diff options
author | Simon Josefsson <simon@josefsson.org> | 2009-05-13 16:48:39 +0200 |
---|---|---|
committer | Simon Josefsson <simon@josefsson.org> | 2009-05-13 16:48:39 +0200 |
commit | 1171b013f2947285860a4f2fc9b6c6a0e4f7444c (patch) | |
tree | 2f2bb6981c19a0cb49ed485140fb02426c4687ed | |
parent | 9672cabfd2d943fd405eb088aa4c026afb9d66c5 (diff) | |
download | gnutls-1171b013f2947285860a4f2fc9b6c6a0e4f7444c.tar.gz |
Doc fixes for GTK-DOC.
-rw-r--r-- | lib/ext_server_name.c | 120 | ||||
-rw-r--r-- | lib/gnutls_priority.c | 58 | ||||
-rw-r--r-- | lib/gnutls_record.c | 44 | ||||
-rw-r--r-- | lib/gnutls_srp.c | 6 | ||||
-rw-r--r-- | lib/gnutls_state.c | 3 | ||||
-rw-r--r-- | lib/gnutls_ui.c | 6 | ||||
-rw-r--r-- | lib/gnutls_x509.c | 124 | ||||
-rw-r--r-- | lib/includes/gnutls/gnutls.h.in | 176 | ||||
-rw-r--r-- | lib/includes/gnutls/x509.h | 20 | ||||
-rw-r--r-- | lib/x509/crq.c | 40 | ||||
-rw-r--r-- | lib/x509/dn.c | 26 | ||||
-rw-r--r-- | lib/x509/pkcs7.c | 12 | ||||
-rw-r--r-- | lib/x509/privkey.c | 2 | ||||
-rw-r--r-- | lib/x509/verify.c | 22 | ||||
-rw-r--r-- | lib/x509/x509.c | 120 | ||||
-rw-r--r-- | lib/x509/x509_write.c | 10 |
16 files changed, 408 insertions, 381 deletions
diff --git a/lib/ext_server_name.c b/lib/ext_server_name.c index 9eab7e9db3..69413ae9c9 100644 --- a/lib/ext_server_name.c +++ b/lib/ext_server_name.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2002, 2003, 2004, 2005, 2008 Free Software Foundation + * Copyright (C) 2002, 2003, 2004, 2005, 2008, 2009 Free Software Foundation * * Author: Nikos Mavrogiannopoulos * @@ -28,13 +28,13 @@ #include "gnutls_num.h" #include <ext_server_name.h> -/* - * In case of a server: if a NAME_DNS extension type is received then it stores - * into the session the value of NAME_DNS. The server may use gnutls_ext_get_server_name(), - * in order to access it. +/* + * In case of a server: if a NAME_DNS extension type is received then + * it stores into the session the value of NAME_DNS. The server may + * use gnutls_ext_get_server_name(), in order to access it. * - * In case of a client: If a proper NAME_DNS extension type is found in the session then - * it sends the extension to the peer. + * In case of a client: If a proper NAME_DNS extension type is found + * in the session then it sends the extension to the peer. * */ @@ -146,7 +146,7 @@ _gnutls_server_name_send_params (gnutls_session_t session, ssize_t data_size = _data_size; int total_size = 0; - /* this function sends the client extension data (dnsname) + /* this function sends the client extension data (dnsname) */ if (session->security_parameters.entity == GNUTLS_CLIENT) { @@ -154,26 +154,26 @@ _gnutls_server_name_send_params (gnutls_session_t session, if (session->security_parameters.extensions.server_names_size == 0) return 0; - /* uint16_t + /* uint16_t */ total_size = 2; for (i = 0; i < session->security_parameters.extensions.server_names_size; i++) { - /* count the total size + /* count the total size */ len = session->security_parameters.extensions.server_names[i]. name_length; - /* uint8_t + uint16_t + size + /* uint8_t + uint16_t + size */ total_size += 1 + 2 + len; } p = data; - /* UINT16: write total size of all names + /* UINT16: write total size of all names */ DECR_LENGTH_RET (data_size, 2, GNUTLS_E_SHORT_MEMORY_BUFFER); _gnutls_write_uint16 (total_size - 2, p); @@ -223,28 +223,33 @@ _gnutls_server_name_send_params (gnutls_session_t session, } /** - * gnutls_server_name_get - Used to get the server name indicator send by a client - * @session: is a #gnutls_session_t structure. - * @data: will hold the data - * @data_length: will hold the data length. Must hold the maximum size of data. - * @type: will hold the server name indicator type - * @indx: is the index of the server_name - * - * This function will allow you to get the name indication (if any), - * a client has sent. The name indication may be any of the enumeration - * gnutls_server_name_type_t. - * - * If @type is GNUTLS_NAME_DNS, then this function is to be used by servers - * that support virtual hosting, and the data will be a null terminated UTF-8 string. - * - * If @data has not enough size to hold the server name GNUTLS_E_SHORT_MEMORY_BUFFER - * is returned, and @data_length will hold the required size. - * - * @index is used to retrieve more than one server names (if sent by the client). - * The first server name has an index of 0, the second 1 and so on. If no name with the given - * index exists GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE is returned. - * - **/ + * gnutls_server_name_get - Used to get the server name indicator send by a client + * @session: is a #gnutls_session_t structure. + * @data: will hold the data + * @data_length: will hold the data length. Must hold the maximum size of data. + * @type: will hold the server name indicator type + * @indx: is the index of the server_name + * + * This function will allow you to get the name indication (if any), a + * client has sent. The name indication may be any of the enumeration + * gnutls_server_name_type_t. + * + * If @type is GNUTLS_NAME_DNS, then this function is to be used by + * servers that support virtual hosting, and the data will be a null + * terminated UTF-8 string. + * + * If @data has not enough size to hold the server name + * GNUTLS_E_SHORT_MEMORY_BUFFER is returned, and @data_length will + * hold the required size. + * + * @index is used to retrieve more than one server names (if sent by + * the client). The first server name has an index of 0, the second 1 + * and so on. If no name with the given index exists + * GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE is returned. + * + * Returns: On success, %GNUTLS_E_SUCCESS (zero) is returned, + * otherwise an error code is returned. + **/ int gnutls_server_name_get (gnutls_session_t session, void *data, size_t * data_length, @@ -291,22 +296,25 @@ gnutls_server_name_get (gnutls_session_t session, void *data, } /** - * gnutls_server_name_set - Used to set a name indicator to be sent as an extension - * @session: is a #gnutls_session_t structure. - * @type: specifies the indicator type - * @name: is a string that contains the server name. - * @name_length: holds the length of name - * - * This function is to be used by clients that want to inform - * (via a TLS extension mechanism) the server of the name they - * connected to. This should be used by clients that connect - * to servers that do virtual hosting. - * - * The value of @name depends on the @ind type. In case of GNUTLS_NAME_DNS, - * an ASCII or UTF-8 null