gnutls.h source code [include/gnutls/gnutls.h]

1	/ -- c --*
2	* Copyright (C) 2000-2016 Free Software Foundation, Inc.
3	* Copyright (C) 2015-2016 Red Hat, Inc.
4	*
5	* Author: Nikos Mavrogiannopoulos
6	*
7	* This file is part of GnuTLS.
8	*
9	* The GnuTLS is free software; you can redistribute it and/or
10	* modify it under the terms of the GNU Lesser General Public License
11	* as published by the Free Software Foundation; either version 2.1 of
12	* the License, or (at your option) any later version.
13	*
14	* This library is distributed in the hope that it will be useful, but
15	* WITHOUT ANY WARRANTY; without even the implied warranty of
16	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
17	* Lesser General Public License for more details.
18	*
19	* You should have received a copy of the GNU Lesser General Public License
20	* along with this program. If not, see <http://www.gnu.org/licenses/>
21	*
22	*/
23
24	/ This file contains the types and prototypes for all the*
25	* high level functionality of the gnutls main library.
26	*
27	* If the optional C++ binding was built, it is available in
28	* gnutls/gnutlsxx.h.
29	*
30	* The openssl compatibility layer (which is under the GNU GPL
31	* license) is in gnutls/openssl.h.
32	*
33	* The low level cipher functionality is in gnutls/crypto.h.
34	*/
35
36
37	#ifndef GNUTLS_H
38	#define GNUTLS_H
39
40	/ Get size_t. /
41	#include <stddef.h>
42	/ Get ssize_t. /
43	#ifndef HAVE_SSIZE_T
44	#define HAVE_SSIZE_T
45	/ INDENT-OFF /
46	#include <sys/types.h>
47	/ INDENT-ON /
48	#endif
49	/ Get time_t. /
50	#include <time.h>
51
52	/ INDENT-OFF /
53	#ifdef __cplusplus
54	extern "C" {
55	#endif
56	/ INDENT-ON /
57
58	#define GNUTLS_VERSION "3.5.18"
59
60	#define GNUTLS_VERSION_MAJOR 3
61	#define GNUTLS_VERSION_MINOR 5
62	#define GNUTLS_VERSION_PATCH 18
63
64	#define GNUTLS_VERSION_NUMBER 0x030512
65
66	#define GNUTLS_CIPHER_RIJNDAEL_128_CBC GNUTLS_CIPHER_AES_128_CBC
67	#define GNUTLS_CIPHER_RIJNDAEL_256_CBC GNUTLS_CIPHER_AES_256_CBC
68	#define GNUTLS_CIPHER_RIJNDAEL_CBC GNUTLS_CIPHER_AES_128_CBC
69	#define GNUTLS_CIPHER_ARCFOUR GNUTLS_CIPHER_ARCFOUR_128
70
71	#if !defined(GNUTLS_INTERNAL_BUILD) && defined(_WIN32)
72	# define _SYM_EXPORT __declspec(dllimport)
73	#else
74	# define _SYM_EXPORT
75	#endif
76
77	#ifdef __GNUC__
78	# define __GNUTLS_CONST__ __attribute__((const))
79	# define __GNUTLS_PURE__ __attribute__((pure))
80	#else
81	# define __GNUTLS_CONST__
82	# define __GNUTLS_PURE__
83	#endif
84
85
86	/ Use the following definition globally in your program to disable*
87	* implicit initialization of gnutls. */
88	#define GNUTLS_SKIP_GLOBAL_INIT int _gnutls_global_init_skip(void); \
89	int _gnutls_global_init_skip(void) {return 1;}
90
91	/**
92	* gnutls_cipher_algorithm_t:
93	* @GNUTLS_CIPHER_UNKNOWN: Value to identify an unknown/unsupported algorithm.
94	* @GNUTLS_CIPHER_NULL: The NULL (identity) encryption algorithm.
95	* @GNUTLS_CIPHER_ARCFOUR_128: ARCFOUR stream cipher with 128-bit keys.
96	* @GNUTLS_CIPHER_3DES_CBC: 3DES in CBC mode.
97	* @GNUTLS_CIPHER_AES_128_CBC: AES in CBC mode with 128-bit keys.
98	* @GNUTLS_CIPHER_AES_192_CBC: AES in CBC mode with 192-bit keys.
99	* @GNUTLS_CIPHER_AES_256_CBC: AES in CBC mode with 256-bit keys.
100	* @GNUTLS_CIPHER_ARCFOUR_40: ARCFOUR stream cipher with 40-bit keys.
101	* @GNUTLS_CIPHER_CAMELLIA_128_CBC: Camellia in CBC mode with 128-bit keys.
102	* @GNUTLS_CIPHER_CAMELLIA_192_CBC: Camellia in CBC mode with 192-bit keys.
103	* @GNUTLS_CIPHER_CAMELLIA_256_CBC: Camellia in CBC mode with 256-bit keys.
104	* @GNUTLS_CIPHER_RC2_40_CBC: RC2 in CBC mode with 40-bit keys.
105	* @GNUTLS_CIPHER_DES_CBC: DES in CBC mode (56-bit keys).
106	* @GNUTLS_CIPHER_AES_128_GCM: AES in GCM mode with 128-bit keys.
107	* @GNUTLS_CIPHER_AES_256_GCM: AES in GCM mode with 256-bit keys.
108	* @GNUTLS_CIPHER_AES_128_CCM: AES in CCM mode with 128-bit keys.
109	* @GNUTLS_CIPHER_AES_256_CCM: AES in CCM mode with 256-bit keys.
110	* @GNUTLS_CIPHER_AES_128_CCM_8: AES in CCM mode with 64-bit tag and 128-bit keys.
111	* @GNUTLS_CIPHER_AES_256_CCM_8: AES in CCM mode with 64-bit tag and 256-bit keys.
112	* @GNUTLS_CIPHER_CAMELLIA_128_GCM: CAMELLIA in GCM mode with 128-bit keys.
113	* @GNUTLS_CIPHER_CAMELLIA_256_GCM: CAMELLIA in GCM mode with 256-bit keys.
114	* @GNUTLS_CIPHER_SALSA20_256: Salsa20 with 256-bit keys.
115	* @GNUTLS_CIPHER_ESTREAM_SALSA20_256: Estream's Salsa20 variant with 256-bit keys.
116	* @GNUTLS_CIPHER_CHACHA20_POLY1305: The Chacha20 cipher with the Poly1305 authenticator (AEAD).
117	* @GNUTLS_CIPHER_IDEA_PGP_CFB: IDEA in CFB mode (placeholder - unsupported).
118	* @GNUTLS_CIPHER_3DES_PGP_CFB: 3DES in CFB mode (placeholder - unsupported).
119	* @GNUTLS_CIPHER_CAST5_PGP_CFB: CAST5 in CFB mode (placeholder - unsupported).
120	* @GNUTLS_CIPHER_BLOWFISH_PGP_CFB: Blowfish in CFB mode (placeholder - unsupported).
121	* @GNUTLS_CIPHER_SAFER_SK128_PGP_CFB: Safer-SK in CFB mode with 128-bit keys (placeholder - unsupported).
122	* @GNUTLS_CIPHER_AES128_PGP_CFB: AES in CFB mode with 128-bit keys (placeholder - unsupported).
123	* @GNUTLS_CIPHER_AES192_PGP_CFB: AES in CFB mode with 192-bit keys (placeholder - unsupported).
124	* @GNUTLS_CIPHER_AES256_PGP_CFB: AES in CFB mode with 256-bit keys (placeholder - unsupported).
125	* @GNUTLS_CIPHER_TWOFISH_PGP_CFB: Twofish in CFB mode (placeholder - unsupported).
126	*
127	* Enumeration of different symmetric encryption algorithms.
128	*/
129	typedef enum gnutls_cipher_algorithm {
130	GNUTLS_CIPHER_UNKNOWN = `0`,
131	GNUTLS_CIPHER_NULL = `1`,
132	GNUTLS_CIPHER_ARCFOUR_128 = `2`,
133	GNUTLS_CIPHER_3DES_CBC = `3`,
134	GNUTLS_CIPHER_AES_128_CBC = `4`,
135	GNUTLS_CIPHER_AES_256_CBC = `5`,
136	GNUTLS_CIPHER_ARCFOUR_40 = `6`,
137	GNUTLS_CIPHER_CAMELLIA_128_CBC = `7`,
138	GNUTLS_CIPHER_CAMELLIA_256_CBC = `8`,
139	GNUTLS_CIPHER_AES_192_CBC = `9`,
140	GNUTLS_CIPHER_AES_128_GCM = `10`,
141	GNUTLS_CIPHER_AES_256_GCM = `11`,
142	GNUTLS_CIPHER_CAMELLIA_192_CBC = `12`,
143	GNUTLS_CIPHER_SALSA20_256 = `13`,
144	GNUTLS_CIPHER_ESTREAM_SALSA20_256 = `14`,
145	GNUTLS_CIPHER_CAMELLIA_128_GCM = `15`,
146	GNUTLS_CIPHER_CAMELLIA_256_GCM = `16`,
147	GNUTLS_CIPHER_RC2_40_CBC = `17`,
148	GNUTLS_CIPHER_DES_CBC = `18`,
149	GNUTLS_CIPHER_AES_128_CCM = `19`,
150	GNUTLS_CIPHER_AES_256_CCM = `20`,
151	GNUTLS_CIPHER_AES_128_CCM_8 = `21`,
152	GNUTLS_CIPHER_AES_256_CCM_8 = `22`,
153	GNUTLS_CIPHER_CHACHA20_POLY1305 = `23`,
154
155	/ used only for PGP internals. Ignored in TLS/SSL*
156	*/
157	GNUTLS_CIPHER_IDEA_PGP_CFB = `200`,
158	GNUTLS_CIPHER_3DES_PGP_CFB = `201`,
159	GNUTLS_CIPHER_CAST5_PGP_CFB = `202`,
160	GNUTLS_CIPHER_BLOWFISH_PGP_CFB = `203`,
161	GNUTLS_CIPHER_SAFER_SK128_PGP_CFB = `204`,
162	GNUTLS_CIPHER_AES128_PGP_CFB = `205`,
163	GNUTLS_CIPHER_AES192_PGP_CFB = `206`,
164	GNUTLS_CIPHER_AES256_PGP_CFB = `207`,
165	GNUTLS_CIPHER_TWOFISH_PGP_CFB = `208`
166	} gnutls_cipher_algorithm_t;
167
168	/**
169	* gnutls_kx_algorithm_t:
170	* @GNUTLS_KX_UNKNOWN: Unknown key-exchange algorithm.
171	* @GNUTLS_KX_RSA: RSA key-exchange algorithm.
172	* @GNUTLS_KX_DHE_DSS: DHE-DSS key-exchange algorithm.
173	* @GNUTLS_KX_DHE_RSA: DHE-RSA key-exchange algorithm.
174	* @GNUTLS_KX_ECDHE_RSA: ECDHE-RSA key-exchange algorithm.
175	* @GNUTLS_KX_ECDHE_ECDSA: ECDHE-ECDSA key-exchange algorithm.
176	* @GNUTLS_KX_ANON_DH: Anon-DH key-exchange algorithm.
177	* @GNUTLS_KX_ANON_ECDH: Anon-ECDH key-exchange algorithm.
178	* @GNUTLS_KX_SRP: SRP key-exchange algorithm.
179	* @GNUTLS_KX_RSA_EXPORT: RSA-EXPORT key-exchange algorithm (defunc).
180	* @GNUTLS_KX_SRP_RSA: SRP-RSA key-exchange algorithm.
181	* @GNUTLS_KX_SRP_DSS: SRP-DSS key-exchange algorithm.
182	* @GNUTLS_KX_PSK: PSK key-exchange algorithm.
183	* @GNUTLS_KX_DHE_PSK: DHE-PSK key-exchange algorithm.
184	* @GNUTLS_KX_ECDHE_PSK: ECDHE-PSK key-exchange algorithm.
185	* @GNUTLS_KX_RSA_PSK: RSA-PSK key-exchange algorithm.
186	*
187	* Enumeration of different key exchange algorithms.
188	*/
189	typedef enum {
190	GNUTLS_KX_UNKNOWN = `0`,
191	GNUTLS_KX_RSA = `1`,
192	GNUTLS_KX_DHE_DSS = `2`,
193	GNUTLS_KX_DHE_RSA = `3`,
194	GNUTLS_KX_ANON_DH = `4`,
195	GNUTLS_KX_SRP = `5`,
196	GNUTLS_KX_RSA_EXPORT = `6`,
197	GNUTLS_KX_SRP_RSA = `7`,
198	GNUTLS_KX_SRP_DSS = `8`,
199	GNUTLS_KX_PSK = `9`,
200	GNUTLS_KX_DHE_PSK = `10`,
201	GNUTLS_KX_ANON_ECDH = `11`,
202	GNUTLS_KX_ECDHE_RSA = `12`,
203	GNUTLS_KX_ECDHE_ECDSA = `13`,
204	GNUTLS_KX_ECDHE_PSK = `14`,
205	GNUTLS_KX_RSA_PSK = `15`
206	} gnutls_kx_algorithm_t;
207
208	/**
209	* gnutls_params_type_t:
210	* @GNUTLS_PARAMS_RSA_EXPORT: Session RSA-EXPORT parameters (defunc).
211	* @GNUTLS_PARAMS_DH: Session Diffie-Hellman parameters.
212	* @GNUTLS_PARAMS_ECDH: Session Elliptic-Curve Diffie-Hellman parameters.
213	*
214	* Enumeration of different TLS session parameter types.
215	*/
216	typedef enum {
217	GNUTLS_PARAMS_RSA_EXPORT = `1`,
218	GNUTLS_PARAMS_DH = `2`,
219	GNUTLS_PARAMS_ECDH = `3`
220	} gnutls_params_type_t;
221
222	/**
223	* gnutls_credentials_type_t:
224	* @GNUTLS_CRD_CERTIFICATE: Certificate credential.
225	* @GNUTLS_CRD_ANON: Anonymous credential.
226	* @GNUTLS_CRD_SRP: SRP credential.
227	* @GNUTLS_CRD_PSK: PSK credential.
228	* @GNUTLS_CRD_IA: IA credential.
229	*
230	* Enumeration of different credential types.
231	*/
232	typedef enum {
233	GNUTLS_CRD_CERTIFICATE = `1`,
234	GNUTLS_CRD_ANON,
235	GNUTLS_CRD_SRP,
236	GNUTLS_CRD_PSK,
237	GNUTLS_CRD_IA
238	} gnutls_credentials_type_t;
239
240	#define GNUTLS_MAC_SHA GNUTLS_MAC_SHA1
241	#define GNUTLS_DIG_SHA GNUTLS_DIG_SHA1
242
243	/**
244	* gnutls_mac_algorithm_t:
245	* @GNUTLS_MAC_UNKNOWN: Unknown MAC algorithm.
246	* @GNUTLS_MAC_NULL: NULL MAC algorithm (empty output).
247	* @GNUTLS_MAC_MD5: HMAC-MD5 algorithm.
248	* @GNUTLS_MAC_SHA1: HMAC-SHA-1 algorithm.
249	* @GNUTLS_MAC_RMD160: HMAC-RMD160 algorithm.
250	* @GNUTLS_MAC_MD2: HMAC-MD2 algorithm.
251	* @GNUTLS_MAC_SHA256: HMAC-SHA-256 algorithm.
252	* @GNUTLS_MAC_SHA384: HMAC-SHA-384 algorithm.
253	* @GNUTLS_MAC_SHA512: HMAC-SHA-512 algorithm.
254	* @GNUTLS_MAC_SHA224: HMAC-SHA-224 algorithm.
255	* @GNUTLS_MAC_AEAD: MAC implicit through AEAD cipher.
256	* @GNUTLS_MAC_UMAC_96: The UMAC-96 MAC algorithm.
257	* @GNUTLS_MAC_UMAC_128: The UMAC-128 MAC algorithm.
258	*
259	* Enumeration of different Message Authentication Code (MAC)
260	* algorithms.
261	*/
262	typedef enum {
263	GNUTLS_MAC_UNKNOWN = `0`,
264	GNUTLS_MAC_NULL = `1`,
265	GNUTLS_MAC_MD5 = `2`,
266	GNUTLS_MAC_SHA1 = `3`,
267	GNUTLS_MAC_RMD160 = `4`,
268	GNUTLS_MAC_MD2 = `5`,
269	GNUTLS_MAC_SHA256 = `6`,
270	GNUTLS_MAC_SHA384 = `7`,
271	GNUTLS_MAC_SHA512 = `8`,
272	GNUTLS_MAC_SHA224 = `9`,
273	GNUTLS_MAC_SHA3_224 = `10`, / reserved: no implementation /
274	GNUTLS_MAC_SHA3_256 = `11`, / reserved: no implementation /
275	GNUTLS_MAC_SHA3_384 = `12`, / reserved: no implementation /
276	GNUTLS_MAC_SHA3_512 = `13`, / reserved: no implementation /
277	/ If you add anything here, make sure you align with*
278	gnutls_digest_algorithm_t. /*
279	GNUTLS_MAC_AEAD = `200`, / indicates that MAC is on the cipher /
280	GNUTLS_MAC_UMAC_96 = `201`,
281	GNUTLS_MAC_UMAC_128 = `202`
282	} gnutls_mac_algorithm_t;
283
284	/**
285	* gnutls_digest_algorithm_t:
286	* @GNUTLS_DIG_UNKNOWN: Unknown hash algorithm.
287	* @GNUTLS_DIG_NULL: NULL hash algorithm (empty output).
288	* @GNUTLS_DIG_MD5: MD5 algorithm.
289	* @GNUTLS_DIG_SHA1: SHA-1 algorithm.
290	* @GNUTLS_DIG_RMD160: RMD160 algorithm.
291	* @GNUTLS_DIG_MD2: MD2 algorithm.
292	* @GNUTLS_DIG_SHA256: SHA-256 algorithm.
293	* @GNUTLS_DIG_SHA384: SHA-384 algorithm.
294	* @GNUTLS_DIG_SHA512: SHA-512 algorithm.
295	* @GNUTLS_DIG_SHA224: SHA-224 algorithm.
296	* @GNUTLS_DIG_SHA3_224: SHA3-224 algorithm.
297	* @GNUTLS_DIG_SHA3_256: SHA3-256 algorithm.
298	* @GNUTLS_DIG_SHA3_384: SHA3-384 algorithm.
299	* @GNUTLS_DIG_SHA3_512: SHA3-512 algorithm.
300	*
301	* Enumeration of different digest (hash) algorithms.
302	*/
303	typedef enum {
304	GNUTLS_DIG_UNKNOWN = GNUTLS_MAC_UNKNOWN,
305	GNUTLS_DIG_NULL = GNUTLS_MAC_NULL,
306	GNUTLS_DIG_MD5 = GNUTLS_MAC_MD5,
307	GNUTLS_DIG_SHA1 = GNUTLS_MAC_SHA1,
308	GNUTLS_DIG_RMD160 = GNUTLS_MAC_RMD160,
309	GNUTLS_DIG_MD2 = GNUTLS_MAC_MD2,
310	GNUTLS_DIG_SHA256 = GNUTLS_MAC_SHA256,
311	GNUTLS_DIG_SHA384 = GNUTLS_MAC_SHA384,
312	GNUTLS_DIG_SHA512 = GNUTLS_MAC_SHA512,
313	GNUTLS_DIG_SHA224 = GNUTLS_MAC_SHA224,
314	GNUTLS_DIG_SHA3_224 = GNUTLS_MAC_SHA3_224,
315	GNUTLS_DIG_SHA3_256 = GNUTLS_MAC_SHA3_256,
316	GNUTLS_DIG_SHA3_384 = GNUTLS_MAC_SHA3_384,
317	GNUTLS_DIG_SHA3_512 = GNUTLS_MAC_SHA3_512
318	/ If you add anything here, make sure you align with*
319	gnutls_mac_algorithm_t. /*
320	} gnutls_digest_algorithm_t;
321
322	/ exported for other gnutls headers. This is the maximum number of*
323	* algorithms (ciphers, kx or macs).
