diff options
author | Simon Josefsson <simon@josefsson.org> | 2010-02-17 11:53:18 +0100 |
---|---|---|
committer | Simon Josefsson <simon@josefsson.org> | 2010-02-17 11:53:18 +0100 |
commit | 5cf6a95171b1a88b13dd7043fb8e0e4f21b90a1d (patch) | |
tree | 7fd04de6aeb07769c8134f3bc0c177bf1c2d02af /lib | |
parent | d7929a7bc9073cea80f163866e94341db558ac6f (diff) | |
download | gnutls-5cf6a95171b1a88b13dd7043fb8e0e4f21b90a1d.tar.gz |
Align indentation of GTK-DOC comments.
Diffstat (limited to 'lib')
-rw-r--r-- | lib/auth_srp_sb64.c | 126 | ||||
-rw-r--r-- | lib/crypto-api.c | 338 | ||||
-rw-r--r-- | lib/ext_safe_renegotiation.c | 43 | ||||
-rw-r--r-- | lib/gnutls_anon_cred.c | 72 | ||||
-rw-r--r-- | lib/gnutls_auth.c | 117 | ||||
-rw-r--r-- | lib/gnutls_cert.c | 393 | ||||
-rw-r--r-- | lib/gnutls_db.c | 101 | ||||
-rw-r--r-- | lib/gnutls_dh.c | 15 | ||||
-rw-r--r-- | lib/gnutls_handshake.c | 173 | ||||
-rw-r--r-- | lib/gnutls_mem.c | 35 | ||||
-rw-r--r-- | lib/gnutls_priority.c | 157 | ||||
-rw-r--r-- | lib/gnutls_psk.c | 124 | ||||
-rw-r--r-- | lib/gnutls_record.c | 307 | ||||
-rw-r--r-- | lib/gnutls_session.c | 102 | ||||
-rw-r--r-- | lib/gnutls_srp.c | 279 | ||||
-rw-r--r-- | lib/gnutls_state.c | 164 | ||||
-rw-r--r-- | lib/gnutls_x509.c | 256 | ||||
-rw-r--r-- | lib/x509/crl.c | 38 | ||||
-rw-r--r-- | lib/x509/crl_write.c | 161 | ||||
-rw-r--r-- | lib/x509/pkcs12.c | 180 | ||||
-rw-r--r-- | lib/x509/pkcs12_bag.c | 157 | ||||
-rw-r--r-- | lib/x509/pkcs7.c | 22 | ||||
-rw-r--r-- | lib/x509/privkey.c | 24 | ||||
-rw-r--r-- | lib/x509/privkey_pkcs8.c | 105 | ||||
-rw-r--r-- | lib/x509/sign.c | 23 | ||||
-rw-r--r-- | lib/x509/verify.c | 90 | ||||
-rw-r--r-- | lib/x509/x509.c | 907 | ||||
-rw-r--r-- | lib/x509/x509_write.c | 24 |
28 files changed, 2242 insertions, 2291 deletions
diff --git a/lib/auth_srp_sb64.c b/lib/auth_srp_sb64.c index d702c0db9e..b418eb1d1a 100644 --- a/lib/auth_srp_sb64.c +++ b/lib/auth_srp_sb64.c @@ -311,22 +311,22 @@ _gnutls_sbase64_decode (uint8_t * data, size_t idata_size, uint8_t ** result) } /** - * gnutls_srp_base64_encode - Encode raw data using SRP-Base64 - * @data: contain the raw data - * @result: the place where base64 data will be copied - * @result_size: holds the size of the result - * - * This function will convert the given data to printable data, using - * the base64 encoding, as used in the libsrp. This is the encoding - * used in SRP password files. If the provided buffer is not long - * enough GNUTLS_E_SHORT_MEMORY_BUFFER is returned. - * - * Warning! This base64 encoding is not the "standard" encoding, so - * do not use it for non-SRP purposes. - * - * Returns: %GNUTLS_E_SHORT_MEMORY_BUFFER if the buffer given is not - * long enough, or 0 on success. - **/ + * gnutls_srp_base64_encode - Encode raw data using SRP-Base64 + * @data: contain the raw data + * @result: the place where base64 data will be copied + * @result_size: holds the size of the result + * + * This function will convert the given data to printable data, using + * the base64 encoding, as used in the libsrp. This is the encoding + * used in SRP password files. If the provided buffer is not long + * enough GNUTLS_E_SHORT_MEMORY_BUFFER is returned. + * + * Warning! This base64 encoding is not the "standard" encoding, so + * do not use it for non-SRP purposes. + * + * Returns: %GNUTLS_E_SHORT_MEMORY_BUFFER if the buffer given is not + * long enough, or 0 on success. + **/ int gnutls_srp_base64_encode (const gnutls_datum_t * data, char *result, size_t * result_size) @@ -355,22 +355,22 @@ gnutls_srp_base64_encode (const gnutls_datum_t * data, char *result, } /** - * gnutls_srp_base64_encode_alloc - encode raw data using SRP-Base64 - * @data: contains the raw data - * @result: will hold the newly allocated encoded data - * - * This function will convert the given data to printable data, using - * the base64 encoding. This is the encoding used in SRP password - * files. This function will allocate the required memory to hold - * the encoded data. - * - * You should use gnutls_free() to free the returned data. - * - * Warning! This base64 encoding is not the "standard" encoding, so - * do not use it for non-SRP purposes. - * - * Returns: 0 on success, or an error code. - **/ + * gnutls_srp_base64_encode_alloc - encode raw data using SRP-Base64 + * @data: contains the raw data + * @result: will hold the newly allocated encoded data + * + * This function will convert the given data to printable data, using + * the base64 encoding. This is the encoding used in SRP password + * files. This function will allocate the required memory to hold + * the encoded data. + * + * You should use gnutls_free() to free the returned data. + * + * Warning! This base64 encoding is not the "standard" encoding, so + * do not use it for non-SRP purposes. + * + * Returns: 0 on success, or an error code. + **/ int gnutls_srp_base64_encode_alloc (const gnutls_datum_t * data, gnutls_datum_t * result) @@ -397,22 +397,22 @@ gnutls_srp_base64_encode_alloc (const gnutls_datum_t * data, } /** - * gnutls_srp_base64_decode - decode SRP-base64 encoded data - * @b64_data: contain the encoded data - * @result: the place where decoded data will be copied - * @result_size: holds the size of the result - * - * This function will decode the given encoded data, using the base64 - * encoding found in libsrp. - * - * Note that b64_data should be null terminated. - * - * Warning! This base64 encoding is not the "standard" encoding, so - * do not use it for non-SRP purposes. - * - * Returns: %GNUTLS_E_SHORT_MEMORY_BUFFER if the buffer given is not - * long enough, or 0 on success. - **/ + * gnutls_srp_base64_decode - decode SRP-base64 encoded data + * @b64_data: contain the encoded data + * @result: the place where decoded data will be copied + * @result_size: holds the size of the result + * + * This function will decode the given encoded data, using the base64 + * encoding found in libsrp. + * + * Note that @b64_data should be null terminated. + * + * Warning! This base64 encoding is not the "standard" encoding, so + * do not use it for non-SRP purposes. + * + * Returns: %GNUTLS_E_SHORT_MEMORY_BUFFER if the buffer given is not + * long enough, or 0 on success. + **/ int gnutls_srp_base64_decode (const gnutls_datum_t * b64_data, char *result, size_t * result_size) @@ -441,21 +441,21 @@ gnutls_srp_base64_decode (const gnutls_datum_t * b64_data, char *result, } /** - * gnutls_srp_base64_decode_alloc - decode SRP-base64 encoded data - * @b64_data: contains the encoded data - * @result: the place where decoded data lie - * - * This function will decode the given encoded data. The decoded data - * will be allocated, and stored into result. It will decode using - * the base64 algorithm as used in libsrp. - * - * You should use gnutls_free() to free the returned data. - * - * Warning! This base64 encoding is not the "standard" encoding, so - * do not use it for non-SRP purposes. - * - * Returns: 0 on success, or an error code. - **/ + * gnutls_srp_base64_decode_alloc - decode SRP-base64 encoded data + * @b64_data: contains the encoded data + * @result: the place where decoded data lie + * + * This function will decode the given encoded data. The decoded data + * will be allocated, and stored into result. It will decode using + * the base64 algorithm as used in libsrp. + * + * You should use gnutls_free() to free the returned data. + * + * Warning! This base64 encoding is not the "standard" encoding, so + * do not use it for non-SRP purposes. + * + * Returns: 0 on success, or an error code. + **/ int gnutls_srp_base64_decode_alloc (const gnutls_datum_t * b64_data, gnutls_datum_t * result) diff --git a/lib/crypto-api.c b/lib/crypto-api.c index a88ab94722..022fc58732 100644 --- a/lib/crypto-api.c +++ b/lib/crypto-api.c @@ -31,19 +31,19 @@ #include <crypto.h> /** - * gnutls_cipher_init - initializes a crypto context - * @handle: is a #gnutls_cipher_hd_t structure. - * @cipher: the encryption algorithm to use - * @key: The key to be used for encryption - * @iv: The IV to use (if not applicable set NULL) - * - * This function will initialize an context that can - * be used for encryption/decryption of data. This will effectively - * use the current crypto backend in use by gnutls or the - * cryptographic accelerator in use. - * - * Returns: Zero or a negative value on error. - **/ + * gnutls_cipher_init - initializes a crypto context + * @handle: is a #gnutls_cipher_hd_t structure. + * @cipher: the encryption algorithm to use + * @key: The key to be used for encryption + * @iv: The IV to use (if not applicable set NULL) + * + * This function will initialize an context that can be used for + * encryption/decryption of data. This will effectively use the + * current crypto backend in use by gnutls or the cryptographic + * accelerator in use. + * + * Returns: Zero or a negative value on error. + **/ int gnutls_cipher_init (gnutls_cipher_hd_t * handle, gnutls_cipher_algorithm_t cipher, const gnutls_datum_t * key, const gnutls_datum_t * iv) @@ -58,32 +58,32 @@ gnutls_cipher_init (gnutls_cipher_hd_t * handle, gnutls_cipher_algorithm_t ciphe } /** - * gnutls_cipher_encrypt - encrypts the given data - * @handle: is a #gnutls_cipher_hd_t structure. - * @text: the data to encrypt - * @textlen: The length of data to encrypt - * - * This function will encrypt the given data using the algorithm - * specified by the context. - * - * Returns: Zero or a negative value on error. - **/ + * gnutls_cipher_encrypt - encrypts the given data + * @handle: is a #gnutls_cipher_hd_t structure. + * @text: the data to encrypt + * @textlen: The length of data to encrypt + * + * This function will encrypt the given data using the algorithm + * specified by the context. + * + * Returns: Zero or a negative value on error. + **/ int gnutls_cipher_encrypt (gnutls_cipher_hd_t handle, void *text, int textlen) { return _gnutls_cipher_encrypt((cipher_hd_st*)handle, text, textlen); } /** - * gnutls_cipher_decrypt - decrypts the given data - * @handle: is a #gnutls_cipher_hd_t structure. - * @text: the data to encrypt - * @textlen: The length of data to encrypt - * - * This function will decrypt the given data using the algorithm - * specified by the context. - * - * Returns: Zero or a negative value on error. - **/ + * gnutls_cipher_decrypt - decrypts the given data + * @handle: is a #gnutls_cipher_hd_t structure. + * @text: the data to encrypt + * @textlen: The length of data to encrypt + * + * This function will decrypt the given data using the algorithm + * specified by the context. + * + * Returns: Zero or a negative value on error. + **/ int gnutls_cipher_decrypt (gnutls_cipher_hd_t handle, void *ciphertext, int ciphertextlen) @@ -92,14 +92,14 @@ gnutls_cipher_decrypt (gnutls_cipher_hd_t handle, void *ciphertext, } /** - * gnutls_cipher_deinit - deinitializes resources by a context - * @handle: is a #gnutls_cipher_hd_t structure. - * - * This function will deinitialize all resources occupied by - * the given encryption context. - * - * Returns: This function has no return value. - **/ + * gnutls_cipher_deinit - deinitializes resources by a context + * @handle: is a #gnutls_cipher_hd_t structure. + * + * This function will deinitialize all resources occupied by + * the given encryption context. + * + * Returns: This function has no return value. + **/ void gnutls_cipher_deinit (gnutls_cipher_hd_t handle) { @@ -110,19 +110,19 @@ gnutls_cipher_deinit (gnutls_cipher_hd_t handle) /* HMAC */ /** - * gnutls_hmac_init - initializes an HMAC context - * @handle: is a #gnutls_hmac_hd_t structure. - * @algorithm: the HMAC algorithm to use - * @key: The key to be used for encryption - * @keylen: The length of the key - * - * This function will initialize an context that can - * be used to produce a Message Authentication Code (MAC) of data. - * This will effectively use the current crypto backend in use by gnutls or - * the cryptographic accelerator in use. - * - * Returns: Zero or a negative value on error. - **/ + * gnutls_hmac_init - initializes an HMAC context + * @handle: is a #gnutls_hmac_hd_t structure. + * @algorithm: the HMAC algorithm to use + * @key: The key to be used for encryption + * @keylen: The length of the key + * + * This function will initialize an context that can be used to + * produce a Message Authentication Code (MAC) of data. This will + * effectively use the current crypto backend in use by gnutls or the + * cryptographic accelerator in use. + * + * Returns: Zero or a negative value on error. + **/ int gnutls_hmac_init (gnutls_hmac_hd_t * dig, gnutls_digest_algorithm_t algorithm, const void *key, int keylen) @@ -137,30 +137,30 @@ gnutls_hmac_init (gnutls_hmac_hd_t * dig, gnutls_digest_algorithm_t algorithm, } /** - * gnutls_hmac - hashes the given data - * @handle: is a #gnutls_cipher_hd_t structure. - * @text: the data to hash - * @textlen: The length of data to hash - * - * This function will hash the given data using the algorithm - * specified by the context. - * - * Returns: Zero or a negative value on error. - **/ + * gnutls_hmac - hashes the given data + * @handle: is a #gnutls_cipher_hd_t structure. + * @text: the data to hash + * @textlen: The length of data to hash + * + * This function will hash the given data using the algorithm + * specified by the context. + * + * Returns: Zero or a negative value on error. + **/ int gnutls_hmac (gnutls_hmac_hd_t handle, const void *text, size_t textlen) { return _gnutls_hmac((digest_hd_st*)handle, text, textlen); } /** - * gnutls_hmac_output - Outputs the current MAC value - * @handle: is a #gnutls_hmac_hd_t structure. - * @digest: is the output value of the MAC - * - * This function will output the current MAC value. - * - * Returns: This function has no return value. - **/ + * gnutls_hmac_output - Outputs the current MAC value + * @handle: is a #gnutls_hmac_hd_t structure. + * @digest: is the output value of the MAC + * + * This function will output the current MAC value. + * + * Returns: This function has no return value. + **/ void gnutls_hmac_output (gnutls_hmac_hd_t handle, void *digest) { @@ -168,51 +168,52 @@ gnutls_hmac_output (gnutls_hmac_hd_t handle, void *digest) } /** - * gnutls_hmac_deinit - deinitializes resources by a context - * @handle: is a #gnutls_hmac_hd_t structure. - * @digest: is the output value of the MAC - * - * This function will deinitialize all resources occupied by - * the given hmac context. - * - * Returns: This function has no return value. - **/ + * gnutls_hmac_deinit - deinitializes resources by a context + * @handle: is a #gnutls_hmac_hd_t structure. + * @digest: is the output value of the MAC + * + * This function will deinitialize all resources occupied by + * the given hmac context. + * + * Returns: This function has no return value. + **/ void gnutls_hmac_deinit (gnutls_hmac_hd_t handle, void *digest) { _gnutls_hmac_deinit((digest_hd_st*)handle, digest); } /** - * gnutls_hmac_get_len - returns the length of the output data - * @algorithm: the hmac algorithm to use - * - * This function will return the length of the output data - * of the given hmac algorithm. - * - * Returns: The length or zero on error. - * - **/ + * gnutls_hmac_get_len - returns the length of the output data + * @algorithm: the hmac algorithm to use + * + * This function will return the length of the output data + * of the given hmac algorithm. + * + * Returns: The length or zero on error. + * + **/ int gnutls_hmac_get_len( gnutls_mac_algorithm_t algorithm) { return _gnutls_hmac_get_algo_len(algorithm); } /** - * gnutls_hmac_fast - hashes data - * @algorithm: the hash algorithm to use - * @key: the key to use - * @keylen: The length of the key - * @text: the data to hash - * @textlen: The length of data to hash - * @digest: is the output value of the hash - * - * This convenience function will hash the given data and return output - * on a single call. - * - * Returns: Zero or a negative value on error. - **/ -int gnutls_hmac_fast( gnutls_mac_algorithm_t algorithm, const void* key, int keylen, - const void* text, size_t textlen, void* digest) + * gnutls_hmac_fast - hashes data + * @algorithm: the hash algorithm to use + * @key: the key to use + * @keylen: The length of the key + * @text: the data to hash + * @textlen: The length of data to hash + * @digest: is the output value of the hash + * + * This convenience function will hash the given data and return output + * on a single call. + * + * Returns: Zero or a negative value on error. + **/ +int gnutls_hmac_fast (gnutls_mac_algorithm_t algorithm, + const void* key, int keylen, + const void* text, size_t textlen, void* digest) { return _gnutls_hmac_fast(algorithm, key, keylen, text, textlen, digest); } @@ -220,70 +221,71 @@ int gnutls_hmac_fast( gnutls_mac_algorithm_t algorithm, const void* key, int key /* HASH */ /** - * gnutls_hash_init - initializes an hash context - * @handle: is a #gnutls_hash_hd_t structure. - * @algorithm: the hash algorithm to use - * @key: The key to be used for encryption - * @keylen: The length of the key - * - * This function will initialize an context that can - * be used to produce a Message Digest of data. - * This will effectively use the current