terminated string, without the trailing dot, is expected. - * IPv4 or IPv6 addresses are not permitted. - * - **/ + * gnutls_server_name_set - set a name indicator to be sent as an extension + * @session: is a #gnutls_session_t structure. + * @type: specifies the indicator type + * @name: is a string that contains the server name. + * @name_length: holds the length of name + * + * This function is to be used by clients that want to inform (via a + * TLS extension mechanism) the server of the name they connected to. + * This should be used by clients that connect to servers that do + * virtual hosting. + * + * The value of @name depends on the @ind type. In case of + * GNUTLS_NAME_DNS, an ASCII or UTF-8 null terminated string, without + * the trailing dot, is expected. IPv4 or IPv6 addresses are not + * permitted. + * + * Returns: On success, %GNUTLS_E_SUCCESS (zero) is returned, + * otherwise an error code is returned. + **/ int gnutls_server_name_set (gnutls_session_t session, gnutls_server_name_type_t type, @@ -323,19 +331,17 @@ gnutls_server_name_set (gnutls_session_t session, if (name_length > MAX_SERVER_NAME_SIZE) return GNUTLS_E_SHORT_MEMORY_BUFFER; - server_names = - session->security_parameters.extensions.server_names_size + 1; + server_names = session->security_parameters.extensions.server_names_size + 1; if (server_names > MAX_SERVER_NAME_EXTENSIONS) server_names = MAX_SERVER_NAME_EXTENSIONS; - session->security_parameters.extensions.server_names[server_names - - 1].type = type; + session->security_parameters.extensions.server_names + [server_names - 1].type = type; memcpy (session->security_parameters.extensions. server_names[server_names - 1].name, name, name_length); - session->security_parameters.extensions.server_names[server_names - - 1].name_length = - name_length; + session->security_parameters.extensions.server_names + [server_names - 1].name_length = name_length; session->security_parameters.extensions.server_names_size++; diff --git a/lib/gnutls_priority.c b/lib/gnutls_priority.c index f6bdb12d3f..a47b70acdc 100644 --- a/lib/gnutls_priority.c +++ b/lib/gnutls_priority.c @@ -404,15 +404,15 @@ prio_add (priority_st * priority_list, unsigned int algo) /** - * gnutls_priority_set - Sets priorities for the cipher suites supported by gnutls. - * @session: is a #gnutls_session_t structure. - * @priority: is a #gnutls_priority_t structure. - * - * Sets the priorities to use on the ciphers, key exchange methods, - * macs and compression methods. - * - * Returns: %GNUTLS_E_SUCCESS on success, or an error code. - **/ + * gnutls_priority_set - Sets priorities for the cipher suites supported by gnutls. + * @session: is a #gnutls_session_t structure. + * @priority: is a #gnutls_priority_t structure. + * + * Sets the priorities to use on the ciphers, key exchange methods, + * macs and compression methods. + * + * Returns: %GNUTLS_E_SUCCESS on success, or an error code. + **/ int gnutls_priority_set (gnutls_session_t session, gnutls_priority_t priority) { @@ -677,12 +677,11 @@ error: } /** - * gnutls_priority_deinit - Deinitialize the priorities cache for the cipher suites supported by gnutls. - * @priority_cache: is a #gnutls_prioritity_t structure. - * - * Deinitializes the priority cache. - * - **/ + * gnutls_priority_deinit - deinitialize the priorities cache + * @priority_cache: is a #gnutls_prioritity_t structure. + * + * Deinitializes the priority cache. + **/ void gnutls_priority_deinit (gnutls_priority_t priority_cache) { @@ -691,21 +690,22 @@ gnutls_priority_deinit (gnutls_priority_t priority_cache) /** - * gnutls_priority_set_direct - Sets priorities for the cipher suites supported by gnutls. - * @session: is a #gnutls_session_t structure. - * @priorities: is a string describing priorities - * @err_pos: In case of an error this will have the position in the string the error occured - * - * Sets the priorities to use on the ciphers, key exchange methods, - * macs and compression methods. This function avoids keeping a - * priority cache and is used to directly set string priorities to a - * TLS session. For documentation check the gnutls_priority_init(). - * - * Returns: On syntax error %GNUTLS_E_INVALID_REQUEST is returned, - * %GNUTLS_E_SUCCESS on success, or an error code. - **/ + * gnutls_priority_set_direct - Sets priorities for the cipher suites supported by gnutls. + * @session: is a #gnutls_session_t structure. + * @priorities: is a string describing priorities + * @err_pos: In case of an error this will have the position in the string the error occured + * + * Sets the priorities to use on the ciphers, key exchange methods, + * macs and compression methods. This function avoids keeping a + * priority cache and is used to directly set string priorities to a + * TLS session. For documentation check the gnutls_priority_init(). + * + * Returns: On syntax error %GNUTLS_E_INVALID_REQUEST is returned, + * %GNUTLS_E_SUCCESS on success, or an error code. + **/ int -gnutls_priority_set_direct (gnutls_session_t session, const char *priorities, +gnutls_priority_set_direct (gnutls_session_t session, + const char *priorities, const char **err_pos) { gnutls_priority_t prio; diff --git a/lib/gnutls_record.c b/lib/gnutls_record.c index 96d2630d05..2b36235858 100644 --- a/lib/gnutls_record.c +++ b/lib/gnutls_record.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation + * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation * * Author: Nikos Mavrogiannopoulos * @@ -1176,9 +1176,10 @@ gnutls_record_recv (gnutls_session_t session, void *data, size_t sizeofdata) * gnutls_record_get_max_size - returns the maximum record size * @session: is a #gnutls_session_t structure. * - * This function returns the maximum record packet size in this - * connection. The maximum record size is negotiated by the client - * after the first handshake message. + * Get the record size. The maximum record size is negotiated by the + * client after the first handshake message. + * + * Returns: The maximum record packet size in this connection. **/ size_t gnutls_record_get_max_size (gnutls_session_t session) @@ -1191,22 +1192,25 @@ gnutls_record_get_max_size (gnutls_session_t session) /** - * gnutls_record_set_max_size - sets the maximum record size - * @session: is a #gnutls_session_t structure. - * @size: is the new size - * - * This function sets the maximum record packet size in this - * connection. This property can only be set to clients. The server - * may choose not to accept the requested size. - * - * Acceptable values are 512(=2^9), 1024(=2^10), 2048(=2^11) and - * 4096(=2^12). Returns 0 on success. The requested record size does - * get in effect immediately only while sending data. The receive - * part will take effect after a successful handshake. - * - * This function uses a TLS extension called 'max record size'. Not - * all TLS implementations use or even understand this extension. - **/ + * gnutls_record_set_max_size - sets the maximum record size + * @session: is a #gnutls_session_t structure. + * @size: is the new size + * + * This function sets the maximum record packet size in this + * connection. This property can only be set to clients. The server + * may choose not to accept the requested size. + * + * Acceptable values are 512(=2^9), 1024(=2^10), 2048(=2^11) and + * 4096(=2^12). The requested record size does get in effect + * immediately only while sending data. The receive part will take + * effect after a successful handshake. + * + * This function uses a TLS extension called 'max record size'. Not + * all TLS implementations use or even understand this extension. + * + * Returns: On success, %GNUTLS_E_SUCCESS (zero) is returned, + * otherwise an error code is returned. + **/ ssize_t gnutls_record_set_max_size (gnutls_session_t session, size_t size) { diff --git a/lib/gnutls_srp.c b/lib/gnutls_srp.c index 2d0b0695bb..c5b4141813 100644 --- a/lib/gnutls_srp.c +++ b/lib/gnutls_srp.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2001, 2002, 2003, 2004, 2005, 2008 Free Software Foundation + * Copyright (C) 2001, 2002, 2003, 2004, 2005, 2008, 2009 Free Software Foundation * * Author: Nikos Mavrogiannopoulos * @@ -519,8 +519,8 @@ gnutls_srp_allocate_server_credentials (gnutls_srp_server_credentials_t * sc) * error code. **/ int -gnutls_srp_set_server_credentials_file (gnutls_srp_server_credentials_t - res, const char *password_file, +gnutls_srp_set_server_credentials_file (gnutls_srp_server_credentials_t res, + const char *password_file, const char *password_conf_file) { diff --git a/lib/gnutls_state.c b/lib/gnutls_state.c index 30e8fe60d9..31b0c84c7e 100644 --- a/lib/gnutls_state.c +++ b/lib/gnutls_state.c @@ -1326,8 +1326,7 @@ _gnutls_rsa_pms_set_version (gnutls_session_t session, **/ void gnutls_handshake_set_post_client_hello_function (gnutls_session_t session, - gnutls_handshake_post_client_hello_func - func) + gnutls_handshake_post_client_hello_func func) { session->internals.user_hello_func = func; } diff --git a/lib/gnutls_ui.c b/lib/gnutls_ui.c index 36c4eba4d7..c5d45af4ec 100644 --- a/lib/gnutls_ui.c +++ b/lib/gnutls_ui.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2001, 2002, 2003, 2004, 2005, 2008 Free Software Foundation + * Copyright (C) 2001, 2002, 2003, 2004, 2005, 2008, 2009 Free Software Foundation * * Author: Nikos Mavrogiannopoulos * @@ -641,8 +641,8 @@ gnutls_certificate_set_verify_flags (gnutls_certificate_credentials_t * limits. **/ void -gnutls_certificate_set_verify_limits (gnutls_certificate_credentials_t - res, unsigned int max_bits, +gnutls_certificate_set_verify_limits (gnutls_certificate_credentials_t res, + unsigned int max_bits, unsigned int max_depth) { res->verify_depth = max_depth; diff --git a/lib/gnutls_x509.c b/lib/gnutls_x509.c index 5ca740698d..2d879c87a7 100644 --- a/lib/gnutls_x509.c +++ b/lib/gnutls_x509.c @@ -653,44 +653,44 @@ read_key_file (gnutls_certificate_credentials_t res, } /** - * gnutls_certificate_set_x509_key_mem - Used to set keys in a gnutls_certificate_credentials_t structure - * @res: is an #gnutls_certificate_credentials_t structure. - * @cert: contains a certificate list (path) for the specified private key - * @key: is the private key, or %NULL - * @type: is PEM or DER - * - * This function sets a certificate/private key pair in the - * gnutls_certificate_credentials_t structure. This function may be called - * more than once (in case multiple keys/certificates exist for the - * server). - * - * Currently are supported: RSA PKCS-1 encoded private keys, - * DSA private keys. - * - * DSA private keys are encoded the OpenSSL way, which is an ASN.1 - * DER sequence of 6 INTEGERs - version, p, q, g, pub, priv. - * - * Note that the keyUsage (2.5.29.15) PKIX extension in X.509 certificates - * is supported. This means that certificates intended for signing cannot - * be used for ciphersuites that require encryption. - * - * If the certificate and the private key are given in PEM encoding - * then the strings that hold their values must be null terminated. - * - * The @key may be %NULL if you are using a sign callback, see - * gnutls_sign_callback_set(). - * - * Returns: %GNUTLS_E_SUCCESS on success, or an error code. - **/ + * gnutls_certificate_set_x509_key_mem - Used to set keys in a gnutls_certificate_credentials_t structure + * @res: is an #gnutls_certificate_credentials_t structure. + * @cert: contains a certificate list (path) for the specified private key + * @key: is the private key, or %NULL + * @type: is PEM or DER + * + * This function sets a certificate/private key pair in the + * gnutls_certificate_credentials_t structure. This function may be called + * more than once (in case multiple keys/certificates exist for the + * server). + * + * Currently are supported: RSA PKCS-1 encoded private keys, + * DSA private keys. + * + * DSA private keys are encoded the OpenSSL way, which is an ASN.1 + * DER sequence of 6 INTEGERs - version, p, q, g, pub, priv. + * + * Note that the keyUsage (2.5.29.15) PKIX extension in X.509 certificates + * is supported. This means that certificates intended for signing cannot + * be used for ciphersuites that require encryption. + * + * If the certificate and the private key are given in PEM encoding + * then the strings that hold their values must be null terminated. + * + * The @key may be %NULL if you are using a sign callback, see + * gnutls_sign_callback_set(). + * + * Returns: %GNUTLS_E_SUCCESS on success, or an error code. + **/ int -gnutls_certificate_set_x509_key_mem (gnutls_certificate_credentials_t - res, const gnutls_datum_t * cert, +gnutls_certificate_set_x509_key_mem (gnutls_certificate_credentials_t res, + const gnutls_datum_t * cert, const gnutls_datum_t * key, gnutls_x509_crt_fmt_t type) { int ret; - /* this should be first + /* this should be first */ if ((ret = read_key_mem (res, key ? key->data : NULL, key ? key->size : 0, type)) < 0) @@ -798,37 +798,37 @@ gnutls_certificate_set_x509_key (gnutls_certificate_credentials_t res, } /** - * gnutls_certificate_set_x509_key_file - Used to set keys in a gnutls_certificate_credentials_t structure - * @res: is an #gnutls_certificate_credentials_t