324	*/
325	#define GNUTLS_MAX_ALGORITHM_NUM 64
326	#define GNUTLS_MAX_SESSION_ID_SIZE 32
327
328
329	/**
330	* gnutls_compression_method_t:
331	* @GNUTLS_COMP_UNKNOWN: Unknown compression method.
332	* @GNUTLS_COMP_NULL: The NULL compression method (no compression).
333	* @GNUTLS_COMP_DEFLATE: The DEFLATE compression method from zlib.
334	* @GNUTLS_COMP_ZLIB: Same as %GNUTLS_COMP_DEFLATE.
335	*
336	* Enumeration of different TLS compression methods.
337	*/
338	typedef enum {
339	GNUTLS_COMP_UNKNOWN = `0`,
340	GNUTLS_COMP_NULL = `1`,
341	GNUTLS_COMP_DEFLATE = `2`,
342	GNUTLS_COMP_ZLIB = GNUTLS_COMP_DEFLATE
343	} gnutls_compression_method_t;
344
345
346	/**
347	* gnutls_init_flags_t:
348	*
349	* @GNUTLS_SERVER: Connection end is a server.
350	* @GNUTLS_CLIENT: Connection end is a client.
351	* @GNUTLS_DATAGRAM: Connection is datagram oriented (DTLS). Since 3.0.0.
352	* @GNUTLS_NONBLOCK: Connection should not block. Since 3.0.0.
353	* @GNUTLS_NO_SIGNAL: In systems where SIGPIPE is delivered on send, it will be disabled. That flag has effect in systems which support the MSG_NOSIGNAL sockets flag (since 3.4.2).
354	* @GNUTLS_NO_EXTENSIONS: Do not enable any TLS extensions by default (since 3.1.2).
355	* @GNUTLS_NO_REPLAY_PROTECTION: Disable any replay protection in DTLS. This must only be used if replay protection is achieved using other means. Since 3.2.2.
356	* @GNUTLS_ALLOW_ID_CHANGE: Allow the peer to replace its certificate, or change its ID during a rehandshake. This change is often used in attacks and thus prohibited by default. Since 3.5.0.
357	* @GNUTLS_ENABLE_FALSE_START: Enable the TLS false start on client side if the negotiated ciphersuites allow it. This will enable sending data prior to the handshake being complete, and may introduce a risk of crypto failure when combined with certain key exchanged; for that GnuTLS may not enable that option in ciphersuites that are known to be not safe for false start. Since 3.5.0.
358	* @GNUTLS_FORCE_CLIENT_CERT: When in client side and only a single cert is specified, send that certificate irrespective of the issuers expected by the server. Since 3.5.0.
359	* @GNUTLS_NO_TICKETS: Flag to indicate that the session should not use resumption with session tickets.
360	*
361	* Enumeration of different flags for gnutls_init() function. All the flags
362	* can be combined except @GNUTLS_SERVER and @GNUTLS_CLIENT which are mutually
363	* exclusive.
364	*/
365	typedef enum {
366	GNUTLS_SERVER = `1`,
367	GNUTLS_CLIENT = (`1`<<`1`),
368	GNUTLS_DATAGRAM = (`1`<<`2`),
369	GNUTLS_NONBLOCK = (`1`<<`3`),
370	GNUTLS_NO_EXTENSIONS = (`1`<<`4`),
371	GNUTLS_NO_REPLAY_PROTECTION = (`1`<<`5`),
372	GNUTLS_NO_SIGNAL = (`1`<<`6`),
373	GNUTLS_ALLOW_ID_CHANGE = (`1`<<`7`),
374	GNUTLS_ENABLE_FALSE_START = (`1`<<`8`),
375	GNUTLS_FORCE_CLIENT_CERT = (`1`<<`9`),
376	GNUTLS_NO_TICKETS = (`1`<<`10`)
377	} gnutls_init_flags_t;
378
379	/ compatibility defines (previous versions of gnutls*
380	* used defines instead of enumerated values). */
381	#define GNUTLS_SERVER (1)
382	#define GNUTLS_CLIENT (1<<1)
383	#define GNUTLS_DATAGRAM (1<<2)
384	#define GNUTLS_NONBLOCK (1<<3)
385	#define GNUTLS_NO_EXTENSIONS (1<<4)
386	#define GNUTLS_NO_REPLAY_PROTECTION (1<<5)
387	#define GNUTLS_NO_SIGNAL (1<<6)
388	#define GNUTLS_ALLOW_ID_CHANGE (1<<7)
389	#define GNUTLS_ENABLE_FALSE_START (1<<8)
390	#define GNUTLS_FORCE_CLIENT_CERT (1<<9)
391	#define GNUTLS_NO_TICKETS (1<<10)
392
393	/**
394	* gnutls_alert_level_t:
395	* @GNUTLS_AL_WARNING: Alert of warning severity.
396	* @GNUTLS_AL_FATAL: Alert of fatal severity.
397	*
398	* Enumeration of different TLS alert severities.
399	*/
400	typedef enum {
401	GNUTLS_AL_WARNING = `1`,
402	GNUTLS_AL_FATAL
403	} gnutls_alert_level_t;
404
405	/**
406	* gnutls_alert_description_t:
407	* @GNUTLS_A_CLOSE_NOTIFY: Close notify.
408	* @GNUTLS_A_UNEXPECTED_MESSAGE: Unexpected message.
409	* @GNUTLS_A_BAD_RECORD_MAC: Bad record MAC.
410	* @GNUTLS_A_DECRYPTION_FAILED: Decryption failed.
411	* @GNUTLS_A_RECORD_OVERFLOW: Record overflow.
412	* @GNUTLS_A_DECOMPRESSION_FAILURE: Decompression failed.
413	* @GNUTLS_A_HANDSHAKE_FAILURE: Handshake failed.
414	* @GNUTLS_A_SSL3_NO_CERTIFICATE: No certificate.
415	* @GNUTLS_A_BAD_CERTIFICATE: Certificate is bad.
416	* @GNUTLS_A_UNSUPPORTED_CERTIFICATE: Certificate is not supported.
417	* @GNUTLS_A_CERTIFICATE_REVOKED: Certificate was revoked.
418	* @GNUTLS_A_CERTIFICATE_EXPIRED: Certificate is expired.
419	* @GNUTLS_A_CERTIFICATE_UNKNOWN: Unknown certificate.
420	* @GNUTLS_A_ILLEGAL_PARAMETER: Illegal parameter.
421	* @GNUTLS_A_UNKNOWN_CA: CA is unknown.
422	* @GNUTLS_A_ACCESS_DENIED: Access was denied.
423	* @GNUTLS_A_DECODE_ERROR: Decode error.
424	* @GNUTLS_A_DECRYPT_ERROR: Decrypt error.
425	* @GNUTLS_A_EXPORT_RESTRICTION: Export restriction.
426	* @GNUTLS_A_PROTOCOL_VERSION: Error in protocol version.
427	* @GNUTLS_A_INSUFFICIENT_SECURITY: Insufficient security.
428	* @GNUTLS_A_USER_CANCELED: User canceled.
429	* @GNUTLS_A_INTERNAL_ERROR: Internal error.
430	* @GNUTLS_A_INAPPROPRIATE_FALLBACK: Inappropriate fallback,
431	* @GNUTLS_A_NO_RENEGOTIATION: No renegotiation is allowed.
432	* @GNUTLS_A_CERTIFICATE_UNOBTAINABLE: Could not retrieve the
433	* specified certificate.
434	* @GNUTLS_A_UNSUPPORTED_EXTENSION: An unsupported extension was
435	* sent.
436	* @GNUTLS_A_UNRECOGNIZED_NAME: The server name sent was not
437	* recognized.
438	* @GNUTLS_A_UNKNOWN_PSK_IDENTITY: The SRP/PSK username is missing
439	* or not known.
440	* @GNUTLS_A_NO_APPLICATION_PROTOCOL: The ALPN protocol requested is
441	* not supported by the peer.
442	*
443	* Enumeration of different TLS alerts.
444	*/
445	typedef enum {
446	GNUTLS_A_CLOSE_NOTIFY,
447	GNUTLS_A_UNEXPECTED_MESSAGE = `10`,
448	GNUTLS_A_BAD_RECORD_MAC = `20`,
449	GNUTLS_A_DECRYPTION_FAILED,
450	GNUTLS_A_RECORD_OVERFLOW,
451	GNUTLS_A_DECOMPRESSION_FAILURE = `30`,
452	GNUTLS_A_HANDSHAKE_FAILURE = `40`,
453	GNUTLS_A_SSL3_NO_CERTIFICATE = `41`,
454	GNUTLS_A_BAD_CERTIFICATE = `42`,
455	GNUTLS_A_UNSUPPORTED_CERTIFICATE,
456	GNUTLS_A_CERTIFICATE_REVOKED,
457	GNUTLS_A_CERTIFICATE_EXPIRED,
458	GNUTLS_A_CERTIFICATE_UNKNOWN,
459	GNUTLS_A_ILLEGAL_PARAMETER,
460	GNUTLS_A_UNKNOWN_CA,
461	GNUTLS_A_ACCESS_DENIED,
462	GNUTLS_A_DECODE_ERROR = `50`,
463	GNUTLS_A_DECRYPT_ERROR,
464	GNUTLS_A_EXPORT_RESTRICTION = `60`,
465	GNUTLS_A_PROTOCOL_VERSION = `70`,
466	GNUTLS_A_INSUFFICIENT_SECURITY,
467	GNUTLS_A_INTERNAL_ERROR = `80`,
468	GNUTLS_A_INAPPROPRIATE_FALLBACK = `86`,
469	GNUTLS_A_USER_CANCELED = `90`,
470	GNUTLS_A_NO_RENEGOTIATION = `100`,
471	GNUTLS_A_UNSUPPORTED_EXTENSION = `110`,
472	GNUTLS_A_CERTIFICATE_UNOBTAINABLE = `111`,
473	GNUTLS_A_UNRECOGNIZED_NAME = `112`,
474	GNUTLS_A_UNKNOWN_PSK_IDENTITY = `115`,
475	GNUTLS_A_NO_APPLICATION_PROTOCOL = `120`
476	} gnutls_alert_description_t;
477
478	/**
479	* gnutls_handshake_description_t:
480	* @GNUTLS_HANDSHAKE_HELLO_REQUEST: Hello request.
481	* @GNUTLS_HANDSHAKE_HELLO_VERIFY_REQUEST: DTLS Hello verify request.
482	* @GNUTLS_HANDSHAKE_CLIENT_HELLO: Client hello.
483	* @GNUTLS_HANDSHAKE_SERVER_HELLO: Server hello.
484	* @GNUTLS_HANDSHAKE_NEW_SESSION_TICKET: New session ticket.
485	* @GNUTLS_HANDSHAKE_CERTIFICATE_PKT: Certificate packet.
486	* @GNUTLS_HANDSHAKE_SERVER_KEY_EXCHANGE: Server key exchange.
487	* @GNUTLS_HANDSHAKE_CERTIFICATE_REQUEST: Certificate request.
488	* @GNUTLS_HANDSHAKE_SERVER_HELLO_DONE: Server hello done.
489	* @GNUTLS_HANDSHAKE_CERTIFICATE_VERIFY: Certificate verify.
490	* @GNUTLS_HANDSHAKE_CLIENT_KEY_EXCHANGE: Client key exchange.
491	* @GNUTLS_HANDSHAKE_FINISHED: Finished.
492	* @GNUTLS_HANDSHAKE_CERTIFICATE_STATUS: Certificate status (OCSP).
493	* @GNUTLS_HANDSHAKE_SUPPLEMENTAL: Supplemental.
494	* @GNUTLS_HANDSHAKE_CHANGE_CIPHER_SPEC: Change Cipher Spec.
495	* @GNUTLS_HANDSHAKE_CLIENT_HELLO_V2: SSLv2 Client Hello.
496	*
497	* Enumeration of different TLS handshake packets.
498	*/
499	typedef enum {
500	GNUTLS_HANDSHAKE_HELLO_REQUEST = `0`,
501	GNUTLS_HANDSHAKE_CLIENT_HELLO = `1`,
502	GNUTLS_HANDSHAKE_SERVER_HELLO = `2`,
503	GNUTLS_HANDSHAKE_HELLO_VERIFY_REQUEST = `3`,
504	GNUTLS_HANDSHAKE_NEW_SESSION_TICKET = `4`,
505	GNUTLS_HANDSHAKE_CERTIFICATE_PKT = `11`,
506	GNUTLS_HANDSHAKE_SERVER_KEY_EXCHANGE = `12`,
507	GNUTLS_HANDSHAKE_CERTIFICATE_REQUEST = `13`,
508	GNUTLS_HANDSHAKE_SERVER_HELLO_DONE = `14`,
509	GNUTLS_HANDSHAKE_CERTIFICATE_VERIFY = `15`,
510	GNUTLS_HANDSHAKE_CLIENT_KEY_EXCHANGE = `16`,
511	GNUTLS_HANDSHAKE_FINISHED = `20`,
512	GNUTLS_HANDSHAKE_CERTIFICATE_STATUS = `22`,
513	GNUTLS_HANDSHAKE_SUPPLEMENTAL = `23`,
514	GNUTLS_HANDSHAKE_CHANGE_CIPHER_SPEC = `254`,
515	GNUTLS_HANDSHAKE_CLIENT_HELLO_V2 = `1024`
516	} gnutls_handshake_description_t;
517
518	#define GNUTLS_HANDSHAKE_ANY ((unsigned int)-1)
519
520	const char
521	*gnutls_handshake_description_get_name(gnutls_handshake_description_t
522	type);
523
524	/**
525	* gnutls_certificate_status_t:
526	* @GNUTLS_CERT_INVALID: The certificate is not signed by one of the
527	* known authorities or the signature is invalid (deprecated by the flags
528	* %GNUTLS_CERT_SIGNATURE_FAILURE and %GNUTLS_CERT_SIGNER_NOT_FOUND).
529	* @GNUTLS_CERT_SIGNATURE_FAILURE: The signature verification failed.
530	* @GNUTLS_CERT_REVOKED: Certificate is revoked by its authority. In X.509 this will be
531	* set only if CRLs are checked.
532	* @GNUTLS_CERT_SIGNER_NOT_FOUND: The certificate's issuer is not known.
533	* This is the case if the issuer is not included in the trusted certificate list.
534	* @GNUTLS_CERT_SIGNER_NOT_CA: The certificate's signer was not a CA. This
535	* may happen if this was a version 1 certificate, which is common with
536	* some CAs, or a version 3 certificate without the basic constrains extension.
537	* @GNUTLS_CERT_SIGNER_CONSTRAINTS_FAILURE: The certificate's signer constraints were
538	* violated.
539	* @GNUTLS_CERT_INSECURE_ALGORITHM: The certificate was signed using an insecure
540	* algorithm such as MD2 or MD5. These algorithms have been broken and
541	* should not be trusted.
542	* @GNUTLS_CERT_NOT_ACTIVATED: The certificate is not yet activated.
543	* @GNUTLS_CERT_EXPIRED: The certificate has expired.
544	* @GNUTLS_CERT_REVOCATION_DATA_SUPERSEDED: The revocation data are old and have been superseded.
545	* @GNUTLS_CERT_REVOCATION_DATA_ISSUED_IN_FUTURE: The revocation data have a future issue date.
546	* @GNUTLS_CERT_UNEXPECTED_OWNER: The owner is not the expected one.
547	* @GNUTLS_CERT_MISMATCH: The certificate presented isn't the expected one (TOFU)
548	* @GNUTLS_CERT_PURPOSE_MISMATCH: The certificate or an intermediate does not match the intended purpose (extended key usage).
549	* @GNUTLS_CERT_MISSING_OCSP_STATUS: The certificate requires the server to send the certifiate status, but no status was received.
550	* @GNUTLS_CERT_INVALID_OCSP_STATUS: The received OCSP status response is invalid.
551	*
552	* Enumeration of certificate status codes. Note that the status
553	* bits may have different meanings in OpenPGP keys and X.509
554	* certificate verification.
555	*/
556	typedef enum {
557	GNUTLS_CERT_INVALID = `1` << `1`,
558	GNUTLS_CERT_REVOKED = `1` << `5`,
559	GNUTLS_CERT_SIGNER_NOT_FOUND = `1` << `6`,
560	GNUTLS_CERT_SIGNER_NOT_CA = `1` << `7`,
561	GNUTLS_CERT_INSECURE_ALGORITHM = `1` << `8`,
562	GNUTLS_CERT_NOT_ACTIVATED = `1` << `9`,
563	GNUTLS_CERT_EXPIRED = `1` << `10`,
564	GNUTLS_CERT_SIGNATURE_FAILURE = `1` << `11`,
565	GNUTLS_CERT_REVOCATION_DATA_SUPERSEDED = `1` << `12`,
566	GNUTLS_CERT_UNEXPECTED_OWNER = `1` << `14`,
567	GNUTLS_CERT_REVOCATION_DATA_ISSUED_IN_FUTURE = `1` << `15`,
568	GNUTLS_CERT_SIGNER_CONSTRAINTS_FAILURE = `1` << `16`,
569	GNUTLS_CERT_MISMATCH = `1` << `17`,
570	GNUTLS_CERT_PURPOSE_MISMATCH = `1` << `18`,
571	GNUTLS_CERT_MISSING_OCSP_STATUS = `1` << `19`,
572	GNUTLS_CERT_INVALID_OCSP_STATUS = `1` << `20`
573	} gnutls_certificate_status_t;
574
575	/**
576	* gnutls_certificate_request_t:
577	* @GNUTLS_CERT_IGNORE: Ignore certificate.
578	* @GNUTLS_CERT_REQUEST: Request certificate.
579	* @GNUTLS_CERT_REQUIRE: Require certificate.
580	*
581	* Enumeration of certificate request types.
582	*/
583	typedef enum {
584	GNUTLS_CERT_IGNORE = `0`,
585	GNUTLS_CERT_REQUEST = `1`,
586	GNUTLS_CERT_REQUIRE = `2`
587	} gnutls_certificate_request_t;
588
589	/**
590	* gnutls_openpgp_crt_status_t:
591	* @GNUTLS_OPENPGP_CERT: Send entire certificate.
592	* @GNUTLS_OPENPGP_CERT_FINGERPRINT: Send only certificate fingerprint.
593	*
594	* Enumeration of ways to send OpenPGP certificate.
595	*/
596	typedef enum {
597	GNUTLS_OPENPGP_CERT = `0`,
598	GNUTLS_OPENPGP_CERT_FINGERPRINT = `1`
599	} gnutls_openpgp_crt_status_t;
600
601	/**
602	* gnutls_close_request_t:
603	* @GNUTLS_SHUT_RDWR: Disallow further receives/sends.
604	* @GNUTLS_SHUT_WR: Disallow further sends.
605	*
606	* Enumeration of how TLS session should be terminated. See gnutls_bye().
