|
Packit |
549fdc |
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
@c gnutls_cipher_algorithm_t
|
|
Packit |
549fdc |
@table @code
|
|
Packit |
549fdc |
@item GNUTLS_@-CIPHER_@-UNKNOWN
|
|
Packit |
549fdc |
Value to identify an unknown/unsupported algorithm.
|
|
Packit |
549fdc |
@item GNUTLS_@-CIPHER_@-NULL
|
|
Packit |
549fdc |
The NULL (identity) encryption algorithm.
|
|
Packit |
549fdc |
@item GNUTLS_@-CIPHER_@-ARCFOUR_@-128
|
|
Packit |
549fdc |
ARCFOUR stream cipher with 128-bit keys.
|
|
Packit |
549fdc |
@item GNUTLS_@-CIPHER_@-3DES_@-CBC
|
|
Packit |
549fdc |
3DES in CBC mode.
|
|
Packit |
549fdc |
@item GNUTLS_@-CIPHER_@-AES_@-128_@-CBC
|
|
Packit |
549fdc |
AES in CBC mode with 128-bit keys.
|
|
Packit |
549fdc |
@item GNUTLS_@-CIPHER_@-AES_@-256_@-CBC
|
|
Packit |
549fdc |
AES in CBC mode with 256-bit keys.
|
|
Packit |
549fdc |
@item GNUTLS_@-CIPHER_@-ARCFOUR_@-40
|
|
Packit |
549fdc |
ARCFOUR stream cipher with 40-bit keys.
|
|
Packit |
549fdc |
@item GNUTLS_@-CIPHER_@-CAMELLIA_@-128_@-CBC
|
|
Packit |
549fdc |
Camellia in CBC mode with 128-bit keys.
|
|
Packit |
549fdc |
@item GNUTLS_@-CIPHER_@-CAMELLIA_@-256_@-CBC
|
|
Packit |
549fdc |
Camellia in CBC mode with 256-bit keys.
|
|
Packit |
549fdc |
@item GNUTLS_@-CIPHER_@-AES_@-192_@-CBC
|
|
Packit |
549fdc |
AES in CBC mode with 192-bit keys.
|
|
Packit |
549fdc |
@item GNUTLS_@-CIPHER_@-AES_@-128_@-GCM
|
|
Packit |
549fdc |
AES in GCM mode with 128-bit keys.
|
|
Packit |
549fdc |
@item GNUTLS_@-CIPHER_@-AES_@-256_@-GCM
|
|
Packit |
549fdc |
AES in GCM mode with 256-bit keys.
|
|
Packit |
549fdc |
@item GNUTLS_@-CIPHER_@-CAMELLIA_@-192_@-CBC
|
|
Packit |
549fdc |
Camellia in CBC mode with 192-bit keys.
|
|
Packit |
549fdc |
@item GNUTLS_@-CIPHER_@-SALSA20_@-256
|
|
Packit |
549fdc |
Salsa20 with 256-bit keys.
|
|
Packit |
549fdc |
@item GNUTLS_@-CIPHER_@-ESTREAM_@-SALSA20_@-256
|
|
Packit |
549fdc |
Estream's Salsa20 variant with 256-bit keys.
|
|
Packit |
549fdc |
@item GNUTLS_@-CIPHER_@-CAMELLIA_@-128_@-GCM
|
|
Packit |
549fdc |
CAMELLIA in GCM mode with 128-bit keys.
|
|
Packit |
549fdc |
@item GNUTLS_@-CIPHER_@-CAMELLIA_@-256_@-GCM
|
|
Packit |
549fdc |
CAMELLIA in GCM mode with 256-bit keys.
|
|
Packit |
549fdc |
@item GNUTLS_@-CIPHER_@-RC2_@-40_@-CBC
|
|
Packit |
549fdc |
RC2 in CBC mode with 40-bit keys.
|
|
Packit |
549fdc |
@item GNUTLS_@-CIPHER_@-DES_@-CBC
|
|
Packit |
549fdc |
DES in CBC mode (56-bit keys).
|
|
Packit |
549fdc |
@item GNUTLS_@-CIPHER_@-AES_@-128_@-CCM
|
|
Packit |
549fdc |
AES in CCM mode with 128-bit keys.
|
|
Packit |
549fdc |
@item GNUTLS_@-CIPHER_@-AES_@-256_@-CCM
|
|
Packit |
549fdc |
AES in CCM mode with 256-bit keys.
|
|
Packit |
549fdc |
@item GNUTLS_@-CIPHER_@-AES_@-128_@-CCM_@-8
|
|
Packit |
549fdc |
AES in CCM mode with 64-bit tag and 128-bit keys.
|
|
Packit |
549fdc |
@item GNUTLS_@-CIPHER_@-AES_@-256_@-CCM_@-8
|
|
Packit |
549fdc |
AES in CCM mode with 64-bit tag and 256-bit keys.
|
|
Packit |
549fdc |
@item GNUTLS_@-CIPHER_@-CHACHA20_@-POLY1305
|
|
Packit |
549fdc |
The Chacha20 cipher with the Poly1305 authenticator (AEAD).
|
|
Packit |
549fdc |
@item GNUTLS_@-CIPHER_@-IDEA_@-PGP_@-CFB
|
|
Packit |
549fdc |
IDEA in CFB mode (placeholder - unsupported).
|
|
Packit |
549fdc |
@item GNUTLS_@-CIPHER_@-3DES_@-PGP_@-CFB
|
|
Packit |
549fdc |
3DES in CFB mode (placeholder - unsupported).
|
|
Packit |
549fdc |
@item GNUTLS_@-CIPHER_@-CAST5_@-PGP_@-CFB
|
|
Packit |
549fdc |
CAST5 in CFB mode (placeholder - unsupported).
|
|
Packit |
549fdc |
@item GNUTLS_@-CIPHER_@-BLOWFISH_@-PGP_@-CFB
|
|
Packit |
549fdc |
Blowfish in CFB mode (placeholder - unsupported).
|
|
Packit |
549fdc |
@item GNUTLS_@-CIPHER_@-SAFER_@-SK128_@-PGP_@-CFB
|
|
Packit |
549fdc |
Safer-SK in CFB mode with 128-bit keys (placeholder - unsupported).
|
|
Packit |
549fdc |
@item GNUTLS_@-CIPHER_@-AES128_@-PGP_@-CFB
|
|
Packit |
549fdc |
AES in CFB mode with 128-bit keys (placeholder - unsupported).
|
|
Packit |
549fdc |
@item GNUTLS_@-CIPHER_@-AES192_@-PGP_@-CFB
|
|
Packit |
549fdc |
AES in CFB mode with 192-bit keys (placeholder - unsupported).
|
|
Packit |
549fdc |
@item GNUTLS_@-CIPHER_@-AES256_@-PGP_@-CFB
|
|
Packit |
549fdc |
AES in CFB mode with 256-bit keys (placeholder - unsupported).
|
|
Packit |
549fdc |
@item GNUTLS_@-CIPHER_@-TWOFISH_@-PGP_@-CFB
|
|
Packit |
549fdc |
Twofish in CFB mode (placeholder - unsupported).
|
|
Packit |
549fdc |
@end table
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
@c gnutls_kx_algorithm_t
|
|
Packit |
549fdc |
@table @code
|
|
Packit |
549fdc |
@item GNUTLS_@-KX_@-UNKNOWN
|
|
Packit |
549fdc |
Unknown key-exchange algorithm.
|
|
Packit |
549fdc |
@item GNUTLS_@-KX_@-RSA
|
|
Packit |
549fdc |
RSA key-exchange algorithm.
|
|
Packit |
549fdc |
@item GNUTLS_@-KX_@-DHE_@-DSS
|
|
Packit |
549fdc |
DHE-DSS key-exchange algorithm.
|
|
Packit |
549fdc |
@item GNUTLS_@-KX_@-DHE_@-RSA
|
|
Packit |
549fdc |
DHE-RSA key-exchange algorithm.
|
|
Packit |
549fdc |
@item GNUTLS_@-KX_@-ANON_@-DH
|
|
Packit |
549fdc |
Anon-DH key-exchange algorithm.
|
|
Packit |
549fdc |
@item GNUTLS_@-KX_@-SRP
|
|
Packit |
549fdc |
SRP key-exchange algorithm.
|
|
Packit |
549fdc |
@item GNUTLS_@-KX_@-RSA_@-EXPORT
|
|
Packit |
549fdc |
RSA-EXPORT key-exchange algorithm (defunc).
|
|
Packit |
549fdc |
@item GNUTLS_@-KX_@-SRP_@-RSA
|
|
Packit |
549fdc |
SRP-RSA key-exchange algorithm.
|
|
Packit |
549fdc |
@item GNUTLS_@-KX_@-SRP_@-DSS
|
|
Packit |
549fdc |
SRP-DSS key-exchange algorithm.
|
|
Packit |
549fdc |
@item GNUTLS_@-KX_@-PSK
|
|
Packit |
549fdc |
PSK key-exchange algorithm.
|
|
Packit |
549fdc |
@item GNUTLS_@-KX_@-DHE_@-PSK
|
|
Packit |
549fdc |
DHE-PSK key-exchange algorithm.
|
|
Packit |
549fdc |
@item GNUTLS_@-KX_@-ANON_@-ECDH
|
|
Packit |
549fdc |
Anon-ECDH key-exchange algorithm.
|
|
Packit |
549fdc |
@item GNUTLS_@-KX_@-ECDHE_@-RSA
|
|
Packit |
549fdc |
ECDHE-RSA key-exchange algorithm.
|
|
Packit |
549fdc |
@item GNUTLS_@-KX_@-ECDHE_@-ECDSA
|
|
Packit |
549fdc |
ECDHE-ECDSA key-exchange algorithm.
|
|
Packit |
549fdc |
@item GNUTLS_@-KX_@-ECDHE_@-PSK
|
|
Packit |
549fdc |
ECDHE-PSK key-exchange algorithm.
|
|
Packit |
549fdc |
@item GNUTLS_@-KX_@-RSA_@-PSK
|
|
Packit |
549fdc |
RSA-PSK key-exchange algorithm.
|
|
Packit |
549fdc |
@end table
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
@c gnutls_params_type_t
|
|
Packit |
549fdc |
@table @code
|
|
Packit |
549fdc |
@item GNUTLS_@-PARAMS_@-RSA_@-EXPORT
|
|
Packit |
549fdc |
Session RSA-EXPORT parameters (defunc).
|
|
Packit |
549fdc |
@item GNUTLS_@-PARAMS_@-DH
|
|
Packit |
549fdc |
Session Diffie-Hellman parameters.
|
|
Packit |
549fdc |
@item GNUTLS_@-PARAMS_@-ECDH
|
|
Packit |
549fdc |
Session Elliptic-Curve Diffie-Hellman parameters.
|
|
Packit |
549fdc |
@end table
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
@c gnutls_credentials_type_t
|
|
Packit |
549fdc |
@table @code
|
|
Packit |
549fdc |
@item GNUTLS_@-CRD_@-CERTIFICATE
|
|
Packit |
549fdc |
Certificate credential.
|
|
Packit |
549fdc |
@item GNUTLS_@-CRD_@-ANON
|
|
Packit |
549fdc |
Anonymous credential.
|
|
Packit |
549fdc |
@item GNUTLS_@-CRD_@-SRP
|
|
Packit |
549fdc |
SRP credential.
|
|
Packit |
549fdc |
@item GNUTLS_@-CRD_@-PSK
|
|
Packit |
549fdc |
PSK credential.
|
|
Packit |
549fdc |
@item GNUTLS_@-CRD_@-IA
|
|
Packit |
549fdc |
IA credential.
|
|
Packit |
549fdc |
@end table
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
@c gnutls_mac_algorithm_t
|
|
Packit |
549fdc |
@table @code
|
|
Packit |
549fdc |
@item GNUTLS_@-MAC_@-UNKNOWN
|
|
Packit |
549fdc |
Unknown MAC algorithm.
|
|
Packit |
549fdc |
@item GNUTLS_@-MAC_@-NULL
|
|
Packit |
549fdc |
NULL MAC algorithm (empty output).
|
|
Packit |
549fdc |
@item GNUTLS_@-MAC_@-MD5
|
|
Packit |
549fdc |
HMAC-MD5 algorithm.
|
|
Packit |
549fdc |
@item GNUTLS_@-MAC_@-SHA1
|
|
Packit |
549fdc |
HMAC-SHA-1 algorithm.
|
|
Packit |
549fdc |
@item GNUTLS_@-MAC_@-RMD160
|
|
Packit |
549fdc |
HMAC-RMD160 algorithm.
|
|
Packit |
549fdc |
@item GNUTLS_@-MAC_@-MD2
|
|
Packit |
549fdc |
HMAC-MD2 algorithm.
|
|
Packit |
549fdc |
@item GNUTLS_@-MAC_@-SHA256
|
|
Packit |
549fdc |
HMAC-SHA-256 algorithm.
|
|
Packit |
549fdc |
@item GNUTLS_@-MAC_@-SHA384
|
|
Packit |
549fdc |
HMAC-SHA-384 algorithm.
|
|
Packit |
549fdc |
@item GNUTLS_@-MAC_@-SHA512
|
|
Packit |
549fdc |
HMAC-SHA-512 algorithm.
|
|
Packit |
549fdc |
@item GNUTLS_@-MAC_@-SHA224
|
|
Packit |
549fdc |
HMAC-SHA-224 algorithm.
|
|
Packit |
549fdc |
@item GNUTLS_@-MAC_@-SHA3_@-224
|
|
Packit |
549fdc |
-- undescribed --
|
|
Packit |
549fdc |
@item GNUTLS_@-MAC_@-SHA3_@-256
|
|
Packit |
549fdc |
-- undescribed --
|
|
Packit |
549fdc |
@item GNUTLS_@-MAC_@-SHA3_@-384
|
|
Packit |
549fdc |
-- undescribed --
|
|
Packit |
549fdc |
@item GNUTLS_@-MAC_@-SHA3_@-512
|
|
Packit |
549fdc |
-- undescribed --
|
|
Packit |
549fdc |
@item GNUTLS_@-MAC_@-MD5_@-SHA1
|
|
Packit |
549fdc |
Combined MD5+SHA1 MAC placeholder.
|
|
Packit |
549fdc |
@item GNUTLS_@-MAC_@-AEAD
|
|
Packit |
549fdc |
MAC implicit through AEAD cipher.
