`$ECHO "$with_gnu_ld" | $SED "$delay_single_quote_subst"`' +allow_undefined_flag='`$ECHO "$allow_undefined_flag" | $SED "$delay_single_quote_subst"`' +no_undefined_flag='`$ECHO "$no_undefined_flag" | $SED "$delay_single_quote_subst"`' +hardcode_libdir_flag_spec='`$ECHO "$hardcode_libdir_flag_spec" | $SED "$delay_single_quote_subst"`' +hardcode_libdir_separator='`$ECHO "$hardcode_libdir_separator" | $SED "$delay_single_quote_subst"`' +hardcode_direct='`$ECHO "$hardcode_direct" | $SED "$delay_single_quote_subst"`' +hardcode_direct_absolute='`$ECHO "$hardcode_direct_absolute" | $SED "$delay_single_quote_subst"`' +hardcode_minus_L='`$ECHO "$hardcode_minus_L" | $SED "$delay_single_quote_subst"`' +hardcode_shlibpath_var='`$ECHO "$hardcode_shlibpath_var" | $SED "$delay_single_quote_subst"`' +hardcode_automatic='`$ECHO "$hardcode_automatic" | $SED "$delay_single_quote_subst"`' +inherit_rpath='`$ECHO "$inherit_rpath" | $SED "$delay_single_quote_subst"`' +link_all_deplibs='`$ECHO "$link_all_deplibs" | $SED "$delay_single_quote_subst"`' +always_export_symbols='`$ECHO "$always_export_symbols" | $SED "$delay_single_quote_subst"`' +export_symbols_cmds='`$ECHO "$export_symbols_cmds" | $SED "$delay_single_quote_subst"`' +exclude_expsyms='`$ECHO "$exclude_expsyms" | $SED "$delay_single_quote_subst"`' +include_expsyms='`$ECHO "$include_expsyms" | $SED "$delay_single_quote_subst"`' +prelink_cmds='`$ECHO "$prelink_cmds" | $SED "$delay_single_quote_subst"`' +postlink_cmds='`$ECHO "$postlink_cmds" | $SED "$delay_single_quote_subst"`' +file_list_spec='`$ECHO "$file_list_spec" | $SED "$delay_single_quote_subst"`' +variables_saved_for_relink='`$ECHO "$variables_saved_for_relink" | $SED "$delay_single_quote_subst"`' +need_lib_prefix='`$ECHO "$need_lib_prefix" | $SED "$delay_single_quote_subst"`' +need_version='`$ECHO "$need_version" | $SED "$delay_single_quote_subst"`' +version_type='`$ECHO "$version_type" | $SED "$delay_single_quote_subst"`' +runpath_var='`$ECHO "$runpath_var" | $SED "$delay_single_quote_subst"`' +shlibpath_var='`$ECHO "$shlibpath_var" | $SED "$delay_single_quote_subst"`' +shlibpath_overrides_runpath='`$ECHO "$shlibpath_overrides_runpath" | $SED "$delay_single_quote_subst"`' +libname_spec='`$ECHO "$libname_spec" | $SED "$delay_single_quote_subst"`' +library_names_spec='`$ECHO "$library_names_spec" | $SED "$delay_single_quote_subst"`' +soname_spec='`$ECHO "$soname_spec" | $SED "$delay_single_quote_subst"`' +install_override_mode='`$ECHO "$install_override_mode" | $SED "$delay_single_quote_subst"`' +postinstall_cmds='`$ECHO "$postinstall_cmds" | $SED "$delay_single_quote_subst"`' +postuninstall_cmds='`$ECHO "$postuninstall_cmds" | $SED "$delay_single_quote_subst"`' +finish_cmds='`$ECHO "$finish_cmds" | $SED "$delay_single_quote_subst"`' +finish_eval='`$ECHO "$finish_eval" | $SED "$delay_single_quote_subst"`' +hardcode_into_libs='`$ECHO "$hardcode_into_libs" | $SED "$delay_single_quote_subst"`' +sys_lib_search_path_spec='`$ECHO "$sys_lib_search_path_spec" | $SED "$delay_single_quote_subst"`' +configure_time_dlsearch_path='`$ECHO "$configure_time_dlsearch_path" | $SED "$delay_single_quote_subst"`' +configure_time_lt_sys_library_path='`$ECHO "$configure_time_lt_sys_library_path" | $SED "$delay_single_quote_subst"`' +hardcode_action='`$ECHO "$hardcode_action" | $SED "$delay_single_quote_subst"`' +enable_dlopen='`$ECHO "$enable_dlopen" | $SED "$delay_single_quote_subst"`' +enable_dlopen_self='`$ECHO "$enable_dlopen_self" | $SED "$delay_single_quote_subst"`' +enable_dlopen_self_static='`$ECHO "$enable_dlopen_self_static" | $SED "$delay_single_quote_subst"`' +old_striplib='`$ECHO "$old_striplib" | $SED "$delay_single_quote_subst"`' +striplib='`$ECHO "$striplib" | $SED "$delay_single_quote_subst"`' +compiler_lib_search_dirs='`$ECHO "$compiler_lib_search_dirs" | $SED "$delay_single_quote_subst"`' +predep_objects='`$ECHO "$predep_objects" | $SED "$delay_single_quote_subst"`' +postdep_objects='`$ECHO "$postdep_objects" | $SED "$delay_single_quote_subst"`' +predeps='`$ECHO "$predeps" | $SED "$delay_single_quote_subst"`' +postdeps='`$ECHO "$postdeps" | $SED "$delay_single_quote_subst"`' +compiler_lib_search_path='`$ECHO "$compiler_lib_search_path" | $SED "$delay_single_quote_subst"`' +LD_CXX='`$ECHO "$LD_CXX" | $SED "$delay_single_quote_subst"`' +reload_flag_CXX='`$ECHO "$reload_flag_CXX" | $SED "$delay_single_quote_subst"`' +reload_cmds_CXX='`$ECHO "$reload_cmds_CXX" | $SED "$delay_single_quote_subst"`' +old_archive_cmds_CXX='`$ECHO "$old_archive_cmds_CXX" | $SED "$delay_single_quote_subst"`' +compiler_CXX='`$ECHO "$compiler_CXX" | $SED "$delay_single_quote_subst"`' +GCC_CXX='`$ECHO "$GCC_CXX" | $SED "$delay_single_quote_subst"`' +lt_prog_compiler_no_builtin_flag_CXX='`$ECHO "$lt_prog_compiler_no_builtin_flag_CXX" | $SED "$delay_single_quote_subst"`' +lt_prog_compiler_pic_CXX='`$ECHO "$lt_prog_compiler_pic_CXX" | $SED "$delay_single_quote_subst"`' +lt_prog_compiler_wl_CXX='`$ECHO "$lt_prog_compiler_wl_CXX" | $SED "$delay_single_quote_subst"`' +lt_prog_compiler_static_CXX='`$ECHO "$lt_prog_compiler_static_CXX" | $SED "$delay_single_quote_subst"`' +lt_cv_prog_compiler_c_o_CXX='`$ECHO "$lt_cv_prog_compiler_c_o_CXX" | $SED "$delay_single_quote_subst"`' +archive_cmds_need_lc_CXX='`$ECHO "$archive_cmds_need_lc_CXX" | $SED "$delay_single_quote_subst"`' +enable_shared_with_static_runtimes_CXX='`$ECHO "$enable_shared_with_static_runtimes_CXX" | $SED "$delay_single_quote_subst"`' +export_dynamic_flag_spec_CXX='`$ECHO "$export_dynamic_flag_spec_CXX" | $SED "$delay_single_quote_subst"`' +whole_archive_flag_spec_CXX='`$ECHO "$whole_archive_flag_spec_CXX" | $SED "$delay_single_quote_subst"`' +compiler_needs_object_CXX='`$ECHO "$compiler_needs_object_CXX" | $SED "$delay_single_quote_subst"`' +old_archive_from_new_cmds_CXX='`$ECHO "$old_archive_from_new_cmds_CXX" | $SED "$delay_single_quote_subst"`' +old_archive_from_expsyms_cmds_CXX='`$ECHO "$old_archive_from_expsyms_cmds_CXX" | $SED "$delay_single_quote_subst"`' +archive_cmds_CXX='`$ECHO "$archive_cmds_CXX" | $SED "$delay_single_quote_subst"`' +archive_expsym_cmds_CXX='`$ECHO "$archive_expsym_cmds_CXX" | $SED "$delay_single_quote_subst"`' +module_cmds_CXX='`$ECHO "$module_cmds_CXX" | $SED "$delay_single_quote_subst"`' +module_expsym_cmds_CXX='`$ECHO "$module_expsym_cmds_CXX" | $SED "$delay_single_quote_subst"`' +with_gnu_ld_CXX='`$ECHO "$with_gnu_ld_CXX" | $SED "$delay_single_quote_subst"`' +allow_undefined_flag_CXX='`$ECHO "$allow_undefined_flag_CXX" | $SED "$delay_single_quote_subst"`' +no_undefined_flag_CXX='`$ECHO "$no_undefined_flag_CXX" | $SED "$delay_single_quote_subst"`' +hardcode_libdir_flag_spec_CXX='`$ECHO "$hardcode_libdir_flag_spec_CXX" | $SED "$delay_single_quote_subst"`' +hardcode_libdir_separator_CXX='`$ECHO "$hardcode_libdir_separator_CXX" | $SED "$delay_single_quote_subst"`' +hardcode_direct_CXX='`$ECHO "$hardcode_direct_CXX" | $SED "$delay_single_quote_subst"`' +hardcode_direct_absolute_CXX='`$ECHO "$hardcode_direct_absolute_CXX" | $SED "$delay_single_quote_subst"`' +hardcode_minus_L_CXX='`$ECHO "$hardcode_minus_L_CXX" | $SED "$delay_single_quote_subst"`' +hardcode_shlibpath_var_CXX='`$ECHO "$hardcode_shlibpath_var_CXX" | $SED "$delay_single_quote_subst"`' +hardcode_automatic_CXX='`$ECHO "$hardcode_automatic_CXX" | $SED "$delay_single_quote_subst"`' +inherit_rpath_CXX='`$ECHO "$inherit_rpath_CXX" | $SED "$delay_single_quote_subst"`' +link_all_deplibs_CXX='`$ECHO "$link_all_deplibs_CXX" | $SED "$delay_single_quote_subst"`' +always_export_symbols_CXX='`$ECHO "$always_export_symbols_CXX" | $SED "$delay_single_quote_subst"`' +export_symbols_cmds_CXX='`$ECHO "$export_symbols_cmds_CXX" | $SED "$delay_single_quote_subst"`' +exclude_expsyms_CXX='`$ECHO "$exclude_expsyms_CXX" | $SED "$delay_single_quote_subst"`' +include_expsyms_CXX='`$ECHO "$include_expsyms_CXX" | $SED "$delay_single_quote_subst"`' +prelink_cmds_CXX='`$ECHO "$prelink_cmds_CXX" | $SED "$delay_single_quote_subst"`' +postlink_cmds_CXX='`$ECHO "$postlink_cmds_CXX" | $SED "$delay_single_quote_subst"`' +file_list_spec_CXX='`$ECHO "$file_list_spec_CXX" | $SED "$delay_single_quote_subst"`' +hardcode_action_CXX='`$ECHO "$hardcode_action_CXX" | $SED "$delay_single_quote_subst"`' +compiler_lib_search_dirs_CXX='`$ECHO "$compiler_lib_search_dirs_CXX" | $SED "$delay_single_quote_subst"`' +predep_objects_CXX='`$ECHO "$predep_objects_CXX" | $SED "$delay_single_quote_subst"`' +postdep_objects_CXX='`$ECHO "$postdep_objects_CXX" | $SED "$delay_single_quote_subst"`' +predeps_CXX='`$ECHO "$predeps_CXX" | $SED "$delay_single_quote_subst"`' +postdeps_CXX='`$ECHO "$postdeps_CXX" | $SED "$delay_single_quote_subst"`' +compiler_lib_search_path_CXX='`$ECHO "$compiler_lib_search_path_CXX" | $SED "$delay_single_quote_subst"`' + +LTCC='$LTCC' +LTCFLAGS='$LTCFLAGS' +compiler='$compiler_DEFAULT' + +# A function that is used when there is no print builtin or printf. +func_fallback_echo () +{ + eval 'cat <<_LTECHO_EOF +\$1 +_LTECHO_EOF' +} + +# Quote evaled strings. +for var in SHELL \ +ECHO \ +PATH_SEPARATOR \ +SED \ +GREP \ +EGREP \ +FGREP \ +LD \ +NM \ +LN_S \ +lt_SP2NL \ +lt_NL2SP \ +reload_flag \ +OBJDUMP \ +deplibs_check_method \ +file_magic_cmd \ +file_magic_glob \ +want_nocaseglob \ +DLLTOOL \ +sharedlib_from_linklib_cmd \ +AR \ +AR_FLAGS \ +archiver_list_spec \ +STRIP \ +RANLIB \ +CC \ +CFLAGS \ +compiler \ +lt_cv_sys_global_symbol_pipe \ +lt_cv_sys_global_symbol_to_cdecl \ +lt_cv_sys_global_symbol_to_import \ +lt_cv_sys_global_symbol_to_c_name_address \ +lt_cv_sys_global_symbol_to_c_name_address_lib_prefix \ +lt_cv_nm_interface \ +nm_file_list_spec \ +lt_cv_truncate_bin \ +lt_prog_compiler_no_builtin_flag \ +lt_prog_compiler_pic \ +lt_prog_compiler_wl \ +lt_prog_compiler_static \ +lt_cv_prog_compiler_c_o \ +need_locks \ +MANIFEST_TOOL \ +DSYMUTIL \ +NMEDIT \ +LIPO \ +OTOOL \ +OTOOL64 \ +shrext_cmds \ +export_dynamic_flag_spec \ +whole_archive_flag_spec \ +compiler_needs_object \ +with_gnu_ld \ +allow_undefined_flag \ +no_undefined_flag \ +hardcode_libdir_flag_spec \ +hardcode_libdir_separator \ +exclude_expsyms \ +include_expsyms \ +file_list_spec \ +variables_saved_for_relink \ +libname_spec \ +library_names_spec \ +soname_spec \ +install_override_mode \ +finish_eval \ +old_striplib \ +striplib \ +compiler_lib_search_dirs \ +predep_objects \ +postdep_objects \ +predeps \ +postdeps \ +compiler_lib_search_path \ +LD_CXX \ +reload_flag_CXX \ +compiler_CXX \ +lt_prog_compiler_no_builtin_flag_CXX \ +lt_prog_compiler_pic_CXX \ +lt_prog_compiler_wl_CXX \ +lt_prog_compiler_static_CXX \ +lt_cv_prog_compiler_c_o_CXX \ +export_dynamic_flag_spec_CXX \ +whole_archive_flag_spec_CXX \ +compiler_needs_object_CXX \ +with_gnu_ld_CXX \ +allow_undefined_flag_CXX \ +no_undefined_flag_CXX \ +hardcode_libdir_flag_spec_CXX \ +hardcode_libdir_separator_CXX \ +exclude_expsyms_CXX \ +include_expsyms_CXX \ +file_list_spec_CXX \ +compiler_lib_search_dirs_CXX \ +predep_objects_CXX \ +postdep_objects_CXX \ +predeps_CXX \ +postdeps_CXX \ +compiler_lib_search_path_CXX; do + case \`eval \\\\\$ECHO \\\\""\\\\\$\$var"\\\\"\` in + *[\\\\\\\`\\"\\\$]*) + eval "lt_\$var=\\\\\\"\\\`\\\$ECHO \\"\\\$\$var\\" | \\\$SED \\"\\\$sed_quote_subst\\"\\\`\\\\\\"" ## exclude from sc_prohibit_nested_quotes + ;; + *) + eval "lt_\$var=\\\\\\"\\\$\$var\\\\\\"" + ;; + esac +done + +# Double-quote double-evaled strings. +for var in reload_cmds \ +old_postinstall_cmds \ +old_postuninstall_cmds \ +old_archive_cmds \ +extract_expsyms_cmds \ +old_archive_from_new_cmds \ +old_archive_from_expsyms_cmds \ +archive_cmds \ +archive_expsym_cmds \ +module_cmds \ +module_expsym_cmds \ +export_symbols_cmds \ +prelink_cmds \ +postlink_cmds \ +postinstall_cmds \ +postuninstall_cmds \ +finish_cmds \ +sys_lib_search_path_spec \ +configure_time_dlsearch_path \ +configure_time_lt_sys_library_path \ +reload_cmds_CXX \ +old_archive_cmds_CXX \ +old_archive_from_new_cmds_CXX \ +old_archive_from_expsyms_cmds_CXX \ +archive_cmds_CXX \ +archive_expsym_cmds_CXX \ +module_cmds_CXX \ +module_expsym_cmds_CXX \ +export_symbols_cmds_CXX \ +prelink_cmds_CXX \ +postlink_cmds_CXX; do + case \`eval \\\\\$ECHO \\\\""\\\\\$\$var"\\\\"\` in + *[\\\\\\\`\\"\\\$]*) + eval "lt_\$var=\\\\\\"\\\`\\\$ECHO \\"\\\$\$var\\" | \\\$SED -e \\"\\\$double_quote_subst\\" -e \\"\\\$sed_quote_subst\\" -e \\"\\\$delay_variable_subst\\"\\\`\\\\\\"" ## exclude from sc_prohibit_nested_quotes + ;; + *) + eval "lt_\$var=\\\\\\"\\\$\$var\\\\\\"" + ;; + esac +done + +ac_aux_dir='$ac_aux_dir' + +# See if we are running on zsh, and set the options that allow our +# commands through without removal of \ escapes INIT. +if test -n "\${ZSH_VERSION+set}"; then + setopt NO_GLOB_SUBST +fi + + + PACKAGE='$PACKAGE' + VERSION='$VERSION' + RM='$RM' + ofile='$ofile' + + + + + + +_ACEOF + +cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 + +# Handling of arguments. +for ac_config_target in $ac_config_targets +do + case $ac_config_target in + "config.h") CONFIG_HEADERS="$CONFIG_HEADERS config.h" ;; + "depfiles") CONFIG_COMMANDS="$CONFIG_COMMANDS depfiles" ;; + "po-directories") CONFIG_COMMANDS="$CONFIG_COMMANDS po-directories" ;; + "$GNUmakefile") CONFIG_LINKS="$CONFIG_LINKS $GNUmakefile:$GNUmakefile" ;; + "libtool") CONFIG_COMMANDS="$CONFIG_COMMANDS libtool" ;; + "src/libopts/Makefile") CONFIG_FILES="$CONFIG_FILES src/libopts/Makefile" ;; + "guile/pre-inst-guile") CONFIG_FILES="$CONFIG_FILES guile/pre-inst-guile" ;; + "Makefile") CONFIG_FILES="$CONFIG_FILES Makefile" ;; + "doc/Makefile") CONFIG_FILES="$CONFIG_FILES doc/Makefile" ;; + "doc/credentials/Makefile") CONFIG_FILES="$CONFIG_FILES doc/credentials/Makefile" ;; + "doc/credentials/srp/Makefile") CONFIG_FILES="$CONFIG_FILES doc/credentials/srp/Makefile" ;; + "doc/credentials/x509/Makefile") CONFIG_FILES="$CONFIG_FILES doc/credentials/x509/Makefile" ;; + "doc/doxygen/Doxyfile") CONFIG_FILES="$CONFIG_FILES doc/doxygen/Doxyfile" ;; + "doc/examples/Makefile") CONFIG_FILES="$CONFIG_FILES doc/examples/Makefile" ;; + "doc/latex/Makefile") CONFIG_FILES="$CONFIG_FILES doc/latex/Makefile" ;; + "doc/manpages/Makefile") CONFIG_FILES="$CONFIG_FILES doc/manpages/Makefile" ;; + "doc/reference/Makefile") CONFIG_FILES="$CONFIG_FILES doc/reference/Makefile" ;; + "doc/reference/version.xml") CONFIG_FILES="$CONFIG_FILES doc/reference/version.xml" ;; + "doc/scripts/Makefile") CONFIG_FILES="$CONFIG_FILES doc/scripts/Makefile" ;; + "extra/Makefile") CONFIG_FILES="$CONFIG_FILES extra/Makefile" ;; + "extra/includes/Makefile") CONFIG_FILES="$CONFIG_FILES extra/includes/Makefile" ;; + "libdane/Makefile") CONFIG_FILES="$CONFIG_FILES libdane/Makefile" ;; + "libdane/includes/Makefile") CONFIG_FILES="$CONFIG_FILES libdane/includes/Makefile" ;; + "libdane/gnutls-dane.pc") CONFIG_FILES="$CONFIG_FILES libdane/gnutls-dane.pc" ;; + "gl/Makefile") CONFIG_FILES="$CONFIG_FILES gl/Makefile" ;; + "gl/tests/Makefile") CONFIG_FILES="$CONFIG_FILES gl/tests/Makefile" ;; + "guile/Makefile") CONFIG_FILES="$CONFIG_FILES guile/Makefile" ;; + "guile/src/Makefile") CONFIG_FILES="$CONFIG_FILES guile/src/Makefile" ;; + "lib/Makefile") CONFIG_FILES="$CONFIG_FILES lib/Makefile" ;; + "lib/accelerated/Makefile") CONFIG_FILES="$CONFIG_FILES lib/accelerated/Makefile" ;; + "lib/accelerated/x86/Makefile") CONFIG_FILES="$CONFIG_FILES lib/accelerated/x86/Makefile" ;; + "lib/accelerated/aarch64/Makefile") CONFIG_FILES="$CONFIG_FILES lib/accelerated/aarch64/Makefile" ;; + "lib/algorithms/Makefile") CONFIG_FILES="$CONFIG_FILES lib/algorithms/Makefile" ;; + "lib/auth/Makefile") CONFIG_FILES="$CONFIG_FILES lib/auth/Makefile" ;; + "lib/ext/Makefile") CONFIG_FILES="$CONFIG_FILES lib/ext/Makefile" ;; + "lib/extras/Makefile") CONFIG_FILES="$CONFIG_FILES lib/extras/Makefile" ;; + "lib/gnutls.pc") CONFIG_FILES="$CONFIG_FILES lib/gnutls.pc" ;; + "lib/includes/Makefile") CONFIG_FILES="$CONFIG_FILES lib/includes/Makefile" ;; + "lib/includes/gnutls/gnutls.h") CONFIG_FILES="$CONFIG_FILES lib/includes/gnutls/gnutls.h" ;; + "lib/minitasn1/Makefile") CONFIG_FILES="$CONFIG_FILES lib/minitasn1/Makefile" ;; + "lib/nettle/Makefile") CONFIG_FILES="$CONFIG_FILES lib/nettle/Makefile" ;; + "lib/x509/Makefile") CONFIG_FILES="$CONFIG_FILES lib/x509/Makefile" ;; + "lib/unistring/Makefile") CONFIG_FILES="$CONFIG_FILES lib/unistring/Makefile" ;; + "po/Makefile.in") CONFIG_FILES="$CONFIG_FILES po/Makefile.in" ;; + "src/Makefile") CONFIG_FILES="$CONFIG_FILES src/Makefile" ;; + "src/args-std.def") CONFIG_FILES="$CONFIG_FILES src/args-std.def" ;; + "src/gl/Makefile") CONFIG_FILES="$CONFIG_FILES src/gl/Makefile" ;; + "tests/Makefile") CONFIG_FILES="$CONFIG_FILES tests/Makefile" ;; + "tests/windows/Makefile") CONFIG_FILES="$CONFIG_FILES tests/windows/Makefile" ;; + "tests/cert-tests/Makefile") CONFIG_FILES="$CONFIG_FILES tests/cert-tests/Makefile" ;; + "tests/slow/Makefile") CONFIG_FILES="$CONFIG_FILES tests/slow/Makefile" ;; + "tests/suite/Makefile") CONFIG_FILES="$CONFIG_FILES tests/suite/Makefile" ;; + "fuzz/Makefile") CONFIG_FILES="$CONFIG_FILES fuzz/Makefile" ;; + + *) as_fn_error $? "invalid argument: \`$ac_config_target'" "$LINENO" 5;; + esac +done + + +# If the user did not use the arguments to specify the items to instantiate, +# then the envvar interface is used. Set only those that are not. +# We use the long form for the default assignment because of an extremely +# bizarre bug on SunOS 4.1.3. +if $ac_need_defaults; then + test "${CONFIG_FILES+set}" = set || CONFIG_FILES=$config_files + test "${CONFIG_HEADERS+set}" = set || CONFIG_HEADERS=$config_headers + test "${CONFIG_LINKS+set}" = set || CONFIG_LINKS=$config_links + test "${CONFIG_COMMANDS+set}" = set || CONFIG_COMMANDS=$config_commands +fi + +# Have a temporary directory for convenience. Make it in the build tree +# simply because there is no reason against having it here, and in addition, +# creating and moving files from /tmp can sometimes cause problems. +# Hook for its removal unless debugging. +# Note that there is a small window in which the directory will not be cleaned: +# after its creation but before its name has been assigned to `$tmp'. +$debug || +{ + tmp= ac_tmp= + trap 'exit_status=$? + : "${ac_tmp:=$tmp}" + { test ! -d "$ac_tmp" || rm -fr "$ac_tmp"; } && exit $exit_status +' 0 + trap 'as_fn_exit 1' 1 2 13 15 +} +# Create a (secure) tmp directory for tmp files. + +{ + tmp=`(umask 077 && mktemp -d "./confXXXXXX") 2>/dev/null` && + test -d "$tmp" +} || +{ + tmp=./conf$$-$RANDOM + (umask 077 && mkdir "$tmp") +} || as_fn_error $? "cannot create a temporary directory in ." "$LINENO" 5 +ac_tmp=$tmp + +# Set up the scripts for CONFIG_FILES section. +# No need to generate them if there are no CONFIG_FILES. +# This happens for instance with `./config.status config.h'. +if test -n "$CONFIG_FILES"; then + + +ac_cr=`echo X | tr X '\015'` +# On cygwin, bash can eat \r inside `` if the user requested igncr. +# But we know of no other shell where ac_cr would be empty at this +# point, so we can use a bashism as a fallback. +if test "x$ac_cr" = x; then + eval ac_cr=\$\'\\r\' +fi +ac_cs_awk_cr=`$AWK 'BEGIN { print "a\rb" }' /dev/null` +if test "$ac_cs_awk_cr" = "a${ac_cr}b"; then + ac_cs_awk_cr='\\r' +else + ac_cs_awk_cr=$ac_cr +fi + +echo 'BEGIN {' >"$ac_tmp/subs1.awk" && +_ACEOF + + +{ + echo "cat >conf$$subs.awk <<_ACEOF" && + echo "$ac_subst_vars" | sed 's/.*/&!$&$ac_delim/' && + echo "_ACEOF" +} >conf$$subs.sh || + as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5 +ac_delim_num=`echo "$ac_subst_vars" | grep -c '^'` +ac_delim='%!_!# ' +for ac_last_try in false false false false false :; do + . ./conf$$subs.sh || + as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5 + + ac_delim_n=`sed -n "s/.*$ac_delim\$/X/p" conf$$subs.awk | grep -c X` + if test $ac_delim_n = $ac_delim_num; then + break + elif $ac_last_try; then + as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5 + else + ac_delim="$ac_delim!$ac_delim _$ac_delim!! " + fi +done +rm -f conf$$subs.sh + +cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 +cat >>"\$ac_tmp/subs1.awk" <<\\_ACAWK && +_ACEOF +sed -n ' +h +s/^/S["/; s/!.*/"]=/ +p +g +s/^[^!]*!// +:repl +t repl +s/'"$ac_delim"'$// +t delim +:nl +h +s/\(.\{148\}\)..*/\1/ +t more1 +s/["\\]/\\&/g; s/^/"/; s/$/\\n"\\/ +p +n +b repl +:more1 +s/["\\]/\\&/g; s/^/"/; s/$/"\\/ +p +g +s/.\{148\}// +t nl +:delim +h +s/\(.\{148\}\)..*/\1/ +t more2 +s/["\\]/\\&/g; s/^/"/; s/$/"/ +p +b +:more2 +s/["\\]/\\&/g; s/^/"/; s/$/"\\/ +p +g +s/.\{148\}// +t delim +' >$CONFIG_STATUS || ac_write_fail=1 +rm -f conf$$subs.awk +cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 +_ACAWK +cat >>"\$ac_tmp/subs1.awk" <<_ACAWK && + for (key in S) S_is_set[key] = 1 + FS = "" + +} +{ + line = $ 0 + nfields = split(line, field, "@") + substed = 0 + len = length(field[1]) + for (i = 2; i < nfields; i++) { + key = field[i] + keylen = length(key) + if (S_is_set[key]) { + value = S[key] + line = substr(line, 1, len) "" value "" substr(line, len + keylen + 3) + len += length(value) + length(field[++i]) + substed = 1 + } else + len += 1 + keylen + } + + print line +} + +_ACAWK +_ACEOF +cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 +if sed "s/$ac_cr//" < /dev/null > /dev/null 2>&1; then + sed "s/$ac_cr\$//; s/$ac_cr/$ac_cs_awk_cr/g" +else + cat +fi < "$ac_tmp/subs1.awk" > "$ac_tmp/subs.awk" \ + || as_fn_error $? "could not setup config files machinery" "$LINENO" 5 +_ACEOF + +# VPATH may cause trouble with some makes, so we remove sole $(srcdir), +# ${srcdir} and @srcdir@ entries from VPATH if srcdir is ".", strip leading and +# trailing colons and then remove the whole line if VPATH becomes empty +# (actually we leave an empty line to preserve line numbers). +if test "x$srcdir" = x.; then + ac_vpsub='/^[ ]*VPATH[ ]*=[ ]*/{ +h +s/// +s/^/:/ +s/[ ]*$/:/ +s/:\$(srcdir):/:/g +s/:\${srcdir}:/:/g +s/:@srcdir@:/:/g +s/^:*// +s/:*$// +x +s/\(=[ ]*\).*/\1/ +G +s/\n// +s/^[^=]*=[ ]*$// +}' +fi + +cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 +fi # test -n "$CONFIG_FILES" + +# Set up the scripts for CONFIG_HEADERS section. +# No need to generate them if there are no CONFIG_HEADERS. +# This happens for instance with `./config.status Makefile'. +if test -n "$CONFIG_HEADERS"; then +cat >"$ac_tmp/defines.awk" <<\_ACAWK || +BEGIN { +_ACEOF + +# Transform confdefs.h into an awk script `defines.awk', embedded as +# here-document in config.status, that substitutes the proper values into +# config.h.in to produce config.h. + +# Create a delimiter string that does not exist in confdefs.h, to ease +# handling of long lines. +ac_delim='%!_!# ' +for ac_last_try in false false :; do + ac_tt=`sed -n "/$ac_delim/p" confdefs.h` + if test -z "$ac_tt"; then + break + elif $ac_last_try; then + as_fn_error $? "could not make $CONFIG_HEADERS" "$LINENO" 5 + else + ac_delim="$ac_delim!$ac_delim _$ac_delim!! " + fi +done + +# For the awk script, D is an array of macro values keyed by name, +# likewise P contains macro parameters if any. Preserve backslash +# newline sequences. + +ac_word_re=[_$as_cr_Letters][_$as_cr_alnum]* +sed -n ' +s/.\{148\}/&'"$ac_delim"'/g +t rset +:rset +s/^[ ]*#[ ]*define[ ][ ]*/ / +t def +d +:def +s/\\$// +t bsnl +s/["\\]/\\&/g +s/^ \('"$ac_word_re"'\)\(([^()]*)\)[ ]*\(.*\)/P["\1"]="\2"\ +D["\1"]=" \3"/p +s/^ \('"$ac_word_re"'\)[ ]*\(.*\)/D["\1"]=" \2"/p +d +:bsnl +s/["\\]/\\&/g +s/^ \('"$ac_word_re"'\)\(([^()]*)\)[ ]*\(.*\)/P["\1"]="\2"\ +D["\1"]=" \3\\\\\\n"\\/p +t cont +s/^ \('"$ac_word_re"'\)[ ]*\(.*\)/D["\1"]=" \2\\\\\\n"\\/p +t cont +d +:cont +n +s/.\{148\}/&'"$ac_delim"'/g +t clear +:clear +s/\\$// +t bsnlc +s/["\\]/\\&/g; s/^/"/; s/$/"/p +d +:bsnlc +s/["\\]/\\&/g; s/^/"/; s/$/\\\\\\n"\\/p +b cont +' >$CONFIG_STATUS || ac_write_fail=1 + +cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 + for (key in D) D_is_set[key] = 1 + FS = "" +} +/^[\t ]*#[\t ]*(define|undef)[\t ]+$ac_word_re([\t (]|\$)/ { + line = \$ 0 + split(line, arg, " ") + if (arg[1] == "#") { + defundef = arg[2] + mac1 = arg[3] + } else { + defundef = substr(arg[1], 2) + mac1 = arg[2] + } + split(mac1, mac2, "(") #) + macro = mac2[1] + prefix = substr(line, 1, index(line, defundef) - 1) + if (D_is_set[macro]) { + # Preserve the white space surrounding the "#". + print prefix "define", macro P[macro] D[macro] + next + } else { + # Replace #undef with comments. This is necessary, for example, + # in the case of _POSIX_SOURCE, which is predefined and required + # on some systems where configure will not decide to define it. + if (defundef == "undef") { + print "/*", prefix defundef, macro, "*/" + next + } + } +} +{ print } +_ACAWK +_ACEOF +cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 + as_fn_error $? "could not setup config headers machinery" "$LINENO" 5 +fi # test -n "$CONFIG_HEADERS" + + +eval set X " :F $CONFIG_FILES :H $CONFIG_HEADERS :L $CONFIG_LINKS :C $CONFIG_COMMANDS" +shift +for ac_tag +do + case $ac_tag in + :[FHLC]) ac_mode=$ac_tag; continue;; + esac + case $ac_mode$ac_tag in + :[FHL]*:*);; + :L* | :C*:*) as_fn_error $? "invalid tag \`$ac_tag'" "$LINENO" 5;; + :[FH]-) ac_tag=-:-;; + :[FH]*) ac_tag=$ac_tag:$ac_tag.in;; + esac + ac_save_IFS=$IFS + IFS=: + set x $ac_tag + IFS=$ac_save_IFS + shift + ac_file=$1 + shift + + case $ac_mode in + :L) ac_source=$1;; + :[FH]) + ac_file_inputs= + for ac_f + do + case $ac_f in + -) ac_f="$ac_tmp/stdin";; + *) # Look for the file first in the build tree, then in the source tree + # (if the path is not absolute). The absolute path cannot be DOS-style, + # because $ac_f cannot contain `:'. + test -f "$ac_f" || + case $ac_f in + [\\/$]*) false;; + *) test -f "$srcdir/$ac_f" && ac_f="$srcdir/$ac_f";; + esac || + as_fn_error 1 "cannot find input file: \`$ac_f'" "$LINENO" 5;; + esac + case $ac_f in *\'*) ac_f=`$as_echo "$ac_f" | sed "s/'/'\\\\\\\\''/g"`;; esac + as_fn_append ac_file_inputs " '$ac_f'" + done + + # Let's still pretend it is `configure' which instantiates (i.e., don't + # use $as_me), people would be surprised to read: + # /* config.h. Generated by config.status. */ + configure_input='Generated from '` + $as_echo "$*" | sed 's|^[^:]*/||;s|:[^:]*/|, |g' + `' by configure.' + if test x"$ac_file" != x-; then + configure_input="$ac_file. $configure_input" + { $as_echo "$as_me:${as_lineno-$LINENO}: creating $ac_file" >&5 +$as_echo "$as_me: creating $ac_file" >&6;} + fi + # Neutralize special characters interpreted by sed in replacement strings. + case $configure_input in #( + *\&* | *\|* | *\\* ) + ac_sed_conf_input=`$as_echo "$configure_input" | + sed 's/[\\\\&|]/\\\\&/g'`;; #( + *) ac_sed_conf_input=$configure_input;; + esac + + case $ac_tag in + *:-:* | *:-) cat >"$ac_tmp/stdin" \ + || as_fn_error $? "could not create $ac_file" "$LINENO" 5 ;; + esac + ;; + esac + + ac_dir=`$as_dirname -- "$ac_file" || +$as_expr X"$ac_file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$ac_file" : 'X\(//\)[^/]' \| \ + X"$ac_file" : 'X\(//\)$' \| \ + X"$ac_file" : 'X\(/\)' \| . 2>/dev/null || +$as_echo X"$ac_file" | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ + s//\1/ + q + } + /^X\(\/\/\)[^/].*/{ + s//\1/ + q + } + /^X\(\/\/\)$/{ + s//\1/ + q + } + /^X\(\/\).*/{ + s//\1/ + q + } + s/.*/./; q'` + as_dir="$ac_dir"; as_fn_mkdir_p + ac_builddir=. + +case "$ac_dir" in +.) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;; +*) + ac_dir_suffix=/`$as_echo "$ac_dir" | sed 's|^\.[\\/]||'` + # A ".." for each directory in $ac_dir_suffix. + ac_top_builddir_sub=`$as_echo "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'` + case $ac_top_builddir_sub in + "") ac_top_builddir_sub=. ac_top_build_prefix= ;; + *) ac_top_build_prefix=$ac_top_builddir_sub/ ;; + esac ;; +esac +ac_abs_top_builddir=$ac_pwd +ac_abs_builddir=$ac_pwd$ac_dir_suffix +# for backward compatibility: +ac_top_builddir=$ac_top_build_prefix + +case $srcdir in + .) # We are building in place. + ac_srcdir=. + ac_top_srcdir=$ac_top_builddir_sub + ac_abs_top_srcdir=$ac_pwd ;; + [\\/]* | ?:[\\/]* ) # Absolute name. + ac_srcdir=$srcdir$ac_dir_suffix; + ac_top_srcdir=$srcdir + ac_abs_top_srcdir=$srcdir ;; + *) # Relative name. + ac_srcdir=$ac_top_build_prefix$srcdir$ac_dir_suffix + ac_top_srcdir=$ac_top_build_prefix$srcdir + ac_abs_top_srcdir=$ac_pwd/$srcdir ;; +esac +ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix + + + case $ac_mode in + :F) + # + # CONFIG_FILE + # + + case $INSTALL in + [\\/$]* | ?:[\\/]* ) ac_INSTALL=$INSTALL ;; + *) ac_INSTALL=$ac_top_build_prefix$INSTALL ;; + esac + ac_MKDIR_P=$MKDIR_P + case $MKDIR_P in + [\\/$]* | ?:[\\/]* ) ;; + */*) ac_MKDIR_P=$ac_top_build_prefix$MKDIR_P ;; + esac +_ACEOF + +cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 +# If the template does not know about datarootdir, expand it. +# FIXME: This hack should be removed a few years after 2.60. +ac_datarootdir_hack=; ac_datarootdir_seen= +ac_sed_dataroot=' +/datarootdir/ { + p + q +} +/@datadir@/p +/@docdir@/p +/@infodir@/p +/@localedir@/p +/@mandir@/p' +case `eval "sed -n \"\$ac_sed_dataroot\" $ac_file_inputs"` in +*datarootdir*) ac_datarootdir_seen=yes;; +*@datadir@*|*@docdir@*|*@infodir@*|*@localedir@*|*@mandir@*) + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&5 +$as_echo "$as_me: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&2;} +_ACEOF +cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 + ac_datarootdir_hack=' + s&@datadir@&$datadir&g + s&@docdir@&$docdir&g + s&@infodir@&$infodir&g + s&@localedir@&$localedir&g + s&@mandir@&$mandir&g + s&\\\${datarootdir}&$datarootdir&g' ;; +esac +_ACEOF + +# Neutralize VPATH when `$srcdir' = `.'. +# Shell code in configure.ac might set extrasub. +# FIXME: do we really want to maintain this feature? +cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 +ac_sed_extra="$ac_vpsub +$extrasub +_ACEOF +cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 +:t +/@[a-zA-Z_][a-zA-Z_0-9]*@/!b +s|@configure_input@|$ac_sed_conf_input|;t t +s&@top_builddir@&$ac_top_builddir_sub&;t t +s&@top_build_prefix@&$ac_top_build_prefix&;t t +s&@srcdir@&$ac_srcdir&;t t +s&@abs_srcdir@&$ac_abs_srcdir&;t t +s&@top_srcdir@&$ac_top_srcdir&;t t +s&@abs_top_srcdir@&$ac_abs_top_srcdir&;t t +s&@builddir@&$ac_builddir&;t t +s&@abs_builddir@&$ac_abs_builddir&;t t +s&@abs_top_builddir@&$ac_abs_top_builddir&;t t +s&@INSTALL@&$ac_INSTALL&;t t +s&@MKDIR_P@&$ac_MKDIR_P&;t t +$ac_datarootdir_hack +" +eval sed \"\$ac_sed_extra\" "$ac_file_inputs" | $AWK -f "$ac_tmp/subs.awk" \ + >$ac_tmp/out || as_fn_error $? "could not create $ac_file" "$LINENO" 5 + +test -z "$ac_datarootdir_hack$ac_datarootdir_seen" && + { ac_out=`sed -n '/\${datarootdir}/p' "$ac_tmp/out"`; test -n "$ac_out"; } && + { ac_out=`sed -n '/^[ ]*datarootdir[ ]*:*=/p' \ + "$ac_tmp/out"`; test -z "$ac_out"; } && + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file contains a reference to the variable \`datarootdir' +which seems to be undefined. Please make sure it is defined" >&5 +$as_echo "$as_me: WARNING: $ac_file contains a reference to the variable \`datarootdir' +which seems to be undefined. Please make sure it is defined" >&2;} + + rm -f "$ac_tmp/stdin" + case $ac_file in + -) cat "$ac_tmp/out" && rm -f "$ac_tmp/out";; + *) rm -f "$ac_file" && mv "$ac_tmp/out" "$ac_file";; + esac \ + || as_fn_error $? "could not create $ac_file" "$LINENO" 5 + ;; + :H) + # + # CONFIG_HEADER + # + if test x"$ac_file" != x-; then + { + $as_echo "/* $configure_input */" \ + && eval '$AWK -f "$ac_tmp/defines.awk"' "$ac_file_inputs" + } >"$ac_tmp/config.h" \ + || as_fn_error $? "could not create $ac_file" "$LINENO" 5 + if diff "$ac_file" "$ac_tmp/config.h" >/dev/null 2>&1; then + { $as_echo "$as_me:${as_lineno-$LINENO}: $ac_file is unchanged" >&5 +$as_echo "$as_me: $ac_file is unchanged" >&6;} + else + rm -f "$ac_file" + mv "$ac_tmp/config.h" "$ac_file" \ + || as_fn_error $? "could not create $ac_file" "$LINENO" 5 + fi + else + $as_echo "/* $configure_input */" \ + && eval '$AWK -f "$ac_tmp/defines.awk"' "$ac_file_inputs" \ + || as_fn_error $? "could not create -" "$LINENO" 5 + fi +# Compute "$ac_file"'s index in $config_headers. +_am_arg="$ac_file" +_am_stamp_count=1 +for _am_header in $config_headers :; do + case $_am_header in + $_am_arg | $_am_arg:* ) + break ;; + * ) + _am_stamp_count=`expr $_am_stamp_count + 1` ;; + esac +done +echo "timestamp for $_am_arg" >`$as_dirname -- "$_am_arg" || +$as_expr X"$_am_arg" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$_am_arg" : 'X\(//\)[^/]' \| \ + X"$_am_arg" : 'X\(//\)$' \| \ + X"$_am_arg" : 'X\(/\)' \| . 2>/dev/null || +$as_echo X"$_am_arg" | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ + s//\1/ + q + } + /^X\(\/\/\)[^/].*/{ + s//\1/ + q + } + /^X\(\/\/\)$/{ + s//\1/ + q + } + /^X\(\/\).*/{ + s//\1/ + q + } + s/.*/./; q'`/stamp-h$_am_stamp_count + ;; + :L) + # + # CONFIG_LINK + # + + if test "$ac_source" = "$ac_file" && test "$srcdir" = '.'; then + : + else + # Prefer the file from the source tree if names are identical. + if test "$ac_source" = "$ac_file" || test ! -r "$ac_source"; then + ac_source=$srcdir/$ac_source + fi + + { $as_echo "$as_me:${as_lineno-$LINENO}: linking $ac_source to $ac_file" >&5 +$as_echo "$as_me: linking $ac_source to $ac_file" >&6;} + + if test ! -r "$ac_source"; then + as_fn_error $? "$ac_source: file not found" "$LINENO" 5 + fi + rm -f "$ac_file" + + # Try a relative symlink, then a hard link, then a copy. + case $ac_source in + [\\/$]* | ?:[\\/]* ) ac_rel_source=$ac_source ;; + *) ac_rel_source=$ac_top_build_prefix$ac_source ;; + esac + ln -s "$ac_rel_source" "$ac_file" 2>/dev/null || + ln "$ac_source" "$ac_file" 2>/dev/null || + cp -p "$ac_source" "$ac_file" || + as_fn_error $? "cannot link or copy $ac_source to $ac_file" "$LINENO" 5 + fi + ;; + :C) { $as_echo "$as_me:${as_lineno-$LINENO}: executing $ac_file commands" >&5 +$as_echo "$as_me: executing $ac_file commands" >&6;} + ;; + esac + + + case $ac_file$ac_mode in + "depfiles":C) test x"$AMDEP_TRUE" != x"" || { + # Older Autoconf quotes --file arguments for eval, but not when files + # are listed without --file. Let's play safe and only enable the eval + # if we detect the quoting. + # TODO: see whether this extra hack can be removed once we start + # requiring Autoconf 2.70 or later. + case $CONFIG_FILES in #( + *\'*) : + eval set x "$CONFIG_FILES" ;; #( + *) : + set x $CONFIG_FILES ;; #( + *) : + ;; +esac + shift + # Used to flag and report bootstrapping failures. + am_rc=0 + for am_mf + do + # Strip MF so we end up with the name of the file. + am_mf=`$as_echo "$am_mf" | sed -e 's/:.*$//'` + # Check whether this is an Automake generated Makefile which includes + # dependency-tracking related rules and includes. + # Grep'ing the whole file directly is not great: AIX grep has a line + # limit of 2048, but all sed's we know have understand at least 4000. + sed -n 's,^am--depfiles:.*,X,p' "$am_mf" | grep X >/dev/null 2>&1 \ + || continue + am_dirpart=`$as_dirname -- "$am_mf" || +$as_expr X"$am_mf" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$am_mf" : 'X\(//\)[^/]' \| \ + X"$am_mf" : 'X\(//\)$' \| \ + X"$am_mf" : 'X\(/\)' \| . 2>/dev/null || +$as_echo X"$am_mf" | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ + s//\1/ + q + } + /^X\(\/\/\)[^/].*/{ + s//\1/ + q + } + /^X\(\/\/\)$/{ + s//\1/ + q + } + /^X\(\/\).*/{ + s//\1/ + q + } + s/.*/./; q'` + am_filepart=`$as_basename -- "$am_mf" || +$as_expr X/"$am_mf" : '.*/\([^/][^/]*\)/*$' \| \ + X"$am_mf" : 'X\(//\)$' \| \ + X"$am_mf" : 'X\(/\)' \| . 2>/dev/null || +$as_echo X/"$am_mf" | + sed '/^.*\/\([^/][^/]*\)\/*$/{ + s//\1/ + q + } + /^X\/\(\/\/\)$/{ + s//\1/ + q + } + /^X\/\(\/\).*/{ + s//\1/ + q + } + s/.*/./; q'` + { echo "$as_me:$LINENO: cd "$am_dirpart" \ + && sed -e '/# am--include-marker/d' "$am_filepart" \ + | $MAKE -f - am--depfiles" >&5 + (cd "$am_dirpart" \ + && sed -e '/# am--include-marker/d' "$am_filepart" \ + | $MAKE -f - am--depfiles) >&5 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } || am_rc=$? + done + if test $am_rc -ne 0; then + { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error $? "Something went wrong bootstrapping makefile fragments + for automatic dependency tracking. Try re-running configure with the + '--disable-dependency-tracking' option to at least be able to build + the package (albeit without support for automatic dependency tracking). +See \`config.log' for more details" "$LINENO" 5; } + fi + { am_dirpart=; unset am_dirpart;} + { am_filepart=; unset am_filepart;} + { am_mf=; unset am_mf;} + { am_rc=; unset am_rc;} + rm -f conftest-deps.mk +} + ;; + "po-directories":C) + for ac_file in $CONFIG_FILES; do + # Support "outfile[:infile[:infile...]]" + case "$ac_file" in + *:*) ac_file=`echo "$ac_file"|sed 's%:.*%%'` ;; + esac + # PO directories have a Makefile.in generated from Makefile.in.in. + case "$ac_file" in */Makefile.in) + # Adjust a relative srcdir. + ac_dir=`echo "$ac_file"|sed 's%/[^/][^/]*$%%'` + ac_dir_suffix=/`echo "$ac_dir"|sed 's%^\./%%'` + ac_dots=`echo "$ac_dir_suffix"|sed 's%/[^/]*%../%g'` + # In autoconf-2.13 it is called $ac_given_srcdir. + # In autoconf-2.50 it is called $srcdir. + test -n "$ac_given_srcdir" || ac_given_srcdir="$srcdir" + case "$ac_given_srcdir" in + .) top_srcdir=`echo $ac_dots|sed 's%/$%%'` ;; + /*) top_srcdir="$ac_given_srcdir" ;; + *) top_srcdir="$ac_dots$ac_given_srcdir" ;; + esac + # Treat a directory as a PO directory if and only if it has a + # POTFILES.in file. This allows packages to have multiple PO + # directories under different names or in different locations. + if test -f "$ac_given_srcdir/$ac_dir/POTFILES.in"; then + rm -f "$ac_dir/POTFILES" + test -n "$as_me" && echo "$as_me: creating $ac_dir/POTFILES" || echo "creating $ac_dir/POTFILES" + gt_tab=`printf '\t'` + cat "$ac_given_srcdir/$ac_dir/POTFILES.in" | sed -e "/^#/d" -e "/^[ ${gt_tab}]*\$/d" -e "s,.*, $top_srcdir/& \\\\," | sed -e "\$s/\(.*\) \\\\/\1/" > "$ac_dir/POTFILES" + POMAKEFILEDEPS="POTFILES.in" + # ALL_LINGUAS, POFILES, UPDATEPOFILES, DUMMYPOFILES, GMOFILES depend + # on $ac_dir but don't depend on user-specified configuration + # parameters. + if test -f "$ac_given_srcdir/$ac_dir/LINGUAS"; then + # The LINGUAS file contains the set of available languages. + if test -n "$OBSOLETE_ALL_LINGUAS"; then + test -n "$as_me" && echo "$as_me: setting ALL_LINGUAS in configure.in is obsolete" || echo "setting ALL_LINGUAS in configure.in is obsolete" + fi + ALL_LINGUAS_=`sed -e "/^#/d" -e "s/#.*//" "$ac_given_srcdir/$ac_dir/LINGUAS"` + # Hide the ALL_LINGUAS assignment from automake < 1.5. + eval 'ALL_LINGUAS''=$ALL_LINGUAS_' + POMAKEFILEDEPS="$POMAKEFILEDEPS LINGUAS" + else + # The set of available languages was given in configure.in. + # Hide the ALL_LINGUAS assignment from automake < 1.5. + eval 'ALL_LINGUAS''=$OBSOLETE_ALL_LINGUAS' + fi + # Compute POFILES + # as $(foreach lang, $(ALL_LINGUAS), $(srcdir)/$(lang).po) + # Compute UPDATEPOFILES + # as $(foreach lang, $(ALL_LINGUAS), $(lang).po-update) + # Compute DUMMYPOFILES + # as $(foreach lang, $(ALL_LINGUAS), $(lang).nop) + # Compute GMOFILES + # as $(foreach lang, $(ALL_LINGUAS), $(srcdir)/$(lang).gmo) + case "$ac_given_srcdir" in + .) srcdirpre= ;; + *) srcdirpre='$(srcdir)/' ;; + esac + POFILES= + UPDATEPOFILES= + DUMMYPOFILES= + GMOFILES= + for lang in $ALL_LINGUAS; do + POFILES="$POFILES $srcdirpre$lang.po" + UPDATEPOFILES="$UPDATEPOFILES $lang.po-update" + DUMMYPOFILES="$DUMMYPOFILES $lang.nop" + GMOFILES="$GMOFILES $srcdirpre$lang.gmo" + done + # CATALOGS depends on both $ac_dir and the user's LINGUAS + # environment variable. + INST_LINGUAS= + if test -n "$ALL_LINGUAS"; then + for presentlang in $ALL_LINGUAS; do + useit=no + if test "%UNSET%" != "$LINGUAS"; then + desiredlanguages="$LINGUAS" + else + desiredlanguages="$ALL_LINGUAS" + fi + for desiredlang in $desiredlanguages; do + # Use the presentlang catalog if desiredlang is + # a. equal to presentlang, or + # b. a variant of presentlang (because in this case, + # presentlang can be used as a fallback for messages + # which are not translated in the desiredlang catalog). + case "$desiredlang" in + "$presentlang"*) useit=yes;; + esac + done + if test $useit = yes; then + INST_LINGUAS="$INST_LINGUAS $presentlang" + fi + done + fi + CATALOGS= + if test -n "$INST_LINGUAS"; then + for lang in $INST_LINGUAS; do + CATALOGS="$CATALOGS $lang.gmo" + done + fi + test -n "$as_me" && echo "$as_me: creating $ac_dir/Makefile" || echo "creating $ac_dir/Makefile" + sed -e "/^POTFILES =/r $ac_dir/POTFILES" -e "/^# Makevars/r $ac_given_srcdir/$ac_dir/Makevars" -e "s|@POFILES@|$POFILES|g" -e "s|@UPDATEPOFILES@|$UPDATEPOFILES|g" -e "s|@DUMMYPOFILES@|$DUMMYPOFILES|g" -e "s|@GMOFILES@|$GMOFILES|g" -e "s|@CATALOGS@|$CATALOGS|g" -e "s|@POMAKEFILEDEPS@|$POMAKEFILEDEPS|g" "$ac_dir/Makefile.in" > "$ac_dir/Makefile" + for f in "$ac_given_srcdir/$ac_dir"/Rules-*; do + if test -f "$f"; then + case "$f" in + *.orig | *.bak | *~) ;; + *) cat "$f" >> "$ac_dir/Makefile" ;; + esac + fi + done + fi + ;; + esac + done ;; + "libtool":C) + + # See if we are running on zsh, and set the options that allow our + # commands through without removal of \ escapes. + if test -n "${ZSH_VERSION+set}"; then + setopt NO_GLOB_SUBST + fi + + cfgfile=${ofile}T + trap "$RM \"$cfgfile\"; exit 1" 1 2 15 + $RM "$cfgfile" + + cat <<_LT_EOF >> "$cfgfile" +#! $SHELL +# Generated automatically by $as_me ($PACKAGE) $VERSION +# NOTE: Changes made to this file will be lost: look at ltmain.sh. + +# Provide generalized library-building support services. +# Written by Gordon Matzigkeit, 1996 + +# Copyright (C) 2014 Free Software Foundation, Inc. +# This is free software; see the source for copying conditions. There is NO +# warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. + +# GNU Libtool is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of of the License, or +# (at your option) any later version. +# +# As a special exception to the GNU General Public License, if you +# distribute this file as part of a program or library that is built +# using GNU Libtool, you may include this file under the same +# distribution terms that you use for the rest of that program. +# +# GNU Libtool is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + + +# The names of the tagged configurations supported by this script. +available_tags='CXX ' + +# Configured defaults for sys_lib_dlsearch_path munging. +: \${LT_SYS_LIBRARY_PATH="$configure_time_lt_sys_library_path"} + +# ### BEGIN LIBTOOL CONFIG + +# Which release of libtool.m4 was used? +macro_version=$macro_version +macro_revision=$macro_revision + +# Whether or not to build static libraries. +build_old_libs=$enable_static + +# Whether or not to build shared libraries. +build_libtool_libs=$enable_shared + +# What type of objects to build. +pic_mode=$pic_mode + +# Whether or not to optimize for fast installation. +fast_install=$enable_fast_install + +# Shared archive member basename,for filename based shared library versioning on AIX. +shared_archive_member_spec=$shared_archive_member_spec + +# Shell to use when invoking shell scripts. +SHELL=$lt_SHELL + +# An echo program that protects backslashes. +ECHO=$lt_ECHO + +# The PATH separator for the build system. +PATH_SEPARATOR=$lt_PATH_SEPARATOR + +# The host system. +host_alias=$host_alias +host=$host +host_os=$host_os + +# The build system. +build_alias=$build_alias +build=$build +build_os=$build_os + +# A sed program that does not truncate output. +SED=$lt_SED + +# Sed that helps us avoid accidentally triggering echo(1) options like -n. +Xsed="\$SED -e 1s/^X//" + +# A grep program that handles long lines. +GREP=$lt_GREP + +# An ERE matcher. +EGREP=$lt_EGREP + +# A literal string matcher. +FGREP=$lt_FGREP + +# A BSD- or MS-compatible name lister. +NM=$lt_NM + +# Whether we need soft or hard links. +LN_S=$lt_LN_S + +# What is the maximum length of a command? +max_cmd_len=$max_cmd_len + +# Object file suffix (normally "o"). +objext=$ac_objext + +# Executable file suffix (normally ""). +exeext=$exeext + +# whether the shell understands "unset". +lt_unset=$lt_unset + +# turn spaces into newlines. +SP2NL=$lt_lt_SP2NL + +# turn newlines into spaces. +NL2SP=$lt_lt_NL2SP + +# convert \$build file names to \$host format. +to_host_file_cmd=$lt_cv_to_host_file_cmd + +# convert \$build files to toolchain format. +to_tool_file_cmd=$lt_cv_to_tool_file_cmd + +# An object symbol dumper. +OBJDUMP=$lt_OBJDUMP + +# Method to check whether dependent libraries are shared objects. +deplibs_check_method=$lt_deplibs_check_method + +# Command to use when deplibs_check_method = "file_magic". +file_magic_cmd=$lt_file_magic_cmd + +# How to find potential files when deplibs_check_method = "file_magic". +file_magic_glob=$lt_file_magic_glob + +# Find potential files using nocaseglob when deplibs_check_method = "file_magic". +want_nocaseglob=$lt_want_nocaseglob + +# DLL creation program. +DLLTOOL=$lt_DLLTOOL + +# Command to associate shared and link libraries. +sharedlib_from_linklib_cmd=$lt_sharedlib_from_linklib_cmd + +# The archiver. +AR=$lt_AR + +# Flags to create an archive. +AR_FLAGS=$lt_AR_FLAGS + +# How to feed a file listing to the archiver. +archiver_list_spec=$lt_archiver_list_spec + +# A symbol stripping program. +STRIP=$lt_STRIP + +# Commands used to install an old-style archive. +RANLIB=$lt_RANLIB +old_postinstall_cmds=$lt_old_postinstall_cmds +old_postuninstall_cmds=$lt_old_postuninstall_cmds + +# Whether to use a lock for old archive extraction. +lock_old_archive_extraction=$lock_old_archive_extraction + +# A C compiler. +LTCC=$lt_CC + +# LTCC compiler flags. +LTCFLAGS=$lt_CFLAGS + +# Take the output of nm and produce a listing of raw symbols and C names. +global_symbol_pipe=$lt_lt_cv_sys_global_symbol_pipe + +# Transform the output of nm in a proper C declaration. +global_symbol_to_cdecl=$lt_lt_cv_sys_global_symbol_to_cdecl + +# Transform the output of nm into a list of symbols to manually relocate. +global_symbol_to_import=$lt_lt_cv_sys_global_symbol_to_import + +# Transform the output of nm in a C name address pair. +global_symbol_to_c_name_address=$lt_lt_cv_sys_global_symbol_to_c_name_address + +# Transform the output of nm in a C name address pair when lib prefix is needed. +global_symbol_to_c_name_address_lib_prefix=$lt_lt_cv_sys_global_symbol_to_c_name_address_lib_prefix + +# The name lister interface. +nm_interface=$lt_lt_cv_nm_interface + +# Specify filename containing input files for \$NM. +nm_file_list_spec=$lt_nm_file_list_spec + +# The root where to search for dependent libraries,and where our libraries should be installed. +lt_sysroot=$lt_sysroot + +# Command to truncate a binary pipe. +lt_truncate_bin=$lt_lt_cv_truncate_bin + +# The name of the directory that contains temporary libtool files. +objdir=$objdir + +# Used to examine libraries when file_magic_cmd begins with "file". +MAGIC_CMD=$MAGIC_CMD + +# Must we lock files when doing compilation? +need_locks=$lt_need_locks + +# Manifest tool. +MANIFEST_TOOL=$lt_MANIFEST_TOOL + +# Tool to manipulate archived DWARF debug symbol files on Mac OS X. +DSYMUTIL=$lt_DSYMUTIL + +# Tool to change global to local symbols on Mac OS X. +NMEDIT=$lt_NMEDIT + +# Tool to manipulate fat objects and archives on Mac OS X. +LIPO=$lt_LIPO + +# ldd/readelf like tool for Mach-O binaries on Mac OS X. +OTOOL=$lt_OTOOL + +# ldd/readelf like tool for 64 bit Mach-O binaries on Mac OS X 10.4. +OTOOL64=$lt_OTOOL64 + +# Old archive suffix (normally "a"). +libext=$libext + +# Shared library suffix (normally ".so"). +shrext_cmds=$lt_shrext_cmds + +# The commands to extract the exported symbol list from a shared archive. +extract_expsyms_cmds=$lt_extract_expsyms_cmds + +# Variables whose values should be saved in libtool wrapper scripts and +# restored at link time. +variables_saved_for_relink=$lt_variables_saved_for_relink + +# Do we need the "lib" prefix for modules? +need_lib_prefix=$need_lib_prefix + +# Do we need a version for libraries? +need_version=$need_version + +# Library versioning type. +version_type=$version_type + +# Shared library runtime path variable. +runpath_var=$runpath_var + +# Shared library path variable. +shlibpath_var=$shlibpath_var + +# Is shlibpath searched before the hard-coded library search path? +shlibpath_overrides_runpath=$shlibpath_overrides_runpath + +# Format of library name prefix. +libname_spec=$lt_libname_spec + +# List of archive names. First name is the real one, the rest are links. +# The last name is the one that the linker finds with -lNAME +library_names_spec=$lt_library_names_spec + +# The coded name of the library, if different from the real name. +soname_spec=$lt_soname_spec + +# Permission mode override for installation of shared libraries. +install_override_mode=$lt_install_override_mode + +# Command to use after installation of a shared archive. +postinstall_cmds=$lt_postinstall_cmds + +# Command to use after uninstallation of a shared archive. +postuninstall_cmds=$lt_postuninstall_cmds + +# Commands used to finish a libtool library installation in a directory. +finish_cmds=$lt_finish_cmds + +# As "finish_cmds", except a single script fragment to be evaled but +# not shown. +finish_eval=$lt_finish_eval + +# Whether we should hardcode library paths into libraries. +hardcode_into_libs=$hardcode_into_libs + +# Compile-time system search path for libraries. +sys_lib_search_path_spec=$lt_sys_lib_search_path_spec + +# Detected run-time system search path for libraries. +sys_lib_dlsearch_path_spec=$lt_configure_time_dlsearch_path + +# Explicit LT_SYS_LIBRARY_PATH set during ./configure time. +configure_time_lt_sys_library_path=$lt_configure_time_lt_sys_library_path + +# Whether dlopen is supported. +dlopen_support=$enable_dlopen + +# Whether dlopen of programs is supported. +dlopen_self=$enable_dlopen_self + +# Whether dlopen of statically linked programs is supported. +dlopen_self_static=$enable_dlopen_self_static + +# Commands to strip libraries. +old_striplib=$lt_old_striplib +striplib=$lt_striplib + + +# The linker used to build libraries. +LD=$lt_LD + +# How to create reloadable object files. +reload_flag=$lt_reload_flag +reload_cmds=$lt_reload_cmds + +# Commands used to build an old-style archive. +old_archive_cmds=$lt_old_archive_cmds + +# A language specific compiler. +CC=$lt_compiler + +# Is the compiler the GNU compiler? +with_gcc=$GCC + +# Compiler flag to turn off builtin functions. +no_builtin_flag=$lt_lt_prog_compiler_no_builtin_flag + +# Additional compiler flags for building library objects. +pic_flag=$lt_lt_prog_compiler_pic + +# How to pass a linker flag through the compiler. +wl=$lt_lt_prog_compiler_wl + +# Compiler flag to prevent dynamic linking. +link_static_flag=$lt_lt_prog_compiler_static + +# Does compiler simultaneously support -c and -o options? +compiler_c_o=$lt_lt_cv_prog_compiler_c_o + +# Whether or not to add -lc for building shared libraries. +build_libtool_need_lc=$archive_cmds_need_lc + +# Whether or not to disallow shared libs when runtime libs are static. +allow_libtool_libs_with_static_runtimes=$enable_shared_with_static_runtimes + +# Compiler flag to allow reflexive dlopens. +export_dynamic_flag_spec=$lt_export_dynamic_flag_spec + +# Compiler flag to generate shared objects directly from archives. +whole_archive_flag_spec=$lt_whole_archive_flag_spec + +# Whether the compiler copes with passing no objects directly. +compiler_needs_object=$lt_compiler_needs_object + +# Create an old-style archive from a shared archive. +old_archive_from_new_cmds=$lt_old_archive_from_new_cmds + +# Create a temporary old-style archive to link instead of a shared archive. +old_archive_from_expsyms_cmds=$lt_old_archive_from_expsyms_cmds + +# Commands used to build a shared archive. +archive_cmds=$lt_archive_cmds +archive_expsym_cmds=$lt_archive_expsym_cmds + +# Commands used to build a loadable module if different from building +# a shared archive. +module_cmds=$lt_module_cmds +module_expsym_cmds=$lt_module_expsym_cmds + +# Whether we are building with GNU ld or not. +with_gnu_ld=$lt_with_gnu_ld + +# Flag that allows shared libraries with undefined symbols to be built. +allow_undefined_flag=$lt_allow_undefined_flag + +# Flag that enforces no undefined symbols. +no_undefined_flag=$lt_no_undefined_flag + +# Flag to hardcode \$libdir into a binary during linking. +# This must work even if \$libdir does not exist +hardcode_libdir_flag_spec=$lt_hardcode_libdir_flag_spec + +# Whether we need a single "-rpath" flag with a separated argument. +hardcode_libdir_separator=$lt_hardcode_libdir_separator + +# Set to "yes" if using DIR/libNAME\$shared_ext during linking hardcodes +# DIR into the resulting binary. +hardcode_direct=$hardcode_direct + +# Set to "yes" if using DIR/libNAME\$shared_ext during linking hardcodes +# DIR into the resulting binary and the resulting library dependency is +# "absolute",i.e impossible to change by setting \$shlibpath_var if the +# library is relocated. +hardcode_direct_absolute=$hardcode_direct_absolute + +# Set to "yes" if using the -LDIR flag during linking hardcodes DIR +# into the resulting binary. +hardcode_minus_L=$hardcode_minus_L + +# Set to "yes" if using SHLIBPATH_VAR=DIR during linking hardcodes DIR +# into the resulting binary. +hardcode_shlibpath_var=$hardcode_shlibpath_var + +# Set to "yes" if building a shared library automatically hardcodes DIR +# into the library and all subsequent libraries and executables linked +# against it. +hardcode_automatic=$hardcode_automatic + +# Set to yes if linker adds runtime paths of dependent libraries +# to runtime path list. +inherit_rpath=$inherit_rpath + +# Whether libtool must link a program against all its dependency libraries. +link_all_deplibs=$link_all_deplibs + +# Set to "yes" if exported symbols are required. +always_export_symbols=$always_export_symbols + +# The commands to list exported symbols. +export_symbols_cmds=$lt_export_symbols_cmds + +# Symbols that should not be listed in the preloaded symbols. +exclude_expsyms=$lt_exclude_expsyms + +# Symbols that must always be exported. +include_expsyms=$lt_include_expsyms + +# Commands necessary for linking programs (against libraries) with templates. +prelink_cmds=$lt_prelink_cmds + +# Commands necessary for finishing linking programs. +postlink_cmds=$lt_postlink_cmds + +# Specify filename containing input files. +file_list_spec=$lt_file_list_spec + +# How to hardcode a shared library path into an executable. +hardcode_action=$hardcode_action + +# The directories searched by this compiler when creating a shared library. +compiler_lib_search_dirs=$lt_compiler_lib_search_dirs + +# Dependencies to place before and after the objects being linked to +# create a shared library. +predep_objects=$lt_predep_objects +postdep_objects=$lt_postdep_objects +predeps=$lt_predeps +postdeps=$lt_postdeps + +# The library search path used internally by the compiler when linking +# a shared library. +compiler_lib_search_path=$lt_compiler_lib_search_path + +# ### END LIBTOOL CONFIG + +_LT_EOF + + cat <<'_LT_EOF' >> "$cfgfile" + +# ### BEGIN FUNCTIONS SHARED WITH CONFIGURE + +# func_munge_path_list VARIABLE PATH +# ----------------------------------- +# VARIABLE is name of variable containing _space_ separated list of +# directories to be munged by the contents of PATH, which is string +# having a format: +# "DIR[:DIR]:" +# string "DIR[ DIR]" will be prepended to VARIABLE +# ":DIR[:DIR]" +# string "DIR[ DIR]" will be appended to VARIABLE +# "DIRP[:DIRP]::[DIRA:]DIRA" +# string "DIRP[ DIRP]" will be prepended to VARIABLE and string +# "DIRA[ DIRA]" will be appended to VARIABLE +# "DIR[:DIR]" +# VARIABLE will be replaced by "DIR[ DIR]" +func_munge_path_list () +{ + case x$2 in + x) + ;; + *:) + eval $1=\"`$ECHO $2 | $SED 's/:/ /g'` \$$1\" + ;; + x:*) + eval $1=\"\$$1 `$ECHO $2 | $SED 's/:/ /g'`\" + ;; + *::*) + eval $1=\"\$$1\ `$ECHO $2 | $SED -e 's/.*:://' -e 's/:/ /g'`\" + eval $1=\"`$ECHO $2 | $SED -e 's/::.*//' -e 's/:/ /g'`\ \$$1\" + ;; + *) + eval $1=\"`$ECHO $2 | $SED 's/:/ /g'`\" + ;; + esac +} + + +# Calculate cc_basename. Skip known compiler wrappers and cross-prefix. +func_cc_basename () +{ + for cc_temp in $*""; do + case $cc_temp in + compile | *[\\/]compile | ccache | *[\\/]ccache ) ;; + distcc | *[\\/]distcc | purify | *[\\/]purify ) ;; + \-*) ;; + *) break;; + esac + done + func_cc_basename_result=`$ECHO "$cc_temp" | $SED "s%.*/%%; s%^$host_alias-%%"` +} + + +# ### END FUNCTIONS SHARED WITH CONFIGURE + +_LT_EOF + + case $host_os in + aix3*) + cat <<\_LT_EOF >> "$cfgfile" +# AIX sometimes has problems with the GCC collect2 program. For some +# reason, if we set the COLLECT_NAMES environment variable, the problems +# vanish in a puff of smoke. +if test set != "${COLLECT_NAMES+set}"; then + COLLECT_NAMES= + export COLLECT_NAMES +fi +_LT_EOF + ;; + esac + + +ltmain=$ac_aux_dir/ltmain.sh + + + # We use sed instead of cat because bash on DJGPP gets confused if + # if finds mixed CR/LF and LF-only lines. Since sed operates in + # text mode, it properly converts lines to CR/LF. This bash problem + # is reportedly fixed, but why not run on old versions too? + sed '$q' "$ltmain" >> "$cfgfile" \ + || (rm -f "$cfgfile"; exit 1) + + mv -f "$cfgfile" "$ofile" || + (rm -f "$ofile" && cp "$cfgfile" "$ofile" && rm -f "$cfgfile") + chmod +x "$ofile" + + + cat <<_LT_EOF >> "$ofile" + +# ### BEGIN LIBTOOL TAG CONFIG: CXX + +# The linker used to build libraries. +LD=$lt_LD_CXX + +# How to create reloadable object files. +reload_flag=$lt_reload_flag_CXX +reload_cmds=$lt_reload_cmds_CXX + +# Commands used to build an old-style archive. +old_archive_cmds=$lt_old_archive_cmds_CXX + +# A language specific compiler. +CC=$lt_compiler_CXX + +# Is the compiler the GNU compiler? +with_gcc=$GCC_CXX + +# Compiler flag to turn off builtin functions. +no_builtin_flag=$lt_lt_prog_compiler_no_builtin_flag_CXX + +# Additional compiler flags for building library objects. +pic_flag=$lt_lt_prog_compiler_pic_CXX + +# How to pass a linker flag through the compiler. +wl=$lt_lt_prog_compiler_wl_CXX + +# Compiler flag to prevent dynamic linking. +link_static_flag=$lt_lt_prog_compiler_static_CXX + +# Does compiler simultaneously support -c and -o options? +compiler_c_o=$lt_lt_cv_prog_compiler_c_o_CXX + +# Whether or not to add -lc for building shared libraries. +build_libtool_need_lc=$archive_cmds_need_lc_CXX + +# Whether or not to disallow shared libs when runtime libs are static. +allow_libtool_libs_with_static_runtimes=$enable_shared_with_static_runtimes_CXX + +# Compiler flag to allow reflexive dlopens. +export_dynamic_flag_spec=$lt_export_dynamic_flag_spec_CXX + +# Compiler flag to generate shared objects directly from archives. +whole_archive_flag_spec=$lt_whole_archive_flag_spec_CXX + +# Whether the compiler copes with passing no objects directly. +compiler_needs_object=$lt_compiler_needs_object_CXX + +# Create an old-style archive from a shared archive. +old_archive_from_new_cmds=$lt_old_archive_from_new_cmds_CXX + +# Create a temporary old-style archive to link instead of a shared archive. +old_archive_from_expsyms_cmds=$lt_old_archive_from_expsyms_cmds_CXX + +# Commands used to build a shared archive. +archive_cmds=$lt_archive_cmds_CXX +archive_expsym_cmds=$lt_archive_expsym_cmds_CXX + +# Commands used to build a loadable module if different from building +# a shared archive. +module_cmds=$lt_module_cmds_CXX +module_expsym_cmds=$lt_module_expsym_cmds_CXX + +# Whether we are building with GNU ld or not. +with_gnu_ld=$lt_with_gnu_ld_CXX + +# Flag that allows shared libraries with undefined symbols to be built. +allow_undefined_flag=$lt_allow_undefined_flag_CXX + +# Flag that enforces no undefined symbols. +no_undefined_flag=$lt_no_undefined_flag_CXX + +# Flag to hardcode \$libdir into a binary during linking. +# This must work even if \$libdir does not exist +hardcode_libdir_flag_spec=$lt_hardcode_libdir_flag_spec_CXX + +# Whether we need a single "-rpath" flag with a separated argument. +hardcode_libdir_separator=$lt_hardcode_libdir_separator_CXX + +# Set to "yes" if using DIR/libNAME\$shared_ext during linking hardcodes +# DIR into the resulting binary. +hardcode_direct=$hardcode_direct_CXX + +# Set to "yes" if using DIR/libNAME\$shared_ext during linking hardcodes +# DIR into the resulting binary and the resulting library dependency is +# "absolute",i.e impossible to change by setting \$shlibpath_var if the +# library is relocated. +hardcode_direct_absolute=$hardcode_direct_absolute_CXX + +# Set to "yes" if using the -LDIR flag during linking hardcodes DIR +# into the resulting binary. +hardcode_minus_L=$hardcode_minus_L_CXX + +# Set to "yes" if using SHLIBPATH_VAR=DIR during linking hardcodes DIR +# into the resulting binary. +hardcode_shlibpath_var=$hardcode_shlibpath_var_CXX + +# Set to "yes" if building a shared library automatically hardcodes DIR +# into the library and all subsequent libraries and executables linked +# against it. +hardcode_automatic=$hardcode_automatic_CXX + +# Set to yes if linker adds runtime paths of dependent libraries +# to runtime path list. +inherit_rpath=$inherit_rpath_CXX + +# Whether libtool must link a program against all its dependency libraries. +link_all_deplibs=$link_all_deplibs_CXX + +# Set to "yes" if exported symbols are required. +always_export_symbols=$always_export_symbols_CXX + +# The commands to list exported symbols. +export_symbols_cmds=$lt_export_symbols_cmds_CXX + +# Symbols that should not be listed in the preloaded symbols. +exclude_expsyms=$lt_exclude_expsyms_CXX + +# Symbols that must always be exported. +include_expsyms=$lt_include_expsyms_CXX + +# Commands necessary for linking programs (against libraries) with templates. +prelink_cmds=$lt_prelink_cmds_CXX + +# Commands necessary for finishing linking programs. +postlink_cmds=$lt_postlink_cmds_CXX + +# Specify filename containing input files. +file_list_spec=$lt_file_list_spec_CXX + +# How to hardcode a shared library path into an executable. +hardcode_action=$hardcode_action_CXX + +# The directories searched by this compiler when creating a shared library. +compiler_lib_search_dirs=$lt_compiler_lib_search_dirs_CXX + +# Dependencies to place before and after the objects being linked to +# create a shared library. +predep_objects=$lt_predep_objects_CXX +postdep_objects=$lt_postdep_objects_CXX +predeps=$lt_predeps_CXX +postdeps=$lt_postdeps_CXX + +# The library search path used internally by the compiler when linking +# a shared library. +compiler_lib_search_path=$lt_compiler_lib_search_path_CXX + +# ### END LIBTOOL TAG CONFIG: CXX +_LT_EOF + + ;; + "guile/pre-inst-guile":F) chmod +x guile/pre-inst-guile ;; + + esac +done # for ac_tag + + +as_fn_exit 0 +_ACEOF +ac_clean_files=$ac_clean_files_save + +test $ac_write_fail = 0 || + as_fn_error $? "write failure creating $CONFIG_STATUS" "$LINENO" 5 + + +# configure is writing to config.log, and then calls config.status. +# config.status does its own redirection, appending to config.log. +# Unfortunately, on DOS this fails, as config.log is still kept open +# by configure, so config.status won't be able to write to it; its +# output is simply discarded. So we exec the FD to /dev/null, +# effectively closing config.log, so it can be properly (re)opened and +# appended to by config.status. When coming back to configure, we +# need to make the FD available again. +if test "$no_create" != yes; then + ac_cs_success=: + ac_config_status_args= + test "$silent" = yes && + ac_config_status_args="$ac_config_status_args --quiet" + exec 5>/dev/null + $SHELL $CONFIG_STATUS $ac_config_status_args || ac_cs_success=false + exec 5>>config.log + # Use ||, not &&, to avoid exiting from the if with $? = 1, which + # would make configure fail if this is the last instruction. + $ac_cs_success || as_fn_exit 1 +fi +if test -n "$ac_unrecognized_opts" && test "$enable_option_checking" != no; then + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: unrecognized options: $ac_unrecognized_opts" >&5 +$as_echo "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2;} +fi + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: summary of build options: + + version: ${VERSION} shared $LT_CURRENT:$LT_REVISION:$LT_AGE + Host/Target system: ${host} + Build system: ${build} + Install prefix: ${prefix} + Compiler: ${CC} + Valgrind: $opt_valgrind_tests ${VALGRIND} + CFlags: ${CFLAGS} + Library types: Shared=${enable_shared}, Static=${enable_static} + Local libopts: ${included_libopts} + Local libtasn1: ${included_libtasn1} + Local unistring: ${included_unistring} + Use nettle-mini: ${mini_nettle} + Documentation: ${enable_doc} (manpages: ${enable_manpages}) +" >&5 +$as_echo "$as_me: summary of build options: + + version: ${VERSION} shared $LT_CURRENT:$LT_REVISION:$LT_AGE + Host/Target system: ${host} + Build system: ${build} + Install prefix: ${prefix} + Compiler: ${CC} + Valgrind: $opt_valgrind_tests ${VALGRIND} + CFlags: ${CFLAGS} + Library types: Shared=${enable_shared}, Static=${enable_static} + Local libopts: ${included_libopts} + Local libtasn1: ${included_libtasn1} + Local unistring: ${included_unistring} + Use nettle-mini: ${mini_nettle} + Documentation: ${enable_doc} (manpages: ${enable_manpages}) +" >&6;} + +{ $as_echo "$as_me:${as_lineno-$LINENO}: External hardware support: + + /dev/crypto: $enable_cryptodev + Hardware accel: $hw_accel + Padlock accel: $use_padlock + Random gen. variant: $rnd_variant + PKCS#11 support: $with_p11_kit + TPM support: $with_tpm +" >&5 +$as_echo "$as_me: External hardware support: + + /dev/crypto: $enable_cryptodev + Hardware accel: $hw_accel + Padlock accel: $use_padlock + Random gen. variant: $rnd_variant + PKCS#11 support: $with_p11_kit + TPM support: $with_tpm +" >&6;} +if test -n "$ac_trousers_lib";then +{ $as_echo "$as_me:${as_lineno-$LINENO}: + TPM library: $ac_trousers_lib +" >&5 +$as_echo "$as_me: + TPM library: $ac_trousers_lib +" >&6;} +fi + +{ $as_echo "$as_me:${as_lineno-$LINENO}: Optional features: +(note that included applications might not compile properly +if features are disabled) + + SSL3.0 support: $ac_enable_ssl3 + SSL2.0 client hello: $ac_enable_ssl2 + Allow SHA1 sign: $ac_allow_sha1 + DTLS-SRTP support: $ac_enable_srtp + ALPN support: $ac_enable_alpn + OCSP support: $ac_enable_ocsp + SRP support: $ac_enable_srp + PSK support: $ac_enable_psk + DHE support: $ac_enable_dhe + ECDHE support: $ac_enable_ecdhe + GOST support: $ac_enable_gost + Anon auth support: $ac_enable_anon + Heartbeat support: $ac_enable_heartbeat + IDNA support: $idna_support + Non-SuiteB curves: $enable_non_suiteb + FIPS140 mode: $enable_fips +" >&5 +$as_echo "$as_me: Optional features: +(note that included applications might not compile properly +if features are disabled) + + SSL3.0 support: $ac_enable_ssl3 + SSL2.0 client hello: $ac_enable_ssl2 + Allow SHA1 sign: $ac_allow_sha1 + DTLS-SRTP support: $ac_enable_srtp + ALPN support: $ac_enable_alpn + OCSP support: $ac_enable_ocsp + SRP support: $ac_enable_srp + PSK support: $ac_enable_psk + DHE support: $ac_enable_dhe + ECDHE support: $ac_enable_ecdhe + GOST support: $ac_enable_gost + Anon auth support: $ac_enable_anon + Heartbeat support: $ac_enable_heartbeat + IDNA support: $idna_support + Non-SuiteB curves: $enable_non_suiteb + FIPS140 mode: $enable_fips +" >&6;} + +{ $as_echo "$as_me:${as_lineno-$LINENO}: Optional libraries: + + Guile wrappers: $opt_guile_bindings + C++ library: $use_cxx + DANE library: $enable_dane + OpenSSL compat: $enable_openssl +" >&5 +$as_echo "$as_me: Optional libraries: + + Guile wrappers: $opt_guile_bindings + C++ library: $use_cxx + DANE library: $enable_dane + OpenSSL compat: $enable_openssl +" >&6;} + +{ $as_echo "$as_me:${as_lineno-$LINENO}: System files: + + Trust store pkcs11: $with_default_trust_store_pkcs11 + Trust store dir: $with_default_trust_store_dir + Trust store file: $with_default_trust_store_file + Blacklist file: $with_default_blacklist_file + CRL file: $with_default_crl_file + Priority file: $system_priority_file + DNSSEC root key file: $unbound_root_key_file +" >&5 +$as_echo "$as_me: System files: + + Trust store pkcs11: $with_default_trust_store_pkcs11 + Trust store dir: $with_default_trust_store_dir + Trust store file: $with_default_trust_store_file + Blacklist file: $with_default_blacklist_file + CRL file: $with_default_crl_file + Priority file: $system_priority_file + DNSSEC root key file: $unbound_root_key_file +" >&6;} + +if test ! -f "$unbound_root_key_file"; then +{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: +*** +*** The DNSSEC root key file in $unbound_root_key_file was not found. +*** This file is needed for the verification of DNSSEC responses. +*** Use the command: unbound-anchor -a \"$unbound_root_key_file\" +*** to generate or update it. +*** " >&5 +$as_echo "$as_me: WARNING: +*** +*** The DNSSEC root key file in $unbound_root_key_file was not found. +*** This file is needed for the verification of DNSSEC responses. +*** Use the command: unbound-anchor -a \"$unbound_root_key_file\" +*** to generate or update it. +*** " >&2;} +fi + +if test "${enable_static}" != no;then +{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: +*** GnuTLS will be build as a static library. That means that library +*** constructors for gnutls_global_init will not be made available to +*** linking applications. If you are building that library for arbitrary +*** applications to link, do not enable static linking. +" >&5 +$as_echo "$as_me: WARNING: +*** GnuTLS will be build as a static library. That means that library +*** constructors for gnutls_global_init will not be made available to +*** linking applications. If you are building that library for arbitrary +*** applications to link, do not enable static linking. +" >&2;} +fi + +if test "$enable_fuzzer_target" != "no";then +{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: +*** This version of the library is for fuzzying purposes and is intentionally broken! +" >&5 +$as_echo "$as_me: WARNING: +*** This version of the library is for fuzzying purposes and is intentionally broken! +" >&2;} +fi diff --git a/configure.ac b/configure.ac new file mode 100644 index 0000000..2112606 --- /dev/null +++ b/configure.ac @@ -0,0 +1,1102 @@ +dnl Process this file with autoconf to produce a configure script. +# Copyright (C) 2000-2012, 2016 Free Software Foundation, Inc. +# +# Author: Nikos Mavrogiannopoulos, Simon Josefsson +# +# This file is part of GnuTLS. +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 +# USA + +AC_PREREQ(2.63) + +dnl when updating version also update LT_REVISION in m4/hooks.m4 +AC_INIT([GnuTLS], [3.6.8], [bugs@gnutls.org]) +AC_CONFIG_AUX_DIR([build-aux]) +AC_CONFIG_MACRO_DIRS([m4 src/gl/m4 src/libopts/m4 lib/unistring/m4]) +AC_CANONICAL_HOST + +AM_INIT_AUTOMAKE([1.12.2 foreign subdir-objects no-dist-gzip dist-xz -Wall -Wno-override]) +m4_ifdef([AM_SILENT_RULES], [AM_SILENT_RULES([yes])]) +AC_CONFIG_HEADERS([config.h]) + +AC_MSG_RESULT([*** +*** Checking for compilation programs... +]) + +dnl Checks for programs. +PKG_PROG_PKG_CONFIG +AC_PROG_CC +gl_EARLY +ggl_EARLY +unistring_EARLY +AM_PROG_AS +AM_PROG_AR +AC_PROG_CXX +AM_PROG_CC_C_O +AC_PROG_YACC +AC_PROG_SED + +AC_USE_SYSTEM_EXTENSIONS + +# +# Require C99 support +# +AC_PROG_CC_C99 +if test "$ac_cv_prog_cc_c99" = "no"; then + AC_MSG_WARN([[Compiler does not support C99. It may not be able to compile the project.]]) +fi + +AX_CODE_COVERAGE + +AM_MAINTAINER_MODE([enable]) + +AC_ARG_ENABLE(bash-tests, + AS_HELP_STRING([--disable-bash-tests], [skip some tests that badly need bash]), + enable_bash_tests=$enableval, enable_bash_tests=yes) +AM_CONDITIONAL(DISABLE_BASH_TESTS, test "$enable_bash_tests" != "yes") + +AC_ARG_ENABLE(doc, + AS_HELP_STRING([--disable-doc], [don't generate any documentation]), + enable_doc=$enableval, enable_doc=yes) +AM_CONDITIONAL(ENABLE_DOC, test "$enable_doc" != "no") + +AC_ARG_ENABLE(manpages, + AS_HELP_STRING([--enable-manpages], [install manpages even if disable-doc is given]), + enable_manpages=$enableval,enable_manpages=auto) + +if test "${enable_manpages}" = "auto";then + enable_manpages="${enable_doc}" +fi + +AM_CONDITIONAL(ENABLE_MANPAGES, test "$enable_manpages" != "no") + +AC_ARG_ENABLE(tools, + AS_HELP_STRING([--disable-tools], [don't compile any tools]), + enable_tools=$enableval, enable_tools=yes) +AM_CONDITIONAL(ENABLE_TOOLS, test "$enable_tools" != "no") + +# For includes/gnutls/gnutls.h.in. +AC_SUBST(MAJOR_VERSION, `echo $PACKAGE_VERSION | sed 's/\(.*\)\..*\..*/\1/g'`) +AC_SUBST(MINOR_VERSION, `echo $PACKAGE_VERSION | sed 's/.*\.\(.*\)\..*/\1/g'`) +AC_SUBST(PATCH_VERSION, [[`echo $PACKAGE_VERSION | sed 's/.*\..*\.\([0-9]*\).*/\1/g'`]]) +AC_SUBST(NUMBER_VERSION, `printf "0x%02x%02x%02x" $MAJOR_VERSION $MINOR_VERSION $PATCH_VERSION`) + +dnl C and C++ capabilities +AC_C_INLINE +AC_HEADER_STDC + +# For the C++ code +AC_ARG_ENABLE(cxx, + AS_HELP_STRING([--disable-cxx], [unconditionally disable the C++ library]), + use_cxx=$enableval, use_cxx=yes) +if test "$use_cxx" != "no"; then + AC_LANG_PUSH(C++) + AC_COMPILE_IFELSE([AC_LANG_PROGRAM([],[])], use_cxx=yes, use_cxx=no) + AC_LANG_POP(C++) +fi +AM_CONDITIONAL(ENABLE_CXX, test "$use_cxx" != "no") + +dnl Detect windows build +use_accel=yes +case "$host" in + *android*) + have_android=yes + have_elf=yes + ;; + *mingw32* | *mingw64*) + have_win=yes + AC_DEFINE([_UNICODE], [1], [Defined to 1 for Unicode (wide chars) APIs]) + ;; + *darwin*) + have_macosx=yes + save_LDFLAGS="$LDFLAGS" + dnl Try to use -no_weak_imports if available. This makes sure we + dnl error out when linking to a function that doesn't exist in the + dnl intended minimum runtime version. + LDFLAGS="$LDFLAGS -Wl,-no_weak_imports" + AC_MSG_CHECKING([whether the linker supports -Wl,-no_weak_imports]) + AC_LINK_IFELSE([AC_LANG_PROGRAM([], [])], + [AC_MSG_RESULT(yes)], [AC_MSG_RESULT(no); LDFLAGS="$save_LDFLAGS"]) + ;; + *solaris*) + have_elf=yes + use_accel=no + AC_MSG_WARN([[ +*** +*** In solaris hardware acceleration is disabled by default due to issues +*** with the assembler. Use --enable-hardware-acceleration to enable it. +*** ]]) + ;; + *) + have_elf=yes + ;; +esac + +AM_CONDITIONAL(ANDROID, test "$have_android" = yes) +AM_CONDITIONAL(WINDOWS, test "$have_win" = yes) +AM_CONDITIONAL(MACOSX, test "$have_macosx" = yes) +AM_CONDITIONAL(ELF, test "$have_elf" = yes) + +dnl Hardware Acceleration +AC_ARG_ENABLE(hardware-acceleration, + AS_HELP_STRING([--disable-hardware-acceleration], [unconditionally disable hardware acceleration]), + use_accel=$enableval) +hw_accel=none + + +use_padlock=no +if test "$use_accel" != "no"; then +case $host_cpu in + armv8 | aarch64) + hw_accel="aarch64" + case $host_os in + *_ilp32) + dnl ILP32 not supported in assembler yet + hw_accel="none" + ;; + esac + ;; + i?86 | x86_64 | amd64) + AC_CHECK_HEADERS(cpuid.h) + if test "$host_cpu" = "x86_64" || test "$host_cpu" = "amd64"; then + hw_accel="x86-64" + else + hw_accel="x86" + fi + use_padlock=yes + ;; + *) + ;; +esac + +fi + +AC_ARG_ENABLE(tls13-interop, + AS_HELP_STRING([--disable-tls13-interop], [disable TLS1.3 interoperability testing with openssl]), + enable_tls13_interop=$enableval, enable_tls13_interop=yes) + +AM_CONDITIONAL(ENABLE_TLS13_INTEROP, test "$enable_tls13_interop" != "no") + +dnl Check for iovec type +AC_CHECK_MEMBERS([struct iovec.iov_base], + [ + AC_SUBST([DEFINE_IOVEC_T], ["#include +typedef struct iovec giovec_t;"]) + ], + [ + AC_SUBST([DEFINE_IOVEC_T], ["typedef struct { + void *iov_base; + size_t iov_len; +} giovec_t;"]) + ], + [#include + ]) +AM_SUBST_NOTMAKE([DEFINE_IOVEC_T]) + +dnl Need netinet/tcp.h for TCP_FASTOPEN +AC_CHECK_HEADERS([netinet/tcp.h]) +AC_CHECK_HEADERS([stdatomic.h]) + +dnl This ensures that we link with the right library for atomic operations on Linux SPARC +save_LIBS=$LIBS +AC_SEARCH_LIBS([__atomic_load_4], [atomic], [], [AC_MSG_NOTICE([Could not detect libatomic])]) +LIBS=$save_LIBS + +AS_IF([test "$ac_cv_search___atomic_load_4" = "none required" || test "$ac_cv_search___atomic_load_4" = "no"], + [AC_SUBST([LIBATOMIC_LIBS], [])], + [AC_SUBST([LIBATOMIC_LIBS], [$ac_cv_search___atomic_load_4])]) + +dnl We use its presence to detect C11 threads +AC_CHECK_HEADERS([threads.h]) + +AC_ARG_ENABLE(padlock, + AS_HELP_STRING([--disable-padlock], [unconditionally disable padlock acceleration]), + use_padlock=$enableval) + +if test "$use_padlock" != "no"; then + AC_DEFINE([ENABLE_PADLOCK], 1, [Enable padlock acceleration]) + AC_SUBST([ENABLE_PADLOCK]) +fi +AM_CONDITIONAL(ENABLE_PADLOCK, test "$use_padlock" = "yes") +AM_CONDITIONAL(ASM_AARCH64, test x"$hw_accel" = x"aarch64") +AM_CONDITIONAL(ASM_X86_64, test x"$hw_accel" = x"x86-64") +AM_CONDITIONAL(ASM_X86_32, test x"$hw_accel" = x"x86") +AM_CONDITIONAL(ASM_X86, test x"$hw_accel" = x"x86" || test x"$hw_accel" = x"x86-64") +AM_CONDITIONAL(HAVE_GCC_GNU89_INLINE_OPTION, test "$gnu89_inline" = "yes"]) +AM_CONDITIONAL(HAVE_GCC, test "$GCC" = "yes") + +dnl check for getrandom() +rnd_variant="auto-detect" +AC_MSG_CHECKING([for getrandom]) +AC_LINK_IFELSE([AC_LANG_PROGRAM([ + #include ],[ + getrandom(0, 0, 0); + ])], + [AC_MSG_RESULT(yes) + AC_DEFINE([HAVE_GETRANDOM], 1, [Enable the Linux getrandom function]) + rnd_variant=getrandom], + [AC_MSG_RESULT(no)]) + +AC_MSG_CHECKING([for getentropy]) +AC_LINK_IFELSE([AC_LANG_PROGRAM([ + #include + #ifdef __APPLE__ + #include + #endif + #ifdef __linux__ + #error 1 + #endif + ],[ + getentropy(0, 0); + ])], + [AC_MSG_RESULT(yes) + AC_DEFINE([HAVE_GETENTROPY], 1, [Enable the OpenBSD getentropy function]) + rnd_variant=getentropy], + [AC_MSG_RESULT(no)]) + +AM_CONDITIONAL(HAVE_GETENTROPY, test "$rnd_variant" = "getentropy") + +dnl Try the hooks.m4 +LIBGNUTLS_HOOKS +LIBGNUTLS_EXTRA_HOOKS + +AC_ARG_ENABLE(tests, + AS_HELP_STRING([--disable-tests], [don't compile or run any tests]), + enable_tests=$enableval, enable_tests=$enable_tools) +AM_CONDITIONAL(ENABLE_TESTS, test "$enable_tests" != "no") + +AC_ARG_ENABLE(fuzzer-target, + AS_HELP_STRING([--enable-fuzzer-target], [make a library intended for testing - not production]), + enable_fuzzer_target=$enableval, enable_fuzzer_target=no) +if test "$enable_fuzzer_target" != "no";then + AC_DEFINE([FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION], 1, [Enable fuzzer target -not for production]) +fi + +dnl +dnl check for gtk-doc +dnl +m4_ifdef([GTK_DOC_CHECK], [ +GTK_DOC_CHECK([1.14],[--flavour no-tmpl]) +],[ +AM_CONDITIONAL([ENABLE_GTK_DOC], false) +]) +# needed for some older versions of gtk-doc +m4_ifdef([GTK_DOC_USE_LIBTOOL], [], [ +AM_CONDITIONAL([GTK_DOC_USE_LIBTOOL], false) +]) + +AM_GNU_GETTEXT([external]) +AM_GNU_GETTEXT_VERSION([0.19]) + +AC_C_BIGENDIAN + +dnl No fork on MinGW, disable some self-tests until we fix them. +dnl Check clock_gettime and pthread_mutex_lock in libc (avoid linking to other libs) +AC_CHECK_FUNCS([fork setitimer getrusage getpwuid_r nanosleep daemon getpid localtime mmap explicit_bzero],,) +dnl Manually check some functions by including headers first. On macOS, you +dnl normally only have the latest SDK available, containing all existing +dnl functions, but having them restricted according to target version in +dnl headers. If we bypass the headers and just try linking (as AC_CHECK_FUNCS +dnl does), we will accidentally detect functions which we shouldn't use. Set +dnl ac_cv_func_* as well, to avoid later AC_CHECK_FUNCS from other included +dnl scripts from overriding it. +AC_MSG_CHECKING([for clock_gettime]) +AC_LINK_IFELSE([AC_LANG_PROGRAM([#include ], [clock_gettime(0, 0);])], + [AC_MSG_RESULT(yes); ac_cv_func_clock_gettime=yes + AC_DEFINE([HAVE_CLOCK_GETTIME], 1, [Define to 1 if you have the `clock_gettime' function.])], + [AC_MSG_RESULT(no); ac_cv_func_clock_gettime=no]) +AC_MSG_CHECKING([for fmemopen]) +AC_LINK_IFELSE([AC_LANG_PROGRAM([#include ], [fmemopen(0, 0, 0);])], + [AC_MSG_RESULT(yes); ac_cv_func_fmemopen=yes + AC_DEFINE([HAVE_FMEMOPEN], 1, [Define to 1 if you have the `fmemopen' function.])], + [AC_MSG_RESULT(no); ac_cv_func_fmemopen=no]) + +AM_CONDITIONAL(HAVE_FORK, test "$ac_cv_func_fork" != "no") + +AC_CHECK_FUNCS([__register_atfork secure_getenv getauxval],,) + +AC_ARG_ENABLE(seccomp-tests, + AS_HELP_STRING([--enable-seccomp-tests], [unconditionally enable tests with seccomp]), + seccomp_tests=$enableval, seccomp_tests=no) + +AM_CONDITIONAL(HAVE_SECCOMP_TESTS, test "$seccomp_tests" = "yes") + +# check for libseccomp - used in test programs +AC_LIB_HAVE_LINKFLAGS(seccomp,, [#include +], [seccomp_init(0);]) + +# check for libcrypto - used in test programs +AC_LIB_HAVE_LINKFLAGS(crypto,, [#include +], [EVP_CIPHER_CTX_init(NULL);]) + +AM_CONDITIONAL(HAVE_LIBCRYPTO, test "$HAVE_LIBCRYPTO" = "yes") + +AC_LIB_HAVE_LINKFLAGS(rt,, [#include +#include +], [timer_create (0,0,0);]) + +if test "$have_win" != "yes";then + AC_CHECK_FUNCS([pthread_mutex_lock],,) + if test "$ac_cv_func_pthread_mutex_lock" != "yes";then + AC_LIB_HAVE_LINKFLAGS(pthread,, [#include ], [pthread_mutex_lock (0);]) + fi +fi + +if test "$ac_cv_func_nanosleep" != "yes";then + AC_LIB_HAVE_LINKFLAGS(rt,, [#include ], [nanosleep (0, 0);]) + gnutls_needs_librt=yes +fi + +if test "$ac_cv_func_clock_gettime" != "yes";then + AC_LIB_HAVE_LINKFLAGS(rt,, [#include ], [clock_gettime (0, 0);]) + gnutls_needs_librt=yes +fi + +AC_ARG_WITH(included-unistring, AS_HELP_STRING([--with-included-unistring], + [disable linking with system libunistring]), + included_unistring="$withval", + included_unistring=no) + +if test "$included_unistring" = yes;then + ac_have_unistring=no +else + save_LIBS=$LIBS + AC_SEARCH_LIBS(u8_normalize, unistring, [ + included_unistring=no + ac_have_unistring=yes + AC_SUBST([LIBUNISTRING], [$ac_cv_search_u8_normalize]) + ], [ + ac_cv_libunistring=no + AC_MSG_ERROR([[ + *** + *** Libunistring was not found. To use the included one, use --with-included-unistring + ]]) + ]) + LIBS=$save_LIBS +fi + +AM_CONDITIONAL(HAVE_LIBUNISTRING, test "$ac_have_unistring" = "yes") + +dnl Note that g*l_INIT are run after we check for library capabilities, +dnl to prevent issues from caching lib dependencies. See discussion +dnl in https://bugs.gentoo.org/show_bug.cgi?id=494940 and +dnl https://gnu-autoconf.7623.n7.nabble.com/Correct-way-to-check-for-clock-gettime-td12276.html +gl_INIT +ggl_INIT +unistring_INIT + +# disable the extended test suite at tests/suite if asked, or if we are not running in git master +AC_ARG_ENABLE(full-test-suite, + AS_HELP_STRING([--disable-full-test-suite], [disable running very slow components of test suite]), + full_test_suite=$enableval, full_test_suite=yes) + +# test if we are in git master or in release build. In release +# builds we do not use valgrind. +SUITE_FILE="${srcdir}/tests/suite/mini-eagain2.c" +if test "$full_test_suite" = yes && test ! -f "$SUITE_FILE";then + full_test_suite=no +fi + +AM_CONDITIONAL(WANT_TEST_SUITE, test "$full_test_suite" = "yes") + +dnl GCC warnings to enable + +AC_ARG_ENABLE([gcc-warnings], + [AS_HELP_STRING([--disable-gcc-warnings], + [turn off lots of GCC warnings (for developers)])], + [case $enableval in + yes|no) ;; + *) AC_MSG_ERROR([bad value $enableval for gcc-warnings option]) ;; + esac + gl_gcc_warnings=$enableval], + [gl_gcc_warnings=yes] +) + +if test "$gl_gcc_warnings" = yes; then + gl_WARN_ADD([-Wtype-limits], [WSTACK_CFLAGS]) + + nw="$nw -Wsystem-headers" # Don't let system headers trigger warnings + nw="$nw -Wc++-compat" # We don't care about C++ compilers + nw="$nw -Wundef" # Warns on '#if GNULIB_FOO' etc in gnulib + nw="$nw -Wtraditional" # Warns on #elif which we use often + nw="$nw -Wpadded" # Our structs are not padded + nw="$nw -Wtraditional-conversion" # Too many warnings for now + nw="$nw -Wswitch-default" # Too many warnings for now + nw="$nw -Wformat-y2k" # Too many warnings for now + nw="$nw -Woverlength-strings" # We use some in tests/ + nw="$nw -Wvla" # There is no point to avoid C99 variable length arrays + nw="$nw -Wformat-nonliteral" # Incompatible with gettext _() + nw="$nw -Wformat-signedness" # Too many to handle + nw="$nw -Wstrict-overflow" + nw="$nw -Wmissing-noreturn" + nw="$nw -Winline" # Too compiler dependent + nw="$nw -Wsuggest-attribute=pure" # Is it worth using attributes? + nw="$nw -Wsuggest-attribute=const" # Is it worth using attributes? + nw="$nw -Wsuggest-attribute=noreturn" # Is it worth using attributes? + nw="$nw -Wstack-protector" # Some functions cannot be protected + nw="$nw -Wunsafe-loop-optimizations" # Warnings with no point + nw="$nw -Wredundant-decls" # Some files cannot be compiled with that (gl_fd_to_handle) + + gl_MANYWARN_ALL_GCC([ws]) + gl_MANYWARN_COMPLEMENT(ws, [$ws], [$nw]) + for w in $ws; do + gl_WARN_ADD([$w]) + done + gl_WARN_ADD([-Wno-missing-field-initializers]) # We need this one + gl_WARN_ADD([-Wno-unused-parameter]) # Too many warnings for now + gl_WARN_ADD([-Wno-format-truncation]) # Many warnings with no point + gl_WARN_ADD([-Wimplicit-fallthrough=2]) + gl_WARN_ADD([-Wabi=11]) + gl_WARN_ADD([-fdiagnostics-show-option]) +fi + +AC_SUBST([WERROR_CFLAGS]) +AC_SUBST([WSTACK_CFLAGS]) +AC_SUBST([WARN_CFLAGS]) + +dnl Programs for compilation or development +AC_PROG_LN_S +LT_INIT([disable-static,win32-dll,shared]) + + + +AC_LIB_HAVE_LINKFLAGS(dl,, [#include ], [dladdr (0, 0);]) + +AC_ARG_ENABLE(fips140-mode, + AS_HELP_STRING([--enable-fips140-mode], [enable FIPS140-2 mode]), + enable_fips=$enableval, enable_fips=no) +AM_CONDITIONAL(ENABLE_FIPS140, test "$enable_fips" = "yes") +if [ test "$enable_fips" = "yes" ];then + if test "x$HAVE_LIBDL" = "xyes";then + AC_DEFINE([ENABLE_FIPS140], 1, [Enable FIPS140-2 mode]) + AC_SUBST([FIPS140_LIBS], $LIBDL) + AC_ARG_WITH(fips140-key, AS_HELP_STRING([--with-fips140-key], + [specify the FIPS140 HMAC key for integrity]), + fips_key="$withval", + fips_key="orboDeJITITejsirpADONivirpUkvarP") + + AC_DEFINE_UNQUOTED([FIPS_KEY], ["$fips_key"], [The FIPS140-2 integrity key]) + else + enable_fips=no + AC_MSG_WARN([[ +*** +*** This system is not supported in FIPS140 mode. +*** libdl and dladdr() are required. +*** ]]) + fi +fi + +PKG_CHECK_MODULES(CMOCKA, [cmocka >= 1.0.1], [with_cmocka=yes], [with_cmocka=no]) +AM_CONDITIONAL(HAVE_CMOCKA, test "$with_cmocka" != "no") + +AC_ARG_WITH(idn, AS_HELP_STRING([--without-idn], + [disable support for IDNA]), + try_libidn2="$withval", + try_libidn2=yes) + +idna_support=no +with_libidn2=no + +if test "$try_libidn2" = yes;then + save_LIBS=$LIBS + AC_SEARCH_LIBS(idn2_lookup_u8, idn2, [ + with_libidn2=yes; + idna_support="IDNA 2008 (libidn2)" + AC_DEFINE([HAVE_LIBIDN2], 1, [Define if IDNA 2008 support is enabled.]) + AC_SUBST([LIBIDN2_CFLAGS], []) + AC_SUBST([LIBIDN2_LIBS], [-lidn2]) dnl used in gnutls.pc.in +dnl enable once libidn2.pc is widespread; and remove LIBIDN2_LIBS from gnutls.pc.in (Libs.private) +dnl if test "x$GNUTLS_REQUIRES_PRIVATE" = "x"; then +dnl GNUTLS_REQUIRES_PRIVATE="Requires.private: libidn2" +dnl else +dnl GNUTLS_REQUIRES_PRIVATE="${GNUTLS_REQUIRES_PRIVATE}, libidn2" +dnl fi + ],[ + with_libidn2=no; + AC_MSG_WARN(*** LIBIDN2 was not found. You will not be able to use IDN2008 support) + ]) + LIBS=$save_LIBS +else + with_libidn2=no +fi + +AM_CONDITIONAL(HAVE_LIBIDN2, test "$with_libidn2" != "no") + +AC_ARG_ENABLE(non-suiteb-curves, + AS_HELP_STRING([--disable-non-suiteb-curves], [disable curves not in SuiteB]), + enable_non_suiteb=$enableval, enable_non_suiteb=yes) + +if test "$enable_non_suiteb" = "yes";then + dnl nettle_secp_192r1 is not really a function + AC_CHECK_LIB(hogweed, nettle_secp_192r1, enable_non_suiteb=yes, enable_non_suiteb=no, [$HOGWEED_LIBS $NETTLE_LIBS]) + + if test "$enable_non_suiteb" = "yes";then + AC_DEFINE([ENABLE_NON_SUITEB_CURVES], 1, [Enable all curves]) + fi +fi +AM_CONDITIONAL(ENABLE_NON_SUITEB_CURVES, test "$enable_non_suiteb" = "yes") + +# We MUST require a Nettle version that has rsa_sec_decrypt now. +save_LIBS=$LIBS +LIBS="$LIBS $HOGWEED_LIBS $NETTLE_LIBS" +AC_CHECK_FUNCS(nettle_rsa_sec_decrypt, + [], + [AC_MSG_ERROR([Nettle lacks the required rsa_sec_decrypt function])] +) +LIBS=$save_LIBS + +# Check if nettle has CFB8 support +save_LIBS=$LIBS +LIBS="$LIBS $NETTLE_LIBS" +AC_CHECK_FUNCS(nettle_cfb8_encrypt) +LIBS=$save_LIBS + +# Check if nettle has CMAC support +save_LIBS=$LIBS +LIBS="$LIBS $NETTLE_LIBS" +AC_CHECK_FUNCS(nettle_cmac128_update) +LIBS=$save_LIBS + +# Check if nettle has XTS support +save_LIBS=$LIBS +LIBS="$LIBS $NETTLE_LIBS" +AC_CHECK_FUNCS(xts_encrypt_message) +LIBS=$save_LIBS + + +AC_MSG_CHECKING([whether to build libdane]) +AC_ARG_ENABLE(libdane, + AS_HELP_STRING([--disable-libdane], + [disable the built of libdane]), + enable_dane=$enableval, enable_dane=yes) +AC_MSG_RESULT($enable_dane) + +if test "$enable_dane" != "no"; then + LIBS="$oldlibs -lunbound" + AC_MSG_CHECKING([for unbound library]) + AC_LINK_IFELSE([AC_LANG_PROGRAM([ + #include ],[ + struct ub_ctx* ctx; + ctx = ub_ctx_create();])], + [AC_MSG_RESULT(yes) + AC_SUBST([UNBOUND_LIBS], [-lunbound]) + AC_SUBST([UNBOUND_CFLAGS], []) + AC_DEFINE([HAVE_DANE], 1, [Enable the DANE library]) + enable_dane=yes], + [AC_MSG_RESULT(no) + AC_MSG_WARN([[ +*** +*** libunbound was not found. Libdane will not be built. +*** ]]) + enable_dane=no]) + LIBS="$oldlibs" +fi + +AM_CONDITIONAL(ENABLE_DANE, test "$enable_dane" = "yes") + +AC_ARG_WITH(unbound-root-key-file, AS_HELP_STRING([--with-unbound-root-key-file], + [specify the unbound root key file]), + unbound_root_key_file="$withval", +if test "$have_win" = yes; then + unbound_root_key_file="C:\\Program Files\\Unbound\\root.key" +else + if test -f /var/lib/unbound/root.key;then + unbound_root_key_file="/var/lib/unbound/root.key" + else + if test -f /usr/share/dns/root.key;then + unbound_root_key_file="/usr/share/dns/root.key" + else + unbound_root_key_file="/etc/unbound/root.key" + fi + fi +fi +) + +AC_DEFINE_UNQUOTED([UNBOUND_ROOT_KEY_FILE], + ["$unbound_root_key_file"], [The DNSSEC root key file]) + +AC_ARG_WITH(system-priority-file, AS_HELP_STRING([--with-system-priority-file], + [specify the system priority file]), + system_priority_file="$withval", +system_priority_file="/etc/gnutls/default-priorities" +) + +AC_DEFINE_UNQUOTED([SYSTEM_PRIORITY_FILE], + ["$system_priority_file"], [The system priority file]) + +AC_ARG_WITH(default-priority-string, AS_HELP_STRING([--with-default-priority-string], + [specify the default priority string (e.g. @SYSTEM)]), + prio_string="$withval", + prio_string="NORMAL") + +AC_DEFINE_UNQUOTED([DEFAULT_PRIORITY_STRING], ["$prio_string"], [The default priority string]) + +dnl Check for p11-kit +P11_KIT_MINIMUM=0.23.1 +AC_ARG_WITH(p11-kit, + AS_HELP_STRING([--without-p11-kit], + [Build without p11-kit and PKCS#11 support])) +if test "$with_p11_kit" != "no"; then + PKG_CHECK_MODULES(P11_KIT, [p11-kit-1 >= $P11_KIT_MINIMUM], [with_p11_kit=yes], [with_p11_kit=no]) + if test "$with_p11_kit" != "no";then + AC_DEFINE([ENABLE_PKCS11], 1, [Build PKCS#11 support]) + if test "x$GNUTLS_REQUIRES_PRIVATE" = "x"; then + GNUTLS_REQUIRES_PRIVATE="Requires.private: p11-kit-1" + else + GNUTLS_REQUIRES_PRIVATE="${GNUTLS_REQUIRES_PRIVATE}, p11-kit-1" + fi + else + with_p11_kit=no + AC_MSG_ERROR([[ +*** +*** p11-kit >= $P11_KIT_MINIMUM was not found. To disable PKCS #11 support +*** use --without-p11-kit, otherwise you may get p11-kit from +*** https://p11-glue.freedesktop.org/p11-kit.html +*** ]]) + fi +fi + +AM_CONDITIONAL(P11KIT_0_23_11_API, $PKG_CONFIG --atleast-version=0.23.11 p11-kit-1) + +AM_CONDITIONAL(ENABLE_PKCS11, test "$with_p11_kit" != "no") + +AC_ARG_WITH(tpm, + AS_HELP_STRING([--without-tpm], + [Disable TPM (trousers) support.]), + [with_tpm=$withval], [with_tpm=yes]) +if test "$with_tpm" != "no"; then + LIBS="$oldlibs -ltspi" + AC_MSG_CHECKING([for tss library]) + AC_LINK_IFELSE([AC_LANG_PROGRAM([ + #include + #include ],[ + int err = Tspi_Context_Create((void *)0); + Trspi_Error_String(err);])], + [AC_MSG_RESULT(yes) + AC_SUBST([TSS_LIBS], [-ltspi]) + AC_SUBST([TSS_CFLAGS], []) + AC_DEFINE([HAVE_TROUSERS], 1, [Enable TPM]) + with_tpm=yes], + [AC_MSG_RESULT(no) + AC_MSG_WARN([[ +*** +*** trousers was not found. TPM support will be disabled. +*** ]]) + with_tpm=no]) + LIBS="$oldlibs" +fi + +AM_CONDITIONAL(ENABLE_TROUSERS, test "$with_tpm" != "no") + +for l in /usr/lib64 /usr/lib /lib64 /lib /usr/lib/x86_64-linux-gnu/; do + if test -f "${l}/libtspi.so.1";then + default_trousers_lib="${l}/libtspi.so.1" + break + fi +done + +AC_ARG_WITH(trousers-lib, AS_HELP_STRING([--with-trousers-lib=LIB], + [set the location of the trousers library]), + ac_trousers_lib=$withval, ac_trousers_lib=$default_trousers_lib) + +if test "$with_tpm" != "no" && test -z "$ac_trousers_lib"; then + AC_MSG_ERROR([[ + *** + *** unable to find trousers library, please specify with --with-trousers-lib= + *** + ]]) +fi + +AC_DEFINE_UNQUOTED([TROUSERS_LIB], ["$ac_trousers_lib"], [the location of the trousers library]) +AC_SUBST(TROUSERS_LIB) + +AM_MISSING_PROG([AUTOGEN], [autogen]) + +included_libopts=no +if test "$enable_tools" != "no" || test "$enable_doc" != "no"; then + AC_CHECK_PROGS([autogen], [autogen]) + + if test -z "$autogen"; then + AC_MSG_WARN([[ +*** +*** autogen not found. Will not link against system libopts. +*** ]]) + dnl simulate specifying option on the command line + enable_local_libopts=yes + fi + LIBOPTS_CHECK([src/libopts]) + if test "$NEED_LIBOPTS_DIR" = "true";then + dnl replace libopts-generated files with distributed backups, if present + included_libopts=yes + fi +else + # Need to ensure the relevant conditionals get set + gl_STDNORETURN_H + AM_CONDITIONAL([INSTALL_LIBOPTS],[false]) +fi + +AM_CONDITIONAL(NEED_LIBOPTS, test "$included_libopts" = "yes") + +# For minitasn1. +AC_CHECK_SIZEOF(unsigned long int, 4) +AC_CHECK_SIZEOF(unsigned int, 4) +AC_CHECK_SIZEOF(time_t, 4) + +# export for use in scripts +AC_SUBST(ac_cv_sizeof_time_t) + +AC_SUBST(GNUTLS_REQUIRES_PRIVATE) + + +AC_ARG_WITH([default-trust-store-pkcs11], + [AS_HELP_STRING([--with-default-trust-store-pkcs11=URI], + [use the given pkcs11 uri as default trust store])]) + +if test "x$with_default_trust_store_pkcs11" != x; then + if test "x$with_p11_kit" = xno; then + AC_MSG_ERROR([cannot use pkcs11 store without p11-kit]) + fi + AC_DEFINE_UNQUOTED([DEFAULT_TRUST_STORE_PKCS11], + ["$with_default_trust_store_pkcs11"], [use the given pkcs11 uri as default trust store]) +fi + +AM_CONDITIONAL([HAVE_PKCS11_TRUST_STORE], [test -n "${with_default_trust_store_pkcs11}"]) + +AC_ARG_WITH([default-trust-store-dir], + [AS_HELP_STRING([--with-default-trust-store-dir=DIR], + [use the given directory as default trust store])]) + +if test "x$with_default_trust_store_dir" != x; then + AC_DEFINE_UNQUOTED([DEFAULT_TRUST_STORE_DIR], + ["$with_default_trust_store_dir"], [use the given directory as default trust store]) +fi + +dnl auto detect https://lists.gnu.org/archive/html/help-gnutls/2012-05/msg00004.html +AC_ARG_WITH([default-trust-store-file], + [AS_HELP_STRING([--with-default-trust-store-file=FILE], + [use the given file default trust store])], with_default_trust_store_file="$withval", + [if test "$build" = "$host" && test x$with_default_trust_store_pkcs11 = x && test x$with_default_trust_store_dir = x && test x$have_macosx = x;then + for i in \ + /etc/ssl/ca-bundle.pem \ + /etc/ssl/certs/ca-certificates.crt \ + /etc/pki/tls/cert.pem \ + /usr/local/share/certs/ca-root-nss.crt \ + /etc/ssl/cert.pem + do + if test -e "$i"; then + with_default_trust_store_file="$i" + break + fi + done + fi] +) + +if test "$with_default_trust_store_file" = "no";then + with_default_trust_store_file="" +fi + +AC_ARG_WITH([default-crl-file], + [AS_HELP_STRING([--with-default-crl-file=FILE], + [use the given CRL file as default])]) + +AC_ARG_WITH([default-blacklist-file], + [AS_HELP_STRING([--with-default-blacklist-file=FILE], + [use the given certificate blacklist file as default])]) + +if test "x$with_default_trust_store_file" != x; then + AC_DEFINE_UNQUOTED([DEFAULT_TRUST_STORE_FILE], + ["$with_default_trust_store_file"], [use the given file default trust store]) +fi + +if test "x$with_default_crl_file" != x; then + AC_DEFINE_UNQUOTED([DEFAULT_CRL_FILE], + ["$with_default_crl_file"], [use the given CRL file]) +fi + +if test "x$with_default_blacklist_file" != x; then + AC_DEFINE_UNQUOTED([DEFAULT_BLACKLIST_FILE], + ["$with_default_blacklist_file"], [use the given certificate blacklist file]) +fi + +dnl Guile bindings. +AC_MSG_CHECKING([whether building Guile bindings]) +AC_ARG_ENABLE(guile, + AS_HELP_STRING([--enable-guile], [build GNU Guile bindings]), + [opt_guile_bindings=$enableval], [opt_guile_bindings=yes]) +AC_MSG_RESULT($opt_guile_bindings) + +AC_ARG_WITH([guile-site-dir], AS_HELP_STRING([--with-guile-site-dir=DIR], + [guile site directory for gnutls, default is guile system settings]), + [guilesitedir="${withval}"], [guilesitedir='$(GUILE_SITE)']) +AC_ARG_WITH([guile-site-ccache-dir], AS_HELP_STRING([--with-guile-site-ccache-dir=DIR], + [guile ccache directory for gnutls, default is guile system settings]), + [guilesiteccachedir="${withval}"], [guilesiteccachedir='$(GUILE_SITE_CCACHE)']) +AC_ARG_WITH([guile-extension-dir], AS_HELP_STRING([--with-guile-extension-dir=DIR], + [guile extension directory for gnutls, default is guile system settings]), + [guileextensiondir="${withval}"], [guileextensiondir='$(GUILE_EXTENSION)']) +AC_SUBST([guilesitedir]) +AC_SUBST([guilesiteccachedir]) +AC_SUBST([guileextensiondir]) + +if test "$opt_guile_bindings" = "yes"; then + AC_MSG_RESULT([*** +*** Detecting GNU Guile... +]) + + AC_PATH_PROG([guile_snarf], [guile-snarf]) + if test "x$guile_snarf" = "x"; then + AC_MSG_WARN([`guile-snarf' from Guile not found. Guile bindings not built.]) + opt_guile_bindings=no + else + dnl Check for 'guild', which can be used to compile Scheme code + dnl on Guile 2.x. + AC_PATH_PROG([GUILD], [guild]) + AC_SUBST([GUILD]) + + GUILE_PKG + GUILE_PROGS + GUILE_SITE_DIR + GUILE_FLAGS + + # Backward compatibility with + Everyone is permitted to copy and distribute verbatim copies + of this license document, but changing it is not allowed. + + Preamble + + The GNU General Public License is a free, copyleft license for +software and other kinds of works. + + The licenses for most software and other practical works are designed +to take away your freedom to share and change the works. By contrast, +the GNU General Public License is intended to guarantee your freedom to +share and change all versions of a program--to make sure it remains free +software for all its users. We, the Free Software Foundation, use the +GNU General Public License for most of our software; it applies also to +any other work released this way by its authors. You can apply it to +your programs, too. + + When we speak of free software, we are referring to freedom, not +price. Our General Public Licenses are designed to make sure that you +have the freedom to distribute copies of free software (and charge for +them if you wish), that you receive source code or can get it if you +want it, that you can change the software or use pieces of it in new +free programs, and that you know you can do these things. + + To protect your rights, we need to prevent others from denying you +these rights or asking you to surrender the rights. Therefore, you have +certain responsibilities if you distribute copies of the software, or if +you modify it: responsibilities to respect the freedom of others. + + For example, if you distribute copies of such a program, whether +gratis or for a fee, you must pass on to the recipients the same +freedoms that you received. You must make sure that they, too, receive +or can get the source code. And you must show them these terms so they +know their rights. + + Developers that use the GNU GPL protect your rights with two steps: +(1) assert copyright on the software, and (2) offer you this License +giving you legal permission to copy, distribute and/or modify it. + + For the developers' and authors' protection, the GPL clearly explains +that there is no warranty for this free software. For both users' and +authors' sake, the GPL requires that modified versions be marked as +changed, so that their problems will not be attributed erroneously to +authors of previous versions. + + Some devices are designed to deny users access to install or run +modified versions of the software inside them, although the manufacturer +can do so. This is fundamentally incompatible with the aim of +protecting users' freedom to change the software. The systematic +pattern of such abuse occurs in the area of products for individuals to +use, which is precisely where it is most unacceptable. Therefore, we +have designed this version of the GPL to prohibit the practice for those +products. If such problems arise substantially in other domains, we +stand ready to extend this provision to those domains in future versions +of the GPL, as needed to protect the freedom of users. + + Finally, every program is threatened constantly by software patents. +States should not allow patents to restrict development and use of +software on general-purpose computers, but in those that do, we wish to +avoid the special danger that patents applied to a free program could +make it effectively proprietary. To prevent this, the GPL assures that +patents cannot be used to render the program non-free. + + The precise terms and conditions for copying, distribution and +modification follow. + + TERMS AND CONDITIONS + + 0. Definitions. + + "This License" refers to version 3 of the GNU General Public License. + + "Copyright" also means copyright-like laws that apply to other kinds of +works, such as semiconductor masks. + + "The Program" refers to any copyrightable work licensed under this +License. Each licensee is addressed as "you". "Licensees" and +"recipients" may be individuals or organizations. + + To "modify" a work means to copy from or adapt all or part of the work +in a fashion requiring copyright permission, other than the making of an +exact copy. The resulting work is called a "modified version" of the +earlier work or a work "based on" the earlier work. + + A "covered work" means either the unmodified Program or a work based +on the Program. + + To "propagate" a work means to do anything with it that, without +permission, would make you directly or secondarily liable for +infringement under applicable copyright law, except executing it on a +computer or modifying a private copy. Propagation includes copying, +distribution (with or without modification), making available to the +public, and in some countries other activities as well. + + To "convey" a work means any kind of propagation that enables other +parties to make or receive copies. Mere interaction with a user through +a computer network, with no transfer of a copy, is not conveying. + + An interactive user interface displays "Appropriate Legal Notices" +to the extent that it includes a convenient and prominently visible +feature that (1) displays an appropriate copyright notice, and (2) +tells the user that there is no warranty for the work (except to the +extent that warranties are provided), that licensees may convey the +work under this License, and how to view a copy of this License. If +the interface presents a list of user commands or options, such as a +menu, a prominent item in the list meets this criterion. + + 1. Source Code. + + The "source code" for a work means the preferred form of the work +for making modifications to it. "Object code" means any non-source +form of a work. + + A "Standard Interface" means an interface that either is an official +standard defined by a recognized standards body, or, in the case of +interfaces specified for a particular programming language, one that +is widely used among developers working in that language. + + The "System Libraries" of an executable work include anything, other +than the work as a whole, that (a) is included in the normal form of +packaging a Major Component, but which is not part of that Major +Component, and (b) serves only to enable use of the work with that +Major Component, or to implement a Standard Interface for which an +implementation is available to the public in source code form. A +"Major Component", in this context, means a major essential component +(kernel, window system, and so on) of the specific operating system +(if any) on which the executable work runs, or a compiler used to +produce the work, or an object code interpreter used to run it. + + The "Corresponding Source" for a work in object code form means all +the source code needed to generate, install, and (for an executable +work) run the object code and to modify the work, including scripts to +control those activities. However, it does not include the work's +System Libraries, or general-purpose tools or generally available free +programs which are used unmodified in performing those activities but +which are not part of the work. For example, Corresponding Source +includes interface definition files associated with source files for +the work, and the source code for shared libraries and dynamically +linked subprograms that the work is specifically designed to require, +such as by intimate data communication or control flow between those +subprograms and other parts of the work. + + The Corresponding Source need not include anything that users +can regenerate automatically from other parts of the Corresponding +Source. + + The Corresponding Source for a work in source code form is that +same work. + + 2. Basic Permissions. + + All rights granted under this License are granted for the term of +copyright on the Program, and are irrevocable provided the stated +conditions are met. This License explicitly affirms your unlimited +permission to run the unmodified Program. The output from running a +covered work is covered by this License only if the output, given its +content, constitutes a covered work. This License acknowledges your +rights of fair use or other equivalent, as provided by copyright law. + + You may make, run and propagate covered works that you do not +convey, without conditions so long as your license otherwise remains +in force. You may convey covered works to others for the sole purpose +of having them make modifications exclusively for you, or provide you +with facilities for running those works, provided that you comply with +the terms of this License in conveying all material for which you do +not control copyright. Those thus making or running the covered works +for you must do so exclusively on your behalf, under your direction +and control, on terms that prohibit them from making any copies of +your copyrighted material outside their relationship with you. + + Conveying under any other circumstances is permitted solely under +the conditions stated below. Sublicensing is not allowed; section 10 +makes it unnecessary. + + 3. Protecting Users' Legal Rights From Anti-Circumvention Law. + + No covered work shall be deemed part of an effective technological +measure under any applicable law fulfilling obligations under article +11 of the WIPO copyright treaty adopted on 20 December 1996, or +similar laws prohibiting or restricting circumvention of such +measures. + + When you convey a covered work, you waive any legal power to forbid +circumvention of technological measures to the extent such circumvention +is effected by exercising rights under this License with respect to +the covered work, and you disclaim any intention to limit operation or +modification of the work as a means of enforcing, against the work's +users, your or third parties' legal rights to forbid circumvention of +technological measures. + + 4. Conveying Verbatim Copies. + + You may convey verbatim copies of the Program's source code as you +receive it, in any medium, provided that you conspicuously and +appropriately publish on each copy an appropriate copyright notice; +keep intact all notices stating that this License and any +non-permissive terms added in accord with section 7 apply to the code; +keep intact all notices of the absence of any warranty; and give all +recipients a copy of this License along with the Program. + + You may charge any price or no price for each copy that you convey, +and you may offer support or warranty protection for a fee. + + 5. Conveying Modified Source Versions. + + You may convey a work based on the Program, or the modifications to +produce it from the Program, in the form of source code under the +terms of section 4, provided that you also meet all of these conditions: + + a) The work must carry prominent notices stating that you modified + it, and giving a relevant date. + + b) The work must carry prominent notices stating that it is + released under this License and any conditions added under section + 7. This requirement modifies the requirement in section 4 to + "keep intact all notices". + + c) You must license the entire work, as a whole, under this + License to anyone who comes into possession of a copy. This + License will therefore apply, along with any applicable section 7 + additional terms, to the whole of the work, and all its parts, + regardless of how they are packaged. This License gives no + permission to license the work in any other way, but it does not + invalidate such permission if you have separately received it. + + d) If the work has interactive user interfaces, each must display + Appropriate Legal Notices; however, if the Program has interactive + interfaces that do not display Appropriate Legal Notices, your + work need not make them do so. + + A compilation of a covered work with other separate and independent +works, which are not by their nature extensions of the covered work, +and which are not combined with it such as to form a larger program, +in or on a volume of a storage or distribution medium, is called an +"aggregate" if the compilation and its resulting copyright are not +used to limit the access or legal rights of the compilation's users +beyond what the individual works permit. Inclusion of a covered work +in an aggregate does not cause this License to apply to the other +parts of the aggregate. + + 6. Conveying Non-Source Forms. + + You may convey a covered work in object code form under the terms +of sections 4 and 5, provided that you also convey the +machine-readable Corresponding Source under the terms of this License, +in one of these ways: + + a) Convey the object code in, or embodied in, a physical product + (including a physical distribution medium), accompanied by the + Corresponding Source fixed on a durable physical medium + customarily used for software interchange. + + b) Convey the object code in, or embodied in, a physical product + (including a physical distribution medium), accompanied by a + written offer, valid for at least three years and valid for as + long as you offer spare parts or customer support for that product + model, to give anyone who possesses the object code either (1) a + copy of the Corresponding Source for all the software in the + product that is covered by this License, on a durable physical + medium customarily used for software interchange, for a price no + more than your reasonable cost of physically performing this + conveying of source, or (2) access to copy the + Corresponding Source from a network server at no charge. + + c) Convey individual copies of the object code with a copy of the + written offer to provide the Corresponding Source. This + alternative is allowed only occasionally and noncommercially, and + only if you received the object code with such an offer, in accord + with subsection 6b. + + d) Convey the object code by offering access from a designated + place (gratis or for a charge), and offer equivalent access to the + Corresponding Source in the same way through the same place at no + further charge. You need not require recipients to copy the + Corresponding Source along with the object code. If the place to + copy the object code is a network server, the Corresponding Source + may be on a different server (operated by you or a third party) + that supports equivalent copying facilities, provided you maintain + clear directions next to the object code saying where to find the + Corresponding Source. Regardless of what server hosts the + Corresponding Source, you remain obligated to ensure that it is + available for as long as needed to satisfy these requirements. + + e) Convey the object code using peer-to-peer transmission, provided + you inform other peers where the object code and Corresponding + Source of the work are being offered to the general public at no + charge under subsection 6d. + + A separable portion of the object code, whose source code is excluded +from the Corresponding Source as a System Library, need not be +included in conveying the object code work. + + A "User Product" is either (1) a "consumer product", which means any +tangible personal property which is normally used for personal, family, +or household purposes, or (2) anything designed or sold for incorporation +into a dwelling. In determining whether a product is a consumer product, +doubtful cases shall be resolved in favor of coverage. For a particular +product received by a particular user, "normally used" refers to a +typical or common use of that class of product, regardless of the status +of the particular user or of the way in which the particular user +actually uses, or expects or is expected to use, the product. A product +is a consumer product regardless of whether the product has substantial +commercial, industrial or non-consumer uses, unless such uses represent +the only significant mode of use of the product. + + "Installation Information" for a User Product means any methods, +procedures, authorization keys, or other information required to install +and execute modified versions of a covered work in that User Product from +a modified version of its Corresponding Source. The information must +suffice to ensure that the continued functioning of the modified object +code is in no case prevented or interfered with solely because +modification has been made. + + If you convey an object code work under this section in, or with, or +specifically for use in, a User Product, and the conveying occurs as +part of a transaction in which the right of possession and use of the +User Product is transferred to the recipient in perpetuity or for a +fixed term (regardless of how the transaction is characterized), the +Corresponding Source conveyed under this section must be accompanied +by the Installation Information. But this requirement does not apply +if neither you nor any third party retains the ability to install +modified object code on the User Product (for example, the work has +been installed in ROM). + + The requirement to provide Installation Information does not include a +requirement to continue to provide support service, warranty, or updates +for a work that has been modified or installed by the recipient, or for +the User Product in which it has been modified or installed. Access to a +network may be denied when the modification itself materially and +adversely affects the operation of the network or violates the rules and +protocols for communication across the network. + + Corresponding Source conveyed, and Installation Information provided, +in accord with this section must be in a format that is publicly +documented (and with an implementation available to the public in +source code form), and must require no special password or key for +unpacking, reading or copying. + + 7. Additional Terms. + + "Additional permissions" are terms that supplement the terms of this +License by making exceptions from one or more of its conditions. +Additional permissions that are applicable to the entire Program shall +be treated as though they were included in this License, to the extent +that they are valid under applicable law. If additional permissions +apply only to part of the Program, that part may be used separately +under those permissions, but the entire Program remains governed by +this License without regard to the additional permissions. + + When you convey a copy of a covered work, you may at your option +remove any additional permissions from that copy, or from any part of +it. (Additional permissions may be written to require their own +removal in certain cases when you modify the work.) You may place +additional permissions on material, added by you to a covered work, +for which you have or can give appropriate copyright permission. + + Notwithstanding any other provision of this License, for material you +add to a covered work, you may (if authorized by the copyright holders of +that material) supplement the terms of this License with terms: + + a) Disclaiming warranty or limiting liability differently from the + terms of sections 15 and 16 of this License; or + + b) Requiring preservation of specified reasonable legal notices or + author attributions in that material or in the Appropriate Legal + Notices displayed by works containing it; or + + c) Prohibiting misrepresentation of the origin of that material, or + requiring that modified versions of such material be marked in + reasonable ways as different from the original version; or + + d) Limiting the use for publicity purposes of names of licensors or + authors of the material; or + + e) Declining to grant rights under trademark law for use of some + trade names, trademarks, or service marks; or + + f) Requiring indemnification of licensors and authors of that + material by anyone who conveys the material (or modified versions of + it) with contractual assumptions of liability to the recipient, for + any liability that these contractual assumptions directly impose on + those licensors and authors. + + All other non-permissive additional terms are considered "further +restrictions" within the meaning of section 10. If the Program as you +received it, or any part of it, contains a notice stating that it is +governed by this License along with a term that is a further +restriction, you may remove that term. If a license document contains +a further restriction but permits relicensing or conveying under this +License, you may add to a covered work material governed by the terms +of that license document, provided that the further restriction does +not survive such relicensing or conveying. + + If you add terms to a covered work in accord with this section, you +must place, in the relevant source files, a statement of the +additional terms that apply to those files, or a notice indicating +where to find the applicable terms. + + Additional terms, permissive or non-permissive, may be stated in the +form of a separately written license, or stated as exceptions; +the above requirements apply either way. + + 8. Termination. + + You may not propagate or modify a covered work except as expressly +provided under this License. Any attempt otherwise to propagate or +modify it is void, and will automatically terminate your rights under +this License (including any patent licenses granted under the third +paragraph of section 11). + + However, if you cease all violation of this License, then your +license from a particular copyright holder is reinstated (a) +provisionally, unless and until the copyright holder explicitly and +finally terminates your license, and (b) permanently, if the copyright +holder fails to notify you of the violation by some reasonable means +prior to 60 days after the cessation. + + Moreover, your license from a particular copyright holder is +reinstated permanently if the copyright holder notifies you of the +violation by some reasonable means, this is the first time you have +received notice of violation of this License (for any work) from that +copyright holder, and you cure the violation prior to 30 days after +your receipt of the notice. + + Termination of your rights under this section does not terminate the +licenses of parties who have received copies or rights from you under +this License. If your rights have been terminated and not permanently +reinstated, you do not qualify to receive new licenses for the same +material under section 10. + + 9. Acceptance Not Required for Having Copies. + + You are not required to accept this License in order to receive or +run a copy of the Program. Ancillary propagation of a covered work +occurring solely as a consequence of using peer-to-peer transmission +to receive a copy likewise does not require acceptance. However, +nothing other than this License grants you permission to propagate or +modify any covered work. These actions infringe copyright if you do +not accept this License. Therefore, by modifying or propagating a +covered work, you indicate your acceptance of this License to do so. + + 10. Automatic Licensing of Downstream Recipients. + + Each time you convey a covered work, the recipient automatically +receives a license from the original licensors, to run, modify and +propagate that work, subject to this License. You are not responsible +for enforcing compliance by third parties with this License. + + An "entity transaction" is a transaction transferring control of an +organization, or substantially all assets of one, or subdividing an +organization, or merging organizations. If propagation of a covered +work results from an entity transaction, each party to that +transaction who receives a copy of the work also receives whatever +licenses to the work the party's predecessor in interest had or could +give under the previous paragraph, plus a right to possession of the +Corresponding Source of the work from the predecessor in interest, if +the predecessor has it or can get it with reasonable efforts. + + You may not impose any further restrictions on the exercise of the +rights granted or affirmed under this License. For example, you may +not impose a license fee, royalty, or other charge for exercise of +rights granted under this License, and you may not initiate litigation +(including a cross-claim or counterclaim in a lawsuit) alleging that +any patent claim is infringed by making, using, selling, offering for +sale, or importing the Program or any portion of it. + + 11. Patents. + + A "contributor" is a copyright holder who authorizes use under this +License of the Program or a work on which the Program is based. The +work thus licensed is called the contributor's "contributor version". + + A contributor's "essential patent claims" are all patent claims +owned or controlled by the contributor, whether already acquired or +hereafter acquired, that would be infringed by some manner, permitted +by this License, of making, using, or selling its contributor version, +but do not include claims that would be infringed only as a +consequence of further modification of the contributor version. For +purposes of this definition, "control" includes the right to grant +patent sublicenses in a manner consistent with the requirements of +this License. + + Each contributor grants you a non-exclusive, worldwide, royalty-free +patent license under the contributor's essential patent claims, to +make, use, sell, offer for sale, import and otherwise run, modify and +propagate the contents of its contributor version. + + In the following three paragraphs, a "patent license" is any express +agreement or commitment, however denominated, not to enforce a patent +(such as an express permission to practice a patent or covenant not to +sue for patent infringement). To "grant" such a patent license to a +party means to make such an agreement or commitment not to enforce a +patent against the party. + + If you convey a covered work, knowingly relying on a patent license, +and the Corresponding Source of the work is not available for anyone +to copy, free of charge and under the terms of this License, through a +publicly available network server or other readily accessible means, +then you must either (1) cause the Corresponding Source to be so +available, or (2) arrange to deprive yourself of the benefit of the +patent license for this particular work, or (3) arrange, in a manner +consistent with the requirements of this License, to extend the patent +license to downstream recipients. "Knowingly relying" means you have +actual knowledge that, but for the patent license, your conveying the +covered work in a country, or your recipient's use of the covered work +in a country, would infringe one or more identifiable patents in that +country that you have reason to believe are valid. + + If, pursuant to or in connection with a single transaction or +arrangement, you convey, or propagate by procuring conveyance of, a +covered work, and grant a patent license to some of the parties +receiving the covered work authorizing them to use, propagate, modify +or convey a specific copy of the covered work, then the patent license +you grant is automatically extended to all recipients of the covered +work and works based on it. + + A patent license is "discriminatory" if it does not include within +the scope of its coverage, prohibits the exercise of, or is +conditioned on the non-exercise of one or more of the rights that are +specifically granted under this License. You may not convey a covered +work if you are a party to an arrangement with a third party that is +in the business of distributing software, under which you make payment +to the third party based on the extent of your activity of conveying +the work, and under which the third party grants, to any of the +parties who would receive the covered work from you, a discriminatory +patent license (a) in connection with copies of the covered work +conveyed by you (or copies made from those copies), or (b) primarily +for and in connection with specific products or compilations that +contain the covered work, unless you entered into that arrangement, +or that patent license was granted, prior to 28 March 2007. + + Nothing in this License shall be construed as excluding or limiting +any implied license or other defenses to infringement that may +otherwise be available to you under applicable patent law. + + 12. No Surrender of Others' Freedom. + + If conditions are imposed on you (whether by court order, agreement or +otherwise) that contradict the conditions of this License, they do not +excuse you from the conditions of this License. If you cannot convey a +covered work so as to satisfy simultaneously your obligations under this +License and any other pertinent obligations, then as a consequence you may +not convey it at all. For example, if you agree to terms that obligate you +to collect a royalty for further conveying from those to whom you convey +the Program, the only way you could satisfy both those terms and this +License would be to refrain entirely from conveying the Program. + + 13. Use with the GNU Affero General Public License. + + Notwithstanding any other provision of this License, you have +permission to link or combine any covered work with a work licensed +under version 3 of the GNU Affero General Public License into a single +combined work, and to convey the resulting work. The terms of this +License will continue to apply to the part which is the covered work, +but the special requirements of the GNU Affero General Public License, +section 13, concerning interaction through a network will apply to the +combination as such. + + 14. Revised Versions of this License. + + The Free Software Foundation may publish revised and/or new versions of +the GNU General Public License from time to time. Such new versions will +be similar in spirit to the present version, but may differ in detail to +address new problems or concerns. + + Each version is given a distinguishing version number. If the +Program specifies that a certain numbered version of the GNU General +Public License "or any later version" applies to it, you have the +option of following the terms and conditions either of that numbered +version or of any later version published by the Free Software +Foundation. If the Program does not specify a version number of the +GNU General Public License, you may choose any version ever published +by the Free Software Foundation. + + If the Program specifies that a proxy can decide which future +versions of the GNU General Public License can be used, that proxy's +public statement of acceptance of a version permanently authorizes you +to choose that version for the Program. + + Later license versions may give you additional or different +permissions. However, no additional obligations are imposed on any +author or copyright holder as a result of your choosing to follow a +later version. + + 15. Disclaimer of Warranty. + + THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY +APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT +HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY +OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, +THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM +IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF +ALL NECESSARY SERVICING, REPAIR OR CORRECTION. + + 16. Limitation of Liability. + + IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING +WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS +THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY +GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE +USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF +DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD +PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), +EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF +SUCH DAMAGES. + + 17. Interpretation of Sections 15 and 16. + + If the disclaimer of warranty and limitation of liability provided +above cannot be given local legal effect according to their terms, +reviewing courts shall apply local law that most closely approximates +an absolute waiver of all civil liability in connection with the +Program, unless a warranty or assumption of liability accompanies a +copy of the Program in return for a fee. + + END OF TERMS AND CONDITIONS + + How to Apply These Terms to Your New Programs + + If you develop a new program, and you want it to be of the greatest +possible use to the public, the best way to achieve this is to make it +free software which everyone can redistribute and change under these terms. + + To do so, attach the following notices to the program. It is safest +to attach them to the start of each source file to most effectively +state the exclusion of warranty; and each file should have at least +the "copyright" line and a pointer to where the full notice is found. + + + Copyright (C) + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . + +Also add information on how to contact you by electronic and paper mail. + + If the program does terminal interaction, make it output a short +notice like this when it starts in an interactive mode: + + Copyright (C) + This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'. + This is free software, and you are welcome to redistribute it + under certain conditions; type `show c' for details. + +The hypothetical commands `show w' and `show c' should show the appropriate +parts of the General Public License. Of course, your program's commands +might be different; for a GUI interface, you would use an "about box". + + You should also get your employer (if you work as a programmer) or school, +if any, to sign a "copyright disclaimer" for the program, if necessary. +For more information on this, and how to apply and follow the GNU GPL, see +. + + The GNU General Public License does not permit incorporating your program +into proprietary programs. If your program is a subroutine library, you +may consider it more useful to permit linking proprietary applications with +the library. If this is what you want to do, use the GNU Lesser General +Public License instead of this License. But first, please read +. diff --git a/doc/COPYING.LESSER b/doc/COPYING.LESSER new file mode 100644 index 0000000..8add30a --- /dev/null +++ b/doc/COPYING.LESSER @@ -0,0 +1,504 @@ + GNU LESSER GENERAL PUBLIC LICENSE + Version 2.1, February 1999 + + Copyright (C) 1991, 1999 Free Software Foundation, Inc. + 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA + Everyone is permitted to copy and distribute verbatim copies + of this license document, but changing it is not allowed. + +[This is the first released version of the Lesser GPL. It also counts + as the successor of the GNU Library Public License, version 2, hence + the version number 2.1.] + + Preamble + + The licenses for most software are designed to take away your +freedom to share and change it. By contrast, the GNU General Public +Licenses are intended to guarantee your freedom to share and change +free software--to make sure the software is free for all its users. + + This license, the Lesser General Public License, applies to some +specially designated software packages--typically libraries--of the +Free Software Foundation and other authors who decide to use it. You +can use it too, but we suggest you first think carefully about whether +this license or the ordinary General Public License is the better +strategy to use in any particular case, based on the explanations below. + + When we speak of free software, we are referring to freedom of use, +not price. Our General Public Licenses are designed to make sure that +you have the freedom to distribute copies of free software (and charge +for this service if you wish); that you receive source code or can get +it if you want it; that you can change the software and use pieces of +it in new free programs; and that you are informed that you can do +these things. + + To protect your rights, we need to make restrictions that forbid +distributors to deny you these rights or to ask you to surrender these +rights. These restrictions translate to certain responsibilities for +you if you distribute copies of the library or if you modify it. + + For example, if you distribute copies of the library, whether gratis +or for a fee, you must give the recipients all the rights that we gave +you. You must make sure that they, too, receive or can get the source +code. If you link other code with the library, you must provide +complete object files to the recipients, so that they can relink them +with the library after making changes to the library and recompiling +it. And you must show them these terms so they know their rights. + + We protect your rights with a two-step method: (1) we copyright the +library, and (2) we offer you this license, which gives you legal +permission to copy, distribute and/or modify the library. + + To protect each distributor, we want to make it very clear that +there is no warranty for the free library. Also, if the library is +modified by someone else and passed on, the recipients should know +that what they have is not the original version, so that the original +author's reputation will not be affected by problems that might be +introduced by others. + + Finally, software patents pose a constant threat to the existence of +any free program. We wish to make sure that a company cannot +effectively restrict the users of a free program by obtaining a +restrictive license from a patent holder. Therefore, we insist that +any patent license obtained for a version of the library must be +consistent with the full freedom of use specified in this license. + + Most GNU software, including some libraries, is covered by the +ordinary GNU General Public License. This license, the GNU Lesser +General Public License, applies to certain designated libraries, and +is quite different from the ordinary General Public License. We use +this license for certain libraries in order to permit linking those +libraries into non-free programs. + + When a program is linked with a library, whether statically or using +a shared library, the combination of the two is legally speaking a +combined work, a derivative of the original library. The ordinary +General Public License therefore permits such linking only if the +entire combination fits its criteria of freedom. The Lesser General +Public License permits more lax criteria for linking other code with +the library. + + We call this license the "Lesser" General Public License because it +does Less to protect the user's freedom than the ordinary General +Public License. It also provides other free software developers Less +of an advantage over competing non-free programs. These disadvantages +are the reason we use the ordinary General Public License for many +libraries. However, the Lesser license provides advantages in certain +special circumstances. + + For example, on rare occasions, there may be a special need to +encourage the widest possible use of a certain library, so that it becomes +a de-facto standard. To achieve this, non-free programs must be +allowed to use the library. A more frequent case is that a free +library does the same job as widely used non-free libraries. In this +case, there is little to gain by limiting the free library to free +software only, so we use the Lesser General Public License. + + In other cases, permission to use a particular library in non-free +programs enables a greater number of people to use a large body of +free software. For example, permission to use the GNU C Library in +non-free programs enables many more people to use the whole GNU +operating system, as well as its variant, the GNU/Linux operating +system. + + Although the Lesser General Public License is Less protective of the +users' freedom, it does ensure that the user of a program that is +linked with the Library has the freedom and the wherewithal to run +that program using a modified version of the Library. + + The precise terms and conditions for copying, distribution and +modification follow. Pay close attention to the difference between a +"work based on the library" and a "work that uses the library". The +former contains code derived from the library, whereas the latter must +be combined with the library in order to run. + + GNU LESSER GENERAL PUBLIC LICENSE + TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION + + 0. This License Agreement applies to any software library or other +program which contains a notice placed by the copyright holder or +other authorized party saying it may be distributed under the terms of +this Lesser General Public License (also called "this License"). +Each licensee is addressed as "you". + + A "library" means a collection of software functions and/or data +prepared so as to be conveniently linked with application programs +(which use some of those functions and data) to form executables. + + The "Library", below, refers to any such software library or work +which has been distributed under these terms. A "work based on the +Library" means either the Library or any derivative work under +copyright law: that is to say, a work containing the Library or a +portion of it, either verbatim or with modifications and/or translated +straightforwardly into another language. (Hereinafter, translation is +included without limitation in the term "modification".) + + "Source code" for a work means the preferred form of the work for +making modifications to it. For a library, complete source code means +all the source code for all modules it contains, plus any associated +interface definition files, plus the scripts used to control compilation +and installation of the library. + + Activities other than copying, distribution and modification are not +covered by this License; they are outside its scope. The act of +running a program using the Library is not restricted, and output from +such a program is covered only if its contents constitute a work based +on the Library (independent of the use of the Library in a tool for +writing it). Whether that is true depends on what the Library does +and what the program that uses the Library does. + + 1. You may copy and distribute verbatim copies of the Library's +complete source code as you receive it, in any medium, provided that +you conspicuously and appropriately publish on each copy an +appropriate copyright notice and disclaimer of warranty; keep intact +all the notices that refer to this License and to the absence of any +warranty; and distribute a copy of this License along with the +Library. + + You may charge a fee for the physical act of transferring a copy, +and you may at your option offer warranty protection in exchange for a +fee. + + 2. You may modify your copy or copies of the Library or any portion +of it, thus forming a work based on the Library, and copy and +distribute such modifications or work under the terms of Section 1 +above, provided that you also meet all of these conditions: + + a) The modified work must itself be a software library. + + b) You must cause the files modified to carry prominent notices + stating that you changed the files and the date of any change. + + c) You must cause the whole of the work to be licensed at no + charge to all third parties under the terms of this License. + + d) If a facility in the modified Library refers to a function or a + table of data to be supplied by an application program that uses + the facility, other than as an argument passed when the facility + is invoked, then you must make a good faith effort to ensure that, + in the event an application does not supply such function or + table, the facility still operates, and performs whatever part of + its purpose remains meaningful. + + (For example, a function in a library to compute square roots has + a purpose that is entirely well-defined independent of the + application. Therefore, Subsection 2d requires that any + application-supplied function or table used by this function must + be optional: if the application does not supply it, the square + root function must still compute square roots.) + +These requirements apply to the modified work as a whole. If +identifiable sections of that work are not derived from the Library, +and can be reasonably considered independent and separate works in +themselves, then this License, and its terms, do not apply to those +sections when you distribute them as separate works. But when you +distribute the same sections as part of a whole which is a work based +on the Library, the distribution of the whole must be on the terms of +this License, whose permissions for other licensees extend to the +entire whole, and thus to each and every part regardless of who wrote +it. + +Thus, it is not the intent of this section to claim rights or contest +your rights to work written entirely by you; rather, the intent is to +exercise the right to control the distribution of derivative or +collective works based on the Library. + +In addition, mere aggregation of another work not based on the Library +with the Library (or with a work based on the Library) on a volume of +a storage or distribution medium does not bring the other work under +the scope of this License. + + 3. You may opt to apply the terms of the ordinary GNU General Public +License instead of this License to a given copy of the Library. To do +this, you must alter all the notices that refer to this License, so +that they refer to the ordinary GNU General Public License, version 2, +instead of to this License. (If a newer version than version 2 of the +ordinary GNU General Public License has appeared, then you can specify +that version instead if you wish.) Do not make any other change in +these notices. + + Once this change is made in a given copy, it is irreversible for +that copy, so the ordinary GNU General Public License applies to all +subsequent copies and derivative works made from that copy. + + This option is useful when you wish to copy part of the code of +the Library into a program that is not a library. + + 4. You may copy and distribute the Library (or a portion or +derivative of it, under Section 2) in object code or executable form +under the terms of Sections 1 and 2 above provided that you accompany +it with the complete corresponding machine-readable source code, which +must be distributed under the terms of Sections 1 and 2 above on a +medium customarily used for software interchange. + + If distribution of object code is made by offering access to copy +from a designated place, then offering equivalent access to copy the +source code from the same place satisfies the requirement to +distribute the source code, even though third parties are not +compelled to copy the source along with the object code. + + 5. A program that contains no derivative of any portion of the +Library, but is designed to work with the Library by being compiled or +linked with it, is called a "work that uses the Library". Such a +work, in isolation, is not a derivative work of the Library, and +therefore falls outside the scope of this License. + + However, linking a "work that uses the Library" with the Library +creates an executable that is a derivative of the Library (because it +contains portions of the Library), rather than a "work that uses the +library". The executable is therefore covered by this License. +Section 6 states terms for distribution of such executables. + + When a "work that uses the Library" uses material from a header file +that is part of the Library, the object code for the work may be a +derivative work of the Library even though the source code is not. +Whether this is true is especially significant if the work can be +linked without the Library, or if the work is itself a library. The +threshold for this to be true is not precisely defined by law. + + If such an object file uses only numerical parameters, data +structure layouts and accessors, and small macros and small inline +functions (ten lines or less in length), then the use of the object +file is unrestricted, regardless of whether it is legally a derivative +work. (Executables containing this object code plus portions of the +Library will still fall under Section 6.) + + Otherwise, if the work is a derivative of the Library, you may +distribute the object code for the work under the terms of Section 6. +Any executables containing that work also fall under Section 6, +whether or not they are linked directly with the Library itself. + + 6. As an exception to the Sections above, you may also combine or +link a "work that uses the Library" with the Library to produce a +work containing portions of the Library, and distribute that work +under terms of your choice, provided that the terms permit +modification of the work for the customer's own use and reverse +engineering for debugging such modifications. + + You must give prominent notice with each copy of the work that the +Library is used in it and that the Library and its use are covered by +this License. You must supply a copy of this License. If the work +during execution displays copyright notices, you must include the +copyright notice for the Library among them, as well as a reference +directing the user to the copy of this License. Also, you must do one +of these things: + + a) Accompany the work with the complete corresponding + machine-readable source code for the Library including whatever + changes were used in the work (which must be distributed under + Sections 1 and 2 above); and, if the work is an executable linked + with the Library, with the complete machine-readable "work that + uses the Library", as object code and/or source code, so that the + user can modify the Library and then relink to produce a modified + executable containing the modified Library. (It is understood + that the user who changes the contents of definitions files in the + Library will not necessarily be able to recompile the application + to use the modified definitions.) + + b) Use a suitable shared library mechanism for linking with the + Library. A suitable mechanism is one that (1) uses at run time a + copy of the library already present on the user's computer system, + rather than copying library functions into the executable, and (2) + will operate properly with a modified version of the library, if + the user installs one, as long as the modified version is + interface-compatible with the version that the work was made with. + + c) Accompany the work with a written offer, valid for at + least three years, to give the same user the materials + specified in Subsection 6a, above, for a charge no more + than the cost of performing this distribution. + + d) If distribution of the work is made by offering access to copy + from a designated place, offer equivalent access to copy the above + specified materials from the same place. + + e) Verify that the user has already received a copy of these + materials or that you have already sent this user a copy. + + For an executable, the required form of the "work that uses the +Library" must include any data and utility programs needed for +reproducing the executable from it. However, as a special exception, +the materials to be distributed need not include anything that is +normally distributed (in either source or binary form) with the major +components (compiler, kernel, and so on) of the operating system on +which the executable runs, unless that component itself accompanies +the executable. + + It may happen that this requirement contradicts the license +restrictions of other proprietary libraries that do not normally +accompany the operating system. Such a contradiction means you cannot +use both them and the Library together in an executable that you +distribute. + + 7. You may place library facilities that are a work based on the +Library side-by-side in a single library together with other library +facilities not covered by this License, and distribute such a combined +library, provided that the separate distribution of the work based on +the Library and of the other library facilities is otherwise +permitted, and provided that you do these two things: + + a) Accompany the combined library with a copy of the same work + based on the Library, uncombined with any other library + facilities. This must be distributed under the terms of the + Sections above. + + b) Give prominent notice with the combined library of the fact + that part of it is a work based on the Library, and explaining + where to find the accompanying uncombined form of the same work. + + 8. You may not copy, modify, sublicense, link with, or distribute +the Library except as expressly provided under this License. Any +attempt otherwise to copy, modify, sublicense, link with, or +distribute the Library is void, and will automatically terminate your +rights under this License. However, parties who have received copies, +or rights, from you under this License will not have their licenses +terminated so long as such parties remain in full compliance. + + 9. You are not required to accept this License, since you have not +signed it. However, nothing else grants you permission to modify or +distribute the Library or its derivative works. These actions are +prohibited by law if you do not accept this License. Therefore, by +modifying or distributing the Library (or any work based on the +Library), you indicate your acceptance of this License to do so, and +all its terms and conditions for copying, distributing or modifying +the Library or works based on it. + + 10. Each time you redistribute the Library (or any work based on the +Library), the recipient automatically receives a license from the +original licensor to copy, distribute, link with or modify the Library +subject to these terms and conditions. You may not impose any further +restrictions on the recipients' exercise of the rights granted herein. +You are not responsible for enforcing compliance by third parties with +this License. + + 11. If, as a consequence of a court judgment or allegation of patent +infringement or for any other reason (not limited to patent issues), +conditions are imposed on you (whether by court order, agreement or +otherwise) that contradict the conditions of this License, they do not +excuse you from the conditions of this License. If you cannot +distribute so as to satisfy simultaneously your obligations under this +License and any other pertinent obligations, then as a consequence you +may not distribute the Library at all. For example, if a patent +license would not permit royalty-free redistribution of the Library by +all those who receive copies directly or indirectly through you, then +the only way you could satisfy both it and this License would be to +refrain entirely from distribution of the Library. + +If any portion of this section is held invalid or unenforceable under any +particular circumstance, the balance of the section is intended to apply, +and the section as a whole is intended to apply in other circumstances. + +It is not the purpose of this section to induce you to infringe any +patents or other property right claims or to contest validity of any +such claims; this section has the sole purpose of protecting the +integrity of the free software distribution system which is +implemented by public license practices. Many people have made +generous contributions to the wide range of software distributed +through that system in reliance on consistent application of that +system; it is up to the author/donor to decide if he or she is willing +to distribute software through any other system and a licensee cannot +impose that choice. + +This section is intended to make thoroughly clear what is believed to +be a consequence of the rest of this License. + + 12. If the distribution and/or use of the Library is restricted in +certain countries either by patents or by copyrighted interfaces, the +original copyright holder who places the Library under this License may add +an explicit geographical distribution limitation excluding those countries, +so that distribution is permitted only in or among countries not thus +excluded. In such case, this License incorporates the limitation as if +written in the body of this License. + + 13. The Free Software Foundation may publish revised and/or new +versions of the Lesser General Public License from time to time. +Such new versions will be similar in spirit to the present version, +but may differ in detail to address new problems or concerns. + +Each version is given a distinguishing version number. If the Library +specifies a version number of this License which applies to it and +"any later version", you have the option of following the terms and +conditions either of that version or of any later version published by +the Free Software Foundation. If the Library does not specify a +license version number, you may choose any version ever published by +the Free Software Foundation. + + 14. If you wish to incorporate parts of the Library into other free +programs whose distribution conditions are incompatible with these, +write to the author to ask for permission. For software which is +copyrighted by the Free Software Foundation, write to the Free +Software Foundation; we sometimes make exceptions for this. Our +decision will be guided by the two goals of preserving the free status +of all derivatives of our free software and of promoting the sharing +and reuse of software generally. + + NO WARRANTY + + 15. BECAUSE THE LIBRARY IS LICENSED FREE OF CHARGE, THERE IS NO +WARRANTY FOR THE LIBRARY, TO THE EXTENT PERMITTED BY APPLICABLE LAW. +EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR +OTHER PARTIES PROVIDE THE LIBRARY "AS IS" WITHOUT WARRANTY OF ANY +KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE +IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE +LIBRARY IS WITH YOU. SHOULD THE LIBRARY PROVE DEFECTIVE, YOU ASSUME +THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION. + + 16. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN +WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY +AND/OR REDISTRIBUTE THE LIBRARY AS PERMITTED ABOVE, BE LIABLE TO YOU +FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR +CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE +LIBRARY (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING +RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A +FAILURE OF THE LIBRARY TO OPERATE WITH ANY OTHER SOFTWARE), EVEN IF +SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH +DAMAGES. + + END OF TERMS AND CONDITIONS + + How to Apply These Terms to Your New Libraries + + If you develop a new library, and you want it to be of the greatest +possible use to the public, we recommend making it free software that +everyone can redistribute and change. You can do so by permitting +redistribution under these terms (or, alternatively, under the terms of the +ordinary General Public License). + + To apply these terms, attach the following notices to the library. It is +safest to attach them to the start of each source file to most effectively +convey the exclusion of warranty; and each file should have at least the +"copyright" line and a pointer to where the full notice is found. + + + Copyright (C) + + This library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + This library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with this library; if not, write to the Free Software + Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA + +Also add information on how to contact you by electronic and paper mail. + +You should also get your employer (if you work as a programmer) or your +school, if any, to sign a "copyright disclaimer" for the library, if +necessary. Here is a sample; alter the names: + + Yoyodyne, Inc., hereby disclaims all copyright interest in the + library `Frob' (a library for tweaking knobs) written by James Random Hacker. + + , 1 April 1990 + Ty Coon, President of Vice + +That's all there is to it! + + diff --git a/doc/Makefile.am b/doc/Makefile.am new file mode 100644 index 0000000..773ab6d --- /dev/null +++ b/doc/Makefile.am @@ -0,0 +1,2855 @@ +## Process this file with automake to produce Makefile.in +# Copyright (C) 2000-2012 Free Software Foundation, Inc. +# +# Author: Nikos Mavrogiannopoulos +# +# This file is part of GnuTLS. +# +# This file is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 3 of the License, or +# (at your option) any later version. +# +# This file is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this file; if not, write to the Free Software Foundation, +# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +EXTRA_DIST = TODO certtool.cfg gnutls.html \ + doxygen/Doxyfile.in doxygen/Doxyfile.orig texinfo.css \ + gnutls-guile.html stamp_enums stamp_functions \ + doc.mk COPYING COPYING.LESSER + +IMAGES = \ + gnutls-handshake-state.png \ + gnutls-layers.png gnutls-modauth.png \ + gnutls-client-server-use-case.png \ + gnutls-handshake-sequence.png gnutls-internals.png \ + gnutls-logo.png gnutls-x509.png \ + pkcs11-vision.png + +SUBDIRS = examples scripts credentials latex +if ENABLE_GTK_DOC +SUBDIRS += reference +endif + +-include $(top_srcdir)/doc/doc.mk + +invoke-gnutls-cli.texi: $(top_srcdir)/src/cli-args.def + PATH="$(top_builddir)/src/$(PATH_SEPARATOR)$${PATH}$(PATH_SEPARATOR)" $(AUTOGEN) -L$(top_builddir)/src -Tagtexi-cmd.tpl $<; \ + if [ ! -e $@ ]; then \ + cp $(srcdir)/$@ .; \ + fi; \ + $(srcdir)/scripts/cleanup-autogen.pl < $@ > $@.tmp && \ + mv -f $@.tmp $@ + +invoke-gnutls-cli-debug.texi: $(top_srcdir)/src/cli-debug-args.def invoke-gnutls-cli.texi + PATH="$(top_builddir)/src/$(PATH_SEPARATOR)$${PATH}$(PATH_SEPARATOR)" $(AUTOGEN) -L$(top_builddir)/src -Tagtexi-cmd.tpl $<; \ + if [ ! -e $@ ]; then \ + cp $(srcdir)/$@ .; \ + fi; \ + $(srcdir)/scripts/cleanup-autogen.pl < $@ > $@.tmp && \ + mv -f $@.tmp $@ + +invoke-gnutls-serv.texi: $(top_srcdir)/src/serv-args.def invoke-gnutls-cli-debug.texi + PATH="$(top_builddir)/src/$(PATH_SEPARATOR)$${PATH}$(PATH_SEPARATOR)" $(AUTOGEN) -L$(top_builddir)/src -Tagtexi-cmd.tpl $<; \ + if [ ! -e $@ ]; then \ + cp $(srcdir)/$@ .; \ + fi; \ + $(srcdir)/scripts/cleanup-autogen.pl < $@ > $@.tmp && \ + mv -f $@.tmp $@ + +invoke-certtool.texi: $(top_srcdir)/src/certtool-args.def invoke-gnutls-serv.texi + PATH="$(top_builddir)/src/$(PATH_SEPARATOR)$${PATH}$(PATH_SEPARATOR)" $(AUTOGEN) -L$(top_builddir)/src -Tagtexi-cmd.tpl $<; \ + if [ ! -e $@ ]; then \ + cp $(srcdir)/$@ .; \ + fi; \ + $(srcdir)/scripts/cleanup-autogen.pl < $@ > $@.tmp && \ + rm -f $@ && \ + $(SED) -e 's/@subheading/@subsubheading/g' \ + -e 's/@section/@subsection/g' $@.tmp > $@ && \ + rm -f $@.tmp + +invoke-ocsptool.texi: $(top_srcdir)/src/ocsptool-args.def invoke-certtool.texi + PATH="$(top_builddir)/src/$(PATH_SEPARATOR)$${PATH}$(PATH_SEPARATOR)" $(AUTOGEN) -L$(top_builddir)/src -Tagtexi-cmd.tpl $<; \ + if [ ! -e $@ ]; then \ + cp $(srcdir)/$@ .; \ + fi; \ + $(srcdir)/scripts/cleanup-autogen.pl < $@ > $@.tmp && \ + rm -f $@ && \ + $(SED) -e 's/@subheading/@subsubheading/g' \ + -e 's/@section/@subsection/g' $@.tmp > $@ && \ + rm -f $@.tmp + +invoke-danetool.texi: $(top_srcdir)/src/danetool-args.def invoke-ocsptool.texi + PATH="$(top_builddir)/src/$(PATH_SEPARATOR)$${PATH}$(PATH_SEPARATOR)" $(AUTOGEN) -L$(top_builddir)/src -Tagtexi-cmd.tpl $<; \ + if [ ! -e $@ ]; then \ + cp $(srcdir)/$@ .; \ + fi; \ + $(srcdir)/scripts/cleanup-autogen.pl < $@ > $@.tmp && \ + rm -f $@ && \ + $(SED) -e 's/@subheading/@subsubheading/g' \ + -e 's/@section/@subsection/g' $@.tmp > $@ && \ + rm -f $@.tmp + +invoke-srptool.texi: $(top_srcdir)/src/srptool-args.def invoke-danetool.texi + PATH="$(top_builddir)/src/$(PATH_SEPARATOR)$${PATH}$(PATH_SEPARATOR)" $(AUTOGEN) -L$(top_builddir)/src -Tagtexi-cmd.tpl $<; \ + if [ ! -e $@ ]; then \ + cp $(srcdir)/$@ .; \ + fi; \ + $(srcdir)/scripts/cleanup-autogen.pl < $@ > $@.tmp && \ + rm -f $@ && \ + $(SED) -e 's/@subheading/@subsubheading/g' \ + -e 's/@section/@subsubsection/g' $@.tmp > $@ && \ + rm -f $@.tmp + +invoke-psktool.texi: $(top_srcdir)/src/psktool-args.def invoke-srptool.texi + PATH="$(top_builddir)/src/$(PATH_SEPARATOR)$${PATH}$(PATH_SEPARATOR)" $(AUTOGEN) -L$(top_builddir)/src -Tagtexi-cmd.tpl $<; \ + if [ ! -e $@ ]; then \ + cp $(srcdir)/$@ .; \ + fi; \ + $(srcdir)/scripts/cleanup-autogen.pl < $@ > $@.tmp && \ + rm -f $@ && \ + $(SED) -e 's/@subheading/@subsubheading/g' \ + -e 's/@section/@subsubsection/g' $@.tmp > $@ && \ + rm -f $@.tmp + +invoke-p11tool.texi: $(top_srcdir)/src/p11tool-args.def invoke-psktool.texi + PATH="$(top_builddir)/src/$(PATH_SEPARATOR)$${PATH}$(PATH_SEPARATOR)" $(AUTOGEN) -L$(top_builddir)/src -Tagtexi-cmd.tpl $<; \ + if [ ! -e $@ ]; then \ + cp $(srcdir)/$@ .; \ + fi; \ + $(srcdir)/scripts/cleanup-autogen.pl < $@ > $@.tmp && \ + rm -f $@ && \ + $(SED) \ + -e 's/@subsection/@subsubheading/g' \ + -e 's/@section/@subsection/g' $@.tmp > $@ && \ + rm -f $@.tmp + +invoke-tpmtool.texi: $(top_srcdir)/src/tpmtool-args.def invoke-p11tool.texi + PATH="$(top_builddir)/src/$(PATH_SEPARATOR)$${PATH}$(PATH_SEPARATOR)" $(AUTOGEN) -L$(top_builddir)/src -Tagtexi-cmd.tpl $<; \ + if [ ! -e $@ ]; then \ + cp $(srcdir)/$@ .; \ + fi; \ + $(srcdir)/scripts/cleanup-autogen.pl < $@ > $@.tmp && \ + rm -f $@ && \ + $(SED) \ + -e 's/@subsection/@subsubheading/g' \ + -e 's/@section/@subsection/g' $@.tmp > $@ && \ + rm -f $@.tmp + + +info_TEXINFOS = gnutls.texi gnutls-guile.texi +gnutls_TEXINFOS = gnutls.texi fdl-1.3.texi \ + cha-bib.texi cha-cert-auth.texi cha-cert-auth2.texi \ + cha-ciphersuites.texi cha-copying.texi cha-functions.texi \ + cha-gtls-app.texi cha-internals.texi cha-intro-tls.texi \ + cha-library.texi cha-preface.texi cha-programs.texi \ + sec-tls-app.texi cha-errors.texi cha-support.texi \ + cha-shared-key.texi cha-gtls-examples.texi cha-upgrade.texi \ + cha-tokens.texi cha-crypto.texi cha-auth.texi + +AUTOGENED_DOC = invoke-gnutls-cli.texi invoke-gnutls-cli-debug.texi \ + invoke-gnutls-serv.texi invoke-certtool.texi invoke-srptool.texi \ + invoke-ocsptool.texi invoke-psktool.texi invoke-p11tool.texi \ + invoke-tpmtool.texi invoke-danetool.texi + +gnutls_TEXINFOS += stamp_functions + +# Examples. +gnutls_TEXINFOS += examples/ex-client-anon.c \ + examples/ex-session-info.c examples/ex-verify.c \ + examples/ex-cert-select.c examples/ex-client-resume.c \ + examples/ex-client-srp.c examples/ex-client-x509.c \ + examples/ex-serv-x509.c examples/ex-serv-anon.c \ + examples/ex-serv-srp.c \ + examples/ex-alert.c examples/ex-x509-info.c examples/ex-crq.c \ + examples/ex-pkcs12.c examples/ex-client-dtls.c + +# Images. Make sure there are eps + png + pdf of each, plus the source dia. +gnutls_TEXINFOS += gnutls-internals.dia gnutls-internals.eps \ + gnutls-internals.png +gnutls_TEXINFOS += gnutls-layers.dia gnutls-layers.eps \ + gnutls-layers.png +gnutls_TEXINFOS += gnutls-crypto-layers.dia gnutls-crypto-layers.eps \ + gnutls-crypto-layers.png +gnutls_TEXINFOS += gnutls-x509.dia gnutls-x509.eps gnutls-x509.png +gnutls_TEXINFOS += gnutls-logo.eps gnutls-logo.png +gnutls_TEXINFOS += pkcs11-vision.dia pkcs11-vision.eps pkcs11-vision.png + +# Images. Make sure there are eps + png + pdf of each, plus the source dia. +gnutls_TEXINFOS += gnutls-client-server-use-case.dia \ + gnutls-client-server-use-case.eps \ + gnutls-client-server-use-case.png +gnutls_TEXINFOS += gnutls-handshake-sequence.dia \ + gnutls-handshake-sequence.eps gnutls-handshake-sequence.png +gnutls_TEXINFOS += gnutls-handshake-state.dia \ + gnutls-handshake-state.eps gnutls-handshake-state.png +gnutls_TEXINFOS += gnutls-modauth.dia gnutls-modauth.eps \ + gnutls-modauth.png + +infoimagesdir = $(infodir) +infoimages_DATA = $(IMAGES) +html_DATA = $(IMAGES) + +AM_MAKEINFOFLAGS = -I $(top_srcdir)/doc +TEXI2DVI = texi2dvi $(AM_MAKEINFOFLAGS) +AM_MAKEINFOHTMLFLAGS = $(AM_MAKEINFOFLAGS) \ + --no-split --css-include=$(srcdir)/texinfo.css + +MAINTAINERCLEANFILES = + +# Generated texinfos. + +API_FILES=gnutls-api.texi socket-api.texi x509-api.texi pkcs12-api.texi \ + tpm-api.texi pkcs11-api.texi abstract-api.texi compat-api.texi \ + dtls-api.texi crypto-api.texi ocsp-api.texi tpm-api.texi dane-api.texi \ + pkcs7-api.texi + +clean-local: + -rm -f stamp_enums stamp_functions + -rm -rf functions/ enums/ + -rm -f $(API_FILES) + +gnutls_TEXINFOS += $(API_FILES) + +MAINTAINERCLEANFILES += $(API_FILES) + +gnutls-api.texi: $(top_srcdir)/lib/includes/gnutls/gnutls.h.in + echo "" > $@-tmp + for i in `$(top_srcdir)/doc/scripts/getfuncs.pl < $< |sort|uniq`; do \ + echo $(ECHO_N) "Creating documentation for $$i... " && \ + $(srcdir)/scripts/gdoc -texinfo \ + -function $$i \ + $(C_SOURCE_FILES) >> $@-tmp && \ + echo "ok"; \ + done + mv -f $@-tmp $@ + +socket-api.texi: $(top_srcdir)/lib/includes/gnutls/socket.h + echo "" > $@-tmp + for i in `$(top_srcdir)/doc/scripts/getfuncs.pl < $< |sort|uniq`; do \ + echo $(ECHO_N) "Creating documentation for $$i... " && \ + $(srcdir)/scripts/gdoc -texinfo \ + -function $$i \ + $(C_SOURCE_FILES) >> $@-tmp && \ + echo "ok"; \ + done + mv -f $@-tmp $@ + +dane-api.texi: $(top_srcdir)/libdane/includes/gnutls/dane.h + echo "" > $@-tmp + for i in `$(top_srcdir)/doc/scripts/getfuncs.pl < $< |sort|uniq`; do \ + echo $(ECHO_N) "Creating documentation for $$i... " && \ + $(srcdir)/scripts/gdoc -texinfo \ + -function $$i \ + $(C_SOURCE_FILES) >> $@-tmp && \ + echo "ok"; \ + done + mv -f $@-tmp $@ + +x509-api.texi: $(top_srcdir)/lib/includes/gnutls/x509.h $(top_srcdir)/lib/includes/gnutls/x509-ext.h + echo "" > $@-tmp + cat $^ > $@-tmp2 + for i in `$(top_srcdir)/doc/scripts/getfuncs.pl < $@-tmp2 |sort |uniq`; do \ + echo $(ECHO_N) "Creating documentation for $$i... " && \ + $(srcdir)/scripts/gdoc -texinfo \ + -function $$i \ + $(C_SOURCE_FILES) >> $@-tmp && \ + echo "ok"; \ + done + rm -f $@-tmp2 + mv -f $@-tmp $@ + +pkcs12-api.texi: $(top_srcdir)/lib/includes/gnutls/pkcs12.h + echo "" > $@-tmp + for i in `$(top_srcdir)/doc/scripts/getfuncs.pl < $< |sort|uniq`; do \ + echo $(ECHO_N) "Creating documentation for $$i... " && \ + $(srcdir)/scripts/gdoc -texinfo \ + -function $$i \ + $(C_X509_SOURCE_FILES) >> $@-tmp && \ + echo "ok"; \ + done + mv -f $@-tmp $@ + +pkcs11-api.texi: $(top_srcdir)/lib/includes/gnutls/pkcs11.h + echo "" > $@-tmp + for i in `$(top_srcdir)/doc/scripts/getfuncs.pl < $< |sort|uniq`; do \ + echo $(ECHO_N) "Creating documentation for $$i... " && \ + $(srcdir)/scripts/gdoc -texinfo \ + -function $$i \ + $(C_SOURCE_FILES) >> $@-tmp && \ + echo "ok"; \ + done + mv -f $@-tmp $@ + +pkcs7-api.texi: $(top_srcdir)/lib/includes/gnutls/pkcs7.h + echo "" > $@-tmp + for i in `$(top_srcdir)/doc/scripts/getfuncs.pl < $< |sort|uniq`; do \ + echo $(ECHO_N) "Creating documentation for $$i... " && \ + $(srcdir)/scripts/gdoc -texinfo \ + -function $$i \ + $(C_X509_SOURCE_FILES) >> $@-tmp && \ + echo "ok"; \ + done + mv -f $@-tmp $@ + +tpm-api.texi: $(top_srcdir)/lib/includes/gnutls/tpm.h + echo "" > $@-tmp + for i in `$(top_srcdir)/doc/scripts/getfuncs.pl < $< |sort|uniq`; do \ + echo $(ECHO_N) "Creating documentation for $$i... " && \ + $(srcdir)/scripts/gdoc -texinfo \ + -function $$i \ + $(C_SOURCE_FILES) >> $@-tmp && \ + echo "ok"; \ + done + mv -f $@-tmp $@ + +abstract-api.texi: $(top_srcdir)/lib/includes/gnutls/abstract.h $(top_srcdir)/lib/includes/gnutls/urls.h $(top_srcdir)/lib/includes/gnutls/system-keys.h + echo "" > $@-tmp + cat $^ >$@-headers-tmp + for i in `$(top_srcdir)/doc/scripts/getfuncs.pl < $@-headers-tmp |sort|uniq`; do \ + echo $(ECHO_N) "Creating documentation for $$i... " && \ + $(srcdir)/scripts/gdoc -texinfo \ + -function $$i \ + $(C_SOURCE_FILES) >> $@-tmp && \ + echo "ok"; \ + done + rm -f $@-headers-tmp + mv -f $@-tmp $@ + +compat-api.texi: $(top_srcdir)/lib/includes/gnutls/compat.h + echo "" > $@-tmp + for i in `$(top_srcdir)/doc/scripts/getfuncs.pl < $< |sort|uniq`; do \ + echo $(ECHO_N) "Creating documentation for $$i... " && \ + $(srcdir)/scripts/gdoc -texinfo \ + -function $$i \ + $(C_SOURCE_FILES) >> $@-tmp && \ + echo "ok"; \ + done + mv -f $@-tmp $@ + +dtls-api.texi: $(top_srcdir)/lib/includes/gnutls/dtls.h + echo "" > $@-tmp + for i in `$(top_srcdir)/doc/scripts/getfuncs.pl < $< |sort|uniq`; do \ + echo $(ECHO_N) "Creating documentation for $$i... " && \ + $(srcdir)/scripts/gdoc -texinfo \ + -function $$i \ + $(C_SOURCE_FILES) >> $@-tmp && \ + echo "ok"; \ + done + mv -f $@-tmp $@ + +crypto-api.texi: $(top_srcdir)/lib/includes/gnutls/crypto.h + echo "" > $@-tmp + for i in `$(top_srcdir)/doc/scripts/getfuncs.pl < $< |sort|uniq`; do \ + echo $(ECHO_N) "Creating documentation for $$i... " && \ + $(srcdir)/scripts/gdoc -texinfo \ + -function $$i \ + $(C_SOURCE_FILES) >> $@-tmp && \ + echo "ok"; \ + done + mv -f $@-tmp $@ + +ocsp-api.texi: $(top_srcdir)/lib/includes/gnutls/ocsp.h + echo "" > $@-tmp + for i in `$(top_srcdir)/doc/scripts/getfuncs.pl < $< |sort|uniq`; do \ + echo $(ECHO_N) "Creating documentation for $$i... " && \ + $(srcdir)/scripts/gdoc -texinfo \ + -function $$i \ + $(C_X509_SOURCE_FILES) >> $@-tmp && \ + echo "ok"; \ + done + mv -f $@-tmp $@ + +# Generated texinfos. +# for some reason it does not work when cross compiling +if !WINDOWS +gnutls_TEXINFOS += error_codes.texi algorithms.texi alerts.texi enums.texi +endif + +DISTCLEANFILES = error_codes.texi algorithms.texi alerts.texi enums.texi + +AM_CPPFLAGS = \ + -I$(top_builddir)/lib/includes -I$(top_srcdir)/lib/includes \ + -I$(top_builddir)/ + +EXTRA_PROGRAMS = errcodes printlist alert-printlist + +errcodes_SOURCES = errcodes.c common.c common.h +errcodes_LDADD = ../lib/libgnutls.la ../gl/libgnu.la + +printlist_SOURCES = printlist.c common.c common.h +printlist_LDADD = ../lib/libgnutls.la ../gl/libgnu.la + +alert_printlist_SOURCES = alert-printlist.c common.c common.h +alert_printlist_LDADD = ../lib/libgnutls.la ../gl/libgnu.la + +error_codes.texi: $(top_srcdir)/lib/errors.c $(srcdir)/errcodes.c + $(MAKE) $(builddir)/errcodes + $(builddir)/errcodes > $@-tmp + mv -f $@-tmp $@ + +algorithms.texi: $(top_srcdir)/lib/algorithms/ciphers.c $(srcdir)/printlist.c + $(MAKE) $(builddir)/printlist + $(builddir)/printlist > $@-tmp + mv -f $@-tmp $@ + +alerts.texi: $(top_srcdir)/lib/alert.c $(srcdir)/alert-printlist.c + $(MAKE) $(builddir)/alert-printlist + $(builddir)/alert-printlist > $@-tmp + mv -f $@-tmp $@ + +enums.texi: $(HEADER_FILES) + echo "" > $@-tmp + for i in $^; do \ + echo $(ECHO_N) "Creating documentation for $$i... " && \ + $(srcdir)/scripts/gdoc -texinfo $$i >> $@-tmp && \ + echo "ok"; \ + done + mv -f $@-tmp $@ + +gnutls_TEXINFOS += $(ENUMS) $(FUNCS) $(AUTOGENED_DOC) +DISTCLEANFILES += $(ENUMS) stamp_enums stamp_functions + + +stamp_functions: $(API_FILES) + -mkdir functions + -rm -f functions/*.short + for i in $^; do \ + $(srcdir)/scripts/split-texi.pl functions < $$i; \ + done + $(SED) -i 's/\@anchor{.*//g' functions/* + $(SED) -i 's/\@subheading.*//g' functions/* + cd functions && for i in *;do grep ^"@deftypefun" $$i | $(SED) 's/@deftypefun/@item/g;s/ {/ @var{/;s/ {/ @ref{/' > ../functions/$$i.short;done + echo $@ > $@ + +stamp_enums: enums.texi + -mkdir enums + $(srcdir)/scripts/split-texi.pl enums enum < $< + echo $@ > $@ + +$(ENUMS): stamp_enums + +$(FUNCS): stamp_functions + +compare-exported: + rm -f tmp-exp-$@ tmp-head-$@ + for i in $(top_srcdir)/libdane/includes/gnutls/*.h $(top_srcdir)/lib/includes/gnutls/*.h $(top_builddir)/lib/includes/gnutls/*.h;do perl $(srcdir)/scripts/getfuncs.pl <$$i >>tmp-head-$@;done + sort -u tmp-head-$@ > tmp2-head-$@ + mv tmp2-head-$@ tmp-head-$@ + $(srcdir)/scripts/getfuncs-map.pl <$(top_srcdir)/lib/libgnutls.map >tmp-exp-$@ + $(srcdir)/scripts/getfuncs-map.pl <$(top_srcdir)/libdane/libdane.map >>tmp-exp-$@ + sort -u tmp-exp-$@ > tmp2-exp-$@ + mv tmp2-exp-$@ tmp-exp-$@ + @echo "******************************************************************************" + @echo "If the following step fails there is a symbol in headers that is not exported or vice-versa" + @echo "******************************************************************************" + diff -u tmp-exp-$@ tmp-head-$@ + rm -f tmp-exp-$@ tmp-head-$@ + +compare-makefile: enums.texi + @echo "******************************************************************************" + @echo "If the following step fails use 'make files-update'" + @echo "******************************************************************************" + ENUMS=`grep '^@c ' $< | $(SED) 's/@c //g' | sort -d`; \ + STR=""; \ + for i in $$ENUMS; do \ + STR="$$STR\nENUMS += enums/$$i"; \ + done; \ + grep -v -e '^ENUMS += ' $(srcdir)/Makefile.am | \ + perl -p -e "s,^ENUMS =,ENUMS =$$STR," > tmp-$@; \ + diff -u $(srcdir)/Makefile.am tmp-$@ >/dev/null + rm -f tmp-$@ + FUNCS=`cat $(HEADER_FILES) | $(top_srcdir)/doc/scripts/getfuncs.pl|sort -d|uniq`; \ + MANS=""; \ + for i in $$FUNCS; do \ + MANS="$$MANS\nFUNCS += functions/$$i\nFUNCS += functions/$$i.short"; \ + done; \ + grep -v -e '^FUNCS += ' $(srcdir)/Makefile.am > tmp-$@; \ + echo "\"s,^FUNCS =,FUNCS =$$MANS,\" -i tmp-$@"|xargs $(SED) + @echo "******************************************************************************" + @echo "If the following step fails use 'make files-update'" + @echo "******************************************************************************" + diff -u $(srcdir)/Makefile.am tmp-$@ >/dev/null + rm -f tmp-$@ + +.PHONY: compare-makefile compare-exported + +# Guile texinfos. + +guile_texi = core.c.texi +BUILT_SOURCES = $(guile_texi) +MAINTAINERCLEANFILES += $(guile_texi) +EXTRA_DIST += $(guile_texi) extract-guile-c-doc.scm +guile_TEXINFOS = gnutls-guile.texi $(guile_texi) + +if HAVE_GUILE + +GUILE_FOR_BUILD = \ + GUILE_AUTO_COMPILE=0 \ + $(GUILE) -L $(top_srcdir)/guile/modules + +SNARF_CPPFLAGS = -I$(top_srcdir) -I$(top_builddir) \ + -I$(top_srcdir)/lib/includes -I$(top_builddir)/lib/includes \ + -I$(top_srcdir)/extra/includes \ + -I$(top_srcdir)/guile/src -I$(top_builddir)/guile/src \ + $(GUILE_CFLAGS) + +core.c.texi: $(top_srcdir)/guile/src/core.c + $(MAKE) -C ../guile/src built-sources && \ + $(GUILE_FOR_BUILD) -l "$(srcdir)/extract-guile-c-doc.scm" \ + -e '(apply main (cdr (command-line)))' \ + -- "$^" "$(CPP)" "$(SNARF_CPPFLAGS) $(CPPFLAGS)" \ + > "$@" + +else !HAVE_GUILE + +core.c.texi: + echo "(Guile not available, documentation not generated.)" > $@ + +endif !HAVE_GUILE + +gnutls.xml: epub.texi + makeinfo --docbook $< + $(SED) -i 's/\&\#8226;//g' $@ + +gnutls.epub: gnutls.xml + dbtoepub $< + -epub-fix --delete-unmanifested gnutls.epub + +ENUMS = +ENUMS += enums/dane_cert_type_t +ENUMS += enums/dane_cert_usage_t +ENUMS += enums/dane_match_type_t +ENUMS += enums/dane_query_status_t +ENUMS += enums/dane_state_flags_t +ENUMS += enums/dane_verify_flags_t +ENUMS += enums/dane_verify_status_t +ENUMS += enums/gnutls_abstract_export_flags_t +ENUMS += enums/gnutls_alert_description_t +ENUMS += enums/gnutls_alert_level_t +ENUMS += enums/gnutls_alpn_flags_t +ENUMS += enums/gnutls_certificate_flags +ENUMS += enums/gnutls_certificate_import_flags +ENUMS += enums/gnutls_certificate_print_formats_t +ENUMS += enums/gnutls_certificate_request_t +ENUMS += enums/gnutls_certificate_status_t +ENUMS += enums/gnutls_certificate_type_t +ENUMS += enums/gnutls_certificate_verification_profiles_t +ENUMS += enums/gnutls_certificate_verify_flags +ENUMS += enums/gnutls_channel_binding_t +ENUMS += enums/gnutls_cipher_algorithm_t +ENUMS += enums/gnutls_close_request_t +ENUMS += enums/gnutls_compression_method_t +ENUMS += enums/gnutls_credentials_type_t +ENUMS += enums/gnutls_ctype_target_t +ENUMS += enums/gnutls_digest_algorithm_t +ENUMS += enums/gnutls_ecc_curve_t +ENUMS += enums/gnutls_ext_flags_t +ENUMS += enums/gnutls_ext_parse_type_t +ENUMS += enums/gnutls_fips_mode_t +ENUMS += enums/gnutls_gost_paramset_t +ENUMS += enums/gnutls_group_t +ENUMS += enums/gnutls_handshake_description_t +ENUMS += enums/gnutls_init_flags_t +ENUMS += enums/gnutls_keygen_types_t +ENUMS += enums/gnutls_keyid_flags_t +ENUMS += enums/gnutls_kx_algorithm_t +ENUMS += enums/gnutls_mac_algorithm_t +ENUMS += enums/gnutls_ocsp_cert_status_t +ENUMS += enums/gnutls_ocsp_print_formats_t +ENUMS += enums/gnutls_ocsp_resp_status_t +ENUMS += enums/gnutls_ocsp_verify_reason_t +ENUMS += enums/gnutls_openpgp_crt_status_t +ENUMS += enums/gnutls_params_type_t +ENUMS += enums/gnutls_pin_flag_t +ENUMS += enums/gnutls_pk_algorithm_t +ENUMS += enums/gnutls_pkcs11_obj_flags +ENUMS += enums/gnutls_pkcs11_obj_info_t +ENUMS += enums/gnutls_pkcs11_obj_type_t +ENUMS += enums/gnutls_pkcs11_token_info_t +ENUMS += enums/gnutls_pkcs11_url_type_t +ENUMS += enums/gnutls_pkcs12_bag_type_t +ENUMS += enums/gnutls_pkcs7_sign_flags +ENUMS += enums/gnutls_pkcs_encrypt_flags_t +ENUMS += enums/gnutls_privkey_flags_t +ENUMS += enums/gnutls_privkey_type_t +ENUMS += enums/gnutls_protocol_t +ENUMS += enums/gnutls_psk_key_flags +ENUMS += enums/gnutls_pubkey_flags_t +ENUMS += enums/gnutls_rnd_level_t +ENUMS += enums/gnutls_sec_param_t +ENUMS += enums/gnutls_server_name_type_t +ENUMS += enums/gnutls_session_flags_t +ENUMS += enums/gnutls_sign_algorithm_t +ENUMS += enums/gnutls_srtp_profile_t +ENUMS += enums/gnutls_supplemental_data_format_type_t +ENUMS += enums/gnutls_tpmkey_fmt_t +ENUMS += enums/gnutls_vdata_types_t +ENUMS += enums/gnutls_x509_crl_reason_t +ENUMS += enums/gnutls_x509_crt_flags +ENUMS += enums/gnutls_x509_crt_fmt_t +ENUMS += enums/gnutls_x509_subject_alt_name_t + +FUNCS = +FUNCS += functions/dane_cert_type_name +FUNCS += functions/dane_cert_type_name.short +FUNCS += functions/dane_cert_usage_name +FUNCS += functions/dane_cert_usage_name.short +FUNCS += functions/dane_match_type_name +FUNCS += functions/dane_match_type_name.short +FUNCS += functions/dane_query_data +FUNCS += functions/dane_query_data.short +FUNCS += functions/dane_query_deinit +FUNCS += functions/dane_query_deinit.short +FUNCS += functions/dane_query_entries +FUNCS += functions/dane_query_entries.short +FUNCS += functions/dane_query_status +FUNCS += functions/dane_query_status.short +FUNCS += functions/dane_query_tlsa +FUNCS += functions/dane_query_tlsa.short +FUNCS += functions/dane_query_to_raw_tlsa +FUNCS += functions/dane_query_to_raw_tlsa.short +FUNCS += functions/dane_raw_tlsa +FUNCS += functions/dane_raw_tlsa.short +FUNCS += functions/dane_state_deinit +FUNCS += functions/dane_state_deinit.short +FUNCS += functions/dane_state_init +FUNCS += functions/dane_state_init.short +FUNCS += functions/dane_state_set_dlv_file +FUNCS += functions/dane_state_set_dlv_file.short +FUNCS += functions/dane_strerror +FUNCS += functions/dane_strerror.short +FUNCS += functions/dane_verification_status_print +FUNCS += functions/dane_verification_status_print.short +FUNCS += functions/dane_verify_crt +FUNCS += functions/dane_verify_crt.short +FUNCS += functions/dane_verify_crt_raw +FUNCS += functions/dane_verify_crt_raw.short +FUNCS += functions/dane_verify_session_crt +FUNCS += functions/dane_verify_session_crt.short +FUNCS += functions/gnutls_aead_cipher_decrypt +FUNCS += functions/gnutls_aead_cipher_decrypt.short +FUNCS += functions/gnutls_aead_cipher_deinit +FUNCS += functions/gnutls_aead_cipher_deinit.short +FUNCS += functions/gnutls_aead_cipher_encrypt +FUNCS += functions/gnutls_aead_cipher_encrypt.short +FUNCS += functions/gnutls_aead_cipher_encryptv +FUNCS += functions/gnutls_aead_cipher_encryptv.short +FUNCS += functions/gnutls_aead_cipher_init +FUNCS += functions/gnutls_aead_cipher_init.short +FUNCS += functions/gnutls_alert_get +FUNCS += functions/gnutls_alert_get.short +FUNCS += functions/gnutls_alert_get_name +FUNCS += functions/gnutls_alert_get_name.short +FUNCS += functions/gnutls_alert_get_strname +FUNCS += functions/gnutls_alert_get_strname.short +FUNCS += functions/gnutls_alert_send +FUNCS += functions/gnutls_alert_send.short +FUNCS += functions/gnutls_alert_send_appropriate +FUNCS += functions/gnutls_alert_send_appropriate.short +FUNCS += functions/gnutls_alpn_get_selected_protocol +FUNCS += functions/gnutls_alpn_get_selected_protocol.short +FUNCS += functions/gnutls_alpn_set_protocols +FUNCS += functions/gnutls_alpn_set_protocols.short +FUNCS += functions/gnutls_anon_allocate_client_credentials +FUNCS += functions/gnutls_anon_allocate_client_credentials.short +FUNCS += functions/gnutls_anon_allocate_server_credentials +FUNCS += functions/gnutls_anon_allocate_server_credentials.short +FUNCS += functions/gnutls_anon_free_client_credentials +FUNCS += functions/gnutls_anon_free_client_credentials.short +FUNCS += functions/gnutls_anon_free_server_credentials +FUNCS += functions/gnutls_anon_free_server_credentials.short +FUNCS += functions/gnutls_anon_set_params_function +FUNCS += functions/gnutls_anon_set_params_function.short +FUNCS += functions/gnutls_anon_set_server_dh_params +FUNCS += functions/gnutls_anon_set_server_dh_params.short +FUNCS += functions/gnutls_anon_set_server_known_dh_params +FUNCS += functions/gnutls_anon_set_server_known_dh_params.short +FUNCS += functions/gnutls_anon_set_server_params_function +FUNCS += functions/gnutls_anon_set_server_params_function.short +FUNCS += functions/gnutls_anti_replay_deinit +FUNCS += functions/gnutls_anti_replay_deinit.short +FUNCS += functions/gnutls_anti_replay_enable +FUNCS += functions/gnutls_anti_replay_enable.short +FUNCS += functions/gnutls_anti_replay_init +FUNCS += functions/gnutls_anti_replay_init.short +FUNCS += functions/gnutls_anti_replay_set_add_function +FUNCS += functions/gnutls_anti_replay_set_add_function.short +FUNCS += functions/gnutls_anti_replay_set_ptr +FUNCS += functions/gnutls_anti_replay_set_ptr.short +FUNCS += functions/gnutls_anti_replay_set_window +FUNCS += functions/gnutls_anti_replay_set_window.short +FUNCS += functions/gnutls_auth_client_get_type +FUNCS += functions/gnutls_auth_client_get_type.short +FUNCS += functions/gnutls_auth_get_type +FUNCS += functions/gnutls_auth_get_type.short +FUNCS += functions/gnutls_auth_server_get_type +FUNCS += functions/gnutls_auth_server_get_type.short +FUNCS += functions/gnutls_base64_decode2 +FUNCS += functions/gnutls_base64_decode2.short +FUNCS += functions/gnutls_base64_encode2 +FUNCS += functions/gnutls_base64_encode2.short +FUNCS += functions/gnutls_buffer_append_data +FUNCS += functions/gnutls_buffer_append_data.short +FUNCS += functions/gnutls_bye +FUNCS += functions/gnutls_bye.short +FUNCS += functions/gnutls_certificate_activation_time_peers +FUNCS += functions/gnutls_certificate_activation_time_peers.short +FUNCS += functions/gnutls_certificate_allocate_credentials +FUNCS += functions/gnutls_certificate_allocate_credentials.short +FUNCS += functions/gnutls_certificate_client_get_request_status +FUNCS += functions/gnutls_certificate_client_get_request_status.short +FUNCS += functions/gnutls_certificate_expiration_time_peers +FUNCS += functions/gnutls_certificate_expiration_time_peers.short +FUNCS += functions/gnutls_certificate_free_ca_names +FUNCS += functions/gnutls_certificate_free_ca_names.short +FUNCS += functions/gnutls_certificate_free_cas +FUNCS += functions/gnutls_certificate_free_cas.short +FUNCS += functions/gnutls_certificate_free_credentials +FUNCS += functions/gnutls_certificate_free_credentials.short +FUNCS += functions/gnutls_certificate_free_crls +FUNCS += functions/gnutls_certificate_free_crls.short +FUNCS += functions/gnutls_certificate_free_keys +FUNCS += functions/gnutls_certificate_free_keys.short +FUNCS += functions/gnutls_certificate_get_crt_raw +FUNCS += functions/gnutls_certificate_get_crt_raw.short +FUNCS += functions/gnutls_certificate_get_issuer +FUNCS += functions/gnutls_certificate_get_issuer.short +FUNCS += functions/gnutls_certificate_get_ocsp_expiration +FUNCS += functions/gnutls_certificate_get_ocsp_expiration.short +FUNCS += functions/gnutls_certificate_get_ours +FUNCS += functions/gnutls_certificate_get_ours.short +FUNCS += functions/gnutls_certificate_get_peers +FUNCS += functions/gnutls_certificate_get_peers.short +FUNCS += functions/gnutls_certificate_get_peers_subkey_id +FUNCS += functions/gnutls_certificate_get_peers_subkey_id.short +FUNCS += functions/gnutls_certificate_get_trust_list +FUNCS += functions/gnutls_certificate_get_trust_list.short +FUNCS += functions/gnutls_certificate_get_verify_flags +FUNCS += functions/gnutls_certificate_get_verify_flags.short +FUNCS += functions/gnutls_certificate_get_x509_crt +FUNCS += functions/gnutls_certificate_get_x509_crt.short +FUNCS += functions/gnutls_certificate_get_x509_key +FUNCS += functions/gnutls_certificate_get_x509_key.short +FUNCS += functions/gnutls_certificate_send_x509_rdn_sequence +FUNCS += functions/gnutls_certificate_send_x509_rdn_sequence.short +FUNCS += functions/gnutls_certificate_server_set_request +FUNCS += functions/gnutls_certificate_server_set_request.short +FUNCS += functions/gnutls_certificate_set_dh_params +FUNCS += functions/gnutls_certificate_set_dh_params.short +FUNCS += functions/gnutls_certificate_set_flags +FUNCS += functions/gnutls_certificate_set_flags.short +FUNCS += functions/gnutls_certificate_set_key +FUNCS += functions/gnutls_certificate_set_key.short +FUNCS += functions/gnutls_certificate_set_known_dh_params +FUNCS += functions/gnutls_certificate_set_known_dh_params.short +FUNCS += functions/gnutls_certificate_set_ocsp_status_request_file +FUNCS += functions/gnutls_certificate_set_ocsp_status_request_file.short +FUNCS += functions/gnutls_certificate_set_ocsp_status_request_file2 +FUNCS += functions/gnutls_certificate_set_ocsp_status_request_file2.short +FUNCS += functions/gnutls_certificate_set_ocsp_status_request_function +FUNCS += functions/gnutls_certificate_set_ocsp_status_request_function.short +FUNCS += functions/gnutls_certificate_set_ocsp_status_request_function2 +FUNCS += functions/gnutls_certificate_set_ocsp_status_request_function2.short +FUNCS += functions/gnutls_certificate_set_ocsp_status_request_mem +FUNCS += functions/gnutls_certificate_set_ocsp_status_request_mem.short +FUNCS += functions/gnutls_certificate_set_params_function +FUNCS += functions/gnutls_certificate_set_params_function.short +FUNCS += functions/gnutls_certificate_set_pin_function +FUNCS += functions/gnutls_certificate_set_pin_function.short +FUNCS += functions/gnutls_certificate_set_rawpk_key_file +FUNCS += functions/gnutls_certificate_set_rawpk_key_file.short +FUNCS += functions/gnutls_certificate_set_rawpk_key_mem +FUNCS += functions/gnutls_certificate_set_rawpk_key_mem.short +FUNCS += functions/gnutls_certificate_set_retrieve_function +FUNCS += functions/gnutls_certificate_set_retrieve_function.short +FUNCS += functions/gnutls_certificate_set_retrieve_function2 +FUNCS += functions/gnutls_certificate_set_retrieve_function2.short +FUNCS += functions/gnutls_certificate_set_retrieve_function3 +FUNCS += functions/gnutls_certificate_set_retrieve_function3.short +FUNCS += functions/gnutls_certificate_set_trust_list +FUNCS += functions/gnutls_certificate_set_trust_list.short +FUNCS += functions/gnutls_certificate_set_verify_flags +FUNCS += functions/gnutls_certificate_set_verify_flags.short +FUNCS += functions/gnutls_certificate_set_verify_function +FUNCS += functions/gnutls_certificate_set_verify_function.short +FUNCS += functions/gnutls_certificate_set_verify_limits +FUNCS += functions/gnutls_certificate_set_verify_limits.short +FUNCS += functions/gnutls_certificate_set_x509_crl +FUNCS += functions/gnutls_certificate_set_x509_crl.short +FUNCS += functions/gnutls_certificate_set_x509_crl_file +FUNCS += functions/gnutls_certificate_set_x509_crl_file.short +FUNCS += functions/gnutls_certificate_set_x509_crl_mem +FUNCS += functions/gnutls_certificate_set_x509_crl_mem.short +FUNCS += functions/gnutls_certificate_set_x509_key +FUNCS += functions/gnutls_certificate_set_x509_key.short +FUNCS += functions/gnutls_certificate_set_x509_key_file +FUNCS += functions/gnutls_certificate_set_x509_key_file.short +FUNCS += functions/gnutls_certificate_set_x509_key_file2 +FUNCS += functions/gnutls_certificate_set_x509_key_file2.short +FUNCS += functions/gnutls_certificate_set_x509_key_mem +FUNCS += functions/gnutls_certificate_set_x509_key_mem.short +FUNCS += functions/gnutls_certificate_set_x509_key_mem2 +FUNCS += functions/gnutls_certificate_set_x509_key_mem2.short +FUNCS += functions/gnutls_certificate_set_x509_simple_pkcs12_file +FUNCS += functions/gnutls_certificate_set_x509_simple_pkcs12_file.short +FUNCS += functions/gnutls_certificate_set_x509_simple_pkcs12_mem +FUNCS += functions/gnutls_certificate_set_x509_simple_pkcs12_mem.short +FUNCS += functions/gnutls_certificate_set_x509_system_trust +FUNCS += functions/gnutls_certificate_set_x509_system_trust.short +FUNCS += functions/gnutls_certificate_set_x509_trust +FUNCS += functions/gnutls_certificate_set_x509_trust.short +FUNCS += functions/gnutls_certificate_set_x509_trust_dir +FUNCS += functions/gnutls_certificate_set_x509_trust_dir.short +FUNCS += functions/gnutls_certificate_set_x509_trust_file +FUNCS += functions/gnutls_certificate_set_x509_trust_file.short +FUNCS += functions/gnutls_certificate_set_x509_trust_mem +FUNCS += functions/gnutls_certificate_set_x509_trust_mem.short +FUNCS += functions/gnutls_certificate_type_get +FUNCS += functions/gnutls_certificate_type_get.short +FUNCS += functions/gnutls_certificate_type_get2 +FUNCS += functions/gnutls_certificate_type_get2.short +FUNCS += functions/gnutls_certificate_type_get_id +FUNCS += functions/gnutls_certificate_type_get_id.short +FUNCS += functions/gnutls_certificate_type_get_name +FUNCS += functions/gnutls_certificate_type_get_name.short +FUNCS += functions/gnutls_certificate_type_list +FUNCS += functions/gnutls_certificate_type_list.short +FUNCS += functions/gnutls_certificate_verification_status_print +FUNCS += functions/gnutls_certificate_verification_status_print.short +FUNCS += functions/gnutls_certificate_verify_peers +FUNCS += functions/gnutls_certificate_verify_peers.short +FUNCS += functions/gnutls_certificate_verify_peers2 +FUNCS += functions/gnutls_certificate_verify_peers2.short +FUNCS += functions/gnutls_certificate_verify_peers3 +FUNCS += functions/gnutls_certificate_verify_peers3.short +FUNCS += functions/gnutls_check_version +FUNCS += functions/gnutls_check_version.short +FUNCS += functions/gnutls_cipher_add_auth +FUNCS += functions/gnutls_cipher_add_auth.short +FUNCS += functions/gnutls_cipher_decrypt +FUNCS += functions/gnutls_cipher_decrypt.short +FUNCS += functions/gnutls_cipher_decrypt2 +FUNCS += functions/gnutls_cipher_decrypt2.short +FUNCS += functions/gnutls_cipher_deinit +FUNCS += functions/gnutls_cipher_deinit.short +FUNCS += functions/gnutls_cipher_encrypt +FUNCS += functions/gnutls_cipher_encrypt.short +FUNCS += functions/gnutls_cipher_encrypt2 +FUNCS += functions/gnutls_cipher_encrypt2.short +FUNCS += functions/gnutls_cipher_get +FUNCS += functions/gnutls_cipher_get.short +FUNCS += functions/gnutls_cipher_get_block_size +FUNCS += functions/gnutls_cipher_get_block_size.short +FUNCS += functions/gnutls_cipher_get_id +FUNCS += functions/gnutls_cipher_get_id.short +FUNCS += functions/gnutls_cipher_get_iv_size +FUNCS += functions/gnutls_cipher_get_iv_size.short +FUNCS += functions/gnutls_cipher_get_key_size +FUNCS += functions/gnutls_cipher_get_key_size.short +FUNCS += functions/gnutls_cipher_get_name +FUNCS += functions/gnutls_cipher_get_name.short +FUNCS += functions/gnutls_cipher_get_tag_size +FUNCS += functions/gnutls_cipher_get_tag_size.short +FUNCS += functions/gnutls_cipher_init +FUNCS += functions/gnutls_cipher_init.short +FUNCS += functions/gnutls_cipher_list +FUNCS += functions/gnutls_cipher_list.short +FUNCS += functions/gnutls_cipher_set_iv +FUNCS += functions/gnutls_cipher_set_iv.short +FUNCS += functions/gnutls_cipher_suite_get_name +FUNCS += functions/gnutls_cipher_suite_get_name.short +FUNCS += functions/gnutls_cipher_suite_info +FUNCS += functions/gnutls_cipher_suite_info.short +FUNCS += functions/gnutls_cipher_tag +FUNCS += functions/gnutls_cipher_tag.short +FUNCS += functions/gnutls_compression_get +FUNCS += functions/gnutls_compression_get.short +FUNCS += functions/gnutls_compression_get_id +FUNCS += functions/gnutls_compression_get_id.short +FUNCS += functions/gnutls_compression_get_name +FUNCS += functions/gnutls_compression_get_name.short +FUNCS += functions/gnutls_compression_list +FUNCS += functions/gnutls_compression_list.short +FUNCS += functions/gnutls_credentials_clear +FUNCS += functions/gnutls_credentials_clear.short +FUNCS += functions/gnutls_credentials_get +FUNCS += functions/gnutls_credentials_get.short +FUNCS += functions/gnutls_credentials_set +FUNCS += functions/gnutls_credentials_set.short +FUNCS += functions/gnutls_crypto_register_aead_cipher +FUNCS += functions/gnutls_crypto_register_aead_cipher.short +FUNCS += functions/gnutls_crypto_register_cipher +FUNCS += functions/gnutls_crypto_register_cipher.short +FUNCS += functions/gnutls_crypto_register_digest +FUNCS += functions/gnutls_crypto_register_digest.short +FUNCS += functions/gnutls_crypto_register_mac +FUNCS += functions/gnutls_crypto_register_mac.short +FUNCS += functions/gnutls_db_check_entry +FUNCS += functions/gnutls_db_check_entry.short +FUNCS += functions/gnutls_db_check_entry_expire_time +FUNCS += functions/gnutls_db_check_entry_expire_time.short +FUNCS += functions/gnutls_db_check_entry_time +FUNCS += functions/gnutls_db_check_entry_time.short +FUNCS += functions/gnutls_db_get_default_cache_expiration +FUNCS += functions/gnutls_db_get_default_cache_expiration.short +FUNCS += functions/gnutls_db_get_ptr +FUNCS += functions/gnutls_db_get_ptr.short +FUNCS += functions/gnutls_db_remove_session +FUNCS += functions/gnutls_db_remove_session.short +FUNCS += functions/gnutls_db_set_cache_expiration +FUNCS += functions/gnutls_db_set_cache_expiration.short +FUNCS += functions/gnutls_db_set_ptr +FUNCS += functions/gnutls_db_set_ptr.short +FUNCS += functions/gnutls_db_set_remove_function +FUNCS += functions/gnutls_db_set_remove_function.short +FUNCS += functions/gnutls_db_set_retrieve_function +FUNCS += functions/gnutls_db_set_retrieve_function.short +FUNCS += functions/gnutls_db_set_store_function +FUNCS += functions/gnutls_db_set_store_function.short +FUNCS += functions/gnutls_decode_ber_digest_info +FUNCS += functions/gnutls_decode_ber_digest_info.short +FUNCS += functions/gnutls_decode_gost_rs_value +FUNCS += functions/gnutls_decode_gost_rs_value.short +FUNCS += functions/gnutls_decode_rs_value +FUNCS += functions/gnutls_decode_rs_value.short +FUNCS += functions/gnutls_deinit +FUNCS += functions/gnutls_deinit.short +FUNCS += functions/gnutls_dh_get_group +FUNCS += functions/gnutls_dh_get_group.short +FUNCS += functions/gnutls_dh_get_peers_public_bits +FUNCS += functions/gnutls_dh_get_peers_public_bits.short +FUNCS += functions/gnutls_dh_get_prime_bits +FUNCS += functions/gnutls_dh_get_prime_bits.short +FUNCS += functions/gnutls_dh_get_pubkey +FUNCS += functions/gnutls_dh_get_pubkey.short +FUNCS += functions/gnutls_dh_get_secret_bits +FUNCS += functions/gnutls_dh_get_secret_bits.short +FUNCS += functions/gnutls_dh_params_cpy +FUNCS += functions/gnutls_dh_params_cpy.short +FUNCS += functions/gnutls_dh_params_deinit +FUNCS += functions/gnutls_dh_params_deinit.short +FUNCS += functions/gnutls_dh_params_export2_pkcs3 +FUNCS += functions/gnutls_dh_params_export2_pkcs3.short +FUNCS += functions/gnutls_dh_params_export_pkcs3 +FUNCS += functions/gnutls_dh_params_export_pkcs3.short +FUNCS += functions/gnutls_dh_params_export_raw +FUNCS += functions/gnutls_dh_params_export_raw.short +FUNCS += functions/gnutls_dh_params_generate2 +FUNCS += functions/gnutls_dh_params_generate2.short +FUNCS += functions/gnutls_dh_params_import_dsa +FUNCS += functions/gnutls_dh_params_import_dsa.short +FUNCS += functions/gnutls_dh_params_import_pkcs3 +FUNCS += functions/gnutls_dh_params_import_pkcs3.short +FUNCS += functions/gnutls_dh_params_import_raw +FUNCS += functions/gnutls_dh_params_import_raw.short +FUNCS += functions/gnutls_dh_params_import_raw2 +FUNCS += functions/gnutls_dh_params_import_raw2.short +FUNCS += functions/gnutls_dh_params_import_raw3 +FUNCS += functions/gnutls_dh_params_import_raw3.short +FUNCS += functions/gnutls_dh_params_init +FUNCS += functions/gnutls_dh_params_init.short +FUNCS += functions/gnutls_dh_set_prime_bits +FUNCS += functions/gnutls_dh_set_prime_bits.short +FUNCS += functions/gnutls_digest_get_id +FUNCS += functions/gnutls_digest_get_id.short +FUNCS += functions/gnutls_digest_get_name +FUNCS += functions/gnutls_digest_get_name.short +FUNCS += functions/gnutls_digest_get_oid +FUNCS += functions/gnutls_digest_get_oid.short +FUNCS += functions/gnutls_digest_list +FUNCS += functions/gnutls_digest_list.short +FUNCS += functions/gnutls_dtls_cookie_send +FUNCS += functions/gnutls_dtls_cookie_send.short +FUNCS += functions/gnutls_dtls_cookie_verify +FUNCS += functions/gnutls_dtls_cookie_verify.short +FUNCS += functions/gnutls_dtls_get_data_mtu +FUNCS += functions/gnutls_dtls_get_data_mtu.short +FUNCS += functions/gnutls_dtls_get_mtu +FUNCS += functions/gnutls_dtls_get_mtu.short +FUNCS += functions/gnutls_dtls_get_timeout +FUNCS += functions/gnutls_dtls_get_timeout.short +FUNCS += functions/gnutls_dtls_prestate_set +FUNCS += functions/gnutls_dtls_prestate_set.short +FUNCS += functions/gnutls_dtls_set_data_mtu +FUNCS += functions/gnutls_dtls_set_data_mtu.short +FUNCS += functions/gnutls_dtls_set_mtu +FUNCS += functions/gnutls_dtls_set_mtu.short +FUNCS += functions/gnutls_dtls_set_timeouts +FUNCS += functions/gnutls_dtls_set_timeouts.short +FUNCS += functions/gnutls_ecc_curve_get +FUNCS += functions/gnutls_ecc_curve_get.short +FUNCS += functions/gnutls_ecc_curve_get_id +FUNCS += functions/gnutls_ecc_curve_get_id.short +FUNCS += functions/gnutls_ecc_curve_get_name +FUNCS += functions/gnutls_ecc_curve_get_name.short +FUNCS += functions/gnutls_ecc_curve_get_oid +FUNCS += functions/gnutls_ecc_curve_get_oid.short +FUNCS += functions/gnutls_ecc_curve_get_pk +FUNCS += functions/gnutls_ecc_curve_get_pk.short +FUNCS += functions/gnutls_ecc_curve_get_size +FUNCS += functions/gnutls_ecc_curve_get_size.short +FUNCS += functions/gnutls_ecc_curve_list +FUNCS += functions/gnutls_ecc_curve_list.short +FUNCS += functions/gnutls_encode_ber_digest_info +FUNCS += functions/gnutls_encode_ber_digest_info.short +FUNCS += functions/gnutls_encode_gost_rs_value +FUNCS += functions/gnutls_encode_gost_rs_value.short +FUNCS += functions/gnutls_encode_rs_value +FUNCS += functions/gnutls_encode_rs_value.short +FUNCS += functions/gnutls_error_is_fatal +FUNCS += functions/gnutls_error_is_fatal.short +FUNCS += functions/gnutls_error_to_alert +FUNCS += functions/gnutls_error_to_alert.short +FUNCS += functions/gnutls_est_record_overhead_size +FUNCS += functions/gnutls_est_record_overhead_size.short +FUNCS += functions/gnutls_ext_get_current_msg +FUNCS += functions/gnutls_ext_get_current_msg.short +FUNCS += functions/gnutls_ext_get_data +FUNCS += functions/gnutls_ext_get_data.short +FUNCS += functions/gnutls_ext_get_name +FUNCS += functions/gnutls_ext_get_name.short +FUNCS += functions/gnutls_ext_raw_parse +FUNCS += functions/gnutls_ext_raw_parse.short +FUNCS += functions/gnutls_ext_register +FUNCS += functions/gnutls_ext_register.short +FUNCS += functions/gnutls_ext_set_data +FUNCS += functions/gnutls_ext_set_data.short +FUNCS += functions/gnutls_fingerprint +FUNCS += functions/gnutls_fingerprint.short +FUNCS += functions/gnutls_fips140_mode_enabled +FUNCS += functions/gnutls_fips140_mode_enabled.short +FUNCS += functions/gnutls_fips140_set_mode +FUNCS += functions/gnutls_fips140_set_mode.short +FUNCS += functions/gnutls_global_deinit +FUNCS += functions/gnutls_global_deinit.short +FUNCS += functions/gnutls_global_init +FUNCS += functions/gnutls_global_init.short +FUNCS += functions/gnutls_global_set_audit_log_function +FUNCS += functions/gnutls_global_set_audit_log_function.short +FUNCS += functions/gnutls_global_set_log_function +FUNCS += functions/gnutls_global_set_log_function.short +FUNCS += functions/gnutls_global_set_log_level +FUNCS += functions/gnutls_global_set_log_level.short +FUNCS += functions/gnutls_global_set_mem_functions +FUNCS += functions/gnutls_global_set_mem_functions.short +FUNCS += functions/gnutls_global_set_mutex +FUNCS += functions/gnutls_global_set_mutex.short +FUNCS += functions/gnutls_global_set_time_function +FUNCS += functions/gnutls_global_set_time_function.short +FUNCS += functions/gnutls_gost_paramset_get_name +FUNCS += functions/gnutls_gost_paramset_get_name.short +FUNCS += functions/gnutls_gost_paramset_get_oid +FUNCS += functions/gnutls_gost_paramset_get_oid.short +FUNCS += functions/gnutls_group_get +FUNCS += functions/gnutls_group_get.short +FUNCS += functions/gnutls_group_get_id +FUNCS += functions/gnutls_group_get_id.short +FUNCS += functions/gnutls_group_get_name +FUNCS += functions/gnutls_group_get_name.short +FUNCS += functions/gnutls_group_list +FUNCS += functions/gnutls_group_list.short +FUNCS += functions/gnutls_handshake +FUNCS += functions/gnutls_handshake.short +FUNCS += functions/gnutls_handshake_description_get_name +FUNCS += functions/gnutls_handshake_description_get_name.short +FUNCS += functions/gnutls_handshake_get_last_in +FUNCS += functions/gnutls_handshake_get_last_in.short +FUNCS += functions/gnutls_handshake_get_last_out +FUNCS += functions/gnutls_handshake_get_last_out.short +FUNCS += functions/gnutls_handshake_set_hook_function +FUNCS += functions/gnutls_handshake_set_hook_function.short +FUNCS += functions/gnutls_handshake_set_max_packet_length +FUNCS += functions/gnutls_handshake_set_max_packet_length.short +FUNCS += functions/gnutls_handshake_set_post_client_hello_function +FUNCS += functions/gnutls_handshake_set_post_client_hello_function.short +FUNCS += functions/gnutls_handshake_set_private_extensions +FUNCS += functions/gnutls_handshake_set_private_extensions.short +FUNCS += functions/gnutls_handshake_set_random +FUNCS += functions/gnutls_handshake_set_random.short +FUNCS += functions/gnutls_handshake_set_timeout +FUNCS += functions/gnutls_handshake_set_timeout.short +FUNCS += functions/gnutls_hash +FUNCS += functions/gnutls_hash.short +FUNCS += functions/gnutls_hash_deinit +FUNCS += functions/gnutls_hash_deinit.short +FUNCS += functions/gnutls_hash_fast +FUNCS += functions/gnutls_hash_fast.short +FUNCS += functions/gnutls_hash_get_len +FUNCS += functions/gnutls_hash_get_len.short +FUNCS += functions/gnutls_hash_init +FUNCS += functions/gnutls_hash_init.short +FUNCS += functions/gnutls_hash_output +FUNCS += functions/gnutls_hash_output.short +FUNCS += functions/gnutls_heartbeat_allowed +FUNCS += functions/gnutls_heartbeat_allowed.short +FUNCS += functions/gnutls_heartbeat_enable +FUNCS += functions/gnutls_heartbeat_enable.short +FUNCS += functions/gnutls_heartbeat_get_timeout +FUNCS += functions/gnutls_heartbeat_get_timeout.short +FUNCS += functions/gnutls_heartbeat_ping +FUNCS += functions/gnutls_heartbeat_ping.short +FUNCS += functions/gnutls_heartbeat_pong +FUNCS += functions/gnutls_heartbeat_pong.short +FUNCS += functions/gnutls_heartbeat_set_timeouts +FUNCS += functions/gnutls_heartbeat_set_timeouts.short +FUNCS += functions/gnutls_hex2bin +FUNCS += functions/gnutls_hex2bin.short +FUNCS += functions/gnutls_hex_decode +FUNCS += functions/gnutls_hex_decode.short +FUNCS += functions/gnutls_hex_decode2 +FUNCS += functions/gnutls_hex_decode2.short +FUNCS += functions/gnutls_hex_encode +FUNCS += functions/gnutls_hex_encode.short +FUNCS += functions/gnutls_hex_encode2 +FUNCS += functions/gnutls_hex_encode2.short +FUNCS += functions/gnutls_hmac +FUNCS += functions/gnutls_hmac.short +FUNCS += functions/gnutls_hmac_deinit +FUNCS += functions/gnutls_hmac_deinit.short +FUNCS += functions/gnutls_hmac_fast +FUNCS += functions/gnutls_hmac_fast.short +FUNCS += functions/gnutls_hmac_get_len +FUNCS += functions/gnutls_hmac_get_len.short +FUNCS += functions/gnutls_hmac_init +FUNCS += functions/gnutls_hmac_init.short +FUNCS += functions/gnutls_hmac_output +FUNCS += functions/gnutls_hmac_output.short +FUNCS += functions/gnutls_hmac_set_nonce +FUNCS += functions/gnutls_hmac_set_nonce.short +FUNCS += functions/gnutls_idna_map +FUNCS += functions/gnutls_idna_map.short +FUNCS += functions/gnutls_idna_reverse_map +FUNCS += functions/gnutls_idna_reverse_map.short +FUNCS += functions/gnutls_init +FUNCS += functions/gnutls_init.short +FUNCS += functions/gnutls_key_generate +FUNCS += functions/gnutls_key_generate.short +FUNCS += functions/gnutls_kx_get +FUNCS += functions/gnutls_kx_get.short +FUNCS += functions/gnutls_kx_get_id +FUNCS += functions/gnutls_kx_get_id.short +FUNCS += functions/gnutls_kx_get_name +FUNCS += functions/gnutls_kx_get_name.short +FUNCS += functions/gnutls_kx_list +FUNCS += functions/gnutls_kx_list.short +FUNCS += functions/gnutls_load_file +FUNCS += functions/gnutls_load_file.short +FUNCS += functions/gnutls_mac_get +FUNCS += functions/gnutls_mac_get.short +FUNCS += functions/gnutls_mac_get_id +FUNCS += functions/gnutls_mac_get_id.short +FUNCS += functions/gnutls_mac_get_key_size +FUNCS += functions/gnutls_mac_get_key_size.short +FUNCS += functions/gnutls_mac_get_name +FUNCS += functions/gnutls_mac_get_name.short +FUNCS += functions/gnutls_mac_get_nonce_size +FUNCS += functions/gnutls_mac_get_nonce_size.short +FUNCS += functions/gnutls_mac_list +FUNCS += functions/gnutls_mac_list.short +FUNCS += functions/gnutls_memcmp +FUNCS += functions/gnutls_memcmp.short +FUNCS += functions/gnutls_memset +FUNCS += functions/gnutls_memset.short +FUNCS += functions/gnutls_ocsp_req_add_cert +FUNCS += functions/gnutls_ocsp_req_add_cert.short +FUNCS += functions/gnutls_ocsp_req_add_cert_id +FUNCS += functions/gnutls_ocsp_req_add_cert_id.short +FUNCS += functions/gnutls_ocsp_req_deinit +FUNCS += functions/gnutls_ocsp_req_deinit.short +FUNCS += functions/gnutls_ocsp_req_export +FUNCS += functions/gnutls_ocsp_req_export.short +FUNCS += functions/gnutls_ocsp_req_get_cert_id +FUNCS += functions/gnutls_ocsp_req_get_cert_id.short +FUNCS += functions/gnutls_ocsp_req_get_extension +FUNCS += functions/gnutls_ocsp_req_get_extension.short +FUNCS += functions/gnutls_ocsp_req_get_nonce +FUNCS += functions/gnutls_ocsp_req_get_nonce.short +FUNCS += functions/gnutls_ocsp_req_get_version +FUNCS += functions/gnutls_ocsp_req_get_version.short +FUNCS += functions/gnutls_ocsp_req_import +FUNCS += functions/gnutls_ocsp_req_import.short +FUNCS += functions/gnutls_ocsp_req_init +FUNCS += functions/gnutls_ocsp_req_init.short +FUNCS += functions/gnutls_ocsp_req_print +FUNCS += functions/gnutls_ocsp_req_print.short +FUNCS += functions/gnutls_ocsp_req_randomize_nonce +FUNCS += functions/gnutls_ocsp_req_randomize_nonce.short +FUNCS += functions/gnutls_ocsp_req_set_extension +FUNCS += functions/gnutls_ocsp_req_set_extension.short +FUNCS += functions/gnutls_ocsp_req_set_nonce +FUNCS += functions/gnutls_ocsp_req_set_nonce.short +FUNCS += functions/gnutls_ocsp_resp_check_crt +FUNCS += functions/gnutls_ocsp_resp_check_crt.short +FUNCS += functions/gnutls_ocsp_resp_deinit +FUNCS += functions/gnutls_ocsp_resp_deinit.short +FUNCS += functions/gnutls_ocsp_resp_export +FUNCS += functions/gnutls_ocsp_resp_export.short +FUNCS += functions/gnutls_ocsp_resp_export2 +FUNCS += functions/gnutls_ocsp_resp_export2.short +FUNCS += functions/gnutls_ocsp_resp_get_certs +FUNCS += functions/gnutls_ocsp_resp_get_certs.short +FUNCS += functions/gnutls_ocsp_resp_get_extension +FUNCS += functions/gnutls_ocsp_resp_get_extension.short +FUNCS += functions/gnutls_ocsp_resp_get_nonce +FUNCS += functions/gnutls_ocsp_resp_get_nonce.short +FUNCS += functions/gnutls_ocsp_resp_get_produced +FUNCS += functions/gnutls_ocsp_resp_get_produced.short +FUNCS += functions/gnutls_ocsp_resp_get_responder +FUNCS += functions/gnutls_ocsp_resp_get_responder.short +FUNCS += functions/gnutls_ocsp_resp_get_responder2 +FUNCS += functions/gnutls_ocsp_resp_get_responder2.short +FUNCS += functions/gnutls_ocsp_resp_get_responder_raw_id +FUNCS += functions/gnutls_ocsp_resp_get_responder_raw_id.short +FUNCS += functions/gnutls_ocsp_resp_get_response +FUNCS += functions/gnutls_ocsp_resp_get_response.short +FUNCS += functions/gnutls_ocsp_resp_get_signature +FUNCS += functions/gnutls_ocsp_resp_get_signature.short +FUNCS += functions/gnutls_ocsp_resp_get_signature_algorithm +FUNCS += functions/gnutls_ocsp_resp_get_signature_algorithm.short +FUNCS += functions/gnutls_ocsp_resp_get_single +FUNCS += functions/gnutls_ocsp_resp_get_single.short +FUNCS += functions/gnutls_ocsp_resp_get_status +FUNCS += functions/gnutls_ocsp_resp_get_status.short +FUNCS += functions/gnutls_ocsp_resp_get_version +FUNCS += functions/gnutls_ocsp_resp_get_version.short +FUNCS += functions/gnutls_ocsp_resp_import +FUNCS += functions/gnutls_ocsp_resp_import.short +FUNCS += functions/gnutls_ocsp_resp_import2 +FUNCS += functions/gnutls_ocsp_resp_import2.short +FUNCS += functions/gnutls_ocsp_resp_init +FUNCS += functions/gnutls_ocsp_resp_init.short +FUNCS += functions/gnutls_ocsp_resp_list_import2 +FUNCS += functions/gnutls_ocsp_resp_list_import2.short +FUNCS += functions/gnutls_ocsp_resp_print +FUNCS += functions/gnutls_ocsp_resp_print.short +FUNCS += functions/gnutls_ocsp_resp_verify +FUNCS += functions/gnutls_ocsp_resp_verify.short +FUNCS += functions/gnutls_ocsp_resp_verify_direct +FUNCS += functions/gnutls_ocsp_resp_verify_direct.short +FUNCS += functions/gnutls_ocsp_status_request_enable_client +FUNCS += functions/gnutls_ocsp_status_request_enable_client.short +FUNCS += functions/gnutls_ocsp_status_request_get +FUNCS += functions/gnutls_ocsp_status_request_get.short +FUNCS += functions/gnutls_ocsp_status_request_get2 +FUNCS += functions/gnutls_ocsp_status_request_get2.short +FUNCS += functions/gnutls_ocsp_status_request_is_checked +FUNCS += functions/gnutls_ocsp_status_request_is_checked.short +FUNCS += functions/gnutls_oid_to_digest +FUNCS += functions/gnutls_oid_to_digest.short +FUNCS += functions/gnutls_oid_to_ecc_curve +FUNCS += functions/gnutls_oid_to_ecc_curve.short +FUNCS += functions/gnutls_oid_to_gost_paramset +FUNCS += functions/gnutls_oid_to_gost_paramset.short +FUNCS += functions/gnutls_oid_to_mac +FUNCS += functions/gnutls_oid_to_mac.short +FUNCS += functions/gnutls_oid_to_pk +FUNCS += functions/gnutls_oid_to_pk.short +FUNCS += functions/gnutls_oid_to_sign +FUNCS += functions/gnutls_oid_to_sign.short +FUNCS += functions/gnutls_openpgp_privkey_sign_hash +FUNCS += functions/gnutls_openpgp_privkey_sign_hash.short +FUNCS += functions/gnutls_openpgp_send_cert +FUNCS += functions/gnutls_openpgp_send_cert.short +FUNCS += functions/gnutls_packet_deinit +FUNCS += functions/gnutls_packet_deinit.short +FUNCS += functions/gnutls_packet_get +FUNCS += functions/gnutls_packet_get.short +FUNCS += functions/gnutls_pcert_deinit +FUNCS += functions/gnutls_pcert_deinit.short +FUNCS += functions/gnutls_pcert_export_openpgp +FUNCS += functions/gnutls_pcert_export_openpgp.short +FUNCS += functions/gnutls_pcert_export_x509 +FUNCS += functions/gnutls_pcert_export_x509.short +FUNCS += functions/gnutls_pcert_import_openpgp +FUNCS += functions/gnutls_pcert_import_openpgp.short +FUNCS += functions/gnutls_pcert_import_openpgp_raw +FUNCS += functions/gnutls_pcert_import_openpgp_raw.short +FUNCS += functions/gnutls_pcert_import_rawpk +FUNCS += functions/gnutls_pcert_import_rawpk.short +FUNCS += functions/gnutls_pcert_import_rawpk_raw +FUNCS += functions/gnutls_pcert_import_rawpk_raw.short +FUNCS += functions/gnutls_pcert_import_x509 +FUNCS += functions/gnutls_pcert_import_x509.short +FUNCS += functions/gnutls_pcert_import_x509_list +FUNCS += functions/gnutls_pcert_import_x509_list.short +FUNCS += functions/gnutls_pcert_import_x509_raw +FUNCS += functions/gnutls_pcert_import_x509_raw.short +FUNCS += functions/gnutls_pcert_list_import_x509_file +FUNCS += functions/gnutls_pcert_list_import_x509_file.short +FUNCS += functions/gnutls_pcert_list_import_x509_raw +FUNCS += functions/gnutls_pcert_list_import_x509_raw.short +FUNCS += functions/gnutls_pem_base64_decode +FUNCS += functions/gnutls_pem_base64_decode.short +FUNCS += functions/gnutls_pem_base64_decode2 +FUNCS += functions/gnutls_pem_base64_decode2.short +FUNCS += functions/gnutls_pem_base64_encode +FUNCS += functions/gnutls_pem_base64_encode.short +FUNCS += functions/gnutls_pem_base64_encode2 +FUNCS += functions/gnutls_pem_base64_encode2.short +FUNCS += functions/gnutls_perror +FUNCS += functions/gnutls_perror.short +FUNCS += functions/gnutls_pk_algorithm_get_name +FUNCS += functions/gnutls_pk_algorithm_get_name.short +FUNCS += functions/gnutls_pk_bits_to_sec_param +FUNCS += functions/gnutls_pk_bits_to_sec_param.short +FUNCS += functions/gnutls_pkcs11_add_provider +FUNCS += functions/gnutls_pkcs11_add_provider.short +FUNCS += functions/gnutls_pkcs11_copy_attached_extension +FUNCS += functions/gnutls_pkcs11_copy_attached_extension.short +FUNCS += functions/gnutls_pkcs11_copy_pubkey +FUNCS += functions/gnutls_pkcs11_copy_pubkey.short +FUNCS += functions/gnutls_pkcs11_copy_secret_key +FUNCS += functions/gnutls_pkcs11_copy_secret_key.short +FUNCS += functions/gnutls_pkcs11_copy_x509_crt +FUNCS += functions/gnutls_pkcs11_copy_x509_crt.short +FUNCS += functions/gnutls_pkcs11_copy_x509_crt2 +FUNCS += functions/gnutls_pkcs11_copy_x509_crt2.short +FUNCS += functions/gnutls_pkcs11_copy_x509_privkey +FUNCS += functions/gnutls_pkcs11_copy_x509_privkey.short +FUNCS += functions/gnutls_pkcs11_copy_x509_privkey2 +FUNCS += functions/gnutls_pkcs11_copy_x509_privkey2.short +FUNCS += functions/gnutls_pkcs11_crt_is_known +FUNCS += functions/gnutls_pkcs11_crt_is_known.short +FUNCS += functions/gnutls_pkcs11_deinit +FUNCS += functions/gnutls_pkcs11_deinit.short +FUNCS += functions/gnutls_pkcs11_delete_url +FUNCS += functions/gnutls_pkcs11_delete_url.short +FUNCS += functions/gnutls_pkcs11_get_pin_function +FUNCS += functions/gnutls_pkcs11_get_pin_function.short +FUNCS += functions/gnutls_pkcs11_get_raw_issuer +FUNCS += functions/gnutls_pkcs11_get_raw_issuer.short +FUNCS += functions/gnutls_pkcs11_get_raw_issuer_by_dn +FUNCS += functions/gnutls_pkcs11_get_raw_issuer_by_dn.short +FUNCS += functions/gnutls_pkcs11_get_raw_issuer_by_subject_key_id +FUNCS += functions/gnutls_pkcs11_get_raw_issuer_by_subject_key_id.short +FUNCS += functions/gnutls_pkcs11_init +FUNCS += functions/gnutls_pkcs11_init.short +FUNCS += functions/gnutls_pkcs11_obj_deinit +FUNCS += functions/gnutls_pkcs11_obj_deinit.short +FUNCS += functions/gnutls_pkcs11_obj_export +FUNCS += functions/gnutls_pkcs11_obj_export.short +FUNCS += functions/gnutls_pkcs11_obj_export2 +FUNCS += functions/gnutls_pkcs11_obj_export2.short +FUNCS += functions/gnutls_pkcs11_obj_export3 +FUNCS += functions/gnutls_pkcs11_obj_export3.short +FUNCS += functions/gnutls_pkcs11_obj_export_url +FUNCS += functions/gnutls_pkcs11_obj_export_url.short +FUNCS += functions/gnutls_pkcs11_obj_flags_get_str +FUNCS += functions/gnutls_pkcs11_obj_flags_get_str.short +FUNCS += functions/gnutls_pkcs11_obj_get_exts +FUNCS += functions/gnutls_pkcs11_obj_get_exts.short +FUNCS += functions/gnutls_pkcs11_obj_get_flags +FUNCS += functions/gnutls_pkcs11_obj_get_flags.short +FUNCS += functions/gnutls_pkcs11_obj_get_info +FUNCS += functions/gnutls_pkcs11_obj_get_info.short +FUNCS += functions/gnutls_pkcs11_obj_get_ptr +FUNCS += functions/gnutls_pkcs11_obj_get_ptr.short +FUNCS += functions/gnutls_pkcs11_obj_get_type +FUNCS += functions/gnutls_pkcs11_obj_get_type.short +FUNCS += functions/gnutls_pkcs11_obj_import_url +FUNCS += functions/gnutls_pkcs11_obj_import_url.short +FUNCS += functions/gnutls_pkcs11_obj_init +FUNCS += functions/gnutls_pkcs11_obj_init.short +FUNCS += functions/gnutls_pkcs11_obj_list_import_url3 +FUNCS += functions/gnutls_pkcs11_obj_list_import_url3.short +FUNCS += functions/gnutls_pkcs11_obj_list_import_url4 +FUNCS += functions/gnutls_pkcs11_obj_list_import_url4.short +FUNCS += functions/gnutls_pkcs11_obj_set_info +FUNCS += functions/gnutls_pkcs11_obj_set_info.short +FUNCS += functions/gnutls_pkcs11_obj_set_pin_function +FUNCS += functions/gnutls_pkcs11_obj_set_pin_function.short +FUNCS += functions/gnutls_pkcs11_privkey_cpy +FUNCS += functions/gnutls_pkcs11_privkey_cpy.short +FUNCS += functions/gnutls_pkcs11_privkey_deinit +FUNCS += functions/gnutls_pkcs11_privkey_deinit.short +FUNCS += functions/gnutls_pkcs11_privkey_export_pubkey +FUNCS += functions/gnutls_pkcs11_privkey_export_pubkey.short +FUNCS += functions/gnutls_pkcs11_privkey_export_url +FUNCS += functions/gnutls_pkcs11_privkey_export_url.short +FUNCS += functions/gnutls_pkcs11_privkey_generate +FUNCS += functions/gnutls_pkcs11_privkey_generate.short +FUNCS += functions/gnutls_pkcs11_privkey_generate2 +FUNCS += functions/gnutls_pkcs11_privkey_generate2.short +FUNCS += functions/gnutls_pkcs11_privkey_generate3 +FUNCS += functions/gnutls_pkcs11_privkey_generate3.short +FUNCS += functions/gnutls_pkcs11_privkey_get_info +FUNCS += functions/gnutls_pkcs11_privkey_get_info.short +FUNCS += functions/gnutls_pkcs11_privkey_get_pk_algorithm +FUNCS += functions/gnutls_pkcs11_privkey_get_pk_algorithm.short +FUNCS += functions/gnutls_pkcs11_privkey_import_url +FUNCS += functions/gnutls_pkcs11_privkey_import_url.short +FUNCS += functions/gnutls_pkcs11_privkey_init +FUNCS += functions/gnutls_pkcs11_privkey_init.short +FUNCS += functions/gnutls_pkcs11_privkey_set_pin_function +FUNCS += functions/gnutls_pkcs11_privkey_set_pin_function.short +FUNCS += functions/gnutls_pkcs11_privkey_status +FUNCS += functions/gnutls_pkcs11_privkey_status.short +FUNCS += functions/gnutls_pkcs11_reinit +FUNCS += functions/gnutls_pkcs11_reinit.short +FUNCS += functions/gnutls_pkcs11_set_pin_function +FUNCS += functions/gnutls_pkcs11_set_pin_function.short +FUNCS += functions/gnutls_pkcs11_set_token_function +FUNCS += functions/gnutls_pkcs11_set_token_function.short +FUNCS += functions/gnutls_pkcs11_token_check_mechanism +FUNCS += functions/gnutls_pkcs11_token_check_mechanism.short +FUNCS += functions/gnutls_pkcs11_token_get_flags +FUNCS += functions/gnutls_pkcs11_token_get_flags.short +FUNCS += functions/gnutls_pkcs11_token_get_info +FUNCS += functions/gnutls_pkcs11_token_get_info.short +FUNCS += functions/gnutls_pkcs11_token_get_mechanism +FUNCS += functions/gnutls_pkcs11_token_get_mechanism.short +FUNCS += functions/gnutls_pkcs11_token_get_ptr +FUNCS += functions/gnutls_pkcs11_token_get_ptr.short +FUNCS += functions/gnutls_pkcs11_token_get_random +FUNCS += functions/gnutls_pkcs11_token_get_random.short +FUNCS += functions/gnutls_pkcs11_token_get_url +FUNCS += functions/gnutls_pkcs11_token_get_url.short +FUNCS += functions/gnutls_pkcs11_token_init +FUNCS += functions/gnutls_pkcs11_token_init.short +FUNCS += functions/gnutls_pkcs11_token_set_pin +FUNCS += functions/gnutls_pkcs11_token_set_pin.short +FUNCS += functions/gnutls_pkcs11_type_get_name +FUNCS += functions/gnutls_pkcs11_type_get_name.short +FUNCS += functions/gnutls_pkcs12_bag_decrypt +FUNCS += functions/gnutls_pkcs12_bag_decrypt.short +FUNCS += functions/gnutls_pkcs12_bag_deinit +FUNCS += functions/gnutls_pkcs12_bag_deinit.short +FUNCS += functions/gnutls_pkcs12_bag_enc_info +FUNCS += functions/gnutls_pkcs12_bag_enc_info.short +FUNCS += functions/gnutls_pkcs12_bag_encrypt +FUNCS += functions/gnutls_pkcs12_bag_encrypt.short +FUNCS += functions/gnutls_pkcs12_bag_get_count +FUNCS += functions/gnutls_pkcs12_bag_get_count.short +FUNCS += functions/gnutls_pkcs12_bag_get_data +FUNCS += functions/gnutls_pkcs12_bag_get_data.short +FUNCS += functions/gnutls_pkcs12_bag_get_friendly_name +FUNCS += functions/gnutls_pkcs12_bag_get_friendly_name.short +FUNCS += functions/gnutls_pkcs12_bag_get_key_id +FUNCS += functions/gnutls_pkcs12_bag_get_key_id.short +FUNCS += functions/gnutls_pkcs12_bag_get_type +FUNCS += functions/gnutls_pkcs12_bag_get_type.short +FUNCS += functions/gnutls_pkcs12_bag_init +FUNCS += functions/gnutls_pkcs12_bag_init.short +FUNCS += functions/gnutls_pkcs12_bag_set_crl +FUNCS += functions/gnutls_pkcs12_bag_set_crl.short +FUNCS += functions/gnutls_pkcs12_bag_set_crt +FUNCS += functions/gnutls_pkcs12_bag_set_crt.short +FUNCS += functions/gnutls_pkcs12_bag_set_data +FUNCS += functions/gnutls_pkcs12_bag_set_data.short +FUNCS += functions/gnutls_pkcs12_bag_set_friendly_name +FUNCS += functions/gnutls_pkcs12_bag_set_friendly_name.short +FUNCS += functions/gnutls_pkcs12_bag_set_key_id +FUNCS += functions/gnutls_pkcs12_bag_set_key_id.short +FUNCS += functions/gnutls_pkcs12_bag_set_privkey +FUNCS += functions/gnutls_pkcs12_bag_set_privkey.short +FUNCS += functions/gnutls_pkcs12_deinit +FUNCS += functions/gnutls_pkcs12_deinit.short +FUNCS += functions/gnutls_pkcs12_export +FUNCS += functions/gnutls_pkcs12_export.short +FUNCS += functions/gnutls_pkcs12_export2 +FUNCS += functions/gnutls_pkcs12_export2.short +FUNCS += functions/gnutls_pkcs12_generate_mac +FUNCS += functions/gnutls_pkcs12_generate_mac.short +FUNCS += functions/gnutls_pkcs12_generate_mac2 +FUNCS += functions/gnutls_pkcs12_generate_mac2.short +FUNCS += functions/gnutls_pkcs12_get_bag +FUNCS += functions/gnutls_pkcs12_get_bag.short +FUNCS += functions/gnutls_pkcs12_import +FUNCS += functions/gnutls_pkcs12_import.short +FUNCS += functions/gnutls_pkcs12_init +FUNCS += functions/gnutls_pkcs12_init.short +FUNCS += functions/gnutls_pkcs12_mac_info +FUNCS += functions/gnutls_pkcs12_mac_info.short +FUNCS += functions/gnutls_pkcs12_set_bag +FUNCS += functions/gnutls_pkcs12_set_bag.short +FUNCS += functions/gnutls_pkcs12_simple_parse +FUNCS += functions/gnutls_pkcs12_simple_parse.short +FUNCS += functions/gnutls_pkcs12_verify_mac +FUNCS += functions/gnutls_pkcs12_verify_mac.short +FUNCS += functions/gnutls_pkcs7_add_attr +FUNCS += functions/gnutls_pkcs7_add_attr.short +FUNCS += functions/gnutls_pkcs7_attrs_deinit +FUNCS += functions/gnutls_pkcs7_attrs_deinit.short +FUNCS += functions/gnutls_pkcs7_deinit +FUNCS += functions/gnutls_pkcs7_deinit.short +FUNCS += functions/gnutls_pkcs7_delete_crl +FUNCS += functions/gnutls_pkcs7_delete_crl.short +FUNCS += functions/gnutls_pkcs7_delete_crt +FUNCS += functions/gnutls_pkcs7_delete_crt.short +FUNCS += functions/gnutls_pkcs7_export +FUNCS += functions/gnutls_pkcs7_export.short +FUNCS += functions/gnutls_pkcs7_export2 +FUNCS += functions/gnutls_pkcs7_export2.short +FUNCS += functions/gnutls_pkcs7_get_attr +FUNCS += functions/gnutls_pkcs7_get_attr.short +FUNCS += functions/gnutls_pkcs7_get_crl_count +FUNCS += functions/gnutls_pkcs7_get_crl_count.short +FUNCS += functions/gnutls_pkcs7_get_crl_raw +FUNCS += functions/gnutls_pkcs7_get_crl_raw.short +FUNCS += functions/gnutls_pkcs7_get_crl_raw2 +FUNCS += functions/gnutls_pkcs7_get_crl_raw2.short +FUNCS += functions/gnutls_pkcs7_get_crt_count +FUNCS += functions/gnutls_pkcs7_get_crt_count.short +FUNCS += functions/gnutls_pkcs7_get_crt_raw +FUNCS += functions/gnutls_pkcs7_get_crt_raw.short +FUNCS += functions/gnutls_pkcs7_get_crt_raw2 +FUNCS += functions/gnutls_pkcs7_get_crt_raw2.short +FUNCS += functions/gnutls_pkcs7_get_embedded_data +FUNCS += functions/gnutls_pkcs7_get_embedded_data.short +FUNCS += functions/gnutls_pkcs7_get_embedded_data_oid +FUNCS += functions/gnutls_pkcs7_get_embedded_data_oid.short +FUNCS += functions/gnutls_pkcs7_get_signature_count +FUNCS += functions/gnutls_pkcs7_get_signature_count.short +FUNCS += functions/gnutls_pkcs7_get_signature_info +FUNCS += functions/gnutls_pkcs7_get_signature_info.short +FUNCS += functions/gnutls_pkcs7_import +FUNCS += functions/gnutls_pkcs7_import.short +FUNCS += functions/gnutls_pkcs7_init +FUNCS += functions/gnutls_pkcs7_init.short +FUNCS += functions/gnutls_pkcs7_print +FUNCS += functions/gnutls_pkcs7_print.short +FUNCS += functions/gnutls_pkcs7_set_crl +FUNCS += functions/gnutls_pkcs7_set_crl.short +FUNCS += functions/gnutls_pkcs7_set_crl_raw +FUNCS += functions/gnutls_pkcs7_set_crl_raw.short +FUNCS += functions/gnutls_pkcs7_set_crt +FUNCS += functions/gnutls_pkcs7_set_crt.short +FUNCS += functions/gnutls_pkcs7_set_crt_raw +FUNCS += functions/gnutls_pkcs7_set_crt_raw.short +FUNCS += functions/gnutls_pkcs7_sign +FUNCS += functions/gnutls_pkcs7_sign.short +FUNCS += functions/gnutls_pkcs7_signature_info_deinit +FUNCS += functions/gnutls_pkcs7_signature_info_deinit.short +FUNCS += functions/gnutls_pkcs7_verify +FUNCS += functions/gnutls_pkcs7_verify.short +FUNCS += functions/gnutls_pkcs7_verify_direct +FUNCS += functions/gnutls_pkcs7_verify_direct.short +FUNCS += functions/gnutls_pkcs8_info +FUNCS += functions/gnutls_pkcs8_info.short +FUNCS += functions/gnutls_pkcs_schema_get_name +FUNCS += functions/gnutls_pkcs_schema_get_name.short +FUNCS += functions/gnutls_pkcs_schema_get_oid +FUNCS += functions/gnutls_pkcs_schema_get_oid.short +FUNCS += functions/gnutls_pk_get_id +FUNCS += functions/gnutls_pk_get_id.short +FUNCS += functions/gnutls_pk_get_name +FUNCS += functions/gnutls_pk_get_name.short +FUNCS += functions/gnutls_pk_get_oid +FUNCS += functions/gnutls_pk_get_oid.short +FUNCS += functions/gnutls_pk_list +FUNCS += functions/gnutls_pk_list.short +FUNCS += functions/gnutls_pk_to_sign +FUNCS += functions/gnutls_pk_to_sign.short +FUNCS += functions/gnutls_prf +FUNCS += functions/gnutls_prf.short +FUNCS += functions/gnutls_prf_early +FUNCS += functions/gnutls_prf_early.short +FUNCS += functions/gnutls_prf_raw +FUNCS += functions/gnutls_prf_raw.short +FUNCS += functions/gnutls_prf_rfc5705 +FUNCS += functions/gnutls_prf_rfc5705.short +FUNCS += functions/gnutls_priority_certificate_type_list +FUNCS += functions/gnutls_priority_certificate_type_list.short +FUNCS += functions/gnutls_priority_certificate_type_list2 +FUNCS += functions/gnutls_priority_certificate_type_list2.short +FUNCS += functions/gnutls_priority_cipher_list +FUNCS += functions/gnutls_priority_cipher_list.short +FUNCS += functions/gnutls_priority_compression_list +FUNCS += functions/gnutls_priority_compression_list.short +FUNCS += functions/gnutls_priority_deinit +FUNCS += functions/gnutls_priority_deinit.short +FUNCS += functions/gnutls_priority_ecc_curve_list +FUNCS += functions/gnutls_priority_ecc_curve_list.short +FUNCS += functions/gnutls_priority_get_cipher_suite_index +FUNCS += functions/gnutls_priority_get_cipher_suite_index.short +FUNCS += functions/gnutls_priority_group_list +FUNCS += functions/gnutls_priority_group_list.short +FUNCS += functions/gnutls_priority_init +FUNCS += functions/gnutls_priority_init.short +FUNCS += functions/gnutls_priority_init2 +FUNCS += functions/gnutls_priority_init2.short +FUNCS += functions/gnutls_priority_kx_list +FUNCS += functions/gnutls_priority_kx_list.short +FUNCS += functions/gnutls_priority_mac_list +FUNCS += functions/gnutls_priority_mac_list.short +FUNCS += functions/gnutls_priority_protocol_list +FUNCS += functions/gnutls_priority_protocol_list.short +FUNCS += functions/gnutls_priority_set +FUNCS += functions/gnutls_priority_set.short +FUNCS += functions/gnutls_priority_set_direct +FUNCS += functions/gnutls_priority_set_direct.short +FUNCS += functions/gnutls_priority_sign_list +FUNCS += functions/gnutls_priority_sign_list.short +FUNCS += functions/gnutls_priority_string_list +FUNCS += functions/gnutls_priority_string_list.short +FUNCS += functions/gnutls_privkey_decrypt_data +FUNCS += functions/gnutls_privkey_decrypt_data.short +FUNCS += functions/gnutls_privkey_decrypt_data2 +FUNCS += functions/gnutls_privkey_decrypt_data2.short +FUNCS += functions/gnutls_privkey_deinit +FUNCS += functions/gnutls_privkey_deinit.short +FUNCS += functions/gnutls_privkey_export_dsa_raw +FUNCS += functions/gnutls_privkey_export_dsa_raw.short +FUNCS += functions/gnutls_privkey_export_dsa_raw2 +FUNCS += functions/gnutls_privkey_export_dsa_raw2.short +FUNCS += functions/gnutls_privkey_export_ecc_raw +FUNCS += functions/gnutls_privkey_export_ecc_raw.short +FUNCS += functions/gnutls_privkey_export_ecc_raw2 +FUNCS += functions/gnutls_privkey_export_ecc_raw2.short +FUNCS += functions/gnutls_privkey_export_gost_raw2 +FUNCS += functions/gnutls_privkey_export_gost_raw2.short +FUNCS += functions/gnutls_privkey_export_openpgp +FUNCS += functions/gnutls_privkey_export_openpgp.short +FUNCS += functions/gnutls_privkey_export_pkcs11 +FUNCS += functions/gnutls_privkey_export_pkcs11.short +FUNCS += functions/gnutls_privkey_export_rsa_raw +FUNCS += functions/gnutls_privkey_export_rsa_raw.short +FUNCS += functions/gnutls_privkey_export_rsa_raw2 +FUNCS += functions/gnutls_privkey_export_rsa_raw2.short +FUNCS += functions/gnutls_privkey_export_x509 +FUNCS += functions/gnutls_privkey_export_x509.short +FUNCS += functions/gnutls_privkey_generate +FUNCS += functions/gnutls_privkey_generate.short +FUNCS += functions/gnutls_privkey_generate2 +FUNCS += functions/gnutls_privkey_generate2.short +FUNCS += functions/gnutls_privkey_get_pk_algorithm +FUNCS += functions/gnutls_privkey_get_pk_algorithm.short +FUNCS += functions/gnutls_privkey_get_seed +FUNCS += functions/gnutls_privkey_get_seed.short +FUNCS += functions/gnutls_privkey_get_spki +FUNCS += functions/gnutls_privkey_get_spki.short +FUNCS += functions/gnutls_privkey_get_type +FUNCS += functions/gnutls_privkey_get_type.short +FUNCS += functions/gnutls_privkey_import_dsa_raw +FUNCS += functions/gnutls_privkey_import_dsa_raw.short +FUNCS += functions/gnutls_privkey_import_ecc_raw +FUNCS += functions/gnutls_privkey_import_ecc_raw.short +FUNCS += functions/gnutls_privkey_import_ext +FUNCS += functions/gnutls_privkey_import_ext.short +FUNCS += functions/gnutls_privkey_import_ext2 +FUNCS += functions/gnutls_privkey_import_ext2.short +FUNCS += functions/gnutls_privkey_import_ext3 +FUNCS += functions/gnutls_privkey_import_ext3.short +FUNCS += functions/gnutls_privkey_import_ext4 +FUNCS += functions/gnutls_privkey_import_ext4.short +FUNCS += functions/gnutls_privkey_import_gost_raw +FUNCS += functions/gnutls_privkey_import_gost_raw.short +FUNCS += functions/gnutls_privkey_import_openpgp +FUNCS += functions/gnutls_privkey_import_openpgp.short +FUNCS += functions/gnutls_privkey_import_openpgp_raw +FUNCS += functions/gnutls_privkey_import_openpgp_raw.short +FUNCS += functions/gnutls_privkey_import_pkcs11 +FUNCS += functions/gnutls_privkey_import_pkcs11.short +FUNCS += functions/gnutls_privkey_import_pkcs11_url +FUNCS += functions/gnutls_privkey_import_pkcs11_url.short +FUNCS += functions/gnutls_privkey_import_rsa_raw +FUNCS += functions/gnutls_privkey_import_rsa_raw.short +FUNCS += functions/gnutls_privkey_import_tpm_raw +FUNCS += functions/gnutls_privkey_import_tpm_raw.short +FUNCS += functions/gnutls_privkey_import_tpm_url +FUNCS += functions/gnutls_privkey_import_tpm_url.short +FUNCS += functions/gnutls_privkey_import_url +FUNCS += functions/gnutls_privkey_import_url.short +FUNCS += functions/gnutls_privkey_import_x509 +FUNCS += functions/gnutls_privkey_import_x509.short +FUNCS += functions/gnutls_privkey_import_x509_raw +FUNCS += functions/gnutls_privkey_import_x509_raw.short +FUNCS += functions/gnutls_privkey_init +FUNCS += functions/gnutls_privkey_init.short +FUNCS += functions/gnutls_privkey_set_flags +FUNCS += functions/gnutls_privkey_set_flags.short +FUNCS += functions/gnutls_privkey_set_pin_function +FUNCS += functions/gnutls_privkey_set_pin_function.short +FUNCS += functions/gnutls_privkey_set_spki +FUNCS += functions/gnutls_privkey_set_spki.short +FUNCS += functions/gnutls_privkey_sign_data +FUNCS += functions/gnutls_privkey_sign_data.short +FUNCS += functions/gnutls_privkey_sign_data2 +FUNCS += functions/gnutls_privkey_sign_data2.short +FUNCS += functions/gnutls_privkey_sign_hash +FUNCS += functions/gnutls_privkey_sign_hash.short +FUNCS += functions/gnutls_privkey_sign_hash2 +FUNCS += functions/gnutls_privkey_sign_hash2.short +FUNCS += functions/gnutls_privkey_status +FUNCS += functions/gnutls_privkey_status.short +FUNCS += functions/gnutls_privkey_verify_params +FUNCS += functions/gnutls_privkey_verify_params.short +FUNCS += functions/gnutls_privkey_verify_seed +FUNCS += functions/gnutls_privkey_verify_seed.short +FUNCS += functions/gnutls_protocol_get_id +FUNCS += functions/gnutls_protocol_get_id.short +FUNCS += functions/gnutls_protocol_get_name +FUNCS += functions/gnutls_protocol_get_name.short +FUNCS += functions/gnutls_protocol_get_version +FUNCS += functions/gnutls_protocol_get_version.short +FUNCS += functions/gnutls_protocol_list +FUNCS += functions/gnutls_protocol_list.short +FUNCS += functions/gnutls_psk_allocate_client_credentials +FUNCS += functions/gnutls_psk_allocate_client_credentials.short +FUNCS += functions/gnutls_psk_allocate_server_credentials +FUNCS += functions/gnutls_psk_allocate_server_credentials.short +FUNCS += functions/gnutls_psk_client_get_hint +FUNCS += functions/gnutls_psk_client_get_hint.short +FUNCS += functions/gnutls_psk_free_client_credentials +FUNCS += functions/gnutls_psk_free_client_credentials.short +FUNCS += functions/gnutls_psk_free_server_credentials +FUNCS += functions/gnutls_psk_free_server_credentials.short +FUNCS += functions/gnutls_psk_server_get_username +FUNCS += functions/gnutls_psk_server_get_username.short +FUNCS += functions/gnutls_psk_set_client_credentials +FUNCS += functions/gnutls_psk_set_client_credentials.short +FUNCS += functions/gnutls_psk_set_client_credentials_function +FUNCS += functions/gnutls_psk_set_client_credentials_function.short +FUNCS += functions/gnutls_psk_set_params_function +FUNCS += functions/gnutls_psk_set_params_function.short +FUNCS += functions/gnutls_psk_set_server_credentials_file +FUNCS += functions/gnutls_psk_set_server_credentials_file.short +FUNCS += functions/gnutls_psk_set_server_credentials_function +FUNCS += functions/gnutls_psk_set_server_credentials_function.short +FUNCS += functions/gnutls_psk_set_server_credentials_hint +FUNCS += functions/gnutls_psk_set_server_credentials_hint.short +FUNCS += functions/gnutls_psk_set_server_dh_params +FUNCS += functions/gnutls_psk_set_server_dh_params.short +FUNCS += functions/gnutls_psk_set_server_known_dh_params +FUNCS += functions/gnutls_psk_set_server_known_dh_params.short +FUNCS += functions/gnutls_psk_set_server_params_function +FUNCS += functions/gnutls_psk_set_server_params_function.short +FUNCS += functions/gnutls_pubkey_deinit +FUNCS += functions/gnutls_pubkey_deinit.short +FUNCS += functions/gnutls_pubkey_encrypt_data +FUNCS += functions/gnutls_pubkey_encrypt_data.short +FUNCS += functions/gnutls_pubkey_export +FUNCS += functions/gnutls_pubkey_export.short +FUNCS += functions/gnutls_pubkey_export2 +FUNCS += functions/gnutls_pubkey_export2.short +FUNCS += functions/gnutls_pubkey_export_dsa_raw +FUNCS += functions/gnutls_pubkey_export_dsa_raw.short +FUNCS += functions/gnutls_pubkey_export_dsa_raw2 +FUNCS += functions/gnutls_pubkey_export_dsa_raw2.short +FUNCS += functions/gnutls_pubkey_export_ecc_raw +FUNCS += functions/gnutls_pubkey_export_ecc_raw.short +FUNCS += functions/gnutls_pubkey_export_ecc_raw2 +FUNCS += functions/gnutls_pubkey_export_ecc_raw2.short +FUNCS += functions/gnutls_pubkey_export_ecc_x962 +FUNCS += functions/gnutls_pubkey_export_ecc_x962.short +FUNCS += functions/gnutls_pubkey_export_gost_raw2 +FUNCS += functions/gnutls_pubkey_export_gost_raw2.short +FUNCS += functions/gnutls_pubkey_export_rsa_raw +FUNCS += functions/gnutls_pubkey_export_rsa_raw.short +FUNCS += functions/gnutls_pubkey_export_rsa_raw2 +FUNCS += functions/gnutls_pubkey_export_rsa_raw2.short +FUNCS += functions/gnutls_pubkey_get_key_id +FUNCS += functions/gnutls_pubkey_get_key_id.short +FUNCS += functions/gnutls_pubkey_get_key_usage +FUNCS += functions/gnutls_pubkey_get_key_usage.short +FUNCS += functions/gnutls_pubkey_get_openpgp_key_id +FUNCS += functions/gnutls_pubkey_get_openpgp_key_id.short +FUNCS += functions/gnutls_pubkey_get_pk_algorithm +FUNCS += functions/gnutls_pubkey_get_pk_algorithm.short +FUNCS += functions/gnutls_pubkey_get_preferred_hash_algorithm +FUNCS += functions/gnutls_pubkey_get_preferred_hash_algorithm.short +FUNCS += functions/gnutls_pubkey_get_spki +FUNCS += functions/gnutls_pubkey_get_spki.short +FUNCS += functions/gnutls_pubkey_import +FUNCS += functions/gnutls_pubkey_import.short +FUNCS += functions/gnutls_pubkey_import_dsa_raw +FUNCS += functions/gnutls_pubkey_import_dsa_raw.short +FUNCS += functions/gnutls_pubkey_import_ecc_raw +FUNCS += functions/gnutls_pubkey_import_ecc_raw.short +FUNCS += functions/gnutls_pubkey_import_ecc_x962 +FUNCS += functions/gnutls_pubkey_import_ecc_x962.short +FUNCS += functions/gnutls_pubkey_import_gost_raw +FUNCS += functions/gnutls_pubkey_import_gost_raw.short +FUNCS += functions/gnutls_pubkey_import_openpgp +FUNCS += functions/gnutls_pubkey_import_openpgp.short +FUNCS += functions/gnutls_pubkey_import_openpgp_raw +FUNCS += functions/gnutls_pubkey_import_openpgp_raw.short +FUNCS += functions/gnutls_pubkey_import_pkcs11 +FUNCS += functions/gnutls_pubkey_import_pkcs11.short +FUNCS += functions/gnutls_pubkey_import_privkey +FUNCS += functions/gnutls_pubkey_import_privkey.short +FUNCS += functions/gnutls_pubkey_import_rsa_raw +FUNCS += functions/gnutls_pubkey_import_rsa_raw.short +FUNCS += functions/gnutls_pubkey_import_tpm_raw +FUNCS += functions/gnutls_pubkey_import_tpm_raw.short +FUNCS += functions/gnutls_pubkey_import_tpm_url +FUNCS += functions/gnutls_pubkey_import_tpm_url.short +FUNCS += functions/gnutls_pubkey_import_url +FUNCS += functions/gnutls_pubkey_import_url.short +FUNCS += functions/gnutls_pubkey_import_x509 +FUNCS += functions/gnutls_pubkey_import_x509.short +FUNCS += functions/gnutls_pubkey_import_x509_crq +FUNCS += functions/gnutls_pubkey_import_x509_crq.short +FUNCS += functions/gnutls_pubkey_import_x509_raw +FUNCS += functions/gnutls_pubkey_import_x509_raw.short +FUNCS += functions/gnutls_pubkey_init +FUNCS += functions/gnutls_pubkey_init.short +FUNCS += functions/gnutls_pubkey_print +FUNCS += functions/gnutls_pubkey_print.short +FUNCS += functions/gnutls_pubkey_set_key_usage +FUNCS += functions/gnutls_pubkey_set_key_usage.short +FUNCS += functions/gnutls_pubkey_set_pin_function +FUNCS += functions/gnutls_pubkey_set_pin_function.short +FUNCS += functions/gnutls_pubkey_set_spki +FUNCS += functions/gnutls_pubkey_set_spki.short +FUNCS += functions/gnutls_pubkey_verify_data2 +FUNCS += functions/gnutls_pubkey_verify_data2.short +FUNCS += functions/gnutls_pubkey_verify_hash2 +FUNCS += functions/gnutls_pubkey_verify_hash2.short +FUNCS += functions/gnutls_pubkey_verify_params +FUNCS += functions/gnutls_pubkey_verify_params.short +FUNCS += functions/gnutls_random_art +FUNCS += functions/gnutls_random_art.short +FUNCS += functions/gnutls_range_split +FUNCS += functions/gnutls_range_split.short +FUNCS += functions/gnutls_reauth +FUNCS += functions/gnutls_reauth.short +FUNCS += functions/gnutls_record_can_use_length_hiding +FUNCS += functions/gnutls_record_can_use_length_hiding.short +FUNCS += functions/gnutls_record_check_corked +FUNCS += functions/gnutls_record_check_corked.short +FUNCS += functions/gnutls_record_check_pending +FUNCS += functions/gnutls_record_check_pending.short +FUNCS += functions/gnutls_record_cork +FUNCS += functions/gnutls_record_cork.short +FUNCS += functions/gnutls_record_disable_padding +FUNCS += functions/gnutls_record_disable_padding.short +FUNCS += functions/gnutls_record_discard_queued +FUNCS += functions/gnutls_record_discard_queued.short +FUNCS += functions/gnutls_record_get_direction +FUNCS += functions/gnutls_record_get_direction.short +FUNCS += functions/gnutls_record_get_discarded +FUNCS += functions/gnutls_record_get_discarded.short +FUNCS += functions/gnutls_record_get_max_early_data_size +FUNCS += functions/gnutls_record_get_max_early_data_size.short +FUNCS += functions/gnutls_record_get_max_size +FUNCS += functions/gnutls_record_get_max_size.short +FUNCS += functions/gnutls_record_get_state +FUNCS += functions/gnutls_record_get_state.short +FUNCS += functions/gnutls_record_overhead_size +FUNCS += functions/gnutls_record_overhead_size.short +FUNCS += functions/gnutls_record_recv +FUNCS += functions/gnutls_record_recv.short +FUNCS += functions/gnutls_record_recv_early_data +FUNCS += functions/gnutls_record_recv_early_data.short +FUNCS += functions/gnutls_record_recv_packet +FUNCS += functions/gnutls_record_recv_packet.short +FUNCS += functions/gnutls_record_recv_seq +FUNCS += functions/gnutls_record_recv_seq.short +FUNCS += functions/gnutls_record_send +FUNCS += functions/gnutls_record_send.short +FUNCS += functions/gnutls_record_send2 +FUNCS += functions/gnutls_record_send2.short +FUNCS += functions/gnutls_record_send_early_data +FUNCS += functions/gnutls_record_send_early_data.short +FUNCS += functions/gnutls_record_send_range +FUNCS += functions/gnutls_record_send_range.short +FUNCS += functions/gnutls_record_set_max_early_data_size +FUNCS += functions/gnutls_record_set_max_early_data_size.short +FUNCS += functions/gnutls_record_set_max_recv_size +FUNCS += functions/gnutls_record_set_max_recv_size.short +FUNCS += functions/gnutls_record_set_max_size +FUNCS += functions/gnutls_record_set_max_size.short +FUNCS += functions/gnutls_record_set_state +FUNCS += functions/gnutls_record_set_state.short +FUNCS += functions/gnutls_record_set_timeout +FUNCS += functions/gnutls_record_set_timeout.short +FUNCS += functions/gnutls_record_uncork +FUNCS += functions/gnutls_record_uncork.short +FUNCS += functions/gnutls_register_custom_url +FUNCS += functions/gnutls_register_custom_url.short +FUNCS += functions/gnutls_rehandshake +FUNCS += functions/gnutls_rehandshake.short +FUNCS += functions/gnutls_rnd +FUNCS += functions/gnutls_rnd.short +FUNCS += functions/gnutls_rnd_refresh +FUNCS += functions/gnutls_rnd_refresh.short +FUNCS += functions/gnutls_safe_renegotiation_status +FUNCS += functions/gnutls_safe_renegotiation_status.short +FUNCS += functions/gnutls_sec_param_get_name +FUNCS += functions/gnutls_sec_param_get_name.short +FUNCS += functions/gnutls_sec_param_to_pk_bits +FUNCS += functions/gnutls_sec_param_to_pk_bits.short +FUNCS += functions/gnutls_sec_param_to_symmetric_bits +FUNCS += functions/gnutls_sec_param_to_symmetric_bits.short +FUNCS += functions/gnutls_server_name_get +FUNCS += functions/gnutls_server_name_get.short +FUNCS += functions/gnutls_server_name_set +FUNCS += functions/gnutls_server_name_set.short +FUNCS += functions/gnutls_session_channel_binding +FUNCS += functions/gnutls_session_channel_binding.short +FUNCS += functions/gnutls_session_enable_compatibility_mode +FUNCS += functions/gnutls_session_enable_compatibility_mode.short +FUNCS += functions/gnutls_session_etm_status +FUNCS += functions/gnutls_session_etm_status.short +FUNCS += functions/gnutls_session_ext_master_secret_status +FUNCS += functions/gnutls_session_ext_master_secret_status.short +FUNCS += functions/gnutls_session_ext_register +FUNCS += functions/gnutls_session_ext_register.short +FUNCS += functions/gnutls_session_force_valid +FUNCS += functions/gnutls_session_force_valid.short +FUNCS += functions/gnutls_session_get_data +FUNCS += functions/gnutls_session_get_data.short +FUNCS += functions/gnutls_session_get_data2 +FUNCS += functions/gnutls_session_get_data2.short +FUNCS += functions/gnutls_session_get_desc +FUNCS += functions/gnutls_session_get_desc.short +FUNCS += functions/gnutls_session_get_flags +FUNCS += functions/gnutls_session_get_flags.short +FUNCS += functions/gnutls_session_get_id +FUNCS += functions/gnutls_session_get_id.short +FUNCS += functions/gnutls_session_get_id2 +FUNCS += functions/gnutls_session_get_id2.short +FUNCS += functions/gnutls_session_get_master_secret +FUNCS += functions/gnutls_session_get_master_secret.short +FUNCS += functions/gnutls_session_get_ptr +FUNCS += functions/gnutls_session_get_ptr.short +FUNCS += functions/gnutls_session_get_random +FUNCS += functions/gnutls_session_get_random.short +FUNCS += functions/gnutls_session_get_verify_cert_status +FUNCS += functions/gnutls_session_get_verify_cert_status.short +FUNCS += functions/gnutls_session_is_resumed +FUNCS += functions/gnutls_session_is_resumed.short +FUNCS += functions/gnutls_session_key_update +FUNCS += functions/gnutls_session_key_update.short +FUNCS += functions/gnutls_session_resumption_requested +FUNCS += functions/gnutls_session_resumption_requested.short +FUNCS += functions/gnutls_session_set_data +FUNCS += functions/gnutls_session_set_data.short +FUNCS += functions/gnutls_session_set_id +FUNCS += functions/gnutls_session_set_id.short +FUNCS += functions/gnutls_session_set_premaster +FUNCS += functions/gnutls_session_set_premaster.short +FUNCS += functions/gnutls_session_set_ptr +FUNCS += functions/gnutls_session_set_ptr.short +FUNCS += functions/gnutls_session_set_verify_cert +FUNCS += functions/gnutls_session_set_verify_cert.short +FUNCS += functions/gnutls_session_set_verify_cert2 +FUNCS += functions/gnutls_session_set_verify_cert2.short +FUNCS += functions/gnutls_session_set_verify_function +FUNCS += functions/gnutls_session_set_verify_function.short +FUNCS += functions/gnutls_session_supplemental_register +FUNCS += functions/gnutls_session_supplemental_register.short +FUNCS += functions/gnutls_session_ticket_enable_client +FUNCS += functions/gnutls_session_ticket_enable_client.short +FUNCS += functions/gnutls_session_ticket_enable_server +FUNCS += functions/gnutls_session_ticket_enable_server.short +FUNCS += functions/gnutls_session_ticket_key_generate +FUNCS += functions/gnutls_session_ticket_key_generate.short +FUNCS += functions/gnutls_session_ticket_send +FUNCS += functions/gnutls_session_ticket_send.short +FUNCS += functions/gnutls_set_default_priority +FUNCS += functions/gnutls_set_default_priority.short +FUNCS += functions/gnutls_set_default_priority_append +FUNCS += functions/gnutls_set_default_priority_append.short +FUNCS += functions/gnutls_sign_algorithm_get +FUNCS += functions/gnutls_sign_algorithm_get.short +FUNCS += functions/gnutls_sign_algorithm_get_client +FUNCS += functions/gnutls_sign_algorithm_get_client.short +FUNCS += functions/gnutls_sign_algorithm_get_requested +FUNCS += functions/gnutls_sign_algorithm_get_requested.short +FUNCS += functions/gnutls_sign_get_hash_algorithm +FUNCS += functions/gnutls_sign_get_hash_algorithm.short +FUNCS += functions/gnutls_sign_get_id +FUNCS += functions/gnutls_sign_get_id.short +FUNCS += functions/gnutls_sign_get_name +FUNCS += functions/gnutls_sign_get_name.short +FUNCS += functions/gnutls_sign_get_oid +FUNCS += functions/gnutls_sign_get_oid.short +FUNCS += functions/gnutls_sign_get_pk_algorithm +FUNCS += functions/gnutls_sign_get_pk_algorithm.short +FUNCS += functions/gnutls_sign_is_secure +FUNCS += functions/gnutls_sign_is_secure.short +FUNCS += functions/gnutls_sign_is_secure2 +FUNCS += functions/gnutls_sign_is_secure2.short +FUNCS += functions/gnutls_sign_list +FUNCS += functions/gnutls_sign_list.short +FUNCS += functions/gnutls_sign_supports_pk_algorithm +FUNCS += functions/gnutls_sign_supports_pk_algorithm.short +FUNCS += functions/gnutls_srp_allocate_client_credentials +FUNCS += functions/gnutls_srp_allocate_client_credentials.short +FUNCS += functions/gnutls_srp_allocate_server_credentials +FUNCS += functions/gnutls_srp_allocate_server_credentials.short +FUNCS += functions/gnutls_srp_base64_decode +FUNCS += functions/gnutls_srp_base64_decode.short +FUNCS += functions/gnutls_srp_base64_decode2 +FUNCS += functions/gnutls_srp_base64_decode2.short +FUNCS += functions/gnutls_srp_base64_encode +FUNCS += functions/gnutls_srp_base64_encode.short +FUNCS += functions/gnutls_srp_base64_encode2 +FUNCS += functions/gnutls_srp_base64_encode2.short +FUNCS += functions/gnutls_srp_free_client_credentials +FUNCS += functions/gnutls_srp_free_client_credentials.short +FUNCS += functions/gnutls_srp_free_server_credentials +FUNCS += functions/gnutls_srp_free_server_credentials.short +FUNCS += functions/gnutls_srp_server_get_username +FUNCS += functions/gnutls_srp_server_get_username.short +FUNCS += functions/gnutls_srp_set_client_credentials +FUNCS += functions/gnutls_srp_set_client_credentials.short +FUNCS += functions/gnutls_srp_set_client_credentials_function +FUNCS += functions/gnutls_srp_set_client_credentials_function.short +FUNCS += functions/gnutls_srp_set_prime_bits +FUNCS += functions/gnutls_srp_set_prime_bits.short +FUNCS += functions/gnutls_srp_set_server_credentials_file +FUNCS += functions/gnutls_srp_set_server_credentials_file.short +FUNCS += functions/gnutls_srp_set_server_credentials_function +FUNCS += functions/gnutls_srp_set_server_credentials_function.short +FUNCS += functions/gnutls_srp_set_server_fake_salt_seed +FUNCS += functions/gnutls_srp_set_server_fake_salt_seed.short +FUNCS += functions/gnutls_srp_verifier +FUNCS += functions/gnutls_srp_verifier.short +FUNCS += functions/gnutls_srtp_get_keys +FUNCS += functions/gnutls_srtp_get_keys.short +FUNCS += functions/gnutls_srtp_get_mki +FUNCS += functions/gnutls_srtp_get_mki.short +FUNCS += functions/gnutls_srtp_get_profile_id +FUNCS += functions/gnutls_srtp_get_profile_id.short +FUNCS += functions/gnutls_srtp_get_profile_name +FUNCS += functions/gnutls_srtp_get_profile_name.short +FUNCS += functions/gnutls_srtp_get_selected_profile +FUNCS += functions/gnutls_srtp_get_selected_profile.short +FUNCS += functions/gnutls_srtp_set_mki +FUNCS += functions/gnutls_srtp_set_mki.short +FUNCS += functions/gnutls_srtp_set_profile +FUNCS += functions/gnutls_srtp_set_profile.short +FUNCS += functions/gnutls_srtp_set_profile_direct +FUNCS += functions/gnutls_srtp_set_profile_direct.short +FUNCS += functions/gnutls_store_commitment +FUNCS += functions/gnutls_store_commitment.short +FUNCS += functions/gnutls_store_pubkey +FUNCS += functions/gnutls_store_pubkey.short +FUNCS += functions/gnutls_strerror +FUNCS += functions/gnutls_strerror.short +FUNCS += functions/gnutls_strerror_name +FUNCS += functions/gnutls_strerror_name.short +FUNCS += functions/gnutls_subject_alt_names_deinit +FUNCS += functions/gnutls_subject_alt_names_deinit.short +FUNCS += functions/gnutls_subject_alt_names_get +FUNCS += functions/gnutls_subject_alt_names_get.short +FUNCS += functions/gnutls_subject_alt_names_init +FUNCS += functions/gnutls_subject_alt_names_init.short +FUNCS += functions/gnutls_subject_alt_names_set +FUNCS += functions/gnutls_subject_alt_names_set.short +FUNCS += functions/gnutls_supplemental_get_name +FUNCS += functions/gnutls_supplemental_get_name.short +FUNCS += functions/gnutls_supplemental_recv +FUNCS += functions/gnutls_supplemental_recv.short +FUNCS += functions/gnutls_supplemental_register +FUNCS += functions/gnutls_supplemental_register.short +FUNCS += functions/gnutls_supplemental_send +FUNCS += functions/gnutls_supplemental_send.short +FUNCS += functions/gnutls_system_key_add_x509 +FUNCS += functions/gnutls_system_key_add_x509.short +FUNCS += functions/gnutls_system_key_delete +FUNCS += functions/gnutls_system_key_delete.short +FUNCS += functions/gnutls_system_key_iter_deinit +FUNCS += functions/gnutls_system_key_iter_deinit.short +FUNCS += functions/gnutls_system_key_iter_get_info +FUNCS += functions/gnutls_system_key_iter_get_info.short +FUNCS += functions/gnutls_system_recv_timeout +FUNCS += functions/gnutls_system_recv_timeout.short +FUNCS += functions/gnutls_tdb_deinit +FUNCS += functions/gnutls_tdb_deinit.short +FUNCS += functions/gnutls_tdb_init +FUNCS += functions/gnutls_tdb_init.short +FUNCS += functions/gnutls_tdb_set_store_commitment_func +FUNCS += functions/gnutls_tdb_set_store_commitment_func.short +FUNCS += functions/gnutls_tdb_set_store_func +FUNCS += functions/gnutls_tdb_set_store_func.short +FUNCS += functions/gnutls_tdb_set_verify_func +FUNCS += functions/gnutls_tdb_set_verify_func.short +FUNCS += functions/gnutls_tpm_get_registered +FUNCS += functions/gnutls_tpm_get_registered.short +FUNCS += functions/gnutls_tpm_key_list_deinit +FUNCS += functions/gnutls_tpm_key_list_deinit.short +FUNCS += functions/gnutls_tpm_key_list_get_url +FUNCS += functions/gnutls_tpm_key_list_get_url.short +FUNCS += functions/gnutls_tpm_privkey_delete +FUNCS += functions/gnutls_tpm_privkey_delete.short +FUNCS += functions/gnutls_tpm_privkey_generate +FUNCS += functions/gnutls_tpm_privkey_generate.short +FUNCS += functions/gnutls_transport_get_int +FUNCS += functions/gnutls_transport_get_int.short +FUNCS += functions/gnutls_transport_get_int2 +FUNCS += functions/gnutls_transport_get_int2.short +FUNCS += functions/gnutls_transport_get_ptr +FUNCS += functions/gnutls_transport_get_ptr.short +FUNCS += functions/gnutls_transport_get_ptr2 +FUNCS += functions/gnutls_transport_get_ptr2.short +FUNCS += functions/gnutls_transport_set_errno +FUNCS += functions/gnutls_transport_set_errno.short +FUNCS += functions/gnutls_transport_set_errno_function +FUNCS += functions/gnutls_transport_set_errno_function.short +FUNCS += functions/gnutls_transport_set_fastopen +FUNCS += functions/gnutls_transport_set_fastopen.short +FUNCS += functions/gnutls_transport_set_int +FUNCS += functions/gnutls_transport_set_int.short +FUNCS += functions/gnutls_transport_set_int2 +FUNCS += functions/gnutls_transport_set_int2.short +FUNCS += functions/gnutls_transport_set_ptr +FUNCS += functions/gnutls_transport_set_ptr.short +FUNCS += functions/gnutls_transport_set_ptr2 +FUNCS += functions/gnutls_transport_set_ptr2.short +FUNCS += functions/gnutls_transport_set_pull_function +FUNCS += functions/gnutls_transport_set_pull_function.short +FUNCS += functions/gnutls_transport_set_pull_timeout_function +FUNCS += functions/gnutls_transport_set_pull_timeout_function.short +FUNCS += functions/gnutls_transport_set_push_function +FUNCS += functions/gnutls_transport_set_push_function.short +FUNCS += functions/gnutls_transport_set_vec_push_function +FUNCS += functions/gnutls_transport_set_vec_push_function.short +FUNCS += functions/gnutls_url_is_supported +FUNCS += functions/gnutls_url_is_supported.short +FUNCS += functions/gnutls_utf8_password_normalize +FUNCS += functions/gnutls_utf8_password_normalize.short +FUNCS += functions/gnutls_verify_stored_pubkey +FUNCS += functions/gnutls_verify_stored_pubkey.short +FUNCS += functions/gnutls_x509_aia_deinit +FUNCS += functions/gnutls_x509_aia_deinit.short +FUNCS += functions/gnutls_x509_aia_get +FUNCS += functions/gnutls_x509_aia_get.short +FUNCS += functions/gnutls_x509_aia_init +FUNCS += functions/gnutls_x509_aia_init.short +FUNCS += functions/gnutls_x509_aia_set +FUNCS += functions/gnutls_x509_aia_set.short +FUNCS += functions/gnutls_x509_aki_deinit +FUNCS += functions/gnutls_x509_aki_deinit.short +FUNCS += functions/gnutls_x509_aki_get_cert_issuer +FUNCS += functions/gnutls_x509_aki_get_cert_issuer.short +FUNCS += functions/gnutls_x509_aki_get_id +FUNCS += functions/gnutls_x509_aki_get_id.short +FUNCS += functions/gnutls_x509_aki_init +FUNCS += functions/gnutls_x509_aki_init.short +FUNCS += functions/gnutls_x509_aki_set_cert_issuer +FUNCS += functions/gnutls_x509_aki_set_cert_issuer.short +FUNCS += functions/gnutls_x509_aki_set_id +FUNCS += functions/gnutls_x509_aki_set_id.short +FUNCS += functions/gnutls_x509_cidr_to_rfc5280 +FUNCS += functions/gnutls_x509_cidr_to_rfc5280.short +FUNCS += functions/gnutls_x509_crl_check_issuer +FUNCS += functions/gnutls_x509_crl_check_issuer.short +FUNCS += functions/gnutls_x509_crl_deinit +FUNCS += functions/gnutls_x509_crl_deinit.short +FUNCS += functions/gnutls_x509_crl_dist_points_deinit +FUNCS += functions/gnutls_x509_crl_dist_points_deinit.short +FUNCS += functions/gnutls_x509_crl_dist_points_get +FUNCS += functions/gnutls_x509_crl_dist_points_get.short +FUNCS += functions/gnutls_x509_crl_dist_points_init +FUNCS += functions/gnutls_x509_crl_dist_points_init.short +FUNCS += functions/gnutls_x509_crl_dist_points_set +FUNCS += functions/gnutls_x509_crl_dist_points_set.short +FUNCS += functions/gnutls_x509_crl_export +FUNCS += functions/gnutls_x509_crl_export.short +FUNCS += functions/gnutls_x509_crl_export2 +FUNCS += functions/gnutls_x509_crl_export2.short +FUNCS += functions/gnutls_x509_crl_get_authority_key_gn_serial +FUNCS += functions/gnutls_x509_crl_get_authority_key_gn_serial.short +FUNCS += functions/gnutls_x509_crl_get_authority_key_id +FUNCS += functions/gnutls_x509_crl_get_authority_key_id.short +FUNCS += functions/gnutls_x509_crl_get_crt_count +FUNCS += functions/gnutls_x509_crl_get_crt_count.short +FUNCS += functions/gnutls_x509_crl_get_crt_serial +FUNCS += functions/gnutls_x509_crl_get_crt_serial.short +FUNCS += functions/gnutls_x509_crl_get_dn_oid +FUNCS += functions/gnutls_x509_crl_get_dn_oid.short +FUNCS += functions/gnutls_x509_crl_get_extension_data +FUNCS += functions/gnutls_x509_crl_get_extension_data.short +FUNCS += functions/gnutls_x509_crl_get_extension_data2 +FUNCS += functions/gnutls_x509_crl_get_extension_data2.short +FUNCS += functions/gnutls_x509_crl_get_extension_info +FUNCS += functions/gnutls_x509_crl_get_extension_info.short +FUNCS += functions/gnutls_x509_crl_get_extension_oid +FUNCS += functions/gnutls_x509_crl_get_extension_oid.short +FUNCS += functions/gnutls_x509_crl_get_issuer_dn +FUNCS += functions/gnutls_x509_crl_get_issuer_dn.short +FUNCS += functions/gnutls_x509_crl_get_issuer_dn2 +FUNCS += functions/gnutls_x509_crl_get_issuer_dn2.short +FUNCS += functions/gnutls_x509_crl_get_issuer_dn3 +FUNCS += functions/gnutls_x509_crl_get_issuer_dn3.short +FUNCS += functions/gnutls_x509_crl_get_issuer_dn_by_oid +FUNCS += functions/gnutls_x509_crl_get_issuer_dn_by_oid.short +FUNCS += functions/gnutls_x509_crl_get_next_update +FUNCS += functions/gnutls_x509_crl_get_next_update.short +FUNCS += functions/gnutls_x509_crl_get_number +FUNCS += functions/gnutls_x509_crl_get_number.short +FUNCS += functions/gnutls_x509_crl_get_raw_issuer_dn +FUNCS += functions/gnutls_x509_crl_get_raw_issuer_dn.short +FUNCS += functions/gnutls_x509_crl_get_signature +FUNCS += functions/gnutls_x509_crl_get_signature.short +FUNCS += functions/gnutls_x509_crl_get_signature_algorithm +FUNCS += functions/gnutls_x509_crl_get_signature_algorithm.short +FUNCS += functions/gnutls_x509_crl_get_signature_oid +FUNCS += functions/gnutls_x509_crl_get_signature_oid.short +FUNCS += functions/gnutls_x509_crl_get_this_update +FUNCS += functions/gnutls_x509_crl_get_this_update.short +FUNCS += functions/gnutls_x509_crl_get_version +FUNCS += functions/gnutls_x509_crl_get_version.short +FUNCS += functions/gnutls_x509_crl_import +FUNCS += functions/gnutls_x509_crl_import.short +FUNCS += functions/gnutls_x509_crl_init +FUNCS += functions/gnutls_x509_crl_init.short +FUNCS += functions/gnutls_x509_crl_iter_crt_serial +FUNCS += functions/gnutls_x509_crl_iter_crt_serial.short +FUNCS += functions/gnutls_x509_crl_iter_deinit +FUNCS += functions/gnutls_x509_crl_iter_deinit.short +FUNCS += functions/gnutls_x509_crl_list_import +FUNCS += functions/gnutls_x509_crl_list_import.short +FUNCS += functions/gnutls_x509_crl_list_import2 +FUNCS += functions/gnutls_x509_crl_list_import2.short +FUNCS += functions/gnutls_x509_crl_print +FUNCS += functions/gnutls_x509_crl_print.short +FUNCS += functions/gnutls_x509_crl_privkey_sign +FUNCS += functions/gnutls_x509_crl_privkey_sign.short +FUNCS += functions/gnutls_x509_crl_set_authority_key_id +FUNCS += functions/gnutls_x509_crl_set_authority_key_id.short +FUNCS += functions/gnutls_x509_crl_set_crt +FUNCS += functions/gnutls_x509_crl_set_crt.short +FUNCS += functions/gnutls_x509_crl_set_crt_serial +FUNCS += functions/gnutls_x509_crl_set_crt_serial.short +FUNCS += functions/gnutls_x509_crl_set_next_update +FUNCS += functions/gnutls_x509_crl_set_next_update.short +FUNCS += functions/gnutls_x509_crl_set_number +FUNCS += functions/gnutls_x509_crl_set_number.short +FUNCS += functions/gnutls_x509_crl_set_this_update +FUNCS += functions/gnutls_x509_crl_set_this_update.short +FUNCS += functions/gnutls_x509_crl_set_version +FUNCS += functions/gnutls_x509_crl_set_version.short +FUNCS += functions/gnutls_x509_crl_sign +FUNCS += functions/gnutls_x509_crl_sign.short +FUNCS += functions/gnutls_x509_crl_sign2 +FUNCS += functions/gnutls_x509_crl_sign2.short +FUNCS += functions/gnutls_x509_crl_verify +FUNCS += functions/gnutls_x509_crl_verify.short +FUNCS += functions/gnutls_x509_crq_deinit +FUNCS += functions/gnutls_x509_crq_deinit.short +FUNCS += functions/gnutls_x509_crq_export +FUNCS += functions/gnutls_x509_crq_export.short +FUNCS += functions/gnutls_x509_crq_export2 +FUNCS += functions/gnutls_x509_crq_export2.short +FUNCS += functions/gnutls_x509_crq_get_attribute_by_oid +FUNCS += functions/gnutls_x509_crq_get_attribute_by_oid.short +FUNCS += functions/gnutls_x509_crq_get_attribute_data +FUNCS += functions/gnutls_x509_crq_get_attribute_data.short +FUNCS += functions/gnutls_x509_crq_get_attribute_info +FUNCS += functions/gnutls_x509_crq_get_attribute_info.short +FUNCS += functions/gnutls_x509_crq_get_basic_constraints +FUNCS += functions/gnutls_x509_crq_get_basic_constraints.short +FUNCS += functions/gnutls_x509_crq_get_challenge_password +FUNCS += functions/gnutls_x509_crq_get_challenge_password.short +FUNCS += functions/gnutls_x509_crq_get_dn +FUNCS += functions/gnutls_x509_crq_get_dn.short +FUNCS += functions/gnutls_x509_crq_get_dn2 +FUNCS += functions/gnutls_x509_crq_get_dn2.short +FUNCS += functions/gnutls_x509_crq_get_dn3 +FUNCS += functions/gnutls_x509_crq_get_dn3.short +FUNCS += functions/gnutls_x509_crq_get_dn_by_oid +FUNCS += functions/gnutls_x509_crq_get_dn_by_oid.short +FUNCS += functions/gnutls_x509_crq_get_dn_oid +FUNCS += functions/gnutls_x509_crq_get_dn_oid.short +FUNCS += functions/gnutls_x509_crq_get_extension_by_oid +FUNCS += functions/gnutls_x509_crq_get_extension_by_oid.short +FUNCS += functions/gnutls_x509_crq_get_extension_by_oid2 +FUNCS += functions/gnutls_x509_crq_get_extension_by_oid2.short +FUNCS += functions/gnutls_x509_crq_get_extension_data +FUNCS += functions/gnutls_x509_crq_get_extension_data.short +FUNCS += functions/gnutls_x509_crq_get_extension_data2 +FUNCS += functions/gnutls_x509_crq_get_extension_data2.short +FUNCS += functions/gnutls_x509_crq_get_extension_info +FUNCS += functions/gnutls_x509_crq_get_extension_info.short +FUNCS += functions/gnutls_x509_crq_get_key_id +FUNCS += functions/gnutls_x509_crq_get_key_id.short +FUNCS += functions/gnutls_x509_crq_get_key_purpose_oid +FUNCS += functions/gnutls_x509_crq_get_key_purpose_oid.short +FUNCS += functions/gnutls_x509_crq_get_key_rsa_raw +FUNCS += functions/gnutls_x509_crq_get_key_rsa_raw.short +FUNCS += functions/gnutls_x509_crq_get_key_usage +FUNCS += functions/gnutls_x509_crq_get_key_usage.short +FUNCS += functions/gnutls_x509_crq_get_pk_algorithm +FUNCS += functions/gnutls_x509_crq_get_pk_algorithm.short +FUNCS += functions/gnutls_x509_crq_get_pk_oid +FUNCS += functions/gnutls_x509_crq_get_pk_oid.short +FUNCS += functions/gnutls_x509_crq_get_private_key_usage_period +FUNCS += functions/gnutls_x509_crq_get_private_key_usage_period.short +FUNCS += functions/gnutls_x509_crq_get_signature_algorithm +FUNCS += functions/gnutls_x509_crq_get_signature_algorithm.short +FUNCS += functions/gnutls_x509_crq_get_signature_oid +FUNCS += functions/gnutls_x509_crq_get_signature_oid.short +FUNCS += functions/gnutls_x509_crq_get_spki +FUNCS += functions/gnutls_x509_crq_get_spki.short +FUNCS += functions/gnutls_x509_crq_get_subject_alt_name +FUNCS += functions/gnutls_x509_crq_get_subject_alt_name.short +FUNCS += functions/gnutls_x509_crq_get_subject_alt_othername_oid +FUNCS += functions/gnutls_x509_crq_get_subject_alt_othername_oid.short +FUNCS += functions/gnutls_x509_crq_get_tlsfeatures +FUNCS += functions/gnutls_x509_crq_get_tlsfeatures.short +FUNCS += functions/gnutls_x509_crq_get_version +FUNCS += functions/gnutls_x509_crq_get_version.short +FUNCS += functions/gnutls_x509_crq_import +FUNCS += functions/gnutls_x509_crq_import.short +FUNCS += functions/gnutls_x509_crq_init +FUNCS += functions/gnutls_x509_crq_init.short +FUNCS += functions/gnutls_x509_crq_print +FUNCS += functions/gnutls_x509_crq_print.short +FUNCS += functions/gnutls_x509_crq_privkey_sign +FUNCS += functions/gnutls_x509_crq_privkey_sign.short +FUNCS += functions/gnutls_x509_crq_set_attribute_by_oid +FUNCS += functions/gnutls_x509_crq_set_attribute_by_oid.short +FUNCS += functions/gnutls_x509_crq_set_basic_constraints +FUNCS += functions/gnutls_x509_crq_set_basic_constraints.short +FUNCS += functions/gnutls_x509_crq_set_challenge_password +FUNCS += functions/gnutls_x509_crq_set_challenge_password.short +FUNCS += functions/gnutls_x509_crq_set_dn +FUNCS += functions/gnutls_x509_crq_set_dn.short +FUNCS += functions/gnutls_x509_crq_set_dn_by_oid +FUNCS += functions/gnutls_x509_crq_set_dn_by_oid.short +FUNCS += functions/gnutls_x509_crq_set_extension_by_oid +FUNCS += functions/gnutls_x509_crq_set_extension_by_oid.short +FUNCS += functions/gnutls_x509_crq_set_key +FUNCS += functions/gnutls_x509_crq_set_key.short +FUNCS += functions/gnutls_x509_crq_set_key_purpose_oid +FUNCS += functions/gnutls_x509_crq_set_key_purpose_oid.short +FUNCS += functions/gnutls_x509_crq_set_key_rsa_raw +FUNCS += functions/gnutls_x509_crq_set_key_rsa_raw.short +FUNCS += functions/gnutls_x509_crq_set_key_usage +FUNCS += functions/gnutls_x509_crq_set_key_usage.short +FUNCS += functions/gnutls_x509_crq_set_private_key_usage_period +FUNCS += functions/gnutls_x509_crq_set_private_key_usage_period.short +FUNCS += functions/gnutls_x509_crq_set_pubkey +FUNCS += functions/gnutls_x509_crq_set_pubkey.short +FUNCS += functions/gnutls_x509_crq_set_spki +FUNCS += functions/gnutls_x509_crq_set_spki.short +FUNCS += functions/gnutls_x509_crq_set_subject_alt_name +FUNCS += functions/gnutls_x509_crq_set_subject_alt_name.short +FUNCS += functions/gnutls_x509_crq_set_subject_alt_othername +FUNCS += functions/gnutls_x509_crq_set_subject_alt_othername.short +FUNCS += functions/gnutls_x509_crq_set_tlsfeatures +FUNCS += functions/gnutls_x509_crq_set_tlsfeatures.short +FUNCS += functions/gnutls_x509_crq_set_version +FUNCS += functions/gnutls_x509_crq_set_version.short +FUNCS += functions/gnutls_x509_crq_sign +FUNCS += functions/gnutls_x509_crq_sign.short +FUNCS += functions/gnutls_x509_crq_sign2 +FUNCS += functions/gnutls_x509_crq_sign2.short +FUNCS += functions/gnutls_x509_crq_verify +FUNCS += functions/gnutls_x509_crq_verify.short +FUNCS += functions/gnutls_x509_crt_check_email +FUNCS += functions/gnutls_x509_crt_check_email.short +FUNCS += functions/gnutls_x509_crt_check_hostname +FUNCS += functions/gnutls_x509_crt_check_hostname.short +FUNCS += functions/gnutls_x509_crt_check_hostname2 +FUNCS += functions/gnutls_x509_crt_check_hostname2.short +FUNCS += functions/gnutls_x509_crt_check_ip +FUNCS += functions/gnutls_x509_crt_check_ip.short +FUNCS += functions/gnutls_x509_crt_check_issuer +FUNCS += functions/gnutls_x509_crt_check_issuer.short +FUNCS += functions/gnutls_x509_crt_check_key_purpose +FUNCS += functions/gnutls_x509_crt_check_key_purpose.short +FUNCS += functions/gnutls_x509_crt_check_revocation +FUNCS += functions/gnutls_x509_crt_check_revocation.short +FUNCS += functions/gnutls_x509_crt_cpy_crl_dist_points +FUNCS += functions/gnutls_x509_crt_cpy_crl_dist_points.short +FUNCS += functions/gnutls_x509_crt_deinit +FUNCS += functions/gnutls_x509_crt_deinit.short +FUNCS += functions/gnutls_x509_crt_equals +FUNCS += functions/gnutls_x509_crt_equals.short +FUNCS += functions/gnutls_x509_crt_equals2 +FUNCS += functions/gnutls_x509_crt_equals2.short +FUNCS += functions/gnutls_x509_crt_export +FUNCS += functions/gnutls_x509_crt_export.short +FUNCS += functions/gnutls_x509_crt_export2 +FUNCS += functions/gnutls_x509_crt_export2.short +FUNCS += functions/gnutls_x509_crt_get_activation_time +FUNCS += functions/gnutls_x509_crt_get_activation_time.short +FUNCS += functions/gnutls_x509_crt_get_authority_info_access +FUNCS += functions/gnutls_x509_crt_get_authority_info_access.short +FUNCS += functions/gnutls_x509_crt_get_authority_key_gn_serial +FUNCS += functions/gnutls_x509_crt_get_authority_key_gn_serial.short +FUNCS += functions/gnutls_x509_crt_get_authority_key_id +FUNCS += functions/gnutls_x509_crt_get_authority_key_id.short +FUNCS += functions/gnutls_x509_crt_get_basic_constraints +FUNCS += functions/gnutls_x509_crt_get_basic_constraints.short +FUNCS += functions/gnutls_x509_crt_get_ca_status +FUNCS += functions/gnutls_x509_crt_get_ca_status.short +FUNCS += functions/gnutls_x509_crt_get_crl_dist_points +FUNCS += functions/gnutls_x509_crt_get_crl_dist_points.short +FUNCS += functions/gnutls_x509_crt_get_dn +FUNCS += functions/gnutls_x509_crt_get_dn.short +FUNCS += functions/gnutls_x509_crt_get_dn2 +FUNCS += functions/gnutls_x509_crt_get_dn2.short +FUNCS += functions/gnutls_x509_crt_get_dn3 +FUNCS += functions/gnutls_x509_crt_get_dn3.short +FUNCS += functions/gnutls_x509_crt_get_dn_by_oid +FUNCS += functions/gnutls_x509_crt_get_dn_by_oid.short +FUNCS += functions/gnutls_x509_crt_get_dn_oid +FUNCS += functions/gnutls_x509_crt_get_dn_oid.short +FUNCS += functions/gnutls_x509_crt_get_expiration_time +FUNCS += functions/gnutls_x509_crt_get_expiration_time.short +FUNCS += functions/gnutls_x509_crt_get_extension_by_oid +FUNCS += functions/gnutls_x509_crt_get_extension_by_oid.short +FUNCS += functions/gnutls_x509_crt_get_extension_by_oid2 +FUNCS += functions/gnutls_x509_crt_get_extension_by_oid2.short +FUNCS += functions/gnutls_x509_crt_get_extension_data +FUNCS += functions/gnutls_x509_crt_get_extension_data.short +FUNCS += functions/gnutls_x509_crt_get_extension_data2 +FUNCS += functions/gnutls_x509_crt_get_extension_data2.short +FUNCS += functions/gnutls_x509_crt_get_extension_info +FUNCS += functions/gnutls_x509_crt_get_extension_info.short +FUNCS += functions/gnutls_x509_crt_get_extension_oid +FUNCS += functions/gnutls_x509_crt_get_extension_oid.short +FUNCS += functions/gnutls_x509_crt_get_fingerprint +FUNCS += functions/gnutls_x509_crt_get_fingerprint.short +FUNCS += functions/gnutls_x509_crt_get_inhibit_anypolicy +FUNCS += functions/gnutls_x509_crt_get_inhibit_anypolicy.short +FUNCS += functions/gnutls_x509_crt_get_issuer +FUNCS += functions/gnutls_x509_crt_get_issuer.short +FUNCS += functions/gnutls_x509_crt_get_issuer_alt_name +FUNCS += functions/gnutls_x509_crt_get_issuer_alt_name.short +FUNCS += functions/gnutls_x509_crt_get_issuer_alt_name2 +FUNCS += functions/gnutls_x509_crt_get_issuer_alt_name2.short +FUNCS += functions/gnutls_x509_crt_get_issuer_alt_othername_oid +FUNCS += functions/gnutls_x509_crt_get_issuer_alt_othername_oid.short +FUNCS += functions/gnutls_x509_crt_get_issuer_dn +FUNCS += functions/gnutls_x509_crt_get_issuer_dn.short +FUNCS += functions/gnutls_x509_crt_get_issuer_dn2 +FUNCS += functions/gnutls_x509_crt_get_issuer_dn2.short +FUNCS += functions/gnutls_x509_crt_get_issuer_dn3 +FUNCS += functions/gnutls_x509_crt_get_issuer_dn3.short +FUNCS += functions/gnutls_x509_crt_get_issuer_dn_by_oid +FUNCS += functions/gnutls_x509_crt_get_issuer_dn_by_oid.short +FUNCS += functions/gnutls_x509_crt_get_issuer_dn_oid +FUNCS += functions/gnutls_x509_crt_get_issuer_dn_oid.short +FUNCS += functions/gnutls_x509_crt_get_issuer_unique_id +FUNCS += functions/gnutls_x509_crt_get_issuer_unique_id.short +FUNCS += functions/gnutls_x509_crt_get_key_id +FUNCS += functions/gnutls_x509_crt_get_key_id.short +FUNCS += functions/gnutls_x509_crt_get_key_purpose_oid +FUNCS += functions/gnutls_x509_crt_get_key_purpose_oid.short +FUNCS += functions/gnutls_x509_crt_get_key_usage +FUNCS += functions/gnutls_x509_crt_get_key_usage.short +FUNCS += functions/gnutls_x509_crt_get_name_constraints +FUNCS += functions/gnutls_x509_crt_get_name_constraints.short +FUNCS += functions/gnutls_x509_crt_get_pk_algorithm +FUNCS += functions/gnutls_x509_crt_get_pk_algorithm.short +FUNCS += functions/gnutls_x509_crt_get_pk_dsa_raw +FUNCS += functions/gnutls_x509_crt_get_pk_dsa_raw.short +FUNCS += functions/gnutls_x509_crt_get_pk_ecc_raw +FUNCS += functions/gnutls_x509_crt_get_pk_ecc_raw.short +FUNCS += functions/gnutls_x509_crt_get_pk_gost_raw +FUNCS += functions/gnutls_x509_crt_get_pk_gost_raw.short +FUNCS += functions/gnutls_x509_crt_get_pk_oid +FUNCS += functions/gnutls_x509_crt_get_pk_oid.short +FUNCS += functions/gnutls_x509_crt_get_pk_rsa_raw +FUNCS += functions/gnutls_x509_crt_get_pk_rsa_raw.short +FUNCS += functions/gnutls_x509_crt_get_policy +FUNCS += functions/gnutls_x509_crt_get_policy.short +FUNCS += functions/gnutls_x509_crt_get_preferred_hash_algorithm +FUNCS += functions/gnutls_x509_crt_get_preferred_hash_algorithm.short +FUNCS += functions/gnutls_x509_crt_get_private_key_usage_period +FUNCS += functions/gnutls_x509_crt_get_private_key_usage_period.short +FUNCS += functions/gnutls_x509_crt_get_proxy +FUNCS += functions/gnutls_x509_crt_get_proxy.short +FUNCS += functions/gnutls_x509_crt_get_raw_dn +FUNCS += functions/gnutls_x509_crt_get_raw_dn.short +FUNCS += functions/gnutls_x509_crt_get_raw_issuer_dn +FUNCS += functions/gnutls_x509_crt_get_raw_issuer_dn.short +FUNCS += functions/gnutls_x509_crt_get_serial +FUNCS += functions/gnutls_x509_crt_get_serial.short +FUNCS += functions/gnutls_x509_crt_get_signature +FUNCS += functions/gnutls_x509_crt_get_signature.short +FUNCS += functions/gnutls_x509_crt_get_signature_algorithm +FUNCS += functions/gnutls_x509_crt_get_signature_algorithm.short +FUNCS += functions/gnutls_x509_crt_get_signature_oid +FUNCS += functions/gnutls_x509_crt_get_signature_oid.short +FUNCS += functions/gnutls_x509_crt_get_spki +FUNCS += functions/gnutls_x509_crt_get_spki.short +FUNCS += functions/gnutls_x509_crt_get_subject +FUNCS += functions/gnutls_x509_crt_get_subject.short +FUNCS += functions/gnutls_x509_crt_get_subject_alt_name +FUNCS += functions/gnutls_x509_crt_get_subject_alt_name.short +FUNCS += functions/gnutls_x509_crt_get_subject_alt_name2 +FUNCS += functions/gnutls_x509_crt_get_subject_alt_name2.short +FUNCS += functions/gnutls_x509_crt_get_subject_alt_othername_oid +FUNCS += functions/gnutls_x509_crt_get_subject_alt_othername_oid.short +FUNCS += functions/gnutls_x509_crt_get_subject_key_id +FUNCS += functions/gnutls_x509_crt_get_subject_key_id.short +FUNCS += functions/gnutls_x509_crt_get_subject_unique_id +FUNCS += functions/gnutls_x509_crt_get_subject_unique_id.short +FUNCS += functions/gnutls_x509_crt_get_tlsfeatures +FUNCS += functions/gnutls_x509_crt_get_tlsfeatures.short +FUNCS += functions/gnutls_x509_crt_get_version +FUNCS += functions/gnutls_x509_crt_get_version.short +FUNCS += functions/gnutls_x509_crt_import +FUNCS += functions/gnutls_x509_crt_import.short +FUNCS += functions/gnutls_x509_crt_import_pkcs11 +FUNCS += functions/gnutls_x509_crt_import_pkcs11.short +FUNCS += functions/gnutls_x509_crt_import_url +FUNCS += functions/gnutls_x509_crt_import_url.short +FUNCS += functions/gnutls_x509_crt_init +FUNCS += functions/gnutls_x509_crt_init.short +FUNCS += functions/gnutls_x509_crt_list_import +FUNCS += functions/gnutls_x509_crt_list_import.short +FUNCS += functions/gnutls_x509_crt_list_import2 +FUNCS += functions/gnutls_x509_crt_list_import2.short +FUNCS += functions/gnutls_x509_crt_list_import_pkcs11 +FUNCS += functions/gnutls_x509_crt_list_import_pkcs11.short +FUNCS += functions/gnutls_x509_crt_list_import_url +FUNCS += functions/gnutls_x509_crt_list_import_url.short +FUNCS += functions/gnutls_x509_crt_list_verify +FUNCS += functions/gnutls_x509_crt_list_verify.short +FUNCS += functions/gnutls_x509_crt_print +FUNCS += functions/gnutls_x509_crt_print.short +FUNCS += functions/gnutls_x509_crt_privkey_sign +FUNCS += functions/gnutls_x509_crt_privkey_sign.short +FUNCS += functions/gnutls_x509_crt_set_activation_time +FUNCS += functions/gnutls_x509_crt_set_activation_time.short +FUNCS += functions/gnutls_x509_crt_set_authority_info_access +FUNCS += functions/gnutls_x509_crt_set_authority_info_access.short +FUNCS += functions/gnutls_x509_crt_set_authority_key_id +FUNCS += functions/gnutls_x509_crt_set_authority_key_id.short +FUNCS += functions/gnutls_x509_crt_set_basic_constraints +FUNCS += functions/gnutls_x509_crt_set_basic_constraints.short +FUNCS += functions/gnutls_x509_crt_set_ca_status +FUNCS += functions/gnutls_x509_crt_set_ca_status.short +FUNCS += functions/gnutls_x509_crt_set_crl_dist_points +FUNCS += functions/gnutls_x509_crt_set_crl_dist_points.short +FUNCS += functions/gnutls_x509_crt_set_crl_dist_points2 +FUNCS += functions/gnutls_x509_crt_set_crl_dist_points2.short +FUNCS += functions/gnutls_x509_crt_set_crq +FUNCS += functions/gnutls_x509_crt_set_crq.short +FUNCS += functions/gnutls_x509_crt_set_crq_extension_by_oid +FUNCS += functions/gnutls_x509_crt_set_crq_extension_by_oid.short +FUNCS += functions/gnutls_x509_crt_set_crq_extensions +FUNCS += functions/gnutls_x509_crt_set_crq_extensions.short +FUNCS += functions/gnutls_x509_crt_set_dn +FUNCS += functions/gnutls_x509_crt_set_dn.short +FUNCS += functions/gnutls_x509_crt_set_dn_by_oid +FUNCS += functions/gnutls_x509_crt_set_dn_by_oid.short +FUNCS += functions/gnutls_x509_crt_set_expiration_time +FUNCS += functions/gnutls_x509_crt_set_expiration_time.short +FUNCS += functions/gnutls_x509_crt_set_extension_by_oid +FUNCS += functions/gnutls_x509_crt_set_extension_by_oid.short +FUNCS += functions/gnutls_x509_crt_set_flags +FUNCS += functions/gnutls_x509_crt_set_flags.short +FUNCS += functions/gnutls_x509_crt_set_inhibit_anypolicy +FUNCS += functions/gnutls_x509_crt_set_inhibit_anypolicy.short +FUNCS += functions/gnutls_x509_crt_set_issuer_alt_name +FUNCS += functions/gnutls_x509_crt_set_issuer_alt_name.short +FUNCS += functions/gnutls_x509_crt_set_issuer_alt_othername +FUNCS += functions/gnutls_x509_crt_set_issuer_alt_othername.short +FUNCS += functions/gnutls_x509_crt_set_issuer_dn +FUNCS += functions/gnutls_x509_crt_set_issuer_dn.short +FUNCS += functions/gnutls_x509_crt_set_issuer_dn_by_oid +FUNCS += functions/gnutls_x509_crt_set_issuer_dn_by_oid.short +FUNCS += functions/gnutls_x509_crt_set_issuer_unique_id +FUNCS += functions/gnutls_x509_crt_set_issuer_unique_id.short +FUNCS += functions/gnutls_x509_crt_set_key +FUNCS += functions/gnutls_x509_crt_set_key.short +FUNCS += functions/gnutls_x509_crt_set_key_purpose_oid +FUNCS += functions/gnutls_x509_crt_set_key_purpose_oid.short +FUNCS += functions/gnutls_x509_crt_set_key_usage +FUNCS += functions/gnutls_x509_crt_set_key_usage.short +FUNCS += functions/gnutls_x509_crt_set_name_constraints +FUNCS += functions/gnutls_x509_crt_set_name_constraints.short +FUNCS += functions/gnutls_x509_crt_set_pin_function +FUNCS += functions/gnutls_x509_crt_set_pin_function.short +FUNCS += functions/gnutls_x509_crt_set_policy +FUNCS += functions/gnutls_x509_crt_set_policy.short +FUNCS += functions/gnutls_x509_crt_set_private_key_usage_period +FUNCS += functions/gnutls_x509_crt_set_private_key_usage_period.short +FUNCS += functions/gnutls_x509_crt_set_proxy +FUNCS += functions/gnutls_x509_crt_set_proxy.short +FUNCS += functions/gnutls_x509_crt_set_proxy_dn +FUNCS += functions/gnutls_x509_crt_set_proxy_dn.short +FUNCS += functions/gnutls_x509_crt_set_pubkey +FUNCS += functions/gnutls_x509_crt_set_pubkey.short +FUNCS += functions/gnutls_x509_crt_set_serial +FUNCS += functions/gnutls_x509_crt_set_serial.short +FUNCS += functions/gnutls_x509_crt_set_spki +FUNCS += functions/gnutls_x509_crt_set_spki.short +FUNCS += functions/gnutls_x509_crt_set_subject_alternative_name +FUNCS += functions/gnutls_x509_crt_set_subject_alternative_name.short +FUNCS += functions/gnutls_x509_crt_set_subject_alt_name +FUNCS += functions/gnutls_x509_crt_set_subject_alt_name.short +FUNCS += functions/gnutls_x509_crt_set_subject_alt_othername +FUNCS += functions/gnutls_x509_crt_set_subject_alt_othername.short +FUNCS += functions/gnutls_x509_crt_set_subject_key_id +FUNCS += functions/gnutls_x509_crt_set_subject_key_id.short +FUNCS += functions/gnutls_x509_crt_set_subject_unique_id +FUNCS += functions/gnutls_x509_crt_set_subject_unique_id.short +FUNCS += functions/gnutls_x509_crt_set_tlsfeatures +FUNCS += functions/gnutls_x509_crt_set_tlsfeatures.short +FUNCS += functions/gnutls_x509_crt_set_version +FUNCS += functions/gnutls_x509_crt_set_version.short +FUNCS += functions/gnutls_x509_crt_sign +FUNCS += functions/gnutls_x509_crt_sign.short +FUNCS += functions/gnutls_x509_crt_sign2 +FUNCS += functions/gnutls_x509_crt_sign2.short +FUNCS += functions/gnutls_x509_crt_verify +FUNCS += functions/gnutls_x509_crt_verify.short +FUNCS += functions/gnutls_x509_crt_verify_data2 +FUNCS += functions/gnutls_x509_crt_verify_data2.short +FUNCS += functions/gnutls_x509_dn_deinit +FUNCS += functions/gnutls_x509_dn_deinit.short +FUNCS += functions/gnutls_x509_dn_export +FUNCS += functions/gnutls_x509_dn_export.short +FUNCS += functions/gnutls_x509_dn_export2 +FUNCS += functions/gnutls_x509_dn_export2.short +FUNCS += functions/gnutls_x509_dn_get_rdn_ava +FUNCS += functions/gnutls_x509_dn_get_rdn_ava.short +FUNCS += functions/gnutls_x509_dn_get_str +FUNCS += functions/gnutls_x509_dn_get_str.short +FUNCS += functions/gnutls_x509_dn_get_str2 +FUNCS += functions/gnutls_x509_dn_get_str2.short +FUNCS += functions/gnutls_x509_dn_import +FUNCS += functions/gnutls_x509_dn_import.short +FUNCS += functions/gnutls_x509_dn_init +FUNCS += functions/gnutls_x509_dn_init.short +FUNCS += functions/gnutls_x509_dn_oid_known +FUNCS += functions/gnutls_x509_dn_oid_known.short +FUNCS += functions/gnutls_x509_dn_oid_name +FUNCS += functions/gnutls_x509_dn_oid_name.short +FUNCS += functions/gnutls_x509_dn_set_str +FUNCS += functions/gnutls_x509_dn_set_str.short +FUNCS += functions/gnutls_x509_ext_deinit +FUNCS += functions/gnutls_x509_ext_deinit.short +FUNCS += functions/gnutls_x509_ext_export_aia +FUNCS += functions/gnutls_x509_ext_export_aia.short +FUNCS += functions/gnutls_x509_ext_export_authority_key_id +FUNCS += functions/gnutls_x509_ext_export_authority_key_id.short +FUNCS += functions/gnutls_x509_ext_export_basic_constraints +FUNCS += functions/gnutls_x509_ext_export_basic_constraints.short +FUNCS += functions/gnutls_x509_ext_export_crl_dist_points +FUNCS += functions/gnutls_x509_ext_export_crl_dist_points.short +FUNCS += functions/gnutls_x509_ext_export_inhibit_anypolicy +FUNCS += functions/gnutls_x509_ext_export_inhibit_anypolicy.short +FUNCS += functions/gnutls_x509_ext_export_key_purposes +FUNCS += functions/gnutls_x509_ext_export_key_purposes.short +FUNCS += functions/gnutls_x509_ext_export_key_usage +FUNCS += functions/gnutls_x509_ext_export_key_usage.short +FUNCS += functions/gnutls_x509_ext_export_name_constraints +FUNCS += functions/gnutls_x509_ext_export_name_constraints.short +FUNCS += functions/gnutls_x509_ext_export_policies +FUNCS += functions/gnutls_x509_ext_export_policies.short +FUNCS += functions/gnutls_x509_ext_export_private_key_usage_period +FUNCS += functions/gnutls_x509_ext_export_private_key_usage_period.short +FUNCS += functions/gnutls_x509_ext_export_proxy +FUNCS += functions/gnutls_x509_ext_export_proxy.short +FUNCS += functions/gnutls_x509_ext_export_subject_alt_names +FUNCS += functions/gnutls_x509_ext_export_subject_alt_names.short +FUNCS += functions/gnutls_x509_ext_export_subject_key_id +FUNCS += functions/gnutls_x509_ext_export_subject_key_id.short +FUNCS += functions/gnutls_x509_ext_export_tlsfeatures +FUNCS += functions/gnutls_x509_ext_export_tlsfeatures.short +FUNCS += functions/gnutls_x509_ext_import_aia +FUNCS += functions/gnutls_x509_ext_import_aia.short +FUNCS += functions/gnutls_x509_ext_import_authority_key_id +FUNCS += functions/gnutls_x509_ext_import_authority_key_id.short +FUNCS += functions/gnutls_x509_ext_import_basic_constraints +FUNCS += functions/gnutls_x509_ext_import_basic_constraints.short +FUNCS += functions/gnutls_x509_ext_import_crl_dist_points +FUNCS += functions/gnutls_x509_ext_import_crl_dist_points.short +FUNCS += functions/gnutls_x509_ext_import_inhibit_anypolicy +FUNCS += functions/gnutls_x509_ext_import_inhibit_anypolicy.short +FUNCS += functions/gnutls_x509_ext_import_key_purposes +FUNCS += functions/gnutls_x509_ext_import_key_purposes.short +FUNCS += functions/gnutls_x509_ext_import_key_usage +FUNCS += functions/gnutls_x509_ext_import_key_usage.short +FUNCS += functions/gnutls_x509_ext_import_name_constraints +FUNCS += functions/gnutls_x509_ext_import_name_constraints.short +FUNCS += functions/gnutls_x509_ext_import_policies +FUNCS += functions/gnutls_x509_ext_import_policies.short +FUNCS += functions/gnutls_x509_ext_import_private_key_usage_period +FUNCS += functions/gnutls_x509_ext_import_private_key_usage_period.short +FUNCS += functions/gnutls_x509_ext_import_proxy +FUNCS += functions/gnutls_x509_ext_import_proxy.short +FUNCS += functions/gnutls_x509_ext_import_subject_alt_names +FUNCS += functions/gnutls_x509_ext_import_subject_alt_names.short +FUNCS += functions/gnutls_x509_ext_import_subject_key_id +FUNCS += functions/gnutls_x509_ext_import_subject_key_id.short +FUNCS += functions/gnutls_x509_ext_import_tlsfeatures +FUNCS += functions/gnutls_x509_ext_import_tlsfeatures.short +FUNCS += functions/gnutls_x509_ext_print +FUNCS += functions/gnutls_x509_ext_print.short +FUNCS += functions/gnutls_x509_key_purpose_deinit +FUNCS += functions/gnutls_x509_key_purpose_deinit.short +FUNCS += functions/gnutls_x509_key_purpose_get +FUNCS += functions/gnutls_x509_key_purpose_get.short +FUNCS += functions/gnutls_x509_key_purpose_init +FUNCS += functions/gnutls_x509_key_purpose_init.short +FUNCS += functions/gnutls_x509_key_purpose_set +FUNCS += functions/gnutls_x509_key_purpose_set.short +FUNCS += functions/gnutls_x509_name_constraints_add_excluded +FUNCS += functions/gnutls_x509_name_constraints_add_excluded.short +FUNCS += functions/gnutls_x509_name_constraints_add_permitted +FUNCS += functions/gnutls_x509_name_constraints_add_permitted.short +FUNCS += functions/gnutls_x509_name_constraints_check +FUNCS += functions/gnutls_x509_name_constraints_check.short +FUNCS += functions/gnutls_x509_name_constraints_check_crt +FUNCS += functions/gnutls_x509_name_constraints_check_crt.short +FUNCS += functions/gnutls_x509_name_constraints_deinit +FUNCS += functions/gnutls_x509_name_constraints_deinit.short +FUNCS += functions/gnutls_x509_name_constraints_get_excluded +FUNCS += functions/gnutls_x509_name_constraints_get_excluded.short +FUNCS += functions/gnutls_x509_name_constraints_get_permitted +FUNCS += functions/gnutls_x509_name_constraints_get_permitted.short +FUNCS += functions/gnutls_x509_name_constraints_init +FUNCS += functions/gnutls_x509_name_constraints_init.short +FUNCS += functions/gnutls_x509_othername_to_virtual +FUNCS += functions/gnutls_x509_othername_to_virtual.short +FUNCS += functions/gnutls_x509_policies_deinit +FUNCS += functions/gnutls_x509_policies_deinit.short +FUNCS += functions/gnutls_x509_policies_get +FUNCS += functions/gnutls_x509_policies_get.short +FUNCS += functions/gnutls_x509_policies_init +FUNCS += functions/gnutls_x509_policies_init.short +FUNCS += functions/gnutls_x509_policies_set +FUNCS += functions/gnutls_x509_policies_set.short +FUNCS += functions/gnutls_x509_policy_release +FUNCS += functions/gnutls_x509_policy_release.short +FUNCS += functions/gnutls_x509_privkey_cpy +FUNCS += functions/gnutls_x509_privkey_cpy.short +FUNCS += functions/gnutls_x509_privkey_deinit +FUNCS += functions/gnutls_x509_privkey_deinit.short +FUNCS += functions/gnutls_x509_privkey_export +FUNCS += functions/gnutls_x509_privkey_export.short +FUNCS += functions/gnutls_x509_privkey_export2 +FUNCS += functions/gnutls_x509_privkey_export2.short +FUNCS += functions/gnutls_x509_privkey_export2_pkcs8 +FUNCS += functions/gnutls_x509_privkey_export2_pkcs8.short +FUNCS += functions/gnutls_x509_privkey_export_dsa_raw +FUNCS += functions/gnutls_x509_privkey_export_dsa_raw.short +FUNCS += functions/gnutls_x509_privkey_export_ecc_raw +FUNCS += functions/gnutls_x509_privkey_export_ecc_raw.short +FUNCS += functions/gnutls_x509_privkey_export_gost_raw +FUNCS += functions/gnutls_x509_privkey_export_gost_raw.short +FUNCS += functions/gnutls_x509_privkey_export_pkcs8 +FUNCS += functions/gnutls_x509_privkey_export_pkcs8.short +FUNCS += functions/gnutls_x509_privkey_export_rsa_raw +FUNCS += functions/gnutls_x509_privkey_export_rsa_raw.short +FUNCS += functions/gnutls_x509_privkey_export_rsa_raw2 +FUNCS += functions/gnutls_x509_privkey_export_rsa_raw2.short +FUNCS += functions/gnutls_x509_privkey_fix +FUNCS += functions/gnutls_x509_privkey_fix.short +FUNCS += functions/gnutls_x509_privkey_generate +FUNCS += functions/gnutls_x509_privkey_generate.short +FUNCS += functions/gnutls_x509_privkey_generate2 +FUNCS += functions/gnutls_x509_privkey_generate2.short +FUNCS += functions/gnutls_x509_privkey_get_key_id +FUNCS += functions/gnutls_x509_privkey_get_key_id.short +FUNCS += functions/gnutls_x509_privkey_get_pk_algorithm +FUNCS += functions/gnutls_x509_privkey_get_pk_algorithm.short +FUNCS += functions/gnutls_x509_privkey_get_pk_algorithm2 +FUNCS += functions/gnutls_x509_privkey_get_pk_algorithm2.short +FUNCS += functions/gnutls_x509_privkey_get_seed +FUNCS += functions/gnutls_x509_privkey_get_seed.short +FUNCS += functions/gnutls_x509_privkey_get_spki +FUNCS += functions/gnutls_x509_privkey_get_spki.short +FUNCS += functions/gnutls_x509_privkey_import +FUNCS += functions/gnutls_x509_privkey_import.short +FUNCS += functions/gnutls_x509_privkey_import2 +FUNCS += functions/gnutls_x509_privkey_import2.short +FUNCS += functions/gnutls_x509_privkey_import_dsa_raw +FUNCS += functions/gnutls_x509_privkey_import_dsa_raw.short +FUNCS += functions/gnutls_x509_privkey_import_ecc_raw +FUNCS += functions/gnutls_x509_privkey_import_ecc_raw.short +FUNCS += functions/gnutls_x509_privkey_import_gost_raw +FUNCS += functions/gnutls_x509_privkey_import_gost_raw.short +FUNCS += functions/gnutls_x509_privkey_import_openssl +FUNCS += functions/gnutls_x509_privkey_import_openssl.short +FUNCS += functions/gnutls_x509_privkey_import_pkcs8 +FUNCS += functions/gnutls_x509_privkey_import_pkcs8.short +FUNCS += functions/gnutls_x509_privkey_import_rsa_raw +FUNCS += functions/gnutls_x509_privkey_import_rsa_raw.short +FUNCS += functions/gnutls_x509_privkey_import_rsa_raw2 +FUNCS += functions/gnutls_x509_privkey_import_rsa_raw2.short +FUNCS += functions/gnutls_x509_privkey_init +FUNCS += functions/gnutls_x509_privkey_init.short +FUNCS += functions/gnutls_x509_privkey_sec_param +FUNCS += functions/gnutls_x509_privkey_sec_param.short +FUNCS += functions/gnutls_x509_privkey_set_flags +FUNCS += functions/gnutls_x509_privkey_set_flags.short +FUNCS += functions/gnutls_x509_privkey_set_pin_function +FUNCS += functions/gnutls_x509_privkey_set_pin_function.short +FUNCS += functions/gnutls_x509_privkey_set_spki +FUNCS += functions/gnutls_x509_privkey_set_spki.short +FUNCS += functions/gnutls_x509_privkey_sign_data +FUNCS += functions/gnutls_x509_privkey_sign_data.short +FUNCS += functions/gnutls_x509_privkey_sign_hash +FUNCS += functions/gnutls_x509_privkey_sign_hash.short +FUNCS += functions/gnutls_x509_privkey_verify_params +FUNCS += functions/gnutls_x509_privkey_verify_params.short +FUNCS += functions/gnutls_x509_privkey_verify_seed +FUNCS += functions/gnutls_x509_privkey_verify_seed.short +FUNCS += functions/gnutls_x509_rdn_get +FUNCS += functions/gnutls_x509_rdn_get.short +FUNCS += functions/gnutls_x509_rdn_get2 +FUNCS += functions/gnutls_x509_rdn_get2.short +FUNCS += functions/gnutls_x509_rdn_get_by_oid +FUNCS += functions/gnutls_x509_rdn_get_by_oid.short +FUNCS += functions/gnutls_x509_rdn_get_oid +FUNCS += functions/gnutls_x509_rdn_get_oid.short +FUNCS += functions/gnutls_x509_spki_deinit +FUNCS += functions/gnutls_x509_spki_deinit.short +FUNCS += functions/gnutls_x509_spki_get_rsa_pss_params +FUNCS += functions/gnutls_x509_spki_get_rsa_pss_params.short +FUNCS += functions/gnutls_x509_spki_init +FUNCS += functions/gnutls_x509_spki_init.short +FUNCS += functions/gnutls_x509_spki_set_rsa_pss_params +FUNCS += functions/gnutls_x509_spki_set_rsa_pss_params.short +FUNCS += functions/gnutls_x509_tlsfeatures_add +FUNCS += functions/gnutls_x509_tlsfeatures_add.short +FUNCS += functions/gnutls_x509_tlsfeatures_check_crt +FUNCS += functions/gnutls_x509_tlsfeatures_check_crt.short +FUNCS += functions/gnutls_x509_tlsfeatures_deinit +FUNCS += functions/gnutls_x509_tlsfeatures_deinit.short +FUNCS += functions/gnutls_x509_tlsfeatures_get +FUNCS += functions/gnutls_x509_tlsfeatures_get.short +FUNCS += functions/gnutls_x509_tlsfeatures_init +FUNCS += functions/gnutls_x509_tlsfeatures_init.short +FUNCS += functions/gnutls_x509_trust_list_add_cas +FUNCS += functions/gnutls_x509_trust_list_add_cas.short +FUNCS += functions/gnutls_x509_trust_list_add_crls +FUNCS += functions/gnutls_x509_trust_list_add_crls.short +FUNCS += functions/gnutls_x509_trust_list_add_named_crt +FUNCS += functions/gnutls_x509_trust_list_add_named_crt.short +FUNCS += functions/gnutls_x509_trust_list_add_system_trust +FUNCS += functions/gnutls_x509_trust_list_add_system_trust.short +FUNCS += functions/gnutls_x509_trust_list_add_trust_dir +FUNCS += functions/gnutls_x509_trust_list_add_trust_dir.short +FUNCS += functions/gnutls_x509_trust_list_add_trust_file +FUNCS += functions/gnutls_x509_trust_list_add_trust_file.short +FUNCS += functions/gnutls_x509_trust_list_add_trust_mem +FUNCS += functions/gnutls_x509_trust_list_add_trust_mem.short +FUNCS += functions/gnutls_x509_trust_list_deinit +FUNCS += functions/gnutls_x509_trust_list_deinit.short +FUNCS += functions/gnutls_x509_trust_list_get_issuer +FUNCS += functions/gnutls_x509_trust_list_get_issuer.short +FUNCS += functions/gnutls_x509_trust_list_get_issuer_by_dn +FUNCS += functions/gnutls_x509_trust_list_get_issuer_by_dn.short +FUNCS += functions/gnutls_x509_trust_list_get_issuer_by_subject_key_id +FUNCS += functions/gnutls_x509_trust_list_get_issuer_by_subject_key_id.short +FUNCS += functions/gnutls_x509_trust_list_init +FUNCS += functions/gnutls_x509_trust_list_init.short +FUNCS += functions/gnutls_x509_trust_list_iter_deinit +FUNCS += functions/gnutls_x509_trust_list_iter_deinit.short +FUNCS += functions/gnutls_x509_trust_list_iter_get_ca +FUNCS += functions/gnutls_x509_trust_list_iter_get_ca.short +FUNCS += functions/gnutls_x509_trust_list_remove_cas +FUNCS += functions/gnutls_x509_trust_list_remove_cas.short +FUNCS += functions/gnutls_x509_trust_list_remove_trust_file +FUNCS += functions/gnutls_x509_trust_list_remove_trust_file.short +FUNCS += functions/gnutls_x509_trust_list_remove_trust_mem +FUNCS += functions/gnutls_x509_trust_list_remove_trust_mem.short +FUNCS += functions/gnutls_x509_trust_list_verify_crt +FUNCS += functions/gnutls_x509_trust_list_verify_crt.short +FUNCS += functions/gnutls_x509_trust_list_verify_crt2 +FUNCS += functions/gnutls_x509_trust_list_verify_crt2.short +FUNCS += functions/gnutls_x509_trust_list_verify_named_crt +FUNCS += functions/gnutls_x509_trust_list_verify_named_crt.short diff --git a/doc/Makefile.in b/doc/Makefile.in new file mode 100644 index 0000000..5366d3c --- /dev/null +++ b/doc/Makefile.in @@ -0,0 +1,4968 @@ +# Makefile.in generated by automake 1.16.1 from Makefile.am. +# @configure_input@ + +# Copyright (C) 1994-2018 Free Software Foundation, Inc. + +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +@SET_MAKE@ + +# Copyright (C) 2000-2012 Free Software Foundation, Inc. +# +# Author: Nikos Mavrogiannopoulos +# +# This file is part of GnuTLS. +# +# This file is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 3 of the License, or +# (at your option) any later version. +# +# This file is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this file; if not, write to the Free Software Foundation, +# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +VPATH = @srcdir@ +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} +am__make_running_with_option = \ + case $${target_option-} in \ + ?) ;; \ + *) echo "am__make_running_with_option: internal error: invalid" \ + "target option '$${target_option-}' specified" >&2; \ + exit 1;; \ + esac; \ + has_opt=no; \ + sane_makeflags=$$MAKEFLAGS; \ + if $(am__is_gnu_make); then \ + sane_makeflags=$$MFLAGS; \ + else \ + case $$MAKEFLAGS in \ + *\\[\ \ ]*) \ + bs=\\; \ + sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ + | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ + esac; \ + fi; \ + skip_next=no; \ + strip_trailopt () \ + { \ + flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ + }; \ + for flg in $$sane_makeflags; do \ + test $$skip_next = yes && { skip_next=no; continue; }; \ + case $$flg in \ + *=*|--*) continue;; \ + -*I) strip_trailopt 'I'; skip_next=yes;; \ + -*I?*) strip_trailopt 'I';; \ + -*O) strip_trailopt 'O'; skip_next=yes;; \ + -*O?*) strip_trailopt 'O';; \ + -*l) strip_trailopt 'l'; skip_next=yes;; \ + -*l?*) strip_trailopt 'l';; \ + -[dEDm]) skip_next=yes;; \ + -[JT]) skip_next=yes;; \ + esac; \ + case $$flg in \ + *$$target_option*) has_opt=yes; break;; \ + esac; \ + done; \ + test $$has_opt = yes +am__make_dryrun = (target_option=n; $(am__make_running_with_option)) +am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) +pkgdatadir = $(datadir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ +am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd +install_sh_DATA = $(install_sh) -c -m 644 +install_sh_PROGRAM = $(install_sh) -c +install_sh_SCRIPT = $(install_sh) -c +INSTALL_HEADER = $(INSTALL_DATA) +transform = $(program_transform_name) +NORMAL_INSTALL = : +PRE_INSTALL = : +POST_INSTALL = : +NORMAL_UNINSTALL = : +PRE_UNINSTALL = : +POST_UNINSTALL = : +build_triplet = @build@ +host_triplet = @host@ +@ENABLE_GTK_DOC_TRUE@am__append_1 = reference + +# Generated texinfos. +# for some reason it does not work when cross compiling +@WINDOWS_FALSE@am__append_2 = error_codes.texi algorithms.texi alerts.texi enums.texi +EXTRA_PROGRAMS = errcodes$(EXEEXT) printlist$(EXEEXT) \ + alert-printlist$(EXEEXT) +subdir = doc +ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 +am__aclocal_m4_deps = $(top_srcdir)/lib/unistring/m4/gnulib-comp.m4 \ + $(top_srcdir)/lib/unistring/m4/inline.m4 \ + $(top_srcdir)/lib/unistring/m4/libunistring-base.m4 \ + $(top_srcdir)/src/gl/m4/__inline.m4 \ + $(top_srcdir)/src/gl/m4/bison.m4 \ + $(top_srcdir)/src/gl/m4/clock_time.m4 \ + $(top_srcdir)/src/gl/m4/fseek.m4 \ + $(top_srcdir)/src/gl/m4/getaddrinfo.m4 \ + $(top_srcdir)/src/gl/m4/getpass.m4 \ + $(top_srcdir)/src/gl/m4/gettime.m4 \ + $(top_srcdir)/src/gl/m4/gnulib-comp.m4 \ + $(top_srcdir)/src/gl/m4/hostent.m4 \ + $(top_srcdir)/src/gl/m4/mktime.m4 \ + $(top_srcdir)/src/gl/m4/nstrftime.m4 \ + $(top_srcdir)/src/gl/m4/parse-datetime.m4 \ + $(top_srcdir)/src/gl/m4/servent.m4 \ + $(top_srcdir)/src/gl/m4/time_rz.m4 \ + $(top_srcdir)/src/gl/m4/timegm.m4 \ + $(top_srcdir)/src/gl/m4/timespec.m4 \ + $(top_srcdir)/src/gl/m4/tm_gmtoff.m4 \ + $(top_srcdir)/src/gl/m4/tzset.m4 \ + $(top_srcdir)/src/libopts/m4/libopts.m4 \ + $(top_srcdir)/src/libopts/m4/stdnoreturn.m4 \ + $(top_srcdir)/m4/00gnulib.m4 \ + $(top_srcdir)/m4/absolute-header.m4 $(top_srcdir)/m4/alloca.m4 \ + $(top_srcdir)/m4/arpa_inet_h.m4 \ + $(top_srcdir)/m4/ax_ac_append_to_file.m4 \ + $(top_srcdir)/m4/ax_ac_print_to_file.m4 \ + $(top_srcdir)/m4/ax_add_am_macro_static.m4 \ + $(top_srcdir)/m4/ax_am_macros_static.m4 \ + $(top_srcdir)/m4/ax_check_gnu_make.m4 \ + $(top_srcdir)/m4/ax_code_coverage.m4 \ + $(top_srcdir)/m4/ax_file_escapes.m4 \ + $(top_srcdir)/m4/builtin-expect.m4 \ + $(top_srcdir)/m4/byteswap.m4 $(top_srcdir)/m4/close.m4 \ + $(top_srcdir)/m4/codeset.m4 $(top_srcdir)/m4/ctype.m4 \ + $(top_srcdir)/m4/dup2.m4 $(top_srcdir)/m4/eealloc.m4 \ + $(top_srcdir)/m4/environ.m4 $(top_srcdir)/m4/errno_h.m4 \ + $(top_srcdir)/m4/exponentd.m4 $(top_srcdir)/m4/extensions.m4 \ + $(top_srcdir)/m4/extern-inline.m4 $(top_srcdir)/m4/fcntl-o.m4 \ + $(top_srcdir)/m4/fcntl.m4 $(top_srcdir)/m4/fcntl_h.m4 \ + $(top_srcdir)/m4/fdopen.m4 $(top_srcdir)/m4/flexmember.m4 \ + $(top_srcdir)/m4/float_h.m4 $(top_srcdir)/m4/fpieee.m4 \ + $(top_srcdir)/m4/fseeko.m4 $(top_srcdir)/m4/fstat.m4 \ + $(top_srcdir)/m4/ftell.m4 $(top_srcdir)/m4/ftello.m4 \ + $(top_srcdir)/m4/ftruncate.m4 $(top_srcdir)/m4/func.m4 \ + $(top_srcdir)/m4/getcwd.m4 $(top_srcdir)/m4/getdelim.m4 \ + $(top_srcdir)/m4/getdtablesize.m4 $(top_srcdir)/m4/getline.m4 \ + $(top_srcdir)/m4/getpagesize.m4 $(top_srcdir)/m4/gettext.m4 \ + $(top_srcdir)/m4/gettimeofday.m4 \ + $(top_srcdir)/m4/gnulib-common.m4 \ + $(top_srcdir)/m4/gnulib-comp.m4 $(top_srcdir)/m4/gtk-doc.m4 \ + $(top_srcdir)/m4/guile.m4 $(top_srcdir)/m4/hooks.m4 \ + $(top_srcdir)/m4/host-cpu-c-abi.m4 $(top_srcdir)/m4/iconv.m4 \ + $(top_srcdir)/m4/include_next.m4 $(top_srcdir)/m4/inet_ntop.m4 \ + $(top_srcdir)/m4/inet_pton.m4 \ + $(top_srcdir)/m4/intl-thread-locale.m4 \ + $(top_srcdir)/m4/intlmacosx.m4 $(top_srcdir)/m4/intmax_t.m4 \ + $(top_srcdir)/m4/inttypes-pri.m4 $(top_srcdir)/m4/inttypes.m4 \ + $(top_srcdir)/m4/inttypes_h.m4 $(top_srcdir)/m4/ioctl.m4 \ + $(top_srcdir)/m4/isblank.m4 $(top_srcdir)/m4/langinfo_h.m4 \ + $(top_srcdir)/m4/largefile.m4 $(top_srcdir)/m4/lcmessage.m4 \ + $(top_srcdir)/m4/ld-output-def.m4 \ + $(top_srcdir)/m4/ld-version-script.m4 \ + $(top_srcdir)/m4/lib-ld.m4 $(top_srcdir)/m4/lib-link.m4 \ + $(top_srcdir)/m4/lib-prefix.m4 $(top_srcdir)/m4/libtool.m4 \ + $(top_srcdir)/m4/limits-h.m4 $(top_srcdir)/m4/locale-fr.m4 \ + $(top_srcdir)/m4/locale-ja.m4 $(top_srcdir)/m4/locale-tr.m4 \ + $(top_srcdir)/m4/locale-zh.m4 $(top_srcdir)/m4/locale_h.m4 \ + $(top_srcdir)/m4/localename.m4 \ + $(top_srcdir)/m4/localtime-buffer.m4 $(top_srcdir)/m4/lock.m4 \ + $(top_srcdir)/m4/longlong.m4 $(top_srcdir)/m4/lseek.m4 \ + $(top_srcdir)/m4/lstat.m4 $(top_srcdir)/m4/ltoptions.m4 \ + $(top_srcdir)/m4/ltsugar.m4 $(top_srcdir)/m4/ltversion.m4 \ + $(top_srcdir)/m4/lt~obsolete.m4 $(top_srcdir)/m4/malloc.m4 \ + $(top_srcdir)/m4/malloca.m4 $(top_srcdir)/m4/manywarnings.m4 \ + $(top_srcdir)/m4/memchr.m4 $(top_srcdir)/m4/memmem.m4 \ + $(top_srcdir)/m4/minmax.m4 $(top_srcdir)/m4/mmap-anon.m4 \ + $(top_srcdir)/m4/mode_t.m4 $(top_srcdir)/m4/msvc-inval.m4 \ + $(top_srcdir)/m4/msvc-nothrow.m4 $(top_srcdir)/m4/multiarch.m4 \ + $(top_srcdir)/m4/nanosleep.m4 $(top_srcdir)/m4/netdb_h.m4 \ + $(top_srcdir)/m4/netinet_in_h.m4 $(top_srcdir)/m4/nls.m4 \ + $(top_srcdir)/m4/off_t.m4 $(top_srcdir)/m4/open-cloexec.m4 \ + $(top_srcdir)/m4/open.m4 $(top_srcdir)/m4/pathmax.m4 \ + $(top_srcdir)/m4/perror.m4 $(top_srcdir)/m4/pipe.m4 \ + $(top_srcdir)/m4/pkg.m4 $(top_srcdir)/m4/po.m4 \ + $(top_srcdir)/m4/printf.m4 $(top_srcdir)/m4/progtest.m4 \ + $(top_srcdir)/m4/pthread_rwlock_rdlock.m4 \ + $(top_srcdir)/m4/putenv.m4 $(top_srcdir)/m4/raise.m4 \ + $(top_srcdir)/m4/read-file.m4 $(top_srcdir)/m4/realloc.m4 \ + $(top_srcdir)/m4/secure_getenv.m4 $(top_srcdir)/m4/select.m4 \ + $(top_srcdir)/m4/setenv.m4 $(top_srcdir)/m4/setlocale.m4 \ + $(top_srcdir)/m4/sigaction.m4 $(top_srcdir)/m4/signal_h.m4 \ + $(top_srcdir)/m4/signalblocking.m4 \ + $(top_srcdir)/m4/size_max.m4 $(top_srcdir)/m4/sleep.m4 \ + $(top_srcdir)/m4/snprintf.m4 $(top_srcdir)/m4/socketlib.m4 \ + $(top_srcdir)/m4/sockets.m4 $(top_srcdir)/m4/socklen.m4 \ + $(top_srcdir)/m4/sockpfaf.m4 $(top_srcdir)/m4/ssize_t.m4 \ + $(top_srcdir)/m4/stat-time.m4 $(top_srcdir)/m4/stat.m4 \ + $(top_srcdir)/m4/stdalign.m4 $(top_srcdir)/m4/stdbool.m4 \ + $(top_srcdir)/m4/stddef_h.m4 $(top_srcdir)/m4/stdint.m4 \ + $(top_srcdir)/m4/stdint_h.m4 $(top_srcdir)/m4/stdio_h.m4 \ + $(top_srcdir)/m4/stdlib_h.m4 $(top_srcdir)/m4/strcase.m4 \ + $(top_srcdir)/m4/strdup.m4 $(top_srcdir)/m4/strerror.m4 \ + $(top_srcdir)/m4/strerror_r.m4 $(top_srcdir)/m4/string_h.m4 \ + $(top_srcdir)/m4/strings_h.m4 $(top_srcdir)/m4/strndup.m4 \ + $(top_srcdir)/m4/strnlen.m4 $(top_srcdir)/m4/strtok_r.m4 \ + $(top_srcdir)/m4/strverscmp.m4 $(top_srcdir)/m4/symlink.m4 \ + $(top_srcdir)/m4/sys_ioctl_h.m4 \ + $(top_srcdir)/m4/sys_select_h.m4 \ + $(top_srcdir)/m4/sys_socket_h.m4 \ + $(top_srcdir)/m4/sys_stat_h.m4 $(top_srcdir)/m4/sys_time_h.m4 \ + $(top_srcdir)/m4/sys_types_h.m4 $(top_srcdir)/m4/sys_uio_h.m4 \ + $(top_srcdir)/m4/threadlib.m4 $(top_srcdir)/m4/time_h.m4 \ + $(top_srcdir)/m4/time_r.m4 $(top_srcdir)/m4/ungetc.m4 \ + $(top_srcdir)/m4/unistd_h.m4 \ + $(top_srcdir)/m4/valgrind-tests.m4 \ + $(top_srcdir)/m4/vasnprintf.m4 $(top_srcdir)/m4/vasprintf.m4 \ + $(top_srcdir)/m4/vsnprintf.m4 $(top_srcdir)/m4/warn-on-use.m4 \ + $(top_srcdir)/m4/warnings.m4 $(top_srcdir)/m4/wchar_h.m4 \ + $(top_srcdir)/m4/wchar_t.m4 $(top_srcdir)/m4/wint_t.m4 \ + $(top_srcdir)/m4/xsize.m4 $(top_srcdir)/configure.ac +am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ + $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/version.texi \ + $(srcdir)/stamp-vti $(srcdir)/version-guile.texi \ + $(srcdir)/stamp-1 $(am__DIST_COMMON) +mkinstalldirs = $(install_sh) -d +CONFIG_HEADER = $(top_builddir)/config.h +CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = +am_alert_printlist_OBJECTS = alert-printlist.$(OBJEXT) \ + common.$(OBJEXT) +alert_printlist_OBJECTS = $(am_alert_printlist_OBJECTS) +alert_printlist_DEPENDENCIES = ../lib/libgnutls.la ../gl/libgnu.la +AM_V_lt = $(am__v_lt_@AM_V@) +am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) +am__v_lt_0 = --silent +am__v_lt_1 = +am_errcodes_OBJECTS = errcodes.$(OBJEXT) common.$(OBJEXT) +errcodes_OBJECTS = $(am_errcodes_OBJECTS) +errcodes_DEPENDENCIES = ../lib/libgnutls.la ../gl/libgnu.la +am_printlist_OBJECTS = printlist.$(OBJEXT) common.$(OBJEXT) +printlist_OBJECTS = $(am_printlist_OBJECTS) +printlist_DEPENDENCIES = ../lib/libgnutls.la ../gl/libgnu.la +AM_V_P = $(am__v_P_@AM_V@) +am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) +am__v_P_0 = false +am__v_P_1 = : +AM_V_GEN = $(am__v_GEN_@AM_V@) +am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) +am__v_GEN_0 = @echo " GEN " $@; +am__v_GEN_1 = +AM_V_at = $(am__v_at_@AM_V@) +am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) +am__v_at_0 = @ +am__v_at_1 = +DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) +depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp +am__maybe_remake_depfiles = depfiles +am__depfiles_remade = ./$(DEPDIR)/alert-printlist.Po \ + ./$(DEPDIR)/common.Po ./$(DEPDIR)/errcodes.Po \ + ./$(DEPDIR)/printlist.Po +am__mv = mv -f +COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ + $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \ + $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \ + $(AM_CFLAGS) $(CFLAGS) +AM_V_CC = $(am__v_CC_@AM_V@) +am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@) +am__v_CC_0 = @echo " CC " $@; +am__v_CC_1 = +CCLD = $(CC) +LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ + $(AM_LDFLAGS) $(LDFLAGS) -o $@ +AM_V_CCLD = $(am__v_CCLD_@AM_V@) +am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@) +am__v_CCLD_0 = @echo " CCLD " $@; +am__v_CCLD_1 = +SOURCES = $(alert_printlist_SOURCES) $(errcodes_SOURCES) \ + $(printlist_SOURCES) +DIST_SOURCES = $(alert_printlist_SOURCES) $(errcodes_SOURCES) \ + $(printlist_SOURCES) +AM_V_DVIPS = $(am__v_DVIPS_@AM_V@) +am__v_DVIPS_ = $(am__v_DVIPS_@AM_DEFAULT_V@) +am__v_DVIPS_0 = @echo " DVIPS " $@; +am__v_DVIPS_1 = +AM_V_MAKEINFO = $(am__v_MAKEINFO_@AM_V@) +am__v_MAKEINFO_ = $(am__v_MAKEINFO_@AM_DEFAULT_V@) +am__v_MAKEINFO_0 = @echo " MAKEINFO" $@; +am__v_MAKEINFO_1 = +AM_V_INFOHTML = $(am__v_INFOHTML_@AM_V@) +am__v_INFOHTML_ = $(am__v_INFOHTML_@AM_DEFAULT_V@) +am__v_INFOHTML_0 = @echo " INFOHTML" $@; +am__v_INFOHTML_1 = +AM_V_TEXI2DVI = $(am__v_TEXI2DVI_@AM_V@) +am__v_TEXI2DVI_ = $(am__v_TEXI2DVI_@AM_DEFAULT_V@) +am__v_TEXI2DVI_0 = @echo " TEXI2DVI" $@; +am__v_TEXI2DVI_1 = +AM_V_TEXI2PDF = $(am__v_TEXI2PDF_@AM_V@) +am__v_TEXI2PDF_ = $(am__v_TEXI2PDF_@AM_DEFAULT_V@) +am__v_TEXI2PDF_0 = @echo " TEXI2PDF" $@; +am__v_TEXI2PDF_1 = +AM_V_texinfo = $(am__v_texinfo_@AM_V@) +am__v_texinfo_ = $(am__v_texinfo_@AM_DEFAULT_V@) +am__v_texinfo_0 = -q +am__v_texinfo_1 = +AM_V_texidevnull = $(am__v_texidevnull_@AM_V@) +am__v_texidevnull_ = $(am__v_texidevnull_@AM_DEFAULT_V@) +am__v_texidevnull_0 = > /dev/null +am__v_texidevnull_1 = +INFO_DEPS = $(srcdir)/gnutls.info $(srcdir)/gnutls-guile.info +TEXINFO_TEX = $(top_srcdir)/build-aux/texinfo.tex +am__TEXINFO_TEX_DIR = $(top_srcdir)/build-aux +DVIS = gnutls.dvi gnutls-guile.dvi +PDFS = gnutls.pdf gnutls-guile.pdf +PSS = gnutls.ps gnutls-guile.ps +HTMLS = gnutls.html gnutls-guile.html +TEXINFOS = gnutls.texi gnutls-guile.texi +TEXI2PDF = $(TEXI2DVI) --pdf --batch +MAKEINFOHTML = $(MAKEINFO) --html +DVIPS = dvips +RECURSIVE_TARGETS = all-recursive check-recursive cscopelist-recursive \ + ctags-recursive dvi-recursive html-recursive info-recursive \ + install-data-recursive install-dvi-recursive \ + install-exec-recursive install-html-recursive \ + install-info-recursive install-pdf-recursive \ + install-ps-recursive install-recursive installcheck-recursive \ + installdirs-recursive pdf-recursive ps-recursive \ + tags-recursive uninstall-recursive +am__can_run_installinfo = \ + case $$AM_UPDATE_INFO_DIR in \ + n|no|NO) false;; \ + *) (install-info --version) >/dev/null 2>&1;; \ + esac +am__installdirs = "$(DESTDIR)$(infodir)" "$(DESTDIR)$(htmldir)" \ + "$(DESTDIR)$(infoimagesdir)" +am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; +am__vpath_adj = case $$p in \ + $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ + *) f=$$p;; \ + esac; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' +am__uninstall_files_from_dir = { \ + test -z "$$files" \ + || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ + || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ + $(am__cd) "$$dir" && rm -f $$files; }; \ + } +DATA = $(html_DATA) $(infoimages_DATA) +RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive \ + distclean-recursive maintainer-clean-recursive +am__recursive_targets = \ + $(RECURSIVE_TARGETS) \ + $(RECURSIVE_CLEAN_TARGETS) \ + $(am__extra_recursive_targets) +AM_RECURSIVE_TARGETS = $(am__recursive_targets:-recursive=) TAGS CTAGS \ + distdir distdir-am +am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) +# Read a list of newline-separated strings from the standard input, +# and print each of them once, without duplicates. Input order is +# *not* preserved. +am__uniquify_input = $(AWK) '\ + BEGIN { nonempty = 0; } \ + { items[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in items) print i; }; } \ +' +# Make sure the list of sources is unique. This is necessary because, +# e.g., the same source file might be shared among _SOURCES variables +# for different programs/libraries. +am__define_uniq_tagged_files = \ + list='$(am__tagged_files)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | $(am__uniquify_input)` +ETAGS = etags +CTAGS = ctags +DIST_SUBDIRS = examples scripts credentials latex reference +am__DIST_COMMON = $(gnutls_TEXINFOS) $(srcdir)/Makefile.in \ + $(top_srcdir)/build-aux/depcomp \ + $(top_srcdir)/build-aux/mdate-sh \ + $(top_srcdir)/build-aux/texinfo.tex COPYING COPYING.LESSER \ + TODO +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) +am__relativize = \ + dir0=`pwd`; \ + sed_first='s,^\([^/]*\)/.*$$,\1,'; \ + sed_rest='s,^[^/]*/*,,'; \ + sed_last='s,^.*/\([^/]*\)$$,\1,'; \ + sed_butlast='s,/*[^/]*$$,,'; \ + while test -n "$$dir1"; do \ + first=`echo "$$dir1" | sed -e "$$sed_first"`; \ + if test "$$first" != "."; then \ + if test "$$first" = ".."; then \ + dir2=`echo "$$dir0" | sed -e "$$sed_last"`/"$$dir2"; \ + dir0=`echo "$$dir0" | sed -e "$$sed_butlast"`; \ + else \ + first2=`echo "$$dir2" | sed -e "$$sed_first"`; \ + if test "$$first2" = "$$first"; then \ + dir2=`echo "$$dir2" | sed -e "$$sed_rest"`; \ + else \ + dir2="../$$dir2"; \ + fi; \ + dir0="$$dir0"/"$$first"; \ + fi; \ + fi; \ + dir1=`echo "$$dir1" | sed -e "$$sed_rest"`; \ + done; \ + reldir="$$dir2" +ACLOCAL = @ACLOCAL@ +ALLOCA = @ALLOCA@ +ALLOCA_H = @ALLOCA_H@ +AMTAR = @AMTAR@ +AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ +APPLE_UNIVERSAL_BUILD = @APPLE_UNIVERSAL_BUILD@ +AR = @AR@ +ARFLAGS = @ARFLAGS@ +AUTOCONF = @AUTOCONF@ +AUTOGEN = @AUTOGEN@ +AUTOHEADER = @AUTOHEADER@ +AUTOMAKE = @AUTOMAKE@ +AWK = @AWK@ +BITSIZEOF_PTRDIFF_T = @BITSIZEOF_PTRDIFF_T@ +BITSIZEOF_SIG_ATOMIC_T = @BITSIZEOF_SIG_ATOMIC_T@ +BITSIZEOF_SIZE_T = @BITSIZEOF_SIZE_T@ +BITSIZEOF_WCHAR_T = @BITSIZEOF_WCHAR_T@ +BITSIZEOF_WINT_T = @BITSIZEOF_WINT_T@ +BYTESWAP_H = @BYTESWAP_H@ +CC = @CC@ +CCAS = @CCAS@ +CCASDEPMODE = @CCASDEPMODE@ +CCASFLAGS = @CCASFLAGS@ +CCDEPMODE = @CCDEPMODE@ +CFLAGS = @CFLAGS@ +CMOCKA_CFLAGS = @CMOCKA_CFLAGS@ +CMOCKA_LIBS = @CMOCKA_LIBS@ +CODE_COVERAGE_CFLAGS = @CODE_COVERAGE_CFLAGS@ +CODE_COVERAGE_CPPFLAGS = @CODE_COVERAGE_CPPFLAGS@ +CODE_COVERAGE_CXXFLAGS = @CODE_COVERAGE_CXXFLAGS@ +CODE_COVERAGE_ENABLED = @CODE_COVERAGE_ENABLED@ +CODE_COVERAGE_LIBS = @CODE_COVERAGE_LIBS@ +CONFIG_INCLUDE = @CONFIG_INCLUDE@ +CPP = @CPP@ +CPPFLAGS = @CPPFLAGS@ +CRYWRAP_PATCHLEVEL = @CRYWRAP_PATCHLEVEL@ +CXX = @CXX@ +CXXCPP = @CXXCPP@ +CXXDEPMODE = @CXXDEPMODE@ +CXXFLAGS = @CXXFLAGS@ +CXX_LT_AGE = @CXX_LT_AGE@ +CXX_LT_CURRENT = @CXX_LT_CURRENT@ +CXX_LT_REVISION = @CXX_LT_REVISION@ +CYGPATH_W = @CYGPATH_W@ +DEFS = @DEFS@ +DEPDIR = @DEPDIR@ +DLLTOOL = @DLLTOOL@ +DLL_SSL_VERSION = @DLL_SSL_VERSION@ +DLL_VERSION = @DLL_VERSION@ +DSYMUTIL = @DSYMUTIL@ +DUMPBIN = @DUMPBIN@ +ECHO_C = @ECHO_C@ +ECHO_N = @ECHO_N@ +ECHO_T = @ECHO_T@ +EGREP = @EGREP@ +EMULTIHOP_HIDDEN = @EMULTIHOP_HIDDEN@ +EMULTIHOP_VALUE = @EMULTIHOP_VALUE@ +ENABLE_PADLOCK = @ENABLE_PADLOCK@ +ENOLINK_HIDDEN = @ENOLINK_HIDDEN@ +ENOLINK_VALUE = @ENOLINK_VALUE@ +EOVERFLOW_HIDDEN = @EOVERFLOW_HIDDEN@ +EOVERFLOW_VALUE = @EOVERFLOW_VALUE@ +ERRNO_H = @ERRNO_H@ +EXEEXT = @EXEEXT@ +FGREP = @FGREP@ +FIPS140_LIBS = @FIPS140_LIBS@ +FLOAT_H = @FLOAT_H@ +GCOV = @GCOV@ +GENHTML = @GENHTML@ +GETADDRINFO_LIB = @GETADDRINFO_LIB@ +GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@ +GMP_CFLAGS = @GMP_CFLAGS@ +GMP_LIBS = @GMP_LIBS@ +GMSGFMT = @GMSGFMT@ +GMSGFMT_015 = @GMSGFMT_015@ +GNULIB_ACCEPT = @GNULIB_ACCEPT@ +GNULIB_ACCEPT4 = @GNULIB_ACCEPT4@ +GNULIB_ATOLL = @GNULIB_ATOLL@ +GNULIB_BIND = @GNULIB_BIND@ +GNULIB_BTOWC = @GNULIB_BTOWC@ +GNULIB_CALLOC_POSIX = @GNULIB_CALLOC_POSIX@ +GNULIB_CANONICALIZE_FILE_NAME = @GNULIB_CANONICALIZE_FILE_NAME@ +GNULIB_CHDIR = @GNULIB_CHDIR@ +GNULIB_CHOWN = @GNULIB_CHOWN@ +GNULIB_CLOSE = @GNULIB_CLOSE@ +GNULIB_CONNECT = @GNULIB_CONNECT@ +GNULIB_CTIME = @GNULIB_CTIME@ +GNULIB_DPRINTF = @GNULIB_DPRINTF@ +GNULIB_DUP = @GNULIB_DUP@ +GNULIB_DUP2 = @GNULIB_DUP2@ +GNULIB_DUP3 = @GNULIB_DUP3@ +GNULIB_DUPLOCALE = @GNULIB_DUPLOCALE@ +GNULIB_ENVIRON = @GNULIB_ENVIRON@ +GNULIB_EUIDACCESS = @GNULIB_EUIDACCESS@ +GNULIB_EXPLICIT_BZERO = @GNULIB_EXPLICIT_BZERO@ +GNULIB_FACCESSAT = @GNULIB_FACCESSAT@ +GNULIB_FCHDIR = @GNULIB_FCHDIR@ +GNULIB_FCHMODAT = @GNULIB_FCHMODAT@ +GNULIB_FCHOWNAT = @GNULIB_FCHOWNAT@ +GNULIB_FCLOSE = @GNULIB_FCLOSE@ +GNULIB_FCNTL = @GNULIB_FCNTL@ +GNULIB_FDATASYNC = @GNULIB_FDATASYNC@ +GNULIB_FDOPEN = @GNULIB_FDOPEN@ +GNULIB_FFLUSH = @GNULIB_FFLUSH@ +GNULIB_FFS = @GNULIB_FFS@ +GNULIB_FFSL = @GNULIB_FFSL@ +GNULIB_FFSLL = @GNULIB_FFSLL@ +GNULIB_FGETC = @GNULIB_FGETC@ +GNULIB_FGETS = @GNULIB_FGETS@ +GNULIB_FOPEN = @GNULIB_FOPEN@ +GNULIB_FPRINTF = @GNULIB_FPRINTF@ +GNULIB_FPRINTF_POSIX = @GNULIB_FPRINTF_POSIX@ +GNULIB_FPURGE = @GNULIB_FPURGE@ +GNULIB_FPUTC = @GNULIB_FPUTC@ +GNULIB_FPUTS = @GNULIB_FPUTS@ +GNULIB_FREAD = @GNULIB_FREAD@ +GNULIB_FREOPEN = @GNULIB_FREOPEN@ +GNULIB_FSCANF = @GNULIB_FSCANF@ +GNULIB_FSEEK = @GNULIB_FSEEK@ +GNULIB_FSEEKO = @GNULIB_FSEEKO@ +GNULIB_FSTAT = @GNULIB_FSTAT@ +GNULIB_FSTATAT = @GNULIB_FSTATAT@ +GNULIB_FSYNC = @GNULIB_FSYNC@ +GNULIB_FTELL = @GNULIB_FTELL@ +GNULIB_FTELLO = @GNULIB_FTELLO@ +GNULIB_FTRUNCATE = @GNULIB_FTRUNCATE@ +GNULIB_FUTIMENS = @GNULIB_FUTIMENS@ +GNULIB_FWRITE = @GNULIB_FWRITE@ +GNULIB_GETADDRINFO = @GNULIB_GETADDRINFO@ +GNULIB_GETC = @GNULIB_GETC@ +GNULIB_GETCHAR = @GNULIB_GETCHAR@ +GNULIB_GETCWD = @GNULIB_GETCWD@ +GNULIB_GETDELIM = @GNULIB_GETDELIM@ +GNULIB_GETDOMAINNAME = @GNULIB_GETDOMAINNAME@ +GNULIB_GETDTABLESIZE = @GNULIB_GETDTABLESIZE@ +GNULIB_GETGROUPS = @GNULIB_GETGROUPS@ +GNULIB_GETHOSTNAME = @GNULIB_GETHOSTNAME@ +GNULIB_GETLINE = @GNULIB_GETLINE@ +GNULIB_GETLOADAVG = @GNULIB_GETLOADAVG@ +GNULIB_GETLOGIN = @GNULIB_GETLOGIN@ +GNULIB_GETLOGIN_R = @GNULIB_GETLOGIN_R@ +GNULIB_GETPAGESIZE = @GNULIB_GETPAGESIZE@ +GNULIB_GETPASS = @GNULIB_GETPASS@ +GNULIB_GETPEERNAME = @GNULIB_GETPEERNAME@ +GNULIB_GETSOCKNAME = @GNULIB_GETSOCKNAME@ +GNULIB_GETSOCKOPT = @GNULIB_GETSOCKOPT@ +GNULIB_GETSUBOPT = @GNULIB_GETSUBOPT@ +GNULIB_GETTIMEOFDAY = @GNULIB_GETTIMEOFDAY@ +GNULIB_GETUSERSHELL = @GNULIB_GETUSERSHELL@ +GNULIB_GRANTPT = @GNULIB_GRANTPT@ +GNULIB_GROUP_MEMBER = @GNULIB_GROUP_MEMBER@ +GNULIB_IMAXABS = @GNULIB_IMAXABS@ +GNULIB_IMAXDIV = @GNULIB_IMAXDIV@ +GNULIB_INET_NTOP = @GNULIB_INET_NTOP@ +GNULIB_INET_PTON = @GNULIB_INET_PTON@ +GNULIB_IOCTL = @GNULIB_IOCTL@ +GNULIB_ISATTY = @GNULIB_ISATTY@ +GNULIB_ISBLANK = @GNULIB_ISBLANK@ +GNULIB_LCHMOD = @GNULIB_LCHMOD@ +GNULIB_LCHOWN = @GNULIB_LCHOWN@ +GNULIB_LINK = @GNULIB_LINK@ +GNULIB_LINKAT = @GNULIB_LINKAT@ +GNULIB_LISTEN = @GNULIB_LISTEN@ +GNULIB_LOCALECONV = @GNULIB_LOCALECONV@ +GNULIB_LOCALENAME = @GNULIB_LOCALENAME@ +GNULIB_LOCALTIME = @GNULIB_LOCALTIME@ +GNULIB_LSEEK = @GNULIB_LSEEK@ +GNULIB_LSTAT = @GNULIB_LSTAT@ +GNULIB_MALLOC_POSIX = @GNULIB_MALLOC_POSIX@ +GNULIB_MBRLEN = @GNULIB_MBRLEN@ +GNULIB_MBRTOWC = @GNULIB_MBRTOWC@ +GNULIB_MBSCASECMP = @GNULIB_MBSCASECMP@ +GNULIB_MBSCASESTR = @GNULIB_MBSCASESTR@ +GNULIB_MBSCHR = @GNULIB_MBSCHR@ +GNULIB_MBSCSPN = @GNULIB_MBSCSPN@ +GNULIB_MBSINIT = @GNULIB_MBSINIT@ +GNULIB_MBSLEN = @GNULIB_MBSLEN@ +GNULIB_MBSNCASECMP = @GNULIB_MBSNCASECMP@ +GNULIB_MBSNLEN = @GNULIB_MBSNLEN@ +GNULIB_MBSNRTOWCS = @GNULIB_MBSNRTOWCS@ +GNULIB_MBSPBRK = @GNULIB_MBSPBRK@ +GNULIB_MBSPCASECMP = @GNULIB_MBSPCASECMP@ +GNULIB_MBSRCHR = @GNULIB_MBSRCHR@ +GNULIB_MBSRTOWCS = @GNULIB_MBSRTOWCS@ +GNULIB_MBSSEP = @GNULIB_MBSSEP@ +GNULIB_MBSSPN = @GNULIB_MBSSPN@ +GNULIB_MBSSTR = @GNULIB_MBSSTR@ +GNULIB_MBSTOK_R = @GNULIB_MBSTOK_R@ +GNULIB_MBTOWC = @GNULIB_MBTOWC@ +GNULIB_MEMCHR = @GNULIB_MEMCHR@ +GNULIB_MEMMEM = @GNULIB_MEMMEM@ +GNULIB_MEMPCPY = @GNULIB_MEMPCPY@ +GNULIB_MEMRCHR = @GNULIB_MEMRCHR@ +GNULIB_MKDIRAT = @GNULIB_MKDIRAT@ +GNULIB_MKDTEMP = @GNULIB_MKDTEMP@ +GNULIB_MKFIFO = @GNULIB_MKFIFO@ +GNULIB_MKFIFOAT = @GNULIB_MKFIFOAT@ +GNULIB_MKNOD = @GNULIB_MKNOD@ +GNULIB_MKNODAT = @GNULIB_MKNODAT@ +GNULIB_MKOSTEMP = @GNULIB_MKOSTEMP@ +GNULIB_MKOSTEMPS = @GNULIB_MKOSTEMPS@ +GNULIB_MKSTEMP = @GNULIB_MKSTEMP@ +GNULIB_MKSTEMPS = @GNULIB_MKSTEMPS@ +GNULIB_MKTIME = @GNULIB_MKTIME@ +GNULIB_NANOSLEEP = @GNULIB_NANOSLEEP@ +GNULIB_NL_LANGINFO = @GNULIB_NL_LANGINFO@ +GNULIB_NONBLOCKING = @GNULIB_NONBLOCKING@ +GNULIB_OBSTACK_PRINTF = @GNULIB_OBSTACK_PRINTF@ +GNULIB_OBSTACK_PRINTF_POSIX = @GNULIB_OBSTACK_PRINTF_POSIX@ +GNULIB_OPEN = @GNULIB_OPEN@ +GNULIB_OPENAT = @GNULIB_OPENAT@ +GNULIB_OVERRIDES_STRUCT_STAT = @GNULIB_OVERRIDES_STRUCT_STAT@ +GNULIB_OVERRIDES_WINT_T = @GNULIB_OVERRIDES_WINT_T@ +GNULIB_PCLOSE = @GNULIB_PCLOSE@ +GNULIB_PERROR = @GNULIB_PERROR@ +GNULIB_PIPE = @GNULIB_PIPE@ +GNULIB_PIPE2 = @GNULIB_PIPE2@ +GNULIB_POPEN = @GNULIB_POPEN@ +GNULIB_POSIX_OPENPT = @GNULIB_POSIX_OPENPT@ +GNULIB_PREAD = @GNULIB_PREAD@ +GNULIB_PRINTF = @GNULIB_PRINTF@ +GNULIB_PRINTF_POSIX = @GNULIB_PRINTF_POSIX@ +GNULIB_PSELECT = @GNULIB_PSELECT@ +GNULIB_PTHREAD_SIGMASK = @GNULIB_PTHREAD_SIGMASK@ +GNULIB_PTSNAME = @GNULIB_PTSNAME@ +GNULIB_PTSNAME_R = @GNULIB_PTSNAME_R@ +GNULIB_PUTC = @GNULIB_PUTC@ +GNULIB_PUTCHAR = @GNULIB_PUTCHAR@ +GNULIB_PUTENV = @GNULIB_PUTENV@ +GNULIB_PUTS = @GNULIB_PUTS@ +GNULIB_PWRITE = @GNULIB_PWRITE@ +GNULIB_QSORT_R = @GNULIB_QSORT_R@ +GNULIB_RAISE = @GNULIB_RAISE@ +GNULIB_RANDOM = @GNULIB_RANDOM@ +GNULIB_RANDOM_R = @GNULIB_RANDOM_R@ +GNULIB_RAWMEMCHR = @GNULIB_RAWMEMCHR@ +GNULIB_READ = @GNULIB_READ@ +GNULIB_READLINK = @GNULIB_READLINK@ +GNULIB_READLINKAT = @GNULIB_READLINKAT@ +GNULIB_REALLOCARRAY = @GNULIB_REALLOCARRAY@ +GNULIB_REALLOC_POSIX = @GNULIB_REALLOC_POSIX@ +GNULIB_REALPATH = @GNULIB_REALPATH@ +GNULIB_RECV = @GNULIB_RECV@ +GNULIB_RECVFROM = @GNULIB_RECVFROM@ +GNULIB_REMOVE = @GNULIB_REMOVE@ +GNULIB_RENAME = @GNULIB_RENAME@ +GNULIB_RENAMEAT = @GNULIB_RENAMEAT@ +GNULIB_RMDIR = @GNULIB_RMDIR@ +GNULIB_RPMATCH = @GNULIB_RPMATCH@ +GNULIB_SCANF = @GNULIB_SCANF@ +GNULIB_SECURE_GETENV = @GNULIB_SECURE_GETENV@ +GNULIB_SELECT = @GNULIB_SELECT@ +GNULIB_SEND = @GNULIB_SEND@ +GNULIB_SENDTO = @GNULIB_SENDTO@ +GNULIB_SETENV = @GNULIB_SETENV@ +GNULIB_SETHOSTNAME = @GNULIB_SETHOSTNAME@ +GNULIB_SETLOCALE = @GNULIB_SETLOCALE@ +GNULIB_SETSOCKOPT = @GNULIB_SETSOCKOPT@ +GNULIB_SHUTDOWN = @GNULIB_SHUTDOWN@ +GNULIB_SIGACTION = @GNULIB_SIGACTION@ +GNULIB_SIGNAL_H_SIGPIPE = @GNULIB_SIGNAL_H_SIGPIPE@ +GNULIB_SIGPROCMASK = @GNULIB_SIGPROCMASK@ +GNULIB_SLEEP = @GNULIB_SLEEP@ +GNULIB_SNPRINTF = @GNULIB_SNPRINTF@ +GNULIB_SOCKET = @GNULIB_SOCKET@ +GNULIB_SPRINTF_POSIX = @GNULIB_SPRINTF_POSIX@ +GNULIB_STAT = @GNULIB_STAT@ +GNULIB_STDIO_H_NONBLOCKING = @GNULIB_STDIO_H_NONBLOCKING@ +GNULIB_STDIO_H_SIGPIPE = @GNULIB_STDIO_H_SIGPIPE@ +GNULIB_STPCPY = @GNULIB_STPCPY@ +GNULIB_STPNCPY = @GNULIB_STPNCPY@ +GNULIB_STRCASESTR = @GNULIB_STRCASESTR@ +GNULIB_STRCHRNUL = @GNULIB_STRCHRNUL@ +GNULIB_STRDUP = @GNULIB_STRDUP@ +GNULIB_STRERROR = @GNULIB_STRERROR@ +GNULIB_STRERROR_R = @GNULIB_STRERROR_R@ +GNULIB_STRFTIME = @GNULIB_STRFTIME@ +GNULIB_STRNCAT = @GNULIB_STRNCAT@ +GNULIB_STRNDUP = @GNULIB_STRNDUP@ +GNULIB_STRNLEN = @GNULIB_STRNLEN@ +GNULIB_STRPBRK = @GNULIB_STRPBRK@ +GNULIB_STRPTIME = @GNULIB_STRPTIME@ +GNULIB_STRSEP = @GNULIB_STRSEP@ +GNULIB_STRSIGNAL = @GNULIB_STRSIGNAL@ +GNULIB_STRSTR = @GNULIB_STRSTR@ +GNULIB_STRTOD = @GNULIB_STRTOD@ +GNULIB_STRTOIMAX = @GNULIB_STRTOIMAX@ +GNULIB_STRTOK_R = @GNULIB_STRTOK_R@ +GNULIB_STRTOLD = @GNULIB_STRTOLD@ +GNULIB_STRTOLL = @GNULIB_STRTOLL@ +GNULIB_STRTOULL = @GNULIB_STRTOULL@ +GNULIB_STRTOUMAX = @GNULIB_STRTOUMAX@ +GNULIB_STRVERSCMP = @GNULIB_STRVERSCMP@ +GNULIB_SYMLINK = @GNULIB_SYMLINK@ +GNULIB_SYMLINKAT = @GNULIB_SYMLINKAT@ +GNULIB_SYSTEM_POSIX = @GNULIB_SYSTEM_POSIX@ +GNULIB_TIMEGM = @GNULIB_TIMEGM@ +GNULIB_TIME_R = @GNULIB_TIME_R@ +GNULIB_TIME_RZ = @GNULIB_TIME_RZ@ +GNULIB_TMPFILE = @GNULIB_TMPFILE@ +GNULIB_TRUNCATE = @GNULIB_TRUNCATE@ +GNULIB_TTYNAME_R = @GNULIB_TTYNAME_R@ +GNULIB_TZSET = @GNULIB_TZSET@ +GNULIB_UNISTD_H_NONBLOCKING = @GNULIB_UNISTD_H_NONBLOCKING@ +GNULIB_UNISTD_H_SIGPIPE = @GNULIB_UNISTD_H_SIGPIPE@ +GNULIB_UNLINK = @GNULIB_UNLINK@ +GNULIB_UNLINKAT = @GNULIB_UNLINKAT@ +GNULIB_UNLOCKPT = @GNULIB_UNLOCKPT@ +GNULIB_UNSETENV = @GNULIB_UNSETENV@ +GNULIB_USLEEP = @GNULIB_USLEEP@ +GNULIB_UTIMENSAT = @GNULIB_UTIMENSAT@ +GNULIB_VASPRINTF = @GNULIB_VASPRINTF@ +GNULIB_VDPRINTF = @GNULIB_VDPRINTF@ +GNULIB_VFPRINTF = @GNULIB_VFPRINTF@ +GNULIB_VFPRINTF_POSIX = @GNULIB_VFPRINTF_POSIX@ +GNULIB_VFSCANF = @GNULIB_VFSCANF@ +GNULIB_VPRINTF = @GNULIB_VPRINTF@ +GNULIB_VPRINTF_POSIX = @GNULIB_VPRINTF_POSIX@ +GNULIB_VSCANF = @GNULIB_VSCANF@ +GNULIB_VSNPRINTF = @GNULIB_VSNPRINTF@ +GNULIB_VSPRINTF_POSIX = @GNULIB_VSPRINTF_POSIX@ +GNULIB_WCPCPY = @GNULIB_WCPCPY@ +GNULIB_WCPNCPY = @GNULIB_WCPNCPY@ +GNULIB_WCRTOMB = @GNULIB_WCRTOMB@ +GNULIB_WCSCASECMP = @GNULIB_WCSCASECMP@ +GNULIB_WCSCAT = @GNULIB_WCSCAT@ +GNULIB_WCSCHR = @GNULIB_WCSCHR@ +GNULIB_WCSCMP = @GNULIB_WCSCMP@ +GNULIB_WCSCOLL = @GNULIB_WCSCOLL@ +GNULIB_WCSCPY = @GNULIB_WCSCPY@ +GNULIB_WCSCSPN = @GNULIB_WCSCSPN@ +GNULIB_WCSDUP = @GNULIB_WCSDUP@ +GNULIB_WCSFTIME = @GNULIB_WCSFTIME@ +GNULIB_WCSLEN = @GNULIB_WCSLEN@ +GNULIB_WCSNCASECMP = @GNULIB_WCSNCASECMP@ +GNULIB_WCSNCAT = @GNULIB_WCSNCAT@ +GNULIB_WCSNCMP = @GNULIB_WCSNCMP@ +GNULIB_WCSNCPY = @GNULIB_WCSNCPY@ +GNULIB_WCSNLEN = @GNULIB_WCSNLEN@ +GNULIB_WCSNRTOMBS = @GNULIB_WCSNRTOMBS@ +GNULIB_WCSPBRK = @GNULIB_WCSPBRK@ +GNULIB_WCSRCHR = @GNULIB_WCSRCHR@ +GNULIB_WCSRTOMBS = @GNULIB_WCSRTOMBS@ +GNULIB_WCSSPN = @GNULIB_WCSSPN@ +GNULIB_WCSSTR = @GNULIB_WCSSTR@ +GNULIB_WCSTOK = @GNULIB_WCSTOK@ +GNULIB_WCSWIDTH = @GNULIB_WCSWIDTH@ +GNULIB_WCSXFRM = @GNULIB_WCSXFRM@ +GNULIB_WCTOB = @GNULIB_WCTOB@ +GNULIB_WCTOMB = @GNULIB_WCTOMB@ +GNULIB_WCWIDTH = @GNULIB_WCWIDTH@ +GNULIB_WMEMCHR = @GNULIB_WMEMCHR@ +GNULIB_WMEMCMP = @GNULIB_WMEMCMP@ +GNULIB_WMEMCPY = @GNULIB_WMEMCPY@ +GNULIB_WMEMMOVE = @GNULIB_WMEMMOVE@ +GNULIB_WMEMSET = @GNULIB_WMEMSET@ +GNULIB_WRITE = @GNULIB_WRITE@ +GNULIB__EXIT = @GNULIB__EXIT@ +GNUTLS_REQUIRES_PRIVATE = @GNUTLS_REQUIRES_PRIVATE@ +GREP = @GREP@ +GTKDOC_CHECK = @GTKDOC_CHECK@ +GTKDOC_CHECK_PATH = @GTKDOC_CHECK_PATH@ +GTKDOC_DEPS_CFLAGS = @GTKDOC_DEPS_CFLAGS@ +GTKDOC_DEPS_LIBS = @GTKDOC_DEPS_LIBS@ +GTKDOC_MKPDF = @GTKDOC_MKPDF@ +GTKDOC_REBASE = @GTKDOC_REBASE@ +GUILD = @GUILD@ +GUILE = @GUILE@ +GUILE_CFLAGS = @GUILE_CFLAGS@ +GUILE_CONFIG = @GUILE_CONFIG@ +GUILE_EFFECTIVE_VERSION = @GUILE_EFFECTIVE_VERSION@ +GUILE_EXTENSION = @GUILE_EXTENSION@ +GUILE_LDFLAGS = @GUILE_LDFLAGS@ +GUILE_LIBS = @GUILE_LIBS@ +GUILE_LTLIBS = @GUILE_LTLIBS@ +GUILE_SITE = @GUILE_SITE@ +GUILE_SITE_CCACHE = @GUILE_SITE_CCACHE@ +GUILE_TOOLS = @GUILE_TOOLS@ +HAVE_ACCEPT4 = @HAVE_ACCEPT4@ +HAVE_ALLOCA_H = @HAVE_ALLOCA_H@ +HAVE_ARPA_INET_H = @HAVE_ARPA_INET_H@ +HAVE_ATOLL = @HAVE_ATOLL@ +HAVE_BTOWC = @HAVE_BTOWC@ +HAVE_C99_STDINT_H = @HAVE_C99_STDINT_H@ +HAVE_CANONICALIZE_FILE_NAME = @HAVE_CANONICALIZE_FILE_NAME@ +HAVE_CHOWN = @HAVE_CHOWN@ +HAVE_CRTDEFS_H = @HAVE_CRTDEFS_H@ +HAVE_DECL_ENVIRON = @HAVE_DECL_ENVIRON@ +HAVE_DECL_FCHDIR = @HAVE_DECL_FCHDIR@ +HAVE_DECL_FDATASYNC = @HAVE_DECL_FDATASYNC@ +HAVE_DECL_FPURGE = @HAVE_DECL_FPURGE@ +HAVE_DECL_FREEADDRINFO = @HAVE_DECL_FREEADDRINFO@ +HAVE_DECL_FSEEKO = @HAVE_DECL_FSEEKO@ +HAVE_DECL_FTELLO = @HAVE_DECL_FTELLO@ +HAVE_DECL_GAI_STRERROR = @HAVE_DECL_GAI_STRERROR@ +HAVE_DECL_GETADDRINFO = @HAVE_DECL_GETADDRINFO@ +HAVE_DECL_GETDELIM = @HAVE_DECL_GETDELIM@ +HAVE_DECL_GETDOMAINNAME = @HAVE_DECL_GETDOMAINNAME@ +HAVE_DECL_GETLINE = @HAVE_DECL_GETLINE@ +HAVE_DECL_GETLOADAVG = @HAVE_DECL_GETLOADAVG@ +HAVE_DECL_GETLOGIN = @HAVE_DECL_GETLOGIN@ +HAVE_DECL_GETLOGIN_R = @HAVE_DECL_GETLOGIN_R@ +HAVE_DECL_GETNAMEINFO = @HAVE_DECL_GETNAMEINFO@ +HAVE_DECL_GETPAGESIZE = @HAVE_DECL_GETPAGESIZE@ +HAVE_DECL_GETUSERSHELL = @HAVE_DECL_GETUSERSHELL@ +HAVE_DECL_IMAXABS = @HAVE_DECL_IMAXABS@ +HAVE_DECL_IMAXDIV = @HAVE_DECL_IMAXDIV@ +HAVE_DECL_INET_NTOP = @HAVE_DECL_INET_NTOP@ +HAVE_DECL_INET_PTON = @HAVE_DECL_INET_PTON@ +HAVE_DECL_INITSTATE = @HAVE_DECL_INITSTATE@ +HAVE_DECL_LOCALTIME_R = @HAVE_DECL_LOCALTIME_R@ +HAVE_DECL_MEMMEM = @HAVE_DECL_MEMMEM@ +HAVE_DECL_MEMRCHR = @HAVE_DECL_MEMRCHR@ +HAVE_DECL_OBSTACK_PRINTF = @HAVE_DECL_OBSTACK_PRINTF@ +HAVE_DECL_SETENV = @HAVE_DECL_SETENV@ +HAVE_DECL_SETHOSTNAME = @HAVE_DECL_SETHOSTNAME@ +HAVE_DECL_SETSTATE = @HAVE_DECL_SETSTATE@ +HAVE_DECL_SNPRINTF = @HAVE_DECL_SNPRINTF@ +HAVE_DECL_STRDUP = @HAVE_DECL_STRDUP@ +HAVE_DECL_STRERROR_R = @HAVE_DECL_STRERROR_R@ +HAVE_DECL_STRNCASECMP = @HAVE_DECL_STRNCASECMP@ +HAVE_DECL_STRNDUP = @HAVE_DECL_STRNDUP@ +HAVE_DECL_STRNLEN = @HAVE_DECL_STRNLEN@ +HAVE_DECL_STRSIGNAL = @HAVE_DECL_STRSIGNAL@ +HAVE_DECL_STRTOIMAX = @HAVE_DECL_STRTOIMAX@ +HAVE_DECL_STRTOK_R = @HAVE_DECL_STRTOK_R@ +HAVE_DECL_STRTOUMAX = @HAVE_DECL_STRTOUMAX@ +HAVE_DECL_TRUNCATE = @HAVE_DECL_TRUNCATE@ +HAVE_DECL_TTYNAME_R = @HAVE_DECL_TTYNAME_R@ +HAVE_DECL_UNSETENV = @HAVE_DECL_UNSETENV@ +HAVE_DECL_VSNPRINTF = @HAVE_DECL_VSNPRINTF@ +HAVE_DECL_WCTOB = @HAVE_DECL_WCTOB@ +HAVE_DECL_WCWIDTH = @HAVE_DECL_WCWIDTH@ +HAVE_DPRINTF = @HAVE_DPRINTF@ +HAVE_DUP2 = @HAVE_DUP2@ +HAVE_DUP3 = @HAVE_DUP3@ +HAVE_DUPLOCALE = @HAVE_DUPLOCALE@ +HAVE_EUIDACCESS = @HAVE_EUIDACCESS@ +HAVE_EXPLICIT_BZERO = @HAVE_EXPLICIT_BZERO@ +HAVE_FACCESSAT = @HAVE_FACCESSAT@ +HAVE_FCHDIR = @HAVE_FCHDIR@ +HAVE_FCHMODAT = @HAVE_FCHMODAT@ +HAVE_FCHOWNAT = @HAVE_FCHOWNAT@ +HAVE_FCNTL = @HAVE_FCNTL@ +HAVE_FDATASYNC = @HAVE_FDATASYNC@ +HAVE_FEATURES_H = @HAVE_FEATURES_H@ +HAVE_FFS = @HAVE_FFS@ +HAVE_FFSL = @HAVE_FFSL@ +HAVE_FFSLL = @HAVE_FFSLL@ +HAVE_FREELOCALE = @HAVE_FREELOCALE@ +HAVE_FSEEKO = @HAVE_FSEEKO@ +HAVE_FSTATAT = @HAVE_FSTATAT@ +HAVE_FSYNC = @HAVE_FSYNC@ +HAVE_FTELLO = @HAVE_FTELLO@ +HAVE_FTRUNCATE = @HAVE_FTRUNCATE@ +HAVE_FUTIMENS = @HAVE_FUTIMENS@ +HAVE_GETDTABLESIZE = @HAVE_GETDTABLESIZE@ +HAVE_GETGROUPS = @HAVE_GETGROUPS@ +HAVE_GETHOSTNAME = @HAVE_GETHOSTNAME@ +HAVE_GETLOGIN = @HAVE_GETLOGIN@ +HAVE_GETPAGESIZE = @HAVE_GETPAGESIZE@ +HAVE_GETPASS = @HAVE_GETPASS@ +HAVE_GETSUBOPT = @HAVE_GETSUBOPT@ +HAVE_GETTIMEOFDAY = @HAVE_GETTIMEOFDAY@ +HAVE_GRANTPT = @HAVE_GRANTPT@ +HAVE_GROUP_MEMBER = @HAVE_GROUP_MEMBER@ +HAVE_IMAXDIV_T = @HAVE_IMAXDIV_T@ +HAVE_INITSTATE = @HAVE_INITSTATE@ +HAVE_INTTYPES_H = @HAVE_INTTYPES_H@ +HAVE_ISBLANK = @HAVE_ISBLANK@ +HAVE_LANGINFO_ALTMON = @HAVE_LANGINFO_ALTMON@ +HAVE_LANGINFO_CODESET = @HAVE_LANGINFO_CODESET@ +HAVE_LANGINFO_ERA = @HAVE_LANGINFO_ERA@ +HAVE_LANGINFO_H = @HAVE_LANGINFO_H@ +HAVE_LANGINFO_T_FMT_AMPM = @HAVE_LANGINFO_T_FMT_AMPM@ +HAVE_LANGINFO_YESEXPR = @HAVE_LANGINFO_YESEXPR@ +HAVE_LCHMOD = @HAVE_LCHMOD@ +HAVE_LCHOWN = @HAVE_LCHOWN@ +HAVE_LIBCRYPTO = @HAVE_LIBCRYPTO@ +HAVE_LIBDL = @HAVE_LIBDL@ +HAVE_LIBPTHREAD = @HAVE_LIBPTHREAD@ +HAVE_LIBRT = @HAVE_LIBRT@ +HAVE_LIBSECCOMP = @HAVE_LIBSECCOMP@ +HAVE_LINK = @HAVE_LINK@ +HAVE_LINKAT = @HAVE_LINKAT@ +HAVE_LONG_LONG_INT = @HAVE_LONG_LONG_INT@ +HAVE_LSTAT = @HAVE_LSTAT@ +HAVE_MAX_ALIGN_T = @HAVE_MAX_ALIGN_T@ +HAVE_MBRLEN = @HAVE_MBRLEN@ +HAVE_MBRTOWC = @HAVE_MBRTOWC@ +HAVE_MBSINIT = @HAVE_MBSINIT@ +HAVE_MBSLEN = @HAVE_MBSLEN@ +HAVE_MBSNRTOWCS = @HAVE_MBSNRTOWCS@ +HAVE_MBSRTOWCS = @HAVE_MBSRTOWCS@ +HAVE_MBTOWC = @HAVE_MBTOWC@ +HAVE_MEMCHR = @HAVE_MEMCHR@ +HAVE_MEMPCPY = @HAVE_MEMPCPY@ +HAVE_MKDIRAT = @HAVE_MKDIRAT@ +HAVE_MKDTEMP = @HAVE_MKDTEMP@ +HAVE_MKFIFO = @HAVE_MKFIFO@ +HAVE_MKFIFOAT = @HAVE_MKFIFOAT@ +HAVE_MKNOD = @HAVE_MKNOD@ +HAVE_MKNODAT = @HAVE_MKNODAT@ +HAVE_MKOSTEMP = @HAVE_MKOSTEMP@ +HAVE_MKOSTEMPS = @HAVE_MKOSTEMPS@ +HAVE_MKSTEMP = @HAVE_MKSTEMP@ +HAVE_MKSTEMPS = @HAVE_MKSTEMPS@ +HAVE_MSVC_INVALID_PARAMETER_HANDLER = @HAVE_MSVC_INVALID_PARAMETER_HANDLER@ +HAVE_NANOSLEEP = @HAVE_NANOSLEEP@ +HAVE_NETDB_H = @HAVE_NETDB_H@ +HAVE_NETINET_IN_H = @HAVE_NETINET_IN_H@ +HAVE_NEWLOCALE = @HAVE_NEWLOCALE@ +HAVE_NL_LANGINFO = @HAVE_NL_LANGINFO@ +HAVE_OPENAT = @HAVE_OPENAT@ +HAVE_OS_H = @HAVE_OS_H@ +HAVE_PCLOSE = @HAVE_PCLOSE@ +HAVE_PIPE = @HAVE_PIPE@ +HAVE_PIPE2 = @HAVE_PIPE2@ +HAVE_POPEN = @HAVE_POPEN@ +HAVE_POSIX_OPENPT = @HAVE_POSIX_OPENPT@ +HAVE_POSIX_SIGNALBLOCKING = @HAVE_POSIX_SIGNALBLOCKING@ +HAVE_PREAD = @HAVE_PREAD@ +HAVE_PSELECT = @HAVE_PSELECT@ +HAVE_PTHREAD_SIGMASK = @HAVE_PTHREAD_SIGMASK@ +HAVE_PTSNAME = @HAVE_PTSNAME@ +HAVE_PTSNAME_R = @HAVE_PTSNAME_R@ +HAVE_PWRITE = @HAVE_PWRITE@ +HAVE_QSORT_R = @HAVE_QSORT_R@ +HAVE_RAISE = @HAVE_RAISE@ +HAVE_RANDOM = @HAVE_RANDOM@ +HAVE_RANDOM_H = @HAVE_RANDOM_H@ +HAVE_RANDOM_R = @HAVE_RANDOM_R@ +HAVE_RAWMEMCHR = @HAVE_RAWMEMCHR@ +HAVE_READLINK = @HAVE_READLINK@ +HAVE_READLINKAT = @HAVE_READLINKAT@ +HAVE_REALLOCARRAY = @HAVE_REALLOCARRAY@ +HAVE_REALPATH = @HAVE_REALPATH@ +HAVE_RENAMEAT = @HAVE_RENAMEAT@ +HAVE_RPMATCH = @HAVE_RPMATCH@ +HAVE_SA_FAMILY_T = @HAVE_SA_FAMILY_T@ +HAVE_SECURE_GETENV = @HAVE_SECURE_GETENV@ +HAVE_SETENV = @HAVE_SETENV@ +HAVE_SETHOSTNAME = @HAVE_SETHOSTNAME@ +HAVE_SETSTATE = @HAVE_SETSTATE@ +HAVE_SIGACTION = @HAVE_SIGACTION@ +HAVE_SIGHANDLER_T = @HAVE_SIGHANDLER_T@ +HAVE_SIGINFO_T = @HAVE_SIGINFO_T@ +HAVE_SIGNED_SIG_ATOMIC_T = @HAVE_SIGNED_SIG_ATOMIC_T@ +HAVE_SIGNED_WCHAR_T = @HAVE_SIGNED_WCHAR_T@ +HAVE_SIGNED_WINT_T = @HAVE_SIGNED_WINT_T@ +HAVE_SIGSET_T = @HAVE_SIGSET_T@ +HAVE_SLEEP = @HAVE_SLEEP@ +HAVE_STDINT_H = @HAVE_STDINT_H@ +HAVE_STPCPY = @HAVE_STPCPY@ +HAVE_STPNCPY = @HAVE_STPNCPY@ +HAVE_STRCASECMP = @HAVE_STRCASECMP@ +HAVE_STRCASESTR = @HAVE_STRCASESTR@ +HAVE_STRCHRNUL = @HAVE_STRCHRNUL@ +HAVE_STRINGS_H = @HAVE_STRINGS_H@ +HAVE_STRPBRK = @HAVE_STRPBRK@ +HAVE_STRPTIME = @HAVE_STRPTIME@ +HAVE_STRSEP = @HAVE_STRSEP@ +HAVE_STRTOD = @HAVE_STRTOD@ +HAVE_STRTOLD = @HAVE_STRTOLD@ +HAVE_STRTOLL = @HAVE_STRTOLL@ +HAVE_STRTOULL = @HAVE_STRTOULL@ +HAVE_STRUCT_ADDRINFO = @HAVE_STRUCT_ADDRINFO@ +HAVE_STRUCT_RANDOM_DATA = @HAVE_STRUCT_RANDOM_DATA@ +HAVE_STRUCT_SIGACTION_SA_SIGACTION = @HAVE_STRUCT_SIGACTION_SA_SIGACTION@ +HAVE_STRUCT_SOCKADDR_STORAGE = @HAVE_STRUCT_SOCKADDR_STORAGE@ +HAVE_STRUCT_SOCKADDR_STORAGE_SS_FAMILY = @HAVE_STRUCT_SOCKADDR_STORAGE_SS_FAMILY@ +HAVE_STRUCT_TIMEVAL = @HAVE_STRUCT_TIMEVAL@ +HAVE_STRVERSCMP = @HAVE_STRVERSCMP@ +HAVE_SYMLINK = @HAVE_SYMLINK@ +HAVE_SYMLINKAT = @HAVE_SYMLINKAT@ +HAVE_SYS_BITYPES_H = @HAVE_SYS_BITYPES_H@ +HAVE_SYS_INTTYPES_H = @HAVE_SYS_INTTYPES_H@ +HAVE_SYS_IOCTL_H = @HAVE_SYS_IOCTL_H@ +HAVE_SYS_LOADAVG_H = @HAVE_SYS_LOADAVG_H@ +HAVE_SYS_PARAM_H = @HAVE_SYS_PARAM_H@ +HAVE_SYS_SELECT_H = @HAVE_SYS_SELECT_H@ +HAVE_SYS_SOCKET_H = @HAVE_SYS_SOCKET_H@ +HAVE_SYS_TIME_H = @HAVE_SYS_TIME_H@ +HAVE_SYS_TYPES_H = @HAVE_SYS_TYPES_H@ +HAVE_SYS_UIO_H = @HAVE_SYS_UIO_H@ +HAVE_TIMEGM = @HAVE_TIMEGM@ +HAVE_TIMEZONE_T = @HAVE_TIMEZONE_T@ +HAVE_TYPE_VOLATILE_SIG_ATOMIC_T = @HAVE_TYPE_VOLATILE_SIG_ATOMIC_T@ +HAVE_TZSET = @HAVE_TZSET@ +HAVE_UNISTD_H = @HAVE_UNISTD_H@ +HAVE_UNLINKAT = @HAVE_UNLINKAT@ +HAVE_UNLOCKPT = @HAVE_UNLOCKPT@ +HAVE_UNSIGNED_LONG_LONG_INT = @HAVE_UNSIGNED_LONG_LONG_INT@ +HAVE_USLEEP = @HAVE_USLEEP@ +HAVE_UTIMENSAT = @HAVE_UTIMENSAT@ +HAVE_VASPRINTF = @HAVE_VASPRINTF@ +HAVE_VDPRINTF = @HAVE_VDPRINTF@ +HAVE_WCHAR_H = @HAVE_WCHAR_H@ +HAVE_WCHAR_T = @HAVE_WCHAR_T@ +HAVE_WCPCPY = @HAVE_WCPCPY@ +HAVE_WCPNCPY = @HAVE_WCPNCPY@ +HAVE_WCRTOMB = @HAVE_WCRTOMB@ +HAVE_WCSCASECMP = @HAVE_WCSCASECMP@ +HAVE_WCSCAT = @HAVE_WCSCAT@ +HAVE_WCSCHR = @HAVE_WCSCHR@ +HAVE_WCSCMP = @HAVE_WCSCMP@ +HAVE_WCSCOLL = @HAVE_WCSCOLL@ +HAVE_WCSCPY = @HAVE_WCSCPY@ +HAVE_WCSCSPN = @HAVE_WCSCSPN@ +HAVE_WCSDUP = @HAVE_WCSDUP@ +HAVE_WCSFTIME = @HAVE_WCSFTIME@ +HAVE_WCSLEN = @HAVE_WCSLEN@ +HAVE_WCSNCASECMP = @HAVE_WCSNCASECMP@ +HAVE_WCSNCAT = @HAVE_WCSNCAT@ +HAVE_WCSNCMP = @HAVE_WCSNCMP@ +HAVE_WCSNCPY = @HAVE_WCSNCPY@ +HAVE_WCSNLEN = @HAVE_WCSNLEN@ +HAVE_WCSNRTOMBS = @HAVE_WCSNRTOMBS@ +HAVE_WCSPBRK = @HAVE_WCSPBRK@ +HAVE_WCSRCHR = @HAVE_WCSRCHR@ +HAVE_WCSRTOMBS = @HAVE_WCSRTOMBS@ +HAVE_WCSSPN = @HAVE_WCSSPN@ +HAVE_WCSSTR = @HAVE_WCSSTR@ +HAVE_WCSTOK = @HAVE_WCSTOK@ +HAVE_WCSWIDTH = @HAVE_WCSWIDTH@ +HAVE_WCSXFRM = @HAVE_WCSXFRM@ +HAVE_WINSOCK2_H = @HAVE_WINSOCK2_H@ +HAVE_WINT_T = @HAVE_WINT_T@ +HAVE_WMEMCHR = @HAVE_WMEMCHR@ +HAVE_WMEMCMP = @HAVE_WMEMCMP@ +HAVE_WMEMCPY = @HAVE_WMEMCPY@ +HAVE_WMEMMOVE = @HAVE_WMEMMOVE@ +HAVE_WMEMSET = @HAVE_WMEMSET@ +HAVE_WS2TCPIP_H = @HAVE_WS2TCPIP_H@ +HAVE_XLOCALE_H = @HAVE_XLOCALE_H@ +HAVE__BOOL = @HAVE__BOOL@ +HAVE__EXIT = @HAVE__EXIT@ +HOGWEED_CFLAGS = @HOGWEED_CFLAGS@ +HOGWEED_LIBS = @HOGWEED_LIBS@ +HOSTENT_LIB = @HOSTENT_LIB@ +HTML_DIR = @HTML_DIR@ +INCLUDE_NEXT = @INCLUDE_NEXT@ +INCLUDE_NEXT_AS_FIRST_DIRECTIVE = @INCLUDE_NEXT_AS_FIRST_DIRECTIVE@ +INET_NTOP_LIB = @INET_NTOP_LIB@ +INET_PTON_LIB = @INET_PTON_LIB@ +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +INT32_MAX_LT_INTMAX_MAX = @INT32_MAX_LT_INTMAX_MAX@ +INT64_MAX_EQ_LONG_MAX = @INT64_MAX_EQ_LONG_MAX@ +INTLLIBS = @INTLLIBS@ +INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@ +LCOV = @LCOV@ +LD = @LD@ +LDFLAGS = @LDFLAGS@ +LIBATOMIC_LIBS = @LIBATOMIC_LIBS@ +LIBCRYPTO = @LIBCRYPTO@ +LIBCRYPTO_PREFIX = @LIBCRYPTO_PREFIX@ +LIBDL = @LIBDL@ +LIBDL_PREFIX = @LIBDL_PREFIX@ +LIBGNUTLS_CFLAGS = @LIBGNUTLS_CFLAGS@ +LIBGNUTLS_LIBS = @LIBGNUTLS_LIBS@ +LIBICONV = @LIBICONV@ +LIBIDN2_CFLAGS = @LIBIDN2_CFLAGS@ +LIBIDN2_LIBS = @LIBIDN2_LIBS@ +LIBINTL = @LIBINTL@ +LIBMULTITHREAD = @LIBMULTITHREAD@ +LIBOBJS = @LIBOBJS@ +LIBOPTS_CFLAGS = @LIBOPTS_CFLAGS@ +LIBOPTS_DIR = @LIBOPTS_DIR@ +LIBOPTS_LDADD = @LIBOPTS_LDADD@ +LIBPTH = @LIBPTH@ +LIBPTHREAD = @LIBPTHREAD@ +LIBPTHREAD_PREFIX = @LIBPTHREAD_PREFIX@ +LIBPTH_PREFIX = @LIBPTH_PREFIX@ +LIBRT = @LIBRT@ +LIBRT_PREFIX = @LIBRT_PREFIX@ +LIBS = @LIBS@ +LIBSECCOMP = @LIBSECCOMP@ +LIBSECCOMP_PREFIX = @LIBSECCOMP_PREFIX@ +LIBSOCKET = @LIBSOCKET@ +LIBTASN1_CFLAGS = @LIBTASN1_CFLAGS@ +LIBTASN1_LIBS = @LIBTASN1_LIBS@ +LIBTESTS_LIBDEPS = @LIBTESTS_LIBDEPS@ +LIBTHREAD = @LIBTHREAD@ +LIBTOOL = @LIBTOOL@ +LIBUNISTRING = @LIBUNISTRING@ +LIBUNISTRING_UNICTYPE_H = @LIBUNISTRING_UNICTYPE_H@ +LIBUNISTRING_UNINORM_H = @LIBUNISTRING_UNINORM_H@ +LIBUNISTRING_UNISTR_H = @LIBUNISTRING_UNISTR_H@ +LIBUNISTRING_UNITYPES_H = @LIBUNISTRING_UNITYPES_H@ +LIB_CLOCK_GETTIME = @LIB_CLOCK_GETTIME@ +LIB_NANOSLEEP = @LIB_NANOSLEEP@ +LIB_SELECT = @LIB_SELECT@ +LIMITS_H = @LIMITS_H@ +LIPO = @LIPO@ +LN_S = @LN_S@ +LOCALE_FR = @LOCALE_FR@ +LOCALE_FR_UTF8 = @LOCALE_FR_UTF8@ +LOCALE_JA = @LOCALE_JA@ +LOCALE_TR_UTF8 = @LOCALE_TR_UTF8@ +LOCALE_ZH_CN = @LOCALE_ZH_CN@ +LTALLOCA = @LTALLOCA@ +LTLIBCRYPTO = @LTLIBCRYPTO@ +LTLIBDL = @LTLIBDL@ +LTLIBICONV = @LTLIBICONV@ +LTLIBINTL = @LTLIBINTL@ +LTLIBMULTITHREAD = @LTLIBMULTITHREAD@ +LTLIBOBJS = @LTLIBOBJS@ +LTLIBPTH = @LTLIBPTH@ +LTLIBPTHREAD = @LTLIBPTHREAD@ +LTLIBRT = @LTLIBRT@ +LTLIBSECCOMP = @LTLIBSECCOMP@ +LTLIBTHREAD = @LTLIBTHREAD@ +LT_AGE = @LT_AGE@ +LT_CURRENT = @LT_CURRENT@ +LT_DANE_AGE = @LT_DANE_AGE@ +LT_DANE_CURRENT = @LT_DANE_CURRENT@ +LT_DANE_REVISION = @LT_DANE_REVISION@ +LT_REVISION = @LT_REVISION@ +LT_SSL_AGE = @LT_SSL_AGE@ +LT_SSL_CURRENT = @LT_SSL_CURRENT@ +LT_SSL_REVISION = @LT_SSL_REVISION@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ +LT_XSSL_AGE = @LT_XSSL_AGE@ +LT_XSSL_CURRENT = @LT_XSSL_CURRENT@ +LT_XSSL_REVISION = @LT_XSSL_REVISION@ +MAINT = @MAINT@ +MAJOR_VERSION = @MAJOR_VERSION@ +MAKEINFO = @MAKEINFO@ +MANIFEST_TOOL = @MANIFEST_TOOL@ +MINOR_VERSION = @MINOR_VERSION@ +MKDIR_P = @MKDIR_P@ +MSGFMT = @MSGFMT@ +MSGFMT_015 = @MSGFMT_015@ +MSGMERGE = @MSGMERGE@ +NETINET_IN_H = @NETINET_IN_H@ +NETTLE_CFLAGS = @NETTLE_CFLAGS@ +NETTLE_LIBS = @NETTLE_LIBS@ +NEXT_ARPA_INET_H = @NEXT_ARPA_INET_H@ +NEXT_AS_FIRST_DIRECTIVE_ARPA_INET_H = @NEXT_AS_FIRST_DIRECTIVE_ARPA_INET_H@ +NEXT_AS_FIRST_DIRECTIVE_CTYPE_H = @NEXT_AS_FIRST_DIRECTIVE_CTYPE_H@ +NEXT_AS_FIRST_DIRECTIVE_ERRNO_H = @NEXT_AS_FIRST_DIRECTIVE_ERRNO_H@ +NEXT_AS_FIRST_DIRECTIVE_FCNTL_H = @NEXT_AS_FIRST_DIRECTIVE_FCNTL_H@ +NEXT_AS_FIRST_DIRECTIVE_FLOAT_H = @NEXT_AS_FIRST_DIRECTIVE_FLOAT_H@ +NEXT_AS_FIRST_DIRECTIVE_INTTYPES_H = @NEXT_AS_FIRST_DIRECTIVE_INTTYPES_H@ +NEXT_AS_FIRST_DIRECTIVE_LANGINFO_H = @NEXT_AS_FIRST_DIRECTIVE_LANGINFO_H@ +NEXT_AS_FIRST_DIRECTIVE_LIMITS_H = @NEXT_AS_FIRST_DIRECTIVE_LIMITS_H@ +NEXT_AS_FIRST_DIRECTIVE_LOCALE_H = @NEXT_AS_FIRST_DIRECTIVE_LOCALE_H@ +NEXT_AS_FIRST_DIRECTIVE_NETDB_H = @NEXT_AS_FIRST_DIRECTIVE_NETDB_H@ +NEXT_AS_FIRST_DIRECTIVE_NETINET_IN_H = @NEXT_AS_FIRST_DIRECTIVE_NETINET_IN_H@ +NEXT_AS_FIRST_DIRECTIVE_SIGNAL_H = @NEXT_AS_FIRST_DIRECTIVE_SIGNAL_H@ +NEXT_AS_FIRST_DIRECTIVE_STDDEF_H = @NEXT_AS_FIRST_DIRECTIVE_STDDEF_H@ +NEXT_AS_FIRST_DIRECTIVE_STDINT_H = @NEXT_AS_FIRST_DIRECTIVE_STDINT_H@ +NEXT_AS_FIRST_DIRECTIVE_STDIO_H = @NEXT_AS_FIRST_DIRECTIVE_STDIO_H@ +NEXT_AS_FIRST_DIRECTIVE_STDLIB_H = @NEXT_AS_FIRST_DIRECTIVE_STDLIB_H@ +NEXT_AS_FIRST_DIRECTIVE_STRINGS_H = @NEXT_AS_FIRST_DIRECTIVE_STRINGS_H@ +NEXT_AS_FIRST_DIRECTIVE_STRING_H = @NEXT_AS_FIRST_DIRECTIVE_STRING_H@ +NEXT_AS_FIRST_DIRECTIVE_SYS_IOCTL_H = @NEXT_AS_FIRST_DIRECTIVE_SYS_IOCTL_H@ +NEXT_AS_FIRST_DIRECTIVE_SYS_SELECT_H = @NEXT_AS_FIRST_DIRECTIVE_SYS_SELECT_H@ +NEXT_AS_FIRST_DIRECTIVE_SYS_SOCKET_H = @NEXT_AS_FIRST_DIRECTIVE_SYS_SOCKET_H@ +NEXT_AS_FIRST_DIRECTIVE_SYS_STAT_H = @NEXT_AS_FIRST_DIRECTIVE_SYS_STAT_H@ +NEXT_AS_FIRST_DIRECTIVE_SYS_TIME_H = @NEXT_AS_FIRST_DIRECTIVE_SYS_TIME_H@ +NEXT_AS_FIRST_DIRECTIVE_SYS_TYPES_H = @NEXT_AS_FIRST_DIRECTIVE_SYS_TYPES_H@ +NEXT_AS_FIRST_DIRECTIVE_SYS_UIO_H = @NEXT_AS_FIRST_DIRECTIVE_SYS_UIO_H@ +NEXT_AS_FIRST_DIRECTIVE_TIME_H = @NEXT_AS_FIRST_DIRECTIVE_TIME_H@ +NEXT_AS_FIRST_DIRECTIVE_UNISTD_H = @NEXT_AS_FIRST_DIRECTIVE_UNISTD_H@ +NEXT_AS_FIRST_DIRECTIVE_WCHAR_H = @NEXT_AS_FIRST_DIRECTIVE_WCHAR_H@ +NEXT_CTYPE_H = @NEXT_CTYPE_H@ +NEXT_ERRNO_H = @NEXT_ERRNO_H@ +NEXT_FCNTL_H = @NEXT_FCNTL_H@ +NEXT_FLOAT_H = @NEXT_FLOAT_H@ +NEXT_INTTYPES_H = @NEXT_INTTYPES_H@ +NEXT_LANGINFO_H = @NEXT_LANGINFO_H@ +NEXT_LIMITS_H = @NEXT_LIMITS_H@ +NEXT_LOCALE_H = @NEXT_LOCALE_H@ +NEXT_NETDB_H = @NEXT_NETDB_H@ +NEXT_NETINET_IN_H = @NEXT_NETINET_IN_H@ +NEXT_SIGNAL_H = @NEXT_SIGNAL_H@ +NEXT_STDDEF_H = @NEXT_STDDEF_H@ +NEXT_STDINT_H = @NEXT_STDINT_H@ +NEXT_STDIO_H = @NEXT_STDIO_H@ +NEXT_STDLIB_H = @NEXT_STDLIB_H@ +NEXT_STRINGS_H = @NEXT_STRINGS_H@ +NEXT_STRING_H = @NEXT_STRING_H@ +NEXT_SYS_IOCTL_H = @NEXT_SYS_IOCTL_H@ +NEXT_SYS_SELECT_H = @NEXT_SYS_SELECT_H@ +NEXT_SYS_SOCKET_H = @NEXT_SYS_SOCKET_H@ +NEXT_SYS_STAT_H = @NEXT_SYS_STAT_H@ +NEXT_SYS_TIME_H = @NEXT_SYS_TIME_H@ +NEXT_SYS_TYPES_H = @NEXT_SYS_TYPES_H@ +NEXT_SYS_UIO_H = @NEXT_SYS_UIO_H@ +NEXT_TIME_H = @NEXT_TIME_H@ +NEXT_UNISTD_H = @NEXT_UNISTD_H@ +NEXT_WCHAR_H = @NEXT_WCHAR_H@ +NM = @NM@ +NMEDIT = @NMEDIT@ +NUMBER_VERSION = @NUMBER_VERSION@ +OBJDUMP = @OBJDUMP@ +OBJEXT = @OBJEXT@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ +P11_KIT_CFLAGS = @P11_KIT_CFLAGS@ +P11_KIT_LIBS = @P11_KIT_LIBS@ +PACKAGE = @PACKAGE@ +PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ +PACKAGE_NAME = @PACKAGE_NAME@ +PACKAGE_STRING = @PACKAGE_STRING@ +PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ +PACKAGE_VERSION = @PACKAGE_VERSION@ +PATCH_VERSION = @PATCH_VERSION@ +PATH_SEPARATOR = @PATH_SEPARATOR@ +PKG_CONFIG = @PKG_CONFIG@ +PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ +PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ +PMCCABE = @PMCCABE@ +POSIX_SHELL = @POSIX_SHELL@ +POSUB = @POSUB@ +PRAGMA_COLUMNS = @PRAGMA_COLUMNS@ +PRAGMA_SYSTEM_HEADER = @PRAGMA_SYSTEM_HEADER@ +PRIPTR_PREFIX = @PRIPTR_PREFIX@ +PRI_MACROS_BROKEN = @PRI_MACROS_BROKEN@ +PTHREAD_H_DEFINES_STRUCT_TIMESPEC = @PTHREAD_H_DEFINES_STRUCT_TIMESPEC@ +PTRDIFF_T_SUFFIX = @PTRDIFF_T_SUFFIX@ +RANLIB = @RANLIB@ +REPLACE_BTOWC = @REPLACE_BTOWC@ +REPLACE_CALLOC = @REPLACE_CALLOC@ +REPLACE_CANONICALIZE_FILE_NAME = @REPLACE_CANONICALIZE_FILE_NAME@ +REPLACE_CHOWN = @REPLACE_CHOWN@ +REPLACE_CLOSE = @REPLACE_CLOSE@ +REPLACE_CTIME = @REPLACE_CTIME@ +REPLACE_DPRINTF = @REPLACE_DPRINTF@ +REPLACE_DUP = @REPLACE_DUP@ +REPLACE_DUP2 = @REPLACE_DUP2@ +REPLACE_DUPLOCALE = @REPLACE_DUPLOCALE@ +REPLACE_FACCESSAT = @REPLACE_FACCESSAT@ +REPLACE_FCHOWNAT = @REPLACE_FCHOWNAT@ +REPLACE_FCLOSE = @REPLACE_FCLOSE@ +REPLACE_FCNTL = @REPLACE_FCNTL@ +REPLACE_FDOPEN = @REPLACE_FDOPEN@ +REPLACE_FFLUSH = @REPLACE_FFLUSH@ +REPLACE_FOPEN = @REPLACE_FOPEN@ +REPLACE_FPRINTF = @REPLACE_FPRINTF@ +REPLACE_FPURGE = @REPLACE_FPURGE@ +REPLACE_FREELOCALE = @REPLACE_FREELOCALE@ +REPLACE_FREOPEN = @REPLACE_FREOPEN@ +REPLACE_FSEEK = @REPLACE_FSEEK@ +REPLACE_FSEEKO = @REPLACE_FSEEKO@ +REPLACE_FSTAT = @REPLACE_FSTAT@ +REPLACE_FSTATAT = @REPLACE_FSTATAT@ +REPLACE_FTELL = @REPLACE_FTELL@ +REPLACE_FTELLO = @REPLACE_FTELLO@ +REPLACE_FTRUNCATE = @REPLACE_FTRUNCATE@ +REPLACE_FUTIMENS = @REPLACE_FUTIMENS@ +REPLACE_GAI_STRERROR = @REPLACE_GAI_STRERROR@ +REPLACE_GETCWD = @REPLACE_GETCWD@ +REPLACE_GETDELIM = @REPLACE_GETDELIM@ +REPLACE_GETDOMAINNAME = @REPLACE_GETDOMAINNAME@ +REPLACE_GETDTABLESIZE = @REPLACE_GETDTABLESIZE@ +REPLACE_GETGROUPS = @REPLACE_GETGROUPS@ +REPLACE_GETLINE = @REPLACE_GETLINE@ +REPLACE_GETLOGIN_R = @REPLACE_GETLOGIN_R@ +REPLACE_GETPAGESIZE = @REPLACE_GETPAGESIZE@ +REPLACE_GETPASS = @REPLACE_GETPASS@ +REPLACE_GETTIMEOFDAY = @REPLACE_GETTIMEOFDAY@ +REPLACE_GMTIME = @REPLACE_GMTIME@ +REPLACE_INET_NTOP = @REPLACE_INET_NTOP@ +REPLACE_INET_PTON = @REPLACE_INET_PTON@ +REPLACE_INITSTATE = @REPLACE_INITSTATE@ +REPLACE_IOCTL = @REPLACE_IOCTL@ +REPLACE_ISATTY = @REPLACE_ISATTY@ +REPLACE_ITOLD = @REPLACE_ITOLD@ +REPLACE_LCHOWN = @REPLACE_LCHOWN@ +REPLACE_LINK = @REPLACE_LINK@ +REPLACE_LINKAT = @REPLACE_LINKAT@ +REPLACE_LOCALECONV = @REPLACE_LOCALECONV@ +REPLACE_LOCALTIME = @REPLACE_LOCALTIME@ +REPLACE_LOCALTIME_R = @REPLACE_LOCALTIME_R@ +REPLACE_LSEEK = @REPLACE_LSEEK@ +REPLACE_LSTAT = @REPLACE_LSTAT@ +REPLACE_MALLOC = @REPLACE_MALLOC@ +REPLACE_MBRLEN = @REPLACE_MBRLEN@ +REPLACE_MBRTOWC = @REPLACE_MBRTOWC@ +REPLACE_MBSINIT = @REPLACE_MBSINIT@ +REPLACE_MBSNRTOWCS = @REPLACE_MBSNRTOWCS@ +REPLACE_MBSRTOWCS = @REPLACE_MBSRTOWCS@ +REPLACE_MBSTATE_T = @REPLACE_MBSTATE_T@ +REPLACE_MBTOWC = @REPLACE_MBTOWC@ +REPLACE_MEMCHR = @REPLACE_MEMCHR@ +REPLACE_MEMMEM = @REPLACE_MEMMEM@ +REPLACE_MKDIR = @REPLACE_MKDIR@ +REPLACE_MKFIFO = @REPLACE_MKFIFO@ +REPLACE_MKNOD = @REPLACE_MKNOD@ +REPLACE_MKSTEMP = @REPLACE_MKSTEMP@ +REPLACE_MKTIME = @REPLACE_MKTIME@ +REPLACE_NANOSLEEP = @REPLACE_NANOSLEEP@ +REPLACE_NEWLOCALE = @REPLACE_NEWLOCALE@ +REPLACE_NL_LANGINFO = @REPLACE_NL_LANGINFO@ +REPLACE_NULL = @REPLACE_NULL@ +REPLACE_OBSTACK_PRINTF = @REPLACE_OBSTACK_PRINTF@ +REPLACE_OPEN = @REPLACE_OPEN@ +REPLACE_OPENAT = @REPLACE_OPENAT@ +REPLACE_PERROR = @REPLACE_PERROR@ +REPLACE_POPEN = @REPLACE_POPEN@ +REPLACE_PREAD = @REPLACE_PREAD@ +REPLACE_PRINTF = @REPLACE_PRINTF@ +REPLACE_PSELECT = @REPLACE_PSELECT@ +REPLACE_PTHREAD_SIGMASK = @REPLACE_PTHREAD_SIGMASK@ +REPLACE_PTSNAME = @REPLACE_PTSNAME@ +REPLACE_PTSNAME_R = @REPLACE_PTSNAME_R@ +REPLACE_PUTENV = @REPLACE_PUTENV@ +REPLACE_PWRITE = @REPLACE_PWRITE@ +REPLACE_QSORT_R = @REPLACE_QSORT_R@ +REPLACE_RAISE = @REPLACE_RAISE@ +REPLACE_RANDOM = @REPLACE_RANDOM@ +REPLACE_RANDOM_R = @REPLACE_RANDOM_R@ +REPLACE_READ = @REPLACE_READ@ +REPLACE_READLINK = @REPLACE_READLINK@ +REPLACE_READLINKAT = @REPLACE_READLINKAT@ +REPLACE_REALLOC = @REPLACE_REALLOC@ +REPLACE_REALPATH = @REPLACE_REALPATH@ +REPLACE_REMOVE = @REPLACE_REMOVE@ +REPLACE_RENAME = @REPLACE_RENAME@ +REPLACE_RENAMEAT = @REPLACE_RENAMEAT@ +REPLACE_RMDIR = @REPLACE_RMDIR@ +REPLACE_SELECT = @REPLACE_SELECT@ +REPLACE_SETENV = @REPLACE_SETENV@ +REPLACE_SETLOCALE = @REPLACE_SETLOCALE@ +REPLACE_SETSTATE = @REPLACE_SETSTATE@ +REPLACE_SLEEP = @REPLACE_SLEEP@ +REPLACE_SNPRINTF = @REPLACE_SNPRINTF@ +REPLACE_SPRINTF = @REPLACE_SPRINTF@ +REPLACE_STAT = @REPLACE_STAT@ +REPLACE_STDIO_READ_FUNCS = @REPLACE_STDIO_READ_FUNCS@ +REPLACE_STDIO_WRITE_FUNCS = @REPLACE_STDIO_WRITE_FUNCS@ +REPLACE_STPNCPY = @REPLACE_STPNCPY@ +REPLACE_STRCASESTR = @REPLACE_STRCASESTR@ +REPLACE_STRCHRNUL = @REPLACE_STRCHRNUL@ +REPLACE_STRDUP = @REPLACE_STRDUP@ +REPLACE_STRERROR = @REPLACE_STRERROR@ +REPLACE_STRERROR_R = @REPLACE_STRERROR_R@ +REPLACE_STRFTIME = @REPLACE_STRFTIME@ +REPLACE_STRNCAT = @REPLACE_STRNCAT@ +REPLACE_STRNDUP = @REPLACE_STRNDUP@ +REPLACE_STRNLEN = @REPLACE_STRNLEN@ +REPLACE_STRSIGNAL = @REPLACE_STRSIGNAL@ +REPLACE_STRSTR = @REPLACE_STRSTR@ +REPLACE_STRTOD = @REPLACE_STRTOD@ +REPLACE_STRTOIMAX = @REPLACE_STRTOIMAX@ +REPLACE_STRTOK_R = @REPLACE_STRTOK_R@ +REPLACE_STRTOLD = @REPLACE_STRTOLD@ +REPLACE_STRTOUMAX = @REPLACE_STRTOUMAX@ +REPLACE_STRUCT_LCONV = @REPLACE_STRUCT_LCONV@ +REPLACE_STRUCT_TIMEVAL = @REPLACE_STRUCT_TIMEVAL@ +REPLACE_SYMLINK = @REPLACE_SYMLINK@ +REPLACE_SYMLINKAT = @REPLACE_SYMLINKAT@ +REPLACE_TIMEGM = @REPLACE_TIMEGM@ +REPLACE_TMPFILE = @REPLACE_TMPFILE@ +REPLACE_TRUNCATE = @REPLACE_TRUNCATE@ +REPLACE_TTYNAME_R = @REPLACE_TTYNAME_R@ +REPLACE_TZSET = @REPLACE_TZSET@ +REPLACE_UNLINK = @REPLACE_UNLINK@ +REPLACE_UNLINKAT = @REPLACE_UNLINKAT@ +REPLACE_UNSETENV = @REPLACE_UNSETENV@ +REPLACE_USLEEP = @REPLACE_USLEEP@ +REPLACE_UTIMENSAT = @REPLACE_UTIMENSAT@ +REPLACE_VASPRINTF = @REPLACE_VASPRINTF@ +REPLACE_VDPRINTF = @REPLACE_VDPRINTF@ +REPLACE_VFPRINTF = @REPLACE_VFPRINTF@ +REPLACE_VPRINTF = @REPLACE_VPRINTF@ +REPLACE_VSNPRINTF = @REPLACE_VSNPRINTF@ +REPLACE_VSPRINTF = @REPLACE_VSPRINTF@ +REPLACE_WCRTOMB = @REPLACE_WCRTOMB@ +REPLACE_WCSFTIME = @REPLACE_WCSFTIME@ +REPLACE_WCSNRTOMBS = @REPLACE_WCSNRTOMBS@ +REPLACE_WCSRTOMBS = @REPLACE_WCSRTOMBS@ +REPLACE_WCSWIDTH = @REPLACE_WCSWIDTH@ +REPLACE_WCTOB = @REPLACE_WCTOB@ +REPLACE_WCTOMB = @REPLACE_WCTOMB@ +REPLACE_WCWIDTH = @REPLACE_WCWIDTH@ +REPLACE_WRITE = @REPLACE_WRITE@ +SED = @SED@ +SERVENT_LIB = @SERVENT_LIB@ +SET_MAKE = @SET_MAKE@ +SHELL = @SHELL@ +SIG_ATOMIC_T_SUFFIX = @SIG_ATOMIC_T_SUFFIX@ +SIZE_T_SUFFIX = @SIZE_T_SUFFIX@ +STDALIGN_H = @STDALIGN_H@ +STDBOOL_H = @STDBOOL_H@ +STDDEF_H = @STDDEF_H@ +STDINT_H = @STDINT_H@ +STDNORETURN_H = @STDNORETURN_H@ +STRIP = @STRIP@ +SYS_IOCTL_H_HAVE_WINSOCK2_H = @SYS_IOCTL_H_HAVE_WINSOCK2_H@ +SYS_IOCTL_H_HAVE_WINSOCK2_H_AND_USE_SOCKETS = @SYS_IOCTL_H_HAVE_WINSOCK2_H_AND_USE_SOCKETS@ +SYS_TIME_H_DEFINES_STRUCT_TIMESPEC = @SYS_TIME_H_DEFINES_STRUCT_TIMESPEC@ +TIME_H_DEFINES_STRUCT_TIMESPEC = @TIME_H_DEFINES_STRUCT_TIMESPEC@ +TROUSERS_LIB = @TROUSERS_LIB@ +TSS_CFLAGS = @TSS_CFLAGS@ +TSS_LIBS = @TSS_LIBS@ +UINT32_MAX_LT_UINTMAX_MAX = @UINT32_MAX_LT_UINTMAX_MAX@ +UINT64_MAX_EQ_ULONG_MAX = @UINT64_MAX_EQ_ULONG_MAX@ +UNBOUND_CFLAGS = @UNBOUND_CFLAGS@ +UNBOUND_LIBS = @UNBOUND_LIBS@ +UNDEFINE_STRTOK_R = @UNDEFINE_STRTOK_R@ +UNISTD_H_DEFINES_STRUCT_TIMESPEC = @UNISTD_H_DEFINES_STRUCT_TIMESPEC@ +UNISTD_H_HAVE_WINSOCK2_H = @UNISTD_H_HAVE_WINSOCK2_H@ +UNISTD_H_HAVE_WINSOCK2_H_AND_USE_SOCKETS = @UNISTD_H_HAVE_WINSOCK2_H_AND_USE_SOCKETS@ +USE_NLS = @USE_NLS@ +VALGRIND = @VALGRIND@ +VERSION = @VERSION@ +WARN_CFLAGS = @WARN_CFLAGS@ +WCHAR_T_SUFFIX = @WCHAR_T_SUFFIX@ +WERROR_CFLAGS = @WERROR_CFLAGS@ +WINDOWS_64_BIT_OFF_T = @WINDOWS_64_BIT_OFF_T@ +WINDOWS_64_BIT_ST_SIZE = @WINDOWS_64_BIT_ST_SIZE@ +WINDOWS_STAT_INODES = @WINDOWS_STAT_INODES@ +WINDOWS_STAT_TIMESPEC = @WINDOWS_STAT_TIMESPEC@ +WINT_T_SUFFIX = @WINT_T_SUFFIX@ +WSTACK_CFLAGS = @WSTACK_CFLAGS@ +XGETTEXT = @XGETTEXT@ +XGETTEXT_015 = @XGETTEXT_015@ +XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@ +YACC = @YACC@ +YEAR = @YEAR@ +YFLAGS = @YFLAGS@ +abs_aux_dir = @abs_aux_dir@ +abs_builddir = @abs_builddir@ +abs_srcdir = @abs_srcdir@ +abs_top_builddir = @abs_top_builddir@ +abs_top_srcdir = @abs_top_srcdir@ +ac_ct_AR = @ac_ct_AR@ +ac_ct_CC = @ac_ct_CC@ +ac_ct_CXX = @ac_ct_CXX@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +ac_cv_sizeof_time_t = @ac_cv_sizeof_time_t@ +am__include = @am__include@ +am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ +am__tar = @am__tar@ +am__untar = @am__untar@ +autogen = @autogen@ +bindir = @bindir@ +build = @build@ +build_alias = @build_alias@ +build_cpu = @build_cpu@ +build_os = @build_os@ +build_vendor = @build_vendor@ +builddir = @builddir@ +datadir = @datadir@ +datarootdir = @datarootdir@ +docdir = @docdir@ +dvidir = @dvidir@ +exec_prefix = @exec_prefix@ +ggl_LIBOBJS = @ggl_LIBOBJS@ +ggl_LTLIBOBJS = @ggl_LTLIBOBJS@ +ggltests_LIBOBJS = @ggltests_LIBOBJS@ +ggltests_LTLIBOBJS = @ggltests_LTLIBOBJS@ +ggltests_WITNESS = @ggltests_WITNESS@ +gl_LIBOBJS = @gl_LIBOBJS@ +gl_LTLIBOBJS = @gl_LTLIBOBJS@ +gltests_LIBOBJS = @gltests_LIBOBJS@ +gltests_LTLIBOBJS = @gltests_LTLIBOBJS@ +gltests_WITNESS = @gltests_WITNESS@ +guile_snarf = @guile_snarf@ +guileextensiondir = @guileextensiondir@ +guilesiteccachedir = @guilesiteccachedir@ +guilesitedir = @guilesitedir@ +host = @host@ +host_alias = @host_alias@ +host_cpu = @host_cpu@ +host_os = @host_os@ +host_vendor = @host_vendor@ +htmldir = @htmldir@ +ifGNUmake = @ifGNUmake@ +ifnGNUmake = @ifnGNUmake@ +includedir = @includedir@ +infodir = @infodir@ +install_sh = @install_sh@ +libdir = @libdir@ +libexecdir = @libexecdir@ +localedir = @localedir@ +localstatedir = @localstatedir@ +mandir = @mandir@ +mkdir_p = @mkdir_p@ +oldincludedir = @oldincludedir@ +pdfdir = @pdfdir@ +prefix = @prefix@ +program_transform_name = @program_transform_name@ +psdir = @psdir@ +runstatedir = @runstatedir@ +sbindir = @sbindir@ +sharedstatedir = @sharedstatedir@ +srcdir = @srcdir@ +sysconfdir = @sysconfdir@ +target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ +top_builddir = @top_builddir@ +top_srcdir = @top_srcdir@ +unistring_LIBOBJS = @unistring_LIBOBJS@ +unistring_LTLIBOBJS = @unistring_LTLIBOBJS@ +unistringtests_LIBOBJS = @unistringtests_LIBOBJS@ +unistringtests_LTLIBOBJS = @unistringtests_LTLIBOBJS@ +unistringtests_WITNESS = @unistringtests_WITNESS@ +EXTRA_DIST = TODO certtool.cfg gnutls.html doxygen/Doxyfile.in \ + doxygen/Doxyfile.orig texinfo.css gnutls-guile.html \ + stamp_enums stamp_functions doc.mk COPYING COPYING.LESSER \ + $(guile_texi) extract-guile-c-doc.scm +IMAGES = \ + gnutls-handshake-state.png \ + gnutls-layers.png gnutls-modauth.png \ + gnutls-client-server-use-case.png \ + gnutls-handshake-sequence.png gnutls-internals.png \ + gnutls-logo.png gnutls-x509.png \ + pkcs11-vision.png + +SUBDIRS = examples scripts credentials latex $(am__append_1) +info_TEXINFOS = gnutls.texi gnutls-guile.texi + +# Examples. + +# Images. Make sure there are eps + png + pdf of each, plus the source dia. + +# Images. Make sure there are eps + png + pdf of each, plus the source dia. +gnutls_TEXINFOS = gnutls.texi fdl-1.3.texi cha-bib.texi \ + cha-cert-auth.texi cha-cert-auth2.texi cha-ciphersuites.texi \ + cha-copying.texi cha-functions.texi cha-gtls-app.texi \ + cha-internals.texi cha-intro-tls.texi cha-library.texi \ + cha-preface.texi cha-programs.texi sec-tls-app.texi \ + cha-errors.texi cha-support.texi cha-shared-key.texi \ + cha-gtls-examples.texi cha-upgrade.texi cha-tokens.texi \ + cha-crypto.texi cha-auth.texi stamp_functions \ + examples/ex-client-anon.c examples/ex-session-info.c \ + examples/ex-verify.c examples/ex-cert-select.c \ + examples/ex-client-resume.c examples/ex-client-srp.c \ + examples/ex-client-x509.c examples/ex-serv-x509.c \ + examples/ex-serv-anon.c examples/ex-serv-srp.c \ + examples/ex-alert.c examples/ex-x509-info.c examples/ex-crq.c \ + examples/ex-pkcs12.c examples/ex-client-dtls.c \ + gnutls-internals.dia gnutls-internals.eps gnutls-internals.png \ + gnutls-layers.dia gnutls-layers.eps gnutls-layers.png \ + gnutls-crypto-layers.dia gnutls-crypto-layers.eps \ + gnutls-crypto-layers.png gnutls-x509.dia gnutls-x509.eps \ + gnutls-x509.png gnutls-logo.eps gnutls-logo.png \ + pkcs11-vision.dia pkcs11-vision.eps pkcs11-vision.png \ + gnutls-client-server-use-case.dia \ + gnutls-client-server-use-case.eps \ + gnutls-client-server-use-case.png \ + gnutls-handshake-sequence.dia gnutls-handshake-sequence.eps \ + gnutls-handshake-sequence.png gnutls-handshake-state.dia \ + gnutls-handshake-state.eps gnutls-handshake-state.png \ + gnutls-modauth.dia gnutls-modauth.eps gnutls-modauth.png \ + $(API_FILES) $(am__append_2) $(ENUMS) $(FUNCS) \ + $(AUTOGENED_DOC) +AUTOGENED_DOC = invoke-gnutls-cli.texi invoke-gnutls-cli-debug.texi \ + invoke-gnutls-serv.texi invoke-certtool.texi invoke-srptool.texi \ + invoke-ocsptool.texi invoke-psktool.texi invoke-p11tool.texi \ + invoke-tpmtool.texi invoke-danetool.texi + +infoimagesdir = $(infodir) +infoimages_DATA = $(IMAGES) +html_DATA = $(IMAGES) +AM_MAKEINFOFLAGS = -I $(top_srcdir)/doc +TEXI2DVI = texi2dvi $(AM_MAKEINFOFLAGS) +AM_MAKEINFOHTMLFLAGS = $(AM_MAKEINFOFLAGS) \ + --no-split --css-include=$(srcdir)/texinfo.css + +MAINTAINERCLEANFILES = $(API_FILES) $(guile_texi) + +# Generated texinfos. +API_FILES = gnutls-api.texi socket-api.texi x509-api.texi pkcs12-api.texi \ + tpm-api.texi pkcs11-api.texi abstract-api.texi compat-api.texi \ + dtls-api.texi crypto-api.texi ocsp-api.texi tpm-api.texi dane-api.texi \ + pkcs7-api.texi + +DISTCLEANFILES = error_codes.texi algorithms.texi alerts.texi \ + enums.texi $(ENUMS) stamp_enums stamp_functions +AM_CPPFLAGS = \ + -I$(top_builddir)/lib/includes -I$(top_srcdir)/lib/includes \ + -I$(top_builddir)/ + +errcodes_SOURCES = errcodes.c common.c common.h +errcodes_LDADD = ../lib/libgnutls.la ../gl/libgnu.la +printlist_SOURCES = printlist.c common.c common.h +printlist_LDADD = ../lib/libgnutls.la ../gl/libgnu.la +alert_printlist_SOURCES = alert-printlist.c common.c common.h +alert_printlist_LDADD = ../lib/libgnutls.la ../gl/libgnu.la + +# Guile texinfos. +guile_texi = core.c.texi +BUILT_SOURCES = $(guile_texi) +guile_TEXINFOS = gnutls-guile.texi $(guile_texi) +@HAVE_GUILE_TRUE@GUILE_FOR_BUILD = \ +@HAVE_GUILE_TRUE@ GUILE_AUTO_COMPILE=0 \ +@HAVE_GUILE_TRUE@ $(GUILE) -L $(top_srcdir)/guile/modules + +@HAVE_GUILE_TRUE@SNARF_CPPFLAGS = -I$(top_srcdir) -I$(top_builddir) \ +@HAVE_GUILE_TRUE@ -I$(top_srcdir)/lib/includes -I$(top_builddir)/lib/includes \ +@HAVE_GUILE_TRUE@ -I$(top_srcdir)/extra/includes \ +@HAVE_GUILE_TRUE@ -I$(top_srcdir)/guile/src -I$(top_builddir)/guile/src \ +@HAVE_GUILE_TRUE@ $(GUILE_CFLAGS) + +ENUMS = enums/dane_cert_type_t enums/dane_cert_usage_t \ + enums/dane_match_type_t enums/dane_query_status_t \ + enums/dane_state_flags_t enums/dane_verify_flags_t \ + enums/dane_verify_status_t \ + enums/gnutls_abstract_export_flags_t \ + enums/gnutls_alert_description_t enums/gnutls_alert_level_t \ + enums/gnutls_alpn_flags_t enums/gnutls_certificate_flags \ + enums/gnutls_certificate_import_flags \ + enums/gnutls_certificate_print_formats_t \ + enums/gnutls_certificate_request_t \ + enums/gnutls_certificate_status_t \ + enums/gnutls_certificate_type_t \ + enums/gnutls_certificate_verification_profiles_t \ + enums/gnutls_certificate_verify_flags \ + enums/gnutls_channel_binding_t enums/gnutls_cipher_algorithm_t \ + enums/gnutls_close_request_t enums/gnutls_compression_method_t \ + enums/gnutls_credentials_type_t enums/gnutls_ctype_target_t \ + enums/gnutls_digest_algorithm_t enums/gnutls_ecc_curve_t \ + enums/gnutls_ext_flags_t enums/gnutls_ext_parse_type_t \ + enums/gnutls_fips_mode_t enums/gnutls_gost_paramset_t \ + enums/gnutls_group_t enums/gnutls_handshake_description_t \ + enums/gnutls_init_flags_t enums/gnutls_keygen_types_t \ + enums/gnutls_keyid_flags_t enums/gnutls_kx_algorithm_t \ + enums/gnutls_mac_algorithm_t enums/gnutls_ocsp_cert_status_t \ + enums/gnutls_ocsp_print_formats_t \ + enums/gnutls_ocsp_resp_status_t \ + enums/gnutls_ocsp_verify_reason_t \ + enums/gnutls_openpgp_crt_status_t enums/gnutls_params_type_t \ + enums/gnutls_pin_flag_t enums/gnutls_pk_algorithm_t \ + enums/gnutls_pkcs11_obj_flags enums/gnutls_pkcs11_obj_info_t \ + enums/gnutls_pkcs11_obj_type_t \ + enums/gnutls_pkcs11_token_info_t \ + enums/gnutls_pkcs11_url_type_t enums/gnutls_pkcs12_bag_type_t \ + enums/gnutls_pkcs7_sign_flags \ + enums/gnutls_pkcs_encrypt_flags_t enums/gnutls_privkey_flags_t \ + enums/gnutls_privkey_type_t enums/gnutls_protocol_t \ + enums/gnutls_psk_key_flags enums/gnutls_pubkey_flags_t \ + enums/gnutls_rnd_level_t enums/gnutls_sec_param_t \ + enums/gnutls_server_name_type_t enums/gnutls_session_flags_t \ + enums/gnutls_sign_algorithm_t enums/gnutls_srtp_profile_t \ + enums/gnutls_supplemental_data_format_type_t \ + enums/gnutls_tpmkey_fmt_t enums/gnutls_vdata_types_t \ + enums/gnutls_x509_crl_reason_t enums/gnutls_x509_crt_flags \ + enums/gnutls_x509_crt_fmt_t \ + enums/gnutls_x509_subject_alt_name_t +FUNCS = functions/dane_cert_type_name \ + functions/dane_cert_type_name.short \ + functions/dane_cert_usage_name \ + functions/dane_cert_usage_name.short \ + functions/dane_match_type_name \ + functions/dane_match_type_name.short functions/dane_query_data \ + functions/dane_query_data.short functions/dane_query_deinit \ + functions/dane_query_deinit.short functions/dane_query_entries \ + functions/dane_query_entries.short functions/dane_query_status \ + functions/dane_query_status.short functions/dane_query_tlsa \ + functions/dane_query_tlsa.short \ + functions/dane_query_to_raw_tlsa \ + functions/dane_query_to_raw_tlsa.short functions/dane_raw_tlsa \ + functions/dane_raw_tlsa.short functions/dane_state_deinit \ + functions/dane_state_deinit.short functions/dane_state_init \ + functions/dane_state_init.short \ + functions/dane_state_set_dlv_file \ + functions/dane_state_set_dlv_file.short \ + functions/dane_strerror functions/dane_strerror.short \ + functions/dane_verification_status_print \ + functions/dane_verification_status_print.short \ + functions/dane_verify_crt functions/dane_verify_crt.short \ + functions/dane_verify_crt_raw \ + functions/dane_verify_crt_raw.short \ + functions/dane_verify_session_crt \ + functions/dane_verify_session_crt.short \ + functions/gnutls_aead_cipher_decrypt \ + functions/gnutls_aead_cipher_decrypt.short \ + functions/gnutls_aead_cipher_deinit \ + functions/gnutls_aead_cipher_deinit.short \ + functions/gnutls_aead_cipher_encrypt \ + functions/gnutls_aead_cipher_encrypt.short \ + functions/gnutls_aead_cipher_encryptv \ + functions/gnutls_aead_cipher_encryptv.short \ + functions/gnutls_aead_cipher_init \ + functions/gnutls_aead_cipher_init.short \ + functions/gnutls_alert_get functions/gnutls_alert_get.short \ + functions/gnutls_alert_get_name \ + functions/gnutls_alert_get_name.short \ + functions/gnutls_alert_get_strname \ + functions/gnutls_alert_get_strname.short \ + functions/gnutls_alert_send functions/gnutls_alert_send.short \ + functions/gnutls_alert_send_appropriate \ + functions/gnutls_alert_send_appropriate.short \ + functions/gnutls_alpn_get_selected_protocol \ + functions/gnutls_alpn_get_selected_protocol.short \ + functions/gnutls_alpn_set_protocols \ + functions/gnutls_alpn_set_protocols.short \ + functions/gnutls_anon_allocate_client_credentials \ + functions/gnutls_anon_allocate_client_credentials.short \ + functions/gnutls_anon_allocate_server_credentials \ + functions/gnutls_anon_allocate_server_credentials.short \ + functions/gnutls_anon_free_client_credentials \ + functions/gnutls_anon_free_client_credentials.short \ + functions/gnutls_anon_free_server_credentials \ + functions/gnutls_anon_free_server_credentials.short \ + functions/gnutls_anon_set_params_function \ + functions/gnutls_anon_set_params_function.short \ + functions/gnutls_anon_set_server_dh_params \ + functions/gnutls_anon_set_server_dh_params.short \ + functions/gnutls_anon_set_server_known_dh_params \ + functions/gnutls_anon_set_server_known_dh_params.short \ + functions/gnutls_anon_set_server_params_function \ + functions/gnutls_anon_set_server_params_function.short \ + functions/gnutls_anti_replay_deinit \ + functions/gnutls_anti_replay_deinit.short \ + functions/gnutls_anti_replay_enable \ + functions/gnutls_anti_replay_enable.short \ + functions/gnutls_anti_replay_init \ + functions/gnutls_anti_replay_init.short \ + functions/gnutls_anti_replay_set_add_function \ + functions/gnutls_anti_replay_set_add_function.short \ + functions/gnutls_anti_replay_set_ptr \ + functions/gnutls_anti_replay_set_ptr.short \ + functions/gnutls_anti_replay_set_window \ + functions/gnutls_anti_replay_set_window.short \ + functions/gnutls_auth_client_get_type \ + functions/gnutls_auth_client_get_type.short \ + functions/gnutls_auth_get_type \ + functions/gnutls_auth_get_type.short \ + functions/gnutls_auth_server_get_type \ + functions/gnutls_auth_server_get_type.short \ + functions/gnutls_base64_decode2 \ + functions/gnutls_base64_decode2.short \ + functions/gnutls_base64_encode2 \ + functions/gnutls_base64_encode2.short \ + functions/gnutls_buffer_append_data \ + functions/gnutls_buffer_append_data.short functions/gnutls_bye \ + functions/gnutls_bye.short \ + functions/gnutls_certificate_activation_time_peers \ + functions/gnutls_certificate_activation_time_peers.short \ + functions/gnutls_certificate_allocate_credentials \ + functions/gnutls_certificate_allocate_credentials.short \ + functions/gnutls_certificate_client_get_request_status \ + functions/gnutls_certificate_client_get_request_status.short \ + functions/gnutls_certificate_expiration_time_peers \ + functions/gnutls_certificate_expiration_time_peers.short \ + functions/gnutls_certificate_free_ca_names \ + functions/gnutls_certificate_free_ca_names.short \ + functions/gnutls_certificate_free_cas \ + functions/gnutls_certificate_free_cas.short \ + functions/gnutls_certificate_free_credentials \ + functions/gnutls_certificate_free_credentials.short \ + functions/gnutls_certificate_free_crls \ + functions/gnutls_certificate_free_crls.short \ + functions/gnutls_certificate_free_keys \ + functions/gnutls_certificate_free_keys.short \ + functions/gnutls_certificate_get_crt_raw \ + functions/gnutls_certificate_get_crt_raw.short \ + functions/gnutls_certificate_get_issuer \ + functions/gnutls_certificate_get_issuer.short \ + functions/gnutls_certificate_get_ocsp_expiration \ + functions/gnutls_certificate_get_ocsp_expiration.short \ + functions/gnutls_certificate_get_ours \ + functions/gnutls_certificate_get_ours.short \ + functions/gnutls_certificate_get_peers \ + functions/gnutls_certificate_get_peers.short \ + functions/gnutls_certificate_get_peers_subkey_id \ + functions/gnutls_certificate_get_peers_subkey_id.short \ + functions/gnutls_certificate_get_trust_list \ + functions/gnutls_certificate_get_trust_list.short \ + functions/gnutls_certificate_get_verify_flags \ + functions/gnutls_certificate_get_verify_flags.short \ + functions/gnutls_certificate_get_x509_crt \ + functions/gnutls_certificate_get_x509_crt.short \ + functions/gnutls_certificate_get_x509_key \ + functions/gnutls_certificate_get_x509_key.short \ + functions/gnutls_certificate_send_x509_rdn_sequence \ + functions/gnutls_certificate_send_x509_rdn_sequence.short \ + functions/gnutls_certificate_server_set_request \ + functions/gnutls_certificate_server_set_request.short \ + functions/gnutls_certificate_set_dh_params \ + functions/gnutls_certificate_set_dh_params.short \ + functions/gnutls_certificate_set_flags \ + functions/gnutls_certificate_set_flags.short \ + functions/gnutls_certificate_set_key \ + functions/gnutls_certificate_set_key.short \ + functions/gnutls_certificate_set_known_dh_params \ + functions/gnutls_certificate_set_known_dh_params.short \ + functions/gnutls_certificate_set_ocsp_status_request_file \ + functions/gnutls_certificate_set_ocsp_status_request_file.short \ + functions/gnutls_certificate_set_ocsp_status_request_file2 \ + functions/gnutls_certificate_set_ocsp_status_request_file2.short \ + functions/gnutls_certificate_set_ocsp_status_request_function \ + functions/gnutls_certificate_set_ocsp_status_request_function.short \ + functions/gnutls_certificate_set_ocsp_status_request_function2 \ + functions/gnutls_certificate_set_ocsp_status_request_function2.short \ + functions/gnutls_certificate_set_ocsp_status_request_mem \ + functions/gnutls_certificate_set_ocsp_status_request_mem.short \ + functions/gnutls_certificate_set_params_function \ + functions/gnutls_certificate_set_params_function.short \ + functions/gnutls_certificate_set_pin_function \ + functions/gnutls_certificate_set_pin_function.short \ + functions/gnutls_certificate_set_rawpk_key_file \ + functions/gnutls_certificate_set_rawpk_key_file.short \ + functions/gnutls_certificate_set_rawpk_key_mem \ + functions/gnutls_certificate_set_rawpk_key_mem.short \ + functions/gnutls_certificate_set_retrieve_function \ + functions/gnutls_certificate_set_retrieve_function.short \ + functions/gnutls_certificate_set_retrieve_function2 \ + functions/gnutls_certificate_set_retrieve_function2.short \ + functions/gnutls_certificate_set_retrieve_function3 \ + functions/gnutls_certificate_set_retrieve_function3.short \ + functions/gnutls_certificate_set_trust_list \ + functions/gnutls_certificate_set_trust_list.short \ + functions/gnutls_certificate_set_verify_flags \ + functions/gnutls_certificate_set_verify_flags.short \ + functions/gnutls_certificate_set_verify_function \ + functions/gnutls_certificate_set_verify_function.short \ + functions/gnutls_certificate_set_verify_limits \ + functions/gnutls_certificate_set_verify_limits.short \ + functions/gnutls_certificate_set_x509_crl \ + functions/gnutls_certificate_set_x509_crl.short \ + functions/gnutls_certificate_set_x509_crl_file \ + functions/gnutls_certificate_set_x509_crl_file.short \ + functions/gnutls_certificate_set_x509_crl_mem \ + functions/gnutls_certificate_set_x509_crl_mem.short \ + functions/gnutls_certificate_set_x509_key \ + functions/gnutls_certificate_set_x509_key.short \ + functions/gnutls_certificate_set_x509_key_file \ + functions/gnutls_certificate_set_x509_key_file.short \ + functions/gnutls_certificate_set_x509_key_file2 \ + functions/gnutls_certificate_set_x509_key_file2.short \ + functions/gnutls_certificate_set_x509_key_mem \ + functions/gnutls_certificate_set_x509_key_mem.short \ + functions/gnutls_certificate_set_x509_key_mem2 \ + functions/gnutls_certificate_set_x509_key_mem2.short \ + functions/gnutls_certificate_set_x509_simple_pkcs12_file \ + functions/gnutls_certificate_set_x509_simple_pkcs12_file.short \ + functions/gnutls_certificate_set_x509_simple_pkcs12_mem \ + functions/gnutls_certificate_set_x509_simple_pkcs12_mem.short \ + functions/gnutls_certificate_set_x509_system_trust \ + functions/gnutls_certificate_set_x509_system_trust.short \ + functions/gnutls_certificate_set_x509_trust \ + functions/gnutls_certificate_set_x509_trust.short \ + functions/gnutls_certificate_set_x509_trust_dir \ + functions/gnutls_certificate_set_x509_trust_dir.short \ + functions/gnutls_certificate_set_x509_trust_file \ + functions/gnutls_certificate_set_x509_trust_file.short \ + functions/gnutls_certificate_set_x509_trust_mem \ + functions/gnutls_certificate_set_x509_trust_mem.short \ + functions/gnutls_certificate_type_get \ + functions/gnutls_certificate_type_get.short \ + functions/gnutls_certificate_type_get2 \ + functions/gnutls_certificate_type_get2.short \ + functions/gnutls_certificate_type_get_id \ + functions/gnutls_certificate_type_get_id.short \ + functions/gnutls_certificate_type_get_name \ + functions/gnutls_certificate_type_get_name.short \ + functions/gnutls_certificate_type_list \ + functions/gnutls_certificate_type_list.short \ + functions/gnutls_certificate_verification_status_print \ + functions/gnutls_certificate_verification_status_print.short \ + functions/gnutls_certificate_verify_peers \ + functions/gnutls_certificate_verify_peers.short \ + functions/gnutls_certificate_verify_peers2 \ + functions/gnutls_certificate_verify_peers2.short \ + functions/gnutls_certificate_verify_peers3 \ + functions/gnutls_certificate_verify_peers3.short \ + functions/gnutls_check_version \ + functions/gnutls_check_version.short \ + functions/gnutls_cipher_add_auth \ + functions/gnutls_cipher_add_auth.short \ + functions/gnutls_cipher_decrypt \ + functions/gnutls_cipher_decrypt.short \ + functions/gnutls_cipher_decrypt2 \ + functions/gnutls_cipher_decrypt2.short \ + functions/gnutls_cipher_deinit \ + functions/gnutls_cipher_deinit.short \ + functions/gnutls_cipher_encrypt \ + functions/gnutls_cipher_encrypt.short \ + functions/gnutls_cipher_encrypt2 \ + functions/gnutls_cipher_encrypt2.short \ + functions/gnutls_cipher_get functions/gnutls_cipher_get.short \ + functions/gnutls_cipher_get_block_size \ + functions/gnutls_cipher_get_block_size.short \ + functions/gnutls_cipher_get_id \ + functions/gnutls_cipher_get_id.short \ + functions/gnutls_cipher_get_iv_size \ + functions/gnutls_cipher_get_iv_size.short \ + functions/gnutls_cipher_get_key_size \ + functions/gnutls_cipher_get_key_size.short \ + functions/gnutls_cipher_get_name \ + functions/gnutls_cipher_get_name.short \ + functions/gnutls_cipher_get_tag_size \ + functions/gnutls_cipher_get_tag_size.short \ + functions/gnutls_cipher_init \ + functions/gnutls_cipher_init.short \ + functions/gnutls_cipher_list \ + functions/gnutls_cipher_list.short \ + functions/gnutls_cipher_set_iv \ + functions/gnutls_cipher_set_iv.short \ + functions/gnutls_cipher_suite_get_name \ + functions/gnutls_cipher_suite_get_name.short \ + functions/gnutls_cipher_suite_info \ + functions/gnutls_cipher_suite_info.short \ + functions/gnutls_cipher_tag functions/gnutls_cipher_tag.short \ + functions/gnutls_compression_get \ + functions/gnutls_compression_get.short \ + functions/gnutls_compression_get_id \ + functions/gnutls_compression_get_id.short \ + functions/gnutls_compression_get_name \ + functions/gnutls_compression_get_name.short \ + functions/gnutls_compression_list \ + functions/gnutls_compression_list.short \ + functions/gnutls_credentials_clear \ + functions/gnutls_credentials_clear.short \ + functions/gnutls_credentials_get \ + functions/gnutls_credentials_get.short \ + functions/gnutls_credentials_set \ + functions/gnutls_credentials_set.short \ + functions/gnutls_crypto_register_aead_cipher \ + functions/gnutls_crypto_register_aead_cipher.short \ + functions/gnutls_crypto_register_cipher \ + functions/gnutls_crypto_register_cipher.short \ + functions/gnutls_crypto_register_digest \ + functions/gnutls_crypto_register_digest.short \ + functions/gnutls_crypto_register_mac \ + functions/gnutls_crypto_register_mac.short \ + functions/gnutls_db_check_entry \ + functions/gnutls_db_check_entry.short \ + functions/gnutls_db_check_entry_expire_time \ + functions/gnutls_db_check_entry_expire_time.short \ + functions/gnutls_db_check_entry_time \ + functions/gnutls_db_check_entry_time.short \ + functions/gnutls_db_get_default_cache_expiration \ + functions/gnutls_db_get_default_cache_expiration.short \ + functions/gnutls_db_get_ptr functions/gnutls_db_get_ptr.short \ + functions/gnutls_db_remove_session \ + functions/gnutls_db_remove_session.short \ + functions/gnutls_db_set_cache_expiration \ + functions/gnutls_db_set_cache_expiration.short \ + functions/gnutls_db_set_ptr functions/gnutls_db_set_ptr.short \ + functions/gnutls_db_set_remove_function \ + functions/gnutls_db_set_remove_function.short \ + functions/gnutls_db_set_retrieve_function \ + functions/gnutls_db_set_retrieve_function.short \ + functions/gnutls_db_set_store_function \ + functions/gnutls_db_set_store_function.short \ + functions/gnutls_decode_ber_digest_info \ + functions/gnutls_decode_ber_digest_info.short \ + functions/gnutls_decode_gost_rs_value \ + functions/gnutls_decode_gost_rs_value.short \ + functions/gnutls_decode_rs_value \ + functions/gnutls_decode_rs_value.short functions/gnutls_deinit \ + functions/gnutls_deinit.short functions/gnutls_dh_get_group \ + functions/gnutls_dh_get_group.short \ + functions/gnutls_dh_get_peers_public_bits \ + functions/gnutls_dh_get_peers_public_bits.short \ + functions/gnutls_dh_get_prime_bits \ + functions/gnutls_dh_get_prime_bits.short \ + functions/gnutls_dh_get_pubkey \ + functions/gnutls_dh_get_pubkey.short \ + functions/gnutls_dh_get_secret_bits \ + functions/gnutls_dh_get_secret_bits.short \ + functions/gnutls_dh_params_cpy \ + functions/gnutls_dh_params_cpy.short \ + functions/gnutls_dh_params_deinit \ + functions/gnutls_dh_params_deinit.short \ + functions/gnutls_dh_params_export2_pkcs3 \ + functions/gnutls_dh_params_export2_pkcs3.short \ + functions/gnutls_dh_params_export_pkcs3 \ + functions/gnutls_dh_params_export_pkcs3.short \ + functions/gnutls_dh_params_export_raw \ + functions/gnutls_dh_params_export_raw.short \ + functions/gnutls_dh_params_generate2 \ + functions/gnutls_dh_params_generate2.short \ + functions/gnutls_dh_params_import_dsa \ + functions/gnutls_dh_params_import_dsa.short \ + functions/gnutls_dh_params_import_pkcs3 \ + functions/gnutls_dh_params_import_pkcs3.short \ + functions/gnutls_dh_params_import_raw \ + functions/gnutls_dh_params_import_raw.short \ + functions/gnutls_dh_params_import_raw2 \ + functions/gnutls_dh_params_import_raw2.short \ + functions/gnutls_dh_params_import_raw3 \ + functions/gnutls_dh_params_import_raw3.short \ + functions/gnutls_dh_params_init \ + functions/gnutls_dh_params_init.short \ + functions/gnutls_dh_set_prime_bits \ + functions/gnutls_dh_set_prime_bits.short \ + functions/gnutls_digest_get_id \ + functions/gnutls_digest_get_id.short \ + functions/gnutls_digest_get_name \ + functions/gnutls_digest_get_name.short \ + functions/gnutls_digest_get_oid \ + functions/gnutls_digest_get_oid.short \ + functions/gnutls_digest_list \ + functions/gnutls_digest_list.short \ + functions/gnutls_dtls_cookie_send \ + functions/gnutls_dtls_cookie_send.short \ + functions/gnutls_dtls_cookie_verify \ + functions/gnutls_dtls_cookie_verify.short \ + functions/gnutls_dtls_get_data_mtu \ + functions/gnutls_dtls_get_data_mtu.short \ + functions/gnutls_dtls_get_mtu \ + functions/gnutls_dtls_get_mtu.short \ + functions/gnutls_dtls_get_timeout \ + functions/gnutls_dtls_get_timeout.short \ + functions/gnutls_dtls_prestate_set \ + functions/gnutls_dtls_prestate_set.short \ + functions/gnutls_dtls_set_data_mtu \ + functions/gnutls_dtls_set_data_mtu.short \ + functions/gnutls_dtls_set_mtu \ + functions/gnutls_dtls_set_mtu.short \ + functions/gnutls_dtls_set_timeouts \ + functions/gnutls_dtls_set_timeouts.short \ + functions/gnutls_ecc_curve_get \ + functions/gnutls_ecc_curve_get.short \ + functions/gnutls_ecc_curve_get_id \ + functions/gnutls_ecc_curve_get_id.short \ + functions/gnutls_ecc_curve_get_name \ + functions/gnutls_ecc_curve_get_name.short \ + functions/gnutls_ecc_curve_get_oid \ + functions/gnutls_ecc_curve_get_oid.short \ + functions/gnutls_ecc_curve_get_pk \ + functions/gnutls_ecc_curve_get_pk.short \ + functions/gnutls_ecc_curve_get_size \ + functions/gnutls_ecc_curve_get_size.short \ + functions/gnutls_ecc_curve_list \ + functions/gnutls_ecc_curve_list.short \ + functions/gnutls_encode_ber_digest_info \ + functions/gnutls_encode_ber_digest_info.short \ + functions/gnutls_encode_gost_rs_value \ + functions/gnutls_encode_gost_rs_value.short \ + functions/gnutls_encode_rs_value \ + functions/gnutls_encode_rs_value.short \ + functions/gnutls_error_is_fatal \ + functions/gnutls_error_is_fatal.short \ + functions/gnutls_error_to_alert \ + functions/gnutls_error_to_alert.short \ + functions/gnutls_est_record_overhead_size \ + functions/gnutls_est_record_overhead_size.short \ + functions/gnutls_ext_get_current_msg \ + functions/gnutls_ext_get_current_msg.short \ + functions/gnutls_ext_get_data \ + functions/gnutls_ext_get_data.short \ + functions/gnutls_ext_get_name \ + functions/gnutls_ext_get_name.short \ + functions/gnutls_ext_raw_parse \ + functions/gnutls_ext_raw_parse.short \ + functions/gnutls_ext_register \ + functions/gnutls_ext_register.short \ + functions/gnutls_ext_set_data \ + functions/gnutls_ext_set_data.short \ + functions/gnutls_fingerprint \ + functions/gnutls_fingerprint.short \ + functions/gnutls_fips140_mode_enabled \ + functions/gnutls_fips140_mode_enabled.short \ + functions/gnutls_fips140_set_mode \ + functions/gnutls_fips140_set_mode.short \ + functions/gnutls_global_deinit \ + functions/gnutls_global_deinit.short \ + functions/gnutls_global_init \ + functions/gnutls_global_init.short \ + functions/gnutls_global_set_audit_log_function \ + functions/gnutls_global_set_audit_log_function.short \ + functions/gnutls_global_set_log_function \ + functions/gnutls_global_set_log_function.short \ + functions/gnutls_global_set_log_level \ + functions/gnutls_global_set_log_level.short \ + functions/gnutls_global_set_mem_functions \ + functions/gnutls_global_set_mem_functions.short \ + functions/gnutls_global_set_mutex \ + functions/gnutls_global_set_mutex.short \ + functions/gnutls_global_set_time_function \ + functions/gnutls_global_set_time_function.short \ + functions/gnutls_gost_paramset_get_name \ + functions/gnutls_gost_paramset_get_name.short \ + functions/gnutls_gost_paramset_get_oid \ + functions/gnutls_gost_paramset_get_oid.short \ + functions/gnutls_group_get functions/gnutls_group_get.short \ + functions/gnutls_group_get_id \ + functions/gnutls_group_get_id.short \ + functions/gnutls_group_get_name \ + functions/gnutls_group_get_name.short \ + functions/gnutls_group_list functions/gnutls_group_list.short \ + functions/gnutls_handshake functions/gnutls_handshake.short \ + functions/gnutls_handshake_description_get_name \ + functions/gnutls_handshake_description_get_name.short \ + functions/gnutls_handshake_get_last_in \ + functions/gnutls_handshake_get_last_in.short \ + functions/gnutls_handshake_get_last_out \ + functions/gnutls_handshake_get_last_out.short \ + functions/gnutls_handshake_set_hook_function \ + functions/gnutls_handshake_set_hook_function.short \ + functions/gnutls_handshake_set_max_packet_length \ + functions/gnutls_handshake_set_max_packet_length.short \ + functions/gnutls_handshake_set_post_client_hello_function \ + functions/gnutls_handshake_set_post_client_hello_function.short \ + functions/gnutls_handshake_set_private_extensions \ + functions/gnutls_handshake_set_private_extensions.short \ + functions/gnutls_handshake_set_random \ + functions/gnutls_handshake_set_random.short \ + functions/gnutls_handshake_set_timeout \ + functions/gnutls_handshake_set_timeout.short \ + functions/gnutls_hash functions/gnutls_hash.short \ + functions/gnutls_hash_deinit \ + functions/gnutls_hash_deinit.short functions/gnutls_hash_fast \ + functions/gnutls_hash_fast.short functions/gnutls_hash_get_len \ + functions/gnutls_hash_get_len.short functions/gnutls_hash_init \ + functions/gnutls_hash_init.short functions/gnutls_hash_output \ + functions/gnutls_hash_output.short \ + functions/gnutls_heartbeat_allowed \ + functions/gnutls_heartbeat_allowed.short \ + functions/gnutls_heartbeat_enable \ + functions/gnutls_heartbeat_enable.short \ + functions/gnutls_heartbeat_get_timeout \ + functions/gnutls_heartbeat_get_timeout.short \ + functions/gnutls_heartbeat_ping \ + functions/gnutls_heartbeat_ping.short \ + functions/gnutls_heartbeat_pong \ + functions/gnutls_heartbeat_pong.short \ + functions/gnutls_heartbeat_set_timeouts \ + functions/gnutls_heartbeat_set_timeouts.short \ + functions/gnutls_hex2bin functions/gnutls_hex2bin.short \ + functions/gnutls_hex_decode functions/gnutls_hex_decode.short \ + functions/gnutls_hex_decode2 \ + functions/gnutls_hex_decode2.short functions/gnutls_hex_encode \ + functions/gnutls_hex_encode.short functions/gnutls_hex_encode2 \ + functions/gnutls_hex_encode2.short functions/gnutls_hmac \ + functions/gnutls_hmac.short functions/gnutls_hmac_deinit \ + functions/gnutls_hmac_deinit.short functions/gnutls_hmac_fast \ + functions/gnutls_hmac_fast.short functions/gnutls_hmac_get_len \ + functions/gnutls_hmac_get_len.short functions/gnutls_hmac_init \ + functions/gnutls_hmac_init.short functions/gnutls_hmac_output \ + functions/gnutls_hmac_output.short \ + functions/gnutls_hmac_set_nonce \ + functions/gnutls_hmac_set_nonce.short \ + functions/gnutls_idna_map functions/gnutls_idna_map.short \ + functions/gnutls_idna_reverse_map \ + functions/gnutls_idna_reverse_map.short functions/gnutls_init \ + functions/gnutls_init.short functions/gnutls_key_generate \ + functions/gnutls_key_generate.short functions/gnutls_kx_get \ + functions/gnutls_kx_get.short functions/gnutls_kx_get_id \ + functions/gnutls_kx_get_id.short functions/gnutls_kx_get_name \ + functions/gnutls_kx_get_name.short functions/gnutls_kx_list \ + functions/gnutls_kx_list.short functions/gnutls_load_file \ + functions/gnutls_load_file.short functions/gnutls_mac_get \ + functions/gnutls_mac_get.short functions/gnutls_mac_get_id \ + functions/gnutls_mac_get_id.short \ + functions/gnutls_mac_get_key_size \ + functions/gnutls_mac_get_key_size.short \ + functions/gnutls_mac_get_name \ + functions/gnutls_mac_get_name.short \ + functions/gnutls_mac_get_nonce_size \ + functions/gnutls_mac_get_nonce_size.short \ + functions/gnutls_mac_list functions/gnutls_mac_list.short \ + functions/gnutls_memcmp functions/gnutls_memcmp.short \ + functions/gnutls_memset functions/gnutls_memset.short \ + functions/gnutls_ocsp_req_add_cert \ + functions/gnutls_ocsp_req_add_cert.short \ + functions/gnutls_ocsp_req_add_cert_id \ + functions/gnutls_ocsp_req_add_cert_id.short \ + functions/gnutls_ocsp_req_deinit \ + functions/gnutls_ocsp_req_deinit.short \ + functions/gnutls_ocsp_req_export \ + functions/gnutls_ocsp_req_export.short \ + functions/gnutls_ocsp_req_get_cert_id \ + functions/gnutls_ocsp_req_get_cert_id.short \ + functions/gnutls_ocsp_req_get_extension \ + functions/gnutls_ocsp_req_get_extension.short \ + functions/gnutls_ocsp_req_get_nonce \ + functions/gnutls_ocsp_req_get_nonce.short \ + functions/gnutls_ocsp_req_get_version \ + functions/gnutls_ocsp_req_get_version.short \ + functions/gnutls_ocsp_req_import \ + functions/gnutls_ocsp_req_import.short \ + functions/gnutls_ocsp_req_init \ + functions/gnutls_ocsp_req_init.short \ + functions/gnutls_ocsp_req_print \ + functions/gnutls_ocsp_req_print.short \ + functions/gnutls_ocsp_req_randomize_nonce \ + functions/gnutls_ocsp_req_randomize_nonce.short \ + functions/gnutls_ocsp_req_set_extension \ + functions/gnutls_ocsp_req_set_extension.short \ + functions/gnutls_ocsp_req_set_nonce \ + functions/gnutls_ocsp_req_set_nonce.short \ + functions/gnutls_ocsp_resp_check_crt \ + functions/gnutls_ocsp_resp_check_crt.short \ + functions/gnutls_ocsp_resp_deinit \ + functions/gnutls_ocsp_resp_deinit.short \ + functions/gnutls_ocsp_resp_export \ + functions/gnutls_ocsp_resp_export.short \ + functions/gnutls_ocsp_resp_export2 \ + functions/gnutls_ocsp_resp_export2.short \ + functions/gnutls_ocsp_resp_get_certs \ + functions/gnutls_ocsp_resp_get_certs.short \ + functions/gnutls_ocsp_resp_get_extension \ + functions/gnutls_ocsp_resp_get_extension.short \ + functions/gnutls_ocsp_resp_get_nonce \ + functions/gnutls_ocsp_resp_get_nonce.short \ + functions/gnutls_ocsp_resp_get_produced \ + functions/gnutls_ocsp_resp_get_produced.short \ + functions/gnutls_ocsp_resp_get_responder \ + functions/gnutls_ocsp_resp_get_responder.short \ + functions/gnutls_ocsp_resp_get_responder2 \ + functions/gnutls_ocsp_resp_get_responder2.short \ + functions/gnutls_ocsp_resp_get_responder_raw_id \ + functions/gnutls_ocsp_resp_get_responder_raw_id.short \ + functions/gnutls_ocsp_resp_get_response \ + functions/gnutls_ocsp_resp_get_response.short \ + functions/gnutls_ocsp_resp_get_signature \ + functions/gnutls_ocsp_resp_get_signature.short \ + functions/gnutls_ocsp_resp_get_signature_algorithm \ + functions/gnutls_ocsp_resp_get_signature_algorithm.short \ + functions/gnutls_ocsp_resp_get_single \ + functions/gnutls_ocsp_resp_get_single.short \ + functions/gnutls_ocsp_resp_get_status \ + functions/gnutls_ocsp_resp_get_status.short \ + functions/gnutls_ocsp_resp_get_version \ + functions/gnutls_ocsp_resp_get_version.short \ + functions/gnutls_ocsp_resp_import \ + functions/gnutls_ocsp_resp_import.short \ + functions/gnutls_ocsp_resp_import2 \ + functions/gnutls_ocsp_resp_import2.short \ + functions/gnutls_ocsp_resp_init \ + functions/gnutls_ocsp_resp_init.short \ + functions/gnutls_ocsp_resp_list_import2 \ + functions/gnutls_ocsp_resp_list_import2.short \ + functions/gnutls_ocsp_resp_print \ + functions/gnutls_ocsp_resp_print.short \ + functions/gnutls_ocsp_resp_verify \ + functions/gnutls_ocsp_resp_verify.short \ + functions/gnutls_ocsp_resp_verify_direct \ + functions/gnutls_ocsp_resp_verify_direct.short \ + functions/gnutls_ocsp_status_request_enable_client \ + functions/gnutls_ocsp_status_request_enable_client.short \ + functions/gnutls_ocsp_status_request_get \ + functions/gnutls_ocsp_status_request_get.short \ + functions/gnutls_ocsp_status_request_get2 \ + functions/gnutls_ocsp_status_request_get2.short \ + functions/gnutls_ocsp_status_request_is_checked \ + functions/gnutls_ocsp_status_request_is_checked.short \ + functions/gnutls_oid_to_digest \ + functions/gnutls_oid_to_digest.short \ + functions/gnutls_oid_to_ecc_curve \ + functions/gnutls_oid_to_ecc_curve.short \ + functions/gnutls_oid_to_gost_paramset \ + functions/gnutls_oid_to_gost_paramset.short \ + functions/gnutls_oid_to_mac functions/gnutls_oid_to_mac.short \ + functions/gnutls_oid_to_pk functions/gnutls_oid_to_pk.short \ + functions/gnutls_oid_to_sign \ + functions/gnutls_oid_to_sign.short \ + functions/gnutls_openpgp_privkey_sign_hash \ + functions/gnutls_openpgp_privkey_sign_hash.short \ + functions/gnutls_openpgp_send_cert \ + functions/gnutls_openpgp_send_cert.short \ + functions/gnutls_packet_deinit \ + functions/gnutls_packet_deinit.short \ + functions/gnutls_packet_get functions/gnutls_packet_get.short \ + functions/gnutls_pcert_deinit \ + functions/gnutls_pcert_deinit.short \ + functions/gnutls_pcert_export_openpgp \ + functions/gnutls_pcert_export_openpgp.short \ + functions/gnutls_pcert_export_x509 \ + functions/gnutls_pcert_export_x509.short \ + functions/gnutls_pcert_import_openpgp \ + functions/gnutls_pcert_import_openpgp.short \ + functions/gnutls_pcert_import_openpgp_raw \ + functions/gnutls_pcert_import_openpgp_raw.short \ + functions/gnutls_pcert_import_rawpk \ + functions/gnutls_pcert_import_rawpk.short \ + functions/gnutls_pcert_import_rawpk_raw \ + functions/gnutls_pcert_import_rawpk_raw.short \ + functions/gnutls_pcert_import_x509 \ + functions/gnutls_pcert_import_x509.short \ + functions/gnutls_pcert_import_x509_list \ + functions/gnutls_pcert_import_x509_list.short \ + functions/gnutls_pcert_import_x509_raw \ + functions/gnutls_pcert_import_x509_raw.short \ + functions/gnutls_pcert_list_import_x509_file \ + functions/gnutls_pcert_list_import_x509_file.short \ + functions/gnutls_pcert_list_import_x509_raw \ + functions/gnutls_pcert_list_import_x509_raw.short \ + functions/gnutls_pem_base64_decode \ + functions/gnutls_pem_base64_decode.short \ + functions/gnutls_pem_base64_decode2 \ + functions/gnutls_pem_base64_decode2.short \ + functions/gnutls_pem_base64_encode \ + functions/gnutls_pem_base64_encode.short \ + functions/gnutls_pem_base64_encode2 \ + functions/gnutls_pem_base64_encode2.short \ + functions/gnutls_perror functions/gnutls_perror.short \ + functions/gnutls_pk_algorithm_get_name \ + functions/gnutls_pk_algorithm_get_name.short \ + functions/gnutls_pk_bits_to_sec_param \ + functions/gnutls_pk_bits_to_sec_param.short \ + functions/gnutls_pkcs11_add_provider \ + functions/gnutls_pkcs11_add_provider.short \ + functions/gnutls_pkcs11_copy_attached_extension \ + functions/gnutls_pkcs11_copy_attached_extension.short \ + functions/gnutls_pkcs11_copy_pubkey \ + functions/gnutls_pkcs11_copy_pubkey.short \ + functions/gnutls_pkcs11_copy_secret_key \ + functions/gnutls_pkcs11_copy_secret_key.short \ + functions/gnutls_pkcs11_copy_x509_crt \ + functions/gnutls_pkcs11_copy_x509_crt.short \ + functions/gnutls_pkcs11_copy_x509_crt2 \ + functions/gnutls_pkcs11_copy_x509_crt2.short \ + functions/gnutls_pkcs11_copy_x509_privkey \ + functions/gnutls_pkcs11_copy_x509_privkey.short \ + functions/gnutls_pkcs11_copy_x509_privkey2 \ + functions/gnutls_pkcs11_copy_x509_privkey2.short \ + functions/gnutls_pkcs11_crt_is_known \ + functions/gnutls_pkcs11_crt_is_known.short \ + functions/gnutls_pkcs11_deinit \ + functions/gnutls_pkcs11_deinit.short \ + functions/gnutls_pkcs11_delete_url \ + functions/gnutls_pkcs11_delete_url.short \ + functions/gnutls_pkcs11_get_pin_function \ + functions/gnutls_pkcs11_get_pin_function.short \ + functions/gnutls_pkcs11_get_raw_issuer \ + functions/gnutls_pkcs11_get_raw_issuer.short \ + functions/gnutls_pkcs11_get_raw_issuer_by_dn \ + functions/gnutls_pkcs11_get_raw_issuer_by_dn.short \ + functions/gnutls_pkcs11_get_raw_issuer_by_subject_key_id \ + functions/gnutls_pkcs11_get_raw_issuer_by_subject_key_id.short \ + functions/gnutls_pkcs11_init \ + functions/gnutls_pkcs11_init.short \ + functions/gnutls_pkcs11_obj_deinit \ + functions/gnutls_pkcs11_obj_deinit.short \ + functions/gnutls_pkcs11_obj_export \ + functions/gnutls_pkcs11_obj_export.short \ + functions/gnutls_pkcs11_obj_export2 \ + functions/gnutls_pkcs11_obj_export2.short \ + functions/gnutls_pkcs11_obj_export3 \ + functions/gnutls_pkcs11_obj_export3.short \ + functions/gnutls_pkcs11_obj_export_url \ + functions/gnutls_pkcs11_obj_export_url.short \ + functions/gnutls_pkcs11_obj_flags_get_str \ + functions/gnutls_pkcs11_obj_flags_get_str.short \ + functions/gnutls_pkcs11_obj_get_exts \ + functions/gnutls_pkcs11_obj_get_exts.short \ + functions/gnutls_pkcs11_obj_get_flags \ + functions/gnutls_pkcs11_obj_get_flags.short \ + functions/gnutls_pkcs11_obj_get_info \ + functions/gnutls_pkcs11_obj_get_info.short \ + functions/gnutls_pkcs11_obj_get_ptr \ + functions/gnutls_pkcs11_obj_get_ptr.short \ + functions/gnutls_pkcs11_obj_get_type \ + functions/gnutls_pkcs11_obj_get_type.short \ + functions/gnutls_pkcs11_obj_import_url \ + functions/gnutls_pkcs11_obj_import_url.short \ + functions/gnutls_pkcs11_obj_init \ + functions/gnutls_pkcs11_obj_init.short \ + functions/gnutls_pkcs11_obj_list_import_url3 \ + functions/gnutls_pkcs11_obj_list_import_url3.short \ + functions/gnutls_pkcs11_obj_list_import_url4 \ + functions/gnutls_pkcs11_obj_list_import_url4.short \ + functions/gnutls_pkcs11_obj_set_info \ + functions/gnutls_pkcs11_obj_set_info.short \ + functions/gnutls_pkcs11_obj_set_pin_function \ + functions/gnutls_pkcs11_obj_set_pin_function.short \ + functions/gnutls_pkcs11_privkey_cpy \ + functions/gnutls_pkcs11_privkey_cpy.short \ + functions/gnutls_pkcs11_privkey_deinit \ + functions/gnutls_pkcs11_privkey_deinit.short \ + functions/gnutls_pkcs11_privkey_export_pubkey \ + functions/gnutls_pkcs11_privkey_export_pubkey.short \ + functions/gnutls_pkcs11_privkey_export_url \ + functions/gnutls_pkcs11_privkey_export_url.short \ + functions/gnutls_pkcs11_privkey_generate \ + functions/gnutls_pkcs11_privkey_generate.short \ + functions/gnutls_pkcs11_privkey_generate2 \ + functions/gnutls_pkcs11_privkey_generate2.short \ + functions/gnutls_pkcs11_privkey_generate3 \ + functions/gnutls_pkcs11_privkey_generate3.short \ + functions/gnutls_pkcs11_privkey_get_info \ + functions/gnutls_pkcs11_privkey_get_info.short \ + functions/gnutls_pkcs11_privkey_get_pk_algorithm \ + functions/gnutls_pkcs11_privkey_get_pk_algorithm.short \ + functions/gnutls_pkcs11_privkey_import_url \ + functions/gnutls_pkcs11_privkey_import_url.short \ + functions/gnutls_pkcs11_privkey_init \ + functions/gnutls_pkcs11_privkey_init.short \ + functions/gnutls_pkcs11_privkey_set_pin_function \ + functions/gnutls_pkcs11_privkey_set_pin_function.short \ + functions/gnutls_pkcs11_privkey_status \ + functions/gnutls_pkcs11_privkey_status.short \ + functions/gnutls_pkcs11_reinit \ + functions/gnutls_pkcs11_reinit.short \ + functions/gnutls_pkcs11_set_pin_function \ + functions/gnutls_pkcs11_set_pin_function.short \ + functions/gnutls_pkcs11_set_token_function \ + functions/gnutls_pkcs11_set_token_function.short \ + functions/gnutls_pkcs11_token_check_mechanism \ + functions/gnutls_pkcs11_token_check_mechanism.short \ + functions/gnutls_pkcs11_token_get_flags \ + functions/gnutls_pkcs11_token_get_flags.short \ + functions/gnutls_pkcs11_token_get_info \ + functions/gnutls_pkcs11_token_get_info.short \ + functions/gnutls_pkcs11_token_get_mechanism \ + functions/gnutls_pkcs11_token_get_mechanism.short \ + functions/gnutls_pkcs11_token_get_ptr \ + functions/gnutls_pkcs11_token_get_ptr.short \ + functions/gnutls_pkcs11_token_get_random \ + functions/gnutls_pkcs11_token_get_random.short \ + functions/gnutls_pkcs11_token_get_url \ + functions/gnutls_pkcs11_token_get_url.short \ + functions/gnutls_pkcs11_token_init \ + functions/gnutls_pkcs11_token_init.short \ + functions/gnutls_pkcs11_token_set_pin \ + functions/gnutls_pkcs11_token_set_pin.short \ + functions/gnutls_pkcs11_type_get_name \ + functions/gnutls_pkcs11_type_get_name.short \ + functions/gnutls_pkcs12_bag_decrypt \ + functions/gnutls_pkcs12_bag_decrypt.short \ + functions/gnutls_pkcs12_bag_deinit \ + functions/gnutls_pkcs12_bag_deinit.short \ + functions/gnutls_pkcs12_bag_enc_info \ + functions/gnutls_pkcs12_bag_enc_info.short \ + functions/gnutls_pkcs12_bag_encrypt \ + functions/gnutls_pkcs12_bag_encrypt.short \ + functions/gnutls_pkcs12_bag_get_count \ + functions/gnutls_pkcs12_bag_get_count.short \ + functions/gnutls_pkcs12_bag_get_data \ + functions/gnutls_pkcs12_bag_get_data.short \ + functions/gnutls_pkcs12_bag_get_friendly_name \ + functions/gnutls_pkcs12_bag_get_friendly_name.short \ + functions/gnutls_pkcs12_bag_get_key_id \ + functions/gnutls_pkcs12_bag_get_key_id.short \ + functions/gnutls_pkcs12_bag_get_type \ + functions/gnutls_pkcs12_bag_get_type.short \ + functions/gnutls_pkcs12_bag_init \ + functions/gnutls_pkcs12_bag_init.short \ + functions/gnutls_pkcs12_bag_set_crl \ + functions/gnutls_pkcs12_bag_set_crl.short \ + functions/gnutls_pkcs12_bag_set_crt \ + functions/gnutls_pkcs12_bag_set_crt.short \ + functions/gnutls_pkcs12_bag_set_data \ + functions/gnutls_pkcs12_bag_set_data.short \ + functions/gnutls_pkcs12_bag_set_friendly_name \ + functions/gnutls_pkcs12_bag_set_friendly_name.short \ + functions/gnutls_pkcs12_bag_set_key_id \ + functions/gnutls_pkcs12_bag_set_key_id.short \ + functions/gnutls_pkcs12_bag_set_privkey \ + functions/gnutls_pkcs12_bag_set_privkey.short \ + functions/gnutls_pkcs12_deinit \ + functions/gnutls_pkcs12_deinit.short \ + functions/gnutls_pkcs12_export \ + functions/gnutls_pkcs12_export.short \ + functions/gnutls_pkcs12_export2 \ + functions/gnutls_pkcs12_export2.short \ + functions/gnutls_pkcs12_generate_mac \ + functions/gnutls_pkcs12_generate_mac.short \ + functions/gnutls_pkcs12_generate_mac2 \ + functions/gnutls_pkcs12_generate_mac2.short \ + functions/gnutls_pkcs12_get_bag \ + functions/gnutls_pkcs12_get_bag.short \ + functions/gnutls_pkcs12_import \ + functions/gnutls_pkcs12_import.short \ + functions/gnutls_pkcs12_init \ + functions/gnutls_pkcs12_init.short \ + functions/gnutls_pkcs12_mac_info \ + functions/gnutls_pkcs12_mac_info.short \ + functions/gnutls_pkcs12_set_bag \ + functions/gnutls_pkcs12_set_bag.short \ + functions/gnutls_pkcs12_simple_parse \ + functions/gnutls_pkcs12_simple_parse.short \ + functions/gnutls_pkcs12_verify_mac \ + functions/gnutls_pkcs12_verify_mac.short \ + functions/gnutls_pkcs7_add_attr \ + functions/gnutls_pkcs7_add_attr.short \ + functions/gnutls_pkcs7_attrs_deinit \ + functions/gnutls_pkcs7_attrs_deinit.short \ + functions/gnutls_pkcs7_deinit \ + functions/gnutls_pkcs7_deinit.short \ + functions/gnutls_pkcs7_delete_crl \ + functions/gnutls_pkcs7_delete_crl.short \ + functions/gnutls_pkcs7_delete_crt \ + functions/gnutls_pkcs7_delete_crt.short \ + functions/gnutls_pkcs7_export \ + functions/gnutls_pkcs7_export.short \ + functions/gnutls_pkcs7_export2 \ + functions/gnutls_pkcs7_export2.short \ + functions/gnutls_pkcs7_get_attr \ + functions/gnutls_pkcs7_get_attr.short \ + functions/gnutls_pkcs7_get_crl_count \ + functions/gnutls_pkcs7_get_crl_count.short \ + functions/gnutls_pkcs7_get_crl_raw \ + functions/gnutls_pkcs7_get_crl_raw.short \ + functions/gnutls_pkcs7_get_crl_raw2 \ + functions/gnutls_pkcs7_get_crl_raw2.short \ + functions/gnutls_pkcs7_get_crt_count \ + functions/gnutls_pkcs7_get_crt_count.short \ + functions/gnutls_pkcs7_get_crt_raw \ + functions/gnutls_pkcs7_get_crt_raw.short \ + functions/gnutls_pkcs7_get_crt_raw2 \ + functions/gnutls_pkcs7_get_crt_raw2.short \ + functions/gnutls_pkcs7_get_embedded_data \ + functions/gnutls_pkcs7_get_embedded_data.short \ + functions/gnutls_pkcs7_get_embedded_data_oid \ + functions/gnutls_pkcs7_get_embedded_data_oid.short \ + functions/gnutls_pkcs7_get_signature_count \ + functions/gnutls_pkcs7_get_signature_count.short \ + functions/gnutls_pkcs7_get_signature_info \ + functions/gnutls_pkcs7_get_signature_info.short \ + functions/gnutls_pkcs7_import \ + functions/gnutls_pkcs7_import.short \ + functions/gnutls_pkcs7_init functions/gnutls_pkcs7_init.short \ + functions/gnutls_pkcs7_print \ + functions/gnutls_pkcs7_print.short \ + functions/gnutls_pkcs7_set_crl \ + functions/gnutls_pkcs7_set_crl.short \ + functions/gnutls_pkcs7_set_crl_raw \ + functions/gnutls_pkcs7_set_crl_raw.short \ + functions/gnutls_pkcs7_set_crt \ + functions/gnutls_pkcs7_set_crt.short \ + functions/gnutls_pkcs7_set_crt_raw \ + functions/gnutls_pkcs7_set_crt_raw.short \ + functions/gnutls_pkcs7_sign functions/gnutls_pkcs7_sign.short \ + functions/gnutls_pkcs7_signature_info_deinit \ + functions/gnutls_pkcs7_signature_info_deinit.short \ + functions/gnutls_pkcs7_verify \ + functions/gnutls_pkcs7_verify.short \ + functions/gnutls_pkcs7_verify_direct \ + functions/gnutls_pkcs7_verify_direct.short \ + functions/gnutls_pkcs8_info functions/gnutls_pkcs8_info.short \ + functions/gnutls_pkcs_schema_get_name \ + functions/gnutls_pkcs_schema_get_name.short \ + functions/gnutls_pkcs_schema_get_oid \ + functions/gnutls_pkcs_schema_get_oid.short \ + functions/gnutls_pk_get_id functions/gnutls_pk_get_id.short \ + functions/gnutls_pk_get_name \ + functions/gnutls_pk_get_name.short functions/gnutls_pk_get_oid \ + functions/gnutls_pk_get_oid.short functions/gnutls_pk_list \ + functions/gnutls_pk_list.short functions/gnutls_pk_to_sign \ + functions/gnutls_pk_to_sign.short functions/gnutls_prf \ + functions/gnutls_prf.short functions/gnutls_prf_early \ + functions/gnutls_prf_early.short functions/gnutls_prf_raw \ + functions/gnutls_prf_raw.short functions/gnutls_prf_rfc5705 \ + functions/gnutls_prf_rfc5705.short \ + functions/gnutls_priority_certificate_type_list \ + functions/gnutls_priority_certificate_type_list.short \ + functions/gnutls_priority_certificate_type_list2 \ + functions/gnutls_priority_certificate_type_list2.short \ + functions/gnutls_priority_cipher_list \ + functions/gnutls_priority_cipher_list.short \ + functions/gnutls_priority_compression_list \ + functions/gnutls_priority_compression_list.short \ + functions/gnutls_priority_deinit \ + functions/gnutls_priority_deinit.short \ + functions/gnutls_priority_ecc_curve_list \ + functions/gnutls_priority_ecc_curve_list.short \ + functions/gnutls_priority_get_cipher_suite_index \ + functions/gnutls_priority_get_cipher_suite_index.short \ + functions/gnutls_priority_group_list \ + functions/gnutls_priority_group_list.short \ + functions/gnutls_priority_init \ + functions/gnutls_priority_init.short \ + functions/gnutls_priority_init2 \ + functions/gnutls_priority_init2.short \ + functions/gnutls_priority_kx_list \ + functions/gnutls_priority_kx_list.short \ + functions/gnutls_priority_mac_list \ + functions/gnutls_priority_mac_list.short \ + functions/gnutls_priority_protocol_list \ + functions/gnutls_priority_protocol_list.short \ + functions/gnutls_priority_set \ + functions/gnutls_priority_set.short \ + functions/gnutls_priority_set_direct \ + functions/gnutls_priority_set_direct.short \ + functions/gnutls_priority_sign_list \ + functions/gnutls_priority_sign_list.short \ + functions/gnutls_priority_string_list \ + functions/gnutls_priority_string_list.short \ + functions/gnutls_privkey_decrypt_data \ + functions/gnutls_privkey_decrypt_data.short \ + functions/gnutls_privkey_decrypt_data2 \ + functions/gnutls_privkey_decrypt_data2.short \ + functions/gnutls_privkey_deinit \ + functions/gnutls_privkey_deinit.short \ + functions/gnutls_privkey_export_dsa_raw \ + functions/gnutls_privkey_export_dsa_raw.short \ + functions/gnutls_privkey_export_dsa_raw2 \ + functions/gnutls_privkey_export_dsa_raw2.short \ + functions/gnutls_privkey_export_ecc_raw \ + functions/gnutls_privkey_export_ecc_raw.short \ + functions/gnutls_privkey_export_ecc_raw2 \ + functions/gnutls_privkey_export_ecc_raw2.short \ + functions/gnutls_privkey_export_gost_raw2 \ + functions/gnutls_privkey_export_gost_raw2.short \ + functions/gnutls_privkey_export_openpgp \ + functions/gnutls_privkey_export_openpgp.short \ + functions/gnutls_privkey_export_pkcs11 \ + functions/gnutls_privkey_export_pkcs11.short \ + functions/gnutls_privkey_export_rsa_raw \ + functions/gnutls_privkey_export_rsa_raw.short \ + functions/gnutls_privkey_export_rsa_raw2 \ + functions/gnutls_privkey_export_rsa_raw2.short \ + functions/gnutls_privkey_export_x509 \ + functions/gnutls_privkey_export_x509.short \ + functions/gnutls_privkey_generate \ + functions/gnutls_privkey_generate.short \ + functions/gnutls_privkey_generate2 \ + functions/gnutls_privkey_generate2.short \ + functions/gnutls_privkey_get_pk_algorithm \ + functions/gnutls_privkey_get_pk_algorithm.short \ + functions/gnutls_privkey_get_seed \ + functions/gnutls_privkey_get_seed.short \ + functions/gnutls_privkey_get_spki \ + functions/gnutls_privkey_get_spki.short \ + functions/gnutls_privkey_get_type \ + functions/gnutls_privkey_get_type.short \ + functions/gnutls_privkey_import_dsa_raw \ + functions/gnutls_privkey_import_dsa_raw.short \ + functions/gnutls_privkey_import_ecc_raw \ + functions/gnutls_privkey_import_ecc_raw.short \ + functions/gnutls_privkey_import_ext \ + functions/gnutls_privkey_import_ext.short \ + functions/gnutls_privkey_import_ext2 \ + functions/gnutls_privkey_import_ext2.short \ + functions/gnutls_privkey_import_ext3 \ + functions/gnutls_privkey_import_ext3.short \ + functions/gnutls_privkey_import_ext4 \ + functions/gnutls_privkey_import_ext4.short \ + functions/gnutls_privkey_import_gost_raw \ + functions/gnutls_privkey_import_gost_raw.short \ + functions/gnutls_privkey_import_openpgp \ + functions/gnutls_privkey_import_openpgp.short \ + functions/gnutls_privkey_import_openpgp_raw \ + functions/gnutls_privkey_import_openpgp_raw.short \ + functions/gnutls_privkey_import_pkcs11 \ + functions/gnutls_privkey_import_pkcs11.short \ + functions/gnutls_privkey_import_pkcs11_url \ + functions/gnutls_privkey_import_pkcs11_url.short \ + functions/gnutls_privkey_import_rsa_raw \ + functions/gnutls_privkey_import_rsa_raw.short \ + functions/gnutls_privkey_import_tpm_raw \ + functions/gnutls_privkey_import_tpm_raw.short \ + functions/gnutls_privkey_import_tpm_url \ + functions/gnutls_privkey_import_tpm_url.short \ + functions/gnutls_privkey_import_url \ + functions/gnutls_privkey_import_url.short \ + functions/gnutls_privkey_import_x509 \ + functions/gnutls_privkey_import_x509.short \ + functions/gnutls_privkey_import_x509_raw \ + functions/gnutls_privkey_import_x509_raw.short \ + functions/gnutls_privkey_init \ + functions/gnutls_privkey_init.short \ + functions/gnutls_privkey_set_flags \ + functions/gnutls_privkey_set_flags.short \ + functions/gnutls_privkey_set_pin_function \ + functions/gnutls_privkey_set_pin_function.short \ + functions/gnutls_privkey_set_spki \ + functions/gnutls_privkey_set_spki.short \ + functions/gnutls_privkey_sign_data \ + functions/gnutls_privkey_sign_data.short \ + functions/gnutls_privkey_sign_data2 \ + functions/gnutls_privkey_sign_data2.short \ + functions/gnutls_privkey_sign_hash \ + functions/gnutls_privkey_sign_hash.short \ + functions/gnutls_privkey_sign_hash2 \ + functions/gnutls_privkey_sign_hash2.short \ + functions/gnutls_privkey_status \ + functions/gnutls_privkey_status.short \ + functions/gnutls_privkey_verify_params \ + functions/gnutls_privkey_verify_params.short \ + functions/gnutls_privkey_verify_seed \ + functions/gnutls_privkey_verify_seed.short \ + functions/gnutls_protocol_get_id \ + functions/gnutls_protocol_get_id.short \ + functions/gnutls_protocol_get_name \ + functions/gnutls_protocol_get_name.short \ + functions/gnutls_protocol_get_version \ + functions/gnutls_protocol_get_version.short \ + functions/gnutls_protocol_list \ + functions/gnutls_protocol_list.short \ + functions/gnutls_psk_allocate_client_credentials \ + functions/gnutls_psk_allocate_client_credentials.short \ + functions/gnutls_psk_allocate_server_credentials \ + functions/gnutls_psk_allocate_server_credentials.short \ + functions/gnutls_psk_client_get_hint \ + functions/gnutls_psk_client_get_hint.short \ + functions/gnutls_psk_free_client_credentials \ + functions/gnutls_psk_free_client_credentials.short \ + functions/gnutls_psk_free_server_credentials \ + functions/gnutls_psk_free_server_credentials.short \ + functions/gnutls_psk_server_get_username \ + functions/gnutls_psk_server_get_username.short \ + functions/gnutls_psk_set_client_credentials \ + functions/gnutls_psk_set_client_credentials.short \ + functions/gnutls_psk_set_client_credentials_function \ + functions/gnutls_psk_set_client_credentials_function.short \ + functions/gnutls_psk_set_params_function \ + functions/gnutls_psk_set_params_function.short \ + functions/gnutls_psk_set_server_credentials_file \ + functions/gnutls_psk_set_server_credentials_file.short \ + functions/gnutls_psk_set_server_credentials_function \ + functions/gnutls_psk_set_server_credentials_function.short \ + functions/gnutls_psk_set_server_credentials_hint \ + functions/gnutls_psk_set_server_credentials_hint.short \ + functions/gnutls_psk_set_server_dh_params \ + functions/gnutls_psk_set_server_dh_params.short \ + functions/gnutls_psk_set_server_known_dh_params \ + functions/gnutls_psk_set_server_known_dh_params.short \ + functions/gnutls_psk_set_server_params_function \ + functions/gnutls_psk_set_server_params_function.short \ + functions/gnutls_pubkey_deinit \ + functions/gnutls_pubkey_deinit.short \ + functions/gnutls_pubkey_encrypt_data \ + functions/gnutls_pubkey_encrypt_data.short \ + functions/gnutls_pubkey_export \ + functions/gnutls_pubkey_export.short \ + functions/gnutls_pubkey_export2 \ + functions/gnutls_pubkey_export2.short \ + functions/gnutls_pubkey_export_dsa_raw \ + functions/gnutls_pubkey_export_dsa_raw.short \ + functions/gnutls_pubkey_export_dsa_raw2 \ + functions/gnutls_pubkey_export_dsa_raw2.short \ + functions/gnutls_pubkey_export_ecc_raw \ + functions/gnutls_pubkey_export_ecc_raw.short \ + functions/gnutls_pubkey_export_ecc_raw2 \ + functions/gnutls_pubkey_export_ecc_raw2.short \ + functions/gnutls_pubkey_export_ecc_x962 \ + functions/gnutls_pubkey_export_ecc_x962.short \ + functions/gnutls_pubkey_export_gost_raw2 \ + functions/gnutls_pubkey_export_gost_raw2.short \ + functions/gnutls_pubkey_export_rsa_raw \ + functions/gnutls_pubkey_export_rsa_raw.short \ + functions/gnutls_pubkey_export_rsa_raw2 \ + functions/gnutls_pubkey_export_rsa_raw2.short \ + functions/gnutls_pubkey_get_key_id \ + functions/gnutls_pubkey_get_key_id.short \ + functions/gnutls_pubkey_get_key_usage \ + functions/gnutls_pubkey_get_key_usage.short \ + functions/gnutls_pubkey_get_openpgp_key_id \ + functions/gnutls_pubkey_get_openpgp_key_id.short \ + functions/gnutls_pubkey_get_pk_algorithm \ + functions/gnutls_pubkey_get_pk_algorithm.short \ + functions/gnutls_pubkey_get_preferred_hash_algorithm \ + functions/gnutls_pubkey_get_preferred_hash_algorithm.short \ + functions/gnutls_pubkey_get_spki \ + functions/gnutls_pubkey_get_spki.short \ + functions/gnutls_pubkey_import \ + functions/gnutls_pubkey_import.short \ + functions/gnutls_pubkey_import_dsa_raw \ + functions/gnutls_pubkey_import_dsa_raw.short \ + functions/gnutls_pubkey_import_ecc_raw \ + functions/gnutls_pubkey_import_ecc_raw.short \ + functions/gnutls_pubkey_import_ecc_x962 \ + functions/gnutls_pubkey_import_ecc_x962.short \ + functions/gnutls_pubkey_import_gost_raw \ + functions/gnutls_pubkey_import_gost_raw.short \ + functions/gnutls_pubkey_import_openpgp \ + functions/gnutls_pubkey_import_openpgp.short \ + functions/gnutls_pubkey_import_openpgp_raw \ + functions/gnutls_pubkey_import_openpgp_raw.short \ + functions/gnutls_pubkey_import_pkcs11 \ + functions/gnutls_pubkey_import_pkcs11.short \ + functions/gnutls_pubkey_import_privkey \ + functions/gnutls_pubkey_import_privkey.short \ + functions/gnutls_pubkey_import_rsa_raw \ + functions/gnutls_pubkey_import_rsa_raw.short \ + functions/gnutls_pubkey_import_tpm_raw \ + functions/gnutls_pubkey_import_tpm_raw.short \ + functions/gnutls_pubkey_import_tpm_url \ + functions/gnutls_pubkey_import_tpm_url.short \ + functions/gnutls_pubkey_import_url \ + functions/gnutls_pubkey_import_url.short \ + functions/gnutls_pubkey_import_x509 \ + functions/gnutls_pubkey_import_x509.short \ + functions/gnutls_pubkey_import_x509_crq \ + functions/gnutls_pubkey_import_x509_crq.short \ + functions/gnutls_pubkey_import_x509_raw \ + functions/gnutls_pubkey_import_x509_raw.short \ + functions/gnutls_pubkey_init \ + functions/gnutls_pubkey_init.short \ + functions/gnutls_pubkey_print \ + functions/gnutls_pubkey_print.short \ + functions/gnutls_pubkey_set_key_usage \ + functions/gnutls_pubkey_set_key_usage.short \ + functions/gnutls_pubkey_set_pin_function \ + functions/gnutls_pubkey_set_pin_function.short \ + functions/gnutls_pubkey_set_spki \ + functions/gnutls_pubkey_set_spki.short \ + functions/gnutls_pubkey_verify_data2 \ + functions/gnutls_pubkey_verify_data2.short \ + functions/gnutls_pubkey_verify_hash2 \ + functions/gnutls_pubkey_verify_hash2.short \ + functions/gnutls_pubkey_verify_params \ + functions/gnutls_pubkey_verify_params.short \ + functions/gnutls_random_art functions/gnutls_random_art.short \ + functions/gnutls_range_split \ + functions/gnutls_range_split.short functions/gnutls_reauth \ + functions/gnutls_reauth.short \ + functions/gnutls_record_can_use_length_hiding \ + functions/gnutls_record_can_use_length_hiding.short \ + functions/gnutls_record_check_corked \ + functions/gnutls_record_check_corked.short \ + functions/gnutls_record_check_pending \ + functions/gnutls_record_check_pending.short \ + functions/gnutls_record_cork \ + functions/gnutls_record_cork.short \ + functions/gnutls_record_disable_padding \ + functions/gnutls_record_disable_padding.short \ + functions/gnutls_record_discard_queued \ + functions/gnutls_record_discard_queued.short \ + functions/gnutls_record_get_direction \ + functions/gnutls_record_get_direction.short \ + functions/gnutls_record_get_discarded \ + functions/gnutls_record_get_discarded.short \ + functions/gnutls_record_get_max_early_data_size \ + functions/gnutls_record_get_max_early_data_size.short \ + functions/gnutls_record_get_max_size \ + functions/gnutls_record_get_max_size.short \ + functions/gnutls_record_get_state \ + functions/gnutls_record_get_state.short \ + functions/gnutls_record_overhead_size \ + functions/gnutls_record_overhead_size.short \ + functions/gnutls_record_recv \ + functions/gnutls_record_recv.short \ + functions/gnutls_record_recv_early_data \ + functions/gnutls_record_recv_early_data.short \ + functions/gnutls_record_recv_packet \ + functions/gnutls_record_recv_packet.short \ + functions/gnutls_record_recv_seq \ + functions/gnutls_record_recv_seq.short \ + functions/gnutls_record_send \ + functions/gnutls_record_send.short \ + functions/gnutls_record_send2 \ + functions/gnutls_record_send2.short \ + functions/gnutls_record_send_early_data \ + functions/gnutls_record_send_early_data.short \ + functions/gnutls_record_send_range \ + functions/gnutls_record_send_range.short \ + functions/gnutls_record_set_max_early_data_size \ + functions/gnutls_record_set_max_early_data_size.short \ + functions/gnutls_record_set_max_recv_size \ + functions/gnutls_record_set_max_recv_size.short \ + functions/gnutls_record_set_max_size \ + functions/gnutls_record_set_max_size.short \ + functions/gnutls_record_set_state \ + functions/gnutls_record_set_state.short \ + functions/gnutls_record_set_timeout \ + functions/gnutls_record_set_timeout.short \ + functions/gnutls_record_uncork \ + functions/gnutls_record_uncork.short \ + functions/gnutls_register_custom_url \ + functions/gnutls_register_custom_url.short \ + functions/gnutls_rehandshake \ + functions/gnutls_rehandshake.short functions/gnutls_rnd \ + functions/gnutls_rnd.short functions/gnutls_rnd_refresh \ + functions/gnutls_rnd_refresh.short \ + functions/gnutls_safe_renegotiation_status \ + functions/gnutls_safe_renegotiation_status.short \ + functions/gnutls_sec_param_get_name \ + functions/gnutls_sec_param_get_name.short \ + functions/gnutls_sec_param_to_pk_bits \ + functions/gnutls_sec_param_to_pk_bits.short \ + functions/gnutls_sec_param_to_symmetric_bits \ + functions/gnutls_sec_param_to_symmetric_bits.short \ + functions/gnutls_server_name_get \ + functions/gnutls_server_name_get.short \ + functions/gnutls_server_name_set \ + functions/gnutls_server_name_set.short \ + functions/gnutls_session_channel_binding \ + functions/gnutls_session_channel_binding.short \ + functions/gnutls_session_enable_compatibility_mode \ + functions/gnutls_session_enable_compatibility_mode.short \ + functions/gnutls_session_etm_status \ + functions/gnutls_session_etm_status.short \ + functions/gnutls_session_ext_master_secret_status \ + functions/gnutls_session_ext_master_secret_status.short \ + functions/gnutls_session_ext_register \ + functions/gnutls_session_ext_register.short \ + functions/gnutls_session_force_valid \ + functions/gnutls_session_force_valid.short \ + functions/gnutls_session_get_data \ + functions/gnutls_session_get_data.short \ + functions/gnutls_session_get_data2 \ + functions/gnutls_session_get_data2.short \ + functions/gnutls_session_get_desc \ + functions/gnutls_session_get_desc.short \ + functions/gnutls_session_get_flags \ + functions/gnutls_session_get_flags.short \ + functions/gnutls_session_get_id \ + functions/gnutls_session_get_id.short \ + functions/gnutls_session_get_id2 \ + functions/gnutls_session_get_id2.short \ + functions/gnutls_session_get_master_secret \ + functions/gnutls_session_get_master_secret.short \ + functions/gnutls_session_get_ptr \ + functions/gnutls_session_get_ptr.short \ + functions/gnutls_session_get_random \ + functions/gnutls_session_get_random.short \ + functions/gnutls_session_get_verify_cert_status \ + functions/gnutls_session_get_verify_cert_status.short \ + functions/gnutls_session_is_resumed \ + functions/gnutls_session_is_resumed.short \ + functions/gnutls_session_key_update \ + functions/gnutls_session_key_update.short \ + functions/gnutls_session_resumption_requested \ + functions/gnutls_session_resumption_requested.short \ + functions/gnutls_session_set_data \ + functions/gnutls_session_set_data.short \ + functions/gnutls_session_set_id \ + functions/gnutls_session_set_id.short \ + functions/gnutls_session_set_premaster \ + functions/gnutls_session_set_premaster.short \ + functions/gnutls_session_set_ptr \ + functions/gnutls_session_set_ptr.short \ + functions/gnutls_session_set_verify_cert \ + functions/gnutls_session_set_verify_cert.short \ + functions/gnutls_session_set_verify_cert2 \ + functions/gnutls_session_set_verify_cert2.short \ + functions/gnutls_session_set_verify_function \ + functions/gnutls_session_set_verify_function.short \ + functions/gnutls_session_supplemental_register \ + functions/gnutls_session_supplemental_register.short \ + functions/gnutls_session_ticket_enable_client \ + functions/gnutls_session_ticket_enable_client.short \ + functions/gnutls_session_ticket_enable_server \ + functions/gnutls_session_ticket_enable_server.short \ + functions/gnutls_session_ticket_key_generate \ + functions/gnutls_session_ticket_key_generate.short \ + functions/gnutls_session_ticket_send \ + functions/gnutls_session_ticket_send.short \ + functions/gnutls_set_default_priority \ + functions/gnutls_set_default_priority.short \ + functions/gnutls_set_default_priority_append \ + functions/gnutls_set_default_priority_append.short \ + functions/gnutls_sign_algorithm_get \ + functions/gnutls_sign_algorithm_get.short \ + functions/gnutls_sign_algorithm_get_client \ + functions/gnutls_sign_algorithm_get_client.short \ + functions/gnutls_sign_algorithm_get_requested \ + functions/gnutls_sign_algorithm_get_requested.short \ + functions/gnutls_sign_get_hash_algorithm \ + functions/gnutls_sign_get_hash_algorithm.short \ + functions/gnutls_sign_get_id \ + functions/gnutls_sign_get_id.short \ + functions/gnutls_sign_get_name \ + functions/gnutls_sign_get_name.short \ + functions/gnutls_sign_get_oid \ + functions/gnutls_sign_get_oid.short \ + functions/gnutls_sign_get_pk_algorithm \ + functions/gnutls_sign_get_pk_algorithm.short \ + functions/gnutls_sign_is_secure \ + functions/gnutls_sign_is_secure.short \ + functions/gnutls_sign_is_secure2 \ + functions/gnutls_sign_is_secure2.short \ + functions/gnutls_sign_list functions/gnutls_sign_list.short \ + functions/gnutls_sign_supports_pk_algorithm \ + functions/gnutls_sign_supports_pk_algorithm.short \ + functions/gnutls_srp_allocate_client_credentials \ + functions/gnutls_srp_allocate_client_credentials.short \ + functions/gnutls_srp_allocate_server_credentials \ + functions/gnutls_srp_allocate_server_credentials.short \ + functions/gnutls_srp_base64_decode \ + functions/gnutls_srp_base64_decode.short \ + functions/gnutls_srp_base64_decode2 \ + functions/gnutls_srp_base64_decode2.short \ + functions/gnutls_srp_base64_encode \ + functions/gnutls_srp_base64_encode.short \ + functions/gnutls_srp_base64_encode2 \ + functions/gnutls_srp_base64_encode2.short \ + functions/gnutls_srp_free_client_credentials \ + functions/gnutls_srp_free_client_credentials.short \ + functions/gnutls_srp_free_server_credentials \ + functions/gnutls_srp_free_server_credentials.short \ + functions/gnutls_srp_server_get_username \ + functions/gnutls_srp_server_get_username.short \ + functions/gnutls_srp_set_client_credentials \ + functions/gnutls_srp_set_client_credentials.short \ + functions/gnutls_srp_set_client_credentials_function \ + functions/gnutls_srp_set_client_credentials_function.short \ + functions/gnutls_srp_set_prime_bits \ + functions/gnutls_srp_set_prime_bits.short \ + functions/gnutls_srp_set_server_credentials_file \ + functions/gnutls_srp_set_server_credentials_file.short \ + functions/gnutls_srp_set_server_credentials_function \ + functions/gnutls_srp_set_server_credentials_function.short \ + functions/gnutls_srp_set_server_fake_salt_seed \ + functions/gnutls_srp_set_server_fake_salt_seed.short \ + functions/gnutls_srp_verifier \ + functions/gnutls_srp_verifier.short \ + functions/gnutls_srtp_get_keys \ + functions/gnutls_srtp_get_keys.short \ + functions/gnutls_srtp_get_mki \ + functions/gnutls_srtp_get_mki.short \ + functions/gnutls_srtp_get_profile_id \ + functions/gnutls_srtp_get_profile_id.short \ + functions/gnutls_srtp_get_profile_name \ + functions/gnutls_srtp_get_profile_name.short \ + functions/gnutls_srtp_get_selected_profile \ + functions/gnutls_srtp_get_selected_profile.short \ + functions/gnutls_srtp_set_mki \ + functions/gnutls_srtp_set_mki.short \ + functions/gnutls_srtp_set_profile \ + functions/gnutls_srtp_set_profile.short \ + functions/gnutls_srtp_set_profile_direct \ + functions/gnutls_srtp_set_profile_direct.short \ + functions/gnutls_store_commitment \ + functions/gnutls_store_commitment.short \ + functions/gnutls_store_pubkey \ + functions/gnutls_store_pubkey.short functions/gnutls_strerror \ + functions/gnutls_strerror.short functions/gnutls_strerror_name \ + functions/gnutls_strerror_name.short \ + functions/gnutls_subject_alt_names_deinit \ + functions/gnutls_subject_alt_names_deinit.short \ + functions/gnutls_subject_alt_names_get \ + functions/gnutls_subject_alt_names_get.short \ + functions/gnutls_subject_alt_names_init \ + functions/gnutls_subject_alt_names_init.short \ + functions/gnutls_subject_alt_names_set \ + functions/gnutls_subject_alt_names_set.short \ + functions/gnutls_supplemental_get_name \ + functions/gnutls_supplemental_get_name.short \ + functions/gnutls_supplemental_recv \ + functions/gnutls_supplemental_recv.short \ + functions/gnutls_supplemental_register \ + functions/gnutls_supplemental_register.short \ + functions/gnutls_supplemental_send \ + functions/gnutls_supplemental_send.short \ + functions/gnutls_system_key_add_x509 \ + functions/gnutls_system_key_add_x509.short \ + functions/gnutls_system_key_delete \ + functions/gnutls_system_key_delete.short \ + functions/gnutls_system_key_iter_deinit \ + functions/gnutls_system_key_iter_deinit.short \ + functions/gnutls_system_key_iter_get_info \ + functions/gnutls_system_key_iter_get_info.short \ + functions/gnutls_system_recv_timeout \ + functions/gnutls_system_recv_timeout.short \ + functions/gnutls_tdb_deinit functions/gnutls_tdb_deinit.short \ + functions/gnutls_tdb_init functions/gnutls_tdb_init.short \ + functions/gnutls_tdb_set_store_commitment_func \ + functions/gnutls_tdb_set_store_commitment_func.short \ + functions/gnutls_tdb_set_store_func \ + functions/gnutls_tdb_set_store_func.short \ + functions/gnutls_tdb_set_verify_func \ + functions/gnutls_tdb_set_verify_func.short \ + functions/gnutls_tpm_get_registered \ + functions/gnutls_tpm_get_registered.short \ + functions/gnutls_tpm_key_list_deinit \ + functions/gnutls_tpm_key_list_deinit.short \ + functions/gnutls_tpm_key_list_get_url \ + functions/gnutls_tpm_key_list_get_url.short \ + functions/gnutls_tpm_privkey_delete \ + functions/gnutls_tpm_privkey_delete.short \ + functions/gnutls_tpm_privkey_generate \ + functions/gnutls_tpm_privkey_generate.short \ + functions/gnutls_transport_get_int \ + functions/gnutls_transport_get_int.short \ + functions/gnutls_transport_get_int2 \ + functions/gnutls_transport_get_int2.short \ + functions/gnutls_transport_get_ptr \ + functions/gnutls_transport_get_ptr.short \ + functions/gnutls_transport_get_ptr2 \ + functions/gnutls_transport_get_ptr2.short \ + functions/gnutls_transport_set_errno \ + functions/gnutls_transport_set_errno.short \ + functions/gnutls_transport_set_errno_function \ + functions/gnutls_transport_set_errno_function.short \ + functions/gnutls_transport_set_fastopen \ + functions/gnutls_transport_set_fastopen.short \ + functions/gnutls_transport_set_int \ + functions/gnutls_transport_set_int.short \ + functions/gnutls_transport_set_int2 \ + functions/gnutls_transport_set_int2.short \ + functions/gnutls_transport_set_ptr \ + functions/gnutls_transport_set_ptr.short \ + functions/gnutls_transport_set_ptr2 \ + functions/gnutls_transport_set_ptr2.short \ + functions/gnutls_transport_set_pull_function \ + functions/gnutls_transport_set_pull_function.short \ + functions/gnutls_transport_set_pull_timeout_function \ + functions/gnutls_transport_set_pull_timeout_function.short \ + functions/gnutls_transport_set_push_function \ + functions/gnutls_transport_set_push_function.short \ + functions/gnutls_transport_set_vec_push_function \ + functions/gnutls_transport_set_vec_push_function.short \ + functions/gnutls_url_is_supported \ + functions/gnutls_url_is_supported.short \ + functions/gnutls_utf8_password_normalize \ + functions/gnutls_utf8_password_normalize.short \ + functions/gnutls_verify_stored_pubkey \ + functions/gnutls_verify_stored_pubkey.short \ + functions/gnutls_x509_aia_deinit \ + functions/gnutls_x509_aia_deinit.short \ + functions/gnutls_x509_aia_get \ + functions/gnutls_x509_aia_get.short \ + functions/gnutls_x509_aia_init \ + functions/gnutls_x509_aia_init.short \ + functions/gnutls_x509_aia_set \ + functions/gnutls_x509_aia_set.short \ + functions/gnutls_x509_aki_deinit \ + functions/gnutls_x509_aki_deinit.short \ + functions/gnutls_x509_aki_get_cert_issuer \ + functions/gnutls_x509_aki_get_cert_issuer.short \ + functions/gnutls_x509_aki_get_id \ + functions/gnutls_x509_aki_get_id.short \ + functions/gnutls_x509_aki_init \ + functions/gnutls_x509_aki_init.short \ + functions/gnutls_x509_aki_set_cert_issuer \ + functions/gnutls_x509_aki_set_cert_issuer.short \ + functions/gnutls_x509_aki_set_id \ + functions/gnutls_x509_aki_set_id.short \ + functions/gnutls_x509_cidr_to_rfc5280 \ + functions/gnutls_x509_cidr_to_rfc5280.short \ + functions/gnutls_x509_crl_check_issuer \ + functions/gnutls_x509_crl_check_issuer.short \ + functions/gnutls_x509_crl_deinit \ + functions/gnutls_x509_crl_deinit.short \ + functions/gnutls_x509_crl_dist_points_deinit \ + functions/gnutls_x509_crl_dist_points_deinit.short \ + functions/gnutls_x509_crl_dist_points_get \ + functions/gnutls_x509_crl_dist_points_get.short \ + functions/gnutls_x509_crl_dist_points_init \ + functions/gnutls_x509_crl_dist_points_init.short \ + functions/gnutls_x509_crl_dist_points_set \ + functions/gnutls_x509_crl_dist_points_set.short \ + functions/gnutls_x509_crl_export \ + functions/gnutls_x509_crl_export.short \ + functions/gnutls_x509_crl_export2 \ + functions/gnutls_x509_crl_export2.short \ + functions/gnutls_x509_crl_get_authority_key_gn_serial \ + functions/gnutls_x509_crl_get_authority_key_gn_serial.short \ + functions/gnutls_x509_crl_get_authority_key_id \ + functions/gnutls_x509_crl_get_authority_key_id.short \ + functions/gnutls_x509_crl_get_crt_count \ + functions/gnutls_x509_crl_get_crt_count.short \ + functions/gnutls_x509_crl_get_crt_serial \ + functions/gnutls_x509_crl_get_crt_serial.short \ + functions/gnutls_x509_crl_get_dn_oid \ + functions/gnutls_x509_crl_get_dn_oid.short \ + functions/gnutls_x509_crl_get_extension_data \ + functions/gnutls_x509_crl_get_extension_data.short \ + functions/gnutls_x509_crl_get_extension_data2 \ + functions/gnutls_x509_crl_get_extension_data2.short \ + functions/gnutls_x509_crl_get_extension_info \ + functions/gnutls_x509_crl_get_extension_info.short \ + functions/gnutls_x509_crl_get_extension_oid \ + functions/gnutls_x509_crl_get_extension_oid.short \ + functions/gnutls_x509_crl_get_issuer_dn \ + functions/gnutls_x509_crl_get_issuer_dn.short \ + functions/gnutls_x509_crl_get_issuer_dn2 \ + functions/gnutls_x509_crl_get_issuer_dn2.short \ + functions/gnutls_x509_crl_get_issuer_dn3 \ + functions/gnutls_x509_crl_get_issuer_dn3.short \ + functions/gnutls_x509_crl_get_issuer_dn_by_oid \ + functions/gnutls_x509_crl_get_issuer_dn_by_oid.short \ + functions/gnutls_x509_crl_get_next_update \ + functions/gnutls_x509_crl_get_next_update.short \ + functions/gnutls_x509_crl_get_number \ + functions/gnutls_x509_crl_get_number.short \ + functions/gnutls_x509_crl_get_raw_issuer_dn \ + functions/gnutls_x509_crl_get_raw_issuer_dn.short \ + functions/gnutls_x509_crl_get_signature \ + functions/gnutls_x509_crl_get_signature.short \ + functions/gnutls_x509_crl_get_signature_algorithm \ + functions/gnutls_x509_crl_get_signature_algorithm.short \ + functions/gnutls_x509_crl_get_signature_oid \ + functions/gnutls_x509_crl_get_signature_oid.short \ + functions/gnutls_x509_crl_get_this_update \ + functions/gnutls_x509_crl_get_this_update.short \ + functions/gnutls_x509_crl_get_version \ + functions/gnutls_x509_crl_get_version.short \ + functions/gnutls_x509_crl_import \ + functions/gnutls_x509_crl_import.short \ + functions/gnutls_x509_crl_init \ + functions/gnutls_x509_crl_init.short \ + functions/gnutls_x509_crl_iter_crt_serial \ + functions/gnutls_x509_crl_iter_crt_serial.short \ + functions/gnutls_x509_crl_iter_deinit \ + functions/gnutls_x509_crl_iter_deinit.short \ + functions/gnutls_x509_crl_list_import \ + functions/gnutls_x509_crl_list_import.short \ + functions/gnutls_x509_crl_list_import2 \ + functions/gnutls_x509_crl_list_import2.short \ + functions/gnutls_x509_crl_print \ + functions/gnutls_x509_crl_print.short \ + functions/gnutls_x509_crl_privkey_sign \ + functions/gnutls_x509_crl_privkey_sign.short \ + functions/gnutls_x509_crl_set_authority_key_id \ + functions/gnutls_x509_crl_set_authority_key_id.short \ + functions/gnutls_x509_crl_set_crt \ + functions/gnutls_x509_crl_set_crt.short \ + functions/gnutls_x509_crl_set_crt_serial \ + functions/gnutls_x509_crl_set_crt_serial.short \ + functions/gnutls_x509_crl_set_next_update \ + functions/gnutls_x509_crl_set_next_update.short \ + functions/gnutls_x509_crl_set_number \ + functions/gnutls_x509_crl_set_number.short \ + functions/gnutls_x509_crl_set_this_update \ + functions/gnutls_x509_crl_set_this_update.short \ + functions/gnutls_x509_crl_set_version \ + functions/gnutls_x509_crl_set_version.short \ + functions/gnutls_x509_crl_sign \ + functions/gnutls_x509_crl_sign.short \ + functions/gnutls_x509_crl_sign2 \ + functions/gnutls_x509_crl_sign2.short \ + functions/gnutls_x509_crl_verify \ + functions/gnutls_x509_crl_verify.short \ + functions/gnutls_x509_crq_deinit \ + functions/gnutls_x509_crq_deinit.short \ + functions/gnutls_x509_crq_export \ + functions/gnutls_x509_crq_export.short \ + functions/gnutls_x509_crq_export2 \ + functions/gnutls_x509_crq_export2.short \ + functions/gnutls_x509_crq_get_attribute_by_oid \ + functions/gnutls_x509_crq_get_attribute_by_oid.short \ + functions/gnutls_x509_crq_get_attribute_data \ + functions/gnutls_x509_crq_get_attribute_data.short \ + functions/gnutls_x509_crq_get_attribute_info \ + functions/gnutls_x509_crq_get_attribute_info.short \ + functions/gnutls_x509_crq_get_basic_constraints \ + functions/gnutls_x509_crq_get_basic_constraints.short \ + functions/gnutls_x509_crq_get_challenge_password \ + functions/gnutls_x509_crq_get_challenge_password.short \ + functions/gnutls_x509_crq_get_dn \ + functions/gnutls_x509_crq_get_dn.short \ + functions/gnutls_x509_crq_get_dn2 \ + functions/gnutls_x509_crq_get_dn2.short \ + functions/gnutls_x509_crq_get_dn3 \ + functions/gnutls_x509_crq_get_dn3.short \ + functions/gnutls_x509_crq_get_dn_by_oid \ + functions/gnutls_x509_crq_get_dn_by_oid.short \ + functions/gnutls_x509_crq_get_dn_oid \ + functions/gnutls_x509_crq_get_dn_oid.short \ + functions/gnutls_x509_crq_get_extension_by_oid \ + functions/gnutls_x509_crq_get_extension_by_oid.short \ + functions/gnutls_x509_crq_get_extension_by_oid2 \ + functions/gnutls_x509_crq_get_extension_by_oid2.short \ + functions/gnutls_x509_crq_get_extension_data \ + functions/gnutls_x509_crq_get_extension_data.short \ + functions/gnutls_x509_crq_get_extension_data2 \ + functions/gnutls_x509_crq_get_extension_data2.short \ + functions/gnutls_x509_crq_get_extension_info \ + functions/gnutls_x509_crq_get_extension_info.short \ + functions/gnutls_x509_crq_get_key_id \ + functions/gnutls_x509_crq_get_key_id.short \ + functions/gnutls_x509_crq_get_key_purpose_oid \ + functions/gnutls_x509_crq_get_key_purpose_oid.short \ + functions/gnutls_x509_crq_get_key_rsa_raw \ + functions/gnutls_x509_crq_get_key_rsa_raw.short \ + functions/gnutls_x509_crq_get_key_usage \ + functions/gnutls_x509_crq_get_key_usage.short \ + functions/gnutls_x509_crq_get_pk_algorithm \ + functions/gnutls_x509_crq_get_pk_algorithm.short \ + functions/gnutls_x509_crq_get_pk_oid \ + functions/gnutls_x509_crq_get_pk_oid.short \ + functions/gnutls_x509_crq_get_private_key_usage_period \ + functions/gnutls_x509_crq_get_private_key_usage_period.short \ + functions/gnutls_x509_crq_get_signature_algorithm \ + functions/gnutls_x509_crq_get_signature_algorithm.short \ + functions/gnutls_x509_crq_get_signature_oid \ + functions/gnutls_x509_crq_get_signature_oid.short \ + functions/gnutls_x509_crq_get_spki \ + functions/gnutls_x509_crq_get_spki.short \ + functions/gnutls_x509_crq_get_subject_alt_name \ + functions/gnutls_x509_crq_get_subject_alt_name.short \ + functions/gnutls_x509_crq_get_subject_alt_othername_oid \ + functions/gnutls_x509_crq_get_subject_alt_othername_oid.short \ + functions/gnutls_x509_crq_get_tlsfeatures \ + functions/gnutls_x509_crq_get_tlsfeatures.short \ + functions/gnutls_x509_crq_get_version \ + functions/gnutls_x509_crq_get_version.short \ + functions/gnutls_x509_crq_import \ + functions/gnutls_x509_crq_import.short \ + functions/gnutls_x509_crq_init \ + functions/gnutls_x509_crq_init.short \ + functions/gnutls_x509_crq_print \ + functions/gnutls_x509_crq_print.short \ + functions/gnutls_x509_crq_privkey_sign \ + functions/gnutls_x509_crq_privkey_sign.short \ + functions/gnutls_x509_crq_set_attribute_by_oid \ + functions/gnutls_x509_crq_set_attribute_by_oid.short \ + functions/gnutls_x509_crq_set_basic_constraints \ + functions/gnutls_x509_crq_set_basic_constraints.short \ + functions/gnutls_x509_crq_set_challenge_password \ + functions/gnutls_x509_crq_set_challenge_password.short \ + functions/gnutls_x509_crq_set_dn \ + functions/gnutls_x509_crq_set_dn.short \ + functions/gnutls_x509_crq_set_dn_by_oid \ + functions/gnutls_x509_crq_set_dn_by_oid.short \ + functions/gnutls_x509_crq_set_extension_by_oid \ + functions/gnutls_x509_crq_set_extension_by_oid.short \ + functions/gnutls_x509_crq_set_key \ + functions/gnutls_x509_crq_set_key.short \ + functions/gnutls_x509_crq_set_key_purpose_oid \ + functions/gnutls_x509_crq_set_key_purpose_oid.short \ + functions/gnutls_x509_crq_set_key_rsa_raw \ + functions/gnutls_x509_crq_set_key_rsa_raw.short \ + functions/gnutls_x509_crq_set_key_usage \ + functions/gnutls_x509_crq_set_key_usage.short \ + functions/gnutls_x509_crq_set_private_key_usage_period \ + functions/gnutls_x509_crq_set_private_key_usage_period.short \ + functions/gnutls_x509_crq_set_pubkey \ + functions/gnutls_x509_crq_set_pubkey.short \ + functions/gnutls_x509_crq_set_spki \ + functions/gnutls_x509_crq_set_spki.short \ + functions/gnutls_x509_crq_set_subject_alt_name \ + functions/gnutls_x509_crq_set_subject_alt_name.short \ + functions/gnutls_x509_crq_set_subject_alt_othername \ + functions/gnutls_x509_crq_set_subject_alt_othername.short \ + functions/gnutls_x509_crq_set_tlsfeatures \ + functions/gnutls_x509_crq_set_tlsfeatures.short \ + functions/gnutls_x509_crq_set_version \ + functions/gnutls_x509_crq_set_version.short \ + functions/gnutls_x509_crq_sign \ + functions/gnutls_x509_crq_sign.short \ + functions/gnutls_x509_crq_sign2 \ + functions/gnutls_x509_crq_sign2.short \ + functions/gnutls_x509_crq_verify \ + functions/gnutls_x509_crq_verify.short \ + functions/gnutls_x509_crt_check_email \ + functions/gnutls_x509_crt_check_email.short \ + functions/gnutls_x509_crt_check_hostname \ + functions/gnutls_x509_crt_check_hostname.short \ + functions/gnutls_x509_crt_check_hostname2 \ + functions/gnutls_x509_crt_check_hostname2.short \ + functions/gnutls_x509_crt_check_ip \ + functions/gnutls_x509_crt_check_ip.short \ + functions/gnutls_x509_crt_check_issuer \ + functions/gnutls_x509_crt_check_issuer.short \ + functions/gnutls_x509_crt_check_key_purpose \ + functions/gnutls_x509_crt_check_key_purpose.short \ + functions/gnutls_x509_crt_check_revocation \ + functions/gnutls_x509_crt_check_revocation.short \ + functions/gnutls_x509_crt_cpy_crl_dist_points \ + functions/gnutls_x509_crt_cpy_crl_dist_points.short \ + functions/gnutls_x509_crt_deinit \ + functions/gnutls_x509_crt_deinit.short \ + functions/gnutls_x509_crt_equals \ + functions/gnutls_x509_crt_equals.short \ + functions/gnutls_x509_crt_equals2 \ + functions/gnutls_x509_crt_equals2.short \ + functions/gnutls_x509_crt_export \ + functions/gnutls_x509_crt_export.short \ + functions/gnutls_x509_crt_export2 \ + functions/gnutls_x509_crt_export2.short \ + functions/gnutls_x509_crt_get_activation_time \ + functions/gnutls_x509_crt_get_activation_time.short \ + functions/gnutls_x509_crt_get_authority_info_access \ + functions/gnutls_x509_crt_get_authority_info_access.short \ + functions/gnutls_x509_crt_get_authority_key_gn_serial \ + functions/gnutls_x509_crt_get_authority_key_gn_serial.short \ + functions/gnutls_x509_crt_get_authority_key_id \ + functions/gnutls_x509_crt_get_authority_key_id.short \ + functions/gnutls_x509_crt_get_basic_constraints \ + functions/gnutls_x509_crt_get_basic_constraints.short \ + functions/gnutls_x509_crt_get_ca_status \ + functions/gnutls_x509_crt_get_ca_status.short \ + functions/gnutls_x509_crt_get_crl_dist_points \ + functions/gnutls_x509_crt_get_crl_dist_points.short \ + functions/gnutls_x509_crt_get_dn \ + functions/gnutls_x509_crt_get_dn.short \ + functions/gnutls_x509_crt_get_dn2 \ + functions/gnutls_x509_crt_get_dn2.short \ + functions/gnutls_x509_crt_get_dn3 \ + functions/gnutls_x509_crt_get_dn3.short \ + functions/gnutls_x509_crt_get_dn_by_oid \ + functions/gnutls_x509_crt_get_dn_by_oid.short \ + functions/gnutls_x509_crt_get_dn_oid \ + functions/gnutls_x509_crt_get_dn_oid.short \ + functions/gnutls_x509_crt_get_expiration_time \ + functions/gnutls_x509_crt_get_expiration_time.short \ + functions/gnutls_x509_crt_get_extension_by_oid \ + functions/gnutls_x509_crt_get_extension_by_oid.short \ + functions/gnutls_x509_crt_get_extension_by_oid2 \ + functions/gnutls_x509_crt_get_extension_by_oid2.short \ + functions/gnutls_x509_crt_get_extension_data \ + functions/gnutls_x509_crt_get_extension_data.short \ + functions/gnutls_x509_crt_get_extension_data2 \ + functions/gnutls_x509_crt_get_extension_data2.short \ + functions/gnutls_x509_crt_get_extension_info \ + functions/gnutls_x509_crt_get_extension_info.short \ + functions/gnutls_x509_crt_get_extension_oid \ + functions/gnutls_x509_crt_get_extension_oid.short \ + functions/gnutls_x509_crt_get_fingerprint \ + functions/gnutls_x509_crt_get_fingerprint.short \ + functions/gnutls_x509_crt_get_inhibit_anypolicy \ + functions/gnutls_x509_crt_get_inhibit_anypolicy.short \ + functions/gnutls_x509_crt_get_issuer \ + functions/gnutls_x509_crt_get_issuer.short \ + functions/gnutls_x509_crt_get_issuer_alt_name \ + functions/gnutls_x509_crt_get_issuer_alt_name.short \ + functions/gnutls_x509_crt_get_issuer_alt_name2 \ + functions/gnutls_x509_crt_get_issuer_alt_name2.short \ + functions/gnutls_x509_crt_get_issuer_alt_othername_oid \ + functions/gnutls_x509_crt_get_issuer_alt_othername_oid.short \ + functions/gnutls_x509_crt_get_issuer_dn \ + functions/gnutls_x509_crt_get_issuer_dn.short \ + functions/gnutls_x509_crt_get_issuer_dn2 \ + functions/gnutls_x509_crt_get_issuer_dn2.short \ + functions/gnutls_x509_crt_get_issuer_dn3 \ + functions/gnutls_x509_crt_get_issuer_dn3.short \ + functions/gnutls_x509_crt_get_issuer_dn_by_oid \ + functions/gnutls_x509_crt_get_issuer_dn_by_oid.short \ + functions/gnutls_x509_crt_get_issuer_dn_oid \ + functions/gnutls_x509_crt_get_issuer_dn_oid.short \ + functions/gnutls_x509_crt_get_issuer_unique_id \ + functions/gnutls_x509_crt_get_issuer_unique_id.short \ + functions/gnutls_x509_crt_get_key_id \ + functions/gnutls_x509_crt_get_key_id.short \ + functions/gnutls_x509_crt_get_key_purpose_oid \ + functions/gnutls_x509_crt_get_key_purpose_oid.short \ + functions/gnutls_x509_crt_get_key_usage \ + functions/gnutls_x509_crt_get_key_usage.short \ + functions/gnutls_x509_crt_get_name_constraints \ + functions/gnutls_x509_crt_get_name_constraints.short \ + functions/gnutls_x509_crt_get_pk_algorithm \ + functions/gnutls_x509_crt_get_pk_algorithm.short \ + functions/gnutls_x509_crt_get_pk_dsa_raw \ + functions/gnutls_x509_crt_get_pk_dsa_raw.short \ + functions/gnutls_x509_crt_get_pk_ecc_raw \ + functions/gnutls_x509_crt_get_pk_ecc_raw.short \ + functions/gnutls_x509_crt_get_pk_gost_raw \ + functions/gnutls_x509_crt_get_pk_gost_raw.short \ + functions/gnutls_x509_crt_get_pk_oid \ + functions/gnutls_x509_crt_get_pk_oid.short \ + functions/gnutls_x509_crt_get_pk_rsa_raw \ + functions/gnutls_x509_crt_get_pk_rsa_raw.short \ + functions/gnutls_x509_crt_get_policy \ + functions/gnutls_x509_crt_get_policy.short \ + functions/gnutls_x509_crt_get_preferred_hash_algorithm \ + functions/gnutls_x509_crt_get_preferred_hash_algorithm.short \ + functions/gnutls_x509_crt_get_private_key_usage_period \ + functions/gnutls_x509_crt_get_private_key_usage_period.short \ + functions/gnutls_x509_crt_get_proxy \ + functions/gnutls_x509_crt_get_proxy.short \ + functions/gnutls_x509_crt_get_raw_dn \ + functions/gnutls_x509_crt_get_raw_dn.short \ + functions/gnutls_x509_crt_get_raw_issuer_dn \ + functions/gnutls_x509_crt_get_raw_issuer_dn.short \ + functions/gnutls_x509_crt_get_serial \ + functions/gnutls_x509_crt_get_serial.short \ + functions/gnutls_x509_crt_get_signature \ + functions/gnutls_x509_crt_get_signature.short \ + functions/gnutls_x509_crt_get_signature_algorithm \ + functions/gnutls_x509_crt_get_signature_algorithm.short \ + functions/gnutls_x509_crt_get_signature_oid \ + functions/gnutls_x509_crt_get_signature_oid.short \ + functions/gnutls_x509_crt_get_spki \ + functions/gnutls_x509_crt_get_spki.short \ + functions/gnutls_x509_crt_get_subject \ + functions/gnutls_x509_crt_get_subject.short \ + functions/gnutls_x509_crt_get_subject_alt_name \ + functions/gnutls_x509_crt_get_subject_alt_name.short \ + functions/gnutls_x509_crt_get_subject_alt_name2 \ + functions/gnutls_x509_crt_get_subject_alt_name2.short \ + functions/gnutls_x509_crt_get_subject_alt_othername_oid \ + functions/gnutls_x509_crt_get_subject_alt_othername_oid.short \ + functions/gnutls_x509_crt_get_subject_key_id \ + functions/gnutls_x509_crt_get_subject_key_id.short \ + functions/gnutls_x509_crt_get_subject_unique_id \ + functions/gnutls_x509_crt_get_subject_unique_id.short \ + functions/gnutls_x509_crt_get_tlsfeatures \ + functions/gnutls_x509_crt_get_tlsfeatures.short \ + functions/gnutls_x509_crt_get_version \ + functions/gnutls_x509_crt_get_version.short \ + functions/gnutls_x509_crt_import \ + functions/gnutls_x509_crt_import.short \ + functions/gnutls_x509_crt_import_pkcs11 \ + functions/gnutls_x509_crt_import_pkcs11.short \ + functions/gnutls_x509_crt_import_url \ + functions/gnutls_x509_crt_import_url.short \ + functions/gnutls_x509_crt_init \ + functions/gnutls_x509_crt_init.short \ + functions/gnutls_x509_crt_list_import \ + functions/gnutls_x509_crt_list_import.short \ + functions/gnutls_x509_crt_list_import2 \ + functions/gnutls_x509_crt_list_import2.short \ + functions/gnutls_x509_crt_list_import_pkcs11 \ + functions/gnutls_x509_crt_list_import_pkcs11.short \ + functions/gnutls_x509_crt_list_import_url \ + functions/gnutls_x509_crt_list_import_url.short \ + functions/gnutls_x509_crt_list_verify \ + functions/gnutls_x509_crt_list_verify.short \ + functions/gnutls_x509_crt_print \ + functions/gnutls_x509_crt_print.short \ + functions/gnutls_x509_crt_privkey_sign \ + functions/gnutls_x509_crt_privkey_sign.short \ + functions/gnutls_x509_crt_set_activation_time \ + functions/gnutls_x509_crt_set_activation_time.short \ + functions/gnutls_x509_crt_set_authority_info_access \ + functions/gnutls_x509_crt_set_authority_info_access.short \ + functions/gnutls_x509_crt_set_authority_key_id \ + functions/gnutls_x509_crt_set_authority_key_id.short \ + functions/gnutls_x509_crt_set_basic_constraints \ + functions/gnutls_x509_crt_set_basic_constraints.short \ + functions/gnutls_x509_crt_set_ca_status \ + functions/gnutls_x509_crt_set_ca_status.short \ + functions/gnutls_x509_crt_set_crl_dist_points \ + functions/gnutls_x509_crt_set_crl_dist_points.short \ + functions/gnutls_x509_crt_set_crl_dist_points2 \ + functions/gnutls_x509_crt_set_crl_dist_points2.short \ + functions/gnutls_x509_crt_set_crq \ + functions/gnutls_x509_crt_set_crq.short \ + functions/gnutls_x509_crt_set_crq_extension_by_oid \ + functions/gnutls_x509_crt_set_crq_extension_by_oid.short \ + functions/gnutls_x509_crt_set_crq_extensions \ + functions/gnutls_x509_crt_set_crq_extensions.short \ + functions/gnutls_x509_crt_set_dn \ + functions/gnutls_x509_crt_set_dn.short \ + functions/gnutls_x509_crt_set_dn_by_oid \ + functions/gnutls_x509_crt_set_dn_by_oid.short \ + functions/gnutls_x509_crt_set_expiration_time \ + functions/gnutls_x509_crt_set_expiration_time.short \ + functions/gnutls_x509_crt_set_extension_by_oid \ + functions/gnutls_x509_crt_set_extension_by_oid.short \ + functions/gnutls_x509_crt_set_flags \ + functions/gnutls_x509_crt_set_flags.short \ + functions/gnutls_x509_crt_set_inhibit_anypolicy \ + functions/gnutls_x509_crt_set_inhibit_anypolicy.short \ + functions/gnutls_x509_crt_set_issuer_alt_name \ + functions/gnutls_x509_crt_set_issuer_alt_name.short \ + functions/gnutls_x509_crt_set_issuer_alt_othername \ + functions/gnutls_x509_crt_set_issuer_alt_othername.short \ + functions/gnutls_x509_crt_set_issuer_dn \ + functions/gnutls_x509_crt_set_issuer_dn.short \ + functions/gnutls_x509_crt_set_issuer_dn_by_oid \ + functions/gnutls_x509_crt_set_issuer_dn_by_oid.short \ + functions/gnutls_x509_crt_set_issuer_unique_id \ + functions/gnutls_x509_crt_set_issuer_unique_id.short \ + functions/gnutls_x509_crt_set_key \ + functions/gnutls_x509_crt_set_key.short \ + functions/gnutls_x509_crt_set_key_purpose_oid \ + functions/gnutls_x509_crt_set_key_purpose_oid.short \ + functions/gnutls_x509_crt_set_key_usage \ + functions/gnutls_x509_crt_set_key_usage.short \ + functions/gnutls_x509_crt_set_name_constraints \ + functions/gnutls_x509_crt_set_name_constraints.short \ + functions/gnutls_x509_crt_set_pin_function \ + functions/gnutls_x509_crt_set_pin_function.short \ + functions/gnutls_x509_crt_set_policy \ + functions/gnutls_x509_crt_set_policy.short \ + functions/gnutls_x509_crt_set_private_key_usage_period \ + functions/gnutls_x509_crt_set_private_key_usage_period.short \ + functions/gnutls_x509_crt_set_proxy \ + functions/gnutls_x509_crt_set_proxy.short \ + functions/gnutls_x509_crt_set_proxy_dn \ + functions/gnutls_x509_crt_set_proxy_dn.short \ + functions/gnutls_x509_crt_set_pubkey \ + functions/gnutls_x509_crt_set_pubkey.short \ + functions/gnutls_x509_crt_set_serial \ + functions/gnutls_x509_crt_set_serial.short \ + functions/gnutls_x509_crt_set_spki \ + functions/gnutls_x509_crt_set_spki.short \ + functions/gnutls_x509_crt_set_subject_alternative_name \ + functions/gnutls_x509_crt_set_subject_alternative_name.short \ + functions/gnutls_x509_crt_set_subject_alt_name \ + functions/gnutls_x509_crt_set_subject_alt_name.short \ + functions/gnutls_x509_crt_set_subject_alt_othername \ + functions/gnutls_x509_crt_set_subject_alt_othername.short \ + functions/gnutls_x509_crt_set_subject_key_id \ + functions/gnutls_x509_crt_set_subject_key_id.short \ + functions/gnutls_x509_crt_set_subject_unique_id \ + functions/gnutls_x509_crt_set_subject_unique_id.short \ + functions/gnutls_x509_crt_set_tlsfeatures \ + functions/gnutls_x509_crt_set_tlsfeatures.short \ + functions/gnutls_x509_crt_set_version \ + functions/gnutls_x509_crt_set_version.short \ + functions/gnutls_x509_crt_sign \ + functions/gnutls_x509_crt_sign.short \ + functions/gnutls_x509_crt_sign2 \ + functions/gnutls_x509_crt_sign2.short \ + functions/gnutls_x509_crt_verify \ + functions/gnutls_x509_crt_verify.short \ + functions/gnutls_x509_crt_verify_data2 \ + functions/gnutls_x509_crt_verify_data2.short \ + functions/gnutls_x509_dn_deinit \ + functions/gnutls_x509_dn_deinit.short \ + functions/gnutls_x509_dn_export \ + functions/gnutls_x509_dn_export.short \ + functions/gnutls_x509_dn_export2 \ + functions/gnutls_x509_dn_export2.short \ + functions/gnutls_x509_dn_get_rdn_ava \ + functions/gnutls_x509_dn_get_rdn_ava.short \ + functions/gnutls_x509_dn_get_str \ + functions/gnutls_x509_dn_get_str.short \ + functions/gnutls_x509_dn_get_str2 \ + functions/gnutls_x509_dn_get_str2.short \ + functions/gnutls_x509_dn_import \ + functions/gnutls_x509_dn_import.short \ + functions/gnutls_x509_dn_init \ + functions/gnutls_x509_dn_init.short \ + functions/gnutls_x509_dn_oid_known \ + functions/gnutls_x509_dn_oid_known.short \ + functions/gnutls_x509_dn_oid_name \ + functions/gnutls_x509_dn_oid_name.short \ + functions/gnutls_x509_dn_set_str \ + functions/gnutls_x509_dn_set_str.short \ + functions/gnutls_x509_ext_deinit \ + functions/gnutls_x509_ext_deinit.short \ + functions/gnutls_x509_ext_export_aia \ + functions/gnutls_x509_ext_export_aia.short \ + functions/gnutls_x509_ext_export_authority_key_id \ + functions/gnutls_x509_ext_export_authority_key_id.short \ + functions/gnutls_x509_ext_export_basic_constraints \ + functions/gnutls_x509_ext_export_basic_constraints.short \ + functions/gnutls_x509_ext_export_crl_dist_points \ + functions/gnutls_x509_ext_export_crl_dist_points.short \ + functions/gnutls_x509_ext_export_inhibit_anypolicy \ + functions/gnutls_x509_ext_export_inhibit_anypolicy.short \ + functions/gnutls_x509_ext_export_key_purposes \ + functions/gnutls_x509_ext_export_key_purposes.short \ + functions/gnutls_x509_ext_export_key_usage \ + functions/gnutls_x509_ext_export_key_usage.short \ + functions/gnutls_x509_ext_export_name_constraints \ + functions/gnutls_x509_ext_export_name_constraints.short \ + functions/gnutls_x509_ext_export_policies \ + functions/gnutls_x509_ext_export_policies.short \ + functions/gnutls_x509_ext_export_private_key_usage_period \ + functions/gnutls_x509_ext_export_private_key_usage_period.short \ + functions/gnutls_x509_ext_export_proxy \ + functions/gnutls_x509_ext_export_proxy.short \ + functions/gnutls_x509_ext_export_subject_alt_names \ + functions/gnutls_x509_ext_export_subject_alt_names.short \ + functions/gnutls_x509_ext_export_subject_key_id \ + functions/gnutls_x509_ext_export_subject_key_id.short \ + functions/gnutls_x509_ext_export_tlsfeatures \ + functions/gnutls_x509_ext_export_tlsfeatures.short \ + functions/gnutls_x509_ext_import_aia \ + functions/gnutls_x509_ext_import_aia.short \ + functions/gnutls_x509_ext_import_authority_key_id \ + functions/gnutls_x509_ext_import_authority_key_id.short \ + functions/gnutls_x509_ext_import_basic_constraints \ + functions/gnutls_x509_ext_import_basic_constraints.short \ + functions/gnutls_x509_ext_import_crl_dist_points \ + functions/gnutls_x509_ext_import_crl_dist_points.short \ + functions/gnutls_x509_ext_import_inhibit_anypolicy \ + functions/gnutls_x509_ext_import_inhibit_anypolicy.short \ + functions/gnutls_x509_ext_import_key_purposes \ + functions/gnutls_x509_ext_import_key_purposes.short \ + functions/gnutls_x509_ext_import_key_usage \ + functions/gnutls_x509_ext_import_key_usage.short \ + functions/gnutls_x509_ext_import_name_constraints \ + functions/gnutls_x509_ext_import_name_constraints.short \ + functions/gnutls_x509_ext_import_policies \ + functions/gnutls_x509_ext_import_policies.short \ + functions/gnutls_x509_ext_import_private_key_usage_period \ + functions/gnutls_x509_ext_import_private_key_usage_period.short \ + functions/gnutls_x509_ext_import_proxy \ + functions/gnutls_x509_ext_import_proxy.short \ + functions/gnutls_x509_ext_import_subject_alt_names \ + functions/gnutls_x509_ext_import_subject_alt_names.short \ + functions/gnutls_x509_ext_import_subject_key_id \ + functions/gnutls_x509_ext_import_subject_key_id.short \ + functions/gnutls_x509_ext_import_tlsfeatures \ + functions/gnutls_x509_ext_import_tlsfeatures.short \ + functions/gnutls_x509_ext_print \ + functions/gnutls_x509_ext_print.short \ + functions/gnutls_x509_key_purpose_deinit \ + functions/gnutls_x509_key_purpose_deinit.short \ + functions/gnutls_x509_key_purpose_get \ + functions/gnutls_x509_key_purpose_get.short \ + functions/gnutls_x509_key_purpose_init \ + functions/gnutls_x509_key_purpose_init.short \ + functions/gnutls_x509_key_purpose_set \ + functions/gnutls_x509_key_purpose_set.short \ + functions/gnutls_x509_name_constraints_add_excluded \ + functions/gnutls_x509_name_constraints_add_excluded.short \ + functions/gnutls_x509_name_constraints_add_permitted \ + functions/gnutls_x509_name_constraints_add_permitted.short \ + functions/gnutls_x509_name_constraints_check \ + functions/gnutls_x509_name_constraints_check.short \ + functions/gnutls_x509_name_constraints_check_crt \ + functions/gnutls_x509_name_constraints_check_crt.short \ + functions/gnutls_x509_name_constraints_deinit \ + functions/gnutls_x509_name_constraints_deinit.short \ + functions/gnutls_x509_name_constraints_get_excluded \ + functions/gnutls_x509_name_constraints_get_excluded.short \ + functions/gnutls_x509_name_constraints_get_permitted \ + functions/gnutls_x509_name_constraints_get_permitted.short \ + functions/gnutls_x509_name_constraints_init \ + functions/gnutls_x509_name_constraints_init.short \ + functions/gnutls_x509_othername_to_virtual \ + functions/gnutls_x509_othername_to_virtual.short \ + functions/gnutls_x509_policies_deinit \ + functions/gnutls_x509_policies_deinit.short \ + functions/gnutls_x509_policies_get \ + functions/gnutls_x509_policies_get.short \ + functions/gnutls_x509_policies_init \ + functions/gnutls_x509_policies_init.short \ + functions/gnutls_x509_policies_set \ + functions/gnutls_x509_policies_set.short \ + functions/gnutls_x509_policy_release \ + functions/gnutls_x509_policy_release.short \ + functions/gnutls_x509_privkey_cpy \ + functions/gnutls_x509_privkey_cpy.short \ + functions/gnutls_x509_privkey_deinit \ + functions/gnutls_x509_privkey_deinit.short \ + functions/gnutls_x509_privkey_export \ + functions/gnutls_x509_privkey_export.short \ + functions/gnutls_x509_privkey_export2 \ + functions/gnutls_x509_privkey_export2.short \ + functions/gnutls_x509_privkey_export2_pkcs8 \ + functions/gnutls_x509_privkey_export2_pkcs8.short \ + functions/gnutls_x509_privkey_export_dsa_raw \ + functions/gnutls_x509_privkey_export_dsa_raw.short \ + functions/gnutls_x509_privkey_export_ecc_raw \ + functions/gnutls_x509_privkey_export_ecc_raw.short \ + functions/gnutls_x509_privkey_export_gost_raw \ + functions/gnutls_x509_privkey_export_gost_raw.short \ + functions/gnutls_x509_privkey_export_pkcs8 \ + functions/gnutls_x509_privkey_export_pkcs8.short \ + functions/gnutls_x509_privkey_export_rsa_raw \ + functions/gnutls_x509_privkey_export_rsa_raw.short \ + functions/gnutls_x509_privkey_export_rsa_raw2 \ + functions/gnutls_x509_privkey_export_rsa_raw2.short \ + functions/gnutls_x509_privkey_fix \ + functions/gnutls_x509_privkey_fix.short \ + functions/gnutls_x509_privkey_generate \ + functions/gnutls_x509_privkey_generate.short \ + functions/gnutls_x509_privkey_generate2 \ + functions/gnutls_x509_privkey_generate2.short \ + functions/gnutls_x509_privkey_get_key_id \ + functions/gnutls_x509_privkey_get_key_id.short \ + functions/gnutls_x509_privkey_get_pk_algorithm \ + functions/gnutls_x509_privkey_get_pk_algorithm.short \ + functions/gnutls_x509_privkey_get_pk_algorithm2 \ + functions/gnutls_x509_privkey_get_pk_algorithm2.short \ + functions/gnutls_x509_privkey_get_seed \ + functions/gnutls_x509_privkey_get_seed.short \ + functions/gnutls_x509_privkey_get_spki \ + functions/gnutls_x509_privkey_get_spki.short \ + functions/gnutls_x509_privkey_import \ + functions/gnutls_x509_privkey_import.short \ + functions/gnutls_x509_privkey_import2 \ + functions/gnutls_x509_privkey_import2.short \ + functions/gnutls_x509_privkey_import_dsa_raw \ + functions/gnutls_x509_privkey_import_dsa_raw.short \ + functions/gnutls_x509_privkey_import_ecc_raw \ + functions/gnutls_x509_privkey_import_ecc_raw.short \ + functions/gnutls_x509_privkey_import_gost_raw \ + functions/gnutls_x509_privkey_import_gost_raw.short \ + functions/gnutls_x509_privkey_import_openssl \ + functions/gnutls_x509_privkey_import_openssl.short \ + functions/gnutls_x509_privkey_import_pkcs8 \ + functions/gnutls_x509_privkey_import_pkcs8.short \ + functions/gnutls_x509_privkey_import_rsa_raw \ + functions/gnutls_x509_privkey_import_rsa_raw.short \ + functions/gnutls_x509_privkey_import_rsa_raw2 \ + functions/gnutls_x509_privkey_import_rsa_raw2.short \ + functions/gnutls_x509_privkey_init \ + functions/gnutls_x509_privkey_init.short \ + functions/gnutls_x509_privkey_sec_param \ + functions/gnutls_x509_privkey_sec_param.short \ + functions/gnutls_x509_privkey_set_flags \ + functions/gnutls_x509_privkey_set_flags.short \ + functions/gnutls_x509_privkey_set_pin_function \ + functions/gnutls_x509_privkey_set_pin_function.short \ + functions/gnutls_x509_privkey_set_spki \ + functions/gnutls_x509_privkey_set_spki.short \ + functions/gnutls_x509_privkey_sign_data \ + functions/gnutls_x509_privkey_sign_data.short \ + functions/gnutls_x509_privkey_sign_hash \ + functions/gnutls_x509_privkey_sign_hash.short \ + functions/gnutls_x509_privkey_verify_params \ + functions/gnutls_x509_privkey_verify_params.short \ + functions/gnutls_x509_privkey_verify_seed \ + functions/gnutls_x509_privkey_verify_seed.short \ + functions/gnutls_x509_rdn_get \ + functions/gnutls_x509_rdn_get.short \ + functions/gnutls_x509_rdn_get2 \ + functions/gnutls_x509_rdn_get2.short \ + functions/gnutls_x509_rdn_get_by_oid \ + functions/gnutls_x509_rdn_get_by_oid.short \ + functions/gnutls_x509_rdn_get_oid \ + functions/gnutls_x509_rdn_get_oid.short \ + functions/gnutls_x509_spki_deinit \ + functions/gnutls_x509_spki_deinit.short \ + functions/gnutls_x509_spki_get_rsa_pss_params \ + functions/gnutls_x509_spki_get_rsa_pss_params.short \ + functions/gnutls_x509_spki_init \ + functions/gnutls_x509_spki_init.short \ + functions/gnutls_x509_spki_set_rsa_pss_params \ + functions/gnutls_x509_spki_set_rsa_pss_params.short \ + functions/gnutls_x509_tlsfeatures_add \ + functions/gnutls_x509_tlsfeatures_add.short \ + functions/gnutls_x509_tlsfeatures_check_crt \ + functions/gnutls_x509_tlsfeatures_check_crt.short \ + functions/gnutls_x509_tlsfeatures_deinit \ + functions/gnutls_x509_tlsfeatures_deinit.short \ + functions/gnutls_x509_tlsfeatures_get \ + functions/gnutls_x509_tlsfeatures_get.short \ + functions/gnutls_x509_tlsfeatures_init \ + functions/gnutls_x509_tlsfeatures_init.short \ + functions/gnutls_x509_trust_list_add_cas \ + functions/gnutls_x509_trust_list_add_cas.short \ + functions/gnutls_x509_trust_list_add_crls \ + functions/gnutls_x509_trust_list_add_crls.short \ + functions/gnutls_x509_trust_list_add_named_crt \ + functions/gnutls_x509_trust_list_add_named_crt.short \ + functions/gnutls_x509_trust_list_add_system_trust \ + functions/gnutls_x509_trust_list_add_system_trust.short \ + functions/gnutls_x509_trust_list_add_trust_dir \ + functions/gnutls_x509_trust_list_add_trust_dir.short \ + functions/gnutls_x509_trust_list_add_trust_file \ + functions/gnutls_x509_trust_list_add_trust_file.short \ + functions/gnutls_x509_trust_list_add_trust_mem \ + functions/gnutls_x509_trust_list_add_trust_mem.short \ + functions/gnutls_x509_trust_list_deinit \ + functions/gnutls_x509_trust_list_deinit.short \ + functions/gnutls_x509_trust_list_get_issuer \ + functions/gnutls_x509_trust_list_get_issuer.short \ + functions/gnutls_x509_trust_list_get_issuer_by_dn \ + functions/gnutls_x509_trust_list_get_issuer_by_dn.short \ + functions/gnutls_x509_trust_list_get_issuer_by_subject_key_id \ + functions/gnutls_x509_trust_list_get_issuer_by_subject_key_id.short \ + functions/gnutls_x509_trust_list_init \ + functions/gnutls_x509_trust_list_init.short \ + functions/gnutls_x509_trust_list_iter_deinit \ + functions/gnutls_x509_trust_list_iter_deinit.short \ + functions/gnutls_x509_trust_list_iter_get_ca \ + functions/gnutls_x509_trust_list_iter_get_ca.short \ + functions/gnutls_x509_trust_list_remove_cas \ + functions/gnutls_x509_trust_list_remove_cas.short \ + functions/gnutls_x509_trust_list_remove_trust_file \ + functions/gnutls_x509_trust_list_remove_trust_file.short \ + functions/gnutls_x509_trust_list_remove_trust_mem \ + functions/gnutls_x509_trust_list_remove_trust_mem.short \ + functions/gnutls_x509_trust_list_verify_crt \ + functions/gnutls_x509_trust_list_verify_crt.short \ + functions/gnutls_x509_trust_list_verify_crt2 \ + functions/gnutls_x509_trust_list_verify_crt2.short \ + functions/gnutls_x509_trust_list_verify_named_crt \ + functions/gnutls_x509_trust_list_verify_named_crt.short +all: $(BUILT_SOURCES) + $(MAKE) $(AM_MAKEFLAGS) all-recursive + +.SUFFIXES: +.SUFFIXES: .c .dvi .html .info .lo .o .obj .pdf .ps .texi +$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ + *$$dep*) \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ + exit 1;; \ + esac; \ + done; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign doc/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --foreign doc/Makefile +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + @case '$?' in \ + *config.status*) \ + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ + *) \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \ + esac; + +$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + +$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): + +alert-printlist$(EXEEXT): $(alert_printlist_OBJECTS) $(alert_printlist_DEPENDENCIES) $(EXTRA_alert_printlist_DEPENDENCIES) + @rm -f alert-printlist$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(alert_printlist_OBJECTS) $(alert_printlist_LDADD) $(LIBS) + +errcodes$(EXEEXT): $(errcodes_OBJECTS) $(errcodes_DEPENDENCIES) $(EXTRA_errcodes_DEPENDENCIES) + @rm -f errcodes$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(errcodes_OBJECTS) $(errcodes_LDADD) $(LIBS) + +printlist$(EXEEXT): $(printlist_OBJECTS) $(printlist_DEPENDENCIES) $(EXTRA_printlist_DEPENDENCIES) + @rm -f printlist$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(printlist_OBJECTS) $(printlist_LDADD) $(LIBS) + +mostlyclean-compile: + -rm -f *.$(OBJEXT) + +distclean-compile: + -rm -f *.tab.c + +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/alert-printlist.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/common.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/errcodes.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/printlist.Po@am__quote@ # am--include-marker + +$(am__depfiles_remade): + @$(MKDIR_P) $(@D) + @echo '# dummy' >$@-t && $(am__mv) $@-t $@ + +am--depfiles: $(am__depfiles_remade) + +.c.o: +@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.o$$||'`;\ +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\ +@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $< + +.c.obj: +@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.obj$$||'`;\ +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ `$(CYGPATH_W) '$<'` &&\ +@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'` + +.c.lo: +@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.lo$$||'`;\ +@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\ +@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $< + +mostlyclean-libtool: + -rm -f *.lo + +clean-libtool: + -rm -rf .libs _libs + +.texi.info: + $(AM_V_MAKEINFO)restore=: && backupdir="$(am__leading_dot)am$$$$" && \ + am__cwd=`pwd` && $(am__cd) $(srcdir) && \ + rm -rf $$backupdir && mkdir $$backupdir && \ + if ($(MAKEINFO) --version) >/dev/null 2>&1; then \ + for f in $@ $@-[0-9] $@-[0-9][0-9] $(@:.info=).i[0-9] $(@:.info=).i[0-9][0-9]; do \ + if test -f $$f; then mv $$f $$backupdir; restore=mv; else :; fi; \ + done; \ + else :; fi && \ + cd "$$am__cwd"; \ + if $(MAKEINFO) $(AM_MAKEINFOFLAGS) $(MAKEINFOFLAGS) -I $(srcdir) \ + -o $@ $<; \ + then \ + rc=0; \ + $(am__cd) $(srcdir); \ + else \ + rc=$$?; \ + $(am__cd) $(srcdir) && \ + $$restore $$backupdir/* `echo "./$@" | sed 's|[^/]*$$||'`; \ + fi; \ + rm -rf $$backupdir; exit $$rc + +.texi.dvi: + $(AM_V_TEXI2DVI)TEXINPUTS="$(am__TEXINFO_TEX_DIR)$(PATH_SEPARATOR)$$TEXINPUTS" \ + MAKEINFO='$(MAKEINFO) $(AM_MAKEINFOFLAGS) $(MAKEINFOFLAGS) -I $(srcdir)' \ + $(TEXI2DVI) $(AM_V_texinfo) --build-dir=$(@:.dvi=.t2d) -o $@ $(AM_V_texidevnull) \ + $< + +.texi.pdf: + $(AM_V_TEXI2PDF)TEXINPUTS="$(am__TEXINFO_TEX_DIR)$(PATH_SEPARATOR)$$TEXINPUTS" \ + MAKEINFO='$(MAKEINFO) $(AM_MAKEINFOFLAGS) $(MAKEINFOFLAGS) -I $(srcdir)' \ + $(TEXI2PDF) $(AM_V_texinfo) --build-dir=$(@:.pdf=.t2p) -o $@ $(AM_V_texidevnull) \ + $< + +.texi.html: + $(AM_V_MAKEINFO)rm -rf $(@:.html=.htp) + $(AM_V_at)if $(MAKEINFOHTML) $(AM_MAKEINFOHTMLFLAGS) $(MAKEINFOFLAGS) -I $(srcdir) \ + -o $(@:.html=.htp) $<; \ + then \ + rm -rf $@ && mv $(@:.html=.htp) $@; \ + else \ + rm -rf $(@:.html=.htp); exit 1; \ + fi +$(srcdir)/gnutls.info: gnutls.texi $(srcdir)/version.texi $(gnutls_TEXINFOS) +gnutls.dvi: gnutls.texi $(srcdir)/version.texi $(gnutls_TEXINFOS) +gnutls.pdf: gnutls.texi $(srcdir)/version.texi $(gnutls_TEXINFOS) +gnutls.html: gnutls.texi $(srcdir)/version.texi $(gnutls_TEXINFOS) +$(srcdir)/version.texi: @MAINTAINER_MODE_TRUE@ $(srcdir)/stamp-vti +$(srcdir)/stamp-vti: gnutls.texi $(top_srcdir)/configure + @(dir=.; test -f ./gnutls.texi || dir=$(srcdir); \ + set `$(SHELL) $(top_srcdir)/build-aux/mdate-sh $$dir/gnutls.texi`; \ + echo "@set UPDATED $$1 $$2 $$3"; \ + echo "@set UPDATED-MONTH $$2 $$3"; \ + echo "@set EDITION $(VERSION)"; \ + echo "@set VERSION $(VERSION)") > vti.tmp$$$$ && \ + (cmp -s vti.tmp$$$$ $(srcdir)/version.texi \ + || (echo "Updating $(srcdir)/version.texi" && \ + cp vti.tmp$$$$ $(srcdir)/version.texi.tmp$$$$ && \ + mv $(srcdir)/version.texi.tmp$$$$ $(srcdir)/version.texi)) && \ + rm -f vti.tmp$$$$ $(srcdir)/version.texi.$$$$ + @cp $(srcdir)/version.texi $@ + +mostlyclean-vti: + -rm -f vti.tmp* $(srcdir)/version.texi.tmp* + +maintainer-clean-vti: +@MAINTAINER_MODE_TRUE@ -rm -f $(srcdir)/stamp-vti $(srcdir)/version.texi +$(srcdir)/gnutls-guile.info: gnutls-guile.texi $(srcdir)/version-guile.texi +gnutls-guile.dvi: gnutls-guile.texi $(srcdir)/version-guile.texi +gnutls-guile.pdf: gnutls-guile.texi $(srcdir)/version-guile.texi +gnutls-guile.html: gnutls-guile.texi $(srcdir)/version-guile.texi +$(srcdir)/version-guile.texi: @MAINTAINER_MODE_TRUE@ $(srcdir)/stamp-1 +$(srcdir)/stamp-1: gnutls-guile.texi $(top_srcdir)/configure + @(dir=.; test -f ./gnutls-guile.texi || dir=$(srcdir); \ + set `$(SHELL) $(top_srcdir)/build-aux/mdate-sh $$dir/gnutls-guile.texi`; \ + echo "@set UPDATED $$1 $$2 $$3"; \ + echo "@set UPDATED-MONTH $$2 $$3"; \ + echo "@set EDITION $(VERSION)"; \ + echo "@set VERSION $(VERSION)") > 1.tmp$$$$ && \ + (cmp -s 1.tmp$$$$ $(srcdir)/version-guile.texi \ + || (echo "Updating $(srcdir)/version-guile.texi" && \ + cp 1.tmp$$$$ $(srcdir)/version-guile.texi.tmp$$$$ && \ + mv $(srcdir)/version-guile.texi.tmp$$$$ $(srcdir)/version-guile.texi)) && \ + rm -f 1.tmp$$$$ $(srcdir)/version-guile.texi.$$$$ + @cp $(srcdir)/version-guile.texi $@ + +mostlyclean-1: + -rm -f 1.tmp* $(srcdir)/version-guile.texi.tmp* + +maintainer-clean-1: +@MAINTAINER_MODE_TRUE@ -rm -f $(srcdir)/stamp-1 $(srcdir)/version-guile.texi +.dvi.ps: + $(AM_V_DVIPS)TEXINPUTS="$(am__TEXINFO_TEX_DIR)$(PATH_SEPARATOR)$$TEXINPUTS" \ + $(DVIPS) $(AM_V_texinfo) -o $@ $< + +uninstall-dvi-am: + @$(NORMAL_UNINSTALL) + @list='$(DVIS)'; test -n "$(dvidir)" || list=; \ + for p in $$list; do \ + $(am__strip_dir) \ + echo " rm -f '$(DESTDIR)$(dvidir)/$$f'"; \ + rm -f "$(DESTDIR)$(dvidir)/$$f"; \ + done + +uninstall-html-am: + @$(NORMAL_UNINSTALL) + @list='$(HTMLS)'; test -n "$(htmldir)" || list=; \ + for p in $$list; do \ + $(am__strip_dir) \ + echo " rm -rf '$(DESTDIR)$(htmldir)/$$f'"; \ + rm -rf "$(DESTDIR)$(htmldir)/$$f"; \ + done + +uninstall-info-am: + @$(PRE_UNINSTALL) + @if test -d '$(DESTDIR)$(infodir)' && $(am__can_run_installinfo); then \ + list='$(INFO_DEPS)'; \ + for file in $$list; do \ + relfile=`echo "$$file" | sed 's|^.*/||'`; \ + echo " install-info --info-dir='$(DESTDIR)$(infodir)' --remove '$(DESTDIR)$(infodir)/$$relfile'"; \ + if install-info --info-dir="$(DESTDIR)$(infodir)" --remove "$(DESTDIR)$(infodir)/$$relfile"; \ + then :; else test ! -f "$(DESTDIR)$(infodir)/$$relfile" || exit 1; fi; \ + done; \ + else :; fi + @$(NORMAL_UNINSTALL) + @list='$(INFO_DEPS)'; \ + for file in $$list; do \ + relfile=`echo "$$file" | sed 's|^.*/||'`; \ + relfile_i=`echo "$$relfile" | sed 's|\.info$$||;s|$$|.i|'`; \ + (if test -d "$(DESTDIR)$(infodir)" && cd "$(DESTDIR)$(infodir)"; then \ + echo " cd '$(DESTDIR)$(infodir)' && rm -f $$relfile $$relfile-[0-9] $$relfile-[0-9][0-9] $$relfile_i[0-9] $$relfile_i[0-9][0-9]"; \ + rm -f $$relfile $$relfile-[0-9] $$relfile-[0-9][0-9] $$relfile_i[0-9] $$relfile_i[0-9][0-9]; \ + else :; fi); \ + done + +uninstall-pdf-am: + @$(NORMAL_UNINSTALL) + @list='$(PDFS)'; test -n "$(pdfdir)" || list=; \ + for p in $$list; do \ + $(am__strip_dir) \ + echo " rm -f '$(DESTDIR)$(pdfdir)/$$f'"; \ + rm -f "$(DESTDIR)$(pdfdir)/$$f"; \ + done + +uninstall-ps-am: + @$(NORMAL_UNINSTALL) + @list='$(PSS)'; test -n "$(psdir)" || list=; \ + for p in $$list; do \ + $(am__strip_dir) \ + echo " rm -f '$(DESTDIR)$(psdir)/$$f'"; \ + rm -f "$(DESTDIR)$(psdir)/$$f"; \ + done + +dist-info: $(INFO_DEPS) + @srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; \ + list='$(INFO_DEPS)'; \ + for base in $$list; do \ + case $$base in \ + $(srcdir)/*) base=`echo "$$base" | sed "s|^$$srcdirstrip/||"`;; \ + esac; \ + if test -f $$base; then d=.; else d=$(srcdir); fi; \ + base_i=`echo "$$base" | sed 's|\.info$$||;s|$$|.i|'`; \ + for file in $$d/$$base $$d/$$base-[0-9] $$d/$$base-[0-9][0-9] $$d/$$base_i[0-9] $$d/$$base_i[0-9][0-9]; do \ + if test -f $$file; then \ + relfile=`expr "$$file" : "$$d/\(.*\)"`; \ + test -f "$(distdir)/$$relfile" || \ + cp -p $$file "$(distdir)/$$relfile"; \ + else :; fi; \ + done; \ + done + +mostlyclean-aminfo: + -rm -rf gnutls.t2d gnutls.t2p gnutls-guile.t2d gnutls-guile.t2p + +clean-aminfo: + -test -z "gnutls.dvi gnutls.pdf gnutls.ps gnutls.html gnutls-guile.dvi \ + gnutls-guile.pdf gnutls-guile.ps gnutls-guile.html" \ + || rm -rf gnutls.dvi gnutls.pdf gnutls.ps gnutls.html gnutls-guile.dvi \ + gnutls-guile.pdf gnutls-guile.ps gnutls-guile.html + +maintainer-clean-aminfo: + @list='$(INFO_DEPS)'; for i in $$list; do \ + i_i=`echo "$$i" | sed 's|\.info$$||;s|$$|.i|'`; \ + echo " rm -f $$i $$i-[0-9] $$i-[0-9][0-9] $$i_i[0-9] $$i_i[0-9][0-9]"; \ + rm -f $$i $$i-[0-9] $$i-[0-9][0-9] $$i_i[0-9] $$i_i[0-9][0-9]; \ + done +install-htmlDATA: $(html_DATA) + @$(NORMAL_INSTALL) + @list='$(html_DATA)'; test -n "$(htmldir)" || list=; \ + if test -n "$$list"; then \ + echo " $(MKDIR_P) '$(DESTDIR)$(htmldir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(htmldir)" || exit 1; \ + fi; \ + for p in $$list; do \ + if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ + echo "$$d$$p"; \ + done | $(am__base_list) | \ + while read files; do \ + echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(htmldir)'"; \ + $(INSTALL_DATA) $$files "$(DESTDIR)$(htmldir)" || exit $$?; \ + done + +uninstall-htmlDATA: + @$(NORMAL_UNINSTALL) + @list='$(html_DATA)'; test -n "$(htmldir)" || list=; \ + files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \ + dir='$(DESTDIR)$(htmldir)'; $(am__uninstall_files_from_dir) +install-infoimagesDATA: $(infoimages_DATA) + @$(NORMAL_INSTALL) + @list='$(infoimages_DATA)'; test -n "$(infoimagesdir)" || list=; \ + if test -n "$$list"; then \ + echo " $(MKDIR_P) '$(DESTDIR)$(infoimagesdir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(infoimagesdir)" || exit 1; \ + fi; \ + for p in $$list; do \ + if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ + echo "$$d$$p"; \ + done | $(am__base_list) | \ + while read files; do \ + echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(infoimagesdir)'"; \ + $(INSTALL_DATA) $$files "$(DESTDIR)$(infoimagesdir)" || exit $$?; \ + done + +uninstall-infoimagesDATA: + @$(NORMAL_UNINSTALL) + @list='$(infoimages_DATA)'; test -n "$(infoimagesdir)" || list=; \ + files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \ + dir='$(DESTDIR)$(infoimagesdir)'; $(am__uninstall_files_from_dir) + +# This directory's subdirectories are mostly independent; you can cd +# into them and run 'make' without going through this Makefile. +# To change the values of 'make' variables: instead of editing Makefiles, +# (1) if the variable is set in 'config.status', edit 'config.status' +# (which will cause the Makefiles to be regenerated when you run 'make'); +# (2) otherwise, pass the desired values on the 'make' command line. +$(am__recursive_targets): + @fail=; \ + if $(am__make_keepgoing); then \ + failcom='fail=yes'; \ + else \ + failcom='exit 1'; \ + fi; \ + dot_seen=no; \ + target=`echo $@ | sed s/-recursive//`; \ + case "$@" in \ + distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \ + *) list='$(SUBDIRS)' ;; \ + esac; \ + for subdir in $$list; do \ + echo "Making $$target in $$subdir"; \ + if test "$$subdir" = "."; then \ + dot_seen=yes; \ + local_target="$$target-am"; \ + else \ + local_target="$$target"; \ + fi; \ + ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \ + || eval $$failcom; \ + done; \ + if test "$$dot_seen" = "no"; then \ + $(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \ + fi; test -z "$$fail" + +ID: $(am__tagged_files) + $(am__define_uniq_tagged_files); mkid -fID $$unique +tags: tags-recursive +TAGS: tags + +tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) + set x; \ + here=`pwd`; \ + if ($(ETAGS) --etags-include --version) >/dev/null 2>&1; then \ + include_option=--etags-include; \ + empty_fix=.; \ + else \ + include_option=--include; \ + empty_fix=; \ + fi; \ + list='$(SUBDIRS)'; for subdir in $$list; do \ + if test "$$subdir" = .; then :; else \ + test ! -f $$subdir/TAGS || \ + set "$$@" "$$include_option=$$here/$$subdir/TAGS"; \ + fi; \ + done; \ + $(am__define_uniq_tagged_files); \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ + test -n "$$unique" || unique=$$empty_fix; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ + fi +ctags: ctags-recursive + +CTAGS: ctags +ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) + $(am__define_uniq_tagged_files); \ + test -z "$(CTAGS_ARGS)$$unique" \ + || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ + $$unique + +GTAGS: + here=`$(am__cd) $(top_builddir) && pwd` \ + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" +cscopelist: cscopelist-recursive + +cscopelist-am: $(am__tagged_files) + list='$(am__tagged_files)'; \ + case "$(srcdir)" in \ + [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \ + *) sdir=$(subdir)/$(srcdir) ;; \ + esac; \ + for i in $$list; do \ + if test -f "$$i"; then \ + echo "$(subdir)/$$i"; \ + else \ + echo "$$sdir/$$i"; \ + fi; \ + done >> $(top_builddir)/cscope.files + +distclean-tags: + -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags + +distdir: $(BUILT_SOURCES) + $(MAKE) $(AM_MAKEFLAGS) distdir-am + +distdir-am: $(DISTFILES) + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ + dist_files=`for file in $$list; do echo $$file; done | \ + sed -e "s|^$$srcdirstrip/||;t" \ + -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ + case $$dist_files in \ + */*) $(MKDIR_P) `echo "$$dist_files" | \ + sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ + sort -u` ;; \ + esac; \ + for file in $$dist_files; do \ + if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ + if test -d $$d/$$file; then \ + dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ + else \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ + || exit 1; \ + fi; \ + done + @list='$(DIST_SUBDIRS)'; for subdir in $$list; do \ + if test "$$subdir" = .; then :; else \ + $(am__make_dryrun) \ + || test -d "$(distdir)/$$subdir" \ + || $(MKDIR_P) "$(distdir)/$$subdir" \ + || exit 1; \ + dir1=$$subdir; dir2="$(distdir)/$$subdir"; \ + $(am__relativize); \ + new_distdir=$$reldir; \ + dir1=$$subdir; dir2="$(top_distdir)"; \ + $(am__relativize); \ + new_top_distdir=$$reldir; \ + echo " (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) top_distdir="$$new_top_distdir" distdir="$$new_distdir" \\"; \ + echo " am__remove_distdir=: am__skip_length_check=: am__skip_mode_fix=: distdir)"; \ + ($(am__cd) $$subdir && \ + $(MAKE) $(AM_MAKEFLAGS) \ + top_distdir="$$new_top_distdir" \ + distdir="$$new_distdir" \ + am__remove_distdir=: \ + am__skip_length_check=: \ + am__skip_mode_fix=: \ + distdir) \ + || exit 1; \ + fi; \ + done + $(MAKE) $(AM_MAKEFLAGS) \ + top_distdir="$(top_distdir)" distdir="$(distdir)" \ + dist-info +check-am: all-am +check: $(BUILT_SOURCES) + $(MAKE) $(AM_MAKEFLAGS) check-recursive +all-am: Makefile $(INFO_DEPS) $(DATA) +installdirs: installdirs-recursive +installdirs-am: + for dir in "$(DESTDIR)$(infodir)" "$(DESTDIR)$(htmldir)" "$(DESTDIR)$(infoimagesdir)"; do \ + test -z "$$dir" || $(MKDIR_P) "$$dir"; \ + done +install: $(BUILT_SOURCES) + $(MAKE) $(AM_MAKEFLAGS) install-recursive +install-exec: install-exec-recursive +install-data: install-data-recursive +uninstall: uninstall-recursive + +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am + +installcheck: installcheck-recursive +install-strip: + if test -z '$(STRIP)'; then \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + install; \ + else \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ + fi +mostlyclean-generic: + +clean-generic: + +distclean-generic: + -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + -test -z "$(DISTCLEANFILES)" || rm -f $(DISTCLEANFILES) + +maintainer-clean-generic: + @echo "This command is intended for maintainers to use" + @echo "it deletes files that may require special tools to rebuild." + -test -z "$(BUILT_SOURCES)" || rm -f $(BUILT_SOURCES) + -test -z "$(MAINTAINERCLEANFILES)" || rm -f $(MAINTAINERCLEANFILES) +clean: clean-recursive + +clean-am: clean-aminfo clean-generic clean-libtool clean-local \ + mostlyclean-am + +distclean: distclean-recursive + -rm -f ./$(DEPDIR)/alert-printlist.Po + -rm -f ./$(DEPDIR)/common.Po + -rm -f ./$(DEPDIR)/errcodes.Po + -rm -f ./$(DEPDIR)/printlist.Po + -rm -f Makefile +distclean-am: clean-am distclean-compile distclean-generic \ + distclean-tags + +dvi: dvi-recursive + +dvi-am: $(DVIS) + +html: html-recursive + +html-am: $(HTMLS) + +info: info-recursive + +info-am: $(INFO_DEPS) + +install-data-am: install-htmlDATA install-info-am \ + install-infoimagesDATA + +install-dvi: install-dvi-recursive + +install-dvi-am: $(DVIS) + @$(NORMAL_INSTALL) + @list='$(DVIS)'; test -n "$(dvidir)" || list=; \ + if test -n "$$list"; then \ + echo " $(MKDIR_P) '$(DESTDIR)$(dvidir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(dvidir)" || exit 1; \ + fi; \ + for p in $$list; do \ + if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ + echo "$$d$$p"; \ + done | $(am__base_list) | \ + while read files; do \ + echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(dvidir)'"; \ + $(INSTALL_DATA) $$files "$(DESTDIR)$(dvidir)" || exit $$?; \ + done +install-exec-am: + +install-html: install-html-recursive + +install-html-am: $(HTMLS) + @$(NORMAL_INSTALL) + @list='$(HTMLS)'; list2=; test -n "$(htmldir)" || list=; \ + if test -n "$$list"; then \ + echo " $(MKDIR_P) '$(DESTDIR)$(htmldir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(htmldir)" || exit 1; \ + fi; \ + for p in $$list; do \ + if test -f "$$p" || test -d "$$p"; then d=; else d="$(srcdir)/"; fi; \ + $(am__strip_dir) \ + d2=$$d$$p; \ + if test -d "$$d2"; then \ + echo " $(MKDIR_P) '$(DESTDIR)$(htmldir)/$$f'"; \ + $(MKDIR_P) "$(DESTDIR)$(htmldir)/$$f" || exit 1; \ + echo " $(INSTALL_DATA) '$$d2'/* '$(DESTDIR)$(htmldir)/$$f'"; \ + $(INSTALL_DATA) "$$d2"/* "$(DESTDIR)$(htmldir)/$$f" || exit $$?; \ + else \ + list2="$$list2 $$d2"; \ + fi; \ + done; \ + test -z "$$list2" || { echo "$$list2" | $(am__base_list) | \ + while read files; do \ + echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(htmldir)'"; \ + $(INSTALL_DATA) $$files "$(DESTDIR)$(htmldir)" || exit $$?; \ + done; } +install-info: install-info-recursive + +install-info-am: $(INFO_DEPS) + @$(NORMAL_INSTALL) + @srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; \ + list='$(INFO_DEPS)'; test -n "$(infodir)" || list=; \ + if test -n "$$list"; then \ + echo " $(MKDIR_P) '$(DESTDIR)$(infodir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(infodir)" || exit 1; \ + fi; \ + for file in $$list; do \ + case $$file in \ + $(srcdir)/*) file=`echo "$$file" | sed "s|^$$srcdirstrip/||"`;; \ + esac; \ + if test -f $$file; then d=.; else d=$(srcdir); fi; \ + file_i=`echo "$$file" | sed 's|\.info$$||;s|$$|.i|'`; \ + for ifile in $$d/$$file $$d/$$file-[0-9] $$d/$$file-[0-9][0-9] \ + $$d/$$file_i[0-9] $$d/$$file_i[0-9][0-9] ; do \ + if test -f $$ifile; then \ + echo "$$ifile"; \ + else : ; fi; \ + done; \ + done | $(am__base_list) | \ + while read files; do \ + echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(infodir)'"; \ + $(INSTALL_DATA) $$files "$(DESTDIR)$(infodir)" || exit $$?; done + @$(POST_INSTALL) + @if $(am__can_run_installinfo); then \ + list='$(INFO_DEPS)'; test -n "$(infodir)" || list=; \ + for file in $$list; do \ + relfile=`echo "$$file" | sed 's|^.*/||'`; \ + echo " install-info --info-dir='$(DESTDIR)$(infodir)' '$(DESTDIR)$(infodir)/$$relfile'";\ + install-info --info-dir="$(DESTDIR)$(infodir)" "$(DESTDIR)$(infodir)/$$relfile" || :;\ + done; \ + else : ; fi +install-man: + +install-pdf: install-pdf-recursive + +install-pdf-am: $(PDFS) + @$(NORMAL_INSTALL) + @list='$(PDFS)'; test -n "$(pdfdir)" || list=; \ + if test -n "$$list"; then \ + echo " $(MKDIR_P) '$(DESTDIR)$(pdfdir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(pdfdir)" || exit 1; \ + fi; \ + for p in $$list; do \ + if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ + echo "$$d$$p"; \ + done | $(am__base_list) | \ + while read files; do \ + echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(pdfdir)'"; \ + $(INSTALL_DATA) $$files "$(DESTDIR)$(pdfdir)" || exit $$?; done +install-ps: install-ps-recursive + +install-ps-am: $(PSS) + @$(NORMAL_INSTALL) + @list='$(PSS)'; test -n "$(psdir)" || list=; \ + if test -n "$$list"; then \ + echo " $(MKDIR_P) '$(DESTDIR)$(psdir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(psdir)" || exit 1; \ + fi; \ + for p in $$list; do \ + if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ + echo "$$d$$p"; \ + done | $(am__base_list) | \ + while read files; do \ + echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(psdir)'"; \ + $(INSTALL_DATA) $$files "$(DESTDIR)$(psdir)" || exit $$?; done +installcheck-am: + +maintainer-clean: maintainer-clean-recursive + -rm -f ./$(DEPDIR)/alert-printlist.Po + -rm -f ./$(DEPDIR)/common.Po + -rm -f ./$(DEPDIR)/errcodes.Po + -rm -f ./$(DEPDIR)/printlist.Po + -rm -f Makefile +maintainer-clean-am: distclean-am maintainer-clean-1 \ + maintainer-clean-aminfo maintainer-clean-generic \ + maintainer-clean-vti + +mostlyclean: mostlyclean-recursive + +mostlyclean-am: mostlyclean-1 mostlyclean-aminfo mostlyclean-compile \ + mostlyclean-generic mostlyclean-libtool mostlyclean-vti + +pdf: pdf-recursive + +pdf-am: $(PDFS) + +ps: ps-recursive + +ps-am: $(PSS) + +uninstall-am: uninstall-dvi-am uninstall-html-am uninstall-htmlDATA \ + uninstall-info-am uninstall-infoimagesDATA uninstall-pdf-am \ + uninstall-ps-am + +.MAKE: $(am__recursive_targets) all check install install-am \ + install-strip + +.PHONY: $(am__recursive_targets) CTAGS GTAGS TAGS all all-am \ + am--depfiles check check-am clean clean-aminfo clean-generic \ + clean-libtool clean-local cscopelist-am ctags ctags-am \ + dist-info distclean distclean-compile distclean-generic \ + distclean-libtool distclean-tags distdir dvi dvi-am html \ + html-am info info-am install install-am install-data \ + install-data-am install-dvi install-dvi-am install-exec \ + install-exec-am install-html install-html-am install-htmlDATA \ + install-info install-info-am install-infoimagesDATA \ + install-man install-pdf install-pdf-am install-ps \ + install-ps-am install-strip installcheck installcheck-am \ + installdirs installdirs-am maintainer-clean maintainer-clean-1 \ + maintainer-clean-aminfo maintainer-clean-generic \ + maintainer-clean-vti mostlyclean mostlyclean-1 \ + mostlyclean-aminfo mostlyclean-compile mostlyclean-generic \ + mostlyclean-libtool mostlyclean-vti pdf pdf-am ps ps-am tags \ + tags-am uninstall uninstall-am uninstall-dvi-am \ + uninstall-html-am uninstall-htmlDATA uninstall-info-am \ + uninstall-infoimagesDATA uninstall-pdf-am uninstall-ps-am + +.PRECIOUS: Makefile + + +-include $(top_srcdir)/doc/doc.mk + +invoke-gnutls-cli.texi: $(top_srcdir)/src/cli-args.def + PATH="$(top_builddir)/src/$(PATH_SEPARATOR)$${PATH}$(PATH_SEPARATOR)" $(AUTOGEN) -L$(top_builddir)/src -Tagtexi-cmd.tpl $<; \ + if [ ! -e $@ ]; then \ + cp $(srcdir)/$@ .; \ + fi; \ + $(srcdir)/scripts/cleanup-autogen.pl < $@ > $@.tmp && \ + mv -f $@.tmp $@ + +invoke-gnutls-cli-debug.texi: $(top_srcdir)/src/cli-debug-args.def invoke-gnutls-cli.texi + PATH="$(top_builddir)/src/$(PATH_SEPARATOR)$${PATH}$(PATH_SEPARATOR)" $(AUTOGEN) -L$(top_builddir)/src -Tagtexi-cmd.tpl $<; \ + if [ ! -e $@ ]; then \ + cp $(srcdir)/$@ .; \ + fi; \ + $(srcdir)/scripts/cleanup-autogen.pl < $@ > $@.tmp && \ + mv -f $@.tmp $@ + +invoke-gnutls-serv.texi: $(top_srcdir)/src/serv-args.def invoke-gnutls-cli-debug.texi + PATH="$(top_builddir)/src/$(PATH_SEPARATOR)$${PATH}$(PATH_SEPARATOR)" $(AUTOGEN) -L$(top_builddir)/src -Tagtexi-cmd.tpl $<; \ + if [ ! -e $@ ]; then \ + cp $(srcdir)/$@ .; \ + fi; \ + $(srcdir)/scripts/cleanup-autogen.pl < $@ > $@.tmp && \ + mv -f $@.tmp $@ + +invoke-certtool.texi: $(top_srcdir)/src/certtool-args.def invoke-gnutls-serv.texi + PATH="$(top_builddir)/src/$(PATH_SEPARATOR)$${PATH}$(PATH_SEPARATOR)" $(AUTOGEN) -L$(top_builddir)/src -Tagtexi-cmd.tpl $<; \ + if [ ! -e $@ ]; then \ + cp $(srcdir)/$@ .; \ + fi; \ + $(srcdir)/scripts/cleanup-autogen.pl < $@ > $@.tmp && \ + rm -f $@ && \ + $(SED) -e 's/@subheading/@subsubheading/g' \ + -e 's/@section/@subsection/g' $@.tmp > $@ && \ + rm -f $@.tmp + +invoke-ocsptool.texi: $(top_srcdir)/src/ocsptool-args.def invoke-certtool.texi + PATH="$(top_builddir)/src/$(PATH_SEPARATOR)$${PATH}$(PATH_SEPARATOR)" $(AUTOGEN) -L$(top_builddir)/src -Tagtexi-cmd.tpl $<; \ + if [ ! -e $@ ]; then \ + cp $(srcdir)/$@ .; \ + fi; \ + $(srcdir)/scripts/cleanup-autogen.pl < $@ > $@.tmp && \ + rm -f $@ && \ + $(SED) -e 's/@subheading/@subsubheading/g' \ + -e 's/@section/@subsection/g' $@.tmp > $@ && \ + rm -f $@.tmp + +invoke-danetool.texi: $(top_srcdir)/src/danetool-args.def invoke-ocsptool.texi + PATH="$(top_builddir)/src/$(PATH_SEPARATOR)$${PATH}$(PATH_SEPARATOR)" $(AUTOGEN) -L$(top_builddir)/src -Tagtexi-cmd.tpl $<; \ + if [ ! -e $@ ]; then \ + cp $(srcdir)/$@ .; \ + fi; \ + $(srcdir)/scripts/cleanup-autogen.pl < $@ > $@.tmp && \ + rm -f $@ && \ + $(SED) -e 's/@subheading/@subsubheading/g' \ + -e 's/@section/@subsection/g' $@.tmp > $@ && \ + rm -f $@.tmp + +invoke-srptool.texi: $(top_srcdir)/src/srptool-args.def invoke-danetool.texi + PATH="$(top_builddir)/src/$(PATH_SEPARATOR)$${PATH}$(PATH_SEPARATOR)" $(AUTOGEN) -L$(top_builddir)/src -Tagtexi-cmd.tpl $<; \ + if [ ! -e $@ ]; then \ + cp $(srcdir)/$@ .; \ + fi; \ + $(srcdir)/scripts/cleanup-autogen.pl < $@ > $@.tmp && \ + rm -f $@ && \ + $(SED) -e 's/@subheading/@subsubheading/g' \ + -e 's/@section/@subsubsection/g' $@.tmp > $@ && \ + rm -f $@.tmp + +invoke-psktool.texi: $(top_srcdir)/src/psktool-args.def invoke-srptool.texi + PATH="$(top_builddir)/src/$(PATH_SEPARATOR)$${PATH}$(PATH_SEPARATOR)" $(AUTOGEN) -L$(top_builddir)/src -Tagtexi-cmd.tpl $<; \ + if [ ! -e $@ ]; then \ + cp $(srcdir)/$@ .; \ + fi; \ + $(srcdir)/scripts/cleanup-autogen.pl < $@ > $@.tmp && \ + rm -f $@ && \ + $(SED) -e 's/@subheading/@subsubheading/g' \ + -e 's/@section/@subsubsection/g' $@.tmp > $@ && \ + rm -f $@.tmp + +invoke-p11tool.texi: $(top_srcdir)/src/p11tool-args.def invoke-psktool.texi + PATH="$(top_builddir)/src/$(PATH_SEPARATOR)$${PATH}$(PATH_SEPARATOR)" $(AUTOGEN) -L$(top_builddir)/src -Tagtexi-cmd.tpl $<; \ + if [ ! -e $@ ]; then \ + cp $(srcdir)/$@ .; \ + fi; \ + $(srcdir)/scripts/cleanup-autogen.pl < $@ > $@.tmp && \ + rm -f $@ && \ + $(SED) \ + -e 's/@subsection/@subsubheading/g' \ + -e 's/@section/@subsection/g' $@.tmp > $@ && \ + rm -f $@.tmp + +invoke-tpmtool.texi: $(top_srcdir)/src/tpmtool-args.def invoke-p11tool.texi + PATH="$(top_builddir)/src/$(PATH_SEPARATOR)$${PATH}$(PATH_SEPARATOR)" $(AUTOGEN) -L$(top_builddir)/src -Tagtexi-cmd.tpl $<; \ + if [ ! -e $@ ]; then \ + cp $(srcdir)/$@ .; \ + fi; \ + $(srcdir)/scripts/cleanup-autogen.pl < $@ > $@.tmp && \ + rm -f $@ && \ + $(SED) \ + -e 's/@subsection/@subsubheading/g' \ + -e 's/@section/@subsection/g' $@.tmp > $@ && \ + rm -f $@.tmp + +clean-local: + -rm -f stamp_enums stamp_functions + -rm -rf functions/ enums/ + -rm -f $(API_FILES) + +gnutls-api.texi: $(top_srcdir)/lib/includes/gnutls/gnutls.h.in + echo "" > $@-tmp + for i in `$(top_srcdir)/doc/scripts/getfuncs.pl < $< |sort|uniq`; do \ + echo $(ECHO_N) "Creating documentation for $$i... " && \ + $(srcdir)/scripts/gdoc -texinfo \ + -function $$i \ + $(C_SOURCE_FILES) >> $@-tmp && \ + echo "ok"; \ + done + mv -f $@-tmp $@ + +socket-api.texi: $(top_srcdir)/lib/includes/gnutls/socket.h + echo "" > $@-tmp + for i in `$(top_srcdir)/doc/scripts/getfuncs.pl < $< |sort|uniq`; do \ + echo $(ECHO_N) "Creating documentation for $$i... " && \ + $(srcdir)/scripts/gdoc -texinfo \ + -function $$i \ + $(C_SOURCE_FILES) >> $@-tmp && \ + echo "ok"; \ + done + mv -f $@-tmp $@ + +dane-api.texi: $(top_srcdir)/libdane/includes/gnutls/dane.h + echo "" > $@-tmp + for i in `$(top_srcdir)/doc/scripts/getfuncs.pl < $< |sort|uniq`; do \ + echo $(ECHO_N) "Creating documentation for $$i... " && \ + $(srcdir)/scripts/gdoc -texinfo \ + -function $$i \ + $(C_SOURCE_FILES) >> $@-tmp && \ + echo "ok"; \ + done + mv -f $@-tmp $@ + +x509-api.texi: $(top_srcdir)/lib/includes/gnutls/x509.h $(top_srcdir)/lib/includes/gnutls/x509-ext.h + echo "" > $@-tmp + cat $^ > $@-tmp2 + for i in `$(top_srcdir)/doc/scripts/getfuncs.pl < $@-tmp2 |sort |uniq`; do \ + echo $(ECHO_N) "Creating documentation for $$i... " && \ + $(srcdir)/scripts/gdoc -texinfo \ + -function $$i \ + $(C_SOURCE_FILES) >> $@-tmp && \ + echo "ok"; \ + done + rm -f $@-tmp2 + mv -f $@-tmp $@ + +pkcs12-api.texi: $(top_srcdir)/lib/includes/gnutls/pkcs12.h + echo "" > $@-tmp + for i in `$(top_srcdir)/doc/scripts/getfuncs.pl < $< |sort|uniq`; do \ + echo $(ECHO_N) "Creating documentation for $$i... " && \ + $(srcdir)/scripts/gdoc -texinfo \ + -function $$i \ + $(C_X509_SOURCE_FILES) >> $@-tmp && \ + echo "ok"; \ + done + mv -f $@-tmp $@ + +pkcs11-api.texi: $(top_srcdir)/lib/includes/gnutls/pkcs11.h + echo "" > $@-tmp + for i in `$(top_srcdir)/doc/scripts/getfuncs.pl < $< |sort|uniq`; do \ + echo $(ECHO_N) "Creating documentation for $$i... " && \ + $(srcdir)/scripts/gdoc -texinfo \ + -function $$i \ + $(C_SOURCE_FILES) >> $@-tmp && \ + echo "ok"; \ + done + mv -f $@-tmp $@ + +pkcs7-api.texi: $(top_srcdir)/lib/includes/gnutls/pkcs7.h + echo "" > $@-tmp + for i in `$(top_srcdir)/doc/scripts/getfuncs.pl < $< |sort|uniq`; do \ + echo $(ECHO_N) "Creating documentation for $$i... " && \ + $(srcdir)/scripts/gdoc -texinfo \ + -function $$i \ + $(C_X509_SOURCE_FILES) >> $@-tmp && \ + echo "ok"; \ + done + mv -f $@-tmp $@ + +tpm-api.texi: $(top_srcdir)/lib/includes/gnutls/tpm.h + echo "" > $@-tmp + for i in `$(top_srcdir)/doc/scripts/getfuncs.pl < $< |sort|uniq`; do \ + echo $(ECHO_N) "Creating documentation for $$i... " && \ + $(srcdir)/scripts/gdoc -texinfo \ + -function $$i \ + $(C_SOURCE_FILES) >> $@-tmp && \ + echo "ok"; \ + done + mv -f $@-tmp $@ + +abstract-api.texi: $(top_srcdir)/lib/includes/gnutls/abstract.h $(top_srcdir)/lib/includes/gnutls/urls.h $(top_srcdir)/lib/includes/gnutls/system-keys.h + echo "" > $@-tmp + cat $^ >$@-headers-tmp + for i in `$(top_srcdir)/doc/scripts/getfuncs.pl < $@-headers-tmp |sort|uniq`; do \ + echo $(ECHO_N) "Creating documentation for $$i... " && \ + $(srcdir)/scripts/gdoc -texinfo \ + -function $$i \ + $(C_SOURCE_FILES) >> $@-tmp && \ + echo "ok"; \ + done + rm -f $@-headers-tmp + mv -f $@-tmp $@ + +compat-api.texi: $(top_srcdir)/lib/includes/gnutls/compat.h + echo "" > $@-tmp + for i in `$(top_srcdir)/doc/scripts/getfuncs.pl < $< |sort|uniq`; do \ + echo $(ECHO_N) "Creating documentation for $$i... " && \ + $(srcdir)/scripts/gdoc -texinfo \ + -function $$i \ + $(C_SOURCE_FILES) >> $@-tmp && \ + echo "ok"; \ + done + mv -f $@-tmp $@ + +dtls-api.texi: $(top_srcdir)/lib/includes/gnutls/dtls.h + echo "" > $@-tmp + for i in `$(top_srcdir)/doc/scripts/getfuncs.pl < $< |sort|uniq`; do \ + echo $(ECHO_N) "Creating documentation for $$i... " && \ + $(srcdir)/scripts/gdoc -texinfo \ + -function $$i \ + $(C_SOURCE_FILES) >> $@-tmp && \ + echo "ok"; \ + done + mv -f $@-tmp $@ + +crypto-api.texi: $(top_srcdir)/lib/includes/gnutls/crypto.h + echo "" > $@-tmp + for i in `$(top_srcdir)/doc/scripts/getfuncs.pl < $< |sort|uniq`; do \ + echo $(ECHO_N) "Creating documentation for $$i... " && \ + $(srcdir)/scripts/gdoc -texinfo \ + -function $$i \ + $(C_SOURCE_FILES) >> $@-tmp && \ + echo "ok"; \ + done + mv -f $@-tmp $@ + +ocsp-api.texi: $(top_srcdir)/lib/includes/gnutls/ocsp.h + echo "" > $@-tmp + for i in `$(top_srcdir)/doc/scripts/getfuncs.pl < $< |sort|uniq`; do \ + echo $(ECHO_N) "Creating documentation for $$i... " && \ + $(srcdir)/scripts/gdoc -texinfo \ + -function $$i \ + $(C_X509_SOURCE_FILES) >> $@-tmp && \ + echo "ok"; \ + done + mv -f $@-tmp $@ + +error_codes.texi: $(top_srcdir)/lib/errors.c $(srcdir)/errcodes.c + $(MAKE) $(builddir)/errcodes + $(builddir)/errcodes > $@-tmp + mv -f $@-tmp $@ + +algorithms.texi: $(top_srcdir)/lib/algorithms/ciphers.c $(srcdir)/printlist.c + $(MAKE) $(builddir)/printlist + $(builddir)/printlist > $@-tmp + mv -f $@-tmp $@ + +alerts.texi: $(top_srcdir)/lib/alert.c $(srcdir)/alert-printlist.c + $(MAKE) $(builddir)/alert-printlist + $(builddir)/alert-printlist > $@-tmp + mv -f $@-tmp $@ + +enums.texi: $(HEADER_FILES) + echo "" > $@-tmp + for i in $^; do \ + echo $(ECHO_N) "Creating documentation for $$i... " && \ + $(srcdir)/scripts/gdoc -texinfo $$i >> $@-tmp && \ + echo "ok"; \ + done + mv -f $@-tmp $@ + +stamp_functions: $(API_FILES) + -mkdir functions + -rm -f functions/*.short + for i in $^; do \ + $(srcdir)/scripts/split-texi.pl functions < $$i; \ + done + $(SED) -i 's/\@anchor{.*//g' functions/* + $(SED) -i 's/\@subheading.*//g' functions/* + cd functions && for i in *;do grep ^"@deftypefun" $$i | $(SED) 's/@deftypefun/@item/g;s/ {/ @var{/;s/ {/ @ref{/' > ../functions/$$i.short;done + echo $@ > $@ + +stamp_enums: enums.texi + -mkdir enums + $(srcdir)/scripts/split-texi.pl enums enum < $< + echo $@ > $@ + +$(ENUMS): stamp_enums + +$(FUNCS): stamp_functions + +compare-exported: + rm -f tmp-exp-$@ tmp-head-$@ + for i in $(top_srcdir)/libdane/includes/gnutls/*.h $(top_srcdir)/lib/includes/gnutls/*.h $(top_builddir)/lib/includes/gnutls/*.h;do perl $(srcdir)/scripts/getfuncs.pl <$$i >>tmp-head-$@;done + sort -u tmp-head-$@ > tmp2-head-$@ + mv tmp2-head-$@ tmp-head-$@ + $(srcdir)/scripts/getfuncs-map.pl <$(top_srcdir)/lib/libgnutls.map >tmp-exp-$@ + $(srcdir)/scripts/getfuncs-map.pl <$(top_srcdir)/libdane/libdane.map >>tmp-exp-$@ + sort -u tmp-exp-$@ > tmp2-exp-$@ + mv tmp2-exp-$@ tmp-exp-$@ + @echo "******************************************************************************" + @echo "If the following step fails there is a symbol in headers that is not exported or vice-versa" + @echo "******************************************************************************" + diff -u tmp-exp-$@ tmp-head-$@ + rm -f tmp-exp-$@ tmp-head-$@ + +compare-makefile: enums.texi + @echo "******************************************************************************" + @echo "If the following step fails use 'make files-update'" + @echo "******************************************************************************" + ENUMS=`grep '^@c ' $< | $(SED) 's/@c //g' | sort -d`; \ + STR=""; \ + for i in $$ENUMS; do \ + STR="$$STR\nENUMS += enums/$$i"; \ + done; \ + grep -v -e '^ENUMS += ' $(srcdir)/Makefile.am | \ + perl -p -e "s,^ENUMS =,ENUMS =$$STR," > tmp-$@; \ + diff -u $(srcdir)/Makefile.am tmp-$@ >/dev/null + rm -f tmp-$@ + FUNCS=`cat $(HEADER_FILES) | $(top_srcdir)/doc/scripts/getfuncs.pl|sort -d|uniq`; \ + MANS=""; \ + for i in $$FUNCS; do \ + MANS="$$MANS\nFUNCS += functions/$$i\nFUNCS += functions/$$i.short"; \ + done; \ + grep -v -e '^FUNCS += ' $(srcdir)/Makefile.am > tmp-$@; \ + echo "\"s,^FUNCS =,FUNCS =$$MANS,\" -i tmp-$@"|xargs $(SED) + @echo "******************************************************************************" + @echo "If the following step fails use 'make files-update'" + @echo "******************************************************************************" + diff -u $(srcdir)/Makefile.am tmp-$@ >/dev/null + rm -f tmp-$@ + +.PHONY: compare-makefile compare-exported + +@HAVE_GUILE_TRUE@core.c.texi: $(top_srcdir)/guile/src/core.c +@HAVE_GUILE_TRUE@ $(MAKE) -C ../guile/src built-sources && \ +@HAVE_GUILE_TRUE@ $(GUILE_FOR_BUILD) -l "$(srcdir)/extract-guile-c-doc.scm" \ +@HAVE_GUILE_TRUE@ -e '(apply main (cdr (command-line)))' \ +@HAVE_GUILE_TRUE@ -- "$^" "$(CPP)" "$(SNARF_CPPFLAGS) $(CPPFLAGS)" \ +@HAVE_GUILE_TRUE@ > "$@" + +@HAVE_GUILE_FALSE@core.c.texi: +@HAVE_GUILE_FALSE@ echo "(Guile not available, documentation not generated.)" > $@ + +gnutls.xml: epub.texi + makeinfo --docbook $< + $(SED) -i 's/\&\#8226;//g' $@ + +gnutls.epub: gnutls.xml + dbtoepub $< + -epub-fix --delete-unmanifested gnutls.epub + +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff --git a/doc/TODO b/doc/TODO new file mode 100644 index 0000000..e6e54f4 --- /dev/null +++ b/doc/TODO @@ -0,0 +1,6 @@ +If you want to contribute (implement something from the current list, or +anything), contact the developer's mailing list (gnutls-dev@lists.gnupg.org), +in order to avoid having people working on the same thing. + +The TODO list is now kept as issues at gitlab, check: +https://gitlab.com/gnutls/gnutls/issues diff --git a/doc/abstract-api.texi b/doc/abstract-api.texi new file mode 100644 index 0000000..be0759f --- /dev/null +++ b/doc/abstract-api.texi @@ -0,0 +1,2665 @@ + +@subheading gnutls_certificate_set_key +@anchor{gnutls_certificate_set_key} +@deftypefun {int} {gnutls_certificate_set_key} (gnutls_certificate_credentials_t @var{res}, const char ** @var{names}, int @var{names_size}, gnutls_pcert_st * @var{pcert_list}, int @var{pcert_list_size}, gnutls_privkey_t @var{key}) +@var{res}: is a @code{gnutls_certificate_credentials_t} type. + +@var{names}: is an array of DNS names belonging to the public-key (NULL if none) + +@var{names_size}: holds the size of the names list + +@var{pcert_list}: contains a certificate list (chain) or raw public-key + +@var{pcert_list_size}: holds the size of the certificate list + +@var{key}: is a @code{gnutls_privkey_t} key corresponding to the first public-key in pcert_list + +This function sets a public/private key pair in the +gnutls_certificate_credentials_t type. The given public key may be encapsulated +in a certificate or can be given as a raw key. This function may be +called more than once, in case multiple key pairs exist for +the server. For clients that want to send more than their own end- +entity certificate (e.g., also an intermediate CA cert), the full +certificate chain must be provided in @code{pcert_list} . + +Note that the @code{key} will become part of the credentials structure and must +not be deallocated. It will be automatically deallocated when the @code{res} structure +is deinitialized. + +If this function fails, the @code{res} structure is at an undefined state and it must +not be reused to load other keys or certificates. + +Note that, this function by default returns zero on success and a negative value on error. +Since 3.5.6, when the flag @code{GNUTLS_CERTIFICATE_API_V2} is set using @code{gnutls_certificate_set_flags()} +it returns an index (greater or equal to zero). That index can be used for other functions to refer to the added key-pair. + +Since GnuTLS 3.6.6 this function also handles raw public keys. + +@strong{Returns:} On success this functions returns zero, and otherwise a negative value on error (see above for modifying that behavior). + +@strong{Since:} 3.0 +@end deftypefun + +@subheading gnutls_certificate_set_retrieve_function2 +@anchor{gnutls_certificate_set_retrieve_function2} +@deftypefun {void} {gnutls_certificate_set_retrieve_function2} (gnutls_certificate_credentials_t @var{cred}, gnutls_certificate_retrieve_function2 * @var{func}) +@var{cred}: is a @code{gnutls_certificate_credentials_t} type. + +@var{func}: is the callback function + +This function sets a callback to be called in order to retrieve the +certificate to be used in the handshake. The callback will take control +only if a certificate is requested by the peer. + +The callback's function prototype is: +int (*callback)(gnutls_session_t, const gnutls_datum_t* req_ca_dn, int nreqs, +const gnutls_pk_algorithm_t* pk_algos, int pk_algos_length, gnutls_pcert_st** pcert, +unsigned int *pcert_length, gnutls_privkey_t * pkey); + + @code{req_ca_dn} is only used in X.509 certificates. +Contains a list with the CA names that the server considers trusted. +This is a hint and typically the client should send a certificate that is signed +by one of these CAs. These names, when available, are DER encoded. To get a more +meaningful value use the function @code{gnutls_x509_rdn_get()} . + + @code{pk_algos} contains a list with server's acceptable public key algorithms. +The certificate returned should support the server's given algorithms. + + @code{pcert} should contain a single certificate and public key or a list of them. + + @code{pcert_length} is the size of the previous list. + + @code{pkey} is the private key. + +If the callback function is provided then gnutls will call it, in the +handshake, after the certificate request message has been received. +All the provided by the callback values will not be released or +modified by gnutls. + +In server side pk_algos and req_ca_dn are NULL. + +The callback function should set the certificate list to be sent, +and return 0 on success. If no certificate was selected then the +number of certificates should be set to zero. The value (-1) +indicates error and the handshake will be terminated. If both certificates +are set in the credentials and a callback is available, the callback +takes predence. + +@strong{Since:} 3.0 +@end deftypefun + +@subheading gnutls_certificate_set_retrieve_function3 +@anchor{gnutls_certificate_set_retrieve_function3} +@deftypefun {void} {gnutls_certificate_set_retrieve_function3} (gnutls_certificate_credentials_t @var{cred}, gnutls_certificate_retrieve_function3 * @var{func}) +@var{cred}: is a @code{gnutls_certificate_credentials_t} type. + +@var{func}: is the callback function + +This function sets a callback to be called in order to retrieve the +certificate and OCSP responses to be used in the handshake. @code{func} will +be called only if the peer requests a certificate either during handshake +or during post-handshake authentication. + +The callback's function prototype is defined in `abstract.h': +int (*callback)(gnutls_session_t, const struct gnutls_cert_retr_st *info, +gnutls_pcert_st **certs, unsigned int *pcert_length, +gnutls_datum_t **ocsp, unsigned int *ocsp_length, +gnutls_privkey_t * pkey, unsigned int *flags); + +The info field of the callback contains: + @code{req_ca_dn} which is a list with the CA names that the server considers trusted. +This is a hint and typically the client should send a certificate that is signed +by one of these CAs. These names, when available, are DER encoded. To get a more +meaningful value use the function @code{gnutls_x509_rdn_get()} . + @code{pk_algos} contains a list with server's acceptable public key algorithms. +The certificate returned should support the server's given algorithms. + +The callback should fill-in the following values. + + @code{pcert} should contain an allocated list of certificates and public keys. + @code{pcert_length} is the size of the previous list. + @code{ocsp} should contain an allocated list of OCSP responses. + @code{ocsp_length} is the size of the previous list. + @code{pkey} is the private key. + +If flags in the callback are set to @code{GNUTLS_CERT_RETR_DEINIT_ALL} then +all provided values must be allocated using @code{gnutls_malloc()} , and will +be released by gnutls; otherwise they will not be touched by gnutls. + +The callback function should set the certificate and OCSP response +list to be sent, and return 0 on success. If no certificates are available, +the @code{pcert_length} and @code{ocsp_length} should be set to zero. The return +value (-1) indicates error and the handshake will be terminated. If both +certificates are set in the credentials and a callback is available, the +callback takes predence. + +@strong{Since:} 3.6.3 +@end deftypefun + +@subheading gnutls_pcert_deinit +@anchor{gnutls_pcert_deinit} +@deftypefun {void} {gnutls_pcert_deinit} (gnutls_pcert_st * @var{pcert}) +@var{pcert}: The structure to be deinitialized + +This function will deinitialize a pcert structure. + +@strong{Since:} 3.0 +@end deftypefun + +@subheading gnutls_pcert_export_openpgp +@anchor{gnutls_pcert_export_openpgp} +@deftypefun {int} {gnutls_pcert_export_openpgp} (gnutls_pcert_st * @var{pcert}, gnutls_openpgp_crt_t * @var{crt}) +@var{pcert}: The pcert structure. + +@var{crt}: An initialized @code{gnutls_openpgp_crt_t} . + +This function is no-op. + +@strong{Returns:} @code{GNUTLS_E_UNIMPLEMENTED_FEATURE} . + +@strong{Since:} 3.4.0 +@end deftypefun + +@subheading gnutls_pcert_export_x509 +@anchor{gnutls_pcert_export_x509} +@deftypefun {int} {gnutls_pcert_export_x509} (gnutls_pcert_st * @var{pcert}, gnutls_x509_crt_t * @var{crt}) +@var{pcert}: The pcert structure. + +@var{crt}: An initialized @code{gnutls_x509_crt_t} . + +Converts the given @code{gnutls_pcert_t} type into a @code{gnutls_x509_crt_t} . +This function only works if the type of @code{pcert} is @code{GNUTLS_CRT_X509} . +When successful, the value written to @code{crt} must be freed with +@code{gnutls_x509_crt_deinit()} when no longer needed. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.4.0 +@end deftypefun + +@subheading gnutls_pcert_import_openpgp +@anchor{gnutls_pcert_import_openpgp} +@deftypefun {int} {gnutls_pcert_import_openpgp} (gnutls_pcert_st * @var{pcert}, gnutls_openpgp_crt_t @var{crt}, unsigned int @var{flags}) +@var{pcert}: The pcert structure + +@var{crt}: The raw certificate to be imported + +@var{flags}: zero for now + +This function is no-op. + +@strong{Returns:} @code{GNUTLS_E_UNIMPLEMENTED_FEATURE} . + +@strong{Since:} 3.0 +@end deftypefun + +@subheading gnutls_pcert_import_openpgp_raw +@anchor{gnutls_pcert_import_openpgp_raw} +@deftypefun {int} {gnutls_pcert_import_openpgp_raw} (gnutls_pcert_st * @var{pcert}, const gnutls_datum_t * @var{cert}, gnutls_openpgp_crt_fmt_t @var{format}, gnutls_openpgp_keyid_t @var{keyid}, unsigned int @var{flags}) +@var{pcert}: The pcert structure + +@var{cert}: The raw certificate to be imported + +@var{format}: The format of the certificate + +@var{keyid}: The key ID to use (NULL for the master key) + +@var{flags}: zero for now + +This function is no-op. + +@strong{Returns:} @code{GNUTLS_E_UNIMPLEMENTED_FEATURE} . + +@strong{Since:} 3.0 +@end deftypefun + +@subheading gnutls_pcert_import_rawpk +@anchor{gnutls_pcert_import_rawpk} +@deftypefun {int} {gnutls_pcert_import_rawpk} (gnutls_pcert_st* @var{pcert}, gnutls_pubkey_t @var{pubkey}, unsigned int @var{flags}) +@var{pcert}: The pcert structure to import the data into. + +@var{pubkey}: The raw public-key in @code{gnutls_pubkey_t} format to be imported + +@var{flags}: zero for now + +This convenience function will import (i.e. convert) the given raw +public key @code{pubkey} into a @code{gnutls_pcert_st} structure. The structure +must be deinitialized afterwards using @code{gnutls_pcert_deinit()} . The +given @code{pubkey} must not be deinitialized because it will be associated +with the given @code{pcert} structure and will be deinitialized with it. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.6.6 +@end deftypefun + +@subheading gnutls_pcert_import_rawpk_raw +@anchor{gnutls_pcert_import_rawpk_raw} +@deftypefun {int} {gnutls_pcert_import_rawpk_raw} (gnutls_pcert_st* @var{pcert}, const gnutls_datum_t* @var{rawpubkey}, gnutls_x509_crt_fmt_t @var{format}, unsigned int @var{key_usage}, unsigned int @var{flags}) +@var{pcert}: The pcert structure to import the data into. + +@var{rawpubkey}: The raw public-key in @code{gnutls_datum_t} format to be imported. + +@var{format}: The format of the raw public-key. DER or PEM. + +@var{key_usage}: An ORed sequence of @code{GNUTLS_KEY_} * flags. + +@var{flags}: zero for now + +This convenience function will import (i.e. convert) the given raw +public key @code{rawpubkey} into a @code{gnutls_pcert_st} structure. The structure +must be deinitialized afterwards using @code{gnutls_pcert_deinit()} . +Note that the caller is responsible for freeing @code{rawpubkey} . All necessary +values will be copied into @code{pcert} . + +Key usage (as defined by X.509 extension (2.5.29.15)) can be explicitly +set because there is no certificate structure around the key to define +this value. See for more info @code{gnutls_x509_crt_get_key_usage()} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.6.6 +@end deftypefun + +@subheading gnutls_pcert_import_x509 +@anchor{gnutls_pcert_import_x509} +@deftypefun {int} {gnutls_pcert_import_x509} (gnutls_pcert_st * @var{pcert}, gnutls_x509_crt_t @var{crt}, unsigned int @var{flags}) +@var{pcert}: The pcert structure + +@var{crt}: The certificate to be imported + +@var{flags}: zero for now + +This convenience function will import the given certificate to a +@code{gnutls_pcert_st} structure. The structure must be deinitialized +afterwards using @code{gnutls_pcert_deinit()} ; + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.0 +@end deftypefun + +@subheading gnutls_pcert_import_x509_list +@anchor{gnutls_pcert_import_x509_list} +@deftypefun {int} {gnutls_pcert_import_x509_list} (gnutls_pcert_st * @var{pcert_list}, gnutls_x509_crt_t * @var{crt}, unsigned * @var{ncrt}, unsigned int @var{flags}) +@var{pcert_list}: The structures to store the certificates; must not contain initialized @code{gnutls_pcert_st} structures. + +@var{crt}: The certificates to be imported + +@var{ncrt}: The number of certificates in @code{crt} ; will be updated if necessary + +@var{flags}: zero or @code{GNUTLS_X509_CRT_LIST_SORT} + +This convenience function will import the given certificates to an +already allocated set of @code{gnutls_pcert_st} structures. The structures must +be deinitialized afterwards using @code{gnutls_pcert_deinit()} . @code{pcert_list} should contain space for at least @code{ncrt} elements. + +In the case @code{GNUTLS_X509_CRT_LIST_SORT} is specified and that +function cannot sort the list, @code{GNUTLS_E_CERTIFICATE_LIST_UNSORTED} +will be returned. Currently sorting can fail if the list size +exceeds an internal constraint (16). + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.4.0 +@end deftypefun + +@subheading gnutls_pcert_import_x509_raw +@anchor{gnutls_pcert_import_x509_raw} +@deftypefun {int} {gnutls_pcert_import_x509_raw} (gnutls_pcert_st * @var{pcert}, const gnutls_datum_t * @var{cert}, gnutls_x509_crt_fmt_t @var{format}, unsigned int @var{flags}) +@var{pcert}: The pcert structure + +@var{cert}: The raw certificate to be imported + +@var{format}: The format of the certificate + +@var{flags}: zero for now + +This convenience function will import the given certificate to a +@code{gnutls_pcert_st} structure. The structure must be deinitialized +afterwards using @code{gnutls_pcert_deinit()} ; + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.0 +@end deftypefun + +@subheading gnutls_pcert_list_import_x509_file +@anchor{gnutls_pcert_list_import_x509_file} +@deftypefun {int} {gnutls_pcert_list_import_x509_file} (gnutls_pcert_st * @var{pcert_list}, unsigned * @var{pcert_list_size}, const char * @var{file}, gnutls_x509_crt_fmt_t @var{format}, gnutls_pin_callback_t @var{pin_fn}, void * @var{pin_fn_userdata}, unsigned int @var{flags}) +@var{pcert_list}: The structures to store the certificates; must not contain initialized @code{gnutls_pcert_st} structures. + +@var{pcert_list_size}: Initially must hold the maximum number of certs. It will be updated with the number of certs available. + +@var{file}: A file or supported URI with the certificates to load + +@var{format}: @code{GNUTLS_X509_FMT_DER} or @code{GNUTLS_X509_FMT_PEM} if a file is given + +@var{pin_fn}: a PIN callback if not globally set + +@var{pin_fn_userdata}: parameter for the PIN callback + +@var{flags}: zero or flags from @code{gnutls_certificate_import_flags} + +This convenience function will import a certificate chain from the given +file or supported URI to @code{gnutls_pcert_st} structures. The structures +must be deinitialized afterwards using @code{gnutls_pcert_deinit()} . + +This function will always return a sorted certificate chain. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value; if the @code{pcert} list doesn't have enough space +@code{GNUTLS_E_SHORT_MEMORY_BUFFER} will be returned. + +@strong{Since:} 3.6.3 +@end deftypefun + +@subheading gnutls_pcert_list_import_x509_raw +@anchor{gnutls_pcert_list_import_x509_raw} +@deftypefun {int} {gnutls_pcert_list_import_x509_raw} (gnutls_pcert_st * @var{pcert_list}, unsigned int * @var{pcert_list_size}, const gnutls_datum_t * @var{data}, gnutls_x509_crt_fmt_t @var{format}, unsigned int @var{flags}) +@var{pcert_list}: The structures to store the certificates; must not contain initialized @code{gnutls_pcert_st} structures. + +@var{pcert_list_size}: Initially must hold the maximum number of certs. It will be updated with the number of certs available. + +@var{data}: The certificates. + +@var{format}: One of DER or PEM. + +@var{flags}: must be (0) or an OR'd sequence of gnutls_certificate_import_flags. + +This function will import the provided DER or PEM encoded certificates to an +already allocated set of @code{gnutls_pcert_st} structures. The structures must +be deinitialized afterwards using @code{gnutls_pcert_deinit()} . @code{pcert_list} should contain space for at least @code{pcert_list_size} elements. + +If the Certificate is PEM encoded it should have a header of "X509 +CERTIFICATE", or "CERTIFICATE". + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value; if the @code{pcert} list doesn't have enough space +@code{GNUTLS_E_SHORT_MEMORY_BUFFER} will be returned. + +@strong{Since:} 3.0 +@end deftypefun + +@subheading gnutls_privkey_decrypt_data +@anchor{gnutls_privkey_decrypt_data} +@deftypefun {int} {gnutls_privkey_decrypt_data} (gnutls_privkey_t @var{key}, unsigned int @var{flags}, const gnutls_datum_t * @var{ciphertext}, gnutls_datum_t * @var{plaintext}) +@var{key}: Holds the key + +@var{flags}: zero for now + +@var{ciphertext}: holds the data to be decrypted + +@var{plaintext}: will contain the decrypted data, allocated with @code{gnutls_malloc()} + +This function will decrypt the given data using the algorithm +supported by the private key. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 2.12.0 +@end deftypefun + +@subheading gnutls_privkey_decrypt_data2 +@anchor{gnutls_privkey_decrypt_data2} +@deftypefun {int} {gnutls_privkey_decrypt_data2} (gnutls_privkey_t @var{key}, unsigned int @var{flags}, const gnutls_datum_t * @var{ciphertext}, unsigned char * @var{plaintext}, size_t @var{plaintext_size}) +@var{key}: Holds the key + +@var{flags}: zero for now + +@var{ciphertext}: holds the data to be decrypted + +@var{plaintext}: a preallocated buffer that will be filled with the plaintext + +@var{plaintext_size}: in/out size of the plaintext + +This function will decrypt the given data using the algorithm +supported by the private key. Unlike with @code{gnutls_privkey_decrypt_data()} +this function operates in constant time and constant memory access. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.6.5 +@end deftypefun + +@subheading gnutls_privkey_deinit +@anchor{gnutls_privkey_deinit} +@deftypefun {void} {gnutls_privkey_deinit} (gnutls_privkey_t @var{key}) +@var{key}: The key to be deinitialized + +This function will deinitialize a private key structure. + +@strong{Since:} 2.12.0 +@end deftypefun + +@subheading gnutls_privkey_export_dsa_raw +@anchor{gnutls_privkey_export_dsa_raw} +@deftypefun {int} {gnutls_privkey_export_dsa_raw} (gnutls_privkey_t @var{key}, gnutls_datum_t * @var{p}, gnutls_datum_t * @var{q}, gnutls_datum_t * @var{g}, gnutls_datum_t * @var{y}, gnutls_datum_t * @var{x}) +@var{key}: Holds the public key + +@var{p}: will hold the p + +@var{q}: will hold the q + +@var{g}: will hold the g + +@var{y}: will hold the y + +@var{x}: will hold the x + +This function will export the DSA private key's parameters found +in the given structure. The new parameters will be allocated using +@code{gnutls_malloc()} and will be stored in the appropriate datum. + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, otherwise a negative error code. + +@strong{Since:} 3.3.0 +@end deftypefun + +@subheading gnutls_privkey_export_dsa_raw2 +@anchor{gnutls_privkey_export_dsa_raw2} +@deftypefun {int} {gnutls_privkey_export_dsa_raw2} (gnutls_privkey_t @var{key}, gnutls_datum_t * @var{p}, gnutls_datum_t * @var{q}, gnutls_datum_t * @var{g}, gnutls_datum_t * @var{y}, gnutls_datum_t * @var{x}, unsigned int @var{flags}) +@var{key}: Holds the public key + +@var{p}: will hold the p + +@var{q}: will hold the q + +@var{g}: will hold the g + +@var{y}: will hold the y + +@var{x}: will hold the x + +@var{flags}: flags from @code{gnutls_abstract_export_flags_t} + +This function will export the DSA private key's parameters found +in the given structure. The new parameters will be allocated using +@code{gnutls_malloc()} and will be stored in the appropriate datum. + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, otherwise a negative error code. + +@strong{Since:} 3.6.0 +@end deftypefun + +@subheading gnutls_privkey_export_ecc_raw +@anchor{gnutls_privkey_export_ecc_raw} +@deftypefun {int} {gnutls_privkey_export_ecc_raw} (gnutls_privkey_t @var{key}, gnutls_ecc_curve_t * @var{curve}, gnutls_datum_t * @var{x}, gnutls_datum_t * @var{y}, gnutls_datum_t * @var{k}) +@var{key}: Holds the public key + +@var{curve}: will hold the curve + +@var{x}: will hold the x-coordinate + +@var{y}: will hold the y-coordinate + +@var{k}: will hold the private key + +This function will export the ECC private key's parameters found +in the given structure. The new parameters will be allocated using +@code{gnutls_malloc()} and will be stored in the appropriate datum. + +In EdDSA curves the @code{y} parameter will be @code{NULL} and the other parameters +will be in the native format for the curve. + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, otherwise a negative error code. + +@strong{Since:} 3.3.0 +@end deftypefun + +@subheading gnutls_privkey_export_ecc_raw2 +@anchor{gnutls_privkey_export_ecc_raw2} +@deftypefun {int} {gnutls_privkey_export_ecc_raw2} (gnutls_privkey_t @var{key}, gnutls_ecc_curve_t * @var{curve}, gnutls_datum_t * @var{x}, gnutls_datum_t * @var{y}, gnutls_datum_t * @var{k}, unsigned int @var{flags}) +@var{key}: Holds the public key + +@var{curve}: will hold the curve + +@var{x}: will hold the x-coordinate + +@var{y}: will hold the y-coordinate + +@var{k}: will hold the private key + +@var{flags}: flags from @code{gnutls_abstract_export_flags_t} + +This function will export the ECC private key's parameters found +in the given structure. The new parameters will be allocated using +@code{gnutls_malloc()} and will be stored in the appropriate datum. + +In EdDSA curves the @code{y} parameter will be @code{NULL} and the other parameters +will be in the native format for the curve. + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, otherwise a negative error code. + +@strong{Since:} 3.6.0 +@end deftypefun + +@subheading gnutls_privkey_export_gost_raw2 +@anchor{gnutls_privkey_export_gost_raw2} +@deftypefun {int} {gnutls_privkey_export_gost_raw2} (gnutls_privkey_t @var{key}, gnutls_ecc_curve_t * @var{curve}, gnutls_digest_algorithm_t * @var{digest}, gnutls_gost_paramset_t * @var{paramset}, gnutls_datum_t * @var{x}, gnutls_datum_t * @var{y}, gnutls_datum_t * @var{k}, unsigned int @var{flags}) +@var{key}: Holds the public key + +@var{curve}: will hold the curve + +@var{digest}: will hold the digest + +@var{paramset}: will hold the GOST parameter set ID + +@var{x}: will hold the x-coordinate + +@var{y}: will hold the y-coordinate + +@var{k}: will hold the private key + +@var{flags}: flags from @code{gnutls_abstract_export_flags_t} + +This function will export the GOST private key's parameters found +in the given structure. The new parameters will be allocated using +@code{gnutls_malloc()} and will be stored in the appropriate datum. + +@strong{Note:} parameters will be stored with least significant byte first. On +version 3.6.3 this was incorrectly returned in big-endian format. + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, otherwise a negative error code. + +@strong{Since:} 3.6.3 +@end deftypefun + +@subheading gnutls_privkey_export_openpgp +@anchor{gnutls_privkey_export_openpgp} +@deftypefun {int} {gnutls_privkey_export_openpgp} (gnutls_privkey_t @var{pkey}, gnutls_openpgp_privkey_t * @var{key}) +@var{pkey}: The private key + +@var{key}: Location for the key to be exported. + +This function is no-op. + +@strong{Returns:} @code{GNUTLS_E_UNIMPLEMENTED_FEATURE} . + +@strong{Since:} 3.4.0 +@end deftypefun + +@subheading gnutls_privkey_export_pkcs11 +@anchor{gnutls_privkey_export_pkcs11} +@deftypefun {int} {gnutls_privkey_export_pkcs11} (gnutls_privkey_t @var{pkey}, gnutls_pkcs11_privkey_t * @var{key}) +@var{pkey}: The private key + +@var{key}: Location for the key to be exported. + +Converts the given abstract private key to a @code{gnutls_pkcs11_privkey_t} +type. The key must be of type @code{GNUTLS_PRIVKEY_PKCS11} . The key +returned in @code{key} must be deinitialized with +@code{gnutls_pkcs11_privkey_deinit()} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.4.0 +@end deftypefun + +@subheading gnutls_privkey_export_rsa_raw +@anchor{gnutls_privkey_export_rsa_raw} +@deftypefun {int} {gnutls_privkey_export_rsa_raw} (gnutls_privkey_t @var{key}, gnutls_datum_t * @var{m}, gnutls_datum_t * @var{e}, gnutls_datum_t * @var{d}, gnutls_datum_t * @var{p}, gnutls_datum_t * @var{q}, gnutls_datum_t * @var{u}, gnutls_datum_t * @var{e1}, gnutls_datum_t * @var{e2}) +@var{key}: Holds the certificate + +@var{m}: will hold the modulus + +@var{e}: will hold the public exponent + +@var{d}: will hold the private exponent + +@var{p}: will hold the first prime (p) + +@var{q}: will hold the second prime (q) + +@var{u}: will hold the coefficient + +@var{e1}: will hold e1 = d mod (p-1) + +@var{e2}: will hold e2 = d mod (q-1) + +This function will export the RSA private key's parameters found +in the given structure. The new parameters will be allocated using +@code{gnutls_malloc()} and will be stored in the appropriate datum. For +EdDSA keys, the @code{y} value should be @code{NULL} . + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, otherwise a negative error code. + +@strong{Since:} 3.3.0 +@end deftypefun + +@subheading gnutls_privkey_export_rsa_raw2 +@anchor{gnutls_privkey_export_rsa_raw2} +@deftypefun {int} {gnutls_privkey_export_rsa_raw2} (gnutls_privkey_t @var{key}, gnutls_datum_t * @var{m}, gnutls_datum_t * @var{e}, gnutls_datum_t * @var{d}, gnutls_datum_t * @var{p}, gnutls_datum_t * @var{q}, gnutls_datum_t * @var{u}, gnutls_datum_t * @var{e1}, gnutls_datum_t * @var{e2}, unsigned int @var{flags}) +@var{key}: Holds the certificate + +@var{m}: will hold the modulus + +@var{e}: will hold the public exponent + +@var{d}: will hold the private exponent + +@var{p}: will hold the first prime (p) + +@var{q}: will hold the second prime (q) + +@var{u}: will hold the coefficient + +@var{e1}: will hold e1 = d mod (p-1) + +@var{e2}: will hold e2 = d mod (q-1) + +@var{flags}: flags from @code{gnutls_abstract_export_flags_t} + +This function will export the RSA private key's parameters found +in the given structure. The new parameters will be allocated using +@code{gnutls_malloc()} and will be stored in the appropriate datum. + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, otherwise a negative error code. + +@strong{Since:} 3.6.0 +@end deftypefun + +@subheading gnutls_privkey_export_x509 +@anchor{gnutls_privkey_export_x509} +@deftypefun {int} {gnutls_privkey_export_x509} (gnutls_privkey_t @var{pkey}, gnutls_x509_privkey_t * @var{key}) +@var{pkey}: The private key + +@var{key}: Location for the key to be exported. + +Converts the given abstract private key to a @code{gnutls_x509_privkey_t} +type. The abstract key must be of type @code{GNUTLS_PRIVKEY_X509} . The input + @code{key} must not be initialized. The key returned in @code{key} should be deinitialized +using @code{gnutls_x509_privkey_deinit()} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.4.0 +@end deftypefun + +@subheading gnutls_privkey_generate +@anchor{gnutls_privkey_generate} +@deftypefun {int} {gnutls_privkey_generate} (gnutls_privkey_t @var{pkey}, gnutls_pk_algorithm_t @var{algo}, unsigned int @var{bits}, unsigned int @var{flags}) +@var{pkey}: An initialized private key + +@var{algo}: is one of the algorithms in @code{gnutls_pk_algorithm_t} . + +@var{bits}: the size of the parameters to generate + +@var{flags}: Must be zero or flags from @code{gnutls_privkey_flags_t} . + +This function will generate a random private key. Note that this +function must be called on an initialized private key. + +The flag @code{GNUTLS_PRIVKEY_FLAG_PROVABLE} +instructs the key generation process to use algorithms like Shawe-Taylor +(from FIPS PUB186-4) which generate provable parameters out of a seed +for RSA and DSA keys. See @code{gnutls_privkey_generate2()} for more +information. + +Note that when generating an elliptic curve key, the curve +can be substituted in the place of the bits parameter using the +@code{GNUTLS_CURVE_TO_BITS()} macro. The input to the macro is any curve from +@code{gnutls_ecc_curve_t} . + +For DSA keys, if the subgroup size needs to be specified check +the @code{GNUTLS_SUBGROUP_TO_BITS()} macro. + +It is recommended to do not set the number of @code{bits} directly, use @code{gnutls_sec_param_to_pk_bits()} instead . + +See also @code{gnutls_privkey_generate2()} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.3.0 +@end deftypefun + +@subheading gnutls_privkey_generate2 +@anchor{gnutls_privkey_generate2} +@deftypefun {int} {gnutls_privkey_generate2} (gnutls_privkey_t @var{pkey}, gnutls_pk_algorithm_t @var{algo}, unsigned int @var{bits}, unsigned int @var{flags}, const gnutls_keygen_data_st * @var{data}, unsigned @var{data_size}) +@var{pkey}: The private key + +@var{algo}: is one of the algorithms in @code{gnutls_pk_algorithm_t} . + +@var{bits}: the size of the modulus + +@var{flags}: Must be zero or flags from @code{gnutls_privkey_flags_t} . + +@var{data}: Allow specifying @code{gnutls_keygen_data_st} types such as the seed to be used. + +@var{data_size}: The number of @code{data} available. + +This function will generate a random private key. Note that this +function must be called on an initialized private key. + +The flag @code{GNUTLS_PRIVKEY_FLAG_PROVABLE} +instructs the key generation process to use algorithms like Shawe-Taylor +(from FIPS PUB186-4) which generate provable parameters out of a seed +for RSA and DSA keys. On DSA keys the PQG parameters are generated using the +seed, while on RSA the two primes. To specify an explicit seed +(by default a random seed is used), use the @code{data} with a @code{GNUTLS_KEYGEN_SEED} +type. + +Note that when generating an elliptic curve key, the curve +can be substituted in the place of the bits parameter using the +@code{GNUTLS_CURVE_TO_BITS()} macro. + +To export the generated keys in memory or in files it is recommended to use the +PKCS@code{8} form as it can handle all key types, and can store additional parameters +such as the seed, in case of provable RSA or DSA keys. +Generated keys can be exported in memory using @code{gnutls_privkey_export_x509()} , +and then with @code{gnutls_x509_privkey_export2_pkcs8()} . + +If key generation is part of your application, avoid setting the number +of bits directly, and instead use @code{gnutls_sec_param_to_pk_bits()} . +That way the generated keys will adapt to the security levels +of the underlying GnuTLS library. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.5.0 +@end deftypefun + +@subheading gnutls_privkey_get_pk_algorithm +@anchor{gnutls_privkey_get_pk_algorithm} +@deftypefun {int} {gnutls_privkey_get_pk_algorithm} (gnutls_privkey_t @var{key}, unsigned int * @var{bits}) +@var{key}: should contain a @code{gnutls_privkey_t} type + +@var{bits}: If set will return the number of bits of the parameters (may be NULL) + +This function will return the public key algorithm of a private +key and if possible will return a number of bits that indicates +the security parameter of the key. + +@strong{Returns:} a member of the @code{gnutls_pk_algorithm_t} enumeration on +success, or a negative error code on error. + +@strong{Since:} 2.12.0 +@end deftypefun + +@subheading gnutls_privkey_get_seed +@anchor{gnutls_privkey_get_seed} +@deftypefun {int} {gnutls_privkey_get_seed} (gnutls_privkey_t @var{key}, gnutls_digest_algorithm_t * @var{digest}, void * @var{seed}, size_t * @var{seed_size}) +@var{key}: should contain a @code{gnutls_privkey_t} type + +@var{digest}: if non-NULL it will contain the digest algorithm used for key generation (if applicable) + +@var{seed}: where seed will be copied to + +@var{seed_size}: originally holds the size of @code{seed} , will be updated with actual size + +This function will return the seed that was used to generate the +given private key. That function will succeed only if the key was generated +as a provable key. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.5.0 +@end deftypefun + +@subheading gnutls_privkey_get_spki +@anchor{gnutls_privkey_get_spki} +@deftypefun {int} {gnutls_privkey_get_spki} (gnutls_privkey_t @var{privkey}, gnutls_x509_spki_t @var{spki}, unsigned int @var{flags}) +@var{privkey}: a public key of type @code{gnutls_privkey_t} + +@var{spki}: a SubjectPublicKeyInfo structure of type @code{gnutls_privkey_spki_t} + +@var{flags}: must be zero + +This function will return the public key information if available. +The provided @code{spki} must be initialized. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.6.0 +@end deftypefun + +@subheading gnutls_privkey_get_type +@anchor{gnutls_privkey_get_type} +@deftypefun {gnutls_privkey_type_t} {gnutls_privkey_get_type} (gnutls_privkey_t @var{key}) +@var{key}: should contain a @code{gnutls_privkey_t} type + +This function will return the type of the private key. This is +actually the type of the subsystem used to set this private key. + +@strong{Returns:} a member of the @code{gnutls_privkey_type_t} enumeration on +success, or a negative error code on error. + +@strong{Since:} 2.12.0 +@end deftypefun + +@subheading gnutls_privkey_import_dsa_raw +@anchor{gnutls_privkey_import_dsa_raw} +@deftypefun {int} {gnutls_privkey_import_dsa_raw} (gnutls_privkey_t @var{key}, const gnutls_datum_t * @var{p}, const gnutls_datum_t * @var{q}, const gnutls_datum_t * @var{g}, const gnutls_datum_t * @var{y}, const gnutls_datum_t * @var{x}) +@var{key}: The structure to store the parsed key + +@var{p}: holds the p + +@var{q}: holds the q + +@var{g}: holds the g + +@var{y}: holds the y + +@var{x}: holds the x + +This function will convert the given DSA raw parameters to the +native @code{gnutls_privkey_t} format. The output will be stored +in @code{key} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun + +@subheading gnutls_privkey_import_ecc_raw +@anchor{gnutls_privkey_import_ecc_raw} +@deftypefun {int} {gnutls_privkey_import_ecc_raw} (gnutls_privkey_t @var{key}, gnutls_ecc_curve_t @var{curve}, const gnutls_datum_t * @var{x}, const gnutls_datum_t * @var{y}, const gnutls_datum_t * @var{k}) +@var{key}: The key + +@var{curve}: holds the curve + +@var{x}: holds the x-coordinate + +@var{y}: holds the y-coordinate + +@var{k}: holds the k (private key) + +This function will convert the given elliptic curve parameters to the +native @code{gnutls_privkey_t} format. The output will be stored +in @code{key} . + +In EdDSA curves the @code{y} parameter should be @code{NULL} and the @code{x} and @code{k} parameters +must be in the native format for the curve. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.0 +@end deftypefun + +@subheading gnutls_privkey_import_ext +@anchor{gnutls_privkey_import_ext} +@deftypefun {int} {gnutls_privkey_import_ext} (gnutls_privkey_t @var{pkey}, gnutls_pk_algorithm_t @var{pk}, void * @var{userdata}, gnutls_privkey_sign_func @var{sign_func}, gnutls_privkey_decrypt_func @var{decrypt_func}, unsigned int @var{flags}) +@var{pkey}: The private key + +@var{pk}: The public key algorithm + +@var{userdata}: private data to be provided to the callbacks + +@var{sign_func}: callback for signature operations + +@var{decrypt_func}: callback for decryption operations + +@var{flags}: Flags for the import + +This function will associate the given callbacks with the +@code{gnutls_privkey_t} type. At least one of the two callbacks +must be non-null. + +Note that the signing function is supposed to "raw" sign data, i.e., +without any hashing or preprocessing. In case of RSA the DigestInfo +will be provided, and the signing function is expected to do the PKCS @code{1} +1.5 padding and the exponentiation. + +See also @code{gnutls_privkey_import_ext3()} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.0 +@end deftypefun + +@subheading gnutls_privkey_import_ext2 +@anchor{gnutls_privkey_import_ext2} +@deftypefun {int} {gnutls_privkey_import_ext2} (gnutls_privkey_t @var{pkey}, gnutls_pk_algorithm_t @var{pk}, void * @var{userdata}, gnutls_privkey_sign_func @var{sign_fn}, gnutls_privkey_decrypt_func @var{decrypt_fn}, gnutls_privkey_deinit_func @var{deinit_fn}, unsigned int @var{flags}) +@var{pkey}: The private key + +@var{pk}: The public key algorithm + +@var{userdata}: private data to be provided to the callbacks + +@var{sign_fn}: callback for signature operations + +@var{decrypt_fn}: callback for decryption operations + +@var{deinit_fn}: a deinitialization function + +@var{flags}: Flags for the import + +This function will associate the given callbacks with the +@code{gnutls_privkey_t} type. At least one of the two callbacks +must be non-null. If a deinitialization function is provided +then flags is assumed to contain @code{GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE} . + +Note that the signing function is supposed to "raw" sign data, i.e., +without any hashing or preprocessing. In case of RSA the DigestInfo +will be provided, and the signing function is expected to do the PKCS @code{1} +1.5 padding and the exponentiation. + +See also @code{gnutls_privkey_import_ext3()} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.1 +@end deftypefun + +@subheading gnutls_privkey_import_ext3 +@anchor{gnutls_privkey_import_ext3} +@deftypefun {int} {gnutls_privkey_import_ext3} (gnutls_privkey_t @var{pkey}, void * @var{userdata}, gnutls_privkey_sign_func @var{sign_fn}, gnutls_privkey_decrypt_func @var{decrypt_fn}, gnutls_privkey_deinit_func @var{deinit_fn}, gnutls_privkey_info_func @var{info_fn}, unsigned int @var{flags}) +@var{pkey}: The private key + +@var{userdata}: private data to be provided to the callbacks + +@var{sign_fn}: callback for signature operations + +@var{decrypt_fn}: callback for decryption operations + +@var{deinit_fn}: a deinitialization function + +@var{info_fn}: returns info about the public key algorithm (should not be @code{NULL} ) + +@var{flags}: Flags for the import + +This function will associate the given callbacks with the +@code{gnutls_privkey_t} type. At least one of the two callbacks +must be non-null. If a deinitialization function is provided +then flags is assumed to contain @code{GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE} . + +Note that the signing function is supposed to "raw" sign data, i.e., +without any hashing or preprocessing. In case of RSA the DigestInfo +will be provided, and the signing function is expected to do the PKCS @code{1} +1.5 padding and the exponentiation. + +The @code{info_fn} must provide information on the algorithms supported by +this private key, and should support the flags @code{GNUTLS_PRIVKEY_INFO_PK_ALGO} and +@code{GNUTLS_PRIVKEY_INFO_SIGN_ALGO} . It must return -1 on unknown flags. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.4.0 +@end deftypefun + +@subheading gnutls_privkey_import_ext4 +@anchor{gnutls_privkey_import_ext4} +@deftypefun {int} {gnutls_privkey_import_ext4} (gnutls_privkey_t @var{pkey}, void * @var{userdata}, gnutls_privkey_sign_data_func @var{sign_data_fn}, gnutls_privkey_sign_hash_func @var{sign_hash_fn}, gnutls_privkey_decrypt_func @var{decrypt_fn}, gnutls_privkey_deinit_func @var{deinit_fn}, gnutls_privkey_info_func @var{info_fn}, unsigned int @var{flags}) +@var{pkey}: The private key + +@var{userdata}: private data to be provided to the callbacks + +@var{sign_data_fn}: callback for signature operations (may be @code{NULL} ) + +@var{sign_hash_fn}: callback for signature operations (may be @code{NULL} ) + +@var{decrypt_fn}: callback for decryption operations (may be @code{NULL} ) + +@var{deinit_fn}: a deinitialization function + +@var{info_fn}: returns info about the public key algorithm (should not be @code{NULL} ) + +@var{flags}: Flags for the import + +This function will associate the given callbacks with the +@code{gnutls_privkey_t} type. At least one of the callbacks +must be non-null. If a deinitialization function is provided +then flags is assumed to contain @code{GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE} . + +Note that in contrast with the signing function of +@code{gnutls_privkey_import_ext3()} , the signing functions provided to this +function take explicitly the signature algorithm as parameter and +different functions are provided to sign the data and hashes. + +The @code{sign_hash_fn} is to be called to sign pre-hashed data. The input +to the callback is the output of the hash (such as SHA256) corresponding +to the signature algorithm. For RSA PKCS@code{1} signatures, the signature +algorithm can be set to @code{GNUTLS_SIGN_RSA_RAW} , and in that case the data +should be handled as if they were an RSA PKCS@code{1} DigestInfo structure. + +The @code{sign_data_fn} is to be called to sign data. The input data will be +he data to be signed (and hashed), with the provided signature +algorithm. This function is to be used for signature algorithms like +Ed25519 which cannot take pre-hashed data as input. + +When both @code{sign_data_fn} and @code{sign_hash_fn} functions are provided they +must be able to operate on all the supported signature algorithms, +unless prohibited by the type of the algorithm (e.g., as with Ed25519). + +The @code{info_fn} must provide information on the signature algorithms supported by +this private key, and should support the flags @code{GNUTLS_PRIVKEY_INFO_PK_ALGO} , +@code{GNUTLS_PRIVKEY_INFO_HAVE_SIGN_ALGO} and @code{GNUTLS_PRIVKEY_INFO_PK_ALGO_BITS} . +It must return -1 on unknown flags. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.6.0 +@end deftypefun + +@subheading gnutls_privkey_import_gost_raw +@anchor{gnutls_privkey_import_gost_raw} +@deftypefun {int} {gnutls_privkey_import_gost_raw} (gnutls_privkey_t @var{key}, gnutls_ecc_curve_t @var{curve}, gnutls_digest_algorithm_t @var{digest}, gnutls_gost_paramset_t @var{paramset}, const gnutls_datum_t * @var{x}, const gnutls_datum_t * @var{y}, const gnutls_datum_t * @var{k}) +@var{key}: The key + +@var{curve}: holds the curve + +@var{digest}: holds the digest + +@var{paramset}: holds the GOST parameter set ID + +@var{x}: holds the x-coordinate + +@var{y}: holds the y-coordinate + +@var{k}: holds the k (private key) + +This function will convert the given GOST private key's parameters to the +native @code{gnutls_privkey_t} format. The output will be stored +in @code{key} . @code{digest} should be one of GNUTLS_DIG_GOSR_94, +GNUTLS_DIG_STREEBOG_256 or GNUTLS_DIG_STREEBOG_512. If @code{paramset} is set to +GNUTLS_GOST_PARAMSET_UNKNOWN default one will be selected depending on + @code{digest} . + +@strong{Note:} parameters should be stored with least significant byte first. On +version 3.6.3 big-endian format was used incorrectly. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.6.3 +@end deftypefun + +@subheading gnutls_privkey_import_openpgp +@anchor{gnutls_privkey_import_openpgp} +@deftypefun {int} {gnutls_privkey_import_openpgp} (gnutls_privkey_t @var{pkey}, gnutls_openpgp_privkey_t @var{key}, unsigned int @var{flags}) +@var{pkey}: The private key + +@var{key}: The private key to be imported + +@var{flags}: Flags for the import + +This function is no-op. + +@strong{Returns:} @code{GNUTLS_E_UNIMPLEMENTED_FEATURE} . + +@strong{Since:} 2.12.0 +@end deftypefun + +@subheading gnutls_privkey_import_openpgp_raw +@anchor{gnutls_privkey_import_openpgp_raw} +@deftypefun {int} {gnutls_privkey_import_openpgp_raw} (gnutls_privkey_t @var{pkey}, const gnutls_datum_t * @var{data}, gnutls_openpgp_crt_fmt_t @var{format}, const gnutls_openpgp_keyid_t @var{keyid}, const char * @var{password}) +@var{pkey}: The private key + +@var{data}: The private key data to be imported + +@var{format}: The format of the private key + +@var{keyid}: The key id to use (optional) + +@var{password}: A password (optional) + +This function is no-op. + +@strong{Returns:} @code{GNUTLS_E_UNIMPLEMENTED_FEATURE} . + +@strong{Since:} 3.1.0 +@end deftypefun + +@subheading gnutls_privkey_import_pkcs11 +@anchor{gnutls_privkey_import_pkcs11} +@deftypefun {int} {gnutls_privkey_import_pkcs11} (gnutls_privkey_t @var{pkey}, gnutls_pkcs11_privkey_t @var{key}, unsigned int @var{flags}) +@var{pkey}: The private key + +@var{key}: The private key to be imported + +@var{flags}: Flags for the import + +This function will import the given private key to the abstract +@code{gnutls_privkey_t} type. + +The @code{gnutls_pkcs11_privkey_t} object must not be deallocated +during the lifetime of this structure. + + @code{flags} might be zero or one of @code{GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE} +and @code{GNUTLS_PRIVKEY_IMPORT_COPY} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 2.12.0 +@end deftypefun + +@subheading gnutls_privkey_import_pkcs11_url +@anchor{gnutls_privkey_import_pkcs11_url} +@deftypefun {int} {gnutls_privkey_import_pkcs11_url} (gnutls_privkey_t @var{key}, const char * @var{url}) +@var{key}: A key of type @code{gnutls_pubkey_t} + +@var{url}: A PKCS 11 url + +This function will import a PKCS 11 private key to a @code{gnutls_private_key_t} +type. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.1.0 +@end deftypefun + +@subheading gnutls_privkey_import_rsa_raw +@anchor{gnutls_privkey_import_rsa_raw} +@deftypefun {int} {gnutls_privkey_import_rsa_raw} (gnutls_privkey_t @var{key}, const gnutls_datum_t * @var{m}, const gnutls_datum_t * @var{e}, const gnutls_datum_t * @var{d}, const gnutls_datum_t * @var{p}, const gnutls_datum_t * @var{q}, const gnutls_datum_t * @var{u}, const gnutls_datum_t * @var{e1}, const gnutls_datum_t * @var{e2}) +@var{key}: The structure to store the parsed key + +@var{m}: holds the modulus + +@var{e}: holds the public exponent + +@var{d}: holds the private exponent + +@var{p}: holds the first prime (p) + +@var{q}: holds the second prime (q) + +@var{u}: holds the coefficient (optional) + +@var{e1}: holds e1 = d mod (p-1) (optional) + +@var{e2}: holds e2 = d mod (q-1) (optional) + +This function will convert the given RSA raw parameters to the +native @code{gnutls_privkey_t} format. The output will be stored in + @code{key} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun + +@subheading gnutls_privkey_import_tpm_raw +@anchor{gnutls_privkey_import_tpm_raw} +@deftypefun {int} {gnutls_privkey_import_tpm_raw} (gnutls_privkey_t @var{pkey}, const gnutls_datum_t * @var{fdata}, gnutls_tpmkey_fmt_t @var{format}, const char * @var{srk_password}, const char * @var{key_password}, unsigned int @var{flags}) +@var{pkey}: The private key + +@var{fdata}: The TPM key to be imported + +@var{format}: The format of the private key + +@var{srk_password}: The password for the SRK key (optional) + +@var{key_password}: A password for the key (optional) + +@var{flags}: should be zero + +This function will import the given private key to the abstract +@code{gnutls_privkey_t} type. + +With respect to passwords the same as in @code{gnutls_privkey_import_tpm_url()} apply. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.1.0 +@end deftypefun + +@subheading gnutls_privkey_import_tpm_url +@anchor{gnutls_privkey_import_tpm_url} +@deftypefun {int} {gnutls_privkey_import_tpm_url} (gnutls_privkey_t @var{pkey}, const char * @var{url}, const char * @var{srk_password}, const char * @var{key_password}, unsigned int @var{flags}) +@var{pkey}: The private key + +@var{url}: The URL of the TPM key to be imported + +@var{srk_password}: The password for the SRK key (optional) + +@var{key_password}: A password for the key (optional) + +@var{flags}: One of the GNUTLS_PRIVKEY_* flags + +This function will import the given private key to the abstract +@code{gnutls_privkey_t} type. + +Note that unless @code{GNUTLS_PRIVKEY_DISABLE_CALLBACKS} +is specified, if incorrect (or NULL) passwords are given +the PKCS11 callback functions will be used to obtain the +correct passwords. Otherwise if the SRK password is wrong +@code{GNUTLS_E_TPM_SRK_PASSWORD_ERROR} is returned and if the key password +is wrong or not provided then @code{GNUTLS_E_TPM_KEY_PASSWORD_ERROR} +is returned. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.1.0 +@end deftypefun + +@subheading gnutls_privkey_import_url +@anchor{gnutls_privkey_import_url} +@deftypefun {int} {gnutls_privkey_import_url} (gnutls_privkey_t @var{key}, const char * @var{url}, unsigned int @var{flags}) +@var{key}: A key of type @code{gnutls_privkey_t} + +@var{url}: A PKCS 11 url + +@var{flags}: should be zero + +This function will import a PKCS11 or TPM URL as a +private key. The supported URL types can be checked +using @code{gnutls_url_is_supported()} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.1.0 +@end deftypefun + +@subheading gnutls_privkey_import_x509 +@anchor{gnutls_privkey_import_x509} +@deftypefun {int} {gnutls_privkey_import_x509} (gnutls_privkey_t @var{pkey}, gnutls_x509_privkey_t @var{key}, unsigned int @var{flags}) +@var{pkey}: The private key + +@var{key}: The private key to be imported + +@var{flags}: Flags for the import + +This function will import the given private key to the abstract +@code{gnutls_privkey_t} type. + +The @code{gnutls_x509_privkey_t} object must not be deallocated +during the lifetime of this structure. + + @code{flags} might be zero or one of @code{GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE} +and @code{GNUTLS_PRIVKEY_IMPORT_COPY} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 2.12.0 +@end deftypefun + +@subheading gnutls_privkey_import_x509_raw +@anchor{gnutls_privkey_import_x509_raw} +@deftypefun {int} {gnutls_privkey_import_x509_raw} (gnutls_privkey_t @var{pkey}, const gnutls_datum_t * @var{data}, gnutls_x509_crt_fmt_t @var{format}, const char * @var{password}, unsigned int @var{flags}) +@var{pkey}: The private key + +@var{data}: The private key data to be imported + +@var{format}: The format of the private key + +@var{password}: A password (optional) + +@var{flags}: an ORed sequence of gnutls_pkcs_encrypt_flags_t + +This function will import the given private key to the abstract +@code{gnutls_privkey_t} type. + +The supported formats are basic unencrypted key, PKCS8, PKCS12, +and the openssl format. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.1.0 +@end deftypefun + +@subheading gnutls_privkey_init +@anchor{gnutls_privkey_init} +@deftypefun {int} {gnutls_privkey_init} (gnutls_privkey_t * @var{key}) +@var{key}: A pointer to the type to be initialized + +This function will initialize a private key object. The object can +be used to generate, import, and perform cryptographic operations +on the associated private key. + +Note that when the underlying private key is a PKCS@code{11} key (i.e., +when imported with a PKCS@code{11} URI), the limitations of @code{gnutls_pkcs11_privkey_init()} +apply to this object as well. In versions of GnuTLS later than 3.5.11 the object +is protected using locks and a single @code{gnutls_privkey_t} can be re-used +by many threads. However, for performance it is recommended to utilize +one object per key per thread. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 2.12.0 +@end deftypefun + +@subheading gnutls_privkey_set_flags +@anchor{gnutls_privkey_set_flags} +@deftypefun {void} {gnutls_privkey_set_flags} (gnutls_privkey_t @var{key}, unsigned int @var{flags}) +@var{key}: A key of type @code{gnutls_privkey_t} + +@var{flags}: flags from the @code{gnutls_privkey_flags} + +This function will set flags for the specified private key, after +it is generated. Currently this is useful for the @code{GNUTLS_PRIVKEY_FLAG_EXPORT_COMPAT} +to allow exporting a "provable" private key in backwards compatible way. + +@strong{Since:} 3.5.0 +@end deftypefun + +@subheading gnutls_privkey_set_pin_function +@anchor{gnutls_privkey_set_pin_function} +@deftypefun {void} {gnutls_privkey_set_pin_function} (gnutls_privkey_t @var{key}, gnutls_pin_callback_t @var{fn}, void * @var{userdata}) +@var{key}: A key of type @code{gnutls_privkey_t} + +@var{fn}: the callback + +@var{userdata}: data associated with the callback + +This function will set a callback function to be used when +required to access the object. This function overrides any other +global PIN functions. + +Note that this function must be called right after initialization +to have effect. + +@strong{Since:} 3.1.0 +@end deftypefun + +@subheading gnutls_privkey_set_spki +@anchor{gnutls_privkey_set_spki} +@deftypefun {int} {gnutls_privkey_set_spki} (gnutls_privkey_t @var{privkey}, const gnutls_x509_spki_t @var{spki}, unsigned int @var{flags}) +@var{privkey}: a public key of type @code{gnutls_privkey_t} + +@var{spki}: a SubjectPublicKeyInfo structure of type @code{gnutls_privkey_spki_t} + +@var{flags}: must be zero + +This function will set the public key information. +The provided @code{spki} must be initialized. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.6.0 +@end deftypefun + +@subheading gnutls_privkey_sign_data +@anchor{gnutls_privkey_sign_data} +@deftypefun {int} {gnutls_privkey_sign_data} (gnutls_privkey_t @var{signer}, gnutls_digest_algorithm_t @var{hash}, unsigned int @var{flags}, const gnutls_datum_t * @var{data}, gnutls_datum_t * @var{signature}) +@var{signer}: Holds the key + +@var{hash}: should be a digest algorithm + +@var{flags}: Zero or one of @code{gnutls_privkey_flags_t} + +@var{data}: holds the data to be signed + +@var{signature}: will contain the signature allocated with @code{gnutls_malloc()} + +This function will sign the given data using a signature algorithm +supported by the private key. Signature algorithms are always used +together with a hash functions. Different hash functions may be +used for the RSA algorithm, but only the SHA family for the DSA keys. + +You may use @code{gnutls_pubkey_get_preferred_hash_algorithm()} to determine +the hash algorithm. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 2.12.0 +@end deftypefun + +@subheading gnutls_privkey_sign_data2 +@anchor{gnutls_privkey_sign_data2} +@deftypefun {int} {gnutls_privkey_sign_data2} (gnutls_privkey_t @var{signer}, gnutls_sign_algorithm_t @var{algo}, unsigned int @var{flags}, const gnutls_datum_t * @var{data}, gnutls_datum_t * @var{signature}) +@var{signer}: Holds the key + +@var{algo}: The signature algorithm used + +@var{flags}: Zero or one of @code{gnutls_privkey_flags_t} + +@var{data}: holds the data to be signed + +@var{signature}: will contain the signature allocated with @code{gnutls_malloc()} + +This function will sign the given data using the specified signature +algorithm. This function is an enhancement of @code{gnutls_privkey_sign_data()} , +as it allows utilizing a alternative signature algorithm where possible +(e.g, use an RSA key with RSA-PSS). + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.6.0 +@end deftypefun + +@subheading gnutls_privkey_sign_hash +@anchor{gnutls_privkey_sign_hash} +@deftypefun {int} {gnutls_privkey_sign_hash} (gnutls_privkey_t @var{signer}, gnutls_digest_algorithm_t @var{hash_algo}, unsigned int @var{flags}, const gnutls_datum_t * @var{hash_data}, gnutls_datum_t * @var{signature}) +@var{signer}: Holds the signer's key + +@var{hash_algo}: The hash algorithm used + +@var{flags}: Zero or one of @code{gnutls_privkey_flags_t} + +@var{hash_data}: holds the data to be signed + +@var{signature}: will contain newly allocated signature + +This function will sign the given hashed data using a signature algorithm +supported by the private key. Signature algorithms are always used +together with a hash functions. Different hash functions may be +used for the RSA algorithm, but only SHA-XXX for the DSA keys. + +You may use @code{gnutls_pubkey_get_preferred_hash_algorithm()} to determine +the hash algorithm. + +The flags may be @code{GNUTLS_PRIVKEY_SIGN_FLAG_TLS1_RSA} or @code{GNUTLS_PRIVKEY_SIGN_FLAG_RSA_PSS} . +In the former case this function will ignore @code{hash_algo} and perform a raw PKCS1 signature, +and in the latter an RSA-PSS signature will be generated. + +Note that, not all algorithm support signing already hashed data. When +signing with Ed25519, @code{gnutls_privkey_sign_data()} should be used. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 2.12.0 +@end deftypefun + +@subheading gnutls_privkey_sign_hash2 +@anchor{gnutls_privkey_sign_hash2} +@deftypefun {int} {gnutls_privkey_sign_hash2} (gnutls_privkey_t @var{signer}, gnutls_sign_algorithm_t @var{algo}, unsigned int @var{flags}, const gnutls_datum_t * @var{hash_data}, gnutls_datum_t * @var{signature}) +@var{signer}: Holds the signer's key + +@var{algo}: The signature algorithm used + +@var{flags}: Zero or one of @code{gnutls_privkey_flags_t} + +@var{hash_data}: holds the data to be signed + +@var{signature}: will contain newly allocated signature + +This function will sign the given hashed data using a signature algorithm +supported by the private key. Signature algorithms are always used +together with a hash functions. Different hash functions may be +used for the RSA algorithm, but only SHA-XXX for the DSA keys. + +You may use @code{gnutls_pubkey_get_preferred_hash_algorithm()} to determine +the hash algorithm. + +The flags may be @code{GNUTLS_PRIVKEY_SIGN_FLAG_TLS1_RSA} or @code{GNUTLS_PRIVKEY_SIGN_FLAG_RSA_PSS} . +In the former case this function will ignore @code{hash_algo} and perform a raw PKCS1 signature, +and in the latter an RSA-PSS signature will be generated. + +Note that, not all algorithm support signing already hashed data. When +signing with Ed25519, @code{gnutls_privkey_sign_data()} should be used. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.6.0 +@end deftypefun + +@subheading gnutls_privkey_status +@anchor{gnutls_privkey_status} +@deftypefun {int} {gnutls_privkey_status} (gnutls_privkey_t @var{key}) +@var{key}: Holds the key + +Checks the status of the private key token. This function +is an actual wrapper over @code{gnutls_pkcs11_privkey_status()} , and +if the private key is a PKCS @code{11} token it will check whether +it is inserted or not. + +@strong{Returns:} this function will return non-zero if the token +holding the private key is still available (inserted), and zero otherwise. + +@strong{Since:} 3.1.10 +@end deftypefun + +@subheading gnutls_privkey_verify_params +@anchor{gnutls_privkey_verify_params} +@deftypefun {int} {gnutls_privkey_verify_params} (gnutls_privkey_t @var{key}) +@var{key}: should contain a @code{gnutls_privkey_t} type + +This function will verify the private key parameters. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.3.0 +@end deftypefun + +@subheading gnutls_privkey_verify_seed +@anchor{gnutls_privkey_verify_seed} +@deftypefun {int} {gnutls_privkey_verify_seed} (gnutls_privkey_t @var{key}, gnutls_digest_algorithm_t @var{digest}, const void * @var{seed}, size_t @var{seed_size}) +@var{key}: should contain a @code{gnutls_privkey_t} type + +@var{digest}: it contains the digest algorithm used for key generation (if applicable) + +@var{seed}: the seed of the key to be checked with + +@var{seed_size}: holds the size of @code{seed} + +This function will verify that the given private key was generated from +the provided seed. + +@strong{Returns:} In case of a verification failure @code{GNUTLS_E_PRIVKEY_VERIFICATION_ERROR} +is returned, and zero or positive code on success. + +@strong{Since:} 3.5.0 +@end deftypefun + +@subheading gnutls_pubkey_deinit +@anchor{gnutls_pubkey_deinit} +@deftypefun {void} {gnutls_pubkey_deinit} (gnutls_pubkey_t @var{key}) +@var{key}: The key to be deinitialized + +This function will deinitialize a public key structure. + +@strong{Since:} 2.12.0 +@end deftypefun + +@subheading gnutls_pubkey_encrypt_data +@anchor{gnutls_pubkey_encrypt_data} +@deftypefun {int} {gnutls_pubkey_encrypt_data} (gnutls_pubkey_t @var{key}, unsigned int @var{flags}, const gnutls_datum_t * @var{plaintext}, gnutls_datum_t * @var{ciphertext}) +@var{key}: Holds the public key + +@var{flags}: should be 0 for now + +@var{plaintext}: The data to be encrypted + +@var{ciphertext}: contains the encrypted data + +This function will encrypt the given data, using the public +key. On success the @code{ciphertext} will be allocated using @code{gnutls_malloc()} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.0 +@end deftypefun + +@subheading gnutls_pubkey_export +@anchor{gnutls_pubkey_export} +@deftypefun {int} {gnutls_pubkey_export} (gnutls_pubkey_t @var{key}, gnutls_x509_crt_fmt_t @var{format}, void * @var{output_data}, size_t * @var{output_data_size}) +@var{key}: Holds the certificate + +@var{format}: the format of output params. One of PEM or DER. + +@var{output_data}: will contain a certificate PEM or DER encoded + +@var{output_data_size}: holds the size of output_data (and will be +replaced by the actual size of parameters) + +This function will export the public key to DER or PEM format. +The contents of the exported data is the SubjectPublicKeyInfo +X.509 structure. + +If the buffer provided is not long enough to hold the output, then +*output_data_size is updated and @code{GNUTLS_E_SHORT_MEMORY_BUFFER} will +be returned. + +If the structure is PEM encoded, it will have a header +of "BEGIN CERTIFICATE". + +@strong{Returns:} In case of failure a negative error code will be +returned, and 0 on success. + +@strong{Since:} 2.12.0 +@end deftypefun + +@subheading gnutls_pubkey_export2 +@anchor{gnutls_pubkey_export2} +@deftypefun {int} {gnutls_pubkey_export2} (gnutls_pubkey_t @var{key}, gnutls_x509_crt_fmt_t @var{format}, gnutls_datum_t * @var{out}) +@var{key}: Holds the certificate + +@var{format}: the format of output params. One of PEM or DER. + +@var{out}: will contain a certificate PEM or DER encoded + +This function will export the public key to DER or PEM format. +The contents of the exported data is the SubjectPublicKeyInfo +X.509 structure. + +The output buffer will be allocated using @code{gnutls_malloc()} . + +If the structure is PEM encoded, it will have a header +of "BEGIN CERTIFICATE". + +@strong{Returns:} In case of failure a negative error code will be +returned, and 0 on success. + +@strong{Since:} 3.1.3 +@end deftypefun + +@subheading gnutls_pubkey_export_dsa_raw +@anchor{gnutls_pubkey_export_dsa_raw} +@deftypefun {int} {gnutls_pubkey_export_dsa_raw} (gnutls_pubkey_t @var{key}, gnutls_datum_t * @var{p}, gnutls_datum_t * @var{q}, gnutls_datum_t * @var{g}, gnutls_datum_t * @var{y}) +@var{key}: Holds the public key + +@var{p}: will hold the p (may be @code{NULL} ) + +@var{q}: will hold the q (may be @code{NULL} ) + +@var{g}: will hold the g (may be @code{NULL} ) + +@var{y}: will hold the y (may be @code{NULL} ) + +This function will export the DSA public key's parameters found in +the given certificate. The new parameters will be allocated using +@code{gnutls_malloc()} and will be stored in the appropriate datum. + +This function allows for @code{NULL} parameters since 3.4.1. + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, otherwise a negative error code. + +@strong{Since:} 3.3.0 +@end deftypefun + +@subheading gnutls_pubkey_export_dsa_raw2 +@anchor{gnutls_pubkey_export_dsa_raw2} +@deftypefun {int} {gnutls_pubkey_export_dsa_raw2} (gnutls_pubkey_t @var{key}, gnutls_datum_t * @var{p}, gnutls_datum_t * @var{q}, gnutls_datum_t * @var{g}, gnutls_datum_t * @var{y}, unsigned @var{flags}) +@var{key}: Holds the public key + +@var{p}: will hold the p (may be @code{NULL} ) + +@var{q}: will hold the q (may be @code{NULL} ) + +@var{g}: will hold the g (may be @code{NULL} ) + +@var{y}: will hold the y (may be @code{NULL} ) + +@var{flags}: flags from @code{gnutls_abstract_export_flags_t} + +This function will export the DSA public key's parameters found in +the given certificate. The new parameters will be allocated using +@code{gnutls_malloc()} and will be stored in the appropriate datum. + +This function allows for @code{NULL} parameters since 3.4.1. + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, otherwise a negative error code. + +@strong{Since:} 3.6.0 +@end deftypefun + +@subheading gnutls_pubkey_export_ecc_raw +@anchor{gnutls_pubkey_export_ecc_raw} +@deftypefun {int} {gnutls_pubkey_export_ecc_raw} (gnutls_pubkey_t @var{key}, gnutls_ecc_curve_t * @var{curve}, gnutls_datum_t * @var{x}, gnutls_datum_t * @var{y}) +@var{key}: Holds the public key + +@var{curve}: will hold the curve (may be @code{NULL} ) + +@var{x}: will hold x-coordinate (may be @code{NULL} ) + +@var{y}: will hold y-coordinate (may be @code{NULL} ) + +This function will export the ECC public key's parameters found in +the given key. The new parameters will be allocated using +@code{gnutls_malloc()} and will be stored in the appropriate datum. + +In EdDSA curves the @code{y} parameter will be @code{NULL} and the other parameters +will be in the native format for the curve. + +This function allows for @code{NULL} parameters since 3.4.1. + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, otherwise a negative error code. + +@strong{Since:} 3.0 +@end deftypefun + +@subheading gnutls_pubkey_export_ecc_raw2 +@anchor{gnutls_pubkey_export_ecc_raw2} +@deftypefun {int} {gnutls_pubkey_export_ecc_raw2} (gnutls_pubkey_t @var{key}, gnutls_ecc_curve_t * @var{curve}, gnutls_datum_t * @var{x}, gnutls_datum_t * @var{y}, unsigned int @var{flags}) +@var{key}: Holds the public key + +@var{curve}: will hold the curve (may be @code{NULL} ) + +@var{x}: will hold x-coordinate (may be @code{NULL} ) + +@var{y}: will hold y-coordinate (may be @code{NULL} ) + +@var{flags}: flags from @code{gnutls_abstract_export_flags_t} + +This function will export the ECC public key's parameters found in +the given key. The new parameters will be allocated using +@code{gnutls_malloc()} and will be stored in the appropriate datum. + +In EdDSA curves the @code{y} parameter will be @code{NULL} and the other parameters +will be in the native format for the curve. + +This function allows for @code{NULL} parameters since 3.4.1. + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, otherwise a negative error code. + +@strong{Since:} 3.6.0 +@end deftypefun + +@subheading gnutls_pubkey_export_ecc_x962 +@anchor{gnutls_pubkey_export_ecc_x962} +@deftypefun {int} {gnutls_pubkey_export_ecc_x962} (gnutls_pubkey_t @var{key}, gnutls_datum_t * @var{parameters}, gnutls_datum_t * @var{ecpoint}) +@var{key}: Holds the public key + +@var{parameters}: DER encoding of an ANSI X9.62 parameters + +@var{ecpoint}: DER encoding of ANSI X9.62 ECPoint + +This function will export the ECC public key's parameters found in +the given certificate. The new parameters will be allocated using +@code{gnutls_malloc()} and will be stored in the appropriate datum. + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, otherwise a negative error code. + +@strong{Since:} 3.3.0 +@end deftypefun + +@subheading gnutls_pubkey_export_gost_raw2 +@anchor{gnutls_pubkey_export_gost_raw2} +@deftypefun {int} {gnutls_pubkey_export_gost_raw2} (gnutls_pubkey_t @var{key}, gnutls_ecc_curve_t * @var{curve}, gnutls_digest_algorithm_t * @var{digest}, gnutls_gost_paramset_t * @var{paramset}, gnutls_datum_t * @var{x}, gnutls_datum_t * @var{y}, unsigned int @var{flags}) +@var{key}: Holds the public key + +@var{curve}: will hold the curve (may be @code{NULL} ) + +@var{digest}: will hold the curve (may be @code{NULL} ) + +@var{paramset}: will hold the parameters id (may be @code{NULL} ) + +@var{x}: will hold the x-coordinate (may be @code{NULL} ) + +@var{y}: will hold the y-coordinate (may be @code{NULL} ) + +@var{flags}: flags from @code{gnutls_abstract_export_flags_t} + +This function will export the GOST public key's parameters found in +the given key. The new parameters will be allocated using +@code{gnutls_malloc()} and will be stored in the appropriate datum. + +@strong{Note:} parameters will be stored with least significant byte first. On +version 3.6.3 this was incorrectly returned in big-endian format. + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, otherwise a negative error code. + +@strong{Since:} 3.6.3 +@end deftypefun + +@subheading gnutls_pubkey_export_rsa_raw +@anchor{gnutls_pubkey_export_rsa_raw} +@deftypefun {int} {gnutls_pubkey_export_rsa_raw} (gnutls_pubkey_t @var{key}, gnutls_datum_t * @var{m}, gnutls_datum_t * @var{e}) +@var{key}: Holds the certificate + +@var{m}: will hold the modulus (may be @code{NULL} ) + +@var{e}: will hold the public exponent (may be @code{NULL} ) + +This function will export the RSA public key's parameters found in +the given structure. The new parameters will be allocated using +@code{gnutls_malloc()} and will be stored in the appropriate datum. + +This function allows for @code{NULL} parameters since 3.4.1. + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, otherwise a negative error code. + +@strong{Since:} 3.3.0 +@end deftypefun + +@subheading gnutls_pubkey_export_rsa_raw2 +@anchor{gnutls_pubkey_export_rsa_raw2} +@deftypefun {int} {gnutls_pubkey_export_rsa_raw2} (gnutls_pubkey_t @var{key}, gnutls_datum_t * @var{m}, gnutls_datum_t * @var{e}, unsigned @var{flags}) +@var{key}: Holds the certificate + +@var{m}: will hold the modulus (may be @code{NULL} ) + +@var{e}: will hold the public exponent (may be @code{NULL} ) + +@var{flags}: flags from @code{gnutls_abstract_export_flags_t} + +This function will export the RSA public key's parameters found in +the given structure. The new parameters will be allocated using +@code{gnutls_malloc()} and will be stored in the appropriate datum. + +This function allows for @code{NULL} parameters since 3.4.1. + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, otherwise a negative error code. + +@strong{Since:} 3.6.0 +@end deftypefun + +@subheading gnutls_pubkey_get_key_id +@anchor{gnutls_pubkey_get_key_id} +@deftypefun {int} {gnutls_pubkey_get_key_id} (gnutls_pubkey_t @var{key}, unsigned int @var{flags}, unsigned char * @var{output_data}, size_t * @var{output_data_size}) +@var{key}: Holds the public key + +@var{flags}: should be one of the flags from @code{gnutls_keyid_flags_t} + +@var{output_data}: will contain the key ID + +@var{output_data_size}: holds the size of output_data (and will be +replaced by the actual size of parameters) + +This function will return a unique ID that depends on the public +key parameters. This ID can be used in checking whether a +certificate corresponds to the given public key. + +If the buffer provided is not long enough to hold the output, then +*output_data_size is updated and @code{GNUTLS_E_SHORT_MEMORY_BUFFER} will +be returned. The output will normally be a SHA-1 hash output, +which is 20 bytes. + +@strong{Returns:} In case of failure a negative error code will be +returned, and 0 on success. + +@strong{Since:} 2.12.0 +@end deftypefun + +@subheading gnutls_pubkey_get_key_usage +@anchor{gnutls_pubkey_get_key_usage} +@deftypefun {int} {gnutls_pubkey_get_key_usage} (gnutls_pubkey_t @var{key}, unsigned int * @var{usage}) +@var{key}: should contain a @code{gnutls_pubkey_t} type + +@var{usage}: If set will return the number of bits of the parameters (may be NULL) + +This function will return the key usage of the public key. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 2.12.0 +@end deftypefun + +@subheading gnutls_pubkey_get_openpgp_key_id +@anchor{gnutls_pubkey_get_openpgp_key_id} +@deftypefun {int} {gnutls_pubkey_get_openpgp_key_id} (gnutls_pubkey_t @var{key}, unsigned int @var{flags}, unsigned char * @var{output_data}, size_t * @var{output_data_size}, unsigned int * @var{subkey}) +@var{key}: Holds the public key + +@var{flags}: should be one of the flags from @code{gnutls_keyid_flags_t} + +@var{output_data}: will contain the key ID + +@var{output_data_size}: holds the size of output_data (and will be +replaced by the actual size of parameters) + +@var{subkey}: ignored + +This function is no-op. + +@strong{Returns:} @code{GNUTLS_E_UNIMPLEMENTED_FEATURE} . + +@strong{Since:} 2.12.0 +@end deftypefun + +@subheading gnutls_pubkey_get_pk_algorithm +@anchor{gnutls_pubkey_get_pk_algorithm} +@deftypefun {int} {gnutls_pubkey_get_pk_algorithm} (gnutls_pubkey_t @var{key}, unsigned int * @var{bits}) +@var{key}: should contain a @code{gnutls_pubkey_t} type + +@var{bits}: If set will return the number of bits of the parameters (may be NULL) + +This function will return the public key algorithm of a public +key and if possible will return a number of bits that indicates +the security parameter of the key. + +@strong{Returns:} a member of the @code{gnutls_pk_algorithm_t} enumeration on +success, or a negative error code on error. + +@strong{Since:} 2.12.0 +@end deftypefun + +@subheading gnutls_pubkey_get_preferred_hash_algorithm +@anchor{gnutls_pubkey_get_preferred_hash_algorithm} +@deftypefun {int} {gnutls_pubkey_get_preferred_hash_algorithm} (gnutls_pubkey_t @var{key}, gnutls_digest_algorithm_t * @var{hash}, unsigned int * @var{mand}) +@var{key}: Holds the certificate + +@var{hash}: The result of the call with the hash algorithm used for signature + +@var{mand}: If non zero it means that the algorithm MUST use this hash. May be NULL. + +This function will read the certificate and return the appropriate digest +algorithm to use for signing with this certificate. Some certificates (i.e. +DSA might not be able to sign without the preferred algorithm). + +To get the signature algorithm instead of just the hash use @code{gnutls_pk_to_sign()} +with the algorithm of the certificate/key and the provided @code{hash} . + +@strong{Returns:} the 0 if the hash algorithm is found. A negative error code is +returned on error. + +@strong{Since:} 2.12.0 +@end deftypefun + +@subheading gnutls_pubkey_get_spki +@anchor{gnutls_pubkey_get_spki} +@deftypefun {int} {gnutls_pubkey_get_spki} (gnutls_pubkey_t @var{pubkey}, gnutls_x509_spki_t @var{spki}, unsigned int @var{flags}) +@var{pubkey}: a public key of type @code{gnutls_pubkey_t} + +@var{spki}: a SubjectPublicKeyInfo structure of type @code{gnutls_pubkey_spki_t} + +@var{flags}: must be zero + +This function will return the public key information if available. +The provided @code{spki} must be initialized. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.6.0 +@end deftypefun + +@subheading gnutls_pubkey_import +@anchor{gnutls_pubkey_import} +@deftypefun {int} {gnutls_pubkey_import} (gnutls_pubkey_t @var{key}, const gnutls_datum_t * @var{data}, gnutls_x509_crt_fmt_t @var{format}) +@var{key}: The public key. + +@var{data}: The DER or PEM encoded certificate. + +@var{format}: One of DER or PEM + +This function will import the provided public key in +a SubjectPublicKeyInfo X.509 structure to a native +@code{gnutls_pubkey_t} type. The output will be stored +in @code{key} . If the public key is PEM encoded it should have a header +of "PUBLIC KEY". + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 2.12.0 +@end deftypefun + +@subheading gnutls_pubkey_import_dsa_raw +@anchor{gnutls_pubkey_import_dsa_raw} +@deftypefun {int} {gnutls_pubkey_import_dsa_raw} (gnutls_pubkey_t @var{key}, const gnutls_datum_t * @var{p}, const gnutls_datum_t * @var{q}, const gnutls_datum_t * @var{g}, const gnutls_datum_t * @var{y}) +@var{key}: The structure to store the parsed key + +@var{p}: holds the p + +@var{q}: holds the q + +@var{g}: holds the g + +@var{y}: holds the y + +This function will convert the given DSA raw parameters to the +native @code{gnutls_pubkey_t} format. The output will be stored +in @code{key} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 2.12.0 +@end deftypefun + +@subheading gnutls_pubkey_import_ecc_raw +@anchor{gnutls_pubkey_import_ecc_raw} +@deftypefun {int} {gnutls_pubkey_import_ecc_raw} (gnutls_pubkey_t @var{key}, gnutls_ecc_curve_t @var{curve}, const gnutls_datum_t * @var{x}, const gnutls_datum_t * @var{y}) +@var{key}: The structure to store the parsed key + +@var{curve}: holds the curve + +@var{x}: holds the x-coordinate + +@var{y}: holds the y-coordinate + +This function will convert the given elliptic curve parameters to a +@code{gnutls_pubkey_t} . The output will be stored in @code{key} . + +In EdDSA curves the @code{y} parameter should be @code{NULL} and the @code{x} parameter must +be the value in the native format for the curve. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.0 +@end deftypefun + +@subheading gnutls_pubkey_import_ecc_x962 +@anchor{gnutls_pubkey_import_ecc_x962} +@deftypefun {int} {gnutls_pubkey_import_ecc_x962} (gnutls_pubkey_t @var{key}, const gnutls_datum_t * @var{parameters}, const gnutls_datum_t * @var{ecpoint}) +@var{key}: The structure to store the parsed key + +@var{parameters}: DER encoding of an ANSI X9.62 parameters + +@var{ecpoint}: DER encoding of ANSI X9.62 ECPoint + +This function will convert the given elliptic curve parameters to a +@code{gnutls_pubkey_t} . The output will be stored in @code{key} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.0 +@end deftypefun + +@subheading gnutls_pubkey_import_gost_raw +@anchor{gnutls_pubkey_import_gost_raw} +@deftypefun {int} {gnutls_pubkey_import_gost_raw} (gnutls_pubkey_t @var{key}, gnutls_ecc_curve_t @var{curve}, gnutls_digest_algorithm_t @var{digest}, gnutls_gost_paramset_t @var{paramset}, const gnutls_datum_t * @var{x}, const gnutls_datum_t * @var{y}) +@var{key}: The structure to store the parsed key + +@var{curve}: holds the curve + +@var{digest}: holds the digest + +@var{paramset}: holds the parameters id + +@var{x}: holds the x-coordinate + +@var{y}: holds the y-coordinate + +This function will convert the given GOST public key's parameters to a +@code{gnutls_pubkey_t} . The output will be stored in @code{key} . @code{digest} should be +one of GNUTLS_DIG_GOSR_94, GNUTLS_DIG_STREEBOG_256 or +GNUTLS_DIG_STREEBOG_512. If @code{paramset} is set to GNUTLS_GOST_PARAMSET_UNKNOWN +default one will be selected depending on @code{digest} . + +@strong{Note:} parameters should be stored with least significant byte first. On +version 3.6.3 big-endian format was used incorrectly. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.6.3 +@end deftypefun + +@subheading gnutls_pubkey_import_openpgp +@anchor{gnutls_pubkey_import_openpgp} +@deftypefun {int} {gnutls_pubkey_import_openpgp} (gnutls_pubkey_t @var{key}, gnutls_openpgp_crt_t @var{crt}, unsigned int @var{flags}) +@var{key}: The public key + +@var{crt}: The certificate to be imported + +@var{flags}: should be zero + +This function is no-op. + +@strong{Returns:} @code{GNUTLS_E_UNIMPLEMENTED_FEATURE} . + +@strong{Since:} 2.12.0 +@end deftypefun + +@subheading gnutls_pubkey_import_openpgp_raw +@anchor{gnutls_pubkey_import_openpgp_raw} +@deftypefun {int} {gnutls_pubkey_import_openpgp_raw} (gnutls_pubkey_t @var{pkey}, const gnutls_datum_t * @var{data}, gnutls_openpgp_crt_fmt_t @var{format}, const gnutls_openpgp_keyid_t @var{keyid}, unsigned int @var{flags}) +@var{pkey}: The public key + +@var{data}: The public key data to be imported + +@var{format}: The format of the public key + +@var{keyid}: The key id to use (optional) + +@var{flags}: Should be zero + +This function is no-op. + +@strong{Returns:} @code{GNUTLS_E_UNIMPLEMENTED_FEATURE} . + +@strong{Since:} 3.1.3 +@end deftypefun + +@subheading gnutls_pubkey_import_pkcs11 +@anchor{gnutls_pubkey_import_pkcs11} +@deftypefun {int} {gnutls_pubkey_import_pkcs11} (gnutls_pubkey_t @var{key}, gnutls_pkcs11_obj_t @var{obj}, unsigned int @var{flags}) +@var{key}: The public key + +@var{obj}: The parameters to be imported + +@var{flags}: should be zero + +Imports a public key from a pkcs11 key. This function will import +the given public key to the abstract @code{gnutls_pubkey_t} type. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 2.12.0 +@end deftypefun + +@subheading gnutls_pubkey_import_privkey +@anchor{gnutls_pubkey_import_privkey} +@deftypefun {int} {gnutls_pubkey_import_privkey} (gnutls_pubkey_t @var{key}, gnutls_privkey_t @var{pkey}, unsigned int @var{usage}, unsigned int @var{flags}) +@var{key}: The public key + +@var{pkey}: The private key + +@var{usage}: GNUTLS_KEY_* key usage flags. + +@var{flags}: should be zero + +Imports the public key from a private. This function will import +the given public key to the abstract @code{gnutls_pubkey_t} type. + +Note that in certain keys this operation may not be possible, e.g., +in other than RSA PKCS@code{11} keys. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 2.12.0 +@end deftypefun + +@subheading gnutls_pubkey_import_rsa_raw +@anchor{gnutls_pubkey_import_rsa_raw} +@deftypefun {int} {gnutls_pubkey_import_rsa_raw} (gnutls_pubkey_t @var{key}, const gnutls_datum_t * @var{m}, const gnutls_datum_t * @var{e}) +@var{key}: The key + +@var{m}: holds the modulus + +@var{e}: holds the public exponent + +This function will replace the parameters in the given structure. +The new parameters should be stored in the appropriate +gnutls_datum. + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, or an negative error code. + +@strong{Since:} 2.12.0 +@end deftypefun + +@subheading gnutls_pubkey_import_tpm_raw +@anchor{gnutls_pubkey_import_tpm_raw} +@deftypefun {int} {gnutls_pubkey_import_tpm_raw} (gnutls_pubkey_t @var{pkey}, const gnutls_datum_t * @var{fdata}, gnutls_tpmkey_fmt_t @var{format}, const char * @var{srk_password}, unsigned int @var{flags}) +@var{pkey}: The public key + +@var{fdata}: The TPM key to be imported + +@var{format}: The format of the private key + +@var{srk_password}: The password for the SRK key (optional) + +@var{flags}: One of the GNUTLS_PUBKEY_* flags + +This function will import the public key from the provided TPM key +structure. + +With respect to passwords the same as in +@code{gnutls_pubkey_import_tpm_url()} apply. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.1.0 +@end deftypefun + +@subheading gnutls_pubkey_import_tpm_url +@anchor{gnutls_pubkey_import_tpm_url} +@deftypefun {int} {gnutls_pubkey_import_tpm_url} (gnutls_pubkey_t @var{pkey}, const char * @var{url}, const char * @var{srk_password}, unsigned int @var{flags}) +@var{pkey}: The public key + +@var{url}: The URL of the TPM key to be imported + +@var{srk_password}: The password for the SRK key (optional) + +@var{flags}: should be zero + +This function will import the given private key to the abstract +@code{gnutls_privkey_t} type. + +Note that unless @code{GNUTLS_PUBKEY_DISABLE_CALLBACKS} +is specified, if incorrect (or NULL) passwords are given +the PKCS11 callback functions will be used to obtain the +correct passwords. Otherwise if the SRK password is wrong +@code{GNUTLS_E_TPM_SRK_PASSWORD_ERROR} is returned. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.1.0 +@end deftypefun + +@subheading gnutls_pubkey_import_url +@anchor{gnutls_pubkey_import_url} +@deftypefun {int} {gnutls_pubkey_import_url} (gnutls_pubkey_t @var{key}, const char * @var{url}, unsigned int @var{flags}) +@var{key}: A key of type @code{gnutls_pubkey_t} + +@var{url}: A PKCS 11 url + +@var{flags}: One of GNUTLS_PKCS11_OBJ_* flags + +This function will import a public key from the provided URL. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.1.0 +@end deftypefun + +@subheading gnutls_pubkey_import_x509 +@anchor{gnutls_pubkey_import_x509} +@deftypefun {int} {gnutls_pubkey_import_x509} (gnutls_pubkey_t @var{key}, gnutls_x509_crt_t @var{crt}, unsigned int @var{flags}) +@var{key}: The public key + +@var{crt}: The certificate to be imported + +@var{flags}: should be zero + +This function will import the given public key to the abstract +@code{gnutls_pubkey_t} type. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 2.12.0 +@end deftypefun + +@subheading gnutls_pubkey_import_x509_crq +@anchor{gnutls_pubkey_import_x509_crq} +@deftypefun {int} {gnutls_pubkey_import_x509_crq} (gnutls_pubkey_t @var{key}, gnutls_x509_crq_t @var{crq}, unsigned int @var{flags}) +@var{key}: The public key + +@var{crq}: The certificate to be imported + +@var{flags}: should be zero + +This function will import the given public key to the abstract +@code{gnutls_pubkey_t} type. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.1.5 +@end deftypefun + +@subheading gnutls_pubkey_import_x509_raw +@anchor{gnutls_pubkey_import_x509_raw} +@deftypefun {int} {gnutls_pubkey_import_x509_raw} (gnutls_pubkey_t @var{pkey}, const gnutls_datum_t * @var{data}, gnutls_x509_crt_fmt_t @var{format}, unsigned int @var{flags}) +@var{pkey}: The public key + +@var{data}: The public key data to be imported + +@var{format}: The format of the public key + +@var{flags}: should be zero + +This function will import the given public key to the abstract +@code{gnutls_pubkey_t} type. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.1.3 +@end deftypefun + +@subheading gnutls_pubkey_init +@anchor{gnutls_pubkey_init} +@deftypefun {int} {gnutls_pubkey_init} (gnutls_pubkey_t * @var{key}) +@var{key}: A pointer to the type to be initialized + +This function will initialize a public key. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 2.12.0 +@end deftypefun + +@subheading gnutls_pubkey_print +@anchor{gnutls_pubkey_print} +@deftypefun {int} {gnutls_pubkey_print} (gnutls_pubkey_t @var{pubkey}, gnutls_certificate_print_formats_t @var{format}, gnutls_datum_t * @var{out}) +@var{pubkey}: The data to be printed + +@var{format}: Indicate the format to use + +@var{out}: Newly allocated datum with null terminated string. + +This function will pretty print public key information, suitable for +display to a human. + +Only @code{GNUTLS_CRT_PRINT_FULL} and @code{GNUTLS_CRT_PRINT_FULL_NUMBERS} +are implemented. + +The output @code{out} needs to be deallocated using @code{gnutls_free()} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.1.5 +@end deftypefun + +@subheading gnutls_pubkey_set_key_usage +@anchor{gnutls_pubkey_set_key_usage} +@deftypefun {int} {gnutls_pubkey_set_key_usage} (gnutls_pubkey_t @var{key}, unsigned int @var{usage}) +@var{key}: a certificate of type @code{gnutls_x509_crt_t} + +@var{usage}: an ORed sequence of the GNUTLS_KEY_* elements. + +This function will set the key usage flags of the public key. This +is only useful if the key is to be exported to a certificate or +certificate request. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 2.12.0 +@end deftypefun + +@subheading gnutls_pubkey_set_pin_function +@anchor{gnutls_pubkey_set_pin_function} +@deftypefun {void} {gnutls_pubkey_set_pin_function} (gnutls_pubkey_t @var{key}, gnutls_pin_callback_t @var{fn}, void * @var{userdata}) +@var{key}: A key of type @code{gnutls_pubkey_t} + +@var{fn}: the callback + +@var{userdata}: data associated with the callback + +This function will set a callback function to be used when +required to access the object. This function overrides any other +global PIN functions. + +Note that this function must be called right after initialization +to have effect. + +@strong{Since:} 3.1.0 +@end deftypefun + +@subheading gnutls_pubkey_set_spki +@anchor{gnutls_pubkey_set_spki} +@deftypefun {int} {gnutls_pubkey_set_spki} (gnutls_pubkey_t @var{pubkey}, const gnutls_x509_spki_t @var{spki}, unsigned int @var{flags}) +@var{pubkey}: a public key of type @code{gnutls_pubkey_t} + +@var{spki}: a SubjectPublicKeyInfo structure of type @code{gnutls_pubkey_spki_t} + +@var{flags}: must be zero + +This function will set the public key information. +The provided @code{spki} must be initialized. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.6.0 +@end deftypefun + +@subheading gnutls_pubkey_verify_data2 +@anchor{gnutls_pubkey_verify_data2} +@deftypefun {int} {gnutls_pubkey_verify_data2} (gnutls_pubkey_t @var{pubkey}, gnutls_sign_algorithm_t @var{algo}, unsigned int @var{flags}, const gnutls_datum_t * @var{data}, const gnutls_datum_t * @var{signature}) +@var{pubkey}: Holds the public key + +@var{algo}: The signature algorithm used + +@var{flags}: Zero or an OR list of @code{gnutls_certificate_verify_flags} + +@var{data}: holds the signed data + +@var{signature}: contains the signature + +This function will verify the given signed data, using the +parameters from the certificate. + +@strong{Returns:} In case of a verification failure @code{GNUTLS_E_PK_SIG_VERIFY_FAILED} +is returned, and zero or positive code on success. For known to be insecure +signatures this function will return @code{GNUTLS_E_INSUFFICIENT_SECURITY} unless +the flag @code{GNUTLS_VERIFY_ALLOW_BROKEN} is specified. + +@strong{Since:} 3.0 +@end deftypefun + +@subheading gnutls_pubkey_verify_hash2 +@anchor{gnutls_pubkey_verify_hash2} +@deftypefun {int} {gnutls_pubkey_verify_hash2} (gnutls_pubkey_t @var{key}, gnutls_sign_algorithm_t @var{algo}, unsigned int @var{flags}, const gnutls_datum_t * @var{hash}, const gnutls_datum_t * @var{signature}) +@var{key}: Holds the public key + +@var{algo}: The signature algorithm used + +@var{flags}: Zero or an OR list of @code{gnutls_certificate_verify_flags} + +@var{hash}: holds the hash digest to be verified + +@var{signature}: contains the signature + +This function will verify the given signed digest, using the +parameters from the public key. Note that unlike @code{gnutls_privkey_sign_hash()} , +this function accepts a signature algorithm instead of a digest algorithm. +You can use @code{gnutls_pk_to_sign()} to get the appropriate value. + +@strong{Returns:} In case of a verification failure @code{GNUTLS_E_PK_SIG_VERIFY_FAILED} +is returned, and zero or positive code on success. For known to be insecure +signatures this function will return @code{GNUTLS_E_INSUFFICIENT_SECURITY} unless +the flag @code{GNUTLS_VERIFY_ALLOW_BROKEN} is specified. + +@strong{Since:} 3.0 +@end deftypefun + +@subheading gnutls_pubkey_verify_params +@anchor{gnutls_pubkey_verify_params} +@deftypefun {int} {gnutls_pubkey_verify_params} (gnutls_pubkey_t @var{key}) +@var{key}: should contain a @code{gnutls_pubkey_t} type + +This function will verify the public key parameters. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.3.0 +@end deftypefun + +@subheading gnutls_register_custom_url +@anchor{gnutls_register_custom_url} +@deftypefun {int} {gnutls_register_custom_url} (const gnutls_custom_url_st * @var{st}) +@var{st}: A @code{gnutls_custom_url_st} structure + +Register a custom URL. This will affect the following functions: +@code{gnutls_url_is_supported()} , @code{gnutls_privkey_import_url()} , +gnutls_pubkey_import_url, @code{gnutls_x509_crt_import_url()} +and all functions that depend on +them, e.g., @code{gnutls_certificate_set_x509_key_file2()} . + +The provided structure and callback functions must be valid throughout +the lifetime of the process. The registration of an existing URL type +will fail with @code{GNUTLS_E_INVALID_REQUEST} . Since GnuTLS 3.5.0 this function +can be used to override the builtin URLs. + +This function is not thread safe. + +@strong{Returns:} returns zero if the given structure was imported or a negative value otherwise. + +@strong{Since:} 3.4.0 +@end deftypefun + +@subheading gnutls_system_key_add_x509 +@anchor{gnutls_system_key_add_x509} +@deftypefun {int} {gnutls_system_key_add_x509} (gnutls_x509_crt_t @var{crt}, gnutls_x509_privkey_t @var{privkey}, const char * @var{label}, char ** @var{cert_url}, char ** @var{key_url}) +@var{crt}: the certificate to be added + +@var{privkey}: the key to be added + +@var{label}: the friendly name to describe the key + +@var{cert_url}: if non-NULL it will contain an allocated value with the certificate URL + +@var{key_url}: if non-NULL it will contain an allocated value with the key URL + +This function will added the given key and certificate pair, +to the system list. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.4.0 +@end deftypefun + +@subheading gnutls_system_key_delete +@anchor{gnutls_system_key_delete} +@deftypefun {int} {gnutls_system_key_delete} (const char * @var{cert_url}, const char * @var{key_url}) +@var{cert_url}: the URL of the certificate + +@var{key_url}: the URL of the key + +This function will delete the key and certificate pair. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.4.0 +@end deftypefun + +@subheading gnutls_system_key_iter_deinit +@anchor{gnutls_system_key_iter_deinit} +@deftypefun {void} {gnutls_system_key_iter_deinit} (gnutls_system_key_iter_t @var{iter}) +@var{iter}: an iterator of system keys + +This function will deinitialize the iterator. + +@strong{Since:} 3.4.0 +@end deftypefun + +@subheading gnutls_system_key_iter_get_info +@anchor{gnutls_system_key_iter_get_info} +@deftypefun {int} {gnutls_system_key_iter_get_info} (gnutls_system_key_iter_t * @var{iter}, unsigned @var{cert_type}, char ** @var{cert_url}, char ** @var{key_url}, char ** @var{label}, gnutls_datum_t * @var{der}, unsigned int @var{flags}) +@var{iter}: an iterator of the system keys (must be set to @code{NULL} initially) + +@var{cert_type}: A value of gnutls_certificate_type_t which indicates the type of certificate to look for + +@var{cert_url}: The certificate URL of the pair (may be @code{NULL} ) + +@var{key_url}: The key URL of the pair (may be @code{NULL} ) + +@var{label}: The friendly name (if any) of the pair (may be @code{NULL} ) + +@var{der}: if non-NULL the DER data of the certificate + +@var{flags}: should be zero + +This function will return on each call a certificate +and key pair URLs, as well as a label associated with them, +and the DER-encoded certificate. When the iteration is complete it will +return @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} . + +Typically @code{cert_type} should be @code{GNUTLS_CRT_X509} . + +All values set are allocated and must be cleared using @code{gnutls_free()} , + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.4.0 +@end deftypefun + +@subheading gnutls_x509_crl_privkey_sign +@anchor{gnutls_x509_crl_privkey_sign} +@deftypefun {int} {gnutls_x509_crl_privkey_sign} (gnutls_x509_crl_t @var{crl}, gnutls_x509_crt_t @var{issuer}, gnutls_privkey_t @var{issuer_key}, gnutls_digest_algorithm_t @var{dig}, unsigned int @var{flags}) +@var{crl}: should contain a gnutls_x509_crl_t type + +@var{issuer}: is the certificate of the certificate issuer + +@var{issuer_key}: holds the issuer's private key + +@var{dig}: The message digest to use. GNUTLS_DIG_SHA256 is the safe choice unless you know what you're doing. + +@var{flags}: must be 0 + +This function will sign the CRL with the issuer's private key, and +will copy the issuer's information into the CRL. + +This must be the last step in a certificate CRL since all +the previously set parameters are now signed. + +A known limitation of this function is, that a newly-signed CRL will not +be fully functional (e.g., for signature verification), until it +is exported an re-imported. + +After GnuTLS 3.6.1 the value of @code{dig} may be @code{GNUTLS_DIG_UNKNOWN} , +and in that case, a suitable but reasonable for the key algorithm will be selected. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +Since 2.12.0 +@end deftypefun + +@subheading gnutls_x509_crq_privkey_sign +@anchor{gnutls_x509_crq_privkey_sign} +@deftypefun {int} {gnutls_x509_crq_privkey_sign} (gnutls_x509_crq_t @var{crq}, gnutls_privkey_t @var{key}, gnutls_digest_algorithm_t @var{dig}, unsigned int @var{flags}) +@var{crq}: should contain a @code{gnutls_x509_crq_t} type + +@var{key}: holds a private key + +@var{dig}: The message digest to use, i.e., @code{GNUTLS_DIG_SHA1} + +@var{flags}: must be 0 + +This function will sign the certificate request with a private key. +This must be the same key as the one used in +@code{gnutls_x509_crt_set_key()} since a certificate request is self +signed. + +This must be the last step in a certificate request generation +since all the previously set parameters are now signed. + +A known limitation of this function is, that a newly-signed request will not +be fully functional (e.g., for signature verification), until it +is exported an re-imported. + +After GnuTLS 3.6.1 the value of @code{dig} may be @code{GNUTLS_DIG_UNKNOWN} , +and in that case, a suitable but reasonable for the key algorithm will be selected. + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, otherwise a negative error code. +@code{GNUTLS_E_ASN1_VALUE_NOT_FOUND} is returned if you didn't set all +information in the certificate request (e.g., the version using +@code{gnutls_x509_crq_set_version()} ). + +@strong{Since:} 2.12.0 +@end deftypefun + +@subheading gnutls_x509_crq_set_pubkey +@anchor{gnutls_x509_crq_set_pubkey} +@deftypefun {int} {gnutls_x509_crq_set_pubkey} (gnutls_x509_crq_t @var{crq}, gnutls_pubkey_t @var{key}) +@var{crq}: should contain a @code{gnutls_x509_crq_t} type + +@var{key}: holds a public key + +This function will set the public parameters from the given public +key to the request. The @code{key} can be deallocated after that. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 2.12.0 +@end deftypefun + +@subheading gnutls_x509_crt_privkey_sign +@anchor{gnutls_x509_crt_privkey_sign} +@deftypefun {int} {gnutls_x509_crt_privkey_sign} (gnutls_x509_crt_t @var{crt}, gnutls_x509_crt_t @var{issuer}, gnutls_privkey_t @var{issuer_key}, gnutls_digest_algorithm_t @var{dig}, unsigned int @var{flags}) +@var{crt}: a certificate of type @code{gnutls_x509_crt_t} + +@var{issuer}: is the certificate of the certificate issuer + +@var{issuer_key}: holds the issuer's private key + +@var{dig}: The message digest to use, @code{GNUTLS_DIG_SHA256} is a safe choice + +@var{flags}: must be 0 + +This function will sign the certificate with the issuer's private key, and +will copy the issuer's information into the certificate. + +This must be the last step in a certificate generation since all +the previously set parameters are now signed. + +A known limitation of this function is, that a newly-signed certificate will not +be fully functional (e.g., for signature verification), until it +is exported an re-imported. + +After GnuTLS 3.6.1 the value of @code{dig} may be @code{GNUTLS_DIG_UNKNOWN} , +and in that case, a suitable but reasonable for the key algorithm will be selected. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun + +@subheading gnutls_x509_crt_set_pubkey +@anchor{gnutls_x509_crt_set_pubkey} +@deftypefun {int} {gnutls_x509_crt_set_pubkey} (gnutls_x509_crt_t @var{crt}, gnutls_pubkey_t @var{key}) +@var{crt}: should contain a @code{gnutls_x509_crt_t} type + +@var{key}: holds a public key + +This function will set the public parameters from the given public +key to the certificate. The @code{key} can be deallocated after that. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 2.12.0 +@end deftypefun + diff --git a/doc/alert-printlist.c b/doc/alert-printlist.c new file mode 100644 index 0000000..3483766 --- /dev/null +++ b/doc/alert-printlist.c @@ -0,0 +1,122 @@ +/* + * Copyright (C) 2008-2012 Free Software Foundation, Inc. + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * GnuTLS is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + */ + +#include +#include +#include +#include +#include +#include +#include +#include "common.h" + +static void main_texinfo(void); +static void main_latex(void); + +char buffer[1024]; + +int main(int argc, char *argv[]) +{ + if (argc > 1) + main_latex(); + else + main_texinfo(); + + return 0; +} + +static void main_texinfo(void) +{ + { + size_t i; + const char *name; + gnutls_kx_algorithm_t kx; + gnutls_cipher_algorithm_t cipher; + gnutls_mac_algorithm_t mac; + gnutls_protocol_t version; + + printf + ("@multitable @columnfractions .55 .10 .30\n@anchor{tab:alerts}\n"); + printf("@headitem Alert @tab ID @tab Description\n"); + for (i = 0; i < 256; i++) { + if (gnutls_alert_get_strname(i) == NULL) + continue; + printf("@item %s\n@tab %d\n@tab %s\n", + escape_texi_string(gnutls_alert_get_strname + (i), buffer, + sizeof(buffer)), + (unsigned int) i, gnutls_alert_get_name(i)); + } + printf("@end multitable\n"); + + } +} + +static const char headers[] = "\\tablefirsthead{%\n" + "\\hline\n" "Alert & ID & Description\\\\\n" "\\hline}\n" +#if 0 + "\\tablehead{%\n" + "\\hline\n" + "\\multicolumn{3}{|l|}{\\small\\sl continued from previous page}\\\\\n" + "\\hline}\n" + "\\tabletail{%\n" + "\\hline\n" + "\\multicolumn{3}{|r|}{\\small\\sl continued on next page}\\\\\n" + "\\hline}\n" +#endif + "\\tablelasttail{\\hline}\n" + "\\bottomcaption{The TLS alert table}\n\n"; + +static void main_latex(void) +{ + int i, j; + const char *desc; + const char *_name; + + puts(headers); + + printf + ("\\begin{supertabular}{|p{.50\\linewidth}|p{.07\\linewidth}|p{.34\\linewidth}|}\n\\label{tab:alerts}\n"); + + { + size_t i; + const char *name; + gnutls_kx_algorithm_t kx; + gnutls_cipher_algorithm_t cipher; + gnutls_mac_algorithm_t mac; + gnutls_protocol_t version; + + for (i = 0; i < 256; i++) { + if (gnutls_alert_get_strname(i) == NULL) + continue; + printf("{\\small{%s}} & \\code{%d} & %s", + escape_string(gnutls_alert_get_strname(i), + buffer, sizeof(buffer)), + (unsigned int) i, gnutls_alert_get_name(i)); + printf("\\\\\n"); + } + + printf("\\end{supertabular}\n\n"); + + } + + return; + +} diff --git a/doc/alerts.texi b/doc/alerts.texi new file mode 100644 index 0000000..3e6b2ac --- /dev/null +++ b/doc/alerts.texi @@ -0,0 +1,100 @@ +@multitable @columnfractions .55 .10 .30 +@anchor{tab:alerts} +@headitem Alert @tab ID @tab Description +@item GNUTLS_@-A_@-CLOSE_@-NOTIFY +@tab 0 +@tab Close notify +@item GNUTLS_@-A_@-UNEXPECTED_@-MESSAGE +@tab 10 +@tab Unexpected message +@item GNUTLS_@-A_@-BAD_@-RECORD_@-MAC +@tab 20 +@tab Bad record MAC +@item GNUTLS_@-A_@-DECRYPTION_@-FAILED +@tab 21 +@tab Decryption failed +@item GNUTLS_@-A_@-RECORD_@-OVERFLOW +@tab 22 +@tab Record overflow +@item GNUTLS_@-A_@-DECOMPRESSION_@-FAILURE +@tab 30 +@tab Decompression failed +@item GNUTLS_@-A_@-HANDSHAKE_@-FAILURE +@tab 40 +@tab Handshake failed +@item GNUTLS_@-A_@-SSL3_@-NO_@-CERTIFICATE +@tab 41 +@tab No certificate (SSL 3.0) +@item GNUTLS_@-A_@-BAD_@-CERTIFICATE +@tab 42 +@tab Certificate is bad +@item GNUTLS_@-A_@-UNSUPPORTED_@-CERTIFICATE +@tab 43 +@tab Certificate is not supported +@item GNUTLS_@-A_@-CERTIFICATE_@-REVOKED +@tab 44 +@tab Certificate was revoked +@item GNUTLS_@-A_@-CERTIFICATE_@-EXPIRED +@tab 45 +@tab Certificate is expired +@item GNUTLS_@-A_@-CERTIFICATE_@-UNKNOWN +@tab 46 +@tab Unknown certificate +@item GNUTLS_@-A_@-ILLEGAL_@-PARAMETER +@tab 47 +@tab Illegal parameter +@item GNUTLS_@-A_@-UNKNOWN_@-CA +@tab 48 +@tab CA is unknown +@item GNUTLS_@-A_@-ACCESS_@-DENIED +@tab 49 +@tab Access was denied +@item GNUTLS_@-A_@-DECODE_@-ERROR +@tab 50 +@tab Decode error +@item GNUTLS_@-A_@-DECRYPT_@-ERROR +@tab 51 +@tab Decrypt error +@item GNUTLS_@-A_@-EXPORT_@-RESTRICTION +@tab 60 +@tab Export restriction +@item GNUTLS_@-A_@-PROTOCOL_@-VERSION +@tab 70 +@tab Error in protocol version +@item GNUTLS_@-A_@-INSUFFICIENT_@-SECURITY +@tab 71 +@tab Insufficient security +@item GNUTLS_@-A_@-INTERNAL_@-ERROR +@tab 80 +@tab Internal error +@item GNUTLS_@-A_@-INAPPROPRIATE_@-FALLBACK +@tab 86 +@tab Inappropriate fallback +@item GNUTLS_@-A_@-USER_@-CANCELED +@tab 90 +@tab User canceled +@item GNUTLS_@-A_@-NO_@-RENEGOTIATION +@tab 100 +@tab No renegotiation is allowed +@item GNUTLS_@-A_@-MISSING_@-EXTENSION +@tab 109 +@tab An extension was expected but was not seen +@item GNUTLS_@-A_@-UNSUPPORTED_@-EXTENSION +@tab 110 +@tab An unsupported extension was sent +@item GNUTLS_@-A_@-CERTIFICATE_@-UNOBTAINABLE +@tab 111 +@tab Could not retrieve the specified certificate +@item GNUTLS_@-A_@-UNRECOGNIZED_@-NAME +@tab 112 +@tab The server name sent was not recognized +@item GNUTLS_@-A_@-UNKNOWN_@-PSK_@-IDENTITY +@tab 115 +@tab The SRP/PSK username is missing or not known +@item GNUTLS_@-A_@-CERTIFICATE_@-REQUIRED +@tab 116 +@tab Certificate is required +@item GNUTLS_@-A_@-NO_@-APPLICATION_@-PROTOCOL +@tab 120 +@tab No supported application protocol could be negotiated +@end multitable diff --git a/doc/algorithms.texi b/doc/algorithms.texi new file mode 100644 index 0000000..066969a --- /dev/null +++ b/doc/algorithms.texi @@ -0,0 +1,736 @@ +@heading Ciphersuites +@multitable @columnfractions .60 .20 .20 +@headitem Ciphersuite name @tab TLS ID @tab Since +@item TLS_@-AES_@-128_@-GCM_@-SHA256 +@tab 0x13 0x01 +@tab TLS1.3 +@item TLS_@-AES_@-256_@-GCM_@-SHA384 +@tab 0x13 0x02 +@tab TLS1.3 +@item TLS_@-CHACHA20_@-POLY1305_@-SHA256 +@tab 0x13 0x03 +@tab TLS1.3 +@item TLS_@-AES_@-128_@-CCM_@-SHA256 +@tab 0x13 0x04 +@tab TLS1.3 +@item TLS_@-AES_@-128_@-CCM_@-8_@-SHA256 +@tab 0x13 0x05 +@tab TLS1.3 +@item TLS_@-RSA_@-NULL_@-MD5 +@tab 0x00 0x01 +@tab TLS1.0 +@item TLS_@-RSA_@-NULL_@-SHA1 +@tab 0x00 0x02 +@tab TLS1.0 +@item TLS_@-RSA_@-NULL_@-SHA256 +@tab 0x00 0x3B +@tab TLS1.2 +@item TLS_@-RSA_@-ARCFOUR_@-128_@-SHA1 +@tab 0x00 0x05 +@tab TLS1.0 +@item TLS_@-RSA_@-ARCFOUR_@-128_@-MD5 +@tab 0x00 0x04 +@tab TLS1.0 +@item TLS_@-RSA_@-3DES_@-EDE_@-CBC_@-SHA1 +@tab 0x00 0x0A +@tab TLS1.0 +@item TLS_@-RSA_@-AES_@-128_@-CBC_@-SHA1 +@tab 0x00 0x2F +@tab TLS1.0 +@item TLS_@-RSA_@-AES_@-256_@-CBC_@-SHA1 +@tab 0x00 0x35 +@tab TLS1.0 +@item TLS_@-RSA_@-CAMELLIA_@-128_@-CBC_@-SHA256 +@tab 0x00 0xBA +@tab TLS1.2 +@item TLS_@-RSA_@-CAMELLIA_@-256_@-CBC_@-SHA256 +@tab 0x00 0xC0 +@tab TLS1.2 +@item TLS_@-RSA_@-CAMELLIA_@-128_@-CBC_@-SHA1 +@tab 0x00 0x41 +@tab TLS1.0 +@item TLS_@-RSA_@-CAMELLIA_@-256_@-CBC_@-SHA1 +@tab 0x00 0x84 +@tab TLS1.0 +@item TLS_@-RSA_@-AES_@-128_@-CBC_@-SHA256 +@tab 0x00 0x3C +@tab TLS1.2 +@item TLS_@-RSA_@-AES_@-256_@-CBC_@-SHA256 +@tab 0x00 0x3D +@tab TLS1.2 +@item TLS_@-RSA_@-AES_@-128_@-GCM_@-SHA256 +@tab 0x00 0x9C +@tab TLS1.2 +@item TLS_@-RSA_@-AES_@-256_@-GCM_@-SHA384 +@tab 0x00 0x9D +@tab TLS1.2 +@item TLS_@-RSA_@-CAMELLIA_@-128_@-GCM_@-SHA256 +@tab 0xC0 0x7A +@tab TLS1.2 +@item TLS_@-RSA_@-CAMELLIA_@-256_@-GCM_@-SHA384 +@tab 0xC0 0x7B +@tab TLS1.2 +@item TLS_@-RSA_@-AES_@-128_@-CCM +@tab 0xC0 0x9C +@tab TLS1.2 +@item TLS_@-RSA_@-AES_@-256_@-CCM +@tab 0xC0 0x9D +@tab TLS1.2 +@item TLS_@-RSA_@-AES_@-128_@-CCM_@-8 +@tab 0xC0 0xA0 +@tab TLS1.2 +@item TLS_@-RSA_@-AES_@-256_@-CCM_@-8 +@tab 0xC0 0xA1 +@tab TLS1.2 +@item TLS_@-DHE_@-DSS_@-ARCFOUR_@-128_@-SHA1 +@tab 0x00 0x66 +@tab TLS1.0 +@item TLS_@-DHE_@-DSS_@-3DES_@-EDE_@-CBC_@-SHA1 +@tab 0x00 0x13 +@tab TLS1.0 +@item TLS_@-DHE_@-DSS_@-AES_@-128_@-CBC_@-SHA1 +@tab 0x00 0x32 +@tab TLS1.0 +@item TLS_@-DHE_@-DSS_@-AES_@-256_@-CBC_@-SHA1 +@tab 0x00 0x38 +@tab TLS1.0 +@item TLS_@-DHE_@-DSS_@-CAMELLIA_@-128_@-CBC_@-SHA256 +@tab 0x00 0xBD +@tab TLS1.2 +@item TLS_@-DHE_@-DSS_@-CAMELLIA_@-256_@-CBC_@-SHA256 +@tab 0x00 0xC3 +@tab TLS1.2 +@item TLS_@-DHE_@-DSS_@-CAMELLIA_@-128_@-CBC_@-SHA1 +@tab 0x00 0x44 +@tab TLS1.0 +@item TLS_@-DHE_@-DSS_@-CAMELLIA_@-256_@-CBC_@-SHA1 +@tab 0x00 0x87 +@tab TLS1.0 +@item TLS_@-DHE_@-DSS_@-AES_@-128_@-CBC_@-SHA256 +@tab 0x00 0x40 +@tab TLS1.2 +@item TLS_@-DHE_@-DSS_@-AES_@-256_@-CBC_@-SHA256 +@tab 0x00 0x6A +@tab TLS1.2 +@item TLS_@-DHE_@-DSS_@-AES_@-128_@-GCM_@-SHA256 +@tab 0x00 0xA2 +@tab TLS1.2 +@item TLS_@-DHE_@-DSS_@-AES_@-256_@-GCM_@-SHA384 +@tab 0x00 0xA3 +@tab TLS1.2 +@item TLS_@-DHE_@-DSS_@-CAMELLIA_@-128_@-GCM_@-SHA256 +@tab 0xC0 0x80 +@tab TLS1.2 +@item TLS_@-DHE_@-DSS_@-CAMELLIA_@-256_@-GCM_@-SHA384 +@tab 0xC0 0x81 +@tab TLS1.2 +@item TLS_@-DHE_@-RSA_@-3DES_@-EDE_@-CBC_@-SHA1 +@tab 0x00 0x16 +@tab TLS1.0 +@item TLS_@-DHE_@-RSA_@-AES_@-128_@-CBC_@-SHA1 +@tab 0x00 0x33 +@tab TLS1.0 +@item TLS_@-DHE_@-RSA_@-AES_@-256_@-CBC_@-SHA1 +@tab 0x00 0x39 +@tab TLS1.0 +@item TLS_@-DHE_@-RSA_@-CAMELLIA_@-128_@-CBC_@-SHA256 +@tab 0x00 0xBE +@tab TLS1.2 +@item TLS_@-DHE_@-RSA_@-CAMELLIA_@-256_@-CBC_@-SHA256 +@tab 0x00 0xC4 +@tab TLS1.2 +@item TLS_@-DHE_@-RSA_@-CAMELLIA_@-128_@-CBC_@-SHA1 +@tab 0x00 0x45 +@tab TLS1.0 +@item TLS_@-DHE_@-RSA_@-CAMELLIA_@-256_@-CBC_@-SHA1 +@tab 0x00 0x88 +@tab TLS1.0 +@item TLS_@-DHE_@-RSA_@-AES_@-128_@-CBC_@-SHA256 +@tab 0x00 0x67 +@tab TLS1.2 +@item TLS_@-DHE_@-RSA_@-AES_@-256_@-CBC_@-SHA256 +@tab 0x00 0x6B +@tab TLS1.2 +@item TLS_@-DHE_@-RSA_@-AES_@-128_@-GCM_@-SHA256 +@tab 0x00 0x9E +@tab TLS1.2 +@item TLS_@-DHE_@-RSA_@-AES_@-256_@-GCM_@-SHA384 +@tab 0x00 0x9F +@tab TLS1.2 +@item TLS_@-DHE_@-RSA_@-CAMELLIA_@-128_@-GCM_@-SHA256 +@tab 0xC0 0x7C +@tab TLS1.2 +@item TLS_@-DHE_@-RSA_@-CAMELLIA_@-256_@-GCM_@-SHA384 +@tab 0xC0 0x7D +@tab TLS1.2 +@item TLS_@-DHE_@-RSA_@-CHACHA20_@-POLY1305 +@tab 0xCC 0xAA +@tab TLS1.2 +@item TLS_@-DHE_@-RSA_@-AES_@-128_@-CCM +@tab 0xC0 0x9E +@tab TLS1.2 +@item TLS_@-DHE_@-RSA_@-AES_@-256_@-CCM +@tab 0xC0 0x9F +@tab TLS1.2 +@item TLS_@-DHE_@-RSA_@-AES_@-128_@-CCM_@-8 +@tab 0xC0 0xA2 +@tab TLS1.2 +@item TLS_@-DHE_@-RSA_@-AES_@-256_@-CCM_@-8 +@tab 0xC0 0xA3 +@tab TLS1.2 +@item TLS_@-ECDHE_@-RSA_@-NULL_@-SHA1 +@tab 0xC0 0x10 +@tab TLS1.0 +@item TLS_@-ECDHE_@-RSA_@-3DES_@-EDE_@-CBC_@-SHA1 +@tab 0xC0 0x12 +@tab TLS1.0 +@item TLS_@-ECDHE_@-RSA_@-AES_@-128_@-CBC_@-SHA1 +@tab 0xC0 0x13 +@tab TLS1.0 +@item TLS_@-ECDHE_@-RSA_@-AES_@-256_@-CBC_@-SHA1 +@tab 0xC0 0x14 +@tab TLS1.0 +@item TLS_@-ECDHE_@-RSA_@-AES_@-256_@-CBC_@-SHA384 +@tab 0xC0 0x28 +@tab TLS1.2 +@item TLS_@-ECDHE_@-RSA_@-ARCFOUR_@-128_@-SHA1 +@tab 0xC0 0x11 +@tab TLS1.0 +@item TLS_@-ECDHE_@-RSA_@-CAMELLIA_@-128_@-CBC_@-SHA256 +@tab 0xC0 0x76 +@tab TLS1.2 +@item TLS_@-ECDHE_@-RSA_@-CAMELLIA_@-256_@-CBC_@-SHA384 +@tab 0xC0 0x77 +@tab TLS1.2 +@item TLS_@-ECDHE_@-ECDSA_@-NULL_@-SHA1 +@tab 0xC0 0x06 +@tab TLS1.0 +@item TLS_@-ECDHE_@-ECDSA_@-3DES_@-EDE_@-CBC_@-SHA1 +@tab 0xC0 0x08 +@tab TLS1.0 +@item TLS_@-ECDHE_@-ECDSA_@-AES_@-128_@-CBC_@-SHA1 +@tab 0xC0 0x09 +@tab TLS1.0 +@item TLS_@-ECDHE_@-ECDSA_@-AES_@-256_@-CBC_@-SHA1 +@tab 0xC0 0x0A +@tab TLS1.0 +@item TLS_@-ECDHE_@-ECDSA_@-ARCFOUR_@-128_@-SHA1 +@tab 0xC0 0x07 +@tab TLS1.0 +@item TLS_@-ECDHE_@-ECDSA_@-CAMELLIA_@-128_@-CBC_@-SHA256 +@tab 0xC0 0x72 +@tab TLS1.2 +@item TLS_@-ECDHE_@-ECDSA_@-CAMELLIA_@-256_@-CBC_@-SHA384 +@tab 0xC0 0x73 +@tab TLS1.2 +@item TLS_@-ECDHE_@-ECDSA_@-AES_@-128_@-CBC_@-SHA256 +@tab 0xC0 0x23 +@tab TLS1.2 +@item TLS_@-ECDHE_@-RSA_@-AES_@-128_@-CBC_@-SHA256 +@tab 0xC0 0x27 +@tab TLS1.2 +@item TLS_@-ECDHE_@-ECDSA_@-CAMELLIA_@-128_@-GCM_@-SHA256 +@tab 0xC0 0x86 +@tab TLS1.2 +@item TLS_@-ECDHE_@-ECDSA_@-CAMELLIA_@-256_@-GCM_@-SHA384 +@tab 0xC0 0x87 +@tab TLS1.2 +@item TLS_@-ECDHE_@-ECDSA_@-AES_@-128_@-GCM_@-SHA256 +@tab 0xC0 0x2B +@tab TLS1.2 +@item TLS_@-ECDHE_@-ECDSA_@-AES_@-256_@-GCM_@-SHA384 +@tab 0xC0 0x2C +@tab TLS1.2 +@item TLS_@-ECDHE_@-RSA_@-AES_@-128_@-GCM_@-SHA256 +@tab 0xC0 0x2F +@tab TLS1.2 +@item TLS_@-ECDHE_@-RSA_@-AES_@-256_@-GCM_@-SHA384 +@tab 0xC0 0x30 +@tab TLS1.2 +@item TLS_@-ECDHE_@-ECDSA_@-AES_@-256_@-CBC_@-SHA384 +@tab 0xC0 0x24 +@tab TLS1.2 +@item TLS_@-ECDHE_@-RSA_@-CAMELLIA_@-128_@-GCM_@-SHA256 +@tab 0xC0 0x8A +@tab TLS1.2 +@item TLS_@-ECDHE_@-RSA_@-CAMELLIA_@-256_@-GCM_@-SHA384 +@tab 0xC0 0x8B +@tab TLS1.2 +@item TLS_@-ECDHE_@-RSA_@-CHACHA20_@-POLY1305 +@tab 0xCC 0xA8 +@tab TLS1.2 +@item TLS_@-ECDHE_@-ECDSA_@-CHACHA20_@-POLY1305 +@tab 0xCC 0xA9 +@tab TLS1.2 +@item TLS_@-ECDHE_@-ECDSA_@-AES_@-128_@-CCM +@tab 0xC0 0xAC +@tab TLS1.2 +@item TLS_@-ECDHE_@-ECDSA_@-AES_@-256_@-CCM +@tab 0xC0 0xAD +@tab TLS1.2 +@item TLS_@-ECDHE_@-ECDSA_@-AES_@-128_@-CCM_@-8 +@tab 0xC0 0xAE +@tab TLS1.2 +@item TLS_@-ECDHE_@-ECDSA_@-AES_@-256_@-CCM_@-8 +@tab 0xC0 0xAF +@tab TLS1.2 +@item TLS_@-ECDHE_@-PSK_@-3DES_@-EDE_@-CBC_@-SHA1 +@tab 0xC0 0x34 +@tab TLS1.0 +@item TLS_@-ECDHE_@-PSK_@-AES_@-128_@-CBC_@-SHA1 +@tab 0xC0 0x35 +@tab TLS1.0 +@item TLS_@-ECDHE_@-PSK_@-AES_@-256_@-CBC_@-SHA1 +@tab 0xC0 0x36 +@tab TLS1.0 +@item TLS_@-ECDHE_@-PSK_@-AES_@-128_@-CBC_@-SHA256 +@tab 0xC0 0x37 +@tab TLS1.2 +@item TLS_@-ECDHE_@-PSK_@-AES_@-256_@-CBC_@-SHA384 +@tab 0xC0 0x38 +@tab TLS1.2 +@item TLS_@-ECDHE_@-PSK_@-ARCFOUR_@-128_@-SHA1 +@tab 0xC0 0x33 +@tab TLS1.0 +@item TLS_@-ECDHE_@-PSK_@-NULL_@-SHA1 +@tab 0xC0 0x39 +@tab TLS1.0 +@item TLS_@-ECDHE_@-PSK_@-NULL_@-SHA256 +@tab 0xC0 0x3A +@tab TLS1.2 +@item TLS_@-ECDHE_@-PSK_@-NULL_@-SHA384 +@tab 0xC0 0x3B +@tab TLS1.0 +@item TLS_@-ECDHE_@-PSK_@-CAMELLIA_@-128_@-CBC_@-SHA256 +@tab 0xC0 0x9A +@tab TLS1.2 +@item TLS_@-ECDHE_@-PSK_@-CAMELLIA_@-256_@-CBC_@-SHA384 +@tab 0xC0 0x9B +@tab TLS1.2 +@item TLS_@-PSK_@-ARCFOUR_@-128_@-SHA1 +@tab 0x00 0x8A +@tab TLS1.0 +@item TLS_@-PSK_@-3DES_@-EDE_@-CBC_@-SHA1 +@tab 0x00 0x8B +@tab TLS1.0 +@item TLS_@-PSK_@-AES_@-128_@-CBC_@-SHA1 +@tab 0x00 0x8C +@tab TLS1.0 +@item TLS_@-PSK_@-AES_@-256_@-CBC_@-SHA1 +@tab 0x00 0x8D +@tab TLS1.0 +@item TLS_@-PSK_@-AES_@-128_@-CBC_@-SHA256 +@tab 0x00 0xAE +@tab TLS1.2 +@item TLS_@-PSK_@-AES_@-256_@-GCM_@-SHA384 +@tab 0x00 0xA9 +@tab TLS1.2 +@item TLS_@-PSK_@-CAMELLIA_@-128_@-GCM_@-SHA256 +@tab 0xC0 0x8E +@tab TLS1.2 +@item TLS_@-PSK_@-CAMELLIA_@-256_@-GCM_@-SHA384 +@tab 0xC0 0x8F +@tab TLS1.2 +@item TLS_@-PSK_@-AES_@-128_@-GCM_@-SHA256 +@tab 0x00 0xA8 +@tab TLS1.2 +@item TLS_@-PSK_@-NULL_@-SHA1 +@tab 0x00 0x2C +@tab TLS1.0 +@item TLS_@-PSK_@-NULL_@-SHA256 +@tab 0x00 0xB0 +@tab TLS1.2 +@item TLS_@-PSK_@-CAMELLIA_@-128_@-CBC_@-SHA256 +@tab 0xC0 0x94 +@tab TLS1.2 +@item TLS_@-PSK_@-CAMELLIA_@-256_@-CBC_@-SHA384 +@tab 0xC0 0x95 +@tab TLS1.2 +@item TLS_@-PSK_@-AES_@-256_@-CBC_@-SHA384 +@tab 0x00 0xAF +@tab TLS1.2 +@item TLS_@-PSK_@-NULL_@-SHA384 +@tab 0x00 0xB1 +@tab TLS1.2 +@item TLS_@-RSA_@-PSK_@-ARCFOUR_@-128_@-SHA1 +@tab 0x00 0x92 +@tab TLS1.0 +@item TLS_@-RSA_@-PSK_@-3DES_@-EDE_@-CBC_@-SHA1 +@tab 0x00 0x93 +@tab TLS1.0 +@item TLS_@-RSA_@-PSK_@-AES_@-128_@-CBC_@-SHA1 +@tab 0x00 0x94 +@tab TLS1.0 +@item TLS_@-RSA_@-PSK_@-AES_@-256_@-CBC_@-SHA1 +@tab 0x00 0x95 +@tab TLS1.0 +@item TLS_@-RSA_@-PSK_@-CAMELLIA_@-128_@-GCM_@-SHA256 +@tab 0xC0 0x92 +@tab TLS1.2 +@item TLS_@-RSA_@-PSK_@-CAMELLIA_@-256_@-GCM_@-SHA384 +@tab 0xC0 0x93 +@tab TLS1.2 +@item TLS_@-RSA_@-PSK_@-AES_@-128_@-GCM_@-SHA256 +@tab 0x00 0xAC +@tab TLS1.2 +@item TLS_@-RSA_@-PSK_@-AES_@-128_@-CBC_@-SHA256 +@tab 0x00 0xB6 +@tab TLS1.2 +@item TLS_@-RSA_@-PSK_@-NULL_@-SHA1 +@tab 0x00 0x2E +@tab TLS1.0 +@item TLS_@-RSA_@-PSK_@-NULL_@-SHA256 +@tab 0x00 0xB8 +@tab TLS1.2 +@item TLS_@-RSA_@-PSK_@-AES_@-256_@-GCM_@-SHA384 +@tab 0x00 0xAD +@tab TLS1.2 +@item TLS_@-RSA_@-PSK_@-AES_@-256_@-CBC_@-SHA384 +@tab 0x00 0xB7 +@tab TLS1.2 +@item TLS_@-RSA_@-PSK_@-NULL_@-SHA384 +@tab 0x00 0xB9 +@tab TLS1.2 +@item TLS_@-RSA_@-PSK_@-CAMELLIA_@-128_@-CBC_@-SHA256 +@tab 0xC0 0x98 +@tab TLS1.2 +@item TLS_@-RSA_@-PSK_@-CAMELLIA_@-256_@-CBC_@-SHA384 +@tab 0xC0 0x99 +@tab TLS1.2 +@item TLS_@-DHE_@-PSK_@-ARCFOUR_@-128_@-SHA1 +@tab 0x00 0x8E +@tab TLS1.0 +@item TLS_@-DHE_@-PSK_@-3DES_@-EDE_@-CBC_@-SHA1 +@tab 0x00 0x8F +@tab TLS1.0 +@item TLS_@-DHE_@-PSK_@-AES_@-128_@-CBC_@-SHA1 +@tab 0x00 0x90 +@tab TLS1.0 +@item TLS_@-DHE_@-PSK_@-AES_@-256_@-CBC_@-SHA1 +@tab 0x00 0x91 +@tab TLS1.0 +@item TLS_@-DHE_@-PSK_@-AES_@-128_@-CBC_@-SHA256 +@tab 0x00 0xB2 +@tab TLS1.2 +@item TLS_@-DHE_@-PSK_@-AES_@-128_@-GCM_@-SHA256 +@tab 0x00 0xAA +@tab TLS1.2 +@item TLS_@-DHE_@-PSK_@-NULL_@-SHA1 +@tab 0x00 0x2D +@tab TLS1.0 +@item TLS_@-DHE_@-PSK_@-NULL_@-SHA256 +@tab 0x00 0xB4 +@tab TLS1.2 +@item TLS_@-DHE_@-PSK_@-NULL_@-SHA384 +@tab 0x00 0xB5 +@tab TLS1.2 +@item TLS_@-DHE_@-PSK_@-AES_@-256_@-CBC_@-SHA384 +@tab 0x00 0xB3 +@tab TLS1.2 +@item TLS_@-DHE_@-PSK_@-AES_@-256_@-GCM_@-SHA384 +@tab 0x00 0xAB +@tab TLS1.2 +@item TLS_@-DHE_@-PSK_@-CAMELLIA_@-128_@-CBC_@-SHA256 +@tab 0xC0 0x96 +@tab TLS1.2 +@item TLS_@-DHE_@-PSK_@-CAMELLIA_@-256_@-CBC_@-SHA384 +@tab 0xC0 0x97 +@tab TLS1.2 +@item TLS_@-DHE_@-PSK_@-CAMELLIA_@-128_@-GCM_@-SHA256 +@tab 0xC0 0x90 +@tab TLS1.2 +@item TLS_@-DHE_@-PSK_@-CAMELLIA_@-256_@-GCM_@-SHA384 +@tab 0xC0 0x91 +@tab TLS1.2 +@item TLS_@-PSK_@-AES_@-128_@-CCM +@tab 0xC0 0xA4 +@tab TLS1.2 +@item TLS_@-PSK_@-AES_@-256_@-CCM +@tab 0xC0 0xA5 +@tab TLS1.2 +@item TLS_@-DHE_@-PSK_@-AES_@-128_@-CCM +@tab 0xC0 0xA6 +@tab TLS1.2 +@item TLS_@-DHE_@-PSK_@-AES_@-256_@-CCM +@tab 0xC0 0xA7 +@tab TLS1.2 +@item TLS_@-PSK_@-AES_@-128_@-CCM_@-8 +@tab 0xC0 0xA8 +@tab TLS1.2 +@item TLS_@-PSK_@-AES_@-256_@-CCM_@-8 +@tab 0xC0 0xA9 +@tab TLS1.2 +@item TLS_@-DHE_@-PSK_@-AES_@-128_@-CCM_@-8 +@tab 0xC0 0xAA +@tab TLS1.2 +@item TLS_@-DHE_@-PSK_@-AES_@-256_@-CCM_@-8 +@tab 0xC0 0xAB +@tab TLS1.2 +@item TLS_@-DHE_@-PSK_@-CHACHA20_@-POLY1305 +@tab 0xCC 0xAD +@tab TLS1.2 +@item TLS_@-ECDHE_@-PSK_@-CHACHA20_@-POLY1305 +@tab 0xCC 0xAC +@tab TLS1.2 +@item TLS_@-RSA_@-PSK_@-CHACHA20_@-POLY1305 +@tab 0xCC 0xAE +@tab TLS1.2 +@item TLS_@-PSK_@-CHACHA20_@-POLY1305 +@tab 0xCC 0xAB +@tab TLS1.2 +@item TLS_@-DH_@-ANON_@-ARCFOUR_@-128_@-MD5 +@tab 0x00 0x18 +@tab TLS1.0 +@item TLS_@-DH_@-ANON_@-3DES_@-EDE_@-CBC_@-SHA1 +@tab 0x00 0x1B +@tab TLS1.0 +@item TLS_@-DH_@-ANON_@-AES_@-128_@-CBC_@-SHA1 +@tab 0x00 0x34 +@tab TLS1.0 +@item TLS_@-DH_@-ANON_@-AES_@-256_@-CBC_@-SHA1 +@tab 0x00 0x3A +@tab TLS1.0 +@item TLS_@-DH_@-ANON_@-CAMELLIA_@-128_@-CBC_@-SHA256 +@tab 0x00 0xBF +@tab TLS1.2 +@item TLS_@-DH_@-ANON_@-CAMELLIA_@-256_@-CBC_@-SHA256 +@tab 0x00 0xC5 +@tab TLS1.2 +@item TLS_@-DH_@-ANON_@-CAMELLIA_@-128_@-CBC_@-SHA1 +@tab 0x00 0x46 +@tab TLS1.0 +@item TLS_@-DH_@-ANON_@-CAMELLIA_@-256_@-CBC_@-SHA1 +@tab 0x00 0x89 +@tab TLS1.0 +@item TLS_@-DH_@-ANON_@-AES_@-128_@-CBC_@-SHA256 +@tab 0x00 0x6C +@tab TLS1.2 +@item TLS_@-DH_@-ANON_@-AES_@-256_@-CBC_@-SHA256 +@tab 0x00 0x6D +@tab TLS1.2 +@item TLS_@-DH_@-ANON_@-AES_@-128_@-GCM_@-SHA256 +@tab 0x00 0xA6 +@tab TLS1.2 +@item TLS_@-DH_@-ANON_@-AES_@-256_@-GCM_@-SHA384 +@tab 0x00 0xA7 +@tab TLS1.2 +@item TLS_@-DH_@-ANON_@-CAMELLIA_@-128_@-GCM_@-SHA256 +@tab 0xC0 0x84 +@tab TLS1.2 +@item TLS_@-DH_@-ANON_@-CAMELLIA_@-256_@-GCM_@-SHA384 +@tab 0xC0 0x85 +@tab TLS1.2 +@item TLS_@-ECDH_@-ANON_@-NULL_@-SHA1 +@tab 0xC0 0x15 +@tab TLS1.0 +@item TLS_@-ECDH_@-ANON_@-3DES_@-EDE_@-CBC_@-SHA1 +@tab 0xC0 0x17 +@tab TLS1.0 +@item TLS_@-ECDH_@-ANON_@-AES_@-128_@-CBC_@-SHA1 +@tab 0xC0 0x18 +@tab TLS1.0 +@item TLS_@-ECDH_@-ANON_@-AES_@-256_@-CBC_@-SHA1 +@tab 0xC0 0x19 +@tab TLS1.0 +@item TLS_@-ECDH_@-ANON_@-ARCFOUR_@-128_@-SHA1 +@tab 0xC0 0x16 +@tab TLS1.0 +@item TLS_@-SRP_@-SHA_@-3DES_@-EDE_@-CBC_@-SHA1 +@tab 0xC0 0x1A +@tab TLS1.0 +@item TLS_@-SRP_@-SHA_@-AES_@-128_@-CBC_@-SHA1 +@tab 0xC0 0x1D +@tab TLS1.0 +@item TLS_@-SRP_@-SHA_@-AES_@-256_@-CBC_@-SHA1 +@tab 0xC0 0x20 +@tab TLS1.0 +@item TLS_@-SRP_@-SHA_@-DSS_@-3DES_@-EDE_@-CBC_@-SHA1 +@tab 0xC0 0x1C +@tab TLS1.0 +@item TLS_@-SRP_@-SHA_@-RSA_@-3DES_@-EDE_@-CBC_@-SHA1 +@tab 0xC0 0x1B +@tab TLS1.0 +@item TLS_@-SRP_@-SHA_@-DSS_@-AES_@-128_@-CBC_@-SHA1 +@tab 0xC0 0x1F +@tab TLS1.0 +@item TLS_@-SRP_@-SHA_@-RSA_@-AES_@-128_@-CBC_@-SHA1 +@tab 0xC0 0x1E +@tab TLS1.0 +@item TLS_@-SRP_@-SHA_@-DSS_@-AES_@-256_@-CBC_@-SHA1 +@tab 0xC0 0x22 +@tab TLS1.0 +@item TLS_@-SRP_@-SHA_@-RSA_@-AES_@-256_@-CBC_@-SHA1 +@tab 0xC0 0x21 +@tab TLS1.0 +@end multitable + + +@heading Certificate types +@table @code +@item X.509 +@item Raw Public Key +@end table + +@heading Protocols +@table @code +@item SSL3.0 +@item TLS1.0 +@item TLS1.1 +@item TLS1.2 +@item TLS1.3 +@item DTLS0.9 +@item DTLS1.0 +@item DTLS1.2 +@end table + +@heading Ciphers +@table @code +@item AES-256-CBC +@item AES-192-CBC +@item AES-128-CBC +@item AES-128-GCM +@item AES-256-GCM +@item AES-128-CCM +@item AES-256-CCM +@item AES-128-CCM-8 +@item AES-256-CCM-8 +@item ARCFOUR-128 +@item ESTREAM-SALSA20-256 +@item SALSA20-256 +@item CAMELLIA-256-CBC +@item CAMELLIA-192-CBC +@item CAMELLIA-128-CBC +@item CHACHA20-POLY1305 +@item CAMELLIA-128-GCM +@item CAMELLIA-256-GCM +@item GOST28147-TC26Z-CFB +@item GOST28147-CPA-CFB +@item GOST28147-CPB-CFB +@item GOST28147-CPC-CFB +@item GOST28147-CPD-CFB +@item AES-128-CFB8 +@item AES-192-CFB8 +@item AES-256-CFB8 +@item AES-128-XTS +@item AES-256-XTS +@item 3DES-CBC +@item DES-CBC +@item RC2-40 +@item NULL +@end table + +@heading MAC algorithms +@table @code +@item SHA1 +@item SHA256 +@item SHA384 +@item SHA512 +@item SHA224 +@item UMAC-96 +@item UMAC-128 +@item AEAD +@item MD5 +@item GOSTR341194 +@item STREEBOG-256 +@item STREEBOG-512 +@end table + +@heading Key exchange methods +@table @code +@item ECDHE-RSA +@item ECDHE-ECDSA +@item RSA +@item DHE-RSA +@item DHE-DSS +@item PSK +@item RSA-PSK +@item DHE-PSK +@item ECDHE-PSK +@item SRP-DSS +@item SRP-RSA +@item SRP +@item ANON-DH +@item ANON-ECDH +@item RSA-EXPORT +@end table + +@heading Public key algorithms +@table @code +@item RSA +@item RSA-PSS +@item RSA +@item DSA +@item GOST R 34.10-2012-512 +@item GOST R 34.10-2012-256 +@item GOST R 34.10-2001 +@item EC/ECDSA +@item EdDSA (Ed25519) +@item DH +@item ECDH (X25519) +@end table + +@heading Public key signature algorithms +@table @code +@item RSA-SHA256 +@item RSA-SHA384 +@item RSA-SHA512 +@item RSA-PSS-SHA256 +@item RSA-PSS-RSAE-SHA256 +@item RSA-PSS-SHA384 +@item RSA-PSS-RSAE-SHA384 +@item RSA-PSS-SHA512 +@item RSA-PSS-RSAE-SHA512 +@item EdDSA-Ed25519 +@item ECDSA-SHA256 +@item ECDSA-SHA384 +@item ECDSA-SHA512 +@item ECDSA-SECP256R1-SHA256 +@item ECDSA-SECP384R1-SHA384 +@item ECDSA-SECP521R1-SHA512 +@item ECDSA-SHA3-224 +@item ECDSA-SHA3-256 +@item ECDSA-SHA3-384 +@item ECDSA-SHA3-512 +@item RSA-SHA3-224 +@item RSA-SHA3-256 +@item RSA-SHA3-384 +@item RSA-SHA3-512 +@item DSA-SHA3-224 +@item DSA-SHA3-256 +@item DSA-SHA3-384 +@item DSA-SHA3-512 +@item RSA-RAW +@item RSA-SHA1 +@item RSA-SHA1 +@item RSA-SHA224 +@item RSA-RMD160 +@item DSA-SHA1 +@item DSA-SHA1 +@item DSA-SHA224 +@item DSA-SHA256 +@item RSA-MD5 +@item RSA-MD5 +@item RSA-MD2 +@item ECDSA-SHA1 +@item ECDSA-SHA224 +@item GOSTR341012-512 +@item GOSTR341012-256 +@item GOSTR341001 +@item DSA-SHA384 +@item DSA-SHA512 +@end table + +@heading Groups +@table @code +@item SECP192R1 +@item SECP224R1 +@item SECP256R1 +@item SECP384R1 +@item SECP521R1 +@item X25519 +@item FFDHE2048 +@item FFDHE3072 +@item FFDHE4096 +@item FFDHE6144 +@item FFDHE8192 +@end table diff --git a/doc/certtool.cfg b/doc/certtool.cfg new file mode 100644 index 0000000..f3b47d9 --- /dev/null +++ b/doc/certtool.cfg @@ -0,0 +1,196 @@ +# X.509 Certificate options +# +# DN options + +# The organization of the subject. +organization = "Koko inc." + +# The organizational unit of the subject. +unit = "sleeping dept." + +# The locality of the subject. +# locality = + +# The state of the certificate owner. +state = "Attiki" + +# The country of the subject. Two letter code. +country = GR + +# The common name of the certificate owner. +cn = "Cindy Lauper" + +# A user id of the certificate owner. +#uid = "clauper" + +# Set domain components +#dc = "name" +#dc = "domain" + +# If the supported DN OIDs are not adequate you can set +# any OID here. +# For example set the X.520 Title and the X.520 Pseudonym +# by using OID and string pairs. +#dn_oid = 2.5.4.12 Dr. +#dn_oid = 2.5.4.65 jackal + +# This is deprecated and should not be used in new +# certificates. +# pkcs9_email = "none@@none.org" + +# An alternative way to set the certificate's distinguished name directly +# is with the "dn" option. The attribute names allowed are: +# C (country), street, O (organization), OU (unit), title, CN (common name), +# L (locality), ST (state), placeOfBirth, gender, countryOfCitizenship, +# countryOfResidence, serialNumber, telephoneNumber, surName, initials, +# generationQualifier, givenName, pseudonym, dnQualifier, postalCode, name, +# businessCategory, DC, UID, jurisdictionOfIncorporationLocalityName, +# jurisdictionOfIncorporationStateOrProvinceName, +# jurisdictionOfIncorporationCountryName, XmppAddr, and numeric OIDs. + +#dn = "cn = Nikos,st = New\, Something,C=GR,surName=Mavrogiannopoulos,2.5.4.9=Arkadias" + +# The serial number of the certificate +# Comment the field for a time-based serial number. +serial = 007 + +# In how many days, counting from today, this certificate will expire. +# Use -1 if there is no expiration date. +expiration_days = 700 + +# Alternatively you may set concrete dates and time. The GNU date string +# formats are accepted. See: +# https://www.gnu.org/software/tar/manual/html_node/Date-input-formats.html + +#activation_date = "2004-02-29 16:21:42" +#expiration_date = "2025-02-29 16:24:41" + +# X.509 v3 extensions + +# A dnsname in case of a WWW server. +#dns_name = "www.none.org" +#dns_name = "www.morethanone.org" + +# A subject alternative name URI +#uri = "https://www.example.com" + +# An IP address in case of a server. +#ip_address = "192.168.1.1" + +# An email in case of a person +email = "none@@none.org" + +# Challenge password used in certificate requests +challenge_password = 123456 + +# Password when encrypting a private key +#password = secret + +# An URL that has CRLs (certificate revocation lists) +# available. Needed in CA certificates. +#crl_dist_points = "https://www.getcrl.crl/getcrl/" + +# Whether this is a CA certificate or not +#ca + +# for microsoft smart card logon +# key_purpose_oid = 1.3.6.1.4.1.311.20.2.2 + +### Other predefined key purpose OIDs + +# Whether this certificate will be used for a TLS client +#tls_www_client + +# Whether this certificate will be used for a TLS server +#tls_www_server + +# Whether this certificate will be used to sign data (needed +# in TLS DHE ciphersuites). +signing_key + +# Whether this certificate will be used to encrypt data (needed +# in TLS RSA ciphersuites). Note that it is preferred to use different +# keys for encryption and signing. +encryption_key + +# Whether this key will be used to sign other certificates. +#cert_signing_key + +# Whether this key will be used to sign CRLs. +#crl_signing_key + +# Whether this key will be used to sign code. +#code_signing_key + +# Whether this key will be used to sign OCSP data. +#ocsp_signing_key + +# Whether this key will be used for time stamping. +#time_stamping_key + +# Whether this key will be used for IPsec IKE operations. +#ipsec_ike_key + +### end of key purpose OIDs + +# When generating a certificate from a certificate +# request, then honor the extensions stored in the request +# and store them in the real certificate. +#honor_crq_extensions + +# Path length constraint. Sets the maximum number of +# certificates that can be used to certify this certificate. +# (i.e. the certificate chain length) +#path_len = -1 +#path_len = 2 + +# OCSP URI +# ocsp_uri = https://my.ocsp.server/ocsp + +# CA issuers URI +# ca_issuers_uri = https://my.ca.issuer + +# Certificate policies +#policy1 = 1.3.6.1.4.1.5484.1.10.99.1.0 +#policy1_txt = "This is a long policy to summarize" +#policy1_url = https://www.example.com/a-policy-to-read + +#policy2 = 1.3.6.1.4.1.5484.1.10.99.1.1 +#policy2_txt = "This is a short policy" +#policy2_url = https://www.example.com/another-policy-to-read + +# Name constraints + +# DNS +#nc_permit_dns = example.com +#nc_exclude_dns = test.example.com + +# EMAIL +#nc_permit_email = "nmav@@ex.net" + +# Exclude subdomains of example.com +#nc_exclude_email = .example.com + +# Exclude all e-mail addresses of example.com +#nc_exclude_email = example.com + + +# Options for proxy certificates +#proxy_policy_language = 1.3.6.1.5.5.7.21.1 + + +# Options for generating a CRL + +# The number of days the next CRL update will be due. +# next CRL update will be in 43 days +#crl_next_update = 43 + +# this is the 5th CRL by this CA +# Comment the field for a time-based number. +#crl_number = 5 + + +# TLS feature extensions (RFC 7633) + +# If the status_request TLS extension is set, OCSP stapling becomes mandatory +#tls_feature = 5 diff --git a/doc/cha-auth.texi b/doc/cha-auth.texi new file mode 100644 index 0000000..da1a114 --- /dev/null +++ b/doc/cha-auth.texi @@ -0,0 +1,118 @@ +@node Authentication methods +@chapter Authentication methods +@cindex authentication methods + +The initial key exchange of the TLS protocol performs authentication +of the peers. In typical scenarios the server is authenticated to +the client, and optionally the client to the server. + +While many associate TLS with X.509 certificates and public key +authentication, the protocol supports various authentication methods, +including pre-shared keys, and passwords. In this chapter a description +of the existing authentication methods is provided, as well as some +guidance on which use-cases each method can be used at. + +@menu +* Certificate authentication:: +* More on certificate authentication:: +* Shared-key and anonymous authentication:: +* Selecting an appropriate authentication method:: +@end menu + +@include cha-cert-auth.texi + +@include cha-cert-auth2.texi + +@include cha-shared-key.texi + +@node Selecting an appropriate authentication method +@section Selecting an appropriate authentication method + +This section provides some guidance on how to use the available authentication +methods in @acronym{GnuTLS} in various scenarios. + +@subsection Two peers with an out-of-band channel + +Let's consider two peers who need to communicate over an untrusted channel +(the Internet), but have an out-of-band channel available. The latter +channel is considered safe from eavesdropping and message modification and thus +can be used for an initial bootstrapping of the protocol. The options +available are: +@itemize +@item Pre-shared keys (see @ref{PSK authentication}). The server and a +client communicate a shared randomly generated key over the trusted +channel and use it to negotiate further sessions over the untrusted channel. + +@item Passwords (see @ref{SRP authentication}). The client communicates +to the server its username and password of choice and uses it to +negotiate further sessions over the untrusted channel. + +@item Public keys (see @ref{Certificate authentication}). The client +and the server exchange their public keys (or fingerprints of them) +over the trusted channel. +On future sessions over the untrusted channel they verify the key +being the same (similar to @ref{Verifying a certificate using trust on first use +authentication}). +@end itemize + +Provided that the out-of-band channel is trusted all of the above provide +a similar level of protection. An out-of-band channel may be the initial +bootstrapping of a user's PC in a corporate environment, in-person +communication, communication over an alternative network (e.g. the phone +network), etc. + +@subsection Two peers without an out-of-band channel + +When an out-of-band channel is not available a peer cannot be reliably +authenticated. What can be done, however, is to allow some form of +registration of users connecting for the first time and ensure that their +keys remain the same after that initial connection. This is termed +key continuity or trust on first use (TOFU). + +The available option is to use public key authentication (see @ref{Certificate authentication}). +The client and the server store each other's public keys (or fingerprints of them) +and associate them with their identity. +On future sessions over the untrusted channel they verify the keys +being the same (see @ref{Verifying a certificate using trust on first use +authentication}). + +To mitigate the uncertainty of the information exchanged in the first +connection other channels over the Internet may be used, e.g., @acronym{DNSSEC} +(see @ref{Verifying a certificate using DANE}). + +@subsection Two peers and a trusted third party + +When a trusted third party is available (or a certificate authority) +the most suitable option is to use +certificate authentication (see @ref{Certificate authentication}). +The client and the server obtain certificates that associate their identity +and public keys using a digital signature by the trusted party and use +them to on the subsequent communications with each other. +Each party verifies the peer's certificate using the trusted third party's +signature. The parameters of the third party's signature are present +in its certificate which must be available to all communicating parties. + +While the above is the typical authentication method for servers in the +Internet by using the commercial CAs, the users that act as clients in the +protocol rarely possess such certificates. In that case a hybrid method +can be used where the server is authenticated by the client using the +commercial CAs and the client is authenticated based on some information +the client provided over the initial server-authenticated channel. The +available options are: +@itemize +@item Passwords (see @ref{SRP authentication}). The client communicates +to the server its username and password of choice on the initial +server-authenticated connection and uses it to negotiate further sessions. +This is possible because the SRP protocol allows for the server to be +authenticated using a certificate and the client using the +password. + +@item Public keys (see @ref{Certificate authentication}). The client +sends its public key to the server (or a fingerprint of it) over the +initial server-authenticated connection. +On future sessions the client verifies the server using the third party +certificate and the server verifies that the client's public key remained +the same (see @ref{Verifying a certificate using trust on first use +authentication}). +@end itemize + diff --git a/doc/cha-bib.texi b/doc/cha-bib.texi new file mode 100644 index 0000000..4df5e98 --- /dev/null +++ b/doc/cha-bib.texi @@ -0,0 +1,278 @@ +@node Bibliography +@unnumbered Bibliography + +@table @asis + +@item @anchor{CBCATT}[CBCATT] +Bodo Moeller, "Security of CBC Ciphersuites in SSL/TLS: Problems and +Countermeasures", 2002, available from +@url{https://www.openssl.org/~bodo/tls-cbc.txt}. + +@item @anchor{GPGH}[GPGH] +Mike Ashley, "The GNU Privacy Handbook", 2002, available from +@url{https://www.gnupg.org/gph/en/manual.pdf}. + +@item @anchor{GUTPKI}[GUTPKI] +Peter Gutmann, "Everything you never wanted to know about PKI but were +forced to find out", Available from +@url{https://www.cs.auckland.ac.nz/~pgut001/}. + +@item @anchor{PRNGATTACKS}[PRNGATTACKS] +John Kelsey and Bruce Schneier, "Cryptanalytic Attacks on Pseudorandom Number Generators", +Available from @url{https://www.schneier.com/academic/paperfiles/paper-prngs.pdf}. + +@item @anchor{KEYPIN}[KEYPIN] +Chris Evans and Chris Palmer, "Public Key Pinning Extension for HTTP", +Available from @url{https://tools.ietf.org/html/draft-ietf-websec-key-pinning-01}. + +@item @anchor{NISTSP80057}[NISTSP80057] +NIST Special Publication 800-57, "Recommendation for Key Management - +Part 1: General (Revised)", March 2007, available from +@url{https://csrc.nist.gov/publications/nistpubs/800-57/sp800-57-Part1-revised2_Mar08-2007.pdf}. + +@item @anchor{RFC7413}[RFC7413] +Y. Cheng and J. Chu and S. Radhakrishnan and A. Jain, "TCP Fast Open", +December 2014, Available from +@url{https://www.ietf.org/rfc/rfc7413.txt}. + +@item @anchor{RFC7918}[RFC7918] +A. Langley, N. Modadugu, B. Moeller, "Transport Layer Security (TLS) False Start", +August 2016, Available from +@url{https://www.ietf.org/rfc/rfc7918.txt}. + +@item @anchor{RFC6125}[RFC6125] +Peter Saint-Andre and Jeff Hodges, "Representation and Verification of Domain-Based Application Service Identity within Internet Public Key Infrastructure Using X.509 (PKIX) Certificates in the Context of Transport Layer Security (TLS)", +March 2011, Available from +@url{https://www.ietf.org/rfc/rfc6125.txt}. + +@item @anchor{RFC7685}[RFC7685] +Adam Langley, "A Transport Layer Security (TLS) ClientHello Padding Extension", +October 2015, Available from +@url{https://www.ietf.org/rfc/rfc7685.txt}. + +@item @anchor{RFC7613}[RFC7613] +Peter Saint-Andre and Alexey Melnikov, "Preparation, Enforcement, and Comparison of Internationalized Strings Representing Usernames and Passwords", +August 2015, Available from +@url{https://www.ietf.org/rfc/rfc7613.txt}. + +@item @anchor{RFC2246}[RFC2246] +Tim Dierks and Christopher Allen, "The TLS Protocol Version 1.0", +January 1999, Available from +@url{https://www.ietf.org/rfc/rfc2246.txt}. + +@item @anchor{RFC6083}[RFC6083] +M. Tuexen and R. Seggelmann and E. Rescorla, "Datagram Transport Layer Security (DTLS) for Stream Control Transmission Protocol (SCTP)", +January 2011, Available from +@url{https://www.ietf.org/rfc/rfc6083.txt}. + +@item @anchor{RFC4418}[RFC4418] +Ted Krovetz, "UMAC: Message Authentication Code using Universal Hashing", +March 2006, Available from +@url{https://www.ietf.org/rfc/rfc4418.txt}. + +@item @anchor{RFC4680}[RFC4680] +S. Santesson, "TLS Handshake Message for Supplemental Data", +September 2006, Available from +@url{https://www.ietf.org/rfc/rfc4680.txt}. + +@item @anchor{RFC7633}[RFC7633] +P. Hallam-Baker, "X.509v3 Transport Layer Security (TLS) Feature Extension", +October 2015, Available from +@url{https://www.ietf.org/rfc/rfc7633.txt}. + +@item @anchor{RFC7919}[RFC7919] +D. Gillmor, "Negotiated Finite Field Diffie-Hellman Ephemeral Parameters for Transport Layer Security (TLS)", +August 2016, Available from +@url{https://www.ietf.org/rfc/rfc7919.txt}. + +@item @anchor{RFC4514}[RFC4514] +Kurt D. Zeilenga, "Lightweight Directory Access Protocol (LDAP): String Representation of Distinguished Names", +June 2006, Available from +@url{https://www.ietf.org/rfc/rfc4513.txt}. + +@item @anchor{RFC4346}[RFC4346] +Tim Dierks and Eric Rescorla, "The TLS Protocol Version 1.1", Match +2006, Available from @url{https://www.ietf.org/rfc/rfc4346.txt}. + +@item @anchor{RFC4347}[RFC4347] +Eric Rescorla and Nagendra Modadugu, "Datagram Transport Layer Security", April +2006, Available from @url{https://www.ietf.org/rfc/rfc4347.txt}. + +@item @anchor{RFC5246}[RFC5246] +Tim Dierks and Eric Rescorla, "The TLS Protocol Version 1.2", August +2008, Available from @url{https://www.ietf.org/rfc/rfc5246.txt}. + +@item @anchor{RFC2440}[RFC2440] +Jon Callas, Lutz Donnerhacke, Hal Finney and Rodney Thayer, "OpenPGP +Message Format", November 1998, Available from +@url{https://www.ietf.org/rfc/rfc2440.txt}. + +@item @anchor{RFC4880}[RFC4880] +Jon Callas, Lutz Donnerhacke, Hal Finney, David Shaw and Rodney +Thayer, "OpenPGP Message Format", November 2007, Available from +@url{https://www.ietf.org/rfc/rfc4880.txt}. + +@item @anchor{RFC4211}[RFC4211] +J. Schaad, "Internet X.509 Public Key Infrastructure Certificate +Request Message Format (CRMF)", September 2005, Available from +@url{https://www.ietf.org/rfc/rfc4211.txt}. + +@item @anchor{RFC2817}[RFC2817] +Rohit Khare and Scott Lawrence, "Upgrading to TLS Within HTTP/1.1", +May 2000, Available from @url{https://www.ietf.org/rfc/rfc2817.txt} + +@item @anchor{RFC2818}[RFC2818] +Eric Rescorla, "HTTP Over TLS", May 2000, Available from +@url{https://www.ietf/rfc/rfc2818.txt}. + +@item @anchor{RFC2945}[RFC2945] +Tom Wu, "The SRP Authentication and Key Exchange System", September +2000, Available from @url{https://www.ietf.org/rfc/rfc2945.txt}. + +@item @anchor{RFC7301}[RFC7301] +S. Friedl, A. Popov, A. Langley, E. Stephan, "Transport Layer Security (TLS) Application-Layer Protocol Negotiation Extension", +July 2014, Available from @url{https://www.ietf.org/rfc/rfc7301.txt}. + +@item @anchor{RFC2986}[RFC2986] +Magnus Nystrom and Burt Kaliski, "PKCS 10 v1.7: Certification Request +Syntax Specification", November 2000, Available from +@url{https://www.ietf.org/rfc/rfc2986.txt}. + +@item @anchor{PKIX}[PKIX] +D. Cooper, S. Santesson, S. Farrel, S. Boeyen, R. Housley, W. Polk, +"Internet X.509 Public Key Infrastructure Certificate and Certificate +Revocation List (CRL) Profile", May 2008, available from +@url{https://www.ietf.org/rfc/rfc5280.txt}. + +@item @anchor{RFC3749}[RFC3749] +Scott Hollenbeck, "Transport Layer Security Protocol Compression +Methods", May 2004, available from +@url{https://www.ietf.org/rfc/rfc3749.txt}. + +@item @anchor{RFC3820}[RFC3820] +Steven Tuecke, Von Welch, Doug Engert, Laura Pearlman, and Mary +Thompson, "Internet X.509 Public Key Infrastructure (PKI) Proxy +Certificate Profile", June 2004, available from +@url{https://www.ietf.org/rfc/rfc3820}. + +@item @anchor{RFC6520}[RFC6520] +R. Seggelmann, M. Tuexen, and M. Williams, "Transport Layer Security (TLS) and +Datagram Transport Layer Security (DTLS) Heartbeat Extension", February 2012, available from +@url{https://www.ietf.org/rfc/rfc6520}. + + +@item @anchor{RFC5746}[RFC5746] +E. Rescorla, M. Ray, S. Dispensa, and N. Oskov, "Transport Layer +Security (TLS) Renegotiation Indication Extension", February 2010, +available from @url{https://www.ietf.org/rfc/rfc5746}. + +@item @anchor{RFC5280}[RFC5280] +D. Cooper, S. Santesson, S. Farrell, S. Boeyen, R. Housley, and +W. Polk, "Internet X.509 Public Key Infrastructure Certificate and +Certificate Revocation List (CRL) Profile", May 2008, available from +@url{https://www.ietf.org/rfc/rfc5280}. + +@item @anchor{TLSTKT}[TLSTKT] +Joseph Salowey, Hao Zhou, Pasi Eronen, Hannes Tschofenig, "Transport +Layer Security (TLS) Session Resumption without Server-Side State", +January 2008, available from @url{https://www.ietf.org/rfc/rfc5077}. + +@item @anchor{PKCS12}[PKCS12] +RSA Laboratories, "PKCS 12 v1.0: Personal Information Exchange +Syntax", June 1999, Available from @url{https://www.rsa.com}. + +@item @anchor{PKCS11}[PKCS11] +RSA Laboratories, "PKCS #11 Base Functionality v2.30: Cryptoki – Draft 4", +July 2009, Available from @url{https://www.rsa.com}. + +@item @anchor{RESCORLA}[RESCORLA] +Eric Rescorla, "SSL and TLS: Designing and Building Secure Systems", +2001 + +@item @anchor{SELKEY}[SELKEY] +Arjen Lenstra and Eric Verheul, "Selecting Cryptographic Key Sizes", +2003, available from @url{https://www.win.tue.nl/~klenstra/key.pdf}. + +@item @anchor{SSL3}[SSL3] +Alan Freier, Philip Karlton and Paul Kocher, "The Secure Sockets Layer (SSL) Protocol Version 3.0", +August 2011, Available from @url{https://www.ietf.org/rfc/rfc6101.txt}. + +@item @anchor{STEVENS}[STEVENS] +Richard Stevens, "UNIX Network Programming, Volume 1", Prentice Hall +PTR, January 1998 + +@item @anchor{TLSEXT}[TLSEXT] +Simon Blake-Wilson, Magnus Nystrom, David Hopwood, Jan Mikkelsen and +Tim Wright, "Transport Layer Security (TLS) Extensions", June 2003, +Available from @url{https://www.ietf.org/rfc/rfc3546.txt}. + +@item @anchor{TLSPGP}[TLSPGP] +Nikos Mavrogiannopoulos, "Using OpenPGP keys for TLS authentication", +January 2011. Available from +@url{https://www.ietf.org/rfc/rfc6091.txt}. + +@item @anchor{TLSSRP}[TLSSRP] +David Taylor, Trevor Perrin, Tom Wu and Nikos Mavrogiannopoulos, +"Using SRP for TLS Authentication", November 2007. Available from +@url{https://www.ietf.org/rfc/rfc5054.txt}. + +@item @anchor{TLSPSK}[TLSPSK] +Pasi Eronen and Hannes Tschofenig, "Pre-shared key Ciphersuites for +TLS", December 2005, Available from +@url{https://www.ietf.org/rfc/rfc4279.txt}. + +@item @anchor{TOMSRP}[TOMSRP] +Tom Wu, "The Stanford SRP Authentication Project", Available at +@url{https://srp.stanford.edu/}. + +@item @anchor{WEGER}[WEGER] +Arjen Lenstra and Xiaoyun Wang and Benne de Weger, "Colliding X.509 +Certificates", Cryptology ePrint Archive, Report 2005/067, Available +at @url{https://eprint.iacr.org/}. + +@item @anchor{ECRYPT}[ECRYPT] +European Network of Excellence in Cryptology II, "ECRYPT II Yearly +Report on Algorithms and Keysizes (2009-2010)", Available +at @url{https://www.ecrypt.eu.org/documents/D.SPA.13.pdf}. + +@item @anchor{RFC5056}[RFC5056] +N. Williams, "On the Use of Channel Bindings to Secure Channels", +November 2007, available from @url{https://www.ietf.org/rfc/rfc5056}. + +@item @anchor{RFC5764}[RFC5764] +D. McGrew, E. Rescorla, "Datagram Transport Layer Security (DTLS) Extension to Establish Keys for the Secure Real-time Transport Protocol (SRTP)On the Use of Channel Bindings to Secure Channels", +May 2010, available from @url{https://www.ietf.org/rfc/rfc5764}. + +@item @anchor{RFC5929}[RFC5929] +J. Altman, N. Williams, L. Zhu, "Channel Bindings for TLS", July 2010, +available from @url{https://www.ietf.org/rfc/rfc5929}. + +@item @anchor{PKCS11URI}[PKCS11URI] +J. Pechanec, D. Moffat, "The PKCS#11 URI Scheme", April 2015, +available from @url{https://www.ietf.org/rfc/rfc7512}. + +@item @anchor{TPMURI}[TPMURI] +C. Latze, N. Mavrogiannopoulos, "The TPMKEY URI Scheme", January 2013, +Work in progress, available from @url{https://tools.ietf.org/html/draft-mavrogiannopoulos-tpmuri-01}. + +@item @anchor{ANDERSON}[ANDERSON] +R. J. Anderson, "Security Engineering: A Guide to Building Dependable Distributed Systems", +John Wiley \& Sons, Inc., 2001. + +@item @anchor{RFC4821}[RFC4821] +M. Mathis, J. Heffner, "Packetization Layer Path MTU Discovery", March 2007, +available from @url{https://www.ietf.org/rfc/rfc4821.txt}. + +@item @anchor{RFC2560}[RFC2560] +M. Myers et al, "X.509 Internet Public Key Infrastructure Online +Certificate Status Protocol - OCSP", June 1999, Available from +@url{https://www.ietf.org/rfc/rfc2560.txt}. + +@item @anchor{RIVESTCRL}[RIVESTCRL] +R. L. Rivest, "Can We Eliminate Certificate Revocation Lists?", +Proceedings of Financial Cryptography '98; Springer Lecture Notes in +Computer Science No. 1465 (Rafael Hirschfeld, ed.), February 1998), +pages 178--183, available from +@url{https://people.csail.mit.edu/rivest/Rivest-CanWeEliminateCertificateRevocationLists.pdf}. + +@end table diff --git a/doc/cha-cert-auth.texi b/doc/cha-cert-auth.texi new file mode 100644 index 0000000..f26f90e --- /dev/null +++ b/doc/cha-cert-auth.texi @@ -0,0 +1,696 @@ +@node Certificate authentication +@section Certificate authentication +@cindex certificate authentication + +The most known authentication method of @acronym{TLS} are certificates. +The PKIX @xcite{PKIX} public key infrastructure is daily used by anyone +using a browser today. @acronym{GnuTLS} provides a simple API to +verify the @acronym{X.509} certificates as in @xcite{PKIX}. + +The key exchange algorithms supported by certificate authentication are +shown in @ref{tab:key-exchange}. + +@float Table,tab:key-exchange +@multitable @columnfractions .2 .7 + +@headitem Key exchange @tab Description + +@item RSA @tab +The RSA algorithm is used to encrypt a key and send it to the peer. +The certificate must allow the key to be used for encryption. + +@item DHE_@-RSA @tab +The RSA algorithm is used to sign ephemeral Diffie-Hellman parameters +which are sent to the peer. The key in the certificate must allow the +key to be used for signing. Note that key exchange algorithms which +use ephemeral Diffie-Hellman parameters, offer perfect forward +secrecy. That means that even if the private key used for signing is +compromised, it cannot be used to reveal past session data. + +@item ECDHE_@-RSA @tab +The RSA algorithm is used to sign ephemeral elliptic curve Diffie-Hellman +parameters which are sent to the peer. The key in the certificate must allow +the key to be used for signing. It also offers perfect forward +secrecy. That means that even if the private key used for signing is +compromised, it cannot be used to reveal past session data. + +@item DHE_@-DSS @tab +The DSA algorithm is used to sign ephemeral Diffie-Hellman parameters +which are sent to the peer. The certificate must contain DSA +parameters to use this key exchange algorithm. DSA is the algorithm +of the Digital Signature Standard (DSS). + +@item ECDHE_@-ECDSA @tab +The Elliptic curve DSA algorithm is used to sign ephemeral elliptic +curve Diffie-Hellman parameters which are sent to the peer. The +certificate must contain ECDSA parameters (i.e., EC and marked for signing) +to use this key exchange algorithm. + +@end multitable +@caption{Supported key exchange algorithms.} +@end float + +@menu +* X.509 certificates:: +* OpenPGP certificates:: +* Raw public-keys:: +* Advanced certificate verification:: +* Digital signatures:: +@end menu + +@node X.509 certificates +@subsection @acronym{X.509} certificates +@cindex X.509 certificates + +The @acronym{X.509} protocols rely on a hierarchical trust model. In +this trust model Certification Authorities (CAs) are used to certify +entities. Usually more than one certification authorities exist, and +certification authorities may certify other authorities to issue +certificates as well, following a hierarchical model. + +@float Figure,fig-x509 +@image{gnutls-x509,7cm} +@caption{An example of the X.509 hierarchical trust model.} +@end float + +One needs to trust one or more CAs for his secure communications. In +that case only the certificates issued by the trusted authorities are +acceptable. The framework is illustrated on @ref{fig-x509}. + +@menu +* X.509 certificate structure:: +* Importing an X.509 certificate:: +* X.509 certificate names:: +* X.509 distinguished names:: +* X.509 extensions:: +* X.509 public and private keys:: +* Verifying X.509 certificate paths:: +* Verifying a certificate in the context of TLS session:: +* Verification using PKCS11:: +@end menu + +@node X.509 certificate structure +@subsubsection @acronym{X.509} certificate structure + +An @acronym{X.509} certificate usually contains information about the +certificate holder, the signer, a unique serial number, expiration +dates and some other fields @xcite{PKIX} as shown in @ref{tab:x509}. + +@float Table,tab:x509 +@multitable @columnfractions .2 .7 + +@headitem Field @tab Description + +@item version @tab +The field that indicates the version of the certificate. + +@item serialNumber @tab +This field holds a unique serial number per certificate. + +@item signature @tab +The issuing authority's signature. + +@item issuer @tab +Holds the issuer's distinguished name. + +@item validity @tab +The activation and expiration dates. + +@item subject @tab +The subject's distinguished name of the certificate. + +@item extensions @tab +The extensions are fields only present in version 3 certificates. + +@end multitable +@caption{X.509 certificate fields.} +@end float + +The certificate's @emph{subject or issuer name} is not just a single +string. It is a Distinguished name and in the @acronym{ASN.1} +notation is a sequence of several object identifiers with their corresponding +values. Some of available OIDs to be used in an @acronym{X.509} +distinguished name are defined in @file{gnutls/x509.h}. + +The @emph{Version} field in a certificate has values either 1 or 3 for +version 3 certificates. Version 1 certificates do not support the +extensions field so it is not possible to distinguish a CA from a +person, thus their usage should be avoided. + +The @emph{validity} dates are there to indicate the date that the +specific certificate was activated and the date the certificate's key +would be considered invalid. + + +In @acronym{GnuTLS} the @acronym{X.509} certificate structures are +handled using the @code{gnutls_x509_crt_t} type and the corresponding +private keys with the @code{gnutls_x509_privkey_t} type. All the +available functions for @acronym{X.509} certificate handling have +their prototypes in @file{gnutls/x509.h}. An example program to +demonstrate the @acronym{X.509} parsing capabilities can be found in +@ref{ex-x509-info}. + +@node Importing an X.509 certificate +@subsubsection Importing an X.509 certificate + +The certificate structure should be initialized using @funcref{gnutls_x509_crt_init}, and +a certificate structure can be imported using @funcref{gnutls_x509_crt_import}. + +@showfuncC{gnutls_x509_crt_init,gnutls_x509_crt_import,gnutls_x509_crt_deinit} + +In several functions an array of certificates is required. To assist in initialization +and import the following two functions are provided. + +@showfuncB{gnutls_x509_crt_list_import,gnutls_x509_crt_list_import2} + +In all cases after use a certificate must be deinitialized using @funcref{gnutls_x509_crt_deinit}. +Note that although the functions above apply to @code{gnutls_x509_crt_t} structure, similar functions +exist for the CRL structure @code{gnutls_x509_crl_t}. + +@node X.509 certificate names +@subsubsection X.509 certificate names +@cindex X.509 certificate name + +X.509 certificates allow for multiple names and types of names to be specified. +CA certificates often rely on X.509 distinguished names (see @ref{X.509 distinguished names}) +for unique identification, while end-user and server certificates rely on the +'subject alternative names'. The subject alternative names provide a typed name, e.g., +a DNS name, or an email address, which identifies the owner of the certificate. +The following functions provide access to that names. + +@showfuncB{gnutls_x509_crt_get_subject_alt_name2,gnutls_x509_crt_set_subject_alt_name} +@showfuncC{gnutls_subject_alt_names_init,gnutls_subject_alt_names_get,gnutls_subject_alt_names_set} + +Note however, that server certificates often used the Common Name (CN), part of the +certificate DistinguishedName to place a single DNS address. That practice is discouraged +(see @xcite{RFC6125}), because only a single address can be specified, and the CN field is +free-form making matching ambiguous. + +@node X.509 distinguished names +@subsubsection X.509 distinguished names +@cindex X.509 distinguished name + +The ``subject'' of an X.509 certificate is not described by +a single name, but rather with a distinguished name. This in +X.509 terminology is a list of strings each associated an object +identifier. To make things simple GnuTLS provides @funcref{gnutls_x509_crt_get_dn2} +which follows the rules in @xcite{RFC4514} and returns a single +string. Access to each string by individual object identifiers +can be accessed using @funcref{gnutls_x509_crt_get_dn_by_oid}. + +@showfuncdesc{gnutls_x509_crt_get_dn2} +@showfuncC{gnutls_x509_crt_get_dn,gnutls_x509_crt_get_dn_by_oid,gnutls_x509_crt_get_dn_oid} + +Similar functions exist to access the distinguished name +of the issuer of the certificate. + +@showfuncE{gnutls_x509_crt_get_issuer_dn,gnutls_x509_crt_get_issuer_dn2,gnutls_x509_crt_get_issuer_dn_by_oid,gnutls_x509_crt_get_issuer_dn_oid,gnutls_x509_crt_get_issuer} + +The more powerful @funcref{gnutls_x509_crt_get_subject} and +@funcref{gnutls_x509_dn_get_rdn_ava} provide efficient but low-level access +to the contents of the distinguished name structure. + +@showfuncB{gnutls_x509_crt_get_subject,gnutls_x509_crt_get_issuer} +@showfuncdesc{gnutls_x509_dn_get_rdn_ava} + +@node X.509 extensions +@subsubsection X.509 extensions +@cindex X.509 extensions + +X.509 version 3 certificates include a list of extensions that can +be used to obtain additional information on the subject or the issuer +of the certificate. Those may be e-mail addresses, flags that indicate whether the +belongs to a CA etc. All the supported @acronym{X.509} version 3 +extensions are shown in @ref{tab:x509-ext}. + +The certificate extensions access is split into two parts. The first +requires to retrieve the extension, and the second is the parsing part. + +To enumerate and retrieve the DER-encoded extension data available in a certificate the following +two functions are available. +@showfuncC{gnutls_x509_crt_get_extension_info,gnutls_x509_crt_get_extension_data2,gnutls_x509_crt_get_extension_by_oid2} + +After a supported DER-encoded extension is retrieved it can be parsed using the APIs in @code{x509-ext.h}. +Complex extensions may require initializing an intermediate structure that holds the +parsed extension data. Examples of simple parsing functions are shown below. +@showfuncD{gnutls_x509_ext_import_basic_constraints,gnutls_x509_ext_export_basic_constraints,gnutls_x509_ext_import_key_usage,gnutls_x509_ext_export_key_usage} + +More complex extensions, such as Name Constraints, require an intermediate structure, in that +case @code{gnutls_x509_name_constraints_t} to be initialized in order to store the parsed +extension data. +@showfuncB{gnutls_x509_ext_import_name_constraints,gnutls_x509_ext_export_name_constraints} + +After the name constraints are extracted in the structure, the following functions +can be used to access them. + +@showfuncD{gnutls_x509_name_constraints_get_permitted,gnutls_x509_name_constraints_get_excluded,gnutls_x509_name_constraints_add_permitted,gnutls_x509_name_constraints_add_excluded} +@showfuncB{gnutls_x509_name_constraints_check,gnutls_x509_name_constraints_check_crt} + +Other utility functions are listed below. +@showfuncB{gnutls_x509_name_constraints_init,gnutls_x509_name_constraints_deinit} + +Similar functions exist for all of the other supported extensions, listed in @ref{tab:x509-ext}. + +@float Table,tab:x509-ext +@multitable @columnfractions .3 .2 .4 + +@headitem Extension @tab OID @tab Description + +@item Subject key id @tab 2.5.29.14 @tab +An identifier of the key of the subject. + +@item Key usage @tab 2.5.29.15 @tab +Constraints the key's usage of the certificate. + +@item Private key usage period @tab 2.5.29.16 @tab +Constraints the validity time of the private key. + +@item Subject alternative name @tab 2.5.29.17 @tab +Alternative names to subject's distinguished name. + +@item Issuer alternative name @tab 2.5.29.18 @tab +Alternative names to the issuer's distinguished name. + +@item Basic constraints @tab 2.5.29.19 @tab +Indicates whether this is a CA certificate or not, and specify the +maximum path lengths of certificate chains. + +@item Name constraints @tab 2.5.29.30 @tab +A field in CA certificates that restricts the scope of the name of +issued certificates. + +@item CRL distribution points @tab 2.5.29.31 @tab +This extension is set by the CA, in order to inform about the +location of issued Certificate Revocation Lists. + +@item Certificate policy @tab 2.5.29.32 @tab +This extension is set to indicate the certificate policy as object +identifier and may contain a descriptive string or URL. + +@item Extended key usage @tab 2.5.29.54 @tab +Inhibit any policy extension. Constraints the any policy OID +(@code{GNUTLS_X509_OID_POLICY_ANY}) use in the policy extension. + +@item Authority key identifier @tab 2.5.29.35 @tab +An identifier of the key of the issuer of the certificate. That is +used to distinguish between different keys of the same issuer. + +@item Extended key usage @tab 2.5.29.37 @tab +Constraints the purpose of the certificate. + +@item Authority information access @tab 1.3.6.1.5.5.7.1.1 @tab +Information on services by the issuer of the certificate. + +@item Proxy Certification Information @tab 1.3.6.1.5.5.7.1.14 @tab +Proxy Certificates includes this extension that contains the OID of +the proxy policy language used, and can specify limits on the maximum +lengths of proxy chains. Proxy Certificates are specified in +@xcite{RFC3820}. + +@end multitable +@caption{Supported X.509 certificate extensions.} +@end float + +Note, that there are also direct APIs to access extensions that may +be simpler to use for non-complex extensions. They are available +in @code{x509.h} and some examples are listed below. +@showfuncD{gnutls_x509_crt_get_basic_constraints,gnutls_x509_crt_set_basic_constraints,gnutls_x509_crt_get_key_usage,gnutls_x509_crt_set_key_usage} + + +@node X.509 public and private keys +@subsubsection Accessing public and private keys + +Each X.509 certificate contains a public key that corresponds to a private key. To +get a unique identifier of the public key the @funcref{gnutls_x509_crt_get_key_id} +function is provided. To export the public key or its parameters you may need +to convert the X.509 structure to a @code{gnutls_pubkey_t}. See +@ref{Abstract public keys} for more information. + +@showfuncdesc{gnutls_x509_crt_get_key_id} + +The private key parameters may be directly accessed by using one of the following functions. + +@showfuncE{gnutls_x509_privkey_get_pk_algorithm2,gnutls_x509_privkey_export_rsa_raw2,gnutls_x509_privkey_export_ecc_raw,gnutls_x509_privkey_export_dsa_raw,gnutls_x509_privkey_get_key_id} + +@node Verifying X.509 certificate paths +@subsubsection Verifying @acronym{X.509} certificate paths +@cindex verifying certificate paths + +Verifying certificate paths is important in @acronym{X.509} +authentication. For this purpose the following functions are +provided. + +@showfuncdesc{gnutls_x509_trust_list_add_cas} +@showfuncdesc{gnutls_x509_trust_list_add_named_crt} +@showfuncdesc{gnutls_x509_trust_list_add_crls} +@showfuncdesc{gnutls_x509_trust_list_verify_crt} +@showfuncdesc{gnutls_x509_trust_list_verify_crt2} +@showfuncdesc{gnutls_x509_trust_list_verify_named_crt} + +@showfuncdesc{gnutls_x509_trust_list_add_trust_file} +@showfuncdesc{gnutls_x509_trust_list_add_trust_mem} +@showfuncdesc{gnutls_x509_trust_list_add_system_trust} + +The verification function will verify a given certificate chain against a list of certificate +authorities and certificate revocation lists, and output +a bit-wise OR of elements of the @code{gnutls_@-certificate_@-status_t} +enumeration shown in @ref{gnutls_certificate_status_t}. The @code{GNUTLS_@-CERT_@-INVALID} flag +is always set on a verification error and more detailed flags will also be set when appropriate. + +@showenumdesc{gnutls_certificate_status_t,The @code{gnutls_@-certificate_@-status_t} enumeration.} + +An example of certificate verification is shown in @ref{ex-verify2}. +It is also possible to have a set of certificates that +are trusted for a particular server but not to authorize other certificates. +This purpose is served by the functions @funcref{gnutls_x509_trust_list_add_named_crt} and @funcref{gnutls_x509_trust_list_verify_named_crt}. + +@node Verifying a certificate in the context of TLS session +@subsubsection Verifying a certificate in the context of TLS session +@cindex verifying certificate paths +@tindex gnutls_certificate_verify_flags + +When operating in the context of a TLS session, the trusted certificate +authority list may also be set using: +@showfuncD{gnutls_certificate_set_x509_trust_file,gnutls_certificate_set_x509_trust_dir,gnutls_certificate_set_x509_crl_file,gnutls_certificate_set_x509_system_trust} + +These functions allow the specification of the trusted certificate authorities, either +via a file, a directory or use the system-specified certificate authorities. +Unless the authorities are application specific, it is generally recommended +to use the system trust storage (see @funcref{gnutls_certificate_set_x509_system_trust}). + +Unlike the previous section it is not required to setup a trusted list, and there +are two approaches to verify the peer's certificate and identity. +The recommended in GnuTLS 3.5.0 and later is via the @funcref{gnutls_session_set_verify_cert}, +but for older GnuTLS versions you may use an explicit callback set via +@funcref{gnutls_certificate_set_verify_function} and then utilize +@funcref{gnutls_certificate_verify_peers3} for verification. +The reported verification status is identical to the verification functions described +in the previous section. + +Note that in certain cases it is required to check the marked purpose of +the end certificate (e.g. @code{GNUTLS_KP_TLS_WWW_SERVER}); in these cases +the more advanced @funcref{gnutls_session_set_verify_cert2} and +@funcref{gnutls_certificate_verify_peers} should be used instead. + +There is also the possibility to pass some input to the verification +functions in the form of flags. For @funcref{gnutls_x509_trust_list_verify_crt2} the +flags are passed directly, but for +@funcref{gnutls_certificate_verify_peers3}, the flags are set using +@funcref{gnutls_certificate_set_verify_flags}. All the available +flags are part of the enumeration +@code{gnutls_@-certificate_@-verify_@-flags} shown in @ref{gnutls_certificate_verify_flags}. + +@showenumdesc{gnutls_certificate_verify_flags,The @code{gnutls_@-certificate_@-verify_@-flags} enumeration.} + +@node Verification using PKCS11 +@subsubsection Verifying a certificate using PKCS #11 +@cindex verifying certificate with pkcs11 + +Some systems provide a system wide trusted certificate storage accessible using +the PKCS #11 API. That is, the trusted certificates are queried and accessed using the +PKCS #11 API, and trusted certificate properties, such as purpose, are marked using +attached extensions. One example is the p11-kit trust module@footnote{see @url{https://p11-glue.freedesktop.org/trust-module.html}.}. + +These special PKCS #11 modules can be used for GnuTLS certificate verification if marked as trust +policy modules, i.e., with @code{trust-policy: yes} in the p11-kit module file. +The way to use them is by specifying to the file verification function (e.g., @funcref{gnutls_certificate_set_x509_trust_file}), +a pkcs11 URL, or simply @code{pkcs11:} to use all the marked with trust policy modules. + +The trust modules of p11-kit assign a purpose to trusted authorities using the extended +key usage object identifiers. The common purposes are shown in @ref{tab:purposes}. Note +that typically according to @xcite{RFC5280} the extended key usage object identifiers apply to end certificates. Their +application to CA certificates is an extension used by the trust modules. + +@float Table,tab:purposes +@multitable @columnfractions .2 .2 .6 + +@headitem Purpose @tab OID @tab Description + +@item GNUTLS_KP_TLS_WWW_SERVER @tab +1.3.6.1.5.5.7.3.1 @tab +The certificate is to be used for TLS WWW authentication. When in a CA certificate, it +indicates that the CA is allowed to sign certificates for TLS WWW authentication. + +@item GNUTLS_KP_TLS_WWW_CLIENT @tab +1.3.6.1.5.5.7.3.2 @tab +The certificate is to be used for TLS WWW client authentication. When in a CA certificate, it +indicates that the CA is allowed to sign certificates for TLS WWW client authentication. + +@item GNUTLS_KP_CODE_SIGNING @tab +1.3.6.1.5.5.7.3.3 @tab +The certificate is to be used for code signing. When in a CA certificate, it +indicates that the CA is allowed to sign certificates for code signing. + +@item GNUTLS_KP_EMAIL_PROTECTION @tab +1.3.6.1.5.5.7.3.4 @tab +The certificate is to be used for email protection. When in a CA certificate, it +indicates that the CA is allowed to sign certificates for email users. + +@item GNUTLS_KP_OCSP_SIGNING @tab +1.3.6.1.5.5.7.3.9 @tab +The certificate is to be used for signing OCSP responses. When in a CA certificate, it +indicates that the CA is allowed to sign certificates which sign OCSP responses. + +@item GNUTLS_KP_ANY @tab +2.5.29.37.0 @tab +The certificate is to be used for any purpose. When in a CA certificate, it +indicates that the CA is allowed to sign any kind of certificates. + +@end multitable +@caption{Key purpose object identifiers.} +@end float + +With such modules, it is recommended to use the verification functions @funcref{gnutls_x509_trust_list_verify_crt2}, +or @funcref{gnutls_certificate_verify_peers}, which allow to explicitly specify the key purpose. The +other verification functions which do not allow setting a purpose, would operate as if +@code{GNUTLS_KP_TLS_WWW_SERVER} was requested from the trusted authorities. + +@node OpenPGP certificates +@subsection @acronym{OpenPGP} certificates +@cindex OpenPGP certificates + +Previous versions of GnuTLS supported limited @acronym{OpenPGP} key +authentication. That functionality has been deprecated and is no longer +made available. The reason is that, supporting alternative authentication +methods, when X.509 and PKIX were new on the Internet and not well established, seemed like a +good idea, in today's Internet X.509 is unquestionably the main +container for certificates. As such supporting more options with no clear +use-cases, is a distraction that consumes considerable resources for +improving and testing the library. For that we have decided to drop +this functionality completely in 3.6.0. + +@node Raw public-keys +@subsection Raw public-keys +@cindex Raw public-keys + +There are situations in which a rather large certificate / certificate chain is undesirable or impractical. +An example could be a resource contrained sensor network in which you do want to use authentication of and +encryption between your devices but where your devices lack loads of memory or processing power. Furthermore, +there are situations in which you don't want to or can't rely on a PKIX. TLS is, next to a PKIX environment, +also commonly used with self-signed certificates in smaller deployments where the self-signed certificates +are distributed to all involved protocol endpoints out-of-band. This practice does, however, still require +the overhead of the certificate generation even though none of the information found in the certificate is +actually used. + +With raw public-keys, only a subset of the information found in typical certificates is utilized: namely, +the SubjectPublicKeyInfo structure (in ASN.1 format) of a PKIX certificate that carries the parameters +necessary to describe the public-key. Other parameters found in PKIX certificates are omitted. By omitting +various certificate-related structures, the resulting raw public-key is kept fairly small in comparison to +the original certificate, and the code to process the keys can be simpler. + +It should be noted however, that the authenticity of these raw keys must be verified by an out-of-band mechanism +or something like @acronym{TOFU}. + +@menu +* Importing raw public-keys:: +@end menu + +@node Importing raw public-keys +@subsubsection Importing raw public-keys +Raw public-keys and their private counterparts can best be handled by using the abstract types +@code{gnutls_pubkey_t} and @code{gnutls_privkey_t} respectively. To learn how to use these +see @ref{Abstract key types}. + +@node Advanced certificate verification +@subsection Advanced certificate verification +@cindex Certificate verification + +The verification of X.509 certificates in the HTTPS and other Internet protocols is typically +done by loading a trusted list of commercial Certificate Authorities +(see @funcref{gnutls_certificate_set_x509_system_trust}), and using them as trusted anchors. +However, there are several examples (eg. the Diginotar incident) where one of these +authorities was compromised. This risk can be mitigated by using in addition to CA certificate verification, +other verification methods. In this section we list the available in GnuTLS methods. + +@menu +* Verifying a certificate using trust on first use authentication:: +* Verifying a certificate using DANE:: +@end menu + +@node Verifying a certificate using trust on first use authentication +@subsubsection Verifying a certificate using trust on first use authentication +@cindex verifying certificate paths +@cindex SSH-style authentication +@cindex Trust on first use +@cindex Key pinning + +It is possible to use a trust on first use (TOFU) authentication +method in GnuTLS. That is the concept used by the SSH programs, where the +public key of the peer is not verified, or verified in an out-of-bound way, +but subsequent connections to the same peer require the public key to +remain the same. Such a system in combination with the typical CA +verification of a certificate, and OCSP revocation checks, +can help to provide multiple factor verification, where a single point of +failure is not enough to compromise the system. For example a server compromise +may be detected using OCSP, and a CA compromise can be detected using +the trust on first use method. +Such a hybrid system with X.509 and trust on first use authentication is +shown in @ref{Client example with SSH-style certificate verification}. + +See @ref{Certificate verification} on how to use the available functionality. + +@node Verifying a certificate using DANE +@subsubsection Verifying a certificate using DANE (DNSSEC) +@cindex verifying certificate paths +@cindex DANE +@cindex DNSSEC + +The DANE protocol is a protocol that can be used to verify TLS certificates +using the DNS (or better DNSSEC) protocols. The DNS security extensions (DNSSEC) +provide an alternative public key infrastructure to the commercial CAs that +are typically used to sign TLS certificates. The DANE protocol takes advantage +of the DNSSEC infrastructure to verify TLS certificates. This can be +in addition to the verification by CA infrastructure or +may even replace it where DNSSEC is fully deployed. Note however, that DNSSEC deployment is +fairly new and it would be better to use it as an additional verification +method rather than the only one. + +The DANE functionality is provided by the @code{libgnutls-dane} library that is shipped +with GnuTLS and the function prototypes are in @code{gnutls/dane.h}. +See @ref{Certificate verification} for information on how to use the library. + +Note however, that the DANE RFC mandates the verification methods +one should use in addition to the validation via DNSSEC TLSA entries. +GnuTLS doesn't follow that RFC requirement, and the term DANE verification +in this manual refers to the TLSA entry verification. In GnuTLS any +other verification methods can be used (e.g., PKIX or TOFU) on top of +DANE. + +@node Digital signatures +@subsection Digital signatures +@cindex digital signatures + +In this section we will provide some information about digital +signatures, how they work, and give the rationale for disabling some +of the algorithms used. + +Digital signatures work by using somebody's secret key to sign some +arbitrary data. Then anybody else could use the public key of that +person to verify the signature. Since the data may be arbitrary it is +not suitable input to a cryptographic digital signature algorithm. For +this reason and also for performance cryptographic hash algorithms are +used to preprocess the input to the signature algorithm. This works as +long as it is difficult enough to generate two different messages with +the same hash algorithm output. In that case the same signature could +be used as a proof for both messages. Nobody wants to sign an innocent +message of donating 1 euro to Greenpeace and find out that they +donated 1.000.000 euros to Bad Inc. + +For a hash algorithm to be called cryptographic the following three +requirements must hold: + +@enumerate +@item Preimage resistance. +That means the algorithm must be one way and given the output of the +hash function @math{H(x)}, it is impossible to calculate @math{x}. + +@item 2nd preimage resistance. +That means that given a pair @math{x,y} with @math{y=H(x)} it is +impossible to calculate an @math{x'} such that @math{y=H(x')}. + +@item Collision resistance. +That means that it is impossible to calculate random @math{x} and +@math{x'} such @math{H(x')=H(x)}. +@end enumerate + +The last two requirements in the list are the most important in +digital signatures. These protect against somebody who would like to +generate two messages with the same hash output. When an algorithm is +considered broken usually it means that the Collision resistance of +the algorithm is less than brute force. Using the birthday paradox the +brute force attack takes +@iftex +@math{2^{(\rm{hash\ size}) / 2}} +@end iftex +@ifnottex +@math{2^{((hash size) / 2)}} +@end ifnottex +operations. Today colliding certificates using the MD5 hash algorithm +have been generated as shown in @xcite{WEGER}. + +There has been cryptographic results for the SHA-1 hash algorithms as +well, although they are not yet critical. Before 2004, MD5 had a +presumed collision strength of @math{2^{64}}, but it has been showed +to have a collision strength well under @math{2^{50}}. As of November +2005, it is believed that SHA-1's collision strength is around +@math{2^{63}}. We consider this sufficiently hard so that we still +support SHA-1. We anticipate that SHA-256/386/512 will be used in +publicly-distributed certificates in the future. When @math{2^{63}} +can be considered too weak compared to the computer power available +sometime in the future, SHA-1 will be disabled as well. The collision +attacks on SHA-1 may also get better, given the new interest in tools +for creating them. + +@subsubsection Trading security for interoperability + +If you connect to a server and use GnuTLS' functions to verify the +certificate chain, and get a @code{GNUTLS_CERT_INSECURE_ALGORITHM} +validation error (see @ref{Verifying X.509 certificate paths}), it means +that somewhere in the certificate chain there is a certificate signed +using @code{RSA-MD2} or @code{RSA-MD5}. These two digital signature +algorithms are considered broken, so GnuTLS fails verifying +the certificate. In some situations, it may be useful to be +able to verify the certificate chain anyway, assuming an attacker did +not utilize the fact that these signatures algorithms are broken. +This section will give help on how to achieve that. + +It is important to know that you do not have to enable any of +the flags discussed here to be able to use trusted root CA +certificates self-signed using @code{RSA-MD2} or @code{RSA-MD5}. The +certificates in the trusted list are considered trusted irrespective +of the signature. + +If you are using @funcref{gnutls_certificate_verify_peers3} to verify the +certificate chain, you can call +@funcref{gnutls_certificate_set_verify_flags} with the flags: +@itemize +@item @code{GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD2} +@item @code{GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD5} +@item @code{GNUTLS_VERIFY_ALLOW_SIGN_WITH_SHA1} +@item @code{GNUTLS_VERIFY_ALLOW_BROKEN} +@end itemize +as in the following example: + +@example + gnutls_certificate_set_verify_flags (x509cred, + GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD5); +@end example + +This will signal the verifier algorithm to enable @code{RSA-MD5} when +verifying the certificates. + +If you are using @funcref{gnutls_x509_crt_verify} or +@funcref{gnutls_x509_crt_list_verify}, you can pass the +@code{GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD5} parameter directly in the +@code{flags} parameter. + +If you are using these flags, it may also be a good idea to warn the +user when verification failure occur for this reason. The simplest is +to not use the flags by default, and only fall back to using them +after warning the user. If you wish to inspect the certificate chain +yourself, you can use @funcref{gnutls_certificate_get_peers} to extract +the raw server's certificate chain, @funcref{gnutls_x509_crt_list_import} to parse each of the certificates, and +then @funcref{gnutls_x509_crt_get_signature_algorithm} to find out the +signing algorithm used for each certificate. If any of the +intermediary certificates are using @code{GNUTLS_SIGN_RSA_MD2} or +@code{GNUTLS_SIGN_RSA_MD5}, you could present a warning. diff --git a/doc/cha-cert-auth2.texi b/doc/cha-cert-auth2.texi new file mode 100644 index 0000000..e325b61 --- /dev/null +++ b/doc/cha-cert-auth2.texi @@ -0,0 +1,452 @@ +@node More on certificate authentication +@section More on certificate authentication +@cindex certificate authentication + +Certificates are not the only structures involved in a public key +infrastructure. Several other structures that are used for certificate +requests, encrypted private keys, revocation lists, GnuTLS abstract key +structures, etc., are discussed in this chapter. + +@menu +* PKCS 10 certificate requests:: +* PKIX certificate revocation lists:: +* OCSP certificate status checking:: +* OCSP stapling:: +* Managing encrypted keys:: +* certtool Invocation:: Invoking certtool +* ocsptool Invocation:: Invoking ocsptool +* danetool Invocation:: Invoking danetool +@end menu + +@node PKCS 10 certificate requests +@subsection @acronym{PKCS} #10 certificate requests +@cindex certificate requests +@cindex PKCS #10 + +A certificate request is a structure, which contain information about +an applicant of a certificate service. It typically contains a public +key, a distinguished name and secondary data such as a challenge +password. @acronym{GnuTLS} supports the requests defined in +@acronym{PKCS} #10 @xcite{RFC2986}. Other formats of certificate requests +are not currently supported by GnuTLS. + +A certificate request can be generated by +associating it with a private key, setting the +subject's information and finally self signing it. +The last step ensures that the requester is in +possession of the private key. + +@showfuncF{gnutls_x509_crq_set_version,gnutls_x509_crq_set_dn,gnutls_x509_crq_set_dn_by_oid,gnutls_x509_crq_set_key_usage,gnutls_x509_crq_set_key_purpose_oid,gnutls_x509_crq_set_basic_constraints} + +The @funcref{gnutls_x509_crq_set_key} and @funcref{gnutls_x509_crq_sign2} +functions associate the request with a private key and sign it. If a +request is to be signed with a key residing in a PKCS #11 token it is recommended to use +the signing functions shown in @ref{Abstract key types}. + +@showfuncdesc{gnutls_x509_crq_set_key} +@showfuncdesc{gnutls_x509_crq_sign2} + +The following example is about generating a certificate request, and a +private key. A certificate request can be later be processed by a CA +which should return a signed certificate. + +@anchor{ex-crq} +@verbatiminclude examples/ex-crq.c + +@node PKIX certificate revocation lists +@subsection PKIX certificate revocation lists +@cindex certificate revocation lists +@cindex CRL + +A certificate revocation list (CRL) is a structure issued by an authority +periodically containing a list of revoked certificates serial numbers. +The CRL structure is signed with the issuing authorities' keys. A typical +CRL contains the fields as shown in @ref{tab:crl}. +Certificate revocation lists are used to complement the expiration date of a certificate, +in order to account for other reasons of revocation, such as compromised keys, etc. + +Each CRL is valid for limited amount of +time and is required to provide, except for the current issuing time, also +the issuing time of the next update. + +@float Table,tab:crl +@multitable @columnfractions .2 .7 + +@headitem Field @tab Description + +@item version @tab +The field that indicates the version of the CRL structure. + +@item signature @tab +A signature by the issuing authority. + +@item issuer @tab +Holds the issuer's distinguished name. + +@item thisUpdate @tab +The issuing time of the revocation list. + +@item nextUpdate @tab +The issuing time of the revocation list that will update that one. + +@item revokedCertificates @tab +List of revoked certificates serial numbers. + +@item extensions @tab +Optional CRL structure extensions. + +@end multitable +@caption{Certificate revocation list fields.} +@end float + +The basic CRL structure functions follow. + +@showfuncD{gnutls_x509_crl_init,gnutls_x509_crl_import,gnutls_x509_crl_export,gnutls_x509_crl_export} + +@subsubheading Reading a CRL + +The most important function that extracts the certificate revocation +information from a CRL is @funcref{gnutls_x509_crl_get_crt_serial}. Other +functions that return other fields of the CRL structure are also provided. + +@showfuncdesc{gnutls_x509_crl_get_crt_serial} + +@showfuncF{gnutls_x509_crl_get_version,gnutls_x509_crl_get_issuer_dn,gnutls_x509_crl_get_issuer_dn2,gnutls_x509_crl_get_this_update,gnutls_x509_crl_get_next_update,gnutls_x509_crl_get_crt_count} + +@subsubheading Generation of a CRL + +The following functions can be used to generate a CRL. + +@showfuncB{gnutls_x509_crl_set_version,gnutls_x509_crl_set_crt_serial} +@showfuncC{gnutls_x509_crl_set_crt,gnutls_x509_crl_set_next_update,gnutls_x509_crl_set_this_update} + +The @funcref{gnutls_x509_crl_sign2} and @funcref{gnutls_x509_crl_privkey_sign} +functions sign the revocation list with a private key. The latter function +can be used to sign with a key residing in a PKCS #11 token. + +@showfuncdesc{gnutls_x509_crl_sign2} +@showfuncdesc{gnutls_x509_crl_privkey_sign} + +Few extensions on the CRL structure are supported, including the +CRL number extension and the authority key identifier. + +@showfuncB{gnutls_x509_crl_set_number,gnutls_x509_crl_set_authority_key_id} + +@node OCSP certificate status checking +@subsection @acronym{OCSP} certificate status checking +@cindex certificate status +@cindex Online Certificate Status Protocol +@cindex OCSP + +Certificates may be revoked before their expiration time has been +reached. There are several reasons for revoking certificates, but a +typical situation is when the private key associated with a +certificate has been compromised. Traditionally, Certificate +Revocation Lists (CRLs) have been used by application to implement +revocation checking, however, several problems with CRLs have been +identified @xcite{RIVESTCRL}. + +The Online Certificate Status Protocol, or @acronym{OCSP} @xcite{RFC2560}, +is a widely implemented protocol which performs certificate revocation status +checking. An application that wish to verify the +identity of a peer will verify the certificate against a set of +trusted certificates and then check whether the certificate is listed +in a CRL and/or perform an OCSP check for the certificate. + +Applications are typically expected to contact the OCSP server in order to +request the certificate validity status. The OCSP server replies with an OCSP +response. This section describes this online communication (which can be avoided +when using OCSP stapled responses, for that, see @ref{OCSP stapling}). + +Before performing the OCSP query, the application will need to figure +out the address of the OCSP server. The OCSP server address can be +provided by the local user in manual configuration or may be stored +in the certificate that is being checked. When stored in a certificate +the OCSP server is in the extension field called the Authority Information +Access (AIA). The following function +extracts this information from a certificate. + +@showfuncA{gnutls_x509_crt_get_authority_info_access} + +There are several functions in GnuTLS for creating and manipulating +OCSP requests and responses. The general idea is that a client +application creates an OCSP request object, stores some information +about the certificate to check in the request, and then exports the +request in DER format. The request will then need to be sent to the +OCSP responder, which needs to be done by the application (GnuTLS does +not send and receive OCSP packets). Normally an OCSP response is +received that the application will need to import into an OCSP +response object. The digital signature in the OCSP response needs to +be verified against a set of trust anchors before the information in +the response can be trusted. + +The ASN.1 structure of OCSP requests are briefly as follows. It is +useful to review the structures to get an understanding of which +fields are modified by GnuTLS functions. + +@example +OCSPRequest ::= SEQUENCE @{ + tbsRequest TBSRequest, + optionalSignature [0] EXPLICIT Signature OPTIONAL @} + +TBSRequest ::= SEQUENCE @{ + version [0] EXPLICIT Version DEFAULT v1, + requestorName [1] EXPLICIT GeneralName OPTIONAL, + requestList SEQUENCE OF Request, + requestExtensions [2] EXPLICIT Extensions OPTIONAL @} + +Request ::= SEQUENCE @{ + reqCert CertID, + singleRequestExtensions [0] EXPLICIT Extensions OPTIONAL @} + +CertID ::= SEQUENCE @{ + hashAlgorithm AlgorithmIdentifier, + issuerNameHash OCTET STRING, -- Hash of Issuer's DN + issuerKeyHash OCTET STRING, -- Hash of Issuers public key + serialNumber CertificateSerialNumber @} +@end example + +The basic functions to initialize, import, export and deallocate OCSP +requests are the following. + +@showfuncE{gnutls_ocsp_req_init,gnutls_ocsp_req_deinit,gnutls_ocsp_req_import,gnutls_ocsp_req_export,gnutls_ocsp_req_print} + +To generate an OCSP request the issuer name hash, issuer key hash, and +the checked certificate's serial number are required. There are two +interfaces available for setting those in an OCSP request. +The is a low-level function when you have the +issuer name hash, issuer key hash, and certificate serial number in +binary form. The second is more useful if you have the +certificate (and its issuer) in a @code{gnutls_x509_crt_t} type. +There is also a function to extract this information from existing an OCSP +request. + +@showfuncC{gnutls_ocsp_req_add_cert_id,gnutls_ocsp_req_add_cert,gnutls_ocsp_req_get_cert_id} + +Each OCSP request may contain a number of extensions. Extensions are +identified by an Object Identifier (OID) and an opaque data buffer +whose syntax and semantics is implied by the OID. You can extract or +set those extensions using the following functions. + +@showfuncB{gnutls_ocsp_req_get_extension,gnutls_ocsp_req_set_extension} + +A common OCSP Request extension is the nonce extension (OID +1.3.6.1.5.5.7.48.1.2), which is used to avoid replay attacks of +earlier recorded OCSP responses. The nonce extension carries a value +that is intended to be sufficiently random and unique so that an +attacker will not be able to give a stale response for the same nonce. + +@showfuncC{gnutls_ocsp_req_get_nonce,gnutls_ocsp_req_set_nonce,gnutls_ocsp_req_randomize_nonce} + +The OCSP response structures is a complex structure. A simplified overview +of it is in @ref{tab:ocsp-response}. Note that a response may contain +information on multiple certificates. + +@float Table,tab:ocsp-response +@multitable @columnfractions .2 .7 + +@headitem Field @tab Description + +@item version @tab +The OCSP response version number (typically 1). + +@item responder ID @tab +An identifier of the responder (DN name or a hash of its key). + +@item issue time @tab +The time the response was generated. + +@item thisUpdate @tab +The issuing time of the revocation information. + +@item nextUpdate @tab +The issuing time of the revocation information that will update that one. + +@item @tab Revoked certificates + +@item certificate status @tab +The status of the certificate. + +@item certificate serial @tab +The certificate's serial number. + +@item revocationTime @tab +The time the certificate was revoked. + +@item revocationReason @tab +The reason the certificate was revoked. + +@end multitable +@caption{The most important OCSP response fields.} +@end float + + +We provide basic functions for initialization, importing, exporting +and deallocating OCSP responses. + +@showfuncE{gnutls_ocsp_resp_init,gnutls_ocsp_resp_deinit,gnutls_ocsp_resp_import,gnutls_ocsp_resp_export,gnutls_ocsp_resp_print} + +The utility function that extracts the revocation as well as other information +from a response is shown below. + +@showfuncdesc{gnutls_ocsp_resp_get_single} + +The possible revocation reasons available in an OCSP response are shown +below. + +@showenumdesc{gnutls_x509_crl_reason_t,The revocation reasons} + +Note, that the OCSP response needs to be verified against some set of trust +anchors before it can be relied upon. It is also important to check +whether the received OCSP response corresponds to the certificate being checked. + +@showfuncC{gnutls_ocsp_resp_verify,gnutls_ocsp_resp_verify_direct,gnutls_ocsp_resp_check_crt} + +@node OCSP stapling +@subsection OCSP stapling +@cindex certificate status +@cindex Online Certificate Status Protocol +@cindex OCSP stapling + +To avoid applications contacting the OCSP server directly, TLS servers +can provide a "stapled" OCSP response in the TLS handshake. That way +the client application needs to do nothing more. GnuTLS will automatically +consider the stapled OCSP response during the TLS certificate verification +(see @funcref{gnutls_certificate_verify_peers2}). To disable the automatic +OCSP verification the flag @code{GNUTLS_VERIFY_DISABLE_CRL_CHECKS} should be +specified to @funcref{gnutls_certificate_set_verify_flags}. + +Since GnuTLS 3.5.1 the client certificate verification will consider the @xcite{RFC7633} +OCSP-Must-staple certificate extension, and will consider it while checking for stapled +OCSP responses. If the extension is present and no OCSP staple is found, the certificate +verification will fail and the status code @code{GNUTLS_CERT_MISSING_OCSP_STATUS} will +returned from the verification function. + +Under TLS 1.2 only one stapled response can be sent by a server, the OCSP +response associated with the end-certificate. Under TLS 1.3 a server can +send multiple OCSP responses, typically one for each certificate in the +certificate chain. The following functions can be used by a client +application to retrieve the OCSP responses as sent by the server. + +@showfuncB{gnutls_ocsp_status_request_get,gnutls_ocsp_status_request_get2} + +GnuTLS servers can provide OCSP responses to their clients using the following functions. + +@showfuncC{gnutls_certificate_set_retrieve_function3,gnutls_certificate_set_ocsp_status_request_file2,gnutls_ocsp_status_request_is_checked} + +A server is expected to provide the relevant certificate's OCSP responses using +@funcref{gnutls_certificate_set_ocsp_status_request_file2}, and ensure a +periodic reload/renew of the credentials. An estimation of the OCSP responses +expiration can be obtained using the @funcref{gnutls_certificate_get_ocsp_expiration} function. + +@showfuncdesc{gnutls_certificate_get_ocsp_expiration} + +Prior to GnuTLS 3.6.4, the functions +@funcref{gnutls_certificate_set_ocsp_status_request_function2} +@funcref{gnutls_certificate_set_ocsp_status_request_file} were provided +to set OCSP responses. These functions are still functional, but cannot be used +to set multiple OCSP responses as allowed by TLS1.3. + +The responses can be updated periodically using the 'ocsptool' command +(see also @ref{ocsptool Invocation}). + +@example +ocsptool --ask --load-cert server_cert.pem --load-issuer the_issuer.pem + --load-signer the_issuer.pem --outfile ocsp.resp +@end example + +In order to allow multiple OCSP responses to be concatenated, GnuTLS +supports PEM-encoded OCSP responses. These can be generated using +'ocsptool' with the '--no-outder' parameter. + + +@node Managing encrypted keys +@subsection Managing encrypted keys +@cindex Encrypted keys + +Transferring or storing private keys in plain may not be a +good idea, since any compromise is irreparable. +Storing the keys in hardware security modules (see @ref{Smart cards and HSMs}) +could solve the storage problem but it is not always practical +or efficient enough. This section describes ways to store and +transfer encrypted private keys. + +There are methods for key encryption, namely the +PKCS #8, PKCS #12 and OpenSSL's custom encrypted private key formats. +The PKCS #8 and the OpenSSL's method allow encryption of the private key, +while the PKCS #12 method allows, in addition, the bundling of accompanying +data into the structure. That is typically the corresponding certificate, as +well as a trusted CA certificate. + +@subsubheading High level functionality +Generic and higher level private key import functions are available, that +import plain or encrypted keys and will auto-detect the encrypted key format. + +@showfuncdesc{gnutls_privkey_import_x509_raw} + +@showfuncdesc{gnutls_x509_privkey_import2} + +Any keys imported using those functions can be imported to a certificate +credentials structure using @funcref{gnutls_certificate_set_key}, or alternatively +they can be directly imported using @funcref{gnutls_certificate_set_x509_key_file2}. + +@subsubheading @acronym{PKCS} #8 structures +@cindex PKCS #8 + +PKCS #8 keys can be imported and exported as normal private keys using +the functions below. An addition to the normal import functions, are +a password and a flags argument. The flags can be any element of the @code{gnutls_pkcs_encrypt_flags_t} +enumeration. Note however, that GnuTLS only supports the PKCS #5 PBES2 +encryption scheme. Keys encrypted with the obsolete PBES1 scheme cannot +be decrypted. + +@showfuncC{gnutls_x509_privkey_import_pkcs8,gnutls_x509_privkey_export_pkcs8,gnutls_x509_privkey_export2_pkcs8} + +@showenumdesc{gnutls_pkcs_encrypt_flags_t,Encryption flags} + +@subsubheading @acronym{PKCS} #12 structures +@cindex PKCS #12 + +A @acronym{PKCS} #12 structure @xcite{PKCS12} usually contains a user's +private keys and certificates. It is commonly used in browsers to +export and import the user's identities. A file containing such a key can +be directly imported to a certificate credentials structure by using +@funcref{gnutls_certificate_set_x509_simple_pkcs12_file}. + +In @acronym{GnuTLS} the @acronym{PKCS} #12 structures are handled +using the @code{gnutls_pkcs12_t} type. This is an abstract type that +may hold several @code{gnutls_pkcs12_bag_t} types. The bag types are +the holders of the actual data, which may be certificates, private +keys or encrypted data. A bag of type encrypted should be decrypted +in order for its data to be accessed. + +To reduce the complexity in parsing the structures the simple +helper function @funcref{gnutls_pkcs12_simple_parse} is provided. For more +advanced uses, manual parsing of the structure is required using the +functions below. + +@showfuncD{gnutls_pkcs12_get_bag,gnutls_pkcs12_verify_mac,gnutls_pkcs12_bag_decrypt,gnutls_pkcs12_bag_get_count} + +@showfuncdesc{gnutls_pkcs12_simple_parse} +@showfuncC{gnutls_pkcs12_bag_get_data,gnutls_pkcs12_bag_get_key_id,gnutls_pkcs12_bag_get_friendly_name} + +The functions below are used to generate a PKCS #12 structure. An example +of their usage is shown at @ref{PKCS12 structure generation example}. + +@showfuncC{gnutls_pkcs12_set_bag,gnutls_pkcs12_bag_encrypt,gnutls_pkcs12_generate_mac} +@showfuncE{gnutls_pkcs12_bag_set_data,gnutls_pkcs12_bag_set_crl,gnutls_pkcs12_bag_set_crt,gnutls_pkcs12_bag_set_key_id,gnutls_pkcs12_bag_set_friendly_name} + +@subsubheading OpenSSL encrypted keys +@cindex OpenSSL encrypted keys +Unfortunately the structures discussed in the previous sections are +not the only structures that may hold an encrypted private key. For example +the OpenSSL library offers a custom key encryption method. Those structures +are also supported in GnuTLS with @funcref{gnutls_x509_privkey_import_openssl}. + +@showfuncdesc{gnutls_x509_privkey_import_openssl} + +@include invoke-certtool.texi + +@include invoke-ocsptool.texi + +@include invoke-danetool.texi diff --git a/doc/cha-ciphersuites.texi b/doc/cha-ciphersuites.texi new file mode 100644 index 0000000..24288f8 --- /dev/null +++ b/doc/cha-ciphersuites.texi @@ -0,0 +1,7 @@ +@node Supported ciphersuites +@appendix Supported Ciphersuites +@anchor{ciphersuites} +@cindex ciphersuites + +@include algorithms.texi + diff --git a/doc/cha-copying.texi b/doc/cha-copying.texi new file mode 100644 index 0000000..7d29cc4 --- /dev/null +++ b/doc/cha-copying.texi @@ -0,0 +1,8 @@ +@node Copying Information +@appendix Copying Information +@cindex FDL, GNU Free Documentation License + +@heading GNU Free Documentation License + +@include fdl-1.3.texi + diff --git a/doc/cha-crypto.texi b/doc/cha-crypto.texi new file mode 100644 index 0000000..fb01b2c --- /dev/null +++ b/doc/cha-crypto.texi @@ -0,0 +1,189 @@ +@node Using GnuTLS as a cryptographic library +@chapter Using GnuTLS as a cryptographic library + +@acronym{GnuTLS} is not a low-level cryptographic library, i.e., +it does not provide access to basic cryptographic primitives. However +it abstracts the internal cryptographic back-end (see @ref{Cryptographic Backend}), +providing symmetric crypto, hash and HMAC algorithms, as well access +to the random number generation. For a low-level crypto API the usage of nettle +@footnote{See @uref{https://www.lysator.liu.se/~nisse/nettle/}.} library is recommended. + +@menu +* Symmetric algorithms:: +* Public key algorithms:: +* Cryptographic Message Syntax / PKCS7:: +* Hash and MAC functions:: +* Random number generation:: +* Overriding algorithms:: +@end menu + +@node Symmetric algorithms +@section Symmetric algorithms +@cindex symmetric algorithms +@cindex symmetric cryptography + +The available functions to access symmetric crypto algorithms operations +are listed in the sections below. The supported algorithms are the algorithms required by the TLS protocol. +They are listed in @ref{gnutls_cipher_algorithm_t}. Note that there two +types of ciphers, the ones providing an authenticated-encryption with +associated data (AEAD), and the legacy ciphers which provide raw access +to the ciphers. We recommend the use of the AEAD APIs for new applications +as it is designed to minimize misuse of cryptography. + +@showenumdesc{gnutls_cipher_algorithm_t,The supported ciphers.} + +@subheading Authenticated-encryption API + +The AEAD API provides access to all ciphers supported by GnuTLS which support +authenticated encryption with associated data. That is particularly suitable +for message or packet-encryption as it provides authentication and +encryption on the same API. See @code{RFC5116} for more information on +authenticated encryption. + +@showfuncD{gnutls_aead_cipher_init,gnutls_aead_cipher_encrypt,gnutls_aead_cipher_decrypt,gnutls_aead_cipher_deinit} + +Because the encryption function above may be difficult to use with +scattered data, we provide the following API. + +@showfuncdesc{gnutls_aead_cipher_encryptv} + +@subheading Legacy API + +The legacy API provides low-level access to all legacy ciphers supported by GnuTLS, +and some of the AEAD ciphers (e.g., AES-GCM and CHACHA20). The restrictions +of the nettle library implementation of the ciphers apply verbatim to this +API@footnote{See the nettle manual @url{https://www.lysator.liu.se/~nisse/nettle/nettle.html}}. + +@showfuncE{gnutls_cipher_init,gnutls_cipher_encrypt2,gnutls_cipher_decrypt2,gnutls_cipher_set_iv,gnutls_cipher_deinit} + +@showfuncB{gnutls_cipher_add_auth,gnutls_cipher_tag} +While the latter two functions allow the same API can be used with authenticated encryption ciphers, +it is recommended to use the following functions which are solely for AEAD ciphers. The latter +API is designed to be simple to use and also hard to misuse, by handling the tag verification +and addition in transparent way. + +@node Public key algorithms +@section Public key algorithms +@cindex public key algorithms + +Public key cryptography algorithms such as RSA, DSA and ECDSA, are +accessed using the abstract key API in @ref{Abstract key types}. This +is a high level API with the advantage of transparently handling keys +stored in memory and keys present in smart cards. + +@showfuncF{gnutls_privkey_init,gnutls_privkey_import_url,gnutls_privkey_import_x509_raw,gnutls_privkey_sign_data,gnutls_privkey_sign_hash,gnutls_privkey_deinit} + +@showfuncF{gnutls_pubkey_init,gnutls_pubkey_import_url,gnutls_pubkey_import_x509,gnutls_pubkey_verify_data2,gnutls_pubkey_verify_hash2,gnutls_pubkey_deinit} + +Keys stored in memory can be imported using functions like +@funcref{gnutls_privkey_import_x509_raw}, while keys on smart cards or HSMs +should be imported using their PKCS#11 URL with +@funcref{gnutls_privkey_import_url}. + +If any of the smart card operations require PIN, that should be provided +either by setting the global PIN function +(@funcref{gnutls_pkcs11_set_pin_function}), or better with the targeted to +structures functions such as @funcref{gnutls_privkey_set_pin_function}. + + +@subsection Key generation + +All supported key types (including RSA, DSA, ECDSA, Ed25519) can be generated +with GnuTLS. They can be generated with the simpler @funcref{gnutls_privkey_generate} +or with the more advanced @funcref{gnutls_privkey_generate2}. + +@showfuncdesc{gnutls_privkey_generate2} + +@node Cryptographic Message Syntax / PKCS7 +@section Cryptographic Message Syntax / PKCS7 +@cindex public key algorithms +@cindex cryptographic message syntax +@cindex file signing +@cindex CMS +@cindex PKCS #7 + +The CMS or PKCS #7 format is a commonly used format for digital signatures. +PKCS #7 is the name of the original standard when published by RSA, though +today the standard is adopted by IETF under the name CMS. + +The standards include multiple ways of signing a digital document, e.g., +by embedding the data into the signature, or creating detached signatures of the data, +including a timestamp, additional certificates etc. In certain cases the +same format is also used to transport lists of certificates and CRLs. + +It is a relatively popular standard to sign structures, and is being used to +sign in PDF files, as well as for signing kernel modules and other +structures. + +In GnuTLS, the basic functions to initialize, deinitialize, import, export or print information +about a PKCS #7 structure are listed below. +@showfuncE{gnutls_pkcs7_init,gnutls_pkcs7_deinit,gnutls_pkcs7_export2,gnutls_pkcs7_import,gnutls_pkcs7_print} + +The following functions allow the verification of a structure using either a trust list, or +individual certificates. The @funcref{gnutls_pkcs7_sign} function is the data signing function. + +@showfuncB{gnutls_pkcs7_verify_direct,gnutls_pkcs7_verify} + +@showfuncdesc{gnutls_pkcs7_sign} + +@showenumdesc{gnutls_pkcs7_sign_flags,Flags applicable to gnutls_pkcs7_sign()} + +Other helper functions which allow to access the signatures, or certificates attached +in the structure are listed below. + +@showfuncF{gnutls_pkcs7_get_signature_count,gnutls_pkcs7_get_signature_info,gnutls_pkcs7_get_crt_count,gnutls_pkcs7_get_crt_raw2,gnutls_pkcs7_get_crl_count,gnutls_pkcs7_get_crl_raw2} + +To append certificates, or CRLs in the structure the following functions are provided. +@showfuncD{gnutls_pkcs7_set_crt_raw,gnutls_pkcs7_set_crt,gnutls_pkcs7_set_crl_raw,gnutls_pkcs7_set_crl} + +@node Hash and MAC functions +@section Hash and MAC functions +@cindex hash functions +@cindex HMAC functions +@cindex MAC functions + +The available operations to access hash functions and hash-MAC (HMAC) algorithms +are shown below. HMAC algorithms provided keyed hash functionality. The supported MAC and HMAC +algorithms are listed in @ref{gnutls_mac_algorithm_t}. Note that, despite the @code{hmac} part +in the name of the MAC functions listed below, they can be used either for HMAC or MAC operations. + +@showenumdesc{gnutls_mac_algorithm_t,The supported MAC and HMAC algorithms.} + +@showfuncF{gnutls_hmac_init,gnutls_hmac,gnutls_hmac_output,gnutls_hmac_deinit,gnutls_hmac_get_len,gnutls_hmac_fast} + +The available functions to access hash functions are shown below. The supported hash functions +are shown in @ref{gnutls_digest_algorithm_t}. + +@showfuncF{gnutls_hash_init,gnutls_hash,gnutls_hash_output,gnutls_hash_deinit,gnutls_hash_get_len,gnutls_hash_fast} +@showfuncA{gnutls_fingerprint} + +@showenumdesc{gnutls_digest_algorithm_t,The supported hash algorithms.} + +@node Random number generation +@section Random number generation +@cindex random numbers + +Access to the random number generator is provided using the @funcref{gnutls_rnd} +function. It allows obtaining random data of various levels. + +@showenumdesc{gnutls_rnd_level_t,The random number levels.} +@showfuncdesc{gnutls_rnd} + +See @ref{Random Number Generators-internals} for more information +on the random number generator operation. + +@node Overriding algorithms +@section Overriding algorithms +@cindex overriding algorithms + +In systems which provide a hardware accelerated cipher implementation +that is not directly supported by GnuTLS, it is possible to utilize it. +There are functions which allow overriding the default cipher, digest and MAC +implementations. Those are described below. + +To override public key operations see @ref{Abstract private keys}. + +@showfuncdesc{gnutls_crypto_register_cipher} +@showfuncdesc{gnutls_crypto_register_aead_cipher} +@showfuncdesc{gnutls_crypto_register_mac} +@showfuncdesc{gnutls_crypto_register_digest} diff --git a/doc/cha-errors.texi b/doc/cha-errors.texi new file mode 100644 index 0000000..1154c01 --- /dev/null +++ b/doc/cha-errors.texi @@ -0,0 +1,11 @@ +@node Error codes +@appendix Error Codes and Descriptions +@cindex error codes + +The error codes used throughout the library are described below. The +return code @code{GNUTLS_E_SUCCESS} indicates a successful operation, and +is guaranteed to have the value 0, so you can use it in logical +expressions. + +@include error_codes.texi + diff --git a/doc/cha-functions.texi b/doc/cha-functions.texi new file mode 100644 index 0000000..29e8d3a --- /dev/null +++ b/doc/cha-functions.texi @@ -0,0 +1,129 @@ +@node API reference +@appendix API reference +@cindex API reference + +@menu +* Core TLS API:: +* Datagram TLS API:: +* X509 certificate API:: +* PKCS 7 API:: +* OCSP API:: +* PKCS 12 API:: +* PKCS 11 API:: +* TPM API:: +* Abstract key API:: +* Socket specific API:: +* DANE API:: +* Cryptographic API:: +* Compatibility API:: +@end menu + +@node Core TLS API +@section Core TLS API + +The prototypes for the following functions lie in +@file{gnutls/gnutls.h}. + +@include gnutls-api.texi + +@node Datagram TLS API +@section Datagram TLS API + +The prototypes for the following functions lie in +@file{gnutls/dtls.h}. + +@include dtls-api.texi + +@node X509 certificate API +@section @acronym{X.509} certificate API +@cindex X.509 Functions + +The following functions are to be used for @acronym{X.509} certificate handling. +Their prototypes lie in @file{gnutls/x509.h}. + +@include x509-api.texi + +@node PKCS 7 API +@section @acronym{PKCS} 7 API + +The following functions are to be used for PKCS 7 structures handling. +Their prototypes lie in @file{gnutls/pkcs7.h}. + +@include pkcs7-api.texi + +@node OCSP API +@section @acronym{OCSP} API +@cindex OCSP Functions + +The following functions are for @acronym{OCSP} certificate status +checking. Their prototypes lie in @file{gnutls/ocsp.h}. + +@include ocsp-api.texi + +@node PKCS 12 API +@section PKCS 12 API + +The following functions are to be used for PKCS 12 handling. +Their prototypes lie in @file{gnutls/pkcs12.h}. + +@include pkcs12-api.texi + +@node PKCS 11 API +@section Hardware token via PKCS 11 API + +The following functions are to be used for PKCS 11 handling. +Their prototypes lie in @file{gnutls/pkcs11.h}. + +@include pkcs11-api.texi + +@node TPM API +@section TPM API + +The following functions are to be used for TPM handling. +Their prototypes lie in @file{gnutls/tpm.h}. + +@include tpm-api.texi + +@node Abstract key API +@section Abstract key API + +The following functions are to be used for abstract key handling. +Their prototypes lie in @file{gnutls/abstract.h}. + +@include abstract-api.texi + +@node Socket specific API +@section Socket specific API + +The prototypes for the following functions lie in +@file{gnutls/socket.h}. +@include socket-api.texi + +@node DANE API +@section DANE API + +The following functions are to be used for DANE certificate verification. +Their prototypes lie in @file{gnutls/dane.h}. Note that you need to link +with the @code{libgnutls-dane} library to use them. + +@include dane-api.texi + +@node Cryptographic API +@section Cryptographic API + +The following functions are to be used for low-level cryptographic operations. +Their prototypes lie in @file{gnutls/crypto.h}. + +Note that due to historic reasons several functions, (e.g. +@funcref{gnutls_mac_list}, @funcref{gnutls_mac_get_name}) of this API are part +of the @ref{Core TLS API}. + +@include crypto-api.texi + +@node Compatibility API +@section Compatibility API + +The following functions are carried over from old GnuTLS released. They might be removed at a later version. +Their prototypes lie in @file{gnutls/compat.h}. + +@include compat-api.texi diff --git a/doc/cha-gtls-app.texi b/doc/cha-gtls-app.texi new file mode 100644 index 0000000..e08cbb2 --- /dev/null +++ b/doc/cha-gtls-app.texi @@ -0,0 +1,2261 @@ +@node How to use GnuTLS in applications +@chapter How to use @acronym{GnuTLS} in applications + +@menu +* Introduction to the library:: +* Preparation:: +* Session initialization:: +* Associating the credentials:: +* Setting up the transport layer:: +* TLS handshake:: +* Data transfer and termination:: +* Buffered data transfer:: +* Handling alerts:: +* Priority Strings:: +* Selecting cryptographic key sizes:: +* Advanced topics:: +@end menu + +@node Introduction to the library +@section Introduction + +This chapter tries to explain the basic functionality of the current GnuTLS +library. Note that there may be additional functionality not discussed here +but included in the library. Checking the header files in @file{/usr/include/gnutls/} +and the manpages is recommended. + +@menu +* General idea:: +* Error handling:: +* Common types:: +* Debugging and auditing:: +* Thread safety:: +* Running in a sandbox:: +* Sessions and fork:: +* Callback functions:: +@end menu + +@node General idea +@subsection General idea + +A brief description of how @acronym{GnuTLS} sessions operate is shown +at @ref{fig-gnutls-design}. This section will become more clear when it +is completely read. +As shown in the figure, there is a read-only global state that is +initialized once by the global initialization function. This global +structure, among others, contains the memory allocation functions +used, structures needed for the @acronym{ASN.1} parser and depending +on the system's CPU, pointers to hardware accelerated encryption functions. This +structure is never modified by any @acronym{GnuTLS} function, except +for the deinitialization function which frees all allocated memory +and must be called after the program has permanently +finished using @acronym{GnuTLS}. + +@float Figure,fig-gnutls-design +@image{gnutls-internals,12cm} +@caption{High level design of GnuTLS.} +@end float + +The credentials structures are used by the authentication methods, such +as certificate authentication. They store certificates, privates keys, +and other information that is needed to prove the identity to the peer, +and/or verify the identity of the peer. The information stored in +the credentials structures is initialized once and then can be +shared by many @acronym{TLS} sessions. + +A @acronym{GnuTLS} session contains all the required state and +information to handle one secure connection. The session communicates with the +peers using the provided functions of the transport layer. +Every session has a unique session ID shared with the peer. + +Since TLS sessions can be resumed, servers need a +database back-end to hold the session's parameters. Every +@acronym{GnuTLS} session after a successful handshake calls the +appropriate back-end function (see @ref{resume}) +to store the newly negotiated session. The session +database is examined by the server just after having received the +client hello@footnote{The first message in a @acronym{TLS} handshake}, +and if the session ID sent by the client, matches a stored session, +the stored session will be retrieved, and the new session will be a +resumed one, and will share the same session ID with the previous one. + +@node Error handling +@subsection Error handling + +There two types of @acronym{GnuTLS} functions. The first type returns +a boolean value, true (non-zero) or false (zero) value; these functions +are defined to return an unsigned integer type. The other type returns a +signed integer type with zero (or a positive number) indicating +success and a negative value indicating failure. For the latter +type it is recommended to check for errors as following. +@example + ret = gnutls_function(); + if (ret < 0) @{ + return -1; + @} +@end example +The above example checks for a failure condition rather than +for explicit success (e.g., equality to zero). That has the advantage +that future extensions of the API can be extended to provide +additional information via positive returned values (see for example +@funcref{gnutls_certificate_set_x509_key_file}). + +For certain operations such as TLS handshake and TLS packet receive +there is the notion of fatal and non-fatal error codes. +Fatal errors terminate the TLS session immediately and further sends +and receives will be disallowed. Such an example is +@code{GNUTLS_@-E_@-DECRYPTION_@-FAILED}. Non-fatal errors may warn about +something, i.e., a warning alert was received, or indicate the some +action has to be taken. This is the case with the error code +@code{GNUTLS_@-E_@-REHANDSHAKE} returned by @funcref{gnutls_record_recv}. +This error code indicates that the server requests a re-handshake. The +client may ignore this request, or may reply with an alert. You can +test if an error code is a fatal one by using the +@funcref{gnutls_error_is_fatal}. +All errors can be converted to a descriptive string using @funcref{gnutls_strerror}. + +If any non fatal errors, that require an action, are to be returned by +a function, these error codes will be documented in the function's +reference. For example the error codes @code{GNUTLS_@-E_@-WARNING_@-ALERT_@-RECEIVED} and @code{GNUTLS_@-E_@-FATAL_@-ALERT_@-RECEIVED} +that may returned when receiving data, should be handled by notifying the +user of the alert (as explained in @ref{Handling alerts}). +See @ref{Error codes}, for a description of the available error codes. + +@node Common types +@subsection Common types +@cindex gnutls_datum_t +@cindex giovec_t + +All strings that are to provided as input to @acronym{GnuTLS} functions +should be in UTF-8 unless otherwise specified. Output strings are also +in UTF-8 format unless otherwise specified. When functions take as input +passwords, they will normalize them using @xcite{RFC7613} rules (since +GnuTLS 3.5.7). + +When data of a fixed size are provided to @acronym{GnuTLS} functions then +the helper structure @code{gnutls_datum_t} is often used. Its definition is +shown below. +@verbatim + typedef struct + { + unsigned char *data; + unsigned int size; + } gnutls_datum_t; +@end verbatim + +In functions where this structure is a returned type, if the function succeeds, +it is expected from the caller to use @code{gnutls_free()} to deinitialize the +data element after use, unless otherwise specified. If the function fails, the +contents of the @code{gnutls_datum_t} should be considered undefined and must +not be deinitialized. + +Other functions that require data for scattered read use a structure similar +to @code{struct iovec} typically used by @funcintref{readv}. It is shown +below. +@verbatim + typedef struct + { + void *iov_base; /* Starting address */ + size_t iov_len; /* Number of bytes to transfer */ + } giovec_t; +@end verbatim + + +@node Debugging and auditing +@subsection Debugging and auditing + +In many cases things may not go as expected and further information, +to assist debugging, from @acronym{GnuTLS} is desired. +Those are the cases where the @funcref{gnutls_global_set_log_level} and +@funcref{gnutls_global_set_log_function} are to be used. Those will print +verbose information on the @acronym{GnuTLS} functions internal flow. + +@showfuncB{gnutls_global_set_log_level,gnutls_global_set_log_function} + +Alternatively the environment variable @code{GNUTLS_DEBUG_LEVEL} can be +set to a logging level and GnuTLS will output debugging output to standard +error. Other available environment variables are shown in @ref{tab:environment}. + +@float Table,tab:environment +@multitable @columnfractions .30 .70 + +@headitem Variable @tab Purpose + +@item @code{GNUTLS_DEBUG_LEVEL} +@tab When set to a numeric value, it sets the default debugging level for GnuTLS applications. + +@item @code{SSLKEYLOGFILE} +@tab When set to a filename, GnuTLS will append to it the session keys in the NSS Key Log +format. That format can be read by wireshark and will allow decryption of the session for debugging. + +@item @code{GNUTLS_CPUID_OVERRIDE} +@tab That environment variable can be used to +explicitly enable/disable the use of certain CPU capabilities. Note that CPU +detection cannot be overridden, i.e., VIA options cannot be enabled on an Intel +CPU. The currently available options are: +@itemize +@item 0x1: Disable all run-time detected optimizations +@item 0x2: Enable AES-NI +@item 0x4: Enable SSSE3 +@item 0x8: Enable PCLMUL +@item 0x10: Enable AVX +@item 0x100000: Enable VIA padlock +@item 0x200000: Enable VIA PHE +@item 0x400000: Enable VIA PHE SHA512 +@end itemize + +@item @code{GNUTLS_FORCE_FIPS_MODE} +@tab In setups where GnuTLS is compiled with support for FIPS140-2 (see @ref{FIPS140-2 mode}) +if set to one it will force the FIPS mode enablement. + +@end multitable +@caption{Environment variables used by the library.} +@end float + + +When debugging is not required, important issues, such as detected +attacks on the protocol still need to be logged. This is provided +by the logging function set by +@funcref{gnutls_global_set_audit_log_function}. The provided function +will receive an message and the corresponding +TLS session. The session information might be used to derive IP addresses +or other information about the peer involved. + +@showfuncdesc{gnutls_global_set_audit_log_function} + +@node Thread safety +@subsection Thread safety +@cindex thread safety + +The @acronym{GnuTLS} library is thread safe by design, meaning that +objects of the library such as TLS sessions, can be safely divided across +threads as long as a single thread accesses a single object. This is +sufficient to support a server which handles several sessions per thread. +Read-only access to objects, for example the credentials holding structures, +is also thread-safe. + +A @code{gnutls_session_t} object could also be shared by two threads, one sending, +the other receiving. However, care must be taken on the following use cases: +@itemize +@item The re-handshake process in TLS 1.2 or earlier must be handled only in +a single thread and no other thread may be performing any operation. +@item The flag @code{GNUTLS_AUTO_REAUTH} cannot be used safely in this mode of operation. +@item Any other operation which may send or receive data, like key update (c.f., +@funcref{gnutls_session_key_update}), must not be performed while threads +are receiving or writing. +@item The termination of a session should be handled, either by a single thread being +active, or by the sender thread using @funcref{gnutls_bye} with @code{GNUTLS_SHUT_WR} +and the receiving thread waiting for a return value of zero (or timeout on +certain servers which do not respond). +@item The functions @funcref{gnutls_transport_set_errno} and @funcref{gnutls_record_get_direction} +should not be relied during parallel operation. +@end itemize + +For several aspects of the library (e.g., the random generator, PKCS#11 +operations), the library may utilize mutex locks (e.g., pthreads on GNU/Linux and CriticalSection on Windows) +which are transparently setup on library initialization. Prior to version 3.3.0 +these were setup by explicitly calling @funcref{gnutls_global_init}.@footnote{On special systems +you could manually specify the locking system using +the function @funcref{gnutls_global_set_mutex} before calling any other +GnuTLS function. Setting mutexes manually is not recommended.} + +Note that, on Glibc systems, unless the application is explicitly linked +with the libpthread library, no mutex locks are used and setup by GnuTLS. It +will use the Glibc mutex stubs. + +@node Running in a sandbox +@subsection Running in a sandbox +@cindex seccomp +@cindex isolated mode + +Given that TLS protocol handling as well as X.509 certificate +parsing are complicated processes involving several thousands lines of code, +it is often desirable (and recommended) to run the TLS session handling in +a sandbox like seccomp. That has to be allowed by the overall software design, +but if available, it adds an additional layer of protection by +preventing parsing errors from becoming vessels for further security issues such +as code execution. + +GnuTLS requires the following system calls to be available for its proper +operation. + +@itemize +@item nanosleep +@item time +@item gettimeofday +@item clock_gettime +@item getrusage +@item getpid +@item send +@item recv +@item sendmsg +@item read (to read from /dev/urandom) +@item getrandom (this is Linux-kernel specific) +@item poll +@end itemize + +As well as any calls needed for memory allocation to work. Note however, that GnuTLS +depends on libc for the system calls, and there is no guarantee that libc will +call the expected system call. For that it is recommended to test your +program in all the targeted platforms when filters like seccomp are in place. + +An example with a seccomp filter from GnuTLS' test suite is at: +@url{https://gitlab.com/gnutls/gnutls/blob/master/tests/seccomp.c}. + +@node Sessions and fork +@subsection Sessions and fork +@cindex fork + +A @code{gnutls_session_t} object can be shared by two processes after a fork, +one sending, the other receiving. In that case rehandshakes, +cannot and must not be performed. As with threads, the termination of a session should be +handled by the sender process using @funcref{gnutls_bye} with @code{GNUTLS_SHUT_WR} +and the receiving process waiting for a return value of zero. + + +@node Callback functions +@subsection Callback functions +@cindex callback functions + +There are several cases where @acronym{GnuTLS} may need out of +band input from your program. This is now implemented using some +callback functions, which your program is expected to register. + +An example of this type of functions are the push and pull callbacks +which are used to specify the functions that will retrieve and send +data to the transport layer. + +@showfuncB{gnutls_transport_set_push_function,gnutls_transport_set_pull_function} + +Other callback functions may require more complicated input and data +to be allocated. Such an example is +@funcref{gnutls_srp_set_server_credentials_function}. +All callbacks should allocate and free memory using +@funcintref{gnutls_malloc} and @funcintref{gnutls_free}. + + +@node Preparation +@section Preparation + +To use @acronym{GnuTLS}, you have to perform some changes to your +sources and your build system. The necessary changes are explained in +the following subsections. + +@menu +* Headers:: +* Initialization:: +* Version check:: +* Building the source:: +@end menu + +@node Headers +@subsection Headers + +All the data types and functions of the @acronym{GnuTLS} library are +defined in the header file @file{gnutls/gnutls.h}. This must be +included in all programs that make use of the @acronym{GnuTLS} +library. + +@node Initialization +@subsection Initialization + +The GnuTLS library is initialized on load; prior to 3.3.0 was initialized by calling @funcref{gnutls_global_init}@footnote{ +The original behavior of requiring explicit initialization can obtained by setting the +GNUTLS_NO_EXPLICIT_INIT environment variable to 1, or by using the macro GNUTLS_SKIP_GLOBAL_INIT +in a global section of your program --the latter works in systems with +support for weak symbols only.}. +The initialization typically enables CPU-specific acceleration, performs any required +precalculations needed, opens any required system devices (e.g., /dev/urandom on Linux) +and initializes subsystems that could be used later. + +The resources allocated by the initialization process will be released +on library deinitialization. + +Note that on certain systems file descriptors may be kept open by +GnuTLS (e.g. /dev/urandom) on library load. Applications closing all unknown file +descriptors must immediately call @funcref{gnutls_global_init}, after that, to +ensure they don't disrupt GnuTLS' operation. + +@c In order to take advantage of the internationalization features in +@c GnuTLS, such as translated error messages, the application must set +@c the current locale using @code{setlocale} before initializing GnuTLS. + +@node Version check +@subsection Version check + +It is often desirable to check that the version of `gnutls' used is +indeed one which fits all requirements. Even with binary +compatibility new features may have been introduced but due to problem +with the dynamic linker an old version is actually used. So you may +want to check that the version is okay right after program start-up. +See the function @funcref{gnutls_check_version}. + +On the other hand, it is often desirable to support more than one +versions of the library. In that case you could utilize compile-time +feature checks using the @code{GNUTLS_VERSION_NUMBER} macro. +For example, to conditionally add code for GnuTLS 3.2.1 or later, you may use: +@example +#if GNUTLS_VERSION_NUMBER >= 0x030201 + ... +#endif +@end example + +@node Building the source +@subsection Building the source + +If you want to compile a source file including the +@file{gnutls/gnutls.h} header file, you must make sure that the +compiler can find it in the directory hierarchy. This is accomplished +by adding the path to the directory in which the header file is +located to the compilers include file search path (via the @option{-I} +option). + +However, the path to the include file is determined at the time the +source is configured. To solve this problem, the library uses the +external package @command{pkg-config} that knows the path to the +include file and other configuration options. The options that need +to be added to the compiler invocation at compile time are output by +the @option{--cflags} option to @command{pkg-config gnutls}. The +following example shows how it can be used at the command line: + +@example +gcc -c foo.c `pkg-config gnutls --cflags` +@end example + +Adding the output of @samp{pkg-config gnutls --cflags} to the +compilers command line will ensure that the compiler can find the +@file{gnutls/gnutls.h} header file. + +A similar problem occurs when linking the program with the library. +Again, the compiler has to find the library files. For this to work, +the path to the library files has to be added to the library search +path (via the @option{-L} option). For this, the option +@option{--libs} to @command{pkg-config gnutls} can be used. For +convenience, this option also outputs all other options that are +required to link the program with the library (for instance, the +@samp{-ltasn1} option). The example shows how to link @file{foo.o} +with the library to a program @command{foo}. + +@example +gcc -o foo foo.o `pkg-config gnutls --libs` +@end example + +Of course you can also combine both examples to a single command by +specifying both options to @command{pkg-config}: + +@example +gcc -o foo foo.c `pkg-config gnutls --cflags --libs` +@end example + +When a program uses the GNU autoconf system, then the following +line or similar can be used to detect the presence of GnuTLS. + +@example +PKG_CHECK_MODULES([LIBGNUTLS], [gnutls >= 3.3.0]) + +AC_SUBST([LIBGNUTLS_CFLAGS]) +AC_SUBST([LIBGNUTLS_LIBS]) +@end example + +@node Session initialization +@section Session initialization + +In the previous sections we have discussed the global initialization +required for GnuTLS as well as the initialization required for each +authentication method's credentials (see @ref{Authentication}). +In this section we elaborate on the TLS or DTLS session initiation. +Each session is initialized using @funcref{gnutls_init} which among +others is used to specify the type of the connection (server or client), +and the underlying protocol type, i.e., datagram (UDP) or reliable (TCP). + +@showfuncdesc{gnutls_init} + +@showenumdesc{gnutls_init_flags_t,The @code{gnutls_init_@-flags_t} enumeration.} + +After the session initialization details on the allowed ciphersuites +and protocol versions should be set using the priority functions +such as @funcref{gnutls_priority_set} and @funcref{gnutls_priority_set_direct}. +We elaborate on them in @ref{Priority Strings}. +The credentials used for the key exchange method, such as certificates +or usernames and passwords should also be associated with the session +current session using @funcref{gnutls_credentials_set}. + +@showfuncdesc{gnutls_credentials_set} + +@node Associating the credentials +@section Associating the credentials + +@menu +* Certificate credentials:: +* Raw public-key credentials:: +* SRP credentials:: +* PSK credentials:: +* Anonymous credentials:: +@end menu + +Each authentication method is associated with a key exchange method, and a credentials type. +The contents of the credentials is method-dependent, e.g. certificates +for certificate authentication and should be initialized and associated +with a session (see @funcref{gnutls_credentials_set}). A mapping of the key exchange methods +with the credential types is shown in @ref{tab:key-exchange-cred}. + +@float Table,tab:key-exchange-cred +@multitable @columnfractions .25 .25 .2 .2 + +@headitem Authentication method @tab Key exchange @tab Client credentials @tab Server credentials + +@item Certificate and Raw public-key +@tab @code{KX_RSA}, +@code{KX_DHE_RSA}, +@code{KX_DHE_DSS}, +@code{KX_ECDHE_RSA}, +@code{KX_ECDHE_ECDSA} +@tab @code{CRD_CERTIFICATE} +@tab @code{CRD_CERTIFICATE} + +@item Password and certificate +@tab @code{KX_SRP_RSA}, @code{KX_SRP_DSS} +@tab @code{CRD_SRP} +@tab @code{CRD_CERTIFICATE}, @code{CRD_SRP} + +@item Password +@tab @code{KX_SRP} +@tab @code{CRD_SRP} +@tab @code{CRD_SRP} + +@item Anonymous +@tab @code{KX_ANON_DH}, +@code{KX_ANON_ECDH} +@tab @code{CRD_ANON} +@tab @code{CRD_ANON} + +@item Pre-shared key +@tab @code{KX_PSK}, +@code{KX_DHE_PSK}, @code{KX_ECDHE_PSK} +@tab @code{CRD_PSK} +@tab @code{CRD_PSK} + +@end multitable +@caption{Key exchange algorithms and the corresponding credential types.} +@end float + +@node Certificate credentials +@subsection Certificates +@subsubheading Server certificate authentication + +When using certificates the server is required to have at least one +certificate and private key pair. Clients may not hold such +a pair, but a server could require it. In this section we discuss +general issues applying to both client and server certificates. The next +section will elaborate on issues arising from client authentication only. + +In order to use certificate credentials one must first initialize a credentials +structure of type @code{gnutls_certificate_credentials_t}. After use this structure must +be freed. This can be done with the following functions. + +@showfuncB{gnutls_certificate_allocate_credentials,gnutls_certificate_free_credentials} + +After the credentials structures are initialized, the certificate +and key pair must be loaded. This occurs before any @acronym{TLS} +session is initialized, and the same structures are reused for multiple sessions. +Depending on the certificate type different loading functions +are available, as shown below. +For @acronym{X.509} certificates, the functions will +accept and use a certificate chain that leads to a trusted +authority. The certificate chain must be ordered in such way that every +certificate certifies the one before it. The trusted authority's +certificate need not to be included since the peer should possess it +already. + +@showfuncC{gnutls_certificate_set_x509_key_file2,gnutls_certificate_set_x509_key_mem2,gnutls_certificate_set_x509_key} + +It is recommended to use the higher level functions such as @funcref{gnutls_certificate_set_x509_key_file2} +which accept not only file names but URLs that specify objects stored in token, +or system certificates and keys (see @ref{Application-specific keys}). For these cases, another important +function is @funcref{gnutls_certificate_set_pin_function}, that +allows setting a callback function to retrieve a PIN if the input keys are +protected by PIN. + +@showfuncdesc{gnutls_certificate_set_pin_function} + +If the imported keys and certificates need to be accessed before any TLS session +is established, it is convenient to use @funcref{gnutls_certificate_set_key} +in combination with @funcref{gnutls_pcert_import_x509_raw} and @funcref{gnutls_privkey_import_x509_raw}. + +@showfuncdesc{gnutls_certificate_set_key} + +If multiple certificates are used with the functions above each +client's request will be served with the certificate that matches the +requested name (see @ref{Server name indication}). + +As an alternative to loading from files or buffers, a callback may be used for the +server or the client to specify the certificate and the key at the handshake time. +In that case a certificate should be selected according the peer's signature +algorithm preferences. To get those preferences use +@funcref{gnutls_sign_algorithm_get_requested}. Both functions are shown below. + +@showfuncD{gnutls_certificate_set_retrieve_function,gnutls_certificate_set_retrieve_function2,gnutls_certificate_set_retrieve_function3,gnutls_sign_algorithm_get_requested} + +The functions above do not handle the requested server name automatically. +A server would need to check the name requested by the client +using @funcref{gnutls_server_name_get}, and serve the appropriate +certificate. Note that some of these functions require the @code{gnutls_pcert_st} structure to be +filled in. Helper functions to fill in the structure are listed below. + +@verbatim +typedef struct gnutls_pcert_st +{ + gnutls_pubkey_t pubkey; + gnutls_datum_t cert; + gnutls_certificate_type_t type; +} gnutls_pcert_st; +@end verbatim + +@showfuncC{gnutls_pcert_import_x509,gnutls_pcert_import_x509_raw,gnutls_pcert_deinit} + +In a handshake, the negotiated cipher suite depends on the +certificate's parameters, so some key exchange methods might not be +available with all certificates. @acronym{GnuTLS} will disable +ciphersuites that are not compatible with the key, or the enabled +authentication methods. For example keys marked as sign-only, will +not be able to access the plain RSA ciphersuites, that require +decryption. It is not recommended to use RSA keys for both +signing and encryption. If possible use a different key for the +@code{DHE-RSA} which uses signing and @code{RSA} that requires decryption. +All the key exchange methods shown in @ref{tab:key-exchange} are +available in certificate authentication. + + +@subsubheading Client certificate authentication + +If a certificate is to be requested from the client during the handshake, the server +will send a certificate request message. This behavior is controlled by @funcref{gnutls_certificate_server_set_request}. +The request contains a list of the by the server accepted certificate signers. This list +is constructed using the trusted certificate authorities of the server. +In cases where the server supports a large number of certificate authorities +it makes sense not to advertise all of the names to save bandwidth. That can +be controlled using the function @funcref{gnutls_certificate_send_x509_rdn_sequence}. +This however will have the side-effect of not restricting the client to certificates +signed by server's acceptable signers. + +@showfuncdesc{gnutls_certificate_server_set_request} + +@showfuncdesc{gnutls_certificate_send_x509_rdn_sequence} + +On the client side, it needs to set its certificates on the credentials +structure, similarly to server side from a file, or via a callback. Once the +certificates are available in the credentials structure, the client will +send them if during the handshake the server requests a certificate signed +by the issuer of its CA. + +In the case a single certificate is available and the server does not +specify a signer's list, then that certificate is always sent. It is, +however possible, to send a certificate even when the advertised CA +list by the server contains CAs other than its signer. That can be achieved +using the @code{GNUTLS_FORCE_CLIENT_CERT} flag in @funcref{gnutls_init}. + +@showfuncC{gnutls_certificate_set_x509_key_file,gnutls_certificate_set_x509_simple_pkcs12_file,gnutls_certificate_set_retrieve_function2} + + +@subsubheading Client or server certificate verification + +Certificate verification is possible by loading the trusted +authorities into the credentials structure by using +the following functions, applicable to X.509 certificates. +In modern systems it is recommended to utilize @funcref{gnutls_certificate_set_x509_system_trust} +which will load the trusted authorities from the system store. + +@showfuncdesc{gnutls_certificate_set_x509_system_trust} +@showfuncB{gnutls_certificate_set_x509_trust_file,gnutls_certificate_set_x509_trust_dir} + +The peer's certificate will be automatically verified if +@funcref{gnutls_session_set_verify_cert} is called prior to handshake. + +Alternatively, one must set a callback function during the handshake +using @funcref{gnutls_certificate_set_verify_function}, which +will verify the peer's certificate once received. The verification +should happen using @funcref{gnutls_certificate_verify_peers3} within +the callback. It will verify the certificate's signature and the owner +of the certificate. That will provide a brief verification output. If a +detailed output is required one should call @funcref{gnutls_certificate_get_peers} +to obtain the raw certificate of the peer and verify it using the +functions discussed in @ref{X.509 certificates}. + +In both the automatic and the manual cases, the verification status returned +can be printed using @funcref{gnutls_certificate_verification_status_print}. + +@showfuncdesc{gnutls_session_set_verify_cert} + +@showfuncB{gnutls_certificate_verify_peers3,gnutls_certificate_set_verify_function} + +Note that when using raw public-keys verification will not work because there is no corresponding +certificate body belonging to the raw key that can be verified. In that case the @funcref{gnutls_certificate_verify_peers} +family of functions will return a GNUTLS_E_INVALID_REQUEST error code. For authenticating raw public-keys +one must use an out-of-band mechanism, e.g. by comparing hashes or using trust on first use +(see @ref{Verifying a certificate using trust on first use authentication}). + + +@node Raw public-key credentials +@subsection Raw public-keys +As of version 3.6.6 GnuTLS supports @ref{Raw public-keys}. With raw public-keys only the +public-key part (that is normally embedded in a certificate) is transmitted to the peer. +In order to load a raw public-key and its corresponding private key in a credentials +structure one can use the following functions. + +@showfuncC{gnutls_certificate_set_key,gnutls_certificate_set_rawpk_key_mem,gnutls_certificate_set_rawpk_key_file} + + +@node SRP credentials +@subsection SRP + +The initialization functions in SRP credentials differ between +client and server. +Clients supporting @acronym{SRP} should set the username and password +prior to connection, to the credentials structure. +Alternatively @funcref{gnutls_srp_set_client_credentials_function} +may be used instead, to specify a callback function that should return the +SRP username and password. +The callback is called once during the @acronym{TLS} handshake. + +@showfuncE{gnutls_srp_allocate_server_credentials,gnutls_srp_allocate_client_credentials,gnutls_srp_free_server_credentials,gnutls_srp_free_client_credentials,gnutls_srp_set_client_credentials} + +@showfuncdesc{gnutls_srp_set_client_credentials_function} + +In server side the default behavior of @acronym{GnuTLS} is to read +the usernames and @acronym{SRP} verifiers from password files. These +password file format is compatible the with the @emph{Stanford srp libraries} +format. If a different password file format is to be used, then +@funcref{gnutls_srp_set_server_credentials_function} should be called, +to set an appropriate callback. + +@showfuncdesc{gnutls_srp_set_server_credentials_file} + +@showfuncdesc{gnutls_srp_set_server_credentials_function} + + +@node PSK credentials +@subsection PSK +The initialization functions in PSK credentials differ between +client and server. + +@showfuncD{gnutls_psk_allocate_server_credentials,gnutls_psk_allocate_client_credentials,gnutls_psk_free_server_credentials,gnutls_psk_free_client_credentials} + +Clients supporting @acronym{PSK} should supply the username and key +before a TLS session is established. Alternatively +@funcref{gnutls_psk_set_client_credentials_function} can be used to +specify a callback function. This has the +advantage that the callback will be called only if @acronym{PSK} has +been negotiated. + +@showfuncA{gnutls_psk_set_client_credentials} + +@showfuncdesc{gnutls_psk_set_client_credentials_function} + +In server side the default behavior of @acronym{GnuTLS} is to read +the usernames and @acronym{PSK} keys from a password file. The +password file should contain usernames and keys in hexadecimal +format. The name of the password file can be stored to the credentials +structure by calling @funcref{gnutls_psk_set_server_credentials_file}. If +a different password file format is to be used, then +a callback should be set instead by @funcref{gnutls_psk_set_server_credentials_function}. + +The server can help the client chose a suitable username and password, +by sending a hint. Note that there is no common profile for the PSK hint and applications +are discouraged to use it. +A server, may specify the hint by calling +@funcref{gnutls_psk_set_server_credentials_hint}. The client can retrieve +the hint, for example in the callback function, using +@funcref{gnutls_psk_client_get_hint}. + +@showfuncdesc{gnutls_psk_set_server_credentials_file} + +@showfuncC{gnutls_psk_set_server_credentials_function,gnutls_psk_set_server_credentials_hint,gnutls_psk_client_get_hint} + +@node Anonymous credentials +@subsection Anonymous +The key exchange methods for anonymous authentication +since GnuTLS 3.6.0 will utilize the RFC7919 parameters, unless +explicit parameters have been provided and associated with an +anonymous credentials structure. Check @ref{Parameter generation} for more information. +The initialization functions for the credentials are shown below. + +@showfuncD{gnutls_anon_allocate_server_credentials,gnutls_anon_allocate_client_credentials,gnutls_anon_free_server_credentials,gnutls_anon_free_client_credentials} + + + +@node Setting up the transport layer +@section Setting up the transport layer + +The next step is to setup the underlying transport layer details. The +Berkeley sockets are implicitly used by GnuTLS, thus a +call to @funcref{gnutls_transport_set_int} would be sufficient to +specify the socket descriptor. + +@showfuncB{gnutls_transport_set_int,gnutls_transport_set_int2} + +If however another transport layer than TCP is selected, then +a pointer should be used instead to express the parameter to be +passed to custom functions. In that case the following functions should +be used instead. + +@showfuncB{gnutls_transport_set_ptr,gnutls_transport_set_ptr2} + +Moreover all of the following push and pull callbacks should be set. + +@showfuncdesc{gnutls_transport_set_push_function} +@showfuncdesc{gnutls_transport_set_vec_push_function} +@showfuncdesc{gnutls_transport_set_pull_function} +@showfuncdesc{gnutls_transport_set_pull_timeout_function} + + +The functions above accept a callback function which +should return the number of bytes written, or -1 on +error and should set @code{errno} appropriately. +In some environments, setting @code{errno} is unreliable. For example +Windows have several errno variables in different CRTs, or in other +systems it may be a non thread-local variable. If this is a concern to +you, call @funcref{gnutls_transport_set_errno} with the intended errno +value instead of setting @code{errno} directly. + +@showfuncdesc{gnutls_transport_set_errno} + +@acronym{GnuTLS} currently only interprets the EINTR, EAGAIN and EMSGSIZE errno +values and returns the corresponding @acronym{GnuTLS} error codes: +@itemize +@item @code{GNUTLS_E_INTERRUPTED} +@item @code{GNUTLS_E_AGAIN} +@item @code{GNUTLS_E_LARGE_PACKET} +@end itemize +The EINTR and EAGAIN values are returned by interrupted system calls, +or when non blocking IO is used. All @acronym{GnuTLS} functions can be +resumed (called again), if any of the above error codes is returned. The +EMSGSIZE value is returned when attempting to send a large datagram. + +In the case of DTLS it is also desirable to override the generic +transport functions with functions that emulate the operation +of @code{recvfrom} and @code{sendto}. In addition +@acronym{DTLS} requires timers during the receive of a handshake +message, set using the @funcref{gnutls_transport_set_pull_timeout_function} +function. To check the retransmission timers the function +@funcref{gnutls_dtls_get_timeout} is provided, which returns the time +remaining until the next retransmission, or better the time until +@funcref{gnutls_handshake} should be called again. + +@showfuncdesc{gnutls_transport_set_pull_timeout_function} +@showfuncdesc{gnutls_dtls_get_timeout} + +@menu +* Asynchronous operation:: +* Reducing round-trips:: +* Zero-roundtrip mode:: +* Anti-replay protection:: +* DTLS sessions:: +* DTLS and SCTP:: +@end menu + +@node Asynchronous operation +@subsection Asynchronous operation + +@acronym{GnuTLS} can be used with asynchronous socket or event-driven programming. +The approach is similar to using Berkeley sockets under such an environment. +The blocking, due to network interaction, calls such as +@funcref{gnutls_handshake}, @funcref{gnutls_record_recv}, +can be set to non-blocking by setting the underlying sockets to non-blocking. +If other push and pull functions are setup, then they should behave the same +way as @funcintref{recv} and @funcintref{send} when used in a non-blocking +way, i.e., return -1 and set errno to @code{EAGAIN}. Since, during a TLS protocol session +@acronym{GnuTLS} does not block except for network interaction, the non blocking +@code{EAGAIN} errno will be propagated and @acronym{GnuTLS} functions +will return the @code{GNUTLS_E_AGAIN} error code. Such calls can be resumed the +same way as a system call would. +The only exception is @funcref{gnutls_record_send}, +which if interrupted subsequent calls need not to include the data to be +sent (can be called with NULL argument). + +When using the @funcintref{poll} or @funcintref{select} system calls though, one should remember +that they only apply to the kernel sockets API. To check for any +available buffered data in a @acronym{GnuTLS} session, +utilize @funcref{gnutls_record_check_pending}, +either before the @funcintref{poll} system call, or after a call to +@funcref{gnutls_record_recv}. Data queued by @funcref{gnutls_record_send} +(when interrupted) can be discarded using @funcref{gnutls_record_discard_queued}. + +An example of GnuTLS' usage with asynchronous operation can be found +in @code{doc/examples/tlsproxy}. + +The following paragraphs describe the detailed requirements for non-blocking +operation when using the TLS or DTLS protocols. + +@subsubsection TLS protocol +There are no special requirements for the TLS protocol operation in non-blocking +mode if a non-blocking socket is used. + +It is recommended, however, for future compatibility, when in non-blocking mode, to +call the @funcref{gnutls_init} function with the +@code{GNUTLS_NONBLOCK} flag set (see @ref{Session initialization}). + +@subsubsection Datagram TLS protocol +When in non-blocking mode the function, the @funcref{gnutls_init} function +must be called with the @code{GNUTLS_NONBLOCK} flag set (see @ref{Session initialization}). + +In contrast with the TLS protocol, the pull timeout function is required, +but will only be called with a timeout of zero. In that case it should indicate +whether there are data to be received or not. When not using the default pull function, +then @funcref{gnutls_transport_set_pull_timeout_function} should be called. + +Although in the TLS protocol implementation each call to receive or send +function implies to restoring the same function that was interrupted, in +the DTLS protocol this requirement isn't true. +There are cases where a retransmission is required, which are indicated by +a received message and thus @funcref{gnutls_record_get_direction} must be called +to decide which direction to check prior to restoring a function call. +@showfuncdesc{gnutls_record_get_direction} + +When calling @funcref{gnutls_handshake} through a multi-plexer, +to be able to handle properly the DTLS handshake retransmission timers, +the function @funcref{gnutls_dtls_get_timeout} +should be used to estimate when to call @funcref{gnutls_handshake} if +no data have been received. + +@node Reducing round-trips +@subsection Reducing round-trips + +The full TLS 1.2 handshake requires 2 round-trips to complete, and when +combined with TCP's SYN and SYN-ACK negotiation it extends to 3 full +round-trips. While, TLS 1.3 reduces that to two round-trips when under TCP, +it still adds considerable latency, making the protocol unsuitable for +certain applications. + +To optimize the handshake latency, in client side, it is possible to take +advantage of the TCP fast open @xcite{RFC7413} mechanism on operating +systems that support it. That can be done either by manually crafting the push and pull +callbacks, or by utilizing @funcref{gnutls_transport_set_fastopen}. In that +case the initial TCP handshake is eliminated, reducing the TLS 1.2 handshake round-trip +to 2, and the TLS 1.3 handshake to a single round-trip. +Note, that when this function is used, any connection failures will be reported during the +@funcref{gnutls_handshake} function call with error code @code{GNUTLS_E_PUSH_ERROR}. + +@showfuncdesc{gnutls_transport_set_fastopen} + +When restricted to TLS 1.2, and non-resumed sessions, it is possible to further +reduce the round-trips to a single one by taking advantage of the @ref{False Start} +TLS extension. This can be enabled by setting the @acronym{GNUTLS_ENABLE_FALSE_START} +flag on @funcref{gnutls_init}. + +Under TLS 1.3, the server side can start transmitting before the handshake +is complete (i.e., while the client Finished message is still in flight), +when no client certificate authentication is requested. This, unlike false +start, is part of protocol design with no known security implications. +It can be enabled by setting the @acronym{GNUTLS_ENABLE_EARLY_START} on +@funcref{gnutls_init}, and the @funcref{gnutls_handshake} function will +return early, allowing the server to send data earlier. + + +@node Zero-roundtrip mode +@subsection Zero-roundtrip mode + +Under TLS 1.3, when the client has already connected to the server and +is resuming a session, it can start transmitting application data during +handshake. This is called zero round-trip time (0-RTT) mode, and the +application data sent in this mode is called early data. The client can +send early data with @funcref{gnutls_record_send_early_data}. The +client should call this function before calling +@funcref{gnutls_handshake} and after calling +@funcref{gnutls_session_set_data}. + +Note, however, that early data has weaker security properties than +normal application data sent after handshake, such as lack of forward +secrecy, no guarantees of non-replay between connections. Thus it is +disabled on the server side by default. To enable it, the server +needs to: +@enumerate +@item Set @acronym{GNUTLS_ENABLE_EARLY_DATA} on @funcref{gnutls_init}. Note that this option only has effect on server. + +@item Enable anti-replay measure. See @ref{Anti-replay protection} for the details. +@end enumerate + +The server caches the received early data until it is read. To set the +maximum amount of data to be stored in the cache, use +@funcref{gnutls_record_set_max_early_data_size}. After receiving the +EndOfEarlyData handshake message, the server can start retrieving the +received data with @funcref{gnutls_record_recv_early_data}. You can +call the function either after the handshake is complete, or through a +handshake hook (@funcref{gnutls_handshake_set_hook_function}). + +When sending early data, the client should respect the maximum amount +of early data, which may have been previously advertised by the +server. It can be checked using +@funcref{gnutls_record_get_max_early_data_size}, right after calling +@funcref{gnutls_session_set_data}. + +After sending early data, to check whether the sent early data was +accepted by the server, use @funcref{gnutls_session_get_flags} and +compare the result with @acronym{GNUTLS_SFLAGS_EARLY_DATA}. +Similarly, on the server side, the same function and flag can be used +to check whether it has actually accepted early data. + + +@node Anti-replay protection +@subsection Anti-replay protection + +When 0-RTT mode is used, the server must protect itself from replay +attacks, where adversary client reuses duplicate session ticket to send +early data, before the server authenticates the client. + +GnuTLS provides a simple mechanism against replay attacks, following the +method called ClientHello recording. When a session ticket is accepted, +the server checks if the ClientHello message has been already seen. If +there is a duplicate, the server rejects early data. + +The problem of this approach is that the number of recorded messages +grows indefinitely. To prevent that, the server can limit the recording +to a certain time window, which can be configured with +@funcref{gnutls_anti_replay_set_window}. + +The anti-replay mechanism shall be globally initialized with +@funcref{gnutls_anti_replay_init}, and then attached to a session using +@funcref{gnutls_anti_replay_enable}. It can be deinitialized with +@funcref{gnutls_anti_replay_deinit}. + +The server must also set up a database back-end to store ClientHello +messages. That can be achieved using +@funcref{gnutls_anti_replay_set_add_function} and +@funcref{gnutls_anti_replay_set_ptr}. + +Note that, if the back-end stores arbitrary number of ClientHello, it +needs to periodically clean up the stored entries based on the time +window set with @funcref{gnutls_anti_replay_set_window}. The cleanup +can be implemented by iterating through the database entries and calling +@funcref{gnutls_db_check_entry_expire_time}. This is similar to session +database cleanup used by TLS1.2 sessions. + +The full set up of the server using early data would be like the +following example: +@example +#define MAX_EARLY_DATA_SIZE 16384 + +static int +db_add_func(void *dbf, gnutls_datum_t key, gnutls_datum_t data) +@{ + /* Return GNUTLS_E_DB_ENTRY_EXISTS, if KEY is found in the database. + * Otherwise, store it and return 0. + */ +@} + +static int +handshake_hook_func(gnutls_session_t session, unsigned int htype, + unsigned when, unsigned int incoming, const gnutls_datum_t *msg) +@{ + int ret; + char buf[MAX_EARLY_DATA_SIZE]; + + assert(htype == GNUTLS_HANDSHAKE_END_OF_EARLY_DATA); + assert(when == GNUTLS_HOOK_POST); + + if (gnutls_session_get_flags(session) & GNUTLS_SFLAGS_EARLY_DATA) @{ + ret = gnutls_record_recv_early_data(session, buf, sizeof(buf)); + assert(ret >= 0); + @} + + return ret; +@} + +int main() +@{ + ... + /* Initialize anti-replay measure, which can be shared + * among multiple sessions. + */ + gnutls_anti_replay_init(&anti_replay); + + /* Set the database back-end function for the anti-replay data. */ + gnutls_anti_replay_set_add_function(anti_replay, db_add_func); + gnutls_anti_replay_set_ptr(anti_replay, NULL); + + ... + + gnutls_init(&server, GNUTLS_SERVER | GNUTLS_ENABLE_EARLY_DATA); + gnutls_record_set_max_early_data_size(server, MAX_EARLY_DATA_SIZE); + + ... + + /* Set the anti-replay measure to the session. + */ + gnutls_anti_replay_enable(server, anti_replay); + ... + + /* Retrieve early data in a handshake hook; + * you can also do that after handshake. + */ + gnutls_handshake_set_hook_function(server, GNUTLS_HANDSHAKE_END_OF_EARLY_DATA, + GNUTLS_HOOK_POST, handshake_hook_func); + ... +@} +@end example + + +@node DTLS sessions +@subsection DTLS sessions + +Because datagram TLS can operate over connections where the client +cannot be reliably verified, functionality in the form of cookies, is available to prevent +denial of service attacks to servers. @acronym{GnuTLS} requires a server +to generate a secret key that is used to sign a cookie@footnote{A key of 128 bits or 16 bytes should be sufficient for this purpose.}. +That cookie is sent to the client using @funcref{gnutls_dtls_cookie_send}, and +the client must reply using the correct cookie. The server side +should verify the initial message sent by client using @funcref{gnutls_dtls_cookie_verify}. +If successful the session should be initialized and associated with +the cookie using @funcref{gnutls_dtls_prestate_set}, before proceeding to +the handshake. + +@showfuncD{gnutls_key_generate,gnutls_dtls_cookie_send,gnutls_dtls_cookie_verify,gnutls_dtls_prestate_set} + +Note that the above apply to server side only and they are not mandatory to be +used. Not using them, however, allows denial of service attacks. +The client side cookie handling is part of @funcref{gnutls_handshake}. + +Datagrams are typically restricted by a maximum transfer unit (MTU). For that +both client and server side should set the correct maximum transfer unit for +the layer underneath @acronym{GnuTLS}. This will allow proper fragmentation +of DTLS messages and prevent messages from being silently discarded by the +transport layer. The ``correct'' maximum transfer unit can be obtained through +a path MTU discovery mechanism @xcite{RFC4821}. + +@showfuncC{gnutls_dtls_set_mtu,gnutls_dtls_get_mtu,gnutls_dtls_get_data_mtu} + +@node DTLS and SCTP +@subsection DTLS and SCTP + +Although DTLS can run under any reliable or unreliable layer, there are +special requirements for SCTP according to @xcite{RFC6083}. We summarize the +most important below, however for a full treatment we refer to @xcite{RFC6083}. + +@itemize +@item The MTU set via @funcref{gnutls_dtls_set_mtu} must be 2^14. +@item Replay detection must be disabled; use the flag @code{GNUTLS_NO_REPLAY_PROTECTION} with @funcref{gnutls_init}. +@item Retransmission of messages must be disabled; use @funcref{gnutls_dtls_set_timeouts} + with a retransmission timeout larger than the total. +@item Handshake, Alert and ChangeCipherSpec messages must be sent over stream 0 with unlimited reliability + and with the ordered delivery feature. +@item During a rehandshake, the caching of messages with unknown epoch is + not handled by GnuTLS; this must be implemented in a special pull function. +@end itemize + +@node TLS handshake +@section TLS handshake +Once a session has been initialized and a network +connection has been set up, TLS and DTLS protocols +perform a handshake. The handshake is the actual key +exchange. + +@showfuncdesc{gnutls_handshake} + +@showfuncdesc{gnutls_handshake_set_timeout} + +In GnuTLS 3.5.0 and later it is recommended to use @funcref{gnutls_session_set_verify_cert} +for the handshake process to ensure the verification of the peer's identity. +That will verify the peer's certificate, against the trusted CA store while +accounting for stapled OCSP responses during the handshake; any error will +be returned as a handshake error. + +In older GnuTLS versions it is required to verify the peer's certificate +during the handshake by setting a callback with @funcref{gnutls_certificate_set_verify_function}, +and then using @funcref{gnutls_certificate_verify_peers3} from it. See @ref{Certificate authentication} +for more information. + +@showfuncB{gnutls_session_set_verify_cert,gnutls_certificate_verify_peers3} + +@node Data transfer and termination +@section Data transfer and termination +Once the handshake is complete and peer's identity +has been verified data can be exchanged. The available +functions resemble the POSIX @code{recv} and @code{send} +functions. It is suggested to use @funcref{gnutls_error_is_fatal} +to check whether the error codes returned by these functions are +fatal for the protocol or can be ignored. + +@showfuncdesc{gnutls_record_send} + +@showfuncdesc{gnutls_record_recv} + +@showfuncdesc{gnutls_error_is_fatal} + +Although, in the TLS protocol the receive function can be called +at any time, when DTLS is used the GnuTLS receive functions must be +called once a message is available for reading, even if no data are +expected. This is because in DTLS various (internal) actions +may be required due to retransmission timers. Moreover, +an extended receive function is shown below, which allows the extraction +of the message's sequence number. Due to the unreliable nature of the +protocol, this field allows distinguishing out-of-order messages. + +@showfuncdesc{gnutls_record_recv_seq} + +The @funcref{gnutls_record_check_pending} helper function is available to +allow checking whether data are available to be read in a @acronym{GnuTLS} session +buffers. Note that this function complements but does not replace @funcintref{poll}, +i.e., @funcref{gnutls_record_check_pending} reports no data to be read, @funcintref{poll} +should be called to check for data in the network buffers. + +@showfuncdesc{gnutls_record_check_pending} +@showfuncA{gnutls_record_get_direction} + +Once a TLS or DTLS session is no longer needed, it is +recommended to use @funcref{gnutls_bye} to terminate the +session. That way the peer is notified securely about the +intention of termination, which allows distinguishing it +from a malicious connection termination. +A session can be deinitialized with the @funcref{gnutls_deinit} function. + +@showfuncdesc{gnutls_bye} +@showfuncdesc{gnutls_deinit} + +@node Buffered data transfer +@section Buffered data transfer + +Although @funcref{gnutls_record_send} is sufficient to transmit data +to the peer, when many small chunks of data are to be transmitted +it is inefficient and wastes bandwidth due to the TLS record +overhead. In that case it is preferable to combine the small chunks +before transmission. The following functions provide that functionality. + +@showfuncdesc{gnutls_record_cork} + +@showfuncdesc{gnutls_record_uncork} + + +@node Handling alerts +@section Handling alerts +During a TLS connection alert messages may be exchanged by the +two peers. Those messages may be fatal, meaning the connection +must be terminated afterwards, or warning when something needs +to be reported to the peer, but without interrupting the session. +The error codes @code{GNUTLS_E_@-WARNING_@-ALERT_@-RECEIVED} +or @code{GNUTLS_E_@-FATAL_@-ALERT_@-RECEIVED} signal those alerts +when received, and may be returned by all GnuTLS functions that receive +data from the peer, being @funcref{gnutls_handshake} and @funcref{gnutls_record_recv}. + +If those error codes are received the alert and its level should be logged +or reported to the peer using the functions below. + +@showfuncdesc{gnutls_alert_get} +@showfuncdesc{gnutls_alert_get_name} + +The peer may also be warned or notified of a fatal issue +by using one of the functions below. All the available alerts +are listed in @ref{The Alert Protocol}. + +@showfuncdesc{gnutls_alert_send} +@showfuncdesc{gnutls_error_to_alert} + + +@node Priority Strings +@section Priority strings +@cindex Priority strings + +@subheading How to use Priority Strings + +The GnuTLS priority strings specify the TLS session's handshake +algorithms and options in a compact, easy-to-use format. These +strings are intended as a user-specified override of the library defaults. + +That is, we recommend applications using the default settings +(c.f. @funcref{gnutls_set_default_priority} or +@funcref{gnutls_set_default_priority_append}), and provide the user +with access to priority strings for overriding the default behavior, +on configuration files, or other UI. Following such a principle, +makes the GnuTLS library as the default settings provider. That is +necessary and a good practice, because TLS protocol hardening and +phasing out of legacy algorithms, is easier to co-ordinate when happens +in a single library. + +@showfuncC{gnutls_set_default_priority,gnutls_set_default_priority_append,gnutls_priority_set_direct} + +The priority string translation to the internal GnuTLS form requires +processing and the generated internal form also occupies some memory. +For that, it is recommended to do that processing once in server side, +and share the generated data across sessions. The following functions +allow the generation of a "priority cache" and the sharing of it across +sessions. + +@showfuncD{gnutls_priority_init2,gnutls_priority_init,gnutls_priority_set,gnutls_priority_deinit} + +@subheading Using Priority Strings + +A priority string string may contain a single initial keyword such as in +@ref{tab:prio-keywords} and may be followed by additional algorithm or +special keywords. Note that their description is intentionally avoiding +specific algorithm details, as the priority strings are not constant between +gnutls versions (they are periodically updated to account for cryptographic +advances while providing compatibility with old clients and servers). + +@float Table,tab:prio-keywords +@multitable @columnfractions .20 .70 +@headitem Keyword @tab Description +@item @@KEYWORD @tab +Means that a compile-time specified system configuration file@footnote{The default is @code{/etc/gnutls/default-priorities}.} +will be used to expand the provided keyword. That is used to impose system-specific policies. +It may be followed by additional options that will be appended to the +system string (e.g., "@@SYSTEM:+SRP"). The system file should have the +format 'KEYWORD=VALUE', e.g., 'SYSTEM=NORMAL:+ARCFOUR-128'. + +Since version 3.5.1 it is allowed to specify fallback keywords such +as @@KEYWORD1,@@KEYWORD2, and the first valid keyword will be used. + +@item PERFORMANCE @tab +All the known to be secure ciphersuites are enabled, +limited to 128 bit ciphers and sorted by terms of speed +performance. The message authenticity security level is of 64 bits or more, +and the certificate verification profile is set to GNUTLS_PROFILE_LOW (80-bits). + +@item NORMAL @tab +Means all the known to be secure ciphersuites. The ciphers are sorted by security +margin, although the 256-bit ciphers are included as a fallback only. +The message authenticity security level is of 64 bits or more, +and the certificate verification profile is set to GNUTLS_PROFILE_LOW (80-bits). + +This priority string implicitly enables ECDHE and DHE. The ECDHE ciphersuites +are placed first in the priority order, but due to compatibility +issues with the DHE ciphersuites they are placed last in the priority order, +after the plain RSA ciphersuites. + +@item LEGACY @tab +This sets the NORMAL settings that were used for GnuTLS 3.2.x or earlier. There is +no verification profile set, and the allowed DH primes are considered +weak today (but are often used by misconfigured servers). + +@item PFS @tab +Means all the known to be secure ciphersuites that support perfect forward +secrecy (ECDHE and DHE). The ciphers are sorted by security +margin, although the 256-bit ciphers are included as a fallback only. +The message authenticity security level is of 80 bits or more, +and the certificate verification profile is set to GNUTLS_PROFILE_LOW (80-bits). +This option is available since 3.2.4 or later. + +@item SECURE128 @tab +Means all known to be secure ciphersuites that offer a +security level 128-bit or more. +The message authenticity security level is of 80 bits or more, +and the certificate verification profile is set to GNUTLS_PROFILE_LOW (80-bits). + +@item SECURE192 @tab +Means all the known to be secure ciphersuites that offer a +security level 192-bit or more. +The message authenticity security level is of 128 bits or more, +and the certificate verification profile is set to GNUTLS_PROFILE_HIGH (128-bits). + +@item SECURE256 @tab +Currently alias for SECURE192. This option, will enable ciphers which use a +256-bit key but, due to limitations of the TLS protocol, the overall security +level will be 192-bits (the security level depends on more factors than cipher key size). + +@item SUITEB128 @tab +Means all the NSA Suite B cryptography (RFC5430) ciphersuites +with an 128 bit security level, as well as the enabling of the corresponding +verification profile. + +@item SUITEB192 @tab +Means all the NSA Suite B cryptography (RFC5430) ciphersuites +with an 192 bit security level, as well as the enabling of the corresponding +verification profile. + +@item NONE @tab +Means nothing is enabled. This disables even protocol versions. +It should be followed by the algorithms to be enabled. Note that +using this option to build a priority string gives detailed control +into the resulting settings, however with new revisions of the TLS protocol +new priority items are routinely added, and such strings are not +forward compatible with new protocols. As such, we +advice against using that option for applications targeting multiple versions +of the GnuTLS library, and recommend using the defaults (see above) or +adjusting the defaults via @funcref{gnutls_set_default_priority_append}. + +@end multitable +@caption{Supported initial keywords.} +@end float + +Unless the initial keyword is "NONE" the defaults (in preference +order) are for TLS protocols TLS 1.2, TLS1.1, TLS1.0; +for certificate types X.509. +In key exchange algorithms when in NORMAL or SECURE levels the +perfect forward secrecy algorithms take precedence of the other +protocols. In all cases all the supported key exchange algorithms +are enabled. + +Note that the SECURE levels distinguish between overall security level and +message authenticity security level. That is because the message +authenticity security level requires the adversary to break +the algorithms at real-time during the protocol run, whilst +the overall security level refers to off-line adversaries +(e.g. adversaries breaking the ciphertext years after it was captured). + +The NONE keyword, if used, must followed by keywords specifying +the algorithms and protocols to be enabled. The other initial keywords +do not require, but may be followed by such keywords. All level keywords +can be combined, and for example a level of "SECURE256:+SECURE128" is +allowed. + +The order with which every algorithm or protocol +is specified is significant. Algorithms specified before others +will take precedence. The supported in the GnuTLS version corresponding +to this document algorithms and protocols are shown in @ref{tab:prio-algorithms}; +to list the supported algorithms in your currently using version use +@code{gnutls-cli -l}. + +To avoid collisions in order to specify a protocol version +with "VERS-", signature algorithms with "SIGN-" and certificate types with "CTYPE-". +All other algorithms don't need a prefix. Each specified keyword (except +for @emph{special keywords}) can be prefixed with any of the following +characters. + +@table @asis +@item '!' or '-' +appended with an algorithm will remove this algorithm. +@item "+" +appended with an algorithm will add this algorithm. +@end table + +@float Table,tab:prio-algorithms +@multitable @columnfractions .20 .70 +@headitem Type @tab Keywords +@item Ciphers @tab +Examples are AES-128-GCM, AES-256-GCM, AES-256-CBC; see also +@ref{tab:ciphers} for more options. Catch all name is CIPHER-ALL which will add +all the algorithms from NORMAL priority. + +@item Key exchange @tab +RSA, DHE-RSA, DHE-DSS, SRP, SRP-RSA, SRP-DSS, +PSK, DHE-PSK, ECDHE-PSK, ECDHE-RSA, ECDHE-ECDSA, ANON-ECDH, ANON-DH. The +Catch all name is KX-ALL which will add all the algorithms from NORMAL +priority. Under TLS1.3, the DHE-PSK and ECDHE-PSK strings are equivalent +and instruct for a Diffie-Hellman key exchange using the enabled groups. + +@item MAC @tab +MD5, SHA1, SHA256, SHA384, AEAD (used with +GCM ciphers only). All algorithms from NORMAL priority can be accessed with MAC-ALL. + +@item Compression algorithms @tab +COMP-NULL, COMP-DEFLATE. Catch all is COMP-ALL. + +@item TLS versions @tab +VERS-TLS1.0, VERS-TLS1.1, VERS-TLS1.2, VERS-TLS1.3, +VERS-DTLS1.0, VERS-DTLS1.2. +Catch all are VERS-ALL, and will enable +all protocols from NORMAL priority. To distinguish between TLS and DTLS +versions you can use VERS-TLS-ALL and VERS-DTLS-ALL. + +@item Signature algorithms @tab +SIGN-RSA-SHA1, SIGN-RSA-SHA224, +SIGN-RSA-SHA256, SIGN-RSA-SHA384, SIGN-RSA-SHA512, SIGN-DSA-SHA1, +SIGN-DSA-SHA224, SIGN-DSA-SHA256, SIGN-RSA-MD5, SIGN-ECDSA-SHA1, +SIGN-ECDSA-SHA224, SIGN-ECDSA-SHA256, SIGN-ECDSA-SHA384, SIGN-ECDSA-SHA512, +SIGN-RSA-PSS-SHA256, SIGN-RSA-PSS-SHA384, SIGN-RSA-PSS-SHA512. +Catch all which enables all algorithms from NORMAL priority is SIGN-ALL. +This option is only considered for TLS 1.2 and later. + +@item Groups @tab +GROUP-SECP256R1, GROUP-SECP384R1, GROUP-SECP521R1, GROUP-X25519, +GROUP-FFDHE2048, GROUP-FFDHE3072, GROUP-FFDHE4096, GROUP-FFDHE6144, and +GROUP-FFDHE8192. +Groups include both elliptic curve groups, e.g., SECP256R1, as well as +finite field groups such as FFDHE2048. Catch all which enables all groups +from NORMAL priority is GROUP-ALL. The helper keywords GROUP-DH-ALL and +GROUP-EC-ALL are also available, restricting the groups to finite fields +(DH) and elliptic curves. + +@item Elliptic curves (legacy) @tab +CURVE-SECP192R1, CURVE-SECP224R1, CURVE-SECP256R1, CURVE-SECP384R1, +CURVE-SECP521R1, and CURVE-X25519. +Catch all which enables all curves from NORMAL priority is CURVE-ALL. Note +that the CURVE keyword is kept for backwards compatibility only, for new +applications see the GROUP keyword above. + +@item Certificate types @tab +Certificate types can be given in a symmetric fashion (i.e. the same for +both client and server) or, as of GnuTLS 3.6.4, in an asymmetric fashion +(i.e. different for the client than for the server). Alternative certificate +types must be explicitly enabled via flags in @funcref{gnutls_init}. + +The currently supported types are CTYPE-X509, CTYPE-RAWPK which apply both to +client and server; catch all is CTYPE-ALL. The types CTYPE-CLI-X509, CTYPE-SRV-X509, +CTYPE-CLI-RAWPK, CTYPE-SRV-RAWPK can be used to specialize on client or server; +catch all is CTYPE-CLI-ALL and CTYPE-SRV-ALL. The type 'X509' is aliased to 'X.509' +for legacy reasons. + +@end multitable +@caption{The supported algorithm keywords in priority strings.} +@end float + +Note that the finite field groups (indicated by the FFDHE prefix) and DHE key +exchange methods are generally slower@footnote{It depends on the group in use. Groups with +less bits are always faster, but the number of bits ties with the security +parameter. See @ref{Selecting cryptographic key sizes} +for the acceptable security levels.} than their elliptic curves counterpart +(ECDHE). + +The available special keywords are shown in @ref{tab:prio-special1} +and @ref{tab:prio-special2}. + +@float Table,tab:prio-special1 +@multitable @columnfractions .45 .45 +@headitem Keyword @tab Description + +@item %COMPAT @tab +will enable compatibility mode. It might mean that violations +of the protocols are allowed as long as maximum compatibility with +problematic clients and servers is achieved. More specifically this +string will tolerate packets over the maximum allowed TLS record, +and add a padding to TLS Client Hello packet to prevent it being in the +256-512 range which is known to be causing issues with a commonly used +firewall (see the %DUMBFW option). + +@item %DUMBFW @tab +will add a private extension with bogus data that make the client +hello exceed 512 bytes. This avoids a black hole behavior in some +firewalls. This is the @xcite{RFC7685} client hello padding extension, also enabled +with %COMPAT. + +@item %NO_EXTENSIONS @tab +will prevent the sending of any TLS extensions in client side. Note +that TLS 1.2 requires extensions to be used, as well as safe +renegotiation thus this option must be used with care. When this option +is set no versions later than TLS1.2 can be negotiated. + +@item %NO_TICKETS @tab +will prevent the advertizing of the TLS session ticket extension. +This is implied by the PFS keyword. + +@item %NO_SESSION_HASH @tab +will prevent the advertizing the TLS extended master secret (session hash) +extension. + +@item %SERVER_PRECEDENCE @tab +The ciphersuite will be selected according to server priorities +and not the client's. + +@item %SSL3_RECORD_VERSION @tab +will use SSL3.0 record version in client hello. +By default GnuTLS will set the minimum supported version as the +client hello record version (do not confuse that version with the +proposed handshake version at the client hello). + +@item %LATEST_RECORD_VERSION @tab +will use the latest TLS version record version in client hello. + +@end multitable +@caption{Special priority string keywords.} +@end float + +@float Table,tab:prio-special2 +@multitable @columnfractions .45 .45 +@headitem Keyword @tab Description + +@item %STATELESS_COMPRESSION @tab +ignored; no longer used. + +@item %DISABLE_WILDCARDS @tab +will disable matching wildcards when comparing hostnames +in certificates. + +@item %NO_ETM @tab +will disable the encrypt-then-mac TLS extension (RFC7366). This is +implied by the %COMPAT keyword. + +@item %FORCE_ETM @tab +negotiate CBC ciphersuites only when both sides of the connection support +encrypt-then-mac TLS extension (RFC7366). + +@item %DISABLE_SAFE_RENEGOTIATION @tab +will completely disable safe renegotiation +completely. Do not use unless you know what you are doing. + +@item %UNSAFE_RENEGOTIATION @tab +will allow handshakes and re-handshakes +without the safe renegotiation extension. Note that for clients +this mode is insecure (you may be under attack), and for servers it +will allow insecure clients to connect (which could be fooled by an +attacker). Do not use unless you know what you are doing and want +maximum compatibility. + +@item %PARTIAL_RENEGOTIATION @tab +will allow initial handshakes to proceed, +but not re-handshakes. This leaves the client vulnerable to attack, +and servers will be compatible with non-upgraded clients for +initial handshakes. This is currently the default for clients and +servers, for compatibility reasons. + +@item %SAFE_RENEGOTIATION @tab +will enforce safe renegotiation. Clients and +servers will refuse to talk to an insecure peer. Currently this +causes interoperability problems, but is required for full protection. + +@item %FALLBACK_SCSV @tab +will enable the use of the fallback signaling cipher suite value in the +client hello. Note that this should be set only by applications that +try to reconnect with a downgraded protocol version. See RFC7507 for +details. + +@item %VERIFY_ALLOW_BROKEN @tab +will allow signatures with known to be broken algorithms (such as MD5 or +SHA1) in certificate chains. + +@item %VERIFY_ALLOW_SIGN_RSA_MD5 @tab +will allow RSA-MD5 signatures in certificate chains. + +@item %VERIFY_ALLOW_SIGN_WITH_SHA1 @tab +will allow signatures with SHA1 hash algorithm in certificate chains. + +@item %VERIFY_DISABLE_CRL_CHECKS @tab +will disable CRL or OCSP checks in the verification of the certificate chain. + +@item %VERIFY_ALLOW_X509_V1_CA_CRT @tab +will allow V1 CAs in chains. + +@item %PROFILE_(LOW|LEGACY|MEDIUM|HIGH|ULTRA|FUTURE) @tab +require a certificate verification profile the corresponds to the specified +security level, see @ref{tab:key-sizes} for the mappings to values. + +@item %PROFILE_(SUITEB128|SUITEB192) @tab +require a certificate verification profile the corresponds to SUITEB. Note +that an initial keyword that enables SUITEB automatically sets the profile. + + +@end multitable +@caption{More priority string keywords.} +@end float + +Finally the ciphersuites enabled by any priority string can be +listed using the @code{gnutls-cli} application (see @ref{gnutls-cli Invocation}), +or by using the priority functions as in @ref{Listing the ciphersuites in a priority string}. + +Example priority strings are: +@example +The system imposed security level: + "SYSTEM" + +The default priority without the HMAC-MD5: + "NORMAL:-MD5" + +Specifying RSA with AES-128-CBC: + "NONE:+VERS-TLS-ALL:+MAC-ALL:+RSA:+AES-128-CBC:+SIGN-ALL:+COMP-NULL" + +Specifying the defaults plus ARCFOUR-128: + "NORMAL:+ARCFOUR-128" + +Enabling the 128-bit secure ciphers, while disabling TLS 1.0: + "SECURE128:-VERS-TLS1.0" + +Enabling the 128-bit and 192-bit secure ciphers, while disabling all TLS versions +except TLS 1.2: + "SECURE128:+SECURE192:-VERS-ALL:+VERS-TLS1.2" +@end example + +@node Selecting cryptographic key sizes +@section Selecting cryptographic key sizes +@cindex key sizes + +Because many algorithms are involved in TLS, it is not easy to set +a consistent security level. For this reason in @ref{tab:key-sizes} we +present some correspondence between key sizes of symmetric algorithms +and public key algorithms based on @xcite{ECRYPT}. +Those can be used to generate certificates with +appropriate key sizes as well as select parameters for Diffie-Hellman and SRP +authentication. + +@float Table,tab:key-sizes +@multitable @columnfractions .10 .12 .10 .20 .32 + +@headitem Security bits @tab RSA, DH and SRP parameter size @tab ECC key size @tab Security parameter (profile) @tab Description + +@item <64 +@tab <768 +@tab <128 +@tab @code{INSECURE} +@tab Considered to be insecure + +@item 64 +@tab 768 +@tab 128 +@tab @code{VERY WEAK} +@tab Short term protection against individuals + +@item 72 +@tab 1008 +@tab 160 +@tab @code{WEAK} +@tab Short term protection against small organizations + +@item 80 +@tab 1024 +@tab 160 +@tab @code{LOW} +@tab Very short term protection against agencies (corresponds to ENISA legacy level) + +@item 96 +@tab 1776 +@tab 192 +@tab @code{LEGACY} +@tab Legacy standard level + +@item 112 +@tab 2048 +@tab 224 +@tab @code{MEDIUM} +@tab Medium-term protection + +@item 128 +@tab 3072 +@tab 256 +@tab @code{HIGH} +@tab Long term protection (corresponds to ENISA future level) + +@item 192 +@tab 8192 +@tab 384 +@tab @code{ULTRA} +@tab Even longer term protection + +@item 256 +@tab 15424 +@tab 512 +@tab @code{FUTURE} +@tab Foreseeable future + +@end multitable +@caption{Key sizes and security parameters.} +@end float + +The first column provides a security parameter in a number of bits. This +gives an indication of the number of combinations to be tried by an adversary +to brute force a key. For example to test all possible keys in a 112 bit security parameter +@math{2^{112}} combinations have to be tried. For today's technology this is infeasible. +The next two columns correlate the security +parameter with actual bit sizes of parameters for DH, RSA, SRP and ECC algorithms. +A mapping to @code{gnutls_sec_param_t} value is given for each security parameter, on +the next column, and finally a brief description of the level. + +@c @showenumdesc{gnutls_sec_param_t,The @code{gnutls_sec_@-param_t} enumeration.} + +Note, however, that the values suggested here are nothing more than an +educated guess that is valid today. There are no guarantees that an +algorithm will remain unbreakable or that these values will remain +constant in time. There could be scientific breakthroughs that cannot +be predicted or total failure of the current public key systems by +quantum computers. On the other hand though the cryptosystems used in +TLS are selected in a conservative way and such catastrophic +breakthroughs or failures are believed to be unlikely. +The NIST publication SP 800-57 @xcite{NISTSP80057} contains a similar +table. + +When using @acronym{GnuTLS} and a decision on bit sizes for a public +key algorithm is required, use of the following functions is +recommended: + +@showfuncdesc{gnutls_sec_param_to_pk_bits} + +@showfuncdesc{gnutls_pk_bits_to_sec_param} + +Those functions will convert a human understandable security parameter +of @code{gnutls_sec_param_t} type, to a number of bits suitable for a public +key algorithm. + +@showfuncA{gnutls_sec_param_get_name} + +The following functions will set the minimum acceptable group size for Diffie-Hellman +and SRP authentication. +@showfuncB{gnutls_dh_set_prime_bits,gnutls_srp_set_prime_bits} + + +@node Advanced topics +@section Advanced topics + +@menu +* Virtual hosts and credentials:: +* Session resumption:: +* Certificate verification:: +* TLS 1.2 re-authentication:: +* TLS 1.3 re-authentication and re-key:: +* Parameter generation:: +* Deriving keys for other applications/protocols:: +* Channel Bindings:: +* Interoperability:: +* Compatibility with the OpenSSL library:: +@end menu + +@node Virtual hosts and credentials +@subsection Virtual hosts and credentials +@cindex virtual hosts +@cindex credentials + +Often when operating with virtual hosts, one may not want to associate +a particular certificate set to the credentials function early, before +the virtual host is known. That can be achieved by calling +@funcref{gnutls_credentials_set} within a handshake pre-hook for client +hello. That message contains the peer's intended hostname, and if read, +and the appropriate credentials are set, gnutls will be able to +continue in the handshake process. A brief usage example is shown +below. + +@example +static int ext_hook_func(void *ctx, unsigned tls_id, + const unsigned char *data, unsigned size) +@{ + if (tls_id == 0) @{ /* server name */ + /* figure the advertized name - the following hack + * relies on the fact that this extension only supports + * DNS names, and due to a protocol bug cannot be extended + * to support anything else. */ + if (name < 5) return 0; + name = data+5; + name_size = size-5; + @} + return 0; +@} + +static int +handshake_hook_func(gnutls_session_t session, unsigned int htype, + unsigned when, unsigned int incoming, const gnutls_datum_t *msg) +@{ + int ret; + + assert(htype == GNUTLS_HANDSHAKE_CLIENT_HELLO); + assert(when == GNUTLS_HOOK_PRE); + + ret = gnutls_ext_raw_parse(NULL, ext_hook_func, msg, + GNUTLS_EXT_RAW_FLAG_TLS_CLIENT_HELLO); + assert(ret >= 0); + + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, cred); + + return ret; +@} + +int main() +@{ + ... + + gnutls_handshake_set_hook_function(server, GNUTLS_HANDSHAKE_CLIENT_HELLO, + GNUTLS_HOOK_PRE, handshake_hook_func); + ... +@} +@end example + +@showfuncdesc{gnutls_handshake_set_hook_function} + +@node Session resumption +@subsection Session resumption +@cindex resuming sessions +@cindex session resumption + +To reduce time and network traffic spent in a handshake the client can +request session resumption from a server that previously shared a +session with the client. + +Under TLS 1.2, in order to support resumption a server can either store +the session security parameters in a local database or use session +tickets (see @ref{Session tickets}) to delegate storage to the client. + +Under TLS 1.3, session resumption is only available through session +tickets, and multiple tickets could be sent from server to client. That +provides the following advantages: +@itemize +@item When tickets are not re-used the subsequent client sessions cannot be associated with each other by an eavesdropper +@item On post-handshake authentication the server may send different tickets asynchronously for each identity used by client. +@end itemize + +@subsubheading Client side + +The client has to retrieve and store the session parameters. Before +establishing a new session to the same server the parameters must be +re-associated with the GnuTLS session using +@funcref{gnutls_session_set_data}. + +@showfuncB{gnutls_session_get_data2,gnutls_session_set_data} + +Keep in mind that sessions will be expired after some time, depending +on the server, and a server may choose not to resume a session +even when requested to. The expiration is to prevent temporal session keys +from becoming long-term keys. Also note that as a client you must enable, +using the priority functions, at least the algorithms used in the last session. + +@showfuncdesc{gnutls_session_is_resumed} + +@showfuncdesc{gnutls_session_get_id2} + +@subsubheading Server side + +A server enabling both session tickets and a storage for session data +would use session tickets when clients support it and the storage otherwise. + +A storing server needs to specify callback functions to store, retrieve and delete session data. These can be +registered with the functions below. The stored sessions in the database can be checked using @funcref{gnutls_db_check_entry} +for expiration. + +@showfuncD{gnutls_db_set_retrieve_function,gnutls_db_set_store_function,gnutls_db_set_ptr,gnutls_db_set_remove_function} +@showfuncA{gnutls_db_check_entry} + +A server supporting session tickets must generate ticket encryption +and authentication keys using @funcref{gnutls_session_ticket_key_generate}. +Those keys should be associated with the GnuTLS session using +@funcref{gnutls_session_ticket_enable_server}. + +Those will be the initial keys, but GnuTLS will rotate them regularly. The key rotation interval +can be changed with @funcref{gnutls_db_set_cache_expiration} and will be set to +three times the ticket expiration time (ie. three times the value given in that function). +Every such interval, new keys will be generated from those initial keys. This is a necessary mechanism +to prevent the keys from becoming long-term keys +and as such preserve forward-secrecy in the issued session tickets. If no explicit key rotation interval +is provided, GnuTLS will rotate them every 18 hours by default. + +The master key can be shared between processes or between systems. Processes which share the same master key +will generate the same rotated subkeys, assuming they share the same time (irrespective of timezone differences). + +@showfuncdesc{gnutls_session_ticket_enable_server} +@showfuncdesc{gnutls_session_ticket_key_generate} +@showfuncdesc{gnutls_session_resumption_requested} + +The expiration time for session resumption, either in tickets or stored data +is set using @funcref{gnutls_db_set_cache_expiration}. This function also controls +the ticket key rotation period. Currently, the session key rotation interval is set +to 3 times the expiration time set by this function. + +Under TLS 1.3, the server sends by default 2 tickets, and can send +additional session tickets at any time using @funcref{gnutls_session_ticket_send}. + +@showfuncdesc{gnutls_session_ticket_send} + +@node Certificate verification +@subsection Certificate verification +@cindex DANE +@cindex DNSSEC +@cindex SSH-style authentication +@cindex Trust on first use +@cindex Key pinning +@tindex gnutls_certificate_verify_flags + +In this section the functionality for additional certificate verification methods is listed. +These methods are intended to be used in addition to normal PKI verification, in order to reduce +the risk of a compromised CA being undetected. + +@subsubsection Trust on first use + +The GnuTLS library includes functionality to use an SSH-like trust on first use authentication. +The available functions to store and verify public keys are listed below. + +@showfuncdesc{gnutls_verify_stored_pubkey} +@showfuncdesc{gnutls_store_pubkey} + +In addition to the above the @funcref{gnutls_store_commitment} can be +used to implement a key-pinning architecture as in @xcite{KEYPIN}. +This provides a way for web server to commit on a public key that is +not yet active. + +@showfuncdesc{gnutls_store_commitment} + +The storage and verification functions may be used with the default +text file based back-end, or another back-end may be specified. That +should contain storage and retrieval functions and specified as below. + +@showfuncE{gnutls_tdb_init,gnutls_tdb_deinit,gnutls_tdb_set_verify_func,gnutls_tdb_set_store_func,gnutls_tdb_set_store_commitment_func} + +@subsubsection DANE verification +Since the DANE library is not included in GnuTLS it requires programs +to be linked against it. This can be achieved with the following commands. + +@example +gcc -o foo foo.c `pkg-config gnutls-dane --cflags --libs` +@end example + +When a program uses the GNU autoconf system, then the following +line or similar can be used to detect the presence of the library. + +@example +PKG_CHECK_MODULES([LIBDANE], [gnutls-dane >= 3.0.0]) + +AC_SUBST([LIBDANE_CFLAGS]) +AC_SUBST([LIBDANE_LIBS]) +@end example + +The high level functionality provided by the DANE library is shown below. + +@showfuncdesc{dane_verify_crt} + +@showfuncB{dane_verify_session_crt,dane_strerror} + +Note that the @code{dane_state_t} structure that is accepted by both +verification functions is optional. It is required when many queries +are performed to optimize against multiple re-initializations of the +resolving back-end and loading of DNSSEC keys. + +The following flags are returned by the verify functions to +indicate the status of the verification. + +@showenumdesc{dane_verify_status_t,The DANE verification status flags.} + +In order to generate a DANE TLSA entry to use in a DNS server +you may use danetool (see @ref{danetool Invocation}). + + + +@node TLS 1.2 re-authentication +@subsection TLS 1.2 re-authentication +@cindex re-negotiation +@cindex re-authentication + +In TLS 1.2 or earlier there is no distinction between re-key, re-authentication, and re-negotiation. +All of these use cases are handled by the TLS' rehandshake process. For that reason +in GnuTLS rehandshake is not transparent to the application, and the application +must explicitly take control of that process. In addition GnuTLS since version 3.5.0 will not +allow the peer to switch identities during a rehandshake. +The threat addressed by that behavior depends on the application protocol, +but primarily it protects applications from being misled +by a rehandshake which switches the peer's identity. Applications can +disable this protection by using the @code{GNUTLS_ALLOW_ID_CHANGE} flag in +@funcref{gnutls_init}. + +The following paragraphs explain how to safely use the rehandshake process. + +@subsubsection Client side + +According to the TLS specification a client may initiate a rehandshake at any +time. That can be achieved by calling @funcref{gnutls_handshake} and rely on its +return value for the outcome of the handshake (the server may deny a rehandshake). +If a server requests a re-handshake, then a call to @funcref{gnutls_record_recv} will +return GNUTLS_E_REHANDSHAKE in the client, instructing it to call @funcref{gnutls_handshake}. +To deny a rehandshake request by the server it is recommended to send a warning alert +of type GNUTLS_A_NO_RENEGOTIATION. + +Due to limitations of early protocol versions, it is required to check whether +safe renegotiation is in place, i.e., using @funcref{gnutls_safe_renegotiation_status}, +which ensures that the server remains the same as the initial. + +To make re-authentication transparent to the application when requested +by the server, use the @code{GNUTLS_AUTO_REAUTH} flag on the +@funcref{gnutls_init} call. In that case the re-authentication will happen +in the call of @funcref{gnutls_record_recv} that received the +reauthentication request. + +@showfuncdesc{gnutls_safe_renegotiation_status} + +@subsubsection Server side + +A server which wants to instruct the client to re-authenticate, should call +@funcref{gnutls_rehandshake} and wait for the client to re-authenticate. +It is recommended to only request re-handshake when safe renegotiation is +enabled for that session (see @funcref{gnutls_safe_renegotiation_status} and +the discussion in @ref{Safe renegotiation}). A server could also encounter +the GNUTLS_E_REHANDSHAKE error code while receiving data. That indicates +a client-initiated re-handshake request. In that case the server could +ignore that request, perform handshake (unsafe when done generally), or +even drop the connection. + +@showfuncdesc{gnutls_rehandshake} + +@node TLS 1.3 re-authentication and re-key +@subsection TLS 1.3 re-authentication and re-key +@cindex re-key +@cindex re-negotiation +@cindex re-authentication +@cindex post-handshake authentication + +The TLS 1.3 protocol distinguishes between re-key and re-authentication. +The re-key process ensures that fresh keys are supplied to the already +negotiated parameters, and on GnuTLS can be initiated using +@funcref{gnutls_session_key_update}. The re-key process can be one-way +(i.e., the calling party only changes its keys), or two-way where the peer +is requested to change keys as well. + +The re-authentication process, allows the connected client to switch +identity by presenting a new certificate. Unlike TLS 1.2, the server +is not allowed to change identities. That client re-authentication, or +post-handshake authentication can be initiated only by the server using +@funcref{gnutls_reauth}, and only if a client has advertized support for it. +Both server and client have to explicitly enable support for post handshake +authentication using the @code{GNUTLS_POST_HANDSHAKE_AUTH} flag at @funcref{gnutls_init}. + +A client receiving a re-authentication request will "see" the error code +@code{GNUTLS_E_REAUTH_REQUEST} at @funcref{gnutls_record_recv}. At this +point, it should also call @funcref{gnutls_reauth}. + +To make re-authentication transparent to the application when requested +by the server, use the @code{GNUTLS_AUTO_REAUTH} and @code{GNUTLS_POST_HANDSHAKE_AUTH} +flags on the @funcref{gnutls_init} call. In that case the re-authentication will happen +in the call of @funcref{gnutls_record_recv} that received the +reauthentication request. + +@node Parameter generation +@subsection Parameter generation +@cindex parameter generation +@cindex generating parameters + +Prior to GnuTLS 3.6.0 for the ephemeral or anonymous Diffie-Hellman (DH) TLS ciphersuites +the application was required to generate or provide +DH parameters. That is no longer necessary as GnuTLS utilizes DH parameters +and negotiation from @xcite{RFC7919}. + +Applications can tune the used parameters by explicitly specifying them +in the priority string. In server side applications can set the +minimum acceptable level of DH parameters by calling +@funcref{gnutls_certificate_set_known_dh_params}, +@funcref{gnutls_anon_set_server_known_dh_params}, or +@funcref{gnutls_psk_set_server_known_dh_params}, depending on the type +of the credentials, to set the lower acceptable parameter limits. Typical +applications should rely on the default settings. + +@showfuncC{gnutls_certificate_set_known_dh_params,gnutls_anon_set_server_known_dh_params,gnutls_psk_set_server_known_dh_params} + + +@subsubsection Legacy parameter generation +Note that older than 3.5.6 versions of GnuTLS provided functions +to generate or import arbitrary DH parameters from a file. This +practice is still supported but discouraged in current versions. +There is no known advantage from using random parameters, while there +have been several occasions where applications were utilizing incorrect, +weak or insecure parameters. This is the main reason GnuTLS includes the +well-known parameters of @xcite{RFC7919} and recommends applications +utilizing them. + +In older applications which require to specify explicit DH parameters, we recommend +using @code{certtool} (of GnuTLS 3.5.6 or later) with the @code{--get-dh-params} +option to obtain the FFDHE parameters discussed above. The output +parameters of the tool are in PKCS#3 format and can be imported by +most existing applications. + +The following functions are still supported but considered obsolete. + +@showfuncC{gnutls_dh_params_generate2,gnutls_dh_params_import_pkcs3,gnutls_certificate_set_dh_params} + + +@node Deriving keys for other applications/protocols +@subsection Deriving keys for other applications/protocols +@cindex keying material exporters +@cindex exporting keying material +@cindex deriving keys +@cindex key extraction + +In several cases, after a TLS connection is established, it is desirable +to derive keys to be used in another application or protocol (e.g., in an +other TLS session using pre-shared keys). The following describe GnuTLS' +implementation of RFC5705 to extract keys based on a session's master secret. + +The API to use is @funcref{gnutls_prf_rfc5705}. The +function needs to be provided with a label, +and additional context data to mix in the @code{context} parameter. + +@showfuncdesc{gnutls_prf_rfc5705} + +For example, after establishing a TLS session using +@funcref{gnutls_handshake}, you can obtain 32-bytes to be used as key, using this call: + +@example +#define MYLABEL "EXPORTER-My-protocol-name" +#define MYCONTEXT "my-protocol's-1st-session" + +char out[32]; +rc = gnutls_prf_rfc5705 (session, sizeof(MYLABEL)-1, MYLABEL, + sizeof(MYCONTEXT)-1, MYCONTEXT, 32, out); +@end example + +The output key depends on TLS' master secret, and is the same on both client +and server. + +For legacy applications which need to use a more flexible API, there is +@funcref{gnutls_prf}, which in addition, allows to switch the mix of the +client and server random nonces, using the @code{server_random_first} parameter. +For additional flexibility and low-level access to the TLS1.2 PRF, +there is a low-level TLS PRF interface called @funcref{gnutls_prf_raw}. +That however is not functional under newer protocol versions. + +@node Channel Bindings +@subsection Channel bindings +@cindex channel bindings + +In user authentication protocols (e.g., EAP or SASL mechanisms) it is +useful to have a unique string that identifies the secure channel that +is used, to bind together the user authentication with the secure +channel. This can protect against man-in-the-middle attacks in some +situations. That unique string is called a ``channel binding''. For +background and discussion see @xcite{RFC5056}. + +In @acronym{GnuTLS} you can extract a channel binding using the +@funcref{gnutls_session_channel_binding} function. Currently only the +type @code{GNUTLS_CB_TLS_UNIQUE} is supported, which corresponds to +the @code{tls-unique} channel binding for TLS defined in +@xcite{RFC5929}. + +The following example describes how to print the channel binding data. +Note that it must be run after a successful TLS handshake. + +@example +@{ + gnutls_datum_t cb; + int rc; + + rc = gnutls_session_channel_binding (session, + GNUTLS_CB_TLS_UNIQUE, + &cb); + if (rc) + fprintf (stderr, "Channel binding error: %s\n", + gnutls_strerror (rc)); + else + @{ + size_t i; + printf ("- Channel binding 'tls-unique': "); + for (i = 0; i < cb.size; i++) + printf ("%02x", cb.data[i]); + printf ("\n"); + @} +@} +@end example + +@node Interoperability +@subsection Interoperability + +The @acronym{TLS} protocols support many ciphersuites, extensions and version +numbers. As a result, few implementations are +not able to properly interoperate once faced with extensions or version protocols +they do not support and understand. The @acronym{TLS} protocol allows for a +graceful downgrade to the commonly supported options, but practice shows +it is not always implemented correctly. + +Because there is no way to achieve maximum interoperability with broken peers +without sacrificing security, @acronym{GnuTLS} ignores such peers by default. +This might not be acceptable in cases where maximum compatibility +is required. Thus we allow enabling compatibility with broken peers using +priority strings (see @ref{Priority Strings}). A conservative priority +string that would disable certain @acronym{TLS} protocol +options that are known to cause compatibility problems, is shown below. +@verbatim +NORMAL:%COMPAT +@end verbatim + +For very old broken peers that do not tolerate TLS version numbers over TLS 1.0 +another priority string is: +@verbatim +NORMAL:-VERS-ALL:+VERS-TLS1.0:+VERS-SSL3.0:%COMPAT +@end verbatim +This priority string will in addition to above, only enable SSL 3.0 and +TLS 1.0 as protocols. + + +@node Compatibility with the OpenSSL library +@subsection Compatibility with the OpenSSL library +@cindex OpenSSL + +To ease @acronym{GnuTLS}' integration with existing applications, a +compatibility layer with the OpenSSL library is included +in the @code{gnutls-openssl} library. This compatibility layer is not +complete and it is not intended to completely re-implement the OpenSSL +API with @acronym{GnuTLS}. It only provides limited source-level +compatibility. + +The prototypes for the compatibility functions are in the +@file{gnutls/openssl.h} header file. The limitations +imposed by the compatibility layer include: + +@itemize + +@item Error handling is not thread safe. + +@end itemize + diff --git a/doc/cha-gtls-examples.texi b/doc/cha-gtls-examples.texi new file mode 100644 index 0000000..8a8675e --- /dev/null +++ b/doc/cha-gtls-examples.texi @@ -0,0 +1,340 @@ +@node GnuTLS application examples +@chapter GnuTLS application examples +@anchor{examples} +@cindex example programs +@cindex examples + +In this chapter several examples of real-world use cases are listed. +The examples are simplified to promote readability and contain little or +no error checking. + +@menu +* Client examples:: +* Server examples:: +* More advanced client and servers:: +* OCSP example:: +* Miscellaneous examples:: +@end menu + +@node Client examples +@section Client examples + +This section contains examples of @acronym{TLS} and @acronym{SSL} +clients, using @acronym{GnuTLS}. Note that some of the examples require functions +implemented by another example. + +@menu +* Client example with X.509 certificate support:: +* Datagram TLS client example:: +* Client using a smart card with TLS:: +* Client with Resume capability example:: +* Client example with SSH-style certificate verification:: +@end menu + +@node Client example with X.509 certificate support +@subsection Client example with @acronym{X.509} certificate support +@anchor{ex-verify} + +Let's assume now that we want to create a TCP client which +communicates with servers that use @acronym{X.509} certificate authentication. +The following client is a very simple @acronym{TLS} client, which uses +the high level verification functions for certificates, but does not support session +resumption. + +Note that this client utilizes functionality present in the latest GnuTLS +version. For a reasonably portable version see @ref{Legacy client example with X.509 certificate support}. + +@verbatiminclude examples/ex-client-x509.c + + +@node Datagram TLS client example +@subsection Datagram @acronym{TLS} client example + +This is a client that uses @acronym{UDP} to connect to a +server. This is the @acronym{DTLS} equivalent to the TLS example +with X.509 certificates. + +@verbatiminclude examples/ex-client-dtls.c + + +@node Client using a smart card with TLS +@subsection Using a smart card with TLS +@anchor{ex-pkcs11-client} +@cindex Smart card example + +This example will demonstrate how to load keys and certificates +from a smart-card or any other @acronym{PKCS} #11 token, and +use it in a TLS connection. The difference between this and the +@ref{Client example with X.509 certificate support} is that the +client keys are provided as PKCS #11 URIs instead of files. + +@verbatiminclude examples/ex-cert-select-pkcs11.c + + +@node Client with Resume capability example +@subsection Client with resume capability example +@anchor{ex-resume-client} + +This is a modification of the simple client example. Here we +demonstrate the use of session resumption. The client tries to connect +once using @acronym{TLS}, close the connection and then try to +establish a new connection using the previously negotiated data. + +@verbatiminclude examples/ex-client-resume.c + + + + +@node Client example with SSH-style certificate verification +@subsection Client example with SSH-style certificate verification + +This is an alternative verification function that will use the +X.509 certificate authorities for verification, but also assume an +trust on first use (SSH-like) authentication system. That is the user is +prompted on unknown public keys and known public keys are considered +trusted. + +@verbatiminclude examples/ex-verify-ssh.c + +@node Server examples +@section Server examples + +This section contains examples of @acronym{TLS} and @acronym{SSL} +servers, using @acronym{GnuTLS}. + +@menu +* Echo server with X.509 authentication:: +* DTLS echo server with X.509 authentication:: +@end menu + +@node Echo server with X.509 authentication +@subsection Echo server with @acronym{X.509} authentication + +This example is a very simple echo server which supports +@acronym{X.509} authentication. + +@verbatiminclude examples/ex-serv-x509.c + + +@node DTLS echo server with X.509 authentication +@subsection DTLS echo server with @acronym{X.509} authentication + +This example is a very simple echo server using Datagram TLS and +@acronym{X.509} authentication. + +@verbatiminclude examples/ex-serv-dtls.c + + + + +@node More advanced client and servers +@section More advanced client and servers + +This section has various, more advanced topics in client and servers. + +@menu +* Client example with anonymous authentication:: +* Using a callback to select the certificate to use:: +* Obtaining session information:: +* Advanced certificate verification example:: +* Client example with PSK authentication:: +* Client example with SRP authentication:: +* Legacy client example with X.509 certificate support:: +* Client example in C++:: +* Echo server with PSK authentication:: +* Echo server with SRP authentication:: +* Echo server with anonymous authentication:: +* Helper functions for TCP connections:: +* Helper functions for UDP connections:: +@end menu + +@node Client example with anonymous authentication +@subsection Client example with anonymous authentication + +The simplest client using TLS is the one that doesn't do any +authentication. This means no external certificates or passwords are +needed to set up the connection. As could be expected, the connection +is vulnerable to man-in-the-middle (active or redirection) attacks. +However, the data are integrity protected and encrypted from +passive eavesdroppers. + +Note that due to the vulnerable nature of this method very few public +servers support it. + +@verbatiminclude examples/ex-client-anon.c + +@node Using a callback to select the certificate to use +@subsection Using a callback to select the certificate to use + +There are cases where a client holds several certificate and key +pairs, and may not want to load all of them in the credentials +structure. The following example demonstrates the use of the +certificate selection callback. + +@verbatiminclude examples/ex-cert-select.c + + +@node Obtaining session information +@subsection Obtaining session information + +Most of the times it is desirable to know the security properties of +the current established session. This includes the underlying ciphers +and the protocols involved. That is the purpose of the following +function. Note that this function will print meaningful values only +if called after a successful @funcref{gnutls_handshake}. + +@verbatiminclude examples/ex-session-info.c + + + +@node Advanced certificate verification example +@subsection Advanced certificate verification +@anchor{ex-verify2} + +An example is listed below which uses the high level verification +functions to verify a given certificate chain against a set of CAs +and CRLs. + +@verbatiminclude examples/ex-verify.c + + +@node Client example with PSK authentication +@subsection Client example with @acronym{PSK} authentication + +The following client is a very simple @acronym{PSK} @acronym{TLS} +client which connects to a server and authenticates using a +@emph{username} and a @emph{key}. + +@verbatiminclude examples/ex-client-psk.c + + +@node Client example with SRP authentication +@subsection Client example with @acronym{SRP} authentication + +The following client is a very simple @acronym{SRP} @acronym{TLS} +client which connects to a server and authenticates using a +@emph{username} and a @emph{password}. The server may authenticate +itself using a certificate, and in that case it has to be verified. + +@verbatiminclude examples/ex-client-srp.c + + +@node Legacy client example with X.509 certificate support +@subsection Legacy client example with @acronym{X.509} certificate support +@anchor{ex-verify-legacy} + +For applications that need to maintain compatibility with the GnuTLS 3.1.x +library, this client example is identical to @ref{Client example with X.509 certificate support} +but utilizes APIs that were available in GnuTLS 3.1.4. + +@verbatiminclude examples/ex-client-x509-3.1.c + +@node Client example in C++ +@subsection Client example using the C++ API + +The following client is a simple example of a client client utilizing +the GnuTLS C++ API. + +@verbatiminclude examples/ex-cxx.cpp + + +@node Echo server with PSK authentication +@subsection Echo server with @acronym{PSK} authentication + +This is a server which supports @acronym{PSK} authentication. + +@verbatiminclude examples/ex-serv-psk.c + + +@node Echo server with SRP authentication +@subsection Echo server with @acronym{SRP} authentication + +This is a server which supports @acronym{SRP} authentication. It is +also possible to combine this functionality with a certificate +server. Here it is separate for simplicity. + +@verbatiminclude examples/ex-serv-srp.c + + +@node Echo server with anonymous authentication +@subsection Echo server with anonymous authentication + +This example server supports anonymous authentication, and could be +used to serve the example client for anonymous authentication. + +@verbatiminclude examples/ex-serv-anon.c + + + +@node Helper functions for TCP connections +@subsection Helper functions for TCP connections + +Those helper function abstract away TCP connection handling from the +other examples. It is required to build some examples. + +@verbatiminclude examples/tcp.c + +@node Helper functions for UDP connections +@subsection Helper functions for UDP connections + +The UDP helper functions abstract away UDP connection handling from the +other examples. It is required to build the examples using UDP. + +@verbatiminclude examples/udp.c + + + +@node OCSP example +@section OCSP example + +@anchor{Generate OCSP request} +@subheading Generate @acronym{OCSP} request + +A small tool to generate OCSP requests. + +@verbatiminclude examples/ex-ocsp-client.c + +@node Miscellaneous examples +@section Miscellaneous examples + +@menu +* Checking for an alert:: +* X.509 certificate parsing example:: +* Listing the ciphersuites in a priority string:: +* PKCS12 structure generation example:: +@end menu + +@node Checking for an alert +@subsection Checking for an alert + +This is a function that checks if an alert has been received in the +current session. + +@verbatiminclude examples/ex-alert.c + +@node X.509 certificate parsing example +@subsection @acronym{X.509} certificate parsing example +@anchor{ex-x509-info} + +To demonstrate the @acronym{X.509} parsing capabilities an example program is +listed below. That program reads the peer's certificate, and prints +information about it. + +@verbatiminclude examples/ex-x509-info.c + +@node Listing the ciphersuites in a priority string +@subsection Listing the ciphersuites in a priority string + +This is a small program to list the enabled ciphersuites by a +priority string. + +@verbatiminclude examples/print-ciphersuites.c + +@node PKCS12 structure generation example +@subsection PKCS #12 structure generation example + +This small program demonstrates the usage of the PKCS #12 API, by generating +such a structure. + +@verbatiminclude examples/ex-pkcs12.c + diff --git a/doc/cha-internals.texi b/doc/cha-internals.texi new file mode 100644 index 0000000..2a9bc1a --- /dev/null +++ b/doc/cha-internals.texi @@ -0,0 +1,742 @@ +@node Internal architecture of GnuTLS +@chapter Internal Architecture of GnuTLS +@cindex internal architecture + +This chapter is to give a brief description of the +way @acronym{GnuTLS} works. The focus is to give an idea +to potential developers and those who want to know what +happens inside the black box. + +@menu +* The TLS Protocol:: +* TLS Handshake Protocol:: +* TLS Authentication Methods:: +* TLS Hello Extension Handling:: +* Cryptographic Backend:: +* Random Number Generators-internals:: +* FIPS140-2 mode:: +@end menu + +@node The TLS Protocol +@section The TLS Protocol +The main use case for the TLS protocol is shown in @ref{fig-client-server}. +A user of a library implementing the protocol expects no less than this functionality, +i.e., to be able to set parameters such as the accepted security level, perform a +negotiation with the peer and be able to exchange data. + +@float Figure,fig-client-server +@image{gnutls-client-server-use-case,9cm} +@caption{TLS protocol use case.} +@end float + +@node TLS Handshake Protocol +@section TLS Handshake Protocol +The @acronym{GnuTLS} handshake protocol is implemented as a state +machine that waits for input or returns immediately when the non-blocking +transport layer functions are used. The main idea is shown in @ref{fig-gnutls-handshake}. + +@float Figure,fig-gnutls-handshake +@image{gnutls-handshake-state,9cm} +@caption{GnuTLS handshake state machine.} +@end float + +Also the way the input is processed varies per ciphersuite. Several +implementations of the internal handlers are available and +@funcref{gnutls_handshake} only multiplexes the input to the appropriate +handler. For example a @acronym{PSK} ciphersuite has a different +implementation of the @code{process_client_key_exchange} than a +certificate ciphersuite. We illustrate the idea in @ref{fig-gnutls-handshake-sequence}. + +@float Figure,fig-gnutls-handshake-sequence +@image{gnutls-handshake-sequence,12cm} +@caption{GnuTLS handshake process sequence.} +@end float + +@node TLS Authentication Methods +@section TLS Authentication Methods +In @acronym{GnuTLS} authentication methods can be implemented quite +easily. Since the required changes to add a new authentication method +affect only the handshake protocol, a simple interface is used. An +authentication method needs to implement the functions shown below. + +@verbatim +typedef struct +{ + const char *name; + int (*gnutls_generate_server_certificate) (gnutls_session_t, gnutls_buffer_st*); + int (*gnutls_generate_client_certificate) (gnutls_session_t, gnutls_buffer_st*); + int (*gnutls_generate_server_kx) (gnutls_session_t, gnutls_buffer_st*); + int (*gnutls_generate_client_kx) (gnutls_session_t, gnutls_buffer_st*); + int (*gnutls_generate_client_cert_vrfy) (gnutls_session_t, gnutls_buffer_st *); + int (*gnutls_generate_server_certificate_request) (gnutls_session_t, + gnutls_buffer_st *); + + int (*gnutls_process_server_certificate) (gnutls_session_t, opaque *, + size_t); + int (*gnutls_process_client_certificate) (gnutls_session_t, opaque *, + size_t); + int (*gnutls_process_server_kx) (gnutls_session_t, opaque *, size_t); + int (*gnutls_process_client_kx) (gnutls_session_t, opaque *, size_t); + int (*gnutls_process_client_cert_vrfy) (gnutls_session_t, opaque *, size_t); + int (*gnutls_process_server_certificate_request) (gnutls_session_t, + opaque *, size_t); +} mod_auth_st; +@end verbatim + +Those functions are responsible for the +interpretation of the handshake protocol messages. It is common for such +functions to read data from one or more @code{credentials_t} +structures@footnote{such as the +@code{gnutls_certificate_credentials_t} structures} and write data, +such as certificates, usernames etc. to @code{auth_info_t} structures. + + +Simple examples of existing authentication methods can be seen in +@code{auth/@-psk.c} for PSK ciphersuites and @code{auth/@-srp.c} for SRP +ciphersuites. After implementing these functions the structure holding +its pointers has to be registered in @code{gnutls_@-algorithms.c} in the +@code{_gnutls_@-kx_@-algorithms} structure. + +@node TLS Hello Extension Handling +@section TLS Extension Handling +As with authentication methods, adding TLS hello extensions can be done +quite easily by implementing the interface shown below. + +@verbatim +typedef int (*gnutls_ext_recv_func) (gnutls_session_t session, + const unsigned char *data, size_t len); +typedef int (*gnutls_ext_send_func) (gnutls_session_t session, + gnutls_buffer_st *extdata); +@end verbatim + +Here there are two main functions, one for parsing the received extension data +and one for formatting the extension data that must be send. These functions +have to check internally whether they operate within a client or a server session. + +A simple example of an extension handler can be seen in +@code{lib/ext/@-srp.c} in GnuTLS' source code. After implementing these functions, +the extension has to be registered. Registering an extension can be done in two +ways. You can create a GnuTLS internal extension and register it in +@code{hello_ext.c} or write an external extension (not inside GnuTLS but +inside an application using GnuTLS) and register it via the exported functions +@funcref{gnutls_session_ext_register} or @funcref{gnutls_ext_register}. + +@subheading Adding a new TLS hello extension + +Adding support for a new TLS hello extension is done from time to time, and +the process to do so is not difficult. Here are the steps you need to +follow if you wish to do this yourself. For the sake of discussion, let's +consider adding support for the hypothetical TLS extension @code{foobar}. +The following section is about adding an hello extension to GnuTLS itself. +For custom application extensions you should check the exported functions +@funcref{gnutls_session_ext_register} or @funcref{gnutls_ext_register}. + +@subsubheading Add @code{configure} option like @code{--enable-foobar} or @code{--disable-foobar}. + +This step is useful when the extension code is large and it might be desirable +under some circumstances to be able to leave out the extension during compilation of GnuTLS. +If you don't need this kind of feature this step can be safely skipped. + +Whether to choose enable or disable depends on whether you intend to make the extension be +enabled by default. Look at existing checks (i.e., SRP, authz) for +how to model the code. For example: + +@example +AC_MSG_CHECKING([whether to disable foobar support]) +AC_ARG_ENABLE(foobar, + AS_HELP_STRING([--disable-foobar], + [disable foobar support]), + ac_enable_foobar=no) +if test x$ac_enable_foobar != xno; then + AC_MSG_RESULT(no) + AC_DEFINE(ENABLE_FOOBAR, 1, [enable foobar]) +else + ac_full=0 + AC_MSG_RESULT(yes) +fi +AM_CONDITIONAL(ENABLE_FOOBAR, test "$ac_enable_foobar" != "no") +@end example + +These lines should go in @code{lib/m4/hooks.m4}. + +@subsubheading Add an extension identifier to @code{extensions_t} in @code{gnutls_int.h}. + +A good name for the identifier would be GNUTLS_EXTENSION_FOOBAR. If the +extension that you are implementing is an extension that is officially +registered by IANA then it is recommended to use its official name such +that the extension can be correctly identified by other developers. Check +with @url{https://www.iana.org/assignments/tls-extensiontype-values} +for registered extensions. + +@subsubheading Register the extension in @code{lib/hello_ext.c}. + +In order for the extension to be executed you need to register it in the +@code{static hello_ext_entry_st const *extfunc[]} list in @code{lib/hello_ext.c}. + +A typical entry would be: + +@example +#ifdef ENABLE_FOOBAR + [GNUTLS_EXTENSION_FOOBAR] = &ext_mod_foobar, +#endif +@end example + +Also for every extension you need to create an @code{hello_ext_entry_st} +that describes the extension. This structure is placed in the designated +c file for your extension and its name is used in the registration entry +as depicted above. + +The structure of @code{hello_ext_entry_st} is as follows: +@example + const hello_ext_entry_st ext_mod_foobar = @{ + .name = "FOOBAR", + .tls_id = 255, + .gid = GNUTLS_EXTENSION_FOOBAR, + .parse_type = GNUTLS_EXT_TLS, + .validity = GNUTLS_EXT_FLAG_CLIENT_HELLO | + GNUTLS_EXT_FLAG_TLS12_SERVER_HELLO | + GNUTLS_EXT_FLAG_TLS13_SERVER_HELLO | + GNUTLS_EXT_FLAG_TLS, + .recv_func = _gnutls_foobar_recv_params, + .send_func = _gnutls_foobar_send_params, + .pack_func = _gnutls_foobar_pack, + .unpack_func = _gnutls_foobar_unpack, + .deinit_func = _gnutls_foobar_deinit, + .cannot_be_overriden = 1 + @}; +@end example + +The GNUTLS_EXTENSION_FOOBAR is the identifier that you've added to +@code{gnutls_int.h} earlier. The @code{.tls_id} should contain the number +that IANA has assigned to this extension, or an unassigned number of your +choice if this is an unregistered extension. In the rest of this structure +you specify the functions to handle the extension data. The @code{receive} function +will be called upon reception of the data and will be used to parse or +interpret the extension data. The @code{send} function will be called prior to +sending the extension data on the wire and will be used to format the data +such that it can be send over the wire. The @code{pack} and @code{unpack} +functions will be used to prepare the data for storage in case of session resumption +(and vice versa). The @code{deinit} function will be called to deinitialize +the extension's private parameters, if any. + +Look at @code{gnutls_ext_parse_type_t} and @code{gnutls_ext_flags_t} for a complete +list of available flags. + +Note that the conditional @code{ENABLE_FOOBAR} definition should only be +used if step 1 with the @code{configure} options has taken place. + +@subsubheading Add new files that implement the hello extension. + +To keep things structured every extension should have its own files. The +functions that you should (at least) add are those referenced in the struct +from the previous step. Use descriptive file names such as @code{lib/ext/@-foobar.c} +and for the corresponding header @code{lib/ext/@-foobar.h}. +As a starter, you could add this: + +@example +int +_gnutls_foobar_recv_params (gnutls_session_t session, const uint8_t * data, + size_t data_size) +@{ + return 0; +@} + +int +_gnutls_foobar_send_params (gnutls_session_t session, gnutls_buffer_st* data) +@{ + return 0; +@} + +int +_gnutls_foobar_pack (extension_priv_data_t epriv, gnutls_buffer_st * ps) +@{ + /* Append the extension's internal state to buffer */ + return 0; +@} + +int +_gnutls_foobar_unpack (gnutls_buffer_st * ps, extension_priv_data_t * epriv) +@{ + /* Read the internal state from buffer */ + return 0; +@} +@end example + +The @funcintref{_gnutls_foobar_recv_params} function is responsible for +parsing incoming extension data (both in the client and server). + +The @funcintref{_gnutls_foobar_send_params} function is responsible for +formatting extension data such that it can be send over the wire (both in +the client and server). It should append data to provided buffer and +return a positive (or zero) number on success or a negative error code. +Previous to 3.6.0 versions of GnuTLS required that function to return the +number of bytes that were written. If zero is returned and no bytes are +appended the extension will not be sent. If a zero byte extension is to +be sent this function must return @code{GNUTLS_E_INT_RET_0}. + +If you receive length fields that don't match, return +@code{GNUTLS_E_@-UNEXPECTED_@-PACKET_@-LENGTH}. If you receive invalid +data, return @code{GNUTLS_E_@-RECEIVED_@-ILLEGAL_@-PARAMETER}. You can use +other error codes from the list in @ref{Error codes}. Return 0 on success. + +An extension typically stores private information in the @code{session} +data for later usage. That can be done using the functions +@funcintref{_gnutls_hello_ext_set_datum} and +@funcintref{_gnutls_hello_ext_get_datum}. You can check simple examples +at @code{lib/ext/@-max_@-record.c} and @code{lib/ext/@-server_@-name.c} extensions. +That private information can be saved and restored across session +resumption if the following functions are set: + +The @funcintref{_gnutls_foobar_pack} function is responsible for packing +internal extension data to save them in the session resumption storage. + +The @funcintref{_gnutls_foobar_unpack} function is responsible for +restoring session data from the session resumption storage. + +When the internal data is stored using the @funcintref{_gnutls_hello_ext_set_datum}, +then you can rely on the default pack and unpack functions: +@funcintref{_gnutls_hello_ext_default_pack} and +@funcintref{_gnutls_hello_ext_default_unpack}. + +Recall that both for the client and server, the send and receive +functions most likely will need to do different things +depending on which mode they are in. It may be useful to make this +distinction explicit in the code. Thus, for example, a better +template than above would be: + +@example +int +_gnutls_foobar_recv_params (gnutls_session_t session, + const uint8_t * data, + size_t data_size) +@{ + if (session->security_parameters.entity == GNUTLS_CLIENT) + return foobar_recv_client (session, data, data_size); + else + return foobar_recv_server (session, data, data_size); +@} + +int +_gnutls_foobar_send_params (gnutls_session_t session, + gnutls_buffer_st * data) +@{ + if (session->security_parameters.entity == GNUTLS_CLIENT) + return foobar_send_client (session, data); + else + return foobar_send_server (session, data); +@} +@end example + +The functions used would be declared as @code{static} functions, of +the appropriate prototype, in the same file. + +When adding the new extension files, you'll need to add them to @code{lib/ext/@-Makefile.am} +as well, for example: + +@example +if ENABLE_FOOBAR +libgnutls_ext_la_SOURCES += ext/foobar.c ext/foobar.h +endif +@end example + +@subsubheading Add API functions to use the extension. + +It might be desirable to allow users of the extension to +request the use of the extension, or set extension specific data. +This can be implemented by adding extension specific function calls +that can be added to @code{includes/@-gnutls/@-gnutls.h}, +as long as the LGPLv2.1+ applies. +The implementation of these functions should lie in the @code{lib/ext/@-foobar.c} file. + +To make the API available in the shared library you need to add the added +symbols in @code{lib/@-libgnutls.map}, so that the symbols are exported properly. + +When writing GTK-DOC style documentation for your new APIs, don't +forget to add @code{Since:} tags to indicate the GnuTLS version the +API was introduced in. + +@subheading Adding a new Supplemental Data Handshake Message + +TLS handshake extensions allow to send so called supplemental data +handshake messages @xcite{RFC4680}. This short section explains how to +implement a supplemental data handshake message for a given TLS extension. + +First of all, modify your extension @code{foobar} in the way, to instruct +the handshake process to send and receive supplemental data, as shown below. + +@example +int +_gnutls_foobar_recv_params (gnutls_session_t session, const opaque * data, + size_t _data_size) +@{ + ... + gnutls_supplemental_recv(session, 1); + ... +@} + +int +_gnutls_foobar_send_params (gnutls_session_t session, gnutls_buffer_st *extdata) +@{ + ... + gnutls_supplemental_send(session, 1); + ... +@} +@end example + +Furthermore you'll need two new functions @funcintref{_foobar_supp_recv_params} +and @funcintref{_foobar_supp_send_params}, which must conform to the following +prototypes. + +@example +typedef int (*gnutls_supp_recv_func)(gnutls_session_t session, + const unsigned char *data, + size_t data_size); +typedef int (*gnutls_supp_send_func)(gnutls_session_t session, + gnutls_buffer_t buf); +@end example + +The following example code shows how to send a +``Hello World'' string in the supplemental data handshake message. + +@example +int +_foobar_supp_recv_params(gnutls_session_t session, const opaque *data, size_t _data_size) +@{ + uint8_t len = _data_size; + unsigned char *msg; + + msg = gnutls_malloc(len); + if (msg == NULL) return GNUTLS_E_MEMORY_ERROR; + + memcpy(msg, data, len); + msg[len]='\0'; + + /* do something with msg */ + gnutls_free(msg); + + return len; +@} + +int +_foobar_supp_send_params(gnutls_session_t session, gnutls_buffer_t buf) +@{ + unsigned char *msg = "hello world"; + int len = strlen(msg); + + if (gnutls_buffer_append_data(buf, msg, len) < 0) + abort(); + + return len; +@} +@end example + +Afterwards, register the new supplemental data using @funcref{gnutls_session_supplemental_register}, +or @funcref{gnutls_supplemental_register} at some point in your program. + +@node Cryptographic Backend +@section Cryptographic Backend + +Today most new processors, either for embedded or desktop systems +include either instructions intended to speed up cryptographic operations, +or a co-processor with cryptographic capabilities. Taking advantage of +those is a challenging task for every cryptographic application or +library. GnuTLS handles the cryptographic provider in a modular +way, following a layered approach to access +cryptographic operations as in @ref{fig-crypto-layers}. + +@float Figure,fig-crypto-layers +@image{gnutls-crypto-layers,12cm} +@caption{GnuTLS cryptographic back-end design.} +@end float + +The TLS layer uses a cryptographic provider layer, that will in turn either +use the default crypto provider -- a software crypto library, or use an external +crypto provider, if available in the local system. The reason of handling +the external cryptographic provider in GnuTLS and not delegating it to +the cryptographic libraries, is that none of the supported cryptographic +libraries support @code{/dev/crypto} or CPU-optimized cryptography in +an efficient way. + +@subheading Cryptographic library layer +The Cryptographic library layer, currently supports only +libnettle. Older versions of GnuTLS used to support libgcrypt, +but it was switched with nettle mainly for performance reasons@footnote{See +@url{https://lists.gnu.org/archive/html/gnutls-devel/2011-02/msg00079.html}.} +and secondary because it is a simpler library to use. +In the future other cryptographic libraries might be supported as well. + +@subheading External cryptography provider +Systems that include a cryptographic co-processor, typically come with +kernel drivers to utilize the operations from software. For this reason +GnuTLS provides a layer where each individual algorithm used can be replaced +by another implementation, i.e., the one provided by the driver. The +FreeBSD, OpenBSD and Linux kernels@footnote{Check @url{https://home.gna.org/cryptodev-linux/} +for the Linux kernel implementation of @code{/dev/crypto}.} include already +a number of hardware assisted implementations, and also provide an interface +to access them, called @code{/dev/crypto}. +GnuTLS will take advantage of this interface if compiled with special +options. That is because in most systems where hardware-assisted +cryptographic operations are not available, using this interface might +actually harm performance. + +In systems that include cryptographic instructions with the CPU's +instructions set, using the kernel interface will introduce an +unneeded layer. For this reason GnuTLS includes such optimizations +found in popular processors such as the AES-NI or VIA PADLOCK instruction sets. +This is achieved using a mechanism that detects CPU capabilities and +overrides parts of crypto back-end at runtime. +The next section discusses the registration of a detected algorithm +optimization. For more information please consult the @acronym{GnuTLS} +source code in @code{lib/accelerated/}. + +@subsubheading Overriding specific algorithms +When an optimized implementation of a single algorithm is available, +say a hardware assisted version of @acronym{AES-CBC} then the +following functions, from @code{crypto.h}, can +be used to register those algorithms. + +@itemize + +@item @funcref{gnutls_crypto_register_cipher}: +To register a cipher algorithm. + +@item @funcref{gnutls_crypto_register_aead_cipher}: +To register an AEAD cipher algorithm. + +@item @funcref{gnutls_crypto_register_mac}: +To register a MAC algorithm. + +@item @funcref{gnutls_crypto_register_digest}: +To register a hash algorithm. + +@end itemize + +Those registration functions will only replace the specified algorithm +and leave the rest of subsystem intact. + + +@subheading Protecting keys through isolation + +For asymmetric or public keys, GnuTLS supports PKCS #11 which allows +operation without access to long term keys, in addition to CPU offloading. +For more information see @ref{Hardware security modules and abstract key types}. + + +@node Random Number Generators-internals +@section Random Number Generators + +@subheading About the generators + +GnuTLS provides two random generators. The default, and the AES-DRBG random +generator which is only used when the library is compiled with support for +FIPS140-2 and the system is in FIPS140-2 mode. + +@subheading The default generator - inner workings + +The random number generator levels in @code{gnutls_rnd_level_t} map to two CHACHA-based random generators which +are initially seeded using the OS random device, e.g., @code{/dev/urandom} +or @code{getrandom()}. These random generators are unique per thread, and +are automatically re-seeded when a fork is detected. + +The reason the CHACHA cipher was selected for the GnuTLS' PRNG is the fact +that CHACHA is considered a secure and fast stream cipher, and is already +defined for use in TLS protocol. As such, the utilization of it would +not stress the CPU caches, and would allow for better performance on busy +servers, irrespective of their architecture (e.g., even if AES is not +available with an optimized instruction set). + +The generators are unique per thread to allow lock-free operation. That +induces a cost of around 140-bytes for the state of the generators per +thread, on threads that would utilize @funcref{gnutls_rnd}. At the same time +it allows fast and lock-free access to the generators. The lock-free access +benefits servers which utilize more than 4 threads, while imposes no cost on +single threaded processes. + +On the first call to @funcref{gnutls_rnd} the generators are seeded with two independent +keys obtained from the OS random device. Their seed is used to output a fixed amount +of bytes before re-seeding; the number of bytes output varies per generator. + +One generator is dedicated for the @code{GNUTLS_RND_NONCE} level, and the +second is shared for the @code{GNUTLS_RND_KEY} and @code{GNUTLS_RND_RANDOM} +levels. For the rest of this section we refer to the first as the nonce +generator and the second as the key generator. + +The nonce generator will reseed after outputting a fixed amount of bytes +(typically few megabytes), or after few hours of operation without reaching +the limit has passed. It is being re-seed using +the key generator to obtain a new key for the CHACHA cipher, which is mixed +with its old one. + +Similarly, the key generator, will also re-seed after a fixed amount +of bytes is generated (typically less than the nonce), and will also re-seed +based on time, i.e., after few hours of operation without reaching the limit +for a re-seed. For its re-seed it mixes mixes data obtained from the OS random +device with the previous key. + +Although the key generator used to provide data for the @code{GNUTLS_RND_RANDOM} +and @code{GNUTLS_RND_KEY} levels is identical, when used with the @code{GNUTLS_RND_KEY} level +a re-key of the PRNG using its own output, is additionally performed. That ensures that +the recovery of the PRNG state will not be sufficient to recover previously generated values. + + +@subheading The AES-DRBG generator - inner workings + +Similar with the default generator, the random number generator levels in @code{gnutls_rnd_level_t} map to two +AES-DRBG random generators which are initially seeded using the OS random device, +e.g., @code{/dev/urandom} or @code{getrandom()}. These random generators are +unique per thread, and are automatically re-seeded when a fork is detected. + +The AES-DRBG generator is based on the AES cipher in counter mode and is +re-seeded after a fixed amount of bytes are generated. + + +@subheading Defense against PRNG attacks + +This section describes the counter-measures available in the Pseudo-random number generator (PRNG) +of GnuTLS for known attacks as described in @xcite{PRNGATTACKS}. Note that, the attacks on a PRNG such as +state-compromise, assume a quite powerful adversary which has in practice +access to the PRNG state. + +@subsubheading Cryptanalytic + +To defend against cryptanalytic attacks GnuTLS' PRNG is a stream cipher +designed to defend against the same attacks. As such, GnuTLS' PRNG strength +with regards to this attack relies on the underlying crypto block, +which at the time of writing is CHACHA. That is easily replaceable in +the future if attacks are found to be possible in that cipher. + +@subsubheading Input-based attacks + +These attacks assume that the attacker can influence the input that is used +to form the state of the PRNG. To counter these attacks GnuTLS does not +gather input from the system environment but rather relies on the OS +provided random generator. That is the @code{/dev/urandom} or +@code{getentropy}/@code{getrandom} system calls. As such, GnuTLS' PRNG +is as strong as the system random generator can assure with regards to +input-based attacks. + +@subsubheading State-compromise: Backtracking + +A backtracking attack, assumes that an adversary obtains at some point of time +access to the generator state, and wants to recover past bytes. As the +GnuTLS generator is fine-tuned to provide multiple levels, such an attack +mainly concerns levels @code{GNUTLS_RND_RANDOM} and @code{GNUTLS_RND_KEY}, +since @code{GNUTLS_RND_NONCE} is intended to output non-secret data. +The @code{GNUTLS_RND_RANDOM} generator at the time of writing can output +2MB prior to being re-seeded thus this is its upper bound for previously +generated data recovered using this attack. That assumes that the state +of the operating system random generator is unknown to the attacker, and we carry that +assumption on the next paragraphs. The usage of @code{GNUTLS_RND_KEY} level +ensures that no backtracking is possible for all output data, by re-keying +the PRNG using its own output. + +Such an attack reflects the real world scenario where application's memory is +temporarily compromised, while the kernel's memory is inaccessible. + +@subsubheading State-compromise: Permanent Compromise Attack + +A permanent compromise attack implies that once an attacker compromises the +state of GnuTLS' random generator at a specific time, future and past +outputs from the generator are compromised. For past outputs the +previous paragraph applies. For future outputs, both the @code{GNUTLS_RND_RANDOM} +and the @code{GNUTLS_RND_KEY} will recover after 2MB of data have been generated +or few hours have passed (two at the time of writing). Similarly the @code{GNUTLS_RND_NONCE} +level generator will recover after several megabytes of output is generated, +or its re-key time is reached. + +@subsubheading State-compromise: Iterative guessing + +This attack assumes that after an attacker obtained the PRNG state +at some point, is able to recover the state at a later time by observing +outputs of the PRNG. That is countered by switching the key to generators +using a combination of a fresh key and the old one (using XOR), at +re-seed time. All levels are immune to such attack after a re-seed. + +@subsubheading State-compromise: Meet-in-the-Middle + +This attack assumes that the attacker obtained the PRNG state at +two distinct times, and being able to recover the state at the third time +after observing the output of the PRNG. Given the approach described +on the above paragraph, all levels are immune to such attack. + +@node FIPS140-2 mode +@section FIPS140-2 mode + +GnuTLS can operate in a special mode for FIPS140-2. That mode of operation +is for the conformance to NIST's FIPS140-2 publication, which consists of policies +for cryptographic modules (such as software libraries). Its implementation in +GnuTLS is designed for Red Hat Enterprise Linux, and can only be enabled +when the library is explicitly compiled with the '--enable-fips140-mode' +configure option. The operation of the library is then modified, as follows. + +@itemize +@item FIPS140-2 mode is enabled when @code{/proc/sys/crypto/fips_enabled} contains '1' and @code{/etc/system-fips} is present. +@item Only approved by FIPS140-2 algorithms are enabled +@item Only approved by FIPS140-2 key lengths are allowed for key generation +@item The random generator used switches to DRBG-AES +@item The integrity of the GnuTLS and dependent libraries is checked on startup +@item Algorithm self-tests are run on library load +@item Any cryptographic operation will be refused if any of the self-tests failed +@end itemize + + +There are also few environment variables which modify that operation. The +environment variable @code{GNUTLS_SKIP_FIPS_INTEGRITY_CHECKS} will disable +the library integrity tests on startup, and the variable +@code{GNUTLS_FORCE_FIPS_MODE} can be set to force a value from +@ref{gnutls_fips_mode_t}, i.e., '1' will enable the FIPS140-2 +mode, while '0' will disable it. + +The integrity checks for the dependent libraries and GnuTLS are performed +using '.hmac' files which are present at the same path as the library. The +key for the operations can be provided on compile-time with the configure +option '--with-fips140-key'. The MAC algorithm used is HMAC-SHA256. + +On runtime an application can verify whether the library is in FIPS140-2 +mode using the @funcref{gnutls_fips140_mode_enabled} function. + +@subheading Relaxing FIPS140-2 requirements + +The library by default operates in a strict enforcing mode, ensuring that +all constraints imposed by the FIPS140-2 specification are enforced. However +the application can relax these requirements via @funcref{gnutls_fips140_set_mode} +which can switch to alternative modes as in @ref{gnutls_fips_mode_t}. + +@showenumdesc{gnutls_fips_mode_t,The @code{gnutls_@-fips_@-mode_t} enumeration.} + +The intention of this API is to be used by applications which may run in +FIPS140-2 mode, while they utilize few algorithms not in the allowed set, +e.g., for non-security related purposes. In these cases applications should +wrap the non-compliant code within blocks like the following. + +@example +GNUTLS_FIPS140_SET_LAX_MODE(); + +_gnutls_hash_fast(GNUTLS_DIG_MD5, buffer, sizeof(buffer), output); + +GNUTLS_FIPS140_SET_STRICT_MODE(); +@end example + +The @code{GNUTLS_FIPS140_SET_LAX_MODE} and +@code{GNUTLS_FIPS140_SET_STRICT_MODE} are macros to simplify the following +sequence of calls. + +@example +if (gnutls_fips140_mode_enabled()) + gnutls_fips140_set_mode(GNUTLS_FIPS140_LAX, GNUTLS_FIPS140_SET_MODE_THREAD); + +_gnutls_hash_fast(GNUTLS_DIG_MD5, buffer, sizeof(buffer), output); + +if (gnutls_fips140_mode_enabled()) + gnutls_fips140_set_mode(GNUTLS_FIPS140_STRICT, GNUTLS_FIPS140_SET_MODE_THREAD); +@end example + +The reason of the @code{GNUTLS_FIPS140_SET_MODE_THREAD} flag in the +previous calls is to localize the change in the mode. Note also, that +such a block has no effect when the library is not operating +under FIPS140-2 mode, and thus it can be considered a no-op. + +Applications could also switch FIPS140-2 mode explicitly off, by calling +@example +gnutls_fips140_set_mode(GNUTLS_FIPS140_LAX, 0); +@end example diff --git a/doc/cha-intro-tls.texi b/doc/cha-intro-tls.texi new file mode 100644 index 0000000..b95abc6 --- /dev/null +++ b/doc/cha-intro-tls.texi @@ -0,0 +1,744 @@ +@node Introduction to TLS +@chapter Introduction to @acronym{TLS} and @acronym{DTLS} + +@acronym{TLS} stands for ``Transport Layer Security'' and is the +successor of SSL, the Secure Sockets Layer protocol @xcite{SSL3} +designed by Netscape. @acronym{TLS} is an Internet protocol, defined +by @acronym{IETF}@footnote{IETF, or Internet Engineering Task Force, +is a large open international community of network designers, +operators, vendors, and researchers concerned with the evolution of +the Internet architecture and the smooth operation of the Internet. +It is open to any interested individual.}, described in @xcite{RFC5246}. +The protocol provides +confidentiality, and authentication layers over any reliable transport +layer. The description, above, refers to @acronym{TLS} 1.0 but applies +to all other TLS versions as the differences between the protocols are not major. + +The @acronym{DTLS} protocol, or ``Datagram @acronym{TLS}'' @xcite{RFC4347} is a +protocol with identical goals as @acronym{TLS}, but can operate +under unreliable transport layers such as @acronym{UDP}. The +discussions below apply to this protocol as well, except when +noted otherwise. + +@menu +* TLS layers:: +* The transport layer:: +* The TLS record protocol:: +* The TLS Alert Protocol:: +* The TLS Handshake Protocol:: +* TLS Extensions:: +* How to use TLS in application protocols:: +* On SSL 2 and older protocols:: +@end menu + +@node TLS layers +@section TLS Layers +@cindex TLS layers + +@acronym{TLS} is a layered protocol, and consists of the record +protocol, the handshake protocol and the alert protocol. The record +protocol is to serve all other protocols and is above the transport +layer. The record protocol offers symmetric encryption, and data +authenticity@footnote{In early versions of TLS compression was optionally +available as well. This is no longer the case in recent versions of the +protocol.}. +The alert protocol offers some signaling to the other protocols. It +can help informing the peer for the cause of failures and other error +conditions. @xref{The Alert Protocol}, for more information. The +alert protocol is above the record protocol. + +The handshake protocol is responsible for the security parameters' +negotiation, the initial key exchange and authentication. +@xref{The Handshake Protocol}, for more information about the handshake +protocol. The protocol layering in TLS is shown in @ref{fig-tls-layers}. + +@float Figure,fig-tls-layers +@image{gnutls-layers,12cm} +@caption{The TLS protocol layers.} +@end float + +@node The transport layer +@section The Transport Layer +@cindex transport protocol +@cindex transport layer + +@acronym{TLS} is not limited to any transport layer and can be used +above any transport layer, as long as it is a reliable one. @acronym{DTLS} +can be used over reliable and unreliable transport layers. +@acronym{GnuTLS} supports TCP and UDP layers transparently using +the Berkeley sockets API. However, any transport layer can be used +by providing callbacks for @acronym{GnuTLS} to access the transport layer +(for details see @ref{Setting up the transport layer}). + +@node The TLS record protocol +@section The TLS record protocol +@cindex record protocol + +The record protocol is the secure communications provider. Its purpose +is to encrypt, and authenticate packets. +The record layer functions can be called at any time after +the handshake process is finished, when there is need to receive +or send data. In @acronym{DTLS} however, due to re-transmission +timers used in the handshake out-of-order handshake data might +be received for some time (maximum 60 seconds) after the handshake +process is finished. + +The functions to access the record protocol are limited to send +and receive functions, which might, given +the importance of this protocol in @acronym{TLS}, seem awkward. This is because +the record protocol's parameters are all set by the handshake protocol. +The record protocol initially starts with NULL parameters, which means +no encryption, and no MAC is used. Encryption and authentication begin +just after the handshake protocol has finished. + +@menu +* Encryption algorithms used in the record layer:: +* Compression algorithms and the record layer:: +* On Record Padding:: +@end menu + +@node Encryption algorithms used in the record layer +@subsection Encryption algorithms used in the record layer +@cindex symmetric encryption algorithms + +Confidentiality in the record layer is achieved by using symmetric +ciphers like @code{AES} or @code{CHACHA20}. Ciphers are encryption algorithms +that use a single, secret, key to encrypt and decrypt data. Early +versions of TLS separated between block and stream ciphers and had +message authentication plugged in to them by the protocol, though later +versions switched to using authenticated-encryption (AEAD) ciphers. The AEAD +ciphers are defined to combine encryption and authentication, and as such +they are not only more efficient, as the primitives used are designed to +interoperate nicely, but they are also known to interoperate in a secure +way. + +The supported in @acronym{GnuTLS} ciphers and MAC algorithms are shown in @ref{tab:ciphers} and +@ref{tab:macs}. + +@float Table,tab:ciphers +@multitable @columnfractions .20 .10 .15 .55 +@headitem Algorithm @tab Type @tab Applicable Protocols @tab Description +@item AES-128-GCM, AES-256-GCM @tab +AEAD @tab +TLS 1.2, TLS 1.3 @tab +This is the AES algorithm in the authenticated encryption GCM mode. +This mode combines message authentication and encryption and can +be extremely fast on CPUs that support hardware acceleration. + +@item AES-128-CCM, AES-256-CCM @tab +AEAD @tab +TLS 1.2, TLS 1.3 @tab +This is the AES algorithm in the authenticated encryption CCM mode. +This mode combines message authentication and encryption and is +often used by systems without AES or GCM acceleration support. + +@item CHACHA20-POLY1305 @tab +AEAD @tab +TLS 1.2, TLS 1.3 @tab +CHACHA20-POLY1305 is an authenticated encryption algorithm based on CHACHA20 cipher and +POLY1305 MAC. CHACHA20 is a refinement of SALSA20 algorithm, an approved cipher by +the European ESTREAM project. POLY1305 is Wegman-Carter, one-time authenticator. The +combination provides a fast stream cipher suitable for systems where a hardware AES +accelerator is not available. + +@item AES-128-CCM-8, AES-256-CCM-8 @tab +AEAD @tab +TLS 1.2, TLS 1.3 @tab +This is the AES algorithm in the authenticated encryption CCM mode +with a truncated to 64-bit authentication tag. This mode is for +communication with restricted systems. + +@item CAMELLIA-128-GCM, CAMELLIA-256-GCM @tab +AEAD @tab +TLS 1.2 @tab +This is the CAMELLIA algorithm in the authenticated encryption GCM mode. + +@item AES-128-CBC, AES-256-CBC @tab +Legacy (block) @tab +TLS 1.0, TLS 1.1, TLS 1.2 @tab +AES or RIJNDAEL is the block cipher algorithm that replaces the old +DES algorithm. It has 128 bits block size and is used in CBC mode. + +@item CAMELLIA-128-CBC, CAMELLIA-256-CBC @tab +Legacy (block) @tab +TLS 1.0, TLS 1.1, TLS 1.2 @tab +This is an 128-bit block cipher developed by Mitsubishi and NTT. It +is one of the approved ciphers of the European NESSIE and Japanese +CRYPTREC projects. + +@item 3DES-CBC @tab +Legacy (block) @tab +TLS 1.0, TLS 1.1, TLS 1.2 @tab +This is the DES block cipher algorithm used with triple +encryption (EDE). Has 64 bits block size and is used in CBC mode. + +@item ARCFOUR-128 @tab +Legacy (stream) @tab +TLS 1.0, TLS 1.1, TLS 1.2 @tab +ARCFOUR-128 is a compatible algorithm with RSA's RC4 algorithm, which is considered to be a trade +secret. It is a considered to be broken, and is only used for compatibility +purposed. For this reason it is not enabled by default. + +@item NULL @tab +Legacy (stream) @tab +TLS 1.0, TLS 1.1, TLS 1.2 @tab +NULL is the empty/identity cipher which doesn't encrypt any data. It can be +combined with data authentication under TLS 1.2 or earlier, but is only used +transiently under TLS 1.3 until encryption starts. This cipher cannot be negotiated +by default (need to be explicitly enabled) under TLS 1.2, and cannot be +negotiated at all under TLS 1.3. When enabled, TLS 1.3 (or later) support will be +implicitly disabled. + +@end multitable +@caption{Supported ciphers in TLS.} +@end float + + +@float Table,tab:macs +@multitable @columnfractions .20 .70 +@headitem Algorithm @tab Description +@item MAC-MD5 @tab +This is an HMAC based on MD5 a cryptographic hash algorithm designed +by Ron Rivest. Outputs 128 bits of data. + +@item MAC-SHA1 @tab +An HMAC based on the SHA1 cryptographic hash algorithm +designed by NSA. Outputs 160 bits of data. + +@item MAC-SHA256 @tab +An HMAC based on SHA2-256. Outputs 256 bits of data. + +@item MAC-SHA384 @tab +An HMAC based on SHA2-384. Outputs 384 bits of data. + +@item MAC-AEAD @tab +This indicates that an authenticated encryption algorithm, such as +GCM, is in use. + +@end multitable +@caption{Supported MAC algorithms in TLS.} +@end float + + +@node Compression algorithms and the record layer +@subsection Compression algorithms and the record layer +@cindex compression algorithms + +In early versions of TLS the record layer supported compression. However, +that proved to be problematic in many ways, and enabled several attacks +based on traffic analysis on the transported data. For that newer versions of the protocol no longer +offer compression, and @acronym{GnuTLS} since 3.6.0 no longer implements any +support for compression. + +@node On Record Padding +@subsection On record padding +@cindex record padding +@cindex bad_record_mac + +The TLS 1.3 protocol allows for extra padding of records to prevent +statistical analysis based on the length of exchanged messages. +GnuTLS takes advantage of this feature, by allowing the user +to specify the amount of padding for a particular message. The simplest +interface is provided by @funcref{gnutls_record_send2}, and is made +available when under TLS1.3; alternatively @funcref{gnutls_record_can_use_length_hiding} +can be queried. + +Note that this interface is not sufficient to completely hide the length of the +data. The application code may reveal the data transferred by leaking its +data processing time, or by leaking the TLS1.3 record processing time by +GnuTLS. That is because under TLS1.3 the padding removal time depends on the +padding data for an efficient implementation. To make that processing +constant time the @funcref{gnutls_init} function must be called with +the flag @code{GNUTLS_SAFE_PADDING_CHECK}. + +@showfuncdesc{gnutls_record_send2} + +Older GnuTLS versions provided an API suitable for cases where the sender +sends data that are always within a given range. That API is still +available, and consists of the following functions. + +@showfuncB{gnutls_record_can_use_length_hiding,gnutls_record_send_range} + +@node The TLS Alert Protocol +@section The TLS alert protocol +@anchor{The Alert Protocol} +@cindex alert protocol + +The alert protocol is there to allow signals to be sent between peers. +These signals are mostly used to inform the peer about the cause of a +protocol failure. Some of these signals are used internally by the +protocol and the application protocol does not have to cope with them +(e.g. @code{GNUTLS_@-A_@-CLOSE_@-NOTIFY}), and others refer to the +application protocol solely (e.g. @code{GNUTLS_@-A_@-USER_@-CANCELLED}). An +alert signal includes a level indication which may be either fatal or +warning (under TLS1.3 all alerts are fatal). Fatal alerts always terminate +the current connection, and prevent future re-negotiations using the current +session ID. All supported alert messages are summarized in the table below. + +The alert messages are protected by the record protocol, thus the +information that is included does not leak. You must take extreme care +for the alert information not to leak to a possible attacker, via +public log files etc. + +@include alerts.texi + +@node The TLS Handshake Protocol +@section The TLS handshake protocol +@anchor{The Handshake Protocol} +@cindex handshake protocol + +The handshake protocol is responsible for the ciphersuite negotiation, +the initial key exchange, and the authentication of the two peers. +This is fully controlled by the application layer, thus your program +has to set up the required parameters. The main handshake function +is @funcref{gnutls_handshake}. In the next paragraphs we elaborate on +the handshake protocol, i.e., the ciphersuite negotiation. + + +@menu +* TLS Cipher Suites:: TLS session parameters. +* Authentication:: TLS authentication. +* Client Authentication:: Requesting a certificate from the client. +* Resuming Sessions:: Reusing previously established keys. +@end menu + + +@node TLS Cipher Suites +@subsection TLS ciphersuites + +The TLS cipher suites have slightly different meaning under different +protocols. Under @acronym{TLS 1.3}, a cipher suite indicates the symmetric +encryption algorithm in use, as well as the pseudo-random function (PRF) +used in the TLS session. + +Under TLS 1.2 or early the handshake protocol negotiates cipher suites of +a special form illustrated by the @code{TLS_DHE_RSA_WITH_3DES_CBC_SHA} cipher suite name. +A typical cipher suite contains these parameters: + +@itemize + +@item The key exchange algorithm. +@code{DHE_RSA} in the example. + +@item The Symmetric encryption algorithm and mode +@code{3DES_CBC} in this example. + +@item The MAC@footnote{MAC stands for Message Authentication Code. It can be described as a keyed hash algorithm. See RFC2104.} algorithm used for authentication. +@code{MAC_SHA} is used in the above example. + +@end itemize + +The cipher suite negotiated in the handshake protocol will affect the +record protocol, by enabling encryption and data authentication. Note +that you should not over rely on @acronym{TLS} to negotiate the +strongest available cipher suite. Do not enable ciphers and algorithms +that you consider weak. + +All the supported ciphersuites are listed in @ref{ciphersuites}. + +@node Authentication +@subsection Authentication + +The key exchange algorithms of the @acronym{TLS} protocol offer +authentication, which is a prerequisite for a secure connection. +The available authentication methods in @acronym{GnuTLS}, under +TLS 1.3 or earlier versions, follow. + +@itemize + +@item Certificate authentication: Authenticated key exchange using public key infrastructure and X.509 certificates. +@item @acronym{PSK} authentication: Authenticated key exchange using a pre-shared key. + +@end itemize + +Under TLS 1.2 or earlier versions, the following authentication methods +are also available. + +@itemize + +@item @acronym{SRP} authentication: Authenticated key exchange using a password. +@item Anonymous authentication: Key exchange without peer authentication. + +@end itemize + +@node Client Authentication +@subsection Client authentication +@cindex client certificate authentication + +In the case of ciphersuites that use certificate authentication, the +authentication of the client is optional in @acronym{TLS}. A server +may request a certificate from the client using the +@funcref{gnutls_certificate_server_set_request} function. We elaborate +in @ref{Certificate credentials}. + +@node Resuming Sessions +@subsection Resuming sessions +@anchor{resume} +@cindex resuming sessions +@cindex session resumption + +The TLS handshake process performs expensive calculations +and a busy server might easily be put under load. To +reduce the load, session resumption may be used. This +is a feature of the @acronym{TLS} protocol which allows a +client to connect to a server after a successful handshake, without +the expensive calculations. This is achieved by re-using the previously +established keys, meaning the server needs to store the state of established +connections (unless session tickets are used -- @ref{Session tickets}). + +Session resumption is an integral part of @acronym{GnuTLS}, and +@ref{Session resumption}, @ref{ex-resume-client} illustrate typical +uses of it. + +@node TLS Extensions +@section TLS extensions +@cindex TLS extensions + +A number of extensions to the @acronym{TLS} protocol have been +proposed mainly in @xcite{TLSEXT}. The extensions supported +in @acronym{GnuTLS} are discussed in the subsections that follow. + +@menu +* Maximum fragment length negotiation:: +* Server name indication:: +* Session tickets:: +* HeartBeat:: +* Safe renegotiation:: +* OCSP status request:: +* SRTP:: +* False Start:: +* Application Layer Protocol Negotiation (ALPN):: +* Extensions and Supplemental Data:: +@end menu + +@node Maximum fragment length negotiation +@subsection Maximum fragment length negotiation +@cindex TLS extensions +@cindex maximum fragment length + +This extension allows a @acronym{TLS} implementation to negotiate a +smaller value for record packet maximum length. This extension may be +useful to clients with constrained capabilities. The functions shown +below can be used to control this extension. + +@showfuncB{gnutls_record_get_max_size,gnutls_record_set_max_size} + +@node Server name indication +@subsection Server name indication +@anchor{serverind} +@cindex TLS extensions +@cindex server name indication + +A common problem in @acronym{HTTPS} servers is the fact that the +@acronym{TLS} protocol is not aware of the hostname that a client +connects to, when the handshake procedure begins. For that reason the +@acronym{TLS} server has no way to know which certificate to send. + +This extension solves that problem within the @acronym{TLS} protocol, +and allows a client to send the HTTP hostname before the handshake +begins within the first handshake packet. The functions +@funcref{gnutls_server_name_set} and @funcref{gnutls_server_name_get} can be +used to enable this extension, or to retrieve the name sent by a +client. + +@showfuncB{gnutls_server_name_set,gnutls_server_name_get} + +@node Session tickets +@subsection Session tickets +@cindex TLS extensions +@cindex session tickets +@cindex tickets + +To resume a TLS session, the server normally stores session parameters. This +complicates deployment, and can be avoided by delegating the storage +to the client. Because session parameters are sensitive they are encrypted +and authenticated with a key only known to the server and then sent to the +client. The Session Tickets extension is described in RFC 5077 @xcite{TLSTKT}. + +A disadvantage of session tickets is that they eliminate the effects of +forward secrecy when a server uses the same key for long time. That is, +the secrecy of all sessions on a server using tickets depends on the ticket +key being kept secret. For that reason server keys should be rotated and discarded +regularly. + +Since version 3.1.3 GnuTLS clients transparently support session tickets, +unless forward secrecy is explicitly requested (with the PFS priority string). + +Under TLS 1.3 session tickets are mandatory for session resumption, and they +do not share the forward secrecy concerns as with TLS 1.2 or earlier. + +@node HeartBeat +@subsection HeartBeat +@cindex TLS extensions +@cindex heartbeat + +This is a TLS extension that allows to ping and receive confirmation from the peer, +and is described in @xcite{RFC6520}. The extension is disabled by default and +@funcref{gnutls_heartbeat_enable} can be used to enable it. A policy +may be negotiated to only allow sending heartbeat messages or sending and receiving. +The current session policy can be checked with @funcref{gnutls_heartbeat_allowed}. +The requests coming from the peer result to @code{GNUTLS_@-E_@-HEARTBEAT_@-PING_@-RECEIVED} +being returned from the receive function. Ping requests to peer can be send via +@funcref{gnutls_heartbeat_ping}. + +@showfuncB{gnutls_heartbeat_allowed,gnutls_heartbeat_enable} + +@showfuncD{gnutls_heartbeat_ping,gnutls_heartbeat_pong,gnutls_heartbeat_set_timeouts,gnutls_heartbeat_get_timeout} + +@node Safe renegotiation +@subsection Safe renegotiation +@cindex renegotiation +@cindex safe renegotiation + +TLS gives the option to two communicating parties to renegotiate +and update their security parameters. One useful example of this feature +was for a client to initially connect using anonymous negotiation to a +server, and the renegotiate using some authenticated ciphersuite. This occurred +to avoid having the client sending its credentials in the clear. + +However this renegotiation, as initially designed would not ensure that +the party one is renegotiating is the same as the one in the initial negotiation. +For example one server could forward all renegotiation traffic to an other +server who will see this traffic as an initial negotiation attempt. + +This might be seen as a valid design decision, but it seems it was +not widely known or understood, thus today some application protocols use the TLS +renegotiation feature in a manner that enables a malicious server to insert +content of his choice in the beginning of a TLS session. + +The most prominent vulnerability was with HTTPS. There servers request +a renegotiation to enforce an anonymous user to use a certificate in order +to access certain parts of a web site. The +attack works by having the attacker simulate a client and connect to a +server, with server-only authentication, and send some data intended +to cause harm. The server will then require renegotiation from him +in order to perform the request. +When the proper client attempts to contact the server, +the attacker hijacks that connection and forwards traffic to +the initial server that requested renegotiation. The +attacker will not be able to read the data exchanged between the +client and the server. However, the server will (incorrectly) assume +that the initial request sent by the attacker was sent by the now authenticated +client. The result is a prefix plain-text injection attack. + +The above is just one example. Other vulnerabilities exists that do +not rely on the TLS renegotiation to change the client's authenticated +status (either TLS or application layer). + +While fixing these application protocols and implementations would be +one natural reaction, an extension to TLS has been designed that +cryptographically binds together any renegotiated handshakes with the +initial negotiation. When the extension is used, the attack is +detected and the session can be terminated. The extension is +specified in @xcite{RFC5746}. + +GnuTLS supports the safe renegotiation extension. The default +behavior is as follows. Clients will attempt to negotiate the safe +renegotiation extension when talking to servers. Servers will accept +the extension when presented by clients. Clients and servers will +permit an initial handshake to complete even when the other side does +not support the safe renegotiation extension. Clients and servers +will refuse renegotiation attempts when the extension has not been +negotiated. + +Note that permitting clients to connect to servers when the safe +renegotiation extension is not enabled, is open up for attacks. +Changing this default behavior would prevent interoperability against +the majority of deployed servers out there. We will reconsider this +default behavior in the future when more servers have been upgraded. +Note that it is easy to configure clients to always require the safe +renegotiation extension from servers. + +To modify the default behavior, we have introduced some new priority +strings (see @ref{Priority Strings}). +The @code{%UNSAFE_RENEGOTIATION} priority string permits +(re-)handshakes even when the safe renegotiation extension was not +negotiated. The default behavior is @code{%PARTIAL_RENEGOTIATION} that will +prevent renegotiation with clients and servers not supporting the +extension. This is secure for servers but leaves clients vulnerable +to some attacks, but this is a trade-off between security and compatibility +with old servers. The @code{%SAFE_RENEGOTIATION} priority string makes +clients and servers require the extension for every handshake. The latter +is the most secure option for clients, at the cost of not being able +to connect to legacy servers. Servers will also deny clients that +do not support the extension from connecting. + +It is possible to disable use of the extension completely, in both +clients and servers, by using the @code{%DISABLE_SAFE_RENEGOTIATION} +priority string however we strongly recommend you to only do this for +debugging and test purposes. + +The default values if the flags above are not specified are: +@table @code + +@item Server: +%PARTIAL_RENEGOTIATION + +@item Client: +%PARTIAL_RENEGOTIATION + +@end table + +For applications we have introduced a new API related to safe +renegotiation. The @funcref{gnutls_safe_renegotiation_status} function is +used to check if the extension has been negotiated on a session, and +can be used both by clients and servers. + +@node OCSP status request +@subsection OCSP status request +@cindex OCSP status request +@cindex Certificate status request + +The Online Certificate Status Protocol (OCSP) is a protocol that allows the +client to verify the server certificate for revocation without messing with +certificate revocation lists. Its drawback is that it requires the client +to connect to the server's CA OCSP server and request the status of the +certificate. This extension however, enables a TLS server to include +its CA OCSP server response in the handshake. That is an HTTPS server +may periodically run @code{ocsptool} (see @ref{ocsptool Invocation}) to obtain +its certificate revocation status and serve it to the clients. That +way a client avoids an additional connection to the OCSP server. + +See @ref{OCSP stapling} for further information. + +Since version 3.1.3 GnuTLS clients transparently support the certificate status +request. + +@node SRTP +@subsection SRTP +@cindex SRTP +@cindex Secure RTP + +The TLS protocol was extended in @xcite{RFC5764} to provide keying material to the +Secure RTP (SRTP) protocol. The SRTP protocol provides an encapsulation of encrypted +data that is optimized for voice data. With the SRTP TLS extension two peers can +negotiate keys using TLS or DTLS and obtain keying material for use with SRTP. The +available SRTP profiles are listed below. + +@showenumdesc{gnutls_srtp_profile_t,Supported SRTP profiles} + +To enable use the following functions. + +@showfuncB{gnutls_srtp_set_profile,gnutls_srtp_set_profile_direct} + +To obtain the negotiated keys use the function below. + +@showfuncdesc{gnutls_srtp_get_keys} + +Other helper functions are listed below. + +@showfuncC{gnutls_srtp_get_selected_profile,gnutls_srtp_get_profile_name,gnutls_srtp_get_profile_id} + +@node False Start +@subsection False Start +@cindex False Start +@cindex TLS False Start + +The TLS protocol was extended in @xcite{RFC7918} to allow the client +to send data to server in a single round trip. This change however operates on the borderline +of the TLS protocol security guarantees and should be used for the cases where the reduced +latency outperforms the risk of an adversary intercepting the transferred data. In GnuTLS +applications can use the @acronym{GNUTLS_ENABLE_FALSE_START} as option to @funcref{gnutls_init} +to request an early return of the @funcref{gnutls_handshake} function. After that early +return the application is expected to transfer any data to be piggybacked on the last handshake +message. + +After handshake's early termination, the application is expected to transmit +data using @funcref{gnutls_record_send}, and call @funcref{gnutls_record_recv} on +any received data as soon, to ensure that handshake completes timely. That is, especially +relevant for applications which set an explicit time limit for the handshake process +via @funcref{gnutls_handshake_set_timeout}. + +Note however, that the API ensures that the early return will not happen +if the false start requirements are not satisfied. That is, on ciphersuites which are not +whitelisted for false start or on insufficient key sizes, the handshake +process will complete properly (i.e., no early return). To verify that false start was used you +may use @funcref{gnutls_session_get_flags} and check for the @acronym{GNUTLS_SFLAGS_FALSE_START} +flag. For GnuTLS the false start is whitelisted for the following +key exchange methods (see @xcite{RFC7918} for rationale) +@itemize +@item DHE +@item ECDHE +@end itemize +but only when the negotiated parameters exceed @code{GNUTLS_SEC_PARAM_HIGH} +--see @ref{tab:key-sizes}, and when under (D)TLS 1.2 or later. + +@node Application Layer Protocol Negotiation (ALPN) +@subsection Application Layer Protocol Negotiation (ALPN) +@cindex ALPN +@cindex Application Layer Protocol Negotiation + +The TLS protocol was extended in @code{RFC7301} +to provide the application layer a method of +negotiating the application protocol version. This allows for negotiation +of the application protocol during the TLS handshake, thus reducing +round-trips. The application protocol is described by an opaque +string. To enable, use the following functions. + +@showfuncB{gnutls_alpn_set_protocols,gnutls_alpn_get_selected_protocol} + +Note that these functions are intended to be used with protocols that are +registered in the Application Layer Protocol Negotiation IANA registry. While +you can use them for other protocols (at the risk of collisions), it is preferable +to register them. + +@node Extensions and Supplemental Data +@subsection Extensions and Supplemental Data +@cindex Supplemental data + +It is possible to transfer supplemental data during the TLS handshake, following +@xcite{RFC4680}. This is for "custom" protocol modifications for applications which +may want to transfer additional data (e.g. additional authentication messages). Such +an exchange requires a custom extension to be registered. +The provided API for this functionality is low-level and described in @ref{TLS Hello Extension Handling}. + +@include sec-tls-app.texi + +@node On SSL 2 and older protocols +@section On SSL 2 and older protocols +@cindex SSL 2 + +One of the initial decisions in the @acronym{GnuTLS} development was +to implement the known security protocols for the transport layer. +Initially @acronym{TLS} 1.0 was implemented since it was the latest at +that time, and was considered to be the most advanced in security +properties. Later the @acronym{SSL} 3.0 protocol was implemented +since it is still the only protocol supported by several servers and +there are no serious security vulnerabilities known. + +One question that may arise is why we didn't implement @acronym{SSL} +2.0 in the library. There are several reasons, most important being +that it has serious security flaws, unacceptable for a modern security +library. Other than that, this protocol is barely used by anyone +these days since it has been deprecated since 1996. The security +problems in @acronym{SSL} 2.0 include: + +@itemize + +@item Message integrity compromised. +The @acronym{SSLv2} message authentication uses the MD5 function, and +is insecure. + +@item Man-in-the-middle attack. +There is no protection of the handshake in @acronym{SSLv2}, which +permits a man-in-the-middle attack. + +@item Truncation attack. +@acronym{SSLv2} relies on TCP FIN to close the session, so the +attacker can forge a TCP FIN, and the peer cannot tell if it was a +legitimate end of data or not. + +@item Weak message integrity for export ciphers. +The cryptographic keys in @acronym{SSLv2} are used for both message +authentication and encryption, so if weak encryption schemes are +negotiated (say 40-bit keys) the message authentication code uses the +same weak key, which isn't necessary. + +@end itemize + +@cindex PCT +Other protocols such as Microsoft's @acronym{PCT} 1 and @acronym{PCT} +2 were not implemented because they were also abandoned and deprecated +by @acronym{SSL} 3.0 and later @acronym{TLS} 1.0. + + diff --git a/doc/cha-library.texi b/doc/cha-library.texi new file mode 100644 index 0000000..ff21ba6 --- /dev/null +++ b/doc/cha-library.texi @@ -0,0 +1,157 @@ +@node Introduction to GnuTLS +@chapter Introduction to GnuTLS + +In brief @acronym{GnuTLS} can be described as a library which offers an API +to access secure communication protocols. These protocols provide +privacy over insecure lines, and were designed to prevent +eavesdropping, tampering, or message forgery. + +Technically @acronym{GnuTLS} is a portable ANSI C based library which +implements the protocols ranging from SSL 3.0 to TLS 1.3 (see @ref{Introduction to TLS}, +for a detailed description of the protocols), accompanied +with the required framework for authentication and public key +infrastructure. Important features of the @acronym{GnuTLS} library +include: + +@itemize + +@item Support for TLS 1.3, TLS 1.2, TLS 1.1, TLS 1.0 and optionally SSL 3.0 protocols. + +@item Support for Datagram TLS 1.0 and 1.2. + +@item Support for handling and verification of @acronym{X.509} certificates. + +@item Support for password authentication using @acronym{TLS-SRP}. + +@item Support for keyed authentication using @acronym{TLS-PSK}. + +@item Support for TPM, @acronym{PKCS} #11 tokens and smart-cards. + +@end itemize + +The @acronym{GnuTLS} library consists of three independent parts, namely the ``TLS +protocol part'', the ``Certificate part'', and the ``Cryptographic +back-end'' part. The ``TLS protocol part'' is the actual protocol +implementation, and is entirely implemented within the +@acronym{GnuTLS} library. The ``Certificate part'' consists of the +certificate parsing, and verification functions and it uses +functionality from the +libtasn1 library. +The ``Cryptographic back-end'' is provided by the nettle +and gmplib libraries. + +@menu +* Downloading and installing:: +* Installing for a software distribution:: +* Document overview:: +@end menu + +@node Downloading and installing +@section Downloading and installing +@cindex installation +@cindex download + +GnuTLS is available for download at: +@url{https://www.gnutls.org/download.html} + +GnuTLS uses a development cycle where even minor version numbers +indicate a stable release and a odd minor version number indicate a +development release. For example, GnuTLS 1.6.3 denote a stable +release since 6 is even, and GnuTLS 1.7.11 denote a development +release since 7 is odd. + +GnuTLS depends on @code{nettle} and @code{gmplib}, and you will need to install it +before installing GnuTLS. The @code{nettle} library is available from +@url{https://www.lysator.liu.se/~nisse/nettle/}, while @code{gmplib} is available +from @url{https://www.gmplib.org/}. +Don't forget to verify the cryptographic signature after downloading +source code packages. + +The package is then extracted, configured and built like many other +packages that use Autoconf. For detailed information on configuring +and building it, refer to the @file{INSTALL} file that is part of the +distribution archive. Typically you invoke @code{./configure} and +then @code{make check install}. There are a number of compile-time +parameters, as discussed below. + +Several parts of GnuTLS require ASN.1 functionality, which is provided by +a library called libtasn1. A copy of libtasn1 is included in GnuTLS. If you +want to install it separately (e.g., to make it possibly to use +libtasn1 in other programs), you can get it from +@url{https://www.gnu.org/software/libtasn1/}. + +The compression library, @code{libz}, the PKCS #11 helper library @code{p11-kit}, +the TPM library @code{trousers}, as well as the IDN library @code{libidn}@footnote{Needed +to use RFC6125 name comparison in internationalized domains.} are +optional dependencies. Check the README file in the distribution on how +to obtain these libraries. + +A few @code{configure} options may be relevant, summarized below. +They disable or enable particular features, +to create a smaller library with only the required features. +Note however, that although a smaller library is generated, the +included programs are not guaranteed to compile if some of these +options are given. + +@verbatim +--disable-srp-authentication +--disable-psk-authentication +--disable-anon-authentication +--disable-dhe +--disable-ecdhe +--disable-openssl-compatibility +--disable-dtls-srtp-support +--disable-alpn-support +--disable-heartbeat-support +--disable-libdane +--without-p11-kit +--without-tpm +--without-zlib + +@end verbatim + +For the complete list, refer to the output from @code{configure --help}. + +@node Installing for a software distribution +@section Installing for a software distribution +@cindex installation + +When installing for a software distribution, it is often desirable to preconfigure +GnuTLS with the system-wide paths and files. There two important configuration +options, one sets the trust store in system, which are the CA certificates +to be used by programs by default (if they don't override it), and the other sets +to DNSSEC root key file used by unbound for DNSSEC verification. + +For the latter the following configuration option is available, and if not specified +GnuTLS will try to auto-detect the location of that file. +@verbatim +--with-unbound-root-key-file + +@end verbatim + +To set the trust store the following options are available. +@verbatim +--with-default-trust-store-file +--with-default-trust-store-dir +--with-default-trust-store-pkcs11 + +@end verbatim +The first option is used to set a PEM file which contains a list of trusted certificates, +while the second will read all certificates in the given path. The recommended option is +the last, which allows to use a PKCS #11 trust policy module. That module not only +provides the trusted certificates, but allows the categorization of them using purpose, +e.g., CAs can be restricted for e-mail usage only, or administrative restrictions of CAs, for +examples by restricting a CA to only issue certificates for a given DNS domain using NameConstraints. +A publicly available PKCS #11 trust module is p11-kit's trust module@footnote{@url{https://p11-glue.freedesktop.org/doc/p11-kit/trust-module.html}}. + +@node Document overview +@section Overview +In this document we present an overview of the supported security protocols in @ref{Introduction to TLS}, and +continue by providing more information on the certificate authentication in @ref{Certificate authentication}, +and shared-key as well anonymous authentication in @ref{Shared-key and anonymous authentication}. We +elaborate on certificate authentication by demonstrating advanced usage of the API in @ref{More on certificate authentication}. +The core of the TLS library is presented in @ref{How to use GnuTLS in applications} and example +applications are listed in @ref{GnuTLS application examples}. +In @ref{Other included programs} the usage of few included programs that +may assist debugging is presented. The last chapter is @ref{Internal architecture of GnuTLS} that +provides a short introduction to GnuTLS' internal architecture. diff --git a/doc/cha-preface.texi b/doc/cha-preface.texi new file mode 100644 index 0000000..7c41f41 --- /dev/null +++ b/doc/cha-preface.texi @@ -0,0 +1,26 @@ +@node Preface +@chapter Preface + +This document demonstrates and explains the @acronym{GnuTLS} +library API. A brief introduction to the protocols and the technology +involved is also included so that an application programmer can +better understand the @acronym{GnuTLS} purpose and actual offerings. +Even if @acronym{GnuTLS} is a typical library software, it operates +over several security and cryptographic protocols which require the +programmer to make careful and correct usage of them. Otherwise it +is likely to only obtain a false sense of security. +The term of security is very broad even if restricted to computer +software, and cannot be confined to a single cryptographic +library. For that reason, do not consider any program secure just +because it uses @acronym{GnuTLS}; there are several ways to compromise +a program or a communication line and @acronym{GnuTLS} only helps with +some of them. + +Although this document tries to be self contained, basic network +programming and public key infrastructure (PKI) knowledge is assumed +in most of it. A good introduction to networking can be found +in @xcite{STEVENS}, to public key infrastructure in @xcite{GUTPKI} +and to security engineering in @xcite{ANDERSON}. + +Updated versions of the @acronym{GnuTLS} software and this document +will be available from @url{https://www.gnutls.org/}. diff --git a/doc/cha-programs.texi b/doc/cha-programs.texi new file mode 100644 index 0000000..4526747 --- /dev/null +++ b/doc/cha-programs.texi @@ -0,0 +1,19 @@ +@node Other included programs +@chapter Other included programs + +Included with @acronym{GnuTLS} are also a few command line tools that +let you use the library for common tasks without writing an +application. The applications are discussed in this chapter. + +@menu +* gnutls-cli Invocation:: Invoking gnutls-cli +* gnutls-serv Invocation:: Invoking gnutls-serv +* gnutls-cli-debug Invocation:: Invoking gnutls-cli-debug +@end menu +@c @include invoke-gnutls-cli.menu +@c @include invoke-gnutls-serv.menu +@c @include invoke-gnutls-cli-debug.menu + +@include invoke-gnutls-cli.texi +@include invoke-gnutls-serv.texi +@include invoke-gnutls-cli-debug.texi diff --git a/doc/cha-shared-key.texi b/doc/cha-shared-key.texi new file mode 100644 index 0000000..394fd79 --- /dev/null +++ b/doc/cha-shared-key.texi @@ -0,0 +1,161 @@ +@node Shared-key and anonymous authentication +@section Shared-key and anonymous authentication + +In addition to certificate authentication, the TLS protocol may be +used with password, shared-key and anonymous authentication methods. +The rest of this chapter discusses details of these methods. + +@menu +* PSK authentication:: +* SRP authentication:: +* Anonymous authentication:: +@end menu + +@node PSK authentication +@subsection PSK authentication + +@menu +* Authentication using PSK:: +* psktool Invocation:: Invoking psktool +@end menu + +@node Authentication using PSK +@subsubsection Authentication using @acronym{PSK} +@cindex PSK authentication + +Authentication using Pre-shared keys is a method to authenticate using +usernames and binary keys. This protocol avoids making use of public +key infrastructure and expensive calculations, thus it is suitable for +constraint clients. It is available under all TLS protocol versions. + +The implementation in @acronym{GnuTLS} is based on @xcite{TLSPSK}. +The supported @acronym{PSK} key exchange methods are: + +@table @code + +@item PSK: +Authentication using the @acronym{PSK} protocol (no forward secrecy). + +@item DHE-PSK: +Authentication using the @acronym{PSK} protocol and Diffie-Hellman key +exchange. This method offers perfect forward secrecy. + +@item ECDHE-PSK: +Authentication using the @acronym{PSK} protocol and Elliptic curve Diffie-Hellman key +exchange. This method offers perfect forward secrecy. + +@item RSA-PSK: +Authentication using the @acronym{PSK} protocol for the client and an RSA certificate +for the server. This is not available under TLS 1.3. + +@end table + +Helper functions to generate and maintain @acronym{PSK} keys are also included +in @acronym{GnuTLS}. + +@showfuncC{gnutls_key_generate,gnutls_hex_encode,gnutls_hex_decode} + +@include invoke-psktool.texi + + +@node SRP authentication +@subsection SRP authentication + +@menu +* Authentication using SRP:: +* srptool Invocation:: Invoking srptool +@end menu + +@node Authentication using SRP +@subsubsection Authentication using @acronym{SRP} +@cindex SRP authentication + +@acronym{GnuTLS} supports authentication via the Secure Remote Password +or @acronym{SRP} protocol (see @xcite{RFC2945,TOMSRP} for a description). +The @acronym{SRP} key exchange is an extension to the +@acronym{TLS} protocol, and it provides an authenticated with a +password key exchange. The peers can be identified using a single password, +or there can be combinations where the client is authenticated using @acronym{SRP} +and the server using a certificate. It is only available under TLS 1.2 or earlier +versions. + +The advantage of @acronym{SRP} authentication, over other proposed +secure password authentication schemes, is that @acronym{SRP} is not +susceptible to off-line dictionary attacks. +Moreover, SRP does not require the server to hold the user's password. +This kind of protection is similar to the one used traditionally in the @acronym{UNIX} +@file{/etc/passwd} file, where the contents of this file did not cause +harm to the system security if they were revealed. The @acronym{SRP} +needs instead of the plain password something called a verifier, which +is calculated using the user's password, and if stolen cannot be used +to impersonate the user. +@c The Stanford @acronym{SRP} libraries, include a PAM module that synchronizes +@c the system's users passwords with the @acronym{SRP} password +@c files. That way @acronym{SRP} authentication could be used for all users +@c of a system. + +Typical conventions in SRP are a password file, called @file{tpasswd} that +holds the SRP verifiers (encoded passwords) and another file, @file{tpasswd.conf}, +which holds the allowed SRP parameters. The included in GnuTLS helper +follow those conventions. The srptool program, discussed in the next section +is a tool to manipulate the SRP parameters. + +The implementation in @acronym{GnuTLS} is based on @xcite{TLSSRP}. The +supported key exchange methods are shown below. Enabling any of these +key exchange methods in a session disables support for TLS1.3. + +@table @code + +@item SRP: +Authentication using the @acronym{SRP} protocol. + +@item SRP_DSS: +Client authentication using the @acronym{SRP} protocol. Server is +authenticated using a certificate with DSA parameters. + +@item SRP_RSA: +Client authentication using the @acronym{SRP} protocol. Server is +authenticated using a certificate with RSA parameters. + +@end table + + +@showfuncdesc{gnutls_srp_verifier} + +@showfuncB{gnutls_srp_base64_encode2,gnutls_srp_base64_decode2} + +@include invoke-srptool.texi + +@node Anonymous authentication +@subsection Anonymous authentication +@cindex anonymous authentication + +The anonymous key exchange offers encryption without any +indication of the peer's identity. This kind of authentication +is vulnerable to a man in the middle attack, but can be +used even if there is no prior communication or shared trusted parties +with the peer. It is useful to establish a session over which certificate +authentication will occur in order to hide the indentities of the participants +from passive eavesdroppers. It is only available under TLS 1.2 or earlier +versions. + +Unless in the above case, it is not recommended to use anonymous authentication. +In the cases where there is no prior communication with the peers, +an alternative with better properties, such as key continuity, is trust on first use +(see @ref{Verifying a certificate using trust on first use authentication}). + +The available key exchange algorithms for anonymous authentication are +shown below, but note that few public servers support them, and they +have to be explicitly enabled. These ciphersuites are negotiated only under +TLS 1.2. + +@table @code + +@item ANON_DH: +This algorithm exchanges Diffie-Hellman parameters. + +@item ANON_ECDH: +This algorithm exchanges elliptic curve Diffie-Hellman parameters. It is more +efficient than ANON_DH on equivalent security levels. + +@end table diff --git a/doc/cha-support.texi b/doc/cha-support.texi new file mode 100644 index 0000000..b68cd07 --- /dev/null +++ b/doc/cha-support.texi @@ -0,0 +1,139 @@ +@node Support +@appendix Support + +@menu +* Getting help:: +* Commercial Support:: +* Bug Reports:: +* Contributing:: +* Certification:: +@end menu + +@node Getting help +@section Getting Help + +A mailing list where users may help each other exists, and you can +reach it by sending e-mail to @email{gnutls-help@@gnutls.org}. Archives +of the mailing list discussions, and an interface to manage +subscriptions, is available through the World Wide Web at +@url{https://lists.gnutls.org/pipermail/gnutls-help/}. + +A mailing list for developers are also available, see +@url{https://www.gnutls.org/lists.html}. +Bug reports should be sent to @email{bugs@@gnutls.org}, see +@ref{Bug Reports}. + +@node Commercial Support +@section Commercial Support + +Commercial support is available for users of GnuTLS. See +@url{https://www.gnutls.org/commercial.html} for more information. + + +@node Bug Reports +@section Bug Reports +@cindex reporting bugs + +If you think you have found a bug in GnuTLS, please investigate it and +report it. + +@itemize @bullet + +@item Please make sure that the bug is really in GnuTLS, and +preferably also check that it hasn't already been fixed in the latest +version. + +@item You have to send us a test case that makes it possible for us to +reproduce the bug. + +@item You also have to explain what is wrong; if you get a crash, or +if the results printed are not good and in that case, in what way. +Make sure that the bug report includes all information you would need +to fix this kind of bug for someone else. + +@end itemize + +Please make an effort to produce a self-contained report, with +something definite that can be tested or debugged. Vague queries or +piecemeal messages are difficult to act on and don't help the +development effort. + +If your bug report is good, we will do our best to help you to get a +corrected version of the software; if the bug report is poor, we won't +do anything about it (apart from asking you to send better bug +reports). + +If you think something in this manual is unclear, or downright +incorrect, or if the language needs to be improved, please also send a +note. + +Send your bug report to: + +@center @samp{bugs@@gnutls.org} + +@node Contributing +@section Contributing +@cindex contributing +@cindex hacking + +If you want to submit a patch for inclusion -- from solving a typo you +discovered, up to adding support for a new feature -- you should +submit it as a bug report, using the process in @ref{Bug Reports}. There are some +things that you can do to increase the chances for it to be included +in the official package. + +Unless your patch is very small (say, under 10 lines) we require that +you assign the copyright of your work to the Free Software Foundation. +This is to protect the freedom of the project. If you have not +already signed papers, we will send you the necessary information when +you submit your contribution. + +For contributions that doesn't consist of actual programming code, the +only guidelines are common sense. +For code contributions, a number of style guides will help you: + +@itemize @bullet + +@item Coding Style. +Follow the GNU Standards document. +@c (@pxref{top, GNU Coding Standards,,standards}). + +If you normally code using another coding standard, there is no +problem, but you should use @samp{indent} to reformat the code +@c (@pxref{top, GNU Indent,, indent}) +before submitting your work. + +@item Use the unified diff format @samp{diff -u}. + +@item Return errors. +No reason whatsoever should abort the execution of the library. Even +memory allocation errors, e.g. when malloc return NULL, should work +although result in an error code. + +@item Design with thread safety in mind. +Don't use global variables. Don't even write to per-handle global +variables unless the documented behaviour of the function you write is +to write to the per-handle global variable. + +@item Avoid using the C math library. +It causes problems for embedded implementations, and in most +situations it is very easy to avoid using it. + +@item Document your functions. +Use comments before each function headers, that, if properly +formatted, are extracted into Texinfo manuals and GTK-DOC web pages. + +@item Supply a ChangeLog and NEWS entries, where appropriate. + +@end itemize + +@node Certification +@section Certification +@cindex certification + +There are certifications from national or international bodies which "prove" +to an auditor that the crypto component follows some best practices, such +as unit testing and reliance on well known crypto primitives. + +GnuTLS has support for the FIPS 140-2 certification under Red Hat Enterprise Linux. +See @ref{FIPS140-2 mode} for more information. diff --git a/doc/cha-tokens.texi b/doc/cha-tokens.texi new file mode 100644 index 0000000..6057fed --- /dev/null +++ b/doc/cha-tokens.texi @@ -0,0 +1,631 @@ +@node Hardware security modules and abstract key types +@chapter Abstract key types and Hardware security modules + +In several cases storing the long term cryptographic keys in a hard disk or +even in memory poses a significant risk. Once the system they are stored +is compromised the keys must be replaced as the secrecy of future sessions +is no longer guaranteed. Moreover, past sessions that were not protected by a +perfect forward secrecy offering ciphersuite are also to be assumed compromised. + +If such threats need to be addressed, then it may be wise storing the keys in a security +module such as a smart card, an HSM or the TPM chip. Those modules ensure the +protection of the cryptographic keys by only allowing operations on them and +preventing their extraction. The purpose of the abstract key API is to provide +an API that will allow the handle of keys in memory and files, as well as keys +stored in such modules. + +In GnuTLS the approach is to handle all keys transparently by the high level API, e.g., +the API that loads a key or certificate from a file. +The high-level API will accept URIs in addition to files that specify keys on an HSM or in TPM, +and a callback function will be used to obtain any required keys. The URI format is defined in +@xcite{PKCS11URI}. + +More information on the API is provided in the next sections. Examples of a URI of a certificate +stored in an HSM, as well as a key stored in the TPM chip are shown below. To discover the URIs +of the objects the @code{p11tool} (see @ref{p11tool Invocation}). +@example +pkcs11:token=Nikos;serial=307521161601031;model=PKCS%2315; \ +manufacturer=EnterSafe;object=test1;type=cert + +@end example + + +@menu +* Abstract key types:: +* Application-specific keys:: +* Smart cards and HSMs:: +* Trusted Platform Module:: +@end menu + +@node Abstract key types +@section Abstract key types +@cindex abstract types + +Since there are many forms of a public or private keys supported by @acronym{GnuTLS} such as +@acronym{X.509}, @acronym{PKCS} #11 or TPM it is desirable to allow common operations +on them. For these reasons the abstract @code{gnutls_privkey_t} and @code{gnutls_pubkey_t} were +introduced in @code{gnutls/@-abstract.h} header. Those types are initialized using a specific type of +key and then can be used to perform operations in an abstract way. For example in order +to sign an X.509 certificate with a key that resides in a token the following steps can be +used. + +@example +#include + +void sign_cert( gnutls_x509_crt_t to_be_signed) +@{ +gnutls_x509_crt_t ca_cert; +gnutls_privkey_t abs_key; + + /* initialize the abstract key */ + gnutls_privkey_init(&abs_key); + + /* keys stored in tokens are identified by URLs */ + gnutls_privkey_import_url(abs_key, key_url); + + gnutls_x509_crt_init(&ca_cert); + gnutls_x509_crt_import_url(&ca_cert, cert_url); + + /* sign the certificate to be signed */ + gnutls_x509_crt_privkey_sign(to_be_signed, ca_cert, abs_key, + GNUTLS_DIG_SHA256, 0); +@} +@end example + +@menu +* Abstract public keys:: +* Abstract private keys:: +* Operations:: +@end menu + +@node Abstract public keys +@subsection Public keys +An abstract @code{gnutls_pubkey_t} can be initialized and freed by +using the functions below. + +@showfuncB{gnutls_pubkey_init,gnutls_pubkey_deinit} + +After initialization its values can be imported from +an existing structure like @code{gnutls_x509_crt_t}, +or through an ASN.1 encoding of the X.509 @code{SubjectPublicKeyInfo} +sequence. + +@showfuncB{gnutls_pubkey_import_x509,gnutls_pubkey_import_pkcs11} + +@showfuncD{gnutls_pubkey_import_url,gnutls_pubkey_import_privkey,gnutls_pubkey_import,gnutls_pubkey_export} + +@showfuncdesc{gnutls_pubkey_export2} + +Other helper functions that allow directly importing from raw X.509 structures are shown below. + +@showfuncA{gnutls_pubkey_import_x509_raw} + +An important function is @funcref{gnutls_pubkey_import_url} which will import +public keys from URLs that identify objects stored in tokens (see @ref{Smart cards and HSMs} and @ref{Trusted Platform Module}). +A function to check for a supported by GnuTLS URL is @funcref{gnutls_url_is_supported}. + +@showfuncdesc{gnutls_url_is_supported} + +Additional functions are available that will return +information over a public key, such as a unique key ID, as well as a function +that given a public key fingerprint would provide a memorable sketch. + +Note that @funcref{gnutls_pubkey_get_key_id} calculates a SHA1 digest of the +public key as a DER-formatted, subjectPublicKeyInfo object. Other implementations +use different approaches, e.g., some use the ``common method'' described in +section 4.2.1.2 of @xcite{RFC5280} which calculates a digest on a part of the +subjectPublicKeyInfo object. + +@showfuncD{gnutls_pubkey_get_pk_algorithm,gnutls_pubkey_get_preferred_hash_algorithm,gnutls_pubkey_get_key_id,gnutls_random_art} + +To export the key-specific parameters, or obtain a unique key ID the following functions are provided. + +@showfuncD{gnutls_pubkey_export_rsa_raw2,gnutls_pubkey_export_dsa_raw2,gnutls_pubkey_export_ecc_raw2,gnutls_pubkey_export_ecc_x962} + +@node Abstract private keys +@subsection Private keys +An abstract @code{gnutls_privkey_t} can be initialized and freed by +using the functions below. + +@showfuncB{gnutls_privkey_init,gnutls_privkey_deinit} + +After initialization its values can be imported from +an existing structure like @code{gnutls_x509_privkey_t}, +but unlike public keys it cannot be exported. That is +to allow abstraction over keys stored in hardware that +makes available only operations. + +@showfuncB{gnutls_privkey_import_x509,gnutls_privkey_import_pkcs11} + +Other helper functions that allow directly importing from raw X.509 +structures are shown below. Again, as with public keys, private keys +can be imported from a hardware module using URLs. + +@showfuncdesc{gnutls_privkey_import_url} + +@showfuncD{gnutls_privkey_import_x509_raw,gnutls_privkey_get_pk_algorithm,gnutls_privkey_get_type,gnutls_privkey_status} + +In order to support cryptographic operations using +an external API, the following function is provided. +This allows for a simple extensibility API without +resorting to @acronym{PKCS} #11. + +@showfuncdesc{gnutls_privkey_import_ext4} + +On the private keys where exporting of parameters is possible (i.e., +software keys), the following functions are also available. + +@showfuncC{gnutls_privkey_export_rsa_raw2,gnutls_privkey_export_dsa_raw2,gnutls_privkey_export_ecc_raw2} + +@node Operations +@subsection Operations +The abstract key types can be used to access signing and +signature verification operations with the underlying keys. + +@showfuncdesc{gnutls_pubkey_verify_data2} +@showfuncdesc{gnutls_pubkey_verify_hash2} +@showfuncdesc{gnutls_pubkey_encrypt_data} + +@showfuncdesc{gnutls_privkey_sign_data} +@showfuncdesc{gnutls_privkey_sign_hash} +@showfuncdesc{gnutls_privkey_decrypt_data} + +Signing existing structures, such as certificates, CRLs, +or certificate requests, as well as associating public +keys with structures is also possible using the +key abstractions. + +@showfuncdesc{gnutls_x509_crq_set_pubkey} +@showfuncdesc{gnutls_x509_crt_set_pubkey} +@showfuncC{gnutls_x509_crt_privkey_sign,gnutls_x509_crl_privkey_sign,gnutls_x509_crq_privkey_sign} + + +@node Application-specific keys +@section System and application-specific keys +@cindex Application-specific keys +@cindex System-specific keys + +@subsection System-specific keys +In several systems there are keystores which allow to read, store and use certificates +and private keys. For these systems GnuTLS provides the system-key API in @code{gnutls/system-keys.h}. +That API provides the ability to iterate through all stored keys, add and delete keys as well +as use these keys using a URL which starts with "system:". The format of the URLs is system-specific. +The @code{systemkey} tool is also provided to assist in listing keys and debugging. + +The systems supported via this API are the following. +@itemize +@item Windows Cryptography API (CNG) +@end itemize + +@showfuncdesc{gnutls_system_key_iter_get_info} + +@showfuncC{gnutls_system_key_iter_deinit,gnutls_system_key_add_x509,gnutls_system_key_delete} + +@subsection Application-specific keys +For systems where GnuTLS doesn't provide a system specific store, +it may often be desirable to define a custom class of keys +that are identified via URLs and available to GnuTLS calls such as @funcref{gnutls_certificate_set_x509_key_file2}. +Such keys can be registered using the API in @code{gnutls/urls.h}. The function +which registers such keys is @funcref{gnutls_register_custom_url}. + +@showfuncdesc{gnutls_register_custom_url} + +The input to this function are three callback functions as well as +the prefix of the URL, (e.g., "mypkcs11:") and the length of the prefix. +The types of the callbacks are shown below, and are expected to +use the exported gnutls functions to import the keys and certificates. +E.g., a typical @code{import_key} callback should use @funcref{gnutls_privkey_import_ext4}. + +@example +typedef int (*gnutls_privkey_import_url_func)(gnutls_privkey_t pkey, + const char *url, + unsigned flags); + +typedef int (*gnutls_x509_crt_import_url_func)(gnutls_x509_crt_t pkey, + const char *url, + unsigned flags); + +/* The following callbacks are optional */ + +/* This is to enable gnutls_pubkey_import_url() */ +typedef int (*gnutls_pubkey_import_url_func)(gnutls_pubkey_t pkey, + const char *url, unsigned flags); + +/* This is to allow constructing a certificate chain. It will be provided + * the initial certificate URL and the certificate to find its issuer, and must + * return zero and the DER encoding of the issuer's certificate. If not available, + * it should return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE. */ +typedef int (*gnutls_get_raw_issuer_func)(const char *url, gnutls_x509_crt_t crt, + gnutls_datum_t *issuer_der, unsigned flags); + +typedef struct custom_url_st @{ + const char *name; + unsigned name_size; + gnutls_privkey_import_url_func import_key; + gnutls_x509_crt_import_url_func import_crt; + gnutls_pubkey_import_url_func import_pubkey; + gnutls_get_raw_issuer_func get_issuer; +@} gnutls_custom_url_st; +@end example + + + +@node Smart cards and HSMs +@section Smart cards and HSMs +@cindex PKCS #11 tokens +@cindex hardware tokens +@cindex hardware security modules +@cindex smart cards + +In this section we present the smart-card and hardware security module (HSM) support +in @acronym{GnuTLS} using @acronym{PKCS} #11 @xcite{PKCS11}. Hardware security +modules and smart cards provide a way to store private keys and perform +operations on them without exposing them. This decouples cryptographic +keys from the applications that use them and provide an additional +security layer against cryptographic key extraction. +Since this can also be achieved in software components such as in Gnome keyring, +we will use the term security module to describe any cryptographic key +separation subsystem. + +@acronym{PKCS} #11 is plugin API allowing applications to access cryptographic +operations on a security module, as well as to objects residing on it. PKCS +#11 modules exist for hardware tokens such as smart cards@footnote{For example, OpenSC-supported cards.}, +cryptographic tokens, as well as for software modules like @acronym{Gnome Keyring}. +The objects residing on a security module may be certificates, public keys, +private keys or secret keys. Of those certificates and public/private key +pairs can be used with @acronym{GnuTLS}. PKCS #11's main advantage is that +it allows operations on private key objects such as decryption +and signing without exposing the key. In GnuTLS the PKCS #11 functionality is +available in @code{gnutls/pkcs11.h}. + +@float Figure,fig-pkcs11-vision +@image{pkcs11-vision,9cm} +@caption{PKCS #11 module usage.} +@end float + +@menu +* PKCS11 Initialization:: +* PKCS11 Manual Initialization:: +* Accessing objects that require a PIN:: +* Reading objects:: +* Writing objects:: +* PKCS11 Low Level Access:: +* Using a PKCS11 token with TLS:: +* Verifying certificates over PKCS11:: +* p11tool Invocation:: +@end menu + +@node PKCS11 Initialization +@subsection Initialization +To allow all @acronym{GnuTLS} applications to transparently access smart cards +and tokens, @acronym{PKCS} #11 is automatically initialized during the first +call of a @acronym{PKCS} #11 related function, in a thread safe way. +The default initialization process, utilizes p11-kit configuration, and loads any +appropriate @acronym{PKCS} #11 modules. The p11-kit configuration +files@footnote{@url{https://p11-glue.freedesktop.org/}} are typically stored in @code{/etc/pkcs11/modules/}. +For example a file that will instruct GnuTLS to load the @acronym{OpenSC} module, +could be named @code{/etc/pkcs11/modules/opensc.module} and contain the following: + +@example +module: /usr/lib/opensc-pkcs11.so +@end example + +If you use these configuration files, then there is no need for other initialization in +@acronym{GnuTLS}, except for the PIN and token callbacks (see next section). +In several cases, however, it is desirable to limit badly behaving modules +(e.g., modules that add an unacceptable delay on initialization) +to single applications. That can be done using the ``enable-in:'' option +followed by the base name of applications that this module should be used. + +It is also possible to manually initialize or even disable the PKCS #11 subsystem if the +default settings are not desirable or not available (see @ref{PKCS11 Manual Initialization} +for more information). + +Note that, PKCS #11 modules behave in a peculiar way after a fork; they +require a reinitialization of all the used PKCS #11 resources. +While GnuTLS automates that process, there are corner cases where +it is not possible to handle it correctly in an automated way@footnote{For +example when an open session is to be reinitialized, but the PIN is not available +to GnuTLS (e.g., it was entered at a pinpad).}. For that, it is +recommended not to mix fork() and PKCS #11 module usage. It is recommended +to initialize and use any PKCS #11 resources in a single process. + +Older versions of @acronym{GnuTLS} required to call @funcref{gnutls_pkcs11_reinit} +after a fork() call; since 3.3.0 this is no longer required. + + +@node PKCS11 Manual Initialization +@subsection Manual initialization of user-specific modules + +In systems where one cannot rely on a globally available p11-kit configuration +to be available, it is still possible to utilize PKCS #11 objects. That +can be done by loading directly the PKCS #11 shared module in the +application using @funcref{gnutls_pkcs11_add_provider}, after having +called @funcref{gnutls_pkcs11_init} specifying the @code{GNUTLS_PKCS11_FLAG_MANUAL} +flag. + +@showfuncdesc{gnutls_pkcs11_add_provider} + +In that case, the application will only have access to the modules explicitly +loaded. If the @code{GNUTLS_PKCS11_FLAG_MANUAL} flag is specified and no calls +to @funcref{gnutls_pkcs11_add_provider} are made, then the PKCS #11 functionality +is effectively disabled. + +@showfuncdesc{gnutls_pkcs11_init} + + +@node Accessing objects that require a PIN +@subsection Accessing objects that require a PIN + +Objects stored in token such as a private keys are typically protected +from access by a PIN or password. This PIN may be required to either read +the object (if allowed) or to perform operations with it. To allow obtaining +the PIN when accessing a protected object, as well as probe +the user to insert the token the following functions allow to set a callback. + +@showfuncD{gnutls_pkcs11_set_token_function,gnutls_pkcs11_set_pin_function,gnutls_pkcs11_add_provider,gnutls_pkcs11_get_pin_function} + +The callback is of type @funcintref{gnutls_pin_callback_t} and will have as +input the provided userdata, the PIN attempt number, a URL describing the +token, a label describing the object and flags. The PIN must be at most +of @code{pin_max} size and must be copied to pin variable. The function must +return 0 on success or a negative error code otherwise. + +@verbatim +typedef int (*gnutls_pin_callback_t) (void *userdata, int attempt, + const char *token_url, + const char *token_label, + unsigned int flags, + char *pin, size_t pin_max); +@end verbatim + +The flags are of @code{gnutls_pin_flag_t} type and are explained below. + +@showenumdesc{gnutls_pin_flag_t,The @code{gnutls_pin_@-flag_t} enumeration.} + +Note that due to limitations of @acronym{PKCS} #11 there are issues when multiple libraries +are sharing a module. To avoid this problem GnuTLS uses @acronym{p11-kit} +that provides a middleware to control access to resources over the +multiple users. + +To avoid conflicts with multiple registered callbacks for PIN functions, +@funcref{gnutls_pkcs11_get_pin_function} may be used to check for any previously +set functions. In addition context specific PIN functions are allowed, e.g., by +using functions below. + +@showfuncE{gnutls_certificate_set_pin_function,gnutls_pubkey_set_pin_function,gnutls_privkey_set_pin_function,gnutls_pkcs11_obj_set_pin_function,gnutls_x509_crt_set_pin_function} + +@node Reading objects +@subsection Reading objects + +All @acronym{PKCS} #11 objects are referenced by @acronym{GnuTLS} functions by +URLs as described in @xcite{PKCS11URI}. +This allows for a consistent naming of objects across systems and applications +in the same system. For example a public +key on a smart card may be referenced as: + +@example +pkcs11:token=Nikos;serial=307521161601031;model=PKCS%2315; \ +manufacturer=EnterSafe;object=test1;type=public;\ +id=32f153f3e37990b08624141077ca5dec2d15faed +@end example + +while the smart card itself can be referenced as: +@example +pkcs11:token=Nikos;serial=307521161601031;model=PKCS%2315;manufacturer=EnterSafe +@end example + +Objects stored in a @acronym{PKCS} #11 token can typically be extracted +if they are not marked as sensitive. Usually only private keys are marked as +sensitive and cannot be extracted, while certificates and other data can +be retrieved. The functions that can be used to enumerate and access objects +are shown below. + +@showfuncC{gnutls_pkcs11_obj_list_import_url4,gnutls_pkcs11_obj_import_url,gnutls_pkcs11_obj_export_url} + +@showfuncdesc{gnutls_pkcs11_obj_get_info} + +@showfuncC{gnutls_x509_crt_import_pkcs11,gnutls_x509_crt_import_url,gnutls_x509_crt_list_import_pkcs11} + +Properties of the physical token can also be accessed and altered with @acronym{GnuTLS}. +For example data in a token can be erased (initialized), PIN can be altered, etc. + +@showfuncE{gnutls_pkcs11_token_init,gnutls_pkcs11_token_get_url,gnutls_pkcs11_token_get_info,gnutls_pkcs11_token_get_flags,gnutls_pkcs11_token_set_pin} + +The following examples demonstrate the usage of the API. The first example +will list all available PKCS #11 tokens in a system and the latter will +list all certificates in a token that have a corresponding private key. + +@example +int i; +char* url; + +gnutls_global_init(); + +for (i=0;;i++) + @{ + ret = gnutls_pkcs11_token_get_url(i, &url); + if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) + break; + + if (ret < 0) + exit(1); + + fprintf(stdout, "Token[%d]: URL: %s\n", i, url); + gnutls_free(url); + @} +gnutls_global_deinit(); +@end example + +@verbatiminclude examples/ex-pkcs11-list.c + +@node Writing objects +@subsection Writing objects + +With @acronym{GnuTLS} you can copy existing private keys and certificates +to a token. Note that when copying private keys it is recommended to mark +them as sensitive using the @code{GNUTLS_@-PKCS11_OBJ_@-FLAG_@-MARK_@-SENSITIVE} +to prevent its extraction. An object can be marked as private using the flag +@code{GNUTLS_@-PKCS11_OBJ_@-FLAG_@-MARK_@-PRIVATE}, to require PIN to be +entered before accessing the object (for operations or otherwise). + +@showfuncdesc{gnutls_pkcs11_copy_x509_privkey2} + +@showfuncdesc{gnutls_pkcs11_copy_x509_crt2} +@showfuncdesc{gnutls_pkcs11_delete_url} + + +@node PKCS11 Low Level Access +@subsection Low Level Access + +When it is needed to use PKCS#11 functionality which is not wrapped by +GnuTLS, it is possible to extract the PKCS#11 session, object or token pointers. +That allows an application to still access the low-level functionality, +while at the same time take advantage of the URI addressing scheme supported +by GnuTLS. + +@showfuncdesc{gnutls_pkcs11_token_get_ptr} +@showfuncdesc{gnutls_pkcs11_obj_get_ptr} + + +@node Using a PKCS11 token with TLS +@subsection Using a @acronym{PKCS} #11 token with TLS + +It is possible to use a @acronym{PKCS} #11 token to a TLS +session, as shown in @ref{ex-pkcs11-client}. In addition +the following functions can be used to load PKCS #11 key and +certificates by specifying a PKCS #11 URL instead of a filename. + +@showfuncB{gnutls_certificate_set_x509_trust_file,gnutls_certificate_set_x509_key_file2} + + +@node Verifying certificates over PKCS11 +@subsection Verifying certificates over @acronym{PKCS} #11 + +The @acronym{PKCS} #11 API can be used to allow all applications in the +same operating system to access shared cryptographic keys and certificates in a +uniform way, as in @ref{fig-pkcs11-vision}. That way applications could load their +trusted certificate list, as well as user certificates from a common PKCS #11 module. +Such a provider is the p11-kit trust storage module@footnote{@url{https://p11-glue.freedesktop.org/trust-module.html}} +and it provides access to the trusted Root CA certificates in a system. That +provides a more dynamic list of Root CA certificates, as opposed to a static +list in a file or directory. + +That store, allows for blacklisting of CAs or certificates, as well as +categorization of the Root CAs (Web verification, Code signing, etc.), in +addition to restricting their purpose via stapled extensions@footnote{See +the 'Restricting the scope of CA certificates' post at @url{https://nmav.gnutls.org/2016/06/restricting-scope-of-ca-certificates.html}}. +GnuTLS will utilize the p11-kit trust module as the default trust store +if configured to; i.e., if '--with-default-trust-store-pkcs11=pkcs11:' is given to +the configure script. + + +@include invoke-p11tool.texi + +@node Trusted Platform Module +@section Trusted Platform Module (TPM) +@cindex trusted platform module +@cindex TPM + +In this section we present the Trusted Platform Module (TPM) support +in @acronym{GnuTLS}. Note that we recommend against using TPM with this +API because it is restricted to TPM 1.2. We recommend instead +to use PKCS#11 wrappers for TPM such as CHAPS@footnote{@url{https://github.com/google/chaps-linux}} or opencryptoki@footnote{@url{https://sourceforge.net/projects/opencryptoki/}}. +These will allow using the standard smart card and HSM functionality (see @ref{Smart cards and HSMs}) for TPM keys. + +There was a big hype when the TPM chip was introduced into +computers. Briefly it is a co-processor in your PC that allows it to perform +calculations independently of the main processor. This has good and bad +side-effects. In this section we focus on the good ones; these are the fact that +you can use the TPM chip to perform cryptographic operations on keys stored in it, without +accessing them. That is very similar to the operation of a @acronym{PKCS} #11 smart card. +The chip allows for storage and usage of RSA keys, but has quite some +operational differences from @acronym{PKCS} #11 module, and thus require different handling. +The basic TPM operations supported and used by GnuTLS, are key generation and signing. +That support is currently limited to TPM 1.2. + +The next sections assume that the TPM chip in the system is already initialized and +in a operational state. If not, ensure that the TPM chip is enabled by your BIOS, +that the @code{tcsd} daemon is running, and that TPM ownership is set +(by running @code{tpm_takeownership}). + +In GnuTLS the TPM functionality is available in @code{gnutls/tpm.h}. + +@menu +* Keys in TPM:: +* Key generation:: +* Using keys:: +* tpmtool Invocation:: +@end menu + +@node Keys in TPM +@subsection Keys in TPM + +The RSA keys in the TPM module may either be stored in a flash memory +within TPM or stored in a file in disk. In the former case the key can +provide operations as with @acronym{PKCS} #11 and is identified by +a URL. The URL is described in @xcite{TPMURI} and is of the following form. +@verbatim +tpmkey:uuid=42309df8-d101-11e1-a89a-97bb33c23ad1;storage=user +@end verbatim + +It consists from a unique identifier of the key as well as the part of the +flash memory the key is stored at. The two options for the storage field are +`user' and `system'. The user keys are typically only available to the generating +user and the system keys to all users. The stored in TPM keys are called +registered keys. + +The keys that are stored in the disk are exported from the TPM but in an +encrypted form. To access them two passwords are required. The first is the TPM +Storage Root Key (SRK), and the other is a key-specific password. Also those keys are +identified by a URL of the form: +@verbatim +tpmkey:file=/path/to/file +@end verbatim + +When objects require a PIN to be accessed the same callbacks as with PKCS #11 +objects are expected (see @ref{Accessing objects that require a PIN}). Note +that the PIN function may be called multiple times to unlock the SRK and +the specific key in use. The label in the key function will then be set to +`SRK' when unlocking the SRK key, or to `TPM' when unlocking any other key. + +@node Key generation +@subsection Key generation + +All keys used by the TPM must be generated by the TPM. This can be +done using @funcref{gnutls_tpm_privkey_generate}. + +@showfuncdesc{gnutls_tpm_privkey_generate} + +@showfuncC{gnutls_tpm_get_registered,gnutls_tpm_key_list_deinit,gnutls_tpm_key_list_get_url} + +@showfuncdesc{gnutls_tpm_privkey_delete} + +@node Using keys +@subsection Using keys + +@subsubheading Importing keys + +The TPM keys can be used directly by the abstract key types and do not require +any special structures. Moreover functions like @funcref{gnutls_certificate_set_x509_key_file2} +can access TPM URLs. + +@showfuncB{gnutls_privkey_import_tpm_raw,gnutls_pubkey_import_tpm_raw} + +@showfuncdesc{gnutls_privkey_import_tpm_url} +@showfuncdesc{gnutls_pubkey_import_tpm_url} + +@subsubheading Listing and deleting keys + +The registered keys (that are stored in the TPM) can be listed using one of +the following functions. Those keys are unfortunately only identified by +their UUID and have no label or other human friendly identifier. +Keys can be deleted from permament storage using @funcref{gnutls_tpm_privkey_delete}. + +@showfuncC{gnutls_tpm_get_registered,gnutls_tpm_key_list_deinit,gnutls_tpm_key_list_get_url} + +@showfuncdesc{gnutls_tpm_privkey_delete} + + +@include invoke-tpmtool.texi + diff --git a/doc/cha-upgrade.texi b/doc/cha-upgrade.texi new file mode 100644 index 0000000..286790d --- /dev/null +++ b/doc/cha-upgrade.texi @@ -0,0 +1,266 @@ +@node Upgrading from previous versions +@appendix Upgrading from previous versions +@cindex upgrading + +The GnuTLS library typically maintains binary and source code compatibility +across versions. The releases that have the major version increased +break binary compatibility but source compatibility is provided. +This section lists exceptional cases where changes to existing code are +required due to library changes. + +@heading Upgrading to 2.12.x from previous versions + +GnuTLS 2.12.x is binary compatible with previous versions but changes the +semantics of @funcintref{gnutls_transport_set_lowat}, which might cause breakage +in applications that relied on its default value be 1. Two fixes +are proposed: +@itemize +@item Quick fix. Explicitly call @code{gnutls_transport_set_lowat (session, 1);} +after @funcref{gnutls_init}. +@item Long term fix. Because later versions of gnutls abolish the functionality +of using the system call @funcintref{select} to check for gnutls pending data, the +function @funcref{gnutls_record_check_pending} has to be used to achieve the same +functionality as described in @ref{Asynchronous operation}. +@end itemize + +@heading Upgrading to 3.0.x from 2.12.x + +GnuTLS 3.0.x is source compatible with previous versions except for the functions +listed below. + +@multitable @columnfractions .30 .60 +@headitem Old function @tab Replacement + +@item @funcintref{gnutls_transport_set_lowat} @tab +To replace its functionality the function @funcref{gnutls_record_check_pending} has to be used, +as described in @ref{Asynchronous operation} + +@item @funcintref{gnutls_session_get_server_random}, +@funcintref{gnutls_session_get_client_random} +@tab +They are replaced by the safer function @funcref{gnutls_session_get_random} + +@item @funcintref{gnutls_session_get_master_secret} +@tab Replaced by the keying material exporters discussed in @ref{Deriving keys for other applications/protocols} + +@item @funcintref{gnutls_transport_set_global_errno} +@tab Replaced by using the system's errno facility or @funcref{gnutls_transport_set_errno}. + +@item @funcintref{gnutls_x509_privkey_verify_data} +@tab Replaced by @funcref{gnutls_pubkey_verify_data2}. + +@item @funcintref{gnutls_certificate_verify_peers} +@tab Replaced by @funcref{gnutls_certificate_verify_peers2}. + +@item @funcintref{gnutls_psk_netconf_derive_key} +@tab Removed. The key derivation function was never standardized. + +@item @funcintref{gnutls_session_set_finished_function} +@tab Removed. + +@item @funcintref{gnutls_ext_register} +@tab Removed. Extension registration API is now internal to allow easier changes in the API. + +@item @funcintref{gnutls_certificate_get_x509_crls}, @funcintref{gnutls_certificate_get_x509_cas} +@tab Removed to allow updating the internal structures. Replaced by @funcref{gnutls_certificate_get_issuer}. + +@item @funcintref{gnutls_certificate_get_openpgp_keyring} +@tab Removed. + +@item @funcintref{gnutls_ia_} +@tab Removed. The inner application extensions were completely removed (they failed to be standardized). + +@end multitable + +@heading Upgrading to 3.1.x from 3.0.x + +GnuTLS 3.1.x is source and binary compatible with GnuTLS 3.0.x releases. Few +functions have been deprecated and are listed below. + +@multitable @columnfractions .30 .60 +@headitem Old function @tab Replacement + +@item @funcintref{gnutls_pubkey_verify_hash} +@tab The function @funcref{gnutls_pubkey_verify_hash2} is provided and +is functionally equivalent and safer to use. + +@item @funcintref{gnutls_pubkey_verify_data} +@tab The function @funcref{gnutls_pubkey_verify_data2} is provided and +is functionally equivalent and safer to use. + +@end multitable + +@heading Upgrading to 3.2.x from 3.1.x + +GnuTLS 3.2.x is source and binary compatible with GnuTLS 3.1.x releases. Few +functions have been deprecated and are listed below. + +@multitable @columnfractions .30 .60 +@headitem Old function @tab Replacement + +@item @funcintref{gnutls_privkey_sign_raw_data} +@tab The function @funcref{gnutls_privkey_sign_hash} is equivalent +when the flag @code{GNUTLS_PRIVKEY_SIGN_FLAG_TLS1_RSA} is specified. + +@end multitable + +@heading Upgrading to 3.3.x from 3.2.x + +GnuTLS 3.3.x is source and binary compatible with GnuTLS 3.2.x releases; +however there few changes in semantics which are listed below. + +@multitable @columnfractions .30 .60 +@headitem Old function @tab Replacement + +@item @funcintref{gnutls_global_init} +@tab No longer required. The library is initialized using a constructor. + +@item @funcintref{gnutls_global_deinit} +@tab No longer required. The library is deinitialized using a destructor. + +@end multitable + +@heading Upgrading to 3.4.x from 3.3.x + +GnuTLS 3.4.x is source compatible with GnuTLS 3.3.x releases; +however, several deprecated functions were removed, and are listed below. + +@multitable @columnfractions .30 .60 +@headitem Old function @tab Replacement + +@item Priority string "NORMAL" has been modified +@tab The following string emulates the 3.3.x behavior "NORMAL:+VERS-SSL3.0:+ARCFOUR-128:+DHE-DSS:+SIGN-DSA-SHA512:+SIGN-DSA-SHA256:+SIGN-DSA-SHA1" + +@item @funcintref{gnutls_certificate_client_set_retrieve_function}, +@funcintref{gnutls_certificate_server_set_retrieve_function} +@tab @funcref{gnutls_certificate_set_retrieve_function} + +@item @funcintref{gnutls_certificate_set_rsa_export_params}, +@funcintref{gnutls_rsa_export_get_modulus_bits}, +@funcintref{gnutls_rsa_export_get_pubkey}, +@funcintref{gnutls_rsa_params_cpy}, +@funcintref{gnutls_rsa_params_deinit}, +@funcintref{gnutls_rsa_params_export_pkcs1}, +@funcintref{gnutls_rsa_params_export_raw}, +@funcintref{gnutls_rsa_params_generate2}, +@funcintref{gnutls_rsa_params_import_pkcs1}, +@funcintref{gnutls_rsa_params_import_raw}, +@funcintref{gnutls_rsa_params_init} +@tab No replacement; the library does not support the RSA-EXPORT ciphersuites. + +@item @funcintref{gnutls_pubkey_verify_hash}, +@tab @funcref{gnutls_pubkey_verify_hash2}. + +@item @funcintref{gnutls_pubkey_verify_data}, +@tab @funcref{gnutls_pubkey_verify_data2}. + +@item @funcintref{gnutls_x509_crt_get_verify_algorithm}, +@tab No replacement; a similar function is @funcref{gnutls_x509_crt_get_signature_algorithm}. + +@item @funcintref{gnutls_pubkey_get_verify_algorithm}, +@tab No replacement; a similar function is @funcref{gnutls_pubkey_get_preferred_hash_algorithm}. + +@item @funcintref{gnutls_certificate_type_set_priority}, +@funcintref{gnutls_cipher_set_priority}, +@funcintref{gnutls_compression_set_priority}, +@funcintref{gnutls_kx_set_priority}, +@funcintref{gnutls_mac_set_priority}, +@funcintref{gnutls_protocol_set_priority} +@tab @funcref{gnutls_priority_set_direct}. + +@item @funcintref{gnutls_sign_callback_get}, +@funcintref{gnutls_sign_callback_set} +@tab @funcref{gnutls_privkey_import_ext3} + +@item @funcintref{gnutls_x509_crt_verify_hash} +@tab @funcref{gnutls_pubkey_verify_hash2} + +@item @funcintref{gnutls_x509_crt_verify_data} +@tab @funcref{gnutls_pubkey_verify_data2} + +@item @funcintref{gnutls_privkey_sign_raw_data} +@tab @funcref{gnutls_privkey_sign_hash} with the flag GNUTLS_PRIVKEY_SIGN_FLAG_TLS1_RSA + +@end multitable + +@heading Upgrading to 3.6.x from 3.5.x + +GnuTLS 3.6.x is source and binary compatible with GnuTLS 3.5.x releases; +however, there are minor differences, listed below. + +@multitable @columnfractions .30 .60 +@headitem Old functionality @tab Replacement + +@item The priority strings "+COMP" are a no-op +@tab TLS compression is no longer available. + +@item The SSL 3.0 protocol is a no-op +@tab SSL 3.0 is no longer compiled in by default. It is a legacy protocol +which is completely eliminated from public internet. As such it was removed +to reduce the attack vector for applications using the library. + +@item The hash function SHA2-224 is a no-op for TLS1.2 +@tab TLS 1.3 no longer uses SHA2-224, and it was never a widespread hash +algorithm. As such it was removed for simplicity. + +@item The SRP key exchange accepted parameters outside the @xcite{TLSSRP} spec +@tab The SRP key exchange is restricted to @xcite{TLSSRP} spec parameters +to protect clients from MitM attacks. + +@item The compression-related functions are deprecated +@tab No longer use @funcintref{gnutls_compression_get}, +@funcintref{gnutls_compression_get_name}, @funcintref{gnutls_compression_list}, +and @funcintref{gnutls_compression_get_id}. + +@item @funcref{gnutls_x509_crt_sign}, @funcref{gnutls_x509_crl_sign}, @funcref{gnutls_x509_crq_sign} +@tab These signing functions will no longer sign using SHA1, but with a secure hash algorithm. + +@item @funcref{gnutls_certificate_set_ocsp_status_request_file} +@tab This function will return an error if the loaded response doesn't match +any of the present certificates. To revert to previous semantics set the @code{GNUTLS_CERTIFICATE_SKIP_OCSP_RESPONSE_CHECK} +flag using @funcref{gnutls_certificate_set_flags}. + +@item The callback @funcref{gnutls_privkey_import_ext3} is not flexible enough for new signature algorithms such as RSA-PSS +@tab It is replaced with @funcref{gnutls_privkey_import_ext4} + +@item Re-handshake functionality is not applicable under TLS 1.3. +@tab It is replaced by separate key update and re-authentication functionality +which can be accessed directly via @funcref{gnutls_session_key_update} and @funcref{gnutls_reauth}. + +@item TLS session identifiers are not shared with the server under TLS 1.3. +@tab The TLS session identifiers are persistent across resumption only on +server side and can be obtained as before via @funcref{gnutls_session_get_id2}. + +@item @funcref{gnutls_pkcs11_privkey_generate3}, @funcref{gnutls_pkcs11_copy_secret_key}, @funcref{gnutls_pkcs11_copy_x509_privkey2} +@tab These functions no longer create an exportable key by default; they require the flag @code{GNUTLS_PKCS11_OBJ_FLAG_MARK_NOT_SENSITIVE} to do so. + +@item @funcref{gnutls_db_set_retrieve_function}, @funcref{gnutls_db_set_store_function}, @funcref{gnutls_db_set_remove_function} +@tab These functions are no longer relevant under TLS 1.3; resumption under +TLS 1.3 is done via session tickets, c.f. @funcref{gnutls_session_ticket_enable_server}. + +@item @funcref{gnutls_session_get_data2}, @funcref{gnutls_session_get_data} +@tab These functions may introduce a slight delay under TLS 1.3 for few +milliseconds. Check output of @funcref{gnutls_session_get_flags} for GNUTLS_SFLAGS_SESSION_TICKET +before calling this function to avoid delays. + +@item SRP and RSA-PSK key exchanges are not supported under TLS 1.3 +@tab SRP and RSA-PSK key exchanges are not supported in TLS 1.3, so when these key exchanges are present in a priority string, TLS 1.3 is disabled. + +@item Anonymous key exchange is not supported under TLS 1.3 +@tab There is no anonymous key exchange supported under TLS 1.3, so if an anonymous key exchange method is set in a priority string, and no certificate credentials are set in the client or server, TLS 1.3 will not be negotiated. + +@item ECDHE-PSK and DHE-PSK keywords have the same meaning under TLS 1.3 +@tab In the priority strings, both @code{ECDHE@-PSK} and @code{DHE@-PSK} indicate the intent to support an ephemeral key exchange with the pre-shared key. The parameters of the key exchange are negotiated with the supported groups specified in the priority string. + +@item Authentication-only ciphersuites are not supported under TLS 1.3 +@tab Ciphersuites with the @code{NULL} cipher (i.e., authentication-only) are not supported in TLS 1.3, so when they are specified in a priority string, TLS 1.3 is disabled. + +@item Supplemental data is not supported under TLS 1.3 +@tab The TLS supplemental data handshake message (RFC 4680) is not supported under TLS 1.3, so if the application calls @funcref{gnutls_supplemental_register} or @funcref{gnutls_session_supplemental_register}, TLS 1.3 is disabled. + +@item The GNUTLS_X509_NO_WELL_DEFINED_EXPIRATION macro is a no-op +@tab The macro was non-functional and because of the nature of the +definition of the no-well-defined date for certificates (a real date), +it will not be fixed or re-introduced. + +@end multitable diff --git a/doc/common.c b/doc/common.c new file mode 100644 index 0000000..492f9b9 --- /dev/null +++ b/doc/common.c @@ -0,0 +1,47 @@ +char *escape_string(const char *str, char *buffer, int buffer_size) +{ + int i = 0, j = 0; + + + while (str[i] != 0 && j < buffer_size - 1) { + if (str[i] == '_') { + buffer[j++] = '\\'; + buffer[j++] = '_'; + buffer[j++] = '\\'; + buffer[j++] = '-'; + } else if (str[i] == '#') { + buffer[j++] = '\\'; + buffer[j++] = '#'; + } else { + buffer[j++] = str[i]; + } + i++; + }; + + buffer[j] = 0; + + return buffer; + +} + +char *escape_texi_string(const char *str, char *buffer, int buffer_size) +{ + int i = 0, j = 0; + + + while (str[i] != 0 && j < buffer_size - 1) { + if (str[i] == '_') { + buffer[j++] = '_'; + buffer[j++] = '@'; + buffer[j++] = '-'; + } else { + buffer[j++] = str[i]; + } + i++; + }; + + buffer[j] = 0; + + return buffer; + +} diff --git a/doc/common.h b/doc/common.h new file mode 100644 index 0000000..85fd78e --- /dev/null +++ b/doc/common.h @@ -0,0 +1,2 @@ +char *escape_string(const char *str, char *buffer, int buffer_size); +char *escape_texi_string(const char *str, char *buffer, int buffer_size); diff --git a/doc/compat-api.texi b/doc/compat-api.texi new file mode 100644 index 0000000..8b6a869 --- /dev/null +++ b/doc/compat-api.texi @@ -0,0 +1,145 @@ + +@subheading gnutls_compression_get +@anchor{gnutls_compression_get} +@deftypefun {gnutls_compression_method_t} {gnutls_compression_get} (gnutls_session_t @var{session}) +@var{session}: is a @code{gnutls_session_t} type. + +Get the currently used compression algorithm. + +@strong{Returns:} the currently used compression method, a +@code{gnutls_compression_method_t} value. +@end deftypefun + +@subheading gnutls_compression_get_id +@anchor{gnutls_compression_get_id} +@deftypefun {gnutls_compression_method_t} {gnutls_compression_get_id} (const char * @var{name}) +@var{name}: is a compression method name + +The names are compared in a case insensitive way. + +@strong{Returns:} an id of the specified in a string compression method, or +@code{GNUTLS_COMP_UNKNOWN} on error. +@end deftypefun + +@subheading gnutls_compression_get_name +@anchor{gnutls_compression_get_name} +@deftypefun {const char *} {gnutls_compression_get_name} (gnutls_compression_method_t @var{algorithm}) +@var{algorithm}: is a Compression algorithm + +Convert a @code{gnutls_compression_method_t} value to a string. + +@strong{Returns:} a pointer to a string that contains the name of the +specified compression algorithm, or @code{NULL} . +@end deftypefun + +@subheading gnutls_compression_list +@anchor{gnutls_compression_list} +@deftypefun {const gnutls_compression_method_t *} {gnutls_compression_list} ( @var{void}) + +Get a list of compression methods. + +@strong{Returns:} a zero-terminated list of @code{gnutls_compression_method_t} +integers indicating the available compression methods. +@end deftypefun + +@subheading gnutls_global_set_mem_functions +@anchor{gnutls_global_set_mem_functions} +@deftypefun {void} {gnutls_global_set_mem_functions} (gnutls_alloc_function @var{alloc_func}, gnutls_alloc_function @var{secure_alloc_func}, gnutls_is_secure_function @var{is_secure_func}, gnutls_realloc_function @var{realloc_func}, gnutls_free_function @var{free_func}) +@var{alloc_func}: it's the default memory allocation function. Like @code{malloc()} . + +@var{secure_alloc_func}: This is the memory allocation function that will be used for sensitive data. + +@var{is_secure_func}: a function that returns 0 if the memory given is not secure. May be NULL. + +@var{realloc_func}: A realloc function + +@var{free_func}: The function that frees allocated data. Must accept a NULL pointer. + + +@strong{Deprecated:} since 3.3.0 it is no longer possible to replace the internally used +memory allocation functions + +This is the function where you set the memory allocation functions +gnutls is going to use. By default the libc's allocation functions +(@code{malloc()} , @code{free()} ), are used by gnutls, to allocate both sensitive +and not sensitive data. This function is provided to set the +memory allocation functions to something other than the defaults + +This function must be called before @code{gnutls_global_init()} is called. +This function is not thread safe. +@end deftypefun + +@subheading gnutls_openpgp_privkey_sign_hash +@anchor{gnutls_openpgp_privkey_sign_hash} +@deftypefun {int} {gnutls_openpgp_privkey_sign_hash} (gnutls_openpgp_privkey_t @var{key}, const gnutls_datum_t * @var{hash}, gnutls_datum_t * @var{signature}) +@var{key}: Holds the key + +@var{hash}: holds the data to be signed + +@var{signature}: will contain newly allocated signature + +This function is no-op. + +@strong{Returns:} @code{GNUTLS_E_UNIMPLEMENTED_FEATURE} . +@end deftypefun + +@subheading gnutls_priority_compression_list +@anchor{gnutls_priority_compression_list} +@deftypefun {int} {gnutls_priority_compression_list} (gnutls_priority_t @var{pcache}, const unsigned int ** @var{list}) +@var{pcache}: is a @code{gnutls_prioritity_t} type. + +@var{list}: will point to an integer list + +Get a list of available compression method in the priority +structure. + +@strong{Returns:} the number of methods, or an error code. + +@strong{Since:} 3.0 +@end deftypefun + +@subheading gnutls_x509_crt_get_preferred_hash_algorithm +@anchor{gnutls_x509_crt_get_preferred_hash_algorithm} +@deftypefun {int} {gnutls_x509_crt_get_preferred_hash_algorithm} (gnutls_x509_crt_t @var{crt}, gnutls_digest_algorithm_t * @var{hash}, unsigned int * @var{mand}) +@var{crt}: Holds the certificate + +@var{hash}: The result of the call with the hash algorithm used for signature + +@var{mand}: If non-zero it means that the algorithm MUST use this hash. May be @code{NULL} . + +This function will read the certificate and return the appropriate digest +algorithm to use for signing with this certificate. Some certificates (i.e. +DSA might not be able to sign without the preferred algorithm). + +@strong{Deprecated:} Please use @code{gnutls_pubkey_get_preferred_hash_algorithm()} . + +@strong{Returns:} the 0 if the hash algorithm is found. A negative error code is +returned on error. + +@strong{Since:} 2.12.0 +@end deftypefun + +@subheading gnutls_x509_privkey_sign_hash +@anchor{gnutls_x509_privkey_sign_hash} +@deftypefun {int} {gnutls_x509_privkey_sign_hash} (gnutls_x509_privkey_t @var{key}, const gnutls_datum_t * @var{hash}, gnutls_datum_t * @var{signature}) +@var{key}: a key + +@var{hash}: holds the data to be signed + +@var{signature}: will contain newly allocated signature + +This function will sign the given hash using the private key. Do not +use this function directly unless you know what it is. Typical signing +requires the data to be hashed and stored in special formats +(e.g. BER Digest-Info for RSA). + +This API is provided only for backwards compatibility, and thus +restricted to RSA, DSA and ECDSA key types. For other key types please +use @code{gnutls_privkey_sign_hash()} and @code{gnutls_privkey_sign_data()} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +Deprecated in: 2.12.0 +@end deftypefun + diff --git a/doc/core.c.texi b/doc/core.c.texi new file mode 100644 index 0000000..7b8bee0 --- /dev/null +++ b/doc/core.c.texi @@ -0,0 +1,627 @@ +@c Automatically generated, do not edit. + +@c snarfed from ../guile/src/core.c:3314 +@deffn {Scheme Procedure} set-log-level! level +Enable GnuTLS logging up to @var{level} (an integer). +@end deffn + +@c snarfed from ../guile/src/core.c:3294 +@deffn {Scheme Procedure} set-log-procedure! proc +Use @var{proc} (a two-argument procedure) as the global GnuTLS log procedure. +@end deffn + +@c snarfed from ../guile/src/core.c:3254 +@deffn {Scheme Procedure} set-certificate-credentials-openpgp-keys! cred pub sec +Use certificate @var{pub} and secret key @var{sec} in certificate credentials @var{cred}. +@end deffn + +@c snarfed from ../guile/src/core.c:3216 +@deffn {Scheme Procedure} openpgp-keyring-contains-key-id? keyring id +Return @code{#f} if key ID @var{id} is in @var{keyring}, @code{#f} otherwise. +@end deffn + +@c snarfed from ../guile/src/core.c:3171 +@deffn {Scheme Procedure} import-openpgp-keyring data format +Import @var{data} (a u8vector) according to @var{format} and return the imported keyring. +@end deffn + +@c snarfed from ../guile/src/core.c:3146 +@deffn {Scheme Procedure} openpgp-certificate-usage key +Return a list of values denoting the key usage of @var{key}. +@end deffn + +@c snarfed from ../guile/src/core.c:3127 +@deffn {Scheme Procedure} openpgp-certificate-version key +Return the version of the OpenPGP message format (RFC2440) honored by @var{key}. +@end deffn + +@c snarfed from ../guile/src/core.c:3106 +@deffn {Scheme Procedure} openpgp-certificate-algorithm key +Return two values: the certificate algorithm used by @var{key} and the number of bits used. +@end deffn + +@c snarfed from ../guile/src/core.c:3074 +@deffn {Scheme Procedure} openpgp-certificate-names key +Return the list of names for @var{key}. +@end deffn + +@c snarfed from ../guile/src/core.c:3049 +@deffn {Scheme Procedure} openpgp-certificate-name key index +Return the @var{index}th name of @var{key}. +@end deffn + +@c snarfed from ../guile/src/core.c:2990 +@deffn {Scheme Procedure} openpgp-certificate-fingerprint key +Return a new u8vector denoting the fingerprint of @var{key}. +@end deffn + +@c snarfed from ../guile/src/core.c:2959 +@deffn {Scheme Procedure} openpgp-certificate-fingerprint! key fpr +Store in @var{fpr} (a u8vector) the fingerprint of @var{key}. Return the number of bytes stored in @var{fpr}. +@end deffn + +@c snarfed from ../guile/src/core.c:2925 +@deffn {Scheme Procedure} openpgp-certificate-id! key id +Store the ID (an 8 byte sequence) of certificate @var{key} in @var{id} (a u8vector). +@end deffn + +@c snarfed from ../guile/src/core.c:2899 +@deffn {Scheme Procedure} openpgp-certificate-id key +Return the ID (an 8-element u8vector) of certificate @var{key}. +@end deffn + +@c snarfed from ../guile/src/core.c:2843 +@deffn {Scheme Procedure} import-openpgp-private-key data format [pass] +Return a new OpenPGP private key object resulting from the import of @var{data} (a uniform array) according to @var{format}. Optionally, a passphrase may be provided. +@end deffn + +@c snarfed from ../guile/src/core.c:2799 +@deffn {Scheme Procedure} import-openpgp-certificate data format +Return a new OpenPGP certificate object resulting from the import of @var{data} (a uniform array) according to @var{format}. +@end deffn + +@c snarfed from ../guile/src/core.c:2731 +@deffn {Scheme Procedure} x509-certificate-subject-alternative-name cert index +Return two values: the alternative name type for @var{cert} (i.e., one of the @code{x509-subject-alternative-name/} values) and the actual subject alternative name (a string) at @var{index}. Both values are @code{#f} if no alternative name is available at @var{index}. +@end deffn + +@c snarfed from ../guile/src/core.c:2700 +@deffn {Scheme Procedure} x509-certificate-subject-key-id cert +Return the subject key ID (a u8vector) for @var{cert}. +@end deffn + +@c snarfed from ../guile/src/core.c:2668 +@deffn {Scheme Procedure} x509-certificate-authority-key-id cert +Return the key ID (a u8vector) of the X.509 certificate authority of @var{cert}. +@end deffn + +@c snarfed from ../guile/src/core.c:2636 +@deffn {Scheme Procedure} x509-certificate-key-id cert +Return a statistically unique ID (a u8vector) for @var{cert} that depends on its public key parameters. This is normally a 20-byte SHA-1 hash. +@end deffn + +@c snarfed from ../guile/src/core.c:2618 +@deffn {Scheme Procedure} x509-certificate-version cert +Return the version of @var{cert}. +@end deffn + +@c snarfed from ../guile/src/core.c:2586 +@deffn {Scheme Procedure} x509-certificate-key-usage cert +Return the key usage of @var{cert} (i.e., a list of @code{key-usage/} values), or the empty list if @var{cert} does not contain such information. +@end deffn + +@c snarfed from ../guile/src/core.c:2563 +@deffn {Scheme Procedure} x509-certificate-public-key-algorithm cert +Return two values: the public key algorithm (i.e., one of the @code{pk-algorithm/} values) of @var{cert} and the number of bits used. +@end deffn + +@c snarfed from ../guile/src/core.c:2541 +@deffn {Scheme Procedure} x509-certificate-signature-algorithm cert +Return the signature algorithm used by @var{cert} (i.e., one of the @code{sign-algorithm/} values). +@end deffn + +@c snarfed from ../guile/src/core.c:2507 +@deffn {Scheme Procedure} x509-certificate-matches-hostname? cert hostname +Return true if @var{cert} matches @var{hostname}, a string denoting a DNS host name. This is the basic implementation of @uref{https://tools.ietf.org/html/rfc2818, RFC 2818} (aka. HTTPS). +@end deffn + +@c snarfed from ../guile/src/core.c:2490 +@deffn {Scheme Procedure} x509-certificate-issuer-dn-oid cert index +Return the OID (a string) at @var{index} from @var{cert}'s issuer DN. Return @code{#f} if no OID is available at @var{index}. +@end deffn + +@c snarfed from ../guile/src/core.c:2478 +@deffn {Scheme Procedure} x509-certificate-dn-oid cert index +Return OID (a string) at @var{index} from @var{cert}. Return @code{#f} if no OID is available at @var{index}. +@end deffn + +@c snarfed from ../guile/src/core.c:2415 +@deffn {Scheme Procedure} x509-certificate-issuer-dn cert +Return the distinguished name (DN) of X.509 certificate @var{cert}. +@end deffn + +@c snarfed from ../guile/src/core.c:2402 +@deffn {Scheme Procedure} x509-certificate-dn cert +Return the distinguished name (DN) of X.509 certificate @var{cert}. The form of the DN is as described in @uref{https://tools.ietf.org/html/rfc2253, RFC 2253}. +@end deffn + +@c snarfed from ../guile/src/core.c:2308 +@deffn {Scheme Procedure} pkcs8-import-x509-private-key data format [pass [encrypted]] +Return a new X.509 private key object resulting from the import of @var{data} (a uniform array) according to @var{format}. Optionally, if @var{pass} is not @code{#f}, it should be a string denoting a passphrase. @var{encrypted} tells whether the private key is encrypted (@code{#t} by default). +@end deffn + +@c snarfed from ../guile/src/core.c:2263 +@deffn {Scheme Procedure} import-x509-private-key data format +Return a new X.509 private key object resulting from the import of @var{data} (a uniform array) according to @var{format}. +@end deffn + +@c snarfed from ../guile/src/core.c:2218 +@deffn {Scheme Procedure} import-x509-certificate data format +Return a new X.509 certificate object resulting from the import of @var{data} (a uniform array) according to @var{format}. +@end deffn + +@c snarfed from ../guile/src/core.c:2190 +@deffn {Scheme Procedure} server-session-psk-username session +Return the username associated with PSK server session @var{session}. +@end deffn + +@c snarfed from ../guile/src/core.c:2146 +@deffn {Scheme Procedure} set-psk-client-credentials! cred username key key-format +Set the client credentials for @var{cred}, a PSK client credentials object. +@end deffn + +@c snarfed from ../guile/src/core.c:2129 +@deffn {Scheme Procedure} make-psk-client-credentials +Return a new PSK client credentials object. +@end deffn + +@c snarfed from ../guile/src/core.c:2098 +@deffn {Scheme Procedure} set-psk-server-credentials-file! cred file +Use @var{file} as the password file for PSK server credentials @var{cred}. +@end deffn + +@c snarfed from ../guile/src/core.c:2081 +@deffn {Scheme Procedure} make-psk-server-credentials +Return new PSK server credentials. +@end deffn + +@c snarfed from ../guile/src/core.c:1789 +@deffn {Scheme Procedure} peer-certificate-status session +Verify the peer certificate for @var{session} and return a list of @code{certificate-status} values (such as @code{certificate-status/revoked}), or the empty list if the certificate is valid. +@end deffn + +@c snarfed from ../guile/src/core.c:1762 +@deffn {Scheme Procedure} set-certificate-credentials-verify-flags! cred [flags...] +Set the certificate verification flags to @var{flags}, a series of @code{certificate-verify} values. +@end deffn + +@c snarfed from ../guile/src/core.c:1738 +@deffn {Scheme Procedure} set-certificate-credentials-verify-limits! cred max-bits max-depth +Set the verification limits of @code{peer-certificate-status} for certificate credentials @var{cred} to @var{max_bits} bits for an acceptable certificate and @var{max_depth} as the maximum depth of a certificate chain. +@end deffn + +@c snarfed from ../guile/src/core.c:1697 +@deffn {Scheme Procedure} set-certificate-credentials-x509-keys! cred certs privkey +Have certificate credentials @var{cred} use the X.509 certificates listed in @var{certs} and X.509 private key @var{privkey}. +@end deffn + +@c snarfed from ../guile/src/core.c:1650 +@deffn {Scheme Procedure} set-certificate-credentials-x509-key-data! cred cert key format +Use X.509 certificate @var{cert} and private key @var{key}, both uniform arrays containing the X.509 certificate and key in format @var{format}, for certificate credentials @var{cred}. +@end deffn + +@c snarfed from ../guile/src/core.c:1631 +@deffn {Scheme Procedure} set-certificate-credentials-x509-crl-data! cred data format +Use @var{data} (a uniform array) as the X.509 CRL (certificate revocation list) database for @var{cred}. On success, return the number of CRLs processed. +@end deffn + +@c snarfed from ../guile/src/core.c:1612 +@deffn {Scheme Procedure} set-certificate-credentials-x509-trust-data! cred data format +Use @var{data} (a uniform array) as the X.509 trust database for @var{cred}. On success, return the number of certificates processed. +@end deffn + +@c snarfed from ../guile/src/core.c:1593 +@deffn {Scheme Procedure} set-certificate-credentials-x509-crl-file! cred file format +Use @var{file} as the X.509 CRL (certificate revocation list) file for certificate credentials @var{cred}. On success, return the number of CRLs processed. +@end deffn + +@c snarfed from ../guile/src/core.c:1574 +@deffn {Scheme Procedure} set-certificate-credentials-x509-trust-file! cred file format +Use @var{file} as the X.509 trust file for certificate credentials @var{cred}. On success, return the number of certificates processed. +@end deffn + +@c snarfed from ../guile/src/core.c:1533 +@deffn {Scheme Procedure} set-certificate-credentials-x509-key-files! cred cert-file key-file format +Use @var{file} as the password file for PSK server credentials @var{cred}. +@end deffn + +@c snarfed from ../guile/src/core.c:1511 +@deffn {Scheme Procedure} set-certificate-credentials-dh-parameters! cred dh-params +Use Diffie-Hellman parameters @var{dh_params} for certificate credentials @var{cred}. +@end deffn + +@c snarfed from ../guile/src/core.c:1491 +@deffn {Scheme Procedure} make-certificate-credentials +Return new certificate credentials (i.e., for use with either X.509 or OpenPGP certificates. +@end deffn + +@c snarfed from ../guile/src/core.c:1388 +@deffn {Scheme Procedure} set-anonymous-server-dh-parameters! cred dh-params +Set the Diffie-Hellman parameters of anonymous server credentials @var{cred}. +@end deffn + +@c snarfed from ../guile/src/core.c:1370 +@deffn {Scheme Procedure} make-anonymous-client-credentials +Return anonymous client credentials. +@end deffn + +@c snarfed from ../guile/src/core.c:1352 +@deffn {Scheme Procedure} make-anonymous-server-credentials +Return anonymous server credentials. +@end deffn + +@c snarfed from ../guile/src/core.c:1330 +@deffn {Scheme Procedure} set-session-dh-prime-bits! session bits +Use @var{bits} DH prime bits for @var{session}. +@end deffn + +@c snarfed from ../guile/src/core.c:1304 +@deffn {Scheme Procedure} pkcs3-export-dh-parameters dh-params format +Export Diffie-Hellman parameters @var{dh_params} in PKCS3 format according for @var{format} (an @code{x509-certificate-format} value). Return a @code{u8vector} containing the result. +@end deffn + +@c snarfed from ../guile/src/core.c:1259 +@deffn {Scheme Procedure} pkcs3-import-dh-parameters array format +Import Diffie-Hellman parameters in PKCS3 format (further specified by @var{format}, an @code{x509-certificate-format} value) from @var{array} (a homogeneous array) and return a new @code{dh-params} object. +@end deffn + +@c snarfed from ../guile/src/core.c:1233 +@deffn {Scheme Procedure} make-dh-parameters bits +Return new Diffie-Hellman parameters. +@end deffn + +@c snarfed from ../guile/src/core.c:1149 +@deffn {Scheme Procedure} set-session-transport-port! session port +Use @var{port} as the input/output port for @var{session}. +@end deffn + +@c snarfed from ../guile/src/core.c:1099 +@deffn {Scheme Procedure} set-session-transport-fd! session fd +Use file descriptor @var{fd} as the underlying transport for @var{session}. +@end deffn + +@c snarfed from ../guile/src/core.c:1048 +@deffn {Scheme Procedure} session-record-port session +Return a read-write port that may be used to communicate over @var{session}. All invocations of @code{session-port} on a given session return the same object (in the sense of @code{eq?}). +@end deffn + +@c snarfed from ../guile/src/core.c:750 +@deffn {Scheme Procedure} record-receive! session array +Receive data from @var{session} into @var{array}, a uniform homogeneous array. Return the number of bytes actually received. +@end deffn + +@c snarfed from ../guile/src/core.c:718 +@deffn {Scheme Procedure} record-send session array +Send the record constituted by @var{array} through @var{session}. +@end deffn + +@c snarfed from ../guile/src/core.c:683 +@deffn {Scheme Procedure} set-session-server-name! session type name +For a client, this procedure provides a way to inform the server that it is known under @var{name}, @i{via} the @code{SERVER NAME} TLS extension. @var{type} must be a @code{server-name-type} value, @var{server-name-type/dns} for DNS names. +@end deffn + +@c snarfed from ../guile/src/core.c:602 +@deffn {Scheme Procedure} set-session-credentials! session cred +Use @var{cred} as @var{session}'s credentials. +@end deffn + +@c snarfed from ../guile/src/core.c:580 +@deffn {Scheme Procedure} cipher-suite->string kx cipher mac +Return the name of the given cipher suite. +@end deffn + +@c snarfed from ../guile/src/core.c:534 +@deffn {Scheme Procedure} set-session-priorities! session priorities +Have @var{session} use the given @var{priorities} for the ciphers, key exchange methods, MACs and compression methods. @var{priorities} must be a string (@pxref{Priority Strings,,, gnutls, GnuTLS@comma{} Transport Layer Security Library for the GNU system}). When @var{priorities} cannot be parsed, an @code{error/invalid-request} error is raised, with an extra argument indication the position of the error. + +@end deffn + +@c snarfed from ../guile/src/core.c:519 +@deffn {Scheme Procedure} set-session-default-priority! session +Have @var{session} use the default priorities. +@end deffn + +@c snarfed from ../guile/src/core.c:493 +@deffn {Scheme Procedure} set-server-session-certificate-request! session request +Tell how @var{session}, a server-side session, should deal with certificate requests. @var{request} should be either @code{certificate-request/request} or @code{certificate-request/require}. +@end deffn + +@c snarfed from ../guile/src/core.c:453 +@deffn {Scheme Procedure} session-our-certificate-chain session +Return our certificate chain for @var{session} (as sent to the peer) in raw format (a u8vector). In the case of OpenPGP there is exactly one certificate. Return the empty list if no certificate was used. +@end deffn + +@c snarfed from ../guile/src/core.c:404 +@deffn {Scheme Procedure} session-peer-certificate-chain session +Return the a list of certificates in raw format (u8vectors) where the first one is the peer's certificate. In the case of OpenPGP, there is always exactly one certificate. In the case of X.509, subsequent certificates indicate form a certificate chain. Return the empty list if no certificate was sent. +@end deffn + +@c snarfed from ../guile/src/core.c:384 +@deffn {Scheme Procedure} session-client-authentication-type session +Return the client authentication type (a @code{credential-type} value) used in @var{session}. +@end deffn + +@c snarfed from ../guile/src/core.c:364 +@deffn {Scheme Procedure} session-server-authentication-type session +Return the server authentication type (a @code{credential-type} value) used in @var{session}. +@end deffn + +@c snarfed from ../guile/src/core.c:344 +@deffn {Scheme Procedure} session-authentication-type session +Return the authentication type (a @code{credential-type} value) used by @var{session}. +@end deffn + +@c snarfed from ../guile/src/core.c:328 +@deffn {Scheme Procedure} session-protocol session +Return the protocol used by @var{session}. +@end deffn + +@c snarfed from ../guile/src/core.c:311 +@deffn {Scheme Procedure} session-certificate-type session +Return @var{session}'s certificate type. +@end deffn + +@c snarfed from ../guile/src/core.c:294 +@deffn {Scheme Procedure} session-compression-method session +Return @var{session}'s compression method. +@end deffn + +@c snarfed from ../guile/src/core.c:278 +@deffn {Scheme Procedure} session-mac session +Return @var{session}'s MAC. +@end deffn + +@c snarfed from ../guile/src/core.c:262 +@deffn {Scheme Procedure} session-kx session +Return @var{session}'s kx. +@end deffn + +@c snarfed from ../guile/src/core.c:246 +@deffn {Scheme Procedure} session-cipher session +Return @var{session}'s cipher. +@end deffn + +@c snarfed from ../guile/src/core.c:218 +@deffn {Scheme Procedure} alert-send session level alert +Send @var{alert} via @var{session}. +@end deffn + +@c snarfed from ../guile/src/core.c:202 +@deffn {Scheme Procedure} alert-get session +Get an aleter from @var{session}. +@end deffn + +@c snarfed from ../guile/src/core.c:184 +@deffn {Scheme Procedure} rehandshake session +Perform a re-handshaking for @var{session}. +@end deffn + +@c snarfed from ../guile/src/core.c:166 +@deffn {Scheme Procedure} handshake session +Perform a handshake for @var{session}. +@end deffn + +@c snarfed from ../guile/src/core.c:145 +@deffn {Scheme Procedure} bye session how +Close @var{session} according to @var{how}. +@end deffn + +@c snarfed from ../guile/src/core.c:119 +@deffn {Scheme Procedure} make-session end +Return a new session for connection end @var{end}, either @code{connection-end/server} or @code{connection-end/client}. +@end deffn + +@c snarfed from ../guile/src/core.c:108 +@deffn {Scheme Procedure} gnutls-version +Return a string denoting the version number of the underlying GnuTLS library, e.g., @code{"1.7.2"}. +@end deffn + +@c snarfed from ../guile/src/smob-types.i.c:217 +@deffn {Scheme Procedure} openpgp-keyring? obj +Return true if @var{obj} is of type @code{openpgp-keyring}. +@end deffn + +@c snarfed from ../guile/src/smob-types.i.c:201 +@deffn {Scheme Procedure} openpgp-private-key? obj +Return true if @var{obj} is of type @code{openpgp-private-key}. +@end deffn + +@c snarfed from ../guile/src/smob-types.i.c:185 +@deffn {Scheme Procedure} openpgp-certificate? obj +Return true if @var{obj} is of type @code{openpgp-certificate}. +@end deffn + +@c snarfed from ../guile/src/smob-types.i.c:169 +@deffn {Scheme Procedure} x509-private-key? obj +Return true if @var{obj} is of type @code{x509-private-key}. +@end deffn + +@c snarfed from ../guile/src/smob-types.i.c:153 +@deffn {Scheme Procedure} x509-certificate? obj +Return true if @var{obj} is of type @code{x509-certificate}. +@end deffn + +@c snarfed from ../guile/src/smob-types.i.c:137 +@deffn {Scheme Procedure} psk-client-credentials? obj +Return true if @var{obj} is of type @code{psk-client-credentials}. +@end deffn + +@c snarfed from ../guile/src/smob-types.i.c:121 +@deffn {Scheme Procedure} psk-server-credentials? obj +Return true if @var{obj} is of type @code{psk-server-credentials}. +@end deffn + +@c snarfed from ../guile/src/smob-types.i.c:105 +@deffn {Scheme Procedure} srp-client-credentials? obj +Return true if @var{obj} is of type @code{srp-client-credentials}. +@end deffn + +@c snarfed from ../guile/src/smob-types.i.c:89 +@deffn {Scheme Procedure} srp-server-credentials? obj +Return true if @var{obj} is of type @code{srp-server-credentials}. +@end deffn + +@c snarfed from ../guile/src/smob-types.i.c:73 +@deffn {Scheme Procedure} certificate-credentials? obj +Return true if @var{obj} is of type @code{certificate-credentials}. +@end deffn + +@c snarfed from ../guile/src/smob-types.i.c:57 +@deffn {Scheme Procedure} dh-parameters? obj +Return true if @var{obj} is of type @code{dh-parameters}. +@end deffn + +@c snarfed from ../guile/src/smob-types.i.c:41 +@deffn {Scheme Procedure} anonymous-server-credentials? obj +Return true if @var{obj} is of type @code{anonymous-server-credentials}. +@end deffn + +@c snarfed from ../guile/src/smob-types.i.c:25 +@deffn {Scheme Procedure} anonymous-client-credentials? obj +Return true if @var{obj} is of type @code{anonymous-client-credentials}. +@end deffn + +@c snarfed from ../guile/src/smob-types.i.c:9 +@deffn {Scheme Procedure} session? obj +Return true if @var{obj} is of type @code{session}. +@end deffn + +@c snarfed from ../guile/src/enum-map.i.c:953 +@deffn {Scheme Procedure} openpgp-certificate-format->string enumval +Return a string describing @var{enumval}, a @code{openpgp-certificate-format} value. +@end deffn + +@c snarfed from ../guile/src/enum-map.i.c:912 +@deffn {Scheme Procedure} error->string enumval +Return a string describing @var{enumval}, a @code{error} value. +@end deffn + +@c snarfed from ../guile/src/enum-map.i.c:891 +@deffn {Scheme Procedure} certificate-verify->string enumval +Return a string describing @var{enumval}, a @code{certificate-verify} value. +@end deffn + +@c snarfed from ../guile/src/enum-map.i.c:846 +@deffn {Scheme Procedure} key-usage->string enumval +Return a string describing @var{enumval}, a @code{key-usage} value. +@end deffn + +@c snarfed from ../guile/src/enum-map.i.c:798 +@deffn {Scheme Procedure} psk-key-format->string enumval +Return a string describing @var{enumval}, a @code{psk-key-format} value. +@end deffn + +@c snarfed from ../guile/src/enum-map.i.c:757 +@deffn {Scheme Procedure} server-name-type->string enumval +Return a string describing @var{enumval}, a @code{server-name-type} value. +@end deffn + +@c snarfed from ../guile/src/enum-map.i.c:717 +@deffn {Scheme Procedure} sign-algorithm->string enumval +Return a string describing @var{enumval}, a @code{sign-algorithm} value. +@end deffn + +@c snarfed from ../guile/src/enum-map.i.c:696 +@deffn {Scheme Procedure} pk-algorithm->string enumval +Return a string describing @var{enumval}, a @code{pk-algorithm} value. +@end deffn + +@c snarfed from ../guile/src/enum-map.i.c:675 +@deffn {Scheme Procedure} x509-subject-alternative-name->string enumval +Return a string describing @var{enumval}, a @code{x509-subject-alternative-name} value. +@end deffn + +@c snarfed from ../guile/src/enum-map.i.c:632 +@deffn {Scheme Procedure} x509-certificate-format->string enumval +Return a string describing @var{enumval}, a @code{x509-certificate-format} value. +@end deffn + +@c snarfed from ../guile/src/enum-map.i.c:591 +@deffn {Scheme Procedure} certificate-type->string enumval +Return a string describing @var{enumval}, a @code{certificate-type} value. +@end deffn + +@c snarfed from ../guile/src/enum-map.i.c:570 +@deffn {Scheme Procedure} protocol->string enumval +Return a string describing @var{enumval}, a @code{protocol} value. +@end deffn + +@c snarfed from ../guile/src/enum-map.i.c:527 +@deffn {Scheme Procedure} close-request->string enumval +Return a string describing @var{enumval}, a @code{close-request} value. +@end deffn + +@c snarfed from ../guile/src/enum-map.i.c:486 +@deffn {Scheme Procedure} certificate-request->string enumval +Return a string describing @var{enumval}, a @code{certificate-request} value. +@end deffn + +@c snarfed from ../guile/src/enum-map.i.c:444 +@deffn {Scheme Procedure} certificate-status->string enumval +Return a string describing @var{enumval}, a @code{certificate-status} value. +@end deffn + +@c snarfed from ../guile/src/enum-map.i.c:400 +@deffn {Scheme Procedure} handshake-description->string enumval +Return a string describing @var{enumval}, a @code{handshake-description} value. +@end deffn + +@c snarfed from ../guile/src/enum-map.i.c:351 +@deffn {Scheme Procedure} alert-description->string enumval +Return a string describing @var{enumval}, a @code{alert-description} value. +@end deffn + +@c snarfed from ../guile/src/enum-map.i.c:284 +@deffn {Scheme Procedure} alert-level->string enumval +Return a string describing @var{enumval}, a @code{alert-level} value. +@end deffn + +@c snarfed from ../guile/src/enum-map.i.c:243 +@deffn {Scheme Procedure} connection-end->string enumval +Return a string describing @var{enumval}, a @code{connection-end} value. +@end deffn + +@c snarfed from ../guile/src/enum-map.i.c:202 +@deffn {Scheme Procedure} compression-method->string enumval +Return a string describing @var{enumval}, a @code{compression-method} value. +@end deffn + +@c snarfed from ../guile/src/enum-map.i.c:181 +@deffn {Scheme Procedure} digest->string enumval +Return a string describing @var{enumval}, a @code{digest} value. +@end deffn + +@c snarfed from ../guile/src/enum-map.i.c:137 +@deffn {Scheme Procedure} mac->string enumval +Return a string describing @var{enumval}, a @code{mac} value. +@end deffn + +@c snarfed from ../guile/src/enum-map.i.c:116 +@deffn {Scheme Procedure} credentials->string enumval +Return a string describing @var{enumval}, a @code{credentials} value. +@end deffn + +@c snarfed from ../guile/src/enum-map.i.c:72 +@deffn {Scheme Procedure} params->string enumval +Return a string describing @var{enumval}, a @code{params} value. +@end deffn + +@c snarfed from ../guile/src/enum-map.i.c:31 +@deffn {Scheme Procedure} kx->string enumval +Return a string describing @var{enumval}, a @code{kx} value. +@end deffn + +@c snarfed from ../guile/src/enum-map.i.c:10 +@deffn {Scheme Procedure} cipher->string enumval +Return a string describing @var{enumval}, a @code{cipher} value. +@end deffn diff --git a/doc/credentials/Makefile.am b/doc/credentials/Makefile.am new file mode 100644 index 0000000..ecdd57a --- /dev/null +++ b/doc/credentials/Makefile.am @@ -0,0 +1,33 @@ +## Process this file with automake to produce Makefile.in +# Copyright (C) 2007-2012 Free Software Foundation, Inc. +# +# Author: Simon Josefsson +# +# This file is part of GnuTLS. +# +# This file is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 3 of the License, or +# (at your option) any later version. +# +# This file is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this file; if not, write to the Free Software Foundation, +# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +SUBDIRS = srp x509 + +EXTRA_DIST = gnutls-http-serv + +EXTRA_DIST += ca.tmpl client.tmpl proxy.tmpl server.tmpl + +EXTRA_DIST += params.pem + +EXTRA_DIST += srp-passwd.txt srp-tpasswd.conf + +EXTRA_DIST += psk-passwd.txt + diff --git a/doc/credentials/Makefile.in b/doc/credentials/Makefile.in new file mode 100644 index 0000000..511bafb --- /dev/null +++ b/doc/credentials/Makefile.in @@ -0,0 +1,1751 @@ +# Makefile.in generated by automake 1.16.1 from Makefile.am. +# @configure_input@ + +# Copyright (C) 1994-2018 Free Software Foundation, Inc. + +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +@SET_MAKE@ + +# Copyright (C) 2007-2012 Free Software Foundation, Inc. +# +# Author: Simon Josefsson +# +# This file is part of GnuTLS. +# +# This file is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 3 of the License, or +# (at your option) any later version. +# +# This file is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this file; if not, write to the Free Software Foundation, +# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. +VPATH = @srcdir@ +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} +am__make_running_with_option = \ + case $${target_option-} in \ + ?) ;; \ + *) echo "am__make_running_with_option: internal error: invalid" \ + "target option '$${target_option-}' specified" >&2; \ + exit 1;; \ + esac; \ + has_opt=no; \ + sane_makeflags=$$MAKEFLAGS; \ + if $(am__is_gnu_make); then \ + sane_makeflags=$$MFLAGS; \ + else \ + case $$MAKEFLAGS in \ + *\\[\ \ ]*) \ + bs=\\; \ + sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ + | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ + esac; \ + fi; \ + skip_next=no; \ + strip_trailopt () \ + { \ + flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ + }; \ + for flg in $$sane_makeflags; do \ + test $$skip_next = yes && { skip_next=no; continue; }; \ + case $$flg in \ + *=*|--*) continue;; \ + -*I) strip_trailopt 'I'; skip_next=yes;; \ + -*I?*) strip_trailopt 'I';; \ + -*O) strip_trailopt 'O'; skip_next=yes;; \ + -*O?*) strip_trailopt 'O';; \ + -*l) strip_trailopt 'l'; skip_next=yes;; \ + -*l?*) strip_trailopt 'l';; \ + -[dEDm]) skip_next=yes;; \ + -[JT]) skip_next=yes;; \ + esac; \ + case $$flg in \ + *$$target_option*) has_opt=yes; break;; \ + esac; \ + done; \ + test $$has_opt = yes +am__make_dryrun = (target_option=n; $(am__make_running_with_option)) +am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) +pkgdatadir = $(datadir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ +am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd +install_sh_DATA = $(install_sh) -c -m 644 +install_sh_PROGRAM = $(install_sh) -c +install_sh_SCRIPT = $(install_sh) -c +INSTALL_HEADER = $(INSTALL_DATA) +transform = $(program_transform_name) +NORMAL_INSTALL = : +PRE_INSTALL = : +POST_INSTALL = : +NORMAL_UNINSTALL = : +PRE_UNINSTALL = : +POST_UNINSTALL = : +build_triplet = @build@ +host_triplet = @host@ +subdir = doc/credentials +ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 +am__aclocal_m4_deps = $(top_srcdir)/lib/unistring/m4/gnulib-comp.m4 \ + $(top_srcdir)/lib/unistring/m4/inline.m4 \ + $(top_srcdir)/lib/unistring/m4/libunistring-base.m4 \ + $(top_srcdir)/src/gl/m4/__inline.m4 \ + $(top_srcdir)/src/gl/m4/bison.m4 \ + $(top_srcdir)/src/gl/m4/clock_time.m4 \ + $(top_srcdir)/src/gl/m4/fseek.m4 \ + $(top_srcdir)/src/gl/m4/getaddrinfo.m4 \ + $(top_srcdir)/src/gl/m4/getpass.m4 \ + $(top_srcdir)/src/gl/m4/gettime.m4 \ + $(top_srcdir)/src/gl/m4/gnulib-comp.m4 \ + $(top_srcdir)/src/gl/m4/hostent.m4 \ + $(top_srcdir)/src/gl/m4/mktime.m4 \ + $(top_srcdir)/src/gl/m4/nstrftime.m4 \ + $(top_srcdir)/src/gl/m4/parse-datetime.m4 \ + $(top_srcdir)/src/gl/m4/servent.m4 \ + $(top_srcdir)/src/gl/m4/time_rz.m4 \ + $(top_srcdir)/src/gl/m4/timegm.m4 \ + $(top_srcdir)/src/gl/m4/timespec.m4 \ + $(top_srcdir)/src/gl/m4/tm_gmtoff.m4 \ + $(top_srcdir)/src/gl/m4/tzset.m4 \ + $(top_srcdir)/src/libopts/m4/libopts.m4 \ + $(top_srcdir)/src/libopts/m4/stdnoreturn.m4 \ + $(top_srcdir)/m4/00gnulib.m4 \ + $(top_srcdir)/m4/absolute-header.m4 $(top_srcdir)/m4/alloca.m4 \ + $(top_srcdir)/m4/arpa_inet_h.m4 \ + $(top_srcdir)/m4/ax_ac_append_to_file.m4 \ + $(top_srcdir)/m4/ax_ac_print_to_file.m4 \ + $(top_srcdir)/m4/ax_add_am_macro_static.m4 \ + $(top_srcdir)/m4/ax_am_macros_static.m4 \ + $(top_srcdir)/m4/ax_check_gnu_make.m4 \ + $(top_srcdir)/m4/ax_code_coverage.m4 \ + $(top_srcdir)/m4/ax_file_escapes.m4 \ + $(top_srcdir)/m4/builtin-expect.m4 \ + $(top_srcdir)/m4/byteswap.m4 $(top_srcdir)/m4/close.m4 \ + $(top_srcdir)/m4/codeset.m4 $(top_srcdir)/m4/ctype.m4 \ + $(top_srcdir)/m4/dup2.m4 $(top_srcdir)/m4/eealloc.m4 \ + $(top_srcdir)/m4/environ.m4 $(top_srcdir)/m4/errno_h.m4 \ + $(top_srcdir)/m4/exponentd.m4 $(top_srcdir)/m4/extensions.m4 \ + $(top_srcdir)/m4/extern-inline.m4 $(top_srcdir)/m4/fcntl-o.m4 \ + $(top_srcdir)/m4/fcntl.m4 $(top_srcdir)/m4/fcntl_h.m4 \ + $(top_srcdir)/m4/fdopen.m4 $(top_srcdir)/m4/flexmember.m4 \ + $(top_srcdir)/m4/float_h.m4 $(top_srcdir)/m4/fpieee.m4 \ + $(top_srcdir)/m4/fseeko.m4 $(top_srcdir)/m4/fstat.m4 \ + $(top_srcdir)/m4/ftell.m4 $(top_srcdir)/m4/ftello.m4 \ + $(top_srcdir)/m4/ftruncate.m4 $(top_srcdir)/m4/func.m4 \ + $(top_srcdir)/m4/getcwd.m4 $(top_srcdir)/m4/getdelim.m4 \ + $(top_srcdir)/m4/getdtablesize.m4 $(top_srcdir)/m4/getline.m4 \ + $(top_srcdir)/m4/getpagesize.m4 $(top_srcdir)/m4/gettext.m4 \ + $(top_srcdir)/m4/gettimeofday.m4 \ + $(top_srcdir)/m4/gnulib-common.m4 \ + $(top_srcdir)/m4/gnulib-comp.m4 $(top_srcdir)/m4/gtk-doc.m4 \ + $(top_srcdir)/m4/guile.m4 $(top_srcdir)/m4/hooks.m4 \ + $(top_srcdir)/m4/host-cpu-c-abi.m4 $(top_srcdir)/m4/iconv.m4 \ + $(top_srcdir)/m4/include_next.m4 $(top_srcdir)/m4/inet_ntop.m4 \ + $(top_srcdir)/m4/inet_pton.m4 \ + $(top_srcdir)/m4/intl-thread-locale.m4 \ + $(top_srcdir)/m4/intlmacosx.m4 $(top_srcdir)/m4/intmax_t.m4 \ + $(top_srcdir)/m4/inttypes-pri.m4 $(top_srcdir)/m4/inttypes.m4 \ + $(top_srcdir)/m4/inttypes_h.m4 $(top_srcdir)/m4/ioctl.m4 \ + $(top_srcdir)/m4/isblank.m4 $(top_srcdir)/m4/langinfo_h.m4 \ + $(top_srcdir)/m4/largefile.m4 $(top_srcdir)/m4/lcmessage.m4 \ + $(top_srcdir)/m4/ld-output-def.m4 \ + $(top_srcdir)/m4/ld-version-script.m4 \ + $(top_srcdir)/m4/lib-ld.m4 $(top_srcdir)/m4/lib-link.m4 \ + $(top_srcdir)/m4/lib-prefix.m4 $(top_srcdir)/m4/libtool.m4 \ + $(top_srcdir)/m4/limits-h.m4 $(top_srcdir)/m4/locale-fr.m4 \ + $(top_srcdir)/m4/locale-ja.m4 $(top_srcdir)/m4/locale-tr.m4 \ + $(top_srcdir)/m4/locale-zh.m4 $(top_srcdir)/m4/locale_h.m4 \ + $(top_srcdir)/m4/localename.m4 \ + $(top_srcdir)/m4/localtime-buffer.m4 $(top_srcdir)/m4/lock.m4 \ + $(top_srcdir)/m4/longlong.m4 $(top_srcdir)/m4/lseek.m4 \ + $(top_srcdir)/m4/lstat.m4 $(top_srcdir)/m4/ltoptions.m4 \ + $(top_srcdir)/m4/ltsugar.m4 $(top_srcdir)/m4/ltversion.m4 \ + $(top_srcdir)/m4/lt~obsolete.m4 $(top_srcdir)/m4/malloc.m4 \ + $(top_srcdir)/m4/malloca.m4 $(top_srcdir)/m4/manywarnings.m4 \ + $(top_srcdir)/m4/memchr.m4 $(top_srcdir)/m4/memmem.m4 \ + $(top_srcdir)/m4/minmax.m4 $(top_srcdir)/m4/mmap-anon.m4 \ + $(top_srcdir)/m4/mode_t.m4 $(top_srcdir)/m4/msvc-inval.m4 \ + $(top_srcdir)/m4/msvc-nothrow.m4 $(top_srcdir)/m4/multiarch.m4 \ + $(top_srcdir)/m4/nanosleep.m4 $(top_srcdir)/m4/netdb_h.m4 \ + $(top_srcdir)/m4/netinet_in_h.m4 $(top_srcdir)/m4/nls.m4 \ + $(top_srcdir)/m4/off_t.m4 $(top_srcdir)/m4/open-cloexec.m4 \ + $(top_srcdir)/m4/open.m4 $(top_srcdir)/m4/pathmax.m4 \ + $(top_srcdir)/m4/perror.m4 $(top_srcdir)/m4/pipe.m4 \ + $(top_srcdir)/m4/pkg.m4 $(top_srcdir)/m4/po.m4 \ + $(top_srcdir)/m4/printf.m4 $(top_srcdir)/m4/progtest.m4 \ + $(top_srcdir)/m4/pthread_rwlock_rdlock.m4 \ + $(top_srcdir)/m4/putenv.m4 $(top_srcdir)/m4/raise.m4 \ + $(top_srcdir)/m4/read-file.m4 $(top_srcdir)/m4/realloc.m4 \ + $(top_srcdir)/m4/secure_getenv.m4 $(top_srcdir)/m4/select.m4 \ + $(top_srcdir)/m4/setenv.m4 $(top_srcdir)/m4/setlocale.m4 \ + $(top_srcdir)/m4/sigaction.m4 $(top_srcdir)/m4/signal_h.m4 \ + $(top_srcdir)/m4/signalblocking.m4 \ + $(top_srcdir)/m4/size_max.m4 $(top_srcdir)/m4/sleep.m4 \ + $(top_srcdir)/m4/snprintf.m4 $(top_srcdir)/m4/socketlib.m4 \ + $(top_srcdir)/m4/sockets.m4 $(top_srcdir)/m4/socklen.m4 \ + $(top_srcdir)/m4/sockpfaf.m4 $(top_srcdir)/m4/ssize_t.m4 \ + $(top_srcdir)/m4/stat-time.m4 $(top_srcdir)/m4/stat.m4 \ + $(top_srcdir)/m4/stdalign.m4 $(top_srcdir)/m4/stdbool.m4 \ + $(top_srcdir)/m4/stddef_h.m4 $(top_srcdir)/m4/stdint.m4 \ + $(top_srcdir)/m4/stdint_h.m4 $(top_srcdir)/m4/stdio_h.m4 \ + $(top_srcdir)/m4/stdlib_h.m4 $(top_srcdir)/m4/strcase.m4 \ + $(top_srcdir)/m4/strdup.m4 $(top_srcdir)/m4/strerror.m4 \ + $(top_srcdir)/m4/strerror_r.m4 $(top_srcdir)/m4/string_h.m4 \ + $(top_srcdir)/m4/strings_h.m4 $(top_srcdir)/m4/strndup.m4 \ + $(top_srcdir)/m4/strnlen.m4 $(top_srcdir)/m4/strtok_r.m4 \ + $(top_srcdir)/m4/strverscmp.m4 $(top_srcdir)/m4/symlink.m4 \ + $(top_srcdir)/m4/sys_ioctl_h.m4 \ + $(top_srcdir)/m4/sys_select_h.m4 \ + $(top_srcdir)/m4/sys_socket_h.m4 \ + $(top_srcdir)/m4/sys_stat_h.m4 $(top_srcdir)/m4/sys_time_h.m4 \ + $(top_srcdir)/m4/sys_types_h.m4 $(top_srcdir)/m4/sys_uio_h.m4 \ + $(top_srcdir)/m4/threadlib.m4 $(top_srcdir)/m4/time_h.m4 \ + $(top_srcdir)/m4/time_r.m4 $(top_srcdir)/m4/ungetc.m4 \ + $(top_srcdir)/m4/unistd_h.m4 \ + $(top_srcdir)/m4/valgrind-tests.m4 \ + $(top_srcdir)/m4/vasnprintf.m4 $(top_srcdir)/m4/vasprintf.m4 \ + $(top_srcdir)/m4/vsnprintf.m4 $(top_srcdir)/m4/warn-on-use.m4 \ + $(top_srcdir)/m4/warnings.m4 $(top_srcdir)/m4/wchar_h.m4 \ + $(top_srcdir)/m4/wchar_t.m4 $(top_srcdir)/m4/wint_t.m4 \ + $(top_srcdir)/m4/xsize.m4 $(top_srcdir)/configure.ac +am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ + $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) +mkinstalldirs = $(install_sh) -d +CONFIG_HEADER = $(top_builddir)/config.h +CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = +AM_V_P = $(am__v_P_@AM_V@) +am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) +am__v_P_0 = false +am__v_P_1 = : +AM_V_GEN = $(am__v_GEN_@AM_V@) +am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) +am__v_GEN_0 = @echo " GEN " $@; +am__v_GEN_1 = +AM_V_at = $(am__v_at_@AM_V@) +am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) +am__v_at_0 = @ +am__v_at_1 = +SOURCES = +DIST_SOURCES = +RECURSIVE_TARGETS = all-recursive check-recursive cscopelist-recursive \ + ctags-recursive dvi-recursive html-recursive info-recursive \ + install-data-recursive install-dvi-recursive \ + install-exec-recursive install-html-recursive \ + install-info-recursive install-pdf-recursive \ + install-ps-recursive install-recursive installcheck-recursive \ + installdirs-recursive pdf-recursive ps-recursive \ + tags-recursive uninstall-recursive +am__can_run_installinfo = \ + case $$AM_UPDATE_INFO_DIR in \ + n|no|NO) false;; \ + *) (install-info --version) >/dev/null 2>&1;; \ + esac +RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive \ + distclean-recursive maintainer-clean-recursive +am__recursive_targets = \ + $(RECURSIVE_TARGETS) \ + $(RECURSIVE_CLEAN_TARGETS) \ + $(am__extra_recursive_targets) +AM_RECURSIVE_TARGETS = $(am__recursive_targets:-recursive=) TAGS CTAGS \ + distdir distdir-am +am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) +# Read a list of newline-separated strings from the standard input, +# and print each of them once, without duplicates. Input order is +# *not* preserved. +am__uniquify_input = $(AWK) '\ + BEGIN { nonempty = 0; } \ + { items[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in items) print i; }; } \ +' +# Make sure the list of sources is unique. This is necessary because, +# e.g., the same source file might be shared among _SOURCES variables +# for different programs/libraries. +am__define_uniq_tagged_files = \ + list='$(am__tagged_files)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | $(am__uniquify_input)` +ETAGS = etags +CTAGS = ctags +DIST_SUBDIRS = $(SUBDIRS) +am__DIST_COMMON = $(srcdir)/Makefile.in +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) +am__relativize = \ + dir0=`pwd`; \ + sed_first='s,^\([^/]*\)/.*$$,\1,'; \ + sed_rest='s,^[^/]*/*,,'; \ + sed_last='s,^.*/\([^/]*\)$$,\1,'; \ + sed_butlast='s,/*[^/]*$$,,'; \ + while test -n "$$dir1"; do \ + first=`echo "$$dir1" | sed -e "$$sed_first"`; \ + if test "$$first" != "."; then \ + if test "$$first" = ".."; then \ + dir2=`echo "$$dir0" | sed -e "$$sed_last"`/"$$dir2"; \ + dir0=`echo "$$dir0" | sed -e "$$sed_butlast"`; \ + else \ + first2=`echo "$$dir2" | sed -e "$$sed_first"`; \ + if test "$$first2" = "$$first"; then \ + dir2=`echo "$$dir2" | sed -e "$$sed_rest"`; \ + else \ + dir2="../$$dir2"; \ + fi; \ + dir0="$$dir0"/"$$first"; \ + fi; \ + fi; \ + dir1=`echo "$$dir1" | sed -e "$$sed_rest"`; \ + done; \ + reldir="$$dir2" +ACLOCAL = @ACLOCAL@ +ALLOCA = @ALLOCA@ +ALLOCA_H = @ALLOCA_H@ +AMTAR = @AMTAR@ +AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ +APPLE_UNIVERSAL_BUILD = @APPLE_UNIVERSAL_BUILD@ +AR = @AR@ +ARFLAGS = @ARFLAGS@ +AUTOCONF = @AUTOCONF@ +AUTOGEN = @AUTOGEN@ +AUTOHEADER = @AUTOHEADER@ +AUTOMAKE = @AUTOMAKE@ +AWK = @AWK@ +BITSIZEOF_PTRDIFF_T = @BITSIZEOF_PTRDIFF_T@ +BITSIZEOF_SIG_ATOMIC_T = @BITSIZEOF_SIG_ATOMIC_T@ +BITSIZEOF_SIZE_T = @BITSIZEOF_SIZE_T@ +BITSIZEOF_WCHAR_T = @BITSIZEOF_WCHAR_T@ +BITSIZEOF_WINT_T = @BITSIZEOF_WINT_T@ +BYTESWAP_H = @BYTESWAP_H@ +CC = @CC@ +CCAS = @CCAS@ +CCASDEPMODE = @CCASDEPMODE@ +CCASFLAGS = @CCASFLAGS@ +CCDEPMODE = @CCDEPMODE@ +CFLAGS = @CFLAGS@ +CMOCKA_CFLAGS = @CMOCKA_CFLAGS@ +CMOCKA_LIBS = @CMOCKA_LIBS@ +CODE_COVERAGE_CFLAGS = @CODE_COVERAGE_CFLAGS@ +CODE_COVERAGE_CPPFLAGS = @CODE_COVERAGE_CPPFLAGS@ +CODE_COVERAGE_CXXFLAGS = @CODE_COVERAGE_CXXFLAGS@ +CODE_COVERAGE_ENABLED = @CODE_COVERAGE_ENABLED@ +CODE_COVERAGE_LIBS = @CODE_COVERAGE_LIBS@ +CONFIG_INCLUDE = @CONFIG_INCLUDE@ +CPP = @CPP@ +CPPFLAGS = @CPPFLAGS@ +CRYWRAP_PATCHLEVEL = @CRYWRAP_PATCHLEVEL@ +CXX = @CXX@ +CXXCPP = @CXXCPP@ +CXXDEPMODE = @CXXDEPMODE@ +CXXFLAGS = @CXXFLAGS@ +CXX_LT_AGE = @CXX_LT_AGE@ +CXX_LT_CURRENT = @CXX_LT_CURRENT@ +CXX_LT_REVISION = @CXX_LT_REVISION@ +CYGPATH_W = @CYGPATH_W@ +DEFS = @DEFS@ +DEPDIR = @DEPDIR@ +DLLTOOL = @DLLTOOL@ +DLL_SSL_VERSION = @DLL_SSL_VERSION@ +DLL_VERSION = @DLL_VERSION@ +DSYMUTIL = @DSYMUTIL@ +DUMPBIN = @DUMPBIN@ +ECHO_C = @ECHO_C@ +ECHO_N = @ECHO_N@ +ECHO_T = @ECHO_T@ +EGREP = @EGREP@ +EMULTIHOP_HIDDEN = @EMULTIHOP_HIDDEN@ +EMULTIHOP_VALUE = @EMULTIHOP_VALUE@ +ENABLE_PADLOCK = @ENABLE_PADLOCK@ +ENOLINK_HIDDEN = @ENOLINK_HIDDEN@ +ENOLINK_VALUE = @ENOLINK_VALUE@ +EOVERFLOW_HIDDEN = @EOVERFLOW_HIDDEN@ +EOVERFLOW_VALUE = @EOVERFLOW_VALUE@ +ERRNO_H = @ERRNO_H@ +EXEEXT = @EXEEXT@ +FGREP = @FGREP@ +FIPS140_LIBS = @FIPS140_LIBS@ +FLOAT_H = @FLOAT_H@ +GCOV = @GCOV@ +GENHTML = @GENHTML@ +GETADDRINFO_LIB = @GETADDRINFO_LIB@ +GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@ +GMP_CFLAGS = @GMP_CFLAGS@ +GMP_LIBS = @GMP_LIBS@ +GMSGFMT = @GMSGFMT@ +GMSGFMT_015 = @GMSGFMT_015@ +GNULIB_ACCEPT = @GNULIB_ACCEPT@ +GNULIB_ACCEPT4 = @GNULIB_ACCEPT4@ +GNULIB_ATOLL = @GNULIB_ATOLL@ +GNULIB_BIND = @GNULIB_BIND@ +GNULIB_BTOWC = @GNULIB_BTOWC@ +GNULIB_CALLOC_POSIX = @GNULIB_CALLOC_POSIX@ +GNULIB_CANONICALIZE_FILE_NAME = @GNULIB_CANONICALIZE_FILE_NAME@ +GNULIB_CHDIR = @GNULIB_CHDIR@ +GNULIB_CHOWN = @GNULIB_CHOWN@ +GNULIB_CLOSE = @GNULIB_CLOSE@ +GNULIB_CONNECT = @GNULIB_CONNECT@ +GNULIB_CTIME = @GNULIB_CTIME@ +GNULIB_DPRINTF = @GNULIB_DPRINTF@ +GNULIB_DUP = @GNULIB_DUP@ +GNULIB_DUP2 = @GNULIB_DUP2@ +GNULIB_DUP3 = @GNULIB_DUP3@ +GNULIB_DUPLOCALE = @GNULIB_DUPLOCALE@ +GNULIB_ENVIRON = @GNULIB_ENVIRON@ +GNULIB_EUIDACCESS = @GNULIB_EUIDACCESS@ +GNULIB_EXPLICIT_BZERO = @GNULIB_EXPLICIT_BZERO@ +GNULIB_FACCESSAT = @GNULIB_FACCESSAT@ +GNULIB_FCHDIR = @GNULIB_FCHDIR@ +GNULIB_FCHMODAT = @GNULIB_FCHMODAT@ +GNULIB_FCHOWNAT = @GNULIB_FCHOWNAT@ +GNULIB_FCLOSE = @GNULIB_FCLOSE@ +GNULIB_FCNTL = @GNULIB_FCNTL@ +GNULIB_FDATASYNC = @GNULIB_FDATASYNC@ +GNULIB_FDOPEN = @GNULIB_FDOPEN@ +GNULIB_FFLUSH = @GNULIB_FFLUSH@ +GNULIB_FFS = @GNULIB_FFS@ +GNULIB_FFSL = @GNULIB_FFSL@ +GNULIB_FFSLL = @GNULIB_FFSLL@ +GNULIB_FGETC = @GNULIB_FGETC@ +GNULIB_FGETS = @GNULIB_FGETS@ +GNULIB_FOPEN = @GNULIB_FOPEN@ +GNULIB_FPRINTF = @GNULIB_FPRINTF@ +GNULIB_FPRINTF_POSIX = @GNULIB_FPRINTF_POSIX@ +GNULIB_FPURGE = @GNULIB_FPURGE@ +GNULIB_FPUTC = @GNULIB_FPUTC@ +GNULIB_FPUTS = @GNULIB_FPUTS@ +GNULIB_FREAD = @GNULIB_FREAD@ +GNULIB_FREOPEN = @GNULIB_FREOPEN@ +GNULIB_FSCANF = @GNULIB_FSCANF@ +GNULIB_FSEEK = @GNULIB_FSEEK@ +GNULIB_FSEEKO = @GNULIB_FSEEKO@ +GNULIB_FSTAT = @GNULIB_FSTAT@ +GNULIB_FSTATAT = @GNULIB_FSTATAT@ +GNULIB_FSYNC = @GNULIB_FSYNC@ +GNULIB_FTELL = @GNULIB_FTELL@ +GNULIB_FTELLO = @GNULIB_FTELLO@ +GNULIB_FTRUNCATE = @GNULIB_FTRUNCATE@ +GNULIB_FUTIMENS = @GNULIB_FUTIMENS@ +GNULIB_FWRITE = @GNULIB_FWRITE@ +GNULIB_GETADDRINFO = @GNULIB_GETADDRINFO@ +GNULIB_GETC = @GNULIB_GETC@ +GNULIB_GETCHAR = @GNULIB_GETCHAR@ +GNULIB_GETCWD = @GNULIB_GETCWD@ +GNULIB_GETDELIM = @GNULIB_GETDELIM@ +GNULIB_GETDOMAINNAME = @GNULIB_GETDOMAINNAME@ +GNULIB_GETDTABLESIZE = @GNULIB_GETDTABLESIZE@ +GNULIB_GETGROUPS = @GNULIB_GETGROUPS@ +GNULIB_GETHOSTNAME = @GNULIB_GETHOSTNAME@ +GNULIB_GETLINE = @GNULIB_GETLINE@ +GNULIB_GETLOADAVG = @GNULIB_GETLOADAVG@ +GNULIB_GETLOGIN = @GNULIB_GETLOGIN@ +GNULIB_GETLOGIN_R = @GNULIB_GETLOGIN_R@ +GNULIB_GETPAGESIZE = @GNULIB_GETPAGESIZE@ +GNULIB_GETPASS = @GNULIB_GETPASS@ +GNULIB_GETPEERNAME = @GNULIB_GETPEERNAME@ +GNULIB_GETSOCKNAME = @GNULIB_GETSOCKNAME@ +GNULIB_GETSOCKOPT = @GNULIB_GETSOCKOPT@ +GNULIB_GETSUBOPT = @GNULIB_GETSUBOPT@ +GNULIB_GETTIMEOFDAY = @GNULIB_GETTIMEOFDAY@ +GNULIB_GETUSERSHELL = @GNULIB_GETUSERSHELL@ +GNULIB_GRANTPT = @GNULIB_GRANTPT@ +GNULIB_GROUP_MEMBER = @GNULIB_GROUP_MEMBER@ +GNULIB_IMAXABS = @GNULIB_IMAXABS@ +GNULIB_IMAXDIV = @GNULIB_IMAXDIV@ +GNULIB_INET_NTOP = @GNULIB_INET_NTOP@ +GNULIB_INET_PTON = @GNULIB_INET_PTON@ +GNULIB_IOCTL = @GNULIB_IOCTL@ +GNULIB_ISATTY = @GNULIB_ISATTY@ +GNULIB_ISBLANK = @GNULIB_ISBLANK@ +GNULIB_LCHMOD = @GNULIB_LCHMOD@ +GNULIB_LCHOWN = @GNULIB_LCHOWN@ +GNULIB_LINK = @GNULIB_LINK@ +GNULIB_LINKAT = @GNULIB_LINKAT@ +GNULIB_LISTEN = @GNULIB_LISTEN@ +GNULIB_LOCALECONV = @GNULIB_LOCALECONV@ +GNULIB_LOCALENAME = @GNULIB_LOCALENAME@ +GNULIB_LOCALTIME = @GNULIB_LOCALTIME@ +GNULIB_LSEEK = @GNULIB_LSEEK@ +GNULIB_LSTAT = @GNULIB_LSTAT@ +GNULIB_MALLOC_POSIX = @GNULIB_MALLOC_POSIX@ +GNULIB_MBRLEN = @GNULIB_MBRLEN@ +GNULIB_MBRTOWC = @GNULIB_MBRTOWC@ +GNULIB_MBSCASECMP = @GNULIB_MBSCASECMP@ +GNULIB_MBSCASESTR = @GNULIB_MBSCASESTR@ +GNULIB_MBSCHR = @GNULIB_MBSCHR@ +GNULIB_MBSCSPN = @GNULIB_MBSCSPN@ +GNULIB_MBSINIT = @GNULIB_MBSINIT@ +GNULIB_MBSLEN = @GNULIB_MBSLEN@ +GNULIB_MBSNCASECMP = @GNULIB_MBSNCASECMP@ +GNULIB_MBSNLEN = @GNULIB_MBSNLEN@ +GNULIB_MBSNRTOWCS = @GNULIB_MBSNRTOWCS@ +GNULIB_MBSPBRK = @GNULIB_MBSPBRK@ +GNULIB_MBSPCASECMP = @GNULIB_MBSPCASECMP@ +GNULIB_MBSRCHR = @GNULIB_MBSRCHR@ +GNULIB_MBSRTOWCS = @GNULIB_MBSRTOWCS@ +GNULIB_MBSSEP = @GNULIB_MBSSEP@ +GNULIB_MBSSPN = @GNULIB_MBSSPN@ +GNULIB_MBSSTR = @GNULIB_MBSSTR@ +GNULIB_MBSTOK_R = @GNULIB_MBSTOK_R@ +GNULIB_MBTOWC = @GNULIB_MBTOWC@ +GNULIB_MEMCHR = @GNULIB_MEMCHR@ +GNULIB_MEMMEM = @GNULIB_MEMMEM@ +GNULIB_MEMPCPY = @GNULIB_MEMPCPY@ +GNULIB_MEMRCHR = @GNULIB_MEMRCHR@ +GNULIB_MKDIRAT = @GNULIB_MKDIRAT@ +GNULIB_MKDTEMP = @GNULIB_MKDTEMP@ +GNULIB_MKFIFO = @GNULIB_MKFIFO@ +GNULIB_MKFIFOAT = @GNULIB_MKFIFOAT@ +GNULIB_MKNOD = @GNULIB_MKNOD@ +GNULIB_MKNODAT = @GNULIB_MKNODAT@ +GNULIB_MKOSTEMP = @GNULIB_MKOSTEMP@ +GNULIB_MKOSTEMPS = @GNULIB_MKOSTEMPS@ +GNULIB_MKSTEMP = @GNULIB_MKSTEMP@ +GNULIB_MKSTEMPS = @GNULIB_MKSTEMPS@ +GNULIB_MKTIME = @GNULIB_MKTIME@ +GNULIB_NANOSLEEP = @GNULIB_NANOSLEEP@ +GNULIB_NL_LANGINFO = @GNULIB_NL_LANGINFO@ +GNULIB_NONBLOCKING = @GNULIB_NONBLOCKING@ +GNULIB_OBSTACK_PRINTF = @GNULIB_OBSTACK_PRINTF@ +GNULIB_OBSTACK_PRINTF_POSIX = @GNULIB_OBSTACK_PRINTF_POSIX@ +GNULIB_OPEN = @GNULIB_OPEN@ +GNULIB_OPENAT = @GNULIB_OPENAT@ +GNULIB_OVERRIDES_STRUCT_STAT = @GNULIB_OVERRIDES_STRUCT_STAT@ +GNULIB_OVERRIDES_WINT_T = @GNULIB_OVERRIDES_WINT_T@ +GNULIB_PCLOSE = @GNULIB_PCLOSE@ +GNULIB_PERROR = @GNULIB_PERROR@ +GNULIB_PIPE = @GNULIB_PIPE@ +GNULIB_PIPE2 = @GNULIB_PIPE2@ +GNULIB_POPEN = @GNULIB_POPEN@ +GNULIB_POSIX_OPENPT = @GNULIB_POSIX_OPENPT@ +GNULIB_PREAD = @GNULIB_PREAD@ +GNULIB_PRINTF = @GNULIB_PRINTF@ +GNULIB_PRINTF_POSIX = @GNULIB_PRINTF_POSIX@ +GNULIB_PSELECT = @GNULIB_PSELECT@ +GNULIB_PTHREAD_SIGMASK = @GNULIB_PTHREAD_SIGMASK@ +GNULIB_PTSNAME = @GNULIB_PTSNAME@ +GNULIB_PTSNAME_R = @GNULIB_PTSNAME_R@ +GNULIB_PUTC = @GNULIB_PUTC@ +GNULIB_PUTCHAR = @GNULIB_PUTCHAR@ +GNULIB_PUTENV = @GNULIB_PUTENV@ +GNULIB_PUTS = @GNULIB_PUTS@ +GNULIB_PWRITE = @GNULIB_PWRITE@ +GNULIB_QSORT_R = @GNULIB_QSORT_R@ +GNULIB_RAISE = @GNULIB_RAISE@ +GNULIB_RANDOM = @GNULIB_RANDOM@ +GNULIB_RANDOM_R = @GNULIB_RANDOM_R@ +GNULIB_RAWMEMCHR = @GNULIB_RAWMEMCHR@ +GNULIB_READ = @GNULIB_READ@ +GNULIB_READLINK = @GNULIB_READLINK@ +GNULIB_READLINKAT = @GNULIB_READLINKAT@ +GNULIB_REALLOCARRAY = @GNULIB_REALLOCARRAY@ +GNULIB_REALLOC_POSIX = @GNULIB_REALLOC_POSIX@ +GNULIB_REALPATH = @GNULIB_REALPATH@ +GNULIB_RECV = @GNULIB_RECV@ +GNULIB_RECVFROM = @GNULIB_RECVFROM@ +GNULIB_REMOVE = @GNULIB_REMOVE@ +GNULIB_RENAME = @GNULIB_RENAME@ +GNULIB_RENAMEAT = @GNULIB_RENAMEAT@ +GNULIB_RMDIR = @GNULIB_RMDIR@ +GNULIB_RPMATCH = @GNULIB_RPMATCH@ +GNULIB_SCANF = @GNULIB_SCANF@ +GNULIB_SECURE_GETENV = @GNULIB_SECURE_GETENV@ +GNULIB_SELECT = @GNULIB_SELECT@ +GNULIB_SEND = @GNULIB_SEND@ +GNULIB_SENDTO = @GNULIB_SENDTO@ +GNULIB_SETENV = @GNULIB_SETENV@ +GNULIB_SETHOSTNAME = @GNULIB_SETHOSTNAME@ +GNULIB_SETLOCALE = @GNULIB_SETLOCALE@ +GNULIB_SETSOCKOPT = @GNULIB_SETSOCKOPT@ +GNULIB_SHUTDOWN = @GNULIB_SHUTDOWN@ +GNULIB_SIGACTION = @GNULIB_SIGACTION@ +GNULIB_SIGNAL_H_SIGPIPE = @GNULIB_SIGNAL_H_SIGPIPE@ +GNULIB_SIGPROCMASK = @GNULIB_SIGPROCMASK@ +GNULIB_SLEEP = @GNULIB_SLEEP@ +GNULIB_SNPRINTF = @GNULIB_SNPRINTF@ +GNULIB_SOCKET = @GNULIB_SOCKET@ +GNULIB_SPRINTF_POSIX = @GNULIB_SPRINTF_POSIX@ +GNULIB_STAT = @GNULIB_STAT@ +GNULIB_STDIO_H_NONBLOCKING = @GNULIB_STDIO_H_NONBLOCKING@ +GNULIB_STDIO_H_SIGPIPE = @GNULIB_STDIO_H_SIGPIPE@ +GNULIB_STPCPY = @GNULIB_STPCPY@ +GNULIB_STPNCPY = @GNULIB_STPNCPY@ +GNULIB_STRCASESTR = @GNULIB_STRCASESTR@ +GNULIB_STRCHRNUL = @GNULIB_STRCHRNUL@ +GNULIB_STRDUP = @GNULIB_STRDUP@ +GNULIB_STRERROR = @GNULIB_STRERROR@ +GNULIB_STRERROR_R = @GNULIB_STRERROR_R@ +GNULIB_STRFTIME = @GNULIB_STRFTIME@ +GNULIB_STRNCAT = @GNULIB_STRNCAT@ +GNULIB_STRNDUP = @GNULIB_STRNDUP@ +GNULIB_STRNLEN = @GNULIB_STRNLEN@ +GNULIB_STRPBRK = @GNULIB_STRPBRK@ +GNULIB_STRPTIME = @GNULIB_STRPTIME@ +GNULIB_STRSEP = @GNULIB_STRSEP@ +GNULIB_STRSIGNAL = @GNULIB_STRSIGNAL@ +GNULIB_STRSTR = @GNULIB_STRSTR@ +GNULIB_STRTOD = @GNULIB_STRTOD@ +GNULIB_STRTOIMAX = @GNULIB_STRTOIMAX@ +GNULIB_STRTOK_R = @GNULIB_STRTOK_R@ +GNULIB_STRTOLD = @GNULIB_STRTOLD@ +GNULIB_STRTOLL = @GNULIB_STRTOLL@ +GNULIB_STRTOULL = @GNULIB_STRTOULL@ +GNULIB_STRTOUMAX = @GNULIB_STRTOUMAX@ +GNULIB_STRVERSCMP = @GNULIB_STRVERSCMP@ +GNULIB_SYMLINK = @GNULIB_SYMLINK@ +GNULIB_SYMLINKAT = @GNULIB_SYMLINKAT@ +GNULIB_SYSTEM_POSIX = @GNULIB_SYSTEM_POSIX@ +GNULIB_TIMEGM = @GNULIB_TIMEGM@ +GNULIB_TIME_R = @GNULIB_TIME_R@ +GNULIB_TIME_RZ = @GNULIB_TIME_RZ@ +GNULIB_TMPFILE = @GNULIB_TMPFILE@ +GNULIB_TRUNCATE = @GNULIB_TRUNCATE@ +GNULIB_TTYNAME_R = @GNULIB_TTYNAME_R@ +GNULIB_TZSET = @GNULIB_TZSET@ +GNULIB_UNISTD_H_NONBLOCKING = @GNULIB_UNISTD_H_NONBLOCKING@ +GNULIB_UNISTD_H_SIGPIPE = @GNULIB_UNISTD_H_SIGPIPE@ +GNULIB_UNLINK = @GNULIB_UNLINK@ +GNULIB_UNLINKAT = @GNULIB_UNLINKAT@ +GNULIB_UNLOCKPT = @GNULIB_UNLOCKPT@ +GNULIB_UNSETENV = @GNULIB_UNSETENV@ +GNULIB_USLEEP = @GNULIB_USLEEP@ +GNULIB_UTIMENSAT = @GNULIB_UTIMENSAT@ +GNULIB_VASPRINTF = @GNULIB_VASPRINTF@ +GNULIB_VDPRINTF = @GNULIB_VDPRINTF@ +GNULIB_VFPRINTF = @GNULIB_VFPRINTF@ +GNULIB_VFPRINTF_POSIX = @GNULIB_VFPRINTF_POSIX@ +GNULIB_VFSCANF = @GNULIB_VFSCANF@ +GNULIB_VPRINTF = @GNULIB_VPRINTF@ +GNULIB_VPRINTF_POSIX = @GNULIB_VPRINTF_POSIX@ +GNULIB_VSCANF = @GNULIB_VSCANF@ +GNULIB_VSNPRINTF = @GNULIB_VSNPRINTF@ +GNULIB_VSPRINTF_POSIX = @GNULIB_VSPRINTF_POSIX@ +GNULIB_WCPCPY = @GNULIB_WCPCPY@ +GNULIB_WCPNCPY = @GNULIB_WCPNCPY@ +GNULIB_WCRTOMB = @GNULIB_WCRTOMB@ +GNULIB_WCSCASECMP = @GNULIB_WCSCASECMP@ +GNULIB_WCSCAT = @GNULIB_WCSCAT@ +GNULIB_WCSCHR = @GNULIB_WCSCHR@ +GNULIB_WCSCMP = @GNULIB_WCSCMP@ +GNULIB_WCSCOLL = @GNULIB_WCSCOLL@ +GNULIB_WCSCPY = @GNULIB_WCSCPY@ +GNULIB_WCSCSPN = @GNULIB_WCSCSPN@ +GNULIB_WCSDUP = @GNULIB_WCSDUP@ +GNULIB_WCSFTIME = @GNULIB_WCSFTIME@ +GNULIB_WCSLEN = @GNULIB_WCSLEN@ +GNULIB_WCSNCASECMP = @GNULIB_WCSNCASECMP@ +GNULIB_WCSNCAT = @GNULIB_WCSNCAT@ +GNULIB_WCSNCMP = @GNULIB_WCSNCMP@ +GNULIB_WCSNCPY = @GNULIB_WCSNCPY@ +GNULIB_WCSNLEN = @GNULIB_WCSNLEN@ +GNULIB_WCSNRTOMBS = @GNULIB_WCSNRTOMBS@ +GNULIB_WCSPBRK = @GNULIB_WCSPBRK@ +GNULIB_WCSRCHR = @GNULIB_WCSRCHR@ +GNULIB_WCSRTOMBS = @GNULIB_WCSRTOMBS@ +GNULIB_WCSSPN = @GNULIB_WCSSPN@ +GNULIB_WCSSTR = @GNULIB_WCSSTR@ +GNULIB_WCSTOK = @GNULIB_WCSTOK@ +GNULIB_WCSWIDTH = @GNULIB_WCSWIDTH@ +GNULIB_WCSXFRM = @GNULIB_WCSXFRM@ +GNULIB_WCTOB = @GNULIB_WCTOB@ +GNULIB_WCTOMB = @GNULIB_WCTOMB@ +GNULIB_WCWIDTH = @GNULIB_WCWIDTH@ +GNULIB_WMEMCHR = @GNULIB_WMEMCHR@ +GNULIB_WMEMCMP = @GNULIB_WMEMCMP@ +GNULIB_WMEMCPY = @GNULIB_WMEMCPY@ +GNULIB_WMEMMOVE = @GNULIB_WMEMMOVE@ +GNULIB_WMEMSET = @GNULIB_WMEMSET@ +GNULIB_WRITE = @GNULIB_WRITE@ +GNULIB__EXIT = @GNULIB__EXIT@ +GNUTLS_REQUIRES_PRIVATE = @GNUTLS_REQUIRES_PRIVATE@ +GREP = @GREP@ +GTKDOC_CHECK = @GTKDOC_CHECK@ +GTKDOC_CHECK_PATH = @GTKDOC_CHECK_PATH@ +GTKDOC_DEPS_CFLAGS = @GTKDOC_DEPS_CFLAGS@ +GTKDOC_DEPS_LIBS = @GTKDOC_DEPS_LIBS@ +GTKDOC_MKPDF = @GTKDOC_MKPDF@ +GTKDOC_REBASE = @GTKDOC_REBASE@ +GUILD = @GUILD@ +GUILE = @GUILE@ +GUILE_CFLAGS = @GUILE_CFLAGS@ +GUILE_CONFIG = @GUILE_CONFIG@ +GUILE_EFFECTIVE_VERSION = @GUILE_EFFECTIVE_VERSION@ +GUILE_EXTENSION = @GUILE_EXTENSION@ +GUILE_LDFLAGS = @GUILE_LDFLAGS@ +GUILE_LIBS = @GUILE_LIBS@ +GUILE_LTLIBS = @GUILE_LTLIBS@ +GUILE_SITE = @GUILE_SITE@ +GUILE_SITE_CCACHE = @GUILE_SITE_CCACHE@ +GUILE_TOOLS = @GUILE_TOOLS@ +HAVE_ACCEPT4 = @HAVE_ACCEPT4@ +HAVE_ALLOCA_H = @HAVE_ALLOCA_H@ +HAVE_ARPA_INET_H = @HAVE_ARPA_INET_H@ +HAVE_ATOLL = @HAVE_ATOLL@ +HAVE_BTOWC = @HAVE_BTOWC@ +HAVE_C99_STDINT_H = @HAVE_C99_STDINT_H@ +HAVE_CANONICALIZE_FILE_NAME = @HAVE_CANONICALIZE_FILE_NAME@ +HAVE_CHOWN = @HAVE_CHOWN@ +HAVE_CRTDEFS_H = @HAVE_CRTDEFS_H@ +HAVE_DECL_ENVIRON = @HAVE_DECL_ENVIRON@ +HAVE_DECL_FCHDIR = @HAVE_DECL_FCHDIR@ +HAVE_DECL_FDATASYNC = @HAVE_DECL_FDATASYNC@ +HAVE_DECL_FPURGE = @HAVE_DECL_FPURGE@ +HAVE_DECL_FREEADDRINFO = @HAVE_DECL_FREEADDRINFO@ +HAVE_DECL_FSEEKO = @HAVE_DECL_FSEEKO@ +HAVE_DECL_FTELLO = @HAVE_DECL_FTELLO@ +HAVE_DECL_GAI_STRERROR = @HAVE_DECL_GAI_STRERROR@ +HAVE_DECL_GETADDRINFO = @HAVE_DECL_GETADDRINFO@ +HAVE_DECL_GETDELIM = @HAVE_DECL_GETDELIM@ +HAVE_DECL_GETDOMAINNAME = @HAVE_DECL_GETDOMAINNAME@ +HAVE_DECL_GETLINE = @HAVE_DECL_GETLINE@ +HAVE_DECL_GETLOADAVG = @HAVE_DECL_GETLOADAVG@ +HAVE_DECL_GETLOGIN = @HAVE_DECL_GETLOGIN@ +HAVE_DECL_GETLOGIN_R = @HAVE_DECL_GETLOGIN_R@ +HAVE_DECL_GETNAMEINFO = @HAVE_DECL_GETNAMEINFO@ +HAVE_DECL_GETPAGESIZE = @HAVE_DECL_GETPAGESIZE@ +HAVE_DECL_GETUSERSHELL = @HAVE_DECL_GETUSERSHELL@ +HAVE_DECL_IMAXABS = @HAVE_DECL_IMAXABS@ +HAVE_DECL_IMAXDIV = @HAVE_DECL_IMAXDIV@ +HAVE_DECL_INET_NTOP = @HAVE_DECL_INET_NTOP@ +HAVE_DECL_INET_PTON = @HAVE_DECL_INET_PTON@ +HAVE_DECL_INITSTATE = @HAVE_DECL_INITSTATE@ +HAVE_DECL_LOCALTIME_R = @HAVE_DECL_LOCALTIME_R@ +HAVE_DECL_MEMMEM = @HAVE_DECL_MEMMEM@ +HAVE_DECL_MEMRCHR = @HAVE_DECL_MEMRCHR@ +HAVE_DECL_OBSTACK_PRINTF = @HAVE_DECL_OBSTACK_PRINTF@ +HAVE_DECL_SETENV = @HAVE_DECL_SETENV@ +HAVE_DECL_SETHOSTNAME = @HAVE_DECL_SETHOSTNAME@ +HAVE_DECL_SETSTATE = @HAVE_DECL_SETSTATE@ +HAVE_DECL_SNPRINTF = @HAVE_DECL_SNPRINTF@ +HAVE_DECL_STRDUP = @HAVE_DECL_STRDUP@ +HAVE_DECL_STRERROR_R = @HAVE_DECL_STRERROR_R@ +HAVE_DECL_STRNCASECMP = @HAVE_DECL_STRNCASECMP@ +HAVE_DECL_STRNDUP = @HAVE_DECL_STRNDUP@ +HAVE_DECL_STRNLEN = @HAVE_DECL_STRNLEN@ +HAVE_DECL_STRSIGNAL = @HAVE_DECL_STRSIGNAL@ +HAVE_DECL_STRTOIMAX = @HAVE_DECL_STRTOIMAX@ +HAVE_DECL_STRTOK_R = @HAVE_DECL_STRTOK_R@ +HAVE_DECL_STRTOUMAX = @HAVE_DECL_STRTOUMAX@ +HAVE_DECL_TRUNCATE = @HAVE_DECL_TRUNCATE@ +HAVE_DECL_TTYNAME_R = @HAVE_DECL_TTYNAME_R@ +HAVE_DECL_UNSETENV = @HAVE_DECL_UNSETENV@ +HAVE_DECL_VSNPRINTF = @HAVE_DECL_VSNPRINTF@ +HAVE_DECL_WCTOB = @HAVE_DECL_WCTOB@ +HAVE_DECL_WCWIDTH = @HAVE_DECL_WCWIDTH@ +HAVE_DPRINTF = @HAVE_DPRINTF@ +HAVE_DUP2 = @HAVE_DUP2@ +HAVE_DUP3 = @HAVE_DUP3@ +HAVE_DUPLOCALE = @HAVE_DUPLOCALE@ +HAVE_EUIDACCESS = @HAVE_EUIDACCESS@ +HAVE_EXPLICIT_BZERO = @HAVE_EXPLICIT_BZERO@ +HAVE_FACCESSAT = @HAVE_FACCESSAT@ +HAVE_FCHDIR = @HAVE_FCHDIR@ +HAVE_FCHMODAT = @HAVE_FCHMODAT@ +HAVE_FCHOWNAT = @HAVE_FCHOWNAT@ +HAVE_FCNTL = @HAVE_FCNTL@ +HAVE_FDATASYNC = @HAVE_FDATASYNC@ +HAVE_FEATURES_H = @HAVE_FEATURES_H@ +HAVE_FFS = @HAVE_FFS@ +HAVE_FFSL = @HAVE_FFSL@ +HAVE_FFSLL = @HAVE_FFSLL@ +HAVE_FREELOCALE = @HAVE_FREELOCALE@ +HAVE_FSEEKO = @HAVE_FSEEKO@ +HAVE_FSTATAT = @HAVE_FSTATAT@ +HAVE_FSYNC = @HAVE_FSYNC@ +HAVE_FTELLO = @HAVE_FTELLO@ +HAVE_FTRUNCATE = @HAVE_FTRUNCATE@ +HAVE_FUTIMENS = @HAVE_FUTIMENS@ +HAVE_GETDTABLESIZE = @HAVE_GETDTABLESIZE@ +HAVE_GETGROUPS = @HAVE_GETGROUPS@ +HAVE_GETHOSTNAME = @HAVE_GETHOSTNAME@ +HAVE_GETLOGIN = @HAVE_GETLOGIN@ +HAVE_GETPAGESIZE = @HAVE_GETPAGESIZE@ +HAVE_GETPASS = @HAVE_GETPASS@ +HAVE_GETSUBOPT = @HAVE_GETSUBOPT@ +HAVE_GETTIMEOFDAY = @HAVE_GETTIMEOFDAY@ +HAVE_GRANTPT = @HAVE_GRANTPT@ +HAVE_GROUP_MEMBER = @HAVE_GROUP_MEMBER@ +HAVE_IMAXDIV_T = @HAVE_IMAXDIV_T@ +HAVE_INITSTATE = @HAVE_INITSTATE@ +HAVE_INTTYPES_H = @HAVE_INTTYPES_H@ +HAVE_ISBLANK = @HAVE_ISBLANK@ +HAVE_LANGINFO_ALTMON = @HAVE_LANGINFO_ALTMON@ +HAVE_LANGINFO_CODESET = @HAVE_LANGINFO_CODESET@ +HAVE_LANGINFO_ERA = @HAVE_LANGINFO_ERA@ +HAVE_LANGINFO_H = @HAVE_LANGINFO_H@ +HAVE_LANGINFO_T_FMT_AMPM = @HAVE_LANGINFO_T_FMT_AMPM@ +HAVE_LANGINFO_YESEXPR = @HAVE_LANGINFO_YESEXPR@ +HAVE_LCHMOD = @HAVE_LCHMOD@ +HAVE_LCHOWN = @HAVE_LCHOWN@ +HAVE_LIBCRYPTO = @HAVE_LIBCRYPTO@ +HAVE_LIBDL = @HAVE_LIBDL@ +HAVE_LIBPTHREAD = @HAVE_LIBPTHREAD@ +HAVE_LIBRT = @HAVE_LIBRT@ +HAVE_LIBSECCOMP = @HAVE_LIBSECCOMP@ +HAVE_LINK = @HAVE_LINK@ +HAVE_LINKAT = @HAVE_LINKAT@ +HAVE_LONG_LONG_INT = @HAVE_LONG_LONG_INT@ +HAVE_LSTAT = @HAVE_LSTAT@ +HAVE_MAX_ALIGN_T = @HAVE_MAX_ALIGN_T@ +HAVE_MBRLEN = @HAVE_MBRLEN@ +HAVE_MBRTOWC = @HAVE_MBRTOWC@ +HAVE_MBSINIT = @HAVE_MBSINIT@ +HAVE_MBSLEN = @HAVE_MBSLEN@ +HAVE_MBSNRTOWCS = @HAVE_MBSNRTOWCS@ +HAVE_MBSRTOWCS = @HAVE_MBSRTOWCS@ +HAVE_MBTOWC = @HAVE_MBTOWC@ +HAVE_MEMCHR = @HAVE_MEMCHR@ +HAVE_MEMPCPY = @HAVE_MEMPCPY@ +HAVE_MKDIRAT = @HAVE_MKDIRAT@ +HAVE_MKDTEMP = @HAVE_MKDTEMP@ +HAVE_MKFIFO = @HAVE_MKFIFO@ +HAVE_MKFIFOAT = @HAVE_MKFIFOAT@ +HAVE_MKNOD = @HAVE_MKNOD@ +HAVE_MKNODAT = @HAVE_MKNODAT@ +HAVE_MKOSTEMP = @HAVE_MKOSTEMP@ +HAVE_MKOSTEMPS = @HAVE_MKOSTEMPS@ +HAVE_MKSTEMP = @HAVE_MKSTEMP@ +HAVE_MKSTEMPS = @HAVE_MKSTEMPS@ +HAVE_MSVC_INVALID_PARAMETER_HANDLER = @HAVE_MSVC_INVALID_PARAMETER_HANDLER@ +HAVE_NANOSLEEP = @HAVE_NANOSLEEP@ +HAVE_NETDB_H = @HAVE_NETDB_H@ +HAVE_NETINET_IN_H = @HAVE_NETINET_IN_H@ +HAVE_NEWLOCALE = @HAVE_NEWLOCALE@ +HAVE_NL_LANGINFO = @HAVE_NL_LANGINFO@ +HAVE_OPENAT = @HAVE_OPENAT@ +HAVE_OS_H = @HAVE_OS_H@ +HAVE_PCLOSE = @HAVE_PCLOSE@ +HAVE_PIPE = @HAVE_PIPE@ +HAVE_PIPE2 = @HAVE_PIPE2@ +HAVE_POPEN = @HAVE_POPEN@ +HAVE_POSIX_OPENPT = @HAVE_POSIX_OPENPT@ +HAVE_POSIX_SIGNALBLOCKING = @HAVE_POSIX_SIGNALBLOCKING@ +HAVE_PREAD = @HAVE_PREAD@ +HAVE_PSELECT = @HAVE_PSELECT@ +HAVE_PTHREAD_SIGMASK = @HAVE_PTHREAD_SIGMASK@ +HAVE_PTSNAME = @HAVE_PTSNAME@ +HAVE_PTSNAME_R = @HAVE_PTSNAME_R@ +HAVE_PWRITE = @HAVE_PWRITE@ +HAVE_QSORT_R = @HAVE_QSORT_R@ +HAVE_RAISE = @HAVE_RAISE@ +HAVE_RANDOM = @HAVE_RANDOM@ +HAVE_RANDOM_H = @HAVE_RANDOM_H@ +HAVE_RANDOM_R = @HAVE_RANDOM_R@ +HAVE_RAWMEMCHR = @HAVE_RAWMEMCHR@ +HAVE_READLINK = @HAVE_READLINK@ +HAVE_READLINKAT = @HAVE_READLINKAT@ +HAVE_REALLOCARRAY = @HAVE_REALLOCARRAY@ +HAVE_REALPATH = @HAVE_REALPATH@ +HAVE_RENAMEAT = @HAVE_RENAMEAT@ +HAVE_RPMATCH = @HAVE_RPMATCH@ +HAVE_SA_FAMILY_T = @HAVE_SA_FAMILY_T@ +HAVE_SECURE_GETENV = @HAVE_SECURE_GETENV@ +HAVE_SETENV = @HAVE_SETENV@ +HAVE_SETHOSTNAME = @HAVE_SETHOSTNAME@ +HAVE_SETSTATE = @HAVE_SETSTATE@ +HAVE_SIGACTION = @HAVE_SIGACTION@ +HAVE_SIGHANDLER_T = @HAVE_SIGHANDLER_T@ +HAVE_SIGINFO_T = @HAVE_SIGINFO_T@ +HAVE_SIGNED_SIG_ATOMIC_T = @HAVE_SIGNED_SIG_ATOMIC_T@ +HAVE_SIGNED_WCHAR_T = @HAVE_SIGNED_WCHAR_T@ +HAVE_SIGNED_WINT_T = @HAVE_SIGNED_WINT_T@ +HAVE_SIGSET_T = @HAVE_SIGSET_T@ +HAVE_SLEEP = @HAVE_SLEEP@ +HAVE_STDINT_H = @HAVE_STDINT_H@ +HAVE_STPCPY = @HAVE_STPCPY@ +HAVE_STPNCPY = @HAVE_STPNCPY@ +HAVE_STRCASECMP = @HAVE_STRCASECMP@ +HAVE_STRCASESTR = @HAVE_STRCASESTR@ +HAVE_STRCHRNUL = @HAVE_STRCHRNUL@ +HAVE_STRINGS_H = @HAVE_STRINGS_H@ +HAVE_STRPBRK = @HAVE_STRPBRK@ +HAVE_STRPTIME = @HAVE_STRPTIME@ +HAVE_STRSEP = @HAVE_STRSEP@ +HAVE_STRTOD = @HAVE_STRTOD@ +HAVE_STRTOLD = @HAVE_STRTOLD@ +HAVE_STRTOLL = @HAVE_STRTOLL@ +HAVE_STRTOULL = @HAVE_STRTOULL@ +HAVE_STRUCT_ADDRINFO = @HAVE_STRUCT_ADDRINFO@ +HAVE_STRUCT_RANDOM_DATA = @HAVE_STRUCT_RANDOM_DATA@ +HAVE_STRUCT_SIGACTION_SA_SIGACTION = @HAVE_STRUCT_SIGACTION_SA_SIGACTION@ +HAVE_STRUCT_SOCKADDR_STORAGE = @HAVE_STRUCT_SOCKADDR_STORAGE@ +HAVE_STRUCT_SOCKADDR_STORAGE_SS_FAMILY = @HAVE_STRUCT_SOCKADDR_STORAGE_SS_FAMILY@ +HAVE_STRUCT_TIMEVAL = @HAVE_STRUCT_TIMEVAL@ +HAVE_STRVERSCMP = @HAVE_STRVERSCMP@ +HAVE_SYMLINK = @HAVE_SYMLINK@ +HAVE_SYMLINKAT = @HAVE_SYMLINKAT@ +HAVE_SYS_BITYPES_H = @HAVE_SYS_BITYPES_H@ +HAVE_SYS_INTTYPES_H = @HAVE_SYS_INTTYPES_H@ +HAVE_SYS_IOCTL_H = @HAVE_SYS_IOCTL_H@ +HAVE_SYS_LOADAVG_H = @HAVE_SYS_LOADAVG_H@ +HAVE_SYS_PARAM_H = @HAVE_SYS_PARAM_H@ +HAVE_SYS_SELECT_H = @HAVE_SYS_SELECT_H@ +HAVE_SYS_SOCKET_H = @HAVE_SYS_SOCKET_H@ +HAVE_SYS_TIME_H = @HAVE_SYS_TIME_H@ +HAVE_SYS_TYPES_H = @HAVE_SYS_TYPES_H@ +HAVE_SYS_UIO_H = @HAVE_SYS_UIO_H@ +HAVE_TIMEGM = @HAVE_TIMEGM@ +HAVE_TIMEZONE_T = @HAVE_TIMEZONE_T@ +HAVE_TYPE_VOLATILE_SIG_ATOMIC_T = @HAVE_TYPE_VOLATILE_SIG_ATOMIC_T@ +HAVE_TZSET = @HAVE_TZSET@ +HAVE_UNISTD_H = @HAVE_UNISTD_H@ +HAVE_UNLINKAT = @HAVE_UNLINKAT@ +HAVE_UNLOCKPT = @HAVE_UNLOCKPT@ +HAVE_UNSIGNED_LONG_LONG_INT = @HAVE_UNSIGNED_LONG_LONG_INT@ +HAVE_USLEEP = @HAVE_USLEEP@ +HAVE_UTIMENSAT = @HAVE_UTIMENSAT@ +HAVE_VASPRINTF = @HAVE_VASPRINTF@ +HAVE_VDPRINTF = @HAVE_VDPRINTF@ +HAVE_WCHAR_H = @HAVE_WCHAR_H@ +HAVE_WCHAR_T = @HAVE_WCHAR_T@ +HAVE_WCPCPY = @HAVE_WCPCPY@ +HAVE_WCPNCPY = @HAVE_WCPNCPY@ +HAVE_WCRTOMB = @HAVE_WCRTOMB@ +HAVE_WCSCASECMP = @HAVE_WCSCASECMP@ +HAVE_WCSCAT = @HAVE_WCSCAT@ +HAVE_WCSCHR = @HAVE_WCSCHR@ +HAVE_WCSCMP = @HAVE_WCSCMP@ +HAVE_WCSCOLL = @HAVE_WCSCOLL@ +HAVE_WCSCPY = @HAVE_WCSCPY@ +HAVE_WCSCSPN = @HAVE_WCSCSPN@ +HAVE_WCSDUP = @HAVE_WCSDUP@ +HAVE_WCSFTIME = @HAVE_WCSFTIME@ +HAVE_WCSLEN = @HAVE_WCSLEN@ +HAVE_WCSNCASECMP = @HAVE_WCSNCASECMP@ +HAVE_WCSNCAT = @HAVE_WCSNCAT@ +HAVE_WCSNCMP = @HAVE_WCSNCMP@ +HAVE_WCSNCPY = @HAVE_WCSNCPY@ +HAVE_WCSNLEN = @HAVE_WCSNLEN@ +HAVE_WCSNRTOMBS = @HAVE_WCSNRTOMBS@ +HAVE_WCSPBRK = @HAVE_WCSPBRK@ +HAVE_WCSRCHR = @HAVE_WCSRCHR@ +HAVE_WCSRTOMBS = @HAVE_WCSRTOMBS@ +HAVE_WCSSPN = @HAVE_WCSSPN@ +HAVE_WCSSTR = @HAVE_WCSSTR@ +HAVE_WCSTOK = @HAVE_WCSTOK@ +HAVE_WCSWIDTH = @HAVE_WCSWIDTH@ +HAVE_WCSXFRM = @HAVE_WCSXFRM@ +HAVE_WINSOCK2_H = @HAVE_WINSOCK2_H@ +HAVE_WINT_T = @HAVE_WINT_T@ +HAVE_WMEMCHR = @HAVE_WMEMCHR@ +HAVE_WMEMCMP = @HAVE_WMEMCMP@ +HAVE_WMEMCPY = @HAVE_WMEMCPY@ +HAVE_WMEMMOVE = @HAVE_WMEMMOVE@ +HAVE_WMEMSET = @HAVE_WMEMSET@ +HAVE_WS2TCPIP_H = @HAVE_WS2TCPIP_H@ +HAVE_XLOCALE_H = @HAVE_XLOCALE_H@ +HAVE__BOOL = @HAVE__BOOL@ +HAVE__EXIT = @HAVE__EXIT@ +HOGWEED_CFLAGS = @HOGWEED_CFLAGS@ +HOGWEED_LIBS = @HOGWEED_LIBS@ +HOSTENT_LIB = @HOSTENT_LIB@ +HTML_DIR = @HTML_DIR@ +INCLUDE_NEXT = @INCLUDE_NEXT@ +INCLUDE_NEXT_AS_FIRST_DIRECTIVE = @INCLUDE_NEXT_AS_FIRST_DIRECTIVE@ +INET_NTOP_LIB = @INET_NTOP_LIB@ +INET_PTON_LIB = @INET_PTON_LIB@ +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +INT32_MAX_LT_INTMAX_MAX = @INT32_MAX_LT_INTMAX_MAX@ +INT64_MAX_EQ_LONG_MAX = @INT64_MAX_EQ_LONG_MAX@ +INTLLIBS = @INTLLIBS@ +INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@ +LCOV = @LCOV@ +LD = @LD@ +LDFLAGS = @LDFLAGS@ +LIBATOMIC_LIBS = @LIBATOMIC_LIBS@ +LIBCRYPTO = @LIBCRYPTO@ +LIBCRYPTO_PREFIX = @LIBCRYPTO_PREFIX@ +LIBDL = @LIBDL@ +LIBDL_PREFIX = @LIBDL_PREFIX@ +LIBGNUTLS_CFLAGS = @LIBGNUTLS_CFLAGS@ +LIBGNUTLS_LIBS = @LIBGNUTLS_LIBS@ +LIBICONV = @LIBICONV@ +LIBIDN2_CFLAGS = @LIBIDN2_CFLAGS@ +LIBIDN2_LIBS = @LIBIDN2_LIBS@ +LIBINTL = @LIBINTL@ +LIBMULTITHREAD = @LIBMULTITHREAD@ +LIBOBJS = @LIBOBJS@ +LIBOPTS_CFLAGS = @LIBOPTS_CFLAGS@ +LIBOPTS_DIR = @LIBOPTS_DIR@ +LIBOPTS_LDADD = @LIBOPTS_LDADD@ +LIBPTH = @LIBPTH@ +LIBPTHREAD = @LIBPTHREAD@ +LIBPTHREAD_PREFIX = @LIBPTHREAD_PREFIX@ +LIBPTH_PREFIX = @LIBPTH_PREFIX@ +LIBRT = @LIBRT@ +LIBRT_PREFIX = @LIBRT_PREFIX@ +LIBS = @LIBS@ +LIBSECCOMP = @LIBSECCOMP@ +LIBSECCOMP_PREFIX = @LIBSECCOMP_PREFIX@ +LIBSOCKET = @LIBSOCKET@ +LIBTASN1_CFLAGS = @LIBTASN1_CFLAGS@ +LIBTASN1_LIBS = @LIBTASN1_LIBS@ +LIBTESTS_LIBDEPS = @LIBTESTS_LIBDEPS@ +LIBTHREAD = @LIBTHREAD@ +LIBTOOL = @LIBTOOL@ +LIBUNISTRING = @LIBUNISTRING@ +LIBUNISTRING_UNICTYPE_H = @LIBUNISTRING_UNICTYPE_H@ +LIBUNISTRING_UNINORM_H = @LIBUNISTRING_UNINORM_H@ +LIBUNISTRING_UNISTR_H = @LIBUNISTRING_UNISTR_H@ +LIBUNISTRING_UNITYPES_H = @LIBUNISTRING_UNITYPES_H@ +LIB_CLOCK_GETTIME = @LIB_CLOCK_GETTIME@ +LIB_NANOSLEEP = @LIB_NANOSLEEP@ +LIB_SELECT = @LIB_SELECT@ +LIMITS_H = @LIMITS_H@ +LIPO = @LIPO@ +LN_S = @LN_S@ +LOCALE_FR = @LOCALE_FR@ +LOCALE_FR_UTF8 = @LOCALE_FR_UTF8@ +LOCALE_JA = @LOCALE_JA@ +LOCALE_TR_UTF8 = @LOCALE_TR_UTF8@ +LOCALE_ZH_CN = @LOCALE_ZH_CN@ +LTALLOCA = @LTALLOCA@ +LTLIBCRYPTO = @LTLIBCRYPTO@ +LTLIBDL = @LTLIBDL@ +LTLIBICONV = @LTLIBICONV@ +LTLIBINTL = @LTLIBINTL@ +LTLIBMULTITHREAD = @LTLIBMULTITHREAD@ +LTLIBOBJS = @LTLIBOBJS@ +LTLIBPTH = @LTLIBPTH@ +LTLIBPTHREAD = @LTLIBPTHREAD@ +LTLIBRT = @LTLIBRT@ +LTLIBSECCOMP = @LTLIBSECCOMP@ +LTLIBTHREAD = @LTLIBTHREAD@ +LT_AGE = @LT_AGE@ +LT_CURRENT = @LT_CURRENT@ +LT_DANE_AGE = @LT_DANE_AGE@ +LT_DANE_CURRENT = @LT_DANE_CURRENT@ +LT_DANE_REVISION = @LT_DANE_REVISION@ +LT_REVISION = @LT_REVISION@ +LT_SSL_AGE = @LT_SSL_AGE@ +LT_SSL_CURRENT = @LT_SSL_CURRENT@ +LT_SSL_REVISION = @LT_SSL_REVISION@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ +LT_XSSL_AGE = @LT_XSSL_AGE@ +LT_XSSL_CURRENT = @LT_XSSL_CURRENT@ +LT_XSSL_REVISION = @LT_XSSL_REVISION@ +MAINT = @MAINT@ +MAJOR_VERSION = @MAJOR_VERSION@ +MAKEINFO = @MAKEINFO@ +MANIFEST_TOOL = @MANIFEST_TOOL@ +MINOR_VERSION = @MINOR_VERSION@ +MKDIR_P = @MKDIR_P@ +MSGFMT = @MSGFMT@ +MSGFMT_015 = @MSGFMT_015@ +MSGMERGE = @MSGMERGE@ +NETINET_IN_H = @NETINET_IN_H@ +NETTLE_CFLAGS = @NETTLE_CFLAGS@ +NETTLE_LIBS = @NETTLE_LIBS@ +NEXT_ARPA_INET_H = @NEXT_ARPA_INET_H@ +NEXT_AS_FIRST_DIRECTIVE_ARPA_INET_H = @NEXT_AS_FIRST_DIRECTIVE_ARPA_INET_H@ +NEXT_AS_FIRST_DIRECTIVE_CTYPE_H = @NEXT_AS_FIRST_DIRECTIVE_CTYPE_H@ +NEXT_AS_FIRST_DIRECTIVE_ERRNO_H = @NEXT_AS_FIRST_DIRECTIVE_ERRNO_H@ +NEXT_AS_FIRST_DIRECTIVE_FCNTL_H = @NEXT_AS_FIRST_DIRECTIVE_FCNTL_H@ +NEXT_AS_FIRST_DIRECTIVE_FLOAT_H = @NEXT_AS_FIRST_DIRECTIVE_FLOAT_H@ +NEXT_AS_FIRST_DIRECTIVE_INTTYPES_H = @NEXT_AS_FIRST_DIRECTIVE_INTTYPES_H@ +NEXT_AS_FIRST_DIRECTIVE_LANGINFO_H = @NEXT_AS_FIRST_DIRECTIVE_LANGINFO_H@ +NEXT_AS_FIRST_DIRECTIVE_LIMITS_H = @NEXT_AS_FIRST_DIRECTIVE_LIMITS_H@ +NEXT_AS_FIRST_DIRECTIVE_LOCALE_H = @NEXT_AS_FIRST_DIRECTIVE_LOCALE_H@ +NEXT_AS_FIRST_DIRECTIVE_NETDB_H = @NEXT_AS_FIRST_DIRECTIVE_NETDB_H@ +NEXT_AS_FIRST_DIRECTIVE_NETINET_IN_H = @NEXT_AS_FIRST_DIRECTIVE_NETINET_IN_H@ +NEXT_AS_FIRST_DIRECTIVE_SIGNAL_H = @NEXT_AS_FIRST_DIRECTIVE_SIGNAL_H@ +NEXT_AS_FIRST_DIRECTIVE_STDDEF_H = @NEXT_AS_FIRST_DIRECTIVE_STDDEF_H@ +NEXT_AS_FIRST_DIRECTIVE_STDINT_H = @NEXT_AS_FIRST_DIRECTIVE_STDINT_H@ +NEXT_AS_FIRST_DIRECTIVE_STDIO_H = @NEXT_AS_FIRST_DIRECTIVE_STDIO_H@ +NEXT_AS_FIRST_DIRECTIVE_STDLIB_H = @NEXT_AS_FIRST_DIRECTIVE_STDLIB_H@ +NEXT_AS_FIRST_DIRECTIVE_STRINGS_H = @NEXT_AS_FIRST_DIRECTIVE_STRINGS_H@ +NEXT_AS_FIRST_DIRECTIVE_STRING_H = @NEXT_AS_FIRST_DIRECTIVE_STRING_H@ +NEXT_AS_FIRST_DIRECTIVE_SYS_IOCTL_H = @NEXT_AS_FIRST_DIRECTIVE_SYS_IOCTL_H@ +NEXT_AS_FIRST_DIRECTIVE_SYS_SELECT_H = @NEXT_AS_FIRST_DIRECTIVE_SYS_SELECT_H@ +NEXT_AS_FIRST_DIRECTIVE_SYS_SOCKET_H = @NEXT_AS_FIRST_DIRECTIVE_SYS_SOCKET_H@ +NEXT_AS_FIRST_DIRECTIVE_SYS_STAT_H = @NEXT_AS_FIRST_DIRECTIVE_SYS_STAT_H@ +NEXT_AS_FIRST_DIRECTIVE_SYS_TIME_H = @NEXT_AS_FIRST_DIRECTIVE_SYS_TIME_H@ +NEXT_AS_FIRST_DIRECTIVE_SYS_TYPES_H = @NEXT_AS_FIRST_DIRECTIVE_SYS_TYPES_H@ +NEXT_AS_FIRST_DIRECTIVE_SYS_UIO_H = @NEXT_AS_FIRST_DIRECTIVE_SYS_UIO_H@ +NEXT_AS_FIRST_DIRECTIVE_TIME_H = @NEXT_AS_FIRST_DIRECTIVE_TIME_H@ +NEXT_AS_FIRST_DIRECTIVE_UNISTD_H = @NEXT_AS_FIRST_DIRECTIVE_UNISTD_H@ +NEXT_AS_FIRST_DIRECTIVE_WCHAR_H = @NEXT_AS_FIRST_DIRECTIVE_WCHAR_H@ +NEXT_CTYPE_H = @NEXT_CTYPE_H@ +NEXT_ERRNO_H = @NEXT_ERRNO_H@ +NEXT_FCNTL_H = @NEXT_FCNTL_H@ +NEXT_FLOAT_H = @NEXT_FLOAT_H@ +NEXT_INTTYPES_H = @NEXT_INTTYPES_H@ +NEXT_LANGINFO_H = @NEXT_LANGINFO_H@ +NEXT_LIMITS_H = @NEXT_LIMITS_H@ +NEXT_LOCALE_H = @NEXT_LOCALE_H@ +NEXT_NETDB_H = @NEXT_NETDB_H@ +NEXT_NETINET_IN_H = @NEXT_NETINET_IN_H@ +NEXT_SIGNAL_H = @NEXT_SIGNAL_H@ +NEXT_STDDEF_H = @NEXT_STDDEF_H@ +NEXT_STDINT_H = @NEXT_STDINT_H@ +NEXT_STDIO_H = @NEXT_STDIO_H@ +NEXT_STDLIB_H = @NEXT_STDLIB_H@ +NEXT_STRINGS_H = @NEXT_STRINGS_H@ +NEXT_STRING_H = @NEXT_STRING_H@ +NEXT_SYS_IOCTL_H = @NEXT_SYS_IOCTL_H@ +NEXT_SYS_SELECT_H = @NEXT_SYS_SELECT_H@ +NEXT_SYS_SOCKET_H = @NEXT_SYS_SOCKET_H@ +NEXT_SYS_STAT_H = @NEXT_SYS_STAT_H@ +NEXT_SYS_TIME_H = @NEXT_SYS_TIME_H@ +NEXT_SYS_TYPES_H = @NEXT_SYS_TYPES_H@ +NEXT_SYS_UIO_H = @NEXT_SYS_UIO_H@ +NEXT_TIME_H = @NEXT_TIME_H@ +NEXT_UNISTD_H = @NEXT_UNISTD_H@ +NEXT_WCHAR_H = @NEXT_WCHAR_H@ +NM = @NM@ +NMEDIT = @NMEDIT@ +NUMBER_VERSION = @NUMBER_VERSION@ +OBJDUMP = @OBJDUMP@ +OBJEXT = @OBJEXT@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ +P11_KIT_CFLAGS = @P11_KIT_CFLAGS@ +P11_KIT_LIBS = @P11_KIT_LIBS@ +PACKAGE = @PACKAGE@ +PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ +PACKAGE_NAME = @PACKAGE_NAME@ +PACKAGE_STRING = @PACKAGE_STRING@ +PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ +PACKAGE_VERSION = @PACKAGE_VERSION@ +PATCH_VERSION = @PATCH_VERSION@ +PATH_SEPARATOR = @PATH_SEPARATOR@ +PKG_CONFIG = @PKG_CONFIG@ +PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ +PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ +PMCCABE = @PMCCABE@ +POSIX_SHELL = @POSIX_SHELL@ +POSUB = @POSUB@ +PRAGMA_COLUMNS = @PRAGMA_COLUMNS@ +PRAGMA_SYSTEM_HEADER = @PRAGMA_SYSTEM_HEADER@ +PRIPTR_PREFIX = @PRIPTR_PREFIX@ +PRI_MACROS_BROKEN = @PRI_MACROS_BROKEN@ +PTHREAD_H_DEFINES_STRUCT_TIMESPEC = @PTHREAD_H_DEFINES_STRUCT_TIMESPEC@ +PTRDIFF_T_SUFFIX = @PTRDIFF_T_SUFFIX@ +RANLIB = @RANLIB@ +REPLACE_BTOWC = @REPLACE_BTOWC@ +REPLACE_CALLOC = @REPLACE_CALLOC@ +REPLACE_CANONICALIZE_FILE_NAME = @REPLACE_CANONICALIZE_FILE_NAME@ +REPLACE_CHOWN = @REPLACE_CHOWN@ +REPLACE_CLOSE = @REPLACE_CLOSE@ +REPLACE_CTIME = @REPLACE_CTIME@ +REPLACE_DPRINTF = @REPLACE_DPRINTF@ +REPLACE_DUP = @REPLACE_DUP@ +REPLACE_DUP2 = @REPLACE_DUP2@ +REPLACE_DUPLOCALE = @REPLACE_DUPLOCALE@ +REPLACE_FACCESSAT = @REPLACE_FACCESSAT@ +REPLACE_FCHOWNAT = @REPLACE_FCHOWNAT@ +REPLACE_FCLOSE = @REPLACE_FCLOSE@ +REPLACE_FCNTL = @REPLACE_FCNTL@ +REPLACE_FDOPEN = @REPLACE_FDOPEN@ +REPLACE_FFLUSH = @REPLACE_FFLUSH@ +REPLACE_FOPEN = @REPLACE_FOPEN@ +REPLACE_FPRINTF = @REPLACE_FPRINTF@ +REPLACE_FPURGE = @REPLACE_FPURGE@ +REPLACE_FREELOCALE = @REPLACE_FREELOCALE@ +REPLACE_FREOPEN = @REPLACE_FREOPEN@ +REPLACE_FSEEK = @REPLACE_FSEEK@ +REPLACE_FSEEKO = @REPLACE_FSEEKO@ +REPLACE_FSTAT = @REPLACE_FSTAT@ +REPLACE_FSTATAT = @REPLACE_FSTATAT@ +REPLACE_FTELL = @REPLACE_FTELL@ +REPLACE_FTELLO = @REPLACE_FTELLO@ +REPLACE_FTRUNCATE = @REPLACE_FTRUNCATE@ +REPLACE_FUTIMENS = @REPLACE_FUTIMENS@ +REPLACE_GAI_STRERROR = @REPLACE_GAI_STRERROR@ +REPLACE_GETCWD = @REPLACE_GETCWD@ +REPLACE_GETDELIM = @REPLACE_GETDELIM@ +REPLACE_GETDOMAINNAME = @REPLACE_GETDOMAINNAME@ +REPLACE_GETDTABLESIZE = @REPLACE_GETDTABLESIZE@ +REPLACE_GETGROUPS = @REPLACE_GETGROUPS@ +REPLACE_GETLINE = @REPLACE_GETLINE@ +REPLACE_GETLOGIN_R = @REPLACE_GETLOGIN_R@ +REPLACE_GETPAGESIZE = @REPLACE_GETPAGESIZE@ +REPLACE_GETPASS = @REPLACE_GETPASS@ +REPLACE_GETTIMEOFDAY = @REPLACE_GETTIMEOFDAY@ +REPLACE_GMTIME = @REPLACE_GMTIME@ +REPLACE_INET_NTOP = @REPLACE_INET_NTOP@ +REPLACE_INET_PTON = @REPLACE_INET_PTON@ +REPLACE_INITSTATE = @REPLACE_INITSTATE@ +REPLACE_IOCTL = @REPLACE_IOCTL@ +REPLACE_ISATTY = @REPLACE_ISATTY@ +REPLACE_ITOLD = @REPLACE_ITOLD@ +REPLACE_LCHOWN = @REPLACE_LCHOWN@ +REPLACE_LINK = @REPLACE_LINK@ +REPLACE_LINKAT = @REPLACE_LINKAT@ +REPLACE_LOCALECONV = @REPLACE_LOCALECONV@ +REPLACE_LOCALTIME = @REPLACE_LOCALTIME@ +REPLACE_LOCALTIME_R = @REPLACE_LOCALTIME_R@ +REPLACE_LSEEK = @REPLACE_LSEEK@ +REPLACE_LSTAT = @REPLACE_LSTAT@ +REPLACE_MALLOC = @REPLACE_MALLOC@ +REPLACE_MBRLEN = @REPLACE_MBRLEN@ +REPLACE_MBRTOWC = @REPLACE_MBRTOWC@ +REPLACE_MBSINIT = @REPLACE_MBSINIT@ +REPLACE_MBSNRTOWCS = @REPLACE_MBSNRTOWCS@ +REPLACE_MBSRTOWCS = @REPLACE_MBSRTOWCS@ +REPLACE_MBSTATE_T = @REPLACE_MBSTATE_T@ +REPLACE_MBTOWC = @REPLACE_MBTOWC@ +REPLACE_MEMCHR = @REPLACE_MEMCHR@ +REPLACE_MEMMEM = @REPLACE_MEMMEM@ +REPLACE_MKDIR = @REPLACE_MKDIR@ +REPLACE_MKFIFO = @REPLACE_MKFIFO@ +REPLACE_MKNOD = @REPLACE_MKNOD@ +REPLACE_MKSTEMP = @REPLACE_MKSTEMP@ +REPLACE_MKTIME = @REPLACE_MKTIME@ +REPLACE_NANOSLEEP = @REPLACE_NANOSLEEP@ +REPLACE_NEWLOCALE = @REPLACE_NEWLOCALE@ +REPLACE_NL_LANGINFO = @REPLACE_NL_LANGINFO@ +REPLACE_NULL = @REPLACE_NULL@ +REPLACE_OBSTACK_PRINTF = @REPLACE_OBSTACK_PRINTF@ +REPLACE_OPEN = @REPLACE_OPEN@ +REPLACE_OPENAT = @REPLACE_OPENAT@ +REPLACE_PERROR = @REPLACE_PERROR@ +REPLACE_POPEN = @REPLACE_POPEN@ +REPLACE_PREAD = @REPLACE_PREAD@ +REPLACE_PRINTF = @REPLACE_PRINTF@ +REPLACE_PSELECT = @REPLACE_PSELECT@ +REPLACE_PTHREAD_SIGMASK = @REPLACE_PTHREAD_SIGMASK@ +REPLACE_PTSNAME = @REPLACE_PTSNAME@ +REPLACE_PTSNAME_R = @REPLACE_PTSNAME_R@ +REPLACE_PUTENV = @REPLACE_PUTENV@ +REPLACE_PWRITE = @REPLACE_PWRITE@ +REPLACE_QSORT_R = @REPLACE_QSORT_R@ +REPLACE_RAISE = @REPLACE_RAISE@ +REPLACE_RANDOM = @REPLACE_RANDOM@ +REPLACE_RANDOM_R = @REPLACE_RANDOM_R@ +REPLACE_READ = @REPLACE_READ@ +REPLACE_READLINK = @REPLACE_READLINK@ +REPLACE_READLINKAT = @REPLACE_READLINKAT@ +REPLACE_REALLOC = @REPLACE_REALLOC@ +REPLACE_REALPATH = @REPLACE_REALPATH@ +REPLACE_REMOVE = @REPLACE_REMOVE@ +REPLACE_RENAME = @REPLACE_RENAME@ +REPLACE_RENAMEAT = @REPLACE_RENAMEAT@ +REPLACE_RMDIR = @REPLACE_RMDIR@ +REPLACE_SELECT = @REPLACE_SELECT@ +REPLACE_SETENV = @REPLACE_SETENV@ +REPLACE_SETLOCALE = @REPLACE_SETLOCALE@ +REPLACE_SETSTATE = @REPLACE_SETSTATE@ +REPLACE_SLEEP = @REPLACE_SLEEP@ +REPLACE_SNPRINTF = @REPLACE_SNPRINTF@ +REPLACE_SPRINTF = @REPLACE_SPRINTF@ +REPLACE_STAT = @REPLACE_STAT@ +REPLACE_STDIO_READ_FUNCS = @REPLACE_STDIO_READ_FUNCS@ +REPLACE_STDIO_WRITE_FUNCS = @REPLACE_STDIO_WRITE_FUNCS@ +REPLACE_STPNCPY = @REPLACE_STPNCPY@ +REPLACE_STRCASESTR = @REPLACE_STRCASESTR@ +REPLACE_STRCHRNUL = @REPLACE_STRCHRNUL@ +REPLACE_STRDUP = @REPLACE_STRDUP@ +REPLACE_STRERROR = @REPLACE_STRERROR@ +REPLACE_STRERROR_R = @REPLACE_STRERROR_R@ +REPLACE_STRFTIME = @REPLACE_STRFTIME@ +REPLACE_STRNCAT = @REPLACE_STRNCAT@ +REPLACE_STRNDUP = @REPLACE_STRNDUP@ +REPLACE_STRNLEN = @REPLACE_STRNLEN@ +REPLACE_STRSIGNAL = @REPLACE_STRSIGNAL@ +REPLACE_STRSTR = @REPLACE_STRSTR@ +REPLACE_STRTOD = @REPLACE_STRTOD@ +REPLACE_STRTOIMAX = @REPLACE_STRTOIMAX@ +REPLACE_STRTOK_R = @REPLACE_STRTOK_R@ +REPLACE_STRTOLD = @REPLACE_STRTOLD@ +REPLACE_STRTOUMAX = @REPLACE_STRTOUMAX@ +REPLACE_STRUCT_LCONV = @REPLACE_STRUCT_LCONV@ +REPLACE_STRUCT_TIMEVAL = @REPLACE_STRUCT_TIMEVAL@ +REPLACE_SYMLINK = @REPLACE_SYMLINK@ +REPLACE_SYMLINKAT = @REPLACE_SYMLINKAT@ +REPLACE_TIMEGM = @REPLACE_TIMEGM@ +REPLACE_TMPFILE = @REPLACE_TMPFILE@ +REPLACE_TRUNCATE = @REPLACE_TRUNCATE@ +REPLACE_TTYNAME_R = @REPLACE_TTYNAME_R@ +REPLACE_TZSET = @REPLACE_TZSET@ +REPLACE_UNLINK = @REPLACE_UNLINK@ +REPLACE_UNLINKAT = @REPLACE_UNLINKAT@ +REPLACE_UNSETENV = @REPLACE_UNSETENV@ +REPLACE_USLEEP = @REPLACE_USLEEP@ +REPLACE_UTIMENSAT = @REPLACE_UTIMENSAT@ +REPLACE_VASPRINTF = @REPLACE_VASPRINTF@ +REPLACE_VDPRINTF = @REPLACE_VDPRINTF@ +REPLACE_VFPRINTF = @REPLACE_VFPRINTF@ +REPLACE_VPRINTF = @REPLACE_VPRINTF@ +REPLACE_VSNPRINTF = @REPLACE_VSNPRINTF@ +REPLACE_VSPRINTF = @REPLACE_VSPRINTF@ +REPLACE_WCRTOMB = @REPLACE_WCRTOMB@ +REPLACE_WCSFTIME = @REPLACE_WCSFTIME@ +REPLACE_WCSNRTOMBS = @REPLACE_WCSNRTOMBS@ +REPLACE_WCSRTOMBS = @REPLACE_WCSRTOMBS@ +REPLACE_WCSWIDTH = @REPLACE_WCSWIDTH@ +REPLACE_WCTOB = @REPLACE_WCTOB@ +REPLACE_WCTOMB = @REPLACE_WCTOMB@ +REPLACE_WCWIDTH = @REPLACE_WCWIDTH@ +REPLACE_WRITE = @REPLACE_WRITE@ +SED = @SED@ +SERVENT_LIB = @SERVENT_LIB@ +SET_MAKE = @SET_MAKE@ +SHELL = @SHELL@ +SIG_ATOMIC_T_SUFFIX = @SIG_ATOMIC_T_SUFFIX@ +SIZE_T_SUFFIX = @SIZE_T_SUFFIX@ +STDALIGN_H = @STDALIGN_H@ +STDBOOL_H = @STDBOOL_H@ +STDDEF_H = @STDDEF_H@ +STDINT_H = @STDINT_H@ +STDNORETURN_H = @STDNORETURN_H@ +STRIP = @STRIP@ +SYS_IOCTL_H_HAVE_WINSOCK2_H = @SYS_IOCTL_H_HAVE_WINSOCK2_H@ +SYS_IOCTL_H_HAVE_WINSOCK2_H_AND_USE_SOCKETS = @SYS_IOCTL_H_HAVE_WINSOCK2_H_AND_USE_SOCKETS@ +SYS_TIME_H_DEFINES_STRUCT_TIMESPEC = @SYS_TIME_H_DEFINES_STRUCT_TIMESPEC@ +TIME_H_DEFINES_STRUCT_TIMESPEC = @TIME_H_DEFINES_STRUCT_TIMESPEC@ +TROUSERS_LIB = @TROUSERS_LIB@ +TSS_CFLAGS = @TSS_CFLAGS@ +TSS_LIBS = @TSS_LIBS@ +UINT32_MAX_LT_UINTMAX_MAX = @UINT32_MAX_LT_UINTMAX_MAX@ +UINT64_MAX_EQ_ULONG_MAX = @UINT64_MAX_EQ_ULONG_MAX@ +UNBOUND_CFLAGS = @UNBOUND_CFLAGS@ +UNBOUND_LIBS = @UNBOUND_LIBS@ +UNDEFINE_STRTOK_R = @UNDEFINE_STRTOK_R@ +UNISTD_H_DEFINES_STRUCT_TIMESPEC = @UNISTD_H_DEFINES_STRUCT_TIMESPEC@ +UNISTD_H_HAVE_WINSOCK2_H = @UNISTD_H_HAVE_WINSOCK2_H@ +UNISTD_H_HAVE_WINSOCK2_H_AND_USE_SOCKETS = @UNISTD_H_HAVE_WINSOCK2_H_AND_USE_SOCKETS@ +USE_NLS = @USE_NLS@ +VALGRIND = @VALGRIND@ +VERSION = @VERSION@ +WARN_CFLAGS = @WARN_CFLAGS@ +WCHAR_T_SUFFIX = @WCHAR_T_SUFFIX@ +WERROR_CFLAGS = @WERROR_CFLAGS@ +WINDOWS_64_BIT_OFF_T = @WINDOWS_64_BIT_OFF_T@ +WINDOWS_64_BIT_ST_SIZE = @WINDOWS_64_BIT_ST_SIZE@ +WINDOWS_STAT_INODES = @WINDOWS_STAT_INODES@ +WINDOWS_STAT_TIMESPEC = @WINDOWS_STAT_TIMESPEC@ +WINT_T_SUFFIX = @WINT_T_SUFFIX@ +WSTACK_CFLAGS = @WSTACK_CFLAGS@ +XGETTEXT = @XGETTEXT@ +XGETTEXT_015 = @XGETTEXT_015@ +XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@ +YACC = @YACC@ +YEAR = @YEAR@ +YFLAGS = @YFLAGS@ +abs_aux_dir = @abs_aux_dir@ +abs_builddir = @abs_builddir@ +abs_srcdir = @abs_srcdir@ +abs_top_builddir = @abs_top_builddir@ +abs_top_srcdir = @abs_top_srcdir@ +ac_ct_AR = @ac_ct_AR@ +ac_ct_CC = @ac_ct_CC@ +ac_ct_CXX = @ac_ct_CXX@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +ac_cv_sizeof_time_t = @ac_cv_sizeof_time_t@ +am__include = @am__include@ +am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ +am__tar = @am__tar@ +am__untar = @am__untar@ +autogen = @autogen@ +bindir = @bindir@ +build = @build@ +build_alias = @build_alias@ +build_cpu = @build_cpu@ +build_os = @build_os@ +build_vendor = @build_vendor@ +builddir = @builddir@ +datadir = @datadir@ +datarootdir = @datarootdir@ +docdir = @docdir@ +dvidir = @dvidir@ +exec_prefix = @exec_prefix@ +ggl_LIBOBJS = @ggl_LIBOBJS@ +ggl_LTLIBOBJS = @ggl_LTLIBOBJS@ +ggltests_LIBOBJS = @ggltests_LIBOBJS@ +ggltests_LTLIBOBJS = @ggltests_LTLIBOBJS@ +ggltests_WITNESS = @ggltests_WITNESS@ +gl_LIBOBJS = @gl_LIBOBJS@ +gl_LTLIBOBJS = @gl_LTLIBOBJS@ +gltests_LIBOBJS = @gltests_LIBOBJS@ +gltests_LTLIBOBJS = @gltests_LTLIBOBJS@ +gltests_WITNESS = @gltests_WITNESS@ +guile_snarf = @guile_snarf@ +guileextensiondir = @guileextensiondir@ +guilesiteccachedir = @guilesiteccachedir@ +guilesitedir = @guilesitedir@ +host = @host@ +host_alias = @host_alias@ +host_cpu = @host_cpu@ +host_os = @host_os@ +host_vendor = @host_vendor@ +htmldir = @htmldir@ +ifGNUmake = @ifGNUmake@ +ifnGNUmake = @ifnGNUmake@ +includedir = @includedir@ +infodir = @infodir@ +install_sh = @install_sh@ +libdir = @libdir@ +libexecdir = @libexecdir@ +localedir = @localedir@ +localstatedir = @localstatedir@ +mandir = @mandir@ +mkdir_p = @mkdir_p@ +oldincludedir = @oldincludedir@ +pdfdir = @pdfdir@ +prefix = @prefix@ +program_transform_name = @program_transform_name@ +psdir = @psdir@ +runstatedir = @runstatedir@ +sbindir = @sbindir@ +sharedstatedir = @sharedstatedir@ +srcdir = @srcdir@ +sysconfdir = @sysconfdir@ +target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ +top_builddir = @top_builddir@ +top_srcdir = @top_srcdir@ +unistring_LIBOBJS = @unistring_LIBOBJS@ +unistring_LTLIBOBJS = @unistring_LTLIBOBJS@ +unistringtests_LIBOBJS = @unistringtests_LIBOBJS@ +unistringtests_LTLIBOBJS = @unistringtests_LTLIBOBJS@ +unistringtests_WITNESS = @unistringtests_WITNESS@ +SUBDIRS = srp x509 +EXTRA_DIST = gnutls-http-serv ca.tmpl client.tmpl proxy.tmpl \ + server.tmpl params.pem srp-passwd.txt srp-tpasswd.conf \ + psk-passwd.txt +all: all-recursive + +.SUFFIXES: +$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ + *$$dep*) \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ + exit 1;; \ + esac; \ + done; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign doc/credentials/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --foreign doc/credentials/Makefile +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + @case '$?' in \ + *config.status*) \ + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ + *) \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \ + esac; + +$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + +$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): + +mostlyclean-libtool: + -rm -f *.lo + +clean-libtool: + -rm -rf .libs _libs + +# This directory's subdirectories are mostly independent; you can cd +# into them and run 'make' without going through this Makefile. +# To change the values of 'make' variables: instead of editing Makefiles, +# (1) if the variable is set in 'config.status', edit 'config.status' +# (which will cause the Makefiles to be regenerated when you run 'make'); +# (2) otherwise, pass the desired values on the 'make' command line. +$(am__recursive_targets): + @fail=; \ + if $(am__make_keepgoing); then \ + failcom='fail=yes'; \ + else \ + failcom='exit 1'; \ + fi; \ + dot_seen=no; \ + target=`echo $@ | sed s/-recursive//`; \ + case "$@" in \ + distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \ + *) list='$(SUBDIRS)' ;; \ + esac; \ + for subdir in $$list; do \ + echo "Making $$target in $$subdir"; \ + if test "$$subdir" = "."; then \ + dot_seen=yes; \ + local_target="$$target-am"; \ + else \ + local_target="$$target"; \ + fi; \ + ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \ + || eval $$failcom; \ + done; \ + if test "$$dot_seen" = "no"; then \ + $(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \ + fi; test -z "$$fail" + +ID: $(am__tagged_files) + $(am__define_uniq_tagged_files); mkid -fID $$unique +tags: tags-recursive +TAGS: tags + +tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) + set x; \ + here=`pwd`; \ + if ($(ETAGS) --etags-include --version) >/dev/null 2>&1; then \ + include_option=--etags-include; \ + empty_fix=.; \ + else \ + include_option=--include; \ + empty_fix=; \ + fi; \ + list='$(SUBDIRS)'; for subdir in $$list; do \ + if test "$$subdir" = .; then :; else \ + test ! -f $$subdir/TAGS || \ + set "$$@" "$$include_option=$$here/$$subdir/TAGS"; \ + fi; \ + done; \ + $(am__define_uniq_tagged_files); \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ + test -n "$$unique" || unique=$$empty_fix; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ + fi +ctags: ctags-recursive + +CTAGS: ctags +ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) + $(am__define_uniq_tagged_files); \ + test -z "$(CTAGS_ARGS)$$unique" \ + || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ + $$unique + +GTAGS: + here=`$(am__cd) $(top_builddir) && pwd` \ + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" +cscopelist: cscopelist-recursive + +cscopelist-am: $(am__tagged_files) + list='$(am__tagged_files)'; \ + case "$(srcdir)" in \ + [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \ + *) sdir=$(subdir)/$(srcdir) ;; \ + esac; \ + for i in $$list; do \ + if test -f "$$i"; then \ + echo "$(subdir)/$$i"; \ + else \ + echo "$$sdir/$$i"; \ + fi; \ + done >> $(top_builddir)/cscope.files + +distclean-tags: + -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags + +distdir: $(BUILT_SOURCES) + $(MAKE) $(AM_MAKEFLAGS) distdir-am + +distdir-am: $(DISTFILES) + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ + dist_files=`for file in $$list; do echo $$file; done | \ + sed -e "s|^$$srcdirstrip/||;t" \ + -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ + case $$dist_files in \ + */*) $(MKDIR_P) `echo "$$dist_files" | \ + sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ + sort -u` ;; \ + esac; \ + for file in $$dist_files; do \ + if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ + if test -d $$d/$$file; then \ + dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ + else \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ + || exit 1; \ + fi; \ + done + @list='$(DIST_SUBDIRS)'; for subdir in $$list; do \ + if test "$$subdir" = .; then :; else \ + $(am__make_dryrun) \ + || test -d "$(distdir)/$$subdir" \ + || $(MKDIR_P) "$(distdir)/$$subdir" \ + || exit 1; \ + dir1=$$subdir; dir2="$(distdir)/$$subdir"; \ + $(am__relativize); \ + new_distdir=$$reldir; \ + dir1=$$subdir; dir2="$(top_distdir)"; \ + $(am__relativize); \ + new_top_distdir=$$reldir; \ + echo " (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) top_distdir="$$new_top_distdir" distdir="$$new_distdir" \\"; \ + echo " am__remove_distdir=: am__skip_length_check=: am__skip_mode_fix=: distdir)"; \ + ($(am__cd) $$subdir && \ + $(MAKE) $(AM_MAKEFLAGS) \ + top_distdir="$$new_top_distdir" \ + distdir="$$new_distdir" \ + am__remove_distdir=: \ + am__skip_length_check=: \ + am__skip_mode_fix=: \ + distdir) \ + || exit 1; \ + fi; \ + done +check-am: all-am +check: check-recursive +all-am: Makefile +installdirs: installdirs-recursive +installdirs-am: +install: install-recursive +install-exec: install-exec-recursive +install-data: install-data-recursive +uninstall: uninstall-recursive + +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am + +installcheck: installcheck-recursive +install-strip: + if test -z '$(STRIP)'; then \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + install; \ + else \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ + fi +mostlyclean-generic: + +clean-generic: + +distclean-generic: + -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + +maintainer-clean-generic: + @echo "This command is intended for maintainers to use" + @echo "it deletes files that may require special tools to rebuild." +clean: clean-recursive + +clean-am: clean-generic clean-libtool mostlyclean-am + +distclean: distclean-recursive + -rm -f Makefile +distclean-am: clean-am distclean-generic distclean-tags + +dvi: dvi-recursive + +dvi-am: + +html: html-recursive + +html-am: + +info: info-recursive + +info-am: + +install-data-am: + +install-dvi: install-dvi-recursive + +install-dvi-am: + +install-exec-am: + +install-html: install-html-recursive + +install-html-am: + +install-info: install-info-recursive + +install-info-am: + +install-man: + +install-pdf: install-pdf-recursive + +install-pdf-am: + +install-ps: install-ps-recursive + +install-ps-am: + +installcheck-am: + +maintainer-clean: maintainer-clean-recursive + -rm -f Makefile +maintainer-clean-am: distclean-am maintainer-clean-generic + +mostlyclean: mostlyclean-recursive + +mostlyclean-am: mostlyclean-generic mostlyclean-libtool + +pdf: pdf-recursive + +pdf-am: + +ps: ps-recursive + +ps-am: + +uninstall-am: + +.MAKE: $(am__recursive_targets) install-am install-strip + +.PHONY: $(am__recursive_targets) CTAGS GTAGS TAGS all all-am check \ + check-am clean clean-generic clean-libtool cscopelist-am ctags \ + ctags-am distclean distclean-generic distclean-libtool \ + distclean-tags distdir dvi dvi-am html html-am info info-am \ + install install-am install-data install-data-am install-dvi \ + install-dvi-am install-exec install-exec-am install-html \ + install-html-am install-info install-info-am install-man \ + install-pdf install-pdf-am install-ps install-ps-am \ + install-strip installcheck installcheck-am installdirs \ + installdirs-am maintainer-clean maintainer-clean-generic \ + mostlyclean mostlyclean-generic mostlyclean-libtool pdf pdf-am \ + ps ps-am tags tags-am uninstall uninstall-am + +.PRECIOUS: Makefile + + +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff --git a/doc/credentials/ca.tmpl b/doc/credentials/ca.tmpl new file mode 100644 index 0000000..a6e3958 --- /dev/null +++ b/doc/credentials/ca.tmpl @@ -0,0 +1,3 @@ +cn = GnuTLS test CA +ca +cert_signing_key diff --git a/doc/credentials/client.tmpl b/doc/credentials/client.tmpl new file mode 100644 index 0000000..423fd29 --- /dev/null +++ b/doc/credentials/client.tmpl @@ -0,0 +1,4 @@ +cn = GnuTLS test client +tls_www_client +encryption_key +signing_key diff --git a/doc/credentials/gnutls-http-serv b/doc/credentials/gnutls-http-serv new file mode 100755 index 0000000..51b1bc5 --- /dev/null +++ b/doc/credentials/gnutls-http-serv @@ -0,0 +1,10 @@ +#! /bin/sh + +../../src/gnutls-serv --http --x509certfile x509/cert-rsa.pem --x509keyfile x509/key-rsa.pem --x509cafile x509/ca.pem \ + --x509certfile x509/cert-dsa.pem --x509keyfile x509/key-dsa.pem \ + --x509certfile x509/cert-ecc.pem --x509keyfile x509/key-ecc.pem \ + --x509certfile x509/cert-rsa-pss.pem --x509keyfile x509/key-rsa-pss.pem \ + --x509certfile x509/cert-gost01.pem --x509keyfile x509/key-gost01.pem \ + --srppasswd srp/tpasswd --srppasswdconf srp/tpasswd.conf \ + --pskpasswd psk-passwd.txt \ + $* diff --git a/doc/credentials/params.pem b/doc/credentials/params.pem new file mode 100644 index 0000000..43f0282 --- /dev/null +++ b/doc/credentials/params.pem @@ -0,0 +1,5 @@ +-----BEGIN DH PARAMETERS----- +MIGGAoGA7q8Kua2zjdacM/gK+o/F6GByYYd1/zwLnqIxTJwlZXbWdN90luqB0zg7 +SBPWksbg4NXY4lC5i+SOSVwdYIna0V3H17RhVNa2zo70rWmxXUmCVZspe88YhcUp +9WZmDlfsaO28PAVybMAv1Mv0l26qmv1ROP6DdkNbn8YdL8DrBuMCAQI= +-----END DH PARAMETERS----- diff --git a/doc/credentials/proxy.tmpl b/doc/credentials/proxy.tmpl new file mode 100644 index 0000000..92793ad --- /dev/null +++ b/doc/credentials/proxy.tmpl @@ -0,0 +1 @@ +cn = GnuTLS test client proxy diff --git a/doc/credentials/psk-passwd.txt b/doc/credentials/psk-passwd.txt new file mode 100644 index 0000000..8ebe849 --- /dev/null +++ b/doc/credentials/psk-passwd.txt @@ -0,0 +1,3 @@ +jas:9e32cf7786321a828ef7668f09fb35db +test:8a7759b3f26983c453e448060bde8981 +test32:8a7759b3f26983c453e448060bde89818a7759b3f26983c453e448060bde8981 diff --git a/doc/credentials/server.tmpl b/doc/credentials/server.tmpl new file mode 100644 index 0000000..76442e9 --- /dev/null +++ b/doc/credentials/server.tmpl @@ -0,0 +1,6 @@ +organization = GnuTLS test server +cn = test.gnutls.org +tls_www_server +encryption_key +signing_key +dns_name = test.gnutls.org diff --git a/doc/credentials/srp-passwd.txt b/doc/credentials/srp-passwd.txt new file mode 100644 index 0000000..27f9f84 --- /dev/null +++ b/doc/credentials/srp-passwd.txt @@ -0,0 +1 @@ +jas:CA/V/Ig4hmI7HOgzkHh8Hfj5iizqoCOBpI8U8TcIql92fpKONWUif693Cly7gNG3qBuxJFBXwxNv1Xx8aabQ1qqgEh0JBbYuzKEqtg17niCznX/zxjdn7ps3A76lf50MqdizkrgzPz6Kb8XJsqDWn..9e6XZGEOgdOFMdWcICgE:3VAgbhsDNtZXH3aRqDaqaa:1 diff --git a/doc/credentials/srp-tpasswd.conf b/doc/credentials/srp-tpasswd.conf new file mode 100644 index 0000000..67825ce --- /dev/null +++ b/doc/credentials/srp-tpasswd.conf @@ -0,0 +1,3 @@ +1:Ewl2hcjiutMd3Fu2lgFnUXWSc67TVyy2vwYCKoS9MLsrdJVT9RgWTCuEqWJrfB6uE3LsE9GkOlaZabS7M29sj5TnzUqOLJMjiwEzArfiLr9WbMRANlF68N5AVLcPWvNx6Zjl3m5Scp0BzJBz9TkgfhzKJZ.WtP3Mv/67I/0wmRZ:2 +2:dUyyhxav9tgnyIg65wHxkzkb7VIPh4o0lkwfOKiPp4rVJrzLRYVBtb76gKlaO7ef5LYGEw3G.4E0jbMxcYBetDy2YdpiP/3GWJInoBbvYHIRO9uBuxgsFKTKWu7RnR7yTau/IrFTdQ4LY/q.AvoCzMxV0PKvD9Odso/LFIItn8PbTov3VMn/ZEH2SqhtpBUkWtmcIkEflhX/YY/fkBKfBbe27/zUaKUUZEUYZ2H2nlCL60.JIPeZJSzsu/xHDVcx:2 +3:2iQzj1CagQc/5ctbuJYLWlhtAsPHc7xWVyCPAKFRLWKADpASkqe9djWPFWTNTdeJtL8nAhImCn3Sr/IAdQ1FrGw0WvQUstPx3FO9KNcXOwisOQ1VlL.gheAHYfbYyBaxXL.NcJx9TUwgWDT0hRzFzqSrdGGTN3FgSTA1v4QnHtEygNj3eZ.u0MThqWUaDiP87nqha7XnT66bkTCkQ8.7T8L4KZjIImrNrUftedTTBi.WCi.zlrBxDuOM0da0JbUkQlXqvp0yvJAPpC11nxmmZOAbQOywZGmu9nhZNuwTlxjfIro0FOdthaDTuZRL9VL7MRPUDo/DQEyW.d4H.UIlzp:2 diff --git a/doc/credentials/srp/Makefile.am b/doc/credentials/srp/Makefile.am new file mode 100644 index 0000000..a489bd2 --- /dev/null +++ b/doc/credentials/srp/Makefile.am @@ -0,0 +1 @@ +EXTRA_DIST = tpasswd tpasswd.conf diff --git a/doc/credentials/srp/Makefile.in b/doc/credentials/srp/Makefile.in new file mode 100644 index 0000000..416dcad --- /dev/null +++ b/doc/credentials/srp/Makefile.in @@ -0,0 +1,1548 @@ +# Makefile.in generated by automake 1.16.1 from Makefile.am. +# @configure_input@ + +# Copyright (C) 1994-2018 Free Software Foundation, Inc. + +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +@SET_MAKE@ +VPATH = @srcdir@ +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} +am__make_running_with_option = \ + case $${target_option-} in \ + ?) ;; \ + *) echo "am__make_running_with_option: internal error: invalid" \ + "target option '$${target_option-}' specified" >&2; \ + exit 1;; \ + esac; \ + has_opt=no; \ + sane_makeflags=$$MAKEFLAGS; \ + if $(am__is_gnu_make); then \ + sane_makeflags=$$MFLAGS; \ + else \ + case $$MAKEFLAGS in \ + *\\[\ \ ]*) \ + bs=\\; \ + sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ + | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ + esac; \ + fi; \ + skip_next=no; \ + strip_trailopt () \ + { \ + flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ + }; \ + for flg in $$sane_makeflags; do \ + test $$skip_next = yes && { skip_next=no; continue; }; \ + case $$flg in \ + *=*|--*) continue;; \ + -*I) strip_trailopt 'I'; skip_next=yes;; \ + -*I?*) strip_trailopt 'I';; \ + -*O) strip_trailopt 'O'; skip_next=yes;; \ + -*O?*) strip_trailopt 'O';; \ + -*l) strip_trailopt 'l'; skip_next=yes;; \ + -*l?