607	*/
608	typedef enum {
609	GNUTLS_SHUT_RDWR = `0`,
610	GNUTLS_SHUT_WR = `1`
611	} gnutls_close_request_t;
612
613	/**
614	* gnutls_protocol_t:
615	* @GNUTLS_SSL3: SSL version 3.0.
616	* @GNUTLS_TLS1_0: TLS version 1.0.
617	* @GNUTLS_TLS1: Same as %GNUTLS_TLS1_0.
618	* @GNUTLS_TLS1_1: TLS version 1.1.
619	* @GNUTLS_TLS1_2: TLS version 1.2.
620	* @GNUTLS_DTLS1_0: DTLS version 1.0.
621	* @GNUTLS_DTLS1_2: DTLS version 1.2.
622	* @GNUTLS_DTLS0_9: DTLS version 0.9 (Cisco AnyConnect / OpenSSL 0.9.8e).
623	* @GNUTLS_VERSION_MAX: Maps to the highest supported TLS version.
624	* @GNUTLS_VERSION_UNKNOWN: Unknown SSL/TLS version.
625	*
626	* Enumeration of different SSL/TLS protocol versions.
627	*/
628	typedef enum {
629	GNUTLS_SSL3 = `1`,
630	GNUTLS_TLS1_0 = `2`,
631	GNUTLS_TLS1 = GNUTLS_TLS1_0,
632	GNUTLS_TLS1_1 = `3`,
633	GNUTLS_TLS1_2 = `4`,
634
635	GNUTLS_DTLS0_9 = `200`,
636	GNUTLS_DTLS1_0 = `201`, / 201 /
637	GNUTLS_DTLS1_2 = `202`,
638	GNUTLS_DTLS_VERSION_MIN = GNUTLS_DTLS0_9,
639	GNUTLS_DTLS_VERSION_MAX = GNUTLS_DTLS1_2,
640	GNUTLS_TLS_VERSION_MAX = GNUTLS_TLS1_2,
641	GNUTLS_VERSION_UNKNOWN = `0xff` / change it to 0xffff /
642	} gnutls_protocol_t;
643
644	/**
645	* gnutls_certificate_type_t:
646	* @GNUTLS_CRT_UNKNOWN: Unknown certificate type.
647	* @GNUTLS_CRT_X509: X.509 Certificate.
648	* @GNUTLS_CRT_OPENPGP: OpenPGP certificate.
649	* @GNUTLS_CRT_RAW: Raw public key (SubjectPublicKey)
650	*
651	* Enumeration of different certificate types.
652	*/
653	typedef enum {
654	GNUTLS_CRT_UNKNOWN = `0`,
655	GNUTLS_CRT_X509 = `1`,
656	GNUTLS_CRT_OPENPGP = `2`,
657	GNUTLS_CRT_RAW = `3`
658	} gnutls_certificate_type_t;
659
660	/**
661	* gnutls_x509_crt_fmt_t:
662	* @GNUTLS_X509_FMT_DER: X.509 certificate in DER format (binary).
663	* @GNUTLS_X509_FMT_PEM: X.509 certificate in PEM format (text).
664	*
665	* Enumeration of different certificate encoding formats.
666	*/
667	typedef enum {
668	GNUTLS_X509_FMT_DER = `0`,
669	GNUTLS_X509_FMT_PEM = `1`
670	} gnutls_x509_crt_fmt_t;
671
672	/**
673	* gnutls_certificate_print_formats_t:
674	* @GNUTLS_CRT_PRINT_FULL: Full information about certificate.
675	* @GNUTLS_CRT_PRINT_FULL_NUMBERS: Full information about certificate and include easy to parse public key parameters.
676	* @GNUTLS_CRT_PRINT_COMPACT: Information about certificate name in one line, plus identification of the public key.
677	* @GNUTLS_CRT_PRINT_ONELINE: Information about certificate in one line.
678	* @GNUTLS_CRT_PRINT_UNSIGNED_FULL: All info for an unsigned certificate.
679	*
680	* Enumeration of different certificate printing variants.
681	*/
682	typedef enum gnutls_certificate_print_formats {
683	GNUTLS_CRT_PRINT_FULL = `0`,
684	GNUTLS_CRT_PRINT_ONELINE = `1`,
685	GNUTLS_CRT_PRINT_UNSIGNED_FULL = `2`,
686	GNUTLS_CRT_PRINT_COMPACT = `3`,
687	GNUTLS_CRT_PRINT_FULL_NUMBERS = `4`
688	} gnutls_certificate_print_formats_t;
689
690	#define GNUTLS_PK_ECC GNUTLS_PK_ECDSA
691	#define GNUTLS_PK_EC GNUTLS_PK_ECDSA
692
693	/**
694	* gnutls_pk_algorithm_t:
695	* @GNUTLS_PK_UNKNOWN: Unknown public-key algorithm.
696	* @GNUTLS_PK_RSA: RSA public-key algorithm.
697	* @GNUTLS_PK_DSA: DSA public-key algorithm.
698	* @GNUTLS_PK_DH: Diffie-Hellman algorithm. Used to generate parameters.
699	* @GNUTLS_PK_ECDSA: Elliptic curve algorithm. These parameters are compatible with the ECDSA and ECDH algorithm.
700	* @GNUTLS_PK_ECDHX: Elliptic curve algorithm, restricted to ECDH as per rfc7748.
701	*
702	* Enumeration of different public-key algorithms.
703	*/
704	typedef enum {
705	GNUTLS_PK_UNKNOWN = `0`,
706	GNUTLS_PK_RSA = `1`,
707	GNUTLS_PK_DSA = `2`,
708	GNUTLS_PK_DH = `3`,
709	GNUTLS_PK_ECDSA = `4`,
710	GNUTLS_PK_ECDHX = `5`
711	} gnutls_pk_algorithm_t;
712
713
714	const char *gnutls_pk_algorithm_get_name(gnutls_pk_algorithm_t algorithm);
715
716	/**
717	* gnutls_sign_algorithm_t:
718	* @GNUTLS_SIGN_UNKNOWN: Unknown signature algorithm.
719	* @GNUTLS_SIGN_RSA_SHA1: Digital signature algorithm RSA with SHA-1
720	* @GNUTLS_SIGN_RSA_SHA: Same as %GNUTLS_SIGN_RSA_SHA1.
721	* @GNUTLS_SIGN_DSA_SHA1: Digital signature algorithm DSA with SHA-1
722	* @GNUTLS_SIGN_DSA_SHA224: Digital signature algorithm DSA with SHA-224
723	* @GNUTLS_SIGN_DSA_SHA256: Digital signature algorithm DSA with SHA-256
724	* @GNUTLS_SIGN_DSA_SHA384: Digital signature algorithm DSA with SHA-384
725	* @GNUTLS_SIGN_DSA_SHA512: Digital signature algorithm DSA with SHA-512
726	* @GNUTLS_SIGN_DSA_SHA: Same as %GNUTLS_SIGN_DSA_SHA1.
727	* @GNUTLS_SIGN_RSA_MD5: Digital signature algorithm RSA with MD5.
728	* @GNUTLS_SIGN_RSA_MD2: Digital signature algorithm RSA with MD2.
729	* @GNUTLS_SIGN_RSA_RMD160: Digital signature algorithm RSA with RMD-160.
730	* @GNUTLS_SIGN_RSA_SHA256: Digital signature algorithm RSA with SHA-256.
731	* @GNUTLS_SIGN_RSA_SHA384: Digital signature algorithm RSA with SHA-384.
732	* @GNUTLS_SIGN_RSA_SHA512: Digital signature algorithm RSA with SHA-512.
733	* @GNUTLS_SIGN_RSA_SHA224: Digital signature algorithm RSA with SHA-224.
734	* @GNUTLS_SIGN_ECDSA_SHA1: ECDSA with SHA1.
735	* @GNUTLS_SIGN_ECDSA_SHA224: Digital signature algorithm ECDSA with SHA-224.
736	* @GNUTLS_SIGN_ECDSA_SHA256: Digital signature algorithm ECDSA with SHA-256.
737	* @GNUTLS_SIGN_ECDSA_SHA384: Digital signature algorithm ECDSA with SHA-384.
738	* @GNUTLS_SIGN_ECDSA_SHA512: Digital signature algorithm ECDSA with SHA-512.
739	* @GNUTLS_SIGN_ECDSA_SHA3_224: Digital signature algorithm ECDSA with SHA3-224.
740	* @GNUTLS_SIGN_ECDSA_SHA3_256: Digital signature algorithm ECDSA with SHA3-256.
741	* @GNUTLS_SIGN_ECDSA_SHA3_384: Digital signature algorithm ECDSA with SHA3-384.
742	* @GNUTLS_SIGN_ECDSA_SHA3_512: Digital signature algorithm ECDSA with SHA3-512.
743	* @GNUTLS_SIGN_DSA_SHA3_224: Digital signature algorithm DSA with SHA3-224.
744	* @GNUTLS_SIGN_DSA_SHA3_256: Digital signature algorithm DSA with SHA3-256.
745	* @GNUTLS_SIGN_DSA_SHA3_384: Digital signature algorithm DSA with SHA3-384.
746	* @GNUTLS_SIGN_DSA_SHA3_512: Digital signature algorithm DSA with SHA3-512.
747	* @GNUTLS_SIGN_RSA_SHA3_224: Digital signature algorithm RSA with SHA3-224.
748	* @GNUTLS_SIGN_RSA_SHA3_256: Digital signature algorithm RSA with SHA3-256.
749	* @GNUTLS_SIGN_RSA_SHA3_384: Digital signature algorithm RSA with SHA3-384.
750	* @GNUTLS_SIGN_RSA_SHA3_512: Digital signature algorithm RSA with SHA3-512.
751	*
752	* Enumeration of different digital signature algorithms.
753	*/
754	typedef enum {
755	GNUTLS_SIGN_UNKNOWN = `0`,
756	GNUTLS_SIGN_RSA_SHA1 = `1`,
757	GNUTLS_SIGN_RSA_SHA = GNUTLS_SIGN_RSA_SHA1,
758	GNUTLS_SIGN_DSA_SHA1 = `2`,
759	GNUTLS_SIGN_DSA_SHA = GNUTLS_SIGN_DSA_SHA1,
760	GNUTLS_SIGN_RSA_MD5 = `3`,
761	GNUTLS_SIGN_RSA_MD2 = `4`,
762	GNUTLS_SIGN_RSA_RMD160 = `5`,
763	GNUTLS_SIGN_RSA_SHA256 = `6`,
764	GNUTLS_SIGN_RSA_SHA384 = `7`,
765	GNUTLS_SIGN_RSA_SHA512 = `8`,
766	GNUTLS_SIGN_RSA_SHA224 = `9`,
767	GNUTLS_SIGN_DSA_SHA224 = `10`,
768	GNUTLS_SIGN_DSA_SHA256 = `11`,
769	GNUTLS_SIGN_ECDSA_SHA1 = `12`,
770	GNUTLS_SIGN_ECDSA_SHA224 = `13`,
771	GNUTLS_SIGN_ECDSA_SHA256 = `14`,
772	GNUTLS_SIGN_ECDSA_SHA384 = `15`,
773	GNUTLS_SIGN_ECDSA_SHA512 = `16`,
774	GNUTLS_SIGN_DSA_SHA384 = `17`,
775	GNUTLS_SIGN_DSA_SHA512 = `18`,
776	GNUTLS_SIGN_ECDSA_SHA3_224 = `20`,
777	GNUTLS_SIGN_ECDSA_SHA3_256 = `21`,
778	GNUTLS_SIGN_ECDSA_SHA3_384 = `22`,
779	GNUTLS_SIGN_ECDSA_SHA3_512 = `23`,
780
781	GNUTLS_SIGN_DSA_SHA3_224 = `24`,
782	GNUTLS_SIGN_DSA_SHA3_256 = `25`,
783	GNUTLS_SIGN_DSA_SHA3_384 = `26`,
784	GNUTLS_SIGN_DSA_SHA3_512 = `27`,
785	GNUTLS_SIGN_RSA_SHA3_224 = `28`,
786	GNUTLS_SIGN_RSA_SHA3_256 = `29`,
787	GNUTLS_SIGN_RSA_SHA3_384 = `30`,
788	GNUTLS_SIGN_RSA_SHA3_512 = `31`
789	} gnutls_sign_algorithm_t;
790
791	/**
792	* gnutls_ecc_curve_t:
793	* @GNUTLS_ECC_CURVE_INVALID: Cannot be known
794	* @GNUTLS_ECC_CURVE_SECP192R1: the SECP192R1 curve
795	* @GNUTLS_ECC_CURVE_SECP224R1: the SECP224R1 curve
796	* @GNUTLS_ECC_CURVE_SECP256R1: the SECP256R1 curve
797	* @GNUTLS_ECC_CURVE_SECP384R1: the SECP384R1 curve
798	* @GNUTLS_ECC_CURVE_SECP521R1: the SECP521R1 curve
799	* @GNUTLS_ECC_CURVE_X25519: the X25519 curve (ECDH only)
800	*
801	* Enumeration of ECC curves.
802	*/
803	typedef enum {
804	GNUTLS_ECC_CURVE_INVALID = `0`,
805	GNUTLS_ECC_CURVE_SECP224R1,
806	GNUTLS_ECC_CURVE_SECP256R1,
807	GNUTLS_ECC_CURVE_SECP384R1,
808	GNUTLS_ECC_CURVE_SECP521R1,
809	GNUTLS_ECC_CURVE_SECP192R1,
810	GNUTLS_ECC_CURVE_X25519
811	} gnutls_ecc_curve_t;
812
813	/ macros to allow specifying a specific curve in gnutls_privkey_generate()*
814	* and gnutls_x509_privkey_generate() */
815	#define GNUTLS_CURVE_TO_BITS(curve) (unsigned int)(((unsigned int)1<<31)\|((unsigned int)(curve)))
816	#define GNUTLS_BITS_TO_CURVE(bits) (((unsigned int)(bits)) & 0x7FFFFFFF)
817	#define GNUTLS_BITS_ARE_CURVE(bits) (((unsigned int)(bits)) & 0x80000000)
818
819	/**
820	* gnutls_sec_param_t:
821	* @GNUTLS_SEC_PARAM_UNKNOWN: Cannot be known
822	* @GNUTLS_SEC_PARAM_INSECURE: Less than 42 bits of security
823	* @GNUTLS_SEC_PARAM_EXPORT: 42 bits of security
824	* @GNUTLS_SEC_PARAM_VERY_WEAK: 64 bits of security
825	* @GNUTLS_SEC_PARAM_WEAK: 72 bits of security
826	* @GNUTLS_SEC_PARAM_LOW: 80 bits of security
827	* @GNUTLS_SEC_PARAM_LEGACY: 96 bits of security
828	* @GNUTLS_SEC_PARAM_MEDIUM: 112 bits of security (used to be %GNUTLS_SEC_PARAM_NORMAL)
829	* @GNUTLS_SEC_PARAM_HIGH: 128 bits of security
830	* @GNUTLS_SEC_PARAM_ULTRA: 192 bits of security
831	* @GNUTLS_SEC_PARAM_FUTURE: 256 bits of security
832	*
833	* Enumeration of security parameters for passive attacks.
834	*/
835	typedef enum {
836	GNUTLS_SEC_PARAM_UNKNOWN = `0`,
837	GNUTLS_SEC_PARAM_INSECURE = `5`,
838	GNUTLS_SEC_PARAM_EXPORT = `10`,
839	GNUTLS_SEC_PARAM_VERY_WEAK = `15`,
840	GNUTLS_SEC_PARAM_WEAK = `20`,
841	GNUTLS_SEC_PARAM_LOW = `25`,
842	GNUTLS_SEC_PARAM_LEGACY = `30`,
843	GNUTLS_SEC_PARAM_MEDIUM = `35`,
844	GNUTLS_SEC_PARAM_HIGH = `40`,
845	GNUTLS_SEC_PARAM_ULTRA = `45`,
846	GNUTLS_SEC_PARAM_FUTURE = `50`
847	} gnutls_sec_param_t;
848
849	/ old name /
850	#define GNUTLS_SEC_PARAM_NORMAL GNUTLS_SEC_PARAM_MEDIUM
851
852	/**
853	* gnutls_channel_binding_t:
854	* @GNUTLS_CB_TLS_UNIQUE: "tls-unique" (RFC 5929) channel binding
855	*
856	* Enumeration of support channel binding types.
857	*/
858	typedef enum {
859	GNUTLS_CB_TLS_UNIQUE
860	} gnutls_channel_binding_t;
861
862
863	/ If you want to change this, then also change the define in*
864	* gnutls_int.h, and recompile.