structure. - * @CERTFILE: is a file that containing the certificate list (path) for - * the specified private key, in PKCS7 format, or a list of certificates - * @KEYFILE: is a file that contains the private key - * @type: is PEM or DER - * - * This function sets a certificate/private key pair in the - * gnutls_certificate_credentials_t structure. This function may be - * called more than once (in case multiple keys/certificates exist - * for the server). - * - * Currently only PKCS-1 encoded RSA and DSA private keys are accepted by - * this function. - * - * Returns: %GNUTLS_E_SUCCESS on success, or an error code. - **/ + * gnutls_certificate_set_x509_key_file - Used to set keys in a gnutls_certificate_credentials_t structure + * @res: is an #gnutls_certificate_credentials_t structure. + * @certfile: is a file that containing the certificate list (path) for + * the specified private key, in PKCS7 format, or a list of certificates + * @keyfile: is a file that contains the private key + * @type: is PEM or DER + * + * This function sets a certificate/private key pair in the + * gnutls_certificate_credentials_t structure. This function may be + * called more than once (in case multiple keys/certificates exist + * for the server). + * + * Currently only PKCS-1 encoded RSA and DSA private keys are accepted by + * this function. + * + * Returns: %GNUTLS_E_SUCCESS on success, or an error code. + **/ int -gnutls_certificate_set_x509_key_file (gnutls_certificate_credentials_t - res, const char *CERTFILE, - const char *KEYFILE, +gnutls_certificate_set_x509_key_file (gnutls_certificate_credentials_t res, + const char *certfile, + const char *keyfile, gnutls_x509_crt_fmt_t type) { int ret; /* this should be first */ - if ((ret = read_key_file (res, KEYFILE, type)) < 0) + if ((ret = read_key_file (res, keyfile, type)) < 0) return ret; - if ((ret = read_cert_file (res, CERTFILE, type)) < 0) + if ((ret = read_cert_file (res, certfile, type)) < 0) return ret; res->ncerts++; @@ -1117,8 +1117,8 @@ parse_der_ca_mem (gnutls_x509_crt_t ** cert_list, unsigned *ncerts, * on error. **/ int -gnutls_certificate_set_x509_trust_mem (gnutls_certificate_credentials_t - res, const gnutls_datum_t * ca, +gnutls_certificate_set_x509_trust_mem (gnutls_certificate_credentials_t res, + const gnutls_datum_t * ca, gnutls_x509_crt_fmt_t type) { int ret, ret2; @@ -1219,8 +1219,8 @@ gnutls_certificate_set_x509_trust (gnutls_certificate_credentials_t res, * error. **/ int -gnutls_certificate_set_x509_trust_file (gnutls_certificate_credentials_t - res, const char *cafile, +gnutls_certificate_set_x509_trust_file (gnutls_certificate_credentials_t res, + const char *cafile, gnutls_x509_crt_fmt_t type) { int ret, ret2; @@ -1434,8 +1434,8 @@ read_crl_mem (gnutls_certificate_credentials_t res, const void *crl, * Returns: number of CRLs processed, or a negative value on error. **/ int -gnutls_certificate_set_x509_crl_mem (gnutls_certificate_credentials_t - res, const gnutls_datum_t * CRL, +gnutls_certificate_set_x509_crl_mem (gnutls_certificate_credentials_t res, + const gnutls_datum_t * CRL, gnutls_x509_crt_fmt_t type) { int ret; @@ -1516,8 +1516,8 @@ gnutls_certificate_set_x509_crl (gnutls_certificate_credentials_t res, * Returns: number of CRLs processed or a negative value on error. **/ int -gnutls_certificate_set_x509_crl_file (gnutls_certificate_credentials_t - res, const char *crlfile, +gnutls_certificate_set_x509_crl_file (gnutls_certificate_credentials_t res, + const char *crlfile, gnutls_x509_crt_fmt_t type) { int ret; diff --git a/lib/includes/gnutls/gnutls.h.in b/lib/includes/gnutls/gnutls.h.in index ed7c6f34b8..ca3e206beb 100644 --- a/lib/includes/gnutls/gnutls.h.in +++ b/lib/includes/gnutls/gnutls.h.in @@ -395,10 +395,10 @@ extern "C" { gnutls_cipher_algorithm_t gnutls_cipher_get (gnutls_session_t session); gnutls_kx_algorithm_t gnutls_kx_get (gnutls_session_t session); gnutls_mac_algorithm_t gnutls_mac_get (gnutls_session_t session); - gnutls_compression_method_t gnutls_compression_get (gnutls_session_t - session); - gnutls_certificate_type_t gnutls_certificate_type_get (gnutls_session_t - session); + gnutls_compression_method_t + gnutls_compression_get (gnutls_session_t session); + gnutls_certificate_type_t + gnutls_certificate_type_get (gnutls_session_t session); size_t gnutls_cipher_get_key_size (gnutls_cipher_algorithm_t algorithm); size_t gnutls_mac_get_key_size (gnutls_mac_algorithm_t algorithm); @@ -406,11 +406,11 @@ extern "C" { /* the name of the specified algorithms */ const char *gnutls_cipher_get_name (gnutls_cipher_algorithm_t algorithm); const char *gnutls_mac_get_name (gnutls_mac_algorithm_t algorithm); - const char *gnutls_compression_get_name (gnutls_compression_method_t - algorithm); + const char * + gnutls_compression_get_name (gnutls_compression_method_t algorithm); const char *gnutls_kx_get_name (gnutls_kx_algorithm_t algorithm); - const char *gnutls_certificate_type_get_name (gnutls_certificate_type_t - type); + const char * + gnutls_certificate_type_get_name (gnutls_certificate_type_t type); const char *gnutls_pk_get_name (gnutls_pk_algorithm_t algorithm); const char *gnutls_sign_get_name (gnutls_sign_algorithm_t algorithm); @@ -568,11 +568,16 @@ extern "C" { /* if you just want some defaults, use the following. */ - int gnutls_priority_init( gnutls_priority_t*, const char *priority, const char** err_pos); - void gnutls_priority_deinit( gnutls_priority_t); - - int gnutls_priority_set(gnutls_session_t session, gnutls_priority_t); - int gnutls_priority_set_direct(gnutls_session_t session, const char *priority, const char** err_pos); + int gnutls_priority_init (gnutls_priority_t *priority_cache, + const char *priority, + const char** err_pos); + void gnutls_priority_deinit (gnutls_priority_t); + + int gnutls_priority_set (gnutls_session_t session, + gnutls_priority_t priority); + int gnutls_priority_set_direct (gnutls_session_t session, + const char *priority, + const char** err_pos); /* for compatibility */ @@ -649,9 +654,10 @@ extern "C" { gnutls_datum_t session_entry); typedef int (*gnutls_handshake_post_client_hello_func)(gnutls_session_t); - void gnutls_handshake_set_post_client_hello_function(gnutls_session_t, - gnutls_handshake_post_client_hello_func); - + void + gnutls_handshake_set_post_client_hello_function(gnutls_session_t session, + gnutls_handshake_post_client_hello_func func); + void gnutls_handshake_set_max_packet_length (gnutls_session_t session, size_t max); @@ -715,37 +721,44 @@ extern "C" { void gnutls_certificate_set_dh_params (gnutls_certificate_credentials_t res, gnutls_dh_params_t dh_params); void - gnutls_certificate_set_rsa_export_params (gnutls_certificate_credentials_t - res, - gnutls_rsa_params_t rsa_params); - void gnutls_certificate_set_verify_flags (gnutls_certificate_credentials_t - res, unsigned int flags); - void gnutls_certificate_set_verify_limits (gnutls_certificate_credentials_t - res, unsigned int max_bits, - unsigned int max_depth); - - int gnutls_certificate_set_x509_trust_file (gnutls_certificate_credentials_t - res, const char *CAFILE, - gnutls_x509_crt_fmt_t type); - int gnutls_certificate_set_x509_trust_mem (gnutls_certificate_credentials_t - res, const gnutls_datum_t * CA, - gnutls_x509_crt_fmt_t type); - - int gnutls_certificate_set_x509_crl_file (gnutls_certificate_credentials_t - res, const char *crlfile, - gnutls_x509_crt_fmt_t type); - int gnutls_certificate_set_x509_crl_mem (gnutls_certificate_credentials_t - res, const gnutls_datum_t * CRL, - gnutls_x509_crt_fmt_t type); - - int gnutls_certificate_set_x509_key_file (gnutls_certificate_credentials_t - res, const char *CERTFILE, - const char *KEYFILE, - gnutls_x509_crt_fmt_t type); - int gnutls_certificate_set_x509_key_mem (gnutls_certificate_credentials_t - res, const gnutls_datum_t * CERT, - const gnutls_datum_t * KEY, - gnutls_x509_crt_fmt_t type); + gnutls_certificate_set_rsa_export_params (gnutls_certificate_credentials_t res, + gnutls_rsa_params_t rsa_params); + void + gnutls_certificate_set_verify_flags (gnutls_certificate_credentials_t res, + unsigned int flags); + void + gnutls_certificate_set_verify_limits (gnutls_certificate_credentials_t res, + unsigned int max_bits, + unsigned int max_depth); + + int + gnutls_certificate_set_x509_trust_file (gnutls_certificate_credentials_t res, + const char *cafile, + gnutls_x509_crt_fmt_t type); + int + gnutls_certificate_set_x509_trust_mem (gnutls_certificate_credentials_t res, + const gnutls_datum_t * ca, + gnutls_x509_crt_fmt_t type); + + int + gnutls_certificate_set_x509_crl_file (gnutls_certificate_credentials_t res, + const char *crlfile, + gnutls_x509_crt_fmt_t type); + int + gnutls_certificate_set_x509_crl_mem (gnutls_certificate_credentials_t res, + const gnutls_datum_t * CRL, + gnutls_x509_crt_fmt_t type); + + int + gnutls_certificate_set_x509_key_file (gnutls_certificate_credentials_t res, + const char *certfile, + const char *keyfile, + gnutls_x509_crt_fmt_t type); + int + gnutls_certificate_set_x509_key_mem (gnutls_certificate_credentials_t res, + const gnutls_datum_t * cert, + const gnutls_datum_t * key, + gnutls_x509_crt_fmt_t type); void gnutls_certificate_send_x509_rdn_sequence (gnutls_session_t session, int status); @@ -928,20 +941,23 @@ extern "C" { typedef struct gnutls_srp_client_credentials_st *gnutls_srp_client_credentials_t; - void gnutls_srp_free_client_credentials (gnutls_srp_client_credentials_t - sc); - int gnutls_srp_allocate_client_credentials (gnutls_srp_client_credentials_t - * sc); - int gnutls_srp_set_client_credentials (gnutls_srp_client_credentials_t res, - const char *username, const char *password); - - void gnutls_srp_free_server_credentials (gnutls_srp_server_credentials_t - sc); - int gnutls_srp_allocate_server_credentials (gnutls_srp_server_credentials_t - * sc); - int gnutls_srp_set_server_credentials_file (gnutls_srp_server_credentials_t - res, const char *password_file, - const char *password_conf_file); + void + gnutls_srp_free_client_credentials (gnutls_srp_client_credentials_t sc); + int + gnutls_srp_allocate_client_credentials (gnutls_srp_client_credentials_t * sc); + int + gnutls_srp_set_client_credentials (gnutls_srp_client_credentials_t res, + const char *username, + const char *password); + + void + gnutls_srp_free_server_credentials (gnutls_srp_server_credentials_t sc); + int + gnutls_srp_allocate_server_credentials (gnutls_srp_server_credentials_t *sc); + int + gnutls_srp_set_server_credentials_file (gnutls_srp_server_credentials_t res, + const char *password_file, + const char *password_conf_file); const char *gnutls_srp_server_get_username (gnutls_session_t session); @@ -1009,21 +1025,22 @@ extern "C" { GNUTLS_PSK_KEY_HEX } gnutls_psk_key_flags; - void gnutls_psk_free_client_credentials (gnutls_psk_client_credentials_t - sc); - int gnutls_psk_allocate_client_credentials (gnutls_psk_client_credentials_t - * sc); + void + gnutls_psk_free_client_credentials (gnutls_psk_client_credentials_t sc); + int + gnutls_psk_allocate_client_credentials (gnutls_psk_client_credentials_t * sc); int gnutls_psk_set_client_credentials (gnutls_psk_client_credentials_t res, const char *username, const gnutls_datum_t * key, gnutls_psk_key_flags format); - void gnutls_psk_free_server_credentials (gnutls_psk_server_credentials_t - sc); - int gnutls_psk_allocate_server_credentials (gnutls_psk_server_credentials_t - * sc); - int gnutls_psk_set_server_credentials_file (gnutls_psk_server_credentials_t - res, const char *password_file); + void + gnutls_psk_free_server_credentials (gnutls_psk_server_credentials_t sc); + int + gnutls_psk_allocate_server_credentials (gnutls_psk_server_credentials_t * sc); + int + gnutls_psk_set_server_credentials_file (gnutls_psk_server_credentials_t res, + const char *password_file); int gnutls_psk_set_server_credentials_hint (gnutls_psk_server_credentials_t res, @@ -1173,18 +1190,17 @@ extern "C" { (gnutls_certificate_credentials_t cred, gnutls_certificate_server_retrieve_function * func); - void gnutls_certificate_server_set_request (gnutls_session_t session, - gnutls_certificate_request_t - req); + void + gnutls_certificate_server_set_request (gnutls_session_t session, + gnutls_certificate_request_t req); /* get data from the session */ - const gnutls_datum_t *gnutls_certificate_get_peers (gnutls_session_t - session, - unsigned int - *list_size); - const gnutls_datum_t *gnutls_certificate_get_ours (gnutls_session_t - session); + const gnutls_datum_t * + gnutls_certificate_get_peers (gnutls_session_t session, + unsigned int *list_size); + const gnutls_datum_t * + gnutls_certificate_get_ours (gnutls_session_t session); time_t gnutls_certificate_activation_time_peers (gnutls_session_t session); time_t gnutls_certificate_expiration_time_peers (gnutls_session_t session); diff --git a/lib/includes/gnutls/x509.h b/lib/includes/gnutls/x509.h index 60e97c6c1d..5dc386d398 100644 --- a/lib/includes/gnutls/x509.h +++ b/lib/includes/gnutls/x509.h @@ -158,13 +158,13 @@ extern "C" unsigned int *reason_flags, unsigned int *critical); int gnutls_x509_crt_set_crl_dist_points2 (gnutls_x509_crt_t crt, - gnutls_x509_subject_alt_name_t - type, const void *data, + gnutls_x509_subject_alt_name_t type, + const void *data, unsigned int data_size, unsigned int reason_flags); int gnutls_x509_crt_set_crl_dist_points (gnutls_x509_crt_t crt, - gnutls_x509_subject_alt_name_t - type, const void *data_string, + gnutls_x509_subject_alt_name_t type, + const void *data_string, unsigned int reason_flags); int gnutls_x509_crt_cpy_crl_dist_points (gnutls_x509_crt_t dst, gnutls_x509_crt_t src); @@ -264,10 +264,8 @@ extern "C" unsigned int ca, int pathLenConstraint); int gnutls_x509_crt_set_subject_alternative_name (gnutls_x509_crt_t crt, - gnutls_x509_subject_alt_name_t - type, + gnutls_x509_subject_alt_name_t type, const char *data_string); - int gnutls_x509_crt_set_subject_alt_name (gnutls_x509_crt_t crt, gnutls_x509_subject_alt_name_t type, const void *data, @@ -342,14 +340,14 @@ extern "C" int gnutls_x509_dn_init (gnutls_x509_dn_t * dn); - int gnutls_x509_dn_import (gnutls_x509_dn_t odn, + int gnutls_x509_dn_import (gnutls_x509_dn_t dn, const gnutls_datum_t * data); int gnutls_x509_dn_export (gnutls_x509_dn_t dn, gnutls_x509_crt_fmt_t format, void *output_data, size_t * output_data_size); - void gnutls_x509_dn_deinit (gnutls_x509_dn_t idn); + void gnutls_x509_dn_deinit (gnutls_x509_dn_t dn); /* CRL handling functions. @@ -686,8 +684,8 @@ extern "C" int gnutls_x509_crq_set_dn_by_oid (gnutls_x509_crq_t crq, const char *oid, unsigned int raw_flag, - const void *name, - unsigned int sizeof_name); + const void *data, + unsigned int sizeof_data); int gnutls_x509_crq_set_version (gnutls_x509_crq_t crq, unsigned int version); int gnutls_x509_crq_get_version (gnutls_x509_crq_t crq); diff --git a/lib/x509/crq.c b/lib/x509/crq.c index 4ba2a19487..3014ed8d33 100644 --- a/lib/x509/crq.c +++ b/lib/x509/crq.c @@ -665,26 +665,26 @@ gnutls_x509_crq_get_attribute_by_oid (gnutls_x509_crq_t crq, } /** - * gnutls_x509_crq_set_dn_by_oid - This function will set the Certificate request subject's distinguished name - * @crq: should contain a gnutls_x509_crq_t structure - * @oid: holds an Object Identifier in a null terminated string - * @raw_flag: must be 0, or 1 if the data are DER encoded - * @data: a pointer to the input data - * @sizeof_data: holds the size of @data - * - * This function will set the part of the name of the Certificate request subject, specified - * by the given OID. The input string should be ASCII or UTF-8 encoded. - * - * Some helper macros with popular OIDs can be found in gnutls/x509.h - * With this function you can only set the known OIDs. You can test - * for known OIDs using gnutls_x509_dn_oid_known(). For OIDs that are - * not known (by gnutls) you should properly DER encode your data, and - * call this function with raw_flag set. - * - * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a - * negative error value. - * - **/ + * gnutls_x509_crq_set_dn_by_oid - This function will set the Certificate request subject's distinguished name + * @crq: should contain a gnutls_x509_crq_t structure + * @oid: holds an Object Identifier in a null terminated string + * @raw_flag: must be 0, or 1 if the data are DER encoded + * @data: a pointer to the input data + * @sizeof_data: holds the size of @data + * + * This function will set the part of the name of the Certificate + * request subject, specified by the given OID. The input string + * should be ASCII or UTF-8 encoded. + * + * Some helper macros with popular OIDs can be found in gnutls/x509.h + * With this function you can only set the known OIDs. You can test + * for known OIDs using gnutls_x509_dn_oid_known(). For OIDs that are + * not known (by gnutls) you should properly DER encode your data, + * and call this function with raw_flag set. + * + * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a + * negative error value. + **/ int gnutls_x509_crq_set_dn_by_oid (gnutls_x509_crq_t crq, const char *oid, unsigned int raw_flag, const void *data, diff --git a/lib/x509/dn.c b/lib/x509/dn.c index a5fe9afec1..7ce6df2712 100644 --- a/lib/x509/dn.c +++ b/lib/x509/dn.c @@ -944,7 +944,7 @@ _gnutls_x509_set_dn_oid (ASN1_TYPE asn1_struct, /** * gnutls_x509_dn_init: initialize an opaque DN object - * @odn: the object to be initialized + * @dn: the object to be initialized * * This function initializes a #gnutls_x509_dn_t structure. * @@ -957,20 +957,20 @@ _gnutls_x509_set_dn_oid (ASN1_TYPE asn1_struct, * Since: 2.4.0 **/ int -gnutls_x509_dn_init (gnutls_x509_dn_t * odn) +gnutls_x509_dn_init (gnutls_x509_dn_t * dn) { int result; - ASN1_TYPE dn = ASN1_TYPE_EMPTY; + ASN1_TYPE tmpdn = ASN1_TYPE_EMPTY; if ((result = asn1_create_element (_gnutls_get_pkix (), - "PKIX1.Name", &dn)) != ASN1_SUCCESS) + "PKIX1.Name", &tmpdn)) != ASN1_SUCCESS) { gnutls_assert (); return _gnutls_asn2err (result); } - *odn = dn; + *dn = tmpdn; return 0; } @@ -978,7 +978,7 @@ gnutls_x509_dn_init (gnutls_x509_dn_t * odn) /** * gnutls_x509_dn_import: get opaque DN object from DER RDN sequence * - * @odn: the structure that will hold the imported DN + * @dn: the structure that will hold the imported DN * @data: should contain a DER encoded RDN sequence * * This function parses an RDN sequence and stores the result to a @@ -992,13 +992,13 @@ gnutls_x509_dn_init (gnutls_x509_dn_t * odn) * Since: 2.4.0 **/ int -gnutls_x509_dn_import (gnutls_x509_dn_t odn, const gnutls_datum_t * data) +gnutls_x509_dn_import (gnutls_x509_dn_t dn, const gnutls_datum_t * data) { int result; char err[ASN1_MAX_ERROR_DESCRIPTION_SIZE]; - ASN1_TYPE dn = odn; - result = asn1_der_decoding (&dn, data->data, data->size, err); + result = asn1_der_decoding ((ASN1_TYPE *) &dn, + data->data, data->size, err); if (result != ASN1_SUCCESS) { /* couldn't decode DER */ @@ -1012,7 +1012,7 @@ gnutls_x509_dn_import (gnutls_x509_dn_t odn, const gnutls_datum_t * data) /** * gnutls_x509_dn_deinit: deallocate a DN object - * @idn: a DN opaque object pointer. + * @dn: a DN opaque object pointer. * * This function deallocates the DN object as returned by * gnutls_x509_dn_import(). @@ -1020,11 +1020,9 @@ gnutls_x509_dn_import (gnutls_x509_dn_t odn, const gnutls_datum_t * data) * Since: 2.4.0 **/ void -gnutls_x509_dn_deinit (gnutls_x509_dn_t idn) +gnutls_x509_dn_deinit (gnutls_x509_dn_t dn) { - ASN1_TYPE dn = idn; - - asn1_delete_structure (&dn); + asn1_delete_structure ((ASN1_TYPE *) &dn); } /** diff --git a/lib/x509/pkcs7.c b/lib/x509/pkcs7.c index 7003a75f1f..024e4deb48 100644 --- a/lib/x509/pkcs7.c +++ b/lib/x509/pkcs7.c @@ -260,7 +260,7 @@ cleanup: /** * gnutls_pkcs7_get_crt_raw - get a certificate from a PKCS7 certificate set - * @pkcs7_struct: should contain a gnutls_pkcs7_t structure + * @pkcs7: should contain a gnutls_pkcs7_t structure * @indx: contains the index of the certificate to extract * @certificate: the contents of the certificate will be copied * there (may be null) @@ -428,8 +428,8 @@ gnutls_pkcs7_get_crt_count (gnutls_pkcs7_t pkcs7) * If the structure is PEM encoded, it will have a header * of "BEGIN PKCS7". * - * Return value: In case of failure a negative value will be - * returned, and 0 on success. + * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a + * negative error value. **/ int gnutls_pkcs7_export (gnutls_pkcs7_t pkcs7, @@ -618,7 +618,7 @@ cleanup: /** * gnutls_pkcs7_set_crt - add a parsed certificate in a PKCS7 certificate set - * @pkcs7_struct: should contain a gnutls_pkcs7_t structure + * @pkcs7: should contain a #gnutls_pkcs7_t structure * @crt: the certificate to be copied. * * This function will add a parsed certificate to the PKCS7 or @@ -660,7 +660,7 @@ gnutls_pkcs7_set_crt (gnutls_pkcs7_t pkcs7, gnutls_x509_crt_t crt) /** * gnutls_pkcs7_delete_crt - deletes a certificate from a PKCS7 certificate set - * @pkcs7_struct: should contain a gnutls_pkcs7_t structure + * @pkcs7: should contain a gnutls_pkcs7_t structure * @indx: the index of the certificate to delete * * This function will delete a certificate from a PKCS7 or RFC2630 @@ -970,7 +970,7 @@ gnutls_pkcs7_set_crl (gnutls_pkcs7_t pkcs7, gnutls_x509_crl_t crl) /** * gnutls_pkcs7_delete_crl - deletes a CRL from a PKCS7 crl set - * @pkcs7_struct: should contain a #gnutls_pkcs7_t structure + * @pkcs7: should contain a #gnutls_pkcs7_t structure * @indx: the index of the crl to delete * * This function will delete a crl from a PKCS7 or RFC2630 crl set. diff --git a/lib/x509/privkey.c b/lib/x509/privkey.c index 005f335576..517e287934 100644 --- a/lib/x509/privkey.c +++ b/lib/x509/privkey.c @@ -839,7 +839,7 @@ error: /** * gnutls_x509_privkey_export_dsa_raw - export the DSA private key - * @params: a structure that holds the DSA parameters + * @key: a structure that holds the DSA parameters * @p: will hold the p * @q: will hold the q * @g: will hold the g diff --git a/lib/x509/verify.c b/lib/x509/verify.c index 21b42c3462..cc7850a9c6 100644 --- a/lib/x509/verify.c +++ b/lib/x509/verify.c @@ -378,17 +378,17 @@ cleanup: } /** - * gnutls_x509_crt_check_issuer - This function checks if the certificate given has the given issuer - * @cert: is the certificate to be checked - * @issuer: is the certificate of a possible issuer - * - * This function will check if the given certificate was issued by the - * given issuer. It will return true (1) if the given certificate is issued - * by the given issuer, and false (0) if not. - * - * A negative value is returned in case of an error. - * - **/ + * gnutls_x509_crt_check_issuer - check if certificate has given issuer + * @cert: is the certificate to be checked + * @issuer: is the certificate of a possible issuer + * + * This function will check if the given certificate was issued by the + * given issuer. + * + * Returns: It will return true (1) if the given certificate is issued + * by the given issuer, and false (0) if not. A negative value is + * returned in case of an error. + **/ int gnutls_x509_crt_check_issuer (gnutls_x509_crt_t cert, gnutls_x509_crt_t issuer) diff --git a/lib/x509/x509.c b/lib/x509/x509.c index d463a7bc67..86ce2d2b0b 100644 --- a/lib/x509/x509.c +++ b/lib/x509/x509.c @@ -1175,12 +1175,12 @@ get_subject_alt_name (gnutls_x509_crt_t cert, * recognized. * * Returns: the alternative subject name type on success, one of the - * enumerated #gnutls_x509_subject_alt_name_t. It will return - * %GNUTLS_E_SHORT_MEMORY_BUFFER if @ret_size is not large enough to - * hold the value. In that case @ret_size will be updated with the - * required size. If the certificate does not have an Alternative - * name with the specified sequence number then - * %GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE is returned. + * enumerated #gnutls_x509_subject_alt_name_t. It will return + * %GNUTLS_E_SHORT_MEMORY_BUFFER if @ret_size is not large enough + * to hold the value. In that case @ret_size will be updated with + * the required size. If the certificate does not have an + * Alternative name with the specified sequence number then + * %GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE is returned. **/ int gnutls_x509_crt_get_subject_alt_name (gnutls_x509_crt_t cert, @@ -1192,23 +1192,29 @@ gnutls_x509_crt_get_subject_alt_name (gnutls_x509_crt_t cert, } /** - * gnutls_x509_crt_get_subject_alt_name2 - Get certificate's alternative name, if any - * @cert: should contain a #gnutls_x509_crt_t structure - * @seq: specifies the sequence number of the alt name (0 for the first one, 1 for the second etc.) - * @ret: is the place where the alternative name will be copied to - * @ret_size: holds the size of ret. - * @ret_type: holds the type of the alternative name (one of gnutls_x509_subject_alt_name_t). - * @critical: will be non zero if the extension is marked as critical (may be null) - * - * This function will return the alternative names, contained in the - * given certificate. It is the same as gnutls_x509_crt_get_subject_alt_name() - * except for the fact that it will return the type of the alternative - * name in @ret_type even if the function fails for some reason (i.e. - * the buffer provided is not enough). - * - * The return values are the same as with gnutls_x509_crt_get_subject_alt_name(). - * - **/ + * gnutls_x509_crt_get_subject_alt_name2 - Get certificate's alternative name, if any + * @cert: should contain a #gnutls_x509_crt_t structure + * @seq: specifies the sequence number of the alt name (0 for the first one, 1 for the second etc.) + * @ret: is the place where the alternative name will be copied to + * @ret_size: holds the size of ret. + * @ret_type: holds the type of the alternative name (one of gnutls_x509_subject_alt_name_t). + * @critical: will be non zero if the extension is marked as critical (may be null) + * + * This function will return the alternative names, contained in the + * given certificate. It is the same as + * gnutls_x509_crt_get_subject_alt_name() except for the fact that it + * will return the type of the alternative name in @ret_type even if + * the function fails for some reason (i.e. the buffer provided is + * not enough). + * + * Returns: the alternative subject name type on success, one of the + * enumerated #gnutls_x509_subject_alt_name_t. It will return + * %GNUTLS_E_SHORT_MEMORY_BUFFER if @ret_size is not large