crypto backend in use by gnutls or - * the cryptographic accelerator in use. - * - * Returns: Zero or a negative value on error. - **/ -int gnutls_hash_init (gnutls_hash_hd_t * dig, gnutls_digest_algorithm_t algorithm) + * gnutls_hash_init - initializes an hash context + * @handle: is a #gnutls_hash_hd_t structure. + * @algorithm: the hash algorithm to use + * @key: The key to be used for encryption + * @keylen: The length of the key + * + * This function will initialize an context that can be used to + * produce a Message Digest of data. This will effectively use the + * current crypto backend in use by gnutls or the cryptographic + * accelerator in use. + * + * Returns: Zero or a negative value on error. + **/ +int gnutls_hash_init (gnutls_hash_hd_t * dig, + gnutls_digest_algorithm_t algorithm) { *dig = gnutls_malloc(sizeof(digest_hd_st)); if (*dig == NULL) { gnutls_assert(); return GNUTLS_E_MEMORY_ERROR; } - + return _gnutls_hash_init(((digest_hd_st*)*dig), algorithm); } /** - * gnutls_hash - hashes the given data - * @handle: is a #gnutls_cipher_hd_t structure. - * @text: the data to hash - * @textlen: The length of data to hash - * - * This function will hash the given data using the algorithm - * specified by the context. - * - * Returns: Zero or a negative value on error. - **/ + * gnutls_hash - hashes the given data + * @handle: is a #gnutls_cipher_hd_t structure. + * @text: the data to hash + * @textlen: The length of data to hash + * + * This function will hash the given data using the algorithm + * specified by the context. + * + * Returns: Zero or a negative value on error. + **/ int gnutls_hash (gnutls_hash_hd_t handle, const void *text, size_t textlen) { return _gnutls_hash((digest_hd_st*)handle, text, textlen); } /** - * gnutls_hash_output - Outputs the current hash value - * @handle: is a #gnutls_hash_hd_t structure. - * @digest: is the output value of the hash - * - * This function will output the current hash value. - * - * Returns: This function has no return value. - **/ + * gnutls_hash_output - Outputs the current hash value + * @handle: is a #gnutls_hash_hd_t structure. + * @digest: is the output value of the hash + * + * This function will output the current hash value. + * + * Returns: This function has no return value. + **/ void gnutls_hash_output (gnutls_hash_hd_t handle, void *digest) { return _gnutls_hash_output((digest_hd_st*)handle, digest); } /** - * gnutls_hash_deinit - deinitializes resources by a context - * @handle: is a #gnutls_hash_hd_t structure. - * @digest: is the output value of the hash - * - * This function will deinitialize all resources occupied by - * the given hash context. - * - * Returns: This function has no return value. - **/ + * gnutls_hash_deinit - deinitializes resources by a context + * @handle: is a #gnutls_hash_hd_t structure. + * @digest: is the output value of the hash + * + * This function will deinitialize all resources occupied by + * the given hash context. + * + * Returns: This function has no return value. + **/ void gnutls_hash_deinit (gnutls_hash_hd_t handle, void *digest) { @@ -291,34 +293,34 @@ gnutls_hash_deinit (gnutls_hash_hd_t handle, void *digest) } /** - * gnutls_hash_get_len - returns the length of the output data - * @algorithm: the hash algorithm to use - * - * This function will return the length of the output data - * of the given hash algorithm. - * - * Returns: The length or zero on error. - * - **/ + * gnutls_hash_get_len - returns the length of the output data + * @algorithm: the hash algorithm to use + * + * This function will return the length of the output data + * of the given hash algorithm. + * + * Returns: The length or zero on error. + * + **/ int gnutls_hash_get_len( gnutls_digest_algorithm_t algorithm) { return _gnutls_hash_get_algo_len(algorithm); } /** - * gnutls_hash_fast - initializes an hash context - * @algorithm: the hash algorithm to use - * @text: the data to hash - * @textlen: The length of data to hash - * @digest: is the output value of the hash - * - * This convenience function will hash the given data and return output - * on a single call. - * - * Returns: Zero or a negative value on error. - **/ + * gnutls_hash_fast - initializes an hash context + * @algorithm: the hash algorithm to use + * @text: the data to hash + * @textlen: The length of data to hash + * @digest: is the output value of the hash + * + * This convenience function will hash the given data and return output + * on a single call. + * + * Returns: Zero or a negative value on error. + **/ int gnutls_hash_fast (gnutls_digest_algorithm_t algorithm, - const void *text, size_t textlen, void *digest) + const void *text, size_t textlen, void *digest) { return _gnutls_hash_fast(algorithm, text, textlen, digest); } diff --git a/lib/ext_safe_renegotiation.c b/lib/ext_safe_renegotiation.c index fc11e94df5..b4942247fb 100644 --- a/lib/ext_safe_renegotiation.c +++ b/lib/ext_safe_renegotiation.c @@ -120,16 +120,16 @@ _gnutls_safe_renegotiation_send_params (gnutls_session_t session, } /** - * gnutls_safe_negotiation_set_initial - Used to enable and disable initial safe renegotiation - * @session: is a #gnutls_session_t structure. - * @value: 0 to disable and 1 to enable - * - * Used to enable and disable initial safe renegotiation for the current - * session. By default it is allowed for a client to not advertise safe - * renegotiation capability but there might be cases where signalling - * a client of its insecurity by rejecting session might be beneficial. - * This option has meaning only in server side. - **/ + * gnutls_safe_negotiation_set_initial - Used to enable and disable initial safe renegotiation + * @session: is a #gnutls_session_t structure. + * @value: 0 to disable and 1 to enable + * + * Used to enable and disable initial safe renegotiation for the current + * session. By default it is allowed for a client to not advertise safe + * renegotiation capability but there might be cases where signalling + * a client of its insecurity by rejecting session might be beneficial. + * This option has meaning only in server side. + **/ void gnutls_safe_negotiation_set_initial (gnutls_session_t session, int value) { @@ -137,16 +137,17 @@ gnutls_safe_negotiation_set_initial (gnutls_session_t session, int value) } /** - * gnutls_safe_negotiation_set - Used to enable and disable safe renegotiation - * @session: is a #gnutls_session_t structure. - * @value: 0 to disable and 1 to enable - * - * Used to enable and disable safe renegotiation for the current - * session. Normally you shouldn't cope with this function since the - * default (enable) is sufficient, but there might be servers that - * cannot handle or correctly handle the extension. - **/ -void gnutls_safe_renegotiation_set (gnutls_session_t session, int value) + * gnutls_safe_negotiation_set - Used to enable and disable safe renegotiation + * @session: is a #gnutls_session_t structure. + * @value: 0 to disable and 1 to enable + * + * Used to enable and disable safe renegotiation for the current + * session. Normally you shouldn't cope with this function since the + * default (enable) is sufficient, but there might be servers that + * cannot handle or correctly handle the extension. + **/ +void +gnutls_safe_renegotiation_set (gnutls_session_t session, int value) { - session->internals.priorities.unsafe_renegotiation = 1-value; + session->internals.priorities.unsafe_renegotiation = 1-value; } diff --git a/lib/gnutls_anon_cred.c b/lib/gnutls_anon_cred.c index 837bd94859..07bde86358 100644 --- a/lib/gnutls_anon_cred.c +++ b/lib/gnutls_anon_cred.c @@ -35,12 +35,12 @@ #include "gnutls_mpi.h" /** - * gnutls_anon_free_server_credentials - Used to free an allocated gnutls_anon_server_credentials_t structure - * @sc: is a #gnutls_anon_server_credentials_t structure. - * - * This structure is complex enough to manipulate directly thus this - * helper function is provided in order to free (deallocate) it. - **/ + * gnutls_anon_free_server_credentials - Used to free an allocated gnutls_anon_server_credentials_t structure + * @sc: is a #gnutls_anon_server_credentials_t structure. + * + * This structure is complex enough to manipulate directly thus this + * helper function is provided in order to free (deallocate) it. + **/ void gnutls_anon_free_server_credentials (gnutls_anon_server_credentials_t sc) { @@ -49,14 +49,14 @@ gnutls_anon_free_server_credentials (gnutls_anon_server_credentials_t sc) } /** - * gnutls_anon_allocate_server_credentials - Used to allocate an gnutls_anon_server_credentials_t structure - * @sc: is a pointer to a #gnutls_anon_server_credentials_t structure. - * - * This structure is complex enough to manipulate directly thus this - * helper function is provided in order to allocate it. - * - * Returns: %GNUTLS_E_SUCCESS on success, or an error code. - **/ + * gnutls_anon_allocate_server_credentials - Used to allocate an gnutls_anon_server_credentials_t structure + * @sc: is a pointer to a #gnutls_anon_server_credentials_t structure. + * + * This structure is complex enough to manipulate directly thus this + * helper function is provided in order to allocate it. + * + * Returns: %GNUTLS_E_SUCCESS on success, or an error code. + **/ int gnutls_anon_allocate_server_credentials (gnutls_anon_server_credentials_t * sc) @@ -69,12 +69,12 @@ gnutls_anon_allocate_server_credentials (gnutls_anon_server_credentials_t * /** - * gnutls_anon_free_client_credentials - Used to free an allocated gnutls_anon_client_credentials_t structure - * @sc: is a #gnutls_anon_client_credentials_t structure. - * - * This structure is complex enough to manipulate directly thus this - * helper function is provided in order to free (deallocate) it. - **/ + * gnutls_anon_free_client_credentials - Used to free an allocated gnutls_anon_client_credentials_t structure + * @sc: is a #gnutls_anon_client_credentials_t structure. + * + * This structure is complex enough to manipulate directly thus this + * helper function is provided in order to free (deallocate) it. + **/ void gnutls_anon_free_client_credentials (gnutls_anon_client_credentials_t sc) { @@ -105,14 +105,14 @@ gnutls_anon_allocate_client_credentials (gnutls_anon_client_credentials_t * } /** - * gnutls_anon_set_server_dh_params - set the DH parameters for a server to use - * @res: is a gnutls_anon_server_credentials_t structure - * @dh_params: is a structure that holds Diffie-Hellman parameters. - * - * This function will set the Diffie-Hellman parameters for an - * anonymous server to use. These parameters will be used in - * Anonymous Diffie-Hellman cipher suites. - **/ + * gnutls_anon_set_server_dh_params - set the DH parameters for a server to use + * @res: is a gnutls_anon_server_credentials_t structure + * @dh_params: is a structure that holds Diffie-Hellman parameters. + * + * This function will set the Diffie-Hellman parameters for an + * anonymous server to use. These parameters will be used in + * Anonymous Diffie-Hellman cipher suites. + **/ void gnutls_anon_set_server_dh_params (gnutls_anon_server_credentials_t res, gnutls_dh_params_t dh_params) @@ -121,14 +121,14 @@ gnutls_anon_set_server_dh_params (gnutls_anon_server_credentials_t res, } /** - * gnutls_anon_set_server_params_function - set the DH parameters callback - * @res: is a gnutls_certificate_credentials_t structure - * @func: is the function to be called - * - * This function will set a callback in order for the server to get - * the Diffie-Hellman parameters for anonymous authentication. The - * callback should return zero on success. - **/ + * gnutls_anon_set_server_params_function - set the DH parameters callback + * @res: is a gnutls_certificate_credentials_t structure + * @func: is the function to be called + * + * This function will set a callback in order for the server to get + * the Diffie-Hellman parameters for anonymous authentication. The + * callback should return zero on success. + **/ void gnutls_anon_set_server_params_function (gnutls_anon_server_credentials_t res, gnutls_params_function * func) diff --git a/lib/gnutls_auth.c b/lib/gnutls_auth.c index 328fa2f83a..da8f9a2a79 100644 --- a/lib/gnutls_auth.c +++ b/lib/gnutls_auth.c @@ -39,12 +39,11 @@ */ /** - * gnutls_credentials_clear - Clears all the credentials previously set - * @session: is a #gnutls_session_t structure. - * - * Clears all the credentials previously set in this session. - * - **/ + * gnutls_credentials_clear - Clears all the credentials previously set + * @session: is a #gnutls_session_t structure. + * + * Clears all the credentials previously set in this session. + **/ void gnutls_credentials_clear (gnutls_session_t session) { @@ -156,20 +155,20 @@ gnutls_credentials_set (gnutls_session_t session, } /** - * gnutls_auth_get_type - Returns the type of credentials for the current authentication schema. - * @session: is a #gnutls_session_t structure. - * - * Returns type of credentials for the current authentication schema. - * The returned information is to be used to distinguish the function used - * to access authentication data. - * - * Eg. for CERTIFICATE ciphersuites (key exchange algorithms: - * %GNUTLS_KX_RSA, %GNUTLS_KX_DHE_RSA), the same function are to be - * used to access the authentication data. - * - * Returns: The type of credentials for the current authentication - * schema, a #gnutls_credentials_type_t type. - **/ + * gnutls_auth_get_type - Returns the type of credentials for the current authentication schema. + * @session: is a #gnutls_session_t structure. + * + * Returns type of credentials for the current authentication schema. + * The returned information is to be used to distinguish the function used + * to access authentication data. + * + * Eg. for CERTIFICATE ciphersuites (key exchange algorithms: + * %GNUTLS_KX_RSA, %GNUTLS_KX_DHE_RSA), the same function are to be + * used to access the authentication data. + * + * Returns: The type of credentials for the current authentication + * schema, a #gnutls_credentials_type_t type. + **/ gnutls_credentials_type_t gnutls_auth_get_type (gnutls_session_t session) { @@ -185,16 +184,16 @@ gnutls_auth_get_type (gnutls_session_t session) } /** - * gnutls_auth_server_get_type - Returns the type of credentials for the server authentication schema. - * @session: is a #gnutls_session_t structure. - * - * Returns the type of credentials that were used for server authentication. - * The returned information is to be used to distinguish the function used - * to access authentication data. - * - * Returns: The type of credentials for the server authentication - * schema, a #gnutls_credentials_type_t type. - **/ + * gnutls_auth_server_get_type - Returns the type of credentials for the server authentication schema. + * @session: is a #gnutls_session_t structure. + * + * Returns the type of credentials that were used for server authentication. + * The returned information is to be used to distinguish the function used + * to access authentication data. + * + * Returns: The type of credentials for the server authentication + * schema, a #gnutls_credentials_type_t type. + **/ gnutls_credentials_type_t gnutls_auth_server_get_type (gnutls_session_t session) { @@ -205,16 +204,16 @@ gnutls_auth_server_get_type (gnutls_session_t session) } /** - * gnutls_auth_client_get_type - Returns the type of credentials for the client authentication schema. - * @session: is a #gnutls_session_t structure. - * - * Returns the type of credentials that were used for client authentication. - * The returned information is to be used to distinguish the function used - * to access authentication data. - * - * Returns: The type of credentials for the client authentication - * schema, a #gnutls_credentials_type_t type. - **/ + * gnutls_auth_client_get_type - Returns the type of credentials for the client authentication schema. + * @session: is a #gnutls_session_t structure. + * + * Returns the type of credentials that were used for client authentication. + * The returned information is to be used to distinguish the function used + * to access authentication data. + * + * Returns: The type of credentials for the client authentication + * schema, a #gnutls_credentials_type_t type. + **/ gnutls_credentials_type_t gnutls_auth_client_get_type (gnutls_session_t session) { @@ -271,18 +270,18 @@ out: } /*- - * _gnutls_get_auth_info - Returns a pointer to authentication information. - * @session: is a #gnutls_session_t structure. - * - * This function must be called after a successful gnutls_handshake(). - * Returns a pointer to authentication information. That information - * is data obtained by the handshake protocol, the key exchange algorithm, - * and the TLS extensions messages. - * - * In case of GNUTLS_CRD_ANON returns a type of &anon_(server/client)_auth_info_t; - * In case of GNUTLS_CRD_CERTIFICATE returns a type of &cert_auth_info_t; - * In case of GNUTLS_CRD_SRP returns a type of &srp_(server/client)_auth_info_t; - -*/ + * _gnutls_get_auth_info - Returns a pointer to authentication information. + * @session: is a #gnutls_session_t structure. + * + * This function must be called after a successful gnutls_handshake(). + * Returns a pointer to authentication information. That information + * is data obtained by the handshake protocol, the key exchange algorithm, + * and the TLS extensions messages. + * + * In case of GNUTLS_CRD_ANON returns a type of &anon_(server/client)_auth_info_t; + * In case of GNUTLS_CRD_CERTIFICATE returns a type of &cert_auth_info_t; + * In case of GNUTLS_CRD_SRP returns a type of &srp_(server/client)_auth_info_t; + -*/ void * _gnutls_get_auth_info (gnutls_session_t session) { @@ -290,13 +289,13 @@ _gnutls_get_auth_info (gnutls_session_t session) } /*- - * _gnutls_free_auth_info - Frees the auth info structure - * @session: is a #gnutls_session_t structure. - * - * This function frees the auth info structure and sets it to - * null. It must be called since some structures contain malloced - * elements. - -*/ + * _gnutls_free_auth_info - Frees the auth info structure + * @session: is a #gnutls_session_t structure. + * + * This function frees the auth info structure and sets it to + * null. It must be called since some structures contain malloced + * elements. + -*/ void _gnutls_free_auth_info (gnutls_session_t session) { diff --git a/lib/gnutls_cert.c b/lib/gnutls_cert.c index ce2aef21f5..857ee09039 100644 --- a/lib/gnutls_cert.c +++ b/lib/gnutls_cert.c @@ -46,14 +46,14 @@ #endif /** - * gnutls_certificate_free_keys - Used to free all the keys from a gnutls_certificate_credentials_t structure - * @sc: is a #gnutls_certificate_credentials_t structure. - * - * This function will delete all the keys and the certificates associated - * with the given credentials. This function must not be called when a - * TLS negotiation that uses the credentials is in progress. - * - **/ + * gnutls_certificate_free_keys - Used to free all the keys from a gnutls_certificate_credentials_t structure + * @sc: is a #gnutls_certificate_credentials_t structure. + * + * This function will delete all the keys and the certificates associated + * with the given credentials. This function must not be called when a + * TLS negotiation that uses the credentials is in progress. + * + **/ void gnutls_certificate_free_keys (gnutls_certificate_credentials_t sc) { @@ -87,15 +87,14 @@ gnutls_certificate_free_keys (gnutls_certificate_credentials_t sc) } /** - * gnutls_certificate_free_cas - Used to free all the CAs from a gnutls_certificate_credentials_t structure - * @sc: is a #gnutls_certificate_credentials_t structure. - * - * This function will delete all the CAs associated - * with the given credentials. Servers that do not use - * gnutls_certificate_verify_peers2() may call this to - * save some memory. - * - **/ + * gnutls_certificate_free_cas - Used to free all the CAs from a gnutls_certificate_credentials_t structure + * @sc: is a #gnutls_certificate_credentials_t structure. + * + * This function will delete all the CAs associated with the given + * credentials. Servers that do not use + * gnutls_certificate_verify_peers2() may call this to save some + * memory. + **/ void gnutls_certificate_free_cas (gnutls_certificate_credentials_t sc) { @@ -114,16 +113,16 @@ gnutls_certificate_free_cas (gnutls_certificate_credentials_t sc) } /** - * gnutls_certificate_get_x509_cas - Used to export all the CAs from a gnutls_certificate_credentials_t structure - * @sc: is a #gnutls_certificate_credentials_t structure. - * @x509_ca_list: will point to the CA list. Should be treated as constant - * @ncas: the number of CAs - * - * This function will export all the CAs associated - * with the given credentials. - * - * Since: 2.4.0 - **/ + * gnutls_certificate_get_x509_cas - Used to export all the CAs from a gnutls_certificate_credentials_t structure + * @sc: is a #gnutls_certificate_credentials_t structure. + * @x509_ca_list: will point to the CA list. Should be treated as constant + * @ncas: the number of CAs + * + * This function will export all the CAs associated with the given + * credentials. + * + * Since: 2.4.0 + **/ void gnutls_certificate_get_x509_cas (gnutls_certificate_credentials_t sc, gnutls_x509_crt_t ** x509_ca_list, @@ -134,16 +133,16 @@ gnutls_certificate_get_x509_cas (gnutls_certificate_credentials_t sc, } /** - * gnutls_certificate_get_x509_crls - Used to export all the CRLs from a gnutls_certificate_credentials_t structure - * @sc: is a #gnutls_certificate_credentials_t structure. - * @x509_crl_list: the exported CRL list. Should be treated as constant - * @ncrls: the number of exported CRLs - * - * This function will export all the CRLs associated with the given - * credentials. - * - * Since: 2.4.0 - **/ + * gnutls_certificate_get_x509_crls - Used to export all the CRLs from a gnutls_certificate_credentials_t structure + * @sc: is a #gnutls_certificate_credentials_t structure. + * @x509_crl_list: the exported CRL list. Should be treated as constant + * @ncrls: the number of exported CRLs + * + * This function will export all the CRLs associated with the given + * credentials. + * + * Since: 2.4.0 + **/ void gnutls_certificate_get_x509_crls (gnutls_certificate_credentials_t sc, gnutls_x509_crl_t ** x509_crl_list, @@ -175,17 +174,16 @@ gnutls_certificate_get_openpgp_keyring (gnutls_certificate_credentials_t sc, #endif /** - * gnutls_certificate_free_ca_names - Used to free all the CA names from a gnutls_certificate_credentials_t structure - * @sc: is a #gnutls_certificate_credentials_t structure. - * - * This function will delete all the CA name in the - * given credentials. Clients may call this to save some memory - * since in client side the CA names are not used. - * - * CA names are used by servers to advertize the CAs they - * support to clients. - * - **/ + * gnutls_certificate_free_ca_names - Used to free all the CA names from a gnutls_certificate_credentials_t structure + * @sc: is a #gnutls_certificate_credentials_t structure. + * + * This function will delete all the CA name in the given + * credentials. Clients may call this to save some memory since in + * client side the CA names are not used. + * + * CA names are used by servers to advertize the CAs they support to + * clients. + **/ void gnutls_certificate_free_ca_names (gnutls_certificate_credentials_t sc) { @@ -193,14 +191,13 @@ gnutls_certificate_free_ca_names (gnutls_certificate_credentials_t sc) } /*- - * _gnutls_certificate_get_rsa_params - Returns the RSA parameters pointer - * @rsa_params: holds the RSA parameters or NULL. - * @func: function to retrieve the parameters or NULL. - * @session: The session. - * - * This function will return the rsa parameters pointer. - * - -*/ + * _gnutls_certificate_get_rsa_params - Returns the RSA parameters pointer + * @rsa_params: holds the RSA parameters or NULL. + * @func: function to retrieve the parameters or NULL. + * @session: The session. + * + * This function will return the rsa parameters pointer. + -*/ gnutls_rsa_params_t _gnutls_certificate_get_rsa_params (gnutls_rsa_params_t rsa_params, gnutls_params_function * func, @@ -233,16 +230,16 @@ _gnutls_certificate_get_rsa_params (gnutls_rsa_params_t rsa_params, /** - * gnutls_certificate_free_credentials - Used to free an allocated gnutls_certificate_credentials_t structure - * @sc: is a #gnutls_certificate_credentials_t structure. - * - * This structure is complex enough to manipulate directly thus - * this helper function is provided in order to free (deallocate) it. - * - * This function does not free any temporary parameters associated - * with this structure (ie RSA and DH parameters are not freed by - * this function). - **/ + * gnutls_certificate_free_credentials - Used to free an allocated gnutls_certificate_credentials_t structure + * @sc: is a #gnutls_certificate_credentials_t structure. + * + * This structure is complex enough to manipulate directly thus this + * helper function is provided in order to free (deallocate) it. + * + * This function does not free any temporary parameters associated + * with this structure (ie RSA and DH parameters are not freed by this + * function). + **/ void gnutls_certificate_free_credentials (gnutls_certificate_credentials_t sc) { @@ -262,14 +259,14 @@ gnutls_certificate_free_credentials (gnutls_certificate_credentials_t sc) /** - * gnutls_certificate_allocate_credentials - Used to allocate a gnutls_certificate_credentials_t structure - * @res: is a pointer to a #gnutls_certificate_credentials_t structure. - * - * This structure is complex enough to manipulate directly thus this - * helper function is provided in order to allocate it. - * - * Returns: %GNUTLS_E_SUCCESS on success, or an error code. - **/ + * gnutls_certificate_allocate_credentials - Used to allocate a gnutls_certificate_credentials_t structure + * @res: is a pointer to a #gnutls_certificate_credentials_t structure. + * + * This structure is complex enough to manipulate directly thus this + * helper function is provided in order to allocate it. + * + * Returns: %GNUTLS_E_SUCCESS on success, or an error code. + **/ int gnutls_certificate_allocate_credentials (gnutls_certificate_credentials_t * res) @@ -346,17 +343,16 @@ _gnutls_selected_cert_supported_kx (gnutls_session_t session, /** - * gnutls_certificate_server_set_request - Used to set whether to request a client certificate - * @session: is a #gnutls_session_t structure. - * @req: is one of GNUTLS_CERT_REQUEST, GNUTLS_CERT_REQUIRE - * - * This function specifies if we (in case of a server) are going - * to send a certificate request message to the client. If @req - * is GNUTLS_CERT_REQUIRE then the server will return an error if - * the peer does not provide a certificate. If you do not - * call this function then the client will not be asked to - * send a certificate. - **/ + * gnutls_certificate_server_set_request - Used to set whether to request a client certificate + * @session: is a #gnutls_session_t structure. + * @req: is one of GNUTLS_CERT_REQUEST, GNUTLS_CERT_REQUIRE + * + * This function specifies if we (in case of a server) are going to + * send a certificate request message to the client. If @req is + * GNUTLS_CERT_REQUIRE then the server will return an error if the + * peer does not provide a certificate. If you do not call this + * function then the client will not be asked to send a certificate. + **/ void gnutls_certificate_server_set_request (gnutls_session_t session, gnutls_certificate_request_t req) @@ -365,35 +361,36 @@ gnutls_certificate_server_set_request (gnutls_session_t session, } /** - * gnutls_certificate_client_set_retrieve_function - Used to set a callback to retrieve the certificate - * @cred: is a #gnutls_certificate_credentials_t structure. - * @func: is the callback function - * - * This function sets a callback to be called in order to retrieve the certificate - * to be used in the handshake. - * The callback's function prototype is: - * int (*callback)(gnutls_session_t, const gnutls_datum_t* req_ca_dn, int nreqs, - * const gnutls_pk_algorithm_t* pk_algos, int pk_algos_length, gnutls_retr_st* st); - * - * @req_ca_cert is only used in X.509 certificates. - * Contains a list with the CA names that the server considers trusted. - * Normally we should send a certificate that is signed - * by one of these CAs. These names are DER encoded. To get a more - * meaningful value use the function gnutls_x509_rdn_get(). - * - * @pk_algos contains a list with server's acceptable signature algorithms. - * The certificate returned should support the server's given algorithms. - * - * @st should contain the certificates and private keys. - * - * If the callback function is provided then gnutls will call it, in the - * handshake, after the certificate request message has been received. - * - * The callback function should set the certificate list to be sent, and - * return 0 on success. If no certificate was selected then the number of certificates - * should be set to zero. The value (-1) indicates error and the handshake - * will be terminated. - **/ + * gnutls_certificate_client_set_retrieve_function - Used to set a callback to retrieve the certificate + * @cred: is a #gnutls_certificate_credentials_t structure. + * @func: is the callback function + * + * This function sets a callback to be called in order to retrieve the + * certificate to be used in the handshake. + * + * The callback's function prototype is: + * int (*callback)(gnutls_session_t, const gnutls_datum_t* req_ca_dn, int nreqs, + * const gnutls_pk_algorithm_t* pk_algos, int pk_algos_length, gnutls_retr_st* st); + * + * @req_ca_cert is only used in X.509 certificates. + * Contains a list with the CA names that the server considers trusted. + * Normally we should send a certificate that is signed + * by one of these CAs. These names are DER encoded. To get a more + * meaningful value use the function gnutls_x509_rdn_get(). + * + * @pk_algos contains a list with server's acceptable signature algorithms. + * The certificate returned should support the server's given algorithms. + * + * @st should contain the certificates and private keys. + * + * If the callback function is provided then gnutls will call it, in the + * handshake, after the certificate request message has been received. + * + * The callback function should set the certificate list to be sent, + * and return 0 on success. If no certificate was selected then the + * number of certificates should be set to zero. The value (-1) + * indicates error and the handshake will be terminated. + **/ void gnutls_certificate_client_set_retrieve_function (gnutls_certificate_credentials_t cred, gnutls_certificate_client_retrieve_function * func) @@ -402,24 +399,25 @@ void gnutls_certificate_client_set_retrieve_function } /** - * gnutls_certificate_server_set_retrieve_function - Used to set a callback to retrieve the certificate - * @cred: is a #gnutls_certificate_credentials_t structure. - * @func: is the callback function - * - * This function sets a callback to be called in order to retrieve the certificate - * to be used in the handshake. - * The callback's function prototype is: - * int (*callback)(gnutls_session_t, gnutls_retr_st* st); - * - * @st should contain the certificates and private keys. - * - * If the callback function is provided then gnutls will call it, in the - * handshake, after the certificate request message has been received. - * - * The callback function should set the certificate list to be sent, and - * return 0 on success. The value (-1) indicates error and the handshake - * will be terminated. - **/ + * gnutls_certificate_server_set_retrieve_function - Used to set a callback to retrieve the certificate + * @cred: is a #gnutls_certificate_credentials_t structure. + * @func: is the callback function + * + * This function sets a callback to be called in order to retrieve the + * certificate to be used in the handshake. + * + * The callback's function prototype is: + * int (*callback)(gnutls_session_t, gnutls_retr_st* st); + * + * @st should contain the certificates and private keys. + * + * If the callback function is provided then gnutls will call it, in the + * handshake, after the certificate request message has been received. + * + * The callback function should set the certificate list to be sent, and + * return 0 on success. The value (-1) indicates error and the handshake + * will be terminated. + **/ void gnutls_certificate_server_set_retrieve_function (gnutls_certificate_credentials_t cred, gnutls_certificate_server_retrieve_function * func) @@ -497,13 +495,12 @@ _gnutls_x509_get_raw_crt_expiration_time (const gnutls_datum_t * cert) #ifdef ENABLE_OPENPGP /*- - * _gnutls_openpgp_crt_verify_peers - return the peer's certificate status - * @session: is a gnutls session - * - * This function will try to verify the peer's certificate and return its status (TRUSTED, INVALID etc.). - * Returns a negative error code in case of an error, or GNUTLS_E_NO_CERTIFICATE_FOUND if no certificate was sent. - * - -*/ + * _gnutls_openpgp_crt_verify_peers - return the peer's certificate status + * @session: is a gnutls session + * + * This function will try to verify the peer's certificate and return its status (TRUSTED, INVALID etc.). + * Returns a negative error code in case of an error, or GNUTLS_E_NO_CERTIFICATE_FOUND if no certificate was sent. + -*/ static int _gnutls_openpgp_crt_verify_peers (gnutls_session_t session, unsigned int *status) @@ -560,31 +557,31 @@ _gnutls_openpgp_crt_verify_peers (gnutls_session_t session, #endif /** - * gnutls_certificate_verify_peers2 - return the peer's certificate verification status - * @session: is a gnutls session - * @status: is the output of the verification - * - * This function will try to verify the peer's certificate and return - * its status (trusted, invalid etc.). The value of @status should - * be one or more of the gnutls_certificate_status_t enumerated - * elements bitwise or'd. To avoid denial of service attacks some - * default upper limits regarding the certificate key size and chain - * size are set. To override them use - * gnutls_certificate_set_verify_limits(). - * - * Note that you must also check the peer's name in order to check if - * the verified certificate belongs to the actual peer. - * - * This function uses gnutls_x509_crt_list_verify() with the CAs in - * the credentials as trusted CAs. - * - * Note that some commonly used X.509 Certificate Authorities