|
|
Packit |
549fdc |
@item GNUTLS_@-MAC_@-UMAC_@-96
|
|
Packit |
549fdc |
The UMAC-96 MAC algorithm.
|
|
Packit |
549fdc |
@item GNUTLS_@-MAC_@-UMAC_@-128
|
|
Packit |
549fdc |
The UMAC-128 MAC algorithm.
|
|
Packit |
549fdc |
@end table
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
@c gnutls_digest_algorithm_t
|
|
Packit |
549fdc |
@table @code
|
|
Packit |
549fdc |
@item GNUTLS_@-DIG_@-UNKNOWN
|
|
Packit |
549fdc |
Unknown hash algorithm.
|
|
Packit |
549fdc |
@item GNUTLS_@-DIG_@-NULL
|
|
Packit |
549fdc |
NULL hash algorithm (empty output).
|
|
Packit |
549fdc |
@item GNUTLS_@-DIG_@-MD5
|
|
Packit |
549fdc |
MD5 algorithm.
|
|
Packit |
549fdc |
@item GNUTLS_@-DIG_@-SHA1
|
|
Packit |
549fdc |
SHA-1 algorithm.
|
|
Packit |
549fdc |
@item GNUTLS_@-DIG_@-RMD160
|
|
Packit |
549fdc |
RMD160 algorithm.
|
|
Packit |
549fdc |
@item GNUTLS_@-DIG_@-MD2
|
|
Packit |
549fdc |
MD2 algorithm.
|
|
Packit |
549fdc |
@item GNUTLS_@-DIG_@-SHA256
|
|
Packit |
549fdc |
SHA-256 algorithm.
|
|
Packit |
549fdc |
@item GNUTLS_@-DIG_@-SHA384
|
|
Packit |
549fdc |
SHA-384 algorithm.
|
|
Packit |
549fdc |
@item GNUTLS_@-DIG_@-SHA512
|
|
Packit |
549fdc |
SHA-512 algorithm.
|
|
Packit |
549fdc |
@item GNUTLS_@-DIG_@-SHA224
|
|
Packit |
549fdc |
SHA-224 algorithm.
|
|
Packit |
549fdc |
@item GNUTLS_@-DIG_@-SHA3_@-224
|
|
Packit |
549fdc |
SHA3-224 algorithm.
|
|
Packit |
549fdc |
@item GNUTLS_@-DIG_@-SHA3_@-256
|
|
Packit |
549fdc |
SHA3-256 algorithm.
|
|
Packit |
549fdc |
@item GNUTLS_@-DIG_@-SHA3_@-384
|
|
Packit |
549fdc |
SHA3-384 algorithm.
|
|
Packit |
549fdc |
@item GNUTLS_@-DIG_@-SHA3_@-512
|
|
Packit |
549fdc |
SHA3-512 algorithm.
|
|
Packit |
549fdc |
@item GNUTLS_@-DIG_@-MD5_@-SHA1
|
|
Packit |
549fdc |
Combined MD5+SHA1 algorithm.
|
|
Packit |
549fdc |
@end table
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
@c gnutls_compression_method_t
|
|
Packit |
549fdc |
@table @code
|
|
Packit |
549fdc |
@item GNUTLS_@-COMP_@-UNKNOWN
|
|
Packit |
549fdc |
Unknown compression method.
|
|
Packit |
549fdc |
@item GNUTLS_@-COMP_@-NULL
|
|
Packit |
549fdc |
The NULL compression method (no compression).
|
|
Packit |
549fdc |
@item GNUTLS_@-COMP_@-DEFLATE
|
|
Packit |
549fdc |
The DEFLATE compression method from zlib.
|
|
Packit |
549fdc |
@item GNUTLS_@-COMP_@-ZLIB
|
|
Packit |
549fdc |
Same as @code{GNUTLS_COMP_DEFLATE} .
|
|
Packit |
549fdc |
@end table
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
@c gnutls_init_flags_t
|
|
Packit |
549fdc |
@table @code
|
|
Packit |
549fdc |
@item GNUTLS_@-SERVER
|
|
Packit |
549fdc |
Connection end is a server.
|
|
Packit |
549fdc |
@item GNUTLS_@-CLIENT
|
|
Packit |
549fdc |
Connection end is a client.
|
|
Packit |
549fdc |
@item GNUTLS_@-DATAGRAM
|
|
Packit |
549fdc |
Connection is datagram oriented (DTLS). Since 3.0.0.
|
|
Packit |
549fdc |
@item GNUTLS_@-NONBLOCK
|
|
Packit |
549fdc |
Connection should not block. Since 3.0.0.
|
|
Packit |
549fdc |
@item GNUTLS_@-NO_@-EXTENSIONS
|
|
Packit |
549fdc |
Do not enable any TLS extensions by default (since 3.1.2).
|
|
Packit |
549fdc |
@item GNUTLS_@-NO_@-REPLAY_@-PROTECTION
|
|
Packit |
549fdc |
Disable any replay protection in DTLS. This must only be used if replay protection is achieved using other means. Since 3.2.2.
|
|
Packit |
549fdc |
@item GNUTLS_@-NO_@-SIGNAL
|
|
Packit |
549fdc |
In systems where SIGPIPE is delivered on send, it will be disabled. That flag has effect in systems which support the MSG_NOSIGNAL sockets flag (since 3.4.2).
|
|
Packit |
549fdc |
@item GNUTLS_@-ALLOW_@-ID_@-CHANGE
|
|
Packit |
549fdc |
Allow the peer to replace its certificate, or change its ID during a rehandshake. This change is often used in attacks and thus prohibited by default. Since 3.5.0.
|
|
Packit |
549fdc |
@item GNUTLS_@-ENABLE_@-FALSE_@-START
|
|
Packit |
549fdc |
Enable the TLS false start on client side if the negotiated ciphersuites allow it. This will enable sending data prior to the handshake being complete, and may introduce a risk of crypto failure when combined with certain key exchanged; for that GnuTLS may not enable that option in ciphersuites that are known to be not safe for false start. Since 3.5.0.
|
|
Packit |
549fdc |
@item GNUTLS_@-FORCE_@-CLIENT_@-CERT
|
|
Packit |
549fdc |
When in client side and only a single cert is specified, send that certificate irrespective of the issuers expected by the server. Since 3.5.0.
|
|
Packit |
549fdc |
@item GNUTLS_@-NO_@-TICKETS
|
|
Packit |
549fdc |
Flag to indicate that the session should not use resumption with session tickets.
|
|
Packit |
549fdc |
@end table
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
@c gnutls_alert_level_t
|
|
Packit |
549fdc |
@table @code
|
|
Packit |
549fdc |
@item GNUTLS_@-AL_@-WARNING
|
|
Packit |
549fdc |
Alert of warning severity.
|
|
Packit |
549fdc |
@item GNUTLS_@-AL_@-FATAL
|
|
Packit |
549fdc |
Alert of fatal severity.
|
|
Packit |
549fdc |
@end table
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
@c gnutls_alert_description_t
|
|
Packit |
549fdc |
@table @code
|
|
Packit |
549fdc |
@item GNUTLS_@-A_@-CLOSE_@-NOTIFY
|
|
Packit |
549fdc |
Close notify.
|
|
Packit |
549fdc |
@item GNUTLS_@-A_@-UNEXPECTED_@-MESSAGE
|
|
Packit |
549fdc |
Unexpected message.
|
|
Packit |
549fdc |
@item GNUTLS_@-A_@-BAD_@-RECORD_@-MAC
|
|
Packit |
549fdc |
Bad record MAC.
|
|
Packit |
549fdc |
@item GNUTLS_@-A_@-DECRYPTION_@-FAILED
|
|
Packit |
549fdc |
Decryption failed.
|
|
Packit |
549fdc |
@item GNUTLS_@-A_@-RECORD_@-OVERFLOW
|
|
Packit |
549fdc |
Record overflow.
|
|
Packit |
549fdc |
@item GNUTLS_@-A_@-DECOMPRESSION_@-FAILURE
|
|
Packit |
549fdc |
Decompression failed.
|
|
Packit |
549fdc |
@item GNUTLS_@-A_@-HANDSHAKE_@-FAILURE
|
|
Packit |
549fdc |
Handshake failed.
|
|
Packit |
549fdc |
@item GNUTLS_@-A_@-SSL3_@-NO_@-CERTIFICATE
|
|
Packit |
549fdc |
No certificate.
|
|
Packit |
549fdc |
@item GNUTLS_@-A_@-BAD_@-CERTIFICATE
|
|
Packit |
549fdc |
Certificate is bad.
|
|
Packit |
549fdc |
@item GNUTLS_@-A_@-UNSUPPORTED_@-CERTIFICATE
|
|
Packit |
549fdc |
Certificate is not supported.
|
|
Packit |
549fdc |
@item GNUTLS_@-A_@-CERTIFICATE_@-REVOKED
|
|
Packit |
549fdc |
Certificate was revoked.
|
|
Packit |
549fdc |
@item GNUTLS_@-A_@-CERTIFICATE_@-EXPIRED
|
|
Packit |
549fdc |
Certificate is expired.
|
|
Packit |
549fdc |
@item GNUTLS_@-A_@-CERTIFICATE_@-UNKNOWN
|
|
Packit |
549fdc |
Unknown certificate.
|
|
Packit |
549fdc |
@item GNUTLS_@-A_@-ILLEGAL_@-PARAMETER
|
|
Packit |
549fdc |
Illegal parameter.
|
|
Packit |
549fdc |
@item GNUTLS_@-A_@-UNKNOWN_@-CA
|
|
Packit |
549fdc |
CA is unknown.
|
|
Packit |
549fdc |
@item GNUTLS_@-A_@-ACCESS_@-DENIED
|
|
Packit |
549fdc |
Access was denied.
|
|
Packit |
549fdc |
@item GNUTLS_@-A_@-DECODE_@-ERROR
|
|
Packit |
549fdc |
Decode error.
|
|
Packit |
549fdc |
@item GNUTLS_@-A_@-DECRYPT_@-ERROR
|
|
Packit |
549fdc |
Decrypt error.
|
|
Packit |
549fdc |
@item GNUTLS_@-A_@-EXPORT_@-RESTRICTION
|
|
Packit |
549fdc |
Export restriction.
|
|
Packit |
549fdc |
@item GNUTLS_@-A_@-PROTOCOL_@-VERSION
|
|
Packit |
549fdc |
Error in protocol version.
|
|
Packit |
549fdc |
@item GNUTLS_@-A_@-INSUFFICIENT_@-SECURITY
|
|
Packit |
549fdc |
Insufficient security.
|
|
Packit |
549fdc |
@item GNUTLS_@-A_@-INTERNAL_@-ERROR
|
|
Packit |
549fdc |
Internal error.
|
|
Packit |
549fdc |
@item GNUTLS_@-A_@-INAPPROPRIATE_@-FALLBACK
|
|
Packit |
549fdc |
Inappropriate fallback,
|
|
Packit |
549fdc |
@item GNUTLS_@-A_@-USER_@-CANCELED
|
|
Packit |
549fdc |
User canceled.
|
|
Packit |
549fdc |
@item GNUTLS_@-A_@-NO_@-RENEGOTIATION
|
|
Packit |
549fdc |
No renegotiation is allowed.
|
|
Packit |
549fdc |
@item GNUTLS_@-A_@-UNSUPPORTED_@-EXTENSION
|
|
Packit |
549fdc |
An unsupported extension was
|
|
Packit |
549fdc |
sent.
|
|
Packit |
549fdc |
@item GNUTLS_@-A_@-CERTIFICATE_@-UNOBTAINABLE
|
|
Packit |
549fdc |
Could not retrieve the
|
|
Packit |
549fdc |
specified certificate.
|
|
Packit |
549fdc |
@item GNUTLS_@-A_@-UNRECOGNIZED_@-NAME
|
|
Packit |
549fdc |
The server name sent was not
|
|
Packit |
549fdc |
recognized.
|
|
Packit |
549fdc |
@item GNUTLS_@-A_@-UNKNOWN_@-PSK_@-IDENTITY
|
|
Packit |
549fdc |
The SRP/PSK username is missing
|
|
Packit |
549fdc |
or not known.
|
|
Packit |
549fdc |
@item GNUTLS_@-A_@-NO_@-APPLICATION_@-PROTOCOL
|
|
Packit |
549fdc |
The ALPN protocol requested is
|
|
Packit |
549fdc |
not supported by the peer.
|
|
Packit |
549fdc |
@item GNUTLS_@-A_@-MAX
|
|
Packit |
549fdc |
-- undescribed --
|
|
Packit |
549fdc |
@end table
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
@c gnutls_handshake_description_t
|
|
Packit |
549fdc |
@table @code
|
|
Packit |
549fdc |
@item GNUTLS_@-HANDSHAKE_@-HELLO_@-REQUEST
|
|
Packit |
549fdc |
Hello request.
|
|
Packit |
549fdc |
@item GNUTLS_@-HANDSHAKE_@-CLIENT_@-HELLO
|
|
Packit |
549fdc |
Client hello.
|
|
Packit |
549fdc |
@item GNUTLS_@-HANDSHAKE_@-SERVER_@-HELLO
|
|
Packit |
549fdc |
Server hello.
|
|
Packit |
549fdc |
@item GNUTLS_@-HANDSHAKE_@-HELLO_@-VERIFY_@-REQUEST
|
|
Packit |
549fdc |
DTLS Hello verify request.
|
|
Packit |
549fdc |
@item GNUTLS_@-HANDSHAKE_@-NEW_@-SESSION_@-TICKET
|
|
Packit |
549fdc |
New session ticket.
|
|
Packit |
549fdc |
@item GNUTLS_@-HANDSHAKE_@-CERTIFICATE_@-PKT
|
|
Packit |
549fdc |
Certificate packet.
|
|
Packit |
549fdc |
@item GNUTLS_@-HANDSHAKE_@-SERVER_@-KEY_@-EXCHANGE
|
|
Packit |
549fdc |
Server key exchange.
|
|
Packit |
549fdc |
@item GNUTLS_@-HANDSHAKE_@-CERTIFICATE_@-REQUEST
|
|
Packit |
549fdc |
Certificate request.
|
|
Packit |
549fdc |
@item GNUTLS_@-HANDSHAKE_@-SERVER_@-HELLO_@-DONE
|
|
Packit |
549fdc |
Server hello done.