*) strip_trailopt 'l';; \ + -[dEDm]) skip_next=yes;; \ + -[JT]) skip_next=yes;; \ + esac; \ + case $$flg in \ + *$$target_option*) has_opt=yes; break;; \ + esac; \ + done; \ + test $$has_opt = yes +am__make_dryrun = (target_option=n; $(am__make_running_with_option)) +am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) +pkgdatadir = $(datadir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ +am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd +install_sh_DATA = $(install_sh) -c -m 644 +install_sh_PROGRAM = $(install_sh) -c +install_sh_SCRIPT = $(install_sh) -c +INSTALL_HEADER = $(INSTALL_DATA) +transform = $(program_transform_name) +NORMAL_INSTALL = : +PRE_INSTALL = : +POST_INSTALL = : +NORMAL_UNINSTALL = : +PRE_UNINSTALL = : +POST_UNINSTALL = : +build_triplet = @build@ +host_triplet = @host@ +subdir = doc/credentials/srp +ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 +am__aclocal_m4_deps = $(top_srcdir)/lib/unistring/m4/gnulib-comp.m4 \ + $(top_srcdir)/lib/unistring/m4/inline.m4 \ + $(top_srcdir)/lib/unistring/m4/libunistring-base.m4 \ + $(top_srcdir)/src/gl/m4/__inline.m4 \ + $(top_srcdir)/src/gl/m4/bison.m4 \ + $(top_srcdir)/src/gl/m4/clock_time.m4 \ + $(top_srcdir)/src/gl/m4/fseek.m4 \ + $(top_srcdir)/src/gl/m4/getaddrinfo.m4 \ + $(top_srcdir)/src/gl/m4/getpass.m4 \ + $(top_srcdir)/src/gl/m4/gettime.m4 \ + $(top_srcdir)/src/gl/m4/gnulib-comp.m4 \ + $(top_srcdir)/src/gl/m4/hostent.m4 \ + $(top_srcdir)/src/gl/m4/mktime.m4 \ + $(top_srcdir)/src/gl/m4/nstrftime.m4 \ + $(top_srcdir)/src/gl/m4/parse-datetime.m4 \ + $(top_srcdir)/src/gl/m4/servent.m4 \ + $(top_srcdir)/src/gl/m4/time_rz.m4 \ + $(top_srcdir)/src/gl/m4/timegm.m4 \ + $(top_srcdir)/src/gl/m4/timespec.m4 \ + $(top_srcdir)/src/gl/m4/tm_gmtoff.m4 \ + $(top_srcdir)/src/gl/m4/tzset.m4 \ + $(top_srcdir)/src/libopts/m4/libopts.m4 \ + $(top_srcdir)/src/libopts/m4/stdnoreturn.m4 \ + $(top_srcdir)/m4/00gnulib.m4 \ + $(top_srcdir)/m4/absolute-header.m4 $(top_srcdir)/m4/alloca.m4 \ + $(top_srcdir)/m4/arpa_inet_h.m4 \ + $(top_srcdir)/m4/ax_ac_append_to_file.m4 \ + $(top_srcdir)/m4/ax_ac_print_to_file.m4 \ + $(top_srcdir)/m4/ax_add_am_macro_static.m4 \ + $(top_srcdir)/m4/ax_am_macros_static.m4 \ + $(top_srcdir)/m4/ax_check_gnu_make.m4 \ + $(top_srcdir)/m4/ax_code_coverage.m4 \ + $(top_srcdir)/m4/ax_file_escapes.m4 \ + $(top_srcdir)/m4/builtin-expect.m4 \ + $(top_srcdir)/m4/byteswap.m4 $(top_srcdir)/m4/close.m4 \ + $(top_srcdir)/m4/codeset.m4 $(top_srcdir)/m4/ctype.m4 \ + $(top_srcdir)/m4/dup2.m4 $(top_srcdir)/m4/eealloc.m4 \ + $(top_srcdir)/m4/environ.m4 $(top_srcdir)/m4/errno_h.m4 \ + $(top_srcdir)/m4/exponentd.m4 $(top_srcdir)/m4/extensions.m4 \ + $(top_srcdir)/m4/extern-inline.m4 $(top_srcdir)/m4/fcntl-o.m4 \ + $(top_srcdir)/m4/fcntl.m4 $(top_srcdir)/m4/fcntl_h.m4 \ + $(top_srcdir)/m4/fdopen.m4 $(top_srcdir)/m4/flexmember.m4 \ + $(top_srcdir)/m4/float_h.m4 $(top_srcdir)/m4/fpieee.m4 \ + $(top_srcdir)/m4/fseeko.m4 $(top_srcdir)/m4/fstat.m4 \ + $(top_srcdir)/m4/ftell.m4 $(top_srcdir)/m4/ftello.m4 \ + $(top_srcdir)/m4/ftruncate.m4 $(top_srcdir)/m4/func.m4 \ + $(top_srcdir)/m4/getcwd.m4 $(top_srcdir)/m4/getdelim.m4 \ + $(top_srcdir)/m4/getdtablesize.m4 $(top_srcdir)/m4/getline.m4 \ + $(top_srcdir)/m4/getpagesize.m4 $(top_srcdir)/m4/gettext.m4 \ + $(top_srcdir)/m4/gettimeofday.m4 \ + $(top_srcdir)/m4/gnulib-common.m4 \ + $(top_srcdir)/m4/gnulib-comp.m4 $(top_srcdir)/m4/gtk-doc.m4 \ + $(top_srcdir)/m4/guile.m4 $(top_srcdir)/m4/hooks.m4 \ + $(top_srcdir)/m4/host-cpu-c-abi.m4 $(top_srcdir)/m4/iconv.m4 \ + $(top_srcdir)/m4/include_next.m4 $(top_srcdir)/m4/inet_ntop.m4 \ + $(top_srcdir)/m4/inet_pton.m4 \ + $(top_srcdir)/m4/intl-thread-locale.m4 \ + $(top_srcdir)/m4/intlmacosx.m4 $(top_srcdir)/m4/intmax_t.m4 \ + $(top_srcdir)/m4/inttypes-pri.m4 $(top_srcdir)/m4/inttypes.m4 \ + $(top_srcdir)/m4/inttypes_h.m4 $(top_srcdir)/m4/ioctl.m4 \ + $(top_srcdir)/m4/isblank.m4 $(top_srcdir)/m4/langinfo_h.m4 \ + $(top_srcdir)/m4/largefile.m4 $(top_srcdir)/m4/lcmessage.m4 \ + $(top_srcdir)/m4/ld-output-def.m4 \ + $(top_srcdir)/m4/ld-version-script.m4 \ + $(top_srcdir)/m4/lib-ld.m4 $(top_srcdir)/m4/lib-link.m4 \ + $(top_srcdir)/m4/lib-prefix.m4 $(top_srcdir)/m4/libtool.m4 \ + $(top_srcdir)/m4/limits-h.m4 $(top_srcdir)/m4/locale-fr.m4 \ + $(top_srcdir)/m4/locale-ja.m4 $(top_srcdir)/m4/locale-tr.m4 \ + $(top_srcdir)/m4/locale-zh.m4 $(top_srcdir)/m4/locale_h.m4 \ + $(top_srcdir)/m4/localename.m4 \ + $(top_srcdir)/m4/localtime-buffer.m4 $(top_srcdir)/m4/lock.m4 \ + $(top_srcdir)/m4/longlong.m4 $(top_srcdir)/m4/lseek.m4 \ + $(top_srcdir)/m4/lstat.m4 $(top_srcdir)/m4/ltoptions.m4 \ + $(top_srcdir)/m4/ltsugar.m4 $(top_srcdir)/m4/ltversion.m4 \ + $(top_srcdir)/m4/lt~obsolete.m4 $(top_srcdir)/m4/malloc.m4 \ + $(top_srcdir)/m4/malloca.m4 $(top_srcdir)/m4/manywarnings.m4 \ + $(top_srcdir)/m4/memchr.m4 $(top_srcdir)/m4/memmem.m4 \ + $(top_srcdir)/m4/minmax.m4 $(top_srcdir)/m4/mmap-anon.m4 \ + $(top_srcdir)/m4/mode_t.m4 $(top_srcdir)/m4/msvc-inval.m4 \ + $(top_srcdir)/m4/msvc-nothrow.m4 $(top_srcdir)/m4/multiarch.m4 \ + $(top_srcdir)/m4/nanosleep.m4 $(top_srcdir)/m4/netdb_h.m4 \ + $(top_srcdir)/m4/netinet_in_h.m4 $(top_srcdir)/m4/nls.m4 \ + $(top_srcdir)/m4/off_t.m4 $(top_srcdir)/m4/open-cloexec.m4 \ + $(top_srcdir)/m4/open.m4 $(top_srcdir)/m4/pathmax.m4 \ + $(top_srcdir)/m4/perror.m4 $(top_srcdir)/m4/pipe.m4 \ + $(top_srcdir)/m4/pkg.m4 $(top_srcdir)/m4/po.m4 \ + $(top_srcdir)/m4/printf.m4 $(top_srcdir)/m4/progtest.m4 \ + $(top_srcdir)/m4/pthread_rwlock_rdlock.m4 \ + $(top_srcdir)/m4/putenv.m4 $(top_srcdir)/m4/raise.m4 \ + $(top_srcdir)/m4/read-file.m4 $(top_srcdir)/m4/realloc.m4 \ + $(top_srcdir)/m4/secure_getenv.m4 $(top_srcdir)/m4/select.m4 \ + $(top_srcdir)/m4/setenv.m4 $(top_srcdir)/m4/setlocale.m4 \ + $(top_srcdir)/m4/sigaction.m4 $(top_srcdir)/m4/signal_h.m4 \ + $(top_srcdir)/m4/signalblocking.m4 \ + $(top_srcdir)/m4/size_max.m4 $(top_srcdir)/m4/sleep.m4 \ + $(top_srcdir)/m4/snprintf.m4 $(top_srcdir)/m4/socketlib.m4 \ + $(top_srcdir)/m4/sockets.m4 $(top_srcdir)/m4/socklen.m4 \ + $(top_srcdir)/m4/sockpfaf.m4 $(top_srcdir)/m4/ssize_t.m4 \ + $(top_srcdir)/m4/stat-time.m4 $(top_srcdir)/m4/stat.m4 \ + $(top_srcdir)/m4/stdalign.m4 $(top_srcdir)/m4/stdbool.m4 \ + $(top_srcdir)/m4/stddef_h.m4 $(top_srcdir)/m4/stdint.m4 \ + $(top_srcdir)/m4/stdint_h.m4 $(top_srcdir)/m4/stdio_h.m4 \ + $(top_srcdir)/m4/stdlib_h.m4 $(top_srcdir)/m4/strcase.m4 \ + $(top_srcdir)/m4/strdup.m4 $(top_srcdir)/m4/strerror.m4 \ + $(top_srcdir)/m4/strerror_r.m4 $(top_srcdir)/m4/string_h.m4 \ + $(top_srcdir)/m4/strings_h.m4 $(top_srcdir)/m4/strndup.m4 \ + $(top_srcdir)/m4/strnlen.m4 $(top_srcdir)/m4/strtok_r.m4 \ + $(top_srcdir)/m4/strverscmp.m4 $(top_srcdir)/m4/symlink.m4 \ + $(top_srcdir)/m4/sys_ioctl_h.m4 \ + $(top_srcdir)/m4/sys_select_h.m4 \ + $(top_srcdir)/m4/sys_socket_h.m4 \ + $(top_srcdir)/m4/sys_stat_h.m4 $(top_srcdir)/m4/sys_time_h.m4 \ + $(top_srcdir)/m4/sys_types_h.m4 $(top_srcdir)/m4/sys_uio_h.m4 \ + $(top_srcdir)/m4/threadlib.m4 $(top_srcdir)/m4/time_h.m4 \ + $(top_srcdir)/m4/time_r.m4 $(top_srcdir)/m4/ungetc.m4 \ + $(top_srcdir)/m4/unistd_h.m4 \ + $(top_srcdir)/m4/valgrind-tests.m4 \ + $(top_srcdir)/m4/vasnprintf.m4 $(top_srcdir)/m4/vasprintf.m4 \ + $(top_srcdir)/m4/vsnprintf.m4 $(top_srcdir)/m4/warn-on-use.m4 \ + $(top_srcdir)/m4/warnings.m4 $(top_srcdir)/m4/wchar_h.m4 \ + $(top_srcdir)/m4/wchar_t.m4 $(top_srcdir)/m4/wint_t.m4 \ + $(top_srcdir)/m4/xsize.m4 $(top_srcdir)/configure.ac +am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ + $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) +mkinstalldirs = $(install_sh) -d +CONFIG_HEADER = $(top_builddir)/config.h +CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = +AM_V_P = $(am__v_P_@AM_V@) +am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) +am__v_P_0 = false +am__v_P_1 = : +AM_V_GEN = $(am__v_GEN_@AM_V@) +am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) +am__v_GEN_0 = @echo " GEN " $@; +am__v_GEN_1 = +AM_V_at = $(am__v_at_@AM_V@) +am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) +am__v_at_0 = @ +am__v_at_1 = +SOURCES = +DIST_SOURCES = +am__can_run_installinfo = \ + case $$AM_UPDATE_INFO_DIR in \ + n|no|NO) false;; \ + *) (install-info --version) >/dev/null 2>&1;; \ + esac +am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) +am__DIST_COMMON = $(srcdir)/Makefile.in +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) +ACLOCAL = @ACLOCAL@ +ALLOCA = @ALLOCA@ +ALLOCA_H = @ALLOCA_H@ +AMTAR = @AMTAR@ +AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ +APPLE_UNIVERSAL_BUILD = @APPLE_UNIVERSAL_BUILD@ +AR = @AR@ +ARFLAGS = @ARFLAGS@ +AUTOCONF = @AUTOCONF@ +AUTOGEN = @AUTOGEN@ +AUTOHEADER = @AUTOHEADER@ +AUTOMAKE = @AUTOMAKE@ +AWK = @AWK@ +BITSIZEOF_PTRDIFF_T = @BITSIZEOF_PTRDIFF_T@ +BITSIZEOF_SIG_ATOMIC_T = @BITSIZEOF_SIG_ATOMIC_T@ +BITSIZEOF_SIZE_T = @BITSIZEOF_SIZE_T@ +BITSIZEOF_WCHAR_T = @BITSIZEOF_WCHAR_T@ +BITSIZEOF_WINT_T = @BITSIZEOF_WINT_T@ +BYTESWAP_H = @BYTESWAP_H@ +CC = @CC@ +CCAS = @CCAS@ +CCASDEPMODE = @CCASDEPMODE@ +CCASFLAGS = @CCASFLAGS@ +CCDEPMODE = @CCDEPMODE@ +CFLAGS = @CFLAGS@ +CMOCKA_CFLAGS = @CMOCKA_CFLAGS@ +CMOCKA_LIBS = @CMOCKA_LIBS@ +CODE_COVERAGE_CFLAGS = @CODE_COVERAGE_CFLAGS@ +CODE_COVERAGE_CPPFLAGS = @CODE_COVERAGE_CPPFLAGS@ +CODE_COVERAGE_CXXFLAGS = @CODE_COVERAGE_CXXFLAGS@ +CODE_COVERAGE_ENABLED = @CODE_COVERAGE_ENABLED@ +CODE_COVERAGE_LIBS = @CODE_COVERAGE_LIBS@ +CONFIG_INCLUDE = @CONFIG_INCLUDE@ +CPP = @CPP@ +CPPFLAGS = @CPPFLAGS@ +CRYWRAP_PATCHLEVEL = @CRYWRAP_PATCHLEVEL@ +CXX = @CXX@ +CXXCPP = @CXXCPP@ +CXXDEPMODE = @CXXDEPMODE@ +CXXFLAGS = @CXXFLAGS@ +CXX_LT_AGE = @CXX_LT_AGE@ +CXX_LT_CURRENT = @CXX_LT_CURRENT@ +CXX_LT_REVISION = @CXX_LT_REVISION@ +CYGPATH_W = @CYGPATH_W@ +DEFS = @DEFS@ +DEPDIR = @DEPDIR@ +DLLTOOL = @DLLTOOL@ +DLL_SSL_VERSION = @DLL_SSL_VERSION@ +DLL_VERSION = @DLL_VERSION@ +DSYMUTIL = @DSYMUTIL@ +DUMPBIN = @DUMPBIN@ +ECHO_C = @ECHO_C@ +ECHO_N = @ECHO_N@ +ECHO_T = @ECHO_T@ +EGREP = @EGREP@ +EMULTIHOP_HIDDEN = @EMULTIHOP_HIDDEN@ +EMULTIHOP_VALUE = @EMULTIHOP_VALUE@ +ENABLE_PADLOCK = @ENABLE_PADLOCK@ +ENOLINK_HIDDEN = @ENOLINK_HIDDEN@ +ENOLINK_VALUE = @ENOLINK_VALUE@ +EOVERFLOW_HIDDEN = @EOVERFLOW_HIDDEN@ +EOVERFLOW_VALUE = @EOVERFLOW_VALUE@ +ERRNO_H = @ERRNO_H@ +EXEEXT = @EXEEXT@ +FGREP = @FGREP@ +FIPS140_LIBS = @FIPS140_LIBS@ +FLOAT_H = @FLOAT_H@ +GCOV = @GCOV@ +GENHTML = @GENHTML@ +GETADDRINFO_LIB = @GETADDRINFO_LIB@ +GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@ +GMP_CFLAGS = @GMP_CFLAGS@ +GMP_LIBS = @GMP_LIBS@ +GMSGFMT = @GMSGFMT@ +GMSGFMT_015 = @GMSGFMT_015@ +GNULIB_ACCEPT = @GNULIB_ACCEPT@ +GNULIB_ACCEPT4 = @GNULIB_ACCEPT4@ +GNULIB_ATOLL = @GNULIB_ATOLL@ +GNULIB_BIND = @GNULIB_BIND@ +GNULIB_BTOWC = @GNULIB_BTOWC@ +GNULIB_CALLOC_POSIX = @GNULIB_CALLOC_POSIX@ +GNULIB_CANONICALIZE_FILE_NAME = @GNULIB_CANONICALIZE_FILE_NAME@ +GNULIB_CHDIR = @GNULIB_CHDIR@ +GNULIB_CHOWN = @GNULIB_CHOWN@ +GNULIB_CLOSE = @GNULIB_CLOSE@ +GNULIB_CONNECT = @GNULIB_CONNECT@ +GNULIB_CTIME = @GNULIB_CTIME@ +GNULIB_DPRINTF = @GNULIB_DPRINTF@ +GNULIB_DUP = @GNULIB_DUP@ +GNULIB_DUP2 = @GNULIB_DUP2@ +GNULIB_DUP3 = @GNULIB_DUP3@ +GNULIB_DUPLOCALE = @GNULIB_DUPLOCALE@ +GNULIB_ENVIRON = @GNULIB_ENVIRON@ +GNULIB_EUIDACCESS = @GNULIB_EUIDACCESS@ +GNULIB_EXPLICIT_BZERO = @GNULIB_EXPLICIT_BZERO@ +GNULIB_FACCESSAT = @GNULIB_FACCESSAT@ +GNULIB_FCHDIR = @GNULIB_FCHDIR@ +GNULIB_FCHMODAT = @GNULIB_FCHMODAT@ +GNULIB_FCHOWNAT = @GNULIB_FCHOWNAT@ +GNULIB_FCLOSE = @GNULIB_FCLOSE@ +GNULIB_FCNTL = @GNULIB_FCNTL@ +GNULIB_FDATASYNC = @GNULIB_FDATASYNC@ +GNULIB_FDOPEN = @GNULIB_FDOPEN@ +GNULIB_FFLUSH = @GNULIB_FFLUSH@ +GNULIB_FFS = @GNULIB_FFS@ +GNULIB_FFSL = @GNULIB_FFSL@ +GNULIB_FFSLL = @GNULIB_FFSLL@ +GNULIB_FGETC = @GNULIB_FGETC@ +GNULIB_FGETS = @GNULIB_FGETS@ +GNULIB_FOPEN = @GNULIB_FOPEN@ +GNULIB_FPRINTF = @GNULIB_FPRINTF@ +GNULIB_FPRINTF_POSIX = @GNULIB_FPRINTF_POSIX@ +GNULIB_FPURGE = @GNULIB_FPURGE@ +GNULIB_FPUTC = @GNULIB_FPUTC@ +GNULIB_FPUTS = @GNULIB_FPUTS@ +GNULIB_FREAD = @GNULIB_FREAD@ +GNULIB_FREOPEN = @GNULIB_FREOPEN@ +GNULIB_FSCANF = @GNULIB_FSCANF@ +GNULIB_FSEEK = @GNULIB_FSEEK@ +GNULIB_FSEEKO = @GNULIB_FSEEKO@ +GNULIB_FSTAT = @GNULIB_FSTAT@ +GNULIB_FSTATAT = @GNULIB_FSTATAT@ +GNULIB_FSYNC = @GNULIB_FSYNC@ +GNULIB_FTELL = @GNULIB_FTELL@ +GNULIB_FTELLO = @GNULIB_FTELLO@ +GNULIB_FTRUNCATE = @GNULIB_FTRUNCATE@ +GNULIB_FUTIMENS = @GNULIB_FUTIMENS@ +GNULIB_FWRITE = @GNULIB_FWRITE@ +GNULIB_GETADDRINFO = @GNULIB_GETADDRINFO@ +GNULIB_GETC = @GNULIB_GETC@ +GNULIB_GETCHAR = @GNULIB_GETCHAR@ +GNULIB_GETCWD = @GNULIB_GETCWD@ +GNULIB_GETDELIM = @GNULIB_GETDELIM@ +GNULIB_GETDOMAINNAME = @GNULIB_GETDOMAINNAME@ +GNULIB_GETDTABLESIZE = @GNULIB_GETDTABLESIZE@ +GNULIB_GETGROUPS = @GNULIB_GETGROUPS@ +GNULIB_GETHOSTNAME = @GNULIB_GETHOSTNAME@ +GNULIB_GETLINE = @GNULIB_GETLINE@ +GNULIB_GETLOADAVG = @GNULIB_GETLOADAVG@ +GNULIB_GETLOGIN = @GNULIB_GETLOGIN@ +GNULIB_GETLOGIN_R = @GNULIB_GETLOGIN_R@ +GNULIB_GETPAGESIZE = @GNULIB_GETPAGESIZE@ +GNULIB_GETPASS = @GNULIB_GETPASS@ +GNULIB_GETPEERNAME = @GNULIB_GETPEERNAME@ +GNULIB_GETSOCKNAME = @GNULIB_GETSOCKNAME@ +GNULIB_GETSOCKOPT = @GNULIB_GETSOCKOPT@ +GNULIB_GETSUBOPT = @GNULIB_GETSUBOPT@ +GNULIB_GETTIMEOFDAY = @GNULIB_GETTIMEOFDAY@ +GNULIB_GETUSERSHELL = @GNULIB_GETUSERSHELL@ +GNULIB_GRANTPT = @GNULIB_GRANTPT@ +GNULIB_GROUP_MEMBER = @GNULIB_GROUP_MEMBER@ +GNULIB_IMAXABS = @GNULIB_IMAXABS@ +GNULIB_IMAXDIV = @GNULIB_IMAXDIV@ +GNULIB_INET_NTOP = @GNULIB_INET_NTOP@ +GNULIB_INET_PTON = @GNULIB_INET_PTON@ +GNULIB_IOCTL = @GNULIB_IOCTL@ +GNULIB_ISATTY = @GNULIB_ISATTY@ +GNULIB_ISBLANK = @GNULIB_ISBLANK@ +GNULIB_LCHMOD = @GNULIB_LCHMOD@ +GNULIB_LCHOWN = @GNULIB_LCHOWN@ +GNULIB_LINK = @GNULIB_LINK@ +GNULIB_LINKAT = @GNULIB_LINKAT@ +GNULIB_LISTEN = @GNULIB_LISTEN@ +GNULIB_LOCALECONV = @GNULIB_LOCALECONV@ +GNULIB_LOCALENAME = @GNULIB_LOCALENAME@ +GNULIB_LOCALTIME = @GNULIB_LOCALTIME@ +GNULIB_LSEEK = @GNULIB_LSEEK@ +GNULIB_LSTAT = @GNULIB_LSTAT@ +GNULIB_MALLOC_POSIX = @GNULIB_MALLOC_POSIX@ +GNULIB_MBRLEN = @GNULIB_MBRLEN@ +GNULIB_MBRTOWC = @GNULIB_MBRTOWC@ +GNULIB_MBSCASECMP = @GNULIB_MBSCASECMP@ +GNULIB_MBSCASESTR = @GNULIB_MBSCASESTR@ +GNULIB_MBSCHR = @GNULIB_MBSCHR@ +GNULIB_MBSCSPN = @GNULIB_MBSCSPN@ +GNULIB_MBSINIT = @GNULIB_MBSINIT@ +GNULIB_MBSLEN = @GNULIB_MBSLEN@ +GNULIB_MBSNCASECMP = @GNULIB_MBSNCASECMP@ +GNULIB_MBSNLEN = @GNULIB_MBSNLEN@ +GNULIB_MBSNRTOWCS = @GNULIB_MBSNRTOWCS@ +GNULIB_MBSPBRK = @GNULIB_MBSPBRK@ +GNULIB_MBSPCASECMP = @GNULIB_MBSPCASECMP@ +GNULIB_MBSRCHR = @GNULIB_MBSRCHR@ +GNULIB_MBSRTOWCS = @GNULIB_MBSRTOWCS@ +GNULIB_MBSSEP = @GNULIB_MBSSEP@ +GNULIB_MBSSPN = @GNULIB_MBSSPN@ +GNULIB_MBSSTR = @GNULIB_MBSSTR@ +GNULIB_MBSTOK_R = @GNULIB_MBSTOK_R@ +GNULIB_MBTOWC = @GNULIB_MBTOWC@ +GNULIB_MEMCHR = @GNULIB_MEMCHR@ +GNULIB_MEMMEM = @GNULIB_MEMMEM@ +GNULIB_MEMPCPY = @GNULIB_MEMPCPY@ +GNULIB_MEMRCHR = @GNULIB_MEMRCHR@ +GNULIB_MKDIRAT = @GNULIB_MKDIRAT@ +GNULIB_MKDTEMP = @GNULIB_MKDTEMP@ +GNULIB_MKFIFO = @GNULIB_MKFIFO@ +GNULIB_MKFIFOAT = @GNULIB_MKFIFOAT@ +GNULIB_MKNOD = @GNULIB_MKNOD@ +GNULIB_MKNODAT = @GNULIB_MKNODAT@ +GNULIB_MKOSTEMP = @GNULIB_MKOSTEMP@ +GNULIB_MKOSTEMPS = @GNULIB_MKOSTEMPS@ +GNULIB_MKSTEMP = @GNULIB_MKSTEMP@ +GNULIB_MKSTEMPS = @GNULIB_MKSTEMPS@ +GNULIB_MKTIME = @GNULIB_MKTIME@ +GNULIB_NANOSLEEP = @GNULIB_NANOSLEEP@ +GNULIB_NL_LANGINFO = @GNULIB_NL_LANGINFO@ +GNULIB_NONBLOCKING = @GNULIB_NONBLOCKING@ +GNULIB_OBSTACK_PRINTF = @GNULIB_OBSTACK_PRINTF@ +GNULIB_OBSTACK_PRINTF_POSIX = @GNULIB_OBSTACK_PRINTF_POSIX@ +GNULIB_OPEN = @GNULIB_OPEN@ +GNULIB_OPENAT = @GNULIB_OPENAT@ +GNULIB_OVERRIDES_STRUCT_STAT = @GNULIB_OVERRIDES_STRUCT_STAT@ +GNULIB_OVERRIDES_WINT_T = @GNULIB_OVERRIDES_WINT_T@ +GNULIB_PCLOSE = @GNULIB_PCLOSE@ +GNULIB_PERROR = @GNULIB_PERROR@ +GNULIB_PIPE = @GNULIB_PIPE@ +GNULIB_PIPE2 = @GNULIB_PIPE2@ +GNULIB_POPEN = @GNULIB_POPEN@ +GNULIB_POSIX_OPENPT = @GNULIB_POSIX_OPENPT@ +GNULIB_PREAD = @GNULIB_PREAD@ +GNULIB_PRINTF = @GNULIB_PRINTF@ +GNULIB_PRINTF_POSIX = @GNULIB_PRINTF_POSIX@ +GNULIB_PSELECT = @GNULIB_PSELECT@ +GNULIB_PTHREAD_SIGMASK = @GNULIB_PTHREAD_SIGMASK@ +GNULIB_PTSNAME = @GNULIB_PTSNAME@ +GNULIB_PTSNAME_R = @GNULIB_PTSNAME_R@ +GNULIB_PUTC = @GNULIB_PUTC@ +GNULIB_PUTCHAR = @GNULIB_PUTCHAR@ +GNULIB_PUTENV = @GNULIB_PUTENV@ +GNULIB_PUTS = @GNULIB_PUTS@ +GNULIB_PWRITE = @GNULIB_PWRITE@ +GNULIB_QSORT_R = @GNULIB_QSORT_R@ +GNULIB_RAISE = @GNULIB_RAISE@ +GNULIB_RANDOM = @GNULIB_RANDOM@ +GNULIB_RANDOM_R = @GNULIB_RANDOM_R@ +GNULIB_RAWMEMCHR = @GNULIB_RAWMEMCHR@ +GNULIB_READ = @GNULIB_READ@ +GNULIB_READLINK = @GNULIB_READLINK@ +GNULIB_READLINKAT = @GNULIB_READLINKAT@ +GNULIB_REALLOCARRAY = @GNULIB_REALLOCARRAY@ +GNULIB_REALLOC_POSIX = @GNULIB_REALLOC_POSIX@ +GNULIB_REALPATH = @GNULIB_REALPATH@ +GNULIB_RECV = @GNULIB_RECV@ +GNULIB_RECVFROM = @GNULIB_RECVFROM@ +GNULIB_REMOVE = @GNULIB_REMOVE@ +GNULIB_RENAME = @GNULIB_RENAME@ +GNULIB_RENAMEAT = @GNULIB_RENAMEAT@ +GNULIB_RMDIR = @GNULIB_RMDIR@ +GNULIB_RPMATCH = @GNULIB_RPMATCH@ +GNULIB_SCANF = @GNULIB_SCANF@ +GNULIB_SECURE_GETENV = @GNULIB_SECURE_GETENV@ +GNULIB_SELECT = @GNULIB_SELECT@ +GNULIB_SEND = @GNULIB_SEND@ +GNULIB_SENDTO = @GNULIB_SENDTO@ +GNULIB_SETENV = @GNULIB_SETENV@ +GNULIB_SETHOSTNAME = @GNULIB_SETHOSTNAME@ +GNULIB_SETLOCALE = @GNULIB_SETLOCALE@ +GNULIB_SETSOCKOPT = @GNULIB_SETSOCKOPT@ +GNULIB_SHUTDOWN = @GNULIB_SHUTDOWN@ +GNULIB_SIGACTION = @GNULIB_SIGACTION@ +GNULIB_SIGNAL_H_SIGPIPE = @GNULIB_SIGNAL_H_SIGPIPE@ +GNULIB_SIGPROCMASK = @GNULIB_SIGPROCMASK@ +GNULIB_SLEEP = @GNULIB_SLEEP@ +GNULIB_SNPRINTF = @GNULIB_SNPRINTF@ +GNULIB_SOCKET = @GNULIB_SOCKET@ +GNULIB_SPRINTF_POSIX = @GNULIB_SPRINTF_POSIX@ +GNULIB_STAT = @GNULIB_STAT@ +GNULIB_STDIO_H_NONBLOCKING = @GNULIB_STDIO_H_NONBLOCKING@ +GNULIB_STDIO_H_SIGPIPE = @GNULIB_STDIO_H_SIGPIPE@ +GNULIB_STPCPY = @GNULIB_STPCPY@ +GNULIB_STPNCPY = @GNULIB_STPNCPY@ +GNULIB_STRCASESTR = @GNULIB_STRCASESTR@ +GNULIB_STRCHRNUL = @GNULIB_STRCHRNUL@ +GNULIB_STRDUP = @GNULIB_STRDUP@ +GNULIB_STRERROR = @GNULIB_STRERROR@ +GNULIB_STRERROR_R = @GNULIB_STRERROR_R@ +GNULIB_STRFTIME = @GNULIB_STRFTIME@ +GNULIB_STRNCAT = @GNULIB_STRNCAT@ +GNULIB_STRNDUP = @GNULIB_STRNDUP@ +GNULIB_STRNLEN = @GNULIB_STRNLEN@ +GNULIB_STRPBRK = @GNULIB_STRPBRK@ +GNULIB_STRPTIME = @GNULIB_STRPTIME@ +GNULIB_STRSEP = @GNULIB_STRSEP@ +GNULIB_STRSIGNAL = @GNULIB_STRSIGNAL@ +GNULIB_STRSTR = @GNULIB_STRSTR@ +GNULIB_STRTOD = @GNULIB_STRTOD@ +GNULIB_STRTOIMAX = @GNULIB_STRTOIMAX@ +GNULIB_STRTOK_R = @GNULIB_STRTOK_R@ +GNULIB_STRTOLD = @GNULIB_STRTOLD@ +GNULIB_STRTOLL = @GNULIB_STRTOLL@ +GNULIB_STRTOULL = @GNULIB_STRTOULL@ +GNULIB_STRTOUMAX = @GNULIB_STRTOUMAX@ +GNULIB_STRVERSCMP = @GNULIB_STRVERSCMP@ +GNULIB_SYMLINK = @GNULIB_SYMLINK@ +GNULIB_SYMLINKAT = @GNULIB_SYMLINKAT@ +GNULIB_SYSTEM_POSIX = @GNULIB_SYSTEM_POSIX@ +GNULIB_TIMEGM = @GNULIB_TIMEGM@ +GNULIB_TIME_R = @GNULIB_TIME_R@ +GNULIB_TIME_RZ = @GNULIB_TIME_RZ@ +GNULIB_TMPFILE = @GNULIB_TMPFILE@ +GNULIB_TRUNCATE = @GNULIB_TRUNCATE@ +GNULIB_TTYNAME_R = @GNULIB_TTYNAME_R@ +GNULIB_TZSET = @GNULIB_TZSET@ +GNULIB_UNISTD_H_NONBLOCKING = @GNULIB_UNISTD_H_NONBLOCKING@ +GNULIB_UNISTD_H_SIGPIPE = @GNULIB_UNISTD_H_SIGPIPE@ +GNULIB_UNLINK = @GNULIB_UNLINK@ +GNULIB_UNLINKAT = @GNULIB_UNLINKAT@ +GNULIB_UNLOCKPT = @GNULIB_UNLOCKPT@ +GNULIB_UNSETENV = @GNULIB_UNSETENV@ +GNULIB_USLEEP = @GNULIB_USLEEP@ +GNULIB_UTIMENSAT = @GNULIB_UTIMENSAT@ +GNULIB_VASPRINTF = @GNULIB_VASPRINTF@ +GNULIB_VDPRINTF = @GNULIB_VDPRINTF@ +GNULIB_VFPRINTF = @GNULIB_VFPRINTF@ +GNULIB_VFPRINTF_POSIX = @GNULIB_VFPRINTF_POSIX@ +GNULIB_VFSCANF = @GNULIB_VFSCANF@ +GNULIB_VPRINTF = @GNULIB_VPRINTF@ +GNULIB_VPRINTF_POSIX = @GNULIB_VPRINTF_POSIX@ +GNULIB_VSCANF = @GNULIB_VSCANF@ +GNULIB_VSNPRINTF = @GNULIB_VSNPRINTF@ +GNULIB_VSPRINTF_POSIX = @GNULIB_VSPRINTF_POSIX@ +GNULIB_WCPCPY = @GNULIB_WCPCPY@ +GNULIB_WCPNCPY = @GNULIB_WCPNCPY@ +GNULIB_WCRTOMB = @GNULIB_WCRTOMB@ +GNULIB_WCSCASECMP = @GNULIB_WCSCASECMP@ +GNULIB_WCSCAT = @GNULIB_WCSCAT@ +GNULIB_WCSCHR = @GNULIB_WCSCHR@ +GNULIB_WCSCMP = @GNULIB_WCSCMP@ +GNULIB_WCSCOLL = @GNULIB_WCSCOLL@ +GNULIB_WCSCPY = @GNULIB_WCSCPY@ +GNULIB_WCSCSPN = @GNULIB_WCSCSPN@ +GNULIB_WCSDUP = @GNULIB_WCSDUP@ +GNULIB_WCSFTIME = @GNULIB_WCSFTIME@ +GNULIB_WCSLEN = @GNULIB_WCSLEN@ +GNULIB_WCSNCASECMP = @GNULIB_WCSNCASECMP@ +GNULIB_WCSNCAT = @GNULIB_WCSNCAT@ +GNULIB_WCSNCMP = @GNULIB_WCSNCMP@ +GNULIB_WCSNCPY = @GNULIB_WCSNCPY@ +GNULIB_WCSNLEN = @GNULIB_WCSNLEN@ +GNULIB_WCSNRTOMBS = @GNULIB_WCSNRTOMBS@ +GNULIB_WCSPBRK = @GNULIB_WCSPBRK@ +GNULIB_WCSRCHR = @GNULIB_WCSRCHR@ +GNULIB_WCSRTOMBS = @GNULIB_WCSRTOMBS@ +GNULIB_WCSSPN = @GNULIB_WCSSPN@ +GNULIB_WCSSTR = @GNULIB_WCSSTR@ +GNULIB_WCSTOK = @GNULIB_WCSTOK@ +GNULIB_WCSWIDTH = @GNULIB_WCSWIDTH@ +GNULIB_WCSXFRM = @GNULIB_WCSXFRM@ +GNULIB_WCTOB = @GNULIB_WCTOB@ +GNULIB_WCTOMB = @GNULIB_WCTOMB@ +GNULIB_WCWIDTH = @GNULIB_WCWIDTH@ +GNULIB_WMEMCHR = @GNULIB_WMEMCHR@ +GNULIB_WMEMCMP = @GNULIB_WMEMCMP@ +GNULIB_WMEMCPY = @GNULIB_WMEMCPY@ +GNULIB_WMEMMOVE = @GNULIB_WMEMMOVE@ +GNULIB_WMEMSET = @GNULIB_WMEMSET@ +GNULIB_WRITE = @GNULIB_WRITE@ +GNULIB__EXIT = @GNULIB__EXIT@ +GNUTLS_REQUIRES_PRIVATE = @GNUTLS_REQUIRES_PRIVATE@ +GREP = @GREP@ +GTKDOC_CHECK = @GTKDOC_CHECK@ +GTKDOC_CHECK_PATH = @GTKDOC_CHECK_PATH@ +GTKDOC_DEPS_CFLAGS = @GTKDOC_DEPS_CFLAGS@ +GTKDOC_DEPS_LIBS = @GTKDOC_DEPS_LIBS@ +GTKDOC_MKPDF = @GTKDOC_MKPDF@ +GTKDOC_REBASE = @GTKDOC_REBASE@ +GUILD = @GUILD@ +GUILE = @GUILE@ +GUILE_CFLAGS = @GUILE_CFLAGS@ +GUILE_CONFIG = @GUILE_CONFIG@ +GUILE_EFFECTIVE_VERSION = @GUILE_EFFECTIVE_VERSION@ +GUILE_EXTENSION = @GUILE_EXTENSION@ +GUILE_LDFLAGS = @GUILE_LDFLAGS@ +GUILE_LIBS = @GUILE_LIBS@ +GUILE_LTLIBS = @GUILE_LTLIBS@ +GUILE_SITE = @GUILE_SITE@ +GUILE_SITE_CCACHE = @GUILE_SITE_CCACHE@ +GUILE_TOOLS = @GUILE_TOOLS@ +HAVE_ACCEPT4 = @HAVE_ACCEPT4@ +HAVE_ALLOCA_H = @HAVE_ALLOCA_H@ +HAVE_ARPA_INET_H = @HAVE_ARPA_INET_H@ +HAVE_ATOLL = @HAVE_ATOLL@ +HAVE_BTOWC = @HAVE_BTOWC@ +HAVE_C99_STDINT_H = @HAVE_C99_STDINT_H@ +HAVE_CANONICALIZE_FILE_NAME = @HAVE_CANONICALIZE_FILE_NAME@ +HAVE_CHOWN = @HAVE_CHOWN@ +HAVE_CRTDEFS_H = @HAVE_CRTDEFS_H@ +HAVE_DECL_ENVIRON = @HAVE_DECL_ENVIRON@ +HAVE_DECL_FCHDIR = @HAVE_DECL_FCHDIR@ +HAVE_DECL_FDATASYNC = @HAVE_DECL_FDATASYNC@ +HAVE_DECL_FPURGE = @HAVE_DECL_FPURGE@ +HAVE_DECL_FREEADDRINFO = @HAVE_DECL_FREEADDRINFO@ +HAVE_DECL_FSEEKO = @HAVE_DECL_FSEEKO@ +HAVE_DECL_FTELLO = @HAVE_DECL_FTELLO@ +HAVE_DECL_GAI_STRERROR = @HAVE_DECL_GAI_STRERROR@ +HAVE_DECL_GETADDRINFO = @HAVE_DECL_GETADDRINFO@ +HAVE_DECL_GETDELIM = @HAVE_DECL_GETDELIM@ +HAVE_DECL_GETDOMAINNAME = @HAVE_DECL_GETDOMAINNAME@ +HAVE_DECL_GETLINE = @HAVE_DECL_GETLINE@ +HAVE_DECL_GETLOADAVG = @HAVE_DECL_GETLOADAVG@ +HAVE_DECL_GETLOGIN = @HAVE_DECL_GETLOGIN@ +HAVE_DECL_GETLOGIN_R = @HAVE_DECL_GETLOGIN_R@ +HAVE_DECL_GETNAMEINFO = @HAVE_DECL_GETNAMEINFO@ +HAVE_DECL_GETPAGESIZE = @HAVE_DECL_GETPAGESIZE@ +HAVE_DECL_GETUSERSHELL = @HAVE_DECL_GETUSERSHELL@ +HAVE_DECL_IMAXABS = @HAVE_DECL_IMAXABS@ +HAVE_DECL_IMAXDIV = @HAVE_DECL_IMAXDIV@ +HAVE_DECL_INET_NTOP = @HAVE_DECL_INET_NTOP@ +HAVE_DECL_INET_PTON = @HAVE_DECL_INET_PTON@ +HAVE_DECL_INITSTATE = @HAVE_DECL_INITSTATE@ +HAVE_DECL_LOCALTIME_R = @HAVE_DECL_LOCALTIME_R@ +HAVE_DECL_MEMMEM = @HAVE_DECL_MEMMEM@ +HAVE_DECL_MEMRCHR = @HAVE_DECL_MEMRCHR@ +HAVE_DECL_OBSTACK_PRINTF = @HAVE_DECL_OBSTACK_PRINTF@ +HAVE_DECL_SETENV = @HAVE_DECL_SETENV@ +HAVE_DECL_SETHOSTNAME = @HAVE_DECL_SETHOSTNAME@ +HAVE_DECL_SETSTATE = @HAVE_DECL_SETSTATE@ +HAVE_DECL_SNPRINTF = @HAVE_DECL_SNPRINTF@ +HAVE_DECL_STRDUP = @HAVE_DECL_STRDUP@ +HAVE_DECL_STRERROR_R = @HAVE_DECL_STRERROR_R@ +HAVE_DECL_STRNCASECMP = @HAVE_DECL_STRNCASECMP@ +HAVE_DECL_STRNDUP = @HAVE_DECL_STRNDUP@ +HAVE_DECL_STRNLEN = @HAVE_DECL_STRNLEN@ +HAVE_DECL_STRSIGNAL = @HAVE_DECL_STRSIGNAL@ +HAVE_DECL_STRTOIMAX = @HAVE_DECL_STRTOIMAX@ +HAVE_DECL_STRTOK_R = @HAVE_DECL_STRTOK_R@ +HAVE_DECL_STRTOUMAX = @HAVE_DECL_STRTOUMAX@ +HAVE_DECL_TRUNCATE = @HAVE_DECL_TRUNCATE@ +HAVE_DECL_TTYNAME_R = @HAVE_DECL_TTYNAME_R@ +HAVE_DECL_UNSETENV = @HAVE_DECL_UNSETENV@ +HAVE_DECL_VSNPRINTF = @HAVE_DECL_VSNPRINTF@ +HAVE_DECL_WCTOB = @HAVE_DECL_WCTOB@ +HAVE_DECL_WCWIDTH = @HAVE_DECL_WCWIDTH@ +HAVE_DPRINTF = @HAVE_DPRINTF@ +HAVE_DUP2 = @HAVE_DUP2@ +HAVE_DUP3 = @HAVE_DUP3@ +HAVE_DUPLOCALE = @HAVE_DUPLOCALE@ +HAVE_EUIDACCESS = @HAVE_EUIDACCESS@ +HAVE_EXPLICIT_BZERO = @HAVE_EXPLICIT_BZERO@ +HAVE_FACCESSAT = @HAVE_FACCESSAT@ +HAVE_FCHDIR = @HAVE_FCHDIR@ +HAVE_FCHMODAT = @HAVE_FCHMODAT@ +HAVE_FCHOWNAT = @HAVE_FCHOWNAT@ +HAVE_FCNTL = @HAVE_FCNTL@ +HAVE_FDATASYNC = @HAVE_FDATASYNC@ +HAVE_FEATURES_H = @HAVE_FEATURES_H@ +HAVE_FFS = @HAVE_FFS@ +HAVE_FFSL = @HAVE_FFSL@ +HAVE_FFSLL = @HAVE_FFSLL@ +HAVE_FREELOCALE = @HAVE_FREELOCALE@ +HAVE_FSEEKO = @HAVE_FSEEKO@ +HAVE_FSTATAT = @HAVE_FSTATAT@ +HAVE_FSYNC = @HAVE_FSYNC@ +HAVE_FTELLO = @HAVE_FTELLO@ +HAVE_FTRUNCATE = @HAVE_FTRUNCATE@ +HAVE_FUTIMENS = @HAVE_FUTIMENS@ +HAVE_GETDTABLESIZE = @HAVE_GETDTABLESIZE@ +HAVE_GETGROUPS = @HAVE_GETGROUPS@ +HAVE_GETHOSTNAME = @HAVE_GETHOSTNAME@ +HAVE_GETLOGIN = @HAVE_GETLOGIN@ +HAVE_GETPAGESIZE = @HAVE_GETPAGESIZE@ +HAVE_GETPASS = @HAVE_GETPASS@ +HAVE_GETSUBOPT = @HAVE_GETSUBOPT@ +HAVE_GETTIMEOFDAY = @HAVE_GETTIMEOFDAY@ +HAVE_GRANTPT = @HAVE_GRANTPT@ +HAVE_GROUP_MEMBER = @HAVE_GROUP_MEMBER@ +HAVE_IMAXDIV_T = @HAVE_IMAXDIV_T@ +HAVE_INITSTATE = @HAVE_INITSTATE@ +HAVE_INTTYPES_H = @HAVE_INTTYPES_H@ +HAVE_ISBLANK = @HAVE_ISBLANK@ +HAVE_LANGINFO_ALTMON = @HAVE_LANGINFO_ALTMON@ +HAVE_LANGINFO_CODESET = @HAVE_LANGINFO_CODESET@ +HAVE_LANGINFO_ERA = @HAVE_LANGINFO_ERA@ +HAVE_LANGINFO_H = @HAVE_LANGINFO_H@ +HAVE_LANGINFO_T_FMT_AMPM = @HAVE_LANGINFO_T_FMT_AMPM@ +HAVE_LANGINFO_YESEXPR = @HAVE_LANGINFO_YESEXPR@ +HAVE_LCHMOD = @HAVE_LCHMOD@ +HAVE_LCHOWN = @HAVE_LCHOWN@ +HAVE_LIBCRYPTO = @HAVE_LIBCRYPTO@ +HAVE_LIBDL = @HAVE_LIBDL@ +HAVE_LIBPTHREAD = @HAVE_LIBPTHREAD@ +HAVE_LIBRT = @HAVE_LIBRT@ +HAVE_LIBSECCOMP = @HAVE_LIBSECCOMP@ +HAVE_LINK = @HAVE_LINK@ +HAVE_LINKAT = @HAVE_LINKAT@ +HAVE_LONG_LONG_INT = @HAVE_LONG_LONG_INT@ +HAVE_LSTAT = @HAVE_LSTAT@ +HAVE_MAX_ALIGN_T = @HAVE_MAX_ALIGN_T@ +HAVE_MBRLEN = @HAVE_MBRLEN@ +HAVE_MBRTOWC = @HAVE_MBRTOWC@ +HAVE_MBSINIT = @HAVE_MBSINIT@ +HAVE_MBSLEN = @HAVE_MBSLEN@ +HAVE_MBSNRTOWCS = @HAVE_MBSNRTOWCS@ +HAVE_MBSRTOWCS = @HAVE_MBSRTOWCS@ +HAVE_MBTOWC = @HAVE_MBTOWC@ +HAVE_MEMCHR = @HAVE_MEMCHR@ +HAVE_MEMPCPY = @HAVE_MEMPCPY@ +HAVE_MKDIRAT = @HAVE_MKDIRAT@ +HAVE_MKDTEMP = @HAVE_MKDTEMP@ +HAVE_MKFIFO = @HAVE_MKFIFO@ +HAVE_MKFIFOAT = @HAVE_MKFIFOAT@ +HAVE_MKNOD = @HAVE_MKNOD@ +HAVE_MKNODAT = @HAVE_MKNODAT@ +HAVE_MKOSTEMP = @HAVE_MKOSTEMP@ +HAVE_MKOSTEMPS = @HAVE_MKOSTEMPS@ +HAVE_MKSTEMP = @HAVE_MKSTEMP@ +HAVE_MKSTEMPS = @HAVE_MKSTEMPS@ +HAVE_MSVC_INVALID_PARAMETER_HANDLER = @HAVE_MSVC_INVALID_PARAMETER_HANDLER@ +HAVE_NANOSLEEP = @HAVE_NANOSLEEP@ +HAVE_NETDB_H = @HAVE_NETDB_H@ +HAVE_NETINET_IN_H = @HAVE_NETINET_IN_H@ +HAVE_NEWLOCALE = @HAVE_NEWLOCALE@ +HAVE_NL_LANGINFO = @HAVE_NL_LANGINFO@ +HAVE_OPENAT = @HAVE_OPENAT@ +HAVE_OS_H = @HAVE_OS_H@ +HAVE_PCLOSE = @HAVE_PCLOSE@ +HAVE_PIPE = @HAVE_PIPE@ +HAVE_PIPE2 = @HAVE_PIPE2@ +HAVE_POPEN = @HAVE_POPEN@ +HAVE_POSIX_OPENPT = @HAVE_POSIX_OPENPT@ +HAVE_POSIX_SIGNALBLOCKING = @HAVE_POSIX_SIGNALBLOCKING@ +HAVE_PREAD = @HAVE_PREAD@ +HAVE_PSELECT = @HAVE_PSELECT@ +HAVE_PTHREAD_SIGMASK = @HAVE_PTHREAD_SIGMASK@ +HAVE_PTSNAME = @HAVE_PTSNAME@ +HAVE_PTSNAME_R = @HAVE_PTSNAME_R@ +HAVE_PWRITE = @HAVE_PWRITE@ +HAVE_QSORT_R = @HAVE_QSORT_R@ +HAVE_RAISE = @HAVE_RAISE@ +HAVE_RANDOM = @HAVE_RANDOM@ +HAVE_RANDOM_H = @HAVE_RANDOM_H@ +HAVE_RANDOM_R = @HAVE_RANDOM_R@ +HAVE_RAWMEMCHR = @HAVE_RAWMEMCHR@ +HAVE_READLINK = @HAVE_READLINK@ +HAVE_READLINKAT = @HAVE_READLINKAT@ +HAVE_REALLOCARRAY = @HAVE_REALLOCARRAY@ +HAVE_REALPATH = @HAVE_REALPATH@ +HAVE_RENAMEAT = @HAVE_RENAMEAT@ +HAVE_RPMATCH = @HAVE_RPMATCH@ +HAVE_SA_FAMILY_T = @HAVE_SA_FAMILY_T@ +HAVE_SECURE_GETENV = @HAVE_SECURE_GETENV@ +HAVE_SETENV = @HAVE_SETENV@ +HAVE_SETHOSTNAME = @HAVE_SETHOSTNAME@ +HAVE_SETSTATE = @HAVE_SETSTATE@ +HAVE_SIGACTION = @HAVE_SIGACTION@ +HAVE_SIGHANDLER_T = @HAVE_SIGHANDLER_T@ +HAVE_SIGINFO_T = @HAVE_SIGINFO_T@ +HAVE_SIGNED_SIG_ATOMIC_T = @HAVE_SIGNED_SIG_ATOMIC_T@ +HAVE_SIGNED_WCHAR_T = @HAVE_SIGNED_WCHAR_T@ +HAVE_SIGNED_WINT_T = @HAVE_SIGNED_WINT_T@ +HAVE_SIGSET_T = @HAVE_SIGSET_T@ +HAVE_SLEEP = @HAVE_SLEEP@ +HAVE_STDINT_H = @HAVE_STDINT_H@ +HAVE_STPCPY = @HAVE_STPCPY@ +HAVE_STPNCPY = @HAVE_STPNCPY@ +HAVE_STRCASECMP = @HAVE_STRCASECMP@ +HAVE_STRCASESTR = @HAVE_STRCASESTR@ +HAVE_STRCHRNUL = @HAVE_STRCHRNUL@ +HAVE_STRINGS_H = @HAVE_STRINGS_H@ +HAVE_STRPBRK = @HAVE_STRPBRK@ +HAVE_STRPTIME = @HAVE_STRPTIME@ +HAVE_STRSEP = @HAVE_STRSEP@ +HAVE_STRTOD = @HAVE_STRTOD@ +HAVE_STRTOLD = @HAVE_STRTOLD@ +HAVE_STRTOLL = @HAVE_STRTOLL@ +HAVE_STRTOULL = @HAVE_STRTOULL@ +HAVE_STRUCT_ADDRINFO = @HAVE_STRUCT_ADDRINFO@ +HAVE_STRUCT_RANDOM_DATA = @HAVE_STRUCT_RANDOM_DATA@ +HAVE_STRUCT_SIGACTION_SA_SIGACTION = @HAVE_STRUCT_SIGACTION_SA_SIGACTION@ +HAVE_STRUCT_SOCKADDR_STORAGE = @HAVE_STRUCT_SOCKADDR_STORAGE@ +HAVE_STRUCT_SOCKADDR_STORAGE_SS_FAMILY = @HAVE_STRUCT_SOCKADDR_STORAGE_SS_FAMILY@ +HAVE_STRUCT_TIMEVAL = @HAVE_STRUCT_TIMEVAL@ +HAVE_STRVERSCMP = @HAVE_STRVERSCMP@ +HAVE_SYMLINK = @HAVE_SYMLINK@ +HAVE_SYMLINKAT = @HAVE_SYMLINKAT@ +HAVE_SYS_BITYPES_H = @HAVE_SYS_BITYPES_H@ +HAVE_SYS_INTTYPES_H = @HAVE_SYS_INTTYPES_H@ +HAVE_SYS_IOCTL_H = @HAVE_SYS_IOCTL_H@ +HAVE_SYS_LOADAVG_H = @HAVE_SYS_LOADAVG_H@ +HAVE_SYS_PARAM_H = @HAVE_SYS_PARAM_H@ +HAVE_SYS_SELECT_H = @HAVE_SYS_SELECT_H@ +HAVE_SYS_SOCKET_H = @HAVE_SYS_SOCKET_H@ +HAVE_SYS_TIME_H = @HAVE_SYS_TIME_H@ +HAVE_SYS_TYPES_H = @HAVE_SYS_TYPES_H@ +HAVE_SYS_UIO_H = @HAVE_SYS_UIO_H@ +HAVE_TIMEGM = @HAVE_TIMEGM@ +HAVE_TIMEZONE_T = @HAVE_TIMEZONE_T@ +HAVE_TYPE_VOLATILE_SIG_ATOMIC_T = @HAVE_TYPE_VOLATILE_SIG_ATOMIC_T@ +HAVE_TZSET = @HAVE_TZSET@ +HAVE_UNISTD_H = @HAVE_UNISTD_H@ +HAVE_UNLINKAT = @HAVE_UNLINKAT@ +HAVE_UNLOCKPT = @HAVE_UNLOCKPT@ +HAVE_UNSIGNED_LONG_LONG_INT = @HAVE_UNSIGNED_LONG_LONG_INT@ +HAVE_USLEEP = @HAVE_USLEEP@ +HAVE_UTIMENSAT = @HAVE_UTIMENSAT@ +HAVE_VASPRINTF = @HAVE_VASPRINTF@ +HAVE_VDPRINTF = @HAVE_VDPRINTF@ +HAVE_WCHAR_H = @HAVE_WCHAR_H@ +HAVE_WCHAR_T = @HAVE_WCHAR_T@ +HAVE_WCPCPY = @HAVE_WCPCPY@ +HAVE_WCPNCPY = @HAVE_WCPNCPY@ +HAVE_WCRTOMB = @HAVE_WCRTOMB@ +HAVE_WCSCASECMP = @HAVE_WCSCASECMP@ +HAVE_WCSCAT = @HAVE_WCSCAT@ +HAVE_WCSCHR = @HAVE_WCSCHR@ +HAVE_WCSCMP = @HAVE_WCSCMP@ +HAVE_WCSCOLL = @HAVE_WCSCOLL@ +HAVE_WCSCPY = @HAVE_WCSCPY@ +HAVE_WCSCSPN = @HAVE_WCSCSPN@ +HAVE_WCSDUP = @HAVE_WCSDUP@ +HAVE_WCSFTIME = @HAVE_WCSFTIME@ +HAVE_WCSLEN = @HAVE_WCSLEN@ +HAVE_WCSNCASECMP = @HAVE_WCSNCASECMP@ +HAVE_WCSNCAT = @HAVE_WCSNCAT@ +HAVE_WCSNCMP = @HAVE_WCSNCMP@ +HAVE_WCSNCPY = @HAVE_WCSNCPY@ +HAVE_WCSNLEN = @HAVE_WCSNLEN@ +HAVE_WCSNRTOMBS = @HAVE_WCSNRTOMBS@ +HAVE_WCSPBRK = @HAVE_WCSPBRK@ +HAVE_WCSRCHR = @HAVE_WCSRCHR@ +HAVE_WCSRTOMBS = @HAVE_WCSRTOMBS@ +HAVE_WCSSPN = @HAVE_WCSSPN@ +HAVE_WCSSTR = @HAVE_WCSSTR@ +HAVE_WCSTOK = @HAVE_WCSTOK@ +HAVE_WCSWIDTH = @HAVE_WCSWIDTH@ +HAVE_WCSXFRM = @HAVE_WCSXFRM@ +HAVE_WINSOCK2_H = @HAVE_WINSOCK2_H@ +HAVE_WINT_T = @HAVE_WINT_T@ +HAVE_WMEMCHR = @HAVE_WMEMCHR@ +HAVE_WMEMCMP = @HAVE_WMEMCMP@ +HAVE_WMEMCPY = @HAVE_WMEMCPY@ +HAVE_WMEMMOVE = @HAVE_WMEMMOVE@ +HAVE_WMEMSET = @HAVE_WMEMSET@ +HAVE_WS2TCPIP_H = @HAVE_WS2TCPIP_H@ +HAVE_XLOCALE_H = @HAVE_XLOCALE_H@ +HAVE__BOOL = @HAVE__BOOL@ +HAVE__EXIT = @HAVE__EXIT@ +HOGWEED_CFLAGS = @HOGWEED_CFLAGS@ +HOGWEED_LIBS = @HOGWEED_LIBS@ +HOSTENT_LIB = @HOSTENT_LIB@ +HTML_DIR = @HTML_DIR@ +INCLUDE_NEXT = @INCLUDE_NEXT@ +INCLUDE_NEXT_AS_FIRST_DIRECTIVE = @INCLUDE_NEXT_AS_FIRST_DIRECTIVE@ +INET_NTOP_LIB = @INET_NTOP_LIB@ +INET_PTON_LIB = @INET_PTON_LIB@ +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +INT32_MAX_LT_INTMAX_MAX = @INT32_MAX_LT_INTMAX_MAX@ +INT64_MAX_EQ_LONG_MAX = @INT64_MAX_EQ_LONG_MAX@ +INTLLIBS = @INTLLIBS@ +INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@ +LCOV = @LCOV@ +LD = @LD@ +LDFLAGS = @LDFLAGS@ +LIBATOMIC_LIBS = @LIBATOMIC_LIBS@ +LIBCRYPTO = @LIBCRYPTO@ +LIBCRYPTO_PREFIX = @LIBCRYPTO_PREFIX@ +LIBDL = @LIBDL@ +LIBDL_PREFIX = @LIBDL_PREFIX@ +LIBGNUTLS_CFLAGS = @LIBGNUTLS_CFLAGS@ +LIBGNUTLS_LIBS = @LIBGNUTLS_LIBS@ +LIBICONV = @LIBICONV@ +LIBIDN2_CFLAGS = @LIBIDN2_CFLAGS@ +LIBIDN2_LIBS = @LIBIDN2_LIBS@ +LIBINTL = @LIBINTL@ +LIBMULTITHREAD = @LIBMULTITHREAD@ +LIBOBJS = @LIBOBJS@ +LIBOPTS_CFLAGS = @LIBOPTS_CFLAGS@ +LIBOPTS_DIR = @LIBOPTS_DIR@ +LIBOPTS_LDADD = @LIBOPTS_LDADD@ +LIBPTH = @LIBPTH@ +LIBPTHREAD = @LIBPTHREAD@ +LIBPTHREAD_PREFIX = @LIBPTHREAD_PREFIX@ +LIBPTH_PREFIX = @LIBPTH_PREFIX@ +LIBRT = @LIBRT@ +LIBRT_PREFIX = @LIBRT_PREFIX@ +LIBS = @LIBS@ +LIBSECCOMP = @LIBSECCOMP@ +LIBSECCOMP_PREFIX = @LIBSECCOMP_PREFIX@ +LIBSOCKET = @LIBSOCKET@ +LIBTASN1_CFLAGS = @LIBTASN1_CFLAGS@ +LIBTASN1_LIBS = @LIBTASN1_LIBS@ +LIBTESTS_LIBDEPS = @LIBTESTS_LIBDEPS@ +LIBTHREAD = @LIBTHREAD@ +LIBTOOL = @LIBTOOL@ +LIBUNISTRING = @LIBUNISTRING@ +LIBUNISTRING_UNICTYPE_H = @LIBUNISTRING_UNICTYPE_H@ +LIBUNISTRING_UNINORM_H = @LIBUNISTRING_UNINORM_H@ +LIBUNISTRING_UNISTR_H = @LIBUNISTRING_UNISTR_H@ +LIBUNISTRING_UNITYPES_H = @LIBUNISTRING_UNITYPES_H@ +LIB_CLOCK_GETTIME = @LIB_CLOCK_GETTIME@ +LIB_NANOSLEEP = @LIB_NANOSLEEP@ +LIB_SELECT = @LIB_SELECT@ +LIMITS_H = @LIMITS_H@ +LIPO = @LIPO@ +LN_S = @LN_S@ +LOCALE_FR = @LOCALE_FR@ +LOCALE_FR_UTF8 = @LOCALE_FR_UTF8@ +LOCALE_JA = @LOCALE_JA@ +LOCALE_TR_UTF8 = @LOCALE_TR_UTF8@ +LOCALE_ZH_CN = @LOCALE_ZH_CN@ +LTALLOCA = @LTALLOCA@ +LTLIBCRYPTO = @LTLIBCRYPTO@ +LTLIBDL = @LTLIBDL@ +LTLIBICONV = @LTLIBICONV@ +LTLIBINTL = @LTLIBINTL@ +LTLIBMULTITHREAD = @LTLIBMULTITHREAD@ +LTLIBOBJS = @LTLIBOBJS@ +LTLIBPTH = @LTLIBPTH@ +LTLIBPTHREAD = @LTLIBPTHREAD@ +LTLIBRT = @LTLIBRT@ +LTLIBSECCOMP = @LTLIBSECCOMP@ +LTLIBTHREAD = @LTLIBTHREAD@ +LT_AGE = @LT_AGE@ +LT_CURRENT = @LT_CURRENT@ +LT_DANE_AGE = @LT_DANE_AGE@ +LT_DANE_CURRENT = @LT_DANE_CURRENT@ +LT_DANE_REVISION = @LT_DANE_REVISION@ +LT_REVISION = @LT_REVISION@ +LT_SSL_AGE = @LT_SSL_AGE@ +LT_SSL_CURRENT = @LT_SSL_CURRENT@ +LT_SSL_REVISION = @LT_SSL_REVISION@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ +LT_XSSL_AGE = @LT_XSSL_AGE@ +LT_XSSL_CURRENT = @LT_XSSL_CURRENT@ +LT_XSSL_REVISION = @LT_XSSL_REVISION@ +MAINT = @MAINT@ +MAJOR_VERSION = @MAJOR_VERSION@ +MAKEINFO = @MAKEINFO@ +MANIFEST_TOOL = @MANIFEST_TOOL@ +MINOR_VERSION = @MINOR_VERSION@ +MKDIR_P = @MKDIR_P@ +MSGFMT = @MSGFMT@ +MSGFMT_015 = @MSGFMT_015@ +MSGMERGE = @MSGMERGE@ +NETINET_IN_H = @NETINET_IN_H@ +NETTLE_CFLAGS = @NETTLE_CFLAGS@ +NETTLE_LIBS = @NETTLE_LIBS@ +NEXT_ARPA_INET_H = @NEXT_ARPA_INET_H@ +NEXT_AS_FIRST_DIRECTIVE_ARPA_INET_H = @NEXT_AS_FIRST_DIRECTIVE_ARPA_INET_H@ +NEXT_AS_FIRST_DIRECTIVE_CTYPE_H = @NEXT_AS_FIRST_DIRECTIVE_CTYPE_H@ +NEXT_AS_FIRST_DIRECTIVE_ERRNO_H = @NEXT_AS_FIRST_DIRECTIVE_ERRNO_H@ +NEXT_AS_FIRST_DIRECTIVE_FCNTL_H = @NEXT_AS_FIRST_DIRECTIVE_FCNTL_H@ +NEXT_AS_FIRST_DIRECTIVE_FLOAT_H = @NEXT_AS_FIRST_DIRECTIVE_FLOAT_H@ +NEXT_AS_FIRST_DIRECTIVE_INTTYPES_H = @NEXT_AS_FIRST_DIRECTIVE_INTTYPES_H@ +NEXT_AS_FIRST_DIRECTIVE_LANGINFO_H = @NEXT_AS_FIRST_DIRECTIVE_LANGINFO_H@ +NEXT_AS_FIRST_DIRECTIVE_LIMITS_H = @NEXT_AS_FIRST_DIRECTIVE_LIMITS_H@ +NEXT_AS_FIRST_DIRECTIVE_LOCALE_H = @NEXT_AS_FIRST_DIRECTIVE_LOCALE_H@ +NEXT_AS_FIRST_DIRECTIVE_NETDB_H = @NEXT_AS_FIRST_DIRECTIVE_NETDB_H@ +NEXT_AS_FIRST_DIRECTIVE_NETINET_IN_H = @NEXT_AS_FIRST_DIRECTIVE_NETINET_IN_H@ +NEXT_AS_FIRST_DIRECTIVE_SIGNAL_H = @NEXT_AS_FIRST_DIRECTIVE_SIGNAL_H@ +NEXT_AS_FIRST_DIRECTIVE_STDDEF_H = @NEXT_AS_FIRST_DIRECTIVE_STDDEF_H@ +NEXT_AS_FIRST_DIRECTIVE_STDINT_H = @NEXT_AS_FIRST_DIRECTIVE_STDINT_H@ +NEXT_AS_FIRST_DIRECTIVE_STDIO_H = @NEXT_AS_FIRST_DIRECTIVE_STDIO_H@ +NEXT_AS_FIRST_DIRECTIVE_STDLIB_H = @NEXT_AS_FIRST_DIRECTIVE_STDLIB_H@ +NEXT_AS_FIRST_DIRECTIVE_STRINGS_H = @NEXT_AS_FIRST_DIRECTIVE_STRINGS_H@ +NEXT_AS_FIRST_DIRECTIVE_STRING_H = @NEXT_AS_FIRST_DIRECTIVE_STRING_H@ +NEXT_AS_FIRST_DIRECTIVE_SYS_IOCTL_H = @NEXT_AS_FIRST_DIRECTIVE_SYS_IOCTL_H@ +NEXT_AS_FIRST_DIRECTIVE_SYS_SELECT_H = @NEXT_AS_FIRST_DIRECTIVE_SYS_SELECT_H@ +NEXT_AS_FIRST_DIRECTIVE_SYS_SOCKET_H = @NEXT_AS_FIRST_DIRECTIVE_SYS_SOCKET_H@ +NEXT_AS_FIRST_DIRECTIVE_SYS_STAT_H = @NEXT_AS_FIRST_DIRECTIVE_SYS_STAT_H@ +NEXT_AS_FIRST_DIRECTIVE_SYS_TIME_H = @NEXT_AS_FIRST_DIRECTIVE_SYS_TIME_H@ +NEXT_AS_FIRST_DIRECTIVE_SYS_TYPES_H = @NEXT_AS_FIRST_DIRECTIVE_SYS_TYPES_H@ +NEXT_AS_FIRST_DIRECTIVE_SYS_UIO_H = @NEXT_AS_FIRST_DIRECTIVE_SYS_UIO_H@ +NEXT_AS_FIRST_DIRECTIVE_TIME_H = @NEXT_AS_FIRST_DIRECTIVE_TIME_H@ +NEXT_AS_FIRST_DIRECTIVE_UNISTD_H = @NEXT_AS_FIRST_DIRECTIVE_UNISTD_H@ +NEXT_AS_FIRST_DIRECTIVE_WCHAR_H = @NEXT_AS_FIRST_DIRECTIVE_WCHAR_H@ +NEXT_CTYPE_H = @NEXT_CTYPE_H@ +NEXT_ERRNO_H = @NEXT_ERRNO_H@ +NEXT_FCNTL_H = @NEXT_FCNTL_H@ +NEXT_FLOAT_H = @NEXT_FLOAT_H@ +NEXT_INTTYPES_H = @NEXT_INTTYPES_H@ +NEXT_LANGINFO_H = @NEXT_LANGINFO_H@ +NEXT_LIMITS_H = @NEXT_LIMITS_H@ +NEXT_LOCALE_H = @NEXT_LOCALE_H@ +NEXT_NETDB_H = @NEXT_NETDB_H@ +NEXT_NETINET_IN_H = @NEXT_NETINET_IN_H@ +NEXT_SIGNAL_H = @NEXT_SIGNAL_H@ +NEXT_STDDEF_H = @NEXT_STDDEF_H@ +NEXT_STDINT_H = @NEXT_STDINT_H@ +NEXT_STDIO_H = @NEXT_STDIO_H@ +NEXT_STDLIB_H = @NEXT_STDLIB_H@ +NEXT_STRINGS_H = @NEXT_STRINGS_H@ +NEXT_STRING_H = @NEXT_STRING_H@ +NEXT_SYS_IOCTL_H = @NEXT_SYS_IOCTL_H@ +NEXT_SYS_SELECT_H = @NEXT_SYS_SELECT_H@ +NEXT_SYS_SOCKET_H = @NEXT_SYS_SOCKET_H@ +NEXT_SYS_STAT_H = @NEXT_SYS_STAT_H@ +NEXT_SYS_TIME_H = @NEXT_SYS_TIME_H@ +NEXT_SYS_TYPES_H = @NEXT_SYS_TYPES_H@ +NEXT_SYS_UIO_H = @NEXT_SYS_UIO_H@ +NEXT_TIME_H = @NEXT_TIME_H@ +NEXT_UNISTD_H = @NEXT_UNISTD_H@ +NEXT_WCHAR_H = @NEXT_WCHAR_H@ +NM = @NM@ +NMEDIT = @NMEDIT@ +NUMBER_VERSION = @NUMBER_VERSION@ +OBJDUMP = @OBJDUMP@ +OBJEXT = @OBJEXT@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ +P11_KIT_CFLAGS = @P11_KIT_CFLAGS@ +P11_KIT_LIBS = @P11_KIT_LIBS@ +PACKAGE = @PACKAGE@ +PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ +PACKAGE_NAME = @PACKAGE_NAME@ +PACKAGE_STRING = @PACKAGE_STRING@ +PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ +PACKAGE_VERSION = @PACKAGE_VERSION@ +PATCH_VERSION = @PATCH_VERSION@ +PATH_SEPARATOR = @PATH_SEPARATOR@ +PKG_CONFIG = @PKG_CONFIG@ +PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ +PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ +PMCCABE = @PMCCABE@ +POSIX_SHELL = @POSIX_SHELL@ +POSUB = @POSUB@ +PRAGMA_COLUMNS = @PRAGMA_COLUMNS@ +PRAGMA_SYSTEM_HEADER = @PRAGMA_SYSTEM_HEADER@ +PRIPTR_PREFIX = @PRIPTR_PREFIX@ +PRI_MACROS_BROKEN = @PRI_MACROS_BROKEN@ +PTHREAD_H_DEFINES_STRUCT_TIMESPEC = @PTHREAD_H_DEFINES_STRUCT_TIMESPEC@ +PTRDIFF_T_SUFFIX = @PTRDIFF_T_SUFFIX@ +RANLIB = @RANLIB@ +REPLACE_BTOWC = @REPLACE_BTOWC@ +REPLACE_CALLOC = @REPLACE_CALLOC@ +REPLACE_CANONICALIZE_FILE_NAME = @REPLACE_CANONICALIZE_FILE_NAME@ +REPLACE_CHOWN = @REPLACE_CHOWN@ +REPLACE_CLOSE = @REPLACE_CLOSE@ +REPLACE_CTIME = @REPLACE_CTIME@ +REPLACE_DPRINTF = @REPLACE_DPRINTF@ +REPLACE_DUP = @REPLACE_DUP@ +REPLACE_DUP2 = @REPLACE_DUP2@ +REPLACE_DUPLOCALE = @REPLACE_DUPLOCALE@ +REPLACE_FACCESSAT = @REPLACE_FACCESSAT@ +REPLACE_FCHOWNAT = @REPLACE_FCHOWNAT@ +REPLACE_FCLOSE = @REPLACE_FCLOSE@ +REPLACE_FCNTL = @REPLACE_FCNTL@ +REPLACE_FDOPEN = @REPLACE_FDOPEN@ +REPLACE_FFLUSH = @REPLACE_FFLUSH@ +REPLACE_FOPEN = @REPLACE_FOPEN@ +REPLACE_FPRINTF = @REPLACE_FPRINTF@ +REPLACE_FPURGE = @REPLACE_FPURGE@ +REPLACE_FREELOCALE = @REPLACE_FREELOCALE@ +REPLACE_FREOPEN = @REPLACE_FREOPEN@ +REPLACE_FSEEK = @REPLACE_FSEEK@ +REPLACE_FSEEKO = @REPLACE_FSEEKO@ +REPLACE_FSTAT = @REPLACE_FSTAT@ +REPLACE_FSTATAT = @REPLACE_FSTATAT@ +REPLACE_FTELL = @REPLACE_FTELL@ +REPLACE_FTELLO = @REPLACE_FTELLO@ +REPLACE_FTRUNCATE = @REPLACE_FTRUNCATE@ +REPLACE_FUTIMENS = @REPLACE_FUTIMENS@ +REPLACE_GAI_STRERROR = @REPLACE_GAI_STRERROR@ +REPLACE_GETCWD = @REPLACE_GETCWD@ +REPLACE_GETDELIM = @REPLACE_GETDELIM@ +REPLACE_GETDOMAINNAME = @REPLACE_GETDOMAINNAME@ +REPLACE_GETDTABLESIZE = @REPLACE_GETDTABLESIZE@ +REPLACE_GETGROUPS = @REPLACE_GETGROUPS@ +REPLACE_GETLINE = @REPLACE_GETLINE@ +REPLACE_GETLOGIN_R = @REPLACE_GETLOGIN_R@ +REPLACE_GETPAGESIZE = @REPLACE_GETPAGESIZE@ +REPLACE_GETPASS = @REPLACE_GETPASS@ +REPLACE_GETTIMEOFDAY = @REPLACE_GETTIMEOFDAY@ +REPLACE_GMTIME = @REPLACE_GMTIME@ +REPLACE_INET_NTOP = @REPLACE_INET_NTOP@ +REPLACE_INET_PTON = @REPLACE_INET_PTON@ +REPLACE_INITSTATE = @REPLACE_INITSTATE@ +REPLACE_IOCTL = @REPLACE_IOCTL@ +REPLACE_ISATTY = @REPLACE_ISATTY@ +REPLACE_ITOLD = @REPLACE_ITOLD@ +REPLACE_LCHOWN = @REPLACE_LCHOWN@ +REPLACE_LINK = @REPLACE_LINK@ +REPLACE_LINKAT = @REPLACE_LINKAT@ +REPLACE_LOCALECONV = @REPLACE_LOCALECONV@ +REPLACE_LOCALTIME = @REPLACE_LOCALTIME@ +REPLACE_LOCALTIME_R = @REPLACE_LOCALTIME_R@ +REPLACE_LSEEK = @REPLACE_LSEEK@ +REPLACE_LSTAT = @REPLACE_LSTAT@ +REPLACE_MALLOC = @REPLACE_MALLOC@ +REPLACE_MBRLEN = @REPLACE_MBRLEN@ +REPLACE_MBRTOWC = @REPLACE_MBRTOWC@ +REPLACE_MBSINIT = @REPLACE_MBSINIT@ +REPLACE_MBSNRTOWCS = @REPLACE_MBSNRTOWCS@ +REPLACE_MBSRTOWCS = @REPLACE_MBSRTOWCS@ +REPLACE_MBSTATE_T = @REPLACE_MBSTATE_T@ +REPLACE_MBTOWC = @REPLACE_MBTOWC@ +REPLACE_MEMCHR = @REPLACE_MEMCHR@ +REPLACE_MEMMEM = @REPLACE_MEMMEM@ +REPLACE_MKDIR = @REPLACE_MKDIR@ +REPLACE_MKFIFO = @REPLACE_MKFIFO@ +REPLACE_MKNOD = @REPLACE_MKNOD@ +REPLACE_MKSTEMP = @REPLACE_MKSTEMP@ +REPLACE_MKTIME = @REPLACE_MKTIME@ +REPLACE_NANOSLEEP = @REPLACE_NANOSLEEP@ +REPLACE_NEWLOCALE = @REPLACE_NEWLOCALE@ +REPLACE_NL_LANGINFO = @REPLACE_NL_LANGINFO@ +REPLACE_NULL = @REPLACE_NULL@ +REPLACE_OBSTACK_PRINTF = @REPLACE_OBSTACK_PRINTF@ +REPLACE_OPEN = @REPLACE_OPEN@ +REPLACE_OPENAT = @REPLACE_OPENAT@ +REPLACE_PERROR = @REPLACE_PERROR@ +REPLACE_POPEN = @REPLACE_POPEN@ +REPLACE_PREAD = @REPLACE_PREAD@ +REPLACE_PRINTF = @REPLACE_PRINTF@ +REPLACE_PSELECT = @REPLACE_PSELECT@ +REPLACE_PTHREAD_SIGMASK = @REPLACE_PTHREAD_SIGMASK@ +REPLACE_PTSNAME = @REPLACE_PTSNAME@ +REPLACE_PTSNAME_R = @REPLACE_PTSNAME_R@ +REPLACE_PUTENV = @REPLACE_PUTENV@ +REPLACE_PWRITE = @REPLACE_PWRITE@ +REPLACE_QSORT_R = @REPLACE_QSORT_R@ +REPLACE_RAISE = @REPLACE_RAISE@ +REPLACE_RANDOM = @REPLACE_RANDOM@ +REPLACE_RANDOM_R = @REPLACE_RANDOM_R@ +REPLACE_READ = @REPLACE_READ@ +REPLACE_READLINK = @REPLACE_READLINK@ +REPLACE_READLINKAT = @REPLACE_READLINKAT@ +REPLACE_REALLOC = @REPLACE_REALLOC@ +REPLACE_REALPATH = @REPLACE_REALPATH@ +REPLACE_REMOVE = @REPLACE_REMOVE@ +REPLACE_RENAME = @REPLACE_RENAME@ +REPLACE_RENAMEAT = @REPLACE_RENAMEAT@ +REPLACE_RMDIR = @REPLACE_RMDIR@ +REPLACE_SELECT = @REPLACE_SELECT@ +REPLACE_SETENV = @REPLACE_SETENV@ +REPLACE_SETLOCALE = @REPLACE_SETLOCALE@ +REPLACE_SETSTATE = @REPLACE_SETSTATE@ +REPLACE_SLEEP = @REPLACE_SLEEP@ +REPLACE_SNPRINTF = @REPLACE_SNPRINTF@ +REPLACE_SPRINTF = @REPLACE_SPRINTF@ +REPLACE_STAT = @REPLACE_STAT@ +REPLACE_STDIO_READ_FUNCS = @REPLACE_STDIO_READ_FUNCS@ +REPLACE_STDIO_WRITE_FUNCS = @REPLACE_STDIO_WRITE_FUNCS@ +REPLACE_STPNCPY = @REPLACE_STPNCPY@ +REPLACE_STRCASESTR = @REPLACE_STRCASESTR@ +REPLACE_STRCHRNUL = @REPLACE_STRCHRNUL@ +REPLACE_STRDUP = @REPLACE_STRDUP@ +REPLACE_STRERROR = @REPLACE_STRERROR@ +REPLACE_STRERROR_R = @REPLACE_STRERROR_R@ +REPLACE_STRFTIME = @REPLACE_STRFTIME@ +REPLACE_STRNCAT = @REPLACE_STRNCAT@ +REPLACE_STRNDUP = @REPLACE_STRNDUP@ +REPLACE_STRNLEN = @REPLACE_STRNLEN@ +REPLACE_STRSIGNAL = @REPLACE_STRSIGNAL@ +REPLACE_STRSTR = @REPLACE_STRSTR@ +REPLACE_STRTOD = @REPLACE_STRTOD@ +REPLACE_STRTOIMAX = @REPLACE_STRTOIMAX@ +REPLACE_STRTOK_R = @REPLACE_STRTOK_R@ +REPLACE_STRTOLD = @REPLACE_STRTOLD@ +REPLACE_STRTOUMAX = @REPLACE_STRTOUMAX@ +REPLACE_STRUCT_LCONV = @REPLACE_STRUCT_LCONV@ +REPLACE_STRUCT_TIMEVAL = @REPLACE_STRUCT_TIMEVAL@ +REPLACE_SYMLINK = @REPLACE_SYMLINK@ +REPLACE_SYMLINKAT = @REPLACE_SYMLINKAT@ +REPLACE_TIMEGM = @REPLACE_TIMEGM@ +REPLACE_TMPFILE = @REPLACE_TMPFILE@ +REPLACE_TRUNCATE = @REPLACE_TRUNCATE@ +REPLACE_TTYNAME_R = @REPLACE_TTYNAME_R@ +REPLACE_TZSET = @REPLACE_TZSET@ +REPLACE_UNLINK = @REPLACE_UNLINK@ +REPLACE_UNLINKAT = @REPLACE_UNLINKAT@ +REPLACE_UNSETENV = @REPLACE_UNSETENV@ +REPLACE_USLEEP = @REPLACE_USLEEP@ +REPLACE_UTIMENSAT = @REPLACE_UTIMENSAT@ +REPLACE_VASPRINTF = @REPLACE_VASPRINTF@ +REPLACE_VDPRINTF = @REPLACE_VDPRINTF@ +REPLACE_VFPRINTF = @REPLACE_VFPRINTF@ +REPLACE_VPRINTF = @REPLACE_VPRINTF@ +REPLACE_VSNPRINTF = @REPLACE_VSNPRINTF@ +REPLACE_VSPRINTF = @REPLACE_VSPRINTF@ +REPLACE_WCRTOMB = @REPLACE_WCRTOMB@ +REPLACE_WCSFTIME = @REPLACE_WCSFTIME@ +REPLACE_WCSNRTOMBS = @REPLACE_WCSNRTOMBS@ +REPLACE_WCSRTOMBS = @REPLACE_WCSRTOMBS@ +REPLACE_WCSWIDTH = @REPLACE_WCSWIDTH@ +REPLACE_WCTOB = @REPLACE_WCTOB@ +REPLACE_WCTOMB = @REPLACE_WCTOMB@ +REPLACE_WCWIDTH = @REPLACE_WCWIDTH@ +REPLACE_WRITE = @REPLACE_WRITE@ +SED = @SED@ +SERVENT_LIB = @SERVENT_LIB@ +SET_MAKE = @SET_MAKE@ +SHELL = @SHELL@ +SIG_ATOMIC_T_SUFFIX = @SIG_ATOMIC_T_SUFFIX@ +SIZE_T_SUFFIX = @SIZE_T_SUFFIX@ +STDALIGN_H = @STDALIGN_H@ +STDBOOL_H = @STDBOOL_H@ +STDDEF_H = @STDDEF_H@ +STDINT_H = @STDINT_H@ +STDNORETURN_H = @STDNORETURN_H@ +STRIP = @STRIP@ +SYS_IOCTL_H_HAVE_WINSOCK2_H = @SYS_IOCTL_H_HAVE_WINSOCK2_H@ +SYS_IOCTL_H_HAVE_WINSOCK2_H_AND_USE_SOCKETS = @SYS_IOCTL_H_HAVE_WINSOCK2_H_AND_USE_SOCKETS@ +SYS_TIME_H_DEFINES_STRUCT_TIMESPEC = @SYS_TIME_H_DEFINES_STRUCT_TIMESPEC@ +TIME_H_DEFINES_STRUCT_TIMESPEC = @TIME_H_DEFINES_STRUCT_TIMESPEC@ +TROUSERS_LIB = @TROUSERS_LIB@ +TSS_CFLAGS = @TSS_CFLAGS@ +TSS_LIBS = @TSS_LIBS@ +UINT32_MAX_LT_UINTMAX_MAX = @UINT32_MAX_LT_UINTMAX_MAX@ +UINT64_MAX_EQ_ULONG_MAX = @UINT64_MAX_EQ_ULONG_MAX@ +UNBOUND_CFLAGS = @UNBOUND_CFLAGS@ +UNBOUND_LIBS = @UNBOUND_LIBS@ +UNDEFINE_STRTOK_R = @UNDEFINE_STRTOK_R@ +UNISTD_H_DEFINES_STRUCT_TIMESPEC = @UNISTD_H_DEFINES_STRUCT_TIMESPEC@ +UNISTD_H_HAVE_WINSOCK2_H = @UNISTD_H_HAVE_WINSOCK2_H@ +UNISTD_H_HAVE_WINSOCK2_H_AND_USE_SOCKETS = @UNISTD_H_HAVE_WINSOCK2_H_AND_USE_SOCKETS@ +USE_NLS = @USE_NLS@ +VALGRIND = @VALGRIND@ +VERSION = @VERSION@ +WARN_CFLAGS = @WARN_CFLAGS@ +WCHAR_T_SUFFIX = @WCHAR_T_SUFFIX@ +WERROR_CFLAGS = @WERROR_CFLAGS@ +WINDOWS_64_BIT_OFF_T = @WINDOWS_64_BIT_OFF_T@ +WINDOWS_64_BIT_ST_SIZE = @WINDOWS_64_BIT_ST_SIZE@ +WINDOWS_STAT_INODES = @WINDOWS_STAT_INODES@ +WINDOWS_STAT_TIMESPEC = @WINDOWS_STAT_TIMESPEC@ +WINT_T_SUFFIX = @WINT_T_SUFFIX@ +WSTACK_CFLAGS = @WSTACK_CFLAGS@ +XGETTEXT = @XGETTEXT@ +XGETTEXT_015 = @XGETTEXT_015@ +XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@ +YACC = @YACC@ +YEAR = @YEAR@ +YFLAGS = @YFLAGS@ +abs_aux_dir = @abs_aux_dir@ +abs_builddir = @abs_builddir@ +abs_srcdir = @abs_srcdir@ +abs_top_builddir = @abs_top_builddir@ +abs_top_srcdir = @abs_top_srcdir@ +ac_ct_AR = @ac_ct_AR@ +ac_ct_CC = @ac_ct_CC@ +ac_ct_CXX = @ac_ct_CXX@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +ac_cv_sizeof_time_t = @ac_cv_sizeof_time_t@ +am__include = @am__include@ +am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ +am__tar = @am__tar@ +am__untar = @am__untar@ +autogen = @autogen@ +bindir = @bindir@ +build = @build@ +build_alias = @build_alias@ +build_cpu = @build_cpu@ +build_os = @build_os@ +build_vendor = @build_vendor@ +builddir = @builddir@ +datadir = @datadir@ +datarootdir = @datarootdir@ +docdir = @docdir@ +dvidir = @dvidir@ +exec_prefix = @exec_prefix@ +ggl_LIBOBJS = @ggl_LIBOBJS@ +ggl_LTLIBOBJS = @ggl_LTLIBOBJS@ +ggltests_LIBOBJS = @ggltests_LIBOBJS@ +ggltests_LTLIBOBJS = @ggltests_LTLIBOBJS@ +ggltests_WITNESS = @ggltests_WITNESS@ +gl_LIBOBJS = @gl_LIBOBJS@ +gl_LTLIBOBJS = @gl_LTLIBOBJS@ +gltests_LIBOBJS = @gltests_LIBOBJS@ +gltests_LTLIBOBJS = @gltests_LTLIBOBJS@ +gltests_WITNESS = @gltests_WITNESS@ +guile_snarf = @guile_snarf@ +guileextensiondir = @guileextensiondir@ +guilesiteccachedir = @guilesiteccachedir@ +guilesitedir = @guilesitedir@ +host = @host@ +host_alias = @host_alias@ +host_cpu = @host_cpu@ +host_os = @host_os@ +host_vendor = @host_vendor@ +htmldir = @htmldir@ +ifGNUmake = @ifGNUmake@ +ifnGNUmake = @ifnGNUmake@ +includedir = @includedir@ +infodir = @infodir@ +install_sh = @install_sh@ +libdir = @libdir@ +libexecdir = @libexecdir@ +localedir = @localedir@ +localstatedir = @localstatedir@ +mandir = @mandir@ +mkdir_p = @mkdir_p@ +oldincludedir = @oldincludedir@ +pdfdir = @pdfdir@ +prefix = @prefix@ +program_transform_name = @program_transform_name@ +psdir = @psdir@ +runstatedir = @runstatedir@ +sbindir = @sbindir@ +sharedstatedir = @sharedstatedir@ +srcdir = @srcdir@ +sysconfdir = @sysconfdir@ +target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ +top_builddir = @top_builddir@ +top_srcdir = @top_srcdir@ +unistring_LIBOBJS = @unistring_LIBOBJS@ +unistring_LTLIBOBJS = @unistring_LTLIBOBJS@ +unistringtests_LIBOBJS = @unistringtests_LIBOBJS@ +unistringtests_LTLIBOBJS = @unistringtests_LTLIBOBJS@ +unistringtests_WITNESS = @unistringtests_WITNESS@ +EXTRA_DIST = tpasswd tpasswd.conf +all: all-am + +.SUFFIXES: +$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ + *$$dep*) \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ + exit 1;; \ + esac; \ + done; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign doc/credentials/srp/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --foreign doc/credentials/srp/Makefile +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + @case '$?' in \ + *config.status*) \ + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ + *) \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \ + esac; + +$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + +$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): + +mostlyclean-libtool: + -rm -f *.lo + +clean-libtool: + -rm -rf .libs _libs +tags TAGS: + +ctags CTAGS: + +cscope cscopelist: + + +distdir: $(BUILT_SOURCES) + $(MAKE) $(AM_MAKEFLAGS) distdir-am + +distdir-am: $(DISTFILES) + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ + dist_files=`for file in $$list; do echo $$file; done | \ + sed -e "s|^$$srcdirstrip/||;t" \ + -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ + case $$dist_files in \ + */*) $(MKDIR_P) `echo "$$dist_files" | \ + sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ + sort -u` ;; \ + esac; \ + for file in $$dist_files; do \ + if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ + if test -d $$d/$$file; then \ + dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ + else \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ + || exit 1; \ + fi; \ + done +check-am: all-am +check: check-am +all-am: Makefile +installdirs: +install: install-am +install-exec: install-exec-am +install-data: install-data-am +uninstall: uninstall-am + +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am + +installcheck: installcheck-am +install-strip: + if test -z '$(STRIP)'; then \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + install; \ + else \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ + fi +mostlyclean-generic: + +clean-generic: + +distclean-generic: + -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + +maintainer-clean-generic: + @echo "This command is intended for maintainers to use" + @echo "it deletes files that may require special tools to rebuild." +clean: clean-am + +clean-am: clean-generic clean-libtool mostlyclean-am + +distclean: distclean-am + -rm -f Makefile +distclean-am: clean-am distclean-generic + +dvi: dvi-am + +dvi-am: + +html: html-am + +html-am: + +info: info-am + +info-am: + +install-data-am: + +install-dvi: install-dvi-am + +install-dvi-am: + +install-exec-am: + +install-html: install-html-am + +install-html-am: + +install-info: install-info-am + +install-info-am: + +install-man: + +install-pdf: install-pdf-am + +install-pdf-am: + +install-ps: install-ps-am + +install-ps-am: + +installcheck-am: + +maintainer-clean: maintainer-clean-am + -rm -f Makefile +maintainer-clean-am: distclean-am maintainer-clean-generic + +mostlyclean: mostlyclean-am + +mostlyclean-am: mostlyclean-generic mostlyclean-libtool + +pdf: pdf-am + +pdf-am: + +ps: ps-am + +ps-am: + +uninstall-am: + +.MAKE: install-am install-strip + +.PHONY: all all-am check check-am clean clean-generic clean-libtool \ + cscopelist-am ctags-am distclean distclean-generic \ + distclean-libtool distdir dvi dvi-am html html-am info info-am \ + install install-am install-data install-data-am install-dvi \ + install-dvi-am install-exec install-exec-am install-html \ + install-html-am install-info install-info-am install-man \ + install-pdf install-pdf-am install-ps install-ps-am \ + install-strip installcheck installcheck-am installdirs \ + maintainer-clean maintainer-clean-generic mostlyclean \ + mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ + tags-am uninstall uninstall-am + +.PRECIOUS: Makefile + + +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff --git a/doc/credentials/srp/tpasswd b/doc/credentials/srp/tpasswd new file mode 100644 index 0000000..1def9c1 --- /dev/null +++ b/doc/credentials/srp/tpasswd @@ -0,0 +1,3 @@ +test:CsrY0PxYlYCAa8UuWUrcjpqBvG6ImlAdGwEUh3tN2DSDBbMWTvnUl7A8Hw7l0zFHwyLH5rh0llrmu/v.Df2FjDEGy0s0rYR5ARE2XlXPl66xhevHj5vitD0Qvq/J0x1v0zMWJSgq/Ah2MoOrw9aBEsQUgf9MddiHQKjE3Vetoq3:3h3cfS0WrBgPUsldDASSK0:1 +test2:1J14yVX4iBa97cySs2/SduwnSbHxiz7WieE761psJQDxkc5flpumEwXbAgK5PrSZ0aZ6q7zyrAN1apJR1QQPAdyScJ6Jw4zjDP7AnezUVGbUNMJXhsI0NPwSc0c/415XfrnM1139yjWCr1qkcYMoN4bALppMMLB8glJkxy7t.3cmH9MkRRAjXXdUgAvHw2ZFLmB/8TlZDhnDS78xCSgLQs.oubZEEIgOWl7BT2.aW76fW3yKWdVrrHQDYPtR4hKx:11rUG9wSMLHe2Cu2p7dmFY:2 +test3:LVJZDDuElMHuRt5/fcx64AhJ4erhFvbIhv/XCtD0tJI3OC6yEBzthZ1FSqblri9qtsvboPApbFHwP9WEluGtCOuzOON4LS8sSeQDBO.PaqjTnsmXKPYMKa.SuLXFuRTtdiFRwX2ZRy3GIWoCvxJtPDWCEYGBWfnjjGEYmQWvo534JVtVDyMaFItYlMTOtBSgsg488oJ5hIAU6jVyIQZGPVv8OHsPCpEt2UlTixzI9nAgQ0WL5ShKaAq0dksF/AY7UMKm0oHbtZeqAx6YcBzLbBhNvcEqYzH95ONpr.cUh91iRhVzdVscsFweSCtWsQrVT4zmSRwdsljeFQPqFbdeK:iWkELSVg3JxmyEq.XbjAW:3 diff --git a/doc/credentials/srp/tpasswd.conf b/doc/credentials/srp/tpasswd.conf new file mode 100644 index 0000000..67825ce --- /dev/null +++ b/doc/credentials/srp/tpasswd.conf @@ -0,0 +1,3 @@ +1:Ewl2hcjiutMd3Fu2lgFnUXWSc67TVyy2vwYCKoS9MLsrdJVT9RgWTCuEqWJrfB6uE3LsE9GkOlaZabS7M29sj5TnzUqOLJMjiwEzArfiLr9WbMRANlF68N5AVLcPWvNx6Zjl3m5Scp0BzJBz9TkgfhzKJZ.WtP3Mv/67I/0wmRZ:2 +2:dUyyhxav9tgnyIg65wHxkzkb7VIPh4o0lkwfOKiPp4rVJrzLRYVBtb76gKlaO7ef5LYGEw3G.4E0jbMxcYBetDy2YdpiP/3GWJInoBbvYHIRO9uBuxgsFKTKWu7RnR7yTau/IrFTdQ4LY/q.AvoCzMxV0PKvD9Odso/LFIItn8PbTov3VMn/ZEH2SqhtpBUkWtmcIkEflhX/YY/fkBKfBbe27/zUaKUUZEUYZ2H2nlCL60.JIPeZJSzsu/xHDVcx:2 +3:2iQzj1CagQc/5ctbuJYLWlhtAsPHc7xWVyCPAKFRLWKADpASkqe9djWPFWTNTdeJtL8nAhImCn3Sr/IAdQ1FrGw0WvQUstPx3FO9KNcXOwisOQ1VlL.gheAHYfbYyBaxXL.NcJx9TUwgWDT0hRzFzqSrdGGTN3FgSTA1v4QnHtEygNj3eZ.u0MThqWUaDiP87nqha7XnT66bkTCkQ8.7T8L4KZjIImrNrUftedTTBi.WCi.zlrBxDuOM0da0JbUkQlXqvp0yvJAPpC11nxmmZOAbQOywZGmu9nhZNuwTlxjfIro0FOdthaDTuZRL9VL7MRPUDo/DQEyW.d4H.UIlzp:2 diff --git a/doc/credentials/x509/Makefile.am b/doc/credentials/x509/Makefile.am new file mode 100644 index 0000000..c12f80a --- /dev/null +++ b/doc/credentials/x509/Makefile.am @@ -0,0 +1,5 @@ +EXTRA_DIST = ca-key.pem ca.pem cert-rsa.pem key-rsa.pem clikey.pem clicert.pem \ + clicert-dsa.pem clikey-dsa.pem cert-dsa.pem key-dsa.pem cert-ecc.pem key-ecc.pem \ + cert-ecc-sign.pem key-rsa-pss.pem cert-rsa-pss.pem example.com-cert.pem \ + example.com-key.pem \ + key-gost01.pem cert-gost01.pem key-gost12.pem cert-gost12.pem diff --git a/doc/credentials/x509/Makefile.in b/doc/credentials/x509/Makefile.in new file mode 100644 index 0000000..ede95b4 --- /dev/null +++ b/doc/credentials/x509/Makefile.in @@ -0,0 +1,1553 @@ +# Makefile.in generated by automake 1.16.1 from Makefile.am. +# @configure_input@ + +# Copyright (C) 1994-2018 Free Software Foundation, Inc. + +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +@SET_MAKE@ +VPATH = @srcdir@ +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} +am__make_running_with_option = \ + case $${target_option-} in \ + ?) ;; \ + *) echo "am__make_running_with_option: internal error: invalid" \ + "target option '$${target_option-}' specified" >&2; \ + exit 1;; \ + esac; \ + has_opt=no; \ + sane_makeflags=$$MAKEFLAGS; \ + if $(am__is_gnu_make); then \ + sane_makeflags=$$MFLAGS; \ + else \ + case $$MAKEFLAGS in \ + *\\[\ \ ]*) \ + bs=\\; \ + sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ + | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ + esac; \ + fi; \ + skip_next=no; \ + strip_trailopt () \ + { \ + flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ + }; \ + for flg in $$sane_makeflags; do \ + test $$skip_next = yes && { skip_next=no; continue; }; \ + case $$flg in \ + *=*|--*) continue;; \ + -*I) strip_trailopt 'I'; skip_next=yes;; \ + -*I?*) strip_trailopt 'I';; \ + -*O) strip_trailopt 'O'; skip_next=yes;; \ + -*O?*) strip_trailopt 'O';; \ + -*l) strip_trailopt 'l'; skip_next=yes;; \ + -*l?*) strip_trailopt 'l';; \ + -[dEDm]) skip_next=yes;; \ + -[JT]) skip_next=yes;; \ + esac; \ + case $$flg in \ + *$$target_option*) has_opt=yes; break;; \ + esac; \ + done; \ + test $$has_opt = yes +am__make_dryrun = (target_option=n; $(am__make_running_with_option)) +am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) +pkgdatadir = $(datadir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ +am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd +install_sh_DATA = $(install_sh) -c -m 644 +install_sh_PROGRAM = $(install_sh) -c +install_sh_SCRIPT = $(install_sh) -c +INSTALL_HEADER = $(INSTALL_DATA) +transform = $(program_transform_name) +NORMAL_INSTALL = : +PRE_INSTALL = : +POST_INSTALL = : +NORMAL_UNINSTALL = : +PRE_UNINSTALL = : +POST_UNINSTALL = : +build_triplet = @build@ +host_triplet = @host@ +subdir = doc/credentials/x509 +ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 +am__aclocal_m4_deps = $(top_srcdir)/lib/unistring/m4/gnulib-comp.m4 \ + $(top_srcdir)/lib/unistring/m4/inline.m4 \ + $(top_srcdir)/lib/unistring/m4/libunistring-base.m4 \ + $(top_srcdir)/src/gl/m4/__inline.m4 \ + $(top_srcdir)/src/gl/m4/bison.m4 \ + $(top_srcdir)/src/gl/m4/clock_time.m4 \ + $(top_srcdir)/src/gl/m4/fseek.m4 \ + $(top_srcdir)/src/gl/m4/getaddrinfo.m4 \ + $(top_srcdir)/src/gl/m4/getpass.m4 \ + $(top_srcdir)/src/gl/m4/gettime.m4 \ + $(top_srcdir)/src/gl/m4/gnulib-comp.m4 \ + $(top_srcdir)/src/gl/m4/hostent.m4 \ + $(top_srcdir)/src/gl/m4/mktime.m4 \ + $(top_srcdir)/src/gl/m4/nstrftime.m4 \ + $(top_srcdir)/src/gl/m4/parse-datetime.m4 \ + $(top_srcdir)/src/gl/m4/servent.m4 \ + $(top_srcdir)/src/gl/m4/time_rz.m4 \ + $(top_srcdir)/src/gl/m4/timegm.m4 \ + $(top_srcdir)/src/gl/m4/timespec.m4 \ + $(top_srcdir)/src/gl/m4/tm_gmtoff.m4 \ + $(top_srcdir)/src/gl/m4/tzset.m4 \ + $(top_srcdir)/src/libopts/m4/libopts.m4 \ + $(top_srcdir)/src/libopts/m4/stdnoreturn.m4 \ + $(top_srcdir)/m4/00gnulib.m4 \ + $(top_srcdir)/m4/absolute-header.m4 $(top_srcdir)/m4/alloca.m4 \ + $(top_srcdir)/m4/arpa_inet_h.m4 \ + $(top_srcdir)/m4/ax_ac_append_to_file.m4 \ + $(top_srcdir)/m4/ax_ac_print_to_file.m4 \ + $(top_srcdir)/m4/ax_add_am_macro_static.m4 \ + $(top_srcdir)/m4/ax_am_macros_static.m4 \ + $(top_srcdir)/m4/ax_check_gnu_make.m4 \ + $(top_srcdir)/m4/ax_code_coverage.m4 \ + $(top_srcdir)/m4/ax_file_escapes.m4 \ + $(top_srcdir)/m4/builtin-expect.m4 \ + $(top_srcdir)/m4/byteswap.m4 $(top_srcdir)/m4/close.m4 \ + $(top_srcdir)/m4/codeset.m4 $(top_srcdir)/m4/ctype.m4 \ + $(top_srcdir)/m4/dup2.m4 $(top_srcdir)/m4/eealloc.m4 \ + $(top_srcdir)/m4/environ.m4 $(top_srcdir)/m4/errno_h.m4 \ + $(top_srcdir)/m4/exponentd.m4 $(top_srcdir)/m4/extensions.m4 \ + $(top_srcdir)/m4/extern-inline.m4 $(top_srcdir)/m4/fcntl-o.m4 \ + $(top_srcdir)/m4/fcntl.m4 $(top_srcdir)/m4/fcntl_h.m4 \ + $(top_srcdir)/m4/fdopen.m4 $(top_srcdir)/m4/flexmember.m4 \ + $(top_srcdir)/m4/float_h.m4 $(top_srcdir)/m4/fpieee.m4 \ + $(top_srcdir)/m4/fseeko.m4 $(top_srcdir)/m4/fstat.m4 \ + $(top_srcdir)/m4/ftell.m4 $(top_srcdir)/m4/ftello.m4 \ + $(top_srcdir)/m4/ftruncate.m4 $(top_srcdir)/m4/func.m4 \ + $(top_srcdir)/m4/getcwd.m4 $(top_srcdir)/m4/getdelim.m4 \ + $(top_srcdir)/m4/getdtablesize.m4 $(top_srcdir)/m4/getline.m4 \ + $(top_srcdir)/m4/getpagesize.m4 $(top_srcdir)/m4/gettext.m4 \ + $(top_srcdir)/m4/gettimeofday.m4 \ + $(top_srcdir)/m4/gnulib-common.m4 \ + $(top_srcdir)/m4/gnulib-comp.m4 $(top_srcdir)/m4/gtk-doc.m4 \ + $(top_srcdir)/m4/guile.m4 $(top_srcdir)/m4/hooks.m4 \ + $(top_srcdir)/m4/host-cpu-c-abi.m4 $(top_srcdir)/m4/iconv.m4 \ + $(top_srcdir)/m4/include_next.m4 $(top_srcdir)/m4/inet_ntop.m4 \ + $(top_srcdir)/m4/inet_pton.m4 \ + $(top_srcdir)/m4/intl-thread-locale.m4 \ + $(top_srcdir)/m4/intlmacosx.m4 $(top_srcdir)/m4/intmax_t.m4 \ + $(top_srcdir)/m4/inttypes-pri.m4 $(top_srcdir)/m4/inttypes.m4 \ + $(top_srcdir)/m4/inttypes_h.m4 $(top_srcdir)/m4/ioctl.m4 \ + $(top_srcdir)/m4/isblank.m4 $(top_srcdir)/m4/langinfo_h.m4 \ + $(top_srcdir)/m4/largefile.m4 $(top_srcdir)/m4/lcmessage.m4 \ + $(top_srcdir)/m4/ld-output-def.m4 \ + $(top_srcdir)/m4/ld-version-script.m4 \ + $(top_srcdir)/m4/lib-ld.m4 $(top_srcdir)/m4/lib-link.m4 \ + $(top_srcdir)/m4/lib-prefix.m4 $(top_srcdir)/m4/libtool.m4 \ + $(top_srcdir)/m4/limits-h.m4 $(top_srcdir)/m4/locale-fr.m4 \ + $(top_srcdir)/m4/locale-ja.m4 $(top_srcdir)/m4/locale-tr.m4 \ + $(top_srcdir)/m4/locale-zh.m4 $(top_srcdir)/m4/locale_h.m4 \ + $(top_srcdir)/m4/localename.m4 \ + $(top_srcdir)/m4/localtime-buffer.m4 $(top_srcdir)/m4/lock.m4 \ + $(top_srcdir)/m4/longlong.m4 $(top_srcdir)/m4/lseek.m4 \ + $(top_srcdir)/m4/lstat.m4 $(top_srcdir)/m4/ltoptions.m4 \ + $(top_srcdir)/m4/ltsugar.m4 $(top_srcdir)/m4/ltversion.m4 \ + $(top_srcdir)/m4/lt~obsolete.m4 $(top_srcdir)/m4/malloc.m4 \ + $(top_srcdir)/m4/malloca.m4 $(top_srcdir)/m4/manywarnings.m4 \ + $(top_srcdir)/m4/memchr.m4 $(top_srcdir)/m4/memmem.m4 \ + $(top_srcdir)/m4/minmax.m4 $(top_srcdir)/m4/mmap-anon.m4 \ + $(top_srcdir)/m4/mode_t.m4 $(top_srcdir)/m4/msvc-inval.m4 \ + $(top_srcdir)/m4/msvc-nothrow.m4 $(top_srcdir)/m4/multiarch.m4 \ + $(top_srcdir)/m4/nanosleep.m4 $(top_srcdir)/m4/netdb_h.m4 \ + $(top_srcdir)/m4/netinet_in_h.m4 $(top_srcdir)/m4/nls.m4 \ + $(top_srcdir)/m4/off_t.m4 $(top_srcdir)/m4/open-cloexec.m4 \ + $(top_srcdir)/m4/open.m4 $(top_srcdir)/m4/pathmax.m4 \ + $(top_srcdir)/m4/perror.m4 $(top_srcdir)/m4/pipe.m4 \ + $(top_srcdir)/m4/pkg.m4 $(top_srcdir)/m4/po.m4 \ + $(top_srcdir)/m4/printf.m4 $(top_srcdir)/m4/progtest.m4 \ + $(top_srcdir)/m4/pthread_rwlock_rdlock.m4 \ + $(top_srcdir)/m4/putenv.m4 $(top_srcdir)/m4/raise.m4 \ + $(top_srcdir)/m4/read-file.m4 $(top_srcdir)/m4/realloc.m4 \ + $(top_srcdir)/m4/secure_getenv.m4 $(top_srcdir)/m4/select.m4 \ + $(top_srcdir)/m4/setenv.m4 $(top_srcdir)/m4/setlocale.m4 \ + $(top_srcdir)/m4/sigaction.m4 $(top_srcdir)/m4/signal_h.m4 \ + $(top_srcdir)/m4/signalblocking.m4 \ + $(top_srcdir)/m4/size_max.m4 $(top_srcdir)/m4/sleep.m4 \ + $(top_srcdir)/m4/snprintf.m4 $(top_srcdir)/m4/socketlib.m4 \ + $(top_srcdir)/m4/sockets.m4 $(top_srcdir)/m4/socklen.m4 \ + $(top_srcdir)/m4/sockpfaf.m4 $(top_srcdir)/m4/ssize_t.m4 \ + $(top_srcdir)/m4/stat-time.m4 $(top_srcdir)/m4/stat.m4 \ + $(top_srcdir)/m4/stdalign.m4 $(top_srcdir)/m4/stdbool.m4 \ + $(top_srcdir)/m4/stddef_h.m4 $(top_srcdir)/m4/stdint.m4 \ + $(top_srcdir)/m4/stdint_h.m4 $(top_srcdir)/m4/stdio_h.m4 \ + $(top_srcdir)/m4/stdlib_h.m4 $(top_srcdir)/m4/strcase.m4 \ + $(top_srcdir)/m4/strdup.m4 $(top_srcdir)/m4/strerror.m4 \ + $(top_srcdir)/m4/strerror_r.m4 $(top_srcdir)/m4/string_h.m4 \ + $(top_srcdir)/m4/strings_h.m4 $(top_srcdir)/m4/strndup.m4 \ + $(top_srcdir)/m4/strnlen.m4 $(top_srcdir)/m4/strtok_r.m4 \ + $(top_srcdir)/m4/strverscmp.m4 $(top_srcdir)/m4/symlink.m4 \ + $(top_srcdir)/m4/sys_ioctl_h.m4 \ + $(top_srcdir)/m4/sys_select_h.m4 \ + $(top_srcdir)/m4/sys_socket_h.m4 \ + $(top_srcdir)/m4/sys_stat_h.m4 $(top_srcdir)/m4/sys_time_h.m4 \ + $(top_srcdir)/m4/sys_types_h.m4 $(top_srcdir)/m4/sys_uio_h.m4 \ + $(top_srcdir)/m4/threadlib.m4 $(top_srcdir)/m4/time_h.m4 \ + $(top_srcdir)/m4/time_r.m4 $(top_srcdir)/m4/ungetc.m4 \ + $(top_srcdir)/m4/unistd_h.m4 \ + $(top_srcdir)/m4/valgrind-tests.m4 \ + $(top_srcdir)/m4/vasnprintf.m4 $(top_srcdir)/m4/vasprintf.m4 \ + $(top_srcdir)/m4/vsnprintf.m4 $(top_srcdir)/m4/warn-on-use.m4 \ + $(top_srcdir)/m4/warnings.m4 $(top_srcdir)/m4/wchar_h.m4 \ + $(top_srcdir)/m4/wchar_t.m4 $(top_srcdir)/m4/wint_t.m4 \ + $(top_srcdir)/m4/xsize.m4 $(top_srcdir)/configure.ac +am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ + $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) +mkinstalldirs = $(install_sh) -d +CONFIG_HEADER = $(top_builddir)/config.h +CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = +AM_V_P = $(am__v_P_@AM_V@) +am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) +am__v_P_0 = false +am__v_P_1 = : +AM_V_GEN = $(am__v_GEN_@AM_V@) +am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) +am__v_GEN_0 = @echo " GEN " $@; +am__v_GEN_1 = +AM_V_at = $(am__v_at_@AM_V@) +am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) +am__v_at_0 = @ +am__v_at_1 = +SOURCES = +DIST_SOURCES = +am__can_run_installinfo = \ + case $$AM_UPDATE_INFO_DIR in \ + n|no|NO) false;; \ + *) (install-info --version) >/dev/null 2>&1;; \ + esac +am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) +am__DIST_COMMON = $(srcdir)/Makefile.in +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) +ACLOCAL = @ACLOCAL@ +ALLOCA = @ALLOCA@ +ALLOCA_H = @ALLOCA_H@ +AMTAR = @AMTAR@ +AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ +APPLE_UNIVERSAL_BUILD = @APPLE_UNIVERSAL_BUILD@ +AR = @AR@ +ARFLAGS = @ARFLAGS@ +AUTOCONF = @AUTOCONF@ +AUTOGEN = @AUTOGEN@ +AUTOHEADER = @AUTOHEADER@ +AUTOMAKE = @AUTOMAKE@ +AWK = @AWK@ +BITSIZEOF_PTRDIFF_T = @BITSIZEOF_PTRDIFF_T@ +BITSIZEOF_SIG_ATOMIC_T = @BITSIZEOF_SIG_ATOMIC_T@ +BITSIZEOF_SIZE_T = @BITSIZEOF_SIZE_T@ +BITSIZEOF_WCHAR_T = @BITSIZEOF_WCHAR_T@ +BITSIZEOF_WINT_T = @BITSIZEOF_WINT_T@ +BYTESWAP_H = @BYTESWAP_H@ +CC = @CC@ +CCAS = @CCAS@ +CCASDEPMODE = @CCASDEPMODE@ +CCASFLAGS = @CCASFLAGS@ +CCDEPMODE = @CCDEPMODE@ +CFLAGS = @CFLAGS@ +CMOCKA_CFLAGS = @CMOCKA_CFLAGS@ +CMOCKA_LIBS = @CMOCKA_LIBS@ +CODE_COVERAGE_CFLAGS = @CODE_COVERAGE_CFLAGS@ +CODE_COVERAGE_CPPFLAGS = @CODE_COVERAGE_CPPFLAGS@ +CODE_COVERAGE_CXXFLAGS = @CODE_COVERAGE_CXXFLAGS@ +CODE_COVERAGE_ENABLED = @CODE_COVERAGE_ENABLED@ +CODE_COVERAGE_LIBS = @CODE_COVERAGE_LIBS@ +CONFIG_INCLUDE = @CONFIG_INCLUDE@ +CPP = @CPP@ +CPPFLAGS = @CPPFLAGS@ +CRYWRAP_PATCHLEVEL = @CRYWRAP_PATCHLEVEL@ +CXX = @CXX@ +CXXCPP = @CXXCPP@ +CXXDEPMODE = @CXXDEPMODE@ +CXXFLAGS = @CXXFLAGS@ +CXX_LT_AGE = @CXX_LT_AGE@ +CXX_LT_CURRENT = @CXX_LT_CURRENT@ +CXX_LT_REVISION = @CXX_LT_REVISION@ +CYGPATH_W = @CYGPATH_W@ +DEFS = @DEFS@ +DEPDIR = @DEPDIR@ +DLLTOOL = @DLLTOOL@ +DLL_SSL_VERSION = @DLL_SSL_VERSION@ +DLL_VERSION = @DLL_VERSION@ +DSYMUTIL = @DSYMUTIL@ +DUMPBIN = @DUMPBIN@ +ECHO_C = @ECHO_C@ +ECHO_N = @ECHO_N@ +ECHO_T = @ECHO_T@ +EGREP = @EGREP@ +EMULTIHOP_HIDDEN = @EMULTIHOP_HIDDEN@ +EMULTIHOP_VALUE = @EMULTIHOP_VALUE@ +ENABLE_PADLOCK = @ENABLE_PADLOCK@ +ENOLINK_HIDDEN = @ENOLINK_HIDDEN@ +ENOLINK_VALUE = @ENOLINK_VALUE@ +EOVERFLOW_HIDDEN = @EOVERFLOW_HIDDEN@ +EOVERFLOW_VALUE = @EOVERFLOW_VALUE@ +ERRNO_H = @ERRNO_H@ +EXEEXT = @EXEEXT@ +FGREP = @FGREP@ +FIPS140_LIBS = @FIPS140_LIBS@ +FLOAT_H = @FLOAT_H@ +GCOV = @GCOV@ +GENHTML = @GENHTML@ +GETADDRINFO_LIB = @GETADDRINFO_LIB@ +GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@ +GMP_CFLAGS = @GMP_CFLAGS@ +GMP_LIBS = @GMP_LIBS@ +GMSGFMT = @GMSGFMT@ +GMSGFMT_015 = @GMSGFMT_015@ +GNULIB_ACCEPT = @GNULIB_ACCEPT@ +GNULIB_ACCEPT4 = @GNULIB_ACCEPT4@ +GNULIB_ATOLL = @GNULIB_ATOLL@ +GNULIB_BIND = @GNULIB_BIND@ +GNULIB_BTOWC = @GNULIB_BTOWC@ +GNULIB_CALLOC_POSIX = @GNULIB_CALLOC_POSIX@ +GNULIB_CANONICALIZE_FILE_NAME = @GNULIB_CANONICALIZE_FILE_NAME@ +GNULIB_CHDIR = @GNULIB_CHDIR@ +GNULIB_CHOWN = @GNULIB_CHOWN@ +GNULIB_CLOSE = @GNULIB_CLOSE@ +GNULIB_CONNECT = @GNULIB_CONNECT@ +GNULIB_CTIME = @GNULIB_CTIME@ +GNULIB_DPRINTF = @GNULIB_DPRINTF@ +GNULIB_DUP = @GNULIB_DUP@ +GNULIB_DUP2 = @GNULIB_DUP2@ +GNULIB_DUP3 = @GNULIB_DUP3@ +GNULIB_DUPLOCALE = @GNULIB_DUPLOCALE@ +GNULIB_ENVIRON = @GNULIB_ENVIRON@ +GNULIB_EUIDACCESS = @GNULIB_EUIDACCESS@ +GNULIB_EXPLICIT_BZERO = @GNULIB_EXPLICIT_BZERO@ +GNULIB_FACCESSAT = @GNULIB_FACCESSAT@ +GNULIB_FCHDIR = @GNULIB_FCHDIR@ +GNULIB_FCHMODAT = @GNULIB_FCHMODAT@ +GNULIB_FCHOWNAT = @GNULIB_FCHOWNAT@ +GNULIB_FCLOSE = @GNULIB_FCLOSE@ +GNULIB_FCNTL = @GNULIB_FCNTL@ +GNULIB_FDATASYNC = @GNULIB_FDATASYNC@ +GNULIB_FDOPEN = @GNULIB_FDOPEN@ +GNULIB_FFLUSH = @GNULIB_FFLUSH@ +GNULIB_FFS = @GNULIB_FFS@ +GNULIB_FFSL = @GNULIB_FFSL@ +GNULIB_FFSLL = @GNULIB_FFSLL@ +GNULIB_FGETC = @GNULIB_FGETC@ +GNULIB_FGETS = @GNULIB_FGETS@ +GNULIB_FOPEN = @GNULIB_FOPEN@ +GNULIB_FPRINTF = @GNULIB_FPRINTF@ +GNULIB_FPRINTF_POSIX = @GNULIB_FPRINTF_POSIX@ +GNULIB_FPURGE = @GNULIB_FPURGE@ +GNULIB_FPUTC = @GNULIB_FPUTC@ +GNULIB_FPUTS = @GNULIB_FPUTS@ +GNULIB_FREAD = @GNULIB_FREAD@ +GNULIB_FREOPEN = @GNULIB_FREOPEN@ +GNULIB_FSCANF = @GNULIB_FSCANF@ +GNULIB_FSEEK = @GNULIB_FSEEK@ +GNULIB_FSEEKO = @GNULIB_FSEEKO@ +GNULIB_FSTAT = @GNULIB_FSTAT@ +GNULIB_FSTATAT = @GNULIB_FSTATAT@ +GNULIB_FSYNC = @GNULIB_FSYNC@ +GNULIB_FTELL = @GNULIB_FTELL@ +GNULIB_FTELLO = @GNULIB_FTELLO@ +GNULIB_FTRUNCATE = @GNULIB_FTRUNCATE@ +GNULIB_FUTIMENS = @GNULIB_FUTIMENS@ +GNULIB_FWRITE = @GNULIB_FWRITE@ +GNULIB_GETADDRINFO = @GNULIB_GETADDRINFO@ +GNULIB_GETC = @GNULIB_GETC@ +GNULIB_GETCHAR = @GNULIB_GETCHAR@ +GNULIB_GETCWD = @GNULIB_GETCWD@ +GNULIB_GETDELIM = @GNULIB_GETDELIM@ +GNULIB_GETDOMAINNAME = @GNULIB_GETDOMAINNAME@ +GNULIB_GETDTABLESIZE = @GNULIB_GETDTABLESIZE@ +GNULIB_GETGROUPS = @GNULIB_GETGROUPS@ +GNULIB_GETHOSTNAME = @GNULIB_GETHOSTNAME@ +GNULIB_GETLINE = @GNULIB_GETLINE@ +GNULIB_GETLOADAVG = @GNULIB_GETLOADAVG@ +GNULIB_GETLOGIN = @GNULIB_GETLOGIN@ +GNULIB_GETLOGIN_R = @GNULIB_GETLOGIN_R@ +GNULIB_GETPAGESIZE = @GNULIB_GETPAGESIZE@ +GNULIB_GETPASS = @GNULIB_GETPASS@ +GNULIB_GETPEERNAME = @GNULIB_GETPEERNAME@ +GNULIB_GETSOCKNAME = @GNULIB_GETSOCKNAME@ +GNULIB_GETSOCKOPT = @GNULIB_GETSOCKOPT@ +GNULIB_GETSUBOPT = @GNULIB_GETSUBOPT@ +GNULIB_GETTIMEOFDAY = @GNULIB_GETTIMEOFDAY@ +GNULIB_GETUSERSHELL = @GNULIB_GETUSERSHELL@ +GNULIB_GRANTPT = @GNULIB_GRANTPT@ +GNULIB_GROUP_MEMBER = @GNULIB_GROUP_MEMBER@ +GNULIB_IMAXABS = @GNULIB_IMAXABS@ +GNULIB_IMAXDIV = @GNULIB_IMAXDIV@ +GNULIB_INET_NTOP = @GNULIB_INET_NTOP@ +GNULIB_INET_PTON = @GNULIB_INET_PTON@ +GNULIB_IOCTL = @GNULIB_IOCTL@ +GNULIB_ISATTY = @GNULIB_ISATTY@ +GNULIB_ISBLANK = @GNULIB_ISBLANK@ +GNULIB_LCHMOD = @GNULIB_LCHMOD@ +GNULIB_LCHOWN = @GNULIB_LCHOWN@ +GNULIB_LINK = @GNULIB_LINK@ +GNULIB_LINKAT = @GNULIB_LINKAT@ +GNULIB_LISTEN = @GNULIB_LISTEN@ +GNULIB_LOCALECONV = @GNULIB_LOCALECONV@ +GNULIB_LOCALENAME = @GNULIB_LOCALENAME@ +GNULIB_LOCALTIME = @GNULIB_LOCALTIME@ +GNULIB_LSEEK = @GNULIB_LSEEK@ +GNULIB_LSTAT = @GNULIB_LSTAT@ +GNULIB_MALLOC_POSIX = @GNULIB_MALLOC_POSIX@ +GNULIB_MBRLEN = @GNULIB_MBRLEN@ +GNULIB_MBRTOWC = @GNULIB_MBRTOWC@ +GNULIB_MBSCASECMP = @GNULIB_MBSCASECMP@ +GNULIB_MBSCASESTR = @GNULIB_MBSCASESTR@ +GNULIB_MBSCHR = @GNULIB_MBSCHR@ +GNULIB_MBSCSPN = @GNULIB_MBSCSPN@ +GNULIB_MBSINIT = @GNULIB_MBSINIT@ +GNULIB_MBSLEN = @GNULIB_MBSLEN@ +GNULIB_MBSNCASECMP = @GNULIB_MBSNCASECMP@ +GNULIB_MBSNLEN = @GNULIB_MBSNLEN@ +GNULIB_MBSNRTOWCS = @GNULIB_MBSNRTOWCS@ +GNULIB_MBSPBRK = @GNULIB_MBSPBRK@ +GNULIB_MBSPCASECMP = @GNULIB_MBSPCASECMP@ +GNULIB_MBSRCHR = @GNULIB_MBSRCHR@ +GNULIB_MBSRTOWCS = @GNULIB_MBSRTOWCS@ +GNULIB_MBSSEP = @GNULIB_MBSSEP@ +GNULIB_MBSSPN = @GNULIB_MBSSPN@ +GNULIB_MBSSTR = @GNULIB_MBSSTR@ +GNULIB_MBSTOK_R = @GNULIB_MBSTOK_R@ +GNULIB_MBTOWC = @GNULIB_MBTOWC@ +GNULIB_MEMCHR = @GNULIB_MEMCHR@ +GNULIB_MEMMEM = @GNULIB_MEMMEM@ +GNULIB_MEMPCPY = @GNULIB_MEMPCPY@ +GNULIB_MEMRCHR = @GNULIB_MEMRCHR@ +GNULIB_MKDIRAT = @GNULIB_MKDIRAT@ +GNULIB_MKDTEMP = @GNULIB_MKDTEMP@ +GNULIB_MKFIFO = @GNULIB_MKFIFO@ +GNULIB_MKFIFOAT = @GNULIB_MKFIFOAT@ +GNULIB_MKNOD = @GNULIB_MKNOD@ +GNULIB_MKNODAT = @GNULIB_MKNODAT@ +GNULIB_MKOSTEMP = @GNULIB_MKOSTEMP@ +GNULIB_MKOSTEMPS = @GNULIB_MKOSTEMPS@ +GNULIB_MKSTEMP = @GNULIB_MKSTEMP@ +GNULIB_MKSTEMPS = @GNULIB_MKSTEMPS@ +GNULIB_MKTIME = @GNULIB_MKTIME@ +GNULIB_NANOSLEEP = @GNULIB_NANOSLEEP@ +GNULIB_NL_LANGINFO = @GNULIB_NL_LANGINFO@ +GNULIB_NONBLOCKING = @GNULIB_NONBLOCKING@ +GNULIB_OBSTACK_PRINTF = @GNULIB_OBSTACK_PRINTF@ +GNULIB_OBSTACK_PRINTF_POSIX = @GNULIB_OBSTACK_PRINTF_POSIX@ +GNULIB_OPEN = @GNULIB_OPEN@ +GNULIB_OPENAT = @GNULIB_OPENAT@ +GNULIB_OVERRIDES_STRUCT_STAT = @GNULIB_OVERRIDES_STRUCT_STAT@ +GNULIB_OVERRIDES_WINT_T = @GNULIB_OVERRIDES_WINT_T@ +GNULIB_PCLOSE = @GNULIB_PCLOSE@ +GNULIB_PERROR = @GNULIB_PERROR@ +GNULIB_PIPE = @GNULIB_PIPE@ +GNULIB_PIPE2 = @GNULIB_PIPE2@ +GNULIB_POPEN = @GNULIB_POPEN@ +GNULIB_POSIX_OPENPT = @GNULIB_POSIX_OPENPT@ +GNULIB_PREAD = @GNULIB_PREAD@ +GNULIB_PRINTF = @GNULIB_PRINTF@ +GNULIB_PRINTF_POSIX = @GNULIB_PRINTF_POSIX@ +GNULIB_PSELECT = @GNULIB_PSELECT@ +GNULIB_PTHREAD_SIGMASK = @GNULIB_PTHREAD_SIGMASK@ +GNULIB_PTSNAME = @GNULIB_PTSNAME@ +GNULIB_PTSNAME_R = @GNULIB_PTSNAME_R@ +GNULIB_PUTC = @GNULIB_PUTC@ +GNULIB_PUTCHAR = @GNULIB_PUTCHAR@ +GNULIB_PUTENV = @GNULIB_PUTENV@ +GNULIB_PUTS = @GNULIB_PUTS@ +GNULIB_PWRITE = @GNULIB_PWRITE@ +GNULIB_QSORT_R = @GNULIB_QSORT_R@ +GNULIB_RAISE = @GNULIB_RAISE@ +GNULIB_RANDOM = @GNULIB_RANDOM@ +GNULIB_RANDOM_R = @GNULIB_RANDOM_R@ +GNULIB_RAWMEMCHR = @GNULIB_RAWMEMCHR@ +GNULIB_READ = @GNULIB_READ@ +GNULIB_READLINK = @GNULIB_READLINK@ +GNULIB_READLINKAT = @GNULIB_READLINKAT@ +GNULIB_REALLOCARRAY = @GNULIB_REALLOCARRAY@ +GNULIB_REALLOC_POSIX = @GNULIB_REALLOC_POSIX@ +GNULIB_REALPATH = @GNULIB_REALPATH@ +GNULIB_RECV = @GNULIB_RECV@ +GNULIB_RECVFROM = @GNULIB_RECVFROM@ +GNULIB_REMOVE = @GNULIB_REMOVE@ +GNULIB_RENAME = @GNULIB_RENAME@ +GNULIB_RENAMEAT = @GNULIB_RENAMEAT@ +GNULIB_RMDIR = @GNULIB_RMDIR@ +GNULIB_RPMATCH = @GNULIB_RPMATCH@ +GNULIB_SCANF = @GNULIB_SCANF@ +GNULIB_SECURE_GETENV = @GNULIB_SECURE_GETENV@ +GNULIB_SELECT = @GNULIB_SELECT@ +GNULIB_SEND = @GNULIB_SEND@ +GNULIB_SENDTO = @GNULIB_SENDTO@ +GNULIB_SETENV = @GNULIB_SETENV@ +GNULIB_SETHOSTNAME = @GNULIB_SETHOSTNAME@ +GNULIB_SETLOCALE = @GNULIB_SETLOCALE@ +GNULIB_SETSOCKOPT = @GNULIB_SETSOCKOPT@ +GNULIB_SHUTDOWN = @GNULIB_SHUTDOWN@ +GNULIB_SIGACTION = @GNULIB_SIGACTION@ +GNULIB_SIGNAL_H_SIGPIPE = @GNULIB_SIGNAL_H_SIGPIPE@ +GNULIB_SIGPROCMASK = @GNULIB_SIGPROCMASK@ +GNULIB_SLEEP = @GNULIB_SLEEP@ +GNULIB_SNPRINTF = @GNULIB_SNPRINTF@ +GNULIB_SOCKET = @GNULIB_SOCKET@ +GNULIB_SPRINTF_POSIX = @GNULIB_SPRINTF_POSIX@ +GNULIB_STAT = @GNULIB_STAT@ +GNULIB_STDIO_H_NONBLOCKING = @GNULIB_STDIO_H_NONBLOCKING@ +GNULIB_STDIO_H_SIGPIPE = @GNULIB_STDIO_H_SIGPIPE@ +GNULIB_STPCPY = @GNULIB_STPCPY@ +GNULIB_STPNCPY = @GNULIB_STPNCPY@ +GNULIB_STRCASESTR = @GNULIB_STRCASESTR@ +GNULIB_STRCHRNUL = @GNULIB_STRCHRNUL@ +GNULIB_STRDUP = @GNULIB_STRDUP@ +GNULIB_STRERROR = @GNULIB_STRERROR@ +GNULIB_STRERROR_R = @GNULIB_STRERROR_R@ +GNULIB_STRFTIME = @GNULIB_STRFTIME@ +GNULIB_STRNCAT = @GNULIB_STRNCAT@ +GNULIB_STRNDUP = @GNULIB_STRNDUP@ +GNULIB_STRNLEN = @GNULIB_STRNLEN@ +GNULIB_STRPBRK = @GNULIB_STRPBRK@ +GNULIB_STRPTIME = @GNULIB_STRPTIME@ +GNULIB_STRSEP = @GNULIB_STRSEP@ +GNULIB_STRSIGNAL = @GNULIB_STRSIGNAL@ +GNULIB_STRSTR = @GNULIB_STRSTR@ +GNULIB_STRTOD = @GNULIB_STRTOD@ +GNULIB_STRTOIMAX = @GNULIB_STRTOIMAX@ +GNULIB_STRTOK_R = @GNULIB_STRTOK_R@ +GNULIB_STRTOLD = @GNULIB_STRTOLD@ +GNULIB_STRTOLL = @GNULIB_STRTOLL@ +GNULIB_STRTOULL = @GNULIB_STRTOULL@ +GNULIB_STRTOUMAX = @GNULIB_STRTOUMAX@ +GNULIB_STRVERSCMP = @GNULIB_STRVERSCMP@ +GNULIB_SYMLINK = @GNULIB_SYMLINK@ +GNULIB_SYMLINKAT = @GNULIB_SYMLINKAT@ +GNULIB_SYSTEM_POSIX = @GNULIB_SYSTEM_POSIX@ +GNULIB_TIMEGM = @GNULIB_TIMEGM@ +GNULIB_TIME_R = @GNULIB_TIME_R@ +GNULIB_TIME_RZ = @GNULIB_TIME_RZ@ +GNULIB_TMPFILE = @GNULIB_TMPFILE@ +GNULIB_TRUNCATE = @GNULIB_TRUNCATE@ +GNULIB_TTYNAME_R = @GNULIB_TTYNAME_R@ +GNULIB_TZSET = @GNULIB_TZSET@ +GNULIB_UNISTD_H_NONBLOCKING = @GNULIB_UNISTD_H_NONBLOCKING@ +GNULIB_UNISTD_H_SIGPIPE = @GNULIB_UNISTD_H_SIGPIPE@ +GNULIB_UNLINK = @GNULIB_UNLINK@ +GNULIB_UNLINKAT = @GNULIB_UNLINKAT@ +GNULIB_UNLOCKPT = @GNULIB_UNLOCKPT@ +GNULIB_UNSETENV = @GNULIB_UNSETENV@ +GNULIB_USLEEP = @GNULIB_USLEEP@ +GNULIB_UTIMENSAT = @GNULIB_UTIMENSAT@ +GNULIB_VASPRINTF = @GNULIB_VASPRINTF@ +GNULIB_VDPRINTF = @GNULIB_VDPRINTF@ +GNULIB_VFPRINTF = @GNULIB_VFPRINTF@ +GNULIB_VFPRINTF_POSIX = @GNULIB_VFPRINTF_POSIX@ +GNULIB_VFSCANF = @GNULIB_VFSCANF@ +GNULIB_VPRINTF = @GNULIB_VPRINTF@ +GNULIB_VPRINTF_POSIX = @GNULIB_VPRINTF_POSIX@ +GNULIB_VSCANF = @GNULIB_VSCANF@ +GNULIB_VSNPRINTF = @GNULIB_VSNPRINTF@ +GNULIB_VSPRINTF_POSIX = @GNULIB_VSPRINTF_POSIX@ +GNULIB_WCPCPY = @GNULIB_WCPCPY@ +GNULIB_WCPNCPY = @GNULIB_WCPNCPY@ +GNULIB_WCRTOMB = @GNULIB_WCRTOMB@ +GNULIB_WCSCASECMP = @GNULIB_WCSCASECMP@ +GNULIB_WCSCAT = @GNULIB_WCSCAT@ +GNULIB_WCSCHR = @GNULIB_WCSCHR@ +GNULIB_WCSCMP = @GNULIB_WCSCMP@ +GNULIB_WCSCOLL = @GNULIB_WCSCOLL@ +GNULIB_WCSCPY = @GNULIB_WCSCPY@ +GNULIB_WCSCSPN = @GNULIB_WCSCSPN@ +GNULIB_WCSDUP = @GNULIB_WCSDUP@ +GNULIB_WCSFTIME = @GNULIB_WCSFTIME@ +GNULIB_WCSLEN = @GNULIB_WCSLEN@ +GNULIB_WCSNCASECMP = @GNULIB_WCSNCASECMP@ +GNULIB_WCSNCAT = @GNULIB_WCSNCAT@ +GNULIB_WCSNCMP = @GNULIB_WCSNCMP@ +GNULIB_WCSNCPY = @GNULIB_WCSNCPY@ +GNULIB_WCSNLEN = @GNULIB_WCSNLEN@ +GNULIB_WCSNRTOMBS = @GNULIB_WCSNRTOMBS@ +GNULIB_WCSPBRK = @GNULIB_WCSPBRK@ +GNULIB_WCSRCHR = @GNULIB_WCSRCHR@ +GNULIB_WCSRTOMBS = @GNULIB_WCSRTOMBS@ +GNULIB_WCSSPN = @GNULIB_WCSSPN@ +GNULIB_WCSSTR = @GNULIB_WCSSTR@ +GNULIB_WCSTOK = @GNULIB_WCSTOK@ +GNULIB_WCSWIDTH = @GNULIB_WCSWIDTH@ +GNULIB_WCSXFRM = @GNULIB_WCSXFRM@ +GNULIB_WCTOB = @GNULIB_WCTOB@ +GNULIB_WCTOMB = @GNULIB_WCTOMB@ +GNULIB_WCWIDTH = @GNULIB_WCWIDTH@ +GNULIB_WMEMCHR = @GNULIB_WMEMCHR@ +GNULIB_WMEMCMP = @GNULIB_WMEMCMP@ +GNULIB_WMEMCPY = @GNULIB_WMEMCPY@ +GNULIB_WMEMMOVE = @GNULIB_WMEMMOVE@ +GNULIB_WMEMSET = @GNULIB_WMEMSET@ +GNULIB_WRITE = @GNULIB_WRITE@ +GNULIB__EXIT = @GNULIB__EXIT@ +GNUTLS_REQUIRES_PRIVATE = @GNUTLS_REQUIRES_PRIVATE@ +GREP = @GREP@ +GTKDOC_CHECK = @GTKDOC_CHECK@ +GTKDOC_CHECK_PATH = @GTKDOC_CHECK_PATH@ +GTKDOC_DEPS_CFLAGS = @GTKDOC_DEPS_CFLAGS@ +GTKDOC_DEPS_LIBS = @GTKDOC_DEPS_LIBS@ +GTKDOC_MKPDF = @GTKDOC_MKPDF@ +GTKDOC_REBASE = @GTKDOC_REBASE@ +GUILD = @GUILD@ +GUILE = @GUILE@ +GUILE_CFLAGS = @GUILE_CFLAGS@ +GUILE_CONFIG = @GUILE_CONFIG@ +GUILE_EFFECTIVE_VERSION = @GUILE_EFFECTIVE_VERSION@ +GUILE_EXTENSION = @GUILE_EXTENSION@ +GUILE_LDFLAGS = @GUILE_LDFLAGS@ +GUILE_LIBS = @GUILE_LIBS@ +GUILE_LTLIBS = @GUILE_LTLIBS@ +GUILE_SITE = @GUILE_SITE@ +GUILE_SITE_CCACHE = @GUILE_SITE_CCACHE@ +GUILE_TOOLS = @GUILE_TOOLS@ +HAVE_ACCEPT4 = @HAVE_ACCEPT4@ +HAVE_ALLOCA_H = @HAVE_ALLOCA_H@ +HAVE_ARPA_INET_H = @HAVE_ARPA_INET_H@ +HAVE_ATOLL = @HAVE_ATOLL@ +HAVE_BTOWC = @HAVE_BTOWC@ +HAVE_C99_STDINT_H = @HAVE_C99_STDINT_H@ +HAVE_CANONICALIZE_FILE_NAME = @HAVE_CANONICALIZE_FILE_NAME@ +HAVE_CHOWN = @HAVE_CHOWN@ +HAVE_CRTDEFS_H = @HAVE_CRTDEFS_H@ +HAVE_DECL_ENVIRON = @HAVE_DECL_ENVIRON@ +HAVE_DECL_FCHDIR = @HAVE_DECL_FCHDIR@ +HAVE_DECL_FDATASYNC = @HAVE_DECL_FDATASYNC@ +HAVE_DECL_FPURGE = @HAVE_DECL_FPURGE@ +HAVE_DECL_FREEADDRINFO = @HAVE_DECL_FREEADDRINFO@ +HAVE_DECL_FSEEKO = @HAVE_DECL_FSEEKO@ +HAVE_DECL_FTELLO = @HAVE_DECL_FTELLO@ +HAVE_DECL_GAI_STRERROR = @HAVE_DECL_GAI_STRERROR@ +HAVE_DECL_GETADDRINFO = @HAVE_DECL_GETADDRINFO@ +HAVE_DECL_GETDELIM = @HAVE_DECL_GETDELIM@ +HAVE_DECL_GETDOMAINNAME = @HAVE_DECL_GETDOMAINNAME@ +HAVE_DECL_GETLINE = @HAVE_DECL_GETLINE@ +HAVE_DECL_GETLOADAVG = @HAVE_DECL_GETLOADAVG@ +HAVE_DECL_GETLOGIN = @HAVE_DECL_GETLOGIN@ +HAVE_DECL_GETLOGIN_R = @HAVE_DECL_GETLOGIN_R@ +HAVE_DECL_GETNAMEINFO = @HAVE_DECL_GETNAMEINFO@ +HAVE_DECL_GETPAGESIZE = @HAVE_DECL_GETPAGESIZE@ +HAVE_DECL_GETUSERSHELL = @HAVE_DECL_GETUSERSHELL@ +HAVE_DECL_IMAXABS = @HAVE_DECL_IMAXABS@ +HAVE_DECL_IMAXDIV = @HAVE_DECL_IMAXDIV@ +HAVE_DECL_INET_NTOP = @HAVE_DECL_INET_NTOP@ +HAVE_DECL_INET_PTON = @HAVE_DECL_INET_PTON@ +HAVE_DECL_INITSTATE = @HAVE_DECL_INITSTATE@ +HAVE_DECL_LOCALTIME_R = @HAVE_DECL_LOCALTIME_R@ +HAVE_DECL_MEMMEM = @HAVE_DECL_MEMMEM@ +HAVE_DECL_MEMRCHR = @HAVE_DECL_MEMRCHR@ +HAVE_DECL_OBSTACK_PRINTF = @HAVE_DECL_OBSTACK_PRINTF@ +HAVE_DECL_SETENV = @HAVE_DECL_SETENV@ +HAVE_DECL_SETHOSTNAME = @HAVE_DECL_SETHOSTNAME@ +HAVE_DECL_SETSTATE = @HAVE_DECL_SETSTATE@ +HAVE_DECL_SNPRINTF = @HAVE_DECL_SNPRINTF@ +HAVE_DECL_STRDUP = @HAVE_DECL_STRDUP@ +HAVE_DECL_STRERROR_R = @HAVE_DECL_STRERROR_R@ +HAVE_DECL_STRNCASECMP = @HAVE_DECL_STRNCASECMP@ +HAVE_DECL_STRNDUP = @HAVE_DECL_STRNDUP@ +HAVE_DECL_STRNLEN = @HAVE_DECL_STRNLEN@ +HAVE_DECL_STRSIGNAL = @HAVE_DECL_STRSIGNAL@ +HAVE_DECL_STRTOIMAX = @HAVE_DECL_STRTOIMAX@ +HAVE_DECL_STRTOK_R = @HAVE_DECL_STRTOK_R@ +HAVE_DECL_STRTOUMAX = @HAVE_DECL_STRTOUMAX@ +HAVE_DECL_TRUNCATE = @HAVE_DECL_TRUNCATE@ +HAVE_DECL_TTYNAME_R = @HAVE_DECL_TTYNAME_R@ +HAVE_DECL_UNSETENV = @HAVE_DECL_UNSETENV@ +HAVE_DECL_VSNPRINTF = @HAVE_DECL_VSNPRINTF@ +HAVE_DECL_WCTOB = @HAVE_DECL_WCTOB@ +HAVE_DECL_WCWIDTH = @HAVE_DECL_WCWIDTH@ +HAVE_DPRINTF = @HAVE_DPRINTF@ +HAVE_DUP2 = @HAVE_DUP2@ +HAVE_DUP3 = @HAVE_DUP3@ +HAVE_DUPLOCALE = @HAVE_DUPLOCALE@ +HAVE_EUIDACCESS = @HAVE_EUIDACCESS@ +HAVE_EXPLICIT_BZERO = @HAVE_EXPLICIT_BZERO@ +HAVE_FACCESSAT = @HAVE_FACCESSAT@ +HAVE_FCHDIR = @HAVE_FCHDIR@ +HAVE_FCHMODAT = @HAVE_FCHMODAT@ +HAVE_FCHOWNAT = @HAVE_FCHOWNAT@ +HAVE_FCNTL = @HAVE_FCNTL@ +HAVE_FDATASYNC = @HAVE_FDATASYNC@ +HAVE_FEATURES_H = @HAVE_FEATURES_H@ +HAVE_FFS = @HAVE_FFS@ +HAVE_FFSL = @HAVE_FFSL@ +HAVE_FFSLL = @HAVE_FFSLL@ +HAVE_FREELOCALE = @HAVE_FREELOCALE@ +HAVE_FSEEKO = @HAVE_FSEEKO@ +HAVE_FSTATAT = @HAVE_FSTATAT@ +HAVE_FSYNC = @HAVE_FSYNC@ +HAVE_FTELLO = @HAVE_FTELLO@ +HAVE_FTRUNCATE = @HAVE_FTRUNCATE@ +HAVE_FUTIMENS = @HAVE_FUTIMENS@ +HAVE_GETDTABLESIZE = @HAVE_GETDTABLESIZE@ +HAVE_GETGROUPS = @HAVE_GETGROUPS@ +HAVE_GETHOSTNAME = @HAVE_GETHOSTNAME@ +HAVE_GETLOGIN = @HAVE_GETLOGIN@ +HAVE_GETPAGESIZE = @HAVE_GETPAGESIZE@ +HAVE_GETPASS = @HAVE_GETPASS@ +HAVE_GETSUBOPT = @HAVE_GETSUBOPT@ +HAVE_GETTIMEOFDAY = @HAVE_GETTIMEOFDAY@ +HAVE_GRANTPT = @HAVE_GRANTPT@ +HAVE_GROUP_MEMBER = @HAVE_GROUP_MEMBER@ +HAVE_IMAXDIV_T = @HAVE_IMAXDIV_T@ +HAVE_INITSTATE = @HAVE_INITSTATE@ +HAVE_INTTYPES_H = @HAVE_INTTYPES_H@ +HAVE_ISBLANK = @HAVE_ISBLANK@ +HAVE_LANGINFO_ALTMON = @HAVE_LANGINFO_ALTMON@ +HAVE_LANGINFO_CODESET = @HAVE_LANGINFO_CODESET@ +HAVE_LANGINFO_ERA = @HAVE_LANGINFO_ERA@ +HAVE_LANGINFO_H = @HAVE_LANGINFO_H@ +HAVE_LANGINFO_T_FMT_AMPM = @HAVE_LANGINFO_T_FMT_AMPM@ +HAVE_LANGINFO_YESEXPR = @HAVE_LANGINFO_YESEXPR@ +HAVE_LCHMOD = @HAVE_LCHMOD@ +HAVE_LCHOWN = @HAVE_LCHOWN@ +HAVE_LIBCRYPTO = @HAVE_LIBCRYPTO@ +HAVE_LIBDL = @HAVE_LIBDL@ +HAVE_LIBPTHREAD = @HAVE_LIBPTHREAD@ +HAVE_LIBRT = @HAVE_LIBRT@ +HAVE_LIBSECCOMP = @HAVE_LIBSECCOMP@ +HAVE_LINK = @HAVE_LINK@ +HAVE_LINKAT = @HAVE_LINKAT@ +HAVE_LONG_LONG_INT = @HAVE_LONG_LONG_INT@ +HAVE_LSTAT = @HAVE_LSTAT@ +HAVE_MAX_ALIGN_T = @HAVE_MAX_ALIGN_T@ +HAVE_MBRLEN = @HAVE_MBRLEN@ +HAVE_MBRTOWC = @HAVE_MBRTOWC@ +HAVE_MBSINIT = @HAVE_MBSINIT@ +HAVE_MBSLEN = @HAVE_MBSLEN@ +HAVE_MBSNRTOWCS = @HAVE_MBSNRTOWCS@ +HAVE_MBSRTOWCS = @HAVE_MBSRTOWCS@ +HAVE_MBTOWC = @HAVE_MBTOWC@ +HAVE_MEMCHR = @HAVE_MEMCHR@ +HAVE_MEMPCPY = @HAVE_MEMPCPY@ +HAVE_MKDIRAT = @HAVE_MKDIRAT@ +HAVE_MKDTEMP = @HAVE_MKDTEMP@ +HAVE_MKFIFO = @HAVE_MKFIFO@ +HAVE_MKFIFOAT = @HAVE_MKFIFOAT@ +HAVE_MKNOD = @HAVE_MKNOD@ +HAVE_MKNODAT = @HAVE_MKNODAT@ +HAVE_MKOSTEMP = @HAVE_MKOSTEMP@ +HAVE_MKOSTEMPS = @HAVE_MKOSTEMPS@ +HAVE_MKSTEMP = @HAVE_MKSTEMP@ +HAVE_MKSTEMPS = @HAVE_MKSTEMPS@ +HAVE_MSVC_INVALID_PARAMETER_HANDLER = @HAVE_MSVC_INVALID_PARAMETER_HANDLER@ +HAVE_NANOSLEEP = @HAVE_NANOSLEEP@ +HAVE_NETDB_H = @HAVE_NETDB_H@ +HAVE_NETINET_IN_H = @HAVE_NETINET_IN_H@ +HAVE_NEWLOCALE = @HAVE_NEWLOCALE@ +HAVE_NL_LANGINFO = @HAVE_NL_LANGINFO@ +HAVE_OPENAT = @HAVE_OPENAT@ +HAVE_OS_H = @HAVE_OS_H@ +HAVE_PCLOSE = @HAVE_PCLOSE@ +HAVE_PIPE = @HAVE_PIPE@ +HAVE_PIPE2 = @HAVE_PIPE2@ +HAVE_POPEN = @HAVE_POPEN@ +HAVE_POSIX_OPENPT = @HAVE_POSIX_OPENPT@ +HAVE_POSIX_SIGNALBLOCKING = @HAVE_POSIX_SIGNALBLOCKING@ +HAVE_PREAD = @HAVE_PREAD@ +HAVE_PSELECT = @HAVE_PSELECT@ +HAVE_PTHREAD_SIGMASK = @HAVE_PTHREAD_SIGMASK@ +HAVE_PTSNAME = @HAVE_PTSNAME@ +HAVE_PTSNAME_R = @HAVE_PTSNAME_R@ +HAVE_PWRITE = @HAVE_PWRITE@ +HAVE_QSORT_R = @HAVE_QSORT_R@ +HAVE_RAISE = @HAVE_RAISE@ +HAVE_RANDOM = @HAVE_RANDOM@ +HAVE_RANDOM_H = @HAVE_RANDOM_H@ +HAVE_RANDOM_R = @HAVE_RANDOM_R@ +HAVE_RAWMEMCHR = @HAVE_RAWMEMCHR@ +HAVE_READLINK = @HAVE_READLINK@ +HAVE_READLINKAT = @HAVE_READLINKAT@ +HAVE_REALLOCARRAY = @HAVE_REALLOCARRAY@ +HAVE_REALPATH = @HAVE_REALPATH@ +HAVE_RENAMEAT = @HAVE_RENAMEAT@ +HAVE_RPMATCH = @HAVE_RPMATCH@ +HAVE_SA_FAMILY_T = @HAVE_SA_FAMILY_T@ +HAVE_SECURE_GETENV = @HAVE_SECURE_GETENV@ +HAVE_SETENV = @HAVE_SETENV@ +HAVE_SETHOSTNAME = @HAVE_SETHOSTNAME@ +HAVE_SETSTATE = @HAVE_SETSTATE@ +HAVE_SIGACTION = @HAVE_SIGACTION@ +HAVE_SIGHANDLER_T = @HAVE_SIGHANDLER_T@ +HAVE_SIGINFO_T = @HAVE_SIGINFO_T@ +HAVE_SIGNED_SIG_ATOMIC_T = @HAVE_SIGNED_SIG_ATOMIC_T@ +HAVE_SIGNED_WCHAR_T = @HAVE_SIGNED_WCHAR_T@ +HAVE_SIGNED_WINT_T = @HAVE_SIGNED_WINT_T@ +HAVE_SIGSET_T = @HAVE_SIGSET_T@ +HAVE_SLEEP = @HAVE_SLEEP@ +HAVE_STDINT_H = @HAVE_STDINT_H@ +HAVE_STPCPY = @HAVE_STPCPY@ +HAVE_STPNCPY = @HAVE_STPNCPY@ +HAVE_STRCASECMP = @HAVE_STRCASECMP@ +HAVE_STRCASESTR = @HAVE_STRCASESTR@ +HAVE_STRCHRNUL = @HAVE_STRCHRNUL@ +HAVE_STRINGS_H = @HAVE_STRINGS_H@ +HAVE_STRPBRK = @HAVE_STRPBRK@ +HAVE_STRPTIME = @HAVE_STRPTIME@ +HAVE_STRSEP = @HAVE_STRSEP@ +HAVE_STRTOD = @HAVE_STRTOD@ +HAVE_STRTOLD = @HAVE_STRTOLD@ +HAVE_STRTOLL = @HAVE_STRTOLL@ +HAVE_STRTOULL = @HAVE_STRTOULL@ +HAVE_STRUCT_ADDRINFO = @HAVE_STRUCT_ADDRINFO@ +HAVE_STRUCT_RANDOM_DATA = @HAVE_STRUCT_RANDOM_DATA@ +HAVE_STRUCT_SIGACTION_SA_SIGACTION = @HAVE_STRUCT_SIGACTION_SA_SIGACTION@ +HAVE_STRUCT_SOCKADDR_STORAGE = @HAVE_STRUCT_SOCKADDR_STORAGE@ +HAVE_STRUCT_SOCKADDR_STORAGE_SS_FAMILY = @HAVE_STRUCT_SOCKADDR_STORAGE_SS_FAMILY@ +HAVE_STRUCT_TIMEVAL = @HAVE_STRUCT_TIMEVAL@ +HAVE_STRVERSCMP = @HAVE_STRVERSCMP@ +HAVE_SYMLINK = @HAVE_SYMLINK@ +HAVE_SYMLINKAT = @HAVE_SYMLINKAT@ +HAVE_SYS_BITYPES_H = @HAVE_SYS_BITYPES_H@ +HAVE_SYS_INTTYPES_H = @HAVE_SYS_INTTYPES_H@ +HAVE_SYS_IOCTL_H = @HAVE_SYS_IOCTL_H@ +HAVE_SYS_LOADAVG_H = @HAVE_SYS_LOADAVG_H@ +HAVE_SYS_PARAM_H = @HAVE_SYS_PARAM_H@ +HAVE_SYS_SELECT_H = @HAVE_SYS_SELECT_H@ +HAVE_SYS_SOCKET_H = @HAVE_SYS_SOCKET_H@ +HAVE_SYS_TIME_H = @HAVE_SYS_TIME_H@ +HAVE_SYS_TYPES_H = @HAVE_SYS_TYPES_H@ +HAVE_SYS_UIO_H = @HAVE_SYS_UIO_H@ +HAVE_TIMEGM = @HAVE_TIMEGM@ +HAVE_TIMEZONE_T = @HAVE_TIMEZONE_T@ +HAVE_TYPE_VOLATILE_SIG_ATOMIC_T = @HAVE_TYPE_VOLATILE_SIG_ATOMIC_T@ +HAVE_TZSET = @HAVE_TZSET@ +HAVE_UNISTD_H = @HAVE_UNISTD_H@ +HAVE_UNLINKAT = @HAVE_UNLINKAT@ +HAVE_UNLOCKPT = @HAVE_UNLOCKPT@ +HAVE_UNSIGNED_LONG_LONG_INT = @HAVE_UNSIGNED_LONG_LONG_INT@ +HAVE_USLEEP = @HAVE_USLEEP@ +HAVE_UTIMENSAT = @HAVE_UTIMENSAT@ +HAVE_VASPRINTF = @HAVE_VASPRINTF@ +HAVE_VDPRINTF = @HAVE_VDPRINTF@ +HAVE_WCHAR_H = @HAVE_WCHAR_H@ +HAVE_WCHAR_T = @HAVE_WCHAR_T@ +HAVE_WCPCPY = @HAVE_WCPCPY@ +HAVE_WCPNCPY = @HAVE_WCPNCPY@ +HAVE_WCRTOMB = @HAVE_WCRTOMB@ +HAVE_WCSCASECMP = @HAVE_WCSCASECMP@ +HAVE_WCSCAT = @HAVE_WCSCAT@ +HAVE_WCSCHR = @HAVE_WCSCHR@ +HAVE_WCSCMP = @HAVE_WCSCMP@ +HAVE_WCSCOLL = @HAVE_WCSCOLL@ +HAVE_WCSCPY = @HAVE_WCSCPY@ +HAVE_WCSCSPN = @HAVE_WCSCSPN@ +HAVE_WCSDUP = @HAVE_WCSDUP@ +HAVE_WCSFTIME = @HAVE_WCSFTIME@ +HAVE_WCSLEN = @HAVE_WCSLEN@ +HAVE_WCSNCASECMP = @HAVE_WCSNCASECMP@ +HAVE_WCSNCAT = @HAVE_WCSNCAT@ +HAVE_WCSNCMP = @HAVE_WCSNCMP@ +HAVE_WCSNCPY = @HAVE_WCSNCPY@ +HAVE_WCSNLEN = @HAVE_WCSNLEN@ +HAVE_WCSNRTOMBS = @HAVE_WCSNRTOMBS@ +HAVE_WCSPBRK = @HAVE_WCSPBRK@ +HAVE_WCSRCHR = @HAVE_WCSRCHR@ +HAVE_WCSRTOMBS = @HAVE_WCSRTOMBS@ +HAVE_WCSSPN = @HAVE_WCSSPN@ +HAVE_WCSSTR = @HAVE_WCSSTR@ +HAVE_WCSTOK = @HAVE_WCSTOK@ +HAVE_WCSWIDTH = @HAVE_WCSWIDTH@ +HAVE_WCSXFRM = @HAVE_WCSXFRM@ +HAVE_WINSOCK2_H = @HAVE_WINSOCK2_H@ +HAVE_WINT_T = @HAVE_WINT_T@ +HAVE_WMEMCHR = @HAVE_WMEMCHR@ +HAVE_WMEMCMP = @HAVE_WMEMCMP@ +HAVE_WMEMCPY = @HAVE_WMEMCPY@ +HAVE_WMEMMOVE = @HAVE_WMEMMOVE@ +HAVE_WMEMSET = @HAVE_WMEMSET@ +HAVE_WS2TCPIP_H = @HAVE_WS2TCPIP_H@ +HAVE_XLOCALE_H = @HAVE_XLOCALE_H@ +HAVE__BOOL = @HAVE__BOOL@ +HAVE__EXIT = @HAVE__EXIT@ +HOGWEED_CFLAGS = @HOGWEED_CFLAGS@ +HOGWEED_LIBS = @HOGWEED_LIBS@ +HOSTENT_LIB = @HOSTENT_LIB@ +HTML_DIR = @HTML_DIR@ +INCLUDE_NEXT = @INCLUDE_NEXT@ +INCLUDE_NEXT_AS_FIRST_DIRECTIVE = @INCLUDE_NEXT_AS_FIRST_DIRECTIVE@ +INET_NTOP_LIB = @INET_NTOP_LIB@ +INET_PTON_LIB = @INET_PTON_LIB@ +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +INT32_MAX_LT_INTMAX_MAX = @INT32_MAX_LT_INTMAX_MAX@ +INT64_MAX_EQ_LONG_MAX = @INT64_MAX_EQ_LONG_MAX@ +INTLLIBS = @INTLLIBS@ +INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@ +LCOV = @LCOV@ +LD = @LD@ +LDFLAGS = @LDFLAGS@ +LIBATOMIC_LIBS = @LIBATOMIC_LIBS@ +LIBCRYPTO = @LIBCRYPTO@ +LIBCRYPTO_PREFIX = @LIBCRYPTO_PREFIX@ +LIBDL = @LIBDL@ +LIBDL_PREFIX = @LIBDL_PREFIX@ +LIBGNUTLS_CFLAGS = @LIBGNUTLS_CFLAGS@ +LIBGNUTLS_LIBS = @LIBGNUTLS_LIBS@ +LIBICONV = @LIBICONV@ +LIBIDN2_CFLAGS = @LIBIDN2_CFLAGS@ +LIBIDN2_LIBS = @LIBIDN2_LIBS@ +LIBINTL = @LIBINTL@ +LIBMULTITHREAD = @LIBMULTITHREAD@ +LIBOBJS = @LIBOBJS@ +LIBOPTS_CFLAGS = @LIBOPTS_CFLAGS@ +LIBOPTS_DIR = @LIBOPTS_DIR@ +LIBOPTS_LDADD = @LIBOPTS_LDADD@ +LIBPTH = @LIBPTH@ +LIBPTHREAD = @LIBPTHREAD@ +LIBPTHREAD_PREFIX = @LIBPTHREAD_PREFIX@ +LIBPTH_PREFIX = @LIBPTH_PREFIX@ +LIBRT = @LIBRT@ +LIBRT_PREFIX = @LIBRT_PREFIX@ +LIBS = @LIBS@ +LIBSECCOMP = @LIBSECCOMP@ +LIBSECCOMP_PREFIX = @LIBSECCOMP_PREFIX@ +LIBSOCKET = @LIBSOCKET@ +LIBTASN1_CFLAGS = @LIBTASN1_CFLAGS@ +LIBTASN1_LIBS = @LIBTASN1_LIBS@ +LIBTESTS_LIBDEPS = @LIBTESTS_LIBDEPS@ +LIBTHREAD = @LIBTHREAD@ +LIBTOOL = @LIBTOOL@ +LIBUNISTRING = @LIBUNISTRING@ +LIBUNISTRING_UNICTYPE_H = @LIBUNISTRING_UNICTYPE_H@ +LIBUNISTRING_UNINORM_H = @LIBUNISTRING_UNINORM_H@ +LIBUNISTRING_UNISTR_H = @LIBUNISTRING_UNISTR_H@ +LIBUNISTRING_UNITYPES_H = @LIBUNISTRING_UNITYPES_H@ +LIB_CLOCK_GETTIME = @LIB_CLOCK_GETTIME@ +LIB_NANOSLEEP = @LIB_NANOSLEEP@ +LIB_SELECT = @LIB_SELECT@ +LIMITS_H = @LIMITS_H@ +LIPO = @LIPO@ +LN_S = @LN_S@ +LOCALE_FR = @LOCALE_FR@ +LOCALE_FR_UTF8 = @LOCALE_FR_UTF8@ +LOCALE_JA = @LOCALE_JA@ +LOCALE_TR_UTF8 = @LOCALE_TR_UTF8@ +LOCALE_ZH_CN = @LOCALE_ZH_CN@ +LTALLOCA = @LTALLOCA@ +LTLIBCRYPTO = @LTLIBCRYPTO@ +LTLIBDL = @LTLIBDL@ +LTLIBICONV = @LTLIBICONV@ +LTLIBINTL = @LTLIBINTL@ +LTLIBMULTITHREAD = @LTLIBMULTITHREAD@ +LTLIBOBJS = @LTLIBOBJS@ +LTLIBPTH = @LTLIBPTH@ +LTLIBPTHREAD = @LTLIBPTHREAD@ +LTLIBRT = @LTLIBRT@ +LTLIBSECCOMP = @LTLIBSECCOMP@ +LTLIBTHREAD = @LTLIBTHREAD@ +LT_AGE = @LT_AGE@ +LT_CURRENT = @LT_CURRENT@ +LT_DANE_AGE = @LT_DANE_AGE@ +LT_DANE_CURRENT = @LT_DANE_CURRENT@ +LT_DANE_REVISION = @LT_DANE_REVISION@ +LT_REVISION = @LT_REVISION@ +LT_SSL_AGE = @LT_SSL_AGE@ +LT_SSL_CURRENT = @LT_SSL_CURRENT@ +LT_SSL_REVISION = @LT_SSL_REVISION@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ +LT_XSSL_AGE = @LT_XSSL_AGE@ +LT_XSSL_CURRENT = @LT_XSSL_CURRENT@ +LT_XSSL_REVISION = @LT_XSSL_REVISION@ +MAINT = @MAINT@ +MAJOR_VERSION = @MAJOR_VERSION@ +MAKEINFO = @MAKEINFO@ +MANIFEST_TOOL = @MANIFEST_TOOL@ +MINOR_VERSION = @MINOR_VERSION@ +MKDIR_P = @MKDIR_P@ +MSGFMT = @MSGFMT@ +MSGFMT_015 = @MSGFMT_015@ +MSGMERGE = @MSGMERGE@ +NETINET_IN_H = @NETINET_IN_H@ +NETTLE_CFLAGS = @NETTLE_CFLAGS@ +NETTLE_LIBS = @NETTLE_LIBS@ +NEXT_ARPA_INET_H = @NEXT_ARPA_INET_H@ +NEXT_AS_FIRST_DIRECTIVE_ARPA_INET_H = @NEXT_AS_FIRST_DIRECTIVE_ARPA_INET_H@ +NEXT_AS_FIRST_DIRECTIVE_CTYPE_H = @NEXT_AS_FIRST_DIRECTIVE_CTYPE_H@ +NEXT_AS_FIRST_DIRECTIVE_ERRNO_H = @NEXT_AS_FIRST_DIRECTIVE_ERRNO_H@ +NEXT_AS_FIRST_DIRECTIVE_FCNTL_H = @NEXT_AS_FIRST_DIRECTIVE_FCNTL_H@ +NEXT_AS_FIRST_DIRECTIVE_FLOAT_H = @NEXT_AS_FIRST_DIRECTIVE_FLOAT_H@ +NEXT_AS_FIRST_DIRECTIVE_INTTYPES_H = @NEXT_AS_FIRST_DIRECTIVE_INTTYPES_H@ +NEXT_AS_FIRST_DIRECTIVE_LANGINFO_H = @NEXT_AS_FIRST_DIRECTIVE_LANGINFO_H@ +NEXT_AS_FIRST_DIRECTIVE_LIMITS_H = @NEXT_AS_FIRST_DIRECTIVE_LIMITS_H@ +NEXT_AS_FIRST_DIRECTIVE_LOCALE_H = @NEXT_AS_FIRST_DIRECTIVE_LOCALE_H@ +NEXT_AS_FIRST_DIRECTIVE_NETDB_H = @NEXT_AS_FIRST_DIRECTIVE_NETDB_H@ +NEXT_AS_FIRST_DIRECTIVE_NETINET_IN_H = @NEXT_AS_FIRST_DIRECTIVE_NETINET_IN_H@ +NEXT_AS_FIRST_DIRECTIVE_SIGNAL_H = @NEXT_AS_FIRST_DIRECTIVE_SIGNAL_H@ +NEXT_AS_FIRST_DIRECTIVE_STDDEF_H = @NEXT_AS_FIRST_DIRECTIVE_STDDEF_H@ +NEXT_AS_FIRST_DIRECTIVE_STDINT_H = @NEXT_AS_FIRST_DIRECTIVE_STDINT_H@ +NEXT_AS_FIRST_DIRECTIVE_STDIO_H = @NEXT_AS_FIRST_DIRECTIVE_STDIO_H@ +NEXT_AS_FIRST_DIRECTIVE_STDLIB_H = @NEXT_AS_FIRST_DIRECTIVE_STDLIB_H@ +NEXT_AS_FIRST_DIRECTIVE_STRINGS_H = @NEXT_AS_FIRST_DIRECTIVE_STRINGS_H@ +NEXT_AS_FIRST_DIRECTIVE_STRING_H = @NEXT_AS_FIRST_DIRECTIVE_STRING_H@ +NEXT_AS_FIRST_DIRECTIVE_SYS_IOCTL_H = @NEXT_AS_FIRST_DIRECTIVE_SYS_IOCTL_H@ +NEXT_AS_FIRST_DIRECTIVE_SYS_SELECT_H = @NEXT_AS_FIRST_DIRECTIVE_SYS_SELECT_H@ +NEXT_AS_FIRST_DIRECTIVE_SYS_SOCKET_H = @NEXT_AS_FIRST_DIRECTIVE_SYS_SOCKET_H@ +NEXT_AS_FIRST_DIRECTIVE_SYS_STAT_H = @NEXT_AS_FIRST_DIRECTIVE_SYS_STAT_H@ +NEXT_AS_FIRST_DIRECTIVE_SYS_TIME_H = @NEXT_AS_FIRST_DIRECTIVE_SYS_TIME_H@ +NEXT_AS_FIRST_DIRECTIVE_SYS_TYPES_H = @NEXT_AS_FIRST_DIRECTIVE_SYS_TYPES_H@ +NEXT_AS_FIRST_DIRECTIVE_SYS_UIO_H = @NEXT_AS_FIRST_DIRECTIVE_SYS_UIO_H@ +NEXT_AS_FIRST_DIRECTIVE_TIME_H = @NEXT_AS_FIRST_DIRECTIVE_TIME_H@ +NEXT_AS_FIRST_DIRECTIVE_UNISTD_H = @NEXT_AS_FIRST_DIRECTIVE_UNISTD_H@ +NEXT_AS_FIRST_DIRECTIVE_WCHAR_H = @NEXT_AS_FIRST_DIRECTIVE_WCHAR_H@ +NEXT_CTYPE_H = @NEXT_CTYPE_H@ +NEXT_ERRNO_H = @NEXT_ERRNO_H@ +NEXT_FCNTL_H = @NEXT_FCNTL_H@ +NEXT_FLOAT_H = @NEXT_FLOAT_H@ +NEXT_INTTYPES_H = @NEXT_INTTYPES_H@ +NEXT_LANGINFO_H = @NEXT_LANGINFO_H@ +NEXT_LIMITS_H = @NEXT_LIMITS_H@ +NEXT_LOCALE_H = @NEXT_LOCALE_H@ +NEXT_NETDB_H = @NEXT_NETDB_H@ +NEXT_NETINET_IN_H = @NEXT_NETINET_IN_H@ +NEXT_SIGNAL_H = @NEXT_SIGNAL_H@ +NEXT_STDDEF_H = @NEXT_STDDEF_H@ +NEXT_STDINT_H = @NEXT_STDINT_H@ +NEXT_STDIO_H = @NEXT_STDIO_H@ +NEXT_STDLIB_H = @NEXT_STDLIB_H@ +NEXT_STRINGS_H = @NEXT_STRINGS_H@ +NEXT_STRING_H = @NEXT_STRING_H@ +NEXT_SYS_IOCTL_H = @NEXT_SYS_IOCTL_H@ +NEXT_SYS_SELECT_H = @NEXT_SYS_SELECT_H@ +NEXT_SYS_SOCKET_H = @NEXT_SYS_SOCKET_H@ +NEXT_SYS_STAT_H = @NEXT_SYS_STAT_H@ +NEXT_SYS_TIME_H = @NEXT_SYS_TIME_H@ +NEXT_SYS_TYPES_H = @NEXT_SYS_TYPES_H@ +NEXT_SYS_UIO_H = @NEXT_SYS_UIO_H@ +NEXT_TIME_H = @NEXT_TIME_H@ +NEXT_UNISTD_H = @NEXT_UNISTD_H@ +NEXT_WCHAR_H = @NEXT_WCHAR_H@ +NM = @NM@ +NMEDIT = @NMEDIT@ +NUMBER_VERSION = @NUMBER_VERSION@ +OBJDUMP = @OBJDUMP@ +OBJEXT = @OBJEXT@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ +P11_KIT_CFLAGS = @P11_KIT_CFLAGS@ +P11_KIT_LIBS = @P11_KIT_LIBS@ +PACKAGE = @PACKAGE@ +PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ +PACKAGE_NAME = @PACKAGE_NAME@ +PACKAGE_STRING = @PACKAGE_STRING@ +PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ +PACKAGE_VERSION = @PACKAGE_VERSION@ +PATCH_VERSION = @PATCH_VERSION@ +PATH_SEPARATOR = @PATH_SEPARATOR@ +PKG_CONFIG = @PKG_CONFIG@ +PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ +PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ +PMCCABE = @PMCCABE@ +POSIX_SHELL = @POSIX_SHELL@ +POSUB = @POSUB@ +PRAGMA_COLUMNS = @PRAGMA_COLUMNS@ +PRAGMA_SYSTEM_HEADER = @PRAGMA_SYSTEM_HEADER@ +PRIPTR_PREFIX = @PRIPTR_PREFIX@ +PRI_MACROS_BROKEN = @PRI_MACROS_BROKEN@ +PTHREAD_H_DEFINES_STRUCT_TIMESPEC = @PTHREAD_H_DEFINES_STRUCT_TIMESPEC@ +PTRDIFF_T_SUFFIX = @PTRDIFF_T_SUFFIX@ +RANLIB = @RANLIB@ +REPLACE_BTOWC = @REPLACE_BTOWC@ +REPLACE_CALLOC = @REPLACE_CALLOC@ +REPLACE_CANONICALIZE_FILE_NAME = @REPLACE_CANONICALIZE_FILE_NAME@ +REPLACE_CHOWN = @REPLACE_CHOWN@ +REPLACE_CLOSE = @REPLACE_CLOSE@ +REPLACE_CTIME = @REPLACE_CTIME@ +REPLACE_DPRINTF = @REPLACE_DPRINTF@ +REPLACE_DUP = @REPLACE_DUP@ +REPLACE_DUP2 = @REPLACE_DUP2@ +REPLACE_DUPLOCALE = @REPLACE_DUPLOCALE@ +REPLACE_FACCESSAT = @REPLACE_FACCESSAT@ +REPLACE_FCHOWNAT = @REPLACE_FCHOWNAT@ +REPLACE_FCLOSE = @REPLACE_FCLOSE@ +REPLACE_FCNTL = @REPLACE_FCNTL@ +REPLACE_FDOPEN = @REPLACE_FDOPEN@ +REPLACE_FFLUSH = @REPLACE_FFLUSH@ +REPLACE_FOPEN = @REPLACE_FOPEN@ +REPLACE_FPRINTF = @REPLACE_FPRINTF@ +REPLACE_FPURGE = @REPLACE_FPURGE@ +REPLACE_FREELOCALE = @REPLACE_FREELOCALE@ +REPLACE_FREOPEN = @REPLACE_FREOPEN@ +REPLACE_FSEEK = @REPLACE_FSEEK@ +REPLACE_FSEEKO = @REPLACE_FSEEKO@ +REPLACE_FSTAT = @REPLACE_FSTAT@ +REPLACE_FSTATAT = @REPLACE_FSTATAT@ +REPLACE_FTELL = @REPLACE_FTELL@ +REPLACE_FTELLO = @REPLACE_FTELLO@ +REPLACE_FTRUNCATE = @REPLACE_FTRUNCATE@ +REPLACE_FUTIMENS = @REPLACE_FUTIMENS@ +REPLACE_GAI_STRERROR = @REPLACE_GAI_STRERROR@ +REPLACE_GETCWD = @REPLACE_GETCWD@ +REPLACE_GETDELIM = @REPLACE_GETDELIM@ +REPLACE_GETDOMAINNAME = @REPLACE_GETDOMAINNAME@ +REPLACE_GETDTABLESIZE = @REPLACE_GETDTABLESIZE@ +REPLACE_GETGROUPS = @REPLACE_GETGROUPS@ +REPLACE_GETLINE = @REPLACE_GETLINE@ +REPLACE_GETLOGIN_R = @REPLACE_GETLOGIN_R@ +REPLACE_GETPAGESIZE = @REPLACE_GETPAGESIZE@ +REPLACE_GETPASS = @REPLACE_GETPASS@ +REPLACE_GETTIMEOFDAY = @REPLACE_GETTIMEOFDAY@ +REPLACE_GMTIME = @REPLACE_GMTIME@ +REPLACE_INET_NTOP = @REPLACE_INET_NTOP@ +REPLACE_INET_PTON = @REPLACE_INET_PTON@ +REPLACE_INITSTATE = @REPLACE_INITSTATE@ +REPLACE_IOCTL = @REPLACE_IOCTL@ +REPLACE_ISATTY = @REPLACE_ISATTY@ +REPLACE_ITOLD = @REPLACE_ITOLD@ +REPLACE_LCHOWN = @REPLACE_LCHOWN@ +REPLACE_LINK = @REPLACE_LINK@ +REPLACE_LINKAT = @REPLACE_LINKAT@ +REPLACE_LOCALECONV = @REPLACE_LOCALECONV@ +REPLACE_LOCALTIME = @REPLACE_LOCALTIME@ +REPLACE_LOCALTIME_R = @REPLACE_LOCALTIME_R@ +REPLACE_LSEEK = @REPLACE_LSEEK@ +REPLACE_LSTAT = @REPLACE_LSTAT@ +REPLACE_MALLOC = @REPLACE_MALLOC@ +REPLACE_MBRLEN = @REPLACE_MBRLEN@ +REPLACE_MBRTOWC = @REPLACE_MBRTOWC@ +REPLACE_MBSINIT = @REPLACE_MBSINIT@ +REPLACE_MBSNRTOWCS = @REPLACE_MBSNRTOWCS@ +REPLACE_MBSRTOWCS = @REPLACE_MBSRTOWCS@ +REPLACE_MBSTATE_T = @REPLACE_MBSTATE_T@ +REPLACE_MBTOWC = @REPLACE_MBTOWC@ +REPLACE_MEMCHR = @REPLACE_MEMCHR@ +REPLACE_MEMMEM = @REPLACE_MEMMEM@ +REPLACE_MKDIR = @REPLACE_MKDIR@ +REPLACE_MKFIFO = @REPLACE_MKFIFO@ +REPLACE_MKNOD = @REPLACE_MKNOD@ +REPLACE_MKSTEMP = @REPLACE_MKSTEMP@ +REPLACE_MKTIME = @REPLACE_MKTIME@ +REPLACE_NANOSLEEP = @REPLACE_NANOSLEEP@ +REPLACE_NEWLOCALE = @REPLACE_NEWLOCALE@ +REPLACE_NL_LANGINFO = @REPLACE_NL_LANGINFO@ +REPLACE_NULL = @REPLACE_NULL@ +REPLACE_OBSTACK_PRINTF = @REPLACE_OBSTACK_PRINTF@ +REPLACE_OPEN = @REPLACE_OPEN@ +REPLACE_OPENAT = @REPLACE_OPENAT@ +REPLACE_PERROR = @REPLACE_PERROR@ +REPLACE_POPEN = @REPLACE_POPEN@ +REPLACE_PREAD = @REPLACE_PREAD@ +REPLACE_PRINTF = @REPLACE_PRINTF@ +REPLACE_PSELECT = @REPLACE_PSELECT@ +REPLACE_PTHREAD_SIGMASK = @REPLACE_PTHREAD_SIGMASK@ +REPLACE_PTSNAME = @REPLACE_PTSNAME@ +REPLACE_PTSNAME_R = @REPLACE_PTSNAME_R@ +REPLACE_PUTENV = @REPLACE_PUTENV@ +REPLACE_PWRITE = @REPLACE_PWRITE@ +REPLACE_QSORT_R = @REPLACE_QSORT_R@ +REPLACE_RAISE = @REPLACE_RAISE@ +REPLACE_RANDOM = @REPLACE_RANDOM@ +REPLACE_RANDOM_R = @REPLACE_RANDOM_R@ +REPLACE_READ = @REPLACE_READ@ +REPLACE_READLINK = @REPLACE_READLINK@ +REPLACE_READLINKAT = @REPLACE_READLINKAT@ +REPLACE_REALLOC = @REPLACE_REALLOC@ +REPLACE_REALPATH = @REPLACE_REALPATH@ +REPLACE_REMOVE = @REPLACE_REMOVE@ +REPLACE_RENAME = @REPLACE_RENAME@ +REPLACE_RENAMEAT = @REPLACE_RENAMEAT@ +REPLACE_RMDIR = @REPLACE_RMDIR@ +REPLACE_SELECT = @REPLACE_SELECT@ +REPLACE_SETENV = @REPLACE_SETENV@ +REPLACE_SETLOCALE = @REPLACE_SETLOCALE@ +REPLACE_SETSTATE = @REPLACE_SETSTATE@ +REPLACE_SLEEP = @REPLACE_SLEEP@ +REPLACE_SNPRINTF = @REPLACE_SNPRINTF@ +REPLACE_SPRINTF = @REPLACE_SPRINTF@ +REPLACE_STAT = @REPLACE_STAT@ +REPLACE_STDIO_READ_FUNCS = @REPLACE_STDIO_READ_FUNCS@ +REPLACE_STDIO_WRITE_FUNCS = @REPLACE_STDIO_WRITE_FUNCS@ +REPLACE_STPNCPY = @REPLACE_STPNCPY@ +REPLACE_STRCASESTR = @REPLACE_STRCASESTR@ +REPLACE_STRCHRNUL = @REPLACE_STRCHRNUL@ +REPLACE_STRDUP = @REPLACE_STRDUP@ +REPLACE_STRERROR = @REPLACE_STRERROR@ +REPLACE_STRERROR_R = @REPLACE_STRERROR_R@ +REPLACE_STRFTIME = @REPLACE_STRFTIME@ +REPLACE_STRNCAT = @REPLACE_STRNCAT@ +REPLACE_STRNDUP = @REPLACE_STRNDUP@ +REPLACE_STRNLEN = @REPLACE_STRNLEN@ +REPLACE_STRSIGNAL = @REPLACE_STRSIGNAL@ +REPLACE_STRSTR = @REPLACE_STRSTR@ +REPLACE_STRTOD = @REPLACE_STRTOD@ +REPLACE_STRTOIMAX = @REPLACE_STRTOIMAX@ +REPLACE_STRTOK_R = @REPLACE_STRTOK_R@ +REPLACE_STRTOLD = @REPLACE_STRTOLD@ +REPLACE_STRTOUMAX = @REPLACE_STRTOUMAX@ +REPLACE_STRUCT_LCONV = @REPLACE_STRUCT_LCONV@ +REPLACE_STRUCT_TIMEVAL = @REPLACE_STRUCT_TIMEVAL@ +REPLACE_SYMLINK = @REPLACE_SYMLINK@ +REPLACE_SYMLINKAT = @REPLACE_SYMLINKAT@ +REPLACE_TIMEGM = @REPLACE_TIMEGM@ +REPLACE_TMPFILE = @REPLACE_TMPFILE@ +REPLACE_TRUNCATE = @REPLACE_TRUNCATE@ +REPLACE_TTYNAME_R = @REPLACE_TTYNAME_R@ +REPLACE_TZSET = @REPLACE_TZSET@ +REPLACE_UNLINK = @REPLACE_UNLINK@ +REPLACE_UNLINKAT = @REPLACE_UNLINKAT@ +REPLACE_UNSETENV = @REPLACE_UNSETENV@ +REPLACE_USLEEP = @REPLACE_USLEEP@ +REPLACE_UTIMENSAT = @REPLACE_UTIMENSAT@ +REPLACE_VASPRINTF = @REPLACE_VASPRINTF@ +REPLACE_VDPRINTF = @REPLACE_VDPRINTF@ +REPLACE_VFPRINTF = @REPLACE_VFPRINTF@ +REPLACE_VPRINTF = @REPLACE_VPRINTF@ +REPLACE_VSNPRINTF = @REPLACE_VSNPRINTF@ +REPLACE_VSPRINTF = @REPLACE_VSPRINTF@ +REPLACE_WCRTOMB = @REPLACE_WCRTOMB@ +REPLACE_WCSFTIME = @REPLACE_WCSFTIME@ +REPLACE_WCSNRTOMBS = @REPLACE_WCSNRTOMBS@ +REPLACE_WCSRTOMBS = @REPLACE_WCSRTOMBS@ +REPLACE_WCSWIDTH = @REPLACE_WCSWIDTH@ +REPLACE_WCTOB = @REPLACE_WCTOB@ +REPLACE_WCTOMB = @REPLACE_WCTOMB@ +REPLACE_WCWIDTH = @REPLACE_WCWIDTH@ +REPLACE_WRITE = @REPLACE_WRITE@ +SED = @SED@ +SERVENT_LIB = @SERVENT_LIB@ +SET_MAKE = @SET_MAKE@ +SHELL = @SHELL@ +SIG_ATOMIC_T_SUFFIX = @SIG_ATOMIC_T_SUFFIX@ +SIZE_T_SUFFIX = @SIZE_T_SUFFIX@ +STDALIGN_H = @STDALIGN_H@ +STDBOOL_H = @STDBOOL_H@ +STDDEF_H = @STDDEF_H@ +STDINT_H = @STDINT_H@ +STDNORETURN_H = @STDNORETURN_H@ +STRIP = @STRIP@ +SYS_IOCTL_H_HAVE_WINSOCK2_H = @SYS_IOCTL_H_HAVE_WINSOCK2_H@ +SYS_IOCTL_H_HAVE_WINSOCK2_H_AND_USE_SOCKETS = @SYS_IOCTL_H_HAVE_WINSOCK2_H_AND_USE_SOCKETS@ +SYS_TIME_H_DEFINES_STRUCT_TIMESPEC = @SYS_TIME_H_DEFINES_STRUCT_TIMESPEC@ +TIME_H_DEFINES_STRUCT_TIMESPEC = @TIME_H_DEFINES_STRUCT_TIMESPEC@ +TROUSERS_LIB = @TROUSERS_LIB@ +TSS_CFLAGS = @TSS_CFLAGS@ +TSS_LIBS = @TSS_LIBS@ +UINT32_MAX_LT_UINTMAX_MAX = @UINT32_MAX_LT_UINTMAX_MAX@ +UINT64_MAX_EQ_ULONG_MAX = @UINT64_MAX_EQ_ULONG_MAX@ +UNBOUND_CFLAGS = @UNBOUND_CFLAGS@ +UNBOUND_LIBS = @UNBOUND_LIBS@ +UNDEFINE_STRTOK_R = @UNDEFINE_STRTOK_R@ +UNISTD_H_DEFINES_STRUCT_TIMESPEC = @UNISTD_H_DEFINES_STRUCT_TIMESPEC@ +UNISTD_H_HAVE_WINSOCK2_H = @UNISTD_H_HAVE_WINSOCK2_H@ +UNISTD_H_HAVE_WINSOCK2_H_AND_USE_SOCKETS = @UNISTD_H_HAVE_WINSOCK2_H_AND_USE_SOCKETS@ +USE_NLS = @USE_NLS@ +VALGRIND = @VALGRIND@ +VERSION = @VERSION@ +WARN_CFLAGS = @WARN_CFLAGS@ +WCHAR_T_SUFFIX = @WCHAR_T_SUFFIX@ +WERROR_CFLAGS = @WERROR_CFLAGS@ +WINDOWS_64_BIT_OFF_T = @WINDOWS_64_BIT_OFF_T@ +WINDOWS_64_BIT_ST_SIZE = @WINDOWS_64_BIT_ST_SIZE@ +WINDOWS_STAT_INODES = @WINDOWS_STAT_INODES@ +WINDOWS_STAT_TIMESPEC = @WINDOWS_STAT_TIMESPEC@ +WINT_T_SUFFIX = @WINT_T_SUFFIX@ +WSTACK_CFLAGS = @WSTACK_CFLAGS@ +XGETTEXT = @XGETTEXT@ +XGETTEXT_015 = @XGETTEXT_015@ +XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@ +YACC = @YACC@ +YEAR = @YEAR@ +YFLAGS = @YFLAGS@ +abs_aux_dir = @abs_aux_dir@ +abs_builddir = @abs_builddir@ +abs_srcdir = @abs_srcdir@ +abs_top_builddir = @abs_top_builddir@ +abs_top_srcdir = @abs_top_srcdir@ +ac_ct_AR = @ac_ct_AR@ +ac_ct_CC = @ac_ct_CC@ +ac_ct_CXX = @ac_ct_CXX@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +ac_cv_sizeof_time_t = @ac_cv_sizeof_time_t@ +am__include = @am__include@ +am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ +am__tar = @am__tar@ +am__untar = @am__untar@ +autogen = @autogen@ +bindir = @bindir@ +build = @build@ +build_alias = @build_alias@ +build_cpu = @build_cpu@ +build_os = @build_os@ +build_vendor = @build_vendor@ +builddir = @builddir@ +datadir = @datadir@ +datarootdir = @datarootdir@ +docdir = @docdir@ +dvidir = @dvidir@ +exec_prefix = @exec_prefix@ +ggl_LIBOBJS = @ggl_LIBOBJS@ +ggl_LTLIBOBJS = @ggl_LTLIBOBJS@ +ggltests_LIBOBJS = @ggltests_LIBOBJS@ +ggltests_LTLIBOBJS = @ggltests_LTLIBOBJS@ +ggltests_WITNESS = @ggltests_WITNESS@ +gl_LIBOBJS = @gl_LIBOBJS@ +gl_LTLIBOBJS = @gl_LTLIBOBJS@ +gltests_LIBOBJS = @gltests_LIBOBJS@ +gltests_LTLIBOBJS = @gltests_LTLIBOBJS@ +gltests_WITNESS = @gltests_WITNESS@ +guile_snarf = @guile_snarf@ +guileextensiondir = @guileextensiondir@ +guilesiteccachedir = @guilesiteccachedir@ +guilesitedir = @guilesitedir@ +host = @host@ +host_alias = @host_alias@ +host_cpu = @host_cpu@ +host_os = @host_os@ +host_vendor = @host_vendor@ +htmldir = @htmldir@ +ifGNUmake = @ifGNUmake@ +ifnGNUmake = @ifnGNUmake@ +includedir = @includedir@ +infodir = @infodir@ +install_sh = @install_sh@ +libdir = @libdir@ +libexecdir = @libexecdir@ +localedir = @localedir@ +localstatedir = @localstatedir@ +mandir = @mandir@ +mkdir_p = @mkdir_p@ +oldincludedir = @oldincludedir@ +pdfdir = @pdfdir@ +prefix = @prefix@ +program_transform_name = @program_transform_name@ +psdir = @psdir@ +runstatedir = @runstatedir@ +sbindir = @sbindir@ +sharedstatedir = @sharedstatedir@ +srcdir = @srcdir@ +sysconfdir = @sysconfdir@ +target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ +top_builddir = @top_builddir@ +top_srcdir = @top_srcdir@ +unistring_LIBOBJS = @unistring_LIBOBJS@ +unistring_LTLIBOBJS = @unistring_LTLIBOBJS@ +unistringtests_LIBOBJS = @unistringtests_LIBOBJS@ +unistringtests_LTLIBOBJS = @unistringtests_LTLIBOBJS@ +unistringtests_WITNESS = @unistringtests_WITNESS@ +EXTRA_DIST = ca-key.pem ca.pem cert-rsa.pem key-rsa.pem clikey.pem clicert.pem \ + clicert-dsa.pem clikey-dsa.pem cert-dsa.pem key-dsa.pem cert-ecc.pem key-ecc.pem \ + cert-ecc-sign.pem key-rsa-pss.pem cert-rsa-pss.pem example.com-cert.pem \ + example.com-key.pem \ + key-gost01.pem cert-gost01.pem key-gost12.pem cert-gost12.pem + +all: all-am + +.SUFFIXES: +$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ + *$$dep*) \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ + exit 1;; \ + esac; \ + done; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign doc/credentials/x509/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --foreign doc/credentials/x509/Makefile +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + @case '$?' in \ + *config.status*) \ + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ + *) \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \ + esac; + +$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + +$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): + +mostlyclean-libtool: + -rm -f *.lo + +clean-libtool: + -rm -rf .libs _libs +tags TAGS: + +ctags CTAGS: + +cscope cscopelist: + + +distdir: $(BUILT_SOURCES) + $(MAKE) $(AM_MAKEFLAGS) distdir-am + +distdir-am: $(DISTFILES) + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ + dist_files=`for file in $$list; do echo $$file; done | \ + sed -e "s|^$$srcdirstrip/||;t" \ + -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ + case $$dist_files in \ + */*) $(MKDIR_P) `echo "$$dist_files" | \ + sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ + sort -u` ;; \ + esac; \ + for file in $$dist_files; do \ + if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ + if test -d $$d/$$file; then \ + dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ + else \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ + || exit 1; \ + fi; \ + done +check-am: all-am +check: check-am +all-am: Makefile +installdirs: +install: install-am +install-exec: install-exec-am +install-data: install-data-am +uninstall: uninstall-am + +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am + +installcheck: installcheck-am +install-strip: + if test -z '$(STRIP)'; then \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + install; \ + else \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ + fi +mostlyclean-generic: + +clean-generic: + +distclean-generic: + -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + +maintainer-clean-generic: + @echo "This command is intended for maintainers to use" + @echo "it deletes files that may require special tools to rebuild." +clean: clean-am + +clean-am: clean-generic clean-libtool mostlyclean-am + +distclean: distclean-am + -rm -f Makefile +distclean-am: clean-am distclean-generic + +dvi: dvi-am + +dvi-am: + +html: html-am + +html-am: + +info: info-am + +info-am: + +install-data-am: + +install-dvi: install-dvi-am + +install-dvi-am: + +install-exec-am: + +install-html: install-html-am + +install-html-am: + +install-info: install-info-am + +install-info-am: + +install-man: + +install-pdf: install-pdf-am + +install-pdf-am: + +install-ps: install-ps-am + +install-ps-am: + +installcheck-am: + +maintainer-clean: maintainer-clean-am + -rm -f Makefile +maintainer-clean-am: distclean-am maintainer-clean-generic + +mostlyclean: mostlyclean-am + +mostlyclean-am: mostlyclean-generic mostlyclean-libtool + +pdf: pdf-am + +pdf-am: + +ps: ps-am + +ps-am: + +uninstall-am: + +.MAKE: install-am install-strip + +.PHONY: all all-am check check-am clean clean-generic clean-libtool \ + cscopelist-am ctags-am distclean distclean-generic \ + distclean-libtool distdir dvi dvi-am html html-am info info-am \ + install install-am install-data install-data-am install-dvi \ + install-dvi-am install-exec install-exec-am install-html \ + install-html-am install-info install-info-am install-man \ + install-pdf install-pdf-am install-ps install-ps-am \ + install-strip installcheck installcheck-am installdirs \ + maintainer-clean maintainer-clean-generic mostlyclean \ + mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ + tags-am uninstall uninstall-am + +.PRECIOUS: Makefile + + +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff --git a/doc/credentials/x509/ca-key.pem b/doc/credentials/x509/ca-key.pem new file mode 100644 index 0000000..4efbe5a --- /dev/null +++ b/doc/credentials/x509/ca-key.pem @@ -0,0 +1,145 @@ +Public Key Info: + Public Key Algorithm: RSA + Key Security Level: Normal + +modulus: + 00:9c:e4:42:b1:7d:6e:9e:5f:ff:7f:2d:9d:d7:4e: + 78:5d:db:88:83:fd:c2:a9:50:5a:4f:71:dc:6b:ae: + 52:12:80:f0:87:42:a2:3e:d4:28:3a:06:4b:74:a6: + 36:72:86:c6:b3:fa:23:62:d3:a3:72:cd:0a:9e:53: + d8:76:6b:63:12:1e:96:12:1b:89:53:de:6f:e1:34: + 1d:0b:83:8b:32:21:39:e9:e2:06:ab:6e:76:85:90: + 1b:1e:84:cb:f3:84:35:e0:3c:50:58:6b:b3:40:af: + 37:d2:29:a5:ed:f6:f0:d9:67:08:71:14:3c:bc:51: + ac:f1:2c:df:5f:0e:b7:f8:c2:3a:16:ae:a2:30:04: + 08:a8:fd:3c:5b:31:a6:45:1c:cb:e7:0b:c2:88:f8: + 42:56:4a:cf:9b:06:d7:a0:00:6e:6f:a0:00:b1:8c: + 16:3c:90:7d:d4:cf:7f:97:1e:60:14:7e:64:f7:f8: + 8f:7e:2d:ec:d8:a8:37:17:c3:0e:72:9a:6a:15:88: + f1:0d:29:ec:7e:2c:fa:78:c8:75:f9:b6:15:20:0a: + 37:eb:bb:c6:55:81:e2:81:73:04:64:2d:85:7b:39: + 70:20:76:99:ce:91:28:16:56:37:6b:b2:c5:27:4d: + 32:ae:34:3d:d7:4a:fc:50:4f:82:10:c4:d8:cc:4e: + 34:0f:4a:25:08:ca:3b:14:0f:51:0a:37:8e:dd:b5: + 08:a1:86:88:75:54:d4:19:61:06:1d:64:9e:a3:11: + 9e:8b:d1:a4:9b:ab:be:01:28:fc:7f:e8:b4:8f:17: + 43:da:a5:ec:7b: +public exponent: + 01:00:01: +private exponent: + 6a:cd:04:0d:99:0a:65:6b:8a:1c:c4:2b:cf:b6:8e: + 3f:ae:43:47:3e:c6:75:c5:ca:44:8c:88:f5:10:8c: + b4:25:ec:16:d7:a8:64:c6:bd:bf:8a:2b:71:73:f8: + 5a:8c:1e:d5:c3:b0:b5:04:c7:1e:4e:30:2d:49:7c: + 70:58:77:ef:8c:bc:b2:04:e6:be:1e:0c:e1:2c:3d: + 9d:69:e5:a6:b1:71:a0:22:0a:52:46:f7:0d:c2:e4: + 83:28:f9:41:83:3d:bd:b0:b1:2d:0f:db:cd:6b:b9: + bf:2a:34:d7:42:24:00:8a:9f:f7:82:44:3a:1a:0b: + 75:7e:0b:6c:c5:33:3d:76:d2:5e:40:71:0d:e8:a1: + 10:90:9a:b6:a5:9c:bf:2d:74:2c:8b:17:d9:6f:ce: + 90:b8:79:79:dd:14:4a:bc:87:96:24:81:5a:14:6b: + cf:16:b2:94:5e:b7:7b:cc:cc:4a:a9:8e:e3:a9:c3: + 70:51:1f:03:f6:f0:92:1f:1e:39:9a:58:05:e0:9c: + 0c:4e:06:4a:6a:31:23:e6:21:bf:0a:ec:8f:31:a0: + c9:24:e2:cd:ff:fa:25:fa:1c:bf:4f:22:c6:e5:0f: + 52:8d:95:ab:1f:58:30:20:f1:2b:ea:df:c4:af:b5: + 7e:10:c5:4f:16:72:3f:f5:2e:88:3c:51:23:37:20: + 7c:55:d4:bb:d7:23:6a:b0:14:81:a4:c1:6b:06:3b: + 28:17:e9:80:dd:1a:e5:d6:bb:0d:30:cb:6a:34:9b: + 23:ae:49:49:42:24:b8:7f:72:f6:e9:4a:c9:75:2b: + 7f:ac:40:b1: +prime1: + 00:d0:9c:a7:0f:3a:c4:ec:84:3d:92:22:39:ef:3e: + 81:27:8a:5e:bf:01:7d:69:78:e8:ec:af:62:cf:c0: + ec:1d:f0:38:f4:f9:e5:ab:bc:aa:a2:5c:78:fa:23: + 0d:03:9c:7b:29:3c:6f:26:91:c9:a4:31:41:72:63: + 76:65:02:0d:f1:56:0f:b0:70:ef:be:6e:97:bb:f6: + ed:57:b6:02:16:eb:83:f6:c9:f6:ce:51:d2:91:b6: + a1:85:83:b9:da:da:29:b1:eb:23:6a:dd:3d:cc:1f: + 40:e2:f2:68:db:be:7f:2a:4f:2b:5b:ed:ad:ff:c8: + ef:16:9c:15:68:71:24:8c:44:bb:58:17:0d:f2:fa: + b7:ca:e6:f1:b3:5e:45:fc:3a:56:82:44:95:d5:15: + 90:c9:d3: +prime2: + 00:c0:87:ef:09:79:4e:4a:ea:23:86:c7:10:3e:59: + 90:8e:f0:32:ff:8a:9d:8f:5c:dc:2c:5a:99:6a:46: + 04:dd:c2:0d:41:f0:3c:71:78:95:fc:10:da:90:9d: + 1a:f8:f5:27:eb:26:2b:44:c2:b1:64:27:2c:3f:f4: + 03:98:e9:b7:34:70:69:69:7b:bc:c9:85:b8:8b:e3: + 45:a0:44:90:b9:3f:bf:76:b8:a1:29:a6:05:63:cb: + 03:a2:8a:06:31:ce:b4:15:89:7f:ee:e5:ce:89:da: + 8c:e6:0f:38:43:1e:cc:dc:58:f3:73:19:1d:82:9c: + 0e:fa:f2:a8:ad:ab:91:09:06:fc:a6:10:cd:82:be: + 4a:fb:3c:b2:92:0b:24:cf:6d:02:2e:0d:4a:52:aa: + 34:c1:b9: +coefficient: + 00:86:2e:30:76:ad:fd:d3:00:ab:06:e6:bf:aa:db: + 1f:49:8a:23:7c:b4:be:b3:fa:ff:5a:7a:d7:09:2c: + ad:ed:d2:0c:7d:a8:bc:e3:a4:a3:8d:10:0e:47:a3: + ad:5d:66:3b:58:35:55:95:53:3d:1f:5e:0a:db:10: + 32:b6:0a:8f:e0:0c:4b:8c:e6:94:ef:5e:ba:cb:b3: + d0:b2:88:a3:d6:ff:16:0e:60:59:fe:0b:43:03:6f: + ea:57:54:9b:cd:1c:2a:e6:57:3f:f2:d4:81:dd:07: + f3:dc:39:53:1c:09:f9:bf:0f:f6:5c:8e:2f:e0:aa: + f7:b8:58:4b:21:3f:5d:2f:08:24:e4:3a:3b:52:6f: + 28:3c:ee:29:f5:03:be:8b:93:9a:f1:ac:ce:12:ac: + fe:7f:32: +exp1: + 00:a7:07:16:77:8a:2d:8b:d5:e1:da:74:8f:00:70: + 82:46:9f:72:76:ea:81:78:86:77:b0:b2:48:a2:61: + 2c:6c:58:1f:b2:7d:b7:97:86:ca:f4:8e:a7:ca:57: + 70:1f:19:16:3f:91:04:c9:d3:e6:a8:11:4b:fe:83: + 86:93:1f:4e:fc:91:54:a4:87:f8:5c:f7:fd:83:61: + 14:ed:aa:6c:07:df:f0:5c:13:9f:09:d8:d7:89:15: + ba:43:c5:91:74:9a:42:d2:12:9b:db:ff:62:70:62: + 01:b8:f4:30:62:e9:26:b6:40:87:4d:e6:82:ef:8e: + f9:67:97:f7:48:15:77:16:dc:1d:48:4d:c5:3c:6b: + e3:e6:90:7c:ab:89:ea:ed:25:e4:88:0e:d4:0c:b5: + 64:a5:43: +exp2: + 7a:14:b7:c9:b6:15:a3:03:1c:4b:d5:e5:c2:e3:5f: + fa:82:ec:93:84:fd:ab:6e:22:5e:2d:84:a2:12:8b: + fb:61:94:ae:7e:fa:94:a8:f5:d1:c3:8e:13:ac:ca: + f1:99:e2:1a:05:35:e2:7f:e1:a3:b4:03:26:fa:3f: + 5d:b2:b4:ec:97:6a:ff:eb:ea:25:8e:99:1a:7a:9e: + 27:a5:d2:6e:e4:b1:2f:42:9b:4e:a1:6b:41:7f:f5: + 6a:17:43:1e:4a:07:7e:b0:95:62:92:6d:88:94:00: + 4b:d0:d2:c8:1c:bb:a1:ec:f5:51:c2:57:27:fe:74: + b1:43:35:1a:0a:74:08:d9:59:52:a3:cc:ec:5e:65: + 85:31:53:b9:af:3f:44:17:c7:0e:14:77:50:3b:85: + 00:61: + +Public Key ID: 4D:56:B7:6A:00:58:F1:67:92:F4:A6:75:55:1B:8E:53:01:03:EF:CF + +-----BEGIN RSA PRIVATE KEY----- +MIIFfAIBAAKCATEAnORCsX1unl//fy2d1054XduIg/3CqVBaT3Hca65SEoDwh0Ki +PtQoOgZLdKY2cobGs/ojYtOjcs0KnlPYdmtjEh6WEhuJU95v4TQdC4OLMiE56eIG +q252hZAbHoTL84Q14DxQWGuzQK830iml7fbw2WcIcRQ8vFGs8SzfXw63+MI6Fq6i +MAQIqP08WzGmRRzL5wvCiPhCVkrPmwbXoABub6AAsYwWPJB91M9/lx5gFH5k9/iP +fi3s2Kg3F8MOcppqFYjxDSnsfiz6eMh1+bYVIAo367vGVYHigXMEZC2FezlwIHaZ +zpEoFlY3a7LFJ00yrjQ910r8UE+CEMTYzE40D0olCMo7FA9RCjeO3bUIoYaIdVTU +GWEGHWSeoxGei9Gkm6u+ASj8f+i0jxdD2qXsewIDAQABAoIBMGrNBA2ZCmVrihzE +K8+2jj+uQ0c+xnXFykSMiPUQjLQl7BbXqGTGvb+KK3Fz+FqMHtXDsLUExx5OMC1J +fHBYd++MvLIE5r4eDOEsPZ1p5aaxcaAiClJG9w3C5IMo+UGDPb2wsS0P281rub8q +NNdCJACKn/eCRDoaC3V+C2zFMz120l5AcQ3ooRCQmralnL8tdCyLF9lvzpC4eXnd +FEq8h5YkgVoUa88WspRet3vMzEqpjuOpw3BRHwP28JIfHjmaWAXgnAxOBkpqMSPm +Ib8K7I8xoMkk4s3/+iX6HL9PIsblD1KNlasfWDAg8Svq38SvtX4QxU8Wcj/1Log8 +USM3IHxV1LvXI2qwFIGkwWsGOygX6YDdGuXWuw0wy2o0myOuSUlCJLh/cvbpSsl1 +K3+sQLECgZkA0JynDzrE7IQ9kiI57z6BJ4pevwF9aXjo7K9iz8DsHfA49Pnlq7yq +olx4+iMNA5x7KTxvJpHJpDFBcmN2ZQIN8VYPsHDvvm6Xu/btV7YCFuuD9sn2zlHS +kbahhYO52topsesjat09zB9A4vJo275/Kk8rW+2t/8jvFpwVaHEkjES7WBcN8vq3 +yubxs15F/DpWgkSV1RWQydMCgZkAwIfvCXlOSuojhscQPlmQjvAy/4qdj1zcLFqZ +akYE3cINQfA8cXiV/BDakJ0a+PUn6yYrRMKxZCcsP/QDmOm3NHBpaXu8yYW4i+NF +oESQuT+/drihKaYFY8sDoooGMc60FYl/7uXOidqM5g84Qx7M3FjzcxkdgpwO+vKo +rauRCQb8phDNgr5K+zyykgskz20CLg1KUqo0wbkCgZkApwcWd4oti9Xh2nSPAHCC +Rp9yduqBeIZ3sLJIomEsbFgfsn23l4bK9I6nyldwHxkWP5EEydPmqBFL/oOGkx9O +/JFUpIf4XPf9g2EU7apsB9/wXBOfCdjXiRW6Q8WRdJpC0hKb2/9icGIBuPQwYukm +tkCHTeaC7475Z5f3SBV3FtwdSE3FPGvj5pB8q4nq7SXkiA7UDLVkpUMCgZh6FLfJ +thWjAxxL1eXC41/6guyThP2rbiJeLYSiEov7YZSufvqUqPXRw44TrMrxmeIaBTXi +f+GjtAMm+j9dsrTsl2r/6+oljpkaep4npdJu5LEvQptOoWtBf/VqF0MeSgd+sJVi +km2IlABL0NLIHLuh7PVRwlcn/nSxQzUaCnQI2VlSo8zsXmWFMVO5rz9EF8cOFHdQ +O4UAYQKBmQCGLjB2rf3TAKsG5r+q2x9JiiN8tL6z+v9aetcJLK3t0gx9qLzjpKON +EA5Ho61dZjtYNVWVUz0fXgrbEDK2Co/gDEuM5pTvXrrLs9CyiKPW/xYOYFn+C0MD +b+pXVJvNHCrmVz/y1IHdB/PcOVMcCfm/D/Zcji/gqve4WEshP10vCCTkOjtSbyg8 +7in1A76Lk5rxrM4SrP5/Mg== +-----END RSA PRIVATE KEY----- diff --git a/doc/credentials/x509/ca.pem b/doc/credentials/x509/ca.pem new file mode 100644 index 0000000..0fd5eea --- /dev/null +++ b/doc/credentials/x509/ca.pem @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDUDCCAgigAwIBAgIBADANBgkqhkiG9w0BAQsFADAZMRcwFQYDVQQDEw5HbnVU +TFMgVGVzdCBDQTAeFw0xMTA1MjgwODM2MzBaFw0zODEwMTIwODM2MzNaMBkxFzAV +BgNVBAMTDkdudVRMUyBUZXN0IENBMIIBUjANBgkqhkiG9w0BAQEFAAOCAT8AMIIB +OgKCATEAnORCsX1unl//fy2d1054XduIg/3CqVBaT3Hca65SEoDwh0KiPtQoOgZL +dKY2cobGs/ojYtOjcs0KnlPYdmtjEh6WEhuJU95v4TQdC4OLMiE56eIGq252hZAb +HoTL84Q14DxQWGuzQK830iml7fbw2WcIcRQ8vFGs8SzfXw63+MI6Fq6iMAQIqP08 +WzGmRRzL5wvCiPhCVkrPmwbXoABub6AAsYwWPJB91M9/lx5gFH5k9/iPfi3s2Kg3 +F8MOcppqFYjxDSnsfiz6eMh1+bYVIAo367vGVYHigXMEZC2FezlwIHaZzpEoFlY3 +a7LFJ00yrjQ910r8UE+CEMTYzE40D0olCMo7FA9RCjeO3bUIoYaIdVTUGWEGHWSe +oxGei9Gkm6u+ASj8f+i0jxdD2qXsewIDAQABo0MwQTAPBgNVHRMBAf8EBTADAQH/ +MA8GA1UdDwEB/wQFAwMHBgAwHQYDVR0OBBYEFE1Wt2oAWPFnkvSmdVUbjlMBA+/P +MA0GCSqGSIb3DQEBCwUAA4IBMQAesOgjGFi1zOYpA/N3gkUVRcBHDxmN7g2yOcqH +VfhFc+e4zhOehR11WCt2RgzNlnYVmV5zBmQBdTAt8Po/MVhLCDW1BULHlLvL0DFc +4sB1RlcGeQcCKQa4b+Q9VWf4f6TfuEWZQC5j5stiXjVgOqrOMrzKZ2eKWA4JsL9s +V+7ANSZE+hOt1X1mA8moyqe95U2Ecih+nFJSWSBd1WFiEzVnXv4FVWPXbH9HERDK +VbasjofWWmQO1YlQPishLgm1IbwqOkOk4sDgoLuUZ4GgP0DDeN6EmRDOzByrv+9u +f45Bl9IQf4IJNPLU9lEqjyMOydqT6kBi7fjV5ICuQZ4EeVJsOGuX7PqNyoDzJHLv +ferRfNLr6eQSHSxBhS0cVyDjb5gCawK6u7xTU+b7xikEie9k +-----END CERTIFICATE----- diff --git a/doc/credentials/x509/cert-dsa.pem b/doc/credentials/x509/cert-dsa.pem new file mode 100644 index 0000000..c21a761 --- /dev/null +++ b/doc/credentials/x509/cert-dsa.pem @@ -0,0 +1,25 @@ +-----BEGIN CERTIFICATE----- +MIIEHjCCAtagAwIBAgIETeC1BzANBgkqhkiG9w0BAQsFADAZMRcwFQYDVQQDEw5H +bnVUTFMgVGVzdCBDQTAeFw0xMTA1MjgwODQwNDBaFw0zODEwMTIwODQwNDJaMDQx +MjAwBgNVBAMTKUdudVRMUyBUZXN0IHNlcnZlciAoRFNBLTEwMjQgY2VydGlmaWNh +dGUpMIIBtzCCASsGByqGSM44BAEwggEeAoGBAO/WtAHbRcvdRDpue8a0zmg5HQW/ +mBryofzzIh1w/sdAiWE8tt6rkHAsQHsNYI1M3+jR+NmmNtpPA25t+v8/qtK/cm2I +Z+9QLEKMbWAPrUTqfxQikbCbfo5gQx/YAyo+7awrBEGTmP3rFrrHFba2CTqaGG+z +LSMTn3nVa/GIvutRAhUAlMaFSh8Ou5euuVBJc7ar+WCMCo8CgYBMEqG7/XUqnX8W +MDOLekjIx3WB+fOd8fxKdVUbOsVoBZQLBxRtyPKrSvpHzx25yKicYMUib51/pNrh +VtEmzDATIkzIdodJcvk/JylUacXMUogMqKB43ud2xtvrfwrwaPpggfARRJARL3BV +sV06u4EKIwhfGK3QK64Ra193Tm4N2gOBhQACgYEAuEVc/7JP+XaIKj+4XL9ElJ+j +W29+orCejHw4/ygwssNXLOAKuGdDVlAT0T6suTNvvdizTvgJCoyKhJ/0Xns1R/Of +NkMTyxfyzZFip+NMLJ3t6CLOfiTpeRKJ3B0Ejd2CpjgM3ERxMjzlJTJDVMnBRcjg +D4ZZ2jkaWFa/2aq93uajgY0wgYowDAYDVR0TAQH/BAIwADAUBgNVHREEDTALggls +b2NhbGhvc3QwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDwYDVR0PAQH/BAUDAweAADAd +BgNVHQ4EFgQUOUVzA4D/PYbxnL/xySaz6e1LtYMwHwYDVR0jBBgwFoAUTVa3agBY +8WeS9KZ1VRuOUwED788wDQYJKoZIhvcNAQELBQADggExAEPV5T9egryuS0KfrGid +9VY4J4aI/4UlugO66+USexIiUh4UYK+0MFpIzTKobJfBOjHuE4oKymV9gV2rvR7I +ty7GbyR1DJ5qKPr5cNwwDVN9fJzmxH5aRbAubzJGbwc8OqOLbA64rns+iMbxvpbS ++vqzOp+JgsUAjRY4bylwDCCVixSd/T2CmrnevaEWeBjaKCPt7TT7FFH6OJcSRnLQ +WJZeFpGhk/wn6/zYwsWUAoiaXZT2W6DsqAZrQA4tGd6r6vpRnKtMsR8wGXfYWcw/ +cytAJ4xz2oBeUrtccx3k/Y7f5qWmMqfWQzqeWY6iFVPKKaydZpuC22IqOe6lTfcW +gSJEMBF0E9T0hius4nlQ0C5/OmuugXLC6Elzb3cjy41BcPxM4WoAN1+uyR/6vS5T +YOo= +-----END CERTIFICATE----- diff --git a/doc/credentials/x509/cert-ecc-sign.pem b/doc/credentials/x509/cert-ecc-sign.pem new file mode 100644 index 0000000..1a37228 --- /dev/null +++ b/doc/credentials/x509/cert-ecc-sign.pem @@ -0,0 +1,16 @@ +-----BEGIN CERTIFICATE----- +MIICejCCATKgAwIBAgIIWDgCehVRDVowDQYJKoZIhvcNAQELBQAwGTEXMBUGA1UE +AxMOR251VExTIFRlc3QgQ0EwIBcNMTYxMTI1MDkyMDU5WhgPOTk5OTEyMzEyMzU5 +NTlaMBcxFTATBgNVBAMTDFNpZ25pbmcgY2VydDBZMBMGByqGSM49AgEGCCqGSM49 +AwEHA0IABExURrCCMC8IFrefI//PugUNi20YWKxGudCeq3J298gLO9dvbcSX+w2I +M70X4v5Di0iZYCRXnLclbnFKPwNk3LGjYTBfMAwGA1UdEwEB/wQCMAAwDwYDVR0P +AQH/BAUDAweAADAdBgNVHQ4EFgQUvvYAxiRrYOq1+BPJpdXgySnV1zMwHwYDVR0j +BBgwFoAUTVa3agBY8WeS9KZ1VRuOUwED788wDQYJKoZIhvcNAQELBQADggExAGRN +PybhFeWRXUFteKH3pUpCIS/qWQHIcmHiSIw4S8Nh26pEleH5Ni99wf/DvYheONy4 +044YdIlDLFyXD5Ny469aEPkQm4VmgM+o7mG2dwg4om8KRTFL8G6JmVmT48s/1lD8 +sWzvz8gAegyPDh+CaPbO9XaLrFVhDdpO/IORPeMtvkVQY/Z1tVO3JgXvkAdrdJkK +uF8LFcVwHvjZIVoNdkk5J+VrKP0nWcmlEkLsL+OHUmf2drQneJ2fPsdjGGn9Vj0d +9l/mn/9dtEEMGasPJhj4y7oVJ7CC8Qu4ksFng5dW6x5bmVZpn15ruzJc21SkEWPU +D4N6LsdWC2+w4k2o3fV3b+FlHvswlAsgU0eMq9WHnVbSdWSsEUgGk8E8nhTLdQ82 +DUgMweNWlGd7k/VI06w= +-----END CERTIFICATE----- diff --git a/doc/credentials/x509/cert-ecc.pem b/doc/credentials/x509/cert-ecc.pem new file mode 100644 index 0000000..1c55be0 --- /dev/null +++ b/doc/credentials/x509/cert-ecc.pem @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICpjCCAV6gAwIBAgIIU2YrORG+GMswDQYJKoZIhvcNAQELBQAwGTEXMBUGA1UE +AxMOR251VExTIFRlc3QgQ0EwIhgPMjAxNDA1MDQxMTU3NDZaGA85OTk5MTIzMTIz +NTk1OVowFDESMBAGA1UEAxMJbG9jYWxob3N0MFkwEwYHKoZIzj0CAQYIKoZIzj0D +AQcDQgAETFRGsIIwLwgWt58j/8+6BQ2LbRhYrEa50J6rcnb3yAs7129txJf7DYgz +vRfi/kOLSJlgJFectyVucUo/A2TcsaOBjTCBijAMBgNVHRMBAf8EAjAAMBQGA1Ud +EQQNMAuCCWxvY2FsaG9zdDATBgNVHSUEDDAKBggrBgEFBQcDATAPBgNVHQ8BAf8E +BQMDB4AAMB0GA1UdDgQWBBS+9gDGJGtg6rX4E8ml1eDJKdXXMzAfBgNVHSMEGDAW +gBRNVrdqAFjxZ5L0pnVVG45TAQPvzzANBgkqhkiG9w0BAQsFAAOCATEAY82vpv/M +eEflAONp+MUZR6DXCpWVXMeIHAoqlxx+wA69Pf+avBcO2bgw3oRfE6ejxKM/AU9I +u4rSWU8Xa5nX1yb3+/urj3lFHGxG00qzOXDiQBICYMrpbtsTyCRGOKtKvM7/PC2Z +3FP1wi1COqi2PU0cHX3zOInA3suQAFpauKU8dtcdYOkSMSuM06Cga2cX6K1Qh8ok +dP1O7SEQwXBZfiudiw7LA+zldcgetKofgZMbjXevloO9A+xoTeUafjJ4hQ00vGDi +3C9DQh3lZtJFqoaEQbMxqcgvpnnGort+CIRDFLy5MMqkRlH6QPQJrAPgvM4ss7RV +xyBP6KzElYFrSxwCErekGmlp8X2XVbRTQJUQOiPpQ9Nitwev4PaBR5NVHuEKZKpi +HYvq+scVoI+I4A== +-----END CERTIFICATE----- diff --git a/doc/credentials/x509/cert-gost01.pem b/doc/credentials/x509/cert-gost01.pem new file mode 100644 index 0000000..91ee92c --- /dev/null +++ b/doc/credentials/x509/cert-gost01.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIICzzCCAYegAwIBAgIIWDz9jhh1DgAwDQYJKoZIhvcNAQELBQAwGTEXMBUGA1UE +AxMOR251VExTIFRlc3QgQ0EwIBcNMTYxMTI5MDQwMTE5WhgPOTk5OTEyMzEyMzU5 +NTlaMDUxMzAxBgNVBAMTKkdudVRMUyBUZXN0IHNlcnZlciAoR09TVCAyMDAxIGNl +cnRpZmljYXRlKTBjMBwGBiqFAwICEzASBgcqhQMCAiMBBgcqhQMCAh4BA0MABEC5 +V8s59a1LRKeQBv3Zknci/H581sZjfQavcTxe/rzVVDo0NtL6RjtY4fv0FcReVrap +HyrcsEoVgRlYtb2oP7ruo4GNMIGKMAwGA1UdEwEB/wQCMAAwFAYDVR0RBA0wC4IJ +bG9jYWxob3N0MBMGA1UdJQQMMAoGCCsGAQUFBwMBMA8GA1UdDwEB/wQFAwMHgAAw +HQYDVR0OBBYEFPdNK/tTqJobyllIdBOSU0aVsZa4MB8GA1UdIwQYMBaAFE1Wt2oA +WPFnkvSmdVUbjlMBA+/PMA0GCSqGSIb3DQEBCwUAA4IBMQByEmQuG1vAVeEEPHxi +04P2dz7Vaw77QOXsKT3sungZpacGqFFB1ZgpxT6W0yriIa55grhTWRXnrCEWBFGE +eOQrg7qkgdwDEFdmjO5TBYhSrX8ykkq1trhSSTVBJkgweHsAVlbA+xhUMgu0FKyN +ViraCsbUh3QZSBTSUrQJpGQgdeBMiBfsf7rAo7ICQSdYhyc9lW7FZVwvX1Xvrjxq +W6G5XBdxAk7xPJxrpWzC/xkxK97ceCYSulGrgkYuFVWa66t3F0YtSYlQ1z0HqJh5 +yrkuxW1LS+f6gcxc/k1f/BZR1gxWMwME8kL3C9C1Ud+5wejKMVtT+/bPKZztoAPy +ik4r7vEu1WQDnepN5D0dQqzH7a/Xvy7ELOAKg0icKsHaHBX6OinLOOZeQ0xMQpjo +W411 +-----END CERTIFICATE----- diff --git a/doc/credentials/x509/cert-gost12.pem b/doc/credentials/x509/cert-gost12.pem new file mode 100644 index 0000000..2b6f72c --- /dev/null +++ b/doc/credentials/x509/cert-gost12.pem @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDFzCCAc+gAwIBAgIIWDz9WwicqOswDQYJKoZIhvcNAQELBQAwGTEXMBUGA1UE +AxMOR251VExTIFRlc3QgQ0EwIBcNMTYxMTI5MDQwMDI5WhgPOTk5OTEyMzEyMzU5 +NTlaMDUxMzAxBgNVBAMTKkdudVRMUyBUZXN0IHNlcnZlciAoR09TVCAyMDEyIGNl +cnRpZmljYXRlKTCBqjAhBggqhQMHAQEBAjAVBgkqhQMHAQIBAgEGCCqFAwcBAQID +A4GEAASBgHrV5GYilkHQ75pNQH3H7XA0rFzLQU3cyiBXWa9GAajMmXCsEc96tLO8 +4inIoYd+pKXW5JFjpcKQP2RYWO8ozWiDcAipeNegdEFIj9YXGhlLkE9Ji5tLo3CQ +E/qmAXcG3/A4fnTPe8ONMcr1mNauvy2ZMR4GHMwngQnclHjxkA+po4GNMIGKMAwG +A1UdEwEB/wQCMAAwFAYDVR0RBA0wC4IJbG9jYWxob3N0MBMGA1UdJQQMMAoGCCsG +AQUFBwMBMA8GA1UdDwEB/wQFAwMHgAAwHQYDVR0OBBYEFM3S8msevnnQj915hOMP +qlzJUzk0MB8GA1UdIwQYMBaAFE1Wt2oAWPFnkvSmdVUbjlMBA+/PMA0GCSqGSIb3 +DQEBCwUAA4IBMQBJV6tIOi08WYSTY26y5C+YytuMwYiEcSYQX0qEnTLroetO92UB +vlqvfR3LH/Dky7lal/gLdQ03Qiyam9uqOuPM+KUkveKdMEVus1pkqk7E450lXK27 +GEwbKtkGptwjdaVEmoUdha8Om9YsJpdccOaKVGf1XDrhVa0UPZmKDagLc8nkk8W4 +Gr5bE6QgxUfF7TUQIltM+5hhhRo2XWJJdANMSmcREj63rwTPcEyhqILms7a1LXlC +s/GED7P0KQYnuhzwrYhZgaD0/FMMljpHyIYuo7r0ELwb8wQNTIt3YfliOW131/fD +ZNgRZpxkTrEFw8TgOv78aSX60n6zeiRDGlQlFCmx1MHOEL/8jDDMEhKi1R47DZTX +rpz7EIn/e9OqO+E/B9tIIsEjuctNT/ylYjrG +-----END CERTIFICATE----- diff --git a/doc/credentials/x509/cert-rsa-pss.pem b/doc/credentials/x509/cert-rsa-pss.pem new file mode 100644 index 0000000..a1a876a --- /dev/null +++ b/doc/credentials/x509/cert-rsa-pss.pem @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDWTCCAhGgAwIBAgIIWYl7hABP8u0wDQYJKoZIhvcNAQELBQAwGTEXMBUGA1UE +AxMOR251VExTIFRlc3QgQ0EwIBcNMTcwODA4MDg1MTE2WhgPOTk5OTEyMzEyMzU5 +NTlaMAAwggEgMAsGCSqGSIb3DQEBCgOCAQ8AMIIBCgKCAQEAndjwZ1p/m9BbCDGx +vn/yvqINoivwaCwrCQ94/ckTUhw+sE4n2MDU23tSxf/Ac8XMFUQg9M6W6RUGsG48 +W5gUs616kJVBRRtdQ7zQWsOfK4BxqN02Aq7RSAXy284sgdcP71nl9MR77/DDCdYk +UnWPu2N+mtnFfrPOT3TuAU6WZS38vCzz+qevnYFaAvvbU7th9cAEWDlaIPo7fQNx +8dC9ccVVk3nRaIitrFaLs3y0Y36eXDsLkR0g9qm6RjgHjVVWjhPPAb96SBj4LjMN +KgHRA6NtIUWB9tyyMrwcAaAp8hTZwFYjLS2tkJV0pYlfWvQSjl2I1swHrKNkheKX +R3L3eQIDAQABo4GNMIGKMAwGA1UdEwEB/wQCMAAwFAYDVR0RBA0wC4IJbG9jYWxo +b3N0MBMGA1UdJQQMMAoGCCsGAQUFBwMBMA8GA1UdDwEB/wQFAwMHgAAwHQYDVR0O +BBYEFGp+ppXHKlMtWeuML0b98cYOIdspMB8GA1UdIwQYMBaAFE1Wt2oAWPFnkvSm +dVUbjlMBA+/PMA0GCSqGSIb3DQEBCwUAA4IBMQBiV5IoE/3e/YjP7FVyjXGzp8Kz +Zalj5fByCAMIwQ2oiWYsPYegNvJzUs42QMZ/AdCZdpXjTeFxPoN4T9pO+65ONGBL +X2mPCRu8oB2q9BPoOTV2ENVfLJHQa507ouZsC3/7NePZW+PlPM774Yxdhbhbj+4E +J2Onl7yQeHrXLgnbO8GzDHfjvG3Z6Zmrv80YcfGSXPtSr2vKMlXTc7yU+OD1s685 +JjiCtIw2o5UmewJO4QpPPD2wcqwIQCXcCR2bVFZhf0/6nhfNQSFEK4qhJbOr2EY8 +zesxVU2YWGCDKluoFxwEEHTpmpNUDmW8lYN3Dh8Qd2luKRQaGZUKc9Ve+M9iAzu6 +2FmF6uGPfI0eu13eIe/Mas4zvFgYB43U5wWUGgNrvRASN9cyqVBqDIcLeuLj +-----END CERTIFICATE----- diff --git a/doc/credentials/x509/cert-rsa.pem b/doc/credentials/x509/cert-rsa.pem new file mode 100644 index 0000000..000c38d --- /dev/null +++ b/doc/credentials/x509/cert-rsa.pem @@ -0,0 +1,22 @@ +-----BEGIN CERTIFICATE----- +MIIDtDCCAmygAwIBAgIETeC0yjANBgkqhkiG9w0BAQsFADAZMRcwFQYDVQQDEw5H +bnVUTFMgVGVzdCBDQTAeFw0xMTA1MjgwODM5MzlaFw0zODEwMTIwODM5NDBaMC8x +LTArBgNVBAMTJEdudVRMUyBUZXN0IFNlcnZlciAoUlNBIGNlcnRpZmljYXRlKTCC +AVIwDQYJKoZIhvcNAQEBBQADggE/ADCCAToCggExALRrJ5glr8H/HsqwfvTYvO1D +hmdUXdq0HsKQX4M8AhH8E3KFsoikZUELdl8jvoqf/nlLczsux0s8vxbJl1U1F/Oh +ckswwuAnlBLzVgDmzoJLEV2kHpv6+rkbKk0Ytbql5gzHqKihbaqIhNyWDrJsHDWq +58eUPfnVx8KiDUuzbnr3CF/FCc0Vkxr3mN8qTGaJJO0f0BZjgWWlWDuhzSVim5mB +VAgXGOx8LwiiOyhXMp0XRwqG+2KxQZnm+96o6iB+8xvuuuqaIWQpkvKtc+UZBZ03 +U+IRnxhfIrriiw0AjJ4vp4c9QL5KoqWSCAwuYcBYfJqZ4dasgzklzz4b7eujbZ3L +xTjewcdumzQUvjA+gpAeuUqaduTvMwxGojFy9sNhC/iqZ4n0peV2N6Epn4B5qnUC +AwEAAaOBjTCBijAMBgNVHRMBAf8EAjAAMBQGA1UdEQQNMAuCCWxvY2FsaG9zdDAT +BgNVHSUEDDAKBggrBgEFBQcDATAPBgNVHQ8BAf8EBQMDB6AAMB0GA1UdDgQWBBR2 +B1hM6rUp9S2ABoyDSoINCeyT3jAfBgNVHSMEGDAWgBRNVrdqAFjxZ5L0pnVVG45T +AQPvzzANBgkqhkiG9w0BAQsFAAOCATEAdNWmTsh5uIfngyhOWwm7pK2+vgUMY8nH +gMoMFHt0yuxuImcUMXu3LRS1dZSoCJACBpTFGi/Dg2U0qvOHQcEmc3OwNqHB90R3 +LG5jUSCtq/bYW7h/6Gd9KeWCgZczaHbQ9IPTjLH1dLswVPt+fXKB6Eh0ggSrGATE +/wRZT/XgDCW8t4C+2+TmJ8ZEzvU87KAPQ9rUBS1+p3EUAR/FfMApApsEig1IZ+ZD +5joaGBW7zh1H0B9mEKidRvD7yuRJyzAcvD25nT15NLW0QR3dEeXosLc720xxJl1h +h8NJ7YOvn323mOjR9er4i4D6iJlXmJ8tvN9vakCankWvBzb7plFn2sfMQqICFpRc +w075D8hdQxfpGffL2tEeKSgjyNHXS7x3dFhUpN3IQjUi2x4f2e/ZXg== +-----END CERTIFICATE----- diff --git a/doc/credentials/x509/clicert-dsa.pem b/doc/credentials/x509/clicert-dsa.pem new file mode 100644 index 0000000..036ee68 --- /dev/null +++ b/doc/credentials/x509/clicert-dsa.pem @@ -0,0 +1,24 @@ +-----BEGIN CERTIFICATE----- +MIIEHDCCAtSgAwIBAgIETeC1sjANBgkqhkiG9w0BAQsFADAZMRcwFQYDVQQDEw5H +bnVUTFMgVGVzdCBDQTAeFw0xMTA1MjgwODQzMzFaFw0zODEwMTIwODQzMzNaMCYx +JDAiBgNVBAMTG0dudVRMUyBjbGllbnQgY2VydGlmaWNhdGUgMjCCAbYwggErBgcq +hkjOOAQBMIIBHgKBgQCsGHW8mIEpnO8/gtLPZKXYhD+/J6L6pvxiFmopjUMwYQGJ +lXwlFnRK+T8OlYyo0Mw56m37WCW9Jlo6EQYezDsYj9Asjdeoj6tc8Wx0y+N0jPIZ +4TLlTAm5cNyxQbFTi+sX7aibk7n/mws6/g6+fFzt5UUvxCQQZXZyMp9cISIB5QIV +AOI6X9iLEiaUtK3oiEcIbxseI7GDAoGAT0pw0vTQfTQsgSwoiTrVTPuMU0UmwTaZ +sbZF7e2JkX8fVfdjm5M+n10eYpI9bCQmDY39g2u66L/4Z1puNF+iumv0ozAvSGp3 +0QnLVf6+bPHOsxgCjAwe7Qnh4i8RifgnkPjer/K1TrTXmHea5vUtTZPnOdoAVpRv +ibbtFPwUpK0DgYQAAoGABrNgIU7YbUWZL2h/WbDrPcTByaqv+D68pWXKQBwvis9B +qlzZgGyO2wDwoAJ1MaQzYfcStfQzh08mnsEYWuQcAEJneVsJwJXl03PabicAN57b +nFvQnogWuxtG8VH5ER1lZFG7uyPWBIRVc5PpBiPSueyWjpgk8lpktFLKxoKGsgOj +gZowgZcwDAYDVR0TAQH/BAIwADATBgNVHSUEDDAKBggrBgEFBQcDAjAhBgNVHREE +GjAYgRZ0ZXN0Y2xpZW50MkBnbnV0bHMub3JnMA8GA1UdDwEB/wQFAwMHgAAwHQYD +VR0OBBYEFKhsWFz9V6LBQcBCR6dGUw3SXd/CMB8GA1UdIwQYMBaAFE1Wt2oAWPFn +kvSmdVUbjlMBA+/PMA0GCSqGSIb3DQEBCwUAA4IBMQCMtowreVk7QJjY0p6sqoK4 +qOehcxS8K8heWs14pvlon49U/l9hoHMO6wRq8MC7QcV2MYMpTvSH8idlfxy49va8 +OOmAxC9AW92hDg3a7wcPUAhj0Ee4YqjyXrM+x0LuOrp83IVPwJWcRRXogLp/xnlx +NxrYytZd34NOd2Y0QCOT/vSFOazHv05MaMTMkPe1OEZmXFWjRfuFhuUbRTf1104O +9VJpVR0YBThiII0NXGjJV7fBqDr+54fDmUBiktiq1BuJO0jrqEsnfpKaZ2Vl/dQr +i0D5K4i56rB/qsw47jIsyduq54uUrm2akNE6PK3Fy15jTjlXJlxkpPAKMP5A/lDT +zp9GRtXNrOszeMjPDgG+lPZ8kVkliBgOJtShP39uPtelwvr+ey/yxM7oF2GUv1DY +-----END CERTIFICATE----- diff --git a/doc/credentials/x509/clicert.pem b/doc/credentials/x509/clicert.pem new file mode 100644 index 0000000..e31f810 --- /dev/null +++ b/doc/credentials/x509/clicert.pem @@ -0,0 +1,24 @@ +-----BEGIN CERTIFICATE----- +MIIEBzCCAr+gAwIBAgIETeC1gjANBgkqhkiG9w0BAQsFADAZMRcwFQYDVQQDEw5H +bnVUTFMgVGVzdCBDQTAeFw0xMTAyMDEyMzAwMDBaFw00NjAzMjQwOTE5MjVaMCYx +JDAiBgNVBAMTG0dudVRMUyBjbGllbnQgY2VydGlmaWNhdGUgMTCCAaIwDQYJKoZI +hvcNAQEBBQADggGPADCCAYoCggGBANI/BXt91UnF78iyDDWWLr2viu5EgfrjPAdE +CDkw8gOYI2wJ3mFhdexPx+k9XPsQyQwqSXG2uFZSm/r7S++4EtqsZAjiQdMH1O/A +ZG1RdqBly1ibiHKUDQc5R75NOjD9IPXF+W0DptgKDk0Ayj6r03gW2mEKdH8/WyOt +SfZtTHbRzCO6q9C3Z+zUSJLo6Cis8WHkK5MWHhOWM+3D5CH4FuE2dn8nbKvclQSv +y3DfI3jTli7moGRnG+nl7Om+xLD+VC8/p1o83TZ37RbYfBC+e4QwOUY7aOOiijaX +EceNtIjOmXT2QoYd+opRZ02lD+DwIy8fyMbXJVVPCalA32fKdlF0bVKU57hdskQT +PBTY+KT4NNrOcQEA22np5CP6pE/PyqzcDy6GQIlWFprQMhN4mxvRDKeITg+i7tRz +FjmOyXY4tb3CE36zbOs33WGarzsgUODFbZxEhBvK8ZBlAYJu/1F7OL0ua6zst4d3 +LvaH1M+qWheZYRT3mlUGKxODRfpmpQIDAQABo4GZMIGWMAwGA1UdEwEB/wQCMAAw +EwYDVR0lBAwwCgYIKwYBBQUHAwIwIAYDVR0RBBkwF4EVdGVzdGNsaWVudEBnbnV0 +bHMub3JnMA8GA1UdDwEB/wQFAwMHgAAwHQYDVR0OBBYEFKTSbi3PbjaGuxAbLd7v +MLqpdN5EMB8GA1UdIwQYMBaAFE1Wt2oAWPFnkvSmdVUbjlMBA+/PMA0GCSqGSIb3 +DQEBCwUAA4IBMQBDCpK+ejMoBFxk2FoGbWaYhSs2rIPrMpWP8zWIfieOsdhLfAvJ +E+BNrcCfqrVj02j2XTLzeQdDig2NTwCtrcsB0gas9fd+hoZWnFOSGM1yna2IuHTH +alDommWrICKvAONlK6V16NgZeGZ1PNWSuxquXFneC1WEVQLgseL5WyKEL8Qu/ftr +Lpp5k3PVpHdJaIihJHy583NPAR3wt3rU1E7Nlqr2hInyIpidoFuU8ExbIt5dc/W/ +FM4QuYSl3/PHzz9EbtHEl7F9uDUtuKBQ4VRVV+7AcNVJTA5M3jwwom6c6CWzbS5x +ypmozdKOyNV5+6yVx4SrRJyYApxIewWNuuWOMh5uJnbowq/p+K5EnXrOPVz8ooOv +dk7ZXwSib+EonzjB8UKyOd94mQfS6R/Y4PF2 +-----END CERTIFICATE----- diff --git a/doc/credentials/x509/clikey-dsa.pem b/doc/credentials/x509/clikey-dsa.pem new file mode 100644 index 0000000..999d2fc --- /dev/null +++ b/doc/credentials/x509/clikey-dsa.pem @@ -0,0 +1,12 @@ +-----BEGIN DSA PRIVATE KEY----- +MIIBugIBAAKBgQCsGHW8mIEpnO8/gtLPZKXYhD+/J6L6pvxiFmopjUMwYQGJlXwl +FnRK+T8OlYyo0Mw56m37WCW9Jlo6EQYezDsYj9Asjdeoj6tc8Wx0y+N0jPIZ4TLl +TAm5cNyxQbFTi+sX7aibk7n/mws6/g6+fFzt5UUvxCQQZXZyMp9cISIB5QIVAOI6 +X9iLEiaUtK3oiEcIbxseI7GDAoGAT0pw0vTQfTQsgSwoiTrVTPuMU0UmwTaZsbZF +7e2JkX8fVfdjm5M+n10eYpI9bCQmDY39g2u66L/4Z1puNF+iumv0ozAvSGp30QnL +Vf6+bPHOsxgCjAwe7Qnh4i8RifgnkPjer/K1TrTXmHea5vUtTZPnOdoAVpRvibbt +FPwUpK0CgYAGs2AhTthtRZkvaH9ZsOs9xMHJqq/4PrylZcpAHC+Kz0GqXNmAbI7b +APCgAnUxpDNh9xK19DOHTyaewRha5BwAQmd5WwnAleXTc9puJwA3ntucW9CeiBa7 +G0bxUfkRHWVkUbu7I9YEhFVzk+kGI9K57JaOmCTyWmS0UsrGgoayAwIUH0Y8uucT +n+JAU+T4tPGV+W3LXrg= +-----END DSA PRIVATE KEY----- diff --git a/doc/credentials/x509/clikey.pem b/doc/credentials/x509/clikey.pem new file mode 100644 index 0000000..d289fe6 --- /dev/null +++ b/doc/credentials/x509/clikey.pem @@ -0,0 +1,182 @@ +Public Key Info: + Public Key Algorithm: RSA + Key Security Level: High (3072 bits) + +modulus: + 00:d2:3f:05:7b:7d:d5:49:c5:ef:c8:b2:0c:35:96:2e + bd:af:8a:ee:44:81:fa:e3:3c:07:44:08:39:30:f2:03 + 98:23:6c:09:de:61:61:75:ec:4f:c7:e9:3d:5c:fb:10 + c9:0c:2a:49:71:b6:b8:56:52:9b:fa:fb:4b:ef:b8:12 + da:ac:64:08:e2:41:d3:07:d4:ef:c0:64:6d:51:76:a0 + 65:cb:58:9b:88:72:94:0d:07:39:47:be:4d:3a:30:fd + 20:f5:c5:f9:6d:03:a6:d8:0a:0e:4d:00:ca:3e:ab:d3 + 78:16:da:61:0a:74:7f:3f:5b:23:ad:49:f6:6d:4c:76 + d1:cc:23:ba:ab:d0:b7:67:ec:d4:48:92:e8:e8:28:ac + f1:61:e4:2b:93:16:1e:13:96:33:ed:c3:e4:21:f8:16 + e1:36:76:7f:27:6c:ab:dc:95:04:af:cb:70:df:23:78 + d3:96:2e:e6:a0:64:67:1b:e9:e5:ec:e9:be:c4:b0:fe + 54:2f:3f:a7:5a:3c:dd:36:77:ed:16:d8:7c:10:be:7b + 84:30:39:46:3b:68:e3:a2:8a:36:97:11:c7:8d:b4:88 + ce:99:74:f6:42:86:1d:fa:8a:51:67:4d:a5:0f:e0:f0 + 23:2f:1f:c8:c6:d7:25:55:4f:09:a9:40:df:67:ca:76 + 51:74:6d:52:94:e7:b8:5d:b2:44:13:3c:14:d8:f8:a4 + f8:34:da:ce:71:01:00:db:69:e9:e4:23:fa:a4:4f:cf + ca:ac:dc:0f:2e:86:40:89:56:16:9a:d0:32:13:78:9b + 1b:d1:0c:a7:88:4e:0f:a2:ee:d4:73:16:39:8e:c9:76 + 38:b5:bd:c2:13:7e:b3:6c:eb:37:dd:61:9a:af:3b:20 + 50:e0:c5:6d:9c:44:84:1b:ca:f1:90:65:01:82:6e:ff + 51:7b:38:bd:2e:6b:ac:ec:b7:87:77:2e:f6:87:d4:cf + aa:5a:17:99:61:14:f7:9a:55:06:2b:13:83:45:fa:66 + a5: + +public exponent: + 01:00:01: + +private exponent: + 00:9a:a3:45:da:05:bc:79:ed:7f:27:23:65:fd:87:ff + ca:fe:b1:75:fc:a7:89:ab:d6:fc:15:1a:e3:4d:cf:c3 + bb:03:da:b4:0b:7f:9e:9a:88:7c:49:b2:90:b2:b1:eb + 2f:a4:a5:f9:ad:0c:d2:da:93:1a:2c:e8:e6:7a:63:ee + 62:2e:47:c9:8c:f9:13:49:80:61:f3:25:2a:8e:af:6c + dc:52:4b:52:e2:72:3b:d8:b5:46:79:31:4c:46:0f:c0 + 2e:9c:f6:c7:35:5a:69:3e:1f:6f:53:4d:d0:73:76:18 + 2d:0c:ca:04:74:17:29:7c:a5:01:41:b4:d3:ee:a2:3e + 06:a3:5a:68:33:75:69:60:a3:fd:a3:7f:82:95:37:4d + b4:a0:e6:9c:f2:2b:63:65:ce:a5:55:2d:2e:bf:99:64 + e2:b3:17:47:00:ed:5a:1e:fc:f0:1c:88:ca:f5:24:76 + fb:51:4c:1f:cf:3a:e9:e7:cb:0a:95:4d:7b:45:da:54 + c4:a9:bf:a4:ba:62:13:0b:aa:c1:a3:62:26:20:9e:05 + 56:1a:aa:7d:ae:9d:c8:df:b5:25:bc:d3:1a:a7:ae:25 + 23:4f:09:5b:aa:b5:82:84:ac:a4:2e:4a:ff:61:85:d9 + 01:10:11:83:10:03:63:92:bc:c5:dc:2f:3d:9b:0a:2c + 77:9e:f7:34:9c:29:f5:7b:95:02:d6:37:9f:08:1f:65 + 2a:20:37:0d:a1:7e:78:7d:39:6e:06:92:39:01:87:ea + ca:5c:7f:6f:48:28:c8:59:00:b3:1b:9e:be:71:8a:78 + fb:7a:b9:ad:5e:ea:d3:f0:7e:b7:dd:4b:2e:32:9e:8b + ac:d8:4c:d7:a4:fc:49:09:9f:e6:d0:3f:8f:3a:9f:89 + d5:58:c9:b6:80:4d:63:ff:06:2a:00:19:46:ca:89:64 + 68:69:2b:dc:3c:97:da:4d:48:e3:94:97:67:66:a5:a6 + 72:c4:27:f2:61:46:c8:9d:0d:fc:78:80:63:f3:22:76 + 21: + +prime1: + 00:ff:51:fc:70:58:f7:f8:2d:a3:91:89:bd:79:d3:0f + 3a:1a:98:52:7f:60:40:09:6e:27:2f:a5:5c:0e:7e:58 + 15:3b:13:cc:15:e0:f8:53:c7:5e:b8:5b:77:72:97:c7 + 4c:08:cd:1b:ea:40:b8:9d:fc:3a:0f:e3:ae:86:59:f8 + db:e2:a3:27:a4:a4:1b:e8:fb:7d:2f:57:d6:a8:03:c1 + ee:83:5e:86:52:dc:c7:be:e6:cb:33:83:c8:9d:71:90 + ec:21:9d:07:13:76:28:eb:51:c1:fa:a8:84:55:54:a3 + 19:cc:8a:37:9a:3e:7f:08:24:a0:80:e3:72:e5:1b:41 + 70:5c:3e:3e:ce:c0:bf:32:c3:dd:6b:34:23:7f:a5:41 + 48:54:f3:e4:29:4a:dc:aa:54:ea:62:16:82:02:02:3d + 9b:9b:44:94:73:b8:02:35:38:88:ae:fd:15:b7:1a:d2 + e2:18:d4:7f:b2:15:73:27:10:5e:08:0e:91:e5:0a:c4 + a9: + +prime2: + 00:d2:ce:50:a5:03:ba:00:e9:d9:ca:33:8c:d3:f0:d5 + c4:99:db:0d:1a:9e:2f:70:fd:bc:ef:d9:9d:3d:5c:fc + ba:6e:0f:1b:a7:73:ea:01:07:92:0e:c6:42:4d:83:e7 + d5:f8:65:93:70:e8:41:bd:67:10:3c:e9:6c:f7:62:96 + bd:77:3d:d8:9a:23:d5:30:68:80:c7:b8:63:c5:b7:99 + 0d:fc:df:53:32:d9:19:d3:9e:f2:91:34:8f:ec:a3:5e + 17:28:03:7e:1d:8f:02:40:b4:62:aa:75:78:d5:95:48 + ba:64:34:8e:de:2f:7f:f9:7e:c2:93:27:9c:26:7c:c4 + 05:24:ae:e1:77:e8:46:b7:53:75:30:d6:00:ea:c6:10 + a1:da:11:8e:d5:92:77:b0:e1:f4:9a:20:62:63:71:42 + b6:6c:90:1f:0f:a4:b8:fd:de:93:63:67:b9:a4:5e:ad + 55:ae:25:ab:80:c6:d7:20:1f:90:17:85:a2:30:d5:53 + 9d: + +coefficient: + 01:bc:99:f2:2e:b4:af:26:ad:13:50:fe:13:2b:df:3f + 9b:8f:ff:da:ce:f2:e3:63:e9:13:8e:37:f8:07:3c:9a + f8:39:67:11:8c:a9:01:ad:14:9a:8e:1b:32:cd:db:99 + 70:2e:4c:3f:bb:66:37:85:c4:91:45:a5:8d:04:19:f9 + e8:d7:f7:5c:d2:63:8f:f0:4a:54:40:57:26:e4:99:e4 + 92:af:f1:39:a8:71:95:3f:e7:24:47:f0:8b:fd:e1:77 + 86:53:4d:72:e7:ac:7e:cf:1c:a3:ca:1d:68:3f:16:8e + 1d:0d:ad:51:fb:8a:6e:b1:f6:54:a1:b3:fd:c6:43:dd + d1:3e:5a:8a:54:2e:4f:fb:d3:1a:14:d5:72:a4:03:50 + 7f:0c:72:8e:0c:43:f8:6f:be:d6:cf:75:51:fd:8f:3b + 74:1c:2e:4a:d4:b1:f3:b6:94:44:c6:32:e0:d5:d0:70 + 14:6a:d5:5f:21:a6:27:b1:7a:12:a6:0e:33:63:8e:87 + + +exp1: + 5e:dd:f8:bd:49:e1:81:3e:7b:fb:54:c1:a9:65:69:cf + fe:17:c0:f7:81:2c:ea:14:1a:cd:52:54:dd:31:c6:ca + c4:b3:bb:6e:19:b4:4b:74:d5:d6:0c:6e:5a:8e:d8:c7 + 80:b1:ad:80:a1:e1:b7:1a:03:fc:e9:6d:6c:90:3b:ae + 80:0c:7d:6b:68:6a:d2:6b:b7:7d:02:d7:48:80:74:eb + 89:b6:72:94:91:62:4a:a5:78:b5:40:6f:27:49:0e:3f + 1e:d2:38:d1:db:62:a2:e5:32:fd:4e:e6:34:ca:88:fb + ca:0b:45:53:b3:8b:01:dc:92:22:b1:e0:7c:0e:5f:87 + 3f:4f:05:89:4f:06:fb:f6:d8:eb:bf:68:bd:42:0a:fa + b4:4e:16:e5:dc:e2:17:0c:0c:36:bc:04:3c:78:d6:a9 + 5d:cc:e2:98:08:b4:11:50:5b:41:21:da:92:b9:8d:c7 + e2:cf:fa:4e:92:37:c2:39:0b:a7:54:ba:92:ef:28:59 + + +exp2: + 7f:13:f6:53:73:6a:a6:70:52:64:ed:2c:80:fb:16:b2 + 7c:99:2b:4e:17:7b:bb:de:8a:0e:00:9e:24:46:b0:e7 + 65:bf:5f:c9:53:3c:06:40:dd:10:60:fd:c9:22:b2:18 + 2f:b4:73:ec:45:66:93:d9:d4:55:13:d6:27:4f:5c:55 + 7c:d3:60:86:93:01:4a:3c:45:1d:a0:8f:2c:ba:5f:de + a9:c8:aa:ab:e5:6a:07:43:33:30:cb:81:d3:82:2c:0f + 43:84:cf:7a:dc:21:dc:85:a1:50:e6:9d:e0:0b:2d:1b + 87:9a:93:61:67:3a:fb:59:29:cc:71:bd:55:0a:33:54 + 72:67:a5:ed:95:ad:43:88:61:05:fe:8b:f0:fb:53:3d + 6e:6a:d5:32:f4:27:89:0e:bd:58:48:1b:67:9c:f8:3d + 66:36:7f:32:fb:f6:b4:bb:7f:18:16:88:37:89:07:6e + b6:1b:69:46:a9:17:37:fb:2e:ee:af:15:35:e0:f3:95 + + + +Public Key PIN: + pin-sha256:KWlMZRRNkQ8f3/ujmY2mCGbw2vE0LL0SkxmwGtZnESc= +Public Key ID: + sha256:29694c65144d910f1fdffba3998da60866f0daf1342cbd129319b01ad6671127 + sha1:6cf70b945b564959c660bb2b3cb4409253cf5602 + +-----BEGIN RSA PRIVATE KEY----- +MIIG4wIBAAKCAYEA0j8Fe33VScXvyLIMNZYuva+K7kSB+uM8B0QIOTDyA5gjbAne +YWF17E/H6T1c+xDJDCpJcba4VlKb+vtL77gS2qxkCOJB0wfU78BkbVF2oGXLWJuI +cpQNBzlHvk06MP0g9cX5bQOm2AoOTQDKPqvTeBbaYQp0fz9bI61J9m1MdtHMI7qr +0Ldn7NRIkujoKKzxYeQrkxYeE5Yz7cPkIfgW4TZ2fydsq9yVBK/LcN8jeNOWLuag +ZGcb6eXs6b7EsP5ULz+nWjzdNnftFth8EL57hDA5Rjto46KKNpcRx420iM6ZdPZC +hh36ilFnTaUP4PAjLx/IxtclVU8JqUDfZ8p2UXRtUpTnuF2yRBM8FNj4pPg02s5x +AQDbaenkI/qkT8/KrNwPLoZAiVYWmtAyE3ibG9EMp4hOD6Lu1HMWOY7Jdji1vcIT +frNs6zfdYZqvOyBQ4MVtnESEG8rxkGUBgm7/UXs4vS5rrOy3h3cu9ofUz6paF5lh +FPeaVQYrE4NF+malAgMBAAECggGBAJqjRdoFvHntfycjZf2H/8r+sXX8p4mr1vwV +GuNNz8O7A9q0C3+emoh8SbKQsrHrL6Sl+a0M0tqTGizo5npj7mIuR8mM+RNJgGHz +JSqOr2zcUktS4nI72LVGeTFMRg/ALpz2xzVaaT4fb1NN0HN2GC0MygR0Fyl8pQFB +tNPuoj4Go1poM3VpYKP9o3+ClTdNtKDmnPIrY2XOpVUtLr+ZZOKzF0cA7Voe/PAc +iMr1JHb7UUwfzzrp58sKlU17RdpUxKm/pLpiEwuqwaNiJiCeBVYaqn2uncjftSW8 +0xqnriUjTwlbqrWChKykLkr/YYXZARARgxADY5K8xdwvPZsKLHee9zScKfV7lQLW +N58IH2UqIDcNoX54fTluBpI5AYfqylx/b0goyFkAsxuevnGKePt6ua1e6tPwfrfd +Sy4ynous2EzXpPxJCZ/m0D+POp+J1VjJtoBNY/8GKgAZRsqJZGhpK9w8l9pNSOOU +l2dmpaZyxCfyYUbInQ38eIBj8yJ2IQKBwQD/UfxwWPf4LaORib150w86GphSf2BA +CW4nL6VcDn5YFTsTzBXg+FPHXrhbd3KXx0wIzRvqQLid/DoP466GWfjb4qMnpKQb +6Pt9L1fWqAPB7oNehlLcx77myzODyJ1xkOwhnQcTdijrUcH6qIRVVKMZzIo3mj5/ +CCSggONy5RtBcFw+Ps7AvzLD3Ws0I3+lQUhU8+QpStyqVOpiFoICAj2bm0SUc7gC +NTiIrv0VtxrS4hjUf7IVcycQXggOkeUKxKkCgcEA0s5QpQO6AOnZyjOM0/DVxJnb +DRqeL3D9vO/ZnT1c/LpuDxunc+oBB5IOxkJNg+fV+GWTcOhBvWcQPOls92KWvXc9 +2Joj1TBogMe4Y8W3mQ3831My2RnTnvKRNI/so14XKAN+HY8CQLRiqnV41ZVIumQ0 +jt4vf/l+wpMnnCZ8xAUkruF36Ea3U3Uw1gDqxhCh2hGO1ZJ3sOH0miBiY3FCtmyQ +Hw+kuP3ek2NnuaRerVWuJauAxtcgH5AXhaIw1VOdAoHAXt34vUnhgT57+1TBqWVp +z/4XwPeBLOoUGs1SVN0xxsrEs7tuGbRLdNXWDG5ajtjHgLGtgKHhtxoD/OltbJA7 +roAMfWtoatJrt30C10iAdOuJtnKUkWJKpXi1QG8nSQ4/HtI40dtiouUy/U7mNMqI ++8oLRVOziwHckiKx4HwOX4c/TwWJTwb79tjrv2i9Qgr6tE4W5dziFwwMNrwEPHjW +qV3M4pgItBFQW0Eh2pK5jcfiz/pOkjfCOQunVLqS7yhZAoHAfxP2U3NqpnBSZO0s +gPsWsnyZK04Xe7veig4AniRGsOdlv1/JUzwGQN0QYP3JIrIYL7Rz7EVmk9nUVRPW +J09cVXzTYIaTAUo8RR2gjyy6X96pyKqr5WoHQzMwy4HTgiwPQ4TPetwh3IWhUOad +4AstG4eak2FnOvtZKcxxvVUKM1RyZ6Xtla1DiGEF/ovw+1M9bmrVMvQniQ69WEgb +Z5z4PWY2fzL79rS7fxgWiDeJB262G2lGqRc3+y7urxU14POVAoHAAbyZ8i60ryat +E1D+EyvfP5uP/9rO8uNj6ROON/gHPJr4OWcRjKkBrRSajhsyzduZcC5MP7tmN4XE +kUWljQQZ+ejX91zSY4/wSlRAVybkmeSSr/E5qHGVP+ckR/CL/eF3hlNNcuesfs8c +o8odaD8Wjh0NrVH7im6x9lShs/3GQ93RPlqKVC5P+9MaFNVypANQfwxyjgxD+G++ +1s91Uf2PO3QcLkrUsfO2lETGMuDV0HAUatVfIaYnsXoSpg4zY46H +-----END RSA PRIVATE KEY----- diff --git a/doc/credentials/x509/example.com-cert.pem b/doc/credentials/x509/example.com-cert.pem new file mode 100644 index 0000000..110203f --- /dev/null +++ b/doc/credentials/x509/example.com-cert.pem @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICpjCCAV6gAwIBAgIIWt3gvC3CPKQwDQYJKoZIhvcNAQELBQAwGTEXMBUGA1UE +AxMOR251VExTIFRlc3QgQ0EwIBcNMTgwNDIzMTMzMzQ4WhgPOTk5OTEyMzEyMzU5 +NTlaMAAwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAS7hpflFRh3CVEd1EeYS4PT +K7e1RmUrYxo+35DIiZ3YDtnBUQkp1EW2vy0NKL2oC3oEydLV/MPVT74V7H6BXtrZ +o4GjMIGgMAwGA1UdEwEB/wQCMAAwKgYDVR0RBCMwIYILZXhhbXBsZS5jb22CEnNl +cnZlci5leGFtcGxlLmNvbTATBgNVHSUEDDAKBggrBgEFBQcDATAPBgNVHQ8BAf8E +BQMDB4AAMB0GA1UdDgQWBBTmJuEsWggOUoIu8Zze/DPDZcJHtDAfBgNVHSMEGDAW +gBRNVrdqAFjxZ5L0pnVVG45TAQPvzzANBgkqhkiG9w0BAQsFAAOCATEAfRdpFHrp +Dd/b9k2enKzpM7i77FJvNUl0rW44zlEhLaj2U1ww1l+/i7SAcXf7V7poq+r7JAXG +0nvWkMfYFCORQrJE6guJ7hvipCSoJM8lS7cuiKXTyUwLWgq6AXEIsHppyt7wmyYZ +t0oqYdhwfoS4jsfBJtB2vzn8Do2tJ9abYbXqdORGtqv9Lc5o0s17Fc4r2cuUFllF +IqGwB0/CHhmo75OtQ13nmM9TbxiI0QMYzX1FUQ3L/rsW0M02vzK/9OK6sZvRdZUP +e5Of0NNo0p5CUQSgQRi+pdXoC9JigkTFz86TSb8YjfP5hRLTU23V54XtLiIf2kxd +VaTNF+i7MB4+Ev/wzxC5g0XsxAmH9yTrQp71xUywCMo+PQPpXcWuQJE8nz8mV8u2 +Qr425yUcvrwHOQ== +-----END CERTIFICATE----- diff --git a/doc/credentials/x509/example.com-key.pem b/doc/credentials/x509/example.com-key.pem new file mode 100644 index 0000000..e97dc6f --- /dev/null +++ b/doc/credentials/x509/example.com-key.pem @@ -0,0 +1,32 @@ +Public Key Info: + Public Key Algorithm: EC/ECDSA + Key Security Level: High (256 bits) + +curve: SECP256R1 +private key: + 00:fb:67:5c:f1:99:02:d2:90:78:a7:18:03:59:59:87 + 09:63:30:1b:f2:af:11:37:32:06:8c:2b:84:5a:c6:8d + 84: + +x: + 00:bb:86:97:e5:15:18:77:09:51:1d:d4:47:98:4b:83 + d3:2b:b7:b5:46:65:2b:63:1a:3e:df:90:c8:89:9d:d8 + 0e: + +y: + 00:d9:c1:51:09:29:d4:45:b6:bf:2d:0d:28:bd:a8:0b + 7a:04:c9:d2:d5:fc:c3:d5:4f:be:15:ec:7e:81:5e:da + d9: + + +Public Key PIN: + pin-sha256:/JZm32Lan7Ptf2pOdI5lEj2RdeDfUE9PGZnO/LBkC1Y= +Public Key ID: + sha256:fc9666df62da9fb3ed7f6a4e748e65123d9175e0df504f4f1999cefcb0640b56 + sha1:e626e12c5a080e52822ef19cdefc33c365c247b4 + +-----BEGIN EC PRIVATE KEY----- +MHgCAQEEIQD7Z1zxmQLSkHinGANZWYcJYzAb8q8RNzIGjCuEWsaNhKAKBggqhkjO +PQMBB6FEA0IABLuGl+UVGHcJUR3UR5hLg9Mrt7VGZStjGj7fkMiJndgO2cFRCSnU +Rba/LQ0ovagLegTJ0tX8w9VPvhXsfoFe2tk= +-----END EC PRIVATE KEY----- diff --git a/doc/credentials/x509/key-dsa.pem b/doc/credentials/x509/key-dsa.pem new file mode 100644 index 0000000..753423f --- /dev/null +++ b/doc/credentials/x509/key-dsa.pem @@ -0,0 +1,55 @@ +Public Key Info: + Public Key Algorithm: DSA + Key Security Level: Weak + +private key: + 26:0d:1b:f1:a5:e8:45:eb:46:93:37:41:09:9d:f1: + f4:d1:77:00:a5: +public key: + 00:b8:45:5c:ff:b2:4f:f9:76:88:2a:3f:b8:5c:bf: + 44:94:9f:a3:5b:6f:7e:a2:b0:9e:8c:7c:38:ff:28: + 30:b2:c3:57:2c:e0:0a:b8:67:43:56:50:13:d1:3e: + ac:b9:33:6f:bd:d8:b3:4e:f8:09:0a:8c:8a:84:9f: + f4:5e:7b:35:47:f3:9f:36:43:13:cb:17:f2:cd:91: + 62:a7:e3:4c:2c:9d:ed:e8:22:ce:7e:24:e9:79:12: + 89:dc:1d:04:8d:dd:82:a6:38:0c:dc:44:71:32:3c: + e5:25:32:43:54:c9:c1:45:c8:e0:0f:86:59:da:39: + 1a:58:56:bf:d9:aa:bd:de:e6: +p: + 00:ef:d6:b4:01:db:45:cb:dd:44:3a:6e:7b:c6:b4: + ce:68:39:1d:05:bf:98:1a:f2:a1:fc:f3:22:1d:70: + fe:c7:40:89:61:3c:b6:de:ab:90:70:2c:40:7b:0d: + 60:8d:4c:df:e8:d1:f8:d9:a6:36:da:4f:03:6e:6d: + fa:ff:3f:aa:d2:bf:72:6d:88:67:ef:50:2c:42:8c: + 6d:60:0f:ad:44:ea:7f:14:22:91:b0:9b:7e:8e:60: + 43:1f:d8:03:2a:3e:ed:ac:2b:04:41:93:98:fd:eb: + 16:ba:c7:15:b6:b6:09:3a:9a:18:6f:b3:2d:23:13: + 9f:79:d5:6b:f1:88:be:eb:51: +q: + 00:94:c6:85:4a:1f:0e:bb:97:ae:b9:50:49:73:b6: + ab:f9:60:8c:0a:8f: +g: + 4c:12:a1:bb:fd:75:2a:9d:7f:16:30:33:8b:7a:48: + c8:c7:75:81:f9:f3:9d:f1:fc:4a:75:55:1b:3a:c5: + 68:05:94:0b:07:14:6d:c8:f2:ab:4a:fa:47:cf:1d: + b9:c8:a8:9c:60:c5:22:6f:9d:7f:a4:da:e1:56:d1: + 26:cc:30:13:22:4c:c8:76:87:49:72:f9:3f:27:29: + 54:69:c5:cc:52:88:0c:a8:a0:78:de:e7:76:c6:db: + eb:7f:0a:f0:68:fa:60:81:f0:11:44:90:11:2f:70: + 55:b1:5d:3a:bb:81:0a:23:08:5f:18:ad:d0:2b:ae: + 11:6b:5f:77:4e:6e:0d:da: + +Public Key ID: 39:45:73:03:80:FF:3D:86:F1:9C:BF:F1:C9:26:B3:E9:ED:4B:B5:83 + +-----BEGIN DSA PRIVATE KEY----- +MIIBuwIBAAKBgQDv1rQB20XL3UQ6bnvGtM5oOR0Fv5ga8qH88yIdcP7HQIlhPLbe +q5BwLEB7DWCNTN/o0fjZpjbaTwNubfr/P6rSv3JtiGfvUCxCjG1gD61E6n8UIpGw +m36OYEMf2AMqPu2sKwRBk5j96xa6xxW2tgk6mhhvsy0jE5951WvxiL7rUQIVAJTG +hUofDruXrrlQSXO2q/lgjAqPAoGATBKhu/11Kp1/FjAzi3pIyMd1gfnznfH8SnVV +GzrFaAWUCwcUbcjyq0r6R88ducionGDFIm+df6Ta4VbRJswwEyJMyHaHSXL5Pycp +VGnFzFKIDKigeN7ndsbb638K8Gj6YIHwEUSQES9wVbFdOruBCiMIXxit0CuuEWtf +d05uDdoCgYEAuEVc/7JP+XaIKj+4XL9ElJ+jW29+orCejHw4/ygwssNXLOAKuGdD +VlAT0T6suTNvvdizTvgJCoyKhJ/0Xns1R/OfNkMTyxfyzZFip+NMLJ3t6CLOfiTp +eRKJ3B0Ejd2CpjgM3ERxMjzlJTJDVMnBRcjgD4ZZ2jkaWFa/2aq93uYCFCYNG/Gl +6EXrRpM3QQmd8fTRdwCl +-----END DSA PRIVATE KEY----- diff --git a/doc/credentials/x509/key-ecc.pem b/doc/credentials/x509/key-ecc.pem new file mode 100644 index 0000000..4015518 --- /dev/null +++ b/doc/credentials/x509/key-ecc.pem @@ -0,0 +1,40 @@ +Public Key Info: + Public Key Algorithm: EC + Key Security Level: High (256 bits) + +curve: SECP256R1 +private key: + 00:db:98:c6:eb:db:c9:68:33:25:2c:0b:a9:ec:0c: + 98:4a:3a:01:38:b6:10:70:4e:24:5b:ab:b7:d0:b2: + c3:99:ab: + +x: + 4c:54:46:b0:82:30:2f:08:16:b7:9f:23:ff:cf:ba: + 05:0d:8b:6d:18:58:ac:46:b9:d0:9e:ab:72:76:f7: + c8:0b: + +y: + 3b:d7:6f:6d:c4:97:fb:0d:88:33:bd:17:e2:fe:43: + 8b:48:99:60:24:57:9c:b7:25:6e:71:4a:3f:03:64: + dc:b1: + + +Public Key ID: BE:F6:00:C6:24:6B:60:EA:B5:F8:13:C9:A5:D5:E0:C9:29:D5:D7:33 +Public key's random art: ++--[ EC 256]----+ +| . . | +| o . . E | +| o = * . o | +| o o % . | +|. ..O + S | +|. o*.. o | +| o .. o | +| .. .o | +| .. .... | ++-----------------+ + +-----BEGIN EC PRIVATE KEY----- +MHgCAQEEIQDbmMbr28loMyUsC6nsDJhKOgE4thBwTiRbq7fQssOZq6AKBggqhkjO +PQMBB6FEA0IABExURrCCMC8IFrefI//PugUNi20YWKxGudCeq3J298gLO9dvbcSX ++w2IM70X4v5Di0iZYCRXnLclbnFKPwNk3LE= +-----END EC PRIVATE KEY----- diff --git a/doc/credentials/x509/key-gost01.pem b/doc/credentials/x509/key-gost01.pem new file mode 100644 index 0000000..e0cd8cf --- /dev/null +++ b/doc/credentials/x509/key-gost01.pem @@ -0,0 +1,42 @@ +Public Key Info: + Public Key Algorithm: GOST R 34.10 + Key Security Level: High (256 bits) + +curve: CryptoPro-A +digest: GOSTR341194 +private key: + 66:00:9b:84:f4:bb:7b:25:52:7e:9e:b2:75:c3:84:c2 + 67:e9:ef:83:94:e7:3b:0e:a3:39:53:0e:57:76:b9:d0 + + +x: + 00:eb:af:2f:16:fe:e5:c2:02:c8:d9:fc:49:31:81:f3 + fb:1d:bb:eb:71:ac:d3:dc:52:f6:e2:fa:80:52:9d:45 + 48: + +y: + 00:ba:a8:46:1a:e1:cf:11:4d:e4:c7:db:3b:4b:f1:0b + 85:25:5e:34:76:9c:fc:70:d0:4d:1d:67:43:e5:88:66 + 35: + + +Public Key ID: + sha256:78:51:EF:CE:F5:49:34:51:04:92:DB:27:30:2B:C7:85:D6:96:62:74:A3:36:0A:D0:05:4B:5E:29:03:11:04:74 + sha1:2C:12:F8:92:1B:38:0B:60:E3:12:C8:4C:72:53:1E:06:F9:42:B3:5B +Public key's random art: ++--[CryptoPro-A]--+ +|..+++ | +|*.+= . | +|+*.+o | +|+o+oE. . | +|=.++o . S | +|oo.+ . . | +|. . | +| | +| | ++-----------------+ + +-----BEGIN PRIVATE KEY----- +MEUCAQAwHAYGKoUDAgITMBIGByqFAwICIwEGByqFAwICHgEEIgQgZgCbhPS7eyVS +fp6ydcOEwmfp74OU5zsOozlTDld2udA= +-----END PRIVATE KEY----- diff --git a/doc/credentials/x509/key-gost12.pem b/doc/credentials/x509/key-gost12.pem new file mode 100644 index 0000000..bca4daa --- /dev/null +++ b/doc/credentials/x509/key-gost12.pem @@ -0,0 +1,49 @@ +Public Key Info: + Public Key Algorithm: GOST R 34.10 + Key Security Level: Future (512 bits) + +curve: TC26-512-A +digest: STREEBOG-512 +private key: + 00:9d:31:40:ea:df:20:3e:75:0f:68:e2:06:f2:dc:57 + fe:04:52:5a:99:7a:9c:32:b0:fc:a0:ac:d3:c0:76:84 + bf:b2:4b:cc:61:b1:eb:d4:c1:8d:c3:1d:e6:b6:08:e7 + 6e:38:bc:0b:99:8b:6a:61:a5:97:66:1d:b7:28:e3:06 + 7d: + +x: + 68:cd:28:ef:58:58:64:3f:90:c2:a5:63:91:e4:d6:a5 + a4:7e:87:a1:c8:29:e2:bc:b3:b4:7a:cf:11:ac:70:99 + cc:a8:01:46:af:59:57:20:ca:dc:4d:41:cb:5c:ac:34 + 70:ed:c7:7d:40:4d:9a:ef:d0:41:96:22:66:e4:d5:7a + + +y: + 00:a9:0f:90:f1:78:94:dc:09:81:27:cc:1c:06:1e:31 + 99:2d:bf:ae:d6:98:f5:ca:31:8d:c3:7b:cf:74:7e:38 + f0:df:06:77:01:a6:fa:13:90:70:a3:4b:9b:8b:49:4f + 90:4b:19:1a:17:d6:8f:48:41:74:a0:d7:78:a9:08:70 + 83: + + +Public Key ID: + sha256:40:EE:B3:1D:48:9A:43:5D:3C:A0:9B:74:38:53:F0:66:F0:C8:9B:69:32:B2:15:7F:61:AF:A3:63:39:C3:87:65 + sha1:CD:D2:F2:6B:1E:BE:79:D0:8F:DD:79:84:E3:0F:AA:5C:C9:53:39:34 +Public key's random art: ++--[TC26-512-A]---+ +| | +| | +| E | +| + . o | +| S +. +. | +| +...oo..| +| o.==.+.| +| o.=oo+oo| +| oO+. .o| ++-----------------+ + +-----BEGIN PRIVATE KEY----- +MGoCAQAwIQYIKoUDBwEBAQIwFQYJKoUDBwECAQIBBggqhQMHAQECAwRCBEB9BuMo +tx1ml6VhaouZC7w4bucItuYdw43B1OuxYcxLsr+EdsDTrKD8sDKceplaUgT+V9zy +BuJoD3U+IN/qQDGd +-----END PRIVATE KEY----- diff --git a/doc/credentials/x509/key-rsa-pss.pem b/doc/credentials/x509/key-rsa-pss.pem new file mode 100644 index 0000000..7c69843 --- /dev/null +++ b/doc/credentials/x509/key-rsa-pss.pem @@ -0,0 +1,139 @@ +Public Key Info: + Public Key Algorithm: RSA-PSS + Key Security Level: Medium (2048 bits) + +modulus: + 00:9d:d8:f0:67:5a:7f:9b:d0:5b:08:31:b1:be:7f:f2 + be:a2:0d:a2:2b:f0:68:2c:2b:09:0f:78:fd:c9:13:52 + 1c:3e:b0:4e:27:d8:c0:d4:db:7b:52:c5:ff:c0:73:c5 + cc:15:44:20:f4:ce:96:e9:15:06:b0:6e:3c:5b:98:14 + b3:ad:7a:90:95:41:45:1b:5d:43:bc:d0:5a:c3:9f:2b + 80:71:a8:dd:36:02:ae:d1:48:05:f2:db:ce:2c:81:d7 + 0f:ef:59:e5:f4:c4:7b:ef:f0:c3:09:d6:24:52:75:8f + bb:63:7e:9a:d9:c5:7e:b3:ce:4f:74:ee:01:4e:96:65 + 2d:fc:bc:2c:f3:fa:a7:af:9d:81:5a:02:fb:db:53:bb + 61:f5:c0:04:58:39:5a:20:fa:3b:7d:03:71:f1:d0:bd + 71:c5:55:93:79:d1:68:88:ad:ac:56:8b:b3:7c:b4:63 + 7e:9e:5c:3b:0b:91:1d:20:f6:a9:ba:46:38:07:8d:55 + 56:8e:13:cf:01:bf:7a:48:18:f8:2e:33:0d:2a:01:d1 + 03:a3:6d:21:45:81:f6:dc:b2:32:bc:1c:01:a0:29:f2 + 14:d9:c0:56:23:2d:2d:ad:90:95:74:a5:89:5f:5a:f4 + 12:8e:5d:88:d6:cc:07:ac:a3:64:85:e2:97:47:72:f7 + 79: + +public exponent: + 01:00:01: + +private exponent: + 02:9f:d5:0c:d2:47:9d:80:40:23:c7:45:bc:01:8c:ca + 9a:61:a4:00:ed:a7:fd:28:dc:27:61:e1:69:71:99:8a + 6b:9b:1d:4c:65:15:fd:16:46:f2:03:9c:82:b0:70:ed + b0:50:1c:8e:04:44:db:67:b4:8d:5f:74:f6:cc:be:2d + 5e:b9:40:fb:58:93:11:74:dd:c0:e8:6d:31:51:c8:f9 + 31:1c:dc:5e:ac:b1:3e:98:03:d9:97:00:9b:11:0b:23 + ed:a5:c7:f2:de:74:fe:57:14:cd:57:99:b6:5a:8a:f2 + f8:73:53:ce:d4:df:a7:95:dd:10:8a:71:30:7a:56:25 + 5b:7b:25:1c:f4:f6:a2:0a:71:d8:cb:80:f6:f7:26:80 + 78:f0:a2:86:e5:64:ec:19:15:5a:df:e3:71:99:d8:91 + b0:a2:aa:52:78:a2:4f:d1:57:8a:1a:b8:23:ac:74:65 + 91:a4:77:8c:13:59:f7:08:ff:2a:ae:29:91:6f:1a:de + 9c:4b:fe:c6:f0:03:1b:ea:6c:d7:1d:be:36:a8:96:75 + ef:ee:b3:b2:d8:37:31:c8:de:02:67:a4:97:24:65:a7 + f0:30:b9:48:26:c5:e5:49:e8:51:8e:48:dc:ab:dd:dc + 22:85:6c:6b:95:f7:3e:33:fa:0e:41:5c:c2:7d:d0:41 + + +prime1: + 00:b6:c2:1c:63:f6:2b:00:77:43:9f:d0:6b:3a:9d:05 + 85:d6:1d:6a:50:4d:d4:65:ea:c7:4a:3c:7a:e0:a3:b5 + 57:a1:de:78:7d:64:08:fb:ab:7c:58:26:2b:fc:b1:e2 + de:f2:4b:9c:18:b7:89:fd:cc:31:fe:90:45:67:c5:5b + 24:4b:9a:74:a1:eb:14:92:f7:89:b7:61:05:7b:7b:e1 + 3e:a9:22:4f:5a:51:44:e8:ea:9b:27:f0:5b:f5:d1:60 + df:f5:f0:70:9c:ad:56:23:13:cd:45:52:70:5b:f0:83 + 4d:d9:91:71:19:c0:52:88:fb:47:9e:4b:74:0e:2c:c3 + 59: + +prime2: + 00:dd:1b:20:cf:08:51:40:65:42:2d:4e:6b:b2:af:6f + 49:c3:e5:8d:76:5f:3e:30:ef:71:ed:06:4f:2a:95:32 + f8:b3:ec:b0:8a:2b:5a:8f:a6:2e:35:ef:31:66:7a:a9 + 4c:2e:62:8e:5b:ab:23:54:47:60:a4:43:ba:f3:de:4b + 08:dc:8a:78:52:19:e9:f5:2d:df:b7:37:e2:d1:73:7d + 8b:b5:94:5a:51:d9:42:ad:fa:3c:ef:33:ad:ab:a8:6b + ce:07:0e:dc:4c:aa:12:2d:e7:e2:5d:6a:c7:90:6e:55 + bf:c6:6e:02:9b:99:d7:26:70:f2:da:73:dd:e8:1f:f1 + 21: + +coefficient: + 4b:33:76:ee:7c:57:77:e1:6b:c8:21:db:97:3b:76:c6 + 78:92:52:2c:10:4a:22:45:45:97:48:de:df:bc:b0:a4 + d2:eb:c8:2d:cc:f6:df:13:3b:69:79:ce:08:77:7c:bb + 40:32:f8:26:4f:66:7c:44:29:74:30:ed:a3:21:9b:a7 + a4:9f:6b:1e:b1:46:bf:67:9e:9a:15:a3:66:b2:7b:eb + 87:cc:bc:26:70:71:16:06:8e:6b:7a:ad:2f:64:62:ef + be:3f:fa:1a:e5:af:07:6b:5a:e4:e2:f8:f2:7e:4a:9c + 65:24:f8:08:78:ad:4c:92:d0:80:dc:10:50:f3:11:92 + + +exp1: + 00:a0:9a:fb:0a:19:95:f6:a5:d8:86:c4:48:c7:4c:a0 + 42:da:44:25:5e:86:d7:05:ed:89:cf:42:51:15:c2:a8 + 25:67:b9:b3:17:36:66:f2:8b:e4:0d:2f:16:6e:ce:00 + ba:be:21:15:ff:5e:a3:e4:a6:a2:b4:bc:22:52:2c:4c + 89:1b:eb:93:5d:8b:d2:1b:c9:6f:7b:f8:c6:31:9b:4e + f9:9a:f6:ec:d7:49:1e:0e:b5:c5:3e:16:eb:29:9e:23 + cd:0d:3b:8c:2b:13:e4:e3:94:8e:4a:c2:44:bd:77:22 + 5c:b2:bb:2e:b2:5b:a1:ec:81:2e:91:fc:6a:f3:de:00 + 99: + +exp2: + 00:83:02:7f:fe:2c:3f:78:98:87:0d:b1:59:bf:16:94 + 2a:71:18:a3:29:70:65:b9:39:27:97:fa:15:0e:76:39 + 2d:83:ee:ca:ec:13:a4:25:59:a2:27:f3:02:a2:66:2b + ca:27:f1:dd:c8:13:2f:6b:d0:9f:42:b5:9f:20:c0:a6 + 55:29:d8:22:53:03:67:cd:0e:d1:70:0e:7d:26:fd:f7 + 75:c0:b1:96:92:c8:d8:e9:9d:4c:5d:af:91:48:15:13 + 4b:90:83:0d:a5:9f:60:06:33:4f:bd:6a:77:b4:ec:ab + 82:66:60:e8:ca:a9:ed:01:aa:0b:3b:c5:4b:c7:2e:a6 + 01: + +Validation parameters: + Hash: SHA384 + Seed: b5a6fc31ca1b2310a2f1ecb6812d933873b64f2b995b893a48737c97fecbf6b7 + +Public Key PIN: + pin-sha256:NN1idWI1043ahir5N4qSOKf/6IXzP/X1Kj4Ki5Z97xo= +Public Key ID: + sha256:34dd62756235d38dda862af9378a9238a7ffe885f33ff5f52a3e0a8b967def1a + sha1:6a7ea695c72a532d59eb8c2f46fdf1c60e21db29 + +-----BEGIN PRIVATE KEY----- +MIIE/QIBADALBgkqhkiG9w0BAQoEggSoMIIEpAIBAAKCAQEAndjwZ1p/m9BbCDGx +vn/yvqINoivwaCwrCQ94/ckTUhw+sE4n2MDU23tSxf/Ac8XMFUQg9M6W6RUGsG48 +W5gUs616kJVBRRtdQ7zQWsOfK4BxqN02Aq7RSAXy284sgdcP71nl9MR77/DDCdYk +UnWPu2N+mtnFfrPOT3TuAU6WZS38vCzz+qevnYFaAvvbU7th9cAEWDlaIPo7fQNx +8dC9ccVVk3nRaIitrFaLs3y0Y36eXDsLkR0g9qm6RjgHjVVWjhPPAb96SBj4LjMN +KgHRA6NtIUWB9tyyMrwcAaAp8hTZwFYjLS2tkJV0pYlfWvQSjl2I1swHrKNkheKX +R3L3eQIDAQABAoIBAAKf1QzSR52AQCPHRbwBjMqaYaQA7af9KNwnYeFpcZmKa5sd +TGUV/RZG8gOcgrBw7bBQHI4ERNtntI1fdPbMvi1euUD7WJMRdN3A6G0xUcj5MRzc +XqyxPpgD2ZcAmxELI+2lx/LedP5XFM1XmbZaivL4c1PO1N+nld0QinEwelYlW3sl +HPT2ogpx2MuA9vcmgHjwooblZOwZFVrf43GZ2JGwoqpSeKJP0VeKGrgjrHRlkaR3 +jBNZ9wj/Kq4pkW8a3pxL/sbwAxvqbNcdvjaolnXv7rOy2DcxyN4CZ6SXJGWn8DC5 +SCbF5UnoUY5I3Kvd3CKFbGuV9z4z+g5BXMJ90EECgYEAtsIcY/YrAHdDn9BrOp0F +hdYdalBN1GXqx0o8euCjtVeh3nh9ZAj7q3xYJiv8seLe8kucGLeJ/cwx/pBFZ8Vb +JEuadKHrFJL3ibdhBXt74T6pIk9aUUTo6psn8Fv10WDf9fBwnK1WIxPNRVJwW/CD +TdmRcRnAUoj7R55LdA4sw1kCgYEA3RsgzwhRQGVCLU5rsq9vScPljXZfPjDvce0G +TyqVMviz7LCKK1qPpi417zFmeqlMLmKOW6sjVEdgpEO6895LCNyKeFIZ6fUt37c3 +4tFzfYu1lFpR2UKt+jzvM62rqGvOBw7cTKoSLefiXWrHkG5Vv8ZuApuZ1yZw8tpz +3egf8SECgYEAoJr7ChmV9qXYhsRIx0ygQtpEJV6G1wXtic9CURXCqCVnubMXNmby +i+QNLxZuzgC6viEV/16j5KaitLwiUixMiRvrk12L0hvJb3v4xjGbTvma9uzXSR4O +tcU+FuspniPNDTuMKxPk45SOSsJEvXciXLK7LrJboeyBLpH8avPeAJkCgYEAgwJ/ +/iw/eJiHDbFZvxaUKnEYoylwZbk5J5f6FQ52OS2D7srsE6QlWaIn8wKiZivKJ/Hd +yBMva9CfQrWfIMCmVSnYIlMDZ80O0XAOfSb993XAsZaSyNjpnUxdr5FIFRNLkIMN +pZ9gBjNPvWp3tOyrgmZg6Mqp7QGqCzvFS8cupgECgYBLM3bufFd34WvIIduXO3bG +eJJSLBBKIkVFl0je37ywpNLryC3M9t8TO2l5zgh3fLtAMvgmT2Z8RCl0MO2jIZun +pJ9rHrFGv2eemhWjZrJ764fMvCZwcRYGjmt6rS9kYu++P/oa5a8Ha1rk4vjyfkqc +ZST4CHitTJLQgNwQUPMRkqA/MD0GCisGAQQBkggSCAExLzAtBglghkgBZQMEAgIE +ILWm/DHKGyMQovHstoEtkzhztk8rmVuJOkhzfJf+y/a3 +-----END PRIVATE KEY----- diff --git a/doc/credentials/x509/key-rsa.pem b/doc/credentials/x509/key-rsa.pem new file mode 100644 index 0000000..05f9625 --- /dev/null +++ b/doc/credentials/x509/key-rsa.pem @@ -0,0 +1,145 @@ +Public Key Info: + Public Key Algorithm: RSA + Key Security Level: Normal + +modulus: + 00:b4:6b:27:98:25:af:c1:ff:1e:ca:b0:7e:f4:d8: + bc:ed:43:86:67:54:5d:da:b4:1e:c2:90:5f:83:3c: + 02:11:fc:13:72:85:b2:88:a4:65:41:0b:76:5f:23: + be:8a:9f:fe:79:4b:73:3b:2e:c7:4b:3c:bf:16:c9: + 97:55:35:17:f3:a1:72:4b:30:c2:e0:27:94:12:f3: + 56:00:e6:ce:82:4b:11:5d:a4:1e:9b:fa:fa:b9:1b: + 2a:4d:18:b5:ba:a5:e6:0c:c7:a8:a8:a1:6d:aa:88: + 84:dc:96:0e:b2:6c:1c:35:aa:e7:c7:94:3d:f9:d5: + c7:c2:a2:0d:4b:b3:6e:7a:f7:08:5f:c5:09:cd:15: + 93:1a:f7:98:df:2a:4c:66:89:24:ed:1f:d0:16:63: + 81:65:a5:58:3b:a1:cd:25:62:9b:99:81:54:08:17: + 18:ec:7c:2f:08:a2:3b:28:57:32:9d:17:47:0a:86: + fb:62:b1:41:99:e6:fb:de:a8:ea:20:7e:f3:1b:ee: + ba:ea:9a:21:64:29:92:f2:ad:73:e5:19:05:9d:37: + 53:e2:11:9f:18:5f:22:ba:e2:8b:0d:00:8c:9e:2f: + a7:87:3d:40:be:4a:a2:a5:92:08:0c:2e:61:c0:58: + 7c:9a:99:e1:d6:ac:83:39:25:cf:3e:1b:ed:eb:a3: + 6d:9d:cb:c5:38:de:c1:c7:6e:9b:34:14:be:30:3e: + 82:90:1e:b9:4a:9a:76:e4:ef:33:0c:46:a2:31:72: + f6:c3:61:0b:f8:aa:67:89:f4:a5:e5:76:37:a1:29: + 9f:80:79:aa:75: +public exponent: + 01:00:01: +private exponent: + 00:80:8a:27:77:7a:c2:31:d0:f5:bb:2a:ec:08:bd: + b2:3c:c8:73:25:83:32:2a:f3:51:47:05:5d:47:3e: + a5:aa:f2:91:58:72:70:b4:71:8b:c2:3f:cc:62:14: + 31:58:ca:8c:9f:16:66:4e:b0:11:45:45:4e:4f:89: + e8:cb:c8:3b:fc:53:f5:fe:24:0b:73:70:3f:4b:11: + 1b:21:21:4f:d7:fc:6b:ae:ef:92:ef:46:6d:03:1c: + 9b:92:ba:1c:1f:92:ba:c8:38:27:ad:9c:f5:69:1e: + 42:aa:76:2e:9a:67:f3:e1:38:96:51:d7:08:20:cb: + 72:ba:f4:81:cc:81:56:21:3d:87:35:d4:48:1b:59: + 57:a9:4a:e6:1b:79:23:5d:9a:30:38:d1:05:8c:2d: + f0:ae:dd:5e:b9:4b:0a:57:d3:e2:e7:15:57:35:78: + 99:85:ac:4e:70:60:d7:b4:a6:89:9c:7b:82:77:15: + 6b:27:f1:8b:b7:1b:91:2e:99:65:79:d0:a3:86:29: + 22:e4:95:27:7e:a5:37:6e:55:2c:70:40:c4:50:9f: + da:0a:07:1d:f3:83:2a:f5:e8:f9:61:26:44:78:f9: + 0f:8f:03:85:88:37:f2:18:21:45:7d:4b:17:ec:31: + a8:a3:ef:08:0b:a7:15:cb:c4:97:4c:de:0b:f1:8b: + 7e:a9:bf:f3:e4:6b:1e:88:74:d2:91:5e:cb:38:77: + 37:7c:2c:15:32:de:e5:0a:bb:6d:d3:c5:30:a4:0e: + b5:b4:e0:c3:eb:37:ba:d1:aa:58:75:8e:f0:70:e8: + a8:a1:06:81:01: +prime1: + 00:ed:36:17:1c:5b:3c:f4:d1:54:5c:63:14:78:15: + e8:41:52:4a:f8:4f:78:49:11:6a:0a:15:f6:8e:9f: + 9f:53:77:91:64:d2:d3:c7:e5:c4:a3:b5:34:3b:45: + 60:2a:19:4a:76:d1:76:0a:26:ac:c8:a7:b1:82:2e: + 92:b2:d4:42:ed:53:28:ca:e1:27:54:43:c9:97:d1: + b5:f6:53:e3:6f:64:f6:2a:6d:5e:af:3b:e6:15:6d: + 8a:b0:be:42:87:8f:17:e4:98:c1:e9:f0:bc:a3:bb: + a9:aa:4e:0d:bf:02:39:a8:20:e9:db:35:97:24:a3: + e4:8b:b3:a9:56:05:57:af:32:c9:95:0f:f8:59:69: + 30:79:f4:60:55:89:17:8d:94:57:ab:12:be:e1:aa: + 7e:e6:25: +prime2: + 00:c2:b5:7b:ee:dc:45:91:67:a7:fc:c8:6e:07:98: + 1b:c4:ac:fa:f4:0a:82:97:ae:c8:32:6f:a9:c9:64: + 0f:b1:f3:b6:8b:90:80:2c:3b:f7:5b:cc:81:a5:d6: + f7:2f:91:81:d9:1c:79:de:de:85:ea:88:f1:11:9e: + 9c:76:ca:1a:27:cd:55:00:f7:31:b9:7c:9a:41:0d: + a6:ef:1e:56:a6:ce:5f:be:7c:7c:76:73:d0:86:ae: + 9b:76:56:ae:44:a2:84:da:6e:51:c9:78:75:94:73: + e4:d7:ce:77:13:e6:96:da:c9:08:8f:bb:b8:73:8c: + ce:dc:c7:a0:cb:ba:81:08:61:f8:5d:e5:48:35:29: + 1d:db:e1:5a:f2:2c:85:94:2e:f4:46:f2:c4:57:cd: + c8:3a:11: +coefficient: + 00:b3:53:dc:06:c5:f4:40:e7:26:66:65:4b:7d:0c: + 5a:d0:60:83:0f:37:52:1b:33:0b:c5:cd:da:d6:37: + d0:0b:2f:b0:33:92:e9:ad:05:fd:a4:38:e4:42:b2: + 0a:f9:ea:b6:c0:8e:98:1e:a0:88:3b:0a:45:a5:67: + 72:9e:a5:20:74:87:e2:41:ca:4f:b5:2f:94:a6:9d: + 58:35:b9:08:d5:86:47:7a:6e:a0:72:e4:51:58:72: + 36:f0:53:2a:8e:a5:3e:a5:ea:52:c5:71:a7:5e:93: + 29:e7:90:28:5f:83:b9:8b:ae:35:93:77:a5:75:ec: + 1d:38:87:91:13:03:09:15:44:ab:3e:d4:9d:91:1c: + fc:1a:bf:2a:1d:9a:3a:47:a5:91:7d:92:db:b4:33: + 4d:91:8b: +exp1: + 00:82:d9:3e:80:56:d7:d6:18:0e:57:f4:13:9b:76: + 42:2a:9e:31:5a:ad:c3:a5:52:a4:d2:b1:70:d3:15: + bb:f6:77:d3:4c:f1:7a:ff:1e:80:8c:e9:6c:c9:71: + 28:6d:b0:8b:c1:e5:23:1e:d0:5c:a9:46:cf:85:07: + 19:c6:e9:8d:8d:8a:3c:cb:44:cd:c4:0e:ac:8a:41: + 95:05:2f:1b:1b:1c:6f:29:d2:30:d3:aa:cf:ed:6c: + 02:80:22:43:62:b1:8d:35:7d:0a:22:78:b8:25:fd: + 63:c6:dc:cd:7a:5a:c8:e1:34:5e:ab:9b:f1:26:b5: + fd:61:0e:96:cf:2b:9d:45:b8:57:38:11:9a:25:ff: + ff:4c:96:7f:f9:4e:e9:1e:21:01:07:0e:0d:1b:40: + 48:45:bd: +exp2: + 00:9e:bf:8b:19:17:7c:9c:ed:af:78:19:0e:24:a0: + ee:da:ee:d1:f8:d0:ec:e2:b0:bd:46:e9:e5:bb:6e: + 1a:a1:d2:fb:9d:54:a6:3b:ea:74:65:e3:1a:3d:55: + 43:da:03:bf:a3:7d:65:1b:c1:bf:db:95:e5:3e:a1: + 5c:1e:39:ef:13:4e:85:24:b1:66:58:3d:f0:22:63: + f8:1b:f3:57:60:ce:d8:1f:1d:ad:f8:81:ba:9d:64: + 95:19:e9:d8:51:db:53:88:27:f4:04:d8:72:bd:23: + b4:8c:03:28:f1:0f:cb:24:fc:4d:3f:ab:24:db:09: + 0d:cb:d1:f3:16:c7:ab:d6:62:d2:35:f3:ef:68:70: + 6a:88:d0:76:ef:06:3f:ae:ae:8d:b9:9e:cb:58:6f: + 4d:f5:91: + +Public Key ID: 76:07:58:4C:EA:B5:29:F5:2D:80:06:8C:83:4A:82:0D:09:EC:93:DE + +-----BEGIN RSA PRIVATE KEY----- +MIIFfgIBAAKCATEAtGsnmCWvwf8eyrB+9Ni87UOGZ1Rd2rQewpBfgzwCEfwTcoWy +iKRlQQt2XyO+ip/+eUtzOy7HSzy/FsmXVTUX86FySzDC4CeUEvNWAObOgksRXaQe +m/r6uRsqTRi1uqXmDMeoqKFtqoiE3JYOsmwcNarnx5Q9+dXHwqINS7NuevcIX8UJ +zRWTGveY3ypMZokk7R/QFmOBZaVYO6HNJWKbmYFUCBcY7HwvCKI7KFcynRdHCob7 +YrFBmeb73qjqIH7zG+666pohZCmS8q1z5RkFnTdT4hGfGF8iuuKLDQCMni+nhz1A +vkqipZIIDC5hwFh8mpnh1qyDOSXPPhvt66NtncvFON7Bx26bNBS+MD6CkB65Spp2 +5O8zDEaiMXL2w2EL+KpnifSl5XY3oSmfgHmqdQIDAQABAoIBMQCAiid3esIx0PW7 +KuwIvbI8yHMlgzIq81FHBV1HPqWq8pFYcnC0cYvCP8xiFDFYyoyfFmZOsBFFRU5P +iejLyDv8U/X+JAtzcD9LERshIU/X/Guu75LvRm0DHJuSuhwfkrrIOCetnPVpHkKq +di6aZ/PhOJZR1wggy3K69IHMgVYhPYc11EgbWVepSuYbeSNdmjA40QWMLfCu3V65 +SwpX0+LnFVc1eJmFrE5wYNe0pomce4J3FWsn8Yu3G5EumWV50KOGKSLklSd+pTdu +VSxwQMRQn9oKBx3zgyr16PlhJkR4+Q+PA4WIN/IYIUV9SxfsMaij7wgLpxXLxJdM +3gvxi36pv/Pkax6IdNKRXss4dzd8LBUy3uUKu23TxTCkDrW04MPrN7rRqlh1jvBw +6KihBoEBAoGZAO02FxxbPPTRVFxjFHgV6EFSSvhPeEkRagoV9o6fn1N3kWTS08fl +xKO1NDtFYCoZSnbRdgomrMinsYIukrLUQu1TKMrhJ1RDyZfRtfZT429k9iptXq87 +5hVtirC+QoePF+SYwenwvKO7qapODb8COagg6ds1lySj5IuzqVYFV68yyZUP+Flp +MHn0YFWJF42UV6sSvuGqfuYlAoGZAMK1e+7cRZFnp/zIbgeYG8Ss+vQKgpeuyDJv +qclkD7HztouQgCw791vMgaXW9y+Rgdkced7eheqI8RGenHbKGifNVQD3Mbl8mkEN +pu8eVqbOX758fHZz0Iaum3ZWrkSihNpuUcl4dZRz5NfOdxPmltrJCI+7uHOMztzH +oMu6gQhh+F3lSDUpHdvhWvIshZQu9EbyxFfNyDoRAoGZAILZPoBW19YYDlf0E5t2 +QiqeMVqtw6VSpNKxcNMVu/Z300zxev8egIzpbMlxKG2wi8HlIx7QXKlGz4UHGcbp +jY2KPMtEzcQOrIpBlQUvGxscbynSMNOqz+1sAoAiQ2KxjTV9CiJ4uCX9Y8bczXpa +yOE0Xqub8Sa1/WEOls8rnUW4VzgRmiX//0yWf/lO6R4hAQcODRtASEW9AoGZAJ6/ +ixkXfJztr3gZDiSg7tru0fjQ7OKwvUbp5btuGqHS+51UpjvqdGXjGj1VQ9oDv6N9 +ZRvBv9uV5T6hXB457xNOhSSxZlg98CJj+BvzV2DO2B8drfiBup1klRnp2FHbU4gn +9ATYcr0jtIwDKPEPyyT8TT+rJNsJDcvR8xbHq9Zi0jXz72hwaojQdu8GP66ujbme +y1hvTfWRAoGZALNT3AbF9EDnJmZlS30MWtBggw83UhszC8XN2tY30AsvsDOS6a0F +/aQ45EKyCvnqtsCOmB6giDsKRaVncp6lIHSH4kHKT7UvlKadWDW5CNWGR3puoHLk +UVhyNvBTKo6lPqXqUsVxp16TKeeQKF+DuYuuNZN3pXXsHTiHkRMDCRVEqz7UnZEc +/Bq/Kh2aOkelkX2S27QzTZGL +-----END RSA PRIVATE KEY----- diff --git a/doc/crypto-api.texi b/doc/crypto-api.texi new file mode 100644 index 0000000..9e9c699 --- /dev/null +++ b/doc/crypto-api.texi @@ -0,0 +1,849 @@ + +@subheading gnutls_aead_cipher_decrypt +@anchor{gnutls_aead_cipher_decrypt} +@deftypefun {int} {gnutls_aead_cipher_decrypt} (gnutls_aead_cipher_hd_t @var{handle}, const void * @var{nonce}, size_t @var{nonce_len}, const void * @var{auth}, size_t @var{auth_len}, size_t @var{tag_size}, const void * @var{ctext}, size_t @var{ctext_len}, void * @var{ptext}, size_t * @var{ptext_len}) +@var{handle}: is a @code{gnutls_aead_cipher_hd_t} type. + +@var{nonce}: the nonce to set + +@var{nonce_len}: The length of the nonce + +@var{auth}: additional data to be authenticated + +@var{auth_len}: The length of the data + +@var{tag_size}: The size of the tag to use (use zero for the default) + +@var{ctext}: the data to decrypt (including the authentication tag) + +@var{ctext_len}: the length of data to decrypt (includes tag size) + +@var{ptext}: the decrypted data + +@var{ptext_len}: the length of decrypted data (initially must hold the maximum available size) + +This function will decrypt the given data using the algorithm +specified by the context. This function must be provided the complete +data to be decrypted, including the authentication tag. On several +AEAD ciphers, the authentication tag is appended to the ciphertext, +though this is not a general rule. This function will fail if +the tag verification fails. + +@strong{Returns:} Zero or a negative error code on verification failure or other error. + +@strong{Since:} 3.4.0 +@end deftypefun + +@subheading gnutls_aead_cipher_deinit +@anchor{gnutls_aead_cipher_deinit} +@deftypefun {void} {gnutls_aead_cipher_deinit} (gnutls_aead_cipher_hd_t @var{handle}) +@var{handle}: is a @code{gnutls_aead_cipher_hd_t} type. + +This function will deinitialize all resources occupied by the given +authenticated-encryption context. + +@strong{Since:} 3.4.0 +@end deftypefun + +@subheading gnutls_aead_cipher_encrypt +@anchor{gnutls_aead_cipher_encrypt} +@deftypefun {int} {gnutls_aead_cipher_encrypt} (gnutls_aead_cipher_hd_t @var{handle}, const void * @var{nonce}, size_t @var{nonce_len}, const void * @var{auth}, size_t @var{auth_len}, size_t @var{tag_size}, const void * @var{ptext}, size_t @var{ptext_len}, void * @var{ctext}, size_t * @var{ctext_len}) +@var{handle}: is a @code{gnutls_aead_cipher_hd_t} type. + +@var{nonce}: the nonce to set + +@var{nonce_len}: The length of the nonce + +@var{auth}: additional data to be authenticated + +@var{auth_len}: The length of the data + +@var{tag_size}: The size of the tag to use (use zero for the default) + +@var{ptext}: the data to encrypt + +@var{ptext_len}: The length of data to encrypt + +@var{ctext}: the encrypted data including authentication tag + +@var{ctext_len}: the length of encrypted data (initially must hold the maximum available size, including space for tag) + +This function will encrypt the given data using the algorithm +specified by the context. The output data will contain the +authentication tag. + +@strong{Returns:} Zero or a negative error code on error. + +@strong{Since:} 3.4.0 +@end deftypefun + +@subheading gnutls_aead_cipher_encryptv +@anchor{gnutls_aead_cipher_encryptv} +@deftypefun {int} {gnutls_aead_cipher_encryptv} (gnutls_aead_cipher_hd_t @var{handle}, const void * @var{nonce}, size_t @var{nonce_len}, const giovec_t * @var{auth_iov}, int @var{auth_iovcnt}, size_t @var{tag_size}, const giovec_t * @var{iov}, int @var{iovcnt}, void * @var{ctext}, size_t * @var{ctext_len}) +@var{handle}: is a @code{gnutls_aead_cipher_hd_t} type. + +@var{nonce}: the nonce to set + +@var{nonce_len}: The length of the nonce + +@var{auth_iov}: additional data to be authenticated + +@var{auth_iovcnt}: The number of buffers in @code{auth_iov} + +@var{tag_size}: The size of the tag to use (use zero for the default) + +@var{iov}: the data to be encrypted + +@var{iovcnt}: The number of buffers in @code{iov} + +@var{ctext}: the encrypted data including authentication tag + +@var{ctext_len}: the length of encrypted data (initially must hold the maximum available size, including space for tag) + +This function will encrypt the provided data buffers using the algorithm +specified by the context. The output data will contain the +authentication tag. + +@strong{Returns:} Zero or a negative error code on error. + +@strong{Since:} 3.6.3 +@end deftypefun + +@subheading gnutls_aead_cipher_init +@anchor{gnutls_aead_cipher_init} +@deftypefun {int} {gnutls_aead_cipher_init} (gnutls_aead_cipher_hd_t * @var{handle}, gnutls_cipher_algorithm_t @var{cipher}, const gnutls_datum_t * @var{key}) +@var{handle}: is a @code{gnutls_aead_cipher_hd_t} type. + +@var{cipher}: the authenticated-encryption algorithm to use + +@var{key}: The key to be used for encryption + +This function will initialize an context that can be used for +encryption/decryption of data. This will effectively use the +current crypto backend in use by gnutls or the cryptographic +accelerator in use. + +@strong{Returns:} Zero or a negative error code on error. + +@strong{Since:} 3.4.0 +@end deftypefun + +@subheading gnutls_cipher_add_auth +@anchor{gnutls_cipher_add_auth} +@deftypefun {int} {gnutls_cipher_add_auth} (gnutls_cipher_hd_t @var{handle}, const void * @var{ptext}, size_t @var{ptext_size}) +@var{handle}: is a @code{gnutls_cipher_hd_t} type + +@var{ptext}: the data to be authenticated + +@var{ptext_size}: the length of the data + +This function operates on authenticated encryption with +associated data (AEAD) ciphers and authenticate the +input data. This function can only be called once +and before any encryption operations. + +@strong{Returns:} Zero or a negative error code on error. + +@strong{Since:} 3.0 +@end deftypefun + +@subheading gnutls_cipher_decrypt +@anchor{gnutls_cipher_decrypt} +@deftypefun {int} {gnutls_cipher_decrypt} (gnutls_cipher_hd_t @var{handle}, void * @var{ctext}, size_t @var{ctext_len}) +@var{handle}: is a @code{gnutls_cipher_hd_t} type + +@var{ctext}: the data to decrypt + +@var{ctext_len}: the length of data to decrypt + +This function will decrypt the given data using the algorithm +specified by the context. + +Note that in AEAD ciphers, this will not check the tag. You will +need to compare the tag sent with the value returned from @code{gnutls_cipher_tag()} . + +@strong{Returns:} Zero or a negative error code on error. + +@strong{Since:} 2.10.0 +@end deftypefun + +@subheading gnutls_cipher_decrypt2 +@anchor{gnutls_cipher_decrypt2} +@deftypefun {int} {gnutls_cipher_decrypt2} (gnutls_cipher_hd_t @var{handle}, const void * @var{ctext}, size_t @var{ctext_len}, void * @var{ptext}, size_t @var{ptext_len}) +@var{handle}: is a @code{gnutls_cipher_hd_t} type + +@var{ctext}: the data to decrypt + +@var{ctext_len}: the length of data to decrypt + +@var{ptext}: the decrypted data + +@var{ptext_len}: the available length for decrypted data + +This function will decrypt the given data using the algorithm +specified by the context. For block ciphers the @code{ctext_len} must be +a multiple of the block size. For the supported ciphers the plaintext +data length will equal the ciphertext size. + +Note that in AEAD ciphers, this will not check the tag. You will +need to compare the tag sent with the value returned from @code{gnutls_cipher_tag()} . + +@strong{Returns:} Zero or a negative error code on error. + +@strong{Since:} 2.12.0 +@end deftypefun + +@subheading gnutls_cipher_deinit +@anchor{gnutls_cipher_deinit} +@deftypefun {void} {gnutls_cipher_deinit} (gnutls_cipher_hd_t @var{handle}) +@var{handle}: is a @code{gnutls_cipher_hd_t} type + +This function will deinitialize all resources occupied by the given +encryption context. + +@strong{Since:} 2.10.0 +@end deftypefun + +@subheading gnutls_cipher_encrypt +@anchor{gnutls_cipher_encrypt} +@deftypefun {int} {gnutls_cipher_encrypt} (gnutls_cipher_hd_t @var{handle}, void * @var{ptext}, size_t @var{ptext_len}) +@var{handle}: is a @code{gnutls_cipher_hd_t} type + +@var{ptext}: the data to encrypt + +@var{ptext_len}: the length of data to encrypt + +This function will encrypt the given data using the algorithm +specified by the context. + +@strong{Returns:} Zero or a negative error code on error. + +@strong{Since:} 2.10.0 +@end deftypefun + +@subheading gnutls_cipher_encrypt2 +@anchor{gnutls_cipher_encrypt2} +@deftypefun {int} {gnutls_cipher_encrypt2} (gnutls_cipher_hd_t @var{handle}, const void * @var{ptext}, size_t @var{ptext_len}, void * @var{ctext}, size_t @var{ctext_len}) +@var{handle}: is a @code{gnutls_cipher_hd_t} type + +@var{ptext}: the data to encrypt + +@var{ptext_len}: the length of data to encrypt + +@var{ctext}: the encrypted data + +@var{ctext_len}: the available length for encrypted data + +This function will encrypt the given data using the algorithm +specified by the context. For block ciphers the @code{ptext_len} must be +a multiple of the block size. For the supported ciphers the encrypted +data length will equal the plaintext size. + +@strong{Returns:} Zero or a negative error code on error. + +@strong{Since:} 2.12.0 +@end deftypefun + +@subheading gnutls_cipher_get_block_size +@anchor{gnutls_cipher_get_block_size} +@deftypefun {unsigned} {gnutls_cipher_get_block_size} (gnutls_cipher_algorithm_t @var{algorithm}) +@var{algorithm}: is an encryption algorithm + + +@strong{Returns:} the block size of the encryption algorithm. + +@strong{Since:} 2.10.0 +@end deftypefun + +@subheading gnutls_cipher_get_iv_size +@anchor{gnutls_cipher_get_iv_size} +@deftypefun {unsigned} {gnutls_cipher_get_iv_size} (gnutls_cipher_algorithm_t @var{algorithm}) +@var{algorithm}: is an encryption algorithm + +This function returns the size of the initialization vector (IV) for the +provided algorithm. For algorithms with variable size IV (e.g., AES-CCM), +the returned size will be the one used by TLS. + +@strong{Returns:} block size for encryption algorithm. + +@strong{Since:} 3.2.0 +@end deftypefun + +@subheading gnutls_cipher_get_tag_size +@anchor{gnutls_cipher_get_tag_size} +@deftypefun {unsigned} {gnutls_cipher_get_tag_size} (gnutls_cipher_algorithm_t @var{algorithm}) +@var{algorithm}: is an encryption algorithm + +This function returns the tag size of an authenticated encryption +algorithm. For non-AEAD algorithms, it returns zero. + +@strong{Returns:} the tag size of the authenticated encryption algorithm. + +@strong{Since:} 3.2.2 +@end deftypefun + +@subheading gnutls_cipher_init +@anchor{gnutls_cipher_init} +@deftypefun {int} {gnutls_cipher_init} (gnutls_cipher_hd_t * @var{handle}, gnutls_cipher_algorithm_t @var{cipher}, const gnutls_datum_t * @var{key}, const gnutls_datum_t * @var{iv}) +@var{handle}: is a @code{gnutls_cipher_hd_t} type + +@var{cipher}: the encryption algorithm to use + +@var{key}: the key to be used for encryption/decryption + +@var{iv}: the IV to use (if not applicable set NULL) + +This function will initialize the @code{handle} context to be usable +for encryption/decryption of data. This will effectively use the +current crypto backend in use by gnutls or the cryptographic +accelerator in use. + +@strong{Returns:} Zero or a negative error code on error. + +@strong{Since:} 2.10.0 +@end deftypefun + +@subheading gnutls_cipher_set_iv +@anchor{gnutls_cipher_set_iv} +@deftypefun {void} {gnutls_cipher_set_iv} (gnutls_cipher_hd_t @var{handle}, void * @var{iv}, size_t @var{ivlen}) +@var{handle}: is a @code{gnutls_cipher_hd_t} type + +@var{iv}: the IV to set + +@var{ivlen}: the length of the IV + +This function will set the IV to be used for the next +encryption block. + +@strong{Since:} 3.0 +@end deftypefun + +@subheading gnutls_cipher_tag +@anchor{gnutls_cipher_tag} +@deftypefun {int} {gnutls_cipher_tag} (gnutls_cipher_hd_t @var{handle}, void * @var{tag}, size_t @var{tag_size}) +@var{handle}: is a @code{gnutls_cipher_hd_t} type + +@var{tag}: will hold the tag + +@var{tag_size}: the length of the tag to return + +This function operates on authenticated encryption with +associated data (AEAD) ciphers and will return the +output tag. + +@strong{Returns:} Zero or a negative error code on error. + +@strong{Since:} 3.0 +@end deftypefun + +@subheading gnutls_crypto_register_aead_cipher +@anchor{gnutls_crypto_register_aead_cipher} +@deftypefun {int} {gnutls_crypto_register_aead_cipher} (gnutls_cipher_algorithm_t @var{algorithm}, int @var{priority}, gnutls_cipher_init_func @var{init}, gnutls_cipher_setkey_func @var{setkey}, gnutls_cipher_aead_encrypt_func @var{aead_encrypt}, gnutls_cipher_aead_decrypt_func @var{aead_decrypt}, gnutls_cipher_deinit_func @var{deinit}) +@var{algorithm}: is the gnutls AEAD cipher identifier + +@var{priority}: is the priority of the algorithm + +@var{init}: A function which initializes the cipher + +@var{setkey}: A function which sets the key of the cipher + +@var{aead_encrypt}: Perform the AEAD encryption + +@var{aead_decrypt}: Perform the AEAD decryption + +@var{deinit}: A function which deinitializes the cipher + +This function will register a cipher algorithm to be used by +gnutls. Any algorithm registered will override the included +algorithms and by convention kernel implemented algorithms have +priority of 90 and CPU-assisted of 80. The algorithm with the lowest priority will be +used by gnutls. + +In the case the registered init or setkey functions return @code{GNUTLS_E_NEED_FALLBACK} , +GnuTLS will attempt to use the next in priority registered cipher. + +The functions registered will be used with the new AEAD API introduced in +GnuTLS 3.4.0. Internally GnuTLS uses the new AEAD API. + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, otherwise a negative error code. + +@strong{Since:} 3.4.0 +@end deftypefun + +@subheading gnutls_crypto_register_cipher +@anchor{gnutls_crypto_register_cipher} +@deftypefun {int} {gnutls_crypto_register_cipher} (gnutls_cipher_algorithm_t @var{algorithm}, int @var{priority}, gnutls_cipher_init_func @var{init}, gnutls_cipher_setkey_func @var{setkey}, gnutls_cipher_setiv_func @var{setiv}, gnutls_cipher_encrypt_func @var{encrypt}, gnutls_cipher_decrypt_func @var{decrypt}, gnutls_cipher_deinit_func @var{deinit}) +@var{algorithm}: is the gnutls algorithm identifier + +@var{priority}: is the priority of the algorithm + +@var{init}: A function which initializes the cipher + +@var{setkey}: A function which sets the key of the cipher + +@var{setiv}: A function which sets the nonce/IV of the cipher (non-AEAD) + +@var{encrypt}: A function which performs encryption (non-AEAD) + +@var{decrypt}: A function which performs decryption (non-AEAD) + +@var{deinit}: A function which deinitializes the cipher + +This function will register a cipher algorithm to be used by +gnutls. Any algorithm registered will override the included +algorithms and by convention kernel implemented algorithms have +priority of 90 and CPU-assisted of 80. The algorithm with the lowest priority will be +used by gnutls. + +In the case the registered init or setkey functions return @code{GNUTLS_E_NEED_FALLBACK} , +GnuTLS will attempt to use the next in priority registered cipher. + +The functions which are marked as non-AEAD they are not required when +registering a cipher to be used with the new AEAD API introduced in +GnuTLS 3.4.0. Internally GnuTLS uses the new AEAD API. + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, otherwise a negative error code. + +@strong{Since:} 3.4.0 +@end deftypefun + +@subheading gnutls_crypto_register_digest +@anchor{gnutls_crypto_register_digest} +@deftypefun {int} {gnutls_crypto_register_digest} (gnutls_digest_algorithm_t @var{algorithm}, int @var{priority}, gnutls_digest_init_func @var{init}, gnutls_digest_hash_func @var{hash}, gnutls_digest_output_func @var{output}, gnutls_digest_deinit_func @var{deinit}, gnutls_digest_fast_func @var{hash_fast}) +@var{algorithm}: is the gnutls digest identifier + +@var{priority}: is the priority of the algorithm + +@var{init}: A function which initializes the digest + +@var{hash}: Perform the hash operation + +@var{output}: Provide the output of the digest + +@var{deinit}: A function which deinitializes the digest + +@var{hash_fast}: Perform the digest operation in one go + +This function will register a digest algorithm to be used by gnutls. +Any algorithm registered will override the included algorithms and +by convention kernel implemented algorithms have priority of 90 +and CPU-assisted of 80. +The algorithm with the lowest priority will be used by gnutls. + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, otherwise a negative error code. + +@strong{Since:} 3.4.0 +@end deftypefun + +@subheading gnutls_crypto_register_mac +@anchor{gnutls_crypto_register_mac} +@deftypefun {int} {gnutls_crypto_register_mac} (gnutls_mac_algorithm_t @var{algorithm}, int @var{priority}, gnutls_mac_init_func @var{init}, gnutls_mac_setkey_func @var{setkey}, gnutls_mac_setnonce_func @var{setnonce}, gnutls_mac_hash_func @var{hash}, gnutls_mac_output_func @var{output}, gnutls_mac_deinit_func @var{deinit}, gnutls_mac_fast_func @var{hash_fast}) +@var{algorithm}: is the gnutls MAC identifier + +@var{priority}: is the priority of the algorithm + +@var{init}: A function which initializes the MAC + +@var{setkey}: A function which sets the key of the MAC + +@var{setnonce}: A function which sets the nonce for the mac (may be @code{NULL} for common MAC algorithms) + +@var{hash}: Perform the hash operation + +@var{output}: Provide the output of the MAC + +@var{deinit}: A function which deinitializes the MAC + +@var{hash_fast}: Perform the MAC operation in one go + +This function will register a MAC algorithm to be used by gnutls. +Any algorithm registered will override the included algorithms and +by convention kernel implemented algorithms have priority of 90 +and CPU-assisted of 80. +The algorithm with the lowest priority will be used by gnutls. + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, otherwise a negative error code. + +@strong{Since:} 3.4.0 +@end deftypefun + +@subheading gnutls_decode_ber_digest_info +@anchor{gnutls_decode_ber_digest_info} +@deftypefun {int} {gnutls_decode_ber_digest_info} (const gnutls_datum_t * @var{info}, gnutls_digest_algorithm_t * @var{hash}, unsigned char * @var{digest}, unsigned int * @var{digest_size}) +@var{info}: an RSA BER encoded DigestInfo structure + +@var{hash}: will contain the hash algorithm of the structure + +@var{digest}: will contain the hash output of the structure + +@var{digest_size}: will contain the hash size of the structure; initially must hold the maximum size of @code{digest} + +This function will parse an RSA PKCS@code{1} 1.5 DigestInfo structure +and report the hash algorithm used as well as the digest data. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise +an error code is returned. + +@strong{Since:} 3.5.0 +@end deftypefun + +@subheading gnutls_decode_gost_rs_value +@anchor{gnutls_decode_gost_rs_value} +@deftypefun {int} {gnutls_decode_gost_rs_value} (const gnutls_datum_t * @var{sig_value}, gnutls_datum_t * @var{r}, gnutls_datum_t * @var{s}) +@var{sig_value}: will holds a GOST signature according to RFC 4491 section 2.2.2 + +@var{r}: will contain the r value + +@var{s}: will contain the s value + +This function will decode the provided @code{sig_value} , into @code{r} and @code{s} elements. +See RFC 4491 section 2.2.2 for the format of signature value. + +The output values may be padded with a zero byte to prevent them +from being interpreted as negative values. The value +should be deallocated using @code{gnutls_free()} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise +an error code is returned. + +@strong{Since:} 3.6.0 +@end deftypefun + +@subheading gnutls_decode_rs_value +@anchor{gnutls_decode_rs_value} +@deftypefun {int} {gnutls_decode_rs_value} (const gnutls_datum_t * @var{sig_value}, gnutls_datum_t * @var{r}, gnutls_datum_t * @var{s}) +@var{sig_value}: holds a Dss-Sig-Value DER or BER encoded structure + +@var{r}: will contain the r value + +@var{s}: will contain the s value + +This function will decode the provided @code{sig_value} , +into @code{r} and @code{s} elements. The Dss-Sig-Value is used for DSA and ECDSA +signatures. + +The output values may be padded with a zero byte to prevent them +from being interpreted as negative values. The value +should be deallocated using @code{gnutls_free()} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise +an error code is returned. + +@strong{Since:} 3.6.0 +@end deftypefun + +@subheading gnutls_encode_ber_digest_info +@anchor{gnutls_encode_ber_digest_info} +@deftypefun {int} {gnutls_encode_ber_digest_info} (gnutls_digest_algorithm_t @var{hash}, const gnutls_datum_t * @var{digest}, gnutls_datum_t * @var{output}) +@var{hash}: the hash algorithm that was used to get the digest + +@var{digest}: must contain the digest data + +@var{output}: will contain the allocated DigestInfo BER encoded data + +This function will encode the provided digest data, and its +algorithm into an RSA PKCS@code{1} 1.5 DigestInfo structure. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise +an error code is returned. + +@strong{Since:} 3.5.0 +@end deftypefun + +@subheading gnutls_encode_gost_rs_value +@anchor{gnutls_encode_gost_rs_value} +@deftypefun {int} {gnutls_encode_gost_rs_value} (gnutls_datum_t * @var{sig_value}, const gnutls_datum_t * @var{r}, const gnutls_datum_t * @var{s}) +@var{sig_value}: will hold a GOST signature according to RFC 4491 section 2.2.2 + +@var{r}: must contain the r value + +@var{s}: must contain the s value + +This function will encode the provided r and s values, into binary +representation according to RFC 4491 section 2.2.2, used for GOST R +34.10-2001 (and thus also for GOST R 34.10-2012) signatures. + +The output value should be deallocated using @code{gnutls_free()} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise +an error code is returned. + +@strong{Since:} 3.6.0 +@end deftypefun + +@subheading gnutls_encode_rs_value +@anchor{gnutls_encode_rs_value} +@deftypefun {int} {gnutls_encode_rs_value} (gnutls_datum_t * @var{sig_value}, const gnutls_datum_t * @var{r}, const gnutls_datum_t * @var{s}) +@var{sig_value}: will hold a Dss-Sig-Value DER encoded structure + +@var{r}: must contain the r value + +@var{s}: must contain the s value + +This function will encode the provided r and s values, +into a Dss-Sig-Value structure, used for DSA and ECDSA +signatures. + +The output value should be deallocated using @code{gnutls_free()} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise +an error code is returned. + +@strong{Since:} 3.6.0 +@end deftypefun + +@subheading gnutls_hash +@anchor{gnutls_hash} +@deftypefun {int} {gnutls_hash} (gnutls_hash_hd_t @var{handle}, const void * @var{ptext}, size_t @var{ptext_len}) +@var{handle}: is a @code{gnutls_hash_hd_t} type + +@var{ptext}: the data to hash + +@var{ptext_len}: the length of data to hash + +This function will hash the given data using the algorithm +specified by the context. + +@strong{Returns:} Zero or a negative error code on error. + +@strong{Since:} 2.10.0 +@end deftypefun + +@subheading gnutls_hash_deinit +@anchor{gnutls_hash_deinit} +@deftypefun {void} {gnutls_hash_deinit} (gnutls_hash_hd_t @var{handle}, void * @var{digest}) +@var{handle}: is a @code{gnutls_hash_hd_t} type + +@var{digest}: is the output value of the hash + +This function will deinitialize all resources occupied by +the given hash context. + +@strong{Since:} 2.10.0 +@end deftypefun + +@subheading gnutls_hash_fast +@anchor{gnutls_hash_fast} +@deftypefun {int} {gnutls_hash_fast} (gnutls_digest_algorithm_t @var{algorithm}, const void * @var{ptext}, size_t @var{ptext_len}, void * @var{digest}) +@var{algorithm}: the hash algorithm to use + +@var{ptext}: the data to hash + +@var{ptext_len}: the length of data to hash + +@var{digest}: is the output value of the hash + +This convenience function will hash the given data and return output +on a single call. + +@strong{Returns:} Zero or a negative error code on error. + +@strong{Since:} 2.10.0 +@end deftypefun + +@subheading gnutls_hash_get_len +@anchor{gnutls_hash_get_len} +@deftypefun {unsigned} {gnutls_hash_get_len} (gnutls_digest_algorithm_t @var{algorithm}) +@var{algorithm}: the hash algorithm to use + +This function will return the length of the output data +of the given hash algorithm. + +@strong{Returns:} The length or zero on error. + +@strong{Since:} 2.10.0 +@end deftypefun + +@subheading gnutls_hash_init +@anchor{gnutls_hash_init} +@deftypefun {int} {gnutls_hash_init} (gnutls_hash_hd_t * @var{dig}, gnutls_digest_algorithm_t @var{algorithm}) +@var{dig}: is a @code{gnutls_hash_hd_t} type + +@var{algorithm}: the hash algorithm to use + +This function will initialize an context that can be used to +produce a Message Digest of data. This will effectively use the +current crypto backend in use by gnutls or the cryptographic +accelerator in use. + +@strong{Returns:} Zero or a negative error code on error. + +@strong{Since:} 2.10.0 +@end deftypefun + +@subheading gnutls_hash_output +@anchor{gnutls_hash_output} +@deftypefun {void} {gnutls_hash_output} (gnutls_hash_hd_t @var{handle}, void * @var{digest}) +@var{handle}: is a @code{gnutls_hash_hd_t} type + +@var{digest}: is the output value of the hash + +This function will output the current hash value +and reset the state of the hash. + +@strong{Since:} 2.10.0 +@end deftypefun + +@subheading gnutls_hmac +@anchor{gnutls_hmac} +@deftypefun {int} {gnutls_hmac} (gnutls_hmac_hd_t @var{handle}, const void * @var{ptext}, size_t @var{ptext_len}) +@var{handle}: is a @code{gnutls_hmac_hd_t} type + +@var{ptext}: the data to hash + +@var{ptext_len}: the length of data to hash + +This function will hash the given data using the algorithm +specified by the context. + +@strong{Returns:} Zero or a negative error code on error. + +@strong{Since:} 2.10.0 +@end deftypefun + +@subheading gnutls_hmac_deinit +@anchor{gnutls_hmac_deinit} +@deftypefun {void} {gnutls_hmac_deinit} (gnutls_hmac_hd_t @var{handle}, void * @var{digest}) +@var{handle}: is a @code{gnutls_hmac_hd_t} type + +@var{digest}: is the output value of the MAC + +This function will deinitialize all resources occupied by +the given hmac context. + +@strong{Since:} 2.10.0 +@end deftypefun + +@subheading gnutls_hmac_fast +@anchor{gnutls_hmac_fast} +@deftypefun {int} {gnutls_hmac_fast} (gnutls_mac_algorithm_t @var{algorithm}, const void * @var{key}, size_t @var{keylen}, const void * @var{ptext}, size_t @var{ptext_len}, void * @var{digest}) +@var{algorithm}: the hash algorithm to use + +@var{key}: the key to use + +@var{keylen}: the length of the key + +@var{ptext}: the data to hash + +@var{ptext_len}: the length of data to hash + +@var{digest}: is the output value of the hash + +This convenience function will hash the given data and return output +on a single call. + +@strong{Returns:} Zero or a negative error code on error. + +@strong{Since:} 2.10.0 +@end deftypefun + +@subheading gnutls_hmac_get_len +@anchor{gnutls_hmac_get_len} +@deftypefun {unsigned} {gnutls_hmac_get_len} (gnutls_mac_algorithm_t @var{algorithm}) +@var{algorithm}: the hmac algorithm to use + +This function will return the length of the output data +of the given hmac algorithm. + +@strong{Returns:} The length or zero on error. + +@strong{Since:} 2.10.0 +@end deftypefun + +@subheading gnutls_hmac_init +@anchor{gnutls_hmac_init} +@deftypefun {int} {gnutls_hmac_init} (gnutls_hmac_hd_t * @var{dig}, gnutls_mac_algorithm_t @var{algorithm}, const void * @var{key}, size_t @var{keylen}) +@var{dig}: is a @code{gnutls_hmac_hd_t} type + +@var{algorithm}: the HMAC algorithm to use + +@var{key}: the key to be used for encryption + +@var{keylen}: the length of the key + +This function will initialize an context that can be used to +produce a Message Authentication Code (MAC) of data. This will +effectively use the current crypto backend in use by gnutls or the +cryptographic accelerator in use. + +Note that despite the name of this function, it can be used +for other MAC algorithms than HMAC. + +@strong{Returns:} Zero or a negative error code on error. + +@strong{Since:} 2.10.0 +@end deftypefun + +@subheading gnutls_hmac_output +@anchor{gnutls_hmac_output} +@deftypefun {void} {gnutls_hmac_output} (gnutls_hmac_hd_t @var{handle}, void * @var{digest}) +@var{handle}: is a @code{gnutls_hmac_hd_t} type + +@var{digest}: is the output value of the MAC + +This function will output the current MAC value +and reset the state of the MAC. + +@strong{Since:} 2.10.0 +@end deftypefun + +@subheading gnutls_hmac_set_nonce +@anchor{gnutls_hmac_set_nonce} +@deftypefun {void} {gnutls_hmac_set_nonce} (gnutls_hmac_hd_t @var{handle}, const void * @var{nonce}, size_t @var{nonce_len}) +@var{handle}: is a @code{gnutls_hmac_hd_t} type + +@var{nonce}: the data to set as nonce + +@var{nonce_len}: the length of data + +This function will set the nonce in the MAC algorithm. + +@strong{Since:} 3.2.0 +@end deftypefun + +@subheading gnutls_mac_get_nonce_size +@anchor{gnutls_mac_get_nonce_size} +@deftypefun {size_t} {gnutls_mac_get_nonce_size} (gnutls_mac_algorithm_t @var{algorithm}) +@var{algorithm}: is an encryption algorithm + +Returns the size of the nonce used by the MAC in TLS. + +@strong{Returns:} length (in bytes) of the given MAC nonce size, or 0. + +@strong{Since:} 3.2.0 +@end deftypefun + +@subheading gnutls_rnd +@anchor{gnutls_rnd} +@deftypefun {int} {gnutls_rnd} (gnutls_rnd_level_t @var{level}, void * @var{data}, size_t @var{len}) +@var{level}: a security level + +@var{data}: place to store random bytes + +@var{len}: The requested size + +This function will generate random data and store it to output +buffer. The value of @code{level} should be one of @code{GNUTLS_RND_NONCE} , +@code{GNUTLS_RND_RANDOM} and @code{GNUTLS_RND_KEY} . See the manual and +@code{gnutls_rnd_level_t} for detailed information. + +This function is thread-safe and also fork-safe. + +@strong{Returns:} Zero on success, or a negative error code on error. + +@strong{Since:} 2.12.0 +@end deftypefun + +@subheading gnutls_rnd_refresh +@anchor{gnutls_rnd_refresh} +@deftypefun {void} {gnutls_rnd_refresh} ( @var{void}) + +This function refreshes the random generator state. +That is the current precise time, CPU usage, and +other values are input into its state. + +On a slower rate input from /dev/urandom is mixed too. + +@strong{Since:} 3.1.7 +@end deftypefun + diff --git a/doc/dane-api.texi b/doc/dane-api.texi new file mode 100644 index 0000000..5511734 --- /dev/null +++ b/doc/dane-api.texi @@ -0,0 +1,341 @@ + +@subheading dane_cert_type_name +@anchor{dane_cert_type_name} +@deftypefun {const char *} {dane_cert_type_name} (dane_cert_type_t @var{type}) +@var{type}: is a DANE match type + +Convert a @code{dane_cert_type_t} value to a string. + +@strong{Returns:} a string that contains the name of the specified +type, or @code{NULL} . +@end deftypefun + +@subheading dane_cert_usage_name +@anchor{dane_cert_usage_name} +@deftypefun {const char *} {dane_cert_usage_name} (dane_cert_usage_t @var{usage}) +@var{usage}: is a DANE certificate usage + +Convert a @code{dane_cert_usage_t} value to a string. + +@strong{Returns:} a string that contains the name of the specified +type, or @code{NULL} . +@end deftypefun + +@subheading dane_match_type_name +@anchor{dane_match_type_name} +@deftypefun {const char *} {dane_match_type_name} (dane_match_type_t @var{type}) +@var{type}: is a DANE match type + +Convert a @code{dane_match_type_t} value to a string. + +@strong{Returns:} a string that contains the name of the specified +type, or @code{NULL} . +@end deftypefun + +@subheading dane_query_data +@anchor{dane_query_data} +@deftypefun {int} {dane_query_data} (dane_query_t @var{q}, unsigned int @var{idx}, unsigned int * @var{usage}, unsigned int * @var{type}, unsigned int * @var{match}, gnutls_datum_t * @var{data}) +@var{q}: The query result structure + +@var{idx}: The index of the query response. + +@var{usage}: The certificate usage (see @code{dane_cert_usage_t} ) + +@var{type}: The certificate type (see @code{dane_cert_type_t} ) + +@var{match}: The DANE matching type (see @code{dane_match_type_t} ) + +@var{data}: The DANE data. + +This function will provide the DANE data from the query +response. + +@strong{Returns:} On success, @code{DANE_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun + +@subheading dane_query_deinit +@anchor{dane_query_deinit} +@deftypefun {void} {dane_query_deinit} (dane_query_t @var{q}) +@var{q}: The structure to be deinitialized + +This function will deinitialize a DANE query result structure. +@end deftypefun + +@subheading dane_query_entries +@anchor{dane_query_entries} +@deftypefun {unsigned int} {dane_query_entries} (dane_query_t @var{q}) +@var{q}: The query result structure + +This function will return the number of entries in a query. + +@strong{Returns:} The number of entries. +@end deftypefun + +@subheading dane_query_status +@anchor{dane_query_status} +@deftypefun {dane_query_status_t} {dane_query_status} (dane_query_t @var{q}) +@var{q}: The query result structure + +This function will return the status of the query response. +See @code{dane_query_status_t} for the possible types. + +@strong{Returns:} The status type. +@end deftypefun + +@subheading dane_query_tlsa +@anchor{dane_query_tlsa} +@deftypefun {int} {dane_query_tlsa} (dane_state_t @var{s}, dane_query_t * @var{r}, const char * @var{host}, const char * @var{proto}, unsigned int @var{port}) +@var{s}: The DANE state structure + +@var{r}: A structure to place the result + +@var{host}: The host name to resolve. + +@var{proto}: The protocol type (tcp, udp, etc.) + +@var{port}: The service port number (eg. 443). + +This function will query the DNS server for the TLSA (DANE) +data for the given host. + +@strong{Returns:} On success, @code{DANE_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun + +@subheading dane_query_to_raw_tlsa +@anchor{dane_query_to_raw_tlsa} +@deftypefun {int} {dane_query_to_raw_tlsa} (dane_query_t @var{q}, unsigned int * @var{data_entries}, char *** @var{dane_data}, int ** @var{dane_data_len}, int * @var{secure}, int * @var{bogus}) +@var{q}: The query result structure + +@var{data_entries}: Pointer set to the number of entries in the query + +@var{dane_data}: Pointer to contain an array of DNS rdata items, terminated with a NULL pointer; +caller must guarantee that the referenced data remains +valid until @code{dane_query_deinit()} is called. + +@var{dane_data_len}: Pointer to contain the length n bytes of the dane_data items + +@var{secure}: Pointer set true if the result is validated securely, false if +validation failed or the domain queried has no security info + +@var{bogus}: Pointer set true if the result was not secure due to a security failure + +This function will provide the DANE data from the query +response. + +The pointers dane_data and dane_data_len are allocated with @code{gnutls_malloc()} +to contain the data from the query result structure (individual + @code{dane_data} items simply point to the original data and are not allocated separately). +The returned @code{dane_data} are only valid during the lifetime of @code{q} . + +@strong{Returns:} On success, @code{DANE_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun + +@subheading dane_raw_tlsa +@anchor{dane_raw_tlsa} +@deftypefun {int} {dane_raw_tlsa} (dane_state_t @var{s}, dane_query_t * @var{r}, char *const * @var{dane_data}, const int * @var{dane_data_len}, int @var{secure}, int @var{bogus}) +@var{s}: The DANE state structure + +@var{r}: A structure to place the result + +@var{dane_data}: array of DNS rdata items, terminated with a NULL pointer; +caller must guarantee that the referenced data remains +valid until @code{dane_query_deinit()} is called. + +@var{dane_data_len}: the length n bytes of the dane_data items + +@var{secure}: true if the result is validated securely, false if +validation failed or the domain queried has no security info + +@var{bogus}: if the result was not secure (secure = 0) due to a security failure, +and the result is due to a security failure, bogus is true. + +This function will fill in the TLSA (DANE) structure from +the given raw DNS record data. The @code{dane_data} must be valid +during the lifetime of the query. + +@strong{Returns:} On success, @code{DANE_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun + +@subheading dane_state_deinit +@anchor{dane_state_deinit} +@deftypefun {void} {dane_state_deinit} (dane_state_t @var{s}) +@var{s}: The structure to be deinitialized + +This function will deinitialize a DANE query structure. +@end deftypefun + +@subheading dane_state_init +@anchor{dane_state_init} +@deftypefun {int} {dane_state_init} (dane_state_t * @var{s}, unsigned int @var{flags}) +@var{s}: The structure to be initialized + +@var{flags}: flags from the @code{dane_state_flags} enumeration + +This function will initialize the backend resolver. It is +intended to be used in scenarios where multiple resolvings +occur, to optimize against multiple re-initializations. + +@strong{Returns:} On success, @code{DANE_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun + +@subheading dane_state_set_dlv_file +@anchor{dane_state_set_dlv_file} +@deftypefun {int} {dane_state_set_dlv_file} (dane_state_t @var{s}, const char * @var{file}) +@var{s}: The structure to be deinitialized + +@var{file}: The file holding the DLV keys. + +This function will set a file with trusted keys +for DLV (DNSSEC Lookaside Validation). +@end deftypefun + +@subheading dane_strerror +@anchor{dane_strerror} +@deftypefun {const char *} {dane_strerror} (int @var{error}) +@var{error}: is a DANE error code, a negative error code + +This function is similar to strerror. The difference is that it +accepts an error number returned by a gnutls function; In case of +an unknown error a descriptive string is sent instead of @code{NULL} . + +Error codes are always a negative error code. + +@strong{Returns:} A string explaining the DANE error message. +@end deftypefun + +@subheading dane_verification_status_print +@anchor{dane_verification_status_print} +@deftypefun {int} {dane_verification_status_print} (unsigned int @var{status}, gnutls_datum_t * @var{out}, unsigned int @var{flags}) +@var{status}: The status flags to be printed + +@var{out}: Newly allocated datum with (0) terminated string. + +@var{flags}: should be zero + +This function will pretty print the status of a verification +process -- eg. the one obtained by @code{dane_verify_crt()} . + +The output @code{out} needs to be deallocated using @code{gnutls_free()} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun + +@subheading dane_verify_crt +@anchor{dane_verify_crt} +@deftypefun {int} {dane_verify_crt} (dane_state_t @var{s}, const gnutls_datum_t * @var{chain}, unsigned @var{chain_size}, gnutls_certificate_type_t @var{chain_type}, const char * @var{hostname}, const char * @var{proto}, unsigned int @var{port}, unsigned int @var{sflags}, unsigned int @var{vflags}, unsigned int * @var{verify}) +@var{s}: A DANE state structure (may be NULL) + +@var{chain}: A certificate chain + +@var{chain_size}: The size of the chain + +@var{chain_type}: The type of the certificate chain + +@var{hostname}: The hostname associated with the chain + +@var{proto}: The protocol of the service connecting (e.g. tcp) + +@var{port}: The port of the service connecting (e.g. 443) + +@var{sflags}: Flags for the initialization of @code{s} (if NULL) + +@var{vflags}: Verification flags; an OR'ed list of @code{dane_verify_flags_t} . + +@var{verify}: An OR'ed list of @code{dane_verify_status_t} . + +This function will verify the given certificate chain against the +CA constrains and/or the certificate available via DANE. +If no information via DANE can be obtained the flag @code{DANE_VERIFY_NO_DANE_INFO} +is set. If a DNSSEC signature is not available for the DANE +record then the verify flag @code{DANE_VERIFY_NO_DNSSEC_DATA} is set. + +Due to the many possible options of DANE, there is no single threat +model countered. When notifying the user about DANE verification results +it may be better to mention: DANE verification did not reject the certificate, +rather than mentioning a successful DANE verication. + +Note that this function is designed to be run in addition to +PKIX - certificate chain - verification. To be run independently +the @code{DANE_VFLAG_ONLY_CHECK_EE_USAGE} flag should be specified; +then the function will check whether the key of the peer matches the +key advertized in the DANE entry. + +@strong{Returns:} a negative error code on error and @code{DANE_E_SUCCESS} (0) +when the DANE entries were successfully parsed, irrespective of +whether they were verified (see @code{verify} for that information). If +no usable entries were encountered @code{DANE_E_REQUESTED_DATA_NOT_AVAILABLE} +will be returned. +@end deftypefun + +@subheading dane_verify_crt_raw +@anchor{dane_verify_crt_raw} +@deftypefun {int} {dane_verify_crt_raw} (dane_state_t @var{s}, const gnutls_datum_t * @var{chain}, unsigned @var{chain_size}, gnutls_certificate_type_t @var{chain_type}, dane_query_t @var{r}, unsigned int @var{sflags}, unsigned int @var{vflags}, unsigned int * @var{verify}) +@var{s}: A DANE state structure (may be NULL) + +@var{chain}: A certificate chain + +@var{chain_size}: The size of the chain + +@var{chain_type}: The type of the certificate chain + +@var{r}: DANE data to check against + +@var{sflags}: Flags for the initialization of @code{s} (if NULL) + +@var{vflags}: Verification flags; an OR'ed list of @code{dane_verify_flags_t} . + +@var{verify}: An OR'ed list of @code{dane_verify_status_t} . + +This is the low-level function of @code{dane_verify_crt()} . See the +high level function for documentation. + +This function does not perform any resolving, it utilizes +cached entries from @code{r} . + +@strong{Returns:} a negative error code on error and @code{DANE_E_SUCCESS} (0) +when the DANE entries were successfully parsed, irrespective of +whether they were verified (see @code{verify} for that information). If +no usable entries were encountered @code{DANE_E_REQUESTED_DATA_NOT_AVAILABLE} +will be returned. +@end deftypefun + +@subheading dane_verify_session_crt +@anchor{dane_verify_session_crt} +@deftypefun {int} {dane_verify_session_crt} (dane_state_t @var{s}, gnutls_session_t @var{session}, const char * @var{hostname}, const char * @var{proto}, unsigned int @var{port}, unsigned int @var{sflags}, unsigned int @var{vflags}, unsigned int * @var{verify}) +@var{s}: A DANE state structure (may be NULL) + +@var{session}: A gnutls session + +@var{hostname}: The hostname associated with the chain + +@var{proto}: The protocol of the service connecting (e.g. tcp) + +@var{port}: The port of the service connecting (e.g. 443) + +@var{sflags}: Flags for the initialization of @code{s} (if NULL) + +@var{vflags}: Verification flags; an OR'ed list of @code{dane_verify_flags_t} . + +@var{verify}: An OR'ed list of @code{dane_verify_status_t} . + +This function will verify session's certificate chain against the +CA constrains and/or the certificate available via DANE. +See @code{dane_verify_crt()} for more information. + +This will not verify the chain for validity; unless the DANE +verification is restricted to end certificates, this must be +be performed separately using @code{gnutls_certificate_verify_peers3()} . + +@strong{Returns:} a negative error code on error and @code{DANE_E_SUCCESS} (0) +when the DANE entries were successfully parsed, irrespective of +whether they were verified (see @code{verify} for that information). If +no usable entries were encountered @code{DANE_E_REQUESTED_DATA_NOT_AVAILABLE} +will be returned. +@end deftypefun + diff --git a/doc/doc.mk b/doc/doc.mk new file mode 100644 index 0000000..21636f6 --- /dev/null +++ b/doc/doc.mk @@ -0,0 +1,32 @@ +# Copyright (C) 2012 Free Software Foundation, Inc. +# +# Author: Nikos Mavrogiannopoulos +# +# This file is part of GnuTLS. +# +# This file is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 3 of the License, or +# (at your option) any later version. +# +# This file is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this file; if not, write to the Free Software Foundation, +# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +HEADER_FILES = $(top_srcdir)/lib/includes/gnutls/gnutls.h.in \ + $(top_srcdir)/lib/includes/gnutls/x509.h \ + $(top_srcdir)/lib/includes/gnutls/pkcs12.h $(top_srcdir)/lib/includes/gnutls/pkcs11.h \ + $(top_srcdir)/lib/includes/gnutls/abstract.h $(top_srcdir)/lib/includes/gnutls/compat.h \ + $(top_srcdir)/lib/includes/gnutls/dtls.h $(top_srcdir)/lib/includes/gnutls/crypto.h \ + $(top_srcdir)/lib/includes/gnutls/ocsp.h $(top_srcdir)/lib/includes/gnutls/tpm.h \ + $(top_srcdir)/libdane/includes/gnutls/dane.h $(top_srcdir)/lib/includes/gnutls/x509-ext.h \ + $(top_srcdir)/lib/includes/gnutls/urls.h $(top_srcdir)/lib/includes/gnutls/system-keys.h \ + $(top_srcdir)/lib/includes/gnutls/pkcs7.h $(top_srcdir)/lib/includes/gnutls/socket.h + +C_SOURCE_FILES = $(top_srcdir)/lib/*/*.c $(top_srcdir)/lib/*.c $(top_srcdir)/libdane/*.c +C_X509_SOURCE_FILES = $(top_srcdir)/lib/x509/*.c $(top_srcdir)/lib/*.c $(top_srcdir)/lib/system/certs.c diff --git a/doc/doxygen/Doxyfile.in b/doc/doxygen/Doxyfile.in new file mode 100644 index 0000000..6b7a1a7 --- /dev/null +++ b/doc/doxygen/Doxyfile.in @@ -0,0 +1,1417 @@ +# Doxyfile 1.5.6 + +# This file describes the settings to be used by the documentation system +# doxygen (www.doxygen.org) for a project +# +# All text after a hash (#) is considered a comment and will be ignored +# The format is: +# TAG = value [value, ...] +# For lists items can also be appended using: +# TAG += value [value, ...] +# Values that contain spaces should be placed between quotes (" ") + +#--------------------------------------------------------------------------- +# Project related configuration options +#--------------------------------------------------------------------------- + +# This tag specifies the encoding used for all characters in the config file +# that follow. The default is UTF-8 which is also the encoding used for all +# text before the first occurrence of this tag. Doxygen uses libiconv (or the +# iconv built into libc) for the transcoding. See +# https://www.gnu.org/software/libiconv for the list of possible encodings. + +DOXYFILE_ENCODING = UTF-8 + +# The PROJECT_NAME tag is a single word (or a sequence of words surrounded +# by quotes) that should identify the project. + +PROJECT_NAME = @PACKAGE@ + +# The PROJECT_NUMBER tag can be used to enter a project or revision number. +# This could be handy for archiving the generated documentation or +# if some version control system is used. + +PROJECT_NUMBER = @VERSION@ + +# The OUTPUT_DIRECTORY tag is used to specify the (relative or absolute) +# base path where the generated documentation will be put. +# If a relative path is entered, it will be relative to the location +# where doxygen was started. If left blank the current directory will be used. + +OUTPUT_DIRECTORY = + +# If the CREATE_SUBDIRS tag is set to YES, then doxygen will create +# 4096 sub-directories (in 2 levels) under the output directory of each output +# format and will distribute the generated files over these directories. +# Enabling this option can be useful when feeding doxygen a huge amount of +# source files, where putting all generated files in the same directory would +# otherwise cause performance problems for the file system. + +CREATE_SUBDIRS = NO + +# The OUTPUT_LANGUAGE tag is used to specify the language in which all +# documentation generated by doxygen is written. Doxygen will use this +# information to generate all constant output in the proper language. +# The default language is English, other supported languages are: +# Afrikaans, Arabic, Brazilian, Catalan, Chinese, Chinese-Traditional, +# Croatian, Czech, Danish, Dutch, Farsi, Finnish, French, German, Greek, +# Hungarian, Italian, Japanese, Japanese-en (Japanese with English messages), +# Korean, Korean-en, Lithuanian, Norwegian, Macedonian, Persian, Polish, +# Portuguese, Romanian, Russian, Serbian, Slovak, Slovene, Spanish, Swedish, +# and Ukrainian. + +OUTPUT_LANGUAGE = English + +# If the BRIEF_MEMBER_DESC tag is set to YES (the default) Doxygen will +# include brief member descriptions after the members that are listed in +# the file and class documentation (similar to JavaDoc). +# Set to NO to disable this. + +BRIEF_MEMBER_DESC = YES + +# If the REPEAT_BRIEF tag is set to YES (the default) Doxygen will prepend +# the brief description of a member or function before the detailed description. +# Note: if both HIDE_UNDOC_MEMBERS and BRIEF_MEMBER_DESC are set to NO, the +# brief descriptions will be completely suppressed. + +REPEAT_BRIEF = YES + +# This tag implements a quasi-intelligent brief description abbreviator +# that is used to form the text in various listings. Each string +# in this list, if found as the leading text of the brief description, will be +# stripped from the text and the result after processing the whole list, is +# used as the annotated text. Otherwise, the brief description is used as-is. +# If left blank, the following values are used ("$name" is automatically +# replaced with the name of the entity): "The $name class" "The $name widget" +# "The $name file" "is" "provides" "specifies" "contains" +# "represents" "a" "an" "the" + +ABBREVIATE_BRIEF = + +# If the ALWAYS_DETAILED_SEC and REPEAT_BRIEF tags are both set to YES then +# Doxygen will generate a detailed section even if there is only a brief +# description. + +ALWAYS_DETAILED_SEC = NO + +# If the INLINE_INHERITED_MEMB tag is set to YES, doxygen will show all +# inherited members of a class in the documentation of that class as if those +# members were ordinary class members. Constructors, destructors and assignment +# operators of the base classes will not be shown. + +INLINE_INHERITED_MEMB = NO + +# If the FULL_PATH_NAMES tag is set to YES then Doxygen will prepend the full +# path before files name in the file list and in the header files. If set +# to NO the shortest path that makes the file name unique will be used. + +FULL_PATH_NAMES = YES + +# If the FULL_PATH_NAMES tag is set to YES then the STRIP_FROM_PATH tag +# can be used to strip a user-defined part of the path. Stripping is +# only done if one of the specified strings matches the left-hand part of +# the path. The tag can be used to show relative paths in the file list. +# If left blank the directory from which doxygen is run is used as the +# path to strip. + +STRIP_FROM_PATH = + +# The STRIP_FROM_INC_PATH tag can be used to strip a user-defined part of +# the path mentioned in the documentation of a class, which tells +# the reader which header file to include in order to use a class. +# If left blank only the name of the header file containing the class +# definition is used. Otherwise one should specify the include paths that +# are normally passed to the compiler using the -I flag. + +STRIP_FROM_INC_PATH = + +# If the SHORT_NAMES tag is set to YES, doxygen will generate much shorter +# (but less readable) file names. This can be useful is your file systems +# doesn't support long names like on DOS, Mac, or CD-ROM. + +SHORT_NAMES = NO + +# If the JAVADOC_AUTOBRIEF tag is set to YES then Doxygen +# will interpret the first line (until the first dot) of a JavaDoc-style +# comment as the brief description. If set to NO, the JavaDoc +# comments will behave just like regular Qt-style comments +# (thus requiring an explicit @brief command for a brief description.) + +JAVADOC_AUTOBRIEF = NO + +# If the QT_AUTOBRIEF tag is set to YES then Doxygen will +# interpret the first line (until the first dot) of a Qt-style +# comment as the brief description. If set to NO, the comments +# will behave just like regular Qt-style comments (thus requiring +# an explicit \brief command for a brief description.) + +QT_AUTOBRIEF = NO + +# The MULTILINE_CPP_IS_BRIEF tag can be set to YES to make Doxygen +# treat a multi-line C++ special comment block (i.e. a block of //! or /// +# comments) as a brief description. This used to be the default behaviour. +# The new default is to treat a multi-line C++ comment block as a detailed +# description. Set this tag to YES if you prefer the old behaviour instead. + +MULTILINE_CPP_IS_BRIEF = NO + +# If the DETAILS_AT_TOP tag is set to YES then Doxygen +# will output the detailed description near the top, like JavaDoc. +# If set to NO, the detailed description appears after the member +# documentation. + +DETAILS_AT_TOP = NO + +# If the INHERIT_DOCS tag is set to YES (the default) then an undocumented +# member inherits the documentation from any documented member that it +# re-implements. + +INHERIT_DOCS = YES + +# If the SEPARATE_MEMBER_PAGES tag is set to YES, then doxygen will produce +# a new page for each member. If set to NO, the documentation of a member will +# be part of the file/class/namespace that contains it. + +SEPARATE_MEMBER_PAGES = NO + +# The TAB_SIZE tag can be used to set the number of spaces in a tab. +# Doxygen uses this value to replace tabs by spaces in code fragments. + +TAB_SIZE = 8 + +# This tag can be used to specify a number of aliases that acts +# as commands in the documentation. An alias has the form "name=value". +# For example adding "sideeffect=\par Side Effects:\n" will allow you to +# put the command \sideeffect (or @sideeffect) in the documentation, which +# will result in a user-defined paragraph with heading "Side Effects:". +# You can put \n's in the value part of an alias to insert newlines. + +ALIASES = + +# Set the OPTIMIZE_OUTPUT_FOR_C tag to YES if your project consists of C +# sources only. Doxygen will then generate output that is more tailored for C. +# For instance, some of the names that are used will be different. The list +# of all members will be omitted, etc. + +OPTIMIZE_OUTPUT_FOR_C = YES + +# Set the OPTIMIZE_OUTPUT_JAVA tag to YES if your project consists of Java +# sources only. Doxygen will then generate output that is more tailored for +# Java. For instance, namespaces will be presented as packages, qualified +# scopes will look different, etc. + +OPTIMIZE_OUTPUT_JAVA = NO + +# Set the OPTIMIZE_FOR_FORTRAN tag to YES if your project consists of Fortran +# sources only. Doxygen will then generate output that is more tailored for +# Fortran. + +OPTIMIZE_FOR_FORTRAN = NO + +# Set the OPTIMIZE_OUTPUT_VHDL tag to YES if your project consists of VHDL +# sources. Doxygen will then generate output that is tailored for +# VHDL. + +OPTIMIZE_OUTPUT_VHDL = NO + +# If you use STL classes (i.e. std::string, std::vector, etc.) but do not want +# to include (a tag file for) the STL sources as input, then you should +# set this tag to YES in order to let doxygen match functions declarations and +# definitions whose arguments contain STL classes (e.g. func(std::string); v.s. +# func(std::string) {}). This also make the inheritance and collaboration +# diagrams that involve STL classes more complete and accurate. + +BUILTIN_STL_SUPPORT = NO + +# If you use Microsoft's C++/CLI language, you should set this option to YES to +# enable parsing support. + +CPP_CLI_SUPPORT = NO + +# Set the SIP_SUPPORT tag to YES if your project consists of sip sources only. +# Doxygen will parse them like normal C++ but will assume all classes use public +# instead of private inheritance when no explicit protection keyword is present. + +SIP_SUPPORT = NO + +# For Microsoft's IDL there are propget and propput attributes to indicate getter +# and setter methods for a property. Setting this option to YES (the default) +# will make doxygen to replace the get and set methods by a property in the +# documentation. This will only work if the methods are indeed getting or +# setting a simple type. If this is not the case, or you want to show the +# methods anyway, you should set this option to NO. + +IDL_PROPERTY_SUPPORT = YES + +# If member grouping is used in the documentation and the DISTRIBUTE_GROUP_DOC +# tag is set to YES, then doxygen will reuse the documentation of the first +# member in the group (if any) for the other members of the group. By default +# all members of a group must be documented explicitly. + +DISTRIBUTE_GROUP_DOC = NO + +# Set the SUBGROUPING tag to YES (the default) to allow class member groups of +# the same type (for instance a group of public functions) to be put as a +# subgroup of that type (e.g. under the Public Functions section). Set it to +# NO to prevent subgrouping. Alternatively, this can be done per class using +# the \nosubgrouping command. + +SUBGROUPING = YES + +# When TYPEDEF_HIDES_STRUCT is enabled, a typedef of a struct, union, or enum +# is documented as struct, union, or enum with the name of the typedef. So +# typedef struct TypeS {} TypeT, will appear in the documentation as a struct +# with name TypeT. When disabled the typedef will appear as a member of a file, +# namespace, or class. And the struct will be named TypeS. This can typically +# be useful for C code in case the coding convention dictates that all compound +# types are typedef'ed and only the typedef is referenced, never the tag name. + +TYPEDEF_HIDES_STRUCT = NO + +#--------------------------------------------------------------------------- +# Build related configuration options +#--------------------------------------------------------------------------- + +# If the EXTRACT_ALL tag is set to YES doxygen will assume all entities in +# documentation are documented, even if no documentation was available. +# Private class members and static file members will be hidden unless +# the EXTRACT_PRIVATE and EXTRACT_STATIC tags are set to YES + +EXTRACT_ALL = YES + +# If the EXTRACT_PRIVATE tag is set to YES all private members of a class +# will be included in the documentation. + +EXTRACT_PRIVATE = NO + +# If the EXTRACT_STATIC tag is set to YES all static members of a file +# will be included in the documentation. + +EXTRACT_STATIC = NO + +# If the EXTRACT_LOCAL_CLASSES tag is set to YES classes (and structs) +# defined locally in source files will be included in the documentation. +# If set to NO only classes defined in header files are included. + +EXTRACT_LOCAL_CLASSES = YES + +# This flag is only useful for Objective-C code. When set to YES local +# methods, which are defined in the implementation section but not in +# the interface are included in the documentation. +# If set to NO (the default) only methods in the interface are included. + +EXTRACT_LOCAL_METHODS = NO + +# If this flag is set to YES, the members of anonymous namespaces will be +# extracted and appear in the documentation as a namespace called +# 'anonymous_namespace{file}', where file will be replaced with the base +# name of the file that contains the anonymous namespace. By default +# anonymous namespace are hidden. + +EXTRACT_ANON_NSPACES = NO + +# If the HIDE_UNDOC_MEMBERS tag is set to YES, Doxygen will hide all +# undocumented members of documented classes, files or namespaces. +# If set to NO (the default) these members will be included in the +# various overviews, but no documentation section is generated. +# This option has no effect if EXTRACT_ALL is enabled. + +HIDE_UNDOC_MEMBERS = NO + +# If the HIDE_UNDOC_CLASSES tag is set to YES, Doxygen will hide all +# undocumented classes that are normally visible in the class hierarchy. +# If set to NO (the default) these classes will be included in the various +# overviews. This option has no effect if EXTRACT_ALL is enabled. + +HIDE_UNDOC_CLASSES = NO + +# If the HIDE_FRIEND_COMPOUNDS tag is set to YES, Doxygen will hide all +# friend (class|struct|union) declarations. +# If set to NO (the default) these declarations will be included in the +# documentation. + +HIDE_FRIEND_COMPOUNDS = NO + +# If the HIDE_IN_BODY_DOCS tag is set to YES, Doxygen will hide any +# documentation blocks found inside the body of a function. +# If set to NO (the default) these blocks will be appended to the +# function's detailed documentation block. + +HIDE_IN_BODY_DOCS = NO + +# The INTERNAL_DOCS tag determines if documentation +# that is typed after a \internal command is included. If the tag is set +# to NO (the default) then the documentation will be excluded. +# Set it to YES to include the internal documentation. + +INTERNAL_DOCS = NO + +# If the CASE_SENSE_NAMES tag is set to NO then Doxygen will only generate +# file names in lower-case letters. If set to YES upper-case letters are also +# allowed. This is useful if you have classes or files whose names only differ +# in case and if your file system supports case sensitive file names. Windows +# and Mac users are advised to set this option to NO. + +CASE_SENSE_NAMES = YES + +# If the HIDE_SCOPE_NAMES tag is set to NO (the default) then Doxygen +# will show members with their full class and namespace scopes in the +# documentation. If set to YES the scope will be hidden. + +HIDE_SCOPE_NAMES = NO + +# If the SHOW_INCLUDE_FILES tag is set to YES (the default) then Doxygen +# will put a list of the files that are included by a file in the documentation +# of that file. + +SHOW_INCLUDE_FILES = YES + +# If the INLINE_INFO tag is set to YES (the default) then a tag [inline] +# is inserted in the documentation for inline members. + +INLINE_INFO = YES + +# If the SORT_MEMBER_DOCS tag is set to YES (the default) then doxygen +# will sort the (detailed) documentation of file and class members +# alphabetically by member name. If set to NO the members will appear in +# declaration order. + +SORT_MEMBER_DOCS = YES + +# If the SORT_BRIEF_DOCS tag is set to YES then doxygen will sort the +# brief documentation of file, namespace and class members alphabetically +# by member name. If set to NO (the default) the members will appear in +# declaration order. + +SORT_BRIEF_DOCS = NO + +# If the SORT_GROUP_NAMES tag is set to YES then doxygen will sort the +# hierarchy of group names into alphabetical order. If set to NO (the default) +# the group names will appear in their defined order. + +SORT_GROUP_NAMES = NO + +# If the SORT_BY_SCOPE_NAME tag is set to YES, the class list will be +# sorted by fully-qualified names, including namespaces. If set to +# NO (the default), the class list will be sorted only by class name, +# not including the namespace part. +# Note: This option is not very useful if HIDE_SCOPE_NAMES is set to YES. +# Note: This option applies only to the class list, not to the +# alphabetical list. + +SORT_BY_SCOPE_NAME = NO + +# The GENERATE_TODOLIST tag can be used to enable (YES) or +# disable (NO) the todo list. This list is created by putting \todo +# commands in the documentation. + +GENERATE_TODOLIST = YES + +# The GENERATE_TESTLIST tag can be used to enable (YES) or +# disable (NO) the test list. This list is created by putting \test +# commands in the documentation. + +GENERATE_TESTLIST = YES + +# The GENERATE_BUGLIST tag can be used to enable (YES) or +# disable (NO) the bug list. This list is created by putting \bug +# commands in the documentation. + +GENERATE_BUGLIST = YES + +# The GENERATE_DEPRECATEDLIST tag can be used to enable (YES) or +# disable (NO) the deprecated list. This list is created by putting +# \deprecated commands in the documentation. + +GENERATE_DEPRECATEDLIST= YES + +# The ENABLED_SECTIONS tag can be used to enable conditional +# documentation sections, marked by \if sectionname ... \endif. + +ENABLED_SECTIONS = + +# The MAX_INITIALIZER_LINES tag determines the maximum number of lines +# the initial value of a variable or define consists of for it to appear in +# the documentation. If the initializer consists of more lines than specified +# here it will be hidden. Use a value of 0 to hide initializers completely. +# The appearance of the initializer of individual variables and defines in the +# documentation can be controlled using \showinitializer or \hideinitializer +# command in the documentation regardless of this setting. + +MAX_INITIALIZER_LINES = 30 + +# Set the SHOW_USED_FILES tag to NO to disable the list of files generated +# at the bottom of the documentation of classes and structs. If set to YES the +# list will mention the files that were used to generate the documentation. + +SHOW_USED_FILES = YES + +# If the sources in your project are distributed over multiple directories +# then setting the SHOW_DIRECTORIES tag to YES will show the directory hierarchy +# in the documentation. The default is NO. + +SHOW_DIRECTORIES = NO + +# Set the SHOW_FILES tag to NO to disable the generation of the Files page. +# This will remove the Files entry from the Quick Index and from the +# Folder Tree View (if specified). The default is YES. + +SHOW_FILES = YES + +# Set the SHOW_NAMESPACES tag to NO to disable the generation of the +# Namespaces page. This will remove the Namespaces entry from the Quick Index +# and from the Folder Tree View (if specified). The default is YES. + +SHOW_NAMESPACES = YES + +# The FILE_VERSION_FILTER tag can be used to specify a program or script that +# doxygen should invoke to get the current version for each file (typically from +# the version control system). Doxygen will invoke the program by executing (via +# popen()) the command , where is the value of +# the FILE_VERSION_FILTER tag, and is the name of an input file +# provided by doxygen. Whatever the program writes to standard output +# is used as the file version. See the manual for examples. + +FILE_VERSION_FILTER = + +#--------------------------------------------------------------------------- +# configuration options related to warning and progress messages +#--------------------------------------------------------------------------- + +# The QUIET tag can be used to turn on/off the messages that are generated +# by doxygen. Possible values are YES and NO. If left blank NO is used. + +QUIET = NO + +# The WARNINGS tag can be used to turn on/off the warning messages that are +# generated by doxygen. Possible values are YES and NO. If left blank +# NO is used. + +WARNINGS = YES + +# If WARN_IF_UNDOCUMENTED is set to YES, then doxygen will generate warnings +# for undocumented members. If EXTRACT_ALL is set to YES then this flag will +# automatically be disabled. + +WARN_IF_UNDOCUMENTED = YES + +# If WARN_IF_DOC_ERROR is set to YES, doxygen will generate warnings for +# potential errors in the documentation, such as not documenting some +# parameters in a documented function, or documenting parameters that +# don't exist or using markup commands wrongly. + +WARN_IF_DOC_ERROR = YES + +# This WARN_NO_PARAMDOC option can be abled to get warnings for +# functions that are documented, but have no documentation for their parameters +# or return value. If set to NO (the default) doxygen will only warn about +# wrong or incomplete parameter documentation, but not about the absence of +# documentation. + +WARN_NO_PARAMDOC = NO + +# The WARN_FORMAT tag determines the format of the warning messages that +# doxygen can produce. The string should contain the $file, $line, and $text +# tags, which will be replaced by the file and line number from which the +# warning originated and the warning text. Optionally the format may contain +# $version, which will be replaced by the version of the file (if it could +# be obtained via FILE_VERSION_FILTER) + +WARN_FORMAT = "$file:$line: $text" + +# The WARN_LOGFILE tag can be used to specify a file to which warning +# and error messages should be written. If left blank the output is written +# to stderr. + +WARN_LOGFILE = + +#--------------------------------------------------------------------------- +# configuration options related to the input files +#--------------------------------------------------------------------------- + +# The INPUT tag can be used to specify the files and/or directories that contain +# documented source files. You may enter file names like "myfile.cpp" or +# directories like "/usr/src/myproject". Separate the files or directories +# with spaces. + +INPUT = ../../ + +# This tag can be used to specify the character encoding of the source files +# that doxygen parses. Internally doxygen uses the UTF-8 encoding, which is +# also the default input encoding. Doxygen uses libiconv (or the iconv built +# into libc) for the transcoding. See https://www.gnu.org/software/libiconv for +# the list of possible encodings. + +INPUT_ENCODING = UTF-8 + +# If the value of the INPUT tag contains directories, you can use the +# FILE_PATTERNS tag to specify one or more wildcard pattern (like *.cpp +# and *.h) to filter out the source-files in the directories. If left +# blank the following patterns are tested: +# *.c *.cc *.cxx *.cpp *.c++ *.java *.ii *.ixx *.ipp *.i++ *.inl *.h *.hh *.hxx +# *.hpp *.h++ *.idl *.odl *.cs *.php *.php3 *.inc *.m *.mm *.py *.f90 + +FILE_PATTERNS = + +# The RECURSIVE tag can be used to turn specify whether or not subdirectories +# should be searched for input files as well. Possible values are YES and NO. +# If left blank NO is used. + +RECURSIVE = YES + +# The EXCLUDE tag can be used to specify files and/or directories that should +# excluded from the INPUT source files. This way you can easily exclude a +# subdirectory from a directory tree whose root is specified with the INPUT tag. + +EXCLUDE = + +# The EXCLUDE_SYMLINKS tag can be used select whether or not files or +# directories that are symbolic links (a Unix filesystem feature) are excluded +# from the input. + +EXCLUDE_SYMLINKS = NO + +# If the value of the INPUT tag contains directories, you can use the +# EXCLUDE_PATTERNS tag to specify one or more wildcard patterns to exclude +# certain files from those directories. Note that the wildcards are matched +# against the file with absolute path, so to exclude all test directories +# for example use the pattern */test/* + +EXCLUDE_PATTERNS = */config.h */doc/* */build-aux/* */gl/* */src/*-gaa.? */src/cfg/* */tests/* */guile/* *.cpp */gnutlsxx.h */lib/minitasn1/* *openssl* + +# The EXCLUDE_SYMBOLS tag can be used to specify one or more symbol names +# (namespaces, classes, functions, etc.) that should be excluded from the +# output. The symbol name can be a fully qualified name, a word, or if the +# wildcard * is used, a substring. Examples: ANamespace, AClass, +# AClass::ANamespace, ANamespace::*Test + +EXCLUDE_SYMBOLS = + +# The EXAMPLE_PATH tag can be used to specify one or more files or +# directories that contain example code fragments that are included (see +# the \include command). + +EXAMPLE_PATH = + +# If the value of the EXAMPLE_PATH tag contains directories, you can use the +# EXAMPLE_PATTERNS tag to specify one or more wildcard pattern (like *.cpp +# and *.h) to filter out the source-files in the directories. If left +# blank all files are included. + +EXAMPLE_PATTERNS = + +# If the EXAMPLE_RECURSIVE tag is set to YES then subdirectories will be +# searched for input files to be used with the \include or \dontinclude +# commands irrespective of the value of the RECURSIVE tag. +# Possible values are YES and NO. If left blank NO is used. + +EXAMPLE_RECURSIVE = NO + +# The IMAGE_PATH tag can be used to specify one or more files or +# directories that contain image that are included in the documentation (see +# the \image command). + +IMAGE_PATH = + +# The INPUT_FILTER tag can be used to specify a program that doxygen should +# invoke to filter for each input file. Doxygen will invoke the filter program +# by executing (via popen()) the command , where +# is the value of the INPUT_FILTER tag, and is the name of an +# input file. Doxygen will then use the output that the filter program writes +# to standard output. If FILTER_PATTERNS is specified, this tag will be +# ignored. + +INPUT_FILTER = + +# The FILTER_PATTERNS tag can be used to specify filters on a per file pattern +# basis. Doxygen will compare the file name with each pattern and apply the +# filter if there is a match. The filters are a list of the form: +# pattern=filter (like *.cpp=my_cpp_filter). See INPUT_FILTER for further +# info on how filters are used. If FILTER_PATTERNS is empty, INPUT_FILTER +# is applied to all files. + +FILTER_PATTERNS = + +# If the FILTER_SOURCE_FILES tag is set to YES, the input filter (if set using +# INPUT_FILTER) will be used to filter the input files when producing source +# files to browse (i.e. when SOURCE_BROWSER is set to YES). + +FILTER_SOURCE_FILES = YES + +#--------------------------------------------------------------------------- +# configuration options related to source browsing +#--------------------------------------------------------------------------- + +# If the SOURCE_BROWSER tag is set to YES then a list of source files will +# be generated. Documented entities will be cross-referenced with these sources. +# Note: To get rid of all source code in the generated output, make sure also +# VERBATIM_HEADERS is set to NO. + +SOURCE_BROWSER = YES + +# Setting the INLINE_SOURCES tag to YES will include the body +# of functions and classes directly in the documentation. + +INLINE_SOURCES = NO + +# Setting the STRIP_CODE_COMMENTS tag to YES (the default) will instruct +# doxygen to hide any special comment blocks from generated source code +# fragments. Normal C and C++ comments will always remain visible. + +STRIP_CODE_COMMENTS = YES + +# If the REFERENCED_BY_RELATION tag is set to YES +# then for each documented function all documented +# functions referencing it will be listed. + +REFERENCED_BY_RELATION = NO + +# If the REFERENCES_RELATION tag is set to YES +# then for each documented function all documented entities +# called/used by that function will be listed. + +REFERENCES_RELATION = NO + +# If the REFERENCES_LINK_SOURCE tag is set to YES (the default) +# and SOURCE_BROWSER tag is set to YES, then the hyperlinks from +# functions in REFERENCES_RELATION and REFERENCED_BY_RELATION lists will +# link to the source code. Otherwise they will link to the documentstion. + +REFERENCES_LINK_SOURCE = YES + +# If the USE_HTAGS tag is set to YES then the references to source code +# will point to the HTML generated by the htags(1) tool instead of doxygen +# built-in source browser. The htags tool is part of GNU's global source +# tagging system (see https://www.gnu.org/software/global/global.html). You +# will need version 4.8.6 or higher. + +USE_HTAGS = NO + +# If the VERBATIM_HEADERS tag is set to YES (the default) then Doxygen +# will generate a verbatim copy of the header file for each class for +# which an include is specified. Set to NO to disable this. + +VERBATIM_HEADERS = YES + +#--------------------------------------------------------------------------- +# configuration options related to the alphabetical class index +#--------------------------------------------------------------------------- + +# If the ALPHABETICAL_INDEX tag is set to YES, an alphabetical index +# of all compounds will be generated. Enable this if the project +# contains a lot of classes, structs, unions or interfaces. + +ALPHABETICAL_INDEX = NO + +# If the alphabetical index is enabled (see ALPHABETICAL_INDEX) then +# the COLS_IN_ALPHA_INDEX tag can be used to specify the number of columns +# in which this list will be split (can be a number in the range [1..20]) + +COLS_IN_ALPHA_INDEX = 5 + +# In case all classes in a project start with a common prefix, all +# classes will be put under the same header in the alphabetical index. +# The IGNORE_PREFIX tag can be used to specify one or more prefixes that +# should be ignored while generating the index headers. + +IGNORE_PREFIX = + +#--------------------------------------------------------------------------- +# configuration options related to the HTML output +#--------------------------------------------------------------------------- + +# If the GENERATE_HTML tag is set to YES (the default) Doxygen will +# generate HTML output. + +GENERATE_HTML = YES + +# The HTML_OUTPUT tag is used to specify where the HTML docs will be put. +# If a relative path is entered the value of OUTPUT_DIRECTORY will be +# put in front of it. If left blank `html' will be used as the default path. + +HTML_OUTPUT = html + +# The HTML_FILE_EXTENSION tag can be used to specify the file extension for +# each generated HTML page (for example: .htm,.php,.asp). If it is left blank +# doxygen will generate files with .html extension. + +HTML_FILE_EXTENSION = .html + +# The HTML_HEADER tag can be used to specify a personal HTML header for +# each generated HTML page. If it is left blank doxygen will generate a +# standard header. + +HTML_HEADER = + +# The HTML_FOOTER tag can be used to specify a personal HTML footer for +# each generated HTML page. If it is left blank doxygen will generate a +# standard footer. + +HTML_FOOTER = + +# The HTML_STYLESHEET tag can be used to specify a user-defined cascading +# style sheet that is used by each HTML page. It can be used to +# fine-tune the look of the HTML output. If the tag is left blank doxygen +# will generate a default style sheet. Note that doxygen will try to copy +# the style sheet file to the HTML output directory, so don't put your own +# stylesheet in the HTML output directory as well, or it will be erased! + +HTML_STYLESHEET = + +# If the HTML_ALIGN_MEMBERS tag is set to YES, the members of classes, +# files or namespaces will be aligned in HTML using tables. If set to +# NO a bullet list will be used. + +HTML_ALIGN_MEMBERS = YES + +# If the GENERATE_HTMLHELP tag is set to YES, additional index files +# will be generated that can be used as input for tools like the +# Microsoft HTML help workshop to generate a compiled HTML help file (.chm) +# of the generated HTML documentation. + +GENERATE_HTMLHELP = NO + +# If the GENERATE_DOCSET tag is set to YES, additional index files +# will be generated that can be used as input for Apple's Xcode 3 +# integrated development environment, introduced with OSX 10.5 (Leopard). +# To create a documentation set, doxygen will generate a Makefile in the +# HTML output directory. Running make will produce the docset in that +# directory and running "make install" will install the docset in +# ~/Library/Developer/Shared/Documentation/DocSets so that Xcode will find +# it at startup. + +GENERATE_DOCSET = NO + +# When GENERATE_DOCSET tag is set to YES, this tag determines the name of the +# feed. A documentation feed provides an umbrella under which multiple +# documentation sets from a single provider (such as a company or product suite) +# can be grouped. + +DOCSET_FEEDNAME = "Doxygen generated docs" + +# When GENERATE_DOCSET tag is set to YES, this tag specifies a string that +# should uniquely identify the documentation set bundle. This should be a +# reverse domain-name style string, e.g. com.mycompany.MyDocSet. Doxygen +# will append .docset to the name. + +DOCSET_BUNDLE_ID = org.doxygen.Project + +# If the HTML_DYNAMIC_SECTIONS tag is set to YES then the generated HTML +# documentation will contain sections that can be hidden and shown after the +# page has loaded. For this to work a browser that supports +# JavaScript and DHTML is required (for instance Mozilla 1.0+, Firefox +# Netscape 6.0+, Internet explorer 5.0+, Konqueror, or Safari). + +HTML_DYNAMIC_SECTIONS = NO + +# If the GENERATE_HTMLHELP tag is set to YES, the CHM_FILE tag can +# be used to specify the file name of the resulting .chm file. You +# can add a path in front of the file if the result should not be +# written to the html output directory. + +CHM_FILE = + +# If the GENERATE_HTMLHELP tag is set to YES, the HHC_LOCATION tag can +# be used to specify the location (absolute path including file name) of +# the HTML help compiler (hhc.exe). If non-empty doxygen will try to run +# the HTML help compiler on the generated index.hhp. + +HHC_LOCATION = + +# If the GENERATE_HTMLHELP tag is set to YES, the GENERATE_CHI flag +# controls if a separate .chi index file is generated (YES) or that +# it should be included in the master .chm file (NO). + +GENERATE_CHI = NO + +# If the GENERATE_HTMLHELP tag is set to YES, the CHM_INDEX_ENCODING +# is used to encode HtmlHelp index (hhk), content (hhc) and project file +# content. + +CHM_INDEX_ENCODING = + +# If the GENERATE_HTMLHELP tag is set to YES, the BINARY_TOC flag +# controls whether a binary table of contents is generated (YES) or a +# normal table of contents (NO) in the .chm file. + +BINARY_TOC = NO + +# The TOC_EXPAND flag can be set to YES to add extra items for group members +# to the contents of the HTML help documentation and to the tree view. + +TOC_EXPAND = NO + +# The DISABLE_INDEX tag can be used to turn on/off the condensed index at +# top of each HTML page. The value NO (the default) enables the index and +# the value YES disables it. + +DISABLE_INDEX = NO + +# This tag can be used to set the number of enum values (range [1..20]) +# that doxygen will group on one line in the generated HTML documentation. + +ENUM_VALUES_PER_LINE = 4 + +# The GENERATE_TREEVIEW tag is used to specify whether a tree-like index +# structure should be generated to display hierarchical information. +# If the tag value is set to FRAME, a side panel will be generated +# containing a tree-like index structure (just like the one that +# is generated for HTML Help). For this to work a browser that supports +# JavaScript, DHTML, CSS and frames is required (for instance Mozilla 1.0+, +# Netscape 6.0+, Internet explorer 5.0+, or Konqueror). Windows users are +# probably better off using the HTML help feature. Other possible values +# for this tag are: HIERARCHIES, which will generate the Groups, Directories, +# and Class Hiererachy pages using a tree view instead of an ordered list; +# ALL, which combines the behavior of FRAME and HIERARCHIES; and NONE, which +# disables this behavior completely. For backwards compatibility with previous +# releases of Doxygen, the values YES and NO are equivalent to FRAME and NONE +# respectively. + +GENERATE_TREEVIEW = NONE + +# If the treeview is enabled (see GENERATE_TREEVIEW) then this tag can be +# used to set the initial width (in pixels) of the frame in which the tree +# is shown. + +TREEVIEW_WIDTH = 250 + +# Use this tag to change the font size of Latex formulas included +# as images in the HTML documentation. The default is 10. Note that +# when you change the font size after a successful doxygen run you need +# to manually remove any form_*.png images from the HTML output directory +# to force them to be regenerated. + +FORMULA_FONTSIZE = 10 + +#--------------------------------------------------------------------------- +# configuration options related to the LaTeX output +#--------------------------------------------------------------------------- + +# If the GENERATE_LATEX tag is set to YES (the default) Doxygen will +# generate Latex output. + +GENERATE_LATEX = YES + +# The LATEX_OUTPUT tag is used to specify where the LaTeX docs will be put. +# If a relative path is entered the value of OUTPUT_DIRECTORY will be +# put in front of it. If left blank `latex' will be used as the default path. + +LATEX_OUTPUT = latex + +# The LATEX_CMD_NAME tag can be used to specify the LaTeX command name to be +# invoked. If left blank `latex' will be used as the default command name. + +LATEX_CMD_NAME = latex + +# The MAKEINDEX_CMD_NAME tag can be used to specify the command name to +# generate index for LaTeX. If left blank `makeindex' will be used as the +# default command name. + +MAKEINDEX_CMD_NAME = makeindex + +# If the COMPACT_LATEX tag is set to YES Doxygen generates more compact +# LaTeX documents. This may be useful for small projects and may help to +# save some trees in general. + +COMPACT_LATEX = NO + +# The PAPER_TYPE tag can be used to set the paper type that is used +# by the printer. Possible values are: a4, a4wide, letter, legal and +# executive. If left blank a4wide will be used. + +PAPER_TYPE = a4wide + +# The EXTRA_PACKAGES tag can be to specify one or more names of LaTeX +# packages that should be included in the LaTeX output. + +EXTRA_PACKAGES = + +# The LATEX_HEADER tag can be used to specify a personal LaTeX header for +# the generated latex document. The header should contain everything until +# the first chapter. If it is left blank doxygen will generate a +# standard header. Notice: only use this tag if you know what you are doing! + +LATEX_HEADER = + +# If the PDF_HYPERLINKS tag is set to YES, the LaTeX that is generated +# is prepared for conversion to pdf (using ps2pdf). The pdf file will +# contain links (just like the HTML output) instead of page references +# This makes the output suitable for online browsing using a pdf viewer. + +PDF_HYPERLINKS = YES + +# If the USE_PDFLATEX tag is set to YES, pdflatex will be used instead of +# plain latex in the generated Makefile. Set this option to YES to get a +# higher quality PDF documentation. + +USE_PDFLATEX = YES + +# If the LATEX_BATCHMODE tag is set to YES, doxygen will add the \\batchmode. +# command to the generated LaTeX files. This will instruct LaTeX to keep +# running if errors occur, instead of asking the user for help. +# This option is also used when generating formulas in HTML. + +LATEX_BATCHMODE = NO + +# If LATEX_HIDE_INDICES is set to YES then doxygen will not +# include the index chapters (such as File Index, Compound Index, etc.) +# in the output. + +LATEX_HIDE_INDICES = NO + +#--------------------------------------------------------------------------- +# configuration options related to the RTF output +#--------------------------------------------------------------------------- + +# If the GENERATE_RTF tag is set to YES Doxygen will generate RTF output +# The RTF output is optimized for Word 97 and may not look very pretty with +# other RTF readers or editors. + +GENERATE_RTF = NO + +# The RTF_OUTPUT tag is used to specify where the RTF docs will be put. +# If a relative path is entered the value of OUTPUT_DIRECTORY will be +# put in front of it. If left blank `rtf' will be used as the default path. + +RTF_OUTPUT = rtf + +# If the COMPACT_RTF tag is set to YES Doxygen generates more compact +# RTF documents. This may be useful for small projects and may help to +# save some trees in general. + +COMPACT_RTF = NO + +# If the RTF_HYPERLINKS tag is set to YES, the RTF that is generated +# will contain hyperlink fields. The RTF file will +# contain links (just like the HTML output) instead of page references. +# This makes the output suitable for online browsing using WORD or other +# programs which support those fields. +# Note: wordpad (write) and others do not support links. + +RTF_HYPERLINKS = NO + +# Load stylesheet definitions from file. Syntax is similar to doxygen's +# config file, i.e. a series of assignments. You only have to provide +# replacements, missing definitions are set to their default value. + +RTF_STYLESHEET_FILE = + +# Set optional variables used in the generation of an rtf document. +# Syntax is similar to doxygen's config file. + +RTF_EXTENSIONS_FILE = + +#--------------------------------------------------------------------------- +# configuration options related to the man page output +#--------------------------------------------------------------------------- + +# If the GENERATE_MAN tag is set to YES (the default) Doxygen will +# generate man pages + +GENERATE_MAN = NO + +# The MAN_OUTPUT tag is used to specify where the man pages will be put. +# If a relative path is entered the value of OUTPUT_DIRECTORY will be +# put in front of it. If left blank `man' will be used as the default path. + +MAN_OUTPUT = man + +# The MAN_EXTENSION tag determines the extension that is added to +# the generated man pages (default is the subroutine's section .3) + +MAN_EXTENSION = .3 + +# If the MAN_LINKS tag is set to YES and Doxygen generates man output, +# then it will generate one additional man file for each entity +# documented in the real man page(s). These additional files +# only source the real man page, but without them the man command +# would be unable to find the correct page. The default is NO. + +MAN_LINKS = NO + +#--------------------------------------------------------------------------- +# configuration options related to the XML output +#--------------------------------------------------------------------------- + +# If the GENERATE_XML tag is set to YES Doxygen will +# generate an XML file that captures the structure of +# the code including all documentation. + +GENERATE_XML = NO + +# The XML_OUTPUT tag is used to specify where the XML pages will be put. +# If a relative path is entered the value of OUTPUT_DIRECTORY will be +# put in front of it. If left blank `xml' will be used as the default path. + +XML_OUTPUT = xml + +# The XML_SCHEMA tag can be used to specify an XML schema, +# which can be used by a validating XML parser to check the +# syntax of the XML files. + +XML_SCHEMA = + +# The XML_DTD tag can be used to specify an XML DTD, +# which can be used by a validating XML parser to check the +# syntax of the XML files. + +XML_DTD = + +# If the XML_PROGRAMLISTING tag is set to YES Doxygen will +# dump the program listings (including syntax highlighting +# and cross-referencing information) to the XML output. Note that +# enabling this will significantly increase the size of the XML output. + +XML_PROGRAMLISTING = YES + +#--------------------------------------------------------------------------- +# configuration options for the AutoGen Definitions output +#--------------------------------------------------------------------------- + +# If the GENERATE_AUTOGEN_DEF tag is set to YES Doxygen will +# generate an AutoGen Definitions (see autogen.sf.net) file +# that captures the structure of the code including all +# documentation. Note that this feature is still experimental +# and incomplete at the moment. + +GENERATE_AUTOGEN_DEF = NO + +#--------------------------------------------------------------------------- +# configuration options related to the Perl module output +#--------------------------------------------------------------------------- + +# If the GENERATE_PERLMOD tag is set to YES Doxygen will +# generate a Perl module file that captures the structure of +# the code including all documentation. Note that this +# feature is still experimental and incomplete at the +# moment. + +GENERATE_PERLMOD = NO + +# If the PERLMOD_LATEX tag is set to YES Doxygen will generate +# the necessary Makefile rules, Perl scripts and LaTeX code to be able +# to generate PDF and DVI output from the Perl module output. + +PERLMOD_LATEX = NO + +# If the PERLMOD_PRETTY tag is set to YES the Perl module output will be +# nicely formatted so it can be parsed by a human reader. This is useful +# if you want to understand what is going on. On the other hand, if this +# tag is set to NO the size of the Perl module output will be much smaller +# and Perl will parse it just the same. + +PERLMOD_PRETTY = YES + +# The names of the make variables in the generated doxyrules.make file +# are prefixed with the string contained in PERLMOD_MAKEVAR_PREFIX. +# This is useful so different doxyrules.make files included by the same +# Makefile don't overwrite each other's variables. + +PERLMOD_MAKEVAR_PREFIX = + +#--------------------------------------------------------------------------- +# Configuration options related to the preprocessor +#--------------------------------------------------------------------------- + +# If the ENABLE_PREPROCESSING tag is set to YES (the default) Doxygen will +# evaluate all C-preprocessor directives found in the sources and include +# files. + +ENABLE_PREPROCESSING = YES + +# If the MACRO_EXPANSION tag is set to YES Doxygen will expand all macro +# names in the source code. If set to NO (the default) only conditional +# compilation will be performed. Macro expansion can be done in a controlled +# way by setting EXPAND_ONLY_PREDEF to YES. + +MACRO_EXPANSION = NO + +# If the EXPAND_ONLY_PREDEF and MACRO_EXPANSION tags are both set to YES +# then the macro expansion is limited to the macros specified with the +# PREDEFINED and EXPAND_AS_DEFINED tags. + +EXPAND_ONLY_PREDEF = NO + +# If the SEARCH_INCLUDES tag is set to YES (the default) the includes files +# in the INCLUDE_PATH (see below) will be search if a #include is found. + +SEARCH_INCLUDES = YES + +# The INCLUDE_PATH tag can be used to specify one or more directories that +# contain include files that are not input files but should be processed by +# the preprocessor. + +INCLUDE_PATH = + +# You can use the INCLUDE_FILE_PATTERNS tag to specify one or more wildcard +# patterns (like *.h and *.hpp) to filter out the header-files in the +# directories. If left blank, the patterns specified with FILE_PATTERNS will +# be used. + +INCLUDE_FILE_PATTERNS = + +# The PREDEFINED tag can be used to specify one or more macro names that +# are defined before the preprocessor is started (similar to the -D option of +# gcc). The argument of the tag is a list of macros of the form: name +# or name=definition (no spaces). If the definition and the = are +# omitted =1 is assumed. To prevent a macro definition from being +# undefined via #undef or recursively expanded use the := operator +# instead of the = operator. + +PREDEFINED = + +# If the MACRO_EXPANSION and EXPAND_ONLY_PREDEF tags are set to YES then +# this tag can be used to specify a list of macro names that should be expanded. +# The macro definition that is found in the sources will be used. +# Use the PREDEFINED tag if you want to use a different macro definition. + +EXPAND_AS_DEFINED = + +# If the SKIP_FUNCTION_MACROS tag is set to YES (the default) then +# doxygen's preprocessor will remove all function-like macros that are alone +# on a line, have an all uppercase name, and do not end with a semicolon. Such +# function macros are typically used for boiler-plate code, and will confuse +# the parser if not removed. + +SKIP_FUNCTION_MACROS = YES + +#--------------------------------------------------------------------------- +# Configuration::additions related to external references +#--------------------------------------------------------------------------- + +# The TAGFILES option can be used to specify one or more tagfiles. +# Optionally an initial location of the external documentation +# can be added for each tagfile. The format of a tag file without +# this location is as follows: +# TAGFILES = file1 file2 ... +# Adding location for the tag files is done as follows: +# TAGFILES = file1=loc1 "file2 = loc2" ... +# where "loc1" and "loc2" can be relative or absolute paths or +# URLs. If a location is present for each tag, the installdox tool +# does not have to be run to correct the links. +# Note that each tag file must have a unique name +# (where the name does NOT include the path) +# If a tag file is not located in the directory in which doxygen +# is run, you must also specify the path to the tagfile here. + +TAGFILES = + +# When a file name is specified after GENERATE_TAGFILE, doxygen will create +# a tag file that is based on the input files it reads. + +GENERATE_TAGFILE = + +# If the ALLEXTERNALS tag is set to YES all external classes will be listed +# in the class index. If set to NO only the inherited external classes +# will be listed. + +ALLEXTERNALS = NO + +# If the EXTERNAL_GROUPS tag is set to YES all external groups will be listed +# in the modules index. If set to NO, only the current project's groups will +# be listed. + +EXTERNAL_GROUPS = YES + +# The PERL_PATH should be the absolute path and name of the perl script +# interpreter (i.e. the result of `which perl'). + +PERL_PATH = /usr/bin/perl + +#--------------------------------------------------------------------------- +# Configuration options related to the dot tool +#--------------------------------------------------------------------------- + +# If the CLASS_DIAGRAMS tag is set to YES (the default) Doxygen will +# generate a inheritance diagram (in HTML, RTF and LaTeX) for classes with base +# or super classes. Setting the tag to NO turns the diagrams off. Note that +# this option is superseded by the HAVE_DOT option below. This is only a +# fallback. It is recommended to install and use dot, since it yields more +# powerful graphs. + +CLASS_DIAGRAMS = YES + +# You can define message sequence charts within doxygen comments using the \msc +# command. Doxygen will then run the mscgen tool (see +# https://www.mcternan.me.uk/mscgen/) to produce the chart and insert it in the +# documentation. The MSCGEN_PATH tag allows you to specify the directory where +# the mscgen tool resides. If left empty the tool is assumed to be found in the +# default search path. + +MSCGEN_PATH = + +# If set to YES, the inheritance and collaboration graphs will hide +# inheritance and usage relations if the target is undocumented +# or is not a class. + +HIDE_UNDOC_RELATIONS = YES + +# If you set the HAVE_DOT tag to YES then doxygen will assume the dot tool is +# available from the path. This tool is part of Graphviz, a graph visualization +# toolkit from AT&T and Lucent Bell Labs. The other options in this section +# have no effect if this option is set to NO (the default) + +HAVE_DOT = NO + +# By default doxygen will write a font called FreeSans.ttf to the output +# directory and reference it in all dot files that doxygen generates. This +# font does not include all possible unicode characters however, so when you need +# these (or just want a differently looking font) you can specify the font name +# using DOT_FONTNAME. You need need to make sure dot is able to find the font, +# which can be done by putting it in a standard location or by setting the +# DOTFONTPATH environment variable or by setting DOT_FONTPATH to the directory +# containing the font. + +DOT_FONTNAME = FreeSans + +# By default doxygen will tell dot to use the output directory to look for the +# FreeSans.ttf font (which doxygen will put there itself). If you specify a +# different font using DOT_FONTNAME you can set the path where dot +# can find it using this tag. + +DOT_FONTPATH = + +# If the CLASS_GRAPH and HAVE_DOT tags are set to YES then doxygen +# will generate a graph for each documented class showing the direct and +# indirect inheritance relations. Setting this tag to YES will force the +# the CLASS_DIAGRAMS tag to NO. + +CLASS_GRAPH = YES + +# If the COLLABORATION_GRAPH and HAVE_DOT tags are set to YES then doxygen +# will generate a graph for each documented class showing the direct and +# indirect implementation dependencies (inheritance, containment, and +# class references variables) of the class with other documented classes. + +COLLABORATION_GRAPH = YES + +# If the GROUP_GRAPHS and HAVE_DOT tags are set to YES then doxygen +# will generate a graph for groups, showing the direct groups dependencies + +GROUP_GRAPHS = YES + +# If the UML_LOOK tag is set to YES doxygen will generate inheritance and +# collaboration diagrams in a style similar to the OMG's Unified Modeling +# Language. + +UML_LOOK = NO + +# If set to YES, the inheritance and collaboration graphs will show the +# relations between templates and their instances. + +TEMPLATE_RELATIONS = NO + +# If the ENABLE_PREPROCESSING, SEARCH_INCLUDES, INCLUDE_GRAPH, and HAVE_DOT +# tags are set to YES then doxygen will generate a graph for each documented +# file showing the direct and indirect include dependencies of the file with +# other documented files. + +INCLUDE_GRAPH = YES + +# If the ENABLE_PREPROCESSING, SEARCH_INCLUDES, INCLUDED_BY_GRAPH, and +# HAVE_DOT tags are set to YES then doxygen will generate a graph for each +# documented header file showing the documented files that directly or +# indirectly include this file. + +INCLUDED_BY_GRAPH = YES + +# If the CALL_GRAPH and HAVE_DOT options are set to YES then +# doxygen will generate a call dependency graph for every global function +# or class method. Note that enabling this option will significantly increase +# the time of a run. So in most cases it will be better to enable call graphs +# for selected functions only using the \callgraph command. + +CALL_GRAPH = NO + +# If the CALLER_GRAPH and HAVE_DOT tags are set to YES then +# doxygen will generate a caller dependency graph for every global function +# or class method. Note that enabling this option will significantly increase +# the time of a run. So in most cases it will be better to enable caller +# graphs for selected functions only using the \callergraph command. + +CALLER_GRAPH = NO + +# If the GRAPHICAL_HIERARCHY and HAVE_DOT tags are set to YES then doxygen +# will graphical hierarchy of all classes instead of a textual one. + +GRAPHICAL_HIERARCHY = YES + +# If the DIRECTORY_GRAPH, SHOW_DIRECTORIES and HAVE_DOT tags are set to YES +# then doxygen will show the dependencies a directory has on other directories +# in a graphical way. The dependency relations are determined by the #include +# relations between the files in the directories. + +DIRECTORY_GRAPH = YES + +# The DOT_IMAGE_FORMAT tag can be used to set the image format of the images +# generated by dot. Possible values are png, jpg, or gif +# If left blank png will be used. + +DOT_IMAGE_FORMAT = png + +# The tag DOT_PATH can be used to specify the path where the dot tool can be +# found. If left blank, it is assumed the dot tool can be found in the path. + +DOT_PATH = + +# The DOTFILE_DIRS tag can be used to specify one or more directories that +# contain dot files that are included in the documentation (see the +# \dotfile command). + +DOTFILE_DIRS = + +# The DOT_GRAPH_MAX_NODES tag can be used to set the maximum number of +# nodes that will be shown in the graph. If the number of nodes in a graph +# becomes larger than this value, doxygen will truncate the graph, which is +# visualized by representing a node as a red box. Note that doxygen if the +# number of direct children of the root node in a graph is already larger than +# DOT_GRAPH_MAX_NODES then the graph will not be shown at all. Also note +# that the size of a graph can be further restricted by MAX_DOT_GRAPH_DEPTH. + +DOT_GRAPH_MAX_NODES = 50 + +# The MAX_DOT_GRAPH_DEPTH tag can be used to set the maximum depth of the +# graphs generated by dot. A depth value of 3 means that only nodes reachable +# from the root by following a path via at most 3 edges will be shown. Nodes +# that lay further from the root node will be omitted. Note that setting this +# option to 1 or 2 may greatly reduce the computation time needed for large +# code bases. Also note that the size of a graph can be further restricted by +# DOT_GRAPH_MAX_NODES. Using a depth of 0 means no depth restriction. + +MAX_DOT_GRAPH_DEPTH = 0 + +# Set the DOT_TRANSPARENT tag to YES to generate images with a transparent +# background. This is enabled by default, which results in a transparent +# background. Warning: Depending on the platform used, enabling this option +# may lead to badly anti-aliased labels on the edges of a graph (i.e. they +# become hard to read). + +DOT_TRANSPARENT = YES + +# Set the DOT_MULTI_TARGETS tag to YES allow dot to generate multiple output +# files in one run (i.e. multiple -o and -T options on the command line). This +# makes dot run faster, but since only newer versions of dot (>1.8.10) +# support this, this feature is disabled by default. + +DOT_MULTI_TARGETS = NO + +# If the GENERATE_LEGEND tag is set to YES (the default) Doxygen will +# generate a legend page explaining the meaning of the various boxes and +# arrows in the dot generated graphs. + +GENERATE_LEGEND = YES + +# If the DOT_CLEANUP tag is set to YES (the default) Doxygen will +# remove the intermediate dot files that are used to generate +# the various graphs. + +DOT_CLEANUP = YES + +#--------------------------------------------------------------------------- +# Configuration::additions related to the search engine +#--------------------------------------------------------------------------- + +# The SEARCHENGINE tag specifies whether or not a search engine should be +# used. If set to NO the values of all tags below this one will be ignored. + +SEARCHENGINE = NO diff --git a/doc/doxygen/Doxyfile.orig b/doc/doxygen/Doxyfile.orig new file mode 100644 index 0000000..91ac9af --- /dev/null +++ b/doc/doxygen/Doxyfile.orig @@ -0,0 +1,1417 @@ +# Doxyfile 1.5.6 + +# This file describes the settings to be used by the documentation system +# doxygen (www.doxygen.org) for a project +# +# All text after a hash (#) is considered a comment and will be ignored +# The format is: +# TAG = value [value, ...] +# For lists items can also be appended using: +# TAG += value [value, ...] +# Values that contain spaces should be placed between quotes (" ") + +#--------------------------------------------------------------------------- +# Project related configuration options +#--------------------------------------------------------------------------- + +# This tag specifies the encoding used for all characters in the config file +# that follow. The default is UTF-8 which is also the encoding used for all +# text before the first occurrence of this tag. Doxygen uses libiconv (or the +# iconv built into libc) for the transcoding. See +# https://www.gnu.org/software/libiconv for the list of possible encodings. + +DOXYFILE_ENCODING = UTF-8 + +# The PROJECT_NAME tag is a single word (or a sequence of words surrounded +# by quotes) that should identify the project. + +PROJECT_NAME = + +# The PROJECT_NUMBER tag can be used to enter a project or revision number. +# This could be handy for archiving the generated documentation or +# if some version control system is used. + +PROJECT_NUMBER = + +# The OUTPUT_DIRECTORY tag is used to specify the (relative or absolute) +# base path where the generated documentation will be put. +# If a relative path is entered, it will be relative to the location +# where doxygen was started. If left blank the current directory will be used. + +OUTPUT_DIRECTORY = + +# If the CREATE_SUBDIRS tag is set to YES, then doxygen will create +# 4096 sub-directories (in 2 levels) under the output directory of each output +# format and will distribute the generated files over these directories. +# Enabling this option can be useful when feeding doxygen a huge amount of +# source files, where putting all generated files in the same directory would +# otherwise cause performance problems for the file system. + +CREATE_SUBDIRS = NO + +# The OUTPUT_LANGUAGE tag is used to specify the language in which all +# documentation generated by doxygen is written. Doxygen will use this +# information to generate all constant output in the proper language. +# The default language is English, other supported languages are: +# Afrikaans, Arabic, Brazilian, Catalan, Chinese, Chinese-Traditional, +# Croatian, Czech, Danish, Dutch, Farsi, Finnish, French, German, Greek, +# Hungarian, Italian, Japanese, Japanese-en (Japanese with English messages), +# Korean, Korean-en, Lithuanian, Norwegian, Macedonian, Persian, Polish, +# Portuguese, Romanian, Russian, Serbian, Slovak, Slovene, Spanish, Swedish, +# and Ukrainian. + +OUTPUT_LANGUAGE = English + +# If the BRIEF_MEMBER_DESC tag is set to YES (the default) Doxygen will +# include brief member descriptions after the members that are listed in +# the file and class documentation (similar to JavaDoc). +# Set to NO to disable this. + +BRIEF_MEMBER_DESC = YES + +# If the REPEAT_BRIEF tag is set to YES (the default) Doxygen will prepend +# the brief description of a member or function before the detailed description. +# Note: if both HIDE_UNDOC_MEMBERS and BRIEF_MEMBER_DESC are set to NO, the +# brief descriptions will be completely suppressed. + +REPEAT_BRIEF = YES + +# This tag implements a quasi-intelligent brief description abbreviator +# that is used to form the text in various listings. Each string +# in this list, if found as the leading text of the brief description, will be +# stripped from the text and the result after processing the whole list, is +# used as the annotated text. Otherwise, the brief description is used as-is. +# If left blank, the following values are used ("$name" is automatically +# replaced with the name of the entity): "The $name class" "The $name widget" +# "The $name file" "is" "provides" "specifies" "contains" +# "represents" "a" "an" "the" + +ABBREVIATE_BRIEF = + +# If the ALWAYS_DETAILED_SEC and REPEAT_BRIEF tags are both set to YES then +# Doxygen will generate a detailed section even if there is only a brief +# description. + +ALWAYS_DETAILED_SEC = NO + +# If the INLINE_INHERITED_MEMB tag is set to YES, doxygen will show all +# inherited members of a class in the documentation of that class as if those +# members were ordinary class members. Constructors, destructors and assignment +# operators of the base classes will not be shown. + +INLINE_INHERITED_MEMB = NO + +# If the FULL_PATH_NAMES tag is set to YES then Doxygen will prepend the full +# path before files name in the file list and in the header files. If set +# to NO the shortest path that makes the file name unique will be used. + +FULL_PATH_NAMES = YES + +# If the FULL_PATH_NAMES tag is set to YES then the STRIP_FROM_PATH tag +# can be used to strip a user-defined part of the path. Stripping is +# only done if one of the specified strings matches the left-hand part of +# the path. The tag can be used to show relative paths in the file list. +# If left blank the directory from which doxygen is run is used as the +# path to strip. + +STRIP_FROM_PATH = + +# The STRIP_FROM_INC_PATH tag can be used to strip a user-defined part of +# the path mentioned in the documentation of a class, which tells +# the reader which header file to include in order to use a class. +# If left blank only the name of the header file containing the class +# definition is used. Otherwise one should specify the include paths that +# are normally passed to the compiler using the -I flag. + +STRIP_FROM_INC_PATH = + +# If the SHORT_NAMES tag is set to YES, doxygen will generate much shorter +# (but less readable) file names. This can be useful is your file systems +# doesn't support long names like on DOS, Mac, or CD-ROM. + +SHORT_NAMES = NO + +# If the JAVADOC_AUTOBRIEF tag is set to YES then Doxygen +# will interpret the first line (until the first dot) of a JavaDoc-style +# comment as the brief description. If set to NO, the JavaDoc +# comments will behave just like regular Qt-style comments +# (thus requiring an explicit @brief command for a brief description.) + +JAVADOC_AUTOBRIEF = NO + +# If the QT_AUTOBRIEF tag is set to YES then Doxygen will +# interpret the first line (until the first dot) of a Qt-style +# comment as the brief description. If set to NO, the comments +# will behave just like regular Qt-style comments (thus requiring +# an explicit \brief command for a brief description.) + +QT_AUTOBRIEF = NO + +# The MULTILINE_CPP_IS_BRIEF tag can be set to YES to make Doxygen +# treat a multi-line C++ special comment block (i.e. a block of //! or /// +# comments) as a brief description. This used to be the default behaviour. +# The new default is to treat a multi-line C++ comment block as a detailed +# description. Set this tag to YES if you prefer the old behaviour instead. + +MULTILINE_CPP_IS_BRIEF = NO + +# If the DETAILS_AT_TOP tag is set to YES then Doxygen +# will output the detailed description near the top, like JavaDoc. +# If set to NO, the detailed description appears after the member +# documentation. + +DETAILS_AT_TOP = NO + +# If the INHERIT_DOCS tag is set to YES (the default) then an undocumented +# member inherits the documentation from any documented member that it +# re-implements. + +INHERIT_DOCS = YES + +# If the SEPARATE_MEMBER_PAGES tag is set to YES, then doxygen will produce +# a new page for each member. If set to NO, the documentation of a member will +# be part of the file/class/namespace that contains it. + +SEPARATE_MEMBER_PAGES = NO + +# The TAB_SIZE tag can be used to set the number of spaces in a tab. +# Doxygen uses this value to replace tabs by spaces in code fragments. + +TAB_SIZE = 8 + +# This tag can be used to specify a number of aliases that acts +# as commands in the documentation. An alias has the form "name=value". +# For example adding "sideeffect=\par Side Effects:\n" will allow you to +# put the command \sideeffect (or @sideeffect) in the documentation, which +# will result in a user-defined paragraph with heading "Side Effects:". +# You can put \n's in the value part of an alias to insert newlines. + +ALIASES = + +# Set the OPTIMIZE_OUTPUT_FOR_C tag to YES if your project consists of C +# sources only. Doxygen will then generate output that is more tailored for C. +# For instance, some of the names that are used will be different. The list +# of all members will be omitted, etc. + +OPTIMIZE_OUTPUT_FOR_C = NO + +# Set the OPTIMIZE_OUTPUT_JAVA tag to YES if your project consists of Java +# sources only. Doxygen will then generate output that is more tailored for +# Java. For instance, namespaces will be presented as packages, qualified +# scopes will look different, etc. + +OPTIMIZE_OUTPUT_JAVA = NO + +# Set the OPTIMIZE_FOR_FORTRAN tag to YES if your project consists of Fortran +# sources only. Doxygen will then generate output that is more tailored for +# Fortran. + +OPTIMIZE_FOR_FORTRAN = NO + +# Set the OPTIMIZE_OUTPUT_VHDL tag to YES if your project consists of VHDL +# sources. Doxygen will then generate output that is tailored for +# VHDL. + +OPTIMIZE_OUTPUT_VHDL = NO + +# If you use STL classes (i.e. std::string, std::vector, etc.) but do not want +# to include (a tag file for) the STL sources as input, then you should +# set this tag to YES in order to let doxygen match functions declarations and +# definitions whose arguments contain STL classes (e.g. func(std::string); v.s. +# func(std::string) {}). This also make the inheritance and collaboration +# diagrams that involve STL classes more complete and accurate. + +BUILTIN_STL_SUPPORT = NO + +# If you use Microsoft's C++/CLI language, you should set this option to YES to +# enable parsing support. + +CPP_CLI_SUPPORT = NO + +# Set the SIP_SUPPORT tag to YES if your project consists of sip sources only. +# Doxygen will parse them like normal C++ but will assume all classes use public +# instead of private inheritance when no explicit protection keyword is present. + +SIP_SUPPORT = NO + +# For Microsoft's IDL there are propget and propput attributes to indicate getter +# and setter methods for a property. Setting this option to YES (the default) +# will make doxygen to replace the get and set methods by a property in the +# documentation. This will only work if the methods are indeed getting or +# setting a simple type. If this is not the case, or you want to show the +# methods anyway, you should set this option to NO. + +IDL_PROPERTY_SUPPORT = YES + +# If member grouping is used in the documentation and the DISTRIBUTE_GROUP_DOC +# tag is set to YES, then doxygen will reuse the documentation of the first +# member in the group (if any) for the other members of the group. By default +# all members of a group must be documented explicitly. + +DISTRIBUTE_GROUP_DOC = NO + +# Set the SUBGROUPING tag to YES (the default) to allow class member groups of +# the same type (for instance a group of public functions) to be put as a +# subgroup of that type (e.g. under the Public Functions section). Set it to +# NO to prevent subgrouping. Alternatively, this can be done per class using +# the \nosubgrouping command. + +SUBGROUPING = YES + +# When TYPEDEF_HIDES_STRUCT is enabled, a typedef of a struct, union, or enum +# is documented as struct, union, or enum with the name of the typedef. So +# typedef struct TypeS {} TypeT, will appear in the documentation as a struct +# with name TypeT. When disabled the typedef will appear as a member of a file, +# namespace, or class. And the struct will be named TypeS. This can typically +# be useful for C code in case the coding convention dictates that all compound +# types are typedef'ed and only the typedef is referenced, never the tag name. + +TYPEDEF_HIDES_STRUCT = NO + +#--------------------------------------------------------------------------- +# Build related configuration options +#--------------------------------------------------------------------------- + +# If the EXTRACT_ALL tag is set to YES doxygen will assume all entities in +# documentation are documented, even if no documentation was available. +# Private class members and static file members will be hidden unless +# the EXTRACT_PRIVATE and EXTRACT_STATIC tags are set to YES + +EXTRACT_ALL = NO + +# If the EXTRACT_PRIVATE tag is set to YES all private members of a class +# will be included in the documentation. + +EXTRACT_PRIVATE = NO + +# If the EXTRACT_STATIC tag is set to YES all static members of a file +# will be included in the documentation. + +EXTRACT_STATIC = NO + +# If the EXTRACT_LOCAL_CLASSES tag is set to YES classes (and structs) +# defined locally in source files will be included in the documentation. +# If set to NO only classes defined in header files are included. + +EXTRACT_LOCAL_CLASSES = YES + +# This flag is only useful for Objective-C code. When set to YES local +# methods, which are defined in the implementation section but not in +# the interface are included in the documentation. +# If set to NO (the default) only methods in the interface are included. + +EXTRACT_LOCAL_METHODS = NO + +# If this flag is set to YES, the members of anonymous namespaces will be +# extracted and appear in the documentation as a namespace called +# 'anonymous_namespace{file}', where file will be replaced with the base +# name of the file that contains the anonymous namespace. By default +# anonymous namespace are hidden. + +EXTRACT_ANON_NSPACES = NO + +# If the HIDE_UNDOC_MEMBERS tag is set to YES, Doxygen will hide all +# undocumented members of documented classes, files or namespaces. +# If set to NO (the default) these members will be included in the +# various overviews, but no documentation section is generated. +# This option has no effect if EXTRACT_ALL is enabled. + +HIDE_UNDOC_MEMBERS = NO + +# If the HIDE_UNDOC_CLASSES tag is set to YES, Doxygen will hide all +# undocumented classes that are normally visible in the class hierarchy. +# If set to NO (the default) these classes will be included in the various +# overviews. This option has no effect if EXTRACT_ALL is enabled. + +HIDE_UNDOC_CLASSES = NO + +# If the HIDE_FRIEND_COMPOUNDS tag is set to YES, Doxygen will hide all +# friend (class|struct|union) declarations. +# If set to NO (the default) these declarations will be included in the +# documentation. + +HIDE_FRIEND_COMPOUNDS = NO + +# If the HIDE_IN_BODY_DOCS tag is set to YES, Doxygen will hide any +# documentation blocks found inside the body of a function. +# If set to NO (the default) these blocks will be appended to the +# function's detailed documentation block. + +HIDE_IN_BODY_DOCS = NO + +# The INTERNAL_DOCS tag determines if documentation +# that is typed after a \internal command is included. If the tag is set +# to NO (the default) then the documentation will be excluded. +# Set it to YES to include the internal documentation. + +INTERNAL_DOCS = NO + +# If the CASE_SENSE_NAMES tag is set to NO then Doxygen will only generate +# file names in lower-case letters. If set to YES upper-case letters are also +# allowed. This is useful if you have classes or files whose names only differ +# in case and if your file system supports case sensitive file names. Windows +# and Mac users are advised to set this option to NO. + +CASE_SENSE_NAMES = YES + +# If the HIDE_SCOPE_NAMES tag is set to NO (the default) then Doxygen +# will show members with their full class and namespace scopes in the +# documentation. If set to YES the scope will be hidden. + +HIDE_SCOPE_NAMES = NO + +# If the SHOW_INCLUDE_FILES tag is set to YES (the default) then Doxygen +# will put a list of the files that are included by a file in the documentation +# of that file. + +SHOW_INCLUDE_FILES = YES + +# If the INLINE_INFO tag is set to YES (the default) then a tag [inline] +# is inserted in the documentation for inline members. + +INLINE_INFO = YES + +# If the SORT_MEMBER_DOCS tag is set to YES (the default) then doxygen +# will sort the (detailed) documentation of file and class members +# alphabetically by member name. If set to NO the members will appear in +# declaration order. + +SORT_MEMBER_DOCS = YES + +# If the SORT_BRIEF_DOCS tag is set to YES then doxygen will sort the +# brief documentation of file, namespace and class members alphabetically +# by member name. If set to NO (the default) the members will appear in +# declaration order. + +SORT_BRIEF_DOCS = NO + +# If the SORT_GROUP_NAMES tag is set to YES then doxygen will sort the +# hierarchy of group names into alphabetical order. If set to NO (the default) +# the group names will appear in their defined order. + +SORT_GROUP_NAMES = NO + +# If the SORT_BY_SCOPE_NAME tag is set to YES, the class list will be +# sorted by fully-qualified names, including namespaces. If set to +# NO (the default), the class list will be sorted only by class name, +# not including the namespace part. +# Note: This option is not very useful if HIDE_SCOPE_NAMES is set to YES. +# Note: This option applies only to the class list, not to the +# alphabetical list. + +SORT_BY_SCOPE_NAME = NO + +# The GENERATE_TODOLIST tag can be used to enable (YES) or +# disable (NO) the todo list. This list is created by putting \todo +# commands in the documentation. + +GENERATE_TODOLIST = YES + +# The GENERATE_TESTLIST tag can be used to enable (YES) or +# disable (NO) the test list. This list is created by putting \test +# commands in the documentation. + +GENERATE_TESTLIST = YES + +# The GENERATE_BUGLIST tag can be used to enable (YES) or +# disable (NO) the bug list. This list is created by putting \bug +# commands in the documentation. + +GENERATE_BUGLIST = YES + +# The GENERATE_DEPRECATEDLIST tag can be used to enable (YES) or +# disable (NO) the deprecated list. This list is created by putting +# \deprecated commands in the documentation. + +GENERATE_DEPRECATEDLIST= YES + +# The ENABLED_SECTIONS tag can be used to enable conditional +# documentation sections, marked by \if sectionname ... \endif. + +ENABLED_SECTIONS = + +# The MAX_INITIALIZER_LINES tag determines the maximum number of lines +# the initial value of a variable or define consists of for it to appear in +# the documentation. If the initializer consists of more lines than specified +# here it will be hidden. Use a value of 0 to hide initializers completely. +# The appearance of the initializer of individual variables and defines in the +# documentation can be controlled using \showinitializer or \hideinitializer +# command in the documentation regardless of this setting. + +MAX_INITIALIZER_LINES = 30 + +# Set the SHOW_USED_FILES tag to NO to disable the list of files generated +# at the bottom of the documentation of classes and structs. If set to YES the +# list will mention the files that were used to generate the documentation. + +SHOW_USED_FILES = YES + +# If the sources in your project are distributed over multiple directories +# then setting the SHOW_DIRECTORIES tag to YES will show the directory hierarchy +# in the documentation. The default is NO. + +SHOW_DIRECTORIES = NO + +# Set the SHOW_FILES tag to NO to disable the generation of the Files page. +# This will remove the Files entry from the Quick Index and from the +# Folder Tree View (if specified). The default is YES. + +SHOW_FILES = YES + +# Set the SHOW_NAMESPACES tag to NO to disable the generation of the +# Namespaces page. This will remove the Namespaces entry from the Quick Index +# and from the Folder Tree View (if specified). The default is YES. + +SHOW_NAMESPACES = YES + +# The FILE_VERSION_FILTER tag can be used to specify a program or script that +# doxygen should invoke to get the current version for each file (typically from +# the version control system). Doxygen will invoke the program by executing (via +# popen()) the command , where is the value of +# the FILE_VERSION_FILTER tag, and is the name of an input file +# provided by doxygen. Whatever the program writes to standard output +# is used as the file version. See the manual for examples. + +FILE_VERSION_FILTER = + +#--------------------------------------------------------------------------- +# configuration options related to warning and progress messages +#--------------------------------------------------------------------------- + +# The QUIET tag can be used to turn on/off the messages that are generated +# by doxygen. Possible values are YES and NO. If left blank NO is used. + +QUIET = NO + +# The WARNINGS tag can be used to turn on/off the warning messages that are +# generated by doxygen. Possible values are YES and NO. If left blank +# NO is used. + +WARNINGS = YES + +# If WARN_IF_UNDOCUMENTED is set to YES, then doxygen will generate warnings +# for undocumented members. If EXTRACT_ALL is set to YES then this flag will +# automatically be disabled. + +WARN_IF_UNDOCUMENTED = YES + +# If WARN_IF_DOC_ERROR is set to YES, doxygen will generate warnings for +# potential errors in the documentation, such as not documenting some +# parameters in a documented function, or documenting parameters that +# don't exist or using markup commands wrongly. + +WARN_IF_DOC_ERROR = YES + +# This WARN_NO_PARAMDOC option can be abled to get warnings for +# functions that are documented, but have no documentation for their parameters +# or return value. If set to NO (the default) doxygen will only warn about +# wrong or incomplete parameter documentation, but not about the absence of +# documentation. + +WARN_NO_PARAMDOC = NO + +# The WARN_FORMAT tag determines the format of the warning messages that +# doxygen can produce. The string should contain the $file, $line, and $text +# tags, which will be replaced by the file and line number from which the +# warning originated and the warning text. Optionally the format may contain +# $version, which will be replaced by the version of the file (if it could +# be obtained via FILE_VERSION_FILTER) + +WARN_FORMAT = "$file:$line: $text" + +# The WARN_LOGFILE tag can be used to specify a file to which warning +# and error messages should be written. If left blank the output is written +# to stderr. + +WARN_LOGFILE = + +#--------------------------------------------------------------------------- +# configuration options related to the input files +#--------------------------------------------------------------------------- + +# The INPUT tag can be used to specify the files and/or directories that contain +# documented source files. You may enter file names like "myfile.cpp" or +# directories like "/usr/src/myproject". Separate the files or directories +# with spaces. + +INPUT = + +# This tag can be used to specify the character encoding of the source files +# that doxygen parses. Internally doxygen uses the UTF-8 encoding, which is +# also the default input encoding. Doxygen uses libiconv (or the iconv built +# into libc) for the transcoding. See https://www.gnu.org/software/libiconv for +# the list of possible encodings. + +INPUT_ENCODING = UTF-8 + +# If the value of the INPUT tag contains directories, you can use the +# FILE_PATTERNS tag to specify one or more wildcard pattern (like *.cpp +# and *.h) to filter out the source-files in the directories. If left +# blank the following patterns are tested: +# *.c *.cc *.cxx *.cpp *.c++ *.java *.ii *.ixx *.ipp *.i++ *.inl *.h *.hh *.hxx +# *.hpp *.h++ *.idl *.odl *.cs *.php *.php3 *.inc *.m *.mm *.py *.f90 + +FILE_PATTERNS = + +# The RECURSIVE tag can be used to turn specify whether or not subdirectories +# should be searched for input files as well. Possible values are YES and NO. +# If left blank NO is used. + +RECURSIVE = NO + +# The EXCLUDE tag can be used to specify files and/or directories that should +# excluded from the INPUT source files. This way you can easily exclude a +# subdirectory from a directory tree whose root is specified with the INPUT tag. + +EXCLUDE = + +# The EXCLUDE_SYMLINKS tag can be used select whether or not files or +# directories that are symbolic links (a Unix filesystem feature) are excluded +# from the input. + +EXCLUDE_SYMLINKS = NO + +# If the value of the INPUT tag contains directories, you can use the +# EXCLUDE_PATTERNS tag to specify one or more wildcard patterns to exclude +# certain files from those directories. Note that the wildcards are matched +# against the file with absolute path, so to exclude all test directories +# for example use the pattern */test/* + +EXCLUDE_PATTERNS = + +# The EXCLUDE_SYMBOLS tag can be used to specify one or more symbol names +# (namespaces, classes, functions, etc.) that should be excluded from the +# output. The symbol name can be a fully qualified name, a word, or if the +# wildcard * is used, a substring. Examples: ANamespace, AClass, +# AClass::ANamespace, ANamespace::*Test + +EXCLUDE_SYMBOLS = + +# The EXAMPLE_PATH tag can be used to specify one or more files or +# directories that contain example code fragments that are included (see +# the \include command). + +EXAMPLE_PATH = + +# If the value of the EXAMPLE_PATH tag contains directories, you can use the +# EXAMPLE_PATTERNS tag to specify one or more wildcard pattern (like *.cpp +# and *.h) to filter out the source-files in the directories. If left +# blank all files are included. + +EXAMPLE_PATTERNS = + +# If the EXAMPLE_RECURSIVE tag is set to YES then subdirectories will be +# searched for input files to be used with the \include or \dontinclude +# commands irrespective of the value of the RECURSIVE tag. +# Possible values are YES and NO. If left blank NO is used. + +EXAMPLE_RECURSIVE = NO + +# The IMAGE_PATH tag can be used to specify one or more files or +# directories that contain image that are included in the documentation (see +# the \image command). + +IMAGE_PATH = + +# The INPUT_FILTER tag can be used to specify a program that doxygen should +# invoke to filter for each input file. Doxygen will invoke the filter program +# by executing (via popen()) the command , where +# is the value of the INPUT_FILTER tag, and is the name of an +# input file. Doxygen will then use the output that the filter program writes +# to standard output. If FILTER_PATTERNS is specified, this tag will be +# ignored. + +INPUT_FILTER = + +# The FILTER_PATTERNS tag can be used to specify filters on a per file pattern +# basis. Doxygen will compare the file name with each pattern and apply the +# filter if there is a match. The filters are a list of the form: +# pattern=filter (like *.cpp=my_cpp_filter). See INPUT_FILTER for further +# info on how filters are used. If FILTER_PATTERNS is empty, INPUT_FILTER +# is applied to all files. + +FILTER_PATTERNS = + +# If the FILTER_SOURCE_FILES tag is set to YES, the input filter (if set using +# INPUT_FILTER) will be used to filter the input files when producing source +# files to browse (i.e. when SOURCE_BROWSER is set to YES). + +FILTER_SOURCE_FILES = NO + +#--------------------------------------------------------------------------- +# configuration options related to source browsing +#--------------------------------------------------------------------------- + +# If the SOURCE_BROWSER tag is set to YES then a list of source files will +# be generated. Documented entities will be cross-referenced with these sources. +# Note: To get rid of all source code in the generated output, make sure also +# VERBATIM_HEADERS is set to NO. + +SOURCE_BROWSER = NO + +# Setting the INLINE_SOURCES tag to YES will include the body +# of functions and classes directly in the documentation. + +INLINE_SOURCES = NO + +# Setting the STRIP_CODE_COMMENTS tag to YES (the default) will instruct +# doxygen to hide any special comment blocks from generated source code +# fragments. Normal C and C++ comments will always remain visible. + +STRIP_CODE_COMMENTS = YES + +# If the REFERENCED_BY_RELATION tag is set to YES +# then for each documented function all documented +# functions referencing it will be listed. + +REFERENCED_BY_RELATION = NO + +# If the REFERENCES_RELATION tag is set to YES +# then for each documented function all documented entities +# called/used by that function will be listed. + +REFERENCES_RELATION = NO + +# If the REFERENCES_LINK_SOURCE tag is set to YES (the default) +# and SOURCE_BROWSER tag is set to YES, then the hyperlinks from +# functions in REFERENCES_RELATION and REFERENCED_BY_RELATION lists will +# link to the source code. Otherwise they will link to the documentstion. + +REFERENCES_LINK_SOURCE = YES + +# If the USE_HTAGS tag is set to YES then the references to source code +# will point to the HTML generated by the htags(1) tool instead of doxygen +# built-in source browser. The htags tool is part of GNU's global source +# tagging system (see https://www.gnu.org/software/global/global.html). You +# will need version 4.8.6 or higher. + +USE_HTAGS = NO + +# If the VERBATIM_HEADERS tag is set to YES (the default) then Doxygen +# will generate a verbatim copy of the header file for each class for +# which an include is specified. Set to NO to disable this. + +VERBATIM_HEADERS = YES + +#--------------------------------------------------------------------------- +# configuration options related to the alphabetical class index +#--------------------------------------------------------------------------- + +# If the ALPHABETICAL_INDEX tag is set to YES, an alphabetical index +# of all compounds will be generated. Enable this if the project +# contains a lot of classes, structs, unions or interfaces. + +ALPHABETICAL_INDEX = NO + +# If the alphabetical index is enabled (see ALPHABETICAL_INDEX) then +# the COLS_IN_ALPHA_INDEX tag can be used to specify the number of columns +# in which this list will be split (can be a number in the range [1..20]) + +COLS_IN_ALPHA_INDEX = 5 + +# In case all classes in a project start with a common prefix, all +# classes will be put under the same header in the alphabetical index. +# The IGNORE_PREFIX tag can be used to specify one or more prefixes that +# should be ignored while generating the index headers. + +IGNORE_PREFIX = + +#--------------------------------------------------------------------------- +# configuration options related to the HTML output +#--------------------------------------------------------------------------- + +# If the GENERATE_HTML tag is set to YES (the default) Doxygen will +# generate HTML output. + +GENERATE_HTML = YES + +# The HTML_OUTPUT tag is used to specify where the HTML docs will be put. +# If a relative path is entered the value of OUTPUT_DIRECTORY will be +# put in front of it. If left blank `html' will be used as the default path. + +HTML_OUTPUT = html + +# The HTML_FILE_EXTENSION tag can be used to specify the file extension for +# each generated HTML page (for example: .htm,.php,.asp). If it is left blank +# doxygen will generate files with .html extension. + +HTML_FILE_EXTENSION = .html + +# The HTML_HEADER tag can be used to specify a personal HTML header for +# each generated HTML page. If it is left blank doxygen will generate a +# standard header. + +HTML_HEADER = + +# The HTML_FOOTER tag can be used to specify a personal HTML footer for +# each generated HTML page. If it is left blank doxygen will generate a +# standard footer. + +HTML_FOOTER = + +# The HTML_STYLESHEET tag can be used to specify a user-defined cascading +# style sheet that is used by each HTML page. It can be used to +# fine-tune the look of the HTML output. If the tag is left blank doxygen +# will generate a default style sheet. Note that doxygen will try to copy +# the style sheet file to the HTML output directory, so don't put your own +# stylesheet in the HTML output directory as well, or it will be erased! + +HTML_STYLESHEET = + +# If the HTML_ALIGN_MEMBERS tag is set to YES, the members of classes, +# files or namespaces will be aligned in HTML using tables. If set to +# NO a bullet list will be used. + +HTML_ALIGN_MEMBERS = YES + +# If the GENERATE_HTMLHELP tag is set to YES, additional index files +# will be generated that can be used as input for tools like the +# Microsoft HTML help workshop to generate a compiled HTML help file (.chm) +# of the generated HTML documentation. + +GENERATE_HTMLHELP = NO + +# If the GENERATE_DOCSET tag is set to YES, additional index files +# will be generated that can be used as input for Apple's Xcode 3 +# integrated development environment, introduced with OSX 10.5 (Leopard). +# To create a documentation set, doxygen will generate a Makefile in the +# HTML output directory. Running make will produce the docset in that +# directory and running "make install" will install the docset in +# ~/Library/Developer/Shared/Documentation/DocSets so that Xcode will find +# it at startup. + +GENERATE_DOCSET = NO + +# When GENERATE_DOCSET tag is set to YES, this tag determines the name of the +# feed. A documentation feed provides an umbrella under which multiple +# documentation sets from a single provider (such as a company or product suite) +# can be grouped. + +DOCSET_FEEDNAME = "Doxygen generated docs" + +# When GENERATE_DOCSET tag is set to YES, this tag specifies a string that +# should uniquely identify the documentation set bundle. This should be a +# reverse domain-name style string, e.g. com.mycompany.MyDocSet. Doxygen +# will append .docset to the name. + +DOCSET_BUNDLE_ID = org.doxygen.Project + +# If the HTML_DYNAMIC_SECTIONS tag is set to YES then the generated HTML +# documentation will contain sections that can be hidden and shown after the +# page has loaded. For this to work a browser that supports +# JavaScript and DHTML is required (for instance Mozilla 1.0+, Firefox +# Netscape 6.0+, Internet explorer 5.0+, Konqueror, or Safari). + +HTML_DYNAMIC_SECTIONS = NO + +# If the GENERATE_HTMLHELP tag is set to YES, the CHM_FILE tag can +# be used to specify the file name of the resulting .chm file. You +# can add a path in front of the file if the result should not be +# written to the html output directory. + +CHM_FILE = + +# If the GENERATE_HTMLHELP tag is set to YES, the HHC_LOCATION tag can +# be used to specify the location (absolute path including file name) of +# the HTML help compiler (hhc.exe). If non-empty doxygen will try to run +# the HTML help compiler on the generated index.hhp. + +HHC_LOCATION = + +# If the GENERATE_HTMLHELP tag is set to YES, the GENERATE_CHI flag +# controls if a separate .chi index file is generated (YES) or that +# it should be included in the master .chm file (NO). + +GENERATE_CHI = NO + +# If the GENERATE_HTMLHELP tag is set to YES, the CHM_INDEX_ENCODING +# is used to encode HtmlHelp index (hhk), content (hhc) and project file +# content. + +CHM_INDEX_ENCODING = + +# If the GENERATE_HTMLHELP tag is set to YES, the BINARY_TOC flag +# controls whether a binary table of contents is generated (YES) or a +# normal table of contents (NO) in the .chm file. + +BINARY_TOC = NO + +# The TOC_EXPAND flag can be set to YES to add extra items for group members +# to the contents of the HTML help documentation and to the tree view. + +TOC_EXPAND = NO + +# The DISABLE_INDEX tag can be used to turn on/off the condensed index at +# top of each HTML page. The value NO (the default) enables the index and +# the value YES disables it. + +DISABLE_INDEX = NO + +# This tag can be used to set the number of enum values (range [1..20]) +# that doxygen will group on one line in the generated HTML documentation. + +ENUM_VALUES_PER_LINE = 4 + +# The GENERATE_TREEVIEW tag is used to specify whether a tree-like index +# structure should be generated to display hierarchical information. +# If the tag value is set to FRAME, a side panel will be generated +# containing a tree-like index structure (just like the one that +# is generated for HTML Help). For this to work a browser that supports +# JavaScript, DHTML, CSS and frames is required (for instance Mozilla 1.0+, +# Netscape 6.0+, Internet explorer 5.0+, or Konqueror). Windows users are +# probably better off using the HTML help feature. Other possible values +# for this tag are: HIERARCHIES, which will generate the Groups, Directories, +# and Class Hiererachy pages using a tree view instead of an ordered list; +# ALL, which combines the behavior of FRAME and HIERARCHIES; and NONE, which +# disables this behavior completely. For backwards compatibility with previous +# releases of Doxygen, the values YES and NO are equivalent to FRAME and NONE +# respectively. + +GENERATE_TREEVIEW = NONE + +# If the treeview is enabled (see GENERATE_TREEVIEW) then this tag can be +# used to set the initial width (in pixels) of the frame in which the tree +# is shown. + +TREEVIEW_WIDTH = 250 + +# Use this tag to change the font size of Latex formulas included +# as images in the HTML documentation. The default is 10. Note that +# when you change the font size after a successful doxygen run you need +# to manually remove any form_*.png images from the HTML output directory +# to force them to be regenerated. + +FORMULA_FONTSIZE = 10 + +#--------------------------------------------------------------------------- +# configuration options related to the LaTeX output +#--------------------------------------------------------------------------- + +# If the GENERATE_LATEX tag is set to YES (the default) Doxygen will +# generate Latex output. + +GENERATE_LATEX = YES + +# The LATEX_OUTPUT tag is used to specify where the LaTeX docs will be put. +# If a relative path is entered the value of OUTPUT_DIRECTORY will be +# put in front of it. If left blank `latex' will be used as the default path. + +LATEX_OUTPUT = latex + +# The LATEX_CMD_NAME tag can be used to specify the LaTeX command name to be +# invoked. If left blank `latex' will be used as the default command name. + +LATEX_CMD_NAME = latex + +# The MAKEINDEX_CMD_NAME tag can be used to specify the command name to +# generate index for LaTeX. If left blank `makeindex' will be used as the +# default command name. + +MAKEINDEX_CMD_NAME = makeindex + +# If the COMPACT_LATEX tag is set to YES Doxygen generates more compact +# LaTeX documents. This may be useful for small projects and may help to +# save some trees in general. + +COMPACT_LATEX = NO + +# The PAPER_TYPE tag can be used to set the paper type that is used +# by the printer. Possible values are: a4, a4wide, letter, legal and +# executive. If left blank a4wide will be used. + +PAPER_TYPE = a4wide + +# The EXTRA_PACKAGES tag can be to specify one or more names of LaTeX +# packages that should be included in the LaTeX output. + +EXTRA_PACKAGES = + +# The LATEX_HEADER tag can be used to specify a personal LaTeX header for +# the generated latex document. The header should contain everything until +# the first chapter. If it is left blank doxygen will generate a +# standard header. Notice: only use this tag if you know what you are doing! + +LATEX_HEADER = + +# If the PDF_HYPERLINKS tag is set to YES, the LaTeX that is generated +# is prepared for conversion to pdf (using ps2pdf). The pdf file will +# contain links (just like the HTML output) instead of page references +# This makes the output suitable for online browsing using a pdf viewer. + +PDF_HYPERLINKS = YES + +# If the USE_PDFLATEX tag is set to YES, pdflatex will be used instead of +# plain latex in the generated Makefile. Set this option to YES to get a +# higher quality PDF documentation. + +USE_PDFLATEX = YES + +# If the LATEX_BATCHMODE tag is set to YES, doxygen will add the \\batchmode. +# command to the generated LaTeX files. This will instruct LaTeX to keep +# running if errors occur, instead of asking the user for help. +# This option is also used when generating formulas in HTML. + +LATEX_BATCHMODE = NO + +# If LATEX_HIDE_INDICES is set to YES then doxygen will not +# include the index chapters (such as File Index, Compound Index, etc.) +# in the output. + +LATEX_HIDE_INDICES = NO + +#--------------------------------------------------------------------------- +# configuration options related to the RTF output +#--------------------------------------------------------------------------- + +# If the GENERATE_RTF tag is set to YES Doxygen will generate RTF output +# The RTF output is optimized for Word 97 and may not look very pretty with +# other RTF readers or editors. + +GENERATE_RTF = NO + +# The RTF_OUTPUT tag is used to specify where the RTF docs will be put. +# If a relative path is entered the value of OUTPUT_DIRECTORY will be +# put in front of it. If left blank `rtf' will be used as the default path. + +RTF_OUTPUT = rtf + +# If the COMPACT_RTF tag is set to YES Doxygen generates more compact +# RTF documents. This may be useful for small projects and may help to +# save some trees in general. + +COMPACT_RTF = NO + +# If the RTF_HYPERLINKS tag is set to YES, the RTF that is generated +# will contain hyperlink fields. The RTF file will +# contain links (just like the HTML output) instead of page references. +# This makes the output suitable for online browsing using WORD or other +# programs which support those fields. +# Note: wordpad (write) and others do not support links. + +RTF_HYPERLINKS = NO + +# Load stylesheet definitions from file. Syntax is similar to doxygen's +# config file, i.e. a series of assignments. You only have to provide +# replacements, missing definitions are set to their default value. + +RTF_STYLESHEET_FILE = + +# Set optional variables used in the generation of an rtf document. +# Syntax is similar to doxygen's config file. + +RTF_EXTENSIONS_FILE = + +#--------------------------------------------------------------------------- +# configuration options related to the man page output +#--------------------------------------------------------------------------- + +# If the GENERATE_MAN tag is set to YES (the default) Doxygen will +# generate man pages + +GENERATE_MAN = NO + +# The MAN_OUTPUT tag is used to specify where the man pages will be put. +# If a relative path is entered the value of OUTPUT_DIRECTORY will be +# put in front of it. If left blank `man' will be used as the default path. + +MAN_OUTPUT = man + +# The MAN_EXTENSION tag determines the extension that is added to +# the generated man pages (default is the subroutine's section .3) + +MAN_EXTENSION = .3 + +# If the MAN_LINKS tag is set to YES and Doxygen generates man output, +# then it will generate one additional man file for each entity +# documented in the real man page(s). These additional files +# only source the real man page, but without them the man command +# would be unable to find the correct page. The default is NO. + +MAN_LINKS = NO + +#--------------------------------------------------------------------------- +# configuration options related to the XML output +#--------------------------------------------------------------------------- + +# If the GENERATE_XML tag is set to YES Doxygen will +# generate an XML file that captures the structure of +# the code including all documentation. + +GENERATE_XML = NO + +# The XML_OUTPUT tag is used to specify where the XML pages will be put. +# If a relative path is entered the value of OUTPUT_DIRECTORY will be +# put in front of it. If left blank `xml' will be used as the default path. + +XML_OUTPUT = xml + +# The XML_SCHEMA tag can be used to specify an XML schema, +# which can be used by a validating XML parser to check the +# syntax of the XML files. + +XML_SCHEMA = + +# The XML_DTD tag can be used to specify an XML DTD, +# which can be used by a validating XML parser to check the +# syntax of the XML files. + +XML_DTD = + +# If the XML_PROGRAMLISTING tag is set to YES Doxygen will +# dump the program listings (including syntax highlighting +# and cross-referencing information) to the XML output. Note that +# enabling this will significantly increase the size of the XML output. + +XML_PROGRAMLISTING = YES + +#--------------------------------------------------------------------------- +# configuration options for the AutoGen Definitions output +#--------------------------------------------------------------------------- + +# If the GENERATE_AUTOGEN_DEF tag is set to YES Doxygen will +# generate an AutoGen Definitions (see autogen.sf.net) file +# that captures the structure of the code including all +# documentation. Note that this feature is still experimental +# and incomplete at the moment. + +GENERATE_AUTOGEN_DEF = NO + +#--------------------------------------------------------------------------- +# configuration options related to the Perl module output +#--------------------------------------------------------------------------- + +# If the GENERATE_PERLMOD tag is set to YES Doxygen will +# generate a Perl module file that captures the structure of +# the code including all documentation. Note that this +# feature is still experimental and incomplete at the +# moment. + +GENERATE_PERLMOD = NO + +# If the PERLMOD_LATEX tag is set to YES Doxygen will generate +# the necessary Makefile rules, Perl scripts and LaTeX code to be able +# to generate PDF and DVI output from the Perl module output. + +PERLMOD_LATEX = NO + +# If the PERLMOD_PRETTY tag is set to YES the Perl module output will be +# nicely formatted so it can be parsed by a human reader. This is useful +# if you want to understand what is going on. On the other hand, if this +# tag is set to NO the size of the Perl module output will be much smaller +# and Perl will parse it just the same. + +PERLMOD_PRETTY = YES + +# The names of the make variables in the generated doxyrules.make file +# are prefixed with the string contained in PERLMOD_MAKEVAR_PREFIX. +# This is useful so different doxyrules.make files included by the same +# Makefile don't overwrite each other's variables. + +PERLMOD_MAKEVAR_PREFIX = + +#--------------------------------------------------------------------------- +# Configuration options related to the preprocessor +#--------------------------------------------------------------------------- + +# If the ENABLE_PREPROCESSING tag is set to YES (the default) Doxygen will +# evaluate all C-preprocessor directives found in the sources and include +# files. + +ENABLE_PREPROCESSING = YES + +# If the MACRO_EXPANSION tag is set to YES Doxygen will expand all macro +# names in the source code. If set to NO (the default) only conditional +# compilation will be performed. Macro expansion can be done in a controlled +# way by setting EXPAND_ONLY_PREDEF to YES. + +MACRO_EXPANSION = NO + +# If the EXPAND_ONLY_PREDEF and MACRO_EXPANSION tags are both set to YES +# then the macro expansion is limited to the macros specified with the +# PREDEFINED and EXPAND_AS_DEFINED tags. + +EXPAND_ONLY_PREDEF = NO + +# If the SEARCH_INCLUDES tag is set to YES (the default) the includes files +# in the INCLUDE_PATH (see below) will be search if a #include is found. + +SEARCH_INCLUDES = YES + +# The INCLUDE_PATH tag can be used to specify one or more directories that +# contain include files that are not input files but should be processed by +# the preprocessor. + +INCLUDE_PATH = + +# You can use the INCLUDE_FILE_PATTERNS tag to specify one or more wildcard +# patterns (like *.h and *.hpp) to filter out the header-files in the +# directories. If left blank, the patterns specified with FILE_PATTERNS will +# be used. + +INCLUDE_FILE_PATTERNS = + +# The PREDEFINED tag can be used to specify one or more macro names that +# are defined before the preprocessor is started (similar to the -D option of +# gcc). The argument of the tag is a list of macros of the form: name +# or name=definition (no spaces). If the definition and the = are +# omitted =1 is assumed. To prevent a macro definition from being +# undefined via #undef or recursively expanded use the := operator +# instead of the = operator. + +PREDEFINED = + +# If the MACRO_EXPANSION and EXPAND_ONLY_PREDEF tags are set to YES then +# this tag can be used to specify a list of macro names that should be expanded. +# The macro definition that is found in the sources will be used. +# Use the PREDEFINED tag if you want to use a different macro definition. + +EXPAND_AS_DEFINED = + +# If the SKIP_FUNCTION_MACROS tag is set to YES (the default) then +# doxygen's preprocessor will remove all function-like macros that are alone +# on a line, have an all uppercase name, and do not end with a semicolon. Such +# function macros are typically used for boiler-plate code, and will confuse +# the parser if not removed. + +SKIP_FUNCTION_MACROS = YES + +#--------------------------------------------------------------------------- +# Configuration::additions related to external references +#--------------------------------------------------------------------------- + +# The TAGFILES option can be used to specify one or more tagfiles. +# Optionally an initial location of the external documentation +# can be added for each tagfile. The format of a tag file without +# this location is as follows: +# TAGFILES = file1 file2 ... +# Adding location for the tag files is done as follows: +# TAGFILES = file1=loc1 "file2 = loc2" ... +# where "loc1" and "loc2" can be relative or absolute paths or +# URLs. If a location is present for each tag, the installdox tool +# does not have to be run to correct the links. +# Note that each tag file must have a unique name +# (where the name does NOT include the path) +# If a tag file is not located in the directory in which doxygen +# is run, you must also specify the path to the tagfile here. + +TAGFILES = + +# When a file name is specified after GENERATE_TAGFILE, doxygen will create +# a tag file that is based on the input files it reads. + +GENERATE_TAGFILE = + +# If the ALLEXTERNALS tag is set to YES all external classes will be listed +# in the class index. If set to NO only the inherited external classes +# will be listed. + +ALLEXTERNALS = NO + +# If the EXTERNAL_GROUPS tag is set to YES all external groups will be listed +# in the modules index. If set to NO, only the current project's groups will +# be listed. + +EXTERNAL_GROUPS = YES + +# The PERL_PATH should be the absolute path and name of the perl script +# interpreter (i.e. the result of `which perl'). + +PERL_PATH = /usr/bin/perl + +#--------------------------------------------------------------------------- +# Configuration options related to the dot tool +#--------------------------------------------------------------------------- + +# If the CLASS_DIAGRAMS tag is set to YES (the default) Doxygen will +# generate a inheritance diagram (in HTML, RTF and LaTeX) for classes with base +# or super classes. Setting the tag to NO turns the diagrams off. Note that +# this option is superseded by the HAVE_DOT option below. This is only a +# fallback. It is recommended to install and use dot, since it yields more +# powerful graphs. + +CLASS_DIAGRAMS = YES + +# You can define message sequence charts within doxygen comments using the \msc +# command. Doxygen will then run the mscgen tool (see +# https://www.mcternan.me.uk/mscgen/) to produce the chart and insert it in the +# documentation. The MSCGEN_PATH tag allows you to specify the directory where +# the mscgen tool resides. If left empty the tool is assumed to be found in the +# default search path. + +MSCGEN_PATH = + +# If set to YES, the inheritance and collaboration graphs will hide +# inheritance and usage relations if the target is undocumented +# or is not a class. + +HIDE_UNDOC_RELATIONS = YES + +# If you set the HAVE_DOT tag to YES then doxygen will assume the dot tool is +# available from the path. This tool is part of Graphviz, a graph visualization +# toolkit from AT&T and Lucent Bell Labs. The other options in this section +# have no effect if this option is set to NO (the default) + +HAVE_DOT = NO + +# By default doxygen will write a font called FreeSans.ttf to the output +# directory and reference it in all dot files that doxygen generates. This +# font does not include all possible unicode characters however, so when you need +# these (or just want a differently looking font) you can specify the font name +# using DOT_FONTNAME. You need need to make sure dot is able to find the font, +# which can be done by putting it in a standard location or by setting the +# DOTFONTPATH environment variable or by setting DOT_FONTPATH to the directory +# containing the font. + +DOT_FONTNAME = FreeSans + +# By default doxygen will tell dot to use the output directory to look for the +# FreeSans.ttf font (which doxygen will put there itself). If you specify a +# different font using DOT_FONTNAME you can set the path where dot +# can find it using this tag. + +DOT_FONTPATH = + +# If the CLASS_GRAPH and HAVE_DOT tags are set to YES then doxygen +# will generate a graph for each documented class showing the direct and +# indirect inheritance relations. Setting this tag to YES will force the +# the CLASS_DIAGRAMS tag to NO. + +CLASS_GRAPH = YES + +# If the COLLABORATION_GRAPH and HAVE_DOT tags are set to YES then doxygen +# will generate a graph for each documented class showing the direct and +# indirect implementation dependencies (inheritance, containment, and +# class references variables) of the class with other documented classes. + +COLLABORATION_GRAPH = YES + +# If the GROUP_GRAPHS and HAVE_DOT tags are set to YES then doxygen +# will generate a graph for groups, showing the direct groups dependencies + +GROUP_GRAPHS = YES + +# If the UML_LOOK tag is set to YES doxygen will generate inheritance and +# collaboration diagrams in a style similar to the OMG's Unified Modeling +# Language. + +UML_LOOK = NO + +# If set to YES, the inheritance and collaboration graphs will show the +# relations between templates and their instances. + +TEMPLATE_RELATIONS = NO + +# If the ENABLE_PREPROCESSING, SEARCH_INCLUDES, INCLUDE_GRAPH, and HAVE_DOT +# tags are set to YES then doxygen will generate a graph for each documented +# file showing the direct and indirect include dependencies of the file with +# other documented files. + +INCLUDE_GRAPH = YES + +# If the ENABLE_PREPROCESSING, SEARCH_INCLUDES, INCLUDED_BY_GRAPH, and +# HAVE_DOT tags are set to YES then doxygen will generate a graph for each +# documented header file showing the documented files that directly or +# indirectly include this file. + +INCLUDED_BY_GRAPH = YES + +# If the CALL_GRAPH and HAVE_DOT options are set to YES then +# doxygen will generate a call dependency graph for every global function +# or class method. Note that enabling this option will significantly increase +# the time of a run. So in most cases it will be better to enable call graphs +# for selected functions only using the \callgraph command. + +CALL_GRAPH = NO + +# If the CALLER_GRAPH and HAVE_DOT tags are set to YES then +# doxygen will generate a caller dependency graph for every global function +# or class method. Note that enabling this option will significantly increase +# the time of a run. So in most cases it will be better to enable caller +# graphs for selected functions only using the \callergraph command. + +CALLER_GRAPH = NO + +# If the GRAPHICAL_HIERARCHY and HAVE_DOT tags are set to YES then doxygen +# will graphical hierarchy of all classes instead of a textual one. + +GRAPHICAL_HIERARCHY = YES + +# If the DIRECTORY_GRAPH, SHOW_DIRECTORIES and HAVE_DOT tags are set to YES +# then doxygen will show the dependencies a directory has on other directories +# in a graphical way. The dependency relations are determined by the #include +# relations between the files in the directories. + +DIRECTORY_GRAPH = YES + +# The DOT_IMAGE_FORMAT tag can be used to set the image format of the images +# generated by dot. Possible values are png, jpg, or gif +# If left blank png will be used. + +DOT_IMAGE_FORMAT = png + +# The tag DOT_PATH can be used to specify the path where the dot tool can be +# found. If left blank, it is assumed the dot tool can be found in the path. + +DOT_PATH = + +# The DOTFILE_DIRS tag can be used to specify one or more directories that +# contain dot files that are included in the documentation (see the +# \dotfile command). + +DOTFILE_DIRS = + +# The DOT_GRAPH_MAX_NODES tag can be used to set the maximum number of +# nodes that will be shown in the graph. If the number of nodes in a graph +# becomes larger than this value, doxygen will truncate the graph, which is +# visualized by representing a node as a red box. Note that doxygen if the +# number of direct children of the root node in a graph is already larger than +# DOT_GRAPH_MAX_NODES then the graph will not be shown at all. Also note +# that the size of a graph can be further restricted by MAX_DOT_GRAPH_DEPTH. + +DOT_GRAPH_MAX_NODES = 50 + +# The MAX_DOT_GRAPH_DEPTH tag can be used to set the maximum depth of the +# graphs generated by dot. A depth value of 3 means that only nodes reachable +# from the root by following a path via at most 3 edges will be shown. Nodes +# that lay further from the root node will be omitted. Note that setting this +# option to 1 or 2 may greatly reduce the computation time needed for large +# code bases. Also note that the size of a graph can be further restricted by +# DOT_GRAPH_MAX_NODES. Using a depth of 0 means no depth restriction. + +MAX_DOT_GRAPH_DEPTH = 0 + +# Set the DOT_TRANSPARENT tag to YES to generate images with a transparent +# background. This is enabled by default, which results in a transparent +# background. Warning: Depending on the platform used, enabling this option +# may lead to badly anti-aliased labels on the edges of a graph (i.e. they +# become hard to read). + +DOT_TRANSPARENT = YES + +# Set the DOT_MULTI_TARGETS tag to YES allow dot to generate multiple output +# files in one run (i.e. multiple -o and -T options on the command line). This +# makes dot run faster, but since only newer versions of dot (>1.8.10) +# support this, this feature is disabled by default. + +DOT_MULTI_TARGETS = NO + +# If the GENERATE_LEGEND tag is set to YES (the default) Doxygen will +# generate a legend page explaining the meaning of the various boxes and +# arrows in the dot generated graphs. + +GENERATE_LEGEND = YES + +# If the DOT_CLEANUP tag is set to YES (the default) Doxygen will +# remove the intermediate dot files that are used to generate +# the various graphs. + +DOT_CLEANUP = YES + +#--------------------------------------------------------------------------- +# Configuration::additions related to the search engine +#--------------------------------------------------------------------------- + +# The SEARCHENGINE tag specifies whether or not a search engine should be +# used. If set to NO the values of all tags below this one will be ignored. + +SEARCHENGINE = NO diff --git a/doc/dtls-api.texi b/doc/dtls-api.texi new file mode 100644 index 0000000..a915def --- /dev/null +++ b/doc/dtls-api.texi @@ -0,0 +1,196 @@ + +@subheading gnutls_dtls_cookie_send +@anchor{gnutls_dtls_cookie_send} +@deftypefun {int} {gnutls_dtls_cookie_send} (gnutls_datum_t * @var{key}, void * @var{client_data}, size_t @var{client_data_size}, gnutls_dtls_prestate_st * @var{prestate}, gnutls_transport_ptr_t @var{ptr}, gnutls_push_func @var{push_func}) +@var{key}: is a random key to be used at cookie generation + +@var{client_data}: contains data identifying the client (i.e. address) + +@var{client_data_size}: The size of client's data + +@var{prestate}: The previous cookie returned by @code{gnutls_dtls_cookie_verify()} + +@var{ptr}: A transport pointer to be used by @code{push_func} + +@var{push_func}: A function that will be used to reply + +This function can be used to prevent denial of service +attacks to a DTLS server by requiring the client to +reply using a cookie sent by this function. That way +it can be ensured that a client we allocated resources +for (i.e. @code{gnutls_session_t} ) is the one that the +original incoming packet was originated from. + +This function must be called at the first incoming packet, +prior to allocating any resources and must be succeeded +by @code{gnutls_dtls_cookie_verify()} . + +@strong{Returns:} the number of bytes sent, or a negative error code. + +@strong{Since:} 3.0 +@end deftypefun + +@subheading gnutls_dtls_cookie_verify +@anchor{gnutls_dtls_cookie_verify} +@deftypefun {int} {gnutls_dtls_cookie_verify} (gnutls_datum_t * @var{key}, void * @var{client_data}, size_t @var{client_data_size}, void * @var{_msg}, size_t @var{msg_size}, gnutls_dtls_prestate_st * @var{prestate}) +@var{key}: is a random key to be used at cookie generation + +@var{client_data}: contains data identifying the client (i.e. address) + +@var{client_data_size}: The size of client's data + +@var{_msg}: An incoming message that initiates a connection. + +@var{msg_size}: The size of the message. + +@var{prestate}: The cookie of this client. + +This function will verify the received message for +a valid cookie. If a valid cookie is returned then +it should be associated with the session using +@code{gnutls_dtls_prestate_set()} ; + +This function must be called after @code{gnutls_dtls_cookie_send()} . + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} (0) on success, or a negative error code. + +@strong{Since:} 3.0 +@end deftypefun + +@subheading gnutls_dtls_get_data_mtu +@anchor{gnutls_dtls_get_data_mtu} +@deftypefun {unsigned int} {gnutls_dtls_get_data_mtu} (gnutls_session_t @var{session}) +@var{session}: is a @code{gnutls_session_t} type. + +This function will return the actual maximum transfer unit for +application data. I.e. DTLS headers are subtracted from the +actual MTU which is set using @code{gnutls_dtls_set_mtu()} . + +@strong{Returns:} the maximum allowed transfer unit. + +@strong{Since:} 3.0 +@end deftypefun + +@subheading gnutls_dtls_get_mtu +@anchor{gnutls_dtls_get_mtu} +@deftypefun {unsigned int} {gnutls_dtls_get_mtu} (gnutls_session_t @var{session}) +@var{session}: is a @code{gnutls_session_t} type. + +This function will return the MTU size as set with +@code{gnutls_dtls_set_mtu()} . This is not the actual MTU +of data you can transmit. Use @code{gnutls_dtls_get_data_mtu()} +for that reason. + +@strong{Returns:} the set maximum transfer unit. + +@strong{Since:} 3.0 +@end deftypefun + +@subheading gnutls_dtls_get_timeout +@anchor{gnutls_dtls_get_timeout} +@deftypefun {unsigned int} {gnutls_dtls_get_timeout} (gnutls_session_t @var{session}) +@var{session}: is a @code{gnutls_session_t} type. + +This function will return the milliseconds remaining +for a retransmission of the previously sent handshake +message. This function is useful when DTLS is used in +non-blocking mode, to estimate when to call @code{gnutls_handshake()} +if no packets have been received. + +@strong{Returns:} the remaining time in milliseconds. + +@strong{Since:} 3.0 +@end deftypefun + +@subheading gnutls_dtls_prestate_set +@anchor{gnutls_dtls_prestate_set} +@deftypefun {void} {gnutls_dtls_prestate_set} (gnutls_session_t @var{session}, gnutls_dtls_prestate_st * @var{prestate}) +@var{session}: a new session + +@var{prestate}: contains the client's prestate + +This function will associate the prestate acquired by +the cookie authentication with the client, with the newly +established session. + +This functions must be called after a successful @code{gnutls_dtls_cookie_verify()} +and should be succeeded by the actual DTLS handshake using @code{gnutls_handshake()} . + +@strong{Since:} 3.0 +@end deftypefun + +@subheading gnutls_dtls_set_data_mtu +@anchor{gnutls_dtls_set_data_mtu} +@deftypefun {int} {gnutls_dtls_set_data_mtu} (gnutls_session_t @var{session}, unsigned int @var{mtu}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{mtu}: The maximum unencrypted transfer unit of the session + +This function will set the maximum size of the *unencrypted* records +which will be sent over a DTLS session. It is equivalent to calculating +the DTLS packet overhead with the current encryption parameters, and +calling @code{gnutls_dtls_set_mtu()} with that value. In particular, this means +that you may need to call this function again after any negotiation or +renegotiation, in order to ensure that the MTU is still sufficient to +account for the new protocol overhead. + +In most cases you only need to call @code{gnutls_dtls_set_mtu()} with +the maximum MTU of your transport layer. + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} (0) on success, or a negative error code. + +@strong{Since:} 3.1 +@end deftypefun + +@subheading gnutls_dtls_set_mtu +@anchor{gnutls_dtls_set_mtu} +@deftypefun {void} {gnutls_dtls_set_mtu} (gnutls_session_t @var{session}, unsigned int @var{mtu}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{mtu}: The maximum transfer unit of the transport + +This function will set the maximum transfer unit of the transport +that DTLS packets are sent over. Note that this should exclude +the IP (or IPv6) and UDP headers. So for DTLS over IPv6 on an +Ethernet device with MTU 1500, the DTLS MTU set with this function +would be 1500 - 40 (IPV6 header) - 8 (UDP header) = 1452. + +@strong{Since:} 3.0 +@end deftypefun + +@subheading gnutls_dtls_set_timeouts +@anchor{gnutls_dtls_set_timeouts} +@deftypefun {void} {gnutls_dtls_set_timeouts} (gnutls_session_t @var{session}, unsigned int @var{retrans_timeout}, unsigned int @var{total_timeout}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{retrans_timeout}: The time at which a retransmission will occur in milliseconds + +@var{total_timeout}: The time at which the connection will be aborted, in milliseconds. + +This function will set the timeouts required for the DTLS handshake +protocol. The retransmission timeout is the time after which a +message from the peer is not received, the previous messages will +be retransmitted. The total timeout is the time after which the +handshake will be aborted with @code{GNUTLS_E_TIMEDOUT} . + +The DTLS protocol recommends the values of 1 sec and 60 seconds +respectively, and these are the default values. + +To disable retransmissions set a @code{retrans_timeout} larger than the @code{total_timeout} . + +@strong{Since:} 3.0 +@end deftypefun + +@subheading gnutls_record_get_discarded +@anchor{gnutls_record_get_discarded} +@deftypefun {unsigned int} {gnutls_record_get_discarded} (gnutls_session_t @var{session}) +@var{session}: is a @code{gnutls_session_t} type. + +Returns the number of discarded packets in a +DTLS connection. + +@strong{Returns:} The number of discarded packets. + +@strong{Since:} 3.0 +@end deftypefun + diff --git a/doc/enums.texi b/doc/enums.texi new file mode 100644 index 0000000..5c766e4 --- /dev/null +++ b/doc/enums.texi @@ -0,0 +1,1614 @@ + + +@c gnutls_cipher_algorithm_t +@table @code +@item GNUTLS_@-CIPHER_@-UNKNOWN +Value to identify an unknown/unsupported algorithm. +@item GNUTLS_@-CIPHER_@-NULL +The NULL (identity) encryption algorithm. +@item GNUTLS_@-CIPHER_@-ARCFOUR_@-128 +ARCFOUR stream cipher with 128-bit keys. +@item GNUTLS_@-CIPHER_@-3DES_@-CBC +3DES in CBC mode. +@item GNUTLS_@-CIPHER_@-AES_@-128_@-CBC +AES in CBC mode with 128-bit keys. +@item GNUTLS_@-CIPHER_@-AES_@-256_@-CBC +AES in CBC mode with 256-bit keys. +@item GNUTLS_@-CIPHER_@-ARCFOUR_@-40 +ARCFOUR stream cipher with 40-bit keys. +@item GNUTLS_@-CIPHER_@-CAMELLIA_@-128_@-CBC +Camellia in CBC mode with 128-bit keys. +@item GNUTLS_@-CIPHER_@-CAMELLIA_@-256_@-CBC +Camellia in CBC mode with 256-bit keys. +@item GNUTLS_@-CIPHER_@-AES_@-192_@-CBC +AES in CBC mode with 192-bit keys. +@item GNUTLS_@-CIPHER_@-AES_@-128_@-GCM +AES in GCM mode with 128-bit keys. +@item GNUTLS_@-CIPHER_@-AES_@-256_@-GCM +AES in GCM mode with 256-bit keys. +@item GNUTLS_@-CIPHER_@-CAMELLIA_@-192_@-CBC +Camellia in CBC mode with 192-bit keys. +@item GNUTLS_@-CIPHER_@-SALSA20_@-256 +Salsa20 with 256-bit keys. +@item GNUTLS_@-CIPHER_@-ESTREAM_@-SALSA20_@-256 +Estream's Salsa20 variant with 256-bit keys. +@item GNUTLS_@-CIPHER_@-CAMELLIA_@-128_@-GCM +CAMELLIA in GCM mode with 128-bit keys. +@item GNUTLS_@-CIPHER_@-CAMELLIA_@-256_@-GCM +CAMELLIA in GCM mode with 256-bit keys. +@item GNUTLS_@-CIPHER_@-RC2_@-40_@-CBC +RC2 in CBC mode with 40-bit keys. +@item GNUTLS_@-CIPHER_@-DES_@-CBC +DES in CBC mode (56-bit keys). +@item GNUTLS_@-CIPHER_@-AES_@-128_@-CCM +AES in CCM mode with 128-bit keys. +@item GNUTLS_@-CIPHER_@-AES_@-256_@-CCM +AES in CCM mode with 256-bit keys. +@item GNUTLS_@-CIPHER_@-AES_@-128_@-CCM_@-8 +AES in CCM mode with 64-bit tag and 128-bit keys. +@item GNUTLS_@-CIPHER_@-AES_@-256_@-CCM_@-8 +AES in CCM mode with 64-bit tag and 256-bit keys. +@item GNUTLS_@-CIPHER_@-CHACHA20_@-POLY1305 +The Chacha20 cipher with the Poly1305 authenticator (AEAD). +@item GNUTLS_@-CIPHER_@-GOST28147_@-TC26Z_@-CFB +GOST 28147-89 (Magma) cipher in CFB mode with TC26 Z S-box. +@item GNUTLS_@-CIPHER_@-GOST28147_@-CPA_@-CFB +GOST 28147-89 (Magma) cipher in CFB mode with CryptoPro A S-box. +@item GNUTLS_@-CIPHER_@-GOST28147_@-CPB_@-CFB +GOST 28147-89 (Magma) cipher in CFB mode with CryptoPro B S-box. +@item GNUTLS_@-CIPHER_@-GOST28147_@-CPC_@-CFB +GOST 28147-89 (Magma) cipher in CFB mode with CryptoPro C S-box. +@item GNUTLS_@-CIPHER_@-GOST28147_@-CPD_@-CFB +GOST 28147-89 (Magma) cipher in CFB mode with CryptoPro D S-box. +@item GNUTLS_@-CIPHER_@-AES_@-128_@-CFB8 +AES in CFB8 mode with 128-bit keys. +@item GNUTLS_@-CIPHER_@-AES_@-192_@-CFB8 +AES in CFB8 mode with 192-bit keys. +@item GNUTLS_@-CIPHER_@-AES_@-256_@-CFB8 +AES in CFB8 mode with 256-bit keys. +@item GNUTLS_@-CIPHER_@-AES_@-128_@-XTS +AES in XTS mode with 128-bit key + 128bit tweak key. +@item GNUTLS_@-CIPHER_@-AES_@-256_@-XTS +AES in XTS mode with 256-bit key + 256bit tweak key. +Note that the XTS ciphers are message oriented. +The whole message needs to be provided with a single call, because +cipher-stealing requires to know where the message actually terminates +in order to be able to compute where the stealing occurs. +@item GNUTLS_@-CIPHER_@-IDEA_@-PGP_@-CFB +IDEA in CFB mode (placeholder - unsupported). +@item GNUTLS_@-CIPHER_@-3DES_@-PGP_@-CFB +3DES in CFB mode (placeholder - unsupported). +@item GNUTLS_@-CIPHER_@-CAST5_@-PGP_@-CFB +CAST5 in CFB mode (placeholder - unsupported). +@item GNUTLS_@-CIPHER_@-BLOWFISH_@-PGP_@-CFB +Blowfish in CFB mode (placeholder - unsupported). +@item GNUTLS_@-CIPHER_@-SAFER_@-SK128_@-PGP_@-CFB +Safer-SK in CFB mode with 128-bit keys (placeholder - unsupported). +@item GNUTLS_@-CIPHER_@-AES128_@-PGP_@-CFB +AES in CFB mode with 128-bit keys (placeholder - unsupported). +@item GNUTLS_@-CIPHER_@-AES192_@-PGP_@-CFB +AES in CFB mode with 192-bit keys (placeholder - unsupported). +@item GNUTLS_@-CIPHER_@-AES256_@-PGP_@-CFB +AES in CFB mode with 256-bit keys (placeholder - unsupported). +@item GNUTLS_@-CIPHER_@-TWOFISH_@-PGP_@-CFB +Twofish in CFB mode (placeholder - unsupported). +@end table + +@c gnutls_kx_algorithm_t +@table @code +@item GNUTLS_@-KX_@-UNKNOWN +Unknown key-exchange algorithm. +@item GNUTLS_@-KX_@-RSA +RSA key-exchange algorithm. +@item GNUTLS_@-KX_@-DHE_@-DSS +DHE-DSS key-exchange algorithm. +@item GNUTLS_@-KX_@-DHE_@-RSA +DHE-RSA key-exchange algorithm. +@item GNUTLS_@-KX_@-ANON_@-DH +Anon-DH key-exchange algorithm. +@item GNUTLS_@-KX_@-SRP +SRP key-exchange algorithm. +@item GNUTLS_@-KX_@-RSA_@-EXPORT +RSA-EXPORT key-exchange algorithm (defunc). +@item GNUTLS_@-KX_@-SRP_@-RSA +SRP-RSA key-exchange algorithm. +@item GNUTLS_@-KX_@-SRP_@-DSS +SRP-DSS key-exchange algorithm. +@item GNUTLS_@-KX_@-PSK +PSK key-exchange algorithm. +@item GNUTLS_@-KX_@-DHE_@-PSK +DHE-PSK key-exchange algorithm. +@item GNUTLS_@-KX_@-ANON_@-ECDH +Anon-ECDH key-exchange algorithm. +@item GNUTLS_@-KX_@-ECDHE_@-RSA +ECDHE-RSA key-exchange algorithm. +@item GNUTLS_@-KX_@-ECDHE_@-ECDSA +ECDHE-ECDSA key-exchange algorithm. +@item GNUTLS_@-KX_@-ECDHE_@-PSK +ECDHE-PSK key-exchange algorithm. +@item GNUTLS_@-KX_@-RSA_@-PSK +RSA-PSK key-exchange algorithm. +@end table + +@c gnutls_params_type_t +@table @code +@item GNUTLS_@-PARAMS_@-RSA_@-EXPORT +Session RSA-EXPORT parameters (defunc). +@item GNUTLS_@-PARAMS_@-DH +Session Diffie-Hellman parameters. +@item GNUTLS_@-PARAMS_@-ECDH +Session Elliptic-Curve Diffie-Hellman parameters. +@end table + +@c gnutls_credentials_type_t +@table @code +@item GNUTLS_@-CRD_@-CERTIFICATE +Certificate credential. +@item GNUTLS_@-CRD_@-ANON +Anonymous credential. +@item GNUTLS_@-CRD_@-SRP +SRP credential. +@item GNUTLS_@-CRD_@-PSK +PSK credential. +@item GNUTLS_@-CRD_@-IA +IA credential. +@end table + +@c gnutls_mac_algorithm_t +@table @code +@item GNUTLS_@-MAC_@-UNKNOWN +Unknown MAC algorithm. +@item GNUTLS_@-MAC_@-NULL +NULL MAC algorithm (empty output). +@item GNUTLS_@-MAC_@-MD5 +HMAC-MD5 algorithm. +@item GNUTLS_@-MAC_@-SHA1 +HMAC-SHA-1 algorithm. +@item GNUTLS_@-MAC_@-RMD160 +HMAC-RMD160 algorithm. +@item GNUTLS_@-MAC_@-MD2 +HMAC-MD2 algorithm. +@item GNUTLS_@-MAC_@-SHA256 +HMAC-SHA-256 algorithm. +@item GNUTLS_@-MAC_@-SHA384 +HMAC-SHA-384 algorithm. +@item GNUTLS_@-MAC_@-SHA512 +HMAC-SHA-512 algorithm. +@item GNUTLS_@-MAC_@-SHA224 +HMAC-SHA-224 algorithm. +@item GNUTLS_@-MAC_@-SHA3_@-224 +Reserved; unimplemented. +@item GNUTLS_@-MAC_@-SHA3_@-256 +Reserved; unimplemented. +@item GNUTLS_@-MAC_@-SHA3_@-384 +Reserved; unimplemented. +@item GNUTLS_@-MAC_@-SHA3_@-512 +Reserved; unimplemented. +@item GNUTLS_@-MAC_@-MD5_@-SHA1 +Combined MD5+SHA1 MAC placeholder. +@item GNUTLS_@-MAC_@-GOSTR_@-94 +HMAC GOST R 34.11-94 algorithm. +@item GNUTLS_@-MAC_@-STREEBOG_@-256 +HMAC GOST R 34.11-2001 (Streebog) algorithm, 256 bit. +@item GNUTLS_@-MAC_@-STREEBOG_@-512 +HMAC GOST R 34.11-2001 (Streebog) algorithm, 512 bit. +@item GNUTLS_@-MAC_@-AEAD +MAC implicit through AEAD cipher. +@item GNUTLS_@-MAC_@-UMAC_@-96 +The UMAC-96 MAC algorithm. +@item GNUTLS_@-MAC_@-UMAC_@-128 +The UMAC-128 MAC algorithm. +@item GNUTLS_@-MAC_@-AES_@-CMAC_@-128 +The AES-CMAC-128 MAC algorithm. +@item GNUTLS_@-MAC_@-AES_@-CMAC_@-256 +The AES-CMAC-256 MAC algorithm. +@end table + +@c gnutls_digest_algorithm_t +@table @code +@item GNUTLS_@-DIG_@-UNKNOWN +Unknown hash algorithm. +@item GNUTLS_@-DIG_@-NULL +NULL hash algorithm (empty output). +@item GNUTLS_@-DIG_@-MD5 +MD5 algorithm. +@item GNUTLS_@-DIG_@-SHA1 +SHA-1 algorithm. +@item GNUTLS_@-DIG_@-RMD160 +RMD160 algorithm. +@item GNUTLS_@-DIG_@-MD2 +MD2 algorithm. +@item GNUTLS_@-DIG_@-SHA256 +SHA-256 algorithm. +@item GNUTLS_@-DIG_@-SHA384 +SHA-384 algorithm. +@item GNUTLS_@-DIG_@-SHA512 +SHA-512 algorithm. +@item GNUTLS_@-DIG_@-SHA224 +SHA-224 algorithm. +@item GNUTLS_@-DIG_@-SHA3_@-224 +SHA3-224 algorithm. +@item GNUTLS_@-DIG_@-SHA3_@-256 +SHA3-256 algorithm. +@item GNUTLS_@-DIG_@-SHA3_@-384 +SHA3-384 algorithm. +@item GNUTLS_@-DIG_@-SHA3_@-512 +SHA3-512 algorithm. +@item GNUTLS_@-DIG_@-MD5_@-SHA1 +Combined MD5+SHA1 algorithm. +@item GNUTLS_@-DIG_@-GOSTR_@-94 +GOST R 34.11-94 algorithm. +@item GNUTLS_@-DIG_@-STREEBOG_@-256 +GOST R 34.11-2001 (Streebog) algorithm, 256 bit. +@item GNUTLS_@-DIG_@-STREEBOG_@-512 +GOST R 34.11-2001 (Streebog) algorithm, 512 bit. +@end table + +@c gnutls_compression_method_t +@table @code +@item GNUTLS_@-COMP_@-UNKNOWN +Unknown compression method. +@item GNUTLS_@-COMP_@-NULL +The NULL compression method (no compression). +@item GNUTLS_@-COMP_@-DEFLATE +The DEFLATE compression method from zlib. +@item GNUTLS_@-COMP_@-ZLIB +Same as @code{GNUTLS_COMP_DEFLATE} . +@end table + +@c gnutls_init_flags_t +@table @code +@item GNUTLS_@-SERVER +Connection end is a server. +@item GNUTLS_@-CLIENT +Connection end is a client. +@item GNUTLS_@-DATAGRAM +Connection is datagram oriented (DTLS). Since 3.0.0. +@item GNUTLS_@-NONBLOCK +Connection should not block. Since 3.0.0. +@item GNUTLS_@-NO_@-EXTENSIONS +Do not enable any TLS extensions by default (since 3.1.2). As TLS 1.2 and later require extensions this option is considered obsolete and should not be used. +@item GNUTLS_@-NO_@-REPLAY_@-PROTECTION +Disable any replay protection in DTLS. This must only be used if replay protection is achieved using other means. Since 3.2.2. +@item GNUTLS_@-NO_@-SIGNAL +In systems where SIGPIPE is delivered on send, it will be disabled. That flag has effect in systems which support the MSG_NOSIGNAL sockets flag (since 3.4.2). +@item GNUTLS_@-ALLOW_@-ID_@-CHANGE +Allow the peer to replace its certificate, or change its ID during a rehandshake. This change is often used in attacks and thus prohibited by default. Since 3.5.0. +@item GNUTLS_@-ENABLE_@-FALSE_@-START +Enable the TLS false start on client side if the negotiated ciphersuites allow it. This will enable sending data prior to the handshake being complete, and may introduce a risk of crypto failure when combined with certain key exchanged; for that GnuTLS may not enable that option in ciphersuites that are known to be not safe for false start. Since 3.5.0. +@item GNUTLS_@-FORCE_@-CLIENT_@-CERT +When in client side and only a single cert is specified, send that certificate irrespective of the issuers expected by the server. Since 3.5.0. +@item GNUTLS_@-NO_@-TICKETS +Flag to indicate that the session should not use resumption with session tickets. +@item GNUTLS_@-KEY_@-SHARE_@-TOP +Generate key share for the first group which is enabled. +For example x25519. This option is the most performant for client (less CPU spent +generating keys), but if the server doesn't support the advertized option it may +result to more roundtrips needed to discover the server's choice. +@item GNUTLS_@-KEY_@-SHARE_@-TOP2 +Generate key shares for the top-2 different groups which are enabled. +For example (ECDH + x25519). This is the default. +@item GNUTLS_@-KEY_@-SHARE_@-TOP3 +Generate key shares for the top-3 different groups which are enabled. +That is, as each group is associated with a key type (EC, finite field, x25519), generate +three keys using @code{GNUTLS_PK_DH} , @code{GNUTLS_PK_EC} , @code{GNUTLS_PK_ECDH_X25519} if all of them are enabled. +@item GNUTLS_@-POST_@-HANDSHAKE_@-AUTH +Enable post handshake authentication for server and client. When set and +a server requests authentication after handshake @code{GNUTLS_E_REAUTH_REQUEST} will be returned +by @code{gnutls_record_recv()} . A client should then call @code{gnutls_reauth()} to re-authenticate. +@item GNUTLS_@-NO_@-AUTO_@-REKEY +Disable auto-rekeying under TLS1.3. If this option is not specified +gnutls will force a rekey after 2^24 records have been sent. +@item GNUTLS_@-SAFE_@-PADDING_@-CHECK +Flag to indicate that the TLS 1.3 padding check will be done in a +safe way which doesn't leak the pad size based on GnuTLS processing time. This is of use to +applications which hide the length of transferred data via the TLS1.3 padding mechanism and +are already taking steps to hide the data processing time. This comes at a performance +penalty. +@item GNUTLS_@-ENABLE_@-EARLY_@-START +Under TLS1.3 allow the server to return earlier than the full handshake +finish; similarly to false start the handshake will be completed once data are received by the +client, while the server is able to transmit sooner. This is not enabled by default as it could +break certain existing server assumptions and use-cases. Since 3.6.4. +@item GNUTLS_@-ENABLE_@-RAWPK +Allows raw public-keys to be negotiated during the handshake. Since 3.6.6. +@item GNUTLS_@-AUTO_@-REAUTH +Enable transparent re-authentication in client side when the server +requests to. That is, reauthentication is handled within @code{gnutls_record_recv()} , and +the @code{GNUTLS_E_REHANDSHAKE} or @code{GNUTLS_E_REAUTH_REQUEST} are not returned. This must be +enabled with @code{GNUTLS_POST_HANDSHAKE_AUTH} for TLS1.3. Enabling this flag requires to restore +interrupted calls to @code{gnutls_record_recv()} based on the output of @code{gnutls_record_get_direction()} , +since @code{gnutls_record_recv()} could be interrupted when sending when this flag is enabled. +Note this flag may not be used if you are using the same session for sending and receiving +in different threads. +@item GNUTLS_@-ENABLE_@-EARLY_@-DATA +Under TLS1.3 allow the server to receive early data sent as part of the initial ClientHello (0-RTT). +This is not enabled by default as early data has weaker security properties than other data. Since 3.6.5. +@end table + +@c gnutls_alert_level_t +@table @code +@item GNUTLS_@-AL_@-WARNING +Alert of warning severity. +@item GNUTLS_@-AL_@-FATAL +Alert of fatal severity. +@end table + +@c gnutls_alert_description_t +@table @code +@item GNUTLS_@-A_@-CLOSE_@-NOTIFY +Close notify. +@item GNUTLS_@-A_@-UNEXPECTED_@-MESSAGE +Unexpected message. +@item GNUTLS_@-A_@-BAD_@-RECORD_@-MAC +Bad record MAC. +@item GNUTLS_@-A_@-DECRYPTION_@-FAILED +Decryption failed. +@item GNUTLS_@-A_@-RECORD_@-OVERFLOW +Record overflow. +@item GNUTLS_@-A_@-DECOMPRESSION_@-FAILURE +Decompression failed. +@item GNUTLS_@-A_@-HANDSHAKE_@-FAILURE +Handshake failed. +@item GNUTLS_@-A_@-SSL3_@-NO_@-CERTIFICATE +No certificate. +@item GNUTLS_@-A_@-BAD_@-CERTIFICATE +Certificate is bad. +@item GNUTLS_@-A_@-UNSUPPORTED_@-CERTIFICATE +Certificate is not supported. +@item GNUTLS_@-A_@-CERTIFICATE_@-REVOKED +Certificate was revoked. +@item GNUTLS_@-A_@-CERTIFICATE_@-EXPIRED +Certificate is expired. +@item GNUTLS_@-A_@-CERTIFICATE_@-UNKNOWN +Unknown certificate. +@item GNUTLS_@-A_@-ILLEGAL_@-PARAMETER +Illegal parameter. +@item GNUTLS_@-A_@-UNKNOWN_@-CA +CA is unknown. +@item GNUTLS_@-A_@-ACCESS_@-DENIED +Access was denied. +@item GNUTLS_@-A_@-DECODE_@-ERROR +Decode error. +@item GNUTLS_@-A_@-DECRYPT_@-ERROR +Decrypt error. +@item GNUTLS_@-A_@-EXPORT_@-RESTRICTION +Export restriction. +@item GNUTLS_@-A_@-PROTOCOL_@-VERSION +Error in protocol version. +@item GNUTLS_@-A_@-INSUFFICIENT_@-SECURITY +Insufficient security. +@item GNUTLS_@-A_@-INTERNAL_@-ERROR +Internal error. +@item GNUTLS_@-A_@-INAPPROPRIATE_@-FALLBACK +Inappropriate fallback, +@item GNUTLS_@-A_@-USER_@-CANCELED +User canceled. +@item GNUTLS_@-A_@-NO_@-RENEGOTIATION +No renegotiation is allowed. +@item GNUTLS_@-A_@-MISSING_@-EXTENSION +An extension was expected but was not seen +@item GNUTLS_@-A_@-UNSUPPORTED_@-EXTENSION +An unsupported extension was +sent. +@item GNUTLS_@-A_@-CERTIFICATE_@-UNOBTAINABLE +Could not retrieve the +specified certificate. +@item GNUTLS_@-A_@-UNRECOGNIZED_@-NAME +The server name sent was not +recognized. +@item GNUTLS_@-A_@-UNKNOWN_@-PSK_@-IDENTITY +The SRP/PSK username is missing +or not known. +@item GNUTLS_@-A_@-CERTIFICATE_@-REQUIRED +Certificate is required. +@item GNUTLS_@-A_@-NO_@-APPLICATION_@-PROTOCOL +The ALPN protocol requested is +not supported by the peer. +@item GNUTLS_@-A_@-MAX +-- undescribed -- +@end table + +@c gnutls_handshake_description_t +@table @code +@item GNUTLS_@-HANDSHAKE_@-HELLO_@-REQUEST +Hello request. +@item GNUTLS_@-HANDSHAKE_@-CLIENT_@-HELLO +Client hello. +@item GNUTLS_@-HANDSHAKE_@-SERVER_@-HELLO +Server hello. +@item GNUTLS_@-HANDSHAKE_@-HELLO_@-VERIFY_@-REQUEST +DTLS Hello verify request. +@item GNUTLS_@-HANDSHAKE_@-NEW_@-SESSION_@-TICKET +New session ticket. +@item GNUTLS_@-HANDSHAKE_@-END_@-OF_@-EARLY_@-DATA +End of early data. +@item GNUTLS_@-HANDSHAKE_@-ENCRYPTED_@-EXTENSIONS +Encrypted extensions message. +@item GNUTLS_@-HANDSHAKE_@-CERTIFICATE_@-PKT +Certificate packet. +@item GNUTLS_@-HANDSHAKE_@-SERVER_@-KEY_@-EXCHANGE +Server key exchange. +@item GNUTLS_@-HANDSHAKE_@-CERTIFICATE_@-REQUEST +Certificate request. +@item GNUTLS_@-HANDSHAKE_@-SERVER_@-HELLO_@-DONE +Server hello done. +@item GNUTLS_@-HANDSHAKE_@-CERTIFICATE_@-VERIFY +Certificate verify. +@item GNUTLS_@-HANDSHAKE_@-CLIENT_@-KEY_@-EXCHANGE +Client key exchange. +@item GNUTLS_@-HANDSHAKE_@-FINISHED +Finished. +@item GNUTLS_@-HANDSHAKE_@-CERTIFICATE_@-STATUS +Certificate status (OCSP). +@item GNUTLS_@-HANDSHAKE_@-SUPPLEMENTAL +Supplemental. +@item GNUTLS_@-HANDSHAKE_@-KEY_@-UPDATE +TLS1.3 key update message. +@item GNUTLS_@-HANDSHAKE_@-CHANGE_@-CIPHER_@-SPEC +Change Cipher Spec. +@item GNUTLS_@-HANDSHAKE_@-CLIENT_@-HELLO_@-V2 +SSLv2 Client Hello. +@item GNUTLS_@-HANDSHAKE_@-HELLO_@-RETRY_@-REQUEST +Hello retry request. +@end table + +@c gnutls_certificate_status_t +@table @code +@item GNUTLS_@-CERT_@-INVALID +The certificate is not signed by one of the +known authorities or the signature is invalid (deprecated by the flags +@code{GNUTLS_CERT_SIGNATURE_FAILURE} and @code{GNUTLS_CERT_SIGNER_NOT_FOUND} ). +@item GNUTLS_@-CERT_@-REVOKED +Certificate is revoked by its authority. In X.509 this will be +set only if CRLs are checked. +@item GNUTLS_@-CERT_@-SIGNER_@-NOT_@-FOUND +The certificate's issuer is not known. +This is the case if the issuer is not included in the trusted certificate list. +@item GNUTLS_@-CERT_@-SIGNER_@-NOT_@-CA +The certificate's signer was not a CA. This +may happen if this was a version 1 certificate, which is common with +some CAs, or a version 3 certificate without the basic constrains extension. +@item GNUTLS_@-CERT_@-INSECURE_@-ALGORITHM +The certificate was signed using an insecure +algorithm such as MD2 or MD5. These algorithms have been broken and +should not be trusted. +@item GNUTLS_@-CERT_@-NOT_@-ACTIVATED +The certificate is not yet activated. +@item GNUTLS_@-CERT_@-EXPIRED +The certificate has expired. +@item GNUTLS_@-CERT_@-SIGNATURE_@-FAILURE +The signature verification failed. +@item GNUTLS_@-CERT_@-REVOCATION_@-DATA_@-SUPERSEDED +The revocation data are old and have been superseded. +@item GNUTLS_@-CERT_@-UNEXPECTED_@-OWNER +The owner is not the expected one. +@item GNUTLS_@-CERT_@-REVOCATION_@-DATA_@-ISSUED_@-IN_@-FUTURE +The revocation data have a future issue date. +@item GNUTLS_@-CERT_@-SIGNER_@-CONSTRAINTS_@-FAILURE +The certificate's signer constraints were +violated. +@item GNUTLS_@-CERT_@-MISMATCH +The certificate presented isn't the expected one (TOFU) +@item GNUTLS_@-CERT_@-PURPOSE_@-MISMATCH +The certificate or an intermediate does not match the intended purpose (extended key usage). +@item GNUTLS_@-CERT_@-MISSING_@-OCSP_@-STATUS +The certificate requires the server to send the certifiate status, but no status was received. +@item GNUTLS_@-CERT_@-INVALID_@-OCSP_@-STATUS +The received OCSP status response is invalid. +@item GNUTLS_@-CERT_@-UNKNOWN_@-CRIT_@-EXTENSIONS +The certificate has extensions marked as critical which are not supported. +@end table + +@c gnutls_certificate_request_t +@table @code +@item GNUTLS_@-CERT_@-IGNORE +Ignore certificate. +@item GNUTLS_@-CERT_@-REQUEST +Request certificate. +@item GNUTLS_@-CERT_@-REQUIRE +Require certificate. +@end table + +@c gnutls_openpgp_crt_status_t +@table @code +@item GNUTLS_@-OPENPGP_@-CERT +Send entire certificate. +@item GNUTLS_@-OPENPGP_@-CERT_@-FINGERPRINT +Send only certificate fingerprint. +@end table + +@c gnutls_close_request_t +@table @code +@item GNUTLS_@-SHUT_@-RDWR +Disallow further receives/sends. +@item GNUTLS_@-SHUT_@-WR +Disallow further sends. +@end table + +@c gnutls_protocol_t +@table @code +@item GNUTLS_@-SSL3 +SSL version 3.0. +@item GNUTLS_@-TLS1_@-0 +TLS version 1.0. +@item GNUTLS_@-TLS1 +Same as @code{GNUTLS_TLS1_0} . +@item GNUTLS_@-TLS1_@-1 +TLS version 1.1. +@item GNUTLS_@-TLS1_@-2 +TLS version 1.2. +@item GNUTLS_@-TLS1_@-3 +TLS version 1.3. +@item GNUTLS_@-DTLS0_@-9 +DTLS version 0.9 (Cisco AnyConnect / OpenSSL 0.9.8e). +@item GNUTLS_@-DTLS1_@-0 +DTLS version 1.0. +@item GNUTLS_@-DTLS1_@-2 +DTLS version 1.2. +@item GNUTLS_@-DTLS_@-VERSION_@-MIN +-- undescribed -- +@item GNUTLS_@-DTLS_@-VERSION_@-MAX +Maps to the highest supported DTLS version. +@item GNUTLS_@-TLS_@-VERSION_@-MAX +Maps to the highest supported TLS version. +@item GNUTLS_@-VERSION_@-UNKNOWN +Unknown SSL/TLS version. +@end table + +@c gnutls_certificate_type_t +@table @code +@item GNUTLS_@-CRT_@-UNKNOWN +Unknown certificate type. +@item GNUTLS_@-CRT_@-X509 +X.509 Certificate. +@item GNUTLS_@-CRT_@-OPENPGP +OpenPGP certificate. +@item GNUTLS_@-CRT_@-RAWPK +Raw public-key (SubjectPublicKeyInfo) +@item GNUTLS_@-CRT_@-MAX +-- undescribed -- +@end table + +@c gnutls_x509_crt_fmt_t +@table @code +@item GNUTLS_@-X509_@-FMT_@-DER +X.509 certificate in DER format (binary). +@item GNUTLS_@-X509_@-FMT_@-PEM +X.509 certificate in PEM format (text). +@end table + +@c gnutls_certificate_print_formats_t +@table @code +@item GNUTLS_@-CRT_@-PRINT_@-FULL +Full information about certificate. +@item GNUTLS_@-CRT_@-PRINT_@-ONELINE +Information about certificate in one line. +@item GNUTLS_@-CRT_@-PRINT_@-UNSIGNED_@-FULL +All info for an unsigned certificate. +@item GNUTLS_@-CRT_@-PRINT_@-COMPACT +Information about certificate name in one line, plus identification of the public key. +@item GNUTLS_@-CRT_@-PRINT_@-FULL_@-NUMBERS +Full information about certificate and include easy to parse public key parameters. +@end table + +@c gnutls_pk_algorithm_t +@table @code +@item GNUTLS_@-PK_@-UNKNOWN +Unknown public-key algorithm. +@item GNUTLS_@-PK_@-RSA +RSA public-key algorithm. +@item GNUTLS_@-PK_@-DSA +DSA public-key algorithm. +@item GNUTLS_@-PK_@-DH +Diffie-Hellman algorithm. Used to generate parameters. +@item GNUTLS_@-PK_@-ECDSA +Elliptic curve algorithm. These parameters are compatible with the ECDSA and ECDH algorithm. +@item GNUTLS_@-PK_@-ECDH_@-X25519 +Elliptic curve algorithm, restricted to ECDH as per rfc7748. +@item GNUTLS_@-PK_@-RSA_@-PSS +RSA public-key algorithm, with PSS padding. +@item GNUTLS_@-PK_@-EDDSA_@-ED25519 +Edwards curve Digital signature algorithm. Used with SHA512 on signatures. +@item GNUTLS_@-PK_@-GOST_@-01 +GOST R 34.10-2001 algorithm per rfc5832. +@item GNUTLS_@-PK_@-GOST_@-12_@-256 +GOST R 34.10-2012 algorithm, 256-bit key per rfc7091. +@item GNUTLS_@-PK_@-GOST_@-12_@-512 +GOST R 34.10-2012 algorithm, 512-bit key per rfc7091. +@item GNUTLS_@-PK_@-MAX +-- undescribed -- +@end table + +@c gnutls_sign_algorithm_t +@table @code +@item GNUTLS_@-SIGN_@-UNKNOWN +Unknown signature algorithm. +@item GNUTLS_@-SIGN_@-RSA_@-SHA1 +Digital signature algorithm RSA with SHA-1 +@item GNUTLS_@-SIGN_@-RSA_@-SHA +Same as @code{GNUTLS_SIGN_RSA_SHA1} . +@item GNUTLS_@-SIGN_@-DSA_@-SHA1 +Digital signature algorithm DSA with SHA-1 +@item GNUTLS_@-SIGN_@-DSA_@-SHA +Same as @code{GNUTLS_SIGN_DSA_SHA1} . +@item GNUTLS_@-SIGN_@-RSA_@-MD5 +Digital signature algorithm RSA with MD5. +@item GNUTLS_@-SIGN_@-RSA_@-MD2 +Digital signature algorithm RSA with MD2. +@item GNUTLS_@-SIGN_@-RSA_@-RMD160 +Digital signature algorithm RSA with RMD-160. +@item GNUTLS_@-SIGN_@-RSA_@-SHA256 +Digital signature algorithm RSA with SHA-256. +@item GNUTLS_@-SIGN_@-RSA_@-SHA384 +Digital signature algorithm RSA with SHA-384. +@item GNUTLS_@-SIGN_@-RSA_@-SHA512 +Digital signature algorithm RSA with SHA-512. +@item GNUTLS_@-SIGN_@-RSA_@-SHA224 +Digital signature algorithm RSA with SHA-224. +@item GNUTLS_@-SIGN_@-DSA_@-SHA224 +Digital signature algorithm DSA with SHA-224 +@item GNUTLS_@-SIGN_@-DSA_@-SHA256 +Digital signature algorithm DSA with SHA-256 +@item GNUTLS_@-SIGN_@-ECDSA_@-SHA1 +ECDSA with SHA1. +@item GNUTLS_@-SIGN_@-ECDSA_@-SHA224 +Digital signature algorithm ECDSA with SHA-224. +@item GNUTLS_@-SIGN_@-ECDSA_@-SHA256 +Digital signature algorithm ECDSA with SHA-256. +@item GNUTLS_@-SIGN_@-ECDSA_@-SHA384 +Digital signature algorithm ECDSA with SHA-384. +@item GNUTLS_@-SIGN_@-ECDSA_@-SHA512 +Digital signature algorithm ECDSA with SHA-512. +@item GNUTLS_@-SIGN_@-DSA_@-SHA384 +Digital signature algorithm DSA with SHA-384 +@item GNUTLS_@-SIGN_@-DSA_@-SHA512 +Digital signature algorithm DSA with SHA-512 +@item GNUTLS_@-SIGN_@-ECDSA_@-SHA3_@-224 +Digital signature algorithm ECDSA with SHA3-224. +@item GNUTLS_@-SIGN_@-ECDSA_@-SHA3_@-256 +Digital signature algorithm ECDSA with SHA3-256. +@item GNUTLS_@-SIGN_@-ECDSA_@-SHA3_@-384 +Digital signature algorithm ECDSA with SHA3-384. +@item GNUTLS_@-SIGN_@-ECDSA_@-SHA3_@-512 +Digital signature algorithm ECDSA with SHA3-512. +@item GNUTLS_@-SIGN_@-DSA_@-SHA3_@-224 +Digital signature algorithm DSA with SHA3-224. +@item GNUTLS_@-SIGN_@-DSA_@-SHA3_@-256 +Digital signature algorithm DSA with SHA3-256. +@item GNUTLS_@-SIGN_@-DSA_@-SHA3_@-384 +Digital signature algorithm DSA with SHA3-384. +@item GNUTLS_@-SIGN_@-DSA_@-SHA3_@-512 +Digital signature algorithm DSA with SHA3-512. +@item GNUTLS_@-SIGN_@-RSA_@-SHA3_@-224 +Digital signature algorithm RSA with SHA3-224. +@item GNUTLS_@-SIGN_@-RSA_@-SHA3_@-256 +Digital signature algorithm RSA with SHA3-256. +@item GNUTLS_@-SIGN_@-RSA_@-SHA3_@-384 +Digital signature algorithm RSA with SHA3-384. +@item GNUTLS_@-SIGN_@-RSA_@-SHA3_@-512 +Digital signature algorithm RSA with SHA3-512. +@item GNUTLS_@-SIGN_@-RSA_@-PSS_@-SHA256 +Digital signature algorithm RSA with SHA-256, with PSS padding (RSA-PSS certificate). +@item GNUTLS_@-SIGN_@-RSA_@-PSS_@-SHA384 +Digital signature algorithm RSA with SHA-384, with PSS padding (RSA-PSS certificate). +@item GNUTLS_@-SIGN_@-RSA_@-PSS_@-SHA512 +Digital signature algorithm RSA with SHA-512, with PSS padding (RSA-PSS certificate). +@item GNUTLS_@-SIGN_@-EDDSA_@-ED25519 +Digital signature algorithm EdDSA with Ed25519 curve. +@item GNUTLS_@-SIGN_@-RSA_@-RAW +Digital signature algorithm RSA with DigestInfo formatted data +@item GNUTLS_@-SIGN_@-ECDSA_@-SECP256R1_@-SHA256 +Digital signature algorithm ECDSA-SECP256R1 with SHA-256 (used in TLS 1.3 but not PKIX). +@item GNUTLS_@-SIGN_@-ECDSA_@-SECP384R1_@-SHA384 +Digital signature algorithm ECDSA-SECP384R1 with SHA-384 (used in TLS 1.3 but not PKIX). +@item GNUTLS_@-SIGN_@-ECDSA_@-SECP521R1_@-SHA512 +Digital signature algorithm ECDSA-SECP521R1 with SHA-512 (used in TLS 1.3 but not PKIX). +@item GNUTLS_@-SIGN_@-RSA_@-PSS_@-RSAE_@-SHA256 +Digital signature algorithm RSA with SHA-256, +with PSS padding (RSA PKCS@code{1} 1.5 certificate). This signature is identical +to @code{GNUTLS_SIGN_RSA_PSS_SHA256} , but they are distinct as the TLS1.3 protocol +treats them differently. +@item GNUTLS_@-SIGN_@-RSA_@-PSS_@-RSAE_@-SHA384 +Digital signature algorithm RSA with SHA-384, +with PSS padding (RSA PKCS@code{1} 1.5 certificate). This signature is identical +to @code{GNUTLS_SIGN_RSA_PSS_SHA384} , but they are distinct as the TLS1.3 protocol +treats them differently. +@item GNUTLS_@-SIGN_@-RSA_@-PSS_@-RSAE_@-SHA512 +Digital signature algorithm RSA with SHA-512, +with PSS padding (RSA PKCS@code{1} 1.5 certificate). This signature is identical +to @code{GNUTLS_SIGN_RSA_PSS_SHA512} , but they are distinct as the TLS1.3 protocol +treats them differently. +@item GNUTLS_@-SIGN_@-GOST_@-94 +Digital signature algorithm GOST R 34.10-2001 with GOST R 34.11-94 +@item GNUTLS_@-SIGN_@-GOST_@-256 +Digital signature algorithm GOST R 34.10-2012 with GOST R 34.11-2012 256 bit +@item GNUTLS_@-SIGN_@-GOST_@-512 +Digital signature algorithm GOST R 34.10-2012 with GOST R 34.11-2012 512 bit +@item GNUTLS_@-SIGN_@-MAX +-- undescribed -- +@end table + +@c gnutls_ecc_curve_t +@table @code +@item GNUTLS_@-ECC_@-CURVE_@-INVALID +Cannot be known +@item GNUTLS_@-ECC_@-CURVE_@-SECP224R1 +the SECP224R1 curve +@item GNUTLS_@-ECC_@-CURVE_@-SECP256R1 +the SECP256R1 curve +@item GNUTLS_@-ECC_@-CURVE_@-SECP384R1 +the SECP384R1 curve +@item GNUTLS_@-ECC_@-CURVE_@-SECP521R1 +the SECP521R1 curve +@item GNUTLS_@-ECC_@-CURVE_@-SECP192R1 +the SECP192R1 curve +@item GNUTLS_@-ECC_@-CURVE_@-X25519 +the X25519 curve (ECDH only) +@item GNUTLS_@-ECC_@-CURVE_@-ED25519 +the Ed25519 curve +@item GNUTLS_@-ECC_@-CURVE_@-GOST256CPA +GOST R 34.10 CryptoPro 256 A curve +@item GNUTLS_@-ECC_@-CURVE_@-GOST256CPB +GOST R 34.10 CryptoPro 256 B curve +@item GNUTLS_@-ECC_@-CURVE_@-GOST256CPC +GOST R 34.10 CryptoPro 256 C curve +@item GNUTLS_@-ECC_@-CURVE_@-GOST256CPXA +GOST R 34.10 CryptoPro 256 XchA curve +@item GNUTLS_@-ECC_@-CURVE_@-GOST256CPXB +GOST R 34.10 CryptoPro 256 XchB curve +@item GNUTLS_@-ECC_@-CURVE_@-GOST512A +GOST R 34.10 TC26 512 A curve +@item GNUTLS_@-ECC_@-CURVE_@-GOST512B +GOST R 34.10 TC26 512 B curve +@item GNUTLS_@-ECC_@-CURVE_@-MAX +-- undescribed -- +@end table + +@c gnutls_group_t +@table @code +@item GNUTLS_@-GROUP_@-INVALID +Indicates unknown/invalid group +@item GNUTLS_@-GROUP_@-SECP192R1 +the SECP192R1 curve group (legacy, only for TLS 1.2 compatibility) +@item GNUTLS_@-GROUP_@-SECP224R1 +the SECP224R1 curve group (legacy, only for TLS 1.2 compatibility) +@item GNUTLS_@-GROUP_@-SECP256R1 +the SECP256R1 curve group +@item GNUTLS_@-GROUP_@-SECP384R1 +the SECP384R1 curve group +@item GNUTLS_@-GROUP_@-SECP521R1 +the SECP521R1 curve group +@item GNUTLS_@-GROUP_@-X25519 +the X25519 curve group +@item GNUTLS_@-GROUP_@-FFDHE2048 +the FFDHE2048 group +@item GNUTLS_@-GROUP_@-FFDHE3072 +the FFDHE3072 group +@item GNUTLS_@-GROUP_@-FFDHE4096 +the FFDHE4096 group +@item GNUTLS_@-GROUP_@-FFDHE8192 +the FFDHE8192 group +@item GNUTLS_@-GROUP_@-FFDHE6144 +the FFDHE6144 group +@item GNUTLS_@-GROUP_@-MAX +-- undescribed -- +@end table + +@c gnutls_sec_param_t +@table @code +@item GNUTLS_@-SEC_@-PARAM_@-UNKNOWN +Cannot be known +@item GNUTLS_@-SEC_@-PARAM_@-INSECURE +Less than 42 bits of security +@item GNUTLS_@-SEC_@-PARAM_@-EXPORT +42 bits of security +@item GNUTLS_@-SEC_@-PARAM_@-VERY_@-WEAK +64 bits of security +@item GNUTLS_@-SEC_@-PARAM_@-WEAK +72 bits of security +@item GNUTLS_@-SEC_@-PARAM_@-LOW +80 bits of security +@item GNUTLS_@-SEC_@-PARAM_@-LEGACY +96 bits of security +@item GNUTLS_@-SEC_@-PARAM_@-MEDIUM +112 bits of security (used to be @code{GNUTLS_SEC_PARAM_NORMAL} ) +@item GNUTLS_@-SEC_@-PARAM_@-HIGH +128 bits of security +@item GNUTLS_@-SEC_@-PARAM_@-ULTRA +192 bits of security +@item GNUTLS_@-SEC_@-PARAM_@-FUTURE +256 bits of security +@item GNUTLS_@-SEC_@-PARAM_@-MAX +-- undescribed -- +@end table + +@c gnutls_channel_binding_t +@table @code +@item GNUTLS_@-CB_@-TLS_@-UNIQUE +"tls-unique" (RFC 5929) channel binding +@end table + +@c gnutls_gost_paramset_t +@table @code +@item GNUTLS_@-GOST_@-PARAMSET_@-UNKNOWN +Unknown/default parameter set +@item GNUTLS_@-GOST_@-PARAMSET_@-TC26_@-Z +Specified by TC26, see rfc7836 +@item GNUTLS_@-GOST_@-PARAMSET_@-CP_@-A +CryptoPro-A, see rfc4357 +@item GNUTLS_@-GOST_@-PARAMSET_@-CP_@-B +CryptoPro-B, see rfc4357 +@item GNUTLS_@-GOST_@-PARAMSET_@-CP_@-C +CryptoPro-C, see rfc4357 +@item GNUTLS_@-GOST_@-PARAMSET_@-CP_@-D +CryptoPro-D, see rfc4357 +@end table + +@c gnutls_ctype_target_t +@table @code +@item GNUTLS_@-CTYPE_@-CLIENT +for requesting client certificate type values. +@item GNUTLS_@-CTYPE_@-SERVER +for requesting server certificate type values. +@item GNUTLS_@-CTYPE_@-OURS +for requesting our certificate type values. +@item GNUTLS_@-CTYPE_@-PEERS +for requesting the peers' certificate type values. +@end table + +@c gnutls_server_name_type_t +@table @code +@item GNUTLS_@-NAME_@-DNS +Domain Name System name type. +@end table + +@c gnutls_session_flags_t +@table @code +@item GNUTLS_@-SFLAGS_@-SAFE_@-RENEGOTIATION +Safe renegotiation (RFC5746) was used +@item GNUTLS_@-SFLAGS_@-EXT_@-MASTER_@-SECRET +The extended master secret (RFC7627) extension was used +@item GNUTLS_@-SFLAGS_@-ETM +The encrypt then MAC (RFC7366) extension was used +@item GNUTLS_@-SFLAGS_@-HB_@-LOCAL_@-SEND +The heartbeat negotiation allows the local side to send heartbeat messages +@item GNUTLS_@-SFLAGS_@-HB_@-PEER_@-SEND +The heartbeat negotiation allows the peer to send heartbeat messages +@item GNUTLS_@-SFLAGS_@-FALSE_@-START +False start was used in this client session. +@item GNUTLS_@-SFLAGS_@-RFC7919 +The RFC7919 Diffie-Hellman parameters were negotiated +@item GNUTLS_@-SFLAGS_@-SESSION_@-TICKET +A session ticket has been received by the server. +@item GNUTLS_@-SFLAGS_@-POST_@-HANDSHAKE_@-AUTH +Indicates client capability for post-handshake auth; set only on server side. +@item GNUTLS_@-SFLAGS_@-EARLY_@-START +The TLS1.3 server session returned early. +@item GNUTLS_@-SFLAGS_@-EARLY_@-DATA +The TLS1.3 early data has been received by the server. +@end table + +@c gnutls_supplemental_data_format_type_t +@table @code +@item GNUTLS_@-SUPPLEMENTAL_@-UNKNOWN +Unknown data format +@end table + +@c gnutls_srtp_profile_t +@table @code +@item GNUTLS_@-SRTP_@-AES128_@-CM_@-HMAC_@-SHA1_@-80 +128 bit AES with a 80 bit HMAC-SHA1 +@item GNUTLS_@-SRTP_@-AES128_@-CM_@-HMAC_@-SHA1_@-32 +128 bit AES with a 32 bit HMAC-SHA1 +@item GNUTLS_@-SRTP_@-NULL_@-HMAC_@-SHA1_@-80 +NULL cipher with a 80 bit HMAC-SHA1 +@item GNUTLS_@-SRTP_@-NULL_@-HMAC_@-SHA1_@-32 +NULL cipher with a 32 bit HMAC-SHA1 +@end table + +@c gnutls_alpn_flags_t +@table @code +@item GNUTLS_@-ALPN_@-MANDATORY +Require ALPN negotiation. The connection will be +aborted if no matching ALPN protocol is found. +@item GNUTLS_@-ALPN_@-SERVER_@-PRECEDENCE +The choices set by the server +will take precedence over the client's. +@end table + +@c gnutls_vdata_types_t +@table @code +@item GNUTLS_@-DT_@-UNKNOWN +Unknown data type. +@item GNUTLS_@-DT_@-DNS_@-HOSTNAME +The data contain a null-terminated DNS hostname; the hostname will be +matched using the RFC6125 rules. If the data contain a textual IP (v4 or v6) address it will +be marched against the IPAddress Alternative name, unless the verification flag @code{GNUTLS_VERIFY_DO_NOT_ALLOW_IP_MATCHES} +is specified. +@item GNUTLS_@-DT_@-KEY_@-PURPOSE_@-OID +The data contain a null-terminated key purpose OID. It will be matched +against the certificate's Extended Key Usage extension. +@item GNUTLS_@-DT_@-RFC822NAME +The data contain a null-terminated email address; the email will be +matched against the RFC822Name Alternative name of the certificate, or the EMAIL DN component if the +former isn't available. Prior to matching the email address will be converted to ACE +(ASCII-compatible-encoding). +@item GNUTLS_@-DT_@-IP_@-ADDRESS +The data contain a raw IP address (4 or 16 bytes). If will be matched +against the IPAddress Alternative name; option available since 3.6.0. +@end table + +@c gnutls_certificate_flags +@table @code +@item GNUTLS_@-CERTIFICATE_@-SKIP_@-KEY_@-CERT_@-MATCH +Skip the key and certificate matching check. +@item GNUTLS_@-CERTIFICATE_@-API_@-V2 +If set the gnutls_certificate_set_*key* functions will return an index of the added key pair instead of zero. +@item GNUTLS_@-CERTIFICATE_@-SKIP_@-OCSP_@-RESPONSE_@-CHECK +If set, the gnutls_certificate_set_ocsp_status_request_file +function, will not check whether the response set matches any of the certificates. +@item GNUTLS_@-CERTIFICATE_@-VERIFY_@-CRLS +This will enable CRL verification when added in the certificate structure. +When used, it requires CAs to be added before CRLs. +@end table + +@c gnutls_psk_key_flags +@table @code +@item GNUTLS_@-PSK_@-KEY_@-RAW +PSK-key in raw format. +@item GNUTLS_@-PSK_@-KEY_@-HEX +PSK-key in hex format. +@end table + +@c gnutls_x509_subject_alt_name_t +@table @code +@item GNUTLS_@-SAN_@-DNSNAME +DNS-name SAN. +@item GNUTLS_@-SAN_@-RFC822NAME +E-mail address SAN. +@item GNUTLS_@-SAN_@-URI +URI SAN. +@item GNUTLS_@-SAN_@-IPADDRESS +IP address SAN. +@item GNUTLS_@-SAN_@-OTHERNAME +OtherName SAN. +@item GNUTLS_@-SAN_@-DN +DN SAN. +@item GNUTLS_@-SAN_@-MAX +-- undescribed -- +@item GNUTLS_@-SAN_@-OTHERNAME_@-XMPP +Virtual SAN, used by certain functions for convenience. +@item GNUTLS_@-SAN_@-OTHERNAME_@-KRB5PRINCIPAL +Virtual SAN, used by certain functions for convenience. +@end table + +@c gnutls_privkey_type_t +@table @code +@item GNUTLS_@-PRIVKEY_@-X509 +X.509 private key, @code{gnutls_x509_privkey_t} . +@item GNUTLS_@-PRIVKEY_@-OPENPGP +OpenPGP private key, @code{gnutls_openpgp_privkey_t} . +@item GNUTLS_@-PRIVKEY_@-PKCS11 +PKCS11 private key, @code{gnutls_pkcs11_privkey_t} . +@item GNUTLS_@-PRIVKEY_@-EXT +External private key, operating using callbacks. +@end table + +@c gnutls_pin_flag_t +@table @code +@item GNUTLS_@-PIN_@-USER +The PIN for the user. +@item GNUTLS_@-PIN_@-SO +The PIN for the security officer (admin). +@item GNUTLS_@-PIN_@-FINAL_@-TRY +This is the final try before blocking. +@item GNUTLS_@-PIN_@-COUNT_@-LOW +Few tries remain before token blocks. +@item GNUTLS_@-PIN_@-CONTEXT_@-SPECIFIC +The PIN is for a specific action and key like signing. +@item GNUTLS_@-PIN_@-WRONG +Last given PIN was not correct. +@end table + +@c gnutls_ext_parse_type_t +@table @code +@item GNUTLS_@-EXT_@-ANY +Any extension type (should not be used as it is used only internally). +@item GNUTLS_@-EXT_@-APPLICATION +Parsed after @code{GNUTLS_EXT_MANDATORY} +@item GNUTLS_@-EXT_@-TLS +TLS-internal extensions, parsed after @code{GNUTLS_EXT_APPLICATION} . +@item GNUTLS_@-EXT_@-MANDATORY +Parsed after @code{GNUTLS_EXT_VERSION_NEG} and even when resuming. +@item GNUTLS_@-EXT_@-NONE +Never to be parsed +@item GNUTLS_@-EXT_@-VERSION_@-NEG +Extensions to be parsed first for TLS version negotiation. +@end table + +@c gnutls_ext_flags_t +@table @code +@item GNUTLS_@-EXT_@-FLAG_@-OVERRIDE_@-INTERNAL +If specified the extension registered will override the internal; this does not work with extensions existing prior to 3.6.0. +@item GNUTLS_@-EXT_@-FLAG_@-CLIENT_@-HELLO +This extension can be present in a client hello +@item GNUTLS_@-EXT_@-FLAG_@-TLS12_@-SERVER_@-HELLO +This extension can be present in a TLS1.2 or earlier server hello +@item GNUTLS_@-EXT_@-FLAG_@-TLS13_@-SERVER_@-HELLO +This extension can be present in a TLS1.3 server hello +@item GNUTLS_@-EXT_@-FLAG_@-EE +This extension can be present in encrypted extensions message +@item GNUTLS_@-EXT_@-FLAG_@-HRR +This extension can be present in hello retry request message +@item GNUTLS_@-EXT_@-FLAG_@-IGNORE_@-CLIENT_@-REQUEST +When flag is present, this extension will be send even if the client didn't advertise it. An extension of this type is the Cookie TLS1.3 extension. +@item GNUTLS_@-EXT_@-FLAG_@-TLS +This extension can be present under TLS; otherwise ignored. +@item GNUTLS_@-EXT_@-FLAG_@-DTLS +This extension can be present under DTLS; otherwise ignored. +@end table + +@c gnutls_fips_mode_t +@table @code +@item GNUTLS_@-FIPS140_@-DISABLED +The FIPS140-2 mode is disabled. +@item GNUTLS_@-FIPS140_@-STRICT +The default mode; all forbidden operations will cause an +operation failure via error code. +@item GNUTLS_@-FIPS140_@-SELFTESTS +A transient state during library initialization. That state +cannot be set or seen by applications. +@item GNUTLS_@-FIPS140_@-LAX +The library still uses the FIPS140-2 relevant algorithms but all +forbidden by FIPS140-2 operations are allowed; this is useful when the +application is aware of the followed security policy, and needs +to utilize disallowed operations for other reasons (e.g., compatibility). +@item GNUTLS_@-FIPS140_@-LOG +Similarly to @code{GNUTLS_FIPS140_LAX} , it allows forbidden operations; any use of them results +to a message to the audit callback functions. +@end table + +@c gnutls_certificate_import_flags +@table @code +@item GNUTLS_@-X509_@-CRT_@-LIST_@-IMPORT_@-FAIL_@-IF_@-EXCEED +Fail if the +certificates in the buffer are more than the space allocated for +certificates. The error code will be @code{GNUTLS_E_SHORT_MEMORY_BUFFER} . +@item GNUTLS_@-X509_@-CRT_@-LIST_@-FAIL_@-IF_@-UNSORTED +Fail if the certificates +in the buffer are not ordered starting from subject to issuer. +The error code will be @code{GNUTLS_E_CERTIFICATE_LIST_UNSORTED} . +@item GNUTLS_@-X509_@-CRT_@-LIST_@-SORT +Sort the certificate chain if unsorted. +@end table + +@c gnutls_x509_crt_flags +@table @code +@item GNUTLS_@-X509_@-CRT_@-FLAG_@-IGNORE_@-SANITY +Ignore any sanity checks at the +import of the certificate; i.e., ignore checks such as version/field +matching and strict time field checks. Intended to be used for debugging. +@end table + +@c gnutls_keyid_flags_t +@table @code +@item GNUTLS_@-KEYID_@-USE_@-SHA1 +Use SHA1 as the key ID algorithm (default). +@item GNUTLS_@-KEYID_@-USE_@-SHA256 +Use SHA256 as the key ID algorithm. +@item GNUTLS_@-KEYID_@-USE_@-SHA512 +Use SHA512 as the key ID algorithm. +@item GNUTLS_@-KEYID_@-USE_@-BEST_@-KNOWN +Use the best known algorithm to calculate key ID. Using that option will make your program behavior depend on the version of gnutls linked with. That option has a cap of 64-bytes key IDs. +@end table + +@c gnutls_certificate_verify_flags +@table @code +@item GNUTLS_@-VERIFY_@-DISABLE_@-CA_@-SIGN +If set a signer does not have to be +a certificate authority. This flag should normally be disabled, +unless you know what this means. +@item GNUTLS_@-VERIFY_@-DO_@-NOT_@-ALLOW_@-IP_@-MATCHES +When verifying a hostname +prevent textual IP addresses from matching IP addresses in the +certificate. Treat the input only as a DNS name. +@item GNUTLS_@-VERIFY_@-DO_@-NOT_@-ALLOW_@-SAME +If a certificate is not signed by +anyone trusted but exists in the trusted CA list do not treat it +as trusted. +@item GNUTLS_@-VERIFY_@-ALLOW_@-ANY_@-X509_@-V1_@-CA_@-CRT +Allow CA certificates that +have version 1 (both root and intermediate). This might be +dangerous since those haven't the basicConstraints +extension. +@item GNUTLS_@-VERIFY_@-ALLOW_@-SIGN_@-RSA_@-MD2 +Allow certificates to be signed +using the broken MD2 algorithm. +@item GNUTLS_@-VERIFY_@-ALLOW_@-SIGN_@-RSA_@-MD5 +Allow certificates to be signed +using the broken MD5 algorithm. +@item GNUTLS_@-VERIFY_@-DISABLE_@-TIME_@-CHECKS +Disable checking of activation +and expiration validity periods of certificate chains. Don't set +this unless you understand the security implications. +@item GNUTLS_@-VERIFY_@-DISABLE_@-TRUSTED_@-TIME_@-CHECKS +If set a signer in the trusted +list is never checked for expiration or activation. +@item GNUTLS_@-VERIFY_@-DO_@-NOT_@-ALLOW_@-X509_@-V1_@-CA_@-CRT +Do not allow trusted CA +certificates that have version 1. This option is to be used +to deprecate all certificates of version 1. +@item GNUTLS_@-VERIFY_@-DISABLE_@-CRL_@-CHECKS +Disable checking for validity +using certificate revocation lists or the available OCSP data. +@item GNUTLS_@-VERIFY_@-ALLOW_@-UNSORTED_@-CHAIN +A certificate chain is tolerated +if unsorted (the case with many TLS servers out there). This is the +default since GnuTLS 3.1.4. +@item GNUTLS_@-VERIFY_@-DO_@-NOT_@-ALLOW_@-UNSORTED_@-CHAIN +Do not tolerate an unsorted +certificate chain. +@item GNUTLS_@-VERIFY_@-DO_@-NOT_@-ALLOW_@-WILDCARDS +When including a hostname +check in the verification, do not consider any wildcards. +@item GNUTLS_@-VERIFY_@-USE_@-TLS1_@-RSA +This indicates that a (raw) RSA signature is provided +as in the TLS 1.0 protocol. Not all functions accept this flag. +@item GNUTLS_@-VERIFY_@-IGNORE_@-UNKNOWN_@-CRIT_@-EXTENSIONS +This signals the verification +process, not to fail on unknown critical extensions. +@item GNUTLS_@-VERIFY_@-ALLOW_@-SIGN_@-WITH_@-SHA1 +Allow certificates to be signed +using the broken SHA1 hash algorithm. +@end table + +@c gnutls_certificate_verification_profiles_t +@table @code +@item GNUTLS_@-PROFILE_@-UNKNOWN +An invalid/unknown profile. +@item GNUTLS_@-PROFILE_@-VERY_@-WEAK +A verification profile that +corresponds to @code{GNUTLS_SEC_PARAM_VERY_WEAK} (64 bits) +@item GNUTLS_@-PROFILE_@-LOW +A verification profile that +corresponds to @code{GNUTLS_SEC_PARAM_LOW} (80 bits) +@item GNUTLS_@-PROFILE_@-LEGACY +A verification profile that +corresponds to @code{GNUTLS_SEC_PARAM_LEGACY} (96 bits) +@item GNUTLS_@-PROFILE_@-MEDIUM +A verification profile that +corresponds to @code{GNUTLS_SEC_PARAM_MEDIUM} (112 bits) +@item GNUTLS_@-PROFILE_@-HIGH +A verification profile that +corresponds to @code{GNUTLS_SEC_PARAM_HIGH} (128 bits) +@item GNUTLS_@-PROFILE_@-ULTRA +A verification profile that +corresponds to @code{GNUTLS_SEC_PARAM_ULTRA} (192 bits) +@item GNUTLS_@-PROFILE_@-FUTURE +A verification profile that +corresponds to @code{GNUTLS_SEC_PARAM_FUTURE} (256 bits) +@item GNUTLS_@-PROFILE_@-SUITEB128 +A verification profile that +applies the SUITEB128 rules +@item GNUTLS_@-PROFILE_@-SUITEB192 +A verification profile that +applies the SUITEB192 rules +@end table + +@c gnutls_pkcs_encrypt_flags_t +@table @code +@item GNUTLS_@-PKCS_@-PLAIN +Unencrypted private key. +@item GNUTLS_@-PKCS_@-PKCS12_@-3DES +PKCS-12 3DES. +@item GNUTLS_@-PKCS_@-PKCS12_@-ARCFOUR +PKCS-12 ARCFOUR. +@item GNUTLS_@-PKCS_@-PKCS12_@-RC2_@-40 +PKCS-12 RC2-40. +@item GNUTLS_@-PKCS_@-PBES2_@-3DES +PBES2 3DES. +@item GNUTLS_@-PKCS_@-PBES2_@-AES_@-128 +PBES2 AES-128. +@item GNUTLS_@-PKCS_@-PBES2_@-AES_@-192 +PBES2 AES-192. +@item GNUTLS_@-PKCS_@-PBES2_@-AES_@-256 +PBES2 AES-256. +@item GNUTLS_@-PKCS_@-NULL_@-PASSWORD +Some schemas distinguish between an empty and a NULL password. +@item GNUTLS_@-PKCS_@-PBES2_@-DES +PBES2 single DES. +@item GNUTLS_@-PKCS_@-PBES1_@-DES_@-MD5 +PBES1 with single DES; for compatibility with openssl only. +@item GNUTLS_@-PKCS_@-PBES2_@-GOST_@-TC26Z +PBES2 GOST 28147-89 CFB with TC26-Z S-box. +@item GNUTLS_@-PKCS_@-PBES2_@-GOST_@-CPA +PBES2 GOST 28147-89 CFB with CryptoPro-A S-box. +@item GNUTLS_@-PKCS_@-PBES2_@-GOST_@-CPB +PBES2 GOST 28147-89 CFB with CryptoPro-B S-box. +@item GNUTLS_@-PKCS_@-PBES2_@-GOST_@-CPC +PBES2 GOST 28147-89 CFB with CryptoPro-C S-box. +@item GNUTLS_@-PKCS_@-PBES2_@-GOST_@-CPD +PBES2 GOST 28147-89 CFB with CryptoPro-D S-box. +@end table + +@c gnutls_keygen_types_t +@table @code +@item GNUTLS_@-KEYGEN_@-SEED +Specifies the seed to be used in key generation. +@item GNUTLS_@-KEYGEN_@-DIGEST +The size field specifies the hash algorithm to be used in key generation. +@item GNUTLS_@-KEYGEN_@-SPKI +data points to a @code{gnutls_x509_spki_t} structure; it is not used after the key generation call. +@end table + +@c gnutls_pkcs12_bag_type_t +@table @code +@item GNUTLS_@-BAG_@-EMPTY +Empty PKCS-12 bag. +@item GNUTLS_@-BAG_@-PKCS8_@-ENCRYPTED_@-KEY +PKCS-12 bag with PKCS-8 encrypted key. +@item GNUTLS_@-BAG_@-PKCS8_@-KEY +PKCS-12 bag with PKCS-8 key. +@item GNUTLS_@-BAG_@-CERTIFICATE +PKCS-12 bag with certificate. +@item GNUTLS_@-BAG_@-CRL +PKCS-12 bag with CRL. +@item GNUTLS_@-BAG_@-SECRET +PKCS-12 bag with secret PKCS-9 keys. +@item GNUTLS_@-BAG_@-ENCRYPTED +Encrypted PKCS-12 bag. +@item GNUTLS_@-BAG_@-UNKNOWN +Unknown PKCS-12 bag. +@end table + +@c gnutls_pkcs11_obj_flags +@table @code +@item GNUTLS_@-PKCS11_@-OBJ_@-FLAG_@-LOGIN +Force login in the token for the operation (seek+store). +@item GNUTLS_@-PKCS11_@-OBJ_@-FLAG_@-MARK_@-TRUSTED +object marked as trusted (seek+store). +@item GNUTLS_@-PKCS11_@-OBJ_@-FLAG_@-MARK_@-SENSITIVE +object is explicitly marked as sensitive -unexportable (store). +@item GNUTLS_@-PKCS11_@-OBJ_@-FLAG_@-LOGIN_@-SO +force login as a security officer in the token for the operation (seek+store). +@item GNUTLS_@-PKCS11_@-OBJ_@-FLAG_@-MARK_@-PRIVATE +marked as private -requires PIN to access (store). +@item GNUTLS_@-PKCS11_@-OBJ_@-FLAG_@-MARK_@-NOT_@-PRIVATE +marked as not private (store). +@item GNUTLS_@-PKCS11_@-OBJ_@-FLAG_@-RETRIEVE_@-ANY +When retrieving an object, do not set any requirements (store). +@item GNUTLS_@-PKCS11_@-OBJ_@-FLAG_@-RETRIEVE_@-TRUSTED +When retrieving an object, only retrieve the marked as trusted (alias to @code{GNUTLS_PKCS11_OBJ_FLAG_MARK_TRUSTED} ). +In @code{gnutls_pkcs11_crt_is_known()} it implies @code{GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_COMPARE} if @code{GNUTLS_PKCS11_OBJ_FLAG_COMPARE_KEY} is not given. +@item GNUTLS_@-PKCS11_@-OBJ_@-FLAG_@-MARK_@-DISTRUSTED +When writing an object, mark it as distrusted (store). +@item GNUTLS_@-PKCS11_@-OBJ_@-FLAG_@-RETRIEVE_@-DISTRUSTED +When retrieving an object, only retrieve the marked as distrusted (seek). +@item GNUTLS_@-PKCS11_@-OBJ_@-FLAG_@-COMPARE +When checking an object's presence, fully compare it before returning any result (seek). +@item GNUTLS_@-PKCS11_@-OBJ_@-FLAG_@-PRESENT_@-IN_@-TRUSTED_@-MODULE +The object must be present in a marked as trusted module (seek). +@item GNUTLS_@-PKCS11_@-OBJ_@-FLAG_@-MARK_@-CA +Mark the object as a CA (seek+store). +@item GNUTLS_@-PKCS11_@-OBJ_@-FLAG_@-MARK_@-KEY_@-WRAP +Mark the generated key pair as wrapping and unwrapping keys (store). +@item GNUTLS_@-PKCS11_@-OBJ_@-FLAG_@-COMPARE_@-KEY +When checking an object's presence, compare the key before returning any result (seek). +@item GNUTLS_@-PKCS11_@-OBJ_@-FLAG_@-OVERWRITE_@-TRUSTMOD_@-EXT +When an issuer is requested, override its extensions with the ones present in the trust module (seek). +@item GNUTLS_@-PKCS11_@-OBJ_@-FLAG_@-MARK_@-ALWAYS_@-AUTH +Mark the key pair as requiring authentication (pin entry) before every operation (seek+store). +@item GNUTLS_@-PKCS11_@-OBJ_@-FLAG_@-MARK_@-EXTRACTABLE +Mark the key pair as being extractable (store). +@item GNUTLS_@-PKCS11_@-OBJ_@-FLAG_@-NEVER_@-EXTRACTABLE +If set, the object was never marked as extractable (store). +@item GNUTLS_@-PKCS11_@-OBJ_@-FLAG_@-CRT +When searching, restrict to certificates only (seek). +@item GNUTLS_@-PKCS11_@-OBJ_@-FLAG_@-WITH_@-PRIVKEY +-- undescribed -- +@item GNUTLS_@-PKCS11_@-OBJ_@-FLAG_@-PUBKEY +When searching, restrict to public key objects only (seek). +@item GNUTLS_@-PKCS11_@-OBJ_@-FLAG_@-NO_@-STORE_@-PUBKEY +When generating a keypair don't store the public key (store). +@item GNUTLS_@-PKCS11_@-OBJ_@-FLAG_@-PRIVKEY +When searching, restrict to private key objects only (seek). +@item GNUTLS_@-PKCS11_@-OBJ_@-FLAG_@-MARK_@-NOT_@-SENSITIVE +object marked as not sensitive -exportable (store). +@end table + +@c gnutls_pkcs11_url_type_t +@table @code +@item GNUTLS_@-PKCS11_@-URL_@-GENERIC +A generic-purpose URL. +@item GNUTLS_@-PKCS11_@-URL_@-LIB +A URL that specifies the library used as well. +@item GNUTLS_@-PKCS11_@-URL_@-LIB_@-VERSION +A URL that specifies the library and its version. +@end table + +@c gnutls_pkcs11_obj_info_t +@table @code +@item GNUTLS_@-PKCS11_@-OBJ_@-ID_@-HEX +The object ID in hex. Null-terminated text. +@item GNUTLS_@-PKCS11_@-OBJ_@-LABEL +The object label. Null-terminated text. +@item GNUTLS_@-PKCS11_@-OBJ_@-TOKEN_@-LABEL +The token's label. Null-terminated text. +@item GNUTLS_@-PKCS11_@-OBJ_@-TOKEN_@-SERIAL +The token's serial number. Null-terminated text. +@item GNUTLS_@-PKCS11_@-OBJ_@-TOKEN_@-MANUFACTURER +The token's manufacturer. Null-terminated text. +@item GNUTLS_@-PKCS11_@-OBJ_@-TOKEN_@-MODEL +The token's model. Null-terminated text. +@item GNUTLS_@-PKCS11_@-OBJ_@-ID +The object ID. Raw bytes. +@item GNUTLS_@-PKCS11_@-OBJ_@-LIBRARY_@-VERSION +The library's version. Null-terminated text. +@item GNUTLS_@-PKCS11_@-OBJ_@-LIBRARY_@-DESCRIPTION +The library's description. Null-terminated text. +@item GNUTLS_@-PKCS11_@-OBJ_@-LIBRARY_@-MANUFACTURER +The library's manufacturer name. Null-terminated text. +@end table + +@c gnutls_pkcs11_token_info_t +@table @code +@item GNUTLS_@-PKCS11_@-TOKEN_@-LABEL +The token's label (string) +@item GNUTLS_@-PKCS11_@-TOKEN_@-SERIAL +The token's serial number (string) +@item GNUTLS_@-PKCS11_@-TOKEN_@-MANUFACTURER +The token's manufacturer (string) +@item GNUTLS_@-PKCS11_@-TOKEN_@-MODEL +The token's model (string) +@item GNUTLS_@-PKCS11_@-TOKEN_@-MODNAME +The token's module name (string - since 3.4.3). This value is +unavailable for providers which were manually loaded. +@end table + +@c gnutls_pkcs11_obj_type_t +@table @code +@item GNUTLS_@-PKCS11_@-OBJ_@-UNKNOWN +Unknown PKCS11 object. +@item GNUTLS_@-PKCS11_@-OBJ_@-X509_@-CRT +X.509 certificate. +@item GNUTLS_@-PKCS11_@-OBJ_@-PUBKEY +Public key. +@item GNUTLS_@-PKCS11_@-OBJ_@-PRIVKEY +Private key. +@item GNUTLS_@-PKCS11_@-OBJ_@-SECRET_@-KEY +Secret key. +@item GNUTLS_@-PKCS11_@-OBJ_@-DATA +Data object. +@item GNUTLS_@-PKCS11_@-OBJ_@-X509_@-CRT_@-EXTENSION +X.509 certificate extension (supported by p11-kit trust module only). +@end table + +@c gnutls_pubkey_flags_t +@table @code +@item GNUTLS_@-PUBKEY_@-DISABLE_@-CALLBACKS +The following flag disables call to PIN callbacks. Only +relevant to TPM keys. +@item GNUTLS_@-PUBKEY_@-GET_@-OPENPGP_@-FINGERPRINT +request an OPENPGP fingerprint instead of the default. +@end table + +@c gnutls_abstract_export_flags_t +@table @code +@item GNUTLS_@-EXPORT_@-FLAG_@-NO_@-LZ +do not prepend a leading zero to exported values +@end table + +@c gnutls_privkey_flags_t +@table @code +@item GNUTLS_@-PRIVKEY_@-IMPORT_@-AUTO_@-RELEASE +When importing a private key, automatically +release it when the structure it was imported is released. +@item GNUTLS_@-PRIVKEY_@-IMPORT_@-COPY +Copy required values during import. +@item GNUTLS_@-PRIVKEY_@-DISABLE_@-CALLBACKS +The following flag disables call to PIN callbacks etc. +Only relevant to TPM keys. +@item GNUTLS_@-PRIVKEY_@-SIGN_@-FLAG_@-TLS1_@-RSA +Make an RSA signature on the hashed data as in the TLS protocol. +@item GNUTLS_@-PRIVKEY_@-FLAG_@-PROVABLE +When generating a key involving prime numbers, use provable primes; a seed may be required. +@item GNUTLS_@-PRIVKEY_@-FLAG_@-EXPORT_@-COMPAT +Keys generated or imported as provable require an extended format which cannot be read by previous versions +of gnutls or other applications. By setting this flag the key will be exported in a backwards compatible way, +even if the information about the seed used will be lost. +@item GNUTLS_@-PRIVKEY_@-SIGN_@-FLAG_@-RSA_@-PSS +Make an RSA signature on the hashed data with the PSS padding. +@item GNUTLS_@-PRIVKEY_@-FLAG_@-REPRODUCIBLE +Make an RSA-PSS signature on the hashed data with reproducible parameters (zero salt). +@item GNUTLS_@-PRIVKEY_@-FLAG_@-CA +The generated private key is going to be used as a CA (relevant for RSA-PSS keys). +@end table + +@c gnutls_rnd_level_t +@table @code +@item GNUTLS_@-RND_@-NONCE +Non-predictable random number. Fatal in parts +of session if broken, i.e., vulnerable to statistical analysis. +@item GNUTLS_@-RND_@-RANDOM +Pseudo-random cryptographic random number. +Fatal in session if broken. Example use: temporal keys. +@item GNUTLS_@-RND_@-KEY +Fatal in many sessions if broken. Example use: +Long-term keys. +@end table + +@c gnutls_ocsp_print_formats_t +@table @code +@item GNUTLS_@-OCSP_@-PRINT_@-FULL +Full information about OCSP request/response. +@item GNUTLS_@-OCSP_@-PRINT_@-COMPACT +More compact information about OCSP request/response. +@end table + +@c gnutls_ocsp_resp_status_t +@table @code +@item GNUTLS_@-OCSP_@-RESP_@-SUCCESSFUL +Response has valid confirmations. +@item GNUTLS_@-OCSP_@-RESP_@-MALFORMEDREQUEST +Illegal confirmation request +@item GNUTLS_@-OCSP_@-RESP_@-INTERNALERROR +Internal error in issuer +@item GNUTLS_@-OCSP_@-RESP_@-TRYLATER +Try again later +@item GNUTLS_@-OCSP_@-RESP_@-SIGREQUIRED +Must sign the request +@item GNUTLS_@-OCSP_@-RESP_@-UNAUTHORIZED +Request unauthorized +@end table + +@c gnutls_ocsp_cert_status_t +@table @code +@item GNUTLS_@-OCSP_@-CERT_@-GOOD +Positive response to status inquiry. +@item GNUTLS_@-OCSP_@-CERT_@-REVOKED +Certificate has been revoked. +@item GNUTLS_@-OCSP_@-CERT_@-UNKNOWN +The responder doesn't know about the +certificate. +@end table + +@c gnutls_x509_crl_reason_t +@table @code +@item GNUTLS_@-X509_@-CRLREASON_@-UNSPECIFIED +Unspecified reason. +@item GNUTLS_@-X509_@-CRLREASON_@-KEYCOMPROMISE +Private key compromised. +@item GNUTLS_@-X509_@-CRLREASON_@-CACOMPROMISE +CA compromised. +@item GNUTLS_@-X509_@-CRLREASON_@-AFFILIATIONCHANGED +Affiliation has changed. +@item GNUTLS_@-X509_@-CRLREASON_@-SUPERSEDED +Certificate superseded. +@item GNUTLS_@-X509_@-CRLREASON_@-CESSATIONOFOPERATION +Operation has ceased. +@item GNUTLS_@-X509_@-CRLREASON_@-CERTIFICATEHOLD +Certificate is on hold. +@item GNUTLS_@-X509_@-CRLREASON_@-REMOVEFROMCRL +Will be removed from delta CRL. +@item GNUTLS_@-X509_@-CRLREASON_@-PRIVILEGEWITHDRAWN +Privilege withdrawn. +@item GNUTLS_@-X509_@-CRLREASON_@-AACOMPROMISE +AA compromised. +@end table + +@c gnutls_ocsp_verify_reason_t +@table @code +@item GNUTLS_@-OCSP_@-VERIFY_@-SIGNER_@-NOT_@-FOUND +Signer cert not found. +@item GNUTLS_@-OCSP_@-VERIFY_@-SIGNER_@-KEYUSAGE_@-ERROR +Signer keyusage bits incorrect. +@item GNUTLS_@-OCSP_@-VERIFY_@-UNTRUSTED_@-SIGNER +Signer is not trusted. +@item GNUTLS_@-OCSP_@-VERIFY_@-INSECURE_@-ALGORITHM +Signature using insecure algorithm. +@item GNUTLS_@-OCSP_@-VERIFY_@-SIGNATURE_@-FAILURE +Signature mismatch. +@item GNUTLS_@-OCSP_@-VERIFY_@-CERT_@-NOT_@-ACTIVATED +Signer cert is not yet activated. +@item GNUTLS_@-OCSP_@-VERIFY_@-CERT_@-EXPIRED +Signer cert has expired. +@end table + +@c gnutls_tpmkey_fmt_t +@table @code +@item GNUTLS_@-TPMKEY_@-FMT_@-RAW +The portable data format. +@item GNUTLS_@-TPMKEY_@-FMT_@-DER +An alias for the raw format. +@item GNUTLS_@-TPMKEY_@-FMT_@-CTK_@-PEM +A custom data format used by some TPM tools. +@end table + +@c dane_cert_usage_t +@table @code +@item DANE_@-CERT_@-USAGE_@-CA +CA constraint. The certificate/key +presented must have signed the verified key. +@item DANE_@-CERT_@-USAGE_@-EE +The key or the certificate of the end +entity. +@item DANE_@-CERT_@-USAGE_@-LOCAL_@-CA +The remote CA is local and possibly +untrusted by the verifier. +@item DANE_@-CERT_@-USAGE_@-LOCAL_@-EE +The remote end-entity key is local +and possibly untrusted by the verifier (not signed by a CA). +@end table + +@c dane_cert_type_t +@table @code +@item DANE_@-CERT_@-X509 +An X.509 certificate. +@item DANE_@-CERT_@-PK +A public key. +@end table + +@c dane_match_type_t +@table @code +@item DANE_@-MATCH_@-EXACT +The full content. +@item DANE_@-MATCH_@-SHA2_@-256 +A SHA-256 hash of the content. +@item DANE_@-MATCH_@-SHA2_@-512 +A SHA-512 hash of the content. +@end table + +@c dane_query_status_t +@table @code +@item DANE_@-QUERY_@-UNKNOWN +There was no query. +@item DANE_@-QUERY_@-DNSSEC_@-VERIFIED +The query was verified using DNSSEC. +@item DANE_@-QUERY_@-BOGUS +The query has wrong DNSSEC signature. +@item DANE_@-QUERY_@-NO_@-DNSSEC +The query has no DNSSEC data. +@end table + +@c dane_state_flags_t +@table @code +@item DANE_@-F_@-IGNORE_@-LOCAL_@-RESOLVER +Many systems are not DNSSEC-ready. In that case the local resolver is ignored, and a direct recursive resolve occurs. +@item DANE_@-F_@-INSECURE +Ignore any DNSSEC signature verification errors. +@item DANE_@-F_@-IGNORE_@-DNSSEC +Do not try to initialize DNSSEC as we will not use it (will then not try to load the DNSSEC root certificate). Useful if the TLSA data does not come from DNS. +@end table + +@c dane_verify_flags_t +@table @code +@item DANE_@-VFLAG_@-FAIL_@-IF_@-NOT_@-CHECKED +If irrelevant to this certificate DANE entries are received fail instead of succeeding. +@item DANE_@-VFLAG_@-ONLY_@-CHECK_@-EE_@-USAGE +The provided certificates will be verified only against any EE field. Combine with @code{DANE_VFLAG_FAIL_IF_NOT_CHECKED} to fail if EE entries are not present. +@item DANE_@-VFLAG_@-ONLY_@-CHECK_@-CA_@-USAGE +The provided certificates will be verified only against any CA field. Combine with @code{DANE_VFLAG_FAIL_IF_NOT_CHECKED} to fail if CA entries are not present. +@end table + +@c dane_verify_status_t +@table @code +@item DANE_@-VERIFY_@-CA_@-CONSTRAINTS_@-VIOLATED +The CA constraints were violated. +@item DANE_@-VERIFY_@-CERT_@-DIFFERS +The certificate obtained via DNS differs. +@item DANE_@-VERIFY_@-UNKNOWN_@-DANE_@-INFO +No known DANE data was found in the DNS record. +@end table + +@c gnutls_pkcs7_sign_flags +@table @code +@item GNUTLS_@-PKCS7_@-EMBED_@-DATA +The signed data will be embedded in the structure. +@item GNUTLS_@-PKCS7_@-INCLUDE_@-TIME +The signing time will be included in the structure. +@item GNUTLS_@-PKCS7_@-INCLUDE_@-CERT +The signer's certificate will be included in the cert list. +@item GNUTLS_@-PKCS7_@-WRITE_@-SPKI +Use the signer's key identifier instead of name. +@end table diff --git a/doc/enums/dane_cert_type_t b/doc/enums/dane_cert_type_t new file mode 100644 index 0000000..d7f6d9e --- /dev/null +++ b/doc/enums/dane_cert_type_t @@ -0,0 +1,9 @@ + + +@c dane_cert_type_t +@table @code +@item DANE_@-CERT_@-X509 +An X.509 certificate. +@item DANE_@-CERT_@-PK +A public key. +@end table diff --git a/doc/enums/dane_cert_usage_t b/doc/enums/dane_cert_usage_t new file mode 100644 index 0000000..3be9dd4 --- /dev/null +++ b/doc/enums/dane_cert_usage_t @@ -0,0 +1,17 @@ + + +@c dane_cert_usage_t +@table @code +@item DANE_@-CERT_@-USAGE_@-CA +CA constraint. The certificate/key +presented must have signed the verified key. +@item DANE_@-CERT_@-USAGE_@-EE +The key or the certificate of the end +entity. +@item DANE_@-CERT_@-USAGE_@-LOCAL_@-CA +The remote CA is local and possibly +untrusted by the verifier. +@item DANE_@-CERT_@-USAGE_@-LOCAL_@-EE +The remote end-entity key is local +and possibly untrusted by the verifier (not signed by a CA). +@end table diff --git a/doc/enums/dane_match_type_t b/doc/enums/dane_match_type_t new file mode 100644 index 0000000..8a1e7bf --- /dev/null +++ b/doc/enums/dane_match_type_t @@ -0,0 +1,11 @@ + + +@c dane_match_type_t +@table @code +@item DANE_@-MATCH_@-EXACT +The full content. +@item DANE_@-MATCH_@-SHA2_@-256 +A SHA-256 hash of the content. +@item DANE_@-MATCH_@-SHA2_@-512 +A SHA-512 hash of the content. +@end table diff --git a/doc/enums/dane_query_status_t b/doc/enums/dane_query_status_t new file mode 100644 index 0000000..3ec5e4e --- /dev/null +++ b/doc/enums/dane_query_status_t @@ -0,0 +1,13 @@ + + +@c dane_query_status_t +@table @code +@item DANE_@-QUERY_@-UNKNOWN +There was no query. +@item DANE_@-QUERY_@-DNSSEC_@-VERIFIED +The query was verified using DNSSEC. +@item DANE_@-QUERY_@-BOGUS +The query has wrong DNSSEC signature. +@item DANE_@-QUERY_@-NO_@-DNSSEC +The query has no DNSSEC data. +@end table diff --git a/doc/enums/dane_state_flags_t b/doc/enums/dane_state_flags_t new file mode 100644 index 0000000..221f3a9 --- /dev/null +++ b/doc/enums/dane_state_flags_t @@ -0,0 +1,11 @@ + + +@c dane_state_flags_t +@table @code +@item DANE_@-F_@-IGNORE_@-LOCAL_@-RESOLVER +Many systems are not DNSSEC-ready. In that case the local resolver is ignored, and a direct recursive resolve occurs. +@item DANE_@-F_@-INSECURE +Ignore any DNSSEC signature verification errors. +@item DANE_@-F_@-IGNORE_@-DNSSEC +Do not try to initialize DNSSEC as we will not use it (will then not try to load the DNSSEC root certificate). Useful if the TLSA data does not come from DNS. +@end table diff --git a/doc/enums/dane_verify_flags_t b/doc/enums/dane_verify_flags_t new file mode 100644 index 0000000..175ea84 --- /dev/null +++ b/doc/enums/dane_verify_flags_t @@ -0,0 +1,11 @@ + + +@c dane_verify_flags_t +@table @code +@item DANE_@-VFLAG_@-FAIL_@-IF_@-NOT_@-CHECKED +If irrelevant to this certificate DANE entries are received fail instead of succeeding. +@item DANE_@-VFLAG_@-ONLY_@-CHECK_@-EE_@-USAGE +The provided certificates will be verified only against any EE field. Combine with @code{DANE_VFLAG_FAIL_IF_NOT_CHECKED} to fail if EE entries are not present. +@item DANE_@-VFLAG_@-ONLY_@-CHECK_@-CA_@-USAGE +The provided certificates will be verified only against any CA field. Combine with @code{DANE_VFLAG_FAIL_IF_NOT_CHECKED} to fail if CA entries are not present. +@end table diff --git a/doc/enums/dane_verify_status_t b/doc/enums/dane_verify_status_t new file mode 100644 index 0000000..46203ba --- /dev/null +++ b/doc/enums/dane_verify_status_t @@ -0,0 +1,11 @@ + + +@c dane_verify_status_t +@table @code +@item DANE_@-VERIFY_@-CA_@-CONSTRAINTS_@-VIOLATED +The CA constraints were violated. +@item DANE_@-VERIFY_@-CERT_@-DIFFERS +The certificate obtained via DNS differs. +@item DANE_@-VERIFY_@-UNKNOWN_@-DANE_@-INFO +No known DANE data was found in the DNS record. +@end table diff --git a/doc/enums/gnutls_abstract_export_flags_t b/doc/enums/gnutls_abstract_export_flags_t new file mode 100644 index 0000000..97c0f27 --- /dev/null +++ b/doc/enums/gnutls_abstract_export_flags_t @@ -0,0 +1,7 @@ + + +@c gnutls_abstract_export_flags_t +@table @code +@item GNUTLS_@-EXPORT_@-FLAG_@-NO_@-LZ +do not prepend a leading zero to exported values +@end table diff --git a/doc/enums/gnutls_alert_description_t b/doc/enums/gnutls_alert_description_t new file mode 100644 index 0000000..8a9d571 --- /dev/null +++ b/doc/enums/gnutls_alert_description_t @@ -0,0 +1,76 @@ + + +@c gnutls_alert_description_t +@table @code +@item GNUTLS_@-A_@-CLOSE_@-NOTIFY +Close notify. +@item GNUTLS_@-A_@-UNEXPECTED_@-MESSAGE +Unexpected message. +@item GNUTLS_@-A_@-BAD_@-RECORD_@-MAC +Bad record MAC. +@item GNUTLS_@-A_@-DECRYPTION_@-FAILED +Decryption failed. +@item GNUTLS_@-A_@-RECORD_@-OVERFLOW +Record overflow. +@item GNUTLS_@-A_@-DECOMPRESSION_@-FAILURE +Decompression failed. +@item GNUTLS_@-A_@-HANDSHAKE_@-FAILURE +Handshake failed. +@item GNUTLS_@-A_@-SSL3_@-NO_@-CERTIFICATE +No certificate. +@item GNUTLS_@-A_@-BAD_@-CERTIFICATE +Certificate is bad. +@item GNUTLS_@-A_@-UNSUPPORTED_@-CERTIFICATE +Certificate is not supported. +@item GNUTLS_@-A_@-CERTIFICATE_@-REVOKED +Certificate was revoked. +@item GNUTLS_@-A_@-CERTIFICATE_@-EXPIRED +Certificate is expired. +@item GNUTLS_@-A_@-CERTIFICATE_@-UNKNOWN +Unknown certificate. +@item GNUTLS_@-A_@-ILLEGAL_@-PARAMETER +Illegal parameter. +@item GNUTLS_@-A_@-UNKNOWN_@-CA +CA is unknown. +@item GNUTLS_@-A_@-ACCESS_@-DENIED +Access was denied. +@item GNUTLS_@-A_@-DECODE_@-ERROR +Decode error. +@item GNUTLS_@-A_@-DECRYPT_@-ERROR +Decrypt error. +@item GNUTLS_@-A_@-EXPORT_@-RESTRICTION +Export restriction. +@item GNUTLS_@-A_@-PROTOCOL_@-VERSION +Error in protocol version. +@item GNUTLS_@-A_@-INSUFFICIENT_@-SECURITY +Insufficient security. +@item GNUTLS_@-A_@-INTERNAL_@-ERROR +Internal error. +@item GNUTLS_@-A_@-INAPPROPRIATE_@-FALLBACK +Inappropriate fallback, +@item GNUTLS_@-A_@-USER_@-CANCELED +User canceled. +@item GNUTLS_@-A_@-NO_@-RENEGOTIATION +No renegotiation is allowed. +@item GNUTLS_@-A_@-MISSING_@-EXTENSION +An extension was expected but was not seen +@item GNUTLS_@-A_@-UNSUPPORTED_@-EXTENSION +An unsupported extension was +sent. +@item GNUTLS_@-A_@-CERTIFICATE_@-UNOBTAINABLE +Could not retrieve the +specified certificate. +@item GNUTLS_@-A_@-UNRECOGNIZED_@-NAME +The server name sent was not +recognized. +@item GNUTLS_@-A_@-UNKNOWN_@-PSK_@-IDENTITY +The SRP/PSK username is missing +or not known. +@item GNUTLS_@-A_@-CERTIFICATE_@-REQUIRED +Certificate is required. +@item GNUTLS_@-A_@-NO_@-APPLICATION_@-PROTOCOL +The ALPN protocol requested is +not supported by the peer. +@item GNUTLS_@-A_@-MAX +-- undescribed -- +@end table diff --git a/doc/enums/gnutls_alert_level_t b/doc/enums/gnutls_alert_level_t new file mode 100644 index 0000000..05558f3 --- /dev/null +++ b/doc/enums/gnutls_alert_level_t @@ -0,0 +1,9 @@ + + +@c gnutls_alert_level_t +@table @code +@item GNUTLS_@-AL_@-WARNING +Alert of warning severity. +@item GNUTLS_@-AL_@-FATAL +Alert of fatal severity. +@end table diff --git a/doc/enums/gnutls_alpn_flags_t b/doc/enums/gnutls_alpn_flags_t new file mode 100644 index 0000000..3539072 --- /dev/null +++ b/doc/enums/gnutls_alpn_flags_t @@ -0,0 +1,11 @@ + + +@c gnutls_alpn_flags_t +@table @code +@item GNUTLS_@-ALPN_@-MANDATORY +Require ALPN negotiation. The connection will be +aborted if no matching ALPN protocol is found. +@item GNUTLS_@-ALPN_@-SERVER_@-PRECEDENCE +The choices set by the server +will take precedence over the client's. +@end table diff --git a/doc/enums/gnutls_certificate_flags b/doc/enums/gnutls_certificate_flags new file mode 100644 index 0000000..108d478 --- /dev/null +++ b/doc/enums/gnutls_certificate_flags @@ -0,0 +1,15 @@ + + +@c gnutls_certificate_flags +@table @code +@item GNUTLS_@-CERTIFICATE_@-SKIP_@-KEY_@-CERT_@-MATCH +Skip the key and certificate matching check. +@item GNUTLS_@-CERTIFICATE_@-API_@-V2 +If set the gnutls_certificate_set_*key* functions will return an index of the added key pair instead of zero. +@item GNUTLS_@-CERTIFICATE_@-SKIP_@-OCSP_@-RESPONSE_@-CHECK +If set, the gnutls_certificate_set_ocsp_status_request_file +function, will not check whether the response set matches any of the certificates. +@item GNUTLS_@-CERTIFICATE_@-VERIFY_@-CRLS +This will enable CRL verification when added in the certificate structure. +When used, it requires CAs to be added before CRLs. +@end table diff --git a/doc/enums/gnutls_certificate_import_flags b/doc/enums/gnutls_certificate_import_flags new file mode 100644 index 0000000..0f2154a --- /dev/null +++ b/doc/enums/gnutls_certificate_import_flags @@ -0,0 +1,15 @@ + + +@c gnutls_certificate_import_flags +@table @code +@item GNUTLS_@-X509_@-CRT_@-LIST_@-IMPORT_@-FAIL_@-IF_@-EXCEED +Fail if the +certificates in the buffer are more than the space allocated for +certificates. The error code will be @code{GNUTLS_E_SHORT_MEMORY_BUFFER} . +@item GNUTLS_@-X509_@-CRT_@-LIST_@-FAIL_@-IF_@-UNSORTED +Fail if the certificates +in the buffer are not ordered starting from subject to issuer. +The error code will be @code{GNUTLS_E_CERTIFICATE_LIST_UNSORTED} . +@item GNUTLS_@-X509_@-CRT_@-LIST_@-SORT +Sort the certificate chain if unsorted. +@end table diff --git a/doc/enums/gnutls_certificate_print_formats_t b/doc/enums/gnutls_certificate_print_formats_t new file mode 100644 index 0000000..d400434 --- /dev/null +++ b/doc/enums/gnutls_certificate_print_formats_t @@ -0,0 +1,15 @@ + + +@c gnutls_certificate_print_formats_t +@table @code +@item GNUTLS_@-CRT_@-PRINT_@-FULL +Full information about certificate. +@item GNUTLS_@-CRT_@-PRINT_@-ONELINE +Information about certificate in one line. +@item GNUTLS_@-CRT_@-PRINT_@-UNSIGNED_@-FULL +All info for an unsigned certificate. +@item GNUTLS_@-CRT_@-PRINT_@-COMPACT +Information about certificate name in one line, plus identification of the public key. +@item GNUTLS_@-CRT_@-PRINT_@-FULL_@-NUMBERS +Full information about certificate and include easy to parse public key parameters. +@end table diff --git a/doc/enums/gnutls_certificate_request_t b/doc/enums/gnutls_certificate_request_t new file mode 100644 index 0000000..95bd33d --- /dev/null +++ b/doc/enums/gnutls_certificate_request_t @@ -0,0 +1,11 @@ + + +@c gnutls_certificate_request_t +@table @code +@item GNUTLS_@-CERT_@-IGNORE +Ignore certificate. +@item GNUTLS_@-CERT_@-REQUEST +Request certificate. +@item GNUTLS_@-CERT_@-REQUIRE +Require certificate. +@end table diff --git a/doc/enums/gnutls_certificate_status_t b/doc/enums/gnutls_certificate_status_t new file mode 100644 index 0000000..5a0e72d --- /dev/null +++ b/doc/enums/gnutls_certificate_status_t @@ -0,0 +1,48 @@ + + +@c gnutls_certificate_status_t +@table @code +@item GNUTLS_@-CERT_@-INVALID +The certificate is not signed by one of the +known authorities or the signature is invalid (deprecated by the flags +@code{GNUTLS_CERT_SIGNATURE_FAILURE} and @code{GNUTLS_CERT_SIGNER_NOT_FOUND} ). +@item GNUTLS_@-CERT_@-REVOKED +Certificate is revoked by its authority. In X.509 this will be +set only if CRLs are checked. +@item GNUTLS_@-CERT_@-SIGNER_@-NOT_@-FOUND +The certificate's issuer is not known. +This is the case if the issuer is not included in the trusted certificate list. +@item GNUTLS_@-CERT_@-SIGNER_@-NOT_@-CA +The certificate's signer was not a CA. This +may happen if this was a version 1 certificate, which is common with +some CAs, or a version 3 certificate without the basic constrains extension. +@item GNUTLS_@-CERT_@-INSECURE_@-ALGORITHM +The certificate was signed using an insecure +algorithm such as MD2 or MD5. These algorithms have been broken and +should not be trusted. +@item GNUTLS_@-CERT_@-NOT_@-ACTIVATED +The certificate is not yet activated. +@item GNUTLS_@-CERT_@-EXPIRED +The certificate has expired. +@item GNUTLS_@-CERT_@-SIGNATURE_@-FAILURE +The signature verification failed. +@item GNUTLS_@-CERT_@-REVOCATION_@-DATA_@-SUPERSEDED +The revocation data are old and have been superseded. +@item GNUTLS_@-CERT_@-UNEXPECTED_@-OWNER +The owner is not the expected one. +@item GNUTLS_@-CERT_@-REVOCATION_@-DATA_@-ISSUED_@-IN_@-FUTURE +The revocation data have a future issue date. +@item GNUTLS_@-CERT_@-SIGNER_@-CONSTRAINTS_@-FAILURE +The certificate's signer constraints were +violated. +@item GNUTLS_@-CERT_@-MISMATCH +The certificate presented isn't the expected one (TOFU) +@item GNUTLS_@-CERT_@-PURPOSE_@-MISMATCH +The certificate or an intermediate does not match the intended purpose (extended key usage). +@item GNUTLS_@-CERT_@-MISSING_@-OCSP_@-STATUS +The certificate requires the server to send the certifiate status, but no status was received. +@item GNUTLS_@-CERT_@-INVALID_@-OCSP_@-STATUS +The received OCSP status response is invalid. +@item GNUTLS_@-CERT_@-UNKNOWN_@-CRIT_@-EXTENSIONS +The certificate has extensions marked as critical which are not supported. +@end table diff --git a/doc/enums/gnutls_certificate_type_t b/doc/enums/gnutls_certificate_type_t new file mode 100644 index 0000000..9208b76 --- /dev/null +++ b/doc/enums/gnutls_certificate_type_t @@ -0,0 +1,15 @@ + + +@c gnutls_certificate_type_t +@table @code +@item GNUTLS_@-CRT_@-UNKNOWN +Unknown certificate type. +@item GNUTLS_@-CRT_@-X509 +X.509 Certificate. +@item GNUTLS_@-CRT_@-OPENPGP +OpenPGP certificate. +@item GNUTLS_@-CRT_@-RAWPK +Raw public-key (SubjectPublicKeyInfo) +@item GNUTLS_@-CRT_@-MAX +-- undescribed -- +@end table diff --git a/doc/enums/gnutls_certificate_verification_profiles_t b/doc/enums/gnutls_certificate_verification_profiles_t new file mode 100644 index 0000000..744ba48 --- /dev/null +++ b/doc/enums/gnutls_certificate_verification_profiles_t @@ -0,0 +1,34 @@ + + +@c gnutls_certificate_verification_profiles_t +@table @code +@item GNUTLS_@-PROFILE_@-UNKNOWN +An invalid/unknown profile. +@item GNUTLS_@-PROFILE_@-VERY_@-WEAK +A verification profile that +corresponds to @code{GNUTLS_SEC_PARAM_VERY_WEAK} (64 bits) +@item GNUTLS_@-PROFILE_@-LOW +A verification profile that +corresponds to @code{GNUTLS_SEC_PARAM_LOW} (80 bits) +@item GNUTLS_@-PROFILE_@-LEGACY +A verification profile that +corresponds to @code{GNUTLS_SEC_PARAM_LEGACY} (96 bits) +@item GNUTLS_@-PROFILE_@-MEDIUM +A verification profile that +corresponds to @code{GNUTLS_SEC_PARAM_MEDIUM} (112 bits) +@item GNUTLS_@-PROFILE_@-HIGH +A verification profile that +corresponds to @code{GNUTLS_SEC_PARAM_HIGH} (128 bits) +@item GNUTLS_@-PROFILE_@-ULTRA +A verification profile that +corresponds to @code{GNUTLS_SEC_PARAM_ULTRA} (192 bits) +@item GNUTLS_@-PROFILE_@-FUTURE +A verification profile that +corresponds to @code{GNUTLS_SEC_PARAM_FUTURE} (256 bits) +@item GNUTLS_@-PROFILE_@-SUITEB128 +A verification profile that +applies the SUITEB128 rules +@item GNUTLS_@-PROFILE_@-SUITEB192 +A verification profile that +applies the SUITEB192 rules +@end table diff --git a/doc/enums/gnutls_certificate_verify_flags b/doc/enums/gnutls_certificate_verify_flags new file mode 100644 index 0000000..2c4cd32 --- /dev/null +++ b/doc/enums/gnutls_certificate_verify_flags @@ -0,0 +1,61 @@ + + +@c gnutls_certificate_verify_flags +@table @code +@item GNUTLS_@-VERIFY_@-DISABLE_@-CA_@-SIGN +If set a signer does not have to be +a certificate authority. This flag should normally be disabled, +unless you know what this means. +@item GNUTLS_@-VERIFY_@-DO_@-NOT_@-ALLOW_@-IP_@-MATCHES +When verifying a hostname +prevent textual IP addresses from matching IP addresses in the +certificate. Treat the input only as a DNS name. +@item GNUTLS_@-VERIFY_@-DO_@-NOT_@-ALLOW_@-SAME +If a certificate is not signed by +anyone trusted but exists in the trusted CA list do not treat it +as trusted. +@item GNUTLS_@-VERIFY_@-ALLOW_@-ANY_@-X509_@-V1_@-CA_@-CRT +Allow CA certificates that +have version 1 (both root and intermediate). This might be +dangerous since those haven't the basicConstraints +extension. +@item GNUTLS_@-VERIFY_@-ALLOW_@-SIGN_@-RSA_@-MD2 +Allow certificates to be signed +using the broken MD2 algorithm. +@item GNUTLS_@-VERIFY_@-ALLOW_@-SIGN_@-RSA_@-MD5 +Allow certificates to be signed +using the broken MD5 algorithm. +@item GNUTLS_@-VERIFY_@-DISABLE_@-TIME_@-CHECKS +Disable checking of activation +and expiration validity periods of certificate chains. Don't set +this unless you understand the security implications. +@item GNUTLS_@-VERIFY_@-DISABLE_@-TRUSTED_@-TIME_@-CHECKS +If set a signer in the trusted +list is never checked for expiration or activation. +@item GNUTLS_@-VERIFY_@-DO_@-NOT_@-ALLOW_@-X509_@-V1_@-CA_@-CRT +Do not allow trusted CA +certificates that have version 1. This option is to be used +to deprecate all certificates of version 1. +@item GNUTLS_@-VERIFY_@-DISABLE_@-CRL_@-CHECKS +Disable checking for validity +using certificate revocation lists or the available OCSP data. +@item GNUTLS_@-VERIFY_@-ALLOW_@-UNSORTED_@-CHAIN +A certificate chain is tolerated +if unsorted (the case with many TLS servers out there). This is the +default since GnuTLS 3.1.4. +@item GNUTLS_@-VERIFY_@-DO_@-NOT_@-ALLOW_@-UNSORTED_@-CHAIN +Do not tolerate an unsorted +certificate chain. +@item GNUTLS_@-VERIFY_@-DO_@-NOT_@-ALLOW_@-WILDCARDS +When including a hostname +check in the verification, do not consider any wildcards. +@item GNUTLS_@-VERIFY_@-USE_@-TLS1_@-RSA +This indicates that a (raw) RSA signature is provided +as in the TLS 1.0 protocol. Not all functions accept this flag. +@item GNUTLS_@-VERIFY_@-IGNORE_@-UNKNOWN_@-CRIT_@-EXTENSIONS +This signals the verification +process, not to fail on unknown critical extensions. +@item GNUTLS_@-VERIFY_@-ALLOW_@-SIGN_@-WITH_@-SHA1 +Allow certificates to be signed +using the broken SHA1 hash algorithm. +@end table diff --git a/doc/enums/gnutls_channel_binding_t b/doc/enums/gnutls_channel_binding_t new file mode 100644 index 0000000..38e7bae --- /dev/null +++ b/doc/enums/gnutls_channel_binding_t @@ -0,0 +1,7 @@ + + +@c gnutls_channel_binding_t +@table @code +@item GNUTLS_@-CB_@-TLS_@-UNIQUE +"tls-unique" (RFC 5929) channel binding +@end table diff --git a/doc/enums/gnutls_cipher_algorithm_t b/doc/enums/gnutls_cipher_algorithm_t new file mode 100644 index 0000000..3428afa --- /dev/null +++ b/doc/enums/gnutls_cipher_algorithm_t @@ -0,0 +1,95 @@ + + +@c gnutls_cipher_algorithm_t +@table @code +@item GNUTLS_@-CIPHER_@-UNKNOWN +Value to identify an unknown/unsupported algorithm. +@item GNUTLS_@-CIPHER_@-NULL +The NULL (identity) encryption algorithm. +@item GNUTLS_@-CIPHER_@-ARCFOUR_@-128 +ARCFOUR stream cipher with 128-bit keys. +@item GNUTLS_@-CIPHER_@-3DES_@-CBC +3DES in CBC mode. +@item GNUTLS_@-CIPHER_@-AES_@-128_@-CBC +AES in CBC mode with 128-bit keys. +@item GNUTLS_@-CIPHER_@-AES_@-256_@-CBC +AES in CBC mode with 256-bit keys. +@item GNUTLS_@-CIPHER_@-ARCFOUR_@-40 +ARCFOUR stream cipher with 40-bit keys. +@item GNUTLS_@-CIPHER_@-CAMELLIA_@-128_@-CBC +Camellia in CBC mode with 128-bit keys. +@item GNUTLS_@-CIPHER_@-CAMELLIA_@-256_@-CBC +Camellia in CBC mode with 256-bit keys. +@item GNUTLS_@-CIPHER_@-AES_@-192_@-CBC +AES in CBC mode with 192-bit keys. +@item GNUTLS_@-CIPHER_@-AES_@-128_@-GCM +AES in GCM mode with 128-bit keys. +@item GNUTLS_@-CIPHER_@-AES_@-256_@-GCM +AES in GCM mode with 256-bit keys. +@item GNUTLS_@-CIPHER_@-CAMELLIA_@-192_@-CBC +Camellia in CBC mode with 192-bit keys. +@item GNUTLS_@-CIPHER_@-SALSA20_@-256 +Salsa20 with 256-bit keys. +@item GNUTLS_@-CIPHER_@-ESTREAM_@-SALSA20_@-256 +Estream's Salsa20 variant with 256-bit keys. +@item GNUTLS_@-CIPHER_@-CAMELLIA_@-128_@-GCM +CAMELLIA in GCM mode with 128-bit keys. +@item GNUTLS_@-CIPHER_@-CAMELLIA_@-256_@-GCM +CAMELLIA in GCM mode with 256-bit keys. +@item GNUTLS_@-CIPHER_@-RC2_@-40_@-CBC +RC2 in CBC mode with 40-bit keys. +@item GNUTLS_@-CIPHER_@-DES_@-CBC +DES in CBC mode (56-bit keys). +@item GNUTLS_@-CIPHER_@-AES_@-128_@-CCM +AES in CCM mode with 128-bit keys. +@item GNUTLS_@-CIPHER_@-AES_@-256_@-CCM +AES in CCM mode with 256-bit keys. +@item GNUTLS_@-CIPHER_@-AES_@-128_@-CCM_@-8 +AES in CCM mode with 64-bit tag and 128-bit keys. +@item GNUTLS_@-CIPHER_@-AES_@-256_@-CCM_@-8 +AES in CCM mode with 64-bit tag and 256-bit keys. +@item GNUTLS_@-CIPHER_@-CHACHA20_@-POLY1305 +The Chacha20 cipher with the Poly1305 authenticator (AEAD). +@item GNUTLS_@-CIPHER_@-GOST28147_@-TC26Z_@-CFB +GOST 28147-89 (Magma) cipher in CFB mode with TC26 Z S-box. +@item GNUTLS_@-CIPHER_@-GOST28147_@-CPA_@-CFB +GOST 28147-89 (Magma) cipher in CFB mode with CryptoPro A S-box. +@item GNUTLS_@-CIPHER_@-GOST28147_@-CPB_@-CFB +GOST 28147-89 (Magma) cipher in CFB mode with CryptoPro B S-box. +@item GNUTLS_@-CIPHER_@-GOST28147_@-CPC_@-CFB +GOST 28147-89 (Magma) cipher in CFB mode with CryptoPro C S-box. +@item GNUTLS_@-CIPHER_@-GOST28147_@-CPD_@-CFB +GOST 28147-89 (Magma) cipher in CFB mode with CryptoPro D S-box. +@item GNUTLS_@-CIPHER_@-AES_@-128_@-CFB8 +AES in CFB8 mode with 128-bit keys. +@item GNUTLS_@-CIPHER_@-AES_@-192_@-CFB8 +AES in CFB8 mode with 192-bit keys. +@item GNUTLS_@-CIPHER_@-AES_@-256_@-CFB8 +AES in CFB8 mode with 256-bit keys. +@item GNUTLS_@-CIPHER_@-AES_@-128_@-XTS +AES in XTS mode with 128-bit key + 128bit tweak key. +@item GNUTLS_@-CIPHER_@-AES_@-256_@-XTS +AES in XTS mode with 256-bit key + 256bit tweak key. +Note that the XTS ciphers are message oriented. +The whole message needs to be provided with a single call, because +cipher-stealing requires to know where the message actually terminates +in order to be able to compute where the stealing occurs. +@item GNUTLS_@-CIPHER_@-IDEA_@-PGP_@-CFB +IDEA in CFB mode (placeholder - unsupported). +@item GNUTLS_@-CIPHER_@-3DES_@-PGP_@-CFB +3DES in CFB mode (placeholder - unsupported). +@item GNUTLS_@-CIPHER_@-CAST5_@-PGP_@-CFB +CAST5 in CFB mode (placeholder - unsupported). +@item GNUTLS_@-CIPHER_@-BLOWFISH_@-PGP_@-CFB +Blowfish in CFB mode (placeholder - unsupported). +@item GNUTLS_@-CIPHER_@-SAFER_@-SK128_@-PGP_@-CFB +Safer-SK in CFB mode with 128-bit keys (placeholder - unsupported). +@item GNUTLS_@-CIPHER_@-AES128_@-PGP_@-CFB +AES in CFB mode with 128-bit keys (placeholder - unsupported). +@item GNUTLS_@-CIPHER_@-AES192_@-PGP_@-CFB +AES in CFB mode with 192-bit keys (placeholder - unsupported). +@item GNUTLS_@-CIPHER_@-AES256_@-PGP_@-CFB +AES in CFB mode with 256-bit keys (placeholder - unsupported). +@item GNUTLS_@-CIPHER_@-TWOFISH_@-PGP_@-CFB +Twofish in CFB mode (placeholder - unsupported). +@end table diff --git a/doc/enums/gnutls_close_request_t b/doc/enums/gnutls_close_request_t new file mode 100644 index 0000000..8918431 --- /dev/null +++ b/doc/enums/gnutls_close_request_t @@ -0,0 +1,9 @@ + + +@c gnutls_close_request_t +@table @code +@item GNUTLS_@-SHUT_@-RDWR +Disallow further receives/sends. +@item GNUTLS_@-SHUT_@-WR +Disallow further sends. +@end table diff --git a/doc/enums/gnutls_compression_method_t b/doc/enums/gnutls_compression_method_t new file mode 100644 index 0000000..400f195 --- /dev/null +++ b/doc/enums/gnutls_compression_method_t @@ -0,0 +1,13 @@ + + +@c gnutls_compression_method_t +@table @code +@item GNUTLS_@-COMP_@-UNKNOWN +Unknown compression method. +@item GNUTLS_@-COMP_@-NULL +The NULL compression method (no compression). +@item GNUTLS_@-COMP_@-DEFLATE +The DEFLATE compression method from zlib. +@item GNUTLS_@-COMP_@-ZLIB +Same as @code{GNUTLS_COMP_DEFLATE} . +@end table diff --git a/doc/enums/gnutls_credentials_type_t b/doc/enums/gnutls_credentials_type_t new file mode 100644 index 0000000..210299f --- /dev/null +++ b/doc/enums/gnutls_credentials_type_t @@ -0,0 +1,15 @@ + + +@c gnutls_credentials_type_t +@table @code +@item GNUTLS_@-CRD_@-CERTIFICATE +Certificate credential. +@item GNUTLS_@-CRD_@-ANON +Anonymous credential. +@item GNUTLS_@-CRD_@-SRP +SRP credential. +@item GNUTLS_@-CRD_@-PSK +PSK credential. +@item GNUTLS_@-CRD_@-IA +IA credential. +@end table diff --git a/doc/enums/gnutls_ctype_target_t b/doc/enums/gnutls_ctype_target_t new file mode 100644 index 0000000..f18942d --- /dev/null +++ b/doc/enums/gnutls_ctype_target_t @@ -0,0 +1,13 @@ + + +@c gnutls_ctype_target_t +@table @code +@item GNUTLS_@-CTYPE_@-CLIENT +for requesting client certificate type values. +@item GNUTLS_@-CTYPE_@-SERVER +for requesting server certificate type values. +@item GNUTLS_@-CTYPE_@-OURS +for requesting our certificate type values. +@item GNUTLS_@-CTYPE_@-PEERS +for requesting the peers' certificate type values. +@end table diff --git a/doc/enums/gnutls_digest_algorithm_t b/doc/enums/gnutls_digest_algorithm_t new file mode 100644 index 0000000..2d61fb4 --- /dev/null +++ b/doc/enums/gnutls_digest_algorithm_t @@ -0,0 +1,41 @@ + + +@c gnutls_digest_algorithm_t +@table @code +@item GNUTLS_@-DIG_@-UNKNOWN +Unknown hash algorithm. +@item GNUTLS_@-DIG_@-NULL +NULL hash algorithm (empty output). +@item GNUTLS_@-DIG_@-MD5 +MD5 algorithm. +@item GNUTLS_@-DIG_@-SHA1 +SHA-1 algorithm. +@item GNUTLS_@-DIG_@-RMD160 +RMD160 algorithm. +@item GNUTLS_@-DIG_@-MD2 +MD2 algorithm. +@item GNUTLS_@-DIG_@-SHA256 +SHA-256 algorithm. +@item GNUTLS_@-DIG_@-SHA384 +SHA-384 algorithm. +@item GNUTLS_@-DIG_@-SHA512 +SHA-512 algorithm. +@item GNUTLS_@-DIG_@-SHA224 +SHA-224 algorithm. +@item GNUTLS_@-DIG_@-SHA3_@-224 +SHA3-224 algorithm. +@item GNUTLS_@-DIG_@-SHA3_@-256 +SHA3-256 algorithm. +@item GNUTLS_@-DIG_@-SHA3_@-384 +SHA3-384 algorithm. +@item GNUTLS_@-DIG_@-SHA3_@-512 +SHA3-512 algorithm. +@item GNUTLS_@-DIG_@-MD5_@-SHA1 +Combined MD5+SHA1 algorithm. +@item GNUTLS_@-DIG_@-GOSTR_@-94 +GOST R 34.11-94 algorithm. +@item GNUTLS_@-DIG_@-STREEBOG_@-256 +GOST R 34.11-2001 (Streebog) algorithm, 256 bit. +@item GNUTLS_@-DIG_@-STREEBOG_@-512 +GOST R 34.11-2001 (Streebog) algorithm, 512 bit. +@end table diff --git a/doc/enums/gnutls_ecc_curve_t b/doc/enums/gnutls_ecc_curve_t new file mode 100644 index 0000000..e82bdd7 --- /dev/null +++ b/doc/enums/gnutls_ecc_curve_t @@ -0,0 +1,37 @@ + + +@c gnutls_ecc_curve_t +@table @code +@item GNUTLS_@-ECC_@-CURVE_@-INVALID +Cannot be known +@item GNUTLS_@-ECC_@-CURVE_@-SECP224R1 +the SECP224R1 curve +@item GNUTLS_@-ECC_@-CURVE_@-SECP256R1 +the SECP256R1 curve +@item GNUTLS_@-ECC_@-CURVE_@-SECP384R1 +the SECP384R1 curve +@item GNUTLS_@-ECC_@-CURVE_@-SECP521R1 +the SECP521R1 curve +@item GNUTLS_@-ECC_@-CURVE_@-SECP192R1 +the SECP192R1 curve +@item GNUTLS_@-ECC_@-CURVE_@-X25519 +the X25519 curve (ECDH only) +@item GNUTLS_@-ECC_@-CURVE_@-ED25519 +the Ed25519 curve +@item GNUTLS_@-ECC_@-CURVE_@-GOST256CPA +GOST R 34.10 CryptoPro 256 A curve +@item GNUTLS_@-ECC_@-CURVE_@-GOST256CPB +GOST R 34.10 CryptoPro 256 B curve +@item GNUTLS_@-ECC_@-CURVE_@-GOST256CPC +GOST R 34.10 CryptoPro 256 C curve +@item GNUTLS_@-ECC_@-CURVE_@-GOST256CPXA +GOST R 34.10 CryptoPro 256 XchA curve +@item GNUTLS_@-ECC_@-CURVE_@-GOST256CPXB +GOST R 34.10 CryptoPro 256 XchB curve +@item GNUTLS_@-ECC_@-CURVE_@-GOST512A +GOST R 34.10 TC26 512 A curve +@item GNUTLS_@-ECC_@-CURVE_@-GOST512B +GOST R 34.10 TC26 512 B curve +@item GNUTLS_@-ECC_@-CURVE_@-MAX +-- undescribed -- +@end table diff --git a/doc/enums/gnutls_ext_flags_t b/doc/enums/gnutls_ext_flags_t new file mode 100644 index 0000000..0f76bbb --- /dev/null +++ b/doc/enums/gnutls_ext_flags_t @@ -0,0 +1,23 @@ + + +@c gnutls_ext_flags_t +@table @code +@item GNUTLS_@-EXT_@-FLAG_@-OVERRIDE_@-INTERNAL +If specified the extension registered will override the internal; this does not work with extensions existing prior to 3.6.0. +@item GNUTLS_@-EXT_@-FLAG_@-CLIENT_@-HELLO +This extension can be present in a client hello +@item GNUTLS_@-EXT_@-FLAG_@-TLS12_@-SERVER_@-HELLO +This extension can be present in a TLS1.2 or earlier server hello +@item GNUTLS_@-EXT_@-FLAG_@-TLS13_@-SERVER_@-HELLO +This extension can be present in a TLS1.3 server hello +@item GNUTLS_@-EXT_@-FLAG_@-EE +This extension can be present in encrypted extensions message +@item GNUTLS_@-EXT_@-FLAG_@-HRR +This extension can be present in hello retry request message +@item GNUTLS_@-EXT_@-FLAG_@-IGNORE_@-CLIENT_@-REQUEST +When flag is present, this extension will be send even if the client didn't advertise it. An extension of this type is the Cookie TLS1.3 extension. +@item GNUTLS_@-EXT_@-FLAG_@-TLS +This extension can be present under TLS; otherwise ignored. +@item GNUTLS_@-EXT_@-FLAG_@-DTLS +This extension can be present under DTLS; otherwise ignored. +@end table diff --git a/doc/enums/gnutls_ext_parse_type_t b/doc/enums/gnutls_ext_parse_type_t new file mode 100644 index 0000000..e2e5953 --- /dev/null +++ b/doc/enums/gnutls_ext_parse_type_t @@ -0,0 +1,17 @@ + + +@c gnutls_ext_parse_type_t +@table @code +@item GNUTLS_@-EXT_@-ANY +Any extension type (should not be used as it is used only internally). +@item GNUTLS_@-EXT_@-APPLICATION +Parsed after @code{GNUTLS_EXT_MANDATORY} +@item GNUTLS_@-EXT_@-TLS +TLS-internal extensions, parsed after @code{GNUTLS_EXT_APPLICATION} . +@item GNUTLS_@-EXT_@-MANDATORY +Parsed after @code{GNUTLS_EXT_VERSION_NEG} and even when resuming. +@item GNUTLS_@-EXT_@-NONE +Never to be parsed +@item GNUTLS_@-EXT_@-VERSION_@-NEG +Extensions to be parsed first for TLS version negotiation. +@end table diff --git a/doc/enums/gnutls_fips_mode_t b/doc/enums/gnutls_fips_mode_t new file mode 100644 index 0000000..3ccffe4 --- /dev/null +++ b/doc/enums/gnutls_fips_mode_t @@ -0,0 +1,21 @@ + + +@c gnutls_fips_mode_t +@table @code +@item GNUTLS_@-FIPS140_@-DISABLED +The FIPS140-2 mode is disabled. +@item GNUTLS_@-FIPS140_@-STRICT +The default mode; all forbidden operations will cause an +operation failure via error code. +@item GNUTLS_@-FIPS140_@-SELFTESTS +A transient state during library initialization. That state +cannot be set or seen by applications. +@item GNUTLS_@-FIPS140_@-LAX +The library still uses the FIPS140-2 relevant algorithms but all +forbidden by FIPS140-2 operations are allowed; this is useful when the +application is aware of the followed security policy, and needs +to utilize disallowed operations for other reasons (e.g., compatibility). +@item GNUTLS_@-FIPS140_@-LOG +Similarly to @code{GNUTLS_FIPS140_LAX} , it allows forbidden operations; any use of them results +to a message to the audit callback functions. +@end table diff --git a/doc/enums/gnutls_gost_paramset_t b/doc/enums/gnutls_gost_paramset_t new file mode 100644 index 0000000..ea8b74a --- /dev/null +++ b/doc/enums/gnutls_gost_paramset_t @@ -0,0 +1,17 @@ + + +@c gnutls_gost_paramset_t +@table @code +@item GNUTLS_@-GOST_@-PARAMSET_@-UNKNOWN +Unknown/default parameter set +@item GNUTLS_@-GOST_@-PARAMSET_@-TC26_@-Z +Specified by TC26, see rfc7836 +@item GNUTLS_@-GOST_@-PARAMSET_@-CP_@-A +CryptoPro-A, see rfc4357 +@item GNUTLS_@-GOST_@-PARAMSET_@-CP_@-B +CryptoPro-B, see rfc4357 +@item GNUTLS_@-GOST_@-PARAMSET_@-CP_@-C +CryptoPro-C, see rfc4357 +@item GNUTLS_@-GOST_@-PARAMSET_@-CP_@-D +CryptoPro-D, see rfc4357 +@end table diff --git a/doc/enums/gnutls_group_t b/doc/enums/gnutls_group_t new file mode 100644 index 0000000..5066187 --- /dev/null +++ b/doc/enums/gnutls_group_t @@ -0,0 +1,31 @@ + + +@c gnutls_group_t +@table @code +@item GNUTLS_@-GROUP_@-INVALID +Indicates unknown/invalid group +@item GNUTLS_@-GROUP_@-SECP192R1 +the SECP192R1 curve group (legacy, only for TLS 1.2 compatibility) +@item GNUTLS_@-GROUP_@-SECP224R1 +the SECP224R1 curve group (legacy, only for TLS 1.2 compatibility) +@item GNUTLS_@-GROUP_@-SECP256R1 +the SECP256R1 curve group +@item GNUTLS_@-GROUP_@-SECP384R1 +the SECP384R1 curve group +@item GNUTLS_@-GROUP_@-SECP521R1 +the SECP521R1 curve group +@item GNUTLS_@-GROUP_@-X25519 +the X25519 curve group +@item GNUTLS_@-GROUP_@-FFDHE2048 +the FFDHE2048 group +@item GNUTLS_@-GROUP_@-FFDHE3072 +the FFDHE3072 group +@item GNUTLS_@-GROUP_@-FFDHE4096 +the FFDHE4096 group +@item GNUTLS_@-GROUP_@-FFDHE8192 +the FFDHE8192 group +@item GNUTLS_@-GROUP_@-FFDHE6144 +the FFDHE6144 group +@item GNUTLS_@-GROUP_@-MAX +-- undescribed -- +@end table diff --git a/doc/enums/gnutls_handshake_description_t b/doc/enums/gnutls_handshake_description_t new file mode 100644 index 0000000..904f1f2 --- /dev/null +++ b/doc/enums/gnutls_handshake_description_t @@ -0,0 +1,45 @@ + + +@c gnutls_handshake_description_t +@table @code +@item GNUTLS_@-HANDSHAKE_@-HELLO_@-REQUEST +Hello request. +@item GNUTLS_@-HANDSHAKE_@-CLIENT_@-HELLO +Client hello. +@item GNUTLS_@-HANDSHAKE_@-SERVER_@-HELLO +Server hello. +@item GNUTLS_@-HANDSHAKE_@-HELLO_@-VERIFY_@-REQUEST +DTLS Hello verify request. +@item GNUTLS_@-HANDSHAKE_@-NEW_@-SESSION_@-TICKET +New session ticket. +@item GNUTLS_@-HANDSHAKE_@-END_@-OF_@-EARLY_@-DATA +End of early data. +@item GNUTLS_@-HANDSHAKE_@-ENCRYPTED_@-EXTENSIONS +Encrypted extensions message. +@item GNUTLS_@-HANDSHAKE_@-CERTIFICATE_@-PKT +Certificate packet. +@item GNUTLS_@-HANDSHAKE_@-SERVER_@-KEY_@-EXCHANGE +Server key exchange. +@item GNUTLS_@-HANDSHAKE_@-CERTIFICATE_@-REQUEST +Certificate request. +@item GNUTLS_@-HANDSHAKE_@-SERVER_@-HELLO_@-DONE +Server hello done. +@item GNUTLS_@-HANDSHAKE_@-CERTIFICATE_@-VERIFY +Certificate verify. +@item GNUTLS_@-HANDSHAKE_@-CLIENT_@-KEY_@-EXCHANGE +Client key exchange. +@item GNUTLS_@-HANDSHAKE_@-FINISHED +Finished. +@item GNUTLS_@-HANDSHAKE_@-CERTIFICATE_@-STATUS +Certificate status (OCSP). +@item GNUTLS_@-HANDSHAKE_@-SUPPLEMENTAL +Supplemental. +@item GNUTLS_@-HANDSHAKE_@-KEY_@-UPDATE +TLS1.3 key update message. +@item GNUTLS_@-HANDSHAKE_@-CHANGE_@-CIPHER_@-SPEC +Change Cipher Spec. +@item GNUTLS_@-HANDSHAKE_@-CLIENT_@-HELLO_@-V2 +SSLv2 Client Hello. +@item GNUTLS_@-HANDSHAKE_@-HELLO_@-RETRY_@-REQUEST +Hello retry request. +@end table diff --git a/doc/enums/gnutls_init_flags_t b/doc/enums/gnutls_init_flags_t new file mode 100644 index 0000000..6750f50 --- /dev/null +++ b/doc/enums/gnutls_init_flags_t @@ -0,0 +1,71 @@ + + +@c gnutls_init_flags_t +@table @code +@item GNUTLS_@-SERVER +Connection end is a server. +@item GNUTLS_@-CLIENT +Connection end is a client. +@item GNUTLS_@-DATAGRAM +Connection is datagram oriented (DTLS). Since 3.0.0. +@item GNUTLS_@-NONBLOCK +Connection should not block. Since 3.0.0. +@item GNUTLS_@-NO_@-EXTENSIONS +Do not enable any TLS extensions by default (since 3.1.2). As TLS 1.2 and later require extensions this option is considered obsolete and should not be used. +@item GNUTLS_@-NO_@-REPLAY_@-PROTECTION +Disable any replay protection in DTLS. This must only be used if replay protection is achieved using other means. Since 3.2.2. +@item GNUTLS_@-NO_@-SIGNAL +In systems where SIGPIPE is delivered on send, it will be disabled. That flag has effect in systems which support the MSG_NOSIGNAL sockets flag (since 3.4.2). +@item GNUTLS_@-ALLOW_@-ID_@-CHANGE +Allow the peer to replace its certificate, or change its ID during a rehandshake. This change is often used in attacks and thus prohibited by default. Since 3.5.0. +@item GNUTLS_@-ENABLE_@-FALSE_@-START +Enable the TLS false start on client side if the negotiated ciphersuites allow it. This will enable sending data prior to the handshake being complete, and may introduce a risk of crypto failure when combined with certain key exchanged; for that GnuTLS may not enable that option in ciphersuites that are known to be not safe for false start. Since 3.5.0. +@item GNUTLS_@-FORCE_@-CLIENT_@-CERT +When in client side and only a single cert is specified, send that certificate irrespective of the issuers expected by the server. Since 3.5.0. +@item GNUTLS_@-NO_@-TICKETS +Flag to indicate that the session should not use resumption with session tickets. +@item GNUTLS_@-KEY_@-SHARE_@-TOP +Generate key share for the first group which is enabled. +For example x25519. This option is the most performant for client (less CPU spent +generating keys), but if the server doesn't support the advertized option it may +result to more roundtrips needed to discover the server's choice. +@item GNUTLS_@-KEY_@-SHARE_@-TOP2 +Generate key shares for the top-2 different groups which are enabled. +For example (ECDH + x25519). This is the default. +@item GNUTLS_@-KEY_@-SHARE_@-TOP3 +Generate key shares for the top-3 different groups which are enabled. +That is, as each group is associated with a key type (EC, finite field, x25519), generate +three keys using @code{GNUTLS_PK_DH} , @code{GNUTLS_PK_EC} , @code{GNUTLS_PK_ECDH_X25519} if all of them are enabled. +@item GNUTLS_@-POST_@-HANDSHAKE_@-AUTH +Enable post handshake authentication for server and client. When set and +a server requests authentication after handshake @code{GNUTLS_E_REAUTH_REQUEST} will be returned +by @code{gnutls_record_recv()} . A client should then call @code{gnutls_reauth()} to re-authenticate. +@item GNUTLS_@-NO_@-AUTO_@-REKEY +Disable auto-rekeying under TLS1.3. If this option is not specified +gnutls will force a rekey after 2^24 records have been sent. +@item GNUTLS_@-SAFE_@-PADDING_@-CHECK +Flag to indicate that the TLS 1.3 padding check will be done in a +safe way which doesn't leak the pad size based on GnuTLS processing time. This is of use to +applications which hide the length of transferred data via the TLS1.3 padding mechanism and +are already taking steps to hide the data processing time. This comes at a performance +penalty. +@item GNUTLS_@-ENABLE_@-EARLY_@-START +Under TLS1.3 allow the server to return earlier than the full handshake +finish; similarly to false start the handshake will be completed once data are received by the +client, while the server is able to transmit sooner. This is not enabled by default as it could +break certain existing server assumptions and use-cases. Since 3.6.4. +@item GNUTLS_@-ENABLE_@-RAWPK +Allows raw public-keys to be negotiated during the handshake. Since 3.6.6. +@item GNUTLS_@-AUTO_@-REAUTH +Enable transparent re-authentication in client side when the server +requests to. That is, reauthentication is handled within @code{gnutls_record_recv()} , and +the @code{GNUTLS_E_REHANDSHAKE} or @code{GNUTLS_E_REAUTH_REQUEST} are not returned. This must be +enabled with @code{GNUTLS_POST_HANDSHAKE_AUTH} for TLS1.3. Enabling this flag requires to restore +interrupted calls to @code{gnutls_record_recv()} based on the output of @code{gnutls_record_get_direction()} , +since @code{gnutls_record_recv()} could be interrupted when sending when this flag is enabled. +Note this flag may not be used if you are using the same session for sending and receiving +in different threads. +@item GNUTLS_@-ENABLE_@-EARLY_@-DATA +Under TLS1.3 allow the server to receive early data sent as part of the initial ClientHello (0-RTT). +This is not enabled by default as early data has weaker security properties than other data. Since 3.6.5. +@end table diff --git a/doc/enums/gnutls_keygen_types_t b/doc/enums/gnutls_keygen_types_t new file mode 100644 index 0000000..1b407a3 --- /dev/null +++ b/doc/enums/gnutls_keygen_types_t @@ -0,0 +1,11 @@ + + +@c gnutls_keygen_types_t +@table @code +@item GNUTLS_@-KEYGEN_@-SEED +Specifies the seed to be used in key generation. +@item GNUTLS_@-KEYGEN_@-DIGEST +The size field specifies the hash algorithm to be used in key generation. +@item GNUTLS_@-KEYGEN_@-SPKI +data points to a @code{gnutls_x509_spki_t} structure; it is not used after the key generation call. +@end table diff --git a/doc/enums/gnutls_keyid_flags_t b/doc/enums/gnutls_keyid_flags_t new file mode 100644 index 0000000..8755430 --- /dev/null +++ b/doc/enums/gnutls_keyid_flags_t @@ -0,0 +1,13 @@ + + +@c gnutls_keyid_flags_t +@table @code +@item GNUTLS_@-KEYID_@-USE_@-SHA1 +Use SHA1 as the key ID algorithm (default). +@item GNUTLS_@-KEYID_@-USE_@-SHA256 +Use SHA256 as the key ID algorithm. +@item GNUTLS_@-KEYID_@-USE_@-SHA512 +Use SHA512 as the key ID algorithm. +@item GNUTLS_@-KEYID_@-USE_@-BEST_@-KNOWN +Use the best known algorithm to calculate key ID. Using that option will make your program behavior depend on the version of gnutls linked with. That option has a cap of 64-bytes key IDs. +@end table diff --git a/doc/enums/gnutls_kx_algorithm_t b/doc/enums/gnutls_kx_algorithm_t new file mode 100644 index 0000000..eebf3f2 --- /dev/null +++ b/doc/enums/gnutls_kx_algorithm_t @@ -0,0 +1,37 @@ + + +@c gnutls_kx_algorithm_t +@table @code +@item GNUTLS_@-KX_@-UNKNOWN +Unknown key-exchange algorithm. +@item GNUTLS_@-KX_@-RSA +RSA key-exchange algorithm. +@item GNUTLS_@-KX_@-DHE_@-DSS +DHE-DSS key-exchange algorithm. +@item GNUTLS_@-KX_@-DHE_@-RSA +DHE-RSA key-exchange algorithm. +@item GNUTLS_@-KX_@-ANON_@-DH +Anon-DH key-exchange algorithm. +@item GNUTLS_@-KX_@-SRP +SRP key-exchange algorithm. +@item GNUTLS_@-KX_@-RSA_@-EXPORT +RSA-EXPORT key-exchange algorithm (defunc). +@item GNUTLS_@-KX_@-SRP_@-RSA +SRP-RSA key-exchange algorithm. +@item GNUTLS_@-KX_@-SRP_@-DSS +SRP-DSS key-exchange algorithm. +@item GNUTLS_@-KX_@-PSK +PSK key-exchange algorithm. +@item GNUTLS_@-KX_@-DHE_@-PSK +DHE-PSK key-exchange algorithm. +@item GNUTLS_@-KX_@-ANON_@-ECDH +Anon-ECDH key-exchange algorithm. +@item GNUTLS_@-KX_@-ECDHE_@-RSA +ECDHE-RSA key-exchange algorithm. +@item GNUTLS_@-KX_@-ECDHE_@-ECDSA +ECDHE-ECDSA key-exchange algorithm. +@item GNUTLS_@-KX_@-ECDHE_@-PSK +ECDHE-PSK key-exchange algorithm. +@item GNUTLS_@-KX_@-RSA_@-PSK +RSA-PSK key-exchange algorithm. +@end table diff --git a/doc/enums/gnutls_mac_algorithm_t b/doc/enums/gnutls_mac_algorithm_t new file mode 100644 index 0000000..a7220ee --- /dev/null +++ b/doc/enums/gnutls_mac_algorithm_t @@ -0,0 +1,51 @@ + + +@c gnutls_mac_algorithm_t +@table @code +@item GNUTLS_@-MAC_@-UNKNOWN +Unknown MAC algorithm. +@item GNUTLS_@-MAC_@-NULL +NULL MAC algorithm (empty output). +@item GNUTLS_@-MAC_@-MD5 +HMAC-MD5 algorithm. +@item GNUTLS_@-MAC_@-SHA1 +HMAC-SHA-1 algorithm. +@item GNUTLS_@-MAC_@-RMD160 +HMAC-RMD160 algorithm. +@item GNUTLS_@-MAC_@-MD2 +HMAC-MD2 algorithm. +@item GNUTLS_@-MAC_@-SHA256 +HMAC-SHA-256 algorithm. +@item GNUTLS_@-MAC_@-SHA384 +HMAC-SHA-384 algorithm. +@item GNUTLS_@-MAC_@-SHA512 +HMAC-SHA-512 algorithm. +@item GNUTLS_@-MAC_@-SHA224 +HMAC-SHA-224 algorithm. +@item GNUTLS_@-MAC_@-SHA3_@-224 +Reserved; unimplemented. +@item GNUTLS_@-MAC_@-SHA3_@-256 +Reserved; unimplemented. +@item GNUTLS_@-MAC_@-SHA3_@-384 +Reserved; unimplemented. +@item GNUTLS_@-MAC_@-SHA3_@-512 +Reserved; unimplemented. +@item GNUTLS_@-MAC_@-MD5_@-SHA1 +Combined MD5+SHA1 MAC placeholder. +@item GNUTLS_@-MAC_@-GOSTR_@-94 +HMAC GOST R 34.11-94 algorithm. +@item GNUTLS_@-MAC_@-STREEBOG_@-256 +HMAC GOST R 34.11-2001 (Streebog) algorithm, 256 bit. +@item GNUTLS_@-MAC_@-STREEBOG_@-512 +HMAC GOST R 34.11-2001 (Streebog) algorithm, 512 bit. +@item GNUTLS_@-MAC_@-AEAD +MAC implicit through AEAD cipher. +@item GNUTLS_@-MAC_@-UMAC_@-96 +The UMAC-96 MAC algorithm. +@item GNUTLS_@-MAC_@-UMAC_@-128 +The UMAC-128 MAC algorithm. +@item GNUTLS_@-MAC_@-AES_@-CMAC_@-128 +The AES-CMAC-128 MAC algorithm. +@item GNUTLS_@-MAC_@-AES_@-CMAC_@-256 +The AES-CMAC-256 MAC algorithm. +@end table diff --git a/doc/enums/gnutls_ocsp_cert_status_t b/doc/enums/gnutls_ocsp_cert_status_t new file mode 100644 index 0000000..0a12aa9 --- /dev/null +++ b/doc/enums/gnutls_ocsp_cert_status_t @@ -0,0 +1,12 @@ + + +@c gnutls_ocsp_cert_status_t +@table @code +@item GNUTLS_@-OCSP_@-CERT_@-GOOD +Positive response to status inquiry. +@item GNUTLS_@-OCSP_@-CERT_@-REVOKED +Certificate has been revoked. +@item GNUTLS_@-OCSP_@-CERT_@-UNKNOWN +The responder doesn't know about the +certificate. +@end table diff --git a/doc/enums/gnutls_ocsp_print_formats_t b/doc/enums/gnutls_ocsp_print_formats_t new file mode 100644 index 0000000..8880880 --- /dev/null +++ b/doc/enums/gnutls_ocsp_print_formats_t @@ -0,0 +1,9 @@ + + +@c gnutls_ocsp_print_formats_t +@table @code +@item GNUTLS_@-OCSP_@-PRINT_@-FULL +Full information about OCSP request/response. +@item GNUTLS_@-OCSP_@-PRINT_@-COMPACT +More compact information about OCSP request/response. +@end table diff --git a/doc/enums/gnutls_ocsp_resp_status_t b/doc/enums/gnutls_ocsp_resp_status_t new file mode 100644 index 0000000..b199eb5 --- /dev/null +++ b/doc/enums/gnutls_ocsp_resp_status_t @@ -0,0 +1,17 @@ + + +@c gnutls_ocsp_resp_status_t +@table @code +@item GNUTLS_@-OCSP_@-RESP_@-SUCCESSFUL +Response has valid confirmations. +@item GNUTLS_@-OCSP_@-RESP_@-MALFORMEDREQUEST +Illegal confirmation request +@item GNUTLS_@-OCSP_@-RESP_@-INTERNALERROR +Internal error in issuer +@item GNUTLS_@-OCSP_@-RESP_@-TRYLATER +Try again later +@item GNUTLS_@-OCSP_@-RESP_@-SIGREQUIRED +Must sign the request +@item GNUTLS_@-OCSP_@-RESP_@-UNAUTHORIZED +Request unauthorized +@end table diff --git a/doc/enums/gnutls_ocsp_verify_reason_t b/doc/enums/gnutls_ocsp_verify_reason_t new file mode 100644 index 0000000..7868452 --- /dev/null +++ b/doc/enums/gnutls_ocsp_verify_reason_t @@ -0,0 +1,19 @@ + + +@c gnutls_ocsp_verify_reason_t +@table @code +@item GNUTLS_@-OCSP_@-VERIFY_@-SIGNER_@-NOT_@-FOUND +Signer cert not found. +@item GNUTLS_@-OCSP_@-VERIFY_@-SIGNER_@-KEYUSAGE_@-ERROR +Signer keyusage bits incorrect. +@item GNUTLS_@-OCSP_@-VERIFY_@-UNTRUSTED_@-SIGNER +Signer is not trusted. +@item GNUTLS_@-OCSP_@-VERIFY_@-INSECURE_@-ALGORITHM +Signature using insecure algorithm. +@item GNUTLS_@-OCSP_@-VERIFY_@-SIGNATURE_@-FAILURE +Signature mismatch. +@item GNUTLS_@-OCSP_@-VERIFY_@-CERT_@-NOT_@-ACTIVATED +Signer cert is not yet activated. +@item GNUTLS_@-OCSP_@-VERIFY_@-CERT_@-EXPIRED +Signer cert has expired. +@end table diff --git a/doc/enums/gnutls_openpgp_crt_status_t b/doc/enums/gnutls_openpgp_crt_status_t new file mode 100644 index 0000000..c3cb310 --- /dev/null +++ b/doc/enums/gnutls_openpgp_crt_status_t @@ -0,0 +1,9 @@ + + +@c gnutls_openpgp_crt_status_t +@table @code +@item GNUTLS_@-OPENPGP_@-CERT +Send entire certificate. +@item GNUTLS_@-OPENPGP_@-CERT_@-FINGERPRINT +Send only certificate fingerprint. +@end table diff --git a/doc/enums/gnutls_params_type_t b/doc/enums/gnutls_params_type_t new file mode 100644 index 0000000..e4bc32c --- /dev/null +++ b/doc/enums/gnutls_params_type_t @@ -0,0 +1,11 @@ + + +@c gnutls_params_type_t +@table @code +@item GNUTLS_@-PARAMS_@-RSA_@-EXPORT +Session RSA-EXPORT parameters (defunc). +@item GNUTLS_@-PARAMS_@-DH +Session Diffie-Hellman parameters. +@item GNUTLS_@-PARAMS_@-ECDH +Session Elliptic-Curve Diffie-Hellman parameters. +@end table diff --git a/doc/enums/gnutls_pin_flag_t b/doc/enums/gnutls_pin_flag_t new file mode 100644 index 0000000..02cefc8 --- /dev/null +++ b/doc/enums/gnutls_pin_flag_t @@ -0,0 +1,17 @@ + + +@c gnutls_pin_flag_t +@table @code +@item GNUTLS_@-PIN_@-USER +The PIN for the user. +@item GNUTLS_@-PIN_@-SO +The PIN for the security officer (admin). +@item GNUTLS_@-PIN_@-FINAL_@-TRY +This is the final try before blocking. +@item GNUTLS_@-PIN_@-COUNT_@-LOW +Few tries remain before token blocks. +@item GNUTLS_@-PIN_@-CONTEXT_@-SPECIFIC +The PIN is for a specific action and key like signing. +@item GNUTLS_@-PIN_@-WRONG +Last given PIN was not correct. +@end table diff --git a/doc/enums/gnutls_pk_algorithm_t b/doc/enums/gnutls_pk_algorithm_t new file mode 100644 index 0000000..05a0661 --- /dev/null +++ b/doc/enums/gnutls_pk_algorithm_t @@ -0,0 +1,29 @@ + + +@c gnutls_pk_algorithm_t +@table @code +@item GNUTLS_@-PK_@-UNKNOWN +Unknown public-key algorithm. +@item GNUTLS_@-PK_@-RSA +RSA public-key algorithm. +@item GNUTLS_@-PK_@-DSA +DSA public-key algorithm. +@item GNUTLS_@-PK_@-DH +Diffie-Hellman algorithm. Used to generate parameters. +@item GNUTLS_@-PK_@-ECDSA +Elliptic curve algorithm. These parameters are compatible with the ECDSA and ECDH algorithm. +@item GNUTLS_@-PK_@-ECDH_@-X25519 +Elliptic curve algorithm, restricted to ECDH as per rfc7748. +@item GNUTLS_@-PK_@-RSA_@-PSS +RSA public-key algorithm, with PSS padding. +@item GNUTLS_@-PK_@-EDDSA_@-ED25519 +Edwards curve Digital signature algorithm. Used with SHA512 on signatures. +@item GNUTLS_@-PK_@-GOST_@-01 +GOST R 34.10-2001 algorithm per rfc5832. +@item GNUTLS_@-PK_@-GOST_@-12_@-256 +GOST R 34.10-2012 algorithm, 256-bit key per rfc7091. +@item GNUTLS_@-PK_@-GOST_@-12_@-512 +GOST R 34.10-2012 algorithm, 512-bit key per rfc7091. +@item GNUTLS_@-PK_@-MAX +-- undescribed -- +@end table diff --git a/doc/enums/gnutls_pkcs11_obj_flags b/doc/enums/gnutls_pkcs11_obj_flags new file mode 100644 index 0000000..cd18b54 --- /dev/null +++ b/doc/enums/gnutls_pkcs11_obj_flags @@ -0,0 +1,56 @@ + + +@c gnutls_pkcs11_obj_flags +@table @code +@item GNUTLS_@-PKCS11_@-OBJ_@-FLAG_@-LOGIN +Force login in the token for the operation (seek+store). +@item GNUTLS_@-PKCS11_@-OBJ_@-FLAG_@-MARK_@-TRUSTED +object marked as trusted (seek+store). +@item GNUTLS_@-PKCS11_@-OBJ_@-FLAG_@-MARK_@-SENSITIVE +object is explicitly marked as sensitive -unexportable (store). +@item GNUTLS_@-PKCS11_@-OBJ_@-FLAG_@-LOGIN_@-SO +force login as a security officer in the token for the operation (seek+store). +@item GNUTLS_@-PKCS11_@-OBJ_@-FLAG_@-MARK_@-PRIVATE +marked as private -requires PIN to access (store). +@item GNUTLS_@-PKCS11_@-OBJ_@-FLAG_@-MARK_@-NOT_@-PRIVATE +marked as not private (store). +@item GNUTLS_@-PKCS11_@-OBJ_@-FLAG_@-RETRIEVE_@-ANY +When retrieving an object, do not set any requirements (store). +@item GNUTLS_@-PKCS11_@-OBJ_@-FLAG_@-RETRIEVE_@-TRUSTED +When retrieving an object, only retrieve the marked as trusted (alias to @code{GNUTLS_PKCS11_OBJ_FLAG_MARK_TRUSTED} ). +In @code{gnutls_pkcs11_crt_is_known()} it implies @code{GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_COMPARE} if @code{GNUTLS_PKCS11_OBJ_FLAG_COMPARE_KEY} is not given. +@item GNUTLS_@-PKCS11_@-OBJ_@-FLAG_@-MARK_@-DISTRUSTED +When writing an object, mark it as distrusted (store). +@item GNUTLS_@-PKCS11_@-OBJ_@-FLAG_@-RETRIEVE_@-DISTRUSTED +When retrieving an object, only retrieve the marked as distrusted (seek). +@item GNUTLS_@-PKCS11_@-OBJ_@-FLAG_@-COMPARE +When checking an object's presence, fully compare it before returning any result (seek). +@item GNUTLS_@-PKCS11_@-OBJ_@-FLAG_@-PRESENT_@-IN_@-TRUSTED_@-MODULE +The object must be present in a marked as trusted module (seek). +@item GNUTLS_@-PKCS11_@-OBJ_@-FLAG_@-MARK_@-CA +Mark the object as a CA (seek+store). +@item GNUTLS_@-PKCS11_@-OBJ_@-FLAG_@-MARK_@-KEY_@-WRAP +Mark the generated key pair as wrapping and unwrapping keys (store). +@item GNUTLS_@-PKCS11_@-OBJ_@-FLAG_@-COMPARE_@-KEY +When checking an object's presence, compare the key before returning any result (seek). +@item GNUTLS_@-PKCS11_@-OBJ_@-FLAG_@-OVERWRITE_@-TRUSTMOD_@-EXT +When an issuer is requested, override its extensions with the ones present in the trust module (seek). +@item GNUTLS_@-PKCS11_@-OBJ_@-FLAG_@-MARK_@-ALWAYS_@-AUTH +Mark the key pair as requiring authentication (pin entry) before every operation (seek+store). +@item GNUTLS_@-PKCS11_@-OBJ_@-FLAG_@-MARK_@-EXTRACTABLE +Mark the key pair as being extractable (store). +@item GNUTLS_@-PKCS11_@-OBJ_@-FLAG_@-NEVER_@-EXTRACTABLE +If set, the object was never marked as extractable (store). +@item GNUTLS_@-PKCS11_@-OBJ_@-FLAG_@-CRT +When searching, restrict to certificates only (seek). +@item GNUTLS_@-PKCS11_@-OBJ_@-FLAG_@-WITH_@-PRIVKEY +-- undescribed -- +@item GNUTLS_@-PKCS11_@-OBJ_@-FLAG_@-PUBKEY +When searching, restrict to public key objects only (seek). +@item GNUTLS_@-PKCS11_@-OBJ_@-FLAG_@-NO_@-STORE_@-PUBKEY +When generating a keypair don't store the public key (store). +@item GNUTLS_@-PKCS11_@-OBJ_@-FLAG_@-PRIVKEY +When searching, restrict to private key objects only (seek). +@item GNUTLS_@-PKCS11_@-OBJ_@-FLAG_@-MARK_@-NOT_@-SENSITIVE +object marked as not sensitive -exportable (store). +@end table diff --git a/doc/enums/gnutls_pkcs11_obj_info_t b/doc/enums/gnutls_pkcs11_obj_info_t new file mode 100644 index 0000000..bc669b5 --- /dev/null +++ b/doc/enums/gnutls_pkcs11_obj_info_t @@ -0,0 +1,25 @@ + + +@c gnutls_pkcs11_obj_info_t +@table @code +@item GNUTLS_@-PKCS11_@-OBJ_@-ID_@-HEX +The object ID in hex. Null-terminated text. +@item GNUTLS_@-PKCS11_@-OBJ_@-LABEL +The object label. Null-terminated text. +@item GNUTLS_@-PKCS11_@-OBJ_@-TOKEN_@-LABEL +The token's label. Null-terminated text. +@item GNUTLS_@-PKCS11_@-OBJ_@-TOKEN_@-SERIAL +The token's serial number. Null-terminated text. +@item GNUTLS_@-PKCS11_@-OBJ_@-TOKEN_@-MANUFACTURER +The token's manufacturer. Null-terminated text. +@item GNUTLS_@-PKCS11_@-OBJ_@-TOKEN_@-MODEL +The token's model. Null-terminated text. +@item GNUTLS_@-PKCS11_@-OBJ_@-ID +The object ID. Raw bytes. +@item GNUTLS_@-PKCS11_@-OBJ_@-LIBRARY_@-VERSION +The library's version. Null-terminated text. +@item GNUTLS_@-PKCS11_@-OBJ_@-LIBRARY_@-DESCRIPTION +The library's description. Null-terminated text. +@item GNUTLS_@-PKCS11_@-OBJ_@-LIBRARY_@-MANUFACTURER +The library's manufacturer name. Null-terminated text. +@end table diff --git a/doc/enums/gnutls_pkcs11_obj_type_t b/doc/enums/gnutls_pkcs11_obj_type_t new file mode 100644 index 0000000..ecd6267 --- /dev/null +++ b/doc/enums/gnutls_pkcs11_obj_type_t @@ -0,0 +1,19 @@ + + +@c gnutls_pkcs11_obj_type_t +@table @code +@item GNUTLS_@-PKCS11_@-OBJ_@-UNKNOWN +Unknown PKCS11 object. +@item GNUTLS_@-PKCS11_@-OBJ_@-X509_@-CRT +X.509 certificate. +@item GNUTLS_@-PKCS11_@-OBJ_@-PUBKEY +Public key. +@item GNUTLS_@-PKCS11_@-OBJ_@-PRIVKEY +Private key. +@item GNUTLS_@-PKCS11_@-OBJ_@-SECRET_@-KEY +Secret key. +@item GNUTLS_@-PKCS11_@-OBJ_@-DATA +Data object. +@item GNUTLS_@-PKCS11_@-OBJ_@-X509_@-CRT_@-EXTENSION +X.509 certificate extension (supported by p11-kit trust module only). +@end table diff --git a/doc/enums/gnutls_pkcs11_token_info_t b/doc/enums/gnutls_pkcs11_token_info_t new file mode 100644 index 0000000..ac82442 --- /dev/null +++ b/doc/enums/gnutls_pkcs11_token_info_t @@ -0,0 +1,16 @@ + + +@c gnutls_pkcs11_token_info_t +@table @code +@item GNUTLS_@-PKCS11_@-TOKEN_@-LABEL +The token's label (string) +@item GNUTLS_@-PKCS11_@-TOKEN_@-SERIAL +The token's serial number (string) +@item GNUTLS_@-PKCS11_@-TOKEN_@-MANUFACTURER +The token's manufacturer (string) +@item GNUTLS_@-PKCS11_@-TOKEN_@-MODEL +The token's model (string) +@item GNUTLS_@-PKCS11_@-TOKEN_@-MODNAME +The token's module name (string - since 3.4.3). This value is +unavailable for providers which were manually loaded. +@end table diff --git a/doc/enums/gnutls_pkcs11_url_type_t b/doc/enums/gnutls_pkcs11_url_type_t new file mode 100644 index 0000000..896e3cc --- /dev/null +++ b/doc/enums/gnutls_pkcs11_url_type_t @@ -0,0 +1,11 @@ + + +@c gnutls_pkcs11_url_type_t +@table @code +@item GNUTLS_@-PKCS11_@-URL_@-GENERIC +A generic-purpose URL. +@item GNUTLS_@-PKCS11_@-URL_@-LIB +A URL that specifies the library used as well. +@item GNUTLS_@-PKCS11_@-URL_@-LIB_@-VERSION +A URL that specifies the library and its version. +@end table diff --git a/doc/enums/gnutls_pkcs12_bag_type_t b/doc/enums/gnutls_pkcs12_bag_type_t new file mode 100644 index 0000000..1ddb82f --- /dev/null +++ b/doc/enums/gnutls_pkcs12_bag_type_t @@ -0,0 +1,21 @@ + + +@c gnutls_pkcs12_bag_type_t +@table @code +@item GNUTLS_@-BAG_@-EMPTY +Empty PKCS-12 bag. +@item GNUTLS_@-BAG_@-PKCS8_@-ENCRYPTED_@-KEY +PKCS-12 bag with PKCS-8 encrypted key. +@item GNUTLS_@-BAG_@-PKCS8_@-KEY +PKCS-12 bag with PKCS-8 key. +@item GNUTLS_@-BAG_@-CERTIFICATE +PKCS-12 bag with certificate. +@item GNUTLS_@-BAG_@-CRL +PKCS-12 bag with CRL. +@item GNUTLS_@-BAG_@-SECRET +PKCS-12 bag with secret PKCS-9 keys. +@item GNUTLS_@-BAG_@-ENCRYPTED +Encrypted PKCS-12 bag. +@item GNUTLS_@-BAG_@-UNKNOWN +Unknown PKCS-12 bag. +@end table diff --git a/doc/enums/gnutls_pkcs7_sign_flags b/doc/enums/gnutls_pkcs7_sign_flags new file mode 100644 index 0000000..c5a7250 --- /dev/null +++ b/doc/enums/gnutls_pkcs7_sign_flags @@ -0,0 +1,13 @@ + + +@c gnutls_pkcs7_sign_flags +@table @code +@item GNUTLS_@-PKCS7_@-EMBED_@-DATA +The signed data will be embedded in the structure. +@item GNUTLS_@-PKCS7_@-INCLUDE_@-TIME +The signing time will be included in the structure. +@item GNUTLS_@-PKCS7_@-INCLUDE_@-CERT +The signer's certificate will be included in the cert list. +@item GNUTLS_@-PKCS7_@-WRITE_@-SPKI +Use the signer's key identifier instead of name. +@end table diff --git a/doc/enums/gnutls_pkcs_encrypt_flags_t b/doc/enums/gnutls_pkcs_encrypt_flags_t new file mode 100644 index 0000000..3cb65d6 --- /dev/null +++ b/doc/enums/gnutls_pkcs_encrypt_flags_t @@ -0,0 +1,37 @@ + + +@c gnutls_pkcs_encrypt_flags_t +@table @code +@item GNUTLS_@-PKCS_@-PLAIN +Unencrypted private key. +@item GNUTLS_@-PKCS_@-PKCS12_@-3DES +PKCS-12 3DES. +@item GNUTLS_@-PKCS_@-PKCS12_@-ARCFOUR +PKCS-12 ARCFOUR. +@item GNUTLS_@-PKCS_@-PKCS12_@-RC2_@-40 +PKCS-12 RC2-40. +@item GNUTLS_@-PKCS_@-PBES2_@-3DES +PBES2 3DES. +@item GNUTLS_@-PKCS_@-PBES2_@-AES_@-128 +PBES2 AES-128. +@item GNUTLS_@-PKCS_@-PBES2_@-AES_@-192 +PBES2 AES-192. +@item GNUTLS_@-PKCS_@-PBES2_@-AES_@-256 +PBES2 AES-256. +@item GNUTLS_@-PKCS_@-NULL_@-PASSWORD +Some schemas distinguish between an empty and a NULL password. +@item GNUTLS_@-PKCS_@-PBES2_@-DES +PBES2 single DES. +@item GNUTLS_@-PKCS_@-PBES1_@-DES_@-MD5 +PBES1 with single DES; for compatibility with openssl only. +@item GNUTLS_@-PKCS_@-PBES2_@-GOST_@-TC26Z +PBES2 GOST 28147-89 CFB with TC26-Z S-box. +@item GNUTLS_@-PKCS_@-PBES2_@-GOST_@-CPA +PBES2 GOST 28147-89 CFB with CryptoPro-A S-box. +@item GNUTLS_@-PKCS_@-PBES2_@-GOST_@-CPB +PBES2 GOST 28147-89 CFB with CryptoPro-B S-box. +@item GNUTLS_@-PKCS_@-PBES2_@-GOST_@-CPC +PBES2 GOST 28147-89 CFB with CryptoPro-C S-box. +@item GNUTLS_@-PKCS_@-PBES2_@-GOST_@-CPD +PBES2 GOST 28147-89 CFB with CryptoPro-D S-box. +@end table diff --git a/doc/enums/gnutls_privkey_flags_t b/doc/enums/gnutls_privkey_flags_t new file mode 100644 index 0000000..638a2b9 --- /dev/null +++ b/doc/enums/gnutls_privkey_flags_t @@ -0,0 +1,27 @@ + + +@c gnutls_privkey_flags_t +@table @code +@item GNUTLS_@-PRIVKEY_@-IMPORT_@-AUTO_@-RELEASE +When importing a private key, automatically +release it when the structure it was imported is released. +@item GNUTLS_@-PRIVKEY_@-IMPORT_@-COPY +Copy required values during import. +@item GNUTLS_@-PRIVKEY_@-DISABLE_@-CALLBACKS +The following flag disables call to PIN callbacks etc. +Only relevant to TPM keys. +@item GNUTLS_@-PRIVKEY_@-SIGN_@-FLAG_@-TLS1_@-RSA +Make an RSA signature on the hashed data as in the TLS protocol. +@item GNUTLS_@-PRIVKEY_@-FLAG_@-PROVABLE +When generating a key involving prime numbers, use provable primes; a seed may be required. +@item GNUTLS_@-PRIVKEY_@-FLAG_@-EXPORT_@-COMPAT +Keys generated or imported as provable require an extended format which cannot be read by previous versions +of gnutls or other applications. By setting this flag the key will be exported in a backwards compatible way, +even if the information about the seed used will be lost. +@item GNUTLS_@-PRIVKEY_@-SIGN_@-FLAG_@-RSA_@-PSS +Make an RSA signature on the hashed data with the PSS padding. +@item GNUTLS_@-PRIVKEY_@-FLAG_@-REPRODUCIBLE +Make an RSA-PSS signature on the hashed data with reproducible parameters (zero salt). +@item GNUTLS_@-PRIVKEY_@-FLAG_@-CA +The generated private key is going to be used as a CA (relevant for RSA-PSS keys). +@end table diff --git a/doc/enums/gnutls_privkey_type_t b/doc/enums/gnutls_privkey_type_t new file mode 100644 index 0000000..41eb82d --- /dev/null +++ b/doc/enums/gnutls_privkey_type_t @@ -0,0 +1,13 @@ + + +@c gnutls_privkey_type_t +@table @code +@item GNUTLS_@-PRIVKEY_@-X509 +X.509 private key, @code{gnutls_x509_privkey_t} . +@item GNUTLS_@-PRIVKEY_@-OPENPGP +OpenPGP private key, @code{gnutls_openpgp_privkey_t} . +@item GNUTLS_@-PRIVKEY_@-PKCS11 +PKCS11 private key, @code{gnutls_pkcs11_privkey_t} . +@item GNUTLS_@-PRIVKEY_@-EXT +External private key, operating using callbacks. +@end table diff --git a/doc/enums/gnutls_protocol_t b/doc/enums/gnutls_protocol_t new file mode 100644 index 0000000..98d0c36 --- /dev/null +++ b/doc/enums/gnutls_protocol_t @@ -0,0 +1,31 @@ + + +@c gnutls_protocol_t +@table @code +@item GNUTLS_@-SSL3 +SSL version 3.0. +@item GNUTLS_@-TLS1_@-0 +TLS version 1.0. +@item GNUTLS_@-TLS1 +Same as @code{GNUTLS_TLS1_0} . +@item GNUTLS_@-TLS1_@-1 +TLS version 1.1. +@item GNUTLS_@-TLS1_@-2 +TLS version 1.2. +@item GNUTLS_@-TLS1_@-3 +TLS version 1.3. +@item GNUTLS_@-DTLS0_@-9 +DTLS version 0.9 (Cisco AnyConnect / OpenSSL 0.9.8e). +@item GNUTLS_@-DTLS1_@-0 +DTLS version 1.0. +@item GNUTLS_@-DTLS1_@-2 +DTLS version 1.2. +@item GNUTLS_@-DTLS_@-VERSION_@-MIN +-- undescribed -- +@item GNUTLS_@-DTLS_@-VERSION_@-MAX +Maps to the highest supported DTLS version. +@item GNUTLS_@-TLS_@-VERSION_@-MAX +Maps to the highest supported TLS version. +@item GNUTLS_@-VERSION_@-UNKNOWN +Unknown SSL/TLS version. +@end table diff --git a/doc/enums/gnutls_psk_key_flags b/doc/enums/gnutls_psk_key_flags new file mode 100644 index 0000000..dff8c29 --- /dev/null +++ b/doc/enums/gnutls_psk_key_flags @@ -0,0 +1,9 @@ + + +@c gnutls_psk_key_flags +@table @code +@item GNUTLS_@-PSK_@-KEY_@-RAW +PSK-key in raw format. +@item GNUTLS_@-PSK_@-KEY_@-HEX +PSK-key in hex format. +@end table diff --git a/doc/enums/gnutls_pubkey_flags_t b/doc/enums/gnutls_pubkey_flags_t new file mode 100644 index 0000000..e28aeea --- /dev/null +++ b/doc/enums/gnutls_pubkey_flags_t @@ -0,0 +1,10 @@ + + +@c gnutls_pubkey_flags_t +@table @code +@item GNUTLS_@-PUBKEY_@-DISABLE_@-CALLBACKS +The following flag disables call to PIN callbacks. Only +relevant to TPM keys. +@item GNUTLS_@-PUBKEY_@-GET_@-OPENPGP_@-FINGERPRINT +request an OPENPGP fingerprint instead of the default. +@end table diff --git a/doc/enums/gnutls_rnd_level_t b/doc/enums/gnutls_rnd_level_t new file mode 100644 index 0000000..13317d4 --- /dev/null +++ b/doc/enums/gnutls_rnd_level_t @@ -0,0 +1,14 @@ + + +@c gnutls_rnd_level_t +@table @code +@item GNUTLS_@-RND_@-NONCE +Non-predictable random number. Fatal in parts +of session if broken, i.e., vulnerable to statistical analysis. +@item GNUTLS_@-RND_@-RANDOM +Pseudo-random cryptographic random number. +Fatal in session if broken. Example use: temporal keys. +@item GNUTLS_@-RND_@-KEY +Fatal in many sessions if broken. Example use: +Long-term keys. +@end table diff --git a/doc/enums/gnutls_sec_param_t b/doc/enums/gnutls_sec_param_t new file mode 100644 index 0000000..ead2796 --- /dev/null +++ b/doc/enums/gnutls_sec_param_t @@ -0,0 +1,29 @@ + + +@c gnutls_sec_param_t +@table @code +@item GNUTLS_@-SEC_@-PARAM_@-UNKNOWN +Cannot be known +@item GNUTLS_@-SEC_@-PARAM_@-INSECURE +Less than 42 bits of security +@item GNUTLS_@-SEC_@-PARAM_@-EXPORT +42 bits of security +@item GNUTLS_@-SEC_@-PARAM_@-VERY_@-WEAK +64 bits of security +@item GNUTLS_@-SEC_@-PARAM_@-WEAK +72 bits of security +@item GNUTLS_@-SEC_@-PARAM_@-LOW +80 bits of security +@item GNUTLS_@-SEC_@-PARAM_@-LEGACY +96 bits of security +@item GNUTLS_@-SEC_@-PARAM_@-MEDIUM +112 bits of security (used to be @code{GNUTLS_SEC_PARAM_NORMAL} ) +@item GNUTLS_@-SEC_@-PARAM_@-HIGH +128 bits of security +@item GNUTLS_@-SEC_@-PARAM_@-ULTRA +192 bits of security +@item GNUTLS_@-SEC_@-PARAM_@-FUTURE +256 bits of security +@item GNUTLS_@-SEC_@-PARAM_@-MAX +-- undescribed -- +@end table diff --git a/doc/enums/gnutls_server_name_type_t b/doc/enums/gnutls_server_name_type_t new file mode 100644 index 0000000..aadb24f --- /dev/null +++ b/doc/enums/gnutls_server_name_type_t @@ -0,0 +1,7 @@ + + +@c gnutls_server_name_type_t +@table @code +@item GNUTLS_@-NAME_@-DNS +Domain Name System name type. +@end table diff --git a/doc/enums/gnutls_session_flags_t b/doc/enums/gnutls_session_flags_t new file mode 100644 index 0000000..80140d9 --- /dev/null +++ b/doc/enums/gnutls_session_flags_t @@ -0,0 +1,27 @@ + + +@c gnutls_session_flags_t +@table @code +@item GNUTLS_@-SFLAGS_@-SAFE_@-RENEGOTIATION +Safe renegotiation (RFC5746) was used +@item GNUTLS_@-SFLAGS_@-EXT_@-MASTER_@-SECRET +The extended master secret (RFC7627) extension was used +@item GNUTLS_@-SFLAGS_@-ETM +The encrypt then MAC (RFC7366) extension was used +@item GNUTLS_@-SFLAGS_@-HB_@-LOCAL_@-SEND +The heartbeat negotiation allows the local side to send heartbeat messages +@item GNUTLS_@-SFLAGS_@-HB_@-PEER_@-SEND +The heartbeat negotiation allows the peer to send heartbeat messages +@item GNUTLS_@-SFLAGS_@-FALSE_@-START +False start was used in this client session. +@item GNUTLS_@-SFLAGS_@-RFC7919 +The RFC7919 Diffie-Hellman parameters were negotiated +@item GNUTLS_@-SFLAGS_@-SESSION_@-TICKET +A session ticket has been received by the server. +@item GNUTLS_@-SFLAGS_@-POST_@-HANDSHAKE_@-AUTH +Indicates client capability for post-handshake auth; set only on server side. +@item GNUTLS_@-SFLAGS_@-EARLY_@-START +The TLS1.3 server session returned early. +@item GNUTLS_@-SFLAGS_@-EARLY_@-DATA +The TLS1.3 early data has been received by the server. +@end table diff --git a/doc/enums/gnutls_sign_algorithm_t b/doc/enums/gnutls_sign_algorithm_t new file mode 100644 index 0000000..bd81fba --- /dev/null +++ b/doc/enums/gnutls_sign_algorithm_t @@ -0,0 +1,110 @@ + + +@c gnutls_sign_algorithm_t +@table @code +@item GNUTLS_@-SIGN_@-UNKNOWN +Unknown signature algorithm. +@item GNUTLS_@-SIGN_@-RSA_@-SHA1 +Digital signature algorithm RSA with SHA-1 +@item GNUTLS_@-SIGN_@-RSA_@-SHA +Same as @code{GNUTLS_SIGN_RSA_SHA1} . +@item GNUTLS_@-SIGN_@-DSA_@-SHA1 +Digital signature algorithm DSA with SHA-1 +@item GNUTLS_@-SIGN_@-DSA_@-SHA +Same as @code{GNUTLS_SIGN_DSA_SHA1} . +@item GNUTLS_@-SIGN_@-RSA_@-MD5 +Digital signature algorithm RSA with MD5. +@item GNUTLS_@-SIGN_@-RSA_@-MD2 +Digital signature algorithm RSA with MD2. +@item GNUTLS_@-SIGN_@-RSA_@-RMD160 +Digital signature algorithm RSA with RMD-160. +@item GNUTLS_@-SIGN_@-RSA_@-SHA256 +Digital signature algorithm RSA with SHA-256. +@item GNUTLS_@-SIGN_@-RSA_@-SHA384 +Digital signature algorithm RSA with SHA-384. +@item GNUTLS_@-SIGN_@-RSA_@-SHA512 +Digital signature algorithm RSA with SHA-512. +@item GNUTLS_@-SIGN_@-RSA_@-SHA224 +Digital signature algorithm RSA with SHA-224. +@item GNUTLS_@-SIGN_@-DSA_@-SHA224 +Digital signature algorithm DSA with SHA-224 +@item GNUTLS_@-SIGN_@-DSA_@-SHA256 +Digital signature algorithm DSA with SHA-256 +@item GNUTLS_@-SIGN_@-ECDSA_@-SHA1 +ECDSA with SHA1. +@item GNUTLS_@-SIGN_@-ECDSA_@-SHA224 +Digital signature algorithm ECDSA with SHA-224. +@item GNUTLS_@-SIGN_@-ECDSA_@-SHA256 +Digital signature algorithm ECDSA with SHA-256. +@item GNUTLS_@-SIGN_@-ECDSA_@-SHA384 +Digital signature algorithm ECDSA with SHA-384. +@item GNUTLS_@-SIGN_@-ECDSA_@-SHA512 +Digital signature algorithm ECDSA with SHA-512. +@item GNUTLS_@-SIGN_@-DSA_@-SHA384 +Digital signature algorithm DSA with SHA-384 +@item GNUTLS_@-SIGN_@-DSA_@-SHA512 +Digital signature algorithm DSA with SHA-512 +@item GNUTLS_@-SIGN_@-ECDSA_@-SHA3_@-224 +Digital signature algorithm ECDSA with SHA3-224. +@item GNUTLS_@-SIGN_@-ECDSA_@-SHA3_@-256 +Digital signature algorithm ECDSA with SHA3-256. +@item GNUTLS_@-SIGN_@-ECDSA_@-SHA3_@-384 +Digital signature algorithm ECDSA with SHA3-384. +@item GNUTLS_@-SIGN_@-ECDSA_@-SHA3_@-512 +Digital signature algorithm ECDSA with SHA3-512. +@item GNUTLS_@-SIGN_@-DSA_@-SHA3_@-224 +Digital signature algorithm DSA with SHA3-224. +@item GNUTLS_@-SIGN_@-DSA_@-SHA3_@-256 +Digital signature algorithm DSA with SHA3-256. +@item GNUTLS_@-SIGN_@-DSA_@-SHA3_@-384 +Digital signature algorithm DSA with SHA3-384. +@item GNUTLS_@-SIGN_@-DSA_@-SHA3_@-512 +Digital signature algorithm DSA with SHA3-512. +@item GNUTLS_@-SIGN_@-RSA_@-SHA3_@-224 +Digital signature algorithm RSA with SHA3-224. +@item GNUTLS_@-SIGN_@-RSA_@-SHA3_@-256 +Digital signature algorithm RSA with SHA3-256. +@item GNUTLS_@-SIGN_@-RSA_@-SHA3_@-384 +Digital signature algorithm RSA with SHA3-384. +@item GNUTLS_@-SIGN_@-RSA_@-SHA3_@-512 +Digital signature algorithm RSA with SHA3-512. +@item GNUTLS_@-SIGN_@-RSA_@-PSS_@-SHA256 +Digital signature algorithm RSA with SHA-256, with PSS padding (RSA-PSS certificate). +@item GNUTLS_@-SIGN_@-RSA_@-PSS_@-SHA384 +Digital signature algorithm RSA with SHA-384, with PSS padding (RSA-PSS certificate). +@item GNUTLS_@-SIGN_@-RSA_@-PSS_@-SHA512 +Digital signature algorithm RSA with SHA-512, with PSS padding (RSA-PSS certificate). +@item GNUTLS_@-SIGN_@-EDDSA_@-ED25519 +Digital signature algorithm EdDSA with Ed25519 curve. +@item GNUTLS_@-SIGN_@-RSA_@-RAW +Digital signature algorithm RSA with DigestInfo formatted data +@item GNUTLS_@-SIGN_@-ECDSA_@-SECP256R1_@-SHA256 +Digital signature algorithm ECDSA-SECP256R1 with SHA-256 (used in TLS 1.3 but not PKIX). +@item GNUTLS_@-SIGN_@-ECDSA_@-SECP384R1_@-SHA384 +Digital signature algorithm ECDSA-SECP384R1 with SHA-384 (used in TLS 1.3 but not PKIX). +@item GNUTLS_@-SIGN_@-ECDSA_@-SECP521R1_@-SHA512 +Digital signature algorithm ECDSA-SECP521R1 with SHA-512 (used in TLS 1.3 but not PKIX). +@item GNUTLS_@-SIGN_@-RSA_@-PSS_@-RSAE_@-SHA256 +Digital signature algorithm RSA with SHA-256, +with PSS padding (RSA PKCS@code{1} 1.5 certificate). This signature is identical +to @code{GNUTLS_SIGN_RSA_PSS_SHA256} , but they are distinct as the TLS1.3 protocol +treats them differently. +@item GNUTLS_@-SIGN_@-RSA_@-PSS_@-RSAE_@-SHA384 +Digital signature algorithm RSA with SHA-384, +with PSS padding (RSA PKCS@code{1} 1.5 certificate). This signature is identical +to @code{GNUTLS_SIGN_RSA_PSS_SHA384} , but they are distinct as the TLS1.3 protocol +treats them differently. +@item GNUTLS_@-SIGN_@-RSA_@-PSS_@-RSAE_@-SHA512 +Digital signature algorithm RSA with SHA-512, +with PSS padding (RSA PKCS@code{1} 1.5 certificate). This signature is identical +to @code{GNUTLS_SIGN_RSA_PSS_SHA512} , but they are distinct as the TLS1.3 protocol +treats them differently. +@item GNUTLS_@-SIGN_@-GOST_@-94 +Digital signature algorithm GOST R 34.10-2001 with GOST R 34.11-94 +@item GNUTLS_@-SIGN_@-GOST_@-256 +Digital signature algorithm GOST R 34.10-2012 with GOST R 34.11-2012 256 bit +@item GNUTLS_@-SIGN_@-GOST_@-512 +Digital signature algorithm GOST R 34.10-2012 with GOST R 34.11-2012 512 bit +@item GNUTLS_@-SIGN_@-MAX +-- undescribed -- +@end table diff --git a/doc/enums/gnutls_srtp_profile_t b/doc/enums/gnutls_srtp_profile_t new file mode 100644 index 0000000..23c0c86 --- /dev/null +++ b/doc/enums/gnutls_srtp_profile_t @@ -0,0 +1,13 @@ + + +@c gnutls_srtp_profile_t +@table @code +@item GNUTLS_@-SRTP_@-AES128_@-CM_@-HMAC_@-SHA1_@-80 +128 bit AES with a 80 bit HMAC-SHA1 +@item GNUTLS_@-SRTP_@-AES128_@-CM_@-HMAC_@-SHA1_@-32 +128 bit AES with a 32 bit HMAC-SHA1 +@item GNUTLS_@-SRTP_@-NULL_@-HMAC_@-SHA1_@-80 +NULL cipher with a 80 bit HMAC-SHA1 +@item GNUTLS_@-SRTP_@-NULL_@-HMAC_@-SHA1_@-32 +NULL cipher with a 32 bit HMAC-SHA1 +@end table diff --git a/doc/enums/gnutls_supplemental_data_format_type_t b/doc/enums/gnutls_supplemental_data_format_type_t new file mode 100644 index 0000000..bbf3976 --- /dev/null +++ b/doc/enums/gnutls_supplemental_data_format_type_t @@ -0,0 +1,7 @@ + + +@c gnutls_supplemental_data_format_type_t +@table @code +@item GNUTLS_@-SUPPLEMENTAL_@-UNKNOWN +Unknown data format +@end table diff --git a/doc/enums/gnutls_tpmkey_fmt_t b/doc/enums/gnutls_tpmkey_fmt_t new file mode 100644 index 0000000..46a66d9 --- /dev/null +++ b/doc/enums/gnutls_tpmkey_fmt_t @@ -0,0 +1,11 @@ + + +@c gnutls_tpmkey_fmt_t +@table @code +@item GNUTLS_@-TPMKEY_@-FMT_@-RAW +The portable data format. +@item GNUTLS_@-TPMKEY_@-FMT_@-DER +An alias for the raw format. +@item GNUTLS_@-TPMKEY_@-FMT_@-CTK_@-PEM +A custom data format used by some TPM tools. +@end table diff --git a/doc/enums/gnutls_vdata_types_t b/doc/enums/gnutls_vdata_types_t new file mode 100644 index 0000000..3ab312d --- /dev/null +++ b/doc/enums/gnutls_vdata_types_t @@ -0,0 +1,23 @@ + + +@c gnutls_vdata_types_t +@table @code +@item GNUTLS_@-DT_@-UNKNOWN +Unknown data type. +@item GNUTLS_@-DT_@-DNS_@-HOSTNAME +The data contain a null-terminated DNS hostname; the hostname will be +matched using the RFC6125 rules. If the data contain a textual IP (v4 or v6) address it will +be marched against the IPAddress Alternative name, unless the verification flag @code{GNUTLS_VERIFY_DO_NOT_ALLOW_IP_MATCHES} +is specified. +@item GNUTLS_@-DT_@-KEY_@-PURPOSE_@-OID +The data contain a null-terminated key purpose OID. It will be matched +against the certificate's Extended Key Usage extension. +@item GNUTLS_@-DT_@-RFC822NAME +The data contain a null-terminated email address; the email will be +matched against the RFC822Name Alternative name of the certificate, or the EMAIL DN component if the +former isn't available. Prior to matching the email address will be converted to ACE +(ASCII-compatible-encoding). +@item GNUTLS_@-DT_@-IP_@-ADDRESS +The data contain a raw IP address (4 or 16 bytes). If will be matched +against the IPAddress Alternative name; option available since 3.6.0. +@end table diff --git a/doc/enums/gnutls_x509_crl_reason_t b/doc/enums/gnutls_x509_crl_reason_t new file mode 100644 index 0000000..7419a13 --- /dev/null +++ b/doc/enums/gnutls_x509_crl_reason_t @@ -0,0 +1,25 @@ + + +@c gnutls_x509_crl_reason_t +@table @code +@item GNUTLS_@-X509_@-CRLREASON_@-UNSPECIFIED +Unspecified reason. +@item GNUTLS_@-X509_@-CRLREASON_@-KEYCOMPROMISE +Private key compromised. +@item GNUTLS_@-X509_@-CRLREASON_@-CACOMPROMISE +CA compromised. +@item GNUTLS_@-X509_@-CRLREASON_@-AFFILIATIONCHANGED +Affiliation has changed. +@item GNUTLS_@-X509_@-CRLREASON_@-SUPERSEDED +Certificate superseded. +@item GNUTLS_@-X509_@-CRLREASON_@-CESSATIONOFOPERATION +Operation has ceased. +@item GNUTLS_@-X509_@-CRLREASON_@-CERTIFICATEHOLD +Certificate is on hold. +@item GNUTLS_@-X509_@-CRLREASON_@-REMOVEFROMCRL +Will be removed from delta CRL. +@item GNUTLS_@-X509_@-CRLREASON_@-PRIVILEGEWITHDRAWN +Privilege withdrawn. +@item GNUTLS_@-X509_@-CRLREASON_@-AACOMPROMISE +AA compromised. +@end table diff --git a/doc/enums/gnutls_x509_crt_flags b/doc/enums/gnutls_x509_crt_flags new file mode 100644 index 0000000..b4b41e1 --- /dev/null +++ b/doc/enums/gnutls_x509_crt_flags @@ -0,0 +1,9 @@ + + +@c gnutls_x509_crt_flags +@table @code +@item GNUTLS_@-X509_@-CRT_@-FLAG_@-IGNORE_@-SANITY +Ignore any sanity checks at the +import of the certificate; i.e., ignore checks such as version/field +matching and strict time field checks. Intended to be used for debugging. +@end table diff --git a/doc/enums/gnutls_x509_crt_fmt_t b/doc/enums/gnutls_x509_crt_fmt_t new file mode 100644 index 0000000..fe06c86 --- /dev/null +++ b/doc/enums/gnutls_x509_crt_fmt_t @@ -0,0 +1,9 @@ + + +@c gnutls_x509_crt_fmt_t +@table @code +@item GNUTLS_@-X509_@-FMT_@-DER +X.509 certificate in DER format (binary). +@item GNUTLS_@-X509_@-FMT_@-PEM +X.509 certificate in PEM format (text). +@end table diff --git a/doc/enums/gnutls_x509_subject_alt_name_t b/doc/enums/gnutls_x509_subject_alt_name_t new file mode 100644 index 0000000..330c9cc --- /dev/null +++ b/doc/enums/gnutls_x509_subject_alt_name_t @@ -0,0 +1,23 @@ + + +@c gnutls_x509_subject_alt_name_t +@table @code +@item GNUTLS_@-SAN_@-DNSNAME +DNS-name SAN. +@item GNUTLS_@-SAN_@-RFC822NAME +E-mail address SAN. +@item GNUTLS_@-SAN_@-URI +URI SAN. +@item GNUTLS_@-SAN_@-IPADDRESS +IP address SAN. +@item GNUTLS_@-SAN_@-OTHERNAME +OtherName SAN. +@item GNUTLS_@-SAN_@-DN +DN SAN. +@item GNUTLS_@-SAN_@-MAX +-- undescribed -- +@item GNUTLS_@-SAN_@-OTHERNAME_@-XMPP +Virtual SAN, used by certain functions for convenience. +@item GNUTLS_@-SAN_@-OTHERNAME_@-KRB5PRINCIPAL +Virtual SAN, used by certain functions for convenience. +@end table diff --git a/doc/errcodes.c b/doc/errcodes.c new file mode 100644 index 0000000..1548f93 --- /dev/null +++ b/doc/errcodes.c @@ -0,0 +1,157 @@ +/* + * Copyright (C) 2004-2012 Free Software Foundation, Inc. + * Author: Nikos Mavrogiannopoulos, Simon Josefsson + * + * This file is part of GnuTLS. + * + * GnuTLS is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * GnuTLS is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + */ + +#ifdef HAVE_CONFIG_H +#include "config.h" +#endif + +#include +#include +#include +#include +#include "common.h" + +static void main_latex(void); +static int main_texinfo(void); + +#define MAX_CODES 600 + +typedef struct { + char name[128]; + int error_index; +} error_name; + + +static int compar(const void *_n1, const void *_n2) +{ + const error_name *n1 = (const error_name *) _n1, + *n2 = (const error_name *) _n2; + return strcmp(n1->name, n2->name); +} + +static const char headers[] = "\\tablefirsthead{%\n" + "\\hline\n" + "\\multicolumn{1}{|c}{Code} &\n" + "\\multicolumn{1}{c}{Name} &\n" + "\\multicolumn{1}{c|}{Description} \\\\\n" "\\hline}\n" +#if 0 + "\\tablehead{%\n" + "\\hline\n" + "\\multicolumn{3}{|l|}{\\small\\sl continued from previous page}\\\\\n" + "\\hline}\n" + "\\tabletail{%\n" + "\\hline\n" + "\\multicolumn{3}{|r|}{\\small\\sl continued on next page}\\\\\n" + "\\hline}\n" +#endif + "\\tablelasttail{\\hline}\n" + "\\bottomcaption{The error codes table}\n\n"; + +int main(int argc, char *argv[]) +{ + if (argc > 1) + main_latex(); + else + main_texinfo(); + + return 0; +} + +static int main_texinfo(void) +{ + int i, j; + const char *desc; + const char *_name; + char buffer[500]; + error_name names_to_sort[MAX_CODES]; /* up to MAX_CODES names */ + + printf("@multitable @columnfractions .15 .40 .37\n"); + + memset(names_to_sort, 0, sizeof(names_to_sort)); + j = 0; + for (i = 0; i > -MAX_CODES; i--) { + _name = gnutls_strerror_name(i); + if (_name == NULL) + continue; + + desc = gnutls_strerror(i); + + printf("@item %d @tab %s @tab %s\n", i, + escape_texi_string(_name, buffer, sizeof(buffer)), + desc); + + strcpy(names_to_sort[j].name, _name); + names_to_sort[j].error_index = i; + j++; + } + + printf("@end multitable\n"); + + return 0; +} + +static void main_latex(void) +{ + int i, j; + static char buffer1[500]; + static char buffer2[500]; + const char *desc; + const char *_name; + error_name names_to_sort[MAX_CODES]; /* up to MAX_CODES names */ + + puts(headers); + + printf + ("\\begin{supertabular}{|p{.05\\linewidth}|p{.40\\linewidth}|p{.45\\linewidth}|}\n"); + + memset(names_to_sort, 0, sizeof(names_to_sort)); + j = 0; + for (i = 0; i > -MAX_CODES; i--) { + _name = gnutls_strerror_name(i); + if (_name == NULL) + continue; + + strcpy(names_to_sort[j].name, _name); + names_to_sort[j].error_index = i; + j++; + } + +//qsort( names_to_sort, j, sizeof(error_name), compar); + + for (i = 0; i < j; i++) { + _name = names_to_sort[i].name; + desc = gnutls_strerror(names_to_sort[i].error_index); + if (desc == NULL || _name == NULL) + continue; + + printf("%d & {\\scriptsize{%s}} & %s", + names_to_sort[i].error_index, escape_string(_name, + buffer1, + sizeof + (buffer1)), + escape_string(desc, buffer2, sizeof(buffer2))); + printf("\\\\\n"); + } + + printf("\\end{supertabular}\n\n"); + + return; + +} diff --git a/doc/error_codes.texi b/doc/error_codes.texi new file mode 100644 index 0000000..43c1474 --- /dev/null +++ b/doc/error_codes.texi @@ -0,0 +1,192 @@ +@multitable @columnfractions .15 .40 .37 +@item 0 @tab GNUTLS_@-E_@-SUCCESS @tab Success. +@item -3 @tab GNUTLS_@-E_@-UNKNOWN_@-COMPRESSION_@-ALGORITHM @tab Could not negotiate a supported compression method. +@item -6 @tab GNUTLS_@-E_@-UNKNOWN_@-CIPHER_@-TYPE @tab The cipher type is unsupported. +@item -7 @tab GNUTLS_@-E_@-LARGE_@-PACKET @tab The transmitted packet is too large (EMSGSIZE). +@item -8 @tab GNUTLS_@-E_@-UNSUPPORTED_@-VERSION_@-PACKET @tab A packet with illegal or unsupported version was received. +@item -9 @tab GNUTLS_@-E_@-UNEXPECTED_@-PACKET_@-LENGTH @tab Error decoding the received TLS packet. +@item -10 @tab GNUTLS_@-E_@-INVALID_@-SESSION @tab The specified session has been invalidated for some reason. +@item -12 @tab GNUTLS_@-E_@-FATAL_@-ALERT_@-RECEIVED @tab A TLS fatal alert has been received. +@item -15 @tab GNUTLS_@-E_@-UNEXPECTED_@-PACKET @tab An unexpected TLS packet was received. +@item -16 @tab GNUTLS_@-E_@-WARNING_@-ALERT_@-RECEIVED @tab A TLS warning alert has been received. +@item -18 @tab GNUTLS_@-E_@-ERROR_@-IN_@-FINISHED_@-PACKET @tab An error was encountered at the TLS Finished packet calculation. +@item -19 @tab GNUTLS_@-E_@-UNEXPECTED_@-HANDSHAKE_@-PACKET @tab An unexpected TLS handshake packet was received. +@item -21 @tab GNUTLS_@-E_@-UNKNOWN_@-CIPHER_@-SUITE @tab Could not negotiate a supported cipher suite. +@item -22 @tab GNUTLS_@-E_@-UNWANTED_@-ALGORITHM @tab An algorithm that is not enabled was negotiated. +@item -23 @tab GNUTLS_@-E_@-MPI_@-SCAN_@-FAILED @tab The scanning of a large integer has failed. +@item -24 @tab GNUTLS_@-E_@-DECRYPTION_@-FAILED @tab Decryption has failed. +@item -25 @tab GNUTLS_@-E_@-MEMORY_@-ERROR @tab Internal error in memory allocation. +@item -26 @tab GNUTLS_@-E_@-DECOMPRESSION_@-FAILED @tab Decompression of the TLS record packet has failed. +@item -27 @tab GNUTLS_@-E_@-COMPRESSION_@-FAILED @tab Compression of the TLS record packet has failed. +@item -28 @tab GNUTLS_@-E_@-AGAIN @tab Resource temporarily unavailable, try again. +@item -29 @tab GNUTLS_@-E_@-EXPIRED @tab The session or certificate has expired. +@item -30 @tab GNUTLS_@-E_@-DB_@-ERROR @tab Error in Database backend. +@item -31 @tab GNUTLS_@-E_@-SRP_@-PWD_@-ERROR @tab Error in password/key file. +@item -32 @tab GNUTLS_@-E_@-INSUFFICIENT_@-CREDENTIALS @tab Insufficient credentials for that request. +@item -33 @tab GNUTLS_@-E_@-HASH_@-FAILED @tab Hashing has failed. +@item -34 @tab GNUTLS_@-E_@-BASE64_@-DECODING_@-ERROR @tab Base64 decoding error. +@item -35 @tab GNUTLS_@-E_@-MPI_@-PRINT_@-FAILED @tab Could not export a large integer. +@item -37 @tab GNUTLS_@-E_@-REHANDSHAKE @tab Rehandshake was requested by the peer. +@item -38 @tab GNUTLS_@-E_@-GOT_@-APPLICATION_@-DATA @tab TLS Application data were received, while expecting handshake data. +@item -39 @tab GNUTLS_@-E_@-RECORD_@-LIMIT_@-REACHED @tab The upper limit of record packet sequence numbers has been reached. Wow! +@item -40 @tab GNUTLS_@-E_@-ENCRYPTION_@-FAILED @tab Encryption has failed. +@item -43 @tab GNUTLS_@-E_@-CERTIFICATE_@-ERROR @tab Error in the certificate. +@item -44 @tab GNUTLS_@-E_@-PK_@-ENCRYPTION_@-FAILED @tab Public key encryption has failed. +@item -45 @tab GNUTLS_@-E_@-PK_@-DECRYPTION_@-FAILED @tab Public key decryption has failed. +@item -46 @tab GNUTLS_@-E_@-PK_@-SIGN_@-FAILED @tab Public key signing has failed. +@item -47 @tab GNUTLS_@-E_@-X509_@-UNSUPPORTED_@-CRITICAL_@-EXTENSION @tab Unsupported critical extension in X.509 certificate. +@item -48 @tab GNUTLS_@-E_@-KEY_@-USAGE_@-VIOLATION @tab Key usage violation in certificate has been detected. +@item -49 @tab GNUTLS_@-E_@-NO_@-CERTIFICATE_@-FOUND @tab No certificate was found. +@item -50 @tab GNUTLS_@-E_@-INVALID_@-REQUEST @tab The request is invalid. +@item -51 @tab GNUTLS_@-E_@-SHORT_@-MEMORY_@-BUFFER @tab The given memory buffer is too short to hold parameters. +@item -52 @tab GNUTLS_@-E_@-INTERRUPTED @tab Function was interrupted. +@item -53 @tab GNUTLS_@-E_@-PUSH_@-ERROR @tab Error in the push function. +@item -54 @tab GNUTLS_@-E_@-PULL_@-ERROR @tab Error in the pull function. +@item -55 @tab GNUTLS_@-E_@-RECEIVED_@-ILLEGAL_@-PARAMETER @tab An illegal parameter has been received. +@item -56 @tab GNUTLS_@-E_@-REQUESTED_@-DATA_@-NOT_@-AVAILABLE @tab The requested data were not available. +@item -57 @tab GNUTLS_@-E_@-PKCS1_@-WRONG_@-PAD @tab Wrong padding in PKCS1 packet. +@item -58 @tab GNUTLS_@-E_@-RECEIVED_@-ILLEGAL_@-EXTENSION @tab An illegal TLS extension was received. +@item -59 @tab GNUTLS_@-E_@-INTERNAL_@-ERROR @tab GnuTLS internal error. +@item -60 @tab GNUTLS_@-E_@-CERTIFICATE_@-KEY_@-MISMATCH @tab The certificate and the given key do not match. +@item -61 @tab GNUTLS_@-E_@-UNSUPPORTED_@-CERTIFICATE_@-TYPE @tab The certificate type is not supported. +@item -62 @tab GNUTLS_@-E_@-X509_@-UNKNOWN_@-SAN @tab Unknown Subject Alternative name in X.509 certificate. +@item -63 @tab GNUTLS_@-E_@-DH_@-PRIME_@-UNACCEPTABLE @tab The Diffie-Hellman prime sent by the server is not acceptable (not long enough). +@item -64 @tab GNUTLS_@-E_@-FILE_@-ERROR @tab Error while reading file. +@item -67 @tab GNUTLS_@-E_@-ASN1_@-ELEMENT_@-NOT_@-FOUND @tab ASN1 parser: Element was not found. +@item -68 @tab GNUTLS_@-E_@-ASN1_@-IDENTIFIER_@-NOT_@-FOUND @tab ASN1 parser: Identifier was not found +@item -69 @tab GNUTLS_@-E_@-ASN1_@-DER_@-ERROR @tab ASN1 parser: Error in DER parsing. +@item -70 @tab GNUTLS_@-E_@-ASN1_@-VALUE_@-NOT_@-FOUND @tab ASN1 parser: Value was not found. +@item -71 @tab GNUTLS_@-E_@-ASN1_@-GENERIC_@-ERROR @tab ASN1 parser: Generic parsing error. +@item -72 @tab GNUTLS_@-E_@-ASN1_@-VALUE_@-NOT_@-VALID @tab ASN1 parser: Value is not valid. +@item -73 @tab GNUTLS_@-E_@-ASN1_@-TAG_@-ERROR @tab ASN1 parser: Error in TAG. +@item -74 @tab GNUTLS_@-E_@-ASN1_@-TAG_@-IMPLICIT @tab ASN1 parser: error in implicit tag +@item -75 @tab GNUTLS_@-E_@-ASN1_@-TYPE_@-ANY_@-ERROR @tab ASN1 parser: Error in type 'ANY'. +@item -76 @tab GNUTLS_@-E_@-ASN1_@-SYNTAX_@-ERROR @tab ASN1 parser: Syntax error. +@item -77 @tab GNUTLS_@-E_@-ASN1_@-DER_@-OVERFLOW @tab ASN1 parser: Overflow in DER parsing. +@item -78 @tab GNUTLS_@-E_@-TOO_@-MANY_@-EMPTY_@-PACKETS @tab Too many empty record packets have been received. +@item -79 @tab GNUTLS_@-E_@-OPENPGP_@-UID_@-REVOKED @tab The OpenPGP User ID is revoked. +@item -80 @tab GNUTLS_@-E_@-UNKNOWN_@-PK_@-ALGORITHM @tab An unknown public key algorithm was encountered. +@item -81 @tab GNUTLS_@-E_@-TOO_@-MANY_@-HANDSHAKE_@-PACKETS @tab Too many handshake packets have been received. +@item -82 @tab GNUTLS_@-E_@-RECEIVED_@-DISALLOWED_@-NAME @tab A disallowed SNI server name has been received. +@item -84 @tab GNUTLS_@-E_@-NO_@-TEMPORARY_@-RSA_@-PARAMS @tab No temporary RSA parameters were found. +@item -86 @tab GNUTLS_@-E_@-NO_@-COMPRESSION_@-ALGORITHMS @tab No supported compression algorithms have been found. +@item -87 @tab GNUTLS_@-E_@-NO_@-CIPHER_@-SUITES @tab No supported cipher suites have been found. +@item -88 @tab GNUTLS_@-E_@-OPENPGP_@-GETKEY_@-FAILED @tab Could not get OpenPGP key. +@item -89 @tab GNUTLS_@-E_@-PK_@-SIG_@-VERIFY_@-FAILED @tab Public key signature verification has failed. +@item -90 @tab GNUTLS_@-E_@-ILLEGAL_@-SRP_@-USERNAME @tab The SRP username supplied is illegal. +@item -91 @tab GNUTLS_@-E_@-SRP_@-PWD_@-PARSING_@-ERROR @tab Parsing error in password/key file. +@item -93 @tab GNUTLS_@-E_@-NO_@-TEMPORARY_@-DH_@-PARAMS @tab No temporary DH parameters were found. +@item -94 @tab GNUTLS_@-E_@-OPENPGP_@-FINGERPRINT_@-UNSUPPORTED @tab The OpenPGP fingerprint is not supported. +@item -95 @tab GNUTLS_@-E_@-X509_@-UNSUPPORTED_@-ATTRIBUTE @tab The certificate has unsupported attributes. +@item -96 @tab GNUTLS_@-E_@-UNKNOWN_@-HASH_@-ALGORITHM @tab The hash algorithm is unknown. +@item -97 @tab GNUTLS_@-E_@-UNKNOWN_@-PKCS_@-CONTENT_@-TYPE @tab The PKCS structure's content type is unknown. +@item -98 @tab GNUTLS_@-E_@-UNKNOWN_@-PKCS_@-BAG_@-TYPE @tab The PKCS structure's bag type is unknown. +@item -99 @tab GNUTLS_@-E_@-INVALID_@-PASSWORD @tab The given password contains invalid characters. +@item -100 @tab GNUTLS_@-E_@-MAC_@-VERIFY_@-FAILED @tab The Message Authentication Code verification failed. +@item -101 @tab GNUTLS_@-E_@-CONSTRAINT_@-ERROR @tab Some constraint limits were reached. +@item -104 @tab GNUTLS_@-E_@-IA_@-VERIFY_@-FAILED @tab Verifying TLS/IA phase checksum failed +@item -105 @tab GNUTLS_@-E_@-UNKNOWN_@-ALGORITHM @tab The specified algorithm or protocol is unknown. +@item -106 @tab GNUTLS_@-E_@-UNSUPPORTED_@-SIGNATURE_@-ALGORITHM @tab The signature algorithm is not supported. +@item -107 @tab GNUTLS_@-E_@-SAFE_@-RENEGOTIATION_@-FAILED @tab Safe renegotiation failed. +@item -108 @tab GNUTLS_@-E_@-UNSAFE_@-RENEGOTIATION_@-DENIED @tab Unsafe renegotiation denied. +@item -109 @tab GNUTLS_@-E_@-UNKNOWN_@-SRP_@-USERNAME @tab The username supplied is unknown. +@item -110 @tab GNUTLS_@-E_@-PREMATURE_@-TERMINATION @tab The TLS connection was non-properly terminated. +@item -111 @tab GNUTLS_@-E_@-MALFORMED_@-CIDR @tab CIDR name constraint is malformed in size or structure. +@item -112 @tab GNUTLS_@-E_@-CERTIFICATE_@-REQUIRED @tab Certificate is required. +@item -201 @tab GNUTLS_@-E_@-BASE64_@-ENCODING_@-ERROR @tab Base64 encoding error. +@item -202 @tab GNUTLS_@-E_@-INCOMPATIBLE_@-GCRYPT_@-LIBRARY @tab The crypto library version is too old. +@item -203 @tab GNUTLS_@-E_@-INCOMPATIBLE_@-LIBTASN1_@-LIBRARY @tab The tasn1 library version is too old. +@item -204 @tab GNUTLS_@-E_@-OPENPGP_@-KEYRING_@-ERROR @tab Error loading the keyring. +@item -205 @tab GNUTLS_@-E_@-X509_@-UNSUPPORTED_@-OID @tab The OID is not supported. +@item -206 @tab GNUTLS_@-E_@-RANDOM_@-FAILED @tab Failed to acquire random data. +@item -207 @tab GNUTLS_@-E_@-BASE64_@-UNEXPECTED_@-HEADER_@-ERROR @tab Base64 unexpected header error. +@item -208 @tab GNUTLS_@-E_@-OPENPGP_@-SUBKEY_@-ERROR @tab Could not find OpenPGP subkey. +@item -209 @tab GNUTLS_@-E_@-CRYPTO_@-ALREADY_@-REGISTERED @tab There is already a crypto algorithm with lower priority. +@item -210 @tab GNUTLS_@-E_@-HANDSHAKE_@-TOO_@-LARGE @tab The handshake data size is too large. +@item -211 @tab GNUTLS_@-E_@-CRYPTODEV_@-IOCTL_@-ERROR @tab Error interfacing with /dev/crypto +@item -212 @tab GNUTLS_@-E_@-CRYPTODEV_@-DEVICE_@-ERROR @tab Error opening /dev/crypto +@item -213 @tab GNUTLS_@-E_@-CHANNEL_@-BINDING_@-NOT_@-AVAILABLE @tab Channel binding data not available +@item -214 @tab GNUTLS_@-E_@-BAD_@-COOKIE @tab The cookie was bad. +@item -215 @tab GNUTLS_@-E_@-OPENPGP_@-PREFERRED_@-KEY_@-ERROR @tab The OpenPGP key has not a preferred key set. +@item -216 @tab GNUTLS_@-E_@-INCOMPAT_@-DSA_@-KEY_@-WITH_@-TLS_@-PROTOCOL @tab The given DSA key is incompatible with the selected TLS protocol. +@item -217 @tab GNUTLS_@-E_@-INSUFFICIENT_@-SECURITY @tab One of the involved algorithms has insufficient security level. +@item -292 @tab GNUTLS_@-E_@-HEARTBEAT_@-PONG_@-RECEIVED @tab A heartbeat pong message was received. +@item -293 @tab GNUTLS_@-E_@-HEARTBEAT_@-PING_@-RECEIVED @tab A heartbeat ping message was received. +@item -294 @tab GNUTLS_@-E_@-UNRECOGNIZED_@-NAME @tab The SNI host name not recognised. +@item -300 @tab GNUTLS_@-E_@-PKCS11_@-ERROR @tab PKCS #11 error. +@item -301 @tab GNUTLS_@-E_@-PKCS11_@-LOAD_@-ERROR @tab PKCS #11 initialization error. +@item -302 @tab GNUTLS_@-E_@-PARSING_@-ERROR @tab Error in parsing. +@item -303 @tab GNUTLS_@-E_@-PKCS11_@-PIN_@-ERROR @tab Error in provided PIN. +@item -305 @tab GNUTLS_@-E_@-PKCS11_@-SLOT_@-ERROR @tab PKCS #11 error in slot +@item -306 @tab GNUTLS_@-E_@-LOCKING_@-ERROR @tab Thread locking error +@item -307 @tab GNUTLS_@-E_@-PKCS11_@-ATTRIBUTE_@-ERROR @tab PKCS #11 error in attribute +@item -308 @tab GNUTLS_@-E_@-PKCS11_@-DEVICE_@-ERROR @tab PKCS #11 error in device +@item -309 @tab GNUTLS_@-E_@-PKCS11_@-DATA_@-ERROR @tab PKCS #11 error in data +@item -310 @tab GNUTLS_@-E_@-PKCS11_@-UNSUPPORTED_@-FEATURE_@-ERROR @tab PKCS #11 unsupported feature +@item -311 @tab GNUTLS_@-E_@-PKCS11_@-KEY_@-ERROR @tab PKCS #11 error in key +@item -312 @tab GNUTLS_@-E_@-PKCS11_@-PIN_@-EXPIRED @tab PKCS #11 PIN expired +@item -313 @tab GNUTLS_@-E_@-PKCS11_@-PIN_@-LOCKED @tab PKCS #11 PIN locked +@item -314 @tab GNUTLS_@-E_@-PKCS11_@-SESSION_@-ERROR @tab PKCS #11 error in session +@item -315 @tab GNUTLS_@-E_@-PKCS11_@-SIGNATURE_@-ERROR @tab PKCS #11 error in signature +@item -316 @tab GNUTLS_@-E_@-PKCS11_@-TOKEN_@-ERROR @tab PKCS #11 error in token +@item -317 @tab GNUTLS_@-E_@-PKCS11_@-USER_@-ERROR @tab PKCS #11 user error +@item -318 @tab GNUTLS_@-E_@-CRYPTO_@-INIT_@-FAILED @tab The initialization of crypto backend has failed. +@item -319 @tab GNUTLS_@-E_@-TIMEDOUT @tab The operation timed out +@item -320 @tab GNUTLS_@-E_@-USER_@-ERROR @tab The operation was cancelled due to user error +@item -321 @tab GNUTLS_@-E_@-ECC_@-NO_@-SUPPORTED_@-CURVES @tab No supported ECC curves were found +@item -322 @tab GNUTLS_@-E_@-ECC_@-UNSUPPORTED_@-CURVE @tab The curve is unsupported +@item -323 @tab GNUTLS_@-E_@-PKCS11_@-REQUESTED_@-OBJECT_@-NOT_@-AVAILBLE @tab The requested PKCS #11 object is not available +@item -324 @tab GNUTLS_@-E_@-CERTIFICATE_@-LIST_@-UNSORTED @tab The provided X.509 certificate list is not sorted (in subject to issuer order) +@item -325 @tab GNUTLS_@-E_@-ILLEGAL_@-PARAMETER @tab An illegal parameter was found. +@item -326 @tab GNUTLS_@-E_@-NO_@-PRIORITIES_@-WERE_@-SET @tab No or insufficient priorities were set. +@item -327 @tab GNUTLS_@-E_@-X509_@-UNSUPPORTED_@-EXTENSION @tab Unsupported extension in X.509 certificate. +@item -328 @tab GNUTLS_@-E_@-SESSION_@-EOF @tab Peer has terminated the connection +@item -329 @tab GNUTLS_@-E_@-TPM_@-ERROR @tab TPM error. +@item -330 @tab GNUTLS_@-E_@-TPM_@-KEY_@-PASSWORD_@-ERROR @tab Error in provided password for key to be loaded in TPM. +@item -331 @tab GNUTLS_@-E_@-TPM_@-SRK_@-PASSWORD_@-ERROR @tab Error in provided SRK password for TPM. +@item -332 @tab GNUTLS_@-E_@-TPM_@-SESSION_@-ERROR @tab Cannot initialize a session with the TPM. +@item -333 @tab GNUTLS_@-E_@-TPM_@-KEY_@-NOT_@-FOUND @tab TPM key was not found in persistent storage. +@item -334 @tab GNUTLS_@-E_@-TPM_@-UNINITIALIZED @tab TPM is not initialized. +@item -335 @tab GNUTLS_@-E_@-TPM_@-NO_@-LIB @tab The TPM library (trousers) cannot be found. +@item -340 @tab GNUTLS_@-E_@-NO_@-CERTIFICATE_@-STATUS @tab There is no certificate status (OCSP). +@item -341 @tab GNUTLS_@-E_@-OCSP_@-RESPONSE_@-ERROR @tab The OCSP response is invalid +@item -342 @tab GNUTLS_@-E_@-RANDOM_@-DEVICE_@-ERROR @tab Error in the system's randomness device. +@item -343 @tab GNUTLS_@-E_@-AUTH_@-ERROR @tab Could not authenticate peer. +@item -344 @tab GNUTLS_@-E_@-NO_@-APPLICATION_@-PROTOCOL @tab No common application protocol could be negotiated. +@item -345 @tab GNUTLS_@-E_@-SOCKETS_@-INIT_@-ERROR @tab Error in sockets initialization. +@item -346 @tab GNUTLS_@-E_@-KEY_@-IMPORT_@-FAILED @tab Failed to import the key into store. +@item -347 @tab GNUTLS_@-E_@-INAPPROPRIATE_@-FALLBACK @tab A connection with inappropriate fallback was attempted. +@item -348 @tab GNUTLS_@-E_@-CERTIFICATE_@-VERIFICATION_@-ERROR @tab Error in the certificate verification. +@item -349 @tab GNUTLS_@-E_@-PRIVKEY_@-VERIFICATION_@-ERROR @tab Error in the private key verification; seed doesn't match. +@item -350 @tab GNUTLS_@-E_@-UNEXPECTED_@-EXTENSIONS_@-LENGTH @tab Invalid TLS extensions length field. +@item -351 @tab GNUTLS_@-E_@-ASN1_@-EMBEDDED_@-NULL_@-IN_@-STRING @tab The provided string has an embedded null. +@item -400 @tab GNUTLS_@-E_@-SELF_@-TEST_@-ERROR @tab Error while performing self checks. +@item -401 @tab GNUTLS_@-E_@-NO_@-SELF_@-TEST @tab There is no self test for this algorithm. +@item -402 @tab GNUTLS_@-E_@-LIB_@-IN_@-ERROR_@-STATE @tab An error has been detected in the library and cannot continue operations. +@item -403 @tab GNUTLS_@-E_@-PK_@-GENERATION_@-ERROR @tab Error in public key generation. +@item -404 @tab GNUTLS_@-E_@-IDNA_@-ERROR @tab There was an issue converting to or from UTF8. +@item -406 @tab GNUTLS_@-E_@-SESSION_@-USER_@-ID_@-CHANGED @tab Peer's certificate or username has changed during a rehandshake. +@item -407 @tab GNUTLS_@-E_@-HANDSHAKE_@-DURING_@-FALSE_@-START @tab Attempted handshake during false start. +@item -408 @tab GNUTLS_@-E_@-UNAVAILABLE_@-DURING_@-HANDSHAKE @tab Cannot perform this action while handshake is in progress. +@item -409 @tab GNUTLS_@-E_@-PK_@-INVALID_@-PUBKEY @tab The public key is invalid. +@item -410 @tab GNUTLS_@-E_@-PK_@-INVALID_@-PRIVKEY @tab The private key is invalid. +@item -411 @tab GNUTLS_@-E_@-NOT_@-YET_@-ACTIVATED @tab The certificate is not yet activated. +@item -412 @tab GNUTLS_@-E_@-INVALID_@-UTF8_@-STRING @tab The given string contains invalid UTF-8 characters. +@item -413 @tab GNUTLS_@-E_@-NO_@-EMBEDDED_@-DATA @tab There are no embedded data in the structure. +@item -414 @tab GNUTLS_@-E_@-INVALID_@-UTF8_@-EMAIL @tab The given email string contains non-ASCII characters before '@'. +@item -415 @tab GNUTLS_@-E_@-INVALID_@-PASSWORD_@-STRING @tab The given password contains invalid characters. +@item -416 @tab GNUTLS_@-E_@-CERTIFICATE_@-TIME_@-ERROR @tab Error in the time fields of certificate. +@item -417 @tab GNUTLS_@-E_@-RECORD_@-OVERFLOW @tab A TLS record packet with invalid length was received. +@item -418 @tab GNUTLS_@-E_@-ASN1_@-TIME_@-ERROR @tab The DER time encoding is invalid. +@item -419 @tab GNUTLS_@-E_@-INCOMPATIBLE_@-SIG_@-WITH_@-KEY @tab The signature is incompatible with the public key. +@item -420 @tab GNUTLS_@-E_@-PK_@-INVALID_@-PUBKEY_@-PARAMS @tab The public key parameters are invalid. +@item -421 @tab GNUTLS_@-E_@-PK_@-NO_@-VALIDATION_@-PARAMS @tab There are no validation parameters present. +@item -422 @tab GNUTLS_@-E_@-OCSP_@-MISMATCH_@-WITH_@-CERTS @tab The OCSP response provided doesn't match the available certificates +@item -423 @tab GNUTLS_@-E_@-NO_@-COMMON_@-KEY_@-SHARE @tab No common key share with peer. +@item -424 @tab GNUTLS_@-E_@-REAUTH_@-REQUEST @tab Re-authentication was requested by the peer. +@item -425 @tab GNUTLS_@-E_@-TOO_@-MANY_@-MATCHES @tab More than a single object matches the criteria. +@item -426 @tab GNUTLS_@-E_@-CRL_@-VERIFICATION_@-ERROR @tab Error in the CRL verification. +@item -427 @tab GNUTLS_@-E_@-MISSING_@-EXTENSION @tab An required TLS extension was received. +@item -428 @tab GNUTLS_@-E_@-DB_@-ENTRY_@-EXISTS @tab The Database entry already exists. +@item -429 @tab GNUTLS_@-E_@-EARLY_@-DATA_@-REJECTED @tab The early data were rejected. +@end multitable diff --git a/doc/examples/Makefile.am b/doc/examples/Makefile.am new file mode 100644 index 0000000..c40bf4f --- /dev/null +++ b/doc/examples/Makefile.am @@ -0,0 +1,91 @@ +## Process this file with automake to produce Makefile.in +# Copyright (C) 2005-2012 Free Software Foundation, Inc. +# +# Author: Simon Josefsson +# +# This file is part of GnuTLS. +# +# This file is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 3 of the License, or +# (at your option) any later version. +# +# This file is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this file; if not, write to the Free Software Foundation, +# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + +AM_CFLAGS = $(WARN_CFLAGS) $(WERROR_CFLAGS) +AM_CPPFLAGS = \ + -I$(top_srcdir)/lib/includes -I$(top_builddir)/lib/includes \ + -I$(top_srcdir)/extra/includes \ + -I$(top_srcdir)/src/gl \ + -I$(top_builddir)/src/gl + +# Gnulib warns and suggests use of fseeko instead of fseek, which is +# used in ex-cert-select.c, but certificate files will not be > 4 GB, +# so we just silence the warning instead of fixing the code here. +AM_CPPFLAGS += -D_GL_NO_LARGE_FILES -DNO_LIBCURL + +AM_LDFLAGS = -no-install +LDADD = libexamples.la \ + ../../lib/libgnutls.la \ + ../../gl/libgnu.la \ + ../../src/gl/libgnu_gpl.la \ + $(LIBSOCKET) $(INET_NTOP_LIB) $(INET_PTON_LIB) + +CXX_LDADD = ../../lib/libgnutlsxx.la \ + $(LDADD) + +EXTRA_DIST = tlsproxy/LICENSE tlsproxy/README.md + +noinst_PROGRAMS = ex-client-resume ex-client-dtls +noinst_PROGRAMS += ex-cert-select ex-client-x509 +noinst_PROGRAMS += ex-serv-dtls +noinst_PROGRAMS += print-ciphersuites +if ENABLE_OCSP +noinst_PROGRAMS += ex-serv-x509 +endif + +if ENABLE_CXX +ex_cxx_SOURCES = ex-cxx.cpp +ex_cxx_LDADD = $(CXX_LDADD) +noinst_PROGRAMS += ex-cxx +endif + +if ENABLE_ANON +noinst_PROGRAMS += ex-client-anon ex-serv-anon +endif + +if ENABLE_PKCS11 +noinst_PROGRAMS += ex-cert-select-pkcs11 +endif + +if ENABLE_PSK +noinst_PROGRAMS += ex-client-psk +noinst_PROGRAMS += ex-serv-psk +endif + +if ENABLE_SRP +noinst_PROGRAMS += ex-client-srp ex-serv-srp +endif + +noinst_PROGRAMS += tlsproxy/tlsproxy + +tlsproxy_tlsproxy_SOURCES = tlsproxy/buffer.c tlsproxy/buffer.h tlsproxy/crypto-gnutls.c \ + tlsproxy/crypto-gnutls.h tlsproxy/tlsproxy.c + +noinst_LTLIBRARIES = libexamples.la + +if ENABLE_OCSP +noinst_PROGRAMS += ex-ocsp-client +endif + +libexamples_la_SOURCES = examples.h ex-alert.c ex-pkcs12.c \ + ex-session-info.c ex-x509-info.c ex-verify.c \ + ex-client-x509-3.1.c \ + tcp.c udp.c ex-pkcs11-list.c verify.c ex-verify-ssh.c diff --git a/doc/examples/Makefile.in b/doc/examples/Makefile.in new file mode 100644 index 0000000..99befef --- /dev/null +++ b/doc/examples/Makefile.in @@ -0,0 +1,2158 @@ +# Makefile.in generated by automake 1.16.1 from Makefile.am. +# @configure_input@ + +# Copyright (C) 1994-2018 Free Software Foundation, Inc. + +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +@SET_MAKE@ + +# Copyright (C) 2005-2012 Free Software Foundation, Inc. +# +# Author: Simon Josefsson +# +# This file is part of GnuTLS. +# +# This file is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 3 of the License, or +# (at your option) any later version. +# +# This file is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this file; if not, write to the Free Software Foundation, +# Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + + +VPATH = @srcdir@ +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} +am__make_running_with_option = \ + case $${target_option-} in \ + ?) ;; \ + *) echo "am__make_running_with_option: internal error: invalid" \ + "target option '$${target_option-}' specified" >&2; \ + exit 1;; \ + esac; \ + has_opt=no; \ + sane_makeflags=$$MAKEFLAGS; \ + if $(am__is_gnu_make); then \ + sane_makeflags=$$MFLAGS; \ + else \ + case $$MAKEFLAGS in \ + *\\[\ \ ]*) \ + bs=\\; \ + sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ + | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ + esac; \ + fi; \ + skip_next=no; \ + strip_trailopt () \ + { \ + flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ + }; \ + for flg in $$sane_makeflags; do \ + test $$skip_next = yes && { skip_next=no; continue; }; \ + case $$flg in \ + *=*|--*) continue;; \ + -*I) strip_trailopt 'I'; skip_next=yes;; \ + -*I?*) strip_trailopt 'I';; \ + -*O) strip_trailopt 'O'; skip_next=yes;; \ + -*O?*) strip_trailopt 'O';; \ + -*l) strip_trailopt 'l'; skip_next=yes;; \ + -*l?*) strip_trailopt 'l';; \ + -[dEDm]) skip_next=yes;; \ + -[JT]) skip_next=yes;; \ + esac; \ + case $$flg in \ + *$$target_option*) has_opt=yes; break;; \ + esac; \ + done; \ + test $$has_opt = yes +am__make_dryrun = (target_option=n; $(am__make_running_with_option)) +am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) +pkgdatadir = $(datadir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ +am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd +install_sh_DATA = $(install_sh) -c -m 644 +install_sh_PROGRAM = $(install_sh) -c +install_sh_SCRIPT = $(install_sh) -c +INSTALL_HEADER = $(INSTALL_DATA) +transform = $(program_transform_name) +NORMAL_INSTALL = : +PRE_INSTALL = : +POST_INSTALL = : +NORMAL_UNINSTALL = : +PRE_UNINSTALL = : +POST_UNINSTALL = : +build_triplet = @build@ +host_triplet = @host@ +noinst_PROGRAMS = ex-client-resume$(EXEEXT) ex-client-dtls$(EXEEXT) \ + ex-cert-select$(EXEEXT) ex-client-x509$(EXEEXT) \ + ex-serv-dtls$(EXEEXT) print-ciphersuites$(EXEEXT) \ + $(am__EXEEXT_1) $(am__EXEEXT_2) $(am__EXEEXT_3) \ + $(am__EXEEXT_4) $(am__EXEEXT_5) $(am__EXEEXT_6) \ + tlsproxy/tlsproxy$(EXEEXT) $(am__EXEEXT_7) +@ENABLE_OCSP_TRUE@am__append_1 = ex-serv-x509 +@ENABLE_CXX_TRUE@am__append_2 = ex-cxx +@ENABLE_ANON_TRUE@am__append_3 = ex-client-anon ex-serv-anon +@ENABLE_PKCS11_TRUE@am__append_4 = ex-cert-select-pkcs11 +@ENABLE_PSK_TRUE@am__append_5 = ex-client-psk ex-serv-psk +@ENABLE_SRP_TRUE@am__append_6 = ex-client-srp ex-serv-srp +@ENABLE_OCSP_TRUE@am__append_7 = ex-ocsp-client +subdir = doc/examples +ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 +am__aclocal_m4_deps = $(top_srcdir)/lib/unistring/m4/gnulib-comp.m4 \ + $(top_srcdir)/lib/unistring/m4/inline.m4 \ + $(top_srcdir)/lib/unistring/m4/libunistring-base.m4 \ + $(top_srcdir)/src/gl/m4/__inline.m4 \ + $(top_srcdir)/src/gl/m4/bison.m4 \ + $(top_srcdir)/src/gl/m4/clock_time.m4 \ + $(top_srcdir)/src/gl/m4/fseek.m4 \ + $(top_srcdir)/src/gl/m4/getaddrinfo.m4 \ + $(top_srcdir)/src/gl/m4/getpass.m4 \ + $(top_srcdir)/src/gl/m4/gettime.m4 \ + $(top_srcdir)/src/gl/m4/gnulib-comp.m4 \ + $(top_srcdir)/src/gl/m4/hostent.m4 \ + $(top_srcdir)/src/gl/m4/mktime.m4 \ + $(top_srcdir)/src/gl/m4/nstrftime.m4 \ + $(top_srcdir)/src/gl/m4/parse-datetime.m4 \ + $(top_srcdir)/src/gl/m4/servent.m4 \ + $(top_srcdir)/src/gl/m4/time_rz.m4 \ + $(top_srcdir)/src/gl/m4/timegm.m4 \ + $(top_srcdir)/src/gl/m4/timespec.m4 \ + $(top_srcdir)/src/gl/m4/tm_gmtoff.m4 \ + $(top_srcdir)/src/gl/m4/tzset.m4 \ + $(top_srcdir)/src/libopts/m4/libopts.m4 \ + $(top_srcdir)/src/libopts/m4/stdnoreturn.m4 \ + $(top_srcdir)/m4/00gnulib.m4 \ + $(top_srcdir)/m4/absolute-header.m4 $(top_srcdir)/m4/alloca.m4 \ + $(top_srcdir)/m4/arpa_inet_h.m4 \ + $(top_srcdir)/m4/ax_ac_append_to_file.m4 \ + $(top_srcdir)/m4/ax_ac_print_to_file.m4 \ + $(top_srcdir)/m4/ax_add_am_macro_static.m4 \ + $(top_srcdir)/m4/ax_am_macros_static.m4 \ + $(top_srcdir)/m4/ax_check_gnu_make.m4 \ + $(top_srcdir)/m4/ax_code_coverage.m4 \ + $(top_srcdir)/m4/ax_file_escapes.m4 \ + $(top_srcdir)/m4/builtin-expect.m4 \ + $(top_srcdir)/m4/byteswap.m4 $(top_srcdir)/m4/close.m4 \ + $(top_srcdir)/m4/codeset.m4 $(top_srcdir)/m4/ctype.m4 \ + $(top_srcdir)/m4/dup2.m4 $(top_srcdir)/m4/eealloc.m4 \ + $(top_srcdir)/m4/environ.m4 $(top_srcdir)/m4/errno_h.m4 \ + $(top_srcdir)/m4/exponentd.m4 $(top_srcdir)/m4/extensions.m4 \ + $(top_srcdir)/m4/extern-inline.m4 $(top_srcdir)/m4/fcntl-o.m4 \ + $(top_srcdir)/m4/fcntl.m4 $(top_srcdir)/m4/fcntl_h.m4 \ + $(top_srcdir)/m4/fdopen.m4 $(top_srcdir)/m4/flexmember.m4 \ + $(top_srcdir)/m4/float_h.m4 $(top_srcdir)/m4/fpieee.m4 \ + $(top_srcdir)/m4/fseeko.m4 $(top_srcdir)/m4/fstat.m4 \ + $(top_srcdir)/m4/ftell.m4 $(top_srcdir)/m4/ftello.m4 \ + $(top_srcdir)/m4/ftruncate.m4 $(top_srcdir)/m4/func.m4 \ + $(top_srcdir)/m4/getcwd.m4 $(top_srcdir)/m4/getdelim.m4 \ + $(top_srcdir)/m4/getdtablesize.m4 $(top_srcdir)/m4/getline.m4 \ + $(top_srcdir)/m4/getpagesize.m4 $(top_srcdir)/m4/gettext.m4 \ + $(top_srcdir)/m4/gettimeofday.m4 \ + $(top_srcdir)/m4/gnulib-common.m4 \ + $(top_srcdir)/m4/gnulib-comp.m4 $(top_srcdir)/m4/gtk-doc.m4 \ + $(top_srcdir)/m4/guile.m4 $(top_srcdir)/m4/hooks.m4 \ + $(top_srcdir)/m4/host-cpu-c-abi.m4 $(top_srcdir)/m4/iconv.m4 \ + $(top_srcdir)/m4/include_next.m4 $(top_srcdir)/m4/inet_ntop.m4 \ + $(top_srcdir)/m4/inet_pton.m4 \ + $(top_srcdir)/m4/intl-thread-locale.m4 \ + $(top_srcdir)/m4/intlmacosx.m4 $(top_srcdir)/m4/intmax_t.m4 \ + $(top_srcdir)/m4/inttypes-pri.m4 $(top_srcdir)/m4/inttypes.m4 \ + $(top_srcdir)/m4/inttypes_h.m4 $(top_srcdir)/m4/ioctl.m4 \ + $(top_srcdir)/m4/isblank.m4 $(top_srcdir)/m4/langinfo_h.m4 \ + $(top_srcdir)/m4/largefile.m4 $(top_srcdir)/m4/lcmessage.m4 \ + $(top_srcdir)/m4/ld-output-def.m4 \ + $(top_srcdir)/m4/ld-version-script.m4 \ + $(top_srcdir)/m4/lib-ld.m4 $(top_srcdir)/m4/lib-link.m4 \ + $(top_srcdir)/m4/lib-prefix.m4 $(top_srcdir)/m4/libtool.m4 \ + $(top_srcdir)/m4/limits-h.m4 $(top_srcdir)/m4/locale-fr.m4 \ + $(top_srcdir)/m4/locale-ja.m4 $(top_srcdir)/m4/locale-tr.m4 \ + $(top_srcdir)/m4/locale-zh.m4 $(top_srcdir)/m4/locale_h.m4 \ + $(top_srcdir)/m4/localename.m4 \ + $(top_srcdir)/m4/localtime-buffer.m4 $(top_srcdir)/m4/lock.m4 \ + $(top_srcdir)/m4/longlong.m4 $(top_srcdir)/m4/lseek.m4 \ + $(top_srcdir)/m4/lstat.m4 $(top_srcdir)/m4/ltoptions.m4 \ + $(top_srcdir)/m4/ltsugar.m4 $(top_srcdir)/m4/ltversion.m4 \ + $(top_srcdir)/m4/lt~obsolete.m4 $(top_srcdir)/m4/malloc.m4 \ + $(top_srcdir)/m4/malloca.m4 $(top_srcdir)/m4/manywarnings.m4 \ + $(top_srcdir)/m4/memchr.m4 $(top_srcdir)/m4/memmem.m4 \ + $(top_srcdir)/m4/minmax.m4 $(top_srcdir)/m4/mmap-anon.m4 \ + $(top_srcdir)/m4/mode_t.m4 $(top_srcdir)/m4/msvc-inval.m4 \ + $(top_srcdir)/m4/msvc-nothrow.m4 $(top_srcdir)/m4/multiarch.m4 \ + $(top_srcdir)/m4/nanosleep.m4 $(top_srcdir)/m4/netdb_h.m4 \ + $(top_srcdir)/m4/netinet_in_h.m4 $(top_srcdir)/m4/nls.m4 \ + $(top_srcdir)/m4/off_t.m4 $(top_srcdir)/m4/open-cloexec.m4 \ + $(top_srcdir)/m4/open.m4 $(top_srcdir)/m4/pathmax.m4 \ + $(top_srcdir)/m4/perror.m4 $(top_srcdir)/m4/pipe.m4 \ + $(top_srcdir)/m4/pkg.m4 $(top_srcdir)/m4/po.m4 \ + $(top_srcdir)/m4/printf.m4 $(top_srcdir)/m4/progtest.m4 \ + $(top_srcdir)/m4/pthread_rwlock_rdlock.m4 \ + $(top_srcdir)/m4/putenv.m4 $(top_srcdir)/m4/raise.m4 \ + $(top_srcdir)/m4/read-file.m4 $(top_srcdir)/m4/realloc.m4 \ + $(top_srcdir)/m4/secure_getenv.m4 $(top_srcdir)/m4/select.m4 \ + $(top_srcdir)/m4/setenv.m4 $(top_srcdir)/m4/setlocale.m4 \ + $(top_srcdir)/m4/sigaction.m4 $(top_srcdir)/m4/signal_h.m4 \ + $(top_srcdir)/m4/signalblocking.m4 \ + $(top_srcdir)/m4/size_max.m4 $(top_srcdir)/m4/sleep.m4 \ + $(top_srcdir)/m4/snprintf.m4 $(top_srcdir)/m4/socketlib.m4 \ + $(top_srcdir)/m4/sockets.m4 $(top_srcdir)/m4/socklen.m4 \ + $(top_srcdir)/m4/sockpfaf.m4 $(top_srcdir)/m4/ssize_t.m4 \ + $(top_srcdir)/m4/stat-time.m4 $(top_srcdir)/m4/stat.m4 \ + $(top_srcdir)/m4/stdalign.m4 $(top_srcdir)/m4/stdbool.m4 \ + $(top_srcdir)/m4/stddef_h.m4 $(top_srcdir)/m4/stdint.m4 \ + $(top_srcdir)/m4/stdint_h.m4 $(top_srcdir)/m4/stdio_h.m4 \ + $(top_srcdir)/m4/stdlib_h.m4 $(top_srcdir)/m4/strcase.m4 \ + $(top_srcdir)/m4/strdup.m4 $(top_srcdir)/m4/strerror.m4 \ + $(top_srcdir)/m4/strerror_r.m4 $(top_srcdir)/m4/string_h.m4 \ + $(top_srcdir)/m4/strings_h.m4 $(top_srcdir)/m4/strndup.m4 \ + $(top_srcdir)/m4/strnlen.m4 $(top_srcdir)/m4/strtok_r.m4 \ + $(top_srcdir)/m4/strverscmp.m4 $(top_srcdir)/m4/symlink.m4 \ + $(top_srcdir)/m4/sys_ioctl_h.m4 \ + $(top_srcdir)/m4/sys_select_h.m4 \ + $(top_srcdir)/m4/sys_socket_h.m4 \ + $(top_srcdir)/m4/sys_stat_h.m4 $(top_srcdir)/m4/sys_time_h.m4 \ + $(top_srcdir)/m4/sys_types_h.m4 $(top_srcdir)/m4/sys_uio_h.m4 \ + $(top_srcdir)/m4/threadlib.m4 $(top_srcdir)/m4/time_h.m4 \ + $(top_srcdir)/m4/time_r.m4 $(top_srcdir)/m4/ungetc.m4 \ + $(top_srcdir)/m4/unistd_h.m4 \ + $(top_srcdir)/m4/valgrind-tests.m4 \ + $(top_srcdir)/m4/vasnprintf.m4 $(top_srcdir)/m4/vasprintf.m4 \ + $(top_srcdir)/m4/vsnprintf.m4 $(top_srcdir)/m4/warn-on-use.m4 \ + $(top_srcdir)/m4/warnings.m4 $(top_srcdir)/m4/wchar_h.m4 \ + $(top_srcdir)/m4/wchar_t.m4 $(top_srcdir)/m4/wint_t.m4 \ + $(top_srcdir)/m4/xsize.m4 $(top_srcdir)/configure.ac +am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ + $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) +mkinstalldirs = $(install_sh) -d +CONFIG_HEADER = $(top_builddir)/config.h +CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = +@ENABLE_OCSP_TRUE@am__EXEEXT_1 = ex-serv-x509$(EXEEXT) +@ENABLE_CXX_TRUE@am__EXEEXT_2 = ex-cxx$(EXEEXT) +@ENABLE_ANON_TRUE@am__EXEEXT_3 = ex-client-anon$(EXEEXT) \ +@ENABLE_ANON_TRUE@ ex-serv-anon$(EXEEXT) +@ENABLE_PKCS11_TRUE@am__EXEEXT_4 = ex-cert-select-pkcs11$(EXEEXT) +@ENABLE_PSK_TRUE@am__EXEEXT_5 = ex-client-psk$(EXEEXT) \ +@ENABLE_PSK_TRUE@ ex-serv-psk$(EXEEXT) +@ENABLE_SRP_TRUE@am__EXEEXT_6 = ex-client-srp$(EXEEXT) \ +@ENABLE_SRP_TRUE@ ex-serv-srp$(EXEEXT) +@ENABLE_OCSP_TRUE@am__EXEEXT_7 = ex-ocsp-client$(EXEEXT) +PROGRAMS = $(noinst_PROGRAMS) +LTLIBRARIES = $(noinst_LTLIBRARIES) +libexamples_la_LIBADD = +am_libexamples_la_OBJECTS = ex-alert.lo ex-pkcs12.lo \ + ex-session-info.lo ex-x509-info.lo ex-verify.lo \ + ex-client-x509-3.1.lo tcp.lo udp.lo ex-pkcs11-list.lo \ + verify.lo ex-verify-ssh.lo +libexamples_la_OBJECTS = $(am_libexamples_la_OBJECTS) +AM_V_lt = $(am__v_lt_@AM_V@) +am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) +am__v_lt_0 = --silent +am__v_lt_1 = +ex_cert_select_SOURCES = ex-cert-select.c +ex_cert_select_OBJECTS = ex-cert-select.$(OBJEXT) +ex_cert_select_LDADD = $(LDADD) +am__DEPENDENCIES_1 = +ex_cert_select_DEPENDENCIES = libexamples.la ../../lib/libgnutls.la \ + ../../gl/libgnu.la ../../src/gl/libgnu_gpl.la \ + $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ + $(am__DEPENDENCIES_1) +ex_cert_select_pkcs11_SOURCES = ex-cert-select-pkcs11.c +ex_cert_select_pkcs11_OBJECTS = ex-cert-select-pkcs11.$(OBJEXT) +ex_cert_select_pkcs11_LDADD = $(LDADD) +ex_cert_select_pkcs11_DEPENDENCIES = libexamples.la \ + ../../lib/libgnutls.la ../../gl/libgnu.la \ + ../../src/gl/libgnu_gpl.la $(am__DEPENDENCIES_1) \ + $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) +ex_client_anon_SOURCES = ex-client-anon.c +ex_client_anon_OBJECTS = ex-client-anon.$(OBJEXT) +ex_client_anon_LDADD = $(LDADD) +ex_client_anon_DEPENDENCIES = libexamples.la ../../lib/libgnutls.la \ + ../../gl/libgnu.la ../../src/gl/libgnu_gpl.la \ + $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ + $(am__DEPENDENCIES_1) +ex_client_dtls_SOURCES = ex-client-dtls.c +ex_client_dtls_OBJECTS = ex-client-dtls.$(OBJEXT) +ex_client_dtls_LDADD = $(LDADD) +ex_client_dtls_DEPENDENCIES = libexamples.la ../../lib/libgnutls.la \ + ../../gl/libgnu.la ../../src/gl/libgnu_gpl.la \ + $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ + $(am__DEPENDENCIES_1) +ex_client_psk_SOURCES = ex-client-psk.c +ex_client_psk_OBJECTS = ex-client-psk.$(OBJEXT) +ex_client_psk_LDADD = $(LDADD) +ex_client_psk_DEPENDENCIES = libexamples.la ../../lib/libgnutls.la \ + ../../gl/libgnu.la ../../src/gl/libgnu_gpl.la \ + $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ + $(am__DEPENDENCIES_1) +ex_client_resume_SOURCES = ex-client-resume.c +ex_client_resume_OBJECTS = ex-client-resume.$(OBJEXT) +ex_client_resume_LDADD = $(LDADD) +ex_client_resume_DEPENDENCIES = libexamples.la ../../lib/libgnutls.la \ + ../../gl/libgnu.la ../../src/gl/libgnu_gpl.la \ + $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ + $(am__DEPENDENCIES_1) +ex_client_srp_SOURCES = ex-client-srp.c +ex_client_srp_OBJECTS = ex-client-srp.$(OBJEXT) +ex_client_srp_LDADD = $(LDADD) +ex_client_srp_DEPENDENCIES = libexamples.la ../../lib/libgnutls.la \ + ../../gl/libgnu.la ../../src/gl/libgnu_gpl.la \ + $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ + $(am__DEPENDENCIES_1) +ex_client_x509_SOURCES = ex-client-x509.c +ex_client_x509_OBJECTS = ex-client-x509.$(OBJEXT) +ex_client_x509_LDADD = $(LDADD) +ex_client_x509_DEPENDENCIES = libexamples.la ../../lib/libgnutls.la \ + ../../gl/libgnu.la ../../src/gl/libgnu_gpl.la \ + $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ + $(am__DEPENDENCIES_1) +am__ex_cxx_SOURCES_DIST = ex-cxx.cpp +@ENABLE_CXX_TRUE@am_ex_cxx_OBJECTS = ex-cxx.$(OBJEXT) +ex_cxx_OBJECTS = $(am_ex_cxx_OBJECTS) +am__DEPENDENCIES_2 = libexamples.la ../../lib/libgnutls.la \ + ../../gl/libgnu.la ../../src/gl/libgnu_gpl.la \ + $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ + $(am__DEPENDENCIES_1) +am__DEPENDENCIES_3 = ../../lib/libgnutlsxx.la $(am__DEPENDENCIES_2) +@ENABLE_CXX_TRUE@ex_cxx_DEPENDENCIES = $(am__DEPENDENCIES_3) +ex_ocsp_client_SOURCES = ex-ocsp-client.c +ex_ocsp_client_OBJECTS = ex-ocsp-client.$(OBJEXT) +ex_ocsp_client_LDADD = $(LDADD) +ex_ocsp_client_DEPENDENCIES = libexamples.la ../../lib/libgnutls.la \ + ../../gl/libgnu.la ../../src/gl/libgnu_gpl.la \ + $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ + $(am__DEPENDENCIES_1) +ex_serv_anon_SOURCES = ex-serv-anon.c +ex_serv_anon_OBJECTS = ex-serv-anon.$(OBJEXT) +ex_serv_anon_LDADD = $(LDADD) +ex_serv_anon_DEPENDENCIES = libexamples.la ../../lib/libgnutls.la \ + ../../gl/libgnu.la ../../src/gl/libgnu_gpl.la \ + $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ + $(am__DEPENDENCIES_1) +ex_serv_dtls_SOURCES = ex-serv-dtls.c +ex_serv_dtls_OBJECTS = ex-serv-dtls.$(OBJEXT) +ex_serv_dtls_LDADD = $(LDADD) +ex_serv_dtls_DEPENDENCIES = libexamples.la ../../lib/libgnutls.la \ + ../../gl/libgnu.la ../../src/gl/libgnu_gpl.la \ + $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ + $(am__DEPENDENCIES_1) +ex_serv_psk_SOURCES = ex-serv-psk.c +ex_serv_psk_OBJECTS = ex-serv-psk.$(OBJEXT) +ex_serv_psk_LDADD = $(LDADD) +ex_serv_psk_DEPENDENCIES = libexamples.la ../../lib/libgnutls.la \ + ../../gl/libgnu.la ../../src/gl/libgnu_gpl.la \ + $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ + $(am__DEPENDENCIES_1) +ex_serv_srp_SOURCES = ex-serv-srp.c +ex_serv_srp_OBJECTS = ex-serv-srp.$(OBJEXT) +ex_serv_srp_LDADD = $(LDADD) +ex_serv_srp_DEPENDENCIES = libexamples.la ../../lib/libgnutls.la \ + ../../gl/libgnu.la ../../src/gl/libgnu_gpl.la \ + $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ + $(am__DEPENDENCIES_1) +ex_serv_x509_SOURCES = ex-serv-x509.c +ex_serv_x509_OBJECTS = ex-serv-x509.$(OBJEXT) +ex_serv_x509_LDADD = $(LDADD) +ex_serv_x509_DEPENDENCIES = libexamples.la ../../lib/libgnutls.la \ + ../../gl/libgnu.la ../../src/gl/libgnu_gpl.la \ + $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ + $(am__DEPENDENCIES_1) +print_ciphersuites_SOURCES = print-ciphersuites.c +print_ciphersuites_OBJECTS = print-ciphersuites.$(OBJEXT) +print_ciphersuites_LDADD = $(LDADD) +print_ciphersuites_DEPENDENCIES = libexamples.la \ + ../../lib/libgnutls.la ../../gl/libgnu.la \ + ../../src/gl/libgnu_gpl.la $(am__DEPENDENCIES_1) \ + $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) +am__dirstamp = $(am__leading_dot)dirstamp +am_tlsproxy_tlsproxy_OBJECTS = tlsproxy/buffer.$(OBJEXT) \ + tlsproxy/crypto-gnutls.$(OBJEXT) tlsproxy/tlsproxy.