are - * still using Version 1 certificates. If you want to accept them, - * you need to call gnutls_certificate_set_verify_flags() with, e.g., - * %GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT parameter. - * - * Returns: a negative error code on error and zero on success. - **/ + * gnutls_certificate_verify_peers2 - return the peer's certificate verification status + * @session: is a gnutls session + * @status: is the output of the verification + * + * This function will try to verify the peer's certificate and return + * its status (trusted, invalid etc.). The value of @status should + * be one or more of the gnutls_certificate_status_t enumerated + * elements bitwise or'd. To avoid denial of service attacks some + * default upper limits regarding the certificate key size and chain + * size are set. To override them use + * gnutls_certificate_set_verify_limits(). + * + * Note that you must also check the peer's name in order to check if + * the verified certificate belongs to the actual peer. + * + * This function uses gnutls_x509_crt_list_verify() with the CAs in + * the credentials as trusted CAs. + * + * Note that some commonly used X.509 Certificate Authorities are + * still using Version 1 certificates. If you want to accept them, + * you need to call gnutls_certificate_set_verify_flags() with, e.g., + * %GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT parameter. + * + * Returns: a negative error code on error and zero on success. + **/ int gnutls_certificate_verify_peers2 (gnutls_session_t session, unsigned int *status) @@ -616,21 +613,21 @@ gnutls_certificate_verify_peers2 (gnutls_session_t session, } /** - * gnutls_certificate_verify_peers - return the peer's certificate verification status - * @session: is a gnutls session - * - * This function will try to verify the peer's certificate and return - * its status (trusted, invalid etc.). However you must also check - * the peer's name in order to check if the verified certificate - * belongs to the actual peer. - * - * This function uses gnutls_x509_crt_list_verify(). - * - * Returns: one or more of the #gnutls_certificate_status_t - * enumerated elements bitwise or'd, or a negative value on error. - * - * Deprecated: Use gnutls_certificate_verify_peers2() instead. - **/ + * gnutls_certificate_verify_peers - return the peer's certificate verification status + * @session: is a gnutls session + * + * This function will try to verify the peer's certificate and return + * its status (trusted, invalid etc.). However you must also check + * the peer's name in order to check if the verified certificate + * belongs to the actual peer. + * + * This function uses gnutls_x509_crt_list_verify(). + * + * Returns: one or more of the #gnutls_certificate_status_t + * enumerated elements bitwise or'd, or a negative value on error. + * + * Deprecated: Use gnutls_certificate_verify_peers2() instead. + **/ int gnutls_certificate_verify_peers (gnutls_session_t session) { @@ -649,15 +646,15 @@ gnutls_certificate_verify_peers (gnutls_session_t session) } /** - * gnutls_certificate_expiration_time_peers - return the peer's certificate expiration time - * @session: is a gnutls session - * - * This function will return the peer's certificate expiration time. - * - * Returns: (time_t)-1 on error. - * - * Deprecated: gnutls_certificate_verify_peers2() now verifies expiration times. - **/ + * gnutls_certificate_expiration_time_peers - return the peer's certificate expiration time + * @session: is a gnutls session + * + * This function will return the peer's certificate expiration time. + * + * Returns: (time_t)-1 on error. + * + * Deprecated: gnutls_certificate_verify_peers2() now verifies expiration times. + **/ time_t gnutls_certificate_expiration_time_peers (gnutls_session_t session) { @@ -695,16 +692,16 @@ gnutls_certificate_expiration_time_peers (gnutls_session_t session) } /** - * gnutls_certificate_activation_time_peers - return the peer's certificate activation time - * @session: is a gnutls session - * - * This function will return the peer's certificate activation time. - * This is the creation time for openpgp keys. - * - * Returns: (time_t)-1 on error. - * - * Deprecated: gnutls_certificate_verify_peers2() now verifies activation times. - **/ + * gnutls_certificate_activation_time_peers - return the peer's certificate activation time + * @session: is a gnutls session + * + * This function will return the peer's certificate activation time. + * This is the creation time for openpgp keys. + * + * Returns: (time_t)-1 on error. + * + * Deprecated: gnutls_certificate_verify_peers2() now verifies activation times. + **/ time_t gnutls_certificate_activation_time_peers (gnutls_session_t session) { diff --git a/lib/gnutls_db.c b/lib/gnutls_db.c index e136eaa19d..e92d53c890 100644 --- a/lib/gnutls_db.c +++ b/lib/gnutls_db.c @@ -35,21 +35,21 @@ #include <gnutls_datum.h> /** - * gnutls_db_set_retrieve_function - Set the function that will be used to get data - * @session: is a #gnutls_session_t structure. - * @retr_func: is the function. - * - * Sets the function that will be used to retrieve data from the - * resumed sessions database. This function must return a - * gnutls_datum_t containing the data on success, or a gnutls_datum_t - * containing null and 0 on failure. - * - * The datum's data must be allocated using the function - * gnutls_malloc(). - * - * The first argument to retr_func() will be null unless - * gnutls_db_set_ptr() has been called. - **/ + * gnutls_db_set_retrieve_function - Set the function that will be used to get data + * @session: is a #gnutls_session_t structure. + * @retr_func: is the function. + * + * Sets the function that will be used to retrieve data from the + * resumed sessions database. This function must return a + * gnutls_datum_t containing the data on success, or a gnutls_datum_t + * containing null and 0 on failure. + * + * The datum's data must be allocated using the function + * gnutls_malloc(). + * + * The first argument to retr_func() will be null unless + * gnutls_db_set_ptr() has been called. + **/ void gnutls_db_set_retrieve_function (gnutls_session_t session, gnutls_db_retr_func retr_func) @@ -58,16 +58,16 @@ gnutls_db_set_retrieve_function (gnutls_session_t session, } /** - * gnutls_db_set_remove_function - Set the function that will be used to remove data - * @session: is a #gnutls_session_t structure. - * @rem_func: is the function. - * - * Sets the function that will be used to remove data from the - * resumed sessions database. This function must return 0 on success. - * - * The first argument to rem_func() will be null unless - * gnutls_db_set_ptr() has been called. - **/ + * gnutls_db_set_remove_function - Set the function that will be used to remove data + * @session: is a #gnutls_session_t structure. + * @rem_func: is the function. + * + * Sets the function that will be used to remove data from the + * resumed sessions database. This function must return 0 on success. + * + * The first argument to rem_func() will be null unless + * gnutls_db_set_ptr() has been called. + **/ void gnutls_db_set_remove_function (gnutls_session_t session, gnutls_db_remove_func rem_func) @@ -76,16 +76,16 @@ gnutls_db_set_remove_function (gnutls_session_t session, } /** - * gnutls_db_set_store_function - Set the function that will be used to put data - * @session: is a #gnutls_session_t structure. - * @store_func: is the function - * - * Sets the function that will be used to store data from the resumed - * sessions database. This function must remove 0 on success. - * - * The first argument to store_func() will be null unless - * gnutls_db_set_ptr() has been called. - **/ + * gnutls_db_set_store_function - Set the function that will be used to put data + * @session: is a #gnutls_session_t structure. + * @store_func: is the function + * + * Sets the function that will be used to store data from the resumed + * sessions database. This function must remove 0 on success. + * + * The first argument to store_func() will be null unless + * gnutls_db_set_ptr() has been called. + **/ void gnutls_db_set_store_function (gnutls_session_t session, gnutls_db_store_func store_func) @@ -94,14 +94,13 @@ gnutls_db_set_store_function (gnutls_session_t session, } /** - * gnutls_db_set_ptr - Set a pointer to be sent to db functions - * @session: is a #gnutls_session_t structure. - * @ptr: is the pointer - * - * Sets the pointer that will be provided to db store, retrieve and - * delete functions, as the first argument. - * - **/ + * gnutls_db_set_ptr - Set a pointer to be sent to db functions + * @session: is a #gnutls_session_t structure. + * @ptr: is the pointer + * + * Sets the pointer that will be provided to db store, retrieve and + * delete functions, as the first argument. + **/ void gnutls_db_set_ptr (gnutls_session_t session, void *ptr) { @@ -109,14 +108,14 @@ gnutls_db_set_ptr (gnutls_session_t session, void *ptr) } /** - * gnutls_db_get_ptr - Returns the pointer which is sent to db functions - * @session: is a #gnutls_session_t structure. - * - * Get db function pointer. - * - * Returns: the pointer that will be sent to db store, retrieve and - * delete functions, as the first argument. - **/ + * gnutls_db_get_ptr - Returns the pointer which is sent to db functions + * @session: is a #gnutls_session_t structure. + * + * Get db function pointer. + * + * Returns: the pointer that will be sent to db store, retrieve and + * delete functions, as the first argument. + **/ void * gnutls_db_get_ptr (gnutls_session_t session) { diff --git a/lib/gnutls_dh.c b/lib/gnutls_dh.c index e1e5b5a8ce..2a3d2f4d93 100644 --- a/lib/gnutls_dh.c +++ b/lib/gnutls_dh.c @@ -112,14 +112,13 @@ gnutls_calc_dh_key (bigint_t f, bigint_t x, bigint_t prime) } /*- - * _gnutls_get_dh_params - Returns the DH parameters pointer - * @dh_params: is an DH parameters structure, or NULL. - * @func: is a callback function to receive the parameters or NULL. - * @session: a gnutls session. - * - * This function will return the dh parameters pointer. - * - -*/ + * _gnutls_get_dh_params - Returns the DH parameters pointer + * @dh_params: is an DH parameters structure, or NULL. + * @func: is a callback function to receive the parameters or NULL. + * @session: a gnutls session. + * + * This function will return the dh parameters pointer. + -*/ gnutls_dh_params_t _gnutls_get_dh_params (gnutls_dh_params_t dh_params, gnutls_params_function * func, diff --git a/lib/gnutls_handshake.c b/lib/gnutls_handshake.c index 39669f1989..a3c07a46fe 100644 --- a/lib/gnutls_handshake.c +++ b/lib/gnutls_handshake.c @@ -2495,35 +2495,34 @@ _gnutls_recv_hello (gnutls_session_t session, opaque * data, int datalen) */ /** - * gnutls_rehandshake - renegotiate security parameters - * @session: is a #gnutls_session_t structure. - * - * This function will renegotiate security parameters with the - * client. This should only be called in case of a server. - * - * This message informs the peer that we want to renegotiate - * parameters (perform a handshake). - * - * If this function succeeds (returns 0), you must call the - * gnutls_handshake() function in order to negotiate the new - * parameters. - * - * Since TLS is full duplex some application data might have been - * sent during peer's processing of this message. In that case - * one should call gnutls_record_recv() until GNUTLS_E_REHANDSHAKE - * is returned to clear any pending data. Care must be taken if - * rehandshake is mandatory to terminate if it does not start after - * some threshold. - * - * If the client does not wish to renegotiate parameters he will - * should with an alert message, thus the return code will be - * %GNUTLS_E_WARNING_ALERT_RECEIVED and the alert will be - * %GNUTLS_A_NO_RENEGOTIATION. A client may also choose to ignore - * this message. - * - * Returns: %GNUTLS_E_SUCCESS on success, otherwise an error. - * - **/ + * gnutls_rehandshake - renegotiate security parameters + * @session: is a #gnutls_session_t structure. + * + * This function will renegotiate security parameters with the + * client. This should only be called in case of a server. + * + * This message informs the peer that we want to renegotiate + * parameters (perform a handshake). + * + * If this function succeeds (returns 0), you must call the + * gnutls_handshake() function in order to negotiate the new + * parameters. + * + * Since TLS is full duplex some application data might have been + * sent during peer's processing of this message. In that case + * one should call gnutls_record_recv() until GNUTLS_E_REHANDSHAKE + * is returned to clear any pending data. Care must be taken if + * rehandshake is mandatory to terminate if it does not start after + * some threshold. + * + * If the client does not wish to renegotiate parameters he will + * should with an alert message, thus the return code will be + * %GNUTLS_E_WARNING_ALERT_RECEIVED and the alert will be + * %GNUTLS_A_NO_RENEGOTIATION. A client may also choose to ignore + * this message. + * + * Returns: %GNUTLS_E_SUCCESS on success, otherwise an error. + **/ int gnutls_rehandshake (gnutls_session_t session) { @@ -2700,34 +2699,33 @@ _gnutls_recv_supplemental (gnutls_session_t session) } /** - * gnutls_handshake - This is the main function in the handshake protocol. - * @session: is a #gnutls_session_t structure. - * - * This function does the handshake of the TLS/SSL protocol, and - * initializes the TLS connection. - * - * This function will fail if any problem is encountered, and will - * return a negative error code. In case of a client, if the client - * has asked to resume a session, but the server couldn't, then a - * full handshake will be performed. - * - * The non-fatal errors such as %GNUTLS_E_AGAIN and - * %GNUTLS_E_INTERRUPTED interrupt the handshake procedure, which - * should be later be resumed. Call this function again, until it - * returns 0; cf. gnutls_record_get_direction() and - * gnutls_error_is_fatal(). - * - * If this function is called by a server after a rehandshake request - * then %GNUTLS_E_GOT_APPLICATION_DATA or - * %GNUTLS_E_WARNING_ALERT_RECEIVED may be returned. Note that these - * are non fatal errors, only in the specific case of a rehandshake. - * Their meaning is that the client rejected the rehandshake request or - * in the case of %GNUTLS_E_GOT_APPLICATION_DATA it might also mean that - * some data were pending. - * - * Returns: %GNUTLS_E_SUCCESS on success, otherwise an error. - * - **/ + * gnutls_handshake - This is the main function in the handshake protocol. + * @session: is a #gnutls_session_t structure. + * + * This function does the handshake of the TLS/SSL protocol, and + * initializes the TLS connection. + * + * This function will fail if any problem is encountered, and will + * return a negative error code. In case of a client, if the client + * has asked to resume a session, but the server couldn't, then a + * full handshake will be performed. + * + * The non-fatal errors such as %GNUTLS_E_AGAIN and + * %GNUTLS_E_INTERRUPTED interrupt the handshake procedure, which + * should be later be resumed. Call this function again, until it + * returns 0; cf. gnutls_record_get_direction() and + * gnutls_error_is_fatal(). + * + * If this function is called by a server after a rehandshake request + * then %GNUTLS_E_GOT_APPLICATION_DATA or + * %GNUTLS_E_WARNING_ALERT_RECEIVED may be returned. Note that these + * are non fatal errors, only in the specific case of a rehandshake. + * Their meaning is that the client rejected the rehandshake request or + * in the case of %GNUTLS_E_GOT_APPLICATION_DATA it might also mean that + * some data were pending. + * + * Returns: %GNUTLS_E_SUCCESS on success, otherwise an error. + **/ int gnutls_handshake (gnutls_session_t session) { @@ -3020,11 +3018,10 @@ _gnutls_recv_handshake_final (gnutls_session_t session, int init) return 0; } - /* - * _gnutls_handshake_server - * This function does the server stuff of the handshake protocol. - */ - +/* + * _gnutls_handshake_server + * This function does the server stuff of the handshake protocol. + */ int _gnutls_handshake_server (gnutls_session_t session) { @@ -3529,19 +3526,19 @@ _gnutls_get_adv_version (gnutls_session_t session) } /** - * gnutls_handshake_get_last_in - Returns the last handshake message received. - * @session: is a #gnutls_session_t structure. - * - * This function is only useful to check where the last performed - * handshake failed. If the previous handshake succeed or was not - * performed at all then no meaningful value will be returned. - * - * Check %gnutls_handshake_description_t in gnutls.h for the - * available handshake descriptions. - * - * Returns: the last handshake message type received, a - * %gnutls_handshake_description_t. - **/ + * gnutls_handshake_get_last_in - Returns the last handshake message received. + * @session: is a #gnutls_session_t structure. + * + * This function is only useful to check where the last performed + * handshake failed. If the previous handshake succeed or was not + * performed at all then no meaningful value will be returned. + * + * Check %gnutls_handshake_description_t in gnutls.h for the + * available handshake