865	*/
866	typedef void *gnutls_transport_ptr_t;
867
868	struct gnutls_session_int;
869	typedef struct gnutls_session_int *gnutls_session_t;
870
871	struct gnutls_dh_params_int;
872	typedef struct gnutls_dh_params_int *gnutls_dh_params_t;
873
874	/ XXX ugly. /
875	struct gnutls_x509_privkey_int;
876	typedef struct gnutls_x509_privkey_int *gnutls_rsa_params_t;
877
878	struct gnutls_priority_st;
879	typedef struct gnutls_priority_st *gnutls_priority_t;
880
881	typedef struct {
882	unsigned char *data;
883	unsigned int size;
884	} gnutls_datum_t;
885
886
887	typedef struct gnutls_params_st {
888	gnutls_params_type_t type;
889	union params {
890	gnutls_dh_params_t dh;
891	gnutls_rsa_params_t rsa_export;
892	} params;
893	int deinit;
894	} gnutls_params_st;
895
896	typedef int gnutls_params_function(gnutls_session_t, gnutls_params_type_t,
897	gnutls_params_st *);
898
899	/ internal functions /
900
901	int gnutls_init(gnutls_session_t * session, unsigned int flags);
902	void gnutls_deinit(gnutls_session_t session);
903	#define _gnutls_deinit(x) gnutls_deinit(x)
904
905	int gnutls_bye(gnutls_session_t session, gnutls_close_request_t how);
906
907	int gnutls_handshake(gnutls_session_t session);
908
909	#define GNUTLS_DEFAULT_HANDSHAKE_TIMEOUT ((unsigned int)-1)
910	#define GNUTLS_INDEFINITE_TIMEOUT ((unsigned int)-2)
911	void gnutls_handshake_set_timeout(gnutls_session_t session,
912	unsigned int ms);
913	int gnutls_rehandshake(gnutls_session_t session);
914
915	gnutls_alert_description_t gnutls_alert_get(gnutls_session_t session);
916	int gnutls_alert_send(gnutls_session_t session,
917	gnutls_alert_level_t level,
918	gnutls_alert_description_t desc);
919	int gnutls_alert_send_appropriate(gnutls_session_t session, int err);
920	const char *gnutls_alert_get_name(gnutls_alert_description_t alert);
921	const char *gnutls_alert_get_strname(gnutls_alert_description_t alert);
922
923	gnutls_sec_param_t gnutls_pk_bits_to_sec_param(gnutls_pk_algorithm_t algo,
924	unsigned int bits);
925	const char *gnutls_sec_param_get_name(gnutls_sec_param_t param);
926	unsigned int gnutls_sec_param_to_pk_bits(gnutls_pk_algorithm_t algo,
927	gnutls_sec_param_t param);
928	unsigned int
929	gnutls_sec_param_to_symmetric_bits(gnutls_sec_param_t param) __GNUTLS_CONST__;
930
931	/ Elliptic curves /
932	const char *
933	gnutls_ecc_curve_get_name(gnutls_ecc_curve_t curve) __GNUTLS_CONST__;
934	const char *
935	gnutls_ecc_curve_get_oid(gnutls_ecc_curve_t curve) __GNUTLS_CONST__;
936
937	int
938	gnutls_ecc_curve_get_size(gnutls_ecc_curve_t curve) __GNUTLS_CONST__;
939	gnutls_ecc_curve_t gnutls_ecc_curve_get(gnutls_session_t session);
940
941	/ get information on the current session /
942	gnutls_cipher_algorithm_t gnutls_cipher_get(gnutls_session_t session);
943	gnutls_kx_algorithm_t gnutls_kx_get(gnutls_session_t session);
944	gnutls_mac_algorithm_t gnutls_mac_get(gnutls_session_t session);
945	gnutls_compression_method_t
946	gnutls_compression_get(gnutls_session_t session);
947	gnutls_certificate_type_t
948	gnutls_certificate_type_get(gnutls_session_t session);
949
950	int gnutls_sign_algorithm_get(gnutls_session_t session);
951	int gnutls_sign_algorithm_get_client(gnutls_session_t session);
952
953	int gnutls_sign_algorithm_get_requested(gnutls_session_t session,
954	size_t indx,
955	gnutls_sign_algorithm_t * algo);
956
957	/ the name of the specified algorithms /
958	const char *
959	gnutls_cipher_get_name(gnutls_cipher_algorithm_t algorithm) __GNUTLS_CONST__;
960	const char *
961	gnutls_mac_get_name(gnutls_mac_algorithm_t algorithm) __GNUTLS_CONST__;
962
963	const char *
964	gnutls_digest_get_name(gnutls_digest_algorithm_t algorithm) __GNUTLS_CONST__;
965	const char *
966	gnutls_digest_get_oid(gnutls_digest_algorithm_t algorithm) __GNUTLS_CONST__;
967
968	const char *
969	gnutls_compression_get_name(gnutls_compression_method_t
970	algorithm) __GNUTLS_CONST__;
971	const char *
972	gnutls_kx_get_name(gnutls_kx_algorithm_t algorithm) __GNUTLS_CONST__;
973	const char *
974	gnutls_certificate_type_get_name(gnutls_certificate_type_t
975	type) __GNUTLS_CONST__;
976	const char *
977	gnutls_pk_get_name(gnutls_pk_algorithm_t algorithm) __GNUTLS_CONST__;
978	const char *
979	gnutls_pk_get_oid(gnutls_pk_algorithm_t algorithm) __GNUTLS_CONST__;
980
981	const char *
982	gnutls_sign_get_name(gnutls_sign_algorithm_t algorithm) __GNUTLS_CONST__;
983	const char *
984	gnutls_sign_get_oid(gnutls_sign_algorithm_t algorithm) __GNUTLS_CONST__;
985
986	size_t
987	gnutls_cipher_get_key_size(gnutls_cipher_algorithm_t algorithm) __GNUTLS_CONST__;
988	size_t
989	gnutls_mac_get_key_size(gnutls_mac_algorithm_t algorithm) __GNUTLS_CONST__;
990
991	int gnutls_sign_is_secure(gnutls_sign_algorithm_t algorithm) __GNUTLS_CONST__;
992
993	gnutls_digest_algorithm_t
994	gnutls_sign_get_hash_algorithm(gnutls_sign_algorithm_t sign) __GNUTLS_CONST__;
995	gnutls_pk_algorithm_t
996	gnutls_sign_get_pk_algorithm(gnutls_sign_algorithm_t sign) __GNUTLS_CONST__;
997	gnutls_sign_algorithm_t
998	gnutls_pk_to_sign(gnutls_pk_algorithm_t pk,
999	gnutls_digest_algorithm_t hash) __GNUTLS_CONST__;
1000
1001	#define gnutls_sign_algorithm_get_name gnutls_sign_get_name
1002
1003	gnutls_mac_algorithm_t gnutls_mac_get_id(const char *name) __GNUTLS_CONST__;
1004	gnutls_digest_algorithm_t gnutls_digest_get_id(const char *name) __GNUTLS_CONST__;
1005
1006	gnutls_compression_method_t
1007	gnutls_compression_get_id(const char *name) __GNUTLS_CONST__;
1008	gnutls_cipher_algorithm_t
1009	gnutls_cipher_get_id(const char *name) __GNUTLS_CONST__;
1010
1011	gnutls_kx_algorithm_t
1012	gnutls_kx_get_id(const char *name) __GNUTLS_CONST__;
1013	gnutls_protocol_t
1014	gnutls_protocol_get_id(const char *name) __GNUTLS_CONST__;
1015	gnutls_certificate_type_t
1016	gnutls_certificate_type_get_id(const char *name) __GNUTLS_CONST__;
1017	gnutls_pk_algorithm_t
1018	gnutls_pk_get_id(const char *name) __GNUTLS_CONST__;
1019	gnutls_sign_algorithm_t
1020	gnutls_sign_get_id(const char *name) __GNUTLS_CONST__;
1021	gnutls_ecc_curve_t gnutls_ecc_curve_get_id(const char *name) __GNUTLS_CONST__;
1022	gnutls_pk_algorithm_t gnutls_ecc_curve_get_pk(gnutls_ecc_curve_t curve) __GNUTLS_CONST__;
1023
1024	gnutls_digest_algorithm_t
1025	gnutls_oid_to_digest(const char *oid) __GNUTLS_CONST__;
1026	gnutls_mac_algorithm_t
1027	gnutls_oid_to_mac(const char *oid) __GNUTLS_CONST__;
1028	gnutls_pk_algorithm_t
1029	gnutls_oid_to_pk(const char *oid) __GNUTLS_CONST__;
1030	gnutls_sign_algorithm_t
1031	gnutls_oid_to_sign(const char *oid) __GNUTLS_CONST__;
1032	gnutls_ecc_curve_t
1033	gnutls_oid_to_ecc_curve(const char *oid) __GNUTLS_CONST__;
1034
1035	/ list supported algorithms /
1036	const gnutls_ecc_curve_t *
1037	gnutls_ecc_curve_list(void) __GNUTLS_PURE__;
1038	const gnutls_cipher_algorithm_t *
1039	gnutls_cipher_list(void) __GNUTLS_PURE__;
1040	const gnutls_mac_algorithm_t *
1041	gnutls_mac_list(void) __GNUTLS_PURE__;
1042	const gnutls_digest_algorithm_t *
1043	gnutls_digest_list(void) __GNUTLS_PURE__;
1044	const gnutls_compression_method_t *
1045	gnutls_compression_list(void) __GNUTLS_PURE__;
1046	const gnutls_protocol_t *
1047	gnutls_protocol_list(void) __GNUTLS_PURE__;
1048	const gnutls_certificate_type_t *
1049	gnutls_certificate_type_list(void) __GNUTLS_PURE__;
1050	const gnutls_kx_algorithm_t *
1051	gnutls_kx_list(void) __GNUTLS_PURE__;
1052	const gnutls_pk_algorithm_t *
1053	gnutls_pk_list(void) __GNUTLS_PURE__;
1054	const gnutls_sign_algorithm_t *
1055	gnutls_sign_list(void) __GNUTLS_PURE__;
1056	const char *
1057	gnutls_cipher_suite_info(size_t idx,
1058	unsigned char *cs_id,
1059	gnutls_kx_algorithm_t * kx,
1060	gnutls_cipher_algorithm_t * cipher,
1061	gnutls_mac_algorithm_t * mac,
1062	gnutls_protocol_t * min_version);
1063
1064	/ error functions /
1065	int gnutls_error_is_fatal(int error) __GNUTLS_CONST__;
1066	int gnutls_error_to_alert(int err, int *level);
1067
1068	void gnutls_perror(int error);
1069	const char * gnutls_strerror(int error) __GNUTLS_CONST__;
1070	const char * gnutls_strerror_name(int error) __GNUTLS_CONST__;
1071
1072	/ Semi-internal functions.*
1073	*/
1074	void gnutls_handshake_set_private_extensions(gnutls_session_t session,
1075	int allow);
1076	int gnutls_handshake_set_random(gnutls_session_t session,
1077	const gnutls_datum_t * random);
1078
1079	gnutls_handshake_description_t
1080	gnutls_handshake_get_last_out(gnutls_session_t session);
1081	gnutls_handshake_description_t
1082	gnutls_handshake_get_last_in(gnutls_session_t session);
1083
1084	/ Record layer functions.*
1085	*/
1086	#define GNUTLS_HEARTBEAT_WAIT 1
1087	int gnutls_heartbeat_ping(gnutls_session_t session, size_t data_size,
1088	unsigned int max_tries, unsigned int flags);
1089	int gnutls_heartbeat_pong(gnutls_session_t session, unsigned int flags);
1090
1091	void gnutls_record_set_timeout(gnutls_session_t session, unsigned int ms);
1092	void gnutls_record_disable_padding(gnutls_session_t session);
1093
1094	void gnutls_record_cork(gnutls_session_t session);
1095	#define GNUTLS_RECORD_WAIT 1
1096	int gnutls_record_uncork(gnutls_session_t session, unsigned int flags);
1097	size_t gnutls_record_discard_queued(gnutls_session_t session);
1098
1099	int
1100	gnutls_record_get_state(gnutls_session_t session,
1101	unsigned read,
1102	gnutls_datum_t *mac_key,
1103	gnutls_datum_t *IV,
1104	gnutls_datum_t *cipher_key,
1105	unsigned char seq_number[`8`]);
1106
1107	int
1108	gnutls_record_set_state(gnutls_session_t session,
1109	unsigned read,
1110	unsigned char seq_number[`8`]);
1111
1112	typedef struct {
1113	size_t low;
1114	size_t high;
1115	} gnutls_range_st;
1116
1117	int gnutls_range_split(gnutls_session_t session,
1118	const gnutls_range_st * orig,
1119	gnutls_range_st * small_range,
1120	gnutls_range_st * rem_range);
1121
1122	ssize_t gnutls_record_send(gnutls_session_t session, const void *data,
1123	size_t data_size);
1124	ssize_t gnutls_record_send_range(gnutls_session_t session,
1125	const void *data, size_t data_size,
1126	const gnutls_range_st * range);
1127	ssize_t gnutls_record_recv(gnutls_session_t session, void *data,
1128	size_t data_size);
1129
1130	typedef struct mbuffer_st *gnutls_packet_t;
1131
1132	ssize_t
1133	gnutls_record_recv_packet(gnutls_session_t session,
1134	gnutls_packet_t *packet);
1135
1136	void gnutls_packet_get(gnutls_packet_t packet, gnutls_datum_t data, unsigned* char *sequence);
1137	void gnutls_packet_deinit(gnutls_packet_t packet);
1138
1139	#define gnutls_read gnutls_record_recv
1140	#define gnutls_write gnutls_record_send
1141	ssize_t gnutls_record_recv_seq(gnutls_session_t session, void *data,
1142	size_t data_size, unsigned char *seq);
1143
1144	size_t gnutls_record_overhead_size(gnutls_session_t session);
1145
1146	size_t
1147	gnutls_est_record_overhead_size(gnutls_protocol_t version,
1148	gnutls_cipher_algorithm_t cipher,
1149	gnutls_mac_algorithm_t mac,
1150	gnutls_compression_method_t comp,
1151	unsigned int flags) __GNUTLS_CONST__;
1152
1153	void gnutls_session_enable_compatibility_mode(gnutls_session_t session);
1154	#define gnutls_record_set_max_empty_records(session, x)
1155
1156	int gnutls_record_can_use_length_hiding(gnutls_session_t session);
1157
1158	int gnutls_record_get_direction(gnutls_session_t session);
1159
1160	size_t gnutls_record_get_max_size(gnutls_session_t session);
1161	ssize_t gnutls_record_set_max_size(gnutls_session_t session, size_t size);
1162
1163	size_t gnutls_record_check_pending(gnutls_session_t session);
1164	size_t gnutls_record_check_corked(gnutls_session_t session);
1165
1166	void gnutls_session_force_valid(gnutls_session_t session);
1167
1168	int gnutls_prf(gnutls_session_t session,
1169	size_t label_size, const char *label,
1170	int server_random_first,
1171	size_t extra_size, const char *extra,
1172	size_t outsize, char *out);
1173	int gnutls_prf_rfc5705(gnutls_session_t session,
1174	size_t label_size, const char *label,
1175	size_t context_size, const char *context,
1176	size_t outsize, char *out);
1177
1178	int gnutls_prf_raw(gnutls_session_t session,
1179	size_t label_size, const char *label,
1180	size_t seed_size, const char *seed,
1181	size_t outsize, char *out);
1182
1183	/**
1184	* gnutls_server_name_type_t:
1185	* @GNUTLS_NAME_DNS: Domain Name System name type.
1186	*
1187	* Enumeration of different server name types.
1188	*/
1189	typedef enum {
1190	GNUTLS_NAME_DNS = `1`
1191	} gnutls_server_name_type_t;
1192
1193	int gnutls_server_name_set(gnutls_session_t session,
1194	gnutls_server_name_type_t type,
1195	const void *name, size_t name_length);
1196
1197	int gnutls_server_name_get(gnutls_session_t session,
1198	void data, size_t data_length,
1199	unsigned int type, unsigned* int indx);
1200
1201	unsigned int gnutls_heartbeat_get_timeout(gnutls_session_t session);
1202	void gnutls_heartbeat_set_timeouts(gnutls_session_t session,
1203	unsigned int retrans_timeout,
1204	unsigned int total_timeout);
1205
1206	#define GNUTLS_HB_PEER_ALLOWED_TO_SEND (1)
1207	#define GNUTLS_HB_PEER_NOT_ALLOWED_TO_SEND (1<<1)
1208
1209	/ Heartbeat /
1210	void gnutls_heartbeat_enable(gnutls_session_t session, unsigned int type);
1211
1212	#define GNUTLS_HB_LOCAL_ALLOWED_TO_SEND (1<<2)
1213	int gnutls_heartbeat_allowed(gnutls_session_t session, unsigned int type);
1214
1215	/ Safe renegotiation /
1216	unsigned gnutls_safe_renegotiation_status(gnutls_session_t session);
1217	unsigned gnutls_session_ext_master_secret_status(gnutls_session_t session);
1218	unsigned gnutls_session_etm_status(gnutls_session_t session);
1219
1220	/**
1221	* gnutls_session_flags_t:
1222	* @GNUTLS_SFLAGS_SAFE_RENEGOTIATION: Safe renegotiation (RFC5746) was used
1223	* @GNUTLS_SFLAGS_EXT_MASTER_SECRET: The extended master secret (RFC7627) extension was used
1224	* @GNUTLS_SFLAGS_ETM: The encrypt then MAC (RFC7366) extension was used
1225	* @GNUTLS_SFLAGS_HB_LOCAL_SEND: The heartbeat negotiation allows the local side to send heartbeat messages
1226	* @GNUTLS_SFLAGS_HB_PEER_SEND: The heartbeat negotiation allows the peer to send heartbeat messages
1227	* @GNUTLS_SFLAGS_FALSE_START: The appdata set with gnutls_handshake_set_appdata() were sent during handshake (false start)
1228	*
1229	* Enumeration of different session parameters.
1230	*/
1231	typedef enum {
1232	GNUTLS_SFLAGS_SAFE_RENEGOTIATION = `1`,
1233	GNUTLS_SFLAGS_EXT_MASTER_SECRET = `1`<<`1`,
1234	GNUTLS_SFLAGS_ETM = `1`<<`2`,
1235	GNUTLS_SFLAGS_HB_LOCAL_SEND = `1`<<`3`,
1236	GNUTLS_SFLAGS_HB_PEER_SEND = `1`<<`4`,
1237	GNUTLS_SFLAGS_FALSE_START = `1`<<`5`
1238	} gnutls_session_flags_t;
1239
1240	unsigned gnutls_session_get_flags(gnutls_session_t session);
1241
1242	/**
1243	* gnutls_supplemental_data_format_type_t:
1244	* @GNUTLS_SUPPLEMENTAL_UNKNOWN: Unknown data format
1245	*
1246	* Enumeration of different supplemental data types (RFC 4680).
1247	*/
1248	typedef enum {
1249	GNUTLS_SUPPLEMENTAL_UNKNOWN = `0`,
1250	} gnutls_supplemental_data_format_type_t;
1251
1252	const char
1253	*gnutls_supplemental_get_name(gnutls_supplemental_data_format_type_t type);
1254
1255	/ SessionTicket, RFC 5077. /
1256	int gnutls_session_ticket_key_generate(gnutls_datum_t * key);
1257	int gnutls_session_ticket_enable_client(gnutls_session_t session);
1258	int gnutls_session_ticket_enable_server(gnutls_session_t session,
1259	const gnutls_datum_t * key);
1260
1261	/ SRTP, RFC 5764 /
1262
1263	/**
1264	* gnutls_srtp_profile_t:
1265	* @GNUTLS_SRTP_AES128_CM_HMAC_SHA1_80: 128 bit AES with a 80 bit HMAC-SHA1
1266	* @GNUTLS_SRTP_AES128_CM_HMAC_SHA1_32: 128 bit AES with a 32 bit HMAC-SHA1
1267	* @GNUTLS_SRTP_NULL_HMAC_SHA1_80: NULL cipher with a 80 bit HMAC-SHA1
1268	* @GNUTLS_SRTP_NULL_HMAC_SHA1_32: NULL cipher with a 32 bit HMAC-SHA1
1269	*
1270	* Enumeration of different SRTP protection profiles.
1271	*/
1272	typedef enum {
1273	GNUTLS_SRTP_AES128_CM_HMAC_SHA1_80 = `0x0001`,
1274	GNUTLS_SRTP_AES128_CM_HMAC_SHA1_32 = `0x0002`,
1275	GNUTLS_SRTP_NULL_HMAC_SHA1_80 = `0x0005`,
1276	GNUTLS_SRTP_NULL_HMAC_SHA1_32 = `0x0006`
1277	} gnutls_srtp_profile_t;
1278
1279	int gnutls_srtp_set_profile(gnutls_session_t session,
1280	gnutls_srtp_profile_t profile);
1281	int gnutls_srtp_set_profile_direct(gnutls_session_t session,
1282	const char *profiles,
1283	const char **err_pos);
1284	int gnutls_srtp_get_selected_profile(gnutls_session_t session,
1285	gnutls_srtp_profile_t * profile);
1286
1287	const char *gnutls_srtp_get_profile_name(gnutls_srtp_profile_t profile);
1288	int gnutls_srtp_get_profile_id(const char *name,
1289	gnutls_srtp_profile_t * profile);
1290	int gnutls_srtp_get_keys(gnutls_session_t session,
1291	void *key_material,
1292	unsigned int key_material_size,
1293	gnutls_datum_t * client_key,
1294	gnutls_datum_t * client_salt,
1295	gnutls_datum_t * server_key,
1296	gnutls_datum_t * server_salt);
1297
1298	int gnutls_srtp_set_mki(gnutls_session_t session,
1299	const gnutls_datum_t * mki);
1300	int gnutls_srtp_get_mki(gnutls_session_t session, gnutls_datum_t * mki);
1301
1302	/ ALPN TLS extension /
1303
1304	/**
1305	* gnutls_alpn_flags_t:
1306	* @GNUTLS_ALPN_MANDATORY: Require ALPN negotiation. The connection will be
1307	* aborted if no matching ALPN protocol is found.
1308	* @GNUTLS_ALPN_SERVER_PRECEDENCE: The choices set by the server
1309	* will take precedence over the client's.
1310	*
1311	* Enumeration of different ALPN flags. These are used by gnutls_alpn_set_protocols().