$(OBJEXT) +tlsproxy_tlsproxy_OBJECTS = $(am_tlsproxy_tlsproxy_OBJECTS) +tlsproxy_tlsproxy_LDADD = $(LDADD) +tlsproxy_tlsproxy_DEPENDENCIES = libexamples.la ../../lib/libgnutls.la \ + ../../gl/libgnu.la ../../src/gl/libgnu_gpl.la \ + $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ + $(am__DEPENDENCIES_1) +AM_V_P = $(am__v_P_@AM_V@) +am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) +am__v_P_0 = false +am__v_P_1 = : +AM_V_GEN = $(am__v_GEN_@AM_V@) +am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) +am__v_GEN_0 = @echo " GEN " $@; +am__v_GEN_1 = +AM_V_at = $(am__v_at_@AM_V@) +am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) +am__v_at_0 = @ +am__v_at_1 = +DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) +depcomp = $(SHELL) $(top_srcdir)/build-aux/depcomp +am__maybe_remake_depfiles = depfiles +am__depfiles_remade = ./$(DEPDIR)/ex-alert.Plo \ + ./$(DEPDIR)/ex-cert-select-pkcs11.Po \ + ./$(DEPDIR)/ex-cert-select.Po ./$(DEPDIR)/ex-client-anon.Po \ + ./$(DEPDIR)/ex-client-dtls.Po ./$(DEPDIR)/ex-client-psk.Po \ + ./$(DEPDIR)/ex-client-resume.Po ./$(DEPDIR)/ex-client-srp.Po \ + ./$(DEPDIR)/ex-client-x509-3.1.Plo \ + ./$(DEPDIR)/ex-client-x509.Po ./$(DEPDIR)/ex-cxx.Po \ + ./$(DEPDIR)/ex-ocsp-client.Po ./$(DEPDIR)/ex-pkcs11-list.Plo \ + ./$(DEPDIR)/ex-pkcs12.Plo ./$(DEPDIR)/ex-serv-anon.Po \ + ./$(DEPDIR)/ex-serv-dtls.Po ./$(DEPDIR)/ex-serv-psk.Po \ + ./$(DEPDIR)/ex-serv-srp.Po ./$(DEPDIR)/ex-serv-x509.Po \ + ./$(DEPDIR)/ex-session-info.Plo ./$(DEPDIR)/ex-verify-ssh.Plo \ + ./$(DEPDIR)/ex-verify.Plo ./$(DEPDIR)/ex-x509-info.Plo \ + ./$(DEPDIR)/print-ciphersuites.Po ./$(DEPDIR)/tcp.Plo \ + ./$(DEPDIR)/udp.Plo ./$(DEPDIR)/verify.Plo \ + tlsproxy/$(DEPDIR)/buffer.Po \ + tlsproxy/$(DEPDIR)/crypto-gnutls.Po \ + tlsproxy/$(DEPDIR)/tlsproxy.Po +am__mv = mv -f +COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ + $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \ + $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \ + $(AM_CFLAGS) $(CFLAGS) +AM_V_CC = $(am__v_CC_@AM_V@) +am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@) +am__v_CC_0 = @echo " CC " $@; +am__v_CC_1 = +CCLD = $(CC) +LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ + $(AM_LDFLAGS) $(LDFLAGS) -o $@ +AM_V_CCLD = $(am__v_CCLD_@AM_V@) +am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@) +am__v_CCLD_0 = @echo " CCLD " $@; +am__v_CCLD_1 = +CXXCOMPILE = $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ + $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) +LTCXXCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CXX $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) \ + $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \ + $(AM_CXXFLAGS) $(CXXFLAGS) +AM_V_CXX = $(am__v_CXX_@AM_V@) +am__v_CXX_ = $(am__v_CXX_@AM_DEFAULT_V@) +am__v_CXX_0 = @echo " CXX " $@; +am__v_CXX_1 = +CXXLD = $(CXX) +CXXLINK = $(LIBTOOL) $(AM_V_lt) --tag=CXX $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=link $(CXXLD) $(AM_CXXFLAGS) \ + $(CXXFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@ +AM_V_CXXLD = $(am__v_CXXLD_@AM_V@) +am__v_CXXLD_ = $(am__v_CXXLD_@AM_DEFAULT_V@) +am__v_CXXLD_0 = @echo " CXXLD " $@; +am__v_CXXLD_1 = +SOURCES = $(libexamples_la_SOURCES) ex-cert-select.c \ + ex-cert-select-pkcs11.c ex-client-anon.c ex-client-dtls.c \ + ex-client-psk.c ex-client-resume.c ex-client-srp.c \ + ex-client-x509.c $(ex_cxx_SOURCES) ex-ocsp-client.c \ + ex-serv-anon.c ex-serv-dtls.c ex-serv-psk.c ex-serv-srp.c \ + ex-serv-x509.c print-ciphersuites.c \ + $(tlsproxy_tlsproxy_SOURCES) +DIST_SOURCES = $(libexamples_la_SOURCES) ex-cert-select.c \ + ex-cert-select-pkcs11.c ex-client-anon.c ex-client-dtls.c \ + ex-client-psk.c ex-client-resume.c ex-client-srp.c \ + ex-client-x509.c $(am__ex_cxx_SOURCES_DIST) ex-ocsp-client.c \ + ex-serv-anon.c ex-serv-dtls.c ex-serv-psk.c ex-serv-srp.c \ + ex-serv-x509.c print-ciphersuites.c \ + $(tlsproxy_tlsproxy_SOURCES) +am__can_run_installinfo = \ + case $$AM_UPDATE_INFO_DIR in \ + n|no|NO) false;; \ + *) (install-info --version) >/dev/null 2>&1;; \ + esac +am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) +# Read a list of newline-separated strings from the standard input, +# and print each of them once, without duplicates. Input order is +# *not* preserved. +am__uniquify_input = $(AWK) '\ + BEGIN { nonempty = 0; } \ + { items[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in items) print i; }; } \ +' +# Make sure the list of sources is unique. This is necessary because, +# e.g., the same source file might be shared among _SOURCES variables +# for different programs/libraries. +am__define_uniq_tagged_files = \ + list='$(am__tagged_files)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | $(am__uniquify_input)` +ETAGS = etags +CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in \ + $(top_srcdir)/build-aux/depcomp +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) +ACLOCAL = @ACLOCAL@ +ALLOCA = @ALLOCA@ +ALLOCA_H = @ALLOCA_H@ +AMTAR = @AMTAR@ +AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ +APPLE_UNIVERSAL_BUILD = @APPLE_UNIVERSAL_BUILD@ +AR = @AR@ +ARFLAGS = @ARFLAGS@ +AUTOCONF = @AUTOCONF@ +AUTOGEN = @AUTOGEN@ +AUTOHEADER = @AUTOHEADER@ +AUTOMAKE = @AUTOMAKE@ +AWK = @AWK@ +BITSIZEOF_PTRDIFF_T = @BITSIZEOF_PTRDIFF_T@ +BITSIZEOF_SIG_ATOMIC_T = @BITSIZEOF_SIG_ATOMIC_T@ +BITSIZEOF_SIZE_T = @BITSIZEOF_SIZE_T@ +BITSIZEOF_WCHAR_T = @BITSIZEOF_WCHAR_T@ +BITSIZEOF_WINT_T = @BITSIZEOF_WINT_T@ +BYTESWAP_H = @BYTESWAP_H@ +CC = @CC@ +CCAS = @CCAS@ +CCASDEPMODE = @CCASDEPMODE@ +CCASFLAGS = @CCASFLAGS@ +CCDEPMODE = @CCDEPMODE@ +CFLAGS = @CFLAGS@ +CMOCKA_CFLAGS = @CMOCKA_CFLAGS@ +CMOCKA_LIBS = @CMOCKA_LIBS@ +CODE_COVERAGE_CFLAGS = @CODE_COVERAGE_CFLAGS@ +CODE_COVERAGE_CPPFLAGS = @CODE_COVERAGE_CPPFLAGS@ +CODE_COVERAGE_CXXFLAGS = @CODE_COVERAGE_CXXFLAGS@ +CODE_COVERAGE_ENABLED = @CODE_COVERAGE_ENABLED@ +CODE_COVERAGE_LIBS = @CODE_COVERAGE_LIBS@ +CONFIG_INCLUDE = @CONFIG_INCLUDE@ +CPP = @CPP@ +CPPFLAGS = @CPPFLAGS@ +CRYWRAP_PATCHLEVEL = @CRYWRAP_PATCHLEVEL@ +CXX = @CXX@ +CXXCPP = @CXXCPP@ +CXXDEPMODE = @CXXDEPMODE@ +CXXFLAGS = @CXXFLAGS@ +CXX_LT_AGE = @CXX_LT_AGE@ +CXX_LT_CURRENT = @CXX_LT_CURRENT@ +CXX_LT_REVISION = @CXX_LT_REVISION@ +CYGPATH_W = @CYGPATH_W@ +DEFS = @DEFS@ +DEPDIR = @DEPDIR@ +DLLTOOL = @DLLTOOL@ +DLL_SSL_VERSION = @DLL_SSL_VERSION@ +DLL_VERSION = @DLL_VERSION@ +DSYMUTIL = @DSYMUTIL@ +DUMPBIN = @DUMPBIN@ +ECHO_C = @ECHO_C@ +ECHO_N = @ECHO_N@ +ECHO_T = @ECHO_T@ +EGREP = @EGREP@ +EMULTIHOP_HIDDEN = @EMULTIHOP_HIDDEN@ +EMULTIHOP_VALUE = @EMULTIHOP_VALUE@ +ENABLE_PADLOCK = @ENABLE_PADLOCK@ +ENOLINK_HIDDEN = @ENOLINK_HIDDEN@ +ENOLINK_VALUE = @ENOLINK_VALUE@ +EOVERFLOW_HIDDEN = @EOVERFLOW_HIDDEN@ +EOVERFLOW_VALUE = @EOVERFLOW_VALUE@ +ERRNO_H = @ERRNO_H@ +EXEEXT = @EXEEXT@ +FGREP = @FGREP@ +FIPS140_LIBS = @FIPS140_LIBS@ +FLOAT_H = @FLOAT_H@ +GCOV = @GCOV@ +GENHTML = @GENHTML@ +GETADDRINFO_LIB = @GETADDRINFO_LIB@ +GETTEXT_MACRO_VERSION = @GETTEXT_MACRO_VERSION@ +GMP_CFLAGS = @GMP_CFLAGS@ +GMP_LIBS = @GMP_LIBS@ +GMSGFMT = @GMSGFMT@ +GMSGFMT_015 = @GMSGFMT_015@ +GNULIB_ACCEPT = @GNULIB_ACCEPT@ +GNULIB_ACCEPT4 = @GNULIB_ACCEPT4@ +GNULIB_ATOLL = @GNULIB_ATOLL@ +GNULIB_BIND = @GNULIB_BIND@ +GNULIB_BTOWC = @GNULIB_BTOWC@ +GNULIB_CALLOC_POSIX = @GNULIB_CALLOC_POSIX@ +GNULIB_CANONICALIZE_FILE_NAME = @GNULIB_CANONICALIZE_FILE_NAME@ +GNULIB_CHDIR = @GNULIB_CHDIR@ +GNULIB_CHOWN = @GNULIB_CHOWN@ +GNULIB_CLOSE = @GNULIB_CLOSE@ +GNULIB_CONNECT = @GNULIB_CONNECT@ +GNULIB_CTIME = @GNULIB_CTIME@ +GNULIB_DPRINTF = @GNULIB_DPRINTF@ +GNULIB_DUP = @GNULIB_DUP@ +GNULIB_DUP2 = @GNULIB_DUP2@ +GNULIB_DUP3 = @GNULIB_DUP3@ +GNULIB_DUPLOCALE = @GNULIB_DUPLOCALE@ +GNULIB_ENVIRON = @GNULIB_ENVIRON@ +GNULIB_EUIDACCESS = @GNULIB_EUIDACCESS@ +GNULIB_EXPLICIT_BZERO = @GNULIB_EXPLICIT_BZERO@ +GNULIB_FACCESSAT = @GNULIB_FACCESSAT@ +GNULIB_FCHDIR = @GNULIB_FCHDIR@ +GNULIB_FCHMODAT = @GNULIB_FCHMODAT@ +GNULIB_FCHOWNAT = @GNULIB_FCHOWNAT@ +GNULIB_FCLOSE = @GNULIB_FCLOSE@ +GNULIB_FCNTL = @GNULIB_FCNTL@ +GNULIB_FDATASYNC = @GNULIB_FDATASYNC@ +GNULIB_FDOPEN = @GNULIB_FDOPEN@ +GNULIB_FFLUSH = @GNULIB_FFLUSH@ +GNULIB_FFS = @GNULIB_FFS@ +GNULIB_FFSL = @GNULIB_FFSL@ +GNULIB_FFSLL = @GNULIB_FFSLL@ +GNULIB_FGETC = @GNULIB_FGETC@ +GNULIB_FGETS = @GNULIB_FGETS@ +GNULIB_FOPEN = @GNULIB_FOPEN@ +GNULIB_FPRINTF = @GNULIB_FPRINTF@ +GNULIB_FPRINTF_POSIX = @GNULIB_FPRINTF_POSIX@ +GNULIB_FPURGE = @GNULIB_FPURGE@ +GNULIB_FPUTC = @GNULIB_FPUTC@ +GNULIB_FPUTS = @GNULIB_FPUTS@ +GNULIB_FREAD = @GNULIB_FREAD@ +GNULIB_FREOPEN = @GNULIB_FREOPEN@ +GNULIB_FSCANF = @GNULIB_FSCANF@ +GNULIB_FSEEK = @GNULIB_FSEEK@ +GNULIB_FSEEKO = @GNULIB_FSEEKO@ +GNULIB_FSTAT = @GNULIB_FSTAT@ +GNULIB_FSTATAT = @GNULIB_FSTATAT@ +GNULIB_FSYNC = @GNULIB_FSYNC@ +GNULIB_FTELL = @GNULIB_FTELL@ +GNULIB_FTELLO = @GNULIB_FTELLO@ +GNULIB_FTRUNCATE = @GNULIB_FTRUNCATE@ +GNULIB_FUTIMENS = @GNULIB_FUTIMENS@ +GNULIB_FWRITE = @GNULIB_FWRITE@ +GNULIB_GETADDRINFO = @GNULIB_GETADDRINFO@ +GNULIB_GETC = @GNULIB_GETC@ +GNULIB_GETCHAR = @GNULIB_GETCHAR@ +GNULIB_GETCWD = @GNULIB_GETCWD@ +GNULIB_GETDELIM = @GNULIB_GETDELIM@ +GNULIB_GETDOMAINNAME = @GNULIB_GETDOMAINNAME@ +GNULIB_GETDTABLESIZE = @GNULIB_GETDTABLESIZE@ +GNULIB_GETGROUPS = @GNULIB_GETGROUPS@ +GNULIB_GETHOSTNAME = @GNULIB_GETHOSTNAME@ +GNULIB_GETLINE = @GNULIB_GETLINE@ +GNULIB_GETLOADAVG = @GNULIB_GETLOADAVG@ +GNULIB_GETLOGIN = @GNULIB_GETLOGIN@ +GNULIB_GETLOGIN_R = @GNULIB_GETLOGIN_R@ +GNULIB_GETPAGESIZE = @GNULIB_GETPAGESIZE@ +GNULIB_GETPASS = @GNULIB_GETPASS@ +GNULIB_GETPEERNAME = @GNULIB_GETPEERNAME@ +GNULIB_GETSOCKNAME = @GNULIB_GETSOCKNAME@ +GNULIB_GETSOCKOPT = @GNULIB_GETSOCKOPT@ +GNULIB_GETSUBOPT = @GNULIB_GETSUBOPT@ +GNULIB_GETTIMEOFDAY = @GNULIB_GETTIMEOFDAY@ +GNULIB_GETUSERSHELL = @GNULIB_GETUSERSHELL@ +GNULIB_GRANTPT = @GNULIB_GRANTPT@ +GNULIB_GROUP_MEMBER = @GNULIB_GROUP_MEMBER@ +GNULIB_IMAXABS = @GNULIB_IMAXABS@ +GNULIB_IMAXDIV = @GNULIB_IMAXDIV@ +GNULIB_INET_NTOP = @GNULIB_INET_NTOP@ +GNULIB_INET_PTON = @GNULIB_INET_PTON@ +GNULIB_IOCTL = @GNULIB_IOCTL@ +GNULIB_ISATTY = @GNULIB_ISATTY@ +GNULIB_ISBLANK = @GNULIB_ISBLANK@ +GNULIB_LCHMOD = @GNULIB_LCHMOD@ +GNULIB_LCHOWN = @GNULIB_LCHOWN@ +GNULIB_LINK = @GNULIB_LINK@ +GNULIB_LINKAT = @GNULIB_LINKAT@ +GNULIB_LISTEN = @GNULIB_LISTEN@ +GNULIB_LOCALECONV = @GNULIB_LOCALECONV@ +GNULIB_LOCALENAME = @GNULIB_LOCALENAME@ +GNULIB_LOCALTIME = @GNULIB_LOCALTIME@ +GNULIB_LSEEK = @GNULIB_LSEEK@ +GNULIB_LSTAT = @GNULIB_LSTAT@ +GNULIB_MALLOC_POSIX = @GNULIB_MALLOC_POSIX@ +GNULIB_MBRLEN = @GNULIB_MBRLEN@ +GNULIB_MBRTOWC = @GNULIB_MBRTOWC@ +GNULIB_MBSCASECMP = @GNULIB_MBSCASECMP@ +GNULIB_MBSCASESTR = @GNULIB_MBSCASESTR@ +GNULIB_MBSCHR = @GNULIB_MBSCHR@ +GNULIB_MBSCSPN = @GNULIB_MBSCSPN@ +GNULIB_MBSINIT = @GNULIB_MBSINIT@ +GNULIB_MBSLEN = @GNULIB_MBSLEN@ +GNULIB_MBSNCASECMP = @GNULIB_MBSNCASECMP@ +GNULIB_MBSNLEN = @GNULIB_MBSNLEN@ +GNULIB_MBSNRTOWCS = @GNULIB_MBSNRTOWCS@ +GNULIB_MBSPBRK = @GNULIB_MBSPBRK@ +GNULIB_MBSPCASECMP = @GNULIB_MBSPCASECMP@ +GNULIB_MBSRCHR = @GNULIB_MBSRCHR@ +GNULIB_MBSRTOWCS = @GNULIB_MBSRTOWCS@ +GNULIB_MBSSEP = @GNULIB_MBSSEP@ +GNULIB_MBSSPN = @GNULIB_MBSSPN@ +GNULIB_MBSSTR = @GNULIB_MBSSTR@ +GNULIB_MBSTOK_R = @GNULIB_MBSTOK_R@ +GNULIB_MBTOWC = @GNULIB_MBTOWC@ +GNULIB_MEMCHR = @GNULIB_MEMCHR@ +GNULIB_MEMMEM = @GNULIB_MEMMEM@ +GNULIB_MEMPCPY = @GNULIB_MEMPCPY@ +GNULIB_MEMRCHR = @GNULIB_MEMRCHR@ +GNULIB_MKDIRAT = @GNULIB_MKDIRAT@ +GNULIB_MKDTEMP = @GNULIB_MKDTEMP@ +GNULIB_MKFIFO = @GNULIB_MKFIFO@ +GNULIB_MKFIFOAT = @GNULIB_MKFIFOAT@ +GNULIB_MKNOD = @GNULIB_MKNOD@ +GNULIB_MKNODAT = @GNULIB_MKNODAT@ +GNULIB_MKOSTEMP = @GNULIB_MKOSTEMP@ +GNULIB_MKOSTEMPS = @GNULIB_MKOSTEMPS@ +GNULIB_MKSTEMP = @GNULIB_MKSTEMP@ +GNULIB_MKSTEMPS = @GNULIB_MKSTEMPS@ +GNULIB_MKTIME = @GNULIB_MKTIME@ +GNULIB_NANOSLEEP = @GNULIB_NANOSLEEP@ +GNULIB_NL_LANGINFO = @GNULIB_NL_LANGINFO@ +GNULIB_NONBLOCKING = @GNULIB_NONBLOCKING@ +GNULIB_OBSTACK_PRINTF = @GNULIB_OBSTACK_PRINTF@ +GNULIB_OBSTACK_PRINTF_POSIX = @GNULIB_OBSTACK_PRINTF_POSIX@ +GNULIB_OPEN = @GNULIB_OPEN@ +GNULIB_OPENAT = @GNULIB_OPENAT@ +GNULIB_OVERRIDES_STRUCT_STAT = @GNULIB_OVERRIDES_STRUCT_STAT@ +GNULIB_OVERRIDES_WINT_T = @GNULIB_OVERRIDES_WINT_T@ +GNULIB_PCLOSE = @GNULIB_PCLOSE@ +GNULIB_PERROR = @GNULIB_PERROR@ +GNULIB_PIPE = @GNULIB_PIPE@ +GNULIB_PIPE2 = @GNULIB_PIPE2@ +GNULIB_POPEN = @GNULIB_POPEN@ +GNULIB_POSIX_OPENPT = @GNULIB_POSIX_OPENPT@ +GNULIB_PREAD = @GNULIB_PREAD@ +GNULIB_PRINTF = @GNULIB_PRINTF@ +GNULIB_PRINTF_POSIX = @GNULIB_PRINTF_POSIX@ +GNULIB_PSELECT = @GNULIB_PSELECT@ +GNULIB_PTHREAD_SIGMASK = @GNULIB_PTHREAD_SIGMASK@ +GNULIB_PTSNAME = @GNULIB_PTSNAME@ +GNULIB_PTSNAME_R = @GNULIB_PTSNAME_R@ +GNULIB_PUTC = @GNULIB_PUTC@ +GNULIB_PUTCHAR = @GNULIB_PUTCHAR@ +GNULIB_PUTENV = @GNULIB_PUTENV@ +GNULIB_PUTS = @GNULIB_PUTS@ +GNULIB_PWRITE = @GNULIB_PWRITE@ +GNULIB_QSORT_R = @GNULIB_QSORT_R@ +GNULIB_RAISE = @GNULIB_RAISE@ +GNULIB_RANDOM = @GNULIB_RANDOM@ +GNULIB_RANDOM_R = @GNULIB_RANDOM_R@ +GNULIB_RAWMEMCHR = @GNULIB_RAWMEMCHR@ +GNULIB_READ = @GNULIB_READ@ +GNULIB_READLINK = @GNULIB_READLINK@ +GNULIB_READLINKAT = @GNULIB_READLINKAT@ +GNULIB_REALLOCARRAY = @GNULIB_REALLOCARRAY@ +GNULIB_REALLOC_POSIX = @GNULIB_REALLOC_POSIX@ +GNULIB_REALPATH = @GNULIB_REALPATH@ +GNULIB_RECV = @GNULIB_RECV@ +GNULIB_RECVFROM = @GNULIB_RECVFROM@ +GNULIB_REMOVE = @GNULIB_REMOVE@ +GNULIB_RENAME = @GNULIB_RENAME@ +GNULIB_RENAMEAT = @GNULIB_RENAMEAT@ +GNULIB_RMDIR = @GNULIB_RMDIR@ +GNULIB_RPMATCH = @GNULIB_RPMATCH@ +GNULIB_SCANF = @GNULIB_SCANF@ +GNULIB_SECURE_GETENV = @GNULIB_SECURE_GETENV@ +GNULIB_SELECT = @GNULIB_SELECT@ +GNULIB_SEND = @GNULIB_SEND@ +GNULIB_SENDTO = @GNULIB_SENDTO@ +GNULIB_SETENV = @GNULIB_SETENV@ +GNULIB_SETHOSTNAME = @GNULIB_SETHOSTNAME@ +GNULIB_SETLOCALE = @GNULIB_SETLOCALE@ +GNULIB_SETSOCKOPT = @GNULIB_SETSOCKOPT@ +GNULIB_SHUTDOWN = @GNULIB_SHUTDOWN@ +GNULIB_SIGACTION = @GNULIB_SIGACTION@ +GNULIB_SIGNAL_H_SIGPIPE = @GNULIB_SIGNAL_H_SIGPIPE@ +GNULIB_SIGPROCMASK = @GNULIB_SIGPROCMASK@ +GNULIB_SLEEP = @GNULIB_SLEEP@ +GNULIB_SNPRINTF = @GNULIB_SNPRINTF@ +GNULIB_SOCKET = @GNULIB_SOCKET@ +GNULIB_SPRINTF_POSIX = @GNULIB_SPRINTF_POSIX@ +GNULIB_STAT = @GNULIB_STAT@ +GNULIB_STDIO_H_NONBLOCKING = @GNULIB_STDIO_H_NONBLOCKING@ +GNULIB_STDIO_H_SIGPIPE = @GNULIB_STDIO_H_SIGPIPE@ +GNULIB_STPCPY = @GNULIB_STPCPY@ +GNULIB_STPNCPY = @GNULIB_STPNCPY@ +GNULIB_STRCASESTR = @GNULIB_STRCASESTR@ +GNULIB_STRCHRNUL = @GNULIB_STRCHRNUL@ +GNULIB_STRDUP = @GNULIB_STRDUP@ +GNULIB_STRERROR = @GNULIB_STRERROR@ +GNULIB_STRERROR_R = @GNULIB_STRERROR_R@ +GNULIB_STRFTIME = @GNULIB_STRFTIME@ +GNULIB_STRNCAT = @GNULIB_STRNCAT@ +GNULIB_STRNDUP = @GNULIB_STRNDUP@ +GNULIB_STRNLEN = @GNULIB_STRNLEN@ +GNULIB_STRPBRK = @GNULIB_STRPBRK@ +GNULIB_STRPTIME = @GNULIB_STRPTIME@ +GNULIB_STRSEP = @GNULIB_STRSEP@ +GNULIB_STRSIGNAL = @GNULIB_STRSIGNAL@ +GNULIB_STRSTR = @GNULIB_STRSTR@ +GNULIB_STRTOD = @GNULIB_STRTOD@ +GNULIB_STRTOIMAX = @GNULIB_STRTOIMAX@ +GNULIB_STRTOK_R = @GNULIB_STRTOK_R@ +GNULIB_STRTOLD = @GNULIB_STRTOLD@ +GNULIB_STRTOLL = @GNULIB_STRTOLL@ +GNULIB_STRTOULL = @GNULIB_STRTOULL@ +GNULIB_STRTOUMAX = @GNULIB_STRTOUMAX@ +GNULIB_STRVERSCMP = @GNULIB_STRVERSCMP@ +GNULIB_SYMLINK = @GNULIB_SYMLINK@ +GNULIB_SYMLINKAT = @GNULIB_SYMLINKAT@ +GNULIB_SYSTEM_POSIX = @GNULIB_SYSTEM_POSIX@ +GNULIB_TIMEGM = @GNULIB_TIMEGM@ +GNULIB_TIME_R = @GNULIB_TIME_R@ +GNULIB_TIME_RZ = @GNULIB_TIME_RZ@ +GNULIB_TMPFILE = @GNULIB_TMPFILE@ +GNULIB_TRUNCATE = @GNULIB_TRUNCATE@ +GNULIB_TTYNAME_R = @GNULIB_TTYNAME_R@ +GNULIB_TZSET = @GNULIB_TZSET@ +GNULIB_UNISTD_H_NONBLOCKING = @GNULIB_UNISTD_H_NONBLOCKING@ +GNULIB_UNISTD_H_SIGPIPE = @GNULIB_UNISTD_H_SIGPIPE@ +GNULIB_UNLINK = @GNULIB_UNLINK@ +GNULIB_UNLINKAT = @GNULIB_UNLINKAT@ +GNULIB_UNLOCKPT = @GNULIB_UNLOCKPT@ +GNULIB_UNSETENV = @GNULIB_UNSETENV@ +GNULIB_USLEEP = @GNULIB_USLEEP@ +GNULIB_UTIMENSAT = @GNULIB_UTIMENSAT@ +GNULIB_VASPRINTF = @GNULIB_VASPRINTF@ +GNULIB_VDPRINTF = @GNULIB_VDPRINTF@ +GNULIB_VFPRINTF = @GNULIB_VFPRINTF@ +GNULIB_VFPRINTF_POSIX = @GNULIB_VFPRINTF_POSIX@ +GNULIB_VFSCANF = @GNULIB_VFSCANF@ +GNULIB_VPRINTF = @GNULIB_VPRINTF@ +GNULIB_VPRINTF_POSIX = @GNULIB_VPRINTF_POSIX@ +GNULIB_VSCANF = @GNULIB_VSCANF@ +GNULIB_VSNPRINTF = @GNULIB_VSNPRINTF@ +GNULIB_VSPRINTF_POSIX = @GNULIB_VSPRINTF_POSIX@ +GNULIB_WCPCPY = @GNULIB_WCPCPY@ +GNULIB_WCPNCPY = @GNULIB_WCPNCPY@ +GNULIB_WCRTOMB = @GNULIB_WCRTOMB@ +GNULIB_WCSCASECMP = @GNULIB_WCSCASECMP@ +GNULIB_WCSCAT = @GNULIB_WCSCAT@ +GNULIB_WCSCHR = @GNULIB_WCSCHR@ +GNULIB_WCSCMP = @GNULIB_WCSCMP@ +GNULIB_WCSCOLL = @GNULIB_WCSCOLL@ +GNULIB_WCSCPY = @GNULIB_WCSCPY@ +GNULIB_WCSCSPN = @GNULIB_WCSCSPN@ +GNULIB_WCSDUP = @GNULIB_WCSDUP@ +GNULIB_WCSFTIME = @GNULIB_WCSFTIME@ +GNULIB_WCSLEN = @GNULIB_WCSLEN@ +GNULIB_WCSNCASECMP = @GNULIB_WCSNCASECMP@ +GNULIB_WCSNCAT = @GNULIB_WCSNCAT@ +GNULIB_WCSNCMP = @GNULIB_WCSNCMP@ +GNULIB_WCSNCPY = @GNULIB_WCSNCPY@ +GNULIB_WCSNLEN = @GNULIB_WCSNLEN@ +GNULIB_WCSNRTOMBS = @GNULIB_WCSNRTOMBS@ +GNULIB_WCSPBRK = @GNULIB_WCSPBRK@ +GNULIB_WCSRCHR = @GNULIB_WCSRCHR@ +GNULIB_WCSRTOMBS = @GNULIB_WCSRTOMBS@ +GNULIB_WCSSPN = @GNULIB_WCSSPN@ +GNULIB_WCSSTR = @GNULIB_WCSSTR@ +GNULIB_WCSTOK = @GNULIB_WCSTOK@ +GNULIB_WCSWIDTH = @GNULIB_WCSWIDTH@ +GNULIB_WCSXFRM = @GNULIB_WCSXFRM@ +GNULIB_WCTOB = @GNULIB_WCTOB@ +GNULIB_WCTOMB = @GNULIB_WCTOMB@ +GNULIB_WCWIDTH = @GNULIB_WCWIDTH@ +GNULIB_WMEMCHR = @GNULIB_WMEMCHR@ +GNULIB_WMEMCMP = @GNULIB_WMEMCMP@ +GNULIB_WMEMCPY = @GNULIB_WMEMCPY@ +GNULIB_WMEMMOVE = @GNULIB_WMEMMOVE@ +GNULIB_WMEMSET = @GNULIB_WMEMSET@ +GNULIB_WRITE = @GNULIB_WRITE@ +GNULIB__EXIT = @GNULIB__EXIT@ +GNUTLS_REQUIRES_PRIVATE = @GNUTLS_REQUIRES_PRIVATE@ +GREP = @GREP@ +GTKDOC_CHECK = @GTKDOC_CHECK@ +GTKDOC_CHECK_PATH = @GTKDOC_CHECK_PATH@ +GTKDOC_DEPS_CFLAGS = @GTKDOC_DEPS_CFLAGS@ +GTKDOC_DEPS_LIBS = @GTKDOC_DEPS_LIBS@ +GTKDOC_MKPDF = @GTKDOC_MKPDF@ +GTKDOC_REBASE = @GTKDOC_REBASE@ +GUILD = @GUILD@ +GUILE = @GUILE@ +GUILE_CFLAGS = @GUILE_CFLAGS@ +GUILE_CONFIG = @GUILE_CONFIG@ +GUILE_EFFECTIVE_VERSION = @GUILE_EFFECTIVE_VERSION@ +GUILE_EXTENSION = @GUILE_EXTENSION@ +GUILE_LDFLAGS = @GUILE_LDFLAGS@ +GUILE_LIBS = @GUILE_LIBS@ +GUILE_LTLIBS = @GUILE_LTLIBS@ +GUILE_SITE = @GUILE_SITE@ +GUILE_SITE_CCACHE = @GUILE_SITE_CCACHE@ +GUILE_TOOLS = @GUILE_TOOLS@ +HAVE_ACCEPT4 = @HAVE_ACCEPT4@ +HAVE_ALLOCA_H = @HAVE_ALLOCA_H@ +HAVE_ARPA_INET_H = @HAVE_ARPA_INET_H@ +HAVE_ATOLL = @HAVE_ATOLL@ +HAVE_BTOWC = @HAVE_BTOWC@ +HAVE_C99_STDINT_H = @HAVE_C99_STDINT_H@ +HAVE_CANONICALIZE_FILE_NAME = @HAVE_CANONICALIZE_FILE_NAME@ +HAVE_CHOWN = @HAVE_CHOWN@ +HAVE_CRTDEFS_H = @HAVE_CRTDEFS_H@ +HAVE_DECL_ENVIRON = @HAVE_DECL_ENVIRON@ +HAVE_DECL_FCHDIR = @HAVE_DECL_FCHDIR@ +HAVE_DECL_FDATASYNC = @HAVE_DECL_FDATASYNC@ +HAVE_DECL_FPURGE = @HAVE_DECL_FPURGE@ +HAVE_DECL_FREEADDRINFO = @HAVE_DECL_FREEADDRINFO@ +HAVE_DECL_FSEEKO = @HAVE_DECL_FSEEKO@ +HAVE_DECL_FTELLO = @HAVE_DECL_FTELLO@ +HAVE_DECL_GAI_STRERROR = @HAVE_DECL_GAI_STRERROR@ +HAVE_DECL_GETADDRINFO = @HAVE_DECL_GETADDRINFO@ +HAVE_DECL_GETDELIM = @HAVE_DECL_GETDELIM@ +HAVE_DECL_GETDOMAINNAME = @HAVE_DECL_GETDOMAINNAME@ +HAVE_DECL_GETLINE = @HAVE_DECL_GETLINE@ +HAVE_DECL_GETLOADAVG = @HAVE_DECL_GETLOADAVG@ +HAVE_DECL_GETLOGIN = @HAVE_DECL_GETLOGIN@ +HAVE_DECL_GETLOGIN_R = @HAVE_DECL_GETLOGIN_R@ +HAVE_DECL_GETNAMEINFO = @HAVE_DECL_GETNAMEINFO@ +HAVE_DECL_GETPAGESIZE = @HAVE_DECL_GETPAGESIZE@ +HAVE_DECL_GETUSERSHELL = @HAVE_DECL_GETUSERSHELL@ +HAVE_DECL_IMAXABS = @HAVE_DECL_IMAXABS@ +HAVE_DECL_IMAXDIV = @HAVE_DECL_IMAXDIV@ +HAVE_DECL_INET_NTOP = @HAVE_DECL_INET_NTOP@ +HAVE_DECL_INET_PTON = @HAVE_DECL_INET_PTON@ +HAVE_DECL_INITSTATE = @HAVE_DECL_INITSTATE@ +HAVE_DECL_LOCALTIME_R = @HAVE_DECL_LOCALTIME_R@ +HAVE_DECL_MEMMEM = @HAVE_DECL_MEMMEM@ +HAVE_DECL_MEMRCHR = @HAVE_DECL_MEMRCHR@ +HAVE_DECL_OBSTACK_PRINTF = @HAVE_DECL_OBSTACK_PRINTF@ +HAVE_DECL_SETENV = @HAVE_DECL_SETENV@ +HAVE_DECL_SETHOSTNAME = @HAVE_DECL_SETHOSTNAME@ +HAVE_DECL_SETSTATE = @HAVE_DECL_SETSTATE@ +HAVE_DECL_SNPRINTF = @HAVE_DECL_SNPRINTF@ +HAVE_DECL_STRDUP = @HAVE_DECL_STRDUP@ +HAVE_DECL_STRERROR_R = @HAVE_DECL_STRERROR_R@ +HAVE_DECL_STRNCASECMP = @HAVE_DECL_STRNCASECMP@ +HAVE_DECL_STRNDUP = @HAVE_DECL_STRNDUP@ +HAVE_DECL_STRNLEN = @HAVE_DECL_STRNLEN@ +HAVE_DECL_STRSIGNAL = @HAVE_DECL_STRSIGNAL@ +HAVE_DECL_STRTOIMAX = @HAVE_DECL_STRTOIMAX@ +HAVE_DECL_STRTOK_R = @HAVE_DECL_STRTOK_R@ +HAVE_DECL_STRTOUMAX = @HAVE_DECL_STRTOUMAX@ +HAVE_DECL_TRUNCATE = @HAVE_DECL_TRUNCATE@ +HAVE_DECL_TTYNAME_R = @HAVE_DECL_TTYNAME_R@ +HAVE_DECL_UNSETENV = @HAVE_DECL_UNSETENV@ +HAVE_DECL_VSNPRINTF = @HAVE_DECL_VSNPRINTF@ +HAVE_DECL_WCTOB = @HAVE_DECL_WCTOB@ +HAVE_DECL_WCWIDTH = @HAVE_DECL_WCWIDTH@ +HAVE_DPRINTF = @HAVE_DPRINTF@ +HAVE_DUP2 = @HAVE_DUP2@ +HAVE_DUP3 = @HAVE_DUP3@ +HAVE_DUPLOCALE = @HAVE_DUPLOCALE@ +HAVE_EUIDACCESS = @HAVE_EUIDACCESS@ +HAVE_EXPLICIT_BZERO = @HAVE_EXPLICIT_BZERO@ +HAVE_FACCESSAT = @HAVE_FACCESSAT@ +HAVE_FCHDIR = @HAVE_FCHDIR@ +HAVE_FCHMODAT = @HAVE_FCHMODAT@ +HAVE_FCHOWNAT = @HAVE_FCHOWNAT@ +HAVE_FCNTL = @HAVE_FCNTL@ +HAVE_FDATASYNC = @HAVE_FDATASYNC@ +HAVE_FEATURES_H = @HAVE_FEATURES_H@ +HAVE_FFS = @HAVE_FFS@ +HAVE_FFSL = @HAVE_FFSL@ +HAVE_FFSLL = @HAVE_FFSLL@ +HAVE_FREELOCALE = @HAVE_FREELOCALE@ +HAVE_FSEEKO = @HAVE_FSEEKO@ +HAVE_FSTATAT = @HAVE_FSTATAT@ +HAVE_FSYNC = @HAVE_FSYNC@ +HAVE_FTELLO = @HAVE_FTELLO@ +HAVE_FTRUNCATE = @HAVE_FTRUNCATE@ +HAVE_FUTIMENS = @HAVE_FUTIMENS@ +HAVE_GETDTABLESIZE = @HAVE_GETDTABLESIZE@ +HAVE_GETGROUPS = @HAVE_GETGROUPS@ +HAVE_GETHOSTNAME = @HAVE_GETHOSTNAME@ +HAVE_GETLOGIN = @HAVE_GETLOGIN@ +HAVE_GETPAGESIZE = @HAVE_GETPAGESIZE@ +HAVE_GETPASS = @HAVE_GETPASS@ +HAVE_GETSUBOPT = @HAVE_GETSUBOPT@ +HAVE_GETTIMEOFDAY = @HAVE_GETTIMEOFDAY@ +HAVE_GRANTPT = @HAVE_GRANTPT@ +HAVE_GROUP_MEMBER = @HAVE_GROUP_MEMBER@ +HAVE_IMAXDIV_T = @HAVE_IMAXDIV_T@ +HAVE_INITSTATE = @HAVE_INITSTATE@ +HAVE_INTTYPES_H = @HAVE_INTTYPES_H@ +HAVE_ISBLANK = @HAVE_ISBLANK@ +HAVE_LANGINFO_ALTMON = @HAVE_LANGINFO_ALTMON@ +HAVE_LANGINFO_CODESET = @HAVE_LANGINFO_CODESET@ +HAVE_LANGINFO_ERA = @HAVE_LANGINFO_ERA@ +HAVE_LANGINFO_H = @HAVE_LANGINFO_H@ +HAVE_LANGINFO_T_FMT_AMPM = @HAVE_LANGINFO_T_FMT_AMPM@ +HAVE_LANGINFO_YESEXPR = @HAVE_LANGINFO_YESEXPR@ +HAVE_LCHMOD = @HAVE_LCHMOD@ +HAVE_LCHOWN = @HAVE_LCHOWN@ +HAVE_LIBCRYPTO = @HAVE_LIBCRYPTO@ +HAVE_LIBDL = @HAVE_LIBDL@ +HAVE_LIBPTHREAD = @HAVE_LIBPTHREAD@ +HAVE_LIBRT = @HAVE_LIBRT@ +HAVE_LIBSECCOMP = @HAVE_LIBSECCOMP@ +HAVE_LINK = @HAVE_LINK@ +HAVE_LINKAT = @HAVE_LINKAT@ +HAVE_LONG_LONG_INT = @HAVE_LONG_LONG_INT@ +HAVE_LSTAT = @HAVE_LSTAT@ +HAVE_MAX_ALIGN_T = @HAVE_MAX_ALIGN_T@ +HAVE_MBRLEN = @HAVE_MBRLEN@ +HAVE_MBRTOWC = @HAVE_MBRTOWC@ +HAVE_MBSINIT = @HAVE_MBSINIT@ +HAVE_MBSLEN = @HAVE_MBSLEN@ +HAVE_MBSNRTOWCS = @HAVE_MBSNRTOWCS@ +HAVE_MBSRTOWCS = @HAVE_MBSRTOWCS@ +HAVE_MBTOWC = @HAVE_MBTOWC@ +HAVE_MEMCHR = @HAVE_MEMCHR@ +HAVE_MEMPCPY = @HAVE_MEMPCPY@ +HAVE_MKDIRAT = @HAVE_MKDIRAT@ +HAVE_MKDTEMP = @HAVE_MKDTEMP@ +HAVE_MKFIFO = @HAVE_MKFIFO@ +HAVE_MKFIFOAT = @HAVE_MKFIFOAT@ +HAVE_MKNOD = @HAVE_MKNOD@ +HAVE_MKNODAT = @HAVE_MKNODAT@ +HAVE_MKOSTEMP = @HAVE_MKOSTEMP@ +HAVE_MKOSTEMPS = @HAVE_MKOSTEMPS@ +HAVE_MKSTEMP = @HAVE_MKSTEMP@ +HAVE_MKSTEMPS = @HAVE_MKSTEMPS@ +HAVE_MSVC_INVALID_PARAMETER_HANDLER = @HAVE_MSVC_INVALID_PARAMETER_HANDLER@ +HAVE_NANOSLEEP = @HAVE_NANOSLEEP@ +HAVE_NETDB_H = @HAVE_NETDB_H@ +HAVE_NETINET_IN_H = @HAVE_NETINET_IN_H@ +HAVE_NEWLOCALE = @HAVE_NEWLOCALE@ +HAVE_NL_LANGINFO = @HAVE_NL_LANGINFO@ +HAVE_OPENAT = @HAVE_OPENAT@ +HAVE_OS_H = @HAVE_OS_H@ +HAVE_PCLOSE = @HAVE_PCLOSE@ +HAVE_PIPE = @HAVE_PIPE@ +HAVE_PIPE2 = @HAVE_PIPE2@ +HAVE_POPEN = @HAVE_POPEN@ +HAVE_POSIX_OPENPT = @HAVE_POSIX_OPENPT@ +HAVE_POSIX_SIGNALBLOCKING = @HAVE_POSIX_SIGNALBLOCKING@ +HAVE_PREAD = @HAVE_PREAD@ +HAVE_PSELECT = @HAVE_PSELECT@ +HAVE_PTHREAD_SIGMASK = @HAVE_PTHREAD_SIGMASK@ +HAVE_PTSNAME = @HAVE_PTSNAME@ +HAVE_PTSNAME_R = @HAVE_PTSNAME_R@ +HAVE_PWRITE = @HAVE_PWRITE@ +HAVE_QSORT_R = @HAVE_QSORT_R@ +HAVE_RAISE = @HAVE_RAISE@ +HAVE_RANDOM = @HAVE_RANDOM@ +HAVE_RANDOM_H = @HAVE_RANDOM_H@ +HAVE_RANDOM_R = @HAVE_RANDOM_R@ +HAVE_RAWMEMCHR = @HAVE_RAWMEMCHR@ +HAVE_READLINK = @HAVE_READLINK@ +HAVE_READLINKAT = @HAVE_READLINKAT@ +HAVE_REALLOCARRAY = @HAVE_REALLOCARRAY@ +HAVE_REALPATH = @HAVE_REALPATH@ +HAVE_RENAMEAT = @HAVE_RENAMEAT@ +HAVE_RPMATCH = @HAVE_RPMATCH@ +HAVE_SA_FAMILY_T = @HAVE_SA_FAMILY_T@ +HAVE_SECURE_GETENV = @HAVE_SECURE_GETENV@ +HAVE_SETENV = @HAVE_SETENV@ +HAVE_SETHOSTNAME = @HAVE_SETHOSTNAME@ +HAVE_SETSTATE = @HAVE_SETSTATE@ +HAVE_SIGACTION = @HAVE_SIGACTION@ +HAVE_SIGHANDLER_T = @HAVE_SIGHANDLER_T@ +HAVE_SIGINFO_T = @HAVE_SIGINFO_T@ +HAVE_SIGNED_SIG_ATOMIC_T = @HAVE_SIGNED_SIG_ATOMIC_T@ +HAVE_SIGNED_WCHAR_T = @HAVE_SIGNED_WCHAR_T@ +HAVE_SIGNED_WINT_T = @HAVE_SIGNED_WINT_T@ +HAVE_SIGSET_T = @HAVE_SIGSET_T@ +HAVE_SLEEP = @HAVE_SLEEP@ +HAVE_STDINT_H = @HAVE_STDINT_H@ +HAVE_STPCPY = @HAVE_STPCPY@ +HAVE_STPNCPY = @HAVE_STPNCPY@ +HAVE_STRCASECMP = @HAVE_STRCASECMP@ +HAVE_STRCASESTR = @HAVE_STRCASESTR@ +HAVE_STRCHRNUL = @HAVE_STRCHRNUL@ +HAVE_STRINGS_H = @HAVE_STRINGS_H@ +HAVE_STRPBRK = @HAVE_STRPBRK@ +HAVE_STRPTIME = @HAVE_STRPTIME@ +HAVE_STRSEP = @HAVE_STRSEP@ +HAVE_STRTOD = @HAVE_STRTOD@ +HAVE_STRTOLD = @HAVE_STRTOLD@ +HAVE_STRTOLL = @HAVE_STRTOLL@ +HAVE_STRTOULL = @HAVE_STRTOULL@ +HAVE_STRUCT_ADDRINFO = @HAVE_STRUCT_ADDRINFO@ +HAVE_STRUCT_RANDOM_DATA = @HAVE_STRUCT_RANDOM_DATA@ +HAVE_STRUCT_SIGACTION_SA_SIGACTION = @HAVE_STRUCT_SIGACTION_SA_SIGACTION@ +HAVE_STRUCT_SOCKADDR_STORAGE = @HAVE_STRUCT_SOCKADDR_STORAGE@ +HAVE_STRUCT_SOCKADDR_STORAGE_SS_FAMILY = @HAVE_STRUCT_SOCKADDR_STORAGE_SS_FAMILY@ +HAVE_STRUCT_TIMEVAL = @HAVE_STRUCT_TIMEVAL@ +HAVE_STRVERSCMP = @HAVE_STRVERSCMP@ +HAVE_SYMLINK = @HAVE_SYMLINK@ +HAVE_SYMLINKAT = @HAVE_SYMLINKAT@ +HAVE_SYS_BITYPES_H = @HAVE_SYS_BITYPES_H@ +HAVE_SYS_INTTYPES_H = @HAVE_SYS_INTTYPES_H@ +HAVE_SYS_IOCTL_H = @HAVE_SYS_IOCTL_H@ +HAVE_SYS_LOADAVG_H = @HAVE_SYS_LOADAVG_H@ +HAVE_SYS_PARAM_H = @HAVE_SYS_PARAM_H@ +HAVE_SYS_SELECT_H = @HAVE_SYS_SELECT_H@ +HAVE_SYS_SOCKET_H = @HAVE_SYS_SOCKET_H@ +HAVE_SYS_TIME_H = @HAVE_SYS_TIME_H@ +HAVE_SYS_TYPES_H = @HAVE_SYS_TYPES_H@ +HAVE_SYS_UIO_H = @HAVE_SYS_UIO_H@ +HAVE_TIMEGM = @HAVE_TIMEGM@ +HAVE_TIMEZONE_T = @HAVE_TIMEZONE_T@ +HAVE_TYPE_VOLATILE_SIG_ATOMIC_T = @HAVE_TYPE_VOLATILE_SIG_ATOMIC_T@ +HAVE_TZSET = @HAVE_TZSET@ +HAVE_UNISTD_H = @HAVE_UNISTD_H@ +HAVE_UNLINKAT = @HAVE_UNLINKAT@ +HAVE_UNLOCKPT = @HAVE_UNLOCKPT@ +HAVE_UNSIGNED_LONG_LONG_INT = @HAVE_UNSIGNED_LONG_LONG_INT@ +HAVE_USLEEP = @HAVE_USLEEP@ +HAVE_UTIMENSAT = @HAVE_UTIMENSAT@ +HAVE_VASPRINTF = @HAVE_VASPRINTF@ +HAVE_VDPRINTF = @HAVE_VDPRINTF@ +HAVE_WCHAR_H = @HAVE_WCHAR_H@ +HAVE_WCHAR_T = @HAVE_WCHAR_T@ +HAVE_WCPCPY = @HAVE_WCPCPY@ +HAVE_WCPNCPY = @HAVE_WCPNCPY@ +HAVE_WCRTOMB = @HAVE_WCRTOMB@ +HAVE_WCSCASECMP = @HAVE_WCSCASECMP@ +HAVE_WCSCAT = @HAVE_WCSCAT@ +HAVE_WCSCHR = @HAVE_WCSCHR@ +HAVE_WCSCMP = @HAVE_WCSCMP@ +HAVE_WCSCOLL = @HAVE_WCSCOLL@ +HAVE_WCSCPY = @HAVE_WCSCPY@ +HAVE_WCSCSPN = @HAVE_WCSCSPN@ +HAVE_WCSDUP = @HAVE_WCSDUP@ +HAVE_WCSFTIME = @HAVE_WCSFTIME@ +HAVE_WCSLEN = @HAVE_WCSLEN@ +HAVE_WCSNCASECMP = @HAVE_WCSNCASECMP@ +HAVE_WCSNCAT = @HAVE_WCSNCAT@ +HAVE_WCSNCMP = @HAVE_WCSNCMP@ +HAVE_WCSNCPY = @HAVE_WCSNCPY@ +HAVE_WCSNLEN = @HAVE_WCSNLEN@ +HAVE_WCSNRTOMBS = @HAVE_WCSNRTOMBS@ +HAVE_WCSPBRK = @HAVE_WCSPBRK@ +HAVE_WCSRCHR = @HAVE_WCSRCHR@ +HAVE_WCSRTOMBS = @HAVE_WCSRTOMBS@ +HAVE_WCSSPN = @HAVE_WCSSPN@ +HAVE_WCSSTR = @HAVE_WCSSTR@ +HAVE_WCSTOK = @HAVE_WCSTOK@ +HAVE_WCSWIDTH = @HAVE_WCSWIDTH@ +HAVE_WCSXFRM = @HAVE_WCSXFRM@ +HAVE_WINSOCK2_H = @HAVE_WINSOCK2_H@ +HAVE_WINT_T = @HAVE_WINT_T@ +HAVE_WMEMCHR = @HAVE_WMEMCHR@ +HAVE_WMEMCMP = @HAVE_WMEMCMP@ +HAVE_WMEMCPY = @HAVE_WMEMCPY@ +HAVE_WMEMMOVE = @HAVE_WMEMMOVE@ +HAVE_WMEMSET = @HAVE_WMEMSET@ +HAVE_WS2TCPIP_H = @HAVE_WS2TCPIP_H@ +HAVE_XLOCALE_H = @HAVE_XLOCALE_H@ +HAVE__BOOL = @HAVE__BOOL@ +HAVE__EXIT = @HAVE__EXIT@ +HOGWEED_CFLAGS = @HOGWEED_CFLAGS@ +HOGWEED_LIBS = @HOGWEED_LIBS@ +HOSTENT_LIB = @HOSTENT_LIB@ +HTML_DIR = @HTML_DIR@ +INCLUDE_NEXT = @INCLUDE_NEXT@ +INCLUDE_NEXT_AS_FIRST_DIRECTIVE = @INCLUDE_NEXT_AS_FIRST_DIRECTIVE@ +INET_NTOP_LIB = @INET_NTOP_LIB@ +INET_PTON_LIB = @INET_PTON_LIB@ +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +INT32_MAX_LT_INTMAX_MAX = @INT32_MAX_LT_INTMAX_MAX@ +INT64_MAX_EQ_LONG_MAX = @INT64_MAX_EQ_LONG_MAX@ +INTLLIBS = @INTLLIBS@ +INTL_MACOSX_LIBS = @INTL_MACOSX_LIBS@ +LCOV = @LCOV@ +LD = @LD@ +LDFLAGS = @LDFLAGS@ +LIBATOMIC_LIBS = @LIBATOMIC_LIBS@ +LIBCRYPTO = @LIBCRYPTO@ +LIBCRYPTO_PREFIX = @LIBCRYPTO_PREFIX@ +LIBDL = @LIBDL@ +LIBDL_PREFIX = @LIBDL_PREFIX@ +LIBGNUTLS_CFLAGS = @LIBGNUTLS_CFLAGS@ +LIBGNUTLS_LIBS = @LIBGNUTLS_LIBS@ +LIBICONV = @LIBICONV@ +LIBIDN2_CFLAGS = @LIBIDN2_CFLAGS@ +LIBIDN2_LIBS = @LIBIDN2_LIBS@ +LIBINTL = @LIBINTL@ +LIBMULTITHREAD = @LIBMULTITHREAD@ +LIBOBJS = @LIBOBJS@ +LIBOPTS_CFLAGS = @LIBOPTS_CFLAGS@ +LIBOPTS_DIR = @LIBOPTS_DIR@ +LIBOPTS_LDADD = @LIBOPTS_LDADD@ +LIBPTH = @LIBPTH@ +LIBPTHREAD = @LIBPTHREAD@ +LIBPTHREAD_PREFIX = @LIBPTHREAD_PREFIX@ +LIBPTH_PREFIX = @LIBPTH_PREFIX@ +LIBRT = @LIBRT@ +LIBRT_PREFIX = @LIBRT_PREFIX@ +LIBS = @LIBS@ +LIBSECCOMP = @LIBSECCOMP@ +LIBSECCOMP_PREFIX = @LIBSECCOMP_PREFIX@ +LIBSOCKET = @LIBSOCKET@ +LIBTASN1_CFLAGS = @LIBTASN1_CFLAGS@ +LIBTASN1_LIBS = @LIBTASN1_LIBS@ +LIBTESTS_LIBDEPS = @LIBTESTS_LIBDEPS@ +LIBTHREAD = @LIBTHREAD@ +LIBTOOL = @LIBTOOL@ +LIBUNISTRING = @LIBUNISTRING@ +LIBUNISTRING_UNICTYPE_H = @LIBUNISTRING_UNICTYPE_H@ +LIBUNISTRING_UNINORM_H = @LIBUNISTRING_UNINORM_H@ +LIBUNISTRING_UNISTR_H = @LIBUNISTRING_UNISTR_H@ +LIBUNISTRING_UNITYPES_H = @LIBUNISTRING_UNITYPES_H@ +LIB_CLOCK_GETTIME = @LIB_CLOCK_GETTIME@ +LIB_NANOSLEEP = @LIB_NANOSLEEP@ +LIB_SELECT = @LIB_SELECT@ +LIMITS_H = @LIMITS_H@ +LIPO = @LIPO@ +LN_S = @LN_S@ +LOCALE_FR = @LOCALE_FR@ +LOCALE_FR_UTF8 = @LOCALE_FR_UTF8@ +LOCALE_JA = @LOCALE_JA@ +LOCALE_TR_UTF8 = @LOCALE_TR_UTF8@ +LOCALE_ZH_CN = @LOCALE_ZH_CN@ +LTALLOCA = @LTALLOCA@ +LTLIBCRYPTO = @LTLIBCRYPTO@ +LTLIBDL = @LTLIBDL@ +LTLIBICONV = @LTLIBICONV@ +LTLIBINTL = @LTLIBINTL@ +LTLIBMULTITHREAD = @LTLIBMULTITHREAD@ +LTLIBOBJS = @LTLIBOBJS@ +LTLIBPTH = @LTLIBPTH@ +LTLIBPTHREAD = @LTLIBPTHREAD@ +LTLIBRT = @LTLIBRT@ +LTLIBSECCOMP = @LTLIBSECCOMP@ +LTLIBTHREAD = @LTLIBTHREAD@ +LT_AGE = @LT_AGE@ +LT_CURRENT = @LT_CURRENT@ +LT_DANE_AGE = @LT_DANE_AGE@ +LT_DANE_CURRENT = @LT_DANE_CURRENT@ +LT_DANE_REVISION = @LT_DANE_REVISION@ +LT_REVISION = @LT_REVISION@ +LT_SSL_AGE = @LT_SSL_AGE@ +LT_SSL_CURRENT = @LT_SSL_CURRENT@ +LT_SSL_REVISION = @LT_SSL_REVISION@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ +LT_XSSL_AGE = @LT_XSSL_AGE@ +LT_XSSL_CURRENT = @LT_XSSL_CURRENT@ +LT_XSSL_REVISION = @LT_XSSL_REVISION@ +MAINT = @MAINT@ +MAJOR_VERSION = @MAJOR_VERSION@ +MAKEINFO = @MAKEINFO@ +MANIFEST_TOOL = @MANIFEST_TOOL@ +MINOR_VERSION = @MINOR_VERSION@ +MKDIR_P = @MKDIR_P@ +MSGFMT = @MSGFMT@ +MSGFMT_015 = @MSGFMT_015@ +MSGMERGE = @MSGMERGE@ +NETINET_IN_H = @NETINET_IN_H@ +NETTLE_CFLAGS = @NETTLE_CFLAGS@ +NETTLE_LIBS = @NETTLE_LIBS@ +NEXT_ARPA_INET_H = @NEXT_ARPA_INET_H@ +NEXT_AS_FIRST_DIRECTIVE_ARPA_INET_H = @NEXT_AS_FIRST_DIRECTIVE_ARPA_INET_H@ +NEXT_AS_FIRST_DIRECTIVE_CTYPE_H = @NEXT_AS_FIRST_DIRECTIVE_CTYPE_H@ +NEXT_AS_FIRST_DIRECTIVE_ERRNO_H = @NEXT_AS_FIRST_DIRECTIVE_ERRNO_H@ +NEXT_AS_FIRST_DIRECTIVE_FCNTL_H = @NEXT_AS_FIRST_DIRECTIVE_FCNTL_H@ +NEXT_AS_FIRST_DIRECTIVE_FLOAT_H = @NEXT_AS_FIRST_DIRECTIVE_FLOAT_H@ +NEXT_AS_FIRST_DIRECTIVE_INTTYPES_H = @NEXT_AS_FIRST_DIRECTIVE_INTTYPES_H@ +NEXT_AS_FIRST_DIRECTIVE_LANGINFO_H = @NEXT_AS_FIRST_DIRECTIVE_LANGINFO_H@ +NEXT_AS_FIRST_DIRECTIVE_LIMITS_H = @NEXT_AS_FIRST_DIRECTIVE_LIMITS_H@ +NEXT_AS_FIRST_DIRECTIVE_LOCALE_H = @NEXT_AS_FIRST_DIRECTIVE_LOCALE_H@ +NEXT_AS_FIRST_DIRECTIVE_NETDB_H = @NEXT_AS_FIRST_DIRECTIVE_NETDB_H@ +NEXT_AS_FIRST_DIRECTIVE_NETINET_IN_H = @NEXT_AS_FIRST_DIRECTIVE_NETINET_IN_H@ +NEXT_AS_FIRST_DIRECTIVE_SIGNAL_H = @NEXT_AS_FIRST_DIRECTIVE_SIGNAL_H@ +NEXT_AS_FIRST_DIRECTIVE_STDDEF_H = @NEXT_AS_FIRST_DIRECTIVE_STDDEF_H@ +NEXT_AS_FIRST_DIRECTIVE_STDINT_H = @NEXT_AS_FIRST_DIRECTIVE_STDINT_H@ +NEXT_AS_FIRST_DIRECTIVE_STDIO_H = @NEXT_AS_FIRST_DIRECTIVE_STDIO_H@ +NEXT_AS_FIRST_DIRECTIVE_STDLIB_H = @NEXT_AS_FIRST_DIRECTIVE_STDLIB_H@ +NEXT_AS_FIRST_DIRECTIVE_STRINGS_H = @NEXT_AS_FIRST_DIRECTIVE_STRINGS_H@ +NEXT_AS_FIRST_DIRECTIVE_STRING_H = @NEXT_AS_FIRST_DIRECTIVE_STRING_H@ +NEXT_AS_FIRST_DIRECTIVE_SYS_IOCTL_H = @NEXT_AS_FIRST_DIRECTIVE_SYS_IOCTL_H@ +NEXT_AS_FIRST_DIRECTIVE_SYS_SELECT_H = @NEXT_AS_FIRST_DIRECTIVE_SYS_SELECT_H@ +NEXT_AS_FIRST_DIRECTIVE_SYS_SOCKET_H = @NEXT_AS_FIRST_DIRECTIVE_SYS_SOCKET_H@ +NEXT_AS_FIRST_DIRECTIVE_SYS_STAT_H = @NEXT_AS_FIRST_DIRECTIVE_SYS_STAT_H@ +NEXT_AS_FIRST_DIRECTIVE_SYS_TIME_H = @NEXT_AS_FIRST_DIRECTIVE_SYS_TIME_H@ +NEXT_AS_FIRST_DIRECTIVE_SYS_TYPES_H = @NEXT_AS_FIRST_DIRECTIVE_SYS_TYPES_H@ +NEXT_AS_FIRST_DIRECTIVE_SYS_UIO_H = @NEXT_AS_FIRST_DIRECTIVE_SYS_UIO_H@ +NEXT_AS_FIRST_DIRECTIVE_TIME_H = @NEXT_AS_FIRST_DIRECTIVE_TIME_H@ +NEXT_AS_FIRST_DIRECTIVE_UNISTD_H = @NEXT_AS_FIRST_DIRECTIVE_UNISTD_H@ +NEXT_AS_FIRST_DIRECTIVE_WCHAR_H = @NEXT_AS_FIRST_DIRECTIVE_WCHAR_H@ +NEXT_CTYPE_H = @NEXT_CTYPE_H@ +NEXT_ERRNO_H = @NEXT_ERRNO_H@ +NEXT_FCNTL_H = @NEXT_FCNTL_H@ +NEXT_FLOAT_H = @NEXT_FLOAT_H@ +NEXT_INTTYPES_H = @NEXT_INTTYPES_H@ +NEXT_LANGINFO_H = @NEXT_LANGINFO_H@ +NEXT_LIMITS_H = @NEXT_LIMITS_H@ +NEXT_LOCALE_H = @NEXT_LOCALE_H@ +NEXT_NETDB_H = @NEXT_NETDB_H@ +NEXT_NETINET_IN_H = @NEXT_NETINET_IN_H@ +NEXT_SIGNAL_H = @NEXT_SIGNAL_H@ +NEXT_STDDEF_H = @NEXT_STDDEF_H@ +NEXT_STDINT_H = @NEXT_STDINT_H@ +NEXT_STDIO_H = @NEXT_STDIO_H@ +NEXT_STDLIB_H = @NEXT_STDLIB_H@ +NEXT_STRINGS_H = @NEXT_STRINGS_H@ +NEXT_STRING_H = @NEXT_STRING_H@ +NEXT_SYS_IOCTL_H = @NEXT_SYS_IOCTL_H@ +NEXT_SYS_SELECT_H = @NEXT_SYS_SELECT_H@ +NEXT_SYS_SOCKET_H = @NEXT_SYS_SOCKET_H@ +NEXT_SYS_STAT_H = @NEXT_SYS_STAT_H@ +NEXT_SYS_TIME_H = @NEXT_SYS_TIME_H@ +NEXT_SYS_TYPES_H = @NEXT_SYS_TYPES_H@ +NEXT_SYS_UIO_H = @NEXT_SYS_UIO_H@ +NEXT_TIME_H = @NEXT_TIME_H@ +NEXT_UNISTD_H = @NEXT_UNISTD_H@ +NEXT_WCHAR_H = @NEXT_WCHAR_H@ +NM = @NM@ +NMEDIT = @NMEDIT@ +NUMBER_VERSION = @NUMBER_VERSION@ +OBJDUMP = @OBJDUMP@ +OBJEXT = @OBJEXT@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ +P11_KIT_CFLAGS = @P11_KIT_CFLAGS@ +P11_KIT_LIBS = @P11_KIT_LIBS@ +PACKAGE = @PACKAGE@ +PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ +PACKAGE_NAME = @PACKAGE_NAME@ +PACKAGE_STRING = @PACKAGE_STRING@ +PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ +PACKAGE_VERSION = @PACKAGE_VERSION@ +PATCH_VERSION = @PATCH_VERSION@ +PATH_SEPARATOR = @PATH_SEPARATOR@ +PKG_CONFIG = @PKG_CONFIG@ +PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ +PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ +PMCCABE = @PMCCABE@ +POSIX_SHELL = @POSIX_SHELL@ +POSUB = @POSUB@ +PRAGMA_COLUMNS = @PRAGMA_COLUMNS@ +PRAGMA_SYSTEM_HEADER = @PRAGMA_SYSTEM_HEADER@ +PRIPTR_PREFIX = @PRIPTR_PREFIX@ +PRI_MACROS_BROKEN = @PRI_MACROS_BROKEN@ +PTHREAD_H_DEFINES_STRUCT_TIMESPEC = @PTHREAD_H_DEFINES_STRUCT_TIMESPEC@ +PTRDIFF_T_SUFFIX = @PTRDIFF_T_SUFFIX@ +RANLIB = @RANLIB@ +REPLACE_BTOWC = @REPLACE_BTOWC@ +REPLACE_CALLOC = @REPLACE_CALLOC@ +REPLACE_CANONICALIZE_FILE_NAME = @REPLACE_CANONICALIZE_FILE_NAME@ +REPLACE_CHOWN = @REPLACE_CHOWN@ +REPLACE_CLOSE = @REPLACE_CLOSE@ +REPLACE_CTIME = @REPLACE_CTIME@ +REPLACE_DPRINTF = @REPLACE_DPRINTF@ +REPLACE_DUP = @REPLACE_DUP@ +REPLACE_DUP2 = @REPLACE_DUP2@ +REPLACE_DUPLOCALE = @REPLACE_DUPLOCALE@ +REPLACE_FACCESSAT = @REPLACE_FACCESSAT@ +REPLACE_FCHOWNAT = @REPLACE_FCHOWNAT@ +REPLACE_FCLOSE = @REPLACE_FCLOSE@ +REPLACE_FCNTL = @REPLACE_FCNTL@ +REPLACE_FDOPEN = @REPLACE_FDOPEN@ +REPLACE_FFLUSH = @REPLACE_FFLUSH@ +REPLACE_FOPEN = @REPLACE_FOPEN@ +REPLACE_FPRINTF = @REPLACE_FPRINTF@ +REPLACE_FPURGE = @REPLACE_FPURGE@ +REPLACE_FREELOCALE = @REPLACE_FREELOCALE@ +REPLACE_FREOPEN = @REPLACE_FREOPEN@ +REPLACE_FSEEK = @REPLACE_FSEEK@ +REPLACE_FSEEKO = @REPLACE_FSEEKO@ +REPLACE_FSTAT = @REPLACE_FSTAT@ +REPLACE_FSTATAT = @REPLACE_FSTATAT@ +REPLACE_FTELL = @REPLACE_FTELL@ +REPLACE_FTELLO = @REPLACE_FTELLO@ +REPLACE_FTRUNCATE = @REPLACE_FTRUNCATE@ +REPLACE_FUTIMENS = @REPLACE_FUTIMENS@ +REPLACE_GAI_STRERROR = @REPLACE_GAI_STRERROR@ +REPLACE_GETCWD = @REPLACE_GETCWD@ +REPLACE_GETDELIM = @REPLACE_GETDELIM@ +REPLACE_GETDOMAINNAME = @REPLACE_GETDOMAINNAME@ +REPLACE_GETDTABLESIZE = @REPLACE_GETDTABLESIZE@ +REPLACE_GETGROUPS = @REPLACE_GETGROUPS@ +REPLACE_GETLINE = @REPLACE_GETLINE@ +REPLACE_GETLOGIN_R = @REPLACE_GETLOGIN_R@ +REPLACE_GETPAGESIZE = @REPLACE_GETPAGESIZE@ +REPLACE_GETPASS = @REPLACE_GETPASS@ +REPLACE_GETTIMEOFDAY = @REPLACE_GETTIMEOFDAY@ +REPLACE_GMTIME = @REPLACE_GMTIME@ +REPLACE_INET_NTOP = @REPLACE_INET_NTOP@ +REPLACE_INET_PTON = @REPLACE_INET_PTON@ +REPLACE_INITSTATE = @REPLACE_INITSTATE@ +REPLACE_IOCTL = @REPLACE_IOCTL@ +REPLACE_ISATTY = @REPLACE_ISATTY@ +REPLACE_ITOLD = @REPLACE_ITOLD@ +REPLACE_LCHOWN = @REPLACE_LCHOWN@ +REPLACE_LINK = @REPLACE_LINK@ +REPLACE_LINKAT = @REPLACE_LINKAT@ +REPLACE_LOCALECONV = @REPLACE_LOCALECONV@ +REPLACE_LOCALTIME = @REPLACE_LOCALTIME@ +REPLACE_LOCALTIME_R = @REPLACE_LOCALTIME_R@ +REPLACE_LSEEK = @REPLACE_LSEEK@ +REPLACE_LSTAT = @REPLACE_LSTAT@ +REPLACE_MALLOC = @REPLACE_MALLOC@ +REPLACE_MBRLEN = @REPLACE_MBRLEN@ +REPLACE_MBRTOWC = @REPLACE_MBRTOWC@ +REPLACE_MBSINIT = @REPLACE_MBSINIT@ +REPLACE_MBSNRTOWCS = @REPLACE_MBSNRTOWCS@ +REPLACE_MBSRTOWCS = @REPLACE_MBSRTOWCS@ +REPLACE_MBSTATE_T = @REPLACE_MBSTATE_T@ +REPLACE_MBTOWC = @REPLACE_MBTOWC@ +REPLACE_MEMCHR = @REPLACE_MEMCHR@ +REPLACE_MEMMEM = @REPLACE_MEMMEM@ +REPLACE_MKDIR = @REPLACE_MKDIR@ +REPLACE_MKFIFO = @REPLACE_MKFIFO@ +REPLACE_MKNOD = @REPLACE_MKNOD@ +REPLACE_MKSTEMP = @REPLACE_MKSTEMP@ +REPLACE_MKTIME = @REPLACE_MKTIME@ +REPLACE_NANOSLEEP = @REPLACE_NANOSLEEP@ +REPLACE_NEWLOCALE = @REPLACE_NEWLOCALE@ +REPLACE_NL_LANGINFO = @REPLACE_NL_LANGINFO@ +REPLACE_NULL = @REPLACE_NULL@ +REPLACE_OBSTACK_PRINTF = @REPLACE_OBSTACK_PRINTF@ +REPLACE_OPEN = @REPLACE_OPEN@ +REPLACE_OPENAT = @REPLACE_OPENAT@ +REPLACE_PERROR = @REPLACE_PERROR@ +REPLACE_POPEN = @REPLACE_POPEN@ +REPLACE_PREAD = @REPLACE_PREAD@ +REPLACE_PRINTF = @REPLACE_PRINTF@ +REPLACE_PSELECT = @REPLACE_PSELECT@ +REPLACE_PTHREAD_SIGMASK = @REPLACE_PTHREAD_SIGMASK@ +REPLACE_PTSNAME = @REPLACE_PTSNAME@ +REPLACE_PTSNAME_R = @REPLACE_PTSNAME_R@ +REPLACE_PUTENV = @REPLACE_PUTENV@ +REPLACE_PWRITE = @REPLACE_PWRITE@ +REPLACE_QSORT_R = @REPLACE_QSORT_R@ +REPLACE_RAISE = @REPLACE_RAISE@ +REPLACE_RANDOM = @REPLACE_RANDOM@ +REPLACE_RANDOM_R = @REPLACE_RANDOM_R@ +REPLACE_READ = @REPLACE_READ@ +REPLACE_READLINK = @REPLACE_READLINK@ +REPLACE_READLINKAT = @REPLACE_READLINKAT@ +REPLACE_REALLOC = @REPLACE_REALLOC@ +REPLACE_REALPATH = @REPLACE_REALPATH@ +REPLACE_REMOVE = @REPLACE_REMOVE@ +REPLACE_RENAME = @REPLACE_RENAME@ +REPLACE_RENAMEAT = @REPLACE_RENAMEAT@ +REPLACE_RMDIR = @REPLACE_RMDIR@ +REPLACE_SELECT = @REPLACE_SELECT@ +REPLACE_SETENV = @REPLACE_SETENV@ +REPLACE_SETLOCALE = @REPLACE_SETLOCALE@ +REPLACE_SETSTATE = @REPLACE_SETSTATE@ +REPLACE_SLEEP = @REPLACE_SLEEP@ +REPLACE_SNPRINTF = @REPLACE_SNPRINTF@ +REPLACE_SPRINTF = @REPLACE_SPRINTF@ +REPLACE_STAT = @REPLACE_STAT@ +REPLACE_STDIO_READ_FUNCS = @REPLACE_STDIO_READ_FUNCS@ +REPLACE_STDIO_WRITE_FUNCS = @REPLACE_STDIO_WRITE_FUNCS@ +REPLACE_STPNCPY = @REPLACE_STPNCPY@ +REPLACE_STRCASESTR = @REPLACE_STRCASESTR@ +REPLACE_STRCHRNUL = @REPLACE_STRCHRNUL@ +REPLACE_STRDUP = @REPLACE_STRDUP@ +REPLACE_STRERROR = @REPLACE_STRERROR@ +REPLACE_STRERROR_R = @REPLACE_STRERROR_R@ +REPLACE_STRFTIME = @REPLACE_STRFTIME@ +REPLACE_STRNCAT = @REPLACE_STRNCAT@ +REPLACE_STRNDUP = @REPLACE_STRNDUP@ +REPLACE_STRNLEN = @REPLACE_STRNLEN@ +REPLACE_STRSIGNAL = @REPLACE_STRSIGNAL@ +REPLACE_STRSTR = @REPLACE_STRSTR@ +REPLACE_STRTOD = @REPLACE_STRTOD@ +REPLACE_STRTOIMAX = @REPLACE_STRTOIMAX@ +REPLACE_STRTOK_R = @REPLACE_STRTOK_R@ +REPLACE_STRTOLD = @REPLACE_STRTOLD@ +REPLACE_STRTOUMAX = @REPLACE_STRTOUMAX@ +REPLACE_STRUCT_LCONV = @REPLACE_STRUCT_LCONV@ +REPLACE_STRUCT_TIMEVAL = @REPLACE_STRUCT_TIMEVAL@ +REPLACE_SYMLINK = @REPLACE_SYMLINK@ +REPLACE_SYMLINKAT = @REPLACE_SYMLINKAT@ +REPLACE_TIMEGM = @REPLACE_TIMEGM@ +REPLACE_TMPFILE = @REPLACE_TMPFILE@ +REPLACE_TRUNCATE = @REPLACE_TRUNCATE@ +REPLACE_TTYNAME_R = @REPLACE_TTYNAME_R@ +REPLACE_TZSET = @REPLACE_TZSET@ +REPLACE_UNLINK = @REPLACE_UNLINK@ +REPLACE_UNLINKAT = @REPLACE_UNLINKAT@ +REPLACE_UNSETENV = @REPLACE_UNSETENV@ +REPLACE_USLEEP = @REPLACE_USLEEP@ +REPLACE_UTIMENSAT = @REPLACE_UTIMENSAT@ +REPLACE_VASPRINTF = @REPLACE_VASPRINTF@ +REPLACE_VDPRINTF = @REPLACE_VDPRINTF@ +REPLACE_VFPRINTF = @REPLACE_VFPRINTF@ +REPLACE_VPRINTF = @REPLACE_VPRINTF@ +REPLACE_VSNPRINTF = @REPLACE_VSNPRINTF@ +REPLACE_VSPRINTF = @REPLACE_VSPRINTF@ +REPLACE_WCRTOMB = @REPLACE_WCRTOMB@ +REPLACE_WCSFTIME = @REPLACE_WCSFTIME@ +REPLACE_WCSNRTOMBS = @REPLACE_WCSNRTOMBS@ +REPLACE_WCSRTOMBS = @REPLACE_WCSRTOMBS@ +REPLACE_WCSWIDTH = @REPLACE_WCSWIDTH@ +REPLACE_WCTOB = @REPLACE_WCTOB@ +REPLACE_WCTOMB = @REPLACE_WCTOMB@ +REPLACE_WCWIDTH = @REPLACE_WCWIDTH@ +REPLACE_WRITE = @REPLACE_WRITE@ +SED = @SED@ +SERVENT_LIB = @SERVENT_LIB@ +SET_MAKE = @SET_MAKE@ +SHELL = @SHELL@ +SIG_ATOMIC_T_SUFFIX = @SIG_ATOMIC_T_SUFFIX@ +SIZE_T_SUFFIX = @SIZE_T_SUFFIX@ +STDALIGN_H = @STDALIGN_H@ +STDBOOL_H = @STDBOOL_H@ +STDDEF_H = @STDDEF_H@ +STDINT_H = @STDINT_H@ +STDNORETURN_H = @STDNORETURN_H@ +STRIP = @STRIP@ +SYS_IOCTL_H_HAVE_WINSOCK2_H = @SYS_IOCTL_H_HAVE_WINSOCK2_H@ +SYS_IOCTL_H_HAVE_WINSOCK2_H_AND_USE_SOCKETS = @SYS_IOCTL_H_HAVE_WINSOCK2_H_AND_USE_SOCKETS@ +SYS_TIME_H_DEFINES_STRUCT_TIMESPEC = @SYS_TIME_H_DEFINES_STRUCT_TIMESPEC@ +TIME_H_DEFINES_STRUCT_TIMESPEC = @TIME_H_DEFINES_STRUCT_TIMESPEC@ +TROUSERS_LIB = @TROUSERS_LIB@ +TSS_CFLAGS = @TSS_CFLAGS@ +TSS_LIBS = @TSS_LIBS@ +UINT32_MAX_LT_UINTMAX_MAX = @UINT32_MAX_LT_UINTMAX_MAX@ +UINT64_MAX_EQ_ULONG_MAX = @UINT64_MAX_EQ_ULONG_MAX@ +UNBOUND_CFLAGS = @UNBOUND_CFLAGS@ +UNBOUND_LIBS = @UNBOUND_LIBS@ +UNDEFINE_STRTOK_R = @UNDEFINE_STRTOK_R@ +UNISTD_H_DEFINES_STRUCT_TIMESPEC = @UNISTD_H_DEFINES_STRUCT_TIMESPEC@ +UNISTD_H_HAVE_WINSOCK2_H = @UNISTD_H_HAVE_WINSOCK2_H@ +UNISTD_H_HAVE_WINSOCK2_H_AND_USE_SOCKETS = @UNISTD_H_HAVE_WINSOCK2_H_AND_USE_SOCKETS@ +USE_NLS = @USE_NLS@ +VALGRIND = @VALGRIND@ +VERSION = @VERSION@ +WARN_CFLAGS = @WARN_CFLAGS@ +WCHAR_T_SUFFIX = @WCHAR_T_SUFFIX@ +WERROR_CFLAGS = @WERROR_CFLAGS@ +WINDOWS_64_BIT_OFF_T = @WINDOWS_64_BIT_OFF_T@ +WINDOWS_64_BIT_ST_SIZE = @WINDOWS_64_BIT_ST_SIZE@ +WINDOWS_STAT_INODES = @WINDOWS_STAT_INODES@ +WINDOWS_STAT_TIMESPEC = @WINDOWS_STAT_TIMESPEC@ +WINT_T_SUFFIX = @WINT_T_SUFFIX@ +WSTACK_CFLAGS = @WSTACK_CFLAGS@ +XGETTEXT = @XGETTEXT@ +XGETTEXT_015 = @XGETTEXT_015@ +XGETTEXT_EXTRA_OPTIONS = @XGETTEXT_EXTRA_OPTIONS@ +YACC = @YACC@ +YEAR = @YEAR@ +YFLAGS = @YFLAGS@ +abs_aux_dir = @abs_aux_dir@ +abs_builddir = @abs_builddir@ +abs_srcdir = @abs_srcdir@ +abs_top_builddir = @abs_top_builddir@ +abs_top_srcdir = @abs_top_srcdir@ +ac_ct_AR = @ac_ct_AR@ +ac_ct_CC = @ac_ct_CC@ +ac_ct_CXX = @ac_ct_CXX@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +ac_cv_sizeof_time_t = @ac_cv_sizeof_time_t@ +am__include = @am__include@ +am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ +am__tar = @am__tar@ +am__untar = @am__untar@ +autogen = @autogen@ +bindir = @bindir@ +build = @build@ +build_alias = @build_alias@ +build_cpu = @build_cpu@ +build_os = @build_os@ +build_vendor = @build_vendor@ +builddir = @builddir@ +datadir = @datadir@ +datarootdir = @datarootdir@ +docdir = @docdir@ +dvidir = @dvidir@ +exec_prefix = @exec_prefix@ +ggl_LIBOBJS = @ggl_LIBOBJS@ +ggl_LTLIBOBJS = @ggl_LTLIBOBJS@ +ggltests_LIBOBJS = @ggltests_LIBOBJS@ +ggltests_LTLIBOBJS = @ggltests_LTLIBOBJS@ +ggltests_WITNESS = @ggltests_WITNESS@ +gl_LIBOBJS = @gl_LIBOBJS@ +gl_LTLIBOBJS = @gl_LTLIBOBJS@ +gltests_LIBOBJS = @gltests_LIBOBJS@ +gltests_LTLIBOBJS = @gltests_LTLIBOBJS@ +gltests_WITNESS = @gltests_WITNESS@ +guile_snarf = @guile_snarf@ +guileextensiondir = @guileextensiondir@ +guilesiteccachedir = @guilesiteccachedir@ +guilesitedir = @guilesitedir@ +host = @host@ +host_alias = @host_alias@ +host_cpu = @host_cpu@ +host_os = @host_os@ +host_vendor = @host_vendor@ +htmldir = @htmldir@ +ifGNUmake = @ifGNUmake@ +ifnGNUmake = @ifnGNUmake@ +includedir = @includedir@ +infodir = @infodir@ +install_sh = @install_sh@ +libdir = @libdir@ +libexecdir = @libexecdir@ +localedir = @localedir@ +localstatedir = @localstatedir@ +mandir = @mandir@ +mkdir_p = @mkdir_p@ +oldincludedir = @oldincludedir@ +pdfdir = @pdfdir@ +prefix = @prefix@ +program_transform_name = @program_transform_name@ +psdir = @psdir@ +runstatedir = @runstatedir@ +sbindir = @sbindir@ +sharedstatedir = @sharedstatedir@ +srcdir = @srcdir@ +sysconfdir = @sysconfdir@ +target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ +top_builddir = @top_builddir@ +top_srcdir = @top_srcdir@ +unistring_LIBOBJS = @unistring_LIBOBJS@ +unistring_LTLIBOBJS = @unistring_LTLIBOBJS@ +unistringtests_LIBOBJS = @unistringtests_LIBOBJS@ +unistringtests_LTLIBOBJS = @unistringtests_LTLIBOBJS@ +unistringtests_WITNESS = @unistringtests_WITNESS@ +AM_CFLAGS = $(WARN_CFLAGS) $(WERROR_CFLAGS) + +# Gnulib warns and suggests use of fseeko instead of fseek, which is +# used in ex-cert-select.c, but certificate files will not be > 4 GB, +# so we just silence the warning instead of fixing the code here. +AM_CPPFLAGS = -I$(top_srcdir)/lib/includes \ + -I$(top_builddir)/lib/includes -I$(top_srcdir)/extra/includes \ + -I$(top_srcdir)/src/gl -I$(top_builddir)/src/gl \ + -D_GL_NO_LARGE_FILES -DNO_LIBCURL +AM_LDFLAGS = -no-install +LDADD = libexamples.la \ + ../../lib/libgnutls.la \ + ../../gl/libgnu.la \ + ../../src/gl/libgnu_gpl.la \ + $(LIBSOCKET) $(INET_NTOP_LIB) $(INET_PTON_LIB) + +CXX_LDADD = ../../lib/libgnutlsxx.la \ + $(LDADD) + +EXTRA_DIST = tlsproxy/LICENSE tlsproxy/README.md +@ENABLE_CXX_TRUE@ex_cxx_SOURCES = ex-cxx.cpp +@ENABLE_CXX_TRUE@ex_cxx_LDADD = $(CXX_LDADD) +tlsproxy_tlsproxy_SOURCES = tlsproxy/buffer.c tlsproxy/buffer.h tlsproxy/crypto-gnutls.c \ + tlsproxy/crypto-gnutls.h tlsproxy/tlsproxy.c + +noinst_LTLIBRARIES = libexamples.la +libexamples_la_SOURCES = examples.h ex-alert.c ex-pkcs12.c \ + ex-session-info.c ex-x509-info.c ex-verify.c \ + ex-client-x509-3.1.c \ + tcp.c udp.c ex-pkcs11-list.c verify.c ex-verify-ssh.c + +all: all-am + +.SUFFIXES: +.SUFFIXES: .c .cpp .lo .o .obj +$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ + *$$dep*) \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ + exit 1;; \ + esac; \ + done; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign doc/examples/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --foreign doc/examples/Makefile +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + @case '$?' in \ + *config.status*) \ + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ + *) \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \ + esac; + +$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + +$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): + +clean-noinstPROGRAMS: + @list='$(noinst_PROGRAMS)'; test -n "$$list" || exit 0; \ + echo " rm -f" $$list; \ + rm -f $$list || exit $$?; \ + test -n "$(EXEEXT)" || exit 0; \ + list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \ + echo " rm -f" $$list; \ + rm -f $$list + +clean-noinstLTLIBRARIES: + -test -z "$(noinst_LTLIBRARIES)" || rm -f $(noinst_LTLIBRARIES) + @list='$(noinst_LTLIBRARIES)'; \ + locs=`for p in $$list; do echo $$p; done | \ + sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \ + sort -u`; \ + test -z "$$locs" || { \ + echo rm -f $${locs}; \ + rm -f $${locs}; \ + } + +libexamples.la: $(libexamples_la_OBJECTS) $(libexamples_la_DEPENDENCIES) $(EXTRA_libexamples_la_DEPENDENCIES) + $(AM_V_CCLD)$(LINK) $(libexamples_la_OBJECTS) $(libexamples_la_LIBADD) $(LIBS) + +ex-cert-select$(EXEEXT): $(ex_cert_select_OBJECTS) $(ex_cert_select_DEPENDENCIES) $(EXTRA_ex_cert_select_DEPENDENCIES) + @rm -f ex-cert-select$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(ex_cert_select_OBJECTS) $(ex_cert_select_LDADD) $(LIBS) + +ex-cert-select-pkcs11$(EXEEXT): $(ex_cert_select_pkcs11_OBJECTS) $(ex_cert_select_pkcs11_DEPENDENCIES) $(EXTRA_ex_cert_select_pkcs11_DEPENDENCIES) + @rm -f ex-cert-select-pkcs11$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(ex_cert_select_pkcs11_OBJECTS) $(ex_cert_select_pkcs11_LDADD) $(LIBS) + +ex-client-anon$(EXEEXT): $(ex_client_anon_OBJECTS) $(ex_client_anon_DEPENDENCIES) $(EXTRA_ex_client_anon_DEPENDENCIES) + @rm -f ex-client-anon$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(ex_client_anon_OBJECTS) $(ex_client_anon_LDADD) $(LIBS) + +ex-client-dtls$(EXEEXT): $(ex_client_dtls_OBJECTS) $(ex_client_dtls_DEPENDENCIES) $(EXTRA_ex_client_dtls_DEPENDENCIES) + @rm -f ex-client-dtls$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(ex_client_dtls_OBJECTS) $(ex_client_dtls_LDADD) $(LIBS) + +ex-client-psk$(EXEEXT): $(ex_client_psk_OBJECTS) $(ex_client_psk_DEPENDENCIES) $(EXTRA_ex_client_psk_DEPENDENCIES) + @rm -f ex-client-psk$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(ex_client_psk_OBJECTS) $(ex_client_psk_LDADD) $(LIBS) + +ex-client-resume$(EXEEXT): $(ex_client_resume_OBJECTS) $(ex_client_resume_DEPENDENCIES) $(EXTRA_ex_client_resume_DEPENDENCIES) + @rm -f ex-client-resume$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(ex_client_resume_OBJECTS) $(ex_client_resume_LDADD) $(LIBS) + +ex-client-srp$(EXEEXT): $(ex_client_srp_OBJECTS) $(ex_client_srp_DEPENDENCIES) $(EXTRA_ex_client_srp_DEPENDENCIES) + @rm -f ex-client-srp$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(ex_client_srp_OBJECTS) $(ex_client_srp_LDADD) $(LIBS) + +ex-client-x509$(EXEEXT): $(ex_client_x509_OBJECTS) $(ex_client_x509_DEPENDENCIES) $(EXTRA_ex_client_x509_DEPENDENCIES) + @rm -f ex-client-x509$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(ex_client_x509_OBJECTS) $(ex_client_x509_LDADD) $(LIBS) + +ex-cxx$(EXEEXT): $(ex_cxx_OBJECTS) $(ex_cxx_DEPENDENCIES) $(EXTRA_ex_cxx_DEPENDENCIES) + @rm -f ex-cxx$(EXEEXT) + $(AM_V_CXXLD)$(CXXLINK) $(ex_cxx_OBJECTS) $(ex_cxx_LDADD) $(LIBS) + +ex-ocsp-client$(EXEEXT): $(ex_ocsp_client_OBJECTS) $(ex_ocsp_client_DEPENDENCIES) $(EXTRA_ex_ocsp_client_DEPENDENCIES) + @rm -f ex-ocsp-client$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(ex_ocsp_client_OBJECTS) $(ex_ocsp_client_LDADD) $(LIBS) + +ex-serv-anon$(EXEEXT): $(ex_serv_anon_OBJECTS) $(ex_serv_anon_DEPENDENCIES) $(EXTRA_ex_serv_anon_DEPENDENCIES) + @rm -f ex-serv-anon$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(ex_serv_anon_OBJECTS) $(ex_serv_anon_LDADD) $(LIBS) + +ex-serv-dtls$(EXEEXT): $(ex_serv_dtls_OBJECTS) $(ex_serv_dtls_DEPENDENCIES) $(EXTRA_ex_serv_dtls_DEPENDENCIES) + @rm -f ex-serv-dtls$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(ex_serv_dtls_OBJECTS) $(ex_serv_dtls_LDADD) $(LIBS) + +ex-serv-psk$(EXEEXT): $(ex_serv_psk_OBJECTS) $(ex_serv_psk_DEPENDENCIES) $(EXTRA_ex_serv_psk_DEPENDENCIES) + @rm -f ex-serv-psk$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(ex_serv_psk_OBJECTS) $(ex_serv_psk_LDADD) $(LIBS) + +ex-serv-srp$(EXEEXT): $(ex_serv_srp_OBJECTS) $(ex_serv_srp_DEPENDENCIES) $(EXTRA_ex_serv_srp_DEPENDENCIES) + @rm -f ex-serv-srp$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(ex_serv_srp_OBJECTS) $(ex_serv_srp_LDADD) $(LIBS) + +ex-serv-x509$(EXEEXT): $(ex_serv_x509_OBJECTS) $(ex_serv_x509_DEPENDENCIES) $(EXTRA_ex_serv_x509_DEPENDENCIES) + @rm -f ex-serv-x509$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(ex_serv_x509_OBJECTS) $(ex_serv_x509_LDADD) $(LIBS) + +print-ciphersuites$(EXEEXT): $(print_ciphersuites_OBJECTS) $(print_ciphersuites_DEPENDENCIES) $(EXTRA_print_ciphersuites_DEPENDENCIES) + @rm -f print-ciphersuites$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(print_ciphersuites_OBJECTS) $(print_ciphersuites_LDADD) $(LIBS) +tlsproxy/$(am__dirstamp): + @$(MKDIR_P) tlsproxy + @: > tlsproxy/$(am__dirstamp) +tlsproxy/$(DEPDIR)/$(am__dirstamp): + @$(MKDIR_P) tlsproxy/$(DEPDIR) + @: > tlsproxy/$(DEPDIR)/$(am__dirstamp) +tlsproxy/buffer.$(OBJEXT): tlsproxy/$(am__dirstamp) \ + tlsproxy/$(DEPDIR)/$(am__dirstamp) +tlsproxy/crypto-gnutls.$(OBJEXT): tlsproxy/$(am__dirstamp) \ + tlsproxy/$(DEPDIR)/$(am__dirstamp) +tlsproxy/tlsproxy.$(OBJEXT): tlsproxy/$(am__dirstamp) \ + tlsproxy/$(DEPDIR)/$(am__dirstamp) + +tlsproxy/tlsproxy$(EXEEXT): $(tlsproxy_tlsproxy_OBJECTS) $(tlsproxy_tlsproxy_DEPENDENCIES) $(EXTRA_tlsproxy_tlsproxy_DEPENDENCIES) tlsproxy/$(am__dirstamp) + @rm -f tlsproxy/tlsproxy$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(tlsproxy_tlsproxy_OBJECTS) $(tlsproxy_tlsproxy_LDADD) $(LIBS) + +mostlyclean-compile: + -rm -f *.$(OBJEXT) + -rm -f tlsproxy/*.$(OBJEXT) + +distclean-compile: + -rm -f *.tab.c + +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ex-alert.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ex-cert-select-pkcs11.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ex-cert-select.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ex-client-anon.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ex-client-dtls.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ex-client-psk.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ex-client-resume.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ex-client-srp.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ex-client-x509-3.1.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ex-client-x509.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ex-cxx.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ex-ocsp-client.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ex-pkcs11-list.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ex-pkcs12.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ex-serv-anon.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ex-serv-dtls.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ex-serv-psk.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ex-serv-srp.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ex-serv-x509.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ex-session-info.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ex-verify-ssh.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ex-verify.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ex-x509-info.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/print-ciphersuites.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tcp.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/udp.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/verify.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@tlsproxy/$(DEPDIR)/buffer.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@tlsproxy/$(DEPDIR)/crypto-gnutls.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@tlsproxy/$(DEPDIR)/tlsproxy.Po@am__quote@ # am--include-marker + +$(am__depfiles_remade): + @$(MKDIR_P) $(@D) + @echo '# dummy' >$@-t && $(am__mv) $@-t $@ + +am--depfiles: $(am__depfiles_remade) + +.c.o: +@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.o$$||'`;\ +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\ +@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $< + +.c.obj: +@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.obj$$||'`;\ +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ `$(CYGPATH_W) '$<'` &&\ +@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'` + +.c.lo: +@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.lo$$||'`;\ +@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\ +@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $< + +.cpp.o: +@am__fastdepCXX_TRUE@ $(AM_V_CXX)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.o$$||'`;\ +@am__fastdepCXX_TRUE@ $(CXXCOMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\ +@am__fastdepCXX_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po +@AMDEP_TRUE@@am__fastdepCXX_FALSE@ $(AM_V_CXX)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCXX_FALSE@ DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCXX_FALSE@ $(AM_V_CXX@am__nodep@)$(CXXCOMPILE) -c -o $@ $< + +.cpp.obj: +@am__fastdepCXX_TRUE@ $(AM_V_CXX)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.obj$$||'`;\ +@am__fastdepCXX_TRUE@ $(CXXCOMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ `$(CYGPATH_W) '$<'` &&\ +@am__fastdepCXX_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po +@AMDEP_TRUE@@am__fastdepCXX_FALSE@ $(AM_V_CXX)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCXX_FALSE@ DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCXX_FALSE@ $(AM_V_CXX@am__nodep@)$(CXXCOMPILE) -c -o $@ `$(CYGPATH_W) '$<'` + +.cpp.lo: +@am__fastdepCXX_TRUE@ $(AM_V_CXX)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.lo$$||'`;\ +@am__fastdepCXX_TRUE@ $(LTCXXCOMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\ +@am__fastdepCXX_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Plo +@AMDEP_TRUE@@am__fastdepCXX_FALSE@ $(AM_V_CXX)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCXX_FALSE@ DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCXX_FALSE@ $(AM_V_CXX@am__nodep@)$(LTCXXCOMPILE) -c -o $@ $< + +mostlyclean-libtool: + -rm -f *.lo + +clean-libtool: + -rm -rf .libs _libs + -rm -rf tlsproxy/.libs tlsproxy/_libs + +ID: $(am__tagged_files) + $(am__define_uniq_tagged_files); mkid -fID $$unique +tags: tags-am +TAGS: tags + +tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) + set x; \ + here=`pwd`; \ + $(am__define_uniq_tagged_files); \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ + test -n "$$unique" || unique=$$empty_fix; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ + fi +ctags: ctags-am + +CTAGS: ctags +ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) + $(am__define_uniq_tagged_files); \ + test -z "$(CTAGS_ARGS)$$unique" \ + || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ + $$unique + +GTAGS: + here=`$(am__cd) $(top_builddir) && pwd` \ + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" +cscopelist: cscopelist-am + +cscopelist-am: $(am__tagged_files) + list='$(am__tagged_files)'; \ + case "$(srcdir)" in \ + [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \ + *) sdir=$(subdir)/$(srcdir) ;; \ + esac; \ + for i in $$list; do \ + if test -f "$$i"; then \ + echo "$(subdir)/$$i"; \ + else \ + echo "$$sdir/$$i"; \ + fi; \ + done >> $(top_builddir)/cscope.files + +distclean-tags: + -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags + +distdir: $(BUILT_SOURCES) + $(MAKE) $(AM_MAKEFLAGS) distdir-am + +distdir-am: $(DISTFILES) + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ + dist_files=`for file in $$list; do echo $$file; done | \ + sed -e "s|^$$srcdirstrip/||;t" \ + -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ + case $$dist_files in \ + */*) $(MKDIR_P) `echo "$$dist_files" | \ + sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ + sort -u` ;; \ + esac; \ + for file in $$dist_files; do \ + if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ + if test -d $$d/$$file; then \ + dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ + else \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ + || exit 1; \ + fi; \ + done +check-am: all-am +check: check-am +all-am: Makefile $(PROGRAMS) $(LTLIBRARIES) +installdirs: +install: install-am +install-exec: install-exec-am +install-data: install-data-am +uninstall: uninstall-am + +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am + +installcheck: installcheck-am +install-strip: + if test -z '$(STRIP)'; then \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + install; \ + else \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ + fi +mostlyclean-generic: + +clean-generic: + +distclean-generic: + -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + -rm -f tlsproxy/$(DEPDIR)/$(am__dirstamp) + -rm -f tlsproxy/$(am__dirstamp) + +maintainer-clean-generic: + @echo "This command is intended for maintainers to use" + @echo "it deletes files that may require special tools to rebuild." +clean: clean-am + +clean-am: clean-generic clean-libtool clean-noinstLTLIBRARIES \ + clean-noinstPROGRAMS mostlyclean-am + +distclean: distclean-am + -rm -f ./$(DEPDIR)/ex-alert.Plo + -rm -f ./$(DEPDIR)/ex-cert-select-pkcs11.Po + -rm -f ./$(DEPDIR)/ex-cert-select.Po + -rm -f ./$(DEPDIR)/ex-client-anon.Po + -rm -f ./$(DEPDIR)/ex-client-dtls.Po + -rm -f ./$(DEPDIR)/ex-client-psk.Po + -rm -f ./$(DEPDIR)/ex-client-resume.Po + -rm -f ./$(DEPDIR)/ex-client-srp.Po + -rm -f ./$(DEPDIR)/ex-client-x509-3.1.Plo + -rm -f ./$(DEPDIR)/ex-client-x509.Po + -rm -f ./$(DEPDIR)/ex-cxx.Po + -rm -f ./$(DEPDIR)/ex-ocsp-client.Po + -rm -f ./$(DEPDIR)/ex-pkcs11-list.Plo + -rm -f ./$(DEPDIR)/ex-pkcs12.Plo + -rm -f ./$(DEPDIR)/ex-serv-anon.Po + -rm -f ./$(DEPDIR)/ex-serv-dtls.Po + -rm -f ./$(DEPDIR)/ex-serv-psk.Po + -rm -f ./$(DEPDIR)/ex-serv-srp.Po + -rm -f ./$(DEPDIR)/ex-serv-x509.Po + -rm -f ./$(DEPDIR)/ex-session-info.Plo + -rm -f ./$(DEPDIR)/ex-verify-ssh.Plo + -rm -f ./$(DEPDIR)/ex-verify.Plo + -rm -f ./$(DEPDIR)/ex-x509-info.Plo + -rm -f ./$(DEPDIR)/print-ciphersuites.Po + -rm -f ./$(DEPDIR)/tcp.Plo + -rm -f ./$(DEPDIR)/udp.Plo + -rm -f ./$(DEPDIR)/verify.Plo + -rm -f tlsproxy/$(DEPDIR)/buffer.Po + -rm -f tlsproxy/$(DEPDIR)/crypto-gnutls.Po + -rm -f tlsproxy/$(DEPDIR)/tlsproxy.Po + -rm -f Makefile +distclean-am: clean-am distclean-compile distclean-generic \ + distclean-tags + +dvi: dvi-am + +dvi-am: + +html: html-am + +html-am: + +info: info-am + +info-am: + +install-data-am: + +install-dvi: install-dvi-am + +install-dvi-am: + +install-exec-am: + +install-html: install-html-am + +install-html-am: + +install-info: install-info-am + +install-info-am: + +install-man: + +install-pdf: install-pdf-am + +install-pdf-am: + +install-ps: install-ps-am + +install-ps-am: + +installcheck-am: + +maintainer-clean: maintainer-clean-am + -rm -f ./$(DEPDIR)/ex-alert.Plo + -rm -f ./$(DEPDIR)/ex-cert-select-pkcs11.Po + -rm -f ./$(DEPDIR)/ex-cert-select.Po + -rm -f ./$(DEPDIR)/ex-client-anon.Po + -rm -f ./$(DEPDIR)/ex-client-dtls.Po + -rm -f ./$(DEPDIR)/ex-client-psk.Po + -rm -f ./$(DEPDIR)/ex-client-resume.Po + -rm -f ./$(DEPDIR)/ex-client-srp.Po + -rm -f ./$(DEPDIR)/ex-client-x509-3.1.Plo + -rm -f ./$(DEPDIR)/ex-client-x509.Po + -rm -f ./$(DEPDIR)/ex-cxx.Po + -rm -f ./$(DEPDIR)/ex-ocsp-client.Po + -rm -f ./$(DEPDIR)/ex-pkcs11-list.Plo + -rm -f ./$(DEPDIR)/ex-pkcs12.Plo + -rm -f ./$(DEPDIR)/ex-serv-anon.Po + -rm -f ./$(DEPDIR)/ex-serv-dtls.Po + -rm -f ./$(DEPDIR)/ex-serv-psk.Po + -rm -f ./$(DEPDIR)/ex-serv-srp.Po + -rm -f ./$(DEPDIR)/ex-serv-x509.Po + -rm -f ./$(DEPDIR)/ex-session-info.Plo + -rm -f ./$(DEPDIR)/ex-verify-ssh.Plo + -rm -f ./$(DEPDIR)/ex-verify.Plo + -rm -f ./$(DEPDIR)/ex-x509-info.Plo + -rm -f ./$(DEPDIR)/print-ciphersuites.Po + -rm -f ./$(DEPDIR)/tcp.Plo + -rm -f ./$(DEPDIR)/udp.Plo + -rm -f ./$(DEPDIR)/verify.Plo + -rm -f tlsproxy/$(DEPDIR)/buffer.Po + -rm -f tlsproxy/$(DEPDIR)/crypto-gnutls.Po + -rm -f tlsproxy/$(DEPDIR)/tlsproxy.Po + -rm -f Makefile +maintainer-clean-am: distclean-am maintainer-clean-generic + +mostlyclean: mostlyclean-am + +mostlyclean-am: mostlyclean-compile mostlyclean-generic \ + mostlyclean-libtool + +pdf: pdf-am + +pdf-am: + +ps: ps-am + +ps-am: + +uninstall-am: + +.MAKE: install-am install-strip + +.PHONY: CTAGS GTAGS TAGS all all-am am--depfiles check check-am clean \ + clean-generic clean-libtool clean-noinstLTLIBRARIES \ + clean-noinstPROGRAMS cscopelist-am ctags ctags-am distclean \ + distclean-compile distclean-generic distclean-libtool \ + distclean-tags distdir dvi dvi-am html html-am info info-am \ + install install-am install-data install-data-am install-dvi \ + install-dvi-am install-exec install-exec-am install-html \ + install-html-am install-info install-info-am install-man \ + install-pdf install-pdf-am install-ps install-ps-am \ + install-strip installcheck installcheck-am installdirs \ + maintainer-clean maintainer-clean-generic mostlyclean \ + mostlyclean-compile mostlyclean-generic mostlyclean-libtool \ + pdf pdf-am ps ps-am tags tags-am uninstall uninstall-am + +.PRECIOUS: Makefile + + +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff --git a/doc/examples/ex-alert.c b/doc/examples/ex-alert.c new file mode 100644 index 0000000..868771a --- /dev/null +++ b/doc/examples/ex-alert.c @@ -0,0 +1,36 @@ +/* This example code is placed in the public domain. */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include + +#include "examples.h" + +/* This function will check whether the given return code from + * a gnutls function (recv/send), is an alert, and will print + * that alert. + */ +void check_alert(gnutls_session_t session, int ret) +{ + int last_alert; + + if (ret == GNUTLS_E_WARNING_ALERT_RECEIVED + || ret == GNUTLS_E_FATAL_ALERT_RECEIVED) { + last_alert = gnutls_alert_get(session); + + /* The check for renegotiation is only useful if we are + * a server, and we had requested a rehandshake. + */ + if (last_alert == GNUTLS_A_NO_RENEGOTIATION && + ret == GNUTLS_E_WARNING_ALERT_RECEIVED) + printf("* Received NO_RENEGOTIATION alert. " + "Client Does not support renegotiation.\n"); + else + printf("* Received alert '%d': %s.\n", last_alert, + gnutls_alert_get_name(last_alert)); + } +} diff --git a/doc/examples/ex-cert-select-pkcs11.c b/doc/examples/ex-cert-select-pkcs11.c new file mode 100644 index 0000000..2923a47 --- /dev/null +++ b/doc/examples/ex-cert-select-pkcs11.c @@ -0,0 +1,175 @@ +/* This example code is placed in the public domain. */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include /* for getpass() */ + +/* A TLS client that loads the certificate and key. + */ + +#define CHECK(x) assert((x)>=0) + +#define MAX_BUF 1024 +#define MSG "GET / HTTP/1.0\r\n\r\n" +#define MIN(x,y) (((x)<(y))?(x):(y)) + +#define CAFILE "/etc/ssl/certs/ca-certificates.crt" + +/* The URLs of the objects can be obtained + * using p11tool --list-all --login + */ +#define KEY_URL "pkcs11:manufacturer=SomeManufacturer;object=Private%20Key" \ + ";objecttype=private;id=%db%5b%3e%b5%72%33" +#define CERT_URL "pkcs11:manufacturer=SomeManufacturer;object=Certificate;" \ + "objecttype=cert;id=db%5b%3e%b5%72%33" + +extern int tcp_connect(void); +extern void tcp_close(int sd); + +static int +pin_callback(void *user, int attempt, const char *token_url, + const char *token_label, unsigned int flags, char *pin, + size_t pin_max) +{ + const char *password; + int len; + + printf("PIN required for token '%s' with URL '%s'\n", token_label, + token_url); + if (flags & GNUTLS_PIN_FINAL_TRY) + printf("*** This is the final try before locking!\n"); + if (flags & GNUTLS_PIN_COUNT_LOW) + printf("*** Only few tries left before locking!\n"); + if (flags & GNUTLS_PIN_WRONG) + printf("*** Wrong PIN\n"); + + password = getpass("Enter pin: "); + /* FIXME: ensure that we are in UTF-8 locale */ + if (password == NULL || password[0] == 0) { + fprintf(stderr, "No password given\n"); + exit(1); + } + + len = MIN(pin_max - 1, strlen(password)); + memcpy(pin, password, len); + pin[len] = 0; + + return 0; +} + +int main(void) +{ + int ret, sd, ii; + gnutls_session_t session; + char buffer[MAX_BUF + 1]; + gnutls_certificate_credentials_t xcred; + /* Allow connections to servers that have OpenPGP keys as well. + */ + + if (gnutls_check_version("3.1.4") == NULL) { + fprintf(stderr, "GnuTLS 3.1.4 or later is required for this example\n"); + exit(1); + } + + /* for backwards compatibility with gnutls < 3.3.0 */ + CHECK(gnutls_global_init()); + + /* The PKCS11 private key operations may require PIN. + * Register a callback. */ + gnutls_pkcs11_set_pin_function(pin_callback, NULL); + + /* X509 stuff */ + CHECK(gnutls_certificate_allocate_credentials(&xcred)); + + /* sets the trusted cas file + */ + CHECK(gnutls_certificate_set_x509_trust_file(xcred, CAFILE, + GNUTLS_X509_FMT_PEM)); + + CHECK(gnutls_certificate_set_x509_key_file(xcred, CERT_URL, KEY_URL, + GNUTLS_X509_FMT_DER)); + + /* Note that there is no server certificate verification in this example + */ + + + /* Initialize TLS session + */ + CHECK(gnutls_init(&session, GNUTLS_CLIENT)); + + /* Use default priorities */ + CHECK(gnutls_set_default_priority(session)); + + /* put the x509 credentials to the current session + */ + CHECK(gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred)); + + /* connect to the peer + */ + sd = tcp_connect(); + + gnutls_transport_set_int(session, sd); + + /* Perform the TLS handshake + */ + ret = gnutls_handshake(session); + + if (ret < 0) { + fprintf(stderr, "*** Handshake failed\n"); + gnutls_perror(ret); + goto end; + } else { + char *desc; + + desc = gnutls_session_get_desc(session); + printf("- Session info: %s\n", desc); + gnutls_free(desc); + } + + CHECK(gnutls_record_send(session, MSG, strlen(MSG))); + + ret = gnutls_record_recv(session, buffer, MAX_BUF); + if (ret == 0) { + printf("- Peer has closed the TLS connection\n"); + goto end; + } else if (ret < 0) { + fprintf(stderr, "*** Error: %s\n", gnutls_strerror(ret)); + goto end; + } + + printf("- Received %d bytes: ", ret); + for (ii = 0; ii < ret; ii++) { + fputc(buffer[ii], stdout); + } + fputs("\n", stdout); + + CHECK(gnutls_bye(session, GNUTLS_SHUT_RDWR)); + + end: + + tcp_close(sd); + + gnutls_deinit(session); + + gnutls_certificate_free_credentials(xcred); + + gnutls_global_deinit(); + + return 0; +} diff --git a/doc/examples/ex-cert-select.c b/doc/examples/ex-cert-select.c new file mode 100644 index 0000000..9f84b67 --- /dev/null +++ b/doc/examples/ex-cert-select.c @@ -0,0 +1,214 @@ +/* This example code is placed in the public domain. */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +/* A TLS client that loads the certificate and key. + */ + +#define CHECK(x) assert((x)>=0) + +#define MAX_BUF 1024 +#define MSG "GET / HTTP/1.0\r\n\r\n" + +#define CERT_FILE "cert.pem" +#define KEY_FILE "key.pem" +#define CAFILE "/etc/ssl/certs/ca-certificates.crt" + +extern int tcp_connect(void); +extern void tcp_close(int sd); + +static int +cert_callback(gnutls_session_t session, + const gnutls_datum_t * req_ca_rdn, int nreqs, + const gnutls_pk_algorithm_t * sign_algos, + int sign_algos_length, gnutls_pcert_st ** pcert, + unsigned int *pcert_length, gnutls_privkey_t * pkey); + +gnutls_pcert_st pcrt; +gnutls_privkey_t key; + +/* Load the certificate and the private key. + */ +static void load_keys(void) +{ + gnutls_datum_t data; + + CHECK(gnutls_load_file(CERT_FILE, &data)); + + CHECK(gnutls_pcert_import_x509_raw(&pcrt, &data, + GNUTLS_X509_FMT_PEM, 0)); + + gnutls_free(data.data); + + CHECK(gnutls_load_file(KEY_FILE, &data)); + + CHECK(gnutls_privkey_init(&key)); + + CHECK(gnutls_privkey_import_x509_raw(key, &data, + GNUTLS_X509_FMT_PEM, + NULL, 0)); + gnutls_free(data.data); +} + +int main(void) +{ + int ret, sd, ii; + gnutls_session_t session; + char buffer[MAX_BUF + 1]; + gnutls_certificate_credentials_t xcred; + + if (gnutls_check_version("3.1.4") == NULL) { + fprintf(stderr, "GnuTLS 3.1.4 or later is required for this example\n"); + exit(1); + } + + /* for backwards compatibility with gnutls < 3.3.0 */ + CHECK(gnutls_global_init()); + + load_keys(); + + /* X509 stuff */ + CHECK(gnutls_certificate_allocate_credentials(&xcred)); + + /* sets the trusted cas file + */ + CHECK(gnutls_certificate_set_x509_trust_file(xcred, CAFILE, + GNUTLS_X509_FMT_PEM)); + + gnutls_certificate_set_retrieve_function2(xcred, cert_callback); + + /* Initialize TLS session + */ + CHECK(gnutls_init(&session, GNUTLS_CLIENT)); + + /* Use default priorities */ + CHECK(gnutls_set_default_priority(session)); + + /* put the x509 credentials to the current session + */ + CHECK(gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred)); + + /* connect to the peer + */ + sd = tcp_connect(); + + gnutls_transport_set_int(session, sd); + + /* Perform the TLS handshake + */ + ret = gnutls_handshake(session); + + if (ret < 0) { + fprintf(stderr, "*** Handshake failed\n"); + gnutls_perror(ret); + goto end; + } else { + char *desc; + + desc = gnutls_session_get_desc(session); + printf("- Session info: %s\n", desc); + gnutls_free(desc); + } + + CHECK(gnutls_record_send(session, MSG, strlen(MSG))); + + ret = gnutls_record_recv(session, buffer, MAX_BUF); + if (ret == 0) { + printf("- Peer has closed the TLS connection\n"); + goto end; + } else if (ret < 0) { + fprintf(stderr, "*** Error: %s\n", gnutls_strerror(ret)); + goto end; + } + + printf("- Received %d bytes: ", ret); + for (ii = 0; ii < ret; ii++) { + fputc(buffer[ii], stdout); + } + fputs("\n", stdout); + + CHECK(gnutls_bye(session, GNUTLS_SHUT_RDWR)); + + end: + + tcp_close(sd); + + gnutls_deinit(session); + + gnutls_certificate_free_credentials(xcred); + + gnutls_global_deinit(); + + return 0; +} + + + +/* This callback should be associated with a session by calling + * gnutls_certificate_client_set_retrieve_function( session, cert_callback), + * before a handshake. + */ + +static int +cert_callback(gnutls_session_t session, + const gnutls_datum_t * req_ca_rdn, int nreqs, + const gnutls_pk_algorithm_t * sign_algos, + int sign_algos_length, gnutls_pcert_st ** pcert, + unsigned int *pcert_length, gnutls_privkey_t * pkey) +{ + char issuer_dn[256]; + int i, ret; + size_t len; + gnutls_certificate_type_t type; + + /* Print the server's trusted CAs + */ + if (nreqs > 0) + printf("- Server's trusted authorities:\n"); + else + printf + ("- Server did not send us any trusted authorities names.\n"); + + /* print the names (if any) */ + for (i = 0; i < nreqs; i++) { + len = sizeof(issuer_dn); + ret = gnutls_x509_rdn_get(&req_ca_rdn[i], issuer_dn, &len); + if (ret >= 0) { + printf(" [%d]: ", i); + printf("%s\n", issuer_dn); + } + } + + /* Select a certificate and return it. + * The certificate must be of any of the "sign algorithms" + * supported by the server. + */ + type = gnutls_certificate_type_get(session); + if (type == GNUTLS_CRT_X509) { + *pcert_length = 1; + *pcert = &pcrt; + *pkey = key; + } else { + return -1; + } + + return 0; + +} diff --git a/doc/examples/ex-client-anon.c b/doc/examples/ex-client-anon.c new file mode 100644 index 0000000..39d5a7e --- /dev/null +++ b/doc/examples/ex-client-anon.c @@ -0,0 +1,118 @@ +/* This example code is placed in the public domain. */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include +#include +#include +#include +#include + +/* A very basic TLS client, with anonymous authentication. + */ + +#define LOOP_CHECK(rval, cmd) \ + do { \ + rval = cmd; \ + } while(rval == GNUTLS_E_AGAIN || rval == GNUTLS_E_INTERRUPTED); \ + assert(rval >= 0) + +#define MAX_BUF 1024 +#define MSG "GET / HTTP/1.0\r\n\r\n" + +extern int tcp_connect(void); +extern void tcp_close(int sd); + +int main(void) +{ + int ret, sd, ii; + gnutls_session_t session; + char buffer[MAX_BUF + 1]; + gnutls_anon_client_credentials_t anoncred; + /* Need to enable anonymous KX specifically. */ + + gnutls_global_init(); + + gnutls_anon_allocate_client_credentials(&anoncred); + + /* Initialize TLS session + */ + gnutls_init(&session, GNUTLS_CLIENT); + + /* Use default priorities */ + gnutls_priority_set_direct(session, + "PERFORMANCE:+ANON-ECDH:+ANON-DH", + NULL); + + /* put the anonymous credentials to the current session + */ + gnutls_credentials_set(session, GNUTLS_CRD_ANON, anoncred); + + /* connect to the peer + */ + sd = tcp_connect(); + + gnutls_transport_set_int(session, sd); + gnutls_handshake_set_timeout(session, + GNUTLS_DEFAULT_HANDSHAKE_TIMEOUT); + + /* Perform the TLS handshake + */ + do { + ret = gnutls_handshake(session); + } + while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + + if (ret < 0) { + fprintf(stderr, "*** Handshake failed\n"); + gnutls_perror(ret); + goto end; + } else { + char *desc; + + desc = gnutls_session_get_desc(session); + printf("- Session info: %s\n", desc); + gnutls_free(desc); + } + + LOOP_CHECK(ret, gnutls_record_send(session, MSG, strlen(MSG))); + + LOOP_CHECK(ret, gnutls_record_recv(session, buffer, MAX_BUF)); + if (ret == 0) { + printf("- Peer has closed the TLS connection\n"); + goto end; + } else if (ret < 0 && gnutls_error_is_fatal(ret) == 0) { + fprintf(stderr, "*** Warning: %s\n", gnutls_strerror(ret)); + } else if (ret < 0) { + fprintf(stderr, "*** Error: %s\n", gnutls_strerror(ret)); + goto end; + } + + if (ret > 0) { + printf("- Received %d bytes: ", ret); + for (ii = 0; ii < ret; ii++) { + fputc(buffer[ii], stdout); + } + fputs("\n", stdout); + } + + LOOP_CHECK(ret, gnutls_bye(session, GNUTLS_SHUT_RDWR)); + + end: + + tcp_close(sd); + + gnutls_deinit(session); + + gnutls_anon_free_client_credentials(anoncred); + + gnutls_global_deinit(); + + return 0; +} diff --git a/doc/examples/ex-client-dtls.c b/doc/examples/ex-client-dtls.c new file mode 100644 index 0000000..095246e --- /dev/null +++ b/doc/examples/ex-client-dtls.c @@ -0,0 +1,134 @@ +/* This example code is placed in the public domain. */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +/* A very basic Datagram TLS client, over UDP with X.509 authentication. + */ + +#define CHECK(x) assert((x)>=0) +#define LOOP_CHECK(rval, cmd) \ + do { \ + rval = cmd; \ + } while(rval == GNUTLS_E_AGAIN || rval == GNUTLS_E_INTERRUPTED); \ + assert(rval >= 0) + +#define MAX_BUF 1024 +#define MSG "GET / HTTP/1.0\r\n\r\n" + +extern int udp_connect(void); +extern void udp_close(int sd); +extern int verify_certificate_callback(gnutls_session_t session); + +int main(void) +{ + int ret, sd, ii; + gnutls_session_t session; + char buffer[MAX_BUF + 1]; + gnutls_certificate_credentials_t xcred; + + if (gnutls_check_version("3.1.4") == NULL) { + fprintf(stderr, "GnuTLS 3.1.4 or later is required for this example\n"); + exit(1); + } + + /* for backwards compatibility with gnutls < 3.3.0 */ + CHECK(gnutls_global_init()); + + /* X509 stuff */ + CHECK(gnutls_certificate_allocate_credentials(&xcred)); + + /* sets the system trusted CAs for Internet PKI */ + CHECK(gnutls_certificate_set_x509_system_trust(xcred)); + + /* Initialize TLS session */ + CHECK(gnutls_init(&session, GNUTLS_CLIENT | GNUTLS_DATAGRAM)); + + /* Use default priorities */ + CHECK(gnutls_set_default_priority(session)); + + /* put the x509 credentials to the current session */ + CHECK(gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred)); + CHECK(gnutls_server_name_set(session, GNUTLS_NAME_DNS, "www.example.com", + strlen("www.example.com"))); + + gnutls_session_set_verify_cert(session, "www.example.com", 0); + + /* connect to the peer */ + sd = udp_connect(); + + gnutls_transport_set_int(session, sd); + + /* set the connection MTU */ + gnutls_dtls_set_mtu(session, 1000); + /* gnutls_dtls_set_timeouts(session, 1000, 60000); */ + + /* Perform the TLS handshake */ + do { + ret = gnutls_handshake(session); + } + while (ret == GNUTLS_E_INTERRUPTED || ret == GNUTLS_E_AGAIN); + /* Note that DTLS may also receive GNUTLS_E_LARGE_PACKET */ + + if (ret < 0) { + fprintf(stderr, "*** Handshake failed\n"); + gnutls_perror(ret); + goto end; + } else { + char *desc; + + desc = gnutls_session_get_desc(session); + printf("- Session info: %s\n", desc); + gnutls_free(desc); + } + + LOOP_CHECK(ret, gnutls_record_send(session, MSG, strlen(MSG))); + + LOOP_CHECK(ret, gnutls_record_recv(session, buffer, MAX_BUF)); + if (ret == 0) { + printf("- Peer has closed the TLS connection\n"); + goto end; + } else if (ret < 0 && gnutls_error_is_fatal(ret) == 0) { + fprintf(stderr, "*** Warning: %s\n", gnutls_strerror(ret)); + } else if (ret < 0) { + fprintf(stderr, "*** Error: %s\n", gnutls_strerror(ret)); + goto end; + } + + if (ret > 0) { + printf("- Received %d bytes: ", ret); + for (ii = 0; ii < ret; ii++) { + fputc(buffer[ii], stdout); + } + fputs("\n", stdout); + } + + /* It is suggested not to use GNUTLS_SHUT_RDWR in DTLS + * connections because the peer's closure message might + * be lost */ + CHECK(gnutls_bye(session, GNUTLS_SHUT_WR)); + + end: + + udp_close(sd); + + gnutls_deinit(session); + + gnutls_certificate_free_credentials(xcred); + + gnutls_global_deinit(); + + return 0; +} diff --git a/doc/examples/ex-client-psk.c b/doc/examples/ex-client-psk.c new file mode 100644 index 0000000..63ef884 --- /dev/null +++ b/doc/examples/ex-client-psk.c @@ -0,0 +1,137 @@ +/* This example code is placed in the public domain. */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include +#include +#include +#include +#include + +/* A very basic TLS client, with PSK authentication. + */ + +#define CHECK(x) assert((x)>=0) +#define LOOP_CHECK(rval, cmd) \ + do { \ + rval = cmd; \ + } while(rval == GNUTLS_E_AGAIN || rval == GNUTLS_E_INTERRUPTED); \ + assert(rval >= 0) + +#define MAX_BUF 1024 +#define MSG "GET / HTTP/1.0\r\n\r\n" + +extern int tcp_connect(void); +extern void tcp_close(int sd); + +int main(void) +{ + int ret, sd, ii; + gnutls_session_t session; + char buffer[MAX_BUF + 1]; + const char *err; + gnutls_psk_client_credentials_t pskcred; + const gnutls_datum_t key = { (void *) "DEADBEEF", 8 }; + + if (gnutls_check_version("3.6.3") == NULL) { + fprintf(stderr, "GnuTLS 3.6.3 or later is required for this example\n"); + exit(1); + } + + CHECK(gnutls_global_init()); + + CHECK(gnutls_psk_allocate_client_credentials(&pskcred)); + CHECK(gnutls_psk_set_client_credentials(pskcred, "test", &key, + GNUTLS_PSK_KEY_HEX)); + + /* Initialize TLS session + */ + CHECK(gnutls_init(&session, GNUTLS_CLIENT)); + + ret = + gnutls_set_default_priority_append(session, + "-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK", + &err, 0); + + /* Alternative for pre-3.6.3 versions: + * gnutls_priority_set_direct(session, "NORMAL:+ECDHE-PSK:+DHE-PSK:+PSK", &err) + */ + if (ret < 0) { + if (ret == GNUTLS_E_INVALID_REQUEST) { + fprintf(stderr, "Syntax error at: %s\n", err); + } + exit(1); + } + + /* put the x509 credentials to the current session + */ + CHECK(gnutls_credentials_set(session, GNUTLS_CRD_PSK, pskcred)); + + /* connect to the peer + */ + sd = tcp_connect(); + + gnutls_transport_set_int(session, sd); + gnutls_handshake_set_timeout(session, + GNUTLS_DEFAULT_HANDSHAKE_TIMEOUT); + + /* Perform the TLS handshake + */ + do { + ret = gnutls_handshake(session); + } + while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + + if (ret < 0) { + fprintf(stderr, "*** Handshake failed\n"); + gnutls_perror(ret); + goto end; + } else { + char *desc; + + desc = gnutls_session_get_desc(session); + printf("- Session info: %s\n", desc); + gnutls_free(desc); + } + + LOOP_CHECK(ret, gnutls_record_send(session, MSG, strlen(MSG))); + + LOOP_CHECK(ret, gnutls_record_recv(session, buffer, MAX_BUF)); + if (ret == 0) { + printf("- Peer has closed the TLS connection\n"); + goto end; + } else if (ret < 0 && gnutls_error_is_fatal(ret) == 0) { + fprintf(stderr, "*** Warning: %s\n", gnutls_strerror(ret)); + } else if (ret < 0) { + fprintf(stderr, "*** Error: %s\n", gnutls_strerror(ret)); + goto end; + } + + if (ret > 0) { + printf("- Received %d bytes: ", ret); + for (ii = 0; ii < ret; ii++) { + fputc(buffer[ii], stdout); + } + fputs("\n", stdout); + } + + CHECK(gnutls_bye(session, GNUTLS_SHUT_RDWR)); + + end: + + tcp_close(sd); + + gnutls_deinit(session); + + gnutls_psk_free_client_credentials(pskcred); + + gnutls_global_deinit(); + + return 0; +} diff --git a/doc/examples/ex-client-resume.c b/doc/examples/ex-client-resume.c new file mode 100644 index 0000000..3161ef3 --- /dev/null +++ b/doc/examples/ex-client-resume.c @@ -0,0 +1,146 @@ +/* This example code is placed in the public domain. */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include + +extern void check_alert(gnutls_session_t session, int ret); +extern int tcp_connect(void); +extern void tcp_close(int sd); + +/* A very basic TLS client, with X.509 authentication and server certificate + * verification as well as session resumption. + * + * Note that error recovery is minimal for simplicity. + */ + +#define CHECK(x) assert((x)>=0) +#define LOOP_CHECK(rval, cmd) \ + do { \ + rval = cmd; \ + } while(rval == GNUTLS_E_AGAIN || rval == GNUTLS_E_INTERRUPTED); \ + assert(rval >= 0) + +#define MAX_BUF 1024 +#define MSG "GET / HTTP/1.0\r\n\r\n" + +int main(void) +{ + int ret; + int sd, ii; + gnutls_session_t session; + char buffer[MAX_BUF + 1]; + gnutls_certificate_credentials_t xcred; + + /* variables used in session resuming + */ + int t; + gnutls_datum_t sdata; + + /* for backwards compatibility with gnutls < 3.3.0 */ + CHECK(gnutls_global_init()); + + CHECK(gnutls_certificate_allocate_credentials(&xcred)); + CHECK(gnutls_certificate_set_x509_system_trust(xcred)); + + for (t = 0; t < 2; t++) { /* connect 2 times to the server */ + + sd = tcp_connect(); + + CHECK(gnutls_init(&session, GNUTLS_CLIENT)); + + CHECK(gnutls_server_name_set(session, GNUTLS_NAME_DNS, + "www.example.com", + strlen("www.example.com"))); + gnutls_session_set_verify_cert(session, "www.example.com", 0); + + CHECK(gnutls_set_default_priority(session)); + + gnutls_transport_set_int(session, sd); + gnutls_handshake_set_timeout(session, + GNUTLS_DEFAULT_HANDSHAKE_TIMEOUT); + + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, + xcred); + + if (t > 0) { + /* if this is not the first time we connect */ + CHECK(gnutls_session_set_data(session, sdata.data, + sdata.size)); + gnutls_free(sdata.data); + } + + /* Perform the TLS handshake + */ + do { + ret = gnutls_handshake(session); + } + while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + + if (ret < 0) { + fprintf(stderr, "*** Handshake failed\n"); + gnutls_perror(ret); + goto end; + } else { + printf("- Handshake was completed\n"); + } + + if (t == 0) { /* the first time we connect */ + /* get the session data */ + CHECK(gnutls_session_get_data2(session, &sdata)); + } else { /* the second time we connect */ + + /* check if we actually resumed the previous session */ + if (gnutls_session_is_resumed(session) != 0) { + printf("- Previous session was resumed\n"); + } else { + fprintf(stderr, + "*** Previous session was NOT resumed\n"); + } + } + + LOOP_CHECK(ret, gnutls_record_send(session, MSG, strlen(MSG))); + + LOOP_CHECK(ret, gnutls_record_recv(session, buffer, MAX_BUF)); + if (ret == 0) { + printf("- Peer has closed the TLS connection\n"); + goto end; + } else if (ret < 0 && gnutls_error_is_fatal(ret) == 0) { + fprintf(stderr, "*** Warning: %s\n", + gnutls_strerror(ret)); + } else if (ret < 0) { + fprintf(stderr, "*** Error: %s\n", + gnutls_strerror(ret)); + goto end; + } + + if (ret > 0) { + printf("- Received %d bytes: ", ret); + for (ii = 0; ii < ret; ii++) { + fputc(buffer[ii], stdout); + } + fputs("\n", stdout); + } + + gnutls_bye(session, GNUTLS_SHUT_RDWR); + + end: + + tcp_close(sd); + + gnutls_deinit(session); + + } /* for() */ + + gnutls_certificate_free_credentials(xcred); + + gnutls_global_deinit(); + + return 0; +} diff --git a/doc/examples/ex-client-srp.c b/doc/examples/ex-client-srp.c new file mode 100644 index 0000000..e023289 --- /dev/null +++ b/doc/examples/ex-client-srp.c @@ -0,0 +1,128 @@ +/* This example code is placed in the public domain. */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include + +/* Those functions are defined in other examples. + */ +extern void check_alert(gnutls_session_t session, int ret); +extern int tcp_connect(void); +extern void tcp_close(int sd); + +#define MAX_BUF 1024 +#define USERNAME "user" +#define PASSWORD "pass" +#define CAFILE "/etc/ssl/certs/ca-certificates.crt" +#define MSG "GET / HTTP/1.0\r\n\r\n" + +int main(void) +{ + int ret; + int sd, ii; + gnutls_session_t session; + char buffer[MAX_BUF + 1]; + gnutls_srp_client_credentials_t srp_cred; + gnutls_certificate_credentials_t cert_cred; + + if (gnutls_check_version("3.1.4") == NULL) { + fprintf(stderr, "GnuTLS 3.1.4 or later is required for this example\n"); + exit(1); + } + + /* for backwards compatibility with gnutls < 3.3.0 */ + gnutls_global_init(); + + gnutls_srp_allocate_client_credentials(&srp_cred); + gnutls_certificate_allocate_credentials(&cert_cred); + + gnutls_certificate_set_x509_trust_file(cert_cred, CAFILE, + GNUTLS_X509_FMT_PEM); + gnutls_srp_set_client_credentials(srp_cred, USERNAME, PASSWORD); + + /* connects to server + */ + sd = tcp_connect(); + + /* Initialize TLS session + */ + gnutls_init(&session, GNUTLS_CLIENT); + + + /* Set the priorities. + */ + gnutls_priority_set_direct(session, + "NORMAL:+SRP:+SRP-RSA:+SRP-DSS", + NULL); + + /* put the SRP credentials to the current session + */ + gnutls_credentials_set(session, GNUTLS_CRD_SRP, srp_cred); + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, cert_cred); + + gnutls_transport_set_int(session, sd); + gnutls_handshake_set_timeout(session, + GNUTLS_DEFAULT_HANDSHAKE_TIMEOUT); + + /* Perform the TLS handshake + */ + do { + ret = gnutls_handshake(session); + } + while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + + if (ret < 0) { + fprintf(stderr, "*** Handshake failed\n"); + gnutls_perror(ret); + goto end; + } else { + char *desc; + + desc = gnutls_session_get_desc(session); + printf("- Session info: %s\n", desc); + gnutls_free(desc); + } + + gnutls_record_send(session, MSG, strlen(MSG)); + + ret = gnutls_record_recv(session, buffer, MAX_BUF); + if (gnutls_error_is_fatal(ret) != 0 || ret == 0) { + if (ret == 0) { + printf + ("- Peer has closed the GnuTLS connection\n"); + goto end; + } else { + fprintf(stderr, "*** Error: %s\n", + gnutls_strerror(ret)); + goto end; + } + } else + check_alert(session, ret); + + if (ret > 0) { + printf("- Received %d bytes: ", ret); + for (ii = 0; ii < ret; ii++) { + fputc(buffer[ii], stdout); + } + fputs("\n", stdout); + } + gnutls_bye(session, GNUTLS_SHUT_RDWR); + + end: + + tcp_close(sd); + + gnutls_deinit(session); + + gnutls_srp_free_client_credentials(srp_cred); + gnutls_certificate_free_credentials(cert_cred); + + gnutls_global_deinit(); + + return 0; +} diff --git a/doc/examples/ex-client-x509-3.1.c b/doc/examples/ex-client-x509-3.1.c new file mode 100644 index 0000000..bd7fd2f --- /dev/null +++ b/doc/examples/ex-client-x509-3.1.c @@ -0,0 +1,190 @@ +/* This example code is placed in the public domain. */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include +#include +#include "examples.h" + +/* A very basic TLS client, with X.509 authentication and server certificate + * verification utilizing the GnuTLS 3.1.x API. + * Note that error recovery is minimal for simplicity. + */ + +#define CHECK(x) assert((x)>=0) +#define LOOP_CHECK(rval, cmd) \ + do { \ + rval = cmd; \ + } while(rval == GNUTLS_E_AGAIN || rval == GNUTLS_E_INTERRUPTED); \ + assert(rval >= 0) + +#define MAX_BUF 1024 +#define CAFILE "/etc/ssl/certs/ca-certificates.crt" +#define MSG "GET / HTTP/1.0\r\n\r\n" + +extern int tcp_connect(void); +extern void tcp_close(int sd); +static int _verify_certificate_callback(gnutls_session_t session); + +int main(void) +{ + int ret, sd, ii; + gnutls_session_t session; + char buffer[MAX_BUF + 1]; + gnutls_certificate_credentials_t xcred; + + if (gnutls_check_version("3.1.4") == NULL) { + fprintf(stderr, "GnuTLS 3.1.4 or later is required for this example\n"); + exit(1); + } + + CHECK(gnutls_global_init()); + + /* X509 stuff */ + CHECK(gnutls_certificate_allocate_credentials(&xcred)); + + /* sets the trusted cas file + */ + CHECK(gnutls_certificate_set_x509_trust_file(xcred, CAFILE, + GNUTLS_X509_FMT_PEM)); + gnutls_certificate_set_verify_function(xcred, + _verify_certificate_callback); + + /* If client holds a certificate it can be set using the following: + * + gnutls_certificate_set_x509_key_file (xcred, + "cert.pem", "key.pem", + GNUTLS_X509_FMT_PEM); + */ + + /* Initialize TLS session + */ + CHECK(gnutls_init(&session, GNUTLS_CLIENT)); + + gnutls_session_set_ptr(session, (void *) "www.example.com"); + + gnutls_server_name_set(session, GNUTLS_NAME_DNS, "www.example.com", + strlen("www.example.com")); + + /* use default priorities */ + CHECK(gnutls_set_default_priority(session)); +#if 0 + /* if more fine-graned control is required */ + ret = gnutls_priority_set_direct(session, + "NORMAL", &err); + if (ret < 0) { + if (ret == GNUTLS_E_INVALID_REQUEST) { + fprintf(stderr, "Syntax error at: %s\n", err); + } + exit(1); + } +#endif + + /* put the x509 credentials to the current session + */ + CHECK(gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred)); + + /* connect to the peer + */ + sd = tcp_connect(); + + gnutls_transport_set_int(session, sd); + gnutls_handshake_set_timeout(session, + GNUTLS_DEFAULT_HANDSHAKE_TIMEOUT); + + /* Perform the TLS handshake + */ + do { + ret = gnutls_handshake(session); + } + while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + + if (ret < 0) { + fprintf(stderr, "*** Handshake failed\n"); + gnutls_perror(ret); + goto end; + } else { + char *desc; + + desc = gnutls_session_get_desc(session); + printf("- Session info: %s\n", desc); + gnutls_free(desc); + } + + LOOP_CHECK(ret, gnutls_record_send(session, MSG, strlen(MSG))); + + LOOP_CHECK(ret, gnutls_record_recv(session, buffer, MAX_BUF)); + if (ret == 0) { + printf("- Peer has closed the TLS connection\n"); + goto end; + } else if (ret < 0 && gnutls_error_is_fatal(ret) == 0) { + fprintf(stderr, "*** Warning: %s\n", gnutls_strerror(ret)); + } else if (ret < 0) { + fprintf(stderr, "*** Error: %s\n", gnutls_strerror(ret)); + goto end; + } + + if (ret > 0) { + printf("- Received %d bytes: ", ret); + for (ii = 0; ii < ret; ii++) { + fputc(buffer[ii], stdout); + } + fputs("\n", stdout); + } + + CHECK(gnutls_bye(session, GNUTLS_SHUT_RDWR)); + + end: + + tcp_close(sd); + + gnutls_deinit(session); + + gnutls_certificate_free_credentials(xcred); + + gnutls_global_deinit(); + + return 0; +} + +/* This function will verify the peer's certificate, and check + * if the hostname matches, as well as the activation, expiration dates. + */ +static int _verify_certificate_callback(gnutls_session_t session) +{ + unsigned int status; + int type; + const char *hostname; + gnutls_datum_t out; + + /* read hostname */ + hostname = gnutls_session_get_ptr(session); + + /* This verification function uses the trusted CAs in the credentials + * structure. So you must have installed one or more CA certificates. + */ + + CHECK(gnutls_certificate_verify_peers3(session, hostname, + &status)); + + type = gnutls_certificate_type_get(session); + + CHECK(gnutls_certificate_verification_status_print(status, type, + &out, 0)); + + printf("%s", out.data); + + gnutls_free(out.data); + + if (status != 0) /* Certificate is not trusted */ + return GNUTLS_E_CERTIFICATE_ERROR; + + /* notify gnutls to continue handshake normally */ + return 0; +} diff --git a/doc/examples/ex-client-x509.c b/doc/examples/ex-client-x509.c new file mode 100644 index 0000000..07abcf0 --- /dev/null +++ b/doc/examples/ex-client-x509.c @@ -0,0 +1,143 @@ +/* This example code is placed in the public domain. */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include +#include +#include "examples.h" + +/* A very basic TLS client, with X.509 authentication and server certificate + * verification. Note that error recovery is minimal for simplicity. + */ + +#define CHECK(x) assert((x)>=0) +#define LOOP_CHECK(rval, cmd) \ + do { \ + rval = cmd; \ + } while(rval == GNUTLS_E_AGAIN || rval == GNUTLS_E_INTERRUPTED); \ + assert(rval >= 0) + +#define MAX_BUF 1024 +#define MSG "GET / HTTP/1.0\r\n\r\n" + +extern int tcp_connect(void); +extern void tcp_close(int sd); + +int main(void) +{ + int ret, sd, ii; + gnutls_session_t session; + char buffer[MAX_BUF + 1], *desc; + gnutls_datum_t out; + int type; + unsigned status; + gnutls_certificate_credentials_t xcred; + + if (gnutls_check_version("3.4.6") == NULL) { + fprintf(stderr, "GnuTLS 3.4.6 or later is required for this example\n"); + exit(1); + } + + /* for backwards compatibility with gnutls < 3.3.0 */ + CHECK(gnutls_global_init()); + + /* X509 stuff */ + CHECK(gnutls_certificate_allocate_credentials(&xcred)); + + /* sets the system trusted CAs for Internet PKI */ + CHECK(gnutls_certificate_set_x509_system_trust(xcred)); + + /* If client holds a certificate it can be set using the following: + * + gnutls_certificate_set_x509_key_file (xcred, "cert.pem", "key.pem", + GNUTLS_X509_FMT_PEM); + */ + + /* Initialize TLS session */ + CHECK(gnutls_init(&session, GNUTLS_CLIENT)); + + CHECK(gnutls_server_name_set(session, GNUTLS_NAME_DNS, "www.example.com", + strlen("www.example.com"))); + + /* It is recommended to use the default priorities */ + CHECK(gnutls_set_default_priority(session)); + + /* put the x509 credentials to the current session + */ + CHECK(gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred)); + gnutls_session_set_verify_cert(session, "www.example.com", 0); + + /* connect to the peer + */ + sd = tcp_connect(); + + gnutls_transport_set_int(session, sd); + gnutls_handshake_set_timeout(session, + GNUTLS_DEFAULT_HANDSHAKE_TIMEOUT); + + /* Perform the TLS handshake + */ + do { + ret = gnutls_handshake(session); + } + while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + if (ret < 0) { + if (ret == GNUTLS_E_CERTIFICATE_VERIFICATION_ERROR) { + /* check certificate verification status */ + type = gnutls_certificate_type_get(session); + status = gnutls_session_get_verify_cert_status(session); + CHECK(gnutls_certificate_verification_status_print(status, + type, &out, 0)); + printf("cert verify output: %s\n", out.data); + gnutls_free(out.data); + } + fprintf(stderr, "*** Handshake failed: %s\n", gnutls_strerror(ret)); + goto end; + } else { + desc = gnutls_session_get_desc(session); + printf("- Session info: %s\n", desc); + gnutls_free(desc); + } + + /* send data */ + LOOP_CHECK(ret, gnutls_record_send(session, MSG, strlen(MSG))); + + LOOP_CHECK(ret, gnutls_record_recv(session, buffer, MAX_BUF)); + if (ret == 0) { + printf("- Peer has closed the TLS connection\n"); + goto end; + } else if (ret < 0 && gnutls_error_is_fatal(ret) == 0) { + fprintf(stderr, "*** Warning: %s\n", gnutls_strerror(ret)); + } else if (ret < 0) { + fprintf(stderr, "*** Error: %s\n", gnutls_strerror(ret)); + goto end; + } + + if (ret > 0) { + printf("- Received %d bytes: ", ret); + for (ii = 0; ii < ret; ii++) { + fputc(buffer[ii], stdout); + } + fputs("\n", stdout); + } + + CHECK(gnutls_bye(session, GNUTLS_SHUT_RDWR)); + + end: + + tcp_close(sd); + + gnutls_deinit(session); + + gnutls_certificate_free_credentials(xcred); + + gnutls_global_deinit(); + + return 0; +} diff --git a/doc/examples/ex-crq.c b/doc/examples/ex-crq.c new file mode 100644 index 0000000..08f47f6 --- /dev/null +++ b/doc/examples/ex-crq.c @@ -0,0 +1,91 @@ +/* This example code is placed in the public domain. */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include +#include +#include + +/* This example will generate a private key and a certificate + * request. + */ + +int main(void) +{ + gnutls_x509_crq_t crq; + gnutls_x509_privkey_t key; + unsigned char buffer[10 * 1024]; + size_t buffer_size = sizeof(buffer); + unsigned int bits; + + gnutls_global_init(); + + /* Initialize an empty certificate request, and + * an empty private key. + */ + gnutls_x509_crq_init(&crq); + + gnutls_x509_privkey_init(&key); + + /* Generate an RSA key of moderate security. + */ + bits = + gnutls_sec_param_to_pk_bits(GNUTLS_PK_RSA, + GNUTLS_SEC_PARAM_MEDIUM); + gnutls_x509_privkey_generate(key, GNUTLS_PK_RSA, bits, 0); + + /* Add stuff to the distinguished name + */ + gnutls_x509_crq_set_dn_by_oid(crq, GNUTLS_OID_X520_COUNTRY_NAME, + 0, "GR", 2); + + gnutls_x509_crq_set_dn_by_oid(crq, GNUTLS_OID_X520_COMMON_NAME, + 0, "Nikos", strlen("Nikos")); + + /* Set the request version. + */ + gnutls_x509_crq_set_version(crq, 1); + + /* Set a challenge password. + */ + gnutls_x509_crq_set_challenge_password(crq, + "something to remember here"); + + /* Associate the request with the private key + */ + gnutls_x509_crq_set_key(crq, key); + + /* Self sign the certificate request. + */ + gnutls_x509_crq_sign2(crq, key, GNUTLS_DIG_SHA1, 0); + + /* Export the PEM encoded certificate request, and + * display it. + */ + gnutls_x509_crq_export(crq, GNUTLS_X509_FMT_PEM, buffer, + &buffer_size); + + printf("Certificate Request: \n%s", buffer); + + + /* Export the PEM encoded private key, and + * display it. + */ + buffer_size = sizeof(buffer); + gnutls_x509_privkey_export(key, GNUTLS_X509_FMT_PEM, buffer, + &buffer_size); + + printf("\n\nPrivate key: \n%s", buffer); + + gnutls_x509_crq_deinit(crq); + gnutls_x509_privkey_deinit(key); + + return 0; + +} diff --git a/doc/examples/ex-cxx.cpp b/doc/examples/ex-cxx.cpp new file mode 100644 index 0000000..a03ea90 --- /dev/null +++ b/doc/examples/ex-cxx.cpp @@ -0,0 +1,97 @@ +#include +#include +#include +#include +#include +#include /* for strlen */ + +/* A very basic TLS client, with anonymous authentication. + * written by Eduardo Villanueva Che. + */ + +#define MAX_BUF 1024 +#define SA struct sockaddr + +#define CAFILE "ca.pem" +#define MSG "GET / HTTP/1.0\r\n\r\n" + +extern "C" +{ + int tcp_connect(void); + void tcp_close(int sd); +} + + +int main(void) +{ + int sd = -1; + gnutls_global_init(); + + try + { + + /* Allow connections to servers that have OpenPGP keys as well. + */ + gnutls::client_session session; + + /* X509 stuff */ + gnutls::certificate_credentials credentials; + + + /* sets the trusted cas file + */ + credentials.set_x509_trust_file(CAFILE, GNUTLS_X509_FMT_PEM); + /* put the x509 credentials to the current session + */ + session.set_credentials(credentials); + + /* Use default priorities */ + session.set_priority ("NORMAL", NULL); + + /* connect to the peer + */ + sd = tcp_connect(); + session.set_transport_ptr((gnutls_transport_ptr_t) (ptrdiff_t)sd); + + /* Perform the TLS handshake + */ + int ret = session.handshake(); + if (ret < 0) + { + throw std::runtime_error("Handshake failed"); + } + else + { + std::cout << "- Handshake was completed" << std::endl; + } + + session.send(MSG, strlen(MSG)); + char buffer[MAX_BUF + 1]; + ret = session.recv(buffer, MAX_BUF); + if (ret == 0) + { + throw std::runtime_error("Peer has closed the TLS connection"); + } + else if (ret < 0) + { + throw std::runtime_error(gnutls_strerror(ret)); + } + + std::cout << "- Received " << ret << " bytes:" << std::endl; + std::cout.write(buffer, ret); + std::cout << std::endl; + + session.bye(GNUTLS_SHUT_RDWR); + } + catch (std::exception &ex) + { + std::cerr << "Exception caught: " << ex.what() << std::endl; + } + + if (sd != -1) + tcp_close(sd); + + gnutls_global_deinit(); + + return 0; +} diff --git a/doc/examples/ex-ocsp-client.c b/doc/examples/ex-ocsp-client.c new file mode 100644 index 0000000..33eff67 --- /dev/null +++ b/doc/examples/ex-ocsp-client.c @@ -0,0 +1,317 @@ +/* This example code is placed in the public domain. */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include +#include +#ifndef NO_LIBCURL +#include +#endif +#include "read-file.h" + +size_t get_data(void *buffer, size_t size, size_t nmemb, void *userp); +static gnutls_x509_crt_t load_cert(const char *cert_file); +static void _response_info(const gnutls_datum_t * data); +static void +_generate_request(gnutls_datum_t * rdata, gnutls_x509_crt_t cert, + gnutls_x509_crt_t issuer, gnutls_datum_t *nonce); +static int +_verify_response(gnutls_datum_t * data, gnutls_x509_crt_t cert, + gnutls_x509_crt_t signer, gnutls_datum_t *nonce); + +/* This program queries an OCSP server. + It expects three files. argv[1] containing the certificate to + be checked, argv[2] holding the issuer for this certificate, + and argv[3] holding a trusted certificate to verify OCSP's response. + argv[4] is optional and should hold the server host name. + + For simplicity the libcurl library is used. + */ + +int main(int argc, char *argv[]) +{ + gnutls_datum_t ud, tmp; + int ret; + gnutls_datum_t req; + gnutls_x509_crt_t cert, issuer, signer; +#ifndef NO_LIBCURL + CURL *handle; + struct curl_slist *headers = NULL; +#endif + int v, seq; + const char *cert_file = argv[1]; + const char *issuer_file = argv[2]; + const char *signer_file = argv[3]; + char *hostname = NULL; + unsigned char noncebuf[23]; + gnutls_datum_t nonce = { noncebuf, sizeof(noncebuf) }; + + gnutls_global_init(); + + if (argc > 4) + hostname = argv[4]; + + ret = gnutls_rnd(GNUTLS_RND_NONCE, nonce.data, nonce.size); + if (ret < 0) + exit(1); + + cert = load_cert(cert_file); + issuer = load_cert(issuer_file); + signer = load_cert(signer_file); + + if (hostname == NULL) { + + for (seq = 0;; seq++) { + ret = + gnutls_x509_crt_get_authority_info_access(cert, + seq, + GNUTLS_IA_OCSP_URI, + &tmp, + NULL); + if (ret == GNUTLS_E_UNKNOWN_ALGORITHM) + continue; + if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) { + fprintf(stderr, + "No URI was found in the certificate.\n"); + exit(1); + } + if (ret < 0) { + fprintf(stderr, "error: %s\n", + gnutls_strerror(ret)); + exit(1); + } + + printf("CA issuers URI: %.*s\n", tmp.size, + tmp.data); + + hostname = malloc(tmp.size + 1); + memcpy(hostname, tmp.data, tmp.size); + hostname[tmp.size] = 0; + + gnutls_free(tmp.data); + break; + } + + } + + /* Note that the OCSP servers hostname might be available + * using gnutls_x509_crt_get_authority_info_access() in the issuer's + * certificate */ + + memset(&ud, 0, sizeof(ud)); + fprintf(stderr, "Connecting to %s\n", hostname); + + _generate_request(&req, cert, issuer, &nonce); + +#ifndef NO_LIBCURL + curl_global_init(CURL_GLOBAL_ALL); + + handle = curl_easy_init(); + if (handle == NULL) + exit(1); + + headers = + curl_slist_append(headers, + "Content-Type: application/ocsp-request"); + + curl_easy_setopt(handle, CURLOPT_HTTPHEADER, headers); + curl_easy_setopt(handle, CURLOPT_POSTFIELDS, (void *) req.data); + curl_easy_setopt(handle, CURLOPT_POSTFIELDSIZE, req.size); + curl_easy_setopt(handle, CURLOPT_URL, hostname); + curl_easy_setopt(handle, CURLOPT_WRITEFUNCTION, get_data); + curl_easy_setopt(handle, CURLOPT_WRITEDATA, &ud); + + ret = curl_easy_perform(handle); + if (ret != 0) { + fprintf(stderr, "curl[%d] error %d\n", __LINE__, ret); + exit(1); + } + + curl_easy_cleanup(handle); +#endif + + _response_info(&ud); + + v = _verify_response(&ud, cert, signer, &nonce); + + gnutls_x509_crt_deinit(cert); + gnutls_x509_crt_deinit(issuer); + gnutls_x509_crt_deinit(signer); + gnutls_global_deinit(); + + return v; +} + +static void _response_info(const gnutls_datum_t * data) +{ + gnutls_ocsp_resp_t resp; + int ret; + gnutls_datum buf; + + ret = gnutls_ocsp_resp_init(&resp); + if (ret < 0) + exit(1); + + ret = gnutls_ocsp_resp_import(resp, data); + if (ret < 0) + exit(1); + + ret = gnutls_ocsp_resp_print(resp, GNUTLS_OCSP_PRINT_FULL, &buf); + if (ret != 0) + exit(1); + + printf("%.*s", buf.size, buf.data); + gnutls_free(buf.data); + + gnutls_ocsp_resp_deinit(resp); +} + +static gnutls_x509_crt_t load_cert(const char *cert_file) +{ + gnutls_x509_crt_t crt; + int ret; + gnutls_datum_t data; + size_t size; + + ret = gnutls_x509_crt_init(&crt); + if (ret < 0) + exit(1); + + data.data = (void *) read_binary_file(cert_file, &size); + data.size = size; + + if (!data.data) { + fprintf(stderr, "Cannot open file: %s\n", cert_file); + exit(1); + } + + ret = gnutls_x509_crt_import(crt, &data, GNUTLS_X509_FMT_PEM); + free(data.data); + if (ret < 0) { + fprintf(stderr, "Cannot import certificate in %s: %s\n", + cert_file, gnutls_strerror(ret)); + exit(1); + } + + return crt; +} + +static void +_generate_request(gnutls_datum_t * rdata, gnutls_x509_crt_t cert, + gnutls_x509_crt_t issuer, gnutls_datum_t *nonce) +{ + gnutls_ocsp_req_t req; + int ret; + + ret = gnutls_ocsp_req_init(&req); + if (ret < 0) + exit(1); + + ret = gnutls_ocsp_req_add_cert(req, GNUTLS_DIG_SHA1, issuer, cert); + if (ret < 0) + exit(1); + + + ret = gnutls_ocsp_req_set_nonce(req, 0, nonce); + if (ret < 0) + exit(1); + + ret = gnutls_ocsp_req_export(req, rdata); + if (ret != 0) + exit(1); + + gnutls_ocsp_req_deinit(req); + + return; +} + +static int +_verify_response(gnutls_datum_t * data, gnutls_x509_crt_t cert, + gnutls_x509_crt_t signer, gnutls_datum_t *nonce) +{ + gnutls_ocsp_resp_t resp; + int ret; + unsigned verify; + gnutls_datum_t rnonce; + + ret = gnutls_ocsp_resp_init(&resp); + if (ret < 0) + exit(1); + + ret = gnutls_ocsp_resp_import(resp, data); + if (ret < 0) + exit(1); + + ret = gnutls_ocsp_resp_check_crt(resp, 0, cert); + if (ret < 0) + exit(1); + + ret = gnutls_ocsp_resp_get_nonce(resp, NULL, &rnonce); + if (ret < 0) + exit(1); + + if (rnonce.size != nonce->size || memcmp(nonce->data, rnonce.data, + nonce->size) != 0) { + exit(1); + } + + ret = gnutls_ocsp_resp_verify_direct(resp, signer, &verify, 0); + if (ret < 0) + exit(1); + + printf("Verifying OCSP Response: "); + if (verify == 0) + printf("Verification success!\n"); + else + printf("Verification error!\n"); + + if (verify & GNUTLS_OCSP_VERIFY_SIGNER_NOT_FOUND) + printf("Signer cert not found\n"); + + if (verify & GNUTLS_OCSP_VERIFY_SIGNER_KEYUSAGE_ERROR) + printf("Signer cert keyusage error\n"); + + if (verify & GNUTLS_OCSP_VERIFY_UNTRUSTED_SIGNER) + printf("Signer cert is not trusted\n"); + + if (verify & GNUTLS_OCSP_VERIFY_INSECURE_ALGORITHM) + printf("Insecure algorithm\n"); + + if (verify & GNUTLS_OCSP_VERIFY_SIGNATURE_FAILURE) + printf("Signature failure\n"); + + if (verify & GNUTLS_OCSP_VERIFY_CERT_NOT_ACTIVATED) + printf("Signer cert not yet activated\n"); + + if (verify & GNUTLS_OCSP_VERIFY_CERT_EXPIRED) + printf("Signer cert expired\n"); + + gnutls_free(rnonce.data); + gnutls_ocsp_resp_deinit(resp); + + return verify; +} + +size_t get_data(void *buffer, size_t size, size_t nmemb, void *userp) +{ + gnutls_datum_t *ud = userp; + + size *= nmemb; + + ud->data = realloc(ud->data, size + ud->size); + if (ud->data == NULL) { + fprintf(stderr, "Not enough memory for the request\n"); + exit(1); + } + + memcpy(&ud->data[ud->size], buffer, size); + ud->size += size; + + return size; +} diff --git a/doc/examples/ex-pkcs11-list.c b/doc/examples/ex-pkcs11-list.c new file mode 100644 index 0000000..7f1d459 --- /dev/null +++ b/doc/examples/ex-pkcs11-list.c @@ -0,0 +1,46 @@ +/* This example code is placed in the public domain. */ + +#include +#include +#include +#include +#include + +#define URL "pkcs11:URL" + +int main(int argc, char **argv) +{ + gnutls_pkcs11_obj_t *obj_list; + gnutls_x509_crt_t xcrt; + unsigned int obj_list_size = 0; + gnutls_datum_t cinfo; + int ret; + unsigned int i; + + ret = gnutls_pkcs11_obj_list_import_url4(&obj_list, &obj_list_size, URL, + GNUTLS_PKCS11_OBJ_FLAG_CRT| + GNUTLS_PKCS11_OBJ_FLAG_WITH_PRIVKEY); + if (ret < 0) + return -1; + + /* now all certificates are in obj_list */ + for (i = 0; i < obj_list_size; i++) { + + gnutls_x509_crt_init(&xcrt); + + gnutls_x509_crt_import_pkcs11(xcrt, obj_list[i]); + + gnutls_x509_crt_print(xcrt, GNUTLS_CRT_PRINT_FULL, &cinfo); + + fprintf(stdout, "cert[%d]:\n %s\n\n", i, cinfo.data); + + gnutls_free(cinfo.data); + gnutls_x509_crt_deinit(xcrt); + } + + for (i = 0; i < obj_list_size; i++) + gnutls_pkcs11_obj_deinit(obj_list[i]); + gnutls_free(obj_list); + + return 0; +} diff --git a/doc/examples/ex-pkcs12.c b/doc/examples/ex-pkcs12.c new file mode 100644 index 0000000..7890518 --- /dev/null +++ b/doc/examples/ex-pkcs12.c @@ -0,0 +1,132 @@ +/* This example code is placed in the public domain. */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include + +#include "examples.h" + +#define OUTFILE "out.p12" + +/* This function will write a pkcs12 structure into a file. + * cert: is a DER encoded certificate + * pkcs8_key: is a PKCS #8 encrypted key (note that this must be + * encrypted using a PKCS #12 cipher, or some browsers will crash) + * password: is the password used to encrypt the PKCS #12 packet. + */ +int +write_pkcs12(const gnutls_datum_t * cert, + const gnutls_datum_t * pkcs8_key, const char *password) +{ + gnutls_pkcs12_t pkcs12; + int ret, bag_index; + gnutls_pkcs12_bag_t bag, key_bag; + char pkcs12_struct[10 * 1024]; + size_t pkcs12_struct_size; + FILE *fd; + + /* A good idea might be to use gnutls_x509_privkey_get_key_id() + * to obtain a unique ID. + */ + gnutls_datum_t key_id = { (void *) "\x00\x00\x07", 3 }; + + gnutls_global_init(); + + /* Firstly we create two helper bags, which hold the certificate, + * and the (encrypted) key. + */ + + gnutls_pkcs12_bag_init(&bag); + gnutls_pkcs12_bag_init(&key_bag); + + ret = + gnutls_pkcs12_bag_set_data(bag, GNUTLS_BAG_CERTIFICATE, cert); + if (ret < 0) { + fprintf(stderr, "ret: %s\n", gnutls_strerror(ret)); + return 1; + } + + /* ret now holds the bag's index. + */ + bag_index = ret; + + /* Associate a friendly name with the given certificate. Used + * by browsers. + */ + gnutls_pkcs12_bag_set_friendly_name(bag, bag_index, "My name"); + + /* Associate the certificate with the key using a unique key + * ID. + */ + gnutls_pkcs12_bag_set_key_id(bag, bag_index, &key_id); + + /* use weak encryption for the certificate. + */ + gnutls_pkcs12_bag_encrypt(bag, password, + GNUTLS_PKCS_USE_PKCS12_RC2_40); + + /* Now the key. + */ + + ret = gnutls_pkcs12_bag_set_data(key_bag, + GNUTLS_BAG_PKCS8_ENCRYPTED_KEY, + pkcs8_key); + if (ret < 0) { + fprintf(stderr, "ret: %s\n", gnutls_strerror(ret)); + return 1; + } + + /* Note that since the PKCS #8 key is already encrypted we don't + * bother encrypting that bag. + */ + bag_index = ret; + + gnutls_pkcs12_bag_set_friendly_name(key_bag, bag_index, "My name"); + + gnutls_pkcs12_bag_set_key_id(key_bag, bag_index, &key_id); + + + /* The bags were filled. Now create the PKCS #12 structure. + */ + gnutls_pkcs12_init(&pkcs12); + + /* Insert the two bags in the PKCS #12 structure. + */ + + gnutls_pkcs12_set_bag(pkcs12, bag); + gnutls_pkcs12_set_bag(pkcs12, key_bag); + + + /* Generate a message authentication code for the PKCS #12 + * structure. + */ + gnutls_pkcs12_generate_mac(pkcs12, password); + + pkcs12_struct_size = sizeof(pkcs12_struct); + ret = + gnutls_pkcs12_export(pkcs12, GNUTLS_X509_FMT_DER, + pkcs12_struct, &pkcs12_struct_size); + if (ret < 0) { + fprintf(stderr, "ret: %s\n", gnutls_strerror(ret)); + return 1; + } + + fd = fopen(OUTFILE, "w"); + if (fd == NULL) { + fprintf(stderr, "cannot open file\n"); + return 1; + } + fwrite(pkcs12_struct, 1, pkcs12_struct_size, fd); + fclose(fd); + + gnutls_pkcs12_bag_deinit(bag); + gnutls_pkcs12_bag_deinit(key_bag); + gnutls_pkcs12_deinit(pkcs12); + + return 0; +} diff --git a/doc/examples/ex-serv-anon.c b/doc/examples/ex-serv-anon.c new file mode 100644 index 0000000..51e3be4 --- /dev/null +++ b/doc/examples/ex-serv-anon.c @@ -0,0 +1,146 @@ +/* This example code is placed in the public domain. */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +/* This is a sample TLS 1.0 echo server, for anonymous authentication only. + */ + + +#define SOCKET_ERR(err,s) if(err==-1) {perror(s);return(1);} +#define MAX_BUF 1024 +#define PORT 5556 /* listen to 5556 port */ + +int main(void) +{ + int err, listen_sd; + int sd, ret; + struct sockaddr_in sa_serv; + struct sockaddr_in sa_cli; + socklen_t client_len; + char topbuf[512]; + gnutls_session_t session; + gnutls_anon_server_credentials_t anoncred; + char buffer[MAX_BUF + 1]; + int optval = 1; + + if (gnutls_check_version("3.1.4") == NULL) { + fprintf(stderr, "GnuTLS 3.1.4 or later is required for this example\n"); + exit(1); + } + + /* for backwards compatibility with gnutls < 3.3.0 */ + gnutls_global_init(); + + gnutls_anon_allocate_server_credentials(&anoncred); + + gnutls_anon_set_server_known_dh_params(anoncred, GNUTLS_SEC_PARAM_MEDIUM); + + /* Socket operations + */ + listen_sd = socket(AF_INET, SOCK_STREAM, 0); + SOCKET_ERR(listen_sd, "socket"); + + memset(&sa_serv, '\0', sizeof(sa_serv)); + sa_serv.sin_family = AF_INET; + sa_serv.sin_addr.s_addr = INADDR_ANY; + sa_serv.sin_port = htons(PORT); /* Server Port number */ + + setsockopt(listen_sd, SOL_SOCKET, SO_REUSEADDR, (void *) &optval, + sizeof(int)); + + err = + bind(listen_sd, (struct sockaddr *) &sa_serv, sizeof(sa_serv)); + SOCKET_ERR(err, "bind"); + err = listen(listen_sd, 1024); + SOCKET_ERR(err, "listen"); + + printf("Server ready. Listening to port '%d'.\n\n", PORT); + + client_len = sizeof(sa_cli); + for (;;) { + gnutls_init(&session, GNUTLS_SERVER); + gnutls_priority_set_direct(session, + "NORMAL:+ANON-ECDH:+ANON-DH", + NULL); + gnutls_credentials_set(session, GNUTLS_CRD_ANON, anoncred); + + sd = accept(listen_sd, (struct sockaddr *) &sa_cli, + &client_len); + + printf("- connection from %s, port %d\n", + inet_ntop(AF_INET, &sa_cli.sin_addr, topbuf, + sizeof(topbuf)), ntohs(sa_cli.sin_port)); + + gnutls_transport_set_int(session, sd); + + do { + ret = gnutls_handshake(session); + } + while (ret < 0 && gnutls_error_is_fatal(ret) == 0); + + if (ret < 0) { + close(sd); + gnutls_deinit(session); + fprintf(stderr, + "*** Handshake has failed (%s)\n\n", + gnutls_strerror(ret)); + continue; + } + printf("- Handshake was completed\n"); + + /* see the Getting peer's information example */ + /* print_info(session); */ + + for (;;) { + ret = gnutls_record_recv(session, buffer, MAX_BUF); + + if (ret == 0) { + printf + ("\n- Peer has closed the GnuTLS connection\n"); + break; + } else if (ret < 0 + && gnutls_error_is_fatal(ret) == 0) { + fprintf(stderr, "*** Warning: %s\n", + gnutls_strerror(ret)); + } else if (ret < 0) { + fprintf(stderr, "\n*** Received corrupted " + "data(%d). Closing the connection.\n\n", + ret); + break; + } else if (ret > 0) { + /* echo data back to the client + */ + gnutls_record_send(session, buffer, ret); + } + } + printf("\n"); + /* do not wait for the peer to close the connection. + */ + gnutls_bye(session, GNUTLS_SHUT_WR); + + close(sd); + gnutls_deinit(session); + + } + close(listen_sd); + + gnutls_anon_free_server_credentials(anoncred); + + gnutls_global_deinit(); + + return 0; + +} diff --git a/doc/examples/ex-serv-dtls.c b/doc/examples/ex-serv-dtls.c new file mode 100644 index 0000000..7374d96 --- /dev/null +++ b/doc/examples/ex-serv-dtls.c @@ -0,0 +1,417 @@ +/* This example code is placed in the public domain. */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#define KEYFILE "key.pem" +#define CERTFILE "cert.pem" +#define CAFILE "/etc/ssl/certs/ca-certificates.crt" +#define CRLFILE "crl.pem" + +/* This is a sample DTLS echo server, using X.509 authentication. + * Note that error checking is minimal to simplify the example. + */ + +#define LOOP_CHECK(rval, cmd) \ + do { \ + rval = cmd; \ + } while(rval == GNUTLS_E_AGAIN || rval == GNUTLS_E_INTERRUPTED) + +#define MAX_BUFFER 1024 +#define PORT 5557 + +typedef struct { + gnutls_session_t session; + int fd; + struct sockaddr *cli_addr; + socklen_t cli_addr_size; +} priv_data_st; + +static int pull_timeout_func(gnutls_transport_ptr_t ptr, unsigned int ms); +static ssize_t push_func(gnutls_transport_ptr_t p, const void *data, + size_t size); +static ssize_t pull_func(gnutls_transport_ptr_t p, void *data, + size_t size); +static const char *human_addr(const struct sockaddr *sa, socklen_t salen, + char *buf, size_t buflen); +static int wait_for_connection(int fd); + +/* Use global credentials and parameters to simplify + * the example. */ +static gnutls_certificate_credentials_t x509_cred; +static gnutls_priority_t priority_cache; + +int main(void) +{ + int listen_sd; + int sock, ret; + struct sockaddr_in sa_serv; + struct sockaddr_in cli_addr; + socklen_t cli_addr_size; + gnutls_session_t session; + char buffer[MAX_BUFFER]; + priv_data_st priv; + gnutls_datum_t cookie_key; + gnutls_dtls_prestate_st prestate; + int mtu = 1400; + unsigned char sequence[8]; + + /* this must be called once in the program + */ + gnutls_global_init(); + + gnutls_certificate_allocate_credentials(&x509_cred); + gnutls_certificate_set_x509_trust_file(x509_cred, CAFILE, + GNUTLS_X509_FMT_PEM); + + gnutls_certificate_set_x509_crl_file(x509_cred, CRLFILE, + GNUTLS_X509_FMT_PEM); + + ret = + gnutls_certificate_set_x509_key_file(x509_cred, CERTFILE, + KEYFILE, + GNUTLS_X509_FMT_PEM); + if (ret < 0) { + printf("No certificate or key were found\n"); + exit(1); + } + + gnutls_certificate_set_known_dh_params(x509_cred, GNUTLS_SEC_PARAM_MEDIUM); + + /* pre-3.6.3 equivalent: + * gnutls_priority_init(&priority_cache, + * "NORMAL:-VERS-TLS-ALL:+VERS-DTLS1.0:%SERVER_PRECEDENCE", + * NULL); + */ + gnutls_priority_init2(&priority_cache, + "%SERVER_PRECEDENCE", + NULL, GNUTLS_PRIORITY_INIT_DEF_APPEND); + + gnutls_key_generate(&cookie_key, GNUTLS_COOKIE_KEY_SIZE); + + /* Socket operations + */ + listen_sd = socket(AF_INET, SOCK_DGRAM, 0); + + memset(&sa_serv, '\0', sizeof(sa_serv)); + sa_serv.sin_family = AF_INET; + sa_serv.sin_addr.s_addr = INADDR_ANY; + sa_serv.sin_port = htons(PORT); + + { /* DTLS requires the IP don't fragment (DF) bit to be set */ +#if defined(IP_DONTFRAG) + int optval = 1; + setsockopt(listen_sd, IPPROTO_IP, IP_DONTFRAG, + (const void *) &optval, sizeof(optval)); +#elif defined(IP_MTU_DISCOVER) + int optval = IP_PMTUDISC_DO; + setsockopt(listen_sd, IPPROTO_IP, IP_MTU_DISCOVER, + (const void *) &optval, sizeof(optval)); +#endif + } + + bind(listen_sd, (struct sockaddr *) &sa_serv, sizeof(sa_serv)); + + printf("UDP server ready. Listening to port '%d'.\n\n", PORT); + + for (;;) { + printf("Waiting for connection...\n"); + sock = wait_for_connection(listen_sd); + if (sock < 0) + continue; + + cli_addr_size = sizeof(cli_addr); + ret = recvfrom(sock, buffer, sizeof(buffer), MSG_PEEK, + (struct sockaddr *) &cli_addr, + &cli_addr_size); + if (ret > 0) { + memset(&prestate, 0, sizeof(prestate)); + ret = + gnutls_dtls_cookie_verify(&cookie_key, + &cli_addr, + sizeof(cli_addr), + buffer, ret, + &prestate); + if (ret < 0) { /* cookie not valid */ + priv_data_st s; + + memset(&s, 0, sizeof(s)); + s.fd = sock; + s.cli_addr = (void *) &cli_addr; + s.cli_addr_size = sizeof(cli_addr); + + printf + ("Sending hello verify request to %s\n", + human_addr((struct sockaddr *) + &cli_addr, + sizeof(cli_addr), buffer, + sizeof(buffer))); + + gnutls_dtls_cookie_send(&cookie_key, + &cli_addr, + sizeof(cli_addr), + &prestate, + (gnutls_transport_ptr_t) + & s, push_func); + + /* discard peeked data */ + recvfrom(sock, buffer, sizeof(buffer), 0, + (struct sockaddr *) &cli_addr, + &cli_addr_size); + usleep(100); + continue; + } + printf("Accepted connection from %s\n", + human_addr((struct sockaddr *) + &cli_addr, sizeof(cli_addr), + buffer, sizeof(buffer))); + } else + continue; + + gnutls_init(&session, GNUTLS_SERVER | GNUTLS_DATAGRAM); + gnutls_priority_set(session, priority_cache); + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, + x509_cred); + + gnutls_dtls_prestate_set(session, &prestate); + gnutls_dtls_set_mtu(session, mtu); + + priv.session = session; + priv.fd = sock; + priv.cli_addr = (struct sockaddr *) &cli_addr; + priv.cli_addr_size = sizeof(cli_addr); + + gnutls_transport_set_ptr(session, &priv); + gnutls_transport_set_push_function(session, push_func); + gnutls_transport_set_pull_function(session, pull_func); + gnutls_transport_set_pull_timeout_function(session, + pull_timeout_func); + + LOOP_CHECK(ret, gnutls_handshake(session)); + /* Note that DTLS may also receive GNUTLS_E_LARGE_PACKET. + * In that case the MTU should be adjusted. + */ + + if (ret < 0) { + fprintf(stderr, "Error in handshake(): %s\n", + gnutls_strerror(ret)); + gnutls_deinit(session); + continue; + } + + printf("- Handshake was completed\n"); + + for (;;) { + LOOP_CHECK(ret, + gnutls_record_recv_seq(session, buffer, + MAX_BUFFER, + sequence)); + + if (ret < 0 && gnutls_error_is_fatal(ret) == 0) { + fprintf(stderr, "*** Warning: %s\n", + gnutls_strerror(ret)); + continue; + } else if (ret < 0) { + fprintf(stderr, "Error in recv(): %s\n", + gnutls_strerror(ret)); + break; + } + + if (ret == 0) { + printf("EOF\n\n"); + break; + } + + buffer[ret] = 0; + printf + ("received[%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x]: %s\n", + sequence[0], sequence[1], sequence[2], + sequence[3], sequence[4], sequence[5], + sequence[6], sequence[7], buffer); + + /* reply back */ + LOOP_CHECK(ret, gnutls_record_send(session, buffer, ret)); + if (ret < 0) { + fprintf(stderr, "Error in send(): %s\n", + gnutls_strerror(ret)); + break; + } + } + + LOOP_CHECK(ret, gnutls_bye(session, GNUTLS_SHUT_WR)); + gnutls_deinit(session); + + } + close(listen_sd); + + gnutls_certificate_free_credentials(x509_cred); + gnutls_priority_deinit(priority_cache); + + gnutls_global_deinit(); + + return 0; + +} + +static int wait_for_connection(int fd) +{ + fd_set rd, wr; + int n; + + FD_ZERO(&rd); + FD_ZERO(&wr); + + FD_SET(fd, &rd); + + /* waiting part */ + n = select(fd + 1, &rd, &wr, NULL, NULL); + if (n == -1 && errno == EINTR) + return -1; + if (n < 0) { + perror("select()"); + exit(1); + } + + return fd; +} + +/* Wait for data to be received within a timeout period in milliseconds + */ +static int pull_timeout_func(gnutls_transport_ptr_t ptr, unsigned int ms) +{ + fd_set rfds; + struct timeval tv; + priv_data_st *priv = ptr; + struct sockaddr_in cli_addr; + socklen_t cli_addr_size; + int ret; + char c; + + FD_ZERO(&rfds); + FD_SET(priv->fd, &rfds); + + tv.tv_sec = ms / 1000; + tv.tv_usec = (ms % 1000) * 1000; + + ret = select(priv->fd + 1, &rfds, NULL, NULL, &tv); + + if (ret <= 0) + return ret; + + /* only report ok if the next message is from the peer we expect + * from + */ + cli_addr_size = sizeof(cli_addr); + ret = + recvfrom(priv->fd, &c, 1, MSG_PEEK, + (struct sockaddr *) &cli_addr, &cli_addr_size); + if (ret > 0) { + if (cli_addr_size == priv->cli_addr_size + && memcmp(&cli_addr, priv->cli_addr, + sizeof(cli_addr)) == 0) + return 1; + } + + return 0; +} + +static ssize_t +push_func(gnutls_transport_ptr_t p, const void *data, size_t size) +{ + priv_data_st *priv = p; + + return sendto(priv->fd, data, size, 0, priv->cli_addr, + priv->cli_addr_size); +} + +static ssize_t pull_func(gnutls_transport_ptr_t p, void *data, size_t size) +{ + priv_data_st *priv = p; + struct sockaddr_in cli_addr; + socklen_t cli_addr_size; + char buffer[64]; + int ret; + + cli_addr_size = sizeof(cli_addr); + ret = + recvfrom(priv->fd, data, size, 0, + (struct sockaddr *) &cli_addr, &cli_addr_size); + if (ret == -1) + return ret; + + if (cli_addr_size == priv->cli_addr_size + && memcmp(&cli_addr, priv->cli_addr, sizeof(cli_addr)) == 0) + return ret; + + printf("Denied connection from %s\n", + human_addr((struct sockaddr *) + &cli_addr, sizeof(cli_addr), buffer, + sizeof(buffer))); + + gnutls_transport_set_errno(priv->session, EAGAIN); + return -1; +} + +static const char *human_addr(const struct sockaddr *sa, socklen_t salen, + char *buf, size_t buflen) +{ + const char *save_buf = buf; + size_t l; + + if (!buf || !buflen) + return NULL; + + *buf = '\0'; + + switch (sa->sa_family) { +#if HAVE_IPV6 + case AF_INET6: + snprintf(buf, buflen, "IPv6 "); + break; +#endif + + case AF_INET: + snprintf(buf, buflen, "IPv4 "); + break; + } + + l = strlen(buf); + buf += l; + buflen -= l; + + if (getnameinfo(sa, salen, buf, buflen, NULL, 0, NI_NUMERICHOST) != + 0) + return NULL; + + l = strlen(buf); + buf += l; + buflen -= l; + + strncat(buf, " port ", buflen); + + l = strlen(buf); + buf += l; + buflen -= l; + + if (getnameinfo(sa, salen, NULL, 0, buf, buflen, NI_NUMERICSERV) != + 0) + return NULL; + + return save_buf; +} + diff --git a/doc/examples/ex-serv-psk.c b/doc/examples/ex-serv-psk.c new file mode 100644 index 0000000..b6d5d11 --- /dev/null +++ b/doc/examples/ex-serv-psk.c @@ -0,0 +1,203 @@ +/* This example code is placed in the public domain. */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#define KEYFILE "key.pem" +#define CERTFILE "cert.pem" +#define CAFILE "/etc/ssl/certs/ca-certificates.crt" +#define CRLFILE "crl.pem" + +#define LOOP_CHECK(rval, cmd) \ + do { \ + rval = cmd; \ + } while(rval == GNUTLS_E_AGAIN || rval == GNUTLS_E_INTERRUPTED) + +/* This is a sample TLS echo server, supporting X.509 and PSK + authentication. + */ + +#define SOCKET_ERR(err,s) if(err==-1) {perror(s);return(1);} +#define MAX_BUF 1024 +#define PORT 5556 /* listen to 5556 port */ + +static int +pskfunc(gnutls_session_t session, const char *username, + gnutls_datum_t * key) +{ + printf("psk: username %s\n", username); + key->data = gnutls_malloc(4); + key->data[0] = 0xDE; + key->data[1] = 0xAD; + key->data[2] = 0xBE; + key->data[3] = 0xEF; + key->size = 4; + return 0; +} + +int main(void) +{ + int err, listen_sd; + int sd, ret; + struct sockaddr_in sa_serv; + struct sockaddr_in sa_cli; + socklen_t client_len; + char topbuf[512]; + gnutls_session_t session; + gnutls_certificate_credentials_t x509_cred; + gnutls_psk_server_credentials_t psk_cred; + gnutls_priority_t priority_cache; + char buffer[MAX_BUF + 1]; + int optval = 1; + int kx; + + if (gnutls_check_version("3.1.4") == NULL) { + fprintf(stderr, "GnuTLS 3.1.4 or later is required for this example\n"); + exit(1); + } + + /* for backwards compatibility with gnutls < 3.3.0 */ + gnutls_global_init(); + + gnutls_certificate_allocate_credentials(&x509_cred); + gnutls_certificate_set_x509_trust_file(x509_cred, CAFILE, + GNUTLS_X509_FMT_PEM); + + gnutls_certificate_set_x509_crl_file(x509_cred, CRLFILE, + GNUTLS_X509_FMT_PEM); + + gnutls_certificate_set_x509_key_file(x509_cred, CERTFILE, KEYFILE, + GNUTLS_X509_FMT_PEM); + + gnutls_psk_allocate_server_credentials(&psk_cred); + gnutls_psk_set_server_credentials_function(psk_cred, pskfunc); + + /* pre-3.6.3 equivalent: + * gnutls_priority_init(&priority_cache, + * "NORMAL:+PSK:+ECDHE-PSK:+DHE-PSK", + * NULL); + */ + gnutls_priority_init2(&priority_cache, + "+ECDHE-PSK:+DHE-PSK:+PSK", + NULL, GNUTLS_PRIORITY_INIT_DEF_APPEND); + + gnutls_certificate_set_known_dh_params(x509_cred, GNUTLS_SEC_PARAM_MEDIUM); + + /* Socket operations + */ + listen_sd = socket(AF_INET, SOCK_STREAM, 0); + SOCKET_ERR(listen_sd, "socket"); + + memset(&sa_serv, '\0', sizeof(sa_serv)); + sa_serv.sin_family = AF_INET; + sa_serv.sin_addr.s_addr = INADDR_ANY; + sa_serv.sin_port = htons(PORT); /* Server Port number */ + + setsockopt(listen_sd, SOL_SOCKET, SO_REUSEADDR, (void *) &optval, + sizeof(int)); + + err = + bind(listen_sd, (struct sockaddr *) &sa_serv, sizeof(sa_serv)); + SOCKET_ERR(err, "bind"); + err = listen(listen_sd, 1024); + SOCKET_ERR(err, "listen"); + + printf("Server ready. Listening to port '%d'.\n\n", PORT); + + client_len = sizeof(sa_cli); + for (;;) { + gnutls_init(&session, GNUTLS_SERVER); + gnutls_priority_set(session, priority_cache); + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, + x509_cred); + gnutls_credentials_set(session, GNUTLS_CRD_PSK, psk_cred); + + /* request client certificate if any. + */ + gnutls_certificate_server_set_request(session, + GNUTLS_CERT_REQUEST); + + sd = accept(listen_sd, (struct sockaddr *) &sa_cli, + &client_len); + + printf("- connection from %s, port %d\n", + inet_ntop(AF_INET, &sa_cli.sin_addr, topbuf, + sizeof(topbuf)), ntohs(sa_cli.sin_port)); + + gnutls_transport_set_int(session, sd); + LOOP_CHECK(ret, gnutls_handshake(session)); + if (ret < 0) { + close(sd); + gnutls_deinit(session); + fprintf(stderr, + "*** Handshake has failed (%s)\n\n", + gnutls_strerror(ret)); + continue; + } + printf("- Handshake was completed\n"); + + kx = gnutls_kx_get(session); + if (kx == GNUTLS_KX_PSK || kx == GNUTLS_KX_DHE_PSK || + kx == GNUTLS_KX_ECDHE_PSK) { + printf("- User %s was connected\n", + gnutls_psk_server_get_username(session)); + } + + /* see the Getting peer's information example */ + /* print_info(session); */ + + for (;;) { + LOOP_CHECK(ret, gnutls_record_recv(session, buffer, MAX_BUF)); + + if (ret == 0) { + printf + ("\n- Peer has closed the GnuTLS connection\n"); + break; + } else if (ret < 0 + && gnutls_error_is_fatal(ret) == 0) { + fprintf(stderr, "*** Warning: %s\n", + gnutls_strerror(ret)); + } else if (ret < 0) { + fprintf(stderr, "\n*** Received corrupted " + "data(%d). Closing the connection.\n\n", + ret); + break; + } else if (ret > 0) { + /* echo data back to the client + */ + gnutls_record_send(session, buffer, ret); + } + } + printf("\n"); + /* do not wait for the peer to close the connection. + */ + LOOP_CHECK(ret, gnutls_bye(session, GNUTLS_SHUT_WR)); + + close(sd); + gnutls_deinit(session); + + } + close(listen_sd); + + gnutls_certificate_free_credentials(x509_cred); + gnutls_psk_free_server_credentials(psk_cred); + + gnutls_priority_deinit(priority_cache); + + gnutls_global_deinit(); + + return 0; + +} diff --git a/doc/examples/ex-serv-srp.c b/doc/examples/ex-serv-srp.c new file mode 100644 index 0000000..7686a8f --- /dev/null +++ b/doc/examples/ex-serv-srp.c @@ -0,0 +1,179 @@ +/* This example code is placed in the public domain. */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#define SRP_PASSWD "tpasswd" +#define SRP_PASSWD_CONF "tpasswd.conf" + +#define KEYFILE "key.pem" +#define CERTFILE "cert.pem" +#define CAFILE "/etc/ssl/certs/ca-certificates.crt" + +#define LOOP_CHECK(rval, cmd) \ + do { \ + rval = cmd; \ + } while(rval == GNUTLS_E_AGAIN || rval == GNUTLS_E_INTERRUPTED) + +/* This is a sample TLS-SRP echo server. + */ + +#define SOCKET_ERR(err,s) if(err==-1) {perror(s);return(1);} +#define MAX_BUF 1024 +#define PORT 5556 /* listen to 5556 port */ + +int main(void) +{ + int err, listen_sd; + int sd, ret; + struct sockaddr_in sa_serv; + struct sockaddr_in sa_cli; + socklen_t client_len; + char topbuf[512]; + gnutls_session_t session; + gnutls_srp_server_credentials_t srp_cred; + gnutls_certificate_credentials_t cert_cred; + char buffer[MAX_BUF + 1]; + int optval = 1; + char name[256]; + + strcpy(name, "Echo Server"); + + if (gnutls_check_version("3.1.4") == NULL) { + fprintf(stderr, "GnuTLS 3.1.4 or later is required for this example\n"); + exit(1); + } + + /* for backwards compatibility with gnutls < 3.3.0 */ + gnutls_global_init(); + + /* SRP_PASSWD a password file (created with the included srptool utility) + */ + gnutls_srp_allocate_server_credentials(&srp_cred); + gnutls_srp_set_server_credentials_file(srp_cred, SRP_PASSWD, + SRP_PASSWD_CONF); + + gnutls_certificate_allocate_credentials(&cert_cred); + gnutls_certificate_set_x509_trust_file(cert_cred, CAFILE, + GNUTLS_X509_FMT_PEM); + gnutls_certificate_set_x509_key_file(cert_cred, CERTFILE, KEYFILE, + GNUTLS_X509_FMT_PEM); + + /* TCP socket operations + */ + listen_sd = socket(AF_INET, SOCK_STREAM, 0); + SOCKET_ERR(listen_sd, "socket"); + + memset(&sa_serv, '\0', sizeof(sa_serv)); + sa_serv.sin_family = AF_INET; + sa_serv.sin_addr.s_addr = INADDR_ANY; + sa_serv.sin_port = htons(PORT); /* Server Port number */ + + setsockopt(listen_sd, SOL_SOCKET, SO_REUSEADDR, (void *) &optval, + sizeof(int)); + + err = + bind(listen_sd, (struct sockaddr *) &sa_serv, sizeof(sa_serv)); + SOCKET_ERR(err, "bind"); + err = listen(listen_sd, 1024); + SOCKET_ERR(err, "listen"); + + printf("%s ready. Listening to port '%d'.\n\n", name, PORT); + + client_len = sizeof(sa_cli); + for (;;) { + gnutls_init(&session, GNUTLS_SERVER); + gnutls_priority_set_direct(session, + "NORMAL" + ":-KX-ALL:+SRP:+SRP-DSS:+SRP-RSA", + NULL); + gnutls_credentials_set(session, GNUTLS_CRD_SRP, srp_cred); + /* for the certificate authenticated ciphersuites. + */ + gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, + cert_cred); + + /* We don't request any certificate from the client. + * If we did we would need to verify it. One way of + * doing that is shown in the "Verifying a certificate" + * example. + */ + gnutls_certificate_server_set_request(session, + GNUTLS_CERT_IGNORE); + + sd = accept(listen_sd, (struct sockaddr *) &sa_cli, + &client_len); + + printf("- connection from %s, port %d\n", + inet_ntop(AF_INET, &sa_cli.sin_addr, topbuf, + sizeof(topbuf)), ntohs(sa_cli.sin_port)); + + gnutls_transport_set_int(session, sd); + + LOOP_CHECK(ret, gnutls_handshake(session)); + if (ret < 0) { + close(sd); + gnutls_deinit(session); + fprintf(stderr, + "*** Handshake has failed (%s)\n\n", + gnutls_strerror(ret)); + continue; + } + printf("- Handshake was completed\n"); + printf("- User %s was connected\n", + gnutls_srp_server_get_username(session)); + + /* print_info(session); */ + + for (;;) { + LOOP_CHECK(ret, gnutls_record_recv(session, buffer, MAX_BUF)); + + if (ret == 0) { + printf + ("\n- Peer has closed the GnuTLS connection\n"); + break; + } else if (ret < 0 + && gnutls_error_is_fatal(ret) == 0) { + fprintf(stderr, "*** Warning: %s\n", + gnutls_strerror(ret)); + } else if (ret < 0) { + fprintf(stderr, "\n*** Received corrupted " + "data(%d). Closing the connection.\n\n", + ret); + break; + } else if (ret > 0) { + /* echo data back to the client + */ + gnutls_record_send(session, buffer, ret); + } + } + printf("\n"); + /* do not wait for the peer to close the connection. */ + LOOP_CHECK(ret, gnutls_bye(session, GNUTLS_SHUT_WR)); + + close(sd); + gnutls_deinit(session); + + } + close(listen_sd); + + gnutls_srp_free_server_credentials(srp_cred); + gnutls_certificate_free_credentials(cert_cred); + + gnutls_global_deinit(); + + return 0; + +} diff --git a/doc/examples/ex-serv-x509.c b/doc/examples/ex-serv-x509.c new file mode 100644 index 0000000..df57207 --- /dev/null +++ b/doc/examples/ex-serv-x509.c @@ -0,0 +1,198 @@ +/* This example code is placed in the public domain. */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#define KEYFILE "key.pem" +#define CERTFILE "cert.pem" +#define CAFILE "/etc/ssl/certs/ca-certificates.crt" +#define CRLFILE "crl.pem" + +#define CHECK(x) assert((x)>=0) +#define LOOP_CHECK(rval, cmd) \ + do { \ + rval = cmd; \ + } while(rval == GNUTLS_E_AGAIN || rval == GNUTLS_E_INTERRUPTED) + +/* The OCSP status file contains up to date information about revocation + * of the server's certificate. That can be periodically be updated + * using: + * $ ocsptool --ask --load-cert your_cert.pem --load-issuer your_issuer.pem + * --load-signer your_issuer.pem --outfile ocsp-status.der + */ +#define OCSP_STATUS_FILE "ocsp-status.der" + +/* This is a sample TLS 1.0 echo server, using X.509 authentication and + * OCSP stapling support. + */ + +#define MAX_BUF 1024 +#define PORT 5556 /* listen to 5556 port */ + +int main(void) +{ + int listen_sd; + int sd, ret; + gnutls_certificate_credentials_t x509_cred; + gnutls_priority_t priority_cache; + struct sockaddr_in sa_serv; + struct sockaddr_in sa_cli; + socklen_t client_len; + char topbuf[512]; + gnutls_session_t session; + char buffer[MAX_BUF + 1]; + int optval = 1; + + /* for backwards compatibility with gnutls < 3.3.0 */ + CHECK(gnutls_global_init()); + + CHECK(gnutls_certificate_allocate_credentials(&x509_cred)); + + CHECK(gnutls_certificate_set_x509_trust_file(x509_cred, CAFILE, + GNUTLS_X509_FMT_PEM)); + + CHECK(gnutls_certificate_set_x509_crl_file(x509_cred, CRLFILE, + GNUTLS_X509_FMT_PEM)); + + /* The following code sets the certificate key pair as well as, + * an OCSP response which corresponds to it. It is possible + * to set multiple key-pairs and multiple OCSP status responses + * (the latter since 3.5.6). See the manual pages of the individual + * functions for more information. + */ + CHECK(gnutls_certificate_set_x509_key_file(x509_cred, CERTFILE, + KEYFILE, + GNUTLS_X509_FMT_PEM)); + + CHECK(gnutls_certificate_set_ocsp_status_request_file(x509_cred, + OCSP_STATUS_FILE, + 0)); + + CHECK(gnutls_priority_init(&priority_cache, NULL, NULL)); + + /* Instead of the default options as shown above one could specify + * additional options such as server precedence in ciphersuite selection + * as follows: + * gnutls_priority_init2(&priority_cache, + * "%SERVER_PRECEDENCE", + * NULL, GNUTLS_PRIORITY_INIT_DEF_APPEND); + */ + +#if GNUTLS_VERSION_NUMBER >= 0x030506 + /* only available since GnuTLS 3.5.6, on previous versions see + * gnutls_certificate_set_dh_params(). */ + gnutls_certificate_set_known_dh_params(x509_cred, GNUTLS_SEC_PARAM_MEDIUM); +#endif + + /* Socket operations + */ + listen_sd = socket(AF_INET, SOCK_STREAM, 0); + + memset(&sa_serv, '\0', sizeof(sa_serv)); + sa_serv.sin_family = AF_INET; + sa_serv.sin_addr.s_addr = INADDR_ANY; + sa_serv.sin_port = htons(PORT); /* Server Port number */ + + setsockopt(listen_sd, SOL_SOCKET, SO_REUSEADDR, (void *) &optval, + sizeof(int)); + + bind(listen_sd, (struct sockaddr *) &sa_serv, sizeof(sa_serv)); + + listen(listen_sd, 1024); + + printf("Server ready. Listening to port '%d'.\n\n", PORT); + + client_len = sizeof(sa_cli); + for (;;) { + CHECK(gnutls_init(&session, GNUTLS_SERVER)); + CHECK(gnutls_priority_set(session, priority_cache)); + CHECK(gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, + x509_cred)); + + /* We don't request any certificate from the client. + * If we did we would need to verify it. One way of + * doing that is shown in the "Verifying a certificate" + * example. + */ + gnutls_certificate_server_set_request(session, + GNUTLS_CERT_IGNORE); + gnutls_handshake_set_timeout(session, + GNUTLS_DEFAULT_HANDSHAKE_TIMEOUT); + + sd = accept(listen_sd, (struct sockaddr *) &sa_cli, + &client_len); + + printf("- connection from %s, port %d\n", + inet_ntop(AF_INET, &sa_cli.sin_addr, topbuf, + sizeof(topbuf)), ntohs(sa_cli.sin_port)); + + gnutls_transport_set_int(session, sd); + + LOOP_CHECK(ret, gnutls_handshake(session)); + if (ret < 0) { + close(sd); + gnutls_deinit(session); + fprintf(stderr, + "*** Handshake has failed (%s)\n\n", + gnutls_strerror(ret)); + continue; + } + printf("- Handshake was completed\n"); + + /* see the Getting peer's information example */ + /* print_info(session); */ + + for (;;) { + LOOP_CHECK(ret, gnutls_record_recv(session, buffer, MAX_BUF)); + + if (ret == 0) { + printf + ("\n- Peer has closed the GnuTLS connection\n"); + break; + } else if (ret < 0 + && gnutls_error_is_fatal(ret) == 0) { + fprintf(stderr, "*** Warning: %s\n", + gnutls_strerror(ret)); + } else if (ret < 0) { + fprintf(stderr, "\n*** Received corrupted " + "data(%d). Closing the connection.\n\n", + ret); + break; + } else if (ret > 0) { + /* echo data back to the client + */ + CHECK(gnutls_record_send(session, buffer, ret)); + } + } + printf("\n"); + /* do not wait for the peer to close the connection. + */ + LOOP_CHECK(ret, gnutls_bye(session, GNUTLS_SHUT_WR)); + + close(sd); + gnutls_deinit(session); + + } + close(listen_sd); + + gnutls_certificate_free_credentials(x509_cred); + gnutls_priority_deinit(priority_cache); + + gnutls_global_deinit(); + + return 0; + +} diff --git a/doc/examples/ex-session-info.c b/doc/examples/ex-session-info.c new file mode 100644 index 0000000..6c20bbe --- /dev/null +++ b/doc/examples/ex-session-info.c @@ -0,0 +1,109 @@ +/* This example code is placed in the public domain. */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include + +#include "examples.h" + +/* This function will print some details of the + * given session. + */ +int print_info(gnutls_session_t session) +{ + gnutls_credentials_type_t cred; + gnutls_kx_algorithm_t kx; + int dhe, ecdh, group; + char *desc; + + /* get a description of the session connection, protocol, + * cipher/key exchange */ + desc = gnutls_session_get_desc(session); + if (desc != NULL) { + printf("- Session: %s\n", desc); + } + + dhe = ecdh = 0; + + kx = gnutls_kx_get(session); + + /* Check the authentication type used and switch + * to the appropriate. + */ + cred = gnutls_auth_get_type(session); + switch (cred) { +#ifdef ENABLE_SRP + case GNUTLS_CRD_SRP: + printf("- SRP session with username %s\n", + gnutls_srp_server_get_username(session)); + break; +#endif + + case GNUTLS_CRD_PSK: + /* This returns NULL in server side. + */ + if (gnutls_psk_client_get_hint(session) != NULL) + printf("- PSK authentication. PSK hint '%s'\n", + gnutls_psk_client_get_hint(session)); + /* This returns NULL in client side. + */ + if (gnutls_psk_server_get_username(session) != NULL) + printf("- PSK authentication. Connected as '%s'\n", + gnutls_psk_server_get_username(session)); + + if (kx == GNUTLS_KX_ECDHE_PSK) + ecdh = 1; + else if (kx == GNUTLS_KX_DHE_PSK) + dhe = 1; + break; + + case GNUTLS_CRD_ANON: /* anonymous authentication */ + + printf("- Anonymous authentication.\n"); + if (kx == GNUTLS_KX_ANON_ECDH) + ecdh = 1; + else if (kx == GNUTLS_KX_ANON_DH) + dhe = 1; + break; + + case GNUTLS_CRD_CERTIFICATE: /* certificate authentication */ + + /* Check if we have been using ephemeral Diffie-Hellman. + */ + if (kx == GNUTLS_KX_DHE_RSA || kx == GNUTLS_KX_DHE_DSS) + dhe = 1; + else if (kx == GNUTLS_KX_ECDHE_RSA + || kx == GNUTLS_KX_ECDHE_ECDSA) + ecdh = 1; + + /* if the certificate list is available, then + * print some information about it. + */ + print_x509_certificate_info(session); + break; + default: + break; + } /* switch */ + + /* read the negotiated group - if any */ + group = gnutls_group_get(session); + if (group != 0) { + printf("- Negotiated group %s\n", + gnutls_group_get_name(group)); + } else { + if (ecdh != 0) + printf("- Ephemeral ECDH using curve %s\n", + gnutls_ecc_curve_get_name(gnutls_ecc_curve_get + (session))); + else if (dhe != 0) + printf("- Ephemeral DH using prime of %d bits\n", + gnutls_dh_get_prime_bits(session)); + } + + return 0; +} diff --git a/doc/examples/ex-verify-ssh.c b/doc/examples/ex-verify-ssh.c new file mode 100644 index 0000000..a2af8e5 --- /dev/null +++ b/doc/examples/ex-verify-ssh.c @@ -0,0 +1,100 @@ +/* This example code is placed in the public domain. */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include +#include +#include "examples.h" + +#define CHECK(x) assert((x)>=0) + +/* This function will verify the peer's certificate, check + * if the hostname matches. In addition it will perform an + * SSH-style authentication, where ultimately trusted keys + * are only the keys that have been seen before. + */ +int _ssh_verify_certificate_callback(gnutls_session_t session) +{ + unsigned int status; + const gnutls_datum_t *cert_list; + unsigned int cert_list_size; + int ret, type; + gnutls_datum_t out; + const char *hostname; + + /* read hostname */ + hostname = gnutls_session_get_ptr(session); + + /* This verification function uses the trusted CAs in the credentials + * structure. So you must have installed one or more CA certificates. + */ + CHECK(gnutls_certificate_verify_peers3(session, hostname, &status)); + + type = gnutls_certificate_type_get(session); + + CHECK(gnutls_certificate_verification_status_print(status, + type, &out, 0)); + printf("%s", out.data); + + gnutls_free(out.data); + + if (status != 0) /* Certificate is not trusted */ + return GNUTLS_E_CERTIFICATE_ERROR; + + /* Do SSH verification */ + cert_list = gnutls_certificate_get_peers(session, &cert_list_size); + if (cert_list == NULL) { + printf("No certificate was found!\n"); + return GNUTLS_E_CERTIFICATE_ERROR; + } + + /* service may be obtained alternatively using getservbyport() */ + ret = gnutls_verify_stored_pubkey(NULL, NULL, hostname, "https", + type, &cert_list[0], 0); + if (ret == GNUTLS_E_NO_CERTIFICATE_FOUND) { + printf("Host %s is not known.", hostname); + if (status == 0) + printf("Its certificate is valid for %s.\n", + hostname); + + /* the certificate must be printed and user must be asked on + * whether it is trustworthy. --see gnutls_x509_crt_print() */ + + /* if not trusted */ + return GNUTLS_E_CERTIFICATE_ERROR; + } else if (ret == GNUTLS_E_CERTIFICATE_KEY_MISMATCH) { + printf + ("Warning: host %s is known but has another key associated.", + hostname); + printf + ("It might be that the server has multiple keys, or you are under attack\n"); + if (status == 0) + printf("Its certificate is valid for %s.\n", + hostname); + + /* the certificate must be printed and user must be asked on + * whether it is trustworthy. --see gnutls_x509_crt_print() */ + + /* if not trusted */ + return GNUTLS_E_CERTIFICATE_ERROR; + } else if (ret < 0) { + printf("gnutls_verify_stored_pubkey: %s\n", + gnutls_strerror(ret)); + return ret; + } + + /* user trusts the key -> store it */ + if (ret != 0) { + CHECK(gnutls_store_pubkey(NULL, NULL, hostname, "https", + type, &cert_list[0], 0, 0)); + } + + /* notify gnutls to continue handshake normally */ + return 0; +} diff --git a/doc/examples/ex-verify.c b/doc/examples/ex-verify.c new file mode 100644 index 0000000..6231987 --- /dev/null +++ b/doc/examples/ex-verify.c @@ -0,0 +1,153 @@ +/* This example code is placed in the public domain. */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include +#include + +#include "examples.h" + +#define CHECK(x) assert((x)>=0) + +/* All the available CRLs + */ +gnutls_x509_crl_t *crl_list; +int crl_list_size; + +/* All the available trusted CAs + */ +gnutls_x509_crt_t *ca_list; +int ca_list_size; + +static int print_details_func(gnutls_x509_crt_t cert, + gnutls_x509_crt_t issuer, + gnutls_x509_crl_t crl, + unsigned int verification_output); + +/* This function will try to verify the peer's certificate chain, and + * also check if the hostname matches. + */ +void +verify_certificate_chain(const char *hostname, + const gnutls_datum_t * cert_chain, + int cert_chain_length) +{ + int i; + gnutls_x509_trust_list_t tlist; + gnutls_x509_crt_t *cert; + gnutls_datum_t txt; + unsigned int output; + + /* Initialize the trusted certificate list. This should be done + * once on initialization. gnutls_x509_crt_list_import2() and + * gnutls_x509_crl_list_import2() can be used to load them. + */ + CHECK(gnutls_x509_trust_list_init(&tlist, 0)); + + CHECK(gnutls_x509_trust_list_add_cas(tlist, ca_list, ca_list_size, 0)); + CHECK(gnutls_x509_trust_list_add_crls(tlist, crl_list, crl_list_size, + GNUTLS_TL_VERIFY_CRL, 0)); + + cert = malloc(sizeof(*cert) * cert_chain_length); + assert(cert != NULL); + + /* Import all the certificates in the chain to + * native certificate format. + */ + for (i = 0; i < cert_chain_length; i++) { + CHECK(gnutls_x509_crt_init(&cert[i])); + CHECK(gnutls_x509_crt_import(cert[i], &cert_chain[i], + GNUTLS_X509_FMT_DER)); + } + + CHECK(gnutls_x509_trust_list_verify_named_crt(tlist, cert[0], + hostname, + strlen(hostname), + GNUTLS_VERIFY_DISABLE_CRL_CHECKS, + &output, + print_details_func)); + + /* if this certificate is not explicitly trusted verify against CAs + */ + if (output != 0) { + CHECK(gnutls_x509_trust_list_verify_crt(tlist, cert, + cert_chain_length, 0, + &output, + print_details_func)); + } + + + + if (output & GNUTLS_CERT_INVALID) { + fprintf(stderr, "Not trusted\n"); + CHECK(gnutls_certificate_verification_status_print( + output, + GNUTLS_CRT_X509, + &txt, 0)); + + fprintf(stderr, "Error: %s\n", txt.data); + gnutls_free(txt.data); + } else + fprintf(stderr, "Trusted\n"); + + /* Check if the name in the first certificate matches our destination! + */ + if (!gnutls_x509_crt_check_hostname(cert[0], hostname)) { + printf + ("The certificate's owner does not match hostname '%s'\n", + hostname); + } + + gnutls_x509_trust_list_deinit(tlist, 1); + + return; +} + +static int +print_details_func(gnutls_x509_crt_t cert, + gnutls_x509_crt_t issuer, gnutls_x509_crl_t crl, + unsigned int verification_output) +{ + char name[512]; + char issuer_name[512]; + size_t name_size; + size_t issuer_name_size; + + issuer_name_size = sizeof(issuer_name); + gnutls_x509_crt_get_issuer_dn(cert, issuer_name, + &issuer_name_size); + + name_size = sizeof(name); + gnutls_x509_crt_get_dn(cert, name, &name_size); + + fprintf(stdout, "\tSubject: %s\n", name); + fprintf(stdout, "\tIssuer: %s\n", issuer_name); + + if (issuer != NULL) { + issuer_name_size = sizeof(issuer_name); + gnutls_x509_crt_get_dn(issuer, issuer_name, + &issuer_name_size); + + fprintf(stdout, "\tVerified against: %s\n", issuer_name); + } + + if (crl != NULL) { + issuer_name_size = sizeof(issuer_name); + gnutls_x509_crl_get_issuer_dn(crl, issuer_name, + &issuer_name_size); + + fprintf(stdout, "\tVerified against CRL of: %s\n", + issuer_name); + } + + fprintf(stdout, "\tVerification output: %x\n\n", + verification_output); + + return 0; +} diff --git a/doc/examples/ex-x509-info.c b/doc/examples/ex-x509-info.c new file mode 100644 index 0000000..a54aeff --- /dev/null +++ b/doc/examples/ex-x509-info.c @@ -0,0 +1,125 @@ +/* This example code is placed in the public domain. */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include + +#include "examples.h" + +static const char *bin2hex(const void *bin, size_t bin_size) +{ + static char printable[110]; + const unsigned char *_bin = bin; + char *print; + size_t i; + + if (bin_size > 50) + bin_size = 50; + + print = printable; + for (i = 0; i < bin_size; i++) { + sprintf(print, "%.2x ", _bin[i]); + print += 2; + } + + return printable; +} + +/* This function will print information about this session's peer + * certificate. + */ +void print_x509_certificate_info(gnutls_session_t session) +{ + char serial[40]; + char dn[256]; + size_t size; + unsigned int algo, bits; + time_t expiration_time, activation_time; + const gnutls_datum_t *cert_list; + unsigned int cert_list_size = 0; + gnutls_x509_crt_t cert; + gnutls_datum_t cinfo; + + /* This function only works for X.509 certificates. + */ + if (gnutls_certificate_type_get(session) != GNUTLS_CRT_X509) + return; + + cert_list = gnutls_certificate_get_peers(session, &cert_list_size); + + printf("Peer provided %d certificates.\n", cert_list_size); + + if (cert_list_size > 0) { + int ret; + + /* we only print information about the first certificate. + */ + gnutls_x509_crt_init(&cert); + + gnutls_x509_crt_import(cert, &cert_list[0], + GNUTLS_X509_FMT_DER); + + printf("Certificate info:\n"); + + /* This is the preferred way of printing short information about + a certificate. */ + + ret = + gnutls_x509_crt_print(cert, GNUTLS_CRT_PRINT_ONELINE, + &cinfo); + if (ret == 0) { + printf("\t%s\n", cinfo.data); + gnutls_free(cinfo.data); + } + + /* If you want to extract fields manually for some other reason, + below are popular example calls. */ + + expiration_time = + gnutls_x509_crt_get_expiration_time(cert); + activation_time = + gnutls_x509_crt_get_activation_time(cert); + + printf("\tCertificate is valid since: %s", + ctime(&activation_time)); + printf("\tCertificate expires: %s", + ctime(&expiration_time)); + + /* Print the serial number of the certificate. + */ + size = sizeof(serial); + gnutls_x509_crt_get_serial(cert, serial, &size); + + printf("\tCertificate serial number: %s\n", + bin2hex(serial, size)); + + /* Extract some of the public key algorithm's parameters + */ + algo = gnutls_x509_crt_get_pk_algorithm(cert, &bits); + + printf("Certificate public key: %s", + gnutls_pk_algorithm_get_name(algo)); + + /* Print the version of the X.509 + * certificate. + */ + printf("\tCertificate version: #%d\n", + gnutls_x509_crt_get_version(cert)); + + size = sizeof(dn); + gnutls_x509_crt_get_dn(cert, dn, &size); + printf("\tDN: %s\n", dn); + + size = sizeof(dn); + gnutls_x509_crt_get_issuer_dn(cert, dn, &size); + printf("\tIssuer's DN: %s\n", dn); + + gnutls_x509_crt_deinit(cert); + + } +} diff --git a/doc/examples/examples.h b/doc/examples/examples.h new file mode 100644 index 0000000..e5641a5 --- /dev/null +++ b/doc/examples/examples.h @@ -0,0 +1,24 @@ +#ifndef EXAMPLES_H +#define EXAMPLES_H + +void check_alert(gnutls_session_t session, int ret); + +int write_pkcs12(const gnutls_datum_t * cert, + const gnutls_datum_t * pkcs8_key, const char *password); + +void verify_certificate(gnutls_session_t session, const char *hostname); + +int print_info(gnutls_session_t session); + +void print_x509_certificate_info(gnutls_session_t session); + +int _ssh_verify_certificate_callback(gnutls_session_t session); + +void +verify_certificate_chain(const char *hostname, + const gnutls_datum_t * cert_chain, + int cert_chain_length); + +int verify_certificate_callback(gnutls_session_t session); + +#endif /* EXAMPLES_H */ diff --git a/doc/examples/print-ciphersuites.c b/doc/examples/print-ciphersuites.c new file mode 100644 index 0000000..c0b8321 --- /dev/null +++ b/doc/examples/print-ciphersuites.c @@ -0,0 +1,59 @@ +/* This example code is placed in the public domain. */ + +#include +#include +#include +#include +#include + +static void print_cipher_suite_list(const char *priorities) +{ + size_t i; + int ret; + unsigned int idx; + const char *name; + const char *err; + unsigned char id[2]; + gnutls_protocol_t version; + gnutls_priority_t pcache; + + if (priorities != NULL) { + printf("Cipher suites for %s\n", priorities); + + ret = gnutls_priority_init(&pcache, priorities, &err); + if (ret < 0) { + fprintf(stderr, "Syntax error at: %s\n", err); + exit(1); + } + + for (i = 0;; i++) { + ret = + gnutls_priority_get_cipher_suite_index(pcache, + i, + &idx); + if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) + break; + if (ret == GNUTLS_E_UNKNOWN_CIPHER_SUITE) + continue; + + name = + gnutls_cipher_suite_info(idx, id, NULL, NULL, + NULL, &version); + + if (name != NULL) + printf("%-50s\t0x%02x, 0x%02x\t%s\n", + name, (unsigned char) id[0], + (unsigned char) id[1], + gnutls_protocol_get_name(version)); + } + + return; + } +} + +int main(int argc, char **argv) +{ + if (argc > 1) + print_cipher_suite_list(argv[1]); + return 0; +} diff --git a/doc/examples/tcp.c b/doc/examples/tcp.c new file mode 100644 index 0000000..a9b2f0d --- /dev/null +++ b/doc/examples/tcp.c @@ -0,0 +1,54 @@ +/* This example code is placed in the public domain. */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include +#include +#include +#include + +/* tcp.c */ +int tcp_connect(void); +void tcp_close(int sd); + +/* Connects to the peer and returns a socket + * descriptor. + */ +extern int tcp_connect(void) +{ + const char *PORT = "5556"; + const char *SERVER = "127.0.0.1"; + int err, sd; + struct sockaddr_in sa; + + /* connects to server + */ + sd = socket(AF_INET, SOCK_STREAM, 0); + + memset(&sa, '\0', sizeof(sa)); + sa.sin_family = AF_INET; + sa.sin_port = htons(atoi(PORT)); + inet_pton(AF_INET, SERVER, &sa.sin_addr); + + err = connect(sd, (struct sockaddr *) &sa, sizeof(sa)); + if (err < 0) { + fprintf(stderr, "Connect error\n"); + exit(1); + } + + return sd; +} + +/* closes the given socket descriptor. + */ +extern void tcp_close(int sd) +{ + shutdown(sd, SHUT_RDWR); /* no more receptions */ + close(sd); +} diff --git a/doc/examples/tlsproxy/LICENSE b/doc/examples/tlsproxy/LICENSE new file mode 100644 index 0000000..43f5934 --- /dev/null +++ b/doc/examples/tlsproxy/LICENSE @@ -0,0 +1,21 @@ +The MIT License (MIT) + +Copyright (c) 2016 Wrymouth Innovation Ltd + +Permission is hereby granted, free of charge, to any person obtaining a +copy of this software and associated documentation files (the "Software"), +to deal in the Software without restriction, including without limitation +the rights to use, copy, modify, merge, publish, distribute, sublicense, +and/or sell copies of the Software, and to permit persons to whom the +Software is furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included +in all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL +THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR +OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, +ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR +OTHER DEALINGS IN THE SOFTWARE. diff --git a/doc/examples/tlsproxy/README.md b/doc/examples/tlsproxy/README.md new file mode 100644 index 0000000..a34a18c --- /dev/null +++ b/doc/examples/tlsproxy/README.md @@ -0,0 +1,53 @@ +tlsproxy +======== + +`tlsproxy` is a TLS proxy written with GnuTLS. It is mostly designed as an +example of how to use asynchronous (non-blocking) I/O with GnuTLS. More +accurately, it was designed so I could learn how to do it. I think I've +got it right. + +To that end, it's been divided up as follows: + +* `crypto.c` does all the crypto, and `tlssession_mainloop()` does the hard work. +* `buffer.c` provides ring buffer support. +* `tlsproxy.c` deals with command line options and connecting sockets. + +It can be used in two modes: + +* Client mode (default). Listens on an unencrypted port, connects to + an encrypted port. +* Server mode (run with `-s`). Listens on an encrypted port, connects to + an unencrypted port. + +Usage +===== + +``` +tlsproxy + +Usage: + tlsproxy [OPTIONS] + +A TLS client or server proxy + +Options: + -c, --connect ADDRRESS Connect to ADDRESS + -l, --listen ADDRESS Listen on ADDRESS + -K, --key FILE Use FILE as private key + -C, --cert FILE Use FILE as public key + -A, --cacert FILE Use FILE as public CA cert file + -H, --hostname HOSTNAME Use HOSTNAME to validate the CN of the peer + rather than hostname extracted from -C option + -s, --server Run the listen port encrypted rather than the + connect port + -i, --insecure Do not validate certificates + -n, --nofork Do not fork off (aids debugging); specify twice + to stop forking on accept as well + -d, --debug Turn on debugging + -h, --help Show this usage message +``` + +License +======= + +MIT \ No newline at end of file diff --git a/doc/examples/tlsproxy/buffer.c b/doc/examples/tlsproxy/buffer.c new file mode 100644 index 0000000..05c8212 --- /dev/null +++ b/doc/examples/tlsproxy/buffer.c @@ -0,0 +1,228 @@ +/* + +The MIT License (MIT) + +Copyright (c) 2016 Wrymouth Innovation Ltd + +Permission is hereby granted, free of charge, to any person obtaining a +copy of this software and associated documentation files (the "Software"), +to deal in the Software without restriction, including without limitation +the rights to use, copy, modify, merge, publish, distribute, sublicense, +and/or sell copies of the Software, and to permit persons to whom the +Software is furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included +in all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL +THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR +OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, +ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR +OTHER DEALINGS IN THE SOFTWARE. + +*/ + +#include "config.h" +#include + +#include "buffer.h" + +struct buffer +{ + char *buf; + ssize_t size; + ssize_t hwm; + ssize_t ridx; + ssize_t widx; + int empty; +}; + +/* the buffer is organised internally as follows: + * + * * There are b->size bytes in the buffer. + * + * * Bytes are at offsets 0 to b->size-1 + * + * * b->ridx points to the first readable byte + * + * * b->widx points to the first empty space + * + * * b->ridx < b->widx indicates a non-wrapped buffer: + * + * 0 ridx widx size + * | | | | + * V V V V + * ........XXXXXXXXX................ + * + * * b->ridx > b->widx indicates a wrapped buffer: + * + * 0 widx ridx size + * | | | | + * V V V V + * XXXXXXXX.........XXXXXXXXXXXXXXXX + * + * * b->ridx == b->widx indicates a FULL buffer: + * + * * b->ridx == b->widx indicates a wrapped buffer: + * + * 0 widx == ridx size + * | | | + * V V V + * XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX + * + * An empty buffer is indicated by empty=1 + * + */ + +buffer_t * +bufNew (ssize_t size, ssize_t hwm) +{ + buffer_t *b = calloc (1, sizeof (buffer_t)); + if (!b) return NULL; + + b->buf = calloc (1, size); + b->size = size; + b->hwm = hwm; + b->empty = 1; + return b; +} + + +void +bufFree (buffer_t * b) +{ + free (b->buf); + free (b); +} + +/* get a maximal span to read. Returns 0 if buffer + * is empty + */ +ssize_t +bufGetReadSpan (buffer_t * b, void **addr) +{ + if (b->empty) + { + *addr = NULL; + return 0; + } + *addr = &(b->buf[b->ridx]); + ssize_t len = b->widx - b->ridx; + if (len <= 0) + len = b->size - b->ridx; + return len; +} + +/* get a maximal span to write. Returns 0 id buffer is full + */ +ssize_t +bufGetWriteSpan (buffer_t * b, void **addr) +{ + if (b->empty) + { + *addr = b->buf; + b->ridx = 0; + b->widx = 0; + return b->size; + } + if (b->ridx == b->widx) + { + *addr = NULL; + return 0; + } + *addr = &(b->buf[b->widx]); + ssize_t len = b->ridx - b->widx; + if (len <= 0) + len = b->size - b->widx; + return len; +} + +/* mark size bytes as read */ +void +bufDoneRead (buffer_t * b, ssize_t size) +{ + while (!b->empty && (size > 0)) + { + /* empty can't occur here, so equal pointers means full */ + ssize_t len = b->widx - b->ridx; + if (len <= 0) + len = b->size - b->ridx; + + /* len is the number of bytes in one read span */ + if (len > size) + len = size; + + b->ridx += len; + if (b->ridx >= b->size) + b->ridx = 0; + + if (b->ridx == b->widx) + { + b->ridx = 0; + b->widx = 0; + b->empty = 1; + } + + size -= len; + } +} + +/* mark size bytes as written */ +void +bufDoneWrite (buffer_t * b, ssize_t size) +{ + while ((b->empty || (b->ridx != b->widx)) && (size > 0)) + { + /* full can't occur here, so equal pointers means empty */ + ssize_t len = b->ridx - b->widx; + if (len <= 0) + len = b->size - b->widx; + + /* len is the number of bytes in one write span */ + if (len > size) + len = size; + + b->widx += len; + if (b->widx >= b->size) + b->widx = 0; + + /* it can't be empty as we've written at least one byte */ + b->empty = 0; + + size -= len; + } +} + +int +bufIsEmpty (buffer_t * b) +{ + return b->empty; +} + +int +bufIsFull (buffer_t * b) +{ + return !b->empty && (b->ridx == b->widx); +} + +int +bufIsOverHWM (buffer_t * b) +{ + return bufGetCount (b) > b->hwm; +} + +ssize_t +bufGetFree (buffer_t * b) +{ + return b->size - bufGetCount (b); +} + +ssize_t +bufGetCount (buffer_t * b) +{ + if (b->empty) + return 0; + return b->widx - b->ridx + ((b->ridx < b->widx) ? 0 : b->size); +} diff --git a/doc/examples/tlsproxy/buffer.h b/doc/examples/tlsproxy/buffer.h new file mode 100644 index 0000000..c92b9a6 --- /dev/null +++ b/doc/examples/tlsproxy/buffer.h @@ -0,0 +1,45 @@ +/* +The MIT License (MIT) + +Copyright (c) 2016 Wrymouth Innovation Ltd + +Permission is hereby granted, free of charge, to any person obtaining a +copy of this software and associated documentation files (the "Software"), +to deal in the Software without restriction, including without limitation +the rights to use, copy, modify, merge, publish, distribute, sublicense, +and/or sell copies of the Software, and to permit persons to whom the +Software is furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included +in all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL +THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR +OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, +ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR +OTHER DEALINGS IN THE SOFTWARE. +*/ + +#ifndef __TLSPROXY_BUFFERS_H +#define __TLSPROXY_BUFFERS_H + +#include +#include + +typedef struct buffer buffer_t; + +buffer_t *bufNew (ssize_t size, ssize_t hwm); +void bufFree (buffer_t * b); +ssize_t bufGetReadSpan (buffer_t * b, void **addr); +ssize_t bufGetWriteSpan (buffer_t * b, void **addr); +void bufDoneRead (buffer_t * b, ssize_t size); +void bufDoneWrite (buffer_t * b, ssize_t size); +int bufIsEmpty (buffer_t * b); +int bufIsFull (buffer_t * b); +int bufIsOverHWM (buffer_t * b); +ssize_t bufGetFree (buffer_t * b); +ssize_t bufGetCount (buffer_t * b); + +#endif diff --git a/doc/examples/tlsproxy/crypto-gnutls.c b/doc/examples/tlsproxy/crypto-gnutls.c new file mode 100644 index 0000000..0764fdf --- /dev/null +++ b/doc/examples/tlsproxy/crypto-gnutls.c @@ -0,0 +1,585 @@ +/* + +The MIT License (MIT) + +Copyright (c) 2016 Wrymouth Innovation Ltd + +Permission is hereby granted, free of charge, to any person obtaining a +copy of this software and associated documentation files (the "Software"), +to deal in the Software without restriction, including without limitation +the rights to use, copy, modify, merge, publish, distribute, sublicense, +and/or sell copies of the Software, and to permit persons to whom the +Software is furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included +in all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL +THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR +OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, +ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR +OTHER DEALINGS IN THE SOFTWARE. + +*/ + +#include "config.h" + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include +#include +#include +#include + +#include "crypto-gnutls.h" +#include "buffer.h" + +#define FALSE 0 +#define TRUE 1 + +struct tlssession +{ + gnutls_certificate_credentials_t creds; + gnutls_session_t session; + char *hostname; + int (*quitfn) (void *opaque); + int (*erroutfn) (void *opaque, const char *format, va_list ap); + int debug; + void *opaque; +}; + +#define BUF_SIZE 65536 +#define BUF_HWM ((BUF_SIZE*3)/4) + +static int +falsequit (void *opaque) +{ + return FALSE; +} + +static int +quit (tlssession_t * s) +{ + return s->quitfn (s->opaque); +} + +#if defined __clang__ || __GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 5) +# pragma GCC diagnostic ignored "-Wsuggest-attribute=format" +#endif + +static int stderrout (void *opaque, const char *format, va_list ap) +{ + return vfprintf (stderr, format, ap); +} + +static int +errout (tlssession_t * s, const char *format, ...) +{ + va_list ap; + int ret; + va_start (ap, format); + ret = s->erroutfn (s->opaque, format, ap); + va_end (ap); + return ret; +} + +static int +debugout (tlssession_t * s, const char *format, ...) +{ + va_list ap; + int ret = 0; + va_start (ap, format); + if (s->debug) + ret = s->erroutfn (s->opaque, format, ap); + va_end (ap); + return ret; +} + +static int +socksetnonblock (int fd, int nb) +{ + int sf = fcntl (fd, F_GETFL, 0); + if (sf == -1) + return -1; + return fcntl (fd, F_SETFL, nb ? (sf | O_NONBLOCK) : (sf & ~O_NONBLOCK)); +} + +/* From (public domain) example file in GNUTLS + * + * This function will try to verify the peer's certificate, and + * also check if the hostname matches, and the activation, expiration dates. + */ +static int +verify_certificate_callback (gnutls_session_t session) +{ + unsigned int status; + int ret; + tlssession_t *s; + + /* read session pointer */ + s = (tlssession_t *) gnutls_session_get_ptr (session); + + if (gnutls_certificate_type_get (session) != GNUTLS_CRT_X509) + return GNUTLS_E_CERTIFICATE_ERROR; + + /* This verification function uses the trusted CAs in the credentials + * structure. So you must have installed one or more CA certificates. + */ + if (s->hostname && *s->hostname) + ret = gnutls_certificate_verify_peers3 (session, s->hostname, &status); + else + ret = gnutls_certificate_verify_peers2 (session, &status); + + if (ret < 0) + { + debugout (s, "Could not verfify peer certificate due to an error\n"); + return GNUTLS_E_CERTIFICATE_ERROR; + } + + if (status) + { + gnutls_datum_t txt; + ret = gnutls_certificate_verification_status_print(status, GNUTLS_CRT_X509, + &txt, 0); + if (ret >= 0) + { + debugout (s, "verification error: %s\n", txt.data); + gnutls_free(txt.data); + } + + return GNUTLS_E_CERTIFICATE_ERROR; + } + + debugout (s, "Peer passed certificate verification\n"); + + /* notify gnutls to continue handshake normally */ + return 0; +} + +tlssession_t * +tlssession_new (int isserver, + char *keyfile, char *certfile, char *cacertfile, + char *hostname, int insecure, int debug, + int (*quitfn) (void *opaque), + int (*erroutfn) (void *opaque, const char *format, + va_list ap), void *opaque) +{ + int ret; + tlssession_t *s = calloc (1, sizeof (tlssession_t)); + if (!s) + return NULL; + + if (quitfn) + s->quitfn = quitfn; + else + s->quitfn = falsequit; + + if (erroutfn) + s->erroutfn = erroutfn; + else + s->erroutfn = stderrout; + + if (hostname) + s->hostname = strdup (hostname); + + s->debug = debug; + + if (gnutls_certificate_allocate_credentials (&s->creds) < 0) + { + errout (s, "Certificate allocation memory error\n"); + goto error; + } + + if (cacertfile != NULL) + { + ret = + gnutls_certificate_set_x509_trust_file (s->creds, cacertfile, + GNUTLS_X509_FMT_PEM); + if (ret < 0) + { + errout (s, "Error setting the x509 trust file: %s\n", + gnutls_strerror (ret)); + goto error; + } + + if (!insecure) + { + gnutls_certificate_set_verify_function (s->creds, + verify_certificate_callback); + gnutls_certificate_set_verify_flags (s->creds, + GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT); + } + } + + if (keyfile && !certfile) + certfile = keyfile; + + if (certfile != NULL && keyfile != NULL) + { + ret = + gnutls_certificate_set_x509_key_file (s->creds, certfile, keyfile, + GNUTLS_X509_FMT_PEM); + + if (ret < 0) + { + errout (s, + "Error loading certificate or key file (%s, %s): %s\n", + certfile, keyfile, gnutls_strerror (ret)); + goto error; + } + } + + if (isserver) + ret = gnutls_init (&s->session, GNUTLS_SERVER); + else + ret = gnutls_init (&s->session, GNUTLS_CLIENT); + + if (ret < 0) + { + errout (s, "Cannot initialize GNUTLS session: %s\n", + gnutls_strerror (ret)); + goto error; + } + + gnutls_session_set_ptr (s->session, (void *) s); + + if (!isserver && s->hostname && *s->hostname) + { + ret = gnutls_server_name_set (s->session, GNUTLS_NAME_DNS, s->hostname, + strlen (s->hostname)); + if (ret < 0) + { + errout (s, "Cannot set server name: %s\n", + gnutls_strerror (ret)); + goto error; + } + } + + ret = gnutls_set_default_priority (s->session); + if (ret < 0) + { + errout (s, "Cannot set default GNUTLS session priority: %s\n", + gnutls_strerror (ret)); + goto error; + } + + ret = gnutls_credentials_set (s->session, GNUTLS_CRD_CERTIFICATE, s->creds); + if (ret < 0) + { + errout (s, "Cannot set session GNUTL credentials: %s\n", + gnutls_strerror (ret)); + goto error; + } + + if (isserver) + { + /* requests but does not check a client certificate */ + gnutls_certificate_server_set_request (s->session, GNUTLS_CERT_REQUEST); + } + + + return s; + +error: + if (s->session) + gnutls_deinit (s->session); + free (s); + return NULL; +} + +void +tlssession_close (tlssession_t * s) +{ + if (s->session) + gnutls_deinit (s->session); + free (s->hostname); + free (s); +} + +int +tlssession_init (void) +{ + return gnutls_global_init (); +} + + +int +tlssession_mainloop (int cryptfd, int plainfd, tlssession_t * s) +{ + fd_set readfds; + fd_set writefds; + int maxfd; + int tls_wr_interrupted = 0; + int plainEOF = FALSE; + int cryptEOF = FALSE; + ssize_t ret; + + buffer_t *plainToCrypt = bufNew (BUF_SIZE, BUF_HWM); + buffer_t *cryptToPlain = bufNew (BUF_SIZE, BUF_HWM); + + if (socksetnonblock (cryptfd, 0) < 0) + { + errout (s, "Could not turn on blocking: %m"); + goto error; + } + + /* set it up to work with our FD */ + gnutls_transport_set_ptr (s->session, + (gnutls_transport_ptr_t) (intptr_t) cryptfd); + + + /* Now do the handshake */ + ret = gnutls_handshake (s->session); + if (ret < 0) + { + errout (s, "TLS handshake failed: %s\n", gnutls_strerror (ret)); + goto error; + } + + if (socksetnonblock (cryptfd, 1) < 0) + { + errout (s, "Could not turn on non-blocking on crypt FD: %m"); + goto error; + } + + if (socksetnonblock (plainfd, 1) < 0) + { + errout (s, "Could not turn on non-blocking on plain FD: %m"); + goto error; + } + + maxfd = (plainfd > cryptfd) ? plainfd + 1 : cryptfd + 1; + + while ((!plainEOF || !cryptEOF) && !quit (s)) + { + struct timeval timeout; + int result; + int selecterrno; + int wait = TRUE; + + FD_ZERO (&readfds); + FD_ZERO (&writefds); + + size_t buffered = gnutls_record_check_pending (s->session); + if (buffered) + wait = FALSE; /* do not wait for select to return if we have buffered data */ + + if (plainEOF) + { + /* plain text end has closed, but me may still have + * data yet to write to the crypt end */ + if (bufIsEmpty (plainToCrypt) && !tls_wr_interrupted) + { + cryptEOF = TRUE; + break; + } + } + else + { + if (!bufIsEmpty (cryptToPlain)) + FD_SET (plainfd, &writefds); + if (!bufIsOverHWM (plainToCrypt)) + FD_SET (plainfd, &readfds); + } + + if (cryptEOF) + { + /* crypt end has closed, but me way still have data to + * write from the crypt buffer */ + if (bufIsEmpty (cryptToPlain) && !buffered) + { + plainEOF = TRUE; + break; + } + } + else + { + if (!bufIsEmpty (plainToCrypt) || tls_wr_interrupted) + FD_SET (cryptfd, &writefds); + if (!bufIsOverHWM (cryptToPlain)) + FD_SET (cryptfd, &readfds); + } + + /* Repeat select whilst EINTR happens */ + do + { + timeout.tv_sec = wait ? 1 : 0; + timeout.tv_usec = 0; + result = select (maxfd, &readfds, &writefds, NULL, &timeout); + + selecterrno = errno; + } + while ((result == -1) && (selecterrno == EINTR) && !quit (s)); + if (quit (s)) + break; + + if (FD_ISSET (plainfd, &readfds)) + { + /* we can read at least one byte */ + void *addr = NULL; + /* get a span of characters to write to the + * buffer. As the empty portion may wrap the end of the + * circular buffer this might not be all we could read. + */ + ssize_t len = bufGetWriteSpan (plainToCrypt, &addr); + if (len > 0) + { + do + { + ret = read (plainfd, addr, (size_t) len); + } + while ((ret < 0) && (errno == EINTR) && !quit (s)); + if (quit (s)) + break; + if (ret < 0) + { + errout (s, "Error on read from plain socket: %m\n"); + goto error; + } + if (ret == 0) + { + plainEOF = TRUE; + } + else + { + bufDoneWrite (plainToCrypt, ret); /* mark ret bytes as written to the buffer */ + } + } + } + + if (FD_ISSET (plainfd, &writefds)) + { + /* we can write at least one byte */ + void *addr = NULL; + /* get a span of characters to read from the buffer + * as the full portion may wrap the end of the circular buffer + * this might not be all we have to write. + */ + ssize_t len = bufGetReadSpan (cryptToPlain, &addr); + if (len > 0) + { + do + { + ret = write (plainfd, addr, (size_t) len); + } + while ((ret < 0) && (errno == EINTR) && !quit (s)); + if (quit (s)) + break; + if (ret < 0) + { + errout (s, "Error on write to plain socket: %m\n"); + goto error; + } + bufDoneRead (cryptToPlain, ret); /* mark ret bytes as read from the buffer */ + } + } + + if (FD_ISSET (cryptfd, &readfds) || buffered) + { + /* we can read at least one byte */ + void *addr = NULL; + /* get a span of characters to write to the + * buffer. As the empty portion may wrap the end of the + * circular buffer this might not be all we could read. + */ + ssize_t len = bufGetWriteSpan (cryptToPlain, &addr); + if (len > 0) + { + do + { + ret = gnutls_record_recv (s->session, addr, (size_t) len); + } + while (ret == GNUTLS_E_INTERRUPTED && !quit (s)); + /* do not loop on GNUTLS_E_AGAIN - this means we'd block so we'd loop for + * ever + */ + if (quit (s)) + break; + if (ret < 0 && ret != GNUTLS_E_AGAIN) + { + errout (s, "Error on read from crypt socket: %s\n", + gnutls_strerror (ret)); + goto error; + } + if (ret == 0) + { + cryptEOF = TRUE; + } + else + { + bufDoneWrite (cryptToPlain, ret); /* mark ret bytes as written to the buffer */ + } + } + } + + if (FD_ISSET (cryptfd, &writefds)) + { + /* we can write at least one byte */ + void *addr = NULL; + /* get a span of characters to read from the buffer + * as the full portion may wrap the end of the circular buffer + * this might not be all we have to write. + */ + ssize_t len = bufGetReadSpan (plainToCrypt, &addr); + if (len > 0) + { + do + { + if (tls_wr_interrupted) + { + ret = gnutls_record_send (s->session, NULL, 0); + } + else + { + ret = gnutls_record_send (s->session, addr, len); + } + } + while (ret == GNUTLS_E_INTERRUPTED && !quit (s)); + if (quit (s)) + break; + if (ret == GNUTLS_E_AGAIN) + { + /* we need to call this again with NULL parameters + * as it blocked + */ + tls_wr_interrupted = TRUE; + } + else if (ret < 0) + { + errout (s, "Error on write to crypto socket: %s\n", + gnutls_strerror (ret)); + goto error; + } + else + { + bufDoneRead (plainToCrypt, ret); /* mark ret bytes as read from the buffer */ + } + } + } + } + + ret = 0; + goto freereturn; + +error: + ret = -1; + +freereturn: + gnutls_bye (s->session, GNUTLS_SHUT_RDWR); + shutdown (plainfd, SHUT_RDWR); + bufFree (plainToCrypt); + bufFree (cryptToPlain); + return ret; +} diff --git a/doc/examples/tlsproxy/crypto-gnutls.h b/doc/examples/tlsproxy/crypto-gnutls.h new file mode 100644 index 0000000..2b6c402 --- /dev/null +++ b/doc/examples/tlsproxy/crypto-gnutls.h @@ -0,0 +1,43 @@ +/* + +The MIT License (MIT) + +Copyright (c) 2016 Wrymouth Innovation Ltd + +Permission is hereby granted, free of charge, to any person obtaining a +copy of this software and associated documentation files (the "Software"), +to deal in the Software without restriction, including without limitation +the rights to use, copy, modify, merge, publish, distribute, sublicense, +and/or sell copies of the Software, and to permit persons to whom the +Software is furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included +in all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL +THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR +OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, +ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR +OTHER DEALINGS IN THE SOFTWARE. + +*/ + +#ifndef __TLSPROXY_CRYPTO_GNUTLS_H +#define __TLSPROXY_CRYPTO_GNUTLS_H + +int tlssession_init (void); + +typedef struct tlssession tlssession_t; +tlssession_t *tlssession_new (int isserver, + char *keyfile, char *certfile, char *cacertfile, + char *hostname, int insecure, int debug, + int (*quitfn) (void *opaque), + int (*erroutfn) (void *opaque, + const char *format, + va_list ap), void *opaque); +void tlssession_close (tlssession_t * s); +int tlssession_mainloop (int cryptfd, int plainfd, tlssession_t * session); + +#endif diff --git a/doc/examples/tlsproxy/tlsproxy.c b/doc/examples/tlsproxy/tlsproxy.c new file mode 100644 index 0000000..9404d87 --- /dev/null +++ b/doc/examples/tlsproxy/tlsproxy.c @@ -0,0 +1,456 @@ +/* + +The MIT License (MIT) + +Copyright (c) 2016 Wrymouth Innovation Ltd + +Permission is hereby granted, free of charge, to any person obtaining a +copy of this software and associated documentation files (the "Software"), +to deal in the Software without restriction, including without limitation +the rights to use, copy, modify, merge, publish, distribute, sublicense, +and/or sell copies of the Software, and to permit persons to whom the +Software is furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included +in all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL +THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR +OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, +ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR +OTHER DEALINGS IN THE SOFTWARE. + +*/ + +#include "config.h" + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "crypto-gnutls.h" + +static char *connectaddr = NULL; +static char *listenaddr = NULL; +static char *keyfile = NULL; +static char *certfile = NULL; +static char *cacertfile = NULL; +static char *hostname = NULL; +static int debug = 0; +static int insecure = 0; +static int nofork = 0; +static int server = 0; + +static const char *defaultport = "12345"; + +static volatile sig_atomic_t rxsigquit = 0; + +static int +bindtoaddress (char *addrport) +{ + struct addrinfo hints; + struct addrinfo *result, *rp; + int fd, s; + char addr[128]; + + snprintf(addr, sizeof(addr), "%s", addrport); + + memset (&hints, 0, sizeof (struct addrinfo)); + hints.ai_flags = AI_PASSIVE; /* For wildcard IP address */ + hints.ai_family = AF_UNSPEC; /* Allow IPv4 or IPv6 */ + hints.ai_socktype = SOCK_STREAM; /* Stream socket */ + hints.ai_protocol = 0; /* any protocol */ + + char *colon = strrchr (addr, ':'); + const char *port = defaultport; + if (colon) + { + *colon = 0; + port = colon + 1; + } + + s = getaddrinfo (addr, port, &hints, &result); + if (s != 0) + { + fprintf (stderr, "Error in address %s: %s\n", addr, gai_strerror (s)); + return -1; + } + + /* attempt to bind to each address */ + + for (rp = result; rp != NULL; rp = rp->ai_next) + { + fd = socket (rp->ai_family, rp->ai_socktype, rp->ai_protocol); + + if (fd >= 0) + { + int one = 1; + if (setsockopt (fd, SOL_SOCKET, SO_REUSEADDR, &one, sizeof (one)) < + 0) + { + close (fd); + continue; + } + if (bind (fd, rp->ai_addr, rp->ai_addrlen) == 0) + break; + close (fd); + } + } + + if (!rp) + { + fprintf (stderr, "Error binding to %s:%s: %m\n", addr, port); + return -1; + } + + freeaddrinfo (result); /* No longer needed */ + + if (listen (fd, 5) < 0) + { + close (fd); + return -1; + } + + return fd; +} + +static int +connecttoaddress (char *addrport) +{ + struct addrinfo hints; + struct addrinfo *result, *rp; + int fd, s; + char addr[128]; + + snprintf(addr, sizeof(addr), "%s", addrport); + + memset (&hints, 0, sizeof (struct addrinfo)); + hints.ai_flags = AI_PASSIVE; /* For wildcard IP address */ + hints.ai_family = AF_UNSPEC; /* Allow IPv4 or IPv6 */ + hints.ai_socktype = SOCK_STREAM; /* Stream socket */ + hints.ai_protocol = 0; /* any protocol */ + + char *colon = strrchr (addr, ':'); + const char *port = defaultport; + if (colon) + { + *colon = 0; + port = colon + 1; + } + + if (!hostname && !server) + hostname = strdup (addr); + + s = getaddrinfo (addr, port, &hints, &result); + if (s != 0) + { + fprintf (stderr, "Error in address %s: %s\n", addr, gai_strerror (s)); + return -1; + } + + /* attempt to connect to each address */ + for (rp = result; rp != NULL; rp = rp->ai_next) + { + fd = socket (rp->ai_family, rp->ai_socktype, rp->ai_protocol); + if (fd >= 0) + { + if (connect (fd, rp->ai_addr, rp->ai_addrlen) == 0) + break; + close (fd); + } + } + + if (!rp) + { + fprintf (stderr, "Error connecting to %s:%s: %m\n", addr, port); + return -1; + } + + freeaddrinfo (result); /* No longer needed */ + + return fd; +} + +static int +quitfn (void *opaque) +{ + return rxsigquit; +} + +static int +runproxy (int acceptfd) +{ + int connectfd; + if ((connectfd = connecttoaddress (connectaddr)) < 0) + { + fprintf (stderr, "Could not connect\n"); + close (acceptfd); + return -1; + } + + tlssession_t *session = + tlssession_new (server, keyfile, certfile, cacertfile, hostname, insecure, + debug, quitfn, NULL, NULL); + if (!session) + { + fprintf (stderr, "Could create TLS session\n"); + close (connectfd); + close (acceptfd); + return -1; + } + + int ret; + if (server) + ret = tlssession_mainloop (acceptfd, connectfd, session); + else + ret = tlssession_mainloop (connectfd, acceptfd, session); + + tlssession_close (session); + close (connectfd); + close (acceptfd); + + if (ret < 0) + { + fprintf (stderr, "TLS proxy exited with an error\n"); + return -1; + } + return 0; +} + +static int +runlistener (void) +{ + int listenfd; + if ((listenfd = bindtoaddress (listenaddr)) < 0) + { + fprintf (stderr, "Could not bind listener\n"); + return -1; + } + + /* + if (!nofork) + daemon (FALSE, FALSE); + */ + + int fd; + while (!rxsigquit) + { + do + { + if ((fd = accept (listenfd, NULL, NULL)) < 0) + { + if (errno != EINTR) + { + fprintf (stderr, "Accept failed\n"); + return -1; + } + } + } + while (fd < 0 && !rxsigquit); + if (rxsigquit) + break; + if (nofork < 2) + { + int ret = runproxy (fd); + if (ret < 0) + return -1; + } + else + { + int cpid = fork (); + if (cpid == 0) + { + /* we're the child */ + runproxy (fd); + exit (0); + } + else + close (fd); + } + } + return 0; +} + +static void +usage (void) +{ + fprintf (stderr, "tlsproxy\n\n\ +Usage:\n\ + tlsproxy [OPTIONS]\n\ +\n\ +A TLS client or server proxy\n\ +\n\ +Options:\n\ + -c, --connect ADDRRESS Connect to ADDRESS\n\ + -l, --listen ADDRESS Listen on ADDRESS\n\ + -K, --key FILE Use FILE as private key\n\ + -C, --cert FILE Use FILE as public key\n\ + -A, --cacert FILE Use FILE as public CA cert file\n\ + -H, --hostname HOSTNAME Use HOSTNAME to validate the CN of the peer\n\ + rather than hostname extracted from -C option\n\ + -s, --server Run the listen port encrypted rather than the\n\ + connect port\n\ + -i, --insecure Do not validate certificates\n\ + -n, --nofork Do not fork off (aids debugging); specify twice\n\ + to stop forking on accept as well\n\ + -d, --debug Turn on debugging\n\ + -h, --help Show this usage message\n\ +\n\ +\n"); +} + +static void +processoptions (int argc, char **argv) +{ + while (1) + { + static const struct option longopts[] = { + {"connect", required_argument, 0, 'c'}, + {"listen", required_argument, 0, 'l'}, + {"key", required_argument, 0, 'K'}, + {"cert", required_argument, 0, 'C'}, + {"cacert", required_argument, 0, 'A'}, + {"hostname", required_argument, 0, 'H'}, + {"server", no_argument, 0, 's'}, + {"insecure", no_argument, 0, 'i'}, + {"nofork", no_argument, 0, 'n'}, + {"debug", no_argument, 0, 'd'}, + {"help", no_argument, 0, 'h'}, + {0, 0, 0, 0} + }; + + int optidx = 0; + + int c = + getopt_long (argc, argv, "c:l:K:C:A:H:sindh", longopts, &optidx); + if (c == -1) + break; + + switch (c) + { + case 0: /* set a flag, nothing else to do */ + break; + + case 'c': + connectaddr = strdup (optarg); + break; + + case 'l': + listenaddr = strdup (optarg); + break; + + case 'K': + keyfile = strdup (optarg); + break; + + case 'C': + certfile = strdup (optarg); + break; + + case 'A': + cacertfile = strdup (optarg); + break; + + case 'H': + hostname = strdup (optarg); + break; + + case 's': + server = 1; + break; + + case 'i': + insecure = 1; + break; + + case 'n': + nofork++; + break; + + case 'd': + debug++; + break; + + case 'h': + usage (); + exit (0); + break; + + default: + usage (); + exit (1); + } + } + + if (optind != argc || !connectaddr || !listenaddr) + { + usage (); + exit (1); + } + + if (!certfile && keyfile) + certfile = strdup (keyfile); +} + +static void +handlesignal (int sig) +{ + switch (sig) + { + case SIGINT: + case SIGTERM: + rxsigquit++; + break; + default: + break; + } +} + +static void +setsignalmasks (void) +{ + struct sigaction sa; + /* Set up the structure to specify the new action. */ + memset (&sa, 0, sizeof (struct sigaction)); + sa.sa_handler = handlesignal; + sigemptyset (&sa.sa_mask); + sa.sa_flags = 0; + sigaction (SIGINT, &sa, NULL); + sigaction (SIGTERM, &sa, NULL); + + memset (&sa, 0, sizeof (struct sigaction)); + sa.sa_handler = SIG_IGN; + sa.sa_flags = SA_RESTART; + sigaction (SIGPIPE, &sa, NULL); +} + +int +main (int argc, char **argv) +{ + processoptions (argc, argv); + + setsignalmasks (); + + if (tlssession_init ()) + exit (1); + + runlistener (); + + free (connectaddr); + free (listenaddr); + free (keyfile); + free (certfile); + free (cacertfile); + free (hostname); + + exit (0); +} diff --git a/doc/examples/udp.c b/doc/examples/udp.c new file mode 100644 index 0000000..989ffcc --- /dev/null +++ b/doc/examples/udp.c @@ -0,0 +1,66 @@ +/* This example code is placed in the public domain. */ + +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include +#include +#include +#include + +/* udp.c */ +int udp_connect(void); +void udp_close(int sd); + +/* Connects to the peer and returns a socket + * descriptor. + */ +extern int udp_connect(void) +{ + const char *PORT = "5557"; + const char *SERVER = "127.0.0.1"; + int err, sd; +#if defined(IP_DONTFRAG) || defined(IP_MTU_DISCOVER) + int optval; +#endif + struct sockaddr_in sa; + + /* connects to server + */ + sd = socket(AF_INET, SOCK_DGRAM, 0); + + memset(&sa, '\0', sizeof(sa)); + sa.sin_family = AF_INET; + sa.sin_port = htons(atoi(PORT)); + inet_pton(AF_INET, SERVER, &sa.sin_addr); + +#if defined(IP_DONTFRAG) + optval = 1; + setsockopt(sd, IPPROTO_IP, IP_DONTFRAG, + (const void *) &optval, sizeof(optval)); +#elif defined(IP_MTU_DISCOVER) + optval = IP_PMTUDISC_DO; + setsockopt(sd, IPPROTO_IP, IP_MTU_DISCOVER, + (const void *) &optval, sizeof(optval)); +#endif + + err = connect(sd, (struct sockaddr *) &sa, sizeof(sa)); + if (err < 0) { + fprintf(stderr, "Connect error\n"); + exit(1); + } + + return sd; +} + +/* closes the given socket descriptor. + */ +extern void udp_close(int sd) +{ + close(sd); +} diff --git a/doc/examples/verify.c b/doc/examples/verify.c new file mode 100644 index 0000000..2b5fa7a --- /dev/null +++ b/doc/examples/verify.c @@ -0,0 +1,64 @@ +#ifdef HAVE_CONFIG_H +#include +#endif + +#include +#include +#include +#include +#include + +#include "examples.h" + +/* The example below demonstrates the usage of the more powerful + * gnutls_certificate_verify_peers() which can be used to check + * the hostname, as well as the key purpose OID of the peer's + * certificate. */ +int verify_certificate_callback(gnutls_session_t session) +{ + unsigned int status; + int ret, type; + const char *hostname; + gnutls_datum_t out; + gnutls_typed_vdata_st data[2]; + + /* read hostname */ + hostname = gnutls_session_get_ptr(session); + + /* This verification function uses the trusted CAs in the credentials + * structure. So you must have installed one or more CA certificates. + */ + data[0].type = GNUTLS_DT_DNS_HOSTNAME; + data[0].data = (void*)hostname; + data[0].size = 0; + + data[1].type = GNUTLS_DT_KEY_PURPOSE_OID; + data[1].data = (void*)GNUTLS_KP_TLS_WWW_SERVER; + data[1].size = 0; + ret = gnutls_certificate_verify_peers(session, data, 2, + &status); + if (ret < 0) { + printf("Error\n"); + return GNUTLS_E_CERTIFICATE_ERROR; + } + + type = gnutls_certificate_type_get(session); + + ret = + gnutls_certificate_verification_status_print(status, type, + &out, 0); + if (ret < 0) { + printf("Error\n"); + return GNUTLS_E_CERTIFICATE_ERROR; + } + + printf("%s", out.data); + + gnutls_free(out.data); + + if (status != 0) /* Certificate is not trusted */ + return GNUTLS_E_CERTIFICATE_ERROR; + + /* notify gnutls to continue handshake normally */ + return 0; +} diff --git a/doc/extract-guile-c-doc.scm b/doc/extract-guile-c-doc.scm new file mode 100644 index 0000000..3a310ab --- /dev/null +++ b/doc/extract-guile-c-doc.scm @@ -0,0 +1,69 @@ +;;; extract-c-doc.scm -- Output Texinfo from "snarffed" C files. +;;; +;;; Copyright 2006-2012 Free Software Foundation, Inc. +;;; +;;; +;;; This program is free software; you can redistribute it and/or modify +;;; it under the terms of the GNU General Public License as published by +;;; the Free Software Foundation; either version 3 of the License, or +;;; (at your option) any later version. +;;; +;;; This program is distributed in the hope that it will be useful, +;;; but WITHOUT ANY WARRANTY; without even the implied warranty of +;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +;;; GNU General Public License for more details. +;;; +;;; You should have received a copy of the GNU General Public License +;;; along with this program; if not, write to the Free Software +;;; Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA + +;;; Written by Ludovic Court�s . + +(use-modules (system documentation c-snarf) + (system documentation output) + + (srfi srfi-1)) + +(define (main file cpp+args cpp-flags . procs) + ;; Arguments: + ;; + ;; 1. C file to be processed; + ;; 2. how to invoke the CPP (e.g., "cpp -E"); + ;; 3. additional CPP flags (e.g., "-I /usr/local/include"); + ;; 4. optionally, a list of Scheme procedure names whose documentation is + ;; to be output. If no such list is passed, then documentation for + ;; all the Scheme functions available in the C source file is issued. + ;; + (let* ((cpp+args (string-tokenize cpp+args)) + (cpp (car cpp+args)) + (cpp-flags (append (cdr cpp+args) + (string-tokenize cpp-flags) + (list "-DSCM_MAGIC_SNARF_DOCS ")))) + ;;(format (current-error-port) "cpp-flags: ~a~%" cpp-flags) + (format (current-error-port) "extracting Texinfo doc from `~a'... " + file) + + ;; Don't mention the name of C functions. + (*document-c-functions?* #f) + + (let ((proc-doc-list + (run-cpp-and-extract-snarfing file cpp cpp-flags))) + (display "@c Automatically generated, do not edit.\n") + (display (string-concatenate + (map procedure-texi-documentation + (if (null? procs) + proc-doc-list + (filter (lambda (proc-doc) + (let ((proc-name + (assq-ref proc-doc + 'scheme-name))) + (member proc-name procs))) + proc-doc-list)))))) + (format (current-error-port) "done.~%") + (exit 0))) + + +;;; Local Variables: +;;; mode: scheme +;;; coding: latin-1 +;;; End: diff --git a/doc/fdl-1.3.texi b/doc/fdl-1.3.texi new file mode 100644 index 0000000..eaf3da0 --- /dev/null +++ b/doc/fdl-1.3.texi @@ -0,0 +1,505 @@ +@c The GNU Free Documentation License. +@center Version 1.3, 3 November 2008 + +@c This file is intended to be included within another document, +@c hence no sectioning command or @node. + +@display +Copyright @copyright{} 2000, 2001, 2002, 2007, 2008 Free Software Foundation, Inc. +@uref{https://fsf.org/} + +Everyone is permitted to copy and distribute verbatim copies +of this license document, but changing it is not allowed. +@end display + +@enumerate 0 +@item +PREAMBLE + +The purpose of this License is to make a manual, textbook, or other +functional and useful document @dfn{free} in the sense of freedom: to +assure everyone the effective freedom to copy and redistribute it, +with or without modifying it, either commercially or noncommercially. +Secondarily, this License preserves for the author and publisher a way +to get credit for their work, while not being considered responsible +for modifications made by others. + +This License is a kind of ``copyleft'', which means that derivative +works of the document must themselves be free in the same sense. It +complements the GNU General Public License, which is a copyleft +license designed for free software. + +We have designed this License in order to use it for manuals for free +software, because free software needs free documentation: a free +program should come with manuals providing the same freedoms that the +software does. But this License is not limited to software manuals; +it can be used for any textual work, regardless of subject matter or +whether it is published as a printed book. We recommend this License +principally for works whose purpose is instruction or reference. + +@item +APPLICABILITY AND DEFINITIONS + +This License applies to any manual or other work, in any medium, that +contains a notice placed by the copyright holder saying it can be +distributed under the terms of this License. Such a notice grants a +world-wide, royalty-free license, unlimited in duration, to use that +work under the conditions stated herein. The ``Document'', below, +refers to any such manual or work. Any member of the public is a +licensee, and is addressed as ``you''. You accept the license if you +copy, modify or distribute the work in a way requiring permission +under copyright law. + +A ``Modified Version'' of the Document means any work containing the +Document or a portion of it, either copied verbatim, or with +modifications and/or translated into another language. + +A ``Secondary Section'' is a named appendix or a front-matter section +of the Document that deals exclusively with the relationship of the +publishers or authors of the Document to the Document's overall +subject (or to related matters) and contains nothing that could fall +directly within that overall subject. (Thus, if the Document is in +part a textbook of mathematics, a Secondary Section may not explain +any mathematics.) The relationship could be a matter of historical +connection with the subject or with related matters, or of legal, +commercial, philosophical, ethical or political position regarding +them. + +The ``Invariant Sections'' are certain Secondary Sections whose titles +are designated, as being those of Invariant Sections, in the notice +that says that the Document is released under this License. If a +section does not fit the above definition of Secondary then it is not +allowed to be designated as Invariant. The Document may contain zero +Invariant Sections. If the Document does not identify any Invariant +Sections then there are none. + +The ``Cover Texts'' are certain short passages of text that are listed, +as Front-Cover Texts or Back-Cover Texts, in the notice that says that +the Document is released under this License. A Front-Cover Text may +be at most 5 words, and a Back-Cover Text may be at most 25 words. + +A ``Transparent'' copy of the Document means a machine-readable copy, +represented in a format whose specification is available to the +general public, that is suitable for revising the document +straightforwardly with generic text editors or (for images composed of +pixels) generic paint programs or (for drawings) some widely available +drawing editor, and that is suitable for input to text formatters or +for automatic translation to a variety of formats suitable for input +to text formatters. A copy made in an otherwise Transparent file +format whose markup, or absence of markup, has been arranged to thwart +or discourage subsequent modification by readers is not Transparent. +An image format is not Transparent if used for any substantial amount +of text. A copy that is not ``Transparent'' is called ``Opaque''. + +Examples of suitable formats for Transparent copies include plain +ASCII without markup, Texinfo input format, La@TeX{} input +format, SGML or XML using a publicly available +DTD, and standard-conforming simple HTML, +PostScript or PDF designed for human modification. Examples +of transparent image formats include PNG, XCF and +JPG@. Opaque formats include proprietary formats that can be +read and edited only by proprietary word processors, SGML or +XML for which the DTD and/or processing tools are +not generally available, and the machine-generated HTML, +PostScript or PDF produced by some word processors for +output purposes only. + +The ``Title Page'' means, for a printed book, the title page itself, +plus such following pages as are needed to hold, legibly, the material +this License requires to appear in the title page. For works in +formats which do not have any title page as such, ``Title Page'' means +the text near the most prominent appearance of the work's title, +preceding the beginning of the body of the text. + +The ``publisher'' means any person or entity that distributes copies +of the Document to the public. + +A section ``Entitled XYZ'' means a named subunit of the Document whose +title either is precisely XYZ or contains XYZ in parentheses following +text that translates XYZ in another language. (Here XYZ stands for a +specific section name mentioned below, such as ``Acknowledgements'', +``Dedications'', ``Endorsements'', or ``History''.) To ``Preserve the Title'' +of such a section when you modify the Document means that it remains a +section ``Entitled XYZ'' according to this definition. + +The Document may include Warranty Disclaimers next to the notice which +states that this License applies to the Document. These Warranty +Disclaimers are considered to be included by reference in this +License, but only as regards disclaiming warranties: any other +implication that these Warranty Disclaimers may have is void and has +no effect on the meaning of this License. + +@item +VERBATIM COPYING + +You may copy and distribute the Document in any medium, either +commercially or noncommercially, provided that this License, the +copyright notices, and the license notice saying this License applies +to the Document are reproduced in all copies, and that you add no other +conditions whatsoever to those of this License. You may not use +technical measures to obstruct or control the reading or further +copying of the copies you make or distribute. However, you may accept +compensation in exchange for copies. If you distribute a large enough +number of copies you must also follow the conditions in section 3. + +You may also lend copies, under the same conditions stated above, and +you may publicly display copies. + +@item +COPYING IN QUANTITY + +If you publish printed copies (or copies in media that commonly have +printed covers) of the Document, numbering more than 100, and the +Document's license notice requires Cover Texts, you must enclose the +copies in covers that carry, clearly and legibly, all these Cover +Texts: Front-Cover Texts on the front cover, and Back-Cover Texts on +the back cover. Both covers must also clearly and legibly identify +you as the publisher of these copies. The front cover must present +the full title with all words of the title equally prominent and +visible. You may add other material on the covers in addition. +Copying with changes limited to the covers, as long as they preserve +the title of the Document and satisfy these conditions, can be treated +as verbatim copying in other respects. + +If the required texts for either cover are too voluminous to fit +legibly, you should put the first ones listed (as many as fit +reasonably) on the actual cover, and continue the rest onto adjacent +pages. + +If you publish or distribute Opaque copies of the Document numbering +more than 100, you must either include a machine-readable Transparent +copy along with each Opaque copy, or state in or with each Opaque copy +a computer-network location from which the general network-using +public has access to download using public-standard network protocols +a complete Transparent copy of the Document, free of added material. +If you use the latter option, you must take reasonably prudent steps, +when you begin distribution of Opaque copies in quantity, to ensure +that this Transparent copy will remain thus accessible at the stated +location until at least one year after the last time you distribute an +Opaque copy (directly or through your agents or retailers) of that +edition to the public. + +It is requested, but not required, that you contact the authors of the +Document well before redistributing any large number of copies, to give +them a chance to provide you with an updated version of the Document. + +@item +MODIFICATIONS + +You may copy and distribute a Modified Version of the Document under +the conditions of sections 2 and 3 above, provided that you release +the Modified Version under precisely this License, with the Modified +Version filling the role of the Document, thus licensing distribution +and modification of the Modified Version to whoever possesses a copy +of it. In addition, you must do these things in the Modified Version: + +@enumerate A +@item +Use in the Title Page (and on the covers, if any) a title distinct +from that of the Document, and from those of previous versions +(which should, if there were any, be listed in the History section +of the Document). You may use the same title as a previous version +if the original publisher of that version gives permission. + +@item +List on the Title Page, as authors, one or more persons or entities +responsible for authorship of the modifications in the Modified +Version, together with at least five of the principal authors of the +Document (all of its principal authors, if it has fewer than five), +unless they release you from this requirement. + +@item +State on the Title page the name of the publisher of the +Modified Version, as the publisher. + +@item +Preserve all the copyright notices of the Document. + +@item +Add an appropriate copyright notice for your modifications +adjacent to the other copyright notices. + +@item +Include, immediately after the copyright notices, a license notice +giving the public permission to use the Modified Version under the +terms of this License, in the form shown in the Addendum below. + +@item +Preserve in that license notice the full lists of Invariant Sections +and required Cover Texts given in the Document's license notice. + +@item +Include an unaltered copy of this License. + +@item +Preserve the section Entitled ``History'', Preserve its Title, and add +to it an item stating at least the title, year, new authors, and +publisher of the Modified Version as given on the Title Page. If +there is no section Entitled ``History'' in the Document, create one +stating the title, year, authors, and publisher of the Document as +given on its Title Page, then add an item describing the Modified +Version as stated in the previous sentence. + +@item +Preserve the network location, if any, given in the Document for +public access to a Transparent copy of the Document, and likewise +the network locations given in the Document for previous versions +it was based on. These may be placed in the ``History'' section. +You may omit a network location for a work that was published at +least four years before the Document itself, or if the original +publisher of the version it refers to gives permission. + +@item +For any section Entitled ``Acknowledgements'' or ``Dedications'', Preserve +the Title of the section, and preserve in the section all the +substance and tone of each of the contributor acknowledgements and/or +dedications given therein. + +@item +Preserve all the Invariant Sections of the Document, +unaltered in their text and in their titles. Section numbers +or the equivalent are not considered part of the section titles. + +@item +Delete any section Entitled ``Endorsements''. Such a section +may not be included in the Modified Version. + +@item +Do not retitle any existing section to be Entitled ``Endorsements'' or +to conflict in title with any Invariant Section. + +@item +Preserve any Warranty Disclaimers. +@end enumerate + +If the Modified Version includes new front-matter sections or +appendices that qualify as Secondary Sections and contain no material +copied from the Document, you may at your option designate some or all +of these sections as invariant. To do this, add their titles to the +list of Invariant Sections in the Modified Version's license notice. +These titles must be distinct from any other section titles. + +You may add a section Entitled ``Endorsements'', provided it contains +nothing but endorsements of your Modified Version by various +parties---for example, statements of peer review or that the text has +been approved by an organization as the authoritative definition of a +standard. + +You may add a passage of up to five words as a Front-Cover Text, and a +passage of up to 25 words as a Back-Cover Text, to the end of the list +of Cover Texts in the Modified Version. Only one passage of +Front-Cover Text and one of Back-Cover Text may be added by (or +through arrangements made by) any one entity. If the Document already +includes a cover text for the same cover, previously added by you or +by arrangement made by the same entity you are acting on behalf of, +you may not add another; but you may replace the old one, on explicit +permission from the previous publisher that added the old one. + +The author(s) and publisher(s) of the Document do not by this License +give permission to use their names for publicity for or to assert or +imply endorsement of any Modified Version. + +@item +COMBINING DOCUMENTS + +You may combine the Document with other documents released under this +License, under the terms defined in section 4 above for modified +versions, provided that you include in the combination all of the +Invariant Sections of all of the original documents, unmodified, and +list them all as Invariant Sections of your combined work in its +license notice, and that you preserve all their Warranty Disclaimers. + +The combined work need only contain one copy of this License, and +multiple identical Invariant Sections may be replaced with a single +copy. If there are multiple Invariant Sections with the same name but +different contents, make the title of each such section unique by +adding at the end of it, in parentheses, the name of the original +author or publisher of that section if known, or else a unique number. +Make the same adjustment to the section titles in the list of +Invariant Sections in the license notice of the combined work. + +In the combination, you must combine any sections Entitled ``History'' +in the various original documents, forming one section Entitled +``History''; likewise combine any sections Entitled ``Acknowledgements'', +and any sections Entitled ``Dedications''. You must delete all +sections Entitled ``Endorsements.'' + +@item +COLLECTIONS OF DOCUMENTS + +You may make a collection consisting of the Document and other documents +released under this License, and replace the individual copies of this +License in the various documents with a single copy that is included in +the collection, provided that you follow the rules of this License for +verbatim copying of each of the documents in all other respects. + +You may extract a single document from such a collection, and distribute +it individually under this License, provided you insert a copy of this +License into the extracted document, and follow this License in all +other respects regarding verbatim copying of that document. + +@item +AGGREGATION WITH INDEPENDENT WORKS + +A compilation of the Document or its derivatives with other separate +and independent documents or works, in or on a volume of a storage or +distribution medium, is called an ``aggregate'' if the copyright +resulting from the compilation is not used to limit the legal rights +of the compilation's users beyond what the individual works permit. +When the Document is included in an aggregate, this License does not +apply to the other works in the aggregate which are not themselves +derivative works of the Document. + +If the Cover Text requirement of section 3 is applicable to these +copies of the Document, then if the Document is less than one half of +the entire aggregate, the Document's Cover Texts may be placed on +covers that bracket the Document within the aggregate, or the +electronic equivalent of covers if the Document is in electronic form. +Otherwise they must appear on printed covers that bracket the whole +aggregate. + +@item +TRANSLATION + +Translation is considered a kind of modification, so you may +distribute translations of the Document under the terms of section 4. +Replacing Invariant Sections with translations requires special +permission from their copyright holders, but you may include +translations of some or all Invariant Sections in addition to the +original versions of these Invariant Sections. You may include a +translation of this License, and all the license notices in the +Document, and any Warranty Disclaimers, provided that you also include +the original English version of this License and the original versions +of those notices and disclaimers. In case of a disagreement between +the translation and the original version of this License or a notice +or disclaimer, the original version will prevail. + +If a section in the Document is Entitled ``Acknowledgements'', +``Dedications'', or ``History'', the requirement (section 4) to Preserve +its Title (section 1) will typically require changing the actual +title. + +@item +TERMINATION + +You may not copy, modify, sublicense, or distribute the Document +except as expressly provided under this License. Any attempt +otherwise to copy, modify, sublicense, or distribute it is void, and +will automatically terminate your rights under this License. + +However, if you cease all violation of this License, then your license +from a particular copyright holder is reinstated (a) provisionally, +unless and until the copyright holder explicitly and finally +terminates your license, and (b) permanently, if the copyright holder +fails to notify you of the violation by some reasonable means prior to +60 days after the cessation. + +Moreover, your license from a particular copyright holder is +reinstated permanently if the copyright holder notifies you of the +violation by some reasonable means, this is the first time you have +received notice of violation of this License (for any work) from that +copyright holder, and you cure the violation prior to 30 days after +your receipt of the notice. + +Termination of your rights under this section does not terminate the +licenses of parties who have received copies or rights from you under +this License. If your rights have been terminated and not permanently +reinstated, receipt of a copy of some or all of the same material does +not give you any rights to use it. + +@item +FUTURE REVISIONS OF THIS LICENSE + +The Free Software Foundation may publish new, revised versions +of the GNU Free Documentation License from time to time. Such new +versions will be similar in spirit to the present version, but may +differ in detail to address new problems or concerns. See +@uref{https://www.gnu.org/licenses/}. + +Each version of the License is given a distinguishing version number. +If the Document specifies that a particular numbered version of this +License ``or any later version'' applies to it, you have the option of +following the terms and conditions either of that specified version or +of any later version that has been published (not as a draft) by the +Free Software Foundation. If the Document does not specify a version +number of this License, you may choose any version ever published (not +as a draft) by the Free Software Foundation. If the Document +specifies that a proxy can decide which future versions of this +License can be used, that proxy's public statement of acceptance of a +version permanently authorizes you to choose that version for the +Document. + +@item +RELICENSING + +``Massive Multiauthor Collaboration Site'' (or ``MMC Site'') means any +World Wide Web server that publishes copyrightable works and also +provides prominent facilities for anybody to edit those works. A +public wiki that anybody can edit is an example of such a server. A +``Massive Multiauthor Collaboration'' (or ``MMC'') contained in the +site means any set of copyrightable works thus published on the MMC +site. + +``CC-BY-SA'' means the Creative Commons Attribution-Share Alike 3.0 +license published by Creative Commons Corporation, a not-for-profit +corporation with a principal place of business in San Francisco, +California, as well as future copyleft versions of that license +published by that same organization. + +``Incorporate'' means to publish or republish a Document, in whole or +in part, as part of another Document. + +An MMC is ``eligible for relicensing'' if it is licensed under this +License, and if all works that were first published under this License +somewhere other than this MMC, and subsequently incorporated in whole +or in part into the MMC, (1) had no cover texts or invariant sections, +and (2) were thus incorporated prior to November 1, 2008. + +The operator of an MMC Site may republish an MMC contained in the site +under CC-BY-SA on the same site at any time before August 1, 2009, +provided the MMC is eligible for relicensing. + +@end enumerate + +@page +@heading ADDENDUM: How to use this License for your documents + +To use this License in a document you have written, include a copy of +the License in the document and put the following copyright and +license notices just after the title page: + +@smallexample +@group + Copyright (C) @var{year} @var{your name}. + Permission is granted to copy, distribute and/or modify this document + under the terms of the GNU Free Documentation License, Version 1.3 + or any later version published by the Free Software Foundation; + with no Invariant Sections, no Front-Cover Texts, and no Back-Cover + Texts. A copy of the license is included in the section entitled ``GNU + Free Documentation License''. +@end group +@end smallexample + +If you have Invariant Sections, Front-Cover Texts and Back-Cover Texts, +replace the ``with@dots{}Texts.''@: line with this: + +@smallexample +@group + with the Invariant Sections being @var{list their titles}, with + the Front-Cover Texts being @var{list}, and with the Back-Cover Texts + being @var{list}. +@end group +@end smallexample + +If you have Invariant Sections without Cover Texts, or some other +combination of the three, merge those two alternatives to suit the +situation. + +If your document contains nontrivial examples of program code, we +recommend releasing these examples in parallel under your choice of +free software license, such as the GNU General Public License, +to permit their use in free software. + +@c Local Variables: +@c ispell-local-pdict: "ispell-dict" +@c End: diff --git a/doc/functions/dane_cert_type_name b/doc/functions/dane_cert_type_name new file mode 100644 index 0000000..4d2f1d6 --- /dev/null +++ b/doc/functions/dane_cert_type_name @@ -0,0 +1,11 @@ + + + +@deftypefun {const char *} {dane_cert_type_name} (dane_cert_type_t @var{type}) +@var{type}: is a DANE match type + +Convert a @code{dane_cert_type_t} value to a string. + +@strong{Returns:} a string that contains the name of the specified +type, or @code{NULL} . +@end deftypefun diff --git a/doc/functions/dane_cert_type_name.short b/doc/functions/dane_cert_type_name.short new file mode 100644 index 0000000..6efa1a1 --- /dev/null +++ b/doc/functions/dane_cert_type_name.short @@ -0,0 +1 @@ +@item @var{const char *} @ref{dane_cert_type_name} (dane_cert_type_t @var{type}) diff --git a/doc/functions/dane_cert_usage_name b/doc/functions/dane_cert_usage_name new file mode 100644 index 0000000..c10f464 --- /dev/null +++ b/doc/functions/dane_cert_usage_name @@ -0,0 +1,12 @@ + + + + +@deftypefun {const char *} {dane_cert_usage_name} (dane_cert_usage_t @var{usage}) +@var{usage}: is a DANE certificate usage + +Convert a @code{dane_cert_usage_t} value to a string. + +@strong{Returns:} a string that contains the name of the specified +type, or @code{NULL} . +@end deftypefun diff --git a/doc/functions/dane_cert_usage_name.short b/doc/functions/dane_cert_usage_name.short new file mode 100644 index 0000000..e80ecaf --- /dev/null +++ b/doc/functions/dane_cert_usage_name.short @@ -0,0 +1 @@ +@item @var{const char *} @ref{dane_cert_usage_name} (dane_cert_usage_t @var{usage}) diff --git a/doc/functions/dane_match_type_name b/doc/functions/dane_match_type_name new file mode 100644 index 0000000..fea04a1 --- /dev/null +++ b/doc/functions/dane_match_type_name @@ -0,0 +1,12 @@ + + + + +@deftypefun {const char *} {dane_match_type_name} (dane_match_type_t @var{type}) +@var{type}: is a DANE match type + +Convert a @code{dane_match_type_t} value to a string. + +@strong{Returns:} a string that contains the name of the specified +type, or @code{NULL} . +@end deftypefun diff --git a/doc/functions/dane_match_type_name.short b/doc/functions/dane_match_type_name.short new file mode 100644 index 0000000..05170a3 --- /dev/null +++ b/doc/functions/dane_match_type_name.short @@ -0,0 +1 @@ +@item @var{const char *} @ref{dane_match_type_name} (dane_match_type_t @var{type}) diff --git a/doc/functions/dane_query_data b/doc/functions/dane_query_data new file mode 100644 index 0000000..9ecbaaf --- /dev/null +++ b/doc/functions/dane_query_data @@ -0,0 +1,23 @@ + + + + +@deftypefun {int} {dane_query_data} (dane_query_t @var{q}, unsigned int @var{idx}, unsigned int * @var{usage}, unsigned int * @var{type}, unsigned int * @var{match}, gnutls_datum_t * @var{data}) +@var{q}: The query result structure + +@var{idx}: The index of the query response. + +@var{usage}: The certificate usage (see @code{dane_cert_usage_t} ) + +@var{type}: The certificate type (see @code{dane_cert_type_t} ) + +@var{match}: The DANE matching type (see @code{dane_match_type_t} ) + +@var{data}: The DANE data. + +This function will provide the DANE data from the query +response. + +@strong{Returns:} On success, @code{DANE_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/dane_query_data.short b/doc/functions/dane_query_data.short new file mode 100644 index 0000000..336cda4 --- /dev/null +++ b/doc/functions/dane_query_data.short @@ -0,0 +1 @@ +@item @var{int} @ref{dane_query_data} (dane_query_t @var{q}, unsigned int @var{idx}, unsigned int * @var{usage}, unsigned int * @var{type}, unsigned int * @var{match}, gnutls_datum_t * @var{data}) diff --git a/doc/functions/dane_query_deinit b/doc/functions/dane_query_deinit new file mode 100644 index 0000000..ae4cbf8 --- /dev/null +++ b/doc/functions/dane_query_deinit @@ -0,0 +1,9 @@ + + + + +@deftypefun {void} {dane_query_deinit} (dane_query_t @var{q}) +@var{q}: The structure to be deinitialized + +This function will deinitialize a DANE query result structure. +@end deftypefun diff --git a/doc/functions/dane_query_deinit.short b/doc/functions/dane_query_deinit.short new file mode 100644 index 0000000..944bb72 --- /dev/null +++ b/doc/functions/dane_query_deinit.short @@ -0,0 +1 @@ +@item @var{void} @ref{dane_query_deinit} (dane_query_t @var{q}) diff --git a/doc/functions/dane_query_entries b/doc/functions/dane_query_entries new file mode 100644 index 0000000..3129cda --- /dev/null +++ b/doc/functions/dane_query_entries @@ -0,0 +1,11 @@ + + + + +@deftypefun {unsigned int} {dane_query_entries} (dane_query_t @var{q}) +@var{q}: The query result structure + +This function will return the number of entries in a query. + +@strong{Returns:} The number of entries. +@end deftypefun diff --git a/doc/functions/dane_query_entries.short b/doc/functions/dane_query_entries.short new file mode 100644 index 0000000..b777053 --- /dev/null +++ b/doc/functions/dane_query_entries.short @@ -0,0 +1 @@ +@item @var{unsigned int} @ref{dane_query_entries} (dane_query_t @var{q}) diff --git a/doc/functions/dane_query_status b/doc/functions/dane_query_status new file mode 100644 index 0000000..5a0dcc0 --- /dev/null +++ b/doc/functions/dane_query_status @@ -0,0 +1,12 @@ + + + + +@deftypefun {dane_query_status_t} {dane_query_status} (dane_query_t @var{q}) +@var{q}: The query result structure + +This function will return the status of the query response. +See @code{dane_query_status_t} for the possible types. + +@strong{Returns:} The status type. +@end deftypefun diff --git a/doc/functions/dane_query_status.short b/doc/functions/dane_query_status.short new file mode 100644 index 0000000..fa9b8c2 --- /dev/null +++ b/doc/functions/dane_query_status.short @@ -0,0 +1 @@ +@item @var{dane_query_status_t} @ref{dane_query_status} (dane_query_t @var{q}) diff --git a/doc/functions/dane_query_tlsa b/doc/functions/dane_query_tlsa new file mode 100644 index 0000000..f3626c7 --- /dev/null +++ b/doc/functions/dane_query_tlsa @@ -0,0 +1,21 @@ + + + + +@deftypefun {int} {dane_query_tlsa} (dane_state_t @var{s}, dane_query_t * @var{r}, const char * @var{host}, const char * @var{proto}, unsigned int @var{port}) +@var{s}: The DANE state structure + +@var{r}: A structure to place the result + +@var{host}: The host name to resolve. + +@var{proto}: The protocol type (tcp, udp, etc.) + +@var{port}: The service port number (eg. 443). + +This function will query the DNS server for the TLSA (DANE) +data for the given host. + +@strong{Returns:} On success, @code{DANE_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/dane_query_tlsa.short b/doc/functions/dane_query_tlsa.short new file mode 100644 index 0000000..81eb633 --- /dev/null +++ b/doc/functions/dane_query_tlsa.short @@ -0,0 +1 @@ +@item @var{int} @ref{dane_query_tlsa} (dane_state_t @var{s}, dane_query_t * @var{r}, const char * @var{host}, const char * @var{proto}, unsigned int @var{port}) diff --git a/doc/functions/dane_query_to_raw_tlsa b/doc/functions/dane_query_to_raw_tlsa new file mode 100644 index 0000000..24605a6 --- /dev/null +++ b/doc/functions/dane_query_to_raw_tlsa @@ -0,0 +1,31 @@ + + + + +@deftypefun {int} {dane_query_to_raw_tlsa} (dane_query_t @var{q}, unsigned int * @var{data_entries}, char *** @var{dane_data}, int ** @var{dane_data_len}, int * @var{secure}, int * @var{bogus}) +@var{q}: The query result structure + +@var{data_entries}: Pointer set to the number of entries in the query + +@var{dane_data}: Pointer to contain an array of DNS rdata items, terminated with a NULL pointer; +caller must guarantee that the referenced data remains +valid until @code{dane_query_deinit()} is called. + +@var{dane_data_len}: Pointer to contain the length n bytes of the dane_data items + +@var{secure}: Pointer set true if the result is validated securely, false if +validation failed or the domain queried has no security info + +@var{bogus}: Pointer set true if the result was not secure due to a security failure + +This function will provide the DANE data from the query +response. + +The pointers dane_data and dane_data_len are allocated with @code{gnutls_malloc()} +to contain the data from the query result structure (individual + @code{dane_data} items simply point to the original data and are not allocated separately). +The returned @code{dane_data} are only valid during the lifetime of @code{q} . + +@strong{Returns:} On success, @code{DANE_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/dane_query_to_raw_tlsa.short b/doc/functions/dane_query_to_raw_tlsa.short new file mode 100644 index 0000000..88f7c08 --- /dev/null +++ b/doc/functions/dane_query_to_raw_tlsa.short @@ -0,0 +1 @@ +@item @var{int} @ref{dane_query_to_raw_tlsa} (dane_query_t @var{q}, unsigned int * @var{data_entries}, char *** @var{dane_data}, int ** @var{dane_data_len}, int * @var{secure}, int * @var{bogus}) diff --git a/doc/functions/dane_raw_tlsa b/doc/functions/dane_raw_tlsa new file mode 100644 index 0000000..20dfb32 --- /dev/null +++ b/doc/functions/dane_raw_tlsa @@ -0,0 +1,28 @@ + + + + +@deftypefun {int} {dane_raw_tlsa} (dane_state_t @var{s}, dane_query_t * @var{r}, char *const * @var{dane_data}, const int * @var{dane_data_len}, int @var{secure}, int @var{bogus}) +@var{s}: The DANE state structure + +@var{r}: A structure to place the result + +@var{dane_data}: array of DNS rdata items, terminated with a NULL pointer; +caller must guarantee that the referenced data remains +valid until @code{dane_query_deinit()} is called. + +@var{dane_data_len}: the length n bytes of the dane_data items + +@var{secure}: true if the result is validated securely, false if +validation failed or the domain queried has no security info + +@var{bogus}: if the result was not secure (secure = 0) due to a security failure, +and the result is due to a security failure, bogus is true. + +This function will fill in the TLSA (DANE) structure from +the given raw DNS record data. The @code{dane_data} must be valid +during the lifetime of the query. + +@strong{Returns:} On success, @code{DANE_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/dane_raw_tlsa.short b/doc/functions/dane_raw_tlsa.short new file mode 100644 index 0000000..c613df0 --- /dev/null +++ b/doc/functions/dane_raw_tlsa.short @@ -0,0 +1 @@ +@item @var{int} @ref{dane_raw_tlsa} (dane_state_t @var{s}, dane_query_t * @var{r}, char *const * @var{dane_data}, const int * @var{dane_data_len}, int @var{secure}, int @var{bogus}) diff --git a/doc/functions/dane_state_deinit b/doc/functions/dane_state_deinit new file mode 100644 index 0000000..eb0ec6d --- /dev/null +++ b/doc/functions/dane_state_deinit @@ -0,0 +1,9 @@ + + + + +@deftypefun {void} {dane_state_deinit} (dane_state_t @var{s}) +@var{s}: The structure to be deinitialized + +This function will deinitialize a DANE query structure. +@end deftypefun diff --git a/doc/functions/dane_state_deinit.short b/doc/functions/dane_state_deinit.short new file mode 100644 index 0000000..670827b --- /dev/null +++ b/doc/functions/dane_state_deinit.short @@ -0,0 +1 @@ +@item @var{void} @ref{dane_state_deinit} (dane_state_t @var{s}) diff --git a/doc/functions/dane_state_init b/doc/functions/dane_state_init new file mode 100644 index 0000000..67f1f0e --- /dev/null +++ b/doc/functions/dane_state_init @@ -0,0 +1,16 @@ + + + + +@deftypefun {int} {dane_state_init} (dane_state_t * @var{s}, unsigned int @var{flags}) +@var{s}: The structure to be initialized + +@var{flags}: flags from the @code{dane_state_flags} enumeration + +This function will initialize the backend resolver. It is +intended to be used in scenarios where multiple resolvings +occur, to optimize against multiple re-initializations. + +@strong{Returns:} On success, @code{DANE_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/dane_state_init.short b/doc/functions/dane_state_init.short new file mode 100644 index 0000000..78acee1 --- /dev/null +++ b/doc/functions/dane_state_init.short @@ -0,0 +1 @@ +@item @var{int} @ref{dane_state_init} (dane_state_t * @var{s}, unsigned int @var{flags}) diff --git a/doc/functions/dane_state_set_dlv_file b/doc/functions/dane_state_set_dlv_file new file mode 100644 index 0000000..a0d33e7 --- /dev/null +++ b/doc/functions/dane_state_set_dlv_file @@ -0,0 +1,12 @@ + + + + +@deftypefun {int} {dane_state_set_dlv_file} (dane_state_t @var{s}, const char * @var{file}) +@var{s}: The structure to be deinitialized + +@var{file}: The file holding the DLV keys. + +This function will set a file with trusted keys +for DLV (DNSSEC Lookaside Validation). +@end deftypefun diff --git a/doc/functions/dane_state_set_dlv_file.short b/doc/functions/dane_state_set_dlv_file.short new file mode 100644 index 0000000..a6a04f9 --- /dev/null +++ b/doc/functions/dane_state_set_dlv_file.short @@ -0,0 +1 @@ +@item @var{int} @ref{dane_state_set_dlv_file} (dane_state_t @var{s}, const char * @var{file}) diff --git a/doc/functions/dane_strerror b/doc/functions/dane_strerror new file mode 100644 index 0000000..535febc --- /dev/null +++ b/doc/functions/dane_strerror @@ -0,0 +1,15 @@ + + + + +@deftypefun {const char *} {dane_strerror} (int @var{error}) +@var{error}: is a DANE error code, a negative error code + +This function is similar to strerror. The difference is that it +accepts an error number returned by a gnutls function; In case of +an unknown error a descriptive string is sent instead of @code{NULL} . + +Error codes are always a negative error code. + +@strong{Returns:} A string explaining the DANE error message. +@end deftypefun diff --git a/doc/functions/dane_strerror.short b/doc/functions/dane_strerror.short new file mode 100644 index 0000000..b737005 --- /dev/null +++ b/doc/functions/dane_strerror.short @@ -0,0 +1 @@ +@item @var{const char *} @ref{dane_strerror} (int @var{error}) diff --git a/doc/functions/dane_verification_status_print b/doc/functions/dane_verification_status_print new file mode 100644 index 0000000..659f01d --- /dev/null +++ b/doc/functions/dane_verification_status_print @@ -0,0 +1,19 @@ + + + + +@deftypefun {int} {dane_verification_status_print} (unsigned int @var{status}, gnutls_datum_t * @var{out}, unsigned int @var{flags}) +@var{status}: The status flags to be printed + +@var{out}: Newly allocated datum with (0) terminated string. + +@var{flags}: should be zero + +This function will pretty print the status of a verification +process -- eg. the one obtained by @code{dane_verify_crt()} . + +The output @code{out} needs to be deallocated using @code{gnutls_free()} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/dane_verification_status_print.short b/doc/functions/dane_verification_status_print.short new file mode 100644 index 0000000..9b55db9 --- /dev/null +++ b/doc/functions/dane_verification_status_print.short @@ -0,0 +1 @@ +@item @var{int} @ref{dane_verification_status_print} (unsigned int @var{status}, gnutls_datum_t * @var{out}, unsigned int @var{flags}) diff --git a/doc/functions/dane_verify_crt b/doc/functions/dane_verify_crt new file mode 100644 index 0000000..bb0d91c --- /dev/null +++ b/doc/functions/dane_verify_crt @@ -0,0 +1,48 @@ + + + + +@deftypefun {int} {dane_verify_crt} (dane_state_t @var{s}, const gnutls_datum_t * @var{chain}, unsigned @var{chain_size}, gnutls_certificate_type_t @var{chain_type}, const char * @var{hostname}, const char * @var{proto}, unsigned int @var{port}, unsigned int @var{sflags}, unsigned int @var{vflags}, unsigned int * @var{verify}) +@var{s}: A DANE state structure (may be NULL) + +@var{chain}: A certificate chain + +@var{chain_size}: The size of the chain + +@var{chain_type}: The type of the certificate chain + +@var{hostname}: The hostname associated with the chain + +@var{proto}: The protocol of the service connecting (e.g. tcp) + +@var{port}: The port of the service connecting (e.g. 443) + +@var{sflags}: Flags for the initialization of @code{s} (if NULL) + +@var{vflags}: Verification flags; an OR'ed list of @code{dane_verify_flags_t} . + +@var{verify}: An OR'ed list of @code{dane_verify_status_t} . + +This function will verify the given certificate chain against the +CA constrains and/or the certificate available via DANE. +If no information via DANE can be obtained the flag @code{DANE_VERIFY_NO_DANE_INFO} +is set. If a DNSSEC signature is not available for the DANE +record then the verify flag @code{DANE_VERIFY_NO_DNSSEC_DATA} is set. + +Due to the many possible options of DANE, there is no single threat +model countered. When notifying the user about DANE verification results +it may be better to mention: DANE verification did not reject the certificate, +rather than mentioning a successful DANE verication. + +Note that this function is designed to be run in addition to +PKIX - certificate chain - verification. To be run independently +the @code{DANE_VFLAG_ONLY_CHECK_EE_USAGE} flag should be specified; +then the function will check whether the key of the peer matches the +key advertized in the DANE entry. + +@strong{Returns:} a negative error code on error and @code{DANE_E_SUCCESS} (0) +when the DANE entries were successfully parsed, irrespective of +whether they were verified (see @code{verify} for that information). If +no usable entries were encountered @code{DANE_E_REQUESTED_DATA_NOT_AVAILABLE} +will be returned. +@end deftypefun diff --git a/doc/functions/dane_verify_crt.short b/doc/functions/dane_verify_crt.short new file mode 100644 index 0000000..773e378 --- /dev/null +++ b/doc/functions/dane_verify_crt.short @@ -0,0 +1 @@ +@item @var{int} @ref{dane_verify_crt} (dane_state_t @var{s}, const gnutls_datum_t * @var{chain}, unsigned @var{chain_size}, gnutls_certificate_type_t @var{chain_type}, const char * @var{hostname}, const char * @var{proto}, unsigned int @var{port}, unsigned int @var{sflags}, unsigned int @var{vflags}, unsigned int * @var{verify}) diff --git a/doc/functions/dane_verify_crt_raw b/doc/functions/dane_verify_crt_raw new file mode 100644 index 0000000..c466764 --- /dev/null +++ b/doc/functions/dane_verify_crt_raw @@ -0,0 +1,33 @@ + + + + +@deftypefun {int} {dane_verify_crt_raw} (dane_state_t @var{s}, const gnutls_datum_t * @var{chain}, unsigned @var{chain_size}, gnutls_certificate_type_t @var{chain_type}, dane_query_t @var{r}, unsigned int @var{sflags}, unsigned int @var{vflags}, unsigned int * @var{verify}) +@var{s}: A DANE state structure (may be NULL) + +@var{chain}: A certificate chain + +@var{chain_size}: The size of the chain + +@var{chain_type}: The type of the certificate chain + +@var{r}: DANE data to check against + +@var{sflags}: Flags for the initialization of @code{s} (if NULL) + +@var{vflags}: Verification flags; an OR'ed list of @code{dane_verify_flags_t} . + +@var{verify}: An OR'ed list of @code{dane_verify_status_t} . + +This is the low-level function of @code{dane_verify_crt()} . See the +high level function for documentation. + +This function does not perform any resolving, it utilizes +cached entries from @code{r} . + +@strong{Returns:} a negative error code on error and @code{DANE_E_SUCCESS} (0) +when the DANE entries were successfully parsed, irrespective of +whether they were verified (see @code{verify} for that information). If +no usable entries were encountered @code{DANE_E_REQUESTED_DATA_NOT_AVAILABLE} +will be returned. +@end deftypefun diff --git a/doc/functions/dane_verify_crt_raw.short b/doc/functions/dane_verify_crt_raw.short new file mode 100644 index 0000000..d35abb3 --- /dev/null +++ b/doc/functions/dane_verify_crt_raw.short @@ -0,0 +1 @@ +@item @var{int} @ref{dane_verify_crt_raw} (dane_state_t @var{s}, const gnutls_datum_t * @var{chain}, unsigned @var{chain_size}, gnutls_certificate_type_t @var{chain_type}, dane_query_t @var{r}, unsigned int @var{sflags}, unsigned int @var{vflags}, unsigned int * @var{verify}) diff --git a/doc/functions/dane_verify_session_crt b/doc/functions/dane_verify_session_crt new file mode 100644 index 0000000..5e4deb3 --- /dev/null +++ b/doc/functions/dane_verify_session_crt @@ -0,0 +1,35 @@ + + + + +@deftypefun {int} {dane_verify_session_crt} (dane_state_t @var{s}, gnutls_session_t @var{session}, const char * @var{hostname}, const char * @var{proto}, unsigned int @var{port}, unsigned int @var{sflags}, unsigned int @var{vflags}, unsigned int * @var{verify}) +@var{s}: A DANE state structure (may be NULL) + +@var{session}: A gnutls session + +@var{hostname}: The hostname associated with the chain + +@var{proto}: The protocol of the service connecting (e.g. tcp) + +@var{port}: The port of the service connecting (e.g. 443) + +@var{sflags}: Flags for the initialization of @code{s} (if NULL) + +@var{vflags}: Verification flags; an OR'ed list of @code{dane_verify_flags_t} . + +@var{verify}: An OR'ed list of @code{dane_verify_status_t} . + +This function will verify session's certificate chain against the +CA constrains and/or the certificate available via DANE. +See @code{dane_verify_crt()} for more information. + +This will not verify the chain for validity; unless the DANE +verification is restricted to end certificates, this must be +be performed separately using @code{gnutls_certificate_verify_peers3()} . + +@strong{Returns:} a negative error code on error and @code{DANE_E_SUCCESS} (0) +when the DANE entries were successfully parsed, irrespective of +whether they were verified (see @code{verify} for that information). If +no usable entries were encountered @code{DANE_E_REQUESTED_DATA_NOT_AVAILABLE} +will be returned. +@end deftypefun diff --git a/doc/functions/dane_verify_session_crt.short b/doc/functions/dane_verify_session_crt.short new file mode 100644 index 0000000..d4617f8 --- /dev/null +++ b/doc/functions/dane_verify_session_crt.short @@ -0,0 +1 @@ +@item @var{int} @ref{dane_verify_session_crt} (dane_state_t @var{s}, gnutls_session_t @var{session}, const char * @var{hostname}, const char * @var{proto}, unsigned int @var{port}, unsigned int @var{sflags}, unsigned int @var{vflags}, unsigned int * @var{verify}) diff --git a/doc/functions/gnutls_aead_cipher_decrypt b/doc/functions/gnutls_aead_cipher_decrypt new file mode 100644 index 0000000..14bdccc --- /dev/null +++ b/doc/functions/gnutls_aead_cipher_decrypt @@ -0,0 +1,35 @@ + + + +@deftypefun {int} {gnutls_aead_cipher_decrypt} (gnutls_aead_cipher_hd_t @var{handle}, const void * @var{nonce}, size_t @var{nonce_len}, const void * @var{auth}, size_t @var{auth_len}, size_t @var{tag_size}, const void * @var{ctext}, size_t @var{ctext_len}, void * @var{ptext}, size_t * @var{ptext_len}) +@var{handle}: is a @code{gnutls_aead_cipher_hd_t} type. + +@var{nonce}: the nonce to set + +@var{nonce_len}: The length of the nonce + +@var{auth}: additional data to be authenticated + +@var{auth_len}: The length of the data + +@var{tag_size}: The size of the tag to use (use zero for the default) + +@var{ctext}: the data to decrypt (including the authentication tag) + +@var{ctext_len}: the length of data to decrypt (includes tag size) + +@var{ptext}: the decrypted data + +@var{ptext_len}: the length of decrypted data (initially must hold the maximum available size) + +This function will decrypt the given data using the algorithm +specified by the context. This function must be provided the complete +data to be decrypted, including the authentication tag. On several +AEAD ciphers, the authentication tag is appended to the ciphertext, +though this is not a general rule. This function will fail if +the tag verification fails. + +@strong{Returns:} Zero or a negative error code on verification failure or other error. + +@strong{Since:} 3.4.0 +@end deftypefun diff --git a/doc/functions/gnutls_aead_cipher_decrypt.short b/doc/functions/gnutls_aead_cipher_decrypt.short new file mode 100644 index 0000000..88dda69 --- /dev/null +++ b/doc/functions/gnutls_aead_cipher_decrypt.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_aead_cipher_decrypt} (gnutls_aead_cipher_hd_t @var{handle}, const void * @var{nonce}, size_t @var{nonce_len}, const void * @var{auth}, size_t @var{auth_len}, size_t @var{tag_size}, const void * @var{ctext}, size_t @var{ctext_len}, void * @var{ptext}, size_t * @var{ptext_len}) diff --git a/doc/functions/gnutls_aead_cipher_deinit b/doc/functions/gnutls_aead_cipher_deinit new file mode 100644 index 0000000..97a4df8 --- /dev/null +++ b/doc/functions/gnutls_aead_cipher_deinit @@ -0,0 +1,12 @@ + + + + +@deftypefun {void} {gnutls_aead_cipher_deinit} (gnutls_aead_cipher_hd_t @var{handle}) +@var{handle}: is a @code{gnutls_aead_cipher_hd_t} type. + +This function will deinitialize all resources occupied by the given +authenticated-encryption context. + +@strong{Since:} 3.4.0 +@end deftypefun diff --git a/doc/functions/gnutls_aead_cipher_deinit.short b/doc/functions/gnutls_aead_cipher_deinit.short new file mode 100644 index 0000000..7fd051f --- /dev/null +++ b/doc/functions/gnutls_aead_cipher_deinit.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_aead_cipher_deinit} (gnutls_aead_cipher_hd_t @var{handle}) diff --git a/doc/functions/gnutls_aead_cipher_encrypt b/doc/functions/gnutls_aead_cipher_encrypt new file mode 100644 index 0000000..a66c7a9 --- /dev/null +++ b/doc/functions/gnutls_aead_cipher_encrypt @@ -0,0 +1,33 @@ + + + + +@deftypefun {int} {gnutls_aead_cipher_encrypt} (gnutls_aead_cipher_hd_t @var{handle}, const void * @var{nonce}, size_t @var{nonce_len}, const void * @var{auth}, size_t @var{auth_len}, size_t @var{tag_size}, const void * @var{ptext}, size_t @var{ptext_len}, void * @var{ctext}, size_t * @var{ctext_len}) +@var{handle}: is a @code{gnutls_aead_cipher_hd_t} type. + +@var{nonce}: the nonce to set + +@var{nonce_len}: The length of the nonce + +@var{auth}: additional data to be authenticated + +@var{auth_len}: The length of the data + +@var{tag_size}: The size of the tag to use (use zero for the default) + +@var{ptext}: the data to encrypt + +@var{ptext_len}: The length of data to encrypt + +@var{ctext}: the encrypted data including authentication tag + +@var{ctext_len}: the length of encrypted data (initially must hold the maximum available size, including space for tag) + +This function will encrypt the given data using the algorithm +specified by the context. The output data will contain the +authentication tag. + +@strong{Returns:} Zero or a negative error code on error. + +@strong{Since:} 3.4.0 +@end deftypefun diff --git a/doc/functions/gnutls_aead_cipher_encrypt.short b/doc/functions/gnutls_aead_cipher_encrypt.short new file mode 100644 index 0000000..8960ef4 --- /dev/null +++ b/doc/functions/gnutls_aead_cipher_encrypt.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_aead_cipher_encrypt} (gnutls_aead_cipher_hd_t @var{handle}, const void * @var{nonce}, size_t @var{nonce_len}, const void * @var{auth}, size_t @var{auth_len}, size_t @var{tag_size}, const void * @var{ptext}, size_t @var{ptext_len}, void * @var{ctext}, size_t * @var{ctext_len}) diff --git a/doc/functions/gnutls_aead_cipher_encryptv b/doc/functions/gnutls_aead_cipher_encryptv new file mode 100644 index 0000000..840fa67 --- /dev/null +++ b/doc/functions/gnutls_aead_cipher_encryptv @@ -0,0 +1,33 @@ + + + + +@deftypefun {int} {gnutls_aead_cipher_encryptv} (gnutls_aead_cipher_hd_t @var{handle}, const void * @var{nonce}, size_t @var{nonce_len}, const giovec_t * @var{auth_iov}, int @var{auth_iovcnt}, size_t @var{tag_size}, const giovec_t * @var{iov}, int @var{iovcnt}, void * @var{ctext}, size_t * @var{ctext_len}) +@var{handle}: is a @code{gnutls_aead_cipher_hd_t} type. + +@var{nonce}: the nonce to set + +@var{nonce_len}: The length of the nonce + +@var{auth_iov}: additional data to be authenticated + +@var{auth_iovcnt}: The number of buffers in @code{auth_iov} + +@var{tag_size}: The size of the tag to use (use zero for the default) + +@var{iov}: the data to be encrypted + +@var{iovcnt}: The number of buffers in @code{iov} + +@var{ctext}: the encrypted data including authentication tag + +@var{ctext_len}: the length of encrypted data (initially must hold the maximum available size, including space for tag) + +This function will encrypt the provided data buffers using the algorithm +specified by the context. The output data will contain the +authentication tag. + +@strong{Returns:} Zero or a negative error code on error. + +@strong{Since:} 3.6.3 +@end deftypefun diff --git a/doc/functions/gnutls_aead_cipher_encryptv.short b/doc/functions/gnutls_aead_cipher_encryptv.short new file mode 100644 index 0000000..8d71681 --- /dev/null +++ b/doc/functions/gnutls_aead_cipher_encryptv.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_aead_cipher_encryptv} (gnutls_aead_cipher_hd_t @var{handle}, const void * @var{nonce}, size_t @var{nonce_len}, const giovec_t * @var{auth_iov}, int @var{auth_iovcnt}, size_t @var{tag_size}, const giovec_t * @var{iov}, int @var{iovcnt}, void * @var{ctext}, size_t * @var{ctext_len}) diff --git a/doc/functions/gnutls_aead_cipher_init b/doc/functions/gnutls_aead_cipher_init new file mode 100644 index 0000000..74f815f --- /dev/null +++ b/doc/functions/gnutls_aead_cipher_init @@ -0,0 +1,20 @@ + + + + +@deftypefun {int} {gnutls_aead_cipher_init} (gnutls_aead_cipher_hd_t * @var{handle}, gnutls_cipher_algorithm_t @var{cipher}, const gnutls_datum_t * @var{key}) +@var{handle}: is a @code{gnutls_aead_cipher_hd_t} type. + +@var{cipher}: the authenticated-encryption algorithm to use + +@var{key}: The key to be used for encryption + +This function will initialize an context that can be used for +encryption/decryption of data. This will effectively use the +current crypto backend in use by gnutls or the cryptographic +accelerator in use. + +@strong{Returns:} Zero or a negative error code on error. + +@strong{Since:} 3.4.0 +@end deftypefun diff --git a/doc/functions/gnutls_aead_cipher_init.short b/doc/functions/gnutls_aead_cipher_init.short new file mode 100644 index 0000000..4b74a2f --- /dev/null +++ b/doc/functions/gnutls_aead_cipher_init.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_aead_cipher_init} (gnutls_aead_cipher_hd_t * @var{handle}, gnutls_cipher_algorithm_t @var{cipher}, const gnutls_datum_t * @var{key}) diff --git a/doc/functions/gnutls_alert_get b/doc/functions/gnutls_alert_get new file mode 100644 index 0000000..04cb621 --- /dev/null +++ b/doc/functions/gnutls_alert_get @@ -0,0 +1,15 @@ + + + +@deftypefun {gnutls_alert_description_t} {gnutls_alert_get} (gnutls_session_t @var{session}) +@var{session}: is a @code{gnutls_session_t} type. + +This function will return the last alert number received. This +function should be called when @code{GNUTLS_E_WARNING_ALERT_RECEIVED} or +@code{GNUTLS_E_FATAL_ALERT_RECEIVED} errors are returned by a gnutls +function. The peer may send alerts if he encounters an error. +If no alert has been received the returned value is undefined. + +@strong{Returns:} the last alert received, a +@code{gnutls_alert_description_t} value. +@end deftypefun diff --git a/doc/functions/gnutls_alert_get.short b/doc/functions/gnutls_alert_get.short new file mode 100644 index 0000000..64d21fd --- /dev/null +++ b/doc/functions/gnutls_alert_get.short @@ -0,0 +1 @@ +@item @var{gnutls_alert_description_t} @ref{gnutls_alert_get} (gnutls_session_t @var{session}) diff --git a/doc/functions/gnutls_alert_get_name b/doc/functions/gnutls_alert_get_name new file mode 100644 index 0000000..c6a8614 --- /dev/null +++ b/doc/functions/gnutls_alert_get_name @@ -0,0 +1,12 @@ + + + + +@deftypefun {const char *} {gnutls_alert_get_name} (gnutls_alert_description_t @var{alert}) +@var{alert}: is an alert number. + +This function will return a string that describes the given alert +number, or @code{NULL} . See @code{gnutls_alert_get()} . + +@strong{Returns:} string corresponding to @code{gnutls_alert_description_t} value. +@end deftypefun diff --git a/doc/functions/gnutls_alert_get_name.short b/doc/functions/gnutls_alert_get_name.short new file mode 100644 index 0000000..9d6f29a --- /dev/null +++ b/doc/functions/gnutls_alert_get_name.short @@ -0,0 +1 @@ +@item @var{const char *} @ref{gnutls_alert_get_name} (gnutls_alert_description_t @var{alert}) diff --git a/doc/functions/gnutls_alert_get_strname b/doc/functions/gnutls_alert_get_strname new file mode 100644 index 0000000..85ca086 --- /dev/null +++ b/doc/functions/gnutls_alert_get_strname @@ -0,0 +1,13 @@ + + + + +@deftypefun {const char *} {gnutls_alert_get_strname} (gnutls_alert_description_t @var{alert}) +@var{alert}: is an alert number. + +This function will return a string of the name of the alert. + +@strong{Returns:} string corresponding to @code{gnutls_alert_description_t} value. + +@strong{Since:} 3.0 +@end deftypefun diff --git a/doc/functions/gnutls_alert_get_strname.short b/doc/functions/gnutls_alert_get_strname.short new file mode 100644 index 0000000..c16fcec --- /dev/null +++ b/doc/functions/gnutls_alert_get_strname.short @@ -0,0 +1 @@ +@item @var{const char *} @ref{gnutls_alert_get_strname} (gnutls_alert_description_t @var{alert}) diff --git a/doc/functions/gnutls_alert_send b/doc/functions/gnutls_alert_send new file mode 100644 index 0000000..1a751f0 --- /dev/null +++ b/doc/functions/gnutls_alert_send @@ -0,0 +1,23 @@ + + + + +@deftypefun {int} {gnutls_alert_send} (gnutls_session_t @var{session}, gnutls_alert_level_t @var{level}, gnutls_alert_description_t @var{desc}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{level}: is the level of the alert + +@var{desc}: is the alert description + +This function will send an alert to the peer in order to inform +him of something important (eg. his Certificate could not be verified). +If the alert level is Fatal then the peer is expected to close the +connection, otherwise he may ignore the alert and continue. + +The error code of the underlying record send function will be +returned, so you may also receive @code{GNUTLS_E_INTERRUPTED} or +@code{GNUTLS_E_AGAIN} as well. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise +an error code is returned. +@end deftypefun diff --git a/doc/functions/gnutls_alert_send.short b/doc/functions/gnutls_alert_send.short new file mode 100644 index 0000000..f933313 --- /dev/null +++ b/doc/functions/gnutls_alert_send.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_alert_send} (gnutls_session_t @var{session}, gnutls_alert_level_t @var{level}, gnutls_alert_description_t @var{desc}) diff --git a/doc/functions/gnutls_alert_send_appropriate b/doc/functions/gnutls_alert_send_appropriate new file mode 100644 index 0000000..618746e --- /dev/null +++ b/doc/functions/gnutls_alert_send_appropriate @@ -0,0 +1,25 @@ + + + + +@deftypefun {int} {gnutls_alert_send_appropriate} (gnutls_session_t @var{session}, int @var{err}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{err}: is an error code returned by another GnuTLS function + +Sends an alert to the peer depending on the error code returned by +a gnutls function. This function will call @code{gnutls_error_to_alert()} +to determine the appropriate alert to send. + +This function may also return @code{GNUTLS_E_AGAIN} , or +@code{GNUTLS_E_INTERRUPTED} . + +This function historically was always sending an alert to the +peer, even if @code{err} was inappropriate to respond with an alert +(e.g., @code{GNUTLS_E_SUCCESS} ). Since 3.6.6 this function returns +success without transmitting any data on error codes that +should not result to an alert. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise +an error code is returned. +@end deftypefun diff --git a/doc/functions/gnutls_alert_send_appropriate.short b/doc/functions/gnutls_alert_send_appropriate.short new file mode 100644 index 0000000..1eddf45 --- /dev/null +++ b/doc/functions/gnutls_alert_send_appropriate.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_alert_send_appropriate} (gnutls_session_t @var{session}, int @var{err}) diff --git a/doc/functions/gnutls_alpn_get_selected_protocol b/doc/functions/gnutls_alpn_get_selected_protocol new file mode 100644 index 0000000..5fc52f2 --- /dev/null +++ b/doc/functions/gnutls_alpn_get_selected_protocol @@ -0,0 +1,21 @@ + + + + +@deftypefun {int} {gnutls_alpn_get_selected_protocol} (gnutls_session_t @var{session}, gnutls_datum_t * @var{protocol}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{protocol}: will hold the protocol name + +This function allows you to get the negotiated protocol name. The +returned protocol should be treated as opaque, constant value and +only valid during the session life. + +The selected protocol is the first supported by the list sent +by the client. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, +otherwise a negative error code is returned. + +Since 3.2.0 +@end deftypefun diff --git a/doc/functions/gnutls_alpn_get_selected_protocol.short b/doc/functions/gnutls_alpn_get_selected_protocol.short new file mode 100644 index 0000000..c6d873d --- /dev/null +++ b/doc/functions/gnutls_alpn_get_selected_protocol.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_alpn_get_selected_protocol} (gnutls_session_t @var{session}, gnutls_datum_t * @var{protocol}) diff --git a/doc/functions/gnutls_alpn_set_protocols b/doc/functions/gnutls_alpn_set_protocols new file mode 100644 index 0000000..d524246 --- /dev/null +++ b/doc/functions/gnutls_alpn_set_protocols @@ -0,0 +1,24 @@ + + + + +@deftypefun {int} {gnutls_alpn_set_protocols} (gnutls_session_t @var{session}, const gnutls_datum_t * @var{protocols}, unsigned @var{protocols_size}, unsigned int @var{flags}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{protocols}: is the protocol names to add. + +@var{protocols_size}: the number of protocols to add. + +@var{flags}: zero or a sequence of @code{gnutls_alpn_flags_t} + +This function is to be used by both clients and servers, to declare +the supported ALPN protocols, which are used during negotiation with peer. + +See @code{gnutls_alpn_flags_t} description for the documentation of available +flags. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, +otherwise a negative error code is returned. + +Since 3.2.0 +@end deftypefun diff --git a/doc/functions/gnutls_alpn_set_protocols.short b/doc/functions/gnutls_alpn_set_protocols.short new file mode 100644 index 0000000..455539a --- /dev/null +++ b/doc/functions/gnutls_alpn_set_protocols.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_alpn_set_protocols} (gnutls_session_t @var{session}, const gnutls_datum_t * @var{protocols}, unsigned @var{protocols_size}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_anon_allocate_client_credentials b/doc/functions/gnutls_anon_allocate_client_credentials new file mode 100644 index 0000000..730a109 --- /dev/null +++ b/doc/functions/gnutls_anon_allocate_client_credentials @@ -0,0 +1,11 @@ + + + + +@deftypefun {int} {gnutls_anon_allocate_client_credentials} (gnutls_anon_client_credentials_t * @var{sc}) +@var{sc}: is a pointer to a @code{gnutls_anon_client_credentials_t} type. + +Allocate a gnutls_anon_client_credentials_t structure. + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, or an error code. +@end deftypefun diff --git a/doc/functions/gnutls_anon_allocate_client_credentials.short b/doc/functions/gnutls_anon_allocate_client_credentials.short new file mode 100644 index 0000000..78cff66 --- /dev/null +++ b/doc/functions/gnutls_anon_allocate_client_credentials.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_anon_allocate_client_credentials} (gnutls_anon_client_credentials_t * @var{sc}) diff --git a/doc/functions/gnutls_anon_allocate_server_credentials b/doc/functions/gnutls_anon_allocate_server_credentials new file mode 100644 index 0000000..fc557e5 --- /dev/null +++ b/doc/functions/gnutls_anon_allocate_server_credentials @@ -0,0 +1,11 @@ + + + + +@deftypefun {int} {gnutls_anon_allocate_server_credentials} (gnutls_anon_server_credentials_t * @var{sc}) +@var{sc}: is a pointer to a @code{gnutls_anon_server_credentials_t} type. + +Allocate a gnutls_anon_server_credentials_t structure. + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, or an error code. +@end deftypefun diff --git a/doc/functions/gnutls_anon_allocate_server_credentials.short b/doc/functions/gnutls_anon_allocate_server_credentials.short new file mode 100644 index 0000000..285b430 --- /dev/null +++ b/doc/functions/gnutls_anon_allocate_server_credentials.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_anon_allocate_server_credentials} (gnutls_anon_server_credentials_t * @var{sc}) diff --git a/doc/functions/gnutls_anon_free_client_credentials b/doc/functions/gnutls_anon_free_client_credentials new file mode 100644 index 0000000..2d7e8ac --- /dev/null +++ b/doc/functions/gnutls_anon_free_client_credentials @@ -0,0 +1,9 @@ + + + + +@deftypefun {void} {gnutls_anon_free_client_credentials} (gnutls_anon_client_credentials_t @var{sc}) +@var{sc}: is a @code{gnutls_anon_client_credentials_t} type. + +Free a gnutls_anon_client_credentials_t structure. +@end deftypefun diff --git a/doc/functions/gnutls_anon_free_client_credentials.short b/doc/functions/gnutls_anon_free_client_credentials.short new file mode 100644 index 0000000..3add839 --- /dev/null +++ b/doc/functions/gnutls_anon_free_client_credentials.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_anon_free_client_credentials} (gnutls_anon_client_credentials_t @var{sc}) diff --git a/doc/functions/gnutls_anon_free_server_credentials b/doc/functions/gnutls_anon_free_server_credentials new file mode 100644 index 0000000..793f5ed --- /dev/null +++ b/doc/functions/gnutls_anon_free_server_credentials @@ -0,0 +1,9 @@ + + + + +@deftypefun {void} {gnutls_anon_free_server_credentials} (gnutls_anon_server_credentials_t @var{sc}) +@var{sc}: is a @code{gnutls_anon_server_credentials_t} type. + +Free a gnutls_anon_server_credentials_t structure. +@end deftypefun diff --git a/doc/functions/gnutls_anon_free_server_credentials.short b/doc/functions/gnutls_anon_free_server_credentials.short new file mode 100644 index 0000000..3570fd5 --- /dev/null +++ b/doc/functions/gnutls_anon_free_server_credentials.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_anon_free_server_credentials} (gnutls_anon_server_credentials_t @var{sc}) diff --git a/doc/functions/gnutls_anon_set_params_function b/doc/functions/gnutls_anon_set_params_function new file mode 100644 index 0000000..d1dc529 --- /dev/null +++ b/doc/functions/gnutls_anon_set_params_function @@ -0,0 +1,17 @@ + + + + +@deftypefun {void} {gnutls_anon_set_params_function} (gnutls_anon_server_credentials_t @var{res}, gnutls_params_function * @var{func}) +@var{res}: is a gnutls_anon_server_credentials_t type + +@var{func}: is the function to be called + +This function will set a callback in order for the server to get +the Diffie-Hellman or RSA parameters for anonymous authentication. +The callback should return @code{GNUTLS_E_SUCCESS} (0) on success. + +@strong{Deprecated:} This function is unnecessary and discouraged on GnuTLS 3.6.0 +or later. Since 3.6.0, DH parameters are negotiated +following RFC7919. +@end deftypefun diff --git a/doc/functions/gnutls_anon_set_params_function.short b/doc/functions/gnutls_anon_set_params_function.short new file mode 100644 index 0000000..1466cf0 --- /dev/null +++ b/doc/functions/gnutls_anon_set_params_function.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_anon_set_params_function} (gnutls_anon_server_credentials_t @var{res}, gnutls_params_function * @var{func}) diff --git a/doc/functions/gnutls_anon_set_server_dh_params b/doc/functions/gnutls_anon_set_server_dh_params new file mode 100644 index 0000000..c600868 --- /dev/null +++ b/doc/functions/gnutls_anon_set_server_dh_params @@ -0,0 +1,17 @@ + + + + +@deftypefun {void} {gnutls_anon_set_server_dh_params} (gnutls_anon_server_credentials_t @var{res}, gnutls_dh_params_t @var{dh_params}) +@var{res}: is a gnutls_anon_server_credentials_t type + +@var{dh_params}: The Diffie-Hellman parameters. + +This function will set the Diffie-Hellman parameters for an +anonymous server to use. These parameters will be used in +Anonymous Diffie-Hellman cipher suites. + +@strong{Deprecated:} This function is unnecessary and discouraged on GnuTLS 3.6.0 +or later. Since 3.6.0, DH parameters are negotiated +following RFC7919. +@end deftypefun diff --git a/doc/functions/gnutls_anon_set_server_dh_params.short b/doc/functions/gnutls_anon_set_server_dh_params.short new file mode 100644 index 0000000..8385d19 --- /dev/null +++ b/doc/functions/gnutls_anon_set_server_dh_params.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_anon_set_server_dh_params} (gnutls_anon_server_credentials_t @var{res}, gnutls_dh_params_t @var{dh_params}) diff --git a/doc/functions/gnutls_anon_set_server_known_dh_params b/doc/functions/gnutls_anon_set_server_known_dh_params new file mode 100644 index 0000000..5ab15f4 --- /dev/null +++ b/doc/functions/gnutls_anon_set_server_known_dh_params @@ -0,0 +1,23 @@ + + + + +@deftypefun {int} {gnutls_anon_set_server_known_dh_params} (gnutls_anon_server_credentials_t @var{res}, gnutls_sec_param_t @var{sec_param}) +@var{res}: is a gnutls_anon_server_credentials_t type + +@var{sec_param}: is an option of the @code{gnutls_sec_param_t} enumeration + +This function will set the Diffie-Hellman parameters for an +anonymous server to use. These parameters will be used in +Anonymous Diffie-Hellman cipher suites and will be selected from +the FFDHE set of RFC7919 according to the security level provided. + +@strong{Deprecated:} This function is unnecessary and discouraged on GnuTLS 3.6.0 +or later. Since 3.6.0, DH parameters are negotiated +following RFC7919. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.5.6 +@end deftypefun diff --git a/doc/functions/gnutls_anon_set_server_known_dh_params.short b/doc/functions/gnutls_anon_set_server_known_dh_params.short new file mode 100644 index 0000000..2fc5ad8 --- /dev/null +++ b/doc/functions/gnutls_anon_set_server_known_dh_params.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_anon_set_server_known_dh_params} (gnutls_anon_server_credentials_t @var{res}, gnutls_sec_param_t @var{sec_param}) diff --git a/doc/functions/gnutls_anon_set_server_params_function b/doc/functions/gnutls_anon_set_server_params_function new file mode 100644 index 0000000..f5da568 --- /dev/null +++ b/doc/functions/gnutls_anon_set_server_params_function @@ -0,0 +1,17 @@ + + + + +@deftypefun {void} {gnutls_anon_set_server_params_function} (gnutls_anon_server_credentials_t @var{res}, gnutls_params_function * @var{func}) +@var{res}: is a gnutls_certificate_credentials_t type + +@var{func}: is the function to be called + +This function will set a callback in order for the server to get +the Diffie-Hellman parameters for anonymous authentication. The +callback should return @code{GNUTLS_E_SUCCESS} (0) on success. + +@strong{Deprecated:} This function is unnecessary and discouraged on GnuTLS 3.6.0 +or later. Since 3.6.0, DH parameters are negotiated +following RFC7919. +@end deftypefun diff --git a/doc/functions/gnutls_anon_set_server_params_function.short b/doc/functions/gnutls_anon_set_server_params_function.short new file mode 100644 index 0000000..78a53fe --- /dev/null +++ b/doc/functions/gnutls_anon_set_server_params_function.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_anon_set_server_params_function} (gnutls_anon_server_credentials_t @var{res}, gnutls_params_function * @var{func}) diff --git a/doc/functions/gnutls_anti_replay_deinit b/doc/functions/gnutls_anti_replay_deinit new file mode 100644 index 0000000..16ec788 --- /dev/null +++ b/doc/functions/gnutls_anti_replay_deinit @@ -0,0 +1,12 @@ + + + + +@deftypefun {void} {gnutls_anti_replay_deinit} (gnutls_anti_replay_t @var{anti_replay}) +@var{anti_replay}: is a @code{gnutls_anti_replay} type + +This function will deinitialize all resources occupied by the given +anti-replay context. + +@strong{Since:} 3.6.5 +@end deftypefun diff --git a/doc/functions/gnutls_anti_replay_deinit.short b/doc/functions/gnutls_anti_replay_deinit.short new file mode 100644 index 0000000..3e0a85c --- /dev/null +++ b/doc/functions/gnutls_anti_replay_deinit.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_anti_replay_deinit} (gnutls_anti_replay_t @var{anti_replay}) diff --git a/doc/functions/gnutls_anti_replay_enable b/doc/functions/gnutls_anti_replay_enable new file mode 100644 index 0000000..4ca61a4 --- /dev/null +++ b/doc/functions/gnutls_anti_replay_enable @@ -0,0 +1,13 @@ + + + + +@deftypefun {void} {gnutls_anti_replay_enable} (gnutls_session_t @var{session}, gnutls_anti_replay_t @var{anti_replay}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{anti_replay}: is a @code{gnutls_anti_replay_t} type. + +Request that the server should use anti-replay mechanism. + +@strong{Since:} 3.6.5 +@end deftypefun diff --git a/doc/functions/gnutls_anti_replay_enable.short b/doc/functions/gnutls_anti_replay_enable.short new file mode 100644 index 0000000..2eb2271 --- /dev/null +++ b/doc/functions/gnutls_anti_replay_enable.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_anti_replay_enable} (gnutls_session_t @var{session}, gnutls_anti_replay_t @var{anti_replay}) diff --git a/doc/functions/gnutls_anti_replay_init b/doc/functions/gnutls_anti_replay_init new file mode 100644 index 0000000..ac3e051 --- /dev/null +++ b/doc/functions/gnutls_anti_replay_init @@ -0,0 +1,16 @@ + + + + +@deftypefun {int} {gnutls_anti_replay_init} (gnutls_anti_replay_t * @var{anti_replay}) +@var{anti_replay}: is a pointer to @code{gnutls_anti_replay_t} type + +This function will allocate and initialize the @code{anti_replay} context +to be usable for detect replay attacks. The context can then be +attached to a @code{gnutls_session_t} with +@code{gnutls_anti_replay_enable()} . + +@strong{Returns:} Zero or a negative error code on error. + +@strong{Since:} 3.6.5 +@end deftypefun diff --git a/doc/functions/gnutls_anti_replay_init.short b/doc/functions/gnutls_anti_replay_init.short new file mode 100644 index 0000000..47cb799 --- /dev/null +++ b/doc/functions/gnutls_anti_replay_init.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_anti_replay_init} (gnutls_anti_replay_t * @var{anti_replay}) diff --git a/doc/functions/gnutls_anti_replay_set_add_function b/doc/functions/gnutls_anti_replay_set_add_function new file mode 100644 index 0000000..bab0b20 --- /dev/null +++ b/doc/functions/gnutls_anti_replay_set_add_function @@ -0,0 +1,26 @@ + + + + +@deftypefun {void} {gnutls_anti_replay_set_add_function} (gnutls_anti_replay_t @var{anti_replay}, gnutls_db_add_func @var{add_func}) +@var{anti_replay}: is a @code{gnutls_anti_replay_t} type. + +@var{add_func}: is the function. + +Sets the function that will be used to store an entry if it is not +already present in the resumed sessions database. This function returns 0 +if the entry is successfully stored, and a negative error code +otherwise. In particular, if the entry is found in the database, +it returns @code{GNUTLS_E_DB_ENTRY_EXISTS} . + +The arguments to the @code{add_func} are: +- @code{ptr} : the pointer set with @code{gnutls_anti_replay_set_ptr()} +- @code{exp_time} : the expiration time of the entry +- @code{key} : a pointer to the key +- @code{data} : a pointer to data to store + +The data set by this function can be examined using +@code{gnutls_db_check_entry_expire_time()} and @code{gnutls_db_check_entry_time()} . + +@strong{Since:} 3.6.5 +@end deftypefun diff --git a/doc/functions/gnutls_anti_replay_set_add_function.short b/doc/functions/gnutls_anti_replay_set_add_function.short new file mode 100644 index 0000000..6a7dbb1 --- /dev/null +++ b/doc/functions/gnutls_anti_replay_set_add_function.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_anti_replay_set_add_function} (gnutls_anti_replay_t @var{anti_replay}, gnutls_db_add_func @var{add_func}) diff --git a/doc/functions/gnutls_anti_replay_set_ptr b/doc/functions/gnutls_anti_replay_set_ptr new file mode 100644 index 0000000..75e2549 --- /dev/null +++ b/doc/functions/gnutls_anti_replay_set_ptr @@ -0,0 +1,12 @@ + + + + +@deftypefun {void} {gnutls_anti_replay_set_ptr} (gnutls_anti_replay_t @var{anti_replay}, void * @var{ptr}) +@var{anti_replay}: is a @code{gnutls_anti_replay_t} type. + +@var{ptr}: is the pointer + +Sets the pointer that will be provided to db add function +as the first argument. +@end deftypefun diff --git a/doc/functions/gnutls_anti_replay_set_ptr.short b/doc/functions/gnutls_anti_replay_set_ptr.short new file mode 100644 index 0000000..4c0d229 --- /dev/null +++ b/doc/functions/gnutls_anti_replay_set_ptr.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_anti_replay_set_ptr} (gnutls_anti_replay_t @var{anti_replay}, void * @var{ptr}) diff --git a/doc/functions/gnutls_anti_replay_set_window b/doc/functions/gnutls_anti_replay_set_window new file mode 100644 index 0000000..85e9100 --- /dev/null +++ b/doc/functions/gnutls_anti_replay_set_window @@ -0,0 +1,20 @@ + + + + +@deftypefun {void} {gnutls_anti_replay_set_window} (gnutls_anti_replay_t @var{anti_replay}, unsigned int @var{window}) +@var{anti_replay}: is a @code{gnutls_anti_replay_t} type. + +@var{window}: is the time window recording ClientHello, in milliseconds + +Sets the time window used for ClientHello recording. In order to +protect against replay attacks, the server records ClientHello +messages within this time period from the last update, and +considers it a replay when a ClientHello outside of the period; if +a ClientHello arrives within this period, the server checks the +database and detects duplicates. + +For the details of the algorithm, see RFC 8446, section 8.2. + +@strong{Since:} 3.6.5 +@end deftypefun diff --git a/doc/functions/gnutls_anti_replay_set_window.short b/doc/functions/gnutls_anti_replay_set_window.short new file mode 100644 index 0000000..9d12f1d --- /dev/null +++ b/doc/functions/gnutls_anti_replay_set_window.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_anti_replay_set_window} (gnutls_anti_replay_t @var{anti_replay}, unsigned int @var{window}) diff --git a/doc/functions/gnutls_auth_client_get_type b/doc/functions/gnutls_auth_client_get_type new file mode 100644 index 0000000..73653f9 --- /dev/null +++ b/doc/functions/gnutls_auth_client_get_type @@ -0,0 +1,17 @@ + + + + +@deftypefun {gnutls_credentials_type_t} {gnutls_auth_client_get_type} (gnutls_session_t @var{session}) +@var{session}: is a @code{gnutls_session_t} type. + +Returns the type of credentials that were used for client authentication. +The returned information is to be used to distinguish the function used +to access authentication data. + +Note that on resumed sessions, this function returns the schema +used in the original session authentication. + +@strong{Returns:} The type of credentials for the client authentication +schema, a @code{gnutls_credentials_type_t} type. +@end deftypefun diff --git a/doc/functions/gnutls_auth_client_get_type.short b/doc/functions/gnutls_auth_client_get_type.short new file mode 100644 index 0000000..ab2f188 --- /dev/null +++ b/doc/functions/gnutls_auth_client_get_type.short @@ -0,0 +1 @@ +@item @var{gnutls_credentials_type_t} @ref{gnutls_auth_client_get_type} (gnutls_session_t @var{session}) diff --git a/doc/functions/gnutls_auth_get_type b/doc/functions/gnutls_auth_get_type new file mode 100644 index 0000000..ae582d3 --- /dev/null +++ b/doc/functions/gnutls_auth_get_type @@ -0,0 +1,21 @@ + + + + +@deftypefun {gnutls_credentials_type_t} {gnutls_auth_get_type} (gnutls_session_t @var{session}) +@var{session}: is a @code{gnutls_session_t} type. + +Returns type of credentials for the current authentication schema. +The returned information is to be used to distinguish the function used +to access authentication data. + +Eg. for CERTIFICATE ciphersuites (key exchange algorithms: +@code{GNUTLS_KX_RSA} , @code{GNUTLS_KX_DHE_RSA} ), the same function are to be +used to access the authentication data. + +Note that on resumed sessions, this function returns the schema +used in the original session authentication. + +@strong{Returns:} The type of credentials for the current authentication +schema, a @code{gnutls_credentials_type_t} type. +@end deftypefun diff --git a/doc/functions/gnutls_auth_get_type.short b/doc/functions/gnutls_auth_get_type.short new file mode 100644 index 0000000..47b21ed --- /dev/null +++ b/doc/functions/gnutls_auth_get_type.short @@ -0,0 +1 @@ +@item @var{gnutls_credentials_type_t} @ref{gnutls_auth_get_type} (gnutls_session_t @var{session}) diff --git a/doc/functions/gnutls_auth_server_get_type b/doc/functions/gnutls_auth_server_get_type new file mode 100644 index 0000000..f47e91c --- /dev/null +++ b/doc/functions/gnutls_auth_server_get_type @@ -0,0 +1,17 @@ + + + + +@deftypefun {gnutls_credentials_type_t} {gnutls_auth_server_get_type} (gnutls_session_t @var{session}) +@var{session}: is a @code{gnutls_session_t} type. + +Returns the type of credentials that were used for server authentication. +The returned information is to be used to distinguish the function used +to access authentication data. + +Note that on resumed sessions, this function returns the schema +used in the original session authentication. + +@strong{Returns:} The type of credentials for the server authentication +schema, a @code{gnutls_credentials_type_t} type. +@end deftypefun diff --git a/doc/functions/gnutls_auth_server_get_type.short b/doc/functions/gnutls_auth_server_get_type.short new file mode 100644 index 0000000..121955e --- /dev/null +++ b/doc/functions/gnutls_auth_server_get_type.short @@ -0,0 +1 @@ +@item @var{gnutls_credentials_type_t} @ref{gnutls_auth_server_get_type} (gnutls_session_t @var{session}) diff --git a/doc/functions/gnutls_base64_decode2 b/doc/functions/gnutls_base64_decode2 new file mode 100644 index 0000000..69144f4 --- /dev/null +++ b/doc/functions/gnutls_base64_decode2 @@ -0,0 +1,19 @@ + + + + +@deftypefun {int} {gnutls_base64_decode2} (const gnutls_datum_t * @var{base64}, gnutls_datum_t * @var{result}) +@var{base64}: contains the encoded data + +@var{result}: the location of decoded data + +This function will decode the given base64 encoded data. The decoded data +will be allocated, and stored into result. + +You should use @code{gnutls_free()} to free the returned data. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise +an error code is returned. + +@strong{Since:} 3.6.0 +@end deftypefun diff --git a/doc/functions/gnutls_base64_decode2.short b/doc/functions/gnutls_base64_decode2.short new file mode 100644 index 0000000..a6a097e --- /dev/null +++ b/doc/functions/gnutls_base64_decode2.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_base64_decode2} (const gnutls_datum_t * @var{base64}, gnutls_datum_t * @var{result}) diff --git a/doc/functions/gnutls_base64_encode2 b/doc/functions/gnutls_base64_encode2 new file mode 100644 index 0000000..f330305 --- /dev/null +++ b/doc/functions/gnutls_base64_encode2 @@ -0,0 +1,20 @@ + + + + +@deftypefun {int} {gnutls_base64_encode2} (const gnutls_datum_t * @var{data}, gnutls_datum_t * @var{result}) +@var{data}: contains the raw data + +@var{result}: will hold the newly allocated encoded data + +This function will convert the given data to printable data, using +the base64 encoding. This function will allocate the required +memory to hold the encoded data. + +You should use @code{gnutls_free()} to free the returned data. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise +an error code is returned. + +@strong{Since:} 3.6.0 +@end deftypefun diff --git a/doc/functions/gnutls_base64_encode2.short b/doc/functions/gnutls_base64_encode2.short new file mode 100644 index 0000000..ef121ed --- /dev/null +++ b/doc/functions/gnutls_base64_encode2.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_base64_encode2} (const gnutls_datum_t * @var{data}, gnutls_datum_t * @var{result}) diff --git a/doc/functions/gnutls_buffer_append_data b/doc/functions/gnutls_buffer_append_data new file mode 100644 index 0000000..e728f9b --- /dev/null +++ b/doc/functions/gnutls_buffer_append_data @@ -0,0 +1,17 @@ + + + + +@deftypefun {int} {gnutls_buffer_append_data} (gnutls_buffer_t @var{dest}, const void * @var{data}, size_t @var{data_size}) +@var{dest}: the buffer to append to + +@var{data}: the data + +@var{data_size}: the size of @code{data} + +Appends the provided @code{data} to the destination buffer. + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, otherwise a negative error code. + +@strong{Since:} 3.4.0 +@end deftypefun diff --git a/doc/functions/gnutls_buffer_append_data.short b/doc/functions/gnutls_buffer_append_data.short new file mode 100644 index 0000000..26d8385 --- /dev/null +++ b/doc/functions/gnutls_buffer_append_data.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_buffer_append_data} (gnutls_buffer_t @var{dest}, const void * @var{data}, size_t @var{data_size}) diff --git a/doc/functions/gnutls_bye b/doc/functions/gnutls_bye new file mode 100644 index 0000000..5e909d6 --- /dev/null +++ b/doc/functions/gnutls_bye @@ -0,0 +1,36 @@ + + + + +@deftypefun {int} {gnutls_bye} (gnutls_session_t @var{session}, gnutls_close_request_t @var{how}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{how}: is an integer + +Terminates the current TLS/SSL connection. The connection should +have been initiated using @code{gnutls_handshake()} . @code{how} should be one +of @code{GNUTLS_SHUT_RDWR} , @code{GNUTLS_SHUT_WR} . + +In case of @code{GNUTLS_SHUT_RDWR} the TLS session gets +terminated and further receives and sends will be disallowed. If +the return value is zero you may continue using the underlying +transport layer. @code{GNUTLS_SHUT_RDWR} sends an alert containing a close +request and waits for the peer to reply with the same message. + +In case of @code{GNUTLS_SHUT_WR} the TLS session gets terminated +and further sends will be disallowed. In order to reuse the +connection you should wait for an EOF from the peer. +@code{GNUTLS_SHUT_WR} sends an alert containing a close request. + +Note that not all implementations will properly terminate a TLS +connection. Some of them, usually for performance reasons, will +terminate only the underlying transport layer, and thus not +distinguishing between a malicious party prematurely terminating +the connection and normal termination. + +This function may also return @code{GNUTLS_E_AGAIN} or +@code{GNUTLS_E_INTERRUPTED} ; cf. @code{gnutls_record_get_direction()} . + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, or an error code, see +function documentation for entire semantics. +@end deftypefun diff --git a/doc/functions/gnutls_bye.short b/doc/functions/gnutls_bye.short new file mode 100644 index 0000000..de559df --- /dev/null +++ b/doc/functions/gnutls_bye.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_bye} (gnutls_session_t @var{session}, gnutls_close_request_t @var{how}) diff --git a/doc/functions/gnutls_certificate_activation_time_peers b/doc/functions/gnutls_certificate_activation_time_peers new file mode 100644 index 0000000..24de160 --- /dev/null +++ b/doc/functions/gnutls_certificate_activation_time_peers @@ -0,0 +1,13 @@ + + + + +@deftypefun {time_t} {gnutls_certificate_activation_time_peers} (gnutls_session_t @var{session}) +@var{session}: is a gnutls session + +This function will return the peer's certificate activation time. + +@strong{Returns:} (time_t)-1 on error. + +@strong{Deprecated:} @code{gnutls_certificate_verify_peers2()} now verifies activation times. +@end deftypefun diff --git a/doc/functions/gnutls_certificate_activation_time_peers.short b/doc/functions/gnutls_certificate_activation_time_peers.short new file mode 100644 index 0000000..ffce2eb --- /dev/null +++ b/doc/functions/gnutls_certificate_activation_time_peers.short @@ -0,0 +1 @@ +@item @var{time_t} @ref{gnutls_certificate_activation_time_peers} (gnutls_session_t @var{session}) diff --git a/doc/functions/gnutls_certificate_allocate_credentials b/doc/functions/gnutls_certificate_allocate_credentials new file mode 100644 index 0000000..b2c0799 --- /dev/null +++ b/doc/functions/gnutls_certificate_allocate_credentials @@ -0,0 +1,11 @@ + + + + +@deftypefun {int} {gnutls_certificate_allocate_credentials} (gnutls_certificate_credentials_t * @var{res}) +@var{res}: is a pointer to a @code{gnutls_certificate_credentials_t} type. + +Allocate a gnutls_certificate_credentials_t structure. + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, or an error code. +@end deftypefun diff --git a/doc/functions/gnutls_certificate_allocate_credentials.short b/doc/functions/gnutls_certificate_allocate_credentials.short new file mode 100644 index 0000000..4a462a9 --- /dev/null +++ b/doc/functions/gnutls_certificate_allocate_credentials.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_certificate_allocate_credentials} (gnutls_certificate_credentials_t * @var{res}) diff --git a/doc/functions/gnutls_certificate_client_get_request_status b/doc/functions/gnutls_certificate_client_get_request_status new file mode 100644 index 0000000..38314f1 --- /dev/null +++ b/doc/functions/gnutls_certificate_client_get_request_status @@ -0,0 +1,13 @@ + + + + +@deftypefun {unsigned} {gnutls_certificate_client_get_request_status} (gnutls_session_t @var{session}) +@var{session}: is a gnutls session + +Get whether client certificate was requested on the last +handshake or not. + +@strong{Returns:} 0 if the peer (server) did not request client +authentication or 1 otherwise. +@end deftypefun diff --git a/doc/functions/gnutls_certificate_client_get_request_status.short b/doc/functions/gnutls_certificate_client_get_request_status.short new file mode 100644 index 0000000..ad5862b --- /dev/null +++ b/doc/functions/gnutls_certificate_client_get_request_status.short @@ -0,0 +1 @@ +@item @var{unsigned} @ref{gnutls_certificate_client_get_request_status} (gnutls_session_t @var{session}) diff --git a/doc/functions/gnutls_certificate_expiration_time_peers b/doc/functions/gnutls_certificate_expiration_time_peers new file mode 100644 index 0000000..d4e0f0d --- /dev/null +++ b/doc/functions/gnutls_certificate_expiration_time_peers @@ -0,0 +1,13 @@ + + + + +@deftypefun {time_t} {gnutls_certificate_expiration_time_peers} (gnutls_session_t @var{session}) +@var{session}: is a gnutls session + +This function will return the peer's certificate expiration time. + +@strong{Returns:} (time_t)-1 on error. + +@strong{Deprecated:} @code{gnutls_certificate_verify_peers2()} now verifies expiration times. +@end deftypefun diff --git a/doc/functions/gnutls_certificate_expiration_time_peers.short b/doc/functions/gnutls_certificate_expiration_time_peers.short new file mode 100644 index 0000000..3f92bba --- /dev/null +++ b/doc/functions/gnutls_certificate_expiration_time_peers.short @@ -0,0 +1 @@ +@item @var{time_t} @ref{gnutls_certificate_expiration_time_peers} (gnutls_session_t @var{session}) diff --git a/doc/functions/gnutls_certificate_free_ca_names b/doc/functions/gnutls_certificate_free_ca_names new file mode 100644 index 0000000..00be203 --- /dev/null +++ b/doc/functions/gnutls_certificate_free_ca_names @@ -0,0 +1,17 @@ + + + + +@deftypefun {void} {gnutls_certificate_free_ca_names} (gnutls_certificate_credentials_t @var{sc}) +@var{sc}: is a @code{gnutls_certificate_credentials_t} type. + +This function will delete all the CA name in the given +credentials. Clients may call this to save some memory since in +client side the CA names are not used. Servers might want to use +this function if a large list of trusted CAs is present and +sending the names of it would just consume bandwidth without providing +information to client. + +CA names are used by servers to advertise the CAs they support to +clients. +@end deftypefun diff --git a/doc/functions/gnutls_certificate_free_ca_names.short b/doc/functions/gnutls_certificate_free_ca_names.short new file mode 100644 index 0000000..74945d6 --- /dev/null +++ b/doc/functions/gnutls_certificate_free_ca_names.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_certificate_free_ca_names} (gnutls_certificate_credentials_t @var{sc}) diff --git a/doc/functions/gnutls_certificate_free_cas b/doc/functions/gnutls_certificate_free_cas new file mode 100644 index 0000000..fd0a649 --- /dev/null +++ b/doc/functions/gnutls_certificate_free_cas @@ -0,0 +1,11 @@ + + + + +@deftypefun {void} {gnutls_certificate_free_cas} (gnutls_certificate_credentials_t @var{sc}) +@var{sc}: is a @code{gnutls_certificate_credentials_t} type. + +This function was operational on very early versions of gnutls. +Due to internal refactorings and the fact that this was hardly ever +used, it is currently a no-op. +@end deftypefun diff --git a/doc/functions/gnutls_certificate_free_cas.short b/doc/functions/gnutls_certificate_free_cas.short new file mode 100644 index 0000000..d4ee546 --- /dev/null +++ b/doc/functions/gnutls_certificate_free_cas.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_certificate_free_cas} (gnutls_certificate_credentials_t @var{sc}) diff --git a/doc/functions/gnutls_certificate_free_credentials b/doc/functions/gnutls_certificate_free_credentials new file mode 100644 index 0000000..91ceb8e --- /dev/null +++ b/doc/functions/gnutls_certificate_free_credentials @@ -0,0 +1,13 @@ + + + + +@deftypefun {void} {gnutls_certificate_free_credentials} (gnutls_certificate_credentials_t @var{sc}) +@var{sc}: is a @code{gnutls_certificate_credentials_t} type. + +Free a gnutls_certificate_credentials_t structure. + +This function does not free any temporary parameters associated +with this structure (ie RSA and DH parameters are not freed by this +function). +@end deftypefun diff --git a/doc/functions/gnutls_certificate_free_credentials.short b/doc/functions/gnutls_certificate_free_credentials.short new file mode 100644 index 0000000..8a567cb --- /dev/null +++ b/doc/functions/gnutls_certificate_free_credentials.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_certificate_free_credentials} (gnutls_certificate_credentials_t @var{sc}) diff --git a/doc/functions/gnutls_certificate_free_crls b/doc/functions/gnutls_certificate_free_crls new file mode 100644 index 0000000..7c13239 --- /dev/null +++ b/doc/functions/gnutls_certificate_free_crls @@ -0,0 +1,10 @@ + + + + +@deftypefun {void} {gnutls_certificate_free_crls} (gnutls_certificate_credentials_t @var{sc}) +@var{sc}: is a @code{gnutls_certificate_credentials_t} type. + +This function will delete all the CRLs associated +with the given credentials. +@end deftypefun diff --git a/doc/functions/gnutls_certificate_free_crls.short b/doc/functions/gnutls_certificate_free_crls.short new file mode 100644 index 0000000..5f20576 --- /dev/null +++ b/doc/functions/gnutls_certificate_free_crls.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_certificate_free_crls} (gnutls_certificate_credentials_t @var{sc}) diff --git a/doc/functions/gnutls_certificate_free_keys b/doc/functions/gnutls_certificate_free_keys new file mode 100644 index 0000000..d7e04ee --- /dev/null +++ b/doc/functions/gnutls_certificate_free_keys @@ -0,0 +1,11 @@ + + + + +@deftypefun {void} {gnutls_certificate_free_keys} (gnutls_certificate_credentials_t @var{sc}) +@var{sc}: is a @code{gnutls_certificate_credentials_t} type. + +This function will delete all the keys and the certificates associated +with the given credentials. This function must not be called when a +TLS negotiation that uses the credentials is in progress. +@end deftypefun diff --git a/doc/functions/gnutls_certificate_free_keys.short b/doc/functions/gnutls_certificate_free_keys.short new file mode 100644 index 0000000..03e765e --- /dev/null +++ b/doc/functions/gnutls_certificate_free_keys.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_certificate_free_keys} (gnutls_certificate_credentials_t @var{sc}) diff --git a/doc/functions/gnutls_certificate_get_crt_raw b/doc/functions/gnutls_certificate_get_crt_raw new file mode 100644 index 0000000..9350361 --- /dev/null +++ b/doc/functions/gnutls_certificate_get_crt_raw @@ -0,0 +1,25 @@ + + + + +@deftypefun {int} {gnutls_certificate_get_crt_raw} (gnutls_certificate_credentials_t @var{sc}, unsigned @var{idx1}, unsigned @var{idx2}, gnutls_datum_t * @var{cert}) +@var{sc}: is a @code{gnutls_certificate_credentials_t} type. + +@var{idx1}: the index of the certificate chain if multiple are present + +@var{idx2}: the index of the certificate in the chain. Zero gives the server's certificate. + +@var{cert}: Will hold the DER encoded certificate. + +This function will return the DER encoded certificate of the +server or any other certificate on its certificate chain (based on @code{idx2} ). +The returned data should be treated as constant and only accessible during the lifetime +of @code{sc} . The @code{idx1} matches the value @code{gnutls_certificate_set_x509_key()} and friends +functions. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. In case the indexes are out of bounds @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} +is returned. + +@strong{Since:} 3.2.5 +@end deftypefun diff --git a/doc/functions/gnutls_certificate_get_crt_raw.short b/doc/functions/gnutls_certificate_get_crt_raw.short new file mode 100644 index 0000000..083a996 --- /dev/null +++ b/doc/functions/gnutls_certificate_get_crt_raw.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_certificate_get_crt_raw} (gnutls_certificate_credentials_t @var{sc}, unsigned @var{idx1}, unsigned @var{idx2}, gnutls_datum_t * @var{cert}) diff --git a/doc/functions/gnutls_certificate_get_issuer b/doc/functions/gnutls_certificate_get_issuer new file mode 100644 index 0000000..b6ffd4f --- /dev/null +++ b/doc/functions/gnutls_certificate_get_issuer @@ -0,0 +1,27 @@ + + + + +@deftypefun {int} {gnutls_certificate_get_issuer} (gnutls_certificate_credentials_t @var{sc}, gnutls_x509_crt_t @var{cert}, gnutls_x509_crt_t * @var{issuer}, unsigned int @var{flags}) +@var{sc}: is a @code{gnutls_certificate_credentials_t} type. + +@var{cert}: is the certificate to find issuer for + +@var{issuer}: Will hold the issuer if any. Should be treated as constant. + +@var{flags}: Use zero or @code{GNUTLS_TL_GET_COPY} + +This function will return the issuer of a given certificate. +If the flag @code{GNUTLS_TL_GET_COPY} is specified a copy of the issuer +will be returned which must be freed using @code{gnutls_x509_crt_deinit()} . +In that case the provided @code{issuer} must not be initialized. + +As with @code{gnutls_x509_trust_list_get_issuer()} this function requires +the @code{GNUTLS_TL_GET_COPY} flag in order to operate with PKCS@code{11} trust +lists in a thread-safe way. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.0 +@end deftypefun diff --git a/doc/functions/gnutls_certificate_get_issuer.short b/doc/functions/gnutls_certificate_get_issuer.short new file mode 100644 index 0000000..91a93ee --- /dev/null +++ b/doc/functions/gnutls_certificate_get_issuer.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_certificate_get_issuer} (gnutls_certificate_credentials_t @var{sc}, gnutls_x509_crt_t @var{cert}, gnutls_x509_crt_t * @var{issuer}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_certificate_get_ocsp_expiration b/doc/functions/gnutls_certificate_get_ocsp_expiration new file mode 100644 index 0000000..849e4f4 --- /dev/null +++ b/doc/functions/gnutls_certificate_get_ocsp_expiration @@ -0,0 +1,30 @@ + + + + +@deftypefun {time_t} {gnutls_certificate_get_ocsp_expiration} (gnutls_certificate_credentials_t @var{sc}, unsigned @var{idx}, int @var{oidx}, unsigned @var{flags}) +@var{sc}: is a credentials structure. + +@var{idx}: is a certificate chain index as returned by @code{gnutls_certificate_set_key()} and friends + +@var{oidx}: is an OCSP response index + +@var{flags}: should be zero + +This function returns the validity of the loaded OCSP responses, +to provide information on when to reload/refresh them. + +Note that the credentials structure should be read-only when in +use, thus when reloading, either the credentials structure must not +be in use by any sessions, or a new credentials structure should be +allocated for new sessions. + +When @code{oidx} is (-1) then the minimum refresh time for all responses +is returned. Otherwise the index specifies the response corresponding +to the @code{odix} certificate in the certificate chain. + +@strong{Returns:} On success, the expiration time of the OCSP response. Otherwise +(time_t)(-1) on error, or (time_t)-2 on out of bounds. + +@strong{Since:} 3.6.3 +@end deftypefun diff --git a/doc/functions/gnutls_certificate_get_ocsp_expiration.short b/doc/functions/gnutls_certificate_get_ocsp_expiration.short new file mode 100644 index 0000000..1c3044c --- /dev/null +++ b/doc/functions/gnutls_certificate_get_ocsp_expiration.short @@ -0,0 +1 @@ +@item @var{time_t} @ref{gnutls_certificate_get_ocsp_expiration} (gnutls_certificate_credentials_t @var{sc}, unsigned @var{idx}, int @var{oidx}, unsigned @var{flags}) diff --git a/doc/functions/gnutls_certificate_get_ours b/doc/functions/gnutls_certificate_get_ours new file mode 100644 index 0000000..9e88297 --- /dev/null +++ b/doc/functions/gnutls_certificate_get_ours @@ -0,0 +1,20 @@ + + + + +@deftypefun {const gnutls_datum_t *} {gnutls_certificate_get_ours} (gnutls_session_t @var{session}) +@var{session}: is a gnutls session + +Gets the certificate as sent to the peer in the last handshake. +The certificate is in raw (DER) format. No certificate +list is being returned. Only the first certificate. + +This function returns the certificate that was sent in the current +handshake. In subsequent resumed sessions this function will return +@code{NULL} . That differs from @code{gnutls_certificate_get_peers()} which always +returns the peer's certificate used in the original session. + +@strong{Returns:} a pointer to a @code{gnutls_datum_t} containing our +certificate, or @code{NULL} in case of an error or if no certificate +was used. +@end deftypefun diff --git a/doc/functions/gnutls_certificate_get_ours.short b/doc/functions/gnutls_certificate_get_ours.short new file mode 100644 index 0000000..c882b10 --- /dev/null +++ b/doc/functions/gnutls_certificate_get_ours.short @@ -0,0 +1 @@ +@item @var{const gnutls_datum_t *} @ref{gnutls_certificate_get_ours} (gnutls_session_t @var{session}) diff --git a/doc/functions/gnutls_certificate_get_peers b/doc/functions/gnutls_certificate_get_peers new file mode 100644 index 0000000..612c1a0 --- /dev/null +++ b/doc/functions/gnutls_certificate_get_peers @@ -0,0 +1,25 @@ + + + + +@deftypefun {const gnutls_datum_t *} {gnutls_certificate_get_peers} (gnutls_session_t @var{session}, unsigned int * @var{list_size}) +@var{session}: is a gnutls session + +@var{list_size}: is the length of the certificate list (may be @code{NULL} ) + +Get the peer's raw certificate (chain) as sent by the peer. These +certificates are in raw format (DER encoded for X.509). In case of +a X.509 then a certificate list may be present. The list +is provided as sent by the server; the server must send as first +certificate in the list its own certificate, following the +issuer's certificate, then the issuer's issuer etc. However, there +are servers which violate this principle and thus on certain +occasions this may be an unsorted list. + +In resumed sessions, this function will return the peer's certificate +list as used in the first/original session. + +@strong{Returns:} a pointer to a @code{gnutls_datum_t} containing the peer's +certificates, or @code{NULL} in case of an error or if no certificate +was used. +@end deftypefun diff --git a/doc/functions/gnutls_certificate_get_peers.short b/doc/functions/gnutls_certificate_get_peers.short new file mode 100644 index 0000000..c0c945c --- /dev/null +++ b/doc/functions/gnutls_certificate_get_peers.short @@ -0,0 +1 @@ +@item @var{const gnutls_datum_t *} @ref{gnutls_certificate_get_peers} (gnutls_session_t @var{session}, unsigned int * @var{list_size}) diff --git a/doc/functions/gnutls_certificate_get_peers_subkey_id b/doc/functions/gnutls_certificate_get_peers_subkey_id new file mode 100644 index 0000000..c175e38 --- /dev/null +++ b/doc/functions/gnutls_certificate_get_peers_subkey_id @@ -0,0 +1,15 @@ + + + + +@deftypefun {int} {gnutls_certificate_get_peers_subkey_id} (gnutls_session_t @var{session}, gnutls_datum_t * @var{id}) +@var{session}: is a gnutls session + +@var{id}: will contain the ID + +This function is no-op. + +@strong{Returns:} @code{GNUTLS_E_UNIMPLEMENTED_FEATURE} . + +@strong{Since:} 3.1.3 +@end deftypefun diff --git a/doc/functions/gnutls_certificate_get_peers_subkey_id.short b/doc/functions/gnutls_certificate_get_peers_subkey_id.short new file mode 100644 index 0000000..50b3ff3 --- /dev/null +++ b/doc/functions/gnutls_certificate_get_peers_subkey_id.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_certificate_get_peers_subkey_id} (gnutls_session_t @var{session}, gnutls_datum_t * @var{id}) diff --git a/doc/functions/gnutls_certificate_get_trust_list b/doc/functions/gnutls_certificate_get_trust_list new file mode 100644 index 0000000..71f002c --- /dev/null +++ b/doc/functions/gnutls_certificate_get_trust_list @@ -0,0 +1,15 @@ + + + +@deftypefun {void} {gnutls_certificate_get_trust_list} (gnutls_certificate_credentials_t @var{res}, gnutls_x509_trust_list_t * @var{tlist}) +@var{res}: is a @code{gnutls_certificate_credentials_t} type. + +@var{tlist}: Location where to store the trust list. + +Obtains the list of trusted certificates stored in @code{res} and writes a +pointer to it to the location @code{tlist} . The pointer will point to memory +internal to @code{res} , and must not be deinitialized. It will be automatically +deallocated when the @code{res} structure is deinitialized. + +@strong{Since:} 3.4.0 +@end deftypefun diff --git a/doc/functions/gnutls_certificate_get_trust_list.short b/doc/functions/gnutls_certificate_get_trust_list.short new file mode 100644 index 0000000..c2e6ed9 --- /dev/null +++ b/doc/functions/gnutls_certificate_get_trust_list.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_certificate_get_trust_list} (gnutls_certificate_credentials_t @var{res}, gnutls_x509_trust_list_t * @var{tlist}) diff --git a/doc/functions/gnutls_certificate_get_verify_flags b/doc/functions/gnutls_certificate_get_verify_flags new file mode 100644 index 0000000..2faef02 --- /dev/null +++ b/doc/functions/gnutls_certificate_get_verify_flags @@ -0,0 +1,14 @@ + + + + +@deftypefun {unsigned int} {gnutls_certificate_get_verify_flags} (gnutls_certificate_credentials_t @var{res}) +@var{res}: is a gnutls_certificate_credentials_t type + +Returns the verification flags set with +@code{gnutls_certificate_set_verify_flags()} . + +@strong{Returns:} The certificate verification flags used by @code{res} . + +@strong{Since:} 3.4.0 +@end deftypefun diff --git a/doc/functions/gnutls_certificate_get_verify_flags.short b/doc/functions/gnutls_certificate_get_verify_flags.short new file mode 100644 index 0000000..c3db99f --- /dev/null +++ b/doc/functions/gnutls_certificate_get_verify_flags.short @@ -0,0 +1 @@ +@item @var{unsigned int} @ref{gnutls_certificate_get_verify_flags} (gnutls_certificate_credentials_t @var{res}) diff --git a/doc/functions/gnutls_certificate_get_x509_crt b/doc/functions/gnutls_certificate_get_x509_crt new file mode 100644 index 0000000..2049e68 --- /dev/null +++ b/doc/functions/gnutls_certificate_get_x509_crt @@ -0,0 +1,35 @@ + + + + +@deftypefun {int} {gnutls_certificate_get_x509_crt} (gnutls_certificate_credentials_t @var{res}, unsigned @var{index}, gnutls_x509_crt_t ** @var{crt_list}, unsigned * @var{crt_list_size}) +@var{res}: is a @code{gnutls_certificate_credentials_t} type. + +@var{index}: The index of the certificate list to obtain. + +@var{crt_list}: Where to store the certificate list. + +@var{crt_list_size}: Will hold the number of certificates. + +Obtains a X.509 certificate list that has been stored in @code{res} with one of +@code{gnutls_certificate_set_x509_key()} , @code{gnutls_certificate_set_key()} , +@code{gnutls_certificate_set_x509_key_file()} , +@code{gnutls_certificate_set_x509_key_file2()} , +@code{gnutls_certificate_set_x509_key_mem()} , or +@code{gnutls_certificate_set_x509_key_mem2()} . Each certificate in the returned +certificate list must be deallocated with @code{gnutls_x509_crt_deinit()} , and the +list itself must be freed with @code{gnutls_free()} . + +The @code{index} matches the return value of @code{gnutls_certificate_set_x509_key()} and friends +functions, when the @code{GNUTLS_CERTIFICATE_API_V2} flag is set. + +If there is no certificate with the given index, +@code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} is returned. If the certificate +with the given index is not a X.509 certificate, @code{GNUTLS_E_INVALID_REQUEST} +is returned. The returned certificates must be deinitialized after +use, and the @code{crt_list} pointer must be freed using @code{gnutls_free()} . + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} (0) on success, or a negative error code. + +@strong{Since:} 3.4.0 +@end deftypefun diff --git a/doc/functions/gnutls_certificate_get_x509_crt.short b/doc/functions/gnutls_certificate_get_x509_crt.short new file mode 100644 index 0000000..43698e5 --- /dev/null +++ b/doc/functions/gnutls_certificate_get_x509_crt.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_certificate_get_x509_crt} (gnutls_certificate_credentials_t @var{res}, unsigned @var{index}, gnutls_x509_crt_t ** @var{crt_list}, unsigned * @var{crt_list_size}) diff --git a/doc/functions/gnutls_certificate_get_x509_key b/doc/functions/gnutls_certificate_get_x509_key new file mode 100644 index 0000000..7b9a52a --- /dev/null +++ b/doc/functions/gnutls_certificate_get_x509_key @@ -0,0 +1,30 @@ + + + + +@deftypefun {int} {gnutls_certificate_get_x509_key} (gnutls_certificate_credentials_t @var{res}, unsigned @var{index}, gnutls_x509_privkey_t * @var{key}) +@var{res}: is a @code{gnutls_certificate_credentials_t} type. + +@var{index}: The index of the key to obtain. + +@var{key}: Location to store the key. + +Obtains a X.509 private key that has been stored in @code{res} with one of +@code{gnutls_certificate_set_x509_key()} , @code{gnutls_certificate_set_key()} , +@code{gnutls_certificate_set_x509_key_file()} , +@code{gnutls_certificate_set_x509_key_file2()} , +@code{gnutls_certificate_set_x509_key_mem()} , or +@code{gnutls_certificate_set_x509_key_mem2()} . The returned key must be deallocated +with @code{gnutls_x509_privkey_deinit()} when no longer needed. + +The @code{index} matches the return value of @code{gnutls_certificate_set_x509_key()} and friends +functions, when the @code{GNUTLS_CERTIFICATE_API_V2} flag is set. + +If there is no key with the given index, +@code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} is returned. If the key with the +given index is not a X.509 key, @code{GNUTLS_E_INVALID_REQUEST} is returned. + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} (0) on success, or a negative error code. + +@strong{Since:} 3.4.0 +@end deftypefun diff --git a/doc/functions/gnutls_certificate_get_x509_key.short b/doc/functions/gnutls_certificate_get_x509_key.short new file mode 100644 index 0000000..73bcd73 --- /dev/null +++ b/doc/functions/gnutls_certificate_get_x509_key.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_certificate_get_x509_key} (gnutls_certificate_credentials_t @var{res}, unsigned @var{index}, gnutls_x509_privkey_t * @var{key}) diff --git a/doc/functions/gnutls_certificate_send_x509_rdn_sequence b/doc/functions/gnutls_certificate_send_x509_rdn_sequence new file mode 100644 index 0000000..1f83af6 --- /dev/null +++ b/doc/functions/gnutls_certificate_send_x509_rdn_sequence @@ -0,0 +1,18 @@ + + + + +@deftypefun {void} {gnutls_certificate_send_x509_rdn_sequence} (gnutls_session_t @var{session}, int @var{status}) +@var{session}: a @code{gnutls_session_t} type. + +@var{status}: is 0 or 1 + +If status is non zero, this function will order gnutls not to send +the rdnSequence in the certificate request message. That is the +server will not advertise its trusted CAs to the peer. If status +is zero then the default behaviour will take effect, which is to +advertise the server's trusted CAs. + +This function has no effect in clients, and in authentication +methods other than certificate with X.509 certificates. +@end deftypefun diff --git a/doc/functions/gnutls_certificate_send_x509_rdn_sequence.short b/doc/functions/gnutls_certificate_send_x509_rdn_sequence.short new file mode 100644 index 0000000..9fc58e6 --- /dev/null +++ b/doc/functions/gnutls_certificate_send_x509_rdn_sequence.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_certificate_send_x509_rdn_sequence} (gnutls_session_t @var{session}, int @var{status}) diff --git a/doc/functions/gnutls_certificate_server_set_request b/doc/functions/gnutls_certificate_server_set_request new file mode 100644 index 0000000..b7c53e9 --- /dev/null +++ b/doc/functions/gnutls_certificate_server_set_request @@ -0,0 +1,16 @@ + + + + +@deftypefun {void} {gnutls_certificate_server_set_request} (gnutls_session_t @var{session}, gnutls_certificate_request_t @var{req}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{req}: is one of GNUTLS_CERT_REQUEST, GNUTLS_CERT_REQUIRE, GNUTLS_CERT_IGNORE + +This function specifies if we (in case of a server) are going to +send a certificate request message to the client. If @code{req} is +GNUTLS_CERT_REQUIRE then the server will return the @code{GNUTLS_E_NO_CERTIFICATE_FOUND} +error if the peer does not provide a certificate. If you do not call this +function then the client will not be asked to send a certificate. Invoking +the function with @code{req} GNUTLS_CERT_IGNORE has the same effect. +@end deftypefun diff --git a/doc/functions/gnutls_certificate_server_set_request.short b/doc/functions/gnutls_certificate_server_set_request.short new file mode 100644 index 0000000..121c75b --- /dev/null +++ b/doc/functions/gnutls_certificate_server_set_request.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_certificate_server_set_request} (gnutls_session_t @var{session}, gnutls_certificate_request_t @var{req}) diff --git a/doc/functions/gnutls_certificate_set_dh_params b/doc/functions/gnutls_certificate_set_dh_params new file mode 100644 index 0000000..4fb8ea2 --- /dev/null +++ b/doc/functions/gnutls_certificate_set_dh_params @@ -0,0 +1,19 @@ + + + + +@deftypefun {void} {gnutls_certificate_set_dh_params} (gnutls_certificate_credentials_t @var{res}, gnutls_dh_params_t @var{dh_params}) +@var{res}: is a gnutls_certificate_credentials_t type + +@var{dh_params}: the Diffie-Hellman parameters. + +This function will set the Diffie-Hellman parameters for a +certificate server to use. These parameters will be used in +Ephemeral Diffie-Hellman cipher suites. Note that only a pointer +to the parameters are stored in the certificate handle, so you +must not deallocate the parameters before the certificate is deallocated. + +@strong{Deprecated:} This function is unnecessary and discouraged on GnuTLS 3.6.0 +or later. Since 3.6.0, DH parameters are negotiated +following RFC7919. +@end deftypefun diff --git a/doc/functions/gnutls_certificate_set_dh_params.short b/doc/functions/gnutls_certificate_set_dh_params.short new file mode 100644 index 0000000..6ead49a --- /dev/null +++ b/doc/functions/gnutls_certificate_set_dh_params.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_certificate_set_dh_params} (gnutls_certificate_credentials_t @var{res}, gnutls_dh_params_t @var{dh_params}) diff --git a/doc/functions/gnutls_certificate_set_flags b/doc/functions/gnutls_certificate_set_flags new file mode 100644 index 0000000..bf86b67 --- /dev/null +++ b/doc/functions/gnutls_certificate_set_flags @@ -0,0 +1,15 @@ + + + + +@deftypefun {void} {gnutls_certificate_set_flags} (gnutls_certificate_credentials_t @var{res}, unsigned int @var{flags}) +@var{res}: is a gnutls_certificate_credentials_t type + +@var{flags}: are the flags of @code{gnutls_certificate_flags} type + +This function will set flags to tweak the operation of +the credentials structure. See the @code{gnutls_certificate_flags} enumerations +for more information on the available flags. + +@strong{Since:} 3.4.7 +@end deftypefun diff --git a/doc/functions/gnutls_certificate_set_flags.short b/doc/functions/gnutls_certificate_set_flags.short new file mode 100644 index 0000000..9e5734a --- /dev/null +++ b/doc/functions/gnutls_certificate_set_flags.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_certificate_set_flags} (gnutls_certificate_credentials_t @var{res}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_certificate_set_key b/doc/functions/gnutls_certificate_set_key new file mode 100644 index 0000000..56e747c --- /dev/null +++ b/doc/functions/gnutls_certificate_set_key @@ -0,0 +1,41 @@ + + + +@deftypefun {int} {gnutls_certificate_set_key} (gnutls_certificate_credentials_t @var{res}, const char ** @var{names}, int @var{names_size}, gnutls_pcert_st * @var{pcert_list}, int @var{pcert_list_size}, gnutls_privkey_t @var{key}) +@var{res}: is a @code{gnutls_certificate_credentials_t} type. + +@var{names}: is an array of DNS names belonging to the public-key (NULL if none) + +@var{names_size}: holds the size of the names list + +@var{pcert_list}: contains a certificate list (chain) or raw public-key + +@var{pcert_list_size}: holds the size of the certificate list + +@var{key}: is a @code{gnutls_privkey_t} key corresponding to the first public-key in pcert_list + +This function sets a public/private key pair in the +gnutls_certificate_credentials_t type. The given public key may be encapsulated +in a certificate or can be given as a raw key. This function may be +called more than once, in case multiple key pairs exist for +the server. For clients that want to send more than their own end- +entity certificate (e.g., also an intermediate CA cert), the full +certificate chain must be provided in @code{pcert_list} . + +Note that the @code{key} will become part of the credentials structure and must +not be deallocated. It will be automatically deallocated when the @code{res} structure +is deinitialized. + +If this function fails, the @code{res} structure is at an undefined state and it must +not be reused to load other keys or certificates. + +Note that, this function by default returns zero on success and a negative value on error. +Since 3.5.6, when the flag @code{GNUTLS_CERTIFICATE_API_V2} is set using @code{gnutls_certificate_set_flags()} +it returns an index (greater or equal to zero). That index can be used for other functions to refer to the added key-pair. + +Since GnuTLS 3.6.6 this function also handles raw public keys. + +@strong{Returns:} On success this functions returns zero, and otherwise a negative value on error (see above for modifying that behavior). + +@strong{Since:} 3.0 +@end deftypefun diff --git a/doc/functions/gnutls_certificate_set_key.short b/doc/functions/gnutls_certificate_set_key.short new file mode 100644 index 0000000..64bc81f --- /dev/null +++ b/doc/functions/gnutls_certificate_set_key.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_certificate_set_key} (gnutls_certificate_credentials_t @var{res}, const char ** @var{names}, int @var{names_size}, gnutls_pcert_st * @var{pcert_list}, int @var{pcert_list_size}, gnutls_privkey_t @var{key}) diff --git a/doc/functions/gnutls_certificate_set_known_dh_params b/doc/functions/gnutls_certificate_set_known_dh_params new file mode 100644 index 0000000..78d0983 --- /dev/null +++ b/doc/functions/gnutls_certificate_set_known_dh_params @@ -0,0 +1,23 @@ + + + + +@deftypefun {int} {gnutls_certificate_set_known_dh_params} (gnutls_certificate_credentials_t @var{res}, gnutls_sec_param_t @var{sec_param}) +@var{res}: is a gnutls_certificate_credentials_t type + +@var{sec_param}: is an option of the @code{gnutls_sec_param_t} enumeration + +This function will set the Diffie-Hellman parameters for a +certificate server to use. These parameters will be used in +Ephemeral Diffie-Hellman cipher suites and will be selected from +the FFDHE set of RFC7919 according to the security level provided. + +@strong{Deprecated:} This function is unnecessary and discouraged on GnuTLS 3.6.0 +or later. Since 3.6.0, DH parameters are negotiated +following RFC7919. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.5.6 +@end deftypefun diff --git a/doc/functions/gnutls_certificate_set_known_dh_params.short b/doc/functions/gnutls_certificate_set_known_dh_params.short new file mode 100644 index 0000000..ee155ac --- /dev/null +++ b/doc/functions/gnutls_certificate_set_known_dh_params.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_certificate_set_known_dh_params} (gnutls_certificate_credentials_t @var{res}, gnutls_sec_param_t @var{sec_param}) diff --git a/doc/functions/gnutls_certificate_set_ocsp_status_request_file b/doc/functions/gnutls_certificate_set_ocsp_status_request_file new file mode 100644 index 0000000..3e34a11 --- /dev/null +++ b/doc/functions/gnutls_certificate_set_ocsp_status_request_file @@ -0,0 +1,39 @@ + + + + +@deftypefun {int} {gnutls_certificate_set_ocsp_status_request_file} (gnutls_certificate_credentials_t @var{sc}, const char * @var{response_file}, unsigned @var{idx}) +@var{sc}: is a credentials structure. + +@var{response_file}: a filename of the OCSP response + +@var{idx}: is a certificate index as returned by @code{gnutls_certificate_set_key()} and friends + +This function loads the provided OCSP response. It will be +sent to the client if requests an OCSP certificate status for +the certificate chain specified by @code{idx} . + +@strong{Note:} the ability to set multiple OCSP responses per credential +structure via the index @code{idx} was added in version 3.5.6. To keep +backwards compatibility, it requires using @code{gnutls_certificate_set_flags()} +with the @code{GNUTLS_CERTIFICATE_API_V2} flag to make the set certificate +functions return an index usable by this function. + +This function can be called multiple times since GnuTLS 3.6.3 +when multiple responses which apply to the chain are available. +If the response provided does not match any certificates present +in the chain, the code @code{GNUTLS_E_OCSP_MISMATCH_WITH_CERTS} is returned. +To revert to the previous behavior set the flag @code{GNUTLS_CERTIFICATE_SKIP_OCSP_RESPONSE_CHECK} +in the certificate credentials structure. In that case, only the +end-certificate's OCSP response can be set. +If the response is already expired at the time of loading the code +@code{GNUTLS_E_EXPIRED} is returned. + +To revert to the previous behavior of this function which does not return +any errors, set the flag @code{GNUTLS_CERTIFICATE_SKIP_OCSP_RESPONSE_CHECK} + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, +otherwise a negative error code is returned. + +@strong{Since:} 3.1.3 +@end deftypefun diff --git a/doc/functions/gnutls_certificate_set_ocsp_status_request_file.short b/doc/functions/gnutls_certificate_set_ocsp_status_request_file.short new file mode 100644 index 0000000..9c3cbd5 --- /dev/null +++ b/doc/functions/gnutls_certificate_set_ocsp_status_request_file.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_certificate_set_ocsp_status_request_file} (gnutls_certificate_credentials_t @var{sc}, const char * @var{response_file}, unsigned @var{idx}) diff --git a/doc/functions/gnutls_certificate_set_ocsp_status_request_file2 b/doc/functions/gnutls_certificate_set_ocsp_status_request_file2 new file mode 100644 index 0000000..2d3c67a --- /dev/null +++ b/doc/functions/gnutls_certificate_set_ocsp_status_request_file2 @@ -0,0 +1,34 @@ + + + + +@deftypefun {int} {gnutls_certificate_set_ocsp_status_request_file2} (gnutls_certificate_credentials_t @var{sc}, const char * @var{response_file}, unsigned @var{idx}, gnutls_x509_crt_fmt_t @var{fmt}) +@var{sc}: is a credentials structure. + +@var{response_file}: a filename of the OCSP response + +@var{idx}: is a certificate index as returned by @code{gnutls_certificate_set_key()} and friends + +@var{fmt}: is PEM or DER + +This function loads the OCSP responses to be sent to the +peer for the certificate chain specified by @code{idx} . When @code{fmt} is +set to PEM, multiple responses can be loaded. + +This function must be called after setting any certificates, and +cannot be used for certificates that are provided via a callback -- +that is when @code{gnutls_certificate_set_retrieve_function()} is used. In +that case consider using @code{gnutls_certificate_set_retrieve_function3()} . + +This function can be called multiple times when multiple responses +applicable to the certificate chain are available. +If the response provided does not match any certificates present +in the chain, the code @code{GNUTLS_E_OCSP_MISMATCH_WITH_CERTS} is returned. +If the response is already expired at the time of loading the code +@code{GNUTLS_E_EXPIRED} is returned. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, +otherwise a negative error code is returned. + +@strong{Since:} 3.1.3 +@end deftypefun diff --git a/doc/functions/gnutls_certificate_set_ocsp_status_request_file2.short b/doc/functions/gnutls_certificate_set_ocsp_status_request_file2.short new file mode 100644 index 0000000..28cf132 --- /dev/null +++ b/doc/functions/gnutls_certificate_set_ocsp_status_request_file2.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_certificate_set_ocsp_status_request_file2} (gnutls_certificate_credentials_t @var{sc}, const char * @var{response_file}, unsigned @var{idx}, gnutls_x509_crt_fmt_t @var{fmt}) diff --git a/doc/functions/gnutls_certificate_set_ocsp_status_request_function b/doc/functions/gnutls_certificate_set_ocsp_status_request_function new file mode 100644 index 0000000..31548c0 --- /dev/null +++ b/doc/functions/gnutls_certificate_set_ocsp_status_request_function @@ -0,0 +1,31 @@ + + + + +@deftypefun {void} {gnutls_certificate_set_ocsp_status_request_function} (gnutls_certificate_credentials_t @var{sc}, gnutls_status_request_ocsp_func @var{ocsp_func}, void * @var{ptr}) +@var{sc}: is a @code{gnutls_certificate_credentials_t} type. + +@var{ocsp_func}: function pointer to OCSP status request callback. + +@var{ptr}: opaque pointer passed to callback function + +This function is to be used by server to register a callback to +handle OCSP status requests from the client. The callback will be +invoked if the client supplied a status-request OCSP extension. +The callback function prototype is: + +typedef int (*gnutls_status_request_ocsp_func) +(gnutls_session_t session, void *ptr, gnutls_datum_t *ocsp_response); + +The callback will be invoked if the client requests an OCSP certificate +status. The callback may return @code{GNUTLS_E_NO_CERTIFICATE_STATUS} , if +there is no recent OCSP response. If the callback returns @code{GNUTLS_E_SUCCESS} , +it is expected to have the @code{ocsp_response} field set with a valid (DER-encoded) +OCSP response. The response must be a value allocated using @code{gnutls_malloc()} , +and will be deinitialized by the caller. + +It is possible to set a specific callback for each provided certificate +using @code{gnutls_certificate_set_ocsp_status_request_function2()} . + +@strong{Since:} 3.1.3 +@end deftypefun diff --git a/doc/functions/gnutls_certificate_set_ocsp_status_request_function.short b/doc/functions/gnutls_certificate_set_ocsp_status_request_function.short new file mode 100644 index 0000000..c48367e --- /dev/null +++ b/doc/functions/gnutls_certificate_set_ocsp_status_request_function.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_certificate_set_ocsp_status_request_function} (gnutls_certificate_credentials_t @var{sc}, gnutls_status_request_ocsp_func @var{ocsp_func}, void * @var{ptr}) diff --git a/doc/functions/gnutls_certificate_set_ocsp_status_request_function2 b/doc/functions/gnutls_certificate_set_ocsp_status_request_function2 new file mode 100644 index 0000000..c8a9c86 --- /dev/null +++ b/doc/functions/gnutls_certificate_set_ocsp_status_request_function2 @@ -0,0 +1,41 @@ + + + + +@deftypefun {int} {gnutls_certificate_set_ocsp_status_request_function2} (gnutls_certificate_credentials_t @var{sc}, unsigned @var{idx}, gnutls_status_request_ocsp_func @var{ocsp_func}, void * @var{ptr}) +@var{sc}: is a @code{gnutls_certificate_credentials_t} type. + +@var{idx}: is a certificate index as returned by @code{gnutls_certificate_set_key()} and friends + +@var{ocsp_func}: function pointer to OCSP status request callback. + +@var{ptr}: opaque pointer passed to callback function + +This function is to be used by server to register a callback to +provide OCSP status requests that correspond to the indexed certificate chain +from the client. The callback will be invoked if the client supplied a +status-request OCSP extension. + +The callback function prototype is: + +typedef int (*gnutls_status_request_ocsp_func) +(gnutls_session_t session, void *ptr, gnutls_datum_t *ocsp_response); + +The callback will be invoked if the client requests an OCSP certificate +status. The callback may return @code{GNUTLS_E_NO_CERTIFICATE_STATUS} , if +there is no recent OCSP response. If the callback returns @code{GNUTLS_E_SUCCESS} , +it is expected to have the @code{ocsp_response} field set with a valid (DER-encoded) +OCSP response. The response must be a value allocated using @code{gnutls_malloc()} , +and will be deinitialized by the caller. + +@strong{Note:} the ability to set multiple OCSP responses per credential +structure via the index @code{idx} was added in version 3.5.6. To keep +backwards compatibility, it requires using @code{gnutls_certificate_set_flags()} +with the @code{GNUTLS_CERTIFICATE_API_V2} flag to make the set certificate +functions return an index usable by this function. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, +otherwise a negative error code is returned. + +@strong{Since:} 3.5.5 +@end deftypefun diff --git a/doc/functions/gnutls_certificate_set_ocsp_status_request_function2.short b/doc/functions/gnutls_certificate_set_ocsp_status_request_function2.short new file mode 100644 index 0000000..330f4de --- /dev/null +++ b/doc/functions/gnutls_certificate_set_ocsp_status_request_function2.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_certificate_set_ocsp_status_request_function2} (gnutls_certificate_credentials_t @var{sc}, unsigned @var{idx}, gnutls_status_request_ocsp_func @var{ocsp_func}, void * @var{ptr}) diff --git a/doc/functions/gnutls_certificate_set_ocsp_status_request_mem b/doc/functions/gnutls_certificate_set_ocsp_status_request_mem new file mode 100644 index 0000000..cdcc632 --- /dev/null +++ b/doc/functions/gnutls_certificate_set_ocsp_status_request_mem @@ -0,0 +1,39 @@ + + + + +@deftypefun {int} {gnutls_certificate_set_ocsp_status_request_mem} (gnutls_certificate_credentials_t @var{sc}, const gnutls_datum_t * @var{resp_data}, unsigned @var{idx}, gnutls_x509_crt_fmt_t @var{fmt}) +@var{sc}: is a credentials structure. + +@var{resp_data}: a memory buffer holding an OCSP response + +@var{idx}: is a certificate index as returned by @code{gnutls_certificate_set_key()} and friends + +@var{fmt}: is PEM or DER + +This function sets the OCSP responses to be sent to the +peer for the certificate chain specified by @code{idx} . When @code{fmt} is set +to PEM, multiple responses can be loaded. + +@strong{Note:} the ability to set multiple OCSP responses per credential +structure via the index @code{idx} was added in version 3.5.6. To keep +backwards compatibility, it requires using @code{gnutls_certificate_set_flags()} +with the @code{GNUTLS_CERTIFICATE_API_V2} flag to make the set certificate +functions return an index usable by this function. + +This function must be called after setting any certificates, and +cannot be used for certificates that are provided via a callback -- +that is when @code{gnutls_certificate_set_retrieve_function()} is used. + +This function can be called multiple times when multiple responses which +apply to the certificate chain are available. +If the response provided does not match any certificates present +in the chain, the code @code{GNUTLS_E_OCSP_MISMATCH_WITH_CERTS} is returned. +If the response is already expired at the time of loading the code +@code{GNUTLS_E_EXPIRED} is returned. + +@strong{Returns:} On success, the number of loaded responses is returned, +otherwise a negative error code. + +@strong{Since:} 3.6.3 +@end deftypefun diff --git a/doc/functions/gnutls_certificate_set_ocsp_status_request_mem.short b/doc/functions/gnutls_certificate_set_ocsp_status_request_mem.short new file mode 100644 index 0000000..b9ecd62 --- /dev/null +++ b/doc/functions/gnutls_certificate_set_ocsp_status_request_mem.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_certificate_set_ocsp_status_request_mem} (gnutls_certificate_credentials_t @var{sc}, const gnutls_datum_t * @var{resp_data}, unsigned @var{idx}, gnutls_x509_crt_fmt_t @var{fmt}) diff --git a/doc/functions/gnutls_certificate_set_params_function b/doc/functions/gnutls_certificate_set_params_function new file mode 100644 index 0000000..87de85a --- /dev/null +++ b/doc/functions/gnutls_certificate_set_params_function @@ -0,0 +1,17 @@ + + + + +@deftypefun {void} {gnutls_certificate_set_params_function} (gnutls_certificate_credentials_t @var{res}, gnutls_params_function * @var{func}) +@var{res}: is a gnutls_certificate_credentials_t type + +@var{func}: is the function to be called + +This function will set a callback in order for the server to get +the Diffie-Hellman or RSA parameters for certificate +authentication. The callback should return @code{GNUTLS_E_SUCCESS} (0) on success. + +@strong{Deprecated:} This function is unnecessary and discouraged on GnuTLS 3.6.0 +or later. Since 3.6.0, DH parameters are negotiated +following RFC7919. +@end deftypefun diff --git a/doc/functions/gnutls_certificate_set_params_function.short b/doc/functions/gnutls_certificate_set_params_function.short new file mode 100644 index 0000000..93dbd4f --- /dev/null +++ b/doc/functions/gnutls_certificate_set_params_function.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_certificate_set_params_function} (gnutls_certificate_credentials_t @var{res}, gnutls_params_function * @var{func}) diff --git a/doc/functions/gnutls_certificate_set_pin_function b/doc/functions/gnutls_certificate_set_pin_function new file mode 100644 index 0000000..1d0db50 --- /dev/null +++ b/doc/functions/gnutls_certificate_set_pin_function @@ -0,0 +1,20 @@ + + + + +@deftypefun {void} {gnutls_certificate_set_pin_function} (gnutls_certificate_credentials_t @var{cred}, gnutls_pin_callback_t @var{fn}, void * @var{userdata}) +@var{cred}: is a @code{gnutls_certificate_credentials_t} type. + +@var{fn}: A PIN callback + +@var{userdata}: Data to be passed in the callback + +This function will set a callback function to be used when +required to access a protected object. This function overrides any other +global PIN functions. + +Note that this function must be called right after initialization +to have effect. + +@strong{Since:} 3.1.0 +@end deftypefun diff --git a/doc/functions/gnutls_certificate_set_pin_function.short b/doc/functions/gnutls_certificate_set_pin_function.short new file mode 100644 index 0000000..2f70b56 --- /dev/null +++ b/doc/functions/gnutls_certificate_set_pin_function.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_certificate_set_pin_function} (gnutls_certificate_credentials_t @var{cred}, gnutls_pin_callback_t @var{fn}, void * @var{userdata}) diff --git a/doc/functions/gnutls_certificate_set_rawpk_key_file b/doc/functions/gnutls_certificate_set_rawpk_key_file new file mode 100644 index 0000000..4e7c505 --- /dev/null +++ b/doc/functions/gnutls_certificate_set_rawpk_key_file @@ -0,0 +1,66 @@ + + + + +@deftypefun {int} {gnutls_certificate_set_rawpk_key_file} (gnutls_certificate_credentials_t @var{cred}, const char* @var{rawpkfile}, const char* @var{privkeyfile}, gnutls_x509_crt_fmt_t @var{format}, const char * @var{pass}, unsigned int @var{key_usage}, const char ** @var{names}, unsigned int @var{names_length}, unsigned int @var{privkey_flags}, unsigned int @var{pkcs11_flags}) +@var{cred}: is a @code{gnutls_certificate_credentials_t} type. + +@var{rawpkfile}: contains a raw public key in +PKIX.SubjectPublicKeyInfo format. + +@var{privkeyfile}: contains a file path to a private key. + +@var{format}: encoding of the keys. DER or PEM. + +@var{pass}: an optional password to unlock the private key privkeyfile. + +@var{key_usage}: an ORed sequence of @code{GNUTLS_KEY_} * flags. + +@var{names}: is an array of DNS names belonging to the public-key (NULL if none). + +@var{names_length}: holds the length of the names list. + +@var{privkey_flags}: an ORed sequence of @code{gnutls_pkcs_encrypt_flags_t} . +These apply to the private key pkey. + +@var{pkcs11_flags}: one of gnutls_pkcs11_obj_flags. These apply to URLs. + +This function sets a public/private keypair read from file in the +@code{gnutls_certificate_credentials_t} type to be used for authentication +and/or encryption. @code{spki} and @code{privkey} should match otherwise set +signatures cannot be validated. In case of no match this function +returns @code{GNUTLS_E_CERTIFICATE_KEY_MISMATCH} . This function should +be called once for the client because there is currently no mechanism +to determine which raw public-key to select for the peer when there +are multiple present. Multiple raw public keys for the server can be +distinghuished by setting the @code{names} . + +Note here that @code{spki} is a raw public-key as defined +in RFC7250. It means that there is no surrounding certificate that +holds the public key and that there is therefore no direct mechanism +to prove the authenticity of this key. The keypair can be used during +a TLS handshake but its authenticity should be established via a +different mechanism (e.g. TOFU or known fingerprint). + +The supported formats are basic unencrypted key, PKCS8, PKCS12, +and the openssl format and will be autodetected. + +If the raw public-key and the private key are given in PEM encoding +then the strings that hold their values must be null terminated. + +Key usage (as defined by X.509 extension (2.5.29.15)) can be explicitly +set because there is no certificate structure around the key to define +this value. See for more info @code{gnutls_x509_crt_get_key_usage()} . + +Note that, this function by default returns zero on success and a +negative value on error. Since 3.5.6, when the flag @code{GNUTLS_CERTIFICATE_API_V2} +is set using @code{gnutls_certificate_set_flags()} it returns an index +(greater or equal to zero). That index can be used in other functions +to refer to the added key-pair. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, in case the +key pair does not match @code{GNUTLS_E_CERTIFICATE_KEY_MISMATCH} is returned, +in other erroneous cases a different negative error code is returned. + +@strong{Since:} 3.6.6 +@end deftypefun diff --git a/doc/functions/gnutls_certificate_set_rawpk_key_file.short b/doc/functions/gnutls_certificate_set_rawpk_key_file.short new file mode 100644 index 0000000..f9447a3 --- /dev/null +++ b/doc/functions/gnutls_certificate_set_rawpk_key_file.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_certificate_set_rawpk_key_file} (gnutls_certificate_credentials_t @var{cred}, const char* @var{rawpkfile}, const char* @var{privkeyfile}, gnutls_x509_crt_fmt_t @var{format}, const char * @var{pass}, unsigned int @var{key_usage}, const char ** @var{names}, unsigned int @var{names_length}, unsigned int @var{privkey_flags}, unsigned int @var{pkcs11_flags}) diff --git a/doc/functions/gnutls_certificate_set_rawpk_key_mem b/doc/functions/gnutls_certificate_set_rawpk_key_mem new file mode 100644 index 0000000..1794514 --- /dev/null +++ b/doc/functions/gnutls_certificate_set_rawpk_key_mem @@ -0,0 +1,64 @@ + + + + +@deftypefun {int} {gnutls_certificate_set_rawpk_key_mem} (gnutls_certificate_credentials_t @var{cred}, const gnutls_datum_t* @var{spki}, const gnutls_datum_t* @var{pkey}, gnutls_x509_crt_fmt_t @var{format}, const char* @var{pass}, unsigned int @var{key_usage}, const char ** @var{names}, unsigned int @var{names_length}, unsigned int @var{flags}) +@var{cred}: is a @code{gnutls_certificate_credentials_t} type. + +@var{spki}: contains a raw public key in +PKIX.SubjectPublicKeyInfo format. + +@var{pkey}: contains a raw private key. + +@var{format}: encoding of the keys. DER or PEM. + +@var{pass}: an optional password to unlock the private key pkey. + +@var{key_usage}: An ORed sequence of @code{GNUTLS_KEY_} * flags. + +@var{names}: is an array of DNS names belonging to the public-key (NULL if none). + +@var{names_length}: holds the length of the names list. + +@var{flags}: an ORed sequence of @code{gnutls_pkcs_encrypt_flags_t} . +These apply to the private key pkey. + +This function sets a public/private keypair in the +@code{gnutls_certificate_credentials_t} type to be used for authentication +and/or encryption. @code{spki} and @code{privkey} should match otherwise set +signatures cannot be validated. In case of no match this function +returns @code{GNUTLS_E_CERTIFICATE_KEY_MISMATCH} . This function should +be called once for the client because there is currently no mechanism +to determine which raw public-key to select for the peer when there +are multiple present. Multiple raw public keys for the server can be +distinghuished by setting the @code{names} . + +Note here that @code{spki} is a raw public-key as defined +in RFC7250. It means that there is no surrounding certificate that +holds the public key and that there is therefore no direct mechanism +to prove the authenticity of this key. The keypair can be used during +a TLS handshake but its authenticity should be established via a +different mechanism (e.g. TOFU or known fingerprint). + +The supported formats are basic unencrypted key, PKCS8, PKCS12, +and the openssl format and will be autodetected. + +If the raw public-key and the private key are given in PEM encoding +then the strings that hold their values must be null terminated. + +Key usage (as defined by X.509 extension (2.5.29.15)) can be explicitly +set because there is no certificate structure around the key to define +this value. See for more info @code{gnutls_x509_crt_get_key_usage()} . + +Note that, this function by default returns zero on success and a +negative value on error. Since 3.5.6, when the flag @code{GNUTLS_CERTIFICATE_API_V2} +is set using @code{gnutls_certificate_set_flags()} it returns an index +(greater or equal to zero). That index can be used in other functions +to refer to the added key-pair. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, in case the +key pair does not match @code{GNUTLS_E_CERTIFICATE_KEY_MISMATCH} is returned, +in other erroneous cases a different negative error code is returned. + +@strong{Since:} 3.6.6 +@end deftypefun diff --git a/doc/functions/gnutls_certificate_set_rawpk_key_mem.short b/doc/functions/gnutls_certificate_set_rawpk_key_mem.short new file mode 100644 index 0000000..11bf548 --- /dev/null +++ b/doc/functions/gnutls_certificate_set_rawpk_key_mem.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_certificate_set_rawpk_key_mem} (gnutls_certificate_credentials_t @var{cred}, const gnutls_datum_t* @var{spki}, const gnutls_datum_t* @var{pkey}, gnutls_x509_crt_fmt_t @var{format}, const char* @var{pass}, unsigned int @var{key_usage}, const char ** @var{names}, unsigned int @var{names_length}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_certificate_set_retrieve_function b/doc/functions/gnutls_certificate_set_retrieve_function new file mode 100644 index 0000000..6a71296 --- /dev/null +++ b/doc/functions/gnutls_certificate_set_retrieve_function @@ -0,0 +1,44 @@ + + + + +@deftypefun {void} {gnutls_certificate_set_retrieve_function} (gnutls_certificate_credentials_t @var{cred}, gnutls_certificate_retrieve_function * @var{func}) +@var{cred}: is a @code{gnutls_certificate_credentials_t} type. + +@var{func}: is the callback function + +This function sets a callback to be called in order to retrieve the +certificate to be used in the handshake. The callback will take control +only if a certificate is requested by the peer. You are advised +to use @code{gnutls_certificate_set_retrieve_function2()} because it +is much more efficient in the processing it requires from gnutls. + +The callback's function prototype is: +int (*callback)(gnutls_session_t, const gnutls_datum_t* req_ca_dn, int nreqs, +const gnutls_pk_algorithm_t* pk_algos, int pk_algos_length, gnutls_retr2_st* st); + + @code{req_ca_dn} is only used in X.509 certificates. +Contains a list with the CA names that the server considers trusted. +This is a hint and typically the client should send a certificate that is signed +by one of these CAs. These names, when available, are DER encoded. To get a more +meaningful value use the function @code{gnutls_x509_rdn_get()} . + + @code{pk_algos} contains a list with server's acceptable public key algorithms. +The certificate returned should support the server's given algorithms. + + @code{st} should contain the certificates and private keys. + +If the callback function is provided then gnutls will call it, in the +handshake, after the certificate request message has been received. + +In server side pk_algos and req_ca_dn are NULL. + +The callback function should set the certificate list to be sent, +and return 0 on success. If no certificate was selected then the +number of certificates should be set to zero. The value (-1) +indicates error and the handshake will be terminated. If both certificates +are set in the credentials and a callback is available, the callback +takes predence. + +@strong{Since:} 3.0 +@end deftypefun diff --git a/doc/functions/gnutls_certificate_set_retrieve_function.short b/doc/functions/gnutls_certificate_set_retrieve_function.short new file mode 100644 index 0000000..8ac255e --- /dev/null +++ b/doc/functions/gnutls_certificate_set_retrieve_function.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_certificate_set_retrieve_function} (gnutls_certificate_credentials_t @var{cred}, gnutls_certificate_retrieve_function * @var{func}) diff --git a/doc/functions/gnutls_certificate_set_retrieve_function2 b/doc/functions/gnutls_certificate_set_retrieve_function2 new file mode 100644 index 0000000..0ee67f6 --- /dev/null +++ b/doc/functions/gnutls_certificate_set_retrieve_function2 @@ -0,0 +1,49 @@ + + + + +@deftypefun {void} {gnutls_certificate_set_retrieve_function2} (gnutls_certificate_credentials_t @var{cred}, gnutls_certificate_retrieve_function2 * @var{func}) +@var{cred}: is a @code{gnutls_certificate_credentials_t} type. + +@var{func}: is the callback function + +This function sets a callback to be called in order to retrieve the +certificate to be used in the handshake. The callback will take control +only if a certificate is requested by the peer. + +The callback's function prototype is: +int (*callback)(gnutls_session_t, const gnutls_datum_t* req_ca_dn, int nreqs, +const gnutls_pk_algorithm_t* pk_algos, int pk_algos_length, gnutls_pcert_st** pcert, +unsigned int *pcert_length, gnutls_privkey_t * pkey); + + @code{req_ca_dn} is only used in X.509 certificates. +Contains a list with the CA names that the server considers trusted. +This is a hint and typically the client should send a certificate that is signed +by one of these CAs. These names, when available, are DER encoded. To get a more +meaningful value use the function @code{gnutls_x509_rdn_get()} . + + @code{pk_algos} contains a list with server's acceptable public key algorithms. +The certificate returned should support the server's given algorithms. + + @code{pcert} should contain a single certificate and public key or a list of them. + + @code{pcert_length} is the size of the previous list. + + @code{pkey} is the private key. + +If the callback function is provided then gnutls will call it, in the +handshake, after the certificate request message has been received. +All the provided by the callback values will not be released or +modified by gnutls. + +In server side pk_algos and req_ca_dn are NULL. + +The callback function should set the certificate list to be sent, +and return 0 on success. If no certificate was selected then the +number of certificates should be set to zero. The value (-1) +indicates error and the handshake will be terminated. If both certificates +are set in the credentials and a callback is available, the callback +takes predence. + +@strong{Since:} 3.0 +@end deftypefun diff --git a/doc/functions/gnutls_certificate_set_retrieve_function2.short b/doc/functions/gnutls_certificate_set_retrieve_function2.short new file mode 100644 index 0000000..8eb7cdd --- /dev/null +++ b/doc/functions/gnutls_certificate_set_retrieve_function2.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_certificate_set_retrieve_function2} (gnutls_certificate_credentials_t @var{cred}, gnutls_certificate_retrieve_function2 * @var{func}) diff --git a/doc/functions/gnutls_certificate_set_retrieve_function3 b/doc/functions/gnutls_certificate_set_retrieve_function3 new file mode 100644 index 0000000..49d2645 --- /dev/null +++ b/doc/functions/gnutls_certificate_set_retrieve_function3 @@ -0,0 +1,49 @@ + + + + +@deftypefun {void} {gnutls_certificate_set_retrieve_function3} (gnutls_certificate_credentials_t @var{cred}, gnutls_certificate_retrieve_function3 * @var{func}) +@var{cred}: is a @code{gnutls_certificate_credentials_t} type. + +@var{func}: is the callback function + +This function sets a callback to be called in order to retrieve the +certificate and OCSP responses to be used in the handshake. @code{func} will +be called only if the peer requests a certificate either during handshake +or during post-handshake authentication. + +The callback's function prototype is defined in `abstract.h': +int (*callback)(gnutls_session_t, const struct gnutls_cert_retr_st *info, +gnutls_pcert_st **certs, unsigned int *pcert_length, +gnutls_datum_t **ocsp, unsigned int *ocsp_length, +gnutls_privkey_t * pkey, unsigned int *flags); + +The info field of the callback contains: + @code{req_ca_dn} which is a list with the CA names that the server considers trusted. +This is a hint and typically the client should send a certificate that is signed +by one of these CAs. These names, when available, are DER encoded. To get a more +meaningful value use the function @code{gnutls_x509_rdn_get()} . + @code{pk_algos} contains a list with server's acceptable public key algorithms. +The certificate returned should support the server's given algorithms. + +The callback should fill-in the following values. + + @code{pcert} should contain an allocated list of certificates and public keys. + @code{pcert_length} is the size of the previous list. + @code{ocsp} should contain an allocated list of OCSP responses. + @code{ocsp_length} is the size of the previous list. + @code{pkey} is the private key. + +If flags in the callback are set to @code{GNUTLS_CERT_RETR_DEINIT_ALL} then +all provided values must be allocated using @code{gnutls_malloc()} , and will +be released by gnutls; otherwise they will not be touched by gnutls. + +The callback function should set the certificate and OCSP response +list to be sent, and return 0 on success. If no certificates are available, +the @code{pcert_length} and @code{ocsp_length} should be set to zero. The return +value (-1) indicates error and the handshake will be terminated. If both +certificates are set in the credentials and a callback is available, the +callback takes predence. + +@strong{Since:} 3.6.3 +@end deftypefun diff --git a/doc/functions/gnutls_certificate_set_retrieve_function3.short b/doc/functions/gnutls_certificate_set_retrieve_function3.short new file mode 100644 index 0000000..98c5567 --- /dev/null +++ b/doc/functions/gnutls_certificate_set_retrieve_function3.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_certificate_set_retrieve_function3} (gnutls_certificate_credentials_t @var{cred}, gnutls_certificate_retrieve_function3 * @var{func}) diff --git a/doc/functions/gnutls_certificate_set_trust_list b/doc/functions/gnutls_certificate_set_trust_list new file mode 100644 index 0000000..d71cbaf --- /dev/null +++ b/doc/functions/gnutls_certificate_set_trust_list @@ -0,0 +1,21 @@ + + + + +@deftypefun {void} {gnutls_certificate_set_trust_list} (gnutls_certificate_credentials_t @var{res}, gnutls_x509_trust_list_t @var{tlist}, unsigned @var{flags}) +@var{res}: is a @code{gnutls_certificate_credentials_t} type. + +@var{tlist}: is a @code{gnutls_x509_trust_list_t} type + +@var{flags}: must be zero + +This function sets a trust list in the gnutls_certificate_credentials_t type. + +Note that the @code{tlist} will become part of the credentials +structure and must not be deallocated. It will be automatically deallocated +when the @code{res} structure is deinitialized. + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} (0) on success, or a negative error code. + +@strong{Since:} 3.2.2 +@end deftypefun diff --git a/doc/functions/gnutls_certificate_set_trust_list.short b/doc/functions/gnutls_certificate_set_trust_list.short new file mode 100644 index 0000000..98ba095 --- /dev/null +++ b/doc/functions/gnutls_certificate_set_trust_list.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_certificate_set_trust_list} (gnutls_certificate_credentials_t @var{res}, gnutls_x509_trust_list_t @var{tlist}, unsigned @var{flags}) diff --git a/doc/functions/gnutls_certificate_set_verify_flags b/doc/functions/gnutls_certificate_set_verify_flags new file mode 100644 index 0000000..bc7da3d --- /dev/null +++ b/doc/functions/gnutls_certificate_set_verify_flags @@ -0,0 +1,13 @@ + + + + +@deftypefun {void} {gnutls_certificate_set_verify_flags} (gnutls_certificate_credentials_t @var{res}, unsigned int @var{flags}) +@var{res}: is a gnutls_certificate_credentials_t type + +@var{flags}: are the flags + +This function will set the flags to be used for verification +of certificates and override any defaults. The provided flags must be an OR of the +@code{gnutls_certificate_verify_flags} enumerations. +@end deftypefun diff --git a/doc/functions/gnutls_certificate_set_verify_flags.short b/doc/functions/gnutls_certificate_set_verify_flags.short new file mode 100644 index 0000000..8962d50 --- /dev/null +++ b/doc/functions/gnutls_certificate_set_verify_flags.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_certificate_set_verify_flags} (gnutls_certificate_credentials_t @var{res}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_certificate_set_verify_function b/doc/functions/gnutls_certificate_set_verify_function new file mode 100644 index 0000000..849e760 --- /dev/null +++ b/doc/functions/gnutls_certificate_set_verify_function @@ -0,0 +1,27 @@ + + + + +@deftypefun {void} {gnutls_certificate_set_verify_function} (gnutls_certificate_credentials_t @var{cred}, gnutls_certificate_verify_function * @var{func}) +@var{cred}: is a @code{gnutls_certificate_credentials_t} type. + +@var{func}: is the callback function + +This function sets a callback to be called when peer's certificate +has been received in order to verify it on receipt rather than +doing after the handshake is completed. + +The callback's function prototype is: +int (*callback)(gnutls_session_t); + +If the callback function is provided then gnutls will call it, in the +handshake, just after the certificate message has been received. +To verify or obtain the certificate the @code{gnutls_certificate_verify_peers2()} , +@code{gnutls_certificate_type_get()} , @code{gnutls_certificate_get_peers()} functions +can be used. + +The callback function should return 0 for the handshake to continue +or non-zero to terminate. + +@strong{Since:} 2.10.0 +@end deftypefun diff --git a/doc/functions/gnutls_certificate_set_verify_function.short b/doc/functions/gnutls_certificate_set_verify_function.short new file mode 100644 index 0000000..a5b2315 --- /dev/null +++ b/doc/functions/gnutls_certificate_set_verify_function.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_certificate_set_verify_function} (gnutls_certificate_credentials_t @var{cred}, gnutls_certificate_verify_function * @var{func}) diff --git a/doc/functions/gnutls_certificate_set_verify_limits b/doc/functions/gnutls_certificate_set_verify_limits new file mode 100644 index 0000000..93cd5fe --- /dev/null +++ b/doc/functions/gnutls_certificate_set_verify_limits @@ -0,0 +1,16 @@ + + + + +@deftypefun {void} {gnutls_certificate_set_verify_limits} (gnutls_certificate_credentials_t @var{res}, unsigned int @var{max_bits}, unsigned int @var{max_depth}) +@var{res}: is a gnutls_certificate_credentials type + +@var{max_bits}: is the number of bits of an acceptable certificate (default 8200) + +@var{max_depth}: is maximum depth of the verification of a certificate chain (default 5) + +This function will set some upper limits for the default +verification function, @code{gnutls_certificate_verify_peers2()} , to avoid +denial of service attacks. You can set them to zero to disable +limits. +@end deftypefun diff --git a/doc/functions/gnutls_certificate_set_verify_limits.short b/doc/functions/gnutls_certificate_set_verify_limits.short new file mode 100644 index 0000000..e526134 --- /dev/null +++ b/doc/functions/gnutls_certificate_set_verify_limits.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_certificate_set_verify_limits} (gnutls_certificate_credentials_t @var{res}, unsigned int @var{max_bits}, unsigned int @var{max_depth}) diff --git a/doc/functions/gnutls_certificate_set_x509_crl b/doc/functions/gnutls_certificate_set_x509_crl new file mode 100644 index 0000000..868a974 --- /dev/null +++ b/doc/functions/gnutls_certificate_set_x509_crl @@ -0,0 +1,21 @@ + + + + +@deftypefun {int} {gnutls_certificate_set_x509_crl} (gnutls_certificate_credentials_t @var{res}, gnutls_x509_crl_t * @var{crl_list}, int @var{crl_list_size}) +@var{res}: is a @code{gnutls_certificate_credentials_t} type. + +@var{crl_list}: is a list of trusted CRLs. They should have been verified before. + +@var{crl_list_size}: holds the size of the crl_list + +This function adds the trusted CRLs in order to verify client or +server certificates. In case of a client this is not required to +be called if the certificates are not verified using +@code{gnutls_certificate_verify_peers2()} . This function may be called +multiple times. + +@strong{Returns:} number of CRLs processed, or a negative error code on error. + +@strong{Since:} 2.4.0 +@end deftypefun diff --git a/doc/functions/gnutls_certificate_set_x509_crl.short b/doc/functions/gnutls_certificate_set_x509_crl.short new file mode 100644 index 0000000..fea31fd --- /dev/null +++ b/doc/functions/gnutls_certificate_set_x509_crl.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_certificate_set_x509_crl} (gnutls_certificate_credentials_t @var{res}, gnutls_x509_crl_t * @var{crl_list}, int @var{crl_list_size}) diff --git a/doc/functions/gnutls_certificate_set_x509_crl_file b/doc/functions/gnutls_certificate_set_x509_crl_file new file mode 100644 index 0000000..6a7d558 --- /dev/null +++ b/doc/functions/gnutls_certificate_set_x509_crl_file @@ -0,0 +1,19 @@ + + + + +@deftypefun {int} {gnutls_certificate_set_x509_crl_file} (gnutls_certificate_credentials_t @var{res}, const char * @var{crlfile}, gnutls_x509_crt_fmt_t @var{type}) +@var{res}: is a @code{gnutls_certificate_credentials_t} type. + +@var{crlfile}: is a file containing the list of verified CRLs (DER or PEM list) + +@var{type}: is PEM or DER + +This function adds the trusted CRLs in order to verify client or server +certificates. In case of a client this is not required +to be called if the certificates are not verified using +@code{gnutls_certificate_verify_peers2()} . +This function may be called multiple times. + +@strong{Returns:} number of CRLs processed or a negative error code on error. +@end deftypefun diff --git a/doc/functions/gnutls_certificate_set_x509_crl_file.short b/doc/functions/gnutls_certificate_set_x509_crl_file.short new file mode 100644 index 0000000..20007cb --- /dev/null +++ b/doc/functions/gnutls_certificate_set_x509_crl_file.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_certificate_set_x509_crl_file} (gnutls_certificate_credentials_t @var{res}, const char * @var{crlfile}, gnutls_x509_crt_fmt_t @var{type}) diff --git a/doc/functions/gnutls_certificate_set_x509_crl_mem b/doc/functions/gnutls_certificate_set_x509_crl_mem new file mode 100644 index 0000000..a58545c --- /dev/null +++ b/doc/functions/gnutls_certificate_set_x509_crl_mem @@ -0,0 +1,19 @@ + + + + +@deftypefun {int} {gnutls_certificate_set_x509_crl_mem} (gnutls_certificate_credentials_t @var{res}, const gnutls_datum_t * @var{CRL}, gnutls_x509_crt_fmt_t @var{type}) +@var{res}: is a @code{gnutls_certificate_credentials_t} type. + +@var{CRL}: is a list of trusted CRLs. They should have been verified before. + +@var{type}: is DER or PEM + +This function adds the trusted CRLs in order to verify client or +server certificates. In case of a client this is not required to +be called if the certificates are not verified using +@code{gnutls_certificate_verify_peers2()} . This function may be called +multiple times. + +@strong{Returns:} number of CRLs processed, or a negative error code on error. +@end deftypefun diff --git a/doc/functions/gnutls_certificate_set_x509_crl_mem.short b/doc/functions/gnutls_certificate_set_x509_crl_mem.short new file mode 100644 index 0000000..1f32114 --- /dev/null +++ b/doc/functions/gnutls_certificate_set_x509_crl_mem.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_certificate_set_x509_crl_mem} (gnutls_certificate_credentials_t @var{res}, const gnutls_datum_t * @var{CRL}, gnutls_x509_crt_fmt_t @var{type}) diff --git a/doc/functions/gnutls_certificate_set_x509_key b/doc/functions/gnutls_certificate_set_x509_key new file mode 100644 index 0000000..d26592f --- /dev/null +++ b/doc/functions/gnutls_certificate_set_x509_key @@ -0,0 +1,34 @@ + + + + +@deftypefun {int} {gnutls_certificate_set_x509_key} (gnutls_certificate_credentials_t @var{res}, gnutls_x509_crt_t * @var{cert_list}, int @var{cert_list_size}, gnutls_x509_privkey_t @var{key}) +@var{res}: is a @code{gnutls_certificate_credentials_t} type. + +@var{cert_list}: contains a certificate list (path) for the specified private key + +@var{cert_list_size}: holds the size of the certificate list + +@var{key}: is a @code{gnutls_x509_privkey_t} key + +This function sets a certificate/private key pair in the +gnutls_certificate_credentials_t type. This function may be +called more than once, in case multiple keys/certificates exist for +the server. For clients that wants to send more than their own end +entity certificate (e.g., also an intermediate CA cert) then put +the certificate chain in @code{cert_list} . + +Note that the certificates and keys provided, can be safely deinitialized +after this function is called. + +If that function fails to load the @code{res} type is at an undefined state, it must +not be reused to load other keys or certificates. + +Note that, this function by default returns zero on success and a negative value on error. +Since 3.5.6, when the flag @code{GNUTLS_CERTIFICATE_API_V2} is set using @code{gnutls_certificate_set_flags()} +it returns an index (greater or equal to zero). That index can be used to other functions to refer to the added key-pair. + +@strong{Returns:} On success this functions returns zero, and otherwise a negative value on error (see above for modifying that behavior). + +@strong{Since:} 2.4.0 +@end deftypefun diff --git a/doc/functions/gnutls_certificate_set_x509_key.short b/doc/functions/gnutls_certificate_set_x509_key.short new file mode 100644 index 0000000..41f400c --- /dev/null +++ b/doc/functions/gnutls_certificate_set_x509_key.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_certificate_set_x509_key} (gnutls_certificate_credentials_t @var{res}, gnutls_x509_crt_t * @var{cert_list}, int @var{cert_list_size}, gnutls_x509_privkey_t @var{key}) diff --git a/doc/functions/gnutls_certificate_set_x509_key_file b/doc/functions/gnutls_certificate_set_x509_key_file new file mode 100644 index 0000000..3f2e0f1 --- /dev/null +++ b/doc/functions/gnutls_certificate_set_x509_key_file @@ -0,0 +1,43 @@ + + + + +@deftypefun {int} {gnutls_certificate_set_x509_key_file} (gnutls_certificate_credentials_t @var{res}, const char * @var{certfile}, const char * @var{keyfile}, gnutls_x509_crt_fmt_t @var{type}) +@var{res}: is a @code{gnutls_certificate_credentials_t} type. + +@var{certfile}: is a file that containing the certificate list (path) for +the specified private key, in PKCS7 format, or a list of certificates + +@var{keyfile}: is a file that contains the private key + +@var{type}: is PEM or DER + +This function sets a certificate/private key pair in the +gnutls_certificate_credentials_t type. This function may be +called more than once, in case multiple keys/certificates exist for +the server. For clients that need to send more than its own end +entity certificate, e.g., also an intermediate CA cert, then the + @code{certfile} must contain the ordered certificate chain. + +Note that the names in the certificate provided will be considered +when selecting the appropriate certificate to use (in case of multiple +certificate/key pairs). + +This function can also accept URLs at @code{keyfile} and @code{certfile} . In that case it +will use the private key and certificate indicated by the URLs. Note +that the supported URLs are the ones indicated by @code{gnutls_url_is_supported()} . + +In case the @code{certfile} is provided as a PKCS @code{11} URL, then the certificate, and its +present issuers in the token are imported (i.e., forming the required trust chain). + +If that function fails to load the @code{res} structure is at an undefined state, it must +not be reused to load other keys or certificates. + +Note that, this function by default returns zero on success and a negative value on error. +Since 3.5.6, when the flag @code{GNUTLS_CERTIFICATE_API_V2} is set using @code{gnutls_certificate_set_flags()} +it returns an index (greater or equal to zero). That index can be used to other functions to refer to the added key-pair. + +@strong{Returns:} On success this functions returns zero, and otherwise a negative value on error (see above for modifying that behavior). + +@strong{Since:} 3.1.11 +@end deftypefun diff --git a/doc/functions/gnutls_certificate_set_x509_key_file.short b/doc/functions/gnutls_certificate_set_x509_key_file.short new file mode 100644 index 0000000..5a8e5dd --- /dev/null +++ b/doc/functions/gnutls_certificate_set_x509_key_file.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_certificate_set_x509_key_file} (gnutls_certificate_credentials_t @var{res}, const char * @var{certfile}, const char * @var{keyfile}, gnutls_x509_crt_fmt_t @var{type}) diff --git a/doc/functions/gnutls_certificate_set_x509_key_file2 b/doc/functions/gnutls_certificate_set_x509_key_file2 new file mode 100644 index 0000000..5c817ed --- /dev/null +++ b/doc/functions/gnutls_certificate_set_x509_key_file2 @@ -0,0 +1,47 @@ + + + + +@deftypefun {int} {gnutls_certificate_set_x509_key_file2} (gnutls_certificate_credentials_t @var{res}, const char * @var{certfile}, const char * @var{keyfile}, gnutls_x509_crt_fmt_t @var{type}, const char * @var{pass}, unsigned int @var{flags}) +@var{res}: is a @code{gnutls_certificate_credentials_t} type. + +@var{certfile}: is a file that containing the certificate list (path) for +the specified private key, in PKCS7 format, or a list of certificates + +@var{keyfile}: is a file that contains the private key + +@var{type}: is PEM or DER + +@var{pass}: is the password of the key + +@var{flags}: an ORed sequence of gnutls_pkcs_encrypt_flags_t + +This function sets a certificate/private key pair in the +gnutls_certificate_credentials_t type. This function may be +called more than once, in case multiple keys/certificates exist for +the server. For clients that need to send more than its own end +entity certificate, e.g., also an intermediate CA cert, then the + @code{certfile} must contain the ordered certificate chain. + +Note that the names in the certificate provided will be considered +when selecting the appropriate certificate to use (in case of multiple +certificate/key pairs). + +This function can also accept URLs at @code{keyfile} and @code{certfile} . In that case it +will use the private key and certificate indicated by the URLs. Note +that the supported URLs are the ones indicated by @code{gnutls_url_is_supported()} . +Before GnuTLS 3.4.0 when a URL was specified, the @code{pass} part was ignored and a +PIN callback had to be registered, this is no longer the case in current releases. + +In case the @code{certfile} is provided as a PKCS @code{11} URL, then the certificate, and its +present issuers in the token are imported (i.e., forming the required trust chain). + +If that function fails to load the @code{res} structure is at an undefined state, it must +not be reused to load other keys or certificates. + +Note that, this function by default returns zero on success and a negative value on error. +Since 3.5.6, when the flag @code{GNUTLS_CERTIFICATE_API_V2} is set using @code{gnutls_certificate_set_flags()} +it returns an index (greater or equal to zero). That index can be used to other functions to refer to the added key-pair. + +@strong{Returns:} On success this functions returns zero, and otherwise a negative value on error (see above for modifying that behavior). +@end deftypefun diff --git a/doc/functions/gnutls_certificate_set_x509_key_file2.short b/doc/functions/gnutls_certificate_set_x509_key_file2.short new file mode 100644 index 0000000..2482504 --- /dev/null +++ b/doc/functions/gnutls_certificate_set_x509_key_file2.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_certificate_set_x509_key_file2} (gnutls_certificate_credentials_t @var{res}, const char * @var{certfile}, const char * @var{keyfile}, gnutls_x509_crt_fmt_t @var{type}, const char * @var{pass}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_certificate_set_x509_key_mem b/doc/functions/gnutls_certificate_set_x509_key_mem new file mode 100644 index 0000000..8bfbf83 --- /dev/null +++ b/doc/functions/gnutls_certificate_set_x509_key_mem @@ -0,0 +1,34 @@ + + + + +@deftypefun {int} {gnutls_certificate_set_x509_key_mem} (gnutls_certificate_credentials_t @var{res}, const gnutls_datum_t * @var{cert}, const gnutls_datum_t * @var{key}, gnutls_x509_crt_fmt_t @var{type}) +@var{res}: is a @code{gnutls_certificate_credentials_t} type. + +@var{cert}: contains a certificate list (path) for the specified private key + +@var{key}: is the private key, or @code{NULL} + +@var{type}: is PEM or DER + +This function sets a certificate/private key pair in the +gnutls_certificate_credentials_t type. This function may be called +more than once, in case multiple keys/certificates exist for the +server. + +Note that the keyUsage (2.5.29.15) PKIX extension in X.509 certificates +is supported. This means that certificates intended for signing cannot +be used for ciphersuites that require encryption. + +If the certificate and the private key are given in PEM encoding +then the strings that hold their values must be null terminated. + +The @code{key} may be @code{NULL} if you are using a sign callback, see +@code{gnutls_sign_callback_set()} . + +Note that, this function by default returns zero on success and a negative value on error. +Since 3.5.6, when the flag @code{GNUTLS_CERTIFICATE_API_V2} is set using @code{gnutls_certificate_set_flags()} +it returns an index (greater or equal to zero). That index can be used to other functions to refer to the added key-pair. + +@strong{Returns:} On success this functions returns zero, and otherwise a negative value on error (see above for modifying that behavior). +@end deftypefun diff --git a/doc/functions/gnutls_certificate_set_x509_key_mem.short b/doc/functions/gnutls_certificate_set_x509_key_mem.short new file mode 100644 index 0000000..49dcd69 --- /dev/null +++ b/doc/functions/gnutls_certificate_set_x509_key_mem.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_certificate_set_x509_key_mem} (gnutls_certificate_credentials_t @var{res}, const gnutls_datum_t * @var{cert}, const gnutls_datum_t * @var{key}, gnutls_x509_crt_fmt_t @var{type}) diff --git a/doc/functions/gnutls_certificate_set_x509_key_mem2 b/doc/functions/gnutls_certificate_set_x509_key_mem2 new file mode 100644 index 0000000..4dba37c --- /dev/null +++ b/doc/functions/gnutls_certificate_set_x509_key_mem2 @@ -0,0 +1,38 @@ + + + + +@deftypefun {int} {gnutls_certificate_set_x509_key_mem2} (gnutls_certificate_credentials_t @var{res}, const gnutls_datum_t * @var{cert}, const gnutls_datum_t * @var{key}, gnutls_x509_crt_fmt_t @var{type}, const char * @var{pass}, unsigned int @var{flags}) +@var{res}: is a @code{gnutls_certificate_credentials_t} type. + +@var{cert}: contains a certificate list (path) for the specified private key + +@var{key}: is the private key, or @code{NULL} + +@var{type}: is PEM or DER + +@var{pass}: is the key's password + +@var{flags}: an ORed sequence of gnutls_pkcs_encrypt_flags_t + +This function sets a certificate/private key pair in the +gnutls_certificate_credentials_t type. This function may be called +more than once, in case multiple keys/certificates exist for the +server. + +Note that the keyUsage (2.5.29.15) PKIX extension in X.509 certificates +is supported. This means that certificates intended for signing cannot +be used for ciphersuites that require encryption. + +If the certificate and the private key are given in PEM encoding +then the strings that hold their values must be null terminated. + +The @code{key} may be @code{NULL} if you are using a sign callback, see +@code{gnutls_sign_callback_set()} . + +Note that, this function by default returns zero on success and a negative value on error. +Since 3.5.6, when the flag @code{GNUTLS_CERTIFICATE_API_V2} is set using @code{gnutls_certificate_set_flags()} +it returns an index (greater or equal to zero). That index can be used to other functions to refer to the added key-pair. + +@strong{Returns:} On success this functions returns zero, and otherwise a negative value on error (see above for modifying that behavior). +@end deftypefun diff --git a/doc/functions/gnutls_certificate_set_x509_key_mem2.short b/doc/functions/gnutls_certificate_set_x509_key_mem2.short new file mode 100644 index 0000000..5280754 --- /dev/null +++ b/doc/functions/gnutls_certificate_set_x509_key_mem2.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_certificate_set_x509_key_mem2} (gnutls_certificate_credentials_t @var{res}, const gnutls_datum_t * @var{cert}, const gnutls_datum_t * @var{key}, gnutls_x509_crt_fmt_t @var{type}, const char * @var{pass}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_certificate_set_x509_simple_pkcs12_file b/doc/functions/gnutls_certificate_set_x509_simple_pkcs12_file new file mode 100644 index 0000000..1844641 --- /dev/null +++ b/doc/functions/gnutls_certificate_set_x509_simple_pkcs12_file @@ -0,0 +1,43 @@ + + + + +@deftypefun {int} {gnutls_certificate_set_x509_simple_pkcs12_file} (gnutls_certificate_credentials_t @var{res}, const char * @var{pkcs12file}, gnutls_x509_crt_fmt_t @var{type}, const char * @var{password}) +@var{res}: is a @code{gnutls_certificate_credentials_t} type. + +@var{pkcs12file}: filename of file containing PKCS@code{12} blob. + +@var{type}: is PEM or DER of the @code{pkcs12file} . + +@var{password}: optional password used to decrypt PKCS@code{12} file, bags and keys. + +This function sets a certificate/private key pair and/or a CRL in +the gnutls_certificate_credentials_t type. This function may +be called more than once (in case multiple keys/certificates exist +for the server). + +PKCS@code{12} files with a MAC, encrypted bags and PKCS @code{8} +private keys are supported. However, +only password based security, and the same password for all +operations, are supported. + +PKCS@code{12} file may contain many keys and/or certificates, and this +function will try to auto-detect based on the key ID the certificate +and key pair to use. If the PKCS@code{12} file contain the issuer of +the selected certificate, it will be appended to the certificate +to form a chain. + +If more than one private keys are stored in the PKCS@code{12} file, +then only one key will be read (and it is undefined which one). + +It is believed that the limitations of this function is acceptable +for most usage, and that any more flexibility would introduce +complexity that would make it harder to use this functionality at +all. + +Note that, this function by default returns zero on success and a negative value on error. +Since 3.5.6, when the flag @code{GNUTLS_CERTIFICATE_API_V2} is set using @code{gnutls_certificate_set_flags()} +it returns an index (greater or equal to zero). That index can be used to other functions to refer to the added key-pair. + +@strong{Returns:} On success this functions returns zero, and otherwise a negative value on error (see above for modifying that behavior). +@end deftypefun diff --git a/doc/functions/gnutls_certificate_set_x509_simple_pkcs12_file.short b/doc/functions/gnutls_certificate_set_x509_simple_pkcs12_file.short new file mode 100644 index 0000000..e14c504 --- /dev/null +++ b/doc/functions/gnutls_certificate_set_x509_simple_pkcs12_file.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_certificate_set_x509_simple_pkcs12_file} (gnutls_certificate_credentials_t @var{res}, const char * @var{pkcs12file}, gnutls_x509_crt_fmt_t @var{type}, const char * @var{password}) diff --git a/doc/functions/gnutls_certificate_set_x509_simple_pkcs12_mem b/doc/functions/gnutls_certificate_set_x509_simple_pkcs12_mem new file mode 100644 index 0000000..5bcf0f1 --- /dev/null +++ b/doc/functions/gnutls_certificate_set_x509_simple_pkcs12_mem @@ -0,0 +1,44 @@ + + + + +@deftypefun {int} {gnutls_certificate_set_x509_simple_pkcs12_mem} (gnutls_certificate_credentials_t @var{res}, const gnutls_datum_t * @var{p12blob}, gnutls_x509_crt_fmt_t @var{type}, const char * @var{password}) +@var{res}: is a @code{gnutls_certificate_credentials_t} type. + +@var{p12blob}: the PKCS@code{12} blob. + +@var{type}: is PEM or DER of the @code{pkcs12file} . + +@var{password}: optional password used to decrypt PKCS@code{12} file, bags and keys. + +This function sets a certificate/private key pair and/or a CRL in +the gnutls_certificate_credentials_t type. This function may +be called more than once (in case multiple keys/certificates exist +for the server). + +Encrypted PKCS@code{12} bags and PKCS@code{8} private keys are supported. However, +only password based security, and the same password for all +operations, are supported. + +PKCS@code{12} file may contain many keys and/or certificates, and this +function will try to auto-detect based on the key ID the certificate +and key pair to use. If the PKCS@code{12} file contain the issuer of +the selected certificate, it will be appended to the certificate +to form a chain. + +If more than one private keys are stored in the PKCS@code{12} file, +then only one key will be read (and it is undefined which one). + +It is believed that the limitations of this function is acceptable +for most usage, and that any more flexibility would introduce +complexity that would make it harder to use this functionality at +all. + +Note that, this function by default returns zero on success and a negative value on error. +Since 3.5.6, when the flag @code{GNUTLS_CERTIFICATE_API_V2} is set using @code{gnutls_certificate_set_flags()} +it returns an index (greater or equal to zero). That index can be used to other functions to refer to the added key-pair. + +@strong{Returns:} On success this functions returns zero, and otherwise a negative value on error (see above for modifying that behavior). + +@strong{Since:} 2.8.0 +@end deftypefun diff --git a/doc/functions/gnutls_certificate_set_x509_simple_pkcs12_mem.short b/doc/functions/gnutls_certificate_set_x509_simple_pkcs12_mem.short new file mode 100644 index 0000000..20e78fc --- /dev/null +++ b/doc/functions/gnutls_certificate_set_x509_simple_pkcs12_mem.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_certificate_set_x509_simple_pkcs12_mem} (gnutls_certificate_credentials_t @var{res}, const gnutls_datum_t * @var{p12blob}, gnutls_x509_crt_fmt_t @var{type}, const char * @var{password}) diff --git a/doc/functions/gnutls_certificate_set_x509_system_trust b/doc/functions/gnutls_certificate_set_x509_system_trust new file mode 100644 index 0000000..ec60c15 --- /dev/null +++ b/doc/functions/gnutls_certificate_set_x509_system_trust @@ -0,0 +1,18 @@ + + + + +@deftypefun {int} {gnutls_certificate_set_x509_system_trust} (gnutls_certificate_credentials_t @var{cred}) +@var{cred}: is a @code{gnutls_certificate_credentials_t} type. + +This function adds the system's default trusted CAs in order to +verify client or server certificates. + +In the case the system is currently unsupported @code{GNUTLS_E_UNIMPLEMENTED_FEATURE} +is returned. + +@strong{Returns:} the number of certificates processed or a negative error code +on error. + +@strong{Since:} 3.0.20 +@end deftypefun diff --git a/doc/functions/gnutls_certificate_set_x509_system_trust.short b/doc/functions/gnutls_certificate_set_x509_system_trust.short new file mode 100644 index 0000000..49d4afb --- /dev/null +++ b/doc/functions/gnutls_certificate_set_x509_system_trust.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_certificate_set_x509_system_trust} (gnutls_certificate_credentials_t @var{cred}) diff --git a/doc/functions/gnutls_certificate_set_x509_trust b/doc/functions/gnutls_certificate_set_x509_trust new file mode 100644 index 0000000..407b803 --- /dev/null +++ b/doc/functions/gnutls_certificate_set_x509_trust @@ -0,0 +1,26 @@ + + + + +@deftypefun {int} {gnutls_certificate_set_x509_trust} (gnutls_certificate_credentials_t @var{res}, gnutls_x509_crt_t * @var{ca_list}, int @var{ca_list_size}) +@var{res}: is a @code{gnutls_certificate_credentials_t} type. + +@var{ca_list}: is a list of trusted CAs + +@var{ca_list_size}: holds the size of the CA list + +This function adds the trusted CAs in order to verify client +or server certificates. In case of a client this is not required +to be called if the certificates are not verified using +@code{gnutls_certificate_verify_peers2()} . +This function may be called multiple times. + +In case of a server the CAs set here will be sent to the client if +a certificate request is sent. This can be disabled using +@code{gnutls_certificate_send_x509_rdn_sequence()} . + +@strong{Returns:} the number of certificates processed or a negative error code +on error. + +@strong{Since:} 2.4.0 +@end deftypefun diff --git a/doc/functions/gnutls_certificate_set_x509_trust.short b/doc/functions/gnutls_certificate_set_x509_trust.short new file mode 100644 index 0000000..9b57ad7 --- /dev/null +++ b/doc/functions/gnutls_certificate_set_x509_trust.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_certificate_set_x509_trust} (gnutls_certificate_credentials_t @var{res}, gnutls_x509_crt_t * @var{ca_list}, int @var{ca_list_size}) diff --git a/doc/functions/gnutls_certificate_set_x509_trust_dir b/doc/functions/gnutls_certificate_set_x509_trust_dir new file mode 100644 index 0000000..350eecd --- /dev/null +++ b/doc/functions/gnutls_certificate_set_x509_trust_dir @@ -0,0 +1,20 @@ + + + + +@deftypefun {int} {gnutls_certificate_set_x509_trust_dir} (gnutls_certificate_credentials_t @var{cred}, const char * @var{ca_dir}, gnutls_x509_crt_fmt_t @var{type}) +@var{cred}: is a @code{gnutls_certificate_credentials_t} type. + +@var{ca_dir}: is a directory containing the list of trusted CAs (DER or PEM list) + +@var{type}: is PEM or DER + +This function adds the trusted CAs present in the directory in order to +verify client or server certificates. This function is identical +to @code{gnutls_certificate_set_x509_trust_file()} but loads all certificates +in a directory. + +@strong{Returns:} the number of certificates processed + +@strong{Since:} 3.3.6 +@end deftypefun diff --git a/doc/functions/gnutls_certificate_set_x509_trust_dir.short b/doc/functions/gnutls_certificate_set_x509_trust_dir.short new file mode 100644 index 0000000..8f5e390 --- /dev/null +++ b/doc/functions/gnutls_certificate_set_x509_trust_dir.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_certificate_set_x509_trust_dir} (gnutls_certificate_credentials_t @var{cred}, const char * @var{ca_dir}, gnutls_x509_crt_fmt_t @var{type}) diff --git a/doc/functions/gnutls_certificate_set_x509_trust_file b/doc/functions/gnutls_certificate_set_x509_trust_file new file mode 100644 index 0000000..9a9a072 --- /dev/null +++ b/doc/functions/gnutls_certificate_set_x509_trust_file @@ -0,0 +1,27 @@ + + + + +@deftypefun {int} {gnutls_certificate_set_x509_trust_file} (gnutls_certificate_credentials_t @var{cred}, const char * @var{cafile}, gnutls_x509_crt_fmt_t @var{type}) +@var{cred}: is a @code{gnutls_certificate_credentials_t} type. + +@var{cafile}: is a file containing the list of trusted CAs (DER or PEM list) + +@var{type}: is PEM or DER + +This function adds the trusted CAs in order to verify client or +server certificates. In case of a client this is not required to +be called if the certificates are not verified using +@code{gnutls_certificate_verify_peers2()} . This function may be called +multiple times. + +In case of a server the names of the CAs set here will be sent to +the client if a certificate request is sent. This can be disabled +using @code{gnutls_certificate_send_x509_rdn_sequence()} . + +This function can also accept URLs. In that case it +will import all certificates that are marked as trusted. Note +that the supported URLs are the ones indicated by @code{gnutls_url_is_supported()} . + +@strong{Returns:} the number of certificates processed +@end deftypefun diff --git a/doc/functions/gnutls_certificate_set_x509_trust_file.short b/doc/functions/gnutls_certificate_set_x509_trust_file.short new file mode 100644 index 0000000..893f593 --- /dev/null +++ b/doc/functions/gnutls_certificate_set_x509_trust_file.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_certificate_set_x509_trust_file} (gnutls_certificate_credentials_t @var{cred}, const char * @var{cafile}, gnutls_x509_crt_fmt_t @var{type}) diff --git a/doc/functions/gnutls_certificate_set_x509_trust_mem b/doc/functions/gnutls_certificate_set_x509_trust_mem new file mode 100644 index 0000000..ca1fc4b --- /dev/null +++ b/doc/functions/gnutls_certificate_set_x509_trust_mem @@ -0,0 +1,24 @@ + + + + +@deftypefun {int} {gnutls_certificate_set_x509_trust_mem} (gnutls_certificate_credentials_t @var{res}, const gnutls_datum_t * @var{ca}, gnutls_x509_crt_fmt_t @var{type}) +@var{res}: is a @code{gnutls_certificate_credentials_t} type. + +@var{ca}: is a list of trusted CAs or a DER certificate + +@var{type}: is DER or PEM + +This function adds the trusted CAs in order to verify client or +server certificates. In case of a client this is not required to be +called if the certificates are not verified using +@code{gnutls_certificate_verify_peers2()} . This function may be called +multiple times. + +In case of a server the CAs set here will be sent to the client if +a certificate request is sent. This can be disabled using +@code{gnutls_certificate_send_x509_rdn_sequence()} . + +@strong{Returns:} the number of certificates processed or a negative error code +on error. +@end deftypefun diff --git a/doc/functions/gnutls_certificate_set_x509_trust_mem.short b/doc/functions/gnutls_certificate_set_x509_trust_mem.short new file mode 100644 index 0000000..94d4885 --- /dev/null +++ b/doc/functions/gnutls_certificate_set_x509_trust_mem.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_certificate_set_x509_trust_mem} (gnutls_certificate_credentials_t @var{res}, const gnutls_datum_t * @var{ca}, gnutls_x509_crt_fmt_t @var{type}) diff --git a/doc/functions/gnutls_certificate_type_get b/doc/functions/gnutls_certificate_type_get new file mode 100644 index 0000000..3e39c48 --- /dev/null +++ b/doc/functions/gnutls_certificate_type_get @@ -0,0 +1,21 @@ + + + + +@deftypefun {gnutls_certificate_type_t} {gnutls_certificate_type_get} (gnutls_session_t @var{session}) +@var{session}: is a @code{gnutls_session_t} type. + +This function returns the type of the certificate that is negotiated +for this side to send to the peer. The certificate type is by default +X.509, unless an alternative certificate type is enabled by +@code{gnutls_init()} and negotiated during the session. + +Resumed sessions will return the certificate type that was negotiated +and used in the original session. + +As of version 3.6.4 it is recommended to use +@code{gnutls_certificate_type_get2()} which is more fine-grained. + +@strong{Returns:} the currently used @code{gnutls_certificate_type_t} certificate +type as negotiated for 'our' side of the connection. +@end deftypefun diff --git a/doc/functions/gnutls_certificate_type_get.short b/doc/functions/gnutls_certificate_type_get.short new file mode 100644 index 0000000..2c5d5e5 --- /dev/null +++ b/doc/functions/gnutls_certificate_type_get.short @@ -0,0 +1 @@ +@item @var{gnutls_certificate_type_t} @ref{gnutls_certificate_type_get} (gnutls_session_t @var{session}) diff --git a/doc/functions/gnutls_certificate_type_get2 b/doc/functions/gnutls_certificate_type_get2 new file mode 100644 index 0000000..032f223 --- /dev/null +++ b/doc/functions/gnutls_certificate_type_get2 @@ -0,0 +1,31 @@ + + + + +@deftypefun {gnutls_certificate_type_t} {gnutls_certificate_type_get2} (gnutls_session_t @var{session}, gnutls_ctype_target_t @var{target}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{target}: is a @code{gnutls_ctype_target_t} type. + +This function returns the type of the certificate that a side +is negotiated to use. The certificate type is by default X.509, +unless an alternative certificate type is enabled by @code{gnutls_init()} and +negotiated during the session. + +The @code{target} parameter specifies whether to request the negotiated +certificate type for the client (@code{GNUTLS_CTYPE_CLIENT} ), +or for the server (@code{GNUTLS_CTYPE_SERVER} ). Additionally, in P2P mode +connection set up where you don't know in advance who will be client +and who will be server you can use the flag (@code{GNUTLS_CTYPE_OURS} ) and +(@code{GNUTLS_CTYPE_PEERS} ) to retrieve the corresponding certificate types. + +Resumed sessions will return the certificate type that was negotiated +and used in the original session. That is, this function can be used +to reliably determine the type of the certificate returned by +@code{gnutls_certificate_get_peers()} . + +@strong{Returns:} the currently used @code{gnutls_certificate_type_t} certificate +type for the client or the server. + +@strong{Since:} 3.6.4 +@end deftypefun diff --git a/doc/functions/gnutls_certificate_type_get2.short b/doc/functions/gnutls_certificate_type_get2.short new file mode 100644 index 0000000..66b2afa --- /dev/null +++ b/doc/functions/gnutls_certificate_type_get2.short @@ -0,0 +1 @@ +@item @var{gnutls_certificate_type_t} @ref{gnutls_certificate_type_get2} (gnutls_session_t @var{session}, gnutls_ctype_target_t @var{target}) diff --git a/doc/functions/gnutls_certificate_type_get_id b/doc/functions/gnutls_certificate_type_get_id new file mode 100644 index 0000000..616d370 --- /dev/null +++ b/doc/functions/gnutls_certificate_type_get_id @@ -0,0 +1,12 @@ + + + + +@deftypefun {gnutls_certificate_type_t} {gnutls_certificate_type_get_id} (const char * @var{name}) +@var{name}: is a certificate type name + +The names are compared in a case insensitive way. + +@strong{Returns:} a @code{gnutls_certificate_type_t} for the specified in a +string certificate type, or @code{GNUTLS_CRT_UNKNOWN} on error. +@end deftypefun diff --git a/doc/functions/gnutls_certificate_type_get_id.short b/doc/functions/gnutls_certificate_type_get_id.short new file mode 100644 index 0000000..d258f8e --- /dev/null +++ b/doc/functions/gnutls_certificate_type_get_id.short @@ -0,0 +1 @@ +@item @var{gnutls_certificate_type_t} @ref{gnutls_certificate_type_get_id} (const char * @var{name}) diff --git a/doc/functions/gnutls_certificate_type_get_name b/doc/functions/gnutls_certificate_type_get_name new file mode 100644 index 0000000..fb8cb55 --- /dev/null +++ b/doc/functions/gnutls_certificate_type_get_name @@ -0,0 +1,12 @@ + + + + +@deftypefun {const char *} {gnutls_certificate_type_get_name} (gnutls_certificate_type_t @var{type}) +@var{type}: is a certificate type + +Convert a @code{gnutls_certificate_type_t} type to a string. + +@strong{Returns:} a string that contains the name of the specified +certificate type, or @code{NULL} in case of unknown types. +@end deftypefun diff --git a/doc/functions/gnutls_certificate_type_get_name.short b/doc/functions/gnutls_certificate_type_get_name.short new file mode 100644 index 0000000..c1ed318 --- /dev/null +++ b/doc/functions/gnutls_certificate_type_get_name.short @@ -0,0 +1 @@ +@item @var{const char *} @ref{gnutls_certificate_type_get_name} (gnutls_certificate_type_t @var{type}) diff --git a/doc/functions/gnutls_certificate_type_list b/doc/functions/gnutls_certificate_type_list new file mode 100644 index 0000000..832df1e --- /dev/null +++ b/doc/functions/gnutls_certificate_type_list @@ -0,0 +1,11 @@ + + + + +@deftypefun {const gnutls_certificate_type_t *} {gnutls_certificate_type_list} ( @var{void}) + +Get a list of certificate types. + +@strong{Returns:} a (0)-terminated list of @code{gnutls_certificate_type_t} +integers indicating the available certificate types. +@end deftypefun diff --git a/doc/functions/gnutls_certificate_type_list.short b/doc/functions/gnutls_certificate_type_list.short new file mode 100644 index 0000000..1e20fdf --- /dev/null +++ b/doc/functions/gnutls_certificate_type_list.short @@ -0,0 +1 @@ +@item @var{const gnutls_certificate_type_t *} @ref{gnutls_certificate_type_list} ( @var{void}) diff --git a/doc/functions/gnutls_certificate_verification_status_print b/doc/functions/gnutls_certificate_verification_status_print new file mode 100644 index 0000000..fec8562 --- /dev/null +++ b/doc/functions/gnutls_certificate_verification_status_print @@ -0,0 +1,23 @@ + + + + +@deftypefun {int} {gnutls_certificate_verification_status_print} (unsigned int @var{status}, gnutls_certificate_type_t @var{type}, gnutls_datum_t * @var{out}, unsigned int @var{flags}) +@var{status}: The status flags to be printed + +@var{type}: The certificate type + +@var{out}: Newly allocated datum with (0) terminated string. + +@var{flags}: should be zero + +This function will pretty print the status of a verification +process -- eg. the one obtained by @code{gnutls_certificate_verify_peers3()} . + +The output @code{out} needs to be deallocated using @code{gnutls_free()} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.1.4 +@end deftypefun diff --git a/doc/functions/gnutls_certificate_verification_status_print.short b/doc/functions/gnutls_certificate_verification_status_print.short new file mode 100644 index 0000000..bf1fc0e --- /dev/null +++ b/doc/functions/gnutls_certificate_verification_status_print.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_certificate_verification_status_print} (unsigned int @var{status}, gnutls_certificate_type_t @var{type}, gnutls_datum_t * @var{out}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_certificate_verify_peers b/doc/functions/gnutls_certificate_verify_peers new file mode 100644 index 0000000..a6a9590 --- /dev/null +++ b/doc/functions/gnutls_certificate_verify_peers @@ -0,0 +1,50 @@ + + + + +@deftypefun {int} {gnutls_certificate_verify_peers} (gnutls_session_t @var{session}, gnutls_typed_vdata_st * @var{data}, unsigned int @var{elements}, unsigned int * @var{status}) +@var{session}: is a gnutls session + +@var{data}: an array of typed data + +@var{elements}: the number of data elements + +@var{status}: is the output of the verification + +This function will verify the peer's certificate and store the +the status in the @code{status} variable as a bitwise OR of gnutls_certificate_status_t +values or zero if the certificate is trusted. Note that value in @code{status} is set only when the return value of this function is success (i.e, failure +to trust a certificate does not imply a negative return value). +The default verification flags used by this function can be overridden +using @code{gnutls_certificate_set_verify_flags()} . See the documentation +of @code{gnutls_certificate_verify_peers2()} for details in the verification process. + +This function will take into account the stapled OCSP responses sent by the server, +as well as the following X.509 certificate extensions: Name Constraints, +Key Usage, and Basic Constraints (pathlen). + +The acceptable @code{data} types are @code{GNUTLS_DT_DNS_HOSTNAME} , @code{GNUTLS_DT_RFC822NAME} and @code{GNUTLS_DT_KEY_PURPOSE_OID} . +The former two accept as data a null-terminated hostname or email address, and the latter a null-terminated +object identifier (e.g., @code{GNUTLS_KP_TLS_WWW_SERVER} ). + +If a DNS hostname is provided then this function will compare +the hostname in the certificate against the given. If names do not match the +@code{GNUTLS_CERT_UNEXPECTED_OWNER} status flag will be set. +If a key purpose OID is provided and the end-certificate contains the extended key +usage PKIX extension, it will be required to be have the provided key purpose +or be marked for any purpose, otherwise verification status will have the +@code{GNUTLS_CERT_SIGNER_CONSTRAINTS_FAILURE} flag set. + +To avoid denial of service attacks some +default upper limits regarding the certificate key size and chain +size are set. To override them use @code{gnutls_certificate_set_verify_limits()} . + +Note that when using raw public-keys verification will not work because there is +no corresponding certificate body belonging to the raw key that can be verified. In that +case this function will return @code{GNUTLS_E_INVALID_REQUEST} . + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} (0) when the validation is performed, or a negative error code otherwise. +A successful error code means that the @code{status} parameter must be checked to obtain the validation status. + +@strong{Since:} 3.3.0 +@end deftypefun diff --git a/doc/functions/gnutls_certificate_verify_peers.short b/doc/functions/gnutls_certificate_verify_peers.short new file mode 100644 index 0000000..98f36dc --- /dev/null +++ b/doc/functions/gnutls_certificate_verify_peers.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_certificate_verify_peers} (gnutls_session_t @var{session}, gnutls_typed_vdata_st * @var{data}, unsigned int @var{elements}, unsigned int * @var{status}) diff --git a/doc/functions/gnutls_certificate_verify_peers2 b/doc/functions/gnutls_certificate_verify_peers2 new file mode 100644 index 0000000..c6dd1d0 --- /dev/null +++ b/doc/functions/gnutls_certificate_verify_peers2 @@ -0,0 +1,35 @@ + + + + +@deftypefun {int} {gnutls_certificate_verify_peers2} (gnutls_session_t @var{session}, unsigned int * @var{status}) +@var{session}: is a gnutls session + +@var{status}: is the output of the verification + +This function will verify the peer's certificate and store +the status in the @code{status} variable as a bitwise OR of gnutls_certificate_status_t +values or zero if the certificate is trusted. Note that value in @code{status} is set only when the return value of this function is success (i.e, failure +to trust a certificate does not imply a negative return value). +The default verification flags used by this function can be overridden +using @code{gnutls_certificate_set_verify_flags()} . + +This function will take into account the stapled OCSP responses sent by the server, +as well as the following X.509 certificate extensions: Name Constraints, +Key Usage, and Basic Constraints (pathlen). + +Note that you must also check the peer's name in order to check if +the verified certificate belongs to the actual peer, see @code{gnutls_x509_crt_check_hostname()} , +or use @code{gnutls_certificate_verify_peers3()} . + +To avoid denial of service attacks some +default upper limits regarding the certificate key size and chain +size are set. To override them use @code{gnutls_certificate_set_verify_limits()} . + +Note that when using raw public-keys verification will not work because there is +no corresponding certificate body belonging to the raw key that can be verified. In that +case this function will return @code{GNUTLS_E_INVALID_REQUEST} . + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} (0) when the validation is performed, or a negative error code otherwise. +A successful error code means that the @code{status} parameter must be checked to obtain the validation status. +@end deftypefun diff --git a/doc/functions/gnutls_certificate_verify_peers2.short b/doc/functions/gnutls_certificate_verify_peers2.short new file mode 100644 index 0000000..644b6a6 --- /dev/null +++ b/doc/functions/gnutls_certificate_verify_peers2.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_certificate_verify_peers2} (gnutls_session_t @var{session}, unsigned int * @var{status}) diff --git a/doc/functions/gnutls_certificate_verify_peers3 b/doc/functions/gnutls_certificate_verify_peers3 new file mode 100644 index 0000000..7cb1d79 --- /dev/null +++ b/doc/functions/gnutls_certificate_verify_peers3 @@ -0,0 +1,44 @@ + + + + +@deftypefun {int} {gnutls_certificate_verify_peers3} (gnutls_session_t @var{session}, const char * @var{hostname}, unsigned int * @var{status}) +@var{session}: is a gnutls session + +@var{hostname}: is the expected name of the peer; may be @code{NULL} + +@var{status}: is the output of the verification + +This function will verify the peer's certificate and store the +the status in the @code{status} variable as a bitwise OR of gnutls_certificate_status_t +values or zero if the certificate is trusted. Note that value in @code{status} is set only when the return value of this function is success (i.e, failure +to trust a certificate does not imply a negative return value). +The default verification flags used by this function can be overridden +using @code{gnutls_certificate_set_verify_flags()} . See the documentation +of @code{gnutls_certificate_verify_peers2()} for details in the verification process. + +This function will take into account the stapled OCSP responses sent by the server, +as well as the following X.509 certificate extensions: Name Constraints, +Key Usage, and Basic Constraints (pathlen). + +If the @code{hostname} provided is non-NULL then this function will compare +the hostname in the certificate against it. The comparison will follow +the RFC6125 recommendations. If names do not match the +@code{GNUTLS_CERT_UNEXPECTED_OWNER} status flag will be set. + +In order to verify the purpose of the end-certificate (by checking the extended +key usage), use @code{gnutls_certificate_verify_peers()} . + +To avoid denial of service attacks some +default upper limits regarding the certificate key size and chain +size are set. To override them use @code{gnutls_certificate_set_verify_limits()} . + +Note that when using raw public-keys verification will not work because there is +no corresponding certificate body belonging to the raw key that can be verified. In that +case this function will return @code{GNUTLS_E_INVALID_REQUEST} . + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} (0) when the validation is performed, or a negative error code otherwise. +A successful error code means that the @code{status} parameter must be checked to obtain the validation status. + +@strong{Since:} 3.1.4 +@end deftypefun diff --git a/doc/functions/gnutls_certificate_verify_peers3.short b/doc/functions/gnutls_certificate_verify_peers3.short new file mode 100644 index 0000000..8e7cf4c --- /dev/null +++ b/doc/functions/gnutls_certificate_verify_peers3.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_certificate_verify_peers3} (gnutls_session_t @var{session}, const char * @var{hostname}, unsigned int * @var{status}) diff --git a/doc/functions/gnutls_check_version b/doc/functions/gnutls_check_version new file mode 100644 index 0000000..ef221e4 --- /dev/null +++ b/doc/functions/gnutls_check_version @@ -0,0 +1,19 @@ + + + + +@deftypefun {const char *} {gnutls_check_version} (const char * @var{req_version}) +@var{req_version}: version string to compare with, or @code{NULL} . + +Check the GnuTLS Library version against the provided string. +See @code{GNUTLS_VERSION} for a suitable @code{req_version} string. + +See also @code{gnutls_check_version_numeric()} , which provides this +functionality as a macro. + +@strong{Returns:} Check that the version of the library is at +minimum the one given as a string in @code{req_version} and return the +actual version string of the library; return @code{NULL} if the +condition is not met. If @code{NULL} is passed to this function no +check is done and only the version string is returned. +@end deftypefun diff --git a/doc/functions/gnutls_check_version.short b/doc/functions/gnutls_check_version.short new file mode 100644 index 0000000..b5e135b --- /dev/null +++ b/doc/functions/gnutls_check_version.short @@ -0,0 +1 @@ +@item @var{const char *} @ref{gnutls_check_version} (const char * @var{req_version}) diff --git a/doc/functions/gnutls_cipher_add_auth b/doc/functions/gnutls_cipher_add_auth new file mode 100644 index 0000000..3825143 --- /dev/null +++ b/doc/functions/gnutls_cipher_add_auth @@ -0,0 +1,20 @@ + + + + +@deftypefun {int} {gnutls_cipher_add_auth} (gnutls_cipher_hd_t @var{handle}, const void * @var{ptext}, size_t @var{ptext_size}) +@var{handle}: is a @code{gnutls_cipher_hd_t} type + +@var{ptext}: the data to be authenticated + +@var{ptext_size}: the length of the data + +This function operates on authenticated encryption with +associated data (AEAD) ciphers and authenticate the +input data. This function can only be called once +and before any encryption operations. + +@strong{Returns:} Zero or a negative error code on error. + +@strong{Since:} 3.0 +@end deftypefun diff --git a/doc/functions/gnutls_cipher_add_auth.short b/doc/functions/gnutls_cipher_add_auth.short new file mode 100644 index 0000000..ca078ed --- /dev/null +++ b/doc/functions/gnutls_cipher_add_auth.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_cipher_add_auth} (gnutls_cipher_hd_t @var{handle}, const void * @var{ptext}, size_t @var{ptext_size}) diff --git a/doc/functions/gnutls_cipher_decrypt b/doc/functions/gnutls_cipher_decrypt new file mode 100644 index 0000000..1ab28e9 --- /dev/null +++ b/doc/functions/gnutls_cipher_decrypt @@ -0,0 +1,21 @@ + + + + +@deftypefun {int} {gnutls_cipher_decrypt} (gnutls_cipher_hd_t @var{handle}, void * @var{ctext}, size_t @var{ctext_len}) +@var{handle}: is a @code{gnutls_cipher_hd_t} type + +@var{ctext}: the data to decrypt + +@var{ctext_len}: the length of data to decrypt + +This function will decrypt the given data using the algorithm +specified by the context. + +Note that in AEAD ciphers, this will not check the tag. You will +need to compare the tag sent with the value returned from @code{gnutls_cipher_tag()} . + +@strong{Returns:} Zero or a negative error code on error. + +@strong{Since:} 2.10.0 +@end deftypefun diff --git a/doc/functions/gnutls_cipher_decrypt.short b/doc/functions/gnutls_cipher_decrypt.short new file mode 100644 index 0000000..81a64f2 --- /dev/null +++ b/doc/functions/gnutls_cipher_decrypt.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_cipher_decrypt} (gnutls_cipher_hd_t @var{handle}, void * @var{ctext}, size_t @var{ctext_len}) diff --git a/doc/functions/gnutls_cipher_decrypt2 b/doc/functions/gnutls_cipher_decrypt2 new file mode 100644 index 0000000..5ab0de8 --- /dev/null +++ b/doc/functions/gnutls_cipher_decrypt2 @@ -0,0 +1,27 @@ + + + + +@deftypefun {int} {gnutls_cipher_decrypt2} (gnutls_cipher_hd_t @var{handle}, const void * @var{ctext}, size_t @var{ctext_len}, void * @var{ptext}, size_t @var{ptext_len}) +@var{handle}: is a @code{gnutls_cipher_hd_t} type + +@var{ctext}: the data to decrypt + +@var{ctext_len}: the length of data to decrypt + +@var{ptext}: the decrypted data + +@var{ptext_len}: the available length for decrypted data + +This function will decrypt the given data using the algorithm +specified by the context. For block ciphers the @code{ctext_len} must be +a multiple of the block size. For the supported ciphers the plaintext +data length will equal the ciphertext size. + +Note that in AEAD ciphers, this will not check the tag. You will +need to compare the tag sent with the value returned from @code{gnutls_cipher_tag()} . + +@strong{Returns:} Zero or a negative error code on error. + +@strong{Since:} 2.12.0 +@end deftypefun diff --git a/doc/functions/gnutls_cipher_decrypt2.short b/doc/functions/gnutls_cipher_decrypt2.short new file mode 100644 index 0000000..9843921 --- /dev/null +++ b/doc/functions/gnutls_cipher_decrypt2.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_cipher_decrypt2} (gnutls_cipher_hd_t @var{handle}, const void * @var{ctext}, size_t @var{ctext_len}, void * @var{ptext}, size_t @var{ptext_len}) diff --git a/doc/functions/gnutls_cipher_deinit b/doc/functions/gnutls_cipher_deinit new file mode 100644 index 0000000..932ccca --- /dev/null +++ b/doc/functions/gnutls_cipher_deinit @@ -0,0 +1,12 @@ + + + + +@deftypefun {void} {gnutls_cipher_deinit} (gnutls_cipher_hd_t @var{handle}) +@var{handle}: is a @code{gnutls_cipher_hd_t} type + +This function will deinitialize all resources occupied by the given +encryption context. + +@strong{Since:} 2.10.0 +@end deftypefun diff --git a/doc/functions/gnutls_cipher_deinit.short b/doc/functions/gnutls_cipher_deinit.short new file mode 100644 index 0000000..ad8850a --- /dev/null +++ b/doc/functions/gnutls_cipher_deinit.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_cipher_deinit} (gnutls_cipher_hd_t @var{handle}) diff --git a/doc/functions/gnutls_cipher_encrypt b/doc/functions/gnutls_cipher_encrypt new file mode 100644 index 0000000..a2015a2 --- /dev/null +++ b/doc/functions/gnutls_cipher_encrypt @@ -0,0 +1,18 @@ + + + + +@deftypefun {int} {gnutls_cipher_encrypt} (gnutls_cipher_hd_t @var{handle}, void * @var{ptext}, size_t @var{ptext_len}) +@var{handle}: is a @code{gnutls_cipher_hd_t} type + +@var{ptext}: the data to encrypt + +@var{ptext_len}: the length of data to encrypt + +This function will encrypt the given data using the algorithm +specified by the context. + +@strong{Returns:} Zero or a negative error code on error. + +@strong{Since:} 2.10.0 +@end deftypefun diff --git a/doc/functions/gnutls_cipher_encrypt.short b/doc/functions/gnutls_cipher_encrypt.short new file mode 100644 index 0000000..ed75439 --- /dev/null +++ b/doc/functions/gnutls_cipher_encrypt.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_cipher_encrypt} (gnutls_cipher_hd_t @var{handle}, void * @var{ptext}, size_t @var{ptext_len}) diff --git a/doc/functions/gnutls_cipher_encrypt2 b/doc/functions/gnutls_cipher_encrypt2 new file mode 100644 index 0000000..4e85aef --- /dev/null +++ b/doc/functions/gnutls_cipher_encrypt2 @@ -0,0 +1,24 @@ + + + + +@deftypefun {int} {gnutls_cipher_encrypt2} (gnutls_cipher_hd_t @var{handle}, const void * @var{ptext}, size_t @var{ptext_len}, void * @var{ctext}, size_t @var{ctext_len}) +@var{handle}: is a @code{gnutls_cipher_hd_t} type + +@var{ptext}: the data to encrypt + +@var{ptext_len}: the length of data to encrypt + +@var{ctext}: the encrypted data + +@var{ctext_len}: the available length for encrypted data + +This function will encrypt the given data using the algorithm +specified by the context. For block ciphers the @code{ptext_len} must be +a multiple of the block size. For the supported ciphers the encrypted +data length will equal the plaintext size. + +@strong{Returns:} Zero or a negative error code on error. + +@strong{Since:} 2.12.0 +@end deftypefun diff --git a/doc/functions/gnutls_cipher_encrypt2.short b/doc/functions/gnutls_cipher_encrypt2.short new file mode 100644 index 0000000..5f16b3f --- /dev/null +++ b/doc/functions/gnutls_cipher_encrypt2.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_cipher_encrypt2} (gnutls_cipher_hd_t @var{handle}, const void * @var{ptext}, size_t @var{ptext_len}, void * @var{ctext}, size_t @var{ctext_len}) diff --git a/doc/functions/gnutls_cipher_get b/doc/functions/gnutls_cipher_get new file mode 100644 index 0000000..e97fe88 --- /dev/null +++ b/doc/functions/gnutls_cipher_get @@ -0,0 +1,12 @@ + + + + +@deftypefun {gnutls_cipher_algorithm_t} {gnutls_cipher_get} (gnutls_session_t @var{session}) +@var{session}: is a @code{gnutls_session_t} type. + +Get the currently used cipher. + +@strong{Returns:} the currently used cipher, a @code{gnutls_cipher_algorithm_t} +type. +@end deftypefun diff --git a/doc/functions/gnutls_cipher_get.short b/doc/functions/gnutls_cipher_get.short new file mode 100644 index 0000000..d997acb --- /dev/null +++ b/doc/functions/gnutls_cipher_get.short @@ -0,0 +1 @@ +@item @var{gnutls_cipher_algorithm_t} @ref{gnutls_cipher_get} (gnutls_session_t @var{session}) diff --git a/doc/functions/gnutls_cipher_get_block_size b/doc/functions/gnutls_cipher_get_block_size new file mode 100644 index 0000000..cb0bd30 --- /dev/null +++ b/doc/functions/gnutls_cipher_get_block_size @@ -0,0 +1,12 @@ + + + + +@deftypefun {unsigned} {gnutls_cipher_get_block_size} (gnutls_cipher_algorithm_t @var{algorithm}) +@var{algorithm}: is an encryption algorithm + + +@strong{Returns:} the block size of the encryption algorithm. + +@strong{Since:} 2.10.0 +@end deftypefun diff --git a/doc/functions/gnutls_cipher_get_block_size.short b/doc/functions/gnutls_cipher_get_block_size.short new file mode 100644 index 0000000..4dd84cc --- /dev/null +++ b/doc/functions/gnutls_cipher_get_block_size.short @@ -0,0 +1 @@ +@item @var{unsigned} @ref{gnutls_cipher_get_block_size} (gnutls_cipher_algorithm_t @var{algorithm}) diff --git a/doc/functions/gnutls_cipher_get_id b/doc/functions/gnutls_cipher_get_id new file mode 100644 index 0000000..ac2f71f --- /dev/null +++ b/doc/functions/gnutls_cipher_get_id @@ -0,0 +1,12 @@ + + + + +@deftypefun {gnutls_cipher_algorithm_t} {gnutls_cipher_get_id} (const char * @var{name}) +@var{name}: is a cipher algorithm name + +The names are compared in a case insensitive way. + +@strong{Returns:} return a @code{gnutls_cipher_algorithm_t} value corresponding to +the specified cipher, or @code{GNUTLS_CIPHER_UNKNOWN} on error. +@end deftypefun diff --git a/doc/functions/gnutls_cipher_get_id.short b/doc/functions/gnutls_cipher_get_id.short new file mode 100644 index 0000000..d75c741 --- /dev/null +++ b/doc/functions/gnutls_cipher_get_id.short @@ -0,0 +1 @@ +@item @var{gnutls_cipher_algorithm_t} @ref{gnutls_cipher_get_id} (const char * @var{name}) diff --git a/doc/functions/gnutls_cipher_get_iv_size b/doc/functions/gnutls_cipher_get_iv_size new file mode 100644 index 0000000..95d686c --- /dev/null +++ b/doc/functions/gnutls_cipher_get_iv_size @@ -0,0 +1,15 @@ + + + + +@deftypefun {unsigned} {gnutls_cipher_get_iv_size} (gnutls_cipher_algorithm_t @var{algorithm}) +@var{algorithm}: is an encryption algorithm + +This function returns the size of the initialization vector (IV) for the +provided algorithm. For algorithms with variable size IV (e.g., AES-CCM), +the returned size will be the one used by TLS. + +@strong{Returns:} block size for encryption algorithm. + +@strong{Since:} 3.2.0 +@end deftypefun diff --git a/doc/functions/gnutls_cipher_get_iv_size.short b/doc/functions/gnutls_cipher_get_iv_size.short new file mode 100644 index 0000000..9480dbe --- /dev/null +++ b/doc/functions/gnutls_cipher_get_iv_size.short @@ -0,0 +1 @@ +@item @var{unsigned} @ref{gnutls_cipher_get_iv_size} (gnutls_cipher_algorithm_t @var{algorithm}) diff --git a/doc/functions/gnutls_cipher_get_key_size b/doc/functions/gnutls_cipher_get_key_size new file mode 100644 index 0000000..2af6014 --- /dev/null +++ b/doc/functions/gnutls_cipher_get_key_size @@ -0,0 +1,12 @@ + + + + +@deftypefun {size_t} {gnutls_cipher_get_key_size} (gnutls_cipher_algorithm_t @var{algorithm}) +@var{algorithm}: is an encryption algorithm + +This function returns the key size of the provided algorithm. + +@strong{Returns:} length (in bytes) of the given cipher's key size, or 0 if +the given cipher is invalid. +@end deftypefun diff --git a/doc/functions/gnutls_cipher_get_key_size.short b/doc/functions/gnutls_cipher_get_key_size.short new file mode 100644 index 0000000..6953a5d --- /dev/null +++ b/doc/functions/gnutls_cipher_get_key_size.short @@ -0,0 +1 @@ +@item @var{size_t} @ref{gnutls_cipher_get_key_size} (gnutls_cipher_algorithm_t @var{algorithm}) diff --git a/doc/functions/gnutls_cipher_get_name b/doc/functions/gnutls_cipher_get_name new file mode 100644 index 0000000..77a3467 --- /dev/null +++ b/doc/functions/gnutls_cipher_get_name @@ -0,0 +1,12 @@ + + + + +@deftypefun {const char *} {gnutls_cipher_get_name} (gnutls_cipher_algorithm_t @var{algorithm}) +@var{algorithm}: is an encryption algorithm + +Convert a @code{gnutls_cipher_algorithm_t} type to a string. + +@strong{Returns:} a pointer to a string that contains the name of the +specified cipher, or @code{NULL} . +@end deftypefun diff --git a/doc/functions/gnutls_cipher_get_name.short b/doc/functions/gnutls_cipher_get_name.short new file mode 100644 index 0000000..ba80fa6 --- /dev/null +++ b/doc/functions/gnutls_cipher_get_name.short @@ -0,0 +1 @@ +@item @var{const char *} @ref{gnutls_cipher_get_name} (gnutls_cipher_algorithm_t @var{algorithm}) diff --git a/doc/functions/gnutls_cipher_get_tag_size b/doc/functions/gnutls_cipher_get_tag_size new file mode 100644 index 0000000..17f79a0 --- /dev/null +++ b/doc/functions/gnutls_cipher_get_tag_size @@ -0,0 +1,14 @@ + + + + +@deftypefun {unsigned} {gnutls_cipher_get_tag_size} (gnutls_cipher_algorithm_t @var{algorithm}) +@var{algorithm}: is an encryption algorithm + +This function returns the tag size of an authenticated encryption +algorithm. For non-AEAD algorithms, it returns zero. + +@strong{Returns:} the tag size of the authenticated encryption algorithm. + +@strong{Since:} 3.2.2 +@end deftypefun diff --git a/doc/functions/gnutls_cipher_get_tag_size.short b/doc/functions/gnutls_cipher_get_tag_size.short new file mode 100644 index 0000000..22699ee --- /dev/null +++ b/doc/functions/gnutls_cipher_get_tag_size.short @@ -0,0 +1 @@ +@item @var{unsigned} @ref{gnutls_cipher_get_tag_size} (gnutls_cipher_algorithm_t @var{algorithm}) diff --git a/doc/functions/gnutls_cipher_init b/doc/functions/gnutls_cipher_init new file mode 100644 index 0000000..80737bc --- /dev/null +++ b/doc/functions/gnutls_cipher_init @@ -0,0 +1,22 @@ + + + + +@deftypefun {int} {gnutls_cipher_init} (gnutls_cipher_hd_t * @var{handle}, gnutls_cipher_algorithm_t @var{cipher}, const gnutls_datum_t * @var{key}, const gnutls_datum_t * @var{iv}) +@var{handle}: is a @code{gnutls_cipher_hd_t} type + +@var{cipher}: the encryption algorithm to use + +@var{key}: the key to be used for encryption/decryption + +@var{iv}: the IV to use (if not applicable set NULL) + +This function will initialize the @code{handle} context to be usable +for encryption/decryption of data. This will effectively use the +current crypto backend in use by gnutls or the cryptographic +accelerator in use. + +@strong{Returns:} Zero or a negative error code on error. + +@strong{Since:} 2.10.0 +@end deftypefun diff --git a/doc/functions/gnutls_cipher_init.short b/doc/functions/gnutls_cipher_init.short new file mode 100644 index 0000000..209eacb --- /dev/null +++ b/doc/functions/gnutls_cipher_init.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_cipher_init} (gnutls_cipher_hd_t * @var{handle}, gnutls_cipher_algorithm_t @var{cipher}, const gnutls_datum_t * @var{key}, const gnutls_datum_t * @var{iv}) diff --git a/doc/functions/gnutls_cipher_list b/doc/functions/gnutls_cipher_list new file mode 100644 index 0000000..68beebf --- /dev/null +++ b/doc/functions/gnutls_cipher_list @@ -0,0 +1,16 @@ + + + + +@deftypefun {const gnutls_cipher_algorithm_t *} {gnutls_cipher_list} ( @var{void}) + +Get a list of supported cipher algorithms. Note that not +necessarily all ciphers are supported as TLS cipher suites. For +example, DES is not supported as a cipher suite, but is supported +for other purposes (e.g., PKCS@code{8} or similar). + +This function is not thread safe. + +@strong{Returns:} a (0)-terminated list of @code{gnutls_cipher_algorithm_t} +integers indicating the available ciphers. +@end deftypefun diff --git a/doc/functions/gnutls_cipher_list.short b/doc/functions/gnutls_cipher_list.short new file mode 100644 index 0000000..b8b687a --- /dev/null +++ b/doc/functions/gnutls_cipher_list.short @@ -0,0 +1 @@ +@item @var{const gnutls_cipher_algorithm_t *} @ref{gnutls_cipher_list} ( @var{void}) diff --git a/doc/functions/gnutls_cipher_set_iv b/doc/functions/gnutls_cipher_set_iv new file mode 100644 index 0000000..55884ca --- /dev/null +++ b/doc/functions/gnutls_cipher_set_iv @@ -0,0 +1,16 @@ + + + + +@deftypefun {void} {gnutls_cipher_set_iv} (gnutls_cipher_hd_t @var{handle}, void * @var{iv}, size_t @var{ivlen}) +@var{handle}: is a @code{gnutls_cipher_hd_t} type + +@var{iv}: the IV to set + +@var{ivlen}: the length of the IV + +This function will set the IV to be used for the next +encryption block. + +@strong{Since:} 3.0 +@end deftypefun diff --git a/doc/functions/gnutls_cipher_set_iv.short b/doc/functions/gnutls_cipher_set_iv.short new file mode 100644 index 0000000..d134b03 --- /dev/null +++ b/doc/functions/gnutls_cipher_set_iv.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_cipher_set_iv} (gnutls_cipher_hd_t @var{handle}, void * @var{iv}, size_t @var{ivlen}) diff --git a/doc/functions/gnutls_cipher_suite_get_name b/doc/functions/gnutls_cipher_suite_get_name new file mode 100644 index 0000000..1174416 --- /dev/null +++ b/doc/functions/gnutls_cipher_suite_get_name @@ -0,0 +1,21 @@ + + + + +@deftypefun {const char *} {gnutls_cipher_suite_get_name} (gnutls_kx_algorithm_t @var{kx_algorithm}, gnutls_cipher_algorithm_t @var{cipher_algorithm}, gnutls_mac_algorithm_t @var{mac_algorithm}) +@var{kx_algorithm}: is a Key exchange algorithm + +@var{cipher_algorithm}: is a cipher algorithm + +@var{mac_algorithm}: is a MAC algorithm + +This function returns the ciphersuite name under TLS1.2 or earlier +versions when provided with individual algorithms. The full cipher suite +name must be prepended by TLS or SSL depending of the protocol in use. + +To get a description of the current ciphersuite across versions, it +is recommended to use @code{gnutls_session_get_desc()} . + +@strong{Returns:} a string that contains the name of a TLS cipher suite, +specified by the given algorithms, or @code{NULL} . +@end deftypefun diff --git a/doc/functions/gnutls_cipher_suite_get_name.short b/doc/functions/gnutls_cipher_suite_get_name.short new file mode 100644 index 0000000..1e67491 --- /dev/null +++ b/doc/functions/gnutls_cipher_suite_get_name.short @@ -0,0 +1 @@ +@item @var{const char *} @ref{gnutls_cipher_suite_get_name} (gnutls_kx_algorithm_t @var{kx_algorithm}, gnutls_cipher_algorithm_t @var{cipher_algorithm}, gnutls_mac_algorithm_t @var{mac_algorithm}) diff --git a/doc/functions/gnutls_cipher_suite_info b/doc/functions/gnutls_cipher_suite_info new file mode 100644 index 0000000..04b30ee --- /dev/null +++ b/doc/functions/gnutls_cipher_suite_info @@ -0,0 +1,26 @@ + + + + +@deftypefun {const char *} {gnutls_cipher_suite_info} (size_t @var{idx}, unsigned char * @var{cs_id}, gnutls_kx_algorithm_t * @var{kx}, gnutls_cipher_algorithm_t * @var{cipher}, gnutls_mac_algorithm_t * @var{mac}, gnutls_protocol_t * @var{min_version}) +@var{idx}: index of cipher suite to get information about, starts on 0. + +@var{cs_id}: output buffer with room for 2 bytes, indicating cipher suite value + +@var{kx}: output variable indicating key exchange algorithm, or @code{NULL} . + +@var{cipher}: output variable indicating cipher, or @code{NULL} . + +@var{mac}: output variable indicating MAC algorithm, or @code{NULL} . + +@var{min_version}: output variable indicating TLS protocol version, or @code{NULL} . + +Get information about supported cipher suites. Use the function +iteratively to get information about all supported cipher suites. +Call with idx=0 to get information about first cipher suite, then +idx=1 and so on until the function returns NULL. + +@strong{Returns:} the name of @code{idx} cipher suite, and set the information +about the cipher suite in the output variables. If @code{idx} is out of +bounds, @code{NULL} is returned. +@end deftypefun diff --git a/doc/functions/gnutls_cipher_suite_info.short b/doc/functions/gnutls_cipher_suite_info.short new file mode 100644 index 0000000..77b3450 --- /dev/null +++ b/doc/functions/gnutls_cipher_suite_info.short @@ -0,0 +1 @@ +@item @var{const char *} @ref{gnutls_cipher_suite_info} (size_t @var{idx}, unsigned char * @var{cs_id}, gnutls_kx_algorithm_t * @var{kx}, gnutls_cipher_algorithm_t * @var{cipher}, gnutls_mac_algorithm_t * @var{mac}, gnutls_protocol_t * @var{min_version}) diff --git a/doc/functions/gnutls_cipher_tag b/doc/functions/gnutls_cipher_tag new file mode 100644 index 0000000..5994c87 --- /dev/null +++ b/doc/functions/gnutls_cipher_tag @@ -0,0 +1,19 @@ + + + + +@deftypefun {int} {gnutls_cipher_tag} (gnutls_cipher_hd_t @var{handle}, void * @var{tag}, size_t @var{tag_size}) +@var{handle}: is a @code{gnutls_cipher_hd_t} type + +@var{tag}: will hold the tag + +@var{tag_size}: the length of the tag to return + +This function operates on authenticated encryption with +associated data (AEAD) ciphers and will return the +output tag. + +@strong{Returns:} Zero or a negative error code on error. + +@strong{Since:} 3.0 +@end deftypefun diff --git a/doc/functions/gnutls_cipher_tag.short b/doc/functions/gnutls_cipher_tag.short new file mode 100644 index 0000000..0af174f --- /dev/null +++ b/doc/functions/gnutls_cipher_tag.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_cipher_tag} (gnutls_cipher_hd_t @var{handle}, void * @var{tag}, size_t @var{tag_size}) diff --git a/doc/functions/gnutls_compression_get b/doc/functions/gnutls_compression_get new file mode 100644 index 0000000..16ccd07 --- /dev/null +++ b/doc/functions/gnutls_compression_get @@ -0,0 +1,11 @@ + + + +@deftypefun {gnutls_compression_method_t} {gnutls_compression_get} (gnutls_session_t @var{session}) +@var{session}: is a @code{gnutls_session_t} type. + +Get the currently used compression algorithm. + +@strong{Returns:} the currently used compression method, a +@code{gnutls_compression_method_t} value. +@end deftypefun diff --git a/doc/functions/gnutls_compression_get.short b/doc/functions/gnutls_compression_get.short new file mode 100644 index 0000000..4f38255 --- /dev/null +++ b/doc/functions/gnutls_compression_get.short @@ -0,0 +1 @@ +@item @var{gnutls_compression_method_t} @ref{gnutls_compression_get} (gnutls_session_t @var{session}) diff --git a/doc/functions/gnutls_compression_get_id b/doc/functions/gnutls_compression_get_id new file mode 100644 index 0000000..8df5958 --- /dev/null +++ b/doc/functions/gnutls_compression_get_id @@ -0,0 +1,12 @@ + + + + +@deftypefun {gnutls_compression_method_t} {gnutls_compression_get_id} (const char * @var{name}) +@var{name}: is a compression method name + +The names are compared in a case insensitive way. + +@strong{Returns:} an id of the specified in a string compression method, or +@code{GNUTLS_COMP_UNKNOWN} on error. +@end deftypefun diff --git a/doc/functions/gnutls_compression_get_id.short b/doc/functions/gnutls_compression_get_id.short new file mode 100644 index 0000000..38d8e99 --- /dev/null +++ b/doc/functions/gnutls_compression_get_id.short @@ -0,0 +1 @@ +@item @var{gnutls_compression_method_t} @ref{gnutls_compression_get_id} (const char * @var{name}) diff --git a/doc/functions/gnutls_compression_get_name b/doc/functions/gnutls_compression_get_name new file mode 100644 index 0000000..4185e6b --- /dev/null +++ b/doc/functions/gnutls_compression_get_name @@ -0,0 +1,12 @@ + + + + +@deftypefun {const char *} {gnutls_compression_get_name} (gnutls_compression_method_t @var{algorithm}) +@var{algorithm}: is a Compression algorithm + +Convert a @code{gnutls_compression_method_t} value to a string. + +@strong{Returns:} a pointer to a string that contains the name of the +specified compression algorithm, or @code{NULL} . +@end deftypefun diff --git a/doc/functions/gnutls_compression_get_name.short b/doc/functions/gnutls_compression_get_name.short new file mode 100644 index 0000000..1d5e2ef --- /dev/null +++ b/doc/functions/gnutls_compression_get_name.short @@ -0,0 +1 @@ +@item @var{const char *} @ref{gnutls_compression_get_name} (gnutls_compression_method_t @var{algorithm}) diff --git a/doc/functions/gnutls_compression_list b/doc/functions/gnutls_compression_list new file mode 100644 index 0000000..5a2ceea --- /dev/null +++ b/doc/functions/gnutls_compression_list @@ -0,0 +1,11 @@ + + + + +@deftypefun {const gnutls_compression_method_t *} {gnutls_compression_list} ( @var{void}) + +Get a list of compression methods. + +@strong{Returns:} a zero-terminated list of @code{gnutls_compression_method_t} +integers indicating the available compression methods. +@end deftypefun diff --git a/doc/functions/gnutls_compression_list.short b/doc/functions/gnutls_compression_list.short new file mode 100644 index 0000000..2fb1f25 --- /dev/null +++ b/doc/functions/gnutls_compression_list.short @@ -0,0 +1 @@ +@item @var{const gnutls_compression_method_t *} @ref{gnutls_compression_list} ( @var{void}) diff --git a/doc/functions/gnutls_credentials_clear b/doc/functions/gnutls_credentials_clear new file mode 100644 index 0000000..9dd407a --- /dev/null +++ b/doc/functions/gnutls_credentials_clear @@ -0,0 +1,9 @@ + + + + +@deftypefun {void} {gnutls_credentials_clear} (gnutls_session_t @var{session}) +@var{session}: is a @code{gnutls_session_t} type. + +Clears all the credentials previously set in this session. +@end deftypefun diff --git a/doc/functions/gnutls_credentials_clear.short b/doc/functions/gnutls_credentials_clear.short new file mode 100644 index 0000000..188bcfa --- /dev/null +++ b/doc/functions/gnutls_credentials_clear.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_credentials_clear} (gnutls_session_t @var{session}) diff --git a/doc/functions/gnutls_credentials_get b/doc/functions/gnutls_credentials_get new file mode 100644 index 0000000..39b1990 --- /dev/null +++ b/doc/functions/gnutls_credentials_get @@ -0,0 +1,29 @@ + + + + +@deftypefun {int} {gnutls_credentials_get} (gnutls_session_t @var{session}, gnutls_credentials_type_t @var{type}, void ** @var{cred}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{type}: is the type of the credentials to return + +@var{cred}: will contain the credentials. + +Returns the previously provided credentials structures. + +For @code{GNUTLS_CRD_ANON} , @code{cred} will be +@code{gnutls_anon_client_credentials_t} in case of a client. In case of +a server it should be @code{gnutls_anon_server_credentials_t} . + +For @code{GNUTLS_CRD_SRP} , @code{cred} will be @code{gnutls_srp_client_credentials_t} +in case of a client, and @code{gnutls_srp_server_credentials_t} , in case +of a server. + +For @code{GNUTLS_CRD_CERTIFICATE} , @code{cred} will be +@code{gnutls_certificate_credentials_t} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, +otherwise a negative error code is returned. + +@strong{Since:} 3.3.3 +@end deftypefun diff --git a/doc/functions/gnutls_credentials_get.short b/doc/functions/gnutls_credentials_get.short new file mode 100644 index 0000000..3e33f5b --- /dev/null +++ b/doc/functions/gnutls_credentials_get.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_credentials_get} (gnutls_session_t @var{session}, gnutls_credentials_type_t @var{type}, void ** @var{cred}) diff --git a/doc/functions/gnutls_credentials_set b/doc/functions/gnutls_credentials_set new file mode 100644 index 0000000..aabbbb0 --- /dev/null +++ b/doc/functions/gnutls_credentials_set @@ -0,0 +1,35 @@ + + + + +@deftypefun {int} {gnutls_credentials_set} (gnutls_session_t @var{session}, gnutls_credentials_type_t @var{type}, void * @var{cred}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{type}: is the type of the credentials + +@var{cred}: the credentials to set + +Sets the needed credentials for the specified type. E.g. username, +password - or public and private keys etc. The @code{cred} parameter is +a structure that depends on the specified type and on the current +session (client or server). + +In order to minimize memory usage, and share credentials between +several threads gnutls keeps a pointer to cred, and not the whole +cred structure. Thus you will have to keep the structure allocated +until you call @code{gnutls_deinit()} . + +For @code{GNUTLS_CRD_ANON} , @code{cred} should be +@code{gnutls_anon_client_credentials_t} in case of a client. In case of +a server it should be @code{gnutls_anon_server_credentials_t} . + +For @code{GNUTLS_CRD_SRP} , @code{cred} should be @code{gnutls_srp_client_credentials_t} +in case of a client, and @code{gnutls_srp_server_credentials_t} , in case +of a server. + +For @code{GNUTLS_CRD_CERTIFICATE} , @code{cred} should be +@code{gnutls_certificate_credentials_t} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, +otherwise a negative error code is returned. +@end deftypefun diff --git a/doc/functions/gnutls_credentials_set.short b/doc/functions/gnutls_credentials_set.short new file mode 100644 index 0000000..8c882dd --- /dev/null +++ b/doc/functions/gnutls_credentials_set.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_credentials_set} (gnutls_session_t @var{session}, gnutls_credentials_type_t @var{type}, void * @var{cred}) diff --git a/doc/functions/gnutls_crypto_register_aead_cipher b/doc/functions/gnutls_crypto_register_aead_cipher new file mode 100644 index 0000000..89bff7a --- /dev/null +++ b/doc/functions/gnutls_crypto_register_aead_cipher @@ -0,0 +1,35 @@ + + + + +@deftypefun {int} {gnutls_crypto_register_aead_cipher} (gnutls_cipher_algorithm_t @var{algorithm}, int @var{priority}, gnutls_cipher_init_func @var{init}, gnutls_cipher_setkey_func @var{setkey}, gnutls_cipher_aead_encrypt_func @var{aead_encrypt}, gnutls_cipher_aead_decrypt_func @var{aead_decrypt}, gnutls_cipher_deinit_func @var{deinit}) +@var{algorithm}: is the gnutls AEAD cipher identifier + +@var{priority}: is the priority of the algorithm + +@var{init}: A function which initializes the cipher + +@var{setkey}: A function which sets the key of the cipher + +@var{aead_encrypt}: Perform the AEAD encryption + +@var{aead_decrypt}: Perform the AEAD decryption + +@var{deinit}: A function which deinitializes the cipher + +This function will register a cipher algorithm to be used by +gnutls. Any algorithm registered will override the included +algorithms and by convention kernel implemented algorithms have +priority of 90 and CPU-assisted of 80. The algorithm with the lowest priority will be +used by gnutls. + +In the case the registered init or setkey functions return @code{GNUTLS_E_NEED_FALLBACK} , +GnuTLS will attempt to use the next in priority registered cipher. + +The functions registered will be used with the new AEAD API introduced in +GnuTLS 3.4.0. Internally GnuTLS uses the new AEAD API. + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, otherwise a negative error code. + +@strong{Since:} 3.4.0 +@end deftypefun diff --git a/doc/functions/gnutls_crypto_register_aead_cipher.short b/doc/functions/gnutls_crypto_register_aead_cipher.short new file mode 100644 index 0000000..3cddbc5 --- /dev/null +++ b/doc/functions/gnutls_crypto_register_aead_cipher.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_crypto_register_aead_cipher} (gnutls_cipher_algorithm_t @var{algorithm}, int @var{priority}, gnutls_cipher_init_func @var{init}, gnutls_cipher_setkey_func @var{setkey}, gnutls_cipher_aead_encrypt_func @var{aead_encrypt}, gnutls_cipher_aead_decrypt_func @var{aead_decrypt}, gnutls_cipher_deinit_func @var{deinit}) diff --git a/doc/functions/gnutls_crypto_register_cipher b/doc/functions/gnutls_crypto_register_cipher new file mode 100644 index 0000000..a7883e1 --- /dev/null +++ b/doc/functions/gnutls_crypto_register_cipher @@ -0,0 +1,38 @@ + + + + +@deftypefun {int} {gnutls_crypto_register_cipher} (gnutls_cipher_algorithm_t @var{algorithm}, int @var{priority}, gnutls_cipher_init_func @var{init}, gnutls_cipher_setkey_func @var{setkey}, gnutls_cipher_setiv_func @var{setiv}, gnutls_cipher_encrypt_func @var{encrypt}, gnutls_cipher_decrypt_func @var{decrypt}, gnutls_cipher_deinit_func @var{deinit}) +@var{algorithm}: is the gnutls algorithm identifier + +@var{priority}: is the priority of the algorithm + +@var{init}: A function which initializes the cipher + +@var{setkey}: A function which sets the key of the cipher + +@var{setiv}: A function which sets the nonce/IV of the cipher (non-AEAD) + +@var{encrypt}: A function which performs encryption (non-AEAD) + +@var{decrypt}: A function which performs decryption (non-AEAD) + +@var{deinit}: A function which deinitializes the cipher + +This function will register a cipher algorithm to be used by +gnutls. Any algorithm registered will override the included +algorithms and by convention kernel implemented algorithms have +priority of 90 and CPU-assisted of 80. The algorithm with the lowest priority will be +used by gnutls. + +In the case the registered init or setkey functions return @code{GNUTLS_E_NEED_FALLBACK} , +GnuTLS will attempt to use the next in priority registered cipher. + +The functions which are marked as non-AEAD they are not required when +registering a cipher to be used with the new AEAD API introduced in +GnuTLS 3.4.0. Internally GnuTLS uses the new AEAD API. + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, otherwise a negative error code. + +@strong{Since:} 3.4.0 +@end deftypefun diff --git a/doc/functions/gnutls_crypto_register_cipher.short b/doc/functions/gnutls_crypto_register_cipher.short new file mode 100644 index 0000000..040acdd --- /dev/null +++ b/doc/functions/gnutls_crypto_register_cipher.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_crypto_register_cipher} (gnutls_cipher_algorithm_t @var{algorithm}, int @var{priority}, gnutls_cipher_init_func @var{init}, gnutls_cipher_setkey_func @var{setkey}, gnutls_cipher_setiv_func @var{setiv}, gnutls_cipher_encrypt_func @var{encrypt}, gnutls_cipher_decrypt_func @var{decrypt}, gnutls_cipher_deinit_func @var{deinit}) diff --git a/doc/functions/gnutls_crypto_register_digest b/doc/functions/gnutls_crypto_register_digest new file mode 100644 index 0000000..7921c04 --- /dev/null +++ b/doc/functions/gnutls_crypto_register_digest @@ -0,0 +1,29 @@ + + + + +@deftypefun {int} {gnutls_crypto_register_digest} (gnutls_digest_algorithm_t @var{algorithm}, int @var{priority}, gnutls_digest_init_func @var{init}, gnutls_digest_hash_func @var{hash}, gnutls_digest_output_func @var{output}, gnutls_digest_deinit_func @var{deinit}, gnutls_digest_fast_func @var{hash_fast}) +@var{algorithm}: is the gnutls digest identifier + +@var{priority}: is the priority of the algorithm + +@var{init}: A function which initializes the digest + +@var{hash}: Perform the hash operation + +@var{output}: Provide the output of the digest + +@var{deinit}: A function which deinitializes the digest + +@var{hash_fast}: Perform the digest operation in one go + +This function will register a digest algorithm to be used by gnutls. +Any algorithm registered will override the included algorithms and +by convention kernel implemented algorithms have priority of 90 +and CPU-assisted of 80. +The algorithm with the lowest priority will be used by gnutls. + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, otherwise a negative error code. + +@strong{Since:} 3.4.0 +@end deftypefun diff --git a/doc/functions/gnutls_crypto_register_digest.short b/doc/functions/gnutls_crypto_register_digest.short new file mode 100644 index 0000000..dc38057 --- /dev/null +++ b/doc/functions/gnutls_crypto_register_digest.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_crypto_register_digest} (gnutls_digest_algorithm_t @var{algorithm}, int @var{priority}, gnutls_digest_init_func @var{init}, gnutls_digest_hash_func @var{hash}, gnutls_digest_output_func @var{output}, gnutls_digest_deinit_func @var{deinit}, gnutls_digest_fast_func @var{hash_fast}) diff --git a/doc/functions/gnutls_crypto_register_mac b/doc/functions/gnutls_crypto_register_mac new file mode 100644 index 0000000..f9951e7 --- /dev/null +++ b/doc/functions/gnutls_crypto_register_mac @@ -0,0 +1,33 @@ + + + + +@deftypefun {int} {gnutls_crypto_register_mac} (gnutls_mac_algorithm_t @var{algorithm}, int @var{priority}, gnutls_mac_init_func @var{init}, gnutls_mac_setkey_func @var{setkey}, gnutls_mac_setnonce_func @var{setnonce}, gnutls_mac_hash_func @var{hash}, gnutls_mac_output_func @var{output}, gnutls_mac_deinit_func @var{deinit}, gnutls_mac_fast_func @var{hash_fast}) +@var{algorithm}: is the gnutls MAC identifier + +@var{priority}: is the priority of the algorithm + +@var{init}: A function which initializes the MAC + +@var{setkey}: A function which sets the key of the MAC + +@var{setnonce}: A function which sets the nonce for the mac (may be @code{NULL} for common MAC algorithms) + +@var{hash}: Perform the hash operation + +@var{output}: Provide the output of the MAC + +@var{deinit}: A function which deinitializes the MAC + +@var{hash_fast}: Perform the MAC operation in one go + +This function will register a MAC algorithm to be used by gnutls. +Any algorithm registered will override the included algorithms and +by convention kernel implemented algorithms have priority of 90 +and CPU-assisted of 80. +The algorithm with the lowest priority will be used by gnutls. + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, otherwise a negative error code. + +@strong{Since:} 3.4.0 +@end deftypefun diff --git a/doc/functions/gnutls_crypto_register_mac.short b/doc/functions/gnutls_crypto_register_mac.short new file mode 100644 index 0000000..31f84de --- /dev/null +++ b/doc/functions/gnutls_crypto_register_mac.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_crypto_register_mac} (gnutls_mac_algorithm_t @var{algorithm}, int @var{priority}, gnutls_mac_init_func @var{init}, gnutls_mac_setkey_func @var{setkey}, gnutls_mac_setnonce_func @var{setnonce}, gnutls_mac_hash_func @var{hash}, gnutls_mac_output_func @var{output}, gnutls_mac_deinit_func @var{deinit}, gnutls_mac_fast_func @var{hash_fast}) diff --git a/doc/functions/gnutls_db_check_entry b/doc/functions/gnutls_db_check_entry new file mode 100644 index 0000000..1baf438 --- /dev/null +++ b/doc/functions/gnutls_db_check_entry @@ -0,0 +1,16 @@ + + + + +@deftypefun {int} {gnutls_db_check_entry} (gnutls_session_t @var{session}, gnutls_datum_t @var{session_entry}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{session_entry}: is the session data (not key) + +This function has no effect. + +@strong{Returns:} Returns @code{GNUTLS_E_EXPIRED} , if the database entry has +expired or 0 otherwise. + +@strong{Deprecated:} This function is deprecated. +@end deftypefun diff --git a/doc/functions/gnutls_db_check_entry.short b/doc/functions/gnutls_db_check_entry.short new file mode 100644 index 0000000..9aa2088 --- /dev/null +++ b/doc/functions/gnutls_db_check_entry.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_db_check_entry} (gnutls_session_t @var{session}, gnutls_datum_t @var{session_entry}) diff --git a/doc/functions/gnutls_db_check_entry_expire_time b/doc/functions/gnutls_db_check_entry_expire_time new file mode 100644 index 0000000..5cc2d74 --- /dev/null +++ b/doc/functions/gnutls_db_check_entry_expire_time @@ -0,0 +1,14 @@ + + + + +@deftypefun {time_t} {gnutls_db_check_entry_expire_time} (gnutls_datum_t * @var{entry}) +@var{entry}: is a pointer to a @code{gnutls_datum_t} type. + +This function returns the time that this entry will expire. +It can be used for database entry expiration. + +@strong{Returns:} The time this entry will expire, or zero on error. + +@strong{Since:} 3.6.5 +@end deftypefun diff --git a/doc/functions/gnutls_db_check_entry_expire_time.short b/doc/functions/gnutls_db_check_entry_expire_time.short new file mode 100644 index 0000000..a3a2bd9 --- /dev/null +++ b/doc/functions/gnutls_db_check_entry_expire_time.short @@ -0,0 +1 @@ +@item @var{time_t} @ref{gnutls_db_check_entry_expire_time} (gnutls_datum_t * @var{entry}) diff --git a/doc/functions/gnutls_db_check_entry_time b/doc/functions/gnutls_db_check_entry_time new file mode 100644 index 0000000..28d193b --- /dev/null +++ b/doc/functions/gnutls_db_check_entry_time @@ -0,0 +1,12 @@ + + + + +@deftypefun {time_t} {gnutls_db_check_entry_time} (gnutls_datum_t * @var{entry}) +@var{entry}: is a pointer to a @code{gnutls_datum_t} type. + +This function returns the time that this entry was active. +It can be used for database entry expiration. + +@strong{Returns:} The time this entry was created, or zero on error. +@end deftypefun diff --git a/doc/functions/gnutls_db_check_entry_time.short b/doc/functions/gnutls_db_check_entry_time.short new file mode 100644 index 0000000..608afc6 --- /dev/null +++ b/doc/functions/gnutls_db_check_entry_time.short @@ -0,0 +1 @@ +@item @var{time_t} @ref{gnutls_db_check_entry_time} (gnutls_datum_t * @var{entry}) diff --git a/doc/functions/gnutls_db_get_default_cache_expiration b/doc/functions/gnutls_db_get_default_cache_expiration new file mode 100644 index 0000000..aed96ea --- /dev/null +++ b/doc/functions/gnutls_db_get_default_cache_expiration @@ -0,0 +1,8 @@ + + + + +@deftypefun {unsigned} {gnutls_db_get_default_cache_expiration} ( @var{void}) + +Returns the expiration time (in seconds) of stored sessions for resumption. +@end deftypefun diff --git a/doc/functions/gnutls_db_get_default_cache_expiration.short b/doc/functions/gnutls_db_get_default_cache_expiration.short new file mode 100644 index 0000000..9f8fe8a --- /dev/null +++ b/doc/functions/gnutls_db_get_default_cache_expiration.short @@ -0,0 +1 @@ +@item @var{unsigned} @ref{gnutls_db_get_default_cache_expiration} ( @var{void}) diff --git a/doc/functions/gnutls_db_get_ptr b/doc/functions/gnutls_db_get_ptr new file mode 100644 index 0000000..03f82cc --- /dev/null +++ b/doc/functions/gnutls_db_get_ptr @@ -0,0 +1,12 @@ + + + + +@deftypefun {void *} {gnutls_db_get_ptr} (gnutls_session_t @var{session}) +@var{session}: is a @code{gnutls_session_t} type. + +Get db function pointer. + +@strong{Returns:} the pointer that will be sent to db store, retrieve and +delete functions, as the first argument. +@end deftypefun diff --git a/doc/functions/gnutls_db_get_ptr.short b/doc/functions/gnutls_db_get_ptr.short new file mode 100644 index 0000000..5447077 --- /dev/null +++ b/doc/functions/gnutls_db_get_ptr.short @@ -0,0 +1 @@ +@item @var{void *} @ref{gnutls_db_get_ptr} (gnutls_session_t @var{session}) diff --git a/doc/functions/gnutls_db_remove_session b/doc/functions/gnutls_db_remove_session new file mode 100644 index 0000000..a9b9da7 --- /dev/null +++ b/doc/functions/gnutls_db_remove_session @@ -0,0 +1,15 @@ + + + + +@deftypefun {void} {gnutls_db_remove_session} (gnutls_session_t @var{session}) +@var{session}: is a @code{gnutls_session_t} type. + +This function will remove the current session data from the +session database. This will prevent future handshakes reusing +these session data. This function should be called if a session +was terminated abnormally, and before @code{gnutls_deinit()} is called. + +Normally @code{gnutls_deinit()} will remove abnormally terminated +sessions. +@end deftypefun diff --git a/doc/functions/gnutls_db_remove_session.short b/doc/functions/gnutls_db_remove_session.short new file mode 100644 index 0000000..dcd72f5 --- /dev/null +++ b/doc/functions/gnutls_db_remove_session.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_db_remove_session} (gnutls_session_t @var{session}) diff --git a/doc/functions/gnutls_db_set_cache_expiration b/doc/functions/gnutls_db_set_cache_expiration new file mode 100644 index 0000000..cea1f45 --- /dev/null +++ b/doc/functions/gnutls_db_set_cache_expiration @@ -0,0 +1,15 @@ + + + + +@deftypefun {void} {gnutls_db_set_cache_expiration} (gnutls_session_t @var{session}, int @var{seconds}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{seconds}: is the number of seconds. + +Set the expiration time for resumed sessions. The default is 21600 +(size hours) at the time of writing. + +The maximum value that can be set using this function is 604800 +(7 days). +@end deftypefun diff --git a/doc/functions/gnutls_db_set_cache_expiration.short b/doc/functions/gnutls_db_set_cache_expiration.short new file mode 100644 index 0000000..65cb5fa --- /dev/null +++ b/doc/functions/gnutls_db_set_cache_expiration.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_db_set_cache_expiration} (gnutls_session_t @var{session}, int @var{seconds}) diff --git a/doc/functions/gnutls_db_set_ptr b/doc/functions/gnutls_db_set_ptr new file mode 100644 index 0000000..712f0e8 --- /dev/null +++ b/doc/functions/gnutls_db_set_ptr @@ -0,0 +1,12 @@ + + + + +@deftypefun {void} {gnutls_db_set_ptr} (gnutls_session_t @var{session}, void * @var{ptr}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{ptr}: is the pointer + +Sets the pointer that will be provided to db store, retrieve and +delete functions, as the first argument. +@end deftypefun diff --git a/doc/functions/gnutls_db_set_ptr.short b/doc/functions/gnutls_db_set_ptr.short new file mode 100644 index 0000000..72dc716 --- /dev/null +++ b/doc/functions/gnutls_db_set_ptr.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_db_set_ptr} (gnutls_session_t @var{session}, void * @var{ptr}) diff --git a/doc/functions/gnutls_db_set_remove_function b/doc/functions/gnutls_db_set_remove_function new file mode 100644 index 0000000..1674458 --- /dev/null +++ b/doc/functions/gnutls_db_set_remove_function @@ -0,0 +1,15 @@ + + + + +@deftypefun {void} {gnutls_db_set_remove_function} (gnutls_session_t @var{session}, gnutls_db_remove_func @var{rem_func}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{rem_func}: is the function. + +Sets the function that will be used to remove data from the +resumed sessions database. This function must return 0 on success. + +The first argument to @code{rem_func} will be null unless +@code{gnutls_db_set_ptr()} has been called. +@end deftypefun diff --git a/doc/functions/gnutls_db_set_remove_function.short b/doc/functions/gnutls_db_set_remove_function.short new file mode 100644 index 0000000..bf9dd77 --- /dev/null +++ b/doc/functions/gnutls_db_set_remove_function.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_db_set_remove_function} (gnutls_session_t @var{session}, gnutls_db_remove_func @var{rem_func}) diff --git a/doc/functions/gnutls_db_set_retrieve_function b/doc/functions/gnutls_db_set_retrieve_function new file mode 100644 index 0000000..82a4874 --- /dev/null +++ b/doc/functions/gnutls_db_set_retrieve_function @@ -0,0 +1,20 @@ + + + + +@deftypefun {void} {gnutls_db_set_retrieve_function} (gnutls_session_t @var{session}, gnutls_db_retr_func @var{retr_func}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{retr_func}: is the function. + +Sets the function that will be used to retrieve data from the +resumed sessions database. This function must return a +gnutls_datum_t containing the data on success, or a gnutls_datum_t +containing null and 0 on failure. + +The datum's data must be allocated using the function +@code{gnutls_malloc()} . + +The first argument to @code{retr_func} will be null unless +@code{gnutls_db_set_ptr()} has been called. +@end deftypefun diff --git a/doc/functions/gnutls_db_set_retrieve_function.short b/doc/functions/gnutls_db_set_retrieve_function.short new file mode 100644 index 0000000..d8b029b --- /dev/null +++ b/doc/functions/gnutls_db_set_retrieve_function.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_db_set_retrieve_function} (gnutls_session_t @var{session}, gnutls_db_retr_func @var{retr_func}) diff --git a/doc/functions/gnutls_db_set_store_function b/doc/functions/gnutls_db_set_store_function new file mode 100644 index 0000000..b71f2b5 --- /dev/null +++ b/doc/functions/gnutls_db_set_store_function @@ -0,0 +1,15 @@ + + + + +@deftypefun {void} {gnutls_db_set_store_function} (gnutls_session_t @var{session}, gnutls_db_store_func @var{store_func}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{store_func}: is the function + +Sets the function that will be used to store data in the resumed +sessions database. This function must return 0 on success. + +The first argument to @code{store_func} will be null unless +@code{gnutls_db_set_ptr()} has been called. +@end deftypefun diff --git a/doc/functions/gnutls_db_set_store_function.short b/doc/functions/gnutls_db_set_store_function.short new file mode 100644 index 0000000..5d071e4 --- /dev/null +++ b/doc/functions/gnutls_db_set_store_function.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_db_set_store_function} (gnutls_session_t @var{session}, gnutls_db_store_func @var{store_func}) diff --git a/doc/functions/gnutls_decode_ber_digest_info b/doc/functions/gnutls_decode_ber_digest_info new file mode 100644 index 0000000..d6b355d --- /dev/null +++ b/doc/functions/gnutls_decode_ber_digest_info @@ -0,0 +1,21 @@ + + + + +@deftypefun {int} {gnutls_decode_ber_digest_info} (const gnutls_datum_t * @var{info}, gnutls_digest_algorithm_t * @var{hash}, unsigned char * @var{digest}, unsigned int * @var{digest_size}) +@var{info}: an RSA BER encoded DigestInfo structure + +@var{hash}: will contain the hash algorithm of the structure + +@var{digest}: will contain the hash output of the structure + +@var{digest_size}: will contain the hash size of the structure; initially must hold the maximum size of @code{digest} + +This function will parse an RSA PKCS@code{1} 1.5 DigestInfo structure +and report the hash algorithm used as well as the digest data. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise +an error code is returned. + +@strong{Since:} 3.5.0 +@end deftypefun diff --git a/doc/functions/gnutls_decode_ber_digest_info.short b/doc/functions/gnutls_decode_ber_digest_info.short new file mode 100644 index 0000000..9edc846 --- /dev/null +++ b/doc/functions/gnutls_decode_ber_digest_info.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_decode_ber_digest_info} (const gnutls_datum_t * @var{info}, gnutls_digest_algorithm_t * @var{hash}, unsigned char * @var{digest}, unsigned int * @var{digest_size}) diff --git a/doc/functions/gnutls_decode_gost_rs_value b/doc/functions/gnutls_decode_gost_rs_value new file mode 100644 index 0000000..0c51cf3 --- /dev/null +++ b/doc/functions/gnutls_decode_gost_rs_value @@ -0,0 +1,23 @@ + + + + +@deftypefun {int} {gnutls_decode_gost_rs_value} (const gnutls_datum_t * @var{sig_value}, gnutls_datum_t * @var{r}, gnutls_datum_t * @var{s}) +@var{sig_value}: will holds a GOST signature according to RFC 4491 section 2.2.2 + +@var{r}: will contain the r value + +@var{s}: will contain the s value + +This function will decode the provided @code{sig_value} , into @code{r} and @code{s} elements. +See RFC 4491 section 2.2.2 for the format of signature value. + +The output values may be padded with a zero byte to prevent them +from being interpreted as negative values. The value +should be deallocated using @code{gnutls_free()} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise +an error code is returned. + +@strong{Since:} 3.6.0 +@end deftypefun diff --git a/doc/functions/gnutls_decode_gost_rs_value.short b/doc/functions/gnutls_decode_gost_rs_value.short new file mode 100644 index 0000000..f60b9e2 --- /dev/null +++ b/doc/functions/gnutls_decode_gost_rs_value.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_decode_gost_rs_value} (const gnutls_datum_t * @var{sig_value}, gnutls_datum_t * @var{r}, gnutls_datum_t * @var{s}) diff --git a/doc/functions/gnutls_decode_rs_value b/doc/functions/gnutls_decode_rs_value new file mode 100644 index 0000000..055e17b --- /dev/null +++ b/doc/functions/gnutls_decode_rs_value @@ -0,0 +1,24 @@ + + + + +@deftypefun {int} {gnutls_decode_rs_value} (const gnutls_datum_t * @var{sig_value}, gnutls_datum_t * @var{r}, gnutls_datum_t * @var{s}) +@var{sig_value}: holds a Dss-Sig-Value DER or BER encoded structure + +@var{r}: will contain the r value + +@var{s}: will contain the s value + +This function will decode the provided @code{sig_value} , +into @code{r} and @code{s} elements. The Dss-Sig-Value is used for DSA and ECDSA +signatures. + +The output values may be padded with a zero byte to prevent them +from being interpreted as negative values. The value +should be deallocated using @code{gnutls_free()} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise +an error code is returned. + +@strong{Since:} 3.6.0 +@end deftypefun diff --git a/doc/functions/gnutls_decode_rs_value.short b/doc/functions/gnutls_decode_rs_value.short new file mode 100644 index 0000000..8d7a1b8 --- /dev/null +++ b/doc/functions/gnutls_decode_rs_value.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_decode_rs_value} (const gnutls_datum_t * @var{sig_value}, gnutls_datum_t * @var{r}, gnutls_datum_t * @var{s}) diff --git a/doc/functions/gnutls_deinit b/doc/functions/gnutls_deinit new file mode 100644 index 0000000..8331434 --- /dev/null +++ b/doc/functions/gnutls_deinit @@ -0,0 +1,11 @@ + + + + +@deftypefun {void} {gnutls_deinit} (gnutls_session_t @var{session}) +@var{session}: is a @code{gnutls_session_t} type. + +This function clears all buffers associated with the @code{session} . +This function will also remove session data from the session +database if the session was terminated abnormally. +@end deftypefun diff --git a/doc/functions/gnutls_deinit.short b/doc/functions/gnutls_deinit.short new file mode 100644 index 0000000..a143b26 --- /dev/null +++ b/doc/functions/gnutls_deinit.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_deinit} (gnutls_session_t @var{session}) diff --git a/doc/functions/gnutls_dh_get_group b/doc/functions/gnutls_dh_get_group new file mode 100644 index 0000000..131c9f2 --- /dev/null +++ b/doc/functions/gnutls_dh_get_group @@ -0,0 +1,23 @@ + + + + +@deftypefun {int} {gnutls_dh_get_group} (gnutls_session_t @var{session}, gnutls_datum_t * @var{raw_gen}, gnutls_datum_t * @var{raw_prime}) +@var{session}: is a gnutls session + +@var{raw_gen}: will hold the generator. + +@var{raw_prime}: will hold the prime. + +This function will return the group parameters used in the last +Diffie-Hellman key exchange with the peer. These are the prime and +the generator used. This function should be used for both +anonymous and ephemeral Diffie-Hellman. The output parameters must +be freed with @code{gnutls_free()} . + +Note, that the prime and generator are exported as non-negative +integers and may include a leading zero byte. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise +an error code is returned. +@end deftypefun diff --git a/doc/functions/gnutls_dh_get_group.short b/doc/functions/gnutls_dh_get_group.short new file mode 100644 index 0000000..564c905 --- /dev/null +++ b/doc/functions/gnutls_dh_get_group.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_dh_get_group} (gnutls_session_t @var{session}, gnutls_datum_t * @var{raw_gen}, gnutls_datum_t * @var{raw_prime}) diff --git a/doc/functions/gnutls_dh_get_peers_public_bits b/doc/functions/gnutls_dh_get_peers_public_bits new file mode 100644 index 0000000..732470f --- /dev/null +++ b/doc/functions/gnutls_dh_get_peers_public_bits @@ -0,0 +1,13 @@ + + + + +@deftypefun {int} {gnutls_dh_get_peers_public_bits} (gnutls_session_t @var{session}) +@var{session}: is a gnutls session + +Get the Diffie-Hellman public key bit size. Can be used for both +anonymous and ephemeral Diffie-Hellman. + +@strong{Returns:} The public key bit size used in the last Diffie-Hellman +key exchange with the peer, or a negative error code in case of error. +@end deftypefun diff --git a/doc/functions/gnutls_dh_get_peers_public_bits.short b/doc/functions/gnutls_dh_get_peers_public_bits.short new file mode 100644 index 0000000..7a1e69a --- /dev/null +++ b/doc/functions/gnutls_dh_get_peers_public_bits.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_dh_get_peers_public_bits} (gnutls_session_t @var{session}) diff --git a/doc/functions/gnutls_dh_get_prime_bits b/doc/functions/gnutls_dh_get_prime_bits new file mode 100644 index 0000000..83c6272 --- /dev/null +++ b/doc/functions/gnutls_dh_get_prime_bits @@ -0,0 +1,17 @@ + + + + +@deftypefun {int} {gnutls_dh_get_prime_bits} (gnutls_session_t @var{session}) +@var{session}: is a gnutls session + +This function will return the bits of the prime used in the last +Diffie-Hellman key exchange with the peer. Should be used for both +anonymous and ephemeral Diffie-Hellman. Note that some ciphers, +like RSA and DSA without DHE, do not use a Diffie-Hellman key +exchange, and then this function will return 0. + +@strong{Returns:} The Diffie-Hellman bit strength is returned, or 0 if no +Diffie-Hellman key exchange was done, or a negative error code on +failure. +@end deftypefun diff --git a/doc/functions/gnutls_dh_get_prime_bits.short b/doc/functions/gnutls_dh_get_prime_bits.short new file mode 100644 index 0000000..4e1c4bd --- /dev/null +++ b/doc/functions/gnutls_dh_get_prime_bits.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_dh_get_prime_bits} (gnutls_session_t @var{session}) diff --git a/doc/functions/gnutls_dh_get_pubkey b/doc/functions/gnutls_dh_get_pubkey new file mode 100644 index 0000000..9af9546 --- /dev/null +++ b/doc/functions/gnutls_dh_get_pubkey @@ -0,0 +1,20 @@ + + + + +@deftypefun {int} {gnutls_dh_get_pubkey} (gnutls_session_t @var{session}, gnutls_datum_t * @var{raw_key}) +@var{session}: is a gnutls session + +@var{raw_key}: will hold the public key. + +This function will return the peer's public key used in the last +Diffie-Hellman key exchange. This function should be used for both +anonymous and ephemeral Diffie-Hellman. The output parameters must +be freed with @code{gnutls_free()} . + +Note, that public key is exported as non-negative +integer and may include a leading zero byte. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise +an error code is returned. +@end deftypefun diff --git a/doc/functions/gnutls_dh_get_pubkey.short b/doc/functions/gnutls_dh_get_pubkey.short new file mode 100644 index 0000000..d8d51ff --- /dev/null +++ b/doc/functions/gnutls_dh_get_pubkey.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_dh_get_pubkey} (gnutls_session_t @var{session}, gnutls_datum_t * @var{raw_key}) diff --git a/doc/functions/gnutls_dh_get_secret_bits b/doc/functions/gnutls_dh_get_secret_bits new file mode 100644 index 0000000..2dbb4b5 --- /dev/null +++ b/doc/functions/gnutls_dh_get_secret_bits @@ -0,0 +1,14 @@ + + + + +@deftypefun {int} {gnutls_dh_get_secret_bits} (gnutls_session_t @var{session}) +@var{session}: is a gnutls session + +This function will return the bits used in the last Diffie-Hellman +key exchange with the peer. Should be used for both anonymous and +ephemeral Diffie-Hellman. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise +an error code is returned. +@end deftypefun diff --git a/doc/functions/gnutls_dh_get_secret_bits.short b/doc/functions/gnutls_dh_get_secret_bits.short new file mode 100644 index 0000000..6937335 --- /dev/null +++ b/doc/functions/gnutls_dh_get_secret_bits.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_dh_get_secret_bits} (gnutls_session_t @var{session}) diff --git a/doc/functions/gnutls_dh_params_cpy b/doc/functions/gnutls_dh_params_cpy new file mode 100644 index 0000000..91cb7a7 --- /dev/null +++ b/doc/functions/gnutls_dh_params_cpy @@ -0,0 +1,15 @@ + + + + +@deftypefun {int} {gnutls_dh_params_cpy} (gnutls_dh_params_t @var{dst}, gnutls_dh_params_t @var{src}) +@var{dst}: Is the destination parameters, which should be initialized. + +@var{src}: Is the source parameters + +This function will copy the DH parameters structure from source +to destination. The destination should be already initialized. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, +otherwise a negative error code is returned. +@end deftypefun diff --git a/doc/functions/gnutls_dh_params_cpy.short b/doc/functions/gnutls_dh_params_cpy.short new file mode 100644 index 0000000..3b7ecb7 --- /dev/null +++ b/doc/functions/gnutls_dh_params_cpy.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_dh_params_cpy} (gnutls_dh_params_t @var{dst}, gnutls_dh_params_t @var{src}) diff --git a/doc/functions/gnutls_dh_params_deinit b/doc/functions/gnutls_dh_params_deinit new file mode 100644 index 0000000..d97af19 --- /dev/null +++ b/doc/functions/gnutls_dh_params_deinit @@ -0,0 +1,9 @@ + + + + +@deftypefun {void} {gnutls_dh_params_deinit} (gnutls_dh_params_t @var{dh_params}) +@var{dh_params}: The parameters + +This function will deinitialize the DH parameters type. +@end deftypefun diff --git a/doc/functions/gnutls_dh_params_deinit.short b/doc/functions/gnutls_dh_params_deinit.short new file mode 100644 index 0000000..c7e0a82 --- /dev/null +++ b/doc/functions/gnutls_dh_params_deinit.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_dh_params_deinit} (gnutls_dh_params_t @var{dh_params}) diff --git a/doc/functions/gnutls_dh_params_export2_pkcs3 b/doc/functions/gnutls_dh_params_export2_pkcs3 new file mode 100644 index 0000000..69b19d4 --- /dev/null +++ b/doc/functions/gnutls_dh_params_export2_pkcs3 @@ -0,0 +1,23 @@ + + + + +@deftypefun {int} {gnutls_dh_params_export2_pkcs3} (gnutls_dh_params_t @var{params}, gnutls_x509_crt_fmt_t @var{format}, gnutls_datum_t * @var{out}) +@var{params}: Holds the DH parameters + +@var{format}: the format of output params. One of PEM or DER. + +@var{out}: will contain a PKCS3 DHParams structure PEM or DER encoded + +This function will export the given dh parameters to a PKCS3 +DHParams structure. This is the format generated by "openssl dhparam" tool. +The data in @code{out} will be allocated using @code{gnutls_malloc()} . + +If the structure is PEM encoded, it will have a header +of "BEGIN DH PARAMETERS". + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, +otherwise a negative error code is returned. + +@strong{Since:} 3.1.3 +@end deftypefun diff --git a/doc/functions/gnutls_dh_params_export2_pkcs3.short b/doc/functions/gnutls_dh_params_export2_pkcs3.short new file mode 100644 index 0000000..e95d170 --- /dev/null +++ b/doc/functions/gnutls_dh_params_export2_pkcs3.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_dh_params_export2_pkcs3} (gnutls_dh_params_t @var{params}, gnutls_x509_crt_fmt_t @var{format}, gnutls_datum_t * @var{out}) diff --git a/doc/functions/gnutls_dh_params_export_pkcs3 b/doc/functions/gnutls_dh_params_export_pkcs3 new file mode 100644 index 0000000..303256c --- /dev/null +++ b/doc/functions/gnutls_dh_params_export_pkcs3 @@ -0,0 +1,24 @@ + + + + +@deftypefun {int} {gnutls_dh_params_export_pkcs3} (gnutls_dh_params_t @var{params}, gnutls_x509_crt_fmt_t @var{format}, unsigned char * @var{params_data}, size_t * @var{params_data_size}) +@var{params}: Holds the DH parameters + +@var{format}: the format of output params. One of PEM or DER. + +@var{params_data}: will contain a PKCS3 DHParams structure PEM or DER encoded + +@var{params_data_size}: holds the size of params_data (and will be replaced by the actual size of parameters) + +This function will export the given dh parameters to a PKCS3 +DHParams structure. This is the format generated by "openssl dhparam" tool. +If the buffer provided is not long enough to hold the output, then +GNUTLS_E_SHORT_MEMORY_BUFFER will be returned. + +If the structure is PEM encoded, it will have a header +of "BEGIN DH PARAMETERS". + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, +otherwise a negative error code is returned. +@end deftypefun diff --git a/doc/functions/gnutls_dh_params_export_pkcs3.short b/doc/functions/gnutls_dh_params_export_pkcs3.short new file mode 100644 index 0000000..ee47644 --- /dev/null +++ b/doc/functions/gnutls_dh_params_export_pkcs3.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_dh_params_export_pkcs3} (gnutls_dh_params_t @var{params}, gnutls_x509_crt_fmt_t @var{format}, unsigned char * @var{params_data}, size_t * @var{params_data_size}) diff --git a/doc/functions/gnutls_dh_params_export_raw b/doc/functions/gnutls_dh_params_export_raw new file mode 100644 index 0000000..2421cc6 --- /dev/null +++ b/doc/functions/gnutls_dh_params_export_raw @@ -0,0 +1,21 @@ + + + + +@deftypefun {int} {gnutls_dh_params_export_raw} (gnutls_dh_params_t @var{params}, gnutls_datum_t * @var{prime}, gnutls_datum_t * @var{generator}, unsigned int * @var{bits}) +@var{params}: Holds the DH parameters + +@var{prime}: will hold the new prime + +@var{generator}: will hold the new generator + +@var{bits}: if non null will hold the secret key's number of bits + +This function will export the pair of prime and generator for use +in the Diffie-Hellman key exchange. The new parameters will be +allocated using @code{gnutls_malloc()} and will be stored in the +appropriate datum. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, +otherwise a negative error code is returned. +@end deftypefun diff --git a/doc/functions/gnutls_dh_params_export_raw.short b/doc/functions/gnutls_dh_params_export_raw.short new file mode 100644 index 0000000..5447b51 --- /dev/null +++ b/doc/functions/gnutls_dh_params_export_raw.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_dh_params_export_raw} (gnutls_dh_params_t @var{params}, gnutls_datum_t * @var{prime}, gnutls_datum_t * @var{generator}, unsigned int * @var{bits}) diff --git a/doc/functions/gnutls_dh_params_generate2 b/doc/functions/gnutls_dh_params_generate2 new file mode 100644 index 0000000..1300110 --- /dev/null +++ b/doc/functions/gnutls_dh_params_generate2 @@ -0,0 +1,30 @@ + + + + +@deftypefun {int} {gnutls_dh_params_generate2} (gnutls_dh_params_t @var{dparams}, unsigned int @var{bits}) +@var{dparams}: The parameters + +@var{bits}: is the prime's number of bits + +This function will generate a new pair of prime and generator for use in +the Diffie-Hellman key exchange. This may take long time. + +It is recommended not to set the number of bits directly, but +use @code{gnutls_sec_param_to_pk_bits()} instead. +Also note that the DH parameters are only useful to servers. +Since clients use the parameters sent by the server, it's of +no use to call this in client side. + +The parameters generated are of the DSA form. It also is possible +to generate provable parameters (following the Shawe-Taylor +algorithm), using @code{gnutls_x509_privkey_generate2()} with DSA option +and the @code{GNUTLS_PRIVKEY_FLAG_PROVABLE} flag set. These can the +be imported with @code{gnutls_dh_params_import_dsa()} . + +It is no longer recommended for applications to generate parameters. +See the "Parameter generation" section in the manual. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, +otherwise a negative error code is returned. +@end deftypefun diff --git a/doc/functions/gnutls_dh_params_generate2.short b/doc/functions/gnutls_dh_params_generate2.short new file mode 100644 index 0000000..1a2024d --- /dev/null +++ b/doc/functions/gnutls_dh_params_generate2.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_dh_params_generate2} (gnutls_dh_params_t @var{dparams}, unsigned int @var{bits}) diff --git a/doc/functions/gnutls_dh_params_import_dsa b/doc/functions/gnutls_dh_params_import_dsa new file mode 100644 index 0000000..ff64f67 --- /dev/null +++ b/doc/functions/gnutls_dh_params_import_dsa @@ -0,0 +1,15 @@ + + + + +@deftypefun {int} {gnutls_dh_params_import_dsa} (gnutls_dh_params_t @var{dh_params}, gnutls_x509_privkey_t @var{key}) +@var{dh_params}: The parameters + +@var{key}: holds a DSA private key + +This function will import the prime and generator of the DSA key for use +in the Diffie-Hellman key exchange. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, +otherwise a negative error code is returned. +@end deftypefun diff --git a/doc/functions/gnutls_dh_params_import_dsa.short b/doc/functions/gnutls_dh_params_import_dsa.short new file mode 100644 index 0000000..9b485a2 --- /dev/null +++ b/doc/functions/gnutls_dh_params_import_dsa.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_dh_params_import_dsa} (gnutls_dh_params_t @var{dh_params}, gnutls_x509_privkey_t @var{key}) diff --git a/doc/functions/gnutls_dh_params_import_pkcs3 b/doc/functions/gnutls_dh_params_import_pkcs3 new file mode 100644 index 0000000..511d976 --- /dev/null +++ b/doc/functions/gnutls_dh_params_import_pkcs3 @@ -0,0 +1,20 @@ + + + + +@deftypefun {int} {gnutls_dh_params_import_pkcs3} (gnutls_dh_params_t @var{params}, const gnutls_datum_t * @var{pkcs3_params}, gnutls_x509_crt_fmt_t @var{format}) +@var{params}: The parameters + +@var{pkcs3_params}: should contain a PKCS3 DHParams structure PEM or DER encoded + +@var{format}: the format of params. PEM or DER. + +This function will extract the DHParams found in a PKCS3 formatted +structure. This is the format generated by "openssl dhparam" tool. + +If the structure is PEM encoded, it should have a header +of "BEGIN DH PARAMETERS". + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, +otherwise a negative error code is returned. +@end deftypefun diff --git a/doc/functions/gnutls_dh_params_import_pkcs3.short b/doc/functions/gnutls_dh_params_import_pkcs3.short new file mode 100644 index 0000000..64dac82 --- /dev/null +++ b/doc/functions/gnutls_dh_params_import_pkcs3.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_dh_params_import_pkcs3} (gnutls_dh_params_t @var{params}, const gnutls_datum_t * @var{pkcs3_params}, gnutls_x509_crt_fmt_t @var{format}) diff --git a/doc/functions/gnutls_dh_params_import_raw b/doc/functions/gnutls_dh_params_import_raw new file mode 100644 index 0000000..75bb897 --- /dev/null +++ b/doc/functions/gnutls_dh_params_import_raw @@ -0,0 +1,18 @@ + + + + +@deftypefun {int} {gnutls_dh_params_import_raw} (gnutls_dh_params_t @var{dh_params}, const gnutls_datum_t * @var{prime}, const gnutls_datum_t * @var{generator}) +@var{dh_params}: The parameters + +@var{prime}: holds the new prime + +@var{generator}: holds the new generator + +This function will replace the pair of prime and generator for use +in the Diffie-Hellman key exchange. The new parameters should be +stored in the appropriate gnutls_datum. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, +otherwise a negative error code is returned. +@end deftypefun diff --git a/doc/functions/gnutls_dh_params_import_raw.short b/doc/functions/gnutls_dh_params_import_raw.short new file mode 100644 index 0000000..4a5a21a --- /dev/null +++ b/doc/functions/gnutls_dh_params_import_raw.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_dh_params_import_raw} (gnutls_dh_params_t @var{dh_params}, const gnutls_datum_t * @var{prime}, const gnutls_datum_t * @var{generator}) diff --git a/doc/functions/gnutls_dh_params_import_raw2 b/doc/functions/gnutls_dh_params_import_raw2 new file mode 100644 index 0000000..9c400c1 --- /dev/null +++ b/doc/functions/gnutls_dh_params_import_raw2 @@ -0,0 +1,20 @@ + + + + +@deftypefun {int} {gnutls_dh_params_import_raw2} (gnutls_dh_params_t @var{dh_params}, const gnutls_datum_t * @var{prime}, const gnutls_datum_t * @var{generator}, unsigned @var{key_bits}) +@var{dh_params}: The parameters + +@var{prime}: holds the new prime + +@var{generator}: holds the new generator + +@var{key_bits}: the private key bits (set to zero when unknown) + +This function will replace the pair of prime and generator for use +in the Diffie-Hellman key exchange. The new parameters should be +stored in the appropriate gnutls_datum. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, +otherwise a negative error code is returned. +@end deftypefun diff --git a/doc/functions/gnutls_dh_params_import_raw2.short b/doc/functions/gnutls_dh_params_import_raw2.short new file mode 100644 index 0000000..77b87f6 --- /dev/null +++ b/doc/functions/gnutls_dh_params_import_raw2.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_dh_params_import_raw2} (gnutls_dh_params_t @var{dh_params}, const gnutls_datum_t * @var{prime}, const gnutls_datum_t * @var{generator}, unsigned @var{key_bits}) diff --git a/doc/functions/gnutls_dh_params_import_raw3 b/doc/functions/gnutls_dh_params_import_raw3 new file mode 100644 index 0000000..687c47a --- /dev/null +++ b/doc/functions/gnutls_dh_params_import_raw3 @@ -0,0 +1,20 @@ + + + + +@deftypefun {int} {gnutls_dh_params_import_raw3} (gnutls_dh_params_t @var{dh_params}, const gnutls_datum_t * @var{prime}, const gnutls_datum_t * @var{q}, const gnutls_datum_t * @var{generator}) +@var{dh_params}: The parameters + +@var{prime}: holds the new prime + +@var{q}: holds the subgroup if available, otherwise NULL + +@var{generator}: holds the new generator + +This function will replace the pair of prime and generator for use +in the Diffie-Hellman key exchange. The new parameters should be +stored in the appropriate gnutls_datum. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, +otherwise a negative error code is returned. +@end deftypefun diff --git a/doc/functions/gnutls_dh_params_import_raw3.short b/doc/functions/gnutls_dh_params_import_raw3.short new file mode 100644 index 0000000..1e3e1bc --- /dev/null +++ b/doc/functions/gnutls_dh_params_import_raw3.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_dh_params_import_raw3} (gnutls_dh_params_t @var{dh_params}, const gnutls_datum_t * @var{prime}, const gnutls_datum_t * @var{q}, const gnutls_datum_t * @var{generator}) diff --git a/doc/functions/gnutls_dh_params_init b/doc/functions/gnutls_dh_params_init new file mode 100644 index 0000000..6a0826a --- /dev/null +++ b/doc/functions/gnutls_dh_params_init @@ -0,0 +1,12 @@ + + + + +@deftypefun {int} {gnutls_dh_params_init} (gnutls_dh_params_t * @var{dh_params}) +@var{dh_params}: The parameters + +This function will initialize the DH parameters type. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, +otherwise a negative error code is returned. +@end deftypefun diff --git a/doc/functions/gnutls_dh_params_init.short b/doc/functions/gnutls_dh_params_init.short new file mode 100644 index 0000000..fc7afe9 --- /dev/null +++ b/doc/functions/gnutls_dh_params_init.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_dh_params_init} (gnutls_dh_params_t * @var{dh_params}) diff --git a/doc/functions/gnutls_dh_set_prime_bits b/doc/functions/gnutls_dh_set_prime_bits new file mode 100644 index 0000000..ef791c4 --- /dev/null +++ b/doc/functions/gnutls_dh_set_prime_bits @@ -0,0 +1,28 @@ + + + + +@deftypefun {void} {gnutls_dh_set_prime_bits} (gnutls_session_t @var{session}, unsigned int @var{bits}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{bits}: is the number of bits + +This function sets the number of bits, for use in a Diffie-Hellman +key exchange. This is used both in DH ephemeral and DH anonymous +cipher suites. This will set the minimum size of the prime that +will be used for the handshake. + +In the client side it sets the minimum accepted number of bits. If +a server sends a prime with less bits than that +@code{GNUTLS_E_DH_PRIME_UNACCEPTABLE} will be returned by the handshake. + +Note that this function will warn via the audit log for value that +are believed to be weak. + +The function has no effect in server side. + +Note that since 3.1.7 this function is deprecated. The minimum +number of bits is set by the priority string level. +Also this function must be called after @code{gnutls_priority_set_direct()} +or the set value may be overridden by the selected priority options. +@end deftypefun diff --git a/doc/functions/gnutls_dh_set_prime_bits.short b/doc/functions/gnutls_dh_set_prime_bits.short new file mode 100644 index 0000000..7bb86b2 --- /dev/null +++ b/doc/functions/gnutls_dh_set_prime_bits.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_dh_set_prime_bits} (gnutls_session_t @var{session}, unsigned int @var{bits}) diff --git a/doc/functions/gnutls_digest_get_id b/doc/functions/gnutls_digest_get_id new file mode 100644 index 0000000..3e3cb1c --- /dev/null +++ b/doc/functions/gnutls_digest_get_id @@ -0,0 +1,13 @@ + + + + +@deftypefun {gnutls_digest_algorithm_t} {gnutls_digest_get_id} (const char * @var{name}) +@var{name}: is a digest algorithm name + +Convert a string to a @code{gnutls_digest_algorithm_t} value. The names are +compared in a case insensitive way. + +@strong{Returns:} a @code{gnutls_digest_algorithm_t} id of the specified MAC +algorithm string, or @code{GNUTLS_DIG_UNKNOWN} on failure. +@end deftypefun diff --git a/doc/functions/gnutls_digest_get_id.short b/doc/functions/gnutls_digest_get_id.short new file mode 100644 index 0000000..00c85b0 --- /dev/null +++ b/doc/functions/gnutls_digest_get_id.short @@ -0,0 +1 @@ +@item @var{gnutls_digest_algorithm_t} @ref{gnutls_digest_get_id} (const char * @var{name}) diff --git a/doc/functions/gnutls_digest_get_name b/doc/functions/gnutls_digest_get_name new file mode 100644 index 0000000..480d66d --- /dev/null +++ b/doc/functions/gnutls_digest_get_name @@ -0,0 +1,12 @@ + + + + +@deftypefun {const char *} {gnutls_digest_get_name} (gnutls_digest_algorithm_t @var{algorithm}) +@var{algorithm}: is a digest algorithm + +Convert a @code{gnutls_digest_algorithm_t} value to a string. + +@strong{Returns:} a string that contains the name of the specified digest +algorithm, or @code{NULL} . +@end deftypefun diff --git a/doc/functions/gnutls_digest_get_name.short b/doc/functions/gnutls_digest_get_name.short new file mode 100644 index 0000000..524cd82 --- /dev/null +++ b/doc/functions/gnutls_digest_get_name.short @@ -0,0 +1 @@ +@item @var{const char *} @ref{gnutls_digest_get_name} (gnutls_digest_algorithm_t @var{algorithm}) diff --git a/doc/functions/gnutls_digest_get_oid b/doc/functions/gnutls_digest_get_oid new file mode 100644 index 0000000..7633ad4 --- /dev/null +++ b/doc/functions/gnutls_digest_get_oid @@ -0,0 +1,14 @@ + + + + +@deftypefun {const char *} {gnutls_digest_get_oid} (gnutls_digest_algorithm_t @var{algorithm}) +@var{algorithm}: is a digest algorithm + +Convert a @code{gnutls_digest_algorithm_t} value to its object identifier. + +@strong{Returns:} a string that contains the object identifier of the specified digest +algorithm, or @code{NULL} . + +@strong{Since:} 3.4.3 +@end deftypefun diff --git a/doc/functions/gnutls_digest_get_oid.short b/doc/functions/gnutls_digest_get_oid.short new file mode 100644 index 0000000..a562afe --- /dev/null +++ b/doc/functions/gnutls_digest_get_oid.short @@ -0,0 +1 @@ +@item @var{const char *} @ref{gnutls_digest_get_oid} (gnutls_digest_algorithm_t @var{algorithm}) diff --git a/doc/functions/gnutls_digest_list b/doc/functions/gnutls_digest_list new file mode 100644 index 0000000..649e77e --- /dev/null +++ b/doc/functions/gnutls_digest_list @@ -0,0 +1,13 @@ + + + + +@deftypefun {const gnutls_digest_algorithm_t *} {gnutls_digest_list} ( @var{void}) + +Get a list of hash (digest) algorithms supported by GnuTLS. + +This function is not thread safe. + +@strong{Returns:} Return a (0)-terminated list of @code{gnutls_digest_algorithm_t} +integers indicating the available digests. +@end deftypefun diff --git a/doc/functions/gnutls_digest_list.short b/doc/functions/gnutls_digest_list.short new file mode 100644 index 0000000..2750b96 --- /dev/null +++ b/doc/functions/gnutls_digest_list.short @@ -0,0 +1 @@ +@item @var{const gnutls_digest_algorithm_t *} @ref{gnutls_digest_list} ( @var{void}) diff --git a/doc/functions/gnutls_dtls_cookie_send b/doc/functions/gnutls_dtls_cookie_send new file mode 100644 index 0000000..22630f0 --- /dev/null +++ b/doc/functions/gnutls_dtls_cookie_send @@ -0,0 +1,31 @@ + + + +@deftypefun {int} {gnutls_dtls_cookie_send} (gnutls_datum_t * @var{key}, void * @var{client_data}, size_t @var{client_data_size}, gnutls_dtls_prestate_st * @var{prestate}, gnutls_transport_ptr_t @var{ptr}, gnutls_push_func @var{push_func}) +@var{key}: is a random key to be used at cookie generation + +@var{client_data}: contains data identifying the client (i.e. address) + +@var{client_data_size}: The size of client's data + +@var{prestate}: The previous cookie returned by @code{gnutls_dtls_cookie_verify()} + +@var{ptr}: A transport pointer to be used by @code{push_func} + +@var{push_func}: A function that will be used to reply + +This function can be used to prevent denial of service +attacks to a DTLS server by requiring the client to +reply using a cookie sent by this function. That way +it can be ensured that a client we allocated resources +for (i.e. @code{gnutls_session_t} ) is the one that the +original incoming packet was originated from. + +This function must be called at the first incoming packet, +prior to allocating any resources and must be succeeded +by @code{gnutls_dtls_cookie_verify()} . + +@strong{Returns:} the number of bytes sent, or a negative error code. + +@strong{Since:} 3.0 +@end deftypefun diff --git a/doc/functions/gnutls_dtls_cookie_send.short b/doc/functions/gnutls_dtls_cookie_send.short new file mode 100644 index 0000000..a7c268d --- /dev/null +++ b/doc/functions/gnutls_dtls_cookie_send.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_dtls_cookie_send} (gnutls_datum_t * @var{key}, void * @var{client_data}, size_t @var{client_data_size}, gnutls_dtls_prestate_st * @var{prestate}, gnutls_transport_ptr_t @var{ptr}, gnutls_push_func @var{push_func}) diff --git a/doc/functions/gnutls_dtls_cookie_verify b/doc/functions/gnutls_dtls_cookie_verify new file mode 100644 index 0000000..31c658f --- /dev/null +++ b/doc/functions/gnutls_dtls_cookie_verify @@ -0,0 +1,28 @@ + + + + +@deftypefun {int} {gnutls_dtls_cookie_verify} (gnutls_datum_t * @var{key}, void * @var{client_data}, size_t @var{client_data_size}, void * @var{_msg}, size_t @var{msg_size}, gnutls_dtls_prestate_st * @var{prestate}) +@var{key}: is a random key to be used at cookie generation + +@var{client_data}: contains data identifying the client (i.e. address) + +@var{client_data_size}: The size of client's data + +@var{_msg}: An incoming message that initiates a connection. + +@var{msg_size}: The size of the message. + +@var{prestate}: The cookie of this client. + +This function will verify the received message for +a valid cookie. If a valid cookie is returned then +it should be associated with the session using +@code{gnutls_dtls_prestate_set()} ; + +This function must be called after @code{gnutls_dtls_cookie_send()} . + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} (0) on success, or a negative error code. + +@strong{Since:} 3.0 +@end deftypefun diff --git a/doc/functions/gnutls_dtls_cookie_verify.short b/doc/functions/gnutls_dtls_cookie_verify.short new file mode 100644 index 0000000..1099a82 --- /dev/null +++ b/doc/functions/gnutls_dtls_cookie_verify.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_dtls_cookie_verify} (gnutls_datum_t * @var{key}, void * @var{client_data}, size_t @var{client_data_size}, void * @var{_msg}, size_t @var{msg_size}, gnutls_dtls_prestate_st * @var{prestate}) diff --git a/doc/functions/gnutls_dtls_get_data_mtu b/doc/functions/gnutls_dtls_get_data_mtu new file mode 100644 index 0000000..2242070 --- /dev/null +++ b/doc/functions/gnutls_dtls_get_data_mtu @@ -0,0 +1,15 @@ + + + + +@deftypefun {unsigned int} {gnutls_dtls_get_data_mtu} (gnutls_session_t @var{session}) +@var{session}: is a @code{gnutls_session_t} type. + +This function will return the actual maximum transfer unit for +application data. I.e. DTLS headers are subtracted from the +actual MTU which is set using @code{gnutls_dtls_set_mtu()} . + +@strong{Returns:} the maximum allowed transfer unit. + +@strong{Since:} 3.0 +@end deftypefun diff --git a/doc/functions/gnutls_dtls_get_data_mtu.short b/doc/functions/gnutls_dtls_get_data_mtu.short new file mode 100644 index 0000000..3e1f9d5 --- /dev/null +++ b/doc/functions/gnutls_dtls_get_data_mtu.short @@ -0,0 +1 @@ +@item @var{unsigned int} @ref{gnutls_dtls_get_data_mtu} (gnutls_session_t @var{session}) diff --git a/doc/functions/gnutls_dtls_get_mtu b/doc/functions/gnutls_dtls_get_mtu new file mode 100644 index 0000000..cb899fc --- /dev/null +++ b/doc/functions/gnutls_dtls_get_mtu @@ -0,0 +1,16 @@ + + + + +@deftypefun {unsigned int} {gnutls_dtls_get_mtu} (gnutls_session_t @var{session}) +@var{session}: is a @code{gnutls_session_t} type. + +This function will return the MTU size as set with +@code{gnutls_dtls_set_mtu()} . This is not the actual MTU +of data you can transmit. Use @code{gnutls_dtls_get_data_mtu()} +for that reason. + +@strong{Returns:} the set maximum transfer unit. + +@strong{Since:} 3.0 +@end deftypefun diff --git a/doc/functions/gnutls_dtls_get_mtu.short b/doc/functions/gnutls_dtls_get_mtu.short new file mode 100644 index 0000000..e9df51a --- /dev/null +++ b/doc/functions/gnutls_dtls_get_mtu.short @@ -0,0 +1 @@ +@item @var{unsigned int} @ref{gnutls_dtls_get_mtu} (gnutls_session_t @var{session}) diff --git a/doc/functions/gnutls_dtls_get_timeout b/doc/functions/gnutls_dtls_get_timeout new file mode 100644 index 0000000..8f50a9a --- /dev/null +++ b/doc/functions/gnutls_dtls_get_timeout @@ -0,0 +1,17 @@ + + + + +@deftypefun {unsigned int} {gnutls_dtls_get_timeout} (gnutls_session_t @var{session}) +@var{session}: is a @code{gnutls_session_t} type. + +This function will return the milliseconds remaining +for a retransmission of the previously sent handshake +message. This function is useful when DTLS is used in +non-blocking mode, to estimate when to call @code{gnutls_handshake()} +if no packets have been received. + +@strong{Returns:} the remaining time in milliseconds. + +@strong{Since:} 3.0 +@end deftypefun diff --git a/doc/functions/gnutls_dtls_get_timeout.short b/doc/functions/gnutls_dtls_get_timeout.short new file mode 100644 index 0000000..d763e58 --- /dev/null +++ b/doc/functions/gnutls_dtls_get_timeout.short @@ -0,0 +1 @@ +@item @var{unsigned int} @ref{gnutls_dtls_get_timeout} (gnutls_session_t @var{session}) diff --git a/doc/functions/gnutls_dtls_prestate_set b/doc/functions/gnutls_dtls_prestate_set new file mode 100644 index 0000000..187275e --- /dev/null +++ b/doc/functions/gnutls_dtls_prestate_set @@ -0,0 +1,18 @@ + + + + +@deftypefun {void} {gnutls_dtls_prestate_set} (gnutls_session_t @var{session}, gnutls_dtls_prestate_st * @var{prestate}) +@var{session}: a new session + +@var{prestate}: contains the client's prestate + +This function will associate the prestate acquired by +the cookie authentication with the client, with the newly +established session. + +This functions must be called after a successful @code{gnutls_dtls_cookie_verify()} +and should be succeeded by the actual DTLS handshake using @code{gnutls_handshake()} . + +@strong{Since:} 3.0 +@end deftypefun diff --git a/doc/functions/gnutls_dtls_prestate_set.short b/doc/functions/gnutls_dtls_prestate_set.short new file mode 100644 index 0000000..69897e2 --- /dev/null +++ b/doc/functions/gnutls_dtls_prestate_set.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_dtls_prestate_set} (gnutls_session_t @var{session}, gnutls_dtls_prestate_st * @var{prestate}) diff --git a/doc/functions/gnutls_dtls_set_data_mtu b/doc/functions/gnutls_dtls_set_data_mtu new file mode 100644 index 0000000..bcd5245 --- /dev/null +++ b/doc/functions/gnutls_dtls_set_data_mtu @@ -0,0 +1,24 @@ + + + + +@deftypefun {int} {gnutls_dtls_set_data_mtu} (gnutls_session_t @var{session}, unsigned int @var{mtu}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{mtu}: The maximum unencrypted transfer unit of the session + +This function will set the maximum size of the *unencrypted* records +which will be sent over a DTLS session. It is equivalent to calculating +the DTLS packet overhead with the current encryption parameters, and +calling @code{gnutls_dtls_set_mtu()} with that value. In particular, this means +that you may need to call this function again after any negotiation or +renegotiation, in order to ensure that the MTU is still sufficient to +account for the new protocol overhead. + +In most cases you only need to call @code{gnutls_dtls_set_mtu()} with +the maximum MTU of your transport layer. + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} (0) on success, or a negative error code. + +@strong{Since:} 3.1 +@end deftypefun diff --git a/doc/functions/gnutls_dtls_set_data_mtu.short b/doc/functions/gnutls_dtls_set_data_mtu.short new file mode 100644 index 0000000..f4faf00 --- /dev/null +++ b/doc/functions/gnutls_dtls_set_data_mtu.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_dtls_set_data_mtu} (gnutls_session_t @var{session}, unsigned int @var{mtu}) diff --git a/doc/functions/gnutls_dtls_set_mtu b/doc/functions/gnutls_dtls_set_mtu new file mode 100644 index 0000000..c59a9eb --- /dev/null +++ b/doc/functions/gnutls_dtls_set_mtu @@ -0,0 +1,17 @@ + + + + +@deftypefun {void} {gnutls_dtls_set_mtu} (gnutls_session_t @var{session}, unsigned int @var{mtu}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{mtu}: The maximum transfer unit of the transport + +This function will set the maximum transfer unit of the transport +that DTLS packets are sent over. Note that this should exclude +the IP (or IPv6) and UDP headers. So for DTLS over IPv6 on an +Ethernet device with MTU 1500, the DTLS MTU set with this function +would be 1500 - 40 (IPV6 header) - 8 (UDP header) = 1452. + +@strong{Since:} 3.0 +@end deftypefun diff --git a/doc/functions/gnutls_dtls_set_mtu.short b/doc/functions/gnutls_dtls_set_mtu.short new file mode 100644 index 0000000..29bdbfc --- /dev/null +++ b/doc/functions/gnutls_dtls_set_mtu.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_dtls_set_mtu} (gnutls_session_t @var{session}, unsigned int @var{mtu}) diff --git a/doc/functions/gnutls_dtls_set_timeouts b/doc/functions/gnutls_dtls_set_timeouts new file mode 100644 index 0000000..c620ff9 --- /dev/null +++ b/doc/functions/gnutls_dtls_set_timeouts @@ -0,0 +1,24 @@ + + + + +@deftypefun {void} {gnutls_dtls_set_timeouts} (gnutls_session_t @var{session}, unsigned int @var{retrans_timeout}, unsigned int @var{total_timeout}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{retrans_timeout}: The time at which a retransmission will occur in milliseconds + +@var{total_timeout}: The time at which the connection will be aborted, in milliseconds. + +This function will set the timeouts required for the DTLS handshake +protocol. The retransmission timeout is the time after which a +message from the peer is not received, the previous messages will +be retransmitted. The total timeout is the time after which the +handshake will be aborted with @code{GNUTLS_E_TIMEDOUT} . + +The DTLS protocol recommends the values of 1 sec and 60 seconds +respectively, and these are the default values. + +To disable retransmissions set a @code{retrans_timeout} larger than the @code{total_timeout} . + +@strong{Since:} 3.0 +@end deftypefun diff --git a/doc/functions/gnutls_dtls_set_timeouts.short b/doc/functions/gnutls_dtls_set_timeouts.short new file mode 100644 index 0000000..a9b76df --- /dev/null +++ b/doc/functions/gnutls_dtls_set_timeouts.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_dtls_set_timeouts} (gnutls_session_t @var{session}, unsigned int @var{retrans_timeout}, unsigned int @var{total_timeout}) diff --git a/doc/functions/gnutls_ecc_curve_get b/doc/functions/gnutls_ecc_curve_get new file mode 100644 index 0000000..a31cef1 --- /dev/null +++ b/doc/functions/gnutls_ecc_curve_get @@ -0,0 +1,15 @@ + + + + +@deftypefun {gnutls_ecc_curve_t} {gnutls_ecc_curve_get} (gnutls_session_t @var{session}) +@var{session}: is a @code{gnutls_session_t} type. + +Returns the currently used elliptic curve for key exchange. Only valid +when using an elliptic curve ciphersuite. + +@strong{Returns:} the currently used curve, a @code{gnutls_ecc_curve_t} +type. + +@strong{Since:} 3.0 +@end deftypefun diff --git a/doc/functions/gnutls_ecc_curve_get.short b/doc/functions/gnutls_ecc_curve_get.short new file mode 100644 index 0000000..a90064c --- /dev/null +++ b/doc/functions/gnutls_ecc_curve_get.short @@ -0,0 +1 @@ +@item @var{gnutls_ecc_curve_t} @ref{gnutls_ecc_curve_get} (gnutls_session_t @var{session}) diff --git a/doc/functions/gnutls_ecc_curve_get_id b/doc/functions/gnutls_ecc_curve_get_id new file mode 100644 index 0000000..98ec51c --- /dev/null +++ b/doc/functions/gnutls_ecc_curve_get_id @@ -0,0 +1,14 @@ + + + + +@deftypefun {gnutls_ecc_curve_t} {gnutls_ecc_curve_get_id} (const char * @var{name}) +@var{name}: is a curve name + +The names are compared in a case insensitive way. + +@strong{Returns:} return a @code{gnutls_ecc_curve_t} value corresponding to +the specified curve, or @code{GNUTLS_ECC_CURVE_INVALID} on error. + +@strong{Since:} 3.4.3 +@end deftypefun diff --git a/doc/functions/gnutls_ecc_curve_get_id.short b/doc/functions/gnutls_ecc_curve_get_id.short new file mode 100644 index 0000000..681ff64 --- /dev/null +++ b/doc/functions/gnutls_ecc_curve_get_id.short @@ -0,0 +1 @@ +@item @var{gnutls_ecc_curve_t} @ref{gnutls_ecc_curve_get_id} (const char * @var{name}) diff --git a/doc/functions/gnutls_ecc_curve_get_name b/doc/functions/gnutls_ecc_curve_get_name new file mode 100644 index 0000000..5c44045 --- /dev/null +++ b/doc/functions/gnutls_ecc_curve_get_name @@ -0,0 +1,14 @@ + + + + +@deftypefun {const char *} {gnutls_ecc_curve_get_name} (gnutls_ecc_curve_t @var{curve}) +@var{curve}: is an ECC curve + +Convert a @code{gnutls_ecc_curve_t} value to a string. + +@strong{Returns:} a string that contains the name of the specified +curve or @code{NULL} . + +@strong{Since:} 3.0 +@end deftypefun diff --git a/doc/functions/gnutls_ecc_curve_get_name.short b/doc/functions/gnutls_ecc_curve_get_name.short new file mode 100644 index 0000000..bbaafdf --- /dev/null +++ b/doc/functions/gnutls_ecc_curve_get_name.short @@ -0,0 +1 @@ +@item @var{const char *} @ref{gnutls_ecc_curve_get_name} (gnutls_ecc_curve_t @var{curve}) diff --git a/doc/functions/gnutls_ecc_curve_get_oid b/doc/functions/gnutls_ecc_curve_get_oid new file mode 100644 index 0000000..6c1fb57 --- /dev/null +++ b/doc/functions/gnutls_ecc_curve_get_oid @@ -0,0 +1,14 @@ + + + + +@deftypefun {const char *} {gnutls_ecc_curve_get_oid} (gnutls_ecc_curve_t @var{curve}) +@var{curve}: is an ECC curve + +Convert a @code{gnutls_ecc_curve_t} value to its object identifier. + +@strong{Returns:} a string that contains the OID of the specified +curve or @code{NULL} . + +@strong{Since:} 3.4.3 +@end deftypefun diff --git a/doc/functions/gnutls_ecc_curve_get_oid.short b/doc/functions/gnutls_ecc_curve_get_oid.short new file mode 100644 index 0000000..a9309dc --- /dev/null +++ b/doc/functions/gnutls_ecc_curve_get_oid.short @@ -0,0 +1 @@ +@item @var{const char *} @ref{gnutls_ecc_curve_get_oid} (gnutls_ecc_curve_t @var{curve}) diff --git a/doc/functions/gnutls_ecc_curve_get_pk b/doc/functions/gnutls_ecc_curve_get_pk new file mode 100644 index 0000000..dfbb9e0 --- /dev/null +++ b/doc/functions/gnutls_ecc_curve_get_pk @@ -0,0 +1,12 @@ + + + + +@deftypefun {gnutls_pk_algorithm_t} {gnutls_ecc_curve_get_pk} (gnutls_ecc_curve_t @var{curve}) +@var{curve}: is an ECC curve + + +@strong{Returns:} the public key algorithm associated with the named curve or @code{GNUTLS_PK_UNKNOWN} . + +@strong{Since:} 3.5.0 +@end deftypefun diff --git a/doc/functions/gnutls_ecc_curve_get_pk.short b/doc/functions/gnutls_ecc_curve_get_pk.short new file mode 100644 index 0000000..c02779a --- /dev/null +++ b/doc/functions/gnutls_ecc_curve_get_pk.short @@ -0,0 +1 @@ +@item @var{gnutls_pk_algorithm_t} @ref{gnutls_ecc_curve_get_pk} (gnutls_ecc_curve_t @var{curve}) diff --git a/doc/functions/gnutls_ecc_curve_get_size b/doc/functions/gnutls_ecc_curve_get_size new file mode 100644 index 0000000..e3a08e1 --- /dev/null +++ b/doc/functions/gnutls_ecc_curve_get_size @@ -0,0 +1,12 @@ + + + + +@deftypefun {int} {gnutls_ecc_curve_get_size} (gnutls_ecc_curve_t @var{curve}) +@var{curve}: is an ECC curve + + +@strong{Returns:} the size in bytes of the curve or 0 on failure. + +@strong{Since:} 3.0 +@end deftypefun diff --git a/doc/functions/gnutls_ecc_curve_get_size.short b/doc/functions/gnutls_ecc_curve_get_size.short new file mode 100644 index 0000000..d7733b2 --- /dev/null +++ b/doc/functions/gnutls_ecc_curve_get_size.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_ecc_curve_get_size} (gnutls_ecc_curve_t @var{curve}) diff --git a/doc/functions/gnutls_ecc_curve_list b/doc/functions/gnutls_ecc_curve_list new file mode 100644 index 0000000..09f2a51 --- /dev/null +++ b/doc/functions/gnutls_ecc_curve_list @@ -0,0 +1,13 @@ + + + + +@deftypefun {const gnutls_ecc_curve_t *} {gnutls_ecc_curve_list} ( @var{void}) + +Get the list of supported elliptic curves. + +This function is not thread safe. + +@strong{Returns:} Return a (0)-terminated list of @code{gnutls_ecc_curve_t} +integers indicating the available curves. +@end deftypefun diff --git a/doc/functions/gnutls_ecc_curve_list.short b/doc/functions/gnutls_ecc_curve_list.short new file mode 100644 index 0000000..05cd043 --- /dev/null +++ b/doc/functions/gnutls_ecc_curve_list.short @@ -0,0 +1 @@ +@item @var{const gnutls_ecc_curve_t *} @ref{gnutls_ecc_curve_list} ( @var{void}) diff --git a/doc/functions/gnutls_encode_ber_digest_info b/doc/functions/gnutls_encode_ber_digest_info new file mode 100644 index 0000000..89f8d41 --- /dev/null +++ b/doc/functions/gnutls_encode_ber_digest_info @@ -0,0 +1,19 @@ + + + + +@deftypefun {int} {gnutls_encode_ber_digest_info} (gnutls_digest_algorithm_t @var{hash}, const gnutls_datum_t * @var{digest}, gnutls_datum_t * @var{output}) +@var{hash}: the hash algorithm that was used to get the digest + +@var{digest}: must contain the digest data + +@var{output}: will contain the allocated DigestInfo BER encoded data + +This function will encode the provided digest data, and its +algorithm into an RSA PKCS@code{1} 1.5 DigestInfo structure. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise +an error code is returned. + +@strong{Since:} 3.5.0 +@end deftypefun diff --git a/doc/functions/gnutls_encode_ber_digest_info.short b/doc/functions/gnutls_encode_ber_digest_info.short new file mode 100644 index 0000000..1e6347d --- /dev/null +++ b/doc/functions/gnutls_encode_ber_digest_info.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_encode_ber_digest_info} (gnutls_digest_algorithm_t @var{hash}, const gnutls_datum_t * @var{digest}, gnutls_datum_t * @var{output}) diff --git a/doc/functions/gnutls_encode_gost_rs_value b/doc/functions/gnutls_encode_gost_rs_value new file mode 100644 index 0000000..753fd0c --- /dev/null +++ b/doc/functions/gnutls_encode_gost_rs_value @@ -0,0 +1,22 @@ + + + + +@deftypefun {int} {gnutls_encode_gost_rs_value} (gnutls_datum_t * @var{sig_value}, const gnutls_datum_t * @var{r}, const gnutls_datum_t * @var{s}) +@var{sig_value}: will hold a GOST signature according to RFC 4491 section 2.2.2 + +@var{r}: must contain the r value + +@var{s}: must contain the s value + +This function will encode the provided r and s values, into binary +representation according to RFC 4491 section 2.2.2, used for GOST R +34.10-2001 (and thus also for GOST R 34.10-2012) signatures. + +The output value should be deallocated using @code{gnutls_free()} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise +an error code is returned. + +@strong{Since:} 3.6.0 +@end deftypefun diff --git a/doc/functions/gnutls_encode_gost_rs_value.short b/doc/functions/gnutls_encode_gost_rs_value.short new file mode 100644 index 0000000..2916965 --- /dev/null +++ b/doc/functions/gnutls_encode_gost_rs_value.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_encode_gost_rs_value} (gnutls_datum_t * @var{sig_value}, const gnutls_datum_t * @var{r}, const gnutls_datum_t * @var{s}) diff --git a/doc/functions/gnutls_encode_rs_value b/doc/functions/gnutls_encode_rs_value new file mode 100644 index 0000000..c161420 --- /dev/null +++ b/doc/functions/gnutls_encode_rs_value @@ -0,0 +1,22 @@ + + + + +@deftypefun {int} {gnutls_encode_rs_value} (gnutls_datum_t * @var{sig_value}, const gnutls_datum_t * @var{r}, const gnutls_datum_t * @var{s}) +@var{sig_value}: will hold a Dss-Sig-Value DER encoded structure + +@var{r}: must contain the r value + +@var{s}: must contain the s value + +This function will encode the provided r and s values, +into a Dss-Sig-Value structure, used for DSA and ECDSA +signatures. + +The output value should be deallocated using @code{gnutls_free()} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise +an error code is returned. + +@strong{Since:} 3.6.0 +@end deftypefun diff --git a/doc/functions/gnutls_encode_rs_value.short b/doc/functions/gnutls_encode_rs_value.short new file mode 100644 index 0000000..73879ff --- /dev/null +++ b/doc/functions/gnutls_encode_rs_value.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_encode_rs_value} (gnutls_datum_t * @var{sig_value}, const gnutls_datum_t * @var{r}, const gnutls_datum_t * @var{s}) diff --git a/doc/functions/gnutls_error_is_fatal b/doc/functions/gnutls_error_is_fatal new file mode 100644 index 0000000..f2003d1 --- /dev/null +++ b/doc/functions/gnutls_error_is_fatal @@ -0,0 +1,21 @@ + + + + +@deftypefun {int} {gnutls_error_is_fatal} (int @var{error}) +@var{error}: is a GnuTLS error code, a negative error code + +If a GnuTLS function returns a negative error code you may feed that +value to this function to see if the error condition is fatal to +a TLS session (i.e., must be terminated). + +Note that you may also want to check the error code manually, since some +non-fatal errors to the protocol (such as a warning alert or +a rehandshake request) may be fatal for your program. + +This function is only useful if you are dealing with errors from +functions that relate to a TLS session (e.g., record layer or handshake +layer handling functions). + +@strong{Returns:} Non-zero value on fatal errors or zero on non-fatal. +@end deftypefun diff --git a/doc/functions/gnutls_error_is_fatal.short b/doc/functions/gnutls_error_is_fatal.short new file mode 100644 index 0000000..4f1c377 --- /dev/null +++ b/doc/functions/gnutls_error_is_fatal.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_error_is_fatal} (int @var{error}) diff --git a/doc/functions/gnutls_error_to_alert b/doc/functions/gnutls_error_to_alert new file mode 100644 index 0000000..3fa8f84 --- /dev/null +++ b/doc/functions/gnutls_error_to_alert @@ -0,0 +1,20 @@ + + + + +@deftypefun {int} {gnutls_error_to_alert} (int @var{err}, int * @var{level}) +@var{err}: is a negative integer + +@var{level}: the alert level will be stored there + +Get an alert depending on the error code returned by a gnutls +function. All alerts sent by this function should be considered +fatal. The only exception is when @code{err} is @code{GNUTLS_E_REHANDSHAKE} , +where a warning alert should be sent to the peer indicating that no +renegotiation will be performed. + +If there is no mapping to a valid alert the alert to indicate +internal error (@code{GNUTLS_A_INTERNAL_ERROR} ) is returned. + +@strong{Returns:} the alert code to use for a particular error code. +@end deftypefun diff --git a/doc/functions/gnutls_error_to_alert.short b/doc/functions/gnutls_error_to_alert.short new file mode 100644 index 0000000..2b5a879 --- /dev/null +++ b/doc/functions/gnutls_error_to_alert.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_error_to_alert} (int @var{err}, int * @var{level}) diff --git a/doc/functions/gnutls_est_record_overhead_size b/doc/functions/gnutls_est_record_overhead_size new file mode 100644 index 0000000..38f34d7 --- /dev/null +++ b/doc/functions/gnutls_est_record_overhead_size @@ -0,0 +1,25 @@ + + + + +@deftypefun {size_t} {gnutls_est_record_overhead_size} (gnutls_protocol_t @var{version}, gnutls_cipher_algorithm_t @var{cipher}, gnutls_mac_algorithm_t @var{mac}, gnutls_compression_method_t @var{comp}, unsigned int @var{flags}) +@var{version}: is a @code{gnutls_protocol_t} value + +@var{cipher}: is a @code{gnutls_cipher_algorithm_t} value + +@var{mac}: is a @code{gnutls_mac_algorithm_t} value + +@var{comp}: is a @code{gnutls_compression_method_t} value (ignored) + +@var{flags}: must be zero + +This function will return the set size in bytes of the overhead +due to TLS (or DTLS) per record. + +Note that this function may provide inacurate values when TLS +extensions that modify the record format are negotiated. In these +cases a more accurate value can be obtained using @code{gnutls_record_overhead_size()} +after a completed handshake. + +@strong{Since:} 3.2.2 +@end deftypefun diff --git a/doc/functions/gnutls_est_record_overhead_size.short b/doc/functions/gnutls_est_record_overhead_size.short new file mode 100644 index 0000000..6eb65e1 --- /dev/null +++ b/doc/functions/gnutls_est_record_overhead_size.short @@ -0,0 +1 @@ +@item @var{size_t} @ref{gnutls_est_record_overhead_size} (gnutls_protocol_t @var{version}, gnutls_cipher_algorithm_t @var{cipher}, gnutls_mac_algorithm_t @var{mac}, gnutls_compression_method_t @var{comp}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_ext_get_current_msg b/doc/functions/gnutls_ext_get_current_msg new file mode 100644 index 0000000..f99d6ed --- /dev/null +++ b/doc/functions/gnutls_ext_get_current_msg @@ -0,0 +1,18 @@ + + + + +@deftypefun {unsigned} {gnutls_ext_get_current_msg} (gnutls_session_t @var{session}) +@var{session}: a @code{gnutls_session_t} opaque pointer + +This function allows an extension handler to obtain the message +this extension is being called from. The returned value is a single +entry of the @code{gnutls_ext_flags_t} enumeration. That is, if an +extension was registered with the @code{GNUTLS_EXT_FLAG_HRR} and +@code{GNUTLS_EXT_FLAG_EE} flags, the value when called during parsing of the +encrypted extensions message will be @code{GNUTLS_EXT_FLAG_EE} . + +If not called under an extension handler, its value is undefined. + +@strong{Since:} 3.6.3 +@end deftypefun diff --git a/doc/functions/gnutls_ext_get_current_msg.short b/doc/functions/gnutls_ext_get_current_msg.short new file mode 100644 index 0000000..8ce1769 --- /dev/null +++ b/doc/functions/gnutls_ext_get_current_msg.short @@ -0,0 +1 @@ +@item @var{unsigned} @ref{gnutls_ext_get_current_msg} (gnutls_session_t @var{session}) diff --git a/doc/functions/gnutls_ext_get_data b/doc/functions/gnutls_ext_get_data new file mode 100644 index 0000000..ccf9108 --- /dev/null +++ b/doc/functions/gnutls_ext_get_data @@ -0,0 +1,17 @@ + + + + +@deftypefun {int} {gnutls_ext_get_data} (gnutls_session_t @var{session}, unsigned @var{tls_id}, gnutls_ext_priv_data_t * @var{data}) +@var{session}: a @code{gnutls_session_t} opaque pointer + +@var{tls_id}: the numeric id of the extension + +@var{data}: a pointer to the private data to retrieve + +This function retrieves any data previously stored with @code{gnutls_ext_set_data()} . + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, otherwise a negative error code. + +@strong{Since:} 3.4.0 +@end deftypefun diff --git a/doc/functions/gnutls_ext_get_data.short b/doc/functions/gnutls_ext_get_data.short new file mode 100644 index 0000000..9eaf80d --- /dev/null +++ b/doc/functions/gnutls_ext_get_data.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_ext_get_data} (gnutls_session_t @var{session}, unsigned @var{tls_id}, gnutls_ext_priv_data_t * @var{data}) diff --git a/doc/functions/gnutls_ext_get_name b/doc/functions/gnutls_ext_get_name new file mode 100644 index 0000000..88b6dfd --- /dev/null +++ b/doc/functions/gnutls_ext_get_name @@ -0,0 +1,12 @@ + + + + +@deftypefun {const char *} {gnutls_ext_get_name} (unsigned int @var{ext}) +@var{ext}: is a TLS extension numeric ID + +Convert a TLS extension numeric ID to a printable string. + +@strong{Returns:} a pointer to a string that contains the name of the +specified cipher, or @code{NULL} . +@end deftypefun diff --git a/doc/functions/gnutls_ext_get_name.short b/doc/functions/gnutls_ext_get_name.short new file mode 100644 index 0000000..2a82716 --- /dev/null +++ b/doc/functions/gnutls_ext_get_name.short @@ -0,0 +1 @@ +@item @var{const char *} @ref{gnutls_ext_get_name} (unsigned int @var{ext}) diff --git a/doc/functions/gnutls_ext_raw_parse b/doc/functions/gnutls_ext_raw_parse new file mode 100644 index 0000000..fd120e5 --- /dev/null +++ b/doc/functions/gnutls_ext_raw_parse @@ -0,0 +1,29 @@ + + + + +@deftypefun {int} {gnutls_ext_raw_parse} (void * @var{ctx}, gnutls_ext_raw_process_func @var{cb}, const gnutls_datum_t * @var{data}, unsigned int @var{flags}) +@var{ctx}: a pointer to pass to callback function + +@var{cb}: callback function to process each extension found + +@var{data}: TLS extension data + +@var{flags}: should be zero or @code{GNUTLS_EXT_RAW_FLAG_TLS_CLIENT_HELLO} or @code{GNUTLS_EXT_RAW_FLAG_DTLS_CLIENT_HELLO} + +This function iterates through the TLS extensions as passed in + @code{data} , passing the individual extension data to callback. The + @code{data} must conform to Extension extensions<0..2^16-1> format. + +If flags is @code{GNUTLS_EXT_RAW_TLS_FLAG_CLIENT_HELLO} then this function +will parse the extension data from the position, as if the packet in + @code{data} is a client hello (without record or handshake headers) - +as provided by @code{gnutls_handshake_set_hook_function()} . + +The return value of the callback will be propagated. + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, or an error code. On unknown +flags it returns @code{GNUTLS_E_INVALID_REQUEST} . + +@strong{Since:} 3.6.3 +@end deftypefun diff --git a/doc/functions/gnutls_ext_raw_parse.short b/doc/functions/gnutls_ext_raw_parse.short new file mode 100644 index 0000000..0ebcd40 --- /dev/null +++ b/doc/functions/gnutls_ext_raw_parse.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_ext_raw_parse} (void * @var{ctx}, gnutls_ext_raw_process_func @var{cb}, const gnutls_datum_t * @var{data}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_ext_register b/doc/functions/gnutls_ext_register new file mode 100644 index 0000000..0feb419 --- /dev/null +++ b/doc/functions/gnutls_ext_register @@ -0,0 +1,38 @@ + + + + +@deftypefun {int} {gnutls_ext_register} (const char * @var{name}, int @var{id}, gnutls_ext_parse_type_t @var{parse_type}, gnutls_ext_recv_func @var{recv_func}, gnutls_ext_send_func @var{send_func}, gnutls_ext_deinit_data_func @var{deinit_func}, gnutls_ext_pack_func @var{pack_func}, gnutls_ext_unpack_func @var{unpack_func}) +@var{name}: the name of the extension to register + +@var{id}: the numeric TLS id of the extension + +@var{parse_type}: the parse type of the extension (see gnutls_ext_parse_type_t) + +@var{recv_func}: a function to receive the data + +@var{send_func}: a function to send the data + +@var{deinit_func}: a function deinitialize any private data + +@var{pack_func}: a function which serializes the extension's private data (used on session packing for resumption) + +@var{unpack_func}: a function which will deserialize the extension's private data + +This function will register a new extension type. The extension will remain +registered until @code{gnutls_global_deinit()} is called. If the extension type +is already registered then @code{GNUTLS_E_ALREADY_REGISTERED} will be returned. + +Each registered extension can store temporary data into the gnutls_session_t +structure using @code{gnutls_ext_set_data()} , and they can be retrieved using +@code{gnutls_ext_get_data()} . + +Any extensions registered with this function are valid for the client +and TLS1.2 server hello (or encrypted extensions for TLS1.3). + +This function is not thread safe. + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, otherwise a negative error code. + +@strong{Since:} 3.4.0 +@end deftypefun diff --git a/doc/functions/gnutls_ext_register.short b/doc/functions/gnutls_ext_register.short new file mode 100644 index 0000000..516e172 --- /dev/null +++ b/doc/functions/gnutls_ext_register.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_ext_register} (const char * @var{name}, int @var{id}, gnutls_ext_parse_type_t @var{parse_type}, gnutls_ext_recv_func @var{recv_func}, gnutls_ext_send_func @var{send_func}, gnutls_ext_deinit_data_func @var{deinit_func}, gnutls_ext_pack_func @var{pack_func}, gnutls_ext_unpack_func @var{unpack_func}) diff --git a/doc/functions/gnutls_ext_set_data b/doc/functions/gnutls_ext_set_data new file mode 100644 index 0000000..b54fcc4 --- /dev/null +++ b/doc/functions/gnutls_ext_set_data @@ -0,0 +1,17 @@ + + + + +@deftypefun {void} {gnutls_ext_set_data} (gnutls_session_t @var{session}, unsigned @var{tls_id}, gnutls_ext_priv_data_t @var{data}) +@var{session}: a @code{gnutls_session_t} opaque pointer + +@var{tls_id}: the numeric id of the extension + +@var{data}: the private data to set + +This function allows an extension handler to store data in the current session +and retrieve them later on. The set data will be deallocated using +the gnutls_ext_deinit_data_func. + +@strong{Since:} 3.4.0 +@end deftypefun diff --git a/doc/functions/gnutls_ext_set_data.short b/doc/functions/gnutls_ext_set_data.short new file mode 100644 index 0000000..fb55e68 --- /dev/null +++ b/doc/functions/gnutls_ext_set_data.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_ext_set_data} (gnutls_session_t @var{session}, unsigned @var{tls_id}, gnutls_ext_priv_data_t @var{data}) diff --git a/doc/functions/gnutls_fingerprint b/doc/functions/gnutls_fingerprint new file mode 100644 index 0000000..b65b82b --- /dev/null +++ b/doc/functions/gnutls_fingerprint @@ -0,0 +1,26 @@ + + + + +@deftypefun {int} {gnutls_fingerprint} (gnutls_digest_algorithm_t @var{algo}, const gnutls_datum_t * @var{data}, void * @var{result}, size_t * @var{result_size}) +@var{algo}: is a digest algorithm + +@var{data}: is the data + +@var{result}: is the place where the result will be copied (may be null). + +@var{result_size}: should hold the size of the result. The actual size +of the returned result will also be copied there. + +This function will calculate a fingerprint (actually a hash), of +the given data. The result is not printable data. You should +convert it to hex, or to something else printable. + +This is the usual way to calculate a fingerprint of an X.509 DER +encoded certificate. Note however that the fingerprint of an +OpenPGP certificate is not just a hash and cannot be calculated with this +function. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise +an error code is returned. +@end deftypefun diff --git a/doc/functions/gnutls_fingerprint.short b/doc/functions/gnutls_fingerprint.short new file mode 100644 index 0000000..3f8c603 --- /dev/null +++ b/doc/functions/gnutls_fingerprint.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_fingerprint} (gnutls_digest_algorithm_t @var{algo}, const gnutls_datum_t * @var{data}, void * @var{result}, size_t * @var{result_size}) diff --git a/doc/functions/gnutls_fips140_mode_enabled b/doc/functions/gnutls_fips140_mode_enabled new file mode 100644 index 0000000..603e613 --- /dev/null +++ b/doc/functions/gnutls_fips140_mode_enabled @@ -0,0 +1,18 @@ + + + + +@deftypefun {unsigned} {gnutls_fips140_mode_enabled} ( @var{void}) + +Checks whether this library is in FIPS140 mode. The returned +value corresponds to the library mode as set with +@code{gnutls_fips140_set_mode()} . + +If @code{gnutls_fips140_set_mode()} was called with @code{GNUTLS_FIPS140_SET_MODE_THREAD} +then this function will return the current thread's FIPS140 mode, otherwise +the global value is returned. + +@strong{Returns:} return non-zero if true or zero if false. + +@strong{Since:} 3.3.0 +@end deftypefun diff --git a/doc/functions/gnutls_fips140_mode_enabled.short b/doc/functions/gnutls_fips140_mode_enabled.short new file mode 100644 index 0000000..cbc440a --- /dev/null +++ b/doc/functions/gnutls_fips140_mode_enabled.short @@ -0,0 +1 @@ +@item @var{unsigned} @ref{gnutls_fips140_mode_enabled} ( @var{void}) diff --git a/doc/functions/gnutls_fips140_set_mode b/doc/functions/gnutls_fips140_set_mode new file mode 100644 index 0000000..703a1b4 --- /dev/null +++ b/doc/functions/gnutls_fips140_set_mode @@ -0,0 +1,26 @@ + + + + +@deftypefun {void} {gnutls_fips140_set_mode} (gnutls_fips_mode_t @var{mode}, unsigned @var{flags}) +@var{mode}: the FIPS140-2 mode to switch to + +@var{flags}: should be zero or @code{GNUTLS_FIPS140_SET_MODE_THREAD} + +That function is not thread-safe when changing the mode with no flags +(globally), and should be called prior to creating any threads. Its +behavior with no flags after threads are created is undefined. + +When the flag @code{GNUTLS_FIPS140_SET_MODE_THREAD} is specified +then this call will change the FIPS140-2 mode for this particular +thread and not for the whole process. That way an application +can utilize this function to set and reset mode for specific +operations. + +This function never fails but will be a no-op if used when +the library is not in FIPS140-2 mode. When asked to switch to unknown +values for @code{mode} or to @code{GNUTLS_FIPS140_SELFTESTS} mode, the library +switches to @code{GNUTLS_FIPS140_STRICT} mode. + +@strong{Since:} 3.6.2 +@end deftypefun diff --git a/doc/functions/gnutls_fips140_set_mode.short b/doc/functions/gnutls_fips140_set_mode.short new file mode 100644 index 0000000..d794d67 --- /dev/null +++ b/doc/functions/gnutls_fips140_set_mode.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_fips140_set_mode} (gnutls_fips_mode_t @var{mode}, unsigned @var{flags}) diff --git a/doc/functions/gnutls_global_deinit b/doc/functions/gnutls_global_deinit new file mode 100644 index 0000000..b796fb3 --- /dev/null +++ b/doc/functions/gnutls_global_deinit @@ -0,0 +1,13 @@ + + + + +@deftypefun {void} {gnutls_global_deinit} ( @var{void}) + +This function deinitializes the global data, that were initialized +using @code{gnutls_global_init()} . + +Since GnuTLS 3.3.0 this function is no longer necessary to be explicitly +called. GnuTLS will automatically deinitialize on library destructor. See +@code{gnutls_global_init()} for disabling the implicit initialization/deinitialization. +@end deftypefun diff --git a/doc/functions/gnutls_global_deinit.short b/doc/functions/gnutls_global_deinit.short new file mode 100644 index 0000000..3c88cf2 --- /dev/null +++ b/doc/functions/gnutls_global_deinit.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_global_deinit} ( @var{void}) diff --git a/doc/functions/gnutls_global_init b/doc/functions/gnutls_global_init new file mode 100644 index 0000000..55474a4 --- /dev/null +++ b/doc/functions/gnutls_global_init @@ -0,0 +1,29 @@ + + + + +@deftypefun {int} {gnutls_global_init} ( @var{void}) + +Since GnuTLS 3.3.0 this function is no longer necessary to be explicitly +called. To disable the implicit call (in a library constructor) of this +function set the environment variable @code{GNUTLS_NO_EXPLICIT_INIT} to 1. + +This function performs any required precalculations, detects +the supported CPU capabilities and initializes the underlying +cryptographic backend. In order to free any resources +taken by this call you should @code{gnutls_global_deinit()} +when gnutls usage is no longer needed. + +This function increments a global counter, so that +@code{gnutls_global_deinit()} only releases resources when it has been +called as many times as @code{gnutls_global_init()} . This is useful when +GnuTLS is used by more than one library in an application. This +function can be called many times, but will only do something the +first time. + +A subsequent call of this function if the initial has failed will +return the same error code. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, +otherwise a negative error code is returned. +@end deftypefun diff --git a/doc/functions/gnutls_global_init.short b/doc/functions/gnutls_global_init.short new file mode 100644 index 0000000..24b4fb3 --- /dev/null +++ b/doc/functions/gnutls_global_init.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_global_init} ( @var{void}) diff --git a/doc/functions/gnutls_global_set_audit_log_function b/doc/functions/gnutls_global_set_audit_log_function new file mode 100644 index 0000000..250ab3b --- /dev/null +++ b/doc/functions/gnutls_global_set_audit_log_function @@ -0,0 +1,18 @@ + + + + +@deftypefun {void} {gnutls_global_set_audit_log_function} (gnutls_audit_log_func @var{log_func}) +@var{log_func}: it is the audit log function + +This is the function to set the audit logging function. This +is a function to report important issues, such as possible +attacks in the protocol. This is different from @code{gnutls_global_set_log_function()} +because it will report also session-specific events. The session +parameter will be null if there is no corresponding TLS session. + + @code{gnutls_audit_log_func} is of the form, +void (*gnutls_audit_log_func)( gnutls_session_t, const char*); + +@strong{Since:} 3.0 +@end deftypefun diff --git a/doc/functions/gnutls_global_set_audit_log_function.short b/doc/functions/gnutls_global_set_audit_log_function.short new file mode 100644 index 0000000..849e246 --- /dev/null +++ b/doc/functions/gnutls_global_set_audit_log_function.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_global_set_audit_log_function} (gnutls_audit_log_func @var{log_func}) diff --git a/doc/functions/gnutls_global_set_log_function b/doc/functions/gnutls_global_set_log_function new file mode 100644 index 0000000..c283e91 --- /dev/null +++ b/doc/functions/gnutls_global_set_log_function @@ -0,0 +1,15 @@ + + + + +@deftypefun {void} {gnutls_global_set_log_function} (gnutls_log_func @var{log_func}) +@var{log_func}: it's a log function + +This is the function where you set the logging function gnutls is +going to use. This function only accepts a character array. +Normally you may not use this function since it is only used for +debugging purposes. + + @code{gnutls_log_func} is of the form, +void (*gnutls_log_func)( int level, const char*); +@end deftypefun diff --git a/doc/functions/gnutls_global_set_log_function.short b/doc/functions/gnutls_global_set_log_function.short new file mode 100644 index 0000000..49c7da7 --- /dev/null +++ b/doc/functions/gnutls_global_set_log_function.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_global_set_log_function} (gnutls_log_func @var{log_func}) diff --git a/doc/functions/gnutls_global_set_log_level b/doc/functions/gnutls_global_set_log_level new file mode 100644 index 0000000..0ce48e4 --- /dev/null +++ b/doc/functions/gnutls_global_set_log_level @@ -0,0 +1,14 @@ + + + + +@deftypefun {void} {gnutls_global_set_log_level} (int @var{level}) +@var{level}: it's an integer from 0 to 99. + +This is the function that allows you to set the log level. The +level is an integer between 0 and 9. Higher values mean more +verbosity. The default value is 0. Larger values should only be +used with care, since they may reveal sensitive information. + +Use a log level over 10 to enable all debugging options. +@end deftypefun diff --git a/doc/functions/gnutls_global_set_log_level.short b/doc/functions/gnutls_global_set_log_level.short new file mode 100644 index 0000000..7f9fce9 --- /dev/null +++ b/doc/functions/gnutls_global_set_log_level.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_global_set_log_level} (int @var{level}) diff --git a/doc/functions/gnutls_global_set_mem_functions b/doc/functions/gnutls_global_set_mem_functions new file mode 100644 index 0000000..9cb725e --- /dev/null +++ b/doc/functions/gnutls_global_set_mem_functions @@ -0,0 +1,28 @@ + + + + +@deftypefun {void} {gnutls_global_set_mem_functions} (gnutls_alloc_function @var{alloc_func}, gnutls_alloc_function @var{secure_alloc_func}, gnutls_is_secure_function @var{is_secure_func}, gnutls_realloc_function @var{realloc_func}, gnutls_free_function @var{free_func}) +@var{alloc_func}: it's the default memory allocation function. Like @code{malloc()} . + +@var{secure_alloc_func}: This is the memory allocation function that will be used for sensitive data. + +@var{is_secure_func}: a function that returns 0 if the memory given is not secure. May be NULL. + +@var{realloc_func}: A realloc function + +@var{free_func}: The function that frees allocated data. Must accept a NULL pointer. + + +@strong{Deprecated:} since 3.3.0 it is no longer possible to replace the internally used +memory allocation functions + +This is the function where you set the memory allocation functions +gnutls is going to use. By default the libc's allocation functions +(@code{malloc()} , @code{free()} ), are used by gnutls, to allocate both sensitive +and not sensitive data. This function is provided to set the +memory allocation functions to something other than the defaults + +This function must be called before @code{gnutls_global_init()} is called. +This function is not thread safe. +@end deftypefun diff --git a/doc/functions/gnutls_global_set_mem_functions.short b/doc/functions/gnutls_global_set_mem_functions.short new file mode 100644 index 0000000..e33c1b2 --- /dev/null +++ b/doc/functions/gnutls_global_set_mem_functions.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_global_set_mem_functions} (gnutls_alloc_function @var{alloc_func}, gnutls_alloc_function @var{secure_alloc_func}, gnutls_is_secure_function @var{is_secure_func}, gnutls_realloc_function @var{realloc_func}, gnutls_free_function @var{free_func}) diff --git a/doc/functions/gnutls_global_set_mutex b/doc/functions/gnutls_global_set_mutex new file mode 100644 index 0000000..7048a71 --- /dev/null +++ b/doc/functions/gnutls_global_set_mutex @@ -0,0 +1,28 @@ + + + + +@deftypefun {void} {gnutls_global_set_mutex} (mutex_init_func @var{init}, mutex_deinit_func @var{deinit}, mutex_lock_func @var{lock}, mutex_unlock_func @var{unlock}) +@var{init}: mutex initialization function + +@var{deinit}: mutex deinitialization function + +@var{lock}: mutex locking function + +@var{unlock}: mutex unlocking function + +With this function you are allowed to override the default mutex +locks used in some parts of gnutls and dependent libraries. This function +should be used if you have complete control of your program and libraries. +Do not call this function from a library, or preferably from any application +unless really needed to. GnuTLS will use the appropriate locks for the running +system. + +Note that since the move to implicit initialization of GnuTLS on library +load, calling this function will deinitialize the library, and re-initialize +it after the new locking functions are set. + +This function must be called prior to any other gnutls function. + +@strong{Since:} 2.12.0 +@end deftypefun diff --git a/doc/functions/gnutls_global_set_mutex.short b/doc/functions/gnutls_global_set_mutex.short new file mode 100644 index 0000000..0a05fec --- /dev/null +++ b/doc/functions/gnutls_global_set_mutex.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_global_set_mutex} (mutex_init_func @var{init}, mutex_deinit_func @var{deinit}, mutex_lock_func @var{lock}, mutex_unlock_func @var{unlock}) diff --git a/doc/functions/gnutls_global_set_time_function b/doc/functions/gnutls_global_set_time_function new file mode 100644 index 0000000..3464e7d --- /dev/null +++ b/doc/functions/gnutls_global_set_time_function @@ -0,0 +1,13 @@ + + + + +@deftypefun {void} {gnutls_global_set_time_function} (gnutls_time_func @var{time_func}) +@var{time_func}: it's the system time function, a @code{gnutls_time_func()} callback. + +This is the function where you can override the default system time +function. The application provided function should behave the same +as the standard function. + +@strong{Since:} 2.12.0 +@end deftypefun diff --git a/doc/functions/gnutls_global_set_time_function.short b/doc/functions/gnutls_global_set_time_function.short new file mode 100644 index 0000000..cf852ca --- /dev/null +++ b/doc/functions/gnutls_global_set_time_function.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_global_set_time_function} (gnutls_time_func @var{time_func}) diff --git a/doc/functions/gnutls_gost_paramset_get_name b/doc/functions/gnutls_gost_paramset_get_name new file mode 100644 index 0000000..312692f --- /dev/null +++ b/doc/functions/gnutls_gost_paramset_get_name @@ -0,0 +1,14 @@ + + + + +@deftypefun {const char *} {gnutls_gost_paramset_get_name} (gnutls_gost_paramset_t @var{param}) +@var{param}: is a GOST 28147 param set + +Convert a @code{gnutls_gost_paramset_t} value to a string. + +@strong{Returns:} a string that contains the name of the specified GOST param set, +or @code{NULL} . + +@strong{Since:} 3.6.3 +@end deftypefun diff --git a/doc/functions/gnutls_gost_paramset_get_name.short b/doc/functions/gnutls_gost_paramset_get_name.short new file mode 100644 index 0000000..93ce505 --- /dev/null +++ b/doc/functions/gnutls_gost_paramset_get_name.short @@ -0,0 +1 @@ +@item @var{const char *} @ref{gnutls_gost_paramset_get_name} (gnutls_gost_paramset_t @var{param}) diff --git a/doc/functions/gnutls_gost_paramset_get_oid b/doc/functions/gnutls_gost_paramset_get_oid new file mode 100644 index 0000000..73876a0 --- /dev/null +++ b/doc/functions/gnutls_gost_paramset_get_oid @@ -0,0 +1,14 @@ + + + + +@deftypefun {const char *} {gnutls_gost_paramset_get_oid} (gnutls_gost_paramset_t @var{param}) +@var{param}: is a GOST 28147 param set + +Convert a @code{gnutls_gost_paramset_t} value to its object identifier. + +@strong{Returns:} a string that contains the object identifier of the specified GOST +param set, or @code{NULL} . + +@strong{Since:} 3.6.3 +@end deftypefun diff --git a/doc/functions/gnutls_gost_paramset_get_oid.short b/doc/functions/gnutls_gost_paramset_get_oid.short new file mode 100644 index 0000000..9cc0739 --- /dev/null +++ b/doc/functions/gnutls_gost_paramset_get_oid.short @@ -0,0 +1 @@ +@item @var{const char *} @ref{gnutls_gost_paramset_get_oid} (gnutls_gost_paramset_t @var{param}) diff --git a/doc/functions/gnutls_group_get b/doc/functions/gnutls_group_get new file mode 100644 index 0000000..80bd7b3 --- /dev/null +++ b/doc/functions/gnutls_group_get @@ -0,0 +1,15 @@ + + + + +@deftypefun {gnutls_group_t} {gnutls_group_get} (gnutls_session_t @var{session}) +@var{session}: is a @code{gnutls_session_t} type. + +Returns the currently used group for key exchange. Only valid +when using an elliptic curve or DH ciphersuite. + +@strong{Returns:} the currently used group, a @code{gnutls_group_t} +type. + +@strong{Since:} 3.6.0 +@end deftypefun diff --git a/doc/functions/gnutls_group_get.short b/doc/functions/gnutls_group_get.short new file mode 100644 index 0000000..13a81b1 --- /dev/null +++ b/doc/functions/gnutls_group_get.short @@ -0,0 +1 @@ +@item @var{gnutls_group_t} @ref{gnutls_group_get} (gnutls_session_t @var{session}) diff --git a/doc/functions/gnutls_group_get_id b/doc/functions/gnutls_group_get_id new file mode 100644 index 0000000..bb679cf --- /dev/null +++ b/doc/functions/gnutls_group_get_id @@ -0,0 +1,14 @@ + + + + +@deftypefun {gnutls_group_t} {gnutls_group_get_id} (const char * @var{name}) +@var{name}: is a group name + +The names are compared in a case insensitive way. + +@strong{Returns:} return a @code{gnutls_group_t} value corresponding to +the specified group, or @code{GNUTLS_GROUP_INVALID} on error. + +@strong{Since:} 3.6.0 +@end deftypefun diff --git a/doc/functions/gnutls_group_get_id.short b/doc/functions/gnutls_group_get_id.short new file mode 100644 index 0000000..a9417c3 --- /dev/null +++ b/doc/functions/gnutls_group_get_id.short @@ -0,0 +1 @@ +@item @var{gnutls_group_t} @ref{gnutls_group_get_id} (const char * @var{name}) diff --git a/doc/functions/gnutls_group_get_name b/doc/functions/gnutls_group_get_name new file mode 100644 index 0000000..4ca7d2e --- /dev/null +++ b/doc/functions/gnutls_group_get_name @@ -0,0 +1,14 @@ + + + + +@deftypefun {const char *} {gnutls_group_get_name} (gnutls_group_t @var{group}) +@var{group}: is an element from @code{gnutls_group_t} + +Convert a @code{gnutls_group_t} value to a string. + +@strong{Returns:} a string that contains the name of the specified +group or @code{NULL} . + +@strong{Since:} 3.6.0 +@end deftypefun diff --git a/doc/functions/gnutls_group_get_name.short b/doc/functions/gnutls_group_get_name.short new file mode 100644 index 0000000..03fed52 --- /dev/null +++ b/doc/functions/gnutls_group_get_name.short @@ -0,0 +1 @@ +@item @var{const char *} @ref{gnutls_group_get_name} (gnutls_group_t @var{group}) diff --git a/doc/functions/gnutls_group_list b/doc/functions/gnutls_group_list new file mode 100644 index 0000000..b679265 --- /dev/null +++ b/doc/functions/gnutls_group_list @@ -0,0 +1,15 @@ + + + + +@deftypefun {const gnutls_group_t *} {gnutls_group_list} ( @var{void}) + +Get the list of supported elliptic curves. + +This function is not thread safe. + +@strong{Returns:} Return a (0)-terminated list of @code{gnutls_group_t} +integers indicating the available groups. + +@strong{Since:} 3.6.0 +@end deftypefun diff --git a/doc/functions/gnutls_group_list.short b/doc/functions/gnutls_group_list.short new file mode 100644 index 0000000..1fa19a4 --- /dev/null +++ b/doc/functions/gnutls_group_list.short @@ -0,0 +1 @@ +@item @var{const gnutls_group_t *} @ref{gnutls_group_list} ( @var{void}) diff --git a/doc/functions/gnutls_handshake b/doc/functions/gnutls_handshake new file mode 100644 index 0000000..b3d01da --- /dev/null +++ b/doc/functions/gnutls_handshake @@ -0,0 +1,40 @@ + + + + +@deftypefun {int} {gnutls_handshake} (gnutls_session_t @var{session}) +@var{session}: is a @code{gnutls_session_t} type. + +This function performs the handshake of the TLS/SSL protocol, and +initializes the TLS session parameters. + +The non-fatal errors expected by this function are: +@code{GNUTLS_E_INTERRUPTED} , @code{GNUTLS_E_AGAIN} , +@code{GNUTLS_E_WARNING_ALERT_RECEIVED} . When this function is called +for re-handshake under TLS 1.2 or earlier, the non-fatal error code +@code{GNUTLS_E_GOT_APPLICATION_DATA} may also be returned. + +The former two interrupt the handshake procedure due to the transport +layer being interrupted, and the latter because of a "warning" alert that +was sent by the peer (it is always a good idea to check any +received alerts). On these non-fatal errors call this function again, +until it returns 0; cf. @code{gnutls_record_get_direction()} and +@code{gnutls_error_is_fatal()} . In DTLS sessions the non-fatal error +@code{GNUTLS_E_LARGE_PACKET} is also possible, and indicates that +the MTU should be adjusted. + +When this function is called by a server after a rehandshake request +under TLS 1.2 or earlier the @code{GNUTLS_E_GOT_APPLICATION_DATA} error code indicates +that some data were pending prior to peer initiating the handshake. +Under TLS 1.3 this function when called after a successful handshake, is a no-op +and always succeeds in server side; in client side this function is +equivalent to @code{gnutls_session_key_update()} with @code{GNUTLS_KU_PEER} flag. + +This function handles both full and abbreviated TLS handshakes (resumption). +For abbreviated handshakes, in client side, the @code{gnutls_session_set_data()} +should be called prior to this function to set parameters from a previous session. +In server side, resumption is handled by either setting a DB back-end, or setting +up keys for session tickets. + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on a successful handshake, otherwise a negative error code. +@end deftypefun diff --git a/doc/functions/gnutls_handshake.short b/doc/functions/gnutls_handshake.short new file mode 100644 index 0000000..ff97b15 --- /dev/null +++ b/doc/functions/gnutls_handshake.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_handshake} (gnutls_session_t @var{session}) diff --git a/doc/functions/gnutls_handshake_description_get_name b/doc/functions/gnutls_handshake_description_get_name new file mode 100644 index 0000000..246589a --- /dev/null +++ b/doc/functions/gnutls_handshake_description_get_name @@ -0,0 +1,12 @@ + + + + +@deftypefun {const char *} {gnutls_handshake_description_get_name} (gnutls_handshake_description_t @var{type}) +@var{type}: is a handshake message description + +Convert a @code{gnutls_handshake_description_t} value to a string. + +@strong{Returns:} a string that contains the name of the specified handshake +message or @code{NULL} . +@end deftypefun diff --git a/doc/functions/gnutls_handshake_description_get_name.short b/doc/functions/gnutls_handshake_description_get_name.short new file mode 100644 index 0000000..c7a6368 --- /dev/null +++ b/doc/functions/gnutls_handshake_description_get_name.short @@ -0,0 +1 @@ +@item @var{const char *} @ref{gnutls_handshake_description_get_name} (gnutls_handshake_description_t @var{type}) diff --git a/doc/functions/gnutls_handshake_get_last_in b/doc/functions/gnutls_handshake_get_last_in new file mode 100644 index 0000000..3c5d8e4 --- /dev/null +++ b/doc/functions/gnutls_handshake_get_last_in @@ -0,0 +1,17 @@ + + + + +@deftypefun {gnutls_handshake_description_t} {gnutls_handshake_get_last_in} (gnutls_session_t @var{session}) +@var{session}: is a @code{gnutls_session_t} type. + +This function is only useful to check where the last performed +handshake failed. If the previous handshake succeed or was not +performed at all then no meaningful value will be returned. + +Check @code{gnutls_handshake_description_t} in gnutls.h for the +available handshake descriptions. + +@strong{Returns:} the last handshake message type received, a +@code{gnutls_handshake_description_t} . +@end deftypefun diff --git a/doc/functions/gnutls_handshake_get_last_in.short b/doc/functions/gnutls_handshake_get_last_in.short new file mode 100644 index 0000000..16518a4 --- /dev/null +++ b/doc/functions/gnutls_handshake_get_last_in.short @@ -0,0 +1 @@ +@item @var{gnutls_handshake_description_t} @ref{gnutls_handshake_get_last_in} (gnutls_session_t @var{session}) diff --git a/doc/functions/gnutls_handshake_get_last_out b/doc/functions/gnutls_handshake_get_last_out new file mode 100644 index 0000000..5d36300 --- /dev/null +++ b/doc/functions/gnutls_handshake_get_last_out @@ -0,0 +1,17 @@ + + + + +@deftypefun {gnutls_handshake_description_t} {gnutls_handshake_get_last_out} (gnutls_session_t @var{session}) +@var{session}: is a @code{gnutls_session_t} type. + +This function is only useful to check where the last performed +handshake failed. If the previous handshake succeed or was not +performed at all then no meaningful value will be returned. + +Check @code{gnutls_handshake_description_t} in gnutls.h for the +available handshake descriptions. + +@strong{Returns:} the last handshake message type sent, a +@code{gnutls_handshake_description_t} . +@end deftypefun diff --git a/doc/functions/gnutls_handshake_get_last_out.short b/doc/functions/gnutls_handshake_get_last_out.short new file mode 100644 index 0000000..6902df8 --- /dev/null +++ b/doc/functions/gnutls_handshake_get_last_out.short @@ -0,0 +1 @@ +@item @var{gnutls_handshake_description_t} @ref{gnutls_handshake_get_last_out} (gnutls_session_t @var{session}) diff --git a/doc/functions/gnutls_handshake_set_hook_function b/doc/functions/gnutls_handshake_set_hook_function new file mode 100644 index 0000000..2cab3da --- /dev/null +++ b/doc/functions/gnutls_handshake_set_hook_function @@ -0,0 +1,31 @@ + + + + +@deftypefun {void} {gnutls_handshake_set_hook_function} (gnutls_session_t @var{session}, unsigned int @var{htype}, int @var{when}, gnutls_handshake_hook_func @var{func}) +@var{session}: is a @code{gnutls_session_t} type + +@var{htype}: the @code{gnutls_handshake_description_t} of the message to hook at + +@var{when}: @code{GNUTLS_HOOK_} * depending on when the hook function should be called + +@var{func}: is the function to be called + +This function will set a callback to be called after or before the specified +handshake message has been received or generated. This is a +generalization of @code{gnutls_handshake_set_post_client_hello_function()} . + +To call the hook function prior to the message being generated or processed +use @code{GNUTLS_HOOK_PRE} as @code{when} parameter, @code{GNUTLS_HOOK_POST} to call +after, and @code{GNUTLS_HOOK_BOTH} for both cases. + +This callback must return 0 on success or a gnutls error code to +terminate the handshake. + +To hook at all handshake messages use an @code{htype} of @code{GNUTLS_HANDSHAKE_ANY} . + +@strong{Warning:} You should not use this function to terminate the +handshake based on client input unless you know what you are +doing. Before the handshake is finished there is no way to know if +there is a man-in-the-middle attack being performed. +@end deftypefun diff --git a/doc/functions/gnutls_handshake_set_hook_function.short b/doc/functions/gnutls_handshake_set_hook_function.short new file mode 100644 index 0000000..c9713f2 --- /dev/null +++ b/doc/functions/gnutls_handshake_set_hook_function.