|
|
Packit |
549fdc |
@item GNUTLS_@-HANDSHAKE_@-CERTIFICATE_@-VERIFY
|
|
Packit |
549fdc |
Certificate verify.
|
|
Packit |
549fdc |
@item GNUTLS_@-HANDSHAKE_@-CLIENT_@-KEY_@-EXCHANGE
|
|
Packit |
549fdc |
Client key exchange.
|
|
Packit |
549fdc |
@item GNUTLS_@-HANDSHAKE_@-FINISHED
|
|
Packit |
549fdc |
Finished.
|
|
Packit |
549fdc |
@item GNUTLS_@-HANDSHAKE_@-CERTIFICATE_@-STATUS
|
|
Packit |
549fdc |
Certificate status (OCSP).
|
|
Packit |
549fdc |
@item GNUTLS_@-HANDSHAKE_@-SUPPLEMENTAL
|
|
Packit |
549fdc |
Supplemental.
|
|
Packit |
549fdc |
@item GNUTLS_@-HANDSHAKE_@-CHANGE_@-CIPHER_@-SPEC
|
|
Packit |
549fdc |
Change Cipher Spec.
|
|
Packit |
549fdc |
@item GNUTLS_@-HANDSHAKE_@-CLIENT_@-HELLO_@-V2
|
|
Packit |
549fdc |
SSLv2 Client Hello.
|
|
Packit |
549fdc |
@end table
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
@c gnutls_certificate_status_t
|
|
Packit |
549fdc |
@table @code
|
|
Packit |
549fdc |
@item GNUTLS_@-CERT_@-INVALID
|
|
Packit |
549fdc |
The certificate is not signed by one of the
|
|
Packit |
549fdc |
known authorities or the signature is invalid (deprecated by the flags
|
|
Packit |
549fdc |
@code{GNUTLS_CERT_SIGNATURE_FAILURE} and @code{GNUTLS_CERT_SIGNER_NOT_FOUND} ).
|
|
Packit |
549fdc |
@item GNUTLS_@-CERT_@-REVOKED
|
|
Packit |
549fdc |
Certificate is revoked by its authority. In X.509 this will be
|
|
Packit |
549fdc |
set only if CRLs are checked.
|
|
Packit |
549fdc |
@item GNUTLS_@-CERT_@-SIGNER_@-NOT_@-FOUND
|
|
Packit |
549fdc |
The certificate's issuer is not known.
|
|
Packit |
549fdc |
This is the case if the issuer is not included in the trusted certificate list.
|
|
Packit |
549fdc |
@item GNUTLS_@-CERT_@-SIGNER_@-NOT_@-CA
|
|
Packit |
549fdc |
The certificate's signer was not a CA. This
|
|
Packit |
549fdc |
may happen if this was a version 1 certificate, which is common with
|
|
Packit |
549fdc |
some CAs, or a version 3 certificate without the basic constrains extension.
|
|
Packit |
549fdc |
@item GNUTLS_@-CERT_@-INSECURE_@-ALGORITHM
|
|
Packit |
549fdc |
The certificate was signed using an insecure
|
|
Packit |
549fdc |
algorithm such as MD2 or MD5. These algorithms have been broken and
|
|
Packit |
549fdc |
should not be trusted.
|
|
Packit |
549fdc |
@item GNUTLS_@-CERT_@-NOT_@-ACTIVATED
|
|
Packit |
549fdc |
The certificate is not yet activated.
|
|
Packit |
549fdc |
@item GNUTLS_@-CERT_@-EXPIRED
|
|
Packit |
549fdc |
The certificate has expired.
|
|
Packit |
549fdc |
@item GNUTLS_@-CERT_@-SIGNATURE_@-FAILURE
|
|
Packit |
549fdc |
The signature verification failed.
|
|
Packit |
549fdc |
@item GNUTLS_@-CERT_@-REVOCATION_@-DATA_@-SUPERSEDED
|
|
Packit |
549fdc |
The revocation data are old and have been superseded.
|
|
Packit |
549fdc |
@item GNUTLS_@-CERT_@-UNEXPECTED_@-OWNER
|
|
Packit |
549fdc |
The owner is not the expected one.
|
|
Packit |
549fdc |
@item GNUTLS_@-CERT_@-REVOCATION_@-DATA_@-ISSUED_@-IN_@-FUTURE
|
|
Packit |
549fdc |
The revocation data have a future issue date.
|
|
Packit |
549fdc |
@item GNUTLS_@-CERT_@-SIGNER_@-CONSTRAINTS_@-FAILURE
|
|
Packit |
549fdc |
The certificate's signer constraints were
|
|
Packit |
549fdc |
violated.
|
|
Packit |
549fdc |
@item GNUTLS_@-CERT_@-MISMATCH
|
|
Packit |
549fdc |
The certificate presented isn't the expected one (TOFU)
|
|
Packit |
549fdc |
@item GNUTLS_@-CERT_@-PURPOSE_@-MISMATCH
|
|
Packit |
549fdc |
The certificate or an intermediate does not match the intended purpose (extended key usage).
|
|
Packit |
549fdc |
@item GNUTLS_@-CERT_@-MISSING_@-OCSP_@-STATUS
|
|
Packit |
549fdc |
The certificate requires the server to send the certifiate status, but no status was received.
|
|
Packit |
549fdc |
@item GNUTLS_@-CERT_@-INVALID_@-OCSP_@-STATUS
|
|
Packit |
549fdc |
The received OCSP status response is invalid.
|
|
Packit |
549fdc |
@item GNUTLS_@-CERT_@-UNKNOWN_@-CRIT_@-EXTENSIONS
|
|
Packit |
549fdc |
The certificate has extensions marked as critical which are not supported.
|
|
Packit |
549fdc |
@end table
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
@c gnutls_certificate_request_t
|
|
Packit |
549fdc |
@table @code
|
|
Packit |
549fdc |
@item GNUTLS_@-CERT_@-IGNORE
|
|
Packit |
549fdc |
Ignore certificate.
|
|
Packit |
549fdc |
@item GNUTLS_@-CERT_@-REQUEST
|
|
Packit |
549fdc |
Request certificate.
|
|
Packit |
549fdc |
@item GNUTLS_@-CERT_@-REQUIRE
|
|
Packit |
549fdc |
Require certificate.
|
|
Packit |
549fdc |
@end table
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
@c gnutls_openpgp_crt_status_t
|
|
Packit |
549fdc |
@table @code
|
|
Packit |
549fdc |
@item GNUTLS_@-OPENPGP_@-CERT
|
|
Packit |
549fdc |
Send entire certificate.
|
|
Packit |
549fdc |
@item GNUTLS_@-OPENPGP_@-CERT_@-FINGERPRINT
|
|
Packit |
549fdc |
Send only certificate fingerprint.
|
|
Packit |
549fdc |
@end table
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
@c gnutls_close_request_t
|
|
Packit |
549fdc |
@table @code
|
|
Packit |
549fdc |
@item GNUTLS_@-SHUT_@-RDWR
|
|
Packit |
549fdc |
Disallow further receives/sends.
|
|
Packit |
549fdc |
@item GNUTLS_@-SHUT_@-WR
|
|
Packit |
549fdc |
Disallow further sends.
|
|
Packit |
549fdc |
@end table
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
@c gnutls_protocol_t
|
|
Packit |
549fdc |
@table @code
|
|
Packit |
549fdc |
@item GNUTLS_@-SSL3
|
|
Packit |
549fdc |
SSL version 3.0.
|
|
Packit |
549fdc |
@item GNUTLS_@-TLS1_@-0
|
|
Packit |
549fdc |
TLS version 1.0.
|
|
Packit |
549fdc |
@item GNUTLS_@-TLS1
|
|
Packit |
549fdc |
Same as @code{GNUTLS_TLS1_0} .
|
|
Packit |
549fdc |
@item GNUTLS_@-TLS1_@-1
|
|
Packit |
549fdc |
TLS version 1.1.
|
|
Packit |
549fdc |
@item GNUTLS_@-TLS1_@-2
|
|
Packit |
549fdc |
TLS version 1.2.
|
|
Packit |
549fdc |
@item GNUTLS_@-DTLS0_@-9
|
|
Packit |
549fdc |
DTLS version 0.9 (Cisco AnyConnect / OpenSSL 0.9.8e).
|
|
Packit |
549fdc |
@item GNUTLS_@-DTLS1_@-0
|
|
Packit |
549fdc |
DTLS version 1.0.
|
|
Packit |
549fdc |
@item GNUTLS_@-DTLS1_@-2
|
|
Packit |
549fdc |
DTLS version 1.2.
|
|
Packit |
549fdc |
@item GNUTLS_@-DTLS_@-VERSION_@-MIN
|
|
Packit |
549fdc |
-- undescribed --
|
|
Packit |
549fdc |
@item GNUTLS_@-DTLS_@-VERSION_@-MAX
|
|
Packit |
549fdc |
-- undescribed --
|
|
Packit |
549fdc |
@item GNUTLS_@-TLS_@-VERSION_@-MAX
|
|
Packit |
549fdc |
-- undescribed --
|
|
Packit |
549fdc |
@item GNUTLS_@-VERSION_@-UNKNOWN
|
|
Packit |
549fdc |
Unknown SSL/TLS version.
|
|
Packit |
549fdc |
@end table
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
@c gnutls_certificate_type_t
|
|
Packit |
549fdc |
@table @code
|
|
Packit |
549fdc |
@item GNUTLS_@-CRT_@-UNKNOWN
|
|
Packit |
549fdc |
Unknown certificate type.
|
|
Packit |
549fdc |
@item GNUTLS_@-CRT_@-X509
|
|
Packit |
549fdc |
X.509 Certificate.
|
|
Packit |
549fdc |
@item GNUTLS_@-CRT_@-OPENPGP
|
|
Packit |
549fdc |
OpenPGP certificate.
|
|
Packit |
549fdc |
@item GNUTLS_@-CRT_@-RAW
|
|
Packit |
549fdc |
Raw public key (SubjectPublicKey)
|
|
Packit |
549fdc |
@end table
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
@c gnutls_x509_crt_fmt_t
|
|
Packit |
549fdc |
@table @code
|
|
Packit |
549fdc |
@item GNUTLS_@-X509_@-FMT_@-DER
|
|
Packit |
549fdc |
X.509 certificate in DER format (binary).
|
|
Packit |
549fdc |
@item GNUTLS_@-X509_@-FMT_@-PEM
|
|
Packit |
549fdc |
X.509 certificate in PEM format (text).
|
|
Packit |
549fdc |
@end table
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
@c gnutls_certificate_print_formats_t
|
|
Packit |
549fdc |
@table @code
|
|
Packit |
549fdc |
@item GNUTLS_@-CRT_@-PRINT_@-FULL
|
|
Packit |
549fdc |
Full information about certificate.
|
|
Packit |
549fdc |
@item GNUTLS_@-CRT_@-PRINT_@-ONELINE
|
|
Packit |
549fdc |
Information about certificate in one line.
|
|
Packit |
549fdc |
@item GNUTLS_@-CRT_@-PRINT_@-UNSIGNED_@-FULL
|
|
Packit |
549fdc |
All info for an unsigned certificate.
|
|
Packit |
549fdc |
@item GNUTLS_@-CRT_@-PRINT_@-COMPACT
|
|
Packit |
549fdc |
Information about certificate name in one line, plus identification of the public key.
|
|
Packit |
549fdc |
@item GNUTLS_@-CRT_@-PRINT_@-FULL_@-NUMBERS
|
|
Packit |
549fdc |
Full information about certificate and include easy to parse public key parameters.
|
|
Packit |
549fdc |
@end table
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
@c gnutls_pk_algorithm_t
|
|
Packit |
549fdc |
@table @code
|
|
Packit |
549fdc |
@item GNUTLS_@-PK_@-UNKNOWN
|
|
Packit |
549fdc |
Unknown public-key algorithm.
|
|
Packit |
549fdc |
@item GNUTLS_@-PK_@-RSA
|
|
Packit |
549fdc |
RSA public-key algorithm.
|
|
Packit |
549fdc |
@item GNUTLS_@-PK_@-DSA
|
|
Packit |
549fdc |
DSA public-key algorithm.
|
|
Packit |
549fdc |
@item GNUTLS_@-PK_@-DH
|
|
Packit |
549fdc |
Diffie-Hellman algorithm. Used to generate parameters.
|
|
Packit |
549fdc |
@item GNUTLS_@-PK_@-ECDSA
|
|
Packit |
549fdc |
Elliptic curve algorithm. These parameters are compatible with the ECDSA and ECDH algorithm.
|
|
Packit |
549fdc |
@item GNUTLS_@-PK_@-ECDH_@-X25519
|
|
Packit |
549fdc |
Elliptic curve algorithm, restricted to ECDH as per rfc7748.
|
|
Packit |
549fdc |
@item GNUTLS_@-PK_@-RSA_@-PSS
|
|
Packit |
549fdc |
RSA public-key algorithm, with PSS padding.
|
|
Packit |
549fdc |
@item GNUTLS_@-PK_@-EDDSA_@-ED25519
|
|
Packit |
549fdc |
Edwards curve Digital signature algorithm. Used with SHA512 on signatures.
|
|
Packit |
549fdc |
@item GNUTLS_@-PK_@-MAX
|
|
Packit |
549fdc |
-- undescribed --
|
|
Packit |
549fdc |
@end table
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
@c gnutls_sign_algorithm_t
|
|
Packit |
549fdc |
@table @code
|
|
Packit |
549fdc |
@item GNUTLS_@-SIGN_@-UNKNOWN
|
|
Packit |
549fdc |
Unknown signature algorithm.
|
|
Packit |
549fdc |
@item GNUTLS_@-SIGN_@-RSA_@-SHA1
|
|
Packit |
549fdc |
Digital signature algorithm RSA with SHA-1
|
|
Packit |
549fdc |
@item GNUTLS_@-SIGN_@-RSA_@-SHA
|
|
Packit |
549fdc |
Same as @code{GNUTLS_SIGN_RSA_SHA1} .
|
|
Packit |
549fdc |
@item GNUTLS_@-SIGN_@-DSA_@-SHA1
|
|
Packit |
549fdc |
Digital signature algorithm DSA with SHA-1
|
|
Packit |
549fdc |
@item GNUTLS_@-SIGN_@-DSA_@-SHA
|
|
Packit |
549fdc |
Same as @code{GNUTLS_SIGN_DSA_SHA1} .