1312	*/
1313	typedef enum {
1314	GNUTLS_ALPN_MANDATORY = `1`,
1315	GNUTLS_ALPN_SERVER_PRECEDENCE = (`1`<<`1`)
1316	} gnutls_alpn_flags_t;
1317
1318	#define GNUTLS_ALPN_MAND GNUTLS_ALPN_MANDATORY
1319	int gnutls_alpn_get_selected_protocol(gnutls_session_t session,
1320	gnutls_datum_t * protocol);
1321	int gnutls_alpn_set_protocols(gnutls_session_t session,
1322	const gnutls_datum_t * protocols,
1323	unsigned protocols_size, unsigned flags);
1324
1325	int gnutls_key_generate(gnutls_datum_t * key, unsigned int key_size);
1326
1327	/ if you just want some defaults, use the following.*
1328	*/
1329
1330	int gnutls_priority_init(gnutls_priority_t * priority_cache,
1331	const char priorities, const* char **err_pos);
1332	void gnutls_priority_deinit(gnutls_priority_t priority_cache);
1333	int gnutls_priority_get_cipher_suite_index(gnutls_priority_t pcache,
1334	unsigned int idx,
1335	unsigned int *sidx);
1336
1337	#define GNUTLS_PRIORITY_LIST_INIT_KEYWORDS 1
1338	#define GNUTLS_PRIORITY_LIST_SPECIAL 2
1339	const char *
1340	gnutls_priority_string_list(unsigned iter, unsigned int flags);
1341
1342	int gnutls_priority_set(gnutls_session_t session,
1343	gnutls_priority_t priority);
1344	int gnutls_priority_set_direct(gnutls_session_t session,
1345	const char *priorities,
1346	const char **err_pos);
1347
1348	int gnutls_priority_certificate_type_list(gnutls_priority_t pcache,
1349	const unsigned int **list);
1350	int gnutls_priority_sign_list(gnutls_priority_t pcache,
1351	const unsigned int **list);
1352	int gnutls_priority_protocol_list(gnutls_priority_t pcache,
1353	const unsigned int **list);
1354	int gnutls_priority_compression_list(gnutls_priority_t pcache,
1355	const unsigned int **list);
1356	int gnutls_priority_ecc_curve_list(gnutls_priority_t pcache,
1357	const unsigned int **list);
1358
1359	int gnutls_priority_kx_list(gnutls_priority_t pcache,
1360	const unsigned int **list);
1361	int gnutls_priority_cipher_list(gnutls_priority_t pcache,
1362	const unsigned int **list);
1363	int gnutls_priority_mac_list(gnutls_priority_t pcache,
1364	const unsigned int **list);
1365
1366	/ for compatibility*
1367	*/
1368	int gnutls_set_default_priority(gnutls_session_t session);
1369
1370	/ Returns the name of a cipher suite /
1371	const char *
1372	gnutls_cipher_suite_get_name(gnutls_kx_algorithm_t kx_algorithm,
1373	gnutls_cipher_algorithm_t cipher_algorithm,
1374	gnutls_mac_algorithm_t mac_algorithm) __GNUTLS_CONST__;
1375
1376	/ get the currently used protocol version /
1377	gnutls_protocol_t gnutls_protocol_get_version(gnutls_session_t session);
1378
1379	const char *
1380	gnutls_protocol_get_name(gnutls_protocol_t version) __GNUTLS_CONST__;
1381
1382
1383	/ get/set session*
1384	*/
1385	int gnutls_session_set_data(gnutls_session_t session,
1386	const void *session_data,
1387	size_t session_data_size);
1388	int gnutls_session_get_data(gnutls_session_t session, void *session_data,
1389	size_t * session_data_size);
1390	int gnutls_session_get_data2(gnutls_session_t session,
1391	gnutls_datum_t * data);
1392	void gnutls_session_get_random(gnutls_session_t session,
1393	gnutls_datum_t * client,
1394	gnutls_datum_t * server);
1395
1396	void gnutls_session_get_master_secret(gnutls_session_t session,
1397	gnutls_datum_t * secret);
1398
1399	char *gnutls_session_get_desc(gnutls_session_t session);
1400
1401	typedef int gnutls_certificate_verify_function(gnutls_session_t);
1402	void gnutls_session_set_verify_function(gnutls_session_t session, gnutls_certificate_verify_function * func);
1403
1404	/**
1405	* gnutls_vdata_types_t:
1406	* @GNUTLS_DT_UNKNOWN: Unknown data type.
1407	* @GNUTLS_DT_DNS_HOSTNAME: The data contain a null-terminated DNS hostname; the hostname will be
1408	* matched using the RFC6125 rules.
1409	* @GNUTLS_DT_RFC822NAME: The data contain a null-terminated email address; the email will be
1410	* matched against the RFC822Name field of the certificate, or the EMAIL DN component if the
1411	* former isn't available. Prior to matching the email address will be converted to ACE
1412	* (ASCII-compatible-encoding).
1413	* @GNUTLS_DT_KEY_PURPOSE_OID: The data contain a null-terminated key purpose OID. It will be matched
1414	* against the certificate's Extended Key Usage extension.
1415	*
1416	* Enumeration of different typed-data options. They are used as input to certificate
1417	* verification functions to provide information about the name and purpose of the
1418	* certificate. Only a single option of a type can be provided to the relevant functions.
1419	*/
1420	typedef enum {
1421	GNUTLS_DT_UNKNOWN = `0`,
1422	GNUTLS_DT_DNS_HOSTNAME = `1`,
1423	GNUTLS_DT_KEY_PURPOSE_OID = `2`,
1424	GNUTLS_DT_RFC822NAME = `3`
1425	} gnutls_vdata_types_t;
1426
1427	typedef struct {
1428	gnutls_vdata_types_t type;
1429	unsigned char *data;
1430	unsigned int size;
1431	} gnutls_typed_vdata_st;
1432
1433	void gnutls_session_set_verify_cert(gnutls_session_t session,
1434	const char hostname, unsigned* flags);
1435
1436	void
1437	gnutls_session_set_verify_cert2(gnutls_session_t session,
1438	gnutls_typed_vdata_st * data,
1439	unsigned elements, unsigned flags);
1440
1441	unsigned int gnutls_session_get_verify_cert_status(gnutls_session_t);
1442
1443	int gnutls_session_set_premaster(gnutls_session_t session,
1444	unsigned int entity,
1445	gnutls_protocol_t version,
1446	gnutls_kx_algorithm_t kx,
1447	gnutls_cipher_algorithm_t cipher,
1448	gnutls_mac_algorithm_t mac,
1449	gnutls_compression_method_t comp,
1450	const gnutls_datum_t * master,
1451	const gnutls_datum_t * session_id);
1452
1453	/ returns the session ID /
1454	#define GNUTLS_MAX_SESSION_ID 32
1455	int gnutls_session_get_id(gnutls_session_t session, void *session_id,
1456	size_t * session_id_size);
1457	int gnutls_session_get_id2(gnutls_session_t session,
1458	gnutls_datum_t * session_id);
1459
1460	int gnutls_session_set_id(gnutls_session_t session,
1461	const gnutls_datum_t * sid);
1462
1463	int gnutls_session_channel_binding(gnutls_session_t session,
1464	gnutls_channel_binding_t cbtype,
1465	gnutls_datum_t * cb);
1466
1467	/ checks if this session is a resumed one*
1468	*/
1469	int gnutls_session_is_resumed(gnutls_session_t session);
1470	int gnutls_session_resumption_requested(gnutls_session_t session);
1471
1472	typedef int (gnutls_db_store_func) (void* *, gnutls_datum_t key,
1473	gnutls_datum_t data);
1474	typedef int (gnutls_db_remove_func) (void* *, gnutls_datum_t key);
1475	typedef gnutls_datum_t(gnutls_db_retr_func) (void* *, gnutls_datum_t key);
1476
1477	void gnutls_db_set_cache_expiration(gnutls_session_t session, int seconds);
1478	unsigned gnutls_db_get_default_cache_expiration(void);
1479
1480	void gnutls_db_remove_session(gnutls_session_t session);
1481	void gnutls_db_set_retrieve_function(gnutls_session_t session,
1482	gnutls_db_retr_func retr_func);
1483	void gnutls_db_set_remove_function(gnutls_session_t session,
1484	gnutls_db_remove_func rem_func);
1485	void gnutls_db_set_store_function(gnutls_session_t session,
1486	gnutls_db_store_func store_func);
1487	void gnutls_db_set_ptr(gnutls_session_t session, void *ptr);
1488	void *gnutls_db_get_ptr(gnutls_session_t session);
1489	int gnutls_db_check_entry(gnutls_session_t session,
1490	gnutls_datum_t session_entry);
1491	time_t gnutls_db_check_entry_time(gnutls_datum_t * entry);
1492
1493	/**
1494	* gnutls_handshake_hook_func:
1495	* @session: the current session
1496	* @htype: the type of the handshake message (%gnutls_handshake_description_t)
1497	* @post: non zero if this is a post-process/generation call and zero otherwise
1498	* @incoming: non zero if this is an incoming message and zero if this is an outgoing message
1499	* @msg: the (const) data of the handshake message without the handshake headers.
1500	*
1501	* Function prototype for handshake hooks. It is set using
1502	* gnutls_handshake_set_hook_function().
1503	*
1504	* Returns: Non zero on error.
1505	*/
1506	#define GNUTLS_HOOK_POST (1)
1507	#define GNUTLS_HOOK_PRE (0)
1508	#define GNUTLS_HOOK_BOTH (-1)
1509
1510	typedef int (*gnutls_handshake_hook_func) (gnutls_session_t,
1511	unsigned int htype,
1512	unsigned post,
1513	unsigned int incoming,
1514	const gnutls_datum_t *msg);
1515	void gnutls_handshake_set_hook_function(gnutls_session_t session,
1516	unsigned int htype, int post,
1517	gnutls_handshake_hook_func func);
1518
1519	#define gnutls_handshake_post_client_hello_func gnutls_handshake_simple_hook_func
1520	typedef int (*gnutls_handshake_simple_hook_func) (gnutls_session_t);
1521	void
1522	gnutls_handshake_set_post_client_hello_function(gnutls_session_t session,
1523	gnutls_handshake_simple_hook_func func);
1524
1525	void gnutls_handshake_set_max_packet_length(gnutls_session_t session,
1526	size_t max);
1527
1528	/ returns libgnutls version (call it with a NULL argument)*
1529	*/
1530	const char * gnutls_check_version(const char *req_version) __GNUTLS_CONST__;
1531
1532	/ A macro which will allow optimizing out calls to gnutls_check_version()*
1533	* when the version being compiled with is sufficient.
1534	* Used as:
1535	* if (gnutls_check_version_numerc(3,3,16)) {
1536	*/
1537	#define gnutls_check_version_numeric(a,b,c) \
1538	((GNUTLS_VERSION_MAJOR >= (a)) && \
1539	((GNUTLS_VERSION_NUMBER >= ( ((a) << 16) + ((b) << 8) + (c) )) \|\| \
1540	gnutls_check_version(#a "." #b "." #c)))
1541
1542	/ Functions for setting/clearing credentials*
1543	*/
1544	void gnutls_credentials_clear(gnutls_session_t session);
1545
1546	/ cred is a structure defined by the kx algorithm*
1547	*/
1548	int gnutls_credentials_set(gnutls_session_t session,
1549	gnutls_credentials_type_t type, void *cred);
1550	int gnutls_credentials_get(gnutls_session_t session,
1551	gnutls_credentials_type_t type, void **cred);
1552	#define gnutls_cred_set gnutls_credentials_set
1553
1554	/ x.509 types /
1555
1556	struct gnutls_pubkey_st;
1557	typedef struct gnutls_pubkey_st *gnutls_pubkey_t;
1558
1559	struct gnutls_privkey_st;
1560	typedef struct gnutls_privkey_st *gnutls_privkey_t;
1561
1562	struct gnutls_x509_privkey_int;
1563	typedef struct gnutls_x509_privkey_int *gnutls_x509_privkey_t;
1564
1565	struct gnutls_x509_crl_int;
1566	typedef struct gnutls_x509_crl_int *gnutls_x509_crl_t;
1567
1568	struct gnutls_x509_crt_int;
1569	typedef struct gnutls_x509_crt_int *gnutls_x509_crt_t;
1570
1571	struct gnutls_x509_crq_int;
1572	typedef struct gnutls_x509_crq_int *gnutls_x509_crq_t;
1573
1574	struct gnutls_openpgp_keyring_int;
1575	typedef struct gnutls_openpgp_keyring_int *gnutls_openpgp_keyring_t;
1576
1577
1578	/ Credential structures - used in gnutls_credentials_set(); /
1579
1580	struct gnutls_certificate_credentials_st;
1581	typedef struct gnutls_certificate_credentials_st
1582	*gnutls_certificate_credentials_t;
1583	typedef gnutls_certificate_credentials_t
1584	gnutls_certificate_server_credentials;
1585	typedef gnutls_certificate_credentials_t
1586	gnutls_certificate_client_credentials;
1587
1588	typedef struct gnutls_anon_server_credentials_st
1589	*gnutls_anon_server_credentials_t;
1590	typedef struct gnutls_anon_client_credentials_st
1591	*gnutls_anon_client_credentials_t;
1592
1593	void gnutls_anon_free_server_credentials(gnutls_anon_server_credentials_t
1594	sc);
1595	int
1596	gnutls_anon_allocate_server_credentials(gnutls_anon_server_credentials_t
1597	* sc);
1598
1599	void gnutls_anon_set_server_dh_params(gnutls_anon_server_credentials_t res,
1600	gnutls_dh_params_t dh_params);
1601
1602	int
1603	gnutls_anon_set_server_known_dh_params(gnutls_anon_server_credentials_t res,
1604	gnutls_sec_param_t sec_param);
1605
1606	void
1607	gnutls_anon_set_server_params_function(gnutls_anon_server_credentials_t
1608	res, gnutls_params_function * func);
1609
1610	void
1611	gnutls_anon_free_client_credentials(gnutls_anon_client_credentials_t sc);
1612	int
1613	gnutls_anon_allocate_client_credentials(gnutls_anon_client_credentials_t
1614	* sc);
1615
1616	/ CERTFILE is an x509 certificate in PEM form.*
1617	* KEYFILE is a pkcs-1 private key in PEM form (for RSA keys).
1618	*/
1619	void
1620	gnutls_certificate_free_credentials(gnutls_certificate_credentials_t sc);
1621	int
1622	gnutls_certificate_allocate_credentials(gnutls_certificate_credentials_t
1623	* res);
1624
1625	int
1626	gnutls_certificate_get_issuer(gnutls_certificate_credentials_t sc,
1627	gnutls_x509_crt_t cert,
1628	gnutls_x509_crt_t * issuer,
1629	unsigned int flags);
1630
1631	int gnutls_certificate_get_crt_raw(gnutls_certificate_credentials_t sc,
1632	unsigned idx1, unsigned idx2,
1633	gnutls_datum_t * cert);
1634
1635	int
1636	gnutls_certificate_get_x509_crt(gnutls_certificate_credentials_t res,
1637	unsigned index,
1638	gnutls_x509_crt_t **crt_list,
1639	unsigned *crt_list_size);
1640
1641	int
1642	gnutls_certificate_get_x509_key(gnutls_certificate_credentials_t res,
1643	unsigned index,
1644	gnutls_x509_privkey_t *key);
1645
1646	void gnutls_certificate_free_keys(gnutls_certificate_credentials_t sc);
1647	void gnutls_certificate_free_cas(gnutls_certificate_credentials_t sc);
1648	void gnutls_certificate_free_ca_names(gnutls_certificate_credentials_t sc);
1649	void gnutls_certificate_free_crls(gnutls_certificate_credentials_t sc);
1650
1651	void gnutls_certificate_set_dh_params(gnutls_certificate_credentials_t res,
1652	gnutls_dh_params_t dh_params);
1653
1654	int gnutls_certificate_set_known_dh_params(gnutls_certificate_credentials_t res,
1655	gnutls_sec_param_t sec_param);
1656	void gnutls_certificate_set_verify_flags(gnutls_certificate_credentials_t
1657	res, unsigned int flags);
1658	unsigned int
1659	gnutls_certificate_get_verify_flags(gnutls_certificate_credentials_t res);
1660
1661	/**
1662	* gnutls_certificate_flags:
1663	* @GNUTLS_CERTIFICATE_SKIP_KEY_CERT_MATCH: Skip the key and certificate matching check.
1664	* @GNUTLS_CERTIFICATE_API_V2: If set the gnutls_certificate_set_key functions will return an index of the added key pair instead of zero.
1665	*
1666	* Enumeration of different certificate credentials flags.