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_handshake_set_hook_function} (gnutls_session_t @var{session}, unsigned int @var{htype}, int @var{when}, gnutls_handshake_hook_func @var{func}) diff --git a/doc/functions/gnutls_handshake_set_max_packet_length b/doc/functions/gnutls_handshake_set_max_packet_length new file mode 100644 index 0000000..3b92c2e --- /dev/null +++ b/doc/functions/gnutls_handshake_set_max_packet_length @@ -0,0 +1,21 @@ + + + + +@deftypefun {void} {gnutls_handshake_set_max_packet_length} (gnutls_session_t @var{session}, size_t @var{max}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{max}: is the maximum number. + +This function will set the maximum size of all handshake messages. +Handshakes over this size are rejected with +@code{GNUTLS_E_HANDSHAKE_TOO_LARGE} error code. The default value is +128kb which is typically large enough. Set this to 0 if you do not +want to set an upper limit. + +The reason for restricting the handshake message sizes are to +limit Denial of Service attacks. + +Note that the maximum handshake size was increased to 128kb +from 48kb in GnuTLS 3.5.5. +@end deftypefun diff --git a/doc/functions/gnutls_handshake_set_max_packet_length.short b/doc/functions/gnutls_handshake_set_max_packet_length.short new file mode 100644 index 0000000..6f9a6be --- /dev/null +++ b/doc/functions/gnutls_handshake_set_max_packet_length.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_handshake_set_max_packet_length} (gnutls_session_t @var{session}, size_t @var{max}) diff --git a/doc/functions/gnutls_handshake_set_post_client_hello_function b/doc/functions/gnutls_handshake_set_post_client_hello_function new file mode 100644 index 0000000..225923d --- /dev/null +++ b/doc/functions/gnutls_handshake_set_post_client_hello_function @@ -0,0 +1,30 @@ + + + + +@deftypefun {void} {gnutls_handshake_set_post_client_hello_function} (gnutls_session_t @var{session}, gnutls_handshake_simple_hook_func @var{func}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{func}: is the function to be called + +This function will set a callback to be called after the client +hello has been received (callback valid in server side only). This +allows the server to adjust settings based on received extensions. + +Those settings could be ciphersuites, requesting certificate, or +anything else except for version negotiation (this is done before +the hello message is parsed). + +This callback must return 0 on success or a gnutls error code to +terminate the handshake. + +Since GnuTLS 3.3.5 the callback is +allowed to return @code{GNUTLS_E_AGAIN} or @code{GNUTLS_E_INTERRUPTED} to +put the handshake on hold. In that case @code{gnutls_handshake()} +will return @code{GNUTLS_E_INTERRUPTED} and can be resumed when needed. + +@strong{Warning:} You should not use this function to terminate the +handshake based on client input unless you know what you are +doing. Before the handshake is finished there is no way to know if +there is a man-in-the-middle attack being performed. +@end deftypefun diff --git a/doc/functions/gnutls_handshake_set_post_client_hello_function.short b/doc/functions/gnutls_handshake_set_post_client_hello_function.short new file mode 100644 index 0000000..78fb4ec --- /dev/null +++ b/doc/functions/gnutls_handshake_set_post_client_hello_function.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_handshake_set_post_client_hello_function} (gnutls_session_t @var{session}, gnutls_handshake_simple_hook_func @var{func}) diff --git a/doc/functions/gnutls_handshake_set_private_extensions b/doc/functions/gnutls_handshake_set_private_extensions new file mode 100644 index 0000000..2805ecf --- /dev/null +++ b/doc/functions/gnutls_handshake_set_private_extensions @@ -0,0 +1,18 @@ + + + + +@deftypefun {void} {gnutls_handshake_set_private_extensions} (gnutls_session_t @var{session}, int @var{allow}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{allow}: is an integer (0 or 1) + +This function will enable or disable the use of private cipher +suites (the ones that start with 0xFF). By default or if @code{allow} is 0 then these cipher suites will not be advertised nor used. + +Currently GnuTLS does not include such cipher-suites or +compression algorithms. + +Enabling the private ciphersuites when talking to other than +gnutls servers and clients may cause interoperability problems. +@end deftypefun diff --git a/doc/functions/gnutls_handshake_set_private_extensions.short b/doc/functions/gnutls_handshake_set_private_extensions.short new file mode 100644 index 0000000..25c2315 --- /dev/null +++ b/doc/functions/gnutls_handshake_set_private_extensions.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_handshake_set_private_extensions} (gnutls_session_t @var{session}, int @var{allow}) diff --git a/doc/functions/gnutls_handshake_set_random b/doc/functions/gnutls_handshake_set_random new file mode 100644 index 0000000..3ab3d2b --- /dev/null +++ b/doc/functions/gnutls_handshake_set_random @@ -0,0 +1,22 @@ + + + + +@deftypefun {int} {gnutls_handshake_set_random} (gnutls_session_t @var{session}, const gnutls_datum_t * @var{random}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{random}: a random value of 32-bytes + +This function will explicitly set the server or client hello +random value in the subsequent TLS handshake. The random value +should be a 32-byte value. + +Note that this function should not normally be used as gnutls +will select automatically a random value for the handshake. + +This function should not be used when resuming a session. + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, or an error code. + +Since 3.1.9 +@end deftypefun diff --git a/doc/functions/gnutls_handshake_set_random.short b/doc/functions/gnutls_handshake_set_random.short new file mode 100644 index 0000000..b118295 --- /dev/null +++ b/doc/functions/gnutls_handshake_set_random.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_handshake_set_random} (gnutls_session_t @var{session}, const gnutls_datum_t * @var{random}) diff --git a/doc/functions/gnutls_handshake_set_timeout b/doc/functions/gnutls_handshake_set_timeout new file mode 100644 index 0000000..52854d3 --- /dev/null +++ b/doc/functions/gnutls_handshake_set_timeout @@ -0,0 +1,20 @@ + + + + +@deftypefun {void} {gnutls_handshake_set_timeout} (gnutls_session_t @var{session}, unsigned int @var{ms}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{ms}: is a timeout value in milliseconds + +This function sets the timeout for the TLS handshake process +to the provided value. Use an @code{ms} value of zero to disable +timeout, or @code{GNUTLS_DEFAULT_HANDSHAKE_TIMEOUT} for a reasonable +default value. For the DTLS protocol, the more detailed +@code{gnutls_dtls_set_timeouts()} is provided. + +This function requires to set a pull timeout callback. See +@code{gnutls_transport_set_pull_timeout_function()} . + +@strong{Since:} 3.1.0 +@end deftypefun diff --git a/doc/functions/gnutls_handshake_set_timeout.short b/doc/functions/gnutls_handshake_set_timeout.short new file mode 100644 index 0000000..9899567 --- /dev/null +++ b/doc/functions/gnutls_handshake_set_timeout.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_handshake_set_timeout} (gnutls_session_t @var{session}, unsigned int @var{ms}) diff --git a/doc/functions/gnutls_hash b/doc/functions/gnutls_hash new file mode 100644 index 0000000..6d314b5 --- /dev/null +++ b/doc/functions/gnutls_hash @@ -0,0 +1,18 @@ + + + + +@deftypefun {int} {gnutls_hash} (gnutls_hash_hd_t @var{handle}, const void * @var{ptext}, size_t @var{ptext_len}) +@var{handle}: is a @code{gnutls_hash_hd_t} type + +@var{ptext}: the data to hash + +@var{ptext_len}: the length of data to hash + +This function will hash the given data using the algorithm +specified by the context. + +@strong{Returns:} Zero or a negative error code on error. + +@strong{Since:} 2.10.0 +@end deftypefun diff --git a/doc/functions/gnutls_hash.short b/doc/functions/gnutls_hash.short new file mode 100644 index 0000000..c2bbe7c --- /dev/null +++ b/doc/functions/gnutls_hash.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_hash} (gnutls_hash_hd_t @var{handle}, const void * @var{ptext}, size_t @var{ptext_len}) diff --git a/doc/functions/gnutls_hash_deinit b/doc/functions/gnutls_hash_deinit new file mode 100644 index 0000000..d47b943 --- /dev/null +++ b/doc/functions/gnutls_hash_deinit @@ -0,0 +1,14 @@ + + + + +@deftypefun {void} {gnutls_hash_deinit} (gnutls_hash_hd_t @var{handle}, void * @var{digest}) +@var{handle}: is a @code{gnutls_hash_hd_t} type + +@var{digest}: is the output value of the hash + +This function will deinitialize all resources occupied by +the given hash context. + +@strong{Since:} 2.10.0 +@end deftypefun diff --git a/doc/functions/gnutls_hash_deinit.short b/doc/functions/gnutls_hash_deinit.short new file mode 100644 index 0000000..eafa7c4 --- /dev/null +++ b/doc/functions/gnutls_hash_deinit.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_hash_deinit} (gnutls_hash_hd_t @var{handle}, void * @var{digest}) diff --git a/doc/functions/gnutls_hash_fast b/doc/functions/gnutls_hash_fast new file mode 100644 index 0000000..329635f --- /dev/null +++ b/doc/functions/gnutls_hash_fast @@ -0,0 +1,20 @@ + + + + +@deftypefun {int} {gnutls_hash_fast} (gnutls_digest_algorithm_t @var{algorithm}, const void * @var{ptext}, size_t @var{ptext_len}, void * @var{digest}) +@var{algorithm}: the hash algorithm to use + +@var{ptext}: the data to hash + +@var{ptext_len}: the length of data to hash + +@var{digest}: is the output value of the hash + +This convenience function will hash the given data and return output +on a single call. + +@strong{Returns:} Zero or a negative error code on error. + +@strong{Since:} 2.10.0 +@end deftypefun diff --git a/doc/functions/gnutls_hash_fast.short b/doc/functions/gnutls_hash_fast.short new file mode 100644 index 0000000..c4f7a1c --- /dev/null +++ b/doc/functions/gnutls_hash_fast.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_hash_fast} (gnutls_digest_algorithm_t @var{algorithm}, const void * @var{ptext}, size_t @var{ptext_len}, void * @var{digest}) diff --git a/doc/functions/gnutls_hash_get_len b/doc/functions/gnutls_hash_get_len new file mode 100644 index 0000000..4c4927e --- /dev/null +++ b/doc/functions/gnutls_hash_get_len @@ -0,0 +1,14 @@ + + + + +@deftypefun {unsigned} {gnutls_hash_get_len} (gnutls_digest_algorithm_t @var{algorithm}) +@var{algorithm}: the hash algorithm to use + +This function will return the length of the output data +of the given hash algorithm. + +@strong{Returns:} The length or zero on error. + +@strong{Since:} 2.10.0 +@end deftypefun diff --git a/doc/functions/gnutls_hash_get_len.short b/doc/functions/gnutls_hash_get_len.short new file mode 100644 index 0000000..a008fc2 --- /dev/null +++ b/doc/functions/gnutls_hash_get_len.short @@ -0,0 +1 @@ +@item @var{unsigned} @ref{gnutls_hash_get_len} (gnutls_digest_algorithm_t @var{algorithm}) diff --git a/doc/functions/gnutls_hash_init b/doc/functions/gnutls_hash_init new file mode 100644 index 0000000..d253c84 --- /dev/null +++ b/doc/functions/gnutls_hash_init @@ -0,0 +1,18 @@ + + + + +@deftypefun {int} {gnutls_hash_init} (gnutls_hash_hd_t * @var{dig}, gnutls_digest_algorithm_t @var{algorithm}) +@var{dig}: is a @code{gnutls_hash_hd_t} type + +@var{algorithm}: the hash algorithm to use + +This function will initialize an context that can be used to +produce a Message Digest of data. This will effectively use the +current crypto backend in use by gnutls or the cryptographic +accelerator in use. + +@strong{Returns:} Zero or a negative error code on error. + +@strong{Since:} 2.10.0 +@end deftypefun diff --git a/doc/functions/gnutls_hash_init.short b/doc/functions/gnutls_hash_init.short new file mode 100644 index 0000000..2210312 --- /dev/null +++ b/doc/functions/gnutls_hash_init.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_hash_init} (gnutls_hash_hd_t * @var{dig}, gnutls_digest_algorithm_t @var{algorithm}) diff --git a/doc/functions/gnutls_hash_output b/doc/functions/gnutls_hash_output new file mode 100644 index 0000000..c3a4557 --- /dev/null +++ b/doc/functions/gnutls_hash_output @@ -0,0 +1,14 @@ + + + + +@deftypefun {void} {gnutls_hash_output} (gnutls_hash_hd_t @var{handle}, void * @var{digest}) +@var{handle}: is a @code{gnutls_hash_hd_t} type + +@var{digest}: is the output value of the hash + +This function will output the current hash value +and reset the state of the hash. + +@strong{Since:} 2.10.0 +@end deftypefun diff --git a/doc/functions/gnutls_hash_output.short b/doc/functions/gnutls_hash_output.short new file mode 100644 index 0000000..0159451 --- /dev/null +++ b/doc/functions/gnutls_hash_output.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_hash_output} (gnutls_hash_hd_t @var{handle}, void * @var{digest}) diff --git a/doc/functions/gnutls_heartbeat_allowed b/doc/functions/gnutls_heartbeat_allowed new file mode 100644 index 0000000..2cd5836 --- /dev/null +++ b/doc/functions/gnutls_heartbeat_allowed @@ -0,0 +1,16 @@ + + + + +@deftypefun {unsigned} {gnutls_heartbeat_allowed} (gnutls_session_t @var{session}, unsigned int @var{type}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{type}: one of @code{GNUTLS_HB_LOCAL_ALLOWED_TO_SEND} and @code{GNUTLS_HB_PEER_ALLOWED_TO_SEND} + +This function will check whether heartbeats are allowed +to be sent or received in this session. + +@strong{Returns:} Non zero if heartbeats are allowed. + +@strong{Since:} 3.1.2 +@end deftypefun diff --git a/doc/functions/gnutls_heartbeat_allowed.short b/doc/functions/gnutls_heartbeat_allowed.short new file mode 100644 index 0000000..bf0ac7a --- /dev/null +++ b/doc/functions/gnutls_heartbeat_allowed.short @@ -0,0 +1 @@ +@item @var{unsigned} @ref{gnutls_heartbeat_allowed} (gnutls_session_t @var{session}, unsigned int @var{type}) diff --git a/doc/functions/gnutls_heartbeat_enable b/doc/functions/gnutls_heartbeat_enable new file mode 100644 index 0000000..0afcb93 --- /dev/null +++ b/doc/functions/gnutls_heartbeat_enable @@ -0,0 +1,22 @@ + + + + +@deftypefun {void} {gnutls_heartbeat_enable} (gnutls_session_t @var{session}, unsigned int @var{type}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{type}: one of the GNUTLS_HB_* flags + +If this function is called with the @code{GNUTLS_HB_PEER_ALLOWED_TO_SEND} + @code{type} , GnuTLS will allow heartbeat messages to be received. Moreover it also +request the peer to accept heartbeat messages. This function +must be called prior to TLS handshake. + +If the @code{type} used is @code{GNUTLS_HB_LOCAL_ALLOWED_TO_SEND} , then the peer +will be asked to accept heartbeat messages but not send ones. + +The function @code{gnutls_heartbeat_allowed()} can be used to test Whether +locally generated heartbeat messages can be accepted by the peer. + +@strong{Since:} 3.1.2 +@end deftypefun diff --git a/doc/functions/gnutls_heartbeat_enable.short b/doc/functions/gnutls_heartbeat_enable.short new file mode 100644 index 0000000..d6ce209 --- /dev/null +++ b/doc/functions/gnutls_heartbeat_enable.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_heartbeat_enable} (gnutls_session_t @var{session}, unsigned int @var{type}) diff --git a/doc/functions/gnutls_heartbeat_get_timeout b/doc/functions/gnutls_heartbeat_get_timeout new file mode 100644 index 0000000..23d7f97 --- /dev/null +++ b/doc/functions/gnutls_heartbeat_get_timeout @@ -0,0 +1,17 @@ + + + + +@deftypefun {unsigned int} {gnutls_heartbeat_get_timeout} (gnutls_session_t @var{session}) +@var{session}: is a @code{gnutls_session_t} type. + +This function will return the milliseconds remaining +for a retransmission of the previously sent ping +message. This function is useful when ping is used in +non-blocking mode, to estimate when to call @code{gnutls_heartbeat_ping()} +if no packets have been received. + +@strong{Returns:} the remaining time in milliseconds. + +@strong{Since:} 3.1.2 +@end deftypefun diff --git a/doc/functions/gnutls_heartbeat_get_timeout.short b/doc/functions/gnutls_heartbeat_get_timeout.short new file mode 100644 index 0000000..c8edd96 --- /dev/null +++ b/doc/functions/gnutls_heartbeat_get_timeout.short @@ -0,0 +1 @@ +@item @var{unsigned int} @ref{gnutls_heartbeat_get_timeout} (gnutls_session_t @var{session}) diff --git a/doc/functions/gnutls_heartbeat_ping b/doc/functions/gnutls_heartbeat_ping new file mode 100644 index 0000000..490c6e0 --- /dev/null +++ b/doc/functions/gnutls_heartbeat_ping @@ -0,0 +1,27 @@ + + + + +@deftypefun {int} {gnutls_heartbeat_ping} (gnutls_session_t @var{session}, size_t @var{data_size}, unsigned int @var{max_tries}, unsigned int @var{flags}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{data_size}: is the length of the ping payload. + +@var{max_tries}: if flags is @code{GNUTLS_HEARTBEAT_WAIT} then this sets the number of retransmissions. Use zero for indefinite (until timeout). + +@var{flags}: if @code{GNUTLS_HEARTBEAT_WAIT} then wait for pong or timeout instead of returning immediately. + +This function sends a ping to the peer. If the @code{flags} is set +to @code{GNUTLS_HEARTBEAT_WAIT} then it waits for a reply from the peer. + +Note that it is highly recommended to use this function with the +flag @code{GNUTLS_HEARTBEAT_WAIT} , or you need to handle retransmissions +and timeouts manually. + +The total TLS data transmitted as part of the ping message are given by +the following formula: MAX(16, @code{data_size} )+@code{gnutls_record_overhead_size()} +3. + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, otherwise a negative error code. + +@strong{Since:} 3.1.2 +@end deftypefun diff --git a/doc/functions/gnutls_heartbeat_ping.short b/doc/functions/gnutls_heartbeat_ping.short new file mode 100644 index 0000000..48378d2 --- /dev/null +++ b/doc/functions/gnutls_heartbeat_ping.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_heartbeat_ping} (gnutls_session_t @var{session}, size_t @var{data_size}, unsigned int @var{max_tries}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_heartbeat_pong b/doc/functions/gnutls_heartbeat_pong new file mode 100644 index 0000000..d8ffc26 --- /dev/null +++ b/doc/functions/gnutls_heartbeat_pong @@ -0,0 +1,15 @@ + + + + +@deftypefun {int} {gnutls_heartbeat_pong} (gnutls_session_t @var{session}, unsigned int @var{flags}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{flags}: should be zero + +This function replies to a ping by sending a pong to the peer. + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, otherwise a negative error code. + +@strong{Since:} 3.1.2 +@end deftypefun diff --git a/doc/functions/gnutls_heartbeat_pong.short b/doc/functions/gnutls_heartbeat_pong.short new file mode 100644 index 0000000..98b0fc6 --- /dev/null +++ b/doc/functions/gnutls_heartbeat_pong.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_heartbeat_pong} (gnutls_session_t @var{session}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_heartbeat_set_timeouts b/doc/functions/gnutls_heartbeat_set_timeouts new file mode 100644 index 0000000..c45a16b --- /dev/null +++ b/doc/functions/gnutls_heartbeat_set_timeouts @@ -0,0 +1,19 @@ + + + + +@deftypefun {void} {gnutls_heartbeat_set_timeouts} (gnutls_session_t @var{session}, unsigned int @var{retrans_timeout}, unsigned int @var{total_timeout}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{retrans_timeout}: The time at which a retransmission will occur in milliseconds + +@var{total_timeout}: The time at which the connection will be aborted, in milliseconds. + +This function will override the timeouts for the DTLS heartbeat +protocol. The retransmission timeout is the time after which a +message from the peer is not received, the previous request will +be retransmitted. The total timeout is the time after which the +handshake will be aborted with @code{GNUTLS_E_TIMEDOUT} . + +@strong{Since:} 3.1.2 +@end deftypefun diff --git a/doc/functions/gnutls_heartbeat_set_timeouts.short b/doc/functions/gnutls_heartbeat_set_timeouts.short new file mode 100644 index 0000000..e3156f1 --- /dev/null +++ b/doc/functions/gnutls_heartbeat_set_timeouts.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_heartbeat_set_timeouts} (gnutls_session_t @var{session}, unsigned int @var{retrans_timeout}, unsigned int @var{total_timeout}) diff --git a/doc/functions/gnutls_hex2bin b/doc/functions/gnutls_hex2bin new file mode 100644 index 0000000..1207cc2 --- /dev/null +++ b/doc/functions/gnutls_hex2bin @@ -0,0 +1,22 @@ + + + + +@deftypefun {int} {gnutls_hex2bin} (const char * @var{hex_data}, size_t @var{hex_size}, void * @var{bin_data}, size_t * @var{bin_size}) +@var{hex_data}: string with data in hex format + +@var{hex_size}: size of hex data + +@var{bin_data}: output array with binary data + +@var{bin_size}: when calling should hold maximum size of @code{bin_data} , +on return will hold actual length of @code{bin_data} . + +Convert a buffer with hex data to binary data. This function +unlike @code{gnutls_hex_decode()} can parse hex data with separators +between numbers. That is, it ignores any non-hex characters. + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, otherwise a negative error code. + +@strong{Since:} 2.4.0 +@end deftypefun diff --git a/doc/functions/gnutls_hex2bin.short b/doc/functions/gnutls_hex2bin.short new file mode 100644 index 0000000..e9b84bc --- /dev/null +++ b/doc/functions/gnutls_hex2bin.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_hex2bin} (const char * @var{hex_data}, size_t @var{hex_size}, void * @var{bin_data}, size_t * @var{bin_size}) diff --git a/doc/functions/gnutls_hex_decode b/doc/functions/gnutls_hex_decode new file mode 100644 index 0000000..81f6fc7 --- /dev/null +++ b/doc/functions/gnutls_hex_decode @@ -0,0 +1,20 @@ + + + + +@deftypefun {int} {gnutls_hex_decode} (const gnutls_datum_t * @var{hex_data}, void * @var{result}, size_t * @var{result_size}) +@var{hex_data}: contain the encoded data + +@var{result}: the place where decoded data will be copied + +@var{result_size}: holds the size of the result + +This function will decode the given encoded data, using the hex +encoding used by PSK password files. + +Initially @code{result_size} must hold the maximum size available in + @code{result} , and on return it will contain the number of bytes written. + +@strong{Returns:} @code{GNUTLS_E_SHORT_MEMORY_BUFFER} if the buffer given is not +long enough, @code{GNUTLS_E_PARSING_ERROR} on invalid hex data, or 0 on success. +@end deftypefun diff --git a/doc/functions/gnutls_hex_decode.short b/doc/functions/gnutls_hex_decode.short new file mode 100644 index 0000000..3bc100e --- /dev/null +++ b/doc/functions/gnutls_hex_decode.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_hex_decode} (const gnutls_datum_t * @var{hex_data}, void * @var{result}, size_t * @var{result_size}) diff --git a/doc/functions/gnutls_hex_decode2 b/doc/functions/gnutls_hex_decode2 new file mode 100644 index 0000000..da8d8e2 --- /dev/null +++ b/doc/functions/gnutls_hex_decode2 @@ -0,0 +1,14 @@ + + + + +@deftypefun {int} {gnutls_hex_decode2} (const gnutls_datum_t * @var{hex_data}, gnutls_datum_t * @var{result}) +@var{hex_data}: contain the encoded data + +@var{result}: the result in an allocated string + +This function will decode the given encoded data, using the hex +encoding used by PSK password files. + +@strong{Returns:} @code{GNUTLS_E_PARSING_ERROR} on invalid hex data, or 0 on success. +@end deftypefun diff --git a/doc/functions/gnutls_hex_decode2.short b/doc/functions/gnutls_hex_decode2.short new file mode 100644 index 0000000..677adff --- /dev/null +++ b/doc/functions/gnutls_hex_decode2.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_hex_decode2} (const gnutls_datum_t * @var{hex_data}, gnutls_datum_t * @var{result}) diff --git a/doc/functions/gnutls_hex_encode b/doc/functions/gnutls_hex_encode new file mode 100644 index 0000000..6c1da60 --- /dev/null +++ b/doc/functions/gnutls_hex_encode @@ -0,0 +1,19 @@ + + + + +@deftypefun {int} {gnutls_hex_encode} (const gnutls_datum_t * @var{data}, char * @var{result}, size_t * @var{result_size}) +@var{data}: contain the raw data + +@var{result}: the place where hex data will be copied + +@var{result_size}: holds the size of the result + +This function will convert the given data to printable data, using +the hex encoding, as used in the PSK password files. + +Note that the size of the result includes the null terminator. + +@strong{Returns:} @code{GNUTLS_E_SHORT_MEMORY_BUFFER} if the buffer given is not +long enough, or 0 on success. +@end deftypefun diff --git a/doc/functions/gnutls_hex_encode.short b/doc/functions/gnutls_hex_encode.short new file mode 100644 index 0000000..2481dde --- /dev/null +++ b/doc/functions/gnutls_hex_encode.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_hex_encode} (const gnutls_datum_t * @var{data}, char * @var{result}, size_t * @var{result_size}) diff --git a/doc/functions/gnutls_hex_encode2 b/doc/functions/gnutls_hex_encode2 new file mode 100644 index 0000000..93bd082 --- /dev/null +++ b/doc/functions/gnutls_hex_encode2 @@ -0,0 +1,16 @@ + + + + +@deftypefun {int} {gnutls_hex_encode2} (const gnutls_datum_t * @var{data}, gnutls_datum_t * @var{result}) +@var{data}: contain the raw data + +@var{result}: the result in an allocated string + +This function will convert the given data to printable data, using +the hex encoding, as used in the PSK password files. + +Note that the size of the result does NOT include the null terminator. + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, otherwise a negative error code. +@end deftypefun diff --git a/doc/functions/gnutls_hex_encode2.short b/doc/functions/gnutls_hex_encode2.short new file mode 100644 index 0000000..d813940 --- /dev/null +++ b/doc/functions/gnutls_hex_encode2.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_hex_encode2} (const gnutls_datum_t * @var{data}, gnutls_datum_t * @var{result}) diff --git a/doc/functions/gnutls_hmac b/doc/functions/gnutls_hmac new file mode 100644 index 0000000..a0076d6 --- /dev/null +++ b/doc/functions/gnutls_hmac @@ -0,0 +1,18 @@ + + + + +@deftypefun {int} {gnutls_hmac} (gnutls_hmac_hd_t @var{handle}, const void * @var{ptext}, size_t @var{ptext_len}) +@var{handle}: is a @code{gnutls_hmac_hd_t} type + +@var{ptext}: the data to hash + +@var{ptext_len}: the length of data to hash + +This function will hash the given data using the algorithm +specified by the context. + +@strong{Returns:} Zero or a negative error code on error. + +@strong{Since:} 2.10.0 +@end deftypefun diff --git a/doc/functions/gnutls_hmac.short b/doc/functions/gnutls_hmac.short new file mode 100644 index 0000000..8430351 --- /dev/null +++ b/doc/functions/gnutls_hmac.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_hmac} (gnutls_hmac_hd_t @var{handle}, const void * @var{ptext}, size_t @var{ptext_len}) diff --git a/doc/functions/gnutls_hmac_deinit b/doc/functions/gnutls_hmac_deinit new file mode 100644 index 0000000..dd813b0 --- /dev/null +++ b/doc/functions/gnutls_hmac_deinit @@ -0,0 +1,14 @@ + + + + +@deftypefun {void} {gnutls_hmac_deinit} (gnutls_hmac_hd_t @var{handle}, void * @var{digest}) +@var{handle}: is a @code{gnutls_hmac_hd_t} type + +@var{digest}: is the output value of the MAC + +This function will deinitialize all resources occupied by +the given hmac context. + +@strong{Since:} 2.10.0 +@end deftypefun diff --git a/doc/functions/gnutls_hmac_deinit.short b/doc/functions/gnutls_hmac_deinit.short new file mode 100644 index 0000000..faf34bc --- /dev/null +++ b/doc/functions/gnutls_hmac_deinit.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_hmac_deinit} (gnutls_hmac_hd_t @var{handle}, void * @var{digest}) diff --git a/doc/functions/gnutls_hmac_fast b/doc/functions/gnutls_hmac_fast new file mode 100644 index 0000000..a461144 --- /dev/null +++ b/doc/functions/gnutls_hmac_fast @@ -0,0 +1,24 @@ + + + + +@deftypefun {int} {gnutls_hmac_fast} (gnutls_mac_algorithm_t @var{algorithm}, const void * @var{key}, size_t @var{keylen}, const void * @var{ptext}, size_t @var{ptext_len}, void * @var{digest}) +@var{algorithm}: the hash algorithm to use + +@var{key}: the key to use + +@var{keylen}: the length of the key + +@var{ptext}: the data to hash + +@var{ptext_len}: the length of data to hash + +@var{digest}: is the output value of the hash + +This convenience function will hash the given data and return output +on a single call. + +@strong{Returns:} Zero or a negative error code on error. + +@strong{Since:} 2.10.0 +@end deftypefun diff --git a/doc/functions/gnutls_hmac_fast.short b/doc/functions/gnutls_hmac_fast.short new file mode 100644 index 0000000..010bdaa --- /dev/null +++ b/doc/functions/gnutls_hmac_fast.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_hmac_fast} (gnutls_mac_algorithm_t @var{algorithm}, const void * @var{key}, size_t @var{keylen}, const void * @var{ptext}, size_t @var{ptext_len}, void * @var{digest}) diff --git a/doc/functions/gnutls_hmac_get_len b/doc/functions/gnutls_hmac_get_len new file mode 100644 index 0000000..8bb5e12 --- /dev/null +++ b/doc/functions/gnutls_hmac_get_len @@ -0,0 +1,14 @@ + + + + +@deftypefun {unsigned} {gnutls_hmac_get_len} (gnutls_mac_algorithm_t @var{algorithm}) +@var{algorithm}: the hmac algorithm to use + +This function will return the length of the output data +of the given hmac algorithm. + +@strong{Returns:} The length or zero on error. + +@strong{Since:} 2.10.0 +@end deftypefun diff --git a/doc/functions/gnutls_hmac_get_len.short b/doc/functions/gnutls_hmac_get_len.short new file mode 100644 index 0000000..b68128b --- /dev/null +++ b/doc/functions/gnutls_hmac_get_len.short @@ -0,0 +1 @@ +@item @var{unsigned} @ref{gnutls_hmac_get_len} (gnutls_mac_algorithm_t @var{algorithm}) diff --git a/doc/functions/gnutls_hmac_init b/doc/functions/gnutls_hmac_init new file mode 100644 index 0000000..7058511 --- /dev/null +++ b/doc/functions/gnutls_hmac_init @@ -0,0 +1,25 @@ + + + + +@deftypefun {int} {gnutls_hmac_init} (gnutls_hmac_hd_t * @var{dig}, gnutls_mac_algorithm_t @var{algorithm}, const void * @var{key}, size_t @var{keylen}) +@var{dig}: is a @code{gnutls_hmac_hd_t} type + +@var{algorithm}: the HMAC algorithm to use + +@var{key}: the key to be used for encryption + +@var{keylen}: the length of the key + +This function will initialize an context that can be used to +produce a Message Authentication Code (MAC) of data. This will +effectively use the current crypto backend in use by gnutls or the +cryptographic accelerator in use. + +Note that despite the name of this function, it can be used +for other MAC algorithms than HMAC. + +@strong{Returns:} Zero or a negative error code on error. + +@strong{Since:} 2.10.0 +@end deftypefun diff --git a/doc/functions/gnutls_hmac_init.short b/doc/functions/gnutls_hmac_init.short new file mode 100644 index 0000000..64d02ea --- /dev/null +++ b/doc/functions/gnutls_hmac_init.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_hmac_init} (gnutls_hmac_hd_t * @var{dig}, gnutls_mac_algorithm_t @var{algorithm}, const void * @var{key}, size_t @var{keylen}) diff --git a/doc/functions/gnutls_hmac_output b/doc/functions/gnutls_hmac_output new file mode 100644 index 0000000..a2fbaef --- /dev/null +++ b/doc/functions/gnutls_hmac_output @@ -0,0 +1,14 @@ + + + + +@deftypefun {void} {gnutls_hmac_output} (gnutls_hmac_hd_t @var{handle}, void * @var{digest}) +@var{handle}: is a @code{gnutls_hmac_hd_t} type + +@var{digest}: is the output value of the MAC + +This function will output the current MAC value +and reset the state of the MAC. + +@strong{Since:} 2.10.0 +@end deftypefun diff --git a/doc/functions/gnutls_hmac_output.short b/doc/functions/gnutls_hmac_output.short new file mode 100644 index 0000000..e3d2b28 --- /dev/null +++ b/doc/functions/gnutls_hmac_output.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_hmac_output} (gnutls_hmac_hd_t @var{handle}, void * @var{digest}) diff --git a/doc/functions/gnutls_hmac_set_nonce b/doc/functions/gnutls_hmac_set_nonce new file mode 100644 index 0000000..ae38bc2 --- /dev/null +++ b/doc/functions/gnutls_hmac_set_nonce @@ -0,0 +1,15 @@ + + + + +@deftypefun {void} {gnutls_hmac_set_nonce} (gnutls_hmac_hd_t @var{handle}, const void * @var{nonce}, size_t @var{nonce_len}) +@var{handle}: is a @code{gnutls_hmac_hd_t} type + +@var{nonce}: the data to set as nonce + +@var{nonce_len}: the length of data + +This function will set the nonce in the MAC algorithm. + +@strong{Since:} 3.2.0 +@end deftypefun diff --git a/doc/functions/gnutls_hmac_set_nonce.short b/doc/functions/gnutls_hmac_set_nonce.short new file mode 100644 index 0000000..947d390 --- /dev/null +++ b/doc/functions/gnutls_hmac_set_nonce.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_hmac_set_nonce} (gnutls_hmac_hd_t @var{handle}, const void * @var{nonce}, size_t @var{nonce_len}) diff --git a/doc/functions/gnutls_idna_map b/doc/functions/gnutls_idna_map new file mode 100644 index 0000000..a36f275 --- /dev/null +++ b/doc/functions/gnutls_idna_map @@ -0,0 +1,30 @@ + + + + +@deftypefun {int} {gnutls_idna_map} (const char * @var{input}, unsigned @var{ilen}, gnutls_datum_t * @var{out}, unsigned @var{flags}) +@var{input}: contain the UTF-8 formatted domain name + +@var{ilen}: the length of the provided string + +@var{out}: the result in an null-terminated allocated string + +@var{flags}: should be zero + +This function will convert the provided UTF-8 domain name, to +its IDNA mapping in an allocated variable. Note that depending on the flags the used gnutls +library was compiled with, the output of this function may vary (i.e., +may be IDNA2008, or IDNA2003). + +To force IDNA2008 specify the flag @code{GNUTLS_IDNA_FORCE_2008} . In +the case GnuTLS is not compiled with the necessary dependencies, +@code{GNUTLS_E_UNIMPLEMENTED_FEATURE} will be returned to indicate that +gnutls is unable to perform the requested conversion. + +Note also, that this function will return an empty string if an +empty string is provided as input. + +@strong{Returns:} @code{GNUTLS_E_INVALID_UTF8_STRING} on invalid UTF-8 data, or 0 on success. + +@strong{Since:} 3.5.8 +@end deftypefun diff --git a/doc/functions/gnutls_idna_map.short b/doc/functions/gnutls_idna_map.short new file mode 100644 index 0000000..2ec4ee1 --- /dev/null +++ b/doc/functions/gnutls_idna_map.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_idna_map} (const char * @var{input}, unsigned @var{ilen}, gnutls_datum_t * @var{out}, unsigned @var{flags}) diff --git a/doc/functions/gnutls_idna_reverse_map b/doc/functions/gnutls_idna_reverse_map new file mode 100644 index 0000000..b20559d --- /dev/null +++ b/doc/functions/gnutls_idna_reverse_map @@ -0,0 +1,25 @@ + + + + +@deftypefun {int} {gnutls_idna_reverse_map} (const char * @var{input}, unsigned @var{ilen}, gnutls_datum_t * @var{out}, unsigned @var{flags}) +@var{input}: contain the ACE (IDNA) formatted domain name + +@var{ilen}: the length of the provided string + +@var{out}: the result in an null-terminated allocated UTF-8 string + +@var{flags}: should be zero + +This function will convert an ACE (ASCII-encoded) domain name to a UTF-8 domain name. + +If GnuTLS is compiled without IDNA support, then this function +will return @code{GNUTLS_E_UNIMPLEMENTED_FEATURE} . + +Note also, that this function will return an empty string if an +empty string is provided as input. + +@strong{Returns:} A negative error code on error, or 0 on success. + +@strong{Since:} 3.5.8 +@end deftypefun diff --git a/doc/functions/gnutls_idna_reverse_map.short b/doc/functions/gnutls_idna_reverse_map.short new file mode 100644 index 0000000..a34f3fa --- /dev/null +++ b/doc/functions/gnutls_idna_reverse_map.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_idna_reverse_map} (const char * @var{input}, unsigned @var{ilen}, gnutls_datum_t * @var{out}, unsigned @var{flags}) diff --git a/doc/functions/gnutls_init b/doc/functions/gnutls_init new file mode 100644 index 0000000..23b8667 --- /dev/null +++ b/doc/functions/gnutls_init @@ -0,0 +1,22 @@ + + + + +@deftypefun {int} {gnutls_init} (gnutls_session_t * @var{session}, unsigned int @var{flags}) +@var{session}: is a pointer to a @code{gnutls_session_t} type. + +@var{flags}: indicate if this session is to be used for server or client. + +This function initializes the provided session. Every +session must be initialized before use, and must be deinitialized +after used by calling @code{gnutls_deinit()} . + + @code{flags} can be any combination of flags from @code{gnutls_init_flags_t} . + +Note that since version 3.1.2 this function enables some common +TLS extensions such as session tickets and OCSP certificate status +request in client side by default. To prevent that use the @code{GNUTLS_NO_EXTENSIONS} +flag. + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, or an error code. +@end deftypefun diff --git a/doc/functions/gnutls_init.short b/doc/functions/gnutls_init.short new file mode 100644 index 0000000..4ef5b48 --- /dev/null +++ b/doc/functions/gnutls_init.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_init} (gnutls_session_t * @var{session}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_key_generate b/doc/functions/gnutls_key_generate new file mode 100644 index 0000000..930b617 --- /dev/null +++ b/doc/functions/gnutls_key_generate @@ -0,0 +1,17 @@ + + + + +@deftypefun {int} {gnutls_key_generate} (gnutls_datum_t * @var{key}, unsigned int @var{key_size}) +@var{key}: is a pointer to a @code{gnutls_datum_t} which will contain a newly +created key + +@var{key_size}: the number of bytes of the key + +Generates a random key of @code{key_size} bytes. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, or an +error code. + +@strong{Since:} 3.0 +@end deftypefun diff --git a/doc/functions/gnutls_key_generate.short b/doc/functions/gnutls_key_generate.short new file mode 100644 index 0000000..235c7ff --- /dev/null +++ b/doc/functions/gnutls_key_generate.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_key_generate} (gnutls_datum_t * @var{key}, unsigned int @var{key_size}) diff --git a/doc/functions/gnutls_kx_get b/doc/functions/gnutls_kx_get new file mode 100644 index 0000000..6557013 --- /dev/null +++ b/doc/functions/gnutls_kx_get @@ -0,0 +1,17 @@ + + + + +@deftypefun {gnutls_kx_algorithm_t} {gnutls_kx_get} (gnutls_session_t @var{session}) +@var{session}: is a @code{gnutls_session_t} type. + +Get the currently used key exchange algorithm. + +This function will return @code{GNUTLS_KX_ECDHE_RSA} , or @code{GNUTLS_KX_DHE_RSA} +under TLS 1.3, to indicate an elliptic curve DH key exchange or +a finite field one. The precise group used is available +by calling @code{gnutls_group_get()} instead. + +@strong{Returns:} the key exchange algorithm used in the last handshake, a +@code{gnutls_kx_algorithm_t} value. +@end deftypefun diff --git a/doc/functions/gnutls_kx_get.short b/doc/functions/gnutls_kx_get.short new file mode 100644 index 0000000..7c8f5b5 --- /dev/null +++ b/doc/functions/gnutls_kx_get.short @@ -0,0 +1 @@ +@item @var{gnutls_kx_algorithm_t} @ref{gnutls_kx_get} (gnutls_session_t @var{session}) diff --git a/doc/functions/gnutls_kx_get_id b/doc/functions/gnutls_kx_get_id new file mode 100644 index 0000000..74ba631 --- /dev/null +++ b/doc/functions/gnutls_kx_get_id @@ -0,0 +1,13 @@ + + + + +@deftypefun {gnutls_kx_algorithm_t} {gnutls_kx_get_id} (const char * @var{name}) +@var{name}: is a KX name + +Convert a string to a @code{gnutls_kx_algorithm_t} value. The names are +compared in a case insensitive way. + +@strong{Returns:} an id of the specified KX algorithm, or @code{GNUTLS_KX_UNKNOWN} +on error. +@end deftypefun diff --git a/doc/functions/gnutls_kx_get_id.short b/doc/functions/gnutls_kx_get_id.short new file mode 100644 index 0000000..4b5f0bc --- /dev/null +++ b/doc/functions/gnutls_kx_get_id.short @@ -0,0 +1 @@ +@item @var{gnutls_kx_algorithm_t} @ref{gnutls_kx_get_id} (const char * @var{name}) diff --git a/doc/functions/gnutls_kx_get_name b/doc/functions/gnutls_kx_get_name new file mode 100644 index 0000000..02690e1 --- /dev/null +++ b/doc/functions/gnutls_kx_get_name @@ -0,0 +1,12 @@ + + + + +@deftypefun {const char *} {gnutls_kx_get_name} (gnutls_kx_algorithm_t @var{algorithm}) +@var{algorithm}: is a key exchange algorithm + +Convert a @code{gnutls_kx_algorithm_t} value to a string. + +@strong{Returns:} a pointer to a string that contains the name of the +specified key exchange algorithm, or @code{NULL} . +@end deftypefun diff --git a/doc/functions/gnutls_kx_get_name.short b/doc/functions/gnutls_kx_get_name.short new file mode 100644 index 0000000..c974313 --- /dev/null +++ b/doc/functions/gnutls_kx_get_name.short @@ -0,0 +1 @@ +@item @var{const char *} @ref{gnutls_kx_get_name} (gnutls_kx_algorithm_t @var{algorithm}) diff --git a/doc/functions/gnutls_kx_list b/doc/functions/gnutls_kx_list new file mode 100644 index 0000000..cc19b6d --- /dev/null +++ b/doc/functions/gnutls_kx_list @@ -0,0 +1,13 @@ + + + + +@deftypefun {const gnutls_kx_algorithm_t *} {gnutls_kx_list} ( @var{void}) + +Get a list of supported key exchange algorithms. + +This function is not thread safe. + +@strong{Returns:} a (0)-terminated list of @code{gnutls_kx_algorithm_t} integers +indicating the available key exchange algorithms. +@end deftypefun diff --git a/doc/functions/gnutls_kx_list.short b/doc/functions/gnutls_kx_list.short new file mode 100644 index 0000000..6b74563 --- /dev/null +++ b/doc/functions/gnutls_kx_list.short @@ -0,0 +1 @@ +@item @var{const gnutls_kx_algorithm_t *} @ref{gnutls_kx_list} ( @var{void}) diff --git a/doc/functions/gnutls_load_file b/doc/functions/gnutls_load_file new file mode 100644 index 0000000..0e312d2 --- /dev/null +++ b/doc/functions/gnutls_load_file @@ -0,0 +1,18 @@ + + + + +@deftypefun {int} {gnutls_load_file} (const char * @var{filename}, gnutls_datum_t * @var{data}) +@var{filename}: the name of the file to load + +@var{data}: Where the file will be stored + +This function will load a file into a datum. The data are +zero terminated but the terminating null is not included in length. +The returned data are allocated using @code{gnutls_malloc()} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise +an error code is returned. + +Since 3.1.0 +@end deftypefun diff --git a/doc/functions/gnutls_load_file.short b/doc/functions/gnutls_load_file.short new file mode 100644 index 0000000..78fb217 --- /dev/null +++ b/doc/functions/gnutls_load_file.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_load_file} (const char * @var{filename}, gnutls_datum_t * @var{data}) diff --git a/doc/functions/gnutls_mac_get b/doc/functions/gnutls_mac_get new file mode 100644 index 0000000..ce30204 --- /dev/null +++ b/doc/functions/gnutls_mac_get @@ -0,0 +1,12 @@ + + + + +@deftypefun {gnutls_mac_algorithm_t} {gnutls_mac_get} (gnutls_session_t @var{session}) +@var{session}: is a @code{gnutls_session_t} type. + +Get the currently used MAC algorithm. + +@strong{Returns:} the currently used mac algorithm, a +@code{gnutls_mac_algorithm_t} value. +@end deftypefun diff --git a/doc/functions/gnutls_mac_get.short b/doc/functions/gnutls_mac_get.short new file mode 100644 index 0000000..6a39392 --- /dev/null +++ b/doc/functions/gnutls_mac_get.short @@ -0,0 +1 @@ +@item @var{gnutls_mac_algorithm_t} @ref{gnutls_mac_get} (gnutls_session_t @var{session}) diff --git a/doc/functions/gnutls_mac_get_id b/doc/functions/gnutls_mac_get_id new file mode 100644 index 0000000..8022d84 --- /dev/null +++ b/doc/functions/gnutls_mac_get_id @@ -0,0 +1,13 @@ + + + + +@deftypefun {gnutls_mac_algorithm_t} {gnutls_mac_get_id} (const char * @var{name}) +@var{name}: is a MAC algorithm name + +Convert a string to a @code{gnutls_mac_algorithm_t} value. The names are +compared in a case insensitive way. + +@strong{Returns:} a @code{gnutls_mac_algorithm_t} id of the specified MAC +algorithm string, or @code{GNUTLS_MAC_UNKNOWN} on failure. +@end deftypefun diff --git a/doc/functions/gnutls_mac_get_id.short b/doc/functions/gnutls_mac_get_id.short new file mode 100644 index 0000000..56579a9 --- /dev/null +++ b/doc/functions/gnutls_mac_get_id.short @@ -0,0 +1 @@ +@item @var{gnutls_mac_algorithm_t} @ref{gnutls_mac_get_id} (const char * @var{name}) diff --git a/doc/functions/gnutls_mac_get_key_size b/doc/functions/gnutls_mac_get_key_size new file mode 100644 index 0000000..d2a5f7f --- /dev/null +++ b/doc/functions/gnutls_mac_get_key_size @@ -0,0 +1,12 @@ + + + + +@deftypefun {size_t} {gnutls_mac_get_key_size} (gnutls_mac_algorithm_t @var{algorithm}) +@var{algorithm}: is an encryption algorithm + +Returns the size of the MAC key used in TLS. + +@strong{Returns:} length (in bytes) of the given MAC key size, or 0 if the +given MAC algorithm is invalid. +@end deftypefun diff --git a/doc/functions/gnutls_mac_get_key_size.short b/doc/functions/gnutls_mac_get_key_size.short new file mode 100644 index 0000000..a428da7 --- /dev/null +++ b/doc/functions/gnutls_mac_get_key_size.short @@ -0,0 +1 @@ +@item @var{size_t} @ref{gnutls_mac_get_key_size} (gnutls_mac_algorithm_t @var{algorithm}) diff --git a/doc/functions/gnutls_mac_get_name b/doc/functions/gnutls_mac_get_name new file mode 100644 index 0000000..9c86c3f --- /dev/null +++ b/doc/functions/gnutls_mac_get_name @@ -0,0 +1,12 @@ + + + + +@deftypefun {const char *} {gnutls_mac_get_name} (gnutls_mac_algorithm_t @var{algorithm}) +@var{algorithm}: is a MAC algorithm + +Convert a @code{gnutls_mac_algorithm_t} value to a string. + +@strong{Returns:} a string that contains the name of the specified MAC +algorithm, or @code{NULL} . +@end deftypefun diff --git a/doc/functions/gnutls_mac_get_name.short b/doc/functions/gnutls_mac_get_name.short new file mode 100644 index 0000000..de97e22 --- /dev/null +++ b/doc/functions/gnutls_mac_get_name.short @@ -0,0 +1 @@ +@item @var{const char *} @ref{gnutls_mac_get_name} (gnutls_mac_algorithm_t @var{algorithm}) diff --git a/doc/functions/gnutls_mac_get_nonce_size b/doc/functions/gnutls_mac_get_nonce_size new file mode 100644 index 0000000..c83a1e5 --- /dev/null +++ b/doc/functions/gnutls_mac_get_nonce_size @@ -0,0 +1,13 @@ + + + + +@deftypefun {size_t} {gnutls_mac_get_nonce_size} (gnutls_mac_algorithm_t @var{algorithm}) +@var{algorithm}: is an encryption algorithm + +Returns the size of the nonce used by the MAC in TLS. + +@strong{Returns:} length (in bytes) of the given MAC nonce size, or 0. + +@strong{Since:} 3.2.0 +@end deftypefun diff --git a/doc/functions/gnutls_mac_get_nonce_size.short b/doc/functions/gnutls_mac_get_nonce_size.short new file mode 100644 index 0000000..0ed411d --- /dev/null +++ b/doc/functions/gnutls_mac_get_nonce_size.short @@ -0,0 +1 @@ +@item @var{size_t} @ref{gnutls_mac_get_nonce_size} (gnutls_mac_algorithm_t @var{algorithm}) diff --git a/doc/functions/gnutls_mac_list b/doc/functions/gnutls_mac_list new file mode 100644 index 0000000..aaf3294 --- /dev/null +++ b/doc/functions/gnutls_mac_list @@ -0,0 +1,13 @@ + + + + +@deftypefun {const gnutls_mac_algorithm_t *} {gnutls_mac_list} ( @var{void}) + +Get a list of hash algorithms for use as MACs. Note that not +necessarily all MACs are supported in TLS cipher suites. +This function is not thread safe. + +@strong{Returns:} Return a (0)-terminated list of @code{gnutls_mac_algorithm_t} +integers indicating the available MACs. +@end deftypefun diff --git a/doc/functions/gnutls_mac_list.short b/doc/functions/gnutls_mac_list.short new file mode 100644 index 0000000..f94d7ed --- /dev/null +++ b/doc/functions/gnutls_mac_list.short @@ -0,0 +1 @@ +@item @var{const gnutls_mac_algorithm_t *} @ref{gnutls_mac_list} ( @var{void}) diff --git a/doc/functions/gnutls_memcmp b/doc/functions/gnutls_memcmp new file mode 100644 index 0000000..03baf31 --- /dev/null +++ b/doc/functions/gnutls_memcmp @@ -0,0 +1,19 @@ + + + + +@deftypefun {int} {gnutls_memcmp} (const void * @var{s1}, const void * @var{s2}, size_t @var{n}) +@var{s1}: the first address to compare + +@var{s2}: the second address to compare + +@var{n}: the size of memory to compare + +This function will operate similarly to @code{memcmp()} , but will operate +on time that depends only on the size of the string. That is will +not return early if the strings don't match on the first byte. + +@strong{Returns:} non zero on difference and zero if the buffers are identical. + +@strong{Since:} 3.4.0 +@end deftypefun diff --git a/doc/functions/gnutls_memcmp.short b/doc/functions/gnutls_memcmp.short new file mode 100644 index 0000000..fbd757c --- /dev/null +++ b/doc/functions/gnutls_memcmp.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_memcmp} (const void * @var{s1}, const void * @var{s2}, size_t @var{n}) diff --git a/doc/functions/gnutls_memset b/doc/functions/gnutls_memset new file mode 100644 index 0000000..3838716 --- /dev/null +++ b/doc/functions/gnutls_memset @@ -0,0 +1,16 @@ + + + + +@deftypefun {void} {gnutls_memset} (void * @var{data}, int @var{c}, size_t @var{size}) +@var{data}: the memory to set + +@var{c}: the constant byte to fill the memory with + +@var{size}: the size of memory + +This function will operate similarly to @code{memset()} , but will +not be optimized out by the compiler. + +@strong{Since:} 3.4.0 +@end deftypefun diff --git a/doc/functions/gnutls_memset.short b/doc/functions/gnutls_memset.short new file mode 100644 index 0000000..9a66fa5 --- /dev/null +++ b/doc/functions/gnutls_memset.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_memset} (void * @var{data}, int @var{c}, size_t @var{size}) diff --git a/doc/functions/gnutls_ocsp_req_add_cert b/doc/functions/gnutls_ocsp_req_add_cert new file mode 100644 index 0000000..73fff72 --- /dev/null +++ b/doc/functions/gnutls_ocsp_req_add_cert @@ -0,0 +1,21 @@ + + + +@deftypefun {int} {gnutls_ocsp_req_add_cert} (gnutls_ocsp_req_t @var{req}, gnutls_digest_algorithm_t @var{digest}, gnutls_x509_crt_t @var{issuer}, gnutls_x509_crt_t @var{cert}) +@var{req}: should contain a @code{gnutls_ocsp_req_t} type + +@var{digest}: hash algorithm, a @code{gnutls_digest_algorithm_t} value + +@var{issuer}: issuer of @code{subject} certificate + +@var{cert}: certificate to request status for + +This function will add another request to the OCSP request for a +particular certificate. The issuer name hash, issuer key hash, and +serial number fields is populated as follows. The issuer name and +the serial number is taken from @code{cert} . The issuer key is taken +from @code{issuer} . The hashed values will be hashed using the @code{digest} algorithm, normally @code{GNUTLS_DIG_SHA1} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error code is returned. +@end deftypefun diff --git a/doc/functions/gnutls_ocsp_req_add_cert.short b/doc/functions/gnutls_ocsp_req_add_cert.short new file mode 100644 index 0000000..f48c852 --- /dev/null +++ b/doc/functions/gnutls_ocsp_req_add_cert.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_ocsp_req_add_cert} (gnutls_ocsp_req_t @var{req}, gnutls_digest_algorithm_t @var{digest}, gnutls_x509_crt_t @var{issuer}, gnutls_x509_crt_t @var{cert}) diff --git a/doc/functions/gnutls_ocsp_req_add_cert_id b/doc/functions/gnutls_ocsp_req_add_cert_id new file mode 100644 index 0000000..0e21e67 --- /dev/null +++ b/doc/functions/gnutls_ocsp_req_add_cert_id @@ -0,0 +1,33 @@ + + + + +@deftypefun {int} {gnutls_ocsp_req_add_cert_id} (gnutls_ocsp_req_t @var{req}, gnutls_digest_algorithm_t @var{digest}, const gnutls_datum_t * @var{issuer_name_hash}, const gnutls_datum_t * @var{issuer_key_hash}, const gnutls_datum_t * @var{serial_number}) +@var{req}: should contain a @code{gnutls_ocsp_req_t} type + +@var{digest}: hash algorithm, a @code{gnutls_digest_algorithm_t} value + +@var{issuer_name_hash}: hash of issuer's DN + +@var{issuer_key_hash}: hash of issuer's public key + +@var{serial_number}: serial number of certificate to check + +This function will add another request to the OCSP request for a +particular certificate having the issuer name hash of + @code{issuer_name_hash} and issuer key hash of @code{issuer_key_hash} (both +hashed using @code{digest} ) and serial number @code{serial_number} . + +The information needed corresponds to the CertID structure: + + +CertID ::= SEQUENCE @{ +hashAlgorithm AlgorithmIdentifier, +issuerNameHash OCTET STRING, -- Hash of Issuer's DN +issuerKeyHash OCTET STRING, -- Hash of Issuers public key +serialNumber CertificateSerialNumber @} + + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error code is returned. +@end deftypefun diff --git a/doc/functions/gnutls_ocsp_req_add_cert_id.short b/doc/functions/gnutls_ocsp_req_add_cert_id.short new file mode 100644 index 0000000..f39a4f9 --- /dev/null +++ b/doc/functions/gnutls_ocsp_req_add_cert_id.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_ocsp_req_add_cert_id} (gnutls_ocsp_req_t @var{req}, gnutls_digest_algorithm_t @var{digest}, const gnutls_datum_t * @var{issuer_name_hash}, const gnutls_datum_t * @var{issuer_key_hash}, const gnutls_datum_t * @var{serial_number}) diff --git a/doc/functions/gnutls_ocsp_req_deinit b/doc/functions/gnutls_ocsp_req_deinit new file mode 100644 index 0000000..7b8e753 --- /dev/null +++ b/doc/functions/gnutls_ocsp_req_deinit @@ -0,0 +1,9 @@ + + + + +@deftypefun {void} {gnutls_ocsp_req_deinit} (gnutls_ocsp_req_t @var{req}) +@var{req}: The data to be deinitialized + +This function will deinitialize a OCSP request structure. +@end deftypefun diff --git a/doc/functions/gnutls_ocsp_req_deinit.short b/doc/functions/gnutls_ocsp_req_deinit.short new file mode 100644 index 0000000..573bda6 --- /dev/null +++ b/doc/functions/gnutls_ocsp_req_deinit.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_ocsp_req_deinit} (gnutls_ocsp_req_t @var{req}) diff --git a/doc/functions/gnutls_ocsp_req_export b/doc/functions/gnutls_ocsp_req_export new file mode 100644 index 0000000..6c2ccc2 --- /dev/null +++ b/doc/functions/gnutls_ocsp_req_export @@ -0,0 +1,14 @@ + + + + +@deftypefun {int} {gnutls_ocsp_req_export} (gnutls_ocsp_req_t @var{req}, gnutls_datum_t * @var{data}) +@var{req}: Holds the OCSP request + +@var{data}: newly allocate buffer holding DER encoded OCSP request + +This function will export the OCSP request to DER format. + +@strong{Returns:} In case of failure a negative error code will be +returned, and 0 on success. +@end deftypefun diff --git a/doc/functions/gnutls_ocsp_req_export.short b/doc/functions/gnutls_ocsp_req_export.short new file mode 100644 index 0000000..16e1769 --- /dev/null +++ b/doc/functions/gnutls_ocsp_req_export.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_ocsp_req_export} (gnutls_ocsp_req_t @var{req}, gnutls_datum_t * @var{data}) diff --git a/doc/functions/gnutls_ocsp_req_get_cert_id b/doc/functions/gnutls_ocsp_req_get_cert_id new file mode 100644 index 0000000..081cccd --- /dev/null +++ b/doc/functions/gnutls_ocsp_req_get_cert_id @@ -0,0 +1,37 @@ + + + + +@deftypefun {int} {gnutls_ocsp_req_get_cert_id} (gnutls_ocsp_req_t @var{req}, unsigned @var{indx}, gnutls_digest_algorithm_t * @var{digest}, gnutls_datum_t * @var{issuer_name_hash}, gnutls_datum_t * @var{issuer_key_hash}, gnutls_datum_t * @var{serial_number}) +@var{req}: should contain a @code{gnutls_ocsp_req_t} type + +@var{indx}: Specifies which extension OID to get. Use (0) to get the first one. + +@var{digest}: output variable with @code{gnutls_digest_algorithm_t} hash algorithm + +@var{issuer_name_hash}: output buffer with hash of issuer's DN + +@var{issuer_key_hash}: output buffer with hash of issuer's public key + +@var{serial_number}: output buffer with serial number of certificate to check + +This function will return the certificate information of the + @code{indx} 'ed request in the OCSP request. The information returned +corresponds to the CertID structure: + + +CertID ::= SEQUENCE @{ +hashAlgorithm AlgorithmIdentifier, +issuerNameHash OCTET STRING, -- Hash of Issuer's DN +issuerKeyHash OCTET STRING, -- Hash of Issuers public key +serialNumber CertificateSerialNumber @} + + +Each of the pointers to output variables may be NULL to indicate +that the caller is not interested in that value. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error code is returned. If you have reached the last +CertID available @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} will be +returned. +@end deftypefun diff --git a/doc/functions/gnutls_ocsp_req_get_cert_id.short b/doc/functions/gnutls_ocsp_req_get_cert_id.short new file mode 100644 index 0000000..db0bffa --- /dev/null +++ b/doc/functions/gnutls_ocsp_req_get_cert_id.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_ocsp_req_get_cert_id} (gnutls_ocsp_req_t @var{req}, unsigned @var{indx}, gnutls_digest_algorithm_t * @var{digest}, gnutls_datum_t * @var{issuer_name_hash}, gnutls_datum_t * @var{issuer_key_hash}, gnutls_datum_t * @var{serial_number}) diff --git a/doc/functions/gnutls_ocsp_req_get_extension b/doc/functions/gnutls_ocsp_req_get_extension new file mode 100644 index 0000000..a61b5e5 --- /dev/null +++ b/doc/functions/gnutls_ocsp_req_get_extension @@ -0,0 +1,30 @@ + + + + +@deftypefun {int} {gnutls_ocsp_req_get_extension} (gnutls_ocsp_req_t @var{req}, unsigned @var{indx}, gnutls_datum_t * @var{oid}, unsigned int * @var{critical}, gnutls_datum_t * @var{data}) +@var{req}: should contain a @code{gnutls_ocsp_req_t} type + +@var{indx}: Specifies which extension OID to get. Use (0) to get the first one. + +@var{oid}: will hold newly allocated buffer with OID of extension, may be NULL + +@var{critical}: output variable with critical flag, may be NULL. + +@var{data}: will hold newly allocated buffer with extension data, may be NULL + +This function will return all information about the requested +extension in the OCSP request. The information returned is the +OID, the critical flag, and the data itself. The extension OID +will be stored as a string. Any of @code{oid} , @code{critical} , and @code{data} may +be NULL which means that the caller is not interested in getting +that information back. + +The caller needs to deallocate memory by calling @code{gnutls_free()} on + @code{oid} ->data and @code{data} ->data. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error code is returned. If you have reached the last +extension available @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} will +be returned. +@end deftypefun diff --git a/doc/functions/gnutls_ocsp_req_get_extension.short b/doc/functions/gnutls_ocsp_req_get_extension.short new file mode 100644 index 0000000..2d06500 --- /dev/null +++ b/doc/functions/gnutls_ocsp_req_get_extension.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_ocsp_req_get_extension} (gnutls_ocsp_req_t @var{req}, unsigned @var{indx}, gnutls_datum_t * @var{oid}, unsigned int * @var{critical}, gnutls_datum_t * @var{data}) diff --git a/doc/functions/gnutls_ocsp_req_get_nonce b/doc/functions/gnutls_ocsp_req_get_nonce new file mode 100644 index 0000000..ab640bf --- /dev/null +++ b/doc/functions/gnutls_ocsp_req_get_nonce @@ -0,0 +1,19 @@ + + + + +@deftypefun {int} {gnutls_ocsp_req_get_nonce} (gnutls_ocsp_req_t @var{req}, unsigned int * @var{critical}, gnutls_datum_t * @var{nonce}) +@var{req}: should contain a @code{gnutls_ocsp_req_t} type + +@var{critical}: whether nonce extension is marked critical, or NULL + +@var{nonce}: will hold newly allocated buffer with nonce data + +This function will return the OCSP request nonce extension data. + +The caller needs to deallocate memory by calling @code{gnutls_free()} on + @code{nonce} ->data. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error code is returned. +@end deftypefun diff --git a/doc/functions/gnutls_ocsp_req_get_nonce.short b/doc/functions/gnutls_ocsp_req_get_nonce.short new file mode 100644 index 0000000..f97d22c --- /dev/null +++ b/doc/functions/gnutls_ocsp_req_get_nonce.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_ocsp_req_get_nonce} (gnutls_ocsp_req_t @var{req}, unsigned int * @var{critical}, gnutls_datum_t * @var{nonce}) diff --git a/doc/functions/gnutls_ocsp_req_get_version b/doc/functions/gnutls_ocsp_req_get_version new file mode 100644 index 0000000..ecd24af --- /dev/null +++ b/doc/functions/gnutls_ocsp_req_get_version @@ -0,0 +1,12 @@ + + + + +@deftypefun {int} {gnutls_ocsp_req_get_version} (gnutls_ocsp_req_t @var{req}) +@var{req}: should contain a @code{gnutls_ocsp_req_t} type + +This function will return the version of the OCSP request. +Typically this is always 1 indicating version 1. + +@strong{Returns:} version of OCSP request, or a negative error code on error. +@end deftypefun diff --git a/doc/functions/gnutls_ocsp_req_get_version.short b/doc/functions/gnutls_ocsp_req_get_version.short new file mode 100644 index 0000000..c345cfd --- /dev/null +++ b/doc/functions/gnutls_ocsp_req_get_version.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_ocsp_req_get_version} (gnutls_ocsp_req_t @var{req}) diff --git a/doc/functions/gnutls_ocsp_req_import b/doc/functions/gnutls_ocsp_req_import new file mode 100644 index 0000000..ef981bf --- /dev/null +++ b/doc/functions/gnutls_ocsp_req_import @@ -0,0 +1,16 @@ + + + + +@deftypefun {int} {gnutls_ocsp_req_import} (gnutls_ocsp_req_t @var{req}, const gnutls_datum_t * @var{data}) +@var{req}: The data to store the parsed request. + +@var{data}: DER encoded OCSP request. + +This function will convert the given DER encoded OCSP request to +the native @code{gnutls_ocsp_req_t} format. The output will be stored in + @code{req} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_ocsp_req_import.short b/doc/functions/gnutls_ocsp_req_import.short new file mode 100644 index 0000000..ee212ca --- /dev/null +++ b/doc/functions/gnutls_ocsp_req_import.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_ocsp_req_import} (gnutls_ocsp_req_t @var{req}, const gnutls_datum_t * @var{data}) diff --git a/doc/functions/gnutls_ocsp_req_init b/doc/functions/gnutls_ocsp_req_init new file mode 100644 index 0000000..f13c6ba --- /dev/null +++ b/doc/functions/gnutls_ocsp_req_init @@ -0,0 +1,12 @@ + + + + +@deftypefun {int} {gnutls_ocsp_req_init} (gnutls_ocsp_req_t * @var{req}) +@var{req}: A pointer to the type to be initialized + +This function will initialize an OCSP request structure. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_ocsp_req_init.short b/doc/functions/gnutls_ocsp_req_init.short new file mode 100644 index 0000000..e394caf --- /dev/null +++ b/doc/functions/gnutls_ocsp_req_init.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_ocsp_req_init} (gnutls_ocsp_req_t * @var{req}) diff --git a/doc/functions/gnutls_ocsp_req_print b/doc/functions/gnutls_ocsp_req_print new file mode 100644 index 0000000..ff62adb --- /dev/null +++ b/doc/functions/gnutls_ocsp_req_print @@ -0,0 +1,22 @@ + + + + +@deftypefun {int} {gnutls_ocsp_req_print} (gnutls_ocsp_req_t @var{req}, gnutls_ocsp_print_formats_t @var{format}, gnutls_datum_t * @var{out}) +@var{req}: The data to be printed + +@var{format}: Indicate the format to use + +@var{out}: Newly allocated datum with (0) terminated string. + +This function will pretty print a OCSP request, suitable for +display to a human. + +If the format is @code{GNUTLS_OCSP_PRINT_FULL} then all fields of the +request will be output, on multiple lines. + +The output @code{out} ->data needs to be deallocate using @code{gnutls_free()} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_ocsp_req_print.short b/doc/functions/gnutls_ocsp_req_print.short new file mode 100644 index 0000000..d71a530 --- /dev/null +++ b/doc/functions/gnutls_ocsp_req_print.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_ocsp_req_print} (gnutls_ocsp_req_t @var{req}, gnutls_ocsp_print_formats_t @var{format}, gnutls_datum_t * @var{out}) diff --git a/doc/functions/gnutls_ocsp_req_randomize_nonce b/doc/functions/gnutls_ocsp_req_randomize_nonce new file mode 100644 index 0000000..dbeaf6c --- /dev/null +++ b/doc/functions/gnutls_ocsp_req_randomize_nonce @@ -0,0 +1,13 @@ + + + + +@deftypefun {int} {gnutls_ocsp_req_randomize_nonce} (gnutls_ocsp_req_t @var{req}) +@var{req}: should contain a @code{gnutls_ocsp_req_t} type + +This function will add or update an nonce extension to the OCSP +request with a newly generated random value. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error code is returned. +@end deftypefun diff --git a/doc/functions/gnutls_ocsp_req_randomize_nonce.short b/doc/functions/gnutls_ocsp_req_randomize_nonce.short new file mode 100644 index 0000000..5e02ecd --- /dev/null +++ b/doc/functions/gnutls_ocsp_req_randomize_nonce.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_ocsp_req_randomize_nonce} (gnutls_ocsp_req_t @var{req}) diff --git a/doc/functions/gnutls_ocsp_req_set_extension b/doc/functions/gnutls_ocsp_req_set_extension new file mode 100644 index 0000000..6fb1e00 --- /dev/null +++ b/doc/functions/gnutls_ocsp_req_set_extension @@ -0,0 +1,20 @@ + + + + +@deftypefun {int} {gnutls_ocsp_req_set_extension} (gnutls_ocsp_req_t @var{req}, const char * @var{oid}, unsigned int @var{critical}, const gnutls_datum_t * @var{data}) +@var{req}: should contain a @code{gnutls_ocsp_req_t} type + +@var{oid}: buffer with OID of extension as a string. + +@var{critical}: critical flag, normally false. + +@var{data}: the extension data + +This function will add an extension to the OCSP request. Calling +this function multiple times for the same OID will overwrite values +from earlier calls. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error code is returned. +@end deftypefun diff --git a/doc/functions/gnutls_ocsp_req_set_extension.short b/doc/functions/gnutls_ocsp_req_set_extension.short new file mode 100644 index 0000000..52259b8 --- /dev/null +++ b/doc/functions/gnutls_ocsp_req_set_extension.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_ocsp_req_set_extension} (gnutls_ocsp_req_t @var{req}, const char * @var{oid}, unsigned int @var{critical}, const gnutls_datum_t * @var{data}) diff --git a/doc/functions/gnutls_ocsp_req_set_nonce b/doc/functions/gnutls_ocsp_req_set_nonce new file mode 100644 index 0000000..71f8eae --- /dev/null +++ b/doc/functions/gnutls_ocsp_req_set_nonce @@ -0,0 +1,18 @@ + + + + +@deftypefun {int} {gnutls_ocsp_req_set_nonce} (gnutls_ocsp_req_t @var{req}, unsigned int @var{critical}, const gnutls_datum_t * @var{nonce}) +@var{req}: should contain a @code{gnutls_ocsp_req_t} type + +@var{critical}: critical flag, normally false. + +@var{nonce}: the nonce data + +This function will add an nonce extension to the OCSP request. +Calling this function multiple times will overwrite values from +earlier calls. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error code is returned. +@end deftypefun diff --git a/doc/functions/gnutls_ocsp_req_set_nonce.short b/doc/functions/gnutls_ocsp_req_set_nonce.short new file mode 100644 index 0000000..2fcddd8 --- /dev/null +++ b/doc/functions/gnutls_ocsp_req_set_nonce.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_ocsp_req_set_nonce} (gnutls_ocsp_req_t @var{req}, unsigned int @var{critical}, const gnutls_datum_t * @var{nonce}) diff --git a/doc/functions/gnutls_ocsp_resp_check_crt b/doc/functions/gnutls_ocsp_resp_check_crt new file mode 100644 index 0000000..14486ef --- /dev/null +++ b/doc/functions/gnutls_ocsp_resp_check_crt @@ -0,0 +1,19 @@ + + + + +@deftypefun {int} {gnutls_ocsp_resp_check_crt} (gnutls_ocsp_resp_t @var{resp}, unsigned int @var{indx}, gnutls_x509_crt_t @var{crt}) +@var{resp}: should contain a @code{gnutls_ocsp_resp_t} type + +@var{indx}: Specifies response number to get. Use (0) to get the first one. + +@var{crt}: The certificate to check + +This function will check whether the OCSP response +is about the provided certificate. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error code is returned. + +@strong{Since:} 3.1.3 +@end deftypefun diff --git a/doc/functions/gnutls_ocsp_resp_check_crt.short b/doc/functions/gnutls_ocsp_resp_check_crt.short new file mode 100644 index 0000000..1b485fc --- /dev/null +++ b/doc/functions/gnutls_ocsp_resp_check_crt.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_ocsp_resp_check_crt} (gnutls_ocsp_resp_t @var{resp}, unsigned int @var{indx}, gnutls_x509_crt_t @var{crt}) diff --git a/doc/functions/gnutls_ocsp_resp_deinit b/doc/functions/gnutls_ocsp_resp_deinit new file mode 100644 index 0000000..5cfb575 --- /dev/null +++ b/doc/functions/gnutls_ocsp_resp_deinit @@ -0,0 +1,9 @@ + + + + +@deftypefun {void} {gnutls_ocsp_resp_deinit} (gnutls_ocsp_resp_t @var{resp}) +@var{resp}: The data to be deinitialized + +This function will deinitialize a OCSP response structure. +@end deftypefun diff --git a/doc/functions/gnutls_ocsp_resp_deinit.short b/doc/functions/gnutls_ocsp_resp_deinit.short new file mode 100644 index 0000000..d12ca0c --- /dev/null +++ b/doc/functions/gnutls_ocsp_resp_deinit.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_ocsp_resp_deinit} (gnutls_ocsp_resp_t @var{resp}) diff --git a/doc/functions/gnutls_ocsp_resp_export b/doc/functions/gnutls_ocsp_resp_export new file mode 100644 index 0000000..2476f3d --- /dev/null +++ b/doc/functions/gnutls_ocsp_resp_export @@ -0,0 +1,14 @@ + + + + +@deftypefun {int} {gnutls_ocsp_resp_export} (gnutls_ocsp_resp_t @var{resp}, gnutls_datum_t * @var{data}) +@var{resp}: Holds the OCSP response + +@var{data}: newly allocate buffer holding DER encoded OCSP response + +This function will export the OCSP response to DER format. + +@strong{Returns:} In case of failure a negative error code will be +returned, and 0 on success. +@end deftypefun diff --git a/doc/functions/gnutls_ocsp_resp_export.short b/doc/functions/gnutls_ocsp_resp_export.short new file mode 100644 index 0000000..fb7354f --- /dev/null +++ b/doc/functions/gnutls_ocsp_resp_export.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_ocsp_resp_export} (gnutls_ocsp_resp_t @var{resp}, gnutls_datum_t * @var{data}) diff --git a/doc/functions/gnutls_ocsp_resp_export2 b/doc/functions/gnutls_ocsp_resp_export2 new file mode 100644 index 0000000..67569d2 --- /dev/null +++ b/doc/functions/gnutls_ocsp_resp_export2 @@ -0,0 +1,18 @@ + + + + +@deftypefun {int} {gnutls_ocsp_resp_export2} (gnutls_ocsp_resp_t @var{resp}, gnutls_datum_t * @var{data}, gnutls_x509_crt_fmt_t @var{fmt}) +@var{resp}: Holds the OCSP response + +@var{data}: newly allocate buffer holding DER or PEM encoded OCSP response + +@var{fmt}: DER or PEM + +This function will export the OCSP response to DER or PEM format. + +@strong{Returns:} In case of failure a negative error code will be +returned, and 0 on success. + +@strong{Since:} 3.6.3 +@end deftypefun diff --git a/doc/functions/gnutls_ocsp_resp_export2.short b/doc/functions/gnutls_ocsp_resp_export2.short new file mode 100644 index 0000000..37c6953 --- /dev/null +++ b/doc/functions/gnutls_ocsp_resp_export2.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_ocsp_resp_export2} (gnutls_ocsp_resp_t @var{resp}, gnutls_datum_t * @var{data}, gnutls_x509_crt_fmt_t @var{fmt}) diff --git a/doc/functions/gnutls_ocsp_resp_get_certs b/doc/functions/gnutls_ocsp_resp_get_certs new file mode 100644 index 0000000..6512c70 --- /dev/null +++ b/doc/functions/gnutls_ocsp_resp_get_certs @@ -0,0 +1,27 @@ + + + + +@deftypefun {int} {gnutls_ocsp_resp_get_certs} (gnutls_ocsp_resp_t @var{resp}, gnutls_x509_crt_t ** @var{certs}, size_t * @var{ncerts}) +@var{resp}: should contain a @code{gnutls_ocsp_resp_t} type + +@var{certs}: newly allocated array with @code{gnutls_x509_crt_t} certificates + +@var{ncerts}: output variable with number of allocated certs. + +This function will extract the X.509 certificates found in the +Basic OCSP Response. The @code{certs} output variable will hold a newly +allocated zero-terminated array with X.509 certificates. + +Every certificate in the array needs to be de-allocated with +@code{gnutls_x509_crt_deinit()} and the array itself must be freed using +@code{gnutls_free()} . + +Both the @code{certs} and @code{ncerts} variables may be NULL. Then the +function will work as normal but will not return the NULL:d +information. This can be used to get the number of certificates +only, or to just get the certificate array without its size. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_ocsp_resp_get_certs.short b/doc/functions/gnutls_ocsp_resp_get_certs.short new file mode 100644 index 0000000..0ffeff3 --- /dev/null +++ b/doc/functions/gnutls_ocsp_resp_get_certs.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_ocsp_resp_get_certs} (gnutls_ocsp_resp_t @var{resp}, gnutls_x509_crt_t ** @var{certs}, size_t * @var{ncerts}) diff --git a/doc/functions/gnutls_ocsp_resp_get_extension b/doc/functions/gnutls_ocsp_resp_get_extension new file mode 100644 index 0000000..18b9f51 --- /dev/null +++ b/doc/functions/gnutls_ocsp_resp_get_extension @@ -0,0 +1,30 @@ + + + + +@deftypefun {int} {gnutls_ocsp_resp_get_extension} (gnutls_ocsp_resp_t @var{resp}, unsigned @var{indx}, gnutls_datum_t * @var{oid}, unsigned int * @var{critical}, gnutls_datum_t * @var{data}) +@var{resp}: should contain a @code{gnutls_ocsp_resp_t} type + +@var{indx}: Specifies which extension OID to get. Use (0) to get the first one. + +@var{oid}: will hold newly allocated buffer with OID of extension, may be NULL + +@var{critical}: output variable with critical flag, may be NULL. + +@var{data}: will hold newly allocated buffer with extension data, may be NULL + +This function will return all information about the requested +extension in the OCSP response. The information returned is the +OID, the critical flag, and the data itself. The extension OID +will be stored as a string. Any of @code{oid} , @code{critical} , and @code{data} may +be NULL which means that the caller is not interested in getting +that information back. + +The caller needs to deallocate memory by calling @code{gnutls_free()} on + @code{oid} ->data and @code{data} ->data. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error code is returned. If you have reached the last +extension available @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} will +be returned. +@end deftypefun diff --git a/doc/functions/gnutls_ocsp_resp_get_extension.short b/doc/functions/gnutls_ocsp_resp_get_extension.short new file mode 100644 index 0000000..d50f766 --- /dev/null +++ b/doc/functions/gnutls_ocsp_resp_get_extension.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_ocsp_resp_get_extension} (gnutls_ocsp_resp_t @var{resp}, unsigned @var{indx}, gnutls_datum_t * @var{oid}, unsigned int * @var{critical}, gnutls_datum_t * @var{data}) diff --git a/doc/functions/gnutls_ocsp_resp_get_nonce b/doc/functions/gnutls_ocsp_resp_get_nonce new file mode 100644 index 0000000..a4bd19e --- /dev/null +++ b/doc/functions/gnutls_ocsp_resp_get_nonce @@ -0,0 +1,20 @@ + + + + +@deftypefun {int} {gnutls_ocsp_resp_get_nonce} (gnutls_ocsp_resp_t @var{resp}, unsigned int * @var{critical}, gnutls_datum_t * @var{nonce}) +@var{resp}: should contain a @code{gnutls_ocsp_resp_t} type + +@var{critical}: whether nonce extension is marked critical + +@var{nonce}: will hold newly allocated buffer with nonce data + +This function will return the Basic OCSP Response nonce extension +data. + +The caller needs to deallocate memory by calling @code{gnutls_free()} on + @code{nonce} ->data. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error code is returned. +@end deftypefun diff --git a/doc/functions/gnutls_ocsp_resp_get_nonce.short b/doc/functions/gnutls_ocsp_resp_get_nonce.short new file mode 100644 index 0000000..e46efb8 --- /dev/null +++ b/doc/functions/gnutls_ocsp_resp_get_nonce.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_ocsp_resp_get_nonce} (gnutls_ocsp_resp_t @var{resp}, unsigned int * @var{critical}, gnutls_datum_t * @var{nonce}) diff --git a/doc/functions/gnutls_ocsp_resp_get_produced b/doc/functions/gnutls_ocsp_resp_get_produced new file mode 100644 index 0000000..a89910a --- /dev/null +++ b/doc/functions/gnutls_ocsp_resp_get_produced @@ -0,0 +1,12 @@ + + + + +@deftypefun {time_t} {gnutls_ocsp_resp_get_produced} (gnutls_ocsp_resp_t @var{resp}) +@var{resp}: should contain a @code{gnutls_ocsp_resp_t} type + +This function will return the time when the OCSP response was +signed. + +@strong{Returns:} signing time, or (time_t)-1 on error. +@end deftypefun diff --git a/doc/functions/gnutls_ocsp_resp_get_produced.short b/doc/functions/gnutls_ocsp_resp_get_produced.short new file mode 100644 index 0000000..408cdb3 --- /dev/null +++ b/doc/functions/gnutls_ocsp_resp_get_produced.short @@ -0,0 +1 @@ +@item @var{time_t} @ref{gnutls_ocsp_resp_get_produced} (gnutls_ocsp_resp_t @var{resp}) diff --git a/doc/functions/gnutls_ocsp_resp_get_responder b/doc/functions/gnutls_ocsp_resp_get_responder new file mode 100644 index 0000000..2b70e79 --- /dev/null +++ b/doc/functions/gnutls_ocsp_resp_get_responder @@ -0,0 +1,27 @@ + + + + +@deftypefun {int} {gnutls_ocsp_resp_get_responder} (gnutls_ocsp_resp_t @var{resp}, gnutls_datum_t * @var{dn}) +@var{resp}: should contain a @code{gnutls_ocsp_resp_t} type + +@var{dn}: newly allocated buffer with name + +This function will extract the name of the Basic OCSP Response in +the provided buffer. The name will be in the form +"C=xxxx,O=yyyy,CN=zzzz" as described in RFC2253. The output string +will be ASCII or UTF-8 encoded, depending on the certificate data. + +If the responder ID is not a name but a hash, this function +will return zero and the @code{dn} elements will be set to @code{NULL} . + +The caller needs to deallocate memory by calling @code{gnutls_free()} on + @code{dn} ->data. + +This function does not output a fully RFC4514 compliant string, if +that is required see @code{gnutls_ocsp_resp_get_responder2()} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error code is returned. When no data exist it will +return success and set @code{dn} elements to zero. +@end deftypefun diff --git a/doc/functions/gnutls_ocsp_resp_get_responder.short b/doc/functions/gnutls_ocsp_resp_get_responder.short new file mode 100644 index 0000000..9afae2d --- /dev/null +++ b/doc/functions/gnutls_ocsp_resp_get_responder.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_ocsp_resp_get_responder} (gnutls_ocsp_resp_t @var{resp}, gnutls_datum_t * @var{dn}) diff --git a/doc/functions/gnutls_ocsp_resp_get_responder2 b/doc/functions/gnutls_ocsp_resp_get_responder2 new file mode 100644 index 0000000..7847e34 --- /dev/null +++ b/doc/functions/gnutls_ocsp_resp_get_responder2 @@ -0,0 +1,30 @@ + + + + +@deftypefun {int} {gnutls_ocsp_resp_get_responder2} (gnutls_ocsp_resp_t @var{resp}, gnutls_datum_t * @var{dn}, unsigned @var{flags}) +@var{resp}: should contain a @code{gnutls_ocsp_resp_t} type + +@var{dn}: newly allocated buffer with name + +@var{flags}: zero or @code{GNUTLS_X509_DN_FLAG_COMPAT} + +This function will extract the name of the Basic OCSP Response in +the provided buffer. The name will be in the form +"C=xxxx,O=yyyy,CN=zzzz" as described in RFC2253. The output string +will be ASCII or UTF-8 encoded, depending on the certificate data. + +If the responder ID is not a name but a hash, this function +will return zero and the @code{dn} elements will be set to @code{NULL} . + +The caller needs to deallocate memory by calling @code{gnutls_free()} on + @code{dn} ->data. + +When the flag @code{GNUTLS_X509_DN_FLAG_COMPAT} is specified, the output +format will match the format output by previous to 3.5.6 versions of GnuTLS +which was not not fully RFC4514-compliant. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error code is returned. When no data exist it will return +@code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} . +@end deftypefun diff --git a/doc/functions/gnutls_ocsp_resp_get_responder2.short b/doc/functions/gnutls_ocsp_resp_get_responder2.short new file mode 100644 index 0000000..cedf0c1 --- /dev/null +++ b/doc/functions/gnutls_ocsp_resp_get_responder2.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_ocsp_resp_get_responder2} (gnutls_ocsp_resp_t @var{resp}, gnutls_datum_t * @var{dn}, unsigned @var{flags}) diff --git a/doc/functions/gnutls_ocsp_resp_get_responder_raw_id b/doc/functions/gnutls_ocsp_resp_get_responder_raw_id new file mode 100644 index 0000000..0755c74 --- /dev/null +++ b/doc/functions/gnutls_ocsp_resp_get_responder_raw_id @@ -0,0 +1,21 @@ + + + + +@deftypefun {int} {gnutls_ocsp_resp_get_responder_raw_id} (gnutls_ocsp_resp_t @var{resp}, unsigned @var{type}, gnutls_datum_t * @var{raw}) +@var{resp}: should contain a @code{gnutls_ocsp_resp_t} type + +@var{type}: should be @code{GNUTLS_OCSP_RESP_ID_KEY} or @code{GNUTLS_OCSP_RESP_ID_DN} + +@var{raw}: newly allocated buffer with the raw ID + +This function will extract the raw key (or DN) ID of the Basic OCSP Response in +the provided buffer. If the responder ID is not a key ID then +this function will return @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} . + +The caller needs to deallocate memory by calling @code{gnutls_free()} on + @code{dn} ->data. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error code is returned. +@end deftypefun diff --git a/doc/functions/gnutls_ocsp_resp_get_responder_raw_id.short b/doc/functions/gnutls_ocsp_resp_get_responder_raw_id.short new file mode 100644 index 0000000..e381a60 --- /dev/null +++ b/doc/functions/gnutls_ocsp_resp_get_responder_raw_id.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_ocsp_resp_get_responder_raw_id} (gnutls_ocsp_resp_t @var{resp}, unsigned @var{type}, gnutls_datum_t * @var{raw}) diff --git a/doc/functions/gnutls_ocsp_resp_get_response b/doc/functions/gnutls_ocsp_resp_get_response new file mode 100644 index 0000000..69ef606 --- /dev/null +++ b/doc/functions/gnutls_ocsp_resp_get_response @@ -0,0 +1,25 @@ + + + + +@deftypefun {int} {gnutls_ocsp_resp_get_response} (gnutls_ocsp_resp_t @var{resp}, gnutls_datum_t * @var{response_type_oid}, gnutls_datum_t * @var{response}) +@var{resp}: should contain a @code{gnutls_ocsp_resp_t} type + +@var{response_type_oid}: newly allocated output buffer with response type OID + +@var{response}: newly allocated output buffer with DER encoded response + +This function will extract the response type OID in and the +response data from an OCSP response. Normally the + @code{response_type_oid} is always "1.3.6.1.5.5.7.48.1.1" which means the + @code{response} should be decoded as a Basic OCSP Response, but +technically other response types could be used. + +This function is typically only useful when you want to extract the +response type OID of an response for diagnostic purposes. +Otherwise @code{gnutls_ocsp_resp_import()} will decode the basic OCSP +response part and the caller need not worry about that aspect. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_ocsp_resp_get_response.short b/doc/functions/gnutls_ocsp_resp_get_response.short new file mode 100644 index 0000000..cbfdb0c --- /dev/null +++ b/doc/functions/gnutls_ocsp_resp_get_response.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_ocsp_resp_get_response} (gnutls_ocsp_resp_t @var{resp}, gnutls_datum_t * @var{response_type_oid}, gnutls_datum_t * @var{response}) diff --git a/doc/functions/gnutls_ocsp_resp_get_signature b/doc/functions/gnutls_ocsp_resp_get_signature new file mode 100644 index 0000000..1cadb24 --- /dev/null +++ b/doc/functions/gnutls_ocsp_resp_get_signature @@ -0,0 +1,14 @@ + + + + +@deftypefun {int} {gnutls_ocsp_resp_get_signature} (gnutls_ocsp_resp_t @var{resp}, gnutls_datum_t * @var{sig}) +@var{resp}: should contain a @code{gnutls_ocsp_resp_t} type + +@var{sig}: newly allocated output buffer with signature data + +This function will extract the signature field of a OCSP response. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_ocsp_resp_get_signature.short b/doc/functions/gnutls_ocsp_resp_get_signature.short new file mode 100644 index 0000000..3be3a82 --- /dev/null +++ b/doc/functions/gnutls_ocsp_resp_get_signature.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_ocsp_resp_get_signature} (gnutls_ocsp_resp_t @var{resp}, gnutls_datum_t * @var{sig}) diff --git a/doc/functions/gnutls_ocsp_resp_get_signature_algorithm b/doc/functions/gnutls_ocsp_resp_get_signature_algorithm new file mode 100644 index 0000000..0812c3a --- /dev/null +++ b/doc/functions/gnutls_ocsp_resp_get_signature_algorithm @@ -0,0 +1,14 @@ + + + + +@deftypefun {int} {gnutls_ocsp_resp_get_signature_algorithm} (gnutls_ocsp_resp_t @var{resp}) +@var{resp}: should contain a @code{gnutls_ocsp_resp_t} type + +This function will return a value of the @code{gnutls_sign_algorithm_t} +enumeration that is the signature algorithm that has been used to +sign the OCSP response. + +@strong{Returns:} a @code{gnutls_sign_algorithm_t} value, or a negative error code +on error. +@end deftypefun diff --git a/doc/functions/gnutls_ocsp_resp_get_signature_algorithm.short b/doc/functions/gnutls_ocsp_resp_get_signature_algorithm.short new file mode 100644 index 0000000..d88123e --- /dev/null +++ b/doc/functions/gnutls_ocsp_resp_get_signature_algorithm.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_ocsp_resp_get_signature_algorithm} (gnutls_ocsp_resp_t @var{resp}) diff --git a/doc/functions/gnutls_ocsp_resp_get_single b/doc/functions/gnutls_ocsp_resp_get_single new file mode 100644 index 0000000..a77a539 --- /dev/null +++ b/doc/functions/gnutls_ocsp_resp_get_single @@ -0,0 +1,40 @@ + + + + +@deftypefun {int} {gnutls_ocsp_resp_get_single} (gnutls_ocsp_resp_t @var{resp}, unsigned @var{indx}, gnutls_digest_algorithm_t * @var{digest}, gnutls_datum_t * @var{issuer_name_hash}, gnutls_datum_t * @var{issuer_key_hash}, gnutls_datum_t * @var{serial_number}, unsigned int * @var{cert_status}, time_t * @var{this_update}, time_t * @var{next_update}, time_t * @var{revocation_time}, unsigned int * @var{revocation_reason}) +@var{resp}: should contain a @code{gnutls_ocsp_resp_t} type + +@var{indx}: Specifies response number to get. Use (0) to get the first one. + +@var{digest}: output variable with @code{gnutls_digest_algorithm_t} hash algorithm + +@var{issuer_name_hash}: output buffer with hash of issuer's DN + +@var{issuer_key_hash}: output buffer with hash of issuer's public key + +@var{serial_number}: output buffer with serial number of certificate to check + +@var{cert_status}: a certificate status, a @code{gnutls_ocsp_cert_status_t} enum. + +@var{this_update}: time at which the status is known to be correct. + +@var{next_update}: when newer information will be available, or (time_t)-1 if unspecified + +@var{revocation_time}: when @code{cert_status} is @code{GNUTLS_OCSP_CERT_REVOKED} , holds time of revocation. + +@var{revocation_reason}: revocation reason, a @code{gnutls_x509_crl_reason_t} enum. + +This function will return the certificate information of the + @code{indx} 'ed response in the Basic OCSP Response @code{resp} . The +information returned corresponds to the OCSP SingleResponse structure +except the final singleExtensions. + +Each of the pointers to output variables may be NULL to indicate +that the caller is not interested in that value. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error code is returned. If you have reached the last +CertID available @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} will be +returned. +@end deftypefun diff --git a/doc/functions/gnutls_ocsp_resp_get_single.short b/doc/functions/gnutls_ocsp_resp_get_single.short new file mode 100644 index 0000000..f428e35 --- /dev/null +++ b/doc/functions/gnutls_ocsp_resp_get_single.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_ocsp_resp_get_single} (gnutls_ocsp_resp_t @var{resp}, unsigned @var{indx}, gnutls_digest_algorithm_t * @var{digest}, gnutls_datum_t * @var{issuer_name_hash}, gnutls_datum_t * @var{issuer_key_hash}, gnutls_datum_t * @var{serial_number}, unsigned int * @var{cert_status}, time_t * @var{this_update}, time_t * @var{next_update}, time_t * @var{revocation_time}, unsigned int * @var{revocation_reason}) diff --git a/doc/functions/gnutls_ocsp_resp_get_status b/doc/functions/gnutls_ocsp_resp_get_status new file mode 100644 index 0000000..cfa0171 --- /dev/null +++ b/doc/functions/gnutls_ocsp_resp_get_status @@ -0,0 +1,13 @@ + + + + +@deftypefun {int} {gnutls_ocsp_resp_get_status} (gnutls_ocsp_resp_t @var{resp}) +@var{resp}: should contain a @code{gnutls_ocsp_resp_t} type + +This function will return the status of a OCSP response, an +@code{gnutls_ocsp_resp_status_t} enumeration. + +@strong{Returns:} status of OCSP request as a @code{gnutls_ocsp_resp_status_t} , or +a negative error code on error. +@end deftypefun diff --git a/doc/functions/gnutls_ocsp_resp_get_status.short b/doc/functions/gnutls_ocsp_resp_get_status.short new file mode 100644 index 0000000..b9f8ea0 --- /dev/null +++ b/doc/functions/gnutls_ocsp_resp_get_status.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_ocsp_resp_get_status} (gnutls_ocsp_resp_t @var{resp}) diff --git a/doc/functions/gnutls_ocsp_resp_get_version b/doc/functions/gnutls_ocsp_resp_get_version new file mode 100644 index 0000000..0884c6b --- /dev/null +++ b/doc/functions/gnutls_ocsp_resp_get_version @@ -0,0 +1,13 @@ + + + + +@deftypefun {int} {gnutls_ocsp_resp_get_version} (gnutls_ocsp_resp_t @var{resp}) +@var{resp}: should contain a @code{gnutls_ocsp_resp_t} type + +This function will return the version of the Basic OCSP Response. +Typically this is always 1 indicating version 1. + +@strong{Returns:} version of Basic OCSP response, or a negative error code +on error. +@end deftypefun diff --git a/doc/functions/gnutls_ocsp_resp_get_version.short b/doc/functions/gnutls_ocsp_resp_get_version.short new file mode 100644 index 0000000..ace8ddd --- /dev/null +++ b/doc/functions/gnutls_ocsp_resp_get_version.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_ocsp_resp_get_version} (gnutls_ocsp_resp_t @var{resp}) diff --git a/doc/functions/gnutls_ocsp_resp_import b/doc/functions/gnutls_ocsp_resp_import new file mode 100644 index 0000000..7db9c5d --- /dev/null +++ b/doc/functions/gnutls_ocsp_resp_import @@ -0,0 +1,16 @@ + + + + +@deftypefun {int} {gnutls_ocsp_resp_import} (gnutls_ocsp_resp_t @var{resp}, const gnutls_datum_t * @var{data}) +@var{resp}: The data to store the parsed response. + +@var{data}: DER encoded OCSP response. + +This function will convert the given DER encoded OCSP response to +the native @code{gnutls_ocsp_resp_t} format. It also decodes the Basic +OCSP Response part, if any. The output will be stored in @code{resp} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_ocsp_resp_import.short b/doc/functions/gnutls_ocsp_resp_import.short new file mode 100644 index 0000000..9a6eaf4 --- /dev/null +++ b/doc/functions/gnutls_ocsp_resp_import.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_ocsp_resp_import} (gnutls_ocsp_resp_t @var{resp}, const gnutls_datum_t * @var{data}) diff --git a/doc/functions/gnutls_ocsp_resp_import2 b/doc/functions/gnutls_ocsp_resp_import2 new file mode 100644 index 0000000..10eed06 --- /dev/null +++ b/doc/functions/gnutls_ocsp_resp_import2 @@ -0,0 +1,20 @@ + + + + +@deftypefun {int} {gnutls_ocsp_resp_import2} (gnutls_ocsp_resp_t @var{resp}, const gnutls_datum_t * @var{data}, gnutls_x509_crt_fmt_t @var{fmt}) +@var{resp}: The data to store the parsed response. + +@var{data}: DER or PEM encoded OCSP response. + +@var{fmt}: DER or PEM + +This function will convert the given OCSP response to +the native @code{gnutls_ocsp_resp_t} format. It also decodes the Basic +OCSP Response part, if any. The output will be stored in @code{resp} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.6.3 +@end deftypefun diff --git a/doc/functions/gnutls_ocsp_resp_import2.short b/doc/functions/gnutls_ocsp_resp_import2.short new file mode 100644 index 0000000..161c140 --- /dev/null +++ b/doc/functions/gnutls_ocsp_resp_import2.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_ocsp_resp_import2} (gnutls_ocsp_resp_t @var{resp}, const gnutls_datum_t * @var{data}, gnutls_x509_crt_fmt_t @var{fmt}) diff --git a/doc/functions/gnutls_ocsp_resp_init b/doc/functions/gnutls_ocsp_resp_init new file mode 100644 index 0000000..928ae39 --- /dev/null +++ b/doc/functions/gnutls_ocsp_resp_init @@ -0,0 +1,12 @@ + + + + +@deftypefun {int} {gnutls_ocsp_resp_init} (gnutls_ocsp_resp_t * @var{resp}) +@var{resp}: A pointer to the type to be initialized + +This function will initialize an OCSP response structure. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_ocsp_resp_init.short b/doc/functions/gnutls_ocsp_resp_init.short new file mode 100644 index 0000000..d468f82 --- /dev/null +++ b/doc/functions/gnutls_ocsp_resp_init.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_ocsp_resp_init} (gnutls_ocsp_resp_t * @var{resp}) diff --git a/doc/functions/gnutls_ocsp_resp_list_import2 b/doc/functions/gnutls_ocsp_resp_list_import2 new file mode 100644 index 0000000..5247172 --- /dev/null +++ b/doc/functions/gnutls_ocsp_resp_list_import2 @@ -0,0 +1,31 @@ + + + + +@deftypefun {int} {gnutls_ocsp_resp_list_import2} (gnutls_ocsp_resp_t ** @var{ocsps}, unsigned int * @var{size}, const gnutls_datum_t * @var{resp_data}, gnutls_x509_crt_fmt_t @var{format}, unsigned int @var{flags}) +@var{ocsps}: Will hold the parsed OCSP response list. + +@var{size}: It will contain the size of the list. + +@var{resp_data}: The PEM encoded OCSP list. + +@var{format}: One of @code{GNUTLS_X509_FMT_PEM} or @code{GNUTLS_X509_FMT_DER} + +@var{flags}: must be (0) or an OR'd sequence of gnutls_certificate_import_flags. + +This function will convert the given PEM encoded OCSP response list +to the native gnutls_ocsp_resp_t format. The output will be stored +in @code{ocsps} which will be allocated and initialized. + +The OCSP responses should have a header of "OCSP RESPONSE". + +To deinitialize responses, you need to deinitialize each @code{gnutls_ocsp_resp_t} +structure independently, and use @code{gnutls_free()} at @code{ocsps} . + +In PEM files, when no OCSP responses are detected +@code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} will be returned. + +@strong{Returns:} the number of responses read or a negative error value. + +@strong{Since:} 3.6.3 +@end deftypefun diff --git a/doc/functions/gnutls_ocsp_resp_list_import2.short b/doc/functions/gnutls_ocsp_resp_list_import2.short new file mode 100644 index 0000000..95f5bed --- /dev/null +++ b/doc/functions/gnutls_ocsp_resp_list_import2.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_ocsp_resp_list_import2} (gnutls_ocsp_resp_t ** @var{ocsps}, unsigned int * @var{size}, const gnutls_datum_t * @var{resp_data}, gnutls_x509_crt_fmt_t @var{format}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_ocsp_resp_print b/doc/functions/gnutls_ocsp_resp_print new file mode 100644 index 0000000..d0265c6 --- /dev/null +++ b/doc/functions/gnutls_ocsp_resp_print @@ -0,0 +1,22 @@ + + + + +@deftypefun {int} {gnutls_ocsp_resp_print} (gnutls_ocsp_resp_t @var{resp}, gnutls_ocsp_print_formats_t @var{format}, gnutls_datum_t * @var{out}) +@var{resp}: The data to be printed + +@var{format}: Indicate the format to use + +@var{out}: Newly allocated datum with (0) terminated string. + +This function will pretty print a OCSP response, suitable for +display to a human. + +If the format is @code{GNUTLS_OCSP_PRINT_FULL} then all fields of the +response will be output, on multiple lines. + +The output @code{out} ->data needs to be deallocate using @code{gnutls_free()} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_ocsp_resp_print.short b/doc/functions/gnutls_ocsp_resp_print.short new file mode 100644 index 0000000..4ee9071 --- /dev/null +++ b/doc/functions/gnutls_ocsp_resp_print.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_ocsp_resp_print} (gnutls_ocsp_resp_t @var{resp}, gnutls_ocsp_print_formats_t @var{format}, gnutls_datum_t * @var{out}) diff --git a/doc/functions/gnutls_ocsp_resp_verify b/doc/functions/gnutls_ocsp_resp_verify new file mode 100644 index 0000000..1f9aa1f --- /dev/null +++ b/doc/functions/gnutls_ocsp_resp_verify @@ -0,0 +1,35 @@ + + + + +@deftypefun {int} {gnutls_ocsp_resp_verify} (gnutls_ocsp_resp_t @var{resp}, gnutls_x509_trust_list_t @var{trustlist}, unsigned int * @var{verify}, unsigned int @var{flags}) +@var{resp}: should contain a @code{gnutls_ocsp_resp_t} type + +@var{trustlist}: trust anchors as a @code{gnutls_x509_trust_list_t} type + +@var{verify}: output variable with verification status, an @code{gnutls_ocsp_verify_reason_t} + +@var{flags}: verification flags from @code{gnutls_certificate_verify_flags} + +Verify signature of the Basic OCSP Response against the public key +in the certificate of a trusted signer. The @code{trustlist} should be +populated with trust anchors. The function will extract the signer +certificate from the Basic OCSP Response and will verify it against +the @code{trustlist} . A trusted signer is a certificate that is either +in @code{trustlist} , or it is signed directly by a certificate in + @code{trustlist} and has the id-ad-ocspSigning Extended Key Usage bit +set. + +The output @code{verify} variable will hold verification status codes +(e.g., @code{GNUTLS_OCSP_VERIFY_SIGNER_NOT_FOUND} , +@code{GNUTLS_OCSP_VERIFY_INSECURE_ALGORITHM} ) which are only valid if the +function returned @code{GNUTLS_E_SUCCESS} . + +Note that the function returns @code{GNUTLS_E_SUCCESS} even when +verification failed. The caller must always inspect the @code{verify} variable to find out the verification status. + +The @code{flags} variable should be 0 for now. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_ocsp_resp_verify.short b/doc/functions/gnutls_ocsp_resp_verify.short new file mode 100644 index 0000000..d32ab03 --- /dev/null +++ b/doc/functions/gnutls_ocsp_resp_verify.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_ocsp_resp_verify} (gnutls_ocsp_resp_t @var{resp}, gnutls_x509_trust_list_t @var{trustlist}, unsigned int * @var{verify}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_ocsp_resp_verify_direct b/doc/functions/gnutls_ocsp_resp_verify_direct new file mode 100644 index 0000000..54c216d --- /dev/null +++ b/doc/functions/gnutls_ocsp_resp_verify_direct @@ -0,0 +1,29 @@ + + + + +@deftypefun {int} {gnutls_ocsp_resp_verify_direct} (gnutls_ocsp_resp_t @var{resp}, gnutls_x509_crt_t @var{issuer}, unsigned int * @var{verify}, unsigned int @var{flags}) +@var{resp}: should contain a @code{gnutls_ocsp_resp_t} type + +@var{issuer}: certificate believed to have signed the response + +@var{verify}: output variable with verification status, an @code{gnutls_ocsp_verify_reason_t} + +@var{flags}: verification flags from @code{gnutls_certificate_verify_flags} + +Verify signature of the Basic OCSP Response against the public key +in the @code{issuer} certificate. + +The output @code{verify} variable will hold verification status codes +(e.g., @code{GNUTLS_OCSP_VERIFY_SIGNER_NOT_FOUND} , +@code{GNUTLS_OCSP_VERIFY_INSECURE_ALGORITHM} ) which are only valid if the +function returned @code{GNUTLS_E_SUCCESS} . + +Note that the function returns @code{GNUTLS_E_SUCCESS} even when +verification failed. The caller must always inspect the @code{verify} variable to find out the verification status. + +The @code{flags} variable should be 0 for now. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_ocsp_resp_verify_direct.short b/doc/functions/gnutls_ocsp_resp_verify_direct.short new file mode 100644 index 0000000..6d4c101 --- /dev/null +++ b/doc/functions/gnutls_ocsp_resp_verify_direct.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_ocsp_resp_verify_direct} (gnutls_ocsp_resp_t @var{resp}, gnutls_x509_crt_t @var{issuer}, unsigned int * @var{verify}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_ocsp_status_request_enable_client b/doc/functions/gnutls_ocsp_status_request_enable_client new file mode 100644 index 0000000..62ac742 --- /dev/null +++ b/doc/functions/gnutls_ocsp_status_request_enable_client @@ -0,0 +1,27 @@ + + + + +@deftypefun {int} {gnutls_ocsp_status_request_enable_client} (gnutls_session_t @var{session}, gnutls_datum_t * @var{responder_id}, size_t @var{responder_id_size}, gnutls_datum_t * @var{extensions}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{responder_id}: ignored, must be @code{NULL} + +@var{responder_id_size}: ignored, must be zero + +@var{extensions}: ignored, must be @code{NULL} + +This function is to be used by clients to request OCSP response +from the server, using the "status_request" TLS extension. Only +OCSP status type is supported. + +Previous versions of GnuTLS supported setting @code{responder_id} and + @code{extensions} fields, but due to the difficult semantics of the +parameter usage, and other issues, this support was removed +since 3.6.0 and these parameters must be set to @code{NULL} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, +otherwise a negative error code is returned. + +@strong{Since:} 3.1.3 +@end deftypefun diff --git a/doc/functions/gnutls_ocsp_status_request_enable_client.short b/doc/functions/gnutls_ocsp_status_request_enable_client.short new file mode 100644 index 0000000..bf44972 --- /dev/null +++ b/doc/functions/gnutls_ocsp_status_request_enable_client.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_ocsp_status_request_enable_client} (gnutls_session_t @var{session}, gnutls_datum_t * @var{responder_id}, size_t @var{responder_id_size}, gnutls_datum_t * @var{extensions}) diff --git a/doc/functions/gnutls_ocsp_status_request_get b/doc/functions/gnutls_ocsp_status_request_get new file mode 100644 index 0000000..4017217 --- /dev/null +++ b/doc/functions/gnutls_ocsp_status_request_get @@ -0,0 +1,19 @@ + + + + +@deftypefun {int} {gnutls_ocsp_status_request_get} (gnutls_session_t @var{session}, gnutls_datum_t * @var{response}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{response}: a @code{gnutls_datum_t} with DER encoded OCSP response + +This function returns the OCSP status response received +from the TLS server. The @code{response} should be treated as +constant. If no OCSP response is available then +@code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} is returned. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, +otherwise a negative error code is returned. + +@strong{Since:} 3.1.3 +@end deftypefun diff --git a/doc/functions/gnutls_ocsp_status_request_get.short b/doc/functions/gnutls_ocsp_status_request_get.short new file mode 100644 index 0000000..505dfdf --- /dev/null +++ b/doc/functions/gnutls_ocsp_status_request_get.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_ocsp_status_request_get} (gnutls_session_t @var{session}, gnutls_datum_t * @var{response}) diff --git a/doc/functions/gnutls_ocsp_status_request_get2 b/doc/functions/gnutls_ocsp_status_request_get2 new file mode 100644 index 0000000..b9ed173 --- /dev/null +++ b/doc/functions/gnutls_ocsp_status_request_get2 @@ -0,0 +1,27 @@ + + + + +@deftypefun {int} {gnutls_ocsp_status_request_get2} (gnutls_session_t @var{session}, unsigned @var{idx}, gnutls_datum_t * @var{response}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{idx}: the index of peer's certificate + +@var{response}: a @code{gnutls_datum_t} with DER encoded OCSP response + +This function returns the OCSP status response received +from the TLS server for the certificate index provided. +The index corresponds to certificates as returned by +gnutls_certificate_get_peers. When index is zero this +function operates identically to @code{gnutls_ocsp_status_request_get()} . + +The returned @code{response} should be treated as +constant. If no OCSP response is available for the +given index then @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} +is returned. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, +otherwise a negative error code is returned. + +@strong{Since:} 3.6.3 +@end deftypefun diff --git a/doc/functions/gnutls_ocsp_status_request_get2.short b/doc/functions/gnutls_ocsp_status_request_get2.short new file mode 100644 index 0000000..f82e23f --- /dev/null +++ b/doc/functions/gnutls_ocsp_status_request_get2.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_ocsp_status_request_get2} (gnutls_session_t @var{session}, unsigned @var{idx}, gnutls_datum_t * @var{response}) diff --git a/doc/functions/gnutls_ocsp_status_request_is_checked b/doc/functions/gnutls_ocsp_status_request_is_checked new file mode 100644 index 0000000..2f89d22 --- /dev/null +++ b/doc/functions/gnutls_ocsp_status_request_is_checked @@ -0,0 +1,27 @@ + + + + +@deftypefun {int} {gnutls_ocsp_status_request_is_checked} (gnutls_session_t @var{session}, unsigned int @var{flags}) +@var{session}: is a gnutls session + +@var{flags}: should be zero or @code{GNUTLS_OCSP_SR_IS_AVAIL} + +When flags are zero this function returns non-zero if a valid OCSP status +response was included in the TLS handshake. That is, an OCSP status response +which is not too old or superseded. It returns zero otherwise. + +When the flag @code{GNUTLS_OCSP_SR_IS_AVAIL} is specified, the function +returns non-zero if an OCSP status response was included in the handshake +even if it was invalid. Otherwise, if no OCSP status response was included, +it returns zero. The @code{GNUTLS_OCSP_SR_IS_AVAIL} flag was introduced in GnuTLS 3.4.0. + +This is a helper function when needing to decide whether to perform an +explicit OCSP validity check on the peer's certificate. Should be called after +any of gnutls_certificate_verify_peers*() are called. + +@strong{Returns:} non zero if the response was valid, or a zero if it wasn't sent, +or sent and was invalid. + +@strong{Since:} 3.1.4 +@end deftypefun diff --git a/doc/functions/gnutls_ocsp_status_request_is_checked.short b/doc/functions/gnutls_ocsp_status_request_is_checked.short new file mode 100644 index 0000000..bb33234 --- /dev/null +++ b/doc/functions/gnutls_ocsp_status_request_is_checked.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_ocsp_status_request_is_checked} (gnutls_session_t @var{session}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_oid_to_digest b/doc/functions/gnutls_oid_to_digest new file mode 100644 index 0000000..9ac2809 --- /dev/null +++ b/doc/functions/gnutls_oid_to_digest @@ -0,0 +1,14 @@ + + + + +@deftypefun {gnutls_digest_algorithm_t} {gnutls_oid_to_digest} (const char * @var{oid}) +@var{oid}: is an object identifier + +Converts a textual object identifier to a @code{gnutls_digest_algorithm_t} value. + +@strong{Returns:} a @code{gnutls_digest_algorithm_t} id of the specified digest +algorithm, or @code{GNUTLS_DIG_UNKNOWN} on failure. + +@strong{Since:} 3.4.3 +@end deftypefun diff --git a/doc/functions/gnutls_oid_to_digest.short b/doc/functions/gnutls_oid_to_digest.short new file mode 100644 index 0000000..ad6e948 --- /dev/null +++ b/doc/functions/gnutls_oid_to_digest.short @@ -0,0 +1 @@ +@item @var{gnutls_digest_algorithm_t} @ref{gnutls_oid_to_digest} (const char * @var{oid}) diff --git a/doc/functions/gnutls_oid_to_ecc_curve b/doc/functions/gnutls_oid_to_ecc_curve new file mode 100644 index 0000000..e5baf3c --- /dev/null +++ b/doc/functions/gnutls_oid_to_ecc_curve @@ -0,0 +1,13 @@ + + + + +@deftypefun {gnutls_ecc_curve_t} {gnutls_oid_to_ecc_curve} (const char * @var{oid}) +@var{oid}: is a curve's OID + + +@strong{Returns:} return a @code{gnutls_ecc_curve_t} value corresponding to +the specified OID, or @code{GNUTLS_ECC_CURVE_INVALID} on error. + +@strong{Since:} 3.4.3 +@end deftypefun diff --git a/doc/functions/gnutls_oid_to_ecc_curve.short b/doc/functions/gnutls_oid_to_ecc_curve.short new file mode 100644 index 0000000..1c5072b --- /dev/null +++ b/doc/functions/gnutls_oid_to_ecc_curve.short @@ -0,0 +1 @@ +@item @var{gnutls_ecc_curve_t} @ref{gnutls_oid_to_ecc_curve} (const char * @var{oid}) diff --git a/doc/functions/gnutls_oid_to_gost_paramset b/doc/functions/gnutls_oid_to_gost_paramset new file mode 100644 index 0000000..e60121e --- /dev/null +++ b/doc/functions/gnutls_oid_to_gost_paramset @@ -0,0 +1,14 @@ + + + + +@deftypefun {gnutls_gost_paramset_t} {gnutls_oid_to_gost_paramset} (const char * @var{oid}) +@var{oid}: is an object identifier + +Converts a textual object identifier to a @code{gnutls_gost_paramset_t} value. + +@strong{Returns:} a @code{gnutls_gost_paramset_get_oid} of the specified GOST 28147 +param st, or @code{GNUTLS_GOST_PARAMSET_UNKNOWN} on failure. + +@strong{Since:} 3.6.3 +@end deftypefun diff --git a/doc/functions/gnutls_oid_to_gost_paramset.short b/doc/functions/gnutls_oid_to_gost_paramset.short new file mode 100644 index 0000000..9945944 --- /dev/null +++ b/doc/functions/gnutls_oid_to_gost_paramset.short @@ -0,0 +1 @@ +@item @var{gnutls_gost_paramset_t} @ref{gnutls_oid_to_gost_paramset} (const char * @var{oid}) diff --git a/doc/functions/gnutls_oid_to_mac b/doc/functions/gnutls_oid_to_mac new file mode 100644 index 0000000..af2e664 --- /dev/null +++ b/doc/functions/gnutls_oid_to_mac @@ -0,0 +1,14 @@ + + + + +@deftypefun {gnutls_mac_algorithm_t} {gnutls_oid_to_mac} (const char * @var{oid}) +@var{oid}: is an object identifier + +Converts a textual object identifier typically from PKCS@code{5} values to a @code{gnutls_mac_algorithm_t} value. + +@strong{Returns:} a @code{gnutls_mac_algorithm_t} id of the specified digest +algorithm, or @code{GNUTLS_MAC_UNKNOWN} on failure. + +@strong{Since:} 3.5.4 +@end deftypefun diff --git a/doc/functions/gnutls_oid_to_mac.short b/doc/functions/gnutls_oid_to_mac.short new file mode 100644 index 0000000..339688d --- /dev/null +++ b/doc/functions/gnutls_oid_to_mac.short @@ -0,0 +1 @@ +@item @var{gnutls_mac_algorithm_t} @ref{gnutls_oid_to_mac} (const char * @var{oid}) diff --git a/doc/functions/gnutls_oid_to_pk b/doc/functions/gnutls_oid_to_pk new file mode 100644 index 0000000..5bcf3de --- /dev/null +++ b/doc/functions/gnutls_oid_to_pk @@ -0,0 +1,14 @@ + + + + +@deftypefun {gnutls_pk_algorithm_t} {gnutls_oid_to_pk} (const char * @var{oid}) +@var{oid}: is an object identifier + +Converts a textual object identifier to a @code{gnutls_pk_algorithm_t} value. + +@strong{Returns:} a @code{gnutls_pk_algorithm_t} id of the specified digest +algorithm, or @code{GNUTLS_PK_UNKNOWN} on failure. + +@strong{Since:} 3.4.3 +@end deftypefun diff --git a/doc/functions/gnutls_oid_to_pk.short b/doc/functions/gnutls_oid_to_pk.short new file mode 100644 index 0000000..f8c2fcf --- /dev/null +++ b/doc/functions/gnutls_oid_to_pk.short @@ -0,0 +1 @@ +@item @var{gnutls_pk_algorithm_t} @ref{gnutls_oid_to_pk} (const char * @var{oid}) diff --git a/doc/functions/gnutls_oid_to_sign b/doc/functions/gnutls_oid_to_sign new file mode 100644 index 0000000..4d3b4b3 --- /dev/null +++ b/doc/functions/gnutls_oid_to_sign @@ -0,0 +1,14 @@ + + + + +@deftypefun {gnutls_sign_algorithm_t} {gnutls_oid_to_sign} (const char * @var{oid}) +@var{oid}: is an object identifier + +Converts a textual object identifier to a @code{gnutls_sign_algorithm_t} value. + +@strong{Returns:} a @code{gnutls_sign_algorithm_t} id of the specified digest +algorithm, or @code{GNUTLS_SIGN_UNKNOWN} on failure. + +@strong{Since:} 3.4.3 +@end deftypefun diff --git a/doc/functions/gnutls_oid_to_sign.short b/doc/functions/gnutls_oid_to_sign.short new file mode 100644 index 0000000..11cf76b --- /dev/null +++ b/doc/functions/gnutls_oid_to_sign.short @@ -0,0 +1 @@ +@item @var{gnutls_sign_algorithm_t} @ref{gnutls_oid_to_sign} (const char * @var{oid}) diff --git a/doc/functions/gnutls_openpgp_privkey_sign_hash b/doc/functions/gnutls_openpgp_privkey_sign_hash new file mode 100644 index 0000000..030d475 --- /dev/null +++ b/doc/functions/gnutls_openpgp_privkey_sign_hash @@ -0,0 +1,15 @@ + + + + +@deftypefun {int} {gnutls_openpgp_privkey_sign_hash} (gnutls_openpgp_privkey_t @var{key}, const gnutls_datum_t * @var{hash}, gnutls_datum_t * @var{signature}) +@var{key}: Holds the key + +@var{hash}: holds the data to be signed + +@var{signature}: will contain newly allocated signature + +This function is no-op. + +@strong{Returns:} @code{GNUTLS_E_UNIMPLEMENTED_FEATURE} . +@end deftypefun diff --git a/doc/functions/gnutls_openpgp_privkey_sign_hash.short b/doc/functions/gnutls_openpgp_privkey_sign_hash.short new file mode 100644 index 0000000..df6c540 --- /dev/null +++ b/doc/functions/gnutls_openpgp_privkey_sign_hash.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_openpgp_privkey_sign_hash} (gnutls_openpgp_privkey_t @var{key}, const gnutls_datum_t * @var{hash}, gnutls_datum_t * @var{signature}) diff --git a/doc/functions/gnutls_openpgp_send_cert b/doc/functions/gnutls_openpgp_send_cert new file mode 100644 index 0000000..7d1b8db --- /dev/null +++ b/doc/functions/gnutls_openpgp_send_cert @@ -0,0 +1,13 @@ + + + + +@deftypefun {void} {gnutls_openpgp_send_cert} (gnutls_session_t @var{session}, gnutls_openpgp_crt_status_t @var{status}) +@var{session}: is a gnutls session + +@var{status}: is ignored + +This function is no-op. + +@strong{Returns:} @code{GNUTLS_E_UNIMPLEMENTED_FEATURE} . +@end deftypefun diff --git a/doc/functions/gnutls_openpgp_send_cert.short b/doc/functions/gnutls_openpgp_send_cert.short new file mode 100644 index 0000000..16b2ba3 --- /dev/null +++ b/doc/functions/gnutls_openpgp_send_cert.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_openpgp_send_cert} (gnutls_session_t @var{session}, gnutls_openpgp_crt_status_t @var{status}) diff --git a/doc/functions/gnutls_packet_deinit b/doc/functions/gnutls_packet_deinit new file mode 100644 index 0000000..bde7f18 --- /dev/null +++ b/doc/functions/gnutls_packet_deinit @@ -0,0 +1,12 @@ + + + + +@deftypefun {void} {gnutls_packet_deinit} (gnutls_packet_t @var{packet}) +@var{packet}: is a pointer to a @code{gnutls_packet_st} structure. + +This function will deinitialize all data associated with +the received packet. + +@strong{Since:} 3.3.5 +@end deftypefun diff --git a/doc/functions/gnutls_packet_deinit.short b/doc/functions/gnutls_packet_deinit.short new file mode 100644 index 0000000..9cdee63 --- /dev/null +++ b/doc/functions/gnutls_packet_deinit.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_packet_deinit} (gnutls_packet_t @var{packet}) diff --git a/doc/functions/gnutls_packet_get b/doc/functions/gnutls_packet_get new file mode 100644 index 0000000..8621d8e --- /dev/null +++ b/doc/functions/gnutls_packet_get @@ -0,0 +1,16 @@ + + + + +@deftypefun {void} {gnutls_packet_get} (gnutls_packet_t @var{packet}, gnutls_datum_t * @var{data}, unsigned char * @var{sequence}) +@var{packet}: is a @code{gnutls_packet_t} type. + +@var{data}: will contain the data present in the @code{packet} structure (may be @code{NULL} ) + +@var{sequence}: the 8-bytes of the packet sequence number (may be @code{NULL} ) + +This function returns the data and sequence number associated with +the received packet. + +@strong{Since:} 3.3.5 +@end deftypefun diff --git a/doc/functions/gnutls_packet_get.short b/doc/functions/gnutls_packet_get.short new file mode 100644 index 0000000..97d6042 --- /dev/null +++ b/doc/functions/gnutls_packet_get.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_packet_get} (gnutls_packet_t @var{packet}, gnutls_datum_t * @var{data}, unsigned char * @var{sequence}) diff --git a/doc/functions/gnutls_pcert_deinit b/doc/functions/gnutls_pcert_deinit new file mode 100644 index 0000000..212a779 --- /dev/null +++ b/doc/functions/gnutls_pcert_deinit @@ -0,0 +1,11 @@ + + + + +@deftypefun {void} {gnutls_pcert_deinit} (gnutls_pcert_st * @var{pcert}) +@var{pcert}: The structure to be deinitialized + +This function will deinitialize a pcert structure. + +@strong{Since:} 3.0 +@end deftypefun diff --git a/doc/functions/gnutls_pcert_deinit.short b/doc/functions/gnutls_pcert_deinit.short new file mode 100644 index 0000000..93dc631 --- /dev/null +++ b/doc/functions/gnutls_pcert_deinit.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_pcert_deinit} (gnutls_pcert_st * @var{pcert}) diff --git a/doc/functions/gnutls_pcert_export_openpgp b/doc/functions/gnutls_pcert_export_openpgp new file mode 100644 index 0000000..a59289b --- /dev/null +++ b/doc/functions/gnutls_pcert_export_openpgp @@ -0,0 +1,15 @@ + + + + +@deftypefun {int} {gnutls_pcert_export_openpgp} (gnutls_pcert_st * @var{pcert}, gnutls_openpgp_crt_t * @var{crt}) +@var{pcert}: The pcert structure. + +@var{crt}: An initialized @code{gnutls_openpgp_crt_t} . + +This function is no-op. + +@strong{Returns:} @code{GNUTLS_E_UNIMPLEMENTED_FEATURE} . + +@strong{Since:} 3.4.0 +@end deftypefun diff --git a/doc/functions/gnutls_pcert_export_openpgp.short b/doc/functions/gnutls_pcert_export_openpgp.short new file mode 100644 index 0000000..6832d59 --- /dev/null +++ b/doc/functions/gnutls_pcert_export_openpgp.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pcert_export_openpgp} (gnutls_pcert_st * @var{pcert}, gnutls_openpgp_crt_t * @var{crt}) diff --git a/doc/functions/gnutls_pcert_export_x509 b/doc/functions/gnutls_pcert_export_x509 new file mode 100644 index 0000000..ef043df --- /dev/null +++ b/doc/functions/gnutls_pcert_export_x509 @@ -0,0 +1,19 @@ + + + + +@deftypefun {int} {gnutls_pcert_export_x509} (gnutls_pcert_st * @var{pcert}, gnutls_x509_crt_t * @var{crt}) +@var{pcert}: The pcert structure. + +@var{crt}: An initialized @code{gnutls_x509_crt_t} . + +Converts the given @code{gnutls_pcert_t} type into a @code{gnutls_x509_crt_t} . +This function only works if the type of @code{pcert} is @code{GNUTLS_CRT_X509} . +When successful, the value written to @code{crt} must be freed with +@code{gnutls_x509_crt_deinit()} when no longer needed. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.4.0 +@end deftypefun diff --git a/doc/functions/gnutls_pcert_export_x509.short b/doc/functions/gnutls_pcert_export_x509.short new file mode 100644 index 0000000..2a38cd4 --- /dev/null +++ b/doc/functions/gnutls_pcert_export_x509.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pcert_export_x509} (gnutls_pcert_st * @var{pcert}, gnutls_x509_crt_t * @var{crt}) diff --git a/doc/functions/gnutls_pcert_import_openpgp b/doc/functions/gnutls_pcert_import_openpgp new file mode 100644 index 0000000..d559749 --- /dev/null +++ b/doc/functions/gnutls_pcert_import_openpgp @@ -0,0 +1,17 @@ + + + + +@deftypefun {int} {gnutls_pcert_import_openpgp} (gnutls_pcert_st * @var{pcert}, gnutls_openpgp_crt_t @var{crt}, unsigned int @var{flags}) +@var{pcert}: The pcert structure + +@var{crt}: The raw certificate to be imported + +@var{flags}: zero for now + +This function is no-op. + +@strong{Returns:} @code{GNUTLS_E_UNIMPLEMENTED_FEATURE} . + +@strong{Since:} 3.0 +@end deftypefun diff --git a/doc/functions/gnutls_pcert_import_openpgp.short b/doc/functions/gnutls_pcert_import_openpgp.short new file mode 100644 index 0000000..45ed274 --- /dev/null +++ b/doc/functions/gnutls_pcert_import_openpgp.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pcert_import_openpgp} (gnutls_pcert_st * @var{pcert}, gnutls_openpgp_crt_t @var{crt}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_pcert_import_openpgp_raw b/doc/functions/gnutls_pcert_import_openpgp_raw new file mode 100644 index 0000000..f0d0880 --- /dev/null +++ b/doc/functions/gnutls_pcert_import_openpgp_raw @@ -0,0 +1,21 @@ + + + + +@deftypefun {int} {gnutls_pcert_import_openpgp_raw} (gnutls_pcert_st * @var{pcert}, const gnutls_datum_t * @var{cert}, gnutls_openpgp_crt_fmt_t @var{format}, gnutls_openpgp_keyid_t @var{keyid}, unsigned int @var{flags}) +@var{pcert}: The pcert structure + +@var{cert}: The raw certificate to be imported + +@var{format}: The format of the certificate + +@var{keyid}: The key ID to use (NULL for the master key) + +@var{flags}: zero for now + +This function is no-op. + +@strong{Returns:} @code{GNUTLS_E_UNIMPLEMENTED_FEATURE} . + +@strong{Since:} 3.0 +@end deftypefun diff --git a/doc/functions/gnutls_pcert_import_openpgp_raw.short b/doc/functions/gnutls_pcert_import_openpgp_raw.short new file mode 100644 index 0000000..c5074d6 --- /dev/null +++ b/doc/functions/gnutls_pcert_import_openpgp_raw.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pcert_import_openpgp_raw} (gnutls_pcert_st * @var{pcert}, const gnutls_datum_t * @var{cert}, gnutls_openpgp_crt_fmt_t @var{format}, gnutls_openpgp_keyid_t @var{keyid}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_pcert_import_rawpk b/doc/functions/gnutls_pcert_import_rawpk new file mode 100644 index 0000000..9ca3326 --- /dev/null +++ b/doc/functions/gnutls_pcert_import_rawpk @@ -0,0 +1,22 @@ + + + + +@deftypefun {int} {gnutls_pcert_import_rawpk} (gnutls_pcert_st* @var{pcert}, gnutls_pubkey_t @var{pubkey}, unsigned int @var{flags}) +@var{pcert}: The pcert structure to import the data into. + +@var{pubkey}: The raw public-key in @code{gnutls_pubkey_t} format to be imported + +@var{flags}: zero for now + +This convenience function will import (i.e. convert) the given raw +public key @code{pubkey} into a @code{gnutls_pcert_st} structure. The structure +must be deinitialized afterwards using @code{gnutls_pcert_deinit()} . The +given @code{pubkey} must not be deinitialized because it will be associated +with the given @code{pcert} structure and will be deinitialized with it. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.6.6 +@end deftypefun diff --git a/doc/functions/gnutls_pcert_import_rawpk.short b/doc/functions/gnutls_pcert_import_rawpk.short new file mode 100644 index 0000000..7731e00 --- /dev/null +++ b/doc/functions/gnutls_pcert_import_rawpk.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pcert_import_rawpk} (gnutls_pcert_st* @var{pcert}, gnutls_pubkey_t @var{pubkey}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_pcert_import_rawpk_raw b/doc/functions/gnutls_pcert_import_rawpk_raw new file mode 100644 index 0000000..61b498c --- /dev/null +++ b/doc/functions/gnutls_pcert_import_rawpk_raw @@ -0,0 +1,30 @@ + + + + +@deftypefun {int} {gnutls_pcert_import_rawpk_raw} (gnutls_pcert_st* @var{pcert}, const gnutls_datum_t* @var{rawpubkey}, gnutls_x509_crt_fmt_t @var{format}, unsigned int @var{key_usage}, unsigned int @var{flags}) +@var{pcert}: The pcert structure to import the data into. + +@var{rawpubkey}: The raw public-key in @code{gnutls_datum_t} format to be imported. + +@var{format}: The format of the raw public-key. DER or PEM. + +@var{key_usage}: An ORed sequence of @code{GNUTLS_KEY_} * flags. + +@var{flags}: zero for now + +This convenience function will import (i.e. convert) the given raw +public key @code{rawpubkey} into a @code{gnutls_pcert_st} structure. The structure +must be deinitialized afterwards using @code{gnutls_pcert_deinit()} . +Note that the caller is responsible for freeing @code{rawpubkey} . All necessary +values will be copied into @code{pcert} . + +Key usage (as defined by X.509 extension (2.5.29.15)) can be explicitly +set because there is no certificate structure around the key to define +this value. See for more info @code{gnutls_x509_crt_get_key_usage()} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.6.6 +@end deftypefun diff --git a/doc/functions/gnutls_pcert_import_rawpk_raw.short b/doc/functions/gnutls_pcert_import_rawpk_raw.short new file mode 100644 index 0000000..7ba384e --- /dev/null +++ b/doc/functions/gnutls_pcert_import_rawpk_raw.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pcert_import_rawpk_raw} (gnutls_pcert_st* @var{pcert}, const gnutls_datum_t* @var{rawpubkey}, gnutls_x509_crt_fmt_t @var{format}, unsigned int @var{key_usage}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_pcert_import_x509 b/doc/functions/gnutls_pcert_import_x509 new file mode 100644 index 0000000..0e45e9e --- /dev/null +++ b/doc/functions/gnutls_pcert_import_x509 @@ -0,0 +1,20 @@ + + + + +@deftypefun {int} {gnutls_pcert_import_x509} (gnutls_pcert_st * @var{pcert}, gnutls_x509_crt_t @var{crt}, unsigned int @var{flags}) +@var{pcert}: The pcert structure + +@var{crt}: The certificate to be imported + +@var{flags}: zero for now + +This convenience function will import the given certificate to a +@code{gnutls_pcert_st} structure. The structure must be deinitialized +afterwards using @code{gnutls_pcert_deinit()} ; + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.0 +@end deftypefun diff --git a/doc/functions/gnutls_pcert_import_x509.short b/doc/functions/gnutls_pcert_import_x509.short new file mode 100644 index 0000000..91fc8c6 --- /dev/null +++ b/doc/functions/gnutls_pcert_import_x509.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pcert_import_x509} (gnutls_pcert_st * @var{pcert}, gnutls_x509_crt_t @var{crt}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_pcert_import_x509_list b/doc/functions/gnutls_pcert_import_x509_list new file mode 100644 index 0000000..64e982c --- /dev/null +++ b/doc/functions/gnutls_pcert_import_x509_list @@ -0,0 +1,27 @@ + + + + +@deftypefun {int} {gnutls_pcert_import_x509_list} (gnutls_pcert_st * @var{pcert_list}, gnutls_x509_crt_t * @var{crt}, unsigned * @var{ncrt}, unsigned int @var{flags}) +@var{pcert_list}: The structures to store the certificates; must not contain initialized @code{gnutls_pcert_st} structures. + +@var{crt}: The certificates to be imported + +@var{ncrt}: The number of certificates in @code{crt} ; will be updated if necessary + +@var{flags}: zero or @code{GNUTLS_X509_CRT_LIST_SORT} + +This convenience function will import the given certificates to an +already allocated set of @code{gnutls_pcert_st} structures. The structures must +be deinitialized afterwards using @code{gnutls_pcert_deinit()} . @code{pcert_list} should contain space for at least @code{ncrt} elements. + +In the case @code{GNUTLS_X509_CRT_LIST_SORT} is specified and that +function cannot sort the list, @code{GNUTLS_E_CERTIFICATE_LIST_UNSORTED} +will be returned. Currently sorting can fail if the list size +exceeds an internal constraint (16). + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.4.0 +@end deftypefun diff --git a/doc/functions/gnutls_pcert_import_x509_list.short b/doc/functions/gnutls_pcert_import_x509_list.short new file mode 100644 index 0000000..88fbeb9 --- /dev/null +++ b/doc/functions/gnutls_pcert_import_x509_list.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pcert_import_x509_list} (gnutls_pcert_st * @var{pcert_list}, gnutls_x509_crt_t * @var{crt}, unsigned * @var{ncrt}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_pcert_import_x509_raw b/doc/functions/gnutls_pcert_import_x509_raw new file mode 100644 index 0000000..ccce2c6 --- /dev/null +++ b/doc/functions/gnutls_pcert_import_x509_raw @@ -0,0 +1,22 @@ + + + + +@deftypefun {int} {gnutls_pcert_import_x509_raw} (gnutls_pcert_st * @var{pcert}, const gnutls_datum_t * @var{cert}, gnutls_x509_crt_fmt_t @var{format}, unsigned int @var{flags}) +@var{pcert}: The pcert structure + +@var{cert}: The raw certificate to be imported + +@var{format}: The format of the certificate + +@var{flags}: zero for now + +This convenience function will import the given certificate to a +@code{gnutls_pcert_st} structure. The structure must be deinitialized +afterwards using @code{gnutls_pcert_deinit()} ; + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.0 +@end deftypefun diff --git a/doc/functions/gnutls_pcert_import_x509_raw.short b/doc/functions/gnutls_pcert_import_x509_raw.short new file mode 100644 index 0000000..af0123f --- /dev/null +++ b/doc/functions/gnutls_pcert_import_x509_raw.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pcert_import_x509_raw} (gnutls_pcert_st * @var{pcert}, const gnutls_datum_t * @var{cert}, gnutls_x509_crt_fmt_t @var{format}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_pcert_list_import_x509_file b/doc/functions/gnutls_pcert_list_import_x509_file new file mode 100644 index 0000000..16dfd29 --- /dev/null +++ b/doc/functions/gnutls_pcert_list_import_x509_file @@ -0,0 +1,31 @@ + + + + +@deftypefun {int} {gnutls_pcert_list_import_x509_file} (gnutls_pcert_st * @var{pcert_list}, unsigned * @var{pcert_list_size}, const char * @var{file}, gnutls_x509_crt_fmt_t @var{format}, gnutls_pin_callback_t @var{pin_fn}, void * @var{pin_fn_userdata}, unsigned int @var{flags}) +@var{pcert_list}: The structures to store the certificates; must not contain initialized @code{gnutls_pcert_st} structures. + +@var{pcert_list_size}: Initially must hold the maximum number of certs. It will be updated with the number of certs available. + +@var{file}: A file or supported URI with the certificates to load + +@var{format}: @code{GNUTLS_X509_FMT_DER} or @code{GNUTLS_X509_FMT_PEM} if a file is given + +@var{pin_fn}: a PIN callback if not globally set + +@var{pin_fn_userdata}: parameter for the PIN callback + +@var{flags}: zero or flags from @code{gnutls_certificate_import_flags} + +This convenience function will import a certificate chain from the given +file or supported URI to @code{gnutls_pcert_st} structures. The structures +must be deinitialized afterwards using @code{gnutls_pcert_deinit()} . + +This function will always return a sorted certificate chain. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value; if the @code{pcert} list doesn't have enough space +@code{GNUTLS_E_SHORT_MEMORY_BUFFER} will be returned. + +@strong{Since:} 3.6.3 +@end deftypefun diff --git a/doc/functions/gnutls_pcert_list_import_x509_file.short b/doc/functions/gnutls_pcert_list_import_x509_file.short new file mode 100644 index 0000000..d7d3526 --- /dev/null +++ b/doc/functions/gnutls_pcert_list_import_x509_file.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pcert_list_import_x509_file} (gnutls_pcert_st * @var{pcert_list}, unsigned * @var{pcert_list_size}, const char * @var{file}, gnutls_x509_crt_fmt_t @var{format}, gnutls_pin_callback_t @var{pin_fn}, void * @var{pin_fn_userdata}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_pcert_list_import_x509_raw b/doc/functions/gnutls_pcert_list_import_x509_raw new file mode 100644 index 0000000..fef525e --- /dev/null +++ b/doc/functions/gnutls_pcert_list_import_x509_raw @@ -0,0 +1,28 @@ + + + + +@deftypefun {int} {gnutls_pcert_list_import_x509_raw} (gnutls_pcert_st * @var{pcert_list}, unsigned int * @var{pcert_list_size}, const gnutls_datum_t * @var{data}, gnutls_x509_crt_fmt_t @var{format}, unsigned int @var{flags}) +@var{pcert_list}: The structures to store the certificates; must not contain initialized @code{gnutls_pcert_st} structures. + +@var{pcert_list_size}: Initially must hold the maximum number of certs. It will be updated with the number of certs available. + +@var{data}: The certificates. + +@var{format}: One of DER or PEM. + +@var{flags}: must be (0) or an OR'd sequence of gnutls_certificate_import_flags. + +This function will import the provided DER or PEM encoded certificates to an +already allocated set of @code{gnutls_pcert_st} structures. The structures must +be deinitialized afterwards using @code{gnutls_pcert_deinit()} . @code{pcert_list} should contain space for at least @code{pcert_list_size} elements. + +If the Certificate is PEM encoded it should have a header of "X509 +CERTIFICATE", or "CERTIFICATE". + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value; if the @code{pcert} list doesn't have enough space +@code{GNUTLS_E_SHORT_MEMORY_BUFFER} will be returned. + +@strong{Since:} 3.0 +@end deftypefun diff --git a/doc/functions/gnutls_pcert_list_import_x509_raw.short b/doc/functions/gnutls_pcert_list_import_x509_raw.short new file mode 100644 index 0000000..db93b45 --- /dev/null +++ b/doc/functions/gnutls_pcert_list_import_x509_raw.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pcert_list_import_x509_raw} (gnutls_pcert_st * @var{pcert_list}, unsigned int * @var{pcert_list_size}, const gnutls_datum_t * @var{data}, gnutls_x509_crt_fmt_t @var{format}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_pem_base64_decode b/doc/functions/gnutls_pem_base64_decode new file mode 100644 index 0000000..6b3ed9b --- /dev/null +++ b/doc/functions/gnutls_pem_base64_decode @@ -0,0 +1,22 @@ + + + + +@deftypefun {int} {gnutls_pem_base64_decode} (const char * @var{header}, const gnutls_datum_t * @var{b64_data}, unsigned char * @var{result}, size_t * @var{result_size}) +@var{header}: A null terminated string with the PEM header (eg. CERTIFICATE) + +@var{b64_data}: contain the encoded data + +@var{result}: the place where decoded data will be copied + +@var{result_size}: holds the size of the result + +This function will decode the given encoded data. If the header +given is non @code{NULL} this function will search for "-----BEGIN header" +and decode only this part. Otherwise it will decode the first PEM +packet found. + +@strong{Returns:} On success @code{GNUTLS_E_SUCCESS} (0) is returned, +@code{GNUTLS_E_SHORT_MEMORY_BUFFER} is returned if the buffer given is +not long enough, or 0 on success. +@end deftypefun diff --git a/doc/functions/gnutls_pem_base64_decode.short b/doc/functions/gnutls_pem_base64_decode.short new file mode 100644 index 0000000..f4b9c38 --- /dev/null +++ b/doc/functions/gnutls_pem_base64_decode.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pem_base64_decode} (const char * @var{header}, const gnutls_datum_t * @var{b64_data}, unsigned char * @var{result}, size_t * @var{result_size}) diff --git a/doc/functions/gnutls_pem_base64_decode2 b/doc/functions/gnutls_pem_base64_decode2 new file mode 100644 index 0000000..e5a9b37 --- /dev/null +++ b/doc/functions/gnutls_pem_base64_decode2 @@ -0,0 +1,28 @@ + + + + +@deftypefun {int} {gnutls_pem_base64_decode2} (const char * @var{header}, const gnutls_datum_t * @var{b64_data}, gnutls_datum_t * @var{result}) +@var{header}: The PEM header (eg. CERTIFICATE) + +@var{b64_data}: contains the encoded data + +@var{result}: the location of decoded data + +This function will decode the given encoded data. The decoded data +will be allocated, and stored into result. If the header given is +non null this function will search for "-----BEGIN header" and +decode only this part. Otherwise it will decode the first PEM +packet found. + +You should use @code{gnutls_free()} to free the returned data. + +Note, that prior to GnuTLS 3.4.0 this function was available +under the name @code{gnutls_pem_base64_decode_alloc()} . There is +compatibility macro pointing to this function. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise +an error code is returned. + +@strong{Since:} 3.4.0 +@end deftypefun diff --git a/doc/functions/gnutls_pem_base64_decode2.short b/doc/functions/gnutls_pem_base64_decode2.short new file mode 100644 index 0000000..ee7d03b --- /dev/null +++ b/doc/functions/gnutls_pem_base64_decode2.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pem_base64_decode2} (const char * @var{header}, const gnutls_datum_t * @var{b64_data}, gnutls_datum_t * @var{result}) diff --git a/doc/functions/gnutls_pem_base64_encode b/doc/functions/gnutls_pem_base64_encode new file mode 100644 index 0000000..7bf5d52 --- /dev/null +++ b/doc/functions/gnutls_pem_base64_encode @@ -0,0 +1,23 @@ + + + + +@deftypefun {int} {gnutls_pem_base64_encode} (const char * @var{msg}, const gnutls_datum_t * @var{data}, char * @var{result}, size_t * @var{result_size}) +@var{msg}: is a message to be put in the header (may be @code{NULL} ) + +@var{data}: contain the raw data + +@var{result}: the place where base64 data will be copied + +@var{result_size}: holds the size of the result + +This function will convert the given data to printable data, using +the base64 encoding. This is the encoding used in PEM messages. + +The output string will be null terminated, although the output size will +not include the terminating null. + +@strong{Returns:} On success @code{GNUTLS_E_SUCCESS} (0) is returned, +@code{GNUTLS_E_SHORT_MEMORY_BUFFER} is returned if the buffer given is +not long enough, or 0 on success. +@end deftypefun diff --git a/doc/functions/gnutls_pem_base64_encode.short b/doc/functions/gnutls_pem_base64_encode.short new file mode 100644 index 0000000..502889b --- /dev/null +++ b/doc/functions/gnutls_pem_base64_encode.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pem_base64_encode} (const char * @var{msg}, const gnutls_datum_t * @var{data}, char * @var{result}, size_t * @var{result_size}) diff --git a/doc/functions/gnutls_pem_base64_encode2 b/doc/functions/gnutls_pem_base64_encode2 new file mode 100644 index 0000000..62a5f04 --- /dev/null +++ b/doc/functions/gnutls_pem_base64_encode2 @@ -0,0 +1,27 @@ + + + + +@deftypefun {int} {gnutls_pem_base64_encode2} (const char * @var{header}, const gnutls_datum_t * @var{data}, gnutls_datum_t * @var{result}) +@var{header}: is a message to be put in the encoded header (may be @code{NULL} ) + +@var{data}: contains the raw data + +@var{result}: will hold the newly allocated encoded data + +This function will convert the given data to printable data, using +the base64 encoding. This is the encoding used in PEM messages. +This function will allocate the required memory to hold the encoded +data. + +You should use @code{gnutls_free()} to free the returned data. + +Note, that prior to GnuTLS 3.4.0 this function was available +under the name @code{gnutls_pem_base64_encode_alloc()} . There is +compatibility macro pointing to this function. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise +an error code is returned. + +@strong{Since:} 3.4.0 +@end deftypefun diff --git a/doc/functions/gnutls_pem_base64_encode2.short b/doc/functions/gnutls_pem_base64_encode2.short new file mode 100644 index 0000000..9849fbd --- /dev/null +++ b/doc/functions/gnutls_pem_base64_encode2.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pem_base64_encode2} (const char * @var{header}, const gnutls_datum_t * @var{data}, gnutls_datum_t * @var{result}) diff --git a/doc/functions/gnutls_perror b/doc/functions/gnutls_perror new file mode 100644 index 0000000..9fea23a --- /dev/null +++ b/doc/functions/gnutls_perror @@ -0,0 +1,10 @@ + + + + +@deftypefun {void} {gnutls_perror} (int @var{error}) +@var{error}: is a GnuTLS error code, a negative error code + +This function is like @code{perror()} . The only difference is that it +accepts an error number returned by a gnutls function. +@end deftypefun diff --git a/doc/functions/gnutls_perror.short b/doc/functions/gnutls_perror.short new file mode 100644 index 0000000..2654fd1 --- /dev/null +++ b/doc/functions/gnutls_perror.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_perror} (int @var{error}) diff --git a/doc/functions/gnutls_pk_algorithm_get_name b/doc/functions/gnutls_pk_algorithm_get_name new file mode 100644 index 0000000..2058d22 --- /dev/null +++ b/doc/functions/gnutls_pk_algorithm_get_name @@ -0,0 +1,12 @@ + + + + +@deftypefun {const char *} {gnutls_pk_algorithm_get_name} (gnutls_pk_algorithm_t @var{algorithm}) +@var{algorithm}: is a pk algorithm + +Convert a @code{gnutls_pk_algorithm_t} value to a string. + +@strong{Returns:} a string that contains the name of the specified public +key algorithm, or @code{NULL} . +@end deftypefun diff --git a/doc/functions/gnutls_pk_algorithm_get_name.short b/doc/functions/gnutls_pk_algorithm_get_name.short new file mode 100644 index 0000000..9bdcbe2 --- /dev/null +++ b/doc/functions/gnutls_pk_algorithm_get_name.short @@ -0,0 +1 @@ +@item @var{const char *} @ref{gnutls_pk_algorithm_get_name} (gnutls_pk_algorithm_t @var{algorithm}) diff --git a/doc/functions/gnutls_pk_bits_to_sec_param b/doc/functions/gnutls_pk_bits_to_sec_param new file mode 100644 index 0000000..f7d9b25 --- /dev/null +++ b/doc/functions/gnutls_pk_bits_to_sec_param @@ -0,0 +1,17 @@ + + + + +@deftypefun {gnutls_sec_param_t} {gnutls_pk_bits_to_sec_param} (gnutls_pk_algorithm_t @var{algo}, unsigned int @var{bits}) +@var{algo}: is a public key algorithm + +@var{bits}: is the number of bits + +This is the inverse of @code{gnutls_sec_param_to_pk_bits()} . Given an algorithm +and the number of bits, it will return the security parameter. This is +a rough indication. + +@strong{Returns:} The security parameter. + +@strong{Since:} 2.12.0 +@end deftypefun diff --git a/doc/functions/gnutls_pk_bits_to_sec_param.short b/doc/functions/gnutls_pk_bits_to_sec_param.short new file mode 100644 index 0000000..0e37afa --- /dev/null +++ b/doc/functions/gnutls_pk_bits_to_sec_param.short @@ -0,0 +1 @@ +@item @var{gnutls_sec_param_t} @ref{gnutls_pk_bits_to_sec_param} (gnutls_pk_algorithm_t @var{algo}, unsigned int @var{bits}) diff --git a/doc/functions/gnutls_pk_get_id b/doc/functions/gnutls_pk_get_id new file mode 100644 index 0000000..7bb44b7 --- /dev/null +++ b/doc/functions/gnutls_pk_get_id @@ -0,0 +1,16 @@ + + + + +@deftypefun {gnutls_pk_algorithm_t} {gnutls_pk_get_id} (const char * @var{name}) +@var{name}: is a string containing a public key algorithm name. + +Convert a string to a @code{gnutls_pk_algorithm_t} value. The names are +compared in a case insensitive way. For example, +gnutls_pk_get_id("RSA") will return @code{GNUTLS_PK_RSA} . + +@strong{Returns:} a @code{gnutls_pk_algorithm_t} id of the specified public key +algorithm string, or @code{GNUTLS_PK_UNKNOWN} on failures. + +@strong{Since:} 2.6.0 +@end deftypefun diff --git a/doc/functions/gnutls_pk_get_id.short b/doc/functions/gnutls_pk_get_id.short new file mode 100644 index 0000000..cd64c98 --- /dev/null +++ b/doc/functions/gnutls_pk_get_id.short @@ -0,0 +1 @@ +@item @var{gnutls_pk_algorithm_t} @ref{gnutls_pk_get_id} (const char * @var{name}) diff --git a/doc/functions/gnutls_pk_get_name b/doc/functions/gnutls_pk_get_name new file mode 100644 index 0000000..e19cad9 --- /dev/null +++ b/doc/functions/gnutls_pk_get_name @@ -0,0 +1,14 @@ + + + + +@deftypefun {const char *} {gnutls_pk_get_name} (gnutls_pk_algorithm_t @var{algorithm}) +@var{algorithm}: is a public key algorithm + +Convert a @code{gnutls_pk_algorithm_t} value to a string. + +@strong{Returns:} a pointer to a string that contains the name of the +specified public key algorithm, or @code{NULL} . + +@strong{Since:} 2.6.0 +@end deftypefun diff --git a/doc/functions/gnutls_pk_get_name.short b/doc/functions/gnutls_pk_get_name.short new file mode 100644 index 0000000..84b13a1 --- /dev/null +++ b/doc/functions/gnutls_pk_get_name.short @@ -0,0 +1 @@ +@item @var{const char *} @ref{gnutls_pk_get_name} (gnutls_pk_algorithm_t @var{algorithm}) diff --git a/doc/functions/gnutls_pk_get_oid b/doc/functions/gnutls_pk_get_oid new file mode 100644 index 0000000..1b6e39f --- /dev/null +++ b/doc/functions/gnutls_pk_get_oid @@ -0,0 +1,14 @@ + + + + +@deftypefun {const char *} {gnutls_pk_get_oid} (gnutls_pk_algorithm_t @var{algorithm}) +@var{algorithm}: is a public key algorithm + +Convert a @code{gnutls_pk_algorithm_t} value to its object identifier string. + +@strong{Returns:} a pointer to a string that contains the object identifier of the +specified public key algorithm, or @code{NULL} . + +@strong{Since:} 3.4.3 +@end deftypefun diff --git a/doc/functions/gnutls_pk_get_oid.short b/doc/functions/gnutls_pk_get_oid.short new file mode 100644 index 0000000..a0c3f80 --- /dev/null +++ b/doc/functions/gnutls_pk_get_oid.short @@ -0,0 +1 @@ +@item @var{const char *} @ref{gnutls_pk_get_oid} (gnutls_pk_algorithm_t @var{algorithm}) diff --git a/doc/functions/gnutls_pk_list b/doc/functions/gnutls_pk_list new file mode 100644 index 0000000..ac27114 --- /dev/null +++ b/doc/functions/gnutls_pk_list @@ -0,0 +1,15 @@ + + + + +@deftypefun {const gnutls_pk_algorithm_t *} {gnutls_pk_list} ( @var{void}) + +Get a list of supported public key algorithms. + +This function is not thread safe. + +@strong{Returns:} a (0)-terminated list of @code{gnutls_pk_algorithm_t} integers +indicating the available ciphers. + +@strong{Since:} 2.6.0 +@end deftypefun diff --git a/doc/functions/gnutls_pk_list.short b/doc/functions/gnutls_pk_list.short new file mode 100644 index 0000000..61f3de7 --- /dev/null +++ b/doc/functions/gnutls_pk_list.short @@ -0,0 +1 @@ +@item @var{const gnutls_pk_algorithm_t *} @ref{gnutls_pk_list} ( @var{void}) diff --git a/doc/functions/gnutls_pk_to_sign b/doc/functions/gnutls_pk_to_sign new file mode 100644 index 0000000..b661767 --- /dev/null +++ b/doc/functions/gnutls_pk_to_sign @@ -0,0 +1,14 @@ + + + + +@deftypefun {gnutls_sign_algorithm_t} {gnutls_pk_to_sign} (gnutls_pk_algorithm_t @var{pk}, gnutls_digest_algorithm_t @var{hash}) +@var{pk}: is a public key algorithm + +@var{hash}: a hash algorithm + +This function maps public key and hash algorithms combinations +to signature algorithms. + +@strong{Returns:} return a @code{gnutls_sign_algorithm_t} value, or @code{GNUTLS_SIGN_UNKNOWN} on error. +@end deftypefun diff --git a/doc/functions/gnutls_pk_to_sign.short b/doc/functions/gnutls_pk_to_sign.short new file mode 100644 index 0000000..e3d0473 --- /dev/null +++ b/doc/functions/gnutls_pk_to_sign.short @@ -0,0 +1 @@ +@item @var{gnutls_sign_algorithm_t} @ref{gnutls_pk_to_sign} (gnutls_pk_algorithm_t @var{pk}, gnutls_digest_algorithm_t @var{hash}) diff --git a/doc/functions/gnutls_pkcs11_add_provider b/doc/functions/gnutls_pkcs11_add_provider new file mode 100644 index 0000000..cb8e556 --- /dev/null +++ b/doc/functions/gnutls_pkcs11_add_provider @@ -0,0 +1,22 @@ + + + +@deftypefun {int} {gnutls_pkcs11_add_provider} (const char * @var{name}, const char * @var{params}) +@var{name}: The filename of the module + +@var{params}: should be NULL or a known string (see description) + +This function will load and add a PKCS 11 module to the module +list used in gnutls. After this function is called the module will +be used for PKCS 11 operations. + +When loading a module to be used for certificate verification, +use the string 'trusted' as @code{params} . + +Note that this function is not thread safe. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 2.12.0 +@end deftypefun diff --git a/doc/functions/gnutls_pkcs11_add_provider.short b/doc/functions/gnutls_pkcs11_add_provider.short new file mode 100644 index 0000000..251615d --- /dev/null +++ b/doc/functions/gnutls_pkcs11_add_provider.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pkcs11_add_provider} (const char * @var{name}, const char * @var{params}) diff --git a/doc/functions/gnutls_pkcs11_copy_attached_extension b/doc/functions/gnutls_pkcs11_copy_attached_extension new file mode 100644 index 0000000..d186669 --- /dev/null +++ b/doc/functions/gnutls_pkcs11_copy_attached_extension @@ -0,0 +1,25 @@ + + + + +@deftypefun {int} {gnutls_pkcs11_copy_attached_extension} (const char * @var{token_url}, gnutls_x509_crt_t @var{crt}, gnutls_datum_t * @var{data}, const char * @var{label}, unsigned int @var{flags}) +@var{token_url}: A PKCS @code{11} URL specifying a token + +@var{crt}: An X.509 certificate object + +@var{data}: the attached extension + +@var{label}: A name to be used for the attached extension (may be @code{NULL} ) + +@var{flags}: One of GNUTLS_PKCS11_OBJ_FLAG_* + +This function will copy an the attached extension in @code{data} for +the certificate provided in @code{crt} in the PKCS @code{11} token specified +by the URL (typically a trust module). The extension must be in +RFC5280 Extension format. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.3.8 +@end deftypefun diff --git a/doc/functions/gnutls_pkcs11_copy_attached_extension.short b/doc/functions/gnutls_pkcs11_copy_attached_extension.short new file mode 100644 index 0000000..4670092 --- /dev/null +++ b/doc/functions/gnutls_pkcs11_copy_attached_extension.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pkcs11_copy_attached_extension} (const char * @var{token_url}, gnutls_x509_crt_t @var{crt}, gnutls_datum_t * @var{data}, const char * @var{label}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_pkcs11_copy_pubkey b/doc/functions/gnutls_pkcs11_copy_pubkey new file mode 100644 index 0000000..3bcd04b --- /dev/null +++ b/doc/functions/gnutls_pkcs11_copy_pubkey @@ -0,0 +1,27 @@ + + + + +@deftypefun {int} {gnutls_pkcs11_copy_pubkey} (const char * @var{token_url}, gnutls_pubkey_t @var{pubkey}, const char * @var{label}, const gnutls_datum_t * @var{cid}, unsigned int @var{key_usage}, unsigned int @var{flags}) +@var{token_url}: A PKCS @code{11} URL specifying a token + +@var{pubkey}: The public key to copy + +@var{label}: The name to be used for the stored data + +@var{cid}: The CKA_ID to set for the object -if NULL, the ID will be derived from the public key + +@var{key_usage}: One of GNUTLS_KEY_* + +@var{flags}: One of GNUTLS_PKCS11_OBJ_FLAG_* + +This function will copy a public key object into a PKCS @code{11} token specified by +a URL. Valid flags to mark the key: @code{GNUTLS_PKCS11_OBJ_FLAG_MARK_TRUSTED} , +@code{GNUTLS_PKCS11_OBJ_FLAG_MARK_PRIVATE} , @code{GNUTLS_PKCS11_OBJ_FLAG_MARK_CA} , +@code{GNUTLS_PKCS11_OBJ_FLAG_MARK_ALWAYS_AUTH} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.4.6 +@end deftypefun diff --git a/doc/functions/gnutls_pkcs11_copy_pubkey.short b/doc/functions/gnutls_pkcs11_copy_pubkey.short new file mode 100644 index 0000000..43b8440 --- /dev/null +++ b/doc/functions/gnutls_pkcs11_copy_pubkey.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pkcs11_copy_pubkey} (const char * @var{token_url}, gnutls_pubkey_t @var{pubkey}, const char * @var{label}, const gnutls_datum_t * @var{cid}, unsigned int @var{key_usage}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_pkcs11_copy_secret_key b/doc/functions/gnutls_pkcs11_copy_secret_key new file mode 100644 index 0000000..7ff3aed --- /dev/null +++ b/doc/functions/gnutls_pkcs11_copy_secret_key @@ -0,0 +1,23 @@ + + + + +@deftypefun {int} {gnutls_pkcs11_copy_secret_key} (const char * @var{token_url}, gnutls_datum_t * @var{key}, const char * @var{label}, unsigned int @var{key_usage}, unsigned int @var{flags}) +@var{token_url}: A PKCS @code{11} URL specifying a token + +@var{key}: The raw key + +@var{label}: A name to be used for the stored data + +@var{key_usage}: One of GNUTLS_KEY_* + +@var{flags}: One of GNUTLS_PKCS11_OBJ_FLAG_* + +This function will copy a raw secret (symmetric) key into a PKCS @code{11} +token specified by a URL. The key can be marked as sensitive or not. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 2.12.0 +@end deftypefun diff --git a/doc/functions/gnutls_pkcs11_copy_secret_key.short b/doc/functions/gnutls_pkcs11_copy_secret_key.short new file mode 100644 index 0000000..55afb40 --- /dev/null +++ b/doc/functions/gnutls_pkcs11_copy_secret_key.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pkcs11_copy_secret_key} (const char * @var{token_url}, gnutls_datum_t * @var{key}, const char * @var{label}, unsigned int @var{key_usage}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_pkcs11_copy_x509_crt b/doc/functions/gnutls_pkcs11_copy_x509_crt new file mode 100644 index 0000000..6a8e272 --- /dev/null +++ b/doc/functions/gnutls_pkcs11_copy_x509_crt @@ -0,0 +1,21 @@ + + + + +@deftypefun {int} {gnutls_pkcs11_copy_x509_crt} (const char * @var{token_url}, gnutls_x509_crt_t @var{crt}, const char * @var{label}, unsigned int @var{flags}) +@var{token_url}: A PKCS @code{11} URL specifying a token + +@var{crt}: A certificate + +@var{label}: A name to be used for the stored data + +@var{flags}: One of GNUTLS_PKCS11_OBJ_FLAG_* + +This function will copy a certificate into a PKCS @code{11} token specified by +a URL. The certificate can be marked as trusted or not. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 2.12.0 +@end deftypefun diff --git a/doc/functions/gnutls_pkcs11_copy_x509_crt.short b/doc/functions/gnutls_pkcs11_copy_x509_crt.short new file mode 100644 index 0000000..176839b --- /dev/null +++ b/doc/functions/gnutls_pkcs11_copy_x509_crt.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pkcs11_copy_x509_crt} (const char * @var{token_url}, gnutls_x509_crt_t @var{crt}, const char * @var{label}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_pkcs11_copy_x509_crt2 b/doc/functions/gnutls_pkcs11_copy_x509_crt2 new file mode 100644 index 0000000..eb24821 --- /dev/null +++ b/doc/functions/gnutls_pkcs11_copy_x509_crt2 @@ -0,0 +1,25 @@ + + + + +@deftypefun {int} {gnutls_pkcs11_copy_x509_crt2} (const char * @var{token_url}, gnutls_x509_crt_t @var{crt}, const char * @var{label}, const gnutls_datum_t * @var{cid}, unsigned int @var{flags}) +@var{token_url}: A PKCS @code{11} URL specifying a token + +@var{crt}: The certificate to copy + +@var{label}: The name to be used for the stored data + +@var{cid}: The CKA_ID to set for the object -if NULL, the ID will be derived from the public key + +@var{flags}: One of GNUTLS_PKCS11_OBJ_FLAG_* + +This function will copy a certificate into a PKCS @code{11} token specified by +a URL. Valid flags to mark the certificate: @code{GNUTLS_PKCS11_OBJ_FLAG_MARK_TRUSTED} , +@code{GNUTLS_PKCS11_OBJ_FLAG_MARK_PRIVATE} , @code{GNUTLS_PKCS11_OBJ_FLAG_MARK_CA} , +@code{GNUTLS_PKCS11_OBJ_FLAG_MARK_ALWAYS_AUTH} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.4.0 +@end deftypefun diff --git a/doc/functions/gnutls_pkcs11_copy_x509_crt2.short b/doc/functions/gnutls_pkcs11_copy_x509_crt2.short new file mode 100644 index 0000000..de3eafd --- /dev/null +++ b/doc/functions/gnutls_pkcs11_copy_x509_crt2.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pkcs11_copy_x509_crt2} (const char * @var{token_url}, gnutls_x509_crt_t @var{crt}, const char * @var{label}, const gnutls_datum_t * @var{cid}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_pkcs11_copy_x509_privkey b/doc/functions/gnutls_pkcs11_copy_x509_privkey new file mode 100644 index 0000000..cd8700f --- /dev/null +++ b/doc/functions/gnutls_pkcs11_copy_x509_privkey @@ -0,0 +1,26 @@ + + + + +@deftypefun {int} {gnutls_pkcs11_copy_x509_privkey} (const char * @var{token_url}, gnutls_x509_privkey_t @var{key}, const char * @var{label}, unsigned int @var{key_usage}, unsigned int @var{flags}) +@var{token_url}: A PKCS @code{11} URL specifying a token + +@var{key}: A private key + +@var{label}: A name to be used for the stored data + +@var{key_usage}: One of GNUTLS_KEY_* + +@var{flags}: One of GNUTLS_PKCS11_OBJ_* flags + +This function will copy a private key into a PKCS @code{11} token specified by +a URL. + +Since 3.6.3 the objects are marked as sensitive by default unless +@code{GNUTLS_PKCS11_OBJ_FLAG_MARK_NOT_SENSITIVE} is specified. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 2.12.0 +@end deftypefun diff --git a/doc/functions/gnutls_pkcs11_copy_x509_privkey.short b/doc/functions/gnutls_pkcs11_copy_x509_privkey.short new file mode 100644 index 0000000..2123abc --- /dev/null +++ b/doc/functions/gnutls_pkcs11_copy_x509_privkey.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pkcs11_copy_x509_privkey} (const char * @var{token_url}, gnutls_x509_privkey_t @var{key}, const char * @var{label}, unsigned int @var{key_usage}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_pkcs11_copy_x509_privkey2 b/doc/functions/gnutls_pkcs11_copy_x509_privkey2 new file mode 100644 index 0000000..efa0c0b --- /dev/null +++ b/doc/functions/gnutls_pkcs11_copy_x509_privkey2 @@ -0,0 +1,28 @@ + + + + +@deftypefun {int} {gnutls_pkcs11_copy_x509_privkey2} (const char * @var{token_url}, gnutls_x509_privkey_t @var{key}, const char * @var{label}, const gnutls_datum_t * @var{cid}, unsigned int @var{key_usage}, unsigned int @var{flags}) +@var{token_url}: A PKCS @code{11} URL specifying a token + +@var{key}: A private key + +@var{label}: A name to be used for the stored data + +@var{cid}: The CKA_ID to set for the object -if NULL, the ID will be derived from the public key + +@var{key_usage}: One of GNUTLS_KEY_* + +@var{flags}: One of GNUTLS_PKCS11_OBJ_* flags + +This function will copy a private key into a PKCS @code{11} token specified by +a URL. + +Since 3.6.3 the objects are marked as sensitive by default unless +@code{GNUTLS_PKCS11_OBJ_FLAG_MARK_NOT_SENSITIVE} is specified. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.4.0 +@end deftypefun diff --git a/doc/functions/gnutls_pkcs11_copy_x509_privkey2.short b/doc/functions/gnutls_pkcs11_copy_x509_privkey2.short new file mode 100644 index 0000000..2953b75 --- /dev/null +++ b/doc/functions/gnutls_pkcs11_copy_x509_privkey2.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pkcs11_copy_x509_privkey2} (const char * @var{token_url}, gnutls_x509_privkey_t @var{key}, const char * @var{label}, const gnutls_datum_t * @var{cid}, unsigned int @var{key_usage}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_pkcs11_crt_is_known b/doc/functions/gnutls_pkcs11_crt_is_known new file mode 100644 index 0000000..d3a6706 --- /dev/null +++ b/doc/functions/gnutls_pkcs11_crt_is_known @@ -0,0 +1,29 @@ + + + + +@deftypefun {unsigned} {gnutls_pkcs11_crt_is_known} (const char * @var{url}, gnutls_x509_crt_t @var{cert}, unsigned int @var{flags}) +@var{url}: A PKCS 11 url identifying a token + +@var{cert}: is the certificate to find issuer for + +@var{flags}: Use zero or flags from @code{GNUTLS_PKCS11_OBJ_FLAG} . + +This function will check whether the provided certificate is stored +in the specified token. This is useful in combination with +@code{GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_TRUSTED} or +@code{GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_DISTRUSTED} , +to check whether a CA is present or a certificate is blacklisted in +a trust PKCS @code{11} module. + +This function can be used with a @code{url} of "pkcs11:", and in that case all modules +will be searched. To restrict the modules to the marked as trusted in p11-kit +use the @code{GNUTLS_PKCS11_OBJ_FLAG_PRESENT_IN_TRUSTED_MODULE} flag. + +Note that the flag @code{GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_DISTRUSTED} is +specific to p11-kit trust modules. + +@strong{Returns:} If the certificate exists non-zero is returned, otherwise zero. + +@strong{Since:} 3.3.0 +@end deftypefun diff --git a/doc/functions/gnutls_pkcs11_crt_is_known.short b/doc/functions/gnutls_pkcs11_crt_is_known.short new file mode 100644 index 0000000..fddad50 --- /dev/null +++ b/doc/functions/gnutls_pkcs11_crt_is_known.short @@ -0,0 +1 @@ +@item @var{unsigned} @ref{gnutls_pkcs11_crt_is_known} (const char * @var{url}, gnutls_x509_crt_t @var{cert}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_pkcs11_deinit b/doc/functions/gnutls_pkcs11_deinit new file mode 100644 index 0000000..f231256 --- /dev/null +++ b/doc/functions/gnutls_pkcs11_deinit @@ -0,0 +1,12 @@ + + + + +@deftypefun {void} {gnutls_pkcs11_deinit} ( @var{void}) + +This function will deinitialize the PKCS 11 subsystem in gnutls. +This function is only needed if you need to deinitialize the +subsystem without calling @code{gnutls_global_deinit()} . + +@strong{Since:} 2.12.0 +@end deftypefun diff --git a/doc/functions/gnutls_pkcs11_deinit.short b/doc/functions/gnutls_pkcs11_deinit.short new file mode 100644 index 0000000..4850a6f --- /dev/null +++ b/doc/functions/gnutls_pkcs11_deinit.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_pkcs11_deinit} ( @var{void}) diff --git a/doc/functions/gnutls_pkcs11_delete_url b/doc/functions/gnutls_pkcs11_delete_url new file mode 100644 index 0000000..3a165d6 --- /dev/null +++ b/doc/functions/gnutls_pkcs11_delete_url @@ -0,0 +1,17 @@ + + + + +@deftypefun {int} {gnutls_pkcs11_delete_url} (const char * @var{object_url}, unsigned int @var{flags}) +@var{object_url}: The URL of the object to delete. + +@var{flags}: One of GNUTLS_PKCS11_OBJ_* flags + +This function will delete objects matching the given URL. +Note that not all tokens support the delete operation. + +@strong{Returns:} On success, the number of objects deleted is returned, otherwise a +negative error value. + +@strong{Since:} 2.12.0 +@end deftypefun diff --git a/doc/functions/gnutls_pkcs11_delete_url.short b/doc/functions/gnutls_pkcs11_delete_url.short new file mode 100644 index 0000000..0e821e2 --- /dev/null +++ b/doc/functions/gnutls_pkcs11_delete_url.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pkcs11_delete_url} (const char * @var{object_url}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_pkcs11_get_pin_function b/doc/functions/gnutls_pkcs11_get_pin_function new file mode 100644 index 0000000..0e292b7 --- /dev/null +++ b/doc/functions/gnutls_pkcs11_get_pin_function @@ -0,0 +1,14 @@ + + + + +@deftypefun {gnutls_pin_callback_t} {gnutls_pkcs11_get_pin_function} (void ** @var{userdata}) +@var{userdata}: data to be supplied to callback + +This function will return the callback function set using +@code{gnutls_pkcs11_set_pin_function()} . + +@strong{Returns:} The function set or NULL otherwise. + +@strong{Since:} 3.1.0 +@end deftypefun diff --git a/doc/functions/gnutls_pkcs11_get_pin_function.short b/doc/functions/gnutls_pkcs11_get_pin_function.short new file mode 100644 index 0000000..1aa61fe --- /dev/null +++ b/doc/functions/gnutls_pkcs11_get_pin_function.short @@ -0,0 +1 @@ +@item @var{gnutls_pin_callback_t} @ref{gnutls_pkcs11_get_pin_function} (void ** @var{userdata}) diff --git a/doc/functions/gnutls_pkcs11_get_raw_issuer b/doc/functions/gnutls_pkcs11_get_raw_issuer new file mode 100644 index 0000000..88eaf4e --- /dev/null +++ b/doc/functions/gnutls_pkcs11_get_raw_issuer @@ -0,0 +1,25 @@ + + + + +@deftypefun {int} {gnutls_pkcs11_get_raw_issuer} (const char * @var{url}, gnutls_x509_crt_t @var{cert}, gnutls_datum_t * @var{issuer}, gnutls_x509_crt_fmt_t @var{fmt}, unsigned int @var{flags}) +@var{url}: A PKCS 11 url identifying a token + +@var{cert}: is the certificate to find issuer for + +@var{issuer}: Will hold the issuer if any in an allocated buffer. + +@var{fmt}: The format of the exported issuer. + +@var{flags}: Use zero or flags from @code{GNUTLS_PKCS11_OBJ_FLAG} . + +This function will return the issuer of a given certificate, if it +is stored in the token. By default only marked as trusted issuers +are returned. If any issuer should be returned specify +@code{GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_ANY} in @code{flags} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.2.7 +@end deftypefun diff --git a/doc/functions/gnutls_pkcs11_get_raw_issuer.short b/doc/functions/gnutls_pkcs11_get_raw_issuer.short new file mode 100644 index 0000000..8c6eadd --- /dev/null +++ b/doc/functions/gnutls_pkcs11_get_raw_issuer.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pkcs11_get_raw_issuer} (const char * @var{url}, gnutls_x509_crt_t @var{cert}, gnutls_datum_t * @var{issuer}, gnutls_x509_crt_fmt_t @var{fmt}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_pkcs11_get_raw_issuer_by_dn b/doc/functions/gnutls_pkcs11_get_raw_issuer_by_dn new file mode 100644 index 0000000..40a6edf --- /dev/null +++ b/doc/functions/gnutls_pkcs11_get_raw_issuer_by_dn @@ -0,0 +1,28 @@ + + + + +@deftypefun {int} {gnutls_pkcs11_get_raw_issuer_by_dn} (const char * @var{url}, const gnutls_datum_t * @var{dn}, gnutls_datum_t * @var{issuer}, gnutls_x509_crt_fmt_t @var{fmt}, unsigned int @var{flags}) +@var{url}: A PKCS 11 url identifying a token + +@var{dn}: is the DN to search for + +@var{issuer}: Will hold the issuer if any in an allocated buffer. + +@var{fmt}: The format of the exported issuer. + +@var{flags}: Use zero or flags from @code{GNUTLS_PKCS11_OBJ_FLAG} . + +This function will return the certificate with the given DN, if it +is stored in the token. By default only marked as trusted issuers +are returned. If any issuer should be returned specify +@code{GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_ANY} in @code{flags} . + +The name of the function includes issuer because it can +be used to discover issuers of certificates. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.4.0 +@end deftypefun diff --git a/doc/functions/gnutls_pkcs11_get_raw_issuer_by_dn.short b/doc/functions/gnutls_pkcs11_get_raw_issuer_by_dn.short new file mode 100644 index 0000000..b357db6 --- /dev/null +++ b/doc/functions/gnutls_pkcs11_get_raw_issuer_by_dn.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pkcs11_get_raw_issuer_by_dn} (const char * @var{url}, const gnutls_datum_t * @var{dn}, gnutls_datum_t * @var{issuer}, gnutls_x509_crt_fmt_t @var{fmt}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_pkcs11_get_raw_issuer_by_subject_key_id b/doc/functions/gnutls_pkcs11_get_raw_issuer_by_subject_key_id new file mode 100644 index 0000000..c6c37f7 --- /dev/null +++ b/doc/functions/gnutls_pkcs11_get_raw_issuer_by_subject_key_id @@ -0,0 +1,30 @@ + + + + +@deftypefun {int} {gnutls_pkcs11_get_raw_issuer_by_subject_key_id} (const char * @var{url}, const gnutls_datum_t * @var{dn}, const gnutls_datum_t * @var{spki}, gnutls_datum_t * @var{issuer}, gnutls_x509_crt_fmt_t @var{fmt}, unsigned int @var{flags}) +@var{url}: A PKCS 11 url identifying a token + +@var{dn}: is the DN to search for (may be @code{NULL} ) + +@var{spki}: is the subject key ID to search for + +@var{issuer}: Will hold the issuer if any in an allocated buffer. + +@var{fmt}: The format of the exported issuer. + +@var{flags}: Use zero or flags from @code{GNUTLS_PKCS11_OBJ_FLAG} . + +This function will return the certificate with the given DN and @code{spki} , if it +is stored in the token. By default only marked as trusted issuers +are returned. If any issuer should be returned specify +@code{GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_ANY} in @code{flags} . + +The name of the function includes issuer because it can +be used to discover issuers of certificates. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.4.2 +@end deftypefun diff --git a/doc/functions/gnutls_pkcs11_get_raw_issuer_by_subject_key_id.short b/doc/functions/gnutls_pkcs11_get_raw_issuer_by_subject_key_id.short new file mode 100644 index 0000000..d27dbe9 --- /dev/null +++ b/doc/functions/gnutls_pkcs11_get_raw_issuer_by_subject_key_id.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pkcs11_get_raw_issuer_by_subject_key_id} (const char * @var{url}, const gnutls_datum_t * @var{dn}, const gnutls_datum_t * @var{spki}, gnutls_datum_t * @var{issuer}, gnutls_x509_crt_fmt_t @var{fmt}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_pkcs11_init b/doc/functions/gnutls_pkcs11_init new file mode 100644 index 0000000..8ccfcef --- /dev/null +++ b/doc/functions/gnutls_pkcs11_init @@ -0,0 +1,25 @@ + + + + +@deftypefun {int} {gnutls_pkcs11_init} (unsigned int @var{flags}, const char * @var{deprecated_config_file}) +@var{flags}: An ORed sequence of @code{GNUTLS_PKCS11_FLAG_} * + +@var{deprecated_config_file}: either NULL or the location of a deprecated +configuration file + +This function will initialize the PKCS 11 subsystem in gnutls. It will +read configuration files if @code{GNUTLS_PKCS11_FLAG_AUTO} is used or allow +you to independently load PKCS 11 modules using @code{gnutls_pkcs11_add_provider()} +if @code{GNUTLS_PKCS11_FLAG_MANUAL} is specified. + +You don't need to call this function since GnuTLS 3.3.0 because it is being called +during the first request PKCS 11 operation. That call will assume the @code{GNUTLS_PKCS11_FLAG_AUTO} +flag. If another flags are required then it must be called independently +prior to any PKCS 11 operation. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 2.12.0 +@end deftypefun diff --git a/doc/functions/gnutls_pkcs11_init.short b/doc/functions/gnutls_pkcs11_init.short new file mode 100644 index 0000000..37a46df --- /dev/null +++ b/doc/functions/gnutls_pkcs11_init.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pkcs11_init} (unsigned int @var{flags}, const char * @var{deprecated_config_file}) diff --git a/doc/functions/gnutls_pkcs11_obj_deinit b/doc/functions/gnutls_pkcs11_obj_deinit new file mode 100644 index 0000000..e4d8539 --- /dev/null +++ b/doc/functions/gnutls_pkcs11_obj_deinit @@ -0,0 +1,11 @@ + + + + +@deftypefun {void} {gnutls_pkcs11_obj_deinit} (gnutls_pkcs11_obj_t @var{obj}) +@var{obj}: The type to be deinitialized + +This function will deinitialize a certificate structure. + +@strong{Since:} 2.12.0 +@end deftypefun diff --git a/doc/functions/gnutls_pkcs11_obj_deinit.short b/doc/functions/gnutls_pkcs11_obj_deinit.short new file mode 100644 index 0000000..6fbc219 --- /dev/null +++ b/doc/functions/gnutls_pkcs11_obj_deinit.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_pkcs11_obj_deinit} (gnutls_pkcs11_obj_t @var{obj}) diff --git a/doc/functions/gnutls_pkcs11_obj_export b/doc/functions/gnutls_pkcs11_obj_export new file mode 100644 index 0000000..3f8141c --- /dev/null +++ b/doc/functions/gnutls_pkcs11_obj_export @@ -0,0 +1,25 @@ + + + + +@deftypefun {int} {gnutls_pkcs11_obj_export} (gnutls_pkcs11_obj_t @var{obj}, void * @var{output_data}, size_t * @var{output_data_size}) +@var{obj}: Holds the object + +@var{output_data}: will contain the object data + +@var{output_data_size}: holds the size of output_data (and will be +replaced by the actual size of parameters) + +This function will export the PKCS11 object data. It is normal for +data to be inaccessible and in that case @code{GNUTLS_E_INVALID_REQUEST} +will be returned. + +If the buffer provided is not long enough to hold the output, then +*output_data_size is updated and GNUTLS_E_SHORT_MEMORY_BUFFER will +be returned. + +@strong{Returns:} In case of failure a negative error code will be +returned, and @code{GNUTLS_E_SUCCESS} (0) on success. + +@strong{Since:} 2.12.0 +@end deftypefun diff --git a/doc/functions/gnutls_pkcs11_obj_export.short b/doc/functions/gnutls_pkcs11_obj_export.short new file mode 100644 index 0000000..4122cff --- /dev/null +++ b/doc/functions/gnutls_pkcs11_obj_export.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pkcs11_obj_export} (gnutls_pkcs11_obj_t @var{obj}, void * @var{output_data}, size_t * @var{output_data_size}) diff --git a/doc/functions/gnutls_pkcs11_obj_export2 b/doc/functions/gnutls_pkcs11_obj_export2 new file mode 100644 index 0000000..a8cdffb --- /dev/null +++ b/doc/functions/gnutls_pkcs11_obj_export2 @@ -0,0 +1,20 @@ + + + + +@deftypefun {int} {gnutls_pkcs11_obj_export2} (gnutls_pkcs11_obj_t @var{obj}, gnutls_datum_t * @var{out}) +@var{obj}: Holds the object + +@var{out}: will contain the object data + +This function will export the PKCS11 object data. It is normal for +data to be inaccessible and in that case @code{GNUTLS_E_INVALID_REQUEST} +will be returned. + +The output buffer is allocated using @code{gnutls_malloc()} . + +@strong{Returns:} In case of failure a negative error code will be +returned, and @code{GNUTLS_E_SUCCESS} (0) on success. + +@strong{Since:} 3.1.3 +@end deftypefun diff --git a/doc/functions/gnutls_pkcs11_obj_export2.short b/doc/functions/gnutls_pkcs11_obj_export2.short new file mode 100644 index 0000000..8dc0b5e --- /dev/null +++ b/doc/functions/gnutls_pkcs11_obj_export2.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pkcs11_obj_export2} (gnutls_pkcs11_obj_t @var{obj}, gnutls_datum_t * @var{out}) diff --git a/doc/functions/gnutls_pkcs11_obj_export3 b/doc/functions/gnutls_pkcs11_obj_export3 new file mode 100644 index 0000000..fb659ef --- /dev/null +++ b/doc/functions/gnutls_pkcs11_obj_export3 @@ -0,0 +1,22 @@ + + + + +@deftypefun {int} {gnutls_pkcs11_obj_export3} (gnutls_pkcs11_obj_t @var{obj}, gnutls_x509_crt_fmt_t @var{fmt}, gnutls_datum_t * @var{out}) +@var{obj}: Holds the object + +@var{fmt}: The format of the exported data + +@var{out}: will contain the object data + +This function will export the PKCS11 object data. It is normal for +data to be inaccessible and in that case @code{GNUTLS_E_INVALID_REQUEST} +will be returned. + +The output buffer is allocated using @code{gnutls_malloc()} . + +@strong{Returns:} In case of failure a negative error code will be +returned, and @code{GNUTLS_E_SUCCESS} (0) on success. + +@strong{Since:} 3.2.7 +@end deftypefun diff --git a/doc/functions/gnutls_pkcs11_obj_export3.short b/doc/functions/gnutls_pkcs11_obj_export3.short new file mode 100644 index 0000000..e60a2d7 --- /dev/null +++ b/doc/functions/gnutls_pkcs11_obj_export3.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pkcs11_obj_export3} (gnutls_pkcs11_obj_t @var{obj}, gnutls_x509_crt_fmt_t @var{fmt}, gnutls_datum_t * @var{out}) diff --git a/doc/functions/gnutls_pkcs11_obj_export_url b/doc/functions/gnutls_pkcs11_obj_export_url new file mode 100644 index 0000000..124cf51 --- /dev/null +++ b/doc/functions/gnutls_pkcs11_obj_export_url @@ -0,0 +1,18 @@ + + + + +@deftypefun {int} {gnutls_pkcs11_obj_export_url} (gnutls_pkcs11_obj_t @var{obj}, gnutls_pkcs11_url_type_t @var{detailed}, char ** @var{url}) +@var{obj}: Holds the PKCS 11 certificate + +@var{detailed}: non zero if a detailed URL is required + +@var{url}: will contain an allocated url + +This function will export a URL identifying the given object. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 2.12.0 +@end deftypefun diff --git a/doc/functions/gnutls_pkcs11_obj_export_url.short b/doc/functions/gnutls_pkcs11_obj_export_url.short new file mode 100644 index 0000000..0e4f939 --- /dev/null +++ b/doc/functions/gnutls_pkcs11_obj_export_url.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pkcs11_obj_export_url} (gnutls_pkcs11_obj_t @var{obj}, gnutls_pkcs11_url_type_t @var{detailed}, char ** @var{url}) diff --git a/doc/functions/gnutls_pkcs11_obj_flags_get_str b/doc/functions/gnutls_pkcs11_obj_flags_get_str new file mode 100644 index 0000000..ac8d193 --- /dev/null +++ b/doc/functions/gnutls_pkcs11_obj_flags_get_str @@ -0,0 +1,15 @@ + + + + +@deftypefun {char *} {gnutls_pkcs11_obj_flags_get_str} (unsigned int @var{flags}) +@var{flags}: holds the flags + +This function given an or-sequence of @code{GNUTLS_PKCS11_OBJ_FLAG_MARK} , +will return an allocated string with its description. The string +needs to be deallocated using @code{gnutls_free()} . + +@strong{Returns:} If flags is zero @code{NULL} is returned, otherwise an allocated string. + +@strong{Since:} 3.3.7 +@end deftypefun diff --git a/doc/functions/gnutls_pkcs11_obj_flags_get_str.short b/doc/functions/gnutls_pkcs11_obj_flags_get_str.short new file mode 100644 index 0000000..535d55a --- /dev/null +++ b/doc/functions/gnutls_pkcs11_obj_flags_get_str.short @@ -0,0 +1 @@ +@item @var{char *} @ref{gnutls_pkcs11_obj_flags_get_str} (unsigned int @var{flags}) diff --git a/doc/functions/gnutls_pkcs11_obj_get_exts b/doc/functions/gnutls_pkcs11_obj_get_exts new file mode 100644 index 0000000..6b65db2 --- /dev/null +++ b/doc/functions/gnutls_pkcs11_obj_get_exts @@ -0,0 +1,24 @@ + + + + +@deftypefun {int} {gnutls_pkcs11_obj_get_exts} (gnutls_pkcs11_obj_t @var{obj}, gnutls_x509_ext_st ** @var{exts}, unsigned int * @var{exts_size}, unsigned int @var{flags}) +@var{obj}: should contain a @code{gnutls_pkcs11_obj_t} type + +@var{exts}: a pointer to a @code{gnutls_x509_ext_st} pointer + +@var{exts_size}: will be updated with the number of @code{exts} + +@var{flags}: Or sequence of @code{GNUTLS_PKCS11_OBJ_} * flags + +This function will return information about attached extensions +that associate to the provided object (which should be a certificate). +The extensions are the attached p11-kit trust module extensions. + +Each element of @code{exts} must be deinitialized using @code{gnutls_x509_ext_deinit()} +while @code{exts} should be deallocated using @code{gnutls_free()} . + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} (0) on success or a negative error code on error. + +@strong{Since:} 3.3.8 +@end deftypefun diff --git a/doc/functions/gnutls_pkcs11_obj_get_exts.short b/doc/functions/gnutls_pkcs11_obj_get_exts.short new file mode 100644 index 0000000..bf7b110 --- /dev/null +++ b/doc/functions/gnutls_pkcs11_obj_get_exts.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pkcs11_obj_get_exts} (gnutls_pkcs11_obj_t @var{obj}, gnutls_x509_ext_st ** @var{exts}, unsigned int * @var{exts_size}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_pkcs11_obj_get_flags b/doc/functions/gnutls_pkcs11_obj_get_flags new file mode 100644 index 0000000..430657f --- /dev/null +++ b/doc/functions/gnutls_pkcs11_obj_get_flags @@ -0,0 +1,18 @@ + + + + +@deftypefun {int} {gnutls_pkcs11_obj_get_flags} (gnutls_pkcs11_obj_t @var{obj}, unsigned int * @var{oflags}) +@var{obj}: The pkcs11 object + +@var{oflags}: Will hold the output flags + +This function will return the flags of the object. +The @code{oflags} will be flags from @code{gnutls_pkcs11_obj_flags} . That is, +the @code{GNUTLS_PKCS11_OBJ_FLAG_MARK_} * flags. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.3.7 +@end deftypefun diff --git a/doc/functions/gnutls_pkcs11_obj_get_flags.short b/doc/functions/gnutls_pkcs11_obj_get_flags.short new file mode 100644 index 0000000..a405edc --- /dev/null +++ b/doc/functions/gnutls_pkcs11_obj_get_flags.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pkcs11_obj_get_flags} (gnutls_pkcs11_obj_t @var{obj}, unsigned int * @var{oflags}) diff --git a/doc/functions/gnutls_pkcs11_obj_get_info b/doc/functions/gnutls_pkcs11_obj_get_info new file mode 100644 index 0000000..c428107 --- /dev/null +++ b/doc/functions/gnutls_pkcs11_obj_get_info @@ -0,0 +1,30 @@ + + + + +@deftypefun {int} {gnutls_pkcs11_obj_get_info} (gnutls_pkcs11_obj_t @var{obj}, gnutls_pkcs11_obj_info_t @var{itype}, void * @var{output}, size_t * @var{output_size}) +@var{obj}: should contain a @code{gnutls_pkcs11_obj_t} type + +@var{itype}: Denotes the type of information requested + +@var{output}: where output will be stored + +@var{output_size}: contains the maximum size of the output buffer and will be +overwritten with the actual size. + +This function will return information about the PKCS11 certificate +such as the label, id as well as token information where the key is +stored. + +When output is text, a null terminated string is written to @code{output} and its +string length is written to @code{output_size} (without null terminator). If the +buffer is too small, @code{output_size} will contain the expected buffer size +(with null terminator for text) and return @code{GNUTLS_E_SHORT_MEMORY_BUFFER} . + +In versions previously to 3.6.0 this function included the null terminator +to @code{output_size} . After 3.6.0 the output size doesn't include the terminator character. + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} (0) on success or a negative error code on error. + +@strong{Since:} 2.12.0 +@end deftypefun diff --git a/doc/functions/gnutls_pkcs11_obj_get_info.short b/doc/functions/gnutls_pkcs11_obj_get_info.short new file mode 100644 index 0000000..a13017e --- /dev/null +++ b/doc/functions/gnutls_pkcs11_obj_get_info.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pkcs11_obj_get_info} (gnutls_pkcs11_obj_t @var{obj}, gnutls_pkcs11_obj_info_t @var{itype}, void * @var{output}, size_t * @var{output_size}) diff --git a/doc/functions/gnutls_pkcs11_obj_get_ptr b/doc/functions/gnutls_pkcs11_obj_get_ptr new file mode 100644 index 0000000..35eec3e --- /dev/null +++ b/doc/functions/gnutls_pkcs11_obj_get_ptr @@ -0,0 +1,25 @@ + + + + +@deftypefun {int} {gnutls_pkcs11_obj_get_ptr} (gnutls_pkcs11_obj_t @var{obj}, void ** @var{ptr}, void ** @var{session}, void ** @var{ohandle}, unsigned long * @var{slot_id}, unsigned int @var{flags}) +@var{obj}: should contain a @code{gnutls_pkcs11_obj_t} type + +@var{ptr}: will contain the CK_FUNCTION_LIST_PTR pointer (may be @code{NULL} ) + +@var{session}: will contain the CK_SESSION_HANDLE of the object + +@var{ohandle}: will contain the CK_OBJECT_HANDLE of the object + +@var{slot_id}: the identifier of the slot (may be @code{NULL} ) + +@var{flags}: Or sequence of GNUTLS_PKCS11_OBJ_* flags + +Obtains the PKCS@code{11} session handles of an object. @code{session} and @code{ohandle} must be deinitialized by the caller. The returned pointers are +independent of the @code{obj} lifetime. + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} (0) on success or a negative error code +on error. + +@strong{Since:} 3.6.3 +@end deftypefun diff --git a/doc/functions/gnutls_pkcs11_obj_get_ptr.short b/doc/functions/gnutls_pkcs11_obj_get_ptr.short new file mode 100644 index 0000000..1ee40b3 --- /dev/null +++ b/doc/functions/gnutls_pkcs11_obj_get_ptr.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pkcs11_obj_get_ptr} (gnutls_pkcs11_obj_t @var{obj}, void ** @var{ptr}, void ** @var{session}, void ** @var{ohandle}, unsigned long * @var{slot_id}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_pkcs11_obj_get_type b/doc/functions/gnutls_pkcs11_obj_get_type new file mode 100644 index 0000000..8d8fd73 --- /dev/null +++ b/doc/functions/gnutls_pkcs11_obj_get_type @@ -0,0 +1,14 @@ + + + + +@deftypefun {gnutls_pkcs11_obj_type_t} {gnutls_pkcs11_obj_get_type} (gnutls_pkcs11_obj_t @var{obj}) +@var{obj}: Holds the PKCS 11 object + +This function will return the type of the object being +stored in the structure. + +@strong{Returns:} The type of the object + +@strong{Since:} 2.12.0 +@end deftypefun diff --git a/doc/functions/gnutls_pkcs11_obj_get_type.short b/doc/functions/gnutls_pkcs11_obj_get_type.short new file mode 100644 index 0000000..f558c9a --- /dev/null +++ b/doc/functions/gnutls_pkcs11_obj_get_type.short @@ -0,0 +1 @@ +@item @var{gnutls_pkcs11_obj_type_t} @ref{gnutls_pkcs11_obj_get_type} (gnutls_pkcs11_obj_t @var{obj}) diff --git a/doc/functions/gnutls_pkcs11_obj_import_url b/doc/functions/gnutls_pkcs11_obj_import_url new file mode 100644 index 0000000..e6c0149 --- /dev/null +++ b/doc/functions/gnutls_pkcs11_obj_import_url @@ -0,0 +1,25 @@ + + + + +@deftypefun {int} {gnutls_pkcs11_obj_import_url} (gnutls_pkcs11_obj_t @var{obj}, const char * @var{url}, unsigned int @var{flags}) +@var{obj}: The structure to store the object + +@var{url}: a PKCS 11 url identifying the key + +@var{flags}: Or sequence of GNUTLS_PKCS11_OBJ_* flags + +This function will "import" a PKCS 11 URL identifying an object (e.g. certificate) +to the @code{gnutls_pkcs11_obj_t} type. This does not involve any +parsing (such as X.509 or OpenPGP) since the @code{gnutls_pkcs11_obj_t} is +format agnostic. Only data are transferred. + +If the flag @code{GNUTLS_PKCS11_OBJ_FLAG_OVERWRITE_TRUSTMOD_EXT} is specified +any certificate read, will have its extensions overwritten by any +stapled extensions in the trust module. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 2.12.0 +@end deftypefun diff --git a/doc/functions/gnutls_pkcs11_obj_import_url.short b/doc/functions/gnutls_pkcs11_obj_import_url.short new file mode 100644 index 0000000..5487993 --- /dev/null +++ b/doc/functions/gnutls_pkcs11_obj_import_url.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pkcs11_obj_import_url} (gnutls_pkcs11_obj_t @var{obj}, const char * @var{url}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_pkcs11_obj_init b/doc/functions/gnutls_pkcs11_obj_init new file mode 100644 index 0000000..6e4679e --- /dev/null +++ b/doc/functions/gnutls_pkcs11_obj_init @@ -0,0 +1,14 @@ + + + + +@deftypefun {int} {gnutls_pkcs11_obj_init} (gnutls_pkcs11_obj_t * @var{obj}) +@var{obj}: A pointer to the type to be initialized + +This function will initialize a pkcs11 certificate structure. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 2.12.0 +@end deftypefun diff --git a/doc/functions/gnutls_pkcs11_obj_init.short b/doc/functions/gnutls_pkcs11_obj_init.short new file mode 100644 index 0000000..db3962a --- /dev/null +++ b/doc/functions/gnutls_pkcs11_obj_init.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pkcs11_obj_init} (gnutls_pkcs11_obj_t * @var{obj}) diff --git a/doc/functions/gnutls_pkcs11_obj_list_import_url3 b/doc/functions/gnutls_pkcs11_obj_list_import_url3 new file mode 100644 index 0000000..ec534a8 --- /dev/null +++ b/doc/functions/gnutls_pkcs11_obj_list_import_url3 @@ -0,0 +1,39 @@ + + + + +@deftypefun {int} {gnutls_pkcs11_obj_list_import_url3} (gnutls_pkcs11_obj_t * @var{p_list}, unsigned int * @var{n_list}, const char * @var{url}, unsigned int @var{flags}) +@var{p_list}: An uninitialized object list (may be @code{NULL} ) + +@var{n_list}: Initially should hold the maximum size of the list. Will contain the actual size. + +@var{url}: A PKCS 11 url identifying a set of objects + +@var{flags}: Or sequence of GNUTLS_PKCS11_OBJ_* flags + +This function will initialize and set values to an object list +by using all objects identified by a PKCS 11 URL. + +This function will enumerate all the objects specified by the PKCS@code{11} URL +provided. It expects an already allocated @code{p_list} which has * @code{n_list} elements, +and that value will be updated to the actual number of present objects. The + @code{p_list} objects will be initialized and set by this function. +To obtain a list of all available objects use a @code{url} of 'pkcs11:'. + +All returned objects must be deinitialized using @code{gnutls_pkcs11_obj_deinit()} . + +The supported in this function @code{flags} are @code{GNUTLS_PKCS11_OBJ_FLAG_LOGIN} , +@code{GNUTLS_PKCS11_OBJ_FLAG_LOGIN_SO} , @code{GNUTLS_PKCS11_OBJ_FLAG_PRESENT_IN_TRUSTED_MODULE} , +@code{GNUTLS_PKCS11_OBJ_FLAG_CRT} , @code{GNUTLS_PKCS11_OBJ_FLAG_PUBKEY} , @code{GNUTLS_PKCS11_OBJ_FLAG_PRIVKEY} , +@code{GNUTLS_PKCS11_OBJ_FLAG_WITH_PRIVKEY} , @code{GNUTLS_PKCS11_OBJ_FLAG_MARK_CA} , +@code{GNUTLS_PKCS11_OBJ_FLAG_MARK_TRUSTED} , and since 3.5.1 the @code{GNUTLS_PKCS11_OBJ_FLAG_OVERWRITE_TRUSTMOD_EXT} . + +On versions of GnuTLS prior to 3.4.0 the equivalent function was +@code{gnutls_pkcs11_obj_list_import_url()} . That is also available on this version +as a macro which maps to this function. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.4.0 +@end deftypefun diff --git a/doc/functions/gnutls_pkcs11_obj_list_import_url3.short b/doc/functions/gnutls_pkcs11_obj_list_import_url3.short new file mode 100644 index 0000000..5fe1632 --- /dev/null +++ b/doc/functions/gnutls_pkcs11_obj_list_import_url3.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pkcs11_obj_list_import_url3} (gnutls_pkcs11_obj_t * @var{p_list}, unsigned int * @var{n_list}, const char * @var{url}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_pkcs11_obj_list_import_url4 b/doc/functions/gnutls_pkcs11_obj_list_import_url4 new file mode 100644 index 0000000..23f6e71 --- /dev/null +++ b/doc/functions/gnutls_pkcs11_obj_list_import_url4 @@ -0,0 +1,35 @@ + + + + +@deftypefun {int} {gnutls_pkcs11_obj_list_import_url4} (gnutls_pkcs11_obj_t ** @var{p_list}, unsigned int * @var{n_list}, const char * @var{url}, unsigned int @var{flags}) +@var{p_list}: An uninitialized object list (may be NULL) + +@var{n_list}: It will contain the size of the list. + +@var{url}: A PKCS 11 url identifying a set of objects + +@var{flags}: Or sequence of GNUTLS_PKCS11_OBJ_* flags + +This function will enumerate all the objects specified by the PKCS@code{11} URL +provided. It will initialize and set values to the object pointer list ( @code{p_list} ) +provided. To obtain a list of all available objects use a @code{url} of 'pkcs11:'. + +All returned objects must be deinitialized using @code{gnutls_pkcs11_obj_deinit()} , +and @code{p_list} must be deinitialized using @code{gnutls_free()} . + +The supported in this function @code{flags} are @code{GNUTLS_PKCS11_OBJ_FLAG_LOGIN} , +@code{GNUTLS_PKCS11_OBJ_FLAG_LOGIN_SO} , @code{GNUTLS_PKCS11_OBJ_FLAG_PRESENT_IN_TRUSTED_MODULE} , +@code{GNUTLS_PKCS11_OBJ_FLAG_CRT} , @code{GNUTLS_PKCS11_OBJ_FLAG_PUBKEY} , @code{GNUTLS_PKCS11_OBJ_FLAG_PRIVKEY} , +@code{GNUTLS_PKCS11_OBJ_FLAG_WITH_PRIVKEY} , @code{GNUTLS_PKCS11_OBJ_FLAG_MARK_CA} , +@code{GNUTLS_PKCS11_OBJ_FLAG_MARK_TRUSTED} , and since 3.5.1 the @code{GNUTLS_PKCS11_OBJ_FLAG_OVERWRITE_TRUSTMOD_EXT} . + +On versions of GnuTLS prior to 3.4.0 the equivalent function was +@code{gnutls_pkcs11_obj_list_import_url2()} . That is also available on this version +as a macro which maps to this function. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.4.0 +@end deftypefun diff --git a/doc/functions/gnutls_pkcs11_obj_list_import_url4.short b/doc/functions/gnutls_pkcs11_obj_list_import_url4.short new file mode 100644 index 0000000..d6abf75 --- /dev/null +++ b/doc/functions/gnutls_pkcs11_obj_list_import_url4.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pkcs11_obj_list_import_url4} (gnutls_pkcs11_obj_t ** @var{p_list}, unsigned int * @var{n_list}, const char * @var{url}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_pkcs11_obj_set_info b/doc/functions/gnutls_pkcs11_obj_set_info new file mode 100644 index 0000000..37b1489 --- /dev/null +++ b/doc/functions/gnutls_pkcs11_obj_set_info @@ -0,0 +1,23 @@ + + + + +@deftypefun {int} {gnutls_pkcs11_obj_set_info} (gnutls_pkcs11_obj_t @var{obj}, gnutls_pkcs11_obj_info_t @var{itype}, const void * @var{data}, size_t @var{data_size}, unsigned @var{flags}) +@var{obj}: should contain a @code{gnutls_pkcs11_obj_t} type + +@var{itype}: Denotes the type of information to be set + +@var{data}: the data to set + +@var{data_size}: the size of data + +@var{flags}: Or sequence of GNUTLS_PKCS11_OBJ_* flags + +This function will set attributes on the provided object. +Available options for @code{itype} are @code{GNUTLS_PKCS11_OBJ_LABEL} , +@code{GNUTLS_PKCS11_OBJ_ID_HEX} , and @code{GNUTLS_PKCS11_OBJ_ID} . + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} (0) on success or a negative error code on error. + +@strong{Since:} 3.4.0 +@end deftypefun diff --git a/doc/functions/gnutls_pkcs11_obj_set_info.short b/doc/functions/gnutls_pkcs11_obj_set_info.short new file mode 100644 index 0000000..5a335b2 --- /dev/null +++ b/doc/functions/gnutls_pkcs11_obj_set_info.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pkcs11_obj_set_info} (gnutls_pkcs11_obj_t @var{obj}, gnutls_pkcs11_obj_info_t @var{itype}, const void * @var{data}, size_t @var{data_size}, unsigned @var{flags}) diff --git a/doc/functions/gnutls_pkcs11_obj_set_pin_function b/doc/functions/gnutls_pkcs11_obj_set_pin_function new file mode 100644 index 0000000..dc9c91a --- /dev/null +++ b/doc/functions/gnutls_pkcs11_obj_set_pin_function @@ -0,0 +1,17 @@ + + + + +@deftypefun {void} {gnutls_pkcs11_obj_set_pin_function} (gnutls_pkcs11_obj_t @var{obj}, gnutls_pin_callback_t @var{fn}, void * @var{userdata}) +@var{obj}: The object structure + +@var{fn}: the callback + +@var{userdata}: data associated with the callback + +This function will set a callback function to be used when +required to access the object. This function overrides the global +set using @code{gnutls_pkcs11_set_pin_function()} . + +@strong{Since:} 3.1.0 +@end deftypefun diff --git a/doc/functions/gnutls_pkcs11_obj_set_pin_function.short b/doc/functions/gnutls_pkcs11_obj_set_pin_function.short new file mode 100644 index 0000000..c605a1c --- /dev/null +++ b/doc/functions/gnutls_pkcs11_obj_set_pin_function.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_pkcs11_obj_set_pin_function} (gnutls_pkcs11_obj_t @var{obj}, gnutls_pin_callback_t @var{fn}, void * @var{userdata}) diff --git a/doc/functions/gnutls_pkcs11_privkey_cpy b/doc/functions/gnutls_pkcs11_privkey_cpy new file mode 100644 index 0000000..91e78aa --- /dev/null +++ b/doc/functions/gnutls_pkcs11_privkey_cpy @@ -0,0 +1,17 @@ + + + + +@deftypefun {int} {gnutls_pkcs11_privkey_cpy} (gnutls_pkcs11_privkey_t @var{dst}, gnutls_pkcs11_privkey_t @var{src}) +@var{dst}: The destination key, which should be initialized. + +@var{src}: The source key + +This function will copy a private key from source to destination +key. Destination has to be initialized. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.4.0 +@end deftypefun diff --git a/doc/functions/gnutls_pkcs11_privkey_cpy.short b/doc/functions/gnutls_pkcs11_privkey_cpy.short new file mode 100644 index 0000000..70725ee --- /dev/null +++ b/doc/functions/gnutls_pkcs11_privkey_cpy.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pkcs11_privkey_cpy} (gnutls_pkcs11_privkey_t @var{dst}, gnutls_pkcs11_privkey_t @var{src}) diff --git a/doc/functions/gnutls_pkcs11_privkey_deinit b/doc/functions/gnutls_pkcs11_privkey_deinit new file mode 100644 index 0000000..44485ea --- /dev/null +++ b/doc/functions/gnutls_pkcs11_privkey_deinit @@ -0,0 +1,9 @@ + + + + +@deftypefun {void} {gnutls_pkcs11_privkey_deinit} (gnutls_pkcs11_privkey_t @var{key}) +@var{key}: the key to be deinitialized + +This function will deinitialize a private key structure. +@end deftypefun diff --git a/doc/functions/gnutls_pkcs11_privkey_deinit.short b/doc/functions/gnutls_pkcs11_privkey_deinit.short new file mode 100644 index 0000000..03c764c --- /dev/null +++ b/doc/functions/gnutls_pkcs11_privkey_deinit.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_pkcs11_privkey_deinit} (gnutls_pkcs11_privkey_t @var{key}) diff --git a/doc/functions/gnutls_pkcs11_privkey_export_pubkey b/doc/functions/gnutls_pkcs11_privkey_export_pubkey new file mode 100644 index 0000000..719f4cc --- /dev/null +++ b/doc/functions/gnutls_pkcs11_privkey_export_pubkey @@ -0,0 +1,23 @@ + + + + +@deftypefun {int} {gnutls_pkcs11_privkey_export_pubkey} (gnutls_pkcs11_privkey_t @var{pkey}, gnutls_x509_crt_fmt_t @var{fmt}, gnutls_datum_t * @var{data}, unsigned int @var{flags}) +@var{pkey}: The private key + +@var{fmt}: the format of output params. PEM or DER. + +@var{data}: will hold the public key + +@var{flags}: should be zero + +This function will extract the public key (modulus and public +exponent) from the private key specified by the @code{url} private key. +This public key will be stored in @code{pubkey} in the format specified +by @code{fmt} . @code{pubkey} should be deinitialized using @code{gnutls_free()} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.3.7 +@end deftypefun diff --git a/doc/functions/gnutls_pkcs11_privkey_export_pubkey.short b/doc/functions/gnutls_pkcs11_privkey_export_pubkey.short new file mode 100644 index 0000000..a98ebb5 --- /dev/null +++ b/doc/functions/gnutls_pkcs11_privkey_export_pubkey.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pkcs11_privkey_export_pubkey} (gnutls_pkcs11_privkey_t @var{pkey}, gnutls_x509_crt_fmt_t @var{fmt}, gnutls_datum_t * @var{data}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_pkcs11_privkey_export_url b/doc/functions/gnutls_pkcs11_privkey_export_url new file mode 100644 index 0000000..06ef985 --- /dev/null +++ b/doc/functions/gnutls_pkcs11_privkey_export_url @@ -0,0 +1,16 @@ + + + + +@deftypefun {int} {gnutls_pkcs11_privkey_export_url} (gnutls_pkcs11_privkey_t @var{key}, gnutls_pkcs11_url_type_t @var{detailed}, char ** @var{url}) +@var{key}: Holds the PKCS 11 key + +@var{detailed}: non zero if a detailed URL is required + +@var{url}: will contain an allocated url + +This function will export a URL identifying the given key. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_pkcs11_privkey_export_url.short b/doc/functions/gnutls_pkcs11_privkey_export_url.short new file mode 100644 index 0000000..19940c1 --- /dev/null +++ b/doc/functions/gnutls_pkcs11_privkey_export_url.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pkcs11_privkey_export_url} (gnutls_pkcs11_privkey_t @var{key}, gnutls_pkcs11_url_type_t @var{detailed}, char ** @var{url}) diff --git a/doc/functions/gnutls_pkcs11_privkey_generate b/doc/functions/gnutls_pkcs11_privkey_generate new file mode 100644 index 0000000..56d6143 --- /dev/null +++ b/doc/functions/gnutls_pkcs11_privkey_generate @@ -0,0 +1,24 @@ + + + + +@deftypefun {int} {gnutls_pkcs11_privkey_generate} (const char * @var{url}, gnutls_pk_algorithm_t @var{pk}, unsigned int @var{bits}, const char * @var{label}, unsigned int @var{flags}) +@var{url}: a token URL + +@var{pk}: the public key algorithm + +@var{bits}: the security bits + +@var{label}: a label + +@var{flags}: should be zero + +This function will generate a private key in the specified +by the @code{url} token. The private key will be generate within +the token and will not be exportable. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.0 +@end deftypefun diff --git a/doc/functions/gnutls_pkcs11_privkey_generate.short b/doc/functions/gnutls_pkcs11_privkey_generate.short new file mode 100644 index 0000000..0c3f08e --- /dev/null +++ b/doc/functions/gnutls_pkcs11_privkey_generate.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pkcs11_privkey_generate} (const char * @var{url}, gnutls_pk_algorithm_t @var{pk}, unsigned int @var{bits}, const char * @var{label}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_pkcs11_privkey_generate2 b/doc/functions/gnutls_pkcs11_privkey_generate2 new file mode 100644 index 0000000..5425752 --- /dev/null +++ b/doc/functions/gnutls_pkcs11_privkey_generate2 @@ -0,0 +1,34 @@ + + + + +@deftypefun {int} {gnutls_pkcs11_privkey_generate2} (const char * @var{url}, gnutls_pk_algorithm_t @var{pk}, unsigned int @var{bits}, const char * @var{label}, gnutls_x509_crt_fmt_t @var{fmt}, gnutls_datum_t * @var{pubkey}, unsigned int @var{flags}) +@var{url}: a token URL + +@var{pk}: the public key algorithm + +@var{bits}: the security bits + +@var{label}: a label + +@var{fmt}: the format of output params. PEM or DER + +@var{pubkey}: will hold the public key (may be @code{NULL} ) + +@var{flags}: zero or an OR'ed sequence of @code{GNUTLS_PKCS11_OBJ_FLAGs} + +This function will generate a private key in the specified +by the @code{url} token. The private key will be generate within +the token and will not be exportable. This function will +store the DER-encoded public key in the SubjectPublicKeyInfo format +in @code{pubkey} . The @code{pubkey} should be deinitialized using @code{gnutls_free()} . + +Note that when generating an elliptic curve key, the curve +can be substituted in the place of the bits parameter using the +@code{GNUTLS_CURVE_TO_BITS()} macro. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.1.5 +@end deftypefun diff --git a/doc/functions/gnutls_pkcs11_privkey_generate2.short b/doc/functions/gnutls_pkcs11_privkey_generate2.short new file mode 100644 index 0000000..93ed6f2 --- /dev/null +++ b/doc/functions/gnutls_pkcs11_privkey_generate2.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pkcs11_privkey_generate2} (const char * @var{url}, gnutls_pk_algorithm_t @var{pk}, unsigned int @var{bits}, const char * @var{label}, gnutls_x509_crt_fmt_t @var{fmt}, gnutls_datum_t * @var{pubkey}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_pkcs11_privkey_generate3 b/doc/functions/gnutls_pkcs11_privkey_generate3 new file mode 100644 index 0000000..cf7afdc --- /dev/null +++ b/doc/functions/gnutls_pkcs11_privkey_generate3 @@ -0,0 +1,41 @@ + + + + +@deftypefun {int} {gnutls_pkcs11_privkey_generate3} (const char * @var{url}, gnutls_pk_algorithm_t @var{pk}, unsigned int @var{bits}, const char * @var{label}, const gnutls_datum_t * @var{cid}, gnutls_x509_crt_fmt_t @var{fmt}, gnutls_datum_t * @var{pubkey}, unsigned int @var{key_usage}, unsigned int @var{flags}) +@var{url}: a token URL + +@var{pk}: the public key algorithm + +@var{bits}: the security bits + +@var{label}: a label + +@var{cid}: The CKA_ID to use for the new object + +@var{fmt}: the format of output params. PEM or DER + +@var{pubkey}: will hold the public key (may be @code{NULL} ) + +@var{key_usage}: One of GNUTLS_KEY_* + +@var{flags}: zero or an OR'ed sequence of @code{GNUTLS_PKCS11_OBJ_FLAGs} + +This function will generate a private key in the specified +by the @code{url} token. The private key will be generate within +the token and will not be exportable. This function will +store the DER-encoded public key in the SubjectPublicKeyInfo format +in @code{pubkey} . The @code{pubkey} should be deinitialized using @code{gnutls_free()} . + +Note that when generating an elliptic curve key, the curve +can be substituted in the place of the bits parameter using the +@code{GNUTLS_CURVE_TO_BITS()} macro. + +Since 3.6.3 the objects are marked as sensitive by default unless +@code{GNUTLS_PKCS11_OBJ_FLAG_MARK_NOT_SENSITIVE} is specified. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.4.0 +@end deftypefun diff --git a/doc/functions/gnutls_pkcs11_privkey_generate3.short b/doc/functions/gnutls_pkcs11_privkey_generate3.short new file mode 100644 index 0000000..cc8d0c9 --- /dev/null +++ b/doc/functions/gnutls_pkcs11_privkey_generate3.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pkcs11_privkey_generate3} (const char * @var{url}, gnutls_pk_algorithm_t @var{pk}, unsigned int @var{bits}, const char * @var{label}, const gnutls_datum_t * @var{cid}, gnutls_x509_crt_fmt_t @var{fmt}, gnutls_datum_t * @var{pubkey}, unsigned int @var{key_usage}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_pkcs11_privkey_get_info b/doc/functions/gnutls_pkcs11_privkey_get_info new file mode 100644 index 0000000..e184716 --- /dev/null +++ b/doc/functions/gnutls_pkcs11_privkey_get_info @@ -0,0 +1,20 @@ + + + + +@deftypefun {int} {gnutls_pkcs11_privkey_get_info} (gnutls_pkcs11_privkey_t @var{pkey}, gnutls_pkcs11_obj_info_t @var{itype}, void * @var{output}, size_t * @var{output_size}) +@var{pkey}: should contain a @code{gnutls_pkcs11_privkey_t} type + +@var{itype}: Denotes the type of information requested + +@var{output}: where output will be stored + +@var{output_size}: contains the maximum size of the output and will be overwritten with actual + +This function will return information about the PKCS 11 private key such +as the label, id as well as token information where the key is stored. When +output is text it returns null terminated string although @code{output_size} contains +the size of the actual data only. + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} (0) on success or a negative error code on error. +@end deftypefun diff --git a/doc/functions/gnutls_pkcs11_privkey_get_info.short b/doc/functions/gnutls_pkcs11_privkey_get_info.short new file mode 100644 index 0000000..1b243e9 --- /dev/null +++ b/doc/functions/gnutls_pkcs11_privkey_get_info.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pkcs11_privkey_get_info} (gnutls_pkcs11_privkey_t @var{pkey}, gnutls_pkcs11_obj_info_t @var{itype}, void * @var{output}, size_t * @var{output_size}) diff --git a/doc/functions/gnutls_pkcs11_privkey_get_pk_algorithm b/doc/functions/gnutls_pkcs11_privkey_get_pk_algorithm new file mode 100644 index 0000000..6f367d4 --- /dev/null +++ b/doc/functions/gnutls_pkcs11_privkey_get_pk_algorithm @@ -0,0 +1,15 @@ + + + + +@deftypefun {int} {gnutls_pkcs11_privkey_get_pk_algorithm} (gnutls_pkcs11_privkey_t @var{key}, unsigned int * @var{bits}) +@var{key}: should contain a @code{gnutls_pkcs11_privkey_t} type + +@var{bits}: if bits is non null it will hold the size of the parameters' in bits + +This function will return the public key algorithm of a private +key. + +@strong{Returns:} a member of the @code{gnutls_pk_algorithm_t} enumeration on +success, or a negative error code on error. +@end deftypefun diff --git a/doc/functions/gnutls_pkcs11_privkey_get_pk_algorithm.short b/doc/functions/gnutls_pkcs11_privkey_get_pk_algorithm.short new file mode 100644 index 0000000..d407d71 --- /dev/null +++ b/doc/functions/gnutls_pkcs11_privkey_get_pk_algorithm.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pkcs11_privkey_get_pk_algorithm} (gnutls_pkcs11_privkey_t @var{key}, unsigned int * @var{bits}) diff --git a/doc/functions/gnutls_pkcs11_privkey_import_url b/doc/functions/gnutls_pkcs11_privkey_import_url new file mode 100644 index 0000000..122a8e6 --- /dev/null +++ b/doc/functions/gnutls_pkcs11_privkey_import_url @@ -0,0 +1,19 @@ + + + + +@deftypefun {int} {gnutls_pkcs11_privkey_import_url} (gnutls_pkcs11_privkey_t @var{pkey}, const char * @var{url}, unsigned int @var{flags}) +@var{pkey}: The private key + +@var{url}: a PKCS 11 url identifying the key + +@var{flags}: Or sequence of GNUTLS_PKCS11_OBJ_* flags + +This function will "import" a PKCS 11 URL identifying a private +key to the @code{gnutls_pkcs11_privkey_t} type. In reality since +in most cases keys cannot be exported, the private key structure +is being associated with the available operations on the token. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_pkcs11_privkey_import_url.short b/doc/functions/gnutls_pkcs11_privkey_import_url.short new file mode 100644 index 0000000..3748496 --- /dev/null +++ b/doc/functions/gnutls_pkcs11_privkey_import_url.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pkcs11_privkey_import_url} (gnutls_pkcs11_privkey_t @var{pkey}, const char * @var{url}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_pkcs11_privkey_init b/doc/functions/gnutls_pkcs11_privkey_init new file mode 100644 index 0000000..da5f3a5 --- /dev/null +++ b/doc/functions/gnutls_pkcs11_privkey_init @@ -0,0 +1,18 @@ + + + + +@deftypefun {int} {gnutls_pkcs11_privkey_init} (gnutls_pkcs11_privkey_t * @var{key}) +@var{key}: A pointer to the type to be initialized + +This function will initialize an private key structure. This +structure can be used for accessing an underlying PKCS@code{11} object. + +In versions of GnuTLS later than 3.5.11 the object is protected +using locks and a single @code{gnutls_pkcs11_privkey_t} can be re-used +by many threads. However, for performance it is recommended to utilize +one object per key per thread. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_pkcs11_privkey_init.short b/doc/functions/gnutls_pkcs11_privkey_init.short new file mode 100644 index 0000000..af31a59 --- /dev/null +++ b/doc/functions/gnutls_pkcs11_privkey_init.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pkcs11_privkey_init} (gnutls_pkcs11_privkey_t * @var{key}) diff --git a/doc/functions/gnutls_pkcs11_privkey_set_pin_function b/doc/functions/gnutls_pkcs11_privkey_set_pin_function new file mode 100644 index 0000000..9105fb4 --- /dev/null +++ b/doc/functions/gnutls_pkcs11_privkey_set_pin_function @@ -0,0 +1,17 @@ + + + + +@deftypefun {void} {gnutls_pkcs11_privkey_set_pin_function} (gnutls_pkcs11_privkey_t @var{key}, gnutls_pin_callback_t @var{fn}, void * @var{userdata}) +@var{key}: The private key + +@var{fn}: the callback + +@var{userdata}: data associated with the callback + +This function will set a callback function to be used when +required to access the object. This function overrides the global +set using @code{gnutls_pkcs11_set_pin_function()} . + +@strong{Since:} 3.1.0 +@end deftypefun diff --git a/doc/functions/gnutls_pkcs11_privkey_set_pin_function.short b/doc/functions/gnutls_pkcs11_privkey_set_pin_function.short new file mode 100644 index 0000000..9b36382 --- /dev/null +++ b/doc/functions/gnutls_pkcs11_privkey_set_pin_function.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_pkcs11_privkey_set_pin_function} (gnutls_pkcs11_privkey_t @var{key}, gnutls_pin_callback_t @var{fn}, void * @var{userdata}) diff --git a/doc/functions/gnutls_pkcs11_privkey_status b/doc/functions/gnutls_pkcs11_privkey_status new file mode 100644 index 0000000..e915ab4 --- /dev/null +++ b/doc/functions/gnutls_pkcs11_privkey_status @@ -0,0 +1,14 @@ + + + + +@deftypefun {unsigned} {gnutls_pkcs11_privkey_status} (gnutls_pkcs11_privkey_t @var{key}) +@var{key}: Holds the key + +Checks the status of the private key token. + +@strong{Returns:} this function will return non-zero if the token +holding the private key is still available (inserted), and zero otherwise. + +@strong{Since:} 3.1.9 +@end deftypefun diff --git a/doc/functions/gnutls_pkcs11_privkey_status.short b/doc/functions/gnutls_pkcs11_privkey_status.short new file mode 100644 index 0000000..d16e340 --- /dev/null +++ b/doc/functions/gnutls_pkcs11_privkey_status.short @@ -0,0 +1 @@ +@item @var{unsigned} @ref{gnutls_pkcs11_privkey_status} (gnutls_pkcs11_privkey_t @var{key}) diff --git a/doc/functions/gnutls_pkcs11_reinit b/doc/functions/gnutls_pkcs11_reinit new file mode 100644 index 0000000..d60a5f7 --- /dev/null +++ b/doc/functions/gnutls_pkcs11_reinit @@ -0,0 +1,18 @@ + + + + +@deftypefun {int} {gnutls_pkcs11_reinit} ( @var{void}) + +This function will reinitialize the PKCS 11 subsystem in gnutls. +This is required by PKCS 11 when an application uses @code{fork()} . The +reinitialization function must be called on the child. + +Note that since GnuTLS 3.3.0, the reinitialization of the PKCS @code{11} +subsystem occurs automatically after fork. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.0 +@end deftypefun diff --git a/doc/functions/gnutls_pkcs11_reinit.short b/doc/functions/gnutls_pkcs11_reinit.short new file mode 100644 index 0000000..286040a --- /dev/null +++ b/doc/functions/gnutls_pkcs11_reinit.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pkcs11_reinit} ( @var{void}) diff --git a/doc/functions/gnutls_pkcs11_set_pin_function b/doc/functions/gnutls_pkcs11_set_pin_function new file mode 100644 index 0000000..22d8802 --- /dev/null +++ b/doc/functions/gnutls_pkcs11_set_pin_function @@ -0,0 +1,15 @@ + + + + +@deftypefun {void} {gnutls_pkcs11_set_pin_function} (gnutls_pin_callback_t @var{fn}, void * @var{userdata}) +@var{fn}: The PIN callback, a @code{gnutls_pin_callback_t()} function. + +@var{userdata}: data to be supplied to callback + +This function will set a callback function to be used when a PIN is +required for PKCS 11 operations. See +@code{gnutls_pin_callback_t()} on how the callback should behave. + +@strong{Since:} 2.12.0 +@end deftypefun diff --git a/doc/functions/gnutls_pkcs11_set_pin_function.short b/doc/functions/gnutls_pkcs11_set_pin_function.short new file mode 100644 index 0000000..ef9801f --- /dev/null +++ b/doc/functions/gnutls_pkcs11_set_pin_function.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_pkcs11_set_pin_function} (gnutls_pin_callback_t @var{fn}, void * @var{userdata}) diff --git a/doc/functions/gnutls_pkcs11_set_token_function b/doc/functions/gnutls_pkcs11_set_token_function new file mode 100644 index 0000000..ef1f91c --- /dev/null +++ b/doc/functions/gnutls_pkcs11_set_token_function @@ -0,0 +1,14 @@ + + + + +@deftypefun {void} {gnutls_pkcs11_set_token_function} (gnutls_pkcs11_token_callback_t @var{fn}, void * @var{userdata}) +@var{fn}: The token callback + +@var{userdata}: data to be supplied to callback + +This function will set a callback function to be used when a token +needs to be inserted to continue PKCS 11 operations. + +@strong{Since:} 2.12.0 +@end deftypefun diff --git a/doc/functions/gnutls_pkcs11_set_token_function.short b/doc/functions/gnutls_pkcs11_set_token_function.short new file mode 100644 index 0000000..0d31fd8 --- /dev/null +++ b/doc/functions/gnutls_pkcs11_set_token_function.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_pkcs11_set_token_function} (gnutls_pkcs11_token_callback_t @var{fn}, void * @var{userdata}) diff --git a/doc/functions/gnutls_pkcs11_token_check_mechanism b/doc/functions/gnutls_pkcs11_token_check_mechanism new file mode 100644 index 0000000..a9f6ec8 --- /dev/null +++ b/doc/functions/gnutls_pkcs11_token_check_mechanism @@ -0,0 +1,23 @@ + + + + +@deftypefun {unsigned} {gnutls_pkcs11_token_check_mechanism} (const char * @var{url}, unsigned long @var{mechanism}, void * @var{ptr}, unsigned @var{psize}, unsigned @var{flags}) +@var{url}: should contain a PKCS 11 URL + +@var{mechanism}: The PKCS @code{11} mechanism ID + +@var{ptr}: if set it should point to a CK_MECHANISM_INFO struct + +@var{psize}: the size of CK_MECHANISM_INFO struct (for safety) + +@var{flags}: must be zero + +This function will return whether a mechanism is supported +by the given token. If the mechanism is supported and + @code{ptr} is set, it will be updated with the token information. + +@strong{Returns:} Non-zero if the mechanism is supported or zero otherwise. + +@strong{Since:} 3.6.0 +@end deftypefun diff --git a/doc/functions/gnutls_pkcs11_token_check_mechanism.short b/doc/functions/gnutls_pkcs11_token_check_mechanism.short new file mode 100644 index 0000000..ddc5e15 --- /dev/null +++ b/doc/functions/gnutls_pkcs11_token_check_mechanism.short @@ -0,0 +1 @@ +@item @var{unsigned} @ref{gnutls_pkcs11_token_check_mechanism} (const char * @var{url}, unsigned long @var{mechanism}, void * @var{ptr}, unsigned @var{psize}, unsigned @var{flags}) diff --git a/doc/functions/gnutls_pkcs11_token_get_flags b/doc/functions/gnutls_pkcs11_token_get_flags new file mode 100644 index 0000000..9778d58 --- /dev/null +++ b/doc/functions/gnutls_pkcs11_token_get_flags @@ -0,0 +1,17 @@ + + + + +@deftypefun {int} {gnutls_pkcs11_token_get_flags} (const char * @var{url}, unsigned int * @var{flags}) +@var{url}: should contain a PKCS 11 URL + +@var{flags}: The output flags (GNUTLS_PKCS11_TOKEN_*) + +This function will return information about the PKCS 11 token flags. + +The supported flags are: @code{GNUTLS_PKCS11_TOKEN_HW} and @code{GNUTLS_PKCS11_TOKEN_TRUSTED} . + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} (0) on success or a negative error code on error. + +@strong{Since:} 2.12.0 +@end deftypefun diff --git a/doc/functions/gnutls_pkcs11_token_get_flags.short b/doc/functions/gnutls_pkcs11_token_get_flags.short new file mode 100644 index 0000000..c375cf9 --- /dev/null +++ b/doc/functions/gnutls_pkcs11_token_get_flags.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pkcs11_token_get_flags} (const char * @var{url}, unsigned int * @var{flags}) diff --git a/doc/functions/gnutls_pkcs11_token_get_info b/doc/functions/gnutls_pkcs11_token_get_info new file mode 100644 index 0000000..90a437e --- /dev/null +++ b/doc/functions/gnutls_pkcs11_token_get_info @@ -0,0 +1,27 @@ + + + + +@deftypefun {int} {gnutls_pkcs11_token_get_info} (const char * @var{url}, gnutls_pkcs11_token_info_t @var{ttype}, void * @var{output}, size_t * @var{output_size}) +@var{url}: should contain a PKCS 11 URL + +@var{ttype}: Denotes the type of information requested + +@var{output}: where output will be stored + +@var{output_size}: contains the maximum size of the output buffer and will be +overwritten with the actual size. + +This function will return information about the PKCS 11 token such +as the label, id, etc. + +When output is text, a null terminated string is written to @code{output} and its +string length is written to @code{output_size} (without null terminator). If the +buffer is too small, @code{output_size} will contain the expected buffer size +(with null terminator for text) and return @code{GNUTLS_E_SHORT_MEMORY_BUFFER} . + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} (0) on success or a negative error code +on error. + +@strong{Since:} 2.12.0 +@end deftypefun diff --git a/doc/functions/gnutls_pkcs11_token_get_info.short b/doc/functions/gnutls_pkcs11_token_get_info.short new file mode 100644 index 0000000..8ddbe46 --- /dev/null +++ b/doc/functions/gnutls_pkcs11_token_get_info.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pkcs11_token_get_info} (const char * @var{url}, gnutls_pkcs11_token_info_t @var{ttype}, void * @var{output}, size_t * @var{output_size}) diff --git a/doc/functions/gnutls_pkcs11_token_get_mechanism b/doc/functions/gnutls_pkcs11_token_get_mechanism new file mode 100644 index 0000000..4bb570a --- /dev/null +++ b/doc/functions/gnutls_pkcs11_token_get_mechanism @@ -0,0 +1,19 @@ + + + + +@deftypefun {int} {gnutls_pkcs11_token_get_mechanism} (const char * @var{url}, unsigned int @var{idx}, unsigned long * @var{mechanism}) +@var{url}: should contain a PKCS 11 URL + +@var{idx}: The index of the mechanism + +@var{mechanism}: The PKCS @code{11} mechanism ID + +This function will return the names of the supported mechanisms +by the token. It should be called with an increasing index until +it return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE. + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} (0) on success or a negative error code on error. + +@strong{Since:} 2.12.0 +@end deftypefun diff --git a/doc/functions/gnutls_pkcs11_token_get_mechanism.short b/doc/functions/gnutls_pkcs11_token_get_mechanism.short new file mode 100644 index 0000000..25bace4 --- /dev/null +++ b/doc/functions/gnutls_pkcs11_token_get_mechanism.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pkcs11_token_get_mechanism} (const char * @var{url}, unsigned int @var{idx}, unsigned long * @var{mechanism}) diff --git a/doc/functions/gnutls_pkcs11_token_get_ptr b/doc/functions/gnutls_pkcs11_token_get_ptr new file mode 100644 index 0000000..5434fc4 --- /dev/null +++ b/doc/functions/gnutls_pkcs11_token_get_ptr @@ -0,0 +1,22 @@ + + + + +@deftypefun {int} {gnutls_pkcs11_token_get_ptr} (const char * @var{url}, void ** @var{ptr}, unsigned long * @var{slot_id}, unsigned int @var{flags}) +@var{url}: should contain a PKCS@code{11} URL identifying a token + +@var{ptr}: will contain the CK_FUNCTION_LIST_PTR pointer + +@var{slot_id}: will contain the slot_id (may be @code{NULL} ) + +@var{flags}: should be zero + +This function will return the function pointer of the specified +token by the URL. The returned pointers are valid until +gnutls is deinitialized, c.f. @code{_global_deinit()} . + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} (0) on success or a negative error code +on error. + +@strong{Since:} 3.6.3 +@end deftypefun diff --git a/doc/functions/gnutls_pkcs11_token_get_ptr.short b/doc/functions/gnutls_pkcs11_token_get_ptr.short new file mode 100644 index 0000000..5d6473c --- /dev/null +++ b/doc/functions/gnutls_pkcs11_token_get_ptr.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pkcs11_token_get_ptr} (const char * @var{url}, void ** @var{ptr}, unsigned long * @var{slot_id}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_pkcs11_token_get_random b/doc/functions/gnutls_pkcs11_token_get_random new file mode 100644 index 0000000..5307b16 --- /dev/null +++ b/doc/functions/gnutls_pkcs11_token_get_random @@ -0,0 +1,18 @@ + + + + +@deftypefun {int} {gnutls_pkcs11_token_get_random} (const char * @var{token_url}, void * @var{rnddata}, size_t @var{len}) +@var{token_url}: A PKCS @code{11} URL specifying a token + +@var{rnddata}: A pointer to the memory area to be filled with random data + +@var{len}: The number of bytes of randomness to request + +This function will get random data from the given token. +It will store rnddata and fill the memory pointed to by rnddata with +len random bytes from the token. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_pkcs11_token_get_random.short b/doc/functions/gnutls_pkcs11_token_get_random.short new file mode 100644 index 0000000..bb049fd --- /dev/null +++ b/doc/functions/gnutls_pkcs11_token_get_random.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pkcs11_token_get_random} (const char * @var{token_url}, void * @var{rnddata}, size_t @var{len}) diff --git a/doc/functions/gnutls_pkcs11_token_get_url b/doc/functions/gnutls_pkcs11_token_get_url new file mode 100644 index 0000000..e02b69f --- /dev/null +++ b/doc/functions/gnutls_pkcs11_token_get_url @@ -0,0 +1,20 @@ + + + + +@deftypefun {int} {gnutls_pkcs11_token_get_url} (unsigned int @var{seq}, gnutls_pkcs11_url_type_t @var{detailed}, char ** @var{url}) +@var{seq}: sequence number starting from 0 + +@var{detailed}: non zero if a detailed URL is required + +@var{url}: will contain an allocated url + +This function will return the URL for each token available +in system. The url has to be released using @code{gnutls_free()} + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, +@code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} if the sequence number +exceeds the available tokens, otherwise a negative error value. + +@strong{Since:} 2.12.0 +@end deftypefun diff --git a/doc/functions/gnutls_pkcs11_token_get_url.short b/doc/functions/gnutls_pkcs11_token_get_url.short new file mode 100644 index 0000000..06b09a8 --- /dev/null +++ b/doc/functions/gnutls_pkcs11_token_get_url.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pkcs11_token_get_url} (unsigned int @var{seq}, gnutls_pkcs11_url_type_t @var{detailed}, char ** @var{url}) diff --git a/doc/functions/gnutls_pkcs11_token_init b/doc/functions/gnutls_pkcs11_token_init new file mode 100644 index 0000000..5d2eb9b --- /dev/null +++ b/doc/functions/gnutls_pkcs11_token_init @@ -0,0 +1,18 @@ + + + + +@deftypefun {int} {gnutls_pkcs11_token_init} (const char * @var{token_url}, const char * @var{so_pin}, const char * @var{label}) +@var{token_url}: A PKCS @code{11} URL specifying a token + +@var{so_pin}: Security Officer's PIN + +@var{label}: A name to be used for the token + +This function will initialize (format) a token. If the token is +at a factory defaults state the security officer's PIN given will be +set to be the default. Otherwise it should match the officer's PIN. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_pkcs11_token_init.short b/doc/functions/gnutls_pkcs11_token_init.short new file mode 100644 index 0000000..35e9ffb --- /dev/null +++ b/doc/functions/gnutls_pkcs11_token_init.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pkcs11_token_init} (const char * @var{token_url}, const char * @var{so_pin}, const char * @var{label}) diff --git a/doc/functions/gnutls_pkcs11_token_set_pin b/doc/functions/gnutls_pkcs11_token_set_pin new file mode 100644 index 0000000..98e281b --- /dev/null +++ b/doc/functions/gnutls_pkcs11_token_set_pin @@ -0,0 +1,22 @@ + + + + +@deftypefun {int} {gnutls_pkcs11_token_set_pin} (const char * @var{token_url}, const char * @var{oldpin}, const char * @var{newpin}, unsigned int @var{flags}) +@var{token_url}: A PKCS @code{11} URL specifying a token + +@var{oldpin}: old user's PIN + +@var{newpin}: new user's PIN + +@var{flags}: one of @code{gnutls_pin_flag_t} . + +This function will modify or set a user or administrator's PIN for +the given token. If it is called to set a PIN for first time +the oldpin must be @code{NULL} . When setting the admin's PIN with the +@code{GNUTLS_PIN_SO} flag, the @code{oldpin} value must be provided (this requirement +is relaxed after GnuTLS 3.6.5 since which the PIN will be requested if missing). + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_pkcs11_token_set_pin.short b/doc/functions/gnutls_pkcs11_token_set_pin.short new file mode 100644 index 0000000..2f5c0dd --- /dev/null +++ b/doc/functions/gnutls_pkcs11_token_set_pin.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pkcs11_token_set_pin} (const char * @var{token_url}, const char * @var{oldpin}, const char * @var{newpin}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_pkcs11_type_get_name b/doc/functions/gnutls_pkcs11_type_get_name new file mode 100644 index 0000000..ce9fd99 --- /dev/null +++ b/doc/functions/gnutls_pkcs11_type_get_name @@ -0,0 +1,16 @@ + + + + +@deftypefun {const char *} {gnutls_pkcs11_type_get_name} (gnutls_pkcs11_obj_type_t @var{type}) +@var{type}: Holds the PKCS 11 object type, a @code{gnutls_pkcs11_obj_type_t} . + +This function will return a human readable description of the +PKCS11 object type @code{obj} . It will return "Unknown" for unknown +types. + +@strong{Returns:} human readable string labeling the PKCS11 object type + @code{type} . + +@strong{Since:} 2.12.0 +@end deftypefun diff --git a/doc/functions/gnutls_pkcs11_type_get_name.short b/doc/functions/gnutls_pkcs11_type_get_name.short new file mode 100644 index 0000000..c64b897 --- /dev/null +++ b/doc/functions/gnutls_pkcs11_type_get_name.short @@ -0,0 +1 @@ +@item @var{const char *} @ref{gnutls_pkcs11_type_get_name} (gnutls_pkcs11_obj_type_t @var{type}) diff --git a/doc/functions/gnutls_pkcs12_bag_decrypt b/doc/functions/gnutls_pkcs12_bag_decrypt new file mode 100644 index 0000000..01f0b0b --- /dev/null +++ b/doc/functions/gnutls_pkcs12_bag_decrypt @@ -0,0 +1,14 @@ + + + +@deftypefun {int} {gnutls_pkcs12_bag_decrypt} (gnutls_pkcs12_bag_t @var{bag}, const char * @var{pass}) +@var{bag}: The bag + +@var{pass}: The password used for encryption, must be ASCII. + +This function will decrypt the given encrypted bag and return 0 on +success. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, +otherwise a negative error code is returned. +@end deftypefun diff --git a/doc/functions/gnutls_pkcs12_bag_decrypt.short b/doc/functions/gnutls_pkcs12_bag_decrypt.short new file mode 100644 index 0000000..3985e60 --- /dev/null +++ b/doc/functions/gnutls_pkcs12_bag_decrypt.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pkcs12_bag_decrypt} (gnutls_pkcs12_bag_t @var{bag}, const char * @var{pass}) diff --git a/doc/functions/gnutls_pkcs12_bag_deinit b/doc/functions/gnutls_pkcs12_bag_deinit new file mode 100644 index 0000000..3292568 --- /dev/null +++ b/doc/functions/gnutls_pkcs12_bag_deinit @@ -0,0 +1,9 @@ + + + + +@deftypefun {void} {gnutls_pkcs12_bag_deinit} (gnutls_pkcs12_bag_t @var{bag}) +@var{bag}: A pointer to the type to be initialized + +This function will deinitialize a PKCS12 Bag structure. +@end deftypefun diff --git a/doc/functions/gnutls_pkcs12_bag_deinit.short b/doc/functions/gnutls_pkcs12_bag_deinit.short new file mode 100644 index 0000000..9766257 --- /dev/null +++ b/doc/functions/gnutls_pkcs12_bag_deinit.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_pkcs12_bag_deinit} (gnutls_pkcs12_bag_t @var{bag}) diff --git a/doc/functions/gnutls_pkcs12_bag_enc_info b/doc/functions/gnutls_pkcs12_bag_enc_info new file mode 100644 index 0000000..9824bf1 --- /dev/null +++ b/doc/functions/gnutls_pkcs12_bag_enc_info @@ -0,0 +1,30 @@ + + + + +@deftypefun {int} {gnutls_pkcs12_bag_enc_info} (gnutls_pkcs12_bag_t @var{bag}, unsigned int * @var{schema}, unsigned int * @var{cipher}, void * @var{salt}, unsigned int * @var{salt_size}, unsigned int * @var{iter_count}, char ** @var{oid}) +@var{bag}: The bag + +@var{schema}: indicate the schema as one of @code{gnutls_pkcs_encrypt_flags_t} + +@var{cipher}: the cipher used as @code{gnutls_cipher_algorithm_t} + +@var{salt}: PBKDF2 salt (if non-NULL then @code{salt_size} initially holds its size) + +@var{salt_size}: PBKDF2 salt size + +@var{iter_count}: PBKDF2 iteration count + +@var{oid}: if non-NULL it will contain an allocated null-terminated variable with the OID + +This function will provide information on the encryption algorithms used +in an encrypted bag. If the structure algorithms +are unknown the code @code{GNUTLS_E_UNKNOWN_CIPHER_TYPE} will be returned, +and only @code{oid} , will be set. That is, @code{oid} will be set on encrypted bags +whether supported or not. It must be deinitialized using @code{gnutls_free()} . +The other variables are only set on supported structures. + +@strong{Returns:} @code{GNUTLS_E_INVALID_REQUEST} if the provided bag isn't encrypted, +@code{GNUTLS_E_UNKNOWN_CIPHER_TYPE} if the structure's encryption isn't supported, or +another negative error code in case of a failure. Zero on success. +@end deftypefun diff --git a/doc/functions/gnutls_pkcs12_bag_enc_info.short b/doc/functions/gnutls_pkcs12_bag_enc_info.short new file mode 100644 index 0000000..ee06a74 --- /dev/null +++ b/doc/functions/gnutls_pkcs12_bag_enc_info.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pkcs12_bag_enc_info} (gnutls_pkcs12_bag_t @var{bag}, unsigned int * @var{schema}, unsigned int * @var{cipher}, void * @var{salt}, unsigned int * @var{salt_size}, unsigned int * @var{iter_count}, char ** @var{oid}) diff --git a/doc/functions/gnutls_pkcs12_bag_encrypt b/doc/functions/gnutls_pkcs12_bag_encrypt new file mode 100644 index 0000000..5f5440a --- /dev/null +++ b/doc/functions/gnutls_pkcs12_bag_encrypt @@ -0,0 +1,16 @@ + + + + +@deftypefun {int} {gnutls_pkcs12_bag_encrypt} (gnutls_pkcs12_bag_t @var{bag}, const char * @var{pass}, unsigned int @var{flags}) +@var{bag}: The bag + +@var{pass}: The password used for encryption, must be ASCII + +@var{flags}: should be one of @code{gnutls_pkcs_encrypt_flags_t} elements bitwise or'd + +This function will encrypt the given bag. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, +otherwise a negative error code is returned. +@end deftypefun diff --git a/doc/functions/gnutls_pkcs12_bag_encrypt.short b/doc/functions/gnutls_pkcs12_bag_encrypt.short new file mode 100644 index 0000000..c9e07fd --- /dev/null +++ b/doc/functions/gnutls_pkcs12_bag_encrypt.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pkcs12_bag_encrypt} (gnutls_pkcs12_bag_t @var{bag}, const char * @var{pass}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_pkcs12_bag_get_count b/doc/functions/gnutls_pkcs12_bag_get_count new file mode 100644 index 0000000..277029d --- /dev/null +++ b/doc/functions/gnutls_pkcs12_bag_get_count @@ -0,0 +1,12 @@ + + + + +@deftypefun {int} {gnutls_pkcs12_bag_get_count} (gnutls_pkcs12_bag_t @var{bag}) +@var{bag}: The bag + +This function will return the number of the elements within the bag. + +@strong{Returns:} Number of elements in bag, or an negative error code on +error. +@end deftypefun diff --git a/doc/functions/gnutls_pkcs12_bag_get_count.short b/doc/functions/gnutls_pkcs12_bag_get_count.short new file mode 100644 index 0000000..27573c1 --- /dev/null +++ b/doc/functions/gnutls_pkcs12_bag_get_count.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pkcs12_bag_get_count} (gnutls_pkcs12_bag_t @var{bag}) diff --git a/doc/functions/gnutls_pkcs12_bag_get_data b/doc/functions/gnutls_pkcs12_bag_get_data new file mode 100644 index 0000000..0248aeb --- /dev/null +++ b/doc/functions/gnutls_pkcs12_bag_get_data @@ -0,0 +1,18 @@ + + + + +@deftypefun {int} {gnutls_pkcs12_bag_get_data} (gnutls_pkcs12_bag_t @var{bag}, unsigned @var{indx}, gnutls_datum_t * @var{data}) +@var{bag}: The bag + +@var{indx}: The element of the bag to get the data from + +@var{data}: where the bag's data will be. Should be treated as constant. + +This function will return the bag's data. The data is a constant +that is stored into the bag. Should not be accessed after the bag +is deleted. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_pkcs12_bag_get_data.short b/doc/functions/gnutls_pkcs12_bag_get_data.short new file mode 100644 index 0000000..31ee458 --- /dev/null +++ b/doc/functions/gnutls_pkcs12_bag_get_data.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pkcs12_bag_get_data} (gnutls_pkcs12_bag_t @var{bag}, unsigned @var{indx}, gnutls_datum_t * @var{data}) diff --git a/doc/functions/gnutls_pkcs12_bag_get_friendly_name b/doc/functions/gnutls_pkcs12_bag_get_friendly_name new file mode 100644 index 0000000..865da95 --- /dev/null +++ b/doc/functions/gnutls_pkcs12_bag_get_friendly_name @@ -0,0 +1,18 @@ + + + + +@deftypefun {int} {gnutls_pkcs12_bag_get_friendly_name} (gnutls_pkcs12_bag_t @var{bag}, unsigned @var{indx}, char ** @var{name}) +@var{bag}: The bag + +@var{indx}: The bag's element to add the id + +@var{name}: will hold a pointer to the name (to be treated as const) + +This function will return the friendly name, of the specified bag +element. The key ID is usually used to distinguish the local +private key and the certificate pair. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. or a negative error code on error. +@end deftypefun diff --git a/doc/functions/gnutls_pkcs12_bag_get_friendly_name.short b/doc/functions/gnutls_pkcs12_bag_get_friendly_name.short new file mode 100644 index 0000000..4bf3648 --- /dev/null +++ b/doc/functions/gnutls_pkcs12_bag_get_friendly_name.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pkcs12_bag_get_friendly_name} (gnutls_pkcs12_bag_t @var{bag}, unsigned @var{indx}, char ** @var{name}) diff --git a/doc/functions/gnutls_pkcs12_bag_get_key_id b/doc/functions/gnutls_pkcs12_bag_get_key_id new file mode 100644 index 0000000..4dc904a --- /dev/null +++ b/doc/functions/gnutls_pkcs12_bag_get_key_id @@ -0,0 +1,18 @@ + + + + +@deftypefun {int} {gnutls_pkcs12_bag_get_key_id} (gnutls_pkcs12_bag_t @var{bag}, unsigned @var{indx}, gnutls_datum_t * @var{id}) +@var{bag}: The bag + +@var{indx}: The bag's element to add the id + +@var{id}: where the ID will be copied (to be treated as const) + +This function will return the key ID, of the specified bag element. +The key ID is usually used to distinguish the local private key and +the certificate pair. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. or a negative error code on error. +@end deftypefun diff --git a/doc/functions/gnutls_pkcs12_bag_get_key_id.short b/doc/functions/gnutls_pkcs12_bag_get_key_id.short new file mode 100644 index 0000000..80b8f21 --- /dev/null +++ b/doc/functions/gnutls_pkcs12_bag_get_key_id.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pkcs12_bag_get_key_id} (gnutls_pkcs12_bag_t @var{bag}, unsigned @var{indx}, gnutls_datum_t * @var{id}) diff --git a/doc/functions/gnutls_pkcs12_bag_get_type b/doc/functions/gnutls_pkcs12_bag_get_type new file mode 100644 index 0000000..0ccefa2 --- /dev/null +++ b/doc/functions/gnutls_pkcs12_bag_get_type @@ -0,0 +1,13 @@ + + + + +@deftypefun {int} {gnutls_pkcs12_bag_get_type} (gnutls_pkcs12_bag_t @var{bag}, unsigned @var{indx}) +@var{bag}: The bag + +@var{indx}: The element of the bag to get the type + +This function will return the bag's type. + +@strong{Returns:} On error a negative error value or one of the @code{gnutls_pkcs12_bag_type_t} enumerations. +@end deftypefun diff --git a/doc/functions/gnutls_pkcs12_bag_get_type.short b/doc/functions/gnutls_pkcs12_bag_get_type.short new file mode 100644 index 0000000..59948ca --- /dev/null +++ b/doc/functions/gnutls_pkcs12_bag_get_type.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pkcs12_bag_get_type} (gnutls_pkcs12_bag_t @var{bag}, unsigned @var{indx}) diff --git a/doc/functions/gnutls_pkcs12_bag_init b/doc/functions/gnutls_pkcs12_bag_init new file mode 100644 index 0000000..05f7557 --- /dev/null +++ b/doc/functions/gnutls_pkcs12_bag_init @@ -0,0 +1,14 @@ + + + + +@deftypefun {int} {gnutls_pkcs12_bag_init} (gnutls_pkcs12_bag_t * @var{bag}) +@var{bag}: A pointer to the type to be initialized + +This function will initialize a PKCS12 bag structure. PKCS12 Bags +usually contain private keys, lists of X.509 Certificates and X.509 +Certificate revocation lists. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_pkcs12_bag_init.short b/doc/functions/gnutls_pkcs12_bag_init.short new file mode 100644 index 0000000..368e251 --- /dev/null +++ b/doc/functions/gnutls_pkcs12_bag_init.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pkcs12_bag_init} (gnutls_pkcs12_bag_t * @var{bag}) diff --git a/doc/functions/gnutls_pkcs12_bag_set_crl b/doc/functions/gnutls_pkcs12_bag_set_crl new file mode 100644 index 0000000..660d3c9 --- /dev/null +++ b/doc/functions/gnutls_pkcs12_bag_set_crl @@ -0,0 +1,15 @@ + + + + +@deftypefun {int} {gnutls_pkcs12_bag_set_crl} (gnutls_pkcs12_bag_t @var{bag}, gnutls_x509_crl_t @var{crl}) +@var{bag}: The bag + +@var{crl}: the CRL to be copied. + +This function will insert the given CRL into the +bag. This is just a wrapper over @code{gnutls_pkcs12_bag_set_data()} . + +@strong{Returns:} the index of the added bag on success, or a negative error code +on failure. +@end deftypefun diff --git a/doc/functions/gnutls_pkcs12_bag_set_crl.short b/doc/functions/gnutls_pkcs12_bag_set_crl.short new file mode 100644 index 0000000..a4305d2 --- /dev/null +++ b/doc/functions/gnutls_pkcs12_bag_set_crl.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pkcs12_bag_set_crl} (gnutls_pkcs12_bag_t @var{bag}, gnutls_x509_crl_t @var{crl}) diff --git a/doc/functions/gnutls_pkcs12_bag_set_crt b/doc/functions/gnutls_pkcs12_bag_set_crt new file mode 100644 index 0000000..837a180 --- /dev/null +++ b/doc/functions/gnutls_pkcs12_bag_set_crt @@ -0,0 +1,15 @@ + + + + +@deftypefun {int} {gnutls_pkcs12_bag_set_crt} (gnutls_pkcs12_bag_t @var{bag}, gnutls_x509_crt_t @var{crt}) +@var{bag}: The bag + +@var{crt}: the certificate to be copied. + +This function will insert the given certificate into the +bag. This is just a wrapper over @code{gnutls_pkcs12_bag_set_data()} . + +@strong{Returns:} the index of the added bag on success, or a negative +value on failure. +@end deftypefun diff --git a/doc/functions/gnutls_pkcs12_bag_set_crt.short b/doc/functions/gnutls_pkcs12_bag_set_crt.short new file mode 100644 index 0000000..66da0ca --- /dev/null +++ b/doc/functions/gnutls_pkcs12_bag_set_crt.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pkcs12_bag_set_crt} (gnutls_pkcs12_bag_t @var{bag}, gnutls_x509_crt_t @var{crt}) diff --git a/doc/functions/gnutls_pkcs12_bag_set_data b/doc/functions/gnutls_pkcs12_bag_set_data new file mode 100644 index 0000000..378976b --- /dev/null +++ b/doc/functions/gnutls_pkcs12_bag_set_data @@ -0,0 +1,17 @@ + + + + +@deftypefun {int} {gnutls_pkcs12_bag_set_data} (gnutls_pkcs12_bag_t @var{bag}, gnutls_pkcs12_bag_type_t @var{type}, const gnutls_datum_t * @var{data}) +@var{bag}: The bag + +@var{type}: The data's type + +@var{data}: the data to be copied. + +This function will insert the given data of the given type into +the bag. + +@strong{Returns:} the index of the added bag on success, or a negative +value on error. +@end deftypefun diff --git a/doc/functions/gnutls_pkcs12_bag_set_data.short b/doc/functions/gnutls_pkcs12_bag_set_data.short new file mode 100644 index 0000000..7774be4 --- /dev/null +++ b/doc/functions/gnutls_pkcs12_bag_set_data.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pkcs12_bag_set_data} (gnutls_pkcs12_bag_t @var{bag}, gnutls_pkcs12_bag_type_t @var{type}, const gnutls_datum_t * @var{data}) diff --git a/doc/functions/gnutls_pkcs12_bag_set_friendly_name b/doc/functions/gnutls_pkcs12_bag_set_friendly_name new file mode 100644 index 0000000..95a8892 --- /dev/null +++ b/doc/functions/gnutls_pkcs12_bag_set_friendly_name @@ -0,0 +1,19 @@ + + + + +@deftypefun {int} {gnutls_pkcs12_bag_set_friendly_name} (gnutls_pkcs12_bag_t @var{bag}, unsigned @var{indx}, const char * @var{name}) +@var{bag}: The bag + +@var{indx}: The bag's element to add the id + +@var{name}: the name + +This function will add the given key friendly name, to the +specified, by the index, bag element. The name will be encoded as +a 'Friendly name' bag attribute, which is usually used to set a +user name to the local private key and the certificate pair. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. or a negative error code on error. +@end deftypefun diff --git a/doc/functions/gnutls_pkcs12_bag_set_friendly_name.short b/doc/functions/gnutls_pkcs12_bag_set_friendly_name.short new file mode 100644 index 0000000..5d16c3e --- /dev/null +++ b/doc/functions/gnutls_pkcs12_bag_set_friendly_name.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pkcs12_bag_set_friendly_name} (gnutls_pkcs12_bag_t @var{bag}, unsigned @var{indx}, const char * @var{name}) diff --git a/doc/functions/gnutls_pkcs12_bag_set_key_id b/doc/functions/gnutls_pkcs12_bag_set_key_id new file mode 100644 index 0000000..a74ac5b --- /dev/null +++ b/doc/functions/gnutls_pkcs12_bag_set_key_id @@ -0,0 +1,19 @@ + + + + +@deftypefun {int} {gnutls_pkcs12_bag_set_key_id} (gnutls_pkcs12_bag_t @var{bag}, unsigned @var{indx}, const gnutls_datum_t * @var{id}) +@var{bag}: The bag + +@var{indx}: The bag's element to add the id + +@var{id}: the ID + +This function will add the given key ID, to the specified, by the +index, bag element. The key ID will be encoded as a 'Local key +identifier' bag attribute, which is usually used to distinguish +the local private key and the certificate pair. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. or a negative error code on error. +@end deftypefun diff --git a/doc/functions/gnutls_pkcs12_bag_set_key_id.short b/doc/functions/gnutls_pkcs12_bag_set_key_id.short new file mode 100644 index 0000000..3128475 --- /dev/null +++ b/doc/functions/gnutls_pkcs12_bag_set_key_id.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pkcs12_bag_set_key_id} (gnutls_pkcs12_bag_t @var{bag}, unsigned @var{indx}, const gnutls_datum_t * @var{id}) diff --git a/doc/functions/gnutls_pkcs12_bag_set_privkey b/doc/functions/gnutls_pkcs12_bag_set_privkey new file mode 100644 index 0000000..22bfd73 --- /dev/null +++ b/doc/functions/gnutls_pkcs12_bag_set_privkey @@ -0,0 +1,19 @@ + + + + +@deftypefun {int} {gnutls_pkcs12_bag_set_privkey} (gnutls_pkcs12_bag_t @var{bag}, gnutls_x509_privkey_t @var{privkey}, const char * @var{password}, unsigned @var{flags}) +@var{bag}: The bag + +@var{privkey}: the private key to be copied. + +@var{password}: the password to protect the key with (may be @code{NULL} ) + +@var{flags}: should be one of @code{gnutls_pkcs_encrypt_flags_t} elements bitwise or'd + +This function will insert the given private key into the +bag. This is just a wrapper over @code{gnutls_pkcs12_bag_set_data()} . + +@strong{Returns:} the index of the added bag on success, or a negative +value on failure. +@end deftypefun diff --git a/doc/functions/gnutls_pkcs12_bag_set_privkey.short b/doc/functions/gnutls_pkcs12_bag_set_privkey.short new file mode 100644 index 0000000..0d2f86a --- /dev/null +++ b/doc/functions/gnutls_pkcs12_bag_set_privkey.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pkcs12_bag_set_privkey} (gnutls_pkcs12_bag_t @var{bag}, gnutls_x509_privkey_t @var{privkey}, const char * @var{password}, unsigned @var{flags}) diff --git a/doc/functions/gnutls_pkcs12_deinit b/doc/functions/gnutls_pkcs12_deinit new file mode 100644 index 0000000..6965a01 --- /dev/null +++ b/doc/functions/gnutls_pkcs12_deinit @@ -0,0 +1,9 @@ + + + + +@deftypefun {void} {gnutls_pkcs12_deinit} (gnutls_pkcs12_t @var{pkcs12}) +@var{pkcs12}: The type to be initialized + +This function will deinitialize a PKCS12 type. +@end deftypefun diff --git a/doc/functions/gnutls_pkcs12_deinit.short b/doc/functions/gnutls_pkcs12_deinit.short new file mode 100644 index 0000000..5281d9c --- /dev/null +++ b/doc/functions/gnutls_pkcs12_deinit.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_pkcs12_deinit} (gnutls_pkcs12_t @var{pkcs12}) diff --git a/doc/functions/gnutls_pkcs12_export b/doc/functions/gnutls_pkcs12_export new file mode 100644 index 0000000..a05d3fb --- /dev/null +++ b/doc/functions/gnutls_pkcs12_export @@ -0,0 +1,26 @@ + + + + +@deftypefun {int} {gnutls_pkcs12_export} (gnutls_pkcs12_t @var{pkcs12}, gnutls_x509_crt_fmt_t @var{format}, void * @var{output_data}, size_t * @var{output_data_size}) +@var{pkcs12}: A pkcs12 type + +@var{format}: the format of output params. One of PEM or DER. + +@var{output_data}: will contain a structure PEM or DER encoded + +@var{output_data_size}: holds the size of output_data (and will be +replaced by the actual size of parameters) + +This function will export the pkcs12 structure to DER or PEM format. + +If the buffer provided is not long enough to hold the output, then +*output_data_size will be updated and GNUTLS_E_SHORT_MEMORY_BUFFER +will be returned. + +If the structure is PEM encoded, it will have a header +of "BEGIN PKCS12". + +@strong{Returns:} In case of failure a negative error code will be +returned, and 0 on success. +@end deftypefun diff --git a/doc/functions/gnutls_pkcs12_export.short b/doc/functions/gnutls_pkcs12_export.short new file mode 100644 index 0000000..99a05f9 --- /dev/null +++ b/doc/functions/gnutls_pkcs12_export.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pkcs12_export} (gnutls_pkcs12_t @var{pkcs12}, gnutls_x509_crt_fmt_t @var{format}, void * @var{output_data}, size_t * @var{output_data_size}) diff --git a/doc/functions/gnutls_pkcs12_export2 b/doc/functions/gnutls_pkcs12_export2 new file mode 100644 index 0000000..b711a29 --- /dev/null +++ b/doc/functions/gnutls_pkcs12_export2 @@ -0,0 +1,23 @@ + + + + +@deftypefun {int} {gnutls_pkcs12_export2} (gnutls_pkcs12_t @var{pkcs12}, gnutls_x509_crt_fmt_t @var{format}, gnutls_datum_t * @var{out}) +@var{pkcs12}: A pkcs12 type + +@var{format}: the format of output params. One of PEM or DER. + +@var{out}: will contain a structure PEM or DER encoded + +This function will export the pkcs12 structure to DER or PEM format. + +The output buffer is allocated using @code{gnutls_malloc()} . + +If the structure is PEM encoded, it will have a header +of "BEGIN PKCS12". + +@strong{Returns:} In case of failure a negative error code will be +returned, and 0 on success. + +@strong{Since:} 3.1.3 +@end deftypefun diff --git a/doc/functions/gnutls_pkcs12_export2.short b/doc/functions/gnutls_pkcs12_export2.short new file mode 100644 index 0000000..e452b8a --- /dev/null +++ b/doc/functions/gnutls_pkcs12_export2.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pkcs12_export2} (gnutls_pkcs12_t @var{pkcs12}, gnutls_x509_crt_fmt_t @var{format}, gnutls_datum_t * @var{out}) diff --git a/doc/functions/gnutls_pkcs12_generate_mac b/doc/functions/gnutls_pkcs12_generate_mac new file mode 100644 index 0000000..6334e65 --- /dev/null +++ b/doc/functions/gnutls_pkcs12_generate_mac @@ -0,0 +1,14 @@ + + + + +@deftypefun {int} {gnutls_pkcs12_generate_mac} (gnutls_pkcs12_t @var{pkcs12}, const char * @var{pass}) +@var{pkcs12}: A pkcs12 type + +@var{pass}: The password for the MAC + +This function will generate a MAC for the PKCS12 structure. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_pkcs12_generate_mac.short b/doc/functions/gnutls_pkcs12_generate_mac.short new file mode 100644 index 0000000..f10c484 --- /dev/null +++ b/doc/functions/gnutls_pkcs12_generate_mac.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pkcs12_generate_mac} (gnutls_pkcs12_t @var{pkcs12}, const char * @var{pass}) diff --git a/doc/functions/gnutls_pkcs12_generate_mac2 b/doc/functions/gnutls_pkcs12_generate_mac2 new file mode 100644 index 0000000..de993d1 --- /dev/null +++ b/doc/functions/gnutls_pkcs12_generate_mac2 @@ -0,0 +1,16 @@ + + + + +@deftypefun {int} {gnutls_pkcs12_generate_mac2} (gnutls_pkcs12_t @var{pkcs12}, gnutls_mac_algorithm_t @var{mac}, const char * @var{pass}) +@var{pkcs12}: A pkcs12 type + +@var{mac}: the MAC algorithm to use + +@var{pass}: The password for the MAC + +This function will generate a MAC for the PKCS12 structure. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_pkcs12_generate_mac2.short b/doc/functions/gnutls_pkcs12_generate_mac2.short new file mode 100644 index 0000000..c3d6542 --- /dev/null +++ b/doc/functions/gnutls_pkcs12_generate_mac2.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pkcs12_generate_mac2} (gnutls_pkcs12_t @var{pkcs12}, gnutls_mac_algorithm_t @var{mac}, const char * @var{pass}) diff --git a/doc/functions/gnutls_pkcs12_get_bag b/doc/functions/gnutls_pkcs12_get_bag new file mode 100644 index 0000000..555d157 --- /dev/null +++ b/doc/functions/gnutls_pkcs12_get_bag @@ -0,0 +1,19 @@ + + + + +@deftypefun {int} {gnutls_pkcs12_get_bag} (gnutls_pkcs12_t @var{pkcs12}, int @var{indx}, gnutls_pkcs12_bag_t @var{bag}) +@var{pkcs12}: A pkcs12 type + +@var{indx}: contains the index of the bag to extract + +@var{bag}: An initialized bag, where the contents of the bag will be copied + +This function will return a Bag from the PKCS12 structure. + +After the last Bag has been read +@code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} will be returned. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_pkcs12_get_bag.short b/doc/functions/gnutls_pkcs12_get_bag.short new file mode 100644 index 0000000..8066280 --- /dev/null +++ b/doc/functions/gnutls_pkcs12_get_bag.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pkcs12_get_bag} (gnutls_pkcs12_t @var{pkcs12}, int @var{indx}, gnutls_pkcs12_bag_t @var{bag}) diff --git a/doc/functions/gnutls_pkcs12_import b/doc/functions/gnutls_pkcs12_import new file mode 100644 index 0000000..a1691f7 --- /dev/null +++ b/doc/functions/gnutls_pkcs12_import @@ -0,0 +1,21 @@ + + + + +@deftypefun {int} {gnutls_pkcs12_import} (gnutls_pkcs12_t @var{pkcs12}, const gnutls_datum_t * @var{data}, gnutls_x509_crt_fmt_t @var{format}, unsigned int @var{flags}) +@var{pkcs12}: The data to store the parsed PKCS12. + +@var{data}: The DER or PEM encoded PKCS12. + +@var{format}: One of DER or PEM + +@var{flags}: an ORed sequence of gnutls_privkey_pkcs8_flags + +This function will convert the given DER or PEM encoded PKCS12 +to the native gnutls_pkcs12_t format. The output will be stored in 'pkcs12'. + +If the PKCS12 is PEM encoded it should have a header of "PKCS12". + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_pkcs12_import.short b/doc/functions/gnutls_pkcs12_import.short new file mode 100644 index 0000000..ec9e046 --- /dev/null +++ b/doc/functions/gnutls_pkcs12_import.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pkcs12_import} (gnutls_pkcs12_t @var{pkcs12}, const gnutls_datum_t * @var{data}, gnutls_x509_crt_fmt_t @var{format}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_pkcs12_init b/doc/functions/gnutls_pkcs12_init new file mode 100644 index 0000000..d870717 --- /dev/null +++ b/doc/functions/gnutls_pkcs12_init @@ -0,0 +1,14 @@ + + + + +@deftypefun {int} {gnutls_pkcs12_init} (gnutls_pkcs12_t * @var{pkcs12}) +@var{pkcs12}: A pointer to the type to be initialized + +This function will initialize a PKCS12 type. PKCS12 structures +usually contain lists of X.509 Certificates and X.509 Certificate +revocation lists. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_pkcs12_init.short b/doc/functions/gnutls_pkcs12_init.short new file mode 100644 index 0000000..630ff79 --- /dev/null +++ b/doc/functions/gnutls_pkcs12_init.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pkcs12_init} (gnutls_pkcs12_t * @var{pkcs12}) diff --git a/doc/functions/gnutls_pkcs12_mac_info b/doc/functions/gnutls_pkcs12_mac_info new file mode 100644 index 0000000..79941b4 --- /dev/null +++ b/doc/functions/gnutls_pkcs12_mac_info @@ -0,0 +1,28 @@ + + + + +@deftypefun {int} {gnutls_pkcs12_mac_info} (gnutls_pkcs12_t @var{pkcs12}, unsigned int * @var{mac}, void * @var{salt}, unsigned int * @var{salt_size}, unsigned int * @var{iter_count}, char ** @var{oid}) +@var{pkcs12}: A pkcs12 type + +@var{mac}: the MAC algorithm used as @code{gnutls_mac_algorithm_t} + +@var{salt}: the salt used for string to key (if non-NULL then @code{salt_size} initially holds its size) + +@var{salt_size}: string to key salt size + +@var{iter_count}: string to key iteration count + +@var{oid}: if non-NULL it will contain an allocated null-terminated variable with the OID + +This function will provide information on the MAC algorithm used +in a PKCS @code{12} structure. If the structure algorithms +are unknown the code @code{GNUTLS_E_UNKNOWN_HASH_ALGORITHM} will be returned, +and only @code{oid} , will be set. That is, @code{oid} will be set on structures +with a MAC whether supported or not. It must be deinitialized using @code{gnutls_free()} . +The other variables are only set on supported structures. + +@strong{Returns:} @code{GNUTLS_E_INVALID_REQUEST} if the provided structure doesn't contain a MAC, +@code{GNUTLS_E_UNKNOWN_HASH_ALGORITHM} if the structure's MAC isn't supported, or +another negative error code in case of a failure. Zero on success. +@end deftypefun diff --git a/doc/functions/gnutls_pkcs12_mac_info.short b/doc/functions/gnutls_pkcs12_mac_info.short new file mode 100644 index 0000000..10e34f1 --- /dev/null +++ b/doc/functions/gnutls_pkcs12_mac_info.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pkcs12_mac_info} (gnutls_pkcs12_t @var{pkcs12}, unsigned int * @var{mac}, void * @var{salt}, unsigned int * @var{salt_size}, unsigned int * @var{iter_count}, char ** @var{oid}) diff --git a/doc/functions/gnutls_pkcs12_set_bag b/doc/functions/gnutls_pkcs12_set_bag new file mode 100644 index 0000000..1a54d36 --- /dev/null +++ b/doc/functions/gnutls_pkcs12_set_bag @@ -0,0 +1,14 @@ + + + + +@deftypefun {int} {gnutls_pkcs12_set_bag} (gnutls_pkcs12_t @var{pkcs12}, gnutls_pkcs12_bag_t @var{bag}) +@var{pkcs12}: should contain a gnutls_pkcs12_t type + +@var{bag}: An initialized bag + +This function will insert a Bag into the PKCS12 structure. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_pkcs12_set_bag.short b/doc/functions/gnutls_pkcs12_set_bag.short new file mode 100644 index 0000000..4b356c7 --- /dev/null +++ b/doc/functions/gnutls_pkcs12_set_bag.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pkcs12_set_bag} (gnutls_pkcs12_t @var{pkcs12}, gnutls_pkcs12_bag_t @var{bag}) diff --git a/doc/functions/gnutls_pkcs12_simple_parse b/doc/functions/gnutls_pkcs12_simple_parse new file mode 100644 index 0000000..f54e75e --- /dev/null +++ b/doc/functions/gnutls_pkcs12_simple_parse @@ -0,0 +1,59 @@ + + + + +@deftypefun {int} {gnutls_pkcs12_simple_parse} (gnutls_pkcs12_t @var{p12}, const char * @var{password}, gnutls_x509_privkey_t * @var{key}, gnutls_x509_crt_t ** @var{chain}, unsigned int * @var{chain_len}, gnutls_x509_crt_t ** @var{extra_certs}, unsigned int * @var{extra_certs_len}, gnutls_x509_crl_t * @var{crl}, unsigned int @var{flags}) +@var{p12}: A pkcs12 type + +@var{password}: optional password used to decrypt the structure, bags and keys. + +@var{key}: a structure to store the parsed private key. + +@var{chain}: the corresponding to key certificate chain (may be @code{NULL} ) + +@var{chain_len}: will be updated with the number of additional (may be @code{NULL} ) + +@var{extra_certs}: optional pointer to receive an array of additional +certificates found in the PKCS12 structure (may be @code{NULL} ). + +@var{extra_certs_len}: will be updated with the number of additional +certs (may be @code{NULL} ). + +@var{crl}: an optional structure to store the parsed CRL (may be @code{NULL} ). + +@var{flags}: should be zero or one of GNUTLS_PKCS12_SP_* + +This function parses a PKCS12 structure in @code{pkcs12} and extracts the +private key, the corresponding certificate chain, any additional +certificates and a CRL. The structures in @code{key} , @code{chain} @code{crl} , and @code{extra_certs} must not be initialized. + +The @code{extra_certs} and @code{extra_certs_len} parameters are optional +and both may be set to @code{NULL} . If either is non-@code{NULL} , then both must +be set. The value for @code{extra_certs} is allocated +using @code{gnutls_malloc()} . + +Encrypted PKCS12 bags and PKCS8 private keys are supported, but +only with password based security and the same password for all +operations. + +Note that a PKCS12 structure may contain many keys and/or certificates, +and there is no way to identify which key/certificate pair you want. +For this reason this function is useful for PKCS12 files that contain +only one key/certificate pair and/or one CRL. + +If the provided structure has encrypted fields but no password +is provided then this function returns @code{GNUTLS_E_DECRYPTION_FAILED} . + +Note that normally the chain constructed does not include self signed +certificates, to comply with TLS' requirements. If, however, the flag +@code{GNUTLS_PKCS12_SP_INCLUDE_SELF_SIGNED} is specified then +self signed certificates will be included in the chain. + +Prior to using this function the PKCS @code{12} structure integrity must +be verified using @code{gnutls_pkcs12_verify_mac()} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.1.0 +@end deftypefun diff --git a/doc/functions/gnutls_pkcs12_simple_parse.short b/doc/functions/gnutls_pkcs12_simple_parse.short new file mode 100644 index 0000000..ec19f98 --- /dev/null +++ b/doc/functions/gnutls_pkcs12_simple_parse.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pkcs12_simple_parse} (gnutls_pkcs12_t @var{p12}, const char * @var{password}, gnutls_x509_privkey_t * @var{key}, gnutls_x509_crt_t ** @var{chain}, unsigned int * @var{chain_len}, gnutls_x509_crt_t ** @var{extra_certs}, unsigned int * @var{extra_certs_len}, gnutls_x509_crl_t * @var{crl}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_pkcs12_verify_mac b/doc/functions/gnutls_pkcs12_verify_mac new file mode 100644 index 0000000..ad92cce --- /dev/null +++ b/doc/functions/gnutls_pkcs12_verify_mac @@ -0,0 +1,14 @@ + + + + +@deftypefun {int} {gnutls_pkcs12_verify_mac} (gnutls_pkcs12_t @var{pkcs12}, const char * @var{pass}) +@var{pkcs12}: should contain a gnutls_pkcs12_t type + +@var{pass}: The password for the MAC + +This function will verify the MAC for the PKCS12 structure. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_pkcs12_verify_mac.short b/doc/functions/gnutls_pkcs12_verify_mac.short new file mode 100644 index 0000000..916202a --- /dev/null +++ b/doc/functions/gnutls_pkcs12_verify_mac.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pkcs12_verify_mac} (gnutls_pkcs12_t @var{pkcs12}, const char * @var{pass}) diff --git a/doc/functions/gnutls_pkcs7_add_attr b/doc/functions/gnutls_pkcs7_add_attr new file mode 100644 index 0000000..f79d79d --- /dev/null +++ b/doc/functions/gnutls_pkcs7_add_attr @@ -0,0 +1,22 @@ + + + +@deftypefun {int} {gnutls_pkcs7_add_attr} (gnutls_pkcs7_attrs_t * @var{list}, const char * @var{oid}, gnutls_datum_t * @var{data}, unsigned @var{flags}) +@var{list}: A list of existing attributes or pointer to @code{NULL} for the first one + +@var{oid}: the OID of the attribute to be set + +@var{data}: the raw (DER-encoded) data of the attribute to be set + +@var{flags}: zero or @code{GNUTLS_PKCS7_ATTR_ENCODE_OCTET_STRING} + +This function will set a PKCS @code{7} attribute in the provided list. +If this function fails, the previous list would be deallocated. + +Note that any attributes set with this function must either be +DER or BER encoded, unless a special flag is present. + +@strong{Returns:} On success, the new list head, otherwise @code{NULL} . + +@strong{Since:} 3.4.2 +@end deftypefun diff --git a/doc/functions/gnutls_pkcs7_add_attr.short b/doc/functions/gnutls_pkcs7_add_attr.short new file mode 100644 index 0000000..72bd866 --- /dev/null +++ b/doc/functions/gnutls_pkcs7_add_attr.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pkcs7_add_attr} (gnutls_pkcs7_attrs_t * @var{list}, const char * @var{oid}, gnutls_datum_t * @var{data}, unsigned @var{flags}) diff --git a/doc/functions/gnutls_pkcs7_attrs_deinit b/doc/functions/gnutls_pkcs7_attrs_deinit new file mode 100644 index 0000000..42420da --- /dev/null +++ b/doc/functions/gnutls_pkcs7_attrs_deinit @@ -0,0 +1,11 @@ + + + + +@deftypefun {void} {gnutls_pkcs7_attrs_deinit} (gnutls_pkcs7_attrs_t @var{list}) +@var{list}: A list of existing attributes + +This function will clear a PKCS @code{7} attribute list. + +@strong{Since:} 3.4.2 +@end deftypefun diff --git a/doc/functions/gnutls_pkcs7_attrs_deinit.short b/doc/functions/gnutls_pkcs7_attrs_deinit.short new file mode 100644 index 0000000..81b9798 --- /dev/null +++ b/doc/functions/gnutls_pkcs7_attrs_deinit.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_pkcs7_attrs_deinit} (gnutls_pkcs7_attrs_t @var{list}) diff --git a/doc/functions/gnutls_pkcs7_deinit b/doc/functions/gnutls_pkcs7_deinit new file mode 100644 index 0000000..f379946 --- /dev/null +++ b/doc/functions/gnutls_pkcs7_deinit @@ -0,0 +1,9 @@ + + + + +@deftypefun {void} {gnutls_pkcs7_deinit} (gnutls_pkcs7_t @var{pkcs7}) +@var{pkcs7}: the type to be deinitialized + +This function will deinitialize a PKCS7 type. +@end deftypefun diff --git a/doc/functions/gnutls_pkcs7_deinit.short b/doc/functions/gnutls_pkcs7_deinit.short new file mode 100644 index 0000000..800cf70 --- /dev/null +++ b/doc/functions/gnutls_pkcs7_deinit.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_pkcs7_deinit} (gnutls_pkcs7_t @var{pkcs7}) diff --git a/doc/functions/gnutls_pkcs7_delete_crl b/doc/functions/gnutls_pkcs7_delete_crl new file mode 100644 index 0000000..06cd484 --- /dev/null +++ b/doc/functions/gnutls_pkcs7_delete_crl @@ -0,0 +1,15 @@ + + + + +@deftypefun {int} {gnutls_pkcs7_delete_crl} (gnutls_pkcs7_t @var{pkcs7}, int @var{indx}) +@var{pkcs7}: The pkcs7 type + +@var{indx}: the index of the crl to delete + +This function will delete a crl from a PKCS7 or RFC2630 crl set. +Index starts from 0. Returns 0 on success. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_pkcs7_delete_crl.short b/doc/functions/gnutls_pkcs7_delete_crl.short new file mode 100644 index 0000000..d4e501e --- /dev/null +++ b/doc/functions/gnutls_pkcs7_delete_crl.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pkcs7_delete_crl} (gnutls_pkcs7_t @var{pkcs7}, int @var{indx}) diff --git a/doc/functions/gnutls_pkcs7_delete_crt b/doc/functions/gnutls_pkcs7_delete_crt new file mode 100644 index 0000000..943cbe2 --- /dev/null +++ b/doc/functions/gnutls_pkcs7_delete_crt @@ -0,0 +1,15 @@ + + + + +@deftypefun {int} {gnutls_pkcs7_delete_crt} (gnutls_pkcs7_t @var{pkcs7}, int @var{indx}) +@var{pkcs7}: The pkcs7 type + +@var{indx}: the index of the certificate to delete + +This function will delete a certificate from a PKCS7 or RFC2630 +certificate set. Index starts from 0. Returns 0 on success. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_pkcs7_delete_crt.short b/doc/functions/gnutls_pkcs7_delete_crt.short new file mode 100644 index 0000000..df9fa9f --- /dev/null +++ b/doc/functions/gnutls_pkcs7_delete_crt.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pkcs7_delete_crt} (gnutls_pkcs7_t @var{pkcs7}, int @var{indx}) diff --git a/doc/functions/gnutls_pkcs7_export b/doc/functions/gnutls_pkcs7_export new file mode 100644 index 0000000..ea35ba7 --- /dev/null +++ b/doc/functions/gnutls_pkcs7_export @@ -0,0 +1,26 @@ + + + + +@deftypefun {int} {gnutls_pkcs7_export} (gnutls_pkcs7_t @var{pkcs7}, gnutls_x509_crt_fmt_t @var{format}, void * @var{output_data}, size_t * @var{output_data_size}) +@var{pkcs7}: The pkcs7 type + +@var{format}: the format of output params. One of PEM or DER. + +@var{output_data}: will contain a structure PEM or DER encoded + +@var{output_data_size}: holds the size of output_data (and will be +replaced by the actual size of parameters) + +This function will export the pkcs7 structure to DER or PEM format. + +If the buffer provided is not long enough to hold the output, then +* @code{output_data_size} is updated and @code{GNUTLS_E_SHORT_MEMORY_BUFFER} +will be returned. + +If the structure is PEM encoded, it will have a header +of "BEGIN PKCS7". + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_pkcs7_export.short b/doc/functions/gnutls_pkcs7_export.short new file mode 100644 index 0000000..80b8b5d --- /dev/null +++ b/doc/functions/gnutls_pkcs7_export.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pkcs7_export} (gnutls_pkcs7_t @var{pkcs7}, gnutls_x509_crt_fmt_t @var{format}, void * @var{output_data}, size_t * @var{output_data_size}) diff --git a/doc/functions/gnutls_pkcs7_export2 b/doc/functions/gnutls_pkcs7_export2 new file mode 100644 index 0000000..54dc6d2 --- /dev/null +++ b/doc/functions/gnutls_pkcs7_export2 @@ -0,0 +1,23 @@ + + + + +@deftypefun {int} {gnutls_pkcs7_export2} (gnutls_pkcs7_t @var{pkcs7}, gnutls_x509_crt_fmt_t @var{format}, gnutls_datum_t * @var{out}) +@var{pkcs7}: The pkcs7 type + +@var{format}: the format of output params. One of PEM or DER. + +@var{out}: will contain a structure PEM or DER encoded + +This function will export the pkcs7 structure to DER or PEM format. + +The output buffer is allocated using @code{gnutls_malloc()} . + +If the structure is PEM encoded, it will have a header +of "BEGIN PKCS7". + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.1.3 +@end deftypefun diff --git a/doc/functions/gnutls_pkcs7_export2.short b/doc/functions/gnutls_pkcs7_export2.short new file mode 100644 index 0000000..b7c89bb --- /dev/null +++ b/doc/functions/gnutls_pkcs7_export2.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pkcs7_export2} (gnutls_pkcs7_t @var{pkcs7}, gnutls_x509_crt_fmt_t @var{format}, gnutls_datum_t * @var{out}) diff --git a/doc/functions/gnutls_pkcs7_get_attr b/doc/functions/gnutls_pkcs7_get_attr new file mode 100644 index 0000000..0b7d0be --- /dev/null +++ b/doc/functions/gnutls_pkcs7_get_attr @@ -0,0 +1,25 @@ + + + + +@deftypefun {int} {gnutls_pkcs7_get_attr} (gnutls_pkcs7_attrs_t @var{list}, unsigned @var{idx}, char ** @var{oid}, gnutls_datum_t * @var{data}, unsigned @var{flags}) +@var{list}: A list of existing attributes or @code{NULL} for the first one + +@var{idx}: the index of the attribute to get + +@var{oid}: the OID of the attribute (read-only) + +@var{data}: the raw data of the attribute + +@var{flags}: zero or @code{GNUTLS_PKCS7_ATTR_ENCODE_OCTET_STRING} + +This function will get a PKCS @code{7} attribute from the provided list. +The OID is a constant string, but data will be allocated and must be +deinitialized by the caller. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} is returned +if there are no data in the current index. + +@strong{Since:} 3.4.2 +@end deftypefun diff --git a/doc/functions/gnutls_pkcs7_get_attr.short b/doc/functions/gnutls_pkcs7_get_attr.short new file mode 100644 index 0000000..c946685 --- /dev/null +++ b/doc/functions/gnutls_pkcs7_get_attr.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pkcs7_get_attr} (gnutls_pkcs7_attrs_t @var{list}, unsigned @var{idx}, char ** @var{oid}, gnutls_datum_t * @var{data}, unsigned @var{flags}) diff --git a/doc/functions/gnutls_pkcs7_get_crl_count b/doc/functions/gnutls_pkcs7_get_crl_count new file mode 100644 index 0000000..186c233 --- /dev/null +++ b/doc/functions/gnutls_pkcs7_get_crl_count @@ -0,0 +1,13 @@ + + + + +@deftypefun {int} {gnutls_pkcs7_get_crl_count} (gnutls_pkcs7_t @var{pkcs7}) +@var{pkcs7}: The pkcs7 type + +This function will return the number of certificates in the PKCS7 +or RFC2630 crl set. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_pkcs7_get_crl_count.short b/doc/functions/gnutls_pkcs7_get_crl_count.short new file mode 100644 index 0000000..17e23f7 --- /dev/null +++ b/doc/functions/gnutls_pkcs7_get_crl_count.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pkcs7_get_crl_count} (gnutls_pkcs7_t @var{pkcs7}) diff --git a/doc/functions/gnutls_pkcs7_get_crl_raw b/doc/functions/gnutls_pkcs7_get_crl_raw new file mode 100644 index 0000000..58aff4b --- /dev/null +++ b/doc/functions/gnutls_pkcs7_get_crl_raw @@ -0,0 +1,21 @@ + + + + +@deftypefun {int} {gnutls_pkcs7_get_crl_raw} (gnutls_pkcs7_t @var{pkcs7}, unsigned @var{indx}, void * @var{crl}, size_t * @var{crl_size}) +@var{pkcs7}: The pkcs7 type + +@var{indx}: contains the index of the crl to extract + +@var{crl}: the contents of the crl will be copied there (may be null) + +@var{crl_size}: should hold the size of the crl + +This function will return a crl of the PKCS7 or RFC2630 crl set. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. If the provided buffer is not long enough, +then @code{crl_size} is updated and @code{GNUTLS_E_SHORT_MEMORY_BUFFER} is +returned. After the last crl has been read +@code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} will be returned. +@end deftypefun diff --git a/doc/functions/gnutls_pkcs7_get_crl_raw.short b/doc/functions/gnutls_pkcs7_get_crl_raw.short new file mode 100644 index 0000000..2980b8e --- /dev/null +++ b/doc/functions/gnutls_pkcs7_get_crl_raw.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pkcs7_get_crl_raw} (gnutls_pkcs7_t @var{pkcs7}, unsigned @var{indx}, void * @var{crl}, size_t * @var{crl_size}) diff --git a/doc/functions/gnutls_pkcs7_get_crl_raw2 b/doc/functions/gnutls_pkcs7_get_crl_raw2 new file mode 100644 index 0000000..b1845cc --- /dev/null +++ b/doc/functions/gnutls_pkcs7_get_crl_raw2 @@ -0,0 +1,19 @@ + + + + +@deftypefun {int} {gnutls_pkcs7_get_crl_raw2} (gnutls_pkcs7_t @var{pkcs7}, unsigned @var{indx}, gnutls_datum_t * @var{crl}) +@var{pkcs7}: The pkcs7 type + +@var{indx}: contains the index of the crl to extract + +@var{crl}: will contain the contents of the CRL in an allocated buffer + +This function will return a DER encoded CRL of the PKCS7 or RFC2630 crl set. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. After the last crl has been read +@code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} will be returned. + +@strong{Since:} 3.4.2 +@end deftypefun diff --git a/doc/functions/gnutls_pkcs7_get_crl_raw2.short b/doc/functions/gnutls_pkcs7_get_crl_raw2.short new file mode 100644 index 0000000..945f741 --- /dev/null +++ b/doc/functions/gnutls_pkcs7_get_crl_raw2.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pkcs7_get_crl_raw2} (gnutls_pkcs7_t @var{pkcs7}, unsigned @var{indx}, gnutls_datum_t * @var{crl}) diff --git a/doc/functions/gnutls_pkcs7_get_crt_count b/doc/functions/gnutls_pkcs7_get_crt_count new file mode 100644 index 0000000..7124d95 --- /dev/null +++ b/doc/functions/gnutls_pkcs7_get_crt_count @@ -0,0 +1,13 @@ + + + + +@deftypefun {int} {gnutls_pkcs7_get_crt_count} (gnutls_pkcs7_t @var{pkcs7}) +@var{pkcs7}: should contain a @code{gnutls_pkcs7_t} type + +This function will return the number of certificates in the PKCS7 +or RFC2630 certificate set. + +@strong{Returns:} On success, a positive number is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_pkcs7_get_crt_count.short b/doc/functions/gnutls_pkcs7_get_crt_count.short new file mode 100644 index 0000000..c0d24a3 --- /dev/null +++ b/doc/functions/gnutls_pkcs7_get_crt_count.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pkcs7_get_crt_count} (gnutls_pkcs7_t @var{pkcs7}) diff --git a/doc/functions/gnutls_pkcs7_get_crt_raw b/doc/functions/gnutls_pkcs7_get_crt_raw new file mode 100644 index 0000000..17d4864 --- /dev/null +++ b/doc/functions/gnutls_pkcs7_get_crt_raw @@ -0,0 +1,25 @@ + + + + +@deftypefun {int} {gnutls_pkcs7_get_crt_raw} (gnutls_pkcs7_t @var{pkcs7}, unsigned @var{indx}, void * @var{certificate}, size_t * @var{certificate_size}) +@var{pkcs7}: should contain a gnutls_pkcs7_t type + +@var{indx}: contains the index of the certificate to extract + +@var{certificate}: the contents of the certificate will be copied +there (may be null) + +@var{certificate_size}: should hold the size of the certificate + +This function will return a certificate of the PKCS7 or RFC2630 +certificate set. + +After the last certificate has been read +@code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} will be returned. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. If the provided buffer is not long enough, +then @code{certificate_size} is updated and +@code{GNUTLS_E_SHORT_MEMORY_BUFFER} is returned. +@end deftypefun diff --git a/doc/functions/gnutls_pkcs7_get_crt_raw.short b/doc/functions/gnutls_pkcs7_get_crt_raw.short new file mode 100644 index 0000000..0d3c4c2 --- /dev/null +++ b/doc/functions/gnutls_pkcs7_get_crt_raw.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pkcs7_get_crt_raw} (gnutls_pkcs7_t @var{pkcs7}, unsigned @var{indx}, void * @var{certificate}, size_t * @var{certificate_size}) diff --git a/doc/functions/gnutls_pkcs7_get_crt_raw2 b/doc/functions/gnutls_pkcs7_get_crt_raw2 new file mode 100644 index 0000000..8279366 --- /dev/null +++ b/doc/functions/gnutls_pkcs7_get_crt_raw2 @@ -0,0 +1,24 @@ + + + + +@deftypefun {int} {gnutls_pkcs7_get_crt_raw2} (gnutls_pkcs7_t @var{pkcs7}, unsigned @var{indx}, gnutls_datum_t * @var{cert}) +@var{pkcs7}: should contain a gnutls_pkcs7_t type + +@var{indx}: contains the index of the certificate to extract + +@var{cert}: will hold the contents of the certificate; must be deallocated with @code{gnutls_free()} + +This function will return a certificate of the PKCS7 or RFC2630 +certificate set. + +After the last certificate has been read +@code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} will be returned. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. If the provided buffer is not long enough, +then @code{certificate_size} is updated and +@code{GNUTLS_E_SHORT_MEMORY_BUFFER} is returned. + +@strong{Since:} 3.4.2 +@end deftypefun diff --git a/doc/functions/gnutls_pkcs7_get_crt_raw2.short b/doc/functions/gnutls_pkcs7_get_crt_raw2.short new file mode 100644 index 0000000..918307f --- /dev/null +++ b/doc/functions/gnutls_pkcs7_get_crt_raw2.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pkcs7_get_crt_raw2} (gnutls_pkcs7_t @var{pkcs7}, unsigned @var{indx}, gnutls_datum_t * @var{cert}) diff --git a/doc/functions/gnutls_pkcs7_get_embedded_data b/doc/functions/gnutls_pkcs7_get_embedded_data new file mode 100644 index 0000000..4230336 --- /dev/null +++ b/doc/functions/gnutls_pkcs7_get_embedded_data @@ -0,0 +1,27 @@ + + + + +@deftypefun {int} {gnutls_pkcs7_get_embedded_data} (gnutls_pkcs7_t @var{pkcs7}, unsigned @var{flags}, gnutls_datum_t * @var{data}) +@var{pkcs7}: should contain a gnutls_pkcs7_t type + +@var{flags}: must be zero or @code{GNUTLS_PKCS7_EDATA_GET_RAW} + +@var{data}: will hold the embedded data in the provided structure + +This function will return the data embedded in the signature of +the PKCS7 structure. If no data are available then +@code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} will be returned. + +The returned data must be de-allocated using @code{gnutls_free()} . + +Note, that this function returns the exact same data that are +authenticated. If the @code{GNUTLS_PKCS7_EDATA_GET_RAW} flag is provided, +the returned data will be including the wrapping tag/value as +they are encoded in the structure. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.4.8 +@end deftypefun diff --git a/doc/functions/gnutls_pkcs7_get_embedded_data.short b/doc/functions/gnutls_pkcs7_get_embedded_data.short new file mode 100644 index 0000000..adad76b --- /dev/null +++ b/doc/functions/gnutls_pkcs7_get_embedded_data.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pkcs7_get_embedded_data} (gnutls_pkcs7_t @var{pkcs7}, unsigned @var{flags}, gnutls_datum_t * @var{data}) diff --git a/doc/functions/gnutls_pkcs7_get_embedded_data_oid b/doc/functions/gnutls_pkcs7_get_embedded_data_oid new file mode 100644 index 0000000..cd3b220 --- /dev/null +++ b/doc/functions/gnutls_pkcs7_get_embedded_data_oid @@ -0,0 +1,16 @@ + + + + +@deftypefun {const char *} {gnutls_pkcs7_get_embedded_data_oid} (gnutls_pkcs7_t @var{pkcs7}) +@var{pkcs7}: should contain a gnutls_pkcs7_t type + +This function will return the OID of the data embedded in the signature of +the PKCS7 structure. If no data are available then @code{NULL} will be +returned. The returned value will be valid during the lifetime +of the @code{pkcs7} structure. + +@strong{Returns:} On success, a pointer to an OID string, @code{NULL} on error. + +@strong{Since:} 3.5.5 +@end deftypefun diff --git a/doc/functions/gnutls_pkcs7_get_embedded_data_oid.short b/doc/functions/gnutls_pkcs7_get_embedded_data_oid.short new file mode 100644 index 0000000..ddb8d7c --- /dev/null +++ b/doc/functions/gnutls_pkcs7_get_embedded_data_oid.short @@ -0,0 +1 @@ +@item @var{const char *} @ref{gnutls_pkcs7_get_embedded_data_oid} (gnutls_pkcs7_t @var{pkcs7}) diff --git a/doc/functions/gnutls_pkcs7_get_signature_count b/doc/functions/gnutls_pkcs7_get_signature_count new file mode 100644 index 0000000..8f54cd4 --- /dev/null +++ b/doc/functions/gnutls_pkcs7_get_signature_count @@ -0,0 +1,15 @@ + + + + +@deftypefun {int} {gnutls_pkcs7_get_signature_count} (gnutls_pkcs7_t @var{pkcs7}) +@var{pkcs7}: should contain a @code{gnutls_pkcs7_t} type + +This function will return the number of signatures in the PKCS7 +structure. + +@strong{Returns:} On success, a positive number is returned, otherwise a +negative error value. + +@strong{Since:} 3.4.3 +@end deftypefun diff --git a/doc/functions/gnutls_pkcs7_get_signature_count.short b/doc/functions/gnutls_pkcs7_get_signature_count.short new file mode 100644 index 0000000..bbe90d3 --- /dev/null +++ b/doc/functions/gnutls_pkcs7_get_signature_count.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pkcs7_get_signature_count} (gnutls_pkcs7_t @var{pkcs7}) diff --git a/doc/functions/gnutls_pkcs7_get_signature_info b/doc/functions/gnutls_pkcs7_get_signature_info new file mode 100644 index 0000000..db8a4a7 --- /dev/null +++ b/doc/functions/gnutls_pkcs7_get_signature_info @@ -0,0 +1,20 @@ + + + + +@deftypefun {int} {gnutls_pkcs7_get_signature_info} (gnutls_pkcs7_t @var{pkcs7}, unsigned @var{idx}, gnutls_pkcs7_signature_info_st * @var{info}) +@var{pkcs7}: should contain a @code{gnutls_pkcs7_t} type + +@var{idx}: the index of the signature info to check + +@var{info}: will contain the output signature + +This function will return information about the signature identified +by idx in the provided PKCS @code{7} structure. The information should be +deinitialized using @code{gnutls_pkcs7_signature_info_deinit()} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.4.2 +@end deftypefun diff --git a/doc/functions/gnutls_pkcs7_get_signature_info.short b/doc/functions/gnutls_pkcs7_get_signature_info.short new file mode 100644 index 0000000..63d18a3 --- /dev/null +++ b/doc/functions/gnutls_pkcs7_get_signature_info.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pkcs7_get_signature_info} (gnutls_pkcs7_t @var{pkcs7}, unsigned @var{idx}, gnutls_pkcs7_signature_info_st * @var{info}) diff --git a/doc/functions/gnutls_pkcs7_import b/doc/functions/gnutls_pkcs7_import new file mode 100644 index 0000000..0e4afd3 --- /dev/null +++ b/doc/functions/gnutls_pkcs7_import @@ -0,0 +1,20 @@ + + + + +@deftypefun {int} {gnutls_pkcs7_import} (gnutls_pkcs7_t @var{pkcs7}, const gnutls_datum_t * @var{data}, gnutls_x509_crt_fmt_t @var{format}) +@var{pkcs7}: The data to store the parsed PKCS7. + +@var{data}: The DER or PEM encoded PKCS7. + +@var{format}: One of DER or PEM + +This function will convert the given DER or PEM encoded PKCS7 to +the native @code{gnutls_pkcs7_t} format. The output will be stored in + @code{pkcs7} . + +If the PKCS7 is PEM encoded it should have a header of "PKCS7". + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_pkcs7_import.short b/doc/functions/gnutls_pkcs7_import.short new file mode 100644 index 0000000..3c60773 --- /dev/null +++ b/doc/functions/gnutls_pkcs7_import.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pkcs7_import} (gnutls_pkcs7_t @var{pkcs7}, const gnutls_datum_t * @var{data}, gnutls_x509_crt_fmt_t @var{format}) diff --git a/doc/functions/gnutls_pkcs7_init b/doc/functions/gnutls_pkcs7_init new file mode 100644 index 0000000..4120d5e --- /dev/null +++ b/doc/functions/gnutls_pkcs7_init @@ -0,0 +1,14 @@ + + + + +@deftypefun {int} {gnutls_pkcs7_init} (gnutls_pkcs7_t * @var{pkcs7}) +@var{pkcs7}: A pointer to the type to be initialized + +This function will initialize a PKCS7 structure. PKCS7 structures +usually contain lists of X.509 Certificates and X.509 Certificate +revocation lists. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_pkcs7_init.short b/doc/functions/gnutls_pkcs7_init.short new file mode 100644 index 0000000..bcc8b45 --- /dev/null +++ b/doc/functions/gnutls_pkcs7_init.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pkcs7_init} (gnutls_pkcs7_t * @var{pkcs7}) diff --git a/doc/functions/gnutls_pkcs7_print b/doc/functions/gnutls_pkcs7_print new file mode 100644 index 0000000..1c3b241 --- /dev/null +++ b/doc/functions/gnutls_pkcs7_print @@ -0,0 +1,22 @@ + + + + +@deftypefun {int} {gnutls_pkcs7_print} (gnutls_pkcs7_t @var{pkcs7}, gnutls_certificate_print_formats_t @var{format}, gnutls_datum_t * @var{out}) +@var{pkcs7}: The PKCS7 struct to be printed + +@var{format}: Indicate the format to use + +@var{out}: Newly allocated datum with null terminated string. + +This function will pretty print a signed PKCS @code{7} structure, suitable for +display to a human. + +Currently the supported formats are @code{GNUTLS_CRT_PRINT_FULL} and +@code{GNUTLS_CRT_PRINT_COMPACT} . + +The output @code{out} needs to be deallocated using @code{gnutls_free()} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_pkcs7_print.short b/doc/functions/gnutls_pkcs7_print.short new file mode 100644 index 0000000..fbb9943 --- /dev/null +++ b/doc/functions/gnutls_pkcs7_print.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pkcs7_print} (gnutls_pkcs7_t @var{pkcs7}, gnutls_certificate_print_formats_t @var{format}, gnutls_datum_t * @var{out}) diff --git a/doc/functions/gnutls_pkcs7_set_crl b/doc/functions/gnutls_pkcs7_set_crl new file mode 100644 index 0000000..f97ff99 --- /dev/null +++ b/doc/functions/gnutls_pkcs7_set_crl @@ -0,0 +1,15 @@ + + + + +@deftypefun {int} {gnutls_pkcs7_set_crl} (gnutls_pkcs7_t @var{pkcs7}, gnutls_x509_crl_t @var{crl}) +@var{pkcs7}: The pkcs7 type + +@var{crl}: the DER encoded crl to be added + +This function will add a parsed CRL to the PKCS7 or RFC2630 crl +set. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_pkcs7_set_crl.short b/doc/functions/gnutls_pkcs7_set_crl.short new file mode 100644 index 0000000..13ddaeb --- /dev/null +++ b/doc/functions/gnutls_pkcs7_set_crl.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pkcs7_set_crl} (gnutls_pkcs7_t @var{pkcs7}, gnutls_x509_crl_t @var{crl}) diff --git a/doc/functions/gnutls_pkcs7_set_crl_raw b/doc/functions/gnutls_pkcs7_set_crl_raw new file mode 100644 index 0000000..fed6094 --- /dev/null +++ b/doc/functions/gnutls_pkcs7_set_crl_raw @@ -0,0 +1,14 @@ + + + + +@deftypefun {int} {gnutls_pkcs7_set_crl_raw} (gnutls_pkcs7_t @var{pkcs7}, const gnutls_datum_t * @var{crl}) +@var{pkcs7}: The pkcs7 type + +@var{crl}: the DER encoded crl to be added + +This function will add a crl to the PKCS7 or RFC2630 crl set. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_pkcs7_set_crl_raw.short b/doc/functions/gnutls_pkcs7_set_crl_raw.short new file mode 100644 index 0000000..f56798c --- /dev/null +++ b/doc/functions/gnutls_pkcs7_set_crl_raw.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pkcs7_set_crl_raw} (gnutls_pkcs7_t @var{pkcs7}, const gnutls_datum_t * @var{crl}) diff --git a/doc/functions/gnutls_pkcs7_set_crt b/doc/functions/gnutls_pkcs7_set_crt new file mode 100644 index 0000000..bd42dc2 --- /dev/null +++ b/doc/functions/gnutls_pkcs7_set_crt @@ -0,0 +1,16 @@ + + + + +@deftypefun {int} {gnutls_pkcs7_set_crt} (gnutls_pkcs7_t @var{pkcs7}, gnutls_x509_crt_t @var{crt}) +@var{pkcs7}: The pkcs7 type + +@var{crt}: the certificate to be copied. + +This function will add a parsed certificate to the PKCS7 or +RFC2630 certificate set. This is a wrapper function over +@code{gnutls_pkcs7_set_crt_raw()} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_pkcs7_set_crt.short b/doc/functions/gnutls_pkcs7_set_crt.short new file mode 100644 index 0000000..c390944 --- /dev/null +++ b/doc/functions/gnutls_pkcs7_set_crt.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pkcs7_set_crt} (gnutls_pkcs7_t @var{pkcs7}, gnutls_x509_crt_t @var{crt}) diff --git a/doc/functions/gnutls_pkcs7_set_crt_raw b/doc/functions/gnutls_pkcs7_set_crt_raw new file mode 100644 index 0000000..eaab3de --- /dev/null +++ b/doc/functions/gnutls_pkcs7_set_crt_raw @@ -0,0 +1,15 @@ + + + + +@deftypefun {int} {gnutls_pkcs7_set_crt_raw} (gnutls_pkcs7_t @var{pkcs7}, const gnutls_datum_t * @var{crt}) +@var{pkcs7}: The pkcs7 type + +@var{crt}: the DER encoded certificate to be added + +This function will add a certificate to the PKCS7 or RFC2630 +certificate set. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_pkcs7_set_crt_raw.short b/doc/functions/gnutls_pkcs7_set_crt_raw.short new file mode 100644 index 0000000..2ee5b7f --- /dev/null +++ b/doc/functions/gnutls_pkcs7_set_crt_raw.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pkcs7_set_crt_raw} (gnutls_pkcs7_t @var{pkcs7}, const gnutls_datum_t * @var{crt}) diff --git a/doc/functions/gnutls_pkcs7_sign b/doc/functions/gnutls_pkcs7_sign new file mode 100644 index 0000000..491ed1d --- /dev/null +++ b/doc/functions/gnutls_pkcs7_sign @@ -0,0 +1,35 @@ + + + + +@deftypefun {int} {gnutls_pkcs7_sign} (gnutls_pkcs7_t @var{pkcs7}, gnutls_x509_crt_t @var{signer}, gnutls_privkey_t @var{signer_key}, const gnutls_datum_t * @var{data}, gnutls_pkcs7_attrs_t @var{signed_attrs}, gnutls_pkcs7_attrs_t @var{unsigned_attrs}, gnutls_digest_algorithm_t @var{dig}, unsigned @var{flags}) +@var{pkcs7}: should contain a @code{gnutls_pkcs7_t} type + +@var{signer}: the certificate to sign the structure + +@var{signer_key}: the key to sign the structure + +@var{data}: The data to be signed or @code{NULL} if the data are already embedded + +@var{signed_attrs}: Any additional attributes to be included in the signed ones (or @code{NULL} ) + +@var{unsigned_attrs}: Any additional attributes to be included in the unsigned ones (or @code{NULL} ) + +@var{dig}: The digest algorithm to use for signing + +@var{flags}: Should be zero or one of @code{GNUTLS_PKCS7} flags + +This function will add a signature in the provided PKCS @code{7} structure +for the provided data. Multiple signatures can be made with different +signers. + +The available flags are: +@code{GNUTLS_PKCS7_EMBED_DATA} , @code{GNUTLS_PKCS7_INCLUDE_TIME} , @code{GNUTLS_PKCS7_INCLUDE_CERT} , +and @code{GNUTLS_PKCS7_WRITE_SPKI} . They are explained in the @code{gnutls_pkcs7_sign_flags} +definition. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.4.2 +@end deftypefun diff --git a/doc/functions/gnutls_pkcs7_sign.short b/doc/functions/gnutls_pkcs7_sign.short new file mode 100644 index 0000000..714f563 --- /dev/null +++ b/doc/functions/gnutls_pkcs7_sign.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pkcs7_sign} (gnutls_pkcs7_t @var{pkcs7}, gnutls_x509_crt_t @var{signer}, gnutls_privkey_t @var{signer_key}, const gnutls_datum_t * @var{data}, gnutls_pkcs7_attrs_t @var{signed_attrs}, gnutls_pkcs7_attrs_t @var{unsigned_attrs}, gnutls_digest_algorithm_t @var{dig}, unsigned @var{flags}) diff --git a/doc/functions/gnutls_pkcs7_signature_info_deinit b/doc/functions/gnutls_pkcs7_signature_info_deinit new file mode 100644 index 0000000..6df9c95 --- /dev/null +++ b/doc/functions/gnutls_pkcs7_signature_info_deinit @@ -0,0 +1,12 @@ + + + + +@deftypefun {void} {gnutls_pkcs7_signature_info_deinit} (gnutls_pkcs7_signature_info_st * @var{info}) +@var{info}: should point to a @code{gnutls_pkcs7_signature_info_st} structure + +This function will deinitialize any allocated value in the +provided @code{gnutls_pkcs7_signature_info_st} . + +@strong{Since:} 3.4.2 +@end deftypefun diff --git a/doc/functions/gnutls_pkcs7_signature_info_deinit.short b/doc/functions/gnutls_pkcs7_signature_info_deinit.short new file mode 100644 index 0000000..34be387 --- /dev/null +++ b/doc/functions/gnutls_pkcs7_signature_info_deinit.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_pkcs7_signature_info_deinit} (gnutls_pkcs7_signature_info_st * @var{info}) diff --git a/doc/functions/gnutls_pkcs7_verify b/doc/functions/gnutls_pkcs7_verify new file mode 100644 index 0000000..9b9ba91 --- /dev/null +++ b/doc/functions/gnutls_pkcs7_verify @@ -0,0 +1,31 @@ + + + + +@deftypefun {int} {gnutls_pkcs7_verify} (gnutls_pkcs7_t @var{pkcs7}, gnutls_x509_trust_list_t @var{tl}, gnutls_typed_vdata_st * @var{vdata}, unsigned int @var{vdata_size}, unsigned @var{idx}, const gnutls_datum_t * @var{data}, unsigned @var{flags}) +@var{pkcs7}: should contain a @code{gnutls_pkcs7_t} type + +@var{tl}: A list of trusted certificates + +@var{vdata}: an array of typed data + +@var{vdata_size}: the number of data elements + +@var{idx}: the index of the signature info to check + +@var{data}: The data to be verified or @code{NULL} + +@var{flags}: Zero or an OR list of @code{gnutls_certificate_verify_flags} + +This function will verify the provided data against the signature +present in the SignedData of the PKCS @code{7} structure. If the data +provided are NULL then the data in the encapsulatedContent field +will be used instead. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. A verification error results to a +@code{GNUTLS_E_PK_SIG_VERIFY_FAILED} and the lack of encapsulated data +to verify to a @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} . + +@strong{Since:} 3.4.2 +@end deftypefun diff --git a/doc/functions/gnutls_pkcs7_verify.short b/doc/functions/gnutls_pkcs7_verify.short new file mode 100644 index 0000000..be9f712 --- /dev/null +++ b/doc/functions/gnutls_pkcs7_verify.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pkcs7_verify} (gnutls_pkcs7_t @var{pkcs7}, gnutls_x509_trust_list_t @var{tl}, gnutls_typed_vdata_st * @var{vdata}, unsigned int @var{vdata_size}, unsigned @var{idx}, const gnutls_datum_t * @var{data}, unsigned @var{flags}) diff --git a/doc/functions/gnutls_pkcs7_verify_direct b/doc/functions/gnutls_pkcs7_verify_direct new file mode 100644 index 0000000..cd5858c --- /dev/null +++ b/doc/functions/gnutls_pkcs7_verify_direct @@ -0,0 +1,35 @@ + + + + +@deftypefun {int} {gnutls_pkcs7_verify_direct} (gnutls_pkcs7_t @var{pkcs7}, gnutls_x509_crt_t @var{signer}, unsigned @var{idx}, const gnutls_datum_t * @var{data}, unsigned @var{flags}) +@var{pkcs7}: should contain a @code{gnutls_pkcs7_t} type + +@var{signer}: the certificate believed to have signed the structure + +@var{idx}: the index of the signature info to check + +@var{data}: The data to be verified or @code{NULL} + +@var{flags}: Zero or an OR list of @code{gnutls_certificate_verify_flags} + +This function will verify the provided data against the signature +present in the SignedData of the PKCS @code{7} structure. If the data +provided are NULL then the data in the encapsulatedContent field +will be used instead. + +Note that, unlike @code{gnutls_pkcs7_verify()} this function does not +verify the key purpose of the signer. It is expected for the caller +to verify the intended purpose of the @code{signer} -e.g., via @code{gnutls_x509_crt_get_key_purpose_oid()} , +or @code{gnutls_x509_crt_check_key_purpose()} . + +Note also, that since GnuTLS 3.5.6 this function introduces checks in the +end certificate ( @code{signer} ), including time checks and key usage checks. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. A verification error results to a +@code{GNUTLS_E_PK_SIG_VERIFY_FAILED} and the lack of encapsulated data +to verify to a @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} . + +@strong{Since:} 3.4.2 +@end deftypefun diff --git a/doc/functions/gnutls_pkcs7_verify_direct.short b/doc/functions/gnutls_pkcs7_verify_direct.short new file mode 100644 index 0000000..986c8cb --- /dev/null +++ b/doc/functions/gnutls_pkcs7_verify_direct.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pkcs7_verify_direct} (gnutls_pkcs7_t @var{pkcs7}, gnutls_x509_crt_t @var{signer}, unsigned @var{idx}, const gnutls_datum_t * @var{data}, unsigned @var{flags}) diff --git a/doc/functions/gnutls_pkcs8_info b/doc/functions/gnutls_pkcs8_info new file mode 100644 index 0000000..a96beee --- /dev/null +++ b/doc/functions/gnutls_pkcs8_info @@ -0,0 +1,34 @@ + + + + +@deftypefun {int} {gnutls_pkcs8_info} (const gnutls_datum_t * @var{data}, gnutls_x509_crt_fmt_t @var{format}, unsigned int * @var{schema}, unsigned int * @var{cipher}, void * @var{salt}, unsigned int * @var{salt_size}, unsigned int * @var{iter_count}, char ** @var{oid}) +@var{data}: Holds the PKCS @code{8} data + +@var{format}: the format of the PKCS @code{8} data + +@var{schema}: indicate the schema as one of @code{gnutls_pkcs_encrypt_flags_t} + +@var{cipher}: the cipher used as @code{gnutls_cipher_algorithm_t} + +@var{salt}: PBKDF2 salt (if non-NULL then @code{salt_size} initially holds its size) + +@var{salt_size}: PBKDF2 salt size + +@var{iter_count}: PBKDF2 iteration count + +@var{oid}: if non-NULL it will contain an allocated null-terminated variable with the OID + +This function will provide information on the algorithms used +in a particular PKCS @code{8} structure. If the structure algorithms +are unknown the code @code{GNUTLS_E_UNKNOWN_CIPHER_TYPE} will be returned, +and only @code{oid} , will be set. That is, @code{oid} will be set on encrypted PKCS @code{8} +structures whether supported or not. It must be deinitialized using @code{gnutls_free()} . +The other variables are only set on supported structures. + +@strong{Returns:} @code{GNUTLS_E_INVALID_REQUEST} if the provided structure isn't an encrypted key, +@code{GNUTLS_E_UNKNOWN_CIPHER_TYPE} if the structure's encryption isn't supported, or +another negative error code in case of a failure. Zero on success. + +@strong{Since:} 3.4.0 +@end deftypefun diff --git a/doc/functions/gnutls_pkcs8_info.short b/doc/functions/gnutls_pkcs8_info.short new file mode 100644 index 0000000..e6c1df5 --- /dev/null +++ b/doc/functions/gnutls_pkcs8_info.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pkcs8_info} (const gnutls_datum_t * @var{data}, gnutls_x509_crt_fmt_t @var{format}, unsigned int * @var{schema}, unsigned int * @var{cipher}, void * @var{salt}, unsigned int * @var{salt_size}, unsigned int * @var{iter_count}, char ** @var{oid}) diff --git a/doc/functions/gnutls_pkcs_schema_get_name b/doc/functions/gnutls_pkcs_schema_get_name new file mode 100644 index 0000000..c86029a --- /dev/null +++ b/doc/functions/gnutls_pkcs_schema_get_name @@ -0,0 +1,14 @@ + + + + +@deftypefun {const char *} {gnutls_pkcs_schema_get_name} (unsigned int @var{schema}) +@var{schema}: Holds the PKCS @code{12} or PBES2 schema (@code{gnutls_pkcs_encrypt_flags_t} ) + +This function will return a human readable description of the +PKCS12 or PBES2 schema. + +@strong{Returns:} a constrant string or @code{NULL} on error. + +@strong{Since:} 3.4.0 +@end deftypefun diff --git a/doc/functions/gnutls_pkcs_schema_get_name.short b/doc/functions/gnutls_pkcs_schema_get_name.short new file mode 100644 index 0000000..b46b2d6 --- /dev/null +++ b/doc/functions/gnutls_pkcs_schema_get_name.short @@ -0,0 +1 @@ +@item @var{const char *} @ref{gnutls_pkcs_schema_get_name} (unsigned int @var{schema}) diff --git a/doc/functions/gnutls_pkcs_schema_get_oid b/doc/functions/gnutls_pkcs_schema_get_oid new file mode 100644 index 0000000..eb4f96b --- /dev/null +++ b/doc/functions/gnutls_pkcs_schema_get_oid @@ -0,0 +1,14 @@ + + + + +@deftypefun {const char *} {gnutls_pkcs_schema_get_oid} (unsigned int @var{schema}) +@var{schema}: Holds the PKCS @code{12} or PBES2 schema (@code{gnutls_pkcs_encrypt_flags_t} ) + +This function will return the object identifier of the +PKCS12 or PBES2 schema. + +@strong{Returns:} a constrant string or @code{NULL} on error. + +@strong{Since:} 3.4.0 +@end deftypefun diff --git a/doc/functions/gnutls_pkcs_schema_get_oid.short b/doc/functions/gnutls_pkcs_schema_get_oid.short new file mode 100644 index 0000000..65df7f5 --- /dev/null +++ b/doc/functions/gnutls_pkcs_schema_get_oid.short @@ -0,0 +1 @@ +@item @var{const char *} @ref{gnutls_pkcs_schema_get_oid} (unsigned int @var{schema}) diff --git a/doc/functions/gnutls_prf b/doc/functions/gnutls_prf new file mode 100644 index 0000000..c6e29f2 --- /dev/null +++ b/doc/functions/gnutls_prf @@ -0,0 +1,45 @@ + + + + +@deftypefun {int} {gnutls_prf} (gnutls_session_t @var{session}, size_t @var{label_size}, const char * @var{label}, int @var{server_random_first}, size_t @var{extra_size}, const char * @var{extra}, size_t @var{outsize}, char * @var{out}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{label_size}: length of the @code{label} variable. + +@var{label}: label used in PRF computation, typically a short string. + +@var{server_random_first}: non-zero if server random field should be first in seed + +@var{extra_size}: length of the @code{extra} variable. + +@var{extra}: optional extra data to seed the PRF with. + +@var{outsize}: size of pre-allocated output buffer to hold the output. + +@var{out}: pre-allocated buffer to hold the generated data. + +Applies the TLS Pseudo-Random-Function (PRF) on the master secret +and the provided data, seeded with the client and server random fields. +For the key expansion specified in RFC5705 see @code{gnutls_prf_rfc5705()} . + +The @code{label} variable usually contains a string denoting the purpose +for the generated data. The @code{server_random_first} indicates whether +the client random field or the server random field should be first +in the seed. Non-zero indicates that the server random field is first, +0 that the client random field is first. + +The @code{extra} variable can be used to add more data to the seed, after +the random variables. It can be used to make sure the +generated output is strongly connected to some additional data +(e.g., a string used in user authentication). + +The output is placed in @code{out} , which must be pre-allocated. + +@strong{Note:} This function produces identical output with @code{gnutls_prf_rfc5705()} +when @code{server_random_first} is set to 0 and @code{extra} is @code{NULL} . Under TLS1.3 +this function will only operate when these conditions are true, or otherwise +return @code{GNUTLS_E_INVALID_REQUEST} . + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, or an error code. +@end deftypefun diff --git a/doc/functions/gnutls_prf.short b/doc/functions/gnutls_prf.short new file mode 100644 index 0000000..58a0bfe --- /dev/null +++ b/doc/functions/gnutls_prf.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_prf} (gnutls_session_t @var{session}, size_t @var{label_size}, const char * @var{label}, int @var{server_random_first}, size_t @var{extra_size}, const char * @var{extra}, size_t @var{outsize}, char * @var{out}) diff --git a/doc/functions/gnutls_prf_early b/doc/functions/gnutls_prf_early new file mode 100644 index 0000000..fb328ad --- /dev/null +++ b/doc/functions/gnutls_prf_early @@ -0,0 +1,44 @@ + + + + +@deftypefun {int} {gnutls_prf_early} (gnutls_session_t @var{session}, size_t @var{label_size}, const char * @var{label}, size_t @var{context_size}, const char * @var{context}, size_t @var{outsize}, char * @var{out}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{label_size}: length of the @code{label} variable. + +@var{label}: label used in PRF computation, typically a short string. + +@var{context_size}: length of the @code{extra} variable. + +@var{context}: optional extra data to seed the PRF with. + +@var{outsize}: size of pre-allocated output buffer to hold the output. + +@var{out}: pre-allocated buffer to hold the generated data. + +This function is similar to @code{gnutls_prf_rfc5705()} , but only works in +TLS 1.3 or later to export early keying material. + +Note that the keying material is only available after the +ClientHello message is processed and before the application traffic +keys are established. Therefore this function shall be called in a +handshake hook function for @code{GNUTLS_HANDSHAKE_CLIENT_HELLO} . + +The @code{label} variable usually contains a string denoting the purpose +for the generated data. + +The @code{context} variable can be used to add more data to the seed, after +the random variables. It can be used to make sure the +generated output is strongly connected to some additional data +(e.g., a string used in user authentication). + +The output is placed in @code{out} , which must be pre-allocated. + +Note that, to provide the RFC5705 context, the @code{context} variable +must be non-null. + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, or an error code. + +@strong{Since:} 3.6.6 +@end deftypefun diff --git a/doc/functions/gnutls_prf_early.short b/doc/functions/gnutls_prf_early.short new file mode 100644 index 0000000..6442803 --- /dev/null +++ b/doc/functions/gnutls_prf_early.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_prf_early} (gnutls_session_t @var{session}, size_t @var{label_size}, const char * @var{label}, size_t @var{context_size}, const char * @var{context}, size_t @var{outsize}, char * @var{out}) diff --git a/doc/functions/gnutls_prf_raw b/doc/functions/gnutls_prf_raw new file mode 100644 index 0000000..0058c85 --- /dev/null +++ b/doc/functions/gnutls_prf_raw @@ -0,0 +1,43 @@ + + + + +@deftypefun {int} {gnutls_prf_raw} (gnutls_session_t @var{session}, size_t @var{label_size}, const char * @var{label}, size_t @var{seed_size}, const char * @var{seed}, size_t @var{outsize}, char * @var{out}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{label_size}: length of the @code{label} variable. + +@var{label}: label used in PRF computation, typically a short string. + +@var{seed_size}: length of the @code{seed} variable. + +@var{seed}: optional extra data to seed the PRF with. + +@var{outsize}: size of pre-allocated output buffer to hold the output. + +@var{out}: pre-allocated buffer to hold the generated data. + +Apply the TLS Pseudo-Random-Function (PRF) on the master secret +and the provided data. + +The @code{label} variable usually contains a string denoting the purpose +for the generated data. The @code{seed} usually contains data such as the +client and server random, perhaps together with some additional +data that is added to guarantee uniqueness of the output for a +particular purpose. + +Because the output is not guaranteed to be unique for a particular +session unless @code{seed} includes the client random and server random +fields (the PRF would output the same data on another connection +resumed from the first one), it is not recommended to use this +function directly. The @code{gnutls_prf()} function seeds the PRF with the +client and server random fields directly, and is recommended if you +want to generate pseudo random data unique for each session. + +@strong{Note:} This function will only operate under TLS versions prior to 1.3. +In TLS1.3 the use of PRF is replaced with HKDF and the generic +exporters like @code{gnutls_prf_rfc5705()} should be used instead. Under +TLS1.3 this function returns @code{GNUTLS_E_INVALID_REQUEST} . + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, or an error code. +@end deftypefun diff --git a/doc/functions/gnutls_prf_raw.short b/doc/functions/gnutls_prf_raw.short new file mode 100644 index 0000000..0c84e86 --- /dev/null +++ b/doc/functions/gnutls_prf_raw.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_prf_raw} (gnutls_session_t @var{session}, size_t @var{label_size}, const char * @var{label}, size_t @var{seed_size}, const char * @var{seed}, size_t @var{outsize}, char * @var{out}) diff --git a/doc/functions/gnutls_prf_rfc5705 b/doc/functions/gnutls_prf_rfc5705 new file mode 100644 index 0000000..f559b75 --- /dev/null +++ b/doc/functions/gnutls_prf_rfc5705 @@ -0,0 +1,46 @@ + + + + +@deftypefun {int} {gnutls_prf_rfc5705} (gnutls_session_t @var{session}, size_t @var{label_size}, const char * @var{label}, size_t @var{context_size}, const char * @var{context}, size_t @var{outsize}, char * @var{out}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{label_size}: length of the @code{label} variable. + +@var{label}: label used in PRF computation, typically a short string. + +@var{context_size}: length of the @code{extra} variable. + +@var{context}: optional extra data to seed the PRF with. + +@var{outsize}: size of pre-allocated output buffer to hold the output. + +@var{out}: pre-allocated buffer to hold the generated data. + +Exports keying material from TLS/DTLS session to an application, as +specified in RFC5705. + +In the TLS versions prior to 1.3, it applies the TLS +Pseudo-Random-Function (PRF) on the master secret and the provided +data, seeded with the client and server random fields. + +In TLS 1.3, it applies HKDF on the exporter master secret derived +from the master secret. + +The @code{label} variable usually contains a string denoting the purpose +for the generated data. + +The @code{context} variable can be used to add more data to the seed, after +the random variables. It can be used to make sure the +generated output is strongly connected to some additional data +(e.g., a string used in user authentication). + +The output is placed in @code{out} , which must be pre-allocated. + +Note that, to provide the RFC5705 context, the @code{context} variable +must be non-null. + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, or an error code. + +@strong{Since:} 3.4.4 +@end deftypefun diff --git a/doc/functions/gnutls_prf_rfc5705.short b/doc/functions/gnutls_prf_rfc5705.short new file mode 100644 index 0000000..cf3d183 --- /dev/null +++ b/doc/functions/gnutls_prf_rfc5705.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_prf_rfc5705} (gnutls_session_t @var{session}, size_t @var{label_size}, const char * @var{label}, size_t @var{context_size}, const char * @var{context}, size_t @var{outsize}, char * @var{out}) diff --git a/doc/functions/gnutls_priority_certificate_type_list b/doc/functions/gnutls_priority_certificate_type_list new file mode 100644 index 0000000..f445e48 --- /dev/null +++ b/doc/functions/gnutls_priority_certificate_type_list @@ -0,0 +1,22 @@ + + + + +@deftypefun {int} {gnutls_priority_certificate_type_list} (gnutls_priority_t @var{pcache}, const unsigned int ** @var{list}) +@var{pcache}: is a @code{gnutls_prioritity_t} type. + +@var{list}: will point to an integer list + +Get a list of available certificate types in the priority +structure. + +As of version 3.6.4 this function is an alias for +gnutls_priority_certificate_type_list2 with the target parameter +set to: +- GNUTLS_CTYPE_SERVER, if the @code{SERVER_PRECEDENCE} option is set +- GNUTLS_CTYPE_CLIENT, otherwise. + +@strong{Returns:} the number of certificate types, or an error code. + +@strong{Since:} 3.0 +@end deftypefun diff --git a/doc/functions/gnutls_priority_certificate_type_list.short b/doc/functions/gnutls_priority_certificate_type_list.short new file mode 100644 index 0000000..7265fa4 --- /dev/null +++ b/doc/functions/gnutls_priority_certificate_type_list.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_priority_certificate_type_list} (gnutls_priority_t @var{pcache}, const unsigned int ** @var{list}) diff --git a/doc/functions/gnutls_priority_certificate_type_list2 b/doc/functions/gnutls_priority_certificate_type_list2 new file mode 100644 index 0000000..49fccf7 --- /dev/null +++ b/doc/functions/gnutls_priority_certificate_type_list2 @@ -0,0 +1,19 @@ + + + + +@deftypefun {int} {gnutls_priority_certificate_type_list2} (gnutls_priority_t @var{pcache}, const unsigned int ** @var{list}, gnutls_ctype_target_t @var{target}) +@var{pcache}: is a @code{gnutls_prioritity_t} type. + +@var{list}: will point to an integer list. + +@var{target}: is a @code{gnutls_ctype_target_t} type. Valid arguments are +GNUTLS_CTYPE_CLIENT and GNUTLS_CTYPE_SERVER + +Get a list of available certificate types for the given target +in the priority structure. + +@strong{Returns:} the number of certificate types, or an error code. + +@strong{Since:} 3.6.4 +@end deftypefun diff --git a/doc/functions/gnutls_priority_certificate_type_list2.short b/doc/functions/gnutls_priority_certificate_type_list2.short new file mode 100644 index 0000000..3d8b2f7 --- /dev/null +++ b/doc/functions/gnutls_priority_certificate_type_list2.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_priority_certificate_type_list2} (gnutls_priority_t @var{pcache}, const unsigned int ** @var{list}, gnutls_ctype_target_t @var{target}) diff --git a/doc/functions/gnutls_priority_cipher_list b/doc/functions/gnutls_priority_cipher_list new file mode 100644 index 0000000..11d09a5 --- /dev/null +++ b/doc/functions/gnutls_priority_cipher_list @@ -0,0 +1,16 @@ + + + + +@deftypefun {int} {gnutls_priority_cipher_list} (gnutls_priority_t @var{pcache}, const unsigned int ** @var{list}) +@var{pcache}: is a @code{gnutls_prioritity_t} type. + +@var{list}: will point to an integer list + +Get a list of available ciphers in the priority +structure. + +@strong{Returns:} the number of items, or an error code. + +@strong{Since:} 3.2.3 +@end deftypefun diff --git a/doc/functions/gnutls_priority_cipher_list.short b/doc/functions/gnutls_priority_cipher_list.short new file mode 100644 index 0000000..bddd254 --- /dev/null +++ b/doc/functions/gnutls_priority_cipher_list.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_priority_cipher_list} (gnutls_priority_t @var{pcache}, const unsigned int ** @var{list}) diff --git a/doc/functions/gnutls_priority_compression_list b/doc/functions/gnutls_priority_compression_list new file mode 100644 index 0000000..e7476a7 --- /dev/null +++ b/doc/functions/gnutls_priority_compression_list @@ -0,0 +1,16 @@ + + + + +@deftypefun {int} {gnutls_priority_compression_list} (gnutls_priority_t @var{pcache}, const unsigned int ** @var{list}) +@var{pcache}: is a @code{gnutls_prioritity_t} type. + +@var{list}: will point to an integer list + +Get a list of available compression method in the priority +structure. + +@strong{Returns:} the number of methods, or an error code. + +@strong{Since:} 3.0 +@end deftypefun diff --git a/doc/functions/gnutls_priority_compression_list.short b/doc/functions/gnutls_priority_compression_list.short new file mode 100644 index 0000000..787f124 --- /dev/null +++ b/doc/functions/gnutls_priority_compression_list.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_priority_compression_list} (gnutls_priority_t @var{pcache}, const unsigned int ** @var{list}) diff --git a/doc/functions/gnutls_priority_deinit b/doc/functions/gnutls_priority_deinit new file mode 100644 index 0000000..aaed15b --- /dev/null +++ b/doc/functions/gnutls_priority_deinit @@ -0,0 +1,9 @@ + + + + +@deftypefun {void} {gnutls_priority_deinit} (gnutls_priority_t @var{priority_cache}) +@var{priority_cache}: is a @code{gnutls_prioritity_t} type. + +Deinitializes the priority cache. +@end deftypefun diff --git a/doc/functions/gnutls_priority_deinit.short b/doc/functions/gnutls_priority_deinit.short new file mode 100644 index 0000000..fb452b8 --- /dev/null +++ b/doc/functions/gnutls_priority_deinit.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_priority_deinit} (gnutls_priority_t @var{priority_cache}) diff --git a/doc/functions/gnutls_priority_ecc_curve_list b/doc/functions/gnutls_priority_ecc_curve_list new file mode 100644 index 0000000..76ee90e --- /dev/null +++ b/doc/functions/gnutls_priority_ecc_curve_list @@ -0,0 +1,19 @@ + + + + +@deftypefun {int} {gnutls_priority_ecc_curve_list} (gnutls_priority_t @var{pcache}, const unsigned int ** @var{list}) +@var{pcache}: is a @code{gnutls_prioritity_t} type. + +@var{list}: will point to an integer list + +Get a list of available elliptic curves in the priority +structure. + +@strong{Deprecated:} This function has been replaced by +@code{gnutls_priority_group_list()} since 3.6.0. + +@strong{Returns:} the number of items, or an error code. + +@strong{Since:} 3.0 +@end deftypefun diff --git a/doc/functions/gnutls_priority_ecc_curve_list.short b/doc/functions/gnutls_priority_ecc_curve_list.short new file mode 100644 index 0000000..38ed169 --- /dev/null +++ b/doc/functions/gnutls_priority_ecc_curve_list.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_priority_ecc_curve_list} (gnutls_priority_t @var{pcache}, const unsigned int ** @var{list}) diff --git a/doc/functions/gnutls_priority_get_cipher_suite_index b/doc/functions/gnutls_priority_get_cipher_suite_index new file mode 100644 index 0000000..283d1b4 --- /dev/null +++ b/doc/functions/gnutls_priority_get_cipher_suite_index @@ -0,0 +1,23 @@ + + + + +@deftypefun {int} {gnutls_priority_get_cipher_suite_index} (gnutls_priority_t @var{pcache}, unsigned int @var{idx}, unsigned int * @var{sidx}) +@var{pcache}: is a @code{gnutls_prioritity_t} type. + +@var{idx}: is an index number. + +@var{sidx}: internal index of cipher suite to get information about. + +Provides the internal ciphersuite index to be used with +@code{gnutls_cipher_suite_info()} . The index @code{idx} provided is an +index kept at the priorities structure. It might be that a valid +priorities index does not correspond to a ciphersuite and in +that case @code{GNUTLS_E_UNKNOWN_CIPHER_SUITE} will be returned. +Once the last available index is crossed then +@code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} will be returned. + +@strong{Returns:} On success it returns @code{GNUTLS_E_SUCCESS} (0), or a negative error value otherwise. + +@strong{Since:} 3.0.9 +@end deftypefun diff --git a/doc/functions/gnutls_priority_get_cipher_suite_index.short b/doc/functions/gnutls_priority_get_cipher_suite_index.short new file mode 100644 index 0000000..1ab761a --- /dev/null +++ b/doc/functions/gnutls_priority_get_cipher_suite_index.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_priority_get_cipher_suite_index} (gnutls_priority_t @var{pcache}, unsigned int @var{idx}, unsigned int * @var{sidx}) diff --git a/doc/functions/gnutls_priority_group_list b/doc/functions/gnutls_priority_group_list new file mode 100644 index 0000000..9003933 --- /dev/null +++ b/doc/functions/gnutls_priority_group_list @@ -0,0 +1,16 @@ + + + + +@deftypefun {int} {gnutls_priority_group_list} (gnutls_priority_t @var{pcache}, const unsigned int ** @var{list}) +@var{pcache}: is a @code{gnutls_prioritity_t} type. + +@var{list}: will point to an integer list + +Get a list of available groups in the priority +structure. + +@strong{Returns:} the number of items, or an error code. + +@strong{Since:} 3.6.0 +@end deftypefun diff --git a/doc/functions/gnutls_priority_group_list.short b/doc/functions/gnutls_priority_group_list.short new file mode 100644 index 0000000..e39c4d3 --- /dev/null +++ b/doc/functions/gnutls_priority_group_list.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_priority_group_list} (gnutls_priority_t @var{pcache}, const unsigned int ** @var{list}) diff --git a/doc/functions/gnutls_priority_init b/doc/functions/gnutls_priority_init new file mode 100644 index 0000000..4b8fa0e --- /dev/null +++ b/doc/functions/gnutls_priority_init @@ -0,0 +1,25 @@ + + + + +@deftypefun {int} {gnutls_priority_init} (gnutls_priority_t * @var{priority_cache}, const char * @var{priorities}, const char ** @var{err_pos}) +@var{priority_cache}: is a @code{gnutls_prioritity_t} type. + +@var{priorities}: is a string describing priorities (may be @code{NULL} ) + +@var{err_pos}: In case of an error this will have the position in the string the error occurred + +For applications that do not modify their crypto settings per release, consider +using @code{gnutls_priority_init2()} with @code{GNUTLS_PRIORITY_INIT_DEF_APPEND} flag +instead. We suggest to use centralized crypto settings handled by the GnuTLS +library, and applications modifying the default settings to their needs. + +This function is identical to @code{gnutls_priority_init2()} with zero +flags. + +A @code{NULL} @code{priorities} string indicates the default priorities to be +used (this is available since GnuTLS 3.3.0). + +@strong{Returns:} On syntax error @code{GNUTLS_E_INVALID_REQUEST} is returned, +@code{GNUTLS_E_SUCCESS} on success, or an error code. +@end deftypefun diff --git a/doc/functions/gnutls_priority_init.short b/doc/functions/gnutls_priority_init.short new file mode 100644 index 0000000..0af865a --- /dev/null +++ b/doc/functions/gnutls_priority_init.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_priority_init} (gnutls_priority_t * @var{priority_cache}, const char * @var{priorities}, const char ** @var{err_pos}) diff --git a/doc/functions/gnutls_priority_init2 b/doc/functions/gnutls_priority_init2 new file mode 100644 index 0000000..eb99a83 --- /dev/null +++ b/doc/functions/gnutls_priority_init2 @@ -0,0 +1,105 @@ + + + + +@deftypefun {int} {gnutls_priority_init2} (gnutls_priority_t * @var{priority_cache}, const char * @var{priorities}, const char ** @var{err_pos}, unsigned @var{flags}) +@var{priority_cache}: is a @code{gnutls_prioritity_t} type. + +@var{priorities}: is a string describing priorities (may be @code{NULL} ) + +@var{err_pos}: In case of an error this will have the position in the string the error occurred + +@var{flags}: zero or @code{GNUTLS_PRIORITY_INIT_DEF_APPEND} + +Sets priorities for the ciphers, key exchange methods, and macs. +The @code{priority_cache} should be deinitialized +using @code{gnutls_priority_deinit()} . + +The @code{priorities} option allows you to specify a colon +separated list of the cipher priorities to enable. +Some keywords are defined to provide quick access +to common preferences. + +When @code{flags} is set to @code{GNUTLS_PRIORITY_INIT_DEF_APPEND} then the @code{priorities} specified will be appended to the default options. + +Unless there is a special need, use the "NORMAL" keyword to +apply a reasonable security level, or "NORMAL:%COMPAT" for compatibility. + +"PERFORMANCE" means all the "secure" ciphersuites are enabled, +limited to 128 bit ciphers and sorted by terms of speed +performance. + +"LEGACY" the NORMAL settings for GnuTLS 3.2.x or earlier. There is +no verification profile set, and the allowed DH primes are considered +weak today. + +"NORMAL" means all "secure" ciphersuites. The 256-bit ciphers are +included as a fallback only. The ciphers are sorted by security +margin. + +"PFS" means all "secure" ciphersuites that support perfect forward secrecy. +The 256-bit ciphers are included as a fallback only. +The ciphers are sorted by security margin. + +"SECURE128" means all "secure" ciphersuites of security level 128-bit +or more. + +"SECURE192" means all "secure" ciphersuites of security level 192-bit +or more. + +"SUITEB128" means all the NSA SuiteB ciphersuites with security level +of 128. + +"SUITEB192" means all the NSA SuiteB ciphersuites with security level +of 192. + +"NONE" means nothing is enabled. This disables everything, including protocols. + +"@@KEYWORD1,KEYWORD2,..." The system administrator imposed settings. +The provided keyword(s) will be expanded from a configuration-time +provided file - default is: /etc/gnutls/default-priorities. +Any attributes that follow it, will be appended to the expanded +string. If multiple keywords are provided, separated by commas, +then the first keyword that exists in the configuration file +will be used. At least one of the keywords must exist, or this +function will return an error. Typical usage would be to specify +an application specified keyword first, followed by "SYSTEM" as +a default fallback. e.g., " @code{LIBVIRT} ,SYSTEM:!-VERS-SSL3.0" will +first try to find a config file entry matching "LIBVIRT", but if +that does not exist will use the entry for "SYSTEM". If "SYSTEM" +does not exist either, an error will be returned. In all cases, +the SSL3.0 protocol will be disabled. The system priority file +entries should be formatted as "KEYWORD=VALUE", e.g., +"SYSTEM=NORMAL:+ARCFOUR-128". + +Special keywords are "!", "-" and "+". +"!" or "-" appended with an algorithm will remove this algorithm. +"+" appended with an algorithm will add this algorithm. + +Check the GnuTLS manual section "Priority strings" for detailed +information. + +@strong{Examples:} +"NONE:+VERS-TLS-ALL:+MAC-ALL:+RSA:+AES-128-CBC:+SIGN-ALL:+COMP-NULL" + +"NORMAL:+ARCFOUR-128" means normal ciphers plus ARCFOUR-128. + +"SECURE128:-VERS-SSL3.0" means that only secure ciphers are +and enabled, SSL3.0 is disabled. + +"NONE:+VERS-TLS-ALL:+AES-128-CBC:+RSA:+SHA1:+COMP-NULL:+SIGN-RSA-SHA1", + +"NONE:+VERS-TLS-ALL:+AES-128-CBC:+ECDHE-RSA:+SHA1:+COMP-NULL:+SIGN-RSA-SHA1:+CURVE-SECP256R1", + +"SECURE256:+SECURE128", + +Note that "NORMAL:%COMPAT" is the most compatible mode. + +A @code{NULL} @code{priorities} string indicates the default priorities to be +used (this is available since GnuTLS 3.3.0). + +@strong{Returns:} On syntax error @code{GNUTLS_E_INVALID_REQUEST} is returned, +@code{GNUTLS_E_SUCCESS} on success, or an error code. + +@strong{Since:} 3.6.3 +@end deftypefun diff --git a/doc/functions/gnutls_priority_init2.short b/doc/functions/gnutls_priority_init2.short new file mode 100644 index 0000000..4284e68 --- /dev/null +++ b/doc/functions/gnutls_priority_init2.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_priority_init2} (gnutls_priority_t * @var{priority_cache}, const char * @var{priorities}, const char ** @var{err_pos}, unsigned @var{flags}) diff --git a/doc/functions/gnutls_priority_kx_list b/doc/functions/gnutls_priority_kx_list new file mode 100644 index 0000000..4cfd36b --- /dev/null +++ b/doc/functions/gnutls_priority_kx_list @@ -0,0 +1,16 @@ + + + + +@deftypefun {int} {gnutls_priority_kx_list} (gnutls_priority_t @var{pcache}, const unsigned int ** @var{list}) +@var{pcache}: is a @code{gnutls_prioritity_t} type. + +@var{list}: will point to an integer list + +Get a list of available key exchange methods in the priority +structure. + +@strong{Returns:} the number of items, or an error code. + +@strong{Since:} 3.2.3 +@end deftypefun diff --git a/doc/functions/gnutls_priority_kx_list.short b/doc/functions/gnutls_priority_kx_list.short new file mode 100644 index 0000000..2f398e8 --- /dev/null +++ b/doc/functions/gnutls_priority_kx_list.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_priority_kx_list} (gnutls_priority_t @var{pcache}, const unsigned int ** @var{list}) diff --git a/doc/functions/gnutls_priority_mac_list b/doc/functions/gnutls_priority_mac_list new file mode 100644 index 0000000..e1f5d21 --- /dev/null +++ b/doc/functions/gnutls_priority_mac_list @@ -0,0 +1,16 @@ + + + + +@deftypefun {int} {gnutls_priority_mac_list} (gnutls_priority_t @var{pcache}, const unsigned int ** @var{list}) +@var{pcache}: is a @code{gnutls_prioritity_t} type. + +@var{list}: will point to an integer list + +Get a list of available MAC algorithms in the priority +structure. + +@strong{Returns:} the number of items, or an error code. + +@strong{Since:} 3.2.3 +@end deftypefun diff --git a/doc/functions/gnutls_priority_mac_list.short b/doc/functions/gnutls_priority_mac_list.short new file mode 100644 index 0000000..dc20832 --- /dev/null +++ b/doc/functions/gnutls_priority_mac_list.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_priority_mac_list} (gnutls_priority_t @var{pcache}, const unsigned int ** @var{list}) diff --git a/doc/functions/gnutls_priority_protocol_list b/doc/functions/gnutls_priority_protocol_list new file mode 100644 index 0000000..850f012 --- /dev/null +++ b/doc/functions/gnutls_priority_protocol_list @@ -0,0 +1,16 @@ + + + + +@deftypefun {int} {gnutls_priority_protocol_list} (gnutls_priority_t @var{pcache}, const unsigned int ** @var{list}) +@var{pcache}: is a @code{gnutls_prioritity_t} type. + +@var{list}: will point to an integer list + +Get a list of available TLS version numbers in the priority +structure. + +@strong{Returns:} the number of protocols, or an error code. + +@strong{Since:} 3.0 +@end deftypefun diff --git a/doc/functions/gnutls_priority_protocol_list.short b/doc/functions/gnutls_priority_protocol_list.short new file mode 100644 index 0000000..4d879cf --- /dev/null +++ b/doc/functions/gnutls_priority_protocol_list.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_priority_protocol_list} (gnutls_priority_t @var{pcache}, const unsigned int ** @var{list}) diff --git a/doc/functions/gnutls_priority_set b/doc/functions/gnutls_priority_set new file mode 100644 index 0000000..d298d11 --- /dev/null +++ b/doc/functions/gnutls_priority_set @@ -0,0 +1,17 @@ + + + + +@deftypefun {int} {gnutls_priority_set} (gnutls_session_t @var{session}, gnutls_priority_t @var{priority}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{priority}: is a @code{gnutls_priority_t} type. + +Sets the priorities to use on the ciphers, key exchange methods, +and macs. Note that this function is expected to be called once +per session; when called multiple times (e.g., before a re-handshake, +the caller should make sure that any new settings are not incompatible +with the original session). + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, or an error code on error. +@end deftypefun diff --git a/doc/functions/gnutls_priority_set.short b/doc/functions/gnutls_priority_set.short new file mode 100644 index 0000000..bc6bbcd --- /dev/null +++ b/doc/functions/gnutls_priority_set.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_priority_set} (gnutls_session_t @var{session}, gnutls_priority_t @var{priority}) diff --git a/doc/functions/gnutls_priority_set_direct b/doc/functions/gnutls_priority_set_direct new file mode 100644 index 0000000..d1e40b8 --- /dev/null +++ b/doc/functions/gnutls_priority_set_direct @@ -0,0 +1,22 @@ + + + + +@deftypefun {int} {gnutls_priority_set_direct} (gnutls_session_t @var{session}, const char * @var{priorities}, const char ** @var{err_pos}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{priorities}: is a string describing priorities + +@var{err_pos}: In case of an error this will have the position in the string the error occurred + +Sets the priorities to use on the ciphers, key exchange methods, +and macs. This function avoids keeping a +priority cache and is used to directly set string priorities to a +TLS session. For documentation check the @code{gnutls_priority_init()} . + +To use a reasonable default, consider using @code{gnutls_set_default_priority()} , +or @code{gnutls_set_default_priority_append()} instead of this function. + +@strong{Returns:} On syntax error @code{GNUTLS_E_INVALID_REQUEST} is returned, +@code{GNUTLS_E_SUCCESS} on success, or an error code. +@end deftypefun diff --git a/doc/functions/gnutls_priority_set_direct.short b/doc/functions/gnutls_priority_set_direct.short new file mode 100644 index 0000000..00528ed --- /dev/null +++ b/doc/functions/gnutls_priority_set_direct.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_priority_set_direct} (gnutls_session_t @var{session}, const char * @var{priorities}, const char ** @var{err_pos}) diff --git a/doc/functions/gnutls_priority_sign_list b/doc/functions/gnutls_priority_sign_list new file mode 100644 index 0000000..fcec33a --- /dev/null +++ b/doc/functions/gnutls_priority_sign_list @@ -0,0 +1,16 @@ + + + + +@deftypefun {int} {gnutls_priority_sign_list} (gnutls_priority_t @var{pcache}, const unsigned int ** @var{list}) +@var{pcache}: is a @code{gnutls_prioritity_t} type. + +@var{list}: will point to an integer list + +Get a list of available signature algorithms in the priority +structure. + +@strong{Returns:} the number of algorithms, or an error code. + +@strong{Since:} 3.0 +@end deftypefun diff --git a/doc/functions/gnutls_priority_sign_list.short b/doc/functions/gnutls_priority_sign_list.short new file mode 100644 index 0000000..09207ee --- /dev/null +++ b/doc/functions/gnutls_priority_sign_list.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_priority_sign_list} (gnutls_priority_t @var{pcache}, const unsigned int ** @var{list}) diff --git a/doc/functions/gnutls_priority_string_list b/doc/functions/gnutls_priority_string_list new file mode 100644 index 0000000..8260f3c --- /dev/null +++ b/doc/functions/gnutls_priority_string_list @@ -0,0 +1,18 @@ + + + + +@deftypefun {const char *} {gnutls_priority_string_list} (unsigned @var{iter}, unsigned int @var{flags}) +@var{iter}: an integer counter starting from zero + +@var{flags}: one of @code{GNUTLS_PRIORITY_LIST_INIT_KEYWORDS} , @code{GNUTLS_PRIORITY_LIST_SPECIAL} + +Can be used to iterate all available priority strings. +Due to internal implementation details, there are cases where this +function can return the empty string. In that case that string should be ignored. +When no strings are available it returns @code{NULL} . + +@strong{Returns:} a priority string + +@strong{Since:} 3.4.0 +@end deftypefun diff --git a/doc/functions/gnutls_priority_string_list.short b/doc/functions/gnutls_priority_string_list.short new file mode 100644 index 0000000..45bc934 --- /dev/null +++ b/doc/functions/gnutls_priority_string_list.short @@ -0,0 +1 @@ +@item @var{const char *} @ref{gnutls_priority_string_list} (unsigned @var{iter}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_privkey_decrypt_data b/doc/functions/gnutls_privkey_decrypt_data new file mode 100644 index 0000000..b1e9ed1 --- /dev/null +++ b/doc/functions/gnutls_privkey_decrypt_data @@ -0,0 +1,21 @@ + + + + +@deftypefun {int} {gnutls_privkey_decrypt_data} (gnutls_privkey_t @var{key}, unsigned int @var{flags}, const gnutls_datum_t * @var{ciphertext}, gnutls_datum_t * @var{plaintext}) +@var{key}: Holds the key + +@var{flags}: zero for now + +@var{ciphertext}: holds the data to be decrypted + +@var{plaintext}: will contain the decrypted data, allocated with @code{gnutls_malloc()} + +This function will decrypt the given data using the algorithm +supported by the private key. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 2.12.0 +@end deftypefun diff --git a/doc/functions/gnutls_privkey_decrypt_data.short b/doc/functions/gnutls_privkey_decrypt_data.short new file mode 100644 index 0000000..432a734 --- /dev/null +++ b/doc/functions/gnutls_privkey_decrypt_data.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_privkey_decrypt_data} (gnutls_privkey_t @var{key}, unsigned int @var{flags}, const gnutls_datum_t * @var{ciphertext}, gnutls_datum_t * @var{plaintext}) diff --git a/doc/functions/gnutls_privkey_decrypt_data2 b/doc/functions/gnutls_privkey_decrypt_data2 new file mode 100644 index 0000000..2c5eb55 --- /dev/null +++ b/doc/functions/gnutls_privkey_decrypt_data2 @@ -0,0 +1,24 @@ + + + + +@deftypefun {int} {gnutls_privkey_decrypt_data2} (gnutls_privkey_t @var{key}, unsigned int @var{flags}, const gnutls_datum_t * @var{ciphertext}, unsigned char * @var{plaintext}, size_t @var{plaintext_size}) +@var{key}: Holds the key + +@var{flags}: zero for now + +@var{ciphertext}: holds the data to be decrypted + +@var{plaintext}: a preallocated buffer that will be filled with the plaintext + +@var{plaintext_size}: in/out size of the plaintext + +This function will decrypt the given data using the algorithm +supported by the private key. Unlike with @code{gnutls_privkey_decrypt_data()} +this function operates in constant time and constant memory access. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.6.5 +@end deftypefun diff --git a/doc/functions/gnutls_privkey_decrypt_data2.short b/doc/functions/gnutls_privkey_decrypt_data2.short new file mode 100644 index 0000000..e66286f --- /dev/null +++ b/doc/functions/gnutls_privkey_decrypt_data2.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_privkey_decrypt_data2} (gnutls_privkey_t @var{key}, unsigned int @var{flags}, const gnutls_datum_t * @var{ciphertext}, unsigned char * @var{plaintext}, size_t @var{plaintext_size}) diff --git a/doc/functions/gnutls_privkey_deinit b/doc/functions/gnutls_privkey_deinit new file mode 100644 index 0000000..610a4e5 --- /dev/null +++ b/doc/functions/gnutls_privkey_deinit @@ -0,0 +1,11 @@ + + + + +@deftypefun {void} {gnutls_privkey_deinit} (gnutls_privkey_t @var{key}) +@var{key}: The key to be deinitialized + +This function will deinitialize a private key structure. + +@strong{Since:} 2.12.0 +@end deftypefun diff --git a/doc/functions/gnutls_privkey_deinit.short b/doc/functions/gnutls_privkey_deinit.short new file mode 100644 index 0000000..6b2853d --- /dev/null +++ b/doc/functions/gnutls_privkey_deinit.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_privkey_deinit} (gnutls_privkey_t @var{key}) diff --git a/doc/functions/gnutls_privkey_export_dsa_raw b/doc/functions/gnutls_privkey_export_dsa_raw new file mode 100644 index 0000000..031dcb3 --- /dev/null +++ b/doc/functions/gnutls_privkey_export_dsa_raw @@ -0,0 +1,25 @@ + + + + +@deftypefun {int} {gnutls_privkey_export_dsa_raw} (gnutls_privkey_t @var{key}, gnutls_datum_t * @var{p}, gnutls_datum_t * @var{q}, gnutls_datum_t * @var{g}, gnutls_datum_t * @var{y}, gnutls_datum_t * @var{x}) +@var{key}: Holds the public key + +@var{p}: will hold the p + +@var{q}: will hold the q + +@var{g}: will hold the g + +@var{y}: will hold the y + +@var{x}: will hold the x + +This function will export the DSA private key's parameters found +in the given structure. The new parameters will be allocated using +@code{gnutls_malloc()} and will be stored in the appropriate datum. + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, otherwise a negative error code. + +@strong{Since:} 3.3.0 +@end deftypefun diff --git a/doc/functions/gnutls_privkey_export_dsa_raw.short b/doc/functions/gnutls_privkey_export_dsa_raw.short new file mode 100644 index 0000000..ea1e289 --- /dev/null +++ b/doc/functions/gnutls_privkey_export_dsa_raw.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_privkey_export_dsa_raw} (gnutls_privkey_t @var{key}, gnutls_datum_t * @var{p}, gnutls_datum_t * @var{q}, gnutls_datum_t * @var{g}, gnutls_datum_t * @var{y}, gnutls_datum_t * @var{x}) diff --git a/doc/functions/gnutls_privkey_export_dsa_raw2 b/doc/functions/gnutls_privkey_export_dsa_raw2 new file mode 100644 index 0000000..c793aa4 --- /dev/null +++ b/doc/functions/gnutls_privkey_export_dsa_raw2 @@ -0,0 +1,27 @@ + + + + +@deftypefun {int} {gnutls_privkey_export_dsa_raw2} (gnutls_privkey_t @var{key}, gnutls_datum_t * @var{p}, gnutls_datum_t * @var{q}, gnutls_datum_t * @var{g}, gnutls_datum_t * @var{y}, gnutls_datum_t * @var{x}, unsigned int @var{flags}) +@var{key}: Holds the public key + +@var{p}: will hold the p + +@var{q}: will hold the q + +@var{g}: will hold the g + +@var{y}: will hold the y + +@var{x}: will hold the x + +@var{flags}: flags from @code{gnutls_abstract_export_flags_t} + +This function will export the DSA private key's parameters found +in the given structure. The new parameters will be allocated using +@code{gnutls_malloc()} and will be stored in the appropriate datum. + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, otherwise a negative error code. + +@strong{Since:} 3.6.0 +@end deftypefun diff --git a/doc/functions/gnutls_privkey_export_dsa_raw2.short b/doc/functions/gnutls_privkey_export_dsa_raw2.short new file mode 100644 index 0000000..b3379ba --- /dev/null +++ b/doc/functions/gnutls_privkey_export_dsa_raw2.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_privkey_export_dsa_raw2} (gnutls_privkey_t @var{key}, gnutls_datum_t * @var{p}, gnutls_datum_t * @var{q}, gnutls_datum_t * @var{g}, gnutls_datum_t * @var{y}, gnutls_datum_t * @var{x}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_privkey_export_ecc_raw b/doc/functions/gnutls_privkey_export_ecc_raw new file mode 100644 index 0000000..fe9f736 --- /dev/null +++ b/doc/functions/gnutls_privkey_export_ecc_raw @@ -0,0 +1,26 @@ + + + + +@deftypefun {int} {gnutls_privkey_export_ecc_raw} (gnutls_privkey_t @var{key}, gnutls_ecc_curve_t * @var{curve}, gnutls_datum_t * @var{x}, gnutls_datum_t * @var{y}, gnutls_datum_t * @var{k}) +@var{key}: Holds the public key + +@var{curve}: will hold the curve + +@var{x}: will hold the x-coordinate + +@var{y}: will hold the y-coordinate + +@var{k}: will hold the private key + +This function will export the ECC private key's parameters found +in the given structure. The new parameters will be allocated using +@code{gnutls_malloc()} and will be stored in the appropriate datum. + +In EdDSA curves the @code{y} parameter will be @code{NULL} and the other parameters +will be in the native format for the curve. + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, otherwise a negative error code. + +@strong{Since:} 3.3.0 +@end deftypefun diff --git a/doc/functions/gnutls_privkey_export_ecc_raw.short b/doc/functions/gnutls_privkey_export_ecc_raw.short new file mode 100644 index 0000000..1101888 --- /dev/null +++ b/doc/functions/gnutls_privkey_export_ecc_raw.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_privkey_export_ecc_raw} (gnutls_privkey_t @var{key}, gnutls_ecc_curve_t * @var{curve}, gnutls_datum_t * @var{x}, gnutls_datum_t * @var{y}, gnutls_datum_t * @var{k}) diff --git a/doc/functions/gnutls_privkey_export_ecc_raw2 b/doc/functions/gnutls_privkey_export_ecc_raw2 new file mode 100644 index 0000000..18c8539 --- /dev/null +++ b/doc/functions/gnutls_privkey_export_ecc_raw2 @@ -0,0 +1,28 @@ + + + + +@deftypefun {int} {gnutls_privkey_export_ecc_raw2} (gnutls_privkey_t @var{key}, gnutls_ecc_curve_t * @var{curve}, gnutls_datum_t * @var{x}, gnutls_datum_t * @var{y}, gnutls_datum_t * @var{k}, unsigned int @var{flags}) +@var{key}: Holds the public key + +@var{curve}: will hold the curve + +@var{x}: will hold the x-coordinate + +@var{y}: will hold the y-coordinate + +@var{k}: will hold the private key + +@var{flags}: flags from @code{gnutls_abstract_export_flags_t} + +This function will export the ECC private key's parameters found +in the given structure. The new parameters will be allocated using +@code{gnutls_malloc()} and will be stored in the appropriate datum. + +In EdDSA curves the @code{y} parameter will be @code{NULL} and the other parameters +will be in the native format for the curve. + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, otherwise a negative error code. + +@strong{Since:} 3.6.0 +@end deftypefun diff --git a/doc/functions/gnutls_privkey_export_ecc_raw2.short b/doc/functions/gnutls_privkey_export_ecc_raw2.short new file mode 100644 index 0000000..f304764 --- /dev/null +++ b/doc/functions/gnutls_privkey_export_ecc_raw2.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_privkey_export_ecc_raw2} (gnutls_privkey_t @var{key}, gnutls_ecc_curve_t * @var{curve}, gnutls_datum_t * @var{x}, gnutls_datum_t * @var{y}, gnutls_datum_t * @var{k}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_privkey_export_gost_raw2 b/doc/functions/gnutls_privkey_export_gost_raw2 new file mode 100644 index 0000000..2719fcf --- /dev/null +++ b/doc/functions/gnutls_privkey_export_gost_raw2 @@ -0,0 +1,32 @@ + + + + +@deftypefun {int} {gnutls_privkey_export_gost_raw2} (gnutls_privkey_t @var{key}, gnutls_ecc_curve_t * @var{curve}, gnutls_digest_algorithm_t * @var{digest}, gnutls_gost_paramset_t * @var{paramset}, gnutls_datum_t * @var{x}, gnutls_datum_t * @var{y}, gnutls_datum_t * @var{k}, unsigned int @var{flags}) +@var{key}: Holds the public key + +@var{curve}: will hold the curve + +@var{digest}: will hold the digest + +@var{paramset}: will hold the GOST parameter set ID + +@var{x}: will hold the x-coordinate + +@var{y}: will hold the y-coordinate + +@var{k}: will hold the private key + +@var{flags}: flags from @code{gnutls_abstract_export_flags_t} + +This function will export the GOST private key's parameters found +in the given structure. The new parameters will be allocated using +@code{gnutls_malloc()} and will be stored in the appropriate datum. + +@strong{Note:} parameters will be stored with least significant byte first. On +version 3.6.3 this was incorrectly returned in big-endian format. + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, otherwise a negative error code. + +@strong{Since:} 3.6.3 +@end deftypefun diff --git a/doc/functions/gnutls_privkey_export_gost_raw2.short b/doc/functions/gnutls_privkey_export_gost_raw2.short new file mode 100644 index 0000000..637dd48 --- /dev/null +++ b/doc/functions/gnutls_privkey_export_gost_raw2.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_privkey_export_gost_raw2} (gnutls_privkey_t @var{key}, gnutls_ecc_curve_t * @var{curve}, gnutls_digest_algorithm_t * @var{digest}, gnutls_gost_paramset_t * @var{paramset}, gnutls_datum_t * @var{x}, gnutls_datum_t * @var{y}, gnutls_datum_t * @var{k}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_privkey_export_openpgp b/doc/functions/gnutls_privkey_export_openpgp new file mode 100644 index 0000000..114417c --- /dev/null +++ b/doc/functions/gnutls_privkey_export_openpgp @@ -0,0 +1,15 @@ + + + + +@deftypefun {int} {gnutls_privkey_export_openpgp} (gnutls_privkey_t @var{pkey}, gnutls_openpgp_privkey_t * @var{key}) +@var{pkey}: The private key + +@var{key}: Location for the key to be exported. + +This function is no-op. + +@strong{Returns:} @code{GNUTLS_E_UNIMPLEMENTED_FEATURE} . + +@strong{Since:} 3.4.0 +@end deftypefun diff --git a/doc/functions/gnutls_privkey_export_openpgp.short b/doc/functions/gnutls_privkey_export_openpgp.short new file mode 100644 index 0000000..21da178 --- /dev/null +++ b/doc/functions/gnutls_privkey_export_openpgp.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_privkey_export_openpgp} (gnutls_privkey_t @var{pkey}, gnutls_openpgp_privkey_t * @var{key}) diff --git a/doc/functions/gnutls_privkey_export_pkcs11 b/doc/functions/gnutls_privkey_export_pkcs11 new file mode 100644 index 0000000..e94b154 --- /dev/null +++ b/doc/functions/gnutls_privkey_export_pkcs11 @@ -0,0 +1,19 @@ + + + + +@deftypefun {int} {gnutls_privkey_export_pkcs11} (gnutls_privkey_t @var{pkey}, gnutls_pkcs11_privkey_t * @var{key}) +@var{pkey}: The private key + +@var{key}: Location for the key to be exported. + +Converts the given abstract private key to a @code{gnutls_pkcs11_privkey_t} +type. The key must be of type @code{GNUTLS_PRIVKEY_PKCS11} . The key +returned in @code{key} must be deinitialized with +@code{gnutls_pkcs11_privkey_deinit()} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.4.0 +@end deftypefun diff --git a/doc/functions/gnutls_privkey_export_pkcs11.short b/doc/functions/gnutls_privkey_export_pkcs11.short new file mode 100644 index 0000000..60330dc --- /dev/null +++ b/doc/functions/gnutls_privkey_export_pkcs11.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_privkey_export_pkcs11} (gnutls_privkey_t @var{pkey}, gnutls_pkcs11_privkey_t * @var{key}) diff --git a/doc/functions/gnutls_privkey_export_rsa_raw b/doc/functions/gnutls_privkey_export_rsa_raw new file mode 100644 index 0000000..711dc00 --- /dev/null +++ b/doc/functions/gnutls_privkey_export_rsa_raw @@ -0,0 +1,32 @@ + + + + +@deftypefun {int} {gnutls_privkey_export_rsa_raw} (gnutls_privkey_t @var{key}, gnutls_datum_t * @var{m}, gnutls_datum_t * @var{e}, gnutls_datum_t * @var{d}, gnutls_datum_t * @var{p}, gnutls_datum_t * @var{q}, gnutls_datum_t * @var{u}, gnutls_datum_t * @var{e1}, gnutls_datum_t * @var{e2}) +@var{key}: Holds the certificate + +@var{m}: will hold the modulus + +@var{e}: will hold the public exponent + +@var{d}: will hold the private exponent + +@var{p}: will hold the first prime (p) + +@var{q}: will hold the second prime (q) + +@var{u}: will hold the coefficient + +@var{e1}: will hold e1 = d mod (p-1) + +@var{e2}: will hold e2 = d mod (q-1) + +This function will export the RSA private key's parameters found +in the given structure. The new parameters will be allocated using +@code{gnutls_malloc()} and will be stored in the appropriate datum. For +EdDSA keys, the @code{y} value should be @code{NULL} . + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, otherwise a negative error code. + +@strong{Since:} 3.3.0 +@end deftypefun diff --git a/doc/functions/gnutls_privkey_export_rsa_raw.short b/doc/functions/gnutls_privkey_export_rsa_raw.short new file mode 100644 index 0000000..659a813 --- /dev/null +++ b/doc/functions/gnutls_privkey_export_rsa_raw.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_privkey_export_rsa_raw} (gnutls_privkey_t @var{key}, gnutls_datum_t * @var{m}, gnutls_datum_t * @var{e}, gnutls_datum_t * @var{d}, gnutls_datum_t * @var{p}, gnutls_datum_t * @var{q}, gnutls_datum_t * @var{u}, gnutls_datum_t * @var{e1}, gnutls_datum_t * @var{e2}) diff --git a/doc/functions/gnutls_privkey_export_rsa_raw2 b/doc/functions/gnutls_privkey_export_rsa_raw2 new file mode 100644 index 0000000..4e27a27 --- /dev/null +++ b/doc/functions/gnutls_privkey_export_rsa_raw2 @@ -0,0 +1,33 @@ + + + + +@deftypefun {int} {gnutls_privkey_export_rsa_raw2} (gnutls_privkey_t @var{key}, gnutls_datum_t * @var{m}, gnutls_datum_t * @var{e}, gnutls_datum_t * @var{d}, gnutls_datum_t * @var{p}, gnutls_datum_t * @var{q}, gnutls_datum_t * @var{u}, gnutls_datum_t * @var{e1}, gnutls_datum_t * @var{e2}, unsigned int @var{flags}) +@var{key}: Holds the certificate + +@var{m}: will hold the modulus + +@var{e}: will hold the public exponent + +@var{d}: will hold the private exponent + +@var{p}: will hold the first prime (p) + +@var{q}: will hold the second prime (q) + +@var{u}: will hold the coefficient + +@var{e1}: will hold e1 = d mod (p-1) + +@var{e2}: will hold e2 = d mod (q-1) + +@var{flags}: flags from @code{gnutls_abstract_export_flags_t} + +This function will export the RSA private key's parameters found +in the given structure. The new parameters will be allocated using +@code{gnutls_malloc()} and will be stored in the appropriate datum. + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, otherwise a negative error code. + +@strong{Since:} 3.6.0 +@end deftypefun diff --git a/doc/functions/gnutls_privkey_export_rsa_raw2.short b/doc/functions/gnutls_privkey_export_rsa_raw2.short new file mode 100644 index 0000000..ecd428b --- /dev/null +++ b/doc/functions/gnutls_privkey_export_rsa_raw2.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_privkey_export_rsa_raw2} (gnutls_privkey_t @var{key}, gnutls_datum_t * @var{m}, gnutls_datum_t * @var{e}, gnutls_datum_t * @var{d}, gnutls_datum_t * @var{p}, gnutls_datum_t * @var{q}, gnutls_datum_t * @var{u}, gnutls_datum_t * @var{e1}, gnutls_datum_t * @var{e2}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_privkey_export_x509 b/doc/functions/gnutls_privkey_export_x509 new file mode 100644 index 0000000..ede6022 --- /dev/null +++ b/doc/functions/gnutls_privkey_export_x509 @@ -0,0 +1,19 @@ + + + + +@deftypefun {int} {gnutls_privkey_export_x509} (gnutls_privkey_t @var{pkey}, gnutls_x509_privkey_t * @var{key}) +@var{pkey}: The private key + +@var{key}: Location for the key to be exported. + +Converts the given abstract private key to a @code{gnutls_x509_privkey_t} +type. The abstract key must be of type @code{GNUTLS_PRIVKEY_X509} . The input + @code{key} must not be initialized. The key returned in @code{key} should be deinitialized +using @code{gnutls_x509_privkey_deinit()} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.4.0 +@end deftypefun diff --git a/doc/functions/gnutls_privkey_export_x509.short b/doc/functions/gnutls_privkey_export_x509.short new file mode 100644 index 0000000..27036ad --- /dev/null +++ b/doc/functions/gnutls_privkey_export_x509.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_privkey_export_x509} (gnutls_privkey_t @var{pkey}, gnutls_x509_privkey_t * @var{key}) diff --git a/doc/functions/gnutls_privkey_generate b/doc/functions/gnutls_privkey_generate new file mode 100644 index 0000000..6cd64c6 --- /dev/null +++ b/doc/functions/gnutls_privkey_generate @@ -0,0 +1,39 @@ + + + + +@deftypefun {int} {gnutls_privkey_generate} (gnutls_privkey_t @var{pkey}, gnutls_pk_algorithm_t @var{algo}, unsigned int @var{bits}, unsigned int @var{flags}) +@var{pkey}: An initialized private key + +@var{algo}: is one of the algorithms in @code{gnutls_pk_algorithm_t} . + +@var{bits}: the size of the parameters to generate + +@var{flags}: Must be zero or flags from @code{gnutls_privkey_flags_t} . + +This function will generate a random private key. Note that this +function must be called on an initialized private key. + +The flag @code{GNUTLS_PRIVKEY_FLAG_PROVABLE} +instructs the key generation process to use algorithms like Shawe-Taylor +(from FIPS PUB186-4) which generate provable parameters out of a seed +for RSA and DSA keys. See @code{gnutls_privkey_generate2()} for more +information. + +Note that when generating an elliptic curve key, the curve +can be substituted in the place of the bits parameter using the +@code{GNUTLS_CURVE_TO_BITS()} macro. The input to the macro is any curve from +@code{gnutls_ecc_curve_t} . + +For DSA keys, if the subgroup size needs to be specified check +the @code{GNUTLS_SUBGROUP_TO_BITS()} macro. + +It is recommended to do not set the number of @code{bits} directly, use @code{gnutls_sec_param_to_pk_bits()} instead . + +See also @code{gnutls_privkey_generate2()} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.3.0 +@end deftypefun diff --git a/doc/functions/gnutls_privkey_generate.short b/doc/functions/gnutls_privkey_generate.short new file mode 100644 index 0000000..20520c9 --- /dev/null +++ b/doc/functions/gnutls_privkey_generate.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_privkey_generate} (gnutls_privkey_t @var{pkey}, gnutls_pk_algorithm_t @var{algo}, unsigned int @var{bits}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_privkey_generate2 b/doc/functions/gnutls_privkey_generate2 new file mode 100644 index 0000000..93c1ee9 --- /dev/null +++ b/doc/functions/gnutls_privkey_generate2 @@ -0,0 +1,48 @@ + + + + +@deftypefun {int} {gnutls_privkey_generate2} (gnutls_privkey_t @var{pkey}, gnutls_pk_algorithm_t @var{algo}, unsigned int @var{bits}, unsigned int @var{flags}, const gnutls_keygen_data_st * @var{data}, unsigned @var{data_size}) +@var{pkey}: The private key + +@var{algo}: is one of the algorithms in @code{gnutls_pk_algorithm_t} . + +@var{bits}: the size of the modulus + +@var{flags}: Must be zero or flags from @code{gnutls_privkey_flags_t} . + +@var{data}: Allow specifying @code{gnutls_keygen_data_st} types such as the seed to be used. + +@var{data_size}: The number of @code{data} available. + +This function will generate a random private key. Note that this +function must be called on an initialized private key. + +The flag @code{GNUTLS_PRIVKEY_FLAG_PROVABLE} +instructs the key generation process to use algorithms like Shawe-Taylor +(from FIPS PUB186-4) which generate provable parameters out of a seed +for RSA and DSA keys. On DSA keys the PQG parameters are generated using the +seed, while on RSA the two primes. To specify an explicit seed +(by default a random seed is used), use the @code{data} with a @code{GNUTLS_KEYGEN_SEED} +type. + +Note that when generating an elliptic curve key, the curve +can be substituted in the place of the bits parameter using the +@code{GNUTLS_CURVE_TO_BITS()} macro. + +To export the generated keys in memory or in files it is recommended to use the +PKCS@code{8} form as it can handle all key types, and can store additional parameters +such as the seed, in case of provable RSA or DSA keys. +Generated keys can be exported in memory using @code{gnutls_privkey_export_x509()} , +and then with @code{gnutls_x509_privkey_export2_pkcs8()} . + +If key generation is part of your application, avoid setting the number +of bits directly, and instead use @code{gnutls_sec_param_to_pk_bits()} . +That way the generated keys will adapt to the security levels +of the underlying GnuTLS library. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.5.0 +@end deftypefun diff --git a/doc/functions/gnutls_privkey_generate2.short b/doc/functions/gnutls_privkey_generate2.short new file mode 100644 index 0000000..7689e95 --- /dev/null +++ b/doc/functions/gnutls_privkey_generate2.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_privkey_generate2} (gnutls_privkey_t @var{pkey}, gnutls_pk_algorithm_t @var{algo}, unsigned int @var{bits}, unsigned int @var{flags}, const gnutls_keygen_data_st * @var{data}, unsigned @var{data_size}) diff --git a/doc/functions/gnutls_privkey_get_pk_algorithm b/doc/functions/gnutls_privkey_get_pk_algorithm new file mode 100644 index 0000000..e1fd579 --- /dev/null +++ b/doc/functions/gnutls_privkey_get_pk_algorithm @@ -0,0 +1,18 @@ + + + + +@deftypefun {int} {gnutls_privkey_get_pk_algorithm} (gnutls_privkey_t @var{key}, unsigned int * @var{bits}) +@var{key}: should contain a @code{gnutls_privkey_t} type + +@var{bits}: If set will return the number of bits of the parameters (may be NULL) + +This function will return the public key algorithm of a private +key and if possible will return a number of bits that indicates +the security parameter of the key. + +@strong{Returns:} a member of the @code{gnutls_pk_algorithm_t} enumeration on +success, or a negative error code on error. + +@strong{Since:} 2.12.0 +@end deftypefun diff --git a/doc/functions/gnutls_privkey_get_pk_algorithm.short b/doc/functions/gnutls_privkey_get_pk_algorithm.short new file mode 100644 index 0000000..cf3f988 --- /dev/null +++ b/doc/functions/gnutls_privkey_get_pk_algorithm.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_privkey_get_pk_algorithm} (gnutls_privkey_t @var{key}, unsigned int * @var{bits}) diff --git a/doc/functions/gnutls_privkey_get_seed b/doc/functions/gnutls_privkey_get_seed new file mode 100644 index 0000000..1c48948 --- /dev/null +++ b/doc/functions/gnutls_privkey_get_seed @@ -0,0 +1,22 @@ + + + + +@deftypefun {int} {gnutls_privkey_get_seed} (gnutls_privkey_t @var{key}, gnutls_digest_algorithm_t * @var{digest}, void * @var{seed}, size_t * @var{seed_size}) +@var{key}: should contain a @code{gnutls_privkey_t} type + +@var{digest}: if non-NULL it will contain the digest algorithm used for key generation (if applicable) + +@var{seed}: where seed will be copied to + +@var{seed_size}: originally holds the size of @code{seed} , will be updated with actual size + +This function will return the seed that was used to generate the +given private key. That function will succeed only if the key was generated +as a provable key. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.5.0 +@end deftypefun diff --git a/doc/functions/gnutls_privkey_get_seed.short b/doc/functions/gnutls_privkey_get_seed.short new file mode 100644 index 0000000..151119e --- /dev/null +++ b/doc/functions/gnutls_privkey_get_seed.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_privkey_get_seed} (gnutls_privkey_t @var{key}, gnutls_digest_algorithm_t * @var{digest}, void * @var{seed}, size_t * @var{seed_size}) diff --git a/doc/functions/gnutls_privkey_get_spki b/doc/functions/gnutls_privkey_get_spki new file mode 100644 index 0000000..e02817b --- /dev/null +++ b/doc/functions/gnutls_privkey_get_spki @@ -0,0 +1,19 @@ + + + + +@deftypefun {int} {gnutls_privkey_get_spki} (gnutls_privkey_t @var{privkey}, gnutls_x509_spki_t @var{spki}, unsigned int @var{flags}) +@var{privkey}: a public key of type @code{gnutls_privkey_t} + +@var{spki}: a SubjectPublicKeyInfo structure of type @code{gnutls_privkey_spki_t} + +@var{flags}: must be zero + +This function will return the public key information if available. +The provided @code{spki} must be initialized. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.6.0 +@end deftypefun diff --git a/doc/functions/gnutls_privkey_get_spki.short b/doc/functions/gnutls_privkey_get_spki.short new file mode 100644 index 0000000..aff3418 --- /dev/null +++ b/doc/functions/gnutls_privkey_get_spki.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_privkey_get_spki} (gnutls_privkey_t @var{privkey}, gnutls_x509_spki_t @var{spki}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_privkey_get_type b/doc/functions/gnutls_privkey_get_type new file mode 100644 index 0000000..97738ef --- /dev/null +++ b/doc/functions/gnutls_privkey_get_type @@ -0,0 +1,15 @@ + + + + +@deftypefun {gnutls_privkey_type_t} {gnutls_privkey_get_type} (gnutls_privkey_t @var{key}) +@var{key}: should contain a @code{gnutls_privkey_t} type + +This function will return the type of the private key. This is +actually the type of the subsystem used to set this private key. + +@strong{Returns:} a member of the @code{gnutls_privkey_type_t} enumeration on +success, or a negative error code on error. + +@strong{Since:} 2.12.0 +@end deftypefun diff --git a/doc/functions/gnutls_privkey_get_type.short b/doc/functions/gnutls_privkey_get_type.short new file mode 100644 index 0000000..9821312 --- /dev/null +++ b/doc/functions/gnutls_privkey_get_type.short @@ -0,0 +1 @@ +@item @var{gnutls_privkey_type_t} @ref{gnutls_privkey_get_type} (gnutls_privkey_t @var{key}) diff --git a/doc/functions/gnutls_privkey_import_dsa_raw b/doc/functions/gnutls_privkey_import_dsa_raw new file mode 100644 index 0000000..a137eeb --- /dev/null +++ b/doc/functions/gnutls_privkey_import_dsa_raw @@ -0,0 +1,24 @@ + + + + +@deftypefun {int} {gnutls_privkey_import_dsa_raw} (gnutls_privkey_t @var{key}, const gnutls_datum_t * @var{p}, const gnutls_datum_t * @var{q}, const gnutls_datum_t * @var{g}, const gnutls_datum_t * @var{y}, const gnutls_datum_t * @var{x}) +@var{key}: The structure to store the parsed key + +@var{p}: holds the p + +@var{q}: holds the q + +@var{g}: holds the g + +@var{y}: holds the y + +@var{x}: holds the x + +This function will convert the given DSA raw parameters to the +native @code{gnutls_privkey_t} format. The output will be stored +in @code{key} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_privkey_import_dsa_raw.short b/doc/functions/gnutls_privkey_import_dsa_raw.short new file mode 100644 index 0000000..d14f63a --- /dev/null +++ b/doc/functions/gnutls_privkey_import_dsa_raw.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_privkey_import_dsa_raw} (gnutls_privkey_t @var{key}, const gnutls_datum_t * @var{p}, const gnutls_datum_t * @var{q}, const gnutls_datum_t * @var{g}, const gnutls_datum_t * @var{y}, const gnutls_datum_t * @var{x}) diff --git a/doc/functions/gnutls_privkey_import_ecc_raw b/doc/functions/gnutls_privkey_import_ecc_raw new file mode 100644 index 0000000..547d784 --- /dev/null +++ b/doc/functions/gnutls_privkey_import_ecc_raw @@ -0,0 +1,27 @@ + + + + +@deftypefun {int} {gnutls_privkey_import_ecc_raw} (gnutls_privkey_t @var{key}, gnutls_ecc_curve_t @var{curve}, const gnutls_datum_t * @var{x}, const gnutls_datum_t * @var{y}, const gnutls_datum_t * @var{k}) +@var{key}: The key + +@var{curve}: holds the curve + +@var{x}: holds the x-coordinate + +@var{y}: holds the y-coordinate + +@var{k}: holds the k (private key) + +This function will convert the given elliptic curve parameters to the +native @code{gnutls_privkey_t} format. The output will be stored +in @code{key} . + +In EdDSA curves the @code{y} parameter should be @code{NULL} and the @code{x} and @code{k} parameters +must be in the native format for the curve. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.0 +@end deftypefun diff --git a/doc/functions/gnutls_privkey_import_ecc_raw.short b/doc/functions/gnutls_privkey_import_ecc_raw.short new file mode 100644 index 0000000..30aabbc --- /dev/null +++ b/doc/functions/gnutls_privkey_import_ecc_raw.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_privkey_import_ecc_raw} (gnutls_privkey_t @var{key}, gnutls_ecc_curve_t @var{curve}, const gnutls_datum_t * @var{x}, const gnutls_datum_t * @var{y}, const gnutls_datum_t * @var{k}) diff --git a/doc/functions/gnutls_privkey_import_ext b/doc/functions/gnutls_privkey_import_ext new file mode 100644 index 0000000..ef50f8d --- /dev/null +++ b/doc/functions/gnutls_privkey_import_ext @@ -0,0 +1,33 @@ + + + + +@deftypefun {int} {gnutls_privkey_import_ext} (gnutls_privkey_t @var{pkey}, gnutls_pk_algorithm_t @var{pk}, void * @var{userdata}, gnutls_privkey_sign_func @var{sign_func}, gnutls_privkey_decrypt_func @var{decrypt_func}, unsigned int @var{flags}) +@var{pkey}: The private key + +@var{pk}: The public key algorithm + +@var{userdata}: private data to be provided to the callbacks + +@var{sign_func}: callback for signature operations + +@var{decrypt_func}: callback for decryption operations + +@var{flags}: Flags for the import + +This function will associate the given callbacks with the +@code{gnutls_privkey_t} type. At least one of the two callbacks +must be non-null. + +Note that the signing function is supposed to "raw" sign data, i.e., +without any hashing or preprocessing. In case of RSA the DigestInfo +will be provided, and the signing function is expected to do the PKCS @code{1} +1.5 padding and the exponentiation. + +See also @code{gnutls_privkey_import_ext3()} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.0 +@end deftypefun diff --git a/doc/functions/gnutls_privkey_import_ext.short b/doc/functions/gnutls_privkey_import_ext.short new file mode 100644 index 0000000..1446b57 --- /dev/null +++ b/doc/functions/gnutls_privkey_import_ext.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_privkey_import_ext} (gnutls_privkey_t @var{pkey}, gnutls_pk_algorithm_t @var{pk}, void * @var{userdata}, gnutls_privkey_sign_func @var{sign_func}, gnutls_privkey_decrypt_func @var{decrypt_func}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_privkey_import_ext2 b/doc/functions/gnutls_privkey_import_ext2 new file mode 100644 index 0000000..6796e35 --- /dev/null +++ b/doc/functions/gnutls_privkey_import_ext2 @@ -0,0 +1,36 @@ + + + + +@deftypefun {int} {gnutls_privkey_import_ext2} (gnutls_privkey_t @var{pkey}, gnutls_pk_algorithm_t @var{pk}, void * @var{userdata}, gnutls_privkey_sign_func @var{sign_fn}, gnutls_privkey_decrypt_func @var{decrypt_fn}, gnutls_privkey_deinit_func @var{deinit_fn}, unsigned int @var{flags}) +@var{pkey}: The private key + +@var{pk}: The public key algorithm + +@var{userdata}: private data to be provided to the callbacks + +@var{sign_fn}: callback for signature operations + +@var{decrypt_fn}: callback for decryption operations + +@var{deinit_fn}: a deinitialization function + +@var{flags}: Flags for the import + +This function will associate the given callbacks with the +@code{gnutls_privkey_t} type. At least one of the two callbacks +must be non-null. If a deinitialization function is provided +then flags is assumed to contain @code{GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE} . + +Note that the signing function is supposed to "raw" sign data, i.e., +without any hashing or preprocessing. In case of RSA the DigestInfo +will be provided, and the signing function is expected to do the PKCS @code{1} +1.5 padding and the exponentiation. + +See also @code{gnutls_privkey_import_ext3()} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.1 +@end deftypefun diff --git a/doc/functions/gnutls_privkey_import_ext2.short b/doc/functions/gnutls_privkey_import_ext2.short new file mode 100644 index 0000000..aeadacc --- /dev/null +++ b/doc/functions/gnutls_privkey_import_ext2.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_privkey_import_ext2} (gnutls_privkey_t @var{pkey}, gnutls_pk_algorithm_t @var{pk}, void * @var{userdata}, gnutls_privkey_sign_func @var{sign_fn}, gnutls_privkey_decrypt_func @var{decrypt_fn}, gnutls_privkey_deinit_func @var{deinit_fn}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_privkey_import_ext3 b/doc/functions/gnutls_privkey_import_ext3 new file mode 100644 index 0000000..e2a9e34 --- /dev/null +++ b/doc/functions/gnutls_privkey_import_ext3 @@ -0,0 +1,38 @@ + + + + +@deftypefun {int} {gnutls_privkey_import_ext3} (gnutls_privkey_t @var{pkey}, void * @var{userdata}, gnutls_privkey_sign_func @var{sign_fn}, gnutls_privkey_decrypt_func @var{decrypt_fn}, gnutls_privkey_deinit_func @var{deinit_fn}, gnutls_privkey_info_func @var{info_fn}, unsigned int @var{flags}) +@var{pkey}: The private key + +@var{userdata}: private data to be provided to the callbacks + +@var{sign_fn}: callback for signature operations + +@var{decrypt_fn}: callback for decryption operations + +@var{deinit_fn}: a deinitialization function + +@var{info_fn}: returns info about the public key algorithm (should not be @code{NULL} ) + +@var{flags}: Flags for the import + +This function will associate the given callbacks with the +@code{gnutls_privkey_t} type. At least one of the two callbacks +must be non-null. If a deinitialization function is provided +then flags is assumed to contain @code{GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE} . + +Note that the signing function is supposed to "raw" sign data, i.e., +without any hashing or preprocessing. In case of RSA the DigestInfo +will be provided, and the signing function is expected to do the PKCS @code{1} +1.5 padding and the exponentiation. + +The @code{info_fn} must provide information on the algorithms supported by +this private key, and should support the flags @code{GNUTLS_PRIVKEY_INFO_PK_ALGO} and +@code{GNUTLS_PRIVKEY_INFO_SIGN_ALGO} . It must return -1 on unknown flags. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.4.0 +@end deftypefun diff --git a/doc/functions/gnutls_privkey_import_ext3.short b/doc/functions/gnutls_privkey_import_ext3.short new file mode 100644 index 0000000..2579b96 --- /dev/null +++ b/doc/functions/gnutls_privkey_import_ext3.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_privkey_import_ext3} (gnutls_privkey_t @var{pkey}, void * @var{userdata}, gnutls_privkey_sign_func @var{sign_fn}, gnutls_privkey_decrypt_func @var{decrypt_fn}, gnutls_privkey_deinit_func @var{deinit_fn}, gnutls_privkey_info_func @var{info_fn}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_privkey_import_ext4 b/doc/functions/gnutls_privkey_import_ext4 new file mode 100644 index 0000000..450738e --- /dev/null +++ b/doc/functions/gnutls_privkey_import_ext4 @@ -0,0 +1,56 @@ + + + + +@deftypefun {int} {gnutls_privkey_import_ext4} (gnutls_privkey_t @var{pkey}, void * @var{userdata}, gnutls_privkey_sign_data_func @var{sign_data_fn}, gnutls_privkey_sign_hash_func @var{sign_hash_fn}, gnutls_privkey_decrypt_func @var{decrypt_fn}, gnutls_privkey_deinit_func @var{deinit_fn}, gnutls_privkey_info_func @var{info_fn}, unsigned int @var{flags}) +@var{pkey}: The private key + +@var{userdata}: private data to be provided to the callbacks + +@var{sign_data_fn}: callback for signature operations (may be @code{NULL} ) + +@var{sign_hash_fn}: callback for signature operations (may be @code{NULL} ) + +@var{decrypt_fn}: callback for decryption operations (may be @code{NULL} ) + +@var{deinit_fn}: a deinitialization function + +@var{info_fn}: returns info about the public key algorithm (should not be @code{NULL} ) + +@var{flags}: Flags for the import + +This function will associate the given callbacks with the +@code{gnutls_privkey_t} type. At least one of the callbacks +must be non-null. If a deinitialization function is provided +then flags is assumed to contain @code{GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE} . + +Note that in contrast with the signing function of +@code{gnutls_privkey_import_ext3()} , the signing functions provided to this +function take explicitly the signature algorithm as parameter and +different functions are provided to sign the data and hashes. + +The @code{sign_hash_fn} is to be called to sign pre-hashed data. The input +to the callback is the output of the hash (such as SHA256) corresponding +to the signature algorithm. For RSA PKCS@code{1} signatures, the signature +algorithm can be set to @code{GNUTLS_SIGN_RSA_RAW} , and in that case the data +should be handled as if they were an RSA PKCS@code{1} DigestInfo structure. + +The @code{sign_data_fn} is to be called to sign data. The input data will be +he data to be signed (and hashed), with the provided signature +algorithm. This function is to be used for signature algorithms like +Ed25519 which cannot take pre-hashed data as input. + +When both @code{sign_data_fn} and @code{sign_hash_fn} functions are provided they +must be able to operate on all the supported signature algorithms, +unless prohibited by the type of the algorithm (e.g., as with Ed25519). + +The @code{info_fn} must provide information on the signature algorithms supported by +this private key, and should support the flags @code{GNUTLS_PRIVKEY_INFO_PK_ALGO} , +@code{GNUTLS_PRIVKEY_INFO_HAVE_SIGN_ALGO} and @code{GNUTLS_PRIVKEY_INFO_PK_ALGO_BITS} . +It must return -1 on unknown flags. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.6.0 +@end deftypefun diff --git a/doc/functions/gnutls_privkey_import_ext4.short b/doc/functions/gnutls_privkey_import_ext4.short new file mode 100644 index 0000000..7346edb --- /dev/null +++ b/doc/functions/gnutls_privkey_import_ext4.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_privkey_import_ext4} (gnutls_privkey_t @var{pkey}, void * @var{userdata}, gnutls_privkey_sign_data_func @var{sign_data_fn}, gnutls_privkey_sign_hash_func @var{sign_hash_fn}, gnutls_privkey_decrypt_func @var{decrypt_fn}, gnutls_privkey_deinit_func @var{deinit_fn}, gnutls_privkey_info_func @var{info_fn}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_privkey_import_gost_raw b/doc/functions/gnutls_privkey_import_gost_raw new file mode 100644 index 0000000..e650f85 --- /dev/null +++ b/doc/functions/gnutls_privkey_import_gost_raw @@ -0,0 +1,34 @@ + + + + +@deftypefun {int} {gnutls_privkey_import_gost_raw} (gnutls_privkey_t @var{key}, gnutls_ecc_curve_t @var{curve}, gnutls_digest_algorithm_t @var{digest}, gnutls_gost_paramset_t @var{paramset}, const gnutls_datum_t * @var{x}, const gnutls_datum_t * @var{y}, const gnutls_datum_t * @var{k}) +@var{key}: The key + +@var{curve}: holds the curve + +@var{digest}: holds the digest + +@var{paramset}: holds the GOST parameter set ID + +@var{x}: holds the x-coordinate + +@var{y}: holds the y-coordinate + +@var{k}: holds the k (private key) + +This function will convert the given GOST private key's parameters to the +native @code{gnutls_privkey_t} format. The output will be stored +in @code{key} . @code{digest} should be one of GNUTLS_DIG_GOSR_94, +GNUTLS_DIG_STREEBOG_256 or GNUTLS_DIG_STREEBOG_512. If @code{paramset} is set to +GNUTLS_GOST_PARAMSET_UNKNOWN default one will be selected depending on + @code{digest} . + +@strong{Note:} parameters should be stored with least significant byte first. On +version 3.6.3 big-endian format was used incorrectly. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.6.3 +@end deftypefun diff --git a/doc/functions/gnutls_privkey_import_gost_raw.short b/doc/functions/gnutls_privkey_import_gost_raw.short new file mode 100644 index 0000000..6aa905a --- /dev/null +++ b/doc/functions/gnutls_privkey_import_gost_raw.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_privkey_import_gost_raw} (gnutls_privkey_t @var{key}, gnutls_ecc_curve_t @var{curve}, gnutls_digest_algorithm_t @var{digest}, gnutls_gost_paramset_t @var{paramset}, const gnutls_datum_t * @var{x}, const gnutls_datum_t * @var{y}, const gnutls_datum_t * @var{k}) diff --git a/doc/functions/gnutls_privkey_import_openpgp b/doc/functions/gnutls_privkey_import_openpgp new file mode 100644 index 0000000..f5c657b --- /dev/null +++ b/doc/functions/gnutls_privkey_import_openpgp @@ -0,0 +1,17 @@ + + + + +@deftypefun {int} {gnutls_privkey_import_openpgp} (gnutls_privkey_t @var{pkey}, gnutls_openpgp_privkey_t @var{key}, unsigned int @var{flags}) +@var{pkey}: The private key + +@var{key}: The private key to be imported + +@var{flags}: Flags for the import + +This function is no-op. + +@strong{Returns:} @code{GNUTLS_E_UNIMPLEMENTED_FEATURE} . + +@strong{Since:} 2.12.0 +@end deftypefun diff --git a/doc/functions/gnutls_privkey_import_openpgp.short b/doc/functions/gnutls_privkey_import_openpgp.short new file mode 100644 index 0000000..63b1b17 --- /dev/null +++ b/doc/functions/gnutls_privkey_import_openpgp.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_privkey_import_openpgp} (gnutls_privkey_t @var{pkey}, gnutls_openpgp_privkey_t @var{key}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_privkey_import_openpgp_raw b/doc/functions/gnutls_privkey_import_openpgp_raw new file mode 100644 index 0000000..43bc392 --- /dev/null +++ b/doc/functions/gnutls_privkey_import_openpgp_raw @@ -0,0 +1,21 @@ + + + + +@deftypefun {int} {gnutls_privkey_import_openpgp_raw} (gnutls_privkey_t @var{pkey}, const gnutls_datum_t * @var{data}, gnutls_openpgp_crt_fmt_t @var{format}, const gnutls_openpgp_keyid_t @var{keyid}, const char * @var{password}) +@var{pkey}: The private key + +@var{data}: The private key data to be imported + +@var{format}: The format of the private key + +@var{keyid}: The key id to use (optional) + +@var{password}: A password (optional) + +This function is no-op. + +@strong{Returns:} @code{GNUTLS_E_UNIMPLEMENTED_FEATURE} . + +@strong{Since:} 3.1.0 +@end deftypefun diff --git a/doc/functions/gnutls_privkey_import_openpgp_raw.short b/doc/functions/gnutls_privkey_import_openpgp_raw.short new file mode 100644 index 0000000..c1a15d4 --- /dev/null +++ b/doc/functions/gnutls_privkey_import_openpgp_raw.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_privkey_import_openpgp_raw} (gnutls_privkey_t @var{pkey}, const gnutls_datum_t * @var{data}, gnutls_openpgp_crt_fmt_t @var{format}, const gnutls_openpgp_keyid_t @var{keyid}, const char * @var{password}) diff --git a/doc/functions/gnutls_privkey_import_pkcs11 b/doc/functions/gnutls_privkey_import_pkcs11 new file mode 100644 index 0000000..5982246 --- /dev/null +++ b/doc/functions/gnutls_privkey_import_pkcs11 @@ -0,0 +1,25 @@ + + + + +@deftypefun {int} {gnutls_privkey_import_pkcs11} (gnutls_privkey_t @var{pkey}, gnutls_pkcs11_privkey_t @var{key}, unsigned int @var{flags}) +@var{pkey}: The private key + +@var{key}: The private key to be imported + +@var{flags}: Flags for the import + +This function will import the given private key to the abstract +@code{gnutls_privkey_t} type. + +The @code{gnutls_pkcs11_privkey_t} object must not be deallocated +during the lifetime of this structure. + + @code{flags} might be zero or one of @code{GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE} +and @code{GNUTLS_PRIVKEY_IMPORT_COPY} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 2.12.0 +@end deftypefun diff --git a/doc/functions/gnutls_privkey_import_pkcs11.short b/doc/functions/gnutls_privkey_import_pkcs11.short new file mode 100644 index 0000000..321f648 --- /dev/null +++ b/doc/functions/gnutls_privkey_import_pkcs11.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_privkey_import_pkcs11} (gnutls_privkey_t @var{pkey}, gnutls_pkcs11_privkey_t @var{key}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_privkey_import_pkcs11_url b/doc/functions/gnutls_privkey_import_pkcs11_url new file mode 100644 index 0000000..d53a9fd --- /dev/null +++ b/doc/functions/gnutls_privkey_import_pkcs11_url @@ -0,0 +1,17 @@ + + + + +@deftypefun {int} {gnutls_privkey_import_pkcs11_url} (gnutls_privkey_t @var{key}, const char * @var{url}) +@var{key}: A key of type @code{gnutls_pubkey_t} + +@var{url}: A PKCS 11 url + +This function will import a PKCS 11 private key to a @code{gnutls_private_key_t} +type. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.1.0 +@end deftypefun diff --git a/doc/functions/gnutls_privkey_import_pkcs11_url.short b/doc/functions/gnutls_privkey_import_pkcs11_url.short new file mode 100644 index 0000000..a7f0ce2 --- /dev/null +++ b/doc/functions/gnutls_privkey_import_pkcs11_url.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_privkey_import_pkcs11_url} (gnutls_privkey_t @var{key}, const char * @var{url}) diff --git a/doc/functions/gnutls_privkey_import_rsa_raw b/doc/functions/gnutls_privkey_import_rsa_raw new file mode 100644 index 0000000..0b9369b --- /dev/null +++ b/doc/functions/gnutls_privkey_import_rsa_raw @@ -0,0 +1,30 @@ + + + + +@deftypefun {int} {gnutls_privkey_import_rsa_raw} (gnutls_privkey_t @var{key}, const gnutls_datum_t * @var{m}, const gnutls_datum_t * @var{e}, const gnutls_datum_t * @var{d}, const gnutls_datum_t * @var{p}, const gnutls_datum_t * @var{q}, const gnutls_datum_t * @var{u}, const gnutls_datum_t * @var{e1}, const gnutls_datum_t * @var{e2}) +@var{key}: The structure to store the parsed key + +@var{m}: holds the modulus + +@var{e}: holds the public exponent + +@var{d}: holds the private exponent + +@var{p}: holds the first prime (p) + +@var{q}: holds the second prime (q) + +@var{u}: holds the coefficient (optional) + +@var{e1}: holds e1 = d mod (p-1) (optional) + +@var{e2}: holds e2 = d mod (q-1) (optional) + +This function will convert the given RSA raw parameters to the +native @code{gnutls_privkey_t} format. The output will be stored in + @code{key} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_privkey_import_rsa_raw.short b/doc/functions/gnutls_privkey_import_rsa_raw.short new file mode 100644 index 0000000..67ef7b9 --- /dev/null +++ b/doc/functions/gnutls_privkey_import_rsa_raw.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_privkey_import_rsa_raw} (gnutls_privkey_t @var{key}, const gnutls_datum_t * @var{m}, const gnutls_datum_t * @var{e}, const gnutls_datum_t * @var{d}, const gnutls_datum_t * @var{p}, const gnutls_datum_t * @var{q}, const gnutls_datum_t * @var{u}, const gnutls_datum_t * @var{e1}, const gnutls_datum_t * @var{e2}) diff --git a/doc/functions/gnutls_privkey_import_tpm_raw b/doc/functions/gnutls_privkey_import_tpm_raw new file mode 100644 index 0000000..f415e7a --- /dev/null +++ b/doc/functions/gnutls_privkey_import_tpm_raw @@ -0,0 +1,27 @@ + + + + +@deftypefun {int} {gnutls_privkey_import_tpm_raw} (gnutls_privkey_t @var{pkey}, const gnutls_datum_t * @var{fdata}, gnutls_tpmkey_fmt_t @var{format}, const char * @var{srk_password}, const char * @var{key_password}, unsigned int @var{flags}) +@var{pkey}: The private key + +@var{fdata}: The TPM key to be imported + +@var{format}: The format of the private key + +@var{srk_password}: The password for the SRK key (optional) + +@var{key_password}: A password for the key (optional) + +@var{flags}: should be zero + +This function will import the given private key to the abstract +@code{gnutls_privkey_t} type. + +With respect to passwords the same as in @code{gnutls_privkey_import_tpm_url()} apply. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.1.0 +@end deftypefun diff --git a/doc/functions/gnutls_privkey_import_tpm_raw.short b/doc/functions/gnutls_privkey_import_tpm_raw.short new file mode 100644 index 0000000..99988e5 --- /dev/null +++ b/doc/functions/gnutls_privkey_import_tpm_raw.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_privkey_import_tpm_raw} (gnutls_privkey_t @var{pkey}, const gnutls_datum_t * @var{fdata}, gnutls_tpmkey_fmt_t @var{format}, const char * @var{srk_password}, const char * @var{key_password}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_privkey_import_tpm_url b/doc/functions/gnutls_privkey_import_tpm_url new file mode 100644 index 0000000..d60db49 --- /dev/null +++ b/doc/functions/gnutls_privkey_import_tpm_url @@ -0,0 +1,31 @@ + + + + +@deftypefun {int} {gnutls_privkey_import_tpm_url} (gnutls_privkey_t @var{pkey}, const char * @var{url}, const char * @var{srk_password}, const char * @var{key_password}, unsigned int @var{flags}) +@var{pkey}: The private key + +@var{url}: The URL of the TPM key to be imported + +@var{srk_password}: The password for the SRK key (optional) + +@var{key_password}: A password for the key (optional) + +@var{flags}: One of the GNUTLS_PRIVKEY_* flags + +This function will import the given private key to the abstract +@code{gnutls_privkey_t} type. + +Note that unless @code{GNUTLS_PRIVKEY_DISABLE_CALLBACKS} +is specified, if incorrect (or NULL) passwords are given +the PKCS11 callback functions will be used to obtain the +correct passwords. Otherwise if the SRK password is wrong +@code{GNUTLS_E_TPM_SRK_PASSWORD_ERROR} is returned and if the key password +is wrong or not provided then @code{GNUTLS_E_TPM_KEY_PASSWORD_ERROR} +is returned. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.1.0 +@end deftypefun diff --git a/doc/functions/gnutls_privkey_import_tpm_url.short b/doc/functions/gnutls_privkey_import_tpm_url.short new file mode 100644 index 0000000..089da70 --- /dev/null +++ b/doc/functions/gnutls_privkey_import_tpm_url.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_privkey_import_tpm_url} (gnutls_privkey_t @var{pkey}, const char * @var{url}, const char * @var{srk_password}, const char * @var{key_password}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_privkey_import_url b/doc/functions/gnutls_privkey_import_url new file mode 100644 index 0000000..265a3ea --- /dev/null +++ b/doc/functions/gnutls_privkey_import_url @@ -0,0 +1,20 @@ + + + + +@deftypefun {int} {gnutls_privkey_import_url} (gnutls_privkey_t @var{key}, const char * @var{url}, unsigned int @var{flags}) +@var{key}: A key of type @code{gnutls_privkey_t} + +@var{url}: A PKCS 11 url + +@var{flags}: should be zero + +This function will import a PKCS11 or TPM URL as a +private key. The supported URL types can be checked +using @code{gnutls_url_is_supported()} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.1.0 +@end deftypefun diff --git a/doc/functions/gnutls_privkey_import_url.short b/doc/functions/gnutls_privkey_import_url.short new file mode 100644 index 0000000..025437e --- /dev/null +++ b/doc/functions/gnutls_privkey_import_url.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_privkey_import_url} (gnutls_privkey_t @var{key}, const char * @var{url}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_privkey_import_x509 b/doc/functions/gnutls_privkey_import_x509 new file mode 100644 index 0000000..402334d --- /dev/null +++ b/doc/functions/gnutls_privkey_import_x509 @@ -0,0 +1,25 @@ + + + + +@deftypefun {int} {gnutls_privkey_import_x509} (gnutls_privkey_t @var{pkey}, gnutls_x509_privkey_t @var{key}, unsigned int @var{flags}) +@var{pkey}: The private key + +@var{key}: The private key to be imported + +@var{flags}: Flags for the import + +This function will import the given private key to the abstract +@code{gnutls_privkey_t} type. + +The @code{gnutls_x509_privkey_t} object must not be deallocated +during the lifetime of this structure. + + @code{flags} might be zero or one of @code{GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE} +and @code{GNUTLS_PRIVKEY_IMPORT_COPY} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 2.12.0 +@end deftypefun diff --git a/doc/functions/gnutls_privkey_import_x509.short b/doc/functions/gnutls_privkey_import_x509.short new file mode 100644 index 0000000..2958318 --- /dev/null +++ b/doc/functions/gnutls_privkey_import_x509.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_privkey_import_x509} (gnutls_privkey_t @var{pkey}, gnutls_x509_privkey_t @var{key}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_privkey_import_x509_raw b/doc/functions/gnutls_privkey_import_x509_raw new file mode 100644 index 0000000..7919985 --- /dev/null +++ b/doc/functions/gnutls_privkey_import_x509_raw @@ -0,0 +1,26 @@ + + + + +@deftypefun {int} {gnutls_privkey_import_x509_raw} (gnutls_privkey_t @var{pkey}, const gnutls_datum_t * @var{data}, gnutls_x509_crt_fmt_t @var{format}, const char * @var{password}, unsigned int @var{flags}) +@var{pkey}: The private key + +@var{data}: The private key data to be imported + +@var{format}: The format of the private key + +@var{password}: A password (optional) + +@var{flags}: an ORed sequence of gnutls_pkcs_encrypt_flags_t + +This function will import the given private key to the abstract +@code{gnutls_privkey_t} type. + +The supported formats are basic unencrypted key, PKCS8, PKCS12, +and the openssl format. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.1.0 +@end deftypefun diff --git a/doc/functions/gnutls_privkey_import_x509_raw.short b/doc/functions/gnutls_privkey_import_x509_raw.short new file mode 100644 index 0000000..befba19 --- /dev/null +++ b/doc/functions/gnutls_privkey_import_x509_raw.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_privkey_import_x509_raw} (gnutls_privkey_t @var{pkey}, const gnutls_datum_t * @var{data}, gnutls_x509_crt_fmt_t @var{format}, const char * @var{password}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_privkey_init b/doc/functions/gnutls_privkey_init new file mode 100644 index 0000000..57489bb --- /dev/null +++ b/doc/functions/gnutls_privkey_init @@ -0,0 +1,23 @@ + + + + +@deftypefun {int} {gnutls_privkey_init} (gnutls_privkey_t * @var{key}) +@var{key}: A pointer to the type to be initialized + +This function will initialize a private key object. The object can +be used to generate, import, and perform cryptographic operations +on the associated private key. + +Note that when the underlying private key is a PKCS@code{11} key (i.e., +when imported with a PKCS@code{11} URI), the limitations of @code{gnutls_pkcs11_privkey_init()} +apply to this object as well. In versions of GnuTLS later than 3.5.11 the object +is protected using locks and a single @code{gnutls_privkey_t} can be re-used +by many threads. However, for performance it is recommended to utilize +one object per key per thread. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 2.12.0 +@end deftypefun diff --git a/doc/functions/gnutls_privkey_init.short b/doc/functions/gnutls_privkey_init.short new file mode 100644 index 0000000..8e8c05a --- /dev/null +++ b/doc/functions/gnutls_privkey_init.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_privkey_init} (gnutls_privkey_t * @var{key}) diff --git a/doc/functions/gnutls_privkey_set_flags b/doc/functions/gnutls_privkey_set_flags new file mode 100644 index 0000000..dc98715 --- /dev/null +++ b/doc/functions/gnutls_privkey_set_flags @@ -0,0 +1,15 @@ + + + + +@deftypefun {void} {gnutls_privkey_set_flags} (gnutls_privkey_t @var{key}, unsigned int @var{flags}) +@var{key}: A key of type @code{gnutls_privkey_t} + +@var{flags}: flags from the @code{gnutls_privkey_flags} + +This function will set flags for the specified private key, after +it is generated. Currently this is useful for the @code{GNUTLS_PRIVKEY_FLAG_EXPORT_COMPAT} +to allow exporting a "provable" private key in backwards compatible way. + +@strong{Since:} 3.5.0 +@end deftypefun diff --git a/doc/functions/gnutls_privkey_set_flags.short b/doc/functions/gnutls_privkey_set_flags.short new file mode 100644 index 0000000..4d63d62 --- /dev/null +++ b/doc/functions/gnutls_privkey_set_flags.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_privkey_set_flags} (gnutls_privkey_t @var{key}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_privkey_set_pin_function b/doc/functions/gnutls_privkey_set_pin_function new file mode 100644 index 0000000..7e61ac7 --- /dev/null +++ b/doc/functions/gnutls_privkey_set_pin_function @@ -0,0 +1,20 @@ + + + + +@deftypefun {void} {gnutls_privkey_set_pin_function} (gnutls_privkey_t @var{key}, gnutls_pin_callback_t @var{fn}, void * @var{userdata}) +@var{key}: A key of type @code{gnutls_privkey_t} + +@var{fn}: the callback + +@var{userdata}: data associated with the callback + +This function will set a callback function to be used when +required to access the object. This function overrides any other +global PIN functions. + +Note that this function must be called right after initialization +to have effect. + +@strong{Since:} 3.1.0 +@end deftypefun diff --git a/doc/functions/gnutls_privkey_set_pin_function.short b/doc/functions/gnutls_privkey_set_pin_function.short new file mode 100644 index 0000000..6794639 --- /dev/null +++ b/doc/functions/gnutls_privkey_set_pin_function.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_privkey_set_pin_function} (gnutls_privkey_t @var{key}, gnutls_pin_callback_t @var{fn}, void * @var{userdata}) diff --git a/doc/functions/gnutls_privkey_set_spki b/doc/functions/gnutls_privkey_set_spki new file mode 100644 index 0000000..4de9cd8 --- /dev/null +++ b/doc/functions/gnutls_privkey_set_spki @@ -0,0 +1,19 @@ + + + + +@deftypefun {int} {gnutls_privkey_set_spki} (gnutls_privkey_t @var{privkey}, const gnutls_x509_spki_t @var{spki}, unsigned int @var{flags}) +@var{privkey}: a public key of type @code{gnutls_privkey_t} + +@var{spki}: a SubjectPublicKeyInfo structure of type @code{gnutls_privkey_spki_t} + +@var{flags}: must be zero + +This function will set the public key information. +The provided @code{spki} must be initialized. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.6.0 +@end deftypefun diff --git a/doc/functions/gnutls_privkey_set_spki.short b/doc/functions/gnutls_privkey_set_spki.short new file mode 100644 index 0000000..6cd28b8 --- /dev/null +++ b/doc/functions/gnutls_privkey_set_spki.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_privkey_set_spki} (gnutls_privkey_t @var{privkey}, const gnutls_x509_spki_t @var{spki}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_privkey_sign_data b/doc/functions/gnutls_privkey_sign_data new file mode 100644 index 0000000..747e53d --- /dev/null +++ b/doc/functions/gnutls_privkey_sign_data @@ -0,0 +1,28 @@ + + + + +@deftypefun {int} {gnutls_privkey_sign_data} (gnutls_privkey_t @var{signer}, gnutls_digest_algorithm_t @var{hash}, unsigned int @var{flags}, const gnutls_datum_t * @var{data}, gnutls_datum_t * @var{signature}) +@var{signer}: Holds the key + +@var{hash}: should be a digest algorithm + +@var{flags}: Zero or one of @code{gnutls_privkey_flags_t} + +@var{data}: holds the data to be signed + +@var{signature}: will contain the signature allocated with @code{gnutls_malloc()} + +This function will sign the given data using a signature algorithm +supported by the private key. Signature algorithms are always used +together with a hash functions. Different hash functions may be +used for the RSA algorithm, but only the SHA family for the DSA keys. + +You may use @code{gnutls_pubkey_get_preferred_hash_algorithm()} to determine +the hash algorithm. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 2.12.0 +@end deftypefun diff --git a/doc/functions/gnutls_privkey_sign_data.short b/doc/functions/gnutls_privkey_sign_data.short new file mode 100644 index 0000000..2a7e850 --- /dev/null +++ b/doc/functions/gnutls_privkey_sign_data.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_privkey_sign_data} (gnutls_privkey_t @var{signer}, gnutls_digest_algorithm_t @var{hash}, unsigned int @var{flags}, const gnutls_datum_t * @var{data}, gnutls_datum_t * @var{signature}) diff --git a/doc/functions/gnutls_privkey_sign_data2 b/doc/functions/gnutls_privkey_sign_data2 new file mode 100644 index 0000000..8a1ccf8 --- /dev/null +++ b/doc/functions/gnutls_privkey_sign_data2 @@ -0,0 +1,25 @@ + + + + +@deftypefun {int} {gnutls_privkey_sign_data2} (gnutls_privkey_t @var{signer}, gnutls_sign_algorithm_t @var{algo}, unsigned int @var{flags}, const gnutls_datum_t * @var{data}, gnutls_datum_t * @var{signature}) +@var{signer}: Holds the key + +@var{algo}: The signature algorithm used + +@var{flags}: Zero or one of @code{gnutls_privkey_flags_t} + +@var{data}: holds the data to be signed + +@var{signature}: will contain the signature allocated with @code{gnutls_malloc()} + +This function will sign the given data using the specified signature +algorithm. This function is an enhancement of @code{gnutls_privkey_sign_data()} , +as it allows utilizing a alternative signature algorithm where possible +(e.g, use an RSA key with RSA-PSS). + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.6.0 +@end deftypefun diff --git a/doc/functions/gnutls_privkey_sign_data2.short b/doc/functions/gnutls_privkey_sign_data2.short new file mode 100644 index 0000000..19fdf89 --- /dev/null +++ b/doc/functions/gnutls_privkey_sign_data2.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_privkey_sign_data2} (gnutls_privkey_t @var{signer}, gnutls_sign_algorithm_t @var{algo}, unsigned int @var{flags}, const gnutls_datum_t * @var{data}, gnutls_datum_t * @var{signature}) diff --git a/doc/functions/gnutls_privkey_sign_hash b/doc/functions/gnutls_privkey_sign_hash new file mode 100644 index 0000000..cc6e85f --- /dev/null +++ b/doc/functions/gnutls_privkey_sign_hash @@ -0,0 +1,35 @@ + + + + +@deftypefun {int} {gnutls_privkey_sign_hash} (gnutls_privkey_t @var{signer}, gnutls_digest_algorithm_t @var{hash_algo}, unsigned int @var{flags}, const gnutls_datum_t * @var{hash_data}, gnutls_datum_t * @var{signature}) +@var{signer}: Holds the signer's key + +@var{hash_algo}: The hash algorithm used + +@var{flags}: Zero or one of @code{gnutls_privkey_flags_t} + +@var{hash_data}: holds the data to be signed + +@var{signature}: will contain newly allocated signature + +This function will sign the given hashed data using a signature algorithm +supported by the private key. Signature algorithms are always used +together with a hash functions. Different hash functions may be +used for the RSA algorithm, but only SHA-XXX for the DSA keys. + +You may use @code{gnutls_pubkey_get_preferred_hash_algorithm()} to determine +the hash algorithm. + +The flags may be @code{GNUTLS_PRIVKEY_SIGN_FLAG_TLS1_RSA} or @code{GNUTLS_PRIVKEY_SIGN_FLAG_RSA_PSS} . +In the former case this function will ignore @code{hash_algo} and perform a raw PKCS1 signature, +and in the latter an RSA-PSS signature will be generated. + +Note that, not all algorithm support signing already hashed data. When +signing with Ed25519, @code{gnutls_privkey_sign_data()} should be used. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 2.12.0 +@end deftypefun diff --git a/doc/functions/gnutls_privkey_sign_hash.short b/doc/functions/gnutls_privkey_sign_hash.short new file mode 100644 index 0000000..649e7fa --- /dev/null +++ b/doc/functions/gnutls_privkey_sign_hash.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_privkey_sign_hash} (gnutls_privkey_t @var{signer}, gnutls_digest_algorithm_t @var{hash_algo}, unsigned int @var{flags}, const gnutls_datum_t * @var{hash_data}, gnutls_datum_t * @var{signature}) diff --git a/doc/functions/gnutls_privkey_sign_hash2 b/doc/functions/gnutls_privkey_sign_hash2 new file mode 100644 index 0000000..7f78411 --- /dev/null +++ b/doc/functions/gnutls_privkey_sign_hash2 @@ -0,0 +1,35 @@ + + + + +@deftypefun {int} {gnutls_privkey_sign_hash2} (gnutls_privkey_t @var{signer}, gnutls_sign_algorithm_t @var{algo}, unsigned int @var{flags}, const gnutls_datum_t * @var{hash_data}, gnutls_datum_t * @var{signature}) +@var{signer}: Holds the signer's key + +@var{algo}: The signature algorithm used + +@var{flags}: Zero or one of @code{gnutls_privkey_flags_t} + +@var{hash_data}: holds the data to be signed + +@var{signature}: will contain newly allocated signature + +This function will sign the given hashed data using a signature algorithm +supported by the private key. Signature algorithms are always used +together with a hash functions. Different hash functions may be +used for the RSA algorithm, but only SHA-XXX for the DSA keys. + +You may use @code{gnutls_pubkey_get_preferred_hash_algorithm()} to determine +the hash algorithm. + +The flags may be @code{GNUTLS_PRIVKEY_SIGN_FLAG_TLS1_RSA} or @code{GNUTLS_PRIVKEY_SIGN_FLAG_RSA_PSS} . +In the former case this function will ignore @code{hash_algo} and perform a raw PKCS1 signature, +and in the latter an RSA-PSS signature will be generated. + +Note that, not all algorithm support signing already hashed data. When +signing with Ed25519, @code{gnutls_privkey_sign_data()} should be used. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.6.0 +@end deftypefun diff --git a/doc/functions/gnutls_privkey_sign_hash2.short b/doc/functions/gnutls_privkey_sign_hash2.short new file mode 100644 index 0000000..9b92e1e --- /dev/null +++ b/doc/functions/gnutls_privkey_sign_hash2.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_privkey_sign_hash2} (gnutls_privkey_t @var{signer}, gnutls_sign_algorithm_t @var{algo}, unsigned int @var{flags}, const gnutls_datum_t * @var{hash_data}, gnutls_datum_t * @var{signature}) diff --git a/doc/functions/gnutls_privkey_status b/doc/functions/gnutls_privkey_status new file mode 100644 index 0000000..0195027 --- /dev/null +++ b/doc/functions/gnutls_privkey_status @@ -0,0 +1,17 @@ + + + + +@deftypefun {int} {gnutls_privkey_status} (gnutls_privkey_t @var{key}) +@var{key}: Holds the key + +Checks the status of the private key token. This function +is an actual wrapper over @code{gnutls_pkcs11_privkey_status()} , and +if the private key is a PKCS @code{11} token it will check whether +it is inserted or not. + +@strong{Returns:} this function will return non-zero if the token +holding the private key is still available (inserted), and zero otherwise. + +@strong{Since:} 3.1.10 +@end deftypefun diff --git a/doc/functions/gnutls_privkey_status.short b/doc/functions/gnutls_privkey_status.short new file mode 100644 index 0000000..f1bc3ad --- /dev/null +++ b/doc/functions/gnutls_privkey_status.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_privkey_status} (gnutls_privkey_t @var{key}) diff --git a/doc/functions/gnutls_privkey_verify_params b/doc/functions/gnutls_privkey_verify_params new file mode 100644 index 0000000..174184a --- /dev/null +++ b/doc/functions/gnutls_privkey_verify_params @@ -0,0 +1,14 @@ + + + + +@deftypefun {int} {gnutls_privkey_verify_params} (gnutls_privkey_t @var{key}) +@var{key}: should contain a @code{gnutls_privkey_t} type + +This function will verify the private key parameters. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.3.0 +@end deftypefun diff --git a/doc/functions/gnutls_privkey_verify_params.short b/doc/functions/gnutls_privkey_verify_params.short new file mode 100644 index 0000000..6880e81 --- /dev/null +++ b/doc/functions/gnutls_privkey_verify_params.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_privkey_verify_params} (gnutls_privkey_t @var{key}) diff --git a/doc/functions/gnutls_privkey_verify_seed b/doc/functions/gnutls_privkey_verify_seed new file mode 100644 index 0000000..dfd35ed --- /dev/null +++ b/doc/functions/gnutls_privkey_verify_seed @@ -0,0 +1,21 @@ + + + + +@deftypefun {int} {gnutls_privkey_verify_seed} (gnutls_privkey_t @var{key}, gnutls_digest_algorithm_t @var{digest}, const void * @var{seed}, size_t @var{seed_size}) +@var{key}: should contain a @code{gnutls_privkey_t} type + +@var{digest}: it contains the digest algorithm used for key generation (if applicable) + +@var{seed}: the seed of the key to be checked with + +@var{seed_size}: holds the size of @code{seed} + +This function will verify that the given private key was generated from +the provided seed. + +@strong{Returns:} In case of a verification failure @code{GNUTLS_E_PRIVKEY_VERIFICATION_ERROR} +is returned, and zero or positive code on success. + +@strong{Since:} 3.5.0 +@end deftypefun diff --git a/doc/functions/gnutls_privkey_verify_seed.short b/doc/functions/gnutls_privkey_verify_seed.short new file mode 100644 index 0000000..071a99e --- /dev/null +++ b/doc/functions/gnutls_privkey_verify_seed.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_privkey_verify_seed} (gnutls_privkey_t @var{key}, gnutls_digest_algorithm_t @var{digest}, const void * @var{seed}, size_t @var{seed_size}) diff --git a/doc/functions/gnutls_protocol_get_id b/doc/functions/gnutls_protocol_get_id new file mode 100644 index 0000000..2c2f29f --- /dev/null +++ b/doc/functions/gnutls_protocol_get_id @@ -0,0 +1,12 @@ + + + + +@deftypefun {gnutls_protocol_t} {gnutls_protocol_get_id} (const char * @var{name}) +@var{name}: is a protocol name + +The names are compared in a case insensitive way. + +@strong{Returns:} an id of the specified protocol, or +@code{GNUTLS_VERSION_UNKNOWN} on error. +@end deftypefun diff --git a/doc/functions/gnutls_protocol_get_id.short b/doc/functions/gnutls_protocol_get_id.short new file mode 100644 index 0000000..7c1cdae --- /dev/null +++ b/doc/functions/gnutls_protocol_get_id.short @@ -0,0 +1 @@ +@item @var{gnutls_protocol_t} @ref{gnutls_protocol_get_id} (const char * @var{name}) diff --git a/doc/functions/gnutls_protocol_get_name b/doc/functions/gnutls_protocol_get_name new file mode 100644 index 0000000..a96a4c1 --- /dev/null +++ b/doc/functions/gnutls_protocol_get_name @@ -0,0 +1,12 @@ + + + + +@deftypefun {const char *} {gnutls_protocol_get_name} (gnutls_protocol_t @var{version}) +@var{version}: is a (gnutls) version number + +Convert a @code{gnutls_protocol_t} value to a string. + +@strong{Returns:} a string that contains the name of the specified TLS +version (e.g., "TLS1.0"), or @code{NULL} . +@end deftypefun diff --git a/doc/functions/gnutls_protocol_get_name.short b/doc/functions/gnutls_protocol_get_name.short new file mode 100644 index 0000000..34c4693 --- /dev/null +++ b/doc/functions/gnutls_protocol_get_name.short @@ -0,0 +1 @@ +@item @var{const char *} @ref{gnutls_protocol_get_name} (gnutls_protocol_t @var{version}) diff --git a/doc/functions/gnutls_protocol_get_version b/doc/functions/gnutls_protocol_get_version new file mode 100644 index 0000000..3f3f776 --- /dev/null +++ b/doc/functions/gnutls_protocol_get_version @@ -0,0 +1,11 @@ + + + + +@deftypefun {gnutls_protocol_t} {gnutls_protocol_get_version} (gnutls_session_t @var{session}) +@var{session}: is a @code{gnutls_session_t} type. + +Get TLS version, a @code{gnutls_protocol_t} value. + +@strong{Returns:} The version of the currently used protocol. +@end deftypefun diff --git a/doc/functions/gnutls_protocol_get_version.short b/doc/functions/gnutls_protocol_get_version.short new file mode 100644 index 0000000..76967f2 --- /dev/null +++ b/doc/functions/gnutls_protocol_get_version.short @@ -0,0 +1 @@ +@item @var{gnutls_protocol_t} @ref{gnutls_protocol_get_version} (gnutls_session_t @var{session}) diff --git a/doc/functions/gnutls_protocol_list b/doc/functions/gnutls_protocol_list new file mode 100644 index 0000000..31b2ddf --- /dev/null +++ b/doc/functions/gnutls_protocol_list @@ -0,0 +1,13 @@ + + + + +@deftypefun {const gnutls_protocol_t *} {gnutls_protocol_list} ( @var{void}) + +Get a list of supported protocols, e.g. SSL 3.0, TLS 1.0 etc. + +This function is not thread safe. + +@strong{Returns:} a (0)-terminated list of @code{gnutls_protocol_t} integers +indicating the available protocols. +@end deftypefun diff --git a/doc/functions/gnutls_protocol_list.short b/doc/functions/gnutls_protocol_list.short new file mode 100644 index 0000000..64a4d76 --- /dev/null +++ b/doc/functions/gnutls_protocol_list.short @@ -0,0 +1 @@ +@item @var{const gnutls_protocol_t *} @ref{gnutls_protocol_list} ( @var{void}) diff --git a/doc/functions/gnutls_psk_allocate_client_credentials b/doc/functions/gnutls_psk_allocate_client_credentials new file mode 100644 index 0000000..eaaad87 --- /dev/null +++ b/doc/functions/gnutls_psk_allocate_client_credentials @@ -0,0 +1,12 @@ + + + + +@deftypefun {int} {gnutls_psk_allocate_client_credentials} (gnutls_psk_client_credentials_t * @var{sc}) +@var{sc}: is a pointer to a @code{gnutls_psk_server_credentials_t} type. + +Allocate a gnutls_psk_client_credentials_t structure. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise +an error code is returned. +@end deftypefun diff --git a/doc/functions/gnutls_psk_allocate_client_credentials.short b/doc/functions/gnutls_psk_allocate_client_credentials.short new file mode 100644 index 0000000..857f8b7 --- /dev/null +++ b/doc/functions/gnutls_psk_allocate_client_credentials.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_psk_allocate_client_credentials} (gnutls_psk_client_credentials_t * @var{sc}) diff --git a/doc/functions/gnutls_psk_allocate_server_credentials b/doc/functions/gnutls_psk_allocate_server_credentials new file mode 100644 index 0000000..ec08034 --- /dev/null +++ b/doc/functions/gnutls_psk_allocate_server_credentials @@ -0,0 +1,12 @@ + + + + +@deftypefun {int} {gnutls_psk_allocate_server_credentials} (gnutls_psk_server_credentials_t * @var{sc}) +@var{sc}: is a pointer to a @code{gnutls_psk_server_credentials_t} type. + +Allocate a gnutls_psk_server_credentials_t structure. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise +an error code is returned. +@end deftypefun diff --git a/doc/functions/gnutls_psk_allocate_server_credentials.short b/doc/functions/gnutls_psk_allocate_server_credentials.short new file mode 100644 index 0000000..9747027 --- /dev/null +++ b/doc/functions/gnutls_psk_allocate_server_credentials.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_psk_allocate_server_credentials} (gnutls_psk_server_credentials_t * @var{sc}) diff --git a/doc/functions/gnutls_psk_client_get_hint b/doc/functions/gnutls_psk_client_get_hint new file mode 100644 index 0000000..fb247cc --- /dev/null +++ b/doc/functions/gnutls_psk_client_get_hint @@ -0,0 +1,18 @@ + + + + +@deftypefun {const char *} {gnutls_psk_client_get_hint} (gnutls_session_t @var{session}) +@var{session}: is a gnutls session + +The PSK identity hint may give the client help in deciding which +username to use. This should only be called in case of PSK +authentication and in case of a client. + +@strong{Note:} there is no hint in TLS 1.3, so this function will return @code{NULL} +if TLS 1.3 has been negotiated. + +@strong{Returns:} the identity hint of the peer, or @code{NULL} in case of an error or if TLS 1.3 is being used. + +@strong{Since:} 2.4.0 +@end deftypefun diff --git a/doc/functions/gnutls_psk_client_get_hint.short b/doc/functions/gnutls_psk_client_get_hint.short new file mode 100644 index 0000000..b3ebe9e --- /dev/null +++ b/doc/functions/gnutls_psk_client_get_hint.short @@ -0,0 +1 @@ +@item @var{const char *} @ref{gnutls_psk_client_get_hint} (gnutls_session_t @var{session}) diff --git a/doc/functions/gnutls_psk_free_client_credentials b/doc/functions/gnutls_psk_free_client_credentials new file mode 100644 index 0000000..f3b4786 --- /dev/null +++ b/doc/functions/gnutls_psk_free_client_credentials @@ -0,0 +1,9 @@ + + + + +@deftypefun {void} {gnutls_psk_free_client_credentials} (gnutls_psk_client_credentials_t @var{sc}) +@var{sc}: is a @code{gnutls_psk_client_credentials_t} type. + +Free a gnutls_psk_client_credentials_t structure. +@end deftypefun diff --git a/doc/functions/gnutls_psk_free_client_credentials.short b/doc/functions/gnutls_psk_free_client_credentials.short new file mode 100644 index 0000000..d3e514a --- /dev/null +++ b/doc/functions/gnutls_psk_free_client_credentials.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_psk_free_client_credentials} (gnutls_psk_client_credentials_t @var{sc}) diff --git a/doc/functions/gnutls_psk_free_server_credentials b/doc/functions/gnutls_psk_free_server_credentials new file mode 100644 index 0000000..cf669e7 --- /dev/null +++ b/doc/functions/gnutls_psk_free_server_credentials @@ -0,0 +1,9 @@ + + + + +@deftypefun {void} {gnutls_psk_free_server_credentials} (gnutls_psk_server_credentials_t @var{sc}) +@var{sc}: is a @code{gnutls_psk_server_credentials_t} type. + +Free a gnutls_psk_server_credentials_t structure. +@end deftypefun diff --git a/doc/functions/gnutls_psk_free_server_credentials.short b/doc/functions/gnutls_psk_free_server_credentials.short new file mode 100644 index 0000000..7536200 --- /dev/null +++ b/doc/functions/gnutls_psk_free_server_credentials.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_psk_free_server_credentials} (gnutls_psk_server_credentials_t @var{sc}) diff --git a/doc/functions/gnutls_psk_server_get_username b/doc/functions/gnutls_psk_server_get_username new file mode 100644 index 0000000..ad2496d --- /dev/null +++ b/doc/functions/gnutls_psk_server_get_username @@ -0,0 +1,12 @@ + + + + +@deftypefun {const char *} {gnutls_psk_server_get_username} (gnutls_session_t @var{session}) +@var{session}: is a gnutls session + +This should only be called in case of PSK authentication and in +case of a server. + +@strong{Returns:} the username of the peer, or @code{NULL} in case of an error. +@end deftypefun diff --git a/doc/functions/gnutls_psk_server_get_username.short b/doc/functions/gnutls_psk_server_get_username.short new file mode 100644 index 0000000..5de5040 --- /dev/null +++ b/doc/functions/gnutls_psk_server_get_username.short @@ -0,0 +1 @@ +@item @var{const char *} @ref{gnutls_psk_server_get_username} (gnutls_session_t @var{session}) diff --git a/doc/functions/gnutls_psk_set_client_credentials b/doc/functions/gnutls_psk_set_client_credentials new file mode 100644 index 0000000..230dce8 --- /dev/null +++ b/doc/functions/gnutls_psk_set_client_credentials @@ -0,0 +1,24 @@ + + + + +@deftypefun {int} {gnutls_psk_set_client_credentials} (gnutls_psk_client_credentials_t @var{res}, const char * @var{username}, const gnutls_datum_t * @var{key}, gnutls_psk_key_flags @var{flags}) +@var{res}: is a @code{gnutls_psk_client_credentials_t} type. + +@var{username}: is the user's zero-terminated userid + +@var{key}: is the user's key + +@var{flags}: indicate the format of the key, either +@code{GNUTLS_PSK_KEY_RAW} or @code{GNUTLS_PSK_KEY_HEX} . + +This function sets the username and password, in a +gnutls_psk_client_credentials_t type. Those will be used in +PSK authentication. @code{username} should be an ASCII string or UTF-8 +string. In case of a UTF-8 string it is recommended to be following +the PRECIS framework for usernames (rfc8265). The key can be either +in raw byte format or in Hex format (without the 0x prefix). + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise +an error code is returned. +@end deftypefun diff --git a/doc/functions/gnutls_psk_set_client_credentials.short b/doc/functions/gnutls_psk_set_client_credentials.short new file mode 100644 index 0000000..17f245d --- /dev/null +++ b/doc/functions/gnutls_psk_set_client_credentials.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_psk_set_client_credentials} (gnutls_psk_client_credentials_t @var{res}, const char * @var{username}, const gnutls_datum_t * @var{key}, gnutls_psk_key_flags @var{flags}) diff --git a/doc/functions/gnutls_psk_set_client_credentials_function b/doc/functions/gnutls_psk_set_client_credentials_function new file mode 100644 index 0000000..acb0b39 --- /dev/null +++ b/doc/functions/gnutls_psk_set_client_credentials_function @@ -0,0 +1,25 @@ + + + + +@deftypefun {void} {gnutls_psk_set_client_credentials_function} (gnutls_psk_client_credentials_t @var{cred}, gnutls_psk_client_credentials_function * @var{func}) +@var{cred}: is a @code{gnutls_psk_server_credentials_t} type. + +@var{func}: is the callback function + +This function can be used to set a callback to retrieve the username and +password for client PSK authentication. +The callback's function form is: +int (*callback)(gnutls_session_t, char** username, +gnutls_datum_t* key); + +The @code{username} and @code{key} ->data must be allocated using @code{gnutls_malloc()} . +The @code{username} should be an ASCII string or UTF-8 +string. In case of a UTF-8 string it is recommended to be following +the PRECIS framework for usernames (rfc8265). + +The callback function will be called once per handshake. + +The callback function should return 0 on success. +-1 indicates an error. +@end deftypefun diff --git a/doc/functions/gnutls_psk_set_client_credentials_function.short b/doc/functions/gnutls_psk_set_client_credentials_function.short new file mode 100644 index 0000000..c5cf141 --- /dev/null +++ b/doc/functions/gnutls_psk_set_client_credentials_function.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_psk_set_client_credentials_function} (gnutls_psk_client_credentials_t @var{cred}, gnutls_psk_client_credentials_function * @var{func}) diff --git a/doc/functions/gnutls_psk_set_params_function b/doc/functions/gnutls_psk_set_params_function new file mode 100644 index 0000000..c2414bc --- /dev/null +++ b/doc/functions/gnutls_psk_set_params_function @@ -0,0 +1,17 @@ + + + + +@deftypefun {void} {gnutls_psk_set_params_function} (gnutls_psk_server_credentials_t @var{res}, gnutls_params_function * @var{func}) +@var{res}: is a gnutls_psk_server_credentials_t type + +@var{func}: is the function to be called + +This function will set a callback in order for the server to get +the Diffie-Hellman or RSA parameters for PSK authentication. The +callback should return @code{GNUTLS_E_SUCCESS} (0) on success. + +@strong{Deprecated:} This function is unnecessary and discouraged on GnuTLS 3.6.0 +or later. Since 3.6.0, DH parameters are negotiated +following RFC7919. +@end deftypefun diff --git a/doc/functions/gnutls_psk_set_params_function.short b/doc/functions/gnutls_psk_set_params_function.short new file mode 100644 index 0000000..d40cb2e --- /dev/null +++ b/doc/functions/gnutls_psk_set_params_function.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_psk_set_params_function} (gnutls_psk_server_credentials_t @var{res}, gnutls_params_function * @var{func}) diff --git a/doc/functions/gnutls_psk_set_server_credentials_file b/doc/functions/gnutls_psk_set_server_credentials_file new file mode 100644 index 0000000..fe50a0f --- /dev/null +++ b/doc/functions/gnutls_psk_set_server_credentials_file @@ -0,0 +1,16 @@ + + + + +@deftypefun {int} {gnutls_psk_set_server_credentials_file} (gnutls_psk_server_credentials_t @var{res}, const char * @var{password_file}) +@var{res}: is a @code{gnutls_psk_server_credentials_t} type. + +@var{password_file}: is the PSK password file (passwd.psk) + +This function sets the password file, in a +@code{gnutls_psk_server_credentials_t} type. This password file +holds usernames and keys and will be used for PSK authentication. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise +an error code is returned. +@end deftypefun diff --git a/doc/functions/gnutls_psk_set_server_credentials_file.short b/doc/functions/gnutls_psk_set_server_credentials_file.short new file mode 100644 index 0000000..9b0f6cf --- /dev/null +++ b/doc/functions/gnutls_psk_set_server_credentials_file.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_psk_set_server_credentials_file} (gnutls_psk_server_credentials_t @var{res}, const char * @var{password_file}) diff --git a/doc/functions/gnutls_psk_set_server_credentials_function b/doc/functions/gnutls_psk_set_server_credentials_function new file mode 100644 index 0000000..d943383 --- /dev/null +++ b/doc/functions/gnutls_psk_set_server_credentials_function @@ -0,0 +1,24 @@ + + + + +@deftypefun {void} {gnutls_psk_set_server_credentials_function} (gnutls_psk_server_credentials_t @var{cred}, gnutls_psk_server_credentials_function * @var{func}) +@var{cred}: is a @code{gnutls_psk_server_credentials_t} type. + +@var{func}: is the callback function + +This function can be used to set a callback to retrieve the user's PSK credentials. +The callback's function form is: +int (*callback)(gnutls_session_t, const char* username, +gnutls_datum_t* key); + + @code{username} contains the actual username. +The @code{key} must be filled in using the @code{gnutls_malloc()} . + +In case the callback returned a negative number then gnutls will +assume that the username does not exist. + +The callback function will only be called once per handshake. The +callback function should return 0 on success, while -1 indicates +an error. +@end deftypefun diff --git a/doc/functions/gnutls_psk_set_server_credentials_function.short b/doc/functions/gnutls_psk_set_server_credentials_function.short new file mode 100644 index 0000000..d448baf --- /dev/null +++ b/doc/functions/gnutls_psk_set_server_credentials_function.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_psk_set_server_credentials_function} (gnutls_psk_server_credentials_t @var{cred}, gnutls_psk_server_credentials_function * @var{func}) diff --git a/doc/functions/gnutls_psk_set_server_credentials_hint b/doc/functions/gnutls_psk_set_server_credentials_hint new file mode 100644 index 0000000..226d959 --- /dev/null +++ b/doc/functions/gnutls_psk_set_server_credentials_hint @@ -0,0 +1,19 @@ + + + + +@deftypefun {int} {gnutls_psk_set_server_credentials_hint} (gnutls_psk_server_credentials_t @var{res}, const char * @var{hint}) +@var{res}: is a @code{gnutls_psk_server_credentials_t} type. + +@var{hint}: is the PSK identity hint string + +This function sets the identity hint, in a +@code{gnutls_psk_server_credentials_t} type. This hint is sent to +the client to help it chose a good PSK credential (i.e., username +and password). + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise +an error code is returned. + +@strong{Since:} 2.4.0 +@end deftypefun diff --git a/doc/functions/gnutls_psk_set_server_credentials_hint.short b/doc/functions/gnutls_psk_set_server_credentials_hint.short new file mode 100644 index 0000000..9afd7b2 --- /dev/null +++ b/doc/functions/gnutls_psk_set_server_credentials_hint.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_psk_set_server_credentials_hint} (gnutls_psk_server_credentials_t @var{res}, const char * @var{hint}) diff --git a/doc/functions/gnutls_psk_set_server_dh_params b/doc/functions/gnutls_psk_set_server_dh_params new file mode 100644 index 0000000..0faa8e6 --- /dev/null +++ b/doc/functions/gnutls_psk_set_server_dh_params @@ -0,0 +1,17 @@ + + + + +@deftypefun {void} {gnutls_psk_set_server_dh_params} (gnutls_psk_server_credentials_t @var{res}, gnutls_dh_params_t @var{dh_params}) +@var{res}: is a gnutls_psk_server_credentials_t type + +@var{dh_params}: is a structure that holds Diffie-Hellman parameters. + +This function will set the Diffie-Hellman parameters for an +anonymous server to use. These parameters will be used in +Diffie-Hellman exchange with PSK cipher suites. + +@strong{Deprecated:} This function is unnecessary and discouraged on GnuTLS 3.6.0 +or later. Since 3.6.0, DH parameters are negotiated +following RFC7919. +@end deftypefun diff --git a/doc/functions/gnutls_psk_set_server_dh_params.short b/doc/functions/gnutls_psk_set_server_dh_params.short new file mode 100644 index 0000000..3446cfe --- /dev/null +++ b/doc/functions/gnutls_psk_set_server_dh_params.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_psk_set_server_dh_params} (gnutls_psk_server_credentials_t @var{res}, gnutls_dh_params_t @var{dh_params}) diff --git a/doc/functions/gnutls_psk_set_server_known_dh_params b/doc/functions/gnutls_psk_set_server_known_dh_params new file mode 100644 index 0000000..13c8938 --- /dev/null +++ b/doc/functions/gnutls_psk_set_server_known_dh_params @@ -0,0 +1,23 @@ + + + + +@deftypefun {int} {gnutls_psk_set_server_known_dh_params} (gnutls_psk_server_credentials_t @var{res}, gnutls_sec_param_t @var{sec_param}) +@var{res}: is a gnutls_psk_server_credentials_t type + +@var{sec_param}: is an option of the @code{gnutls_sec_param_t} enumeration + +This function will set the Diffie-Hellman parameters for a +PSK server to use. These parameters will be used in +Ephemeral Diffie-Hellman cipher suites and will be selected from +the FFDHE set of RFC7919 according to the security level provided. + +@strong{Deprecated:} This function is unnecessary and discouraged on GnuTLS 3.6.0 +or later. Since 3.6.0, DH parameters are negotiated +following RFC7919. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.5.6 +@end deftypefun diff --git a/doc/functions/gnutls_psk_set_server_known_dh_params.short b/doc/functions/gnutls_psk_set_server_known_dh_params.short new file mode 100644 index 0000000..2f87bf5 --- /dev/null +++ b/doc/functions/gnutls_psk_set_server_known_dh_params.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_psk_set_server_known_dh_params} (gnutls_psk_server_credentials_t @var{res}, gnutls_sec_param_t @var{sec_param}) diff --git a/doc/functions/gnutls_psk_set_server_params_function b/doc/functions/gnutls_psk_set_server_params_function new file mode 100644 index 0000000..5e6d0e6 --- /dev/null +++ b/doc/functions/gnutls_psk_set_server_params_function @@ -0,0 +1,17 @@ + + + + +@deftypefun {void} {gnutls_psk_set_server_params_function} (gnutls_psk_server_credentials_t @var{res}, gnutls_params_function * @var{func}) +@var{res}: is a @code{gnutls_certificate_credentials_t} type + +@var{func}: is the function to be called + +This function will set a callback in order for the server to get +the Diffie-Hellman parameters for PSK authentication. The callback +should return @code{GNUTLS_E_SUCCESS} (0) on success. + +@strong{Deprecated:} This function is unnecessary and discouraged on GnuTLS 3.6.0 +or later. Since 3.6.0, DH parameters are negotiated +following RFC7919. +@end deftypefun diff --git a/doc/functions/gnutls_psk_set_server_params_function.short b/doc/functions/gnutls_psk_set_server_params_function.short new file mode 100644 index 0000000..bda0b9b --- /dev/null +++ b/doc/functions/gnutls_psk_set_server_params_function.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_psk_set_server_params_function} (gnutls_psk_server_credentials_t @var{res}, gnutls_params_function * @var{func}) diff --git a/doc/functions/gnutls_pubkey_deinit b/doc/functions/gnutls_pubkey_deinit new file mode 100644 index 0000000..003afe8 --- /dev/null +++ b/doc/functions/gnutls_pubkey_deinit @@ -0,0 +1,11 @@ + + + + +@deftypefun {void} {gnutls_pubkey_deinit} (gnutls_pubkey_t @var{key}) +@var{key}: The key to be deinitialized + +This function will deinitialize a public key structure. + +@strong{Since:} 2.12.0 +@end deftypefun diff --git a/doc/functions/gnutls_pubkey_deinit.short b/doc/functions/gnutls_pubkey_deinit.short new file mode 100644 index 0000000..ce1a6e9 --- /dev/null +++ b/doc/functions/gnutls_pubkey_deinit.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_pubkey_deinit} (gnutls_pubkey_t @var{key}) diff --git a/doc/functions/gnutls_pubkey_encrypt_data b/doc/functions/gnutls_pubkey_encrypt_data new file mode 100644 index 0000000..74e2bf4 --- /dev/null +++ b/doc/functions/gnutls_pubkey_encrypt_data @@ -0,0 +1,21 @@ + + + + +@deftypefun {int} {gnutls_pubkey_encrypt_data} (gnutls_pubkey_t @var{key}, unsigned int @var{flags}, const gnutls_datum_t * @var{plaintext}, gnutls_datum_t * @var{ciphertext}) +@var{key}: Holds the public key + +@var{flags}: should be 0 for now + +@var{plaintext}: The data to be encrypted + +@var{ciphertext}: contains the encrypted data + +This function will encrypt the given data, using the public +key. On success the @code{ciphertext} will be allocated using @code{gnutls_malloc()} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.0 +@end deftypefun diff --git a/doc/functions/gnutls_pubkey_encrypt_data.short b/doc/functions/gnutls_pubkey_encrypt_data.short new file mode 100644 index 0000000..6e8208b --- /dev/null +++ b/doc/functions/gnutls_pubkey_encrypt_data.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pubkey_encrypt_data} (gnutls_pubkey_t @var{key}, unsigned int @var{flags}, const gnutls_datum_t * @var{plaintext}, gnutls_datum_t * @var{ciphertext}) diff --git a/doc/functions/gnutls_pubkey_export b/doc/functions/gnutls_pubkey_export new file mode 100644 index 0000000..b1c981e --- /dev/null +++ b/doc/functions/gnutls_pubkey_export @@ -0,0 +1,30 @@ + + + + +@deftypefun {int} {gnutls_pubkey_export} (gnutls_pubkey_t @var{key}, gnutls_x509_crt_fmt_t @var{format}, void * @var{output_data}, size_t * @var{output_data_size}) +@var{key}: Holds the certificate + +@var{format}: the format of output params. One of PEM or DER. + +@var{output_data}: will contain a certificate PEM or DER encoded + +@var{output_data_size}: holds the size of output_data (and will be +replaced by the actual size of parameters) + +This function will export the public key to DER or PEM format. +The contents of the exported data is the SubjectPublicKeyInfo +X.509 structure. + +If the buffer provided is not long enough to hold the output, then +*output_data_size is updated and @code{GNUTLS_E_SHORT_MEMORY_BUFFER} will +be returned. + +If the structure is PEM encoded, it will have a header +of "BEGIN CERTIFICATE". + +@strong{Returns:} In case of failure a negative error code will be +returned, and 0 on success. + +@strong{Since:} 2.12.0 +@end deftypefun diff --git a/doc/functions/gnutls_pubkey_export.short b/doc/functions/gnutls_pubkey_export.short new file mode 100644 index 0000000..ab45e4b --- /dev/null +++ b/doc/functions/gnutls_pubkey_export.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pubkey_export} (gnutls_pubkey_t @var{key}, gnutls_x509_crt_fmt_t @var{format}, void * @var{output_data}, size_t * @var{output_data_size}) diff --git a/doc/functions/gnutls_pubkey_export2 b/doc/functions/gnutls_pubkey_export2 new file mode 100644 index 0000000..71e4c91 --- /dev/null +++ b/doc/functions/gnutls_pubkey_export2 @@ -0,0 +1,25 @@ + + + + +@deftypefun {int} {gnutls_pubkey_export2} (gnutls_pubkey_t @var{key}, gnutls_x509_crt_fmt_t @var{format}, gnutls_datum_t * @var{out}) +@var{key}: Holds the certificate + +@var{format}: the format of output params. One of PEM or DER. + +@var{out}: will contain a certificate PEM or DER encoded + +This function will export the public key to DER or PEM format. +The contents of the exported data is the SubjectPublicKeyInfo +X.509 structure. + +The output buffer will be allocated using @code{gnutls_malloc()} . + +If the structure is PEM encoded, it will have a header +of "BEGIN CERTIFICATE". + +@strong{Returns:} In case of failure a negative error code will be +returned, and 0 on success. + +@strong{Since:} 3.1.3 +@end deftypefun diff --git a/doc/functions/gnutls_pubkey_export2.short b/doc/functions/gnutls_pubkey_export2.short new file mode 100644 index 0000000..05e54e4 --- /dev/null +++ b/doc/functions/gnutls_pubkey_export2.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pubkey_export2} (gnutls_pubkey_t @var{key}, gnutls_x509_crt_fmt_t @var{format}, gnutls_datum_t * @var{out}) diff --git a/doc/functions/gnutls_pubkey_export_dsa_raw b/doc/functions/gnutls_pubkey_export_dsa_raw new file mode 100644 index 0000000..847d5af --- /dev/null +++ b/doc/functions/gnutls_pubkey_export_dsa_raw @@ -0,0 +1,25 @@ + + + + +@deftypefun {int} {gnutls_pubkey_export_dsa_raw} (gnutls_pubkey_t @var{key}, gnutls_datum_t * @var{p}, gnutls_datum_t * @var{q}, gnutls_datum_t * @var{g}, gnutls_datum_t * @var{y}) +@var{key}: Holds the public key + +@var{p}: will hold the p (may be @code{NULL} ) + +@var{q}: will hold the q (may be @code{NULL} ) + +@var{g}: will hold the g (may be @code{NULL} ) + +@var{y}: will hold the y (may be @code{NULL} ) + +This function will export the DSA public key's parameters found in +the given certificate. The new parameters will be allocated using +@code{gnutls_malloc()} and will be stored in the appropriate datum. + +This function allows for @code{NULL} parameters since 3.4.1. + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, otherwise a negative error code. + +@strong{Since:} 3.3.0 +@end deftypefun diff --git a/doc/functions/gnutls_pubkey_export_dsa_raw.short b/doc/functions/gnutls_pubkey_export_dsa_raw.short new file mode 100644 index 0000000..aa3118f --- /dev/null +++ b/doc/functions/gnutls_pubkey_export_dsa_raw.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pubkey_export_dsa_raw} (gnutls_pubkey_t @var{key}, gnutls_datum_t * @var{p}, gnutls_datum_t * @var{q}, gnutls_datum_t * @var{g}, gnutls_datum_t * @var{y}) diff --git a/doc/functions/gnutls_pubkey_export_dsa_raw2 b/doc/functions/gnutls_pubkey_export_dsa_raw2 new file mode 100644 index 0000000..1a59262 --- /dev/null +++ b/doc/functions/gnutls_pubkey_export_dsa_raw2 @@ -0,0 +1,27 @@ + + + + +@deftypefun {int} {gnutls_pubkey_export_dsa_raw2} (gnutls_pubkey_t @var{key}, gnutls_datum_t * @var{p}, gnutls_datum_t * @var{q}, gnutls_datum_t * @var{g}, gnutls_datum_t * @var{y}, unsigned @var{flags}) +@var{key}: Holds the public key + +@var{p}: will hold the p (may be @code{NULL} ) + +@var{q}: will hold the q (may be @code{NULL} ) + +@var{g}: will hold the g (may be @code{NULL} ) + +@var{y}: will hold the y (may be @code{NULL} ) + +@var{flags}: flags from @code{gnutls_abstract_export_flags_t} + +This function will export the DSA public key's parameters found in +the given certificate. The new parameters will be allocated using +@code{gnutls_malloc()} and will be stored in the appropriate datum. + +This function allows for @code{NULL} parameters since 3.4.1. + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, otherwise a negative error code. + +@strong{Since:} 3.6.0 +@end deftypefun diff --git a/doc/functions/gnutls_pubkey_export_dsa_raw2.short b/doc/functions/gnutls_pubkey_export_dsa_raw2.short new file mode 100644 index 0000000..4167b71 --- /dev/null +++ b/doc/functions/gnutls_pubkey_export_dsa_raw2.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pubkey_export_dsa_raw2} (gnutls_pubkey_t @var{key}, gnutls_datum_t * @var{p}, gnutls_datum_t * @var{q}, gnutls_datum_t * @var{g}, gnutls_datum_t * @var{y}, unsigned @var{flags}) diff --git a/doc/functions/gnutls_pubkey_export_ecc_raw b/doc/functions/gnutls_pubkey_export_ecc_raw new file mode 100644 index 0000000..f11ca00 --- /dev/null +++ b/doc/functions/gnutls_pubkey_export_ecc_raw @@ -0,0 +1,26 @@ + + + + +@deftypefun {int} {gnutls_pubkey_export_ecc_raw} (gnutls_pubkey_t @var{key}, gnutls_ecc_curve_t * @var{curve}, gnutls_datum_t * @var{x}, gnutls_datum_t * @var{y}) +@var{key}: Holds the public key + +@var{curve}: will hold the curve (may be @code{NULL} ) + +@var{x}: will hold x-coordinate (may be @code{NULL} ) + +@var{y}: will hold y-coordinate (may be @code{NULL} ) + +This function will export the ECC public key's parameters found in +the given key. The new parameters will be allocated using +@code{gnutls_malloc()} and will be stored in the appropriate datum. + +In EdDSA curves the @code{y} parameter will be @code{NULL} and the other parameters +will be in the native format for the curve. + +This function allows for @code{NULL} parameters since 3.4.1. + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, otherwise a negative error code. + +@strong{Since:} 3.0 +@end deftypefun diff --git a/doc/functions/gnutls_pubkey_export_ecc_raw.short b/doc/functions/gnutls_pubkey_export_ecc_raw.short new file mode 100644 index 0000000..3bdb574 --- /dev/null +++ b/doc/functions/gnutls_pubkey_export_ecc_raw.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pubkey_export_ecc_raw} (gnutls_pubkey_t @var{key}, gnutls_ecc_curve_t * @var{curve}, gnutls_datum_t * @var{x}, gnutls_datum_t * @var{y}) diff --git a/doc/functions/gnutls_pubkey_export_ecc_raw2 b/doc/functions/gnutls_pubkey_export_ecc_raw2 new file mode 100644 index 0000000..53248f1 --- /dev/null +++ b/doc/functions/gnutls_pubkey_export_ecc_raw2 @@ -0,0 +1,28 @@ + + + + +@deftypefun {int} {gnutls_pubkey_export_ecc_raw2} (gnutls_pubkey_t @var{key}, gnutls_ecc_curve_t * @var{curve}, gnutls_datum_t * @var{x}, gnutls_datum_t * @var{y}, unsigned int @var{flags}) +@var{key}: Holds the public key + +@var{curve}: will hold the curve (may be @code{NULL} ) + +@var{x}: will hold x-coordinate (may be @code{NULL} ) + +@var{y}: will hold y-coordinate (may be @code{NULL} ) + +@var{flags}: flags from @code{gnutls_abstract_export_flags_t} + +This function will export the ECC public key's parameters found in +the given key. The new parameters will be allocated using +@code{gnutls_malloc()} and will be stored in the appropriate datum. + +In EdDSA curves the @code{y} parameter will be @code{NULL} and the other parameters +will be in the native format for the curve. + +This function allows for @code{NULL} parameters since 3.4.1. + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, otherwise a negative error code. + +@strong{Since:} 3.6.0 +@end deftypefun diff --git a/doc/functions/gnutls_pubkey_export_ecc_raw2.short b/doc/functions/gnutls_pubkey_export_ecc_raw2.short new file mode 100644 index 0000000..564be12 --- /dev/null +++ b/doc/functions/gnutls_pubkey_export_ecc_raw2.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pubkey_export_ecc_raw2} (gnutls_pubkey_t @var{key}, gnutls_ecc_curve_t * @var{curve}, gnutls_datum_t * @var{x}, gnutls_datum_t * @var{y}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_pubkey_export_ecc_x962 b/doc/functions/gnutls_pubkey_export_ecc_x962 new file mode 100644 index 0000000..140f592 --- /dev/null +++ b/doc/functions/gnutls_pubkey_export_ecc_x962 @@ -0,0 +1,19 @@ + + + + +@deftypefun {int} {gnutls_pubkey_export_ecc_x962} (gnutls_pubkey_t @var{key}, gnutls_datum_t * @var{parameters}, gnutls_datum_t * @var{ecpoint}) +@var{key}: Holds the public key + +@var{parameters}: DER encoding of an ANSI X9.62 parameters + +@var{ecpoint}: DER encoding of ANSI X9.62 ECPoint + +This function will export the ECC public key's parameters found in +the given certificate. The new parameters will be allocated using +@code{gnutls_malloc()} and will be stored in the appropriate datum. + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, otherwise a negative error code. + +@strong{Since:} 3.3.0 +@end deftypefun diff --git a/doc/functions/gnutls_pubkey_export_ecc_x962.short b/doc/functions/gnutls_pubkey_export_ecc_x962.short new file mode 100644 index 0000000..21539a9 --- /dev/null +++ b/doc/functions/gnutls_pubkey_export_ecc_x962.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pubkey_export_ecc_x962} (gnutls_pubkey_t @var{key}, gnutls_datum_t * @var{parameters}, gnutls_datum_t * @var{ecpoint}) diff --git a/doc/functions/gnutls_pubkey_export_gost_raw2 b/doc/functions/gnutls_pubkey_export_gost_raw2 new file mode 100644 index 0000000..a9b95ae --- /dev/null +++ b/doc/functions/gnutls_pubkey_export_gost_raw2 @@ -0,0 +1,30 @@ + + + + +@deftypefun {int} {gnutls_pubkey_export_gost_raw2} (gnutls_pubkey_t @var{key}, gnutls_ecc_curve_t * @var{curve}, gnutls_digest_algorithm_t * @var{digest}, gnutls_gost_paramset_t * @var{paramset}, gnutls_datum_t * @var{x}, gnutls_datum_t * @var{y}, unsigned int @var{flags}) +@var{key}: Holds the public key + +@var{curve}: will hold the curve (may be @code{NULL} ) + +@var{digest}: will hold the curve (may be @code{NULL} ) + +@var{paramset}: will hold the parameters id (may be @code{NULL} ) + +@var{x}: will hold the x-coordinate (may be @code{NULL} ) + +@var{y}: will hold the y-coordinate (may be @code{NULL} ) + +@var{flags}: flags from @code{gnutls_abstract_export_flags_t} + +This function will export the GOST public key's parameters found in +the given key. The new parameters will be allocated using +@code{gnutls_malloc()} and will be stored in the appropriate datum. + +@strong{Note:} parameters will be stored with least significant byte first. On +version 3.6.3 this was incorrectly returned in big-endian format. + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, otherwise a negative error code. + +@strong{Since:} 3.6.3 +@end deftypefun diff --git a/doc/functions/gnutls_pubkey_export_gost_raw2.short b/doc/functions/gnutls_pubkey_export_gost_raw2.short new file mode 100644 index 0000000..0bcaf2a --- /dev/null +++ b/doc/functions/gnutls_pubkey_export_gost_raw2.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pubkey_export_gost_raw2} (gnutls_pubkey_t @var{key}, gnutls_ecc_curve_t * @var{curve}, gnutls_digest_algorithm_t * @var{digest}, gnutls_gost_paramset_t * @var{paramset}, gnutls_datum_t * @var{x}, gnutls_datum_t * @var{y}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_pubkey_export_rsa_raw b/doc/functions/gnutls_pubkey_export_rsa_raw new file mode 100644 index 0000000..3ae6bf0 --- /dev/null +++ b/doc/functions/gnutls_pubkey_export_rsa_raw @@ -0,0 +1,21 @@ + + + + +@deftypefun {int} {gnutls_pubkey_export_rsa_raw} (gnutls_pubkey_t @var{key}, gnutls_datum_t * @var{m}, gnutls_datum_t * @var{e}) +@var{key}: Holds the certificate + +@var{m}: will hold the modulus (may be @code{NULL} ) + +@var{e}: will hold the public exponent (may be @code{NULL} ) + +This function will export the RSA public key's parameters found in +the given structure. The new parameters will be allocated using +@code{gnutls_malloc()} and will be stored in the appropriate datum. + +This function allows for @code{NULL} parameters since 3.4.1. + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, otherwise a negative error code. + +@strong{Since:} 3.3.0 +@end deftypefun diff --git a/doc/functions/gnutls_pubkey_export_rsa_raw.short b/doc/functions/gnutls_pubkey_export_rsa_raw.short new file mode 100644 index 0000000..418f201 --- /dev/null +++ b/doc/functions/gnutls_pubkey_export_rsa_raw.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pubkey_export_rsa_raw} (gnutls_pubkey_t @var{key}, gnutls_datum_t * @var{m}, gnutls_datum_t * @var{e}) diff --git a/doc/functions/gnutls_pubkey_export_rsa_raw2 b/doc/functions/gnutls_pubkey_export_rsa_raw2 new file mode 100644 index 0000000..4fb890c --- /dev/null +++ b/doc/functions/gnutls_pubkey_export_rsa_raw2 @@ -0,0 +1,23 @@ + + + + +@deftypefun {int} {gnutls_pubkey_export_rsa_raw2} (gnutls_pubkey_t @var{key}, gnutls_datum_t * @var{m}, gnutls_datum_t * @var{e}, unsigned @var{flags}) +@var{key}: Holds the certificate + +@var{m}: will hold the modulus (may be @code{NULL} ) + +@var{e}: will hold the public exponent (may be @code{NULL} ) + +@var{flags}: flags from @code{gnutls_abstract_export_flags_t} + +This function will export the RSA public key's parameters found in +the given structure. The new parameters will be allocated using +@code{gnutls_malloc()} and will be stored in the appropriate datum. + +This function allows for @code{NULL} parameters since 3.4.1. + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, otherwise a negative error code. + +@strong{Since:} 3.6.0 +@end deftypefun diff --git a/doc/functions/gnutls_pubkey_export_rsa_raw2.short b/doc/functions/gnutls_pubkey_export_rsa_raw2.short new file mode 100644 index 0000000..dcd6d18 --- /dev/null +++ b/doc/functions/gnutls_pubkey_export_rsa_raw2.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pubkey_export_rsa_raw2} (gnutls_pubkey_t @var{key}, gnutls_datum_t * @var{m}, gnutls_datum_t * @var{e}, unsigned @var{flags}) diff --git a/doc/functions/gnutls_pubkey_get_key_id b/doc/functions/gnutls_pubkey_get_key_id new file mode 100644 index 0000000..4d3e13d --- /dev/null +++ b/doc/functions/gnutls_pubkey_get_key_id @@ -0,0 +1,28 @@ + + + + +@deftypefun {int} {gnutls_pubkey_get_key_id} (gnutls_pubkey_t @var{key}, unsigned int @var{flags}, unsigned char * @var{output_data}, size_t * @var{output_data_size}) +@var{key}: Holds the public key + +@var{flags}: should be one of the flags from @code{gnutls_keyid_flags_t} + +@var{output_data}: will contain the key ID + +@var{output_data_size}: holds the size of output_data (and will be +replaced by the actual size of parameters) + +This function will return a unique ID that depends on the public +key parameters. This ID can be used in checking whether a +certificate corresponds to the given public key. + +If the buffer provided is not long enough to hold the output, then +*output_data_size is updated and @code{GNUTLS_E_SHORT_MEMORY_BUFFER} will +be returned. The output will normally be a SHA-1 hash output, +which is 20 bytes. + +@strong{Returns:} In case of failure a negative error code will be +returned, and 0 on success. + +@strong{Since:} 2.12.0 +@end deftypefun diff --git a/doc/functions/gnutls_pubkey_get_key_id.short b/doc/functions/gnutls_pubkey_get_key_id.short new file mode 100644 index 0000000..63b7861 --- /dev/null +++ b/doc/functions/gnutls_pubkey_get_key_id.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pubkey_get_key_id} (gnutls_pubkey_t @var{key}, unsigned int @var{flags}, unsigned char * @var{output_data}, size_t * @var{output_data_size}) diff --git a/doc/functions/gnutls_pubkey_get_key_usage b/doc/functions/gnutls_pubkey_get_key_usage new file mode 100644 index 0000000..faa4d5d --- /dev/null +++ b/doc/functions/gnutls_pubkey_get_key_usage @@ -0,0 +1,16 @@ + + + + +@deftypefun {int} {gnutls_pubkey_get_key_usage} (gnutls_pubkey_t @var{key}, unsigned int * @var{usage}) +@var{key}: should contain a @code{gnutls_pubkey_t} type + +@var{usage}: If set will return the number of bits of the parameters (may be NULL) + +This function will return the key usage of the public key. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 2.12.0 +@end deftypefun diff --git a/doc/functions/gnutls_pubkey_get_key_usage.short b/doc/functions/gnutls_pubkey_get_key_usage.short new file mode 100644 index 0000000..db842b5 --- /dev/null +++ b/doc/functions/gnutls_pubkey_get_key_usage.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pubkey_get_key_usage} (gnutls_pubkey_t @var{key}, unsigned int * @var{usage}) diff --git a/doc/functions/gnutls_pubkey_get_openpgp_key_id b/doc/functions/gnutls_pubkey_get_openpgp_key_id new file mode 100644 index 0000000..cbf5235 --- /dev/null +++ b/doc/functions/gnutls_pubkey_get_openpgp_key_id @@ -0,0 +1,22 @@ + + + + +@deftypefun {int} {gnutls_pubkey_get_openpgp_key_id} (gnutls_pubkey_t @var{key}, unsigned int @var{flags}, unsigned char * @var{output_data}, size_t * @var{output_data_size}, unsigned int * @var{subkey}) +@var{key}: Holds the public key + +@var{flags}: should be one of the flags from @code{gnutls_keyid_flags_t} + +@var{output_data}: will contain the key ID + +@var{output_data_size}: holds the size of output_data (and will be +replaced by the actual size of parameters) + +@var{subkey}: ignored + +This function is no-op. + +@strong{Returns:} @code{GNUTLS_E_UNIMPLEMENTED_FEATURE} . + +@strong{Since:} 2.12.0 +@end deftypefun diff --git a/doc/functions/gnutls_pubkey_get_openpgp_key_id.short b/doc/functions/gnutls_pubkey_get_openpgp_key_id.short new file mode 100644 index 0000000..4ba139e --- /dev/null +++ b/doc/functions/gnutls_pubkey_get_openpgp_key_id.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pubkey_get_openpgp_key_id} (gnutls_pubkey_t @var{key}, unsigned int @var{flags}, unsigned char * @var{output_data}, size_t * @var{output_data_size}, unsigned int * @var{subkey}) diff --git a/doc/functions/gnutls_pubkey_get_pk_algorithm b/doc/functions/gnutls_pubkey_get_pk_algorithm new file mode 100644 index 0000000..86e6ec7 --- /dev/null +++ b/doc/functions/gnutls_pubkey_get_pk_algorithm @@ -0,0 +1,18 @@ + + + + +@deftypefun {int} {gnutls_pubkey_get_pk_algorithm} (gnutls_pubkey_t @var{key}, unsigned int * @var{bits}) +@var{key}: should contain a @code{gnutls_pubkey_t} type + +@var{bits}: If set will return the number of bits of the parameters (may be NULL) + +This function will return the public key algorithm of a public +key and if possible will return a number of bits that indicates +the security parameter of the key. + +@strong{Returns:} a member of the @code{gnutls_pk_algorithm_t} enumeration on +success, or a negative error code on error. + +@strong{Since:} 2.12.0 +@end deftypefun diff --git a/doc/functions/gnutls_pubkey_get_pk_algorithm.short b/doc/functions/gnutls_pubkey_get_pk_algorithm.short new file mode 100644 index 0000000..0e31b54 --- /dev/null +++ b/doc/functions/gnutls_pubkey_get_pk_algorithm.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pubkey_get_pk_algorithm} (gnutls_pubkey_t @var{key}, unsigned int * @var{bits}) diff --git a/doc/functions/gnutls_pubkey_get_preferred_hash_algorithm b/doc/functions/gnutls_pubkey_get_preferred_hash_algorithm new file mode 100644 index 0000000..491ba9b --- /dev/null +++ b/doc/functions/gnutls_pubkey_get_preferred_hash_algorithm @@ -0,0 +1,23 @@ + + + + +@deftypefun {int} {gnutls_pubkey_get_preferred_hash_algorithm} (gnutls_pubkey_t @var{key}, gnutls_digest_algorithm_t * @var{hash}, unsigned int * @var{mand}) +@var{key}: Holds the certificate + +@var{hash}: The result of the call with the hash algorithm used for signature + +@var{mand}: If non zero it means that the algorithm MUST use this hash. May be NULL. + +This function will read the certificate and return the appropriate digest +algorithm to use for signing with this certificate. Some certificates (i.e. +DSA might not be able to sign without the preferred algorithm). + +To get the signature algorithm instead of just the hash use @code{gnutls_pk_to_sign()} +with the algorithm of the certificate/key and the provided @code{hash} . + +@strong{Returns:} the 0 if the hash algorithm is found. A negative error code is +returned on error. + +@strong{Since:} 2.12.0 +@end deftypefun diff --git a/doc/functions/gnutls_pubkey_get_preferred_hash_algorithm.short b/doc/functions/gnutls_pubkey_get_preferred_hash_algorithm.short new file mode 100644 index 0000000..9024f40 --- /dev/null +++ b/doc/functions/gnutls_pubkey_get_preferred_hash_algorithm.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pubkey_get_preferred_hash_algorithm} (gnutls_pubkey_t @var{key}, gnutls_digest_algorithm_t * @var{hash}, unsigned int * @var{mand}) diff --git a/doc/functions/gnutls_pubkey_get_spki b/doc/functions/gnutls_pubkey_get_spki new file mode 100644 index 0000000..7221ab3 --- /dev/null +++ b/doc/functions/gnutls_pubkey_get_spki @@ -0,0 +1,19 @@ + + + + +@deftypefun {int} {gnutls_pubkey_get_spki} (gnutls_pubkey_t @var{pubkey}, gnutls_x509_spki_t @var{spki}, unsigned int @var{flags}) +@var{pubkey}: a public key of type @code{gnutls_pubkey_t} + +@var{spki}: a SubjectPublicKeyInfo structure of type @code{gnutls_pubkey_spki_t} + +@var{flags}: must be zero + +This function will return the public key information if available. +The provided @code{spki} must be initialized. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.6.0 +@end deftypefun diff --git a/doc/functions/gnutls_pubkey_get_spki.short b/doc/functions/gnutls_pubkey_get_spki.short new file mode 100644 index 0000000..efd3cac --- /dev/null +++ b/doc/functions/gnutls_pubkey_get_spki.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pubkey_get_spki} (gnutls_pubkey_t @var{pubkey}, gnutls_x509_spki_t @var{spki}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_pubkey_import b/doc/functions/gnutls_pubkey_import new file mode 100644 index 0000000..f9f6196 --- /dev/null +++ b/doc/functions/gnutls_pubkey_import @@ -0,0 +1,22 @@ + + + + +@deftypefun {int} {gnutls_pubkey_import} (gnutls_pubkey_t @var{key}, const gnutls_datum_t * @var{data}, gnutls_x509_crt_fmt_t @var{format}) +@var{key}: The public key. + +@var{data}: The DER or PEM encoded certificate. + +@var{format}: One of DER or PEM + +This function will import the provided public key in +a SubjectPublicKeyInfo X.509 structure to a native +@code{gnutls_pubkey_t} type. The output will be stored +in @code{key} . If the public key is PEM encoded it should have a header +of "PUBLIC KEY". + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 2.12.0 +@end deftypefun diff --git a/doc/functions/gnutls_pubkey_import.short b/doc/functions/gnutls_pubkey_import.short new file mode 100644 index 0000000..5a96e4b --- /dev/null +++ b/doc/functions/gnutls_pubkey_import.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pubkey_import} (gnutls_pubkey_t @var{key}, const gnutls_datum_t * @var{data}, gnutls_x509_crt_fmt_t @var{format}) diff --git a/doc/functions/gnutls_pubkey_import_dsa_raw b/doc/functions/gnutls_pubkey_import_dsa_raw new file mode 100644 index 0000000..af2e80c --- /dev/null +++ b/doc/functions/gnutls_pubkey_import_dsa_raw @@ -0,0 +1,24 @@ + + + + +@deftypefun {int} {gnutls_pubkey_import_dsa_raw} (gnutls_pubkey_t @var{key}, const gnutls_datum_t * @var{p}, const gnutls_datum_t * @var{q}, const gnutls_datum_t * @var{g}, const gnutls_datum_t * @var{y}) +@var{key}: The structure to store the parsed key + +@var{p}: holds the p + +@var{q}: holds the q + +@var{g}: holds the g + +@var{y}: holds the y + +This function will convert the given DSA raw parameters to the +native @code{gnutls_pubkey_t} format. The output will be stored +in @code{key} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 2.12.0 +@end deftypefun diff --git a/doc/functions/gnutls_pubkey_import_dsa_raw.short b/doc/functions/gnutls_pubkey_import_dsa_raw.short new file mode 100644 index 0000000..bbb1867 --- /dev/null +++ b/doc/functions/gnutls_pubkey_import_dsa_raw.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pubkey_import_dsa_raw} (gnutls_pubkey_t @var{key}, const gnutls_datum_t * @var{p}, const gnutls_datum_t * @var{q}, const gnutls_datum_t * @var{g}, const gnutls_datum_t * @var{y}) diff --git a/doc/functions/gnutls_pubkey_import_ecc_raw b/doc/functions/gnutls_pubkey_import_ecc_raw new file mode 100644 index 0000000..adb29c2 --- /dev/null +++ b/doc/functions/gnutls_pubkey_import_ecc_raw @@ -0,0 +1,24 @@ + + + + +@deftypefun {int} {gnutls_pubkey_import_ecc_raw} (gnutls_pubkey_t @var{key}, gnutls_ecc_curve_t @var{curve}, const gnutls_datum_t * @var{x}, const gnutls_datum_t * @var{y}) +@var{key}: The structure to store the parsed key + +@var{curve}: holds the curve + +@var{x}: holds the x-coordinate + +@var{y}: holds the y-coordinate + +This function will convert the given elliptic curve parameters to a +@code{gnutls_pubkey_t} . The output will be stored in @code{key} . + +In EdDSA curves the @code{y} parameter should be @code{NULL} and the @code{x} parameter must +be the value in the native format for the curve. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.0 +@end deftypefun diff --git a/doc/functions/gnutls_pubkey_import_ecc_raw.short b/doc/functions/gnutls_pubkey_import_ecc_raw.short new file mode 100644 index 0000000..074e426 --- /dev/null +++ b/doc/functions/gnutls_pubkey_import_ecc_raw.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pubkey_import_ecc_raw} (gnutls_pubkey_t @var{key}, gnutls_ecc_curve_t @var{curve}, const gnutls_datum_t * @var{x}, const gnutls_datum_t * @var{y}) diff --git a/doc/functions/gnutls_pubkey_import_ecc_x962 b/doc/functions/gnutls_pubkey_import_ecc_x962 new file mode 100644 index 0000000..562d8ee --- /dev/null +++ b/doc/functions/gnutls_pubkey_import_ecc_x962 @@ -0,0 +1,19 @@ + + + + +@deftypefun {int} {gnutls_pubkey_import_ecc_x962} (gnutls_pubkey_t @var{key}, const gnutls_datum_t * @var{parameters}, const gnutls_datum_t * @var{ecpoint}) +@var{key}: The structure to store the parsed key + +@var{parameters}: DER encoding of an ANSI X9.62 parameters + +@var{ecpoint}: DER encoding of ANSI X9.62 ECPoint + +This function will convert the given elliptic curve parameters to a +@code{gnutls_pubkey_t} . The output will be stored in @code{key} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.0 +@end deftypefun diff --git a/doc/functions/gnutls_pubkey_import_ecc_x962.short b/doc/functions/gnutls_pubkey_import_ecc_x962.short new file mode 100644 index 0000000..6f70f4c --- /dev/null +++ b/doc/functions/gnutls_pubkey_import_ecc_x962.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pubkey_import_ecc_x962} (gnutls_pubkey_t @var{key}, const gnutls_datum_t * @var{parameters}, const gnutls_datum_t * @var{ecpoint}) diff --git a/doc/functions/gnutls_pubkey_import_gost_raw b/doc/functions/gnutls_pubkey_import_gost_raw new file mode 100644 index 0000000..d3cf4dc --- /dev/null +++ b/doc/functions/gnutls_pubkey_import_gost_raw @@ -0,0 +1,31 @@ + + + + +@deftypefun {int} {gnutls_pubkey_import_gost_raw} (gnutls_pubkey_t @var{key}, gnutls_ecc_curve_t @var{curve}, gnutls_digest_algorithm_t @var{digest}, gnutls_gost_paramset_t @var{paramset}, const gnutls_datum_t * @var{x}, const gnutls_datum_t * @var{y}) +@var{key}: The structure to store the parsed key + +@var{curve}: holds the curve + +@var{digest}: holds the digest + +@var{paramset}: holds the parameters id + +@var{x}: holds the x-coordinate + +@var{y}: holds the y-coordinate + +This function will convert the given GOST public key's parameters to a +@code{gnutls_pubkey_t} . The output will be stored in @code{key} . @code{digest} should be +one of GNUTLS_DIG_GOSR_94, GNUTLS_DIG_STREEBOG_256 or +GNUTLS_DIG_STREEBOG_512. If @code{paramset} is set to GNUTLS_GOST_PARAMSET_UNKNOWN +default one will be selected depending on @code{digest} . + +@strong{Note:} parameters should be stored with least significant byte first. On +version 3.6.3 big-endian format was used incorrectly. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.6.3 +@end deftypefun diff --git a/doc/functions/gnutls_pubkey_import_gost_raw.short b/doc/functions/gnutls_pubkey_import_gost_raw.short new file mode 100644 index 0000000..783dec9 --- /dev/null +++ b/doc/functions/gnutls_pubkey_import_gost_raw.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pubkey_import_gost_raw} (gnutls_pubkey_t @var{key}, gnutls_ecc_curve_t @var{curve}, gnutls_digest_algorithm_t @var{digest}, gnutls_gost_paramset_t @var{paramset}, const gnutls_datum_t * @var{x}, const gnutls_datum_t * @var{y}) diff --git a/doc/functions/gnutls_pubkey_import_openpgp b/doc/functions/gnutls_pubkey_import_openpgp new file mode 100644 index 0000000..bd0196b --- /dev/null +++ b/doc/functions/gnutls_pubkey_import_openpgp @@ -0,0 +1,17 @@ + + + + +@deftypefun {int} {gnutls_pubkey_import_openpgp} (gnutls_pubkey_t @var{key}, gnutls_openpgp_crt_t @var{crt}, unsigned int @var{flags}) +@var{key}: The public key + +@var{crt}: The certificate to be imported + +@var{flags}: should be zero + +This function is no-op. + +@strong{Returns:} @code{GNUTLS_E_UNIMPLEMENTED_FEATURE} . + +@strong{Since:} 2.12.0 +@end deftypefun diff --git a/doc/functions/gnutls_pubkey_import_openpgp.short b/doc/functions/gnutls_pubkey_import_openpgp.short new file mode 100644 index 0000000..58bbed1 --- /dev/null +++ b/doc/functions/gnutls_pubkey_import_openpgp.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pubkey_import_openpgp} (gnutls_pubkey_t @var{key}, gnutls_openpgp_crt_t @var{crt}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_pubkey_import_openpgp_raw b/doc/functions/gnutls_pubkey_import_openpgp_raw new file mode 100644 index 0000000..cbc1b67 --- /dev/null +++ b/doc/functions/gnutls_pubkey_import_openpgp_raw @@ -0,0 +1,21 @@ + + + + +@deftypefun {int} {gnutls_pubkey_import_openpgp_raw} (gnutls_pubkey_t @var{pkey}, const gnutls_datum_t * @var{data}, gnutls_openpgp_crt_fmt_t @var{format}, const gnutls_openpgp_keyid_t @var{keyid}, unsigned int @var{flags}) +@var{pkey}: The public key + +@var{data}: The public key data to be imported + +@var{format}: The format of the public key + +@var{keyid}: The key id to use (optional) + +@var{flags}: Should be zero + +This function is no-op. + +@strong{Returns:} @code{GNUTLS_E_UNIMPLEMENTED_FEATURE} . + +@strong{Since:} 3.1.3 +@end deftypefun diff --git a/doc/functions/gnutls_pubkey_import_openpgp_raw.short b/doc/functions/gnutls_pubkey_import_openpgp_raw.short new file mode 100644 index 0000000..0bfc96d --- /dev/null +++ b/doc/functions/gnutls_pubkey_import_openpgp_raw.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pubkey_import_openpgp_raw} (gnutls_pubkey_t @var{pkey}, const gnutls_datum_t * @var{data}, gnutls_openpgp_crt_fmt_t @var{format}, const gnutls_openpgp_keyid_t @var{keyid}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_pubkey_import_pkcs11 b/doc/functions/gnutls_pubkey_import_pkcs11 new file mode 100644 index 0000000..26a717c --- /dev/null +++ b/doc/functions/gnutls_pubkey_import_pkcs11 @@ -0,0 +1,19 @@ + + + + +@deftypefun {int} {gnutls_pubkey_import_pkcs11} (gnutls_pubkey_t @var{key}, gnutls_pkcs11_obj_t @var{obj}, unsigned int @var{flags}) +@var{key}: The public key + +@var{obj}: The parameters to be imported + +@var{flags}: should be zero + +Imports a public key from a pkcs11 key. This function will import +the given public key to the abstract @code{gnutls_pubkey_t} type. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 2.12.0 +@end deftypefun diff --git a/doc/functions/gnutls_pubkey_import_pkcs11.short b/doc/functions/gnutls_pubkey_import_pkcs11.short new file mode 100644 index 0000000..a2dd42a --- /dev/null +++ b/doc/functions/gnutls_pubkey_import_pkcs11.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pubkey_import_pkcs11} (gnutls_pubkey_t @var{key}, gnutls_pkcs11_obj_t @var{obj}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_pubkey_import_privkey b/doc/functions/gnutls_pubkey_import_privkey new file mode 100644 index 0000000..ed13b70 --- /dev/null +++ b/doc/functions/gnutls_pubkey_import_privkey @@ -0,0 +1,24 @@ + + + + +@deftypefun {int} {gnutls_pubkey_import_privkey} (gnutls_pubkey_t @var{key}, gnutls_privkey_t @var{pkey}, unsigned int @var{usage}, unsigned int @var{flags}) +@var{key}: The public key + +@var{pkey}: The private key + +@var{usage}: GNUTLS_KEY_* key usage flags. + +@var{flags}: should be zero + +Imports the public key from a private. This function will import +the given public key to the abstract @code{gnutls_pubkey_t} type. + +Note that in certain keys this operation may not be possible, e.g., +in other than RSA PKCS@code{11} keys. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 2.12.0 +@end deftypefun diff --git a/doc/functions/gnutls_pubkey_import_privkey.short b/doc/functions/gnutls_pubkey_import_privkey.short new file mode 100644 index 0000000..83f2be8 --- /dev/null +++ b/doc/functions/gnutls_pubkey_import_privkey.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pubkey_import_privkey} (gnutls_pubkey_t @var{key}, gnutls_privkey_t @var{pkey}, unsigned int @var{usage}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_pubkey_import_rsa_raw b/doc/functions/gnutls_pubkey_import_rsa_raw new file mode 100644 index 0000000..30df623 --- /dev/null +++ b/doc/functions/gnutls_pubkey_import_rsa_raw @@ -0,0 +1,19 @@ + + + + +@deftypefun {int} {gnutls_pubkey_import_rsa_raw} (gnutls_pubkey_t @var{key}, const gnutls_datum_t * @var{m}, const gnutls_datum_t * @var{e}) +@var{key}: The key + +@var{m}: holds the modulus + +@var{e}: holds the public exponent + +This function will replace the parameters in the given structure. +The new parameters should be stored in the appropriate +gnutls_datum. + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, or an negative error code. + +@strong{Since:} 2.12.0 +@end deftypefun diff --git a/doc/functions/gnutls_pubkey_import_rsa_raw.short b/doc/functions/gnutls_pubkey_import_rsa_raw.short new file mode 100644 index 0000000..d36699f --- /dev/null +++ b/doc/functions/gnutls_pubkey_import_rsa_raw.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pubkey_import_rsa_raw} (gnutls_pubkey_t @var{key}, const gnutls_datum_t * @var{m}, const gnutls_datum_t * @var{e}) diff --git a/doc/functions/gnutls_pubkey_import_tpm_raw b/doc/functions/gnutls_pubkey_import_tpm_raw new file mode 100644 index 0000000..66685bf --- /dev/null +++ b/doc/functions/gnutls_pubkey_import_tpm_raw @@ -0,0 +1,26 @@ + + + + +@deftypefun {int} {gnutls_pubkey_import_tpm_raw} (gnutls_pubkey_t @var{pkey}, const gnutls_datum_t * @var{fdata}, gnutls_tpmkey_fmt_t @var{format}, const char * @var{srk_password}, unsigned int @var{flags}) +@var{pkey}: The public key + +@var{fdata}: The TPM key to be imported + +@var{format}: The format of the private key + +@var{srk_password}: The password for the SRK key (optional) + +@var{flags}: One of the GNUTLS_PUBKEY_* flags + +This function will import the public key from the provided TPM key +structure. + +With respect to passwords the same as in +@code{gnutls_pubkey_import_tpm_url()} apply. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.1.0 +@end deftypefun diff --git a/doc/functions/gnutls_pubkey_import_tpm_raw.short b/doc/functions/gnutls_pubkey_import_tpm_raw.short new file mode 100644 index 0000000..b34e538 --- /dev/null +++ b/doc/functions/gnutls_pubkey_import_tpm_raw.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pubkey_import_tpm_raw} (gnutls_pubkey_t @var{pkey}, const gnutls_datum_t * @var{fdata}, gnutls_tpmkey_fmt_t @var{format}, const char * @var{srk_password}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_pubkey_import_tpm_url b/doc/functions/gnutls_pubkey_import_tpm_url new file mode 100644 index 0000000..3a6cc34 --- /dev/null +++ b/doc/functions/gnutls_pubkey_import_tpm_url @@ -0,0 +1,27 @@ + + + + +@deftypefun {int} {gnutls_pubkey_import_tpm_url} (gnutls_pubkey_t @var{pkey}, const char * @var{url}, const char * @var{srk_password}, unsigned int @var{flags}) +@var{pkey}: The public key + +@var{url}: The URL of the TPM key to be imported + +@var{srk_password}: The password for the SRK key (optional) + +@var{flags}: should be zero + +This function will import the given private key to the abstract +@code{gnutls_privkey_t} type. + +Note that unless @code{GNUTLS_PUBKEY_DISABLE_CALLBACKS} +is specified, if incorrect (or NULL) passwords are given +the PKCS11 callback functions will be used to obtain the +correct passwords. Otherwise if the SRK password is wrong +@code{GNUTLS_E_TPM_SRK_PASSWORD_ERROR} is returned. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.1.0 +@end deftypefun diff --git a/doc/functions/gnutls_pubkey_import_tpm_url.short b/doc/functions/gnutls_pubkey_import_tpm_url.short new file mode 100644 index 0000000..374b369 --- /dev/null +++ b/doc/functions/gnutls_pubkey_import_tpm_url.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pubkey_import_tpm_url} (gnutls_pubkey_t @var{pkey}, const char * @var{url}, const char * @var{srk_password}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_pubkey_import_url b/doc/functions/gnutls_pubkey_import_url new file mode 100644 index 0000000..57fbb72 --- /dev/null +++ b/doc/functions/gnutls_pubkey_import_url @@ -0,0 +1,18 @@ + + + + +@deftypefun {int} {gnutls_pubkey_import_url} (gnutls_pubkey_t @var{key}, const char * @var{url}, unsigned int @var{flags}) +@var{key}: A key of type @code{gnutls_pubkey_t} + +@var{url}: A PKCS 11 url + +@var{flags}: One of GNUTLS_PKCS11_OBJ_* flags + +This function will import a public key from the provided URL. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.1.0 +@end deftypefun diff --git a/doc/functions/gnutls_pubkey_import_url.short b/doc/functions/gnutls_pubkey_import_url.short new file mode 100644 index 0000000..5bbdf14 --- /dev/null +++ b/doc/functions/gnutls_pubkey_import_url.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pubkey_import_url} (gnutls_pubkey_t @var{key}, const char * @var{url}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_pubkey_import_x509 b/doc/functions/gnutls_pubkey_import_x509 new file mode 100644 index 0000000..3302270 --- /dev/null +++ b/doc/functions/gnutls_pubkey_import_x509 @@ -0,0 +1,19 @@ + + + + +@deftypefun {int} {gnutls_pubkey_import_x509} (gnutls_pubkey_t @var{key}, gnutls_x509_crt_t @var{crt}, unsigned int @var{flags}) +@var{key}: The public key + +@var{crt}: The certificate to be imported + +@var{flags}: should be zero + +This function will import the given public key to the abstract +@code{gnutls_pubkey_t} type. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 2.12.0 +@end deftypefun diff --git a/doc/functions/gnutls_pubkey_import_x509.short b/doc/functions/gnutls_pubkey_import_x509.short new file mode 100644 index 0000000..55c1f18 --- /dev/null +++ b/doc/functions/gnutls_pubkey_import_x509.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pubkey_import_x509} (gnutls_pubkey_t @var{key}, gnutls_x509_crt_t @var{crt}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_pubkey_import_x509_crq b/doc/functions/gnutls_pubkey_import_x509_crq new file mode 100644 index 0000000..8c95cf5 --- /dev/null +++ b/doc/functions/gnutls_pubkey_import_x509_crq @@ -0,0 +1,19 @@ + + + + +@deftypefun {int} {gnutls_pubkey_import_x509_crq} (gnutls_pubkey_t @var{key}, gnutls_x509_crq_t @var{crq}, unsigned int @var{flags}) +@var{key}: The public key + +@var{crq}: The certificate to be imported + +@var{flags}: should be zero + +This function will import the given public key to the abstract +@code{gnutls_pubkey_t} type. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.1.5 +@end deftypefun diff --git a/doc/functions/gnutls_pubkey_import_x509_crq.short b/doc/functions/gnutls_pubkey_import_x509_crq.short new file mode 100644 index 0000000..b803c8e --- /dev/null +++ b/doc/functions/gnutls_pubkey_import_x509_crq.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pubkey_import_x509_crq} (gnutls_pubkey_t @var{key}, gnutls_x509_crq_t @var{crq}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_pubkey_import_x509_raw b/doc/functions/gnutls_pubkey_import_x509_raw new file mode 100644 index 0000000..7f5b6ff --- /dev/null +++ b/doc/functions/gnutls_pubkey_import_x509_raw @@ -0,0 +1,21 @@ + + + + +@deftypefun {int} {gnutls_pubkey_import_x509_raw} (gnutls_pubkey_t @var{pkey}, const gnutls_datum_t * @var{data}, gnutls_x509_crt_fmt_t @var{format}, unsigned int @var{flags}) +@var{pkey}: The public key + +@var{data}: The public key data to be imported + +@var{format}: The format of the public key + +@var{flags}: should be zero + +This function will import the given public key to the abstract +@code{gnutls_pubkey_t} type. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.1.3 +@end deftypefun diff --git a/doc/functions/gnutls_pubkey_import_x509_raw.short b/doc/functions/gnutls_pubkey_import_x509_raw.short new file mode 100644 index 0000000..ed00106 --- /dev/null +++ b/doc/functions/gnutls_pubkey_import_x509_raw.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pubkey_import_x509_raw} (gnutls_pubkey_t @var{pkey}, const gnutls_datum_t * @var{data}, gnutls_x509_crt_fmt_t @var{format}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_pubkey_init b/doc/functions/gnutls_pubkey_init new file mode 100644 index 0000000..6fbf3e3 --- /dev/null +++ b/doc/functions/gnutls_pubkey_init @@ -0,0 +1,14 @@ + + + + +@deftypefun {int} {gnutls_pubkey_init} (gnutls_pubkey_t * @var{key}) +@var{key}: A pointer to the type to be initialized + +This function will initialize a public key. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 2.12.0 +@end deftypefun diff --git a/doc/functions/gnutls_pubkey_init.short b/doc/functions/gnutls_pubkey_init.short new file mode 100644 index 0000000..f998595 --- /dev/null +++ b/doc/functions/gnutls_pubkey_init.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pubkey_init} (gnutls_pubkey_t * @var{key}) diff --git a/doc/functions/gnutls_pubkey_print b/doc/functions/gnutls_pubkey_print new file mode 100644 index 0000000..7f6e1f6 --- /dev/null +++ b/doc/functions/gnutls_pubkey_print @@ -0,0 +1,24 @@ + + + + +@deftypefun {int} {gnutls_pubkey_print} (gnutls_pubkey_t @var{pubkey}, gnutls_certificate_print_formats_t @var{format}, gnutls_datum_t * @var{out}) +@var{pubkey}: The data to be printed + +@var{format}: Indicate the format to use + +@var{out}: Newly allocated datum with null terminated string. + +This function will pretty print public key information, suitable for +display to a human. + +Only @code{GNUTLS_CRT_PRINT_FULL} and @code{GNUTLS_CRT_PRINT_FULL_NUMBERS} +are implemented. + +The output @code{out} needs to be deallocated using @code{gnutls_free()} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.1.5 +@end deftypefun diff --git a/doc/functions/gnutls_pubkey_print.short b/doc/functions/gnutls_pubkey_print.short new file mode 100644 index 0000000..217e8e9 --- /dev/null +++ b/doc/functions/gnutls_pubkey_print.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pubkey_print} (gnutls_pubkey_t @var{pubkey}, gnutls_certificate_print_formats_t @var{format}, gnutls_datum_t * @var{out}) diff --git a/doc/functions/gnutls_pubkey_set_key_usage b/doc/functions/gnutls_pubkey_set_key_usage new file mode 100644 index 0000000..b5c6373 --- /dev/null +++ b/doc/functions/gnutls_pubkey_set_key_usage @@ -0,0 +1,18 @@ + + + + +@deftypefun {int} {gnutls_pubkey_set_key_usage} (gnutls_pubkey_t @var{key}, unsigned int @var{usage}) +@var{key}: a certificate of type @code{gnutls_x509_crt_t} + +@var{usage}: an ORed sequence of the GNUTLS_KEY_* elements. + +This function will set the key usage flags of the public key. This +is only useful if the key is to be exported to a certificate or +certificate request. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 2.12.0 +@end deftypefun diff --git a/doc/functions/gnutls_pubkey_set_key_usage.short b/doc/functions/gnutls_pubkey_set_key_usage.short new file mode 100644 index 0000000..8ae65dd --- /dev/null +++ b/doc/functions/gnutls_pubkey_set_key_usage.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pubkey_set_key_usage} (gnutls_pubkey_t @var{key}, unsigned int @var{usage}) diff --git a/doc/functions/gnutls_pubkey_set_pin_function b/doc/functions/gnutls_pubkey_set_pin_function new file mode 100644 index 0000000..b1f50a2 --- /dev/null +++ b/doc/functions/gnutls_pubkey_set_pin_function @@ -0,0 +1,20 @@ + + + + +@deftypefun {void} {gnutls_pubkey_set_pin_function} (gnutls_pubkey_t @var{key}, gnutls_pin_callback_t @var{fn}, void * @var{userdata}) +@var{key}: A key of type @code{gnutls_pubkey_t} + +@var{fn}: the callback + +@var{userdata}: data associated with the callback + +This function will set a callback function to be used when +required to access the object. This function overrides any other +global PIN functions. + +Note that this function must be called right after initialization +to have effect. + +@strong{Since:} 3.1.0 +@end deftypefun diff --git a/doc/functions/gnutls_pubkey_set_pin_function.short b/doc/functions/gnutls_pubkey_set_pin_function.short new file mode 100644 index 0000000..06a91c6 --- /dev/null +++ b/doc/functions/gnutls_pubkey_set_pin_function.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_pubkey_set_pin_function} (gnutls_pubkey_t @var{key}, gnutls_pin_callback_t @var{fn}, void * @var{userdata}) diff --git a/doc/functions/gnutls_pubkey_set_spki b/doc/functions/gnutls_pubkey_set_spki new file mode 100644 index 0000000..3be4775 --- /dev/null +++ b/doc/functions/gnutls_pubkey_set_spki @@ -0,0 +1,19 @@ + + + + +@deftypefun {int} {gnutls_pubkey_set_spki} (gnutls_pubkey_t @var{pubkey}, const gnutls_x509_spki_t @var{spki}, unsigned int @var{flags}) +@var{pubkey}: a public key of type @code{gnutls_pubkey_t} + +@var{spki}: a SubjectPublicKeyInfo structure of type @code{gnutls_pubkey_spki_t} + +@var{flags}: must be zero + +This function will set the public key information. +The provided @code{spki} must be initialized. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.6.0 +@end deftypefun diff --git a/doc/functions/gnutls_pubkey_set_spki.short b/doc/functions/gnutls_pubkey_set_spki.short new file mode 100644 index 0000000..d9c918e --- /dev/null +++ b/doc/functions/gnutls_pubkey_set_spki.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pubkey_set_spki} (gnutls_pubkey_t @var{pubkey}, const gnutls_x509_spki_t @var{spki}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_pubkey_verify_data2 b/doc/functions/gnutls_pubkey_verify_data2 new file mode 100644 index 0000000..030fb45 --- /dev/null +++ b/doc/functions/gnutls_pubkey_verify_data2 @@ -0,0 +1,25 @@ + + + + +@deftypefun {int} {gnutls_pubkey_verify_data2} (gnutls_pubkey_t @var{pubkey}, gnutls_sign_algorithm_t @var{algo}, unsigned int @var{flags}, const gnutls_datum_t * @var{data}, const gnutls_datum_t * @var{signature}) +@var{pubkey}: Holds the public key + +@var{algo}: The signature algorithm used + +@var{flags}: Zero or an OR list of @code{gnutls_certificate_verify_flags} + +@var{data}: holds the signed data + +@var{signature}: contains the signature + +This function will verify the given signed data, using the +parameters from the certificate. + +@strong{Returns:} In case of a verification failure @code{GNUTLS_E_PK_SIG_VERIFY_FAILED} +is returned, and zero or positive code on success. For known to be insecure +signatures this function will return @code{GNUTLS_E_INSUFFICIENT_SECURITY} unless +the flag @code{GNUTLS_VERIFY_ALLOW_BROKEN} is specified. + +@strong{Since:} 3.0 +@end deftypefun diff --git a/doc/functions/gnutls_pubkey_verify_data2.short b/doc/functions/gnutls_pubkey_verify_data2.short new file mode 100644 index 0000000..9786ee7 --- /dev/null +++ b/doc/functions/gnutls_pubkey_verify_data2.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pubkey_verify_data2} (gnutls_pubkey_t @var{pubkey}, gnutls_sign_algorithm_t @var{algo}, unsigned int @var{flags}, const gnutls_datum_t * @var{data}, const gnutls_datum_t * @var{signature}) diff --git a/doc/functions/gnutls_pubkey_verify_hash2 b/doc/functions/gnutls_pubkey_verify_hash2 new file mode 100644 index 0000000..ca80cc2 --- /dev/null +++ b/doc/functions/gnutls_pubkey_verify_hash2 @@ -0,0 +1,27 @@ + + + + +@deftypefun {int} {gnutls_pubkey_verify_hash2} (gnutls_pubkey_t @var{key}, gnutls_sign_algorithm_t @var{algo}, unsigned int @var{flags}, const gnutls_datum_t * @var{hash}, const gnutls_datum_t * @var{signature}) +@var{key}: Holds the public key + +@var{algo}: The signature algorithm used + +@var{flags}: Zero or an OR list of @code{gnutls_certificate_verify_flags} + +@var{hash}: holds the hash digest to be verified + +@var{signature}: contains the signature + +This function will verify the given signed digest, using the +parameters from the public key. Note that unlike @code{gnutls_privkey_sign_hash()} , +this function accepts a signature algorithm instead of a digest algorithm. +You can use @code{gnutls_pk_to_sign()} to get the appropriate value. + +@strong{Returns:} In case of a verification failure @code{GNUTLS_E_PK_SIG_VERIFY_FAILED} +is returned, and zero or positive code on success. For known to be insecure +signatures this function will return @code{GNUTLS_E_INSUFFICIENT_SECURITY} unless +the flag @code{GNUTLS_VERIFY_ALLOW_BROKEN} is specified. + +@strong{Since:} 3.0 +@end deftypefun diff --git a/doc/functions/gnutls_pubkey_verify_hash2.short b/doc/functions/gnutls_pubkey_verify_hash2.short new file mode 100644 index 0000000..632f0c8 --- /dev/null +++ b/doc/functions/gnutls_pubkey_verify_hash2.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pubkey_verify_hash2} (gnutls_pubkey_t @var{key}, gnutls_sign_algorithm_t @var{algo}, unsigned int @var{flags}, const gnutls_datum_t * @var{hash}, const gnutls_datum_t * @var{signature}) diff --git a/doc/functions/gnutls_pubkey_verify_params b/doc/functions/gnutls_pubkey_verify_params new file mode 100644 index 0000000..04af3cb --- /dev/null +++ b/doc/functions/gnutls_pubkey_verify_params @@ -0,0 +1,14 @@ + + + + +@deftypefun {int} {gnutls_pubkey_verify_params} (gnutls_pubkey_t @var{key}) +@var{key}: should contain a @code{gnutls_pubkey_t} type + +This function will verify the public key parameters. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.3.0 +@end deftypefun diff --git a/doc/functions/gnutls_pubkey_verify_params.short b/doc/functions/gnutls_pubkey_verify_params.short new file mode 100644 index 0000000..063403e --- /dev/null +++ b/doc/functions/gnutls_pubkey_verify_params.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_pubkey_verify_params} (gnutls_pubkey_t @var{key}) diff --git a/doc/functions/gnutls_random_art b/doc/functions/gnutls_random_art new file mode 100644 index 0000000..9f85422 --- /dev/null +++ b/doc/functions/gnutls_random_art @@ -0,0 +1,24 @@ + + + + +@deftypefun {int} {gnutls_random_art} (gnutls_random_art_t @var{type}, const char * @var{key_type}, unsigned int @var{key_size}, void * @var{fpr}, size_t @var{fpr_size}, gnutls_datum_t * @var{art}) +@var{type}: The type of the random art (for now only @code{GNUTLS_RANDOM_ART_OPENSSH} is supported) + +@var{key_type}: The type of the key (RSA, DSA etc.) + +@var{key_size}: The size of the key in bits + +@var{fpr}: The fingerprint of the key + +@var{fpr_size}: The size of the fingerprint + +@var{art}: The returned random art + +This function will convert a given fingerprint to an "artistic" +image. The returned image is allocated using @code{gnutls_malloc()} , is +null-terminated but art->size will not account the terminating null. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise +an error code is returned. +@end deftypefun diff --git a/doc/functions/gnutls_random_art.short b/doc/functions/gnutls_random_art.short new file mode 100644 index 0000000..64b51aa --- /dev/null +++ b/doc/functions/gnutls_random_art.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_random_art} (gnutls_random_art_t @var{type}, const char * @var{key_type}, unsigned int @var{key_size}, void * @var{fpr}, size_t @var{fpr_size}, gnutls_datum_t * @var{art}) diff --git a/doc/functions/gnutls_range_split b/doc/functions/gnutls_range_split new file mode 100644 index 0000000..6f701a1 --- /dev/null +++ b/doc/functions/gnutls_range_split @@ -0,0 +1,23 @@ + + + + +@deftypefun {int} {gnutls_range_split} (gnutls_session_t @var{session}, const gnutls_range_st * @var{orig}, gnutls_range_st * @var{next}, gnutls_range_st * @var{remainder}) +@var{session}: is a @code{gnutls_session_t} type + +@var{orig}: is the original range provided by the user + +@var{next}: is the returned range that can be conveyed in a TLS record + +@var{remainder}: is the returned remaining range + +This function should be used when it is required to hide the length +of very long data that cannot be directly provided to @code{gnutls_record_send_range()} . +In that case this function should be called with the desired length +hiding range in @code{orig} . The returned @code{next} value should then be used in +the next call to @code{gnutls_record_send_range()} with the partial data. +That process should be repeated until @code{remainder} is (0,0). + +@strong{Returns:} 0 in case splitting succeeds, non zero in case of error. +Note that @code{orig} is not changed, while the values of @code{next} and @code{remainder} are modified to store the resulting values. +@end deftypefun diff --git a/doc/functions/gnutls_range_split.short b/doc/functions/gnutls_range_split.short new file mode 100644 index 0000000..4dcaa42 --- /dev/null +++ b/doc/functions/gnutls_range_split.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_range_split} (gnutls_session_t @var{session}, const gnutls_range_st * @var{orig}, gnutls_range_st * @var{next}, gnutls_range_st * @var{remainder}) diff --git a/doc/functions/gnutls_reauth b/doc/functions/gnutls_reauth new file mode 100644 index 0000000..151af70 --- /dev/null +++ b/doc/functions/gnutls_reauth @@ -0,0 +1,42 @@ + + + + +@deftypefun {int} {gnutls_reauth} (gnutls_session_t @var{session}, unsigned int @var{flags}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{flags}: must be zero + +This function performs the post-handshake authentication +for TLS 1.3. The post-handshake authentication is initiated by the server +by calling this function. Clients respond when @code{GNUTLS_E_REAUTH_REQUEST} +has been seen while receiving data. + +The non-fatal errors expected by this function are: +@code{GNUTLS_E_INTERRUPTED} , @code{GNUTLS_E_AGAIN} , as well as +@code{GNUTLS_E_GOT_APPLICATION_DATA} when called on server side. + +The former two interrupt the authentication procedure due to the transport +layer being interrupted, and the latter because there were pending data prior +to peer initiating the re-authentication. The server should read/process that +data as unauthenticated and retry calling @code{gnutls_reauth()} . + +When this function is called under TLS1.2 or earlier or the peer didn't +advertise post-handshake auth, it always fails with +@code{GNUTLS_E_INVALID_REQUEST} . The verification of the received peers certificate +is delegated to the session or credentials verification callbacks. A +server can check whether post handshake authentication is supported +by the client by checking the session flags with @code{gnutls_session_get_flags()} . + +Prior to calling this function in server side, the function +@code{gnutls_certificate_server_set_request()} must be called setting expectations +for the received certificate (request or require). If none are set +this function will return with @code{GNUTLS_E_INVALID_REQUEST} . + +Note that post handshake authentication is available irrespective +of the initial negotiation type (PSK or certificate). In all cases +however, certificate credentials must be set to the session prior +to calling this function. + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on a successful authentication, otherwise a negative error code. +@end deftypefun diff --git a/doc/functions/gnutls_reauth.short b/doc/functions/gnutls_reauth.short new file mode 100644 index 0000000..6b54ac0 --- /dev/null +++ b/doc/functions/gnutls_reauth.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_reauth} (gnutls_session_t @var{session}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_record_can_use_length_hiding b/doc/functions/gnutls_record_can_use_length_hiding new file mode 100644 index 0000000..97f31b7 --- /dev/null +++ b/doc/functions/gnutls_record_can_use_length_hiding @@ -0,0 +1,18 @@ + + + + +@deftypefun {unsigned} {gnutls_record_can_use_length_hiding} (gnutls_session_t @var{session}) +@var{session}: is a @code{gnutls_session_t} type. + +If the session supports length-hiding padding, you can +invoke @code{gnutls_record_send_range()} to send a message whose +length is hidden in the given range. If the session does not +support length hiding padding, you can use the standard +@code{gnutls_record_send()} function, or @code{gnutls_record_send_range()} +making sure that the range is the same as the length of the +message you are trying to send. + +@strong{Returns:} true (1) if the current session supports length-hiding +padding, false (0) if the current session does not. +@end deftypefun diff --git a/doc/functions/gnutls_record_can_use_length_hiding.short b/doc/functions/gnutls_record_can_use_length_hiding.short new file mode 100644 index 0000000..d19b8a9 --- /dev/null +++ b/doc/functions/gnutls_record_can_use_length_hiding.short @@ -0,0 +1 @@ +@item @var{unsigned} @ref{gnutls_record_can_use_length_hiding} (gnutls_session_t @var{session}) diff --git a/doc/functions/gnutls_record_check_corked b/doc/functions/gnutls_record_check_corked new file mode 100644 index 0000000..cd9ca0a --- /dev/null +++ b/doc/functions/gnutls_record_check_corked @@ -0,0 +1,14 @@ + + + + +@deftypefun {size_t} {gnutls_record_check_corked} (gnutls_session_t @var{session}) +@var{session}: is a @code{gnutls_session_t} type. + +This function checks if there pending corked +data in the gnutls buffers --see @code{gnutls_record_cork()} . + +@strong{Returns:} Returns the size of the corked data or zero. + +@strong{Since:} 3.2.8 +@end deftypefun diff --git a/doc/functions/gnutls_record_check_corked.short b/doc/functions/gnutls_record_check_corked.short new file mode 100644 index 0000000..d33b0e4 --- /dev/null +++ b/doc/functions/gnutls_record_check_corked.short @@ -0,0 +1 @@ +@item @var{size_t} @ref{gnutls_record_check_corked} (gnutls_session_t @var{session}) diff --git a/doc/functions/gnutls_record_check_pending b/doc/functions/gnutls_record_check_pending new file mode 100644 index 0000000..35c9e94 --- /dev/null +++ b/doc/functions/gnutls_record_check_pending @@ -0,0 +1,14 @@ + + + + +@deftypefun {size_t} {gnutls_record_check_pending} (gnutls_session_t @var{session}) +@var{session}: is a @code{gnutls_session_t} type. + +This function checks if there are unread data +in the gnutls buffers. If the return value is +non-zero the next call to @code{gnutls_record_recv()} +is guaranteed not to block. + +@strong{Returns:} Returns the size of the data or zero. +@end deftypefun diff --git a/doc/functions/gnutls_record_check_pending.short b/doc/functions/gnutls_record_check_pending.short new file mode 100644 index 0000000..ccceb41 --- /dev/null +++ b/doc/functions/gnutls_record_check_pending.short @@ -0,0 +1 @@ +@item @var{size_t} @ref{gnutls_record_check_pending} (gnutls_session_t @var{session}) diff --git a/doc/functions/gnutls_record_cork b/doc/functions/gnutls_record_cork new file mode 100644 index 0000000..e0c0ba0 --- /dev/null +++ b/doc/functions/gnutls_record_cork @@ -0,0 +1,14 @@ + + + + +@deftypefun {void} {gnutls_record_cork} (gnutls_session_t @var{session}) +@var{session}: is a @code{gnutls_session_t} type. + +If called, @code{gnutls_record_send()} will no longer send any records. +Any sent records will be cached until @code{gnutls_record_uncork()} is called. + +This function is safe to use with DTLS after GnuTLS 3.3.0. + +@strong{Since:} 3.1.9 +@end deftypefun diff --git a/doc/functions/gnutls_record_cork.short b/doc/functions/gnutls_record_cork.short new file mode 100644 index 0000000..ebbf9fb --- /dev/null +++ b/doc/functions/gnutls_record_cork.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_record_cork} (gnutls_session_t @var{session}) diff --git a/doc/functions/gnutls_record_disable_padding b/doc/functions/gnutls_record_disable_padding new file mode 100644 index 0000000..efb5090 --- /dev/null +++ b/doc/functions/gnutls_record_disable_padding @@ -0,0 +1,15 @@ + + + + +@deftypefun {void} {gnutls_record_disable_padding} (gnutls_session_t @var{session}) +@var{session}: is a @code{gnutls_session_t} type. + +Used to disabled padding in TLS 1.0 and above. Normally you do not +need to use this function, but there are buggy clients that +complain if a server pads the encrypted data. This of course will +disable protection against statistical attacks on the data. + +This function is defunct since 3.1.7. Random padding is disabled +by default unless requested using @code{gnutls_record_send_range()} . +@end deftypefun diff --git a/doc/functions/gnutls_record_disable_padding.short b/doc/functions/gnutls_record_disable_padding.short new file mode 100644 index 0000000..8b980f4 --- /dev/null +++ b/doc/functions/gnutls_record_disable_padding.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_record_disable_padding} (gnutls_session_t @var{session}) diff --git a/doc/functions/gnutls_record_discard_queued b/doc/functions/gnutls_record_discard_queued new file mode 100644 index 0000000..03911ce --- /dev/null +++ b/doc/functions/gnutls_record_discard_queued @@ -0,0 +1,14 @@ + + + + +@deftypefun {size_t} {gnutls_record_discard_queued} (gnutls_session_t @var{session}) +@var{session}: is a @code{gnutls_session_t} type. + +This function discards all queued to be sent packets in a TLS or DTLS session. +These are the packets queued after an interrupted @code{gnutls_record_send()} . + +@strong{Returns:} The number of bytes discarded. + +@strong{Since:} 3.4.0 +@end deftypefun diff --git a/doc/functions/gnutls_record_discard_queued.short b/doc/functions/gnutls_record_discard_queued.short new file mode 100644 index 0000000..e4a5c14 --- /dev/null +++ b/doc/functions/gnutls_record_discard_queued.short @@ -0,0 +1 @@ +@item @var{size_t} @ref{gnutls_record_discard_queued} (gnutls_session_t @var{session}) diff --git a/doc/functions/gnutls_record_get_direction b/doc/functions/gnutls_record_get_direction new file mode 100644 index 0000000..6f8c802 --- /dev/null +++ b/doc/functions/gnutls_record_get_direction @@ -0,0 +1,22 @@ + + + + +@deftypefun {int} {gnutls_record_get_direction} (gnutls_session_t @var{session}) +@var{session}: is a @code{gnutls_session_t} type. + +This function is useful to determine whether a GnuTLS function was interrupted +while sending or receiving, so that @code{select()} or @code{poll()} may be called appropriately. + +It provides information about the internals of the record +protocol and is only useful if a prior gnutls function call, +e.g. @code{gnutls_handshake()} , was interrupted and returned +@code{GNUTLS_E_INTERRUPTED} or @code{GNUTLS_E_AGAIN} . After such an interrupt +applications may call @code{select()} or @code{poll()} before restoring the +interrupted GnuTLS function. + +This function's output is unreliable if you are using the same + @code{session} in different threads for sending and receiving. + +@strong{Returns:} 0 if interrupted while trying to read data, or 1 while trying to write data. +@end deftypefun diff --git a/doc/functions/gnutls_record_get_direction.short b/doc/functions/gnutls_record_get_direction.short new file mode 100644 index 0000000..5e2a645 --- /dev/null +++ b/doc/functions/gnutls_record_get_direction.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_record_get_direction} (gnutls_session_t @var{session}) diff --git a/doc/functions/gnutls_record_get_discarded b/doc/functions/gnutls_record_get_discarded new file mode 100644 index 0000000..7a048c6 --- /dev/null +++ b/doc/functions/gnutls_record_get_discarded @@ -0,0 +1,14 @@ + + + + +@deftypefun {unsigned int} {gnutls_record_get_discarded} (gnutls_session_t @var{session}) +@var{session}: is a @code{gnutls_session_t} type. + +Returns the number of discarded packets in a +DTLS connection. + +@strong{Returns:} The number of discarded packets. + +@strong{Since:} 3.0 +@end deftypefun diff --git a/doc/functions/gnutls_record_get_discarded.short b/doc/functions/gnutls_record_get_discarded.short new file mode 100644 index 0000000..f0a9afc --- /dev/null +++ b/doc/functions/gnutls_record_get_discarded.short @@ -0,0 +1 @@ +@item @var{unsigned int} @ref{gnutls_record_get_discarded} (gnutls_session_t @var{session}) diff --git a/doc/functions/gnutls_record_get_max_early_data_size b/doc/functions/gnutls_record_get_max_early_data_size new file mode 100644 index 0000000..87d9794 --- /dev/null +++ b/doc/functions/gnutls_record_get_max_early_data_size @@ -0,0 +1,16 @@ + + + + +@deftypefun {size_t} {gnutls_record_get_max_early_data_size} (gnutls_session_t @var{session}) +@var{session}: is a @code{gnutls_session_t} type. + +This function returns the maximum early data size in this connection. +This property can only be set to servers. The client may be +provided with the maximum allowed size through the "early_data" +extension of the NewSessionTicket handshake message. + +@strong{Returns:} The maximum early data size in this connection. + +@strong{Since:} 3.6.5 +@end deftypefun diff --git a/doc/functions/gnutls_record_get_max_early_data_size.short b/doc/functions/gnutls_record_get_max_early_data_size.short new file mode 100644 index 0000000..d468ba8 --- /dev/null +++ b/doc/functions/gnutls_record_get_max_early_data_size.short @@ -0,0 +1 @@ +@item @var{size_t} @ref{gnutls_record_get_max_early_data_size} (gnutls_session_t @var{session}) diff --git a/doc/functions/gnutls_record_get_max_size b/doc/functions/gnutls_record_get_max_size new file mode 100644 index 0000000..89e4e6e --- /dev/null +++ b/doc/functions/gnutls_record_get_max_size @@ -0,0 +1,12 @@ + + + + +@deftypefun {size_t} {gnutls_record_get_max_size} (gnutls_session_t @var{session}) +@var{session}: is a @code{gnutls_session_t} type. + +Get the record size. The maximum record size is negotiated by the +client after the first handshake message. + +@strong{Returns:} The maximum record packet size in this connection. +@end deftypefun diff --git a/doc/functions/gnutls_record_get_max_size.short b/doc/functions/gnutls_record_get_max_size.short new file mode 100644 index 0000000..ecd3cd3 --- /dev/null +++ b/doc/functions/gnutls_record_get_max_size.short @@ -0,0 +1 @@ +@item @var{size_t} @ref{gnutls_record_get_max_size} (gnutls_session_t @var{session}) diff --git a/doc/functions/gnutls_record_get_state b/doc/functions/gnutls_record_get_state new file mode 100644 index 0000000..19c0f0c --- /dev/null +++ b/doc/functions/gnutls_record_get_state @@ -0,0 +1,28 @@ + + + + +@deftypefun {int} {gnutls_record_get_state} (gnutls_session_t @var{session}, unsigned @var{read}, gnutls_datum_t * @var{mac_key}, gnutls_datum_t * @var{IV}, gnutls_datum_t * @var{cipher_key}, unsigned char [8] @var{seq_number}) +@var{session}: is a @code{gnutls_session_t} type + +@var{read}: if non-zero the read parameters are returned, otherwise the write + +@var{mac_key}: the key used for MAC (if a MAC is used) + +@var{IV}: the initialization vector or nonce used + +@var{cipher_key}: the cipher key + +@var{seq_number}: A 64-bit sequence number + +This function will return the parameters of the current record state. +These are only useful to be provided to an external off-loading device +or subsystem. The returned values should be considered constant +and valid for the lifetime of the session. + +In that case, to sync the state back you must call @code{gnutls_record_set_state()} . + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, or an error code. + +Since 3.4.0 +@end deftypefun diff --git a/doc/functions/gnutls_record_get_state.short b/doc/functions/gnutls_record_get_state.short new file mode 100644 index 0000000..c49d767 --- /dev/null +++ b/doc/functions/gnutls_record_get_state.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_record_get_state} (gnutls_session_t @var{session}, unsigned @var{read}, gnutls_datum_t * @var{mac_key}, gnutls_datum_t * @var{IV}, gnutls_datum_t * @var{cipher_key}, unsigned char [8] @var{seq_number}) diff --git a/doc/functions/gnutls_record_overhead_size b/doc/functions/gnutls_record_overhead_size new file mode 100644 index 0000000..0def077 --- /dev/null +++ b/doc/functions/gnutls_record_overhead_size @@ -0,0 +1,14 @@ + + + + +@deftypefun {size_t} {gnutls_record_overhead_size} (gnutls_session_t @var{session}) +@var{session}: is @code{gnutls_session_t} + +This function will return the size in bytes of the overhead +due to TLS (or DTLS) per record. On certain occasions +(e.g., CBC ciphers) the returned value is the maximum +possible overhead. + +@strong{Since:} 3.2.2 +@end deftypefun diff --git a/doc/functions/gnutls_record_overhead_size.short b/doc/functions/gnutls_record_overhead_size.short new file mode 100644 index 0000000..57e878a --- /dev/null +++ b/doc/functions/gnutls_record_overhead_size.short @@ -0,0 +1 @@ +@item @var{size_t} @ref{gnutls_record_overhead_size} (gnutls_session_t @var{session}) diff --git a/doc/functions/gnutls_record_recv b/doc/functions/gnutls_record_recv new file mode 100644 index 0000000..663a103 --- /dev/null +++ b/doc/functions/gnutls_record_recv @@ -0,0 +1,31 @@ + + + + +@deftypefun {ssize_t} {gnutls_record_recv} (gnutls_session_t @var{session}, void * @var{data}, size_t @var{data_size}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{data}: the buffer that the data will be read into + +@var{data_size}: the number of requested bytes + +This function has the similar semantics with @code{recv()} . The only +difference is that it accepts a GnuTLS session, and uses different +error codes. +In the special case that the peer requests a renegotiation, the +caller will receive an error code of @code{GNUTLS_E_REHANDSHAKE} . In case +of a client, this message may be simply ignored, replied with an alert +@code{GNUTLS_A_NO_RENEGOTIATION} , or replied with a new handshake, +depending on the client's will. A server receiving this error code +can only initiate a new handshake or terminate the session. + +If @code{EINTR} is returned by the internal pull function (the default +is @code{recv()} ) then @code{GNUTLS_E_INTERRUPTED} will be returned. If +@code{GNUTLS_E_INTERRUPTED} or @code{GNUTLS_E_AGAIN} is returned, you must +call this function again to get the data. See also +@code{gnutls_record_get_direction()} . + +@strong{Returns:} The number of bytes received and zero on EOF (for stream +connections). A negative error code is returned in case of an error. +The number of bytes received might be less than the requested @code{data_size} . +@end deftypefun diff --git a/doc/functions/gnutls_record_recv.short b/doc/functions/gnutls_record_recv.short new file mode 100644 index 0000000..abde599 --- /dev/null +++ b/doc/functions/gnutls_record_recv.short @@ -0,0 +1 @@ +@item @var{ssize_t} @ref{gnutls_record_recv} (gnutls_session_t @var{session}, void * @var{data}, size_t @var{data_size}) diff --git a/doc/functions/gnutls_record_recv_early_data b/doc/functions/gnutls_record_recv_early_data new file mode 100644 index 0000000..5848889 --- /dev/null +++ b/doc/functions/gnutls_record_recv_early_data @@ -0,0 +1,28 @@ + + + + +@deftypefun {ssize_t} {gnutls_record_recv_early_data} (gnutls_session_t @var{session}, void * @var{data}, size_t @var{data_size}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{data}: the buffer that the data will be read into + +@var{data_size}: the number of requested bytes + +This function can be used by a searver to retrieve data sent early +in the handshake processes when resuming a session. This is used +to implement a zero-roundtrip (0-RTT) mode. It has the same +semantics as @code{gnutls_record_recv()} . + +This function can be called either in a handshake hook, or after +the handshake is complete. + +@strong{Returns:} The number of bytes received and zero when early data +reading is complete. A negative error code is returned in case of +an error. If no early data is received during the handshake, this +function returns @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} . The +number of bytes received might be less than the requested + @code{data_size} . + +@strong{Since:} 3.6.5 +@end deftypefun diff --git a/doc/functions/gnutls_record_recv_early_data.short b/doc/functions/gnutls_record_recv_early_data.short new file mode 100644 index 0000000..625bfa6 --- /dev/null +++ b/doc/functions/gnutls_record_recv_early_data.short @@ -0,0 +1 @@ +@item @var{ssize_t} @ref{gnutls_record_recv_early_data} (gnutls_session_t @var{session}, void * @var{data}, size_t @var{data_size}) diff --git a/doc/functions/gnutls_record_recv_packet b/doc/functions/gnutls_record_recv_packet new file mode 100644 index 0000000..31bb870 --- /dev/null +++ b/doc/functions/gnutls_record_recv_packet @@ -0,0 +1,23 @@ + + + + +@deftypefun {ssize_t} {gnutls_record_recv_packet} (gnutls_session_t @var{session}, gnutls_packet_t * @var{packet}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{packet}: the structure that will hold the packet data + +This is a lower-level function than @code{gnutls_record_recv()} and allows +to directly receive the whole decrypted packet. That avoids a +memory copy, and is intended to be used by applications seeking high +performance. + +The received packet is accessed using @code{gnutls_packet_get()} and +must be deinitialized using @code{gnutls_packet_deinit()} . The returned +packet will be @code{NULL} if the return value is zero (EOF). + +@strong{Returns:} The number of bytes received and zero on EOF (for stream +connections). A negative error code is returned in case of an error. + +@strong{Since:} 3.3.5 +@end deftypefun diff --git a/doc/functions/gnutls_record_recv_packet.short b/doc/functions/gnutls_record_recv_packet.short new file mode 100644 index 0000000..e3a96a8 --- /dev/null +++ b/doc/functions/gnutls_record_recv_packet.short @@ -0,0 +1 @@ +@item @var{ssize_t} @ref{gnutls_record_recv_packet} (gnutls_session_t @var{session}, gnutls_packet_t * @var{packet}) diff --git a/doc/functions/gnutls_record_recv_seq b/doc/functions/gnutls_record_recv_seq new file mode 100644 index 0000000..8d11a02 --- /dev/null +++ b/doc/functions/gnutls_record_recv_seq @@ -0,0 +1,26 @@ + + + + +@deftypefun {ssize_t} {gnutls_record_recv_seq} (gnutls_session_t @var{session}, void * @var{data}, size_t @var{data_size}, unsigned char * @var{seq}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{data}: the buffer that the data will be read into + +@var{data_size}: the number of requested bytes + +@var{seq}: is the packet's 64-bit sequence number. Should have space for 8 bytes. + +This function is the same as @code{gnutls_record_recv()} , except that +it returns in addition to data, the sequence number of the data. +This is useful in DTLS where record packets might be received +out-of-order. The returned 8-byte sequence number is an +integer in big-endian format and should be +treated as a unique message identification. + +@strong{Returns:} The number of bytes received and zero on EOF. A negative +error code is returned in case of an error. The number of bytes +received might be less than @code{data_size} . + +@strong{Since:} 3.0 +@end deftypefun diff --git a/doc/functions/gnutls_record_recv_seq.short b/doc/functions/gnutls_record_recv_seq.short new file mode 100644 index 0000000..2f04363 --- /dev/null +++ b/doc/functions/gnutls_record_recv_seq.short @@ -0,0 +1 @@ +@item @var{ssize_t} @ref{gnutls_record_recv_seq} (gnutls_session_t @var{session}, void * @var{data}, size_t @var{data_size}, unsigned char * @var{seq}) diff --git a/doc/functions/gnutls_record_send b/doc/functions/gnutls_record_send new file mode 100644 index 0000000..005f7a9 --- /dev/null +++ b/doc/functions/gnutls_record_send @@ -0,0 +1,40 @@ + + + + +@deftypefun {ssize_t} {gnutls_record_send} (gnutls_session_t @var{session}, const void * @var{data}, size_t @var{data_size}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{data}: contains the data to send + +@var{data_size}: is the length of the data + +This function has the similar semantics with @code{send()} . The only +difference is that it accepts a GnuTLS session, and uses different +error codes. +Note that if the send buffer is full, @code{send()} will block this +function. See the @code{send()} documentation for more information. + +You can replace the default push function which is @code{send()} , by using +@code{gnutls_transport_set_push_function()} . + +If the EINTR is returned by the internal push function +then @code{GNUTLS_E_INTERRUPTED} will be returned. If +@code{GNUTLS_E_INTERRUPTED} or @code{GNUTLS_E_AGAIN} is returned, you must +call this function again, with the exact same parameters; alternatively +you could provide a @code{NULL} pointer for data, and 0 for +size. cf. @code{gnutls_record_get_direction()} . + +Note that in DTLS this function will return the @code{GNUTLS_E_LARGE_PACKET} +error code if the send data exceed the data MTU value - as returned +by @code{gnutls_dtls_get_data_mtu()} . The errno value EMSGSIZE +also maps to @code{GNUTLS_E_LARGE_PACKET} . +Note that since 3.2.13 this function can be called under cork in DTLS +mode, and will refuse to send data over the MTU size by returning +@code{GNUTLS_E_LARGE_PACKET} . + +@strong{Returns:} The number of bytes sent, or a negative error code. The +number of bytes sent might be less than @code{data_size} . The maximum +number of bytes this function can send in a single call depends +on the negotiated maximum record size. +@end deftypefun diff --git a/doc/functions/gnutls_record_send.short b/doc/functions/gnutls_record_send.short new file mode 100644 index 0000000..9b086aa --- /dev/null +++ b/doc/functions/gnutls_record_send.short @@ -0,0 +1 @@ +@item @var{ssize_t} @ref{gnutls_record_send} (gnutls_session_t @var{session}, const void * @var{data}, size_t @var{data_size}) diff --git a/doc/functions/gnutls_record_send2 b/doc/functions/gnutls_record_send2 new file mode 100644 index 0000000..1d7bf86 --- /dev/null +++ b/doc/functions/gnutls_record_send2 @@ -0,0 +1,31 @@ + + + + +@deftypefun {ssize_t} {gnutls_record_send2} (gnutls_session_t @var{session}, const void * @var{data}, size_t @var{data_size}, size_t @var{pad}, unsigned @var{flags}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{data}: contains the data to send + +@var{data_size}: is the length of the data + +@var{pad}: padding to be added to the record + +@var{flags}: must be zero + +This function is identical to @code{gnutls_record_send()} except that it +takes an extra argument to specify padding to be added the record. +To determine the maximum size of padding, use +@code{gnutls_record_get_max_size()} and @code{gnutls_record_overhead_size()} . + +Note that in order for GnuTLS to provide constant time processing +of padding and data in TLS1.3, the flag @code{GNUTLS_SAFE_PADDING_CHECK} +must be used in @code{gnutls_init()} . + +@strong{Returns:} The number of bytes sent, or a negative error code. The +number of bytes sent might be less than @code{data_size} . The maximum +number of bytes this function can send in a single call depends +on the negotiated maximum record size. + +@strong{Since:} 3.6.3 +@end deftypefun diff --git a/doc/functions/gnutls_record_send2.short b/doc/functions/gnutls_record_send2.short new file mode 100644 index 0000000..a185e0a --- /dev/null +++ b/doc/functions/gnutls_record_send2.short @@ -0,0 +1 @@ +@item @var{ssize_t} @ref{gnutls_record_send2} (gnutls_session_t @var{session}, const void * @var{data}, size_t @var{data_size}, size_t @var{pad}, unsigned @var{flags}) diff --git a/doc/functions/gnutls_record_send_early_data b/doc/functions/gnutls_record_send_early_data new file mode 100644 index 0000000..9e929fe --- /dev/null +++ b/doc/functions/gnutls_record_send_early_data @@ -0,0 +1,28 @@ + + + + +@deftypefun {ssize_t} {gnutls_record_send_early_data} (gnutls_session_t @var{session}, const void * @var{data}, size_t @var{data_size}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{data}: contains the data to send + +@var{data_size}: is the length of the data + +This function can be used by a client to send data early in the +handshake processes when resuming a session. This is used to +implement a zero-roundtrip (0-RTT) mode. It has the same semantics +as @code{gnutls_record_send()} . + +There may be a limit to the amount of data sent as early data. Use +@code{gnutls_record_get_max_early_data_size()} to check the limit. If the +limit exceeds, this function returns +@code{GNUTLS_E_RECORD_LIMIT_REACHED} . + +@strong{Returns:} The number of bytes sent, or a negative error code. The +number of bytes sent might be less than @code{data_size} . The maximum +number of bytes this function can send in a single call depends +on the negotiated maximum record size. + +@strong{Since:} 3.6.5 +@end deftypefun diff --git a/doc/functions/gnutls_record_send_early_data.short b/doc/functions/gnutls_record_send_early_data.short new file mode 100644 index 0000000..6b903ec --- /dev/null +++ b/doc/functions/gnutls_record_send_early_data.short @@ -0,0 +1 @@ +@item @var{ssize_t} @ref{gnutls_record_send_early_data} (gnutls_session_t @var{session}, const void * @var{data}, size_t @var{data_size}) diff --git a/doc/functions/gnutls_record_send_range b/doc/functions/gnutls_record_send_range new file mode 100644 index 0000000..209e525 --- /dev/null +++ b/doc/functions/gnutls_record_send_range @@ -0,0 +1,27 @@ + + + + +@deftypefun {ssize_t} {gnutls_record_send_range} (gnutls_session_t @var{session}, const void * @var{data}, size_t @var{data_size}, const gnutls_range_st * @var{range}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{data}: contains the data to send. + +@var{data_size}: is the length of the data. + +@var{range}: is the range of lengths in which the real data length must be hidden. + +This function operates like @code{gnutls_record_send()} but, while +@code{gnutls_record_send()} adds minimal padding to each TLS record, +this function uses the TLS extra-padding feature to conceal the real +data size within the range of lengths provided. +Some TLS sessions do not support extra padding (e.g. stream ciphers in standard +TLS or SSL3 sessions). To know whether the current session supports extra +padding, and hence length hiding, use the @code{gnutls_record_can_use_length_hiding()} +function. + +@strong{Note:} This function currently is limited to blocking sockets. + +@strong{Returns:} The number of bytes sent (that is data_size in a successful invocation), +or a negative error code. +@end deftypefun diff --git a/doc/functions/gnutls_record_send_range.short b/doc/functions/gnutls_record_send_range.short new file mode 100644 index 0000000..ae49dec --- /dev/null +++ b/doc/functions/gnutls_record_send_range.short @@ -0,0 +1 @@ +@item @var{ssize_t} @ref{gnutls_record_send_range} (gnutls_session_t @var{session}, const void * @var{data}, size_t @var{data_size}, const gnutls_range_st * @var{range}) diff --git a/doc/functions/gnutls_record_set_max_early_data_size b/doc/functions/gnutls_record_set_max_early_data_size new file mode 100644 index 0000000..f468056 --- /dev/null +++ b/doc/functions/gnutls_record_set_max_early_data_size @@ -0,0 +1,19 @@ + + + + +@deftypefun {int} {gnutls_record_set_max_early_data_size} (gnutls_session_t @var{session}, size_t @var{size}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{size}: is the new size + +This function sets the maximum early data size in this connection. +This property can only be set to servers. The client may be +provided with the maximum allowed size through the "early_data" +extension of the NewSessionTicket handshake message. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, +otherwise a negative error code is returned. + +@strong{Since:} 3.6.4 +@end deftypefun diff --git a/doc/functions/gnutls_record_set_max_early_data_size.short b/doc/functions/gnutls_record_set_max_early_data_size.short new file mode 100644 index 0000000..d18eb75 --- /dev/null +++ b/doc/functions/gnutls_record_set_max_early_data_size.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_record_set_max_early_data_size} (gnutls_session_t @var{session}, size_t @var{size}) diff --git a/doc/functions/gnutls_record_set_max_recv_size b/doc/functions/gnutls_record_set_max_recv_size new file mode 100644 index 0000000..806738e --- /dev/null +++ b/doc/functions/gnutls_record_set_max_recv_size @@ -0,0 +1,22 @@ + + + + +@deftypefun {ssize_t} {gnutls_record_set_max_recv_size} (gnutls_session_t @var{session}, size_t @var{size}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{size}: is the new size + +This function sets the maximum amount of plaintext received in a +record in this connection. + +The limit is also negotiated through a TLS extension called 'record +size limit'. Note that while the 'record size limit' extension is +preferred, not all TLS implementations use or even understand the +extension. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, +otherwise a negative error code is returned. + +@strong{Since:} 3.6.8 +@end deftypefun diff --git a/doc/functions/gnutls_record_set_max_recv_size.short b/doc/functions/gnutls_record_set_max_recv_size.short new file mode 100644 index 0000000..b8c0013 --- /dev/null +++ b/doc/functions/gnutls_record_set_max_recv_size.short @@ -0,0 +1 @@ +@item @var{ssize_t} @ref{gnutls_record_set_max_recv_size} (gnutls_session_t @var{session}, size_t @var{size}) diff --git a/doc/functions/gnutls_record_set_max_size b/doc/functions/gnutls_record_set_max_size new file mode 100644 index 0000000..b371784 --- /dev/null +++ b/doc/functions/gnutls_record_set_max_size @@ -0,0 +1,29 @@ + + + + +@deftypefun {ssize_t} {gnutls_record_set_max_size} (gnutls_session_t @var{session}, size_t @var{size}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{size}: is the new size + +This function sets the maximum amount of plaintext sent and +received in a record in this connection. + +Prior to 3.6.4, this function was implemented using a TLS extension +called 'max fragment length', which limits the acceptable values to +512(=2^9), 1024(=2^10), 2048(=2^11) and 4096(=2^12). + +Since 3.6.4, the limit is also negotiated through a new TLS +extension called 'record size limit', which doesn't have the +limitation, as long as the value ranges between 512 and 16384. +Note that while the 'record size limit' extension is preferred, not +all TLS implementations use or even understand the extension. + +@strong{Deprecated:} if the client can assume that the 'record size limit' +extension is supported by the server, we recommend using +@code{gnutls_record_set_max_recv_size()} instead. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, +otherwise a negative error code is returned. +@end deftypefun diff --git a/doc/functions/gnutls_record_set_max_size.short b/doc/functions/gnutls_record_set_max_size.short new file mode 100644 index 0000000..6b9a9e9 --- /dev/null +++ b/doc/functions/gnutls_record_set_max_size.short @@ -0,0 +1 @@ +@item @var{ssize_t} @ref{gnutls_record_set_max_size} (gnutls_session_t @var{session}, size_t @var{size}) diff --git a/doc/functions/gnutls_record_set_state b/doc/functions/gnutls_record_set_state new file mode 100644 index 0000000..65faaf8 --- /dev/null +++ b/doc/functions/gnutls_record_set_state @@ -0,0 +1,19 @@ + + + + +@deftypefun {int} {gnutls_record_set_state} (gnutls_session_t @var{session}, unsigned @var{read}, const unsigned char [8] @var{seq_number}) +@var{session}: is a @code{gnutls_session_t} type + +@var{read}: if non-zero the read parameters are returned, otherwise the write + +@var{seq_number}: A 64-bit sequence number + +This function will set the sequence number in the current record state. +This function is useful if sending and receiving are offloaded from +gnutls. That is, if @code{gnutls_record_get_state()} was used. + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, or an error code. + +Since 3.4.0 +@end deftypefun diff --git a/doc/functions/gnutls_record_set_state.short b/doc/functions/gnutls_record_set_state.short new file mode 100644 index 0000000..e6ddecc --- /dev/null +++ b/doc/functions/gnutls_record_set_state.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_record_set_state} (gnutls_session_t @var{session}, unsigned @var{read}, const unsigned char [8] @var{seq_number}) diff --git a/doc/functions/gnutls_record_set_timeout b/doc/functions/gnutls_record_set_timeout new file mode 100644 index 0000000..88702e8 --- /dev/null +++ b/doc/functions/gnutls_record_set_timeout @@ -0,0 +1,19 @@ + + + + +@deftypefun {void} {gnutls_record_set_timeout} (gnutls_session_t @var{session}, unsigned int @var{ms}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{ms}: is a timeout value in milliseconds + +This function sets the receive timeout for the record layer +to the provided value. Use an @code{ms} value of zero to disable +timeout (the default), or @code{GNUTLS_INDEFINITE_TIMEOUT} , to +set an indefinite timeout. + +This function requires to set a pull timeout callback. See +@code{gnutls_transport_set_pull_timeout_function()} . + +@strong{Since:} 3.1.7 +@end deftypefun diff --git a/doc/functions/gnutls_record_set_timeout.short b/doc/functions/gnutls_record_set_timeout.short new file mode 100644 index 0000000..a9f87e5 --- /dev/null +++ b/doc/functions/gnutls_record_set_timeout.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_record_set_timeout} (gnutls_session_t @var{session}, unsigned int @var{ms}) diff --git a/doc/functions/gnutls_record_uncork b/doc/functions/gnutls_record_uncork new file mode 100644 index 0000000..95caaa9 --- /dev/null +++ b/doc/functions/gnutls_record_uncork @@ -0,0 +1,25 @@ + + + + +@deftypefun {int} {gnutls_record_uncork} (gnutls_session_t @var{session}, unsigned int @var{flags}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{flags}: Could be zero or @code{GNUTLS_RECORD_WAIT} + +This resets the effect of @code{gnutls_record_cork()} , and flushes any pending +data. If the @code{GNUTLS_RECORD_WAIT} flag is specified then this +function will block until the data is sent or a fatal error +occurs (i.e., the function will retry on @code{GNUTLS_E_AGAIN} and +@code{GNUTLS_E_INTERRUPTED} ). + +If the flag @code{GNUTLS_RECORD_WAIT} is not specified and the function +is interrupted then the @code{GNUTLS_E_AGAIN} or @code{GNUTLS_E_INTERRUPTED} +errors will be returned. To obtain the data left in the corked +buffer use @code{gnutls_record_check_corked()} . + +@strong{Returns:} On success the number of transmitted data is returned, or +otherwise a negative error code. + +@strong{Since:} 3.1.9 +@end deftypefun diff --git a/doc/functions/gnutls_record_uncork.short b/doc/functions/gnutls_record_uncork.short new file mode 100644 index 0000000..ff5a263 --- /dev/null +++ b/doc/functions/gnutls_record_uncork.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_record_uncork} (gnutls_session_t @var{session}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_register_custom_url b/doc/functions/gnutls_register_custom_url new file mode 100644 index 0000000..9d69016 --- /dev/null +++ b/doc/functions/gnutls_register_custom_url @@ -0,0 +1,24 @@ + + + + +@deftypefun {int} {gnutls_register_custom_url} (const gnutls_custom_url_st * @var{st}) +@var{st}: A @code{gnutls_custom_url_st} structure + +Register a custom URL. This will affect the following functions: +@code{gnutls_url_is_supported()} , @code{gnutls_privkey_import_url()} , +gnutls_pubkey_import_url, @code{gnutls_x509_crt_import_url()} +and all functions that depend on +them, e.g., @code{gnutls_certificate_set_x509_key_file2()} . + +The provided structure and callback functions must be valid throughout +the lifetime of the process. The registration of an existing URL type +will fail with @code{GNUTLS_E_INVALID_REQUEST} . Since GnuTLS 3.5.0 this function +can be used to override the builtin URLs. + +This function is not thread safe. + +@strong{Returns:} returns zero if the given structure was imported or a negative value otherwise. + +@strong{Since:} 3.4.0 +@end deftypefun diff --git a/doc/functions/gnutls_register_custom_url.short b/doc/functions/gnutls_register_custom_url.short new file mode 100644 index 0000000..27096ec --- /dev/null +++ b/doc/functions/gnutls_register_custom_url.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_register_custom_url} (const gnutls_custom_url_st * @var{st}) diff --git a/doc/functions/gnutls_rehandshake b/doc/functions/gnutls_rehandshake new file mode 100644 index 0000000..70df3d9 --- /dev/null +++ b/doc/functions/gnutls_rehandshake @@ -0,0 +1,42 @@ + + + + +@deftypefun {int} {gnutls_rehandshake} (gnutls_session_t @var{session}) +@var{session}: is a @code{gnutls_session_t} type. + +This function can only be called in server side, and +instructs a TLS 1.2 or earlier client to renegotiate +parameters (perform a handshake), by sending a +hello request message. + +If this function succeeds, the calling application +should call @code{gnutls_record_recv()} until @code{GNUTLS_E_REHANDSHAKE} +is returned to clear any pending data. If the @code{GNUTLS_E_REHANDSHAKE} +error code is not seen, then the handshake request was +not followed by the peer (the TLS protocol does not require +the client to do, and such compliance should be handled +by the application protocol). + +Once the @code{GNUTLS_E_REHANDSHAKE} error code is seen, the +calling application should proceed to calling +@code{gnutls_handshake()} to negotiate the new +parameters. + +If the client does not wish to renegotiate parameters he +may reply with an alert message, and in that case the return code seen +by subsequent @code{gnutls_record_recv()} will be +@code{GNUTLS_E_WARNING_ALERT_RECEIVED} with the specific alert being +@code{GNUTLS_A_NO_RENEGOTIATION} . A client may also choose to ignore +this request. + +Under TLS 1.3 this function is equivalent to @code{gnutls_session_key_update()} +with the @code{GNUTLS_KU_PEER} flag. In that case subsequent calls to +@code{gnutls_record_recv()} will not return @code{GNUTLS_E_REHANDSHAKE} , and +calls to @code{gnutls_handshake()} in server side are a no-op. + +This function always fails with @code{GNUTLS_E_INVALID_REQUEST} when +called in client side. + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, otherwise a negative error code. +@end deftypefun diff --git a/doc/functions/gnutls_rehandshake.short b/doc/functions/gnutls_rehandshake.short new file mode 100644 index 0000000..5c56e6c --- /dev/null +++ b/doc/functions/gnutls_rehandshake.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_rehandshake} (gnutls_session_t @var{session}) diff --git a/doc/functions/gnutls_rnd b/doc/functions/gnutls_rnd new file mode 100644 index 0000000..7290daa --- /dev/null +++ b/doc/functions/gnutls_rnd @@ -0,0 +1,22 @@ + + + + +@deftypefun {int} {gnutls_rnd} (gnutls_rnd_level_t @var{level}, void * @var{data}, size_t @var{len}) +@var{level}: a security level + +@var{data}: place to store random bytes + +@var{len}: The requested size + +This function will generate random data and store it to output +buffer. The value of @code{level} should be one of @code{GNUTLS_RND_NONCE} , +@code{GNUTLS_RND_RANDOM} and @code{GNUTLS_RND_KEY} . See the manual and +@code{gnutls_rnd_level_t} for detailed information. + +This function is thread-safe and also fork-safe. + +@strong{Returns:} Zero on success, or a negative error code on error. + +@strong{Since:} 2.12.0 +@end deftypefun diff --git a/doc/functions/gnutls_rnd.short b/doc/functions/gnutls_rnd.short new file mode 100644 index 0000000..66903ab --- /dev/null +++ b/doc/functions/gnutls_rnd.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_rnd} (gnutls_rnd_level_t @var{level}, void * @var{data}, size_t @var{len}) diff --git a/doc/functions/gnutls_rnd_refresh b/doc/functions/gnutls_rnd_refresh new file mode 100644 index 0000000..7cf29c2 --- /dev/null +++ b/doc/functions/gnutls_rnd_refresh @@ -0,0 +1,14 @@ + + + + +@deftypefun {void} {gnutls_rnd_refresh} ( @var{void}) + +This function refreshes the random generator state. +That is the current precise time, CPU usage, and +other values are input into its state. + +On a slower rate input from /dev/urandom is mixed too. + +@strong{Since:} 3.1.7 +@end deftypefun diff --git a/doc/functions/gnutls_rnd_refresh.short b/doc/functions/gnutls_rnd_refresh.short new file mode 100644 index 0000000..ef502b0 --- /dev/null +++ b/doc/functions/gnutls_rnd_refresh.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_rnd_refresh} ( @var{void}) diff --git a/doc/functions/gnutls_safe_renegotiation_status b/doc/functions/gnutls_safe_renegotiation_status new file mode 100644 index 0000000..d25a948 --- /dev/null +++ b/doc/functions/gnutls_safe_renegotiation_status @@ -0,0 +1,15 @@ + + + + +@deftypefun {unsigned} {gnutls_safe_renegotiation_status} (gnutls_session_t @var{session}) +@var{session}: is a @code{gnutls_session_t} type. + +Can be used to check whether safe renegotiation is being used +in the current session. + +@strong{Returns:} 0 when safe renegotiation is not used and non (0) when +safe renegotiation is used. + +@strong{Since:} 2.10.0 +@end deftypefun diff --git a/doc/functions/gnutls_safe_renegotiation_status.short b/doc/functions/gnutls_safe_renegotiation_status.short new file mode 100644 index 0000000..fdbb6c6 --- /dev/null +++ b/doc/functions/gnutls_safe_renegotiation_status.short @@ -0,0 +1 @@ +@item @var{unsigned} @ref{gnutls_safe_renegotiation_status} (gnutls_session_t @var{session}) diff --git a/doc/functions/gnutls_sec_param_get_name b/doc/functions/gnutls_sec_param_get_name new file mode 100644 index 0000000..24a71f8 --- /dev/null +++ b/doc/functions/gnutls_sec_param_get_name @@ -0,0 +1,14 @@ + + + + +@deftypefun {const char *} {gnutls_sec_param_get_name} (gnutls_sec_param_t @var{param}) +@var{param}: is a security parameter + +Convert a @code{gnutls_sec_param_t} value to a string. + +@strong{Returns:} a pointer to a string that contains the name of the +specified security level, or @code{NULL} . + +@strong{Since:} 2.12.0 +@end deftypefun diff --git a/doc/functions/gnutls_sec_param_get_name.short b/doc/functions/gnutls_sec_param_get_name.short new file mode 100644 index 0000000..14afd79 --- /dev/null +++ b/doc/functions/gnutls_sec_param_get_name.short @@ -0,0 +1 @@ +@item @var{const char *} @ref{gnutls_sec_param_get_name} (gnutls_sec_param_t @var{param}) diff --git a/doc/functions/gnutls_sec_param_to_pk_bits b/doc/functions/gnutls_sec_param_to_pk_bits new file mode 100644 index 0000000..6030096 --- /dev/null +++ b/doc/functions/gnutls_sec_param_to_pk_bits @@ -0,0 +1,19 @@ + + + + +@deftypefun {unsigned int} {gnutls_sec_param_to_pk_bits} (gnutls_pk_algorithm_t @var{algo}, gnutls_sec_param_t @var{param}) +@var{algo}: is a public key algorithm + +@var{param}: is a security parameter + +When generating private and public key pairs a difficult question +is which size of "bits" the modulus will be in RSA and the group size +in DSA. The easy answer is 1024, which is also wrong. This function +will convert a human understandable security parameter to an +appropriate size for the specific algorithm. + +@strong{Returns:} The number of bits, or (0). + +@strong{Since:} 2.12.0 +@end deftypefun diff --git a/doc/functions/gnutls_sec_param_to_pk_bits.short b/doc/functions/gnutls_sec_param_to_pk_bits.short new file mode 100644 index 0000000..300afe8 --- /dev/null +++ b/doc/functions/gnutls_sec_param_to_pk_bits.short @@ -0,0 +1 @@ +@item @var{unsigned int} @ref{gnutls_sec_param_to_pk_bits} (gnutls_pk_algorithm_t @var{algo}, gnutls_sec_param_t @var{param}) diff --git a/doc/functions/gnutls_sec_param_to_symmetric_bits b/doc/functions/gnutls_sec_param_to_symmetric_bits new file mode 100644 index 0000000..4939fbb --- /dev/null +++ b/doc/functions/gnutls_sec_param_to_symmetric_bits @@ -0,0 +1,14 @@ + + + + +@deftypefun {unsigned int} {gnutls_sec_param_to_symmetric_bits} (gnutls_sec_param_t @var{param}) +@var{param}: is a security parameter + +This function will return the number of bits that correspond to +symmetric cipher strength for the given security parameter. + +@strong{Returns:} The number of bits, or (0). + +@strong{Since:} 3.3.0 +@end deftypefun diff --git a/doc/functions/gnutls_sec_param_to_symmetric_bits.short b/doc/functions/gnutls_sec_param_to_symmetric_bits.short new file mode 100644 index 0000000..379729a --- /dev/null +++ b/doc/functions/gnutls_sec_param_to_symmetric_bits.short @@ -0,0 +1 @@ +@item @var{unsigned int} @ref{gnutls_sec_param_to_symmetric_bits} (gnutls_sec_param_t @var{param}) diff --git a/doc/functions/gnutls_server_name_get b/doc/functions/gnutls_server_name_get new file mode 100644 index 0000000..6d830dc --- /dev/null +++ b/doc/functions/gnutls_server_name_get @@ -0,0 +1,36 @@ + + + + +@deftypefun {int} {gnutls_server_name_get} (gnutls_session_t @var{session}, void * @var{data}, size_t * @var{data_length}, unsigned int * @var{type}, unsigned int @var{indx}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{data}: will hold the data + +@var{data_length}: will hold the data length. Must hold the maximum size of data. + +@var{type}: will hold the server name indicator type + +@var{indx}: is the index of the server_name + +This function will allow you to get the name indication (if any), a +client has sent. The name indication may be any of the enumeration +gnutls_server_name_type_t. + +If @code{type} is GNUTLS_NAME_DNS, then this function is to be used by +servers that support virtual hosting, and the data will be a null +terminated IDNA ACE string (prior to GnuTLS 3.4.0 it was a UTF-8 string). + +If @code{data} has not enough size to hold the server name +GNUTLS_E_SHORT_MEMORY_BUFFER is returned, and @code{data_length} will +hold the required size. + + @code{indx} is used to retrieve more than one server names (if sent by +the client). The first server name has an index of 0, the second 1 +and so on. If no name with the given index exists +GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE is returned. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, on UTF-8 +decoding error @code{GNUTLS_E_IDNA_ERROR} is returned, otherwise a negative +error code is returned. +@end deftypefun diff --git a/doc/functions/gnutls_server_name_get.short b/doc/functions/gnutls_server_name_get.short new file mode 100644 index 0000000..5ab520a --- /dev/null +++ b/doc/functions/gnutls_server_name_get.