*** empty log message ***

4 files changed, 32 insertions, 37 deletions

diff --git a/lib/gnutls_algorithms.c b/lib/gnutls_algorithms.c
index c02a308f36..d20cecc3db 100644
--- a/lib/gnutls_algorithms.c
+++ b/lib/gnutls_algorithms.c
@@ -26,7 +26,10 @@
 #include "gnutls_cert.h"
 
 
-/* Cred type mappings to KX algorithms */
+/* Cred type mappings to KX algorithms 
+ * FIXME: The mappings are not 1-1. Some KX such as SRP_RSA require
+ * more than one credentials type.
+ */
 typedef struct {
 	gnutls_kx_algorithm algorithm;
 	gnutls_credentials_type client_type;
@@ -41,8 +44,8 @@ static const gnutls_cred_map cred_mappings[] = {
 	{ GNUTLS_KX_DHE_DSS, 	GNUTLS_CRD_CERTIFICATE, GNUTLS_CRD_CERTIFICATE },
 	{ GNUTLS_KX_DHE_RSA, 	GNUTLS_CRD_CERTIFICATE, GNUTLS_CRD_CERTIFICATE },
 	{ GNUTLS_KX_SRP,     	GNUTLS_CRD_SRP,		GNUTLS_CRD_SRP     },
-	{ GNUTLS_KX_SRP_RSA,    GNUTLS_CRD_SRP,		GNUTLS_CRD_CERTIFICATE     },
-	{ GNUTLS_KX_SRP_DSS,    GNUTLS_CRD_SRP,		GNUTLS_CRD_CERTIFICATE     },
+	{ GNUTLS_KX_SRP_RSA,    GNUTLS_CRD_SRP,		GNUTLS_CRD_CERTIFICATE },
+	{ GNUTLS_KX_SRP_DSS,    GNUTLS_CRD_SRP,		GNUTLS_CRD_CERTIFICATE },
 	{ 0, 0, 0}
 };
 
diff --git a/lib/gnutls_ui.h b/lib/gnutls_ui.h
index c9b52d443b..7db05a4b24 100644
--- a/lib/gnutls_ui.h
+++ b/lib/gnutls_ui.h
@@ -12,16 +12,10 @@ typedef enum gnutls_x509_subject_alt_name {
  * callbacks.
  */
 typedef int gnutls_certificate_client_select_function(gnutls_session,
-						      const gnutls_datum *
-						      client_cert,
-						      int ncerts,
-						      const gnutls_datum *
-						      req_ca_cert,
-						      int nreqs);
+      const gnutls_datum * client_cert, int ncerts,
+      const gnutls_datum * req_ca_cert, int nreqs);
 typedef int gnutls_certificate_server_select_function(gnutls_session,
-						      const gnutls_datum *
-						      server_certs,
-						      int ncerts);
+      const gnutls_datum * server_certs, int ncerts);
 
 
 struct gnutls_openpgp_key_int;
@@ -72,42 +66,34 @@ int gnutls_rsa_export_get_modulus_bits(gnutls_session session);
 /* X509PKI */
 
 void gnutls_certificate_client_set_select_function(gnutls_session,
-						   gnutls_certificate_client_select_function
-						   *);
+	gnutls_certificate_client_select_function *);
 void gnutls_certificate_server_set_select_function(gnutls_session,
-						   gnutls_certificate_server_select_function
-						   *);
+	gnutls_certificate_server_select_function *);
 
 /* These are set on the credentials structure.
  */
 void gnutls_certificate_client_set_retrieve_function(gnutls_certificate_client_credentials,
-						     gnutls_certificate_client_retrieve_function
-						     *);
+	gnutls_certificate_client_retrieve_function *);
 void gnutls_certificate_server_set_retrieve_function(gnutls_certificate_server_credentials,
-						     gnutls_certificate_server_retrieve_function
-						     *);
+	gnutls_certificate_server_retrieve_function *);
 
 void gnutls_certificate_server_set_request(gnutls_session,
-					   gnutls_certificate_request);
+	gnutls_certificate_request);
 