1667	*/
1668	typedef enum gnutls_certificate_flags {
1669	GNUTLS_CERTIFICATE_SKIP_KEY_CERT_MATCH = `1`,
1670	GNUTLS_CERTIFICATE_API_V2 = (`1`<<`1`)
1671	} gnutls_certificate_flags;
1672
1673	void gnutls_certificate_set_flags(gnutls_certificate_credentials_t,
1674	unsigned flags);
1675
1676	void gnutls_certificate_set_verify_limits(gnutls_certificate_credentials_t
1677	res, unsigned int max_bits,
1678	unsigned int max_depth);
1679
1680	unsigned int
1681	gnutls_certificate_get_verify_flags(gnutls_certificate_credentials_t);
1682
1683	int
1684	gnutls_certificate_set_x509_system_trust(gnutls_certificate_credentials_t
1685	cred);
1686
1687	int
1688	gnutls_certificate_set_x509_trust_file(gnutls_certificate_credentials_t
1689	cred, const char *cafile,
1690	gnutls_x509_crt_fmt_t type);
1691	int
1692	gnutls_certificate_set_x509_trust_dir(gnutls_certificate_credentials_t cred,
1693	const char *ca_dir,
1694	gnutls_x509_crt_fmt_t type);
1695
1696	int gnutls_certificate_set_x509_trust_mem(gnutls_certificate_credentials_t
1697	res, const gnutls_datum_t * ca,
1698	gnutls_x509_crt_fmt_t type);
1699
1700	int
1701	gnutls_certificate_set_x509_crl_file(gnutls_certificate_credentials_t
1702	res, const char *crlfile,
1703	gnutls_x509_crt_fmt_t type);
1704	int gnutls_certificate_set_x509_crl_mem(gnutls_certificate_credentials_t
1705	res, const gnutls_datum_t * CRL,
1706	gnutls_x509_crt_fmt_t type);
1707
1708	int
1709	gnutls_certificate_set_x509_key_file(gnutls_certificate_credentials_t
1710	res, const char *certfile,
1711	const char *keyfile,
1712	gnutls_x509_crt_fmt_t type);
1713
1714	int
1715	gnutls_certificate_set_x509_key_file2(gnutls_certificate_credentials_t
1716	res, const char *certfile,
1717	const char *keyfile,
1718	gnutls_x509_crt_fmt_t type,
1719	const char *pass,
1720	unsigned int flags);
1721
1722	int gnutls_certificate_set_x509_key_mem(gnutls_certificate_credentials_t
1723	res, const gnutls_datum_t * cert,
1724	const gnutls_datum_t * key,
1725	gnutls_x509_crt_fmt_t type);
1726
1727	int gnutls_certificate_set_x509_key_mem2(gnutls_certificate_credentials_t
1728	res, const gnutls_datum_t * cert,
1729	const gnutls_datum_t * key,
1730	gnutls_x509_crt_fmt_t type,
1731	const char *pass,
1732	unsigned int flags);
1733
1734	void gnutls_certificate_send_x509_rdn_sequence(gnutls_session_t session,
1735	int status);
1736
1737	int
1738	gnutls_certificate_set_x509_simple_pkcs12_file
1739	(gnutls_certificate_credentials_t res, const char *pkcs12file,
1740	gnutls_x509_crt_fmt_t type, const char *password);
1741	int
1742	gnutls_certificate_set_x509_simple_pkcs12_mem
1743	(gnutls_certificate_credentials_t res, const gnutls_datum_t * p12blob,
1744	gnutls_x509_crt_fmt_t type, const char *password);
1745
1746	/ New functions to allow setting already parsed X.509 stuff.*
1747	*/
1748
1749	int gnutls_certificate_set_x509_key(gnutls_certificate_credentials_t res,
1750	gnutls_x509_crt_t * cert_list,
1751	int cert_list_size,
1752	gnutls_x509_privkey_t key);
1753	int gnutls_certificate_set_x509_trust(gnutls_certificate_credentials_t res,
1754	gnutls_x509_crt_t * ca_list,
1755	int ca_list_size);
1756	int gnutls_certificate_set_x509_crl(gnutls_certificate_credentials_t res,
1757	gnutls_x509_crl_t * crl_list,
1758	int crl_list_size);
1759
1760	int gnutls_certificate_get_x509_key(gnutls_certificate_credentials_t res,
1761	unsigned index,
1762	gnutls_x509_privkey_t *key);
1763	int gnutls_certificate_get_x509_crt(gnutls_certificate_credentials_t res,
1764	unsigned index,
1765	gnutls_x509_crt_t **crt_list,
1766	unsigned *crt_list_size);
1767
1768	/ OCSP status request extension, RFC 6066 /
1769	typedef int (*gnutls_status_request_ocsp_func)
1770	(gnutls_session_t session, void ptr, gnutls_datum_t ocsp_response);
1771
1772	void
1773	gnutls_certificate_set_ocsp_status_request_function
1774	(gnutls_certificate_credentials_t res,
1775	gnutls_status_request_ocsp_func ocsp_func, void *ptr);
1776
1777	int
1778	gnutls_certificate_set_ocsp_status_request_function2
1779	(gnutls_certificate_credentials_t res, unsigned idx,
1780	gnutls_status_request_ocsp_func ocsp_func, void *ptr);
1781
1782	int
1783	gnutls_certificate_set_ocsp_status_request_file
1784	(gnutls_certificate_credentials_t res, const char *response_file,
1785	unsigned idx);
1786
1787	int gnutls_ocsp_status_request_enable_client(gnutls_session_t session,
1788	gnutls_datum_t * responder_id,
1789	size_t responder_id_size,
1790	gnutls_datum_t *
1791	request_extensions);
1792
1793	int gnutls_ocsp_status_request_get(gnutls_session_t session,
1794	gnutls_datum_t * response);
1795
1796	#define GNUTLS_OCSP_SR_IS_AVAIL 1
1797	int gnutls_ocsp_status_request_is_checked(gnutls_session_t session,
1798	unsigned int flags);
1799
1800	/ global state functions*
1801	*/
1802	int gnutls_global_init(void);
1803	void gnutls_global_deinit(void);
1804
1805	/**
1806	* gnutls_time_func:
1807	* @t: where to store time.
1808	*
1809	* Function prototype for time()-like function. Set with
1810	* gnutls_global_set_time_function().
1811	*
1812	* Returns: Number of seconds since the epoch, or (time_t)-1 on errors.
1813	*/
1814	typedef time_t(gnutls_time_func) (time_t t);
1815
1816	typedef int (mutex_init_func) (void* **mutex);
1817	typedef int (mutex_lock_func) (void* **mutex);
1818	typedef int (mutex_unlock_func) (void* **mutex);
1819	typedef int (mutex_deinit_func) (void* **mutex);
1820
1821	void gnutls_global_set_mutex(mutex_init_func init,
1822	mutex_deinit_func deinit,
1823	mutex_lock_func lock,
1824	mutex_unlock_func unlock);
1825
1826	typedef void (gnutls_alloc_function) (size_t);
1827	typedef void (gnutls_calloc_function) (size_t, size_t);
1828	typedef int (gnutls_is_secure_function) (const* void *);
1829	typedef void (gnutls_free_function) (void* *);
1830	typedef void (gnutls_realloc_function) (void *, size_t);
1831
1832	void gnutls_global_set_time_function(gnutls_time_func time_func);
1833
1834	/ For use in callbacks /
1835	extern _SYM_EXPORT gnutls_alloc_function gnutls_malloc;
1836	extern _SYM_EXPORT gnutls_realloc_function gnutls_realloc;
1837	extern _SYM_EXPORT gnutls_calloc_function gnutls_calloc;
1838	extern _SYM_EXPORT gnutls_free_function gnutls_free;
1839
1840	#ifdef GNUTLS_INTERNAL_BUILD
1841	#define gnutls_free(a) gnutls_free((void *) (a)), a=NULL
1842	#endif
1843
1844	extern _SYM_EXPORT char (gnutls_strdup) (const char *);
1845
1846	/ a variant of memset that doesn't get optimized out /
1847	void gnutls_memset(void data, int* c, size_t size);
1848
1849	/ constant time memcmp /
1850	int gnutls_memcmp(const void s1, const* void *s2, size_t n);
1851
1852	typedef void (gnutls_log_func) (int, const* char *);
1853	typedef void (gnutls_audit_log_func) (gnutls_session_t, const* char *);
1854	void gnutls_global_set_log_function(gnutls_log_func log_func);
1855	void gnutls_global_set_audit_log_function(gnutls_audit_log_func log_func);
1856	void gnutls_global_set_log_level(int level);
1857
1858	/ Diffie-Hellman parameter handling.*
1859	*/
1860	int gnutls_dh_params_init(gnutls_dh_params_t * dh_params);
1861	void gnutls_dh_params_deinit(gnutls_dh_params_t dh_params);
1862	int gnutls_dh_params_import_raw(gnutls_dh_params_t dh_params,
1863	const gnutls_datum_t * prime,
1864	const gnutls_datum_t * generator);
1865	int gnutls_dh_params_import_dsa(gnutls_dh_params_t dh_params, gnutls_x509_privkey_t key);
1866	int gnutls_dh_params_import_raw2(gnutls_dh_params_t dh_params,
1867	const gnutls_datum_t * prime,
1868	const gnutls_datum_t * generator,
1869	unsigned key_bits);
1870	int gnutls_dh_params_import_pkcs3(gnutls_dh_params_t params,
1871	const gnutls_datum_t * pkcs3_params,
1872	gnutls_x509_crt_fmt_t format);
1873	int gnutls_dh_params_generate2(gnutls_dh_params_t params,
1874	unsigned int bits);
1875	int gnutls_dh_params_export_pkcs3(gnutls_dh_params_t params,
1876	gnutls_x509_crt_fmt_t format,
1877	unsigned char *params_data,
1878	size_t * params_data_size);
1879	int gnutls_dh_params_export2_pkcs3(gnutls_dh_params_t params,
1880	gnutls_x509_crt_fmt_t format,
1881	gnutls_datum_t * out);
1882	int gnutls_dh_params_export_raw(gnutls_dh_params_t params,
1883	gnutls_datum_t * prime,
1884	gnutls_datum_t * generator,
1885	unsigned int *bits);
1886	int gnutls_dh_params_cpy(gnutls_dh_params_t dst, gnutls_dh_params_t src);
1887
1888
1889
1890	/ Session stuff*
1891	*/
1892	typedef struct {
1893	void *iov_base;
1894	size_t iov_len;
1895	} giovec_t;
1896
1897	typedef ssize_t(gnutls_pull_func) (gnutls_transport_ptr_t, void* *,
1898	size_t);
1899	typedef ssize_t(gnutls_push_func) (gnutls_transport_ptr_t, const* void *,
1900	size_t);
1901
1902	int gnutls_system_recv_timeout(gnutls_transport_ptr_t ptr, unsigned int ms);
1903	typedef int (*gnutls_pull_timeout_func) (gnutls_transport_ptr_t,
1904	unsigned int ms);
1905
1906	typedef ssize_t(*gnutls_vec_push_func) (gnutls_transport_ptr_t,
1907	const giovec_t * iov, int iovcnt);
1908
1909	typedef int (*gnutls_errno_func) (gnutls_transport_ptr_t);
1910
1911	#if 0
1912	/ This will be defined as macro. /
1913	void gnutls_transport_set_int (gnutls_session_t session, int r);
1914	#endif
1915
1916	void gnutls_transport_set_int2(gnutls_session_t session, int r, int s);
1917	#define gnutls_transport_set_int(s, i) gnutls_transport_set_int2(s, i, i)
1918
1919	void gnutls_transport_get_int2(gnutls_session_t session, int r, int* *s);
1920	int gnutls_transport_get_int(gnutls_session_t session);
1921
1922	void gnutls_transport_set_ptr(gnutls_session_t session,
1923	gnutls_transport_ptr_t ptr);
1924	void gnutls_transport_set_ptr2(gnutls_session_t session,
1925	gnutls_transport_ptr_t recv_ptr,
1926	gnutls_transport_ptr_t send_ptr);
1927
1928	gnutls_transport_ptr_t gnutls_transport_get_ptr(gnutls_session_t session);
1929	void gnutls_transport_get_ptr2(gnutls_session_t session,
1930	gnutls_transport_ptr_t * recv_ptr,
1931	gnutls_transport_ptr_t * send_ptr);
1932
1933	void gnutls_transport_set_vec_push_function(gnutls_session_t session,
1934	gnutls_vec_push_func vec_func);
1935	void gnutls_transport_set_push_function(gnutls_session_t session,
1936	gnutls_push_func push_func);
1937	void gnutls_transport_set_pull_function(gnutls_session_t session,
1938	gnutls_pull_func pull_func);
1939
1940	void gnutls_transport_set_pull_timeout_function(gnutls_session_t session,
1941	gnutls_pull_timeout_func
1942	func);
1943
1944	void gnutls_transport_set_errno_function(gnutls_session_t session,
1945	gnutls_errno_func errno_func);
1946
1947	void gnutls_transport_set_errno(gnutls_session_t session, int err);
1948
1949	/ session specific*
1950	*/
1951	void gnutls_session_set_ptr(gnutls_session_t session, void *ptr);
1952	void *gnutls_session_get_ptr(gnutls_session_t session);
1953
1954	void gnutls_openpgp_send_cert(gnutls_session_t session,
1955	gnutls_openpgp_crt_status_t status);
1956
1957	/ This function returns the hash of the given data.*
1958	*/
1959	int gnutls_fingerprint(gnutls_digest_algorithm_t algo,
1960	const gnutls_datum_t * data, void *result,
1961	size_t * result_size);
1962
1963	/**
1964	* gnutls_random_art_t:
1965	* @GNUTLS_RANDOM_ART_OPENSSH: OpenSSH-style random art.
1966	*
1967	* Enumeration of different random art types.
1968	*/
1969	typedef enum gnutls_random_art {
1970	GNUTLS_RANDOM_ART_OPENSSH = `1`
1971	} gnutls_random_art_t;
1972
1973	int gnutls_random_art(gnutls_random_art_t type,
1974	const char key_type, unsigned* int key_size,
1975	void fpr, size_t fpr_size, gnutls_datum_t art);
1976
1977	/ IDNA /
1978	#define GNUTLS_IDNA_FORCE_2008 (1<<1)
1979	int gnutls_idna_map(const char * input, unsigned ilen, gnutls_datum_t out, unsigned* flags);
1980	int gnutls_idna_reverse_map(const char input, unsigned* ilen, gnutls_datum_t out, unsigned* flags);
1981
1982	/ SRP*
1983	*/
1984
1985	typedef struct gnutls_srp_server_credentials_st
1986	*gnutls_srp_server_credentials_t;
1987	typedef struct gnutls_srp_client_credentials_st
1988	*gnutls_srp_client_credentials_t;
1989
1990	void
1991	gnutls_srp_free_client_credentials(gnutls_srp_client_credentials_t sc);
1992	int
1993	gnutls_srp_allocate_client_credentials(gnutls_srp_client_credentials_t *
1994	sc);
1995	int gnutls_srp_set_client_credentials(gnutls_srp_client_credentials_t res,
1996	const char *username,
1997	const char *password);
1998
1999	void
2000	gnutls_srp_free_server_credentials(gnutls_srp_server_credentials_t sc);
2001	int
2002	gnutls_srp_allocate_server_credentials(gnutls_srp_server_credentials_t *
2003	sc);
2004	int gnutls_srp_set_server_credentials_file(gnutls_srp_server_credentials_t
2005	res, const char *password_file,
2006	const char *password_conf_file);
2007
2008	const char *gnutls_srp_server_get_username(gnutls_session_t session);
2009
2010	void gnutls_srp_set_prime_bits(gnutls_session_t session,
2011	unsigned int bits);
2012
2013	int gnutls_srp_verifier(const char *username,
2014	const char *password,
2015	const gnutls_datum_t * salt,
2016	const gnutls_datum_t * generator,
2017	const gnutls_datum_t * prime,
2018	gnutls_datum_t * res);
2019
2020	/ The static parameters defined in draft-ietf-tls-srp-05*
2021	* Those should be used as input to gnutls_srp_verifier().
2022	*/
2023	extern _SYM_EXPORT const gnutls_datum_t gnutls_srp_4096_group_prime;
2024	extern _SYM_EXPORT const gnutls_datum_t gnutls_srp_4096_group_generator;
2025
2026	extern _SYM_EXPORT const gnutls_datum_t gnutls_srp_3072_group_prime;
2027	extern _SYM_EXPORT const gnutls_datum_t gnutls_srp_3072_group_generator;
2028
2029	extern _SYM_EXPORT const gnutls_datum_t gnutls_srp_2048_group_prime;
2030	extern _SYM_EXPORT const gnutls_datum_t gnutls_srp_2048_group_generator;
2031
2032	extern _SYM_EXPORT const gnutls_datum_t gnutls_srp_1536_group_prime;
2033	extern _SYM_EXPORT const gnutls_datum_t gnutls_srp_1536_group_generator;
2034
2035	extern _SYM_EXPORT const gnutls_datum_t gnutls_srp_1024_group_prime;
2036	extern _SYM_EXPORT const gnutls_datum_t gnutls_srp_1024_group_generator;
2037
2038	/ The static parameters defined in rfc7919*
2039	*/
2040
2041	extern _SYM_EXPORT const gnutls_datum_t gnutls_ffdhe_8192_group_prime;
2042	extern _SYM_EXPORT const gnutls_datum_t gnutls_ffdhe_8192_group_generator;
2043	extern _SYM_EXPORT const unsigned int gnutls_ffdhe_8192_key_bits;
2044
2045	extern _SYM_EXPORT const gnutls_datum_t gnutls_ffdhe_4096_group_prime;
2046	extern _SYM_EXPORT const gnutls_datum_t gnutls_ffdhe_4096_group_generator;
2047	extern _SYM_EXPORT const unsigned int gnutls_ffdhe_4096_key_bits;
2048
2049	extern _SYM_EXPORT const gnutls_datum_t gnutls_ffdhe_3072_group_prime;
2050	extern _SYM_EXPORT const gnutls_datum_t gnutls_ffdhe_3072_group_generator;
2051	extern _SYM_EXPORT const unsigned int gnutls_ffdhe_3072_key_bits;
2052
2053	extern _SYM_EXPORT const gnutls_datum_t gnutls_ffdhe_2048_group_prime;
2054	extern _SYM_EXPORT const gnutls_datum_t gnutls_ffdhe_2048_group_generator;
2055	extern _SYM_EXPORT const unsigned int gnutls_ffdhe_2048_key_bits;
2056
2057	typedef int gnutls_srp_server_credentials_function(gnutls_session_t,
2058	const char *username,
2059	gnutls_datum_t * salt,
2060	gnutls_datum_t *
2061	verifier,
2062	gnutls_datum_t *
2063	generator,
2064	gnutls_datum_t * prime);
2065	void
2066	gnutls_srp_set_server_credentials_function(gnutls_srp_server_credentials_t
2067	cred,
2068	gnutls_srp_server_credentials_function
2069	* func);
2070
2071	typedef int gnutls_srp_client_credentials_function(gnutls_session_t,
2072	char *, char* **);
2073	void
2074	gnutls_srp_set_client_credentials_function(gnutls_srp_client_credentials_t
2075	cred,
2076	gnutls_srp_client_credentials_function
2077	* func);
2078
2079	int gnutls_srp_base64_encode(const gnutls_datum_t * data, char *result,
2080	size_t * result_size);
2081	int gnutls_srp_base64_encode2(const gnutls_datum_t * data,
2082	gnutls_datum_t * result);
2083
2084	int gnutls_srp_base64_decode(const gnutls_datum_t * b64_data, char *result,
2085	size_t * result_size);
2086	int gnutls_srp_base64_decode2(const gnutls_datum_t * b64_data,
2087	gnutls_datum_t * result);
2088
2089	#define gnutls_srp_base64_encode_alloc gnutls_srp_base64_encode2
2090	#define gnutls_srp_base64_decode_alloc gnutls_srp_base64_decode2
2091
2092	void
2093	gnutls_srp_set_server_fake_salt_seed(gnutls_srp_server_credentials_t
2094	sc,
2095	const gnutls_datum_t * seed,
2096	unsigned int salt_length);
2097
2098	/ PSK stuff /
2099	typedef struct gnutls_psk_server_credentials_st
2100	*gnutls_psk_server_credentials_t;
2101	typedef struct gnutls_psk_client_credentials_st
2102	*gnutls_psk_client_credentials_t;
2103
2104	/**
2105	* gnutls_psk_key_flags:
2106	* @GNUTLS_PSK_KEY_RAW: PSK-key in raw format.
2107	* @GNUTLS_PSK_KEY_HEX: PSK-key in hex format.
2108	*
2109	* Enumeration of different PSK key flags.
2110	*/
2111	typedef enum gnutls_psk_key_flags {
2112	GNUTLS_PSK_KEY_RAW = `0`,
2113	GNUTLS_PSK_KEY_HEX
2114	} gnutls_psk_key_flags;
2115
2116	void
2117	gnutls_psk_free_client_credentials(gnutls_psk_client_credentials_t sc);
2118	int
2119	gnutls_psk_allocate_client_credentials(gnutls_psk_client_credentials_t *
2120	sc);
2121	int gnutls_psk_set_client_credentials(gnutls_psk_client_credentials_t res,
2122	const char *username,
2123	const gnutls_datum_t * key,
2124	gnutls_psk_key_flags flags);
2125
2126	void
2127	gnutls_psk_free_server_credentials(gnutls_psk_server_credentials_t sc);
2128	int
2129	gnutls_psk_allocate_server_credentials(gnutls_psk_server_credentials_t *
2130	sc);
2131	int gnutls_psk_set_server_credentials_file(gnutls_psk_server_credentials_t
2132	res, const char *password_file);
2133
2134	int
2135	gnutls_psk_set_server_credentials_hint(gnutls_psk_server_credentials_t
2136	res, const char *hint);
2137
2138	const char *gnutls_psk_server_get_username(gnutls_session_t session);
2139	const char *gnutls_psk_client_get_hint(gnutls_session_t session);
2140
2141	typedef int gnutls_psk_server_credentials_function(gnutls_session_t,
2142	const char *username,
2143	gnutls_datum_t * key);
2144	void
2145	gnutls_psk_set_server_credentials_function(gnutls_psk_server_credentials_t
2146	cred,
2147	gnutls_psk_server_credentials_function
2148	* func);
2149
2150	typedef int gnutls_psk_client_credentials_function(gnutls_session_t,
2151	char **username,
2152	gnutls_datum_t * key);
2153	void
2154	gnutls_psk_set_client_credentials_function(gnutls_psk_client_credentials_t
2155	cred,
2156	gnutls_psk_client_credentials_function
2157	* func);
2158
2159	int gnutls_hex_encode(const gnutls_datum_t * data, char *result,
2160	size_t * result_size);
2161	int gnutls_hex_decode(const gnutls_datum_t * hex_data, void *result,
2162	size_t * result_size);
2163
2164	int gnutls_hex_encode2(const gnutls_datum_t * data, gnutls_datum_t *result);
2165	int gnutls_hex_decode2(const gnutls_datum_t * data, gnutls_datum_t *result);
2166
2167	void
2168	gnutls_psk_set_server_dh_params(gnutls_psk_server_credentials_t res,
2169	gnutls_dh_params_t dh_params);
2170
2171	int
2172	gnutls_psk_set_server_known_dh_params(gnutls_psk_server_credentials_t res,
2173	gnutls_sec_param_t sec_param);
2174
2175	void
2176	gnutls_psk_set_server_params_function(gnutls_psk_server_credentials_t
2177	res, gnutls_params_function * func);
2178
2179	/**
2180	* gnutls_x509_subject_alt_name_t:
2181	* @GNUTLS_SAN_DNSNAME: DNS-name SAN.