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_server_name_get} (gnutls_session_t @var{session}, void * @var{data}, size_t * @var{data_length}, unsigned int * @var{type}, unsigned int @var{indx}) diff --git a/doc/functions/gnutls_server_name_set b/doc/functions/gnutls_server_name_set new file mode 100644 index 0000000..e73c460 --- /dev/null +++ b/doc/functions/gnutls_server_name_set @@ -0,0 +1,29 @@ + + + + +@deftypefun {int} {gnutls_server_name_set} (gnutls_session_t @var{session}, gnutls_server_name_type_t @var{type}, const void * @var{name}, size_t @var{name_length}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{type}: specifies the indicator type + +@var{name}: is a string that contains the server name. + +@var{name_length}: holds the length of name excluding the terminating null byte + +This function is to be used by clients that want to inform (via a +TLS extension mechanism) the server of the name they connected to. +This should be used by clients that connect to servers that do +virtual hosting. + +The value of @code{name} depends on the @code{type} type. In case of +@code{GNUTLS_NAME_DNS} , a UTF-8 null-terminated domain name string, +without the trailing dot, is expected. + +IPv4 or IPv6 addresses are not permitted to be set by this function. +If the function is called with a name of @code{name_length} zero it will clear +all server names set. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, +otherwise a negative error code is returned. +@end deftypefun diff --git a/doc/functions/gnutls_server_name_set.short b/doc/functions/gnutls_server_name_set.short new file mode 100644 index 0000000..f970163 --- /dev/null +++ b/doc/functions/gnutls_server_name_set.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_server_name_set} (gnutls_session_t @var{session}, gnutls_server_name_type_t @var{type}, const void * @var{name}, size_t @var{name_length}) diff --git a/doc/functions/gnutls_session_channel_binding b/doc/functions/gnutls_session_channel_binding new file mode 100644 index 0000000..7f5ce20 --- /dev/null +++ b/doc/functions/gnutls_session_channel_binding @@ -0,0 +1,21 @@ + + + + +@deftypefun {int} {gnutls_session_channel_binding} (gnutls_session_t @var{session}, gnutls_channel_binding_t @var{cbtype}, gnutls_datum_t * @var{cb}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{cbtype}: an @code{gnutls_channel_binding_t} enumeration type + +@var{cb}: output buffer array with data + +Extract given channel binding data of the @code{cbtype} (e.g., +@code{GNUTLS_CB_TLS_UNIQUE} ) type. + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, +@code{GNUTLS_E_UNIMPLEMENTED_FEATURE} if the @code{cbtype} is unsupported, +@code{GNUTLS_E_CHANNEL_BINDING_NOT_AVAILABLE} if the data is not +currently available, or an error code. + +@strong{Since:} 2.12.0 +@end deftypefun diff --git a/doc/functions/gnutls_session_channel_binding.short b/doc/functions/gnutls_session_channel_binding.short new file mode 100644 index 0000000..3149360 --- /dev/null +++ b/doc/functions/gnutls_session_channel_binding.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_session_channel_binding} (gnutls_session_t @var{session}, gnutls_channel_binding_t @var{cbtype}, gnutls_datum_t * @var{cb}) diff --git a/doc/functions/gnutls_session_enable_compatibility_mode b/doc/functions/gnutls_session_enable_compatibility_mode new file mode 100644 index 0000000..5102304 --- /dev/null +++ b/doc/functions/gnutls_session_enable_compatibility_mode @@ -0,0 +1,20 @@ + + + + +@deftypefun {void} {gnutls_session_enable_compatibility_mode} (gnutls_session_t @var{session}) +@var{session}: is a @code{gnutls_session_t} type. + +This function can be used to disable certain (security) features in +TLS in order to maintain maximum compatibility with buggy +clients. Because several trade-offs with security are enabled, +if required they will be reported through the audit subsystem. + +Normally only servers that require maximum compatibility with +everything out there, need to call this function. + +Note that this function must be called after any call to gnutls_priority +functions. + +@strong{Since:} 2.1.4 +@end deftypefun diff --git a/doc/functions/gnutls_session_enable_compatibility_mode.short b/doc/functions/gnutls_session_enable_compatibility_mode.short new file mode 100644 index 0000000..ffde9a6 --- /dev/null +++ b/doc/functions/gnutls_session_enable_compatibility_mode.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_session_enable_compatibility_mode} (gnutls_session_t @var{session}) diff --git a/doc/functions/gnutls_session_etm_status b/doc/functions/gnutls_session_etm_status new file mode 100644 index 0000000..7941824 --- /dev/null +++ b/doc/functions/gnutls_session_etm_status @@ -0,0 +1,12 @@ + + + + +@deftypefun {unsigned} {gnutls_session_etm_status} (gnutls_session_t @var{session}) +@var{session}: is a @code{gnutls_session_t} type. + +Get the status of the encrypt-then-mac extension negotiation. +This is in accordance to rfc7366 + +@strong{Returns:} Non-zero if the negotiation was successful or zero otherwise. +@end deftypefun diff --git a/doc/functions/gnutls_session_etm_status.short b/doc/functions/gnutls_session_etm_status.short new file mode 100644 index 0000000..6cf1089 --- /dev/null +++ b/doc/functions/gnutls_session_etm_status.short @@ -0,0 +1 @@ +@item @var{unsigned} @ref{gnutls_session_etm_status} (gnutls_session_t @var{session}) diff --git a/doc/functions/gnutls_session_ext_master_secret_status b/doc/functions/gnutls_session_ext_master_secret_status new file mode 100644 index 0000000..96e83f8 --- /dev/null +++ b/doc/functions/gnutls_session_ext_master_secret_status @@ -0,0 +1,13 @@ + + + + +@deftypefun {unsigned} {gnutls_session_ext_master_secret_status} (gnutls_session_t @var{session}) +@var{session}: is a @code{gnutls_session_t} type. + +Get the status of the extended master secret extension negotiation. +This is in accordance to RFC7627. That information is also +available to the more generic @code{gnutls_session_get_flags()} . + +@strong{Returns:} Non-zero if the negotiation was successful or zero otherwise. +@end deftypefun diff --git a/doc/functions/gnutls_session_ext_master_secret_status.short b/doc/functions/gnutls_session_ext_master_secret_status.short new file mode 100644 index 0000000..f5cc6d5 --- /dev/null +++ b/doc/functions/gnutls_session_ext_master_secret_status.short @@ -0,0 +1 @@ +@item @var{unsigned} @ref{gnutls_session_ext_master_secret_status} (gnutls_session_t @var{session}) diff --git a/doc/functions/gnutls_session_ext_register b/doc/functions/gnutls_session_ext_register new file mode 100644 index 0000000..74a83b5 --- /dev/null +++ b/doc/functions/gnutls_session_ext_register @@ -0,0 +1,46 @@ + + + + +@deftypefun {int} {gnutls_session_ext_register} (gnutls_session_t @var{session}, const char * @var{name}, int @var{id}, gnutls_ext_parse_type_t @var{parse_type}, gnutls_ext_recv_func @var{recv_func}, gnutls_ext_send_func @var{send_func}, gnutls_ext_deinit_data_func @var{deinit_func}, gnutls_ext_pack_func @var{pack_func}, gnutls_ext_unpack_func @var{unpack_func}, unsigned @var{flags}) +@var{session}: the session for which this extension will be set + +@var{name}: the name of the extension to register + +@var{id}: the numeric id of the extension + +@var{parse_type}: the parse type of the extension (see gnutls_ext_parse_type_t) + +@var{recv_func}: a function to receive the data + +@var{send_func}: a function to send the data + +@var{deinit_func}: a function deinitialize any private data + +@var{pack_func}: a function which serializes the extension's private data (used on session packing for resumption) + +@var{unpack_func}: a function which will deserialize the extension's private data + +@var{flags}: must be zero or flags from @code{gnutls_ext_flags_t} + +This function will register a new extension type. The extension will be +only usable within the registered session. If the extension type +is already registered then @code{GNUTLS_E_ALREADY_REGISTERED} will be returned, +unless the flag @code{GNUTLS_EXT_FLAG_OVERRIDE_INTERNAL} is specified. The latter +flag when specified can be used to override certain extensions introduced +after 3.6.0. It is expected to be used by applications which handle +custom extensions that are not currently supported in GnuTLS, but direct +support for them may be added in the future. + +Each registered extension can store temporary data into the gnutls_session_t +structure using @code{gnutls_ext_set_data()} , and they can be retrieved using +@code{gnutls_ext_get_data()} . + +The validity of the extension registered can be given by the appropriate flags +of @code{gnutls_ext_flags_t} . If no validity is given, then the registered extension +will be valid for client and TLS1.2 server hello (or encrypted extensions for TLS1.3). + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, otherwise a negative error code. + +@strong{Since:} 3.5.5 +@end deftypefun diff --git a/doc/functions/gnutls_session_ext_register.short b/doc/functions/gnutls_session_ext_register.short new file mode 100644 index 0000000..9c885a9 --- /dev/null +++ b/doc/functions/gnutls_session_ext_register.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_session_ext_register} (gnutls_session_t @var{session}, const char * @var{name}, int @var{id}, gnutls_ext_parse_type_t @var{parse_type}, gnutls_ext_recv_func @var{recv_func}, gnutls_ext_send_func @var{send_func}, gnutls_ext_deinit_data_func @var{deinit_func}, gnutls_ext_pack_func @var{pack_func}, gnutls_ext_unpack_func @var{unpack_func}, unsigned @var{flags}) diff --git a/doc/functions/gnutls_session_force_valid b/doc/functions/gnutls_session_force_valid new file mode 100644 index 0000000..dae2047 --- /dev/null +++ b/doc/functions/gnutls_session_force_valid @@ -0,0 +1,13 @@ + + + + +@deftypefun {void} {gnutls_session_force_valid} (gnutls_session_t @var{session}) +@var{session}: is a @code{gnutls_session_t} type. + +Clears the invalid flag in a session. That means +that sessions were corrupt or invalid data were received +can be re-used. Use only when debugging or experimenting +with the TLS protocol. Should not be used in typical +applications. +@end deftypefun diff --git a/doc/functions/gnutls_session_force_valid.short b/doc/functions/gnutls_session_force_valid.short new file mode 100644 index 0000000..56a7cf3 --- /dev/null +++ b/doc/functions/gnutls_session_force_valid.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_session_force_valid} (gnutls_session_t @var{session}) diff --git a/doc/functions/gnutls_session_get_data b/doc/functions/gnutls_session_get_data new file mode 100644 index 0000000..c3cce66 --- /dev/null +++ b/doc/functions/gnutls_session_get_data @@ -0,0 +1,19 @@ + + + + +@deftypefun {int} {gnutls_session_get_data} (gnutls_session_t @var{session}, void * @var{session_data}, size_t * @var{session_data_size}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{session_data}: is a pointer to space to hold the session. + +@var{session_data_size}: is the session_data's size, or it will be set by the function. + +Returns all session parameters needed to be stored to support resumption, +in a pre-allocated buffer. + +See @code{gnutls_session_get_data2()} for more information. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise +an error code is returned. +@end deftypefun diff --git a/doc/functions/gnutls_session_get_data.short b/doc/functions/gnutls_session_get_data.short new file mode 100644 index 0000000..7fb27e4 --- /dev/null +++ b/doc/functions/gnutls_session_get_data.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_session_get_data} (gnutls_session_t @var{session}, void * @var{session_data}, size_t * @var{session_data_size}) diff --git a/doc/functions/gnutls_session_get_data2 b/doc/functions/gnutls_session_get_data2 new file mode 100644 index 0000000..1c3ef39 --- /dev/null +++ b/doc/functions/gnutls_session_get_data2 @@ -0,0 +1,38 @@ + + + + +@deftypefun {int} {gnutls_session_get_data2} (gnutls_session_t @var{session}, gnutls_datum_t * @var{data}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{data}: is a pointer to a datum that will hold the session. + +Returns necessary parameters to support resumption. The client +should call this function and store the returned session data. A session +can be resumed later by calling @code{gnutls_session_set_data()} with the returned +data. Note that under TLS 1.3, it is recommended for clients to use +session parameters only once, to prevent passive-observers from correlating +the different connections. + +The returned @code{data} are allocated and must be released using @code{gnutls_free()} . + +This function will fail if called prior to handshake completion. In +case of false start TLS, the handshake completes only after data have +been successfully received from the peer. + +Under TLS1.3 session resumption is possible only after a session ticket +is received by the client. To ensure that such a ticket has been received use +@code{gnutls_session_get_flags()} and check for flag @code{GNUTLS_SFLAGS_SESSION_TICKET} ; +if this flag is not set, this function will wait for a new ticket within +an estimated rountrip, and if not received will return dummy data which +cannot lead to resumption. + +To get notified when new tickets are received by the server +use @code{gnutls_handshake_set_hook_function()} to wait for @code{GNUTLS_HANDSHAKE_NEW_SESSION_TICKET} +messages. Each call of @code{gnutls_session_get_data2()} after a ticket is +received, will return session resumption data corresponding to the last +received ticket. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise +an error code is returned. +@end deftypefun diff --git a/doc/functions/gnutls_session_get_data2.short b/doc/functions/gnutls_session_get_data2.short new file mode 100644 index 0000000..7b0774d --- /dev/null +++ b/doc/functions/gnutls_session_get_data2.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_session_get_data2} (gnutls_session_t @var{session}, gnutls_datum_t * @var{data}) diff --git a/doc/functions/gnutls_session_get_desc b/doc/functions/gnutls_session_get_desc new file mode 100644 index 0000000..9a520e7 --- /dev/null +++ b/doc/functions/gnutls_session_get_desc @@ -0,0 +1,17 @@ + + + + +@deftypefun {char *} {gnutls_session_get_desc} (gnutls_session_t @var{session}) +@var{session}: is a gnutls session + +This function returns a string describing the current session. +The string is null terminated and allocated using @code{gnutls_malloc()} . + +If initial negotiation is not complete when this function is called, +@code{NULL} will be returned. + +@strong{Returns:} a description of the protocols and algorithms in the current session. + +@strong{Since:} 3.1.10 +@end deftypefun diff --git a/doc/functions/gnutls_session_get_desc.short b/doc/functions/gnutls_session_get_desc.short new file mode 100644 index 0000000..5136dd5 --- /dev/null +++ b/doc/functions/gnutls_session_get_desc.short @@ -0,0 +1 @@ +@item @var{char *} @ref{gnutls_session_get_desc} (gnutls_session_t @var{session}) diff --git a/doc/functions/gnutls_session_get_flags b/doc/functions/gnutls_session_get_flags new file mode 100644 index 0000000..226cab5 --- /dev/null +++ b/doc/functions/gnutls_session_get_flags @@ -0,0 +1,18 @@ + + + + +@deftypefun {unsigned} {gnutls_session_get_flags} (gnutls_session_t @var{session}) +@var{session}: is a @code{gnutls_session_t} type. + +This function will return a series (ORed) of flags, applicable +for the current session. + +This replaces individual informational functions such as +@code{gnutls_safe_renegotiation_status()} , @code{gnutls_session_ext_master_secret_status()} , +etc. + +@strong{Returns:} An ORed sequence of flags (see @code{gnutls_session_flags_t} ) + +@strong{Since:} 3.5.0 +@end deftypefun diff --git a/doc/functions/gnutls_session_get_flags.short b/doc/functions/gnutls_session_get_flags.short new file mode 100644 index 0000000..c6eb9e7 --- /dev/null +++ b/doc/functions/gnutls_session_get_flags.short @@ -0,0 +1 @@ +@item @var{unsigned} @ref{gnutls_session_get_flags} (gnutls_session_t @var{session}) diff --git a/doc/functions/gnutls_session_get_id b/doc/functions/gnutls_session_get_id new file mode 100644 index 0000000..060ca25 --- /dev/null +++ b/doc/functions/gnutls_session_get_id @@ -0,0 +1,32 @@ + + + + +@deftypefun {int} {gnutls_session_get_id} (gnutls_session_t @var{session}, void * @var{session_id}, size_t * @var{session_id_size}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{session_id}: is a pointer to space to hold the session id. + +@var{session_id_size}: initially should contain the maximum @code{session_id} size and will be updated. + +Returns the TLS session identifier. The session ID is selected by the +server, and in older versions of TLS was a unique identifier shared +between client and server which was persistent across resumption. +In the latest version of TLS (1.3) or TLS with session tickets, the +notion of session identifiers is undefined and cannot be relied for uniquely +identifying sessions across client and server. + +In client side this function returns the identifier returned by the +server, and cannot be assumed to have any relation to session resumption. +In server side this function is guaranteed to return a persistent +identifier of the session since GnuTLS 3.6.4, which may not necessarily +map into the TLS session ID value. Prior to that version the value +could only be considered a persistent identifier, under TLS1.2 or earlier +and when no session tickets were in use. + +The session identifier value returned is always less than +@code{GNUTLS_MAX_SESSION_ID_SIZE} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise +an error code is returned. +@end deftypefun diff --git a/doc/functions/gnutls_session_get_id.short b/doc/functions/gnutls_session_get_id.short new file mode 100644 index 0000000..c765847 --- /dev/null +++ b/doc/functions/gnutls_session_get_id.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_session_get_id} (gnutls_session_t @var{session}, void * @var{session_id}, size_t * @var{session_id_size}) diff --git a/doc/functions/gnutls_session_get_id2 b/doc/functions/gnutls_session_get_id2 new file mode 100644 index 0000000..d6011d3 --- /dev/null +++ b/doc/functions/gnutls_session_get_id2 @@ -0,0 +1,32 @@ + + + + +@deftypefun {int} {gnutls_session_get_id2} (gnutls_session_t @var{session}, gnutls_datum_t * @var{session_id}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{session_id}: will point to the session ID. + +Returns the TLS session identifier. The session ID is selected by the +server, and in older versions of TLS was a unique identifier shared +between client and server which was persistent across resumption. +In the latest version of TLS (1.3) or TLS 1.2 with session tickets, the +notion of session identifiers is undefined and cannot be relied for uniquely +identifying sessions across client and server. + +In client side this function returns the identifier returned by the +server, and cannot be assumed to have any relation to session resumption. +In server side this function is guaranteed to return a persistent +identifier of the session since GnuTLS 3.6.4, which may not necessarily +map into the TLS session ID value. Prior to that version the value +could only be considered a persistent identifier, under TLS1.2 or earlier +and when no session tickets were in use. + +The session identifier value returned is always less than +@code{GNUTLS_MAX_SESSION_ID_SIZE} and should be treated as constant. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise +an error code is returned. + +@strong{Since:} 3.1.4 +@end deftypefun diff --git a/doc/functions/gnutls_session_get_id2.short b/doc/functions/gnutls_session_get_id2.short new file mode 100644 index 0000000..8d17416 --- /dev/null +++ b/doc/functions/gnutls_session_get_id2.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_session_get_id2} (gnutls_session_t @var{session}, gnutls_datum_t * @var{session_id}) diff --git a/doc/functions/gnutls_session_get_master_secret b/doc/functions/gnutls_session_get_master_secret new file mode 100644 index 0000000..84eb0a5 --- /dev/null +++ b/doc/functions/gnutls_session_get_master_secret @@ -0,0 +1,16 @@ + + + + +@deftypefun {void} {gnutls_session_get_master_secret} (gnutls_session_t @var{session}, gnutls_datum_t * @var{secret}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{secret}: the session's master secret + +This function returns pointers to the master secret +used in the TLS session. The pointers are not to be modified or deallocated. + +This function is only applicable under TLS 1.2 or earlier versions. + +@strong{Since:} 3.5.0 +@end deftypefun diff --git a/doc/functions/gnutls_session_get_master_secret.short b/doc/functions/gnutls_session_get_master_secret.short new file mode 100644 index 0000000..2934baf --- /dev/null +++ b/doc/functions/gnutls_session_get_master_secret.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_session_get_master_secret} (gnutls_session_t @var{session}, gnutls_datum_t * @var{secret}) diff --git a/doc/functions/gnutls_session_get_ptr b/doc/functions/gnutls_session_get_ptr new file mode 100644 index 0000000..dc812ec --- /dev/null +++ b/doc/functions/gnutls_session_get_ptr @@ -0,0 +1,13 @@ + + + + +@deftypefun {void *} {gnutls_session_get_ptr} (gnutls_session_t @var{session}) +@var{session}: is a @code{gnutls_session_t} type. + +Get user pointer for session. Useful in callbacks. This is the +pointer set with @code{gnutls_session_set_ptr()} . + +@strong{Returns:} the user given pointer from the session structure, or +@code{NULL} if it was never set. +@end deftypefun diff --git a/doc/functions/gnutls_session_get_ptr.short b/doc/functions/gnutls_session_get_ptr.short new file mode 100644 index 0000000..61cc948 --- /dev/null +++ b/doc/functions/gnutls_session_get_ptr.short @@ -0,0 +1 @@ +@item @var{void *} @ref{gnutls_session_get_ptr} (gnutls_session_t @var{session}) diff --git a/doc/functions/gnutls_session_get_random b/doc/functions/gnutls_session_get_random new file mode 100644 index 0000000..5a273c3 --- /dev/null +++ b/doc/functions/gnutls_session_get_random @@ -0,0 +1,20 @@ + + + + +@deftypefun {void} {gnutls_session_get_random} (gnutls_session_t @var{session}, gnutls_datum_t * @var{client}, gnutls_datum_t * @var{server}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{client}: the client part of the random + +@var{server}: the server part of the random + +This function returns pointers to the client and server +random fields used in the TLS handshake. The pointers are +not to be modified or deallocated. + +If a client random value has not yet been established, the output +will be garbage. + +@strong{Since:} 3.0 +@end deftypefun diff --git a/doc/functions/gnutls_session_get_random.short b/doc/functions/gnutls_session_get_random.short new file mode 100644 index 0000000..ce4d151 --- /dev/null +++ b/doc/functions/gnutls_session_get_random.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_session_get_random} (gnutls_session_t @var{session}, gnutls_datum_t * @var{client}, gnutls_datum_t * @var{server}) diff --git a/doc/functions/gnutls_session_get_verify_cert_status b/doc/functions/gnutls_session_get_verify_cert_status new file mode 100644 index 0000000..1437dfe --- /dev/null +++ b/doc/functions/gnutls_session_get_verify_cert_status @@ -0,0 +1,18 @@ + + + + +@deftypefun {unsigned int} {gnutls_session_get_verify_cert_status} (gnutls_session_t @var{session}) +@var{session}: is a gnutls session + +This function returns the status of the verification when initiated +via auto-verification, i.e., by @code{gnutls_session_set_verify_cert2()} or +@code{gnutls_session_set_verify_cert()} . If no certificate verification +was occurred then the return value would be set to ((unsigned int)-1). + +The certificate verification status is the same as in @code{gnutls_certificate_verify_peers()} . + +@strong{Returns:} the certificate verification status. + +@strong{Since:} 3.4.6 +@end deftypefun diff --git a/doc/functions/gnutls_session_get_verify_cert_status.short b/doc/functions/gnutls_session_get_verify_cert_status.short new file mode 100644 index 0000000..8e5c08d --- /dev/null +++ b/doc/functions/gnutls_session_get_verify_cert_status.short @@ -0,0 +1 @@ +@item @var{unsigned int} @ref{gnutls_session_get_verify_cert_status} (gnutls_session_t @var{session}) diff --git a/doc/functions/gnutls_session_is_resumed b/doc/functions/gnutls_session_is_resumed new file mode 100644 index 0000000..6a813f2 --- /dev/null +++ b/doc/functions/gnutls_session_is_resumed @@ -0,0 +1,13 @@ + + + + +@deftypefun {int} {gnutls_session_is_resumed} (gnutls_session_t @var{session}) +@var{session}: is a @code{gnutls_session_t} type. + +Checks whether session is resumed or not. This is functional +for both server and client side. + +@strong{Returns:} non zero if this session is resumed, or a zero if this is +a new session. +@end deftypefun diff --git a/doc/functions/gnutls_session_is_resumed.short b/doc/functions/gnutls_session_is_resumed.short new file mode 100644 index 0000000..92c9ab7 --- /dev/null +++ b/doc/functions/gnutls_session_is_resumed.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_session_is_resumed} (gnutls_session_t @var{session}) diff --git a/doc/functions/gnutls_session_key_update b/doc/functions/gnutls_session_key_update new file mode 100644 index 0000000..d656b26 --- /dev/null +++ b/doc/functions/gnutls_session_key_update @@ -0,0 +1,26 @@ + + + + +@deftypefun {int} {gnutls_session_key_update} (gnutls_session_t @var{session}, unsigned @var{flags}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{flags}: zero of @code{GNUTLS_KU_PEER} + +This function will update/refresh the session keys when the +TLS protocol is 1.3 or better. The peer is notified of the +update by sending a message, so this function should be +treated similarly to @code{gnutls_record_send()} --i.e., it may +return @code{GNUTLS_E_AGAIN} or @code{GNUTLS_E_INTERRUPTED} . + +When this flag @code{GNUTLS_KU_PEER} is specified, this function +in addition to updating the local keys, will ask the peer to +refresh its keys too. + +If the negotiated version is not TLS 1.3 or better this +function will return @code{GNUTLS_E_INVALID_REQUEST} . + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, otherwise a negative error code. + +@strong{Since:} 3.6.3 +@end deftypefun diff --git a/doc/functions/gnutls_session_key_update.short b/doc/functions/gnutls_session_key_update.short new file mode 100644 index 0000000..444e59c --- /dev/null +++ b/doc/functions/gnutls_session_key_update.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_session_key_update} (gnutls_session_t @var{session}, unsigned @var{flags}) diff --git a/doc/functions/gnutls_session_resumption_requested b/doc/functions/gnutls_session_resumption_requested new file mode 100644 index 0000000..50017ba --- /dev/null +++ b/doc/functions/gnutls_session_resumption_requested @@ -0,0 +1,12 @@ + + + + +@deftypefun {int} {gnutls_session_resumption_requested} (gnutls_session_t @var{session}) +@var{session}: is a @code{gnutls_session_t} type. + +Check whether the client has asked for session resumption. +This function is valid only on server side. + +@strong{Returns:} non zero if session resumption was asked, or a zero if not. +@end deftypefun diff --git a/doc/functions/gnutls_session_resumption_requested.short b/doc/functions/gnutls_session_resumption_requested.short new file mode 100644 index 0000000..b9cf02e --- /dev/null +++ b/doc/functions/gnutls_session_resumption_requested.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_session_resumption_requested} (gnutls_session_t @var{session}) diff --git a/doc/functions/gnutls_session_set_data b/doc/functions/gnutls_session_set_data new file mode 100644 index 0000000..1e20a7b --- /dev/null +++ b/doc/functions/gnutls_session_set_data @@ -0,0 +1,23 @@ + + + + +@deftypefun {int} {gnutls_session_set_data} (gnutls_session_t @var{session}, const void * @var{session_data}, size_t @var{session_data_size}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{session_data}: is a pointer to space to hold the session. + +@var{session_data_size}: is the session's size + +Sets all session parameters, in order to resume a previously +established session. The session data given must be the one +returned by @code{gnutls_session_get_data()} . This function should be +called before @code{gnutls_handshake()} . + +Keep in mind that session resuming is advisory. The server may +choose not to resume the session, thus a full handshake will be +performed. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise +an error code is returned. +@end deftypefun diff --git a/doc/functions/gnutls_session_set_data.short b/doc/functions/gnutls_session_set_data.short new file mode 100644 index 0000000..085e6b1 --- /dev/null +++ b/doc/functions/gnutls_session_set_data.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_session_set_data} (gnutls_session_t @var{session}, const void * @var{session_data}, size_t @var{session_data_size}) diff --git a/doc/functions/gnutls_session_set_id b/doc/functions/gnutls_session_set_id new file mode 100644 index 0000000..206ff4b --- /dev/null +++ b/doc/functions/gnutls_session_set_id @@ -0,0 +1,20 @@ + + + + +@deftypefun {int} {gnutls_session_set_id} (gnutls_session_t @var{session}, const gnutls_datum_t * @var{sid}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{sid}: the session identifier + +This function sets the session ID to be used in a client hello. +This is a function intended for exceptional uses. Do not use this +function unless you are implementing a custom protocol. + +To set session resumption parameters use @code{gnutls_session_set_data()} instead. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise +an error code is returned. + +@strong{Since:} 3.2.1 +@end deftypefun diff --git a/doc/functions/gnutls_session_set_id.short b/doc/functions/gnutls_session_set_id.short new file mode 100644 index 0000000..05a3a00 --- /dev/null +++ b/doc/functions/gnutls_session_set_id.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_session_set_id} (gnutls_session_t @var{session}, const gnutls_datum_t * @var{sid}) diff --git a/doc/functions/gnutls_session_set_premaster b/doc/functions/gnutls_session_set_premaster new file mode 100644 index 0000000..6dc79de --- /dev/null +++ b/doc/functions/gnutls_session_set_premaster @@ -0,0 +1,31 @@ + + + + +@deftypefun {int} {gnutls_session_set_premaster} (gnutls_session_t @var{session}, unsigned int @var{entity}, gnutls_protocol_t @var{version}, gnutls_kx_algorithm_t @var{kx}, gnutls_cipher_algorithm_t @var{cipher}, gnutls_mac_algorithm_t @var{mac}, gnutls_compression_method_t @var{comp}, const gnutls_datum_t * @var{master}, const gnutls_datum_t * @var{session_id}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{entity}: GNUTLS_SERVER or GNUTLS_CLIENT + +@var{version}: the TLS protocol version + +@var{kx}: the key exchange method + +@var{cipher}: the cipher + +@var{mac}: the MAC algorithm + +@var{comp}: the compression method (ignored) + +@var{master}: the master key to use + +@var{session_id}: the session identifier + +This function sets the premaster secret in a session. This is +a function intended for exceptional uses. Do not use this +function unless you are implementing a legacy protocol. +Use @code{gnutls_session_set_data()} instead. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise +an error code is returned. +@end deftypefun diff --git a/doc/functions/gnutls_session_set_premaster.short b/doc/functions/gnutls_session_set_premaster.short new file mode 100644 index 0000000..13841b9 --- /dev/null +++ b/doc/functions/gnutls_session_set_premaster.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_session_set_premaster} (gnutls_session_t @var{session}, unsigned int @var{entity}, gnutls_protocol_t @var{version}, gnutls_kx_algorithm_t @var{kx}, gnutls_cipher_algorithm_t @var{cipher}, gnutls_mac_algorithm_t @var{mac}, gnutls_compression_method_t @var{comp}, const gnutls_datum_t * @var{master}, const gnutls_datum_t * @var{session_id}) diff --git a/doc/functions/gnutls_session_set_ptr b/doc/functions/gnutls_session_set_ptr new file mode 100644 index 0000000..0140c7f --- /dev/null +++ b/doc/functions/gnutls_session_set_ptr @@ -0,0 +1,13 @@ + + + + +@deftypefun {void} {gnutls_session_set_ptr} (gnutls_session_t @var{session}, void * @var{ptr}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{ptr}: is the user pointer + +This function will set (associate) the user given pointer @code{ptr} to +the session structure. This pointer can be accessed with +@code{gnutls_session_get_ptr()} . +@end deftypefun diff --git a/doc/functions/gnutls_session_set_ptr.short b/doc/functions/gnutls_session_set_ptr.short new file mode 100644 index 0000000..a5610ae --- /dev/null +++ b/doc/functions/gnutls_session_set_ptr.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_session_set_ptr} (gnutls_session_t @var{session}, void * @var{ptr}) diff --git a/doc/functions/gnutls_session_set_verify_cert b/doc/functions/gnutls_session_set_verify_cert new file mode 100644 index 0000000..ea38896 --- /dev/null +++ b/doc/functions/gnutls_session_set_verify_cert @@ -0,0 +1,30 @@ + + + + +@deftypefun {void} {gnutls_session_set_verify_cert} (gnutls_session_t @var{session}, const char * @var{hostname}, unsigned @var{flags}) +@var{session}: is a gnutls session + +@var{hostname}: is the expected name of the peer; may be @code{NULL} + +@var{flags}: flags for certificate verification -- @code{gnutls_certificate_verify_flags} + +This function instructs GnuTLS to verify the peer's certificate +using the provided hostname. If the verification fails the handshake +will also fail with @code{GNUTLS_E_CERTIFICATE_VERIFICATION_ERROR} . In that +case the verification result can be obtained using @code{gnutls_session_get_verify_cert_status()} . + +The @code{hostname} pointer provided must remain valid for the lifetime +of the session. More precisely it should be available during any subsequent +handshakes. If no hostname is provided, no hostname verification +will be performed. For a more advanced verification function check +@code{gnutls_session_set_verify_cert2()} . + +If @code{flags} is provided which contain a profile, this function should be +called after any session priority setting functions. + +The @code{gnutls_session_set_verify_cert()} function is intended to be used by TLS +clients to verify the server's certificate. + +@strong{Since:} 3.4.6 +@end deftypefun diff --git a/doc/functions/gnutls_session_set_verify_cert.short b/doc/functions/gnutls_session_set_verify_cert.short new file mode 100644 index 0000000..c4ac86d --- /dev/null +++ b/doc/functions/gnutls_session_set_verify_cert.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_session_set_verify_cert} (gnutls_session_t @var{session}, const char * @var{hostname}, unsigned @var{flags}) diff --git a/doc/functions/gnutls_session_set_verify_cert2 b/doc/functions/gnutls_session_set_verify_cert2 new file mode 100644 index 0000000..46a6089 --- /dev/null +++ b/doc/functions/gnutls_session_set_verify_cert2 @@ -0,0 +1,27 @@ + + + + +@deftypefun {void} {gnutls_session_set_verify_cert2} (gnutls_session_t @var{session}, gnutls_typed_vdata_st * @var{data}, unsigned @var{elements}, unsigned @var{flags}) +@var{session}: is a gnutls session + +@var{data}: an array of typed data + +@var{elements}: the number of data elements + +@var{flags}: flags for certificate verification -- @code{gnutls_certificate_verify_flags} + +This function instructs GnuTLS to verify the peer's certificate +using the provided typed data information. If the verification fails the handshake +will also fail with @code{GNUTLS_E_CERTIFICATE_VERIFICATION_ERROR} . In that +case the verification result can be obtained using @code{gnutls_session_get_verify_cert_status()} . + +The acceptable typed data are the same as in @code{gnutls_certificate_verify_peers()} , +and once set must remain valid for the lifetime of the session. More precisely +they should be available during any subsequent handshakes. + +If @code{flags} is provided which contain a profile, this function should be +called after any session priority setting functions. + +@strong{Since:} 3.4.6 +@end deftypefun diff --git a/doc/functions/gnutls_session_set_verify_cert2.short b/doc/functions/gnutls_session_set_verify_cert2.short new file mode 100644 index 0000000..bc3d5df --- /dev/null +++ b/doc/functions/gnutls_session_set_verify_cert2.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_session_set_verify_cert2} (gnutls_session_t @var{session}, gnutls_typed_vdata_st * @var{data}, unsigned @var{elements}, unsigned @var{flags}) diff --git a/doc/functions/gnutls_session_set_verify_function b/doc/functions/gnutls_session_set_verify_function new file mode 100644 index 0000000..4ce9b10 --- /dev/null +++ b/doc/functions/gnutls_session_set_verify_function @@ -0,0 +1,28 @@ + + + + +@deftypefun {void} {gnutls_session_set_verify_function} (gnutls_session_t @var{session}, gnutls_certificate_verify_function * @var{func}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{func}: is the callback function + +This function sets a callback to be called when peer's certificate +has been received in order to verify it on receipt rather than +doing after the handshake is completed. This overrides any callback +set using @code{gnutls_certificate_set_verify_function()} . + +The callback's function prototype is: +int (*callback)(gnutls_session_t); + +If the callback function is provided then gnutls will call it, in the +handshake, just after the certificate message has been received. +To verify or obtain the certificate the @code{gnutls_certificate_verify_peers2()} , +@code{gnutls_certificate_type_get()} , @code{gnutls_certificate_get_peers()} functions +can be used. + +The callback function should return 0 for the handshake to continue +or non-zero to terminate. + +@strong{Since:} 3.4.6 +@end deftypefun diff --git a/doc/functions/gnutls_session_set_verify_function.short b/doc/functions/gnutls_session_set_verify_function.short new file mode 100644 index 0000000..e465465 --- /dev/null +++ b/doc/functions/gnutls_session_set_verify_function.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_session_set_verify_function} (gnutls_session_t @var{session}, gnutls_certificate_verify_function * @var{func}) diff --git a/doc/functions/gnutls_session_supplemental_register b/doc/functions/gnutls_session_supplemental_register new file mode 100644 index 0000000..403f052 --- /dev/null +++ b/doc/functions/gnutls_session_supplemental_register @@ -0,0 +1,32 @@ + + + + +@deftypefun {int} {gnutls_session_supplemental_register} (gnutls_session_t @var{session}, const char * @var{name}, gnutls_supplemental_data_format_type_t @var{type}, gnutls_supp_recv_func @var{recv_func}, gnutls_supp_send_func @var{send_func}, unsigned @var{flags}) +@var{session}: the session for which this will be registered + +@var{name}: the name of the supplemental data to register + +@var{type}: the type of the supplemental data format + +@var{recv_func}: the function to receive the data + +@var{send_func}: the function to send the data + +@var{flags}: must be zero + +This function will register a new supplemental data type (rfc4680). +The registered supplemental functions will be used for that specific +session. The provided @code{type} must be an unassigned type in +@code{gnutls_supplemental_data_format_type_t} . + +If the type is already registered or handled by GnuTLS internally +@code{GNUTLS_E_ALREADY_REGISTERED} will be returned. + +As supplemental data are not defined under TLS 1.3, this function will +disable TLS 1.3 support for the given session. + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, otherwise a negative error code. + +@strong{Since:} 3.5.5 +@end deftypefun diff --git a/doc/functions/gnutls_session_supplemental_register.short b/doc/functions/gnutls_session_supplemental_register.short new file mode 100644 index 0000000..c1f35d8 --- /dev/null +++ b/doc/functions/gnutls_session_supplemental_register.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_session_supplemental_register} (gnutls_session_t @var{session}, const char * @var{name}, gnutls_supplemental_data_format_type_t @var{type}, gnutls_supp_recv_func @var{recv_func}, gnutls_supp_send_func @var{send_func}, unsigned @var{flags}) diff --git a/doc/functions/gnutls_session_ticket_enable_client b/doc/functions/gnutls_session_ticket_enable_client new file mode 100644 index 0000000..57fc113 --- /dev/null +++ b/doc/functions/gnutls_session_ticket_enable_client @@ -0,0 +1,16 @@ + + + + +@deftypefun {int} {gnutls_session_ticket_enable_client} (gnutls_session_t @var{session}) +@var{session}: is a @code{gnutls_session_t} type. + +Request that the client should attempt session resumption using +SessionTicket. This call is typically unnecessary as session +tickets are enabled by default. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, or an +error code. + +@strong{Since:} 2.10.0 +@end deftypefun diff --git a/doc/functions/gnutls_session_ticket_enable_client.short b/doc/functions/gnutls_session_ticket_enable_client.short new file mode 100644 index 0000000..2163ec5 --- /dev/null +++ b/doc/functions/gnutls_session_ticket_enable_client.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_session_ticket_enable_client} (gnutls_session_t @var{session}) diff --git a/doc/functions/gnutls_session_ticket_enable_server b/doc/functions/gnutls_session_ticket_enable_server new file mode 100644 index 0000000..83ab686 --- /dev/null +++ b/doc/functions/gnutls_session_ticket_enable_server @@ -0,0 +1,23 @@ + + + + +@deftypefun {int} {gnutls_session_ticket_enable_server} (gnutls_session_t @var{session}, const gnutls_datum_t * @var{key}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{key}: key to encrypt session parameters. + +Request that the server should attempt session resumption using +session tickets, i.e., by delegating storage to the client. + @code{key} must be initialized using @code{gnutls_session_ticket_key_generate()} . +To avoid leaking that key, use @code{gnutls_memset()} prior to +releasing it. + +The default ticket expiration time can be overridden using +@code{gnutls_db_set_cache_expiration()} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, or an +error code. + +@strong{Since:} 2.10.0 +@end deftypefun diff --git a/doc/functions/gnutls_session_ticket_enable_server.short b/doc/functions/gnutls_session_ticket_enable_server.short new file mode 100644 index 0000000..6e4b427 --- /dev/null +++ b/doc/functions/gnutls_session_ticket_enable_server.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_session_ticket_enable_server} (gnutls_session_t @var{session}, const gnutls_datum_t * @var{key}) diff --git a/doc/functions/gnutls_session_ticket_key_generate b/doc/functions/gnutls_session_ticket_key_generate new file mode 100644 index 0000000..e71ce45 --- /dev/null +++ b/doc/functions/gnutls_session_ticket_key_generate @@ -0,0 +1,16 @@ + + + + +@deftypefun {int} {gnutls_session_ticket_key_generate} (gnutls_datum_t * @var{key}) +@var{key}: is a pointer to a @code{gnutls_datum_t} which will contain a newly +created key. + +Generate a random key to encrypt security parameters within +SessionTicket. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, or an +error code. + +@strong{Since:} 2.10.0 +@end deftypefun diff --git a/doc/functions/gnutls_session_ticket_key_generate.short b/doc/functions/gnutls_session_ticket_key_generate.short new file mode 100644 index 0000000..0bd7157 --- /dev/null +++ b/doc/functions/gnutls_session_ticket_key_generate.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_session_ticket_key_generate} (gnutls_datum_t * @var{key}) diff --git a/doc/functions/gnutls_session_ticket_send b/doc/functions/gnutls_session_ticket_send new file mode 100644 index 0000000..7393613 --- /dev/null +++ b/doc/functions/gnutls_session_ticket_send @@ -0,0 +1,17 @@ + + + + +@deftypefun {int} {gnutls_session_ticket_send} (gnutls_session_t @var{session}, unsigned @var{nr}, unsigned @var{flags}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{nr}: the number of tickets to send + +@var{flags}: must be zero + +Sends a fresh session ticket to the peer. This is relevant only +in server side under TLS1.3. This function may also return @code{GNUTLS_E_AGAIN} +or @code{GNUTLS_E_INTERRUPTED} and in that case it must be called again. + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, or a negative error code. +@end deftypefun diff --git a/doc/functions/gnutls_session_ticket_send.short b/doc/functions/gnutls_session_ticket_send.short new file mode 100644 index 0000000..4841dd6 --- /dev/null +++ b/doc/functions/gnutls_session_ticket_send.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_session_ticket_send} (gnutls_session_t @var{session}, unsigned @var{nr}, unsigned @var{flags}) diff --git a/doc/functions/gnutls_set_default_priority b/doc/functions/gnutls_set_default_priority new file mode 100644 index 0000000..25728ba --- /dev/null +++ b/doc/functions/gnutls_set_default_priority @@ -0,0 +1,27 @@ + + + + +@deftypefun {int} {gnutls_set_default_priority} (gnutls_session_t @var{session}) +@var{session}: is a @code{gnutls_session_t} type. + +Sets the default priority on the ciphers, key exchange methods, +and macs. This is the recommended method of +setting the defaults, in order to promote consistency between applications +using GnuTLS, and to allow GnuTLS using applications to update settings +in par with the library. For client applications which require +maximum compatibility consider calling @code{gnutls_session_enable_compatibility_mode()} +after this function. + +For an application to specify additional options to priority string +consider using @code{gnutls_set_default_priority_append()} . + +To allow a user to override the defaults (e.g., when a user interface +or configuration file is available), the functions +@code{gnutls_priority_set_direct()} or @code{gnutls_priority_set()} can +be used. + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, or an error code. + +@strong{Since:} 2.1.4 +@end deftypefun diff --git a/doc/functions/gnutls_set_default_priority.short b/doc/functions/gnutls_set_default_priority.short new file mode 100644 index 0000000..97be056 --- /dev/null +++ b/doc/functions/gnutls_set_default_priority.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_set_default_priority} (gnutls_session_t @var{session}) diff --git a/doc/functions/gnutls_set_default_priority_append b/doc/functions/gnutls_set_default_priority_append new file mode 100644 index 0000000..a739adf --- /dev/null +++ b/doc/functions/gnutls_set_default_priority_append @@ -0,0 +1,32 @@ + + + + +@deftypefun {int} {gnutls_set_default_priority_append} (gnutls_session_t @var{session}, const char * @var{add_prio}, const char ** @var{err_pos}, unsigned @var{flags}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{add_prio}: is a string describing priorities to be appended to default + +@var{err_pos}: In case of an error this will have the position in the string the error occurred + +@var{flags}: must be zero + +Sets the default priority on the ciphers, key exchange methods, +and macs with the additional options in @code{add_prio} . This is the recommended method of +setting the defaults when only few additional options are to be added. This promotes +consistency between applications using GnuTLS, and allows GnuTLS using applications +to update settings in par with the library. + +The @code{add_prio} string should start as a normal priority string, e.g., +'-VERS-TLS-ALL:+VERS-TLS1.3:%COMPAT' or '%FORCE_ETM'. That is, it must not start +with ':'. + +To allow a user to override the defaults (e.g., when a user interface +or configuration file is available), the functions +@code{gnutls_priority_set_direct()} or @code{gnutls_priority_set()} can +be used. + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, or an error code. + +@strong{Since:} 3.6.3 +@end deftypefun diff --git a/doc/functions/gnutls_set_default_priority_append.short b/doc/functions/gnutls_set_default_priority_append.short new file mode 100644 index 0000000..f29cc82 --- /dev/null +++ b/doc/functions/gnutls_set_default_priority_append.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_set_default_priority_append} (gnutls_session_t @var{session}, const char * @var{add_prio}, const char ** @var{err_pos}, unsigned @var{flags}) diff --git a/doc/functions/gnutls_sign_algorithm_get b/doc/functions/gnutls_sign_algorithm_get new file mode 100644 index 0000000..9e9d767 --- /dev/null +++ b/doc/functions/gnutls_sign_algorithm_get @@ -0,0 +1,15 @@ + + + + +@deftypefun {int} {gnutls_sign_algorithm_get} (gnutls_session_t @var{session}) +@var{session}: is a @code{gnutls_session_t} type. + +Returns the signature algorithm that is (or will be) used in this +session by the server to sign data. This function should be +used only with TLS 1.2 or later. + +@strong{Returns:} The sign algorithm or @code{GNUTLS_SIGN_UNKNOWN} . + +@strong{Since:} 3.1.1 +@end deftypefun diff --git a/doc/functions/gnutls_sign_algorithm_get.short b/doc/functions/gnutls_sign_algorithm_get.short new file mode 100644 index 0000000..d5c2dba --- /dev/null +++ b/doc/functions/gnutls_sign_algorithm_get.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_sign_algorithm_get} (gnutls_session_t @var{session}) diff --git a/doc/functions/gnutls_sign_algorithm_get_client b/doc/functions/gnutls_sign_algorithm_get_client new file mode 100644 index 0000000..6689657 --- /dev/null +++ b/doc/functions/gnutls_sign_algorithm_get_client @@ -0,0 +1,15 @@ + + + + +@deftypefun {int} {gnutls_sign_algorithm_get_client} (gnutls_session_t @var{session}) +@var{session}: is a @code{gnutls_session_t} type. + +Returns the signature algorithm that is (or will be) used in this +session by the client to sign data. This function should be +used only with TLS 1.2 or later. + +@strong{Returns:} The sign algorithm or @code{GNUTLS_SIGN_UNKNOWN} . + +@strong{Since:} 3.1.11 +@end deftypefun diff --git a/doc/functions/gnutls_sign_algorithm_get_client.short b/doc/functions/gnutls_sign_algorithm_get_client.short new file mode 100644 index 0000000..17542f4 --- /dev/null +++ b/doc/functions/gnutls_sign_algorithm_get_client.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_sign_algorithm_get_client} (gnutls_session_t @var{session}) diff --git a/doc/functions/gnutls_sign_algorithm_get_requested b/doc/functions/gnutls_sign_algorithm_get_requested new file mode 100644 index 0000000..87d9fbb --- /dev/null +++ b/doc/functions/gnutls_sign_algorithm_get_requested @@ -0,0 +1,26 @@ + + + + +@deftypefun {int} {gnutls_sign_algorithm_get_requested} (gnutls_session_t @var{session}, size_t @var{indx}, gnutls_sign_algorithm_t * @var{algo}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{indx}: is an index of the signature algorithm to return + +@var{algo}: the returned certificate type will be stored there + +Returns the signature algorithm specified by index that was +requested by the peer. If the specified index has no data available +this function returns @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} . If +the negotiated TLS version does not support signature algorithms +then @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} will be returned even +for the first index. The first index is 0. + +This function is useful in the certificate callback functions +to assist in selecting the correct certificate. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise +an error code is returned. + +@strong{Since:} 2.10.0 +@end deftypefun diff --git a/doc/functions/gnutls_sign_algorithm_get_requested.short b/doc/functions/gnutls_sign_algorithm_get_requested.short new file mode 100644 index 0000000..c6e7f5c --- /dev/null +++ b/doc/functions/gnutls_sign_algorithm_get_requested.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_sign_algorithm_get_requested} (gnutls_session_t @var{session}, size_t @var{indx}, gnutls_sign_algorithm_t * @var{algo}) diff --git a/doc/functions/gnutls_sign_get_hash_algorithm b/doc/functions/gnutls_sign_get_hash_algorithm new file mode 100644 index 0000000..1d626b9 --- /dev/null +++ b/doc/functions/gnutls_sign_get_hash_algorithm @@ -0,0 +1,14 @@ + + + + +@deftypefun {gnutls_digest_algorithm_t} {gnutls_sign_get_hash_algorithm} (gnutls_sign_algorithm_t @var{sign}) +@var{sign}: is a signature algorithm + +This function returns the digest algorithm corresponding to +the given signature algorithms. + +@strong{Since:} 3.1.1 + +@strong{Returns:} return a @code{gnutls_digest_algorithm_t} value, or @code{GNUTLS_DIG_UNKNOWN} on error. +@end deftypefun diff --git a/doc/functions/gnutls_sign_get_hash_algorithm.short b/doc/functions/gnutls_sign_get_hash_algorithm.short new file mode 100644 index 0000000..5a86a01 --- /dev/null +++ b/doc/functions/gnutls_sign_get_hash_algorithm.short @@ -0,0 +1 @@ +@item @var{gnutls_digest_algorithm_t} @ref{gnutls_sign_get_hash_algorithm} (gnutls_sign_algorithm_t @var{sign}) diff --git a/doc/functions/gnutls_sign_get_id b/doc/functions/gnutls_sign_get_id new file mode 100644 index 0000000..8756a3b --- /dev/null +++ b/doc/functions/gnutls_sign_get_id @@ -0,0 +1,12 @@ + + + + +@deftypefun {gnutls_sign_algorithm_t} {gnutls_sign_get_id} (const char * @var{name}) +@var{name}: is a sign algorithm name + +The names are compared in a case insensitive way. + +@strong{Returns:} return a @code{gnutls_sign_algorithm_t} value corresponding to +the specified algorithm, or @code{GNUTLS_SIGN_UNKNOWN} on error. +@end deftypefun diff --git a/doc/functions/gnutls_sign_get_id.short b/doc/functions/gnutls_sign_get_id.short new file mode 100644 index 0000000..58797ba --- /dev/null +++ b/doc/functions/gnutls_sign_get_id.short @@ -0,0 +1 @@ +@item @var{gnutls_sign_algorithm_t} @ref{gnutls_sign_get_id} (const char * @var{name}) diff --git a/doc/functions/gnutls_sign_get_name b/doc/functions/gnutls_sign_get_name new file mode 100644 index 0000000..4ac6cfb --- /dev/null +++ b/doc/functions/gnutls_sign_get_name @@ -0,0 +1,12 @@ + + + + +@deftypefun {const char *} {gnutls_sign_get_name} (gnutls_sign_algorithm_t @var{algorithm}) +@var{algorithm}: is a sign algorithm + +Convert a @code{gnutls_sign_algorithm_t} value to a string. + +@strong{Returns:} a string that contains the name of the specified sign +algorithm, or @code{NULL} . +@end deftypefun diff --git a/doc/functions/gnutls_sign_get_name.short b/doc/functions/gnutls_sign_get_name.short new file mode 100644 index 0000000..6ad4180 --- /dev/null +++ b/doc/functions/gnutls_sign_get_name.short @@ -0,0 +1 @@ +@item @var{const char *} @ref{gnutls_sign_get_name} (gnutls_sign_algorithm_t @var{algorithm}) diff --git a/doc/functions/gnutls_sign_get_oid b/doc/functions/gnutls_sign_get_oid new file mode 100644 index 0000000..849f313 --- /dev/null +++ b/doc/functions/gnutls_sign_get_oid @@ -0,0 +1,14 @@ + + + + +@deftypefun {const char *} {gnutls_sign_get_oid} (gnutls_sign_algorithm_t @var{sign}) +@var{sign}: is a sign algorithm + +Convert a @code{gnutls_sign_algorithm_t} value to its object identifier. + +@strong{Returns:} a string that contains the object identifier of the specified sign +algorithm, or @code{NULL} . + +@strong{Since:} 3.4.3 +@end deftypefun diff --git a/doc/functions/gnutls_sign_get_oid.short b/doc/functions/gnutls_sign_get_oid.short new file mode 100644 index 0000000..ab49135 --- /dev/null +++ b/doc/functions/gnutls_sign_get_oid.short @@ -0,0 +1 @@ +@item @var{const char *} @ref{gnutls_sign_get_oid} (gnutls_sign_algorithm_t @var{sign}) diff --git a/doc/functions/gnutls_sign_get_pk_algorithm b/doc/functions/gnutls_sign_get_pk_algorithm new file mode 100644 index 0000000..1a6038b --- /dev/null +++ b/doc/functions/gnutls_sign_get_pk_algorithm @@ -0,0 +1,16 @@ + + + + +@deftypefun {gnutls_pk_algorithm_t} {gnutls_sign_get_pk_algorithm} (gnutls_sign_algorithm_t @var{sign}) +@var{sign}: is a signature algorithm + +This function returns the public key algorithm corresponding to +the given signature algorithms. Note that there may be multiple +public key algorithms supporting a particular signature type; +when dealing with such algorithms use instead @code{gnutls_sign_supports_pk_algorithm()} . + +@strong{Since:} 3.1.1 + +@strong{Returns:} return a @code{gnutls_pk_algorithm_t} value, or @code{GNUTLS_PK_UNKNOWN} on error. +@end deftypefun diff --git a/doc/functions/gnutls_sign_get_pk_algorithm.short b/doc/functions/gnutls_sign_get_pk_algorithm.short new file mode 100644 index 0000000..1583c1d --- /dev/null +++ b/doc/functions/gnutls_sign_get_pk_algorithm.short @@ -0,0 +1 @@ +@item @var{gnutls_pk_algorithm_t} @ref{gnutls_sign_get_pk_algorithm} (gnutls_sign_algorithm_t @var{sign}) diff --git a/doc/functions/gnutls_sign_is_secure b/doc/functions/gnutls_sign_is_secure new file mode 100644 index 0000000..d6abbf6 --- /dev/null +++ b/doc/functions/gnutls_sign_is_secure @@ -0,0 +1,10 @@ + + + + +@deftypefun {unsigned} {gnutls_sign_is_secure} (gnutls_sign_algorithm_t @var{algorithm}) +@var{algorithm}: is a sign algorithm + + +@strong{Returns:} Non-zero if the provided signature algorithm is considered to be secure. +@end deftypefun diff --git a/doc/functions/gnutls_sign_is_secure.short b/doc/functions/gnutls_sign_is_secure.short new file mode 100644 index 0000000..9213dac --- /dev/null +++ b/doc/functions/gnutls_sign_is_secure.short @@ -0,0 +1 @@ +@item @var{unsigned} @ref{gnutls_sign_is_secure} (gnutls_sign_algorithm_t @var{algorithm}) diff --git a/doc/functions/gnutls_sign_is_secure2 b/doc/functions/gnutls_sign_is_secure2 new file mode 100644 index 0000000..756a9d8 --- /dev/null +++ b/doc/functions/gnutls_sign_is_secure2 @@ -0,0 +1,12 @@ + + + + +@deftypefun {unsigned} {gnutls_sign_is_secure2} (gnutls_sign_algorithm_t @var{algorithm}, unsigned int @var{flags}) +@var{algorithm}: is a sign algorithm + +@var{flags}: zero or @code{GNUTLS_SIGN_FLAG_SECURE_FOR_CERTS} + + +@strong{Returns:} Non-zero if the provided signature algorithm is considered to be secure. +@end deftypefun diff --git a/doc/functions/gnutls_sign_is_secure2.short b/doc/functions/gnutls_sign_is_secure2.short new file mode 100644 index 0000000..915bdf1 --- /dev/null +++ b/doc/functions/gnutls_sign_is_secure2.short @@ -0,0 +1 @@ +@item @var{unsigned} @ref{gnutls_sign_is_secure2} (gnutls_sign_algorithm_t @var{algorithm}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_sign_list b/doc/functions/gnutls_sign_list new file mode 100644 index 0000000..284d7cd --- /dev/null +++ b/doc/functions/gnutls_sign_list @@ -0,0 +1,12 @@ + + + + +@deftypefun {const gnutls_sign_algorithm_t *} {gnutls_sign_list} ( @var{void}) + +Get a list of supported public key signature algorithms. +This function is not thread safe. + +@strong{Returns:} a (0)-terminated list of @code{gnutls_sign_algorithm_t} +integers indicating the available ciphers. +@end deftypefun diff --git a/doc/functions/gnutls_sign_list.short b/doc/functions/gnutls_sign_list.short new file mode 100644 index 0000000..0667b4d --- /dev/null +++ b/doc/functions/gnutls_sign_list.short @@ -0,0 +1 @@ +@item @var{const gnutls_sign_algorithm_t *} @ref{gnutls_sign_list} ( @var{void}) diff --git a/doc/functions/gnutls_sign_supports_pk_algorithm b/doc/functions/gnutls_sign_supports_pk_algorithm new file mode 100644 index 0000000..ca0fd8c --- /dev/null +++ b/doc/functions/gnutls_sign_supports_pk_algorithm @@ -0,0 +1,17 @@ + + + + +@deftypefun {unsigned} {gnutls_sign_supports_pk_algorithm} (gnutls_sign_algorithm_t @var{sign}, gnutls_pk_algorithm_t @var{pk}) +@var{sign}: is a signature algorithm + +@var{pk}: is a public key algorithm + +This function returns non-zero if the public key algorithm corresponds to +the given signature algorithm. That is, if that signature can be generated +from the given private key algorithm. + +@strong{Since:} 3.6.0 + +@strong{Returns:} return non-zero when the provided algorithms are compatible. +@end deftypefun diff --git a/doc/functions/gnutls_sign_supports_pk_algorithm.short b/doc/functions/gnutls_sign_supports_pk_algorithm.short new file mode 100644 index 0000000..50be6d9 --- /dev/null +++ b/doc/functions/gnutls_sign_supports_pk_algorithm.short @@ -0,0 +1 @@ +@item @var{unsigned} @ref{gnutls_sign_supports_pk_algorithm} (gnutls_sign_algorithm_t @var{sign}, gnutls_pk_algorithm_t @var{pk}) diff --git a/doc/functions/gnutls_srp_allocate_client_credentials b/doc/functions/gnutls_srp_allocate_client_credentials new file mode 100644 index 0000000..2945b80 --- /dev/null +++ b/doc/functions/gnutls_srp_allocate_client_credentials @@ -0,0 +1,12 @@ + + + + +@deftypefun {int} {gnutls_srp_allocate_client_credentials} (gnutls_srp_client_credentials_t * @var{sc}) +@var{sc}: is a pointer to a @code{gnutls_srp_server_credentials_t} type. + +Allocate a gnutls_srp_client_credentials_t structure. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, or an +error code. +@end deftypefun diff --git a/doc/functions/gnutls_srp_allocate_client_credentials.short b/doc/functions/gnutls_srp_allocate_client_credentials.short new file mode 100644 index 0000000..efc42fd --- /dev/null +++ b/doc/functions/gnutls_srp_allocate_client_credentials.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_srp_allocate_client_credentials} (gnutls_srp_client_credentials_t * @var{sc}) diff --git a/doc/functions/gnutls_srp_allocate_server_credentials b/doc/functions/gnutls_srp_allocate_server_credentials new file mode 100644 index 0000000..1724c72 --- /dev/null +++ b/doc/functions/gnutls_srp_allocate_server_credentials @@ -0,0 +1,12 @@ + + + + +@deftypefun {int} {gnutls_srp_allocate_server_credentials} (gnutls_srp_server_credentials_t * @var{sc}) +@var{sc}: is a pointer to a @code{gnutls_srp_server_credentials_t} type. + +Allocate a gnutls_srp_server_credentials_t structure. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, or an +error code. +@end deftypefun diff --git a/doc/functions/gnutls_srp_allocate_server_credentials.short b/doc/functions/gnutls_srp_allocate_server_credentials.short new file mode 100644 index 0000000..843214a --- /dev/null +++ b/doc/functions/gnutls_srp_allocate_server_credentials.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_srp_allocate_server_credentials} (gnutls_srp_server_credentials_t * @var{sc}) diff --git a/doc/functions/gnutls_srp_base64_decode b/doc/functions/gnutls_srp_base64_decode new file mode 100644 index 0000000..3fc474a --- /dev/null +++ b/doc/functions/gnutls_srp_base64_decode @@ -0,0 +1,22 @@ + + + + +@deftypefun {int} {gnutls_srp_base64_decode} (const gnutls_datum_t * @var{b64_data}, char * @var{result}, size_t * @var{result_size}) +@var{b64_data}: contain the encoded data + +@var{result}: the place where decoded data will be copied + +@var{result_size}: holds the size of the result + +This function will decode the given encoded data, using the base64 +encoding found in libsrp. + +Note that @code{b64_data} should be null terminated. + +Warning! This base64 encoding is not the "standard" encoding, so +do not use it for non-SRP purposes. + +@strong{Returns:} @code{GNUTLS_E_SHORT_MEMORY_BUFFER} if the buffer given is not +long enough, or 0 on success. +@end deftypefun diff --git a/doc/functions/gnutls_srp_base64_decode.short b/doc/functions/gnutls_srp_base64_decode.short new file mode 100644 index 0000000..e49ae2d --- /dev/null +++ b/doc/functions/gnutls_srp_base64_decode.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_srp_base64_decode} (const gnutls_datum_t * @var{b64_data}, char * @var{result}, size_t * @var{result_size}) diff --git a/doc/functions/gnutls_srp_base64_decode2 b/doc/functions/gnutls_srp_base64_decode2 new file mode 100644 index 0000000..78f0971 --- /dev/null +++ b/doc/functions/gnutls_srp_base64_decode2 @@ -0,0 +1,20 @@ + + + + +@deftypefun {int} {gnutls_srp_base64_decode2} (const gnutls_datum_t * @var{b64_data}, gnutls_datum_t * @var{result}) +@var{b64_data}: contains the encoded data + +@var{result}: the place where decoded data lie + +This function will decode the given encoded data. The decoded data +will be allocated, and stored into result. It will decode using +the base64 algorithm as used in libsrp. + +You should use @code{gnutls_free()} to free the returned data. + +Warning! This base64 encoding is not the "standard" encoding, so +do not use it for non-SRP purposes. + +@strong{Returns:} 0 on success, or an error code. +@end deftypefun diff --git a/doc/functions/gnutls_srp_base64_decode2.short b/doc/functions/gnutls_srp_base64_decode2.short new file mode 100644 index 0000000..f5ad566 --- /dev/null +++ b/doc/functions/gnutls_srp_base64_decode2.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_srp_base64_decode2} (const gnutls_datum_t * @var{b64_data}, gnutls_datum_t * @var{result}) diff --git a/doc/functions/gnutls_srp_base64_encode b/doc/functions/gnutls_srp_base64_encode new file mode 100644 index 0000000..555e6ff --- /dev/null +++ b/doc/functions/gnutls_srp_base64_encode @@ -0,0 +1,22 @@ + + + + +@deftypefun {int} {gnutls_srp_base64_encode} (const gnutls_datum_t * @var{data}, char * @var{result}, size_t * @var{result_size}) +@var{data}: contain the raw data + +@var{result}: the place where base64 data will be copied + +@var{result_size}: holds the size of the result + +This function will convert the given data to printable data, using +the base64 encoding, as used in the libsrp. This is the encoding +used in SRP password files. If the provided buffer is not long +enough GNUTLS_E_SHORT_MEMORY_BUFFER is returned. + +Warning! This base64 encoding is not the "standard" encoding, so +do not use it for non-SRP purposes. + +@strong{Returns:} @code{GNUTLS_E_SHORT_MEMORY_BUFFER} if the buffer given is not +long enough, or 0 on success. +@end deftypefun diff --git a/doc/functions/gnutls_srp_base64_encode.short b/doc/functions/gnutls_srp_base64_encode.short new file mode 100644 index 0000000..189e297 --- /dev/null +++ b/doc/functions/gnutls_srp_base64_encode.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_srp_base64_encode} (const gnutls_datum_t * @var{data}, char * @var{result}, size_t * @var{result_size}) diff --git a/doc/functions/gnutls_srp_base64_encode2 b/doc/functions/gnutls_srp_base64_encode2 new file mode 100644 index 0000000..29ae50b --- /dev/null +++ b/doc/functions/gnutls_srp_base64_encode2 @@ -0,0 +1,21 @@ + + + + +@deftypefun {int} {gnutls_srp_base64_encode2} (const gnutls_datum_t * @var{data}, gnutls_datum_t * @var{result}) +@var{data}: contains the raw data + +@var{result}: will hold the newly allocated encoded data + +This function will convert the given data to printable data, using +the base64 encoding. This is the encoding used in SRP password +files. This function will allocate the required memory to hold +the encoded data. + +You should use @code{gnutls_free()} to free the returned data. + +Warning! This base64 encoding is not the "standard" encoding, so +do not use it for non-SRP purposes. + +@strong{Returns:} 0 on success, or an error code. +@end deftypefun diff --git a/doc/functions/gnutls_srp_base64_encode2.short b/doc/functions/gnutls_srp_base64_encode2.short new file mode 100644 index 0000000..a85ccd6 --- /dev/null +++ b/doc/functions/gnutls_srp_base64_encode2.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_srp_base64_encode2} (const gnutls_datum_t * @var{data}, gnutls_datum_t * @var{result}) diff --git a/doc/functions/gnutls_srp_free_client_credentials b/doc/functions/gnutls_srp_free_client_credentials new file mode 100644 index 0000000..1d3c610 --- /dev/null +++ b/doc/functions/gnutls_srp_free_client_credentials @@ -0,0 +1,9 @@ + + + + +@deftypefun {void} {gnutls_srp_free_client_credentials} (gnutls_srp_client_credentials_t @var{sc}) +@var{sc}: is a @code{gnutls_srp_client_credentials_t} type. + +Free a gnutls_srp_client_credentials_t structure. +@end deftypefun diff --git a/doc/functions/gnutls_srp_free_client_credentials.short b/doc/functions/gnutls_srp_free_client_credentials.short new file mode 100644 index 0000000..ac8c3dc --- /dev/null +++ b/doc/functions/gnutls_srp_free_client_credentials.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_srp_free_client_credentials} (gnutls_srp_client_credentials_t @var{sc}) diff --git a/doc/functions/gnutls_srp_free_server_credentials b/doc/functions/gnutls_srp_free_server_credentials new file mode 100644 index 0000000..de3d37d --- /dev/null +++ b/doc/functions/gnutls_srp_free_server_credentials @@ -0,0 +1,9 @@ + + + + +@deftypefun {void} {gnutls_srp_free_server_credentials} (gnutls_srp_server_credentials_t @var{sc}) +@var{sc}: is a @code{gnutls_srp_server_credentials_t} type. + +Free a gnutls_srp_server_credentials_t structure. +@end deftypefun diff --git a/doc/functions/gnutls_srp_free_server_credentials.short b/doc/functions/gnutls_srp_free_server_credentials.short new file mode 100644 index 0000000..a7f3c1d --- /dev/null +++ b/doc/functions/gnutls_srp_free_server_credentials.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_srp_free_server_credentials} (gnutls_srp_server_credentials_t @var{sc}) diff --git a/doc/functions/gnutls_srp_server_get_username b/doc/functions/gnutls_srp_server_get_username new file mode 100644 index 0000000..47ebaa3 --- /dev/null +++ b/doc/functions/gnutls_srp_server_get_username @@ -0,0 +1,13 @@ + + + + +@deftypefun {const char *} {gnutls_srp_server_get_username} (gnutls_session_t @var{session}) +@var{session}: is a gnutls session + +This function will return the username of the peer. This should +only be called in case of SRP authentication and in case of a +server. Returns NULL in case of an error. + +@strong{Returns:} SRP username of the peer, or NULL in case of error. +@end deftypefun diff --git a/doc/functions/gnutls_srp_server_get_username.short b/doc/functions/gnutls_srp_server_get_username.short new file mode 100644 index 0000000..4fac2f5 --- /dev/null +++ b/doc/functions/gnutls_srp_server_get_username.short @@ -0,0 +1 @@ +@item @var{const char *} @ref{gnutls_srp_server_get_username} (gnutls_session_t @var{session}) diff --git a/doc/functions/gnutls_srp_set_client_credentials b/doc/functions/gnutls_srp_set_client_credentials new file mode 100644 index 0000000..24b18df --- /dev/null +++ b/doc/functions/gnutls_srp_set_client_credentials @@ -0,0 +1,21 @@ + + + + +@deftypefun {int} {gnutls_srp_set_client_credentials} (gnutls_srp_client_credentials_t @var{res}, const char * @var{username}, const char * @var{password}) +@var{res}: is a @code{gnutls_srp_client_credentials_t} type. + +@var{username}: is the user's userid + +@var{password}: is the user's password + +This function sets the username and password, in a +@code{gnutls_srp_client_credentials_t} type. Those will be used in +SRP authentication. @code{username} should be an ASCII string or UTF-8 +string. In case of a UTF-8 string it is recommended to be following +the PRECIS framework for usernames (rfc8265). The password can +be in ASCII format, or normalized using @code{gnutls_utf8_password_normalize()} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, or an +error code. +@end deftypefun diff --git a/doc/functions/gnutls_srp_set_client_credentials.short b/doc/functions/gnutls_srp_set_client_credentials.short new file mode 100644 index 0000000..ac5b936 --- /dev/null +++ b/doc/functions/gnutls_srp_set_client_credentials.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_srp_set_client_credentials} (gnutls_srp_client_credentials_t @var{res}, const char * @var{username}, const char * @var{password}) diff --git a/doc/functions/gnutls_srp_set_client_credentials_function b/doc/functions/gnutls_srp_set_client_credentials_function new file mode 100644 index 0000000..18f77cc --- /dev/null +++ b/doc/functions/gnutls_srp_set_client_credentials_function @@ -0,0 +1,32 @@ + + + + +@deftypefun {void} {gnutls_srp_set_client_credentials_function} (gnutls_srp_client_credentials_t @var{cred}, gnutls_srp_client_credentials_function * @var{func}) +@var{cred}: is a @code{gnutls_srp_server_credentials_t} type. + +@var{func}: is the callback function + +This function can be used to set a callback to retrieve the +username and password for client SRP authentication. The +callback's function form is: + +int (*callback)(gnutls_session_t, char** username, char**password); + +The @code{username} and @code{password} must be allocated using +@code{gnutls_malloc()} . + +The @code{username} should be an ASCII string or UTF-8 +string. In case of a UTF-8 string it is recommended to be following +the PRECIS framework for usernames (rfc8265). The password can +be in ASCII format, or normalized using @code{gnutls_utf8_password_normalize()} . + +The callback function will be called once per handshake before the +initial hello message is sent. + +The callback should not return a negative error code the second +time called, since the handshake procedure will be aborted. + +The callback function should return 0 on success. +-1 indicates an error. +@end deftypefun diff --git a/doc/functions/gnutls_srp_set_client_credentials_function.short b/doc/functions/gnutls_srp_set_client_credentials_function.short new file mode 100644 index 0000000..207b0a9 --- /dev/null +++ b/doc/functions/gnutls_srp_set_client_credentials_function.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_srp_set_client_credentials_function} (gnutls_srp_client_credentials_t @var{cred}, gnutls_srp_client_credentials_function * @var{func}) diff --git a/doc/functions/gnutls_srp_set_prime_bits b/doc/functions/gnutls_srp_set_prime_bits new file mode 100644 index 0000000..bb93071 --- /dev/null +++ b/doc/functions/gnutls_srp_set_prime_bits @@ -0,0 +1,21 @@ + + + + +@deftypefun {void} {gnutls_srp_set_prime_bits} (gnutls_session_t @var{session}, unsigned int @var{bits}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{bits}: is the number of bits + +This function sets the minimum accepted number of bits, for use in +an SRP key exchange. If zero, the default 2048 bits will be used. + +In the client side it sets the minimum accepted number of bits. If +a server sends a prime with less bits than that +@code{GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER} will be returned by the +handshake. + +This function has no effect in server side. + +@strong{Since:} 2.6.0 +@end deftypefun diff --git a/doc/functions/gnutls_srp_set_prime_bits.short b/doc/functions/gnutls_srp_set_prime_bits.short new file mode 100644 index 0000000..7004913 --- /dev/null +++ b/doc/functions/gnutls_srp_set_prime_bits.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_srp_set_prime_bits} (gnutls_session_t @var{session}, unsigned int @var{bits}) diff --git a/doc/functions/gnutls_srp_set_server_credentials_file b/doc/functions/gnutls_srp_set_server_credentials_file new file mode 100644 index 0000000..8d8d56b --- /dev/null +++ b/doc/functions/gnutls_srp_set_server_credentials_file @@ -0,0 +1,19 @@ + + + + +@deftypefun {int} {gnutls_srp_set_server_credentials_file} (gnutls_srp_server_credentials_t @var{res}, const char * @var{password_file}, const char * @var{password_conf_file}) +@var{res}: is a @code{gnutls_srp_server_credentials_t} type. + +@var{password_file}: is the SRP password file (tpasswd) + +@var{password_conf_file}: is the SRP password conf file (tpasswd.conf) + +This function sets the password files, in a +@code{gnutls_srp_server_credentials_t} type. Those password files +hold usernames and verifiers and will be used for SRP +authentication. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, or an +error code. +@end deftypefun diff --git a/doc/functions/gnutls_srp_set_server_credentials_file.short b/doc/functions/gnutls_srp_set_server_credentials_file.short new file mode 100644 index 0000000..d86a5d9 --- /dev/null +++ b/doc/functions/gnutls_srp_set_server_credentials_file.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_srp_set_server_credentials_file} (gnutls_srp_server_credentials_t @var{res}, const char * @var{password_file}, const char * @var{password_conf_file}) diff --git a/doc/functions/gnutls_srp_set_server_credentials_function b/doc/functions/gnutls_srp_set_server_credentials_function new file mode 100644 index 0000000..0a34894 --- /dev/null +++ b/doc/functions/gnutls_srp_set_server_credentials_function @@ -0,0 +1,37 @@ + + + + +@deftypefun {void} {gnutls_srp_set_server_credentials_function} (gnutls_srp_server_credentials_t @var{cred}, gnutls_srp_server_credentials_function * @var{func}) +@var{cred}: is a @code{gnutls_srp_server_credentials_t} type. + +@var{func}: is the callback function + +This function can be used to set a callback to retrieve the user's +SRP credentials. The callback's function form is: + +int (*callback)(gnutls_session_t, const char* username, +gnutls_datum_t *salt, gnutls_datum_t *verifier, gnutls_datum_t *generator, +gnutls_datum_t *prime); + + @code{username} contains the actual username. +The @code{salt} , @code{verifier} , @code{generator} and @code{prime} must be filled +in using the @code{gnutls_malloc()} . For convenience @code{prime} and @code{generator} may also be one of the static parameters defined in gnutls.h. + +Initially, the data field is NULL in every @code{gnutls_datum_t} +structure that the callback has to fill in. When the +callback is done GnuTLS deallocates all of those buffers +which are non-NULL, regardless of the return value. + +In order to prevent attackers from guessing valid usernames, +if a user does not exist, g and n values should be filled in +using a random user's parameters. In that case the callback must +return the special value (1). +See @code{gnutls_srp_set_server_fake_salt_seed} too. +If this is not required for your application, return a negative +number from the callback to abort the handshake. + +The callback function will only be called once per handshake. +The callback function should return 0 on success, while +-1 indicates an error. +@end deftypefun diff --git a/doc/functions/gnutls_srp_set_server_credentials_function.short b/doc/functions/gnutls_srp_set_server_credentials_function.short new file mode 100644 index 0000000..b775485 --- /dev/null +++ b/doc/functions/gnutls_srp_set_server_credentials_function.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_srp_set_server_credentials_function} (gnutls_srp_server_credentials_t @var{cred}, gnutls_srp_server_credentials_function * @var{func}) diff --git a/doc/functions/gnutls_srp_set_server_fake_salt_seed b/doc/functions/gnutls_srp_set_server_fake_salt_seed new file mode 100644 index 0000000..6e52314 --- /dev/null +++ b/doc/functions/gnutls_srp_set_server_fake_salt_seed @@ -0,0 +1,35 @@ + + + + +@deftypefun {void} {gnutls_srp_set_server_fake_salt_seed} (gnutls_srp_server_credentials_t @var{cred}, const gnutls_datum_t * @var{seed}, unsigned int @var{salt_length}) +@var{cred}: is a @code{gnutls_srp_server_credentials_t} type + +@var{seed}: is the seed data, only needs to be valid until the function +returns; size of the seed must be greater than zero + +@var{salt_length}: is the length of the generated fake salts + +This function sets the seed that is used to generate salts for +invalid (non-existent) usernames. + +In order to prevent attackers from guessing valid usernames, +when a user does not exist gnutls generates a salt and a verifier +and proceeds with the protocol as usual. +The authentication will ultimately fail, but the client cannot tell +whether the username is valid (exists) or invalid. + +If an attacker learns the seed, given a salt (which is part of the +handshake) which was generated when the seed was in use, it can tell +whether or not the authentication failed because of an unknown username. +This seed cannot be used to reveal application data or passwords. + + @code{salt_length} should represent the salt length your application uses. +Generating fake salts longer than 20 bytes is not supported. + +By default the seed is a random value, different each time a +@code{gnutls_srp_server_credentials_t} is allocated and fake salts are +16 bytes long. + +@strong{Since:} 3.3.0 +@end deftypefun diff --git a/doc/functions/gnutls_srp_set_server_fake_salt_seed.short b/doc/functions/gnutls_srp_set_server_fake_salt_seed.short new file mode 100644 index 0000000..1b7aaf3 --- /dev/null +++ b/doc/functions/gnutls_srp_set_server_fake_salt_seed.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_srp_set_server_fake_salt_seed} (gnutls_srp_server_credentials_t @var{cred}, const gnutls_datum_t * @var{seed}, unsigned int @var{salt_length}) diff --git a/doc/functions/gnutls_srp_verifier b/doc/functions/gnutls_srp_verifier new file mode 100644 index 0000000..a0d7079 --- /dev/null +++ b/doc/functions/gnutls_srp_verifier @@ -0,0 +1,27 @@ + + + + +@deftypefun {int} {gnutls_srp_verifier} (const char * @var{username}, const char * @var{password}, const gnutls_datum_t * @var{salt}, const gnutls_datum_t * @var{generator}, const gnutls_datum_t * @var{prime}, gnutls_datum_t * @var{res}) +@var{username}: is the user's name + +@var{password}: is the user's password + +@var{salt}: should be some randomly generated bytes + +@var{generator}: is the generator of the group + +@var{prime}: is the group's prime + +@var{res}: where the verifier will be stored. + +This function will create an SRP verifier, as specified in +RFC2945. The @code{prime} and @code{generator} should be one of the static +parameters defined in gnutls/gnutls.h or may be generated. + +The verifier will be allocated with @code{gnutls_malloc} () and will be stored in + @code{res} using binary format. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, or an +error code. +@end deftypefun diff --git a/doc/functions/gnutls_srp_verifier.short b/doc/functions/gnutls_srp_verifier.short new file mode 100644 index 0000000..d667f50 --- /dev/null +++ b/doc/functions/gnutls_srp_verifier.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_srp_verifier} (const char * @var{username}, const char * @var{password}, const gnutls_datum_t * @var{salt}, const gnutls_datum_t * @var{generator}, const gnutls_datum_t * @var{prime}, gnutls_datum_t * @var{res}) diff --git a/doc/functions/gnutls_srtp_get_keys b/doc/functions/gnutls_srtp_get_keys new file mode 100644 index 0000000..1070fed --- /dev/null +++ b/doc/functions/gnutls_srtp_get_keys @@ -0,0 +1,30 @@ + + + + +@deftypefun {int} {gnutls_srtp_get_keys} (gnutls_session_t @var{session}, void * @var{key_material}, unsigned int @var{key_material_size}, gnutls_datum_t * @var{client_key}, gnutls_datum_t * @var{client_salt}, gnutls_datum_t * @var{server_key}, gnutls_datum_t * @var{server_salt}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{key_material}: Space to hold the generated key material + +@var{key_material_size}: The maximum size of the key material + +@var{client_key}: The master client write key, pointing inside the key material + +@var{client_salt}: The master client write salt, pointing inside the key material + +@var{server_key}: The master server write key, pointing inside the key material + +@var{server_salt}: The master server write salt, pointing inside the key material + +This is a helper function to generate the keying material for SRTP. +It requires the space of the key material to be pre-allocated (should be at least +2x the maximum key size and salt size). The @code{client_key} , @code{client_salt} , @code{server_key} and @code{server_salt} are convenience datums that point inside the key material. They may +be @code{NULL} . + +@strong{Returns:} On success the size of the key material is returned, +otherwise, @code{GNUTLS_E_SHORT_MEMORY_BUFFER} if the buffer given is not +sufficient, or a negative error code. + +Since 3.1.4 +@end deftypefun diff --git a/doc/functions/gnutls_srtp_get_keys.short b/doc/functions/gnutls_srtp_get_keys.short new file mode 100644 index 0000000..b257818 --- /dev/null +++ b/doc/functions/gnutls_srtp_get_keys.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_srtp_get_keys} (gnutls_session_t @var{session}, void * @var{key_material}, unsigned int @var{key_material_size}, gnutls_datum_t * @var{client_key}, gnutls_datum_t * @var{client_salt}, gnutls_datum_t * @var{server_key}, gnutls_datum_t * @var{server_salt}) diff --git a/doc/functions/gnutls_srtp_get_mki b/doc/functions/gnutls_srtp_get_mki new file mode 100644 index 0000000..8e7acc0 --- /dev/null +++ b/doc/functions/gnutls_srtp_get_mki @@ -0,0 +1,18 @@ + + + + +@deftypefun {int} {gnutls_srtp_get_mki} (gnutls_session_t @var{session}, gnutls_datum_t * @var{mki}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{mki}: will hold the MKI + +This function exports the negotiated Master Key Identifier, +received by the peer if any. The returned value in @code{mki} should be +treated as constant and valid only during the session's lifetime. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, +otherwise a negative error code is returned. + +Since 3.1.4 +@end deftypefun diff --git a/doc/functions/gnutls_srtp_get_mki.short b/doc/functions/gnutls_srtp_get_mki.short new file mode 100644 index 0000000..56c44f7 --- /dev/null +++ b/doc/functions/gnutls_srtp_get_mki.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_srtp_get_mki} (gnutls_session_t @var{session}, gnutls_datum_t * @var{mki}) diff --git a/doc/functions/gnutls_srtp_get_profile_id b/doc/functions/gnutls_srtp_get_profile_id new file mode 100644 index 0000000..7ac9bf4 --- /dev/null +++ b/doc/functions/gnutls_srtp_get_profile_id @@ -0,0 +1,16 @@ + + + + +@deftypefun {int} {gnutls_srtp_get_profile_id} (const char * @var{name}, gnutls_srtp_profile_t * @var{profile}) +@var{name}: The name of the profile to look up + +@var{profile}: Will hold the profile id + +This function allows you to look up a profile based on a string. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, +otherwise a negative error code is returned. + +Since 3.1.4 +@end deftypefun diff --git a/doc/functions/gnutls_srtp_get_profile_id.short b/doc/functions/gnutls_srtp_get_profile_id.short new file mode 100644 index 0000000..a7687b9 --- /dev/null +++ b/doc/functions/gnutls_srtp_get_profile_id.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_srtp_get_profile_id} (const char * @var{name}, gnutls_srtp_profile_t * @var{profile}) diff --git a/doc/functions/gnutls_srtp_get_profile_name b/doc/functions/gnutls_srtp_get_profile_name new file mode 100644 index 0000000..d1deeb7 --- /dev/null +++ b/doc/functions/gnutls_srtp_get_profile_name @@ -0,0 +1,15 @@ + + + + +@deftypefun {const char *} {gnutls_srtp_get_profile_name} (gnutls_srtp_profile_t @var{profile}) +@var{profile}: The profile to look up a string for + +This function allows you to get the corresponding name for a +SRTP protection profile. + +@strong{Returns:} On success, the name of a SRTP profile as a string, +otherwise NULL. + +Since 3.1.4 +@end deftypefun diff --git a/doc/functions/gnutls_srtp_get_profile_name.short b/doc/functions/gnutls_srtp_get_profile_name.short new file mode 100644 index 0000000..33b01fb --- /dev/null +++ b/doc/functions/gnutls_srtp_get_profile_name.short @@ -0,0 +1 @@ +@item @var{const char *} @ref{gnutls_srtp_get_profile_name} (gnutls_srtp_profile_t @var{profile}) diff --git a/doc/functions/gnutls_srtp_get_selected_profile b/doc/functions/gnutls_srtp_get_selected_profile new file mode 100644 index 0000000..b381670 --- /dev/null +++ b/doc/functions/gnutls_srtp_get_selected_profile @@ -0,0 +1,16 @@ + + + + +@deftypefun {int} {gnutls_srtp_get_selected_profile} (gnutls_session_t @var{session}, gnutls_srtp_profile_t * @var{profile}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{profile}: will hold the profile + +This function allows you to get the negotiated SRTP profile. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, +otherwise a negative error code is returned. + +Since 3.1.4 +@end deftypefun diff --git a/doc/functions/gnutls_srtp_get_selected_profile.short b/doc/functions/gnutls_srtp_get_selected_profile.short new file mode 100644 index 0000000..4556c0c --- /dev/null +++ b/doc/functions/gnutls_srtp_get_selected_profile.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_srtp_get_selected_profile} (gnutls_session_t @var{session}, gnutls_srtp_profile_t * @var{profile}) diff --git a/doc/functions/gnutls_srtp_set_mki b/doc/functions/gnutls_srtp_set_mki new file mode 100644 index 0000000..efca51a --- /dev/null +++ b/doc/functions/gnutls_srtp_set_mki @@ -0,0 +1,17 @@ + + + + +@deftypefun {int} {gnutls_srtp_set_mki} (gnutls_session_t @var{session}, const gnutls_datum_t * @var{mki}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{mki}: holds the MKI + +This function sets the Master Key Identifier, to be +used by this session (if any). + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, +otherwise a negative error code is returned. + +Since 3.1.4 +@end deftypefun diff --git a/doc/functions/gnutls_srtp_set_mki.short b/doc/functions/gnutls_srtp_set_mki.short new file mode 100644 index 0000000..5c95ccd --- /dev/null +++ b/doc/functions/gnutls_srtp_set_mki.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_srtp_set_mki} (gnutls_session_t @var{session}, const gnutls_datum_t * @var{mki}) diff --git a/doc/functions/gnutls_srtp_set_profile b/doc/functions/gnutls_srtp_set_profile new file mode 100644 index 0000000..f2108cd --- /dev/null +++ b/doc/functions/gnutls_srtp_set_profile @@ -0,0 +1,17 @@ + + + + +@deftypefun {int} {gnutls_srtp_set_profile} (gnutls_session_t @var{session}, gnutls_srtp_profile_t @var{profile}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{profile}: is the profile id to add. + +This function is to be used by both clients and servers, to declare +what SRTP profiles they support, to negotiate with the peer. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, +otherwise a negative error code is returned. + +Since 3.1.4 +@end deftypefun diff --git a/doc/functions/gnutls_srtp_set_profile.short b/doc/functions/gnutls_srtp_set_profile.short new file mode 100644 index 0000000..781cb95 --- /dev/null +++ b/doc/functions/gnutls_srtp_set_profile.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_srtp_set_profile} (gnutls_session_t @var{session}, gnutls_srtp_profile_t @var{profile}) diff --git a/doc/functions/gnutls_srtp_set_profile_direct b/doc/functions/gnutls_srtp_set_profile_direct new file mode 100644 index 0000000..60e284e --- /dev/null +++ b/doc/functions/gnutls_srtp_set_profile_direct @@ -0,0 +1,20 @@ + + + + +@deftypefun {int} {gnutls_srtp_set_profile_direct} (gnutls_session_t @var{session}, const char * @var{profiles}, const char ** @var{err_pos}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{profiles}: is a string that contains the supported SRTP profiles, +separated by colons. + +@var{err_pos}: In case of an error this will have the position in the string the error occurred, may be NULL. + +This function is to be used by both clients and servers, to declare +what SRTP profiles they support, to negotiate with the peer. + +@strong{Returns:} On syntax error @code{GNUTLS_E_INVALID_REQUEST} is returned, +@code{GNUTLS_E_SUCCESS} on success, or an error code. + +Since 3.1.4 +@end deftypefun diff --git a/doc/functions/gnutls_srtp_set_profile_direct.short b/doc/functions/gnutls_srtp_set_profile_direct.short new file mode 100644 index 0000000..98a37e8 --- /dev/null +++ b/doc/functions/gnutls_srtp_set_profile_direct.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_srtp_set_profile_direct} (gnutls_session_t @var{session}, const char * @var{profiles}, const char ** @var{err_pos}) diff --git a/doc/functions/gnutls_store_commitment b/doc/functions/gnutls_store_commitment new file mode 100644 index 0000000..e663370 --- /dev/null +++ b/doc/functions/gnutls_store_commitment @@ -0,0 +1,36 @@ + + + + +@deftypefun {int} {gnutls_store_commitment} (const char * @var{db_name}, gnutls_tdb_t @var{tdb}, const char * @var{host}, const char * @var{service}, gnutls_digest_algorithm_t @var{hash_algo}, const gnutls_datum_t * @var{hash}, time_t @var{expiration}, unsigned int @var{flags}) +@var{db_name}: A file specifying the stored keys (use NULL for the default) + +@var{tdb}: A storage structure or NULL to use the default + +@var{host}: The peer's name + +@var{service}: non-NULL if this key is specific to a service (e.g. http) + +@var{hash_algo}: The hash algorithm type + +@var{hash}: The raw hash + +@var{expiration}: The expiration time (use 0 to disable expiration) + +@var{flags}: should be 0 or @code{GNUTLS_SCOMMIT_FLAG_ALLOW_BROKEN} . + +This function will store the provided hash commitment to +the list of stored public keys. The key with the given +hash will be considered valid until the provided expiration time. + +The @code{tdb} variable if non-null specifies a custom backend for +the storage of entries. If it is NULL then the +default file backend will be used. + +Note that this function is not thread safe with the default backend. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.0 +@end deftypefun diff --git a/doc/functions/gnutls_store_commitment.short b/doc/functions/gnutls_store_commitment.short new file mode 100644 index 0000000..ab5e573 --- /dev/null +++ b/doc/functions/gnutls_store_commitment.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_store_commitment} (const char * @var{db_name}, gnutls_tdb_t @var{tdb}, const char * @var{host}, const char * @var{service}, gnutls_digest_algorithm_t @var{hash_algo}, const gnutls_datum_t * @var{hash}, time_t @var{expiration}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_store_pubkey b/doc/functions/gnutls_store_pubkey new file mode 100644 index 0000000..e1b951e --- /dev/null +++ b/doc/functions/gnutls_store_pubkey @@ -0,0 +1,43 @@ + + + + +@deftypefun {int} {gnutls_store_pubkey} (const char * @var{db_name}, gnutls_tdb_t @var{tdb}, const char * @var{host}, const char * @var{service}, gnutls_certificate_type_t @var{cert_type}, const gnutls_datum_t * @var{cert}, time_t @var{expiration}, unsigned int @var{flags}) +@var{db_name}: A file specifying the stored keys (use NULL for the default) + +@var{tdb}: A storage structure or NULL to use the default + +@var{host}: The peer's name + +@var{service}: non-NULL if this key is specific to a service (e.g. http) + +@var{cert_type}: The type of the certificate + +@var{cert}: The data of the certificate + +@var{expiration}: The expiration time (use 0 to disable expiration) + +@var{flags}: should be 0. + +This function will store a raw public-key or a public-key provided via +a raw (DER-encoded) certificate to the list of stored public keys. The key +will be considered valid until the provided expiration time. + +The @code{tdb} variable if non-null specifies a custom backend for +the storage of entries. If it is NULL then the +default file backend will be used. + +Unless an alternative @code{tdb} is provided, the storage format is a textual format +consisting of a line for each host with fields separated by '|'. The contents of +the fields are a format-identifier which is set to 'g0', the hostname that the +rest of the data applies to, the numeric port or host name, the expiration +time in seconds since the epoch (0 for no expiration), and a base64 +encoding of the raw (DER) public key information (SPKI) of the peer. + +As of GnuTLS 3.6.6 this function also accepts raw public keys. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.0.13 +@end deftypefun diff --git a/doc/functions/gnutls_store_pubkey.short b/doc/functions/gnutls_store_pubkey.short new file mode 100644 index 0000000..5713387 --- /dev/null +++ b/doc/functions/gnutls_store_pubkey.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_store_pubkey} (const char * @var{db_name}, gnutls_tdb_t @var{tdb}, const char * @var{host}, const char * @var{service}, gnutls_certificate_type_t @var{cert_type}, const gnutls_datum_t * @var{cert}, time_t @var{expiration}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_strerror b/doc/functions/gnutls_strerror new file mode 100644 index 0000000..4a7ad24 --- /dev/null +++ b/doc/functions/gnutls_strerror @@ -0,0 +1,15 @@ + + + + +@deftypefun {const char *} {gnutls_strerror} (int @var{error}) +@var{error}: is a GnuTLS error code, a negative error code + +This function is similar to strerror. The difference is that it +accepts an error number returned by a gnutls function; In case of +an unknown error a descriptive string is sent instead of @code{NULL} . + +Error codes are always a negative error code. + +@strong{Returns:} A string explaining the GnuTLS error message. +@end deftypefun diff --git a/doc/functions/gnutls_strerror.short b/doc/functions/gnutls_strerror.short new file mode 100644 index 0000000..0ac759d --- /dev/null +++ b/doc/functions/gnutls_strerror.short @@ -0,0 +1 @@ +@item @var{const char *} @ref{gnutls_strerror} (int @var{error}) diff --git a/doc/functions/gnutls_strerror_name b/doc/functions/gnutls_strerror_name new file mode 100644 index 0000000..86f5b9b --- /dev/null +++ b/doc/functions/gnutls_strerror_name @@ -0,0 +1,16 @@ + + + + +@deftypefun {const char *} {gnutls_strerror_name} (int @var{error}) +@var{error}: is an error returned by a gnutls function. + +Return the GnuTLS error code define as a string. For example, +gnutls_strerror_name (GNUTLS_E_DH_PRIME_UNACCEPTABLE) will return +the string "GNUTLS_E_DH_PRIME_UNACCEPTABLE". + +@strong{Returns:} A string corresponding to the symbol name of the error +code. + +@strong{Since:} 2.6.0 +@end deftypefun diff --git a/doc/functions/gnutls_strerror_name.short b/doc/functions/gnutls_strerror_name.short new file mode 100644 index 0000000..3ba6d9a --- /dev/null +++ b/doc/functions/gnutls_strerror_name.short @@ -0,0 +1 @@ +@item @var{const char *} @ref{gnutls_strerror_name} (int @var{error}) diff --git a/doc/functions/gnutls_subject_alt_names_deinit b/doc/functions/gnutls_subject_alt_names_deinit new file mode 100644 index 0000000..0bce7dc --- /dev/null +++ b/doc/functions/gnutls_subject_alt_names_deinit @@ -0,0 +1,11 @@ + + + + +@deftypefun {void} {gnutls_subject_alt_names_deinit} (gnutls_subject_alt_names_t @var{sans}) +@var{sans}: The alternative names + +This function will deinitialize an alternative names structure. + +@strong{Since:} 3.3.0 +@end deftypefun diff --git a/doc/functions/gnutls_subject_alt_names_deinit.short b/doc/functions/gnutls_subject_alt_names_deinit.short new file mode 100644 index 0000000..10d16a8 --- /dev/null +++ b/doc/functions/gnutls_subject_alt_names_deinit.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_subject_alt_names_deinit} (gnutls_subject_alt_names_t @var{sans}) diff --git a/doc/functions/gnutls_subject_alt_names_get b/doc/functions/gnutls_subject_alt_names_get new file mode 100644 index 0000000..a7f20e0 --- /dev/null +++ b/doc/functions/gnutls_subject_alt_names_get @@ -0,0 +1,24 @@ + + + + +@deftypefun {int} {gnutls_subject_alt_names_get} (gnutls_subject_alt_names_t @var{sans}, unsigned int @var{seq}, unsigned int * @var{san_type}, gnutls_datum_t * @var{san}, gnutls_datum_t * @var{othername_oid}) +@var{sans}: The alternative names + +@var{seq}: The index of the name to get + +@var{san_type}: Will hold the type of the name (of @code{gnutls_subject_alt_names_t} ) + +@var{san}: The alternative name data (should be treated as constant) + +@var{othername_oid}: The object identifier if @code{san_type} is @code{GNUTLS_SAN_OTHERNAME} (should be treated as constant) + +This function will return a specific alternative name as stored in +the @code{sans} type. The returned values should be treated as constant +and valid for the lifetime of @code{sans} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} +if the index is out of bounds, otherwise a negative error value. + +@strong{Since:} 3.3.0 +@end deftypefun diff --git a/doc/functions/gnutls_subject_alt_names_get.short b/doc/functions/gnutls_subject_alt_names_get.short new file mode 100644 index 0000000..8925aaf --- /dev/null +++ b/doc/functions/gnutls_subject_alt_names_get.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_subject_alt_names_get} (gnutls_subject_alt_names_t @var{sans}, unsigned int @var{seq}, unsigned int * @var{san_type}, gnutls_datum_t * @var{san}, gnutls_datum_t * @var{othername_oid}) diff --git a/doc/functions/gnutls_subject_alt_names_init b/doc/functions/gnutls_subject_alt_names_init new file mode 100644 index 0000000..b1114ef --- /dev/null +++ b/doc/functions/gnutls_subject_alt_names_init @@ -0,0 +1,13 @@ + + + + +@deftypefun {int} {gnutls_subject_alt_names_init} (gnutls_subject_alt_names_t * @var{sans}) +@var{sans}: The alternative names + +This function will initialize an alternative names structure. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a negative error value. + +@strong{Since:} 3.3.0 +@end deftypefun diff --git a/doc/functions/gnutls_subject_alt_names_init.short b/doc/functions/gnutls_subject_alt_names_init.short new file mode 100644 index 0000000..b449089 --- /dev/null +++ b/doc/functions/gnutls_subject_alt_names_init.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_subject_alt_names_init} (gnutls_subject_alt_names_t * @var{sans}) diff --git a/doc/functions/gnutls_subject_alt_names_set b/doc/functions/gnutls_subject_alt_names_set new file mode 100644 index 0000000..a0e7f9a --- /dev/null +++ b/doc/functions/gnutls_subject_alt_names_set @@ -0,0 +1,23 @@ + + + + +@deftypefun {int} {gnutls_subject_alt_names_set} (gnutls_subject_alt_names_t @var{sans}, unsigned int @var{san_type}, const gnutls_datum_t * @var{san}, const char * @var{othername_oid}) +@var{sans}: The alternative names + +@var{san_type}: The type of the name (of @code{gnutls_subject_alt_names_t} ) + +@var{san}: The alternative name data + +@var{othername_oid}: The object identifier if @code{san_type} is @code{GNUTLS_SAN_OTHERNAME} + +This function will store the specified alternative name in +the @code{sans} . + +Since version 3.5.7 the @code{GNUTLS_SAN_RFC822NAME} , @code{GNUTLS_SAN_DNSNAME} , and +@code{GNUTLS_SAN_OTHERNAME_XMPP} are converted to ACE format when necessary. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0), otherwise a negative error value. + +@strong{Since:} 3.3.0 +@end deftypefun diff --git a/doc/functions/gnutls_subject_alt_names_set.short b/doc/functions/gnutls_subject_alt_names_set.short new file mode 100644 index 0000000..cff8505 --- /dev/null +++ b/doc/functions/gnutls_subject_alt_names_set.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_subject_alt_names_set} (gnutls_subject_alt_names_t @var{sans}, unsigned int @var{san_type}, const gnutls_datum_t * @var{san}, const char * @var{othername_oid}) diff --git a/doc/functions/gnutls_supplemental_get_name b/doc/functions/gnutls_supplemental_get_name new file mode 100644 index 0000000..b815635 --- /dev/null +++ b/doc/functions/gnutls_supplemental_get_name @@ -0,0 +1,13 @@ + + + + +@deftypefun {const char *} {gnutls_supplemental_get_name} (gnutls_supplemental_data_format_type_t @var{type}) +@var{type}: is a supplemental data format type + +Convert a @code{gnutls_supplemental_data_format_type_t} value to a +string. + +@strong{Returns:} a string that contains the name of the specified +supplemental data format type, or @code{NULL} for unknown types. +@end deftypefun diff --git a/doc/functions/gnutls_supplemental_get_name.short b/doc/functions/gnutls_supplemental_get_name.short new file mode 100644 index 0000000..4a2c110 --- /dev/null +++ b/doc/functions/gnutls_supplemental_get_name.short @@ -0,0 +1 @@ +@item @var{const char *} @ref{gnutls_supplemental_get_name} (gnutls_supplemental_data_format_type_t @var{type}) diff --git a/doc/functions/gnutls_supplemental_recv b/doc/functions/gnutls_supplemental_recv new file mode 100644 index 0000000..b8c9cd5 --- /dev/null +++ b/doc/functions/gnutls_supplemental_recv @@ -0,0 +1,15 @@ + + + + +@deftypefun {void} {gnutls_supplemental_recv} (gnutls_session_t @var{session}, unsigned @var{do_recv_supplemental}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{do_recv_supplemental}: non-zero in order to expect supplemental data + +This function is to be called by an extension handler to +instruct gnutls to attempt to receive supplemental data +during the handshake process. + +@strong{Since:} 3.4.0 +@end deftypefun diff --git a/doc/functions/gnutls_supplemental_recv.short b/doc/functions/gnutls_supplemental_recv.short new file mode 100644 index 0000000..0103447 --- /dev/null +++ b/doc/functions/gnutls_supplemental_recv.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_supplemental_recv} (gnutls_session_t @var{session}, unsigned @var{do_recv_supplemental}) diff --git a/doc/functions/gnutls_supplemental_register b/doc/functions/gnutls_supplemental_register new file mode 100644 index 0000000..155a159 --- /dev/null +++ b/doc/functions/gnutls_supplemental_register @@ -0,0 +1,27 @@ + + + + +@deftypefun {int} {gnutls_supplemental_register} (const char * @var{name}, gnutls_supplemental_data_format_type_t @var{type}, gnutls_supp_recv_func @var{recv_func}, gnutls_supp_send_func @var{send_func}) +@var{name}: the name of the supplemental data to register + +@var{type}: the type of the supplemental data format + +@var{recv_func}: the function to receive the data + +@var{send_func}: the function to send the data + +This function will register a new supplemental data type (rfc4680). +The registered data will remain until @code{gnutls_global_deinit()} +is called. The provided @code{type} must be an unassigned type in +@code{gnutls_supplemental_data_format_type_t} . If the type is already +registered or handled by GnuTLS internally @code{GNUTLS_E_ALREADY_REGISTERED} +will be returned. + +This function is not thread safe. As supplemental data are not defined under +TLS 1.3, this function will disable TLS 1.3 support globally. + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, otherwise a negative error code. + +@strong{Since:} 3.4.0 +@end deftypefun diff --git a/doc/functions/gnutls_supplemental_register.short b/doc/functions/gnutls_supplemental_register.short new file mode 100644 index 0000000..1bed386 --- /dev/null +++ b/doc/functions/gnutls_supplemental_register.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_supplemental_register} (const char * @var{name}, gnutls_supplemental_data_format_type_t @var{type}, gnutls_supp_recv_func @var{recv_func}, gnutls_supp_send_func @var{send_func}) diff --git a/doc/functions/gnutls_supplemental_send b/doc/functions/gnutls_supplemental_send new file mode 100644 index 0000000..fe979e5 --- /dev/null +++ b/doc/functions/gnutls_supplemental_send @@ -0,0 +1,14 @@ + + + + +@deftypefun {void} {gnutls_supplemental_send} (gnutls_session_t @var{session}, unsigned @var{do_send_supplemental}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{do_send_supplemental}: non-zero in order to send supplemental data + +This function is to be called by an extension handler to +instruct gnutls to send supplemental data during the handshake process. + +@strong{Since:} 3.4.0 +@end deftypefun diff --git a/doc/functions/gnutls_supplemental_send.short b/doc/functions/gnutls_supplemental_send.short new file mode 100644 index 0000000..e8bbe6d --- /dev/null +++ b/doc/functions/gnutls_supplemental_send.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_supplemental_send} (gnutls_session_t @var{session}, unsigned @var{do_send_supplemental}) diff --git a/doc/functions/gnutls_system_key_add_x509 b/doc/functions/gnutls_system_key_add_x509 new file mode 100644 index 0000000..fca6645 --- /dev/null +++ b/doc/functions/gnutls_system_key_add_x509 @@ -0,0 +1,23 @@ + + + + +@deftypefun {int} {gnutls_system_key_add_x509} (gnutls_x509_crt_t @var{crt}, gnutls_x509_privkey_t @var{privkey}, const char * @var{label}, char ** @var{cert_url}, char ** @var{key_url}) +@var{crt}: the certificate to be added + +@var{privkey}: the key to be added + +@var{label}: the friendly name to describe the key + +@var{cert_url}: if non-NULL it will contain an allocated value with the certificate URL + +@var{key_url}: if non-NULL it will contain an allocated value with the key URL + +This function will added the given key and certificate pair, +to the system list. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.4.0 +@end deftypefun diff --git a/doc/functions/gnutls_system_key_add_x509.short b/doc/functions/gnutls_system_key_add_x509.short new file mode 100644 index 0000000..4502675 --- /dev/null +++ b/doc/functions/gnutls_system_key_add_x509.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_system_key_add_x509} (gnutls_x509_crt_t @var{crt}, gnutls_x509_privkey_t @var{privkey}, const char * @var{label}, char ** @var{cert_url}, char ** @var{key_url}) diff --git a/doc/functions/gnutls_system_key_delete b/doc/functions/gnutls_system_key_delete new file mode 100644 index 0000000..f0d322b --- /dev/null +++ b/doc/functions/gnutls_system_key_delete @@ -0,0 +1,16 @@ + + + + +@deftypefun {int} {gnutls_system_key_delete} (const char * @var{cert_url}, const char * @var{key_url}) +@var{cert_url}: the URL of the certificate + +@var{key_url}: the URL of the key + +This function will delete the key and certificate pair. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.4.0 +@end deftypefun diff --git a/doc/functions/gnutls_system_key_delete.short b/doc/functions/gnutls_system_key_delete.short new file mode 100644 index 0000000..b6ccf46 --- /dev/null +++ b/doc/functions/gnutls_system_key_delete.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_system_key_delete} (const char * @var{cert_url}, const char * @var{key_url}) diff --git a/doc/functions/gnutls_system_key_iter_deinit b/doc/functions/gnutls_system_key_iter_deinit new file mode 100644 index 0000000..918887d --- /dev/null +++ b/doc/functions/gnutls_system_key_iter_deinit @@ -0,0 +1,11 @@ + + + + +@deftypefun {void} {gnutls_system_key_iter_deinit} (gnutls_system_key_iter_t @var{iter}) +@var{iter}: an iterator of system keys + +This function will deinitialize the iterator. + +@strong{Since:} 3.4.0 +@end deftypefun diff --git a/doc/functions/gnutls_system_key_iter_deinit.short b/doc/functions/gnutls_system_key_iter_deinit.short new file mode 100644 index 0000000..75fd82b --- /dev/null +++ b/doc/functions/gnutls_system_key_iter_deinit.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_system_key_iter_deinit} (gnutls_system_key_iter_t @var{iter}) diff --git a/doc/functions/gnutls_system_key_iter_get_info b/doc/functions/gnutls_system_key_iter_get_info new file mode 100644 index 0000000..175dc0f --- /dev/null +++ b/doc/functions/gnutls_system_key_iter_get_info @@ -0,0 +1,33 @@ + + + + +@deftypefun {int} {gnutls_system_key_iter_get_info} (gnutls_system_key_iter_t * @var{iter}, unsigned @var{cert_type}, char ** @var{cert_url}, char ** @var{key_url}, char ** @var{label}, gnutls_datum_t * @var{der}, unsigned int @var{flags}) +@var{iter}: an iterator of the system keys (must be set to @code{NULL} initially) + +@var{cert_type}: A value of gnutls_certificate_type_t which indicates the type of certificate to look for + +@var{cert_url}: The certificate URL of the pair (may be @code{NULL} ) + +@var{key_url}: The key URL of the pair (may be @code{NULL} ) + +@var{label}: The friendly name (if any) of the pair (may be @code{NULL} ) + +@var{der}: if non-NULL the DER data of the certificate + +@var{flags}: should be zero + +This function will return on each call a certificate +and key pair URLs, as well as a label associated with them, +and the DER-encoded certificate. When the iteration is complete it will +return @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} . + +Typically @code{cert_type} should be @code{GNUTLS_CRT_X509} . + +All values set are allocated and must be cleared using @code{gnutls_free()} , + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.4.0 +@end deftypefun diff --git a/doc/functions/gnutls_system_key_iter_get_info.short b/doc/functions/gnutls_system_key_iter_get_info.short new file mode 100644 index 0000000..eff9ad6 --- /dev/null +++ b/doc/functions/gnutls_system_key_iter_get_info.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_system_key_iter_get_info} (gnutls_system_key_iter_t * @var{iter}, unsigned @var{cert_type}, char ** @var{cert_url}, char ** @var{key_url}, char ** @var{label}, gnutls_datum_t * @var{der}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_system_recv_timeout b/doc/functions/gnutls_system_recv_timeout new file mode 100644 index 0000000..857e480 --- /dev/null +++ b/doc/functions/gnutls_system_recv_timeout @@ -0,0 +1,20 @@ + + + + +@deftypefun {int} {gnutls_system_recv_timeout} (gnutls_transport_ptr_t @var{ptr}, unsigned int @var{ms}) +@var{ptr}: A file descriptor (wrapped in a gnutls_transport_ptr_t pointer) + +@var{ms}: The number of milliseconds to wait. + +Wait for data to be received from the provided socket ( @code{ptr} ) within a +timeout period in milliseconds, using @code{select()} on the provided @code{ptr} . + +This function is provided as a helper for constructing custom +callbacks for @code{gnutls_transport_set_pull_timeout_function()} , +which can be used if you rely on socket file descriptors. + +Returns -1 on error, 0 on timeout, positive value if data are available for reading. + +@strong{Since:} 3.4.0 +@end deftypefun diff --git a/doc/functions/gnutls_system_recv_timeout.short b/doc/functions/gnutls_system_recv_timeout.short new file mode 100644 index 0000000..a806c7e --- /dev/null +++ b/doc/functions/gnutls_system_recv_timeout.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_system_recv_timeout} (gnutls_transport_ptr_t @var{ptr}, unsigned int @var{ms}) diff --git a/doc/functions/gnutls_tdb_deinit b/doc/functions/gnutls_tdb_deinit new file mode 100644 index 0000000..ea0d0a6 --- /dev/null +++ b/doc/functions/gnutls_tdb_deinit @@ -0,0 +1,9 @@ + + + + +@deftypefun {void} {gnutls_tdb_deinit} (gnutls_tdb_t @var{tdb}) +@var{tdb}: The structure to be deinitialized + +This function will deinitialize a public key trust storage structure. +@end deftypefun diff --git a/doc/functions/gnutls_tdb_deinit.short b/doc/functions/gnutls_tdb_deinit.short new file mode 100644 index 0000000..f0fbd40 --- /dev/null +++ b/doc/functions/gnutls_tdb_deinit.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_tdb_deinit} (gnutls_tdb_t @var{tdb}) diff --git a/doc/functions/gnutls_tdb_init b/doc/functions/gnutls_tdb_init new file mode 100644 index 0000000..6facbe3 --- /dev/null +++ b/doc/functions/gnutls_tdb_init @@ -0,0 +1,12 @@ + + + + +@deftypefun {int} {gnutls_tdb_init} (gnutls_tdb_t * @var{tdb}) +@var{tdb}: A pointer to the type to be initialized + +This function will initialize a public key trust storage structure. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_tdb_init.short b/doc/functions/gnutls_tdb_init.short new file mode 100644 index 0000000..b53b4b8 --- /dev/null +++ b/doc/functions/gnutls_tdb_init.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_tdb_init} (gnutls_tdb_t * @var{tdb}) diff --git a/doc/functions/gnutls_tdb_set_store_commitment_func b/doc/functions/gnutls_tdb_set_store_commitment_func new file mode 100644 index 0000000..4420a4d --- /dev/null +++ b/doc/functions/gnutls_tdb_set_store_commitment_func @@ -0,0 +1,18 @@ + + + + +@deftypefun {void} {gnutls_tdb_set_store_commitment_func} (gnutls_tdb_t @var{tdb}, gnutls_tdb_store_commitment_func @var{cstore}) +@var{tdb}: The trust storage + +@var{cstore}: The commitment storage function + +This function will associate a commitment (hash) storage function with the +trust storage structure. The function is of the following form. + +int gnutls_tdb_store_commitment_func(const char* db_name, const char* host, +const char* service, time_t expiration, +gnutls_digest_algorithm_t, const gnutls_datum_t* hash); + +The @code{db_name} should be used to pass any private data to this function. +@end deftypefun diff --git a/doc/functions/gnutls_tdb_set_store_commitment_func.short b/doc/functions/gnutls_tdb_set_store_commitment_func.short new file mode 100644 index 0000000..5ad45eb --- /dev/null +++ b/doc/functions/gnutls_tdb_set_store_commitment_func.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_tdb_set_store_commitment_func} (gnutls_tdb_t @var{tdb}, gnutls_tdb_store_commitment_func @var{cstore}) diff --git a/doc/functions/gnutls_tdb_set_store_func b/doc/functions/gnutls_tdb_set_store_func new file mode 100644 index 0000000..0152d2b --- /dev/null +++ b/doc/functions/gnutls_tdb_set_store_func @@ -0,0 +1,18 @@ + + + + +@deftypefun {void} {gnutls_tdb_set_store_func} (gnutls_tdb_t @var{tdb}, gnutls_tdb_store_func @var{store}) +@var{tdb}: The trust storage + +@var{store}: The storage function + +This function will associate a storage function with the +trust storage structure. The function is of the following form. + +int gnutls_tdb_store_func(const char* db_name, const char* host, +const char* service, time_t expiration, +const gnutls_datum_t* pubkey); + +The @code{db_name} should be used to pass any private data to this function. +@end deftypefun diff --git a/doc/functions/gnutls_tdb_set_store_func.short b/doc/functions/gnutls_tdb_set_store_func.short new file mode 100644 index 0000000..2e5515e --- /dev/null +++ b/doc/functions/gnutls_tdb_set_store_func.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_tdb_set_store_func} (gnutls_tdb_t @var{tdb}, gnutls_tdb_store_func @var{store}) diff --git a/doc/functions/gnutls_tdb_set_verify_func b/doc/functions/gnutls_tdb_set_verify_func new file mode 100644 index 0000000..9e885d2 --- /dev/null +++ b/doc/functions/gnutls_tdb_set_verify_func @@ -0,0 +1,20 @@ + + + + +@deftypefun {void} {gnutls_tdb_set_verify_func} (gnutls_tdb_t @var{tdb}, gnutls_tdb_verify_func @var{verify}) +@var{tdb}: The trust storage + +@var{verify}: The verification function + +This function will associate a retrieval function with the +trust storage structure. The function is of the following form. + +int gnutls_tdb_verify_func(const char* db_name, const char* host, +const char* service, const gnutls_datum_t* pubkey); + +The verify function should return zero on a match, @code{GNUTLS_E_CERTIFICATE_KEY_MISMATCH} +if there is a mismatch and any other negative error code otherwise. + +The @code{db_name} should be used to pass any private data to this function. +@end deftypefun diff --git a/doc/functions/gnutls_tdb_set_verify_func.short b/doc/functions/gnutls_tdb_set_verify_func.short new file mode 100644 index 0000000..839cc6e --- /dev/null +++ b/doc/functions/gnutls_tdb_set_verify_func.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_tdb_set_verify_func} (gnutls_tdb_t @var{tdb}, gnutls_tdb_verify_func @var{verify}) diff --git a/doc/functions/gnutls_tpm_get_registered b/doc/functions/gnutls_tpm_get_registered new file mode 100644 index 0000000..779fa42 --- /dev/null +++ b/doc/functions/gnutls_tpm_get_registered @@ -0,0 +1,14 @@ + + + +@deftypefun {int} {gnutls_tpm_get_registered} (gnutls_tpm_key_list_t * @var{list}) +@var{list}: a list to store the keys + +This function will get a list of stored keys in the TPM. The uuid +of those keys + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.1.0 +@end deftypefun diff --git a/doc/functions/gnutls_tpm_get_registered.short b/doc/functions/gnutls_tpm_get_registered.short new file mode 100644 index 0000000..155e7cf --- /dev/null +++ b/doc/functions/gnutls_tpm_get_registered.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_tpm_get_registered} (gnutls_tpm_key_list_t * @var{list}) diff --git a/doc/functions/gnutls_tpm_key_list_deinit b/doc/functions/gnutls_tpm_key_list_deinit new file mode 100644 index 0000000..63fc418 --- /dev/null +++ b/doc/functions/gnutls_tpm_key_list_deinit @@ -0,0 +1,11 @@ + + + + +@deftypefun {void} {gnutls_tpm_key_list_deinit} (gnutls_tpm_key_list_t @var{list}) +@var{list}: a list of the keys + +This function will deinitialize the list of stored keys in the TPM. + +@strong{Since:} 3.1.0 +@end deftypefun diff --git a/doc/functions/gnutls_tpm_key_list_deinit.short b/doc/functions/gnutls_tpm_key_list_deinit.short new file mode 100644 index 0000000..e3a546f --- /dev/null +++ b/doc/functions/gnutls_tpm_key_list_deinit.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_tpm_key_list_deinit} (gnutls_tpm_key_list_t @var{list}) diff --git a/doc/functions/gnutls_tpm_key_list_get_url b/doc/functions/gnutls_tpm_key_list_get_url new file mode 100644 index 0000000..35ee8e2 --- /dev/null +++ b/doc/functions/gnutls_tpm_key_list_get_url @@ -0,0 +1,23 @@ + + + + +@deftypefun {int} {gnutls_tpm_key_list_get_url} (gnutls_tpm_key_list_t @var{list}, unsigned int @var{idx}, char ** @var{url}, unsigned int @var{flags}) +@var{list}: a list of the keys + +@var{idx}: The index of the key (starting from zero) + +@var{url}: The URL to be returned + +@var{flags}: should be zero + +This function will return for each given index a URL of +the corresponding key. +If the provided index is out of bounds then @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} +is returned. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.1.0 +@end deftypefun diff --git a/doc/functions/gnutls_tpm_key_list_get_url.short b/doc/functions/gnutls_tpm_key_list_get_url.short new file mode 100644 index 0000000..b0448de --- /dev/null +++ b/doc/functions/gnutls_tpm_key_list_get_url.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_tpm_key_list_get_url} (gnutls_tpm_key_list_t @var{list}, unsigned int @var{idx}, char ** @var{url}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_tpm_privkey_delete b/doc/functions/gnutls_tpm_privkey_delete new file mode 100644 index 0000000..f844e86 --- /dev/null +++ b/doc/functions/gnutls_tpm_privkey_delete @@ -0,0 +1,17 @@ + + + + +@deftypefun {int} {gnutls_tpm_privkey_delete} (const char * @var{url}, const char * @var{srk_password}) +@var{url}: the URL describing the key + +@var{srk_password}: a password for the SRK key + +This function will unregister the private key from the TPM +chip. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.1.0 +@end deftypefun diff --git a/doc/functions/gnutls_tpm_privkey_delete.short b/doc/functions/gnutls_tpm_privkey_delete.short new file mode 100644 index 0000000..c14c769 --- /dev/null +++ b/doc/functions/gnutls_tpm_privkey_delete.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_tpm_privkey_delete} (const char * @var{url}, const char * @var{srk_password}) diff --git a/doc/functions/gnutls_tpm_privkey_generate b/doc/functions/gnutls_tpm_privkey_generate new file mode 100644 index 0000000..74c70ac --- /dev/null +++ b/doc/functions/gnutls_tpm_privkey_generate @@ -0,0 +1,40 @@ + + + + +@deftypefun {int} {gnutls_tpm_privkey_generate} (gnutls_pk_algorithm_t @var{pk}, unsigned int @var{bits}, const char * @var{srk_password}, const char * @var{key_password}, gnutls_tpmkey_fmt_t @var{format}, gnutls_x509_crt_fmt_t @var{pub_format}, gnutls_datum_t * @var{privkey}, gnutls_datum_t * @var{pubkey}, unsigned int @var{flags}) +@var{pk}: the public key algorithm + +@var{bits}: the security bits + +@var{srk_password}: a password to protect the exported key (optional) + +@var{key_password}: the password for the TPM (optional) + +@var{format}: the format of the private key + +@var{pub_format}: the format of the public key + +@var{privkey}: the generated key + +@var{pubkey}: the corresponding public key (may be null) + +@var{flags}: should be a list of GNUTLS_TPM_* flags + +This function will generate a private key in the TPM +chip. The private key will be generated within the chip +and will be exported in a wrapped with TPM's master key +form. Furthermore the wrapped key can be protected with +the provided @code{password} . + +Note that bits in TPM is quantized value. If the input value +is not one of the allowed values, then it will be quantized to +one of 512, 1024, 2048, 4096, 8192 and 16384. + +Allowed flags are: + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.1.0 +@end deftypefun diff --git a/doc/functions/gnutls_tpm_privkey_generate.short b/doc/functions/gnutls_tpm_privkey_generate.short new file mode 100644 index 0000000..3778c7a --- /dev/null +++ b/doc/functions/gnutls_tpm_privkey_generate.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_tpm_privkey_generate} (gnutls_pk_algorithm_t @var{pk}, unsigned int @var{bits}, const char * @var{srk_password}, const char * @var{key_password}, gnutls_tpmkey_fmt_t @var{format}, gnutls_x509_crt_fmt_t @var{pub_format}, gnutls_datum_t * @var{privkey}, gnutls_datum_t * @var{pubkey}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_transport_get_int b/doc/functions/gnutls_transport_get_int new file mode 100644 index 0000000..ccb9758 --- /dev/null +++ b/doc/functions/gnutls_transport_get_int @@ -0,0 +1,15 @@ + + + + +@deftypefun {int} {gnutls_transport_get_int} (gnutls_session_t @var{session}) +@var{session}: is a @code{gnutls_session_t} type. + +Used to get the first argument of the transport function (like +PUSH and PULL). This must have been set using +@code{gnutls_transport_set_int()} . + +@strong{Returns:} The first argument of the transport function. + +@strong{Since:} 3.1.9 +@end deftypefun diff --git a/doc/functions/gnutls_transport_get_int.short b/doc/functions/gnutls_transport_get_int.short new file mode 100644 index 0000000..7acffd1 --- /dev/null +++ b/doc/functions/gnutls_transport_get_int.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_transport_get_int} (gnutls_session_t @var{session}) diff --git a/doc/functions/gnutls_transport_get_int2 b/doc/functions/gnutls_transport_get_int2 new file mode 100644 index 0000000..5e94747 --- /dev/null +++ b/doc/functions/gnutls_transport_get_int2 @@ -0,0 +1,17 @@ + + + + +@deftypefun {void} {gnutls_transport_get_int2} (gnutls_session_t @var{session}, int * @var{recv_int}, int * @var{send_int}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{recv_int}: will hold the value for the pull function + +@var{send_int}: will hold the value for the push function + +Used to get the arguments of the transport functions (like PUSH +and PULL). These should have been set using +@code{gnutls_transport_set_int2()} . + +@strong{Since:} 3.1.9 +@end deftypefun diff --git a/doc/functions/gnutls_transport_get_int2.short b/doc/functions/gnutls_transport_get_int2.short new file mode 100644 index 0000000..d417b4a --- /dev/null +++ b/doc/functions/gnutls_transport_get_int2.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_transport_get_int2} (gnutls_session_t @var{session}, int * @var{recv_int}, int * @var{send_int}) diff --git a/doc/functions/gnutls_transport_get_ptr b/doc/functions/gnutls_transport_get_ptr new file mode 100644 index 0000000..ba277b8 --- /dev/null +++ b/doc/functions/gnutls_transport_get_ptr @@ -0,0 +1,13 @@ + + + + +@deftypefun {gnutls_transport_ptr_t} {gnutls_transport_get_ptr} (gnutls_session_t @var{session}) +@var{session}: is a @code{gnutls_session_t} type. + +Used to get the first argument of the transport function (like +PUSH and PULL). This must have been set using +@code{gnutls_transport_set_ptr()} . + +@strong{Returns:} The first argument of the transport function. +@end deftypefun diff --git a/doc/functions/gnutls_transport_get_ptr.short b/doc/functions/gnutls_transport_get_ptr.short new file mode 100644 index 0000000..78b7dd9 --- /dev/null +++ b/doc/functions/gnutls_transport_get_ptr.short @@ -0,0 +1 @@ +@item @var{gnutls_transport_ptr_t} @ref{gnutls_transport_get_ptr} (gnutls_session_t @var{session}) diff --git a/doc/functions/gnutls_transport_get_ptr2 b/doc/functions/gnutls_transport_get_ptr2 new file mode 100644 index 0000000..2caa8cc --- /dev/null +++ b/doc/functions/gnutls_transport_get_ptr2 @@ -0,0 +1,15 @@ + + + + +@deftypefun {void} {gnutls_transport_get_ptr2} (gnutls_session_t @var{session}, gnutls_transport_ptr_t * @var{recv_ptr}, gnutls_transport_ptr_t * @var{send_ptr}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{recv_ptr}: will hold the value for the pull function + +@var{send_ptr}: will hold the value for the push function + +Used to get the arguments of the transport functions (like PUSH +and PULL). These should have been set using +@code{gnutls_transport_set_ptr2()} . +@end deftypefun diff --git a/doc/functions/gnutls_transport_get_ptr2.short b/doc/functions/gnutls_transport_get_ptr2.short new file mode 100644 index 0000000..80ba84c --- /dev/null +++ b/doc/functions/gnutls_transport_get_ptr2.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_transport_get_ptr2} (gnutls_session_t @var{session}, gnutls_transport_ptr_t * @var{recv_ptr}, gnutls_transport_ptr_t * @var{send_ptr}) diff --git a/doc/functions/gnutls_transport_set_errno b/doc/functions/gnutls_transport_set_errno new file mode 100644 index 0000000..f6edd44 --- /dev/null +++ b/doc/functions/gnutls_transport_set_errno @@ -0,0 +1,22 @@ + + + + +@deftypefun {void} {gnutls_transport_set_errno} (gnutls_session_t @var{session}, int @var{err}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{err}: error value to store in session-specific errno variable. + +Store @code{err} in the session-specific errno variable. Useful values +for @code{err} are EINTR, EAGAIN and EMSGSIZE, other values are treated will be +treated as real errors in the push/pull function. + +This function is useful in replacement push and pull functions set by +@code{gnutls_transport_set_push_function()} and +@code{gnutls_transport_set_pull_function()} under Windows, where the +replacements may not have access to the same @code{errno} variable that is used by GnuTLS (e.g., the application is linked to +msvcr71.dll and gnutls is linked to msvcrt.dll). + +This function is unreliable if you are using the same + @code{session} in different threads for sending and receiving. +@end deftypefun diff --git a/doc/functions/gnutls_transport_set_errno.short b/doc/functions/gnutls_transport_set_errno.short new file mode 100644 index 0000000..e851955 --- /dev/null +++ b/doc/functions/gnutls_transport_set_errno.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_transport_set_errno} (gnutls_session_t @var{session}, int @var{err}) diff --git a/doc/functions/gnutls_transport_set_errno_function b/doc/functions/gnutls_transport_set_errno_function new file mode 100644 index 0000000..aea1b08 --- /dev/null +++ b/doc/functions/gnutls_transport_set_errno_function @@ -0,0 +1,18 @@ + + + + +@deftypefun {void} {gnutls_transport_set_errno_function} (gnutls_session_t @var{session}, gnutls_errno_func @var{errno_func}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{errno_func}: a callback function similar to @code{write()} + +This is the function where you set a function to retrieve errno +after a failed push or pull operation. + + @code{errno_func} is of the form, +int (*gnutls_errno_func)(gnutls_transport_ptr_t); +and should return the errno. + +@strong{Since:} 2.12.0 +@end deftypefun diff --git a/doc/functions/gnutls_transport_set_errno_function.short b/doc/functions/gnutls_transport_set_errno_function.short new file mode 100644 index 0000000..60cdc70 --- /dev/null +++ b/doc/functions/gnutls_transport_set_errno_function.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_transport_set_errno_function} (gnutls_session_t @var{session}, gnutls_errno_func @var{errno_func}) diff --git a/doc/functions/gnutls_transport_set_fastopen b/doc/functions/gnutls_transport_set_fastopen new file mode 100644 index 0000000..bbd86de --- /dev/null +++ b/doc/functions/gnutls_transport_set_fastopen @@ -0,0 +1,38 @@ + + + +@deftypefun {void} {gnutls_transport_set_fastopen} (gnutls_session_t @var{session}, int @var{fd}, struct sockaddr * @var{connect_addr}, socklen_t @var{connect_addrlen}, unsigned int @var{flags}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{fd}: is the session's socket descriptor + +@var{connect_addr}: is the address we want to connect to + +@var{connect_addrlen}: is the length of @code{connect_addr} + +@var{flags}: must be zero + +Enables TCP Fast Open (TFO) for the specified TLS client session. +That means that TCP connection establishment and the transmission +of the first TLS client hello packet are combined. The +peer's address must be specified in @code{connect_addr} and @code{connect_addrlen} , +and the socket specified by @code{fd} should not be connected. + +TFO only works for TCP sockets of type AF_INET and AF_INET6. +If the OS doesn't support TCP fast open this function will result +to gnutls using @code{connect()} transparently during the first write. + +@strong{Note:} This function overrides all the transport callback functions. +If this is undesirable, TCP Fast Open must be implemented on the user +callback functions without calling this function. When using +this function, transport callbacks must not be set, and +@code{gnutls_transport_set_ptr()} or @code{gnutls_transport_set_int()} +must not be called. + +On GNU/Linux TFO has to be enabled at the system layer, that is +in /proc/sys/net/ipv4/tcp_fastopen, bit 0 has to be set. + +This function has no effect on server sessions. + +@strong{Since:} 3.5.3 +@end deftypefun diff --git a/doc/functions/gnutls_transport_set_fastopen.short b/doc/functions/gnutls_transport_set_fastopen.short new file mode 100644 index 0000000..2200437 --- /dev/null +++ b/doc/functions/gnutls_transport_set_fastopen.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_transport_set_fastopen} (gnutls_session_t @var{session}, int @var{fd}, struct sockaddr * @var{connect_addr}, socklen_t @var{connect_addrlen}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_transport_set_int b/doc/functions/gnutls_transport_set_int new file mode 100644 index 0000000..d402c0b --- /dev/null +++ b/doc/functions/gnutls_transport_set_int @@ -0,0 +1,18 @@ + + + + +@deftypefun {void} {gnutls_transport_set_int} (gnutls_session_t @var{session}, int @var{fd}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{fd}: is the socket descriptor for the connection. + +This function sets the first argument of the transport function, such +as @code{send()} and @code{recv()} for the default callbacks using the +system's socket API. + +This function is equivalent to calling @code{gnutls_transport_set_ptr()} +with the descriptor, but requires no casts. + +@strong{Since:} 3.1.9 +@end deftypefun diff --git a/doc/functions/gnutls_transport_set_int.short b/doc/functions/gnutls_transport_set_int.short new file mode 100644 index 0000000..4c431bf --- /dev/null +++ b/doc/functions/gnutls_transport_set_int.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_transport_set_int} (gnutls_session_t @var{session}, int @var{fd}) diff --git a/doc/functions/gnutls_transport_set_int2 b/doc/functions/gnutls_transport_set_int2 new file mode 100644 index 0000000..a4c0b01 --- /dev/null +++ b/doc/functions/gnutls_transport_set_int2 @@ -0,0 +1,21 @@ + + + + +@deftypefun {void} {gnutls_transport_set_int2} (gnutls_session_t @var{session}, int @var{recv_fd}, int @var{send_fd}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{recv_fd}: is socket descriptor for the pull function + +@var{send_fd}: is socket descriptor for the push function + +This function sets the first argument of the transport functions, +such as @code{send()} and @code{recv()} for the default callbacks using the +system's socket API. With this function you can set two different +descriptors for receiving and sending. + +This function is equivalent to calling @code{gnutls_transport_set_ptr2()} +with the descriptors, but requires no casts. + +@strong{Since:} 3.1.9 +@end deftypefun diff --git a/doc/functions/gnutls_transport_set_int2.short b/doc/functions/gnutls_transport_set_int2.short new file mode 100644 index 0000000..c134095 --- /dev/null +++ b/doc/functions/gnutls_transport_set_int2.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_transport_set_int2} (gnutls_session_t @var{session}, int @var{recv_fd}, int @var{send_fd}) diff --git a/doc/functions/gnutls_transport_set_ptr b/doc/functions/gnutls_transport_set_ptr new file mode 100644 index 0000000..ae2b94c --- /dev/null +++ b/doc/functions/gnutls_transport_set_ptr @@ -0,0 +1,13 @@ + + + + +@deftypefun {void} {gnutls_transport_set_ptr} (gnutls_session_t @var{session}, gnutls_transport_ptr_t @var{ptr}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{ptr}: is the value. + +Used to set the first argument of the transport function (for push +and pull callbacks). In berkeley style sockets this function will set the +connection descriptor. +@end deftypefun diff --git a/doc/functions/gnutls_transport_set_ptr.short b/doc/functions/gnutls_transport_set_ptr.short new file mode 100644 index 0000000..8d7515e --- /dev/null +++ b/doc/functions/gnutls_transport_set_ptr.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_transport_set_ptr} (gnutls_session_t @var{session}, gnutls_transport_ptr_t @var{ptr}) diff --git a/doc/functions/gnutls_transport_set_ptr2 b/doc/functions/gnutls_transport_set_ptr2 new file mode 100644 index 0000000..87b30f1 --- /dev/null +++ b/doc/functions/gnutls_transport_set_ptr2 @@ -0,0 +1,16 @@ + + + + +@deftypefun {void} {gnutls_transport_set_ptr2} (gnutls_session_t @var{session}, gnutls_transport_ptr_t @var{recv_ptr}, gnutls_transport_ptr_t @var{send_ptr}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{recv_ptr}: is the value for the pull function + +@var{send_ptr}: is the value for the push function + +Used to set the first argument of the transport function (for push +and pull callbacks). In berkeley style sockets this function will set the +connection descriptor. With this function you can use two different +pointers for receiving and sending. +@end deftypefun diff --git a/doc/functions/gnutls_transport_set_ptr2.short b/doc/functions/gnutls_transport_set_ptr2.short new file mode 100644 index 0000000..3733b4f --- /dev/null +++ b/doc/functions/gnutls_transport_set_ptr2.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_transport_set_ptr2} (gnutls_session_t @var{session}, gnutls_transport_ptr_t @var{recv_ptr}, gnutls_transport_ptr_t @var{send_ptr}) diff --git a/doc/functions/gnutls_transport_set_pull_function b/doc/functions/gnutls_transport_set_pull_function new file mode 100644 index 0000000..bc45944 --- /dev/null +++ b/doc/functions/gnutls_transport_set_pull_function @@ -0,0 +1,18 @@ + + + + +@deftypefun {void} {gnutls_transport_set_pull_function} (gnutls_session_t @var{session}, gnutls_pull_func @var{pull_func}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{pull_func}: a callback function similar to @code{read()} + +This is the function where you set a function for gnutls to receive +data. Normally, if you use berkeley style sockets, do not need to +use this function since the default recv(2) will probably be ok. +The callback should return 0 on connection termination, a positive +number indicating the number of bytes received, and -1 on error. + + @code{gnutls_pull_func} is of the form, +ssize_t (*gnutls_pull_func)(gnutls_transport_ptr_t, void*, size_t); +@end deftypefun diff --git a/doc/functions/gnutls_transport_set_pull_function.short b/doc/functions/gnutls_transport_set_pull_function.short new file mode 100644 index 0000000..0d1c3bf --- /dev/null +++ b/doc/functions/gnutls_transport_set_pull_function.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_transport_set_pull_function} (gnutls_session_t @var{session}, gnutls_pull_func @var{pull_func}) diff --git a/doc/functions/gnutls_transport_set_pull_timeout_function b/doc/functions/gnutls_transport_set_pull_timeout_function new file mode 100644 index 0000000..1c4ac45 --- /dev/null +++ b/doc/functions/gnutls_transport_set_pull_timeout_function @@ -0,0 +1,40 @@ + + + + +@deftypefun {void} {gnutls_transport_set_pull_timeout_function} (gnutls_session_t @var{session}, gnutls_pull_timeout_func @var{func}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{func}: a callback function + +This is the function where you set a function for gnutls to know +whether data are ready to be received. It should wait for data a +given time frame in milliseconds. The callback should return 0 on +timeout, a positive number if data can be received, and -1 on error. +You'll need to override this function if @code{select()} is not suitable +for the provided transport calls. + +As with @code{select()} , if the timeout value is zero the callback should return +zero if no data are immediately available. The special value +@code{GNUTLS_INDEFINITE_TIMEOUT} indicates that the callback should wait indefinitely +for data. + + @code{gnutls_pull_timeout_func} is of the form, +int (*gnutls_pull_timeout_func)(gnutls_transport_ptr_t, unsigned int ms); + +This callback is necessary when @code{gnutls_handshake_set_timeout()} or +@code{gnutls_record_set_timeout()} are set, and for calculating the DTLS mode +timeouts. + +In short, this callback should be set when a custom pull function is +registered. The callback will not be used when the session is in TLS mode with +non-blocking sockets. That is, when @code{GNUTLS_NONBLOCK} is specified for a TLS +session in @code{gnutls_init()} . For compatibility with future GnuTLS versions +it is recommended to always set this function when a custom pull function +is registered. + +The helper function @code{gnutls_system_recv_timeout()} is provided to +simplify writing callbacks. + +@strong{Since:} 3.0 +@end deftypefun diff --git a/doc/functions/gnutls_transport_set_pull_timeout_function.short b/doc/functions/gnutls_transport_set_pull_timeout_function.short new file mode 100644 index 0000000..9595847 --- /dev/null +++ b/doc/functions/gnutls_transport_set_pull_timeout_function.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_transport_set_pull_timeout_function} (gnutls_session_t @var{session}, gnutls_pull_timeout_func @var{func}) diff --git a/doc/functions/gnutls_transport_set_push_function b/doc/functions/gnutls_transport_set_push_function new file mode 100644 index 0000000..b4b23f1 --- /dev/null +++ b/doc/functions/gnutls_transport_set_push_function @@ -0,0 +1,20 @@ + + + + +@deftypefun {void} {gnutls_transport_set_push_function} (gnutls_session_t @var{session}, gnutls_push_func @var{push_func}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{push_func}: a callback function similar to @code{write()} + +This is the function where you set a push function for gnutls to +use in order to send data. If you are going to use berkeley style +sockets, you do not need to use this function since the default +send(2) will probably be ok. Otherwise you should specify this +function for gnutls to be able to send data. +The callback should return a positive number indicating the +bytes sent, and -1 on error. + + @code{push_func} is of the form, +ssize_t (*gnutls_push_func)(gnutls_transport_ptr_t, const void*, size_t); +@end deftypefun diff --git a/doc/functions/gnutls_transport_set_push_function.short b/doc/functions/gnutls_transport_set_push_function.short new file mode 100644 index 0000000..75a1718 --- /dev/null +++ b/doc/functions/gnutls_transport_set_push_function.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_transport_set_push_function} (gnutls_session_t @var{session}, gnutls_push_func @var{push_func}) diff --git a/doc/functions/gnutls_transport_set_vec_push_function b/doc/functions/gnutls_transport_set_vec_push_function new file mode 100644 index 0000000..5a85b34 --- /dev/null +++ b/doc/functions/gnutls_transport_set_vec_push_function @@ -0,0 +1,19 @@ + + + + +@deftypefun {void} {gnutls_transport_set_vec_push_function} (gnutls_session_t @var{session}, gnutls_vec_push_func @var{vec_func}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{vec_func}: a callback function similar to @code{writev()} + +Using this function you can override the default writev(2) +function for gnutls to send data. Setting this callback +instead of @code{gnutls_transport_set_push_function()} is recommended +since it introduces less overhead in the TLS handshake process. + + @code{vec_func} is of the form, +ssize_t (*gnutls_vec_push_func) (gnutls_transport_ptr_t, const giovec_t * iov, int iovcnt); + +@strong{Since:} 2.12.0 +@end deftypefun diff --git a/doc/functions/gnutls_transport_set_vec_push_function.short b/doc/functions/gnutls_transport_set_vec_push_function.short new file mode 100644 index 0000000..2d46785 --- /dev/null +++ b/doc/functions/gnutls_transport_set_vec_push_function.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_transport_set_vec_push_function} (gnutls_session_t @var{session}, gnutls_vec_push_func @var{vec_func}) diff --git a/doc/functions/gnutls_url_is_supported b/doc/functions/gnutls_url_is_supported new file mode 100644 index 0000000..218c50f --- /dev/null +++ b/doc/functions/gnutls_url_is_supported @@ -0,0 +1,15 @@ + + + + +@deftypefun {unsigned} {gnutls_url_is_supported} (const char * @var{url}) +@var{url}: A URI to be tested + +Check whether the provided @code{url} is supported. Depending on the system libraries +GnuTLS may support pkcs11, tpmkey or other URLs. + +@strong{Returns:} return non-zero if the given URL is supported, and zero if +it is not known. + +@strong{Since:} 3.1.0 +@end deftypefun diff --git a/doc/functions/gnutls_url_is_supported.short b/doc/functions/gnutls_url_is_supported.short new file mode 100644 index 0000000..b5feb70 --- /dev/null +++ b/doc/functions/gnutls_url_is_supported.short @@ -0,0 +1 @@ +@item @var{unsigned} @ref{gnutls_url_is_supported} (const char * @var{url}) diff --git a/doc/functions/gnutls_utf8_password_normalize b/doc/functions/gnutls_utf8_password_normalize new file mode 100644 index 0000000..4890b86 --- /dev/null +++ b/doc/functions/gnutls_utf8_password_normalize @@ -0,0 +1,23 @@ + + + + +@deftypefun {int} {gnutls_utf8_password_normalize} (const unsigned char * @var{password}, unsigned @var{plen}, gnutls_datum_t * @var{out}, unsigned @var{flags}) +@var{password}: contain the UTF-8 formatted password + +@var{plen}: the length of the provided password + +@var{out}: the result in an null-terminated allocated string + +@var{flags}: should be zero + +This function will convert the provided UTF-8 password according +to the normalization rules in RFC7613. + +If the flag @code{GNUTLS_UTF8_IGNORE_ERRS} is specified, any UTF-8 encoding +errors will be ignored, and in that case the output will be a copy of the input. + +@strong{Returns:} @code{GNUTLS_E_INVALID_UTF8_STRING} on invalid UTF-8 data, or 0 on success. + +@strong{Since:} 3.5.7 +@end deftypefun diff --git a/doc/functions/gnutls_utf8_password_normalize.short b/doc/functions/gnutls_utf8_password_normalize.short new file mode 100644 index 0000000..8b89fe3 --- /dev/null +++ b/doc/functions/gnutls_utf8_password_normalize.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_utf8_password_normalize} (const unsigned char * @var{password}, unsigned @var{plen}, gnutls_datum_t * @var{out}, unsigned @var{flags}) diff --git a/doc/functions/gnutls_verify_stored_pubkey b/doc/functions/gnutls_verify_stored_pubkey new file mode 100644 index 0000000..a1a7c4f --- /dev/null +++ b/doc/functions/gnutls_verify_stored_pubkey @@ -0,0 +1,45 @@ + + + + +@deftypefun {int} {gnutls_verify_stored_pubkey} (const char * @var{db_name}, gnutls_tdb_t @var{tdb}, const char * @var{host}, const char * @var{service}, gnutls_certificate_type_t @var{cert_type}, const gnutls_datum_t * @var{cert}, unsigned int @var{flags}) +@var{db_name}: A file specifying the stored keys (use NULL for the default) + +@var{tdb}: A storage structure or NULL to use the default + +@var{host}: The peer's name + +@var{service}: non-NULL if this key is specific to a service (e.g. http) + +@var{cert_type}: The type of the certificate + +@var{cert}: The raw (der) data of the certificate + +@var{flags}: should be 0. + +This function will try to verify a raw public-key or a public-key provided via +a raw (DER-encoded) certificate using a list of stored public keys. +The @code{service} field if non-NULL should be a port number. + +The @code{db_name} variable if non-null specifies a custom backend for +the retrieval of entries. If it is NULL then the +default file backend will be used. In POSIX-like systems the +file backend uses the $HOME/.gnutls/known_hosts file. + +Note that if the custom storage backend is provided the +retrieval function should return @code{GNUTLS_E_CERTIFICATE_KEY_MISMATCH} +if the host/service pair is found but key doesn't match, +@code{GNUTLS_E_NO_CERTIFICATE_FOUND} if no such host/service with +the given key is found, and 0 if it was found. The storage +function should return 0 on success. + +As of GnuTLS 3.6.6 this function also verifies raw public keys. + +@strong{Returns:} If no associated public key is found +then @code{GNUTLS_E_NO_CERTIFICATE_FOUND} will be returned. If a key +is found but does not match @code{GNUTLS_E_CERTIFICATE_KEY_MISMATCH} +is returned. On success, @code{GNUTLS_E_SUCCESS} (0) is returned, +or a negative error value on other errors. + +@strong{Since:} 3.0.13 +@end deftypefun diff --git a/doc/functions/gnutls_verify_stored_pubkey.short b/doc/functions/gnutls_verify_stored_pubkey.short new file mode 100644 index 0000000..3ecf88d --- /dev/null +++ b/doc/functions/gnutls_verify_stored_pubkey.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_verify_stored_pubkey} (const char * @var{db_name}, gnutls_tdb_t @var{tdb}, const char * @var{host}, const char * @var{service}, gnutls_certificate_type_t @var{cert_type}, const gnutls_datum_t * @var{cert}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_x509_aia_deinit b/doc/functions/gnutls_x509_aia_deinit new file mode 100644 index 0000000..5da28e3 --- /dev/null +++ b/doc/functions/gnutls_x509_aia_deinit @@ -0,0 +1,11 @@ + + + + +@deftypefun {void} {gnutls_x509_aia_deinit} (gnutls_x509_aia_t @var{aia}) +@var{aia}: The authority info access + +This function will deinitialize an authority info access type. + +@strong{Since:} 3.3.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_aia_deinit.short b/doc/functions/gnutls_x509_aia_deinit.short new file mode 100644 index 0000000..0ce503a --- /dev/null +++ b/doc/functions/gnutls_x509_aia_deinit.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_x509_aia_deinit} (gnutls_x509_aia_t @var{aia}) diff --git a/doc/functions/gnutls_x509_aia_get b/doc/functions/gnutls_x509_aia_get new file mode 100644 index 0000000..8116d7d --- /dev/null +++ b/doc/functions/gnutls_x509_aia_get @@ -0,0 +1,28 @@ + + + + +@deftypefun {int} {gnutls_x509_aia_get} (gnutls_x509_aia_t @var{aia}, unsigned int @var{seq}, gnutls_datum_t * @var{oid}, unsigned * @var{san_type}, gnutls_datum_t * @var{san}) +@var{aia}: The authority info access + +@var{seq}: specifies the sequence number of the access descriptor (0 for the first one, 1 for the second etc.) + +@var{oid}: the type of available data; to be treated as constant. + +@var{san_type}: Will hold the type of the name of @code{gnutls_subject_alt_names_t} (may be null). + +@var{san}: the access location name; to be treated as constant (may be null). + +This function reads from the Authority Information Access type. + +The @code{seq} input parameter is used to indicate which member of the +sequence the caller is interested in. The first member is 0, the +second member 1 and so on. When the @code{seq} value is out of bounds, +@code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} is returned. + +Typically @code{oid} is @code{GNUTLS_OID_AD_CAISSUERS} or @code{GNUTLS_OID_AD_OCSP} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a negative error value. + +@strong{Since:} 3.3.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_aia_get.short b/doc/functions/gnutls_x509_aia_get.short new file mode 100644 index 0000000..75911b0 --- /dev/null +++ b/doc/functions/gnutls_x509_aia_get.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_aia_get} (gnutls_x509_aia_t @var{aia}, unsigned int @var{seq}, gnutls_datum_t * @var{oid}, unsigned * @var{san_type}, gnutls_datum_t * @var{san}) diff --git a/doc/functions/gnutls_x509_aia_init b/doc/functions/gnutls_x509_aia_init new file mode 100644 index 0000000..8926c45 --- /dev/null +++ b/doc/functions/gnutls_x509_aia_init @@ -0,0 +1,13 @@ + + + + +@deftypefun {int} {gnutls_x509_aia_init} (gnutls_x509_aia_t * @var{aia}) +@var{aia}: The authority info access + +This function will initialize an authority info access type. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a negative error value. + +@strong{Since:} 3.3.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_aia_init.short b/doc/functions/gnutls_x509_aia_init.short new file mode 100644 index 0000000..7f924eb --- /dev/null +++ b/doc/functions/gnutls_x509_aia_init.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_aia_init} (gnutls_x509_aia_t * @var{aia}) diff --git a/doc/functions/gnutls_x509_aia_set b/doc/functions/gnutls_x509_aia_set new file mode 100644 index 0000000..7845720 --- /dev/null +++ b/doc/functions/gnutls_x509_aia_set @@ -0,0 +1,26 @@ + + + + +@deftypefun {int} {gnutls_x509_aia_set} (gnutls_x509_aia_t @var{aia}, const char * @var{oid}, unsigned @var{san_type}, const gnutls_datum_t * @var{san}) +@var{aia}: The authority info access + +@var{oid}: the type of data. + +@var{san_type}: The type of the name (of @code{gnutls_subject_alt_names_t} ) + +@var{san}: The alternative name data + +This function will store the specified alternative name in +the @code{aia} type. + +Typically the value for @code{oid} should be @code{GNUTLS_OID_AD_OCSP} , or +@code{GNUTLS_OID_AD_CAISSUERS} . + +Since version 3.5.7 the @code{GNUTLS_SAN_RFC822NAME} , and @code{GNUTLS_SAN_DNSNAME} , +are converted to ACE format when necessary. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0), otherwise a negative error value. + +@strong{Since:} 3.3.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_aia_set.short b/doc/functions/gnutls_x509_aia_set.short new file mode 100644 index 0000000..148e15c --- /dev/null +++ b/doc/functions/gnutls_x509_aia_set.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_aia_set} (gnutls_x509_aia_t @var{aia}, const char * @var{oid}, unsigned @var{san_type}, const gnutls_datum_t * @var{san}) diff --git a/doc/functions/gnutls_x509_aki_deinit b/doc/functions/gnutls_x509_aki_deinit new file mode 100644 index 0000000..52c3248 --- /dev/null +++ b/doc/functions/gnutls_x509_aki_deinit @@ -0,0 +1,11 @@ + + + + +@deftypefun {void} {gnutls_x509_aki_deinit} (gnutls_x509_aki_t @var{aki}) +@var{aki}: The authority key identifier type + +This function will deinitialize an authority key identifier. + +@strong{Since:} 3.3.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_aki_deinit.short b/doc/functions/gnutls_x509_aki_deinit.short new file mode 100644 index 0000000..14321ff --- /dev/null +++ b/doc/functions/gnutls_x509_aki_deinit.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_x509_aki_deinit} (gnutls_x509_aki_t @var{aki}) diff --git a/doc/functions/gnutls_x509_aki_get_cert_issuer b/doc/functions/gnutls_x509_aki_get_cert_issuer new file mode 100644 index 0000000..c9b63b8 --- /dev/null +++ b/doc/functions/gnutls_x509_aki_get_cert_issuer @@ -0,0 +1,26 @@ + + + + +@deftypefun {int} {gnutls_x509_aki_get_cert_issuer} (gnutls_x509_aki_t @var{aki}, unsigned int @var{seq}, unsigned int * @var{san_type}, gnutls_datum_t * @var{san}, gnutls_datum_t * @var{othername_oid}, gnutls_datum_t * @var{serial}) +@var{aki}: The authority key ID + +@var{seq}: The index of the name to get + +@var{san_type}: Will hold the type of the name (of @code{gnutls_subject_alt_names_t} ) + +@var{san}: The alternative name data + +@var{othername_oid}: The object identifier if @code{san_type} is @code{GNUTLS_SAN_OTHERNAME} + +@var{serial}: The authorityCertSerialNumber number + +This function will return a specific authorityCertIssuer name as stored in +the @code{aki} type, as well as the authorityCertSerialNumber. All the returned +values should be treated as constant, and may be set to @code{NULL} when are not required. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} +if the index is out of bounds, otherwise a negative error value. + +@strong{Since:} 3.3.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_aki_get_cert_issuer.short b/doc/functions/gnutls_x509_aki_get_cert_issuer.short new file mode 100644 index 0000000..e81664f --- /dev/null +++ b/doc/functions/gnutls_x509_aki_get_cert_issuer.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_aki_get_cert_issuer} (gnutls_x509_aki_t @var{aki}, unsigned int @var{seq}, unsigned int * @var{san_type}, gnutls_datum_t * @var{san}, gnutls_datum_t * @var{othername_oid}, gnutls_datum_t * @var{serial}) diff --git a/doc/functions/gnutls_x509_aki_get_id b/doc/functions/gnutls_x509_aki_get_id new file mode 100644 index 0000000..d3cc618 --- /dev/null +++ b/doc/functions/gnutls_x509_aki_get_id @@ -0,0 +1,17 @@ + + + + +@deftypefun {int} {gnutls_x509_aki_get_id} (gnutls_x509_aki_t @var{aki}, gnutls_datum_t * @var{id}) +@var{aki}: The authority key ID + +@var{id}: Will hold the identifier + +This function will return the key identifier as stored in +the @code{aki} type. The identifier should be treated as constant. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} +if the index is out of bounds, otherwise a negative error value. + +@strong{Since:} 3.3.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_aki_get_id.short b/doc/functions/gnutls_x509_aki_get_id.short new file mode 100644 index 0000000..930cdec --- /dev/null +++ b/doc/functions/gnutls_x509_aki_get_id.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_aki_get_id} (gnutls_x509_aki_t @var{aki}, gnutls_datum_t * @var{id}) diff --git a/doc/functions/gnutls_x509_aki_init b/doc/functions/gnutls_x509_aki_init new file mode 100644 index 0000000..18244f6 --- /dev/null +++ b/doc/functions/gnutls_x509_aki_init @@ -0,0 +1,13 @@ + + + + +@deftypefun {int} {gnutls_x509_aki_init} (gnutls_x509_aki_t * @var{aki}) +@var{aki}: The authority key ID type + +This function will initialize an authority key ID. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a negative error value. + +@strong{Since:} 3.3.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_aki_init.short b/doc/functions/gnutls_x509_aki_init.short new file mode 100644 index 0000000..6a33e60 --- /dev/null +++ b/doc/functions/gnutls_x509_aki_init.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_aki_init} (gnutls_x509_aki_t * @var{aki}) diff --git a/doc/functions/gnutls_x509_aki_set_cert_issuer b/doc/functions/gnutls_x509_aki_set_cert_issuer new file mode 100644 index 0000000..2fdb304 --- /dev/null +++ b/doc/functions/gnutls_x509_aki_set_cert_issuer @@ -0,0 +1,26 @@ + + + + +@deftypefun {int} {gnutls_x509_aki_set_cert_issuer} (gnutls_x509_aki_t @var{aki}, unsigned int @var{san_type}, const gnutls_datum_t * @var{san}, const char * @var{othername_oid}, const gnutls_datum_t * @var{serial}) +@var{aki}: The authority key ID + +@var{san_type}: the type of the name (of @code{gnutls_subject_alt_names_t} ), may be null + +@var{san}: The alternative name data + +@var{othername_oid}: The object identifier if @code{san_type} is @code{GNUTLS_SAN_OTHERNAME} + +@var{serial}: The authorityCertSerialNumber number (may be null) + +This function will set the authorityCertIssuer name and the authorityCertSerialNumber +to be stored in the @code{aki} type. When storing multiple names, the serial +should be set on the first call, and subsequent calls should use a @code{NULL} serial. + +Since version 3.5.7 the @code{GNUTLS_SAN_RFC822NAME} , @code{GNUTLS_SAN_DNSNAME} , and +@code{GNUTLS_SAN_OTHERNAME_XMPP} are converted to ACE format when necessary. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a negative error value. + +@strong{Since:} 3.3.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_aki_set_cert_issuer.short b/doc/functions/gnutls_x509_aki_set_cert_issuer.short new file mode 100644 index 0000000..353a7a1 --- /dev/null +++ b/doc/functions/gnutls_x509_aki_set_cert_issuer.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_aki_set_cert_issuer} (gnutls_x509_aki_t @var{aki}, unsigned int @var{san_type}, const gnutls_datum_t * @var{san}, const char * @var{othername_oid}, const gnutls_datum_t * @var{serial}) diff --git a/doc/functions/gnutls_x509_aki_set_id b/doc/functions/gnutls_x509_aki_set_id new file mode 100644 index 0000000..669badf --- /dev/null +++ b/doc/functions/gnutls_x509_aki_set_id @@ -0,0 +1,15 @@ + + + + +@deftypefun {int} {gnutls_x509_aki_set_id} (gnutls_x509_aki_t @var{aki}, const gnutls_datum_t * @var{id}) +@var{aki}: The authority key ID + +@var{id}: the key identifier + +This function will set the keyIdentifier to be stored in the @code{aki} type. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a negative error value. + +@strong{Since:} 3.3.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_aki_set_id.short b/doc/functions/gnutls_x509_aki_set_id.short new file mode 100644 index 0000000..e336824 --- /dev/null +++ b/doc/functions/gnutls_x509_aki_set_id.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_aki_set_id} (gnutls_x509_aki_t @var{aki}, const gnutls_datum_t * @var{id}) diff --git a/doc/functions/gnutls_x509_cidr_to_rfc5280 b/doc/functions/gnutls_x509_cidr_to_rfc5280 new file mode 100644 index 0000000..17515f1 --- /dev/null +++ b/doc/functions/gnutls_x509_cidr_to_rfc5280 @@ -0,0 +1,23 @@ + + + + +@deftypefun {int} {gnutls_x509_cidr_to_rfc5280} (const char * @var{cidr}, gnutls_datum_t * @var{cidr_rfc5280}) +@var{cidr}: CIDR in RFC4632 format (IP/prefix), null-terminated + +@var{cidr_rfc5280}: CIDR range converted to RFC5280 format + +This function will convert text CIDR range with prefix (such as '10.0.0.0/8') +to RFC5280 (IP address in network byte order followed by its network mask). +Works for both IPv4 and IPv6. + +The resulting object is directly usable for IP name constraints usage, +for example in functions @code{gnutls_x509_name_constraints_add_permitted} +or @code{gnutls_x509_name_constraints_add_excluded} . + +The data in datum needs to be deallocated using @code{gnutls_free()} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a negative error value. + +@strong{Since:} 3.5.4 +@end deftypefun diff --git a/doc/functions/gnutls_x509_cidr_to_rfc5280.short b/doc/functions/gnutls_x509_cidr_to_rfc5280.short new file mode 100644 index 0000000..0c91b18 --- /dev/null +++ b/doc/functions/gnutls_x509_cidr_to_rfc5280.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_cidr_to_rfc5280} (const char * @var{cidr}, gnutls_datum_t * @var{cidr_rfc5280}) diff --git a/doc/functions/gnutls_x509_crl_check_issuer b/doc/functions/gnutls_x509_crl_check_issuer new file mode 100644 index 0000000..8cc6bed --- /dev/null +++ b/doc/functions/gnutls_x509_crl_check_issuer @@ -0,0 +1,15 @@ + + + + +@deftypefun {unsigned} {gnutls_x509_crl_check_issuer} (gnutls_x509_crl_t @var{crl}, gnutls_x509_crt_t @var{issuer}) +@var{crl}: is the CRL to be checked + +@var{issuer}: is the certificate of a possible issuer + +This function will check if the given CRL was issued by the given +issuer certificate. + +@strong{Returns:} true (1) if the given CRL was issued by the given issuer, +and false (0) if not. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crl_check_issuer.short b/doc/functions/gnutls_x509_crl_check_issuer.short new file mode 100644 index 0000000..e80db98 --- /dev/null +++ b/doc/functions/gnutls_x509_crl_check_issuer.short @@ -0,0 +1 @@ +@item @var{unsigned} @ref{gnutls_x509_crl_check_issuer} (gnutls_x509_crl_t @var{crl}, gnutls_x509_crt_t @var{issuer}) diff --git a/doc/functions/gnutls_x509_crl_deinit b/doc/functions/gnutls_x509_crl_deinit new file mode 100644 index 0000000..80f3dac --- /dev/null +++ b/doc/functions/gnutls_x509_crl_deinit @@ -0,0 +1,9 @@ + + + + +@deftypefun {void} {gnutls_x509_crl_deinit} (gnutls_x509_crl_t @var{crl}) +@var{crl}: The data to be deinitialized + +This function will deinitialize a CRL structure. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crl_deinit.short b/doc/functions/gnutls_x509_crl_deinit.short new file mode 100644 index 0000000..f1f7e01 --- /dev/null +++ b/doc/functions/gnutls_x509_crl_deinit.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_x509_crl_deinit} (gnutls_x509_crl_t @var{crl}) diff --git a/doc/functions/gnutls_x509_crl_dist_points_deinit b/doc/functions/gnutls_x509_crl_dist_points_deinit new file mode 100644 index 0000000..1cb82ad --- /dev/null +++ b/doc/functions/gnutls_x509_crl_dist_points_deinit @@ -0,0 +1,11 @@ + + + + +@deftypefun {void} {gnutls_x509_crl_dist_points_deinit} (gnutls_x509_crl_dist_points_t @var{cdp}) +@var{cdp}: The CRL distribution points + +This function will deinitialize a CRL distribution points type. + +@strong{Since:} 3.3.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crl_dist_points_deinit.short b/doc/functions/gnutls_x509_crl_dist_points_deinit.short new file mode 100644 index 0000000..e7c4680 --- /dev/null +++ b/doc/functions/gnutls_x509_crl_dist_points_deinit.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_x509_crl_dist_points_deinit} (gnutls_x509_crl_dist_points_t @var{cdp}) diff --git a/doc/functions/gnutls_x509_crl_dist_points_get b/doc/functions/gnutls_x509_crl_dist_points_get new file mode 100644 index 0000000..f4b51ef --- /dev/null +++ b/doc/functions/gnutls_x509_crl_dist_points_get @@ -0,0 +1,21 @@ + + + + +@deftypefun {int} {gnutls_x509_crl_dist_points_get} (gnutls_x509_crl_dist_points_t @var{cdp}, unsigned int @var{seq}, unsigned int * @var{type}, gnutls_datum_t * @var{san}, unsigned int * @var{reasons}) +@var{cdp}: The CRL distribution points + +@var{seq}: specifies the sequence number of the distribution point (0 for the first one, 1 for the second etc.) + +@var{type}: The name type of the corresponding name (gnutls_x509_subject_alt_name_t) + +@var{san}: The distribution point names (to be treated as constant) + +@var{reasons}: Revocation reasons. An ORed sequence of flags from @code{gnutls_x509_crl_reason_flags_t} . + +This function retrieves the individual CRL distribution points (2.5.29.31), +contained in provided type. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} +if the index is out of bounds, otherwise a negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crl_dist_points_get.short b/doc/functions/gnutls_x509_crl_dist_points_get.short new file mode 100644 index 0000000..bf3a3b2 --- /dev/null +++ b/doc/functions/gnutls_x509_crl_dist_points_get.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crl_dist_points_get} (gnutls_x509_crl_dist_points_t @var{cdp}, unsigned int @var{seq}, unsigned int * @var{type}, gnutls_datum_t * @var{san}, unsigned int * @var{reasons}) diff --git a/doc/functions/gnutls_x509_crl_dist_points_init b/doc/functions/gnutls_x509_crl_dist_points_init new file mode 100644 index 0000000..0215be8 --- /dev/null +++ b/doc/functions/gnutls_x509_crl_dist_points_init @@ -0,0 +1,13 @@ + + + + +@deftypefun {int} {gnutls_x509_crl_dist_points_init} (gnutls_x509_crl_dist_points_t * @var{cdp}) +@var{cdp}: The CRL distribution points + +This function will initialize a CRL distribution points type. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a negative error value. + +@strong{Since:} 3.3.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crl_dist_points_init.short b/doc/functions/gnutls_x509_crl_dist_points_init.short new file mode 100644 index 0000000..4582b1c --- /dev/null +++ b/doc/functions/gnutls_x509_crl_dist_points_init.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crl_dist_points_init} (gnutls_x509_crl_dist_points_t * @var{cdp}) diff --git a/doc/functions/gnutls_x509_crl_dist_points_set b/doc/functions/gnutls_x509_crl_dist_points_set new file mode 100644 index 0000000..4c3f8d2 --- /dev/null +++ b/doc/functions/gnutls_x509_crl_dist_points_set @@ -0,0 +1,20 @@ + + + + +@deftypefun {int} {gnutls_x509_crl_dist_points_set} (gnutls_x509_crl_dist_points_t @var{cdp}, gnutls_x509_subject_alt_name_t @var{type}, const gnutls_datum_t * @var{san}, unsigned int @var{reasons}) +@var{cdp}: The CRL distribution points + +@var{type}: The type of the name (of @code{gnutls_subject_alt_names_t} ) + +@var{san}: The point name data + +@var{reasons}: Revocation reasons. An ORed sequence of flags from @code{gnutls_x509_crl_reason_flags_t} . + +This function will store the specified CRL distribution point value +the @code{cdp} type. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0), otherwise a negative error value. + +@strong{Since:} 3.3.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crl_dist_points_set.short b/doc/functions/gnutls_x509_crl_dist_points_set.short new file mode 100644 index 0000000..a65fb3b --- /dev/null +++ b/doc/functions/gnutls_x509_crl_dist_points_set.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crl_dist_points_set} (gnutls_x509_crl_dist_points_t @var{cdp}, gnutls_x509_subject_alt_name_t @var{type}, const gnutls_datum_t * @var{san}, unsigned int @var{reasons}) diff --git a/doc/functions/gnutls_x509_crl_export b/doc/functions/gnutls_x509_crl_export new file mode 100644 index 0000000..cd023da --- /dev/null +++ b/doc/functions/gnutls_x509_crl_export @@ -0,0 +1,25 @@ + + + + +@deftypefun {int} {gnutls_x509_crl_export} (gnutls_x509_crl_t @var{crl}, gnutls_x509_crt_fmt_t @var{format}, void * @var{output_data}, size_t * @var{output_data_size}) +@var{crl}: Holds the revocation list + +@var{format}: the format of output params. One of PEM or DER. + +@var{output_data}: will contain a private key PEM or DER encoded + +@var{output_data_size}: holds the size of output_data (and will +be replaced by the actual size of parameters) + +This function will export the revocation list to DER or PEM format. + +If the buffer provided is not long enough to hold the output, then +@code{GNUTLS_E_SHORT_MEMORY_BUFFER} will be returned. + +If the structure is PEM encoded, it will have a header +of "BEGIN X509 CRL". + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crl_export.short b/doc/functions/gnutls_x509_crl_export.short new file mode 100644 index 0000000..1ff7e7c --- /dev/null +++ b/doc/functions/gnutls_x509_crl_export.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crl_export} (gnutls_x509_crl_t @var{crl}, gnutls_x509_crt_fmt_t @var{format}, void * @var{output_data}, size_t * @var{output_data_size}) diff --git a/doc/functions/gnutls_x509_crl_export2 b/doc/functions/gnutls_x509_crl_export2 new file mode 100644 index 0000000..2ffd76a --- /dev/null +++ b/doc/functions/gnutls_x509_crl_export2 @@ -0,0 +1,23 @@ + + + + +@deftypefun {int} {gnutls_x509_crl_export2} (gnutls_x509_crl_t @var{crl}, gnutls_x509_crt_fmt_t @var{format}, gnutls_datum_t * @var{out}) +@var{crl}: Holds the revocation list + +@var{format}: the format of output params. One of PEM or DER. + +@var{out}: will contain a private key PEM or DER encoded + +This function will export the revocation list to DER or PEM format. + +The output buffer is allocated using @code{gnutls_malloc()} . + +If the structure is PEM encoded, it will have a header +of "BEGIN X509 CRL". + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +Since 3.1.3 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crl_export2.short b/doc/functions/gnutls_x509_crl_export2.short new file mode 100644 index 0000000..213df38 --- /dev/null +++ b/doc/functions/gnutls_x509_crl_export2.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crl_export2} (gnutls_x509_crl_t @var{crl}, gnutls_x509_crt_fmt_t @var{format}, gnutls_datum_t * @var{out}) diff --git a/doc/functions/gnutls_x509_crl_get_authority_key_gn_serial b/doc/functions/gnutls_x509_crl_get_authority_key_gn_serial new file mode 100644 index 0000000..2d01a76 --- /dev/null +++ b/doc/functions/gnutls_x509_crl_get_authority_key_gn_serial @@ -0,0 +1,33 @@ + + + + +@deftypefun {int} {gnutls_x509_crl_get_authority_key_gn_serial} (gnutls_x509_crl_t @var{crl}, unsigned int @var{seq}, void * @var{alt}, size_t * @var{alt_size}, unsigned int * @var{alt_type}, void * @var{serial}, size_t * @var{serial_size}, unsigned int * @var{critical}) +@var{crl}: should contain a @code{gnutls_x509_crl_t} type + +@var{seq}: specifies the sequence number of the alt name (0 for the first one, 1 for the second etc.) + +@var{alt}: is the place where the alternative name will be copied to + +@var{alt_size}: holds the size of alt. + +@var{alt_type}: holds the type of the alternative name (one of gnutls_x509_subject_alt_name_t). + +@var{serial}: buffer to store the serial number (may be null) + +@var{serial_size}: Holds the size of the serial field (may be null) + +@var{critical}: will be non-zero if the extension is marked as critical (may be null) + +This function will return the X.509 authority key +identifier when stored as a general name (authorityCertIssuer) +and serial number. + +Because more than one general names might be stored + @code{seq} can be used as a counter to request them all until +@code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} is returned. + +@strong{Returns:} Returns 0 on success, or an error code. + +@strong{Since:} 3.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crl_get_authority_key_gn_serial.short b/doc/functions/gnutls_x509_crl_get_authority_key_gn_serial.short new file mode 100644 index 0000000..897da16 --- /dev/null +++ b/doc/functions/gnutls_x509_crl_get_authority_key_gn_serial.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crl_get_authority_key_gn_serial} (gnutls_x509_crl_t @var{crl}, unsigned int @var{seq}, void * @var{alt}, size_t * @var{alt_size}, unsigned int * @var{alt_type}, void * @var{serial}, size_t * @var{serial_size}, unsigned int * @var{critical}) diff --git a/doc/functions/gnutls_x509_crl_get_authority_key_id b/doc/functions/gnutls_x509_crl_get_authority_key_id new file mode 100644 index 0000000..9e3aabf --- /dev/null +++ b/doc/functions/gnutls_x509_crl_get_authority_key_id @@ -0,0 +1,27 @@ + + + + +@deftypefun {int} {gnutls_x509_crl_get_authority_key_id} (gnutls_x509_crl_t @var{crl}, void * @var{id}, size_t * @var{id_size}, unsigned int * @var{critical}) +@var{crl}: should contain a @code{gnutls_x509_crl_t} type + +@var{id}: The place where the identifier will be copied + +@var{id_size}: Holds the size of the result field. + +@var{critical}: will be non-zero if the extension is marked as critical +(may be null) + +This function will return the CRL authority's key identifier. This +is obtained by the X.509 Authority Key identifier extension field +(2.5.29.35). Note that this function +only returns the keyIdentifier field of the extension and +@code{GNUTLS_E_X509_UNSUPPORTED_EXTENSION} , if the extension contains +the name and serial number of the certificate. In that case +@code{gnutls_x509_crl_get_authority_key_gn_serial()} may be used. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error code in case of an error. + +@strong{Since:} 2.8.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crl_get_authority_key_id.short b/doc/functions/gnutls_x509_crl_get_authority_key_id.short new file mode 100644 index 0000000..1efb90f --- /dev/null +++ b/doc/functions/gnutls_x509_crl_get_authority_key_id.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crl_get_authority_key_id} (gnutls_x509_crl_t @var{crl}, void * @var{id}, size_t * @var{id_size}, unsigned int * @var{critical}) diff --git a/doc/functions/gnutls_x509_crl_get_crt_count b/doc/functions/gnutls_x509_crl_get_crt_count new file mode 100644 index 0000000..3a1d64a --- /dev/null +++ b/doc/functions/gnutls_x509_crl_get_crt_count @@ -0,0 +1,12 @@ + + + + +@deftypefun {int} {gnutls_x509_crl_get_crt_count} (gnutls_x509_crl_t @var{crl}) +@var{crl}: should contain a @code{gnutls_x509_crl_t} type + +This function will return the number of revoked certificates in the +given CRL. + +@strong{Returns:} number of certificates, a negative error code on failure. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crl_get_crt_count.short b/doc/functions/gnutls_x509_crl_get_crt_count.short new file mode 100644 index 0000000..0ef8c3b --- /dev/null +++ b/doc/functions/gnutls_x509_crl_get_crt_count.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crl_get_crt_count} (gnutls_x509_crl_t @var{crl}) diff --git a/doc/functions/gnutls_x509_crl_get_crt_serial b/doc/functions/gnutls_x509_crl_get_crt_serial new file mode 100644 index 0000000..b087ac0 --- /dev/null +++ b/doc/functions/gnutls_x509_crl_get_crt_serial @@ -0,0 +1,24 @@ + + + + +@deftypefun {int} {gnutls_x509_crl_get_crt_serial} (gnutls_x509_crl_t @var{crl}, unsigned @var{indx}, unsigned char * @var{serial}, size_t * @var{serial_size}, time_t * @var{t}) +@var{crl}: should contain a @code{gnutls_x509_crl_t} type + +@var{indx}: the index of the certificate to extract (starting from 0) + +@var{serial}: where the serial number will be copied + +@var{serial_size}: initially holds the size of serial + +@var{t}: if non null, will hold the time this certificate was revoked + +This function will retrieve the serial number of the specified, by +the index, revoked certificate. + +Note that this function will have performance issues in large sequences +of revoked certificates. In that case use @code{gnutls_x509_crl_iter_crt_serial()} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crl_get_crt_serial.short b/doc/functions/gnutls_x509_crl_get_crt_serial.short new file mode 100644 index 0000000..6695731 --- /dev/null +++ b/doc/functions/gnutls_x509_crl_get_crt_serial.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crl_get_crt_serial} (gnutls_x509_crl_t @var{crl}, unsigned @var{indx}, unsigned char * @var{serial}, size_t * @var{serial_size}, time_t * @var{t}) diff --git a/doc/functions/gnutls_x509_crl_get_dn_oid b/doc/functions/gnutls_x509_crl_get_dn_oid new file mode 100644 index 0000000..68019df --- /dev/null +++ b/doc/functions/gnutls_x509_crl_get_dn_oid @@ -0,0 +1,22 @@ + + + + +@deftypefun {int} {gnutls_x509_crl_get_dn_oid} (gnutls_x509_crl_t @var{crl}, unsigned @var{indx}, void * @var{oid}, size_t * @var{sizeof_oid}) +@var{crl}: should contain a gnutls_x509_crl_t type + +@var{indx}: Specifies which DN OID to send. Use (0) to get the first one. + +@var{oid}: a pointer to store the OID (may be null) + +@var{sizeof_oid}: initially holds the size of 'oid' + +This function will extract the requested OID of the name of the CRL +issuer, specified by the given index. + +If oid is null then only the size will be filled. + +@strong{Returns:} @code{GNUTLS_E_SHORT_MEMORY_BUFFER} if the provided buffer is +not long enough, and in that case the sizeof_oid will be updated +with the required size. On success 0 is returned. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crl_get_dn_oid.short b/doc/functions/gnutls_x509_crl_get_dn_oid.short new file mode 100644 index 0000000..b21554f --- /dev/null +++ b/doc/functions/gnutls_x509_crl_get_dn_oid.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crl_get_dn_oid} (gnutls_x509_crl_t @var{crl}, unsigned @var{indx}, void * @var{oid}, size_t * @var{sizeof_oid}) diff --git a/doc/functions/gnutls_x509_crl_get_extension_data b/doc/functions/gnutls_x509_crl_get_extension_data new file mode 100644 index 0000000..713c627 --- /dev/null +++ b/doc/functions/gnutls_x509_crl_get_extension_data @@ -0,0 +1,29 @@ + + + + +@deftypefun {int} {gnutls_x509_crl_get_extension_data} (gnutls_x509_crl_t @var{crl}, unsigned @var{indx}, void * @var{data}, size_t * @var{sizeof_data}) +@var{crl}: should contain a @code{gnutls_x509_crl_t} type + +@var{indx}: Specifies which extension OID to send. Use (0) to get the first one. + +@var{data}: a pointer to a structure to hold the data (may be null) + +@var{sizeof_data}: initially holds the size of @code{oid} + +This function will return the requested extension data in the CRL. +The extension data will be stored as a string in the provided +buffer. + +Use @code{gnutls_x509_crl_get_extension_info()} to extract the OID and +critical flag. Use @code{gnutls_x509_crl_get_extension_info()} instead, +if you want to get data indexed by the extension OID rather than +sequence. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error code in case of an error. If your have reached the +last extension available @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} +will be returned. + +@strong{Since:} 2.8.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crl_get_extension_data.short b/doc/functions/gnutls_x509_crl_get_extension_data.short new file mode 100644 index 0000000..ee1c93a --- /dev/null +++ b/doc/functions/gnutls_x509_crl_get_extension_data.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crl_get_extension_data} (gnutls_x509_crl_t @var{crl}, unsigned @var{indx}, void * @var{data}, size_t * @var{sizeof_data}) diff --git a/doc/functions/gnutls_x509_crl_get_extension_data2 b/doc/functions/gnutls_x509_crl_get_extension_data2 new file mode 100644 index 0000000..5128f51 --- /dev/null +++ b/doc/functions/gnutls_x509_crl_get_extension_data2 @@ -0,0 +1,22 @@ + + + + +@deftypefun {int} {gnutls_x509_crl_get_extension_data2} (gnutls_x509_crl_t @var{crl}, unsigned @var{indx}, gnutls_datum_t * @var{data}) +@var{crl}: should contain a @code{gnutls_x509_crl_t} type + +@var{indx}: Specifies which extension OID to read. Use (0) to get the first one. + +@var{data}: will contain the extension DER-encoded data + +This function will return the requested by the index extension data in the +certificate revocation list. The extension data will be allocated using +@code{gnutls_malloc()} . + +Use @code{gnutls_x509_crt_get_extension_info()} to extract the OID. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, +otherwise a negative error code is returned. If you have reached the +last extension available @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} +will be returned. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crl_get_extension_data2.short b/doc/functions/gnutls_x509_crl_get_extension_data2.short new file mode 100644 index 0000000..bb60639 --- /dev/null +++ b/doc/functions/gnutls_x509_crl_get_extension_data2.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crl_get_extension_data2} (gnutls_x509_crl_t @var{crl}, unsigned @var{indx}, gnutls_datum_t * @var{data}) diff --git a/doc/functions/gnutls_x509_crl_get_extension_info b/doc/functions/gnutls_x509_crl_get_extension_info new file mode 100644 index 0000000..adfbf60 --- /dev/null +++ b/doc/functions/gnutls_x509_crl_get_extension_info @@ -0,0 +1,32 @@ + + + + +@deftypefun {int} {gnutls_x509_crl_get_extension_info} (gnutls_x509_crl_t @var{crl}, unsigned @var{indx}, void * @var{oid}, size_t * @var{sizeof_oid}, unsigned int * @var{critical}) +@var{crl}: should contain a @code{gnutls_x509_crl_t} type + +@var{indx}: Specifies which extension OID to send, use (0) to get the first one. + +@var{oid}: a pointer to store the OID + +@var{sizeof_oid}: initially holds the maximum size of @code{oid} , on return +holds actual size of @code{oid} . + +@var{critical}: output variable with critical flag, may be NULL. + +This function will return the requested extension OID in the CRL, +and the critical flag for it. The extension OID will be stored as +a string in the provided buffer. Use +@code{gnutls_x509_crl_get_extension_data()} to extract the data. + +If the buffer provided is not long enough to hold the output, then +* @code{sizeof_oid} is updated and @code{GNUTLS_E_SHORT_MEMORY_BUFFER} will be +returned. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error code in case of an error. If your have reached the +last extension available @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} +will be returned. + +@strong{Since:} 2.8.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crl_get_extension_info.short b/doc/functions/gnutls_x509_crl_get_extension_info.short new file mode 100644 index 0000000..ded96d3 --- /dev/null +++ b/doc/functions/gnutls_x509_crl_get_extension_info.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crl_get_extension_info} (gnutls_x509_crl_t @var{crl}, unsigned @var{indx}, void * @var{oid}, size_t * @var{sizeof_oid}, unsigned int * @var{critical}) diff --git a/doc/functions/gnutls_x509_crl_get_extension_oid b/doc/functions/gnutls_x509_crl_get_extension_oid new file mode 100644 index 0000000..d895411 --- /dev/null +++ b/doc/functions/gnutls_x509_crl_get_extension_oid @@ -0,0 +1,24 @@ + + + + +@deftypefun {int} {gnutls_x509_crl_get_extension_oid} (gnutls_x509_crl_t @var{crl}, unsigned @var{indx}, void * @var{oid}, size_t * @var{sizeof_oid}) +@var{crl}: should contain a @code{gnutls_x509_crl_t} type + +@var{indx}: Specifies which extension OID to send, use (0) to get the first one. + +@var{oid}: a pointer to store the OID (may be null) + +@var{sizeof_oid}: initially holds the size of @code{oid} + +This function will return the requested extension OID in the CRL. +The extension OID will be stored as a string in the provided +buffer. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error code in case of an error. If your have reached the +last extension available @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} +will be returned. + +@strong{Since:} 2.8.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crl_get_extension_oid.short b/doc/functions/gnutls_x509_crl_get_extension_oid.short new file mode 100644 index 0000000..b2b0d41 --- /dev/null +++ b/doc/functions/gnutls_x509_crl_get_extension_oid.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crl_get_extension_oid} (gnutls_x509_crl_t @var{crl}, unsigned @var{indx}, void * @var{oid}, size_t * @var{sizeof_oid}) diff --git a/doc/functions/gnutls_x509_crl_get_issuer_dn b/doc/functions/gnutls_x509_crl_get_issuer_dn new file mode 100644 index 0000000..0dd85d8 --- /dev/null +++ b/doc/functions/gnutls_x509_crl_get_issuer_dn @@ -0,0 +1,25 @@ + + + + +@deftypefun {int} {gnutls_x509_crl_get_issuer_dn} (gnutls_x509_crl_t @var{crl}, char * @var{buf}, size_t * @var{sizeof_buf}) +@var{crl}: should contain a gnutls_x509_crl_t type + +@var{buf}: a pointer to a structure to hold the peer's name (may be null) + +@var{sizeof_buf}: initially holds the size of @code{buf} + +This function will copy the name of the CRL issuer in the provided +buffer. The name will be in the form "C=xxxx,O=yyyy,CN=zzzz" as +described in RFC4514. The output string will be ASCII or UTF-8 +encoded, depending on the certificate data. + +If buf is @code{NULL} then only the size will be filled. + +This function does not output a fully RFC4514 compliant string, if +that is required see @code{gnutls_x509_crl_get_issuer_dn3()} . + +@strong{Returns:} @code{GNUTLS_E_SHORT_MEMORY_BUFFER} if the provided buffer is +not long enough, and in that case the sizeof_buf will be updated +with the required size, and 0 on success. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crl_get_issuer_dn.short b/doc/functions/gnutls_x509_crl_get_issuer_dn.short new file mode 100644 index 0000000..3f703ef --- /dev/null +++ b/doc/functions/gnutls_x509_crl_get_issuer_dn.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crl_get_issuer_dn} (gnutls_x509_crl_t @var{crl}, char * @var{buf}, size_t * @var{sizeof_buf}) diff --git a/doc/functions/gnutls_x509_crl_get_issuer_dn2 b/doc/functions/gnutls_x509_crl_get_issuer_dn2 new file mode 100644 index 0000000..e9d1d56 --- /dev/null +++ b/doc/functions/gnutls_x509_crl_get_issuer_dn2 @@ -0,0 +1,22 @@ + + + + +@deftypefun {int} {gnutls_x509_crl_get_issuer_dn2} (gnutls_x509_crl_t @var{crl}, gnutls_datum_t * @var{dn}) +@var{crl}: should contain a @code{gnutls_x509_crl_t} type + +@var{dn}: a pointer to a structure to hold the name + +This function will allocate buffer and copy the name of the CRL issuer. +The name will be in the form "C=xxxx,O=yyyy,CN=zzzz" as +described in RFC4514. The output string will be ASCII or UTF-8 +encoded, depending on the certificate data. + +This function does not output a fully RFC4514 compliant string, if +that is required see @code{gnutls_x509_crl_get_issuer_dn3()} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.1.10 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crl_get_issuer_dn2.short b/doc/functions/gnutls_x509_crl_get_issuer_dn2.short new file mode 100644 index 0000000..a2ec908 --- /dev/null +++ b/doc/functions/gnutls_x509_crl_get_issuer_dn2.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crl_get_issuer_dn2} (gnutls_x509_crl_t @var{crl}, gnutls_datum_t * @var{dn}) diff --git a/doc/functions/gnutls_x509_crl_get_issuer_dn3 b/doc/functions/gnutls_x509_crl_get_issuer_dn3 new file mode 100644 index 0000000..2eebaf6 --- /dev/null +++ b/doc/functions/gnutls_x509_crl_get_issuer_dn3 @@ -0,0 +1,25 @@ + + + + +@deftypefun {int} {gnutls_x509_crl_get_issuer_dn3} (gnutls_x509_crl_t @var{crl}, gnutls_datum_t * @var{dn}, unsigned @var{flags}) +@var{crl}: should contain a @code{gnutls_x509_crl_t} type + +@var{dn}: a pointer to a structure to hold the name + +@var{flags}: zero or @code{GNUTLS_X509_DN_FLAG_COMPAT} + +This function will allocate buffer and copy the name of the CRL issuer. +The name will be in the form "C=xxxx,O=yyyy,CN=zzzz" as +described in RFC4514. The output string will be ASCII or UTF-8 +encoded, depending on the certificate data. + +When the flag @code{GNUTLS_X509_DN_FLAG_COMPAT} is specified, the output +format will match the format output by previous to 3.5.6 versions of GnuTLS +which was not not fully RFC4514-compliant. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.5.7 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crl_get_issuer_dn3.short b/doc/functions/gnutls_x509_crl_get_issuer_dn3.short new file mode 100644 index 0000000..4682b08 --- /dev/null +++ b/doc/functions/gnutls_x509_crl_get_issuer_dn3.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crl_get_issuer_dn3} (gnutls_x509_crl_t @var{crl}, gnutls_datum_t * @var{dn}, unsigned @var{flags}) diff --git a/doc/functions/gnutls_x509_crl_get_issuer_dn_by_oid b/doc/functions/gnutls_x509_crl_get_issuer_dn_by_oid new file mode 100644 index 0000000..1375ce6 --- /dev/null +++ b/doc/functions/gnutls_x509_crl_get_issuer_dn_by_oid @@ -0,0 +1,34 @@ + + + + +@deftypefun {int} {gnutls_x509_crl_get_issuer_dn_by_oid} (gnutls_x509_crl_t @var{crl}, const char * @var{oid}, unsigned @var{indx}, unsigned int @var{raw_flag}, void * @var{buf}, size_t * @var{sizeof_buf}) +@var{crl}: should contain a gnutls_x509_crl_t type + +@var{oid}: holds an Object Identified in null terminated string + +@var{indx}: In case multiple same OIDs exist in the RDN, this specifies which to send. Use (0) to get the first one. + +@var{raw_flag}: If non-zero returns the raw DER data of the DN part. + +@var{buf}: a pointer to a structure to hold the peer's name (may be null) + +@var{sizeof_buf}: initially holds the size of @code{buf} + +This function will extract the part of the name of the CRL issuer +specified by the given OID. The output will be encoded as described +in RFC4514. The output string will be ASCII or UTF-8 encoded, +depending on the certificate data. + +Some helper macros with popular OIDs can be found in gnutls/x509.h +If raw flag is (0), this function will only return known OIDs as +text. Other OIDs will be DER encoded, as described in RFC4514 -- in +hex format with a '#' prefix. You can check about known OIDs +using @code{gnutls_x509_dn_oid_known()} . + +If buf is null then only the size will be filled. + +@strong{Returns:} @code{GNUTLS_E_SHORT_MEMORY_BUFFER} if the provided buffer is +not long enough, and in that case the sizeof_buf will be updated +with the required size, and 0 on success. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crl_get_issuer_dn_by_oid.short b/doc/functions/gnutls_x509_crl_get_issuer_dn_by_oid.short new file mode 100644 index 0000000..665157e --- /dev/null +++ b/doc/functions/gnutls_x509_crl_get_issuer_dn_by_oid.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crl_get_issuer_dn_by_oid} (gnutls_x509_crl_t @var{crl}, const char * @var{oid}, unsigned @var{indx}, unsigned int @var{raw_flag}, void * @var{buf}, size_t * @var{sizeof_buf}) diff --git a/doc/functions/gnutls_x509_crl_get_next_update b/doc/functions/gnutls_x509_crl_get_next_update new file mode 100644 index 0000000..322d068 --- /dev/null +++ b/doc/functions/gnutls_x509_crl_get_next_update @@ -0,0 +1,13 @@ + + + + +@deftypefun {time_t} {gnutls_x509_crl_get_next_update} (gnutls_x509_crl_t @var{crl}) +@var{crl}: should contain a @code{gnutls_x509_crl_t} type + +This function will return the time the next CRL will be issued. +This field is optional in a CRL so it might be normal to get an +error instead. + +@strong{Returns:} when the next CRL will be issued, or (time_t)-1 on error. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crl_get_next_update.short b/doc/functions/gnutls_x509_crl_get_next_update.short new file mode 100644 index 0000000..e1ad16c --- /dev/null +++ b/doc/functions/gnutls_x509_crl_get_next_update.short @@ -0,0 +1 @@ +@item @var{time_t} @ref{gnutls_x509_crl_get_next_update} (gnutls_x509_crl_t @var{crl}) diff --git a/doc/functions/gnutls_x509_crl_get_number b/doc/functions/gnutls_x509_crl_get_number new file mode 100644 index 0000000..c800afb --- /dev/null +++ b/doc/functions/gnutls_x509_crl_get_number @@ -0,0 +1,22 @@ + + + + +@deftypefun {int} {gnutls_x509_crl_get_number} (gnutls_x509_crl_t @var{crl}, void * @var{ret}, size_t * @var{ret_size}, unsigned int * @var{critical}) +@var{crl}: should contain a @code{gnutls_x509_crl_t} type + +@var{ret}: The place where the number will be copied + +@var{ret_size}: Holds the size of the result field. + +@var{critical}: will be non-zero if the extension is marked as critical +(may be null) + +This function will return the CRL number extension. This is +obtained by the CRL Number extension field (2.5.29.20). + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error code in case of an error. + +@strong{Since:} 2.8.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crl_get_number.short b/doc/functions/gnutls_x509_crl_get_number.short new file mode 100644 index 0000000..11e6c48 --- /dev/null +++ b/doc/functions/gnutls_x509_crl_get_number.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crl_get_number} (gnutls_x509_crl_t @var{crl}, void * @var{ret}, size_t * @var{ret_size}, unsigned int * @var{critical}) diff --git a/doc/functions/gnutls_x509_crl_get_raw_issuer_dn b/doc/functions/gnutls_x509_crl_get_raw_issuer_dn new file mode 100644 index 0000000..b23c881 --- /dev/null +++ b/doc/functions/gnutls_x509_crl_get_raw_issuer_dn @@ -0,0 +1,16 @@ + + + + +@deftypefun {int} {gnutls_x509_crl_get_raw_issuer_dn} (gnutls_x509_crl_t @var{crl}, gnutls_datum_t * @var{dn}) +@var{crl}: should contain a gnutls_x509_crl_t type + +@var{dn}: will hold the starting point of the DN + +This function will return a pointer to the DER encoded DN structure +and the length. + +@strong{Returns:} a negative error code on error, and (0) on success. + +@strong{Since:} 2.12.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crl_get_raw_issuer_dn.short b/doc/functions/gnutls_x509_crl_get_raw_issuer_dn.short new file mode 100644 index 0000000..a30c584 --- /dev/null +++ b/doc/functions/gnutls_x509_crl_get_raw_issuer_dn.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crl_get_raw_issuer_dn} (gnutls_x509_crl_t @var{crl}, gnutls_datum_t * @var{dn}) diff --git a/doc/functions/gnutls_x509_crl_get_signature b/doc/functions/gnutls_x509_crl_get_signature new file mode 100644 index 0000000..b788132 --- /dev/null +++ b/doc/functions/gnutls_x509_crl_get_signature @@ -0,0 +1,16 @@ + + + + +@deftypefun {int} {gnutls_x509_crl_get_signature} (gnutls_x509_crl_t @var{crl}, char * @var{sig}, size_t * @var{sizeof_sig}) +@var{crl}: should contain a gnutls_x509_crl_t type + +@var{sig}: a pointer where the signature part will be copied (may be null). + +@var{sizeof_sig}: initially holds the size of @code{sig} + +This function will extract the signature field of a CRL. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crl_get_signature.short b/doc/functions/gnutls_x509_crl_get_signature.short new file mode 100644 index 0000000..3f50c2d --- /dev/null +++ b/doc/functions/gnutls_x509_crl_get_signature.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crl_get_signature} (gnutls_x509_crl_t @var{crl}, char * @var{sig}, size_t * @var{sizeof_sig}) diff --git a/doc/functions/gnutls_x509_crl_get_signature_algorithm b/doc/functions/gnutls_x509_crl_get_signature_algorithm new file mode 100644 index 0000000..3a80d88 --- /dev/null +++ b/doc/functions/gnutls_x509_crl_get_signature_algorithm @@ -0,0 +1,16 @@ + + + + +@deftypefun {int} {gnutls_x509_crl_get_signature_algorithm} (gnutls_x509_crl_t @var{crl}) +@var{crl}: should contain a @code{gnutls_x509_crl_t} type + +This function will return a value of the @code{gnutls_sign_algorithm_t} +enumeration that is the signature algorithm. + +Since 3.6.0 this function never returns a negative error code. +Error cases and unknown/unsupported signature algorithms are +mapped to @code{GNUTLS_SIGN_UNKNOWN} . + +@strong{Returns:} a @code{gnutls_sign_algorithm_t} value +@end deftypefun diff --git a/doc/functions/gnutls_x509_crl_get_signature_algorithm.short b/doc/functions/gnutls_x509_crl_get_signature_algorithm.short new file mode 100644 index 0000000..a1344bb --- /dev/null +++ b/doc/functions/gnutls_x509_crl_get_signature_algorithm.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crl_get_signature_algorithm} (gnutls_x509_crl_t @var{crl}) diff --git a/doc/functions/gnutls_x509_crl_get_signature_oid b/doc/functions/gnutls_x509_crl_get_signature_oid new file mode 100644 index 0000000..a7fc293 --- /dev/null +++ b/doc/functions/gnutls_x509_crl_get_signature_oid @@ -0,0 +1,20 @@ + + + + +@deftypefun {int} {gnutls_x509_crl_get_signature_oid} (gnutls_x509_crl_t @var{crl}, char * @var{oid}, size_t * @var{oid_size}) +@var{crl}: should contain a @code{gnutls_x509_crl_t} type + +@var{oid}: a pointer to a buffer to hold the OID (may be null) + +@var{oid_size}: initially holds the size of @code{oid} + +This function will return the OID of the signature algorithm +that has been used to sign this CRL. This is function +is useful in the case @code{gnutls_x509_crl_get_signature_algorithm()} +returned @code{GNUTLS_SIGN_UNKNOWN} . + +@strong{Returns:} zero or a negative error code on error. + +@strong{Since:} 3.5.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crl_get_signature_oid.short b/doc/functions/gnutls_x509_crl_get_signature_oid.short new file mode 100644 index 0000000..cf7b873 --- /dev/null +++ b/doc/functions/gnutls_x509_crl_get_signature_oid.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crl_get_signature_oid} (gnutls_x509_crl_t @var{crl}, char * @var{oid}, size_t * @var{oid_size}) diff --git a/doc/functions/gnutls_x509_crl_get_this_update b/doc/functions/gnutls_x509_crl_get_this_update new file mode 100644 index 0000000..4cbca40 --- /dev/null +++ b/doc/functions/gnutls_x509_crl_get_this_update @@ -0,0 +1,11 @@ + + + + +@deftypefun {time_t} {gnutls_x509_crl_get_this_update} (gnutls_x509_crl_t @var{crl}) +@var{crl}: should contain a @code{gnutls_x509_crl_t} type + +This function will return the time this CRL was issued. + +@strong{Returns:} when the CRL was issued, or (time_t)-1 on error. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crl_get_this_update.short b/doc/functions/gnutls_x509_crl_get_this_update.short new file mode 100644 index 0000000..748db4e --- /dev/null +++ b/doc/functions/gnutls_x509_crl_get_this_update.short @@ -0,0 +1 @@ +@item @var{time_t} @ref{gnutls_x509_crl_get_this_update} (gnutls_x509_crl_t @var{crl}) diff --git a/doc/functions/gnutls_x509_crl_get_version b/doc/functions/gnutls_x509_crl_get_version new file mode 100644 index 0000000..5f1931b --- /dev/null +++ b/doc/functions/gnutls_x509_crl_get_version @@ -0,0 +1,11 @@ + + + + +@deftypefun {int} {gnutls_x509_crl_get_version} (gnutls_x509_crl_t @var{crl}) +@var{crl}: should contain a @code{gnutls_x509_crl_t} type + +This function will return the version of the specified CRL. + +@strong{Returns:} The version number, or a negative error code on error. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crl_get_version.short b/doc/functions/gnutls_x509_crl_get_version.short new file mode 100644 index 0000000..57d25de --- /dev/null +++ b/doc/functions/gnutls_x509_crl_get_version.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crl_get_version} (gnutls_x509_crl_t @var{crl}) diff --git a/doc/functions/gnutls_x509_crl_import b/doc/functions/gnutls_x509_crl_import new file mode 100644 index 0000000..df0059d --- /dev/null +++ b/doc/functions/gnutls_x509_crl_import @@ -0,0 +1,19 @@ + + + + +@deftypefun {int} {gnutls_x509_crl_import} (gnutls_x509_crl_t @var{crl}, const gnutls_datum_t * @var{data}, gnutls_x509_crt_fmt_t @var{format}) +@var{crl}: The data to store the parsed CRL. + +@var{data}: The DER or PEM encoded CRL. + +@var{format}: One of DER or PEM + +This function will convert the given DER or PEM encoded CRL +to the native @code{gnutls_x509_crl_t} format. The output will be stored in 'crl'. + +If the CRL is PEM encoded it should have a header of "X509 CRL". + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crl_import.short b/doc/functions/gnutls_x509_crl_import.short new file mode 100644 index 0000000..514773f --- /dev/null +++ b/doc/functions/gnutls_x509_crl_import.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crl_import} (gnutls_x509_crl_t @var{crl}, const gnutls_datum_t * @var{data}, gnutls_x509_crt_fmt_t @var{format}) diff --git a/doc/functions/gnutls_x509_crl_init b/doc/functions/gnutls_x509_crl_init new file mode 100644 index 0000000..0e7d119 --- /dev/null +++ b/doc/functions/gnutls_x509_crl_init @@ -0,0 +1,16 @@ + + + + +@deftypefun {int} {gnutls_x509_crl_init} (gnutls_x509_crl_t * @var{crl}) +@var{crl}: A pointer to the type to be initialized + +This function will initialize a CRL structure. CRL stands for +Certificate Revocation List. A revocation list usually contains +lists of certificate serial numbers that have been revoked by an +Authority. The revocation lists are always signed with the +authority's private key. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crl_init.short b/doc/functions/gnutls_x509_crl_init.short new file mode 100644 index 0000000..20104ce --- /dev/null +++ b/doc/functions/gnutls_x509_crl_init.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crl_init} (gnutls_x509_crl_t * @var{crl}) diff --git a/doc/functions/gnutls_x509_crl_iter_crt_serial b/doc/functions/gnutls_x509_crl_iter_crt_serial new file mode 100644 index 0000000..e277e60 --- /dev/null +++ b/doc/functions/gnutls_x509_crl_iter_crt_serial @@ -0,0 +1,28 @@ + + + + +@deftypefun {int} {gnutls_x509_crl_iter_crt_serial} (gnutls_x509_crl_t @var{crl}, gnutls_x509_crl_iter_t * @var{iter}, unsigned char * @var{serial}, size_t * @var{serial_size}, time_t * @var{t}) +@var{crl}: should contain a @code{gnutls_x509_crl_t} type + +@var{iter}: A pointer to an iterator (initially the iterator should be @code{NULL} ) + +@var{serial}: where the serial number will be copied + +@var{serial_size}: initially holds the size of serial + +@var{t}: if non null, will hold the time this certificate was revoked + +This function performs the same as @code{gnutls_x509_crl_get_crt_serial()} , +but reads sequentially and keeps state in the iterator +between calls. That allows it to provide better performance in sequences +with many elements (50000+). + +When past the last element is accessed @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} +is returned and the iterator is reset. + +After use, the iterator must be deinitialized using @code{gnutls_x509_crl_iter_deinit()} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crl_iter_crt_serial.short b/doc/functions/gnutls_x509_crl_iter_crt_serial.short new file mode 100644 index 0000000..8579bc4 --- /dev/null +++ b/doc/functions/gnutls_x509_crl_iter_crt_serial.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crl_iter_crt_serial} (gnutls_x509_crl_t @var{crl}, gnutls_x509_crl_iter_t * @var{iter}, unsigned char * @var{serial}, size_t * @var{serial_size}, time_t * @var{t}) diff --git a/doc/functions/gnutls_x509_crl_iter_deinit b/doc/functions/gnutls_x509_crl_iter_deinit new file mode 100644 index 0000000..b33581a --- /dev/null +++ b/doc/functions/gnutls_x509_crl_iter_deinit @@ -0,0 +1,9 @@ + + + + +@deftypefun {void} {gnutls_x509_crl_iter_deinit} (gnutls_x509_crl_iter_t @var{iter}) +@var{iter}: The iterator to be deinitialized + +This function will deinitialize an iterator type. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crl_iter_deinit.short b/doc/functions/gnutls_x509_crl_iter_deinit.short new file mode 100644 index 0000000..a64b5dd --- /dev/null +++ b/doc/functions/gnutls_x509_crl_iter_deinit.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_x509_crl_iter_deinit} (gnutls_x509_crl_iter_t @var{iter}) diff --git a/doc/functions/gnutls_x509_crl_list_import b/doc/functions/gnutls_x509_crl_list_import new file mode 100644 index 0000000..afd5c5e --- /dev/null +++ b/doc/functions/gnutls_x509_crl_list_import @@ -0,0 +1,25 @@ + + + + +@deftypefun {int} {gnutls_x509_crl_list_import} (gnutls_x509_crl_t * @var{crls}, unsigned int * @var{crl_max}, const gnutls_datum_t * @var{data}, gnutls_x509_crt_fmt_t @var{format}, unsigned int @var{flags}) +@var{crls}: Indicates where the parsed CRLs will be copied to. Must not be initialized. + +@var{crl_max}: Initially must hold the maximum number of crls. It will be updated with the number of crls available. + +@var{data}: The PEM encoded CRLs + +@var{format}: One of DER or PEM. + +@var{flags}: must be (0) or an OR'd sequence of gnutls_certificate_import_flags. + +This function will convert the given PEM encoded CRL list +to the native gnutls_x509_crl_t format. The output will be stored +in @code{crls} . They will be automatically initialized. + +If the Certificate is PEM encoded it should have a header of "X509 CRL". + +@strong{Returns:} the number of certificates read or a negative error value. + +@strong{Since:} 3.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crl_list_import.short b/doc/functions/gnutls_x509_crl_list_import.short new file mode 100644 index 0000000..6c782c7 --- /dev/null +++ b/doc/functions/gnutls_x509_crl_list_import.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crl_list_import} (gnutls_x509_crl_t * @var{crls}, unsigned int * @var{crl_max}, const gnutls_datum_t * @var{data}, gnutls_x509_crt_fmt_t @var{format}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_x509_crl_list_import2 b/doc/functions/gnutls_x509_crl_list_import2 new file mode 100644 index 0000000..09c1ff9 --- /dev/null +++ b/doc/functions/gnutls_x509_crl_list_import2 @@ -0,0 +1,26 @@ + + + + +@deftypefun {int} {gnutls_x509_crl_list_import2} (gnutls_x509_crl_t ** @var{crls}, unsigned int * @var{size}, const gnutls_datum_t * @var{data}, gnutls_x509_crt_fmt_t @var{format}, unsigned int @var{flags}) +@var{crls}: Will contain the parsed crl list. + +@var{size}: It will contain the size of the list. + +@var{data}: The PEM encoded CRL. + +@var{format}: One of DER or PEM. + +@var{flags}: must be (0) or an OR'd sequence of gnutls_certificate_import_flags. + +This function will convert the given PEM encoded CRL list +to the native gnutls_x509_crl_t format. The output will be stored +in @code{crls} . They will be automatically initialized. + +If the Certificate is PEM encoded it should have a header of "X509 +CRL". + +@strong{Returns:} the number of certificates read or a negative error value. + +@strong{Since:} 3.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crl_list_import2.short b/doc/functions/gnutls_x509_crl_list_import2.short new file mode 100644 index 0000000..7a663ee --- /dev/null +++ b/doc/functions/gnutls_x509_crl_list_import2.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crl_list_import2} (gnutls_x509_crl_t ** @var{crls}, unsigned int * @var{size}, const gnutls_datum_t * @var{data}, gnutls_x509_crt_fmt_t @var{format}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_x509_crl_print b/doc/functions/gnutls_x509_crl_print new file mode 100644 index 0000000..4a9bd7c --- /dev/null +++ b/doc/functions/gnutls_x509_crl_print @@ -0,0 +1,19 @@ + + + + +@deftypefun {int} {gnutls_x509_crl_print} (gnutls_x509_crl_t @var{crl}, gnutls_certificate_print_formats_t @var{format}, gnutls_datum_t * @var{out}) +@var{crl}: The data to be printed + +@var{format}: Indicate the format to use + +@var{out}: Newly allocated datum with null terminated string. + +This function will pretty print a X.509 certificate revocation +list, suitable for display to a human. + +The output @code{out} needs to be deallocated using @code{gnutls_free()} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crl_print.short b/doc/functions/gnutls_x509_crl_print.short new file mode 100644 index 0000000..ccea1d4 --- /dev/null +++ b/doc/functions/gnutls_x509_crl_print.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crl_print} (gnutls_x509_crl_t @var{crl}, gnutls_certificate_print_formats_t @var{format}, gnutls_datum_t * @var{out}) diff --git a/doc/functions/gnutls_x509_crl_privkey_sign b/doc/functions/gnutls_x509_crl_privkey_sign new file mode 100644 index 0000000..948357d --- /dev/null +++ b/doc/functions/gnutls_x509_crl_privkey_sign @@ -0,0 +1,33 @@ + + + + +@deftypefun {int} {gnutls_x509_crl_privkey_sign} (gnutls_x509_crl_t @var{crl}, gnutls_x509_crt_t @var{issuer}, gnutls_privkey_t @var{issuer_key}, gnutls_digest_algorithm_t @var{dig}, unsigned int @var{flags}) +@var{crl}: should contain a gnutls_x509_crl_t type + +@var{issuer}: is the certificate of the certificate issuer + +@var{issuer_key}: holds the issuer's private key + +@var{dig}: The message digest to use. GNUTLS_DIG_SHA256 is the safe choice unless you know what you're doing. + +@var{flags}: must be 0 + +This function will sign the CRL with the issuer's private key, and +will copy the issuer's information into the CRL. + +This must be the last step in a certificate CRL since all +the previously set parameters are now signed. + +A known limitation of this function is, that a newly-signed CRL will not +be fully functional (e.g., for signature verification), until it +is exported an re-imported. + +After GnuTLS 3.6.1 the value of @code{dig} may be @code{GNUTLS_DIG_UNKNOWN} , +and in that case, a suitable but reasonable for the key algorithm will be selected. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +Since 2.12.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crl_privkey_sign.short b/doc/functions/gnutls_x509_crl_privkey_sign.short new file mode 100644 index 0000000..81de914 --- /dev/null +++ b/doc/functions/gnutls_x509_crl_privkey_sign.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crl_privkey_sign} (gnutls_x509_crl_t @var{crl}, gnutls_x509_crt_t @var{issuer}, gnutls_privkey_t @var{issuer_key}, gnutls_digest_algorithm_t @var{dig}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_x509_crl_set_authority_key_id b/doc/functions/gnutls_x509_crl_set_authority_key_id new file mode 100644 index 0000000..3373564 --- /dev/null +++ b/doc/functions/gnutls_x509_crl_set_authority_key_id @@ -0,0 +1,21 @@ + + + + +@deftypefun {int} {gnutls_x509_crl_set_authority_key_id} (gnutls_x509_crl_t @var{crl}, const void * @var{id}, size_t @var{id_size}) +@var{crl}: a CRL of type @code{gnutls_x509_crl_t} + +@var{id}: The key ID + +@var{id_size}: Holds the size of the serial field. + +This function will set the CRL's authority key ID extension. Only +the keyIdentifier field can be set with this function. This may +be used by an authority that holds multiple private keys, to distinguish +the used key. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 2.8.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crl_set_authority_key_id.short b/doc/functions/gnutls_x509_crl_set_authority_key_id.short new file mode 100644 index 0000000..c02821f --- /dev/null +++ b/doc/functions/gnutls_x509_crl_set_authority_key_id.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crl_set_authority_key_id} (gnutls_x509_crl_t @var{crl}, const void * @var{id}, size_t @var{id_size}) diff --git a/doc/functions/gnutls_x509_crl_set_crt b/doc/functions/gnutls_x509_crl_set_crt new file mode 100644 index 0000000..46b50d0 --- /dev/null +++ b/doc/functions/gnutls_x509_crl_set_crt @@ -0,0 +1,16 @@ + + + + +@deftypefun {int} {gnutls_x509_crl_set_crt} (gnutls_x509_crl_t @var{crl}, gnutls_x509_crt_t @var{crt}, time_t @var{revocation_time}) +@var{crl}: should contain a gnutls_x509_crl_t type + +@var{crt}: a certificate of type @code{gnutls_x509_crt_t} with the revoked certificate + +@var{revocation_time}: The time this certificate was revoked + +This function will set a revoked certificate's serial number to the CRL. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crl_set_crt.short b/doc/functions/gnutls_x509_crl_set_crt.short new file mode 100644 index 0000000..c47f124 --- /dev/null +++ b/doc/functions/gnutls_x509_crl_set_crt.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crl_set_crt} (gnutls_x509_crl_t @var{crl}, gnutls_x509_crt_t @var{crt}, time_t @var{revocation_time}) diff --git a/doc/functions/gnutls_x509_crl_set_crt_serial b/doc/functions/gnutls_x509_crl_set_crt_serial new file mode 100644 index 0000000..5b5ffb1 --- /dev/null +++ b/doc/functions/gnutls_x509_crl_set_crt_serial @@ -0,0 +1,18 @@ + + + + +@deftypefun {int} {gnutls_x509_crl_set_crt_serial} (gnutls_x509_crl_t @var{crl}, const void * @var{serial}, size_t @var{serial_size}, time_t @var{revocation_time}) +@var{crl}: should contain a gnutls_x509_crl_t type + +@var{serial}: The revoked certificate's serial number + +@var{serial_size}: Holds the size of the serial field. + +@var{revocation_time}: The time this certificate was revoked + +This function will set a revoked certificate's serial number to the CRL. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crl_set_crt_serial.short b/doc/functions/gnutls_x509_crl_set_crt_serial.short new file mode 100644 index 0000000..a136fb7 --- /dev/null +++ b/doc/functions/gnutls_x509_crl_set_crt_serial.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crl_set_crt_serial} (gnutls_x509_crl_t @var{crl}, const void * @var{serial}, size_t @var{serial_size}, time_t @var{revocation_time}) diff --git a/doc/functions/gnutls_x509_crl_set_next_update b/doc/functions/gnutls_x509_crl_set_next_update new file mode 100644 index 0000000..578beed --- /dev/null +++ b/doc/functions/gnutls_x509_crl_set_next_update @@ -0,0 +1,19 @@ + + + + +@deftypefun {int} {gnutls_x509_crl_set_next_update} (gnutls_x509_crl_t @var{crl}, time_t @var{exp_time}) +@var{crl}: should contain a gnutls_x509_crl_t type + +@var{exp_time}: The actual time + +This function will set the time this CRL will be updated. +This is an optional value to be set on a CRL and this call +can be omitted when generating a CRL. + +Prior to GnuTLS 3.5.7, setting a nextUpdate field was required +in order to generate a CRL. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crl_set_next_update.short b/doc/functions/gnutls_x509_crl_set_next_update.short new file mode 100644 index 0000000..3bd87cb --- /dev/null +++ b/doc/functions/gnutls_x509_crl_set_next_update.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crl_set_next_update} (gnutls_x509_crl_t @var{crl}, time_t @var{exp_time}) diff --git a/doc/functions/gnutls_x509_crl_set_number b/doc/functions/gnutls_x509_crl_set_number new file mode 100644 index 0000000..ff15f4e --- /dev/null +++ b/doc/functions/gnutls_x509_crl_set_number @@ -0,0 +1,20 @@ + + + + +@deftypefun {int} {gnutls_x509_crl_set_number} (gnutls_x509_crl_t @var{crl}, const void * @var{nr}, size_t @var{nr_size}) +@var{crl}: a CRL of type @code{gnutls_x509_crl_t} + +@var{nr}: The CRL number + +@var{nr_size}: Holds the size of the nr field. + +This function will set the CRL's number extension. This +is to be used as a unique and monotonic number assigned to +the CRL by the authority. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 2.8.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crl_set_number.short b/doc/functions/gnutls_x509_crl_set_number.short new file mode 100644 index 0000000..f33a63a --- /dev/null +++ b/doc/functions/gnutls_x509_crl_set_number.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crl_set_number} (gnutls_x509_crl_t @var{crl}, const void * @var{nr}, size_t @var{nr_size}) diff --git a/doc/functions/gnutls_x509_crl_set_this_update b/doc/functions/gnutls_x509_crl_set_this_update new file mode 100644 index 0000000..e9dceef --- /dev/null +++ b/doc/functions/gnutls_x509_crl_set_this_update @@ -0,0 +1,14 @@ + + + + +@deftypefun {int} {gnutls_x509_crl_set_this_update} (gnutls_x509_crl_t @var{crl}, time_t @var{act_time}) +@var{crl}: should contain a gnutls_x509_crl_t type + +@var{act_time}: The actual time + +This function will set the time this CRL was issued. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crl_set_this_update.short b/doc/functions/gnutls_x509_crl_set_this_update.short new file mode 100644 index 0000000..eeea603 --- /dev/null +++ b/doc/functions/gnutls_x509_crl_set_this_update.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crl_set_this_update} (gnutls_x509_crl_t @var{crl}, time_t @var{act_time}) diff --git a/doc/functions/gnutls_x509_crl_set_version b/doc/functions/gnutls_x509_crl_set_version new file mode 100644 index 0000000..2b8ac45 --- /dev/null +++ b/doc/functions/gnutls_x509_crl_set_version @@ -0,0 +1,16 @@ + + + + +@deftypefun {int} {gnutls_x509_crl_set_version} (gnutls_x509_crl_t @var{crl}, unsigned int @var{version}) +@var{crl}: should contain a gnutls_x509_crl_t type + +@var{version}: holds the version number. For CRLv1 crls must be 1. + +This function will set the version of the CRL. This +must be one for CRL version 1, and so on. The CRLs generated +by gnutls should have a version number of 2. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crl_set_version.short b/doc/functions/gnutls_x509_crl_set_version.short new file mode 100644 index 0000000..dc7deac --- /dev/null +++ b/doc/functions/gnutls_x509_crl_set_version.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crl_set_version} (gnutls_x509_crl_t @var{crl}, unsigned int @var{version}) diff --git a/doc/functions/gnutls_x509_crl_sign b/doc/functions/gnutls_x509_crl_sign new file mode 100644 index 0000000..080fc7a --- /dev/null +++ b/doc/functions/gnutls_x509_crl_sign @@ -0,0 +1,19 @@ + + + + +@deftypefun {int} {gnutls_x509_crl_sign} (gnutls_x509_crl_t @var{crl}, gnutls_x509_crt_t @var{issuer}, gnutls_x509_privkey_t @var{issuer_key}) +@var{crl}: should contain a gnutls_x509_crl_t type + +@var{issuer}: is the certificate of the certificate issuer + +@var{issuer_key}: holds the issuer's private key + +This function is the same a @code{gnutls_x509_crl_sign2()} with no flags, +and an appropriate hash algorithm. The hash algorithm used may +vary between versions of GnuTLS, and it is tied to the security +level of the issuer's public key. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crl_sign.short b/doc/functions/gnutls_x509_crl_sign.short new file mode 100644 index 0000000..27a7c1b --- /dev/null +++ b/doc/functions/gnutls_x509_crl_sign.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crl_sign} (gnutls_x509_crl_t @var{crl}, gnutls_x509_crt_t @var{issuer}, gnutls_x509_privkey_t @var{issuer_key}) diff --git a/doc/functions/gnutls_x509_crl_sign2 b/doc/functions/gnutls_x509_crl_sign2 new file mode 100644 index 0000000..91257e1 --- /dev/null +++ b/doc/functions/gnutls_x509_crl_sign2 @@ -0,0 +1,31 @@ + + + + +@deftypefun {int} {gnutls_x509_crl_sign2} (gnutls_x509_crl_t @var{crl}, gnutls_x509_crt_t @var{issuer}, gnutls_x509_privkey_t @var{issuer_key}, gnutls_digest_algorithm_t @var{dig}, unsigned int @var{flags}) +@var{crl}: should contain a gnutls_x509_crl_t type + +@var{issuer}: is the certificate of the certificate issuer + +@var{issuer_key}: holds the issuer's private key + +@var{dig}: The message digest to use. GNUTLS_DIG_SHA256 is the safe choice unless you know what you're doing. + +@var{flags}: must be 0 + +This function will sign the CRL with the issuer's private key, and +will copy the issuer's information into the CRL. + +This must be the last step in a certificate CRL since all +the previously set parameters are now signed. + +A known limitation of this function is, that a newly-signed CRL will not +be fully functional (e.g., for signature verification), until it +is exported an re-imported. + +After GnuTLS 3.6.1 the value of @code{dig} may be @code{GNUTLS_DIG_UNKNOWN} , +and in that case, a suitable but reasonable for the key algorithm will be selected. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crl_sign2.short b/doc/functions/gnutls_x509_crl_sign2.short new file mode 100644 index 0000000..90e5442 --- /dev/null +++ b/doc/functions/gnutls_x509_crl_sign2.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crl_sign2} (gnutls_x509_crl_t @var{crl}, gnutls_x509_crt_t @var{issuer}, gnutls_x509_privkey_t @var{issuer_key}, gnutls_digest_algorithm_t @var{dig}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_x509_crl_verify b/doc/functions/gnutls_x509_crl_verify new file mode 100644 index 0000000..9eed1f7 --- /dev/null +++ b/doc/functions/gnutls_x509_crl_verify @@ -0,0 +1,30 @@ + + + + +@deftypefun {int} {gnutls_x509_crl_verify} (gnutls_x509_crl_t @var{crl}, const gnutls_x509_crt_t * @var{trusted_cas}, unsigned @var{tcas_size}, unsigned int @var{flags}, unsigned int * @var{verify}) +@var{crl}: is the crl to be verified + +@var{trusted_cas}: is a certificate list that is considered to be trusted one + +@var{tcas_size}: holds the number of CA certificates in CA_list + +@var{flags}: Flags that may be used to change the verification algorithm. Use OR of the gnutls_certificate_verify_flags enumerations. + +@var{verify}: will hold the crl verification output. + +This function will try to verify the given crl and return its verification status. +See @code{gnutls_x509_crt_list_verify()} for a detailed description of +return values. Note that since GnuTLS 3.1.4 this function includes +the time checks. + +Note that value in @code{verify} is set only when the return value of this +function is success (i.e, failure to trust a CRL a certificate does not imply +a negative return value). + +Before GnuTLS 3.5.7 this function would return zero or a positive +number on success. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0), otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crl_verify.short b/doc/functions/gnutls_x509_crl_verify.short new file mode 100644 index 0000000..8ba1174 --- /dev/null +++ b/doc/functions/gnutls_x509_crl_verify.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crl_verify} (gnutls_x509_crl_t @var{crl}, const gnutls_x509_crt_t * @var{trusted_cas}, unsigned @var{tcas_size}, unsigned int @var{flags}, unsigned int * @var{verify}) diff --git a/doc/functions/gnutls_x509_crq_deinit b/doc/functions/gnutls_x509_crq_deinit new file mode 100644 index 0000000..1635307 --- /dev/null +++ b/doc/functions/gnutls_x509_crq_deinit @@ -0,0 +1,10 @@ + + + + +@deftypefun {void} {gnutls_x509_crq_deinit} (gnutls_x509_crq_t @var{crq}) +@var{crq}: the type to be deinitialized + +This function will deinitialize a PKCS@code{10} certificate request +structure. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crq_deinit.short b/doc/functions/gnutls_x509_crq_deinit.short new file mode 100644 index 0000000..0b866f4 --- /dev/null +++ b/doc/functions/gnutls_x509_crq_deinit.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_x509_crq_deinit} (gnutls_x509_crq_t @var{crq}) diff --git a/doc/functions/gnutls_x509_crq_export b/doc/functions/gnutls_x509_crq_export new file mode 100644 index 0000000..1fbc902 --- /dev/null +++ b/doc/functions/gnutls_x509_crq_export @@ -0,0 +1,27 @@ + + + + +@deftypefun {int} {gnutls_x509_crq_export} (gnutls_x509_crq_t @var{crq}, gnutls_x509_crt_fmt_t @var{format}, void * @var{output_data}, size_t * @var{output_data_size}) +@var{crq}: should contain a @code{gnutls_x509_crq_t} type + +@var{format}: the format of output params. One of PEM or DER. + +@var{output_data}: will contain a certificate request PEM or DER encoded + +@var{output_data_size}: holds the size of output_data (and will be +replaced by the actual size of parameters) + +This function will export the certificate request to a PEM or DER +encoded PKCS10 structure. + +If the buffer provided is not long enough to hold the output, then +@code{GNUTLS_E_SHORT_MEMORY_BUFFER} will be returned and +* @code{output_data_size} will be updated. + +If the structure is PEM encoded, it will have a header of "BEGIN +NEW CERTIFICATE REQUEST". + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crq_export.short b/doc/functions/gnutls_x509_crq_export.short new file mode 100644 index 0000000..8814504 --- /dev/null +++ b/doc/functions/gnutls_x509_crq_export.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crq_export} (gnutls_x509_crq_t @var{crq}, gnutls_x509_crt_fmt_t @var{format}, void * @var{output_data}, size_t * @var{output_data_size}) diff --git a/doc/functions/gnutls_x509_crq_export2 b/doc/functions/gnutls_x509_crq_export2 new file mode 100644 index 0000000..66d1248 --- /dev/null +++ b/doc/functions/gnutls_x509_crq_export2 @@ -0,0 +1,24 @@ + + + + +@deftypefun {int} {gnutls_x509_crq_export2} (gnutls_x509_crq_t @var{crq}, gnutls_x509_crt_fmt_t @var{format}, gnutls_datum_t * @var{out}) +@var{crq}: should contain a @code{gnutls_x509_crq_t} type + +@var{format}: the format of output params. One of PEM or DER. + +@var{out}: will contain a certificate request PEM or DER encoded + +This function will export the certificate request to a PEM or DER +encoded PKCS10 structure. + +The output buffer is allocated using @code{gnutls_malloc()} . + +If the structure is PEM encoded, it will have a header of "BEGIN +NEW CERTIFICATE REQUEST". + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +Since 3.1.3 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crq_export2.short b/doc/functions/gnutls_x509_crq_export2.short new file mode 100644 index 0000000..5ce0246 --- /dev/null +++ b/doc/functions/gnutls_x509_crq_export2.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crq_export2} (gnutls_x509_crq_t @var{crq}, gnutls_x509_crt_fmt_t @var{format}, gnutls_datum_t * @var{out}) diff --git a/doc/functions/gnutls_x509_crq_get_attribute_by_oid b/doc/functions/gnutls_x509_crq_get_attribute_by_oid new file mode 100644 index 0000000..216509b --- /dev/null +++ b/doc/functions/gnutls_x509_crq_get_attribute_by_oid @@ -0,0 +1,26 @@ + + + + +@deftypefun {int} {gnutls_x509_crq_get_attribute_by_oid} (gnutls_x509_crq_t @var{crq}, const char * @var{oid}, unsigned @var{indx}, void * @var{buf}, size_t * @var{buf_size}) +@var{crq}: should contain a @code{gnutls_x509_crq_t} type + +@var{oid}: holds an Object Identifier in null-terminated string + +@var{indx}: In case multiple same OIDs exist in the attribute list, this +specifies which to get, use (0) to get the first one + +@var{buf}: a pointer to a structure to hold the attribute data (may be @code{NULL} ) + +@var{buf_size}: initially holds the size of @code{buf} + +This function will return the attribute in the certificate request +specified by the given Object ID. The attribute will be DER +encoded. + +Attributes in a certificate request is an optional set of data +appended to the request. Their interpretation depends on the CA policy. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crq_get_attribute_by_oid.short b/doc/functions/gnutls_x509_crq_get_attribute_by_oid.short new file mode 100644 index 0000000..582d809 --- /dev/null +++ b/doc/functions/gnutls_x509_crq_get_attribute_by_oid.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crq_get_attribute_by_oid} (gnutls_x509_crq_t @var{crq}, const char * @var{oid}, unsigned @var{indx}, void * @var{buf}, size_t * @var{buf_size}) diff --git a/doc/functions/gnutls_x509_crq_get_attribute_data b/doc/functions/gnutls_x509_crq_get_attribute_data new file mode 100644 index 0000000..072590c --- /dev/null +++ b/doc/functions/gnutls_x509_crq_get_attribute_data @@ -0,0 +1,29 @@ + + + + +@deftypefun {int} {gnutls_x509_crq_get_attribute_data} (gnutls_x509_crq_t @var{crq}, unsigned @var{indx}, void * @var{data}, size_t * @var{sizeof_data}) +@var{crq}: should contain a @code{gnutls_x509_crq_t} type + +@var{indx}: Specifies which attribute number to get. Use (0) to get the first one. + +@var{data}: a pointer to a structure to hold the data (may be null) + +@var{sizeof_data}: initially holds the size of @code{oid} + +This function will return the requested attribute data in the +certificate request. The attribute data will be stored as a string in the +provided buffer. + +Use @code{gnutls_x509_crq_get_attribute_info()} to extract the OID. +Use @code{gnutls_x509_crq_get_attribute_by_oid()} instead, +if you want to get data indexed by the attribute OID rather than +sequence. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error code in case of an error. If your have reached the +last extension available @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} +will be returned. + +@strong{Since:} 2.8.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crq_get_attribute_data.short b/doc/functions/gnutls_x509_crq_get_attribute_data.short new file mode 100644 index 0000000..b30b230 --- /dev/null +++ b/doc/functions/gnutls_x509_crq_get_attribute_data.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crq_get_attribute_data} (gnutls_x509_crq_t @var{crq}, unsigned @var{indx}, void * @var{data}, size_t * @var{sizeof_data}) diff --git a/doc/functions/gnutls_x509_crq_get_attribute_info b/doc/functions/gnutls_x509_crq_get_attribute_info new file mode 100644 index 0000000..e9d6ef1 --- /dev/null +++ b/doc/functions/gnutls_x509_crq_get_attribute_info @@ -0,0 +1,30 @@ + + + + +@deftypefun {int} {gnutls_x509_crq_get_attribute_info} (gnutls_x509_crq_t @var{crq}, unsigned @var{indx}, void * @var{oid}, size_t * @var{sizeof_oid}) +@var{crq}: should contain a @code{gnutls_x509_crq_t} type + +@var{indx}: Specifies which attribute number to get. Use (0) to get the first one. + +@var{oid}: a pointer to a structure to hold the OID + +@var{sizeof_oid}: initially holds the maximum size of @code{oid} , on return +holds actual size of @code{oid} . + +This function will return the requested attribute OID in the +certificate, and the critical flag for it. The attribute OID will +be stored as a string in the provided buffer. Use +@code{gnutls_x509_crq_get_attribute_data()} to extract the data. + +If the buffer provided is not long enough to hold the output, then +* @code{sizeof_oid} is updated and @code{GNUTLS_E_SHORT_MEMORY_BUFFER} will be +returned. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error code in case of an error. If your have reached the +last extension available @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} +will be returned. + +@strong{Since:} 2.8.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crq_get_attribute_info.short b/doc/functions/gnutls_x509_crq_get_attribute_info.short new file mode 100644 index 0000000..2a87bd4 --- /dev/null +++ b/doc/functions/gnutls_x509_crq_get_attribute_info.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crq_get_attribute_info} (gnutls_x509_crq_t @var{crq}, unsigned @var{indx}, void * @var{oid}, size_t * @var{sizeof_oid}) diff --git a/doc/functions/gnutls_x509_crq_get_basic_constraints b/doc/functions/gnutls_x509_crq_get_basic_constraints new file mode 100644 index 0000000..1ed7b37 --- /dev/null +++ b/doc/functions/gnutls_x509_crq_get_basic_constraints @@ -0,0 +1,28 @@ + + + + +@deftypefun {int} {gnutls_x509_crq_get_basic_constraints} (gnutls_x509_crq_t @var{crq}, unsigned int * @var{critical}, unsigned int * @var{ca}, int * @var{pathlen}) +@var{crq}: should contain a @code{gnutls_x509_crq_t} type + +@var{critical}: will be non-zero if the extension is marked as critical + +@var{ca}: pointer to output integer indicating CA status, may be NULL, +value is 1 if the certificate CA flag is set, 0 otherwise. + +@var{pathlen}: pointer to output integer indicating path length (may be +NULL), non-negative error codes indicate a present pathLenConstraint +field and the actual value, -1 indicate that the field is absent. + +This function will read the certificate's basic constraints, and +return the certificates CA status. It reads the basicConstraints +X.509 extension (2.5.29.19). + +@strong{Returns:} If the certificate is a CA a positive value will be +returned, or (0) if the certificate does not have CA flag set. +A negative error code may be returned in case of errors. If the +certificate does not contain the basicConstraints extension +@code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} will be returned. + +@strong{Since:} 2.8.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crq_get_basic_constraints.short b/doc/functions/gnutls_x509_crq_get_basic_constraints.short new file mode 100644 index 0000000..54bd034 --- /dev/null +++ b/doc/functions/gnutls_x509_crq_get_basic_constraints.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crq_get_basic_constraints} (gnutls_x509_crq_t @var{crq}, unsigned int * @var{critical}, unsigned int * @var{ca}, int * @var{pathlen}) diff --git a/doc/functions/gnutls_x509_crq_get_challenge_password b/doc/functions/gnutls_x509_crq_get_challenge_password new file mode 100644 index 0000000..2e01474 --- /dev/null +++ b/doc/functions/gnutls_x509_crq_get_challenge_password @@ -0,0 +1,18 @@ + + + + +@deftypefun {int} {gnutls_x509_crq_get_challenge_password} (gnutls_x509_crq_t @var{crq}, char * @var{pass}, size_t * @var{pass_size}) +@var{crq}: should contain a @code{gnutls_x509_crq_t} type + +@var{pass}: will hold a (0)-terminated password string + +@var{pass_size}: Initially holds the size of @code{pass} . + +This function will return the challenge password in the request. +The challenge password is intended to be used for requesting a +revocation of the certificate. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crq_get_challenge_password.short b/doc/functions/gnutls_x509_crq_get_challenge_password.short new file mode 100644 index 0000000..6c8210c --- /dev/null +++ b/doc/functions/gnutls_x509_crq_get_challenge_password.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crq_get_challenge_password} (gnutls_x509_crq_t @var{crq}, char * @var{pass}, size_t * @var{pass_size}) diff --git a/doc/functions/gnutls_x509_crq_get_dn b/doc/functions/gnutls_x509_crq_get_dn new file mode 100644 index 0000000..00f2073 --- /dev/null +++ b/doc/functions/gnutls_x509_crq_get_dn @@ -0,0 +1,24 @@ + + + + +@deftypefun {int} {gnutls_x509_crq_get_dn} (gnutls_x509_crq_t @var{crq}, char * @var{buf}, size_t * @var{buf_size}) +@var{crq}: should contain a @code{gnutls_x509_crq_t} type + +@var{buf}: a pointer to a structure to hold the name (may be @code{NULL} ) + +@var{buf_size}: initially holds the size of @code{buf} + +This function will copy the name of the Certificate request subject +to the provided buffer. The name will be in the form +"C=xxxx,O=yyyy,CN=zzzz" as described in RFC 2253. The output string + @code{buf} will be ASCII or UTF-8 encoded, depending on the certificate +data. + +This function does not output a fully RFC4514 compliant string, if +that is required see @code{gnutls_x509_crq_get_dn3()} . + +@strong{Returns:} @code{GNUTLS_E_SHORT_MEMORY_BUFFER} if the provided buffer is not +long enough, and in that case the * @code{buf_size} will be updated with +the required size. On success 0 is returned. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crq_get_dn.short b/doc/functions/gnutls_x509_crq_get_dn.short new file mode 100644 index 0000000..47131e1 --- /dev/null +++ b/doc/functions/gnutls_x509_crq_get_dn.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crq_get_dn} (gnutls_x509_crq_t @var{crq}, char * @var{buf}, size_t * @var{buf_size}) diff --git a/doc/functions/gnutls_x509_crq_get_dn2 b/doc/functions/gnutls_x509_crq_get_dn2 new file mode 100644 index 0000000..f4c60d4 --- /dev/null +++ b/doc/functions/gnutls_x509_crq_get_dn2 @@ -0,0 +1,22 @@ + + + + +@deftypefun {int} {gnutls_x509_crq_get_dn2} (gnutls_x509_crq_t @var{crq}, gnutls_datum_t * @var{dn}) +@var{crq}: should contain a @code{gnutls_x509_crq_t} type + +@var{dn}: a pointer to a structure to hold the name + +This function will allocate buffer and copy the name of the Certificate +request. The name will be in the form "C=xxxx,O=yyyy,CN=zzzz" as +described in RFC4514. The output string will be ASCII or UTF-8 +encoded, depending on the certificate data. + +This function does not output a fully RFC4514 compliant string, if +that is required see @code{gnutls_x509_crq_get_dn3()} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. and a negative error code on error. + +@strong{Since:} 3.1.10 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crq_get_dn2.short b/doc/functions/gnutls_x509_crq_get_dn2.short new file mode 100644 index 0000000..ad7ca0c --- /dev/null +++ b/doc/functions/gnutls_x509_crq_get_dn2.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crq_get_dn2} (gnutls_x509_crq_t @var{crq}, gnutls_datum_t * @var{dn}) diff --git a/doc/functions/gnutls_x509_crq_get_dn3 b/doc/functions/gnutls_x509_crq_get_dn3 new file mode 100644 index 0000000..d1bb040 --- /dev/null +++ b/doc/functions/gnutls_x509_crq_get_dn3 @@ -0,0 +1,25 @@ + + + + +@deftypefun {int} {gnutls_x509_crq_get_dn3} (gnutls_x509_crq_t @var{crq}, gnutls_datum_t * @var{dn}, unsigned @var{flags}) +@var{crq}: should contain a @code{gnutls_x509_crq_t} type + +@var{dn}: a pointer to a structure to hold the name + +@var{flags}: zero or @code{GNUTLS_X509_DN_FLAG_COMPAT} + +This function will allocate buffer and copy the name of the Certificate +request. The name will be in the form "C=xxxx,O=yyyy,CN=zzzz" as +described in RFC4514. The output string will be ASCII or UTF-8 +encoded, depending on the certificate data. + +When the flag @code{GNUTLS_X509_DN_FLAG_COMPAT} is specified, the output +format will match the format output by previous to 3.5.6 versions of GnuTLS +which was not not fully RFC4514-compliant. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. and a negative error code on error. + +@strong{Since:} 3.5.7 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crq_get_dn3.short b/doc/functions/gnutls_x509_crq_get_dn3.short new file mode 100644 index 0000000..610e09b --- /dev/null +++ b/doc/functions/gnutls_x509_crq_get_dn3.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crq_get_dn3} (gnutls_x509_crq_t @var{crq}, gnutls_datum_t * @var{dn}, unsigned @var{flags}) diff --git a/doc/functions/gnutls_x509_crq_get_dn_by_oid b/doc/functions/gnutls_x509_crq_get_dn_by_oid new file mode 100644 index 0000000..853f62d --- /dev/null +++ b/doc/functions/gnutls_x509_crq_get_dn_by_oid @@ -0,0 +1,33 @@ + + + + +@deftypefun {int} {gnutls_x509_crq_get_dn_by_oid} (gnutls_x509_crq_t @var{crq}, const char * @var{oid}, unsigned @var{indx}, unsigned int @var{raw_flag}, void * @var{buf}, size_t * @var{buf_size}) +@var{crq}: should contain a gnutls_x509_crq_t type + +@var{oid}: holds an Object Identifier in a null terminated string + +@var{indx}: In case multiple same OIDs exist in the RDN, this specifies +which to get. Use (0) to get the first one. + +@var{raw_flag}: If non-zero returns the raw DER data of the DN part. + +@var{buf}: a pointer to a structure to hold the name (may be @code{NULL} ) + +@var{buf_size}: initially holds the size of @code{buf} + +This function will extract the part of the name of the Certificate +request subject, specified by the given OID. The output will be +encoded as described in RFC2253. The output string will be ASCII +or UTF-8 encoded, depending on the certificate data. + +Some helper macros with popular OIDs can be found in gnutls/x509.h +If raw flag is (0), this function will only return known OIDs as +text. Other OIDs will be DER encoded, as described in RFC2253 -- +in hex format with a '\#' prefix. You can check about known OIDs +using @code{gnutls_x509_dn_oid_known()} . + +@strong{Returns:} @code{GNUTLS_E_SHORT_MEMORY_BUFFER} if the provided buffer is +not long enough, and in that case the * @code{buf_size} will be +updated with the required size. On success 0 is returned. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crq_get_dn_by_oid.short b/doc/functions/gnutls_x509_crq_get_dn_by_oid.short new file mode 100644 index 0000000..1540fe6 --- /dev/null +++ b/doc/functions/gnutls_x509_crq_get_dn_by_oid.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crq_get_dn_by_oid} (gnutls_x509_crq_t @var{crq}, const char * @var{oid}, unsigned @var{indx}, unsigned int @var{raw_flag}, void * @var{buf}, size_t * @var{buf_size}) diff --git a/doc/functions/gnutls_x509_crq_get_dn_oid b/doc/functions/gnutls_x509_crq_get_dn_oid new file mode 100644 index 0000000..8b1944d --- /dev/null +++ b/doc/functions/gnutls_x509_crq_get_dn_oid @@ -0,0 +1,20 @@ + + + + +@deftypefun {int} {gnutls_x509_crq_get_dn_oid} (gnutls_x509_crq_t @var{crq}, unsigned @var{indx}, void * @var{oid}, size_t * @var{sizeof_oid}) +@var{crq}: should contain a gnutls_x509_crq_t type + +@var{indx}: Specifies which DN OID to get. Use (0) to get the first one. + +@var{oid}: a pointer to a structure to hold the name (may be @code{NULL} ) + +@var{sizeof_oid}: initially holds the size of @code{oid} + +This function will extract the requested OID of the name of the +certificate request subject, specified by the given index. + +@strong{Returns:} @code{GNUTLS_E_SHORT_MEMORY_BUFFER} if the provided buffer is +not long enough, and in that case the * @code{sizeof_oid} will be +updated with the required size. On success 0 is returned. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crq_get_dn_oid.short b/doc/functions/gnutls_x509_crq_get_dn_oid.short new file mode 100644 index 0000000..b7711a8 --- /dev/null +++ b/doc/functions/gnutls_x509_crq_get_dn_oid.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crq_get_dn_oid} (gnutls_x509_crq_t @var{crq}, unsigned @var{indx}, void * @var{oid}, size_t * @var{sizeof_oid}) diff --git a/doc/functions/gnutls_x509_crq_get_extension_by_oid b/doc/functions/gnutls_x509_crq_get_extension_by_oid new file mode 100644 index 0000000..cd7aa83 --- /dev/null +++ b/doc/functions/gnutls_x509_crq_get_extension_by_oid @@ -0,0 +1,29 @@ + + + + +@deftypefun {int} {gnutls_x509_crq_get_extension_by_oid} (gnutls_x509_crq_t @var{crq}, const char * @var{oid}, unsigned @var{indx}, void * @var{buf}, size_t * @var{buf_size}, unsigned int * @var{critical}) +@var{crq}: should contain a @code{gnutls_x509_crq_t} type + +@var{oid}: holds an Object Identifier in a null terminated string + +@var{indx}: In case multiple same OIDs exist in the extensions, this +specifies which to get. Use (0) to get the first one. + +@var{buf}: a pointer to a structure to hold the name (may be null) + +@var{buf_size}: initially holds the size of @code{buf} + +@var{critical}: will be non-zero if the extension is marked as critical + +This function will return the extension specified by the OID in +the certificate. The extensions will be returned as binary data +DER encoded, in the provided buffer. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error code in case of an error. If the certificate does not +contain the specified extension +@code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} will be returned. + +@strong{Since:} 2.8.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crq_get_extension_by_oid.short b/doc/functions/gnutls_x509_crq_get_extension_by_oid.short new file mode 100644 index 0000000..3abf928 --- /dev/null +++ b/doc/functions/gnutls_x509_crq_get_extension_by_oid.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crq_get_extension_by_oid} (gnutls_x509_crq_t @var{crq}, const char * @var{oid}, unsigned @var{indx}, void * @var{buf}, size_t * @var{buf_size}, unsigned int * @var{critical}) diff --git a/doc/functions/gnutls_x509_crq_get_extension_by_oid2 b/doc/functions/gnutls_x509_crq_get_extension_by_oid2 new file mode 100644 index 0000000..c99829a --- /dev/null +++ b/doc/functions/gnutls_x509_crq_get_extension_by_oid2 @@ -0,0 +1,27 @@ + + + + +@deftypefun {int} {gnutls_x509_crq_get_extension_by_oid2} (gnutls_x509_crq_t @var{crq}, const char * @var{oid}, unsigned @var{indx}, gnutls_datum_t * @var{output}, unsigned int * @var{critical}) +@var{crq}: should contain a @code{gnutls_x509_crq_t} type + +@var{oid}: holds an Object Identifier in a null terminated string + +@var{indx}: In case multiple same OIDs exist in the extensions, this +specifies which to get. Use (0) to get the first one. + +@var{output}: will hold the allocated extension data + +@var{critical}: will be non-zero if the extension is marked as critical + +This function will return the extension specified by the OID in +the certificate. The extensions will be returned as binary data +DER encoded, in the provided buffer. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error code in case of an error. If the certificate does not +contain the specified extension +@code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} will be returned. + +@strong{Since:} 3.3.8 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crq_get_extension_by_oid2.short b/doc/functions/gnutls_x509_crq_get_extension_by_oid2.short new file mode 100644 index 0000000..07bc7a7 --- /dev/null +++ b/doc/functions/gnutls_x509_crq_get_extension_by_oid2.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crq_get_extension_by_oid2} (gnutls_x509_crq_t @var{crq}, const char * @var{oid}, unsigned @var{indx}, gnutls_datum_t * @var{output}, unsigned int * @var{critical}) diff --git a/doc/functions/gnutls_x509_crq_get_extension_data b/doc/functions/gnutls_x509_crq_get_extension_data new file mode 100644 index 0000000..7d56d24 --- /dev/null +++ b/doc/functions/gnutls_x509_crq_get_extension_data @@ -0,0 +1,29 @@ + + + + +@deftypefun {int} {gnutls_x509_crq_get_extension_data} (gnutls_x509_crq_t @var{crq}, unsigned @var{indx}, void * @var{data}, size_t * @var{sizeof_data}) +@var{crq}: should contain a @code{gnutls_x509_crq_t} type + +@var{indx}: Specifies which extension number to get. Use (0) to get the first one. + +@var{data}: a pointer to a structure to hold the data (may be null) + +@var{sizeof_data}: initially holds the size of @code{oid} + +This function will return the requested extension data in the +certificate. The extension data will be stored as a string in the +provided buffer. + +Use @code{gnutls_x509_crq_get_extension_info()} to extract the OID and +critical flag. Use @code{gnutls_x509_crq_get_extension_by_oid()} instead, +if you want to get data indexed by the extension OID rather than +sequence. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error code in case of an error. If your have reached the +last extension available @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} +will be returned. + +@strong{Since:} 2.8.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crq_get_extension_data.short b/doc/functions/gnutls_x509_crq_get_extension_data.short new file mode 100644 index 0000000..06902c7 --- /dev/null +++ b/doc/functions/gnutls_x509_crq_get_extension_data.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crq_get_extension_data} (gnutls_x509_crq_t @var{crq}, unsigned @var{indx}, void * @var{data}, size_t * @var{sizeof_data}) diff --git a/doc/functions/gnutls_x509_crq_get_extension_data2 b/doc/functions/gnutls_x509_crq_get_extension_data2 new file mode 100644 index 0000000..9a29cdd --- /dev/null +++ b/doc/functions/gnutls_x509_crq_get_extension_data2 @@ -0,0 +1,24 @@ + + + + +@deftypefun {int} {gnutls_x509_crq_get_extension_data2} (gnutls_x509_crq_t @var{crq}, unsigned @var{indx}, gnutls_datum_t * @var{data}) +@var{crq}: should contain a @code{gnutls_x509_crq_t} type + +@var{indx}: Specifies which extension OID to read. Use (0) to get the first one. + +@var{data}: will contain the extension DER-encoded data + +This function will return the requested extension data in the +certificate request. The extension data will be allocated using +@code{gnutls_malloc()} . + +Use @code{gnutls_x509_crq_get_extension_info()} to extract the OID. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, +otherwise a negative error code is returned. If you have reached the +last extension available @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} +will be returned. + +@strong{Since:} 3.3.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crq_get_extension_data2.short b/doc/functions/gnutls_x509_crq_get_extension_data2.short new file mode 100644 index 0000000..2aba62b --- /dev/null +++ b/doc/functions/gnutls_x509_crq_get_extension_data2.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crq_get_extension_data2} (gnutls_x509_crq_t @var{crq}, unsigned @var{indx}, gnutls_datum_t * @var{data}) diff --git a/doc/functions/gnutls_x509_crq_get_extension_info b/doc/functions/gnutls_x509_crq_get_extension_info new file mode 100644 index 0000000..b94b822 --- /dev/null +++ b/doc/functions/gnutls_x509_crq_get_extension_info @@ -0,0 +1,32 @@ + + + + +@deftypefun {int} {gnutls_x509_crq_get_extension_info} (gnutls_x509_crq_t @var{crq}, unsigned @var{indx}, void * @var{oid}, size_t * @var{sizeof_oid}, unsigned int * @var{critical}) +@var{crq}: should contain a @code{gnutls_x509_crq_t} type + +@var{indx}: Specifies which extension number to get. Use (0) to get the first one. + +@var{oid}: a pointer to store the OID + +@var{sizeof_oid}: initially holds the maximum size of @code{oid} , on return +holds actual size of @code{oid} . + +@var{critical}: output variable with critical flag, may be NULL. + +This function will return the requested extension OID in the +certificate, and the critical flag for it. The extension OID will +be stored as a string in the provided buffer. Use +@code{gnutls_x509_crq_get_extension_data()} to extract the data. + +If the buffer provided is not long enough to hold the output, then +* @code{sizeof_oid} is updated and @code{GNUTLS_E_SHORT_MEMORY_BUFFER} will be +returned. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error code in case of an error. If your have reached the +last extension available @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} +will be returned. + +@strong{Since:} 2.8.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crq_get_extension_info.short b/doc/functions/gnutls_x509_crq_get_extension_info.short new file mode 100644 index 0000000..5037981 --- /dev/null +++ b/doc/functions/gnutls_x509_crq_get_extension_info.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crq_get_extension_info} (gnutls_x509_crq_t @var{crq}, unsigned @var{indx}, void * @var{oid}, size_t * @var{sizeof_oid}, unsigned int * @var{critical}) diff --git a/doc/functions/gnutls_x509_crq_get_key_id b/doc/functions/gnutls_x509_crq_get_key_id new file mode 100644 index 0000000..e3e706b --- /dev/null +++ b/doc/functions/gnutls_x509_crq_get_key_id @@ -0,0 +1,28 @@ + + + + +@deftypefun {int} {gnutls_x509_crq_get_key_id} (gnutls_x509_crq_t @var{crq}, unsigned int @var{flags}, unsigned char * @var{output_data}, size_t * @var{output_data_size}) +@var{crq}: a certificate of type @code{gnutls_x509_crq_t} + +@var{flags}: should be one of the flags from @code{gnutls_keyid_flags_t} + +@var{output_data}: will contain the key ID + +@var{output_data_size}: holds the size of output_data (and will be +replaced by the actual size of parameters) + +This function will return a unique ID that depends on the public key +parameters. This ID can be used in checking whether a certificate +corresponds to the given private key. + +If the buffer provided is not long enough to hold the output, then +* @code{output_data_size} is updated and GNUTLS_E_SHORT_MEMORY_BUFFER will +be returned. The output will normally be a SHA-1 hash output, +which is 20 bytes. + +@strong{Returns:} In case of failure a negative error code will be +returned, and 0 on success. + +@strong{Since:} 2.8.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crq_get_key_id.short b/doc/functions/gnutls_x509_crq_get_key_id.short new file mode 100644 index 0000000..a9ac5f5 --- /dev/null +++ b/doc/functions/gnutls_x509_crq_get_key_id.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crq_get_key_id} (gnutls_x509_crq_t @var{crq}, unsigned int @var{flags}, unsigned char * @var{output_data}, size_t * @var{output_data_size}) diff --git a/doc/functions/gnutls_x509_crq_get_key_purpose_oid b/doc/functions/gnutls_x509_crq_get_key_purpose_oid new file mode 100644 index 0000000..88aa2dc --- /dev/null +++ b/doc/functions/gnutls_x509_crq_get_key_purpose_oid @@ -0,0 +1,26 @@ + + + + +@deftypefun {int} {gnutls_x509_crq_get_key_purpose_oid} (gnutls_x509_crq_t @var{crq}, unsigned @var{indx}, void * @var{oid}, size_t * @var{sizeof_oid}, unsigned int * @var{critical}) +@var{crq}: should contain a @code{gnutls_x509_crq_t} type + +@var{indx}: This specifies which OID to return, use (0) to get the first one + +@var{oid}: a pointer to store the OID (may be @code{NULL} ) + +@var{sizeof_oid}: initially holds the size of @code{oid} + +@var{critical}: output variable with critical flag, may be @code{NULL} . + +This function will extract the key purpose OIDs of the Certificate +specified by the given index. These are stored in the Extended Key +Usage extension (2.5.29.37). See the GNUTLS_KP_* definitions for +human readable names. + +@strong{Returns:} @code{GNUTLS_E_SHORT_MEMORY_BUFFER} if the provided buffer is +not long enough, and in that case the * @code{sizeof_oid} will be +updated with the required size. On success 0 is returned. + +@strong{Since:} 2.8.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crq_get_key_purpose_oid.short b/doc/functions/gnutls_x509_crq_get_key_purpose_oid.short new file mode 100644 index 0000000..29be777 --- /dev/null +++ b/doc/functions/gnutls_x509_crq_get_key_purpose_oid.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crq_get_key_purpose_oid} (gnutls_x509_crq_t @var{crq}, unsigned @var{indx}, void * @var{oid}, size_t * @var{sizeof_oid}, unsigned int * @var{critical}) diff --git a/doc/functions/gnutls_x509_crq_get_key_rsa_raw b/doc/functions/gnutls_x509_crq_get_key_rsa_raw new file mode 100644 index 0000000..401eb86 --- /dev/null +++ b/doc/functions/gnutls_x509_crq_get_key_rsa_raw @@ -0,0 +1,20 @@ + + + + +@deftypefun {int} {gnutls_x509_crq_get_key_rsa_raw} (gnutls_x509_crq_t @var{crq}, gnutls_datum_t * @var{m}, gnutls_datum_t * @var{e}) +@var{crq}: Holds the certificate + +@var{m}: will hold the modulus + +@var{e}: will hold the public exponent + +This function will export the RSA public key's parameters found in +the given structure. The new parameters will be allocated using +@code{gnutls_malloc()} and will be stored in the appropriate datum. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 2.8.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crq_get_key_rsa_raw.short b/doc/functions/gnutls_x509_crq_get_key_rsa_raw.short new file mode 100644 index 0000000..6ebaec8 --- /dev/null +++ b/doc/functions/gnutls_x509_crq_get_key_rsa_raw.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crq_get_key_rsa_raw} (gnutls_x509_crq_t @var{crq}, gnutls_datum_t * @var{m}, gnutls_datum_t * @var{e}) diff --git a/doc/functions/gnutls_x509_crq_get_key_usage b/doc/functions/gnutls_x509_crq_get_key_usage new file mode 100644 index 0000000..aea5de6 --- /dev/null +++ b/doc/functions/gnutls_x509_crq_get_key_usage @@ -0,0 +1,26 @@ + + + + +@deftypefun {int} {gnutls_x509_crq_get_key_usage} (gnutls_x509_crq_t @var{crq}, unsigned int * @var{key_usage}, unsigned int * @var{critical}) +@var{crq}: should contain a @code{gnutls_x509_crq_t} type + +@var{key_usage}: where the key usage bits will be stored + +@var{critical}: will be non-zero if the extension is marked as critical + +This function will return certificate's key usage, by reading the +keyUsage X.509 extension (2.5.29.15). The key usage value will +ORed values of the: @code{GNUTLS_KEY_DIGITAL_SIGNATURE} , +@code{GNUTLS_KEY_NON_REPUDIATION} , @code{GNUTLS_KEY_KEY_ENCIPHERMENT} , +@code{GNUTLS_KEY_DATA_ENCIPHERMENT} , @code{GNUTLS_KEY_KEY_AGREEMENT} , +@code{GNUTLS_KEY_KEY_CERT_SIGN} , @code{GNUTLS_KEY_CRL_SIGN} , +@code{GNUTLS_KEY_ENCIPHER_ONLY} , @code{GNUTLS_KEY_DECIPHER_ONLY} . + +@strong{Returns:} the certificate key usage, or a negative error code in case of +parsing error. If the certificate does not contain the keyUsage +extension @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} will be +returned. + +@strong{Since:} 2.8.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crq_get_key_usage.short b/doc/functions/gnutls_x509_crq_get_key_usage.short new file mode 100644 index 0000000..86a88fb --- /dev/null +++ b/doc/functions/gnutls_x509_crq_get_key_usage.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crq_get_key_usage} (gnutls_x509_crq_t @var{crq}, unsigned int * @var{key_usage}, unsigned int * @var{critical}) diff --git a/doc/functions/gnutls_x509_crq_get_pk_algorithm b/doc/functions/gnutls_x509_crq_get_pk_algorithm new file mode 100644 index 0000000..13b00f0 --- /dev/null +++ b/doc/functions/gnutls_x509_crq_get_pk_algorithm @@ -0,0 +1,19 @@ + + + + +@deftypefun {int} {gnutls_x509_crq_get_pk_algorithm} (gnutls_x509_crq_t @var{crq}, unsigned int * @var{bits}) +@var{crq}: should contain a @code{gnutls_x509_crq_t} type + +@var{bits}: if bits is non-@code{NULL} it will hold the size of the parameters' in bits + +This function will return the public key algorithm of a PKCS@code{10} +certificate request. + +If bits is non-@code{NULL} , it should have enough size to hold the +parameters size in bits. For RSA the bits returned is the modulus. +For DSA the bits returned are of the public exponent. + +@strong{Returns:} a member of the @code{gnutls_pk_algorithm_t} enumeration on +success, or a negative error code on error. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crq_get_pk_algorithm.short b/doc/functions/gnutls_x509_crq_get_pk_algorithm.short new file mode 100644 index 0000000..094b645 --- /dev/null +++ b/doc/functions/gnutls_x509_crq_get_pk_algorithm.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crq_get_pk_algorithm} (gnutls_x509_crq_t @var{crq}, unsigned int * @var{bits}) diff --git a/doc/functions/gnutls_x509_crq_get_pk_oid b/doc/functions/gnutls_x509_crq_get_pk_oid new file mode 100644 index 0000000..a4d259f --- /dev/null +++ b/doc/functions/gnutls_x509_crq_get_pk_oid @@ -0,0 +1,20 @@ + + + + +@deftypefun {int} {gnutls_x509_crq_get_pk_oid} (gnutls_x509_crq_t @var{crq}, char * @var{oid}, size_t * @var{oid_size}) +@var{crq}: should contain a @code{gnutls_x509_crq_t} type + +@var{oid}: a pointer to a buffer to hold the OID (may be null) + +@var{oid_size}: initially holds the size of @code{oid} + +This function will return the OID of the public key algorithm +on that certificate request. This is function +is useful in the case @code{gnutls_x509_crq_get_pk_algorithm()} +returned @code{GNUTLS_PK_UNKNOWN} . + +@strong{Returns:} zero or a negative error code on error. + +@strong{Since:} 3.5.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crq_get_pk_oid.short b/doc/functions/gnutls_x509_crq_get_pk_oid.short new file mode 100644 index 0000000..51afe7b --- /dev/null +++ b/doc/functions/gnutls_x509_crq_get_pk_oid.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crq_get_pk_oid} (gnutls_x509_crq_t @var{crq}, char * @var{oid}, size_t * @var{oid_size}) diff --git a/doc/functions/gnutls_x509_crq_get_private_key_usage_period b/doc/functions/gnutls_x509_crq_get_private_key_usage_period new file mode 100644 index 0000000..b5bbbce --- /dev/null +++ b/doc/functions/gnutls_x509_crq_get_private_key_usage_period @@ -0,0 +1,19 @@ + + + + +@deftypefun {int} {gnutls_x509_crq_get_private_key_usage_period} (gnutls_x509_crq_t @var{crq}, time_t * @var{activation}, time_t * @var{expiration}, unsigned int * @var{critical}) +@var{crq}: should contain a @code{gnutls_x509_crq_t} type + +@var{activation}: The activation time + +@var{expiration}: The expiration time + +@var{critical}: the extension status + +This function will return the expiration and activation +times of the private key of the certificate. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} +if the extension is not present, otherwise a negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crq_get_private_key_usage_period.short b/doc/functions/gnutls_x509_crq_get_private_key_usage_period.short new file mode 100644 index 0000000..8041c62 --- /dev/null +++ b/doc/functions/gnutls_x509_crq_get_private_key_usage_period.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crq_get_private_key_usage_period} (gnutls_x509_crq_t @var{crq}, time_t * @var{activation}, time_t * @var{expiration}, unsigned int * @var{critical}) diff --git a/doc/functions/gnutls_x509_crq_get_signature_algorithm b/doc/functions/gnutls_x509_crq_get_signature_algorithm new file mode 100644 index 0000000..79816b3 --- /dev/null +++ b/doc/functions/gnutls_x509_crq_get_signature_algorithm @@ -0,0 +1,19 @@ + + + + +@deftypefun {int} {gnutls_x509_crq_get_signature_algorithm} (gnutls_x509_crq_t @var{crq}) +@var{crq}: should contain a @code{gnutls_x509_cr_t} type + +This function will return a value of the @code{gnutls_sign_algorithm_t} +enumeration that is the signature algorithm that has been used to +sign this certificate request. + +Since 3.6.0 this function never returns a negative error code. +Error cases and unknown/unsupported signature algorithms are +mapped to @code{GNUTLS_SIGN_UNKNOWN} . + +@strong{Returns:} a @code{gnutls_sign_algorithm_t} value + +@strong{Since:} 3.4.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crq_get_signature_algorithm.short b/doc/functions/gnutls_x509_crq_get_signature_algorithm.short new file mode 100644 index 0000000..2e97396 --- /dev/null +++ b/doc/functions/gnutls_x509_crq_get_signature_algorithm.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crq_get_signature_algorithm} (gnutls_x509_crq_t @var{crq}) diff --git a/doc/functions/gnutls_x509_crq_get_signature_oid b/doc/functions/gnutls_x509_crq_get_signature_oid new file mode 100644 index 0000000..78de790 --- /dev/null +++ b/doc/functions/gnutls_x509_crq_get_signature_oid @@ -0,0 +1,20 @@ + + + + +@deftypefun {int} {gnutls_x509_crq_get_signature_oid} (gnutls_x509_crq_t @var{crq}, char * @var{oid}, size_t * @var{oid_size}) +@var{crq}: should contain a @code{gnutls_x509_crq_t} type + +@var{oid}: a pointer to a buffer to hold the OID (may be null) + +@var{oid_size}: initially holds the size of @code{oid} + +This function will return the OID of the signature algorithm +that has been used to sign this certificate request. This is function +is useful in the case @code{gnutls_x509_crq_get_signature_algorithm()} +returned @code{GNUTLS_SIGN_UNKNOWN} . + +@strong{Returns:} zero or a negative error code on error. + +@strong{Since:} 3.5.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crq_get_signature_oid.short b/doc/functions/gnutls_x509_crq_get_signature_oid.short new file mode 100644 index 0000000..6a9fe42 --- /dev/null +++ b/doc/functions/gnutls_x509_crq_get_signature_oid.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crq_get_signature_oid} (gnutls_x509_crq_t @var{crq}, char * @var{oid}, size_t * @var{oid_size}) diff --git a/doc/functions/gnutls_x509_crq_get_spki b/doc/functions/gnutls_x509_crq_get_spki new file mode 100644 index 0000000..aef14fd --- /dev/null +++ b/doc/functions/gnutls_x509_crq_get_spki @@ -0,0 +1,16 @@ + + + + +@deftypefun {int} {gnutls_x509_crq_get_spki} (gnutls_x509_crq_t @var{crq}, gnutls_x509_spki_t @var{spki}, unsigned int @var{flags}) +@var{crq}: should contain a @code{gnutls_x509_crq_t} type + +@var{spki}: a SubjectPublicKeyInfo structure of type @code{gnutls_x509_spki_t} + +@var{flags}: must be zero + +This function will return the public key information of a PKCS@code{10} +certificate request. The provided @code{spki} must be initialized. + +@strong{Returns:} Zero on success, or a negative error code on error. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crq_get_spki.short b/doc/functions/gnutls_x509_crq_get_spki.short new file mode 100644 index 0000000..3191735 --- /dev/null +++ b/doc/functions/gnutls_x509_crq_get_spki.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crq_get_spki} (gnutls_x509_crq_t @var{crq}, gnutls_x509_spki_t @var{spki}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_x509_crq_get_subject_alt_name b/doc/functions/gnutls_x509_crq_get_subject_alt_name new file mode 100644 index 0000000..0c07673 --- /dev/null +++ b/doc/functions/gnutls_x509_crq_get_subject_alt_name @@ -0,0 +1,36 @@ + + + + +@deftypefun {int} {gnutls_x509_crq_get_subject_alt_name} (gnutls_x509_crq_t @var{crq}, unsigned int @var{seq}, void * @var{ret}, size_t * @var{ret_size}, unsigned int * @var{ret_type}, unsigned int * @var{critical}) +@var{crq}: should contain a @code{gnutls_x509_crq_t} type + +@var{seq}: specifies the sequence number of the alt name, 0 for the +first one, 1 for the second etc. + +@var{ret}: is the place where the alternative name will be copied to + +@var{ret_size}: holds the size of ret. + +@var{ret_type}: holds the @code{gnutls_x509_subject_alt_name_t} name type + +@var{critical}: will be non-zero if the extension is marked as critical +(may be null) + +This function will return the alternative names, contained in the +given certificate. It is the same as +@code{gnutls_x509_crq_get_subject_alt_name()} except for the fact that it +will return the type of the alternative name in @code{ret_type} even if +the function fails for some reason (i.e. the buffer provided is +not enough). + +@strong{Returns:} the alternative subject name type on success, one of the +enumerated @code{gnutls_x509_subject_alt_name_t} . It will return +@code{GNUTLS_E_SHORT_MEMORY_BUFFER} if @code{ret_size} is not large enough to +hold the value. In that case @code{ret_size} will be updated with the +required size. If the certificate request does not have an +Alternative name with the specified sequence number then +@code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} is returned. + +@strong{Since:} 2.8.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crq_get_subject_alt_name.short b/doc/functions/gnutls_x509_crq_get_subject_alt_name.short new file mode 100644 index 0000000..05c8716 --- /dev/null +++ b/doc/functions/gnutls_x509_crq_get_subject_alt_name.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crq_get_subject_alt_name} (gnutls_x509_crq_t @var{crq}, unsigned int @var{seq}, void * @var{ret}, size_t * @var{ret_size}, unsigned int * @var{ret_type}, unsigned int * @var{critical}) diff --git a/doc/functions/gnutls_x509_crq_get_subject_alt_othername_oid b/doc/functions/gnutls_x509_crq_get_subject_alt_othername_oid new file mode 100644 index 0000000..20211e7 --- /dev/null +++ b/doc/functions/gnutls_x509_crq_get_subject_alt_othername_oid @@ -0,0 +1,34 @@ + + + + +@deftypefun {int} {gnutls_x509_crq_get_subject_alt_othername_oid} (gnutls_x509_crq_t @var{crq}, unsigned int @var{seq}, void * @var{ret}, size_t * @var{ret_size}) +@var{crq}: should contain a @code{gnutls_x509_crq_t} type + +@var{seq}: specifies the sequence number of the alt name (0 for the first one, 1 for the second etc.) + +@var{ret}: is the place where the otherName OID will be copied to + +@var{ret_size}: holds the size of ret. + +This function will extract the type OID of an otherName Subject +Alternative Name, contained in the given certificate, and return +the type as an enumerated element. + +This function is only useful if +@code{gnutls_x509_crq_get_subject_alt_name()} returned +@code{GNUTLS_SAN_OTHERNAME} . + +@strong{Returns:} the alternative subject name type on success, one of the +enumerated gnutls_x509_subject_alt_name_t. For supported OIDs, +it will return one of the virtual (GNUTLS_SAN_OTHERNAME_*) types, +e.g. @code{GNUTLS_SAN_OTHERNAME_XMPP} , and @code{GNUTLS_SAN_OTHERNAME} for +unknown OIDs. It will return @code{GNUTLS_E_SHORT_MEMORY_BUFFER} if + @code{ret_size} is not large enough to hold the value. In that case + @code{ret_size} will be updated with the required size. If the +certificate does not have an Alternative name with the specified +sequence number and with the otherName type then +@code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} is returned. + +@strong{Since:} 2.8.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crq_get_subject_alt_othername_oid.short b/doc/functions/gnutls_x509_crq_get_subject_alt_othername_oid.short new file mode 100644 index 0000000..2657d7c --- /dev/null +++ b/doc/functions/gnutls_x509_crq_get_subject_alt_othername_oid.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crq_get_subject_alt_othername_oid} (gnutls_x509_crq_t @var{crq}, unsigned int @var{seq}, void * @var{ret}, size_t * @var{ret_size}) diff --git a/doc/functions/gnutls_x509_crq_get_tlsfeatures b/doc/functions/gnutls_x509_crq_get_tlsfeatures new file mode 100644 index 0000000..4edb58b --- /dev/null +++ b/doc/functions/gnutls_x509_crq_get_tlsfeatures @@ -0,0 +1,31 @@ + + + + +@deftypefun {int} {gnutls_x509_crq_get_tlsfeatures} (gnutls_x509_crq_t @var{crq}, gnutls_x509_tlsfeatures_t @var{features}, unsigned int @var{flags}, unsigned int * @var{critical}) +@var{crq}: An X.509 certificate request + +@var{features}: If the function succeeds, the +features will be stored in this variable. + +@var{flags}: zero or @code{GNUTLS_EXT_FLAG_APPEND} + +@var{critical}: the extension status + +This function will get the X.509 TLS features +extension structure from the certificate request. +The returned structure needs to be freed using +@code{gnutls_x509_tlsfeatures_deinit()} . + +When the @code{flags} is set to @code{GNUTLS_EXT_FLAG_APPEND} , +then if the @code{features} structure is empty this function will behave +identically as if the flag was not set. Otherwise if there are elements +in the @code{features} structure then they will be merged with. + +Note that @code{features} must be initialized prior to calling this function. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, +otherwise a negative error value. + +@strong{Since:} 3.5.1 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crq_get_tlsfeatures.short b/doc/functions/gnutls_x509_crq_get_tlsfeatures.short new file mode 100644 index 0000000..d408674 --- /dev/null +++ b/doc/functions/gnutls_x509_crq_get_tlsfeatures.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crq_get_tlsfeatures} (gnutls_x509_crq_t @var{crq}, gnutls_x509_tlsfeatures_t @var{features}, unsigned int @var{flags}, unsigned int * @var{critical}) diff --git a/doc/functions/gnutls_x509_crq_get_version b/doc/functions/gnutls_x509_crq_get_version new file mode 100644 index 0000000..1650223 --- /dev/null +++ b/doc/functions/gnutls_x509_crq_get_version @@ -0,0 +1,13 @@ + + + + +@deftypefun {int} {gnutls_x509_crq_get_version} (gnutls_x509_crq_t @var{crq}) +@var{crq}: should contain a @code{gnutls_x509_crq_t} type + +This function will return the version of the specified Certificate +request. + +@strong{Returns:} version of certificate request, or a negative error code on +error. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crq_get_version.short b/doc/functions/gnutls_x509_crq_get_version.short new file mode 100644 index 0000000..3a9f80a --- /dev/null +++ b/doc/functions/gnutls_x509_crq_get_version.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crq_get_version} (gnutls_x509_crq_t @var{crq}) diff --git a/doc/functions/gnutls_x509_crq_import b/doc/functions/gnutls_x509_crq_import new file mode 100644 index 0000000..16b4116 --- /dev/null +++ b/doc/functions/gnutls_x509_crq_import @@ -0,0 +1,21 @@ + + + + +@deftypefun {int} {gnutls_x509_crq_import} (gnutls_x509_crq_t @var{crq}, const gnutls_datum_t * @var{data}, gnutls_x509_crt_fmt_t @var{format}) +@var{crq}: The data to store the parsed certificate request. + +@var{data}: The DER or PEM encoded certificate. + +@var{format}: One of DER or PEM + +This function will convert the given DER or PEM encoded certificate +request to a @code{gnutls_x509_crq_t} type. The output will be +stored in @code{crq} . + +If the Certificate is PEM encoded it should have a header of "NEW +CERTIFICATE REQUEST". + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crq_import.short b/doc/functions/gnutls_x509_crq_import.short new file mode 100644 index 0000000..d88c13c --- /dev/null +++ b/doc/functions/gnutls_x509_crq_import.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crq_import} (gnutls_x509_crq_t @var{crq}, const gnutls_datum_t * @var{data}, gnutls_x509_crt_fmt_t @var{format}) diff --git a/doc/functions/gnutls_x509_crq_init b/doc/functions/gnutls_x509_crq_init new file mode 100644 index 0000000..e6aa025 --- /dev/null +++ b/doc/functions/gnutls_x509_crq_init @@ -0,0 +1,13 @@ + + + + +@deftypefun {int} {gnutls_x509_crq_init} (gnutls_x509_crq_t * @var{crq}) +@var{crq}: A pointer to the type to be initialized + +This function will initialize a PKCS@code{10} certificate request +structure. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crq_init.short b/doc/functions/gnutls_x509_crq_init.short new file mode 100644 index 0000000..40eda51 --- /dev/null +++ b/doc/functions/gnutls_x509_crq_init.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crq_init} (gnutls_x509_crq_t * @var{crq}) diff --git a/doc/functions/gnutls_x509_crq_print b/doc/functions/gnutls_x509_crq_print new file mode 100644 index 0000000..c595d2e --- /dev/null +++ b/doc/functions/gnutls_x509_crq_print @@ -0,0 +1,21 @@ + + + + +@deftypefun {int} {gnutls_x509_crq_print} (gnutls_x509_crq_t @var{crq}, gnutls_certificate_print_formats_t @var{format}, gnutls_datum_t * @var{out}) +@var{crq}: The data to be printed + +@var{format}: Indicate the format to use + +@var{out}: Newly allocated datum with null terminated string. + +This function will pretty print a certificate request, suitable for +display to a human. + +The output @code{out} needs to be deallocated using @code{gnutls_free()} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 2.8.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crq_print.short b/doc/functions/gnutls_x509_crq_print.short new file mode 100644 index 0000000..3dd9245 --- /dev/null +++ b/doc/functions/gnutls_x509_crq_print.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crq_print} (gnutls_x509_crq_t @var{crq}, gnutls_certificate_print_formats_t @var{format}, gnutls_datum_t * @var{out}) diff --git a/doc/functions/gnutls_x509_crq_privkey_sign b/doc/functions/gnutls_x509_crq_privkey_sign new file mode 100644 index 0000000..69aec84 --- /dev/null +++ b/doc/functions/gnutls_x509_crq_privkey_sign @@ -0,0 +1,35 @@ + + + + +@deftypefun {int} {gnutls_x509_crq_privkey_sign} (gnutls_x509_crq_t @var{crq}, gnutls_privkey_t @var{key}, gnutls_digest_algorithm_t @var{dig}, unsigned int @var{flags}) +@var{crq}: should contain a @code{gnutls_x509_crq_t} type + +@var{key}: holds a private key + +@var{dig}: The message digest to use, i.e., @code{GNUTLS_DIG_SHA1} + +@var{flags}: must be 0 + +This function will sign the certificate request with a private key. +This must be the same key as the one used in +@code{gnutls_x509_crt_set_key()} since a certificate request is self +signed. + +This must be the last step in a certificate request generation +since all the previously set parameters are now signed. + +A known limitation of this function is, that a newly-signed request will not +be fully functional (e.g., for signature verification), until it +is exported an re-imported. + +After GnuTLS 3.6.1 the value of @code{dig} may be @code{GNUTLS_DIG_UNKNOWN} , +and in that case, a suitable but reasonable for the key algorithm will be selected. + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, otherwise a negative error code. +@code{GNUTLS_E_ASN1_VALUE_NOT_FOUND} is returned if you didn't set all +information in the certificate request (e.g., the version using +@code{gnutls_x509_crq_set_version()} ). + +@strong{Since:} 2.12.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crq_privkey_sign.short b/doc/functions/gnutls_x509_crq_privkey_sign.short new file mode 100644 index 0000000..145bd1a --- /dev/null +++ b/doc/functions/gnutls_x509_crq_privkey_sign.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crq_privkey_sign} (gnutls_x509_crq_t @var{crq}, gnutls_privkey_t @var{key}, gnutls_digest_algorithm_t @var{dig}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_x509_crq_set_attribute_by_oid b/doc/functions/gnutls_x509_crq_set_attribute_by_oid new file mode 100644 index 0000000..09d4a45 --- /dev/null +++ b/doc/functions/gnutls_x509_crq_set_attribute_by_oid @@ -0,0 +1,23 @@ + + + + +@deftypefun {int} {gnutls_x509_crq_set_attribute_by_oid} (gnutls_x509_crq_t @var{crq}, const char * @var{oid}, void * @var{buf}, size_t @var{buf_size}) +@var{crq}: should contain a @code{gnutls_x509_crq_t} type + +@var{oid}: holds an Object Identifier in a null-terminated string + +@var{buf}: a pointer to a structure that holds the attribute data + +@var{buf_size}: holds the size of @code{buf} + +This function will set the attribute in the certificate request +specified by the given Object ID. The provided attribute must be be DER +encoded. + +Attributes in a certificate request is an optional set of data +appended to the request. Their interpretation depends on the CA policy. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crq_set_attribute_by_oid.short b/doc/functions/gnutls_x509_crq_set_attribute_by_oid.short new file mode 100644 index 0000000..0797b6e --- /dev/null +++ b/doc/functions/gnutls_x509_crq_set_attribute_by_oid.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crq_set_attribute_by_oid} (gnutls_x509_crq_t @var{crq}, const char * @var{oid}, void * @var{buf}, size_t @var{buf_size}) diff --git a/doc/functions/gnutls_x509_crq_set_basic_constraints b/doc/functions/gnutls_x509_crq_set_basic_constraints new file mode 100644 index 0000000..74422c0 --- /dev/null +++ b/doc/functions/gnutls_x509_crq_set_basic_constraints @@ -0,0 +1,20 @@ + + + + +@deftypefun {int} {gnutls_x509_crq_set_basic_constraints} (gnutls_x509_crq_t @var{crq}, unsigned int @var{ca}, int @var{pathLenConstraint}) +@var{crq}: a certificate request of type @code{gnutls_x509_crq_t} + +@var{ca}: true(1) or false(0) depending on the Certificate authority status. + +@var{pathLenConstraint}: non-negative error codes indicate maximum length of path, +and negative error codes indicate that the pathLenConstraints field should +not be present. + +This function will set the basicConstraints certificate extension. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 2.8.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crq_set_basic_constraints.short b/doc/functions/gnutls_x509_crq_set_basic_constraints.short new file mode 100644 index 0000000..cc77177 --- /dev/null +++ b/doc/functions/gnutls_x509_crq_set_basic_constraints.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crq_set_basic_constraints} (gnutls_x509_crq_t @var{crq}, unsigned int @var{ca}, int @var{pathLenConstraint}) diff --git a/doc/functions/gnutls_x509_crq_set_challenge_password b/doc/functions/gnutls_x509_crq_set_challenge_password new file mode 100644 index 0000000..5135bf5 --- /dev/null +++ b/doc/functions/gnutls_x509_crq_set_challenge_password @@ -0,0 +1,15 @@ + + + + +@deftypefun {int} {gnutls_x509_crq_set_challenge_password} (gnutls_x509_crq_t @var{crq}, const char * @var{pass}) +@var{crq}: should contain a @code{gnutls_x509_crq_t} type + +@var{pass}: holds a (0)-terminated password + +This function will set a challenge password to be used when +revoking the request. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crq_set_challenge_password.short b/doc/functions/gnutls_x509_crq_set_challenge_password.short new file mode 100644 index 0000000..343a67a --- /dev/null +++ b/doc/functions/gnutls_x509_crq_set_challenge_password.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crq_set_challenge_password} (gnutls_x509_crq_t @var{crq}, const char * @var{pass}) diff --git a/doc/functions/gnutls_x509_crq_set_dn b/doc/functions/gnutls_x509_crq_set_dn new file mode 100644 index 0000000..4365b5f --- /dev/null +++ b/doc/functions/gnutls_x509_crq_set_dn @@ -0,0 +1,18 @@ + + + + +@deftypefun {int} {gnutls_x509_crq_set_dn} (gnutls_x509_crq_t @var{crq}, const char * @var{dn}, const char ** @var{err}) +@var{crq}: a certificate of type @code{gnutls_x509_crq_t} + +@var{dn}: a comma separated DN string (RFC4514) + +@var{err}: indicates the error position (if any) + +This function will set the DN on the provided certificate. +The input string should be plain ASCII or UTF-8 encoded. On +DN parsing error @code{GNUTLS_E_PARSING_ERROR} is returned. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crq_set_dn.short b/doc/functions/gnutls_x509_crq_set_dn.short new file mode 100644 index 0000000..5f8affa --- /dev/null +++ b/doc/functions/gnutls_x509_crq_set_dn.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crq_set_dn} (gnutls_x509_crq_t @var{crq}, const char * @var{dn}, const char ** @var{err}) diff --git a/doc/functions/gnutls_x509_crq_set_dn_by_oid b/doc/functions/gnutls_x509_crq_set_dn_by_oid new file mode 100644 index 0000000..c9ecb06 --- /dev/null +++ b/doc/functions/gnutls_x509_crq_set_dn_by_oid @@ -0,0 +1,28 @@ + + + + +@deftypefun {int} {gnutls_x509_crq_set_dn_by_oid} (gnutls_x509_crq_t @var{crq}, const char * @var{oid}, unsigned int @var{raw_flag}, const void * @var{data}, unsigned int @var{sizeof_data}) +@var{crq}: should contain a @code{gnutls_x509_crq_t} type + +@var{oid}: holds an Object Identifier in a (0)-terminated string + +@var{raw_flag}: must be 0, or 1 if the data are DER encoded + +@var{data}: a pointer to the input data + +@var{sizeof_data}: holds the size of @code{data} + +This function will set the part of the name of the Certificate +request subject, specified by the given OID. The input string +should be ASCII or UTF-8 encoded. + +Some helper macros with popular OIDs can be found in gnutls/x509.h +With this function you can only set the known OIDs. You can test +for known OIDs using @code{gnutls_x509_dn_oid_known()} . For OIDs that are +not known (by gnutls) you should properly DER encode your data, and +call this function with raw_flag set. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crq_set_dn_by_oid.short b/doc/functions/gnutls_x509_crq_set_dn_by_oid.short new file mode 100644 index 0000000..5ff9952 --- /dev/null +++ b/doc/functions/gnutls_x509_crq_set_dn_by_oid.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crq_set_dn_by_oid} (gnutls_x509_crq_t @var{crq}, const char * @var{oid}, unsigned int @var{raw_flag}, const void * @var{data}, unsigned int @var{sizeof_data}) diff --git a/doc/functions/gnutls_x509_crq_set_extension_by_oid b/doc/functions/gnutls_x509_crq_set_extension_by_oid new file mode 100644 index 0000000..b2f1942 --- /dev/null +++ b/doc/functions/gnutls_x509_crq_set_extension_by_oid @@ -0,0 +1,22 @@ + + + + +@deftypefun {int} {gnutls_x509_crq_set_extension_by_oid} (gnutls_x509_crq_t @var{crq}, const char * @var{oid}, const void * @var{buf}, size_t @var{sizeof_buf}, unsigned int @var{critical}) +@var{crq}: a certificate of type @code{gnutls_x509_crq_t} + +@var{oid}: holds an Object Identifier in null terminated string + +@var{buf}: a pointer to a DER encoded data + +@var{sizeof_buf}: holds the size of @code{buf} + +@var{critical}: should be non-zero if the extension is to be marked as critical + +This function will set an the extension, by the specified OID, in +the certificate request. The extension data should be binary data DER +encoded. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crq_set_extension_by_oid.short b/doc/functions/gnutls_x509_crq_set_extension_by_oid.short new file mode 100644 index 0000000..aa22e16 --- /dev/null +++ b/doc/functions/gnutls_x509_crq_set_extension_by_oid.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crq_set_extension_by_oid} (gnutls_x509_crq_t @var{crq}, const char * @var{oid}, const void * @var{buf}, size_t @var{sizeof_buf}, unsigned int @var{critical}) diff --git a/doc/functions/gnutls_x509_crq_set_key b/doc/functions/gnutls_x509_crq_set_key new file mode 100644 index 0000000..3cf1fa9 --- /dev/null +++ b/doc/functions/gnutls_x509_crq_set_key @@ -0,0 +1,15 @@ + + + + +@deftypefun {int} {gnutls_x509_crq_set_key} (gnutls_x509_crq_t @var{crq}, gnutls_x509_privkey_t @var{key}) +@var{crq}: should contain a @code{gnutls_x509_crq_t} type + +@var{key}: holds a private key + +This function will set the public parameters from the given private +key to the request. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crq_set_key.short b/doc/functions/gnutls_x509_crq_set_key.short new file mode 100644 index 0000000..0b475f2 --- /dev/null +++ b/doc/functions/gnutls_x509_crq_set_key.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crq_set_key} (gnutls_x509_crq_t @var{crq}, gnutls_x509_privkey_t @var{key}) diff --git a/doc/functions/gnutls_x509_crq_set_key_purpose_oid b/doc/functions/gnutls_x509_crq_set_key_purpose_oid new file mode 100644 index 0000000..a1a5653 --- /dev/null +++ b/doc/functions/gnutls_x509_crq_set_key_purpose_oid @@ -0,0 +1,22 @@ + + + + +@deftypefun {int} {gnutls_x509_crq_set_key_purpose_oid} (gnutls_x509_crq_t @var{crq}, const void * @var{oid}, unsigned int @var{critical}) +@var{crq}: a certificate of type @code{gnutls_x509_crq_t} + +@var{oid}: a pointer to a null-terminated string that holds the OID + +@var{critical}: Whether this extension will be critical or not + +This function will set the key purpose OIDs of the Certificate. +These are stored in the Extended Key Usage extension (2.5.29.37) +See the GNUTLS_KP_* definitions for human readable names. + +Subsequent calls to this function will append OIDs to the OID list. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 2.8.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crq_set_key_purpose_oid.short b/doc/functions/gnutls_x509_crq_set_key_purpose_oid.short new file mode 100644 index 0000000..ed6c344 --- /dev/null +++ b/doc/functions/gnutls_x509_crq_set_key_purpose_oid.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crq_set_key_purpose_oid} (gnutls_x509_crq_t @var{crq}, const void * @var{oid}, unsigned int @var{critical}) diff --git a/doc/functions/gnutls_x509_crq_set_key_rsa_raw b/doc/functions/gnutls_x509_crq_set_key_rsa_raw new file mode 100644 index 0000000..508ce6a --- /dev/null +++ b/doc/functions/gnutls_x509_crq_set_key_rsa_raw @@ -0,0 +1,19 @@ + + + + +@deftypefun {int} {gnutls_x509_crq_set_key_rsa_raw} (gnutls_x509_crq_t @var{crq}, const gnutls_datum_t * @var{m}, const gnutls_datum_t * @var{e}) +@var{crq}: should contain a @code{gnutls_x509_crq_t} type + +@var{m}: holds the modulus + +@var{e}: holds the public exponent + +This function will set the public parameters from the given private +key to the request. Only RSA keys are currently supported. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 2.6.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crq_set_key_rsa_raw.short b/doc/functions/gnutls_x509_crq_set_key_rsa_raw.short new file mode 100644 index 0000000..568162e --- /dev/null +++ b/doc/functions/gnutls_x509_crq_set_key_rsa_raw.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crq_set_key_rsa_raw} (gnutls_x509_crq_t @var{crq}, const gnutls_datum_t * @var{m}, const gnutls_datum_t * @var{e}) diff --git a/doc/functions/gnutls_x509_crq_set_key_usage b/doc/functions/gnutls_x509_crq_set_key_usage new file mode 100644 index 0000000..78121a8 --- /dev/null +++ b/doc/functions/gnutls_x509_crq_set_key_usage @@ -0,0 +1,16 @@ + + + + +@deftypefun {int} {gnutls_x509_crq_set_key_usage} (gnutls_x509_crq_t @var{crq}, unsigned int @var{usage}) +@var{crq}: a certificate request of type @code{gnutls_x509_crq_t} + +@var{usage}: an ORed sequence of the GNUTLS_KEY_* elements. + +This function will set the keyUsage certificate extension. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 2.8.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crq_set_key_usage.short b/doc/functions/gnutls_x509_crq_set_key_usage.short new file mode 100644 index 0000000..2475e2f --- /dev/null +++ b/doc/functions/gnutls_x509_crq_set_key_usage.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crq_set_key_usage} (gnutls_x509_crq_t @var{crq}, unsigned int @var{usage}) diff --git a/doc/functions/gnutls_x509_crq_set_private_key_usage_period b/doc/functions/gnutls_x509_crq_set_private_key_usage_period new file mode 100644 index 0000000..0a90a10 --- /dev/null +++ b/doc/functions/gnutls_x509_crq_set_private_key_usage_period @@ -0,0 +1,16 @@ + + + + +@deftypefun {int} {gnutls_x509_crq_set_private_key_usage_period} (gnutls_x509_crq_t @var{crq}, time_t @var{activation}, time_t @var{expiration}) +@var{crq}: a certificate of type @code{gnutls_x509_crq_t} + +@var{activation}: The activation time + +@var{expiration}: The expiration time + +This function will set the private key usage period extension (2.5.29.16). + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crq_set_private_key_usage_period.short b/doc/functions/gnutls_x509_crq_set_private_key_usage_period.short new file mode 100644 index 0000000..06010d1 --- /dev/null +++ b/doc/functions/gnutls_x509_crq_set_private_key_usage_period.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crq_set_private_key_usage_period} (gnutls_x509_crq_t @var{crq}, time_t @var{activation}, time_t @var{expiration}) diff --git a/doc/functions/gnutls_x509_crq_set_pubkey b/doc/functions/gnutls_x509_crq_set_pubkey new file mode 100644 index 0000000..0e1ab07 --- /dev/null +++ b/doc/functions/gnutls_x509_crq_set_pubkey @@ -0,0 +1,17 @@ + + + + +@deftypefun {int} {gnutls_x509_crq_set_pubkey} (gnutls_x509_crq_t @var{crq}, gnutls_pubkey_t @var{key}) +@var{crq}: should contain a @code{gnutls_x509_crq_t} type + +@var{key}: holds a public key + +This function will set the public parameters from the given public +key to the request. The @code{key} can be deallocated after that. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 2.12.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crq_set_pubkey.short b/doc/functions/gnutls_x509_crq_set_pubkey.short new file mode 100644 index 0000000..e9b3a07 --- /dev/null +++ b/doc/functions/gnutls_x509_crq_set_pubkey.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crq_set_pubkey} (gnutls_x509_crq_t @var{crq}, gnutls_pubkey_t @var{key}) diff --git a/doc/functions/gnutls_x509_crq_set_spki b/doc/functions/gnutls_x509_crq_set_spki new file mode 100644 index 0000000..029e3bc --- /dev/null +++ b/doc/functions/gnutls_x509_crq_set_spki @@ -0,0 +1,24 @@ + + + + +@deftypefun {int} {gnutls_x509_crq_set_spki} (gnutls_x509_crq_t @var{crq}, const gnutls_x509_spki_t @var{spki}, unsigned int @var{flags}) +@var{crq}: a certificate request of type @code{gnutls_x509_crq_t} + +@var{spki}: a SubjectPublicKeyInfo structure of type @code{gnutls_x509_spki_t} + +@var{flags}: must be zero + +This function will set the certificate request's subject public key +information explicitly. This is intended to be used in the cases +where a single public key (e.g., RSA) can be used for multiple +signature algorithms (RSA PKCS1-1.5, and RSA-PSS). + +To export the public key (i.e., the SubjectPublicKeyInfo part), check +@code{gnutls_pubkey_import_x509()} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.6.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crq_set_spki.short b/doc/functions/gnutls_x509_crq_set_spki.short new file mode 100644 index 0000000..6c925a8 --- /dev/null +++ b/doc/functions/gnutls_x509_crq_set_spki.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crq_set_spki} (gnutls_x509_crq_t @var{crq}, const gnutls_x509_spki_t @var{spki}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_x509_crq_set_subject_alt_name b/doc/functions/gnutls_x509_crq_set_subject_alt_name new file mode 100644 index 0000000..13142c6 --- /dev/null +++ b/doc/functions/gnutls_x509_crq_set_subject_alt_name @@ -0,0 +1,24 @@ + + + + +@deftypefun {int} {gnutls_x509_crq_set_subject_alt_name} (gnutls_x509_crq_t @var{crq}, gnutls_x509_subject_alt_name_t @var{nt}, const void * @var{data}, unsigned int @var{data_size}, unsigned int @var{flags}) +@var{crq}: a certificate request of type @code{gnutls_x509_crq_t} + +@var{nt}: is one of the @code{gnutls_x509_subject_alt_name_t} enumerations + +@var{data}: The data to be set + +@var{data_size}: The size of data to be set + +@var{flags}: @code{GNUTLS_FSAN_SET} to clear previous data or +@code{GNUTLS_FSAN_APPEND} to append. + +This function will set the subject alternative name certificate +extension. It can set the following types: + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 2.8.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crq_set_subject_alt_name.short b/doc/functions/gnutls_x509_crq_set_subject_alt_name.short new file mode 100644 index 0000000..dc2a4dc --- /dev/null +++ b/doc/functions/gnutls_x509_crq_set_subject_alt_name.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crq_set_subject_alt_name} (gnutls_x509_crq_t @var{crq}, gnutls_x509_subject_alt_name_t @var{nt}, const void * @var{data}, unsigned int @var{data_size}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_x509_crq_set_subject_alt_othername b/doc/functions/gnutls_x509_crq_set_subject_alt_othername new file mode 100644 index 0000000..563bde9 --- /dev/null +++ b/doc/functions/gnutls_x509_crq_set_subject_alt_othername @@ -0,0 +1,26 @@ + + + + +@deftypefun {int} {gnutls_x509_crq_set_subject_alt_othername} (gnutls_x509_crq_t @var{crq}, const char * @var{oid}, const void * @var{data}, unsigned int @var{data_size}, unsigned int @var{flags}) +@var{crq}: a certificate request of type @code{gnutls_x509_crq_t} + +@var{oid}: is the othername OID + +@var{data}: The data to be set + +@var{data_size}: The size of data to be set + +@var{flags}: @code{GNUTLS_FSAN_SET} to clear previous data or +@code{GNUTLS_FSAN_APPEND} to append. + +This function will set the subject alternative name certificate +extension. It can set the following types: + +The values set must be binary values and must be properly DER encoded. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.5.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crq_set_subject_alt_othername.short b/doc/functions/gnutls_x509_crq_set_subject_alt_othername.short new file mode 100644 index 0000000..a045021 --- /dev/null +++ b/doc/functions/gnutls_x509_crq_set_subject_alt_othername.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crq_set_subject_alt_othername} (gnutls_x509_crq_t @var{crq}, const char * @var{oid}, const void * @var{data}, unsigned int @var{data_size}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_x509_crq_set_tlsfeatures b/doc/functions/gnutls_x509_crq_set_tlsfeatures new file mode 100644 index 0000000..96d8f49 --- /dev/null +++ b/doc/functions/gnutls_x509_crq_set_tlsfeatures @@ -0,0 +1,19 @@ + + + + +@deftypefun {int} {gnutls_x509_crq_set_tlsfeatures} (gnutls_x509_crq_t @var{crq}, gnutls_x509_tlsfeatures_t @var{features}) +@var{crq}: An X.509 certificate request + +@var{features}: If the function succeeds, the +features will be added to the certificate +request. + +This function will set the certificate request's +X.509 TLS extension from the given structure. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, +otherwise a negative error value. + +@strong{Since:} 3.5.1 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crq_set_tlsfeatures.short b/doc/functions/gnutls_x509_crq_set_tlsfeatures.short new file mode 100644 index 0000000..2d3c3ae --- /dev/null +++ b/doc/functions/gnutls_x509_crq_set_tlsfeatures.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crq_set_tlsfeatures} (gnutls_x509_crq_t @var{crq}, gnutls_x509_tlsfeatures_t @var{features}) diff --git a/doc/functions/gnutls_x509_crq_set_version b/doc/functions/gnutls_x509_crq_set_version new file mode 100644 index 0000000..b3be03f --- /dev/null +++ b/doc/functions/gnutls_x509_crq_set_version @@ -0,0 +1,15 @@ + + + + +@deftypefun {int} {gnutls_x509_crq_set_version} (gnutls_x509_crq_t @var{crq}, unsigned int @var{version}) +@var{crq}: should contain a @code{gnutls_x509_crq_t} type + +@var{version}: holds the version number, for v1 Requests must be 1 + +This function will set the version of the certificate request. For +version 1 requests this must be one. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crq_set_version.short b/doc/functions/gnutls_x509_crq_set_version.short new file mode 100644 index 0000000..c5e6639 --- /dev/null +++ b/doc/functions/gnutls_x509_crq_set_version.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crq_set_version} (gnutls_x509_crq_t @var{crq}, unsigned int @var{version}) diff --git a/doc/functions/gnutls_x509_crq_sign b/doc/functions/gnutls_x509_crq_sign new file mode 100644 index 0000000..75121c0 --- /dev/null +++ b/doc/functions/gnutls_x509_crq_sign @@ -0,0 +1,21 @@ + + + + +@deftypefun {int} {gnutls_x509_crq_sign} (gnutls_x509_crq_t @var{crq}, gnutls_x509_privkey_t @var{key}) +@var{crq}: should contain a @code{gnutls_x509_crq_t} type + +@var{key}: holds a private key + +This function is the same a @code{gnutls_x509_crq_sign2()} with no flags, +and an appropriate hash algorithm. The hash algorithm used may +vary between versions of GnuTLS, and it is tied to the security +level of the issuer's public key. + +A known limitation of this function is, that a newly-signed request will not +be fully functional (e.g., for signature verification), until it +is exported an re-imported. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crq_sign.short b/doc/functions/gnutls_x509_crq_sign.short new file mode 100644 index 0000000..6e3ddcd --- /dev/null +++ b/doc/functions/gnutls_x509_crq_sign.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crq_sign} (gnutls_x509_crq_t @var{crq}, gnutls_x509_privkey_t @var{key}) diff --git a/doc/functions/gnutls_x509_crq_sign2 b/doc/functions/gnutls_x509_crq_sign2 new file mode 100644 index 0000000..ee763ae --- /dev/null +++ b/doc/functions/gnutls_x509_crq_sign2 @@ -0,0 +1,33 @@ + + + + +@deftypefun {int} {gnutls_x509_crq_sign2} (gnutls_x509_crq_t @var{crq}, gnutls_x509_privkey_t @var{key}, gnutls_digest_algorithm_t @var{dig}, unsigned int @var{flags}) +@var{crq}: should contain a @code{gnutls_x509_crq_t} type + +@var{key}: holds a private key + +@var{dig}: The message digest to use, i.e., @code{GNUTLS_DIG_SHA256} + +@var{flags}: must be 0 + +This function will sign the certificate request with a private key. +This must be the same key as the one used in +@code{gnutls_x509_crt_set_key()} since a certificate request is self +signed. + +This must be the last step in a certificate request generation +since all the previously set parameters are now signed. + +A known limitation of this function is, that a newly-signed request will not +be fully functional (e.g., for signature verification), until it +is exported an re-imported. + +After GnuTLS 3.6.1 the value of @code{dig} may be @code{GNUTLS_DIG_UNKNOWN} , +and in that case, a suitable but reasonable for the key algorithm will be selected. + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, otherwise a negative error code. +@code{GNUTLS_E_ASN1_VALUE_NOT_FOUND} is returned if you didn't set all +information in the certificate request (e.g., the version using +@code{gnutls_x509_crq_set_version()} ). +@end deftypefun diff --git a/doc/functions/gnutls_x509_crq_sign2.short b/doc/functions/gnutls_x509_crq_sign2.short new file mode 100644 index 0000000..8e5baca --- /dev/null +++ b/doc/functions/gnutls_x509_crq_sign2.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crq_sign2} (gnutls_x509_crq_t @var{crq}, gnutls_x509_privkey_t @var{key}, gnutls_digest_algorithm_t @var{dig}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_x509_crq_verify b/doc/functions/gnutls_x509_crq_verify new file mode 100644 index 0000000..b20d2d8 --- /dev/null +++ b/doc/functions/gnutls_x509_crq_verify @@ -0,0 +1,17 @@ + + + + +@deftypefun {int} {gnutls_x509_crq_verify} (gnutls_x509_crq_t @var{crq}, unsigned int @var{flags}) +@var{crq}: is the crq to be verified + +@var{flags}: Flags that may be used to change the verification algorithm. Use OR of the gnutls_certificate_verify_flags enumerations. + +This function will verify self signature in the certificate +request and return its status. + +@strong{Returns:} In case of a verification failure @code{GNUTLS_E_PK_SIG_VERIFY_FAILED} +is returned, and zero or positive code on success. + +Since 2.12.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crq_verify.short b/doc/functions/gnutls_x509_crq_verify.short new file mode 100644 index 0000000..7a02190 --- /dev/null +++ b/doc/functions/gnutls_x509_crq_verify.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crq_verify} (gnutls_x509_crq_t @var{crq}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_x509_crt_check_email b/doc/functions/gnutls_x509_crt_check_email new file mode 100644 index 0000000..c5bfd21 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_check_email @@ -0,0 +1,16 @@ + + + + +@deftypefun {unsigned} {gnutls_x509_crt_check_email} (gnutls_x509_crt_t @var{cert}, const char * @var{email}, unsigned int @var{flags}) +@var{cert}: should contain an gnutls_x509_crt_t type + +@var{email}: A null terminated string that contains an email address (RFC822) + +@var{flags}: should be zero + +This function will check if the given certificate's subject matches +the given email address. + +@strong{Returns:} non-zero for a successful match, and zero on failure. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_check_email.short b/doc/functions/gnutls_x509_crt_check_email.short new file mode 100644 index 0000000..c6ccd06 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_check_email.short @@ -0,0 +1 @@ +@item @var{unsigned} @ref{gnutls_x509_crt_check_email} (gnutls_x509_crt_t @var{cert}, const char * @var{email}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_x509_crt_check_hostname b/doc/functions/gnutls_x509_crt_check_hostname new file mode 100644 index 0000000..9e0c9e3 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_check_hostname @@ -0,0 +1,18 @@ + + + + +@deftypefun {unsigned} {gnutls_x509_crt_check_hostname} (gnutls_x509_crt_t @var{cert}, const char * @var{hostname}) +@var{cert}: should contain an gnutls_x509_crt_t type + +@var{hostname}: A null terminated string that contains a DNS name + +This function will check if the given certificate's subject matches +the given hostname. This is a basic implementation of the matching +described in RFC6125, and takes into account wildcards, +and the DNSName/IPAddress subject alternative name PKIX extension. + +For details see also @code{gnutls_x509_crt_check_hostname2()} . + +@strong{Returns:} non-zero for a successful match, and zero on failure. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_check_hostname.short b/doc/functions/gnutls_x509_crt_check_hostname.short new file mode 100644 index 0000000..2d82ef5 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_check_hostname.short @@ -0,0 +1 @@ +@item @var{unsigned} @ref{gnutls_x509_crt_check_hostname} (gnutls_x509_crt_t @var{cert}, const char * @var{hostname}) diff --git a/doc/functions/gnutls_x509_crt_check_hostname2 b/doc/functions/gnutls_x509_crt_check_hostname2 new file mode 100644 index 0000000..ffac35b --- /dev/null +++ b/doc/functions/gnutls_x509_crt_check_hostname2 @@ -0,0 +1,38 @@ + + + + +@deftypefun {unsigned} {gnutls_x509_crt_check_hostname2} (gnutls_x509_crt_t @var{cert}, const char * @var{hostname}, unsigned int @var{flags}) +@var{cert}: should contain an gnutls_x509_crt_t type + +@var{hostname}: A null terminated string that contains a DNS name + +@var{flags}: gnutls_certificate_verify_flags + +This function will check if the given certificate's subject matches +the given hostname. This is a basic implementation of the matching +described in RFC6125, and takes into account wildcards, +and the DNSName/IPAddress subject alternative name PKIX extension. + +IPv4 addresses are accepted by this function in the dotted-decimal +format (e.g, ddd.ddd.ddd.ddd), and IPv6 addresses in the hexadecimal +x:x:x:x:x:x:x:x format. For them the IPAddress subject alternative +name extension is consulted. Previous versions to 3.6.0 of GnuTLS +in case of a non-match would consult (in a non-standard extension) +the DNSname and CN fields. This is no longer the case. + +When the flag @code{GNUTLS_VERIFY_DO_NOT_ALLOW_WILDCARDS} is specified no +wildcards are considered. Otherwise they are only considered if the +domain name consists of three components or more, and the wildcard +starts at the leftmost position. +When the flag @code{GNUTLS_VERIFY_DO_NOT_ALLOW_IP_MATCHES} is specified, +the input will be treated as a DNS name, and matching of textual IP addresses +against the IPAddress part of the alternative name will not be allowed. + +The function @code{gnutls_x509_crt_check_ip()} is available for matching +IP addresses. + +@strong{Returns:} non-zero for a successful match, and zero on failure. + +@strong{Since:} 3.3.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_check_hostname2.short b/doc/functions/gnutls_x509_crt_check_hostname2.short new file mode 100644 index 0000000..bd49e90 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_check_hostname2.short @@ -0,0 +1 @@ +@item @var{unsigned} @ref{gnutls_x509_crt_check_hostname2} (gnutls_x509_crt_t @var{cert}, const char * @var{hostname}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_x509_crt_check_ip b/doc/functions/gnutls_x509_crt_check_ip new file mode 100644 index 0000000..8e17853 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_check_ip @@ -0,0 +1,19 @@ + + + + +@deftypefun {unsigned} {gnutls_x509_crt_check_ip} (gnutls_x509_crt_t @var{cert}, const unsigned char * @var{ip}, unsigned int @var{ip_size}, unsigned int @var{flags}) +@var{cert}: should contain an gnutls_x509_crt_t type + +@var{ip}: A pointer to the raw IP address + +@var{ip_size}: the number of bytes in ip (4 or 16) + +@var{flags}: should be zero + +This function will check if the IP allowed IP addresses in +the certificate's subject alternative name match the provided +IP address. + +@strong{Returns:} non-zero for a successful match, and zero on failure. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_check_ip.short b/doc/functions/gnutls_x509_crt_check_ip.short new file mode 100644 index 0000000..d69a1be --- /dev/null +++ b/doc/functions/gnutls_x509_crt_check_ip.short @@ -0,0 +1 @@ +@item @var{unsigned} @ref{gnutls_x509_crt_check_ip} (gnutls_x509_crt_t @var{cert}, const unsigned char * @var{ip}, unsigned int @var{ip_size}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_x509_crt_check_issuer b/doc/functions/gnutls_x509_crt_check_issuer new file mode 100644 index 0000000..136e8a0 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_check_issuer @@ -0,0 +1,19 @@ + + + + +@deftypefun {unsigned} {gnutls_x509_crt_check_issuer} (gnutls_x509_crt_t @var{cert}, gnutls_x509_crt_t @var{issuer}) +@var{cert}: is the certificate to be checked + +@var{issuer}: is the certificate of a possible issuer + +This function will check if the given certificate was issued by the +given issuer. It checks the DN fields and the authority +key identifier and subject key identifier fields match. + +If the same certificate is provided at the @code{cert} and @code{issuer} fields, +it will check whether the certificate is self-signed. + +@strong{Returns:} It will return true (1) if the given certificate is issued +by the given issuer, and false (0) if not. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_check_issuer.short b/doc/functions/gnutls_x509_crt_check_issuer.short new file mode 100644 index 0000000..bb37e44 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_check_issuer.short @@ -0,0 +1 @@ +@item @var{unsigned} @ref{gnutls_x509_crt_check_issuer} (gnutls_x509_crt_t @var{cert}, gnutls_x509_crt_t @var{issuer}) diff --git a/doc/functions/gnutls_x509_crt_check_key_purpose b/doc/functions/gnutls_x509_crt_check_key_purpose new file mode 100644 index 0000000..e8e6a4d --- /dev/null +++ b/doc/functions/gnutls_x509_crt_check_key_purpose @@ -0,0 +1,19 @@ + + + + +@deftypefun {unsigned} {gnutls_x509_crt_check_key_purpose} (gnutls_x509_crt_t @var{cert}, const char * @var{purpose}, unsigned @var{flags}) +@var{cert}: should contain a @code{gnutls_x509_crt_t} type + +@var{purpose}: a key purpose OID (e.g., @code{GNUTLS_KP_CODE_SIGNING} ) + +@var{flags}: zero or @code{GNUTLS_KP_FLAG_DISALLOW_ANY} + +This function will check whether the given certificate matches +the provided key purpose. If @code{flags} contains @code{GNUTLS_KP_FLAG_ALLOW_ANY} then +it a certificate marked for any purpose will not match. + +@strong{Returns:} zero if the key purpose doesn't match, and non-zero otherwise. + +@strong{Since:} 3.5.6 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_check_key_purpose.short b/doc/functions/gnutls_x509_crt_check_key_purpose.short new file mode 100644 index 0000000..b2a7815 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_check_key_purpose.short @@ -0,0 +1 @@ +@item @var{unsigned} @ref{gnutls_x509_crt_check_key_purpose} (gnutls_x509_crt_t @var{cert}, const char * @var{purpose}, unsigned @var{flags}) diff --git a/doc/functions/gnutls_x509_crt_check_revocation b/doc/functions/gnutls_x509_crt_check_revocation new file mode 100644 index 0000000..7182122 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_check_revocation @@ -0,0 +1,17 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_check_revocation} (gnutls_x509_crt_t @var{cert}, const gnutls_x509_crl_t * @var{crl_list}, unsigned @var{crl_list_length}) +@var{cert}: should contain a @code{gnutls_x509_crt_t} type + +@var{crl_list}: should contain a list of gnutls_x509_crl_t types + +@var{crl_list_length}: the length of the crl_list + +This function will check if the given certificate is +revoked. It is assumed that the CRLs have been verified before. + +@strong{Returns:} 0 if the certificate is NOT revoked, and 1 if it is. A +negative error code is returned on error. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_check_revocation.short b/doc/functions/gnutls_x509_crt_check_revocation.short new file mode 100644 index 0000000..c926653 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_check_revocation.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_check_revocation} (gnutls_x509_crt_t @var{cert}, const gnutls_x509_crl_t * @var{crl_list}, unsigned @var{crl_list_length}) diff --git a/doc/functions/gnutls_x509_crt_cpy_crl_dist_points b/doc/functions/gnutls_x509_crt_cpy_crl_dist_points new file mode 100644 index 0000000..2c46743 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_cpy_crl_dist_points @@ -0,0 +1,16 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_cpy_crl_dist_points} (gnutls_x509_crt_t @var{dst}, gnutls_x509_crt_t @var{src}) +@var{dst}: a certificate of type @code{gnutls_x509_crt_t} + +@var{src}: the certificate where the dist points will be copied from + +This function will copy the CRL distribution points certificate +extension, from the source to the destination certificate. +This may be useful to copy from a CA certificate to issued ones. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_cpy_crl_dist_points.short b/doc/functions/gnutls_x509_crt_cpy_crl_dist_points.short new file mode 100644 index 0000000..85b2cc1 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_cpy_crl_dist_points.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_cpy_crl_dist_points} (gnutls_x509_crt_t @var{dst}, gnutls_x509_crt_t @var{src}) diff --git a/doc/functions/gnutls_x509_crt_deinit b/doc/functions/gnutls_x509_crt_deinit new file mode 100644 index 0000000..bdbdb21 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_deinit @@ -0,0 +1,9 @@ + + + + +@deftypefun {void} {gnutls_x509_crt_deinit} (gnutls_x509_crt_t @var{cert}) +@var{cert}: The data to be deinitialized + +This function will deinitialize a certificate structure. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_deinit.short b/doc/functions/gnutls_x509_crt_deinit.short new file mode 100644 index 0000000..6ea7a02 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_deinit.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_x509_crt_deinit} (gnutls_x509_crt_t @var{cert}) diff --git a/doc/functions/gnutls_x509_crt_equals b/doc/functions/gnutls_x509_crt_equals new file mode 100644 index 0000000..e925823 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_equals @@ -0,0 +1,15 @@ + + + + +@deftypefun {unsigned} {gnutls_x509_crt_equals} (gnutls_x509_crt_t @var{cert1}, gnutls_x509_crt_t @var{cert2}) +@var{cert1}: The first certificate + +@var{cert2}: The second certificate + +This function will compare two X.509 certificate structures. + +@strong{Returns:} On equality non-zero is returned, otherwise zero. + +@strong{Since:} 3.5.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_equals.short b/doc/functions/gnutls_x509_crt_equals.short new file mode 100644 index 0000000..f94c840 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_equals.short @@ -0,0 +1 @@ +@item @var{unsigned} @ref{gnutls_x509_crt_equals} (gnutls_x509_crt_t @var{cert1}, gnutls_x509_crt_t @var{cert2}) diff --git a/doc/functions/gnutls_x509_crt_equals2 b/doc/functions/gnutls_x509_crt_equals2 new file mode 100644 index 0000000..71a494d --- /dev/null +++ b/doc/functions/gnutls_x509_crt_equals2 @@ -0,0 +1,16 @@ + + + + +@deftypefun {unsigned} {gnutls_x509_crt_equals2} (gnutls_x509_crt_t @var{cert1}, const gnutls_datum_t * @var{der}) +@var{cert1}: The first certificate + +@var{der}: A DER encoded certificate + +This function will compare an X.509 certificate structures, with DER +encoded certificate data. + +@strong{Returns:} On equality non-zero is returned, otherwise zero. + +@strong{Since:} 3.5.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_equals2.short b/doc/functions/gnutls_x509_crt_equals2.short new file mode 100644 index 0000000..46affaf --- /dev/null +++ b/doc/functions/gnutls_x509_crt_equals2.short @@ -0,0 +1 @@ +@item @var{unsigned} @ref{gnutls_x509_crt_equals2} (gnutls_x509_crt_t @var{cert1}, const gnutls_datum_t * @var{der}) diff --git a/doc/functions/gnutls_x509_crt_export b/doc/functions/gnutls_x509_crt_export new file mode 100644 index 0000000..1ad7d45 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_export @@ -0,0 +1,26 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_export} (gnutls_x509_crt_t @var{cert}, gnutls_x509_crt_fmt_t @var{format}, void * @var{output_data}, size_t * @var{output_data_size}) +@var{cert}: Holds the certificate + +@var{format}: the format of output params. One of PEM or DER. + +@var{output_data}: will contain a certificate PEM or DER encoded + +@var{output_data_size}: holds the size of output_data (and will be +replaced by the actual size of parameters) + +This function will export the certificate to DER or PEM format. + +If the buffer provided is not long enough to hold the output, then +*output_data_size is updated and GNUTLS_E_SHORT_MEMORY_BUFFER will +be returned. + +If the structure is PEM encoded, it will have a header +of "BEGIN CERTIFICATE". + +@strong{Returns:} In case of failure a negative error code will be +returned, and 0 on success. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_export.short b/doc/functions/gnutls_x509_crt_export.short new file mode 100644 index 0000000..46a5502 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_export.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_export} (gnutls_x509_crt_t @var{cert}, gnutls_x509_crt_fmt_t @var{format}, void * @var{output_data}, size_t * @var{output_data_size}) diff --git a/doc/functions/gnutls_x509_crt_export2 b/doc/functions/gnutls_x509_crt_export2 new file mode 100644 index 0000000..1aef7a2 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_export2 @@ -0,0 +1,22 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_export2} (gnutls_x509_crt_t @var{cert}, gnutls_x509_crt_fmt_t @var{format}, gnutls_datum_t * @var{out}) +@var{cert}: Holds the certificate + +@var{format}: the format of output params. One of PEM or DER. + +@var{out}: will contain a certificate PEM or DER encoded + +This function will export the certificate to DER or PEM format. +The output buffer is allocated using @code{gnutls_malloc()} . + +If the structure is PEM encoded, it will have a header +of "BEGIN CERTIFICATE". + +@strong{Returns:} In case of failure a negative error code will be +returned, and 0 on success. + +@strong{Since:} 3.1.3 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_export2.short b/doc/functions/gnutls_x509_crt_export2.short new file mode 100644 index 0000000..8fff54c --- /dev/null +++ b/doc/functions/gnutls_x509_crt_export2.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_export2} (gnutls_x509_crt_t @var{cert}, gnutls_x509_crt_fmt_t @var{format}, gnutls_datum_t * @var{out}) diff --git a/doc/functions/gnutls_x509_crt_get_activation_time b/doc/functions/gnutls_x509_crt_get_activation_time new file mode 100644 index 0000000..abc1840 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_activation_time @@ -0,0 +1,12 @@ + + + + +@deftypefun {time_t} {gnutls_x509_crt_get_activation_time} (gnutls_x509_crt_t @var{cert}) +@var{cert}: should contain a @code{gnutls_x509_crt_t} type + +This function will return the time this Certificate was or will be +activated. + +@strong{Returns:} activation time, or (time_t)-1 on error. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_get_activation_time.short b/doc/functions/gnutls_x509_crt_get_activation_time.short new file mode 100644 index 0000000..fdb97d1 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_activation_time.short @@ -0,0 +1 @@ +@item @var{time_t} @ref{gnutls_x509_crt_get_activation_time} (gnutls_x509_crt_t @var{cert}) diff --git a/doc/functions/gnutls_x509_crt_get_authority_info_access b/doc/functions/gnutls_x509_crt_get_authority_info_access new file mode 100644 index 0000000..9fe6d90 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_authority_info_access @@ -0,0 +1,73 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_get_authority_info_access} (gnutls_x509_crt_t @var{crt}, unsigned int @var{seq}, int @var{what}, gnutls_datum_t * @var{data}, unsigned int * @var{critical}) +@var{crt}: Holds the certificate + +@var{seq}: specifies the sequence number of the access descriptor (0 for the first one, 1 for the second etc.) + +@var{what}: what data to get, a @code{gnutls_info_access_what_t} type. + +@var{data}: output data to be freed with @code{gnutls_free()} . + +@var{critical}: pointer to output integer that is set to non-zero if the extension is marked as critical (may be @code{NULL} ) + +Note that a simpler API to access the authority info data is provided +by @code{gnutls_x509_aia_get()} and @code{gnutls_x509_ext_import_aia()} . + +This function extracts the Authority Information Access (AIA) +extension, see RFC 5280 section 4.2.2.1 for more information. The +AIA extension holds a sequence of AccessDescription (AD) data. + +The @code{seq} input parameter is used to indicate which member of the +sequence the caller is interested in. The first member is 0, the +second member 1 and so on. When the @code{seq} value is out of bounds, +@code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} is returned. + +The type of data returned in @code{data} is specified via @code{what} which +should be @code{gnutls_info_access_what_t} values. + +If @code{what} is @code{GNUTLS_IA_ACCESSMETHOD_OID} then @code{data} will hold the +accessMethod OID (e.g., "1.3.6.1.5.5.7.48.1"). + +If @code{what} is @code{GNUTLS_IA_ACCESSLOCATION_GENERALNAME_TYPE} , @code{data} will +hold the accessLocation GeneralName type (e.g., +"uniformResourceIdentifier"). + +If @code{what} is @code{GNUTLS_IA_URI} , @code{data} will hold the accessLocation URI +data. Requesting this @code{what} value leads to an error if the +accessLocation is not of the "uniformResourceIdentifier" type. + +If @code{what} is @code{GNUTLS_IA_OCSP_URI} , @code{data} will hold the OCSP URI. +Requesting this @code{what} value leads to an error if the accessMethod +is not 1.3.6.1.5.5.7.48.1 aka OCSP, or if accessLocation is not of +the "uniformResourceIdentifier" type. In that case @code{GNUTLS_E_UNKNOWN_ALGORITHM} +will be returned, and @code{seq} should be increased and this function +called again. + +If @code{what} is @code{GNUTLS_IA_CAISSUERS_URI} , @code{data} will hold the caIssuers +URI. Requesting this @code{what} value leads to an error if the +accessMethod is not 1.3.6.1.5.5.7.48.2 aka caIssuers, or if +accessLocation is not of the "uniformResourceIdentifier" type. +In that case handle as in @code{GNUTLS_IA_OCSP_URI} . + +More @code{what} values may be allocated in the future as needed. + +If @code{data} is NULL, the function does the same without storing the +output data, that is, it will set @code{critical} and do error checking +as usual. + +The value of the critical flag is returned in * @code{critical} . Supply a +NULL @code{critical} if you want the function to make sure the extension +is non-critical, as required by RFC 5280. + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, @code{GNUTLS_E_INVALID_REQUEST} on +invalid @code{crt} , @code{GNUTLS_E_CONSTRAINT_ERROR} if the extension is +incorrectly marked as critical (use a non-NULL @code{critical} to +override), @code{GNUTLS_E_UNKNOWN_ALGORITHM} if the requested OID does +not match (e.g., when using @code{GNUTLS_IA_OCSP_URI} ), otherwise a +negative error code. + +@strong{Since:} 3.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_get_authority_info_access.short b/doc/functions/gnutls_x509_crt_get_authority_info_access.short new file mode 100644 index 0000000..1e0a9fa --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_authority_info_access.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_get_authority_info_access} (gnutls_x509_crt_t @var{crt}, unsigned int @var{seq}, int @var{what}, gnutls_datum_t * @var{data}, unsigned int * @var{critical}) diff --git a/doc/functions/gnutls_x509_crt_get_authority_key_gn_serial b/doc/functions/gnutls_x509_crt_get_authority_key_gn_serial new file mode 100644 index 0000000..d4becfd --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_authority_key_gn_serial @@ -0,0 +1,34 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_get_authority_key_gn_serial} (gnutls_x509_crt_t @var{cert}, unsigned int @var{seq}, void * @var{alt}, size_t * @var{alt_size}, unsigned int * @var{alt_type}, void * @var{serial}, size_t * @var{serial_size}, unsigned int * @var{critical}) +@var{cert}: should contain a @code{gnutls_x509_crt_t} type + +@var{seq}: specifies the sequence number of the alt name (0 for the first one, 1 for the second etc.) + +@var{alt}: is the place where the alternative name will be copied to + +@var{alt_size}: holds the size of alt. + +@var{alt_type}: holds the type of the alternative name (one of gnutls_x509_subject_alt_name_t). + +@var{serial}: buffer to store the serial number (may be null) + +@var{serial_size}: Holds the size of the serial field (may be null) + +@var{critical}: will be non-zero if the extension is marked as critical (may be null) + +This function will return the X.509 authority key +identifier when stored as a general name (authorityCertIssuer) +and serial number. + +Because more than one general names might be stored + @code{seq} can be used as a counter to request them all until +@code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} is returned. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} +if the extension is not present, otherwise a negative error value. + +@strong{Since:} 3.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_get_authority_key_gn_serial.short b/doc/functions/gnutls_x509_crt_get_authority_key_gn_serial.short new file mode 100644 index 0000000..2ba5f04 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_authority_key_gn_serial.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_get_authority_key_gn_serial} (gnutls_x509_crt_t @var{cert}, unsigned int @var{seq}, void * @var{alt}, size_t * @var{alt_size}, unsigned int * @var{alt_type}, void * @var{serial}, size_t * @var{serial_size}, unsigned int * @var{critical}) diff --git a/doc/functions/gnutls_x509_crt_get_authority_key_id b/doc/functions/gnutls_x509_crt_get_authority_key_id new file mode 100644 index 0000000..0fff034 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_authority_key_id @@ -0,0 +1,24 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_get_authority_key_id} (gnutls_x509_crt_t @var{cert}, void * @var{id}, size_t * @var{id_size}, unsigned int * @var{critical}) +@var{cert}: should contain a @code{gnutls_x509_crt_t} type + +@var{id}: The place where the identifier will be copied + +@var{id_size}: Holds the size of the id field. + +@var{critical}: will be non-zero if the extension is marked as critical (may be null) + +This function will return the X.509v3 certificate authority's key +identifier. This is obtained by the X.509 Authority Key +identifier extension field (2.5.29.35). Note that this function +only returns the keyIdentifier field of the extension and +@code{GNUTLS_E_X509_UNSUPPORTED_EXTENSION} , if the extension contains +the name and serial number of the certificate. In that case +@code{gnutls_x509_crt_get_authority_key_gn_serial()} may be used. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} +if the extension is not present, otherwise a negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_get_authority_key_id.short b/doc/functions/gnutls_x509_crt_get_authority_key_id.short new file mode 100644 index 0000000..ea86f96 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_authority_key_id.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_get_authority_key_id} (gnutls_x509_crt_t @var{cert}, void * @var{id}, size_t * @var{id_size}, unsigned int * @var{critical}) diff --git a/doc/functions/gnutls_x509_crt_get_basic_constraints b/doc/functions/gnutls_x509_crt_get_basic_constraints new file mode 100644 index 0000000..fdaa19d --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_basic_constraints @@ -0,0 +1,26 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_get_basic_constraints} (gnutls_x509_crt_t @var{cert}, unsigned int * @var{critical}, unsigned int * @var{ca}, int * @var{pathlen}) +@var{cert}: should contain a @code{gnutls_x509_crt_t} type + +@var{critical}: will be non-zero if the extension is marked as critical + +@var{ca}: pointer to output integer indicating CA status, may be NULL, +value is 1 if the certificate CA flag is set, 0 otherwise. + +@var{pathlen}: pointer to output integer indicating path length (may be +NULL), non-negative error codes indicate a present pathLenConstraint +field and the actual value, -1 indicate that the field is absent. + +This function will read the certificate's basic constraints, and +return the certificates CA status. It reads the basicConstraints +X.509 extension (2.5.29.19). + +@strong{Returns:} If the certificate is a CA a positive value will be +returned, or (0) if the certificate does not have CA flag set. A +negative error code may be returned in case of errors. If the +certificate does not contain the basicConstraints extension +GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE will be returned. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_get_basic_constraints.short b/doc/functions/gnutls_x509_crt_get_basic_constraints.short new file mode 100644 index 0000000..64afc5d --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_basic_constraints.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_get_basic_constraints} (gnutls_x509_crt_t @var{cert}, unsigned int * @var{critical}, unsigned int * @var{ca}, int * @var{pathlen}) diff --git a/doc/functions/gnutls_x509_crt_get_ca_status b/doc/functions/gnutls_x509_crt_get_ca_status new file mode 100644 index 0000000..a1a72a0 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_ca_status @@ -0,0 +1,23 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_get_ca_status} (gnutls_x509_crt_t @var{cert}, unsigned int * @var{critical}) +@var{cert}: should contain a @code{gnutls_x509_crt_t} type + +@var{critical}: will be non-zero if the extension is marked as critical + +This function will return certificates CA status, by reading the +basicConstraints X.509 extension (2.5.29.19). If the certificate is +a CA a positive value will be returned, or (0) if the certificate +does not have CA flag set. + +Use @code{gnutls_x509_crt_get_basic_constraints()} if you want to read the +pathLenConstraint field too. + +@strong{Returns:} If the certificate is a CA a positive value will be +returned, or (0) if the certificate does not have CA flag set. A +negative error code may be returned in case of errors. If the +certificate does not contain the basicConstraints extension +GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE will be returned. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_get_ca_status.short b/doc/functions/gnutls_x509_crt_get_ca_status.short new file mode 100644 index 0000000..651caf2 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_ca_status.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_get_ca_status} (gnutls_x509_crt_t @var{cert}, unsigned int * @var{critical}) diff --git a/doc/functions/gnutls_x509_crt_get_crl_dist_points b/doc/functions/gnutls_x509_crt_get_crl_dist_points new file mode 100644 index 0000000..bb7a59b --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_crl_dist_points @@ -0,0 +1,29 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_get_crl_dist_points} (gnutls_x509_crt_t @var{cert}, unsigned int @var{seq}, void * @var{san}, size_t * @var{san_size}, unsigned int * @var{reason_flags}, unsigned int * @var{critical}) +@var{cert}: should contain a @code{gnutls_x509_crt_t} type + +@var{seq}: specifies the sequence number of the distribution point (0 for the first one, 1 for the second etc.) + +@var{san}: is the place where the distribution point will be copied to + +@var{san_size}: holds the size of ret. + +@var{reason_flags}: Revocation reasons. An ORed sequence of flags from @code{gnutls_x509_crl_reason_flags_t} . + +@var{critical}: will be non-zero if the extension is marked as critical (may be null) + +This function retrieves the CRL distribution points (2.5.29.31), +contained in the given certificate in the X509v3 Certificate +Extensions. + +@strong{Returns:} @code{GNUTLS_E_SHORT_MEMORY_BUFFER} and updates @code{ret_size} if + @code{ret_size} is not enough to hold the distribution point, or the +type of the distribution point if everything was ok. The type is +one of the enumerated @code{gnutls_x509_subject_alt_name_t} . If the +certificate does not have an Alternative name with the specified +sequence number then @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} is +returned. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_get_crl_dist_points.short b/doc/functions/gnutls_x509_crt_get_crl_dist_points.short new file mode 100644 index 0000000..ba44da0 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_crl_dist_points.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_get_crl_dist_points} (gnutls_x509_crt_t @var{cert}, unsigned int @var{seq}, void * @var{san}, size_t * @var{san_size}, unsigned int * @var{reason_flags}, unsigned int * @var{critical}) diff --git a/doc/functions/gnutls_x509_crt_get_dn b/doc/functions/gnutls_x509_crt_get_dn new file mode 100644 index 0000000..64a7318 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_dn @@ -0,0 +1,26 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_get_dn} (gnutls_x509_crt_t @var{cert}, char * @var{buf}, size_t * @var{buf_size}) +@var{cert}: should contain a @code{gnutls_x509_crt_t} type + +@var{buf}: a pointer to a structure to hold the name (may be null) + +@var{buf_size}: initially holds the size of @code{buf} + +This function will copy the name of the Certificate in the provided +buffer. The name will be in the form "C=xxxx,O=yyyy,CN=zzzz" as +described in RFC4514. The output string will be ASCII or UTF-8 +encoded, depending on the certificate data. + +If @code{buf} is null then only the size will be filled. + +This function does not output a fully RFC4514 compliant string, if +that is required see @code{gnutls_x509_crt_get_dn3()} . + +@strong{Returns:} @code{GNUTLS_E_SHORT_MEMORY_BUFFER} if the provided buffer is not +long enough, and in that case the @code{buf_size} will be updated +with the required size. @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} if +the DN does not exist, or another error value on error. On success 0 is returned. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_get_dn.short b/doc/functions/gnutls_x509_crt_get_dn.short new file mode 100644 index 0000000..31e5a7a --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_dn.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_get_dn} (gnutls_x509_crt_t @var{cert}, char * @var{buf}, size_t * @var{buf_size}) diff --git a/doc/functions/gnutls_x509_crt_get_dn2 b/doc/functions/gnutls_x509_crt_get_dn2 new file mode 100644 index 0000000..dec55f6 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_dn2 @@ -0,0 +1,22 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_get_dn2} (gnutls_x509_crt_t @var{cert}, gnutls_datum_t * @var{dn}) +@var{cert}: should contain a @code{gnutls_x509_crt_t} type + +@var{dn}: a pointer to a structure to hold the name + +This function will allocate buffer and copy the name of the Certificate. +The name will be in the form "C=xxxx,O=yyyy,CN=zzzz" as +described in RFC4514. The output string will be ASCII or UTF-8 +encoded, depending on the certificate data. + +This function does not output a fully RFC4514 compliant string, if +that is required see @code{gnutls_x509_crt_get_dn3()} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.1.10 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_get_dn2.short b/doc/functions/gnutls_x509_crt_get_dn2.short new file mode 100644 index 0000000..dc3f420 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_dn2.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_get_dn2} (gnutls_x509_crt_t @var{cert}, gnutls_datum_t * @var{dn}) diff --git a/doc/functions/gnutls_x509_crt_get_dn3 b/doc/functions/gnutls_x509_crt_get_dn3 new file mode 100644 index 0000000..02850f1 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_dn3 @@ -0,0 +1,25 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_get_dn3} (gnutls_x509_crt_t @var{cert}, gnutls_datum_t * @var{dn}, unsigned @var{flags}) +@var{cert}: should contain a @code{gnutls_x509_crt_t} type + +@var{dn}: a pointer to a structure to hold the name + +@var{flags}: zero or @code{GNUTLS_X509_DN_FLAG_COMPAT} + +This function will allocate buffer and copy the name of the Certificate. +The name will be in the form "C=xxxx,O=yyyy,CN=zzzz" as +described in RFC4514. The output string will be ASCII or UTF-8 +encoded, depending on the certificate data. + +When the flag @code{GNUTLS_X509_DN_FLAG_COMPAT} is specified, the output +format will match the format output by previous to 3.5.6 versions of GnuTLS +which was not not fully RFC4514-compliant. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.5.7 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_get_dn3.short b/doc/functions/gnutls_x509_crt_get_dn3.short new file mode 100644 index 0000000..e666074 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_dn3.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_get_dn3} (gnutls_x509_crt_t @var{cert}, gnutls_datum_t * @var{dn}, unsigned @var{flags}) diff --git a/doc/functions/gnutls_x509_crt_get_dn_by_oid b/doc/functions/gnutls_x509_crt_get_dn_by_oid new file mode 100644 index 0000000..a56e63f --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_dn_by_oid @@ -0,0 +1,36 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_get_dn_by_oid} (gnutls_x509_crt_t @var{cert}, const char * @var{oid}, unsigned @var{indx}, unsigned int @var{raw_flag}, void * @var{buf}, size_t * @var{buf_size}) +@var{cert}: should contain a @code{gnutls_x509_crt_t} type + +@var{oid}: holds an Object Identified in null terminated string + +@var{indx}: In case multiple same OIDs exist in the RDN, this specifies which to send. Use (0) to get the first one. + +@var{raw_flag}: If non-zero returns the raw DER data of the DN part. + +@var{buf}: a pointer where the DN part will be copied (may be null). + +@var{buf_size}: initially holds the size of @code{buf} + +This function will extract the part of the name of the Certificate +subject specified by the given OID. The output, if the raw flag is +not used, will be encoded as described in RFC4514. Thus a string +that is ASCII or UTF-8 encoded, depending on the certificate data. + +Some helper macros with popular OIDs can be found in gnutls/x509.h +If raw flag is (0), this function will only return known OIDs as +text. Other OIDs will be DER encoded, as described in RFC4514 -- +in hex format with a '#' prefix. You can check about known OIDs +using @code{gnutls_x509_dn_oid_known()} . + +If @code{buf} is null then only the size will be filled. If the @code{raw_flag} is not specified the output is always null terminated, although the + @code{buf_size} will not include the null character. + +@strong{Returns:} @code{GNUTLS_E_SHORT_MEMORY_BUFFER} if the provided buffer is not +long enough, and in that case the @code{buf_size} will be updated with +the required size. @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} if there +are no data in the current index. On success 0 is returned. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_get_dn_by_oid.short b/doc/functions/gnutls_x509_crt_get_dn_by_oid.short new file mode 100644 index 0000000..28b2a20 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_dn_by_oid.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_get_dn_by_oid} (gnutls_x509_crt_t @var{cert}, const char * @var{oid}, unsigned @var{indx}, unsigned int @var{raw_flag}, void * @var{buf}, size_t * @var{buf_size}) diff --git a/doc/functions/gnutls_x509_crt_get_dn_oid b/doc/functions/gnutls_x509_crt_get_dn_oid new file mode 100644 index 0000000..f0d0161 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_dn_oid @@ -0,0 +1,24 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_get_dn_oid} (gnutls_x509_crt_t @var{cert}, unsigned @var{indx}, void * @var{oid}, size_t * @var{oid_size}) +@var{cert}: should contain a @code{gnutls_x509_crt_t} type + +@var{indx}: This specifies which OID to return. Use (0) to get the first one. + +@var{oid}: a pointer to a buffer to hold the OID (may be null) + +@var{oid_size}: initially holds the size of @code{oid} + +This function will extract the OIDs of the name of the Certificate +subject specified by the given index. + +If @code{oid} is null then only the size will be filled. The @code{oid} returned will be null terminated, although @code{oid_size} will not +account for the trailing null. + +@strong{Returns:} @code{GNUTLS_E_SHORT_MEMORY_BUFFER} if the provided buffer is not +long enough, and in that case the @code{buf_size} will be updated with +the required size. @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} if there +are no data in the current index. On success 0 is returned. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_get_dn_oid.short b/doc/functions/gnutls_x509_crt_get_dn_oid.short new file mode 100644 index 0000000..2d9aa05 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_dn_oid.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_get_dn_oid} (gnutls_x509_crt_t @var{cert}, unsigned @var{indx}, void * @var{oid}, size_t * @var{oid_size}) diff --git a/doc/functions/gnutls_x509_crt_get_expiration_time b/doc/functions/gnutls_x509_crt_get_expiration_time new file mode 100644 index 0000000..3a64c9b --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_expiration_time @@ -0,0 +1,12 @@ + + + + +@deftypefun {time_t} {gnutls_x509_crt_get_expiration_time} (gnutls_x509_crt_t @var{cert}) +@var{cert}: should contain a @code{gnutls_x509_crt_t} type + +This function will return the time this certificate was or will be +expired. + +@strong{Returns:} expiration time, or (time_t)-1 on error. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_get_expiration_time.short b/doc/functions/gnutls_x509_crt_get_expiration_time.short new file mode 100644 index 0000000..fcf1763 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_expiration_time.short @@ -0,0 +1 @@ +@item @var{time_t} @ref{gnutls_x509_crt_get_expiration_time} (gnutls_x509_crt_t @var{cert}) diff --git a/doc/functions/gnutls_x509_crt_get_extension_by_oid b/doc/functions/gnutls_x509_crt_get_extension_by_oid new file mode 100644 index 0000000..6b3cbe5 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_extension_by_oid @@ -0,0 +1,26 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_get_extension_by_oid} (gnutls_x509_crt_t @var{cert}, const char * @var{oid}, unsigned @var{indx}, void * @var{buf}, size_t * @var{buf_size}, unsigned int * @var{critical}) +@var{cert}: should contain a @code{gnutls_x509_crt_t} type + +@var{oid}: holds an Object Identified in null terminated string + +@var{indx}: In case multiple same OIDs exist in the extensions, this specifies which to send. Use (0) to get the first one. + +@var{buf}: a pointer to a structure to hold the name (may be null) + +@var{buf_size}: initially holds the size of @code{buf} + +@var{critical}: will be non-zero if the extension is marked as critical + +This function will return the extension specified by the OID in the +certificate. The extensions will be returned as binary data DER +encoded, in the provided buffer. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, +otherwise a negative error code is returned. If the certificate does not +contain the specified extension +GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE will be returned. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_get_extension_by_oid.short b/doc/functions/gnutls_x509_crt_get_extension_by_oid.short new file mode 100644 index 0000000..9d676aa --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_extension_by_oid.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_get_extension_by_oid} (gnutls_x509_crt_t @var{cert}, const char * @var{oid}, unsigned @var{indx}, void * @var{buf}, size_t * @var{buf_size}, unsigned int * @var{critical}) diff --git a/doc/functions/gnutls_x509_crt_get_extension_by_oid2 b/doc/functions/gnutls_x509_crt_get_extension_by_oid2 new file mode 100644 index 0000000..9bb7724 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_extension_by_oid2 @@ -0,0 +1,26 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_get_extension_by_oid2} (gnutls_x509_crt_t @var{cert}, const char * @var{oid}, unsigned @var{indx}, gnutls_datum_t * @var{output}, unsigned int * @var{critical}) +@var{cert}: should contain a @code{gnutls_x509_crt_t} type + +@var{oid}: holds an Object Identified in null terminated string + +@var{indx}: In case multiple same OIDs exist in the extensions, this specifies which to send. Use (0) to get the first one. + +@var{output}: will hold the allocated extension data + +@var{critical}: will be non-zero if the extension is marked as critical + +This function will return the extension specified by the OID in the +certificate. The extensions will be returned as binary data DER +encoded, in the provided buffer. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, +otherwise a negative error code is returned. If the certificate does not +contain the specified extension +GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE will be returned. + +@strong{Since:} 3.3.8 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_get_extension_by_oid2.short b/doc/functions/gnutls_x509_crt_get_extension_by_oid2.short new file mode 100644 index 0000000..0196642 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_extension_by_oid2.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_get_extension_by_oid2} (gnutls_x509_crt_t @var{cert}, const char * @var{oid}, unsigned @var{indx}, gnutls_datum_t * @var{output}, unsigned int * @var{critical}) diff --git a/doc/functions/gnutls_x509_crt_get_extension_data b/doc/functions/gnutls_x509_crt_get_extension_data new file mode 100644 index 0000000..619974a --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_extension_data @@ -0,0 +1,27 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_get_extension_data} (gnutls_x509_crt_t @var{cert}, unsigned @var{indx}, void * @var{data}, size_t * @var{sizeof_data}) +@var{cert}: should contain a @code{gnutls_x509_crt_t} type + +@var{indx}: Specifies which extension OID to send. Use (0) to get the first one. + +@var{data}: a pointer to a structure to hold the data (may be null) + +@var{sizeof_data}: initially holds the size of @code{data} + +This function will return the requested extension data in the +certificate. The extension data will be stored in the +provided buffer. + +Use @code{gnutls_x509_crt_get_extension_info()} to extract the OID and +critical flag. Use @code{gnutls_x509_crt_get_extension_by_oid()} instead, +if you want to get data indexed by the extension OID rather than +sequence. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, +otherwise a negative error code is returned. If you have reached the +last extension available @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} +will be returned. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_get_extension_data.short b/doc/functions/gnutls_x509_crt_get_extension_data.short new file mode 100644 index 0000000..beab493 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_extension_data.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_get_extension_data} (gnutls_x509_crt_t @var{cert}, unsigned @var{indx}, void * @var{data}, size_t * @var{sizeof_data}) diff --git a/doc/functions/gnutls_x509_crt_get_extension_data2 b/doc/functions/gnutls_x509_crt_get_extension_data2 new file mode 100644 index 0000000..2fe0e20 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_extension_data2 @@ -0,0 +1,22 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_get_extension_data2} (gnutls_x509_crt_t @var{cert}, unsigned @var{indx}, gnutls_datum_t * @var{data}) +@var{cert}: should contain a @code{gnutls_x509_crt_t} type + +@var{indx}: Specifies which extension OID to read. Use (0) to get the first one. + +@var{data}: will contain the extension DER-encoded data + +This function will return the requested by the index extension data in the +certificate. The extension data will be allocated using +@code{gnutls_malloc()} . + +Use @code{gnutls_x509_crt_get_extension_info()} to extract the OID. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, +otherwise a negative error code is returned. If you have reached the +last extension available @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} +will be returned. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_get_extension_data2.short b/doc/functions/gnutls_x509_crt_get_extension_data2.short new file mode 100644 index 0000000..e9b8239 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_extension_data2.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_get_extension_data2} (gnutls_x509_crt_t @var{cert}, unsigned @var{indx}, gnutls_datum_t * @var{data}) diff --git a/doc/functions/gnutls_x509_crt_get_extension_info b/doc/functions/gnutls_x509_crt_get_extension_info new file mode 100644 index 0000000..1457889 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_extension_info @@ -0,0 +1,32 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_get_extension_info} (gnutls_x509_crt_t @var{cert}, unsigned @var{indx}, void * @var{oid}, size_t * @var{oid_size}, unsigned int * @var{critical}) +@var{cert}: should contain a @code{gnutls_x509_crt_t} type + +@var{indx}: Specifies which extension OID to send. Use (0) to get the first one. + +@var{oid}: a pointer to a structure to hold the OID + +@var{oid_size}: initially holds the maximum size of @code{oid} , on return +holds actual size of @code{oid} . + +@var{critical}: output variable with critical flag, may be NULL. + +This function will return the requested extension OID in the +certificate, and the critical flag for it. The extension OID will +be stored as a string in the provided buffer. Use +@code{gnutls_x509_crt_get_extension()} to extract the data. + +If the buffer provided is not long enough to hold the output, then + @code{oid_size} is updated and @code{GNUTLS_E_SHORT_MEMORY_BUFFER} will be +returned. The @code{oid} returned will be null terminated, although + @code{oid_size} will not account for the trailing null (the latter is not +true for GnuTLS prior to 3.6.0). + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, +otherwise a negative error code is returned. If you have reached the +last extension available @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} +will be returned. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_get_extension_info.short b/doc/functions/gnutls_x509_crt_get_extension_info.short new file mode 100644 index 0000000..969e592 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_extension_info.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_get_extension_info} (gnutls_x509_crt_t @var{cert}, unsigned @var{indx}, void * @var{oid}, size_t * @var{oid_size}, unsigned int * @var{critical}) diff --git a/doc/functions/gnutls_x509_crt_get_extension_oid b/doc/functions/gnutls_x509_crt_get_extension_oid new file mode 100644 index 0000000..2391208 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_extension_oid @@ -0,0 +1,24 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_get_extension_oid} (gnutls_x509_crt_t @var{cert}, unsigned @var{indx}, void * @var{oid}, size_t * @var{oid_size}) +@var{cert}: should contain a @code{gnutls_x509_crt_t} type + +@var{indx}: Specifies which extension OID to send. Use (0) to get the first one. + +@var{oid}: a pointer to a structure to hold the OID (may be null) + +@var{oid_size}: initially holds the size of @code{oid} + +This function will return the requested extension OID in the certificate. +The extension OID will be stored as a string in the provided buffer. + +The @code{oid} returned will be null terminated, although @code{oid_size} will not +account for the trailing null. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, +otherwise a negative error code is returned. If you have reached the +last extension available @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} +will be returned. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_get_extension_oid.short b/doc/functions/gnutls_x509_crt_get_extension_oid.short new file mode 100644 index 0000000..cb08877 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_extension_oid.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_get_extension_oid} (gnutls_x509_crt_t @var{cert}, unsigned @var{indx}, void * @var{oid}, size_t * @var{oid_size}) diff --git a/doc/functions/gnutls_x509_crt_get_fingerprint b/doc/functions/gnutls_x509_crt_get_fingerprint new file mode 100644 index 0000000..56d69ca --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_fingerprint @@ -0,0 +1,23 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_get_fingerprint} (gnutls_x509_crt_t @var{cert}, gnutls_digest_algorithm_t @var{algo}, void * @var{buf}, size_t * @var{buf_size}) +@var{cert}: should contain a @code{gnutls_x509_crt_t} type + +@var{algo}: is a digest algorithm + +@var{buf}: a pointer to a structure to hold the fingerprint (may be null) + +@var{buf_size}: initially holds the size of @code{buf} + +This function will calculate and copy the certificate's fingerprint +in the provided buffer. The fingerprint is a hash of the DER-encoded +data of the certificate. + +If the buffer is null then only the size will be filled. + +@strong{Returns:} @code{GNUTLS_E_SHORT_MEMORY_BUFFER} if the provided buffer is +not long enough, and in that case the *buf_size will be updated +with the required size. On success 0 is returned. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_get_fingerprint.short b/doc/functions/gnutls_x509_crt_get_fingerprint.short new file mode 100644 index 0000000..aa29d5d --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_fingerprint.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_get_fingerprint} (gnutls_x509_crt_t @var{cert}, gnutls_digest_algorithm_t @var{algo}, void * @var{buf}, size_t * @var{buf_size}) diff --git a/doc/functions/gnutls_x509_crt_get_inhibit_anypolicy b/doc/functions/gnutls_x509_crt_get_inhibit_anypolicy new file mode 100644 index 0000000..a627fb2 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_inhibit_anypolicy @@ -0,0 +1,24 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_get_inhibit_anypolicy} (gnutls_x509_crt_t @var{cert}, unsigned int * @var{skipcerts}, unsigned int * @var{critical}) +@var{cert}: should contain a @code{gnutls_x509_crt_t} type + +@var{skipcerts}: will hold the number of certificates after which anypolicy is no longer acceptable. + +@var{critical}: will be non-zero if the extension is marked as critical + +This function will return certificate's value of the SkipCerts, i.e., +the Inhibit anyPolicy X.509 extension (2.5.29.54). + +The returned value is the number of additional certificates that +may appear in the path before the anyPolicy is no longer acceptable. + +@strong{Returns:} zero on success, or a negative error code in case of +parsing error. If the certificate does not contain the Inhibit anyPolicy +extension @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} will be +returned. + +@strong{Since:} 3.6.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_get_inhibit_anypolicy.short b/doc/functions/gnutls_x509_crt_get_inhibit_anypolicy.short new file mode 100644 index 0000000..e6b1954 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_inhibit_anypolicy.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_get_inhibit_anypolicy} (gnutls_x509_crt_t @var{cert}, unsigned int * @var{skipcerts}, unsigned int * @var{critical}) diff --git a/doc/functions/gnutls_x509_crt_get_issuer b/doc/functions/gnutls_x509_crt_get_issuer new file mode 100644 index 0000000..34a44a8 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_issuer @@ -0,0 +1,18 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_get_issuer} (gnutls_x509_crt_t @var{cert}, gnutls_x509_dn_t * @var{dn}) +@var{cert}: should contain a @code{gnutls_x509_crt_t} type + +@var{dn}: output variable with pointer to uint8_t DN + +Return the Certificate's Issuer DN as a @code{gnutls_x509_dn_t} data type, +that can be decoded using @code{gnutls_x509_dn_get_rdn_ava()} . + +Note that @code{dn} should be treated as constant. Because it points +into the @code{cert} object, you should not use @code{dn} after @code{cert} is +deallocated. + +@strong{Returns:} Returns 0 on success, or an error code. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_get_issuer.short b/doc/functions/gnutls_x509_crt_get_issuer.short new file mode 100644 index 0000000..b6721ec --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_issuer.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_get_issuer} (gnutls_x509_crt_t @var{cert}, gnutls_x509_dn_t * @var{dn}) diff --git a/doc/functions/gnutls_x509_crt_get_issuer_alt_name b/doc/functions/gnutls_x509_crt_get_issuer_alt_name new file mode 100644 index 0000000..345b3db --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_issuer_alt_name @@ -0,0 +1,40 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_get_issuer_alt_name} (gnutls_x509_crt_t @var{cert}, unsigned int @var{seq}, void * @var{ian}, size_t * @var{ian_size}, unsigned int * @var{critical}) +@var{cert}: should contain a @code{gnutls_x509_crt_t} type + +@var{seq}: specifies the sequence number of the alt name (0 for the first one, 1 for the second etc.) + +@var{ian}: is the place where the alternative name will be copied to + +@var{ian_size}: holds the size of ian. + +@var{critical}: will be non-zero if the extension is marked as critical (may be null) + +This function retrieves the Issuer Alternative Name (2.5.29.18), +contained in the given certificate in the X509v3 Certificate +Extensions. + +When the SAN type is otherName, it will extract the data in the +otherName's value field, and @code{GNUTLS_SAN_OTHERNAME} is returned. +You may use @code{gnutls_x509_crt_get_subject_alt_othername_oid()} to get +the corresponding OID and the "virtual" SAN types (e.g., +@code{GNUTLS_SAN_OTHERNAME_XMPP} ). + +If an otherName OID is known, the data will be decoded. Otherwise +the returned data will be DER encoded, and you will have to decode +it yourself. Currently, only the RFC 3920 id-on-xmppAddr Issuer +AltName is recognized. + +@strong{Returns:} the alternative issuer name type on success, one of the +enumerated @code{gnutls_x509_subject_alt_name_t} . It will return +@code{GNUTLS_E_SHORT_MEMORY_BUFFER} if @code{ian_size} is not large enough +to hold the value. In that case @code{ian_size} will be updated with +the required size. If the certificate does not have an +Alternative name with the specified sequence number then +@code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} is returned. + +@strong{Since:} 2.10.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_get_issuer_alt_name.short b/doc/functions/gnutls_x509_crt_get_issuer_alt_name.short new file mode 100644 index 0000000..4acdc1a --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_issuer_alt_name.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_get_issuer_alt_name} (gnutls_x509_crt_t @var{cert}, unsigned int @var{seq}, void * @var{ian}, size_t * @var{ian_size}, unsigned int * @var{critical}) diff --git a/doc/functions/gnutls_x509_crt_get_issuer_alt_name2 b/doc/functions/gnutls_x509_crt_get_issuer_alt_name2 new file mode 100644 index 0000000..c0d8380 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_issuer_alt_name2 @@ -0,0 +1,34 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_get_issuer_alt_name2} (gnutls_x509_crt_t @var{cert}, unsigned int @var{seq}, void * @var{ian}, size_t * @var{ian_size}, unsigned int * @var{ian_type}, unsigned int * @var{critical}) +@var{cert}: should contain a @code{gnutls_x509_crt_t} type + +@var{seq}: specifies the sequence number of the alt name (0 for the first one, 1 for the second etc.) + +@var{ian}: is the place where the alternative name will be copied to + +@var{ian_size}: holds the size of ret. + +@var{ian_type}: holds the type of the alternative name (one of gnutls_x509_subject_alt_name_t). + +@var{critical}: will be non-zero if the extension is marked as critical (may be null) + +This function will return the alternative names, contained in the +given certificate. It is the same as +@code{gnutls_x509_crt_get_issuer_alt_name()} except for the fact that it +will return the type of the alternative name in @code{ian_type} even if +the function fails for some reason (i.e. the buffer provided is +not enough). + +@strong{Returns:} the alternative issuer name type on success, one of the +enumerated @code{gnutls_x509_subject_alt_name_t} . It will return +@code{GNUTLS_E_SHORT_MEMORY_BUFFER} if @code{ian_size} is not large enough +to hold the value. In that case @code{ian_size} will be updated with +the required size. If the certificate does not have an +Alternative name with the specified sequence number then +@code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} is returned. + +@strong{Since:} 2.10.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_get_issuer_alt_name2.short b/doc/functions/gnutls_x509_crt_get_issuer_alt_name2.short new file mode 100644 index 0000000..088632e --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_issuer_alt_name2.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_get_issuer_alt_name2} (gnutls_x509_crt_t @var{cert}, unsigned int @var{seq}, void * @var{ian}, size_t * @var{ian_size}, unsigned int * @var{ian_type}, unsigned int * @var{critical}) diff --git a/doc/functions/gnutls_x509_crt_get_issuer_alt_othername_oid b/doc/functions/gnutls_x509_crt_get_issuer_alt_othername_oid new file mode 100644 index 0000000..e838163 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_issuer_alt_othername_oid @@ -0,0 +1,37 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_get_issuer_alt_othername_oid} (gnutls_x509_crt_t @var{cert}, unsigned int @var{seq}, void * @var{ret}, size_t * @var{ret_size}) +@var{cert}: should contain a @code{gnutls_x509_crt_t} type + +@var{seq}: specifies the sequence number of the alt name (0 for the first one, 1 for the second etc.) + +@var{ret}: is the place where the otherName OID will be copied to + +@var{ret_size}: holds the size of ret. + +This function will extract the type OID of an otherName Subject +Alternative Name, contained in the given certificate, and return +the type as an enumerated element. + +If @code{oid} is null then only the size will be filled. The @code{oid} returned will be null terminated, although @code{oid_size} will not +account for the trailing null. + +This function is only useful if +@code{gnutls_x509_crt_get_issuer_alt_name()} returned +@code{GNUTLS_SAN_OTHERNAME} . + +@strong{Returns:} the alternative issuer name type on success, one of the +enumerated gnutls_x509_subject_alt_name_t. For supported OIDs, it +will return one of the virtual (GNUTLS_SAN_OTHERNAME_*) types, +e.g. @code{GNUTLS_SAN_OTHERNAME_XMPP} , and @code{GNUTLS_SAN_OTHERNAME} for +unknown OIDs. It will return @code{GNUTLS_E_SHORT_MEMORY_BUFFER} if + @code{ret_size} is not large enough to hold the value. In that case + @code{ret_size} will be updated with the required size. If the +certificate does not have an Alternative name with the specified +sequence number and with the otherName type then +@code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} is returned. + +@strong{Since:} 2.10.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_get_issuer_alt_othername_oid.short b/doc/functions/gnutls_x509_crt_get_issuer_alt_othername_oid.short new file mode 100644 index 0000000..a84cc06 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_issuer_alt_othername_oid.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_get_issuer_alt_othername_oid} (gnutls_x509_crt_t @var{cert}, unsigned int @var{seq}, void * @var{ret}, size_t * @var{ret_size}) diff --git a/doc/functions/gnutls_x509_crt_get_issuer_dn b/doc/functions/gnutls_x509_crt_get_issuer_dn new file mode 100644 index 0000000..3068012 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_issuer_dn @@ -0,0 +1,26 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_get_issuer_dn} (gnutls_x509_crt_t @var{cert}, char * @var{buf}, size_t * @var{buf_size}) +@var{cert}: should contain a @code{gnutls_x509_crt_t} type + +@var{buf}: a pointer to a structure to hold the name (may be null) + +@var{buf_size}: initially holds the size of @code{buf} + +This function will copy the name of the Certificate issuer in the +provided buffer. The name will be in the form +"C=xxxx,O=yyyy,CN=zzzz" as described in RFC4514. The output string +will be ASCII or UTF-8 encoded, depending on the certificate data. + +If @code{buf} is null then only the size will be filled. + +This function does not output a fully RFC4514 compliant string, if +that is required see @code{gnutls_x509_crt_get_issuer_dn3()} . + +@strong{Returns:} @code{GNUTLS_E_SHORT_MEMORY_BUFFER} if the provided buffer is not +long enough, and in that case the @code{buf_size} will be updated +with the required size. @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} if +the DN does not exist, or another error value on error. On success 0 is returned. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_get_issuer_dn.short b/doc/functions/gnutls_x509_crt_get_issuer_dn.short new file mode 100644 index 0000000..460500b --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_issuer_dn.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_get_issuer_dn} (gnutls_x509_crt_t @var{cert}, char * @var{buf}, size_t * @var{buf_size}) diff --git a/doc/functions/gnutls_x509_crt_get_issuer_dn2 b/doc/functions/gnutls_x509_crt_get_issuer_dn2 new file mode 100644 index 0000000..20cc567 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_issuer_dn2 @@ -0,0 +1,22 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_get_issuer_dn2} (gnutls_x509_crt_t @var{cert}, gnutls_datum_t * @var{dn}) +@var{cert}: should contain a @code{gnutls_x509_crt_t} type + +@var{dn}: a pointer to a structure to hold the name + +This function will allocate buffer and copy the name of issuer of the Certificate. +The name will be in the form "C=xxxx,O=yyyy,CN=zzzz" as +described in RFC4514. The output string will be ASCII or UTF-8 +encoded, depending on the certificate data. + +This function does not output a fully RFC4514 compliant string, if +that is required see @code{gnutls_x509_crt_get_issuer_dn3()} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.1.10 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_get_issuer_dn2.short b/doc/functions/gnutls_x509_crt_get_issuer_dn2.short new file mode 100644 index 0000000..683cec8 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_issuer_dn2.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_get_issuer_dn2} (gnutls_x509_crt_t @var{cert}, gnutls_datum_t * @var{dn}) diff --git a/doc/functions/gnutls_x509_crt_get_issuer_dn3 b/doc/functions/gnutls_x509_crt_get_issuer_dn3 new file mode 100644 index 0000000..4d37886 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_issuer_dn3 @@ -0,0 +1,25 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_get_issuer_dn3} (gnutls_x509_crt_t @var{cert}, gnutls_datum_t * @var{dn}, unsigned @var{flags}) +@var{cert}: should contain a @code{gnutls_x509_crt_t} type + +@var{dn}: a pointer to a structure to hold the name + +@var{flags}: zero or @code{GNUTLS_X509_DN_FLAG_COMPAT} + +This function will allocate buffer and copy the name of issuer of the Certificate. +The name will be in the form "C=xxxx,O=yyyy,CN=zzzz" as +described in RFC4514. The output string will be ASCII or UTF-8 +encoded, depending on the certificate data. + +When the flag @code{GNUTLS_X509_DN_FLAG_COMPAT} is specified, the output +format will match the format output by previous to 3.5.6 versions of GnuTLS +which was not not fully RFC4514-compliant. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.5.7 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_get_issuer_dn3.short b/doc/functions/gnutls_x509_crt_get_issuer_dn3.short new file mode 100644 index 0000000..0c8cd5e --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_issuer_dn3.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_get_issuer_dn3} (gnutls_x509_crt_t @var{cert}, gnutls_datum_t * @var{dn}, unsigned @var{flags}) diff --git a/doc/functions/gnutls_x509_crt_get_issuer_dn_by_oid b/doc/functions/gnutls_x509_crt_get_issuer_dn_by_oid new file mode 100644 index 0000000..ea74ab7 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_issuer_dn_by_oid @@ -0,0 +1,36 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_get_issuer_dn_by_oid} (gnutls_x509_crt_t @var{cert}, const char * @var{oid}, unsigned @var{indx}, unsigned int @var{raw_flag}, void * @var{buf}, size_t * @var{buf_size}) +@var{cert}: should contain a @code{gnutls_x509_crt_t} type + +@var{oid}: holds an Object Identified in null terminated string + +@var{indx}: In case multiple same OIDs exist in the RDN, this specifies which to send. Use (0) to get the first one. + +@var{raw_flag}: If non-zero returns the raw DER data of the DN part. + +@var{buf}: a pointer to a structure to hold the name (may be null) + +@var{buf_size}: initially holds the size of @code{buf} + +This function will extract the part of the name of the Certificate +issuer specified by the given OID. The output, if the raw flag is not +used, will be encoded as described in RFC4514. Thus a string that is +ASCII or UTF-8 encoded, depending on the certificate data. + +Some helper macros with popular OIDs can be found in gnutls/x509.h +If raw flag is (0), this function will only return known OIDs as +text. Other OIDs will be DER encoded, as described in RFC4514 -- +in hex format with a '#' prefix. You can check about known OIDs +using @code{gnutls_x509_dn_oid_known()} . + +If @code{buf} is null then only the size will be filled. If the @code{raw_flag} is not specified the output is always null terminated, although the + @code{buf_size} will not include the null character. + +@strong{Returns:} @code{GNUTLS_E_SHORT_MEMORY_BUFFER} if the provided buffer is not +long enough, and in that case the @code{buf_size} will be updated with +the required size. @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} if there +are no data in the current index. On success 0 is returned. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_get_issuer_dn_by_oid.short b/doc/functions/gnutls_x509_crt_get_issuer_dn_by_oid.short new file mode 100644 index 0000000..5b24e3c --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_issuer_dn_by_oid.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_get_issuer_dn_by_oid} (gnutls_x509_crt_t @var{cert}, const char * @var{oid}, unsigned @var{indx}, unsigned int @var{raw_flag}, void * @var{buf}, size_t * @var{buf_size}) diff --git a/doc/functions/gnutls_x509_crt_get_issuer_dn_oid b/doc/functions/gnutls_x509_crt_get_issuer_dn_oid new file mode 100644 index 0000000..f8173ff --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_issuer_dn_oid @@ -0,0 +1,24 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_get_issuer_dn_oid} (gnutls_x509_crt_t @var{cert}, unsigned @var{indx}, void * @var{oid}, size_t * @var{oid_size}) +@var{cert}: should contain a @code{gnutls_x509_crt_t} type + +@var{indx}: This specifies which OID to return. Use (0) to get the first one. + +@var{oid}: a pointer to a buffer to hold the OID (may be null) + +@var{oid_size}: initially holds the size of @code{oid} + +This function will extract the OIDs of the name of the Certificate +issuer specified by the given index. + +If @code{oid} is null then only the size will be filled. The @code{oid} returned will be null terminated, although @code{oid_size} will not +account for the trailing null. + +@strong{Returns:} @code{GNUTLS_E_SHORT_MEMORY_BUFFER} if the provided buffer is not +long enough, and in that case the @code{buf_size} will be updated with +the required size. @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} if there +are no data in the current index. On success 0 is returned. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_get_issuer_dn_oid.short b/doc/functions/gnutls_x509_crt_get_issuer_dn_oid.short new file mode 100644 index 0000000..ab99d4a --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_issuer_dn_oid.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_get_issuer_dn_oid} (gnutls_x509_crt_t @var{cert}, unsigned @var{indx}, void * @var{oid}, size_t * @var{oid_size}) diff --git a/doc/functions/gnutls_x509_crt_get_issuer_unique_id b/doc/functions/gnutls_x509_crt_get_issuer_unique_id new file mode 100644 index 0000000..3522f50 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_issuer_unique_id @@ -0,0 +1,28 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_get_issuer_unique_id} (gnutls_x509_crt_t @var{crt}, char * @var{buf}, size_t * @var{buf_size}) +@var{crt}: Holds the certificate + +@var{buf}: user allocated memory buffer, will hold the unique id + +@var{buf_size}: size of user allocated memory buffer (on input), will hold +actual size of the unique ID on return. + +This function will extract the issuerUniqueID value (if present) for +the given certificate. + +If the user allocated memory buffer is not large enough to hold the +full subjectUniqueID, then a GNUTLS_E_SHORT_MEMORY_BUFFER error will be +returned, and buf_size will be set to the actual length. + +This function had a bug prior to 3.4.8 that prevented the setting +of @code{NULL} @code{buf} to discover the @code{buf_size} . To use this function safely +with the older versions the @code{buf} must be a valid buffer that can hold +at least a single byte if @code{buf_size} is zero. + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, otherwise a negative error code. + +@strong{Since:} 2.12.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_get_issuer_unique_id.short b/doc/functions/gnutls_x509_crt_get_issuer_unique_id.short new file mode 100644 index 0000000..649a7fc --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_issuer_unique_id.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_get_issuer_unique_id} (gnutls_x509_crt_t @var{crt}, char * @var{buf}, size_t * @var{buf_size}) diff --git a/doc/functions/gnutls_x509_crt_get_key_id b/doc/functions/gnutls_x509_crt_get_key_id new file mode 100644 index 0000000..347d376 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_key_id @@ -0,0 +1,26 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_get_key_id} (gnutls_x509_crt_t @var{crt}, unsigned int @var{flags}, unsigned char * @var{output_data}, size_t * @var{output_data_size}) +@var{crt}: Holds the certificate + +@var{flags}: should be one of the flags from @code{gnutls_keyid_flags_t} + +@var{output_data}: will contain the key ID + +@var{output_data_size}: holds the size of output_data (and will be +replaced by the actual size of parameters) + +This function will return a unique ID that depends on the public +key parameters. This ID can be used in checking whether a +certificate corresponds to the given private key. + +If the buffer provided is not long enough to hold the output, then +*output_data_size is updated and GNUTLS_E_SHORT_MEMORY_BUFFER will +be returned. The output will normally be a SHA-1 hash output, +which is 20 bytes. + +@strong{Returns:} In case of failure a negative error code will be +returned, and 0 on success. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_get_key_id.short b/doc/functions/gnutls_x509_crt_get_key_id.short new file mode 100644 index 0000000..255ed36 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_key_id.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_get_key_id} (gnutls_x509_crt_t @var{crt}, unsigned int @var{flags}, unsigned char * @var{output_data}, size_t * @var{output_data_size}) diff --git a/doc/functions/gnutls_x509_crt_get_key_purpose_oid b/doc/functions/gnutls_x509_crt_get_key_purpose_oid new file mode 100644 index 0000000..f35f761 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_key_purpose_oid @@ -0,0 +1,27 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_get_key_purpose_oid} (gnutls_x509_crt_t @var{cert}, unsigned @var{indx}, void * @var{oid}, size_t * @var{oid_size}, unsigned int * @var{critical}) +@var{cert}: should contain a @code{gnutls_x509_crt_t} type + +@var{indx}: This specifies which OID to return. Use (0) to get the first one. + +@var{oid}: a pointer to a buffer to hold the OID (may be null) + +@var{oid_size}: initially holds the size of @code{oid} + +@var{critical}: output flag to indicate criticality of extension + +This function will extract the key purpose OIDs of the Certificate +specified by the given index. These are stored in the Extended Key +Usage extension (2.5.29.37) See the GNUTLS_KP_* definitions for +human readable names. + +If @code{oid} is null then only the size will be filled. The @code{oid} returned will be null terminated, although @code{oid_size} will not +account for the trailing null. + +@strong{Returns:} @code{GNUTLS_E_SHORT_MEMORY_BUFFER} if the provided buffer is +not long enough, and in that case the *oid_size will be updated +with the required size. On success 0 is returned. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_get_key_purpose_oid.short b/doc/functions/gnutls_x509_crt_get_key_purpose_oid.short new file mode 100644 index 0000000..88c4c34 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_key_purpose_oid.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_get_key_purpose_oid} (gnutls_x509_crt_t @var{cert}, unsigned @var{indx}, void * @var{oid}, size_t * @var{oid_size}, unsigned int * @var{critical}) diff --git a/doc/functions/gnutls_x509_crt_get_key_usage b/doc/functions/gnutls_x509_crt_get_key_usage new file mode 100644 index 0000000..f701c90 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_key_usage @@ -0,0 +1,24 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_get_key_usage} (gnutls_x509_crt_t @var{cert}, unsigned int * @var{key_usage}, unsigned int * @var{critical}) +@var{cert}: should contain a @code{gnutls_x509_crt_t} type + +@var{key_usage}: where the key usage bits will be stored + +@var{critical}: will be non-zero if the extension is marked as critical + +This function will return certificate's key usage, by reading the +keyUsage X.509 extension (2.5.29.15). The key usage value will ORed +values of the: @code{GNUTLS_KEY_DIGITAL_SIGNATURE} , +@code{GNUTLS_KEY_NON_REPUDIATION} , @code{GNUTLS_KEY_KEY_ENCIPHERMENT} , +@code{GNUTLS_KEY_DATA_ENCIPHERMENT} , @code{GNUTLS_KEY_KEY_AGREEMENT} , +@code{GNUTLS_KEY_KEY_CERT_SIGN} , @code{GNUTLS_KEY_CRL_SIGN} , +@code{GNUTLS_KEY_ENCIPHER_ONLY} , @code{GNUTLS_KEY_DECIPHER_ONLY} . + +@strong{Returns:} zero on success, or a negative error code in case of +parsing error. If the certificate does not contain the keyUsage +extension @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} will be +returned. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_get_key_usage.short b/doc/functions/gnutls_x509_crt_get_key_usage.short new file mode 100644 index 0000000..1cc9f15 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_key_usage.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_get_key_usage} (gnutls_x509_crt_t @var{cert}, unsigned int * @var{key_usage}, unsigned int * @var{critical}) diff --git a/doc/functions/gnutls_x509_crt_get_name_constraints b/doc/functions/gnutls_x509_crt_get_name_constraints new file mode 100644 index 0000000..bcbee22 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_name_constraints @@ -0,0 +1,33 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_get_name_constraints} (gnutls_x509_crt_t @var{crt}, gnutls_x509_name_constraints_t @var{nc}, unsigned int @var{flags}, unsigned int * @var{critical}) +@var{crt}: should contain a @code{gnutls_x509_crt_t} type + +@var{nc}: The nameconstraints intermediate type + +@var{flags}: zero or @code{GNUTLS_EXT_FLAG_APPEND} + +@var{critical}: the extension status + +This function will return an intermediate type containing +the name constraints of the provided CA certificate. That +structure can be used in combination with @code{gnutls_x509_name_constraints_check()} +to verify whether a server's name is in accordance with the constraints. + +When the @code{flags} is set to @code{GNUTLS_EXT_FLAG_APPEND} , +then if the @code{nc} structure is empty this function will behave +identically as if the flag was not set. +Otherwise if there are elements in the @code{nc} structure then the +constraints will be merged with the existing constraints following +RFC5280 p6.1.4 (excluded constraints will be appended, permitted +will be intersected). + +Note that @code{nc} must be initialized prior to calling this function. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} +if the extension is not present, otherwise a negative error value. + +@strong{Since:} 3.3.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_get_name_constraints.short b/doc/functions/gnutls_x509_crt_get_name_constraints.short new file mode 100644 index 0000000..0a43e11 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_name_constraints.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_get_name_constraints} (gnutls_x509_crt_t @var{crt}, gnutls_x509_name_constraints_t @var{nc}, unsigned int @var{flags}, unsigned int * @var{critical}) diff --git a/doc/functions/gnutls_x509_crt_get_pk_algorithm b/doc/functions/gnutls_x509_crt_get_pk_algorithm new file mode 100644 index 0000000..ea7c977 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_pk_algorithm @@ -0,0 +1,22 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_get_pk_algorithm} (gnutls_x509_crt_t @var{cert}, unsigned int * @var{bits}) +@var{cert}: should contain a @code{gnutls_x509_crt_t} type + +@var{bits}: if bits is non null it will hold the size of the parameters' in bits + +This function will return the public key algorithm of an X.509 +certificate. + +If bits is non null, it should have enough size to hold the parameters +size in bits. For RSA the bits returned is the modulus. +For DSA the bits returned are of the public +exponent. + +Unknown/unsupported algorithms are mapped to @code{GNUTLS_PK_UNKNOWN} . + +@strong{Returns:} a member of the @code{gnutls_pk_algorithm_t} enumeration on +success, or a negative error code on error. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_get_pk_algorithm.short b/doc/functions/gnutls_x509_crt_get_pk_algorithm.short new file mode 100644 index 0000000..e71730d --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_pk_algorithm.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_get_pk_algorithm} (gnutls_x509_crt_t @var{cert}, unsigned int * @var{bits}) diff --git a/doc/functions/gnutls_x509_crt_get_pk_dsa_raw b/doc/functions/gnutls_x509_crt_get_pk_dsa_raw new file mode 100644 index 0000000..2edd623 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_pk_dsa_raw @@ -0,0 +1,21 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_get_pk_dsa_raw} (gnutls_x509_crt_t @var{crt}, gnutls_datum_t * @var{p}, gnutls_datum_t * @var{q}, gnutls_datum_t * @var{g}, gnutls_datum_t * @var{y}) +@var{crt}: Holds the certificate + +@var{p}: will hold the p + +@var{q}: will hold the q + +@var{g}: will hold the g + +@var{y}: will hold the y + +This function will export the DSA public key's parameters found in +the given certificate. The new parameters will be allocated using +@code{gnutls_malloc()} and will be stored in the appropriate datum. + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, otherwise a negative error code. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_get_pk_dsa_raw.short b/doc/functions/gnutls_x509_crt_get_pk_dsa_raw.short new file mode 100644 index 0000000..2452f07 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_pk_dsa_raw.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_get_pk_dsa_raw} (gnutls_x509_crt_t @var{crt}, gnutls_datum_t * @var{p}, gnutls_datum_t * @var{q}, gnutls_datum_t * @var{g}, gnutls_datum_t * @var{y}) diff --git a/doc/functions/gnutls_x509_crt_get_pk_ecc_raw b/doc/functions/gnutls_x509_crt_get_pk_ecc_raw new file mode 100644 index 0000000..3773499 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_pk_ecc_raw @@ -0,0 +1,24 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_get_pk_ecc_raw} (gnutls_x509_crt_t @var{crt}, gnutls_ecc_curve_t * @var{curve}, gnutls_datum_t * @var{x}, gnutls_datum_t * @var{y}) +@var{crt}: Holds the certificate + +@var{curve}: will hold the curve + +@var{x}: will hold the x-coordinate + +@var{y}: will hold the y-coordinate + +This function will export the ECC public key's parameters found in +the given certificate. The new parameters will be allocated using +@code{gnutls_malloc()} and will be stored in the appropriate datum. + +In EdDSA curves the @code{y} parameter will be @code{NULL} and the other parameters +will be in the native format for the curve. + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, otherwise a negative error code. + +@strong{Since:} 3.4.1 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_get_pk_ecc_raw.short b/doc/functions/gnutls_x509_crt_get_pk_ecc_raw.short new file mode 100644 index 0000000..1b80a75 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_pk_ecc_raw.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_get_pk_ecc_raw} (gnutls_x509_crt_t @var{crt}, gnutls_ecc_curve_t * @var{curve}, gnutls_datum_t * @var{x}, gnutls_datum_t * @var{y}) diff --git a/doc/functions/gnutls_x509_crt_get_pk_gost_raw b/doc/functions/gnutls_x509_crt_get_pk_gost_raw new file mode 100644 index 0000000..8408144 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_pk_gost_raw @@ -0,0 +1,25 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_get_pk_gost_raw} (gnutls_x509_crt_t @var{crt}, gnutls_ecc_curve_t * @var{curve}, gnutls_digest_algorithm_t * @var{digest}, gnutls_gost_paramset_t * @var{paramset}, gnutls_datum_t * @var{x}, gnutls_datum_t * @var{y}) +@var{crt}: Holds the certificate + +@var{curve}: will hold the curve + +@var{digest}: will hold the digest + +@var{paramset}: will hold the GOST parameter set ID + +@var{x}: will hold the x-coordinate + +@var{y}: will hold the y-coordinate + +This function will export the GOST public key's parameters found in +the given certificate. The new parameters will be allocated using +@code{gnutls_malloc()} and will be stored in the appropriate datum. + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, otherwise a negative error code. + +@strong{Since:} 3.6.3 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_get_pk_gost_raw.short b/doc/functions/gnutls_x509_crt_get_pk_gost_raw.short new file mode 100644 index 0000000..9f40f6c --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_pk_gost_raw.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_get_pk_gost_raw} (gnutls_x509_crt_t @var{crt}, gnutls_ecc_curve_t * @var{curve}, gnutls_digest_algorithm_t * @var{digest}, gnutls_gost_paramset_t * @var{paramset}, gnutls_datum_t * @var{x}, gnutls_datum_t * @var{y}) diff --git a/doc/functions/gnutls_x509_crt_get_pk_oid b/doc/functions/gnutls_x509_crt_get_pk_oid new file mode 100644 index 0000000..ebf6517 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_pk_oid @@ -0,0 +1,20 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_get_pk_oid} (gnutls_x509_crt_t @var{cert}, char * @var{oid}, size_t * @var{oid_size}) +@var{cert}: should contain a @code{gnutls_x509_crt_t} type + +@var{oid}: a pointer to a buffer to hold the OID (may be null) + +@var{oid_size}: initially holds the size of @code{oid} + +This function will return the OID of the public key algorithm +on that certificate. This is function +is useful in the case @code{gnutls_x509_crt_get_pk_algorithm()} +returned @code{GNUTLS_PK_UNKNOWN} . + +@strong{Returns:} zero or a negative error code on error. + +@strong{Since:} 3.5.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_get_pk_oid.short b/doc/functions/gnutls_x509_crt_get_pk_oid.short new file mode 100644 index 0000000..8841257 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_pk_oid.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_get_pk_oid} (gnutls_x509_crt_t @var{cert}, char * @var{oid}, size_t * @var{oid_size}) diff --git a/doc/functions/gnutls_x509_crt_get_pk_rsa_raw b/doc/functions/gnutls_x509_crt_get_pk_rsa_raw new file mode 100644 index 0000000..583f7af --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_pk_rsa_raw @@ -0,0 +1,17 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_get_pk_rsa_raw} (gnutls_x509_crt_t @var{crt}, gnutls_datum_t * @var{m}, gnutls_datum_t * @var{e}) +@var{crt}: Holds the certificate + +@var{m}: will hold the modulus + +@var{e}: will hold the public exponent + +This function will export the RSA public key's parameters found in +the given structure. The new parameters will be allocated using +@code{gnutls_malloc()} and will be stored in the appropriate datum. + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, otherwise a negative error code. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_get_pk_rsa_raw.short b/doc/functions/gnutls_x509_crt_get_pk_rsa_raw.short new file mode 100644 index 0000000..acfe456 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_pk_rsa_raw.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_get_pk_rsa_raw} (gnutls_x509_crt_t @var{crt}, gnutls_datum_t * @var{m}, gnutls_datum_t * @var{e}) diff --git a/doc/functions/gnutls_x509_crt_get_policy b/doc/functions/gnutls_x509_crt_get_policy new file mode 100644 index 0000000..0902c3c --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_policy @@ -0,0 +1,24 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_get_policy} (gnutls_x509_crt_t @var{crt}, unsigned @var{indx}, struct gnutls_x509_policy_st * @var{policy}, unsigned int * @var{critical}) +@var{crt}: should contain a @code{gnutls_x509_crt_t} type + +@var{indx}: This specifies which policy to return. Use (0) to get the first one. + +@var{policy}: A pointer to a policy structure. + +@var{critical}: will be non-zero if the extension is marked as critical + +This function will extract the certificate policy (extension 2.5.29.32) +specified by the given index. + +The policy returned by this function must be deinitialized by using +@code{gnutls_x509_policy_release()} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} +if the extension is not present, otherwise a negative error value. + +@strong{Since:} 3.1.5 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_get_policy.short b/doc/functions/gnutls_x509_crt_get_policy.short new file mode 100644 index 0000000..25b0c71 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_policy.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_get_policy} (gnutls_x509_crt_t @var{crt}, unsigned @var{indx}, struct gnutls_x509_policy_st * @var{policy}, unsigned int * @var{critical}) diff --git a/doc/functions/gnutls_x509_crt_get_preferred_hash_algorithm b/doc/functions/gnutls_x509_crt_get_preferred_hash_algorithm new file mode 100644 index 0000000..8dff7aa --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_preferred_hash_algorithm @@ -0,0 +1,22 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_get_preferred_hash_algorithm} (gnutls_x509_crt_t @var{crt}, gnutls_digest_algorithm_t * @var{hash}, unsigned int * @var{mand}) +@var{crt}: Holds the certificate + +@var{hash}: The result of the call with the hash algorithm used for signature + +@var{mand}: If non-zero it means that the algorithm MUST use this hash. May be @code{NULL} . + +This function will read the certificate and return the appropriate digest +algorithm to use for signing with this certificate. Some certificates (i.e. +DSA might not be able to sign without the preferred algorithm). + +@strong{Deprecated:} Please use @code{gnutls_pubkey_get_preferred_hash_algorithm()} . + +@strong{Returns:} the 0 if the hash algorithm is found. A negative error code is +returned on error. + +@strong{Since:} 2.12.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_get_preferred_hash_algorithm.short b/doc/functions/gnutls_x509_crt_get_preferred_hash_algorithm.short new file mode 100644 index 0000000..fa046c7 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_preferred_hash_algorithm.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_get_preferred_hash_algorithm} (gnutls_x509_crt_t @var{crt}, gnutls_digest_algorithm_t * @var{hash}, unsigned int * @var{mand}) diff --git a/doc/functions/gnutls_x509_crt_get_private_key_usage_period b/doc/functions/gnutls_x509_crt_get_private_key_usage_period new file mode 100644 index 0000000..ec793de --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_private_key_usage_period @@ -0,0 +1,20 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_get_private_key_usage_period} (gnutls_x509_crt_t @var{cert}, time_t * @var{activation}, time_t * @var{expiration}, unsigned int * @var{critical}) +@var{cert}: should contain a @code{gnutls_x509_crt_t} type + +@var{activation}: The activation time + +@var{expiration}: The expiration time + +@var{critical}: the extension status + +This function will return the expiration and activation +times of the private key of the certificate. It relies on +the PKIX extension 2.5.29.16 being present. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} +if the extension is not present, otherwise a negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_get_private_key_usage_period.short b/doc/functions/gnutls_x509_crt_get_private_key_usage_period.short new file mode 100644 index 0000000..05b37f9 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_private_key_usage_period.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_get_private_key_usage_period} (gnutls_x509_crt_t @var{cert}, time_t * @var{activation}, time_t * @var{expiration}, unsigned int * @var{critical}) diff --git a/doc/functions/gnutls_x509_crt_get_proxy b/doc/functions/gnutls_x509_crt_get_proxy new file mode 100644 index 0000000..fefec55 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_proxy @@ -0,0 +1,25 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_get_proxy} (gnutls_x509_crt_t @var{cert}, unsigned int * @var{critical}, int * @var{pathlen}, char ** @var{policyLanguage}, char ** @var{policy}, size_t * @var{sizeof_policy}) +@var{cert}: should contain a @code{gnutls_x509_crt_t} type + +@var{critical}: will be non-zero if the extension is marked as critical + +@var{pathlen}: pointer to output integer indicating path length (may be +NULL), non-negative error codes indicate a present pCPathLenConstraint +field and the actual value, -1 indicate that the field is absent. + +@var{policyLanguage}: output variable with OID of policy language + +@var{policy}: output variable with policy data + +@var{sizeof_policy}: output variable size of policy data + +This function will get information from a proxy certificate. It +reads the ProxyCertInfo X.509 extension (1.3.6.1.5.5.7.1.14). + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, +otherwise a negative error code is returned. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_get_proxy.short b/doc/functions/gnutls_x509_crt_get_proxy.short new file mode 100644 index 0000000..302ffd7 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_proxy.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_get_proxy} (gnutls_x509_crt_t @var{cert}, unsigned int * @var{critical}, int * @var{pathlen}, char ** @var{policyLanguage}, char ** @var{policy}, size_t * @var{sizeof_policy}) diff --git a/doc/functions/gnutls_x509_crt_get_raw_dn b/doc/functions/gnutls_x509_crt_get_raw_dn new file mode 100644 index 0000000..872bb62 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_raw_dn @@ -0,0 +1,15 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_get_raw_dn} (gnutls_x509_crt_t @var{cert}, gnutls_datum_t * @var{dn}) +@var{cert}: should contain a @code{gnutls_x509_crt_t} type + +@var{dn}: will hold the starting point of the DN + +This function will return a pointer to the DER encoded DN structure and +the length. This points to allocated data that must be free'd using @code{gnutls_free()} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. or a negative error code on error. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_get_raw_dn.short b/doc/functions/gnutls_x509_crt_get_raw_dn.short new file mode 100644 index 0000000..49fe292 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_raw_dn.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_get_raw_dn} (gnutls_x509_crt_t @var{cert}, gnutls_datum_t * @var{dn}) diff --git a/doc/functions/gnutls_x509_crt_get_raw_issuer_dn b/doc/functions/gnutls_x509_crt_get_raw_issuer_dn new file mode 100644 index 0000000..b22578e --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_raw_issuer_dn @@ -0,0 +1,15 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_get_raw_issuer_dn} (gnutls_x509_crt_t @var{cert}, gnutls_datum_t * @var{dn}) +@var{cert}: should contain a @code{gnutls_x509_crt_t} type + +@var{dn}: will hold the starting point of the DN + +This function will return a pointer to the DER encoded DN structure +and the length. This points to allocated data that must be free'd using @code{gnutls_free()} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value.or a negative error code on error. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_get_raw_issuer_dn.short b/doc/functions/gnutls_x509_crt_get_raw_issuer_dn.short new file mode 100644 index 0000000..720d385 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_raw_issuer_dn.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_get_raw_issuer_dn} (gnutls_x509_crt_t @var{cert}, gnutls_datum_t * @var{dn}) diff --git a/doc/functions/gnutls_x509_crt_get_serial b/doc/functions/gnutls_x509_crt_get_serial new file mode 100644 index 0000000..990bd12 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_serial @@ -0,0 +1,19 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_get_serial} (gnutls_x509_crt_t @var{cert}, void * @var{result}, size_t * @var{result_size}) +@var{cert}: should contain a @code{gnutls_x509_crt_t} type + +@var{result}: The place where the serial number will be copied + +@var{result_size}: Holds the size of the result field. + +This function will return the X.509 certificate's serial number. +This is obtained by the X509 Certificate serialNumber field. Serial +is not always a 32 or 64bit number. Some CAs use large serial +numbers, thus it may be wise to handle it as something uint8_t. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_get_serial.short b/doc/functions/gnutls_x509_crt_get_serial.short new file mode 100644 index 0000000..7c93142 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_serial.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_get_serial} (gnutls_x509_crt_t @var{cert}, void * @var{result}, size_t * @var{result_size}) diff --git a/doc/functions/gnutls_x509_crt_get_signature b/doc/functions/gnutls_x509_crt_get_signature new file mode 100644 index 0000000..00b05df --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_signature @@ -0,0 +1,16 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_get_signature} (gnutls_x509_crt_t @var{cert}, char * @var{sig}, size_t * @var{sig_size}) +@var{cert}: should contain a @code{gnutls_x509_crt_t} type + +@var{sig}: a pointer where the signature part will be copied (may be null). + +@var{sig_size}: initially holds the size of @code{sig} + +This function will extract the signature field of a certificate. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_get_signature.short b/doc/functions/gnutls_x509_crt_get_signature.short new file mode 100644 index 0000000..cf0fdbb --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_signature.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_get_signature} (gnutls_x509_crt_t @var{cert}, char * @var{sig}, size_t * @var{sig_size}) diff --git a/doc/functions/gnutls_x509_crt_get_signature_algorithm b/doc/functions/gnutls_x509_crt_get_signature_algorithm new file mode 100644 index 0000000..7f060e8 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_signature_algorithm @@ -0,0 +1,17 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_get_signature_algorithm} (gnutls_x509_crt_t @var{cert}) +@var{cert}: should contain a @code{gnutls_x509_crt_t} type + +This function will return a value of the @code{gnutls_sign_algorithm_t} +enumeration that is the signature algorithm that has been used to +sign this certificate. + +Since 3.6.0 this function never returns a negative error code. +Error cases and unknown/unsupported signature algorithms are +mapped to @code{GNUTLS_SIGN_UNKNOWN} . + +@strong{Returns:} a @code{gnutls_sign_algorithm_t} value +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_get_signature_algorithm.short b/doc/functions/gnutls_x509_crt_get_signature_algorithm.short new file mode 100644 index 0000000..c8a6085 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_signature_algorithm.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_get_signature_algorithm} (gnutls_x509_crt_t @var{cert}) diff --git a/doc/functions/gnutls_x509_crt_get_signature_oid b/doc/functions/gnutls_x509_crt_get_signature_oid new file mode 100644 index 0000000..fb99a4a --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_signature_oid @@ -0,0 +1,20 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_get_signature_oid} (gnutls_x509_crt_t @var{cert}, char * @var{oid}, size_t * @var{oid_size}) +@var{cert}: should contain a @code{gnutls_x509_crt_t} type + +@var{oid}: a pointer to a buffer to hold the OID (may be null) + +@var{oid_size}: initially holds the size of @code{oid} + +This function will return the OID of the signature algorithm +that has been used to sign this certificate. This is function +is useful in the case @code{gnutls_x509_crt_get_signature_algorithm()} +returned @code{GNUTLS_SIGN_UNKNOWN} . + +@strong{Returns:} zero or a negative error code on error. + +@strong{Since:} 3.5.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_get_signature_oid.short b/doc/functions/gnutls_x509_crt_get_signature_oid.short new file mode 100644 index 0000000..53c3643 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_signature_oid.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_get_signature_oid} (gnutls_x509_crt_t @var{cert}, char * @var{oid}, size_t * @var{oid_size}) diff --git a/doc/functions/gnutls_x509_crt_get_spki b/doc/functions/gnutls_x509_crt_get_spki new file mode 100644 index 0000000..bf42225 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_spki @@ -0,0 +1,16 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_get_spki} (gnutls_x509_crt_t @var{cert}, gnutls_x509_spki_t @var{spki}, unsigned int @var{flags}) +@var{cert}: a certificate of type @code{gnutls_x509_crt_t} + +@var{spki}: a SubjectPublicKeyInfo structure of type @code{gnutls_x509_spki_t} + +@var{flags}: must be zero + +This function will return the public key information of an X.509 +certificate. The provided @code{spki} must be initialized. + +@strong{Since:} 3.6.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_get_spki.short b/doc/functions/gnutls_x509_crt_get_spki.short new file mode 100644 index 0000000..be9b911 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_spki.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_get_spki} (gnutls_x509_crt_t @var{cert}, gnutls_x509_spki_t @var{spki}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_x509_crt_get_subject b/doc/functions/gnutls_x509_crt_get_subject new file mode 100644 index 0000000..194634b --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_subject @@ -0,0 +1,18 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_get_subject} (gnutls_x509_crt_t @var{cert}, gnutls_x509_dn_t * @var{dn}) +@var{cert}: should contain a @code{gnutls_x509_crt_t} type + +@var{dn}: output variable with pointer to uint8_t DN. + +Return the Certificate's Subject DN as a @code{gnutls_x509_dn_t} data type, +that can be decoded using @code{gnutls_x509_dn_get_rdn_ava()} . + +Note that @code{dn} should be treated as constant. Because it points +into the @code{cert} object, you should not use @code{dn} after @code{cert} is +deallocated. + +@strong{Returns:} Returns 0 on success, or an error code. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_get_subject.short b/doc/functions/gnutls_x509_crt_get_subject.short new file mode 100644 index 0000000..c3cb403 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_subject.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_get_subject} (gnutls_x509_crt_t @var{cert}, gnutls_x509_dn_t * @var{dn}) diff --git a/doc/functions/gnutls_x509_crt_get_subject_alt_name b/doc/functions/gnutls_x509_crt_get_subject_alt_name new file mode 100644 index 0000000..36da911 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_subject_alt_name @@ -0,0 +1,37 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_get_subject_alt_name} (gnutls_x509_crt_t @var{cert}, unsigned int @var{seq}, void * @var{san}, size_t * @var{san_size}, unsigned int * @var{critical}) +@var{cert}: should contain a @code{gnutls_x509_crt_t} type + +@var{seq}: specifies the sequence number of the alt name (0 for the first one, 1 for the second etc.) + +@var{san}: is the place where the alternative name will be copied to + +@var{san_size}: holds the size of san. + +@var{critical}: will be non-zero if the extension is marked as critical (may be null) + +This function retrieves the Alternative Name (2.5.29.17), contained +in the given certificate in the X509v3 Certificate Extensions. + +When the SAN type is otherName, it will extract the data in the +otherName's value field, and @code{GNUTLS_SAN_OTHERNAME} is returned. +You may use @code{gnutls_x509_crt_get_subject_alt_othername_oid()} to get +the corresponding OID and the "virtual" SAN types (e.g., +@code{GNUTLS_SAN_OTHERNAME_XMPP} ). + +If an otherName OID is known, the data will be decoded. Otherwise +the returned data will be DER encoded, and you will have to decode +it yourself. Currently, only the RFC 3920 id-on-xmppAddr SAN is +recognized. + +@strong{Returns:} the alternative subject name type on success, one of the +enumerated @code{gnutls_x509_subject_alt_name_t} . It will return +@code{GNUTLS_E_SHORT_MEMORY_BUFFER} if @code{san_size} is not large enough to +hold the value. In that case @code{san_size} will be updated with the +required size. If the certificate does not have an Alternative +name with the specified sequence number then +@code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} is returned. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_get_subject_alt_name.short b/doc/functions/gnutls_x509_crt_get_subject_alt_name.short new file mode 100644 index 0000000..5e37b6e --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_subject_alt_name.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_get_subject_alt_name} (gnutls_x509_crt_t @var{cert}, unsigned int @var{seq}, void * @var{san}, size_t * @var{san_size}, unsigned int * @var{critical}) diff --git a/doc/functions/gnutls_x509_crt_get_subject_alt_name2 b/doc/functions/gnutls_x509_crt_get_subject_alt_name2 new file mode 100644 index 0000000..a369ae3 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_subject_alt_name2 @@ -0,0 +1,32 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_get_subject_alt_name2} (gnutls_x509_crt_t @var{cert}, unsigned int @var{seq}, void * @var{san}, size_t * @var{san_size}, unsigned int * @var{san_type}, unsigned int * @var{critical}) +@var{cert}: should contain a @code{gnutls_x509_crt_t} type + +@var{seq}: specifies the sequence number of the alt name (0 for the first one, 1 for the second etc.) + +@var{san}: is the place where the alternative name will be copied to + +@var{san_size}: holds the size of ret. + +@var{san_type}: holds the type of the alternative name (one of gnutls_x509_subject_alt_name_t). + +@var{critical}: will be non-zero if the extension is marked as critical (may be null) + +This function will return the alternative names, contained in the +given certificate. It is the same as +@code{gnutls_x509_crt_get_subject_alt_name()} except for the fact that it +will return the type of the alternative name in @code{san_type} even if +the function fails for some reason (i.e. the buffer provided is +not enough). + +@strong{Returns:} the alternative subject name type on success, one of the +enumerated @code{gnutls_x509_subject_alt_name_t} . It will return +@code{GNUTLS_E_SHORT_MEMORY_BUFFER} if @code{san_size} is not large enough +to hold the value. In that case @code{san_size} will be updated with +the required size. If the certificate does not have an +Alternative name with the specified sequence number then +@code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} is returned. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_get_subject_alt_name2.short b/doc/functions/gnutls_x509_crt_get_subject_alt_name2.short new file mode 100644 index 0000000..398522c --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_subject_alt_name2.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_get_subject_alt_name2} (gnutls_x509_crt_t @var{cert}, unsigned int @var{seq}, void * @var{san}, size_t * @var{san_size}, unsigned int * @var{san_type}, unsigned int * @var{critical}) diff --git a/doc/functions/gnutls_x509_crt_get_subject_alt_othername_oid b/doc/functions/gnutls_x509_crt_get_subject_alt_othername_oid new file mode 100644 index 0000000..c8ea663 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_subject_alt_othername_oid @@ -0,0 +1,35 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_get_subject_alt_othername_oid} (gnutls_x509_crt_t @var{cert}, unsigned int @var{seq}, void * @var{oid}, size_t * @var{oid_size}) +@var{cert}: should contain a @code{gnutls_x509_crt_t} type + +@var{seq}: specifies the sequence number of the alt name (0 for the first one, 1 for the second etc.) + +@var{oid}: is the place where the otherName OID will be copied to + +@var{oid_size}: holds the size of ret. + +This function will extract the type OID of an otherName Subject +Alternative Name, contained in the given certificate, and return +the type as an enumerated element. + +This function is only useful if +@code{gnutls_x509_crt_get_subject_alt_name()} returned +@code{GNUTLS_SAN_OTHERNAME} . + +If @code{oid} is null then only the size will be filled. The @code{oid} returned will be null terminated, although @code{oid_size} will not +account for the trailing null. + +@strong{Returns:} the alternative subject name type on success, one of the +enumerated gnutls_x509_subject_alt_name_t. For supported OIDs, it +will return one of the virtual (GNUTLS_SAN_OTHERNAME_*) types, +e.g. @code{GNUTLS_SAN_OTHERNAME_XMPP} , and @code{GNUTLS_SAN_OTHERNAME} for +unknown OIDs. It will return @code{GNUTLS_E_SHORT_MEMORY_BUFFER} if + @code{ian_size} is not large enough to hold the value. In that case + @code{ian_size} will be updated with the required size. If the +certificate does not have an Alternative name with the specified +sequence number and with the otherName type then +@code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} is returned. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_get_subject_alt_othername_oid.short b/doc/functions/gnutls_x509_crt_get_subject_alt_othername_oid.short new file mode 100644 index 0000000..715a639 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_subject_alt_othername_oid.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_get_subject_alt_othername_oid} (gnutls_x509_crt_t @var{cert}, unsigned int @var{seq}, void * @var{oid}, size_t * @var{oid_size}) diff --git a/doc/functions/gnutls_x509_crt_get_subject_key_id b/doc/functions/gnutls_x509_crt_get_subject_key_id new file mode 100644 index 0000000..de230a6 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_subject_key_id @@ -0,0 +1,20 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_get_subject_key_id} (gnutls_x509_crt_t @var{cert}, void * @var{ret}, size_t * @var{ret_size}, unsigned int * @var{critical}) +@var{cert}: should contain a @code{gnutls_x509_crt_t} type + +@var{ret}: The place where the identifier will be copied + +@var{ret_size}: Holds the size of the result field. + +@var{critical}: will be non-zero if the extension is marked as critical (may be null) + +This function will return the X.509v3 certificate's subject key +identifier. This is obtained by the X.509 Subject Key identifier +extension field (2.5.29.14). + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} +if the extension is not present, otherwise a negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_get_subject_key_id.short b/doc/functions/gnutls_x509_crt_get_subject_key_id.short new file mode 100644 index 0000000..861a1d6 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_subject_key_id.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_get_subject_key_id} (gnutls_x509_crt_t @var{cert}, void * @var{ret}, size_t * @var{ret_size}, unsigned int * @var{critical}) diff --git a/doc/functions/gnutls_x509_crt_get_subject_unique_id b/doc/functions/gnutls_x509_crt_get_subject_unique_id new file mode 100644 index 0000000..864f7fa --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_subject_unique_id @@ -0,0 +1,26 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_get_subject_unique_id} (gnutls_x509_crt_t @var{crt}, char * @var{buf}, size_t * @var{buf_size}) +@var{crt}: Holds the certificate + +@var{buf}: user allocated memory buffer, will hold the unique id + +@var{buf_size}: size of user allocated memory buffer (on input), will hold +actual size of the unique ID on return. + +This function will extract the subjectUniqueID value (if present) for +the given certificate. + +If the user allocated memory buffer is not large enough to hold the +full subjectUniqueID, then a GNUTLS_E_SHORT_MEMORY_BUFFER error will be +returned, and buf_size will be set to the actual length. + +This function had a bug prior to 3.4.8 that prevented the setting +of @code{NULL} @code{buf} to discover the @code{buf_size} . To use this function safely +with the older versions the @code{buf} must be a valid buffer that can hold +at least a single byte if @code{buf_size} is zero. + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, otherwise a negative error code. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_get_subject_unique_id.short b/doc/functions/gnutls_x509_crt_get_subject_unique_id.short new file mode 100644 index 0000000..661234f --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_subject_unique_id.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_get_subject_unique_id} (gnutls_x509_crt_t @var{crt}, char * @var{buf}, size_t * @var{buf_size}) diff --git a/doc/functions/gnutls_x509_crt_get_tlsfeatures b/doc/functions/gnutls_x509_crt_get_tlsfeatures new file mode 100644 index 0000000..f037e08 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_tlsfeatures @@ -0,0 +1,31 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_get_tlsfeatures} (gnutls_x509_crt_t @var{crt}, gnutls_x509_tlsfeatures_t @var{features}, unsigned int @var{flags}, unsigned int * @var{critical}) +@var{crt}: A X.509 certificate + +@var{features}: If the function succeeds, the +features will be stored in this variable. + +@var{flags}: zero or @code{GNUTLS_EXT_FLAG_APPEND} + +@var{critical}: the extension status + +This function will get the X.509 TLS features +extension structure from the certificate. The +returned structure needs to be freed using +@code{gnutls_x509_tlsfeatures_deinit()} . + +When the @code{flags} is set to @code{GNUTLS_EXT_FLAG_APPEND} , +then if the @code{features} structure is empty this function will behave +identically as if the flag was not set. Otherwise if there are elements +in the @code{features} structure then they will be merged with. + +Note that @code{features} must be initialized prior to calling this function. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, +otherwise a negative error value. + +@strong{Since:} 3.5.1 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_get_tlsfeatures.short b/doc/functions/gnutls_x509_crt_get_tlsfeatures.short new file mode 100644 index 0000000..5671c03 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_tlsfeatures.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_get_tlsfeatures} (gnutls_x509_crt_t @var{crt}, gnutls_x509_tlsfeatures_t @var{features}, unsigned int @var{flags}, unsigned int * @var{critical}) diff --git a/doc/functions/gnutls_x509_crt_get_version b/doc/functions/gnutls_x509_crt_get_version new file mode 100644 index 0000000..f3a6408 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_version @@ -0,0 +1,11 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_get_version} (gnutls_x509_crt_t @var{cert}) +@var{cert}: should contain a @code{gnutls_x509_crt_t} type + +This function will return the version of the specified Certificate. + +@strong{Returns:} version of certificate, or a negative error code on error. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_get_version.short b/doc/functions/gnutls_x509_crt_get_version.short new file mode 100644 index 0000000..0764837 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_get_version.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_get_version} (gnutls_x509_crt_t @var{cert}) diff --git a/doc/functions/gnutls_x509_crt_import b/doc/functions/gnutls_x509_crt_import new file mode 100644 index 0000000..66abf74 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_import @@ -0,0 +1,21 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_import} (gnutls_x509_crt_t @var{cert}, const gnutls_datum_t * @var{data}, gnutls_x509_crt_fmt_t @var{format}) +@var{cert}: The data to store the parsed certificate. + +@var{data}: The DER or PEM encoded certificate. + +@var{format}: One of DER or PEM + +This function will convert the given DER or PEM encoded Certificate +to the native gnutls_x509_crt_t format. The output will be stored +in @code{cert} . + +If the Certificate is PEM encoded it should have a header of "X509 +CERTIFICATE", or "CERTIFICATE". + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_import.short b/doc/functions/gnutls_x509_crt_import.short new file mode 100644 index 0000000..9137ecb --- /dev/null +++ b/doc/functions/gnutls_x509_crt_import.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_import} (gnutls_x509_crt_t @var{cert}, const gnutls_datum_t * @var{data}, gnutls_x509_crt_fmt_t @var{format}) diff --git a/doc/functions/gnutls_x509_crt_import_pkcs11 b/doc/functions/gnutls_x509_crt_import_pkcs11 new file mode 100644 index 0000000..1c2c76d --- /dev/null +++ b/doc/functions/gnutls_x509_crt_import_pkcs11 @@ -0,0 +1,17 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_import_pkcs11} (gnutls_x509_crt_t @var{crt}, gnutls_pkcs11_obj_t @var{pkcs11_crt}) +@var{crt}: A certificate of type @code{gnutls_x509_crt_t} + +@var{pkcs11_crt}: A PKCS 11 object that contains a certificate + +This function will import a PKCS 11 certificate to a @code{gnutls_x509_crt_t} +structure. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 2.12.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_import_pkcs11.short b/doc/functions/gnutls_x509_crt_import_pkcs11.short new file mode 100644 index 0000000..2e67613 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_import_pkcs11.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_import_pkcs11} (gnutls_x509_crt_t @var{crt}, gnutls_pkcs11_obj_t @var{pkcs11_crt}) diff --git a/doc/functions/gnutls_x509_crt_import_url b/doc/functions/gnutls_x509_crt_import_url new file mode 100644 index 0000000..92bb14c --- /dev/null +++ b/doc/functions/gnutls_x509_crt_import_url @@ -0,0 +1,23 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_import_url} (gnutls_x509_crt_t @var{crt}, const char * @var{url}, unsigned int @var{flags}) +@var{crt}: A certificate of type @code{gnutls_x509_crt_t} + +@var{url}: A PKCS 11 url + +@var{flags}: One of GNUTLS_PKCS11_OBJ_* flags for PKCS@code{11} URLs or zero otherwise + +This function will import a certificate present in a PKCS@code{11} token +or any type of back-end that supports URLs. + +In previous versions of gnutls this function was named +gnutls_x509_crt_import_pkcs11_url, and the old name is +an alias to this one. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.4.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_import_url.short b/doc/functions/gnutls_x509_crt_import_url.short new file mode 100644 index 0000000..b15e6e3 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_import_url.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_import_url} (gnutls_x509_crt_t @var{crt}, const char * @var{url}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_x509_crt_init b/doc/functions/gnutls_x509_crt_init new file mode 100644 index 0000000..4d5e5a5 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_init @@ -0,0 +1,12 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_init} (gnutls_x509_crt_t * @var{cert}) +@var{cert}: A pointer to the type to be initialized + +This function will initialize an X.509 certificate structure. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_init.short b/doc/functions/gnutls_x509_crt_init.short new file mode 100644 index 0000000..e20eed1 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_init.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_init} (gnutls_x509_crt_t * @var{cert}) diff --git a/doc/functions/gnutls_x509_crt_list_import b/doc/functions/gnutls_x509_crt_list_import new file mode 100644 index 0000000..d886112 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_list_import @@ -0,0 +1,30 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_list_import} (gnutls_x509_crt_t * @var{certs}, unsigned int * @var{cert_max}, const gnutls_datum_t * @var{data}, gnutls_x509_crt_fmt_t @var{format}, unsigned int @var{flags}) +@var{certs}: Indicates where the parsed list will be copied to. Must not be initialized. + +@var{cert_max}: Initially must hold the maximum number of certs. It will be updated with the number of certs available. + +@var{data}: The PEM encoded certificate. + +@var{format}: One of DER or PEM. + +@var{flags}: must be (0) or an OR'd sequence of gnutls_certificate_import_flags. + +This function will convert the given PEM encoded certificate list +to the native gnutls_x509_crt_t format. The output will be stored +in @code{certs} . They will be automatically initialized. + +The flag @code{GNUTLS_X509_CRT_LIST_IMPORT_FAIL_IF_EXCEED} will cause +import to fail if the certificates in the provided buffer are more +than the available structures. The @code{GNUTLS_X509_CRT_LIST_FAIL_IF_UNSORTED} +flag will cause the function to fail if the provided list is not +sorted from subject to issuer. + +If the Certificate is PEM encoded it should have a header of "X509 +CERTIFICATE", or "CERTIFICATE". + +@strong{Returns:} the number of certificates read or a negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_list_import.short b/doc/functions/gnutls_x509_crt_list_import.short new file mode 100644 index 0000000..ec7225a --- /dev/null +++ b/doc/functions/gnutls_x509_crt_list_import.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_list_import} (gnutls_x509_crt_t * @var{certs}, unsigned int * @var{cert_max}, const gnutls_datum_t * @var{data}, gnutls_x509_crt_fmt_t @var{format}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_x509_crt_list_import2 b/doc/functions/gnutls_x509_crt_list_import2 new file mode 100644 index 0000000..0cfba07 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_list_import2 @@ -0,0 +1,29 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_list_import2} (gnutls_x509_crt_t ** @var{certs}, unsigned int * @var{size}, const gnutls_datum_t * @var{data}, gnutls_x509_crt_fmt_t @var{format}, unsigned int @var{flags}) +@var{certs}: Will hold the parsed certificate list. + +@var{size}: It will contain the size of the list. + +@var{data}: The PEM encoded certificate. + +@var{format}: One of DER or PEM. + +@var{flags}: must be (0) or an OR'd sequence of gnutls_certificate_import_flags. + +This function will convert the given PEM encoded certificate list +to the native gnutls_x509_crt_t format. The output will be stored +in @code{certs} which will be allocated and initialized. + +If the Certificate is PEM encoded it should have a header of "X509 +CERTIFICATE", or "CERTIFICATE". + +To deinitialize @code{certs} , you need to deinitialize each crt structure +independently, and use @code{gnutls_free()} at @code{certs} . + +@strong{Returns:} the number of certificates read or a negative error value. + +@strong{Since:} 3.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_list_import2.short b/doc/functions/gnutls_x509_crt_list_import2.short new file mode 100644 index 0000000..6583c69 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_list_import2.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_list_import2} (gnutls_x509_crt_t ** @var{certs}, unsigned int * @var{size}, const gnutls_datum_t * @var{data}, gnutls_x509_crt_fmt_t @var{format}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_x509_crt_list_import_pkcs11 b/doc/functions/gnutls_x509_crt_list_import_pkcs11 new file mode 100644 index 0000000..38f47be --- /dev/null +++ b/doc/functions/gnutls_x509_crt_list_import_pkcs11 @@ -0,0 +1,21 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_list_import_pkcs11} (gnutls_x509_crt_t * @var{certs}, unsigned int @var{cert_max}, gnutls_pkcs11_obj_t * const @var{objs}, unsigned int @var{flags}) +@var{certs}: A list of certificates of type @code{gnutls_x509_crt_t} + +@var{cert_max}: The maximum size of the list + +@var{objs}: A list of PKCS 11 objects + +@var{flags}: 0 for now + +This function will import a PKCS 11 certificate list to a list of +@code{gnutls_x509_crt_t} type. These must not be initialized. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 2.12.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_list_import_pkcs11.short b/doc/functions/gnutls_x509_crt_list_import_pkcs11.short new file mode 100644 index 0000000..7629dc4 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_list_import_pkcs11.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_list_import_pkcs11} (gnutls_x509_crt_t * @var{certs}, unsigned int @var{cert_max}, gnutls_pkcs11_obj_t * const @var{objs}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_x509_crt_list_import_url b/doc/functions/gnutls_x509_crt_list_import_url new file mode 100644 index 0000000..bf561fc --- /dev/null +++ b/doc/functions/gnutls_x509_crt_list_import_url @@ -0,0 +1,31 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_list_import_url} (gnutls_x509_crt_t ** @var{certs}, unsigned int * @var{size}, const char * @var{url}, gnutls_pin_callback_t @var{pin_fn}, void * @var{pin_fn_userdata}, unsigned int @var{flags}) +@var{certs}: Will hold the allocated certificate list. + +@var{size}: It will contain the size of the list. + +@var{url}: A PKCS 11 url + +@var{pin_fn}: a PIN callback if not globally set + +@var{pin_fn_userdata}: parameter for the PIN callback + +@var{flags}: One of GNUTLS_PKCS11_OBJ_* flags for PKCS@code{11} URLs or zero otherwise + +This function will import a certificate chain present in a PKCS@code{11} token +or any type of back-end that supports URLs. The certificates +must be deinitialized afterwards using @code{gnutls_x509_crt_deinit()} +and the returned pointer must be freed using @code{gnutls_free()} . + +The URI provided must be the first certificate in the chain; subsequent +certificates will be retrieved using @code{gnutls_pkcs11_get_raw_issuer()} or +equivalent functionality for the supported URI. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.6.3 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_list_import_url.short b/doc/functions/gnutls_x509_crt_list_import_url.short new file mode 100644 index 0000000..7480e72 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_list_import_url.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_list_import_url} (gnutls_x509_crt_t ** @var{certs}, unsigned int * @var{size}, const char * @var{url}, gnutls_pin_callback_t @var{pin_fn}, void * @var{pin_fn_userdata}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_x509_crt_list_verify b/doc/functions/gnutls_x509_crt_list_verify new file mode 100644 index 0000000..e608a16 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_list_verify @@ -0,0 +1,37 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_list_verify} (const gnutls_x509_crt_t * @var{cert_list}, unsigned @var{cert_list_length}, const gnutls_x509_crt_t * @var{CA_list}, unsigned @var{CA_list_length}, const gnutls_x509_crl_t * @var{CRL_list}, unsigned @var{CRL_list_length}, unsigned int @var{flags}, unsigned int * @var{verify}) +@var{cert_list}: is the certificate list to be verified + +@var{cert_list_length}: holds the number of certificate in cert_list + +@var{CA_list}: is the CA list which will be used in verification + +@var{CA_list_length}: holds the number of CA certificate in CA_list + +@var{CRL_list}: holds a list of CRLs. + +@var{CRL_list_length}: the length of CRL list. + +@var{flags}: Flags that may be used to change the verification algorithm. Use OR of the gnutls_certificate_verify_flags enumerations. + +@var{verify}: will hold the certificate verification output. + + +This function will try to verify the given certificate list and +return its status. The details of the verification are the same +as in @code{gnutls_x509_trust_list_verify_crt2()} . + +You must check the peer's name in order to check if the verified +certificate belongs to the actual peer. + +The certificate verification output will be put in @code{verify} and will +be one or more of the gnutls_certificate_status_t enumerated +elements bitwise or'd. For a more detailed verification status use +@code{gnutls_x509_crt_verify()} per list element. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_list_verify.short b/doc/functions/gnutls_x509_crt_list_verify.short new file mode 100644 index 0000000..6aa1cca --- /dev/null +++ b/doc/functions/gnutls_x509_crt_list_verify.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_list_verify} (const gnutls_x509_crt_t * @var{cert_list}, unsigned @var{cert_list_length}, const gnutls_x509_crt_t * @var{CA_list}, unsigned @var{CA_list_length}, const gnutls_x509_crl_t * @var{CRL_list}, unsigned @var{CRL_list_length}, unsigned int @var{flags}, unsigned int * @var{verify}) diff --git a/doc/functions/gnutls_x509_crt_print b/doc/functions/gnutls_x509_crt_print new file mode 100644 index 0000000..c938ebf --- /dev/null +++ b/doc/functions/gnutls_x509_crt_print @@ -0,0 +1,24 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_print} (gnutls_x509_crt_t @var{cert}, gnutls_certificate_print_formats_t @var{format}, gnutls_datum_t * @var{out}) +@var{cert}: The data to be printed + +@var{format}: Indicate the format to use + +@var{out}: Newly allocated datum with null terminated string. + +This function will pretty print a X.509 certificate, suitable for +display to a human. + +If the format is @code{GNUTLS_CRT_PRINT_FULL} then all fields of the +certificate will be output, on multiple lines. The +@code{GNUTLS_CRT_PRINT_ONELINE} format will generate one line with some +selected fields, which is useful for logging purposes. + +The output @code{out} needs to be deallocated using @code{gnutls_free()} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_print.short b/doc/functions/gnutls_x509_crt_print.short new file mode 100644 index 0000000..f338aa4 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_print.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_print} (gnutls_x509_crt_t @var{cert}, gnutls_certificate_print_formats_t @var{format}, gnutls_datum_t * @var{out}) diff --git a/doc/functions/gnutls_x509_crt_privkey_sign b/doc/functions/gnutls_x509_crt_privkey_sign new file mode 100644 index 0000000..be421d1 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_privkey_sign @@ -0,0 +1,31 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_privkey_sign} (gnutls_x509_crt_t @var{crt}, gnutls_x509_crt_t @var{issuer}, gnutls_privkey_t @var{issuer_key}, gnutls_digest_algorithm_t @var{dig}, unsigned int @var{flags}) +@var{crt}: a certificate of type @code{gnutls_x509_crt_t} + +@var{issuer}: is the certificate of the certificate issuer + +@var{issuer_key}: holds the issuer's private key + +@var{dig}: The message digest to use, @code{GNUTLS_DIG_SHA256} is a safe choice + +@var{flags}: must be 0 + +This function will sign the certificate with the issuer's private key, and +will copy the issuer's information into the certificate. + +This must be the last step in a certificate generation since all +the previously set parameters are now signed. + +A known limitation of this function is, that a newly-signed certificate will not +be fully functional (e.g., for signature verification), until it +is exported an re-imported. + +After GnuTLS 3.6.1 the value of @code{dig} may be @code{GNUTLS_DIG_UNKNOWN} , +and in that case, a suitable but reasonable for the key algorithm will be selected. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_privkey_sign.short b/doc/functions/gnutls_x509_crt_privkey_sign.short new file mode 100644 index 0000000..1e617c0 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_privkey_sign.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_privkey_sign} (gnutls_x509_crt_t @var{crt}, gnutls_x509_crt_t @var{issuer}, gnutls_privkey_t @var{issuer_key}, gnutls_digest_algorithm_t @var{dig}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_x509_crt_set_activation_time b/doc/functions/gnutls_x509_crt_set_activation_time new file mode 100644 index 0000000..567bd81 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_set_activation_time @@ -0,0 +1,15 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_set_activation_time} (gnutls_x509_crt_t @var{cert}, time_t @var{act_time}) +@var{cert}: a certificate of type @code{gnutls_x509_crt_t} + +@var{act_time}: The actual time + +This function will set the time this certificate was or will be +activated. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_set_activation_time.short b/doc/functions/gnutls_x509_crt_set_activation_time.short new file mode 100644 index 0000000..7698236 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_set_activation_time.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_set_activation_time} (gnutls_x509_crt_t @var{cert}, time_t @var{act_time}) diff --git a/doc/functions/gnutls_x509_crt_set_authority_info_access b/doc/functions/gnutls_x509_crt_set_authority_info_access new file mode 100644 index 0000000..a0f9ed4 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_set_authority_info_access @@ -0,0 +1,26 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_set_authority_info_access} (gnutls_x509_crt_t @var{crt}, int @var{what}, gnutls_datum_t * @var{data}) +@var{crt}: Holds the certificate + +@var{what}: what data to get, a @code{gnutls_info_access_what_t} type. + +@var{data}: output data to be freed with @code{gnutls_free()} . + +This function sets the Authority Information Access (AIA) +extension, see RFC 5280 section 4.2.2.1 for more information. + +The type of data stored in @code{data} is specified via @code{what} which +should be @code{gnutls_info_access_what_t} values. + +If @code{what} is @code{GNUTLS_IA_OCSP_URI} , @code{data} will hold the OCSP URI. +If @code{what} is @code{GNUTLS_IA_CAISSUERS_URI} , @code{data} will hold the caIssuers +URI. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_set_authority_info_access.short b/doc/functions/gnutls_x509_crt_set_authority_info_access.short new file mode 100644 index 0000000..cc58027 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_set_authority_info_access.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_set_authority_info_access} (gnutls_x509_crt_t @var{crt}, int @var{what}, gnutls_datum_t * @var{data}) diff --git a/doc/functions/gnutls_x509_crt_set_authority_key_id b/doc/functions/gnutls_x509_crt_set_authority_key_id new file mode 100644 index 0000000..b9f754f --- /dev/null +++ b/doc/functions/gnutls_x509_crt_set_authority_key_id @@ -0,0 +1,17 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_set_authority_key_id} (gnutls_x509_crt_t @var{cert}, const void * @var{id}, size_t @var{id_size}) +@var{cert}: a certificate of type @code{gnutls_x509_crt_t} + +@var{id}: The key ID + +@var{id_size}: Holds the size of the key ID field. + +This function will set the X.509 certificate's authority key ID extension. +Only the keyIdentifier field can be set with this function. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_set_authority_key_id.short b/doc/functions/gnutls_x509_crt_set_authority_key_id.short new file mode 100644 index 0000000..32a3381 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_set_authority_key_id.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_set_authority_key_id} (gnutls_x509_crt_t @var{cert}, const void * @var{id}, size_t @var{id_size}) diff --git a/doc/functions/gnutls_x509_crt_set_basic_constraints b/doc/functions/gnutls_x509_crt_set_basic_constraints new file mode 100644 index 0000000..0665cc0 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_set_basic_constraints @@ -0,0 +1,18 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_set_basic_constraints} (gnutls_x509_crt_t @var{crt}, unsigned int @var{ca}, int @var{pathLenConstraint}) +@var{crt}: a certificate of type @code{gnutls_x509_crt_t} + +@var{ca}: true(1) or false(0). Depending on the Certificate authority status. + +@var{pathLenConstraint}: non-negative error codes indicate maximum length of path, +and negative error codes indicate that the pathLenConstraints field should +not be present. + +This function will set the basicConstraints certificate extension. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_set_basic_constraints.short b/doc/functions/gnutls_x509_crt_set_basic_constraints.short new file mode 100644 index 0000000..45300e4 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_set_basic_constraints.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_set_basic_constraints} (gnutls_x509_crt_t @var{crt}, unsigned int @var{ca}, int @var{pathLenConstraint}) diff --git a/doc/functions/gnutls_x509_crt_set_ca_status b/doc/functions/gnutls_x509_crt_set_ca_status new file mode 100644 index 0000000..3a6689c --- /dev/null +++ b/doc/functions/gnutls_x509_crt_set_ca_status @@ -0,0 +1,16 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_set_ca_status} (gnutls_x509_crt_t @var{crt}, unsigned int @var{ca}) +@var{crt}: a certificate of type @code{gnutls_x509_crt_t} + +@var{ca}: true(1) or false(0). Depending on the Certificate authority status. + +This function will set the basicConstraints certificate extension. +Use @code{gnutls_x509_crt_set_basic_constraints()} if you want to control +the pathLenConstraint field too. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_set_ca_status.short b/doc/functions/gnutls_x509_crt_set_ca_status.short new file mode 100644 index 0000000..741dd90 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_set_ca_status.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_set_ca_status} (gnutls_x509_crt_t @var{crt}, unsigned int @var{ca}) diff --git a/doc/functions/gnutls_x509_crt_set_crl_dist_points b/doc/functions/gnutls_x509_crt_set_crl_dist_points new file mode 100644 index 0000000..f59b2a9 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_set_crl_dist_points @@ -0,0 +1,18 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_set_crl_dist_points} (gnutls_x509_crt_t @var{crt}, gnutls_x509_subject_alt_name_t @var{type}, const void * @var{data_string}, unsigned int @var{reason_flags}) +@var{crt}: a certificate of type @code{gnutls_x509_crt_t} + +@var{type}: is one of the gnutls_x509_subject_alt_name_t enumerations + +@var{data_string}: The data to be set + +@var{reason_flags}: revocation reasons + +This function will set the CRL distribution points certificate extension. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_set_crl_dist_points.short b/doc/functions/gnutls_x509_crt_set_crl_dist_points.short new file mode 100644 index 0000000..81393b5 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_set_crl_dist_points.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_set_crl_dist_points} (gnutls_x509_crt_t @var{crt}, gnutls_x509_subject_alt_name_t @var{type}, const void * @var{data_string}, unsigned int @var{reason_flags}) diff --git a/doc/functions/gnutls_x509_crt_set_crl_dist_points2 b/doc/functions/gnutls_x509_crt_set_crl_dist_points2 new file mode 100644 index 0000000..946f35b --- /dev/null +++ b/doc/functions/gnutls_x509_crt_set_crl_dist_points2 @@ -0,0 +1,22 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_set_crl_dist_points2} (gnutls_x509_crt_t @var{crt}, gnutls_x509_subject_alt_name_t @var{type}, const void * @var{data}, unsigned int @var{data_size}, unsigned int @var{reason_flags}) +@var{crt}: a certificate of type @code{gnutls_x509_crt_t} + +@var{type}: is one of the gnutls_x509_subject_alt_name_t enumerations + +@var{data}: The data to be set + +@var{data_size}: The data size + +@var{reason_flags}: revocation reasons + +This function will set the CRL distribution points certificate extension. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 2.6.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_set_crl_dist_points2.short b/doc/functions/gnutls_x509_crt_set_crl_dist_points2.short new file mode 100644 index 0000000..40d12f4 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_set_crl_dist_points2.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_set_crl_dist_points2} (gnutls_x509_crt_t @var{crt}, gnutls_x509_subject_alt_name_t @var{type}, const void * @var{data}, unsigned int @var{data_size}, unsigned int @var{reason_flags}) diff --git a/doc/functions/gnutls_x509_crt_set_crq b/doc/functions/gnutls_x509_crt_set_crq new file mode 100644 index 0000000..7d5541d --- /dev/null +++ b/doc/functions/gnutls_x509_crt_set_crq @@ -0,0 +1,19 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_set_crq} (gnutls_x509_crt_t @var{crt}, gnutls_x509_crq_t @var{crq}) +@var{crt}: a certificate of type @code{gnutls_x509_crt_t} + +@var{crq}: holds a certificate request + +This function will set the name and public parameters as well as +the extensions from the given certificate request to the certificate. +Only RSA keys are currently supported. + +Note that this function will only set the @code{crq} if it is self +signed and the signature is correct. See @code{gnutls_x509_crq_sign2()} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_set_crq.short b/doc/functions/gnutls_x509_crt_set_crq.short new file mode 100644 index 0000000..07e198b --- /dev/null +++ b/doc/functions/gnutls_x509_crt_set_crq.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_set_crq} (gnutls_x509_crt_t @var{crt}, gnutls_x509_crq_t @var{crq}) diff --git a/doc/functions/gnutls_x509_crt_set_crq_extension_by_oid b/doc/functions/gnutls_x509_crt_set_crq_extension_by_oid new file mode 100644 index 0000000..005d391 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_set_crq_extension_by_oid @@ -0,0 +1,21 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_set_crq_extension_by_oid} (gnutls_x509_crt_t @var{crt}, gnutls_x509_crq_t @var{crq}, const char * @var{oid}, unsigned @var{flags}) +@var{crt}: a certificate of type @code{gnutls_x509_crt_t} + +@var{crq}: holds a certificate request + +@var{oid}: the object identifier of the OID to copy + +@var{flags}: should be zero + +This function will set the extension specify by @code{oid} from the given request to the +certificate. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.5.1 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_set_crq_extension_by_oid.short b/doc/functions/gnutls_x509_crt_set_crq_extension_by_oid.short new file mode 100644 index 0000000..81671a7 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_set_crq_extension_by_oid.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_set_crq_extension_by_oid} (gnutls_x509_crt_t @var{crt}, gnutls_x509_crq_t @var{crq}, const char * @var{oid}, unsigned @var{flags}) diff --git a/doc/functions/gnutls_x509_crt_set_crq_extensions b/doc/functions/gnutls_x509_crt_set_crq_extensions new file mode 100644 index 0000000..4c0e5a1 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_set_crq_extensions @@ -0,0 +1,17 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_set_crq_extensions} (gnutls_x509_crt_t @var{crt}, gnutls_x509_crq_t @var{crq}) +@var{crt}: a certificate of type @code{gnutls_x509_crt_t} + +@var{crq}: holds a certificate request + +This function will set the extensions from the given request to the +certificate. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 2.8.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_set_crq_extensions.short b/doc/functions/gnutls_x509_crt_set_crq_extensions.short new file mode 100644 index 0000000..646dd0b --- /dev/null +++ b/doc/functions/gnutls_x509_crt_set_crq_extensions.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_set_crq_extensions} (gnutls_x509_crt_t @var{crt}, gnutls_x509_crq_t @var{crq}) diff --git a/doc/functions/gnutls_x509_crt_set_dn b/doc/functions/gnutls_x509_crt_set_dn new file mode 100644 index 0000000..d922454 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_set_dn @@ -0,0 +1,23 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_set_dn} (gnutls_x509_crt_t @var{crt}, const char * @var{dn}, const char ** @var{err}) +@var{crt}: a certificate of type @code{gnutls_x509_crt_t} + +@var{dn}: a comma separated DN string (RFC4514) + +@var{err}: indicates the error position (if any) + +This function will set the DN on the provided certificate. +The input string should be plain ASCII or UTF-8 encoded. On +DN parsing error @code{GNUTLS_E_PARSING_ERROR} is returned. + +Note that DNs are not expected to hold DNS information, and thus +no automatic IDNA conversions are attempted when using this function. +If that is required (e.g., store a domain in CN), process the corresponding +input with @code{gnutls_idna_map()} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_set_dn.short b/doc/functions/gnutls_x509_crt_set_dn.short new file mode 100644 index 0000000..ff6259e --- /dev/null +++ b/doc/functions/gnutls_x509_crt_set_dn.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_set_dn} (gnutls_x509_crt_t @var{crt}, const char * @var{dn}, const char ** @var{err}) diff --git a/doc/functions/gnutls_x509_crt_set_dn_by_oid b/doc/functions/gnutls_x509_crt_set_dn_by_oid new file mode 100644 index 0000000..d951ab6 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_set_dn_by_oid @@ -0,0 +1,28 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_set_dn_by_oid} (gnutls_x509_crt_t @var{crt}, const char * @var{oid}, unsigned int @var{raw_flag}, const void * @var{name}, unsigned int @var{sizeof_name}) +@var{crt}: a certificate of type @code{gnutls_x509_crt_t} + +@var{oid}: holds an Object Identifier in a null terminated string + +@var{raw_flag}: must be 0, or 1 if the data are DER encoded + +@var{name}: a pointer to the name + +@var{sizeof_name}: holds the size of @code{name} + +This function will set the part of the name of the Certificate +subject, specified by the given OID. The input string should be +ASCII or UTF-8 encoded. + +Some helper macros with popular OIDs can be found in gnutls/x509.h +With this function you can only set the known OIDs. You can test +for known OIDs using @code{gnutls_x509_dn_oid_known()} . For OIDs that are +not known (by gnutls) you should properly DER encode your data, +and call this function with @code{raw_flag} set. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_set_dn_by_oid.short b/doc/functions/gnutls_x509_crt_set_dn_by_oid.short new file mode 100644 index 0000000..f6e51d4 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_set_dn_by_oid.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_set_dn_by_oid} (gnutls_x509_crt_t @var{crt}, const char * @var{oid}, unsigned int @var{raw_flag}, const void * @var{name}, unsigned int @var{sizeof_name}) diff --git a/doc/functions/gnutls_x509_crt_set_expiration_time b/doc/functions/gnutls_x509_crt_set_expiration_time new file mode 100644 index 0000000..9853c05 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_set_expiration_time @@ -0,0 +1,16 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_set_expiration_time} (gnutls_x509_crt_t @var{cert}, time_t @var{exp_time}) +@var{cert}: a certificate of type @code{gnutls_x509_crt_t} + +@var{exp_time}: The actual time + +This function will set the time this Certificate will expire. +Setting an expiration time to (time_t)-1 will set +to the no well-defined expiration date value. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_set_expiration_time.short b/doc/functions/gnutls_x509_crt_set_expiration_time.short new file mode 100644 index 0000000..91f9fad --- /dev/null +++ b/doc/functions/gnutls_x509_crt_set_expiration_time.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_set_expiration_time} (gnutls_x509_crt_t @var{cert}, time_t @var{exp_time}) diff --git a/doc/functions/gnutls_x509_crt_set_extension_by_oid b/doc/functions/gnutls_x509_crt_set_extension_by_oid new file mode 100644 index 0000000..1ab9a1e --- /dev/null +++ b/doc/functions/gnutls_x509_crt_set_extension_by_oid @@ -0,0 +1,22 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_set_extension_by_oid} (gnutls_x509_crt_t @var{crt}, const char * @var{oid}, const void * @var{buf}, size_t @var{sizeof_buf}, unsigned int @var{critical}) +@var{crt}: a certificate of type @code{gnutls_x509_crt_t} + +@var{oid}: holds an Object Identifier in null terminated string + +@var{buf}: a pointer to a DER encoded data + +@var{sizeof_buf}: holds the size of @code{buf} + +@var{critical}: should be non-zero if the extension is to be marked as critical + +This function will set an the extension, by the specified OID, in +the certificate. The extension data should be binary data DER +encoded. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_set_extension_by_oid.short b/doc/functions/gnutls_x509_crt_set_extension_by_oid.short new file mode 100644 index 0000000..685ae8b --- /dev/null +++ b/doc/functions/gnutls_x509_crt_set_extension_by_oid.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_set_extension_by_oid} (gnutls_x509_crt_t @var{crt}, const char * @var{oid}, const void * @var{buf}, size_t @var{sizeof_buf}, unsigned int @var{critical}) diff --git a/doc/functions/gnutls_x509_crt_set_flags b/doc/functions/gnutls_x509_crt_set_flags new file mode 100644 index 0000000..581e86a --- /dev/null +++ b/doc/functions/gnutls_x509_crt_set_flags @@ -0,0 +1,15 @@ + + + + +@deftypefun {void} {gnutls_x509_crt_set_flags} (gnutls_x509_crt_t @var{cert}, unsigned int @var{flags}) +@var{cert}: A type @code{gnutls_x509_crt_t} + +@var{flags}: flags from the @code{gnutls_x509_crt_flags} + +This function will set flags for the specified certificate. +Currently this is useful for the @code{GNUTLS_X509_CRT_FLAG_IGNORE_SANITY} +which allows importing certificates even if they have known issues. + +@strong{Since:} 3.6.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_set_flags.short b/doc/functions/gnutls_x509_crt_set_flags.short new file mode 100644 index 0000000..d0f0530 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_set_flags.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_x509_crt_set_flags} (gnutls_x509_crt_t @var{cert}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_x509_crt_set_inhibit_anypolicy b/doc/functions/gnutls_x509_crt_set_inhibit_anypolicy new file mode 100644 index 0000000..1c1d06e --- /dev/null +++ b/doc/functions/gnutls_x509_crt_set_inhibit_anypolicy @@ -0,0 +1,14 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_set_inhibit_anypolicy} (gnutls_x509_crt_t @var{crt}, unsigned int @var{skipcerts}) +@var{crt}: a certificate of type @code{gnutls_x509_crt_t} + +@var{skipcerts}: number of certificates after which anypolicy is no longer acceptable. + +This function will set the Inhibit anyPolicy certificate extension. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_set_inhibit_anypolicy.short b/doc/functions/gnutls_x509_crt_set_inhibit_anypolicy.short new file mode 100644 index 0000000..c8d5286 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_set_inhibit_anypolicy.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_set_inhibit_anypolicy} (gnutls_x509_crt_t @var{crt}, unsigned int @var{skipcerts}) diff --git a/doc/functions/gnutls_x509_crt_set_issuer_alt_name b/doc/functions/gnutls_x509_crt_set_issuer_alt_name new file mode 100644 index 0000000..6ead3e7 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_set_issuer_alt_name @@ -0,0 +1,26 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_set_issuer_alt_name} (gnutls_x509_crt_t @var{crt}, gnutls_x509_subject_alt_name_t @var{type}, const void * @var{data}, unsigned int @var{data_size}, unsigned int @var{flags}) +@var{crt}: a certificate of type @code{gnutls_x509_crt_t} + +@var{type}: is one of the gnutls_x509_subject_alt_name_t enumerations + +@var{data}: The data to be set + +@var{data_size}: The size of data to be set + +@var{flags}: GNUTLS_FSAN_SET to clear previous data or GNUTLS_FSAN_APPEND to append. + +This function will set the issuer alternative name certificate +extension. It can set the same types as @code{gnutls_x509_crt_set_subject_alt_name()} . + +Since version 3.5.7 the @code{GNUTLS_SAN_RFC822NAME} , @code{GNUTLS_SAN_DNSNAME} , and +@code{GNUTLS_SAN_OTHERNAME_XMPP} are converted to ACE format when necessary. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.3.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_set_issuer_alt_name.short b/doc/functions/gnutls_x509_crt_set_issuer_alt_name.short new file mode 100644 index 0000000..5dea3c5 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_set_issuer_alt_name.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_set_issuer_alt_name} (gnutls_x509_crt_t @var{crt}, gnutls_x509_subject_alt_name_t @var{type}, const void * @var{data}, unsigned int @var{data_size}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_x509_crt_set_issuer_alt_othername b/doc/functions/gnutls_x509_crt_set_issuer_alt_othername new file mode 100644 index 0000000..a256344 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_set_issuer_alt_othername @@ -0,0 +1,27 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_set_issuer_alt_othername} (gnutls_x509_crt_t @var{crt}, const char * @var{oid}, const void * @var{data}, unsigned int @var{data_size}, unsigned int @var{flags}) +@var{crt}: a certificate of type @code{gnutls_x509_crt_t} + +@var{oid}: The other name OID + +@var{data}: The data to be set + +@var{data_size}: The size of data to be set + +@var{flags}: GNUTLS_FSAN_SET to clear previous data or GNUTLS_FSAN_APPEND to append. + +This function will set an "othername" to the issuer alternative name certificate +extension. + +The values set are set as binary values and are expected to have the proper DER encoding. +For convenience the flags @code{GNUTLS_FSAN_ENCODE_OCTET_STRING} and @code{GNUTLS_FSAN_ENCODE_UTF8_STRING} +can be used to encode the provided data. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.5.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_set_issuer_alt_othername.short b/doc/functions/gnutls_x509_crt_set_issuer_alt_othername.short new file mode 100644 index 0000000..559fc18 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_set_issuer_alt_othername.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_set_issuer_alt_othername} (gnutls_x509_crt_t @var{crt}, const char * @var{oid}, const void * @var{data}, unsigned int @var{data_size}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_x509_crt_set_issuer_dn b/doc/functions/gnutls_x509_crt_set_issuer_dn new file mode 100644 index 0000000..5922fdc --- /dev/null +++ b/doc/functions/gnutls_x509_crt_set_issuer_dn @@ -0,0 +1,18 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_set_issuer_dn} (gnutls_x509_crt_t @var{crt}, const char * @var{dn}, const char ** @var{err}) +@var{crt}: a certificate of type @code{gnutls_x509_crt_t} + +@var{dn}: a comma separated DN string (RFC4514) + +@var{err}: indicates the error position (if any) + +This function will set the DN on the provided certificate. +The input string should be plain ASCII or UTF-8 encoded. On +DN parsing error @code{GNUTLS_E_PARSING_ERROR} is returned. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_set_issuer_dn.short b/doc/functions/gnutls_x509_crt_set_issuer_dn.short new file mode 100644 index 0000000..759a63f --- /dev/null +++ b/doc/functions/gnutls_x509_crt_set_issuer_dn.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_set_issuer_dn} (gnutls_x509_crt_t @var{crt}, const char * @var{dn}, const char ** @var{err}) diff --git a/doc/functions/gnutls_x509_crt_set_issuer_dn_by_oid b/doc/functions/gnutls_x509_crt_set_issuer_dn_by_oid new file mode 100644 index 0000000..0dabfcb --- /dev/null +++ b/doc/functions/gnutls_x509_crt_set_issuer_dn_by_oid @@ -0,0 +1,32 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_set_issuer_dn_by_oid} (gnutls_x509_crt_t @var{crt}, const char * @var{oid}, unsigned int @var{raw_flag}, const void * @var{name}, unsigned int @var{sizeof_name}) +@var{crt}: a certificate of type @code{gnutls_x509_crt_t} + +@var{oid}: holds an Object Identifier in a null terminated string + +@var{raw_flag}: must be 0, or 1 if the data are DER encoded + +@var{name}: a pointer to the name + +@var{sizeof_name}: holds the size of @code{name} + +This function will set the part of the name of the Certificate +issuer, specified by the given OID. The input string should be +ASCII or UTF-8 encoded. + +Some helper macros with popular OIDs can be found in gnutls/x509.h +With this function you can only set the known OIDs. You can test +for known OIDs using @code{gnutls_x509_dn_oid_known()} . For OIDs that are +not known (by gnutls) you should properly DER encode your data, +and call this function with @code{raw_flag} set. + +Normally you do not need to call this function, since the signing +operation will copy the signer's name as the issuer of the +certificate. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_set_issuer_dn_by_oid.short b/doc/functions/gnutls_x509_crt_set_issuer_dn_by_oid.short new file mode 100644 index 0000000..18b918d --- /dev/null +++ b/doc/functions/gnutls_x509_crt_set_issuer_dn_by_oid.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_set_issuer_dn_by_oid} (gnutls_x509_crt_t @var{crt}, const char * @var{oid}, unsigned int @var{raw_flag}, const void * @var{name}, unsigned int @var{sizeof_name}) diff --git a/doc/functions/gnutls_x509_crt_set_issuer_unique_id b/doc/functions/gnutls_x509_crt_set_issuer_unique_id new file mode 100644 index 0000000..bdcdd95 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_set_issuer_unique_id @@ -0,0 +1,18 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_set_issuer_unique_id} (gnutls_x509_crt_t @var{cert}, const void * @var{id}, size_t @var{id_size}) +@var{cert}: a certificate of type @code{gnutls_x509_crt_t} + +@var{id}: The unique ID + +@var{id_size}: Holds the size of the unique ID. + +This function will set the X.509 certificate's issuer unique ID field. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.4.7 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_set_issuer_unique_id.short b/doc/functions/gnutls_x509_crt_set_issuer_unique_id.short new file mode 100644 index 0000000..10eec97 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_set_issuer_unique_id.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_set_issuer_unique_id} (gnutls_x509_crt_t @var{cert}, const void * @var{id}, size_t @var{id_size}) diff --git a/doc/functions/gnutls_x509_crt_set_key b/doc/functions/gnutls_x509_crt_set_key new file mode 100644 index 0000000..3d5328c --- /dev/null +++ b/doc/functions/gnutls_x509_crt_set_key @@ -0,0 +1,18 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_set_key} (gnutls_x509_crt_t @var{crt}, gnutls_x509_privkey_t @var{key}) +@var{crt}: a certificate of type @code{gnutls_x509_crt_t} + +@var{key}: holds a private key + +This function will set the public parameters from the given +private key to the certificate. + +To export the public key (i.e., the SubjectPublicKeyInfo part), check +@code{gnutls_pubkey_import_x509()} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_set_key.short b/doc/functions/gnutls_x509_crt_set_key.short new file mode 100644 index 0000000..bef70b6 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_set_key.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_set_key} (gnutls_x509_crt_t @var{crt}, gnutls_x509_privkey_t @var{key}) diff --git a/doc/functions/gnutls_x509_crt_set_key_purpose_oid b/doc/functions/gnutls_x509_crt_set_key_purpose_oid new file mode 100644 index 0000000..a4fe8fc --- /dev/null +++ b/doc/functions/gnutls_x509_crt_set_key_purpose_oid @@ -0,0 +1,20 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_set_key_purpose_oid} (gnutls_x509_crt_t @var{cert}, const void * @var{oid}, unsigned int @var{critical}) +@var{cert}: a certificate of type @code{gnutls_x509_crt_t} + +@var{oid}: a pointer to a null terminated string that holds the OID + +@var{critical}: Whether this extension will be critical or not + +This function will set the key purpose OIDs of the Certificate. +These are stored in the Extended Key Usage extension (2.5.29.37) +See the GNUTLS_KP_* definitions for human readable names. + +Subsequent calls to this function will append OIDs to the OID list. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, +otherwise a negative error code is returned. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_set_key_purpose_oid.short b/doc/functions/gnutls_x509_crt_set_key_purpose_oid.short new file mode 100644 index 0000000..6e64b16 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_set_key_purpose_oid.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_set_key_purpose_oid} (gnutls_x509_crt_t @var{cert}, const void * @var{oid}, unsigned int @var{critical}) diff --git a/doc/functions/gnutls_x509_crt_set_key_usage b/doc/functions/gnutls_x509_crt_set_key_usage new file mode 100644 index 0000000..a0ac321 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_set_key_usage @@ -0,0 +1,14 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_set_key_usage} (gnutls_x509_crt_t @var{crt}, unsigned int @var{usage}) +@var{crt}: a certificate of type @code{gnutls_x509_crt_t} + +@var{usage}: an ORed sequence of the GNUTLS_KEY_* elements. + +This function will set the keyUsage certificate extension. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_set_key_usage.short b/doc/functions/gnutls_x509_crt_set_key_usage.short new file mode 100644 index 0000000..67c855f --- /dev/null +++ b/doc/functions/gnutls_x509_crt_set_key_usage.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_set_key_usage} (gnutls_x509_crt_t @var{crt}, unsigned int @var{usage}) diff --git a/doc/functions/gnutls_x509_crt_set_name_constraints b/doc/functions/gnutls_x509_crt_set_name_constraints new file mode 100644 index 0000000..e62b8a8 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_set_name_constraints @@ -0,0 +1,19 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_set_name_constraints} (gnutls_x509_crt_t @var{crt}, gnutls_x509_name_constraints_t @var{nc}, unsigned int @var{critical}) +@var{crt}: The certificate + +@var{nc}: The nameconstraints structure + +@var{critical}: whether this extension will be critical + +This function will set the provided name constraints to +the certificate extension list. This extension is always +marked as critical. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a negative error value. + +@strong{Since:} 3.3.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_set_name_constraints.short b/doc/functions/gnutls_x509_crt_set_name_constraints.short new file mode 100644 index 0000000..f15eea4 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_set_name_constraints.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_set_name_constraints} (gnutls_x509_crt_t @var{crt}, gnutls_x509_name_constraints_t @var{nc}, unsigned int @var{critical}) diff --git a/doc/functions/gnutls_x509_crt_set_pin_function b/doc/functions/gnutls_x509_crt_set_pin_function new file mode 100644 index 0000000..f8eb034 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_set_pin_function @@ -0,0 +1,20 @@ + + + + +@deftypefun {void} {gnutls_x509_crt_set_pin_function} (gnutls_x509_crt_t @var{crt}, gnutls_pin_callback_t @var{fn}, void * @var{userdata}) +@var{crt}: The certificate structure + +@var{fn}: the callback + +@var{userdata}: data associated with the callback + +This function will set a callback function to be used when +it is required to access a protected object. This function overrides +the global function set using @code{gnutls_pkcs11_set_pin_function()} . + +Note that this callback is currently used only during the import +of a PKCS @code{11} certificate with @code{gnutls_x509_crt_import_url()} . + +@strong{Since:} 3.1.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_set_pin_function.short b/doc/functions/gnutls_x509_crt_set_pin_function.short new file mode 100644 index 0000000..41a9c64 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_set_pin_function.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_x509_crt_set_pin_function} (gnutls_x509_crt_t @var{crt}, gnutls_pin_callback_t @var{fn}, void * @var{userdata}) diff --git a/doc/functions/gnutls_x509_crt_set_policy b/doc/functions/gnutls_x509_crt_set_policy new file mode 100644 index 0000000..b6338bd --- /dev/null +++ b/doc/functions/gnutls_x509_crt_set_policy @@ -0,0 +1,23 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_set_policy} (gnutls_x509_crt_t @var{crt}, const struct gnutls_x509_policy_st * @var{policy}, unsigned int @var{critical}) +@var{crt}: should contain a @code{gnutls_x509_crt_t} type + +@var{policy}: A pointer to a policy + +@var{critical}: use non-zero if the extension is marked as critical + +This function will set the certificate policy extension (2.5.29.32). +Multiple calls to this function append a new policy. + +Note the maximum text size for the qualifier @code{GNUTLS_X509_QUALIFIER_NOTICE} +is 200 characters. This function will fail with @code{GNUTLS_E_INVALID_REQUEST} +if this is exceeded. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.1.5 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_set_policy.short b/doc/functions/gnutls_x509_crt_set_policy.short new file mode 100644 index 0000000..a09741c --- /dev/null +++ b/doc/functions/gnutls_x509_crt_set_policy.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_set_policy} (gnutls_x509_crt_t @var{crt}, const struct gnutls_x509_policy_st * @var{policy}, unsigned int @var{critical}) diff --git a/doc/functions/gnutls_x509_crt_set_private_key_usage_period b/doc/functions/gnutls_x509_crt_set_private_key_usage_period new file mode 100644 index 0000000..99bde94 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_set_private_key_usage_period @@ -0,0 +1,16 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_set_private_key_usage_period} (gnutls_x509_crt_t @var{crt}, time_t @var{activation}, time_t @var{expiration}) +@var{crt}: a certificate of type @code{gnutls_x509_crt_t} + +@var{activation}: The activation time + +@var{expiration}: The expiration time + +This function will set the private key usage period extension (2.5.29.16). + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_set_private_key_usage_period.short b/doc/functions/gnutls_x509_crt_set_private_key_usage_period.short new file mode 100644 index 0000000..a33675e --- /dev/null +++ b/doc/functions/gnutls_x509_crt_set_private_key_usage_period.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_set_private_key_usage_period} (gnutls_x509_crt_t @var{crt}, time_t @var{activation}, time_t @var{expiration}) diff --git a/doc/functions/gnutls_x509_crt_set_proxy b/doc/functions/gnutls_x509_crt_set_proxy new file mode 100644 index 0000000..3a8aa89 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_set_proxy @@ -0,0 +1,22 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_set_proxy} (gnutls_x509_crt_t @var{crt}, int @var{pathLenConstraint}, const char * @var{policyLanguage}, const char * @var{policy}, size_t @var{sizeof_policy}) +@var{crt}: a certificate of type @code{gnutls_x509_crt_t} + +@var{pathLenConstraint}: non-negative error codes indicate maximum length of path, +and negative error codes indicate that the pathLenConstraints field should +not be present. + +@var{policyLanguage}: OID describing the language of @code{policy} . + +@var{policy}: uint8_t byte array with policy language, can be @code{NULL} + +@var{sizeof_policy}: size of @code{policy} . + +This function will set the proxyCertInfo extension. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_set_proxy.short b/doc/functions/gnutls_x509_crt_set_proxy.short new file mode 100644 index 0000000..3a17f0b --- /dev/null +++ b/doc/functions/gnutls_x509_crt_set_proxy.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_set_proxy} (gnutls_x509_crt_t @var{crt}, int @var{pathLenConstraint}, const char * @var{policyLanguage}, const char * @var{policy}, size_t @var{sizeof_policy}) diff --git a/doc/functions/gnutls_x509_crt_set_proxy_dn b/doc/functions/gnutls_x509_crt_set_proxy_dn new file mode 100644 index 0000000..3812dad --- /dev/null +++ b/doc/functions/gnutls_x509_crt_set_proxy_dn @@ -0,0 +1,23 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_set_proxy_dn} (gnutls_x509_crt_t @var{crt}, gnutls_x509_crt_t @var{eecrt}, unsigned int @var{raw_flag}, const void * @var{name}, unsigned int @var{sizeof_name}) +@var{crt}: a gnutls_x509_crt_t type with the new proxy cert + +@var{eecrt}: the end entity certificate that will be issuing the proxy + +@var{raw_flag}: must be 0, or 1 if the CN is DER encoded + +@var{name}: a pointer to the CN name, may be NULL (but MUST then be added later) + +@var{sizeof_name}: holds the size of @code{name} + +This function will set the subject in @code{crt} to the end entity's + @code{eecrt} subject name, and add a single Common Name component @code{name} of size @code{sizeof_name} . This corresponds to the required proxy +certificate naming style. Note that if @code{name} is @code{NULL} , you MUST +set it later by using @code{gnutls_x509_crt_set_dn_by_oid()} or similar. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_set_proxy_dn.short b/doc/functions/gnutls_x509_crt_set_proxy_dn.short new file mode 100644 index 0000000..9a1af8a --- /dev/null +++ b/doc/functions/gnutls_x509_crt_set_proxy_dn.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_set_proxy_dn} (gnutls_x509_crt_t @var{crt}, gnutls_x509_crt_t @var{eecrt}, unsigned int @var{raw_flag}, const void * @var{name}, unsigned int @var{sizeof_name}) diff --git a/doc/functions/gnutls_x509_crt_set_pubkey b/doc/functions/gnutls_x509_crt_set_pubkey new file mode 100644 index 0000000..a31be1e --- /dev/null +++ b/doc/functions/gnutls_x509_crt_set_pubkey @@ -0,0 +1,17 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_set_pubkey} (gnutls_x509_crt_t @var{crt}, gnutls_pubkey_t @var{key}) +@var{crt}: should contain a @code{gnutls_x509_crt_t} type + +@var{key}: holds a public key + +This function will set the public parameters from the given public +key to the certificate. The @code{key} can be deallocated after that. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 2.12.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_set_pubkey.short b/doc/functions/gnutls_x509_crt_set_pubkey.short new file mode 100644 index 0000000..3a0a51f --- /dev/null +++ b/doc/functions/gnutls_x509_crt_set_pubkey.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_set_pubkey} (gnutls_x509_crt_t @var{crt}, gnutls_pubkey_t @var{key}) diff --git a/doc/functions/gnutls_x509_crt_set_serial b/doc/functions/gnutls_x509_crt_set_serial new file mode 100644 index 0000000..b467674 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_set_serial @@ -0,0 +1,25 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_set_serial} (gnutls_x509_crt_t @var{cert}, const void * @var{serial}, size_t @var{serial_size}) +@var{cert}: a certificate of type @code{gnutls_x509_crt_t} + +@var{serial}: The serial number + +@var{serial_size}: Holds the size of the serial field. + +This function will set the X.509 certificate's serial number. +While the serial number is an integer, it is often handled +as an opaque field by several CAs. For this reason this function +accepts any kind of data as a serial number. To be consistent +with the X.509/PKIX specifications the provided @code{serial} should be +a big-endian positive number (i.e. it's leftmost bit should be zero). + +The size of the serial is restricted to 20 bytes maximum by RFC5280. +This function allows writing more than 20 bytes but the generated +certificates in that case may be rejected by other implementations. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_set_serial.short b/doc/functions/gnutls_x509_crt_set_serial.short new file mode 100644 index 0000000..ad251c8 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_set_serial.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_set_serial} (gnutls_x509_crt_t @var{cert}, const void * @var{serial}, size_t @var{serial_size}) diff --git a/doc/functions/gnutls_x509_crt_set_spki b/doc/functions/gnutls_x509_crt_set_spki new file mode 100644 index 0000000..8260e16 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_set_spki @@ -0,0 +1,24 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_set_spki} (gnutls_x509_crt_t @var{crt}, const gnutls_x509_spki_t @var{spki}, unsigned int @var{flags}) +@var{crt}: a certificate of type @code{gnutls_x509_crt_t} + +@var{spki}: a SubjectPublicKeyInfo structure of type @code{gnutls_x509_spki_t} + +@var{flags}: must be zero + +This function will set the certificate's subject public key +information explicitly. This is intended to be used in the cases +where a single public key (e.g., RSA) can be used for multiple +signature algorithms (RSA PKCS1-1.5, and RSA-PSS). + +To export the public key (i.e., the SubjectPublicKeyInfo part), check +@code{gnutls_pubkey_import_x509()} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.6.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_set_spki.short b/doc/functions/gnutls_x509_crt_set_spki.short new file mode 100644 index 0000000..fbddf35 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_set_spki.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_set_spki} (gnutls_x509_crt_t @var{crt}, const gnutls_x509_spki_t @var{spki}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_x509_crt_set_subject_alt_name b/doc/functions/gnutls_x509_crt_set_subject_alt_name new file mode 100644 index 0000000..e18a56e --- /dev/null +++ b/doc/functions/gnutls_x509_crt_set_subject_alt_name @@ -0,0 +1,29 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_set_subject_alt_name} (gnutls_x509_crt_t @var{crt}, gnutls_x509_subject_alt_name_t @var{type}, const void * @var{data}, unsigned int @var{data_size}, unsigned int @var{flags}) +@var{crt}: a certificate of type @code{gnutls_x509_crt_t} + +@var{type}: is one of the gnutls_x509_subject_alt_name_t enumerations + +@var{data}: The data to be set + +@var{data_size}: The size of data to be set + +@var{flags}: GNUTLS_FSAN_SET to clear previous data or GNUTLS_FSAN_APPEND to append. + +This function will set the subject alternative name certificate +extension. It can set the following types: @code{GNUTLS_SAN_DNSNAME} as a text string, +@code{GNUTLS_SAN_RFC822NAME} as a text string, @code{GNUTLS_SAN_URI} as a text string, +@code{GNUTLS_SAN_IPADDRESS} as a binary IP address (4 or 16 bytes), +@code{GNUTLS_SAN_OTHERNAME_XMPP} as a UTF8 string (since 3.5.0). + +Since version 3.5.7 the @code{GNUTLS_SAN_RFC822NAME} , @code{GNUTLS_SAN_DNSNAME} , and +@code{GNUTLS_SAN_OTHERNAME_XMPP} are converted to ACE format when necessary. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 2.6.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_set_subject_alt_name.short b/doc/functions/gnutls_x509_crt_set_subject_alt_name.short new file mode 100644 index 0000000..75f9be0 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_set_subject_alt_name.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_set_subject_alt_name} (gnutls_x509_crt_t @var{crt}, gnutls_x509_subject_alt_name_t @var{type}, const void * @var{data}, unsigned int @var{data_size}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_x509_crt_set_subject_alt_othername b/doc/functions/gnutls_x509_crt_set_subject_alt_othername new file mode 100644 index 0000000..f8a2a32 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_set_subject_alt_othername @@ -0,0 +1,27 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_set_subject_alt_othername} (gnutls_x509_crt_t @var{crt}, const char * @var{oid}, const void * @var{data}, unsigned int @var{data_size}, unsigned int @var{flags}) +@var{crt}: a certificate of type @code{gnutls_x509_crt_t} + +@var{oid}: The other name OID + +@var{data}: The data to be set + +@var{data_size}: The size of data to be set + +@var{flags}: GNUTLS_FSAN_SET to clear previous data or GNUTLS_FSAN_APPEND to append. + +This function will set an "othername" to the subject alternative name certificate +extension. + +The values set are set as binary values and are expected to have the proper DER encoding. +For convenience the flags @code{GNUTLS_FSAN_ENCODE_OCTET_STRING} and @code{GNUTLS_FSAN_ENCODE_UTF8_STRING} +can be used to encode the provided data. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.5.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_set_subject_alt_othername.short b/doc/functions/gnutls_x509_crt_set_subject_alt_othername.short new file mode 100644 index 0000000..7903b21 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_set_subject_alt_othername.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_set_subject_alt_othername} (gnutls_x509_crt_t @var{crt}, const char * @var{oid}, const void * @var{data}, unsigned int @var{data_size}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_x509_crt_set_subject_alternative_name b/doc/functions/gnutls_x509_crt_set_subject_alternative_name new file mode 100644 index 0000000..75d7d8b --- /dev/null +++ b/doc/functions/gnutls_x509_crt_set_subject_alternative_name @@ -0,0 +1,23 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_set_subject_alternative_name} (gnutls_x509_crt_t @var{crt}, gnutls_x509_subject_alt_name_t @var{type}, const char * @var{data_string}) +@var{crt}: a certificate of type @code{gnutls_x509_crt_t} + +@var{type}: is one of the gnutls_x509_subject_alt_name_t enumerations + +@var{data_string}: The data to be set, a (0) terminated string + +This function will set the subject alternative name certificate +extension. This function assumes that data can be expressed as a null +terminated string. + +The name of the function is unfortunate since it is inconsistent with +@code{gnutls_x509_crt_get_subject_alt_name()} . + +See @code{gnutls_x509_crt_set_subject_alt_name()} for more information. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_set_subject_alternative_name.short b/doc/functions/gnutls_x509_crt_set_subject_alternative_name.short new file mode 100644 index 0000000..efc7b31 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_set_subject_alternative_name.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_set_subject_alternative_name} (gnutls_x509_crt_t @var{crt}, gnutls_x509_subject_alt_name_t @var{type}, const char * @var{data_string}) diff --git a/doc/functions/gnutls_x509_crt_set_subject_key_id b/doc/functions/gnutls_x509_crt_set_subject_key_id new file mode 100644 index 0000000..c31f957 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_set_subject_key_id @@ -0,0 +1,17 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_set_subject_key_id} (gnutls_x509_crt_t @var{cert}, const void * @var{id}, size_t @var{id_size}) +@var{cert}: a certificate of type @code{gnutls_x509_crt_t} + +@var{id}: The key ID + +@var{id_size}: Holds the size of the subject key ID field. + +This function will set the X.509 certificate's subject key ID +extension. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_set_subject_key_id.short b/doc/functions/gnutls_x509_crt_set_subject_key_id.short new file mode 100644 index 0000000..4a3173f --- /dev/null +++ b/doc/functions/gnutls_x509_crt_set_subject_key_id.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_set_subject_key_id} (gnutls_x509_crt_t @var{cert}, const void * @var{id}, size_t @var{id_size}) diff --git a/doc/functions/gnutls_x509_crt_set_subject_unique_id b/doc/functions/gnutls_x509_crt_set_subject_unique_id new file mode 100644 index 0000000..4abb9a6 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_set_subject_unique_id @@ -0,0 +1,18 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_set_subject_unique_id} (gnutls_x509_crt_t @var{cert}, const void * @var{id}, size_t @var{id_size}) +@var{cert}: a certificate of type @code{gnutls_x509_crt_t} + +@var{id}: The unique ID + +@var{id_size}: Holds the size of the unique ID. + +This function will set the X.509 certificate's subject unique ID field. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.4.7 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_set_subject_unique_id.short b/doc/functions/gnutls_x509_crt_set_subject_unique_id.short new file mode 100644 index 0000000..dec6d99 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_set_subject_unique_id.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_set_subject_unique_id} (gnutls_x509_crt_t @var{cert}, const void * @var{id}, size_t @var{id_size}) diff --git a/doc/functions/gnutls_x509_crt_set_tlsfeatures b/doc/functions/gnutls_x509_crt_set_tlsfeatures new file mode 100644 index 0000000..ba5c8cf --- /dev/null +++ b/doc/functions/gnutls_x509_crt_set_tlsfeatures @@ -0,0 +1,18 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_set_tlsfeatures} (gnutls_x509_crt_t @var{crt}, gnutls_x509_tlsfeatures_t @var{features}) +@var{crt}: A X.509 certificate + +@var{features}: If the function succeeds, the +features will be added to the certificate. + +This function will set the certificates +X.509 TLS extension from the given structure. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, +otherwise a negative error value. + +@strong{Since:} 3.5.1 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_set_tlsfeatures.short b/doc/functions/gnutls_x509_crt_set_tlsfeatures.short new file mode 100644 index 0000000..bd716bb --- /dev/null +++ b/doc/functions/gnutls_x509_crt_set_tlsfeatures.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_set_tlsfeatures} (gnutls_x509_crt_t @var{crt}, gnutls_x509_tlsfeatures_t @var{features}) diff --git a/doc/functions/gnutls_x509_crt_set_version b/doc/functions/gnutls_x509_crt_set_version new file mode 100644 index 0000000..a6e4095 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_set_version @@ -0,0 +1,21 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_set_version} (gnutls_x509_crt_t @var{crt}, unsigned int @var{version}) +@var{crt}: a certificate of type @code{gnutls_x509_crt_t} + +@var{version}: holds the version number. For X.509v1 certificates must be 1. + +This function will set the version of the certificate. This must +be one for X.509 version 1, and so on. Plain certificates without +extensions must have version set to one. + +To create well-formed certificates, you must specify version 3 if +you use any certificate extensions. Extensions are created by +functions such as @code{gnutls_x509_crt_set_subject_alt_name()} +or @code{gnutls_x509_crt_set_key_usage()} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_set_version.short b/doc/functions/gnutls_x509_crt_set_version.short new file mode 100644 index 0000000..7173e21 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_set_version.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_set_version} (gnutls_x509_crt_t @var{crt}, unsigned int @var{version}) diff --git a/doc/functions/gnutls_x509_crt_sign b/doc/functions/gnutls_x509_crt_sign new file mode 100644 index 0000000..6a465b9 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_sign @@ -0,0 +1,19 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_sign} (gnutls_x509_crt_t @var{crt}, gnutls_x509_crt_t @var{issuer}, gnutls_x509_privkey_t @var{issuer_key}) +@var{crt}: a certificate of type @code{gnutls_x509_crt_t} + +@var{issuer}: is the certificate of the certificate issuer + +@var{issuer_key}: holds the issuer's private key + +This function is the same a @code{gnutls_x509_crt_sign2()} with no flags, +and an appropriate hash algorithm. The hash algorithm used may +vary between versions of GnuTLS, and it is tied to the security +level of the issuer's public key. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_sign.short b/doc/functions/gnutls_x509_crt_sign.short new file mode 100644 index 0000000..2915688 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_sign.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_sign} (gnutls_x509_crt_t @var{crt}, gnutls_x509_crt_t @var{issuer}, gnutls_x509_privkey_t @var{issuer_key}) diff --git a/doc/functions/gnutls_x509_crt_sign2 b/doc/functions/gnutls_x509_crt_sign2 new file mode 100644 index 0000000..f21d511 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_sign2 @@ -0,0 +1,31 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_sign2} (gnutls_x509_crt_t @var{crt}, gnutls_x509_crt_t @var{issuer}, gnutls_x509_privkey_t @var{issuer_key}, gnutls_digest_algorithm_t @var{dig}, unsigned int @var{flags}) +@var{crt}: a certificate of type @code{gnutls_x509_crt_t} + +@var{issuer}: is the certificate of the certificate issuer + +@var{issuer_key}: holds the issuer's private key + +@var{dig}: The message digest to use, @code{GNUTLS_DIG_SHA256} is a safe choice + +@var{flags}: must be 0 + +This function will sign the certificate with the issuer's private key, and +will copy the issuer's information into the certificate. + +This must be the last step in a certificate generation since all +the previously set parameters are now signed. + +A known limitation of this function is, that a newly-signed certificate will not +be fully functional (e.g., for signature verification), until it +is exported an re-imported. + +After GnuTLS 3.6.1 the value of @code{dig} may be @code{GNUTLS_DIG_UNKNOWN} , +and in that case, a suitable but reasonable for the key algorithm will be selected. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_sign2.short b/doc/functions/gnutls_x509_crt_sign2.short new file mode 100644 index 0000000..6bcd51b --- /dev/null +++ b/doc/functions/gnutls_x509_crt_sign2.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_sign2} (gnutls_x509_crt_t @var{crt}, gnutls_x509_crt_t @var{issuer}, gnutls_x509_privkey_t @var{issuer_key}, gnutls_digest_algorithm_t @var{dig}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_x509_crt_verify b/doc/functions/gnutls_x509_crt_verify new file mode 100644 index 0000000..c82086e --- /dev/null +++ b/doc/functions/gnutls_x509_crt_verify @@ -0,0 +1,25 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_verify} (gnutls_x509_crt_t @var{cert}, const gnutls_x509_crt_t * @var{CA_list}, unsigned @var{CA_list_length}, unsigned int @var{flags}, unsigned int * @var{verify}) +@var{cert}: is the certificate to be verified + +@var{CA_list}: is one certificate that is considered to be trusted one + +@var{CA_list_length}: holds the number of CA certificate in CA_list + +@var{flags}: Flags that may be used to change the verification algorithm. Use OR of the gnutls_certificate_verify_flags enumerations. + +@var{verify}: will hold the certificate verification output. + +This function will try to verify the given certificate and return +its status. Note that a verification error does not imply a negative +return status. In that case the @code{verify} status is set. + +The details of the verification are the same +as in @code{gnutls_x509_trust_list_verify_crt2()} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_verify.short b/doc/functions/gnutls_x509_crt_verify.short new file mode 100644 index 0000000..18c5f68 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_verify.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_verify} (gnutls_x509_crt_t @var{cert}, const gnutls_x509_crt_t * @var{CA_list}, unsigned @var{CA_list_length}, unsigned int @var{flags}, unsigned int * @var{verify}) diff --git a/doc/functions/gnutls_x509_crt_verify_data2 b/doc/functions/gnutls_x509_crt_verify_data2 new file mode 100644 index 0000000..d72e425 --- /dev/null +++ b/doc/functions/gnutls_x509_crt_verify_data2 @@ -0,0 +1,27 @@ + + + + +@deftypefun {int} {gnutls_x509_crt_verify_data2} (gnutls_x509_crt_t @var{crt}, gnutls_sign_algorithm_t @var{algo}, unsigned int @var{flags}, const gnutls_datum_t * @var{data}, const gnutls_datum_t * @var{signature}) +@var{crt}: Holds the certificate to verify with + +@var{algo}: The signature algorithm used + +@var{flags}: Zero or an OR list of @code{gnutls_certificate_verify_flags} + +@var{data}: holds the signed data + +@var{signature}: contains the signature + +This function will verify the given signed data, using the +parameters from the certificate. + +@strong{Returns:} In case of a verification failure @code{GNUTLS_E_PK_SIG_VERIFY_FAILED} +is returned, @code{GNUTLS_E_EXPIRED} or @code{GNUTLS_E_NOT_YET_ACTIVATED} on expired +or not yet activated certificate and zero or positive code on success. + +Note that since GnuTLS 3.5.6 this function introduces checks in the +end certificate ( @code{crt} ), including time checks and key usage checks. + +@strong{Since:} 3.4.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_crt_verify_data2.short b/doc/functions/gnutls_x509_crt_verify_data2.short new file mode 100644 index 0000000..b6eec3d --- /dev/null +++ b/doc/functions/gnutls_x509_crt_verify_data2.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_crt_verify_data2} (gnutls_x509_crt_t @var{crt}, gnutls_sign_algorithm_t @var{algo}, unsigned int @var{flags}, const gnutls_datum_t * @var{data}, const gnutls_datum_t * @var{signature}) diff --git a/doc/functions/gnutls_x509_dn_deinit b/doc/functions/gnutls_x509_dn_deinit new file mode 100644 index 0000000..deac3bd --- /dev/null +++ b/doc/functions/gnutls_x509_dn_deinit @@ -0,0 +1,12 @@ + + + + +@deftypefun {void} {gnutls_x509_dn_deinit} (gnutls_x509_dn_t @var{dn}) +@var{dn}: a DN uint8_t object pointer. + +This function deallocates the DN object as returned by +@code{gnutls_x509_dn_import()} . + +@strong{Since:} 2.4.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_dn_deinit.short b/doc/functions/gnutls_x509_dn_deinit.short new file mode 100644 index 0000000..23445be --- /dev/null +++ b/doc/functions/gnutls_x509_dn_deinit.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_x509_dn_deinit} (gnutls_x509_dn_t @var{dn}) diff --git a/doc/functions/gnutls_x509_dn_export b/doc/functions/gnutls_x509_dn_export new file mode 100644 index 0000000..c428373 --- /dev/null +++ b/doc/functions/gnutls_x509_dn_export @@ -0,0 +1,26 @@ + + + + +@deftypefun {int} {gnutls_x509_dn_export} (gnutls_x509_dn_t @var{dn}, gnutls_x509_crt_fmt_t @var{format}, void * @var{output_data}, size_t * @var{output_data_size}) +@var{dn}: Holds the uint8_t DN object + +@var{format}: the format of output params. One of PEM or DER. + +@var{output_data}: will contain a DN PEM or DER encoded + +@var{output_data_size}: holds the size of output_data (and will be +replaced by the actual size of parameters) + +This function will export the DN to DER or PEM format. + +If the buffer provided is not long enough to hold the output, then +* @code{output_data_size} is updated and @code{GNUTLS_E_SHORT_MEMORY_BUFFER} +will be returned. + +If the structure is PEM encoded, it will have a header +of "BEGIN NAME". + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_x509_dn_export.short b/doc/functions/gnutls_x509_dn_export.short new file mode 100644 index 0000000..f694ee9 --- /dev/null +++ b/doc/functions/gnutls_x509_dn_export.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_dn_export} (gnutls_x509_dn_t @var{dn}, gnutls_x509_crt_fmt_t @var{format}, void * @var{output_data}, size_t * @var{output_data_size}) diff --git a/doc/functions/gnutls_x509_dn_export2 b/doc/functions/gnutls_x509_dn_export2 new file mode 100644 index 0000000..960045b --- /dev/null +++ b/doc/functions/gnutls_x509_dn_export2 @@ -0,0 +1,23 @@ + + + + +@deftypefun {int} {gnutls_x509_dn_export2} (gnutls_x509_dn_t @var{dn}, gnutls_x509_crt_fmt_t @var{format}, gnutls_datum_t * @var{out}) +@var{dn}: Holds the uint8_t DN object + +@var{format}: the format of output params. One of PEM or DER. + +@var{out}: will contain a DN PEM or DER encoded + +This function will export the DN to DER or PEM format. + +The output buffer is allocated using @code{gnutls_malloc()} . + +If the structure is PEM encoded, it will have a header +of "BEGIN NAME". + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.1.3 +@end deftypefun diff --git a/doc/functions/gnutls_x509_dn_export2.short b/doc/functions/gnutls_x509_dn_export2.short new file mode 100644 index 0000000..074cf0f --- /dev/null +++ b/doc/functions/gnutls_x509_dn_export2.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_dn_export2} (gnutls_x509_dn_t @var{dn}, gnutls_x509_crt_fmt_t @var{format}, gnutls_datum_t * @var{out}) diff --git a/doc/functions/gnutls_x509_dn_get_rdn_ava b/doc/functions/gnutls_x509_dn_get_rdn_ava new file mode 100644 index 0000000..d02960f --- /dev/null +++ b/doc/functions/gnutls_x509_dn_get_rdn_ava @@ -0,0 +1,34 @@ + + + + +@deftypefun {int} {gnutls_x509_dn_get_rdn_ava} (gnutls_x509_dn_t @var{dn}, int @var{irdn}, int @var{iava}, gnutls_x509_ava_st * @var{ava}) +@var{dn}: a pointer to DN + +@var{irdn}: index of RDN + +@var{iava}: index of AVA. + +@var{ava}: Pointer to structure which will hold output information. + +Get pointers to data within the DN. The format of the @code{ava} structure +is shown below. + +struct gnutls_x509_ava_st @{ +gnutls_datum_t oid; +gnutls_datum_t value; +unsigned long value_tag; +@}; + +The X.509 distinguished name is a sequence of sequences of strings +and this is what the @code{irdn} and @code{iava} indexes model. + +Note that @code{ava} will contain pointers into the @code{dn} structure which +in turns points to the original certificate. Thus you should not +modify any data or deallocate any of those. + +This is a low-level function that requires the caller to do the +value conversions when necessary (e.g. from UCS-2). + +@strong{Returns:} Returns 0 on success, or an error code. +@end deftypefun diff --git a/doc/functions/gnutls_x509_dn_get_rdn_ava.short b/doc/functions/gnutls_x509_dn_get_rdn_ava.short new file mode 100644 index 0000000..9db704e --- /dev/null +++ b/doc/functions/gnutls_x509_dn_get_rdn_ava.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_dn_get_rdn_ava} (gnutls_x509_dn_t @var{dn}, int @var{irdn}, int @var{iava}, gnutls_x509_ava_st * @var{ava}) diff --git a/doc/functions/gnutls_x509_dn_get_str b/doc/functions/gnutls_x509_dn_get_str new file mode 100644 index 0000000..927a9c2 --- /dev/null +++ b/doc/functions/gnutls_x509_dn_get_str @@ -0,0 +1,19 @@ + + + + +@deftypefun {int} {gnutls_x509_dn_get_str} (gnutls_x509_dn_t @var{dn}, gnutls_datum_t * @var{str}) +@var{dn}: a pointer to DN + +@var{str}: a datum that will hold the name + +This function will allocate buffer and copy the name in the provided DN. +The name will be in the form "C=xxxx,O=yyyy,CN=zzzz" as +described in RFC4514. The output string will be ASCII or UTF-8 +encoded, depending on the certificate data. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.4.2 +@end deftypefun diff --git a/doc/functions/gnutls_x509_dn_get_str.short b/doc/functions/gnutls_x509_dn_get_str.short new file mode 100644 index 0000000..841d7c8 --- /dev/null +++ b/doc/functions/gnutls_x509_dn_get_str.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_dn_get_str} (gnutls_x509_dn_t @var{dn}, gnutls_datum_t * @var{str}) diff --git a/doc/functions/gnutls_x509_dn_get_str2 b/doc/functions/gnutls_x509_dn_get_str2 new file mode 100644 index 0000000..702f629 --- /dev/null +++ b/doc/functions/gnutls_x509_dn_get_str2 @@ -0,0 +1,25 @@ + + + + +@deftypefun {int} {gnutls_x509_dn_get_str2} (gnutls_x509_dn_t @var{dn}, gnutls_datum_t * @var{str}, unsigned @var{flags}) +@var{dn}: a pointer to DN + +@var{str}: a datum that will hold the name + +@var{flags}: zero or @code{GNUTLS_X509_DN_FLAG_COMPAT} + +This function will allocate buffer and copy the name in the provided DN. +The name will be in the form "C=xxxx,O=yyyy,CN=zzzz" as +described in RFC4514. The output string will be ASCII or UTF-8 +encoded, depending on the certificate data. + +When the flag @code{GNUTLS_X509_DN_FLAG_COMPAT} is specified, the output +format will match the format output by previous to 3.5.6 versions of GnuTLS +which was not not fully RFC4514-compliant. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.5.7 +@end deftypefun diff --git a/doc/functions/gnutls_x509_dn_get_str2.short b/doc/functions/gnutls_x509_dn_get_str2.short new file mode 100644 index 0000000..619ac46 --- /dev/null +++ b/doc/functions/gnutls_x509_dn_get_str2.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_dn_get_str2} (gnutls_x509_dn_t @var{dn}, gnutls_datum_t * @var{str}, unsigned @var{flags}) diff --git a/doc/functions/gnutls_x509_dn_import b/doc/functions/gnutls_x509_dn_import new file mode 100644 index 0000000..98aa033 --- /dev/null +++ b/doc/functions/gnutls_x509_dn_import @@ -0,0 +1,19 @@ + + + + +@deftypefun {int} {gnutls_x509_dn_import} (gnutls_x509_dn_t @var{dn}, const gnutls_datum_t * @var{data}) +@var{dn}: the structure that will hold the imported DN + +@var{data}: should contain a DER encoded RDN sequence + +This function parses an RDN sequence and stores the result to a +@code{gnutls_x509_dn_t} type. The data must have been initialized +with @code{gnutls_x509_dn_init()} . You may use @code{gnutls_x509_dn_get_rdn_ava()} to +decode the DN. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 2.4.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_dn_import.short b/doc/functions/gnutls_x509_dn_import.short new file mode 100644 index 0000000..f036543 --- /dev/null +++ b/doc/functions/gnutls_x509_dn_import.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_dn_import} (gnutls_x509_dn_t @var{dn}, const gnutls_datum_t * @var{data}) diff --git a/doc/functions/gnutls_x509_dn_init b/doc/functions/gnutls_x509_dn_init new file mode 100644 index 0000000..9353773 --- /dev/null +++ b/doc/functions/gnutls_x509_dn_init @@ -0,0 +1,17 @@ + + + + +@deftypefun {int} {gnutls_x509_dn_init} (gnutls_x509_dn_t * @var{dn}) +@var{dn}: the object to be initialized + +This function initializes a @code{gnutls_x509_dn_t} type. + +The object returned must be deallocated using +@code{gnutls_x509_dn_deinit()} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 2.4.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_dn_init.short b/doc/functions/gnutls_x509_dn_init.short new file mode 100644 index 0000000..e3d855d --- /dev/null +++ b/doc/functions/gnutls_x509_dn_init.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_dn_init} (gnutls_x509_dn_t * @var{dn}) diff --git a/doc/functions/gnutls_x509_dn_oid_known b/doc/functions/gnutls_x509_dn_oid_known new file mode 100644 index 0000000..c4b49e3 --- /dev/null +++ b/doc/functions/gnutls_x509_dn_oid_known @@ -0,0 +1,17 @@ + + + + +@deftypefun {int} {gnutls_x509_dn_oid_known} (const char * @var{oid}) +@var{oid}: holds an Object Identifier in a null terminated string + +This function will inform about known DN OIDs. This is useful since +functions like @code{gnutls_x509_crt_set_dn_by_oid()} use the information +on known OIDs to properly encode their input. Object Identifiers +that are not known are not encoded by these functions, and their +input is stored directly into the ASN.1 structure. In that case of +unknown OIDs, you have the responsibility of DER encoding your +data. + +@strong{Returns:} 1 on known OIDs and 0 otherwise. +@end deftypefun diff --git a/doc/functions/gnutls_x509_dn_oid_known.short b/doc/functions/gnutls_x509_dn_oid_known.short new file mode 100644 index 0000000..28143ab --- /dev/null +++ b/doc/functions/gnutls_x509_dn_oid_known.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_dn_oid_known} (const char * @var{oid}) diff --git a/doc/functions/gnutls_x509_dn_oid_name b/doc/functions/gnutls_x509_dn_oid_name new file mode 100644 index 0000000..4ca02f8 --- /dev/null +++ b/doc/functions/gnutls_x509_dn_oid_name @@ -0,0 +1,18 @@ + + + + +@deftypefun {const char *} {gnutls_x509_dn_oid_name} (const char * @var{oid}, unsigned int @var{flags}) +@var{oid}: holds an Object Identifier in a null terminated string + +@var{flags}: 0 or GNUTLS_X509_DN_OID_* + +This function will return the name of a known DN OID. If +@code{GNUTLS_X509_DN_OID_RETURN_OID} is specified this function +will return the given OID if no descriptive name has been +found. + +@strong{Returns:} A null terminated string or NULL otherwise. + +@strong{Since:} 3.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_dn_oid_name.short b/doc/functions/gnutls_x509_dn_oid_name.short new file mode 100644 index 0000000..118f0d0 --- /dev/null +++ b/doc/functions/gnutls_x509_dn_oid_name.short @@ -0,0 +1 @@ +@item @var{const char *} @ref{gnutls_x509_dn_oid_name} (const char * @var{oid}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_x509_dn_set_str b/doc/functions/gnutls_x509_dn_set_str new file mode 100644 index 0000000..c3a48a9 --- /dev/null +++ b/doc/functions/gnutls_x509_dn_set_str @@ -0,0 +1,20 @@ + + + + +@deftypefun {int} {gnutls_x509_dn_set_str} (gnutls_x509_dn_t @var{dn}, const char * @var{str}, const char ** @var{err}) +@var{dn}: a pointer to DN + +@var{str}: a comma separated DN string (RFC4514) + +@var{err}: indicates the error position (if any) + +This function will set the DN on the provided DN structure. +The input string should be plain ASCII or UTF-8 encoded. On +DN parsing error @code{GNUTLS_E_PARSING_ERROR} is returned. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.5.3 +@end deftypefun diff --git a/doc/functions/gnutls_x509_dn_set_str.short b/doc/functions/gnutls_x509_dn_set_str.short new file mode 100644 index 0000000..8625b6d --- /dev/null +++ b/doc/functions/gnutls_x509_dn_set_str.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_dn_set_str} (gnutls_x509_dn_t @var{dn}, const char * @var{str}, const char ** @var{err}) diff --git a/doc/functions/gnutls_x509_ext_deinit b/doc/functions/gnutls_x509_ext_deinit new file mode 100644 index 0000000..b085fab --- /dev/null +++ b/doc/functions/gnutls_x509_ext_deinit @@ -0,0 +1,11 @@ + + + + +@deftypefun {void} {gnutls_x509_ext_deinit} (gnutls_x509_ext_st * @var{ext}) +@var{ext}: The extensions structure + +This function will deinitialize an extensions structure. + +@strong{Since:} 3.3.8 +@end deftypefun diff --git a/doc/functions/gnutls_x509_ext_deinit.short b/doc/functions/gnutls_x509_ext_deinit.short new file mode 100644 index 0000000..103ce4f --- /dev/null +++ b/doc/functions/gnutls_x509_ext_deinit.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_x509_ext_deinit} (gnutls_x509_ext_st * @var{ext}) diff --git a/doc/functions/gnutls_x509_ext_export_aia b/doc/functions/gnutls_x509_ext_export_aia new file mode 100644 index 0000000..ec3f4ad --- /dev/null +++ b/doc/functions/gnutls_x509_ext_export_aia @@ -0,0 +1,18 @@ + + + + +@deftypefun {int} {gnutls_x509_ext_export_aia} (gnutls_x509_aia_t @var{aia}, gnutls_datum_t * @var{ext}) +@var{aia}: The authority info access + +@var{ext}: The DER-encoded extension data; must be freed using @code{gnutls_free()} . + +This function will DER encode the Authority Information Access (AIA) +extension; see RFC 5280 section 4.2.2.1 for more information on the +extension. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.3.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_ext_export_aia.short b/doc/functions/gnutls_x509_ext_export_aia.short new file mode 100644 index 0000000..8648aa4 --- /dev/null +++ b/doc/functions/gnutls_x509_ext_export_aia.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_ext_export_aia} (gnutls_x509_aia_t @var{aia}, gnutls_datum_t * @var{ext}) diff --git a/doc/functions/gnutls_x509_ext_export_authority_key_id b/doc/functions/gnutls_x509_ext_export_authority_key_id new file mode 100644 index 0000000..dfa8bb4 --- /dev/null +++ b/doc/functions/gnutls_x509_ext_export_authority_key_id @@ -0,0 +1,18 @@ + + + + +@deftypefun {int} {gnutls_x509_ext_export_authority_key_id} (gnutls_x509_aki_t @var{aki}, gnutls_datum_t * @var{ext}) +@var{aki}: An initialized authority key identifier + +@var{ext}: The DER-encoded extension data; must be freed using @code{gnutls_free()} . + +This function will convert the provided key identifier to a +DER-encoded PKIX AuthorityKeyIdentifier extension. +The output data in @code{ext} will be allocated using +@code{gnutls_malloc()} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a negative error value. + +@strong{Since:} 3.3.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_ext_export_authority_key_id.short b/doc/functions/gnutls_x509_ext_export_authority_key_id.short new file mode 100644 index 0000000..2812136 --- /dev/null +++ b/doc/functions/gnutls_x509_ext_export_authority_key_id.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_ext_export_authority_key_id} (gnutls_x509_aki_t @var{aki}, gnutls_datum_t * @var{ext}) diff --git a/doc/functions/gnutls_x509_ext_export_basic_constraints b/doc/functions/gnutls_x509_ext_export_basic_constraints new file mode 100644 index 0000000..0b25275 --- /dev/null +++ b/doc/functions/gnutls_x509_ext_export_basic_constraints @@ -0,0 +1,21 @@ + + + + +@deftypefun {int} {gnutls_x509_ext_export_basic_constraints} (unsigned int @var{ca}, int @var{pathlen}, gnutls_datum_t * @var{ext}) +@var{ca}: non-zero for a CA + +@var{pathlen}: The path length constraint (set to -1 for no constraint) + +@var{ext}: The DER-encoded extension data; must be freed using @code{gnutls_free()} . + +This function will convert the parameters provided to a basic constraints +DER encoded extension (2.5.29.19). +The @code{ext} data will be allocated using +@code{gnutls_malloc()} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.3.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_ext_export_basic_constraints.short b/doc/functions/gnutls_x509_ext_export_basic_constraints.short new file mode 100644 index 0000000..54c6e42 --- /dev/null +++ b/doc/functions/gnutls_x509_ext_export_basic_constraints.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_ext_export_basic_constraints} (unsigned int @var{ca}, int @var{pathlen}, gnutls_datum_t * @var{ext}) diff --git a/doc/functions/gnutls_x509_ext_export_crl_dist_points b/doc/functions/gnutls_x509_ext_export_crl_dist_points new file mode 100644 index 0000000..5183627 --- /dev/null +++ b/doc/functions/gnutls_x509_ext_export_crl_dist_points @@ -0,0 +1,18 @@ + + + + +@deftypefun {int} {gnutls_x509_ext_export_crl_dist_points} (gnutls_x509_crl_dist_points_t @var{cdp}, gnutls_datum_t * @var{ext}) +@var{cdp}: A pointer to an initialized CRL distribution points. + +@var{ext}: The DER-encoded extension data; must be freed using @code{gnutls_free()} . + +This function will convert the provided policies, to a certificate policy +DER encoded extension (2.5.29.31). + +The @code{ext} data will be allocated using @code{gnutls_malloc()} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a negative error value. + +@strong{Since:} 3.3.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_ext_export_crl_dist_points.short b/doc/functions/gnutls_x509_ext_export_crl_dist_points.short new file mode 100644 index 0000000..13f884b --- /dev/null +++ b/doc/functions/gnutls_x509_ext_export_crl_dist_points.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_ext_export_crl_dist_points} (gnutls_x509_crl_dist_points_t @var{cdp}, gnutls_datum_t * @var{ext}) diff --git a/doc/functions/gnutls_x509_ext_export_inhibit_anypolicy b/doc/functions/gnutls_x509_ext_export_inhibit_anypolicy new file mode 100644 index 0000000..9596cab --- /dev/null +++ b/doc/functions/gnutls_x509_ext_export_inhibit_anypolicy @@ -0,0 +1,18 @@ + + + + +@deftypefun {int} {gnutls_x509_ext_export_inhibit_anypolicy} (unsigned int @var{skipcerts}, gnutls_datum_t * @var{ext}) +@var{skipcerts}: number of certificates after which anypolicy is no longer acceptable. + +@var{ext}: The DER-encoded extension data; must be freed using @code{gnutls_free()} . + +This function will convert the @code{skipcerts} value to a DER +encoded Inhibit AnyPolicy PKIX extension. The @code{ext} data will be allocated using +@code{gnutls_malloc()} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.6.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_ext_export_inhibit_anypolicy.short b/doc/functions/gnutls_x509_ext_export_inhibit_anypolicy.short new file mode 100644 index 0000000..3346228 --- /dev/null +++ b/doc/functions/gnutls_x509_ext_export_inhibit_anypolicy.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_ext_export_inhibit_anypolicy} (unsigned int @var{skipcerts}, gnutls_datum_t * @var{ext}) diff --git a/doc/functions/gnutls_x509_ext_export_key_purposes b/doc/functions/gnutls_x509_ext_export_key_purposes new file mode 100644 index 0000000..097e2a9 --- /dev/null +++ b/doc/functions/gnutls_x509_ext_export_key_purposes @@ -0,0 +1,17 @@ + + + + +@deftypefun {int} {gnutls_x509_ext_export_key_purposes} (gnutls_x509_key_purposes_t @var{p}, gnutls_datum_t * @var{ext}) +@var{p}: The key purposes + +@var{ext}: The DER-encoded extension data; must be freed using @code{gnutls_free()} . + +This function will convert the key purposes type to a +DER-encoded PKIX ExtKeyUsageSyntax (2.5.29.37) extension. The output data in + @code{ext} will be allocated using @code{gnutls_malloc()} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a negative error value. + +@strong{Since:} 3.3.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_ext_export_key_purposes.short b/doc/functions/gnutls_x509_ext_export_key_purposes.short new file mode 100644 index 0000000..2a92f33 --- /dev/null +++ b/doc/functions/gnutls_x509_ext_export_key_purposes.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_ext_export_key_purposes} (gnutls_x509_key_purposes_t @var{p}, gnutls_datum_t * @var{ext}) diff --git a/doc/functions/gnutls_x509_ext_export_key_usage b/doc/functions/gnutls_x509_ext_export_key_usage new file mode 100644 index 0000000..d7b35b0 --- /dev/null +++ b/doc/functions/gnutls_x509_ext_export_key_usage @@ -0,0 +1,18 @@ + + + + +@deftypefun {int} {gnutls_x509_ext_export_key_usage} (unsigned int @var{usage}, gnutls_datum_t * @var{ext}) +@var{usage}: an ORed sequence of the GNUTLS_KEY_* elements. + +@var{ext}: The DER-encoded extension data; must be freed using @code{gnutls_free()} . + +This function will convert the keyUsage bit string to a DER +encoded PKIX extension. The @code{ext} data will be allocated using +@code{gnutls_malloc()} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.3.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_ext_export_key_usage.short b/doc/functions/gnutls_x509_ext_export_key_usage.short new file mode 100644 index 0000000..23f69e4 --- /dev/null +++ b/doc/functions/gnutls_x509_ext_export_key_usage.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_ext_export_key_usage} (unsigned int @var{usage}, gnutls_datum_t * @var{ext}) diff --git a/doc/functions/gnutls_x509_ext_export_name_constraints b/doc/functions/gnutls_x509_ext_export_name_constraints new file mode 100644 index 0000000..43f3c49 --- /dev/null +++ b/doc/functions/gnutls_x509_ext_export_name_constraints @@ -0,0 +1,17 @@ + + + + +@deftypefun {int} {gnutls_x509_ext_export_name_constraints} (gnutls_x509_name_constraints_t @var{nc}, gnutls_datum_t * @var{ext}) +@var{nc}: The nameconstraints + +@var{ext}: The DER-encoded extension data; must be freed using @code{gnutls_free()} . + +This function will convert the provided name constraints type to a +DER-encoded PKIX NameConstraints (2.5.29.30) extension. The output data in + @code{ext} will be allocated using @code{gnutls_malloc()} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a negative error value. + +@strong{Since:} 3.3.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_ext_export_name_constraints.short b/doc/functions/gnutls_x509_ext_export_name_constraints.short new file mode 100644 index 0000000..63180dd --- /dev/null +++ b/doc/functions/gnutls_x509_ext_export_name_constraints.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_ext_export_name_constraints} (gnutls_x509_name_constraints_t @var{nc}, gnutls_datum_t * @var{ext}) diff --git a/doc/functions/gnutls_x509_ext_export_policies b/doc/functions/gnutls_x509_ext_export_policies new file mode 100644 index 0000000..7ca30b7 --- /dev/null +++ b/doc/functions/gnutls_x509_ext_export_policies @@ -0,0 +1,18 @@ + + + + +@deftypefun {int} {gnutls_x509_ext_export_policies} (gnutls_x509_policies_t @var{policies}, gnutls_datum_t * @var{ext}) +@var{policies}: A pointer to an initialized policies. + +@var{ext}: The DER-encoded extension data; must be freed using @code{gnutls_free()} . + +This function will convert the provided policies, to a certificate policy +DER encoded extension (2.5.29.32). + +The @code{ext} data will be allocated using @code{gnutls_malloc()} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a negative error value. + +@strong{Since:} 3.3.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_ext_export_policies.short b/doc/functions/gnutls_x509_ext_export_policies.short new file mode 100644 index 0000000..7bb7394 --- /dev/null +++ b/doc/functions/gnutls_x509_ext_export_policies.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_ext_export_policies} (gnutls_x509_policies_t @var{policies}, gnutls_datum_t * @var{ext}) diff --git a/doc/functions/gnutls_x509_ext_export_private_key_usage_period b/doc/functions/gnutls_x509_ext_export_private_key_usage_period new file mode 100644 index 0000000..0947c74 --- /dev/null +++ b/doc/functions/gnutls_x509_ext_export_private_key_usage_period @@ -0,0 +1,21 @@ + + + + +@deftypefun {int} {gnutls_x509_ext_export_private_key_usage_period} (time_t @var{activation}, time_t @var{expiration}, gnutls_datum_t * @var{ext}) +@var{activation}: The activation time + +@var{expiration}: The expiration time + +@var{ext}: The DER-encoded extension data; must be freed using @code{gnutls_free()} . + +This function will convert the periods provided to a private key +usage DER encoded extension (2.5.29.16). +The @code{ext} data will be allocated using +@code{gnutls_malloc()} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.3.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_ext_export_private_key_usage_period.short b/doc/functions/gnutls_x509_ext_export_private_key_usage_period.short new file mode 100644 index 0000000..b9848b8 --- /dev/null +++ b/doc/functions/gnutls_x509_ext_export_private_key_usage_period.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_ext_export_private_key_usage_period} (time_t @var{activation}, time_t @var{expiration}, gnutls_datum_t * @var{ext}) diff --git a/doc/functions/gnutls_x509_ext_export_proxy b/doc/functions/gnutls_x509_ext_export_proxy new file mode 100644 index 0000000..67b9caf --- /dev/null +++ b/doc/functions/gnutls_x509_ext_export_proxy @@ -0,0 +1,25 @@ + + + + +@deftypefun {int} {gnutls_x509_ext_export_proxy} (int @var{pathLenConstraint}, const char * @var{policyLanguage}, const char * @var{policy}, size_t @var{sizeof_policy}, gnutls_datum_t * @var{ext}) +@var{pathLenConstraint}: A negative value will remove the path length constraint, +while non-negative values will be set as the length of the pathLenConstraints field. + +@var{policyLanguage}: OID describing the language of @code{policy} . + +@var{policy}: uint8_t byte array with policy language, can be @code{NULL} + +@var{sizeof_policy}: size of @code{policy} . + +@var{ext}: The DER-encoded extension data; must be freed using @code{gnutls_free()} . + +This function will convert the parameters provided to a proxyCertInfo extension. + +The @code{ext} data will be allocated using @code{gnutls_malloc()} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.3.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_ext_export_proxy.short b/doc/functions/gnutls_x509_ext_export_proxy.short new file mode 100644 index 0000000..fba8076 --- /dev/null +++ b/doc/functions/gnutls_x509_ext_export_proxy.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_ext_export_proxy} (int @var{pathLenConstraint}, const char * @var{policyLanguage}, const char * @var{policy}, size_t @var{sizeof_policy}, gnutls_datum_t * @var{ext}) diff --git a/doc/functions/gnutls_x509_ext_export_subject_alt_names b/doc/functions/gnutls_x509_ext_export_subject_alt_names new file mode 100644 index 0000000..d2357c3 --- /dev/null +++ b/doc/functions/gnutls_x509_ext_export_subject_alt_names @@ -0,0 +1,17 @@ + + + + +@deftypefun {int} {gnutls_x509_ext_export_subject_alt_names} (gnutls_subject_alt_names_t @var{sans}, gnutls_datum_t * @var{ext}) +@var{sans}: The alternative names + +@var{ext}: The DER-encoded extension data; must be freed using @code{gnutls_free()} . + +This function will convert the provided alternative names structure to a +DER-encoded SubjectAltName PKIX extension. The output data in @code{ext} will be allocated using +@code{gnutls_malloc()} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a negative error value. + +@strong{Since:} 3.3.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_ext_export_subject_alt_names.short b/doc/functions/gnutls_x509_ext_export_subject_alt_names.short new file mode 100644 index 0000000..9b6c8a0 --- /dev/null +++ b/doc/functions/gnutls_x509_ext_export_subject_alt_names.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_ext_export_subject_alt_names} (gnutls_subject_alt_names_t @var{sans}, gnutls_datum_t * @var{ext}) diff --git a/doc/functions/gnutls_x509_ext_export_subject_key_id b/doc/functions/gnutls_x509_ext_export_subject_key_id new file mode 100644 index 0000000..7ffb90a --- /dev/null +++ b/doc/functions/gnutls_x509_ext_export_subject_key_id @@ -0,0 +1,18 @@ + + + + +@deftypefun {int} {gnutls_x509_ext_export_subject_key_id} (const gnutls_datum_t * @var{id}, gnutls_datum_t * @var{ext}) +@var{id}: The key identifier + +@var{ext}: The DER-encoded extension data; must be freed using @code{gnutls_free()} . + +This function will convert the provided key identifier to a +DER-encoded PKIX SubjectKeyIdentifier extension. +The output data in @code{ext} will be allocated using +@code{gnutls_malloc()} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a negative error value. + +@strong{Since:} 3.3.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_ext_export_subject_key_id.short b/doc/functions/gnutls_x509_ext_export_subject_key_id.short new file mode 100644 index 0000000..4ddd6ce --- /dev/null +++ b/doc/functions/gnutls_x509_ext_export_subject_key_id.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_ext_export_subject_key_id} (const gnutls_datum_t * @var{id}, gnutls_datum_t * @var{ext}) diff --git a/doc/functions/gnutls_x509_ext_export_tlsfeatures b/doc/functions/gnutls_x509_ext_export_tlsfeatures new file mode 100644 index 0000000..bb9145e --- /dev/null +++ b/doc/functions/gnutls_x509_ext_export_tlsfeatures @@ -0,0 +1,17 @@ + + + + +@deftypefun {int} {gnutls_x509_ext_export_tlsfeatures} (gnutls_x509_tlsfeatures_t @var{f}, gnutls_datum_t * @var{ext}) +@var{f}: The features structure + +@var{ext}: The DER-encoded extension data; must be freed using @code{gnutls_free()} . + +This function will convert the provided TLS features structure structure to a +DER-encoded TLS features PKIX extension. The output data in @code{ext} will be allocated using +@code{gnutls_malloc()} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a negative error value. + +@strong{Since:} 3.5.1 +@end deftypefun diff --git a/doc/functions/gnutls_x509_ext_export_tlsfeatures.short b/doc/functions/gnutls_x509_ext_export_tlsfeatures.short new file mode 100644 index 0000000..cb611cf --- /dev/null +++ b/doc/functions/gnutls_x509_ext_export_tlsfeatures.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_ext_export_tlsfeatures} (gnutls_x509_tlsfeatures_t @var{f}, gnutls_datum_t * @var{ext}) diff --git a/doc/functions/gnutls_x509_ext_import_aia b/doc/functions/gnutls_x509_ext_import_aia new file mode 100644 index 0000000..fb75b44 --- /dev/null +++ b/doc/functions/gnutls_x509_ext_import_aia @@ -0,0 +1,20 @@ + + + + +@deftypefun {int} {gnutls_x509_ext_import_aia} (const gnutls_datum_t * @var{ext}, gnutls_x509_aia_t @var{aia}, unsigned int @var{flags}) +@var{ext}: The DER-encoded extension data + +@var{aia}: The authority info access + +@var{flags}: should be zero + +This function extracts the Authority Information Access (AIA) +extension from the provided DER-encoded data; see RFC 5280 section 4.2.2.1 +for more information on the extension. The +AIA extension holds a sequence of AccessDescription (AD) data. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a negative error value. + +@strong{Since:} 3.3.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_ext_import_aia.short b/doc/functions/gnutls_x509_ext_import_aia.short new file mode 100644 index 0000000..bd30071 --- /dev/null +++ b/doc/functions/gnutls_x509_ext_import_aia.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_ext_import_aia} (const gnutls_datum_t * @var{ext}, gnutls_x509_aia_t @var{aia}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_x509_ext_import_authority_key_id b/doc/functions/gnutls_x509_ext_import_authority_key_id new file mode 100644 index 0000000..ea90f40 --- /dev/null +++ b/doc/functions/gnutls_x509_ext_import_authority_key_id @@ -0,0 +1,19 @@ + + + + +@deftypefun {int} {gnutls_x509_ext_import_authority_key_id} (const gnutls_datum_t * @var{ext}, gnutls_x509_aki_t @var{aki}, unsigned int @var{flags}) +@var{ext}: a DER encoded extension + +@var{aki}: An initialized authority key identifier type + +@var{flags}: should be zero + +This function will return the subject key ID stored in the provided +AuthorityKeyIdentifier extension. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} +if the extension is not present, otherwise a negative error value. + +@strong{Since:} 3.3.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_ext_import_authority_key_id.short b/doc/functions/gnutls_x509_ext_import_authority_key_id.short new file mode 100644 index 0000000..3884c43 --- /dev/null +++ b/doc/functions/gnutls_x509_ext_import_authority_key_id.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_ext_import_authority_key_id} (const gnutls_datum_t * @var{ext}, gnutls_x509_aki_t @var{aki}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_x509_ext_import_basic_constraints b/doc/functions/gnutls_x509_ext_import_basic_constraints new file mode 100644 index 0000000..6c2284d --- /dev/null +++ b/doc/functions/gnutls_x509_ext_import_basic_constraints @@ -0,0 +1,19 @@ + + + + +@deftypefun {int} {gnutls_x509_ext_import_basic_constraints} (const gnutls_datum_t * @var{ext}, unsigned int * @var{ca}, int * @var{pathlen}) +@var{ext}: the DER encoded extension data + +@var{ca}: will be non zero if the CA status is true + +@var{pathlen}: the path length constraint; will be set to -1 for no limit + +This function will return the CA status and path length constraint +as written in the PKIX extension 2.5.29.19. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.3.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_ext_import_basic_constraints.short b/doc/functions/gnutls_x509_ext_import_basic_constraints.short new file mode 100644 index 0000000..f4d8dc5 --- /dev/null +++ b/doc/functions/gnutls_x509_ext_import_basic_constraints.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_ext_import_basic_constraints} (const gnutls_datum_t * @var{ext}, unsigned int * @var{ca}, int * @var{pathlen}) diff --git a/doc/functions/gnutls_x509_ext_import_crl_dist_points b/doc/functions/gnutls_x509_ext_import_crl_dist_points new file mode 100644 index 0000000..a10022a --- /dev/null +++ b/doc/functions/gnutls_x509_ext_import_crl_dist_points @@ -0,0 +1,18 @@ + + + + +@deftypefun {int} {gnutls_x509_ext_import_crl_dist_points} (const gnutls_datum_t * @var{ext}, gnutls_x509_crl_dist_points_t @var{cdp}, unsigned int @var{flags}) +@var{ext}: the DER encoded extension data + +@var{cdp}: A pointer to an initialized CRL distribution points. + +@var{flags}: should be zero + +This function will extract the CRL distribution points extension (2.5.29.31) +and store it into the provided type. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a negative error value. + +@strong{Since:} 3.3.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_ext_import_crl_dist_points.short b/doc/functions/gnutls_x509_ext_import_crl_dist_points.short new file mode 100644 index 0000000..b568fb8 --- /dev/null +++ b/doc/functions/gnutls_x509_ext_import_crl_dist_points.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_ext_import_crl_dist_points} (const gnutls_datum_t * @var{ext}, gnutls_x509_crl_dist_points_t @var{cdp}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_x509_ext_import_inhibit_anypolicy b/doc/functions/gnutls_x509_ext_import_inhibit_anypolicy new file mode 100644 index 0000000..026b6d2 --- /dev/null +++ b/doc/functions/gnutls_x509_ext_import_inhibit_anypolicy @@ -0,0 +1,23 @@ + + + + +@deftypefun {int} {gnutls_x509_ext_import_inhibit_anypolicy} (const gnutls_datum_t * @var{ext}, unsigned int * @var{skipcerts}) +@var{ext}: the DER encoded extension data + +@var{skipcerts}: will hold the number of certificates after which anypolicy is no longer acceptable. + +This function will return certificate's value of SkipCerts, +by reading the DER data of the Inhibit anyPolicy X.509 extension (2.5.29.54). + +The @code{skipcerts} value is the number of additional certificates that +may appear in the path before the anyPolicy (@code{GNUTLS_X509_OID_POLICY_ANY} ) +is no longer acceptable. + +@strong{Returns:} zero, or a negative error code in case of +parsing error. If the certificate does not contain the Inhibit anyPolicy +extension @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} will be +returned. + +@strong{Since:} 3.6.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_ext_import_inhibit_anypolicy.short b/doc/functions/gnutls_x509_ext_import_inhibit_anypolicy.short new file mode 100644 index 0000000..45cd5e3 --- /dev/null +++ b/doc/functions/gnutls_x509_ext_import_inhibit_anypolicy.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_ext_import_inhibit_anypolicy} (const gnutls_datum_t * @var{ext}, unsigned int * @var{skipcerts}) diff --git a/doc/functions/gnutls_x509_ext_import_key_purposes b/doc/functions/gnutls_x509_ext_import_key_purposes new file mode 100644 index 0000000..e0f5479 --- /dev/null +++ b/doc/functions/gnutls_x509_ext_import_key_purposes @@ -0,0 +1,19 @@ + + + + +@deftypefun {int} {gnutls_x509_ext_import_key_purposes} (const gnutls_datum_t * @var{ext}, gnutls_x509_key_purposes_t @var{p}, unsigned int @var{flags}) +@var{ext}: The DER-encoded extension data + +@var{p}: The key purposes + +@var{flags}: should be zero + +This function will extract the key purposes in the provided DER-encoded +ExtKeyUsageSyntax PKIX extension, to a @code{gnutls_x509_key_purposes_t} type. +The data must be initialized. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a negative error value. + +@strong{Since:} 3.3.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_ext_import_key_purposes.short b/doc/functions/gnutls_x509_ext_import_key_purposes.short new file mode 100644 index 0000000..4a45f6f --- /dev/null +++ b/doc/functions/gnutls_x509_ext_import_key_purposes.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_ext_import_key_purposes} (const gnutls_datum_t * @var{ext}, gnutls_x509_key_purposes_t @var{p}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_x509_ext_import_key_usage b/doc/functions/gnutls_x509_ext_import_key_usage new file mode 100644 index 0000000..bccadaa --- /dev/null +++ b/doc/functions/gnutls_x509_ext_import_key_usage @@ -0,0 +1,24 @@ + + + + +@deftypefun {int} {gnutls_x509_ext_import_key_usage} (const gnutls_datum_t * @var{ext}, unsigned int * @var{key_usage}) +@var{ext}: the DER encoded extension data + +@var{key_usage}: where the key usage bits will be stored + +This function will return certificate's key usage, by reading the DER +data of the keyUsage X.509 extension (2.5.29.15). The key usage value will ORed +values of the: @code{GNUTLS_KEY_DIGITAL_SIGNATURE} , +@code{GNUTLS_KEY_NON_REPUDIATION} , @code{GNUTLS_KEY_KEY_ENCIPHERMENT} , +@code{GNUTLS_KEY_DATA_ENCIPHERMENT} , @code{GNUTLS_KEY_KEY_AGREEMENT} , +@code{GNUTLS_KEY_KEY_CERT_SIGN} , @code{GNUTLS_KEY_CRL_SIGN} , +@code{GNUTLS_KEY_ENCIPHER_ONLY} , @code{GNUTLS_KEY_DECIPHER_ONLY} . + +@strong{Returns:} the certificate key usage, or a negative error code in case of +parsing error. If the certificate does not contain the keyUsage +extension @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} will be +returned. + +@strong{Since:} 3.3.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_ext_import_key_usage.short b/doc/functions/gnutls_x509_ext_import_key_usage.short new file mode 100644 index 0000000..e43397f --- /dev/null +++ b/doc/functions/gnutls_x509_ext_import_key_usage.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_ext_import_key_usage} (const gnutls_datum_t * @var{ext}, unsigned int * @var{key_usage}) diff --git a/doc/functions/gnutls_x509_ext_import_name_constraints b/doc/functions/gnutls_x509_ext_import_name_constraints new file mode 100644 index 0000000..41ff19b --- /dev/null +++ b/doc/functions/gnutls_x509_ext_import_name_constraints @@ -0,0 +1,30 @@ + + + + +@deftypefun {int} {gnutls_x509_ext_import_name_constraints} (const gnutls_datum_t * @var{ext}, gnutls_x509_name_constraints_t @var{nc}, unsigned int @var{flags}) +@var{ext}: a DER encoded extension + +@var{nc}: The nameconstraints + +@var{flags}: zero or @code{GNUTLS_NAME_CONSTRAINTS_FLAG_APPEND} + +This function will return an intermediate type containing +the name constraints of the provided NameConstraints extension. That +can be used in combination with @code{gnutls_x509_name_constraints_check()} +to verify whether a server's name is in accordance with the constraints. + +When the @code{flags} is set to @code{GNUTLS_NAME_CONSTRAINTS_FLAG_APPEND} , then if +the @code{nc} type is empty this function will behave identically as if the flag was not set. +Otherwise if there are elements in the @code{nc} structure then the +constraints will be merged with the existing constraints following +RFC5280 p6.1.4 (excluded constraints will be appended, permitted +will be intersected). + +Note that @code{nc} must be initialized prior to calling this function. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} +if the extension is not present, otherwise a negative error value. + +@strong{Since:} 3.3.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_ext_import_name_constraints.short b/doc/functions/gnutls_x509_ext_import_name_constraints.short new file mode 100644 index 0000000..b21f3fa --- /dev/null +++ b/doc/functions/gnutls_x509_ext_import_name_constraints.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_ext_import_name_constraints} (const gnutls_datum_t * @var{ext}, gnutls_x509_name_constraints_t @var{nc}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_x509_ext_import_policies b/doc/functions/gnutls_x509_ext_import_policies new file mode 100644 index 0000000..cbf988e --- /dev/null +++ b/doc/functions/gnutls_x509_ext_import_policies @@ -0,0 +1,18 @@ + + + + +@deftypefun {int} {gnutls_x509_ext_import_policies} (const gnutls_datum_t * @var{ext}, gnutls_x509_policies_t @var{policies}, unsigned int @var{flags}) +@var{ext}: the DER encoded extension data + +@var{policies}: A pointer to an initialized policies. + +@var{flags}: should be zero + +This function will extract the certificate policy extension (2.5.29.32) +and store it the provided policies. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a negative error value. + +@strong{Since:} 3.3.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_ext_import_policies.short b/doc/functions/gnutls_x509_ext_import_policies.short new file mode 100644 index 0000000..e5f494b --- /dev/null +++ b/doc/functions/gnutls_x509_ext_import_policies.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_ext_import_policies} (const gnutls_datum_t * @var{ext}, gnutls_x509_policies_t @var{policies}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_x509_ext_import_private_key_usage_period b/doc/functions/gnutls_x509_ext_import_private_key_usage_period new file mode 100644 index 0000000..c5215f6 --- /dev/null +++ b/doc/functions/gnutls_x509_ext_import_private_key_usage_period @@ -0,0 +1,20 @@ + + + + +@deftypefun {int} {gnutls_x509_ext_import_private_key_usage_period} (const gnutls_datum_t * @var{ext}, time_t * @var{activation}, time_t * @var{expiration}) +@var{ext}: the DER encoded extension data + +@var{activation}: Will hold the activation time + +@var{expiration}: Will hold the expiration time + +This function will return the expiration and activation +times of the private key as written in the +PKIX extension 2.5.29.16. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.3.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_ext_import_private_key_usage_period.short b/doc/functions/gnutls_x509_ext_import_private_key_usage_period.short new file mode 100644 index 0000000..43a7b9b --- /dev/null +++ b/doc/functions/gnutls_x509_ext_import_private_key_usage_period.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_ext_import_private_key_usage_period} (const gnutls_datum_t * @var{ext}, time_t * @var{activation}, time_t * @var{expiration}) diff --git a/doc/functions/gnutls_x509_ext_import_proxy b/doc/functions/gnutls_x509_ext_import_proxy new file mode 100644 index 0000000..785dabb --- /dev/null +++ b/doc/functions/gnutls_x509_ext_import_proxy @@ -0,0 +1,26 @@ + + + + +@deftypefun {int} {gnutls_x509_ext_import_proxy} (const gnutls_datum_t * @var{ext}, int * @var{pathlen}, char ** @var{policyLanguage}, char ** @var{policy}, size_t * @var{sizeof_policy}) +@var{ext}: the DER encoded extension data + +@var{pathlen}: pointer to output integer indicating path length (may be +NULL), non-negative error codes indicate a present pCPathLenConstraint +field and the actual value, -1 indicate that the field is absent. + +@var{policyLanguage}: output variable with OID of policy language + +@var{policy}: output variable with policy data + +@var{sizeof_policy}: output variable with size of policy data + +This function will return the information from a proxy certificate +extension. It reads the ProxyCertInfo X.509 extension (1.3.6.1.5.5.7.1.14). +The @code{policyLanguage} and @code{policy} values must be deinitialized using @code{gnutls_free()} after use. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.3.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_ext_import_proxy.short b/doc/functions/gnutls_x509_ext_import_proxy.short new file mode 100644 index 0000000..cac5fcf --- /dev/null +++ b/doc/functions/gnutls_x509_ext_import_proxy.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_ext_import_proxy} (const gnutls_datum_t * @var{ext}, int * @var{pathlen}, char ** @var{policyLanguage}, char ** @var{policy}, size_t * @var{sizeof_policy}) diff --git a/doc/functions/gnutls_x509_ext_import_subject_alt_names b/doc/functions/gnutls_x509_ext_import_subject_alt_names new file mode 100644 index 0000000..a5a9d19 --- /dev/null +++ b/doc/functions/gnutls_x509_ext_import_subject_alt_names @@ -0,0 +1,21 @@ + + + + +@deftypefun {int} {gnutls_x509_ext_import_subject_alt_names} (const gnutls_datum_t * @var{ext}, gnutls_subject_alt_names_t @var{sans}, unsigned int @var{flags}) +@var{ext}: The DER-encoded extension data + +@var{sans}: The alternative names + +@var{flags}: should be zero + +This function will export the alternative names in the provided DER-encoded +SubjectAltName PKIX extension, to a @code{gnutls_subject_alt_names_t} type. @code{sans} must be initialized. + +This function will succeed even if there no subject alternative names +in the structure. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a negative error value. + +@strong{Since:} 3.3.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_ext_import_subject_alt_names.short b/doc/functions/gnutls_x509_ext_import_subject_alt_names.short new file mode 100644 index 0000000..9b2e49b --- /dev/null +++ b/doc/functions/gnutls_x509_ext_import_subject_alt_names.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_ext_import_subject_alt_names} (const gnutls_datum_t * @var{ext}, gnutls_subject_alt_names_t @var{sans}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_x509_ext_import_subject_key_id b/doc/functions/gnutls_x509_ext_import_subject_key_id new file mode 100644 index 0000000..c6004b0 --- /dev/null +++ b/doc/functions/gnutls_x509_ext_import_subject_key_id @@ -0,0 +1,18 @@ + + + + +@deftypefun {int} {gnutls_x509_ext_import_subject_key_id} (const gnutls_datum_t * @var{ext}, gnutls_datum_t * @var{id}) +@var{ext}: a DER encoded extension + +@var{id}: will contain the subject key ID + +This function will return the subject key ID stored in the provided +SubjectKeyIdentifier extension. The ID will be allocated using +@code{gnutls_malloc()} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} +if the extension is not present, otherwise a negative error value. + +@strong{Since:} 3.3.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_ext_import_subject_key_id.short b/doc/functions/gnutls_x509_ext_import_subject_key_id.short new file mode 100644 index 0000000..a25fa3a --- /dev/null +++ b/doc/functions/gnutls_x509_ext_import_subject_key_id.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_ext_import_subject_key_id} (const gnutls_datum_t * @var{ext}, gnutls_datum_t * @var{id}) diff --git a/doc/functions/gnutls_x509_ext_import_tlsfeatures b/doc/functions/gnutls_x509_ext_import_tlsfeatures new file mode 100644 index 0000000..5d2f771 --- /dev/null +++ b/doc/functions/gnutls_x509_ext_import_tlsfeatures @@ -0,0 +1,23 @@ + + + + +@deftypefun {int} {gnutls_x509_ext_import_tlsfeatures} (const gnutls_datum_t * @var{ext}, gnutls_x509_tlsfeatures_t @var{f}, unsigned int @var{flags}) +@var{ext}: The DER-encoded extension data + +@var{f}: The features structure + +@var{flags}: zero or @code{GNUTLS_EXT_FLAG_APPEND} + +This function will export the features in the provided DER-encoded +TLS Features PKIX extension, to a @code{gnutls_x509_tlsfeatures_t} type. @code{f} must be initialized. + +When the @code{flags} is set to @code{GNUTLS_EXT_FLAG_APPEND} , +then if the @code{features} structure is empty this function will behave +identically as if the flag was not set. Otherwise if there are elements +in the @code{features} structure then they will be merged with. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a negative error value. + +@strong{Since:} 3.5.1 +@end deftypefun diff --git a/doc/functions/gnutls_x509_ext_import_tlsfeatures.short b/doc/functions/gnutls_x509_ext_import_tlsfeatures.short new file mode 100644 index 0000000..1fbb4e1 --- /dev/null +++ b/doc/functions/gnutls_x509_ext_import_tlsfeatures.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_ext_import_tlsfeatures} (const gnutls_datum_t * @var{ext}, gnutls_x509_tlsfeatures_t @var{f}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_x509_ext_print b/doc/functions/gnutls_x509_ext_print new file mode 100644 index 0000000..be03f68 --- /dev/null +++ b/doc/functions/gnutls_x509_ext_print @@ -0,0 +1,21 @@ + + + + +@deftypefun {int} {gnutls_x509_ext_print} (gnutls_x509_ext_st * @var{exts}, unsigned int @var{exts_size}, gnutls_certificate_print_formats_t @var{format}, gnutls_datum_t * @var{out}) +@var{exts}: The data to be printed + +@var{exts_size}: the number of available structures + +@var{format}: Indicate the format to use + +@var{out}: Newly allocated datum with null terminated string. + +This function will pretty print X.509 certificate extensions, +suitable for display to a human. + +The output @code{out} needs to be deallocated using @code{gnutls_free()} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_x509_ext_print.short b/doc/functions/gnutls_x509_ext_print.short new file mode 100644 index 0000000..d4ec00a --- /dev/null +++ b/doc/functions/gnutls_x509_ext_print.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_ext_print} (gnutls_x509_ext_st * @var{exts}, unsigned int @var{exts_size}, gnutls_certificate_print_formats_t @var{format}, gnutls_datum_t * @var{out}) diff --git a/doc/functions/gnutls_x509_key_purpose_deinit b/doc/functions/gnutls_x509_key_purpose_deinit new file mode 100644 index 0000000..295d46b --- /dev/null +++ b/doc/functions/gnutls_x509_key_purpose_deinit @@ -0,0 +1,11 @@ + + + + +@deftypefun {void} {gnutls_x509_key_purpose_deinit} (gnutls_x509_key_purposes_t @var{p}) +@var{p}: The key purposes + +This function will deinitialize a key purposes type. + +@strong{Since:} 3.3.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_key_purpose_deinit.short b/doc/functions/gnutls_x509_key_purpose_deinit.short new file mode 100644 index 0000000..1bb8f8a --- /dev/null +++ b/doc/functions/gnutls_x509_key_purpose_deinit.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_x509_key_purpose_deinit} (gnutls_x509_key_purposes_t @var{p}) diff --git a/doc/functions/gnutls_x509_key_purpose_get b/doc/functions/gnutls_x509_key_purpose_get new file mode 100644 index 0000000..0877448 --- /dev/null +++ b/doc/functions/gnutls_x509_key_purpose_get @@ -0,0 +1,19 @@ + + + + +@deftypefun {int} {gnutls_x509_key_purpose_get} (gnutls_x509_key_purposes_t @var{p}, unsigned @var{idx}, gnutls_datum_t * @var{oid}) +@var{p}: The key purposes + +@var{idx}: The index of the key purpose to retrieve + +@var{oid}: Will hold the object identifier of the key purpose (to be treated as constant) + +This function will retrieve the specified by the index key purpose in the +purposes type. The object identifier will be a null terminated string. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} +if the index is out of bounds, otherwise a negative error value. + +@strong{Since:} 3.3.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_key_purpose_get.short b/doc/functions/gnutls_x509_key_purpose_get.short new file mode 100644 index 0000000..300597d --- /dev/null +++ b/doc/functions/gnutls_x509_key_purpose_get.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_key_purpose_get} (gnutls_x509_key_purposes_t @var{p}, unsigned @var{idx}, gnutls_datum_t * @var{oid}) diff --git a/doc/functions/gnutls_x509_key_purpose_init b/doc/functions/gnutls_x509_key_purpose_init new file mode 100644 index 0000000..fa74893 --- /dev/null +++ b/doc/functions/gnutls_x509_key_purpose_init @@ -0,0 +1,13 @@ + + + + +@deftypefun {int} {gnutls_x509_key_purpose_init} (gnutls_x509_key_purposes_t * @var{p}) +@var{p}: The key purposes + +This function will initialize an alternative names type. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a negative error value. + +@strong{Since:} 3.3.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_key_purpose_init.short b/doc/functions/gnutls_x509_key_purpose_init.short new file mode 100644 index 0000000..4a40f68 --- /dev/null +++ b/doc/functions/gnutls_x509_key_purpose_init.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_key_purpose_init} (gnutls_x509_key_purposes_t * @var{p}) diff --git a/doc/functions/gnutls_x509_key_purpose_set b/doc/functions/gnutls_x509_key_purpose_set new file mode 100644 index 0000000..346c60d --- /dev/null +++ b/doc/functions/gnutls_x509_key_purpose_set @@ -0,0 +1,16 @@ + + + + +@deftypefun {int} {gnutls_x509_key_purpose_set} (gnutls_x509_key_purposes_t @var{p}, const char * @var{oid}) +@var{p}: The key purposes + +@var{oid}: The object identifier of the key purpose + +This function will store the specified key purpose in the +purposes. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0), otherwise a negative error value. + +@strong{Since:} 3.3.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_key_purpose_set.short b/doc/functions/gnutls_x509_key_purpose_set.short new file mode 100644 index 0000000..8e6881f --- /dev/null +++ b/doc/functions/gnutls_x509_key_purpose_set.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_key_purpose_set} (gnutls_x509_key_purposes_t @var{p}, const char * @var{oid}) diff --git a/doc/functions/gnutls_x509_name_constraints_add_excluded b/doc/functions/gnutls_x509_name_constraints_add_excluded new file mode 100644 index 0000000..49a4c04 --- /dev/null +++ b/doc/functions/gnutls_x509_name_constraints_add_excluded @@ -0,0 +1,22 @@ + + + + +@deftypefun {int} {gnutls_x509_name_constraints_add_excluded} (gnutls_x509_name_constraints_t @var{nc}, gnutls_x509_subject_alt_name_t @var{type}, const gnutls_datum_t * @var{name}) +@var{nc}: The nameconstraints + +@var{type}: The type of the constraints + +@var{name}: The data of the constraints + +This function will add a name constraint to the list of excluded +constraints. The constraints @code{type} can be any of the following types: +@code{GNUTLS_SAN_DNSNAME} , @code{GNUTLS_SAN_RFC822NAME} , @code{GNUTLS_SAN_DN} , +@code{GNUTLS_SAN_URI} , @code{GNUTLS_SAN_IPADDRESS} . For the latter, an IP address +in network byte order is expected, followed by its network mask (which is +4 bytes in IPv4 or 16-bytes in IPv6). + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a negative error value. + +@strong{Since:} 3.3.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_name_constraints_add_excluded.short b/doc/functions/gnutls_x509_name_constraints_add_excluded.short new file mode 100644 index 0000000..0be420e --- /dev/null +++ b/doc/functions/gnutls_x509_name_constraints_add_excluded.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_name_constraints_add_excluded} (gnutls_x509_name_constraints_t @var{nc}, gnutls_x509_subject_alt_name_t @var{type}, const gnutls_datum_t * @var{name}) diff --git a/doc/functions/gnutls_x509_name_constraints_add_permitted b/doc/functions/gnutls_x509_name_constraints_add_permitted new file mode 100644 index 0000000..a143dc9 --- /dev/null +++ b/doc/functions/gnutls_x509_name_constraints_add_permitted @@ -0,0 +1,21 @@ + + + + +@deftypefun {int} {gnutls_x509_name_constraints_add_permitted} (gnutls_x509_name_constraints_t @var{nc}, gnutls_x509_subject_alt_name_t @var{type}, const gnutls_datum_t * @var{name}) +@var{nc}: The nameconstraints + +@var{type}: The type of the constraints + +@var{name}: The data of the constraints + +This function will add a name constraint to the list of permitted +constraints. The constraints @code{type} can be any of the following types: +@code{GNUTLS_SAN_DNSNAME} , @code{GNUTLS_SAN_RFC822NAME} , @code{GNUTLS_SAN_DN} , +@code{GNUTLS_SAN_URI} , @code{GNUTLS_SAN_IPADDRESS} . For the latter, an IP address +in network byte order is expected, followed by its network mask. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a negative error value. + +@strong{Since:} 3.3.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_name_constraints_add_permitted.short b/doc/functions/gnutls_x509_name_constraints_add_permitted.short new file mode 100644 index 0000000..14feaf9 --- /dev/null +++ b/doc/functions/gnutls_x509_name_constraints_add_permitted.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_name_constraints_add_permitted} (gnutls_x509_name_constraints_t @var{nc}, gnutls_x509_subject_alt_name_t @var{type}, const gnutls_datum_t * @var{name}) diff --git a/doc/functions/gnutls_x509_name_constraints_check b/doc/functions/gnutls_x509_name_constraints_check new file mode 100644 index 0000000..f425481 --- /dev/null +++ b/doc/functions/gnutls_x509_name_constraints_check @@ -0,0 +1,20 @@ + + + + +@deftypefun {unsigned} {gnutls_x509_name_constraints_check} (gnutls_x509_name_constraints_t @var{nc}, gnutls_x509_subject_alt_name_t @var{type}, const gnutls_datum_t * @var{name}) +@var{nc}: the extracted name constraints + +@var{type}: the type of the constraint to check (of type gnutls_x509_subject_alt_name_t) + +@var{name}: the name to be checked + +This function will check the provided name against the constraints in + @code{nc} using the RFC5280 rules. Currently this function is limited to DNS +names, emails and IP addresses (of type @code{GNUTLS_SAN_DNSNAME} , +@code{GNUTLS_SAN_RFC822NAME} and @code{GNUTLS_SAN_IPADDRESS} ). + +@strong{Returns:} zero if the provided name is not acceptable, and non-zero otherwise. + +@strong{Since:} 3.3.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_name_constraints_check.short b/doc/functions/gnutls_x509_name_constraints_check.short new file mode 100644 index 0000000..ed2cf66 --- /dev/null +++ b/doc/functions/gnutls_x509_name_constraints_check.short @@ -0,0 +1 @@ +@item @var{unsigned} @ref{gnutls_x509_name_constraints_check} (gnutls_x509_name_constraints_t @var{nc}, gnutls_x509_subject_alt_name_t @var{type}, const gnutls_datum_t * @var{name}) diff --git a/doc/functions/gnutls_x509_name_constraints_check_crt b/doc/functions/gnutls_x509_name_constraints_check_crt new file mode 100644 index 0000000..060ae0c --- /dev/null +++ b/doc/functions/gnutls_x509_name_constraints_check_crt @@ -0,0 +1,22 @@ + + + + +@deftypefun {unsigned} {gnutls_x509_name_constraints_check_crt} (gnutls_x509_name_constraints_t @var{nc}, gnutls_x509_subject_alt_name_t @var{type}, gnutls_x509_crt_t @var{cert}) +@var{nc}: the extracted name constraints + +@var{type}: the type of the constraint to check (of type gnutls_x509_subject_alt_name_t) + +@var{cert}: the certificate to be checked + +This function will check the provided certificate names against the constraints in + @code{nc} using the RFC5280 rules. It will traverse all the certificate's names and +alternative names. + +Currently this function is limited to DNS +names and emails (of type @code{GNUTLS_SAN_DNSNAME} and @code{GNUTLS_SAN_RFC822NAME} ). + +@strong{Returns:} zero if the provided name is not acceptable, and non-zero otherwise. + +@strong{Since:} 3.3.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_name_constraints_check_crt.short b/doc/functions/gnutls_x509_name_constraints_check_crt.short new file mode 100644 index 0000000..d74007e --- /dev/null +++ b/doc/functions/gnutls_x509_name_constraints_check_crt.short @@ -0,0 +1 @@ +@item @var{unsigned} @ref{gnutls_x509_name_constraints_check_crt} (gnutls_x509_name_constraints_t @var{nc}, gnutls_x509_subject_alt_name_t @var{type}, gnutls_x509_crt_t @var{cert}) diff --git a/doc/functions/gnutls_x509_name_constraints_deinit b/doc/functions/gnutls_x509_name_constraints_deinit new file mode 100644 index 0000000..c6ca5fe --- /dev/null +++ b/doc/functions/gnutls_x509_name_constraints_deinit @@ -0,0 +1,11 @@ + + + + +@deftypefun {void} {gnutls_x509_name_constraints_deinit} (gnutls_x509_name_constraints_t @var{nc}) +@var{nc}: The nameconstraints + +This function will deinitialize a name constraints type. + +@strong{Since:} 3.3.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_name_constraints_deinit.short b/doc/functions/gnutls_x509_name_constraints_deinit.short new file mode 100644 index 0000000..febde2f --- /dev/null +++ b/doc/functions/gnutls_x509_name_constraints_deinit.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_x509_name_constraints_deinit} (gnutls_x509_name_constraints_t @var{nc}) diff --git a/doc/functions/gnutls_x509_name_constraints_get_excluded b/doc/functions/gnutls_x509_name_constraints_get_excluded new file mode 100644 index 0000000..ef5c97b --- /dev/null +++ b/doc/functions/gnutls_x509_name_constraints_get_excluded @@ -0,0 +1,25 @@ + + + + +@deftypefun {int} {gnutls_x509_name_constraints_get_excluded} (gnutls_x509_name_constraints_t @var{nc}, unsigned @var{idx}, unsigned * @var{type}, gnutls_datum_t * @var{name}) +@var{nc}: the extracted name constraints + +@var{idx}: the index of the constraint + +@var{type}: the type of the constraint (of type gnutls_x509_subject_alt_name_t) + +@var{name}: the name in the constraint (of the specific type) + +This function will return an intermediate type containing +the name constraints of the provided CA certificate. That +structure can be used in combination with @code{gnutls_x509_name_constraints_check()} +to verify whether a server's name is in accordance with the constraints. + +The name should be treated as constant and valid for the lifetime of @code{nc} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} +if the extension is not present, otherwise a negative error value. + +@strong{Since:} 3.3.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_name_constraints_get_excluded.short b/doc/functions/gnutls_x509_name_constraints_get_excluded.short new file mode 100644 index 0000000..0e8d020 --- /dev/null +++ b/doc/functions/gnutls_x509_name_constraints_get_excluded.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_name_constraints_get_excluded} (gnutls_x509_name_constraints_t @var{nc}, unsigned @var{idx}, unsigned * @var{type}, gnutls_datum_t * @var{name}) diff --git a/doc/functions/gnutls_x509_name_constraints_get_permitted b/doc/functions/gnutls_x509_name_constraints_get_permitted new file mode 100644 index 0000000..9959cd2 --- /dev/null +++ b/doc/functions/gnutls_x509_name_constraints_get_permitted @@ -0,0 +1,25 @@ + + + + +@deftypefun {int} {gnutls_x509_name_constraints_get_permitted} (gnutls_x509_name_constraints_t @var{nc}, unsigned @var{idx}, unsigned * @var{type}, gnutls_datum_t * @var{name}) +@var{nc}: the extracted name constraints + +@var{idx}: the index of the constraint + +@var{type}: the type of the constraint (of type gnutls_x509_subject_alt_name_t) + +@var{name}: the name in the constraint (of the specific type) + +This function will return an intermediate type containing +the name constraints of the provided CA certificate. That +structure can be used in combination with @code{gnutls_x509_name_constraints_check()} +to verify whether a server's name is in accordance with the constraints. + +The name should be treated as constant and valid for the lifetime of @code{nc} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} +if the extension is not present, otherwise a negative error value. + +@strong{Since:} 3.3.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_name_constraints_get_permitted.short b/doc/functions/gnutls_x509_name_constraints_get_permitted.short new file mode 100644 index 0000000..d73d9a4 --- /dev/null +++ b/doc/functions/gnutls_x509_name_constraints_get_permitted.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_name_constraints_get_permitted} (gnutls_x509_name_constraints_t @var{nc}, unsigned @var{idx}, unsigned * @var{type}, gnutls_datum_t * @var{name}) diff --git a/doc/functions/gnutls_x509_name_constraints_init b/doc/functions/gnutls_x509_name_constraints_init new file mode 100644 index 0000000..92969bb --- /dev/null +++ b/doc/functions/gnutls_x509_name_constraints_init @@ -0,0 +1,13 @@ + + + + +@deftypefun {int} {gnutls_x509_name_constraints_init} (gnutls_x509_name_constraints_t * @var{nc}) +@var{nc}: The nameconstraints + +This function will initialize a name constraints type. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a negative error value. + +@strong{Since:} 3.3.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_name_constraints_init.short b/doc/functions/gnutls_x509_name_constraints_init.short new file mode 100644 index 0000000..0f206dc --- /dev/null +++ b/doc/functions/gnutls_x509_name_constraints_init.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_name_constraints_init} (gnutls_x509_name_constraints_t * @var{nc}) diff --git a/doc/functions/gnutls_x509_othername_to_virtual b/doc/functions/gnutls_x509_othername_to_virtual new file mode 100644 index 0000000..303357a --- /dev/null +++ b/doc/functions/gnutls_x509_othername_to_virtual @@ -0,0 +1,20 @@ + + + + +@deftypefun {int} {gnutls_x509_othername_to_virtual} (const char * @var{oid}, const gnutls_datum_t * @var{othername}, unsigned int * @var{virt_type}, gnutls_datum_t * @var{virt}) +@var{oid}: The othername object identifier + +@var{othername}: The othername data + +@var{virt_type}: GNUTLS_SAN_OTHERNAME_XXX + +@var{virt}: allocated printable data + +This function will parse and convert the othername data to a virtual +type supported by gnutls. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a negative error value. + +@strong{Since:} 3.3.8 +@end deftypefun diff --git a/doc/functions/gnutls_x509_othername_to_virtual.short b/doc/functions/gnutls_x509_othername_to_virtual.short new file mode 100644 index 0000000..13b4a64 --- /dev/null +++ b/doc/functions/gnutls_x509_othername_to_virtual.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_othername_to_virtual} (const char * @var{oid}, const gnutls_datum_t * @var{othername}, unsigned int * @var{virt_type}, gnutls_datum_t * @var{virt}) diff --git a/doc/functions/gnutls_x509_policies_deinit b/doc/functions/gnutls_x509_policies_deinit new file mode 100644 index 0000000..9501d42 --- /dev/null +++ b/doc/functions/gnutls_x509_policies_deinit @@ -0,0 +1,11 @@ + + + + +@deftypefun {void} {gnutls_x509_policies_deinit} (gnutls_x509_policies_t @var{policies}) +@var{policies}: The authority key identifier + +This function will deinitialize an authority key identifier type. + +@strong{Since:} 3.3.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_policies_deinit.short b/doc/functions/gnutls_x509_policies_deinit.short new file mode 100644 index 0000000..200dc4d --- /dev/null +++ b/doc/functions/gnutls_x509_policies_deinit.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_x509_policies_deinit} (gnutls_x509_policies_t @var{policies}) diff --git a/doc/functions/gnutls_x509_policies_get b/doc/functions/gnutls_x509_policies_get new file mode 100644 index 0000000..c721e94 --- /dev/null +++ b/doc/functions/gnutls_x509_policies_get @@ -0,0 +1,22 @@ + + + + +@deftypefun {int} {gnutls_x509_policies_get} (gnutls_x509_policies_t @var{policies}, unsigned int @var{seq}, struct gnutls_x509_policy_st * @var{policy}) +@var{policies}: The policies + +@var{seq}: The index of the name to get + +@var{policy}: Will hold the policy + +This function will return a specific policy as stored in +the @code{policies} type. The returned values should be treated as constant +and valid for the lifetime of @code{policies} . + +The any policy OID is available as the @code{GNUTLS_X509_OID_POLICY_ANY} macro. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} +if the index is out of bounds, otherwise a negative error value. + +@strong{Since:} 3.3.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_policies_get.short b/doc/functions/gnutls_x509_policies_get.short new file mode 100644 index 0000000..e2f6d36 --- /dev/null +++ b/doc/functions/gnutls_x509_policies_get.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_policies_get} (gnutls_x509_policies_t @var{policies}, unsigned int @var{seq}, struct gnutls_x509_policy_st * @var{policy}) diff --git a/doc/functions/gnutls_x509_policies_init b/doc/functions/gnutls_x509_policies_init new file mode 100644 index 0000000..fd91d7f --- /dev/null +++ b/doc/functions/gnutls_x509_policies_init @@ -0,0 +1,13 @@ + + + + +@deftypefun {int} {gnutls_x509_policies_init} (gnutls_x509_policies_t * @var{policies}) +@var{policies}: The authority key ID + +This function will initialize an authority key ID type. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a negative error value. + +@strong{Since:} 3.3.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_policies_init.short b/doc/functions/gnutls_x509_policies_init.short new file mode 100644 index 0000000..82b2a36 --- /dev/null +++ b/doc/functions/gnutls_x509_policies_init.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_policies_init} (gnutls_x509_policies_t * @var{policies}) diff --git a/doc/functions/gnutls_x509_policies_set b/doc/functions/gnutls_x509_policies_set new file mode 100644 index 0000000..7d05085 --- /dev/null +++ b/doc/functions/gnutls_x509_policies_set @@ -0,0 +1,16 @@ + + + + +@deftypefun {int} {gnutls_x509_policies_set} (gnutls_x509_policies_t @var{policies}, const struct gnutls_x509_policy_st * @var{policy}) +@var{policies}: An initialized policies + +@var{policy}: Contains the policy to set + +This function will store the specified policy in +the provided @code{policies} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0), otherwise a negative error value. + +@strong{Since:} 3.3.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_policies_set.short b/doc/functions/gnutls_x509_policies_set.short new file mode 100644 index 0000000..05fee53 --- /dev/null +++ b/doc/functions/gnutls_x509_policies_set.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_policies_set} (gnutls_x509_policies_t @var{policies}, const struct gnutls_x509_policy_st * @var{policy}) diff --git a/doc/functions/gnutls_x509_policy_release b/doc/functions/gnutls_x509_policy_release new file mode 100644 index 0000000..909eab4 --- /dev/null +++ b/doc/functions/gnutls_x509_policy_release @@ -0,0 +1,12 @@ + + + + +@deftypefun {void} {gnutls_x509_policy_release} (struct gnutls_x509_policy_st * @var{policy}) +@var{policy}: a certificate policy + +This function will deinitialize all memory associated with the provided + @code{policy} . The policy is allocated using @code{gnutls_x509_crt_get_policy()} . + +@strong{Since:} 3.1.5 +@end deftypefun diff --git a/doc/functions/gnutls_x509_policy_release.short b/doc/functions/gnutls_x509_policy_release.short new file mode 100644 index 0000000..e9ef379 --- /dev/null +++ b/doc/functions/gnutls_x509_policy_release.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_x509_policy_release} (struct gnutls_x509_policy_st * @var{policy}) diff --git a/doc/functions/gnutls_x509_privkey_cpy b/doc/functions/gnutls_x509_privkey_cpy new file mode 100644 index 0000000..30fd246 --- /dev/null +++ b/doc/functions/gnutls_x509_privkey_cpy @@ -0,0 +1,15 @@ + + + + +@deftypefun {int} {gnutls_x509_privkey_cpy} (gnutls_x509_privkey_t @var{dst}, gnutls_x509_privkey_t @var{src}) +@var{dst}: The destination key, which should be initialized. + +@var{src}: The source key + +This function will copy a private key from source to destination +key. Destination has to be initialized. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_x509_privkey_cpy.short b/doc/functions/gnutls_x509_privkey_cpy.short new file mode 100644 index 0000000..d870998 --- /dev/null +++ b/doc/functions/gnutls_x509_privkey_cpy.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_privkey_cpy} (gnutls_x509_privkey_t @var{dst}, gnutls_x509_privkey_t @var{src}) diff --git a/doc/functions/gnutls_x509_privkey_deinit b/doc/functions/gnutls_x509_privkey_deinit new file mode 100644 index 0000000..ca8a33b --- /dev/null +++ b/doc/functions/gnutls_x509_privkey_deinit @@ -0,0 +1,9 @@ + + + + +@deftypefun {void} {gnutls_x509_privkey_deinit} (gnutls_x509_privkey_t @var{key}) +@var{key}: The key to be deinitialized + +This function will deinitialize a private key structure. +@end deftypefun diff --git a/doc/functions/gnutls_x509_privkey_deinit.short b/doc/functions/gnutls_x509_privkey_deinit.short new file mode 100644 index 0000000..542e9b9 --- /dev/null +++ b/doc/functions/gnutls_x509_privkey_deinit.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_x509_privkey_deinit} (gnutls_x509_privkey_t @var{key}) diff --git a/doc/functions/gnutls_x509_privkey_export b/doc/functions/gnutls_x509_privkey_export new file mode 100644 index 0000000..16cb205 --- /dev/null +++ b/doc/functions/gnutls_x509_privkey_export @@ -0,0 +1,27 @@ + + + + +@deftypefun {int} {gnutls_x509_privkey_export} (gnutls_x509_privkey_t @var{key}, gnutls_x509_crt_fmt_t @var{format}, void * @var{output_data}, size_t * @var{output_data_size}) +@var{key}: Holds the key + +@var{format}: the format of output params. One of PEM or DER. + +@var{output_data}: will contain a private key PEM or DER encoded + +@var{output_data_size}: holds the size of output_data (and will be +replaced by the actual size of parameters) + +This function will export the private key to a PKCS@code{1} structure for +RSA or RSA-PSS keys, and integer sequence for DSA keys. Other keys types +will be exported in PKCS@code{8} form. + +If the structure is PEM encoded, it will have a header +of "BEGIN RSA PRIVATE KEY". + +It is recommended to use @code{gnutls_x509_privkey_export_pkcs8()} instead +of this function, when a consistent output format is required. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_x509_privkey_export.short b/doc/functions/gnutls_x509_privkey_export.short new file mode 100644 index 0000000..7861434 --- /dev/null +++ b/doc/functions/gnutls_x509_privkey_export.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_privkey_export} (gnutls_x509_privkey_t @var{key}, gnutls_x509_crt_fmt_t @var{format}, void * @var{output_data}, size_t * @var{output_data_size}) diff --git a/doc/functions/gnutls_x509_privkey_export2 b/doc/functions/gnutls_x509_privkey_export2 new file mode 100644 index 0000000..da949b2 --- /dev/null +++ b/doc/functions/gnutls_x509_privkey_export2 @@ -0,0 +1,25 @@ + + + + +@deftypefun {int} {gnutls_x509_privkey_export2} (gnutls_x509_privkey_t @var{key}, gnutls_x509_crt_fmt_t @var{format}, gnutls_datum_t * @var{out}) +@var{key}: Holds the key + +@var{format}: the format of output params. One of PEM or DER. + +@var{out}: will contain a private key PEM or DER encoded + +This function will export the private key to a PKCS@code{1} structure for +RSA or RSA-PSS keys, and integer sequence for DSA keys. Other keys types +will be exported in PKCS@code{8} form. + +The output buffer is allocated using @code{gnutls_malloc()} . + +It is recommended to use @code{gnutls_x509_privkey_export2_pkcs8()} instead +of this function, when a consistent output format is required. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +Since 3.1.3 +@end deftypefun diff --git a/doc/functions/gnutls_x509_privkey_export2.short b/doc/functions/gnutls_x509_privkey_export2.short new file mode 100644 index 0000000..2968fc0 --- /dev/null +++ b/doc/functions/gnutls_x509_privkey_export2.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_privkey_export2} (gnutls_x509_privkey_t @var{key}, gnutls_x509_crt_fmt_t @var{format}, gnutls_datum_t * @var{out}) diff --git a/doc/functions/gnutls_x509_privkey_export2_pkcs8 b/doc/functions/gnutls_x509_privkey_export2_pkcs8 new file mode 100644 index 0000000..71d6d83 --- /dev/null +++ b/doc/functions/gnutls_x509_privkey_export2_pkcs8 @@ -0,0 +1,34 @@ + + + + +@deftypefun {int} {gnutls_x509_privkey_export2_pkcs8} (gnutls_x509_privkey_t @var{key}, gnutls_x509_crt_fmt_t @var{format}, const char * @var{password}, unsigned int @var{flags}, gnutls_datum_t * @var{out}) +@var{key}: Holds the key + +@var{format}: the format of output params. One of PEM or DER. + +@var{password}: the password that will be used to encrypt the key. + +@var{flags}: an ORed sequence of gnutls_pkcs_encrypt_flags_t + +@var{out}: will contain a private key PEM or DER encoded + +This function will export the private key to a PKCS8 structure. +Both RSA and DSA keys can be exported. For DSA keys we use +PKCS @code{11} definitions. If the flags do not specify the encryption +cipher, then the default 3DES (PBES2) will be used. + +The @code{password} can be either ASCII or UTF-8 in the default PBES2 +encryption schemas, or ASCII for the PKCS12 schemas. + +The output buffer is allocated using @code{gnutls_malloc()} . + +If the structure is PEM encoded, it will have a header +of "BEGIN ENCRYPTED PRIVATE KEY" or "BEGIN PRIVATE KEY" if +encryption is not used. + +@strong{Returns:} In case of failure a negative error code will be +returned, and 0 on success. + +Since 3.1.3 +@end deftypefun diff --git a/doc/functions/gnutls_x509_privkey_export2_pkcs8.short b/doc/functions/gnutls_x509_privkey_export2_pkcs8.short new file mode 100644 index 0000000..89be312 --- /dev/null +++ b/doc/functions/gnutls_x509_privkey_export2_pkcs8.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_privkey_export2_pkcs8} (gnutls_x509_privkey_t @var{key}, gnutls_x509_crt_fmt_t @var{format}, const char * @var{password}, unsigned int @var{flags}, gnutls_datum_t * @var{out}) diff --git a/doc/functions/gnutls_x509_privkey_export_dsa_raw b/doc/functions/gnutls_x509_privkey_export_dsa_raw new file mode 100644 index 0000000..8cfe3b7 --- /dev/null +++ b/doc/functions/gnutls_x509_privkey_export_dsa_raw @@ -0,0 +1,24 @@ + + + + +@deftypefun {int} {gnutls_x509_privkey_export_dsa_raw} (gnutls_x509_privkey_t @var{key}, gnutls_datum_t * @var{p}, gnutls_datum_t * @var{q}, gnutls_datum_t * @var{g}, gnutls_datum_t * @var{y}, gnutls_datum_t * @var{x}) +@var{key}: a key + +@var{p}: will hold the p + +@var{q}: will hold the q + +@var{g}: will hold the g + +@var{y}: will hold the y + +@var{x}: will hold the x + +This function will export the DSA private key's parameters found +in the given structure. The new parameters will be allocated using +@code{gnutls_malloc()} and will be stored in the appropriate datum. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_x509_privkey_export_dsa_raw.short b/doc/functions/gnutls_x509_privkey_export_dsa_raw.short new file mode 100644 index 0000000..2213fe0 --- /dev/null +++ b/doc/functions/gnutls_x509_privkey_export_dsa_raw.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_privkey_export_dsa_raw} (gnutls_x509_privkey_t @var{key}, gnutls_datum_t * @var{p}, gnutls_datum_t * @var{q}, gnutls_datum_t * @var{g}, gnutls_datum_t * @var{y}, gnutls_datum_t * @var{x}) diff --git a/doc/functions/gnutls_x509_privkey_export_ecc_raw b/doc/functions/gnutls_x509_privkey_export_ecc_raw new file mode 100644 index 0000000..476c97b --- /dev/null +++ b/doc/functions/gnutls_x509_privkey_export_ecc_raw @@ -0,0 +1,27 @@ + + + + +@deftypefun {int} {gnutls_x509_privkey_export_ecc_raw} (gnutls_x509_privkey_t @var{key}, gnutls_ecc_curve_t * @var{curve}, gnutls_datum_t * @var{x}, gnutls_datum_t * @var{y}, gnutls_datum_t * @var{k}) +@var{key}: a key + +@var{curve}: will hold the curve + +@var{x}: will hold the x-coordinate + +@var{y}: will hold the y-coordinate + +@var{k}: will hold the private key + +This function will export the ECC private key's parameters found +in the given structure. The new parameters will be allocated using +@code{gnutls_malloc()} and will be stored in the appropriate datum. + +In EdDSA curves the @code{y} parameter will be @code{NULL} and the other parameters +will be in the native format for the curve. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_privkey_export_ecc_raw.short b/doc/functions/gnutls_x509_privkey_export_ecc_raw.short new file mode 100644 index 0000000..e38e0e6 --- /dev/null +++ b/doc/functions/gnutls_x509_privkey_export_ecc_raw.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_privkey_export_ecc_raw} (gnutls_x509_privkey_t @var{key}, gnutls_ecc_curve_t * @var{curve}, gnutls_datum_t * @var{x}, gnutls_datum_t * @var{y}, gnutls_datum_t * @var{k}) diff --git a/doc/functions/gnutls_x509_privkey_export_gost_raw b/doc/functions/gnutls_x509_privkey_export_gost_raw new file mode 100644 index 0000000..d9904c8 --- /dev/null +++ b/doc/functions/gnutls_x509_privkey_export_gost_raw @@ -0,0 +1,31 @@ + + + + +@deftypefun {int} {gnutls_x509_privkey_export_gost_raw} (gnutls_x509_privkey_t @var{key}, gnutls_ecc_curve_t * @var{curve}, gnutls_digest_algorithm_t * @var{digest}, gnutls_gost_paramset_t * @var{paramset}, gnutls_datum_t * @var{x}, gnutls_datum_t * @var{y}, gnutls_datum_t * @var{k}) +@var{key}: a key + +@var{curve}: will hold the curve + +@var{digest}: will hold the digest + +@var{paramset}: will hold the GOST parameter set ID + +@var{x}: will hold the x-coordinate + +@var{y}: will hold the y-coordinate + +@var{k}: will hold the private key + +This function will export the GOST private key's parameters found +in the given structure. The new parameters will be allocated using +@code{gnutls_malloc()} and will be stored in the appropriate datum. + +@strong{Note:} parameters will be stored with least significant byte first. On +version 3.6.3 this was incorrectly returned in big-endian format. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.6.3 +@end deftypefun diff --git a/doc/functions/gnutls_x509_privkey_export_gost_raw.short b/doc/functions/gnutls_x509_privkey_export_gost_raw.short new file mode 100644 index 0000000..c3cb93e --- /dev/null +++ b/doc/functions/gnutls_x509_privkey_export_gost_raw.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_privkey_export_gost_raw} (gnutls_x509_privkey_t @var{key}, gnutls_ecc_curve_t * @var{curve}, gnutls_digest_algorithm_t * @var{digest}, gnutls_gost_paramset_t * @var{paramset}, gnutls_datum_t * @var{x}, gnutls_datum_t * @var{y}, gnutls_datum_t * @var{k}) diff --git a/doc/functions/gnutls_x509_privkey_export_pkcs8 b/doc/functions/gnutls_x509_privkey_export_pkcs8 new file mode 100644 index 0000000..d10a26c --- /dev/null +++ b/doc/functions/gnutls_x509_privkey_export_pkcs8 @@ -0,0 +1,37 @@ + + + + +@deftypefun {int} {gnutls_x509_privkey_export_pkcs8} (gnutls_x509_privkey_t @var{key}, gnutls_x509_crt_fmt_t @var{format}, const char * @var{password}, unsigned int @var{flags}, void * @var{output_data}, size_t * @var{output_data_size}) +@var{key}: Holds the key + +@var{format}: the format of output params. One of PEM or DER. + +@var{password}: the password that will be used to encrypt the key. + +@var{flags}: an ORed sequence of gnutls_pkcs_encrypt_flags_t + +@var{output_data}: will contain a private key PEM or DER encoded + +@var{output_data_size}: holds the size of output_data (and will be +replaced by the actual size of parameters) + +This function will export the private key to a PKCS8 structure. +Both RSA and DSA keys can be exported. For DSA keys we use +PKCS @code{11} definitions. If the flags do not specify the encryption +cipher, then the default 3DES (PBES2) will be used. + +The @code{password} can be either ASCII or UTF-8 in the default PBES2 +encryption schemas, or ASCII for the PKCS12 schemas. + +If the buffer provided is not long enough to hold the output, then +*output_data_size is updated and GNUTLS_E_SHORT_MEMORY_BUFFER will +be returned. + +If the structure is PEM encoded, it will have a header +of "BEGIN ENCRYPTED PRIVATE KEY" or "BEGIN PRIVATE KEY" if +encryption is not used. + +@strong{Returns:} In case of failure a negative error code will be +returned, and 0 on success. +@end deftypefun diff --git a/doc/functions/gnutls_x509_privkey_export_pkcs8.short b/doc/functions/gnutls_x509_privkey_export_pkcs8.short new file mode 100644 index 0000000..7a17e3d --- /dev/null +++ b/doc/functions/gnutls_x509_privkey_export_pkcs8.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_privkey_export_pkcs8} (gnutls_x509_privkey_t @var{key}, gnutls_x509_crt_fmt_t @var{format}, const char * @var{password}, unsigned int @var{flags}, void * @var{output_data}, size_t * @var{output_data_size}) diff --git a/doc/functions/gnutls_x509_privkey_export_rsa_raw b/doc/functions/gnutls_x509_privkey_export_rsa_raw new file mode 100644 index 0000000..ff6426f --- /dev/null +++ b/doc/functions/gnutls_x509_privkey_export_rsa_raw @@ -0,0 +1,26 @@ + + + + +@deftypefun {int} {gnutls_x509_privkey_export_rsa_raw} (gnutls_x509_privkey_t @var{key}, gnutls_datum_t * @var{m}, gnutls_datum_t * @var{e}, gnutls_datum_t * @var{d}, gnutls_datum_t * @var{p}, gnutls_datum_t * @var{q}, gnutls_datum_t * @var{u}) +@var{key}: a key + +@var{m}: will hold the modulus + +@var{e}: will hold the public exponent + +@var{d}: will hold the private exponent + +@var{p}: will hold the first prime (p) + +@var{q}: will hold the second prime (q) + +@var{u}: will hold the coefficient + +This function will export the RSA private key's parameters found +in the given structure. The new parameters will be allocated using +@code{gnutls_malloc()} and will be stored in the appropriate datum. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_x509_privkey_export_rsa_raw.short b/doc/functions/gnutls_x509_privkey_export_rsa_raw.short new file mode 100644 index 0000000..3bb77b0 --- /dev/null +++ b/doc/functions/gnutls_x509_privkey_export_rsa_raw.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_privkey_export_rsa_raw} (gnutls_x509_privkey_t @var{key}, gnutls_datum_t * @var{m}, gnutls_datum_t * @var{e}, gnutls_datum_t * @var{d}, gnutls_datum_t * @var{p}, gnutls_datum_t * @var{q}, gnutls_datum_t * @var{u}) diff --git a/doc/functions/gnutls_x509_privkey_export_rsa_raw2 b/doc/functions/gnutls_x509_privkey_export_rsa_raw2 new file mode 100644 index 0000000..bd42141 --- /dev/null +++ b/doc/functions/gnutls_x509_privkey_export_rsa_raw2 @@ -0,0 +1,32 @@ + + + + +@deftypefun {int} {gnutls_x509_privkey_export_rsa_raw2} (gnutls_x509_privkey_t @var{key}, gnutls_datum_t * @var{m}, gnutls_datum_t * @var{e}, gnutls_datum_t * @var{d}, gnutls_datum_t * @var{p}, gnutls_datum_t * @var{q}, gnutls_datum_t * @var{u}, gnutls_datum_t * @var{e1}, gnutls_datum_t * @var{e2}) +@var{key}: a key + +@var{m}: will hold the modulus + +@var{e}: will hold the public exponent + +@var{d}: will hold the private exponent + +@var{p}: will hold the first prime (p) + +@var{q}: will hold the second prime (q) + +@var{u}: will hold the coefficient + +@var{e1}: will hold e1 = d mod (p-1) + +@var{e2}: will hold e2 = d mod (q-1) + +This function will export the RSA private key's parameters found +in the given structure. The new parameters will be allocated using +@code{gnutls_malloc()} and will be stored in the appropriate datum. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 2.12.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_privkey_export_rsa_raw2.short b/doc/functions/gnutls_x509_privkey_export_rsa_raw2.short new file mode 100644 index 0000000..c17c679 --- /dev/null +++ b/doc/functions/gnutls_x509_privkey_export_rsa_raw2.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_privkey_export_rsa_raw2} (gnutls_x509_privkey_t @var{key}, gnutls_datum_t * @var{m}, gnutls_datum_t * @var{e}, gnutls_datum_t * @var{d}, gnutls_datum_t * @var{p}, gnutls_datum_t * @var{q}, gnutls_datum_t * @var{u}, gnutls_datum_t * @var{e1}, gnutls_datum_t * @var{e2}) diff --git a/doc/functions/gnutls_x509_privkey_fix b/doc/functions/gnutls_x509_privkey_fix new file mode 100644 index 0000000..2c40b95 --- /dev/null +++ b/doc/functions/gnutls_x509_privkey_fix @@ -0,0 +1,13 @@ + + + + +@deftypefun {int} {gnutls_x509_privkey_fix} (gnutls_x509_privkey_t @var{key}) +@var{key}: a key + +This function will recalculate the secondary parameters in a key. +In RSA keys, this can be the coefficient and exponent1,2. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_x509_privkey_fix.short b/doc/functions/gnutls_x509_privkey_fix.short new file mode 100644 index 0000000..b4071bf --- /dev/null +++ b/doc/functions/gnutls_x509_privkey_fix.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_privkey_fix} (gnutls_x509_privkey_t @var{key}) diff --git a/doc/functions/gnutls_x509_privkey_generate b/doc/functions/gnutls_x509_privkey_generate new file mode 100644 index 0000000..f5a0e2a --- /dev/null +++ b/doc/functions/gnutls_x509_privkey_generate @@ -0,0 +1,37 @@ + + + + +@deftypefun {int} {gnutls_x509_privkey_generate} (gnutls_x509_privkey_t @var{key}, gnutls_pk_algorithm_t @var{algo}, unsigned int @var{bits}, unsigned int @var{flags}) +@var{key}: an initialized key + +@var{algo}: is one of the algorithms in @code{gnutls_pk_algorithm_t} . + +@var{bits}: the size of the parameters to generate + +@var{flags}: Must be zero or flags from @code{gnutls_privkey_flags_t} . + +This function will generate a random private key. Note that this +function must be called on an initialized private key. + +The flag @code{GNUTLS_PRIVKEY_FLAG_PROVABLE} +instructs the key generation process to use algorithms like Shawe-Taylor +(from FIPS PUB186-4) which generate provable parameters out of a seed +for RSA and DSA keys. See @code{gnutls_x509_privkey_generate2()} for more +information. + +Note that when generating an elliptic curve key, the curve +can be substituted in the place of the bits parameter using the +@code{GNUTLS_CURVE_TO_BITS()} macro. The input to the macro is any curve from +@code{gnutls_ecc_curve_t} . + +For DSA keys, if the subgroup size needs to be specified check +the @code{GNUTLS_SUBGROUP_TO_BITS()} macro. + +It is recommended to do not set the number of @code{bits} directly, use @code{gnutls_sec_param_to_pk_bits()} instead . + +See also @code{gnutls_privkey_generate()} , @code{gnutls_x509_privkey_generate2()} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_x509_privkey_generate.short b/doc/functions/gnutls_x509_privkey_generate.short new file mode 100644 index 0000000..d87db54 --- /dev/null +++ b/doc/functions/gnutls_x509_privkey_generate.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_privkey_generate} (gnutls_x509_privkey_t @var{key}, gnutls_pk_algorithm_t @var{algo}, unsigned int @var{bits}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_x509_privkey_generate2 b/doc/functions/gnutls_x509_privkey_generate2 new file mode 100644 index 0000000..d21f212 --- /dev/null +++ b/doc/functions/gnutls_x509_privkey_generate2 @@ -0,0 +1,48 @@ + + + + +@deftypefun {int} {gnutls_x509_privkey_generate2} (gnutls_x509_privkey_t @var{key}, gnutls_pk_algorithm_t @var{algo}, unsigned int @var{bits}, unsigned int @var{flags}, const gnutls_keygen_data_st * @var{data}, unsigned @var{data_size}) +@var{key}: a key + +@var{algo}: is one of the algorithms in @code{gnutls_pk_algorithm_t} . + +@var{bits}: the size of the modulus + +@var{flags}: Must be zero or flags from @code{gnutls_privkey_flags_t} . + +@var{data}: Allow specifying @code{gnutls_keygen_data_st} types such as the seed to be used. + +@var{data_size}: The number of @code{data} available. + +This function will generate a random private key. Note that this +function must be called on an initialized private key. + +The flag @code{GNUTLS_PRIVKEY_FLAG_PROVABLE} +instructs the key generation process to use algorithms like Shawe-Taylor +(from FIPS PUB186-4) which generate provable parameters out of a seed +for RSA and DSA keys. On DSA keys the PQG parameters are generated using the +seed, while on RSA the two primes. To specify an explicit seed +(by default a random seed is used), use the @code{data} with a @code{GNUTLS_KEYGEN_SEED} +type. + +Note that when generating an elliptic curve key, the curve +can be substituted in the place of the bits parameter using the +@code{GNUTLS_CURVE_TO_BITS()} macro. + +To export the generated keys in memory or in files it is recommended to use the +PKCS@code{8} form as it can handle all key types, and can store additional parameters +such as the seed, in case of provable RSA or DSA keys. +Generated keys can be exported in memory using @code{gnutls_privkey_export_x509()} , +and then with @code{gnutls_x509_privkey_export2_pkcs8()} . + +If key generation is part of your application, avoid setting the number +of bits directly, and instead use @code{gnutls_sec_param_to_pk_bits()} . +That way the generated keys will adapt to the security levels +of the underlying GnuTLS library. + +See also @code{gnutls_privkey_generate2()} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_x509_privkey_generate2.short b/doc/functions/gnutls_x509_privkey_generate2.short new file mode 100644 index 0000000..14012e9 --- /dev/null +++ b/doc/functions/gnutls_x509_privkey_generate2.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_privkey_generate2} (gnutls_x509_privkey_t @var{key}, gnutls_pk_algorithm_t @var{algo}, unsigned int @var{bits}, unsigned int @var{flags}, const gnutls_keygen_data_st * @var{data}, unsigned @var{data_size}) diff --git a/doc/functions/gnutls_x509_privkey_get_key_id b/doc/functions/gnutls_x509_privkey_get_key_id new file mode 100644 index 0000000..b09b3d4 --- /dev/null +++ b/doc/functions/gnutls_x509_privkey_get_key_id @@ -0,0 +1,26 @@ + + + + +@deftypefun {int} {gnutls_x509_privkey_get_key_id} (gnutls_x509_privkey_t @var{key}, unsigned int @var{flags}, unsigned char * @var{output_data}, size_t * @var{output_data_size}) +@var{key}: a key + +@var{flags}: should be one of the flags from @code{gnutls_keyid_flags_t} + +@var{output_data}: will contain the key ID + +@var{output_data_size}: holds the size of output_data (and will be +replaced by the actual size of parameters) + +This function will return a unique ID that depends on the public key +parameters. This ID can be used in checking whether a certificate +corresponds to the given key. + +If the buffer provided is not long enough to hold the output, then +* @code{output_data_size} is updated and @code{GNUTLS_E_SHORT_MEMORY_BUFFER} will +be returned. The output will normally be a SHA-1 hash output, +which is 20 bytes. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_x509_privkey_get_key_id.short b/doc/functions/gnutls_x509_privkey_get_key_id.short new file mode 100644 index 0000000..2945af4 --- /dev/null +++ b/doc/functions/gnutls_x509_privkey_get_key_id.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_privkey_get_key_id} (gnutls_x509_privkey_t @var{key}, unsigned int @var{flags}, unsigned char * @var{output_data}, size_t * @var{output_data_size}) diff --git a/doc/functions/gnutls_x509_privkey_get_pk_algorithm b/doc/functions/gnutls_x509_privkey_get_pk_algorithm new file mode 100644 index 0000000..ee56bfb --- /dev/null +++ b/doc/functions/gnutls_x509_privkey_get_pk_algorithm @@ -0,0 +1,13 @@ + + + + +@deftypefun {int} {gnutls_x509_privkey_get_pk_algorithm} (gnutls_x509_privkey_t @var{key}) +@var{key}: should contain a @code{gnutls_x509_privkey_t} type + +This function will return the public key algorithm of a private +key. + +@strong{Returns:} a member of the @code{gnutls_pk_algorithm_t} enumeration on +success, or a negative error code on error. +@end deftypefun diff --git a/doc/functions/gnutls_x509_privkey_get_pk_algorithm.short b/doc/functions/gnutls_x509_privkey_get_pk_algorithm.short new file mode 100644 index 0000000..b533f50 --- /dev/null +++ b/doc/functions/gnutls_x509_privkey_get_pk_algorithm.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_privkey_get_pk_algorithm} (gnutls_x509_privkey_t @var{key}) diff --git a/doc/functions/gnutls_x509_privkey_get_pk_algorithm2 b/doc/functions/gnutls_x509_privkey_get_pk_algorithm2 new file mode 100644 index 0000000..c2401b5 --- /dev/null +++ b/doc/functions/gnutls_x509_privkey_get_pk_algorithm2 @@ -0,0 +1,15 @@ + + + + +@deftypefun {int} {gnutls_x509_privkey_get_pk_algorithm2} (gnutls_x509_privkey_t @var{key}, unsigned int * @var{bits}) +@var{key}: should contain a @code{gnutls_x509_privkey_t} type + +@var{bits}: The number of bits in the public key algorithm + +This function will return the public key algorithm of a private +key. + +@strong{Returns:} a member of the @code{gnutls_pk_algorithm_t} enumeration on +success, or a negative error code on error. +@end deftypefun diff --git a/doc/functions/gnutls_x509_privkey_get_pk_algorithm2.short b/doc/functions/gnutls_x509_privkey_get_pk_algorithm2.short new file mode 100644 index 0000000..b1f233c --- /dev/null +++ b/doc/functions/gnutls_x509_privkey_get_pk_algorithm2.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_privkey_get_pk_algorithm2} (gnutls_x509_privkey_t @var{key}, unsigned int * @var{bits}) diff --git a/doc/functions/gnutls_x509_privkey_get_seed b/doc/functions/gnutls_x509_privkey_get_seed new file mode 100644 index 0000000..399f2bb --- /dev/null +++ b/doc/functions/gnutls_x509_privkey_get_seed @@ -0,0 +1,22 @@ + + + + +@deftypefun {int} {gnutls_x509_privkey_get_seed} (gnutls_x509_privkey_t @var{key}, gnutls_digest_algorithm_t * @var{digest}, void * @var{seed}, size_t * @var{seed_size}) +@var{key}: should contain a @code{gnutls_x509_privkey_t} type + +@var{digest}: if non-NULL it will contain the digest algorithm used for key generation (if applicable) + +@var{seed}: where seed will be copied to + +@var{seed_size}: originally holds the size of @code{seed} , will be updated with actual size + +This function will return the seed that was used to generate the +given private key. That function will succeed only if the key was generated +as a provable key. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.5.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_privkey_get_seed.short b/doc/functions/gnutls_x509_privkey_get_seed.short new file mode 100644 index 0000000..37d1276 --- /dev/null +++ b/doc/functions/gnutls_x509_privkey_get_seed.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_privkey_get_seed} (gnutls_x509_privkey_t @var{key}, gnutls_digest_algorithm_t * @var{digest}, void * @var{seed}, size_t * @var{seed_size}) diff --git a/doc/functions/gnutls_x509_privkey_get_spki b/doc/functions/gnutls_x509_privkey_get_spki new file mode 100644 index 0000000..fda7db9 --- /dev/null +++ b/doc/functions/gnutls_x509_privkey_get_spki @@ -0,0 +1,16 @@ + + + + +@deftypefun {int} {gnutls_x509_privkey_get_spki} (gnutls_x509_privkey_t @var{key}, gnutls_x509_spki_t @var{spki}, unsigned int @var{flags}) +@var{key}: should contain a @code{gnutls_x509_privkey_t} type + +@var{spki}: a SubjectPublicKeyInfo structure of type @code{gnutls_x509_spki_t} + +@var{flags}: must be zero + +This function will return the public key information of a private +key. The provided @code{spki} must be initialized. + +@strong{Returns:} Zero on success, or a negative error code on error. +@end deftypefun diff --git a/doc/functions/gnutls_x509_privkey_get_spki.short b/doc/functions/gnutls_x509_privkey_get_spki.short new file mode 100644 index 0000000..cc3fe57 --- /dev/null +++ b/doc/functions/gnutls_x509_privkey_get_spki.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_privkey_get_spki} (gnutls_x509_privkey_t @var{key}, gnutls_x509_spki_t @var{spki}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_x509_privkey_import b/doc/functions/gnutls_x509_privkey_import new file mode 100644 index 0000000..1893d8c --- /dev/null +++ b/doc/functions/gnutls_x509_privkey_import @@ -0,0 +1,22 @@ + + + + +@deftypefun {int} {gnutls_x509_privkey_import} (gnutls_x509_privkey_t @var{key}, const gnutls_datum_t * @var{data}, gnutls_x509_crt_fmt_t @var{format}) +@var{key}: The data to store the parsed key + +@var{data}: The DER or PEM encoded certificate. + +@var{format}: One of DER or PEM + +This function will convert the given DER or PEM encoded key to the +native @code{gnutls_x509_privkey_t} format. The output will be stored in + @code{key} . + +If the key is PEM encoded it should have a header that contains "PRIVATE +KEY". Note that this function falls back to PKCS @code{8} decoding without +password, if the default format fails to import. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_x509_privkey_import.short b/doc/functions/gnutls_x509_privkey_import.short new file mode 100644 index 0000000..3d67157 --- /dev/null +++ b/doc/functions/gnutls_x509_privkey_import.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_privkey_import} (gnutls_x509_privkey_t @var{key}, const gnutls_datum_t * @var{data}, gnutls_x509_crt_fmt_t @var{format}) diff --git a/doc/functions/gnutls_x509_privkey_import2 b/doc/functions/gnutls_x509_privkey_import2 new file mode 100644 index 0000000..a9d8f83 --- /dev/null +++ b/doc/functions/gnutls_x509_privkey_import2 @@ -0,0 +1,29 @@ + + + + +@deftypefun {int} {gnutls_x509_privkey_import2} (gnutls_x509_privkey_t @var{key}, const gnutls_datum_t * @var{data}, gnutls_x509_crt_fmt_t @var{format}, const char * @var{password}, unsigned int @var{flags}) +@var{key}: The data to store the parsed key + +@var{data}: The DER or PEM encoded key. + +@var{format}: One of DER or PEM + +@var{password}: A password (optional) + +@var{flags}: an ORed sequence of gnutls_pkcs_encrypt_flags_t + +This function will import the given DER or PEM encoded key, to +the native @code{gnutls_x509_privkey_t} format, irrespective of the +input format. The input format is auto-detected. + +The supported formats are basic unencrypted key, PKCS8, PKCS12, +and the openssl format. + +If the provided key is encrypted but no password was given, then +@code{GNUTLS_E_DECRYPTION_FAILED} is returned. Since GnuTLS 3.4.0 this +function will utilize the PIN callbacks if any. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_x509_privkey_import2.short b/doc/functions/gnutls_x509_privkey_import2.short new file mode 100644 index 0000000..7b8c807 --- /dev/null +++ b/doc/functions/gnutls_x509_privkey_import2.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_privkey_import2} (gnutls_x509_privkey_t @var{key}, const gnutls_datum_t * @var{data}, gnutls_x509_crt_fmt_t @var{format}, const char * @var{password}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_x509_privkey_import_dsa_raw b/doc/functions/gnutls_x509_privkey_import_dsa_raw new file mode 100644 index 0000000..b1ce659 --- /dev/null +++ b/doc/functions/gnutls_x509_privkey_import_dsa_raw @@ -0,0 +1,24 @@ + + + + +@deftypefun {int} {gnutls_x509_privkey_import_dsa_raw} (gnutls_x509_privkey_t @var{key}, const gnutls_datum_t * @var{p}, const gnutls_datum_t * @var{q}, const gnutls_datum_t * @var{g}, const gnutls_datum_t * @var{y}, const gnutls_datum_t * @var{x}) +@var{key}: The data to store the parsed key + +@var{p}: holds the p + +@var{q}: holds the q + +@var{g}: holds the g + +@var{y}: holds the y + +@var{x}: holds the x + +This function will convert the given DSA raw parameters to the +native @code{gnutls_x509_privkey_t} format. The output will be stored +in @code{key} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_x509_privkey_import_dsa_raw.short b/doc/functions/gnutls_x509_privkey_import_dsa_raw.short new file mode 100644 index 0000000..34adb13 --- /dev/null +++ b/doc/functions/gnutls_x509_privkey_import_dsa_raw.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_privkey_import_dsa_raw} (gnutls_x509_privkey_t @var{key}, const gnutls_datum_t * @var{p}, const gnutls_datum_t * @var{q}, const gnutls_datum_t * @var{g}, const gnutls_datum_t * @var{y}, const gnutls_datum_t * @var{x}) diff --git a/doc/functions/gnutls_x509_privkey_import_ecc_raw b/doc/functions/gnutls_x509_privkey_import_ecc_raw new file mode 100644 index 0000000..78ddb9d --- /dev/null +++ b/doc/functions/gnutls_x509_privkey_import_ecc_raw @@ -0,0 +1,25 @@ + + + + +@deftypefun {int} {gnutls_x509_privkey_import_ecc_raw} (gnutls_x509_privkey_t @var{key}, gnutls_ecc_curve_t @var{curve}, const gnutls_datum_t * @var{x}, const gnutls_datum_t * @var{y}, const gnutls_datum_t * @var{k}) +@var{key}: The data to store the parsed key + +@var{curve}: holds the curve + +@var{x}: holds the x-coordinate + +@var{y}: holds the y-coordinate + +@var{k}: holds the k + +This function will convert the given elliptic curve parameters to the +native @code{gnutls_x509_privkey_t} format. The output will be stored +in @code{key} . For EdDSA keys, the @code{x} and @code{k} values must be in the +native to curve format. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_privkey_import_ecc_raw.short b/doc/functions/gnutls_x509_privkey_import_ecc_raw.short new file mode 100644 index 0000000..974d7b1 --- /dev/null +++ b/doc/functions/gnutls_x509_privkey_import_ecc_raw.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_privkey_import_ecc_raw} (gnutls_x509_privkey_t @var{key}, gnutls_ecc_curve_t @var{curve}, const gnutls_datum_t * @var{x}, const gnutls_datum_t * @var{y}, const gnutls_datum_t * @var{k}) diff --git a/doc/functions/gnutls_x509_privkey_import_gost_raw b/doc/functions/gnutls_x509_privkey_import_gost_raw new file mode 100644 index 0000000..29cdeb4 --- /dev/null +++ b/doc/functions/gnutls_x509_privkey_import_gost_raw @@ -0,0 +1,34 @@ + + + + +@deftypefun {int} {gnutls_x509_privkey_import_gost_raw} (gnutls_x509_privkey_t @var{key}, gnutls_ecc_curve_t @var{curve}, gnutls_digest_algorithm_t @var{digest}, gnutls_gost_paramset_t @var{paramset}, const gnutls_datum_t * @var{x}, const gnutls_datum_t * @var{y}, const gnutls_datum_t * @var{k}) +@var{key}: The data to store the parsed key + +@var{curve}: holds the curve + +@var{digest}: will hold the digest + +@var{paramset}: will hold the GOST parameter set ID + +@var{x}: holds the x-coordinate + +@var{y}: holds the y-coordinate + +@var{k}: holds the k (private key) + +This function will convert the given GOST private key's parameters to the +native @code{gnutls_x509_privkey_t} format. The output will be stored +in @code{key} . @code{digest} should be one of GNUTLS_DIG_GOSR_94, +GNUTLS_DIG_STREEBOG_256 or GNUTLS_DIG_STREEBOG_512. If @code{paramset} is set to +GNUTLS_GOST_PARAMSET_UNKNOWN default one will be selected depending on + @code{digest} . + +@strong{Note:} parameters should be stored with least significant byte first. On +version 3.6.3 big-endian format was used incorrectly. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.6.3 +@end deftypefun diff --git a/doc/functions/gnutls_x509_privkey_import_gost_raw.short b/doc/functions/gnutls_x509_privkey_import_gost_raw.short new file mode 100644 index 0000000..17e57da --- /dev/null +++ b/doc/functions/gnutls_x509_privkey_import_gost_raw.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_privkey_import_gost_raw} (gnutls_x509_privkey_t @var{key}, gnutls_ecc_curve_t @var{curve}, gnutls_digest_algorithm_t @var{digest}, gnutls_gost_paramset_t @var{paramset}, const gnutls_datum_t * @var{x}, const gnutls_datum_t * @var{y}, const gnutls_datum_t * @var{k}) diff --git a/doc/functions/gnutls_x509_privkey_import_openssl b/doc/functions/gnutls_x509_privkey_import_openssl new file mode 100644 index 0000000..53dd7fd --- /dev/null +++ b/doc/functions/gnutls_x509_privkey_import_openssl @@ -0,0 +1,24 @@ + + + + +@deftypefun {int} {gnutls_x509_privkey_import_openssl} (gnutls_x509_privkey_t @var{key}, const gnutls_datum_t * @var{data}, const char * @var{password}) +@var{key}: The data to store the parsed key + +@var{data}: The DER or PEM encoded key. + +@var{password}: the password to decrypt the key (if it is encrypted). + +This function will convert the given PEM encrypted to +the native gnutls_x509_privkey_t format. The +output will be stored in @code{key} . + +The @code{password} should be in ASCII. If the password is not provided +or wrong then @code{GNUTLS_E_DECRYPTION_FAILED} will be returned. + +If the Certificate is PEM encoded it should have a header of +"PRIVATE KEY" and the "DEK-Info" header. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_x509_privkey_import_openssl.short b/doc/functions/gnutls_x509_privkey_import_openssl.short new file mode 100644 index 0000000..676704d --- /dev/null +++ b/doc/functions/gnutls_x509_privkey_import_openssl.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_privkey_import_openssl} (gnutls_x509_privkey_t @var{key}, const gnutls_datum_t * @var{data}, const char * @var{password}) diff --git a/doc/functions/gnutls_x509_privkey_import_pkcs8 b/doc/functions/gnutls_x509_privkey_import_pkcs8 new file mode 100644 index 0000000..f64fd99 --- /dev/null +++ b/doc/functions/gnutls_x509_privkey_import_pkcs8 @@ -0,0 +1,35 @@ + + + + +@deftypefun {int} {gnutls_x509_privkey_import_pkcs8} (gnutls_x509_privkey_t @var{key}, const gnutls_datum_t * @var{data}, gnutls_x509_crt_fmt_t @var{format}, const char * @var{password}, unsigned int @var{flags}) +@var{key}: The data to store the parsed key + +@var{data}: The DER or PEM encoded key. + +@var{format}: One of DER or PEM + +@var{password}: the password to decrypt the key (if it is encrypted). + +@var{flags}: 0 if encrypted or GNUTLS_PKCS_PLAIN if not encrypted. + +This function will convert the given DER or PEM encoded PKCS8 2.0 +encrypted key to the native gnutls_x509_privkey_t format. The +output will be stored in @code{key} . Both RSA and DSA keys can be +imported, and flags can only be used to indicate an unencrypted +key. + +The @code{password} can be either ASCII or UTF-8 in the default PBES2 +encryption schemas, or ASCII for the PKCS12 schemas. + +If the Certificate is PEM encoded it should have a header of +"ENCRYPTED PRIVATE KEY", or "PRIVATE KEY". You only need to +specify the flags if the key is DER encoded, since in that case +the encryption status cannot be auto-detected. + +If the @code{GNUTLS_PKCS_PLAIN} flag is specified and the supplied data +are encrypted then @code{GNUTLS_E_DECRYPTION_FAILED} is returned. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_x509_privkey_import_pkcs8.short b/doc/functions/gnutls_x509_privkey_import_pkcs8.short new file mode 100644 index 0000000..0efb719 --- /dev/null +++ b/doc/functions/gnutls_x509_privkey_import_pkcs8.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_privkey_import_pkcs8} (gnutls_x509_privkey_t @var{key}, const gnutls_datum_t * @var{data}, gnutls_x509_crt_fmt_t @var{format}, const char * @var{password}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_x509_privkey_import_rsa_raw b/doc/functions/gnutls_x509_privkey_import_rsa_raw new file mode 100644 index 0000000..7d2af3e --- /dev/null +++ b/doc/functions/gnutls_x509_privkey_import_rsa_raw @@ -0,0 +1,26 @@ + + + + +@deftypefun {int} {gnutls_x509_privkey_import_rsa_raw} (gnutls_x509_privkey_t @var{key}, const gnutls_datum_t * @var{m}, const gnutls_datum_t * @var{e}, const gnutls_datum_t * @var{d}, const gnutls_datum_t * @var{p}, const gnutls_datum_t * @var{q}, const gnutls_datum_t * @var{u}) +@var{key}: The data to store the parsed key + +@var{m}: holds the modulus + +@var{e}: holds the public exponent + +@var{d}: holds the private exponent + +@var{p}: holds the first prime (p) + +@var{q}: holds the second prime (q) + +@var{u}: holds the coefficient + +This function will convert the given RSA raw parameters to the +native @code{gnutls_x509_privkey_t} format. The output will be stored in + @code{key} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_x509_privkey_import_rsa_raw.short b/doc/functions/gnutls_x509_privkey_import_rsa_raw.short new file mode 100644 index 0000000..b5c295c --- /dev/null +++ b/doc/functions/gnutls_x509_privkey_import_rsa_raw.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_privkey_import_rsa_raw} (gnutls_x509_privkey_t @var{key}, const gnutls_datum_t * @var{m}, const gnutls_datum_t * @var{e}, const gnutls_datum_t * @var{d}, const gnutls_datum_t * @var{p}, const gnutls_datum_t * @var{q}, const gnutls_datum_t * @var{u}) diff --git a/doc/functions/gnutls_x509_privkey_import_rsa_raw2 b/doc/functions/gnutls_x509_privkey_import_rsa_raw2 new file mode 100644 index 0000000..243a15b --- /dev/null +++ b/doc/functions/gnutls_x509_privkey_import_rsa_raw2 @@ -0,0 +1,30 @@ + + + + +@deftypefun {int} {gnutls_x509_privkey_import_rsa_raw2} (gnutls_x509_privkey_t @var{key}, const gnutls_datum_t * @var{m}, const gnutls_datum_t * @var{e}, const gnutls_datum_t * @var{d}, const gnutls_datum_t * @var{p}, const gnutls_datum_t * @var{q}, const gnutls_datum_t * @var{u}, const gnutls_datum_t * @var{e1}, const gnutls_datum_t * @var{e2}) +@var{key}: The data to store the parsed key + +@var{m}: holds the modulus + +@var{e}: holds the public exponent + +@var{d}: holds the private exponent + +@var{p}: holds the first prime (p) + +@var{q}: holds the second prime (q) + +@var{u}: holds the coefficient (optional) + +@var{e1}: holds e1 = d mod (p-1) (optional) + +@var{e2}: holds e2 = d mod (q-1) (optional) + +This function will convert the given RSA raw parameters to the +native @code{gnutls_x509_privkey_t} format. The output will be stored in + @code{key} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_x509_privkey_import_rsa_raw2.short b/doc/functions/gnutls_x509_privkey_import_rsa_raw2.short new file mode 100644 index 0000000..eada8e2 --- /dev/null +++ b/doc/functions/gnutls_x509_privkey_import_rsa_raw2.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_privkey_import_rsa_raw2} (gnutls_x509_privkey_t @var{key}, const gnutls_datum_t * @var{m}, const gnutls_datum_t * @var{e}, const gnutls_datum_t * @var{d}, const gnutls_datum_t * @var{p}, const gnutls_datum_t * @var{q}, const gnutls_datum_t * @var{u}, const gnutls_datum_t * @var{e1}, const gnutls_datum_t * @var{e2}) diff --git a/doc/functions/gnutls_x509_privkey_init b/doc/functions/gnutls_x509_privkey_init new file mode 100644 index 0000000..bd63c46 --- /dev/null +++ b/doc/functions/gnutls_x509_privkey_init @@ -0,0 +1,12 @@ + + + + +@deftypefun {int} {gnutls_x509_privkey_init} (gnutls_x509_privkey_t * @var{key}) +@var{key}: A pointer to the type to be initialized + +This function will initialize a private key type. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_x509_privkey_init.short b/doc/functions/gnutls_x509_privkey_init.short new file mode 100644 index 0000000..20057e8 --- /dev/null +++ b/doc/functions/gnutls_x509_privkey_init.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_privkey_init} (gnutls_x509_privkey_t * @var{key}) diff --git a/doc/functions/gnutls_x509_privkey_sec_param b/doc/functions/gnutls_x509_privkey_sec_param new file mode 100644 index 0000000..05a3fa6 --- /dev/null +++ b/doc/functions/gnutls_x509_privkey_sec_param @@ -0,0 +1,15 @@ + + + + +@deftypefun {gnutls_sec_param_t} {gnutls_x509_privkey_sec_param} (gnutls_x509_privkey_t @var{key}) +@var{key}: a key + +This function will return the security parameter appropriate with +this private key. + +@strong{Returns:} On success, a valid security parameter is returned otherwise +@code{GNUTLS_SEC_PARAM_UNKNOWN} is returned. + +@strong{Since:} 2.12.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_privkey_sec_param.short b/doc/functions/gnutls_x509_privkey_sec_param.short new file mode 100644 index 0000000..22a48f5 --- /dev/null +++ b/doc/functions/gnutls_x509_privkey_sec_param.short @@ -0,0 +1 @@ +@item @var{gnutls_sec_param_t} @ref{gnutls_x509_privkey_sec_param} (gnutls_x509_privkey_t @var{key}) diff --git a/doc/functions/gnutls_x509_privkey_set_flags b/doc/functions/gnutls_x509_privkey_set_flags new file mode 100644 index 0000000..2ef3f54 --- /dev/null +++ b/doc/functions/gnutls_x509_privkey_set_flags @@ -0,0 +1,15 @@ + + + + +@deftypefun {void} {gnutls_x509_privkey_set_flags} (gnutls_x509_privkey_t @var{key}, unsigned int @var{flags}) +@var{key}: A key of type @code{gnutls_x509_privkey_t} + +@var{flags}: flags from the @code{gnutls_privkey_flags} + +This function will set flags for the specified private key, after +it is generated. Currently this is useful for the @code{GNUTLS_PRIVKEY_FLAG_EXPORT_COMPAT} +to allow exporting a "provable" private key in backwards compatible way. + +@strong{Since:} 3.5.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_privkey_set_flags.short b/doc/functions/gnutls_x509_privkey_set_flags.short new file mode 100644 index 0000000..8b83894 --- /dev/null +++ b/doc/functions/gnutls_x509_privkey_set_flags.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_x509_privkey_set_flags} (gnutls_x509_privkey_t @var{key}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_x509_privkey_set_pin_function b/doc/functions/gnutls_x509_privkey_set_pin_function new file mode 100644 index 0000000..24f4734 --- /dev/null +++ b/doc/functions/gnutls_x509_privkey_set_pin_function @@ -0,0 +1,19 @@ + + + + +@deftypefun {void} {gnutls_x509_privkey_set_pin_function} (gnutls_x509_privkey_t @var{privkey}, gnutls_pin_callback_t @var{fn}, void * @var{userdata}) +@var{privkey}: The certificate structure + +@var{fn}: the callback + +@var{userdata}: data associated with the callback + +This function will set a callback function to be used when +it is required to access a protected object. This function overrides +the global function set using @code{gnutls_pkcs11_set_pin_function()} . + +Note that this callback is used when decrypting a key. + +@strong{Since:} 3.4.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_privkey_set_pin_function.short b/doc/functions/gnutls_x509_privkey_set_pin_function.short new file mode 100644 index 0000000..eb34433 --- /dev/null +++ b/doc/functions/gnutls_x509_privkey_set_pin_function.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_x509_privkey_set_pin_function} (gnutls_x509_privkey_t @var{privkey}, gnutls_pin_callback_t @var{fn}, void * @var{userdata}) diff --git a/doc/functions/gnutls_x509_privkey_set_spki b/doc/functions/gnutls_x509_privkey_set_spki new file mode 100644 index 0000000..9b9d8fd --- /dev/null +++ b/doc/functions/gnutls_x509_privkey_set_spki @@ -0,0 +1,16 @@ + + + + +@deftypefun {int} {gnutls_x509_privkey_set_spki} (gnutls_x509_privkey_t @var{key}, const gnutls_x509_spki_t @var{spki}, unsigned int @var{flags}) +@var{key}: should contain a @code{gnutls_x509_privkey_t} type + +@var{spki}: a SubjectPublicKeyInfo structure of type @code{gnutls_x509_spki_t} + +@var{flags}: must be zero + +This function will return the public key information of a private +key. The provided @code{spki} must be initialized. + +@strong{Returns:} Zero on success, or a negative error code on error. +@end deftypefun diff --git a/doc/functions/gnutls_x509_privkey_set_spki.short b/doc/functions/gnutls_x509_privkey_set_spki.short new file mode 100644 index 0000000..1377b29 --- /dev/null +++ b/doc/functions/gnutls_x509_privkey_set_spki.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_privkey_set_spki} (gnutls_x509_privkey_t @var{key}, const gnutls_x509_spki_t @var{spki}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_x509_privkey_sign_data b/doc/functions/gnutls_x509_privkey_sign_data new file mode 100644 index 0000000..a0f4ead --- /dev/null +++ b/doc/functions/gnutls_x509_privkey_sign_data @@ -0,0 +1,33 @@ + + + + +@deftypefun {int} {gnutls_x509_privkey_sign_data} (gnutls_x509_privkey_t @var{key}, gnutls_digest_algorithm_t @var{digest}, unsigned int @var{flags}, const gnutls_datum_t * @var{data}, void * @var{signature}, size_t * @var{signature_size}) +@var{key}: a key + +@var{digest}: should be a digest algorithm + +@var{flags}: should be 0 for now + +@var{data}: holds the data to be signed + +@var{signature}: will contain the signature + +@var{signature_size}: holds the size of signature (and will be replaced +by the new size) + +This function will sign the given data using a signature algorithm +supported by the private key. Signature algorithms are always used +together with a hash functions. Different hash functions may be +used for the RSA algorithm, but only SHA-1 for the DSA keys. + +If the buffer provided is not long enough to hold the output, then +* @code{signature_size} is updated and @code{GNUTLS_E_SHORT_MEMORY_BUFFER} will +be returned. + +Use @code{gnutls_x509_crt_get_preferred_hash_algorithm()} to determine +the hash algorithm. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_x509_privkey_sign_data.short b/doc/functions/gnutls_x509_privkey_sign_data.short new file mode 100644 index 0000000..20bf56f --- /dev/null +++ b/doc/functions/gnutls_x509_privkey_sign_data.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_privkey_sign_data} (gnutls_x509_privkey_t @var{key}, gnutls_digest_algorithm_t @var{digest}, unsigned int @var{flags}, const gnutls_datum_t * @var{data}, void * @var{signature}, size_t * @var{signature_size}) diff --git a/doc/functions/gnutls_x509_privkey_sign_hash b/doc/functions/gnutls_x509_privkey_sign_hash new file mode 100644 index 0000000..397d1c4 --- /dev/null +++ b/doc/functions/gnutls_x509_privkey_sign_hash @@ -0,0 +1,25 @@ + + + + +@deftypefun {int} {gnutls_x509_privkey_sign_hash} (gnutls_x509_privkey_t @var{key}, const gnutls_datum_t * @var{hash}, gnutls_datum_t * @var{signature}) +@var{key}: a key + +@var{hash}: holds the data to be signed + +@var{signature}: will contain newly allocated signature + +This function will sign the given hash using the private key. Do not +use this function directly unless you know what it is. Typical signing +requires the data to be hashed and stored in special formats +(e.g. BER Digest-Info for RSA). + +This API is provided only for backwards compatibility, and thus +restricted to RSA, DSA and ECDSA key types. For other key types please +use @code{gnutls_privkey_sign_hash()} and @code{gnutls_privkey_sign_data()} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +Deprecated in: 2.12.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_privkey_sign_hash.short b/doc/functions/gnutls_x509_privkey_sign_hash.short new file mode 100644 index 0000000..e754f45 --- /dev/null +++ b/doc/functions/gnutls_x509_privkey_sign_hash.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_privkey_sign_hash} (gnutls_x509_privkey_t @var{key}, const gnutls_datum_t * @var{hash}, gnutls_datum_t * @var{signature}) diff --git a/doc/functions/gnutls_x509_privkey_verify_params b/doc/functions/gnutls_x509_privkey_verify_params new file mode 100644 index 0000000..a44e6ba --- /dev/null +++ b/doc/functions/gnutls_x509_privkey_verify_params @@ -0,0 +1,12 @@ + + + + +@deftypefun {int} {gnutls_x509_privkey_verify_params} (gnutls_x509_privkey_t @var{key}) +@var{key}: a key + +This function will verify the private key parameters. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_x509_privkey_verify_params.short b/doc/functions/gnutls_x509_privkey_verify_params.short new file mode 100644 index 0000000..09a6d68 --- /dev/null +++ b/doc/functions/gnutls_x509_privkey_verify_params.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_privkey_verify_params} (gnutls_x509_privkey_t @var{key}) diff --git a/doc/functions/gnutls_x509_privkey_verify_seed b/doc/functions/gnutls_x509_privkey_verify_seed new file mode 100644 index 0000000..a13d9b1 --- /dev/null +++ b/doc/functions/gnutls_x509_privkey_verify_seed @@ -0,0 +1,22 @@ + + + + +@deftypefun {int} {gnutls_x509_privkey_verify_seed} (gnutls_x509_privkey_t @var{key}, gnutls_digest_algorithm_t @var{digest}, const void * @var{seed}, size_t @var{seed_size}) +@var{key}: should contain a @code{gnutls_x509_privkey_t} type + +@var{digest}: it contains the digest algorithm used for key generation (if applicable) + +@var{seed}: the seed of the key to be checked with + +@var{seed_size}: holds the size of @code{seed} + +This function will verify that the given private key was generated from +the provided seed. If @code{seed} is @code{NULL} then the seed stored in the @code{key} 's structure +will be used for verification. + +@strong{Returns:} In case of a verification failure @code{GNUTLS_E_PRIVKEY_VERIFICATION_ERROR} +is returned, and zero or positive code on success. + +@strong{Since:} 3.5.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_privkey_verify_seed.short b/doc/functions/gnutls_x509_privkey_verify_seed.short new file mode 100644 index 0000000..08157af --- /dev/null +++ b/doc/functions/gnutls_x509_privkey_verify_seed.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_privkey_verify_seed} (gnutls_x509_privkey_t @var{key}, gnutls_digest_algorithm_t @var{digest}, const void * @var{seed}, size_t @var{seed_size}) diff --git a/doc/functions/gnutls_x509_rdn_get b/doc/functions/gnutls_x509_rdn_get new file mode 100644 index 0000000..d466a6c --- /dev/null +++ b/doc/functions/gnutls_x509_rdn_get @@ -0,0 +1,23 @@ + + + + +@deftypefun {int} {gnutls_x509_rdn_get} (const gnutls_datum_t * @var{idn}, char * @var{buf}, size_t * @var{buf_size}) +@var{idn}: should contain a DER encoded RDN sequence + +@var{buf}: a pointer to a structure to hold the peer's name + +@var{buf_size}: holds the size of @code{buf} + +This function will return the name of the given RDN sequence. The +name will be in the form "C=xxxx,O=yyyy,CN=zzzz" as described in +RFC4514. + +This function does not output a fully RFC4514 compliant string, if +that is required see @code{gnutls_x509_rdn_get2()} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, or +@code{GNUTLS_E_SHORT_MEMORY_BUFFER} is returned and * @code{buf_size} is +updated if the provided buffer is not long enough, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_x509_rdn_get.short b/doc/functions/gnutls_x509_rdn_get.short new file mode 100644 index 0000000..6fee6ed --- /dev/null +++ b/doc/functions/gnutls_x509_rdn_get.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_rdn_get} (const gnutls_datum_t * @var{idn}, char * @var{buf}, size_t * @var{buf_size}) diff --git a/doc/functions/gnutls_x509_rdn_get2 b/doc/functions/gnutls_x509_rdn_get2 new file mode 100644 index 0000000..4100c3d --- /dev/null +++ b/doc/functions/gnutls_x509_rdn_get2 @@ -0,0 +1,24 @@ + + + + +@deftypefun {int} {gnutls_x509_rdn_get2} (const gnutls_datum_t * @var{idn}, gnutls_datum_t * @var{str}, unsigned @var{flags}) +@var{idn}: should contain a DER encoded RDN sequence + +@var{str}: a datum that will hold the name + +@var{flags}: zero of @code{GNUTLS_X509_DN_FLAG_COMPAT} + +This function will return the name of the given RDN sequence. The +name will be in the form "C=xxxx,O=yyyy,CN=zzzz" as described in +RFC4514. + +When the flag @code{GNUTLS_X509_DN_FLAG_COMPAT} is specified, the output +format will match the format output by previous to 3.5.6 versions of GnuTLS +which was not not fully RFC4514-compliant. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, or +@code{GNUTLS_E_SHORT_MEMORY_BUFFER} is returned and * @code{buf_size} is +updated if the provided buffer is not long enough, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_x509_rdn_get2.short b/doc/functions/gnutls_x509_rdn_get2.short new file mode 100644 index 0000000..e6a8333 --- /dev/null +++ b/doc/functions/gnutls_x509_rdn_get2.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_rdn_get2} (const gnutls_datum_t * @var{idn}, gnutls_datum_t * @var{str}, unsigned @var{flags}) diff --git a/doc/functions/gnutls_x509_rdn_get_by_oid b/doc/functions/gnutls_x509_rdn_get_by_oid new file mode 100644 index 0000000..bbeb71d --- /dev/null +++ b/doc/functions/gnutls_x509_rdn_get_by_oid @@ -0,0 +1,27 @@ + + + + +@deftypefun {int} {gnutls_x509_rdn_get_by_oid} (const gnutls_datum_t * @var{idn}, const char * @var{oid}, unsigned @var{indx}, unsigned int @var{raw_flag}, void * @var{buf}, size_t * @var{buf_size}) +@var{idn}: should contain a DER encoded RDN sequence + +@var{oid}: an Object Identifier + +@var{indx}: In case multiple same OIDs exist in the RDN indicates which +to send. Use 0 for the first one. + +@var{raw_flag}: If non-zero then the raw DER data are returned. + +@var{buf}: a pointer to a structure to hold the peer's name + +@var{buf_size}: holds the size of @code{buf} + +This function will return the name of the given Object identifier, +of the RDN sequence. The name will be encoded using the rules +from RFC4514. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, or +@code{GNUTLS_E_SHORT_MEMORY_BUFFER} is returned and * @code{buf_size} is +updated if the provided buffer is not long enough, otherwise a +negative error value. +@end deftypefun diff --git a/doc/functions/gnutls_x509_rdn_get_by_oid.short b/doc/functions/gnutls_x509_rdn_get_by_oid.short new file mode 100644 index 0000000..52e9c6e --- /dev/null +++ b/doc/functions/gnutls_x509_rdn_get_by_oid.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_rdn_get_by_oid} (const gnutls_datum_t * @var{idn}, const char * @var{oid}, unsigned @var{indx}, unsigned int @var{raw_flag}, void * @var{buf}, size_t * @var{buf_size}) diff --git a/doc/functions/gnutls_x509_rdn_get_oid b/doc/functions/gnutls_x509_rdn_get_oid new file mode 100644 index 0000000..440ccf3 --- /dev/null +++ b/doc/functions/gnutls_x509_rdn_get_oid @@ -0,0 +1,23 @@ + + + + +@deftypefun {int} {gnutls_x509_rdn_get_oid} (const gnutls_datum_t * @var{idn}, unsigned @var{indx}, void * @var{buf}, size_t * @var{buf_size}) +@var{idn}: should contain a DER encoded RDN sequence + +@var{indx}: Indicates which OID to return. Use 0 for the first one. + +@var{buf}: a pointer to a structure to hold the peer's name OID + +@var{buf_size}: holds the size of @code{buf} + +This function will return the specified Object identifier, of the +RDN sequence. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, or +@code{GNUTLS_E_SHORT_MEMORY_BUFFER} is returned and * @code{buf_size} is +updated if the provided buffer is not long enough, otherwise a +negative error value. + +@strong{Since:} 2.4.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_rdn_get_oid.short b/doc/functions/gnutls_x509_rdn_get_oid.short new file mode 100644 index 0000000..3d8cbd0 --- /dev/null +++ b/doc/functions/gnutls_x509_rdn_get_oid.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_rdn_get_oid} (const gnutls_datum_t * @var{idn}, unsigned @var{indx}, void * @var{buf}, size_t * @var{buf_size}) diff --git a/doc/functions/gnutls_x509_spki_deinit b/doc/functions/gnutls_x509_spki_deinit new file mode 100644 index 0000000..08f4660 --- /dev/null +++ b/doc/functions/gnutls_x509_spki_deinit @@ -0,0 +1,11 @@ + + + + +@deftypefun {void} {gnutls_x509_spki_deinit} (gnutls_x509_spki_t @var{spki}) +@var{spki}: the SubjectPublicKeyInfo structure + +This function will deinitialize a SubjectPublicKeyInfo structure. + +@strong{Since:} 3.6.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_spki_deinit.short b/doc/functions/gnutls_x509_spki_deinit.short new file mode 100644 index 0000000..f3b9b52 --- /dev/null +++ b/doc/functions/gnutls_x509_spki_deinit.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_x509_spki_deinit} (gnutls_x509_spki_t @var{spki}) diff --git a/doc/functions/gnutls_x509_spki_get_rsa_pss_params b/doc/functions/gnutls_x509_spki_get_rsa_pss_params new file mode 100644 index 0000000..68ef4da --- /dev/null +++ b/doc/functions/gnutls_x509_spki_get_rsa_pss_params @@ -0,0 +1,19 @@ + + + + +@deftypefun {int} {gnutls_x509_spki_get_rsa_pss_params} (gnutls_x509_spki_t @var{spki}, gnutls_digest_algorithm_t * @var{dig}, unsigned int * @var{salt_size}) +@var{spki}: the SubjectPublicKeyInfo structure + +@var{dig}: if non-NULL, it will hold the digest algorithm + +@var{salt_size}: if non-NULL, it will hold the salt size + +This function will get the public key algorithm parameters +of RSA-PSS type. + +@strong{Returns:} zero if the parameters are present or a negative +value on error. + +@strong{Since:} 3.6.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_spki_get_rsa_pss_params.short b/doc/functions/gnutls_x509_spki_get_rsa_pss_params.short new file mode 100644 index 0000000..b674869 --- /dev/null +++ b/doc/functions/gnutls_x509_spki_get_rsa_pss_params.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_spki_get_rsa_pss_params} (gnutls_x509_spki_t @var{spki}, gnutls_digest_algorithm_t * @var{dig}, unsigned int * @var{salt_size}) diff --git a/doc/functions/gnutls_x509_spki_init b/doc/functions/gnutls_x509_spki_init new file mode 100644 index 0000000..baf0d3b --- /dev/null +++ b/doc/functions/gnutls_x509_spki_init @@ -0,0 +1,16 @@ + + + + +@deftypefun {int} {gnutls_x509_spki_init} (gnutls_x509_spki_t * @var{spki}) +@var{spki}: A pointer to the type to be initialized + +This function will initialize a SubjectPublicKeyInfo structure used +in PKIX. The structure is used to set additional parameters +in the public key information field of a certificate. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.6.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_spki_init.short b/doc/functions/gnutls_x509_spki_init.short new file mode 100644 index 0000000..d6688c7 --- /dev/null +++ b/doc/functions/gnutls_x509_spki_init.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_spki_init} (gnutls_x509_spki_t * @var{spki}) diff --git a/doc/functions/gnutls_x509_spki_set_rsa_pss_params b/doc/functions/gnutls_x509_spki_set_rsa_pss_params new file mode 100644 index 0000000..dc0d429 --- /dev/null +++ b/doc/functions/gnutls_x509_spki_set_rsa_pss_params @@ -0,0 +1,16 @@ + + + + +@deftypefun {void} {gnutls_x509_spki_set_rsa_pss_params} (gnutls_x509_spki_t @var{spki}, gnutls_digest_algorithm_t @var{dig}, unsigned int @var{salt_size}) +@var{spki}: the SubjectPublicKeyInfo structure + +@var{dig}: a digest algorithm of type @code{gnutls_digest_algorithm_t} + +@var{salt_size}: the size of salt string + +This function will set the public key parameters for +an RSA-PSS algorithm, in the SubjectPublicKeyInfo structure. + +@strong{Since:} 3.6.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_spki_set_rsa_pss_params.short b/doc/functions/gnutls_x509_spki_set_rsa_pss_params.short new file mode 100644 index 0000000..493a30a --- /dev/null +++ b/doc/functions/gnutls_x509_spki_set_rsa_pss_params.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_x509_spki_set_rsa_pss_params} (gnutls_x509_spki_t @var{spki}, gnutls_digest_algorithm_t @var{dig}, unsigned int @var{salt_size}) diff --git a/doc/functions/gnutls_x509_tlsfeatures_add b/doc/functions/gnutls_x509_tlsfeatures_add new file mode 100644 index 0000000..bcd2b85 --- /dev/null +++ b/doc/functions/gnutls_x509_tlsfeatures_add @@ -0,0 +1,17 @@ + + + + +@deftypefun {int} {gnutls_x509_tlsfeatures_add} (gnutls_x509_tlsfeatures_t @var{f}, unsigned int @var{feature}) +@var{f}: The TLS features + +@var{feature}: The feature to add + +This function will append a feature to the X.509 TLS features +extension structure. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, +otherwise a negative error value. + +@strong{Since:} 3.5.1 +@end deftypefun diff --git a/doc/functions/gnutls_x509_tlsfeatures_add.short b/doc/functions/gnutls_x509_tlsfeatures_add.short new file mode 100644 index 0000000..fcf0d6d --- /dev/null +++ b/doc/functions/gnutls_x509_tlsfeatures_add.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_tlsfeatures_add} (gnutls_x509_tlsfeatures_t @var{f}, unsigned int @var{feature}) diff --git a/doc/functions/gnutls_x509_tlsfeatures_check_crt b/doc/functions/gnutls_x509_tlsfeatures_check_crt new file mode 100644 index 0000000..04ce44e --- /dev/null +++ b/doc/functions/gnutls_x509_tlsfeatures_check_crt @@ -0,0 +1,17 @@ + + + + +@deftypefun {unsigned} {gnutls_x509_tlsfeatures_check_crt} (gnutls_x509_tlsfeatures_t @var{feat}, gnutls_x509_crt_t @var{cert}) +@var{feat}: a set of TLSFeatures + +@var{cert}: the certificate to be checked + +This function will check the provided certificate against the TLSFeatures +set in @code{feat} using the RFC7633 p.4.2.2 rules. It will check whether the certificate +contains the features in @code{feat} or a superset. + +@strong{Returns:} non-zero if the provided certificate complies, and zero otherwise. + +@strong{Since:} 3.5.1 +@end deftypefun diff --git a/doc/functions/gnutls_x509_tlsfeatures_check_crt.short b/doc/functions/gnutls_x509_tlsfeatures_check_crt.short new file mode 100644 index 0000000..64e551c --- /dev/null +++ b/doc/functions/gnutls_x509_tlsfeatures_check_crt.short @@ -0,0 +1 @@ +@item @var{unsigned} @ref{gnutls_x509_tlsfeatures_check_crt} (gnutls_x509_tlsfeatures_t @var{feat}, gnutls_x509_crt_t @var{cert}) diff --git a/doc/functions/gnutls_x509_tlsfeatures_deinit b/doc/functions/gnutls_x509_tlsfeatures_deinit new file mode 100644 index 0000000..9d3f811 --- /dev/null +++ b/doc/functions/gnutls_x509_tlsfeatures_deinit @@ -0,0 +1,11 @@ + + + + +@deftypefun {void} {gnutls_x509_tlsfeatures_deinit} (gnutls_x509_tlsfeatures_t @var{f}) +@var{f}: The TLS features + +This function will deinitialize a X.509 TLS features extension structure + +@strong{Since:} 3.5.1 +@end deftypefun diff --git a/doc/functions/gnutls_x509_tlsfeatures_deinit.short b/doc/functions/gnutls_x509_tlsfeatures_deinit.short new file mode 100644 index 0000000..ff21089 --- /dev/null +++ b/doc/functions/gnutls_x509_tlsfeatures_deinit.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_x509_tlsfeatures_deinit} (gnutls_x509_tlsfeatures_t @var{f}) diff --git a/doc/functions/gnutls_x509_tlsfeatures_get b/doc/functions/gnutls_x509_tlsfeatures_get new file mode 100644 index 0000000..562867f --- /dev/null +++ b/doc/functions/gnutls_x509_tlsfeatures_get @@ -0,0 +1,19 @@ + + + + +@deftypefun {int} {gnutls_x509_tlsfeatures_get} (gnutls_x509_tlsfeatures_t @var{f}, unsigned @var{idx}, unsigned int * @var{feature}) +@var{f}: The TLS features + +@var{idx}: The index of the feature to get + +@var{feature}: If the function succeeds, the feature will be stored in this variable + +This function will get a feature from the X.509 TLS features +extension structure. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, +otherwise a negative error value. + +@strong{Since:} 3.5.1 +@end deftypefun diff --git a/doc/functions/gnutls_x509_tlsfeatures_get.short b/doc/functions/gnutls_x509_tlsfeatures_get.short new file mode 100644 index 0000000..af5680c --- /dev/null +++ b/doc/functions/gnutls_x509_tlsfeatures_get.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_tlsfeatures_get} (gnutls_x509_tlsfeatures_t @var{f}, unsigned @var{idx}, unsigned int * @var{feature}) diff --git a/doc/functions/gnutls_x509_tlsfeatures_init b/doc/functions/gnutls_x509_tlsfeatures_init new file mode 100644 index 0000000..4ba350d --- /dev/null +++ b/doc/functions/gnutls_x509_tlsfeatures_init @@ -0,0 +1,14 @@ + + + + +@deftypefun {int} {gnutls_x509_tlsfeatures_init} (gnutls_x509_tlsfeatures_t * @var{f}) +@var{f}: The TLS features + +This function will initialize a X.509 TLS features extension structure + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, +otherwise a negative error value. + +@strong{Since:} 3.5.1 +@end deftypefun diff --git a/doc/functions/gnutls_x509_tlsfeatures_init.short b/doc/functions/gnutls_x509_tlsfeatures_init.short new file mode 100644 index 0000000..b7e1cd5 --- /dev/null +++ b/doc/functions/gnutls_x509_tlsfeatures_init.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_tlsfeatures_init} (gnutls_x509_tlsfeatures_t * @var{f}) diff --git a/doc/functions/gnutls_x509_trust_list_add_cas b/doc/functions/gnutls_x509_trust_list_add_cas new file mode 100644 index 0000000..b79535f --- /dev/null +++ b/doc/functions/gnutls_x509_trust_list_add_cas @@ -0,0 +1,34 @@ + + + + +@deftypefun {int} {gnutls_x509_trust_list_add_cas} (gnutls_x509_trust_list_t @var{list}, const gnutls_x509_crt_t * @var{clist}, unsigned @var{clist_size}, unsigned int @var{flags}) +@var{list}: The list + +@var{clist}: A list of CAs + +@var{clist_size}: The length of the CA list + +@var{flags}: flags from @code{gnutls_trust_list_flags_t} + +This function will add the given certificate authorities +to the trusted list. The CAs in @code{clist} must not be deinitialized +during the lifetime of @code{list} . + +If the flag @code{GNUTLS_TL_NO_DUPLICATES} is specified, then +this function will ensure that no duplicates will be +present in the final trust list. + +If the flag @code{GNUTLS_TL_NO_DUPLICATE_KEY} is specified, then +this function will ensure that no certificates with the +same key are present in the final trust list. + +If either @code{GNUTLS_TL_NO_DUPLICATE_KEY} or @code{GNUTLS_TL_NO_DUPLICATES} +are given, @code{gnutls_x509_trust_list_deinit()} must be called with parameter + @code{all} being 1. + +@strong{Returns:} The number of added elements is returned; that includes +duplicate entries. + +@strong{Since:} 3.0.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_trust_list_add_cas.short b/doc/functions/gnutls_x509_trust_list_add_cas.short new file mode 100644 index 0000000..0ffe600 --- /dev/null +++ b/doc/functions/gnutls_x509_trust_list_add_cas.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_trust_list_add_cas} (gnutls_x509_trust_list_t @var{list}, const gnutls_x509_crt_t * @var{clist}, unsigned @var{clist_size}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_x509_trust_list_add_crls b/doc/functions/gnutls_x509_trust_list_add_crls new file mode 100644 index 0000000..a1a6346 --- /dev/null +++ b/doc/functions/gnutls_x509_trust_list_add_crls @@ -0,0 +1,34 @@ + + + + +@deftypefun {int} {gnutls_x509_trust_list_add_crls} (gnutls_x509_trust_list_t @var{list}, const gnutls_x509_crl_t * @var{crl_list}, unsigned @var{crl_size}, unsigned int @var{flags}, unsigned int @var{verification_flags}) +@var{list}: The list + +@var{crl_list}: A list of CRLs + +@var{crl_size}: The length of the CRL list + +@var{flags}: flags from @code{gnutls_trust_list_flags_t} + +@var{verification_flags}: gnutls_certificate_verify_flags if flags specifies GNUTLS_TL_VERIFY_CRL + +This function will add the given certificate revocation lists +to the trusted list. The CRLs in @code{crl_list} must not be deinitialized +during the lifetime of @code{list} . + +This function must be called after @code{gnutls_x509_trust_list_add_cas()} +to allow verifying the CRLs for validity. If the flag @code{GNUTLS_TL_NO_DUPLICATES} +is given, then the final CRL list will not contain duplicate entries. + +If the flag @code{GNUTLS_TL_NO_DUPLICATES} is given, @code{gnutls_x509_trust_list_deinit()} must be +called with parameter @code{all} being 1. + +If flag @code{GNUTLS_TL_VERIFY_CRL} is given the CRLs will be verified before being added, +and if verification fails, they will be skipped. + +@strong{Returns:} The number of added elements is returned; that includes +duplicate entries. + +@strong{Since:} 3.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_trust_list_add_crls.short b/doc/functions/gnutls_x509_trust_list_add_crls.short new file mode 100644 index 0000000..1c7ae74 --- /dev/null +++ b/doc/functions/gnutls_x509_trust_list_add_crls.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_trust_list_add_crls} (gnutls_x509_trust_list_t @var{list}, const gnutls_x509_crl_t * @var{crl_list}, unsigned @var{crl_size}, unsigned int @var{flags}, unsigned int @var{verification_flags}) diff --git a/doc/functions/gnutls_x509_trust_list_add_named_crt b/doc/functions/gnutls_x509_trust_list_add_named_crt new file mode 100644 index 0000000..2c7b314 --- /dev/null +++ b/doc/functions/gnutls_x509_trust_list_add_named_crt @@ -0,0 +1,34 @@ + + + + +@deftypefun {int} {gnutls_x509_trust_list_add_named_crt} (gnutls_x509_trust_list_t @var{list}, gnutls_x509_crt_t @var{cert}, const void * @var{name}, size_t @var{name_size}, unsigned int @var{flags}) +@var{list}: The list + +@var{cert}: A certificate + +@var{name}: An identifier for the certificate + +@var{name_size}: The size of the identifier + +@var{flags}: should be 0. + +This function will add the given certificate to the trusted +list and associate it with a name. The certificate will not be +be used for verification with @code{gnutls_x509_trust_list_verify_crt()} +but with @code{gnutls_x509_trust_list_verify_named_crt()} or +@code{gnutls_x509_trust_list_verify_crt2()} - the latter only since +GnuTLS 3.4.0 and if a hostname is provided. + +In principle this function can be used to set individual "server" +certificates that are trusted by the user for that specific server +but for no other purposes. + +The certificate @code{cert} must not be deinitialized during the lifetime +of the @code{list} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.0.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_trust_list_add_named_crt.short b/doc/functions/gnutls_x509_trust_list_add_named_crt.short new file mode 100644 index 0000000..4fa557a --- /dev/null +++ b/doc/functions/gnutls_x509_trust_list_add_named_crt.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_trust_list_add_named_crt} (gnutls_x509_trust_list_t @var{list}, gnutls_x509_crt_t @var{cert}, const void * @var{name}, size_t @var{name_size}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_x509_trust_list_add_system_trust b/doc/functions/gnutls_x509_trust_list_add_system_trust new file mode 100644 index 0000000..62e3ecd --- /dev/null +++ b/doc/functions/gnutls_x509_trust_list_add_system_trust @@ -0,0 +1,21 @@ + + + + +@deftypefun {int} {gnutls_x509_trust_list_add_system_trust} (gnutls_x509_trust_list_t @var{list}, unsigned int @var{tl_flags}, unsigned int @var{tl_vflags}) +@var{list}: The structure of the list + +@var{tl_flags}: GNUTLS_TL_* + +@var{tl_vflags}: gnutls_certificate_verify_flags if flags specifies GNUTLS_TL_VERIFY_CRL + +This function adds the system's default trusted certificate +authorities to the trusted list. Note that on unsupported systems +this function returns @code{GNUTLS_E_UNIMPLEMENTED_FEATURE} . + +This function implies the flag @code{GNUTLS_TL_NO_DUPLICATES} . + +@strong{Returns:} The number of added elements or a negative error code on error. + +@strong{Since:} 3.1 +@end deftypefun diff --git a/doc/functions/gnutls_x509_trust_list_add_system_trust.short b/doc/functions/gnutls_x509_trust_list_add_system_trust.short new file mode 100644 index 0000000..3a90dc9 --- /dev/null +++ b/doc/functions/gnutls_x509_trust_list_add_system_trust.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_trust_list_add_system_trust} (gnutls_x509_trust_list_t @var{list}, unsigned int @var{tl_flags}, unsigned int @var{tl_vflags}) diff --git a/doc/functions/gnutls_x509_trust_list_add_trust_dir b/doc/functions/gnutls_x509_trust_list_add_trust_dir new file mode 100644 index 0000000..4351a97 --- /dev/null +++ b/doc/functions/gnutls_x509_trust_list_add_trust_dir @@ -0,0 +1,25 @@ + + + + +@deftypefun {int} {gnutls_x509_trust_list_add_trust_dir} (gnutls_x509_trust_list_t @var{list}, const char * @var{ca_dir}, const char * @var{crl_dir}, gnutls_x509_crt_fmt_t @var{type}, unsigned int @var{tl_flags}, unsigned int @var{tl_vflags}) +@var{list}: The list + +@var{ca_dir}: A directory containing the CAs (optional) + +@var{crl_dir}: A directory containing a list of CRLs (optional) + +@var{type}: The format of the certificates + +@var{tl_flags}: flags from @code{gnutls_trust_list_flags_t} + +@var{tl_vflags}: gnutls_certificate_verify_flags if flags specifies GNUTLS_TL_VERIFY_CRL + +This function will add the given certificate authorities +to the trusted list. Only directories are accepted by +this function. + +@strong{Returns:} The number of added elements is returned. + +@strong{Since:} 3.3.6 +@end deftypefun diff --git a/doc/functions/gnutls_x509_trust_list_add_trust_dir.short b/doc/functions/gnutls_x509_trust_list_add_trust_dir.short new file mode 100644 index 0000000..5bcfc19 --- /dev/null +++ b/doc/functions/gnutls_x509_trust_list_add_trust_dir.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_trust_list_add_trust_dir} (gnutls_x509_trust_list_t @var{list}, const char * @var{ca_dir}, const char * @var{crl_dir}, gnutls_x509_crt_fmt_t @var{type}, unsigned int @var{tl_flags}, unsigned int @var{tl_vflags}) diff --git a/doc/functions/gnutls_x509_trust_list_add_trust_file b/doc/functions/gnutls_x509_trust_list_add_trust_file new file mode 100644 index 0000000..4bff04f --- /dev/null +++ b/doc/functions/gnutls_x509_trust_list_add_trust_file @@ -0,0 +1,28 @@ + + + + +@deftypefun {int} {gnutls_x509_trust_list_add_trust_file} (gnutls_x509_trust_list_t @var{list}, const char * @var{ca_file}, const char * @var{crl_file}, gnutls_x509_crt_fmt_t @var{type}, unsigned int @var{tl_flags}, unsigned int @var{tl_vflags}) +@var{list}: The list + +@var{ca_file}: A file containing a list of CAs (optional) + +@var{crl_file}: A file containing a list of CRLs (optional) + +@var{type}: The format of the certificates + +@var{tl_flags}: flags from @code{gnutls_trust_list_flags_t} + +@var{tl_vflags}: gnutls_certificate_verify_flags if flags specifies GNUTLS_TL_VERIFY_CRL + +This function will add the given certificate authorities +to the trusted list. PKCS @code{11} URLs are also accepted, instead +of files, by this function. A PKCS @code{11} URL implies a trust +database (a specially marked module in p11-kit); the URL "pkcs11:" +implies all trust databases in the system. Only a single URL specifying +trust databases can be set; they cannot be stacked with multiple calls. + +@strong{Returns:} The number of added elements is returned. + +@strong{Since:} 3.1 +@end deftypefun diff --git a/doc/functions/gnutls_x509_trust_list_add_trust_file.short b/doc/functions/gnutls_x509_trust_list_add_trust_file.short new file mode 100644 index 0000000..92ed217 --- /dev/null +++ b/doc/functions/gnutls_x509_trust_list_add_trust_file.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_trust_list_add_trust_file} (gnutls_x509_trust_list_t @var{list}, const char * @var{ca_file}, const char * @var{crl_file}, gnutls_x509_crt_fmt_t @var{type}, unsigned int @var{tl_flags}, unsigned int @var{tl_vflags}) diff --git a/doc/functions/gnutls_x509_trust_list_add_trust_mem b/doc/functions/gnutls_x509_trust_list_add_trust_mem new file mode 100644 index 0000000..ea45998 --- /dev/null +++ b/doc/functions/gnutls_x509_trust_list_add_trust_mem @@ -0,0 +1,27 @@ + + + + +@deftypefun {int} {gnutls_x509_trust_list_add_trust_mem} (gnutls_x509_trust_list_t @var{list}, const gnutls_datum_t * @var{cas}, const gnutls_datum_t * @var{crls}, gnutls_x509_crt_fmt_t @var{type}, unsigned int @var{tl_flags}, unsigned int @var{tl_vflags}) +@var{list}: The list + +@var{cas}: A buffer containing a list of CAs (optional) + +@var{crls}: A buffer containing a list of CRLs (optional) + +@var{type}: The format of the certificates + +@var{tl_flags}: flags from @code{gnutls_trust_list_flags_t} + +@var{tl_vflags}: gnutls_certificate_verify_flags if flags specifies GNUTLS_TL_VERIFY_CRL + +This function will add the given certificate authorities +to the trusted list. + +If this function is used @code{gnutls_x509_trust_list_deinit()} must be called +with parameter @code{all} being 1. + +@strong{Returns:} The number of added elements is returned. + +@strong{Since:} 3.1 +@end deftypefun diff --git a/doc/functions/gnutls_x509_trust_list_add_trust_mem.short b/doc/functions/gnutls_x509_trust_list_add_trust_mem.short new file mode 100644 index 0000000..55c0a8c --- /dev/null +++ b/doc/functions/gnutls_x509_trust_list_add_trust_mem.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_trust_list_add_trust_mem} (gnutls_x509_trust_list_t @var{list}, const gnutls_datum_t * @var{cas}, const gnutls_datum_t * @var{crls}, gnutls_x509_crt_fmt_t @var{type}, unsigned int @var{tl_flags}, unsigned int @var{tl_vflags}) diff --git a/doc/functions/gnutls_x509_trust_list_deinit b/doc/functions/gnutls_x509_trust_list_deinit new file mode 100644 index 0000000..337e484 --- /dev/null +++ b/doc/functions/gnutls_x509_trust_list_deinit @@ -0,0 +1,16 @@ + + + + +@deftypefun {void} {gnutls_x509_trust_list_deinit} (gnutls_x509_trust_list_t @var{list}, unsigned int @var{all}) +@var{list}: The list to be deinitialized + +@var{all}: if non-zero it will deinitialize all the certificates and CRLs contained in the structure. + +This function will deinitialize a trust list. Note that the + @code{all} flag should be typically non-zero unless you have specified +your certificates using @code{gnutls_x509_trust_list_add_cas()} and you +want to prevent them from being deinitialized by this function. + +@strong{Since:} 3.0.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_trust_list_deinit.short b/doc/functions/gnutls_x509_trust_list_deinit.short new file mode 100644 index 0000000..66d1d4f --- /dev/null +++ b/doc/functions/gnutls_x509_trust_list_deinit.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_x509_trust_list_deinit} (gnutls_x509_trust_list_t @var{list}, unsigned int @var{all}) diff --git a/doc/functions/gnutls_x509_trust_list_get_issuer b/doc/functions/gnutls_x509_trust_list_get_issuer new file mode 100644 index 0000000..fd9a2bf --- /dev/null +++ b/doc/functions/gnutls_x509_trust_list_get_issuer @@ -0,0 +1,26 @@ + + + + +@deftypefun {int} {gnutls_x509_trust_list_get_issuer} (gnutls_x509_trust_list_t @var{list}, gnutls_x509_crt_t @var{cert}, gnutls_x509_crt_t * @var{issuer}, unsigned int @var{flags}) +@var{list}: The list + +@var{cert}: is the certificate to find issuer for + +@var{issuer}: Will hold the issuer if any. Should be treated as constant. + +@var{flags}: flags from @code{gnutls_trust_list_flags_t} (@code{GNUTLS_TL_GET_COPY} is applicable) + +This function will find the issuer of the given certificate. +If the flag @code{GNUTLS_TL_GET_COPY} is specified a copy of the issuer +will be returned which must be freed using @code{gnutls_x509_crt_deinit()} . +In that case the provided @code{issuer} must not be initialized. + +Note that the flag @code{GNUTLS_TL_GET_COPY} is required for this function +to work with PKCS@code{11} trust lists in a thread-safe way. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_trust_list_get_issuer.short b/doc/functions/gnutls_x509_trust_list_get_issuer.short new file mode 100644 index 0000000..6591710 --- /dev/null +++ b/doc/functions/gnutls_x509_trust_list_get_issuer.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_trust_list_get_issuer} (gnutls_x509_trust_list_t @var{list}, gnutls_x509_crt_t @var{cert}, gnutls_x509_crt_t * @var{issuer}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_x509_trust_list_get_issuer_by_dn b/doc/functions/gnutls_x509_trust_list_get_issuer_by_dn new file mode 100644 index 0000000..b2357a1 --- /dev/null +++ b/doc/functions/gnutls_x509_trust_list_get_issuer_by_dn @@ -0,0 +1,21 @@ + + + + +@deftypefun {int} {gnutls_x509_trust_list_get_issuer_by_dn} (gnutls_x509_trust_list_t @var{list}, const gnutls_datum_t * @var{dn}, gnutls_x509_crt_t * @var{issuer}, unsigned int @var{flags}) +@var{list}: The list + +@var{dn}: is the issuer's DN + +@var{issuer}: Will hold the issuer if any. Should be deallocated after use. + +@var{flags}: Use zero + +This function will find the issuer with the given name, and +return a copy of the issuer, which must be freed using @code{gnutls_x509_crt_deinit()} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.4.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_trust_list_get_issuer_by_dn.short b/doc/functions/gnutls_x509_trust_list_get_issuer_by_dn.short new file mode 100644 index 0000000..275bed4 --- /dev/null +++ b/doc/functions/gnutls_x509_trust_list_get_issuer_by_dn.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_trust_list_get_issuer_by_dn} (gnutls_x509_trust_list_t @var{list}, const gnutls_datum_t * @var{dn}, gnutls_x509_crt_t * @var{issuer}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_x509_trust_list_get_issuer_by_subject_key_id b/doc/functions/gnutls_x509_trust_list_get_issuer_by_subject_key_id new file mode 100644 index 0000000..1b999ed --- /dev/null +++ b/doc/functions/gnutls_x509_trust_list_get_issuer_by_subject_key_id @@ -0,0 +1,23 @@ + + + + +@deftypefun {int} {gnutls_x509_trust_list_get_issuer_by_subject_key_id} (gnutls_x509_trust_list_t @var{list}, const gnutls_datum_t * @var{dn}, const gnutls_datum_t * @var{spki}, gnutls_x509_crt_t * @var{issuer}, unsigned int @var{flags}) +@var{list}: The list + +@var{dn}: is the issuer's DN (may be @code{NULL} ) + +@var{spki}: is the subject key ID + +@var{issuer}: Will hold the issuer if any. Should be deallocated after use. + +@var{flags}: Use zero + +This function will find the issuer with the given name and subject key ID, and +return a copy of the issuer, which must be freed using @code{gnutls_x509_crt_deinit()} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.4.2 +@end deftypefun diff --git a/doc/functions/gnutls_x509_trust_list_get_issuer_by_subject_key_id.short b/doc/functions/gnutls_x509_trust_list_get_issuer_by_subject_key_id.short new file mode 100644 index 0000000..7eab909 --- /dev/null +++ b/doc/functions/gnutls_x509_trust_list_get_issuer_by_subject_key_id.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_trust_list_get_issuer_by_subject_key_id} (gnutls_x509_trust_list_t @var{list}, const gnutls_datum_t * @var{dn}, const gnutls_datum_t * @var{spki}, gnutls_x509_crt_t * @var{issuer}, unsigned int @var{flags}) diff --git a/doc/functions/gnutls_x509_trust_list_init b/doc/functions/gnutls_x509_trust_list_init new file mode 100644 index 0000000..b8ec0b3 --- /dev/null +++ b/doc/functions/gnutls_x509_trust_list_init @@ -0,0 +1,16 @@ + + + + +@deftypefun {int} {gnutls_x509_trust_list_init} (gnutls_x509_trust_list_t * @var{list}, unsigned int @var{size}) +@var{list}: A pointer to the type to be initialized + +@var{size}: The size of the internal hash table. Use (0) for default size. + +This function will initialize an X.509 trust list structure. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.0.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_trust_list_init.short b/doc/functions/gnutls_x509_trust_list_init.short new file mode 100644 index 0000000..3d992d3 --- /dev/null +++ b/doc/functions/gnutls_x509_trust_list_init.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_trust_list_init} (gnutls_x509_trust_list_t * @var{list}, unsigned int @var{size}) diff --git a/doc/functions/gnutls_x509_trust_list_iter_deinit b/doc/functions/gnutls_x509_trust_list_iter_deinit new file mode 100644 index 0000000..5dd7f01 --- /dev/null +++ b/doc/functions/gnutls_x509_trust_list_iter_deinit @@ -0,0 +1,11 @@ + + + + +@deftypefun {void} {gnutls_x509_trust_list_iter_deinit} (gnutls_x509_trust_list_iter_t @var{iter}) +@var{iter}: The iterator structure to be deinitialized + +This function will deinitialize an iterator structure. + +@strong{Since:} 3.4.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_trust_list_iter_deinit.short b/doc/functions/gnutls_x509_trust_list_iter_deinit.short new file mode 100644 index 0000000..0fbed15 --- /dev/null +++ b/doc/functions/gnutls_x509_trust_list_iter_deinit.short @@ -0,0 +1 @@ +@item @var{void} @ref{gnutls_x509_trust_list_iter_deinit} (gnutls_x509_trust_list_iter_t @var{iter}) diff --git a/doc/functions/gnutls_x509_trust_list_iter_get_ca b/doc/functions/gnutls_x509_trust_list_iter_get_ca new file mode 100644 index 0000000..4034b85 --- /dev/null +++ b/doc/functions/gnutls_x509_trust_list_iter_get_ca @@ -0,0 +1,29 @@ + + + + +@deftypefun {int} {gnutls_x509_trust_list_iter_get_ca} (gnutls_x509_trust_list_t @var{list}, gnutls_x509_trust_list_iter_t * @var{iter}, gnutls_x509_crt_t * @var{crt}) +@var{list}: The list + +@var{iter}: A pointer to an iterator (initially the iterator should be @code{NULL} ) + +@var{crt}: where the certificate will be copied + +This function obtains a certificate in the trust list and advances the +iterator to the next certificate. The certificate returned in @code{crt} must be +deallocated with @code{gnutls_x509_crt_deinit()} . + +When past the last element is accessed @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} +is returned and the iterator is reset. + +The iterator is deinitialized and reset to @code{NULL} automatically by this +function after iterating through all elements until +@code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} is returned. If the iteration is +aborted early, it must be manually deinitialized using +@code{gnutls_x509_trust_list_iter_deinit()} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.4.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_trust_list_iter_get_ca.short b/doc/functions/gnutls_x509_trust_list_iter_get_ca.short new file mode 100644 index 0000000..3adbd92 --- /dev/null +++ b/doc/functions/gnutls_x509_trust_list_iter_get_ca.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_trust_list_iter_get_ca} (gnutls_x509_trust_list_t @var{list}, gnutls_x509_trust_list_iter_t * @var{iter}, gnutls_x509_crt_t * @var{crt}) diff --git a/doc/functions/gnutls_x509_trust_list_remove_cas b/doc/functions/gnutls_x509_trust_list_remove_cas new file mode 100644 index 0000000..b7fd499 --- /dev/null +++ b/doc/functions/gnutls_x509_trust_list_remove_cas @@ -0,0 +1,24 @@ + + + + +@deftypefun {int} {gnutls_x509_trust_list_remove_cas} (gnutls_x509_trust_list_t @var{list}, const gnutls_x509_crt_t * @var{clist}, unsigned @var{clist_size}) +@var{list}: The list + +@var{clist}: A list of CAs + +@var{clist_size}: The length of the CA list + +This function will remove the given certificate authorities +from the trusted list. + +Note that this function can accept certificates and authorities +not yet known. In that case they will be kept in a separate +black list that will be used during certificate verification. +Unlike @code{gnutls_x509_trust_list_add_cas()} there is no deinitialization +restriction for certificate list provided in this function. + +@strong{Returns:} The number of removed elements is returned. + +@strong{Since:} 3.1.10 +@end deftypefun diff --git a/doc/functions/gnutls_x509_trust_list_remove_cas.short b/doc/functions/gnutls_x509_trust_list_remove_cas.short new file mode 100644 index 0000000..72e1cb7 --- /dev/null +++ b/doc/functions/gnutls_x509_trust_list_remove_cas.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_trust_list_remove_cas} (gnutls_x509_trust_list_t @var{list}, const gnutls_x509_crt_t * @var{clist}, unsigned @var{clist_size}) diff --git a/doc/functions/gnutls_x509_trust_list_remove_trust_file b/doc/functions/gnutls_x509_trust_list_remove_trust_file new file mode 100644 index 0000000..22c1a4d --- /dev/null +++ b/doc/functions/gnutls_x509_trust_list_remove_trust_file @@ -0,0 +1,22 @@ + + + + +@deftypefun {int} {gnutls_x509_trust_list_remove_trust_file} (gnutls_x509_trust_list_t @var{list}, const char * @var{ca_file}, gnutls_x509_crt_fmt_t @var{type}) +@var{list}: The list + +@var{ca_file}: A file containing a list of CAs + +@var{type}: The format of the certificates + +This function will remove the given certificate authorities +from the trusted list, and add them into a black list when needed. +PKCS 11 URLs are also accepted, instead +of files, by this function. + +See also @code{gnutls_x509_trust_list_remove_cas()} . + +@strong{Returns:} The number of added elements is returned. + +@strong{Since:} 3.1.10 +@end deftypefun diff --git a/doc/functions/gnutls_x509_trust_list_remove_trust_file.short b/doc/functions/gnutls_x509_trust_list_remove_trust_file.short new file mode 100644 index 0000000..b4d56f1 --- /dev/null +++ b/doc/functions/gnutls_x509_trust_list_remove_trust_file.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_trust_list_remove_trust_file} (gnutls_x509_trust_list_t @var{list}, const char * @var{ca_file}, gnutls_x509_crt_fmt_t @var{type}) diff --git a/doc/functions/gnutls_x509_trust_list_remove_trust_mem b/doc/functions/gnutls_x509_trust_list_remove_trust_mem new file mode 100644 index 0000000..d7034be --- /dev/null +++ b/doc/functions/gnutls_x509_trust_list_remove_trust_mem @@ -0,0 +1,20 @@ + + + + +@deftypefun {int} {gnutls_x509_trust_list_remove_trust_mem} (gnutls_x509_trust_list_t @var{list}, const gnutls_datum_t * @var{cas}, gnutls_x509_crt_fmt_t @var{type}) +@var{list}: The list + +@var{cas}: A buffer containing a list of CAs (optional) + +@var{type}: The format of the certificates + +This function will remove the provided certificate authorities +from the trusted list, and add them into a black list when needed. + +See also @code{gnutls_x509_trust_list_remove_cas()} . + +@strong{Returns:} The number of removed elements is returned. + +@strong{Since:} 3.1.10 +@end deftypefun diff --git a/doc/functions/gnutls_x509_trust_list_remove_trust_mem.short b/doc/functions/gnutls_x509_trust_list_remove_trust_mem.short new file mode 100644 index 0000000..c30e3d5 --- /dev/null +++ b/doc/functions/gnutls_x509_trust_list_remove_trust_mem.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_trust_list_remove_trust_mem} (gnutls_x509_trust_list_t @var{list}, const gnutls_datum_t * @var{cas}, gnutls_x509_crt_fmt_t @var{type}) diff --git a/doc/functions/gnutls_x509_trust_list_verify_crt b/doc/functions/gnutls_x509_trust_list_verify_crt new file mode 100644 index 0000000..f5a297d --- /dev/null +++ b/doc/functions/gnutls_x509_trust_list_verify_crt @@ -0,0 +1,28 @@ + + + + +@deftypefun {int} {gnutls_x509_trust_list_verify_crt} (gnutls_x509_trust_list_t @var{list}, gnutls_x509_crt_t * @var{cert_list}, unsigned int @var{cert_list_size}, unsigned int @var{flags}, unsigned int * @var{voutput}, gnutls_verify_output_function @var{func}) +@var{list}: The list + +@var{cert_list}: is the certificate list to be verified + +@var{cert_list_size}: is the certificate list size + +@var{flags}: Flags that may be used to change the verification algorithm. Use OR of the gnutls_certificate_verify_flags enumerations. + +@var{voutput}: will hold the certificate verification output. + +@var{func}: If non-null will be called on each chain element verification with the output. + +This function will try to verify the given certificate and return +its status. The @code{voutput} parameter will hold an OR'ed sequence of +@code{gnutls_certificate_status_t} flags. + +The details of the verification are the same as in @code{gnutls_x509_trust_list_verify_crt2()} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_trust_list_verify_crt.short b/doc/functions/gnutls_x509_trust_list_verify_crt.short new file mode 100644 index 0000000..18a6e33 --- /dev/null +++ b/doc/functions/gnutls_x509_trust_list_verify_crt.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_trust_list_verify_crt} (gnutls_x509_trust_list_t @var{list}, gnutls_x509_crt_t * @var{cert_list}, unsigned int @var{cert_list_size}, unsigned int @var{flags}, unsigned int * @var{voutput}, gnutls_verify_output_function @var{func}) diff --git a/doc/functions/gnutls_x509_trust_list_verify_crt2 b/doc/functions/gnutls_x509_trust_list_verify_crt2 new file mode 100644 index 0000000..b0c5fb1 --- /dev/null +++ b/doc/functions/gnutls_x509_trust_list_verify_crt2 @@ -0,0 +1,56 @@ + + + + +@deftypefun {int} {gnutls_x509_trust_list_verify_crt2} (gnutls_x509_trust_list_t @var{list}, gnutls_x509_crt_t * @var{cert_list}, unsigned int @var{cert_list_size}, gnutls_typed_vdata_st * @var{data}, unsigned int @var{elements}, unsigned int @var{flags}, unsigned int * @var{voutput}, gnutls_verify_output_function @var{func}) +@var{list}: The list + +@var{cert_list}: is the certificate list to be verified + +@var{cert_list_size}: is the certificate list size + +@var{data}: an array of typed data + +@var{elements}: the number of data elements + +@var{flags}: Flags that may be used to change the verification algorithm. Use OR of the gnutls_certificate_verify_flags enumerations. + +@var{voutput}: will hold the certificate verification output. + +@var{func}: If non-null will be called on each chain element verification with the output. + +This function will attempt to verify the given certificate chain and return +its status. The @code{voutput} parameter will hold an OR'ed sequence of +@code{gnutls_certificate_status_t} flags. + +When a certificate chain of @code{cert_list_size} with more than one certificates is +provided, the verification status will apply to the first certificate in the chain +that failed verification. The verification process starts from the end of the chain +(from CA to end certificate). The first certificate in the chain must be the end-certificate +while the rest of the members may be sorted or not. + +Additionally a certificate verification profile can be specified +from the ones in @code{gnutls_certificate_verification_profiles_t} by +ORing the result of @code{GNUTLS_PROFILE_TO_VFLAGS()} to the verification +flags. + +Additional verification parameters are possible via the @code{data} types; the +acceptable types are @code{GNUTLS_DT_DNS_HOSTNAME} , @code{GNUTLS_DT_IP_ADDRESS} and @code{GNUTLS_DT_KEY_PURPOSE_OID} . +The former accepts as data a null-terminated hostname, and the latter a null-terminated +object identifier (e.g., @code{GNUTLS_KP_TLS_WWW_SERVER} ). +If a DNS hostname is provided then this function will compare +the hostname in the end certificate against the given. If names do not match the +@code{GNUTLS_CERT_UNEXPECTED_OWNER} status flag will be set. In addition it +will consider certificates provided with @code{gnutls_x509_trust_list_add_named_crt()} . + +If a key purpose OID is provided and the end-certificate contains the extended key +usage PKIX extension, it will be required to match the provided OID +or be marked for any purpose, otherwise verification will fail with +@code{GNUTLS_CERT_PURPOSE_MISMATCH} status. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. Note that verification failure will not result to an +error code, only @code{voutput} will be updated. + +@strong{Since:} 3.3.8 +@end deftypefun diff --git a/doc/functions/gnutls_x509_trust_list_verify_crt2.short b/doc/functions/gnutls_x509_trust_list_verify_crt2.short new file mode 100644 index 0000000..7c3b35b --- /dev/null +++ b/doc/functions/gnutls_x509_trust_list_verify_crt2.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_trust_list_verify_crt2} (gnutls_x509_trust_list_t @var{list}, gnutls_x509_crt_t * @var{cert_list}, unsigned int @var{cert_list_size}, gnutls_typed_vdata_st * @var{data}, unsigned int @var{elements}, unsigned int @var{flags}, unsigned int * @var{voutput}, gnutls_verify_output_function @var{func}) diff --git a/doc/functions/gnutls_x509_trust_list_verify_named_crt b/doc/functions/gnutls_x509_trust_list_verify_named_crt new file mode 100644 index 0000000..f116489 --- /dev/null +++ b/doc/functions/gnutls_x509_trust_list_verify_named_crt @@ -0,0 +1,35 @@ + + + + +@deftypefun {int} {gnutls_x509_trust_list_verify_named_crt} (gnutls_x509_trust_list_t @var{list}, gnutls_x509_crt_t @var{cert}, const void * @var{name}, size_t @var{name_size}, unsigned int @var{flags}, unsigned int * @var{voutput}, gnutls_verify_output_function @var{func}) +@var{list}: The list + +@var{cert}: is the certificate to be verified + +@var{name}: is the certificate's name + +@var{name_size}: is the certificate's name size + +@var{flags}: Flags that may be used to change the verification algorithm. Use OR of the gnutls_certificate_verify_flags enumerations. + +@var{voutput}: will hold the certificate verification output. + +@var{func}: If non-null will be called on each chain element verification with the output. + +This function will try to find a certificate that is associated with the provided +name --see @code{gnutls_x509_trust_list_add_named_crt()} . If a match is found the +certificate is considered valid. In addition to that this function will also +check CRLs. The @code{voutput} parameter will hold an OR'ed sequence of +@code{gnutls_certificate_status_t} flags. + +Additionally a certificate verification profile can be specified +from the ones in @code{gnutls_certificate_verification_profiles_t} by +ORing the result of @code{GNUTLS_PROFILE_TO_VFLAGS()} to the verification +flags. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.0.0 +@end deftypefun diff --git a/doc/functions/gnutls_x509_trust_list_verify_named_crt.short b/doc/functions/gnutls_x509_trust_list_verify_named_crt.short new file mode 100644 index 0000000..a846ba1 --- /dev/null +++ b/doc/functions/gnutls_x509_trust_list_verify_named_crt.short @@ -0,0 +1 @@ +@item @var{int} @ref{gnutls_x509_trust_list_verify_named_crt} (gnutls_x509_trust_list_t @var{list}, gnutls_x509_crt_t @var{cert}, const void * @var{name}, size_t @var{name_size}, unsigned int @var{flags}, unsigned int * @var{voutput}, gnutls_verify_output_function @var{func}) diff --git a/doc/gnutls-api.texi b/doc/gnutls-api.texi new file mode 100644 index 0000000..f1ab40d --- /dev/null +++ b/doc/gnutls-api.texi @@ -0,0 +1,7814 @@ + +@subheading gnutls_alert_get +@anchor{gnutls_alert_get} +@deftypefun {gnutls_alert_description_t} {gnutls_alert_get} (gnutls_session_t @var{session}) +@var{session}: is a @code{gnutls_session_t} type. + +This function will return the last alert number received. This +function should be called when @code{GNUTLS_E_WARNING_ALERT_RECEIVED} or +@code{GNUTLS_E_FATAL_ALERT_RECEIVED} errors are returned by a gnutls +function. The peer may send alerts if he encounters an error. +If no alert has been received the returned value is undefined. + +@strong{Returns:} the last alert received, a +@code{gnutls_alert_description_t} value. +@end deftypefun + +@subheading gnutls_alert_get_name +@anchor{gnutls_alert_get_name} +@deftypefun {const char *} {gnutls_alert_get_name} (gnutls_alert_description_t @var{alert}) +@var{alert}: is an alert number. + +This function will return a string that describes the given alert +number, or @code{NULL} . See @code{gnutls_alert_get()} . + +@strong{Returns:} string corresponding to @code{gnutls_alert_description_t} value. +@end deftypefun + +@subheading gnutls_alert_get_strname +@anchor{gnutls_alert_get_strname} +@deftypefun {const char *} {gnutls_alert_get_strname} (gnutls_alert_description_t @var{alert}) +@var{alert}: is an alert number. + +This function will return a string of the name of the alert. + +@strong{Returns:} string corresponding to @code{gnutls_alert_description_t} value. + +@strong{Since:} 3.0 +@end deftypefun + +@subheading gnutls_alert_send +@anchor{gnutls_alert_send} +@deftypefun {int} {gnutls_alert_send} (gnutls_session_t @var{session}, gnutls_alert_level_t @var{level}, gnutls_alert_description_t @var{desc}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{level}: is the level of the alert + +@var{desc}: is the alert description + +This function will send an alert to the peer in order to inform +him of something important (eg. his Certificate could not be verified). +If the alert level is Fatal then the peer is expected to close the +connection, otherwise he may ignore the alert and continue. + +The error code of the underlying record send function will be +returned, so you may also receive @code{GNUTLS_E_INTERRUPTED} or +@code{GNUTLS_E_AGAIN} as well. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise +an error code is returned. +@end deftypefun + +@subheading gnutls_alert_send_appropriate +@anchor{gnutls_alert_send_appropriate} +@deftypefun {int} {gnutls_alert_send_appropriate} (gnutls_session_t @var{session}, int @var{err}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{err}: is an error code returned by another GnuTLS function + +Sends an alert to the peer depending on the error code returned by +a gnutls function. This function will call @code{gnutls_error_to_alert()} +to determine the appropriate alert to send. + +This function may also return @code{GNUTLS_E_AGAIN} , or +@code{GNUTLS_E_INTERRUPTED} . + +This function historically was always sending an alert to the +peer, even if @code{err} was inappropriate to respond with an alert +(e.g., @code{GNUTLS_E_SUCCESS} ). Since 3.6.6 this function returns +success without transmitting any data on error codes that +should not result to an alert. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise +an error code is returned. +@end deftypefun + +@subheading gnutls_alpn_get_selected_protocol +@anchor{gnutls_alpn_get_selected_protocol} +@deftypefun {int} {gnutls_alpn_get_selected_protocol} (gnutls_session_t @var{session}, gnutls_datum_t * @var{protocol}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{protocol}: will hold the protocol name + +This function allows you to get the negotiated protocol name. The +returned protocol should be treated as opaque, constant value and +only valid during the session life. + +The selected protocol is the first supported by the list sent +by the client. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, +otherwise a negative error code is returned. + +Since 3.2.0 +@end deftypefun + +@subheading gnutls_alpn_set_protocols +@anchor{gnutls_alpn_set_protocols} +@deftypefun {int} {gnutls_alpn_set_protocols} (gnutls_session_t @var{session}, const gnutls_datum_t * @var{protocols}, unsigned @var{protocols_size}, unsigned int @var{flags}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{protocols}: is the protocol names to add. + +@var{protocols_size}: the number of protocols to add. + +@var{flags}: zero or a sequence of @code{gnutls_alpn_flags_t} + +This function is to be used by both clients and servers, to declare +the supported ALPN protocols, which are used during negotiation with peer. + +See @code{gnutls_alpn_flags_t} description for the documentation of available +flags. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, +otherwise a negative error code is returned. + +Since 3.2.0 +@end deftypefun + +@subheading gnutls_anon_allocate_client_credentials +@anchor{gnutls_anon_allocate_client_credentials} +@deftypefun {int} {gnutls_anon_allocate_client_credentials} (gnutls_anon_client_credentials_t * @var{sc}) +@var{sc}: is a pointer to a @code{gnutls_anon_client_credentials_t} type. + +Allocate a gnutls_anon_client_credentials_t structure. + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, or an error code. +@end deftypefun + +@subheading gnutls_anon_allocate_server_credentials +@anchor{gnutls_anon_allocate_server_credentials} +@deftypefun {int} {gnutls_anon_allocate_server_credentials} (gnutls_anon_server_credentials_t * @var{sc}) +@var{sc}: is a pointer to a @code{gnutls_anon_server_credentials_t} type. + +Allocate a gnutls_anon_server_credentials_t structure. + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, or an error code. +@end deftypefun + +@subheading gnutls_anon_free_client_credentials +@anchor{gnutls_anon_free_client_credentials} +@deftypefun {void} {gnutls_anon_free_client_credentials} (gnutls_anon_client_credentials_t @var{sc}) +@var{sc}: is a @code{gnutls_anon_client_credentials_t} type. + +Free a gnutls_anon_client_credentials_t structure. +@end deftypefun + +@subheading gnutls_anon_free_server_credentials +@anchor{gnutls_anon_free_server_credentials} +@deftypefun {void} {gnutls_anon_free_server_credentials} (gnutls_anon_server_credentials_t @var{sc}) +@var{sc}: is a @code{gnutls_anon_server_credentials_t} type. + +Free a gnutls_anon_server_credentials_t structure. +@end deftypefun + +@subheading gnutls_anon_set_params_function +@anchor{gnutls_anon_set_params_function} +@deftypefun {void} {gnutls_anon_set_params_function} (gnutls_anon_server_credentials_t @var{res}, gnutls_params_function * @var{func}) +@var{res}: is a gnutls_anon_server_credentials_t type + +@var{func}: is the function to be called + +This function will set a callback in order for the server to get +the Diffie-Hellman or RSA parameters for anonymous authentication. +The callback should return @code{GNUTLS_E_SUCCESS} (0) on success. + +@strong{Deprecated:} This function is unnecessary and discouraged on GnuTLS 3.6.0 +or later. Since 3.6.0, DH parameters are negotiated +following RFC7919. +@end deftypefun + +@subheading gnutls_anon_set_server_dh_params +@anchor{gnutls_anon_set_server_dh_params} +@deftypefun {void} {gnutls_anon_set_server_dh_params} (gnutls_anon_server_credentials_t @var{res}, gnutls_dh_params_t @var{dh_params}) +@var{res}: is a gnutls_anon_server_credentials_t type + +@var{dh_params}: The Diffie-Hellman parameters. + +This function will set the Diffie-Hellman parameters for an +anonymous server to use. These parameters will be used in +Anonymous Diffie-Hellman cipher suites. + +@strong{Deprecated:} This function is unnecessary and discouraged on GnuTLS 3.6.0 +or later. Since 3.6.0, DH parameters are negotiated +following RFC7919. +@end deftypefun + +@subheading gnutls_anon_set_server_known_dh_params +@anchor{gnutls_anon_set_server_known_dh_params} +@deftypefun {int} {gnutls_anon_set_server_known_dh_params} (gnutls_anon_server_credentials_t @var{res}, gnutls_sec_param_t @var{sec_param}) +@var{res}: is a gnutls_anon_server_credentials_t type + +@var{sec_param}: is an option of the @code{gnutls_sec_param_t} enumeration + +This function will set the Diffie-Hellman parameters for an +anonymous server to use. These parameters will be used in +Anonymous Diffie-Hellman cipher suites and will be selected from +the FFDHE set of RFC7919 according to the security level provided. + +@strong{Deprecated:} This function is unnecessary and discouraged on GnuTLS 3.6.0 +or later. Since 3.6.0, DH parameters are negotiated +following RFC7919. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.5.6 +@end deftypefun + +@subheading gnutls_anon_set_server_params_function +@anchor{gnutls_anon_set_server_params_function} +@deftypefun {void} {gnutls_anon_set_server_params_function} (gnutls_anon_server_credentials_t @var{res}, gnutls_params_function * @var{func}) +@var{res}: is a gnutls_certificate_credentials_t type + +@var{func}: is the function to be called + +This function will set a callback in order for the server to get +the Diffie-Hellman parameters for anonymous authentication. The +callback should return @code{GNUTLS_E_SUCCESS} (0) on success. + +@strong{Deprecated:} This function is unnecessary and discouraged on GnuTLS 3.6.0 +or later. Since 3.6.0, DH parameters are negotiated +following RFC7919. +@end deftypefun + +@subheading gnutls_anti_replay_deinit +@anchor{gnutls_anti_replay_deinit} +@deftypefun {void} {gnutls_anti_replay_deinit} (gnutls_anti_replay_t @var{anti_replay}) +@var{anti_replay}: is a @code{gnutls_anti_replay} type + +This function will deinitialize all resources occupied by the given +anti-replay context. + +@strong{Since:} 3.6.5 +@end deftypefun + +@subheading gnutls_anti_replay_enable +@anchor{gnutls_anti_replay_enable} +@deftypefun {void} {gnutls_anti_replay_enable} (gnutls_session_t @var{session}, gnutls_anti_replay_t @var{anti_replay}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{anti_replay}: is a @code{gnutls_anti_replay_t} type. + +Request that the server should use anti-replay mechanism. + +@strong{Since:} 3.6.5 +@end deftypefun + +@subheading gnutls_anti_replay_init +@anchor{gnutls_anti_replay_init} +@deftypefun {int} {gnutls_anti_replay_init} (gnutls_anti_replay_t * @var{anti_replay}) +@var{anti_replay}: is a pointer to @code{gnutls_anti_replay_t} type + +This function will allocate and initialize the @code{anti_replay} context +to be usable for detect replay attacks. The context can then be +attached to a @code{gnutls_session_t} with +@code{gnutls_anti_replay_enable()} . + +@strong{Returns:} Zero or a negative error code on error. + +@strong{Since:} 3.6.5 +@end deftypefun + +@subheading gnutls_anti_replay_set_add_function +@anchor{gnutls_anti_replay_set_add_function} +@deftypefun {void} {gnutls_anti_replay_set_add_function} (gnutls_anti_replay_t @var{anti_replay}, gnutls_db_add_func @var{add_func}) +@var{anti_replay}: is a @code{gnutls_anti_replay_t} type. + +@var{add_func}: is the function. + +Sets the function that will be used to store an entry if it is not +already present in the resumed sessions database. This function returns 0 +if the entry is successfully stored, and a negative error code +otherwise. In particular, if the entry is found in the database, +it returns @code{GNUTLS_E_DB_ENTRY_EXISTS} . + +The arguments to the @code{add_func} are: +- @code{ptr} : the pointer set with @code{gnutls_anti_replay_set_ptr()} +- @code{exp_time} : the expiration time of the entry +- @code{key} : a pointer to the key +- @code{data} : a pointer to data to store + +The data set by this function can be examined using +@code{gnutls_db_check_entry_expire_time()} and @code{gnutls_db_check_entry_time()} . + +@strong{Since:} 3.6.5 +@end deftypefun + +@subheading gnutls_anti_replay_set_ptr +@anchor{gnutls_anti_replay_set_ptr} +@deftypefun {void} {gnutls_anti_replay_set_ptr} (gnutls_anti_replay_t @var{anti_replay}, void * @var{ptr}) +@var{anti_replay}: is a @code{gnutls_anti_replay_t} type. + +@var{ptr}: is the pointer + +Sets the pointer that will be provided to db add function +as the first argument. +@end deftypefun + +@subheading gnutls_anti_replay_set_window +@anchor{gnutls_anti_replay_set_window} +@deftypefun {void} {gnutls_anti_replay_set_window} (gnutls_anti_replay_t @var{anti_replay}, unsigned int @var{window}) +@var{anti_replay}: is a @code{gnutls_anti_replay_t} type. + +@var{window}: is the time window recording ClientHello, in milliseconds + +Sets the time window used for ClientHello recording. In order to +protect against replay attacks, the server records ClientHello +messages within this time period from the last update, and +considers it a replay when a ClientHello outside of the period; if +a ClientHello arrives within this period, the server checks the +database and detects duplicates. + +For the details of the algorithm, see RFC 8446, section 8.2. + +@strong{Since:} 3.6.5 +@end deftypefun + +@subheading gnutls_auth_client_get_type +@anchor{gnutls_auth_client_get_type} +@deftypefun {gnutls_credentials_type_t} {gnutls_auth_client_get_type} (gnutls_session_t @var{session}) +@var{session}: is a @code{gnutls_session_t} type. + +Returns the type of credentials that were used for client authentication. +The returned information is to be used to distinguish the function used +to access authentication data. + +Note that on resumed sessions, this function returns the schema +used in the original session authentication. + +@strong{Returns:} The type of credentials for the client authentication +schema, a @code{gnutls_credentials_type_t} type. +@end deftypefun + +@subheading gnutls_auth_get_type +@anchor{gnutls_auth_get_type} +@deftypefun {gnutls_credentials_type_t} {gnutls_auth_get_type} (gnutls_session_t @var{session}) +@var{session}: is a @code{gnutls_session_t} type. + +Returns type of credentials for the current authentication schema. +The returned information is to be used to distinguish the function used +to access authentication data. + +Eg. for CERTIFICATE ciphersuites (key exchange algorithms: +@code{GNUTLS_KX_RSA} , @code{GNUTLS_KX_DHE_RSA} ), the same function are to be +used to access the authentication data. + +Note that on resumed sessions, this function returns the schema +used in the original session authentication. + +@strong{Returns:} The type of credentials for the current authentication +schema, a @code{gnutls_credentials_type_t} type. +@end deftypefun + +@subheading gnutls_auth_server_get_type +@anchor{gnutls_auth_server_get_type} +@deftypefun {gnutls_credentials_type_t} {gnutls_auth_server_get_type} (gnutls_session_t @var{session}) +@var{session}: is a @code{gnutls_session_t} type. + +Returns the type of credentials that were used for server authentication. +The returned information is to be used to distinguish the function used +to access authentication data. + +Note that on resumed sessions, this function returns the schema +used in the original session authentication. + +@strong{Returns:} The type of credentials for the server authentication +schema, a @code{gnutls_credentials_type_t} type. +@end deftypefun + +@subheading gnutls_base64_decode2 +@anchor{gnutls_base64_decode2} +@deftypefun {int} {gnutls_base64_decode2} (const gnutls_datum_t * @var{base64}, gnutls_datum_t * @var{result}) +@var{base64}: contains the encoded data + +@var{result}: the location of decoded data + +This function will decode the given base64 encoded data. The decoded data +will be allocated, and stored into result. + +You should use @code{gnutls_free()} to free the returned data. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise +an error code is returned. + +@strong{Since:} 3.6.0 +@end deftypefun + +@subheading gnutls_base64_encode2 +@anchor{gnutls_base64_encode2} +@deftypefun {int} {gnutls_base64_encode2} (const gnutls_datum_t * @var{data}, gnutls_datum_t * @var{result}) +@var{data}: contains the raw data + +@var{result}: will hold the newly allocated encoded data + +This function will convert the given data to printable data, using +the base64 encoding. This function will allocate the required +memory to hold the encoded data. + +You should use @code{gnutls_free()} to free the returned data. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise +an error code is returned. + +@strong{Since:} 3.6.0 +@end deftypefun + +@subheading gnutls_buffer_append_data +@anchor{gnutls_buffer_append_data} +@deftypefun {int} {gnutls_buffer_append_data} (gnutls_buffer_t @var{dest}, const void * @var{data}, size_t @var{data_size}) +@var{dest}: the buffer to append to + +@var{data}: the data + +@var{data_size}: the size of @code{data} + +Appends the provided @code{data} to the destination buffer. + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, otherwise a negative error code. + +@strong{Since:} 3.4.0 +@end deftypefun + +@subheading gnutls_bye +@anchor{gnutls_bye} +@deftypefun {int} {gnutls_bye} (gnutls_session_t @var{session}, gnutls_close_request_t @var{how}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{how}: is an integer + +Terminates the current TLS/SSL connection. The connection should +have been initiated using @code{gnutls_handshake()} . @code{how} should be one +of @code{GNUTLS_SHUT_RDWR} , @code{GNUTLS_SHUT_WR} . + +In case of @code{GNUTLS_SHUT_RDWR} the TLS session gets +terminated and further receives and sends will be disallowed. If +the return value is zero you may continue using the underlying +transport layer. @code{GNUTLS_SHUT_RDWR} sends an alert containing a close +request and waits for the peer to reply with the same message. + +In case of @code{GNUTLS_SHUT_WR} the TLS session gets terminated +and further sends will be disallowed. In order to reuse the +connection you should wait for an EOF from the peer. +@code{GNUTLS_SHUT_WR} sends an alert containing a close request. + +Note that not all implementations will properly terminate a TLS +connection. Some of them, usually for performance reasons, will +terminate only the underlying transport layer, and thus not +distinguishing between a malicious party prematurely terminating +the connection and normal termination. + +This function may also return @code{GNUTLS_E_AGAIN} or +@code{GNUTLS_E_INTERRUPTED} ; cf. @code{gnutls_record_get_direction()} . + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, or an error code, see +function documentation for entire semantics. +@end deftypefun + +@subheading gnutls_certificate_activation_time_peers +@anchor{gnutls_certificate_activation_time_peers} +@deftypefun {time_t} {gnutls_certificate_activation_time_peers} (gnutls_session_t @var{session}) +@var{session}: is a gnutls session + +This function will return the peer's certificate activation time. + +@strong{Returns:} (time_t)-1 on error. + +@strong{Deprecated:} @code{gnutls_certificate_verify_peers2()} now verifies activation times. +@end deftypefun + +@subheading gnutls_certificate_allocate_credentials +@anchor{gnutls_certificate_allocate_credentials} +@deftypefun {int} {gnutls_certificate_allocate_credentials} (gnutls_certificate_credentials_t * @var{res}) +@var{res}: is a pointer to a @code{gnutls_certificate_credentials_t} type. + +Allocate a gnutls_certificate_credentials_t structure. + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, or an error code. +@end deftypefun + +@subheading gnutls_certificate_client_get_request_status +@anchor{gnutls_certificate_client_get_request_status} +@deftypefun {unsigned} {gnutls_certificate_client_get_request_status} (gnutls_session_t @var{session}) +@var{session}: is a gnutls session + +Get whether client certificate was requested on the last +handshake or not. + +@strong{Returns:} 0 if the peer (server) did not request client +authentication or 1 otherwise. +@end deftypefun + +@subheading gnutls_certificate_expiration_time_peers +@anchor{gnutls_certificate_expiration_time_peers} +@deftypefun {time_t} {gnutls_certificate_expiration_time_peers} (gnutls_session_t @var{session}) +@var{session}: is a gnutls session + +This function will return the peer's certificate expiration time. + +@strong{Returns:} (time_t)-1 on error. + +@strong{Deprecated:} @code{gnutls_certificate_verify_peers2()} now verifies expiration times. +@end deftypefun + +@subheading gnutls_certificate_free_ca_names +@anchor{gnutls_certificate_free_ca_names} +@deftypefun {void} {gnutls_certificate_free_ca_names} (gnutls_certificate_credentials_t @var{sc}) +@var{sc}: is a @code{gnutls_certificate_credentials_t} type. + +This function will delete all the CA name in the given +credentials. Clients may call this to save some memory since in +client side the CA names are not used. Servers might want to use +this function if a large list of trusted CAs is present and +sending the names of it would just consume bandwidth without providing +information to client. + +CA names are used by servers to advertise the CAs they support to +clients. +@end deftypefun + +@subheading gnutls_certificate_free_cas +@anchor{gnutls_certificate_free_cas} +@deftypefun {void} {gnutls_certificate_free_cas} (gnutls_certificate_credentials_t @var{sc}) +@var{sc}: is a @code{gnutls_certificate_credentials_t} type. + +This function was operational on very early versions of gnutls. +Due to internal refactorings and the fact that this was hardly ever +used, it is currently a no-op. +@end deftypefun + +@subheading gnutls_certificate_free_credentials +@anchor{gnutls_certificate_free_credentials} +@deftypefun {void} {gnutls_certificate_free_credentials} (gnutls_certificate_credentials_t @var{sc}) +@var{sc}: is a @code{gnutls_certificate_credentials_t} type. + +Free a gnutls_certificate_credentials_t structure. + +This function does not free any temporary parameters associated +with this structure (ie RSA and DH parameters are not freed by this +function). +@end deftypefun + +@subheading gnutls_certificate_free_crls +@anchor{gnutls_certificate_free_crls} +@deftypefun {void} {gnutls_certificate_free_crls} (gnutls_certificate_credentials_t @var{sc}) +@var{sc}: is a @code{gnutls_certificate_credentials_t} type. + +This function will delete all the CRLs associated +with the given credentials. +@end deftypefun + +@subheading gnutls_certificate_free_keys +@anchor{gnutls_certificate_free_keys} +@deftypefun {void} {gnutls_certificate_free_keys} (gnutls_certificate_credentials_t @var{sc}) +@var{sc}: is a @code{gnutls_certificate_credentials_t} type. + +This function will delete all the keys and the certificates associated +with the given credentials. This function must not be called when a +TLS negotiation that uses the credentials is in progress. +@end deftypefun + +@subheading gnutls_certificate_get_crt_raw +@anchor{gnutls_certificate_get_crt_raw} +@deftypefun {int} {gnutls_certificate_get_crt_raw} (gnutls_certificate_credentials_t @var{sc}, unsigned @var{idx1}, unsigned @var{idx2}, gnutls_datum_t * @var{cert}) +@var{sc}: is a @code{gnutls_certificate_credentials_t} type. + +@var{idx1}: the index of the certificate chain if multiple are present + +@var{idx2}: the index of the certificate in the chain. Zero gives the server's certificate. + +@var{cert}: Will hold the DER encoded certificate. + +This function will return the DER encoded certificate of the +server or any other certificate on its certificate chain (based on @code{idx2} ). +The returned data should be treated as constant and only accessible during the lifetime +of @code{sc} . The @code{idx1} matches the value @code{gnutls_certificate_set_x509_key()} and friends +functions. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. In case the indexes are out of bounds @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} +is returned. + +@strong{Since:} 3.2.5 +@end deftypefun + +@subheading gnutls_certificate_get_issuer +@anchor{gnutls_certificate_get_issuer} +@deftypefun {int} {gnutls_certificate_get_issuer} (gnutls_certificate_credentials_t @var{sc}, gnutls_x509_crt_t @var{cert}, gnutls_x509_crt_t * @var{issuer}, unsigned int @var{flags}) +@var{sc}: is a @code{gnutls_certificate_credentials_t} type. + +@var{cert}: is the certificate to find issuer for + +@var{issuer}: Will hold the issuer if any. Should be treated as constant. + +@var{flags}: Use zero or @code{GNUTLS_TL_GET_COPY} + +This function will return the issuer of a given certificate. +If the flag @code{GNUTLS_TL_GET_COPY} is specified a copy of the issuer +will be returned which must be freed using @code{gnutls_x509_crt_deinit()} . +In that case the provided @code{issuer} must not be initialized. + +As with @code{gnutls_x509_trust_list_get_issuer()} this function requires +the @code{GNUTLS_TL_GET_COPY} flag in order to operate with PKCS@code{11} trust +lists in a thread-safe way. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.0 +@end deftypefun + +@subheading gnutls_certificate_get_ocsp_expiration +@anchor{gnutls_certificate_get_ocsp_expiration} +@deftypefun {time_t} {gnutls_certificate_get_ocsp_expiration} (gnutls_certificate_credentials_t @var{sc}, unsigned @var{idx}, int @var{oidx}, unsigned @var{flags}) +@var{sc}: is a credentials structure. + +@var{idx}: is a certificate chain index as returned by @code{gnutls_certificate_set_key()} and friends + +@var{oidx}: is an OCSP response index + +@var{flags}: should be zero + +This function returns the validity of the loaded OCSP responses, +to provide information on when to reload/refresh them. + +Note that the credentials structure should be read-only when in +use, thus when reloading, either the credentials structure must not +be in use by any sessions, or a new credentials structure should be +allocated for new sessions. + +When @code{oidx} is (-1) then the minimum refresh time for all responses +is returned. Otherwise the index specifies the response corresponding +to the @code{odix} certificate in the certificate chain. + +@strong{Returns:} On success, the expiration time of the OCSP response. Otherwise +(time_t)(-1) on error, or (time_t)-2 on out of bounds. + +@strong{Since:} 3.6.3 +@end deftypefun + +@subheading gnutls_certificate_get_ours +@anchor{gnutls_certificate_get_ours} +@deftypefun {const gnutls_datum_t *} {gnutls_certificate_get_ours} (gnutls_session_t @var{session}) +@var{session}: is a gnutls session + +Gets the certificate as sent to the peer in the last handshake. +The certificate is in raw (DER) format. No certificate +list is being returned. Only the first certificate. + +This function returns the certificate that was sent in the current +handshake. In subsequent resumed sessions this function will return +@code{NULL} . That differs from @code{gnutls_certificate_get_peers()} which always +returns the peer's certificate used in the original session. + +@strong{Returns:} a pointer to a @code{gnutls_datum_t} containing our +certificate, or @code{NULL} in case of an error or if no certificate +was used. +@end deftypefun + +@subheading gnutls_certificate_get_peers +@anchor{gnutls_certificate_get_peers} +@deftypefun {const gnutls_datum_t *} {gnutls_certificate_get_peers} (gnutls_session_t @var{session}, unsigned int * @var{list_size}) +@var{session}: is a gnutls session + +@var{list_size}: is the length of the certificate list (may be @code{NULL} ) + +Get the peer's raw certificate (chain) as sent by the peer. These +certificates are in raw format (DER encoded for X.509). In case of +a X.509 then a certificate list may be present. The list +is provided as sent by the server; the server must send as first +certificate in the list its own certificate, following the +issuer's certificate, then the issuer's issuer etc. However, there +are servers which violate this principle and thus on certain +occasions this may be an unsorted list. + +In resumed sessions, this function will return the peer's certificate +list as used in the first/original session. + +@strong{Returns:} a pointer to a @code{gnutls_datum_t} containing the peer's +certificates, or @code{NULL} in case of an error or if no certificate +was used. +@end deftypefun + +@subheading gnutls_certificate_get_peers_subkey_id +@anchor{gnutls_certificate_get_peers_subkey_id} +@deftypefun {int} {gnutls_certificate_get_peers_subkey_id} (gnutls_session_t @var{session}, gnutls_datum_t * @var{id}) +@var{session}: is a gnutls session + +@var{id}: will contain the ID + +This function is no-op. + +@strong{Returns:} @code{GNUTLS_E_UNIMPLEMENTED_FEATURE} . + +@strong{Since:} 3.1.3 +@end deftypefun + +@subheading gnutls_certificate_get_verify_flags +@anchor{gnutls_certificate_get_verify_flags} +@deftypefun {unsigned int} {gnutls_certificate_get_verify_flags} (gnutls_certificate_credentials_t @var{res}) +@var{res}: is a gnutls_certificate_credentials_t type + +Returns the verification flags set with +@code{gnutls_certificate_set_verify_flags()} . + +@strong{Returns:} The certificate verification flags used by @code{res} . + +@strong{Since:} 3.4.0 +@end deftypefun + +@subheading gnutls_certificate_get_x509_crt +@anchor{gnutls_certificate_get_x509_crt} +@deftypefun {int} {gnutls_certificate_get_x509_crt} (gnutls_certificate_credentials_t @var{res}, unsigned @var{index}, gnutls_x509_crt_t ** @var{crt_list}, unsigned * @var{crt_list_size}) +@var{res}: is a @code{gnutls_certificate_credentials_t} type. + +@var{index}: The index of the certificate list to obtain. + +@var{crt_list}: Where to store the certificate list. + +@var{crt_list_size}: Will hold the number of certificates. + +Obtains a X.509 certificate list that has been stored in @code{res} with one of +@code{gnutls_certificate_set_x509_key()} , @code{gnutls_certificate_set_key()} , +@code{gnutls_certificate_set_x509_key_file()} , +@code{gnutls_certificate_set_x509_key_file2()} , +@code{gnutls_certificate_set_x509_key_mem()} , or +@code{gnutls_certificate_set_x509_key_mem2()} . Each certificate in the returned +certificate list must be deallocated with @code{gnutls_x509_crt_deinit()} , and the +list itself must be freed with @code{gnutls_free()} . + +The @code{index} matches the return value of @code{gnutls_certificate_set_x509_key()} and friends +functions, when the @code{GNUTLS_CERTIFICATE_API_V2} flag is set. + +If there is no certificate with the given index, +@code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} is returned. If the certificate +with the given index is not a X.509 certificate, @code{GNUTLS_E_INVALID_REQUEST} +is returned. The returned certificates must be deinitialized after +use, and the @code{crt_list} pointer must be freed using @code{gnutls_free()} . + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} (0) on success, or a negative error code. + +@strong{Since:} 3.4.0 +@end deftypefun + +@subheading gnutls_certificate_get_x509_key +@anchor{gnutls_certificate_get_x509_key} +@deftypefun {int} {gnutls_certificate_get_x509_key} (gnutls_certificate_credentials_t @var{res}, unsigned @var{index}, gnutls_x509_privkey_t * @var{key}) +@var{res}: is a @code{gnutls_certificate_credentials_t} type. + +@var{index}: The index of the key to obtain. + +@var{key}: Location to store the key. + +Obtains a X.509 private key that has been stored in @code{res} with one of +@code{gnutls_certificate_set_x509_key()} , @code{gnutls_certificate_set_key()} , +@code{gnutls_certificate_set_x509_key_file()} , +@code{gnutls_certificate_set_x509_key_file2()} , +@code{gnutls_certificate_set_x509_key_mem()} , or +@code{gnutls_certificate_set_x509_key_mem2()} . The returned key must be deallocated +with @code{gnutls_x509_privkey_deinit()} when no longer needed. + +The @code{index} matches the return value of @code{gnutls_certificate_set_x509_key()} and friends +functions, when the @code{GNUTLS_CERTIFICATE_API_V2} flag is set. + +If there is no key with the given index, +@code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} is returned. If the key with the +given index is not a X.509 key, @code{GNUTLS_E_INVALID_REQUEST} is returned. + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} (0) on success, or a negative error code. + +@strong{Since:} 3.4.0 +@end deftypefun + +@subheading gnutls_certificate_send_x509_rdn_sequence +@anchor{gnutls_certificate_send_x509_rdn_sequence} +@deftypefun {void} {gnutls_certificate_send_x509_rdn_sequence} (gnutls_session_t @var{session}, int @var{status}) +@var{session}: a @code{gnutls_session_t} type. + +@var{status}: is 0 or 1 + +If status is non zero, this function will order gnutls not to send +the rdnSequence in the certificate request message. That is the +server will not advertise its trusted CAs to the peer. If status +is zero then the default behaviour will take effect, which is to +advertise the server's trusted CAs. + +This function has no effect in clients, and in authentication +methods other than certificate with X.509 certificates. +@end deftypefun + +@subheading gnutls_certificate_server_set_request +@anchor{gnutls_certificate_server_set_request} +@deftypefun {void} {gnutls_certificate_server_set_request} (gnutls_session_t @var{session}, gnutls_certificate_request_t @var{req}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{req}: is one of GNUTLS_CERT_REQUEST, GNUTLS_CERT_REQUIRE, GNUTLS_CERT_IGNORE + +This function specifies if we (in case of a server) are going to +send a certificate request message to the client. If @code{req} is +GNUTLS_CERT_REQUIRE then the server will return the @code{GNUTLS_E_NO_CERTIFICATE_FOUND} +error if the peer does not provide a certificate. If you do not call this +function then the client will not be asked to send a certificate. Invoking +the function with @code{req} GNUTLS_CERT_IGNORE has the same effect. +@end deftypefun + +@subheading gnutls_certificate_set_dh_params +@anchor{gnutls_certificate_set_dh_params} +@deftypefun {void} {gnutls_certificate_set_dh_params} (gnutls_certificate_credentials_t @var{res}, gnutls_dh_params_t @var{dh_params}) +@var{res}: is a gnutls_certificate_credentials_t type + +@var{dh_params}: the Diffie-Hellman parameters. + +This function will set the Diffie-Hellman parameters for a +certificate server to use. These parameters will be used in +Ephemeral Diffie-Hellman cipher suites. Note that only a pointer +to the parameters are stored in the certificate handle, so you +must not deallocate the parameters before the certificate is deallocated. + +@strong{Deprecated:} This function is unnecessary and discouraged on GnuTLS 3.6.0 +or later. Since 3.6.0, DH parameters are negotiated +following RFC7919. +@end deftypefun + +@subheading gnutls_certificate_set_flags +@anchor{gnutls_certificate_set_flags} +@deftypefun {void} {gnutls_certificate_set_flags} (gnutls_certificate_credentials_t @var{res}, unsigned int @var{flags}) +@var{res}: is a gnutls_certificate_credentials_t type + +@var{flags}: are the flags of @code{gnutls_certificate_flags} type + +This function will set flags to tweak the operation of +the credentials structure. See the @code{gnutls_certificate_flags} enumerations +for more information on the available flags. + +@strong{Since:} 3.4.7 +@end deftypefun + +@subheading gnutls_certificate_set_known_dh_params +@anchor{gnutls_certificate_set_known_dh_params} +@deftypefun {int} {gnutls_certificate_set_known_dh_params} (gnutls_certificate_credentials_t @var{res}, gnutls_sec_param_t @var{sec_param}) +@var{res}: is a gnutls_certificate_credentials_t type + +@var{sec_param}: is an option of the @code{gnutls_sec_param_t} enumeration + +This function will set the Diffie-Hellman parameters for a +certificate server to use. These parameters will be used in +Ephemeral Diffie-Hellman cipher suites and will be selected from +the FFDHE set of RFC7919 according to the security level provided. + +@strong{Deprecated:} This function is unnecessary and discouraged on GnuTLS 3.6.0 +or later. Since 3.6.0, DH parameters are negotiated +following RFC7919. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.5.6 +@end deftypefun + +@subheading gnutls_certificate_set_ocsp_status_request_file +@anchor{gnutls_certificate_set_ocsp_status_request_file} +@deftypefun {int} {gnutls_certificate_set_ocsp_status_request_file} (gnutls_certificate_credentials_t @var{sc}, const char * @var{response_file}, unsigned @var{idx}) +@var{sc}: is a credentials structure. + +@var{response_file}: a filename of the OCSP response + +@var{idx}: is a certificate index as returned by @code{gnutls_certificate_set_key()} and friends + +This function loads the provided OCSP response. It will be +sent to the client if requests an OCSP certificate status for +the certificate chain specified by @code{idx} . + +@strong{Note:} the ability to set multiple OCSP responses per credential +structure via the index @code{idx} was added in version 3.5.6. To keep +backwards compatibility, it requires using @code{gnutls_certificate_set_flags()} +with the @code{GNUTLS_CERTIFICATE_API_V2} flag to make the set certificate +functions return an index usable by this function. + +This function can be called multiple times since GnuTLS 3.6.3 +when multiple responses which apply to the chain are available. +If the response provided does not match any certificates present +in the chain, the code @code{GNUTLS_E_OCSP_MISMATCH_WITH_CERTS} is returned. +To revert to the previous behavior set the flag @code{GNUTLS_CERTIFICATE_SKIP_OCSP_RESPONSE_CHECK} +in the certificate credentials structure. In that case, only the +end-certificate's OCSP response can be set. +If the response is already expired at the time of loading the code +@code{GNUTLS_E_EXPIRED} is returned. + +To revert to the previous behavior of this function which does not return +any errors, set the flag @code{GNUTLS_CERTIFICATE_SKIP_OCSP_RESPONSE_CHECK} + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, +otherwise a negative error code is returned. + +@strong{Since:} 3.1.3 +@end deftypefun + +@subheading gnutls_certificate_set_ocsp_status_request_file2 +@anchor{gnutls_certificate_set_ocsp_status_request_file2} +@deftypefun {int} {gnutls_certificate_set_ocsp_status_request_file2} (gnutls_certificate_credentials_t @var{sc}, const char * @var{response_file}, unsigned @var{idx}, gnutls_x509_crt_fmt_t @var{fmt}) +@var{sc}: is a credentials structure. + +@var{response_file}: a filename of the OCSP response + +@var{idx}: is a certificate index as returned by @code{gnutls_certificate_set_key()} and friends + +@var{fmt}: is PEM or DER + +This function loads the OCSP responses to be sent to the +peer for the certificate chain specified by @code{idx} . When @code{fmt} is +set to PEM, multiple responses can be loaded. + +This function must be called after setting any certificates, and +cannot be used for certificates that are provided via a callback -- +that is when @code{gnutls_certificate_set_retrieve_function()} is used. In +that case consider using @code{gnutls_certificate_set_retrieve_function3()} . + +This function can be called multiple times when multiple responses +applicable to the certificate chain are available. +If the response provided does not match any certificates present +in the chain, the code @code{GNUTLS_E_OCSP_MISMATCH_WITH_CERTS} is returned. +If the response is already expired at the time of loading the code +@code{GNUTLS_E_EXPIRED} is returned. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, +otherwise a negative error code is returned. + +@strong{Since:} 3.1.3 +@end deftypefun + +@subheading gnutls_certificate_set_ocsp_status_request_function +@anchor{gnutls_certificate_set_ocsp_status_request_function} +@deftypefun {void} {gnutls_certificate_set_ocsp_status_request_function} (gnutls_certificate_credentials_t @var{sc}, gnutls_status_request_ocsp_func @var{ocsp_func}, void * @var{ptr}) +@var{sc}: is a @code{gnutls_certificate_credentials_t} type. + +@var{ocsp_func}: function pointer to OCSP status request callback. + +@var{ptr}: opaque pointer passed to callback function + +This function is to be used by server to register a callback to +handle OCSP status requests from the client. The callback will be +invoked if the client supplied a status-request OCSP extension. +The callback function prototype is: + +typedef int (*gnutls_status_request_ocsp_func) +(gnutls_session_t session, void *ptr, gnutls_datum_t *ocsp_response); + +The callback will be invoked if the client requests an OCSP certificate +status. The callback may return @code{GNUTLS_E_NO_CERTIFICATE_STATUS} , if +there is no recent OCSP response. If the callback returns @code{GNUTLS_E_SUCCESS} , +it is expected to have the @code{ocsp_response} field set with a valid (DER-encoded) +OCSP response. The response must be a value allocated using @code{gnutls_malloc()} , +and will be deinitialized by the caller. + +It is possible to set a specific callback for each provided certificate +using @code{gnutls_certificate_set_ocsp_status_request_function2()} . + +@strong{Since:} 3.1.3 +@end deftypefun + +@subheading gnutls_certificate_set_ocsp_status_request_function2 +@anchor{gnutls_certificate_set_ocsp_status_request_function2} +@deftypefun {int} {gnutls_certificate_set_ocsp_status_request_function2} (gnutls_certificate_credentials_t @var{sc}, unsigned @var{idx}, gnutls_status_request_ocsp_func @var{ocsp_func}, void * @var{ptr}) +@var{sc}: is a @code{gnutls_certificate_credentials_t} type. + +@var{idx}: is a certificate index as returned by @code{gnutls_certificate_set_key()} and friends + +@var{ocsp_func}: function pointer to OCSP status request callback. + +@var{ptr}: opaque pointer passed to callback function + +This function is to be used by server to register a callback to +provide OCSP status requests that correspond to the indexed certificate chain +from the client. The callback will be invoked if the client supplied a +status-request OCSP extension. + +The callback function prototype is: + +typedef int (*gnutls_status_request_ocsp_func) +(gnutls_session_t session, void *ptr, gnutls_datum_t *ocsp_response); + +The callback will be invoked if the client requests an OCSP certificate +status. The callback may return @code{GNUTLS_E_NO_CERTIFICATE_STATUS} , if +there is no recent OCSP response. If the callback returns @code{GNUTLS_E_SUCCESS} , +it is expected to have the @code{ocsp_response} field set with a valid (DER-encoded) +OCSP response. The response must be a value allocated using @code{gnutls_malloc()} , +and will be deinitialized by the caller. + +@strong{Note:} the ability to set multiple OCSP responses per credential +structure via the index @code{idx} was added in version 3.5.6. To keep +backwards compatibility, it requires using @code{gnutls_certificate_set_flags()} +with the @code{GNUTLS_CERTIFICATE_API_V2} flag to make the set certificate +functions return an index usable by this function. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, +otherwise a negative error code is returned. + +@strong{Since:} 3.5.5 +@end deftypefun + +@subheading gnutls_certificate_set_ocsp_status_request_mem +@anchor{gnutls_certificate_set_ocsp_status_request_mem} +@deftypefun {int} {gnutls_certificate_set_ocsp_status_request_mem} (gnutls_certificate_credentials_t @var{sc}, const gnutls_datum_t * @var{resp_data}, unsigned @var{idx}, gnutls_x509_crt_fmt_t @var{fmt}) +@var{sc}: is a credentials structure. + +@var{resp_data}: a memory buffer holding an OCSP response + +@var{idx}: is a certificate index as returned by @code{gnutls_certificate_set_key()} and friends + +@var{fmt}: is PEM or DER + +This function sets the OCSP responses to be sent to the +peer for the certificate chain specified by @code{idx} . When @code{fmt} is set +to PEM, multiple responses can be loaded. + +@strong{Note:} the ability to set multiple OCSP responses per credential +structure via the index @code{idx} was added in version 3.5.6. To keep +backwards compatibility, it requires using @code{gnutls_certificate_set_flags()} +with the @code{GNUTLS_CERTIFICATE_API_V2} flag to make the set certificate +functions return an index usable by this function. + +This function must be called after setting any certificates, and +cannot be used for certificates that are provided via a callback -- +that is when @code{gnutls_certificate_set_retrieve_function()} is used. + +This function can be called multiple times when multiple responses which +apply to the certificate chain are available. +If the response provided does not match any certificates present +in the chain, the code @code{GNUTLS_E_OCSP_MISMATCH_WITH_CERTS} is returned. +If the response is already expired at the time of loading the code +@code{GNUTLS_E_EXPIRED} is returned. + +@strong{Returns:} On success, the number of loaded responses is returned, +otherwise a negative error code. + +@strong{Since:} 3.6.3 +@end deftypefun + +@subheading gnutls_certificate_set_params_function +@anchor{gnutls_certificate_set_params_function} +@deftypefun {void} {gnutls_certificate_set_params_function} (gnutls_certificate_credentials_t @var{res}, gnutls_params_function * @var{func}) +@var{res}: is a gnutls_certificate_credentials_t type + +@var{func}: is the function to be called + +This function will set a callback in order for the server to get +the Diffie-Hellman or RSA parameters for certificate +authentication. The callback should return @code{GNUTLS_E_SUCCESS} (0) on success. + +@strong{Deprecated:} This function is unnecessary and discouraged on GnuTLS 3.6.0 +or later. Since 3.6.0, DH parameters are negotiated +following RFC7919. +@end deftypefun + +@subheading gnutls_certificate_set_pin_function +@anchor{gnutls_certificate_set_pin_function} +@deftypefun {void} {gnutls_certificate_set_pin_function} (gnutls_certificate_credentials_t @var{cred}, gnutls_pin_callback_t @var{fn}, void * @var{userdata}) +@var{cred}: is a @code{gnutls_certificate_credentials_t} type. + +@var{fn}: A PIN callback + +@var{userdata}: Data to be passed in the callback + +This function will set a callback function to be used when +required to access a protected object. This function overrides any other +global PIN functions. + +Note that this function must be called right after initialization +to have effect. + +@strong{Since:} 3.1.0 +@end deftypefun + +@subheading gnutls_certificate_set_rawpk_key_file +@anchor{gnutls_certificate_set_rawpk_key_file} +@deftypefun {int} {gnutls_certificate_set_rawpk_key_file} (gnutls_certificate_credentials_t @var{cred}, const char* @var{rawpkfile}, const char* @var{privkeyfile}, gnutls_x509_crt_fmt_t @var{format}, const char * @var{pass}, unsigned int @var{key_usage}, const char ** @var{names}, unsigned int @var{names_length}, unsigned int @var{privkey_flags}, unsigned int @var{pkcs11_flags}) +@var{cred}: is a @code{gnutls_certificate_credentials_t} type. + +@var{rawpkfile}: contains a raw public key in +PKIX.SubjectPublicKeyInfo format. + +@var{privkeyfile}: contains a file path to a private key. + +@var{format}: encoding of the keys. DER or PEM. + +@var{pass}: an optional password to unlock the private key privkeyfile. + +@var{key_usage}: an ORed sequence of @code{GNUTLS_KEY_} * flags. + +@var{names}: is an array of DNS names belonging to the public-key (NULL if none). + +@var{names_length}: holds the length of the names list. + +@var{privkey_flags}: an ORed sequence of @code{gnutls_pkcs_encrypt_flags_t} . +These apply to the private key pkey. + +@var{pkcs11_flags}: one of gnutls_pkcs11_obj_flags. These apply to URLs. + +This function sets a public/private keypair read from file in the +@code{gnutls_certificate_credentials_t} type to be used for authentication +and/or encryption. @code{spki} and @code{privkey} should match otherwise set +signatures cannot be validated. In case of no match this function +returns @code{GNUTLS_E_CERTIFICATE_KEY_MISMATCH} . This function should +be called once for the client because there is currently no mechanism +to determine which raw public-key to select for the peer when there +are multiple present. Multiple raw public keys for the server can be +distinghuished by setting the @code{names} . + +Note here that @code{spki} is a raw public-key as defined +in RFC7250. It means that there is no surrounding certificate that +holds the public key and that there is therefore no direct mechanism +to prove the authenticity of this key. The keypair can be used during +a TLS handshake but its authenticity should be established via a +different mechanism (e.g. TOFU or known fingerprint). + +The supported formats are basic unencrypted key, PKCS8, PKCS12, +and the openssl format and will be autodetected. + +If the raw public-key and the private key are given in PEM encoding +then the strings that hold their values must be null terminated. + +Key usage (as defined by X.509 extension (2.5.29.15)) can be explicitly +set because there is no certificate structure around the key to define +this value. See for more info @code{gnutls_x509_crt_get_key_usage()} . + +Note that, this function by default returns zero on success and a +negative value on error. Since 3.5.6, when the flag @code{GNUTLS_CERTIFICATE_API_V2} +is set using @code{gnutls_certificate_set_flags()} it returns an index +(greater or equal to zero). That index can be used in other functions +to refer to the added key-pair. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, in case the +key pair does not match @code{GNUTLS_E_CERTIFICATE_KEY_MISMATCH} is returned, +in other erroneous cases a different negative error code is returned. + +@strong{Since:} 3.6.6 +@end deftypefun + +@subheading gnutls_certificate_set_rawpk_key_mem +@anchor{gnutls_certificate_set_rawpk_key_mem} +@deftypefun {int} {gnutls_certificate_set_rawpk_key_mem} (gnutls_certificate_credentials_t @var{cred}, const gnutls_datum_t* @var{spki}, const gnutls_datum_t* @var{pkey}, gnutls_x509_crt_fmt_t @var{format}, const char* @var{pass}, unsigned int @var{key_usage}, const char ** @var{names}, unsigned int @var{names_length}, unsigned int @var{flags}) +@var{cred}: is a @code{gnutls_certificate_credentials_t} type. + +@var{spki}: contains a raw public key in +PKIX.SubjectPublicKeyInfo format. + +@var{pkey}: contains a raw private key. + +@var{format}: encoding of the keys. DER or PEM. + +@var{pass}: an optional password to unlock the private key pkey. + +@var{key_usage}: An ORed sequence of @code{GNUTLS_KEY_} * flags. + +@var{names}: is an array of DNS names belonging to the public-key (NULL if none). + +@var{names_length}: holds the length of the names list. + +@var{flags}: an ORed sequence of @code{gnutls_pkcs_encrypt_flags_t} . +These apply to the private key pkey. + +This function sets a public/private keypair in the +@code{gnutls_certificate_credentials_t} type to be used for authentication +and/or encryption. @code{spki} and @code{privkey} should match otherwise set +signatures cannot be validated. In case of no match this function +returns @code{GNUTLS_E_CERTIFICATE_KEY_MISMATCH} . This function should +be called once for the client because there is currently no mechanism +to determine which raw public-key to select for the peer when there +are multiple present. Multiple raw public keys for the server can be +distinghuished by setting the @code{names} . + +Note here that @code{spki} is a raw public-key as defined +in RFC7250. It means that there is no surrounding certificate that +holds the public key and that there is therefore no direct mechanism +to prove the authenticity of this key. The keypair can be used during +a TLS handshake but its authenticity should be established via a +different mechanism (e.g. TOFU or known fingerprint). + +The supported formats are basic unencrypted key, PKCS8, PKCS12, +and the openssl format and will be autodetected. + +If the raw public-key and the private key are given in PEM encoding +then the strings that hold their values must be null terminated. + +Key usage (as defined by X.509 extension (2.5.29.15)) can be explicitly +set because there is no certificate structure around the key to define +this value. See for more info @code{gnutls_x509_crt_get_key_usage()} . + +Note that, this function by default returns zero on success and a +negative value on error. Since 3.5.6, when the flag @code{GNUTLS_CERTIFICATE_API_V2} +is set using @code{gnutls_certificate_set_flags()} it returns an index +(greater or equal to zero). That index can be used in other functions +to refer to the added key-pair. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, in case the +key pair does not match @code{GNUTLS_E_CERTIFICATE_KEY_MISMATCH} is returned, +in other erroneous cases a different negative error code is returned. + +@strong{Since:} 3.6.6 +@end deftypefun + +@subheading gnutls_certificate_set_retrieve_function +@anchor{gnutls_certificate_set_retrieve_function} +@deftypefun {void} {gnutls_certificate_set_retrieve_function} (gnutls_certificate_credentials_t @var{cred}, gnutls_certificate_retrieve_function * @var{func}) +@var{cred}: is a @code{gnutls_certificate_credentials_t} type. + +@var{func}: is the callback function + +This function sets a callback to be called in order to retrieve the +certificate to be used in the handshake. The callback will take control +only if a certificate is requested by the peer. You are advised +to use @code{gnutls_certificate_set_retrieve_function2()} because it +is much more efficient in the processing it requires from gnutls. + +The callback's function prototype is: +int (*callback)(gnutls_session_t, const gnutls_datum_t* req_ca_dn, int nreqs, +const gnutls_pk_algorithm_t* pk_algos, int pk_algos_length, gnutls_retr2_st* st); + + @code{req_ca_dn} is only used in X.509 certificates. +Contains a list with the CA names that the server considers trusted. +This is a hint and typically the client should send a certificate that is signed +by one of these CAs. These names, when available, are DER encoded. To get a more +meaningful value use the function @code{gnutls_x509_rdn_get()} . + + @code{pk_algos} contains a list with server's acceptable public key algorithms. +The certificate returned should support the server's given algorithms. + + @code{st} should contain the certificates and private keys. + +If the callback function is provided then gnutls will call it, in the +handshake, after the certificate request message has been received. + +In server side pk_algos and req_ca_dn are NULL. + +The callback function should set the certificate list to be sent, +and return 0 on success. If no certificate was selected then the +number of certificates should be set to zero. The value (-1) +indicates error and the handshake will be terminated. If both certificates +are set in the credentials and a callback is available, the callback +takes predence. + +@strong{Since:} 3.0 +@end deftypefun + +@subheading gnutls_certificate_set_verify_flags +@anchor{gnutls_certificate_set_verify_flags} +@deftypefun {void} {gnutls_certificate_set_verify_flags} (gnutls_certificate_credentials_t @var{res}, unsigned int @var{flags}) +@var{res}: is a gnutls_certificate_credentials_t type + +@var{flags}: are the flags + +This function will set the flags to be used for verification +of certificates and override any defaults. The provided flags must be an OR of the +@code{gnutls_certificate_verify_flags} enumerations. +@end deftypefun + +@subheading gnutls_certificate_set_verify_function +@anchor{gnutls_certificate_set_verify_function} +@deftypefun {void} {gnutls_certificate_set_verify_function} (gnutls_certificate_credentials_t @var{cred}, gnutls_certificate_verify_function * @var{func}) +@var{cred}: is a @code{gnutls_certificate_credentials_t} type. + +@var{func}: is the callback function + +This function sets a callback to be called when peer's certificate +has been received in order to verify it on receipt rather than +doing after the handshake is completed. + +The callback's function prototype is: +int (*callback)(gnutls_session_t); + +If the callback function is provided then gnutls will call it, in the +handshake, just after the certificate message has been received. +To verify or obtain the certificate the @code{gnutls_certificate_verify_peers2()} , +@code{gnutls_certificate_type_get()} , @code{gnutls_certificate_get_peers()} functions +can be used. + +The callback function should return 0 for the handshake to continue +or non-zero to terminate. + +@strong{Since:} 2.10.0 +@end deftypefun + +@subheading gnutls_certificate_set_verify_limits +@anchor{gnutls_certificate_set_verify_limits} +@deftypefun {void} {gnutls_certificate_set_verify_limits} (gnutls_certificate_credentials_t @var{res}, unsigned int @var{max_bits}, unsigned int @var{max_depth}) +@var{res}: is a gnutls_certificate_credentials type + +@var{max_bits}: is the number of bits of an acceptable certificate (default 8200) + +@var{max_depth}: is maximum depth of the verification of a certificate chain (default 5) + +This function will set some upper limits for the default +verification function, @code{gnutls_certificate_verify_peers2()} , to avoid +denial of service attacks. You can set them to zero to disable +limits. +@end deftypefun + +@subheading gnutls_certificate_set_x509_crl +@anchor{gnutls_certificate_set_x509_crl} +@deftypefun {int} {gnutls_certificate_set_x509_crl} (gnutls_certificate_credentials_t @var{res}, gnutls_x509_crl_t * @var{crl_list}, int @var{crl_list_size}) +@var{res}: is a @code{gnutls_certificate_credentials_t} type. + +@var{crl_list}: is a list of trusted CRLs. They should have been verified before. + +@var{crl_list_size}: holds the size of the crl_list + +This function adds the trusted CRLs in order to verify client or +server certificates. In case of a client this is not required to +be called if the certificates are not verified using +@code{gnutls_certificate_verify_peers2()} . This function may be called +multiple times. + +@strong{Returns:} number of CRLs processed, or a negative error code on error. + +@strong{Since:} 2.4.0 +@end deftypefun + +@subheading gnutls_certificate_set_x509_crl_file +@anchor{gnutls_certificate_set_x509_crl_file} +@deftypefun {int} {gnutls_certificate_set_x509_crl_file} (gnutls_certificate_credentials_t @var{res}, const char * @var{crlfile}, gnutls_x509_crt_fmt_t @var{type}) +@var{res}: is a @code{gnutls_certificate_credentials_t} type. + +@var{crlfile}: is a file containing the list of verified CRLs (DER or PEM list) + +@var{type}: is PEM or DER + +This function adds the trusted CRLs in order to verify client or server +certificates. In case of a client this is not required +to be called if the certificates are not verified using +@code{gnutls_certificate_verify_peers2()} . +This function may be called multiple times. + +@strong{Returns:} number of CRLs processed or a negative error code on error. +@end deftypefun + +@subheading gnutls_certificate_set_x509_crl_mem +@anchor{gnutls_certificate_set_x509_crl_mem} +@deftypefun {int} {gnutls_certificate_set_x509_crl_mem} (gnutls_certificate_credentials_t @var{res}, const gnutls_datum_t * @var{CRL}, gnutls_x509_crt_fmt_t @var{type}) +@var{res}: is a @code{gnutls_certificate_credentials_t} type. + +@var{CRL}: is a list of trusted CRLs. They should have been verified before. + +@var{type}: is DER or PEM + +This function adds the trusted CRLs in order to verify client or +server certificates. In case of a client this is not required to +be called if the certificates are not verified using +@code{gnutls_certificate_verify_peers2()} . This function may be called +multiple times. + +@strong{Returns:} number of CRLs processed, or a negative error code on error. +@end deftypefun + +@subheading gnutls_certificate_set_x509_key +@anchor{gnutls_certificate_set_x509_key} +@deftypefun {int} {gnutls_certificate_set_x509_key} (gnutls_certificate_credentials_t @var{res}, gnutls_x509_crt_t * @var{cert_list}, int @var{cert_list_size}, gnutls_x509_privkey_t @var{key}) +@var{res}: is a @code{gnutls_certificate_credentials_t} type. + +@var{cert_list}: contains a certificate list (path) for the specified private key + +@var{cert_list_size}: holds the size of the certificate list + +@var{key}: is a @code{gnutls_x509_privkey_t} key + +This function sets a certificate/private key pair in the +gnutls_certificate_credentials_t type. This function may be +called more than once, in case multiple keys/certificates exist for +the server. For clients that wants to send more than their own end +entity certificate (e.g., also an intermediate CA cert) then put +the certificate chain in @code{cert_list} . + +Note that the certificates and keys provided, can be safely deinitialized +after this function is called. + +If that function fails to load the @code{res} type is at an undefined state, it must +not be reused to load other keys or certificates. + +Note that, this function by default returns zero on success and a negative value on error. +Since 3.5.6, when the flag @code{GNUTLS_CERTIFICATE_API_V2} is set using @code{gnutls_certificate_set_flags()} +it returns an index (greater or equal to zero). That index can be used to other functions to refer to the added key-pair. + +@strong{Returns:} On success this functions returns zero, and otherwise a negative value on error (see above for modifying that behavior). + +@strong{Since:} 2.4.0 +@end deftypefun + +@subheading gnutls_certificate_set_x509_key_file +@anchor{gnutls_certificate_set_x509_key_file} +@deftypefun {int} {gnutls_certificate_set_x509_key_file} (gnutls_certificate_credentials_t @var{res}, const char * @var{certfile}, const char * @var{keyfile}, gnutls_x509_crt_fmt_t @var{type}) +@var{res}: is a @code{gnutls_certificate_credentials_t} type. + +@var{certfile}: is a file that containing the certificate list (path) for +the specified private key, in PKCS7 format, or a list of certificates + +@var{keyfile}: is a file that contains the private key + +@var{type}: is PEM or DER + +This function sets a certificate/private key pair in the +gnutls_certificate_credentials_t type. This function may be +called more than once, in case multiple keys/certificates exist for +the server. For clients that need to send more than its own end +entity certificate, e.g., also an intermediate CA cert, then the + @code{certfile} must contain the ordered certificate chain. + +Note that the names in the certificate provided will be considered +when selecting the appropriate certificate to use (in case of multiple +certificate/key pairs). + +This function can also accept URLs at @code{keyfile} and @code{certfile} . In that case it +will use the private key and certificate indicated by the URLs. Note +that the supported URLs are the ones indicated by @code{gnutls_url_is_supported()} . + +In case the @code{certfile} is provided as a PKCS @code{11} URL, then the certificate, and its +present issuers in the token are imported (i.e., forming the required trust chain). + +If that function fails to load the @code{res} structure is at an undefined state, it must +not be reused to load other keys or certificates. + +Note that, this function by default returns zero on success and a negative value on error. +Since 3.5.6, when the flag @code{GNUTLS_CERTIFICATE_API_V2} is set using @code{gnutls_certificate_set_flags()} +it returns an index (greater or equal to zero). That index can be used to other functions to refer to the added key-pair. + +@strong{Returns:} On success this functions returns zero, and otherwise a negative value on error (see above for modifying that behavior). + +@strong{Since:} 3.1.11 +@end deftypefun + +@subheading gnutls_certificate_set_x509_key_file2 +@anchor{gnutls_certificate_set_x509_key_file2} +@deftypefun {int} {gnutls_certificate_set_x509_key_file2} (gnutls_certificate_credentials_t @var{res}, const char * @var{certfile}, const char * @var{keyfile}, gnutls_x509_crt_fmt_t @var{type}, const char * @var{pass}, unsigned int @var{flags}) +@var{res}: is a @code{gnutls_certificate_credentials_t} type. + +@var{certfile}: is a file that containing the certificate list (path) for +the specified private key, in PKCS7 format, or a list of certificates + +@var{keyfile}: is a file that contains the private key + +@var{type}: is PEM or DER + +@var{pass}: is the password of the key + +@var{flags}: an ORed sequence of gnutls_pkcs_encrypt_flags_t + +This function sets a certificate/private key pair in the +gnutls_certificate_credentials_t type. This function may be +called more than once, in case multiple keys/certificates exist for +the server. For clients that need to send more than its own end +entity certificate, e.g., also an intermediate CA cert, then the + @code{certfile} must contain the ordered certificate chain. + +Note that the names in the certificate provided will be considered +when selecting the appropriate certificate to use (in case of multiple +certificate/key pairs). + +This function can also accept URLs at @code{keyfile} and @code{certfile} . In that case it +will use the private key and certificate indicated by the URLs. Note +that the supported URLs are the ones indicated by @code{gnutls_url_is_supported()} . +Before GnuTLS 3.4.0 when a URL was specified, the @code{pass} part was ignored and a +PIN callback had to be registered, this is no longer the case in current releases. + +In case the @code{certfile} is provided as a PKCS @code{11} URL, then the certificate, and its +present issuers in the token are imported (i.e., forming the required trust chain). + +If that function fails to load the @code{res} structure is at an undefined state, it must +not be reused to load other keys or certificates. + +Note that, this function by default returns zero on success and a negative value on error. +Since 3.5.6, when the flag @code{GNUTLS_CERTIFICATE_API_V2} is set using @code{gnutls_certificate_set_flags()} +it returns an index (greater or equal to zero). That index can be used to other functions to refer to the added key-pair. + +@strong{Returns:} On success this functions returns zero, and otherwise a negative value on error (see above for modifying that behavior). +@end deftypefun + +@subheading gnutls_certificate_set_x509_key_mem +@anchor{gnutls_certificate_set_x509_key_mem} +@deftypefun {int} {gnutls_certificate_set_x509_key_mem} (gnutls_certificate_credentials_t @var{res}, const gnutls_datum_t * @var{cert}, const gnutls_datum_t * @var{key}, gnutls_x509_crt_fmt_t @var{type}) +@var{res}: is a @code{gnutls_certificate_credentials_t} type. + +@var{cert}: contains a certificate list (path) for the specified private key + +@var{key}: is the private key, or @code{NULL} + +@var{type}: is PEM or DER + +This function sets a certificate/private key pair in the +gnutls_certificate_credentials_t type. This function may be called +more than once, in case multiple keys/certificates exist for the +server. + +Note that the keyUsage (2.5.29.15) PKIX extension in X.509 certificates +is supported. This means that certificates intended for signing cannot +be used for ciphersuites that require encryption. + +If the certificate and the private key are given in PEM encoding +then the strings that hold their values must be null terminated. + +The @code{key} may be @code{NULL} if you are using a sign callback, see +@code{gnutls_sign_callback_set()} . + +Note that, this function by default returns zero on success and a negative value on error. +Since 3.5.6, when the flag @code{GNUTLS_CERTIFICATE_API_V2} is set using @code{gnutls_certificate_set_flags()} +it returns an index (greater or equal to zero). That index can be used to other functions to refer to the added key-pair. + +@strong{Returns:} On success this functions returns zero, and otherwise a negative value on error (see above for modifying that behavior). +@end deftypefun + +@subheading gnutls_certificate_set_x509_key_mem2 +@anchor{gnutls_certificate_set_x509_key_mem2} +@deftypefun {int} {gnutls_certificate_set_x509_key_mem2} (gnutls_certificate_credentials_t @var{res}, const gnutls_datum_t * @var{cert}, const gnutls_datum_t * @var{key}, gnutls_x509_crt_fmt_t @var{type}, const char * @var{pass}, unsigned int @var{flags}) +@var{res}: is a @code{gnutls_certificate_credentials_t} type. + +@var{cert}: contains a certificate list (path) for the specified private key + +@var{key}: is the private key, or @code{NULL} + +@var{type}: is PEM or DER + +@var{pass}: is the key's password + +@var{flags}: an ORed sequence of gnutls_pkcs_encrypt_flags_t + +This function sets a certificate/private key pair in the +gnutls_certificate_credentials_t type. This function may be called +more than once, in case multiple keys/certificates exist for the +server. + +Note that the keyUsage (2.5.29.15) PKIX extension in X.509 certificates +is supported. This means that certificates intended for signing cannot +be used for ciphersuites that require encryption. + +If the certificate and the private key are given in PEM encoding +then the strings that hold their values must be null terminated. + +The @code{key} may be @code{NULL} if you are using a sign callback, see +@code{gnutls_sign_callback_set()} . + +Note that, this function by default returns zero on success and a negative value on error. +Since 3.5.6, when the flag @code{GNUTLS_CERTIFICATE_API_V2} is set using @code{gnutls_certificate_set_flags()} +it returns an index (greater or equal to zero). That index can be used to other functions to refer to the added key-pair. + +@strong{Returns:} On success this functions returns zero, and otherwise a negative value on error (see above for modifying that behavior). +@end deftypefun + +@subheading gnutls_certificate_set_x509_simple_pkcs12_file +@anchor{gnutls_certificate_set_x509_simple_pkcs12_file} +@deftypefun {int} {gnutls_certificate_set_x509_simple_pkcs12_file} (gnutls_certificate_credentials_t @var{res}, const char * @var{pkcs12file}, gnutls_x509_crt_fmt_t @var{type}, const char * @var{password}) +@var{res}: is a @code{gnutls_certificate_credentials_t} type. + +@var{pkcs12file}: filename of file containing PKCS@code{12} blob. + +@var{type}: is PEM or DER of the @code{pkcs12file} . + +@var{password}: optional password used to decrypt PKCS@code{12} file, bags and keys. + +This function sets a certificate/private key pair and/or a CRL in +the gnutls_certificate_credentials_t type. This function may +be called more than once (in case multiple keys/certificates exist +for the server). + +PKCS@code{12} files with a MAC, encrypted bags and PKCS @code{8} +private keys are supported. However, +only password based security, and the same password for all +operations, are supported. + +PKCS@code{12} file may contain many keys and/or certificates, and this +function will try to auto-detect based on the key ID the certificate +and key pair to use. If the PKCS@code{12} file contain the issuer of +the selected certificate, it will be appended to the certificate +to form a chain. + +If more than one private keys are stored in the PKCS@code{12} file, +then only one key will be read (and it is undefined which one). + +It is believed that the limitations of this function is acceptable +for most usage, and that any more flexibility would introduce +complexity that would make it harder to use this functionality at +all. + +Note that, this function by default returns zero on success and a negative value on error. +Since 3.5.6, when the flag @code{GNUTLS_CERTIFICATE_API_V2} is set using @code{gnutls_certificate_set_flags()} +it returns an index (greater or equal to zero). That index can be used to other functions to refer to the added key-pair. + +@strong{Returns:} On success this functions returns zero, and otherwise a negative value on error (see above for modifying that behavior). +@end deftypefun + +@subheading gnutls_certificate_set_x509_simple_pkcs12_mem +@anchor{gnutls_certificate_set_x509_simple_pkcs12_mem} +@deftypefun {int} {gnutls_certificate_set_x509_simple_pkcs12_mem} (gnutls_certificate_credentials_t @var{res}, const gnutls_datum_t * @var{p12blob}, gnutls_x509_crt_fmt_t @var{type}, const char * @var{password}) +@var{res}: is a @code{gnutls_certificate_credentials_t} type. + +@var{p12blob}: the PKCS@code{12} blob. + +@var{type}: is PEM or DER of the @code{pkcs12file} . + +@var{password}: optional password used to decrypt PKCS@code{12} file, bags and keys. + +This function sets a certificate/private key pair and/or a CRL in +the gnutls_certificate_credentials_t type. This function may +be called more than once (in case multiple keys/certificates exist +for the server). + +Encrypted PKCS@code{12} bags and PKCS@code{8} private keys are supported. However, +only password based security, and the same password for all +operations, are supported. + +PKCS@code{12} file may contain many keys and/or certificates, and this +function will try to auto-detect based on the key ID the certificate +and key pair to use. If the PKCS@code{12} file contain the issuer of +the selected certificate, it will be appended to the certificate +to form a chain. + +If more than one private keys are stored in the PKCS@code{12} file, +then only one key will be read (and it is undefined which one). + +It is believed that the limitations of this function is acceptable +for most usage, and that any more flexibility would introduce +complexity that would make it harder to use this functionality at +all. + +Note that, this function by default returns zero on success and a negative value on error. +Since 3.5.6, when the flag @code{GNUTLS_CERTIFICATE_API_V2} is set using @code{gnutls_certificate_set_flags()} +it returns an index (greater or equal to zero). That index can be used to other functions to refer to the added key-pair. + +@strong{Returns:} On success this functions returns zero, and otherwise a negative value on error (see above for modifying that behavior). + +@strong{Since:} 2.8.0 +@end deftypefun + +@subheading gnutls_certificate_set_x509_system_trust +@anchor{gnutls_certificate_set_x509_system_trust} +@deftypefun {int} {gnutls_certificate_set_x509_system_trust} (gnutls_certificate_credentials_t @var{cred}) +@var{cred}: is a @code{gnutls_certificate_credentials_t} type. + +This function adds the system's default trusted CAs in order to +verify client or server certificates. + +In the case the system is currently unsupported @code{GNUTLS_E_UNIMPLEMENTED_FEATURE} +is returned. + +@strong{Returns:} the number of certificates processed or a negative error code +on error. + +@strong{Since:} 3.0.20 +@end deftypefun + +@subheading gnutls_certificate_set_x509_trust +@anchor{gnutls_certificate_set_x509_trust} +@deftypefun {int} {gnutls_certificate_set_x509_trust} (gnutls_certificate_credentials_t @var{res}, gnutls_x509_crt_t * @var{ca_list}, int @var{ca_list_size}) +@var{res}: is a @code{gnutls_certificate_credentials_t} type. + +@var{ca_list}: is a list of trusted CAs + +@var{ca_list_size}: holds the size of the CA list + +This function adds the trusted CAs in order to verify client +or server certificates. In case of a client this is not required +to be called if the certificates are not verified using +@code{gnutls_certificate_verify_peers2()} . +This function may be called multiple times. + +In case of a server the CAs set here will be sent to the client if +a certificate request is sent. This can be disabled using +@code{gnutls_certificate_send_x509_rdn_sequence()} . + +@strong{Returns:} the number of certificates processed or a negative error code +on error. + +@strong{Since:} 2.4.0 +@end deftypefun + +@subheading gnutls_certificate_set_x509_trust_dir +@anchor{gnutls_certificate_set_x509_trust_dir} +@deftypefun {int} {gnutls_certificate_set_x509_trust_dir} (gnutls_certificate_credentials_t @var{cred}, const char * @var{ca_dir}, gnutls_x509_crt_fmt_t @var{type}) +@var{cred}: is a @code{gnutls_certificate_credentials_t} type. + +@var{ca_dir}: is a directory containing the list of trusted CAs (DER or PEM list) + +@var{type}: is PEM or DER + +This function adds the trusted CAs present in the directory in order to +verify client or server certificates. This function is identical +to @code{gnutls_certificate_set_x509_trust_file()} but loads all certificates +in a directory. + +@strong{Returns:} the number of certificates processed + +@strong{Since:} 3.3.6 +@end deftypefun + +@subheading gnutls_certificate_set_x509_trust_file +@anchor{gnutls_certificate_set_x509_trust_file} +@deftypefun {int} {gnutls_certificate_set_x509_trust_file} (gnutls_certificate_credentials_t @var{cred}, const char * @var{cafile}, gnutls_x509_crt_fmt_t @var{type}) +@var{cred}: is a @code{gnutls_certificate_credentials_t} type. + +@var{cafile}: is a file containing the list of trusted CAs (DER or PEM list) + +@var{type}: is PEM or DER + +This function adds the trusted CAs in order to verify client or +server certificates. In case of a client this is not required to +be called if the certificates are not verified using +@code{gnutls_certificate_verify_peers2()} . This function may be called +multiple times. + +In case of a server the names of the CAs set here will be sent to +the client if a certificate request is sent. This can be disabled +using @code{gnutls_certificate_send_x509_rdn_sequence()} . + +This function can also accept URLs. In that case it +will import all certificates that are marked as trusted. Note +that the supported URLs are the ones indicated by @code{gnutls_url_is_supported()} . + +@strong{Returns:} the number of certificates processed +@end deftypefun + +@subheading gnutls_certificate_set_x509_trust_mem +@anchor{gnutls_certificate_set_x509_trust_mem} +@deftypefun {int} {gnutls_certificate_set_x509_trust_mem} (gnutls_certificate_credentials_t @var{res}, const gnutls_datum_t * @var{ca}, gnutls_x509_crt_fmt_t @var{type}) +@var{res}: is a @code{gnutls_certificate_credentials_t} type. + +@var{ca}: is a list of trusted CAs or a DER certificate + +@var{type}: is DER or PEM + +This function adds the trusted CAs in order to verify client or +server certificates. In case of a client this is not required to be +called if the certificates are not verified using +@code{gnutls_certificate_verify_peers2()} . This function may be called +multiple times. + +In case of a server the CAs set here will be sent to the client if +a certificate request is sent. This can be disabled using +@code{gnutls_certificate_send_x509_rdn_sequence()} . + +@strong{Returns:} the number of certificates processed or a negative error code +on error. +@end deftypefun + +@subheading gnutls_certificate_type_get +@anchor{gnutls_certificate_type_get} +@deftypefun {gnutls_certificate_type_t} {gnutls_certificate_type_get} (gnutls_session_t @var{session}) +@var{session}: is a @code{gnutls_session_t} type. + +This function returns the type of the certificate that is negotiated +for this side to send to the peer. The certificate type is by default +X.509, unless an alternative certificate type is enabled by +@code{gnutls_init()} and negotiated during the session. + +Resumed sessions will return the certificate type that was negotiated +and used in the original session. + +As of version 3.6.4 it is recommended to use +@code{gnutls_certificate_type_get2()} which is more fine-grained. + +@strong{Returns:} the currently used @code{gnutls_certificate_type_t} certificate +type as negotiated for 'our' side of the connection. +@end deftypefun + +@subheading gnutls_certificate_type_get2 +@anchor{gnutls_certificate_type_get2} +@deftypefun {gnutls_certificate_type_t} {gnutls_certificate_type_get2} (gnutls_session_t @var{session}, gnutls_ctype_target_t @var{target}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{target}: is a @code{gnutls_ctype_target_t} type. + +This function returns the type of the certificate that a side +is negotiated to use. The certificate type is by default X.509, +unless an alternative certificate type is enabled by @code{gnutls_init()} and +negotiated during the session. + +The @code{target} parameter specifies whether to request the negotiated +certificate type for the client (@code{GNUTLS_CTYPE_CLIENT} ), +or for the server (@code{GNUTLS_CTYPE_SERVER} ). Additionally, in P2P mode +connection set up where you don't know in advance who will be client +and who will be server you can use the flag (@code{GNUTLS_CTYPE_OURS} ) and +(@code{GNUTLS_CTYPE_PEERS} ) to retrieve the corresponding certificate types. + +Resumed sessions will return the certificate type that was negotiated +and used in the original session. That is, this function can be used +to reliably determine the type of the certificate returned by +@code{gnutls_certificate_get_peers()} . + +@strong{Returns:} the currently used @code{gnutls_certificate_type_t} certificate +type for the client or the server. + +@strong{Since:} 3.6.4 +@end deftypefun + +@subheading gnutls_certificate_type_get_id +@anchor{gnutls_certificate_type_get_id} +@deftypefun {gnutls_certificate_type_t} {gnutls_certificate_type_get_id} (const char * @var{name}) +@var{name}: is a certificate type name + +The names are compared in a case insensitive way. + +@strong{Returns:} a @code{gnutls_certificate_type_t} for the specified in a +string certificate type, or @code{GNUTLS_CRT_UNKNOWN} on error. +@end deftypefun + +@subheading gnutls_certificate_type_get_name +@anchor{gnutls_certificate_type_get_name} +@deftypefun {const char *} {gnutls_certificate_type_get_name} (gnutls_certificate_type_t @var{type}) +@var{type}: is a certificate type + +Convert a @code{gnutls_certificate_type_t} type to a string. + +@strong{Returns:} a string that contains the name of the specified +certificate type, or @code{NULL} in case of unknown types. +@end deftypefun + +@subheading gnutls_certificate_type_list +@anchor{gnutls_certificate_type_list} +@deftypefun {const gnutls_certificate_type_t *} {gnutls_certificate_type_list} ( @var{void}) + +Get a list of certificate types. + +@strong{Returns:} a (0)-terminated list of @code{gnutls_certificate_type_t} +integers indicating the available certificate types. +@end deftypefun + +@subheading gnutls_certificate_verification_status_print +@anchor{gnutls_certificate_verification_status_print} +@deftypefun {int} {gnutls_certificate_verification_status_print} (unsigned int @var{status}, gnutls_certificate_type_t @var{type}, gnutls_datum_t * @var{out}, unsigned int @var{flags}) +@var{status}: The status flags to be printed + +@var{type}: The certificate type + +@var{out}: Newly allocated datum with (0) terminated string. + +@var{flags}: should be zero + +This function will pretty print the status of a verification +process -- eg. the one obtained by @code{gnutls_certificate_verify_peers3()} . + +The output @code{out} needs to be deallocated using @code{gnutls_free()} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.1.4 +@end deftypefun + +@subheading gnutls_certificate_verify_peers +@anchor{gnutls_certificate_verify_peers} +@deftypefun {int} {gnutls_certificate_verify_peers} (gnutls_session_t @var{session}, gnutls_typed_vdata_st * @var{data}, unsigned int @var{elements}, unsigned int * @var{status}) +@var{session}: is a gnutls session + +@var{data}: an array of typed data + +@var{elements}: the number of data elements + +@var{status}: is the output of the verification + +This function will verify the peer's certificate and store the +the status in the @code{status} variable as a bitwise OR of gnutls_certificate_status_t +values or zero if the certificate is trusted. Note that value in @code{status} is set only when the return value of this function is success (i.e, failure +to trust a certificate does not imply a negative return value). +The default verification flags used by this function can be overridden +using @code{gnutls_certificate_set_verify_flags()} . See the documentation +of @code{gnutls_certificate_verify_peers2()} for details in the verification process. + +This function will take into account the stapled OCSP responses sent by the server, +as well as the following X.509 certificate extensions: Name Constraints, +Key Usage, and Basic Constraints (pathlen). + +The acceptable @code{data} types are @code{GNUTLS_DT_DNS_HOSTNAME} , @code{GNUTLS_DT_RFC822NAME} and @code{GNUTLS_DT_KEY_PURPOSE_OID} . +The former two accept as data a null-terminated hostname or email address, and the latter a null-terminated +object identifier (e.g., @code{GNUTLS_KP_TLS_WWW_SERVER} ). + +If a DNS hostname is provided then this function will compare +the hostname in the certificate against the given. If names do not match the +@code{GNUTLS_CERT_UNEXPECTED_OWNER} status flag will be set. +If a key purpose OID is provided and the end-certificate contains the extended key +usage PKIX extension, it will be required to be have the provided key purpose +or be marked for any purpose, otherwise verification status will have the +@code{GNUTLS_CERT_SIGNER_CONSTRAINTS_FAILURE} flag set. + +To avoid denial of service attacks some +default upper limits regarding the certificate key size and chain +size are set. To override them use @code{gnutls_certificate_set_verify_limits()} . + +Note that when using raw public-keys verification will not work because there is +no corresponding certificate body belonging to the raw key that can be verified. In that +case this function will return @code{GNUTLS_E_INVALID_REQUEST} . + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} (0) when the validation is performed, or a negative error code otherwise. +A successful error code means that the @code{status} parameter must be checked to obtain the validation status. + +@strong{Since:} 3.3.0 +@end deftypefun + +@subheading gnutls_certificate_verify_peers2 +@anchor{gnutls_certificate_verify_peers2} +@deftypefun {int} {gnutls_certificate_verify_peers2} (gnutls_session_t @var{session}, unsigned int * @var{status}) +@var{session}: is a gnutls session + +@var{status}: is the output of the verification + +This function will verify the peer's certificate and store +the status in the @code{status} variable as a bitwise OR of gnutls_certificate_status_t +values or zero if the certificate is trusted. Note that value in @code{status} is set only when the return value of this function is success (i.e, failure +to trust a certificate does not imply a negative return value). +The default verification flags used by this function can be overridden +using @code{gnutls_certificate_set_verify_flags()} . + +This function will take into account the stapled OCSP responses sent by the server, +as well as the following X.509 certificate extensions: Name Constraints, +Key Usage, and Basic Constraints (pathlen). + +Note that you must also check the peer's name in order to check if +the verified certificate belongs to the actual peer, see @code{gnutls_x509_crt_check_hostname()} , +or use @code{gnutls_certificate_verify_peers3()} . + +To avoid denial of service attacks some +default upper limits regarding the certificate key size and chain +size are set. To override them use @code{gnutls_certificate_set_verify_limits()} . + +Note that when using raw public-keys verification will not work because there is +no corresponding certificate body belonging to the raw key that can be verified. In that +case this function will return @code{GNUTLS_E_INVALID_REQUEST} . + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} (0) when the validation is performed, or a negative error code otherwise. +A successful error code means that the @code{status} parameter must be checked to obtain the validation status. +@end deftypefun + +@subheading gnutls_certificate_verify_peers3 +@anchor{gnutls_certificate_verify_peers3} +@deftypefun {int} {gnutls_certificate_verify_peers3} (gnutls_session_t @var{session}, const char * @var{hostname}, unsigned int * @var{status}) +@var{session}: is a gnutls session + +@var{hostname}: is the expected name of the peer; may be @code{NULL} + +@var{status}: is the output of the verification + +This function will verify the peer's certificate and store the +the status in the @code{status} variable as a bitwise OR of gnutls_certificate_status_t +values or zero if the certificate is trusted. Note that value in @code{status} is set only when the return value of this function is success (i.e, failure +to trust a certificate does not imply a negative return value). +The default verification flags used by this function can be overridden +using @code{gnutls_certificate_set_verify_flags()} . See the documentation +of @code{gnutls_certificate_verify_peers2()} for details in the verification process. + +This function will take into account the stapled OCSP responses sent by the server, +as well as the following X.509 certificate extensions: Name Constraints, +Key Usage, and Basic Constraints (pathlen). + +If the @code{hostname} provided is non-NULL then this function will compare +the hostname in the certificate against it. The comparison will follow +the RFC6125 recommendations. If names do not match the +@code{GNUTLS_CERT_UNEXPECTED_OWNER} status flag will be set. + +In order to verify the purpose of the end-certificate (by checking the extended +key usage), use @code{gnutls_certificate_verify_peers()} . + +To avoid denial of service attacks some +default upper limits regarding the certificate key size and chain +size are set. To override them use @code{gnutls_certificate_set_verify_limits()} . + +Note that when using raw public-keys verification will not work because there is +no corresponding certificate body belonging to the raw key that can be verified. In that +case this function will return @code{GNUTLS_E_INVALID_REQUEST} . + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} (0) when the validation is performed, or a negative error code otherwise. +A successful error code means that the @code{status} parameter must be checked to obtain the validation status. + +@strong{Since:} 3.1.4 +@end deftypefun + +@subheading gnutls_check_version +@anchor{gnutls_check_version} +@deftypefun {const char *} {gnutls_check_version} (const char * @var{req_version}) +@var{req_version}: version string to compare with, or @code{NULL} . + +Check the GnuTLS Library version against the provided string. +See @code{GNUTLS_VERSION} for a suitable @code{req_version} string. + +See also @code{gnutls_check_version_numeric()} , which provides this +functionality as a macro. + +@strong{Returns:} Check that the version of the library is at +minimum the one given as a string in @code{req_version} and return the +actual version string of the library; return @code{NULL} if the +condition is not met. If @code{NULL} is passed to this function no +check is done and only the version string is returned. +@end deftypefun + +@subheading gnutls_cipher_get +@anchor{gnutls_cipher_get} +@deftypefun {gnutls_cipher_algorithm_t} {gnutls_cipher_get} (gnutls_session_t @var{session}) +@var{session}: is a @code{gnutls_session_t} type. + +Get the currently used cipher. + +@strong{Returns:} the currently used cipher, a @code{gnutls_cipher_algorithm_t} +type. +@end deftypefun + +@subheading gnutls_cipher_get_id +@anchor{gnutls_cipher_get_id} +@deftypefun {gnutls_cipher_algorithm_t} {gnutls_cipher_get_id} (const char * @var{name}) +@var{name}: is a cipher algorithm name + +The names are compared in a case insensitive way. + +@strong{Returns:} return a @code{gnutls_cipher_algorithm_t} value corresponding to +the specified cipher, or @code{GNUTLS_CIPHER_UNKNOWN} on error. +@end deftypefun + +@subheading gnutls_cipher_get_key_size +@anchor{gnutls_cipher_get_key_size} +@deftypefun {size_t} {gnutls_cipher_get_key_size} (gnutls_cipher_algorithm_t @var{algorithm}) +@var{algorithm}: is an encryption algorithm + +This function returns the key size of the provided algorithm. + +@strong{Returns:} length (in bytes) of the given cipher's key size, or 0 if +the given cipher is invalid. +@end deftypefun + +@subheading gnutls_cipher_get_name +@anchor{gnutls_cipher_get_name} +@deftypefun {const char *} {gnutls_cipher_get_name} (gnutls_cipher_algorithm_t @var{algorithm}) +@var{algorithm}: is an encryption algorithm + +Convert a @code{gnutls_cipher_algorithm_t} type to a string. + +@strong{Returns:} a pointer to a string that contains the name of the +specified cipher, or @code{NULL} . +@end deftypefun + +@subheading gnutls_cipher_list +@anchor{gnutls_cipher_list} +@deftypefun {const gnutls_cipher_algorithm_t *} {gnutls_cipher_list} ( @var{void}) + +Get a list of supported cipher algorithms. Note that not +necessarily all ciphers are supported as TLS cipher suites. For +example, DES is not supported as a cipher suite, but is supported +for other purposes (e.g., PKCS@code{8} or similar). + +This function is not thread safe. + +@strong{Returns:} a (0)-terminated list of @code{gnutls_cipher_algorithm_t} +integers indicating the available ciphers. +@end deftypefun + +@subheading gnutls_cipher_suite_get_name +@anchor{gnutls_cipher_suite_get_name} +@deftypefun {const char *} {gnutls_cipher_suite_get_name} (gnutls_kx_algorithm_t @var{kx_algorithm}, gnutls_cipher_algorithm_t @var{cipher_algorithm}, gnutls_mac_algorithm_t @var{mac_algorithm}) +@var{kx_algorithm}: is a Key exchange algorithm + +@var{cipher_algorithm}: is a cipher algorithm + +@var{mac_algorithm}: is a MAC algorithm + +This function returns the ciphersuite name under TLS1.2 or earlier +versions when provided with individual algorithms. The full cipher suite +name must be prepended by TLS or SSL depending of the protocol in use. + +To get a description of the current ciphersuite across versions, it +is recommended to use @code{gnutls_session_get_desc()} . + +@strong{Returns:} a string that contains the name of a TLS cipher suite, +specified by the given algorithms, or @code{NULL} . +@end deftypefun + +@subheading gnutls_cipher_suite_info +@anchor{gnutls_cipher_suite_info} +@deftypefun {const char *} {gnutls_cipher_suite_info} (size_t @var{idx}, unsigned char * @var{cs_id}, gnutls_kx_algorithm_t * @var{kx}, gnutls_cipher_algorithm_t * @var{cipher}, gnutls_mac_algorithm_t * @var{mac}, gnutls_protocol_t * @var{min_version}) +@var{idx}: index of cipher suite to get information about, starts on 0. + +@var{cs_id}: output buffer with room for 2 bytes, indicating cipher suite value + +@var{kx}: output variable indicating key exchange algorithm, or @code{NULL} . + +@var{cipher}: output variable indicating cipher, or @code{NULL} . + +@var{mac}: output variable indicating MAC algorithm, or @code{NULL} . + +@var{min_version}: output variable indicating TLS protocol version, or @code{NULL} . + +Get information about supported cipher suites. Use the function +iteratively to get information about all supported cipher suites. +Call with idx=0 to get information about first cipher suite, then +idx=1 and so on until the function returns NULL. + +@strong{Returns:} the name of @code{idx} cipher suite, and set the information +about the cipher suite in the output variables. If @code{idx} is out of +bounds, @code{NULL} is returned. +@end deftypefun + +@subheading gnutls_credentials_clear +@anchor{gnutls_credentials_clear} +@deftypefun {void} {gnutls_credentials_clear} (gnutls_session_t @var{session}) +@var{session}: is a @code{gnutls_session_t} type. + +Clears all the credentials previously set in this session. +@end deftypefun + +@subheading gnutls_credentials_get +@anchor{gnutls_credentials_get} +@deftypefun {int} {gnutls_credentials_get} (gnutls_session_t @var{session}, gnutls_credentials_type_t @var{type}, void ** @var{cred}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{type}: is the type of the credentials to return + +@var{cred}: will contain the credentials. + +Returns the previously provided credentials structures. + +For @code{GNUTLS_CRD_ANON} , @code{cred} will be +@code{gnutls_anon_client_credentials_t} in case of a client. In case of +a server it should be @code{gnutls_anon_server_credentials_t} . + +For @code{GNUTLS_CRD_SRP} , @code{cred} will be @code{gnutls_srp_client_credentials_t} +in case of a client, and @code{gnutls_srp_server_credentials_t} , in case +of a server. + +For @code{GNUTLS_CRD_CERTIFICATE} , @code{cred} will be +@code{gnutls_certificate_credentials_t} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, +otherwise a negative error code is returned. + +@strong{Since:} 3.3.3 +@end deftypefun + +@subheading gnutls_credentials_set +@anchor{gnutls_credentials_set} +@deftypefun {int} {gnutls_credentials_set} (gnutls_session_t @var{session}, gnutls_credentials_type_t @var{type}, void * @var{cred}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{type}: is the type of the credentials + +@var{cred}: the credentials to set + +Sets the needed credentials for the specified type. E.g. username, +password - or public and private keys etc. The @code{cred} parameter is +a structure that depends on the specified type and on the current +session (client or server). + +In order to minimize memory usage, and share credentials between +several threads gnutls keeps a pointer to cred, and not the whole +cred structure. Thus you will have to keep the structure allocated +until you call @code{gnutls_deinit()} . + +For @code{GNUTLS_CRD_ANON} , @code{cred} should be +@code{gnutls_anon_client_credentials_t} in case of a client. In case of +a server it should be @code{gnutls_anon_server_credentials_t} . + +For @code{GNUTLS_CRD_SRP} , @code{cred} should be @code{gnutls_srp_client_credentials_t} +in case of a client, and @code{gnutls_srp_server_credentials_t} , in case +of a server. + +For @code{GNUTLS_CRD_CERTIFICATE} , @code{cred} should be +@code{gnutls_certificate_credentials_t} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, +otherwise a negative error code is returned. +@end deftypefun + +@subheading gnutls_db_check_entry +@anchor{gnutls_db_check_entry} +@deftypefun {int} {gnutls_db_check_entry} (gnutls_session_t @var{session}, gnutls_datum_t @var{session_entry}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{session_entry}: is the session data (not key) + +This function has no effect. + +@strong{Returns:} Returns @code{GNUTLS_E_EXPIRED} , if the database entry has +expired or 0 otherwise. + +@strong{Deprecated:} This function is deprecated. +@end deftypefun + +@subheading gnutls_db_check_entry_expire_time +@anchor{gnutls_db_check_entry_expire_time} +@deftypefun {time_t} {gnutls_db_check_entry_expire_time} (gnutls_datum_t * @var{entry}) +@var{entry}: is a pointer to a @code{gnutls_datum_t} type. + +This function returns the time that this entry will expire. +It can be used for database entry expiration. + +@strong{Returns:} The time this entry will expire, or zero on error. + +@strong{Since:} 3.6.5 +@end deftypefun + +@subheading gnutls_db_check_entry_time +@anchor{gnutls_db_check_entry_time} +@deftypefun {time_t} {gnutls_db_check_entry_time} (gnutls_datum_t * @var{entry}) +@var{entry}: is a pointer to a @code{gnutls_datum_t} type. + +This function returns the time that this entry was active. +It can be used for database entry expiration. + +@strong{Returns:} The time this entry was created, or zero on error. +@end deftypefun + +@subheading gnutls_db_get_default_cache_expiration +@anchor{gnutls_db_get_default_cache_expiration} +@deftypefun {unsigned} {gnutls_db_get_default_cache_expiration} ( @var{void}) + +Returns the expiration time (in seconds) of stored sessions for resumption. +@end deftypefun + +@subheading gnutls_db_get_ptr +@anchor{gnutls_db_get_ptr} +@deftypefun {void *} {gnutls_db_get_ptr} (gnutls_session_t @var{session}) +@var{session}: is a @code{gnutls_session_t} type. + +Get db function pointer. + +@strong{Returns:} the pointer that will be sent to db store, retrieve and +delete functions, as the first argument. +@end deftypefun + +@subheading gnutls_db_remove_session +@anchor{gnutls_db_remove_session} +@deftypefun {void} {gnutls_db_remove_session} (gnutls_session_t @var{session}) +@var{session}: is a @code{gnutls_session_t} type. + +This function will remove the current session data from the +session database. This will prevent future handshakes reusing +these session data. This function should be called if a session +was terminated abnormally, and before @code{gnutls_deinit()} is called. + +Normally @code{gnutls_deinit()} will remove abnormally terminated +sessions. +@end deftypefun + +@subheading gnutls_db_set_cache_expiration +@anchor{gnutls_db_set_cache_expiration} +@deftypefun {void} {gnutls_db_set_cache_expiration} (gnutls_session_t @var{session}, int @var{seconds}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{seconds}: is the number of seconds. + +Set the expiration time for resumed sessions. The default is 21600 +(size hours) at the time of writing. + +The maximum value that can be set using this function is 604800 +(7 days). +@end deftypefun + +@subheading gnutls_db_set_ptr +@anchor{gnutls_db_set_ptr} +@deftypefun {void} {gnutls_db_set_ptr} (gnutls_session_t @var{session}, void * @var{ptr}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{ptr}: is the pointer + +Sets the pointer that will be provided to db store, retrieve and +delete functions, as the first argument. +@end deftypefun + +@subheading gnutls_db_set_remove_function +@anchor{gnutls_db_set_remove_function} +@deftypefun {void} {gnutls_db_set_remove_function} (gnutls_session_t @var{session}, gnutls_db_remove_func @var{rem_func}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{rem_func}: is the function. + +Sets the function that will be used to remove data from the +resumed sessions database. This function must return 0 on success. + +The first argument to @code{rem_func} will be null unless +@code{gnutls_db_set_ptr()} has been called. +@end deftypefun + +@subheading gnutls_db_set_retrieve_function +@anchor{gnutls_db_set_retrieve_function} +@deftypefun {void} {gnutls_db_set_retrieve_function} (gnutls_session_t @var{session}, gnutls_db_retr_func @var{retr_func}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{retr_func}: is the function. + +Sets the function that will be used to retrieve data from the +resumed sessions database. This function must return a +gnutls_datum_t containing the data on success, or a gnutls_datum_t +containing null and 0 on failure. + +The datum's data must be allocated using the function +@code{gnutls_malloc()} . + +The first argument to @code{retr_func} will be null unless +@code{gnutls_db_set_ptr()} has been called. +@end deftypefun + +@subheading gnutls_db_set_store_function +@anchor{gnutls_db_set_store_function} +@deftypefun {void} {gnutls_db_set_store_function} (gnutls_session_t @var{session}, gnutls_db_store_func @var{store_func}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{store_func}: is the function + +Sets the function that will be used to store data in the resumed +sessions database. This function must return 0 on success. + +The first argument to @code{store_func} will be null unless +@code{gnutls_db_set_ptr()} has been called. +@end deftypefun + +@subheading gnutls_deinit +@anchor{gnutls_deinit} +@deftypefun {void} {gnutls_deinit} (gnutls_session_t @var{session}) +@var{session}: is a @code{gnutls_session_t} type. + +This function clears all buffers associated with the @code{session} . +This function will also remove session data from the session +database if the session was terminated abnormally. +@end deftypefun + +@subheading gnutls_dh_get_group +@anchor{gnutls_dh_get_group} +@deftypefun {int} {gnutls_dh_get_group} (gnutls_session_t @var{session}, gnutls_datum_t * @var{raw_gen}, gnutls_datum_t * @var{raw_prime}) +@var{session}: is a gnutls session + +@var{raw_gen}: will hold the generator. + +@var{raw_prime}: will hold the prime. + +This function will return the group parameters used in the last +Diffie-Hellman key exchange with the peer. These are the prime and +the generator used. This function should be used for both +anonymous and ephemeral Diffie-Hellman. The output parameters must +be freed with @code{gnutls_free()} . + +Note, that the prime and generator are exported as non-negative +integers and may include a leading zero byte. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise +an error code is returned. +@end deftypefun + +@subheading gnutls_dh_get_peers_public_bits +@anchor{gnutls_dh_get_peers_public_bits} +@deftypefun {int} {gnutls_dh_get_peers_public_bits} (gnutls_session_t @var{session}) +@var{session}: is a gnutls session + +Get the Diffie-Hellman public key bit size. Can be used for both +anonymous and ephemeral Diffie-Hellman. + +@strong{Returns:} The public key bit size used in the last Diffie-Hellman +key exchange with the peer, or a negative error code in case of error. +@end deftypefun + +@subheading gnutls_dh_get_prime_bits +@anchor{gnutls_dh_get_prime_bits} +@deftypefun {int} {gnutls_dh_get_prime_bits} (gnutls_session_t @var{session}) +@var{session}: is a gnutls session + +This function will return the bits of the prime used in the last +Diffie-Hellman key exchange with the peer. Should be used for both +anonymous and ephemeral Diffie-Hellman. Note that some ciphers, +like RSA and DSA without DHE, do not use a Diffie-Hellman key +exchange, and then this function will return 0. + +@strong{Returns:} The Diffie-Hellman bit strength is returned, or 0 if no +Diffie-Hellman key exchange was done, or a negative error code on +failure. +@end deftypefun + +@subheading gnutls_dh_get_pubkey +@anchor{gnutls_dh_get_pubkey} +@deftypefun {int} {gnutls_dh_get_pubkey} (gnutls_session_t @var{session}, gnutls_datum_t * @var{raw_key}) +@var{session}: is a gnutls session + +@var{raw_key}: will hold the public key. + +This function will return the peer's public key used in the last +Diffie-Hellman key exchange. This function should be used for both +anonymous and ephemeral Diffie-Hellman. The output parameters must +be freed with @code{gnutls_free()} . + +Note, that public key is exported as non-negative +integer and may include a leading zero byte. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise +an error code is returned. +@end deftypefun + +@subheading gnutls_dh_get_secret_bits +@anchor{gnutls_dh_get_secret_bits} +@deftypefun {int} {gnutls_dh_get_secret_bits} (gnutls_session_t @var{session}) +@var{session}: is a gnutls session + +This function will return the bits used in the last Diffie-Hellman +key exchange with the peer. Should be used for both anonymous and +ephemeral Diffie-Hellman. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise +an error code is returned. +@end deftypefun + +@subheading gnutls_dh_params_cpy +@anchor{gnutls_dh_params_cpy} +@deftypefun {int} {gnutls_dh_params_cpy} (gnutls_dh_params_t @var{dst}, gnutls_dh_params_t @var{src}) +@var{dst}: Is the destination parameters, which should be initialized. + +@var{src}: Is the source parameters + +This function will copy the DH parameters structure from source +to destination. The destination should be already initialized. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, +otherwise a negative error code is returned. +@end deftypefun + +@subheading gnutls_dh_params_deinit +@anchor{gnutls_dh_params_deinit} +@deftypefun {void} {gnutls_dh_params_deinit} (gnutls_dh_params_t @var{dh_params}) +@var{dh_params}: The parameters + +This function will deinitialize the DH parameters type. +@end deftypefun + +@subheading gnutls_dh_params_export2_pkcs3 +@anchor{gnutls_dh_params_export2_pkcs3} +@deftypefun {int} {gnutls_dh_params_export2_pkcs3} (gnutls_dh_params_t @var{params}, gnutls_x509_crt_fmt_t @var{format}, gnutls_datum_t * @var{out}) +@var{params}: Holds the DH parameters + +@var{format}: the format of output params. One of PEM or DER. + +@var{out}: will contain a PKCS3 DHParams structure PEM or DER encoded + +This function will export the given dh parameters to a PKCS3 +DHParams structure. This is the format generated by "openssl dhparam" tool. +The data in @code{out} will be allocated using @code{gnutls_malloc()} . + +If the structure is PEM encoded, it will have a header +of "BEGIN DH PARAMETERS". + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, +otherwise a negative error code is returned. + +@strong{Since:} 3.1.3 +@end deftypefun + +@subheading gnutls_dh_params_export_pkcs3 +@anchor{gnutls_dh_params_export_pkcs3} +@deftypefun {int} {gnutls_dh_params_export_pkcs3} (gnutls_dh_params_t @var{params}, gnutls_x509_crt_fmt_t @var{format}, unsigned char * @var{params_data}, size_t * @var{params_data_size}) +@var{params}: Holds the DH parameters + +@var{format}: the format of output params. One of PEM or DER. + +@var{params_data}: will contain a PKCS3 DHParams structure PEM or DER encoded + +@var{params_data_size}: holds the size of params_data (and will be replaced by the actual size of parameters) + +This function will export the given dh parameters to a PKCS3 +DHParams structure. This is the format generated by "openssl dhparam" tool. +If the buffer provided is not long enough to hold the output, then +GNUTLS_E_SHORT_MEMORY_BUFFER will be returned. + +If the structure is PEM encoded, it will have a header +of "BEGIN DH PARAMETERS". + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, +otherwise a negative error code is returned. +@end deftypefun + +@subheading gnutls_dh_params_export_raw +@anchor{gnutls_dh_params_export_raw} +@deftypefun {int} {gnutls_dh_params_export_raw} (gnutls_dh_params_t @var{params}, gnutls_datum_t * @var{prime}, gnutls_datum_t * @var{generator}, unsigned int * @var{bits}) +@var{params}: Holds the DH parameters + +@var{prime}: will hold the new prime + +@var{generator}: will hold the new generator + +@var{bits}: if non null will hold the secret key's number of bits + +This function will export the pair of prime and generator for use +in the Diffie-Hellman key exchange. The new parameters will be +allocated using @code{gnutls_malloc()} and will be stored in the +appropriate datum. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, +otherwise a negative error code is returned. +@end deftypefun + +@subheading gnutls_dh_params_generate2 +@anchor{gnutls_dh_params_generate2} +@deftypefun {int} {gnutls_dh_params_generate2} (gnutls_dh_params_t @var{dparams}, unsigned int @var{bits}) +@var{dparams}: The parameters + +@var{bits}: is the prime's number of bits + +This function will generate a new pair of prime and generator for use in +the Diffie-Hellman key exchange. This may take long time. + +It is recommended not to set the number of bits directly, but +use @code{gnutls_sec_param_to_pk_bits()} instead. +Also note that the DH parameters are only useful to servers. +Since clients use the parameters sent by the server, it's of +no use to call this in client side. + +The parameters generated are of the DSA form. It also is possible +to generate provable parameters (following the Shawe-Taylor +algorithm), using @code{gnutls_x509_privkey_generate2()} with DSA option +and the @code{GNUTLS_PRIVKEY_FLAG_PROVABLE} flag set. These can the +be imported with @code{gnutls_dh_params_import_dsa()} . + +It is no longer recommended for applications to generate parameters. +See the "Parameter generation" section in the manual. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, +otherwise a negative error code is returned. +@end deftypefun + +@subheading gnutls_dh_params_import_dsa +@anchor{gnutls_dh_params_import_dsa} +@deftypefun {int} {gnutls_dh_params_import_dsa} (gnutls_dh_params_t @var{dh_params}, gnutls_x509_privkey_t @var{key}) +@var{dh_params}: The parameters + +@var{key}: holds a DSA private key + +This function will import the prime and generator of the DSA key for use +in the Diffie-Hellman key exchange. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, +otherwise a negative error code is returned. +@end deftypefun + +@subheading gnutls_dh_params_import_pkcs3 +@anchor{gnutls_dh_params_import_pkcs3} +@deftypefun {int} {gnutls_dh_params_import_pkcs3} (gnutls_dh_params_t @var{params}, const gnutls_datum_t * @var{pkcs3_params}, gnutls_x509_crt_fmt_t @var{format}) +@var{params}: The parameters + +@var{pkcs3_params}: should contain a PKCS3 DHParams structure PEM or DER encoded + +@var{format}: the format of params. PEM or DER. + +This function will extract the DHParams found in a PKCS3 formatted +structure. This is the format generated by "openssl dhparam" tool. + +If the structure is PEM encoded, it should have a header +of "BEGIN DH PARAMETERS". + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, +otherwise a negative error code is returned. +@end deftypefun + +@subheading gnutls_dh_params_import_raw +@anchor{gnutls_dh_params_import_raw} +@deftypefun {int} {gnutls_dh_params_import_raw} (gnutls_dh_params_t @var{dh_params}, const gnutls_datum_t * @var{prime}, const gnutls_datum_t * @var{generator}) +@var{dh_params}: The parameters + +@var{prime}: holds the new prime + +@var{generator}: holds the new generator + +This function will replace the pair of prime and generator for use +in the Diffie-Hellman key exchange. The new parameters should be +stored in the appropriate gnutls_datum. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, +otherwise a negative error code is returned. +@end deftypefun + +@subheading gnutls_dh_params_import_raw2 +@anchor{gnutls_dh_params_import_raw2} +@deftypefun {int} {gnutls_dh_params_import_raw2} (gnutls_dh_params_t @var{dh_params}, const gnutls_datum_t * @var{prime}, const gnutls_datum_t * @var{generator}, unsigned @var{key_bits}) +@var{dh_params}: The parameters + +@var{prime}: holds the new prime + +@var{generator}: holds the new generator + +@var{key_bits}: the private key bits (set to zero when unknown) + +This function will replace the pair of prime and generator for use +in the Diffie-Hellman key exchange. The new parameters should be +stored in the appropriate gnutls_datum. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, +otherwise a negative error code is returned. +@end deftypefun + +@subheading gnutls_dh_params_import_raw3 +@anchor{gnutls_dh_params_import_raw3} +@deftypefun {int} {gnutls_dh_params_import_raw3} (gnutls_dh_params_t @var{dh_params}, const gnutls_datum_t * @var{prime}, const gnutls_datum_t * @var{q}, const gnutls_datum_t * @var{generator}) +@var{dh_params}: The parameters + +@var{prime}: holds the new prime + +@var{q}: holds the subgroup if available, otherwise NULL + +@var{generator}: holds the new generator + +This function will replace the pair of prime and generator for use +in the Diffie-Hellman key exchange. The new parameters should be +stored in the appropriate gnutls_datum. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, +otherwise a negative error code is returned. +@end deftypefun + +@subheading gnutls_dh_params_init +@anchor{gnutls_dh_params_init} +@deftypefun {int} {gnutls_dh_params_init} (gnutls_dh_params_t * @var{dh_params}) +@var{dh_params}: The parameters + +This function will initialize the DH parameters type. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, +otherwise a negative error code is returned. +@end deftypefun + +@subheading gnutls_dh_set_prime_bits +@anchor{gnutls_dh_set_prime_bits} +@deftypefun {void} {gnutls_dh_set_prime_bits} (gnutls_session_t @var{session}, unsigned int @var{bits}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{bits}: is the number of bits + +This function sets the number of bits, for use in a Diffie-Hellman +key exchange. This is used both in DH ephemeral and DH anonymous +cipher suites. This will set the minimum size of the prime that +will be used for the handshake. + +In the client side it sets the minimum accepted number of bits. If +a server sends a prime with less bits than that +@code{GNUTLS_E_DH_PRIME_UNACCEPTABLE} will be returned by the handshake. + +Note that this function will warn via the audit log for value that +are believed to be weak. + +The function has no effect in server side. + +Note that since 3.1.7 this function is deprecated. The minimum +number of bits is set by the priority string level. +Also this function must be called after @code{gnutls_priority_set_direct()} +or the set value may be overridden by the selected priority options. +@end deftypefun + +@subheading gnutls_digest_get_id +@anchor{gnutls_digest_get_id} +@deftypefun {gnutls_digest_algorithm_t} {gnutls_digest_get_id} (const char * @var{name}) +@var{name}: is a digest algorithm name + +Convert a string to a @code{gnutls_digest_algorithm_t} value. The names are +compared in a case insensitive way. + +@strong{Returns:} a @code{gnutls_digest_algorithm_t} id of the specified MAC +algorithm string, or @code{GNUTLS_DIG_UNKNOWN} on failure. +@end deftypefun + +@subheading gnutls_digest_get_name +@anchor{gnutls_digest_get_name} +@deftypefun {const char *} {gnutls_digest_get_name} (gnutls_digest_algorithm_t @var{algorithm}) +@var{algorithm}: is a digest algorithm + +Convert a @code{gnutls_digest_algorithm_t} value to a string. + +@strong{Returns:} a string that contains the name of the specified digest +algorithm, or @code{NULL} . +@end deftypefun + +@subheading gnutls_digest_get_oid +@anchor{gnutls_digest_get_oid} +@deftypefun {const char *} {gnutls_digest_get_oid} (gnutls_digest_algorithm_t @var{algorithm}) +@var{algorithm}: is a digest algorithm + +Convert a @code{gnutls_digest_algorithm_t} value to its object identifier. + +@strong{Returns:} a string that contains the object identifier of the specified digest +algorithm, or @code{NULL} . + +@strong{Since:} 3.4.3 +@end deftypefun + +@subheading gnutls_digest_list +@anchor{gnutls_digest_list} +@deftypefun {const gnutls_digest_algorithm_t *} {gnutls_digest_list} ( @var{void}) + +Get a list of hash (digest) algorithms supported by GnuTLS. + +This function is not thread safe. + +@strong{Returns:} Return a (0)-terminated list of @code{gnutls_digest_algorithm_t} +integers indicating the available digests. +@end deftypefun + +@subheading gnutls_ecc_curve_get +@anchor{gnutls_ecc_curve_get} +@deftypefun {gnutls_ecc_curve_t} {gnutls_ecc_curve_get} (gnutls_session_t @var{session}) +@var{session}: is a @code{gnutls_session_t} type. + +Returns the currently used elliptic curve for key exchange. Only valid +when using an elliptic curve ciphersuite. + +@strong{Returns:} the currently used curve, a @code{gnutls_ecc_curve_t} +type. + +@strong{Since:} 3.0 +@end deftypefun + +@subheading gnutls_ecc_curve_get_id +@anchor{gnutls_ecc_curve_get_id} +@deftypefun {gnutls_ecc_curve_t} {gnutls_ecc_curve_get_id} (const char * @var{name}) +@var{name}: is a curve name + +The names are compared in a case insensitive way. + +@strong{Returns:} return a @code{gnutls_ecc_curve_t} value corresponding to +the specified curve, or @code{GNUTLS_ECC_CURVE_INVALID} on error. + +@strong{Since:} 3.4.3 +@end deftypefun + +@subheading gnutls_ecc_curve_get_name +@anchor{gnutls_ecc_curve_get_name} +@deftypefun {const char *} {gnutls_ecc_curve_get_name} (gnutls_ecc_curve_t @var{curve}) +@var{curve}: is an ECC curve + +Convert a @code{gnutls_ecc_curve_t} value to a string. + +@strong{Returns:} a string that contains the name of the specified +curve or @code{NULL} . + +@strong{Since:} 3.0 +@end deftypefun + +@subheading gnutls_ecc_curve_get_oid +@anchor{gnutls_ecc_curve_get_oid} +@deftypefun {const char *} {gnutls_ecc_curve_get_oid} (gnutls_ecc_curve_t @var{curve}) +@var{curve}: is an ECC curve + +Convert a @code{gnutls_ecc_curve_t} value to its object identifier. + +@strong{Returns:} a string that contains the OID of the specified +curve or @code{NULL} . + +@strong{Since:} 3.4.3 +@end deftypefun + +@subheading gnutls_ecc_curve_get_pk +@anchor{gnutls_ecc_curve_get_pk} +@deftypefun {gnutls_pk_algorithm_t} {gnutls_ecc_curve_get_pk} (gnutls_ecc_curve_t @var{curve}) +@var{curve}: is an ECC curve + + +@strong{Returns:} the public key algorithm associated with the named curve or @code{GNUTLS_PK_UNKNOWN} . + +@strong{Since:} 3.5.0 +@end deftypefun + +@subheading gnutls_ecc_curve_get_size +@anchor{gnutls_ecc_curve_get_size} +@deftypefun {int} {gnutls_ecc_curve_get_size} (gnutls_ecc_curve_t @var{curve}) +@var{curve}: is an ECC curve + + +@strong{Returns:} the size in bytes of the curve or 0 on failure. + +@strong{Since:} 3.0 +@end deftypefun + +@subheading gnutls_ecc_curve_list +@anchor{gnutls_ecc_curve_list} +@deftypefun {const gnutls_ecc_curve_t *} {gnutls_ecc_curve_list} ( @var{void}) + +Get the list of supported elliptic curves. + +This function is not thread safe. + +@strong{Returns:} Return a (0)-terminated list of @code{gnutls_ecc_curve_t} +integers indicating the available curves. +@end deftypefun + +@subheading gnutls_error_is_fatal +@anchor{gnutls_error_is_fatal} +@deftypefun {int} {gnutls_error_is_fatal} (int @var{error}) +@var{error}: is a GnuTLS error code, a negative error code + +If a GnuTLS function returns a negative error code you may feed that +value to this function to see if the error condition is fatal to +a TLS session (i.e., must be terminated). + +Note that you may also want to check the error code manually, since some +non-fatal errors to the protocol (such as a warning alert or +a rehandshake request) may be fatal for your program. + +This function is only useful if you are dealing with errors from +functions that relate to a TLS session (e.g., record layer or handshake +layer handling functions). + +@strong{Returns:} Non-zero value on fatal errors or zero on non-fatal. +@end deftypefun + +@subheading gnutls_error_to_alert +@anchor{gnutls_error_to_alert} +@deftypefun {int} {gnutls_error_to_alert} (int @var{err}, int * @var{level}) +@var{err}: is a negative integer + +@var{level}: the alert level will be stored there + +Get an alert depending on the error code returned by a gnutls +function. All alerts sent by this function should be considered +fatal. The only exception is when @code{err} is @code{GNUTLS_E_REHANDSHAKE} , +where a warning alert should be sent to the peer indicating that no +renegotiation will be performed. + +If there is no mapping to a valid alert the alert to indicate +internal error (@code{GNUTLS_A_INTERNAL_ERROR} ) is returned. + +@strong{Returns:} the alert code to use for a particular error code. +@end deftypefun + +@subheading gnutls_est_record_overhead_size +@anchor{gnutls_est_record_overhead_size} +@deftypefun {size_t} {gnutls_est_record_overhead_size} (gnutls_protocol_t @var{version}, gnutls_cipher_algorithm_t @var{cipher}, gnutls_mac_algorithm_t @var{mac}, gnutls_compression_method_t @var{comp}, unsigned int @var{flags}) +@var{version}: is a @code{gnutls_protocol_t} value + +@var{cipher}: is a @code{gnutls_cipher_algorithm_t} value + +@var{mac}: is a @code{gnutls_mac_algorithm_t} value + +@var{comp}: is a @code{gnutls_compression_method_t} value (ignored) + +@var{flags}: must be zero + +This function will return the set size in bytes of the overhead +due to TLS (or DTLS) per record. + +Note that this function may provide inacurate values when TLS +extensions that modify the record format are negotiated. In these +cases a more accurate value can be obtained using @code{gnutls_record_overhead_size()} +after a completed handshake. + +@strong{Since:} 3.2.2 +@end deftypefun + +@subheading gnutls_ext_get_current_msg +@anchor{gnutls_ext_get_current_msg} +@deftypefun {unsigned} {gnutls_ext_get_current_msg} (gnutls_session_t @var{session}) +@var{session}: a @code{gnutls_session_t} opaque pointer + +This function allows an extension handler to obtain the message +this extension is being called from. The returned value is a single +entry of the @code{gnutls_ext_flags_t} enumeration. That is, if an +extension was registered with the @code{GNUTLS_EXT_FLAG_HRR} and +@code{GNUTLS_EXT_FLAG_EE} flags, the value when called during parsing of the +encrypted extensions message will be @code{GNUTLS_EXT_FLAG_EE} . + +If not called under an extension handler, its value is undefined. + +@strong{Since:} 3.6.3 +@end deftypefun + +@subheading gnutls_ext_get_data +@anchor{gnutls_ext_get_data} +@deftypefun {int} {gnutls_ext_get_data} (gnutls_session_t @var{session}, unsigned @var{tls_id}, gnutls_ext_priv_data_t * @var{data}) +@var{session}: a @code{gnutls_session_t} opaque pointer + +@var{tls_id}: the numeric id of the extension + +@var{data}: a pointer to the private data to retrieve + +This function retrieves any data previously stored with @code{gnutls_ext_set_data()} . + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, otherwise a negative error code. + +@strong{Since:} 3.4.0 +@end deftypefun + +@subheading gnutls_ext_get_name +@anchor{gnutls_ext_get_name} +@deftypefun {const char *} {gnutls_ext_get_name} (unsigned int @var{ext}) +@var{ext}: is a TLS extension numeric ID + +Convert a TLS extension numeric ID to a printable string. + +@strong{Returns:} a pointer to a string that contains the name of the +specified cipher, or @code{NULL} . +@end deftypefun + +@subheading gnutls_ext_raw_parse +@anchor{gnutls_ext_raw_parse} +@deftypefun {int} {gnutls_ext_raw_parse} (void * @var{ctx}, gnutls_ext_raw_process_func @var{cb}, const gnutls_datum_t * @var{data}, unsigned int @var{flags}) +@var{ctx}: a pointer to pass to callback function + +@var{cb}: callback function to process each extension found + +@var{data}: TLS extension data + +@var{flags}: should be zero or @code{GNUTLS_EXT_RAW_FLAG_TLS_CLIENT_HELLO} or @code{GNUTLS_EXT_RAW_FLAG_DTLS_CLIENT_HELLO} + +This function iterates through the TLS extensions as passed in + @code{data} , passing the individual extension data to callback. The + @code{data} must conform to Extension extensions<0..2^16-1> format. + +If flags is @code{GNUTLS_EXT_RAW_TLS_FLAG_CLIENT_HELLO} then this function +will parse the extension data from the position, as if the packet in + @code{data} is a client hello (without record or handshake headers) - +as provided by @code{gnutls_handshake_set_hook_function()} . + +The return value of the callback will be propagated. + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, or an error code. On unknown +flags it returns @code{GNUTLS_E_INVALID_REQUEST} . + +@strong{Since:} 3.6.3 +@end deftypefun + +@subheading gnutls_ext_register +@anchor{gnutls_ext_register} +@deftypefun {int} {gnutls_ext_register} (const char * @var{name}, int @var{id}, gnutls_ext_parse_type_t @var{parse_type}, gnutls_ext_recv_func @var{recv_func}, gnutls_ext_send_func @var{send_func}, gnutls_ext_deinit_data_func @var{deinit_func}, gnutls_ext_pack_func @var{pack_func}, gnutls_ext_unpack_func @var{unpack_func}) +@var{name}: the name of the extension to register + +@var{id}: the numeric TLS id of the extension + +@var{parse_type}: the parse type of the extension (see gnutls_ext_parse_type_t) + +@var{recv_func}: a function to receive the data + +@var{send_func}: a function to send the data + +@var{deinit_func}: a function deinitialize any private data + +@var{pack_func}: a function which serializes the extension's private data (used on session packing for resumption) + +@var{unpack_func}: a function which will deserialize the extension's private data + +This function will register a new extension type. The extension will remain +registered until @code{gnutls_global_deinit()} is called. If the extension type +is already registered then @code{GNUTLS_E_ALREADY_REGISTERED} will be returned. + +Each registered extension can store temporary data into the gnutls_session_t +structure using @code{gnutls_ext_set_data()} , and they can be retrieved using +@code{gnutls_ext_get_data()} . + +Any extensions registered with this function are valid for the client +and TLS1.2 server hello (or encrypted extensions for TLS1.3). + +This function is not thread safe. + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, otherwise a negative error code. + +@strong{Since:} 3.4.0 +@end deftypefun + +@subheading gnutls_ext_set_data +@anchor{gnutls_ext_set_data} +@deftypefun {void} {gnutls_ext_set_data} (gnutls_session_t @var{session}, unsigned @var{tls_id}, gnutls_ext_priv_data_t @var{data}) +@var{session}: a @code{gnutls_session_t} opaque pointer + +@var{tls_id}: the numeric id of the extension + +@var{data}: the private data to set + +This function allows an extension handler to store data in the current session +and retrieve them later on. The set data will be deallocated using +the gnutls_ext_deinit_data_func. + +@strong{Since:} 3.4.0 +@end deftypefun + +@subheading gnutls_fingerprint +@anchor{gnutls_fingerprint} +@deftypefun {int} {gnutls_fingerprint} (gnutls_digest_algorithm_t @var{algo}, const gnutls_datum_t * @var{data}, void * @var{result}, size_t * @var{result_size}) +@var{algo}: is a digest algorithm + +@var{data}: is the data + +@var{result}: is the place where the result will be copied (may be null). + +@var{result_size}: should hold the size of the result. The actual size +of the returned result will also be copied there. + +This function will calculate a fingerprint (actually a hash), of +the given data. The result is not printable data. You should +convert it to hex, or to something else printable. + +This is the usual way to calculate a fingerprint of an X.509 DER +encoded certificate. Note however that the fingerprint of an +OpenPGP certificate is not just a hash and cannot be calculated with this +function. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise +an error code is returned. +@end deftypefun + +@subheading gnutls_fips140_mode_enabled +@anchor{gnutls_fips140_mode_enabled} +@deftypefun {unsigned} {gnutls_fips140_mode_enabled} ( @var{void}) + +Checks whether this library is in FIPS140 mode. The returned +value corresponds to the library mode as set with +@code{gnutls_fips140_set_mode()} . + +If @code{gnutls_fips140_set_mode()} was called with @code{GNUTLS_FIPS140_SET_MODE_THREAD} +then this function will return the current thread's FIPS140 mode, otherwise +the global value is returned. + +@strong{Returns:} return non-zero if true or zero if false. + +@strong{Since:} 3.3.0 +@end deftypefun + +@subheading gnutls_fips140_set_mode +@anchor{gnutls_fips140_set_mode} +@deftypefun {void} {gnutls_fips140_set_mode} (gnutls_fips_mode_t @var{mode}, unsigned @var{flags}) +@var{mode}: the FIPS140-2 mode to switch to + +@var{flags}: should be zero or @code{GNUTLS_FIPS140_SET_MODE_THREAD} + +That function is not thread-safe when changing the mode with no flags +(globally), and should be called prior to creating any threads. Its +behavior with no flags after threads are created is undefined. + +When the flag @code{GNUTLS_FIPS140_SET_MODE_THREAD} is specified +then this call will change the FIPS140-2 mode for this particular +thread and not for the whole process. That way an application +can utilize this function to set and reset mode for specific +operations. + +This function never fails but will be a no-op if used when +the library is not in FIPS140-2 mode. When asked to switch to unknown +values for @code{mode} or to @code{GNUTLS_FIPS140_SELFTESTS} mode, the library +switches to @code{GNUTLS_FIPS140_STRICT} mode. + +@strong{Since:} 3.6.2 +@end deftypefun + +@subheading gnutls_global_deinit +@anchor{gnutls_global_deinit} +@deftypefun {void} {gnutls_global_deinit} ( @var{void}) + +This function deinitializes the global data, that were initialized +using @code{gnutls_global_init()} . + +Since GnuTLS 3.3.0 this function is no longer necessary to be explicitly +called. GnuTLS will automatically deinitialize on library destructor. See +@code{gnutls_global_init()} for disabling the implicit initialization/deinitialization. +@end deftypefun + +@subheading gnutls_global_init +@anchor{gnutls_global_init} +@deftypefun {int} {gnutls_global_init} ( @var{void}) + +Since GnuTLS 3.3.0 this function is no longer necessary to be explicitly +called. To disable the implicit call (in a library constructor) of this +function set the environment variable @code{GNUTLS_NO_EXPLICIT_INIT} to 1. + +This function performs any required precalculations, detects +the supported CPU capabilities and initializes the underlying +cryptographic backend. In order to free any resources +taken by this call you should @code{gnutls_global_deinit()} +when gnutls usage is no longer needed. + +This function increments a global counter, so that +@code{gnutls_global_deinit()} only releases resources when it has been +called as many times as @code{gnutls_global_init()} . This is useful when +GnuTLS is used by more than one library in an application. This +function can be called many times, but will only do something the +first time. + +A subsequent call of this function if the initial has failed will +return the same error code. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, +otherwise a negative error code is returned. +@end deftypefun + +@subheading gnutls_global_set_audit_log_function +@anchor{gnutls_global_set_audit_log_function} +@deftypefun {void} {gnutls_global_set_audit_log_function} (gnutls_audit_log_func @var{log_func}) +@var{log_func}: it is the audit log function + +This is the function to set the audit logging function. This +is a function to report important issues, such as possible +attacks in the protocol. This is different from @code{gnutls_global_set_log_function()} +because it will report also session-specific events. The session +parameter will be null if there is no corresponding TLS session. + + @code{gnutls_audit_log_func} is of the form, +void (*gnutls_audit_log_func)( gnutls_session_t, const char*); + +@strong{Since:} 3.0 +@end deftypefun + +@subheading gnutls_global_set_log_function +@anchor{gnutls_global_set_log_function} +@deftypefun {void} {gnutls_global_set_log_function} (gnutls_log_func @var{log_func}) +@var{log_func}: it's a log function + +This is the function where you set the logging function gnutls is +going to use. This function only accepts a character array. +Normally you may not use this function since it is only used for +debugging purposes. + + @code{gnutls_log_func} is of the form, +void (*gnutls_log_func)( int level, const char*); +@end deftypefun + +@subheading gnutls_global_set_log_level +@anchor{gnutls_global_set_log_level} +@deftypefun {void} {gnutls_global_set_log_level} (int @var{level}) +@var{level}: it's an integer from 0 to 99. + +This is the function that allows you to set the log level. The +level is an integer between 0 and 9. Higher values mean more +verbosity. The default value is 0. Larger values should only be +used with care, since they may reveal sensitive information. + +Use a log level over 10 to enable all debugging options. +@end deftypefun + +@subheading gnutls_global_set_mutex +@anchor{gnutls_global_set_mutex} +@deftypefun {void} {gnutls_global_set_mutex} (mutex_init_func @var{init}, mutex_deinit_func @var{deinit}, mutex_lock_func @var{lock}, mutex_unlock_func @var{unlock}) +@var{init}: mutex initialization function + +@var{deinit}: mutex deinitialization function + +@var{lock}: mutex locking function + +@var{unlock}: mutex unlocking function + +With this function you are allowed to override the default mutex +locks used in some parts of gnutls and dependent libraries. This function +should be used if you have complete control of your program and libraries. +Do not call this function from a library, or preferably from any application +unless really needed to. GnuTLS will use the appropriate locks for the running +system. + +Note that since the move to implicit initialization of GnuTLS on library +load, calling this function will deinitialize the library, and re-initialize +it after the new locking functions are set. + +This function must be called prior to any other gnutls function. + +@strong{Since:} 2.12.0 +@end deftypefun + +@subheading gnutls_global_set_time_function +@anchor{gnutls_global_set_time_function} +@deftypefun {void} {gnutls_global_set_time_function} (gnutls_time_func @var{time_func}) +@var{time_func}: it's the system time function, a @code{gnutls_time_func()} callback. + +This is the function where you can override the default system time +function. The application provided function should behave the same +as the standard function. + +@strong{Since:} 2.12.0 +@end deftypefun + +@subheading gnutls_gost_paramset_get_name +@anchor{gnutls_gost_paramset_get_name} +@deftypefun {const char *} {gnutls_gost_paramset_get_name} (gnutls_gost_paramset_t @var{param}) +@var{param}: is a GOST 28147 param set + +Convert a @code{gnutls_gost_paramset_t} value to a string. + +@strong{Returns:} a string that contains the name of the specified GOST param set, +or @code{NULL} . + +@strong{Since:} 3.6.3 +@end deftypefun + +@subheading gnutls_gost_paramset_get_oid +@anchor{gnutls_gost_paramset_get_oid} +@deftypefun {const char *} {gnutls_gost_paramset_get_oid} (gnutls_gost_paramset_t @var{param}) +@var{param}: is a GOST 28147 param set + +Convert a @code{gnutls_gost_paramset_t} value to its object identifier. + +@strong{Returns:} a string that contains the object identifier of the specified GOST +param set, or @code{NULL} . + +@strong{Since:} 3.6.3 +@end deftypefun + +@subheading gnutls_group_get +@anchor{gnutls_group_get} +@deftypefun {gnutls_group_t} {gnutls_group_get} (gnutls_session_t @var{session}) +@var{session}: is a @code{gnutls_session_t} type. + +Returns the currently used group for key exchange. Only valid +when using an elliptic curve or DH ciphersuite. + +@strong{Returns:} the currently used group, a @code{gnutls_group_t} +type. + +@strong{Since:} 3.6.0 +@end deftypefun + +@subheading gnutls_group_get_id +@anchor{gnutls_group_get_id} +@deftypefun {gnutls_group_t} {gnutls_group_get_id} (const char * @var{name}) +@var{name}: is a group name + +The names are compared in a case insensitive way. + +@strong{Returns:} return a @code{gnutls_group_t} value corresponding to +the specified group, or @code{GNUTLS_GROUP_INVALID} on error. + +@strong{Since:} 3.6.0 +@end deftypefun + +@subheading gnutls_group_get_name +@anchor{gnutls_group_get_name} +@deftypefun {const char *} {gnutls_group_get_name} (gnutls_group_t @var{group}) +@var{group}: is an element from @code{gnutls_group_t} + +Convert a @code{gnutls_group_t} value to a string. + +@strong{Returns:} a string that contains the name of the specified +group or @code{NULL} . + +@strong{Since:} 3.6.0 +@end deftypefun + +@subheading gnutls_group_list +@anchor{gnutls_group_list} +@deftypefun {const gnutls_group_t *} {gnutls_group_list} ( @var{void}) + +Get the list of supported elliptic curves. + +This function is not thread safe. + +@strong{Returns:} Return a (0)-terminated list of @code{gnutls_group_t} +integers indicating the available groups. + +@strong{Since:} 3.6.0 +@end deftypefun + +@subheading gnutls_handshake +@anchor{gnutls_handshake} +@deftypefun {int} {gnutls_handshake} (gnutls_session_t @var{session}) +@var{session}: is a @code{gnutls_session_t} type. + +This function performs the handshake of the TLS/SSL protocol, and +initializes the TLS session parameters. + +The non-fatal errors expected by this function are: +@code{GNUTLS_E_INTERRUPTED} , @code{GNUTLS_E_AGAIN} , +@code{GNUTLS_E_WARNING_ALERT_RECEIVED} . When this function is called +for re-handshake under TLS 1.2 or earlier, the non-fatal error code +@code{GNUTLS_E_GOT_APPLICATION_DATA} may also be returned. + +The former two interrupt the handshake procedure due to the transport +layer being interrupted, and the latter because of a "warning" alert that +was sent by the peer (it is always a good idea to check any +received alerts). On these non-fatal errors call this function again, +until it returns 0; cf. @code{gnutls_record_get_direction()} and +@code{gnutls_error_is_fatal()} . In DTLS sessions the non-fatal error +@code{GNUTLS_E_LARGE_PACKET} is also possible, and indicates that +the MTU should be adjusted. + +When this function is called by a server after a rehandshake request +under TLS 1.2 or earlier the @code{GNUTLS_E_GOT_APPLICATION_DATA} error code indicates +that some data were pending prior to peer initiating the handshake. +Under TLS 1.3 this function when called after a successful handshake, is a no-op +and always succeeds in server side; in client side this function is +equivalent to @code{gnutls_session_key_update()} with @code{GNUTLS_KU_PEER} flag. + +This function handles both full and abbreviated TLS handshakes (resumption). +For abbreviated handshakes, in client side, the @code{gnutls_session_set_data()} +should be called prior to this function to set parameters from a previous session. +In server side, resumption is handled by either setting a DB back-end, or setting +up keys for session tickets. + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on a successful handshake, otherwise a negative error code. +@end deftypefun + +@subheading gnutls_handshake_description_get_name +@anchor{gnutls_handshake_description_get_name} +@deftypefun {const char *} {gnutls_handshake_description_get_name} (gnutls_handshake_description_t @var{type}) +@var{type}: is a handshake message description + +Convert a @code{gnutls_handshake_description_t} value to a string. + +@strong{Returns:} a string that contains the name of the specified handshake +message or @code{NULL} . +@end deftypefun + +@subheading gnutls_handshake_get_last_in +@anchor{gnutls_handshake_get_last_in} +@deftypefun {gnutls_handshake_description_t} {gnutls_handshake_get_last_in} (gnutls_session_t @var{session}) +@var{session}: is a @code{gnutls_session_t} type. + +This function is only useful to check where the last performed +handshake failed. If the previous handshake succeed or was not +performed at all then no meaningful value will be returned. + +Check @code{gnutls_handshake_description_t} in gnutls.h for the +available handshake descriptions. + +@strong{Returns:} the last handshake message type received, a +@code{gnutls_handshake_description_t} . +@end deftypefun + +@subheading gnutls_handshake_get_last_out +@anchor{gnutls_handshake_get_last_out} +@deftypefun {gnutls_handshake_description_t} {gnutls_handshake_get_last_out} (gnutls_session_t @var{session}) +@var{session}: is a @code{gnutls_session_t} type. + +This function is only useful to check where the last performed +handshake failed. If the previous handshake succeed or was not +performed at all then no meaningful value will be returned. + +Check @code{gnutls_handshake_description_t} in gnutls.h for the +available handshake descriptions. + +@strong{Returns:} the last handshake message type sent, a +@code{gnutls_handshake_description_t} . +@end deftypefun + +@subheading gnutls_handshake_set_hook_function +@anchor{gnutls_handshake_set_hook_function} +@deftypefun {void} {gnutls_handshake_set_hook_function} (gnutls_session_t @var{session}, unsigned int @var{htype}, int @var{when}, gnutls_handshake_hook_func @var{func}) +@var{session}: is a @code{gnutls_session_t} type + +@var{htype}: the @code{gnutls_handshake_description_t} of the message to hook at + +@var{when}: @code{GNUTLS_HOOK_} * depending on when the hook function should be called + +@var{func}: is the function to be called + +This function will set a callback to be called after or before the specified +handshake message has been received or generated. This is a +generalization of @code{gnutls_handshake_set_post_client_hello_function()} . + +To call the hook function prior to the message being generated or processed +use @code{GNUTLS_HOOK_PRE} as @code{when} parameter, @code{GNUTLS_HOOK_POST} to call +after, and @code{GNUTLS_HOOK_BOTH} for both cases. + +This callback must return 0 on success or a gnutls error code to +terminate the handshake. + +To hook at all handshake messages use an @code{htype} of @code{GNUTLS_HANDSHAKE_ANY} . + +@strong{Warning:} You should not use this function to terminate the +handshake based on client input unless you know what you are +doing. Before the handshake is finished there is no way to know if +there is a man-in-the-middle attack being performed. +@end deftypefun + +@subheading gnutls_handshake_set_max_packet_length +@anchor{gnutls_handshake_set_max_packet_length} +@deftypefun {void} {gnutls_handshake_set_max_packet_length} (gnutls_session_t @var{session}, size_t @var{max}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{max}: is the maximum number. + +This function will set the maximum size of all handshake messages. +Handshakes over this size are rejected with +@code{GNUTLS_E_HANDSHAKE_TOO_LARGE} error code. The default value is +128kb which is typically large enough. Set this to 0 if you do not +want to set an upper limit. + +The reason for restricting the handshake message sizes are to +limit Denial of Service attacks. + +Note that the maximum handshake size was increased to 128kb +from 48kb in GnuTLS 3.5.5. +@end deftypefun + +@subheading gnutls_handshake_set_post_client_hello_function +@anchor{gnutls_handshake_set_post_client_hello_function} +@deftypefun {void} {gnutls_handshake_set_post_client_hello_function} (gnutls_session_t @var{session}, gnutls_handshake_simple_hook_func @var{func}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{func}: is the function to be called + +This function will set a callback to be called after the client +hello has been received (callback valid in server side only). This +allows the server to adjust settings based on received extensions. + +Those settings could be ciphersuites, requesting certificate, or +anything else except for version negotiation (this is done before +the hello message is parsed). + +This callback must return 0 on success or a gnutls error code to +terminate the handshake. + +Since GnuTLS 3.3.5 the callback is +allowed to return @code{GNUTLS_E_AGAIN} or @code{GNUTLS_E_INTERRUPTED} to +put the handshake on hold. In that case @code{gnutls_handshake()} +will return @code{GNUTLS_E_INTERRUPTED} and can be resumed when needed. + +@strong{Warning:} You should not use this function to terminate the +handshake based on client input unless you know what you are +doing. Before the handshake is finished there is no way to know if +there is a man-in-the-middle attack being performed. +@end deftypefun + +@subheading gnutls_handshake_set_private_extensions +@anchor{gnutls_handshake_set_private_extensions} +@deftypefun {void} {gnutls_handshake_set_private_extensions} (gnutls_session_t @var{session}, int @var{allow}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{allow}: is an integer (0 or 1) + +This function will enable or disable the use of private cipher +suites (the ones that start with 0xFF). By default or if @code{allow} is 0 then these cipher suites will not be advertised nor used. + +Currently GnuTLS does not include such cipher-suites or +compression algorithms. + +Enabling the private ciphersuites when talking to other than +gnutls servers and clients may cause interoperability problems. +@end deftypefun + +@subheading gnutls_handshake_set_random +@anchor{gnutls_handshake_set_random} +@deftypefun {int} {gnutls_handshake_set_random} (gnutls_session_t @var{session}, const gnutls_datum_t * @var{random}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{random}: a random value of 32-bytes + +This function will explicitly set the server or client hello +random value in the subsequent TLS handshake. The random value +should be a 32-byte value. + +Note that this function should not normally be used as gnutls +will select automatically a random value for the handshake. + +This function should not be used when resuming a session. + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, or an error code. + +Since 3.1.9 +@end deftypefun + +@subheading gnutls_handshake_set_timeout +@anchor{gnutls_handshake_set_timeout} +@deftypefun {void} {gnutls_handshake_set_timeout} (gnutls_session_t @var{session}, unsigned int @var{ms}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{ms}: is a timeout value in milliseconds + +This function sets the timeout for the TLS handshake process +to the provided value. Use an @code{ms} value of zero to disable +timeout, or @code{GNUTLS_DEFAULT_HANDSHAKE_TIMEOUT} for a reasonable +default value. For the DTLS protocol, the more detailed +@code{gnutls_dtls_set_timeouts()} is provided. + +This function requires to set a pull timeout callback. See +@code{gnutls_transport_set_pull_timeout_function()} . + +@strong{Since:} 3.1.0 +@end deftypefun + +@subheading gnutls_heartbeat_allowed +@anchor{gnutls_heartbeat_allowed} +@deftypefun {unsigned} {gnutls_heartbeat_allowed} (gnutls_session_t @var{session}, unsigned int @var{type}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{type}: one of @code{GNUTLS_HB_LOCAL_ALLOWED_TO_SEND} and @code{GNUTLS_HB_PEER_ALLOWED_TO_SEND} + +This function will check whether heartbeats are allowed +to be sent or received in this session. + +@strong{Returns:} Non zero if heartbeats are allowed. + +@strong{Since:} 3.1.2 +@end deftypefun + +@subheading gnutls_heartbeat_enable +@anchor{gnutls_heartbeat_enable} +@deftypefun {void} {gnutls_heartbeat_enable} (gnutls_session_t @var{session}, unsigned int @var{type}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{type}: one of the GNUTLS_HB_* flags + +If this function is called with the @code{GNUTLS_HB_PEER_ALLOWED_TO_SEND} + @code{type} , GnuTLS will allow heartbeat messages to be received. Moreover it also +request the peer to accept heartbeat messages. This function +must be called prior to TLS handshake. + +If the @code{type} used is @code{GNUTLS_HB_LOCAL_ALLOWED_TO_SEND} , then the peer +will be asked to accept heartbeat messages but not send ones. + +The function @code{gnutls_heartbeat_allowed()} can be used to test Whether +locally generated heartbeat messages can be accepted by the peer. + +@strong{Since:} 3.1.2 +@end deftypefun + +@subheading gnutls_heartbeat_get_timeout +@anchor{gnutls_heartbeat_get_timeout} +@deftypefun {unsigned int} {gnutls_heartbeat_get_timeout} (gnutls_session_t @var{session}) +@var{session}: is a @code{gnutls_session_t} type. + +This function will return the milliseconds remaining +for a retransmission of the previously sent ping +message. This function is useful when ping is used in +non-blocking mode, to estimate when to call @code{gnutls_heartbeat_ping()} +if no packets have been received. + +@strong{Returns:} the remaining time in milliseconds. + +@strong{Since:} 3.1.2 +@end deftypefun + +@subheading gnutls_heartbeat_ping +@anchor{gnutls_heartbeat_ping} +@deftypefun {int} {gnutls_heartbeat_ping} (gnutls_session_t @var{session}, size_t @var{data_size}, unsigned int @var{max_tries}, unsigned int @var{flags}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{data_size}: is the length of the ping payload. + +@var{max_tries}: if flags is @code{GNUTLS_HEARTBEAT_WAIT} then this sets the number of retransmissions. Use zero for indefinite (until timeout). + +@var{flags}: if @code{GNUTLS_HEARTBEAT_WAIT} then wait for pong or timeout instead of returning immediately. + +This function sends a ping to the peer. If the @code{flags} is set +to @code{GNUTLS_HEARTBEAT_WAIT} then it waits for a reply from the peer. + +Note that it is highly recommended to use this function with the +flag @code{GNUTLS_HEARTBEAT_WAIT} , or you need to handle retransmissions +and timeouts manually. + +The total TLS data transmitted as part of the ping message are given by +the following formula: MAX(16, @code{data_size} )+@code{gnutls_record_overhead_size()} +3. + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, otherwise a negative error code. + +@strong{Since:} 3.1.2 +@end deftypefun + +@subheading gnutls_heartbeat_pong +@anchor{gnutls_heartbeat_pong} +@deftypefun {int} {gnutls_heartbeat_pong} (gnutls_session_t @var{session}, unsigned int @var{flags}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{flags}: should be zero + +This function replies to a ping by sending a pong to the peer. + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, otherwise a negative error code. + +@strong{Since:} 3.1.2 +@end deftypefun + +@subheading gnutls_heartbeat_set_timeouts +@anchor{gnutls_heartbeat_set_timeouts} +@deftypefun {void} {gnutls_heartbeat_set_timeouts} (gnutls_session_t @var{session}, unsigned int @var{retrans_timeout}, unsigned int @var{total_timeout}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{retrans_timeout}: The time at which a retransmission will occur in milliseconds + +@var{total_timeout}: The time at which the connection will be aborted, in milliseconds. + +This function will override the timeouts for the DTLS heartbeat +protocol. The retransmission timeout is the time after which a +message from the peer is not received, the previous request will +be retransmitted. The total timeout is the time after which the +handshake will be aborted with @code{GNUTLS_E_TIMEDOUT} . + +@strong{Since:} 3.1.2 +@end deftypefun + +@subheading gnutls_hex2bin +@anchor{gnutls_hex2bin} +@deftypefun {int} {gnutls_hex2bin} (const char * @var{hex_data}, size_t @var{hex_size}, void * @var{bin_data}, size_t * @var{bin_size}) +@var{hex_data}: string with data in hex format + +@var{hex_size}: size of hex data + +@var{bin_data}: output array with binary data + +@var{bin_size}: when calling should hold maximum size of @code{bin_data} , +on return will hold actual length of @code{bin_data} . + +Convert a buffer with hex data to binary data. This function +unlike @code{gnutls_hex_decode()} can parse hex data with separators +between numbers. That is, it ignores any non-hex characters. + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, otherwise a negative error code. + +@strong{Since:} 2.4.0 +@end deftypefun + +@subheading gnutls_hex_decode +@anchor{gnutls_hex_decode} +@deftypefun {int} {gnutls_hex_decode} (const gnutls_datum_t * @var{hex_data}, void * @var{result}, size_t * @var{result_size}) +@var{hex_data}: contain the encoded data + +@var{result}: the place where decoded data will be copied + +@var{result_size}: holds the size of the result + +This function will decode the given encoded data, using the hex +encoding used by PSK password files. + +Initially @code{result_size} must hold the maximum size available in + @code{result} , and on return it will contain the number of bytes written. + +@strong{Returns:} @code{GNUTLS_E_SHORT_MEMORY_BUFFER} if the buffer given is not +long enough, @code{GNUTLS_E_PARSING_ERROR} on invalid hex data, or 0 on success. +@end deftypefun + +@subheading gnutls_hex_decode2 +@anchor{gnutls_hex_decode2} +@deftypefun {int} {gnutls_hex_decode2} (const gnutls_datum_t * @var{hex_data}, gnutls_datum_t * @var{result}) +@var{hex_data}: contain the encoded data + +@var{result}: the result in an allocated string + +This function will decode the given encoded data, using the hex +encoding used by PSK password files. + +@strong{Returns:} @code{GNUTLS_E_PARSING_ERROR} on invalid hex data, or 0 on success. +@end deftypefun + +@subheading gnutls_hex_encode +@anchor{gnutls_hex_encode} +@deftypefun {int} {gnutls_hex_encode} (const gnutls_datum_t * @var{data}, char * @var{result}, size_t * @var{result_size}) +@var{data}: contain the raw data + +@var{result}: the place where hex data will be copied + +@var{result_size}: holds the size of the result + +This function will convert the given data to printable data, using +the hex encoding, as used in the PSK password files. + +Note that the size of the result includes the null terminator. + +@strong{Returns:} @code{GNUTLS_E_SHORT_MEMORY_BUFFER} if the buffer given is not +long enough, or 0 on success. +@end deftypefun + +@subheading gnutls_hex_encode2 +@anchor{gnutls_hex_encode2} +@deftypefun {int} {gnutls_hex_encode2} (const gnutls_datum_t * @var{data}, gnutls_datum_t * @var{result}) +@var{data}: contain the raw data + +@var{result}: the result in an allocated string + +This function will convert the given data to printable data, using +the hex encoding, as used in the PSK password files. + +Note that the size of the result does NOT include the null terminator. + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, otherwise a negative error code. +@end deftypefun + +@subheading gnutls_idna_map +@anchor{gnutls_idna_map} +@deftypefun {int} {gnutls_idna_map} (const char * @var{input}, unsigned @var{ilen}, gnutls_datum_t * @var{out}, unsigned @var{flags}) +@var{input}: contain the UTF-8 formatted domain name + +@var{ilen}: the length of the provided string + +@var{out}: the result in an null-terminated allocated string + +@var{flags}: should be zero + +This function will convert the provided UTF-8 domain name, to +its IDNA mapping in an allocated variable. Note that depending on the flags the used gnutls +library was compiled with, the output of this function may vary (i.e., +may be IDNA2008, or IDNA2003). + +To force IDNA2008 specify the flag @code{GNUTLS_IDNA_FORCE_2008} . In +the case GnuTLS is not compiled with the necessary dependencies, +@code{GNUTLS_E_UNIMPLEMENTED_FEATURE} will be returned to indicate that +gnutls is unable to perform the requested conversion. + +Note also, that this function will return an empty string if an +empty string is provided as input. + +@strong{Returns:} @code{GNUTLS_E_INVALID_UTF8_STRING} on invalid UTF-8 data, or 0 on success. + +@strong{Since:} 3.5.8 +@end deftypefun + +@subheading gnutls_idna_reverse_map +@anchor{gnutls_idna_reverse_map} +@deftypefun {int} {gnutls_idna_reverse_map} (const char * @var{input}, unsigned @var{ilen}, gnutls_datum_t * @var{out}, unsigned @var{flags}) +@var{input}: contain the ACE (IDNA) formatted domain name + +@var{ilen}: the length of the provided string + +@var{out}: the result in an null-terminated allocated UTF-8 string + +@var{flags}: should be zero + +This function will convert an ACE (ASCII-encoded) domain name to a UTF-8 domain name. + +If GnuTLS is compiled without IDNA support, then this function +will return @code{GNUTLS_E_UNIMPLEMENTED_FEATURE} . + +Note also, that this function will return an empty string if an +empty string is provided as input. + +@strong{Returns:} A negative error code on error, or 0 on success. + +@strong{Since:} 3.5.8 +@end deftypefun + +@subheading gnutls_init +@anchor{gnutls_init} +@deftypefun {int} {gnutls_init} (gnutls_session_t * @var{session}, unsigned int @var{flags}) +@var{session}: is a pointer to a @code{gnutls_session_t} type. + +@var{flags}: indicate if this session is to be used for server or client. + +This function initializes the provided session. Every +session must be initialized before use, and must be deinitialized +after used by calling @code{gnutls_deinit()} . + + @code{flags} can be any combination of flags from @code{gnutls_init_flags_t} . + +Note that since version 3.1.2 this function enables some common +TLS extensions such as session tickets and OCSP certificate status +request in client side by default. To prevent that use the @code{GNUTLS_NO_EXTENSIONS} +flag. + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, or an error code. +@end deftypefun + +@subheading gnutls_key_generate +@anchor{gnutls_key_generate} +@deftypefun {int} {gnutls_key_generate} (gnutls_datum_t * @var{key}, unsigned int @var{key_size}) +@var{key}: is a pointer to a @code{gnutls_datum_t} which will contain a newly +created key + +@var{key_size}: the number of bytes of the key + +Generates a random key of @code{key_size} bytes. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, or an +error code. + +@strong{Since:} 3.0 +@end deftypefun + +@subheading gnutls_kx_get +@anchor{gnutls_kx_get} +@deftypefun {gnutls_kx_algorithm_t} {gnutls_kx_get} (gnutls_session_t @var{session}) +@var{session}: is a @code{gnutls_session_t} type. + +Get the currently used key exchange algorithm. + +This function will return @code{GNUTLS_KX_ECDHE_RSA} , or @code{GNUTLS_KX_DHE_RSA} +under TLS 1.3, to indicate an elliptic curve DH key exchange or +a finite field one. The precise group used is available +by calling @code{gnutls_group_get()} instead. + +@strong{Returns:} the key exchange algorithm used in the last handshake, a +@code{gnutls_kx_algorithm_t} value. +@end deftypefun + +@subheading gnutls_kx_get_id +@anchor{gnutls_kx_get_id} +@deftypefun {gnutls_kx_algorithm_t} {gnutls_kx_get_id} (const char * @var{name}) +@var{name}: is a KX name + +Convert a string to a @code{gnutls_kx_algorithm_t} value. The names are +compared in a case insensitive way. + +@strong{Returns:} an id of the specified KX algorithm, or @code{GNUTLS_KX_UNKNOWN} +on error. +@end deftypefun + +@subheading gnutls_kx_get_name +@anchor{gnutls_kx_get_name} +@deftypefun {const char *} {gnutls_kx_get_name} (gnutls_kx_algorithm_t @var{algorithm}) +@var{algorithm}: is a key exchange algorithm + +Convert a @code{gnutls_kx_algorithm_t} value to a string. + +@strong{Returns:} a pointer to a string that contains the name of the +specified key exchange algorithm, or @code{NULL} . +@end deftypefun + +@subheading gnutls_kx_list +@anchor{gnutls_kx_list} +@deftypefun {const gnutls_kx_algorithm_t *} {gnutls_kx_list} ( @var{void}) + +Get a list of supported key exchange algorithms. + +This function is not thread safe. + +@strong{Returns:} a (0)-terminated list of @code{gnutls_kx_algorithm_t} integers +indicating the available key exchange algorithms. +@end deftypefun + +@subheading gnutls_load_file +@anchor{gnutls_load_file} +@deftypefun {int} {gnutls_load_file} (const char * @var{filename}, gnutls_datum_t * @var{data}) +@var{filename}: the name of the file to load + +@var{data}: Where the file will be stored + +This function will load a file into a datum. The data are +zero terminated but the terminating null is not included in length. +The returned data are allocated using @code{gnutls_malloc()} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise +an error code is returned. + +Since 3.1.0 +@end deftypefun + +@subheading gnutls_mac_get +@anchor{gnutls_mac_get} +@deftypefun {gnutls_mac_algorithm_t} {gnutls_mac_get} (gnutls_session_t @var{session}) +@var{session}: is a @code{gnutls_session_t} type. + +Get the currently used MAC algorithm. + +@strong{Returns:} the currently used mac algorithm, a +@code{gnutls_mac_algorithm_t} value. +@end deftypefun + +@subheading gnutls_mac_get_id +@anchor{gnutls_mac_get_id} +@deftypefun {gnutls_mac_algorithm_t} {gnutls_mac_get_id} (const char * @var{name}) +@var{name}: is a MAC algorithm name + +Convert a string to a @code{gnutls_mac_algorithm_t} value. The names are +compared in a case insensitive way. + +@strong{Returns:} a @code{gnutls_mac_algorithm_t} id of the specified MAC +algorithm string, or @code{GNUTLS_MAC_UNKNOWN} on failure. +@end deftypefun + +@subheading gnutls_mac_get_key_size +@anchor{gnutls_mac_get_key_size} +@deftypefun {size_t} {gnutls_mac_get_key_size} (gnutls_mac_algorithm_t @var{algorithm}) +@var{algorithm}: is an encryption algorithm + +Returns the size of the MAC key used in TLS. + +@strong{Returns:} length (in bytes) of the given MAC key size, or 0 if the +given MAC algorithm is invalid. +@end deftypefun + +@subheading gnutls_mac_get_name +@anchor{gnutls_mac_get_name} +@deftypefun {const char *} {gnutls_mac_get_name} (gnutls_mac_algorithm_t @var{algorithm}) +@var{algorithm}: is a MAC algorithm + +Convert a @code{gnutls_mac_algorithm_t} value to a string. + +@strong{Returns:} a string that contains the name of the specified MAC +algorithm, or @code{NULL} . +@end deftypefun + +@subheading gnutls_mac_list +@anchor{gnutls_mac_list} +@deftypefun {const gnutls_mac_algorithm_t *} {gnutls_mac_list} ( @var{void}) + +Get a list of hash algorithms for use as MACs. Note that not +necessarily all MACs are supported in TLS cipher suites. +This function is not thread safe. + +@strong{Returns:} Return a (0)-terminated list of @code{gnutls_mac_algorithm_t} +integers indicating the available MACs. +@end deftypefun + +@subheading gnutls_memcmp +@anchor{gnutls_memcmp} +@deftypefun {int} {gnutls_memcmp} (const void * @var{s1}, const void * @var{s2}, size_t @var{n}) +@var{s1}: the first address to compare + +@var{s2}: the second address to compare + +@var{n}: the size of memory to compare + +This function will operate similarly to @code{memcmp()} , but will operate +on time that depends only on the size of the string. That is will +not return early if the strings don't match on the first byte. + +@strong{Returns:} non zero on difference and zero if the buffers are identical. + +@strong{Since:} 3.4.0 +@end deftypefun + +@subheading gnutls_memset +@anchor{gnutls_memset} +@deftypefun {void} {gnutls_memset} (void * @var{data}, int @var{c}, size_t @var{size}) +@var{data}: the memory to set + +@var{c}: the constant byte to fill the memory with + +@var{size}: the size of memory + +This function will operate similarly to @code{memset()} , but will +not be optimized out by the compiler. + +@strong{Since:} 3.4.0 +@end deftypefun + +@subheading gnutls_ocsp_status_request_enable_client +@anchor{gnutls_ocsp_status_request_enable_client} +@deftypefun {int} {gnutls_ocsp_status_request_enable_client} (gnutls_session_t @var{session}, gnutls_datum_t * @var{responder_id}, size_t @var{responder_id_size}, gnutls_datum_t * @var{extensions}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{responder_id}: ignored, must be @code{NULL} + +@var{responder_id_size}: ignored, must be zero + +@var{extensions}: ignored, must be @code{NULL} + +This function is to be used by clients to request OCSP response +from the server, using the "status_request" TLS extension. Only +OCSP status type is supported. + +Previous versions of GnuTLS supported setting @code{responder_id} and + @code{extensions} fields, but due to the difficult semantics of the +parameter usage, and other issues, this support was removed +since 3.6.0 and these parameters must be set to @code{NULL} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, +otherwise a negative error code is returned. + +@strong{Since:} 3.1.3 +@end deftypefun + +@subheading gnutls_ocsp_status_request_get +@anchor{gnutls_ocsp_status_request_get} +@deftypefun {int} {gnutls_ocsp_status_request_get} (gnutls_session_t @var{session}, gnutls_datum_t * @var{response}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{response}: a @code{gnutls_datum_t} with DER encoded OCSP response + +This function returns the OCSP status response received +from the TLS server. The @code{response} should be treated as +constant. If no OCSP response is available then +@code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} is returned. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, +otherwise a negative error code is returned. + +@strong{Since:} 3.1.3 +@end deftypefun + +@subheading gnutls_ocsp_status_request_get2 +@anchor{gnutls_ocsp_status_request_get2} +@deftypefun {int} {gnutls_ocsp_status_request_get2} (gnutls_session_t @var{session}, unsigned @var{idx}, gnutls_datum_t * @var{response}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{idx}: the index of peer's certificate + +@var{response}: a @code{gnutls_datum_t} with DER encoded OCSP response + +This function returns the OCSP status response received +from the TLS server for the certificate index provided. +The index corresponds to certificates as returned by +gnutls_certificate_get_peers. When index is zero this +function operates identically to @code{gnutls_ocsp_status_request_get()} . + +The returned @code{response} should be treated as +constant. If no OCSP response is available for the +given index then @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} +is returned. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, +otherwise a negative error code is returned. + +@strong{Since:} 3.6.3 +@end deftypefun + +@subheading gnutls_ocsp_status_request_is_checked +@anchor{gnutls_ocsp_status_request_is_checked} +@deftypefun {int} {gnutls_ocsp_status_request_is_checked} (gnutls_session_t @var{session}, unsigned int @var{flags}) +@var{session}: is a gnutls session + +@var{flags}: should be zero or @code{GNUTLS_OCSP_SR_IS_AVAIL} + +When flags are zero this function returns non-zero if a valid OCSP status +response was included in the TLS handshake. That is, an OCSP status response +which is not too old or superseded. It returns zero otherwise. + +When the flag @code{GNUTLS_OCSP_SR_IS_AVAIL} is specified, the function +returns non-zero if an OCSP status response was included in the handshake +even if it was invalid. Otherwise, if no OCSP status response was included, +it returns zero. The @code{GNUTLS_OCSP_SR_IS_AVAIL} flag was introduced in GnuTLS 3.4.0. + +This is a helper function when needing to decide whether to perform an +explicit OCSP validity check on the peer's certificate. Should be called after +any of gnutls_certificate_verify_peers*() are called. + +@strong{Returns:} non zero if the response was valid, or a zero if it wasn't sent, +or sent and was invalid. + +@strong{Since:} 3.1.4 +@end deftypefun + +@subheading gnutls_oid_to_digest +@anchor{gnutls_oid_to_digest} +@deftypefun {gnutls_digest_algorithm_t} {gnutls_oid_to_digest} (const char * @var{oid}) +@var{oid}: is an object identifier + +Converts a textual object identifier to a @code{gnutls_digest_algorithm_t} value. + +@strong{Returns:} a @code{gnutls_digest_algorithm_t} id of the specified digest +algorithm, or @code{GNUTLS_DIG_UNKNOWN} on failure. + +@strong{Since:} 3.4.3 +@end deftypefun + +@subheading gnutls_oid_to_ecc_curve +@anchor{gnutls_oid_to_ecc_curve} +@deftypefun {gnutls_ecc_curve_t} {gnutls_oid_to_ecc_curve} (const char * @var{oid}) +@var{oid}: is a curve's OID + + +@strong{Returns:} return a @code{gnutls_ecc_curve_t} value corresponding to +the specified OID, or @code{GNUTLS_ECC_CURVE_INVALID} on error. + +@strong{Since:} 3.4.3 +@end deftypefun + +@subheading gnutls_oid_to_gost_paramset +@anchor{gnutls_oid_to_gost_paramset} +@deftypefun {gnutls_gost_paramset_t} {gnutls_oid_to_gost_paramset} (const char * @var{oid}) +@var{oid}: is an object identifier + +Converts a textual object identifier to a @code{gnutls_gost_paramset_t} value. + +@strong{Returns:} a @code{gnutls_gost_paramset_get_oid} of the specified GOST 28147 +param st, or @code{GNUTLS_GOST_PARAMSET_UNKNOWN} on failure. + +@strong{Since:} 3.6.3 +@end deftypefun + +@subheading gnutls_oid_to_mac +@anchor{gnutls_oid_to_mac} +@deftypefun {gnutls_mac_algorithm_t} {gnutls_oid_to_mac} (const char * @var{oid}) +@var{oid}: is an object identifier + +Converts a textual object identifier typically from PKCS@code{5} values to a @code{gnutls_mac_algorithm_t} value. + +@strong{Returns:} a @code{gnutls_mac_algorithm_t} id of the specified digest +algorithm, or @code{GNUTLS_MAC_UNKNOWN} on failure. + +@strong{Since:} 3.5.4 +@end deftypefun + +@subheading gnutls_oid_to_pk +@anchor{gnutls_oid_to_pk} +@deftypefun {gnutls_pk_algorithm_t} {gnutls_oid_to_pk} (const char * @var{oid}) +@var{oid}: is an object identifier + +Converts a textual object identifier to a @code{gnutls_pk_algorithm_t} value. + +@strong{Returns:} a @code{gnutls_pk_algorithm_t} id of the specified digest +algorithm, or @code{GNUTLS_PK_UNKNOWN} on failure. + +@strong{Since:} 3.4.3 +@end deftypefun + +@subheading gnutls_oid_to_sign +@anchor{gnutls_oid_to_sign} +@deftypefun {gnutls_sign_algorithm_t} {gnutls_oid_to_sign} (const char * @var{oid}) +@var{oid}: is an object identifier + +Converts a textual object identifier to a @code{gnutls_sign_algorithm_t} value. + +@strong{Returns:} a @code{gnutls_sign_algorithm_t} id of the specified digest +algorithm, or @code{GNUTLS_SIGN_UNKNOWN} on failure. + +@strong{Since:} 3.4.3 +@end deftypefun + +@subheading gnutls_openpgp_send_cert +@anchor{gnutls_openpgp_send_cert} +@deftypefun {void} {gnutls_openpgp_send_cert} (gnutls_session_t @var{session}, gnutls_openpgp_crt_status_t @var{status}) +@var{session}: is a gnutls session + +@var{status}: is ignored + +This function is no-op. + +@strong{Returns:} @code{GNUTLS_E_UNIMPLEMENTED_FEATURE} . +@end deftypefun + +@subheading gnutls_packet_deinit +@anchor{gnutls_packet_deinit} +@deftypefun {void} {gnutls_packet_deinit} (gnutls_packet_t @var{packet}) +@var{packet}: is a pointer to a @code{gnutls_packet_st} structure. + +This function will deinitialize all data associated with +the received packet. + +@strong{Since:} 3.3.5 +@end deftypefun + +@subheading gnutls_packet_get +@anchor{gnutls_packet_get} +@deftypefun {void} {gnutls_packet_get} (gnutls_packet_t @var{packet}, gnutls_datum_t * @var{data}, unsigned char * @var{sequence}) +@var{packet}: is a @code{gnutls_packet_t} type. + +@var{data}: will contain the data present in the @code{packet} structure (may be @code{NULL} ) + +@var{sequence}: the 8-bytes of the packet sequence number (may be @code{NULL} ) + +This function returns the data and sequence number associated with +the received packet. + +@strong{Since:} 3.3.5 +@end deftypefun + +@subheading gnutls_pem_base64_decode +@anchor{gnutls_pem_base64_decode} +@deftypefun {int} {gnutls_pem_base64_decode} (const char * @var{header}, const gnutls_datum_t * @var{b64_data}, unsigned char * @var{result}, size_t * @var{result_size}) +@var{header}: A null terminated string with the PEM header (eg. CERTIFICATE) + +@var{b64_data}: contain the encoded data + +@var{result}: the place where decoded data will be copied + +@var{result_size}: holds the size of the result + +This function will decode the given encoded data. If the header +given is non @code{NULL} this function will search for "-----BEGIN header" +and decode only this part. Otherwise it will decode the first PEM +packet found. + +@strong{Returns:} On success @code{GNUTLS_E_SUCCESS} (0) is returned, +@code{GNUTLS_E_SHORT_MEMORY_BUFFER} is returned if the buffer given is +not long enough, or 0 on success. +@end deftypefun + +@subheading gnutls_pem_base64_decode2 +@anchor{gnutls_pem_base64_decode2} +@deftypefun {int} {gnutls_pem_base64_decode2} (const char * @var{header}, const gnutls_datum_t * @var{b64_data}, gnutls_datum_t * @var{result}) +@var{header}: The PEM header (eg. CERTIFICATE) + +@var{b64_data}: contains the encoded data + +@var{result}: the location of decoded data + +This function will decode the given encoded data. The decoded data +will be allocated, and stored into result. If the header given is +non null this function will search for "-----BEGIN header" and +decode only this part. Otherwise it will decode the first PEM +packet found. + +You should use @code{gnutls_free()} to free the returned data. + +Note, that prior to GnuTLS 3.4.0 this function was available +under the name @code{gnutls_pem_base64_decode_alloc()} . There is +compatibility macro pointing to this function. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise +an error code is returned. + +@strong{Since:} 3.4.0 +@end deftypefun + +@subheading gnutls_pem_base64_encode +@anchor{gnutls_pem_base64_encode} +@deftypefun {int} {gnutls_pem_base64_encode} (const char * @var{msg}, const gnutls_datum_t * @var{data}, char * @var{result}, size_t * @var{result_size}) +@var{msg}: is a message to be put in the header (may be @code{NULL} ) + +@var{data}: contain the raw data + +@var{result}: the place where base64 data will be copied + +@var{result_size}: holds the size of the result + +This function will convert the given data to printable data, using +the base64 encoding. This is the encoding used in PEM messages. + +The output string will be null terminated, although the output size will +not include the terminating null. + +@strong{Returns:} On success @code{GNUTLS_E_SUCCESS} (0) is returned, +@code{GNUTLS_E_SHORT_MEMORY_BUFFER} is returned if the buffer given is +not long enough, or 0 on success. +@end deftypefun + +@subheading gnutls_pem_base64_encode2 +@anchor{gnutls_pem_base64_encode2} +@deftypefun {int} {gnutls_pem_base64_encode2} (const char * @var{header}, const gnutls_datum_t * @var{data}, gnutls_datum_t * @var{result}) +@var{header}: is a message to be put in the encoded header (may be @code{NULL} ) + +@var{data}: contains the raw data + +@var{result}: will hold the newly allocated encoded data + +This function will convert the given data to printable data, using +the base64 encoding. This is the encoding used in PEM messages. +This function will allocate the required memory to hold the encoded +data. + +You should use @code{gnutls_free()} to free the returned data. + +Note, that prior to GnuTLS 3.4.0 this function was available +under the name @code{gnutls_pem_base64_encode_alloc()} . There is +compatibility macro pointing to this function. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise +an error code is returned. + +@strong{Since:} 3.4.0 +@end deftypefun + +@subheading gnutls_perror +@anchor{gnutls_perror} +@deftypefun {void} {gnutls_perror} (int @var{error}) +@var{error}: is a GnuTLS error code, a negative error code + +This function is like @code{perror()} . The only difference is that it +accepts an error number returned by a gnutls function. +@end deftypefun + +@subheading gnutls_pk_algorithm_get_name +@anchor{gnutls_pk_algorithm_get_name} +@deftypefun {const char *} {gnutls_pk_algorithm_get_name} (gnutls_pk_algorithm_t @var{algorithm}) +@var{algorithm}: is a pk algorithm + +Convert a @code{gnutls_pk_algorithm_t} value to a string. + +@strong{Returns:} a string that contains the name of the specified public +key algorithm, or @code{NULL} . +@end deftypefun + +@subheading gnutls_pk_bits_to_sec_param +@anchor{gnutls_pk_bits_to_sec_param} +@deftypefun {gnutls_sec_param_t} {gnutls_pk_bits_to_sec_param} (gnutls_pk_algorithm_t @var{algo}, unsigned int @var{bits}) +@var{algo}: is a public key algorithm + +@var{bits}: is the number of bits + +This is the inverse of @code{gnutls_sec_param_to_pk_bits()} . Given an algorithm +and the number of bits, it will return the security parameter. This is +a rough indication. + +@strong{Returns:} The security parameter. + +@strong{Since:} 2.12.0 +@end deftypefun + +@subheading gnutls_pk_get_id +@anchor{gnutls_pk_get_id} +@deftypefun {gnutls_pk_algorithm_t} {gnutls_pk_get_id} (const char * @var{name}) +@var{name}: is a string containing a public key algorithm name. + +Convert a string to a @code{gnutls_pk_algorithm_t} value. The names are +compared in a case insensitive way. For example, +gnutls_pk_get_id("RSA") will return @code{GNUTLS_PK_RSA} . + +@strong{Returns:} a @code{gnutls_pk_algorithm_t} id of the specified public key +algorithm string, or @code{GNUTLS_PK_UNKNOWN} on failures. + +@strong{Since:} 2.6.0 +@end deftypefun + +@subheading gnutls_pk_get_name +@anchor{gnutls_pk_get_name} +@deftypefun {const char *} {gnutls_pk_get_name} (gnutls_pk_algorithm_t @var{algorithm}) +@var{algorithm}: is a public key algorithm + +Convert a @code{gnutls_pk_algorithm_t} value to a string. + +@strong{Returns:} a pointer to a string that contains the name of the +specified public key algorithm, or @code{NULL} . + +@strong{Since:} 2.6.0 +@end deftypefun + +@subheading gnutls_pk_get_oid +@anchor{gnutls_pk_get_oid} +@deftypefun {const char *} {gnutls_pk_get_oid} (gnutls_pk_algorithm_t @var{algorithm}) +@var{algorithm}: is a public key algorithm + +Convert a @code{gnutls_pk_algorithm_t} value to its object identifier string. + +@strong{Returns:} a pointer to a string that contains the object identifier of the +specified public key algorithm, or @code{NULL} . + +@strong{Since:} 3.4.3 +@end deftypefun + +@subheading gnutls_pk_list +@anchor{gnutls_pk_list} +@deftypefun {const gnutls_pk_algorithm_t *} {gnutls_pk_list} ( @var{void}) + +Get a list of supported public key algorithms. + +This function is not thread safe. + +@strong{Returns:} a (0)-terminated list of @code{gnutls_pk_algorithm_t} integers +indicating the available ciphers. + +@strong{Since:} 2.6.0 +@end deftypefun + +@subheading gnutls_pk_to_sign +@anchor{gnutls_pk_to_sign} +@deftypefun {gnutls_sign_algorithm_t} {gnutls_pk_to_sign} (gnutls_pk_algorithm_t @var{pk}, gnutls_digest_algorithm_t @var{hash}) +@var{pk}: is a public key algorithm + +@var{hash}: a hash algorithm + +This function maps public key and hash algorithms combinations +to signature algorithms. + +@strong{Returns:} return a @code{gnutls_sign_algorithm_t} value, or @code{GNUTLS_SIGN_UNKNOWN} on error. +@end deftypefun + +@subheading gnutls_prf +@anchor{gnutls_prf} +@deftypefun {int} {gnutls_prf} (gnutls_session_t @var{session}, size_t @var{label_size}, const char * @var{label}, int @var{server_random_first}, size_t @var{extra_size}, const char * @var{extra}, size_t @var{outsize}, char * @var{out}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{label_size}: length of the @code{label} variable. + +@var{label}: label used in PRF computation, typically a short string. + +@var{server_random_first}: non-zero if server random field should be first in seed + +@var{extra_size}: length of the @code{extra} variable. + +@var{extra}: optional extra data to seed the PRF with. + +@var{outsize}: size of pre-allocated output buffer to hold the output. + +@var{out}: pre-allocated buffer to hold the generated data. + +Applies the TLS Pseudo-Random-Function (PRF) on the master secret +and the provided data, seeded with the client and server random fields. +For the key expansion specified in RFC5705 see @code{gnutls_prf_rfc5705()} . + +The @code{label} variable usually contains a string denoting the purpose +for the generated data. The @code{server_random_first} indicates whether +the client random field or the server random field should be first +in the seed. Non-zero indicates that the server random field is first, +0 that the client random field is first. + +The @code{extra} variable can be used to add more data to the seed, after +the random variables. It can be used to make sure the +generated output is strongly connected to some additional data +(e.g., a string used in user authentication). + +The output is placed in @code{out} , which must be pre-allocated. + +@strong{Note:} This function produces identical output with @code{gnutls_prf_rfc5705()} +when @code{server_random_first} is set to 0 and @code{extra} is @code{NULL} . Under TLS1.3 +this function will only operate when these conditions are true, or otherwise +return @code{GNUTLS_E_INVALID_REQUEST} . + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, or an error code. +@end deftypefun + +@subheading gnutls_prf_early +@anchor{gnutls_prf_early} +@deftypefun {int} {gnutls_prf_early} (gnutls_session_t @var{session}, size_t @var{label_size}, const char * @var{label}, size_t @var{context_size}, const char * @var{context}, size_t @var{outsize}, char * @var{out}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{label_size}: length of the @code{label} variable. + +@var{label}: label used in PRF computation, typically a short string. + +@var{context_size}: length of the @code{extra} variable. + +@var{context}: optional extra data to seed the PRF with. + +@var{outsize}: size of pre-allocated output buffer to hold the output. + +@var{out}: pre-allocated buffer to hold the generated data. + +This function is similar to @code{gnutls_prf_rfc5705()} , but only works in +TLS 1.3 or later to export early keying material. + +Note that the keying material is only available after the +ClientHello message is processed and before the application traffic +keys are established. Therefore this function shall be called in a +handshake hook function for @code{GNUTLS_HANDSHAKE_CLIENT_HELLO} . + +The @code{label} variable usually contains a string denoting the purpose +for the generated data. + +The @code{context} variable can be used to add more data to the seed, after +the random variables. It can be used to make sure the +generated output is strongly connected to some additional data +(e.g., a string used in user authentication). + +The output is placed in @code{out} , which must be pre-allocated. + +Note that, to provide the RFC5705 context, the @code{context} variable +must be non-null. + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, or an error code. + +@strong{Since:} 3.6.6 +@end deftypefun + +@subheading gnutls_prf_raw +@anchor{gnutls_prf_raw} +@deftypefun {int} {gnutls_prf_raw} (gnutls_session_t @var{session}, size_t @var{label_size}, const char * @var{label}, size_t @var{seed_size}, const char * @var{seed}, size_t @var{outsize}, char * @var{out}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{label_size}: length of the @code{label} variable. + +@var{label}: label used in PRF computation, typically a short string. + +@var{seed_size}: length of the @code{seed} variable. + +@var{seed}: optional extra data to seed the PRF with. + +@var{outsize}: size of pre-allocated output buffer to hold the output. + +@var{out}: pre-allocated buffer to hold the generated data. + +Apply the TLS Pseudo-Random-Function (PRF) on the master secret +and the provided data. + +The @code{label} variable usually contains a string denoting the purpose +for the generated data. The @code{seed} usually contains data such as the +client and server random, perhaps together with some additional +data that is added to guarantee uniqueness of the output for a +particular purpose. + +Because the output is not guaranteed to be unique for a particular +session unless @code{seed} includes the client random and server random +fields (the PRF would output the same data on another connection +resumed from the first one), it is not recommended to use this +function directly. The @code{gnutls_prf()} function seeds the PRF with the +client and server random fields directly, and is recommended if you +want to generate pseudo random data unique for each session. + +@strong{Note:} This function will only operate under TLS versions prior to 1.3. +In TLS1.3 the use of PRF is replaced with HKDF and the generic +exporters like @code{gnutls_prf_rfc5705()} should be used instead. Under +TLS1.3 this function returns @code{GNUTLS_E_INVALID_REQUEST} . + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, or an error code. +@end deftypefun + +@subheading gnutls_prf_rfc5705 +@anchor{gnutls_prf_rfc5705} +@deftypefun {int} {gnutls_prf_rfc5705} (gnutls_session_t @var{session}, size_t @var{label_size}, const char * @var{label}, size_t @var{context_size}, const char * @var{context}, size_t @var{outsize}, char * @var{out}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{label_size}: length of the @code{label} variable. + +@var{label}: label used in PRF computation, typically a short string. + +@var{context_size}: length of the @code{extra} variable. + +@var{context}: optional extra data to seed the PRF with. + +@var{outsize}: size of pre-allocated output buffer to hold the output. + +@var{out}: pre-allocated buffer to hold the generated data. + +Exports keying material from TLS/DTLS session to an application, as +specified in RFC5705. + +In the TLS versions prior to 1.3, it applies the TLS +Pseudo-Random-Function (PRF) on the master secret and the provided +data, seeded with the client and server random fields. + +In TLS 1.3, it applies HKDF on the exporter master secret derived +from the master secret. + +The @code{label} variable usually contains a string denoting the purpose +for the generated data. + +The @code{context} variable can be used to add more data to the seed, after +the random variables. It can be used to make sure the +generated output is strongly connected to some additional data +(e.g., a string used in user authentication). + +The output is placed in @code{out} , which must be pre-allocated. + +Note that, to provide the RFC5705 context, the @code{context} variable +must be non-null. + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, or an error code. + +@strong{Since:} 3.4.4 +@end deftypefun + +@subheading gnutls_priority_certificate_type_list +@anchor{gnutls_priority_certificate_type_list} +@deftypefun {int} {gnutls_priority_certificate_type_list} (gnutls_priority_t @var{pcache}, const unsigned int ** @var{list}) +@var{pcache}: is a @code{gnutls_prioritity_t} type. + +@var{list}: will point to an integer list + +Get a list of available certificate types in the priority +structure. + +As of version 3.6.4 this function is an alias for +gnutls_priority_certificate_type_list2 with the target parameter +set to: +- GNUTLS_CTYPE_SERVER, if the @code{SERVER_PRECEDENCE} option is set +- GNUTLS_CTYPE_CLIENT, otherwise. + +@strong{Returns:} the number of certificate types, or an error code. + +@strong{Since:} 3.0 +@end deftypefun + +@subheading gnutls_priority_certificate_type_list2 +@anchor{gnutls_priority_certificate_type_list2} +@deftypefun {int} {gnutls_priority_certificate_type_list2} (gnutls_priority_t @var{pcache}, const unsigned int ** @var{list}, gnutls_ctype_target_t @var{target}) +@var{pcache}: is a @code{gnutls_prioritity_t} type. + +@var{list}: will point to an integer list. + +@var{target}: is a @code{gnutls_ctype_target_t} type. Valid arguments are +GNUTLS_CTYPE_CLIENT and GNUTLS_CTYPE_SERVER + +Get a list of available certificate types for the given target +in the priority structure. + +@strong{Returns:} the number of certificate types, or an error code. + +@strong{Since:} 3.6.4 +@end deftypefun + +@subheading gnutls_priority_cipher_list +@anchor{gnutls_priority_cipher_list} +@deftypefun {int} {gnutls_priority_cipher_list} (gnutls_priority_t @var{pcache}, const unsigned int ** @var{list}) +@var{pcache}: is a @code{gnutls_prioritity_t} type. + +@var{list}: will point to an integer list + +Get a list of available ciphers in the priority +structure. + +@strong{Returns:} the number of items, or an error code. + +@strong{Since:} 3.2.3 +@end deftypefun + +@subheading gnutls_priority_deinit +@anchor{gnutls_priority_deinit} +@deftypefun {void} {gnutls_priority_deinit} (gnutls_priority_t @var{priority_cache}) +@var{priority_cache}: is a @code{gnutls_prioritity_t} type. + +Deinitializes the priority cache. +@end deftypefun + +@subheading gnutls_priority_ecc_curve_list +@anchor{gnutls_priority_ecc_curve_list} +@deftypefun {int} {gnutls_priority_ecc_curve_list} (gnutls_priority_t @var{pcache}, const unsigned int ** @var{list}) +@var{pcache}: is a @code{gnutls_prioritity_t} type. + +@var{list}: will point to an integer list + +Get a list of available elliptic curves in the priority +structure. + +@strong{Deprecated:} This function has been replaced by +@code{gnutls_priority_group_list()} since 3.6.0. + +@strong{Returns:} the number of items, or an error code. + +@strong{Since:} 3.0 +@end deftypefun + +@subheading gnutls_priority_get_cipher_suite_index +@anchor{gnutls_priority_get_cipher_suite_index} +@deftypefun {int} {gnutls_priority_get_cipher_suite_index} (gnutls_priority_t @var{pcache}, unsigned int @var{idx}, unsigned int * @var{sidx}) +@var{pcache}: is a @code{gnutls_prioritity_t} type. + +@var{idx}: is an index number. + +@var{sidx}: internal index of cipher suite to get information about. + +Provides the internal ciphersuite index to be used with +@code{gnutls_cipher_suite_info()} . The index @code{idx} provided is an +index kept at the priorities structure. It might be that a valid +priorities index does not correspond to a ciphersuite and in +that case @code{GNUTLS_E_UNKNOWN_CIPHER_SUITE} will be returned. +Once the last available index is crossed then +@code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} will be returned. + +@strong{Returns:} On success it returns @code{GNUTLS_E_SUCCESS} (0), or a negative error value otherwise. + +@strong{Since:} 3.0.9 +@end deftypefun + +@subheading gnutls_priority_group_list +@anchor{gnutls_priority_group_list} +@deftypefun {int} {gnutls_priority_group_list} (gnutls_priority_t @var{pcache}, const unsigned int ** @var{list}) +@var{pcache}: is a @code{gnutls_prioritity_t} type. + +@var{list}: will point to an integer list + +Get a list of available groups in the priority +structure. + +@strong{Returns:} the number of items, or an error code. + +@strong{Since:} 3.6.0 +@end deftypefun + +@subheading gnutls_priority_init +@anchor{gnutls_priority_init} +@deftypefun {int} {gnutls_priority_init} (gnutls_priority_t * @var{priority_cache}, const char * @var{priorities}, const char ** @var{err_pos}) +@var{priority_cache}: is a @code{gnutls_prioritity_t} type. + +@var{priorities}: is a string describing priorities (may be @code{NULL} ) + +@var{err_pos}: In case of an error this will have the position in the string the error occurred + +For applications that do not modify their crypto settings per release, consider +using @code{gnutls_priority_init2()} with @code{GNUTLS_PRIORITY_INIT_DEF_APPEND} flag +instead. We suggest to use centralized crypto settings handled by the GnuTLS +library, and applications modifying the default settings to their needs. + +This function is identical to @code{gnutls_priority_init2()} with zero +flags. + +A @code{NULL} @code{priorities} string indicates the default priorities to be +used (this is available since GnuTLS 3.3.0). + +@strong{Returns:} On syntax error @code{GNUTLS_E_INVALID_REQUEST} is returned, +@code{GNUTLS_E_SUCCESS} on success, or an error code. +@end deftypefun + +@subheading gnutls_priority_init2 +@anchor{gnutls_priority_init2} +@deftypefun {int} {gnutls_priority_init2} (gnutls_priority_t * @var{priority_cache}, const char * @var{priorities}, const char ** @var{err_pos}, unsigned @var{flags}) +@var{priority_cache}: is a @code{gnutls_prioritity_t} type. + +@var{priorities}: is a string describing priorities (may be @code{NULL} ) + +@var{err_pos}: In case of an error this will have the position in the string the error occurred + +@var{flags}: zero or @code{GNUTLS_PRIORITY_INIT_DEF_APPEND} + +Sets priorities for the ciphers, key exchange methods, and macs. +The @code{priority_cache} should be deinitialized +using @code{gnutls_priority_deinit()} . + +The @code{priorities} option allows you to specify a colon +separated list of the cipher priorities to enable. +Some keywords are defined to provide quick access +to common preferences. + +When @code{flags} is set to @code{GNUTLS_PRIORITY_INIT_DEF_APPEND} then the @code{priorities} specified will be appended to the default options. + +Unless there is a special need, use the "NORMAL" keyword to +apply a reasonable security level, or "NORMAL:%COMPAT" for compatibility. + +"PERFORMANCE" means all the "secure" ciphersuites are enabled, +limited to 128 bit ciphers and sorted by terms of speed +performance. + +"LEGACY" the NORMAL settings for GnuTLS 3.2.x or earlier. There is +no verification profile set, and the allowed DH primes are considered +weak today. + +"NORMAL" means all "secure" ciphersuites. The 256-bit ciphers are +included as a fallback only. The ciphers are sorted by security +margin. + +"PFS" means all "secure" ciphersuites that support perfect forward secrecy. +The 256-bit ciphers are included as a fallback only. +The ciphers are sorted by security margin. + +"SECURE128" means all "secure" ciphersuites of security level 128-bit +or more. + +"SECURE192" means all "secure" ciphersuites of security level 192-bit +or more. + +"SUITEB128" means all the NSA SuiteB ciphersuites with security level +of 128. + +"SUITEB192" means all the NSA SuiteB ciphersuites with security level +of 192. + +"NONE" means nothing is enabled. This disables everything, including protocols. + +"@@KEYWORD1,KEYWORD2,..." The system administrator imposed settings. +The provided keyword(s) will be expanded from a configuration-time +provided file - default is: /etc/gnutls/default-priorities. +Any attributes that follow it, will be appended to the expanded +string. If multiple keywords are provided, separated by commas, +then the first keyword that exists in the configuration file +will be used. At least one of the keywords must exist, or this +function will return an error. Typical usage would be to specify +an application specified keyword first, followed by "SYSTEM" as +a default fallback. e.g., " @code{LIBVIRT} ,SYSTEM:!-VERS-SSL3.0" will +first try to find a config file entry matching "LIBVIRT", but if +that does not exist will use the entry for "SYSTEM". If "SYSTEM" +does not exist either, an error will be returned. In all cases, +the SSL3.0 protocol will be disabled. The system priority file +entries should be formatted as "KEYWORD=VALUE", e.g., +"SYSTEM=NORMAL:+ARCFOUR-128". + +Special keywords are "!", "-" and "+". +"!" or "-" appended with an algorithm will remove this algorithm. +"+" appended with an algorithm will add this algorithm. + +Check the GnuTLS manual section "Priority strings" for detailed +information. + +@strong{Examples:} +"NONE:+VERS-TLS-ALL:+MAC-ALL:+RSA:+AES-128-CBC:+SIGN-ALL:+COMP-NULL" + +"NORMAL:+ARCFOUR-128" means normal ciphers plus ARCFOUR-128. + +"SECURE128:-VERS-SSL3.0" means that only secure ciphers are +and enabled, SSL3.0 is disabled. + +"NONE:+VERS-TLS-ALL:+AES-128-CBC:+RSA:+SHA1:+COMP-NULL:+SIGN-RSA-SHA1", + +"NONE:+VERS-TLS-ALL:+AES-128-CBC:+ECDHE-RSA:+SHA1:+COMP-NULL:+SIGN-RSA-SHA1:+CURVE-SECP256R1", + +"SECURE256:+SECURE128", + +Note that "NORMAL:%COMPAT" is the most compatible mode. + +A @code{NULL} @code{priorities} string indicates the default priorities to be +used (this is available since GnuTLS 3.3.0). + +@strong{Returns:} On syntax error @code{GNUTLS_E_INVALID_REQUEST} is returned, +@code{GNUTLS_E_SUCCESS} on success, or an error code. + +@strong{Since:} 3.6.3 +@end deftypefun + +@subheading gnutls_priority_kx_list +@anchor{gnutls_priority_kx_list} +@deftypefun {int} {gnutls_priority_kx_list} (gnutls_priority_t @var{pcache}, const unsigned int ** @var{list}) +@var{pcache}: is a @code{gnutls_prioritity_t} type. + +@var{list}: will point to an integer list + +Get a list of available key exchange methods in the priority +structure. + +@strong{Returns:} the number of items, or an error code. + +@strong{Since:} 3.2.3 +@end deftypefun + +@subheading gnutls_priority_mac_list +@anchor{gnutls_priority_mac_list} +@deftypefun {int} {gnutls_priority_mac_list} (gnutls_priority_t @var{pcache}, const unsigned int ** @var{list}) +@var{pcache}: is a @code{gnutls_prioritity_t} type. + +@var{list}: will point to an integer list + +Get a list of available MAC algorithms in the priority +structure. + +@strong{Returns:} the number of items, or an error code. + +@strong{Since:} 3.2.3 +@end deftypefun + +@subheading gnutls_priority_protocol_list +@anchor{gnutls_priority_protocol_list} +@deftypefun {int} {gnutls_priority_protocol_list} (gnutls_priority_t @var{pcache}, const unsigned int ** @var{list}) +@var{pcache}: is a @code{gnutls_prioritity_t} type. + +@var{list}: will point to an integer list + +Get a list of available TLS version numbers in the priority +structure. + +@strong{Returns:} the number of protocols, or an error code. + +@strong{Since:} 3.0 +@end deftypefun + +@subheading gnutls_priority_set +@anchor{gnutls_priority_set} +@deftypefun {int} {gnutls_priority_set} (gnutls_session_t @var{session}, gnutls_priority_t @var{priority}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{priority}: is a @code{gnutls_priority_t} type. + +Sets the priorities to use on the ciphers, key exchange methods, +and macs. Note that this function is expected to be called once +per session; when called multiple times (e.g., before a re-handshake, +the caller should make sure that any new settings are not incompatible +with the original session). + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, or an error code on error. +@end deftypefun + +@subheading gnutls_priority_set_direct +@anchor{gnutls_priority_set_direct} +@deftypefun {int} {gnutls_priority_set_direct} (gnutls_session_t @var{session}, const char * @var{priorities}, const char ** @var{err_pos}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{priorities}: is a string describing priorities + +@var{err_pos}: In case of an error this will have the position in the string the error occurred + +Sets the priorities to use on the ciphers, key exchange methods, +and macs. This function avoids keeping a +priority cache and is used to directly set string priorities to a +TLS session. For documentation check the @code{gnutls_priority_init()} . + +To use a reasonable default, consider using @code{gnutls_set_default_priority()} , +or @code{gnutls_set_default_priority_append()} instead of this function. + +@strong{Returns:} On syntax error @code{GNUTLS_E_INVALID_REQUEST} is returned, +@code{GNUTLS_E_SUCCESS} on success, or an error code. +@end deftypefun + +@subheading gnutls_priority_sign_list +@anchor{gnutls_priority_sign_list} +@deftypefun {int} {gnutls_priority_sign_list} (gnutls_priority_t @var{pcache}, const unsigned int ** @var{list}) +@var{pcache}: is a @code{gnutls_prioritity_t} type. + +@var{list}: will point to an integer list + +Get a list of available signature algorithms in the priority +structure. + +@strong{Returns:} the number of algorithms, or an error code. + +@strong{Since:} 3.0 +@end deftypefun + +@subheading gnutls_priority_string_list +@anchor{gnutls_priority_string_list} +@deftypefun {const char *} {gnutls_priority_string_list} (unsigned @var{iter}, unsigned int @var{flags}) +@var{iter}: an integer counter starting from zero + +@var{flags}: one of @code{GNUTLS_PRIORITY_LIST_INIT_KEYWORDS} , @code{GNUTLS_PRIORITY_LIST_SPECIAL} + +Can be used to iterate all available priority strings. +Due to internal implementation details, there are cases where this +function can return the empty string. In that case that string should be ignored. +When no strings are available it returns @code{NULL} . + +@strong{Returns:} a priority string + +@strong{Since:} 3.4.0 +@end deftypefun + +@subheading gnutls_protocol_get_id +@anchor{gnutls_protocol_get_id} +@deftypefun {gnutls_protocol_t} {gnutls_protocol_get_id} (const char * @var{name}) +@var{name}: is a protocol name + +The names are compared in a case insensitive way. + +@strong{Returns:} an id of the specified protocol, or +@code{GNUTLS_VERSION_UNKNOWN} on error. +@end deftypefun + +@subheading gnutls_protocol_get_name +@anchor{gnutls_protocol_get_name} +@deftypefun {const char *} {gnutls_protocol_get_name} (gnutls_protocol_t @var{version}) +@var{version}: is a (gnutls) version number + +Convert a @code{gnutls_protocol_t} value to a string. + +@strong{Returns:} a string that contains the name of the specified TLS +version (e.g., "TLS1.0"), or @code{NULL} . +@end deftypefun + +@subheading gnutls_protocol_get_version +@anchor{gnutls_protocol_get_version} +@deftypefun {gnutls_protocol_t} {gnutls_protocol_get_version} (gnutls_session_t @var{session}) +@var{session}: is a @code{gnutls_session_t} type. + +Get TLS version, a @code{gnutls_protocol_t} value. + +@strong{Returns:} The version of the currently used protocol. +@end deftypefun + +@subheading gnutls_protocol_list +@anchor{gnutls_protocol_list} +@deftypefun {const gnutls_protocol_t *} {gnutls_protocol_list} ( @var{void}) + +Get a list of supported protocols, e.g. SSL 3.0, TLS 1.0 etc. + +This function is not thread safe. + +@strong{Returns:} a (0)-terminated list of @code{gnutls_protocol_t} integers +indicating the available protocols. +@end deftypefun + +@subheading gnutls_psk_allocate_client_credentials +@anchor{gnutls_psk_allocate_client_credentials} +@deftypefun {int} {gnutls_psk_allocate_client_credentials} (gnutls_psk_client_credentials_t * @var{sc}) +@var{sc}: is a pointer to a @code{gnutls_psk_server_credentials_t} type. + +Allocate a gnutls_psk_client_credentials_t structure. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise +an error code is returned. +@end deftypefun + +@subheading gnutls_psk_allocate_server_credentials +@anchor{gnutls_psk_allocate_server_credentials} +@deftypefun {int} {gnutls_psk_allocate_server_credentials} (gnutls_psk_server_credentials_t * @var{sc}) +@var{sc}: is a pointer to a @code{gnutls_psk_server_credentials_t} type. + +Allocate a gnutls_psk_server_credentials_t structure. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise +an error code is returned. +@end deftypefun + +@subheading gnutls_psk_client_get_hint +@anchor{gnutls_psk_client_get_hint} +@deftypefun {const char *} {gnutls_psk_client_get_hint} (gnutls_session_t @var{session}) +@var{session}: is a gnutls session + +The PSK identity hint may give the client help in deciding which +username to use. This should only be called in case of PSK +authentication and in case of a client. + +@strong{Note:} there is no hint in TLS 1.3, so this function will return @code{NULL} +if TLS 1.3 has been negotiated. + +@strong{Returns:} the identity hint of the peer, or @code{NULL} in case of an error or if TLS 1.3 is being used. + +@strong{Since:} 2.4.0 +@end deftypefun + +@subheading gnutls_psk_free_client_credentials +@anchor{gnutls_psk_free_client_credentials} +@deftypefun {void} {gnutls_psk_free_client_credentials} (gnutls_psk_client_credentials_t @var{sc}) +@var{sc}: is a @code{gnutls_psk_client_credentials_t} type. + +Free a gnutls_psk_client_credentials_t structure. +@end deftypefun + +@subheading gnutls_psk_free_server_credentials +@anchor{gnutls_psk_free_server_credentials} +@deftypefun {void} {gnutls_psk_free_server_credentials} (gnutls_psk_server_credentials_t @var{sc}) +@var{sc}: is a @code{gnutls_psk_server_credentials_t} type. + +Free a gnutls_psk_server_credentials_t structure. +@end deftypefun + +@subheading gnutls_psk_server_get_username +@anchor{gnutls_psk_server_get_username} +@deftypefun {const char *} {gnutls_psk_server_get_username} (gnutls_session_t @var{session}) +@var{session}: is a gnutls session + +This should only be called in case of PSK authentication and in +case of a server. + +@strong{Returns:} the username of the peer, or @code{NULL} in case of an error. +@end deftypefun + +@subheading gnutls_psk_set_client_credentials +@anchor{gnutls_psk_set_client_credentials} +@deftypefun {int} {gnutls_psk_set_client_credentials} (gnutls_psk_client_credentials_t @var{res}, const char * @var{username}, const gnutls_datum_t * @var{key}, gnutls_psk_key_flags @var{flags}) +@var{res}: is a @code{gnutls_psk_client_credentials_t} type. + +@var{username}: is the user's zero-terminated userid + +@var{key}: is the user's key + +@var{flags}: indicate the format of the key, either +@code{GNUTLS_PSK_KEY_RAW} or @code{GNUTLS_PSK_KEY_HEX} . + +This function sets the username and password, in a +gnutls_psk_client_credentials_t type. Those will be used in +PSK authentication. @code{username} should be an ASCII string or UTF-8 +string. In case of a UTF-8 string it is recommended to be following +the PRECIS framework for usernames (rfc8265). The key can be either +in raw byte format or in Hex format (without the 0x prefix). + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise +an error code is returned. +@end deftypefun + +@subheading gnutls_psk_set_client_credentials_function +@anchor{gnutls_psk_set_client_credentials_function} +@deftypefun {void} {gnutls_psk_set_client_credentials_function} (gnutls_psk_client_credentials_t @var{cred}, gnutls_psk_client_credentials_function * @var{func}) +@var{cred}: is a @code{gnutls_psk_server_credentials_t} type. + +@var{func}: is the callback function + +This function can be used to set a callback to retrieve the username and +password for client PSK authentication. +The callback's function form is: +int (*callback)(gnutls_session_t, char** username, +gnutls_datum_t* key); + +The @code{username} and @code{key} ->data must be allocated using @code{gnutls_malloc()} . +The @code{username} should be an ASCII string or UTF-8 +string. In case of a UTF-8 string it is recommended to be following +the PRECIS framework for usernames (rfc8265). + +The callback function will be called once per handshake. + +The callback function should return 0 on success. +-1 indicates an error. +@end deftypefun + +@subheading gnutls_psk_set_params_function +@anchor{gnutls_psk_set_params_function} +@deftypefun {void} {gnutls_psk_set_params_function} (gnutls_psk_server_credentials_t @var{res}, gnutls_params_function * @var{func}) +@var{res}: is a gnutls_psk_server_credentials_t type + +@var{func}: is the function to be called + +This function will set a callback in order for the server to get +the Diffie-Hellman or RSA parameters for PSK authentication. The +callback should return @code{GNUTLS_E_SUCCESS} (0) on success. + +@strong{Deprecated:} This function is unnecessary and discouraged on GnuTLS 3.6.0 +or later. Since 3.6.0, DH parameters are negotiated +following RFC7919. +@end deftypefun + +@subheading gnutls_psk_set_server_credentials_file +@anchor{gnutls_psk_set_server_credentials_file} +@deftypefun {int} {gnutls_psk_set_server_credentials_file} (gnutls_psk_server_credentials_t @var{res}, const char * @var{password_file}) +@var{res}: is a @code{gnutls_psk_server_credentials_t} type. + +@var{password_file}: is the PSK password file (passwd.psk) + +This function sets the password file, in a +@code{gnutls_psk_server_credentials_t} type. This password file +holds usernames and keys and will be used for PSK authentication. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise +an error code is returned. +@end deftypefun + +@subheading gnutls_psk_set_server_credentials_function +@anchor{gnutls_psk_set_server_credentials_function} +@deftypefun {void} {gnutls_psk_set_server_credentials_function} (gnutls_psk_server_credentials_t @var{cred}, gnutls_psk_server_credentials_function * @var{func}) +@var{cred}: is a @code{gnutls_psk_server_credentials_t} type. + +@var{func}: is the callback function + +This function can be used to set a callback to retrieve the user's PSK credentials. +The callback's function form is: +int (*callback)(gnutls_session_t, const char* username, +gnutls_datum_t* key); + + @code{username} contains the actual username. +The @code{key} must be filled in using the @code{gnutls_malloc()} . + +In case the callback returned a negative number then gnutls will +assume that the username does not exist. + +The callback function will only be called once per handshake. The +callback function should return 0 on success, while -1 indicates +an error. +@end deftypefun + +@subheading gnutls_psk_set_server_credentials_hint +@anchor{gnutls_psk_set_server_credentials_hint} +@deftypefun {int} {gnutls_psk_set_server_credentials_hint} (gnutls_psk_server_credentials_t @var{res}, const char * @var{hint}) +@var{res}: is a @code{gnutls_psk_server_credentials_t} type. + +@var{hint}: is the PSK identity hint string + +This function sets the identity hint, in a +@code{gnutls_psk_server_credentials_t} type. This hint is sent to +the client to help it chose a good PSK credential (i.e., username +and password). + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise +an error code is returned. + +@strong{Since:} 2.4.0 +@end deftypefun + +@subheading gnutls_psk_set_server_dh_params +@anchor{gnutls_psk_set_server_dh_params} +@deftypefun {void} {gnutls_psk_set_server_dh_params} (gnutls_psk_server_credentials_t @var{res}, gnutls_dh_params_t @var{dh_params}) +@var{res}: is a gnutls_psk_server_credentials_t type + +@var{dh_params}: is a structure that holds Diffie-Hellman parameters. + +This function will set the Diffie-Hellman parameters for an +anonymous server to use. These parameters will be used in +Diffie-Hellman exchange with PSK cipher suites. + +@strong{Deprecated:} This function is unnecessary and discouraged on GnuTLS 3.6.0 +or later. Since 3.6.0, DH parameters are negotiated +following RFC7919. +@end deftypefun + +@subheading gnutls_psk_set_server_known_dh_params +@anchor{gnutls_psk_set_server_known_dh_params} +@deftypefun {int} {gnutls_psk_set_server_known_dh_params} (gnutls_psk_server_credentials_t @var{res}, gnutls_sec_param_t @var{sec_param}) +@var{res}: is a gnutls_psk_server_credentials_t type + +@var{sec_param}: is an option of the @code{gnutls_sec_param_t} enumeration + +This function will set the Diffie-Hellman parameters for a +PSK server to use. These parameters will be used in +Ephemeral Diffie-Hellman cipher suites and will be selected from +the FFDHE set of RFC7919 according to the security level provided. + +@strong{Deprecated:} This function is unnecessary and discouraged on GnuTLS 3.6.0 +or later. Since 3.6.0, DH parameters are negotiated +following RFC7919. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.5.6 +@end deftypefun + +@subheading gnutls_psk_set_server_params_function +@anchor{gnutls_psk_set_server_params_function} +@deftypefun {void} {gnutls_psk_set_server_params_function} (gnutls_psk_server_credentials_t @var{res}, gnutls_params_function * @var{func}) +@var{res}: is a @code{gnutls_certificate_credentials_t} type + +@var{func}: is the function to be called + +This function will set a callback in order for the server to get +the Diffie-Hellman parameters for PSK authentication. The callback +should return @code{GNUTLS_E_SUCCESS} (0) on success. + +@strong{Deprecated:} This function is unnecessary and discouraged on GnuTLS 3.6.0 +or later. Since 3.6.0, DH parameters are negotiated +following RFC7919. +@end deftypefun + +@subheading gnutls_random_art +@anchor{gnutls_random_art} +@deftypefun {int} {gnutls_random_art} (gnutls_random_art_t @var{type}, const char * @var{key_type}, unsigned int @var{key_size}, void * @var{fpr}, size_t @var{fpr_size}, gnutls_datum_t * @var{art}) +@var{type}: The type of the random art (for now only @code{GNUTLS_RANDOM_ART_OPENSSH} is supported) + +@var{key_type}: The type of the key (RSA, DSA etc.) + +@var{key_size}: The size of the key in bits + +@var{fpr}: The fingerprint of the key + +@var{fpr_size}: The size of the fingerprint + +@var{art}: The returned random art + +This function will convert a given fingerprint to an "artistic" +image. The returned image is allocated using @code{gnutls_malloc()} , is +null-terminated but art->size will not account the terminating null. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise +an error code is returned. +@end deftypefun + +@subheading gnutls_range_split +@anchor{gnutls_range_split} +@deftypefun {int} {gnutls_range_split} (gnutls_session_t @var{session}, const gnutls_range_st * @var{orig}, gnutls_range_st * @var{next}, gnutls_range_st * @var{remainder}) +@var{session}: is a @code{gnutls_session_t} type + +@var{orig}: is the original range provided by the user + +@var{next}: is the returned range that can be conveyed in a TLS record + +@var{remainder}: is the returned remaining range + +This function should be used when it is required to hide the length +of very long data that cannot be directly provided to @code{gnutls_record_send_range()} . +In that case this function should be called with the desired length +hiding range in @code{orig} . The returned @code{next} value should then be used in +the next call to @code{gnutls_record_send_range()} with the partial data. +That process should be repeated until @code{remainder} is (0,0). + +@strong{Returns:} 0 in case splitting succeeds, non zero in case of error. +Note that @code{orig} is not changed, while the values of @code{next} and @code{remainder} are modified to store the resulting values. +@end deftypefun + +@subheading gnutls_reauth +@anchor{gnutls_reauth} +@deftypefun {int} {gnutls_reauth} (gnutls_session_t @var{session}, unsigned int @var{flags}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{flags}: must be zero + +This function performs the post-handshake authentication +for TLS 1.3. The post-handshake authentication is initiated by the server +by calling this function. Clients respond when @code{GNUTLS_E_REAUTH_REQUEST} +has been seen while receiving data. + +The non-fatal errors expected by this function are: +@code{GNUTLS_E_INTERRUPTED} , @code{GNUTLS_E_AGAIN} , as well as +@code{GNUTLS_E_GOT_APPLICATION_DATA} when called on server side. + +The former two interrupt the authentication procedure due to the transport +layer being interrupted, and the latter because there were pending data prior +to peer initiating the re-authentication. The server should read/process that +data as unauthenticated and retry calling @code{gnutls_reauth()} . + +When this function is called under TLS1.2 or earlier or the peer didn't +advertise post-handshake auth, it always fails with +@code{GNUTLS_E_INVALID_REQUEST} . The verification of the received peers certificate +is delegated to the session or credentials verification callbacks. A +server can check whether post handshake authentication is supported +by the client by checking the session flags with @code{gnutls_session_get_flags()} . + +Prior to calling this function in server side, the function +@code{gnutls_certificate_server_set_request()} must be called setting expectations +for the received certificate (request or require). If none are set +this function will return with @code{GNUTLS_E_INVALID_REQUEST} . + +Note that post handshake authentication is available irrespective +of the initial negotiation type (PSK or certificate). In all cases +however, certificate credentials must be set to the session prior +to calling this function. + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on a successful authentication, otherwise a negative error code. +@end deftypefun + +@subheading gnutls_record_can_use_length_hiding +@anchor{gnutls_record_can_use_length_hiding} +@deftypefun {unsigned} {gnutls_record_can_use_length_hiding} (gnutls_session_t @var{session}) +@var{session}: is a @code{gnutls_session_t} type. + +If the session supports length-hiding padding, you can +invoke @code{gnutls_record_send_range()} to send a message whose +length is hidden in the given range. If the session does not +support length hiding padding, you can use the standard +@code{gnutls_record_send()} function, or @code{gnutls_record_send_range()} +making sure that the range is the same as the length of the +message you are trying to send. + +@strong{Returns:} true (1) if the current session supports length-hiding +padding, false (0) if the current session does not. +@end deftypefun + +@subheading gnutls_record_check_corked +@anchor{gnutls_record_check_corked} +@deftypefun {size_t} {gnutls_record_check_corked} (gnutls_session_t @var{session}) +@var{session}: is a @code{gnutls_session_t} type. + +This function checks if there pending corked +data in the gnutls buffers --see @code{gnutls_record_cork()} . + +@strong{Returns:} Returns the size of the corked data or zero. + +@strong{Since:} 3.2.8 +@end deftypefun + +@subheading gnutls_record_check_pending +@anchor{gnutls_record_check_pending} +@deftypefun {size_t} {gnutls_record_check_pending} (gnutls_session_t @var{session}) +@var{session}: is a @code{gnutls_session_t} type. + +This function checks if there are unread data +in the gnutls buffers. If the return value is +non-zero the next call to @code{gnutls_record_recv()} +is guaranteed not to block. + +@strong{Returns:} Returns the size of the data or zero. +@end deftypefun + +@subheading gnutls_record_cork +@anchor{gnutls_record_cork} +@deftypefun {void} {gnutls_record_cork} (gnutls_session_t @var{session}) +@var{session}: is a @code{gnutls_session_t} type. + +If called, @code{gnutls_record_send()} will no longer send any records. +Any sent records will be cached until @code{gnutls_record_uncork()} is called. + +This function is safe to use with DTLS after GnuTLS 3.3.0. + +@strong{Since:} 3.1.9 +@end deftypefun + +@subheading gnutls_record_disable_padding +@anchor{gnutls_record_disable_padding} +@deftypefun {void} {gnutls_record_disable_padding} (gnutls_session_t @var{session}) +@var{session}: is a @code{gnutls_session_t} type. + +Used to disabled padding in TLS 1.0 and above. Normally you do not +need to use this function, but there are buggy clients that +complain if a server pads the encrypted data. This of course will +disable protection against statistical attacks on the data. + +This function is defunct since 3.1.7. Random padding is disabled +by default unless requested using @code{gnutls_record_send_range()} . +@end deftypefun + +@subheading gnutls_record_discard_queued +@anchor{gnutls_record_discard_queued} +@deftypefun {size_t} {gnutls_record_discard_queued} (gnutls_session_t @var{session}) +@var{session}: is a @code{gnutls_session_t} type. + +This function discards all queued to be sent packets in a TLS or DTLS session. +These are the packets queued after an interrupted @code{gnutls_record_send()} . + +@strong{Returns:} The number of bytes discarded. + +@strong{Since:} 3.4.0 +@end deftypefun + +@subheading gnutls_record_get_direction +@anchor{gnutls_record_get_direction} +@deftypefun {int} {gnutls_record_get_direction} (gnutls_session_t @var{session}) +@var{session}: is a @code{gnutls_session_t} type. + +This function is useful to determine whether a GnuTLS function was interrupted +while sending or receiving, so that @code{select()} or @code{poll()} may be called appropriately. + +It provides information about the internals of the record +protocol and is only useful if a prior gnutls function call, +e.g. @code{gnutls_handshake()} , was interrupted and returned +@code{GNUTLS_E_INTERRUPTED} or @code{GNUTLS_E_AGAIN} . After such an interrupt +applications may call @code{select()} or @code{poll()} before restoring the +interrupted GnuTLS function. + +This function's output is unreliable if you are using the same + @code{session} in different threads for sending and receiving. + +@strong{Returns:} 0 if interrupted while trying to read data, or 1 while trying to write data. +@end deftypefun + +@subheading gnutls_record_get_max_early_data_size +@anchor{gnutls_record_get_max_early_data_size} +@deftypefun {size_t} {gnutls_record_get_max_early_data_size} (gnutls_session_t @var{session}) +@var{session}: is a @code{gnutls_session_t} type. + +This function returns the maximum early data size in this connection. +This property can only be set to servers. The client may be +provided with the maximum allowed size through the "early_data" +extension of the NewSessionTicket handshake message. + +@strong{Returns:} The maximum early data size in this connection. + +@strong{Since:} 3.6.5 +@end deftypefun + +@subheading gnutls_record_get_max_size +@anchor{gnutls_record_get_max_size} +@deftypefun {size_t} {gnutls_record_get_max_size} (gnutls_session_t @var{session}) +@var{session}: is a @code{gnutls_session_t} type. + +Get the record size. The maximum record size is negotiated by the +client after the first handshake message. + +@strong{Returns:} The maximum record packet size in this connection. +@end deftypefun + +@subheading gnutls_record_get_state +@anchor{gnutls_record_get_state} +@deftypefun {int} {gnutls_record_get_state} (gnutls_session_t @var{session}, unsigned @var{read}, gnutls_datum_t * @var{mac_key}, gnutls_datum_t * @var{IV}, gnutls_datum_t * @var{cipher_key}, unsigned char [8] @var{seq_number}) +@var{session}: is a @code{gnutls_session_t} type + +@var{read}: if non-zero the read parameters are returned, otherwise the write + +@var{mac_key}: the key used for MAC (if a MAC is used) + +@var{IV}: the initialization vector or nonce used + +@var{cipher_key}: the cipher key + +@var{seq_number}: A 64-bit sequence number + +This function will return the parameters of the current record state. +These are only useful to be provided to an external off-loading device +or subsystem. The returned values should be considered constant +and valid for the lifetime of the session. + +In that case, to sync the state back you must call @code{gnutls_record_set_state()} . + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, or an error code. + +Since 3.4.0 +@end deftypefun + +@subheading gnutls_record_overhead_size +@anchor{gnutls_record_overhead_size} +@deftypefun {size_t} {gnutls_record_overhead_size} (gnutls_session_t @var{session}) +@var{session}: is @code{gnutls_session_t} + +This function will return the size in bytes of the overhead +due to TLS (or DTLS) per record. On certain occasions +(e.g., CBC ciphers) the returned value is the maximum +possible overhead. + +@strong{Since:} 3.2.2 +@end deftypefun + +@subheading gnutls_record_recv +@anchor{gnutls_record_recv} +@deftypefun {ssize_t} {gnutls_record_recv} (gnutls_session_t @var{session}, void * @var{data}, size_t @var{data_size}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{data}: the buffer that the data will be read into + +@var{data_size}: the number of requested bytes + +This function has the similar semantics with @code{recv()} . The only +difference is that it accepts a GnuTLS session, and uses different +error codes. +In the special case that the peer requests a renegotiation, the +caller will receive an error code of @code{GNUTLS_E_REHANDSHAKE} . In case +of a client, this message may be simply ignored, replied with an alert +@code{GNUTLS_A_NO_RENEGOTIATION} , or replied with a new handshake, +depending on the client's will. A server receiving this error code +can only initiate a new handshake or terminate the session. + +If @code{EINTR} is returned by the internal pull function (the default +is @code{recv()} ) then @code{GNUTLS_E_INTERRUPTED} will be returned. If +@code{GNUTLS_E_INTERRUPTED} or @code{GNUTLS_E_AGAIN} is returned, you must +call this function again to get the data. See also +@code{gnutls_record_get_direction()} . + +@strong{Returns:} The number of bytes received and zero on EOF (for stream +connections). A negative error code is returned in case of an error. +The number of bytes received might be less than the requested @code{data_size} . +@end deftypefun + +@subheading gnutls_record_recv_early_data +@anchor{gnutls_record_recv_early_data} +@deftypefun {ssize_t} {gnutls_record_recv_early_data} (gnutls_session_t @var{session}, void * @var{data}, size_t @var{data_size}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{data}: the buffer that the data will be read into + +@var{data_size}: the number of requested bytes + +This function can be used by a searver to retrieve data sent early +in the handshake processes when resuming a session. This is used +to implement a zero-roundtrip (0-RTT) mode. It has the same +semantics as @code{gnutls_record_recv()} . + +This function can be called either in a handshake hook, or after +the handshake is complete. + +@strong{Returns:} The number of bytes received and zero when early data +reading is complete. A negative error code is returned in case of +an error. If no early data is received during the handshake, this +function returns @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} . The +number of bytes received might be less than the requested + @code{data_size} . + +@strong{Since:} 3.6.5 +@end deftypefun + +@subheading gnutls_record_recv_packet +@anchor{gnutls_record_recv_packet} +@deftypefun {ssize_t} {gnutls_record_recv_packet} (gnutls_session_t @var{session}, gnutls_packet_t * @var{packet}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{packet}: the structure that will hold the packet data + +This is a lower-level function than @code{gnutls_record_recv()} and allows +to directly receive the whole decrypted packet. That avoids a +memory copy, and is intended to be used by applications seeking high +performance. + +The received packet is accessed using @code{gnutls_packet_get()} and +must be deinitialized using @code{gnutls_packet_deinit()} . The returned +packet will be @code{NULL} if the return value is zero (EOF). + +@strong{Returns:} The number of bytes received and zero on EOF (for stream +connections). A negative error code is returned in case of an error. + +@strong{Since:} 3.3.5 +@end deftypefun + +@subheading gnutls_record_recv_seq +@anchor{gnutls_record_recv_seq} +@deftypefun {ssize_t} {gnutls_record_recv_seq} (gnutls_session_t @var{session}, void * @var{data}, size_t @var{data_size}, unsigned char * @var{seq}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{data}: the buffer that the data will be read into + +@var{data_size}: the number of requested bytes + +@var{seq}: is the packet's 64-bit sequence number. Should have space for 8 bytes. + +This function is the same as @code{gnutls_record_recv()} , except that +it returns in addition to data, the sequence number of the data. +This is useful in DTLS where record packets might be received +out-of-order. The returned 8-byte sequence number is an +integer in big-endian format and should be +treated as a unique message identification. + +@strong{Returns:} The number of bytes received and zero on EOF. A negative +error code is returned in case of an error. The number of bytes +received might be less than @code{data_size} . + +@strong{Since:} 3.0 +@end deftypefun + +@subheading gnutls_record_send +@anchor{gnutls_record_send} +@deftypefun {ssize_t} {gnutls_record_send} (gnutls_session_t @var{session}, const void * @var{data}, size_t @var{data_size}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{data}: contains the data to send + +@var{data_size}: is the length of the data + +This function has the similar semantics with @code{send()} . The only +difference is that it accepts a GnuTLS session, and uses different +error codes. +Note that if the send buffer is full, @code{send()} will block this +function. See the @code{send()} documentation for more information. + +You can replace the default push function which is @code{send()} , by using +@code{gnutls_transport_set_push_function()} . + +If the EINTR is returned by the internal push function +then @code{GNUTLS_E_INTERRUPTED} will be returned. If +@code{GNUTLS_E_INTERRUPTED} or @code{GNUTLS_E_AGAIN} is returned, you must +call this function again, with the exact same parameters; alternatively +you could provide a @code{NULL} pointer for data, and 0 for +size. cf. @code{gnutls_record_get_direction()} . + +Note that in DTLS this function will return the @code{GNUTLS_E_LARGE_PACKET} +error code if the send data exceed the data MTU value - as returned +by @code{gnutls_dtls_get_data_mtu()} . The errno value EMSGSIZE +also maps to @code{GNUTLS_E_LARGE_PACKET} . +Note that since 3.2.13 this function can be called under cork in DTLS +mode, and will refuse to send data over the MTU size by returning +@code{GNUTLS_E_LARGE_PACKET} . + +@strong{Returns:} The number of bytes sent, or a negative error code. The +number of bytes sent might be less than @code{data_size} . The maximum +number of bytes this function can send in a single call depends +on the negotiated maximum record size. +@end deftypefun + +@subheading gnutls_record_send2 +@anchor{gnutls_record_send2} +@deftypefun {ssize_t} {gnutls_record_send2} (gnutls_session_t @var{session}, const void * @var{data}, size_t @var{data_size}, size_t @var{pad}, unsigned @var{flags}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{data}: contains the data to send + +@var{data_size}: is the length of the data + +@var{pad}: padding to be added to the record + +@var{flags}: must be zero + +This function is identical to @code{gnutls_record_send()} except that it +takes an extra argument to specify padding to be added the record. +To determine the maximum size of padding, use +@code{gnutls_record_get_max_size()} and @code{gnutls_record_overhead_size()} . + +Note that in order for GnuTLS to provide constant time processing +of padding and data in TLS1.3, the flag @code{GNUTLS_SAFE_PADDING_CHECK} +must be used in @code{gnutls_init()} . + +@strong{Returns:} The number of bytes sent, or a negative error code. The +number of bytes sent might be less than @code{data_size} . The maximum +number of bytes this function can send in a single call depends +on the negotiated maximum record size. + +@strong{Since:} 3.6.3 +@end deftypefun + +@subheading gnutls_record_send_early_data +@anchor{gnutls_record_send_early_data} +@deftypefun {ssize_t} {gnutls_record_send_early_data} (gnutls_session_t @var{session}, const void * @var{data}, size_t @var{data_size}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{data}: contains the data to send + +@var{data_size}: is the length of the data + +This function can be used by a client to send data early in the +handshake processes when resuming a session. This is used to +implement a zero-roundtrip (0-RTT) mode. It has the same semantics +as @code{gnutls_record_send()} . + +There may be a limit to the amount of data sent as early data. Use +@code{gnutls_record_get_max_early_data_size()} to check the limit. If the +limit exceeds, this function returns +@code{GNUTLS_E_RECORD_LIMIT_REACHED} . + +@strong{Returns:} The number of bytes sent, or a negative error code. The +number of bytes sent might be less than @code{data_size} . The maximum +number of bytes this function can send in a single call depends +on the negotiated maximum record size. + +@strong{Since:} 3.6.5 +@end deftypefun + +@subheading gnutls_record_send_range +@anchor{gnutls_record_send_range} +@deftypefun {ssize_t} {gnutls_record_send_range} (gnutls_session_t @var{session}, const void * @var{data}, size_t @var{data_size}, const gnutls_range_st * @var{range}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{data}: contains the data to send. + +@var{data_size}: is the length of the data. + +@var{range}: is the range of lengths in which the real data length must be hidden. + +This function operates like @code{gnutls_record_send()} but, while +@code{gnutls_record_send()} adds minimal padding to each TLS record, +this function uses the TLS extra-padding feature to conceal the real +data size within the range of lengths provided. +Some TLS sessions do not support extra padding (e.g. stream ciphers in standard +TLS or SSL3 sessions). To know whether the current session supports extra +padding, and hence length hiding, use the @code{gnutls_record_can_use_length_hiding()} +function. + +@strong{Note:} This function currently is limited to blocking sockets. + +@strong{Returns:} The number of bytes sent (that is data_size in a successful invocation), +or a negative error code. +@end deftypefun + +@subheading gnutls_record_set_max_early_data_size +@anchor{gnutls_record_set_max_early_data_size} +@deftypefun {int} {gnutls_record_set_max_early_data_size} (gnutls_session_t @var{session}, size_t @var{size}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{size}: is the new size + +This function sets the maximum early data size in this connection. +This property can only be set to servers. The client may be +provided with the maximum allowed size through the "early_data" +extension of the NewSessionTicket handshake message. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, +otherwise a negative error code is returned. + +@strong{Since:} 3.6.4 +@end deftypefun + +@subheading gnutls_record_set_max_recv_size +@anchor{gnutls_record_set_max_recv_size} +@deftypefun {ssize_t} {gnutls_record_set_max_recv_size} (gnutls_session_t @var{session}, size_t @var{size}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{size}: is the new size + +This function sets the maximum amount of plaintext received in a +record in this connection. + +The limit is also negotiated through a TLS extension called 'record +size limit'. Note that while the 'record size limit' extension is +preferred, not all TLS implementations use or even understand the +extension. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, +otherwise a negative error code is returned. + +@strong{Since:} 3.6.8 +@end deftypefun + +@subheading gnutls_record_set_max_size +@anchor{gnutls_record_set_max_size} +@deftypefun {ssize_t} {gnutls_record_set_max_size} (gnutls_session_t @var{session}, size_t @var{size}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{size}: is the new size + +This function sets the maximum amount of plaintext sent and +received in a record in this connection. + +Prior to 3.6.4, this function was implemented using a TLS extension +called 'max fragment length', which limits the acceptable values to +512(=2^9), 1024(=2^10), 2048(=2^11) and 4096(=2^12). + +Since 3.6.4, the limit is also negotiated through a new TLS +extension called 'record size limit', which doesn't have the +limitation, as long as the value ranges between 512 and 16384. +Note that while the 'record size limit' extension is preferred, not +all TLS implementations use or even understand the extension. + +@strong{Deprecated:} if the client can assume that the 'record size limit' +extension is supported by the server, we recommend using +@code{gnutls_record_set_max_recv_size()} instead. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, +otherwise a negative error code is returned. +@end deftypefun + +@subheading gnutls_record_set_state +@anchor{gnutls_record_set_state} +@deftypefun {int} {gnutls_record_set_state} (gnutls_session_t @var{session}, unsigned @var{read}, const unsigned char [8] @var{seq_number}) +@var{session}: is a @code{gnutls_session_t} type + +@var{read}: if non-zero the read parameters are returned, otherwise the write + +@var{seq_number}: A 64-bit sequence number + +This function will set the sequence number in the current record state. +This function is useful if sending and receiving are offloaded from +gnutls. That is, if @code{gnutls_record_get_state()} was used. + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, or an error code. + +Since 3.4.0 +@end deftypefun + +@subheading gnutls_record_set_timeout +@anchor{gnutls_record_set_timeout} +@deftypefun {void} {gnutls_record_set_timeout} (gnutls_session_t @var{session}, unsigned int @var{ms}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{ms}: is a timeout value in milliseconds + +This function sets the receive timeout for the record layer +to the provided value. Use an @code{ms} value of zero to disable +timeout (the default), or @code{GNUTLS_INDEFINITE_TIMEOUT} , to +set an indefinite timeout. + +This function requires to set a pull timeout callback. See +@code{gnutls_transport_set_pull_timeout_function()} . + +@strong{Since:} 3.1.7 +@end deftypefun + +@subheading gnutls_record_uncork +@anchor{gnutls_record_uncork} +@deftypefun {int} {gnutls_record_uncork} (gnutls_session_t @var{session}, unsigned int @var{flags}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{flags}: Could be zero or @code{GNUTLS_RECORD_WAIT} + +This resets the effect of @code{gnutls_record_cork()} , and flushes any pending +data. If the @code{GNUTLS_RECORD_WAIT} flag is specified then this +function will block until the data is sent or a fatal error +occurs (i.e., the function will retry on @code{GNUTLS_E_AGAIN} and +@code{GNUTLS_E_INTERRUPTED} ). + +If the flag @code{GNUTLS_RECORD_WAIT} is not specified and the function +is interrupted then the @code{GNUTLS_E_AGAIN} or @code{GNUTLS_E_INTERRUPTED} +errors will be returned. To obtain the data left in the corked +buffer use @code{gnutls_record_check_corked()} . + +@strong{Returns:} On success the number of transmitted data is returned, or +otherwise a negative error code. + +@strong{Since:} 3.1.9 +@end deftypefun + +@subheading gnutls_rehandshake +@anchor{gnutls_rehandshake} +@deftypefun {int} {gnutls_rehandshake} (gnutls_session_t @var{session}) +@var{session}: is a @code{gnutls_session_t} type. + +This function can only be called in server side, and +instructs a TLS 1.2 or earlier client to renegotiate +parameters (perform a handshake), by sending a +hello request message. + +If this function succeeds, the calling application +should call @code{gnutls_record_recv()} until @code{GNUTLS_E_REHANDSHAKE} +is returned to clear any pending data. If the @code{GNUTLS_E_REHANDSHAKE} +error code is not seen, then the handshake request was +not followed by the peer (the TLS protocol does not require +the client to do, and such compliance should be handled +by the application protocol). + +Once the @code{GNUTLS_E_REHANDSHAKE} error code is seen, the +calling application should proceed to calling +@code{gnutls_handshake()} to negotiate the new +parameters. + +If the client does not wish to renegotiate parameters he +may reply with an alert message, and in that case the return code seen +by subsequent @code{gnutls_record_recv()} will be +@code{GNUTLS_E_WARNING_ALERT_RECEIVED} with the specific alert being +@code{GNUTLS_A_NO_RENEGOTIATION} . A client may also choose to ignore +this request. + +Under TLS 1.3 this function is equivalent to @code{gnutls_session_key_update()} +with the @code{GNUTLS_KU_PEER} flag. In that case subsequent calls to +@code{gnutls_record_recv()} will not return @code{GNUTLS_E_REHANDSHAKE} , and +calls to @code{gnutls_handshake()} in server side are a no-op. + +This function always fails with @code{GNUTLS_E_INVALID_REQUEST} when +called in client side. + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, otherwise a negative error code. +@end deftypefun + +@subheading gnutls_safe_renegotiation_status +@anchor{gnutls_safe_renegotiation_status} +@deftypefun {unsigned} {gnutls_safe_renegotiation_status} (gnutls_session_t @var{session}) +@var{session}: is a @code{gnutls_session_t} type. + +Can be used to check whether safe renegotiation is being used +in the current session. + +@strong{Returns:} 0 when safe renegotiation is not used and non (0) when +safe renegotiation is used. + +@strong{Since:} 2.10.0 +@end deftypefun + +@subheading gnutls_sec_param_get_name +@anchor{gnutls_sec_param_get_name} +@deftypefun {const char *} {gnutls_sec_param_get_name} (gnutls_sec_param_t @var{param}) +@var{param}: is a security parameter + +Convert a @code{gnutls_sec_param_t} value to a string. + +@strong{Returns:} a pointer to a string that contains the name of the +specified security level, or @code{NULL} . + +@strong{Since:} 2.12.0 +@end deftypefun + +@subheading gnutls_sec_param_to_pk_bits +@anchor{gnutls_sec_param_to_pk_bits} +@deftypefun {unsigned int} {gnutls_sec_param_to_pk_bits} (gnutls_pk_algorithm_t @var{algo}, gnutls_sec_param_t @var{param}) +@var{algo}: is a public key algorithm + +@var{param}: is a security parameter + +When generating private and public key pairs a difficult question +is which size of "bits" the modulus will be in RSA and the group size +in DSA. The easy answer is 1024, which is also wrong. This function +will convert a human understandable security parameter to an +appropriate size for the specific algorithm. + +@strong{Returns:} The number of bits, or (0). + +@strong{Since:} 2.12.0 +@end deftypefun + +@subheading gnutls_sec_param_to_symmetric_bits +@anchor{gnutls_sec_param_to_symmetric_bits} +@deftypefun {unsigned int} {gnutls_sec_param_to_symmetric_bits} (gnutls_sec_param_t @var{param}) +@var{param}: is a security parameter + +This function will return the number of bits that correspond to +symmetric cipher strength for the given security parameter. + +@strong{Returns:} The number of bits, or (0). + +@strong{Since:} 3.3.0 +@end deftypefun + +@subheading gnutls_server_name_get +@anchor{gnutls_server_name_get} +@deftypefun {int} {gnutls_server_name_get} (gnutls_session_t @var{session}, void * @var{data}, size_t * @var{data_length}, unsigned int * @var{type}, unsigned int @var{indx}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{data}: will hold the data + +@var{data_length}: will hold the data length. Must hold the maximum size of data. + +@var{type}: will hold the server name indicator type + +@var{indx}: is the index of the server_name + +This function will allow you to get the name indication (if any), a +client has sent. The name indication may be any of the enumeration +gnutls_server_name_type_t. + +If @code{type} is GNUTLS_NAME_DNS, then this function is to be used by +servers that support virtual hosting, and the data will be a null +terminated IDNA ACE string (prior to GnuTLS 3.4.0 it was a UTF-8 string). + +If @code{data} has not enough size to hold the server name +GNUTLS_E_SHORT_MEMORY_BUFFER is returned, and @code{data_length} will +hold the required size. + + @code{indx} is used to retrieve more than one server names (if sent by +the client). The first server name has an index of 0, the second 1 +and so on. If no name with the given index exists +GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE is returned. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, on UTF-8 +decoding error @code{GNUTLS_E_IDNA_ERROR} is returned, otherwise a negative +error code is returned. +@end deftypefun + +@subheading gnutls_server_name_set +@anchor{gnutls_server_name_set} +@deftypefun {int} {gnutls_server_name_set} (gnutls_session_t @var{session}, gnutls_server_name_type_t @var{type}, const void * @var{name}, size_t @var{name_length}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{type}: specifies the indicator type + +@var{name}: is a string that contains the server name. + +@var{name_length}: holds the length of name excluding the terminating null byte + +This function is to be used by clients that want to inform (via a +TLS extension mechanism) the server of the name they connected to. +This should be used by clients that connect to servers that do +virtual hosting. + +The value of @code{name} depends on the @code{type} type. In case of +@code{GNUTLS_NAME_DNS} , a UTF-8 null-terminated domain name string, +without the trailing dot, is expected. + +IPv4 or IPv6 addresses are not permitted to be set by this function. +If the function is called with a name of @code{name_length} zero it will clear +all server names set. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, +otherwise a negative error code is returned. +@end deftypefun + +@subheading gnutls_session_channel_binding +@anchor{gnutls_session_channel_binding} +@deftypefun {int} {gnutls_session_channel_binding} (gnutls_session_t @var{session}, gnutls_channel_binding_t @var{cbtype}, gnutls_datum_t * @var{cb}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{cbtype}: an @code{gnutls_channel_binding_t} enumeration type + +@var{cb}: output buffer array with data + +Extract given channel binding data of the @code{cbtype} (e.g., +@code{GNUTLS_CB_TLS_UNIQUE} ) type. + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, +@code{GNUTLS_E_UNIMPLEMENTED_FEATURE} if the @code{cbtype} is unsupported, +@code{GNUTLS_E_CHANNEL_BINDING_NOT_AVAILABLE} if the data is not +currently available, or an error code. + +@strong{Since:} 2.12.0 +@end deftypefun + +@subheading gnutls_session_enable_compatibility_mode +@anchor{gnutls_session_enable_compatibility_mode} +@deftypefun {void} {gnutls_session_enable_compatibility_mode} (gnutls_session_t @var{session}) +@var{session}: is a @code{gnutls_session_t} type. + +This function can be used to disable certain (security) features in +TLS in order to maintain maximum compatibility with buggy +clients. Because several trade-offs with security are enabled, +if required they will be reported through the audit subsystem. + +Normally only servers that require maximum compatibility with +everything out there, need to call this function. + +Note that this function must be called after any call to gnutls_priority +functions. + +@strong{Since:} 2.1.4 +@end deftypefun + +@subheading gnutls_session_etm_status +@anchor{gnutls_session_etm_status} +@deftypefun {unsigned} {gnutls_session_etm_status} (gnutls_session_t @var{session}) +@var{session}: is a @code{gnutls_session_t} type. + +Get the status of the encrypt-then-mac extension negotiation. +This is in accordance to rfc7366 + +@strong{Returns:} Non-zero if the negotiation was successful or zero otherwise. +@end deftypefun + +@subheading gnutls_session_ext_master_secret_status +@anchor{gnutls_session_ext_master_secret_status} +@deftypefun {unsigned} {gnutls_session_ext_master_secret_status} (gnutls_session_t @var{session}) +@var{session}: is a @code{gnutls_session_t} type. + +Get the status of the extended master secret extension negotiation. +This is in accordance to RFC7627. That information is also +available to the more generic @code{gnutls_session_get_flags()} . + +@strong{Returns:} Non-zero if the negotiation was successful or zero otherwise. +@end deftypefun + +@subheading gnutls_session_ext_register +@anchor{gnutls_session_ext_register} +@deftypefun {int} {gnutls_session_ext_register} (gnutls_session_t @var{session}, const char * @var{name}, int @var{id}, gnutls_ext_parse_type_t @var{parse_type}, gnutls_ext_recv_func @var{recv_func}, gnutls_ext_send_func @var{send_func}, gnutls_ext_deinit_data_func @var{deinit_func}, gnutls_ext_pack_func @var{pack_func}, gnutls_ext_unpack_func @var{unpack_func}, unsigned @var{flags}) +@var{session}: the session for which this extension will be set + +@var{name}: the name of the extension to register + +@var{id}: the numeric id of the extension + +@var{parse_type}: the parse type of the extension (see gnutls_ext_parse_type_t) + +@var{recv_func}: a function to receive the data + +@var{send_func}: a function to send the data + +@var{deinit_func}: a function deinitialize any private data + +@var{pack_func}: a function which serializes the extension's private data (used on session packing for resumption) + +@var{unpack_func}: a function which will deserialize the extension's private data + +@var{flags}: must be zero or flags from @code{gnutls_ext_flags_t} + +This function will register a new extension type. The extension will be +only usable within the registered session. If the extension type +is already registered then @code{GNUTLS_E_ALREADY_REGISTERED} will be returned, +unless the flag @code{GNUTLS_EXT_FLAG_OVERRIDE_INTERNAL} is specified. The latter +flag when specified can be used to override certain extensions introduced +after 3.6.0. It is expected to be used by applications which handle +custom extensions that are not currently supported in GnuTLS, but direct +support for them may be added in the future. + +Each registered extension can store temporary data into the gnutls_session_t +structure using @code{gnutls_ext_set_data()} , and they can be retrieved using +@code{gnutls_ext_get_data()} . + +The validity of the extension registered can be given by the appropriate flags +of @code{gnutls_ext_flags_t} . If no validity is given, then the registered extension +will be valid for client and TLS1.2 server hello (or encrypted extensions for TLS1.3). + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, otherwise a negative error code. + +@strong{Since:} 3.5.5 +@end deftypefun + +@subheading gnutls_session_force_valid +@anchor{gnutls_session_force_valid} +@deftypefun {void} {gnutls_session_force_valid} (gnutls_session_t @var{session}) +@var{session}: is a @code{gnutls_session_t} type. + +Clears the invalid flag in a session. That means +that sessions were corrupt or invalid data were received +can be re-used. Use only when debugging or experimenting +with the TLS protocol. Should not be used in typical +applications. +@end deftypefun + +@subheading gnutls_session_get_data +@anchor{gnutls_session_get_data} +@deftypefun {int} {gnutls_session_get_data} (gnutls_session_t @var{session}, void * @var{session_data}, size_t * @var{session_data_size}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{session_data}: is a pointer to space to hold the session. + +@var{session_data_size}: is the session_data's size, or it will be set by the function. + +Returns all session parameters needed to be stored to support resumption, +in a pre-allocated buffer. + +See @code{gnutls_session_get_data2()} for more information. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise +an error code is returned. +@end deftypefun + +@subheading gnutls_session_get_data2 +@anchor{gnutls_session_get_data2} +@deftypefun {int} {gnutls_session_get_data2} (gnutls_session_t @var{session}, gnutls_datum_t * @var{data}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{data}: is a pointer to a datum that will hold the session. + +Returns necessary parameters to support resumption. The client +should call this function and store the returned session data. A session +can be resumed later by calling @code{gnutls_session_set_data()} with the returned +data. Note that under TLS 1.3, it is recommended for clients to use +session parameters only once, to prevent passive-observers from correlating +the different connections. + +The returned @code{data} are allocated and must be released using @code{gnutls_free()} . + +This function will fail if called prior to handshake completion. In +case of false start TLS, the handshake completes only after data have +been successfully received from the peer. + +Under TLS1.3 session resumption is possible only after a session ticket +is received by the client. To ensure that such a ticket has been received use +@code{gnutls_session_get_flags()} and check for flag @code{GNUTLS_SFLAGS_SESSION_TICKET} ; +if this flag is not set, this function will wait for a new ticket within +an estimated rountrip, and if not received will return dummy data which +cannot lead to resumption. + +To get notified when new tickets are received by the server +use @code{gnutls_handshake_set_hook_function()} to wait for @code{GNUTLS_HANDSHAKE_NEW_SESSION_TICKET} +messages. Each call of @code{gnutls_session_get_data2()} after a ticket is +received, will return session resumption data corresponding to the last +received ticket. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise +an error code is returned. +@end deftypefun + +@subheading gnutls_session_get_desc +@anchor{gnutls_session_get_desc} +@deftypefun {char *} {gnutls_session_get_desc} (gnutls_session_t @var{session}) +@var{session}: is a gnutls session + +This function returns a string describing the current session. +The string is null terminated and allocated using @code{gnutls_malloc()} . + +If initial negotiation is not complete when this function is called, +@code{NULL} will be returned. + +@strong{Returns:} a description of the protocols and algorithms in the current session. + +@strong{Since:} 3.1.10 +@end deftypefun + +@subheading gnutls_session_get_flags +@anchor{gnutls_session_get_flags} +@deftypefun {unsigned} {gnutls_session_get_flags} (gnutls_session_t @var{session}) +@var{session}: is a @code{gnutls_session_t} type. + +This function will return a series (ORed) of flags, applicable +for the current session. + +This replaces individual informational functions such as +@code{gnutls_safe_renegotiation_status()} , @code{gnutls_session_ext_master_secret_status()} , +etc. + +@strong{Returns:} An ORed sequence of flags (see @code{gnutls_session_flags_t} ) + +@strong{Since:} 3.5.0 +@end deftypefun + +@subheading gnutls_session_get_id +@anchor{gnutls_session_get_id} +@deftypefun {int} {gnutls_session_get_id} (gnutls_session_t @var{session}, void * @var{session_id}, size_t * @var{session_id_size}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{session_id}: is a pointer to space to hold the session id. + +@var{session_id_size}: initially should contain the maximum @code{session_id} size and will be updated. + +Returns the TLS session identifier. The session ID is selected by the +server, and in older versions of TLS was a unique identifier shared +between client and server which was persistent across resumption. +In the latest version of TLS (1.3) or TLS with session tickets, the +notion of session identifiers is undefined and cannot be relied for uniquely +identifying sessions across client and server. + +In client side this function returns the identifier returned by the +server, and cannot be assumed to have any relation to session resumption. +In server side this function is guaranteed to return a persistent +identifier of the session since GnuTLS 3.6.4, which may not necessarily +map into the TLS session ID value. Prior to that version the value +could only be considered a persistent identifier, under TLS1.2 or earlier +and when no session tickets were in use. + +The session identifier value returned is always less than +@code{GNUTLS_MAX_SESSION_ID_SIZE} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise +an error code is returned. +@end deftypefun + +@subheading gnutls_session_get_id2 +@anchor{gnutls_session_get_id2} +@deftypefun {int} {gnutls_session_get_id2} (gnutls_session_t @var{session}, gnutls_datum_t * @var{session_id}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{session_id}: will point to the session ID. + +Returns the TLS session identifier. The session ID is selected by the +server, and in older versions of TLS was a unique identifier shared +between client and server which was persistent across resumption. +In the latest version of TLS (1.3) or TLS 1.2 with session tickets, the +notion of session identifiers is undefined and cannot be relied for uniquely +identifying sessions across client and server. + +In client side this function returns the identifier returned by the +server, and cannot be assumed to have any relation to session resumption. +In server side this function is guaranteed to return a persistent +identifier of the session since GnuTLS 3.6.4, which may not necessarily +map into the TLS session ID value. Prior to that version the value +could only be considered a persistent identifier, under TLS1.2 or earlier +and when no session tickets were in use. + +The session identifier value returned is always less than +@code{GNUTLS_MAX_SESSION_ID_SIZE} and should be treated as constant. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise +an error code is returned. + +@strong{Since:} 3.1.4 +@end deftypefun + +@subheading gnutls_session_get_master_secret +@anchor{gnutls_session_get_master_secret} +@deftypefun {void} {gnutls_session_get_master_secret} (gnutls_session_t @var{session}, gnutls_datum_t * @var{secret}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{secret}: the session's master secret + +This function returns pointers to the master secret +used in the TLS session. The pointers are not to be modified or deallocated. + +This function is only applicable under TLS 1.2 or earlier versions. + +@strong{Since:} 3.5.0 +@end deftypefun + +@subheading gnutls_session_get_ptr +@anchor{gnutls_session_get_ptr} +@deftypefun {void *} {gnutls_session_get_ptr} (gnutls_session_t @var{session}) +@var{session}: is a @code{gnutls_session_t} type. + +Get user pointer for session. Useful in callbacks. This is the +pointer set with @code{gnutls_session_set_ptr()} . + +@strong{Returns:} the user given pointer from the session structure, or +@code{NULL} if it was never set. +@end deftypefun + +@subheading gnutls_session_get_random +@anchor{gnutls_session_get_random} +@deftypefun {void} {gnutls_session_get_random} (gnutls_session_t @var{session}, gnutls_datum_t * @var{client}, gnutls_datum_t * @var{server}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{client}: the client part of the random + +@var{server}: the server part of the random + +This function returns pointers to the client and server +random fields used in the TLS handshake. The pointers are +not to be modified or deallocated. + +If a client random value has not yet been established, the output +will be garbage. + +@strong{Since:} 3.0 +@end deftypefun + +@subheading gnutls_session_get_verify_cert_status +@anchor{gnutls_session_get_verify_cert_status} +@deftypefun {unsigned int} {gnutls_session_get_verify_cert_status} (gnutls_session_t @var{session}) +@var{session}: is a gnutls session + +This function returns the status of the verification when initiated +via auto-verification, i.e., by @code{gnutls_session_set_verify_cert2()} or +@code{gnutls_session_set_verify_cert()} . If no certificate verification +was occurred then the return value would be set to ((unsigned int)-1). + +The certificate verification status is the same as in @code{gnutls_certificate_verify_peers()} . + +@strong{Returns:} the certificate verification status. + +@strong{Since:} 3.4.6 +@end deftypefun + +@subheading gnutls_session_is_resumed +@anchor{gnutls_session_is_resumed} +@deftypefun {int} {gnutls_session_is_resumed} (gnutls_session_t @var{session}) +@var{session}: is a @code{gnutls_session_t} type. + +Checks whether session is resumed or not. This is functional +for both server and client side. + +@strong{Returns:} non zero if this session is resumed, or a zero if this is +a new session. +@end deftypefun + +@subheading gnutls_session_key_update +@anchor{gnutls_session_key_update} +@deftypefun {int} {gnutls_session_key_update} (gnutls_session_t @var{session}, unsigned @var{flags}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{flags}: zero of @code{GNUTLS_KU_PEER} + +This function will update/refresh the session keys when the +TLS protocol is 1.3 or better. The peer is notified of the +update by sending a message, so this function should be +treated similarly to @code{gnutls_record_send()} --i.e., it may +return @code{GNUTLS_E_AGAIN} or @code{GNUTLS_E_INTERRUPTED} . + +When this flag @code{GNUTLS_KU_PEER} is specified, this function +in addition to updating the local keys, will ask the peer to +refresh its keys too. + +If the negotiated version is not TLS 1.3 or better this +function will return @code{GNUTLS_E_INVALID_REQUEST} . + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, otherwise a negative error code. + +@strong{Since:} 3.6.3 +@end deftypefun + +@subheading gnutls_session_resumption_requested +@anchor{gnutls_session_resumption_requested} +@deftypefun {int} {gnutls_session_resumption_requested} (gnutls_session_t @var{session}) +@var{session}: is a @code{gnutls_session_t} type. + +Check whether the client has asked for session resumption. +This function is valid only on server side. + +@strong{Returns:} non zero if session resumption was asked, or a zero if not. +@end deftypefun + +@subheading gnutls_session_set_data +@anchor{gnutls_session_set_data} +@deftypefun {int} {gnutls_session_set_data} (gnutls_session_t @var{session}, const void * @var{session_data}, size_t @var{session_data_size}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{session_data}: is a pointer to space to hold the session. + +@var{session_data_size}: is the session's size + +Sets all session parameters, in order to resume a previously +established session. The session data given must be the one +returned by @code{gnutls_session_get_data()} . This function should be +called before @code{gnutls_handshake()} . + +Keep in mind that session resuming is advisory. The server may +choose not to resume the session, thus a full handshake will be +performed. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise +an error code is returned. +@end deftypefun + +@subheading gnutls_session_set_id +@anchor{gnutls_session_set_id} +@deftypefun {int} {gnutls_session_set_id} (gnutls_session_t @var{session}, const gnutls_datum_t * @var{sid}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{sid}: the session identifier + +This function sets the session ID to be used in a client hello. +This is a function intended for exceptional uses. Do not use this +function unless you are implementing a custom protocol. + +To set session resumption parameters use @code{gnutls_session_set_data()} instead. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise +an error code is returned. + +@strong{Since:} 3.2.1 +@end deftypefun + +@subheading gnutls_session_set_premaster +@anchor{gnutls_session_set_premaster} +@deftypefun {int} {gnutls_session_set_premaster} (gnutls_session_t @var{session}, unsigned int @var{entity}, gnutls_protocol_t @var{version}, gnutls_kx_algorithm_t @var{kx}, gnutls_cipher_algorithm_t @var{cipher}, gnutls_mac_algorithm_t @var{mac}, gnutls_compression_method_t @var{comp}, const gnutls_datum_t * @var{master}, const gnutls_datum_t * @var{session_id}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{entity}: GNUTLS_SERVER or GNUTLS_CLIENT + +@var{version}: the TLS protocol version + +@var{kx}: the key exchange method + +@var{cipher}: the cipher + +@var{mac}: the MAC algorithm + +@var{comp}: the compression method (ignored) + +@var{master}: the master key to use + +@var{session_id}: the session identifier + +This function sets the premaster secret in a session. This is +a function intended for exceptional uses. Do not use this +function unless you are implementing a legacy protocol. +Use @code{gnutls_session_set_data()} instead. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise +an error code is returned. +@end deftypefun + +@subheading gnutls_session_set_ptr +@anchor{gnutls_session_set_ptr} +@deftypefun {void} {gnutls_session_set_ptr} (gnutls_session_t @var{session}, void * @var{ptr}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{ptr}: is the user pointer + +This function will set (associate) the user given pointer @code{ptr} to +the session structure. This pointer can be accessed with +@code{gnutls_session_get_ptr()} . +@end deftypefun + +@subheading gnutls_session_set_verify_cert +@anchor{gnutls_session_set_verify_cert} +@deftypefun {void} {gnutls_session_set_verify_cert} (gnutls_session_t @var{session}, const char * @var{hostname}, unsigned @var{flags}) +@var{session}: is a gnutls session + +@var{hostname}: is the expected name of the peer; may be @code{NULL} + +@var{flags}: flags for certificate verification -- @code{gnutls_certificate_verify_flags} + +This function instructs GnuTLS to verify the peer's certificate +using the provided hostname. If the verification fails the handshake +will also fail with @code{GNUTLS_E_CERTIFICATE_VERIFICATION_ERROR} . In that +case the verification result can be obtained using @code{gnutls_session_get_verify_cert_status()} . + +The @code{hostname} pointer provided must remain valid for the lifetime +of the session. More precisely it should be available during any subsequent +handshakes. If no hostname is provided, no hostname verification +will be performed. For a more advanced verification function check +@code{gnutls_session_set_verify_cert2()} . + +If @code{flags} is provided which contain a profile, this function should be +called after any session priority setting functions. + +The @code{gnutls_session_set_verify_cert()} function is intended to be used by TLS +clients to verify the server's certificate. + +@strong{Since:} 3.4.6 +@end deftypefun + +@subheading gnutls_session_set_verify_cert2 +@anchor{gnutls_session_set_verify_cert2} +@deftypefun {void} {gnutls_session_set_verify_cert2} (gnutls_session_t @var{session}, gnutls_typed_vdata_st * @var{data}, unsigned @var{elements}, unsigned @var{flags}) +@var{session}: is a gnutls session + +@var{data}: an array of typed data + +@var{elements}: the number of data elements + +@var{flags}: flags for certificate verification -- @code{gnutls_certificate_verify_flags} + +This function instructs GnuTLS to verify the peer's certificate +using the provided typed data information. If the verification fails the handshake +will also fail with @code{GNUTLS_E_CERTIFICATE_VERIFICATION_ERROR} . In that +case the verification result can be obtained using @code{gnutls_session_get_verify_cert_status()} . + +The acceptable typed data are the same as in @code{gnutls_certificate_verify_peers()} , +and once set must remain valid for the lifetime of the session. More precisely +they should be available during any subsequent handshakes. + +If @code{flags} is provided which contain a profile, this function should be +called after any session priority setting functions. + +@strong{Since:} 3.4.6 +@end deftypefun + +@subheading gnutls_session_set_verify_function +@anchor{gnutls_session_set_verify_function} +@deftypefun {void} {gnutls_session_set_verify_function} (gnutls_session_t @var{session}, gnutls_certificate_verify_function * @var{func}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{func}: is the callback function + +This function sets a callback to be called when peer's certificate +has been received in order to verify it on receipt rather than +doing after the handshake is completed. This overrides any callback +set using @code{gnutls_certificate_set_verify_function()} . + +The callback's function prototype is: +int (*callback)(gnutls_session_t); + +If the callback function is provided then gnutls will call it, in the +handshake, just after the certificate message has been received. +To verify or obtain the certificate the @code{gnutls_certificate_verify_peers2()} , +@code{gnutls_certificate_type_get()} , @code{gnutls_certificate_get_peers()} functions +can be used. + +The callback function should return 0 for the handshake to continue +or non-zero to terminate. + +@strong{Since:} 3.4.6 +@end deftypefun + +@subheading gnutls_session_supplemental_register +@anchor{gnutls_session_supplemental_register} +@deftypefun {int} {gnutls_session_supplemental_register} (gnutls_session_t @var{session}, const char * @var{name}, gnutls_supplemental_data_format_type_t @var{type}, gnutls_supp_recv_func @var{recv_func}, gnutls_supp_send_func @var{send_func}, unsigned @var{flags}) +@var{session}: the session for which this will be registered + +@var{name}: the name of the supplemental data to register + +@var{type}: the type of the supplemental data format + +@var{recv_func}: the function to receive the data + +@var{send_func}: the function to send the data + +@var{flags}: must be zero + +This function will register a new supplemental data type (rfc4680). +The registered supplemental functions will be used for that specific +session. The provided @code{type} must be an unassigned type in +@code{gnutls_supplemental_data_format_type_t} . + +If the type is already registered or handled by GnuTLS internally +@code{GNUTLS_E_ALREADY_REGISTERED} will be returned. + +As supplemental data are not defined under TLS 1.3, this function will +disable TLS 1.3 support for the given session. + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, otherwise a negative error code. + +@strong{Since:} 3.5.5 +@end deftypefun + +@subheading gnutls_session_ticket_enable_client +@anchor{gnutls_session_ticket_enable_client} +@deftypefun {int} {gnutls_session_ticket_enable_client} (gnutls_session_t @var{session}) +@var{session}: is a @code{gnutls_session_t} type. + +Request that the client should attempt session resumption using +SessionTicket. This call is typically unnecessary as session +tickets are enabled by default. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, or an +error code. + +@strong{Since:} 2.10.0 +@end deftypefun + +@subheading gnutls_session_ticket_enable_server +@anchor{gnutls_session_ticket_enable_server} +@deftypefun {int} {gnutls_session_ticket_enable_server} (gnutls_session_t @var{session}, const gnutls_datum_t * @var{key}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{key}: key to encrypt session parameters. + +Request that the server should attempt session resumption using +session tickets, i.e., by delegating storage to the client. + @code{key} must be initialized using @code{gnutls_session_ticket_key_generate()} . +To avoid leaking that key, use @code{gnutls_memset()} prior to +releasing it. + +The default ticket expiration time can be overridden using +@code{gnutls_db_set_cache_expiration()} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, or an +error code. + +@strong{Since:} 2.10.0 +@end deftypefun + +@subheading gnutls_session_ticket_key_generate +@anchor{gnutls_session_ticket_key_generate} +@deftypefun {int} {gnutls_session_ticket_key_generate} (gnutls_datum_t * @var{key}) +@var{key}: is a pointer to a @code{gnutls_datum_t} which will contain a newly +created key. + +Generate a random key to encrypt security parameters within +SessionTicket. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, or an +error code. + +@strong{Since:} 2.10.0 +@end deftypefun + +@subheading gnutls_session_ticket_send +@anchor{gnutls_session_ticket_send} +@deftypefun {int} {gnutls_session_ticket_send} (gnutls_session_t @var{session}, unsigned @var{nr}, unsigned @var{flags}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{nr}: the number of tickets to send + +@var{flags}: must be zero + +Sends a fresh session ticket to the peer. This is relevant only +in server side under TLS1.3. This function may also return @code{GNUTLS_E_AGAIN} +or @code{GNUTLS_E_INTERRUPTED} and in that case it must be called again. + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, or a negative error code. +@end deftypefun + +@subheading gnutls_set_default_priority +@anchor{gnutls_set_default_priority} +@deftypefun {int} {gnutls_set_default_priority} (gnutls_session_t @var{session}) +@var{session}: is a @code{gnutls_session_t} type. + +Sets the default priority on the ciphers, key exchange methods, +and macs. This is the recommended method of +setting the defaults, in order to promote consistency between applications +using GnuTLS, and to allow GnuTLS using applications to update settings +in par with the library. For client applications which require +maximum compatibility consider calling @code{gnutls_session_enable_compatibility_mode()} +after this function. + +For an application to specify additional options to priority string +consider using @code{gnutls_set_default_priority_append()} . + +To allow a user to override the defaults (e.g., when a user interface +or configuration file is available), the functions +@code{gnutls_priority_set_direct()} or @code{gnutls_priority_set()} can +be used. + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, or an error code. + +@strong{Since:} 2.1.4 +@end deftypefun + +@subheading gnutls_set_default_priority_append +@anchor{gnutls_set_default_priority_append} +@deftypefun {int} {gnutls_set_default_priority_append} (gnutls_session_t @var{session}, const char * @var{add_prio}, const char ** @var{err_pos}, unsigned @var{flags}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{add_prio}: is a string describing priorities to be appended to default + +@var{err_pos}: In case of an error this will have the position in the string the error occurred + +@var{flags}: must be zero + +Sets the default priority on the ciphers, key exchange methods, +and macs with the additional options in @code{add_prio} . This is the recommended method of +setting the defaults when only few additional options are to be added. This promotes +consistency between applications using GnuTLS, and allows GnuTLS using applications +to update settings in par with the library. + +The @code{add_prio} string should start as a normal priority string, e.g., +'-VERS-TLS-ALL:+VERS-TLS1.3:%COMPAT' or '%FORCE_ETM'. That is, it must not start +with ':'. + +To allow a user to override the defaults (e.g., when a user interface +or configuration file is available), the functions +@code{gnutls_priority_set_direct()} or @code{gnutls_priority_set()} can +be used. + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, or an error code. + +@strong{Since:} 3.6.3 +@end deftypefun + +@subheading gnutls_sign_algorithm_get +@anchor{gnutls_sign_algorithm_get} +@deftypefun {int} {gnutls_sign_algorithm_get} (gnutls_session_t @var{session}) +@var{session}: is a @code{gnutls_session_t} type. + +Returns the signature algorithm that is (or will be) used in this +session by the server to sign data. This function should be +used only with TLS 1.2 or later. + +@strong{Returns:} The sign algorithm or @code{GNUTLS_SIGN_UNKNOWN} . + +@strong{Since:} 3.1.1 +@end deftypefun + +@subheading gnutls_sign_algorithm_get_client +@anchor{gnutls_sign_algorithm_get_client} +@deftypefun {int} {gnutls_sign_algorithm_get_client} (gnutls_session_t @var{session}) +@var{session}: is a @code{gnutls_session_t} type. + +Returns the signature algorithm that is (or will be) used in this +session by the client to sign data. This function should be +used only with TLS 1.2 or later. + +@strong{Returns:} The sign algorithm or @code{GNUTLS_SIGN_UNKNOWN} . + +@strong{Since:} 3.1.11 +@end deftypefun + +@subheading gnutls_sign_algorithm_get_requested +@anchor{gnutls_sign_algorithm_get_requested} +@deftypefun {int} {gnutls_sign_algorithm_get_requested} (gnutls_session_t @var{session}, size_t @var{indx}, gnutls_sign_algorithm_t * @var{algo}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{indx}: is an index of the signature algorithm to return + +@var{algo}: the returned certificate type will be stored there + +Returns the signature algorithm specified by index that was +requested by the peer. If the specified index has no data available +this function returns @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} . If +the negotiated TLS version does not support signature algorithms +then @code{GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE} will be returned even +for the first index. The first index is 0. + +This function is useful in the certificate callback functions +to assist in selecting the correct certificate. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise +an error code is returned. + +@strong{Since:} 2.10.0 +@end deftypefun + +@subheading gnutls_sign_get_hash_algorithm +@anchor{gnutls_sign_get_hash_algorithm} +@deftypefun {gnutls_digest_algorithm_t} {gnutls_sign_get_hash_algorithm} (gnutls_sign_algorithm_t @var{sign}) +@var{sign}: is a signature algorithm + +This function returns the digest algorithm corresponding to +the given signature algorithms. + +@strong{Since:} 3.1.1 + +@strong{Returns:} return a @code{gnutls_digest_algorithm_t} value, or @code{GNUTLS_DIG_UNKNOWN} on error. +@end deftypefun + +@subheading gnutls_sign_get_id +@anchor{gnutls_sign_get_id} +@deftypefun {gnutls_sign_algorithm_t} {gnutls_sign_get_id} (const char * @var{name}) +@var{name}: is a sign algorithm name + +The names are compared in a case insensitive way. + +@strong{Returns:} return a @code{gnutls_sign_algorithm_t} value corresponding to +the specified algorithm, or @code{GNUTLS_SIGN_UNKNOWN} on error. +@end deftypefun + +@subheading gnutls_sign_get_name +@anchor{gnutls_sign_get_name} +@deftypefun {const char *} {gnutls_sign_get_name} (gnutls_sign_algorithm_t @var{algorithm}) +@var{algorithm}: is a sign algorithm + +Convert a @code{gnutls_sign_algorithm_t} value to a string. + +@strong{Returns:} a string that contains the name of the specified sign +algorithm, or @code{NULL} . +@end deftypefun + +@subheading gnutls_sign_get_oid +@anchor{gnutls_sign_get_oid} +@deftypefun {const char *} {gnutls_sign_get_oid} (gnutls_sign_algorithm_t @var{sign}) +@var{sign}: is a sign algorithm + +Convert a @code{gnutls_sign_algorithm_t} value to its object identifier. + +@strong{Returns:} a string that contains the object identifier of the specified sign +algorithm, or @code{NULL} . + +@strong{Since:} 3.4.3 +@end deftypefun + +@subheading gnutls_sign_get_pk_algorithm +@anchor{gnutls_sign_get_pk_algorithm} +@deftypefun {gnutls_pk_algorithm_t} {gnutls_sign_get_pk_algorithm} (gnutls_sign_algorithm_t @var{sign}) +@var{sign}: is a signature algorithm + +This function returns the public key algorithm corresponding to +the given signature algorithms. Note that there may be multiple +public key algorithms supporting a particular signature type; +when dealing with such algorithms use instead @code{gnutls_sign_supports_pk_algorithm()} . + +@strong{Since:} 3.1.1 + +@strong{Returns:} return a @code{gnutls_pk_algorithm_t} value, or @code{GNUTLS_PK_UNKNOWN} on error. +@end deftypefun + +@subheading gnutls_sign_is_secure +@anchor{gnutls_sign_is_secure} +@deftypefun {unsigned} {gnutls_sign_is_secure} (gnutls_sign_algorithm_t @var{algorithm}) +@var{algorithm}: is a sign algorithm + + +@strong{Returns:} Non-zero if the provided signature algorithm is considered to be secure. +@end deftypefun + +@subheading gnutls_sign_is_secure2 +@anchor{gnutls_sign_is_secure2} +@deftypefun {unsigned} {gnutls_sign_is_secure2} (gnutls_sign_algorithm_t @var{algorithm}, unsigned int @var{flags}) +@var{algorithm}: is a sign algorithm + +@var{flags}: zero or @code{GNUTLS_SIGN_FLAG_SECURE_FOR_CERTS} + + +@strong{Returns:} Non-zero if the provided signature algorithm is considered to be secure. +@end deftypefun + +@subheading gnutls_sign_list +@anchor{gnutls_sign_list} +@deftypefun {const gnutls_sign_algorithm_t *} {gnutls_sign_list} ( @var{void}) + +Get a list of supported public key signature algorithms. +This function is not thread safe. + +@strong{Returns:} a (0)-terminated list of @code{gnutls_sign_algorithm_t} +integers indicating the available ciphers. +@end deftypefun + +@subheading gnutls_sign_supports_pk_algorithm +@anchor{gnutls_sign_supports_pk_algorithm} +@deftypefun {unsigned} {gnutls_sign_supports_pk_algorithm} (gnutls_sign_algorithm_t @var{sign}, gnutls_pk_algorithm_t @var{pk}) +@var{sign}: is a signature algorithm + +@var{pk}: is a public key algorithm + +This function returns non-zero if the public key algorithm corresponds to +the given signature algorithm. That is, if that signature can be generated +from the given private key algorithm. + +@strong{Since:} 3.6.0 + +@strong{Returns:} return non-zero when the provided algorithms are compatible. +@end deftypefun + +@subheading gnutls_srp_allocate_client_credentials +@anchor{gnutls_srp_allocate_client_credentials} +@deftypefun {int} {gnutls_srp_allocate_client_credentials} (gnutls_srp_client_credentials_t * @var{sc}) +@var{sc}: is a pointer to a @code{gnutls_srp_server_credentials_t} type. + +Allocate a gnutls_srp_client_credentials_t structure. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, or an +error code. +@end deftypefun + +@subheading gnutls_srp_allocate_server_credentials +@anchor{gnutls_srp_allocate_server_credentials} +@deftypefun {int} {gnutls_srp_allocate_server_credentials} (gnutls_srp_server_credentials_t * @var{sc}) +@var{sc}: is a pointer to a @code{gnutls_srp_server_credentials_t} type. + +Allocate a gnutls_srp_server_credentials_t structure. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, or an +error code. +@end deftypefun + +@subheading gnutls_srp_base64_decode +@anchor{gnutls_srp_base64_decode} +@deftypefun {int} {gnutls_srp_base64_decode} (const gnutls_datum_t * @var{b64_data}, char * @var{result}, size_t * @var{result_size}) +@var{b64_data}: contain the encoded data + +@var{result}: the place where decoded data will be copied + +@var{result_size}: holds the size of the result + +This function will decode the given encoded data, using the base64 +encoding found in libsrp. + +Note that @code{b64_data} should be null terminated. + +Warning! This base64 encoding is not the "standard" encoding, so +do not use it for non-SRP purposes. + +@strong{Returns:} @code{GNUTLS_E_SHORT_MEMORY_BUFFER} if the buffer given is not +long enough, or 0 on success. +@end deftypefun + +@subheading gnutls_srp_base64_decode2 +@anchor{gnutls_srp_base64_decode2} +@deftypefun {int} {gnutls_srp_base64_decode2} (const gnutls_datum_t * @var{b64_data}, gnutls_datum_t * @var{result}) +@var{b64_data}: contains the encoded data + +@var{result}: the place where decoded data lie + +This function will decode the given encoded data. The decoded data +will be allocated, and stored into result. It will decode using +the base64 algorithm as used in libsrp. + +You should use @code{gnutls_free()} to free the returned data. + +Warning! This base64 encoding is not the "standard" encoding, so +do not use it for non-SRP purposes. + +@strong{Returns:} 0 on success, or an error code. +@end deftypefun + +@subheading gnutls_srp_base64_encode +@anchor{gnutls_srp_base64_encode} +@deftypefun {int} {gnutls_srp_base64_encode} (const gnutls_datum_t * @var{data}, char * @var{result}, size_t * @var{result_size}) +@var{data}: contain the raw data + +@var{result}: the place where base64 data will be copied + +@var{result_size}: holds the size of the result + +This function will convert the given data to printable data, using +the base64 encoding, as used in the libsrp. This is the encoding +used in SRP password files. If the provided buffer is not long +enough GNUTLS_E_SHORT_MEMORY_BUFFER is returned. + +Warning! This base64 encoding is not the "standard" encoding, so +do not use it for non-SRP purposes. + +@strong{Returns:} @code{GNUTLS_E_SHORT_MEMORY_BUFFER} if the buffer given is not +long enough, or 0 on success. +@end deftypefun + +@subheading gnutls_srp_base64_encode2 +@anchor{gnutls_srp_base64_encode2} +@deftypefun {int} {gnutls_srp_base64_encode2} (const gnutls_datum_t * @var{data}, gnutls_datum_t * @var{result}) +@var{data}: contains the raw data + +@var{result}: will hold the newly allocated encoded data + +This function will convert the given data to printable data, using +the base64 encoding. This is the encoding used in SRP password +files. This function will allocate the required memory to hold +the encoded data. + +You should use @code{gnutls_free()} to free the returned data. + +Warning! This base64 encoding is not the "standard" encoding, so +do not use it for non-SRP purposes. + +@strong{Returns:} 0 on success, or an error code. +@end deftypefun + +@subheading gnutls_srp_free_client_credentials +@anchor{gnutls_srp_free_client_credentials} +@deftypefun {void} {gnutls_srp_free_client_credentials} (gnutls_srp_client_credentials_t @var{sc}) +@var{sc}: is a @code{gnutls_srp_client_credentials_t} type. + +Free a gnutls_srp_client_credentials_t structure. +@end deftypefun + +@subheading gnutls_srp_free_server_credentials +@anchor{gnutls_srp_free_server_credentials} +@deftypefun {void} {gnutls_srp_free_server_credentials} (gnutls_srp_server_credentials_t @var{sc}) +@var{sc}: is a @code{gnutls_srp_server_credentials_t} type. + +Free a gnutls_srp_server_credentials_t structure. +@end deftypefun + +@subheading gnutls_srp_server_get_username +@anchor{gnutls_srp_server_get_username} +@deftypefun {const char *} {gnutls_srp_server_get_username} (gnutls_session_t @var{session}) +@var{session}: is a gnutls session + +This function will return the username of the peer. This should +only be called in case of SRP authentication and in case of a +server. Returns NULL in case of an error. + +@strong{Returns:} SRP username of the peer, or NULL in case of error. +@end deftypefun + +@subheading gnutls_srp_set_client_credentials +@anchor{gnutls_srp_set_client_credentials} +@deftypefun {int} {gnutls_srp_set_client_credentials} (gnutls_srp_client_credentials_t @var{res}, const char * @var{username}, const char * @var{password}) +@var{res}: is a @code{gnutls_srp_client_credentials_t} type. + +@var{username}: is the user's userid + +@var{password}: is the user's password + +This function sets the username and password, in a +@code{gnutls_srp_client_credentials_t} type. Those will be used in +SRP authentication. @code{username} should be an ASCII string or UTF-8 +string. In case of a UTF-8 string it is recommended to be following +the PRECIS framework for usernames (rfc8265). The password can +be in ASCII format, or normalized using @code{gnutls_utf8_password_normalize()} . + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, or an +error code. +@end deftypefun + +@subheading gnutls_srp_set_client_credentials_function +@anchor{gnutls_srp_set_client_credentials_function} +@deftypefun {void} {gnutls_srp_set_client_credentials_function} (gnutls_srp_client_credentials_t @var{cred}, gnutls_srp_client_credentials_function * @var{func}) +@var{cred}: is a @code{gnutls_srp_server_credentials_t} type. + +@var{func}: is the callback function + +This function can be used to set a callback to retrieve the +username and password for client SRP authentication. The +callback's function form is: + +int (*callback)(gnutls_session_t, char** username, char**password); + +The @code{username} and @code{password} must be allocated using +@code{gnutls_malloc()} . + +The @code{username} should be an ASCII string or UTF-8 +string. In case of a UTF-8 string it is recommended to be following +the PRECIS framework for usernames (rfc8265). The password can +be in ASCII format, or normalized using @code{gnutls_utf8_password_normalize()} . + +The callback function will be called once per handshake before the +initial hello message is sent. + +The callback should not return a negative error code the second +time called, since the handshake procedure will be aborted. + +The callback function should return 0 on success. +-1 indicates an error. +@end deftypefun + +@subheading gnutls_srp_set_prime_bits +@anchor{gnutls_srp_set_prime_bits} +@deftypefun {void} {gnutls_srp_set_prime_bits} (gnutls_session_t @var{session}, unsigned int @var{bits}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{bits}: is the number of bits + +This function sets the minimum accepted number of bits, for use in +an SRP key exchange. If zero, the default 2048 bits will be used. + +In the client side it sets the minimum accepted number of bits. If +a server sends a prime with less bits than that +@code{GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER} will be returned by the +handshake. + +This function has no effect in server side. + +@strong{Since:} 2.6.0 +@end deftypefun + +@subheading gnutls_srp_set_server_credentials_file +@anchor{gnutls_srp_set_server_credentials_file} +@deftypefun {int} {gnutls_srp_set_server_credentials_file} (gnutls_srp_server_credentials_t @var{res}, const char * @var{password_file}, const char * @var{password_conf_file}) +@var{res}: is a @code{gnutls_srp_server_credentials_t} type. + +@var{password_file}: is the SRP password file (tpasswd) + +@var{password_conf_file}: is the SRP password conf file (tpasswd.conf) + +This function sets the password files, in a +@code{gnutls_srp_server_credentials_t} type. Those password files +hold usernames and verifiers and will be used for SRP +authentication. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, or an +error code. +@end deftypefun + +@subheading gnutls_srp_set_server_credentials_function +@anchor{gnutls_srp_set_server_credentials_function} +@deftypefun {void} {gnutls_srp_set_server_credentials_function} (gnutls_srp_server_credentials_t @var{cred}, gnutls_srp_server_credentials_function * @var{func}) +@var{cred}: is a @code{gnutls_srp_server_credentials_t} type. + +@var{func}: is the callback function + +This function can be used to set a callback to retrieve the user's +SRP credentials. The callback's function form is: + +int (*callback)(gnutls_session_t, const char* username, +gnutls_datum_t *salt, gnutls_datum_t *verifier, gnutls_datum_t *generator, +gnutls_datum_t *prime); + + @code{username} contains the actual username. +The @code{salt} , @code{verifier} , @code{generator} and @code{prime} must be filled +in using the @code{gnutls_malloc()} . For convenience @code{prime} and @code{generator} may also be one of the static parameters defined in gnutls.h. + +Initially, the data field is NULL in every @code{gnutls_datum_t} +structure that the callback has to fill in. When the +callback is done GnuTLS deallocates all of those buffers +which are non-NULL, regardless of the return value. + +In order to prevent attackers from guessing valid usernames, +if a user does not exist, g and n values should be filled in +using a random user's parameters. In that case the callback must +return the special value (1). +See @code{gnutls_srp_set_server_fake_salt_seed} too. +If this is not required for your application, return a negative +number from the callback to abort the handshake. + +The callback function will only be called once per handshake. +The callback function should return 0 on success, while +-1 indicates an error. +@end deftypefun + +@subheading gnutls_srp_set_server_fake_salt_seed +@anchor{gnutls_srp_set_server_fake_salt_seed} +@deftypefun {void} {gnutls_srp_set_server_fake_salt_seed} (gnutls_srp_server_credentials_t @var{cred}, const gnutls_datum_t * @var{seed}, unsigned int @var{salt_length}) +@var{cred}: is a @code{gnutls_srp_server_credentials_t} type + +@var{seed}: is the seed data, only needs to be valid until the function +returns; size of the seed must be greater than zero + +@var{salt_length}: is the length of the generated fake salts + +This function sets the seed that is used to generate salts for +invalid (non-existent) usernames. + +In order to prevent attackers from guessing valid usernames, +when a user does not exist gnutls generates a salt and a verifier +and proceeds with the protocol as usual. +The authentication will ultimately fail, but the client cannot tell +whether the username is valid (exists) or invalid. + +If an attacker learns the seed, given a salt (which is part of the +handshake) which was generated when the seed was in use, it can tell +whether or not the authentication failed because of an unknown username. +This seed cannot be used to reveal application data or passwords. + + @code{salt_length} should represent the salt length your application uses. +Generating fake salts longer than 20 bytes is not supported. + +By default the seed is a random value, different each time a +@code{gnutls_srp_server_credentials_t} is allocated and fake salts are +16 bytes long. + +@strong{Since:} 3.3.0 +@end deftypefun + +@subheading gnutls_srp_verifier +@anchor{gnutls_srp_verifier} +@deftypefun {int} {gnutls_srp_verifier} (const char * @var{username}, const char * @var{password}, const gnutls_datum_t * @var{salt}, const gnutls_datum_t * @var{generator}, const gnutls_datum_t * @var{prime}, gnutls_datum_t * @var{res}) +@var{username}: is the user's name + +@var{password}: is the user's password + +@var{salt}: should be some randomly generated bytes + +@var{generator}: is the generator of the group + +@var{prime}: is the group's prime + +@var{res}: where the verifier will be stored. + +This function will create an SRP verifier, as specified in +RFC2945. The @code{prime} and @code{generator} should be one of the static +parameters defined in gnutls/gnutls.h or may be generated. + +The verifier will be allocated with @code{gnutls_malloc} () and will be stored in + @code{res} using binary format. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, or an +error code. +@end deftypefun + +@subheading gnutls_srtp_get_keys +@anchor{gnutls_srtp_get_keys} +@deftypefun {int} {gnutls_srtp_get_keys} (gnutls_session_t @var{session}, void * @var{key_material}, unsigned int @var{key_material_size}, gnutls_datum_t * @var{client_key}, gnutls_datum_t * @var{client_salt}, gnutls_datum_t * @var{server_key}, gnutls_datum_t * @var{server_salt}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{key_material}: Space to hold the generated key material + +@var{key_material_size}: The maximum size of the key material + +@var{client_key}: The master client write key, pointing inside the key material + +@var{client_salt}: The master client write salt, pointing inside the key material + +@var{server_key}: The master server write key, pointing inside the key material + +@var{server_salt}: The master server write salt, pointing inside the key material + +This is a helper function to generate the keying material for SRTP. +It requires the space of the key material to be pre-allocated (should be at least +2x the maximum key size and salt size). The @code{client_key} , @code{client_salt} , @code{server_key} and @code{server_salt} are convenience datums that point inside the key material. They may +be @code{NULL} . + +@strong{Returns:} On success the size of the key material is returned, +otherwise, @code{GNUTLS_E_SHORT_MEMORY_BUFFER} if the buffer given is not +sufficient, or a negative error code. + +Since 3.1.4 +@end deftypefun + +@subheading gnutls_srtp_get_mki +@anchor{gnutls_srtp_get_mki} +@deftypefun {int} {gnutls_srtp_get_mki} (gnutls_session_t @var{session}, gnutls_datum_t * @var{mki}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{mki}: will hold the MKI + +This function exports the negotiated Master Key Identifier, +received by the peer if any. The returned value in @code{mki} should be +treated as constant and valid only during the session's lifetime. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, +otherwise a negative error code is returned. + +Since 3.1.4 +@end deftypefun + +@subheading gnutls_srtp_get_profile_id +@anchor{gnutls_srtp_get_profile_id} +@deftypefun {int} {gnutls_srtp_get_profile_id} (const char * @var{name}, gnutls_srtp_profile_t * @var{profile}) +@var{name}: The name of the profile to look up + +@var{profile}: Will hold the profile id + +This function allows you to look up a profile based on a string. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, +otherwise a negative error code is returned. + +Since 3.1.4 +@end deftypefun + +@subheading gnutls_srtp_get_profile_name +@anchor{gnutls_srtp_get_profile_name} +@deftypefun {const char *} {gnutls_srtp_get_profile_name} (gnutls_srtp_profile_t @var{profile}) +@var{profile}: The profile to look up a string for + +This function allows you to get the corresponding name for a +SRTP protection profile. + +@strong{Returns:} On success, the name of a SRTP profile as a string, +otherwise NULL. + +Since 3.1.4 +@end deftypefun + +@subheading gnutls_srtp_get_selected_profile +@anchor{gnutls_srtp_get_selected_profile} +@deftypefun {int} {gnutls_srtp_get_selected_profile} (gnutls_session_t @var{session}, gnutls_srtp_profile_t * @var{profile}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{profile}: will hold the profile + +This function allows you to get the negotiated SRTP profile. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, +otherwise a negative error code is returned. + +Since 3.1.4 +@end deftypefun + +@subheading gnutls_srtp_set_mki +@anchor{gnutls_srtp_set_mki} +@deftypefun {int} {gnutls_srtp_set_mki} (gnutls_session_t @var{session}, const gnutls_datum_t * @var{mki}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{mki}: holds the MKI + +This function sets the Master Key Identifier, to be +used by this session (if any). + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, +otherwise a negative error code is returned. + +Since 3.1.4 +@end deftypefun + +@subheading gnutls_srtp_set_profile +@anchor{gnutls_srtp_set_profile} +@deftypefun {int} {gnutls_srtp_set_profile} (gnutls_session_t @var{session}, gnutls_srtp_profile_t @var{profile}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{profile}: is the profile id to add. + +This function is to be used by both clients and servers, to declare +what SRTP profiles they support, to negotiate with the peer. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, +otherwise a negative error code is returned. + +Since 3.1.4 +@end deftypefun + +@subheading gnutls_srtp_set_profile_direct +@anchor{gnutls_srtp_set_profile_direct} +@deftypefun {int} {gnutls_srtp_set_profile_direct} (gnutls_session_t @var{session}, const char * @var{profiles}, const char ** @var{err_pos}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{profiles}: is a string that contains the supported SRTP profiles, +separated by colons. + +@var{err_pos}: In case of an error this will have the position in the string the error occurred, may be NULL. + +This function is to be used by both clients and servers, to declare +what SRTP profiles they support, to negotiate with the peer. + +@strong{Returns:} On syntax error @code{GNUTLS_E_INVALID_REQUEST} is returned, +@code{GNUTLS_E_SUCCESS} on success, or an error code. + +Since 3.1.4 +@end deftypefun + +@subheading gnutls_store_commitment +@anchor{gnutls_store_commitment} +@deftypefun {int} {gnutls_store_commitment} (const char * @var{db_name}, gnutls_tdb_t @var{tdb}, const char * @var{host}, const char * @var{service}, gnutls_digest_algorithm_t @var{hash_algo}, const gnutls_datum_t * @var{hash}, time_t @var{expiration}, unsigned int @var{flags}) +@var{db_name}: A file specifying the stored keys (use NULL for the default) + +@var{tdb}: A storage structure or NULL to use the default + +@var{host}: The peer's name + +@var{service}: non-NULL if this key is specific to a service (e.g. http) + +@var{hash_algo}: The hash algorithm type + +@var{hash}: The raw hash + +@var{expiration}: The expiration time (use 0 to disable expiration) + +@var{flags}: should be 0 or @code{GNUTLS_SCOMMIT_FLAG_ALLOW_BROKEN} . + +This function will store the provided hash commitment to +the list of stored public keys. The key with the given +hash will be considered valid until the provided expiration time. + +The @code{tdb} variable if non-null specifies a custom backend for +the storage of entries. If it is NULL then the +default file backend will be used. + +Note that this function is not thread safe with the default backend. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.0 +@end deftypefun + +@subheading gnutls_store_pubkey +@anchor{gnutls_store_pubkey} +@deftypefun {int} {gnutls_store_pubkey} (const char * @var{db_name}, gnutls_tdb_t @var{tdb}, const char * @var{host}, const char * @var{service}, gnutls_certificate_type_t @var{cert_type}, const gnutls_datum_t * @var{cert}, time_t @var{expiration}, unsigned int @var{flags}) +@var{db_name}: A file specifying the stored keys (use NULL for the default) + +@var{tdb}: A storage structure or NULL to use the default + +@var{host}: The peer's name + +@var{service}: non-NULL if this key is specific to a service (e.g. http) + +@var{cert_type}: The type of the certificate + +@var{cert}: The data of the certificate + +@var{expiration}: The expiration time (use 0 to disable expiration) + +@var{flags}: should be 0. + +This function will store a raw public-key or a public-key provided via +a raw (DER-encoded) certificate to the list of stored public keys. The key +will be considered valid until the provided expiration time. + +The @code{tdb} variable if non-null specifies a custom backend for +the storage of entries. If it is NULL then the +default file backend will be used. + +Unless an alternative @code{tdb} is provided, the storage format is a textual format +consisting of a line for each host with fields separated by '|'. The contents of +the fields are a format-identifier which is set to 'g0', the hostname that the +rest of the data applies to, the numeric port or host name, the expiration +time in seconds since the epoch (0 for no expiration), and a base64 +encoding of the raw (DER) public key information (SPKI) of the peer. + +As of GnuTLS 3.6.6 this function also accepts raw public keys. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. + +@strong{Since:} 3.0.13 +@end deftypefun + +@subheading gnutls_strerror +@anchor{gnutls_strerror} +@deftypefun {const char *} {gnutls_strerror} (int @var{error}) +@var{error}: is a GnuTLS error code, a negative error code + +This function is similar to strerror. The difference is that it +accepts an error number returned by a gnutls function; In case of +an unknown error a descriptive string is sent instead of @code{NULL} . + +Error codes are always a negative error code. + +@strong{Returns:} A string explaining the GnuTLS error message. +@end deftypefun + +@subheading gnutls_strerror_name +@anchor{gnutls_strerror_name} +@deftypefun {const char *} {gnutls_strerror_name} (int @var{error}) +@var{error}: is an error returned by a gnutls function. + +Return the GnuTLS error code define as a string. For example, +gnutls_strerror_name (GNUTLS_E_DH_PRIME_UNACCEPTABLE) will return +the string "GNUTLS_E_DH_PRIME_UNACCEPTABLE". + +@strong{Returns:} A string corresponding to the symbol name of the error +code. + +@strong{Since:} 2.6.0 +@end deftypefun + +@subheading gnutls_supplemental_get_name +@anchor{gnutls_supplemental_get_name} +@deftypefun {const char *} {gnutls_supplemental_get_name} (gnutls_supplemental_data_format_type_t @var{type}) +@var{type}: is a supplemental data format type + +Convert a @code{gnutls_supplemental_data_format_type_t} value to a +string. + +@strong{Returns:} a string that contains the name of the specified +supplemental data format type, or @code{NULL} for unknown types. +@end deftypefun + +@subheading gnutls_supplemental_recv +@anchor{gnutls_supplemental_recv} +@deftypefun {void} {gnutls_supplemental_recv} (gnutls_session_t @var{session}, unsigned @var{do_recv_supplemental}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{do_recv_supplemental}: non-zero in order to expect supplemental data + +This function is to be called by an extension handler to +instruct gnutls to attempt to receive supplemental data +during the handshake process. + +@strong{Since:} 3.4.0 +@end deftypefun + +@subheading gnutls_supplemental_register +@anchor{gnutls_supplemental_register} +@deftypefun {int} {gnutls_supplemental_register} (const char * @var{name}, gnutls_supplemental_data_format_type_t @var{type}, gnutls_supp_recv_func @var{recv_func}, gnutls_supp_send_func @var{send_func}) +@var{name}: the name of the supplemental data to register + +@var{type}: the type of the supplemental data format + +@var{recv_func}: the function to receive the data + +@var{send_func}: the function to send the data + +This function will register a new supplemental data type (rfc4680). +The registered data will remain until @code{gnutls_global_deinit()} +is called. The provided @code{type} must be an unassigned type in +@code{gnutls_supplemental_data_format_type_t} . If the type is already +registered or handled by GnuTLS internally @code{GNUTLS_E_ALREADY_REGISTERED} +will be returned. + +This function is not thread safe. As supplemental data are not defined under +TLS 1.3, this function will disable TLS 1.3 support globally. + +@strong{Returns:} @code{GNUTLS_E_SUCCESS} on success, otherwise a negative error code. + +@strong{Since:} 3.4.0 +@end deftypefun + +@subheading gnutls_supplemental_send +@anchor{gnutls_supplemental_send} +@deftypefun {void} {gnutls_supplemental_send} (gnutls_session_t @var{session}, unsigned @var{do_send_supplemental}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{do_send_supplemental}: non-zero in order to send supplemental data + +This function is to be called by an extension handler to +instruct gnutls to send supplemental data during the handshake process. + +@strong{Since:} 3.4.0 +@end deftypefun + +@subheading gnutls_system_recv_timeout +@anchor{gnutls_system_recv_timeout} +@deftypefun {int} {gnutls_system_recv_timeout} (gnutls_transport_ptr_t @var{ptr}, unsigned int @var{ms}) +@var{ptr}: A file descriptor (wrapped in a gnutls_transport_ptr_t pointer) + +@var{ms}: The number of milliseconds to wait. + +Wait for data to be received from the provided socket ( @code{ptr} ) within a +timeout period in milliseconds, using @code{select()} on the provided @code{ptr} . + +This function is provided as a helper for constructing custom +callbacks for @code{gnutls_transport_set_pull_timeout_function()} , +which can be used if you rely on socket file descriptors. + +Returns -1 on error, 0 on timeout, positive value if data are available for reading. + +@strong{Since:} 3.4.0 +@end deftypefun + +@subheading gnutls_tdb_deinit +@anchor{gnutls_tdb_deinit} +@deftypefun {void} {gnutls_tdb_deinit} (gnutls_tdb_t @var{tdb}) +@var{tdb}: The structure to be deinitialized + +This function will deinitialize a public key trust storage structure. +@end deftypefun + +@subheading gnutls_tdb_init +@anchor{gnutls_tdb_init} +@deftypefun {int} {gnutls_tdb_init} (gnutls_tdb_t * @var{tdb}) +@var{tdb}: A pointer to the type to be initialized + +This function will initialize a public key trust storage structure. + +@strong{Returns:} On success, @code{GNUTLS_E_SUCCESS} (0) is returned, otherwise a +negative error value. +@end deftypefun + +@subheading gnutls_tdb_set_store_commitment_func +@anchor{gnutls_tdb_set_store_commitment_func} +@deftypefun {void} {gnutls_tdb_set_store_commitment_func} (gnutls_tdb_t @var{tdb}, gnutls_tdb_store_commitment_func @var{cstore}) +@var{tdb}: The trust storage + +@var{cstore}: The commitment storage function + +This function will associate a commitment (hash) storage function with the +trust storage structure. The function is of the following form. + +int gnutls_tdb_store_commitment_func(const char* db_name, const char* host, +const char* service, time_t expiration, +gnutls_digest_algorithm_t, const gnutls_datum_t* hash); + +The @code{db_name} should be used to pass any private data to this function. +@end deftypefun + +@subheading gnutls_tdb_set_store_func +@anchor{gnutls_tdb_set_store_func} +@deftypefun {void} {gnutls_tdb_set_store_func} (gnutls_tdb_t @var{tdb}, gnutls_tdb_store_func @var{store}) +@var{tdb}: The trust storage + +@var{store}: The storage function + +This function will associate a storage function with the +trust storage structure. The function is of the following form. + +int gnutls_tdb_store_func(const char* db_name, const char* host, +const char* service, time_t expiration, +const gnutls_datum_t* pubkey); + +The @code{db_name} should be used to pass any private data to this function. +@end deftypefun + +@subheading gnutls_tdb_set_verify_func +@anchor{gnutls_tdb_set_verify_func} +@deftypefun {void} {gnutls_tdb_set_verify_func} (gnutls_tdb_t @var{tdb}, gnutls_tdb_verify_func @var{verify}) +@var{tdb}: The trust storage + +@var{verify}: The verification function + +This function will associate a retrieval function with the +trust storage structure. The function is of the following form. + +int gnutls_tdb_verify_func(const char* db_name, const char* host, +const char* service, const gnutls_datum_t* pubkey); + +The verify function should return zero on a match, @code{GNUTLS_E_CERTIFICATE_KEY_MISMATCH} +if there is a mismatch and any other negative error code otherwise. + +The @code{db_name} should be used to pass any private data to this function. +@end deftypefun + +@subheading gnutls_transport_get_int +@anchor{gnutls_transport_get_int} +@deftypefun {int} {gnutls_transport_get_int} (gnutls_session_t @var{session}) +@var{session}: is a @code{gnutls_session_t} type. + +Used to get the first argument of the transport function (like +PUSH and PULL). This must have been set using +@code{gnutls_transport_set_int()} . + +@strong{Returns:} The first argument of the transport function. + +@strong{Since:} 3.1.9 +@end deftypefun + +@subheading gnutls_transport_get_int2 +@anchor{gnutls_transport_get_int2} +@deftypefun {void} {gnutls_transport_get_int2} (gnutls_session_t @var{session}, int * @var{recv_int}, int * @var{send_int}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{recv_int}: will hold the value for the pull function + +@var{send_int}: will hold the value for the push function + +Used to get the arguments of the transport functions (like PUSH +and PULL). These should have been set using +@code{gnutls_transport_set_int2()} . + +@strong{Since:} 3.1.9 +@end deftypefun + +@subheading gnutls_transport_get_ptr +@anchor{gnutls_transport_get_ptr} +@deftypefun {gnutls_transport_ptr_t} {gnutls_transport_get_ptr} (gnutls_session_t @var{session}) +@var{session}: is a @code{gnutls_session_t} type. + +Used to get the first argument of the transport function (like +PUSH and PULL). This must have been set using +@code{gnutls_transport_set_ptr()} . + +@strong{Returns:} The first argument of the transport function. +@end deftypefun + +@subheading gnutls_transport_get_ptr2 +@anchor{gnutls_transport_get_ptr2} +@deftypefun {void} {gnutls_transport_get_ptr2} (gnutls_session_t @var{session}, gnutls_transport_ptr_t * @var{recv_ptr}, gnutls_transport_ptr_t * @var{send_ptr}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{recv_ptr}: will hold the value for the pull function + +@var{send_ptr}: will hold the value for the push function + +Used to get the arguments of the transport functions (like PUSH +and PULL). These should have been set using +@code{gnutls_transport_set_ptr2()} . +@end deftypefun + +@subheading gnutls_transport_set_errno +@anchor{gnutls_transport_set_errno} +@deftypefun {void} {gnutls_transport_set_errno} (gnutls_session_t @var{session}, int @var{err}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{err}: error value to store in session-specific errno variable. + +Store @code{err} in the session-specific errno variable. Useful values +for @code{err} are EINTR, EAGAIN and EMSGSIZE, other values are treated will be +treated as real errors in the push/pull function. + +This function is useful in replacement push and pull functions set by +@code{gnutls_transport_set_push_function()} and +@code{gnutls_transport_set_pull_function()} under Windows, where the +replacements may not have access to the same @code{errno} variable that is used by GnuTLS (e.g., the application is linked to +msvcr71.dll and gnutls is linked to msvcrt.dll). + +This function is unreliable if you are using the same + @code{session} in different threads for sending and receiving. +@end deftypefun + +@subheading gnutls_transport_set_errno_function +@anchor{gnutls_transport_set_errno_function} +@deftypefun {void} {gnutls_transport_set_errno_function} (gnutls_session_t @var{session}, gnutls_errno_func @var{errno_func}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{errno_func}: a callback function similar to @code{write()} + +This is the function where you set a function to retrieve errno +after a failed push or pull operation. + + @code{errno_func} is of the form, +int (*gnutls_errno_func)(gnutls_transport_ptr_t); +and should return the errno. + +@strong{Since:} 2.12.0 +@end deftypefun + +@subheading gnutls_transport_set_int +@anchor{gnutls_transport_set_int} +@deftypefun {void} {gnutls_transport_set_int} (gnutls_session_t @var{session}, int @var{fd}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{fd}: is the socket descriptor for the connection. + +This function sets the first argument of the transport function, such +as @code{send()} and @code{recv()} for the default callbacks using the +system's socket API. + +This function is equivalent to calling @code{gnutls_transport_set_ptr()} +with the descriptor, but requires no casts. + +@strong{Since:} 3.1.9 +@end deftypefun + +@subheading gnutls_transport_set_int2 +@anchor{gnutls_transport_set_int2} +@deftypefun {void} {gnutls_transport_set_int2} (gnutls_session_t @var{session}, int @var{recv_fd}, int @var{send_fd}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{recv_fd}: is socket descriptor for the pull function + +@var{send_fd}: is socket descriptor for the push function + +This function sets the first argument of the transport functions, +such as @code{send()} and @code{recv()} for the default callbacks using the +system's socket API. With this function you can set two different +descriptors for receiving and sending. + +This function is equivalent to calling @code{gnutls_transport_set_ptr2()} +with the descriptors, but requires no casts. + +@strong{Since:} 3.1.9 +@end deftypefun + +@subheading gnutls_transport_set_ptr +@anchor{gnutls_transport_set_ptr} +@deftypefun {void} {gnutls_transport_set_ptr} (gnutls_session_t @var{session}, gnutls_transport_ptr_t @var{ptr}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{ptr}: is the value. + +Used to set the first argument of the transport function (for push +and pull callbacks). In berkeley style sockets this function will set the +connection descriptor. +@end deftypefun + +@subheading gnutls_transport_set_ptr2 +@anchor{gnutls_transport_set_ptr2} +@deftypefun {void} {gnutls_transport_set_ptr2} (gnutls_session_t @var{session}, gnutls_transport_ptr_t @var{recv_ptr}, gnutls_transport_ptr_t @var{send_ptr}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{recv_ptr}: is the value for the pull function + +@var{send_ptr}: is the value for the push function + +Used to set the first argument of the transport function (for push +and pull callbacks). In berkeley style sockets this function will set the +connection descriptor. With this function you can use two different +pointers for receiving and sending. +@end deftypefun + +@subheading gnutls_transport_set_pull_function +@anchor{gnutls_transport_set_pull_function} +@deftypefun {void} {gnutls_transport_set_pull_function} (gnutls_session_t @var{session}, gnutls_pull_func @var{pull_func}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{pull_func}: a callback function similar to @code{read()} + +This is the function where you set a function for gnutls to receive +data. Normally, if you use berkeley style sockets, do not need to +use this function since the default recv(2) will probably be ok. +The callback should return 0 on connection termination, a positive +number indicating the number of bytes received, and -1 on error. + + @code{gnutls_pull_func} is of the form, +ssize_t (*gnutls_pull_func)(gnutls_transport_ptr_t, void*, size_t); +@end deftypefun + +@subheading gnutls_transport_set_pull_timeout_function +@anchor{gnutls_transport_set_pull_timeout_function} +@deftypefun {void} {gnutls_transport_set_pull_timeout_function} (gnutls_session_t @var{session}, gnutls_pull_timeout_func @var{func}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{func}: a callback function + +This is the function where you set a function for gnutls to know +whether data are ready to be received. It should wait for data a +given time frame in milliseconds. The callback should return 0 on +timeout, a positive number if data can be received, and -1 on error. +You'll need to override this function if @code{select()} is not suitable +for the provided transport calls. + +As with @code{select()} , if the timeout value is zero the callback should return +zero if no data are immediately available. The special value +@code{GNUTLS_INDEFINITE_TIMEOUT} indicates that the callback should wait indefinitely +for data. + + @code{gnutls_pull_timeout_func} is of the form, +int (*gnutls_pull_timeout_func)(gnutls_transport_ptr_t, unsigned int ms); + +This callback is necessary when @code{gnutls_handshake_set_timeout()} or +@code{gnutls_record_set_timeout()} are set, and for calculating the DTLS mode +timeouts. + +In short, this callback should be set when a custom pull function is +registered. The callback will not be used when the session is in TLS mode with +non-blocking sockets. That is, when @code{GNUTLS_NONBLOCK} is specified for a TLS +session in @code{gnutls_init()} . For compatibility with future GnuTLS versions +it is recommended to always set this function when a custom pull function +is registered. + +The helper function @code{gnutls_system_recv_timeout()} is provided to +simplify writing callbacks. + +@strong{Since:} 3.0 +@end deftypefun + +@subheading gnutls_transport_set_push_function +@anchor{gnutls_transport_set_push_function} +@deftypefun {void} {gnutls_transport_set_push_function} (gnutls_session_t @var{session}, gnutls_push_func @var{push_func}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{push_func}: a callback function similar to @code{write()} + +This is the function where you set a push function for gnutls to +use in order to send data. If you are going to use berkeley style +sockets, you do not need to use this function since the default +send(2) will probably be ok. Otherwise you should specify this +function for gnutls to be able to send data. +The callback should return a positive number indicating the +bytes sent, and -1 on error. + + @code{push_func} is of the form, +ssize_t (*gnutls_push_func)(gnutls_transport_ptr_t, const void*, size_t); +@end deftypefun + +@subheading gnutls_transport_set_vec_push_function +@anchor{gnutls_transport_set_vec_push_function} +@deftypefun {void} {gnutls_transport_set_vec_push_function} (gnutls_session_t @var{session}, gnutls_vec_push_func @var{vec_func}) +@var{session}: is a @code{gnutls_session_t} type. + +@var{vec_func}: a callback function similar to @code{writev()} + +Using this function you can override the default writev(2) +function for gnutls to send data. Setting this callback +instead of @code{gnutls_transport_set_push_function()} is recommended +since it introduces less overhead in the TLS handshake process. + + @code{vec_func} is of the form, +ssize_t (*gnutls_vec_push_func) (gnutls_transport_ptr_t, const giovec_t * iov, int iovcnt); + +@strong{Since:} 2.12.0 +@end deftypefun + +@subheading gnutls_url_is_supported +@anchor{gnutls_url_is_supported} +@deftypefun {unsigned} {gnutls_url_is_supported} (const char * @var{url}) +@var{url}: A URI to be tested + +Check whether the provided @code{url} is supported. Depending on the system libraries +GnuTLS may support pkcs11, tpmkey or other URLs. + +@strong{Returns:} return non-zero if the given URL is supported, and zero if +it is not known. + +@strong{Since:} 3.1.0 +@end deftypefun + +@subheading gnutls_utf8_password_normalize +@anchor{gnutls_utf8_password_normalize} +@deftypefun {int} {gnutls_utf8_password_normalize} (const unsigned char * @var{password}, unsigned @var{plen}, gnutls_datum_t * @var{out}, unsigned @var{flags}) +@var{password}: contain the UTF-8 formatted password + +@var{plen}: the length of the provided password + +@var{out}: the result in an null-terminated allocated string + +@var{flags}: should be zero + +This function will convert the provided UTF-8 password according +to the normalization rules in RFC7613. + +If the flag @code{GNUTLS_UTF8_IGNORE_ERRS} is specified, any UTF-8 encoding +errors will be ignored, and in that case the output will be a copy of the input. + +@strong{Returns:} @code{GNUTLS_E_INVALID_UTF8_STRING} on invalid UTF-8 data, or 0 on success. + +@strong{Since:} 3.5.7 +@end deftypefun + +@subheading gnutls_verify_stored_pubkey +@anchor{gnutls_verify_stored_pubkey} +@deftypefun {int} {gnutls_verify_stored_pubkey} (const char * @var{db_name}, gnutls_tdb_t @var{tdb}, const char * @var{host}, const char * @var{service}, gnutls_certificate_type_t @var{cert_type}, const gnutls_datum_t * @var{cert}, unsigned int @var{flags}) +@var{db_name}: A file specifying the stored keys (use NULL for the default) + +@var{tdb}: A storage structure or NULL to use the default + +@var{host}: The peer's name + +@var{service}: non-NULL if this key is specific to a service (e.g. http) + +@var{cert_type}: The type of the certificate + +@var{cert}: The raw (der) data of the certificate + +@var{flags}: should be 0. + +This function will try to verify a raw public-key or a public-key provided via +a raw (DER-encoded) certificate using a list of stored public keys. +The @code{service} field if non-NULL should be a port number. + +The @code{db_name} variable if non-null specifies a custom backend for +the retrieval of entries. If it is NULL then the +default file backend will be used. In POSIX-like systems the +file backend uses the $HOME/.gnutls/known_hosts file. + +Note that if the custom storage backend is provided the +retrieval function should return @code{GNUTLS_E_CERTIFICATE_KEY_MISMATCH} +if the host/service pair is found but key doesn't match, +@code{GNUTLS_E_NO_CERTIFICATE_FOUND} if no such host/service with +the given key is found, and 0 if it was found. The storage +function should return 0 on success. + +As of GnuTLS 3.6.6 this function also verifies raw public keys. + +@strong{Returns:} If no associated public key is found +then @code{GNUTLS_E_NO_CERTIFICATE_FOUND} will be returned. If a key +is found but does not match @code{GNUTLS_E_CERTIFICATE_KEY_MISMATCH} +is returned. On success, @code{GNUTLS_E_SUCCESS} (0) is returned, +or a negative error value on other errors. + +@strong{Since:} 3.0.13 +@end deftypefun + diff --git a/doc/gnutls-client-server-use-case.dia b/doc/gnutls-client-server-use-case.dia new file mode 100644 index 0000000..88e8a8c Binary files /dev/null and b/doc/gnutls-client-server-use-case.dia differ diff --git a/doc/gnutls-client-server-use-case.eps b/doc/gnutls-client-server-use-case.eps new file mode 100644 index 0000000..4f60f6c --- /dev/null +++ b/doc/gnutls-client-server-use-case.eps @@ -0,0 +1,1722 @@ +%!PS-Adobe-2.0 EPSF-2.0 +%%Title: client-server-use-case.dia +%%Creator: Dia v0.94 +%%CreationDate: Thu Nov 10 11:56:17 2005 +%%For: nik +%%Orientation: Portrait +%%Magnification: 1.0000 +%%BoundingBox: 0 0 447 345 +%%BeginSetup +%%EndSetup +%%EndComments +%%BeginProlog +[ /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef +/.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef +/.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef +/.notdef /.notdef /space /exclam /quotedbl /numbersign /dollar /percent /ampersand /quoteright +/parenleft /parenright /asterisk /plus /comma /hyphen /period /slash /zero /one +/two /three /four /five /six /seven /eight /nine /colon /semicolon +/less /equal /greater /question /at /A /B /C /D /E +/F /G /H /I /J /K /L /M /N /O +/P /Q /R /S /T /U /V /W /X /Y +/Z /bracketleft /backslash /bracketright /asciicircum /underscore /quoteleft /a /b /c +/d /e /f /g /h /i /j /k /l /m +/n /o /p /q /r /s /t /u /v /w +/x /y /z /braceleft /bar /braceright /asciitilde /.notdef /.notdef /.notdef +/.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef +/.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef +/.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef +/space /exclamdown /cent /sterling /currency /yen /brokenbar /section /dieresis /copyright +/ordfeminine /guillemotleft /logicalnot /hyphen /registered /macron /degree /plusminus /twosuperior /threesuperior +/acute /mu /paragraph /periodcentered /cedilla /onesuperior /ordmasculine /guillemotright /onequarter /onehalf +/threequarters /questiondown /Agrave /Aacute /Acircumflex /Atilde /Adieresis /Aring /AE /Ccedilla +/Egrave /Eacute /Ecircumflex /Edieresis /Igrave /Iacute /Icircumflex /Idieresis /Eth /Ntilde +/Ograve /Oacute /Ocircumflex /Otilde /Odieresis /multiply /Oslash /Ugrave /Uacute /Ucircumflex +/Udieresis /Yacute /Thorn /germandbls /agrave /aacute /acircumflex /atilde /adieresis /aring +/ae /ccedilla /egrave /eacute /ecircumflex /edieresis /igrave /iacute /icircumflex /idieresis +/eth /ntilde /ograve /oacute /ocircumflex /otilde /odieresis /divide /oslash /ugrave +/uacute /ucircumflex /udieresis /yacute /thorn /ydieresis] /isolatin1encoding exch def +/cp {closepath} bind def +/c {curveto} bind def +/f {fill} bind def +/a {arc} bind def +/ef {eofill} bind def +/ex {exch} bind def +/gr {grestore} bind def +/gs {gsave} bind def +/sa {save} bind def +/rs {restore} bind def +/l {lineto} bind def +/m {moveto} bind def +/rm {rmoveto} bind def +/n {newpath} bind def +/s {stroke} bind def +/sh {show} bind def +/slc {setlinecap} bind def +/slj {setlinejoin} bind def +/slw {setlinewidth} bind def +/srgb {setrgbcolor} bind def +/rot {rotate} bind def +/sc {scale} bind def +/sd {setdash} bind def +/ff {findfont} bind def +/sf {setfont} bind def +/scf {scalefont} bind def +/sw {stringwidth pop} bind def +/tr {translate} bind def + +/ellipsedict 8 dict def +ellipsedict /mtrx matrix put +/ellipse +{ ellipsedict begin + /endangle exch def + /startangle exch def + /yrad exch def + /xrad exch def + /y exch def + /x exch def /savematrix mtrx currentmatrix def + x y tr xrad yrad sc + 0 0 1 startangle endangle arc + savematrix setmatrix + end +} def + +/mergeprocs { +dup length +3 -1 roll +dup +length +dup +5 1 roll +3 -1 roll +add +array cvx +dup +3 -1 roll +0 exch +putinterval +dup +4 2 roll +putinterval +} bind def +/dpi_x 300 def +/dpi_y 300 def +/conicto { + /to_y exch def + /to_x exch def + /conic_cntrl_y exch def + /conic_cntrl_x exch def + currentpoint + /p0_y exch def + /p0_x exch def + /p1_x p0_x conic_cntrl_x p0_x sub 2 3 div mul add def + /p1_y p0_y conic_cntrl_y p0_y sub 2 3 div mul add def + /p2_x p1_x to_x p0_x sub 1 3 div mul add def + /p2_y p1_y to_y p0_y sub 1 3 div mul add def + p1_x p1_y p2_x p2_y to_x to_y curveto +} bind def +/start_ol { gsave 1.1 dpi_x div dup scale} bind def +/end_ol { closepath fill grestore } bind def +28.346000 -28.346000 scale +-2.250000 -10.950000 translate +%%EndProlog + + +0.100000 slw +[] 0 sd +1.000000 1.000000 1.000000 srgb +n 3.550000 4.000000 0.300000 0.300000 0 360 ellipse f +0.000000 0.000000 0.000000 srgb +n 3.550000 4.000000 0.300000 0.300000 0 360 ellipse cp s +n 2.350000 4.600000 m 4.750000 4.600000 l s +n 3.550000 4.300000 m 3.550000 5.800000 l s +n 3.550000 5.800000 m 2.350000 7.100000 l s +n 3.550000 5.800000 m 4.750000 7.100000 l s +gsave 2.677933 8.300000 translate 0.035278 -0.035278 scale +start_ol +2944 3072 moveto +2944 2624 lineto +2713 2817 2452 2912 conicto +2192 3008 1897 3008 conicto +1319 3008 1011 2662 conicto +704 2316 704 1663 conicto +704 1012 1011 666 conicto +1319 320 1897 320 conicto +2192 320 2452 415 conicto +2713 511 2944 704 conicto +2944 256 lineto +2707 96 2442 16 conicto +2178 -64 1883 -64 conicto +1126 -64 691 399 conicto +256 862 256 1663 conicto +256 2466 691 2929 conicto +1126 3392 1883 3392 conicto +2183 3392 2447 3311 conicto +2712 3231 2944 3072 conicto +end_ol grestore +gsave 3.101267 8.300000 translate 0.035278 -0.035278 scale +start_ol +448 3520 moveto +832 3520 lineto +832 0 lineto +448 0 lineto +448 3520 lineto +end_ol grestore +gsave 3.270600 8.300000 translate 0.035278 -0.035278 scale +start_ol +448 2496 moveto +832 2496 lineto +832 0 lineto +448 0 lineto +448 2496 lineto +448 3520 moveto +832 3520 lineto +832 3008 lineto +448 3008 lineto +448 3520 lineto +end_ol grestore +gsave 3.439933 8.300000 translate 0.035278 -0.035278 scale +start_ol +2624 1352 moveto +2624 1152 lineto +704 1152 lineto +731 715 960 485 conicto +1189 256 1597 256 conicto +1834 256 2056 320 conicto +2278 384 2496 512 conicto +2496 128 lineto +2273 34 2039 -15 conicto +1805 -64 1565 -64 conicto +961 -64 608 284 conicto +256 632 256 1225 conicto +256 1839 595 2199 conicto +934 2560 1509 2560 conicto +2024 2560 2324 2235 conicto +2624 1910 2624 1352 conicto +2240 1472 moveto +2235 1822 2043 2031 conicto +1852 2240 1537 2240 conicto +1180 2240 965 2038 conicto +750 1836 718 1470 conicto +2240 1472 lineto +end_ol grestore +gsave 3.812467 8.300000 translate 0.035278 -0.035278 scale +start_ol +2560 1509 moveto +2560 0 lineto +2176 0 lineto +2176 1496 lineto +2176 1869 2029 2054 conicto +1883 2240 1590 2240 conicto +1238 2240 1035 2018 conicto +832 1796 832 1413 conicto +832 0 lineto +448 0 lineto +448 2496 lineto +832 2496 lineto +832 2112 lineto +983 2337 1188 2448 conicto +1394 2560 1662 2560 conicto +2106 2560 2333 2293 conicto +2560 2027 2560 1509 conicto +end_ol grestore +gsave 4.201933 8.300000 translate 0.035278 -0.035278 scale +start_ol +832 3200 moveto +832 2496 lineto +1664 2496 lineto +1664 2176 lineto +832 2176 lineto +832 804 lineto +832 495 914 407 conicto +997 320 1248 320 conicto +1664 320 lineto +1664 0 lineto +1248 0 lineto +793 0 620 173 conicto +448 347 448 804 conicto +448 2176 lineto +128 2176 lineto +128 2496 lineto +448 2496 lineto +448 3200 lineto +832 3200 lineto +end_ol grestore +0.100000 slw +[] 0 sd +1.000000 1.000000 1.000000 srgb +n 16.700000 3.500000 0.300000 0.300000 0 360 ellipse f +0.000000 0.000000 0.000000 srgb +n 16.700000 3.500000 0.300000 0.300000 0 360 ellipse cp s +n 15.500000 4.100000 m 17.900000 4.100000 l s +n 16.700000 3.800000 m 16.700000 5.300000 l s +n 16.700000 5.300000 m 15.500000 6.600000 l s +n 16.700000 5.300000 m 17.900000 6.600000 l s +gsave 15.696700 7.800000 translate 0.035278 -0.035278 scale +start_ol +2496 3200 moveto +2496 2752 lineto +2234 2882 2001 2945 conicto +1768 3008 1552 3008 conicto +1175 3008 971 2863 conicto +768 2718 768 2452 conicto +768 2228 905 2113 conicto +1042 1999 1426 1929 conicto +1708 1873 lineto +2210 1778 2449 1540 conicto +2688 1303 2688 903 conicto +2688 427 2358 181 conicto +2029 -64 1392 -64 conicto +1152 -64 881 -15 conicto +610 33 320 128 conicto +320 576 lineto +603 448 875 384 conicto +1147 320 1409 320 conicto +1807 320 2023 465 conicto +2240 610 2240 878 conicto +2240 1113 2084 1245 conicto +1928 1378 1572 1444 conicto +1288 1497 lineto +776 1599 548 1817 conicto +320 2035 320 2424 conicto +320 2874 636 3133 conicto +952 3392 1507 3392 conicto +1744 3392 1991 3344 conicto +2238 3297 2496 3200 conicto +end_ol grestore +gsave 16.086167 7.800000 translate 0.035278 -0.035278 scale +start_ol +2624 1352 moveto +2624 1152 lineto +704 1152 lineto +731 715 960 485 conicto +1189 256 1597 256 conicto +1834 256 2056 320 conicto +2278 384 2496 512 conicto +2496 128 lineto +2273 34 2039 -15 conicto +1805 -64 1565 -64 conicto +961 -64 608 284 conicto +256 632 256 1225 conicto +256 1839 595 2199 conicto +934 2560 1509 2560 conicto +2024 2560 2324 2235 conicto +2624 1910 2624 1352 conicto +2240 1472 moveto +2235 1822 2043 2031 conicto +1852 2240 1537 2240 conicto +1180 2240 965 2038 conicto +750 1836 718 1470 conicto +2240 1472 lineto +end_ol grestore +gsave 16.458700 7.800000 translate 0.035278 -0.035278 scale +start_ol +1920 2112 moveto +1848 2178 1764 2209 conicto +1680 2240 1578 2240 conicto +1218 2240 1025 2001 conicto +832 1763 832 1317 conicto +832 0 lineto +448 0 lineto +448 2496 lineto +832 2496 lineto +832 2112 lineto +965 2339 1180 2449 conicto +1396 2560 1702 2560 conicto +1747 2560 1799 2560 conicto +1852 2560 1917 2560 conicto +1920 2112 lineto +end_ol grestore +gsave 16.712700 7.800000 translate 0.035278 -0.035278 scale +start_ol +128 2496 moveto +563 2496 lineto +1344 401 lineto +2125 2496 lineto +2560 2496 lineto +1623 0 lineto +1065 0 lineto +128 2496 lineto +end_ol grestore +gsave 17.076767 7.800000 translate 0.035278 -0.035278 scale +start_ol +2624 1352 moveto +2624 1152 lineto +704 1152 lineto +731 715 960 485 conicto +1189 256 1597 256 conicto +1834 256 2056 320 conicto +2278 384 2496 512 conicto +2496 128 lineto +2273 34 2039 -15 conicto +1805 -64 1565 -64 conicto +961 -64 608 284 conicto +256 632 256 1225 conicto +256 1839 595 2199 conicto +934 2560 1509 2560 conicto +2024 2560 2324 2235 conicto +2624 1910 2624 1352 conicto +2240 1472 moveto +2235 1822 2043 2031 conicto +1852 2240 1537 2240 conicto +1180 2240 965 2038 conicto +750 1836 718 1470 conicto +2240 1472 lineto +end_ol grestore +gsave 17.449300 7.800000 translate 0.035278 -0.035278 scale +start_ol +1920 2112 moveto +1848 2178 1764 2209 conicto +1680 2240 1578 2240 conicto +1218 2240 1025 2001 conicto +832 1763 832 1317 conicto +832 0 lineto +448 0 lineto +448 2496 lineto +832 2496 lineto +832 2112 lineto +965 2339 1180 2449 conicto +1396 2560 1702 2560 conicto +1747 2560 1799 2560 conicto +1852 2560 1917 2560 conicto +1920 2112 lineto +end_ol grestore +0.100000 slw +[] 0 sd +1.000000 1.000000 1.000000 srgb +n 8.850000 2.783330 m 8.850000 4.583330 l 11.600000 4.583330 l 11.600000 2.783330 l f +n 8.850000 3.683330 m 8.850000 3.683330 0.900000 0.900000 180.000000 270.000000 ellipse f +n 11.600000 3.683330 m 11.600000 3.683330 0.900000 0.900000 270.000000 360.000000 ellipse f +n 7.950000 3.683330 m 7.950000 3.683330 l 12.500000 3.683330 l 12.500000 3.683330 l f +n 8.850000 3.683330 m 8.850000 3.683330 0.900000 0.900000 90.000000 180.000000 ellipse f +n 11.600000 3.683330 m 11.600000 3.683330 0.900000 0.900000 0.000000 90.000000 ellipse f +0.000000 0.000000 0.000000 srgb +n 8.850000 2.783330 m 11.600000 2.783330 l s +n 8.850000 4.583330 m 11.600000 4.583330 l s +n 8.850000 3.683330 0.900000 0.900000 180.000000 270.000000 ellipse s +n 11.600000 3.683330 0.900000 0.900000 270.000000 360.000000 ellipse s +n 7.950000 3.683330 m 7.950000 3.683330 l s +n 12.500000 3.683330 m 12.500000 3.683330 l s +n 8.850000 3.683330 0.900000 0.900000 90.000000 180.000000 ellipse s +n 11.600000 3.683330 0.900000 0.900000 0.000000 90.000000 ellipse s +gsave 8.540133 3.883330 translate 0.035278 -0.035278 scale +start_ol +448 3328 moveto +896 3328 lineto +896 1984 lineto +2560 1984 lineto +2560 3328 lineto +3008 3328 lineto +3008 0 lineto +2560 0 lineto +2560 1600 lineto +896 1600 lineto +896 0 lineto +448 0 lineto +448 3328 lineto +end_ol grestore +gsave 8.997333 3.883330 translate 0.035278 -0.035278 scale +start_ol +1559 1280 moveto +1040 1280 840 1160 conicto +640 1041 640 754 conicto +640 525 790 390 conicto +940 256 1198 256 conicto +1554 256 1769 510 conicto +1984 765 1984 1187 conicto +1984 1280 lineto +1559 1280 lineto +2368 1449 moveto +2368 0 lineto +1984 0 lineto +1984 384 lineto +1842 154 1628 45 conicto +1415 -64 1107 -64 conicto +717 -64 486 154 conicto +256 372 256 739 conicto +256 1166 539 1383 conicto +822 1600 1384 1600 conicto +1984 1600 lineto +1984 1641 lineto +1984 1927 1796 2083 conicto +1608 2240 1266 2240 conicto +1049 2240 843 2192 conicto +638 2144 448 2048 conicto +448 2432 lineto +673 2496 884 2528 conicto +1095 2560 1295 2560 conicto +1835 2560 2101 2284 conicto +2368 2009 2368 1449 conicto +end_ol grestore +gsave 9.369867 3.883330 translate 0.035278 -0.035278 scale +start_ol +2560 1509 moveto +2560 0 lineto +2176 0 lineto +2176 1496 lineto +2176 1869 2029 2054 conicto +1883 2240 1590 2240 conicto +1238 2240 1035 2018 conicto +832 1796 832 1413 conicto +832 0 lineto +448 0 lineto +448 2496 lineto +832 2496 lineto +832 2112 lineto +983 2337 1188 2448 conicto +1394 2560 1662 2560 conicto +2106 2560 2333 2293 conicto +2560 2027 2560 1509 conicto +end_ol grestore +gsave 9.759333 3.883330 translate 0.035278 -0.035278 scale +start_ol +2112 2112 moveto +2112 3520 lineto +2496 3520 lineto +2496 0 lineto +2112 0 lineto +2112 384 lineto +1980 156 1779 46 conicto +1578 -64 1297 -64 conicto +835 -64 545 297 conicto +256 659 256 1248 conicto +256 1837 545 2198 conicto +835 2560 1297 2560 conicto +1578 2560 1779 2450 conicto +1980 2340 2112 2112 conicto +704 1249 moveto +704 784 891 520 conicto +1079 256 1407 256 conicto +1735 256 1923 520 conicto +2112 784 2112 1249 conicto +2112 1713 1923 1976 conicto +1735 2240 1407 2240 conicto +1079 2240 891 1976 conicto +704 1713 704 1249 conicto +end_ol grestore +gsave 10.148800 3.883330 translate 0.035278 -0.035278 scale +start_ol +2048 2432 moveto +2048 2048 lineto +1868 2144 1674 2192 conicto +1480 2240 1273 2240 conicto +957 2240 798 2144 conicto +640 2048 640 1856 conicto +640 1709 757 1625 conicto +875 1542 1229 1467 conicto +1380 1435 lineto +1812 1341 1994 1170 conicto +2176 999 2176 692 conicto +2176 343 1899 139 conicto +1622 -64 1137 -64 conicto +936 -64 717 -32 conicto +498 0 256 64 conicto +256 512 lineto +490 385 718 320 conicto +947 256 1170 256 conicto +1470 256 1631 358 conicto +1792 461 1792 647 conicto +1792 820 1670 912 conicto +1549 1004 1141 1089 conicto +988 1123 lineto +600 1203 428 1369 conicto +256 1535 256 1824 conicto +256 2177 510 2368 conicto +765 2560 1233 2560 conicto +1466 2560 1670 2528 conicto +1875 2496 2048 2432 conicto +end_ol grestore +gsave 10.470533 3.883330 translate 0.035278 -0.035278 scale +start_ol +2560 1509 moveto +2560 0 lineto +2176 0 lineto +2176 1496 lineto +2176 1869 2029 2054 conicto +1883 2240 1590 2240 conicto +1238 2240 1035 2018 conicto +832 1796 832 1413 conicto +832 0 lineto +448 0 lineto +448 3520 lineto +832 3520 lineto +832 2112 lineto +983 2337 1188 2448 conicto +1394 2560 1662 2560 conicto +2106 2560 2333 2293 conicto +2560 2027 2560 1509 conicto +end_ol grestore +gsave 10.860000 3.883330 translate 0.035278 -0.035278 scale +start_ol +1559 1280 moveto +1040 1280 840 1160 conicto +640 1041 640 754 conicto +640 525 790 390 conicto +940 256 1198 256 conicto +1554 256 1769 510 conicto +1984 765 1984 1187 conicto +1984 1280 lineto +1559 1280 lineto +2368 1449 moveto +2368 0 lineto +1984 0 lineto +1984 384 lineto +1842 154 1628 45 conicto +1415 -64 1107 -64 conicto +717 -64 486 154 conicto +256 372 256 739 conicto +256 1166 539 1383 conicto +822 1600 1384 1600 conicto +1984 1600 lineto +1984 1641 lineto +1984 1927 1796 2083 conicto +1608 2240 1266 2240 conicto +1049 2240 843 2192 conicto +638 2144 448 2048 conicto +448 2432 lineto +673 2496 884 2528 conicto +1095 2560 1295 2560 conicto +1835 2560 2101 2284 conicto +2368 2009 2368 1449 conicto +end_ol grestore +gsave 11.232533 3.883330 translate 0.035278 -0.035278 scale +start_ol +448 3520 moveto +832 3520 lineto +832 1419 lineto +2087 2496 lineto +2624 2496 lineto +1266 1328 lineto +2688 0 lineto +2137 0 lineto +832 1219 lineto +832 0 lineto +448 0 lineto +448 3520 lineto +end_ol grestore +gsave 11.562733 3.883330 translate 0.035278 -0.035278 scale +start_ol +2624 1352 moveto +2624 1152 lineto +704 1152 lineto +731 715 960 485 conicto +1189 256 1597 256 conicto +1834 256 2056 320 conicto +2278 384 2496 512 conicto +2496 128 lineto +2273 34 2039 -15 conicto +1805 -64 1565 -64 conicto +961 -64 608 284 conicto +256 632 256 1225 conicto +256 1839 595 2199 conicto +934 2560 1509 2560 conicto +2024 2560 2324 2235 conicto +2624 1910 2624 1352 conicto +2240 1472 moveto +2235 1822 2043 2031 conicto +1852 2240 1537 2240 conicto +1180 2240 965 2038 conicto +750 1836 718 1470 conicto +2240 1472 lineto +end_ol grestore +0.100000 slw +[] 0 sd +1.000000 1.000000 1.000000 srgb +n 9.000000 5.966670 m 9.000000 7.766670 l 11.450000 7.766670 l 11.450000 5.966670 l f +n 9.000000 6.866670 m 9.000000 6.866670 0.900000 0.900000 180.000000 270.000000 ellipse f +n 11.450000 6.866670 m 11.450000 6.866670 0.900000 0.900000 270.000000 360.000000 ellipse f +n 8.100000 6.866670 m 8.100000 6.866670 l 12.350000 6.866670 l 12.350000 6.866670 l f +n 9.000000 6.866670 m 9.000000 6.866670 0.900000 0.900000 90.000000 180.000000 ellipse f +n 11.450000 6.866670 m 11.450000 6.866670 0.900000 0.900000 0.000000 90.000000 ellipse f +0.000000 0.000000 0.000000 srgb +n 9.000000 5.966670 m 11.450000 5.966670 l s +n 9.000000 7.766670 m 11.450000 7.766670 l s +n 9.000000 6.866670 0.900000 0.900000 180.000000 270.000000 ellipse s +n 11.450000 6.866670 0.900000 0.900000 270.000000 360.000000 ellipse s +n 8.100000 6.866670 m 8.100000 6.866670 l s +n 12.350000 6.866670 m 12.350000 6.866670 l s +n 9.000000 6.866670 0.900000 0.900000 90.000000 180.000000 ellipse s +n 11.450000 6.866670 0.900000 0.900000 0.000000 90.000000 ellipse s +gsave 8.701000 7.066670 translate 0.035278 -0.035278 scale +start_ol +2496 3200 moveto +2496 2752 lineto +2234 2882 2001 2945 conicto +1768 3008 1552 3008 conicto +1175 3008 971 2863 conicto +768 2718 768 2452 conicto +768 2228 905 2113 conicto +1042 1999 1426 1929 conicto +1708 1873 lineto +2210 1778 2449 1540 conicto +2688 1303 2688 903 conicto +2688 427 2358 181 conicto +2029 -64 1392 -64 conicto +1152 -64 881 -15 conicto +610 33 320 128 conicto +320 576 lineto +603 448 875 384 conicto +1147 320 1409 320 conicto +1807 320 2023 465 conicto +2240 610 2240 878 conicto +2240 1113 2084 1245 conicto +1928 1378 1572 1444 conicto +1288 1497 lineto +776 1599 548 1817 conicto +320 2035 320 2424 conicto +320 2874 636 3133 conicto +952 3392 1507 3392 conicto +1744 3392 1991 3344 conicto +2238 3297 2496 3200 conicto +end_ol grestore +gsave 9.090467 7.066670 translate 0.035278 -0.035278 scale +start_ol +2624 1352 moveto +2624 1152 lineto +704 1152 lineto +731 715 960 485 conicto +1189 256 1597 256 conicto +1834 256 2056 320 conicto +2278 384 2496 512 conicto +2496 128 lineto +2273 34 2039 -15 conicto +1805 -64 1565 -64 conicto +961 -64 608 284 conicto +256 632 256 1225 conicto +256 1839 595 2199 conicto +934 2560 1509 2560 conicto +2024 2560 2324 2235 conicto +2624 1910 2624 1352 conicto +2240 1472 moveto +2235 1822 2043 2031 conicto +1852 2240 1537 2240 conicto +1180 2240 965 2038 conicto +750 1836 718 1470 conicto +2240 1472 lineto +end_ol grestore +gsave 9.463000 7.066670 translate 0.035278 -0.035278 scale +start_ol +2560 1509 moveto +2560 0 lineto +2176 0 lineto +2176 1496 lineto +2176 1869 2029 2054 conicto +1883 2240 1590 2240 conicto +1238 2240 1035 2018 conicto +832 1796 832 1413 conicto +832 0 lineto +448 0 lineto +448 2496 lineto +832 2496 lineto +832 2112 lineto +983 2337 1188 2448 conicto +1394 2560 1662 2560 conicto +2106 2560 2333 2293 conicto +2560 2027 2560 1509 conicto +end_ol grestore +gsave 9.852467 7.066670 translate 0.035278 -0.035278 scale +start_ol +2112 2112 moveto +2112 3520 lineto +2496 3520 lineto +2496 0 lineto +2112 0 lineto +2112 384 lineto +1980 156 1779 46 conicto +1578 -64 1297 -64 conicto +835 -64 545 297 conicto +256 659 256 1248 conicto +256 1837 545 2198 conicto +835 2560 1297 2560 conicto +1578 2560 1779 2450 conicto +1980 2340 2112 2112 conicto +704 1249 moveto +704 784 891 520 conicto +1079 256 1407 256 conicto +1735 256 1923 520 conicto +2112 784 2112 1249 conicto +2112 1713 1923 1976 conicto +1735 2240 1407 2240 conicto +1079 2240 891 1976 conicto +704 1713 704 1249 conicto +end_ol grestore +gsave 10.241933 7.066670 translate 0.035278 -0.035278 scale +start_ol +end_ol grestore +gsave 10.436667 7.066670 translate 0.035278 -0.035278 scale +start_ol +2112 2112 moveto +2112 3520 lineto +2496 3520 lineto +2496 0 lineto +2112 0 lineto +2112 384 lineto +1980 156 1779 46 conicto +1578 -64 1297 -64 conicto +835 -64 545 297 conicto +256 659 256 1248 conicto +256 1837 545 2198 conicto +835 2560 1297 2560 conicto +1578 2560 1779 2450 conicto +1980 2340 2112 2112 conicto +704 1249 moveto +704 784 891 520 conicto +1079 256 1407 256 conicto +1735 256 1923 520 conicto +2112 784 2112 1249 conicto +2112 1713 1923 1976 conicto +1735 2240 1407 2240 conicto +1079 2240 891 1976 conicto +704 1713 704 1249 conicto +end_ol grestore +gsave 10.826133 7.066670 translate 0.035278 -0.035278 scale +start_ol +1559 1280 moveto +1040 1280 840 1160 conicto +640 1041 640 754 conicto +640 525 790 390 conicto +940 256 1198 256 conicto +1554 256 1769 510 conicto +1984 765 1984 1187 conicto +1984 1280 lineto +1559 1280 lineto +2368 1449 moveto +2368 0 lineto +1984 0 lineto +1984 384 lineto +1842 154 1628 45 conicto +1415 -64 1107 -64 conicto +717 -64 486 154 conicto +256 372 256 739 conicto +256 1166 539 1383 conicto +822 1600 1384 1600 conicto +1984 1600 lineto +1984 1641 lineto +1984 1927 1796 2083 conicto +1608 2240 1266 2240 conicto +1049 2240 843 2192 conicto +638 2144 448 2048 conicto +448 2432 lineto +673 2496 884 2528 conicto +1095 2560 1295 2560 conicto +1835 2560 2101 2284 conicto +2368 2009 2368 1449 conicto +end_ol grestore +gsave 11.198667 7.066670 translate 0.035278 -0.035278 scale +start_ol +832 3200 moveto +832 2496 lineto +1664 2496 lineto +1664 2176 lineto +832 2176 lineto +832 804 lineto +832 495 914 407 conicto +997 320 1248 320 conicto +1664 320 lineto +1664 0 lineto +1248 0 lineto +793 0 620 173 conicto +448 347 448 804 conicto +448 2176 lineto +128 2176 lineto +128 2496 lineto +448 2496 lineto +448 3200 lineto +832 3200 lineto +end_ol grestore +gsave 11.435733 7.066670 translate 0.035278 -0.035278 scale +start_ol +1559 1280 moveto +1040 1280 840 1160 conicto +640 1041 640 754 conicto +640 525 790 390 conicto +940 256 1198 256 conicto +1554 256 1769 510 conicto +1984 765 1984 1187 conicto +1984 1280 lineto +1559 1280 lineto +2368 1449 moveto +2368 0 lineto +1984 0 lineto +1984 384 lineto +1842 154 1628 45 conicto +1415 -64 1107 -64 conicto +717 -64 486 154 conicto +256 372 256 739 conicto +256 1166 539 1383 conicto +822 1600 1384 1600 conicto +1984 1600 lineto +1984 1641 lineto +1984 1927 1796 2083 conicto +1608 2240 1266 2240 conicto +1049 2240 843 2192 conicto +638 2144 448 2048 conicto +448 2432 lineto +673 2496 884 2528 conicto +1095 2560 1295 2560 conicto +1835 2560 2101 2284 conicto +2368 2009 2368 1449 conicto +end_ol grestore +0.100000 slw +[] 0 sd +1.000000 1.000000 1.000000 srgb +n 8.625000 9.150000 m 8.625000 10.950000 l 11.825000 10.950000 l 11.825000 9.150000 l f +n 8.625000 10.050000 m 8.625000 10.050000 0.900000 0.900000 180.000000 270.000000 ellipse f +n 11.825000 10.050000 m 11.825000 10.050000 0.900000 0.900000 270.000000 360.000000 ellipse f +n 7.725000 10.050000 m 7.725000 10.050000 l 12.725000 10.050000 l 12.725000 10.050000 l f +n 8.625000 10.050000 m 8.625000 10.050000 0.900000 0.900000 90.000000 180.000000 ellipse f +n 11.825000 10.050000 m 11.825000 10.050000 0.900000 0.900000 0.000000 90.000000 ellipse f +0.000000 0.000000 0.000000 srgb +n 8.625000 9.150000 m 11.825000 9.150000 l s +n 8.625000 10.950000 m 11.825000 10.950000 l s +n 8.625000 10.050000 0.900000 0.900000 180.000000 270.000000 ellipse s +n 11.825000 10.050000 0.900000 0.900000 270.000000 360.000000 ellipse s +n 7.725000 10.050000 m 7.725000 10.050000 l s +n 12.725000 10.050000 m 12.725000 10.050000 l s +n 8.625000 10.050000 0.900000 0.900000 90.000000 180.000000 ellipse s +n 11.825000 10.050000 0.900000 0.900000 0.000000 90.000000 ellipse s +gsave 8.277667 10.250000 translate 0.035278 -0.035278 scale +start_ol +2075 1568 moveto +2215 1519 2346 1356 conicto +2478 1194 2612 910 conicto +3072 0 lineto +2587 0 lineto +2184 855 lineto +2012 1189 1850 1298 conicto +1688 1408 1409 1408 conicto +896 1408 lineto +896 0 lineto +448 0 lineto +448 3328 lineto +1488 3328 lineto +2060 3328 2342 3090 conicto +2624 2853 2624 2374 conicto +2624 2061 2484 1854 conicto +2344 1648 2075 1568 conicto +896 2944 moveto +896 1792 lineto +1488 1792 lineto +1829 1792 2002 1939 conicto +2176 2086 2176 2370 conicto +2176 2655 2002 2799 conicto +1829 2944 1488 2944 conicto +896 2944 lineto +end_ol grestore +gsave 8.675600 10.250000 translate 0.035278 -0.035278 scale +start_ol +2624 1352 moveto +2624 1152 lineto +704 1152 lineto +731 715 960 485 conicto +1189 256 1597 256 conicto +1834 256 2056 320 conicto +2278 384 2496 512 conicto +2496 128 lineto +2273 34 2039 -15 conicto +1805 -64 1565 -64 conicto +961 -64 608 284 conicto +256 632 256 1225 conicto +256 1839 595 2199 conicto +934 2560 1509 2560 conicto +2024 2560 2324 2235 conicto +2624 1910 2624 1352 conicto +2240 1472 moveto +2235 1822 2043 2031 conicto +1852 2240 1537 2240 conicto +1180 2240 965 2038 conicto +750 1836 718 1470 conicto +2240 1472 lineto +end_ol grestore +gsave 9.048133 10.250000 translate 0.035278 -0.035278 scale +start_ol +2240 2432 moveto +2240 2048 lineto +2066 2144 1892 2192 conicto +1718 2240 1541 2240 conicto +1143 2240 923 1979 conicto +704 1718 704 1248 conicto +704 778 923 517 conicto +1143 256 1541 256 conicto +1718 256 1892 304 conicto +2066 352 2240 448 conicto +2240 64 lineto +2068 0 1883 -32 conicto +1698 -64 1490 -64 conicto +924 -64 590 290 conicto +256 645 256 1248 conicto +256 1859 593 2209 conicto +931 2560 1517 2560 conicto +1707 2560 1888 2528 conicto +2070 2496 2240 2432 conicto +end_ol grestore +gsave 9.386800 10.250000 translate 0.035278 -0.035278 scale +start_ol +2624 1352 moveto +2624 1152 lineto +704 1152 lineto +731 715 960 485 conicto +1189 256 1597 256 conicto +1834 256 2056 320 conicto +2278 384 2496 512 conicto +2496 128 lineto +2273 34 2039 -15 conicto +1805 -64 1565 -64 conicto +961 -64 608 284 conicto +256 632 256 1225 conicto +256 1839 595 2199 conicto +934 2560 1509 2560 conicto +2024 2560 2324 2235 conicto +2624 1910 2624 1352 conicto +2240 1472 moveto +2235 1822 2043 2031 conicto +1852 2240 1537 2240 conicto +1180 2240 965 2038 conicto +750 1836 718 1470 conicto +2240 1472 lineto +end_ol grestore +gsave 9.759333 10.250000 translate 0.035278 -0.035278 scale +start_ol +448 2496 moveto +832 2496 lineto +832 0 lineto +448 0 lineto +448 2496 lineto +448 3520 moveto +832 3520 lineto +832 3008 lineto +448 3008 lineto +448 3520 lineto +end_ol grestore +gsave 9.928667 10.250000 translate 0.035278 -0.035278 scale +start_ol +128 2496 moveto +563 2496 lineto +1344 401 lineto +2125 2496 lineto +2560 2496 lineto +1623 0 lineto +1065 0 lineto +128 2496 lineto +end_ol grestore +gsave 10.292733 10.250000 translate 0.035278 -0.035278 scale +start_ol +2624 1352 moveto +2624 1152 lineto +704 1152 lineto +731 715 960 485 conicto +1189 256 1597 256 conicto +1834 256 2056 320 conicto +2278 384 2496 512 conicto +2496 128 lineto +2273 34 2039 -15 conicto +1805 -64 1565 -64 conicto +961 -64 608 284 conicto +256 632 256 1225 conicto +256 1839 595 2199 conicto +934 2560 1509 2560 conicto +2024 2560 2324 2235 conicto +2624 1910 2624 1352 conicto +2240 1472 moveto +2235 1822 2043 2031 conicto +1852 2240 1537 2240 conicto +1180 2240 965 2038 conicto +750 1836 718 1470 conicto +2240 1472 lineto +end_ol grestore +gsave 10.665267 10.250000 translate 0.035278 -0.035278 scale +start_ol +end_ol grestore +gsave 10.860000 10.250000 translate 0.035278 -0.035278 scale +start_ol +2112 2112 moveto +2112 3520 lineto +2496 3520 lineto +2496 0 lineto +2112 0 lineto +2112 384 lineto +1980 156 1779 46 conicto +1578 -64 1297 -64 conicto +835 -64 545 297 conicto +256 659 256 1248 conicto +256 1837 545 2198 conicto +835 2560 1297 2560 conicto +1578 2560 1779 2450 conicto +1980 2340 2112 2112 conicto +704 1249 moveto +704 784 891 520 conicto +1079 256 1407 256 conicto +1735 256 1923 520 conicto +2112 784 2112 1249 conicto +2112 1713 1923 1976 conicto +1735 2240 1407 2240 conicto +1079 2240 891 1976 conicto +704 1713 704 1249 conicto +end_ol grestore +gsave 11.249467 10.250000 translate 0.035278 -0.035278 scale +start_ol +1559 1280 moveto +1040 1280 840 1160 conicto +640 1041 640 754 conicto +640 525 790 390 conicto +940 256 1198 256 conicto +1554 256 1769 510 conicto +1984 765 1984 1187 conicto +1984 1280 lineto +1559 1280 lineto +2368 1449 moveto +2368 0 lineto +1984 0 lineto +1984 384 lineto +1842 154 1628 45 conicto +1415 -64 1107 -64 conicto +717 -64 486 154 conicto +256 372 256 739 conicto +256 1166 539 1383 conicto +822 1600 1384 1600 conicto +1984 1600 lineto +1984 1641 lineto +1984 1927 1796 2083 conicto +1608 2240 1266 2240 conicto +1049 2240 843 2192 conicto +638 2144 448 2048 conicto +448 2432 lineto +673 2496 884 2528 conicto +1095 2560 1295 2560 conicto +1835 2560 2101 2284 conicto +2368 2009 2368 1449 conicto +end_ol grestore +gsave 11.622000 10.250000 translate 0.035278 -0.035278 scale +start_ol +832 3200 moveto +832 2496 lineto +1664 2496 lineto +1664 2176 lineto +832 2176 lineto +832 804 lineto +832 495 914 407 conicto +997 320 1248 320 conicto +1664 320 lineto +1664 0 lineto +1248 0 lineto +793 0 620 173 conicto +448 347 448 804 conicto +448 2176 lineto +128 2176 lineto +128 2496 lineto +448 2496 lineto +448 3200 lineto +832 3200 lineto +end_ol grestore +gsave 11.859067 10.250000 translate 0.035278 -0.035278 scale +start_ol +1559 1280 moveto +1040 1280 840 1160 conicto +640 1041 640 754 conicto +640 525 790 390 conicto +940 256 1198 256 conicto +1554 256 1769 510 conicto +1984 765 1984 1187 conicto +1984 1280 lineto +1559 1280 lineto +2368 1449 moveto +2368 0 lineto +1984 0 lineto +1984 384 lineto +1842 154 1628 45 conicto +1415 -64 1107 -64 conicto +717 -64 486 154 conicto +256 372 256 739 conicto +256 1166 539 1383 conicto +822 1600 1384 1600 conicto +1984 1600 lineto +1984 1641 lineto +1984 1927 1796 2083 conicto +1608 2240 1266 2240 conicto +1049 2240 843 2192 conicto +638 2144 448 2048 conicto +448 2432 lineto +673 2496 884 2528 conicto +1095 2560 1295 2560 conicto +1835 2560 2101 2284 conicto +2368 2009 2368 1449 conicto +end_ol grestore +0.100000 slw +[] 0 sd +1.000000 1.000000 1.000000 srgb +n 8.900000 -1.200000 m 8.900000 1.400000 l 11.550000 1.400000 l 11.550000 -1.200000 l f +n 8.900000 -0.200000 m 8.900000 -0.200000 1.000000 1.000000 180.000000 270.000000 ellipse f +n 11.550000 -0.200000 m 11.550000 -0.200000 1.000000 1.000000 270.000000 360.000000 ellipse f +n 7.900000 -0.200000 m 7.900000 0.400000 l 12.550000 0.400000 l 12.550000 -0.200000 l f +n 8.900000 0.400000 m 8.900000 0.400000 1.000000 1.000000 90.000000 180.000000 ellipse f +n 11.550000 0.400000 m 11.550000 0.400000 1.000000 1.000000 0.000000 90.000000 ellipse f +0.000000 0.000000 0.000000 srgb +n 8.900000 -1.200000 m 11.550000 -1.200000 l s +n 8.900000 1.400000 m 11.550000 1.400000 l s +n 8.900000 -0.200000 1.000000 1.000000 180.000000 270.000000 ellipse s +n 11.550000 -0.200000 1.000000 1.000000 270.000000 360.000000 ellipse s +n 7.900000 -0.200000 m 7.900000 0.400000 l s +n 12.550000 -0.200000 m 12.550000 0.400000 l s +n 8.900000 0.400000 1.000000 1.000000 90.000000 180.000000 ellipse s +n 11.550000 0.400000 1.000000 1.000000 0.000000 90.000000 ellipse s +gsave 8.552833 -0.100000 translate 0.035278 -0.035278 scale +start_ol +2048 2432 moveto +2048 2048 lineto +1868 2144 1674 2192 conicto +1480 2240 1273 2240 conicto +957 2240 798 2144 conicto +640 2048 640 1856 conicto +640 1709 757 1625 conicto +875 1542 1229 1467 conicto +1380 1435 lineto +1812 1341 1994 1170 conicto +2176 999 2176 692 conicto +2176 343 1899 139 conicto +1622 -64 1137 -64 conicto +936 -64 717 -32 conicto +498 0 256 64 conicto +256 512 lineto +490 385 718 320 conicto +947 256 1170 256 conicto +1470 256 1631 358 conicto +1792 461 1792 647 conicto +1792 820 1670 912 conicto +1549 1004 1141 1089 conicto +988 1123 lineto +600 1203 428 1369 conicto +256 1535 256 1824 conicto +256 2177 510 2368 conicto +765 2560 1233 2560 conicto +1466 2560 1670 2528 conicto +1875 2496 2048 2432 conicto +end_ol grestore +gsave 8.874567 -0.100000 translate 0.035278 -0.035278 scale +start_ol +2624 1352 moveto +2624 1152 lineto +704 1152 lineto +731 715 960 485 conicto +1189 256 1597 256 conicto +1834 256 2056 320 conicto +2278 384 2496 512 conicto +2496 128 lineto +2273 34 2039 -15 conicto +1805 -64 1565 -64 conicto +961 -64 608 284 conicto +256 632 256 1225 conicto +256 1839 595 2199 conicto +934 2560 1509 2560 conicto +2024 2560 2324 2235 conicto +2624 1910 2624 1352 conicto +2240 1472 moveto +2235 1822 2043 2031 conicto +1852 2240 1537 2240 conicto +1180 2240 965 2038 conicto +750 1836 718 1470 conicto +2240 1472 lineto +end_ol grestore +gsave 9.247100 -0.100000 translate 0.035278 -0.035278 scale +start_ol +832 3200 moveto +832 2496 lineto +1664 2496 lineto +1664 2176 lineto +832 2176 lineto +832 804 lineto +832 495 914 407 conicto +997 320 1248 320 conicto +1664 320 lineto +1664 0 lineto +1248 0 lineto +793 0 620 173 conicto +448 347 448 804 conicto +448 2176 lineto +128 2176 lineto +128 2496 lineto +448 2496 lineto +448 3200 lineto +832 3200 lineto +end_ol grestore +gsave 9.484167 -0.100000 translate 0.035278 -0.035278 scale +start_ol +end_ol grestore +gsave 9.678900 -0.100000 translate 0.035278 -0.035278 scale +start_ol +2048 2432 moveto +2048 2048 lineto +1868 2144 1674 2192 conicto +1480 2240 1273 2240 conicto +957 2240 798 2144 conicto +640 2048 640 1856 conicto +640 1709 757 1625 conicto +875 1542 1229 1467 conicto +1380 1435 lineto +1812 1341 1994 1170 conicto +2176 999 2176 692 conicto +2176 343 1899 139 conicto +1622 -64 1137 -64 conicto +936 -64 717 -32 conicto +498 0 256 64 conicto +256 512 lineto +490 385 718 320 conicto +947 256 1170 256 conicto +1470 256 1631 358 conicto +1792 461 1792 647 conicto +1792 820 1670 912 conicto +1549 1004 1141 1089 conicto +988 1123 lineto +600 1203 428 1369 conicto +256 1535 256 1824 conicto +256 2177 510 2368 conicto +765 2560 1233 2560 conicto +1466 2560 1670 2528 conicto +1875 2496 2048 2432 conicto +end_ol grestore +gsave 10.000633 -0.100000 translate 0.035278 -0.035278 scale +start_ol +2624 1352 moveto +2624 1152 lineto +704 1152 lineto +731 715 960 485 conicto +1189 256 1597 256 conicto +1834 256 2056 320 conicto +2278 384 2496 512 conicto +2496 128 lineto +2273 34 2039 -15 conicto +1805 -64 1565 -64 conicto +961 -64 608 284 conicto +256 632 256 1225 conicto +256 1839 595 2199 conicto +934 2560 1509 2560 conicto +2024 2560 2324 2235 conicto +2624 1910 2624 1352 conicto +2240 1472 moveto +2235 1822 2043 2031 conicto +1852 2240 1537 2240 conicto +1180 2240 965 2038 conicto +750 1836 718 1470 conicto +2240 1472 lineto +end_ol grestore +gsave 10.373167 -0.100000 translate 0.035278 -0.035278 scale +start_ol +2048 2432 moveto +2048 2048 lineto +1868 2144 1674 2192 conicto +1480 2240 1273 2240 conicto +957 2240 798 2144 conicto +640 2048 640 1856 conicto +640 1709 757 1625 conicto +875 1542 1229 1467 conicto +1380 1435 lineto +1812 1341 1994 1170 conicto +2176 999 2176 692 conicto +2176 343 1899 139 conicto +1622 -64 1137 -64 conicto +936 -64 717 -32 conicto +498 0 256 64 conicto +256 512 lineto +490 385 718 320 conicto +947 256 1170 256 conicto +1470 256 1631 358 conicto +1792 461 1792 647 conicto +1792 820 1670 912 conicto +1549 1004 1141 1089 conicto +988 1123 lineto +600 1203 428 1369 conicto +256 1535 256 1824 conicto +256 2177 510 2368 conicto +765 2560 1233 2560 conicto +1466 2560 1670 2528 conicto +1875 2496 2048 2432 conicto +end_ol grestore +gsave 10.694900 -0.100000 translate 0.035278 -0.035278 scale +start_ol +2048 2432 moveto +2048 2048 lineto +1868 2144 1674 2192 conicto +1480 2240 1273 2240 conicto +957 2240 798 2144 conicto +640 2048 640 1856 conicto +640 1709 757 1625 conicto +875 1542 1229 1467 conicto +1380 1435 lineto +1812 1341 1994 1170 conicto +2176 999 2176 692 conicto +2176 343 1899 139 conicto +1622 -64 1137 -64 conicto +936 -64 717 -32 conicto +498 0 256 64 conicto +256 512 lineto +490 385 718 320 conicto +947 256 1170 256 conicto +1470 256 1631 358 conicto +1792 461 1792 647 conicto +1792 820 1670 912 conicto +1549 1004 1141 1089 conicto +988 1123 lineto +600 1203 428 1369 conicto +256 1535 256 1824 conicto +256 2177 510 2368 conicto +765 2560 1233 2560 conicto +1466 2560 1670 2528 conicto +1875 2496 2048 2432 conicto +end_ol grestore +gsave 11.016633 -0.100000 translate 0.035278 -0.035278 scale +start_ol +448 2496 moveto +832 2496 lineto +832 0 lineto +448 0 lineto +448 2496 lineto +448 3520 moveto +832 3520 lineto +832 3008 lineto +448 3008 lineto +448 3520 lineto +end_ol grestore +gsave 11.185967 -0.100000 translate 0.035278 -0.035278 scale +start_ol +1409 2240 moveto +1083 2240 893 1974 conicto +704 1709 704 1248 conicto +704 787 892 521 conicto +1081 256 1409 256 conicto +1733 256 1922 522 conicto +2112 789 2112 1248 conicto +2112 1705 1922 1972 conicto +1733 2240 1409 2240 conicto +1408 2560 moveto +1946 2560 2253 2212 conicto +2560 1864 2560 1248 conicto +2560 634 2253 285 conicto +1946 -64 1408 -64 conicto +869 -64 562 285 conicto +256 634 256 1248 conicto +256 1864 562 2212 conicto +869 2560 1408 2560 conicto +end_ol grestore +gsave 11.558500 -0.100000 translate 0.035278 -0.035278 scale +start_ol +2560 1509 moveto +2560 0 lineto +2176 0 lineto +2176 1496 lineto +2176 1869 2029 2054 conicto +1883 2240 1590 2240 conicto +1238 2240 1035 2018 conicto +832 1796 832 1413 conicto +832 0 lineto +448 0 lineto +448 2496 lineto +832 2496 lineto +832 2112 lineto +983 2337 1188 2448 conicto +1394 2560 1662 2560 conicto +2106 2560 2333 2293 conicto +2560 2027 2560 1509 conicto +end_ol grestore +gsave 8.472400 0.700000 translate 0.035278 -0.035278 scale +start_ol +832 384 moveto +832 -960 lineto +448 -960 lineto +448 2496 lineto +832 2496 lineto +832 2112 lineto +963 2340 1164 2450 conicto +1366 2560 1645 2560 conicto +2108 2560 2398 2198 conicto +2688 1837 2688 1248 conicto +2688 659 2398 297 conicto +2108 -64 1645 -64 conicto +1366 -64 1164 46 conicto +963 156 832 384 conicto +2240 1249 moveto +2240 1713 2052 1976 conicto +1865 2240 1536 2240 conicto +1208 2240 1020 1976 conicto +832 1713 832 1249 conicto +832 784 1020 520 conicto +1208 256 1536 256 conicto +1865 256 2052 520 conicto +2240 784 2240 1249 conicto +end_ol grestore +gsave 8.861867 0.700000 translate 0.035278 -0.035278 scale +start_ol +1559 1280 moveto +1040 1280 840 1160 conicto +640 1041 640 754 conicto +640 525 790 390 conicto +940 256 1198 256 conicto +1554 256 1769 510 conicto +1984 765 1984 1187 conicto +1984 1280 lineto +1559 1280 lineto +2368 1449 moveto +2368 0 lineto +1984 0 lineto +1984 384 lineto +1842 154 1628 45 conicto +1415 -64 1107 -64 conicto +717 -64 486 154 conicto +256 372 256 739 conicto +256 1166 539 1383 conicto +822 1600 1384 1600 conicto +1984 1600 lineto +1984 1641 lineto +1984 1927 1796 2083 conicto +1608 2240 1266 2240 conicto +1049 2240 843 2192 conicto +638 2144 448 2048 conicto +448 2432 lineto +673 2496 884 2528 conicto +1095 2560 1295 2560 conicto +1835 2560 2101 2284 conicto +2368 2009 2368 1449 conicto +end_ol grestore +gsave 9.234400 0.700000 translate 0.035278 -0.035278 scale +start_ol +1920 2112 moveto +1848 2178 1764 2209 conicto +1680 2240 1578 2240 conicto +1218 2240 1025 2001 conicto +832 1763 832 1317 conicto +832 0 lineto +448 0 lineto +448 2496 lineto +832 2496 lineto +832 2112 lineto +965 2339 1180 2449 conicto +1396 2560 1702 2560 conicto +1747 2560 1799 2560 conicto +1852 2560 1917 2560 conicto +1920 2112 lineto +end_ol grestore +gsave 9.488400 0.700000 translate 0.035278 -0.035278 scale +start_ol +1559 1280 moveto +1040 1280 840 1160 conicto +640 1041 640 754 conicto +640 525 790 390 conicto +940 256 1198 256 conicto +1554 256 1769 510 conicto +1984 765 1984 1187 conicto +1984 1280 lineto +1559 1280 lineto +2368 1449 moveto +2368 0 lineto +1984 0 lineto +1984 384 lineto +1842 154 1628 45 conicto +1415 -64 1107 -64 conicto +717 -64 486 154 conicto +256 372 256 739 conicto +256 1166 539 1383 conicto +822 1600 1384 1600 conicto +1984 1600 lineto +1984 1641 lineto +1984 1927 1796 2083 conicto +1608 2240 1266 2240 conicto +1049 2240 843 2192 conicto +638 2144 448 2048 conicto +448 2432 lineto +673 2496 884 2528 conicto +1095 2560 1295 2560 conicto +1835 2560 2101 2284 conicto +2368 2009 2368 1449 conicto +end_ol grestore +gsave 9.860933 0.700000 translate 0.035278 -0.035278 scale +start_ol +2431 2020 moveto +2590 2296 2809 2428 conicto +3029 2560 3325 2560 conicto +3726 2560 3943 2287 conicto +4160 2014 4160 1509 conicto +4160 0 lineto +3776 0 lineto +3776 1496 lineto +3776 1874 3641 2057 conicto +3506 2240 3228 2240 conicto +2890 2240 2693 2018 conicto +2496 1796 2496 1413 conicto +2496 0 lineto +2112 0 lineto +2112 1496 lineto +2112 1876 1976 2058 conicto +1841 2240 1560 2240 conicto +1225 2240 1028 2017 conicto +832 1794 832 1413 conicto +832 0 lineto +448 0 lineto +448 2496 lineto +832 2496 lineto +832 2112 lineto +977 2341 1180 2450 conicto +1383 2560 1662 2560 conicto +1942 2560 2139 2422 conicto +2337 2284 2431 2020 conicto +end_ol grestore +gsave 10.453600 0.700000 translate 0.035278 -0.035278 scale +start_ol +2624 1352 moveto +2624 1152 lineto +704 1152 lineto +731 715 960 485 conicto +1189 256 1597 256 conicto +1834 256 2056 320 conicto +2278 384 2496 512 conicto +2496 128 lineto +2273 34 2039 -15 conicto +1805 -64 1565 -64 conicto +961 -64 608 284 conicto +256 632 256 1225 conicto +256 1839 595 2199 conicto +934 2560 1509 2560 conicto +2024 2560 2324 2235 conicto +2624 1910 2624 1352 conicto +2240 1472 moveto +2235 1822 2043 2031 conicto +1852 2240 1537 2240 conicto +1180 2240 965 2038 conicto +750 1836 718 1470 conicto +2240 1472 lineto +end_ol grestore +gsave 10.826133 0.700000 translate 0.035278 -0.035278 scale +start_ol +832 3200 moveto +832 2496 lineto +1664 2496 lineto +1664 2176 lineto +832 2176 lineto +832 804 lineto +832 495 914 407 conicto +997 320 1248 320 conicto +1664 320 lineto +1664 0 lineto +1248 0 lineto +793 0 620 173 conicto +448 347 448 804 conicto +448 2176 lineto +128 2176 lineto +128 2496 lineto +448 2496 lineto +448 3200 lineto +832 3200 lineto +end_ol grestore +gsave 11.063200 0.700000 translate 0.035278 -0.035278 scale +start_ol +2624 1352 moveto +2624 1152 lineto +704 1152 lineto +731 715 960 485 conicto +1189 256 1597 256 conicto +1834 256 2056 320 conicto +2278 384 2496 512 conicto +2496 128 lineto +2273 34 2039 -15 conicto +1805 -64 1565 -64 conicto +961 -64 608 284 conicto +256 632 256 1225 conicto +256 1839 595 2199 conicto +934 2560 1509 2560 conicto +2024 2560 2324 2235 conicto +2624 1910 2624 1352 conicto +2240 1472 moveto +2235 1822 2043 2031 conicto +1852 2240 1537 2240 conicto +1180 2240 965 2038 conicto +750 1836 718 1470 conicto +2240 1472 lineto +end_ol grestore +gsave 11.435733 0.700000 translate 0.035278 -0.035278 scale +start_ol +1920 2112 moveto +1848 2178 1764 2209 conicto +1680 2240 1578 2240 conicto +1218 2240 1025 2001 conicto +832 1763 832 1317 conicto +832 0 lineto +448 0 lineto +448 2496 lineto +832 2496 lineto +832 2112 lineto +965 2339 1180 2449 conicto +1396 2560 1702 2560 conicto +1747 2560 1799 2560 conicto +1852 2560 1917 2560 conicto +1920 2112 lineto +end_ol grestore +gsave 11.689733 0.700000 translate 0.035278 -0.035278 scale +start_ol +2048 2432 moveto +2048 2048 lineto +1868 2144 1674 2192 conicto +1480 2240 1273 2240 conicto +957 2240 798 2144 conicto +640 2048 640 1856 conicto +640 1709 757 1625 conicto +875 1542 1229 1467 conicto +1380 1435 lineto +1812 1341 1994 1170 conicto +2176 999 2176 692 conicto +2176 343 1899 139 conicto +1622 -64 1137 -64 conicto +936 -64 717 -32 conicto +498 0 256 64 conicto +256 512 lineto +490 385 718 320 conicto +947 256 1170 256 conicto +1470 256 1631 358 conicto +1792 461 1792 647 conicto +1792 820 1670 912 conicto +1549 1004 1141 1089 conicto +988 1123 lineto +600 1203 428 1369 conicto +256 1535 256 1824 conicto +256 2177 510 2368 conicto +765 2560 1233 2560 conicto +1466 2560 1670 2528 conicto +1875 2496 2048 2432 conicto +end_ol grestore +0.100000 slw +[] 0 sd +[] 0 sd +0 slc +n 4.800000 5.800000 m 7.900000 0.100000 l s +0.100000 slw +[] 0 sd +[] 0 sd +0 slc +n 4.800000 5.800000 m 7.950000 3.683330 l s +0.100000 slw +[] 0 sd +[] 0 sd +0 slc +n 4.800000 5.800000 m 8.100000 6.866670 l s +0.100000 slw +[] 0 sd +[] 0 sd +0 slc +n 4.800000 5.800000 m 7.725000 10.050000 l s +0.100000 slw +[] 0 sd +[] 0 sd +0 slc +n 15.450000 5.300000 m 12.550000 0.100000 l s +0.100000 slw +[] 0 sd +[] 0 sd +0 slc +n 15.450000 5.300000 m 12.500000 3.683330 l s +0.100000 slw +[] 0 sd +[] 0 sd +0 slc +n 15.450000 5.300000 m 12.350000 6.866670 l s +0.100000 slw +[] 0 sd +[] 0 sd +0 slc +n 15.450000 5.300000 m 12.725000 10.050000 l s +showpage diff --git a/doc/gnutls-client-server-use-case.png b/doc/gnutls-client-server-use-case.png new file mode 100644 index 0000000..ee5d04f Binary files /dev/null and b/doc/gnutls-client-server-use-case.png differ diff --git a/doc/gnutls-crypto-layers.dia b/doc/gnutls-crypto-layers.dia new file mode 100644 index 0000000..ebe56e0 Binary files /dev/null and b/doc/gnutls-crypto-layers.dia differ diff --git a/doc/gnutls-crypto-layers.eps b/doc/gnutls-crypto-layers.eps new file mode 100644 index 0000000..484de89 --- /dev/null +++ b/doc/gnutls-crypto-layers.eps @@ -0,0 +1,440 @@ +%!PS-Adobe-2.0 EPSF-2.0 +%%Title: /home/nmav/cvs/gnutls/doc/gnutls-crypto-layers.dia +%%Creator: Dia v0.97.1 +%%CreationDate: Wed Apr 13 17:15:14 2011 +%%For: nmav +%%Orientation: Portrait +%%Magnification: 1.0000 +%%BoundingBox: 0 0 601 502 +%%BeginSetup +%%EndSetup +%%EndComments +%%BeginProlog +[ /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef +/.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef +/.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef +/.notdef /.notdef /space /exclam /quotedbl /numbersign /dollar /percent /ampersand /quoteright +/parenleft /parenright /asterisk /plus /comma /hyphen /period /slash /zero /one +/two /three /four /five /six /seven /eight /nine /colon /semicolon +/less /equal /greater /question /at /A /B /C /D /E +/F /G /H /I /J /K /L /M /N /O +/P /Q /R /S /T /U /V /W /X /Y +/Z /bracketleft /backslash /bracketright /asciicircum /underscore /quoteleft /a /b /c +/d /e /f /g /h /i /j /k /l /m +/n /o /p /q /r /s /t /u /v /w +/x /y /z /braceleft /bar /braceright /asciitilde /.notdef /.notdef /.notdef +/.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef +/.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef +/.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef +/space /exclamdown /cent /sterling /currency /yen /brokenbar /section /dieresis /copyright +/ordfeminine /guillemotleft /logicalnot /hyphen /registered /macron /degree /plusminus /twosuperior /threesuperior +/acute /mu /paragraph /periodcentered /cedilla /onesuperior /ordmasculine /guillemotright /onequarter /onehalf +/threequarters /questiondown /Agrave /Aacute /Acircumflex /Atilde /Adieresis /Aring /AE /Ccedilla +/Egrave /Eacute /Ecircumflex /Edieresis /Igrave /Iacute /Icircumflex /Idieresis /Eth /Ntilde +/Ograve /Oacute /Ocircumflex /Otilde /Odieresis /multiply /Oslash /Ugrave /Uacute /Ucircumflex +/Udieresis /Yacute /Thorn /germandbls /agrave /aacute /acircumflex /atilde /adieresis /aring +/ae /ccedilla /egrave /eacute /ecircumflex /edieresis /igrave /iacute /icircumflex /idieresis +/eth /ntilde /ograve /oacute /ocircumflex /otilde /odieresis /divide /oslash /ugrave +/uacute /ucircumflex /udieresis /yacute /thorn /ydieresis] /isolatin1encoding exch def +/cp {closepath} bind def +/c {curveto} bind def +/f {fill} bind def +/a {arc} bind def +/ef {eofill} bind def +/ex {exch} bind def +/gr {grestore} bind def +/gs {gsave} bind def +/sa {save} bind def +/rs {restore} bind def +/l {lineto} bind def +/m {moveto} bind def +/rm {rmoveto} bind def +/n {newpath} bind def +/s {stroke} bind def +/sh {show} bind def +/slc {setlinecap} bind def +/slj {setlinejoin} bind def +/slw {setlinewidth} bind def +/srgb {setrgbcolor} bind def +/rot {rotate} bind def +/sc {scale} bind def +/sd {setdash} bind def +/ff {findfont} bind def +/sf {setfont} bind def +/scf {scalefont} bind def +/sw {stringwidth pop} bind def +/tr {translate} bind def + +/ellipsedict 8 dict def +ellipsedict /mtrx matrix put +/ellipse +{ ellipsedict begin + /endangle exch def + /startangle exch def + /yrad exch def + /xrad exch def + /y exch def + /x exch def /savematrix mtrx currentmatrix def + x y tr xrad yrad sc + 0 0 1 startangle endangle arc + savematrix setmatrix + end +} def + +/mergeprocs { +dup length +3 -1 roll +dup +length +dup +5 1 roll +3 -1 roll +add +array cvx +dup +3 -1 roll +0 exch +putinterval +dup +4 2 roll +putinterval +} bind def +/Times-Roman-latin1 + /Times-Roman findfont + dup length dict begin + {1 index /FID ne {def} {pop pop} ifelse} forall + /Encoding isolatin1encoding def + currentdict end +definefont pop +/Times-Italic-latin1 + /Times-Italic findfont + dup length dict begin + {1 index /FID ne {def} {pop pop} ifelse} forall + /Encoding isolatin1encoding def + currentdict end +definefont pop +/Times-Bold-latin1 + /Times-Bold findfont + dup length dict begin + {1 index /FID ne {def} {pop pop} ifelse} forall + /Encoding isolatin1encoding def + currentdict end +definefont pop +/Times-BoldItalic-latin1 + /Times-BoldItalic findfont + dup length dict begin + {1 index /FID ne {def} {pop pop} ifelse} forall + /Encoding isolatin1encoding def + currentdict end +definefont pop +/AvantGarde-Gothic-latin1 + /AvantGarde-Gothic findfont + dup length dict begin + {1 index /FID ne {def} {pop pop} ifelse} forall + /Encoding isolatin1encoding def + currentdict end +definefont pop +/AvantGarde-BookOblique-latin1 + /AvantGarde-BookOblique findfont + dup length dict begin + {1 index /FID ne {def} {pop pop} ifelse} forall + /Encoding isolatin1encoding def + currentdict end +definefont pop +/AvantGarde-Demi-latin1 + /AvantGarde-Demi findfont + dup length dict begin + {1 index /FID ne {def} {pop pop} ifelse} forall + /Encoding isolatin1encoding def + currentdict end +definefont pop +/AvantGarde-DemiOblique-latin1 + /AvantGarde-DemiOblique findfont + dup length dict begin + {1 index /FID ne {def} {pop pop} ifelse} forall + /Encoding isolatin1encoding def + currentdict end +definefont pop +/Bookman-Light-latin1 + /Bookman-Light findfont + dup length dict begin + {1 index /FID ne {def} {pop pop} ifelse} forall + /Encoding isolatin1encoding def + currentdict end +definefont pop +/Bookman-LightItalic-latin1 + /Bookman-LightItalic findfont + dup length dict begin + {1 index /FID ne {def} {pop pop} ifelse} forall + /Encoding isolatin1encoding def + currentdict end +definefont pop +/Bookman-Demi-latin1 + /Bookman-Demi findfont + dup length dict begin + {1 index /FID ne {def} {pop pop} ifelse} forall + /Encoding isolatin1encoding def + currentdict end +definefont pop +/Bookman-DemiItalic-latin1 + /Bookman-DemiItalic findfont + dup length dict begin + {1 index /FID ne {def} {pop pop} ifelse} forall + /Encoding isolatin1encoding def + currentdict end +definefont pop +/Courier-latin1 + /Courier findfont + dup length dict begin + {1 index /FID ne {def} {pop pop} ifelse} forall + /Encoding isolatin1encoding def + currentdict end +definefont pop +/Courier-Oblique-latin1 + /Courier-Oblique findfont + dup length dict begin + {1 index /FID ne {def} {pop pop} ifelse} forall + /Encoding isolatin1encoding def + currentdict end +definefont pop +/Courier-Bold-latin1 + /Courier-Bold findfont + dup length dict begin + {1 index /FID ne {def} {pop pop} ifelse} forall + /Encoding isolatin1encoding def + currentdict end +definefont pop +/Courier-BoldOblique-latin1 + /Courier-BoldOblique findfont + dup length dict begin + {1 index /FID ne {def} {pop pop} ifelse} forall + /Encoding isolatin1encoding def + currentdict end +definefont pop +/Helvetica-latin1 + /Helvetica findfont + dup length dict begin + {1 index /FID ne {def} {pop pop} ifelse} forall + /Encoding isolatin1encoding def + currentdict end +definefont pop +/Helvetica-Oblique-latin1 + /Helvetica-Oblique findfont + dup length dict begin + {1 index /FID ne {def} {pop pop} ifelse} forall + /Encoding isolatin1encoding def + currentdict end +definefont pop +/Helvetica-Bold-latin1 + /Helvetica-Bold findfont + dup length dict begin + {1 index /FID ne {def} {pop pop} ifelse} forall + /Encoding isolatin1encoding def + currentdict end +definefont pop +/Helvetica-BoldOblique-latin1 + /Helvetica-BoldOblique findfont + dup length dict begin + {1 index /FID ne {def} {pop pop} ifelse} forall + /Encoding isolatin1encoding def + currentdict end +definefont pop +/Helvetica-Narrow-latin1 + /Helvetica-Narrow findfont + dup length dict begin + {1 index /FID ne {def} {pop pop} ifelse} forall + /Encoding isolatin1encoding def + currentdict end +definefont pop +/Helvetica-Narrow-Oblique-latin1 + /Helvetica-Narrow-Oblique findfont + dup length dict begin + {1 index /FID ne {def} {pop pop} ifelse} forall + /Encoding isolatin1encoding def + currentdict end +definefont pop +/Helvetica-Narrow-Bold-latin1 + /Helvetica-Narrow-Bold findfont + dup length dict begin + {1 index /FID ne {def} {pop pop} ifelse} forall + /Encoding isolatin1encoding def + currentdict end +definefont pop +/Helvetica-Narrow-BoldOblique-latin1 + /Helvetica-Narrow-BoldOblique findfont + dup length dict begin + {1 index /FID ne {def} {pop pop} ifelse} forall + /Encoding isolatin1encoding def + currentdict end +definefont pop +/NewCenturySchlbk-Roman-latin1 + /NewCenturySchlbk-Roman findfont + dup length dict begin + {1 index /FID ne {def} {pop pop} ifelse} forall + /Encoding isolatin1encoding def + currentdict end +definefont pop +/NewCenturySchlbk-Italic-latin1 + /NewCenturySchlbk-Italic findfont + dup length dict begin + {1 index /FID ne {def} {pop pop} ifelse} forall + /Encoding isolatin1encoding def + currentdict end +definefont pop +/NewCenturySchlbk-Bold-latin1 + /NewCenturySchlbk-Bold findfont + dup length dict begin + {1 index /FID ne {def} {pop pop} ifelse} forall + /Encoding isolatin1encoding def + currentdict end +definefont pop +/NewCenturySchlbk-BoldItalic-latin1 + /NewCenturySchlbk-BoldItalic findfont + dup length dict begin + {1 index /FID ne {def} {pop pop} ifelse} forall + /Encoding isolatin1encoding def + currentdict end +definefont pop +/Palatino-Roman-latin1 + /Palatino-Roman findfont + dup length dict begin + {1 index /FID ne {def} {pop pop} ifelse} forall + /Encoding isolatin1encoding def + currentdict end +definefont pop +/Palatino-Italic-latin1 + /Palatino-Italic findfont + dup length dict begin + {1 index /FID ne {def} {pop pop} ifelse} forall + /Encoding isolatin1encoding def + currentdict end +definefont pop +/Palatino-Bold-latin1 + /Palatino-Bold findfont + dup length dict begin + {1 index /FID ne {def} {pop pop} ifelse} forall + /Encoding isolatin1encoding def + currentdict end +definefont pop +/Palatino-BoldItalic-latin1 + /Palatino-BoldItalic findfont + dup length dict begin + {1 index /FID ne {def} {pop pop} ifelse} forall + /Encoding isolatin1encoding def + currentdict end +definefont pop +/Symbol-latin1 + /Symbol findfont +definefont pop +/ZapfChancery-MediumItalic-latin1 + /ZapfChancery-MediumItalic findfont + dup length dict begin + {1 index /FID ne {def} {pop pop} ifelse} forall + /Encoding isolatin1encoding def + currentdict end +definefont pop +/ZapfDingbats-latin1 + /ZapfDingbats findfont + dup length dict begin + {1 index /FID ne {def} {pop pop} ifelse} forall + /Encoding isolatin1encoding def + currentdict end +definefont pop +28.346000 -28.346000 scale +-5.400000 -26.225000 translate +%%EndProlog + + +0.100000 slw +[] 0 sd +1.000000 1.000000 1.000000 srgb +n 6.600000 10.040000 m 6.600000 9.700000 25.411122 9.700000 25.411122 10.040000 c 25.411122 12.760000 l 25.411122 13.100000 6.600000 13.100000 6.600000 12.760000 c 6.600000 10.040000 l ef +0.000000 0.000000 0.000000 srgb +n 6.600000 10.040000 m 6.600000 9.700000 25.411122 9.700000 25.411122 10.040000 c 25.411122 12.760000 l 25.411122 13.100000 6.600000 13.100000 6.600000 12.760000 c 6.600000 10.040000 l s +n 6.600000 10.040000 m 6.600000 10.380000 25.411122 10.380000 25.411122 10.040000 c 25.411122 12.760000 l s +/Helvetica-latin1 ff 0.560000 scf sf +(TLS layer) 7.100000 11.315000 m + gs 1 -1 sc sh gr +0.100000 slw +[] 0 sd +1.000000 1.000000 1.000000 srgb +n 6.550000 13.471429 m 6.550000 13.100000 25.411122 13.100000 25.411122 13.471429 c 25.411122 16.442857 l 25.411122 16.814286 6.550000 16.814286 6.550000 16.442857 c 6.550000 13.471429 l ef +0.000000 0.000000 0.000000 srgb +n 6.550000 13.471429 m 6.550000 13.100000 25.411122 13.100000 25.411122 13.471429 c 25.411122 16.442857 l 25.411122 16.814286 6.550000 16.814286 6.550000 16.442857 c 6.550000 13.471429 l s +n 6.550000 13.471429 m 6.550000 13.842857 25.411122 13.842857 25.411122 13.471429 c 25.411122 16.442857 l s +/Helvetica-latin1 ff 0.560000 scf sf +(Cryptography) 7.050000 14.777857 m + gs 1 -1 sc sh gr +(Provider Layer) 7.050000 15.577857 m + gs 1 -1 sc sh gr +0.100000 slw +[] 0 sd +1.000000 1.000000 1.000000 srgb +n 6.600000 17.271429 m 6.600000 16.900000 15.000000 16.900000 15.000000 17.271429 c 15.000000 20.242857 l 15.000000 20.614286 6.600000 20.614286 6.600000 20.242857 c 6.600000 17.271429 l ef +0.000000 0.000000 0.000000 srgb +n 6.600000 17.271429 m 6.600000 16.900000 15.000000 16.900000 15.000000 17.271429 c 15.000000 20.242857 l 15.000000 20.614286 6.600000 20.614286 6.600000 20.242857 c 6.600000 17.271429 l s +n 6.600000 17.271429 m 6.600000 17.642857 15.000000 17.642857 15.000000 17.271429 c 15.000000 20.242857 l s +/Helvetica-latin1 ff 0.560000 scf sf +(Cryptographic) 7.100000 18.577857 m + gs 1 -1 sc sh gr +(Library) 7.100000 19.377857 m + gs 1 -1 sc sh gr +0.100000 slw +[] 0 sd +1.000000 1.000000 1.000000 srgb +n 15.450000 17.271429 m 15.450000 16.900000 25.411122 16.900000 25.411122 17.271429 c 25.411122 20.242857 l 25.411122 20.614286 15.450000 20.614286 15.450000 20.242857 c 15.450000 17.271429 l ef +0.000000 0.000000 0.000000 srgb +n 15.450000 17.271429 m 15.450000 16.900000 25.411122 16.900000 25.411122 17.271429 c 25.411122 20.242857 l 25.411122 20.614286 15.450000 20.614286 15.450000 20.242857 c 15.450000 17.271429 l s +n 15.450000 17.271429 m 15.450000 17.642857 25.411122 17.642857 25.411122 17.271429 c 25.411122 20.242857 l s +/Helvetica-latin1 ff 0.560000 scf sf +(External cryptographic) 15.950000 18.577857 m + gs 1 -1 sc sh gr +(provider) 15.950000 19.377857 m + gs 1 -1 sc sh gr +0.100000 slw +[] 0 sd +1.000000 1.000000 1.000000 srgb +n 15.300000 21.475000 m 15.300000 21.075000 20.330000 21.075000 20.330000 21.475000 c 20.330000 24.675000 l 20.330000 25.075000 15.300000 25.075000 15.300000 24.675000 c 15.300000 21.475000 l ef +0.000000 0.000000 0.000000 srgb +n 15.300000 21.475000 m 15.300000 21.075000 20.330000 21.075000 20.330000 21.475000 c 20.330000 24.675000 l 20.330000 25.075000 15.300000 25.075000 15.300000 24.675000 c 15.300000 21.475000 l s +n 15.300000 21.475000 m 15.300000 21.875000 20.330000 21.875000 20.330000 21.475000 c 20.330000 24.675000 l s +/Helvetica-latin1 ff 0.420000 scf sf +(/dev/crypto) 15.800000 22.702500 m + gs 1 -1 sc sh gr +(Kernel optimized) 15.800000 23.302500 m + gs 1 -1 sc sh gr +(cryptography) 15.800000 23.902500 m + gs 1 -1 sc sh gr +0.100000 slw +[] 0 sd +1.000000 1.000000 1.000000 srgb +n 6.800100 21.332143 m 6.800100 21.075000 10.622600 21.075000 10.622600 21.332143 c 10.622600 23.389286 l 10.622600 23.646429 6.800100 23.646429 6.800100 23.389286 c 6.800100 21.332143 l ef +0.000000 0.000000 0.000000 srgb +n 6.800100 21.332143 m 6.800100 21.075000 10.622600 21.075000 10.622600 21.332143 c 10.622600 23.389286 l 10.622600 23.646429 6.800100 23.646429 6.800100 23.389286 c 6.800100 21.332143 l s +n 6.800100 21.332143 m 6.800100 21.589286 10.622600 21.589286 10.622600 21.332143 c 10.622600 23.389286 l s +/Helvetica-latin1 ff 0.560000 scf sf +(libgcrypt) 7.300100 22.524286 m + gs 1 -1 sc sh gr +0.100000 slw +[] 0 sd +1.000000 1.000000 1.000000 srgb +n 11.225100 21.332143 m 11.225100 21.075000 14.800100 21.075000 14.800100 21.332143 c 14.800100 23.389286 l 14.800100 23.646429 11.225100 23.646429 11.225100 23.389286 c 11.225100 21.332143 l ef +0.000000 0.000000 0.000000 srgb +n 11.225100 21.332143 m 11.225100 21.075000 14.800100 21.075000 14.800100 21.332143 c 14.800100 23.389286 l 14.800100 23.646429 11.225100 23.646429 11.225100 23.389286 c 11.225100 21.332143 l s +n 11.225100 21.332143 m 11.225100 21.589286 14.800100 21.589286 14.800100 21.332143 c 14.800100 23.389286 l s +/Helvetica-latin1 ff 0.560000 scf sf +(nettle) 11.725100 22.524286 m + gs 1 -1 sc sh gr +0.100000 slw +[] 0 sd +1.000000 1.000000 1.000000 srgb +n 20.890330 21.389286 m 20.890330 21.075000 25.420330 21.075000 25.420330 21.389286 c 25.420330 23.903571 l 25.420330 24.217857 20.890330 24.217857 20.890330 23.903571 c 20.890330 21.389286 l ef +0.000000 0.000000 0.000000 srgb +n 20.890330 21.389286 m 20.890330 21.075000 25.420330 21.075000 25.420330 21.389286 c 25.420330 23.903571 l 25.420330 24.217857 20.890330 24.217857 20.890330 23.903571 c 20.890330 21.389286 l s +n 20.890330 21.389286 m 20.890330 21.703571 25.420330 21.703571 25.420330 21.389286 c 25.420330 23.903571 l s +/Helvetica-latin1 ff 0.420000 scf sf +(CPU-optimized) 21.390330 22.531071 m + gs 1 -1 sc sh gr +(cryptography) 21.390330 23.131071 m + gs 1 -1 sc sh gr +showpage diff --git a/doc/gnutls-crypto-layers.png b/doc/gnutls-crypto-layers.png new file mode 100644 index 0000000..932ce90 Binary files /dev/null and b/doc/gnutls-crypto-layers.png differ diff --git a/doc/gnutls-guile.html b/doc/gnutls-guile.html new file mode 100644 index 0000000..c0dcc90 --- /dev/null +++ b/doc/gnutls-guile.html @@ -0,0 +1,2207 @@ + + + + + + +GnuTLS-Guile 3.6.8 + + + + + + + + + + + + + + + + +