descriptions. + * + * Returns: the last handshake message type received, a + * %gnutls_handshake_description_t. + **/ gnutls_handshake_description_t gnutls_handshake_get_last_in (gnutls_session_t session) { @@ -3549,19 +3546,19 @@ gnutls_handshake_get_last_in (gnutls_session_t session) } /** - * gnutls_handshake_get_last_out - Returns the last handshake message sent. - * @session: is a #gnutls_session_t structure. - * - * This function is only useful to check where the last performed - * handshake failed. If the previous handshake succeed or was not - * performed at all then no meaningful value will be returned. - * - * Check %gnutls_handshake_description_t in gnutls.h for the - * available handshake descriptions. - * - * Returns: the last handshake message type sent, a - * %gnutls_handshake_description_t. - **/ + * gnutls_handshake_get_last_out - Returns the last handshake message sent. + * @session: is a #gnutls_session_t structure. + * + * This function is only useful to check where the last performed + * handshake failed. If the previous handshake succeed or was not + * performed at all then no meaningful value will be returned. + * + * Check %gnutls_handshake_description_t in gnutls.h for the + * available handshake descriptions. + * + * Returns: the last handshake message type sent, a + * %gnutls_handshake_description_t. + **/ gnutls_handshake_description_t gnutls_handshake_get_last_out (gnutls_session_t session) { diff --git a/lib/gnutls_mem.c b/lib/gnutls_mem.c index 1acc4a5d4a..f6caa8f94d 100644 --- a/lib/gnutls_mem.c +++ b/lib/gnutls_mem.c @@ -105,29 +105,30 @@ _gnutls_strdup (const char *str) */ /** - * gnutls_malloc - Allocates and returns data - * - * This function will allocate 's' bytes data, and - * return a pointer to memory. This function is supposed - * to be used by callbacks. - * - * The allocation function used is the one set by gnutls_global_set_mem_functions(). - * - **/ + * gnutls_malloc - Allocates and returns data + * + * This function will allocate 's' bytes data, and + * return a pointer to memory. This function is supposed + * to be used by callbacks. + * + * The allocation function used is the one set by + * gnutls_global_set_mem_functions(). + **/ void * gnutls_malloc (size_t s) { } /** - * gnutls_free - Returns a free() like function - * @d: pointer to memory - * - * This function will free data pointed by ptr. - * - * The deallocation function used is the one set by gnutls_global_set_mem_functions(). - * - **/ + * gnutls_free - Returns a free() like function + * @d: pointer to memory + * + * This function will free data pointed by ptr. + * + * The deallocation function used is the one set by + * gnutls_global_set_mem_functions(). + * + **/ void gnutls_free (void *ptr) { diff --git a/lib/gnutls_priority.c b/lib/gnutls_priority.c index 16d28d5df7..d00457a7b1 100644 --- a/lib/gnutls_priority.c +++ b/lib/gnutls_priority.c @@ -37,19 +37,18 @@ break_comma_list (char *etag, char sep); /** - * gnutls_cipher_set_priority - Sets the priority on the ciphers supported by gnutls. - * @session: is a #gnutls_session_t structure. - * @list: is a 0 terminated list of gnutls_cipher_algorithm_t elements. - * - * Sets the priority on the ciphers supported by gnutls. - * Priority is higher for elements specified before others. - * After specifying the ciphers you want, you must append a 0. - * Note that the priority is set on the client. The server does - * not use the algorithm's priority except for disabling - * algorithms that were not specified. - * - * Returns: %GNUTLS_E_SUCCESS on success, or an error code. - **/ + * gnutls_cipher_set_priority - Sets the priority on the ciphers supported by gnutls. + * @session: is a #gnutls_session_t structure. + * @list: is a 0 terminated list of gnutls_cipher_algorithm_t elements. + * + * Sets the priority on the ciphers supported by gnutls. Priority is + * higher for elements specified before others. After specifying the + * ciphers you want, you must append a 0. Note that the priority is + * set on the client. The server does not use the algorithm's + * priority except for disabling algorithms that were not specified. + * + * Returns: %GNUTLS_E_SUCCESS on success, or an error code. + **/ int gnutls_cipher_set_priority (gnutls_session_t session, const int *list) { @@ -90,19 +89,19 @@ _set_priority (priority_st * st, const int *list) } /** - * gnutls_kx_set_priority - Sets the priority on the key exchange algorithms supported by gnutls. - * @session: is a #gnutls_session_t structure. - * @list: is a 0 terminated list of gnutls_kx_algorithm_t elements. - * - * Sets the priority on the key exchange algorithms supported by gnutls. - * Priority is higher for elements specified before others. - * After specifying the algorithms you want, you must append a 0. - * Note that the priority is set on the client. The server does - * not use the algorithm's priority except for disabling - * algorithms that were not specified. - * - * Returns: %GNUTLS_E_SUCCESS on success, or an error code. - **/ + * gnutls_kx_set_priority - Sets the priority on the key exchange algorithms supported by gnutls. + * @session: is a #gnutls_session_t structure. + * @list: is a 0 terminated list of gnutls_kx_algorithm_t elements. + * + * Sets the priority on the key exchange algorithms supported by + * gnutls. Priority is higher for elements specified before others. + * After specifying the algorithms you want, you must append a 0. + * Note that the priority is set on the client. The server does not + * use the algorithm's priority except for disabling algorithms that + * were not specified. + * + * Returns: %GNUTLS_E_SUCCESS on success, or an error code. + **/ int gnutls_kx_set_priority (gnutls_session_t session, const int *list) { @@ -110,19 +109,19 @@ gnutls_kx_set_priority (gnutls_session_t session, const int *list) } /** - * gnutls_mac_set_priority - Sets the priority on the mac algorithms supported by gnutls. - * @session: is a #gnutls_session_t structure. - * @list: is a 0 terminated list of gnutls_mac_algorithm_t elements. - * - * Sets the priority on the mac algorithms supported by gnutls. - * Priority is higher for elements specified before others. - * After specifying the algorithms you want, you must append a 0. - * Note that the priority is set on the client. The server does - * not use the algorithm's priority except for disabling - * algorithms that were not specified. - * - * Returns: %GNUTLS_E_SUCCESS on success, or an error code. - **/ + * gnutls_mac_set_priority - Sets the priority on the mac algorithms supported by gnutls. + * @session: is a #gnutls_session_t structure. + * @list: is a 0 terminated list of gnutls_mac_algorithm_t elements. + * + * Sets the priority on the mac algorithms supported by gnutls. + * Priority is higher for elements specified before others. After + * specifying the algorithms you want, you must append a 0. Note + * that the priority is set on the client. The server does not use + * the algorithm's priority except for disabling algorithms that were + * not specified. + * + * Returns: %GNUTLS_E_SUCCESS on success, or an error code. + **/ int gnutls_mac_set_priority (gnutls_session_t session, const int *list) { @@ -130,23 +129,23 @@ gnutls_mac_set_priority (gnutls_session_t session, const int *list) } /** - * gnutls_compression_set_priority - Sets the priority on the compression algorithms supported by gnutls. - * @session: is a #gnutls_session_t structure. - * @list: is a 0 terminated list of gnutls_compression_method_t elements. - * - * Sets the priority on the compression algorithms supported by gnutls. - * Priority is higher for elements specified before others. - * After specifying the algorithms you want, you must append a 0. - * Note that the priority is set on the client. The server does - * not use the algorithm's priority except for disabling - * algorithms that were not specified. - * - * TLS 1.0 does not define any compression algorithms except - * NULL. Other compression algorithms are to be considered - * as gnutls extensions. - * - * Returns: %GNUTLS_E_SUCCESS on success, or an error code. - **/ + * gnutls_compression_set_priority - Sets the priority on the compression algorithms supported by gnutls. + * @session: is a #gnutls_session_t structure. + * @list: is a 0 terminated list of gnutls_compression_method_t elements. + * + * Sets the priority on the compression algorithms supported by + * gnutls. Priority is higher for elements specified before others. + * After specifying the algorithms you want, you must append a 0. + * Note that the priority is set on the client. The server does not + * use the algorithm's priority except for disabling algorithms that + * were not specified. + * + * TLS 1.0 does not define any compression algorithms except + * NULL. Other compression algorithms are to be considered as gnutls + * extensions. + * + * Returns: %GNUTLS_E_SUCCESS on success, or an error code. + **/ int gnutls_compression_set_priority (gnutls_session_t session, const int *list) { @@ -154,16 +153,16 @@ gnutls_compression_set_priority (gnutls_session_t session, const int *list) } /** - * gnutls_protocol_set_priority - Sets the priority on the protocol versions supported by gnutls. - * @session: is a #gnutls_session_t structure. - * @list: is a 0 terminated list of gnutls_protocol_t elements. - * - * Sets the priority on the protocol versions supported by gnutls. - * This function actually enables or disables protocols. Newer protocol - * versions always have highest priority. - * - * Returns: %GNUTLS_E_SUCCESS on success, or an error code. - **/ + * gnutls_protocol_set_priority - Sets the priority on the protocol versions supported by gnutls. + * @session: is a #gnutls_session_t structure. + * @list: is a 0 terminated list of gnutls_protocol_t elements. + * + * Sets the priority on the protocol versions supported by gnutls. + * This function actually enables or disables protocols. Newer protocol + * versions always have highest priority. + * + * Returns: %GNUTLS_E_SUCCESS on success, or an error code. + **/ int gnutls_protocol_set_priority (gnutls_session_t session, const int *list) { @@ -181,19 +180,19 @@ gnutls_protocol_set_priority (gnutls_session_t session, const int *list) } /** - * gnutls_certificate_type_set_priority - Sets the priority on the certificate types supported by gnutls. - * @session: is a #gnutls_session_t structure. - * @list: is a 0 terminated list of gnutls_certificate_type_t elements. - * - * Sets the priority on the certificate types supported by gnutls. - * Priority is higher for elements specified before others. - * After specifying the types you want, you must append a 0. - * Note that the certificate type priority is set on the client. - * The server does not use the cert type priority except for disabling - * types that were not specified. - * - * Returns: %GNUTLS_E_SUCCESS on success, or an error code. - **/ + * gnutls_certificate_type_set_priority - Sets the priority on the certificate types supported by gnutls. + * @session: is a #gnutls_session_t structure. + * @list: is a 0 terminated list of gnutls_certificate_type_t elements. + * + * Sets the priority on the certificate types supported by gnutls. + * Priority is higher for elements specified before others. + * After specifying the types you want, you must append a 0. + * Note that the certificate type priority is set on the client. + * The server does not use the cert type priority except for disabling + * types that were not specified. + * + * Returns: %GNUTLS_E_SUCCESS on success, or an error code. + **/ int gnutls_certificate_type_set_priority (gnutls_session_t session, const int *list) diff --git a/lib/gnutls_psk.c b/lib/gnutls_psk.c index 471def5c5b..f98352d1c7 100644 --- a/lib/gnutls_psk.c +++ b/lib/gnutls_psk.c @@ -39,12 +39,12 @@ #include "debug.h" /** - * gnutls_psk_free_client_credentials - Used to free an allocated gnutls_psk_client_credentials_t structure - * @sc: is a #gnutls_psk_client_credentials_t structure. - * - * This structure is complex enough to manipulate directly thus this - * helper function is provided in order to free (deallocate) it. - **/ + * gnutls_psk_free_client_credentials - Used to free an allocated gnutls_psk_client_credentials_t structure + * @sc: is a #gnutls_psk_client_credentials_t structure. + * + * This structure is complex enough to manipulate directly thus this + * helper function is provided in order to free (deallocate) it. + **/ void gnutls_psk_free_client_credentials (gnutls_psk_client_credentials_t sc) { @@ -54,14 +54,14 @@ gnutls_psk_free_client_credentials (gnutls_psk_client_credentials_t sc) } /** - * gnutls_psk_allocate_client_credentials - Used to allocate an gnutls_psk_server_credentials_t structure - * @sc: is a pointer to a #gnutls_psk_server_credentials_t structure. - * - * This structure is complex enough to manipulate directly thus this - * helper function is provided in order to allocate it. - * - * Returns: %GNUTLS_E_SUCCESS on success, or an error code. - **/ + * gnutls_psk_allocate_client_credentials - Used to allocate an gnutls_psk_server_credentials_t structure + * @sc: is a pointer to a #gnutls_psk_server_credentials_t structure. + * + * This structure is complex enough to manipulate directly thus this + * helper function is provided in order to allocate it. + * + * Returns: %GNUTLS_E_SUCCESS on success, or an error code. + **/ int gnutls_psk_allocate_client_credentials (gnutls_psk_client_credentials_t * sc) { @@ -74,22 +74,22 @@ gnutls_psk_allocate_client_credentials (gnutls_psk_client_credentials_t * sc) } /** - * gnutls_psk_set_client_credentials - Used to set the username/password, in a gnutls_psk_client_credentials_t structure - * @res: is a #gnutls_psk_client_credentials_t structure. - * @username: is the user's zero-terminated userid - * @key: is the user's key - * @format: indicate the format of the key, either - * %GNUTLS_PSK_KEY_RAW or %GNUTLS_PSK_KEY_HEX. - * - * This function sets the username and password, in a - * gnutls_psk_client_credentials_t structure. Those will be used in - * PSK authentication. @username should be an ASCII string or UTF-8 - * strings prepared using the "SASLprep" profile of "stringprep". - * The key can be either in raw byte format or in Hex format (without - * the 0x prefix). - * - * Returns: %GNUTLS_E_SUCCESS on success, or an error code. - **/ + * gnutls_psk_set_client_credentials - Used to set the username/password, in a gnutls_psk_client_credentials_t structure + * @res: is a #gnutls_psk_client_credentials_t structure. + * @username: is the user's zero-terminated userid + * @key: is the user's key + * @format: indicate the format of the key, either + * %GNUTLS_PSK_KEY_RAW or %GNUTLS_PSK_KEY_HEX. + * + * This function sets the username and password, in a + * gnutls_psk_client_credentials_t structure. Those will be used in + * PSK authentication. @username should be an ASCII string or UTF-8 + * strings prepared using the "SASLprep" profile of "stringprep". The + * key can be either in raw byte format or in Hex format (without the + * 0x prefix). + * + * Returns: %GNUTLS_E_SUCCESS on success, or an error code. + **/ int gnutls_psk_set_client_credentials (gnutls_psk_client_credentials_t res, const char *username, @@ -364,19 +364,19 @@ gnutls_psk_client_get_hint (gnutls_session_t session) } /** - * gnutls_hex_decode - decode hex encoded data - * @hex_data: contain the encoded data - * @result: the place where decoded data will be copied - * @result_size: holds the size of the result - * - * This function will decode the given encoded data, using the hex encoding - * used by PSK password files. - * - * Note that hex_data should be null terminated. - * - * Returns: %GNUTLS_E_SHORT_MEMORY_BUFFER if the buffer given is not - * long enough, or 0 on success. - **/ + * gnutls_hex_decode - decode hex encoded data + * @hex_data: contain the encoded data + * @result: the place where decoded data will be copied + * @result_size: holds the size of the result + * + * This function will decode the given encoded data, using the hex + * encoding used by PSK password files. + * + * Note that hex_data should be null terminated. + * + * Returns: %GNUTLS_E_SHORT_MEMORY_BUFFER if the buffer given is not + * long enough, or 0 on success. + **/ int gnutls_hex_decode (const gnutls_datum_t * hex_data, char *result, size_t * result_size) @@ -393,17 +393,17 @@ gnutls_hex_decode (const gnutls_datum_t * hex_data, char *result, } /** - * gnutls_hex_encode - convert raw data to hex encoded - * @data: contain the raw data - * @result: the place where hex data will be copied - * @result_size: holds the size of the result - * - * This function will convert the given data to printable data, using - * the hex encoding, as used in the PSK password files. - * - * Returns: %GNUTLS_E_SHORT_MEMORY_BUFFER if the buffer given is not - * long enough, or 0 on success. - **/ + * gnutls_hex_encode - convert raw data to hex encoded + * @data: contain the raw data + * @result: the place where hex data will be copied + * @result_size: holds the size of the result + * + * This function will convert the given data to printable data, using + * the hex encoding, as used in the PSK password files. + * + * Returns: %GNUTLS_E_SHORT_MEMORY_BUFFER if the buffer given is not + * long enough, or 0 on success. + **/ int gnutls_hex_encode (const gnutls_datum_t * data, char *result, size_t * result_size) @@ -423,14 +423,14 @@ gnutls_hex_encode (const gnutls_datum_t * data, char *result, } /** - * gnutls_psk_set_server_dh_params - set the DH parameters for a server to use - * @res: is a gnutls_psk_server_credentials_t structure - * @dh_params: is a structure that holds Diffie-Hellman parameters. - * - * This function will set the Diffie-Hellman parameters for an - * anonymous server to use. These parameters will be used in - * Diffie-Hellman exchange with PSK cipher suites. - **/ + * gnutls_psk_set_server_dh_params - set the DH parameters for a server to use + * @res: is a gnutls_psk_server_credentials_t structure + * @dh_params: is a structure that holds Diffie-Hellman parameters. + * + * This function will set the Diffie-Hellman parameters for an + * anonymous server to use. These parameters will be used in + * Diffie-Hellman exchange with PSK cipher suites. + **/ void gnutls_psk_set_server_dh_params (gnutls_psk_server_credentials_t res, gnutls_dh_params_t dh_params) diff --git a/lib/gnutls_record.c b/lib/gnutls_record.c index 6b8736df8c..c90d316434 100644 --- a/lib/gnutls_record.c +++ b/lib/gnutls_record.c @@ -67,17 +67,17 @@ _gnutls_set_current_version (gnutls_session_t session, } /** - * gnutls_transport_set_lowat - Used to set the lowat value in order for select to check for pending data. - * @session: is a #gnutls_session_t structure. - * @num: is the low water value. - * - * Used to set the lowat value in order for select to check if there - * are pending data to socket buffer. Used only if you have changed - * the default low water value (default is 1). Normally you will not - * need that function. This function is only useful if using - * berkeley style sockets. Otherwise it must be called and set lowat - * to zero. - **/ + * gnutls_transport_set_lowat - Used to set the lowat value in order for select to check for pending data. + * @session: is a #gnutls_session_t structure. + * @num: is the low water value. + * + * Used to set the lowat value in order for select to check if there + * are pending data to socket buffer. Used only if you have changed + * the default low water value (default is 1). Normally you will not + * need that function. This function is only useful if using + * berkeley style sockets. Otherwise it must be called and set lowat + * to zero. + **/ void gnutls_transport_set_lowat (gnutls_session_t session, int num) { @@ -85,17 +85,17 @@ gnutls_transport_set_lowat (gnutls_session_t session, int num) } /** - * gnutls_record_disable_padding - Used to disabled padding in TLS 1.0 and above - * @session: is a #gnutls_session_t structure. - * - * Used to disabled padding in TLS 1.0 and above. Normally you do - * not need to use this function, but there are buggy clients that - * complain if a server pads the encrypted data. This of course will - * disable protection against statistical attacks on the data. - * - * Normally only servers that require maximum compatibility with everything - * out there, need to call this function. - **/ + * gnutls_record_disable_padding - Used to disabled padding in TLS 1.0 and above + * @session: is a #gnutls_session_t structure. + * + * Used to disabled padding in TLS 1.0 and above. Normally you do not + * need to use this function, but there are buggy clients that + * complain if a server pads the encrypted data. This of course will + * disable protection against statistical attacks on the data. + * + * Normally only servers that require maximum compatibility with everything + * out there, need to call this function. + **/ void gnutls_record_disable_padding (gnutls_session_t session) { @@ -103,14 +103,14 @@ gnutls_record_disable_padding (gnutls_session_t session) } /** - * gnutls_transport_set_ptr - Used to set first argument of the transport functions - * @session: is a #gnutls_session_t structure. - * @ptr: is the value. - * - * Used to set the first argument of the transport function (like - * PUSH and PULL). In berkeley style sockets this function will set - * the connection handle. - **/ + * gnutls_transport_set_ptr - Used to set first argument of the transport functions + * @session: is a #gnutls_session_t structure. + * @ptr: is the value. + * + * Used to set the first argument of the transport function (like PUSH + * and PULL). In berkeley style sockets this function will set the + * connection handle. + **/ void gnutls_transport_set_ptr (gnutls_session_t session, gnutls_transport_ptr_t ptr) @@ -119,18 +119,17 @@ gnutls_transport_set_ptr (gnutls_session_t session, session->internals.transport_send_ptr = ptr; } - /** - * gnutls_transport_set_ptr2 - Used to set first argument of the transport functions - * @session: is a #gnutls_session_t structure. - * @recv_ptr: is the value for the pull function - * @send_ptr: is the value for the push function - * - * Used to set the first argument of the transport function (like - * PUSH and PULL). In berkeley style sockets this function will set - * the connection handle. With this function you can use two - * different pointers for receiving and sending. - **/ + * gnutls_transport_set_ptr2 - Used to set first argument of the transport functions + * @session: is a #gnutls_session_t structure. + * @recv_ptr: is the value for the pull function + * @send_ptr: is the value for the push function + * + * Used to set the first argument of the transport function (like PUSH + * and PULL). In berkeley style sockets this function will set the + * connection handle. With this function you can use two different + * pointers for receiving and sending. + **/ void gnutls_transport_set_ptr2 (gnutls_session_t session, gnutls_transport_ptr_t recv_ptr, @@ -141,15 +140,15 @@ gnutls_transport_set_ptr2 (gnutls_session_t session, } /** - * gnutls_transport_get_ptr - Used to return the first argument of the transport functions - * @session: is a #gnutls_session_t structure. - * - * Used to get the first argument of the transport function (like - * PUSH and PULL). This must have been set using - * gnutls_transport_set_ptr(). - * - * Returns: first argument of the transport function. - **/ + * gnutls_transport_get_ptr - Used to return the first argument of the transport functions + * @session: is a #gnutls_session_t structure. + * + * Used to get the first argument of the transport function (like + * PUSH and PULL). This must have been set using + * gnutls_transport_set_ptr(). + * + * Returns: first argument of the transport function. + **/ gnutls_transport_ptr_t gnutls_transport_get_ptr (gnutls_session_t session) { @@ -157,15 +156,15 @@ gnutls_transport_get_ptr (gnutls_session_t session) } /** - * gnutls_transport_get_ptr2 - Used to return the first argument of the transport functions - * @session: is a #gnutls_session_t structure. - * @recv_ptr: will hold the value for the pull function - * @send_ptr: will hold the value for the push function - * - * Used to get the arguments of the transport functions (like PUSH - * and PULL). These should have been set using - * gnutls_transport_set_ptr2(). - **/ + * gnutls_transport_get_ptr2 - Used to return the first argument of the transport functions + * @session: is a #gnutls_session_t structure. + * @recv_ptr: will hold the value for the pull function + * @send_ptr: will hold the value for the push function + * + * Used to get the arguments of the transport functions (like PUSH + * and PULL). These should have been set using + * gnutls_transport_set_ptr2(). + **/ void gnutls_transport_get_ptr2 (gnutls_session_t session, gnutls_transport_ptr_t * recv_ptr, @@ -177,38 +176,38 @@ gnutls_transport_get_ptr2 (gnutls_session_t session, } /** - * gnutls_bye - terminate the current TLS/SSL connection. - * @session: is a #gnutls_session_t structure. - * @how: is an integer - * - * Terminates the current TLS/SSL connection. The connection should - * have been initiated using gnutls_handshake(). @how should be one - * of %GNUTLS_SHUT_RDWR, %GNUTLS_SHUT_WR. - * - * In case of %GNUTLS_SHUT_RDWR then the TLS connection gets - * terminated and further receives and sends will be disallowed. If - * the return value is zero you may continue using the connection. - * %GNUTLS_SHUT_RDWR actually sends an alert containing a close - * request and waits for the peer to reply with the same message. - * - * In case of %GNUTLS_SHUT_WR then the TLS connection gets terminated - * and further sends will be disallowed. In order to reuse the - * connection you should wait for an EOF from the peer. - * %GNUTLS_SHUT_WR sends an alert containing a close request. - * - * Note that not all implementations will properly terminate a TLS - * connection. Some of them, usually for performance reasons, will - * terminate only the underlying transport layer, thus causing a - * transmission error to the peer. This error cannot be - * distinguished from a malicious party prematurely terminating the - * session, thus this behavior is not recommended. - * - * This function may also return %GNUTLS_E_AGAIN or - * %GNUTLS_E_INTERRUPTED; cf. gnutls_record_get_direction(). - * - * Returns: %GNUTLS_E_SUCCESS on success, or an error code, see - * function documentation for entire semantics. - **/ + * gnutls_bye - terminate the current TLS/SSL connection. + * @session: is a #gnutls_session_t structure. + * @how: is an integer + * + * Terminates the current TLS/SSL connection. The connection should + * have been initiated using gnutls_handshake(). @how should be one + * of %GNUTLS_SHUT_RDWR, %GNUTLS_SHUT_WR. + * + * In case of %GNUTLS_SHUT_RDWR then the TLS connection gets + * terminated and further receives and sends will be disallowed. If + * the return value is zero you may continue using the connection. + * %GNUTLS_SHUT_RDWR actually sends an alert containing a close + * request and waits for the peer to reply with the same message. + * + * In case of %GNUTLS_SHUT_WR then the TLS connection gets terminated + * and further sends will be disallowed. In order to reuse the + * connection you should wait for an EOF from the peer. + * %GNUTLS_SHUT_WR sends an alert containing a close request. + * + * Note that not all implementations will properly terminate a TLS + * connection. Some of them, usually for performance reasons, will + * terminate only the underlying transport layer, thus causing a + * transmission error to the peer. This error cannot be + * distinguished from a malicious party prematurely terminating the + * session, thus this behavior is not recommended. + * + * This function may also return %GNUTLS_E_AGAIN or + * %GNUTLS_E_INTERRUPTED; cf. gnutls_record_get_direction(). + * + * Returns: %GNUTLS_E_SUCCESS on success, or an error code, see + * function documentation for entire semantics. + **/ int gnutls_bye (gnutls_session_t session, gnutls_close_request_t how) { @@ -1109,32 +1108,32 @@ begin: /** - * gnutls_record_send - sends to the peer the specified data - * @session: is a #gnutls_session_t structure. - * @data: contains the data to send - * @sizeofdata: is the length of the data - * - * This function has the similar semantics with send(). The only - * difference is that it accepts a GnuTLS session, and uses different - * error codes. - * - * Note that if the send buffer is full, send() will block this - * function. See the send() documentation for full information. You - * can replace the default push function by using - * gnutls_transport_set_ptr2() with a call to send() with a - * MSG_DONTWAIT flag if blocking is a problem. - * - * If the EINTR is returned by the internal push function (the - * default is send()} then %GNUTLS_E_INTERRUPTED will be returned. If - * %GNUTLS_E_INTERRUPTED or %GNUTLS_E_AGAIN is returned, you must - * call this function again, with the same parameters; alternatively - * you could provide a %NULL pointer for data, and 0 for - * size. cf. gnutls_record_get_direction(). - * - * Returns: the number of bytes sent, or a negative error code. The - * number of bytes sent might be less than @sizeofdata. The maximum - * number of bytes this function can send in a single call depends on - * the negotiated maximum record size. + * gnutls_record_send - sends to the peer the specified data + * @session: is a #gnutls_session_t structure. + * @data: contains the data to send + * @sizeofdata: is the length of the data + * + * This function has the similar semantics with send(). The only + * difference is that it accepts a GnuTLS session, and uses different + * error codes. + * + * Note that if the send buffer is full, send() will block this + * function. See the send() documentation for full information. You + * can replace the default push function by using + * gnutls_transport_set_ptr2() with a call to send() with a + * MSG_DONTWAIT flag if blocking is a problem. + * + * If the EINTR is returned by the internal push function (the + * default is send()} then %GNUTLS_E_INTERRUPTED will be returned. If + * %GNUTLS_E_INTERRUPTED or %GNUTLS_E_AGAIN is returned, you must + * call this function again, with the same parameters; alternatively + * you could provide a %NULL pointer for data, and 0 for + * size. cf. gnutls_record_get_direction(). + * + * Returns: the number of bytes sent, or a negative error code. The + * number of bytes sent might be less than @sizeofdata. The maximum + * number of bytes this function can send in a single call depends + * on the negotiated maximum record size. **/ ssize_t gnutls_record_send (gnutls_session_t session, const void *data, @@ -1145,35 +1144,35 @@ gnutls_record_send (gnutls_session_t session, const void *data, } /** - * gnutls_record_recv - reads data from the TLS record protocol - * @session: is a #gnutls_session_t structure. - * @data: the buffer that the data will be read into - * @sizeofdata: the number of requested bytes - * - * This function has the similar semantics with recv(). The only - * difference is that it accepts a GnuTLS session, and uses different - * error codes. - * - * In the special case that a server requests a renegotiation, the - * client may receive an error code of %GNUTLS_E_REHANDSHAKE. This - * message may be simply ignored, replied with an alert - * %GNUTLS_A_NO_RENEGOTIATION, or replied with a new handshake, - * depending on the client's will. - * - * If %EINTR is returned by the internal push function (the default - * is recv()) then %GNUTLS_E_INTERRUPTED will be returned. If - * %GNUTLS_E_INTERRUPTED or %GNUTLS_E_AGAIN is returned, you must - * call this function again to get the data. See also - * gnutls_record_get_direction(). - * - * A server may also receive %GNUTLS_E_REHANDSHAKE when a client has - * initiated a handshake. In that case the server can only initiate a - * handshake or terminate the connection. - * - * Returns: the number of bytes received and zero on EOF. A negative - * error code is returned in case of an error. The number of bytes - * received might be less than @sizeofdata. - **/ + * gnutls_record_recv - reads data from the TLS record protocol + * @session: is a #gnutls_session_t structure. + * @data: the buffer that the data will be read into + * @sizeofdata: the number of requested bytes + * + * This function has the similar semantics with recv(). The only + * difference is that it accepts a GnuTLS session, and uses different + * error codes. + * + * In the special case that a server requests a renegotiation, the + * client may receive an error code of %GNUTLS_E_REHANDSHAKE. This + * message may be simply ignored, replied with an alert + * %GNUTLS_A_NO_RENEGOTIATION, or replied with a new handshake, + * depending on the client's will. + * + * If %EINTR is returned by the internal push function (the default + * is recv()) then %GNUTLS_E_INTERRUPTED will be returned. If + * %GNUTLS_E_INTERRUPTED or %GNUTLS_E_AGAIN is returned, you must + * call this function again to get the data. See also + * gnutls_record_get_direction(). + * + * A server may also receive %GNUTLS_E_REHANDSHAKE when a client has + * initiated a handshake. In that case the server can only initiate a + * handshake or terminate the connection. + * + * Returns: the number of bytes received and zero on EOF. A negative + * error code is returned in case of an error. The number of bytes + * received might be less than @sizeofdata. + **/ ssize_t gnutls_record_recv (gnutls_session_t session, void *data, size_t sizeofdata) { @@ -1182,14 +1181,14 @@ gnutls_record_recv (gnutls_session_t session, void *data, size_t sizeofdata) } /** - * gnutls_record_get_max_size - returns the maximum record size - * @session: is a #gnutls_session_t structure. - * - * Get the record size. The maximum record size is negotiated by the - * client after the first handshake message. - * - * Returns: The maximum record packet size in this connection. - **/ + * gnutls_record_get_max_size - returns the maximum record size + * @session: is a #gnutls_session_t structure. + * + * Get the record size. The maximum record size is negotiated by the + * client after the first handshake message. + * + * Returns: The maximum record packet size in this connection. + **/ size_t gnutls_record_get_max_size (gnutls_session_t