enough + * to hold the value. In that case @ret_size will be updated with + * the required size. If the certificate does not have an + * Alternative name with the specified sequence number then + * %GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE is returned. + **/ int gnutls_x509_crt_get_subject_alt_name2 (gnutls_x509_crt_t cert, unsigned int seq, void *ret, @@ -1414,16 +1420,15 @@ gnutls_x509_crt_get_key_usage (gnutls_x509_crt_t cert, * @pathlen: pointer to output integer indicating path length (may be * NULL), non-negative values indicate a present pCPathLenConstraint * field and the actual value, -1 indicate that the field is absent. + * @policyLanguage: output variable with OID of policy language + * @policy: output variable with policy data + * @sizeof_policy: output variable size of policy data * - * This function will read the certificate's basic constraints, and - * return the certificates CA status. It reads the basicConstraints - * X.509 extension (2.5.29.19). + * This function will get information from a proxy certificate. It + * reads the ProxyCertInfo X.509 extension (1.3.6.1.5.5.7.1.14). * - * Return value: If the certificate is a CA a positive value will be - * returned, or zero if the certificate does not have CA flag set. A - * negative value may be returned in case of errors. If the - * certificate does not contain the basicConstraints extension - * GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE will be returned. + * Returns: On success, %GNUTLS_E_SUCCESS (zero) is returned, + * otherwise an error code is returned. **/ int gnutls_x509_crt_get_proxy (gnutls_x509_crt_t cert, @@ -1471,23 +1476,23 @@ gnutls_x509_crt_get_proxy (gnutls_x509_crt_t cert, } /** - * gnutls_x509_crt_get_extension_by_oid - This function returns the specified extension - * @cert: should contain a #gnutls_x509_crt_t structure - * @oid: holds an Object Identified in null terminated string - * @indx: In case multiple same OIDs exist in the extensions, this specifies which to send. Use zero to get the first one. - * @buf: a pointer to a structure to hold the name (may be null) - * @sizeof_buf: initially holds the size of @buf - * @critical: will be non zero if the extension is marked as critical - * - * This function will return the extension specified by the OID in the certificate. - * The extensions will be returned as binary data DER encoded, in the provided - * buffer. - * - * A negative value may be returned in case of parsing error. - * If the certificate does not contain the specified extension - * GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE will be returned. - * - **/ + * gnutls_x509_crt_get_extension_by_oid - This function returns the specified extension + * @cert: should contain a #gnutls_x509_crt_t structure + * @oid: holds an Object Identified in null terminated string + * @indx: In case multiple same OIDs exist in the extensions, this specifies which to send. Use zero to get the first one. + * @buf: a pointer to a structure to hold the name (may be null) + * @sizeof_buf: initially holds the size of @buf + * @critical: will be non zero if the extension is marked as critical + * + * This function will return the extension specified by the OID in the + * certificate. The extensions will be returned as binary data DER + * encoded, in the provided buffer. + * + * Returns: On success, %GNUTLS_E_SUCCESS (zero) is returned, + * otherwise an error code is returned. If the certificate does not + * contain the specified extension + * GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE will be returned. + **/ int gnutls_x509_crt_get_extension_by_oid (gnutls_x509_crt_t cert, const char *oid, int indx, @@ -1590,10 +1595,10 @@ gnutls_x509_crt_get_extension_oid (gnutls_x509_crt_t cert, int indx, * *@sizeof_oid is updated and %GNUTLS_E_SHORT_MEMORY_BUFFER will be * returned. * - * Return 0 on success. A negative value may be returned in case of - * parsing error. If you have reached the last extension available - * GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE will be returned. - * + * Returns: On success, %GNUTLS_E_SUCCESS (zero) is returned, + * otherwise an error code is returned. If you have reached the + * last extension available %GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE + * will be returned. **/ int gnutls_x509_crt_get_extension_info (gnutls_x509_crt_t cert, int indx, @@ -2544,17 +2549,18 @@ gnutls_x509_crt_get_crl_dist_points (gnutls_x509_crt_t cert, * @indx: This specifies which OID to return. Use zero to get the first one. * @oid: a pointer to a buffer to hold the OID (may be null) * @sizeof_oid: initially holds the size of @oid + * @critical: output flag to indicate criticality of extension * * This function will extract the key purpose OIDs of the Certificate - * specified by the given index. These are stored in the Extended Key - * Usage extension (2.5.29.37) See the GNUTLS_KP_* definitions for - * human readable names. + * specified by the given index. These are stored in the Extended + * Key Usage extension (2.5.29.37) See the GNUTLS_KP_* definitions + * for human readable names. * * If @oid is null then only the size will be filled. * * Returns: %GNUTLS_E_SHORT_MEMORY_BUFFER if the provided buffer is - * not long enough, and in that case the *sizeof_oid will be updated - * with the required size. On success 0 is returned. + * not long enough, and in that case the *sizeof_oid will be + * updated with the required size. On success 0 is returned. **/ int gnutls_x509_crt_get_key_purpose_oid (gnutls_x509_crt_t cert, diff --git a/lib/x509/x509_write.c b/lib/x509/x509_write.c index 6957baffd8..6ee514a94a 100644 --- a/lib/x509/x509_write.c +++ b/lib/x509/x509_write.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation + * Copyright (C) 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation * * Author: Nikos Mavrogiannopoulos * @@ -541,8 +541,8 @@ gnutls_x509_crt_set_key_usage (gnutls_x509_crt_t crt, unsigned int usage) **/ int gnutls_x509_crt_set_subject_alternative_name (gnutls_x509_crt_t crt, - gnutls_x509_subject_alt_name_t - type, const char *data_string) + gnutls_x509_subject_alt_name_t type, + const char *data_string) { if (crt == NULL) { @@ -897,8 +897,8 @@ disable_optional_stuff (gnutls_x509_crt_t cert) **/ int gnutls_x509_crt_set_crl_dist_points (gnutls_x509_crt_t crt, - gnutls_x509_subject_alt_name_t - type, const void *data_string, + gnutls_x509_subject_alt_name_t type, + const void *data_string, unsigned int reason_flags) { return gnutls_x509_crt_set_crl_dist_points2 (crt, type, data_string, |