GnuTLS-Guile 3.6.8

+ + + + + + + + +

Table of Contents

+ +
+ + +
+ + + +
+

+Next: , Up: (dir)   [Contents][Index]

+
+ +

GnuTLS-Guile

+ +

This manual is last updated 15 March 2019 for version +3.6.8 of GnuTLS. +

+

Copyright © 2001-2012, 2014, 2016 Free Software Foundation, Inc. +

+
+

Permission is granted to copy, distribute and/or modify this document +under the terms of the GNU Free Documentation License, Version 1.3 or +any later version published by the Free Software Foundation; with no +Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts. A +copy of the license is included in the section entitled “GNU Free +Documentation License”. +

+ + + + + + + + + + + +
Preface:  Preface. +
Guile Preparations:  Note on installation and environment. +
Guile API Conventions:  Naming conventions and other idiosyncrasies. +
Guile Examples:  Quick start. +
Guile Reference:  The Scheme GnuTLS programming interface. +
+
+
Copying Information:  You can copy and modify this manual. +
Procedure Index:   +
Concept Index:   +
+ +
+ +
+

+Next: , Previous: , Up: Top   [Contents][Index]

+
+ +

1 Preface

+ +

This manual describes the GNU Guile Scheme programming interface to GnuTLS, which is distributed +as part of GnuTLS. The reader is +assumed to have basic knowledge of the protocol and library. Details +missing from this chapter may be found in Function reference, +of the C API reference. +

+

At this stage, not all the C functions are available from Scheme, but +a large subset thereof is available. +

+
+ +
+

+Next: , Previous: , Up: Top   [Contents][Index]

+
+ +

2 Guile Preparations

+ +

The GnuTLS Guile bindings are available for Guile’s 2.0 stable series, +as well as the forthcoming 2.2 series and the legacy 1.8 series. +

+

By default they are installed under the GnuTLS installation directory, +typically /usr/local/share/guile/site/). Normally Guile +will not find the module there without help. You may experience +something like this: +

+
+
$ guile
+…
+scheme@(guile-user)> (use-modules (gnutls))
+ERROR: no code for module (gnutls)
+
+ +

There are two ways to solve this. The first is to make sure that when +building GnuTLS, the Guile bindings will be installed in the same +place where Guile looks. You may do this by using the +--with-guile-site-dir parameter as follows: +

+
+
$ ./configure --with-guile-site-dir=no
+
+ +

This will instruct GnuTLS to attempt to install the Guile bindings +where Guile will look for them. It will use guile-config info +pkgdatadir to learn the path to use. +

+

If Guile was installed into /usr, you may also install GnuTLS +using the same prefix: +

+
+
$ ./configure --prefix=/usr
+
+ +

If you want to specify the path to install the Guile bindings you can +also specify the path directly: +

+
+
$ ./configure --with-guile-site-dir=/opt/guile/share/guile/site
+
+ +

The second solution requires some more work but may be easier to use +if you do not have system administrator rights to your machine. You +need to instruct Guile so that it finds the GnuTLS Guile bindings. +Either use the GUILE_LOAD_PATH environment variable as follows: +

+
+
$ GUILE_LOAD_PATH="/usr/local/share/guile/site:$GUILE_LOAD_PATH" guile
+scheme@(guile-user)> (use-modules (gnutls))
+scheme@(guile-user)>
+
+ +

Alternatively, you can modify Guile’s %load-path variable +(see Guile’s run-time options in The GNU Guile +Reference Manual). +

+

At this point, you might get an error regarding +guile-gnutls-v-2 similar to: +

+
+
gnutls.scm:361:1: In procedure dynamic-link in expression (load-extension "guile-gnutls-v-2" "scm_init_gnutls"):
+gnutls.scm:361:1: file: "guile-gnutls-v-2", message: "guile-gnutls-v-2.so: cannot open shared object file: No such file or directory"
+
+ +

In this case, you will need to modify the run-time linker path, for +example as follows: +

+
+
$ LD_LIBRARY_PATH=/usr/local/lib GUILE_LOAD_PATH=/usr/local/share/guile/site guile
+scheme@(guile-user)> (use-modules (gnutls))
+scheme@(guile-user)>
+
+ +

To check that you got the intended GnuTLS library version, you may +print the version number of the loaded library as follows: +

+
+
$ guile
+scheme@(guile-user)> (use-modules (gnutls))
+scheme@(guile-user)> (gnutls-version)
+"3.6.8"
+scheme@(guile-user)>
+
+ + +
+ +
+

+Next: , Previous: , Up: Top   [Contents][Index]

+
+ +

3 Guile API Conventions

+ +

This chapter details the conventions used by Guile API, as well as +specificities of the mapping of the C API to Scheme. +

+ + + + + + +
Enumerates and Constants:  Representation of C-side constants. +
Procedure Names:  Naming conventions. +
Representation of Binary Data:  Binary data buffers. +
Input and Output:  Input and output. +
Exception Handling:  Exceptions. +
+ +
+ +
+

+Next: , Up: Guile API Conventions   [Contents][Index]

+
+ +

3.1 Enumerates and Constants

+ + + + +

Lots of enumerates and constants are used in the GnuTLS C API. For +each C enumerate type, a disjoint Scheme type is used—thus, +enumerate values and constants are not represented by Scheme symbols +nor by integers. This makes it impossible to use an enumerate value +of the wrong type on the Scheme side: such errors are automatically +detected by type-checking. +

+

The enumerate values are bound to variables exported by the +(gnutls) module. These variables +are named according to the following convention: +

+
    +
  • All variable names are lower-case; the underscore _ +character used in the C API is replaced by hyphen -. +
  • All variable names are prepended by the name of the enumerate +type and the slash / character. +
  • In some cases, the variable name is made more explicit than the +one of the C API, e.g., by avoid abbreviations. +
+ +

Consider for instance this C-side enumerate: +

+
+
typedef enum
+{
+  GNUTLS_CRD_CERTIFICATE = 1,
+  GNUTLS_CRD_ANON,
+  GNUTLS_CRD_SRP,
+  GNUTLS_CRD_PSK
+} gnutls_credentials_type_t;
+
+ +

The corresponding Scheme values are bound to the following variables +exported by the (gnutls) module: +

+
+
credentials/certificate
+credentials/anonymous
+credentials/srp
+credentials/psk
+
+ +

Hopefully, most variable names can be deduced from this convention. +

+

Scheme-side “enumerate” values can be compared using eq? +(see equality predicates in The GNU Guile Reference +Manual). Consider the following example: +

+ + +
+
(let ((session (make-session connection-end/client)))
+
+  ;;
+  ;; ...
+  ;;
+
+  ;; Check the ciphering algorithm currently used by SESSION.
+  (if (eq? cipher/arcfour (session-cipher session))
+      (format #t "We're using the ARCFOUR algorithm")))
+
+ +

In addition, all enumerate values can be converted to a human-readable +string, in a type-specific way. For instance, (cipher->string +cipher/arcfour) yields "ARCFOUR 128", while +(key-usage->string key-usage/digital-signature) yields +"digital-signature". Note that these strings may not be +sufficient for use in a user interface since they are fairly concise +and not internationalized. +

+ +
+ +
+

+Next: , Previous: , Up: Guile API Conventions   [Contents][Index]

+
+ +

3.2 Procedure Names

+ +

Unlike C functions in GnuTLS, the corresponding Scheme procedures are +named in a way that is close to natural English. Abbreviations are +also avoided. For instance, the Scheme procedure corresponding to +gnutls_certificate_set_dh_params is named +set-certificate-credentials-dh-parameters!. The gnutls_ +prefix is always omitted from variable names since a similar effect +can be achieved using Guile’s nifty binding renaming facilities, +should it be needed (see Using Guile Modules in The GNU +Guile Reference Manual). +

+

Often Scheme procedure names differ from C function names in a way +that makes it clearer what objects they operate on. For example, the +Scheme procedure named set-session-transport-port! corresponds +to gnutls_transport_set_ptr, making it clear that this +procedure applies to session. +

+
+ +
+

+Next: , Previous: , Up: Guile API Conventions   [Contents][Index]

+
+ +

3.3 Representation of Binary Data

+ +

Many procedures operate on binary data. For instance, +pkcs3-import-dh-parameters expects binary data as input. +

+ + + +

Binary data is represented on the Scheme side using bytevectors +(see Bytevectors in The GNU Guile Reference Manual). +Homogeneous vectors such as SRFI-4 u8vectors can also be +used1. +

+

As an example, generating and then exporting Diffie-Hellman parameters +in the PEM format can be done as follows: +

+ + + + +
+
(let* ((dh  (make-dh-parameters 1024))
+       (pem (pkcs3-export-dh-parameters dh 
+                                        x509-certificate-format/pem)))
+  (call-with-output-file "some-file.pem"
+    (lambda (port)
+      (uniform-vector-write pem port))))
+
+ + +
+ +
+

+Next: , Previous: , Up: Guile API Conventions   [Contents][Index]

+
+ +

3.4 Input and Output

+ + + + +

The underlying transport of a TLS session can be any Scheme +input/output port (see Ports and File Descriptors in The GNU +Guile Reference Manual). This has to be specified using +set-session-transport-port!. +

+

However, for better performance, a raw file descriptor can be +specified, using set-session-transport-fd!. For instance, if +the transport layer is a socket port over an OS-provided socket, you +can use the port->fdes or fileno procedure to obtain the +underlying file descriptor and pass it to +set-session-transport-fd! (see port->fdes and fileno in The GNU Guile Reference +Manual). This would work as follows: +

+
+
(let ((socket (socket PF_INET SOCK_STREAM 0))
+      (session (make-session connection-end/client)))
+
+  ;;
+  ;; Establish a TCP connection...
+  ;;
+
+  ;; Use the file descriptor that underlies SOCKET.
+  (set-session-transport-fd! session (fileno socket)))
+
+ + + +

Once a TLS session is established, data can be communicated through it +(i.e., via the TLS record layer) using the port returned by +session-record-port: +

+
+
(let ((session (make-session connection-end/client)))
+
+  ;;
+  ;; Initialize the various parameters of SESSION, set up
+  ;; a network connection, etc.
+  ;;
+
+  (let ((i/o (session-record-port session)))
+    (display "Hello peer!" i/o)
+    (let ((greetings (read i/o)))
+
+      ;; …
+
+      (bye session close-request/rdwr))))
+
+ + +

Note that each write to the session record port leads to the +transmission of an encrypted TLS “Application Data” packet. In the +above example, we create an Application Data packet for the 11 bytes for +the string that we write. This is not efficient both in terms of CPU +usage and bandwidth (each packet adds at least 5 bytes of overhead and +can lead to one write system call), so we recommend that +applications do their own buffering. +

+ + + +

A lower-level I/O API is provided by record-send and +record-receive! which take a bytevector (or a SRFI-4 vector) to +represent the data sent or received. While it might improve +performance, it is much less convenient than the session record port and +should rarely be needed. +

+ +
+ +
+

+Previous: , Up: Guile API Conventions   [Contents][Index]

+
+ +

3.5 Exception Handling

+ + + + + + +

GnuTLS errors are implemented as Scheme exceptions (see exceptions in Guile in The GNU Guile Reference Manual). Each +time a GnuTLS function returns an error, an exception with key +gnutls-error is raised. The additional arguments that are +thrown include an error code and the name of the GnuTLS procedure that +raised the exception. The error code is pretty much like an enumerate +value: it is one of the error/ variables exported by the +(gnutls) module (see Enumerates and Constants). Exceptions +can be turned into error messages using the error->string +procedure. +

+

The following examples illustrates how GnuTLS exceptions can be +handled: +

+
+
(let ((session (make-session connection-end/server)))
+
+  ;;
+  ;; ...
+  ;;
+
+  (catch 'gnutls-error
+    (lambda ()
+      (handshake session))
+    (lambda (key err function . currently-unused)
+      (format (current-error-port)
+              "a GnuTLS error was raised by `~a': ~a~%"
+              function (error->string err)))))
+
+ +

Again, error values can be compared using eq?: +

+
+
    ;; `gnutls-error' handler.
+    (lambda (key err function . currently-unused)
+      (if (eq? err error/fatal-alert-received)
+          (format (current-error-port)
+                  "a fatal alert was caught!~%")
+          (format (current-error-port)
+                  "something bad happened: ~a~%"
+                  (error->string err))))
+
+ +

Note that the catch handler is currently passed only 3 +arguments but future versions might provide it with additional +arguments. Thus, it must be prepared to handle more than 3 arguments, +as in this example. +

+ +
+ +
+

+Next: , Previous: , Up: Top   [Contents][Index]

+
+ +

4 Guile Examples

+ +

This chapter provides examples that illustrate common use cases. +

+ + +
Anonymous Authentication Guile Example:  Simplest client and server. +
+ +
+ +
+

+Up: Guile Examples   [Contents][Index]

+
+ +

4.1 Anonymous Authentication Guile Example

+ +

Anonymous authentication is very easy to use. No certificates +are needed by the communicating parties. Yet, it allows them to +benefit from end-to-end encryption and integrity checks. +

+

The client-side code would look like this (assuming some-socket +is bound to an open socket port): +

+ + + + +
+
;; Client-side.
+
+(let ((client (make-session connection-end/client)))
+  ;; Use the default settings.
+  (set-session-default-priority! client)
+
+  ;; Don't use certificate-based authentication.
+  (set-session-certificate-type-priority! client '())
+
+  ;; Request the "anonymous Diffie-Hellman" key exchange method.
+  (set-session-kx-priority! client (list kx/anon-dh))
+
+  ;; Specify the underlying socket.
+  (set-session-transport-fd! client (fileno some-socket))
+
+  ;; Create anonymous credentials.
+  (set-session-credentials! client
+                            (make-anonymous-client-credentials))
+
+  ;; Perform the TLS handshake with the server.
+  (handshake client)
+
+  ;; Send data over the TLS record layer.
+  (write "hello, world!" (session-record-port client))
+
+  ;; Terminate the TLS session.
+  (bye client close-request/rdwr))
+
+ +

The corresponding server would look like this (again, assuming +some-socket is bound to a socket port): +

+ + +
+
;; Server-side.
+
+(let ((server (make-session connection-end/server)))
+  (set-session-default-priority! server)
+  (set-session-certificate-type-priority! server '())
+  (set-session-kx-priority! server (list kx/anon-dh))
+
+  ;; Specify the underlying transport socket.
+  (set-session-transport-fd! server (fileno some-socket))
+
+  ;; Create anonymous credentials.
+  (let ((cred (make-anonymous-server-credentials))
+        (dh-params (make-dh-parameters 1024)))
+    ;; Note: DH parameter generation can take some time.
+    (set-anonymous-server-dh-parameters! cred dh-params)
+    (set-session-credentials! server cred))
+
+  ;; Perform the TLS handshake with the client.
+  (handshake server)
+
+  ;; Receive data over the TLS record layer.
+  (let ((message (read (session-record-port server))))
+    (format #t "received the following message: ~a~%"
+            message)
+
+    (bye server close-request/rdwr)))
+
+ +

This is it! +

+ +
+ +
+

+Next: , Previous: , Up: Top   [Contents][Index]

+
+ +

5 Guile Reference

+ +

This chapter lists the GnuTLS Scheme procedures exported by the +(gnutls) module (see The Guile module system in The +GNU Guile Reference Manual). +

+ +
+
Scheme Procedure: set-log-level! level
+

Enable GnuTLS logging up to level (an integer). +

+ +
+
Scheme Procedure: set-log-procedure! proc
+

Use proc (a two-argument procedure) as the global GnuTLS log procedure. +

+ +
+
Scheme Procedure: set-certificate-credentials-openpgp-keys! cred pub sec
+

Use certificate pub and secret key sec in certificate credentials cred. +

+ +
+
Scheme Procedure: openpgp-keyring-contains-key-id? keyring id
+

Return #f if key ID id is in keyring, #f otherwise. +

+ +
+
Scheme Procedure: import-openpgp-keyring data format
+

Import data (a u8vector) according to format and return the imported keyring. +

+ +
+
Scheme Procedure: openpgp-certificate-usage key
+

Return a list of values denoting the key usage of key. +

+ +
+
Scheme Procedure: openpgp-certificate-version key
+

Return the version of the OpenPGP message format (RFC2440) honored by key. +

+ +
+
Scheme Procedure: openpgp-certificate-algorithm key
+

Return two values: the certificate algorithm used by key and the number of bits used. +

+ +
+
Scheme Procedure: openpgp-certificate-names key
+

Return the list of names for key. +

+ +
+
Scheme Procedure: openpgp-certificate-name key index
+

Return the indexth name of key. +

+ +
+
Scheme Procedure: openpgp-certificate-fingerprint key
+

Return a new u8vector denoting the fingerprint of key. +

+ +
+
Scheme Procedure: openpgp-certificate-fingerprint! key fpr
+

Store in fpr (a u8vector) the fingerprint of key. Return the number of bytes stored in fpr. +

+ +
+
Scheme Procedure: openpgp-certificate-id! key id
+

Store the ID (an 8 byte sequence) of certificate key in id (a u8vector). +

+ +
+
Scheme Procedure: openpgp-certificate-id key
+

Return the ID (an 8-element u8vector) of certificate key. +

+ +
+
Scheme Procedure: import-openpgp-private-key data format [pass]
+

Return a new OpenPGP private key object resulting from the import of data (a uniform array) according to format. Optionally, a passphrase may be provided. +

+ +
+
Scheme Procedure: import-openpgp-certificate data format
+

Return a new OpenPGP certificate object resulting from the import of data (a uniform array) according to format. +

+ +
+
Scheme Procedure: x509-certificate-subject-alternative-name cert index
+

Return two values: the alternative name type for cert (i.e., one of the x509-subject-alternative-name/ values) and the actual subject alternative name (a string) at index. Both values are #f if no alternative name is available at index. +

+ +
+
Scheme Procedure: x509-certificate-subject-key-id cert
+

Return the subject key ID (a u8vector) for cert. +

+ +
+
Scheme Procedure: x509-certificate-authority-key-id cert
+

Return the key ID (a u8vector) of the X.509 certificate authority of cert. +

+ +
+
Scheme Procedure: x509-certificate-key-id cert
+

Return a statistically unique ID (a u8vector) for cert that depends on its public key parameters. This is normally a 20-byte SHA-1 hash. +

+ +
+
Scheme Procedure: x509-certificate-version cert
+

Return the version of cert. +

+ +
+
Scheme Procedure: x509-certificate-key-usage cert
+

Return the key usage of cert (i.e., a list of key-usage/ values), or the empty list if cert does not contain such information. +

+ +
+
Scheme Procedure: x509-certificate-public-key-algorithm cert
+

Return two values: the public key algorithm (i.e., one of the pk-algorithm/ values) of cert and the number of bits used. +

+ +
+
Scheme Procedure: x509-certificate-signature-algorithm cert
+

Return the signature algorithm used by cert (i.e., one of the sign-algorithm/ values). +

+ +
+
Scheme Procedure: x509-certificate-matches-hostname? cert hostname
+

Return true if cert matches hostname, a string denoting a DNS host name. This is the basic implementation of RFC 2818 (aka. HTTPS). +

+ +
+
Scheme Procedure: x509-certificate-issuer-dn-oid cert index
+

Return the OID (a string) at index from cert’s issuer DN. Return #f if no OID is available at index. +

+ +
+
Scheme Procedure: x509-certificate-dn-oid cert index
+

Return OID (a string) at index from cert. Return #f if no OID is available at index. +

+ +
+
Scheme Procedure: x509-certificate-issuer-dn cert
+

Return the distinguished name (DN) of X.509 certificate cert. +

+ +
+
Scheme Procedure: x509-certificate-dn cert
+

Return the distinguished name (DN) of X.509 certificate cert. The form of the DN is as described in RFC 2253. +

+ +
+
Scheme Procedure: pkcs8-import-x509-private-key data format [pass [encrypted]]
+

Return a new X.509 private key object resulting from the import of data (a uniform array) according to format. Optionally, if pass is not #f, it should be a string denoting a passphrase. encrypted tells whether the private key is encrypted (#t by default). +

+ +
+
Scheme Procedure: import-x509-private-key data format
+

Return a new X.509 private key object resulting from the import of data (a uniform array) according to format. +

+ +
+
Scheme Procedure: import-x509-certificate data format
+

Return a new X.509 certificate object resulting from the import of data (a uniform array) according to format. +

+ +
+
Scheme Procedure: server-session-psk-username session
+

Return the username associated with PSK server session session. +

+ +
+
Scheme Procedure: set-psk-client-credentials! cred username key key-format
+

Set the client credentials for cred, a PSK client credentials object. +

+ +
+
Scheme Procedure: make-psk-client-credentials
+

Return a new PSK client credentials object. +

+ +
+
Scheme Procedure: set-psk-server-credentials-file! cred file
+

Use file as the password file for PSK server credentials cred. +

+ +
+
Scheme Procedure: make-psk-server-credentials
+

Return new PSK server credentials. +

+ +
+
Scheme Procedure: peer-certificate-status session
+

Verify the peer certificate for session and return a list of certificate-status values (such as certificate-status/revoked), or the empty list if the certificate is valid. +

+ +
+
Scheme Procedure: set-certificate-credentials-verify-flags! cred [flags...]
+

Set the certificate verification flags to flags, a series of certificate-verify values. +

+ +
+
Scheme Procedure: set-certificate-credentials-verify-limits! cred max-bits max-depth
+

Set the verification limits of peer-certificate-status for certificate credentials cred to max_bits bits for an acceptable certificate and max_depth as the maximum depth of a certificate chain. +

+ +
+
Scheme Procedure: set-certificate-credentials-x509-keys! cred certs privkey
+

Have certificate credentials cred use the X.509 certificates listed in certs and X.509 private key privkey. +

+ +
+
Scheme Procedure: set-certificate-credentials-x509-key-data! cred cert key format
+

Use X.509 certificate cert and private key key, both uniform arrays containing the X.509 certificate and key in format format, for certificate credentials cred. +

+ +
+
Scheme Procedure: set-certificate-credentials-x509-crl-data! cred data format
+

Use data (a uniform array) as the X.509 CRL (certificate revocation list) database for cred. On success, return the number of CRLs processed. +

+ +
+
Scheme Procedure: set-certificate-credentials-x509-trust-data! cred data format
+

Use data (a uniform array) as the X.509 trust database for cred. On success, return the number of certificates processed. +

+ +
+
Scheme Procedure: set-certificate-credentials-x509-crl-file! cred file format
+

Use file as the X.509 CRL (certificate revocation list) file for certificate credentials cred. On success, return the number of CRLs processed. +

+ +
+
Scheme Procedure: set-certificate-credentials-x509-trust-file! cred file format
+

Use file as the X.509 trust file for certificate credentials cred. On success, return the number of certificates processed. +

+ +
+
Scheme Procedure: set-certificate-credentials-x509-key-files! cred cert-file key-file format
+

Use file as the password file for PSK server credentials cred. +

+ +
+
Scheme Procedure: set-certificate-credentials-dh-parameters! cred dh-params
+

Use Diffie-Hellman parameters dh_params for certificate credentials cred. +

+ +
+
Scheme Procedure: make-certificate-credentials
+

Return new certificate credentials (i.e., for use with either X.509 or OpenPGP certificates. +

+ +
+
Scheme Procedure: set-anonymous-server-dh-parameters! cred dh-params
+

Set the Diffie-Hellman parameters of anonymous server credentials cred. +

+ +
+
Scheme Procedure: make-anonymous-client-credentials
+

Return anonymous client credentials. +

+ +
+
Scheme Procedure: make-anonymous-server-credentials
+

Return anonymous server credentials. +

+ +
+
Scheme Procedure: set-session-dh-prime-bits! session bits
+

Use bits DH prime bits for session. +

+ +
+
Scheme Procedure: pkcs3-export-dh-parameters dh-params format
+

Export Diffie-Hellman parameters dh_params in PKCS3 format according for format (an x509-certificate-format value). Return a u8vector containing the result. +

+ +
+
Scheme Procedure: pkcs3-import-dh-parameters array format
+

Import Diffie-Hellman parameters in PKCS3 format (further specified by format, an x509-certificate-format value) from array (a homogeneous array) and return a new dh-params object. +

+ +
+
Scheme Procedure: make-dh-parameters bits
+

Return new Diffie-Hellman parameters. +

+ +
+
Scheme Procedure: set-session-transport-port! session port
+

Use port as the input/output port for session. +

+ +
+
Scheme Procedure: set-session-transport-fd! session fd
+

Use file descriptor fd as the underlying transport for session. +

+ +
+
Scheme Procedure: session-record-port session
+

Return a read-write port that may be used to communicate over session. All invocations of session-port on a given session return the same object (in the sense of eq?). +

+ +
+
Scheme Procedure: record-receive! session array
+

Receive data from session into array, a uniform homogeneous array. Return the number of bytes actually received. +

+ +
+
Scheme Procedure: record-send session array
+

Send the record constituted by array through session. +

+ +
+
Scheme Procedure: set-session-server-name! session type name
+

For a client, this procedure provides a way to inform the server that it is known under name, via the SERVER NAME TLS extension. type must be a server-name-type value, server-name-type/dns for DNS names. +

+ +
+
Scheme Procedure: set-session-credentials! session cred
+

Use cred as session’s credentials. +

+ +
+
Scheme Procedure: cipher-suite->string kx cipher mac
+

Return the name of the given cipher suite. +

+ +
+
Scheme Procedure: set-session-priorities! session priorities
+

Have session use the given priorities for the ciphers, key exchange methods, MACs and compression methods. priorities must be a string (see Priority Strings in GnuTLS, Transport Layer Security Library for the GNU system). When priorities cannot be parsed, an error/invalid-request error is raised, with an extra argument indication the position of the error. +

+
+ +
+
Scheme Procedure: set-session-default-priority! session
+

Have session use the default priorities. +

+ +
+
Scheme Procedure: set-server-session-certificate-request! session request
+

Tell how session, a server-side session, should deal with certificate requests. request should be either certificate-request/request or certificate-request/require. +

+ +
+
Scheme Procedure: session-our-certificate-chain session
+

Return our certificate chain for session (as sent to the peer) in raw format (a u8vector). In the case of OpenPGP there is exactly one certificate. Return the empty list if no certificate was used. +

+ +
+
Scheme Procedure: session-peer-certificate-chain session
+

Return the a list of certificates in raw format (u8vectors) where the first one is the peer’s certificate. In the case of OpenPGP, there is always exactly one certificate. In the case of X.509, subsequent certificates indicate form a certificate chain. Return the empty list if no certificate was sent. +

+ +
+
Scheme Procedure: session-client-authentication-type session
+

Return the client authentication type (a credential-type value) used in session. +

+ +
+
Scheme Procedure: session-server-authentication-type session
+

Return the server authentication type (a credential-type value) used in session. +

+ +
+
Scheme Procedure: session-authentication-type session
+

Return the authentication type (a credential-type value) used by session. +

+ +
+
Scheme Procedure: session-protocol session
+

Return the protocol used by session. +

+ +
+
Scheme Procedure: session-certificate-type session
+

Return session’s certificate type. +

+ +
+
Scheme Procedure: session-compression-method session
+

Return session’s compression method. +

+ +
+
Scheme Procedure: session-mac session
+

Return session’s MAC. +

+ +
+
Scheme Procedure: session-kx session
+

Return session’s kx. +

+ +
+
Scheme Procedure: session-cipher session
+

Return session’s cipher. +

+ +
+
Scheme Procedure: alert-send session level alert
+

Send alert via session. +

+ +
+
Scheme Procedure: alert-get session
+

Get an aleter from session. +

+ +
+
Scheme Procedure: rehandshake session
+

Perform a re-handshaking for session. +

+ +
+
Scheme Procedure: handshake session
+

Perform a handshake for session. +

+ +
+
Scheme Procedure: bye session how
+

Close session according to how. +

+ +
+
Scheme Procedure: make-session end
+

Return a new session for connection end end, either connection-end/server or connection-end/client. +

+ +
+
Scheme Procedure: gnutls-version
+

Return a string denoting the version number of the underlying GnuTLS library, e.g., "1.7.2". +

+ +
+
Scheme Procedure: openpgp-keyring? obj
+

Return true if obj is of type openpgp-keyring. +

+ +
+
Scheme Procedure: openpgp-private-key? obj
+

Return true if obj is of type openpgp-private-key. +

+ +
+
Scheme Procedure: openpgp-certificate? obj
+

Return true if obj is of type openpgp-certificate. +

+ +
+
Scheme Procedure: x509-private-key? obj
+

Return true if obj is of type x509-private-key. +

+ +
+
Scheme Procedure: x509-certificate? obj
+

Return true if obj is of type x509-certificate. +

+ +
+
Scheme Procedure: psk-client-credentials? obj
+

Return true if obj is of type psk-client-credentials. +

+ +
+
Scheme Procedure: psk-server-credentials? obj
+

Return true if obj is of type psk-server-credentials. +

+ +
+
Scheme Procedure: srp-client-credentials? obj
+

Return true if obj is of type srp-client-credentials. +

+ +
+
Scheme Procedure: srp-server-credentials? obj
+

Return true if obj is of type srp-server-credentials. +

+ +
+
Scheme Procedure: certificate-credentials? obj
+

Return true if obj is of type certificate-credentials. +

+ +
+
Scheme Procedure: dh-parameters? obj
+

Return true if obj is of type dh-parameters. +

+ +
+
Scheme Procedure: anonymous-server-credentials? obj
+

Return true if obj is of type anonymous-server-credentials. +

+ +
+
Scheme Procedure: anonymous-client-credentials? obj
+

Return true if obj is of type anonymous-client-credentials. +

+ +
+
Scheme Procedure: session? obj
+

Return true if obj is of type session. +

+ +
+
Scheme Procedure: openpgp-certificate-format->string enumval
+

Return a string describing enumval, a openpgp-certificate-format value. +

+ +
+
Scheme Procedure: error->string enumval
+

Return a string describing enumval, a error value. +

+ +
+
Scheme Procedure: certificate-verify->string enumval
+

Return a string describing enumval, a certificate-verify value. +

+ +
+
Scheme Procedure: key-usage->string enumval
+

Return a string describing enumval, a key-usage value. +

+ +
+
Scheme Procedure: psk-key-format->string enumval
+

Return a string describing enumval, a psk-key-format value. +

+ +
+
Scheme Procedure: server-name-type->string enumval
+

Return a string describing enumval, a server-name-type value. +

+ +
+
Scheme Procedure: sign-algorithm->string enumval
+

Return a string describing enumval, a sign-algorithm value. +

+ +
+
Scheme Procedure: pk-algorithm->string enumval
+

Return a string describing enumval, a pk-algorithm value. +

+ +
+
Scheme Procedure: x509-subject-alternative-name->string enumval
+

Return a string describing enumval, a x509-subject-alternative-name value. +

+ +
+
Scheme Procedure: x509-certificate-format->string enumval
+

Return a string describing enumval, a x509-certificate-format value. +

+ +
+
Scheme Procedure: certificate-type->string enumval
+

Return a string describing enumval, a certificate-type value. +

+ +
+
Scheme Procedure: protocol->string enumval
+

Return a string describing enumval, a protocol value. +

+ +
+
Scheme Procedure: close-request->string enumval
+

Return a string describing enumval, a close-request value. +

+ +
+
Scheme Procedure: certificate-request->string enumval
+

Return a string describing enumval, a certificate-request value. +

+ +
+
Scheme Procedure: certificate-status->string enumval
+

Return a string describing enumval, a certificate-status value. +

+ +
+
Scheme Procedure: handshake-description->string enumval
+

Return a string describing enumval, a handshake-description value. +

+ +
+
Scheme Procedure: alert-description->string enumval
+

Return a string describing enumval, a alert-description value. +

+ +
+
Scheme Procedure: alert-level->string enumval
+

Return a string describing enumval, a alert-level value. +

+ +
+
Scheme Procedure: connection-end->string enumval
+

Return a string describing enumval, a connection-end value. +

+ +
+
Scheme Procedure: compression-method->string enumval
+

Return a string describing enumval, a compression-method value. +

+ +
+
Scheme Procedure: digest->string enumval
+

Return a string describing enumval, a digest value. +

+ +
+
Scheme Procedure: mac->string enumval
+

Return a string describing enumval, a mac value. +

+ +
+
Scheme Procedure: credentials->string enumval
+

Return a string describing enumval, a credentials value. +

+ +
+
Scheme Procedure: params->string enumval
+

Return a string describing enumval, a params value. +

+ +
+
Scheme Procedure: kx->string enumval
+

Return a string describing enumval, a kx value. +

+ +
+
Scheme Procedure: cipher->string enumval
+

Return a string describing enumval, a cipher value. +

+ + +
+ +
+

+Next: , Previous: , Up: Top   [Contents][Index]

+
+ +

Appendix A Copying Information

+ + + +

GNU Free Documentation License

+ +
Version 1.3, 3 November 2008 +
+ +
+
Copyright © 2000, 2001, 2002, 2007, 2008 Free Software Foundation, Inc.
+https://fsf.org/
+
+Everyone is permitted to copy and distribute verbatim copies
+of this license document, but changing it is not allowed.
+
+ +
    +
  1. PREAMBLE + +

    The purpose of this License is to make a manual, textbook, or other +functional and useful document free in the sense of freedom: to +assure everyone the effective freedom to copy and redistribute it, +with or without modifying it, either commercially or noncommercially. +Secondarily, this License preserves for the author and publisher a way +to get credit for their work, while not being considered responsible +for modifications made by others. +

    +

    This License is a kind of “copyleft”, which means that derivative +works of the document must themselves be free in the same sense. It +complements the GNU General Public License, which is a copyleft +license designed for free software. +

    +

    We have designed this License in order to use it for manuals for free +software, because free software needs free documentation: a free +program should come with manuals providing the same freedoms that the +software does. But this License is not limited to software manuals; +it can be used for any textual work, regardless of subject matter or +whether it is published as a printed book. We recommend this License +principally for works whose purpose is instruction or reference. +

    +
  2. APPLICABILITY AND DEFINITIONS + +

    This License applies to any manual or other work, in any medium, that +contains a notice placed by the copyright holder saying it can be +distributed under the terms of this License. Such a notice grants a +world-wide, royalty-free license, unlimited in duration, to use that +work under the conditions stated herein. The “Document”, below, +refers to any such manual or work. Any member of the public is a +licensee, and is addressed as “you”. You accept the license if you +copy, modify or distribute the work in a way requiring permission +under copyright law. +

    +

    A “Modified Version” of the Document means any work containing the +Document or a portion of it, either copied verbatim, or with +modifications and/or translated into another language. +

    +

    A “Secondary Section” is a named appendix or a front-matter section +of the Document that deals exclusively with the relationship of the +publishers or authors of the Document to the Document’s overall +subject (or to related matters) and contains nothing that could fall +directly within that overall subject. (Thus, if the Document is in +part a textbook of mathematics, a Secondary Section may not explain +any mathematics.) The relationship could be a matter of historical +connection with the subject or with related matters, or of legal, +commercial, philosophical, ethical or political position regarding +them. +

    +

    The “Invariant Sections” are certain Secondary Sections whose titles +are designated, as being those of Invariant Sections, in the notice +that says that the Document is released under this License. If a +section does not fit the above definition of Secondary then it is not +allowed to be designated as Invariant. The Document may contain zero +Invariant Sections. If the Document does not identify any Invariant +Sections then there are none. +

    +

    The “Cover Texts” are certain short passages of text that are listed, +as Front-Cover Texts or Back-Cover Texts, in the notice that says that +the Document is released under this License. A Front-Cover Text may +be at most 5 words, and a Back-Cover Text may be at most 25 words. +

    +

    A “Transparent” copy of the Document means a machine-readable copy, +represented in a format whose specification is available to the +general public, that is suitable for revising the document +straightforwardly with generic text editors or (for images composed of +pixels) generic paint programs or (for drawings) some widely available +drawing editor, and that is suitable for input to text formatters or +for automatic translation to a variety of formats suitable for input +to text formatters. A copy made in an otherwise Transparent file +format whose markup, or absence of markup, has been arranged to thwart +or discourage subsequent modification by readers is not Transparent. +An image format is not Transparent if used for any substantial amount +of text. A copy that is not “Transparent” is called “Opaque”. +

    +

    Examples of suitable formats for Transparent copies include plain +ASCII without markup, Texinfo input format, LaTeX input +format, SGML or XML using a publicly available +DTD, and standard-conforming simple HTML, +PostScript or PDF designed for human modification. Examples +of transparent image formats include PNG, XCF and +JPG. Opaque formats include proprietary formats that can be +read and edited only by proprietary word processors, SGML or +XML for which the DTD and/or processing tools are +not generally available, and the machine-generated HTML, +PostScript or PDF produced by some word processors for +output purposes only. +

    +

    The “Title Page” means, for a printed book, the title page itself, +plus such following pages as are needed to hold, legibly, the material +this License requires to appear in the title page. For works in +formats which do not have any title page as such, “Title Page” means +the text near the most prominent appearance of the work’s title, +preceding the beginning of the body of the text. +

    +

    The “publisher” means any person or entity that distributes copies +of the Document to the public. +

    +

    A section “Entitled XYZ” means a named subunit of the Document whose +title either is precisely XYZ or contains XYZ in parentheses following +text that translates XYZ in another language. (Here XYZ stands for a +specific section name mentioned below, such as “Acknowledgements”, +“Dedications”, “Endorsements”, or “History”.) To “Preserve the Title” +of such a section when you modify the Document means that it remains a +section “Entitled XYZ” according to this definition. +

    +

    The Document may include Warranty Disclaimers next to the notice which +states that this License applies to the Document. These Warranty +Disclaimers are considered to be included by reference in this +License, but only as regards disclaiming warranties: any other +implication that these Warranty Disclaimers may have is void and has +no effect on the meaning of this License. +

    +
  3. VERBATIM COPYING + +

    You may copy and distribute the Document in any medium, either +commercially or noncommercially, provided that this License, the +copyright notices, and the license notice saying this License applies +to the Document are reproduced in all copies, and that you add no other +conditions whatsoever to those of this License. You may not use +technical measures to obstruct or control the reading or further +copying of the copies you make or distribute. However, you may accept +compensation in exchange for copies. If you distribute a large enough +number of copies you must also follow the conditions in section 3. +

    +

    You may also lend copies, under the same conditions stated above, and +you may publicly display copies. +

    +
  4. COPYING IN QUANTITY + +

    If you publish printed copies (or copies in media that commonly have +printed covers) of the Document, numbering more than 100, and the +Document’s license notice requires Cover Texts, you must enclose the +copies in covers that carry, clearly and legibly, all these Cover +Texts: Front-Cover Texts on the front cover, and Back-Cover Texts on +the back cover. Both covers must also clearly and legibly identify +you as the publisher of these copies. The front cover must present +the full title with all words of the title equally prominent and +visible. You may add other material on the covers in addition. +Copying with changes limited to the covers, as long as they preserve +the title of the Document and satisfy these conditions, can be treated +as verbatim copying in other respects. +

    +

    If the required texts for either cover are too voluminous to fit +legibly, you should put the first ones listed (as many as fit +reasonably) on the actual cover, and continue the rest onto adjacent +pages. +

    +

    If you publish or distribute Opaque copies of the Document numbering +more than 100, you must either include a machine-readable Transparent +copy along with each Opaque copy, or state in or with each Opaque copy +a computer-network location from which the general network-using +public has access to download using public-standard network protocols +a complete Transparent copy of the Document, free of added material. +If you use the latter option, you must take reasonably prudent steps, +when you begin distribution of Opaque copies in quantity, to ensure +that this Transparent copy will remain thus accessible at the stated +location until at least one year after the last time you distribute an +Opaque copy (directly or through your agents or retailers) of that +edition to the public. +

    +

    It is requested, but not required, that you contact the authors of the +Document well before redistributing any large number of copies, to give +them a chance to provide you with an updated version of the Document. +

    +
  5. MODIFICATIONS + +

    You may copy and distribute a Modified Version of the Document under +the conditions of sections 2 and 3 above, provided that you release +the Modified Version under precisely this License, with the Modified +Version filling the role of the Document, thus licensing distribution +and modification of the Modified Version to whoever possesses a copy +of it. In addition, you must do these things in the Modified Version: +

    +
      +
    1. Use in the Title Page (and on the covers, if any) a title distinct +from that of the Document, and from those of previous versions +(which should, if there were any, be listed in the History section +of the Document). You may use the same title as a previous version +if the original publisher of that version gives permission. + +
    2. List on the Title Page, as authors, one or more persons or entities +responsible for authorship of the modifications in the Modified +Version, together with at least five of the principal authors of the +Document (all of its principal authors, if it has fewer than five), +unless they release you from this requirement. + +
    3. State on the Title page the name of the publisher of the +Modified Version, as the publisher. + +
    4. Preserve all the copyright notices of the Document. + +
    5. Add an appropriate copyright notice for your modifications +adjacent to the other copyright notices. + +
    6. Include, immediately after the copyright notices, a license notice +giving the public permission to use the Modified Version under the +terms of this License, in the form shown in the Addendum below. + +
    7. Preserve in that license notice the full lists of Invariant Sections +and required Cover Texts given in the Document’s license notice. + +
    8. Include an unaltered copy of this License. + +
    9. Preserve the section Entitled “History”, Preserve its Title, and add +to it an item stating at least the title, year, new authors, and +publisher of the Modified Version as given on the Title Page. If +there is no section Entitled “History” in the Document, create one +stating the title, year, authors, and publisher of the Document as +given on its Title Page, then add an item describing the Modified +Version as stated in the previous sentence. + +
    10. Preserve the network location, if any, given in the Document for +public access to a Transparent copy of the Document, and likewise +the network locations given in the Document for previous versions +it was based on. These may be placed in the “History” section. +You may omit a network location for a work that was published at +least four years before the Document itself, or if the original +publisher of the version it refers to gives permission. + +
    11. For any section Entitled “Acknowledgements” or “Dedications”, Preserve +the Title of the section, and preserve in the section all the +substance and tone of each of the contributor acknowledgements and/or +dedications given therein. + +
    12. Preserve all the Invariant Sections of the Document, +unaltered in their text and in their titles. Section numbers +or the equivalent are not considered part of the section titles. + +
    13. Delete any section Entitled “Endorsements”. Such a section +may not be included in the Modified Version. + +
    14. Do not retitle any existing section to be Entitled “Endorsements” or +to conflict in title with any Invariant Section. + +
    15. Preserve any Warranty Disclaimers. +
    + +

    If the Modified Version includes new front-matter sections or +appendices that qualify as Secondary Sections and contain no material +copied from the Document, you may at your option designate some or all +of these sections as invariant. To do this, add their titles to the +list of Invariant Sections in the Modified Version’s license notice. +These titles must be distinct from any other section titles. +

    +

    You may add a section Entitled “Endorsements”, provided it contains +nothing but endorsements of your Modified Version by various +parties—for example, statements of peer review or that the text has +been approved by an organization as the authoritative definition of a +standard. +

    +

    You may add a passage of up to five words as a Front-Cover Text, and a +passage of up to 25 words as a Back-Cover Text, to the end of the list +of Cover Texts in the Modified Version. Only one passage of +Front-Cover Text and one of Back-Cover Text may be added by (or +through arrangements made by) any one entity. If the Document already +includes a cover text for the same cover, previously added by you or +by arrangement made by the same entity you are acting on behalf of, +you may not add another; but you may replace the old one, on explicit +permission from the previous publisher that added the old one. +

    +

    The author(s) and publisher(s) of the Document do not by this License +give permission to use their names for publicity for or to assert or +imply endorsement of any Modified Version. +

    +
  6. COMBINING DOCUMENTS + +

    You may combine the Document with other documents released under this +License, under the terms defined in section 4 above for modified +versions, provided that you include in the combination all of the +Invariant Sections of all of the original documents, unmodified, and +list them all as Invariant Sections of your combined work in its +license notice, and that you preserve all their Warranty Disclaimers. +

    +

    The combined work need only contain one copy of this License, and +multiple identical Invariant Sections may be replaced with a single +copy. If there are multiple Invariant Sections with the same name but +different contents, make the title of each such section unique by +adding at the end of it, in parentheses, the name of the original +author or publisher of that section if known, or else a unique number. +Make the same adjustment to the section titles in the list of +Invariant Sections in the license notice of the combined work. +

    +

    In the combination, you must combine any sections Entitled “History” +in the various original documents, forming one section Entitled +“History”; likewise combine any sections Entitled “Acknowledgements”, +and any sections Entitled “Dedications”. You must delete all +sections Entitled “Endorsements.” +

    +
  7. COLLECTIONS OF DOCUMENTS + +

    You may make a collection consisting of the Document and other documents +released under this License, and replace the individual copies of this +License in the various documents with a single copy that is included in +the collection, provided that you follow the rules of this License for +verbatim copying of each of the documents in all other respects. +

    +

    You may extract a single document from such a collection, and distribute +it individually under this License, provided you insert a copy of this +License into the extracted document, and follow this License in all +other respects regarding verbatim copying of that document. +

    +
  8. AGGREGATION WITH INDEPENDENT WORKS + +

    A compilation of the Document or its derivatives with other separate +and independent documents or works, in or on a volume of a storage or +distribution medium, is called an “aggregate” if the copyright +resulting from the compilation is not used to limit the legal rights +of the compilation’s users beyond what the individual works permit. +When the Document is included in an aggregate, this License does not +apply to the other works in the aggregate which are not themselves +derivative works of the Document. +

    +

    If the Cover Text requirement of section 3 is applicable to these +copies of the Document, then if the Document is less than one half of +the entire aggregate, the Document’s Cover Texts may be placed on +covers that bracket the Document within the aggregate, or the +electronic equivalent of covers if the Document is in electronic form. +Otherwise they must appear on printed covers that bracket the whole +aggregate. +

    +
  9. TRANSLATION + +

    Translation is considered a kind of modification, so you may +distribute translations of the Document under the terms of section 4. +Replacing Invariant Sections with translations requires special +permission from their copyright holders, but you may include +translations of some or all Invariant Sections in addition to the +original versions of these Invariant Sections. You may include a +translation of this License, and all the license notices in the +Document, and any Warranty Disclaimers, provided that you also include +the original English version of this License and the original versions +of those notices and disclaimers. In case of a disagreement between +the translation and the original version of this License or a notice +or disclaimer, the original version will prevail. +

    +

    If a section in the Document is Entitled “Acknowledgements”, +“Dedications”, or “History”, the requirement (section 4) to Preserve +its Title (section 1) will typically require changing the actual +title. +

    +
  10. TERMINATION + +

    You may not copy, modify, sublicense, or distribute the Document +except as expressly provided under this License. Any attempt +otherwise to copy, modify, sublicense, or distribute it is void, and +will automatically terminate your rights under this License. +

    +

    However, if you cease all violation of this License, then your license +from a particular copyright holder is reinstated (a) provisionally, +unless and until the copyright holder explicitly and finally +terminates your license, and (b) permanently, if the copyright holder +fails to notify you of the violation by some reasonable means prior to +60 days after the cessation. +

    +

    Moreover, your license from a particular copyright holder is +reinstated permanently if the copyright holder notifies you of the +violation by some reasonable means, this is the first time you have +received notice of violation of this License (for any work) from that +copyright holder, and you cure the violation prior to 30 days after +your receipt of the notice. +

    +

    Termination of your rights under this section does not terminate the +licenses of parties who have received copies or rights from you under +this License. If your rights have been terminated and not permanently +reinstated, receipt of a copy of some or all of the same material does +not give you any rights to use it. +

    +
  11. FUTURE REVISIONS OF THIS LICENSE + +

    The Free Software Foundation may publish new, revised versions +of the GNU Free Documentation License from time to time. Such new +versions will be similar in spirit to the present version, but may +differ in detail to address new problems or concerns. See +https://www.gnu.org/licenses/. +

    +

    Each version of the License is given a distinguishing version number. +If the Document specifies that a particular numbered version of this +License “or any later version” applies to it, you have the option of +following the terms and conditions either of that specified version or +of any later version that has been published (not as a draft) by the +Free Software Foundation. If the Document does not specify a version +number of this License, you may choose any version ever published (not +as a draft) by the Free Software Foundation. If the Document +specifies that a proxy can decide which future versions of this +License can be used, that proxy’s public statement of acceptance of a +version permanently authorizes you to choose that version for the +Document. +

    +
  12. RELICENSING + +

    “Massive Multiauthor Collaboration Site” (or “MMC Site”) means any +World Wide Web server that publishes copyrightable works and also +provides prominent facilities for anybody to edit those works. A +public wiki that anybody can edit is an example of such a server. A +“Massive Multiauthor Collaboration” (or “MMC”) contained in the +site means any set of copyrightable works thus published on the MMC +site. +

    +

    “CC-BY-SA” means the Creative Commons Attribution-Share Alike 3.0 +license published by Creative Commons Corporation, a not-for-profit +corporation with a principal place of business in San Francisco, +California, as well as future copyleft versions of that license +published by that same organization. +

    +

    “Incorporate” means to publish or republish a Document, in whole or +in part, as part of another Document. +

    +

    An MMC is “eligible for relicensing” if it is licensed under this +License, and if all works that were first published under this License +somewhere other than this MMC, and subsequently incorporated in whole +or in part into the MMC, (1) had no cover texts or invariant sections, +and (2) were thus incorporated prior to November 1, 2008. +

    +

    The operator of an MMC Site may republish an MMC contained in the site +under CC-BY-SA on the same site at any time before August 1, 2009, +provided the MMC is eligible for relicensing. +

    +
+ + +

ADDENDUM: How to use this License for your documents

+ +

To use this License in a document you have written, include a copy of +the License in the document and put the following copyright and +license notices just after the title page: +

+
+
  Copyright (C)  year  your name.
+  Permission is granted to copy, distribute and/or modify this document
+  under the terms of the GNU Free Documentation License, Version 1.3
+  or any later version published by the Free Software Foundation;
+  with no Invariant Sections, no Front-Cover Texts, and no Back-Cover
+  Texts.  A copy of the license is included in the section entitled ``GNU
+  Free Documentation License''.
+
+ +

If you have Invariant Sections, Front-Cover Texts and Back-Cover Texts, +replace the “with…Texts.” line with this: +

+
+
    with the Invariant Sections being list their titles, with
+    the Front-Cover Texts being list, and with the Back-Cover Texts
+    being list.
+
+ +

If you have Invariant Sections without Cover Texts, or some other +combination of the three, merge those two alternatives to suit the +situation. +

+

If your document contains nontrivial examples of program code, we +recommend releasing these examples in parallel under your choice of +free software license, such as the GNU General Public License, +to permit their use in free software. +

+ + +
+ +
+

+Next: , Previous: , Up: Top   [Contents][Index]

+
+ +

Procedure Index

+ +
Jump to:   A +   +B +   +C +   +D +   +E +   +G +   +H +   +I +   +K +   +M +   +O +   +P +   +R +   +S +   +X +   +
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Index Entry  Section
A
alert-description->string: Guile Reference
alert-get: Guile Reference
alert-level->string: Guile Reference
alert-send: Guile Reference
anonymous-client-credentials?: Guile Reference
anonymous-server-credentials?: Guile Reference
B
bye: Guile Reference
C
certificate-credentials?: Guile Reference
certificate-request->string: Guile Reference
certificate-status->string: Guile Reference
certificate-type->string: Guile Reference
certificate-verify->string: Guile Reference
cipher->string: Guile Reference
cipher-suite->string: Guile Reference
close-request->string: Guile Reference
compression-method->string: Guile Reference
connection-end->string: Guile Reference
credentials->string: Guile Reference
D
dh-parameters?: Guile Reference
digest->string: Guile Reference
E
error->string: Exception Handling
error->string: Guile Reference
G
gnutls-version: Guile Reference
H
handshake: Guile Reference
handshake-description->string: Guile Reference
I
import-openpgp-certificate: Guile Reference
import-openpgp-keyring: Guile Reference
import-openpgp-private-key: Guile Reference
import-x509-certificate: Guile Reference
import-x509-private-key: Guile Reference
K
key-usage->string: Guile Reference
kx->string: Guile Reference
M
mac->string: Guile Reference
make-anonymous-client-credentials: Guile Reference
make-anonymous-server-credentials: Guile Reference
make-certificate-credentials: Guile Reference
make-dh-parameters: Representation of Binary Data
make-dh-parameters: Guile Reference
make-psk-client-credentials: Guile Reference
make-psk-server-credentials: Guile Reference
make-session: Guile Reference
O
openpgp-certificate-algorithm: Guile Reference
openpgp-certificate-fingerprint: Guile Reference
openpgp-certificate-fingerprint!: Guile Reference
openpgp-certificate-format->string: Guile Reference
openpgp-certificate-id: Guile Reference
openpgp-certificate-id!: Guile Reference
openpgp-certificate-name: Guile Reference
openpgp-certificate-names: Guile Reference
openpgp-certificate-usage: Guile Reference
openpgp-certificate-version: Guile Reference
openpgp-certificate?: Guile Reference
openpgp-keyring-contains-key-id?: Guile Reference
openpgp-keyring?: Guile Reference
openpgp-private-key?: Guile Reference
P
params->string: Guile Reference
peer-certificate-status: Guile Reference
pk-algorithm->string: Guile Reference
pkcs3-export-dh-parameters: Representation of Binary Data
pkcs3-export-dh-parameters: Guile Reference
pkcs3-import-dh-parameters: Guile Reference
pkcs8-import-x509-private-key: Guile Reference
protocol->string: Guile Reference
psk-client-credentials?: Guile Reference
psk-key-format->string: Guile Reference
psk-server-credentials?: Guile Reference
R
record-receive!: Input and Output
record-receive!: Guile Reference
record-send: Input and Output
record-send: Guile Reference
rehandshake: Guile Reference
S
server-name-type->string: Guile Reference
server-session-psk-username: Guile Reference
session-authentication-type: Guile Reference
session-certificate-type: Guile Reference
session-cipher: Enumerates and Constants
session-cipher: Guile Reference
session-client-authentication-type: Guile Reference
session-compression-method: Guile Reference
session-kx: Guile Reference
session-mac: Guile Reference
session-our-certificate-chain: Guile Reference
session-peer-certificate-chain: Guile Reference
session-protocol: Guile Reference
session-record-port: Input and Output
session-record-port: Guile Reference
session-server-authentication-type: Guile Reference
session?: Guile Reference
set-anonymous-server-dh-parameters!: Guile Reference
set-certificate-credentials-dh-parameters!: Guile Reference
set-certificate-credentials-openpgp-keys!: Guile Reference
set-certificate-credentials-verify-flags!: Guile Reference
set-certificate-credentials-verify-limits!: Guile Reference
set-certificate-credentials-x509-crl-data!: Guile Reference
set-certificate-credentials-x509-crl-file!: Guile Reference
set-certificate-credentials-x509-key-data!: Guile Reference
set-certificate-credentials-x509-key-files!: Guile Reference
set-certificate-credentials-x509-keys!: Guile Reference
set-certificate-credentials-x509-trust-data!: Guile Reference
set-certificate-credentials-x509-trust-file!: Guile Reference
set-log-level!: Guile Reference
set-log-procedure!: Guile Reference
set-psk-client-credentials!: Guile Reference
set-psk-server-credentials-file!: Guile Reference
set-server-session-certificate-request!: Guile Reference
set-session-credentials!: Guile Reference
set-session-default-priority!: Guile Reference
set-session-dh-prime-bits!: Guile Reference
set-session-priorities!: Guile Reference
set-session-server-name!: Guile Reference
set-session-transport-fd!: Input and Output
set-session-transport-fd!: Guile Reference
set-session-transport-port!: Input and Output
set-session-transport-port!: Guile Reference
sign-algorithm->string: Guile Reference
srp-client-credentials?: Guile Reference
srp-server-credentials?: Guile Reference
X
x509-certificate-authority-key-id: Guile Reference
x509-certificate-dn: Guile Reference
x509-certificate-dn-oid: Guile Reference
x509-certificate-format->string: Guile Reference
x509-certificate-issuer-dn: Guile Reference
x509-certificate-issuer-dn-oid: Guile Reference
x509-certificate-key-id: Guile Reference
x509-certificate-key-usage: Guile Reference
x509-certificate-matches-hostname?: Guile Reference
x509-certificate-public-key-algorithm: Guile Reference
x509-certificate-signature-algorithm: Guile Reference
x509-certificate-subject-alternative-name: Guile Reference
x509-certificate-subject-key-id: Guile Reference
x509-certificate-version: Guile Reference
x509-certificate?: Guile Reference
x509-private-key?: Guile Reference
x509-subject-alternative-name->string: Guile Reference
+
Jump to:   A +   +B +   +C +   +D +   +E +   +G +   +H +   +I +   +K +   +M +   +O +   +P +   +R +   +S +   +X +   +
+ +
+ +
+

+Previous: , Up: Top   [Contents][Index]

+
+ +

Concept Index

+ +
Jump to:   B +   +C +   +E +   +F +   +G +   +H +   +S +   +
+ + + + + + + + + + + + + + + + + + + + + + + + + + + +
Index Entry  Section
B
buffering: Input and Output
bytevectors: Representation of Binary Data
C
constant: Enumerates and Constants
E
enumerate: Enumerates and Constants
errors: Exception Handling
exceptions: Exception Handling
F
FDL, GNU Free Documentation License: Copying Information
G
gnutls-error: Exception Handling
H
homogeneous vector: Representation of Binary Data
S
SRFI-4: Representation of Binary Data
+
Jump to:   B +   +C +   +E +   +F +   +G +   +H +   +S +   +
+ +
+
+

Footnotes

+ +

(1)

+

Historically, SRFI-4 u8vectors are the closest +thing to bytevectors that Guile 1.8 and earlier supported.

+
+
+ + + + + diff --git a/doc/gnutls-guile.info b/doc/gnutls-guile.info new file mode 100644 index 0000000..563ec6d --- /dev/null +++ b/doc/gnutls-guile.info @@ -0,0 +1,1623 @@ +This is gnutls-guile.info, produced by makeinfo version 6.5 from +gnutls-guile.texi. + +This manual is last updated 15 March 2019 for version 3.6.8 of GnuTLS. + +Copyright (C) 2001-2012, 2014, 2016 Free Software Foundation, Inc. + + Permission is granted to copy, distribute and/or modify this + document under the terms of the GNU Free Documentation License, + Version 1.3 or any later version published by the Free Software + Foundation; with no Invariant Sections, no Front-Cover Texts, and + no Back-Cover Texts. A copy of the license is included in the + section entitled "GNU Free Documentation License". +INFO-DIR-SECTION Software libraries +START-INFO-DIR-ENTRY +* GnuTLS-Guile: (gnutls-guile). GNU Transport Layer Security Library. Guile bindings. +END-INFO-DIR-ENTRY + + +File: gnutls-guile.info, Node: Top, Next: Preface, Up: (dir) + +GnuTLS-Guile +************ + +This manual is last updated 15 March 2019 for version 3.6.8 of GnuTLS. + +Copyright (C) 2001-2012, 2014, 2016 Free Software Foundation, Inc. + + Permission is granted to copy, distribute and/or modify this + document under the terms of the GNU Free Documentation License, + Version 1.3 or any later version published by the Free Software + Foundation; with no Invariant Sections, no Front-Cover Texts, and + no Back-Cover Texts. A copy of the license is included in the + section entitled "GNU Free Documentation License". + +* Menu: + +* Preface:: Preface. +* Guile Preparations:: Note on installation and environment. +* Guile API Conventions:: Naming conventions and other idiosyncrasies. +* Guile Examples:: Quick start. +* Guile Reference:: The Scheme GnuTLS programming interface. + +* Copying Information:: You can copy and modify this manual. +* Procedure Index:: +* Concept Index:: + + +File: gnutls-guile.info, Node: Preface, Next: Guile Preparations, Prev: Top, Up: Top + +1 Preface +********* + +This manual describes the GNU Guile +(https://www.gnu.org/software/guile/) Scheme programming interface to +GnuTLS, which is distributed as part of GnuTLS (https://gnutls.org). +The reader is assumed to have basic knowledge of the protocol and +library. Details missing from this chapter may be found in Function +reference, of the C API reference. + +At this stage, not all the C functions are available from Scheme, but a +large subset thereof is available. + + +File: gnutls-guile.info, Node: Guile Preparations, Next: Guile API Conventions, Prev: Preface, Up: Top + +2 Guile Preparations +******************** + +The GnuTLS Guile bindings are available for Guile's 2.0 stable series, +as well as the forthcoming 2.2 series and the legacy 1.8 series. + +By default they are installed under the GnuTLS installation directory, +typically '/usr/local/share/guile/site/'). Normally Guile will not find +the module there without help. You may experience something like this: + + $ guile + ... + scheme@(guile-user)> (use-modules (gnutls)) + ERROR: no code for module (gnutls) + +There are two ways to solve this. The first is to make sure that when +building GnuTLS, the Guile bindings will be installed in the same place +where Guile looks. You may do this by using the '--with-guile-site-dir' +parameter as follows: + + $ ./configure --with-guile-site-dir=no + +This will instruct GnuTLS to attempt to install the Guile bindings where +Guile will look for them. It will use 'guile-config info pkgdatadir' to +learn the path to use. + +If Guile was installed into '/usr', you may also install GnuTLS using +the same prefix: + + $ ./configure --prefix=/usr + +If you want to specify the path to install the Guile bindings you can +also specify the path directly: + + $ ./configure --with-guile-site-dir=/opt/guile/share/guile/site + +The second solution requires some more work but may be easier to use if +you do not have system administrator rights to your machine. You need +to instruct Guile so that it finds the GnuTLS Guile bindings. Either +use the 'GUILE_LOAD_PATH' environment variable as follows: + + $ GUILE_LOAD_PATH="/usr/local/share/guile/site:$GUILE_LOAD_PATH" guile + scheme@(guile-user)> (use-modules (gnutls)) + scheme@(guile-user)> + +Alternatively, you can modify Guile's '%load-path' variable (*note +Guile's run-time options: (guile)Build Config.). + +At this point, you might get an error regarding 'guile-gnutls-v-2' +similar to: + + gnutls.scm:361:1: In procedure dynamic-link in expression (load-extension "guile-gnutls-v-2" "scm_init_gnutls"): + gnutls.scm:361:1: file: "guile-gnutls-v-2", message: "guile-gnutls-v-2.so: cannot open shared object file: No such file or directory" + +In this case, you will need to modify the run-time linker path, for +example as follows: + + $ LD_LIBRARY_PATH=/usr/local/lib GUILE_LOAD_PATH=/usr/local/share/guile/site guile + scheme@(guile-user)> (use-modules (gnutls)) + scheme@(guile-user)> + +To check that you got the intended GnuTLS library version, you may print +the version number of the loaded library as follows: + + $ guile + scheme@(guile-user)> (use-modules (gnutls)) + scheme@(guile-user)> (gnutls-version) + "3.6.8" + scheme@(guile-user)> + + +File: gnutls-guile.info, Node: Guile API Conventions, Next: Guile Examples, Prev: Guile Preparations, Up: Top + +3 Guile API Conventions +*********************** + +This chapter details the conventions used by Guile API, as well as +specificities of the mapping of the C API to Scheme. + +* Menu: + +* Enumerates and Constants:: Representation of C-side constants. +* Procedure Names:: Naming conventions. +* Representation of Binary Data:: Binary data buffers. +* Input and Output:: Input and output. +* Exception Handling:: Exceptions. + + +File: gnutls-guile.info, Node: Enumerates and Constants, Next: Procedure Names, Up: Guile API Conventions + +3.1 Enumerates and Constants +============================ + +Lots of enumerates and constants are used in the GnuTLS C API. For each +C enumerate type, a disjoint Scheme type is used--thus, enumerate values +and constants are not represented by Scheme symbols nor by integers. +This makes it impossible to use an enumerate value of the wrong type on +the Scheme side: such errors are automatically detected by +type-checking. + +The enumerate values are bound to variables exported by the '(gnutls)' +module. These variables are named according to the following +convention: + + * All variable names are lower-case; the underscore '_' character + used in the C API is replaced by hyphen '-'. + * All variable names are prepended by the name of the enumerate type + and the slash '/' character. + * In some cases, the variable name is made more explicit than the one + of the C API, e.g., by avoid abbreviations. + +Consider for instance this C-side enumerate: + + typedef enum + { + GNUTLS_CRD_CERTIFICATE = 1, + GNUTLS_CRD_ANON, + GNUTLS_CRD_SRP, + GNUTLS_CRD_PSK + } gnutls_credentials_type_t; + +The corresponding Scheme values are bound to the following variables +exported by the '(gnutls)' module: + + credentials/certificate + credentials/anonymous + credentials/srp + credentials/psk + +Hopefully, most variable names can be deduced from this convention. + +Scheme-side "enumerate" values can be compared using 'eq?' (*note +equality predicates: (guile)Equality.). Consider the following example: + + (let ((session (make-session connection-end/client))) + + ;; + ;; ... + ;; + + ;; Check the ciphering algorithm currently used by SESSION. + (if (eq? cipher/arcfour (session-cipher session)) + (format #t "We're using the ARCFOUR algorithm"))) + +In addition, all enumerate values can be converted to a human-readable +string, in a type-specific way. For instance, '(cipher->string +cipher/arcfour)' yields '"ARCFOUR 128"', while '(key-usage->string +key-usage/digital-signature)' yields '"digital-signature"'. Note that +these strings may not be sufficient for use in a user interface since +they are fairly concise and not internationalized. + + +File: gnutls-guile.info, Node: Procedure Names, Next: Representation of Binary Data, Prev: Enumerates and Constants, Up: Guile API Conventions + +3.2 Procedure Names +=================== + +Unlike C functions in GnuTLS, the corresponding Scheme procedures are +named in a way that is close to natural English. Abbreviations are also +avoided. For instance, the Scheme procedure corresponding to +'gnutls_certificate_set_dh_params' is named +'set-certificate-credentials-dh-parameters!'. The 'gnutls_' prefix is +always omitted from variable names since a similar effect can be +achieved using Guile's nifty binding renaming facilities, should it be +needed (*note (guile)Using Guile Modules::). + +Often Scheme procedure names differ from C function names in a way that +makes it clearer what objects they operate on. For example, the Scheme +procedure named 'set-session-transport-port!' corresponds to +'gnutls_transport_set_ptr', making it clear that this procedure applies +to session. + + +File: gnutls-guile.info, Node: Representation of Binary Data, Next: Input and Output, Prev: Procedure Names, Up: Guile API Conventions + +3.3 Representation of Binary Data +================================= + +Many procedures operate on binary data. For instance, +'pkcs3-import-dh-parameters' expects binary data as input. + +Binary data is represented on the Scheme side using bytevectors (*note +(guile)Bytevectors::). Homogeneous vectors such as SRFI-4 'u8vector's +can also be used(1). + +As an example, generating and then exporting Diffie-Hellman parameters +in the PEM format can be done as follows: + + (let* ((dh (make-dh-parameters 1024)) + (pem (pkcs3-export-dh-parameters dh + x509-certificate-format/pem))) + (call-with-output-file "some-file.pem" + (lambda (port) + (uniform-vector-write pem port)))) + + ---------- Footnotes ---------- + + (1) Historically, SRFI-4 'u8vector's are the closest thing to +bytevectors that Guile 1.8 and earlier supported. + + +File: gnutls-guile.info, Node: Input and Output, Next: Exception Handling, Prev: Representation of Binary Data, Up: Guile API Conventions + +3.4 Input and Output +==================== + +The underlying transport of a TLS session can be any Scheme input/output +port (*note (guile)Ports and File Descriptors::). This has to be +specified using 'set-session-transport-port!'. + +However, for better performance, a raw file descriptor can be specified, +using 'set-session-transport-fd!'. For instance, if the transport layer +is a socket port over an OS-provided socket, you can use the +'port->fdes' or 'fileno' procedure to obtain the underlying file +descriptor and pass it to 'set-session-transport-fd!' (*note +'port->fdes' and 'fileno': (guile)Ports and File Descriptors.). This +would work as follows: + + (let ((socket (socket PF_INET SOCK_STREAM 0)) + (session (make-session connection-end/client))) + + ;; + ;; Establish a TCP connection... + ;; + + ;; Use the file descriptor that underlies SOCKET. + (set-session-transport-fd! session (fileno socket))) + +Once a TLS session is established, data can be communicated through it +(i.e., _via_ the TLS record layer) using the port returned by +'session-record-port': + + (let ((session (make-session connection-end/client))) + + ;; + ;; Initialize the various parameters of SESSION, set up + ;; a network connection, etc. + ;; + + (let ((i/o (session-record-port session))) + (display "Hello peer!" i/o) + (let ((greetings (read i/o))) + + ;; ... + + (bye session close-request/rdwr)))) + +Note that each write to the session record port leads to the +transmission of an encrypted TLS "Application Data" packet. In the +above example, we create an Application Data packet for the 11 bytes for +the string that we write. This is not efficient both in terms of CPU +usage and bandwidth (each packet adds at least 5 bytes of overhead and +can lead to one 'write' system call), so we recommend that applications +do their own buffering. + +A lower-level I/O API is provided by 'record-send' and 'record-receive!' +which take a bytevector (or a SRFI-4 vector) to represent the data sent +or received. While it might improve performance, it is much less +convenient than the session record port and should rarely be needed. + + +File: gnutls-guile.info, Node: Exception Handling, Prev: Input and Output, Up: Guile API Conventions + +3.5 Exception Handling +====================== + +GnuTLS errors are implemented as Scheme exceptions (*note exceptions in +Guile: (guile)Exceptions.). Each time a GnuTLS function returns an +error, an exception with key 'gnutls-error' is raised. The additional +arguments that are thrown include an error code and the name of the +GnuTLS procedure that raised the exception. The error code is pretty +much like an enumerate value: it is one of the 'error/' variables +exported by the '(gnutls)' module (*note Enumerates and Constants::). +Exceptions can be turned into error messages using the 'error->string' +procedure. + +The following examples illustrates how GnuTLS exceptions can be handled: + + (let ((session (make-session connection-end/server))) + + ;; + ;; ... + ;; + + (catch 'gnutls-error + (lambda () + (handshake session)) + (lambda (key err function . currently-unused) + (format (current-error-port) + "a GnuTLS error was raised by `~a': ~a~%" + function (error->string err))))) + +Again, error values can be compared using 'eq?': + + ;; `gnutls-error' handler. + (lambda (key err function . currently-unused) + (if (eq? err error/fatal-alert-received) + (format (current-error-port) + "a fatal alert was caught!~%") + (format (current-error-port) + "something bad happened: ~a~%" + (error->string err)))) + +Note that the 'catch' handler is currently passed only 3 arguments but +future versions might provide it with additional arguments. Thus, it +must be prepared to handle more than 3 arguments, as in this example. + + +File: gnutls-guile.info, Node: Guile Examples, Next: Guile Reference, Prev: Guile API Conventions, Up: Top + +4 Guile Examples +**************** + +This chapter provides examples that illustrate common use cases. + +* Menu: + +* Anonymous Authentication Guile Example:: Simplest client and server. + + +File: gnutls-guile.info, Node: Anonymous Authentication Guile Example, Up: Guile Examples + +4.1 Anonymous Authentication Guile Example +========================================== + +"Anonymous authentication" is very easy to use. No certificates are +needed by the communicating parties. Yet, it allows them to benefit +from end-to-end encryption and integrity checks. + +The client-side code would look like this (assuming SOME-SOCKET is bound +to an open socket port): + + ;; Client-side. + + (let ((client (make-session connection-end/client))) + ;; Use the default settings. + (set-session-default-priority! client) + + ;; Don't use certificate-based authentication. + (set-session-certificate-type-priority! client '()) + + ;; Request the "anonymous Diffie-Hellman" key exchange method. + (set-session-kx-priority! client (list kx/anon-dh)) + + ;; Specify the underlying socket. + (set-session-transport-fd! client (fileno some-socket)) + + ;; Create anonymous credentials. + (set-session-credentials! client + (make-anonymous-client-credentials)) + + ;; Perform the TLS handshake with the server. + (handshake client) + + ;; Send data over the TLS record layer. + (write "hello, world!" (session-record-port client)) + + ;; Terminate the TLS session. + (bye client close-request/rdwr)) + +The corresponding server would look like this (again, assuming +SOME-SOCKET is bound to a socket port): + + ;; Server-side. + + (let ((server (make-session connection-end/server))) + (set-session-default-priority! server) + (set-session-certificate-type-priority! server '()) + (set-session-kx-priority! server (list kx/anon-dh)) + + ;; Specify the underlying transport socket. + (set-session-transport-fd! server (fileno some-socket)) + + ;; Create anonymous credentials. + (let ((cred (make-anonymous-server-credentials)) + (dh-params (make-dh-parameters 1024))) + ;; Note: DH parameter generation can take some time. + (set-anonymous-server-dh-parameters! cred dh-params) + (set-session-credentials! server cred)) + + ;; Perform the TLS handshake with the client. + (handshake server) + + ;; Receive data over the TLS record layer. + (let ((message (read (session-record-port server)))) + (format #t "received the following message: ~a~%" + message) + + (bye server close-request/rdwr))) + +This is it! + + +File: gnutls-guile.info, Node: Guile Reference, Next: Copying Information, Prev: Guile Examples, Up: Top + +5 Guile Reference +***************** + +This chapter lists the GnuTLS Scheme procedures exported by the +'(gnutls)' module (*note (guile)The Guile module system::). + + -- Scheme Procedure: set-log-level! level + Enable GnuTLS logging up to LEVEL (an integer). + + -- Scheme Procedure: set-log-procedure! proc + Use PROC (a two-argument procedure) as the global GnuTLS log + procedure. + + -- Scheme Procedure: set-certificate-credentials-openpgp-keys! cred pub + sec + Use certificate PUB and secret key SEC in certificate credentials + CRED. + + -- Scheme Procedure: openpgp-keyring-contains-key-id? keyring id + Return '#f' if key ID ID is in KEYRING, '#f' otherwise. + + -- Scheme Procedure: import-openpgp-keyring data format + Import DATA (a u8vector) according to FORMAT and return the + imported keyring. + + -- Scheme Procedure: openpgp-certificate-usage key + Return a list of values denoting the key usage of KEY. + + -- Scheme Procedure: openpgp-certificate-version key + Return the version of the OpenPGP message format (RFC2440) honored + by KEY. + + -- Scheme Procedure: openpgp-certificate-algorithm key + Return two values: the certificate algorithm used by KEY and the + number of bits used. + + -- Scheme Procedure: openpgp-certificate-names key + Return the list of names for KEY. + + -- Scheme Procedure: openpgp-certificate-name key index + Return the INDEXth name of KEY. + + -- Scheme Procedure: openpgp-certificate-fingerprint key + Return a new u8vector denoting the fingerprint of KEY. + + -- Scheme Procedure: openpgp-certificate-fingerprint! key fpr + Store in FPR (a u8vector) the fingerprint of KEY. Return the + number of bytes stored in FPR. + + -- Scheme Procedure: openpgp-certificate-id! key id + Store the ID (an 8 byte sequence) of certificate KEY in ID (a + u8vector). + + -- Scheme Procedure: openpgp-certificate-id key + Return the ID (an 8-element u8vector) of certificate KEY. + + -- Scheme Procedure: import-openpgp-private-key data format [pass] + Return a new OpenPGP private key object resulting from the import + of DATA (a uniform array) according to FORMAT. Optionally, a + passphrase may be provided. + + -- Scheme Procedure: import-openpgp-certificate data format + Return a new OpenPGP certificate object resulting from the import + of DATA (a uniform array) according to FORMAT. + + -- Scheme Procedure: x509-certificate-subject-alternative-name cert + index + Return two values: the alternative name type for CERT (i.e., one of + the 'x509-subject-alternative-name/' values) and the actual subject + alternative name (a string) at INDEX. Both values are '#f' if no + alternative name is available at INDEX. + + -- Scheme Procedure: x509-certificate-subject-key-id cert + Return the subject key ID (a u8vector) for CERT. + + -- Scheme Procedure: x509-certificate-authority-key-id cert + Return the key ID (a u8vector) of the X.509 certificate authority + of CERT. + + -- Scheme Procedure: x509-certificate-key-id cert + Return a statistically unique ID (a u8vector) for CERT that depends + on its public key parameters. This is normally a 20-byte SHA-1 + hash. + + -- Scheme Procedure: x509-certificate-version cert + Return the version of CERT. + + -- Scheme Procedure: x509-certificate-key-usage cert + Return the key usage of CERT (i.e., a list of 'key-usage/' values), + or the empty list if CERT does not contain such information. + + -- Scheme Procedure: x509-certificate-public-key-algorithm cert + Return two values: the public key algorithm (i.e., one of the + 'pk-algorithm/' values) of CERT and the number of bits used. + + -- Scheme Procedure: x509-certificate-signature-algorithm cert + Return the signature algorithm used by CERT (i.e., one of the + 'sign-algorithm/' values). + + -- Scheme Procedure: x509-certificate-matches-hostname? cert hostname + Return true if CERT matches HOSTNAME, a string denoting a DNS host + name. This is the basic implementation of RFC 2818 + (https://tools.ietf.org/html/rfc2818) (aka. HTTPS). + + -- Scheme Procedure: x509-certificate-issuer-dn-oid cert index + Return the OID (a string) at INDEX from CERT's issuer DN. Return + '#f' if no OID is available at INDEX. + + -- Scheme Procedure: x509-certificate-dn-oid cert index + Return OID (a string) at INDEX from CERT. Return '#f' if no OID is + available at INDEX. + + -- Scheme Procedure: x509-certificate-issuer-dn cert + Return the distinguished name (DN) of X.509 certificate CERT. + + -- Scheme Procedure: x509-certificate-dn cert + Return the distinguished name (DN) of X.509 certificate CERT. The + form of the DN is as described in RFC 2253 + (https://tools.ietf.org/html/rfc2253). + + -- Scheme Procedure: pkcs8-import-x509-private-key data format [pass + [encrypted]] + Return a new X.509 private key object resulting from the import of + DATA (a uniform array) according to FORMAT. Optionally, if PASS is + not '#f', it should be a string denoting a passphrase. ENCRYPTED + tells whether the private key is encrypted ('#t' by default). + + -- Scheme Procedure: import-x509-private-key data format + Return a new X.509 private key object resulting from the import of + DATA (a uniform array) according to FORMAT. + + -- Scheme Procedure: import-x509-certificate data format + Return a new X.509 certificate object resulting from the import of + DATA (a uniform array) according to FORMAT. + + -- Scheme Procedure: server-session-psk-username session + Return the username associated with PSK server session SESSION. + + -- Scheme Procedure: set-psk-client-credentials! cred username key + key-format + Set the client credentials for CRED, a PSK client credentials + object. + + -- Scheme Procedure: make-psk-client-credentials + Return a new PSK client credentials object. + + -- Scheme Procedure: set-psk-server-credentials-file! cred file + Use FILE as the password file for PSK server credentials CRED. + + -- Scheme Procedure: make-psk-server-credentials + Return new PSK server credentials. + + -- Scheme Procedure: peer-certificate-status session + Verify the peer certificate for SESSION and return a list of + 'certificate-status' values (such as 'certificate-status/revoked'), + or the empty list if the certificate is valid. + + -- Scheme Procedure: set-certificate-credentials-verify-flags! cred + [flags...] + Set the certificate verification flags to FLAGS, a series of + 'certificate-verify' values. + + -- Scheme Procedure: set-certificate-credentials-verify-limits! cred + max-bits max-depth + Set the verification limits of 'peer-certificate-status' for + certificate credentials CRED to MAX_BITS bits for an acceptable + certificate and MAX_DEPTH as the maximum depth of a certificate + chain. + + -- Scheme Procedure: set-certificate-credentials-x509-keys! cred certs + privkey + Have certificate credentials CRED use the X.509 certificates listed + in CERTS and X.509 private key PRIVKEY. + + -- Scheme Procedure: set-certificate-credentials-x509-key-data! cred + cert key format + Use X.509 certificate CERT and private key KEY, both uniform arrays + containing the X.509 certificate and key in format FORMAT, for + certificate credentials CRED. + + -- Scheme Procedure: set-certificate-credentials-x509-crl-data! cred + data format + Use DATA (a uniform array) as the X.509 CRL (certificate revocation + list) database for CRED. On success, return the number of CRLs + processed. + + -- Scheme Procedure: set-certificate-credentials-x509-trust-data! cred + data format + Use DATA (a uniform array) as the X.509 trust database for CRED. + On success, return the number of certificates processed. + + -- Scheme Procedure: set-certificate-credentials-x509-crl-file! cred + file format + Use FILE as the X.509 CRL (certificate revocation list) file for + certificate credentials CRED. On success, return the number of + CRLs processed. + + -- Scheme Procedure: set-certificate-credentials-x509-trust-file! cred + file format + Use FILE as the X.509 trust file for certificate credentials CRED. + On success, return the number of certificates processed. + + -- Scheme Procedure: set-certificate-credentials-x509-key-files! cred + cert-file key-file format + Use FILE as the password file for PSK server credentials CRED. + + -- Scheme Procedure: set-certificate-credentials-dh-parameters! cred + dh-params + Use Diffie-Hellman parameters DH_PARAMS for certificate credentials + CRED. + + -- Scheme Procedure: make-certificate-credentials + Return new certificate credentials (i.e., for use with either X.509 + or OpenPGP certificates. + + -- Scheme Procedure: set-anonymous-server-dh-parameters! cred dh-params + Set the Diffie-Hellman parameters of anonymous server credentials + CRED. + + -- Scheme Procedure: make-anonymous-client-credentials + Return anonymous client credentials. + + -- Scheme Procedure: make-anonymous-server-credentials + Return anonymous server credentials. + + -- Scheme Procedure: set-session-dh-prime-bits! session bits + Use BITS DH prime bits for SESSION. + + -- Scheme Procedure: pkcs3-export-dh-parameters dh-params format + Export Diffie-Hellman parameters DH_PARAMS in PKCS3 format + according for FORMAT (an 'x509-certificate-format' value). Return + a 'u8vector' containing the result. + + -- Scheme Procedure: pkcs3-import-dh-parameters array format + Import Diffie-Hellman parameters in PKCS3 format (further specified + by FORMAT, an 'x509-certificate-format' value) from ARRAY (a + homogeneous array) and return a new 'dh-params' object. + + -- Scheme Procedure: make-dh-parameters bits + Return new Diffie-Hellman parameters. + + -- Scheme Procedure: set-session-transport-port! session port + Use PORT as the input/output port for SESSION. + + -- Scheme Procedure: set-session-transport-fd! session fd + Use file descriptor FD as the underlying transport for SESSION. + + -- Scheme Procedure: session-record-port session + Return a read-write port that may be used to communicate over + SESSION. All invocations of 'session-port' on a given session + return the same object (in the sense of 'eq?'). + + -- Scheme Procedure: record-receive! session array + Receive data from SESSION into ARRAY, a uniform homogeneous array. + Return the number of bytes actually received. + + -- Scheme Procedure: record-send session array + Send the record constituted by ARRAY through SESSION. + + -- Scheme Procedure: set-session-server-name! session type name + For a client, this procedure provides a way to inform the server + that it is known under NAME, via the 'SERVER NAME' TLS extension. + TYPE must be a 'server-name-type' value, SERVER-NAME-TYPE/DNS for + DNS names. + + -- Scheme Procedure: set-session-credentials! session cred + Use CRED as SESSION's credentials. + + -- Scheme Procedure: cipher-suite->string kx cipher mac + Return the name of the given cipher suite. + + -- Scheme Procedure: set-session-priorities! session priorities + Have SESSION use the given PRIORITIES for the ciphers, key exchange + methods, MACs and compression methods. PRIORITIES must be a string + (*note (gnutls)Priority Strings::). When PRIORITIES cannot be + parsed, an 'error/invalid-request' error is raised, with an extra + argument indication the position of the error. + + -- Scheme Procedure: set-session-default-priority! session + Have SESSION use the default priorities. + + -- Scheme Procedure: set-server-session-certificate-request! session + request + Tell how SESSION, a server-side session, should deal with + certificate requests. REQUEST should be either + 'certificate-request/request' or 'certificate-request/require'. + + -- Scheme Procedure: session-our-certificate-chain session + Return our certificate chain for SESSION (as sent to the peer) in + raw format (a u8vector). In the case of OpenPGP there is exactly + one certificate. Return the empty list if no certificate was used. + + -- Scheme Procedure: session-peer-certificate-chain session + Return the a list of certificates in raw format (u8vectors) where + the first one is the peer's certificate. In the case of OpenPGP, + there is always exactly one certificate. In the case of X.509, + subsequent certificates indicate form a certificate chain. Return + the empty list if no certificate was sent. + + -- Scheme Procedure: session-client-authentication-type session + Return the client authentication type (a 'credential-type' value) + used in SESSION. + + -- Scheme Procedure: session-server-authentication-type session + Return the server authentication type (a 'credential-type' value) + used in SESSION. + + -- Scheme Procedure: session-authentication-type session + Return the authentication type (a 'credential-type' value) used by + SESSION. + + -- Scheme Procedure: session-protocol session + Return the protocol used by SESSION. + + -- Scheme Procedure: session-certificate-type session + Return SESSION's certificate type. + + -- Scheme Procedure: session-compression-method session + Return SESSION's compression method. + + -- Scheme Procedure: session-mac session + Return SESSION's MAC. + + -- Scheme Procedure: session-kx session + Return SESSION's kx. + + -- Scheme Procedure: session-cipher session + Return SESSION's cipher. + + -- Scheme Procedure: alert-send session level alert + Send ALERT via SESSION. + + -- Scheme Procedure: alert-get session + Get an aleter from SESSION. + + -- Scheme Procedure: rehandshake session + Perform a re-handshaking for SESSION. + + -- Scheme Procedure: handshake session + Perform a handshake for SESSION. + + -- Scheme Procedure: bye session how + Close SESSION according to HOW. + + -- Scheme Procedure: make-session end + Return a new session for connection end END, either + 'connection-end/server' or 'connection-end/client'. + + -- Scheme Procedure: gnutls-version + Return a string denoting the version number of the underlying + GnuTLS library, e.g., '"1.7.2"'. + + -- Scheme Procedure: openpgp-keyring? obj + Return true if OBJ is of type 'openpgp-keyring'. + + -- Scheme Procedure: openpgp-private-key? obj + Return true if OBJ is of type 'openpgp-private-key'. + + -- Scheme Procedure: openpgp-certificate? obj + Return true if OBJ is of type 'openpgp-certificate'. + + -- Scheme Procedure: x509-private-key? obj + Return true if OBJ is of type 'x509-private-key'. + + -- Scheme Procedure: x509-certificate? obj + Return true if OBJ is of type 'x509-certificate'. + + -- Scheme Procedure: psk-client-credentials? obj + Return true if OBJ is of type 'psk-client-credentials'. + + -- Scheme Procedure: psk-server-credentials? obj + Return true if OBJ is of type 'psk-server-credentials'. + + -- Scheme Procedure: srp-client-credentials? obj + Return true if OBJ is of type 'srp-client-credentials'. + + -- Scheme Procedure: srp-server-credentials? obj + Return true if OBJ is of type 'srp-server-credentials'. + + -- Scheme Procedure: certificate-credentials? obj + Return true if OBJ is of type 'certificate-credentials'. + + -- Scheme Procedure: dh-parameters? obj + Return true if OBJ is of type 'dh-parameters'. + + -- Scheme Procedure: anonymous-server-credentials? obj + Return true if OBJ is of type 'anonymous-server-credentials'. + + -- Scheme Procedure: anonymous-client-credentials? obj + Return true if OBJ is of type 'anonymous-client-credentials'. + + -- Scheme Procedure: session? obj + Return true if OBJ is of type 'session'. + + -- Scheme Procedure: openpgp-certificate-format->string enumval + Return a string describing ENUMVAL, a 'openpgp-certificate-format' + value. + + -- Scheme Procedure: error->string enumval + Return a string describing ENUMVAL, a 'error' value. + + -- Scheme Procedure: certificate-verify->string enumval + Return a string describing ENUMVAL, a 'certificate-verify' value. + + -- Scheme Procedure: key-usage->string enumval + Return a string describing ENUMVAL, a 'key-usage' value. + + -- Scheme Procedure: psk-key-format->string enumval + Return a string describing ENUMVAL, a 'psk-key-format' value. + + -- Scheme Procedure: server-name-type->string enumval + Return a string describing ENUMVAL, a 'server-name-type' value. + + -- Scheme Procedure: sign-algorithm->string enumval + Return a string describing ENUMVAL, a 'sign-algorithm' value. + + -- Scheme Procedure: pk-algorithm->string enumval + Return a string describing ENUMVAL, a 'pk-algorithm' value. + + -- Scheme Procedure: x509-subject-alternative-name->string enumval + Return a string describing ENUMVAL, a + 'x509-subject-alternative-name' value. + + -- Scheme Procedure: x509-certificate-format->string enumval + Return a string describing ENUMVAL, a 'x509-certificate-format' + value. + + -- Scheme Procedure: certificate-type->string enumval + Return a string describing ENUMVAL, a 'certificate-type' value. + + -- Scheme Procedure: protocol->string enumval + Return a string describing ENUMVAL, a 'protocol' value. + + -- Scheme Procedure: close-request->string enumval + Return a string describing ENUMVAL, a 'close-request' value. + + -- Scheme Procedure: certificate-request->string enumval + Return a string describing ENUMVAL, a 'certificate-request' value. + + -- Scheme Procedure: certificate-status->string enumval + Return a string describing ENUMVAL, a 'certificate-status' value. + + -- Scheme Procedure: handshake-description->string enumval + Return a string describing ENUMVAL, a 'handshake-description' + value. + + -- Scheme Procedure: alert-description->string enumval + Return a string describing ENUMVAL, a 'alert-description' value. + + -- Scheme Procedure: alert-level->string enumval + Return a string describing ENUMVAL, a 'alert-level' value. + + -- Scheme Procedure: connection-end->string enumval + Return a string describing ENUMVAL, a 'connection-end' value. + + -- Scheme Procedure: compression-method->string enumval + Return a string describing ENUMVAL, a 'compression-method' value. + + -- Scheme Procedure: digest->string enumval + Return a string describing ENUMVAL, a 'digest' value. + + -- Scheme Procedure: mac->string enumval + Return a string describing ENUMVAL, a 'mac' value. + + -- Scheme Procedure: credentials->string enumval + Return a string describing ENUMVAL, a 'credentials' value. + + -- Scheme Procedure: params->string enumval + Return a string describing ENUMVAL, a 'params' value. + + -- Scheme Procedure: kx->string enumval + Return a string describing ENUMVAL, a 'kx' value. + + -- Scheme Procedure: cipher->string enumval + Return a string describing ENUMVAL, a 'cipher' value. + + +File: gnutls-guile.info, Node: Copying Information, Next: Procedure Index, Prev: Guile Reference, Up: Top + +Appendix A Copying Information +****************************** + +GNU Free Documentation License +============================== + + Version 1.3, 3 November 2008 + + Copyright (C) 2000, 2001, 2002, 2007, 2008 Free Software Foundation, Inc. + + + Everyone is permitted to copy and distribute verbatim copies + of this license document, but changing it is not allowed. + + 0. PREAMBLE + + The purpose of this License is to make a manual, textbook, or other + functional and useful document "free" in the sense of freedom: to + assure everyone the effective freedom to copy and redistribute it, + with or without modifying it, either commercially or + noncommercially. Secondarily, this License preserves for the + author and publisher a way to get credit for their work, while not + being considered responsible for modifications made by others. + + This License is a kind of "copyleft", which means that derivative + works of the document must themselves be free in the same sense. + It complements the GNU General Public License, which is a copyleft + license designed for free software. + + We have designed this License in order to use it for manuals for + free software, because free software needs free documentation: a + free program should come with manuals providing the same freedoms + that the software does. But this License is not limited to + software manuals; it can be used for any textual work, regardless + of subject matter or whether it is published as a printed book. We + recommend this License principally for works whose purpose is + instruction or reference. + + 1. APPLICABILITY AND DEFINITIONS + + This License applies to any manual or other work, in any medium, + that contains a notice placed by the copyright holder saying it can + be distributed under the terms of this License. Such a notice + grants a world-wide, royalty-free license, unlimited in duration, + to use that work under the conditions stated herein. The + "Document", below, refers to any such manual or work. Any member + of the public is a licensee, and is addressed as "you". You accept + the license if you copy, modify or distribute the work in a way + requiring permission under copyright law. + + A "Modified Version" of the Document means any work containing the + Document or a portion of it, either copied verbatim, or with + modifications and/or translated into another language. + + A "Secondary Section" is a named appendix or a front-matter section + of the Document that deals exclusively with the relationship of the + publishers or authors of the Document to the Document's overall + subject (or to related matters) and contains nothing that could + fall directly within that overall subject. (Thus, if the Document + is in part a textbook of mathematics, a Secondary Section may not + explain any mathematics.) The relationship could be a matter of + historical connection with the subject or with related matters, or + of legal, commercial, philosophical, ethical or political position + regarding them. + + The "Invariant Sections" are certain Secondary Sections whose + titles are designated, as being those of Invariant Sections, in the + notice that says that the Document is released under this License. + If a section does not fit the above definition of Secondary then it + is not allowed to be designated as Invariant. The Document may + contain zero Invariant Sections. If the Document does not identify + any Invariant Sections then there are none. + + The "Cover Texts" are certain short passages of text that are + listed, as Front-Cover Texts or Back-Cover Texts, in the notice + that says that the Document is released under this License. A + Front-Cover Text may be at most 5 words, and a Back-Cover Text may + be at most 25 words. + + A "Transparent" copy of the Document means a machine-readable copy, + represented in a format whose specification is available to the + general public, that is suitable for revising the document + straightforwardly with generic text editors or (for images composed + of pixels) generic paint programs or (for drawings) some widely + available drawing editor, and that is suitable for input to text + formatters or for automatic translation to a variety of formats + suitable for input to text formatters. A copy made in an otherwise + Transparent file format whose markup, or absence of markup, has + been arranged to thwart or discourage subsequent modification by + readers is not Transparent. An image format is not Transparent if + used for any substantial amount of text. A copy that is not + "Transparent" is called "Opaque". + + Examples of suitable formats for Transparent copies include plain + ASCII without markup, Texinfo input format, LaTeX input format, + SGML or XML using a publicly available DTD, and standard-conforming + simple HTML, PostScript or PDF designed for human modification. + Examples of transparent image formats include PNG, XCF and JPG. + Opaque formats include proprietary formats that can be read and + edited only by proprietary word processors, SGML or XML for which + the DTD and/or processing tools are not generally available, and + the machine-generated HTML, PostScript or PDF produced by some word + processors for output purposes only. + + The "Title Page" means, for a printed book, the title page itself, + plus such following pages as are needed to hold, legibly, the + material this License requires to appear in the title page. For + works in formats which do not have any title page as such, "Title + Page" means the text near the most prominent appearance of the + work's title, preceding the beginning of the body of the text. + + The "publisher" means any person or entity that distributes copies + of the Document to the public. + + A section "Entitled XYZ" means a named subunit of the Document + whose title either is precisely XYZ or contains XYZ in parentheses + following text that translates XYZ in another language. (Here XYZ + stands for a specific section name mentioned below, such as + "Acknowledgements", "Dedications", "Endorsements", or "History".) + To "Preserve the Title" of such a section when you modify the + Document means that it remains a section "Entitled XYZ" according + to this definition. + + The Document may include Warranty Disclaimers next to the notice + which states that this License applies to the Document. These + Warranty Disclaimers are considered to be included by reference in + this License, but only as regards disclaiming warranties: any other + implication that these Warranty Disclaimers may have is void and + has no effect on the meaning of this License. + + 2. VERBATIM COPYING + + You may copy and distribute the Document in any medium, either + commercially or noncommercially, provided that this License, the + copyright notices, and the license notice saying this License + applies to the Document are reproduced in all copies, and that you + add no other conditions whatsoever to those of this License. You + may not use technical measures to obstruct or control the reading + or further copying of the copies you make or distribute. However, + you may accept compensation in exchange for copies. If you + distribute a large enough number of copies you must also follow the + conditions in section 3. + + You may also lend copies, under the same conditions stated above, + and you may publicly display copies. + + 3. COPYING IN QUANTITY + + If you publish printed copies (or copies in media that commonly + have printed covers) of the Document, numbering more than 100, and + the Document's license notice requires Cover Texts, you must + enclose the copies in covers that carry, clearly and legibly, all + these Cover Texts: Front-Cover Texts on the front cover, and + Back-Cover Texts on the back cover. Both covers must also clearly + and legibly identify you as the publisher of these copies. The + front cover must present the full title with all words of the title + equally prominent and visible. You may add other material on the + covers in addition. Copying with changes limited to the covers, as + long as they preserve the title of the Document and satisfy these + conditions, can be treated as verbatim copying in other respects. + + If the required texts for either cover are too voluminous to fit + legibly, you should put the first ones listed (as many as fit + reasonably) on the actual cover, and continue the rest onto + adjacent pages. + + If you publish or distribute Opaque copies of the Document + numbering more than 100, you must either include a machine-readable + Transparent copy along with each Opaque copy, or state in or with + each Opaque copy a computer-network location from which the general + network-using public has access to download using public-standard + network protocols a complete Transparent copy of the Document, free + of added material. If you use the latter option, you must take + reasonably prudent steps, when you begin distribution of Opaque + copies in quantity, to ensure that this Transparent copy will + remain thus accessible at the stated location until at least one + year after the last time you distribute an Opaque copy (directly or + through your agents or retailers) of that edition to the public. + + It is requested, but not required, that you contact the authors of + the Document well before redistributing any large number of copies, + to give them a chance to provide you with an updated version of the + Document. + + 4. MODIFICATIONS + + You may copy and distribute a Modified Version of the Document + under the conditions of sections 2 and 3 above, provided that you + release the Modified Version under precisely this License, with the + Modified Version filling the role of the Document, thus licensing + distribution and modification of the Modified Version to whoever + possesses a copy of it. In addition, you must do these things in + the Modified Version: + + A. Use in the Title Page (and on the covers, if any) a title + distinct from that of the Document, and from those of previous + versions (which should, if there were any, be listed in the + History section of the Document). You may use the same title + as a previous version if the original publisher of that + version gives permission. + + B. List on the Title Page, as authors, one or more persons or + entities responsible for authorship of the modifications in + the Modified Version, together with at least five of the + principal authors of the Document (all of its principal + authors, if it has fewer than five), unless they release you + from this requirement. + + C. State on the Title page the name of the publisher of the + Modified Version, as the publisher. + + D. Preserve all the copyright notices of the Document. + + E. Add an appropriate copyright notice for your modifications + adjacent to the other copyright notices. + + F. Include, immediately after the copyright notices, a license + notice giving the public permission to use the Modified + Version under the terms of this License, in the form shown in + the Addendum below. + + G. Preserve in that license notice the full lists of Invariant + Sections and required Cover Texts given in the Document's + license notice. + + H. Include an unaltered copy of this License. + + I. Preserve the section Entitled "History", Preserve its Title, + and add to it an item stating at least the title, year, new + authors, and publisher of the Modified Version as given on the + Title Page. If there is no section Entitled "History" in the + Document, create one stating the title, year, authors, and + publisher of the Document as given on its Title Page, then add + an item describing the Modified Version as stated in the + previous sentence. + + J. Preserve the network location, if any, given in the Document + for public access to a Transparent copy of the Document, and + likewise the network locations given in the Document for + previous versions it was based on. These may be placed in the + "History" section. You may omit a network location for a work + that was published at least four years before the Document + itself, or if the original publisher of the version it refers + to gives permission. + + K. For any section Entitled "Acknowledgements" or "Dedications", + Preserve the Title of the section, and preserve in the section + all the substance and tone of each of the contributor + acknowledgements and/or dedications given therein. + + L. Preserve all the Invariant Sections of the Document, unaltered + in their text and in their titles. Section numbers or the + equivalent are not considered part of the section titles. + + M. Delete any section Entitled "Endorsements". Such a section + may not be included in the Modified Version. + + N. Do not retitle any existing section to be Entitled + "Endorsements" or to conflict in title with any Invariant + Section. + + O. Preserve any Warranty Disclaimers. + + If the Modified Version includes new front-matter sections or + appendices that qualify as Secondary Sections and contain no + material copied from the Document, you may at your option designate + some or all of these sections as invariant. To do this, add their + titles to the list of Invariant Sections in the Modified Version's + license notice. These titles must be distinct from any other + section titles. + + You may add a section Entitled "Endorsements", provided it contains + nothing but endorsements of your Modified Version by various + parties--for example, statements of peer review or that the text + has been approved by an organization as the authoritative + definition of a standard. + + You may add a passage of up to five words as a Front-Cover Text, + and a passage of up to 25 words as a Back-Cover Text, to the end of + the list of Cover Texts in the Modified Version. Only one passage + of Front-Cover Text and one of Back-Cover Text may be added by (or + through arrangements made by) any one entity. If the Document + already includes a cover text for the same cover, previously added + by you or by arrangement made by the same entity you are acting on + behalf of, you may not add another; but you may replace the old + one, on explicit permission from the previous publisher that added + the old one. + + The author(s) and publisher(s) of the Document do not by this + License give permission to use their names for publicity for or to + assert or imply endorsement of any Modified Version. + + 5. COMBINING DOCUMENTS + + You may combine the Document with other documents released under + this License, under the terms defined in section 4 above for + modified versions, provided that you include in the combination all + of the Invariant Sections of all of the original documents, + unmodified, and list them all as Invariant Sections of your + combined work in its license notice, and that you preserve all + their Warranty Disclaimers. + + The combined work need only contain one copy of this License, and + multiple identical Invariant Sections may be replaced with a single + copy. If there are multiple Invariant Sections with the same name + but different contents, make the title of each such section unique + by adding at the end of it, in parentheses, the name of the + original author or publisher of that section if known, or else a + unique number. Make the same adjustment to the section titles in + the list of Invariant Sections in the license notice of the + combined work. + + In the combination, you must combine any sections Entitled + "History" in the various original documents, forming one section + Entitled "History"; likewise combine any sections Entitled + "Acknowledgements", and any sections Entitled "Dedications". You + must delete all sections Entitled "Endorsements." + + 6. COLLECTIONS OF DOCUMENTS + + You may make a collection consisting of the Document and other + documents released under this License, and replace the individual + copies of this License in the various documents with a single copy + that is included in the collection, provided that you follow the + rules of this License for verbatim copying of each of the documents + in all other respects. + + You may extract a single document from such a collection, and + distribute it individually under this License, provided you insert + a copy of this License into the extracted document, and follow this + License in all other respects regarding verbatim copying of that + document. + + 7. AGGREGATION WITH INDEPENDENT WORKS + + A compilation of the Document or its derivatives with other + separate and independent documents or works, in or on a volume of a + storage or distribution medium, is called an "aggregate" if the + copyright resulting from the compilation is not used to limit the + legal rights of the compilation's users beyond what the individual + works permit. When the Document is included in an aggregate, this + License does not apply to the other works in the aggregate which + are not themselves derivative works of the Document. + + If the Cover Text requirement of section 3 is applicable to these + copies of the Document, then if the Document is less than one half + of the entire aggregate, the Document's Cover Texts may be placed + on covers that bracket the Document within the aggregate, or the + electronic equivalent of covers if the Document is in electronic + form. Otherwise they must appear on printed covers that bracket + the whole aggregate. + + 8. TRANSLATION + + Translation is considered a kind of modification, so you may + distribute translations of the Document under the terms of section + 4. Replacing Invariant Sections with translations requires special + permission from their copyright holders, but you may include + translations of some or all Invariant Sections in addition to the + original versions of these Invariant Sections. You may include a + translation of this License, and all the license notices in the + Document, and any Warranty Disclaimers, provided that you also + include the original English version of this License and the + original versions of those notices and disclaimers. In case of a + disagreement between the translation and the original version of + this License or a notice or disclaimer, the original version will + prevail. + + If a section in the Document is Entitled "Acknowledgements", + "Dedications", or "History", the requirement (section 4) to + Preserve its Title (section 1) will typically require changing the + actual title. + + 9. TERMINATION + + You may not copy, modify, sublicense, or distribute the Document + except as expressly provided under this License. Any attempt + otherwise to copy, modify, sublicense, or distribute it is void, + and will automatically terminate your rights under this License. + + However, if you cease all violation of this License, then your + license from a particular copyright holder is reinstated (a) + provisionally, unless and until the copyright holder explicitly and + finally terminates your license, and (b) permanently, if the + copyright holder fails to notify you of the violation by some + reasonable means prior to 60 days after the cessation. + + Moreover, your license from a particular copyright holder is + reinstated permanently if the copyright holder notifies you of the + violation by some reasonable means, this is the first time you have + received notice of violation of this License (for any work) from + that copyright holder, and you cure the violation prior to 30 days + after your receipt of the notice. + + Termination of your rights under this section does not terminate + the licenses of parties who have received copies or rights from you + under this License. If your rights have been terminated and not + permanently reinstated, receipt of a copy of some or all of the + same material does not give you any rights to use it. + + 10. FUTURE REVISIONS OF THIS LICENSE + + The Free Software Foundation may publish new, revised versions of + the GNU Free Documentation License from time to time. Such new + versions will be similar in spirit to the present version, but may + differ in detail to address new problems or concerns. See + . + + Each version of the License is given a distinguishing version + number. If the Document specifies that a particular numbered + version of this License "or any later version" applies to it, you + have the option of following the terms and conditions either of + that specified version or of any later version that has been + published (not as a draft) by the Free Software Foundation. If the + Document does not specify a version number of this License, you may + choose any version ever published (not as a draft) by the Free + Software Foundation. If the Document specifies that a proxy can + decide which future versions of this License can be used, that + proxy's public statement of acceptance of a version permanently + authorizes you to choose that version for the Document. + + 11. RELICENSING + + "Massive Multiauthor Collaboration Site" (or "MMC Site") means any + World Wide Web server that publishes copyrightable works and also + provides prominent facilities for anybody to edit those works. A + public wiki that anybody can edit is an example of such a server. + A "Massive Multiauthor Collaboration" (or "MMC") contained in the + site means any set of copyrightable works thus published on the MMC + site. + + "CC-BY-SA" means the Creative Commons Attribution-Share Alike 3.0 + license published by Creative Commons Corporation, a not-for-profit + corporation with a principal place of business in San Francisco, + California, as well as future copyleft versions of that license + published by that same organization. + + "Incorporate" means to publish or republish a Document, in whole or + in part, as part of another Document. + + An MMC is "eligible for relicensing" if it is licensed under this + License, and if all works that were first published under this + License somewhere other than this MMC, and subsequently + incorporated in whole or in part into the MMC, (1) had no cover + texts or invariant sections, and (2) were thus incorporated prior + to November 1, 2008. + + The operator of an MMC Site may republish an MMC contained in the + site under CC-BY-SA on the same site at any time before August 1, + 2009, provided the MMC is eligible for relicensing. + +ADDENDUM: How to use this License for your documents +==================================================== + +To use this License in a document you have written, include a copy of +the License in the document and put the following copyright and license +notices just after the title page: + + Copyright (C) YEAR YOUR NAME. + Permission is granted to copy, distribute and/or modify this document + under the terms of the GNU Free Documentation License, Version 1.3 + or any later version published by the Free Software Foundation; + with no Invariant Sections, no Front-Cover Texts, and no Back-Cover + Texts. A copy of the license is included in the section entitled ``GNU + Free Documentation License''. + +If you have Invariant Sections, Front-Cover Texts and Back-Cover Texts, +replace the "with...Texts." line with this: + + with the Invariant Sections being LIST THEIR TITLES, with + the Front-Cover Texts being LIST, and with the Back-Cover Texts + being LIST. + +If you have Invariant Sections without Cover Texts, or some other +combination of the three, merge those two alternatives to suit the +situation. + +If your document contains nontrivial examples of program code, we +recommend releasing these examples in parallel under your choice of free +software license, such as the GNU General Public License, to permit +their use in free software. + + +File: gnutls-guile.info, Node: Procedure Index, Next: Concept Index, Prev: Copying Information, Up: Top + +Procedure Index +*************** + +