|
|
Packit |
549fdc |
@item GNUTLS_@-SIGN_@-RSA_@-MD5
|
|
Packit |
549fdc |
Digital signature algorithm RSA with MD5.
|
|
Packit |
549fdc |
@item GNUTLS_@-SIGN_@-RSA_@-MD2
|
|
Packit |
549fdc |
Digital signature algorithm RSA with MD2.
|
|
Packit |
549fdc |
@item GNUTLS_@-SIGN_@-RSA_@-RMD160
|
|
Packit |
549fdc |
Digital signature algorithm RSA with RMD-160.
|
|
Packit |
549fdc |
@item GNUTLS_@-SIGN_@-RSA_@-SHA256
|
|
Packit |
549fdc |
Digital signature algorithm RSA with SHA-256.
|
|
Packit |
549fdc |
@item GNUTLS_@-SIGN_@-RSA_@-SHA384
|
|
Packit |
549fdc |
Digital signature algorithm RSA with SHA-384.
|
|
Packit |
549fdc |
@item GNUTLS_@-SIGN_@-RSA_@-SHA512
|
|
Packit |
549fdc |
Digital signature algorithm RSA with SHA-512.
|
|
Packit |
549fdc |
@item GNUTLS_@-SIGN_@-RSA_@-SHA224
|
|
Packit |
549fdc |
Digital signature algorithm RSA with SHA-224.
|
|
Packit |
549fdc |
@item GNUTLS_@-SIGN_@-DSA_@-SHA224
|
|
Packit |
549fdc |
Digital signature algorithm DSA with SHA-224
|
|
Packit |
549fdc |
@item GNUTLS_@-SIGN_@-DSA_@-SHA256
|
|
Packit |
549fdc |
Digital signature algorithm DSA with SHA-256
|
|
Packit |
549fdc |
@item GNUTLS_@-SIGN_@-ECDSA_@-SHA1
|
|
Packit |
549fdc |
ECDSA with SHA1.
|
|
Packit |
549fdc |
@item GNUTLS_@-SIGN_@-ECDSA_@-SHA224
|
|
Packit |
549fdc |
Digital signature algorithm ECDSA with SHA-224.
|
|
Packit |
549fdc |
@item GNUTLS_@-SIGN_@-ECDSA_@-SHA256
|
|
Packit |
549fdc |
Digital signature algorithm ECDSA with SHA-256.
|
|
Packit |
549fdc |
@item GNUTLS_@-SIGN_@-ECDSA_@-SHA384
|
|
Packit |
549fdc |
Digital signature algorithm ECDSA with SHA-384.
|
|
Packit |
549fdc |
@item GNUTLS_@-SIGN_@-ECDSA_@-SHA512
|
|
Packit |
549fdc |
Digital signature algorithm ECDSA with SHA-512.
|
|
Packit |
549fdc |
@item GNUTLS_@-SIGN_@-DSA_@-SHA384
|
|
Packit |
549fdc |
Digital signature algorithm DSA with SHA-384
|
|
Packit |
549fdc |
@item GNUTLS_@-SIGN_@-DSA_@-SHA512
|
|
Packit |
549fdc |
Digital signature algorithm DSA with SHA-512
|
|
Packit |
549fdc |
@item GNUTLS_@-SIGN_@-ECDSA_@-SHA3_@-224
|
|
Packit |
549fdc |
Digital signature algorithm ECDSA with SHA3-224.
|
|
Packit |
549fdc |
@item GNUTLS_@-SIGN_@-ECDSA_@-SHA3_@-256
|
|
Packit |
549fdc |
Digital signature algorithm ECDSA with SHA3-256.
|
|
Packit |
549fdc |
@item GNUTLS_@-SIGN_@-ECDSA_@-SHA3_@-384
|
|
Packit |
549fdc |
Digital signature algorithm ECDSA with SHA3-384.
|
|
Packit |
549fdc |
@item GNUTLS_@-SIGN_@-ECDSA_@-SHA3_@-512
|
|
Packit |
549fdc |
Digital signature algorithm ECDSA with SHA3-512.
|
|
Packit |
549fdc |
@item GNUTLS_@-SIGN_@-DSA_@-SHA3_@-224
|
|
Packit |
549fdc |
Digital signature algorithm DSA with SHA3-224.
|
|
Packit |
549fdc |
@item GNUTLS_@-SIGN_@-DSA_@-SHA3_@-256
|
|
Packit |
549fdc |
Digital signature algorithm DSA with SHA3-256.
|
|
Packit |
549fdc |
@item GNUTLS_@-SIGN_@-DSA_@-SHA3_@-384
|
|
Packit |
549fdc |
Digital signature algorithm DSA with SHA3-384.
|
|
Packit |
549fdc |
@item GNUTLS_@-SIGN_@-DSA_@-SHA3_@-512
|
|
Packit |
549fdc |
Digital signature algorithm DSA with SHA3-512.
|
|
Packit |
549fdc |
@item GNUTLS_@-SIGN_@-RSA_@-SHA3_@-224
|
|
Packit |
549fdc |
Digital signature algorithm RSA with SHA3-224.
|
|
Packit |
549fdc |
@item GNUTLS_@-SIGN_@-RSA_@-SHA3_@-256
|
|
Packit |
549fdc |
Digital signature algorithm RSA with SHA3-256.
|
|
Packit |
549fdc |
@item GNUTLS_@-SIGN_@-RSA_@-SHA3_@-384
|
|
Packit |
549fdc |
Digital signature algorithm RSA with SHA3-384.
|
|
Packit |
549fdc |
@item GNUTLS_@-SIGN_@-RSA_@-SHA3_@-512
|
|
Packit |
549fdc |
Digital signature algorithm RSA with SHA3-512.
|
|
Packit |
549fdc |
@item GNUTLS_@-SIGN_@-RSA_@-PSS_@-SHA256
|
|
Packit |
549fdc |
Digital signature algorithm RSA with SHA-256, with PSS padding.
|
|
Packit |
549fdc |
@item GNUTLS_@-SIGN_@-RSA_@-PSS_@-SHA384
|
|
Packit |
549fdc |
Digital signature algorithm RSA with SHA-384, with PSS padding.
|
|
Packit |
549fdc |
@item GNUTLS_@-SIGN_@-RSA_@-PSS_@-SHA512
|
|
Packit |
549fdc |
Digital signature algorithm RSA with SHA-512, with PSS padding.
|
|
Packit |
549fdc |
@item GNUTLS_@-SIGN_@-EDDSA_@-ED25519
|
|
Packit |
549fdc |
Digital signature algorithm EdDSA with Ed25519 curve.
|
|
Packit |
549fdc |
@item GNUTLS_@-SIGN_@-RSA_@-RAW
|
|
Packit |
549fdc |
Digital signature algorithm RSA with DigestInfo formatted data
|
|
Packit |
549fdc |
@item GNUTLS_@-SIGN_@-MAX
|
|
Packit |
549fdc |
-- undescribed --
|
|
Packit |
549fdc |
@end table
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
@c gnutls_ecc_curve_t
|
|
Packit |
549fdc |
@table @code
|
|
Packit |
549fdc |
@item GNUTLS_@-ECC_@-CURVE_@-INVALID
|
|
Packit |
549fdc |
Cannot be known
|
|
Packit |
549fdc |
@item GNUTLS_@-ECC_@-CURVE_@-SECP224R1
|
|
Packit |
549fdc |
the SECP224R1 curve
|
|
Packit |
549fdc |
@item GNUTLS_@-ECC_@-CURVE_@-SECP256R1
|
|
Packit |
549fdc |
the SECP256R1 curve
|
|
Packit |
549fdc |
@item GNUTLS_@-ECC_@-CURVE_@-SECP384R1
|
|
Packit |
549fdc |
the SECP384R1 curve
|
|
Packit |
549fdc |
@item GNUTLS_@-ECC_@-CURVE_@-SECP521R1
|
|
Packit |
549fdc |
the SECP521R1 curve
|
|
Packit |
549fdc |
@item GNUTLS_@-ECC_@-CURVE_@-SECP192R1
|
|
Packit |
549fdc |
the SECP192R1 curve
|
|
Packit |
549fdc |
@item GNUTLS_@-ECC_@-CURVE_@-X25519
|
|
Packit |
549fdc |
the X25519 curve (ECDH only)
|
|
Packit |
549fdc |
@item GNUTLS_@-ECC_@-CURVE_@-ED25519
|
|
Packit |
549fdc |
the Ed25519 curve
|
|
Packit |
549fdc |
@item GNUTLS_@-ECC_@-CURVE_@-MAX
|
|
Packit |
549fdc |
-- undescribed --
|
|
Packit |
549fdc |
@end table
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
@c gnutls_group_t
|
|
Packit |
549fdc |
@table @code
|
|
Packit |
549fdc |
@item GNUTLS_@-GROUP_@-INVALID
|
|
Packit |
549fdc |
Indicates unknown/invalid group
|
|
Packit |
549fdc |
@item GNUTLS_@-GROUP_@-SECP192R1
|
|
Packit |
549fdc |
the SECP192R1 curve group (legacy, only for TLS 1.2 compatibility)
|
|
Packit |
549fdc |
@item GNUTLS_@-GROUP_@-SECP224R1
|
|
Packit |
549fdc |
the SECP224R1 curve group (legacy, only for TLS 1.2 compatibility)
|
|
Packit |
549fdc |
@item GNUTLS_@-GROUP_@-SECP256R1
|
|
Packit |
549fdc |
the SECP256R1 curve group
|
|
Packit |
549fdc |
@item GNUTLS_@-GROUP_@-SECP384R1
|
|
Packit |
549fdc |
the SECP384R1 curve group
|
|
Packit |
549fdc |
@item GNUTLS_@-GROUP_@-SECP521R1
|
|
Packit |
549fdc |
the SECP521R1 curve group
|
|
Packit |
549fdc |
@item GNUTLS_@-GROUP_@-X25519
|
|
Packit |
549fdc |
the X25519 curve group
|
|
Packit |
549fdc |
@item GNUTLS_@-GROUP_@-FFDHE2048
|
|
Packit |
549fdc |
the FFDHE2048 group
|
|
Packit |
549fdc |
@item GNUTLS_@-GROUP_@-FFDHE3072
|
|
Packit |
549fdc |
the FFDHE3072 group
|
|
Packit |
549fdc |
@item GNUTLS_@-GROUP_@-FFDHE4096
|
|
Packit |
549fdc |
the FFDHE4096 group
|
|
Packit |
549fdc |
@item GNUTLS_@-GROUP_@-FFDHE8192
|
|
Packit |
549fdc |
the FFDHE8192 group
|
|
Packit |
549fdc |
@item GNUTLS_@-GROUP_@-MAX
|
|
Packit |
549fdc |
-- undescribed --
|
|
Packit |
549fdc |
@end table
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
@c gnutls_sec_param_t
|
|
Packit |
549fdc |
@table @code
|
|
Packit |
549fdc |
@item GNUTLS_@-SEC_@-PARAM_@-UNKNOWN
|
|
Packit |
549fdc |
Cannot be known
|
|
Packit |
549fdc |
@item GNUTLS_@-SEC_@-PARAM_@-INSECURE
|
|
Packit |
549fdc |
Less than 42 bits of security
|
|
Packit |
549fdc |
@item GNUTLS_@-SEC_@-PARAM_@-EXPORT
|
|
Packit |
549fdc |
42 bits of security
|
|
Packit |
549fdc |
@item GNUTLS_@-SEC_@-PARAM_@-VERY_@-WEAK
|
|
Packit |
549fdc |
64 bits of security
|
|
Packit |
549fdc |
@item GNUTLS_@-SEC_@-PARAM_@-WEAK
|
|
Packit |
549fdc |
72 bits of security
|
|
Packit |
549fdc |
@item GNUTLS_@-SEC_@-PARAM_@-LOW
|
|
Packit |
549fdc |
80 bits of security
|
|
Packit |
549fdc |
@item GNUTLS_@-SEC_@-PARAM_@-LEGACY
|
|
Packit |
549fdc |
96 bits of security
|
|
Packit |
549fdc |
@item GNUTLS_@-SEC_@-PARAM_@-MEDIUM
|
|
Packit |
549fdc |
112 bits of security (used to be @code{GNUTLS_SEC_PARAM_NORMAL} )
|
|
Packit |
549fdc |
@item GNUTLS_@-SEC_@-PARAM_@-HIGH
|
|
Packit |
549fdc |
128 bits of security
|
|
Packit |
549fdc |
@item GNUTLS_@-SEC_@-PARAM_@-ULTRA
|
|
Packit |
549fdc |
192 bits of security
|
|
Packit |
549fdc |
@item GNUTLS_@-SEC_@-PARAM_@-FUTURE
|
|
Packit |
549fdc |
256 bits of security
|
|
Packit |
549fdc |
@item GNUTLS_@-SEC_@-PARAM_@-MAX
|
|
Packit |
549fdc |
-- undescribed --
|
|
Packit |
549fdc |
@end table
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
@c gnutls_channel_binding_t
|
|
Packit |
549fdc |
@table @code
|
|
Packit |
549fdc |
@item GNUTLS_@-CB_@-TLS_@-UNIQUE
|
|
Packit |
549fdc |
"tls-unique" (RFC 5929) channel binding
|
|
Packit |
549fdc |
@end table
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
@c gnutls_server_name_type_t
|
|
Packit |
549fdc |
@table @code
|
|
Packit |
549fdc |
@item GNUTLS_@-NAME_@-DNS
|
|
Packit |
549fdc |
Domain Name System name type.