session) { diff --git a/lib/gnutls_session.c b/lib/gnutls_session.c index b4ef604670..1ef3b2b045 100644 --- a/lib/gnutls_session.c +++ b/lib/gnutls_session.c @@ -29,23 +29,23 @@ #include <gnutls_datum.h> /** - * gnutls_session_get_data - Returns all session parameters. - * @session: is a #gnutls_session_t structure. - * @session_data: is a pointer to space to hold the session. - * @session_data_size: is the session_data's size, or it will be set by the function. - * - * Returns all session parameters, in order to support resuming. The - * client should call this, and keep the returned session, if he - * wants to resume that current version later by calling - * gnutls_session_set_data() This function must be called after a - * successful handshake. - * - * Resuming sessions is really useful and speedups connections after - * a successful one. - * - * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise - * an error code is returned. - **/ + * gnutls_session_get_data - Returns all session parameters. + * @session: is a #gnutls_session_t structure. + * @session_data: is a pointer to space to hold the session. + * @session_data_size: is the session_data's size, or it will be set by the function. + * + * Returns all session parameters, in order to support resuming. The + * client should call this, and keep the returned session, if he + * wants to resume that current version later by calling + * gnutls_session_set_data() This function must be called after a + * successful handshake. + * + * Resuming sessions is really useful and speedups connections after + * a successful one. + * + * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise + * an error code is returned. + **/ int gnutls_session_get_data (gnutls_session_t session, void *session_data, size_t * session_data_size) @@ -127,23 +127,23 @@ gnutls_session_get_data2 (gnutls_session_t session, gnutls_datum_t * data) /** - * gnutls_session_get_id - Returns session id. - * @session: is a #gnutls_session_t structure. - * @session_id: is a pointer to space to hold the session id. - * @session_id_size: is the session id's size, or it will be set by the function. - * - * Returns the current session id. This can be used if you want to - * check if the next session you tried to resume was actually - * resumed. This is because resumed sessions have the same sessionID - * with the original session. - * - * Session id is some data set by the server, that identify the - * current session. In TLS 1.0 and SSL 3.0 session id is always less - * than 32 bytes. - * - * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise - * an error code is returned. - **/ + * gnutls_session_get_id - Returns session id. + * @session: is a #gnutls_session_t structure. + * @session_id: is a pointer to space to hold the session id. + * @session_id_size: is the session id's size, or it will be set by the function. + * + * Returns the current session id. This can be used if you want to + * check if the next session you tried to resume was actually + * resumed. This is because resumed sessions have the same sessionID + * with the original session. + * + * Session id is some data set by the server, that identify the + * current session. In TLS 1.0 and SSL 3.0 session id is always less + * than 32 bytes. + * + * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise + * an error code is returned. + **/ int gnutls_session_get_id (gnutls_session_t session, void *session_id, size_t * session_id_size) @@ -170,23 +170,23 @@ gnutls_session_get_id (gnutls_session_t session, } /** - * gnutls_session_set_data - Sets all session parameters - * @session: is a #gnutls_session_t structure. - * @session_data: is a pointer to space to hold the session. - * @session_data_size: is the session's size - * - * Sets all session parameters, in order to resume a previously - * established session. The session data given must be the one - * returned by gnutls_session_get_data(). This function should be - * called before gnutls_handshake(). - * - * Keep in mind that session resuming is advisory. The server may - * choose not to resume the session, thus a full handshake will be - * performed. - * - * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise - * an error code is returned. - **/ + * gnutls_session_set_data - Sets all session parameters + * @session: is a #gnutls_session_t structure. + * @session_data: is a pointer to space to hold the session. + * @session_data_size: is the session's size + * + * Sets all session parameters, in order to resume a previously + * established session. The session data given must be the one + * returned by gnutls_session_get_data(). This function should be + * called before gnutls_handshake(). + * + * Keep in mind that session resuming is advisory. The server may + * choose not to resume the session, thus a full handshake will be + * performed. + * + * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise + * an error code is returned. + **/ int gnutls_session_set_data (gnutls_session_t session, const void *session_data, size_t session_data_size) diff --git a/lib/gnutls_srp.c b/lib/gnutls_srp.c index aababc41ba..f404e7f88f 100644 --- a/lib/gnutls_srp.c +++ b/lib/gnutls_srp.c @@ -391,13 +391,12 @@ freeall: } /** - * gnutls_srp_free_client_credentials - Used to free an allocated gnutls_srp_client_credentials_t structure - * @sc: is a #gnutls_srp_client_credentials_t structure. - * - * This structure is complex enough to manipulate directly thus - * this helper function is provided in order to free (deallocate) it. - * - **/ + * gnutls_srp_free_client_credentials - Used to free an allocated gnutls_srp_client_credentials_t structure + * @sc: is a #gnutls_srp_client_credentials_t structure. + * + * This structure is complex enough to manipulate directly thus + * this helper function is provided in order to free (deallocate) it. + **/ void gnutls_srp_free_client_credentials (gnutls_srp_client_credentials_t sc) { @@ -407,15 +406,15 @@ gnutls_srp_free_client_credentials (gnutls_srp_client_credentials_t sc) } /** - * gnutls_srp_allocate_client_credentials - Used to allocate an gnutls_srp_server_credentials_t structure - * @sc: is a pointer to a #gnutls_srp_server_credentials_t structure. - * - * This structure is complex enough to manipulate directly thus - * this helper function is provided in order to allocate it. - * - * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, or an - * error code. - **/ + * gnutls_srp_allocate_client_credentials - Used to allocate an gnutls_srp_server_credentials_t structure + * @sc: is a pointer to a #gnutls_srp_server_credentials_t structure. + * + * This structure is complex enough to manipulate directly thus + * this helper function is provided in order to allocate it. + * + * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, or an + * error code. + **/ int gnutls_srp_allocate_client_credentials (gnutls_srp_client_credentials_t * sc) { @@ -428,20 +427,20 @@ gnutls_srp_allocate_client_credentials (gnutls_srp_client_credentials_t * sc) } /** - * gnutls_srp_set_client_credentials - Used to set the username/password, in a gnutls_srp_client_credentials_t structure - * @res: is a #gnutls_srp_client_credentials_t structure. - * @username: is the user's userid - * @password: is the user's password - * - * This function sets the username and password, in a - * #gnutls_srp_client_credentials_t structure. Those will be used in - * SRP authentication. @username and @password should be ASCII - * strings or UTF-8 strings prepared using the "SASLprep" profile of - * "stringprep". - * - * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, or an - * error code. - **/ + * gnutls_srp_set_client_credentials - Used to set the username/password, in a gnutls_srp_client_credentials_t structure + * @res: is a #gnutls_srp_client_credentials_t structure. + * @username: is the user's userid + * @password: is the user's password + * + * This function sets the username and password, in a + * #gnutls_srp_client_credentials_t structure. Those will be used in + * SRP authentication. @username and @password should be ASCII + * strings or UTF-8 strings prepared using the "SASLprep" profile of + * "stringprep". + * + * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, or an + * error code. + **/ int gnutls_srp_set_client_credentials (gnutls_srp_client_credentials_t res, const char *username, const char *password) @@ -468,13 +467,12 @@ gnutls_srp_set_client_credentials (gnutls_srp_client_credentials_t res, } /** - * gnutls_srp_free_server_credentials - Used to free an allocated gnutls_srp_server_credentials_t structure - * @sc: is a #gnutls_srp_server_credentials_t structure. - * - * This structure is complex enough to manipulate directly thus - * this helper function is provided in order to free (deallocate) it. - * - **/ + * gnutls_srp_free_server_credentials - Used to free an allocated gnutls_srp_server_credentials_t structure + * @sc: is a #gnutls_srp_server_credentials_t structure. + * + * This structure is complex enough to manipulate directly thus + * this helper function is provided in order to free (deallocate) it. + **/ void gnutls_srp_free_server_credentials (gnutls_srp_server_credentials_t sc) { @@ -485,15 +483,15 @@ gnutls_srp_free_server_credentials (gnutls_srp_server_credentials_t sc) } /** - * gnutls_srp_allocate_server_credentials - Used to allocate an gnutls_srp_server_credentials_t structure - * @sc: is a pointer to a #gnutls_srp_server_credentials_t structure. - * - * This structure is complex enough to manipulate directly thus this - * helper function is provided in order to allocate it. - * - * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, or an - * error code. - **/ + * gnutls_srp_allocate_server_credentials - Used to allocate an gnutls_srp_server_credentials_t structure + * @sc: is a pointer to a #gnutls_srp_server_credentials_t structure. + * + * This structure is complex enough to manipulate directly thus this + * helper function is provided in order to allocate it. + * + * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, or an + * error code. + **/ int gnutls_srp_allocate_server_credentials (gnutls_srp_server_credentials_t * sc) { @@ -506,19 +504,19 @@ gnutls_srp_allocate_server_credentials (gnutls_srp_server_credentials_t * sc) } /** - * gnutls_srp_set_server_credentials_file - Used to set the password files, in a gnutls_srp_server_credentials_t structure - * @res: is a #gnutls_srp_server_credentials_t structure. - * @password_file: is the SRP password file (tpasswd) - * @password_conf_file: is the SRP password conf file (tpasswd.conf) - * - * This function sets the password files, in a - * #gnutls_srp_server_credentials_t structure. Those password files - * hold usernames and verifiers and will be used for SRP - * authentication. - * - * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, or an - * error code. - **/ + * gnutls_srp_set_server_credentials_file - Used to set the password files, in a gnutls_srp_server_credentials_t structure + * @res: is a #gnutls_srp_server_credentials_t structure. + * @password_file: is the SRP password file (tpasswd) + * @password_conf_file: is the SRP password conf file (tpasswd.conf) + * + * This function sets the password files, in a + * #gnutls_srp_server_credentials_t structure. Those password files + * hold usernames and verifiers and will be used for SRP + * authentication. + * + * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, or an + * error code. + **/ int gnutls_srp_set_server_credentials_file (gnutls_srp_server_credentials_t res, const char *password_file, @@ -565,34 +563,34 @@ gnutls_srp_set_server_credentials_file (gnutls_srp_server_credentials_t res, /** - * gnutls_srp_set_server_credentials_function - Used to set a callback to retrieve the user's SRP credentials - * @cred: is a #gnutls_srp_server_credentials_t structure. - * @func: is the callback function - * - * This function can be used to set a callback to retrieve the user's SRP credentials. - * The callback's function form is: - * int (*callback)(gnutls_session_t, const char* username, - * gnutls_datum_t* salt, gnutls_datum_t *verifier, gnutls_datum_t* g, - * gnutls_datum_t* n); - * - * @username contains the actual username. - * The @salt, @verifier, @generator and @prime must be filled - * in using the gnutls_malloc(). For convenience @prime and @generator - * may also be one of the static parameters defined in extra.h. - * - * In case the callback returned a negative number then gnutls will - * assume that the username does not exist. - * - * In order to prevent attackers from guessing valid usernames, - * if a user does not exist, g and n values should be filled in - * using a random user's parameters. In that case the callback must - * return the special value (1). - * - * The callback function will only be called once per handshake. - * The callback function should return 0 on success, while - * -1 indicates an error. - * - **/ + * gnutls_srp_set_server_credentials_function - Used to set a callback to retrieve the user's SRP credentials + * @cred: is a #gnutls_srp_server_credentials_t structure. + * @func: is the callback function + * + * This function can be used to set a callback to retrieve the user's + * SRP credentials. The callback's function form is: + * + * int (*callback)(gnutls_session_t, const char* username, + * gnutls_datum_t* salt, gnutls_datum_t *verifier, gnutls_datum_t* g, + * gnutls_datum_t* n); + * + * @username contains the actual username. + * The @salt, @verifier, @generator and @prime must be filled + * in using the gnutls_malloc(). For convenience @prime and @generator + * may also be one of the static parameters defined in extra.h. + * + * In case the callback returned a negative number then gnutls will + * assume that the username does not exist. + * + * In order to prevent attackers from guessing valid usernames, + * if a user does not exist, g and n values should be filled in + * using a random user's parameters. In that case the callback must + * return the special value (1). + * + * The callback function will only be called once per handshake. + * The callback function should return 0 on success, while + * -1 indicates an error. + **/ void gnutls_srp_set_server_credentials_function (gnutls_srp_server_credentials_t cred, @@ -603,31 +601,30 @@ gnutls_srp_set_server_credentials_function (gnutls_srp_server_credentials_t } /** - * gnutls_srp_set_client_credentials_function - Used to set a callback to retrieve the username and password - * @cred: is a #gnutls_srp_server_credentials_t structure. - * @func: is the callback function - * - * This function can be used to set a callback to retrieve the username and - * password for client SRP authentication. - * - * The callback's function form is: - * - * int (*callback)(gnutls_session_t, char** username, char**password); - * - * The @username and @password must be allocated using - * gnutls_malloc(). @username and @password should be ASCII strings - * or UTF-8 strings prepared using the "SASLprep" profile of - * "stringprep". - * - * The callback function will be called once per handshake before the - * initial hello message is sent. - * - * The callback should not return a negative error code the second - * time called, since the handshake procedure will be aborted. - * - * The callback function should return 0 on success. - * -1 indicates an error. - **/ + * gnutls_srp_set_client_credentials_function - Used to set a callback to retrieve the username and password + * @cred: is a #gnutls_srp_server_credentials_t structure. + * @func: is the callback function + * + * This function can be used to set a callback to retrieve the + * username and password for client SRP authentication. The + * callback's function form is: + * + * int (*callback)(gnutls_session_t, char** username, char**password); + * + * The @username and @password must be allocated using + * gnutls_malloc(). @username and @password should be ASCII strings + * or UTF-8 strings prepared using the "SASLprep" profile of + * "stringprep". + * + * The callback function will be called once per handshake before the + * initial hello message is sent. + * + * The callback should not return a negative error code the second + * time called, since the handshake procedure will be aborted. + * + * The callback function should return 0 on success. + * -1 indicates an error. + **/ void gnutls_srp_set_client_credentials_function (gnutls_srp_client_credentials_t cred, @@ -639,15 +636,15 @@ gnutls_srp_set_client_credentials_function (gnutls_srp_client_credentials_t /** - * gnutls_srp_server_get_username - return the username of the peer - * @session: is a gnutls session - * - * This function will return the username of the peer. This should - * only be called in case of SRP authentication and in case of a - * server. Returns NULL in case of an error. - * - * Returns: SRP username of the peer, or NULL in case of error. - **/ + * gnutls_srp_server_get_username - return the username of the peer + * @session: is a gnutls session + * + * This function will return the username of the peer. This should + * only be called in case of SRP authentication and in case of a + * server. Returns NULL in