2182	* @GNUTLS_SAN_RFC822NAME: E-mail address SAN.
2183	* @GNUTLS_SAN_URI: URI SAN.
2184	* @GNUTLS_SAN_IPADDRESS: IP address SAN.
2185	* @GNUTLS_SAN_OTHERNAME: OtherName SAN.
2186	* @GNUTLS_SAN_DN: DN SAN.
2187	* @GNUTLS_SAN_OTHERNAME_XMPP: Virtual SAN, used by certain functions for convenience.
2188	* @GNUTLS_SAN_OTHERNAME_KRB5PRINCIPAL: Virtual SAN, used by certain functions for convenience.
2189	*
2190	* Enumeration of different subject alternative names types.
2191	*/
2192	typedef enum gnutls_x509_subject_alt_name_t {
2193	GNUTLS_SAN_DNSNAME = `1`,
2194	GNUTLS_SAN_RFC822NAME = `2`,
2195	GNUTLS_SAN_URI = `3`,
2196	GNUTLS_SAN_IPADDRESS = `4`,
2197	GNUTLS_SAN_OTHERNAME = `5`,
2198	GNUTLS_SAN_DN = `6`,
2199	GNUTLS_SAN_MAX = GNUTLS_SAN_DN,
2200	/ The following are "virtual" subject alternative name types, in*
2201	that they are represented by an otherName value and an OID.
2202	Used by gnutls_x509_crt_get_subject_alt_othername_oid. /*
2203	GNUTLS_SAN_OTHERNAME_XMPP = `1000`,
2204	GNUTLS_SAN_OTHERNAME_KRB5PRINCIPAL
2205	} gnutls_x509_subject_alt_name_t;
2206
2207	struct gnutls_openpgp_crt_int;
2208	typedef struct gnutls_openpgp_crt_int *gnutls_openpgp_crt_t;
2209
2210	struct gnutls_openpgp_privkey_int;
2211	typedef struct gnutls_openpgp_privkey_int *gnutls_openpgp_privkey_t;
2212
2213	struct gnutls_pkcs11_privkey_st;
2214	typedef struct gnutls_pkcs11_privkey_st *gnutls_pkcs11_privkey_t;
2215
2216	/**
2217	* gnutls_privkey_type_t:
2218	* @GNUTLS_PRIVKEY_X509: X.509 private key, #gnutls_x509_privkey_t.
2219	* @GNUTLS_PRIVKEY_OPENPGP: OpenPGP private key, #gnutls_openpgp_privkey_t.
2220	* @GNUTLS_PRIVKEY_PKCS11: PKCS11 private key, #gnutls_pkcs11_privkey_t.
2221	* @GNUTLS_PRIVKEY_EXT: External private key, operating using callbacks.
2222	*
2223	* Enumeration of different private key types.
2224	*/
2225	typedef enum {
2226	GNUTLS_PRIVKEY_X509,
2227	GNUTLS_PRIVKEY_OPENPGP,
2228	GNUTLS_PRIVKEY_PKCS11,
2229	GNUTLS_PRIVKEY_EXT
2230	} gnutls_privkey_type_t;
2231
2232	typedef struct gnutls_retr2_st {
2233	gnutls_certificate_type_t cert_type;
2234	gnutls_privkey_type_t key_type;
2235
2236	union {
2237	gnutls_x509_crt_t *x509;
2238	gnutls_openpgp_crt_t pgp;
2239	} cert;
2240	unsigned int ncerts; / one for pgp keys /
2241
2242	union {
2243	gnutls_x509_privkey_t x509;
2244	gnutls_openpgp_privkey_t pgp;
2245	gnutls_pkcs11_privkey_t pkcs11;
2246	} key;
2247
2248	unsigned int deinit_all; / if non zero all keys will be deinited /
2249	} gnutls_retr2_st;
2250
2251
2252	/ Functions that allow auth_info_t structures handling*
2253	*/
2254
2255	gnutls_credentials_type_t gnutls_auth_get_type(gnutls_session_t session);
2256	gnutls_credentials_type_t
2257	gnutls_auth_server_get_type(gnutls_session_t session);
2258	gnutls_credentials_type_t
2259	gnutls_auth_client_get_type(gnutls_session_t session);
2260
2261	/ DH /
2262
2263	void gnutls_dh_set_prime_bits(gnutls_session_t session, unsigned int bits);
2264	int gnutls_dh_get_secret_bits(gnutls_session_t session);
2265	int gnutls_dh_get_peers_public_bits(gnutls_session_t session);
2266	int gnutls_dh_get_prime_bits(gnutls_session_t session);
2267
2268	int gnutls_dh_get_group(gnutls_session_t session, gnutls_datum_t * raw_gen,
2269	gnutls_datum_t * raw_prime);
2270	int gnutls_dh_get_pubkey(gnutls_session_t session,
2271	gnutls_datum_t * raw_key);
2272
2273	/ X509PKI /
2274
2275
2276	/ These are set on the credentials structure.*
2277	*/
2278
2279	/ use gnutls_certificate_set_retrieve_function2() in abstract.h*
2280	* instead. It's much more efficient.
2281	*/
2282
2283	typedef int gnutls_certificate_retrieve_function(gnutls_session_t,
2284	const
2285	gnutls_datum_t *
2286	req_ca_rdn,
2287	int nreqs,
2288	const
2289	gnutls_pk_algorithm_t
2290	* pk_algos,
2291	int
2292	pk_algos_length,
2293	gnutls_retr2_st *);
2294
2295
2296	void
2297	gnutls_certificate_set_retrieve_function(gnutls_certificate_credentials_t
2298	cred,
2299	gnutls_certificate_retrieve_function
2300	* func);
2301
2302	void
2303	gnutls_certificate_set_verify_function(gnutls_certificate_credentials_t
2304	cred,
2305	gnutls_certificate_verify_function
2306	* func);
2307
2308	void
2309	gnutls_certificate_server_set_request(gnutls_session_t session,
2310	gnutls_certificate_request_t req);
2311
2312	/ get data from the session*
2313	*/
2314	const gnutls_datum_t *gnutls_certificate_get_peers(gnutls_session_t
2315	session, unsigned int
2316	*list_size);
2317	const gnutls_datum_t *gnutls_certificate_get_ours(gnutls_session_t
2318	session);
2319
2320	int gnutls_certificate_get_peers_subkey_id(gnutls_session_t session,
2321	gnutls_datum_t * id);
2322
2323	time_t gnutls_certificate_activation_time_peers(gnutls_session_t session);
2324	time_t gnutls_certificate_expiration_time_peers(gnutls_session_t session);
2325
2326	int gnutls_certificate_client_get_request_status(gnutls_session_t session);
2327	int gnutls_certificate_verify_peers2(gnutls_session_t session,
2328	unsigned int *status);
2329	int gnutls_certificate_verify_peers3(gnutls_session_t session,
2330	const char *hostname,
2331	unsigned int *status);
2332
2333	int
2334	gnutls_certificate_verify_peers(gnutls_session_t session,
2335	gnutls_typed_vdata_st * data,
2336	unsigned int elements,
2337	unsigned int *status);
2338
2339	int gnutls_certificate_verification_status_print(unsigned int status,
2340	gnutls_certificate_type_t
2341	type,
2342	gnutls_datum_t * out,
2343	unsigned int flags);
2344
2345	int gnutls_pem_base64_encode(const char msg, const* gnutls_datum_t * data,
2346	char result, size_t result_size);
2347	int gnutls_pem_base64_decode(const char *header,
2348	const gnutls_datum_t * b64_data,
2349	unsigned char result, size_t result_size);
2350
2351	int gnutls_pem_base64_encode2(const char *msg,
2352	const gnutls_datum_t * data,
2353	gnutls_datum_t * result);
2354	int gnutls_pem_base64_decode2(const char *header,
2355	const gnutls_datum_t * b64_data,
2356	gnutls_datum_t * result);
2357
2358	#define gnutls_pem_base64_encode_alloc gnutls_pem_base64_encode2
2359	#define gnutls_pem_base64_decode_alloc gnutls_pem_base64_decode2
2360
2361	/ key_usage will be an OR of the following values:*
2362	*/
2363
2364	/ when the key is to be used for signing: /
2365	#define GNUTLS_KEY_DIGITAL_SIGNATURE 128
2366	#define GNUTLS_KEY_NON_REPUDIATION 64
2367	/ when the key is to be used for encryption: /
2368	#define GNUTLS_KEY_KEY_ENCIPHERMENT 32
2369	#define GNUTLS_KEY_DATA_ENCIPHERMENT 16
2370	#define GNUTLS_KEY_KEY_AGREEMENT 8
2371	#define GNUTLS_KEY_KEY_CERT_SIGN 4
2372	#define GNUTLS_KEY_CRL_SIGN 2
2373	#define GNUTLS_KEY_ENCIPHER_ONLY 1
2374	#define GNUTLS_KEY_DECIPHER_ONLY 32768
2375
2376	void
2377	gnutls_certificate_set_params_function(gnutls_certificate_credentials_t
2378	res, gnutls_params_function * func);
2379	void gnutls_anon_set_params_function(gnutls_anon_server_credentials_t res,
2380	gnutls_params_function * func);
2381	void gnutls_psk_set_params_function(gnutls_psk_server_credentials_t res,
2382	gnutls_params_function * func);
2383
2384	int gnutls_hex2bin(const char *hex_data, size_t hex_size,
2385	void bin_data, size_t bin_size);
2386
2387	/ Trust on first use (or ssh like) functions /
2388
2389	/ stores the provided information to a database*
2390	*/
2391	typedef int (gnutls_tdb_store_func) (const* char *db_name,
2392	const char *host,
2393	const char *service,
2394	time_t expiration,
2395	const gnutls_datum_t * pubkey);
2396
2397	typedef int (gnutls_tdb_store_commitment_func) (const* char *db_name,
2398	const char *host,
2399	const char *service,
2400	time_t expiration,
2401	gnutls_digest_algorithm_t
2402	hash_algo,
2403	const gnutls_datum_t *
2404	hash);
2405
2406	/ searches for the provided host/service pair that match the*
2407	* provided public key in the database. */
2408	typedef int (gnutls_tdb_verify_func) (const* char *db_name,
2409	const char *host,
2410	const char *service,
2411	const gnutls_datum_t * pubkey);
2412
2413
2414	struct gnutls_tdb_int;
2415	typedef struct gnutls_tdb_int *gnutls_tdb_t;
2416
2417	int gnutls_tdb_init(gnutls_tdb_t * tdb);
2418	void gnutls_tdb_set_store_func(gnutls_tdb_t tdb,
2419	gnutls_tdb_store_func store);
2420	void gnutls_tdb_set_store_commitment_func(gnutls_tdb_t tdb,
2421	gnutls_tdb_store_commitment_func
2422	cstore);
2423	void gnutls_tdb_set_verify_func(gnutls_tdb_t tdb,
2424	gnutls_tdb_verify_func verify);
2425	void gnutls_tdb_deinit(gnutls_tdb_t tdb);
2426
2427	int gnutls_verify_stored_pubkey(const char *db_name,
2428	gnutls_tdb_t tdb,
2429	const char *host,
2430	const char *service,
2431	gnutls_certificate_type_t cert_type,
2432	const gnutls_datum_t * cert,
2433	unsigned int flags);
2434
2435	#define GNUTLS_SCOMMIT_FLAG_ALLOW_BROKEN 1
2436	int gnutls_store_commitment(const char *db_name,
2437	gnutls_tdb_t tdb,
2438	const char *host,
2439	const char *service,
2440	gnutls_digest_algorithm_t hash_algo,
2441	const gnutls_datum_t * hash,
2442	time_t expiration, unsigned int flags);
2443
2444	int gnutls_store_pubkey(const char *db_name,
2445	gnutls_tdb_t tdb,
2446	const char *host,
2447	const char *service,
2448	gnutls_certificate_type_t cert_type,
2449	const gnutls_datum_t * cert,
2450	time_t expiration, unsigned int flags);
2451
2452	/ Other helper functions /
2453	int gnutls_load_file(const char filename, gnutls_datum_t data);
2454
2455	unsigned gnutls_url_is_supported(const char *url);
2456
2457	/ PIN callback /
2458
2459	/**
2460	* gnutls_pin_flag_t:
2461	* @GNUTLS_PIN_USER: The PIN for the user.
2462	* @GNUTLS_PIN_SO: The PIN for the security officer (admin).
2463	* @GNUTLS_PIN_CONTEXT_SPECIFIC: The PIN is for a specific action and key like signing.
2464	* @GNUTLS_PIN_FINAL_TRY: This is the final try before blocking.
2465	* @GNUTLS_PIN_COUNT_LOW: Few tries remain before token blocks.
2466	* @GNUTLS_PIN_WRONG: Last given PIN was not correct.
2467	*
2468	* Enumeration of different flags that are input to the PIN function.
2469	*/
2470	typedef enum {
2471	GNUTLS_PIN_USER = (`1` << `0`),
2472	GNUTLS_PIN_SO = (`1` << `1`),
2473	GNUTLS_PIN_FINAL_TRY = (`1` << `2`),
2474	GNUTLS_PIN_COUNT_LOW = (`1` << `3`),
2475	GNUTLS_PIN_CONTEXT_SPECIFIC = (`1` << `4`),
2476	GNUTLS_PIN_WRONG = (`1` << `5`)
2477	} gnutls_pin_flag_t;
2478
2479	#define GNUTLS_PKCS11_PIN_USER GNUTLS_PIN_USER
2480	#define GNUTLS_PKCS11_PIN_SO GNUTLS_PIN_SO
2481	#define GNUTLS_PKCS11_PIN_FINAL_TRY GNUTLS_PIN_FINAL_TRY
2482	#define GNUTLS_PKCS11_PIN_COUNT_LOW GNUTLS_PIN_COUNT_LOW
2483	#define GNUTLS_PKCS11_PIN_CONTEXT_SPECIFIC GNUTLS_PIN_CONTEXT_SPECIFIC
2484	#define GNUTLS_PKCS11_PIN_WRONG GNUTLS_PIN_WRONG
2485
2486	/**
2487	* gnutls_pin_callback_t:
2488	* @userdata: user-controlled data from gnutls_pkcs11_set_pin_function().
2489	* @attempt: pin-attempt counter, initially 0.
2490	* @token_url: URL of token.
2491	* @token_label: label of token.
2492	* @flags: a #gnutls_pin_flag_t flag.
2493	* @pin: buffer to hold PIN, of size @pin_max.
2494	* @pin_max: size of @pin buffer.
2495	*
2496	* Callback function type for PKCS#11 or TPM PIN entry. It is set by
2497	* functions like gnutls_pkcs11_set_pin_function().
2498	*
2499	* The callback should provides the PIN code to unlock the token with
2500	* label @token_label, specified by the URL @token_url.
2501	*
2502	* The PIN code, as a NUL-terminated ASCII string, should be copied
2503	* into the @pin buffer (of maximum size @pin_max), and return 0 to
2504	* indicate success. Alternatively, the callback may return a
2505	* negative gnutls error code to indicate failure and cancel PIN entry
2506	* (in which case, the contents of the @pin parameter are ignored).
2507	*
2508	* When a PIN is required, the callback will be invoked repeatedly
2509	* (and indefinitely) until either the returned PIN code is correct,
2510	* the callback returns failure, or the token refuses login (e.g. when
2511	* the token is locked due to too many incorrect PINs!). For the
2512	* first such invocation, the @attempt counter will have value zero;
2513	* it will increase by one for each subsequent attempt.
2514	*
2515	* Returns: %GNUTLS_E_SUCCESS (0) on success or a negative error code on error.
2516	*
2517	* Since: 2.12.0
2518	**/
2519	typedef int (gnutls_pin_callback_t) (void* userdata, int* attempt,
2520	const char *token_url,
2521	const char *token_label,
2522	unsigned int flags,
2523	char *pin, size_t pin_max);
2524
2525	void gnutls_certificate_set_pin_function(gnutls_certificate_credentials_t,
2526	gnutls_pin_callback_t fn,
2527	void *userdata);
2528
2529	/ Public string related functions /
2530	typedef struct gnutls_buffer_st *gnutls_buffer_t;
2531
2532	int gnutls_buffer_append_data(gnutls_buffer_t, const void *data, size_t data_size);
2533
2534	#define GNUTLS_UTF8_IGNORE_ERRS 1
2535	int gnutls_utf8_password_normalize(const unsigned char password, unsigned* password_len,
2536	gnutls_datum_t out, unsigned* flags);
2537
2538	/ Public extensions related functions /
2539
2540	typedef void *gnutls_ext_priv_data_t;
2541
2542	void gnutls_ext_set_data(gnutls_session_t session, unsigned type,
2543	gnutls_ext_priv_data_t);
2544	int gnutls_ext_get_data(gnutls_session_t session, unsigned type,
2545	gnutls_ext_priv_data_t *);
2546
2547	typedef int (*gnutls_ext_recv_func) (gnutls_session_t session,
2548	const unsigned char *data,
2549	size_t len);
2550
2551	typedef int (*gnutls_ext_send_func) (gnutls_session_t session,
2552	gnutls_buffer_t extdata);
2553
2554	typedef void (*gnutls_ext_deinit_data_func) (gnutls_ext_priv_data_t data);
2555
2556	typedef int (*gnutls_ext_pack_func) (gnutls_ext_priv_data_t data,
2557	gnutls_buffer_t packed_data);
2558
2559	typedef int (*gnutls_ext_unpack_func) (gnutls_buffer_t packed_data,
2560	gnutls_ext_priv_data_t *data);
2561
2562
2563	/**
2564	* gnutls_ext_parse_type_t:
2565	* @GNUTLS_EXT_NONE: Never parsed
2566	* @GNUTLS_EXT_ANY: Any extension type (internal use only).
2567	* @GNUTLS_EXT_APPLICATION: Application extension.
2568	* @GNUTLS_EXT_TLS: TLS-internal extension.
2569	* @GNUTLS_EXT_MANDATORY: Extension parsed even if resuming (or extensions are disabled).
2570	*
2571	* Enumeration of different TLS extension types. This type is
2572	* to indicate whether an extension is useful to application
2573	* level or TLS level only. This is used to parse the
2574	* application level extensions before the "client_hello" callback
2575	* is called.