|
|
Packit |
549fdc |
@end table
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
@c gnutls_session_flags_t
|
|
Packit |
549fdc |
@table @code
|
|
Packit |
549fdc |
@item GNUTLS_@-SFLAGS_@-SAFE_@-RENEGOTIATION
|
|
Packit |
549fdc |
Safe renegotiation (RFC5746) was used
|
|
Packit |
549fdc |
@item GNUTLS_@-SFLAGS_@-EXT_@-MASTER_@-SECRET
|
|
Packit |
549fdc |
The extended master secret (RFC7627) extension was used
|
|
Packit |
549fdc |
@item GNUTLS_@-SFLAGS_@-ETM
|
|
Packit |
549fdc |
The encrypt then MAC (RFC7366) extension was used
|
|
Packit |
549fdc |
@item GNUTLS_@-SFLAGS_@-HB_@-LOCAL_@-SEND
|
|
Packit |
549fdc |
The heartbeat negotiation allows the local side to send heartbeat messages
|
|
Packit |
549fdc |
@item GNUTLS_@-SFLAGS_@-HB_@-PEER_@-SEND
|
|
Packit |
549fdc |
The heartbeat negotiation allows the peer to send heartbeat messages
|
|
Packit |
549fdc |
@item GNUTLS_@-SFLAGS_@-FALSE_@-START
|
|
Packit |
549fdc |
The appdata set with @code{gnutls_handshake_set_appdata()} were sent during handshake (false start)
|
|
Packit |
549fdc |
@item GNUTLS_@-SFLAGS_@-RFC7919
|
|
Packit |
549fdc |
The RFC7919 Diffie-Hellman parameters were negotiated
|
|
Packit |
549fdc |
@end table
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
@c gnutls_supplemental_data_format_type_t
|
|
Packit |
549fdc |
@table @code
|
|
Packit |
549fdc |
@item GNUTLS_@-SUPPLEMENTAL_@-UNKNOWN
|
|
Packit |
549fdc |
Unknown data format
|
|
Packit |
549fdc |
@end table
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
@c gnutls_srtp_profile_t
|
|
Packit |
549fdc |
@table @code
|
|
Packit |
549fdc |
@item GNUTLS_@-SRTP_@-AES128_@-CM_@-HMAC_@-SHA1_@-80
|
|
Packit |
549fdc |
128 bit AES with a 80 bit HMAC-SHA1
|
|
Packit |
549fdc |
@item GNUTLS_@-SRTP_@-AES128_@-CM_@-HMAC_@-SHA1_@-32
|
|
Packit |
549fdc |
128 bit AES with a 32 bit HMAC-SHA1
|
|
Packit |
549fdc |
@item GNUTLS_@-SRTP_@-NULL_@-HMAC_@-SHA1_@-80
|
|
Packit |
549fdc |
NULL cipher with a 80 bit HMAC-SHA1
|
|
Packit |
549fdc |
@item GNUTLS_@-SRTP_@-NULL_@-HMAC_@-SHA1_@-32
|
|
Packit |
549fdc |
NULL cipher with a 32 bit HMAC-SHA1
|
|
Packit |
549fdc |
@end table
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
@c gnutls_alpn_flags_t
|
|
Packit |
549fdc |
@table @code
|
|
Packit |
549fdc |
@item GNUTLS_@-ALPN_@-MANDATORY
|
|
Packit |
549fdc |
Require ALPN negotiation. The connection will be
|
|
Packit |
549fdc |
aborted if no matching ALPN protocol is found.
|
|
Packit |
549fdc |
@item GNUTLS_@-ALPN_@-SERVER_@-PRECEDENCE
|
|
Packit |
549fdc |
The choices set by the server
|
|
Packit |
549fdc |
will take precedence over the client's.
|
|
Packit |
549fdc |
@end table
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
@c gnutls_vdata_types_t
|
|
Packit |
549fdc |
@table @code
|
|
Packit |
549fdc |
@item GNUTLS_@-DT_@-UNKNOWN
|
|
Packit |
549fdc |
Unknown data type.
|
|
Packit |
549fdc |
@item GNUTLS_@-DT_@-DNS_@-HOSTNAME
|
|
Packit |
549fdc |
The data contain a null-terminated DNS hostname; the hostname will be
|
|
Packit |
549fdc |
matched using the RFC6125 rules. If the data contain a textual IP (v4 or v6) address it will
|
|
Packit |
549fdc |
be marched against the IPAddress Alternative name, unless the verification flag @code{GNUTLS_VERIFY_DO_NOT_ALLOW_IP_MATCHES}
|
|
Packit |
549fdc |
is specified.
|
|
Packit |
549fdc |
@item GNUTLS_@-DT_@-KEY_@-PURPOSE_@-OID
|
|
Packit |
549fdc |
The data contain a null-terminated key purpose OID. It will be matched
|
|
Packit |
549fdc |
against the certificate's Extended Key Usage extension.
|
|
Packit |
549fdc |
@item GNUTLS_@-DT_@-RFC822NAME
|
|
Packit |
549fdc |
The data contain a null-terminated email address; the email will be
|
|
Packit |
549fdc |
matched against the RFC822Name Alternative name of the certificate, or the EMAIL DN component if the
|
|
Packit |
549fdc |
former isn't available. Prior to matching the email address will be converted to ACE
|
|
Packit |
549fdc |
(ASCII-compatible-encoding).
|
|
Packit |
549fdc |
@item GNUTLS_@-DT_@-IP_@-ADDRESS
|
|
Packit |
549fdc |
The data contain a raw IP address (4 or 16 bytes). If will be matched
|
|
Packit |
549fdc |
against the IPAddress Alternative name; option available since 3.6.0.
|
|
Packit |
549fdc |
@end table
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
@c gnutls_certificate_flags
|
|
Packit |
549fdc |
@table @code
|
|
Packit |
549fdc |
@item GNUTLS_@-CERTIFICATE_@-SKIP_@-KEY_@-CERT_@-MATCH
|
|
Packit |
549fdc |
Skip the key and certificate matching check.
|
|
Packit |
549fdc |
@item GNUTLS_@-CERTIFICATE_@-API_@-V2
|
|
Packit |
549fdc |
If set the gnutls_certificate_set_*key* functions will return an index of the added key pair instead of zero.
|
|
Packit |
549fdc |
@end table
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
@c gnutls_psk_key_flags
|
|
Packit |
549fdc |
@table @code
|
|
Packit |
549fdc |
@item GNUTLS_@-PSK_@-KEY_@-RAW
|
|
Packit |
549fdc |
PSK-key in raw format.
|
|
Packit |
549fdc |
@item GNUTLS_@-PSK_@-KEY_@-HEX
|
|
Packit |
549fdc |
PSK-key in hex format.
|
|
Packit |
549fdc |
@end table
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
@c gnutls_x509_subject_alt_name_t
|
|
Packit |
549fdc |
@table @code
|
|
Packit |
549fdc |
@item GNUTLS_@-SAN_@-DNSNAME
|
|
Packit |
549fdc |
DNS-name SAN.
|
|
Packit |
549fdc |
@item GNUTLS_@-SAN_@-RFC822NAME
|
|
Packit |
549fdc |
E-mail address SAN.
|
|
Packit |
549fdc |
@item GNUTLS_@-SAN_@-URI
|
|
Packit |
549fdc |
URI SAN.
|
|
Packit |
549fdc |
@item GNUTLS_@-SAN_@-IPADDRESS
|
|
Packit |
549fdc |
IP address SAN.
|
|
Packit |
549fdc |
@item GNUTLS_@-SAN_@-OTHERNAME
|
|
Packit |
549fdc |
OtherName SAN.
|
|
Packit |
549fdc |
@item GNUTLS_@-SAN_@-DN
|
|
Packit |
549fdc |
DN SAN.
|
|
Packit |
549fdc |
@item GNUTLS_@-SAN_@-MAX
|
|
Packit |
549fdc |
-- undescribed --
|
|
Packit |
549fdc |
@item GNUTLS_@-SAN_@-OTHERNAME_@-XMPP
|
|
Packit |
549fdc |
Virtual SAN, used by certain functions for convenience.
|
|
Packit |
549fdc |
@item GNUTLS_@-SAN_@-OTHERNAME_@-KRB5PRINCIPAL
|
|
Packit |
549fdc |
Virtual SAN, used by certain functions for convenience.
|
|
Packit |
549fdc |
@end table
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
@c gnutls_privkey_type_t
|
|
Packit |
549fdc |
@table @code
|
|
Packit |
549fdc |
@item GNUTLS_@-PRIVKEY_@-X509
|
|
Packit |
549fdc |
X.509 private key, @code{gnutls_x509_privkey_t} .
|
|
Packit |
549fdc |
@item GNUTLS_@-PRIVKEY_@-OPENPGP
|
|
Packit |
549fdc |
OpenPGP private key, @code{gnutls_openpgp_privkey_t} .
|
|
Packit |
549fdc |
@item GNUTLS_@-PRIVKEY_@-PKCS11
|
|
Packit |
549fdc |
PKCS11 private key, @code{gnutls_pkcs11_privkey_t} .
|
|
Packit |
549fdc |
@item GNUTLS_@-PRIVKEY_@-EXT
|
|
Packit |
549fdc |
External private key, operating using callbacks.
|
|
Packit |
549fdc |
@end table
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
@c gnutls_pin_flag_t
|
|
Packit |
549fdc |
@table @code
|
|
Packit |
549fdc |
@item GNUTLS_@-PIN_@-USER
|
|
Packit |
549fdc |
The PIN for the user.
|
|
Packit |
549fdc |
@item GNUTLS_@-PIN_@-SO
|
|
Packit |
549fdc |
The PIN for the security officer (admin).
|
|
Packit |
549fdc |
@item GNUTLS_@-PIN_@-FINAL_@-TRY
|
|
Packit |
549fdc |
This is the final try before blocking.
|
|
Packit |
549fdc |
@item GNUTLS_@-PIN_@-COUNT_@-LOW
|
|
Packit |
549fdc |
Few tries remain before token blocks.
|
|
Packit |
549fdc |
@item GNUTLS_@-PIN_@-CONTEXT_@-SPECIFIC
|
|
Packit |
549fdc |
The PIN is for a specific action and key like signing.
|
|
Packit |
549fdc |
@item GNUTLS_@-PIN_@-WRONG
|
|
Packit |
549fdc |
Last given PIN was not correct.
|
|
Packit |
549fdc |
@end table
|
|
Packit |
549fdc |
@subheading int
|
|
Packit |
549fdc |
@anchor{int}
|
|
Packit |
549fdc |
@deftypefun {typedef} {int} (* @var{gnutls_pin_callback_t})
|
|
Packit |
549fdc |
@var{gnutls_pin_callback_t}: -- undescribed --
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
Callback function type for PKCS@code{11} or TPM PIN entry. It is set by
|
|
Packit |
549fdc |
functions like @code{gnutls_pkcs11_set_pin_function()} .
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
The callback should provides the PIN code to unlock the token with
|
|
Packit |
549fdc |
label @code{token_label} , specified by the URL @code{token_url} .
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
The PIN code, as a NUL-terminated ASCII string, should be copied
|
|
Packit |
549fdc |
into the @code{pin} buffer (of maximum size @code{pin_max} ), and return 0 to
|
|
Packit |
549fdc |
indicate success. Alternatively, the callback may return a
|
|
Packit |
549fdc |
negative gnutls error code to indicate failure and cancel PIN entry
|
|
Packit |
549fdc |
(in which case, the contents of the @code{pin} parameter are ignored).
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
When a PIN is required, the callback will be invoked repeatedly
|
|
Packit |
549fdc |
(and indefinitely) until either the returned PIN code is correct,
|
|
Packit |
549fdc |
the callback returns failure, or the token refuses login (e.g. when
|
|
Packit |
549fdc |
the token is locked due to too many incorrect PINs!). For the
|
|
Packit |
549fdc |
first such invocation, the @code{attempt} counter will have value zero;
|
|
Packit |
549fdc |
it will increase by one for each subsequent attempt.
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
@strong{Returns:} @code{GNUTLS_E_SUCCESS} (0) on success or a negative error code on error.
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
@strong{Since:} 2.12.0
|
|
Packit |
549fdc |
@end deftypefun
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
@c gnutls_ext_parse_type_t
|
|
Packit |
549fdc |
@table @code
|
|
Packit |
549fdc |
@item GNUTLS_@-EXT_@-ANY
|
|
Packit |
549fdc |
Any extension type (internal use only).
|
|
Packit |
549fdc |
@item GNUTLS_@-EXT_@-APPLICATION
|
|
Packit |
549fdc |
Application extension.
|
|
Packit |
549fdc |
@item GNUTLS_@-EXT_@-TLS
|
|
Packit |
549fdc |
TLS-internal extension.
|
|
Packit |
549fdc |
@item GNUTLS_@-EXT_@-MANDATORY
|
|
Packit |
549fdc |
Extension parsed even if resuming (or extensions are disabled).
|
|
Packit |
549fdc |
@item GNUTLS_@-EXT_@-NONE
|
|
Packit |
549fdc |
Never parsed
|
|
Packit |
549fdc |
@end table
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
@c gnutls_ext_flags_t
|
|
Packit |
549fdc |
@table @code
|
|
Packit |
549fdc |
@item GNUTLS_@-EXT_@-FLAG_@-OVERRIDE_@-INTERNAL
|
|
Packit |
549fdc |
If specified the extension registered will override the internal; this does not work with extensions existing prior to 3.6.0.
|
|
Packit |
549fdc |
@end table
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
@c gnutls_certificate_import_flags
|
|
Packit |
549fdc |
@table @code
|
|
Packit |
549fdc |
@item GNUTLS_@-X509_@-CRT_@-LIST_@-IMPORT_@-FAIL_@-IF_@-EXCEED
|
|
Packit |
549fdc |
Fail if the
|
|
Packit |
549fdc |
certificates in the buffer are more than the space allocated for
|
|
Packit |
549fdc |
certificates. The error code will be @code{GNUTLS_E_SHORT_MEMORY_BUFFER} .
|
|
Packit |
549fdc |
@item GNUTLS_@-X509_@-CRT_@-LIST_@-FAIL_@-IF_@-UNSORTED
|
|
Packit |
549fdc |
Fail if the certificates
|
|
Packit |
549fdc |
in the buffer are not ordered starting from subject to issuer.
|
|
Packit |
549fdc |
The error code will be @code{GNUTLS_E_CERTIFICATE_LIST_UNSORTED} .
|
|
Packit |
549fdc |
@item GNUTLS_@-X509_@-CRT_@-LIST_@-SORT
|
|
Packit |
549fdc |
Sort the certificate chain if unsorted.
|
|
Packit |
549fdc |
@end table
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
@c gnutls_x509_crt_flags
|
|
Packit |
549fdc |
@table @code
|
|
Packit |
549fdc |
@item GNUTLS_@-X509_@-CRT_@-FLAG_@-IGNORE_@-SANITY
|
|
Packit |
549fdc |
Ignore any sanity checks at the
|
|
Packit |
549fdc |
import of the certificate; i.e., ignore checks such as version/field
|
|
Packit |
549fdc |
matching and strict time field checks. Intended to be used for debugging.