 /* X.509 certificate handling functions 
  */
 
 int gnutls_pkcs3_extract_dh_params(const gnutls_datum * params,
-				   gnutls_x509_crt_fmt format,
-				   gnutls_datum * prime,
-				   gnutls_datum * generator,
-				   int *prime_bits);
+	gnutls_x509_crt_fmt format, gnutls_datum * prime,
+	gnutls_datum * generator, int *prime_bits);
 int gnutls_pkcs3_export_dh_params(const gnutls_datum * prime,
-				  const gnutls_datum * generator,
-				  gnutls_x509_crt_fmt format,
-				  unsigned char *params_data,
-				  int *params_data_size);
+	const gnutls_datum * generator, gnutls_x509_crt_fmt format,
+	unsigned char *params_data, int *params_data_size);
 
 /* get data from the session 
  */
 const gnutls_datum *gnutls_certificate_get_peers(gnutls_session,
-						 unsigned int *list_size);
+	unsigned int *list_size);
 const gnutls_datum *gnutls_certificate_get_ours(gnutls_session session);
 
 time_t gnutls_certificate_activation_time_peers(gnutls_session session);
@@ -117,17 +103,15 @@ int gnutls_certificate_client_get_request_status(gnutls_session);
 int gnutls_certificate_verify_peers(gnutls_session);
 
 int gnutls_pem_base64_encode(const char *header, const gnutls_datum * data,
-			     char *result, size_t * result_size);
+	char *result, size_t * result_size);
 int gnutls_pem_base64_decode(const char *header,
-			     const gnutls_datum * b64_data,
-			     unsigned char *result, size_t * result_size);
+	const gnutls_datum * b64_data,
+	unsigned char *result, size_t * result_size);
 
 int gnutls_pem_base64_encode_alloc(const char *header,
-				   const gnutls_datum * data,
-				   gnutls_datum * result);
+	const gnutls_datum * data, gnutls_datum * result);
 int gnutls_pem_base64_decode_alloc(const char *header,
-				   const gnutls_datum * b64_data,
-				   gnutls_datum * result);
+	const gnutls_datum * b64_data, gnutls_datum * result);
 
 /* key_usage will be an OR of the following values:
  */
diff --git a/lib/x509/rfc2818_hostname.c b/lib/x509/rfc2818_hostname.c
index a3c4a03048..4cc66cf0ac 100644
--- a/lib/x509/rfc2818_hostname.c
+++ b/lib/x509/rfc2818_hostname.c
@@ -28,6 +28,7 @@
 #include <common.h>
 #include <gnutls/compat8.h>
 #include <rfc2818.h>
+#include <gnutls_errors.h>
 
 /* compare hostname against certificate, taking account of wildcards
  * return 1 on success or 0 on error 
diff --git a/lib/x509/x509.c b/lib/x509/x509.c
index ccfbaf1580..f0455bb820 100644
--- a/lib/x509/x509.c
+++ b/lib/x509/x509.c
@@ -1408,6 +1408,13 @@ int result;
   *
   * This function will return the CRL distribution points (2.5.29.31), contained in the
   * given certificate.
+  *
+  * @reason_flags should be an ORed sequence of GNUTLS_CRL_REASON_UNUSED,
+  * GNUTLS_CRL_REASON_KEY_COMPROMISE, GNUTLS_CRL_REASON_CA_COMPROMISE,
+  * GNUTLS_CRL_REASON_AFFILIATION_CHANGED, GNUTLS_CRL_REASON_SUPERSEEDED,
+  * GNUTLS_CRL_REASON_CESSATION_OF_OPERATION, GNUTLS_CRL_REASON_CERTIFICATE_HOLD,
+  * GNUTLS_CRL_REASON_PRIVILEGE_WITHDRAWN, GNUTLS_CRL_REASON_AA_COMPROMISE,
+  * or zero for all possible reasons.
   * 
   * This is specified in X509v3 Certificate Extensions. GNUTLS will return the 
   * distribution point type, or a negative error code on error.