2576	*/
2577	typedef enum {
2578	GNUTLS_EXT_ANY = `0`,
2579	GNUTLS_EXT_APPLICATION = `1`,
2580	GNUTLS_EXT_TLS = `2`,
2581	GNUTLS_EXT_MANDATORY = `3`,
2582	GNUTLS_EXT_NONE = `4`
2583	} gnutls_ext_parse_type_t;
2584
2585	/**
2586	* gnutls_ext_flags_t:
2587	* @GNUTLS_EXT_FLAG_OVERRIDE_INTERNAL: If specified the extension registered will override the internal; this does not work with extensions existing prior to 3.5.12.
2588	*
2589	* Enumeration of different TLS extension registration flags.
2590	*/
2591	typedef enum {
2592	GNUTLS_EXT_FLAG_OVERRIDE_INTERNAL = `1`
2593	} gnutls_ext_flags_t;
2594
2595	/ Register a custom tls extension*
2596	*/
2597	int gnutls_ext_register(const char name, int* type, gnutls_ext_parse_type_t parse_type,
2598	gnutls_ext_recv_func recv_func, gnutls_ext_send_func send_func,
2599	gnutls_ext_deinit_data_func deinit_func, gnutls_ext_pack_func pack_func,
2600	gnutls_ext_unpack_func unpack_func);
2601
2602	int gnutls_session_ext_register(gnutls_session_t, const char name, int* type, gnutls_ext_parse_type_t parse_type,
2603	gnutls_ext_recv_func recv_func, gnutls_ext_send_func send_func,
2604	gnutls_ext_deinit_data_func deinit_func, gnutls_ext_pack_func pack_func,
2605	gnutls_ext_unpack_func unpack_func, unsigned flags);
2606
2607	const char gnutls_ext_get_name(unsigned* int ext);
2608
2609	/ Public supplemental data related functions /
2610
2611	typedef int (*gnutls_supp_recv_func) (gnutls_session_t session,
2612	const unsigned char * data, size_t data_size);
2613	typedef int (*gnutls_supp_send_func) (gnutls_session_t session,
2614	gnutls_buffer_t buf);
2615
2616	int gnutls_supplemental_register(const char *name,
2617	gnutls_supplemental_data_format_type_t type,
2618	gnutls_supp_recv_func supp_recv_func,
2619	gnutls_supp_send_func supp_send_func);
2620
2621	int gnutls_session_supplemental_register(gnutls_session_t session, const char *name,
2622	gnutls_supplemental_data_format_type_t type,
2623	gnutls_supp_recv_func supp_recv_func,
2624	gnutls_supp_send_func supp_send_func,
2625	unsigned int flags);
2626
2627	void gnutls_supplemental_recv(gnutls_session_t session, unsigned do_recv_supplemental);
2628
2629	void gnutls_supplemental_send(gnutls_session_t session, unsigned do_send_supplemental);
2630
2631	/ FIPS140-2 related functions /
2632	unsigned gnutls_fips140_mode_enabled(void);
2633
2634	/ Gnutls error codes. The mapping to a TLS alert is also shown in*
2635	* comments.
2636	*/
2637
2638	#define GNUTLS_E_SUCCESS 0
2639	#define GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM -3
2640	#define GNUTLS_E_UNKNOWN_CIPHER_TYPE -6
2641	#define GNUTLS_E_LARGE_PACKET -7
2642	#define GNUTLS_E_UNSUPPORTED_VERSION_PACKET -8 /* GNUTLS_A_PROTOCOL_VERSION */
2643	#define GNUTLS_E_UNEXPECTED_PACKET_LENGTH -9 /* GNUTLS_A_RECORD_OVERFLOW */
2644	#define GNUTLS_E_INVALID_SESSION -10
2645	#define GNUTLS_E_FATAL_ALERT_RECEIVED -12
2646	#define GNUTLS_E_UNEXPECTED_PACKET -15 /* GNUTLS_A_UNEXPECTED_MESSAGE */
2647	#define GNUTLS_E_WARNING_ALERT_RECEIVED -16
2648	#define GNUTLS_E_ERROR_IN_FINISHED_PACKET -18
2649	#define GNUTLS_E_UNEXPECTED_HANDSHAKE_PACKET -19
2650	#define GNUTLS_E_UNKNOWN_CIPHER_SUITE -21 /* GNUTLS_A_HANDSHAKE_FAILURE */
2651	#define GNUTLS_E_UNWANTED_ALGORITHM -22
2652	#define GNUTLS_E_MPI_SCAN_FAILED -23
2653	#define GNUTLS_E_DECRYPTION_FAILED -24 /* GNUTLS_A_DECRYPTION_FAILED, GNUTLS_A_BAD_RECORD_MAC */
2654	#define GNUTLS_E_MEMORY_ERROR -25
2655	#define GNUTLS_E_DECOMPRESSION_FAILED -26 /* GNUTLS_A_DECOMPRESSION_FAILURE */
2656	#define GNUTLS_E_COMPRESSION_FAILED -27
2657	#define GNUTLS_E_AGAIN -28
2658	#define GNUTLS_E_EXPIRED -29
2659	#define GNUTLS_E_DB_ERROR -30
2660	#define GNUTLS_E_SRP_PWD_ERROR -31
2661	#define GNUTLS_E_INSUFFICIENT_CREDENTIALS -32
2662	#define GNUTLS_E_INSUFICIENT_CREDENTIALS GNUTLS_E_INSUFFICIENT_CREDENTIALS /* for backwards compatibility only */
2663	#define GNUTLS_E_INSUFFICIENT_CRED GNUTLS_E_INSUFFICIENT_CREDENTIALS
2664	#define GNUTLS_E_INSUFICIENT_CRED GNUTLS_E_INSUFFICIENT_CREDENTIALS /* for backwards compatibility only */
2665
2666	#define GNUTLS_E_HASH_FAILED -33
2667	#define GNUTLS_E_BASE64_DECODING_ERROR -34
2668
2669	#define GNUTLS_E_MPI_PRINT_FAILED -35
2670	#define GNUTLS_E_REHANDSHAKE -37 /* GNUTLS_A_NO_RENEGOTIATION */
2671	#define GNUTLS_E_GOT_APPLICATION_DATA -38
2672	#define GNUTLS_E_RECORD_LIMIT_REACHED -39
2673	#define GNUTLS_E_ENCRYPTION_FAILED -40
2674
2675	#define GNUTLS_E_PK_ENCRYPTION_FAILED -44
2676	#define GNUTLS_E_PK_DECRYPTION_FAILED -45
2677	#define GNUTLS_E_PK_SIGN_FAILED -46
2678	#define GNUTLS_E_X509_UNSUPPORTED_CRITICAL_EXTENSION -47
2679	#define GNUTLS_E_KEY_USAGE_VIOLATION -48
2680	#define GNUTLS_E_NO_CERTIFICATE_FOUND -49 /* GNUTLS_A_BAD_CERTIFICATE */
2681	#define GNUTLS_E_INVALID_REQUEST -50
2682	#define GNUTLS_E_SHORT_MEMORY_BUFFER -51
2683	#define GNUTLS_E_INTERRUPTED -52
2684	#define GNUTLS_E_PUSH_ERROR -53
2685	#define GNUTLS_E_PULL_ERROR -54
2686	#define GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER -55 /* GNUTLS_A_ILLEGAL_PARAMETER */
2687	#define GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE -56
2688	#define GNUTLS_E_PKCS1_WRONG_PAD -57
2689	#define GNUTLS_E_RECEIVED_ILLEGAL_EXTENSION -58
2690	#define GNUTLS_E_INTERNAL_ERROR -59
2691	#define GNUTLS_E_DH_PRIME_UNACCEPTABLE -63
2692	#define GNUTLS_E_FILE_ERROR -64
2693	#define GNUTLS_E_TOO_MANY_EMPTY_PACKETS -78
2694	#define GNUTLS_E_UNKNOWN_PK_ALGORITHM -80
2695	#define GNUTLS_E_TOO_MANY_HANDSHAKE_PACKETS -81
2696
2697	/ returned if you need to generate temporary RSA*
2698	* parameters. These are needed for export cipher suites.
2699	*/
2700	#define GNUTLS_E_NO_TEMPORARY_RSA_PARAMS -84
2701
2702	#define GNUTLS_E_NO_COMPRESSION_ALGORITHMS -86
2703	#define GNUTLS_E_NO_CIPHER_SUITES -87
2704
2705	#define GNUTLS_E_OPENPGP_GETKEY_FAILED -88
2706	#define GNUTLS_E_PK_SIG_VERIFY_FAILED -89
2707
2708	#define GNUTLS_E_ILLEGAL_SRP_USERNAME -90
2709	#define GNUTLS_E_SRP_PWD_PARSING_ERROR -91
2710	#define GNUTLS_E_NO_TEMPORARY_DH_PARAMS -93
2711
2712	/ For certificate and key stuff*
2713	*/
2714	#define GNUTLS_E_ASN1_ELEMENT_NOT_FOUND -67
2715	#define GNUTLS_E_ASN1_IDENTIFIER_NOT_FOUND -68
2716	#define GNUTLS_E_ASN1_DER_ERROR -69
2717	#define GNUTLS_E_ASN1_VALUE_NOT_FOUND -70
2718	#define GNUTLS_E_ASN1_GENERIC_ERROR -71
2719	#define GNUTLS_E_ASN1_VALUE_NOT_VALID -72
2720	#define GNUTLS_E_ASN1_TAG_ERROR -73
2721	#define GNUTLS_E_ASN1_TAG_IMPLICIT -74
2722	#define GNUTLS_E_ASN1_TYPE_ANY_ERROR -75
2723	#define GNUTLS_E_ASN1_SYNTAX_ERROR -76
2724	#define GNUTLS_E_ASN1_DER_OVERFLOW -77
2725	#define GNUTLS_E_OPENPGP_UID_REVOKED -79
2726	#define GNUTLS_E_CERTIFICATE_ERROR -43
2727	#define GNUTLS_E_X509_CERTIFICATE_ERROR GNUTLS_E_CERTIFICATE_ERROR
2728	#define GNUTLS_E_CERTIFICATE_KEY_MISMATCH -60
2729	#define GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE -61 /* GNUTLS_A_UNSUPPORTED_CERTIFICATE */
2730	#define GNUTLS_E_X509_UNKNOWN_SAN -62
2731	#define GNUTLS_E_OPENPGP_FINGERPRINT_UNSUPPORTED -94
2732	#define GNUTLS_E_X509_UNSUPPORTED_ATTRIBUTE -95
2733	#define GNUTLS_E_UNKNOWN_HASH_ALGORITHM -96
2734	#define GNUTLS_E_UNKNOWN_PKCS_CONTENT_TYPE -97
2735	#define GNUTLS_E_UNKNOWN_PKCS_BAG_TYPE -98
2736	#define GNUTLS_E_INVALID_PASSWORD -99
2737	#define GNUTLS_E_MAC_VERIFY_FAILED -100 /* for PKCS #12 MAC */
2738	#define GNUTLS_E_CONSTRAINT_ERROR -101
2739
2740	#define GNUTLS_E_WARNING_IA_IPHF_RECEIVED -102
2741	#define GNUTLS_E_WARNING_IA_FPHF_RECEIVED -103
2742
2743	#define GNUTLS_E_IA_VERIFY_FAILED -104
2744	#define GNUTLS_E_UNKNOWN_ALGORITHM -105
2745	#define GNUTLS_E_UNSUPPORTED_SIGNATURE_ALGORITHM -106
2746	#define GNUTLS_E_SAFE_RENEGOTIATION_FAILED -107
2747	#define GNUTLS_E_UNSAFE_RENEGOTIATION_DENIED -108
2748	#define GNUTLS_E_UNKNOWN_SRP_USERNAME -109
2749	#define GNUTLS_E_PREMATURE_TERMINATION -110
2750
2751	#define GNUTLS_E_MALFORMED_CIDR -111
2752
2753	#define GNUTLS_E_BASE64_ENCODING_ERROR -201
2754	#define GNUTLS_E_INCOMPATIBLE_GCRYPT_LIBRARY -202 /* obsolete */
2755	#define GNUTLS_E_INCOMPATIBLE_CRYPTO_LIBRARY -202
2756	#define GNUTLS_E_INCOMPATIBLE_LIBTASN1_LIBRARY -203
2757
2758	#define GNUTLS_E_OPENPGP_KEYRING_ERROR -204
2759	#define GNUTLS_E_X509_UNSUPPORTED_OID -205
2760
2761	#define GNUTLS_E_RANDOM_FAILED -206
2762	#define GNUTLS_E_BASE64_UNEXPECTED_HEADER_ERROR -207
2763
2764	#define GNUTLS_E_OPENPGP_SUBKEY_ERROR -208
2765
2766	#define GNUTLS_E_CRYPTO_ALREADY_REGISTERED GNUTLS_E_ALREADY_REGISTERED
2767	#define GNUTLS_E_ALREADY_REGISTERED -209
2768
2769	#define GNUTLS_E_HANDSHAKE_TOO_LARGE -210
2770
2771	#define GNUTLS_E_CRYPTODEV_IOCTL_ERROR -211
2772	#define GNUTLS_E_CRYPTODEV_DEVICE_ERROR -212
2773
2774	#define GNUTLS_E_CHANNEL_BINDING_NOT_AVAILABLE -213
2775	#define GNUTLS_E_BAD_COOKIE -214
2776	#define GNUTLS_E_OPENPGP_PREFERRED_KEY_ERROR -215
2777	#define GNUTLS_E_INCOMPAT_DSA_KEY_WITH_TLS_PROTOCOL -216
2778	#define GNUTLS_E_INSUFFICIENT_SECURITY -217
2779
2780	#define GNUTLS_E_HEARTBEAT_PONG_RECEIVED -292
2781	#define GNUTLS_E_HEARTBEAT_PING_RECEIVED -293
2782
2783	#define GNUTLS_E_UNRECOGNIZED_NAME -294
2784
2785	/ PKCS11 related /
2786	#define GNUTLS_E_PKCS11_ERROR -300
2787	#define GNUTLS_E_PKCS11_LOAD_ERROR -301
2788	#define GNUTLS_E_PARSING_ERROR -302
2789	#define GNUTLS_E_PKCS11_PIN_ERROR -303
2790
2791	#define GNUTLS_E_PKCS11_SLOT_ERROR -305
2792	#define GNUTLS_E_LOCKING_ERROR -306
2793	#define GNUTLS_E_PKCS11_ATTRIBUTE_ERROR -307
2794	#define GNUTLS_E_PKCS11_DEVICE_ERROR -308
2795	#define GNUTLS_E_PKCS11_DATA_ERROR -309
2796	#define GNUTLS_E_PKCS11_UNSUPPORTED_FEATURE_ERROR -310
2797	#define GNUTLS_E_PKCS11_KEY_ERROR -311
2798	#define GNUTLS_E_PKCS11_PIN_EXPIRED -312
2799	#define GNUTLS_E_PKCS11_PIN_LOCKED -313
2800	#define GNUTLS_E_PKCS11_SESSION_ERROR -314
2801	#define GNUTLS_E_PKCS11_SIGNATURE_ERROR -315
2802	#define GNUTLS_E_PKCS11_TOKEN_ERROR -316
2803	#define GNUTLS_E_PKCS11_USER_ERROR -317
2804
2805	#define GNUTLS_E_CRYPTO_INIT_FAILED -318
2806	#define GNUTLS_E_TIMEDOUT -319
2807	#define GNUTLS_E_USER_ERROR -320
2808	#define GNUTLS_E_ECC_NO_SUPPORTED_CURVES -321
2809	#define GNUTLS_E_ECC_UNSUPPORTED_CURVE -322
2810	#define GNUTLS_E_PKCS11_REQUESTED_OBJECT_NOT_AVAILBLE -323
2811	#define GNUTLS_E_CERTIFICATE_LIST_UNSORTED -324
2812	#define GNUTLS_E_ILLEGAL_PARAMETER -325
2813	#define GNUTLS_E_NO_PRIORITIES_WERE_SET -326
2814	#define GNUTLS_E_X509_UNSUPPORTED_EXTENSION -327
2815	#define GNUTLS_E_SESSION_EOF -328
2816
2817	#define GNUTLS_E_TPM_ERROR -329
2818	#define GNUTLS_E_TPM_KEY_PASSWORD_ERROR -330
2819	#define GNUTLS_E_TPM_SRK_PASSWORD_ERROR -331
2820	#define GNUTLS_E_TPM_SESSION_ERROR -332
2821	#define GNUTLS_E_TPM_KEY_NOT_FOUND -333
2822	#define GNUTLS_E_TPM_UNINITIALIZED -334
2823	#define GNUTLS_E_TPM_NO_LIB -335
2824
2825	#define GNUTLS_E_NO_CERTIFICATE_STATUS -340
2826	#define GNUTLS_E_OCSP_RESPONSE_ERROR -341
2827	#define GNUTLS_E_RANDOM_DEVICE_ERROR -342
2828	#define GNUTLS_E_AUTH_ERROR -343
2829	#define GNUTLS_E_NO_APPLICATION_PROTOCOL -344
2830	#define GNUTLS_E_SOCKETS_INIT_ERROR -345
2831	#define GNUTLS_E_KEY_IMPORT_FAILED -346
2832	#define GNUTLS_E_INAPPROPRIATE_FALLBACK -347 /GNUTLS_A_INAPPROPRIATE_FALLBACK/
2833	#define GNUTLS_E_CERTIFICATE_VERIFICATION_ERROR -348
2834	#define GNUTLS_E_PRIVKEY_VERIFICATION_ERROR -349
2835	#define GNUTLS_E_UNEXPECTED_EXTENSIONS_LENGTH -350 /GNUTLS_A_DECODE_ERROR/
2836	#define GNUTLS_E_ASN1_EMBEDDED_NULL_IN_STRING -351
2837
2838	#define GNUTLS_E_SELF_TEST_ERROR -400
2839	#define GNUTLS_E_NO_SELF_TEST -401
2840	#define GNUTLS_E_LIB_IN_ERROR_STATE -402
2841	#define GNUTLS_E_PK_GENERATION_ERROR -403
2842	#define GNUTLS_E_IDNA_ERROR -404
2843
2844	#define GNUTLS_E_NEED_FALLBACK -405
2845	#define GNUTLS_E_SESSION_USER_ID_CHANGED -406
2846	#define GNUTLS_E_HANDSHAKE_DURING_FALSE_START -407
2847	#define GNUTLS_E_UNAVAILABLE_DURING_HANDSHAKE -408
2848	#define GNUTLS_E_PK_INVALID_PUBKEY -409
2849	#define GNUTLS_E_PK_INVALID_PRIVKEY -410
2850	#define GNUTLS_E_NOT_YET_ACTIVATED -411
2851	#define GNUTLS_E_INVALID_UTF8_STRING -412
2852	#define GNUTLS_E_NO_EMBEDDED_DATA -413
2853	#define GNUTLS_E_INVALID_UTF8_EMAIL -414
2854	#define GNUTLS_E_INVALID_PASSWORD_STRING -415
2855
2856	#define GNUTLS_E_UNIMPLEMENTED_FEATURE -1250
2857
2858
2859
2860	#define GNUTLS_E_APPLICATION_ERROR_MAX -65000
2861	#define GNUTLS_E_APPLICATION_ERROR_MIN -65500
2862
2863	/ INDENT-OFF /
2864	#ifdef __cplusplus
2865	}
2866	#endif
2867	/ INDENT-ON /
2868
2869	#include <gnutls/compat.h>
2870
2871	#endif /* GNUTLS_H */
2872

Browse the source code of include/gnutls/gnutls.h