|
|
Packit |
549fdc |
@end table
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
@c gnutls_keyid_flags_t
|
|
Packit |
549fdc |
@table @code
|
|
Packit |
549fdc |
@item GNUTLS_@-KEYID_@-USE_@-SHA1
|
|
Packit |
549fdc |
Use SHA1 as the key ID algorithm (default).
|
|
Packit |
549fdc |
@item GNUTLS_@-KEYID_@-USE_@-SHA256
|
|
Packit |
549fdc |
Use SHA256 as the key ID algorithm.
|
|
Packit |
549fdc |
@item GNUTLS_@-KEYID_@-USE_@-SHA512
|
|
Packit |
549fdc |
Use SHA512 as the key ID algorithm.
|
|
Packit |
549fdc |
@item GNUTLS_@-KEYID_@-USE_@-BEST_@-KNOWN
|
|
Packit |
549fdc |
Use the best known algorithm to calculate key ID. Using that option will make your program behavior depend on the version of gnutls linked with. That option has a cap of 64-bytes key IDs.
|
|
Packit |
549fdc |
@end table
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
@c gnutls_certificate_verify_flags
|
|
Packit |
549fdc |
@table @code
|
|
Packit |
549fdc |
@item GNUTLS_@-VERIFY_@-DISABLE_@-CA_@-SIGN
|
|
Packit |
549fdc |
If set a signer does not have to be
|
|
Packit |
549fdc |
a certificate authority. This flag should normally be disabled,
|
|
Packit |
549fdc |
unless you know what this means.
|
|
Packit |
549fdc |
@item GNUTLS_@-VERIFY_@-DO_@-NOT_@-ALLOW_@-IP_@-MATCHES
|
|
Packit |
549fdc |
When verifying a hostname
|
|
Packit |
549fdc |
prevent textual IP addresses from matching IP addresses in the
|
|
Packit |
549fdc |
certificate. Treat the input only as a DNS name.
|
|
Packit |
549fdc |
@item GNUTLS_@-VERIFY_@-DO_@-NOT_@-ALLOW_@-SAME
|
|
Packit |
549fdc |
If a certificate is not signed by
|
|
Packit |
549fdc |
anyone trusted but exists in the trusted CA list do not treat it
|
|
Packit |
549fdc |
as trusted.
|
|
Packit |
549fdc |
@item GNUTLS_@-VERIFY_@-ALLOW_@-ANY_@-X509_@-V1_@-CA_@-CRT
|
|
Packit |
549fdc |
Allow CA certificates that
|
|
Packit |
549fdc |
have version 1 (both root and intermediate). This might be
|
|
Packit |
549fdc |
dangerous since those haven't the basicConstraints
|
|
Packit |
549fdc |
extension.
|
|
Packit |
549fdc |
@item GNUTLS_@-VERIFY_@-ALLOW_@-SIGN_@-RSA_@-MD2
|
|
Packit |
549fdc |
Allow certificates to be signed
|
|
Packit |
549fdc |
using the broken MD2 algorithm.
|
|
Packit |
549fdc |
@item GNUTLS_@-VERIFY_@-ALLOW_@-SIGN_@-RSA_@-MD5
|
|
Packit |
549fdc |
Allow certificates to be signed
|
|
Packit |
549fdc |
using the broken MD5 algorithm.
|
|
Packit |
549fdc |
@item GNUTLS_@-VERIFY_@-DISABLE_@-TIME_@-CHECKS
|
|
Packit |
549fdc |
Disable checking of activation
|
|
Packit |
549fdc |
and expiration validity periods of certificate chains. Don't set
|
|
Packit |
549fdc |
this unless you understand the security implications.
|
|
Packit |
549fdc |
@item GNUTLS_@-VERIFY_@-DISABLE_@-TRUSTED_@-TIME_@-CHECKS
|
|
Packit |
549fdc |
If set a signer in the trusted
|
|
Packit |
549fdc |
list is never checked for expiration or activation.
|
|
Packit |
549fdc |
@item GNUTLS_@-VERIFY_@-DO_@-NOT_@-ALLOW_@-X509_@-V1_@-CA_@-CRT
|
|
Packit |
549fdc |
Do not allow trusted CA
|
|
Packit |
549fdc |
certificates that have version 1. This option is to be used
|
|
Packit |
549fdc |
to deprecate all certificates of version 1.
|
|
Packit |
549fdc |
@item GNUTLS_@-VERIFY_@-DISABLE_@-CRL_@-CHECKS
|
|
Packit |
549fdc |
Disable checking for validity
|
|
Packit |
549fdc |
using certificate revocation lists or the available OCSP data.
|
|
Packit |
549fdc |
@item GNUTLS_@-VERIFY_@-ALLOW_@-UNSORTED_@-CHAIN
|
|
Packit |
549fdc |
A certificate chain is tolerated
|
|
Packit |
549fdc |
if unsorted (the case with many TLS servers out there). This is the
|
|
Packit |
549fdc |
default since GnuTLS 3.1.4.
|
|
Packit |
549fdc |
@item GNUTLS_@-VERIFY_@-DO_@-NOT_@-ALLOW_@-UNSORTED_@-CHAIN
|
|
Packit |
549fdc |
Do not tolerate an unsorted
|
|
Packit |
549fdc |
certificate chain.
|
|
Packit |
549fdc |
@item GNUTLS_@-VERIFY_@-DO_@-NOT_@-ALLOW_@-WILDCARDS
|
|
Packit |
549fdc |
When including a hostname
|
|
Packit |
549fdc |
check in the verification, do not consider any wildcards.
|
|
Packit |
549fdc |
@item GNUTLS_@-VERIFY_@-USE_@-TLS1_@-RSA
|
|
Packit |
549fdc |
This indicates that a (raw) RSA signature is provided
|
|
Packit |
549fdc |
as in the TLS 1.0 protocol. Not all functions accept this flag.
|
|
Packit |
549fdc |
@item GNUTLS_@-VERIFY_@-IGNORE_@-UNKNOWN_@-CRIT_@-EXTENSIONS
|
|
Packit |
549fdc |
This signals the verification
|
|
Packit |
549fdc |
process, not to fail on unknown critical extensions.
|
|
Packit |
549fdc |
@item GNUTLS_@-VERIFY_@-ALLOW_@-SIGN_@-WITH_@-SHA1
|
|
Packit |
549fdc |
Allow certificates to be signed
|
|
Packit |
549fdc |
using the broken SHA1 hash algorithm.
|
|
Packit |
549fdc |
@end table
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
@c gnutls_certificate_verification_profiles_t
|
|
Packit |
549fdc |
@table @code
|
|
Packit |
549fdc |
@item GNUTLS_@-PROFILE_@-VERY_@-WEAK
|
|
Packit |
549fdc |
A verification profile that
|
|
Packit |
549fdc |
corresponds to @code{GNUTLS_SEC_PARAM_VERY_WEAK} (64 bits)
|
|
Packit |
549fdc |
@item GNUTLS_@-PROFILE_@-LOW
|
|
Packit |
549fdc |
A verification profile that
|
|
Packit |
549fdc |
corresponds to @code{GNUTLS_SEC_PARAM_LOW} (80 bits)
|
|
Packit |
549fdc |
@item GNUTLS_@-PROFILE_@-LEGACY
|
|
Packit |
549fdc |
A verification profile that
|
|
Packit |
549fdc |
corresponds to @code{GNUTLS_SEC_PARAM_LEGACY} (96 bits)
|
|
Packit |
549fdc |
@item GNUTLS_@-PROFILE_@-MEDIUM
|
|
Packit |
549fdc |
A verification profile that
|
|
Packit |
549fdc |
corresponds to @code{GNUTLS_SEC_PARAM_MEDIUM} (112 bits)
|
|
Packit |
549fdc |
@item GNUTLS_@-PROFILE_@-HIGH
|
|
Packit |
549fdc |
A verification profile that
|
|
Packit |
549fdc |
corresponds to @code{GNUTLS_SEC_PARAM_HIGH} (128 bits)
|
|
Packit |
549fdc |
@item GNUTLS_@-PROFILE_@-ULTRA
|
|
Packit |
549fdc |
A verification profile that
|
|
Packit |
549fdc |
corresponds to @code{GNUTLS_SEC_PARAM_ULTRA} (256 bits)
|
|
Packit |
549fdc |
@item GNUTLS_@-PROFILE_@-SUITEB128
|
|
Packit |
549fdc |
A verification profile that
|
|
Packit |
549fdc |
applies the SUITEB128 rules
|
|
Packit |
549fdc |
@item GNUTLS_@-PROFILE_@-SUITEB192
|
|
Packit |
549fdc |
A verification profile that
|
|
Packit |
549fdc |
applies the SUITEB192 rules
|
|
Packit |
549fdc |
@end table
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
@c gnutls_pkcs_encrypt_flags_t
|
|
Packit |
549fdc |
@table @code
|
|
Packit |
549fdc |
@item GNUTLS_@-PKCS_@-PLAIN
|
|
Packit |
549fdc |
Unencrypted private key.
|
|
Packit |
549fdc |
@item GNUTLS_@-PKCS_@-PKCS12_@-3DES
|
|
Packit |
549fdc |
PKCS-12 3DES.
|
|
Packit |
549fdc |
@item GNUTLS_@-PKCS_@-PKCS12_@-ARCFOUR
|
|
Packit |
549fdc |
PKCS-12 ARCFOUR.
|
|
Packit |
549fdc |
@item GNUTLS_@-PKCS_@-PKCS12_@-RC2_@-40
|
|
Packit |
549fdc |
PKCS-12 RC2-40.
|
|
Packit |
549fdc |
@item GNUTLS_@-PKCS_@-PBES2_@-3DES
|
|
Packit |
549fdc |
PBES2 3DES.
|
|
Packit |
549fdc |
@item GNUTLS_@-PKCS_@-PBES2_@-AES_@-128
|
|
Packit |
549fdc |
PBES2 AES-128.
|
|
Packit |
549fdc |
@item GNUTLS_@-PKCS_@-PBES2_@-AES_@-192
|
|
Packit |
549fdc |
PBES2 AES-192.
|
|
Packit |
549fdc |
@item GNUTLS_@-PKCS_@-PBES2_@-AES_@-256
|
|
Packit |
549fdc |
PBES2 AES-256.
|
|
Packit |
549fdc |
@item GNUTLS_@-PKCS_@-NULL_@-PASSWORD
|
|
Packit |
549fdc |
Some schemas distinguish between an empty and a NULL password.
|
|
Packit |
549fdc |
@item GNUTLS_@-PKCS_@-PBES2_@-DES
|
|
Packit |
549fdc |
PBES2 single DES.
|
|
Packit |
549fdc |
@item GNUTLS_@-PKCS_@-PBES1_@-DES_@-MD5
|
|
Packit |
549fdc |
-- undescribed --
|
|
Packit |
549fdc |
@end table
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
@c gnutls_keygen_types_t
|
|
Packit |
549fdc |
@table @code
|
|
Packit |
549fdc |
@item GNUTLS_@-KEYGEN_@-SEED
|
|
Packit |
549fdc |
Specifies the seed to be used in key generation.
|
|
Packit |
549fdc |
@item GNUTLS_@-KEYGEN_@-DIGEST
|
|
Packit |
549fdc |
The size field specifies the hash algorithm to be used in key generation.
|
|
Packit |
549fdc |
@item GNUTLS_@-KEYGEN_@-SPKI
|
|
Packit |
549fdc |
data points to a @code{gnutls_x509_spki_t} structure; it is not used after the key generation call.
|
|
Packit |
549fdc |
@end table
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
@c gnutls_pkcs12_bag_type_t
|
|
Packit |
549fdc |
@table @code
|
|
Packit |
549fdc |
@item GNUTLS_@-BAG_@-EMPTY
|
|
Packit |
549fdc |
Empty PKCS-12 bag.
|
|
Packit |
549fdc |
@item GNUTLS_@-BAG_@-PKCS8_@-ENCRYPTED_@-KEY
|
|
Packit |
549fdc |
PKCS-12 bag with PKCS-8 encrypted key.
|
|
Packit |
549fdc |
@item GNUTLS_@-BAG_@-PKCS8_@-KEY
|
|
Packit |
549fdc |
PKCS-12 bag with PKCS-8 key.
|
|
Packit |
549fdc |
@item GNUTLS_@-BAG_@-CERTIFICATE
|
|
Packit |
549fdc |
PKCS-12 bag with certificate.
|
|
Packit |
549fdc |
@item GNUTLS_@-BAG_@-CRL
|
|
Packit |
549fdc |
PKCS-12 bag with CRL.
|
|
Packit |
549fdc |
@item GNUTLS_@-BAG_@-SECRET
|
|
Packit |
549fdc |
PKCS-12 bag with secret PKCS-9 keys.
|
|
Packit |
549fdc |
@item GNUTLS_@-BAG_@-ENCRYPTED
|
|
Packit |
549fdc |
Encrypted PKCS-12 bag.
|
|
Packit |
549fdc |
@item GNUTLS_@-BAG_@-UNKNOWN
|
|
Packit |
549fdc |
Unknown PKCS-12 bag.
|
|
Packit |
549fdc |
@end table
|
|
Packit |
549fdc |
@subheading int
|
|
Packit |
549fdc |
@anchor{int}
|
|
Packit |
549fdc |
@deftypefun {typedef} {int} (* @var{gnutls_pkcs11_token_callback_t})
|
|
Packit |
549fdc |
@var{gnutls_pkcs11_token_callback_t}: -- undescribed --
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
Token callback function. The callback will be used to ask the user
|
|
Packit |
549fdc |
to re-insert the token with given (null terminated) label. The
|
|
Packit |
549fdc |
callback should return zero if token has been inserted by user and
|
|
Packit |
549fdc |
a negative error code otherwise. It might be called multiple times
|
|
Packit |
549fdc |
if the token is not detected and the retry counter will be
|
|
Packit |
549fdc |
increased.
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
@strong{Returns:} @code{GNUTLS_E_SUCCESS} (0) on success or a negative error code
|
|
Packit |
549fdc |
on error.
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
@strong{Since:} 2.12.0
|
|
Packit |
549fdc |
@end deftypefun
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
@c gnutls_pkcs11_obj_flags
|
|
Packit |
549fdc |
@table @code
|
|
Packit |
549fdc |
@item GNUTLS_@-PKCS11_@-OBJ_@-FLAG_@-LOGIN
|
|
Packit |
549fdc |
Force login in the token for the operation (seek+store).
|
|
Packit |
549fdc |
@item GNUTLS_@-PKCS11_@-OBJ_@-FLAG_@-MARK_@-TRUSTED
|
|
Packit |
549fdc |
object marked as trusted (seek+store).
|
|
Packit |
549fdc |
@item GNUTLS_@-PKCS11_@-OBJ_@-FLAG_@-MARK_@-SENSITIVE
|
|
Packit |
549fdc |
object marked as sensitive -unexportable (store).
|
|
Packit |
549fdc |
@item GNUTLS_@-PKCS11_@-OBJ_@-FLAG_@-LOGIN_@-SO
|
|
Packit |
549fdc |
force login as a security officer in the token for the operation (seek+store).
|
|
Packit |
549fdc |
@item GNUTLS_@-PKCS11_@-OBJ_@-FLAG_@-MARK_@-PRIVATE
|
|
Packit |
549fdc |
marked as private -requires PIN to access (store).
|
|
Packit |
549fdc |
@item GNUTLS_@-PKCS11_@-OBJ_@-FLAG_@-MARK_@-NOT_@-PRIVATE
|
|
Packit |
549fdc |
marked as not private (store).
|
|
Packit |
549fdc |
@item GNUTLS_@-PKCS11_@-OBJ_@-FLAG_@-RETRIEVE_@-ANY
|
|
Packit |
549fdc |
When retrieving an object, do not set any requirements (store).
|
|
Packit |
549fdc |
@item GNUTLS_@-PKCS11_@-OBJ_@-FLAG_@-RETRIEVE_@-TRUSTED
|
|
Packit |
549fdc |
When retrieving an object, only retrieve the marked as trusted (alias to @code{GNUTLS_PKCS11_OBJ_FLAG_MARK_TRUSTED} ).
|
|
Packit |
549fdc |
In @code{gnutls_pkcs11_crt_is_known()} it implies @code{GNUTLS_PKCS11_OBJ_FLAG_RETRIEVE_COMPARE} if @code{GNUTLS_PKCS11_OBJ_FLAG_COMPARE_KEY} is not given.
|
|
Packit |
549fdc |
@item GNUTLS_@-PKCS11_@-OBJ_@-FLAG_@-MARK_@-DISTRUSTED
|
|
Packit |
549fdc |
When writing an object, mark it as distrusted (store).
|
|
Packit |
549fdc |
@item GNUTLS_@-PKCS11_@-OBJ_@-FLAG_@-RETRIEVE_@-DISTRUSTED
|
|
Packit |
549fdc |
When retrieving an object, only retrieve the marked as distrusted (seek).
|
|
Packit |
549fdc |
@item GNUTLS_@-PKCS11_@-OBJ_@-FLAG_@-COMPARE
|
|
Packit |
549fdc |
When checking an object's presence, fully compare it before returning any result (seek).
|
|
Packit |
549fdc |
@item GNUTLS_@-PKCS11_@-OBJ_@-FLAG_@-PRESENT_@-IN_@-TRUSTED_@-MODULE
|
|
Packit |
549fdc |
The object must be present in a marked as trusted module (seek).
|
|
Packit |
549fdc |
@item GNUTLS_@-PKCS11_@-OBJ_@-FLAG_@-MARK_@-CA
|
|
Packit |
549fdc |
Mark the object as a CA (seek+store).
|
|
Packit |
549fdc |
@item GNUTLS_@-PKCS11_@-OBJ_@-FLAG_@-MARK_@-KEY_@-WRAP
|
|
Packit |
549fdc |
Mark the generated key pair as wrapping and unwrapping keys (store).
|
|
Packit |
549fdc |
@item GNUTLS_@-PKCS11_@-OBJ_@-FLAG_@-COMPARE_@-KEY
|
|
Packit |
549fdc |
When checking an object's presence, compare the key before returning any result (seek).
|
|
Packit |
549fdc |
@item GNUTLS_@-PKCS11_@-OBJ_@-FLAG_@-OVERWRITE_@-TRUSTMOD_@-EXT
|
|
Packit |
549fdc |
When an issuer is requested, override its extensions with the ones present in the trust module (seek).
|
|
Packit |
549fdc |
@item GNUTLS_@-PKCS11_@-OBJ_@-FLAG_@-MARK_@-ALWAYS_@-AUTH
|
|
Packit |
549fdc |
Mark the key pair as requiring authentication (pin entry) before every operation (seek+store).
|
|
Packit |
549fdc |
@item GNUTLS_@-PKCS11_@-OBJ_@-FLAG_@-MARK_@-EXTRACTABLE
|
|
Packit |
549fdc |
Mark the key pair as being extractable (store).
|
|
Packit |
549fdc |
@item GNUTLS_@-PKCS11_@-OBJ_@-FLAG_@-NEVER_@-EXTRACTABLE
|
|
Packit |
549fdc |
If set, the object was never marked as extractable (store).
|
|
Packit |
549fdc |
@item GNUTLS_@-PKCS11_@-OBJ_@-FLAG_@-CRT
|
|
Packit |
549fdc |
When searching, restrict to certificates only (seek).
|
|
Packit |
549fdc |
@item GNUTLS_@-PKCS11_@-OBJ_@-FLAG_@-WITH_@-PRIVKEY
|
|
Packit |
549fdc |
-- undescribed --
|
|
Packit |
549fdc |
@item GNUTLS_@-PKCS11_@-OBJ_@-FLAG_@-PUBKEY
|
|
Packit |
549fdc |
When searching, restrict to public key objects only (seek).
|
|
Packit |
549fdc |
@item GNUTLS_@-PKCS11_@-OBJ_@-FLAG_@-NO_@-STORE_@-PUBKEY
|
|
Packit |
549fdc |
When generating a keypair don't store the public key (store).
|
|
Packit |
549fdc |
@item GNUTLS_@-PKCS11_@-OBJ_@-FLAG_@-PRIVKEY
|
|
Packit |
549fdc |
When searching, restrict to private key objects only (seek).
|
|
Packit |
549fdc |
@end table
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
@c gnutls_pkcs11_url_type_t
|
|
Packit |
549fdc |
@table @code
|
|
Packit |
549fdc |
@item GNUTLS_@-PKCS11_@-URL_@-GENERIC
|
|
Packit |
549fdc |
A generic-purpose URL.
|
|
Packit |
549fdc |
@item GNUTLS_@-PKCS11_@-URL_@-LIB
|
|
Packit |
549fdc |
A URL that specifies the library used as well.
|
|
Packit |
549fdc |
@item GNUTLS_@-PKCS11_@-URL_@-LIB_@-VERSION
|
|
Packit |
549fdc |
A URL that specifies the library and its version.
|
|
Packit |
549fdc |
@end table
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
@c gnutls_pkcs11_obj_info_t
|
|
Packit |
549fdc |
@table @code
|
|
Packit |
549fdc |
@item GNUTLS_@-PKCS11_@-OBJ_@-ID_@-HEX
|
|
Packit |
549fdc |
The object ID in hex. Null-terminated text.
|
|
Packit |
549fdc |
@item GNUTLS_@-PKCS11_@-OBJ_@-LABEL
|
|
Packit |
549fdc |
The object label. Null-terminated text.
|
|
Packit |
549fdc |
@item GNUTLS_@-PKCS11_@-OBJ_@-TOKEN_@-LABEL
|
|
Packit |
549fdc |
The token's label. Null-terminated text.
|
|
Packit |
549fdc |
@item GNUTLS_@-PKCS11_@-OBJ_@-TOKEN_@-SERIAL
|
|
Packit |
549fdc |
The token's serial number. Null-terminated text.
|
|
Packit |
549fdc |
@item GNUTLS_@-PKCS11_@-OBJ_@-TOKEN_@-MANUFACTURER
|
|
Packit |
549fdc |
The token's manufacturer. Null-terminated text.
|
|
Packit |
549fdc |
@item GNUTLS_@-PKCS11_@-OBJ_@-TOKEN_@-MODEL
|
|
Packit |
549fdc |
The token's model. Null-terminated text.
|
|
Packit |
549fdc |
@item GNUTLS_@-PKCS11_@-OBJ_@-ID
|
|
Packit |
549fdc |
The object ID. Raw bytes.
|
|
Packit |
549fdc |
@item GNUTLS_@-PKCS11_@-OBJ_@-LIBRARY_@-VERSION
|
|
Packit |
549fdc |
The library's version. Null-terminated text.
|
|
Packit |
549fdc |
@item GNUTLS_@-PKCS11_@-OBJ_@-LIBRARY_@-DESCRIPTION
|
|
Packit |
549fdc |
The library's description. Null-terminated text.
|
|
Packit |
549fdc |
@item GNUTLS_@-PKCS11_@-OBJ_@-LIBRARY_@-MANUFACTURER
|
|
Packit |
549fdc |
The library's manufacturer name. Null-terminated text.
|
|
Packit |
549fdc |
@end table
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
@c gnutls_pkcs11_token_info_t
|
|
Packit |
549fdc |
@table @code
|
|
Packit |
549fdc |
@item GNUTLS_@-PKCS11_@-TOKEN_@-LABEL
|
|
Packit |
549fdc |
The token's label (string)
|
|
Packit |
549fdc |
@item GNUTLS_@-PKCS11_@-TOKEN_@-SERIAL
|
|
Packit |
549fdc |
The token's serial number (string)
|
|
Packit |
549fdc |
@item GNUTLS_@-PKCS11_@-TOKEN_@-MANUFACTURER
|
|
Packit |
549fdc |
The token's manufacturer (string)
|
|
Packit |
549fdc |
@item GNUTLS_@-PKCS11_@-TOKEN_@-MODEL
|
|
Packit |
549fdc |
The token's model (string)
|
|
Packit |
549fdc |
@item GNUTLS_@-PKCS11_@-TOKEN_@-MODNAME
|
|
Packit |
549fdc |
The token's module name (string - since 3.4.3)
|
|
Packit |
549fdc |
@end table
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
@c gnutls_pkcs11_obj_type_t
|
|
Packit |
549fdc |
@table @code
|
|
Packit |
549fdc |
@item GNUTLS_@-PKCS11_@-OBJ_@-UNKNOWN
|
|
Packit |
549fdc |
Unknown PKCS11 object.
|
|
Packit |
549fdc |
@item GNUTLS_@-PKCS11_@-OBJ_@-X509_@-CRT
|
|
Packit |
549fdc |
X.509 certificate.
|
|
Packit |
549fdc |
@item GNUTLS_@-PKCS11_@-OBJ_@-PUBKEY
|
|
Packit |
549fdc |
Public key.
|
|
Packit |
549fdc |
@item GNUTLS_@-PKCS11_@-OBJ_@-PRIVKEY
|
|
Packit |
549fdc |
Private key.
|
|
Packit |
549fdc |
@item GNUTLS_@-PKCS11_@-OBJ_@-SECRET_@-KEY
|
|
Packit |
549fdc |
Secret key.
|
|
Packit |
549fdc |
@item GNUTLS_@-PKCS11_@-OBJ_@-DATA
|
|
Packit |
549fdc |
Data object.
|
|
Packit |
549fdc |
@item GNUTLS_@-PKCS11_@-OBJ_@-X509_@-CRT_@-EXTENSION
|
|
Packit |
549fdc |
X.509 certificate extension (supported by p11-kit trust module only).
|
|
Packit |
549fdc |
@end table
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
@c gnutls_pubkey_flags_t
|
|
Packit |
549fdc |
@table @code
|
|
Packit |
549fdc |
@item GNUTLS_@-PUBKEY_@-DISABLE_@-CALLBACKS
|
|
Packit |
549fdc |
The following flag disables call to PIN callbacks. Only
|
|
Packit |
549fdc |
relevant to TPM keys.
|
|
Packit |
549fdc |
@item GNUTLS_@-PUBKEY_@-GET_@-OPENPGP_@-FINGERPRINT
|
|
Packit |
549fdc |
request an OPENPGP fingerprint instead of the default.
|
|
Packit |
549fdc |
@end table
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
@c gnutls_abstract_export_flags_t
|
|
Packit |
549fdc |
@table @code
|
|
Packit |
549fdc |
@item GNUTLS_@-EXPORT_@-FLAG_@-NO_@-LZ
|
|
Packit |
549fdc |
do not prepend a leading zero to exported values
|
|
Packit |
549fdc |
@end table
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
@c gnutls_privkey_flags_t
|
|
Packit |
549fdc |
@table @code
|
|
Packit |
549fdc |
@item GNUTLS_@-PRIVKEY_@-IMPORT_@-AUTO_@-RELEASE
|
|
Packit |
549fdc |
When importing a private key, automatically
|
|
Packit |
549fdc |
release it when the structure it was imported is released.
|
|
Packit |
549fdc |
@item GNUTLS_@-PRIVKEY_@-IMPORT_@-COPY
|
|
Packit |
549fdc |
Copy required values during import.
|
|
Packit |
549fdc |
@item GNUTLS_@-PRIVKEY_@-DISABLE_@-CALLBACKS
|
|
Packit |
549fdc |
The following flag disables call to PIN callbacks etc.
|
|
Packit |
549fdc |
Only relevant to TPM keys.
|
|
Packit |
549fdc |
@item GNUTLS_@-PRIVKEY_@-SIGN_@-FLAG_@-TLS1_@-RSA
|
|
Packit |
549fdc |
Make an RSA signature on the hashed data as in the TLS protocol.
|
|
Packit |
549fdc |
@item GNUTLS_@-PRIVKEY_@-FLAG_@-PROVABLE
|
|
Packit |
549fdc |
When generating a key involving prime numbers, use provable primes; a seed may be required.
|
|
Packit |
549fdc |
@item GNUTLS_@-PRIVKEY_@-FLAG_@-EXPORT_@-COMPAT
|
|
Packit |
549fdc |
Keys generated or imported as provable require an extended format which cannot be read by previous versions
|
|
Packit |
549fdc |
of gnutls or other applications. By setting this flag the key will be exported in a backwards compatible way,
|
|
Packit |
549fdc |
even if the information about the seed used will be lost.
|
|
Packit |
549fdc |
@item GNUTLS_@-PRIVKEY_@-SIGN_@-FLAG_@-RSA_@-PSS
|
|
Packit |
549fdc |
Make an RSA signature on the hashed data with the PSS padding.
|
|
Packit |
549fdc |
@item GNUTLS_@-PRIVKEY_@-FLAG_@-REPRODUCIBLE
|
|
Packit |
549fdc |
Make an RSA-PSS signature on the hashed data with reproducible parameters (zero salt).
|
|
Packit |
549fdc |
@item GNUTLS_@-PRIVKEY_@-FLAG_@-CA
|
|
Packit |
549fdc |
The generated private key is going to be used as a CA (relevant for RSA-PSS keys).
|
|
Packit |
549fdc |
@end table
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
@c gnutls_rnd_level_t
|
|
Packit |
549fdc |
@table @code
|
|
Packit |
549fdc |
@item GNUTLS_@-RND_@-NONCE
|
|
Packit |
549fdc |
Non-predictable random number. Fatal in parts
|
|
Packit |
549fdc |
of session if broken, i.e., vulnerable to statistical analysis.
|
|
Packit |
549fdc |
@item GNUTLS_@-RND_@-RANDOM
|
|
Packit |
549fdc |
Pseudo-random cryptographic random number.
|
|
Packit |
549fdc |
Fatal in session if broken. Example use: temporal keys.
|
|
Packit |
549fdc |
@item GNUTLS_@-RND_@-KEY
|
|
Packit |
549fdc |
Fatal in many sessions if broken. Example use:
|
|
Packit |
549fdc |
Long-term keys.
|
|
Packit |
549fdc |
@end table
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
@c gnutls_ocsp_print_formats_t
|
|
Packit |
549fdc |
@table @code
|
|
Packit |
549fdc |
@item GNUTLS_@-OCSP_@-PRINT_@-FULL
|
|
Packit |
549fdc |
Full information about OCSP request/response.
|
|
Packit |
549fdc |
@item GNUTLS_@-OCSP_@-PRINT_@-COMPACT
|
|
Packit |
549fdc |
More compact information about OCSP request/response.
|
|
Packit |
549fdc |
@end table
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
@c gnutls_ocsp_resp_status_t
|
|
Packit |
549fdc |
@table @code
|
|
Packit |
549fdc |
@item GNUTLS_@-OCSP_@-RESP_@-SUCCESSFUL
|
|
Packit |
549fdc |
Response has valid confirmations.
|
|
Packit |
549fdc |
@item GNUTLS_@-OCSP_@-RESP_@-MALFORMEDREQUEST
|
|
Packit |
549fdc |
Illegal confirmation request
|
|
Packit |
549fdc |
@item GNUTLS_@-OCSP_@-RESP_@-INTERNALERROR
|
|
Packit |
549fdc |
Internal error in issuer
|
|
Packit |
549fdc |
@item GNUTLS_@-OCSP_@-RESP_@-TRYLATER
|
|
Packit |
549fdc |
Try again later
|
|
Packit |
549fdc |
@item GNUTLS_@-OCSP_@-RESP_@-SIGREQUIRED
|
|
Packit |
549fdc |
Must sign the request
|
|
Packit |
549fdc |
@item GNUTLS_@-OCSP_@-RESP_@-UNAUTHORIZED
|
|
Packit |
549fdc |
Request unauthorized
|
|
Packit |
549fdc |
@end table
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
@c gnutls_ocsp_cert_status_t
|
|
Packit |
549fdc |
@table @code
|
|
Packit |
549fdc |
@item GNUTLS_@-OCSP_@-CERT_@-GOOD
|
|
Packit |
549fdc |
Positive response to status inquiry.
|
|
Packit |
549fdc |
@item GNUTLS_@-OCSP_@-CERT_@-REVOKED
|
|
Packit |
549fdc |
Certificate has been revoked.
|
|
Packit |
549fdc |
@item GNUTLS_@-OCSP_@-CERT_@-UNKNOWN
|
|
Packit |
549fdc |
The responder doesn't know about the
|
|
Packit |
549fdc |
certificate.
|
|
Packit |
549fdc |
@end table
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
@c gnutls_x509_crl_reason_t
|
|
Packit |
549fdc |
@table @code
|
|
Packit |
549fdc |
@item GNUTLS_@-X509_@-CRLREASON_@-UNSPECIFIED
|
|
Packit |
549fdc |
Unspecified reason.
|
|
Packit |
549fdc |
@item GNUTLS_@-X509_@-CRLREASON_@-KEYCOMPROMISE
|
|
Packit |
549fdc |
Private key compromised.
|
|
Packit |
549fdc |
@item GNUTLS_@-X509_@-CRLREASON_@-CACOMPROMISE
|
|
Packit |
549fdc |
CA compromised.
|
|
Packit |
549fdc |
@item GNUTLS_@-X509_@-CRLREASON_@-AFFILIATIONCHANGED
|
|
Packit |
549fdc |
Affiliation has changed.
|
|
Packit |
549fdc |
@item GNUTLS_@-X509_@-CRLREASON_@-SUPERSEDED
|
|
Packit |
549fdc |
Certificate superseded.
|
|
Packit |
549fdc |
@item GNUTLS_@-X509_@-CRLREASON_@-CESSATIONOFOPERATION
|
|
Packit |
549fdc |
Operation has ceased.
|
|
Packit |
549fdc |
@item GNUTLS_@-X509_@-CRLREASON_@-CERTIFICATEHOLD
|
|
Packit |
549fdc |
Certificate is on hold.
|
|
Packit |
549fdc |
@item GNUTLS_@-X509_@-CRLREASON_@-REMOVEFROMCRL
|
|
Packit |
549fdc |
Will be removed from delta CRL.
|
|
Packit |
549fdc |
@item GNUTLS_@-X509_@-CRLREASON_@-PRIVILEGEWITHDRAWN
|
|
Packit |
549fdc |
Privilege withdrawn.
|
|
Packit |
549fdc |
@item GNUTLS_@-X509_@-CRLREASON_@-AACOMPROMISE
|
|
Packit |
549fdc |
AA compromised.
|
|
Packit |
549fdc |
@end table
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
@c gnutls_ocsp_verify_reason_t
|
|
Packit |
549fdc |
@table @code
|
|
Packit |
549fdc |
@item GNUTLS_@-OCSP_@-VERIFY_@-SIGNER_@-NOT_@-FOUND
|
|
Packit |
549fdc |
Signer cert not found.
|
|
Packit |
549fdc |
@item GNUTLS_@-OCSP_@-VERIFY_@-SIGNER_@-KEYUSAGE_@-ERROR
|
|
Packit |
549fdc |
Signer keyusage bits incorrect.
|
|
Packit |
549fdc |
@item GNUTLS_@-OCSP_@-VERIFY_@-UNTRUSTED_@-SIGNER
|
|
Packit |
549fdc |
Signer is not trusted.
|
|
Packit |
549fdc |
@item GNUTLS_@-OCSP_@-VERIFY_@-INSECURE_@-ALGORITHM
|
|
Packit |
549fdc |
Signature using insecure algorithm.
|
|
Packit |
549fdc |
@item GNUTLS_@-OCSP_@-VERIFY_@-SIGNATURE_@-FAILURE
|
|
Packit |
549fdc |
Signature mismatch.
|
|
Packit |
549fdc |
@item GNUTLS_@-OCSP_@-VERIFY_@-CERT_@-NOT_@-ACTIVATED
|
|
Packit |
549fdc |
Signer cert is not yet activated.
|
|
Packit |
549fdc |
@item GNUTLS_@-OCSP_@-VERIFY_@-CERT_@-EXPIRED
|
|
Packit |
549fdc |
Signer cert has expired.
|
|
Packit |
549fdc |
@end table
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
@c gnutls_tpmkey_fmt_t
|
|
Packit |
549fdc |
@table @code
|
|
Packit |
549fdc |
@item GNUTLS_@-TPMKEY_@-FMT_@-RAW
|
|
Packit |
549fdc |
The portable data format.
|
|
Packit |
549fdc |
@item GNUTLS_@-TPMKEY_@-FMT_@-DER
|
|
Packit |
549fdc |
An alias for the raw format.
|
|
Packit |
549fdc |
@item GNUTLS_@-TPMKEY_@-FMT_@-CTK_@-PEM
|
|
Packit |
549fdc |
A custom data format used by some TPM tools.
|
|
Packit |
549fdc |
@end table
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
@c dane_cert_usage_t
|
|
Packit |
549fdc |
@table @code
|
|
Packit |
549fdc |
@item DANE_@-CERT_@-USAGE_@-CA
|
|
Packit |
549fdc |
CA constraint. The certificate/key
|
|
Packit |
549fdc |
presented must have signed the verified key.
|
|
Packit |
549fdc |
@item DANE_@-CERT_@-USAGE_@-EE
|
|
Packit |
549fdc |
The key or the certificate of the end
|
|
Packit |
549fdc |
entity.
|
|
Packit |
549fdc |
@item DANE_@-CERT_@-USAGE_@-LOCAL_@-CA
|
|
Packit |
549fdc |
The remote CA is local and possibly
|
|
Packit |
549fdc |
untrusted by the verifier.
|
|
Packit |
549fdc |
@item DANE_@-CERT_@-USAGE_@-LOCAL_@-EE
|
|
Packit |
549fdc |
The remote end-entity key is local
|
|
Packit |
549fdc |
and possibly untrusted by the verifier (not signed by a CA).
|
|
Packit |
549fdc |
@end table
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
@c dane_cert_type_t
|
|
Packit |
549fdc |
@table @code
|
|
Packit |
549fdc |
@item DANE_@-CERT_@-X509
|
|
Packit |
549fdc |
An X.509 certificate.
|
|
Packit |
549fdc |
@item DANE_@-CERT_@-PK
|
|
Packit |
549fdc |
A public key.
|
|
Packit |
549fdc |
@end table
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
@c dane_match_type_t
|
|
Packit |
549fdc |
@table @code
|
|
Packit |
549fdc |
@item DANE_@-MATCH_@-EXACT
|
|
Packit |
549fdc |
The full content.
|
|
Packit |
549fdc |
@item DANE_@-MATCH_@-SHA2_@-256
|
|
Packit |
549fdc |
A SHA-256 hash of the content.
|
|
Packit |
549fdc |
@item DANE_@-MATCH_@-SHA2_@-512
|
|
Packit |
549fdc |
A SHA-512 hash of the content.
|
|
Packit |
549fdc |
@end table
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
@c dane_query_status_t
|
|
Packit |
549fdc |
@table @code
|
|
Packit |
549fdc |
@item DANE_@-QUERY_@-UNKNOWN
|
|
Packit |
549fdc |
There was no query.
|
|
Packit |
549fdc |
@item DANE_@-QUERY_@-DNSSEC_@-VERIFIED
|
|
Packit |
549fdc |
The query was verified using DNSSEC.
|
|
Packit |
549fdc |
@item DANE_@-QUERY_@-BOGUS
|
|
Packit |
549fdc |
The query has wrong DNSSEC signature.
|
|
Packit |
549fdc |
@item DANE_@-QUERY_@-NO_@-DNSSEC
|
|
Packit |
549fdc |
The query has no DNSSEC data.
|
|
Packit |
549fdc |
@end table
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
@c dane_state_flags_t
|
|
Packit |
549fdc |
@table @code
|
|
Packit |
549fdc |
@item DANE_@-F_@-IGNORE_@-LOCAL_@-RESOLVER
|
|
Packit |
549fdc |
Many systems are not DNSSEC-ready. In that case the local resolver is ignored, and a direct recursive resolve occurs.
|
|
Packit |
549fdc |
@item DANE_@-F_@-INSECURE
|
|
Packit |
549fdc |
Ignore any DNSSEC signature verification errors.
|
|
Packit |
549fdc |
@item DANE_@-F_@-IGNORE_@-DNSSEC
|
|
Packit |
549fdc |
Do not try to initialize DNSSEC as we will not use it (will then not try to load the DNSSEC root certificate). Useful if the TLSA data does not come from DNS.
|
|
Packit |
549fdc |
@end table
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
@c dane_verify_flags_t
|
|
Packit |
549fdc |
@table @code
|
|
Packit |
549fdc |
@item DANE_@-VFLAG_@-FAIL_@-IF_@-NOT_@-CHECKED
|
|
Packit |
549fdc |
If irrelevant to this certificate DANE entries are received fail instead of succeeding.
|
|
Packit |
549fdc |
@item DANE_@-VFLAG_@-ONLY_@-CHECK_@-EE_@-USAGE
|
|
Packit |
549fdc |
The provided certificates will be verified only against any EE field. Combine with @code{DANE_VFLAG_FAIL_IF_NOT_CHECKED} to fail if EE entries are not present.
|
|
Packit |
549fdc |
@item DANE_@-VFLAG_@-ONLY_@-CHECK_@-CA_@-USAGE
|
|
Packit |
549fdc |
The provided certificates will be verified only against any CA field. Combine with @code{DANE_VFLAG_FAIL_IF_NOT_CHECKED} to fail if CA entries are not present.
|
|
Packit |
549fdc |
@end table
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
@c dane_verify_status_t
|
|
Packit |
549fdc |
@table @code
|
|
Packit |
549fdc |
@item DANE_@-VERIFY_@-CA_@-CONSTRAINTS_@-VIOLATED
|
|
Packit |
549fdc |
The CA constraints were violated.
|
|
Packit |
549fdc |
@item DANE_@-VERIFY_@-CERT_@-DIFFERS
|
|
Packit |
549fdc |
The certificate obtained via DNS differs.
|
|
Packit |
549fdc |
@item DANE_@-VERIFY_@-UNKNOWN_@-DANE_@-INFO
|
|
Packit |
549fdc |
No known DANE data was found in the DNS record.
|
|
Packit |
549fdc |
@end table
|
|
Packit |
549fdc |
|
|
Packit |
549fdc |
@c gnutls_pkcs7_sign_flags
|
|
Packit |
549fdc |
@table @code
|
|
Packit |
549fdc |
@item GNUTLS_@-PKCS7_@-EMBED_@-DATA
|
|
Packit |
549fdc |
The signed data will be embedded in the structure.
|
|
Packit |
549fdc |
@item GNUTLS_@-PKCS7_@-INCLUDE_@-TIME
|
|
Packit |
549fdc |
The signing time will be included in the structure.
|
|
Packit |
549fdc |
@item GNUTLS_@-PKCS7_@-INCLUDE_@-CERT
|
|
Packit |
549fdc |
The signer's certificate will be included in the cert list.
|
|
Packit |
549fdc |
@item GNUTLS_@-PKCS7_@-WRITE_@-SPKI
|
|
Packit |
549fdc |
Use the signer's key identifier instead of name.
|
|
Packit |
549fdc |
@end table
|