case of an error. + * + * Returns: SRP username of the peer, or NULL in case of error. + **/ const char * gnutls_srp_server_get_username (gnutls_session_t session) { @@ -662,26 +659,26 @@ gnutls_srp_server_get_username (gnutls_session_t session) } /** - * gnutls_srp_verifier - Used to calculate an SRP verifier - * @username: is the user's name - * @password: is the user's password - * @salt: should be some randomly generated bytes - * @generator: is the generator of the group - * @prime: is the group's prime - * @res: where the verifier will be stored. - * - * This function will create an SRP verifier, as specified in - * RFC2945. The @prime and @generator should be one of the static - * parameters defined in gnutls/extra.h or may be generated using the - * libgcrypt functions gcry_prime_generate() and - * gcry_prime_group_generator(). - * - * The verifier will be allocated with @malloc and will be stored in - * @res using binary format. - * - * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, or an - * error code. - **/ + * gnutls_srp_verifier - Used to calculate an SRP verifier + * @username: is the user's name + * @password: is the user's password + * @salt: should be some randomly generated bytes + * @generator: is the generator of the group + * @prime: is the group's prime + * @res: where the verifier will be stored. + * + * This function will create an SRP verifier, as specified in + * RFC2945. The @prime and @generator should be one of the static + * parameters defined in gnutls/extra.h or may be generated using the + * libgcrypt functions gcry_prime_generate() and + * gcry_prime_group_generator(). + * + * The verifier will be allocated with @malloc and will be stored in + * @res using binary format. + * + * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, or an + * error code. + **/ int gnutls_srp_verifier (const char *username, const char *password, const gnutls_datum_t * salt, diff --git a/lib/gnutls_state.c b/lib/gnutls_state.c index 672634d7f0..26b6bde30f 100644 --- a/lib/gnutls_state.c +++ b/lib/gnutls_state.c @@ -251,19 +251,19 @@ _gnutls_handshake_internal_state_clear (gnutls_session_t session) #define MIN_DH_BITS 727 /** - * gnutls_init - initialize the session to null (null encryption etc...). - * @con_end: indicate if this session is to be used for server or client. - * @session: is a pointer to a #gnutls_session_t structure. - * - * This function initializes the current session to null. Every - * session must be initialized before use, so internal structures can - * be allocated. This function allocates structures which can only - * be free'd by calling gnutls_deinit(). Returns zero on success. - * - * @con_end can be one of %GNUTLS_CLIENT and %GNUTLS_SERVER. - * - * Returns: %GNUTLS_E_SUCCESS on success, or an error code. - **/ + * gnutls_init - initialize the session to null (null encryption etc...). + * @con_end: indicate if this session is to be used for server or client. + * @session: is a pointer to a #gnutls_session_t structure. + * + * This function initializes the current session to null. Every + * session must be initialized before use, so internal structures can + * be allocated. This function allocates structures which can only + * be free'd by calling gnutls_deinit(). Returns zero on success. + * + * @con_end can be one of %GNUTLS_CLIENT and %GNUTLS_SERVER. + * + * Returns: %GNUTLS_E_SUCCESS on success, or an error code. + **/ int gnutls_init (gnutls_session_t * session, gnutls_connection_end_t con_end) { @@ -363,13 +363,13 @@ _gnutls_session_is_resumable (gnutls_session_t session) /** - * gnutls_deinit - clear all buffers associated with a session - * @session: is a #gnutls_session_t structure. - * - * This function clears all buffers associated with the @session. - * This function will also remove session data from the session - * database if the session was terminated abnormally. - **/ + * gnutls_deinit - clear all buffers associated with a session + * @session: is a #gnutls_session_t structure. + * + * This function clears all buffers associated with the @session. + * This function will also remove session data from the session + * database if the session was terminated abnormally. + **/ void gnutls_deinit (gnutls_session_t session) { @@ -675,15 +675,15 @@ _gnutls_dh_set_group (gnutls_session_t session, bigint_t gen, bigint_t prime) #ifdef ENABLE_OPENPGP /** - * gnutls_openpgp_send_cert - order gnutls to send the openpgp fingerprint instead of the key - * @session: is a pointer to a #gnutls_session_t structure. - * @status: is one of GNUTLS_OPENPGP_CERT, or GNUTLS_OPENPGP_CERT_FINGERPRINT - * - * This function will order gnutls to send the key fingerprint - * instead of the key in the initial handshake procedure. This should - * be used with care and only when there is indication or knowledge - * that the server can obtain the client's key. - **/ + * gnutls_openpgp_send_cert - order gnutls to send the openpgp fingerprint instead of the key + * @session: is a pointer to a #gnutls_session_t structure. + * @status: is one of GNUTLS_OPENPGP_CERT, or GNUTLS_OPENPGP_CERT_FINGERPRINT + * + * This function will order gnutls to send the key fingerprint + * instead of the key in the initial handshake procedure. This should + * be used with care and only when there is indication or knowledge + * that the server can obtain the client's key. + **/ void gnutls_openpgp_send_cert (gnutls_session_t session, gnutls_openpgp_crt_status_t status) @@ -693,19 +693,19 @@ gnutls_openpgp_send_cert (gnutls_session_t session, #endif /** - * gnutls_certificate_send_x509_rdn_sequence - order gnutls to send or not the x.509 rdn sequence - * @session: is a pointer to a #gnutls_session_t structure. - * @status: is 0 or 1 - * - * If status is non zero, this function will order gnutls not to send - * the rdnSequence in the certificate request message. That is the - * server will not advertize it's trusted CAs to the peer. If status - * is zero then the default behaviour will take effect, which is to - * advertize the server's trusted CAs. - * - * This function has no effect in clients, and in authentication - * methods other than certificate with X.509 certificates. - **/ + * gnutls_certificate_send_x509_rdn_sequence - order gnutls to send or not the x.509 rdn sequence + * @session: is a pointer to a #gnutls_session_t structure. + * @status: is 0 or 1 + * + * If status is non zero, this function will order gnutls not to send + * the rdnSequence in the certificate request message. That is the + * server will not advertize it's trusted CAs to the peer. If status + * is zero then the default behaviour will take effect, which is to + * advertize the server's trusted CAs. + * + * This function has no effect in clients, and in authentication + * methods other than certificate with X.509 certificates. + **/ void gnutls_certificate_send_x509_rdn_sequence (gnutls_session_t session, int status) @@ -722,16 +722,15 @@ _gnutls_openpgp_send_fingerprint (gnutls_session_t session) #endif /*- - * _gnutls_record_set_default_version - Used to set the default version for the first record packet - * @session: is a #gnutls_session_t structure. - * @major: is a tls major version - * @minor: is a tls minor version - * - * This function sets the default version that we will use in the first - * record packet (client hello). This function is only useful to people - * that know TLS internals and want to debug other implementations. - * - -*/ + * _gnutls_record_set_default_version - Used to set the default version for the first record packet + * @session: is a #gnutls_session_t structure. + * @major: is a tls major version + * @minor: is a tls minor version + * + * This function sets the default version that we will use in the first + * record packet (client hello). This function is only useful to people + * that know TLS internals and want to debug other implementations. + -*/ void _gnutls_record_set_default_version (gnutls_session_t session, unsigned char major, unsigned char minor) @@ -741,21 +740,21 @@ _gnutls_record_set_default_version (gnutls_session_t session, } /** - * gnutls_handshake_set_private_extensions - Used to enable the private cipher suites - * @session: is a #gnutls_session_t structure. - * @allow: is an integer (0 or 1) - * - * This function will enable or disable the use of private cipher - * suites (the ones that start with 0xFF). By default or if @allow - * is 0 then these cipher suites will not be advertized nor used. - * - * Unless this function is called with the option to allow (1), then - * no compression algorithms, like LZO. That is because these - * algorithms are not yet defined in any RFC or even internet draft. - * - * Enabling the private ciphersuites when talking to other than - * gnutls servers and clients may cause interoperability problems. - **/ + * gnutls_handshake_set_private_extensions - Used to enable the private cipher suites + * @session: is a #gnutls_session_t structure. + * @allow: is an integer (0 or 1) + * + * This function will enable or disable the use of private cipher + * suites (the ones that start with 0xFF). By default or if @allow + * is 0 then these cipher suites will not be advertized nor used. + * + * Unless this function is called with the option to allow (1), then + * no compression algorithms, like LZO. That is because these + * algorithms are not yet defined in any RFC or even internet draft. + * + * Enabling the private ciphersuites when talking to other than + * gnutls servers and clients may cause interoperability problems. + **/ void gnutls_handshake_set_private_extensions (gnutls_session_t session, int allow) { @@ -1201,12 +1200,11 @@ gnutls_session_is_resumed (gnutls_session_t session) } /*- - * _gnutls_session_is_export - Used to check whether this session is of export grade - * @session: is a #gnutls_session_t structure. - * - * This function will return non zero if this session is of export grade. - * - -*/ + * _gnutls_session_is_export - Used to check whether this session is of export grade + * @session: is a #gnutls_session_t structure. + * + * This function will return non zero if this session is of export grade. + -*/ int _gnutls_session_is_export (gnutls_session_t session) { @@ -1228,7 +1226,6 @@ _gnutls_session_is_export (gnutls_session_t session) * * This function will return non zero if this session uses a PSK key * exchange algorithm. - * -*/ int _gnutls_session_is_psk (gnutls_session_t session) @@ -1300,16 +1297,15 @@ gnutls_record_get_direction (gnutls_session_t session) } /*- - * _gnutls_rsa_pms_set_version - Sets a version to be used at the RSA PMS - * @session: is a #gnutls_session_t structure. - * @major: is the major version to use - * @minor: is the minor version to use - * - * This function will set the given version number to be used at the - * RSA PMS secret. This is only useful to clients, which want to - * test server's capabilities. - * - -*/ + * _gnutls_rsa_pms_set_version - Sets a version to be used at the RSA PMS + * @session: is a #gnutls_session_t structure. + * @major: is the major version to use + * @minor: is the minor version to use + * + * This function will set the given version number to be used at the + * RSA PMS secret. This is only useful to clients, which want to + * test server's capabilities. + -*/ void _gnutls_rsa_pms_set_version (gnutls_session_t session, unsigned char major, unsigned char minor) diff --git a/lib/gnutls_x509.c b/lib/gnutls_x509.c index 6e16311091..d664a5be72 100644 --- a/lib/gnutls_x509.c +++ b/lib/gnutls_x509.c @@ -83,15 +83,14 @@ check_bits (gnutls_x509_crt_t crt, unsigned int max_bits) gnutls_free( peer_certificate_list) /*- - * _gnutls_x509_cert_verify_peers - return the peer's certificate status - * @session: is a gnutls session - * - * This function will try to verify the peer's certificate and return its status (TRUSTED, REVOKED etc.). - * The return value (status) should be one of the gnutls_certificate_status_t enumerated elements. - * However you must also check the peer's name in order to check if the verified certificate belongs to the - * actual peer. Returns a negative error code in case of an error, or GNUTLS_E_NO_CERTIFICATE_FOUND if no certificate was sent. - * - -*/ + * _gnutls_x509_cert_verify_peers - return the peer's certificate status + * @session: is a gnutls session + * + * This function will try to verify the peer's certificate and return its status (TRUSTED, REVOKED etc.). + * The return value (status) should be one of the gnutls_certificate_status_t enumerated elements. + * However you must also check the peer's name in order to check if the verified certificate belongs to the + * actual peer. Returns a negative error code in case of an error, or GNUTLS_E_NO_CERTIFICATE_FOUND if no certificate was sent. + -*/ int _gnutls_x509_cert_verify_peers (gnutls_session_t session, unsigned int *status) @@ -722,23 +721,23 @@ gnutls_certificate_set_x509_key_mem (gnutls_certificate_credentials_t res, } /** - * gnutls_certificate_set_x509_key - Used to set keys in a gnutls_certificate_credentials_t structure - * @res: is a #gnutls_certificate_credentials_t structure. - * @cert_list: contains a certificate list (path) for the specified private key - * @cert_list_size: holds the size of the certificate list - * @key: is a gnutls_x509_privkey_t key - * - * This function sets a certificate/private key pair in the - * gnutls_certificate_credentials_t structure. This function may be - * called more than once (in case multiple keys/certificates exist - * for the server). For clients that wants to send more than its own - * end entity certificate (e.g., also an intermediate CA cert) then - * put the certificate chain in @cert_list. - * - * Returns: %GNUTLS_E_SUCCESS on success, or an error code. - * - * Since: 2.4.0 - **/ + * gnutls_certificate_set_x509_key - Used to set keys in a gnutls_certificate_credentials_t structure + * @res: is a #gnutls_certificate_credentials_t structure. + * @cert_list: contains a certificate list (path) for the specified private key + * @cert_list_size: holds the size of the certificate list + * @key: is a gnutls_x509_privkey_t key + * + * This function sets a certificate/private key pair in the + * gnutls_certificate_credentials_t structure. This function may be + * called more than once (in case multiple keys/certificates exist for + * the server). For clients that wants to send more than its own end + * entity certificate (e.g., also an intermediate CA cert) then put + * the certificate chain in @cert_list. + * + * Returns: %GNUTLS_E_SUCCESS on success, or an error code. + * + * Since: 2.4.0 + **/ int gnutls_certificate_set_x509_key (gnutls_certificate_credentials_t res, gnutls_x509_crt_t * cert_list, @@ -1113,24 +1112,24 @@ parse_der_ca_mem (gnutls_x509_crt_t ** cert_list, unsigned *ncerts, } /** - * gnutls_certificate_set_x509_trust_mem - Used to add trusted CAs in a gnutls_certificate_credentials_t structure - * @res: is a #gnutls_certificate_credentials_t structure. - * @ca: is a list of trusted CAs or a DER certificate - * @type: is DER or PEM - * - * This function adds the trusted CAs in order to verify client or - * server certificates. In case of a client this is not required to - * be called if the certificates are not verified using - * gnutls_certificate_verify_peers2(). This function may be called - * multiple times. - * - * In case of a server the CAs set here will be sent to the client if - * a certificate request is sent. This can be disabled using - * gnutls_certificate_send_x509_rdn_sequence(). - * - * Returns: the number of certificates processed or a negative value - * on error. - **/ + * gnutls_certificate_set_x509_trust_mem - Used to add trusted CAs in a gnutls_certificate_credentials_t structure + * @res: is a #gnutls_certificate_credentials_t structure. + * @ca: is a list of trusted CAs or a DER certificate + * @type: is DER or PEM + * + * This function adds the trusted CAs in order to verify client or + * server certificates. In case of a client this is not required to be + * called if the certificates are not verified using + * gnutls_certificate_verify_peers2(). This function may be called + * multiple times. + * + * In case of a server the CAs set here will be sent to the client if + * a certificate request is sent. This can be disabled using + * gnutls_certificate_send_x509_rdn_sequence(). + * + * Returns: the number of certificates processed or a negative value + * on error. + **/ int gnutls_certificate_set_x509_trust_mem (gnutls_certificate_credentials_t res, const gnutls_datum_t * ca, @@ -1152,25 +1151,25 @@ gnutls_certificate_set_x509_trust_mem (gnutls_certificate_credentials_t res, } /** - * gnutls_certificate_set_x509_trust - Used to add trusted CAs in a gnutls_certificate_credentials_t structure - * @res: is a #gnutls_certificate_credentials_t structure. - * @ca_list: is a list of trusted CAs - * @ca_list_size: holds the size of the CA list - * - * This function adds the trusted CAs in order to verify client - * or server certificates. In case of a client this is not required - * to be called if the certificates are not verified using - * gnutls_certificate_verify_peers2(). - * This function may be called multiple times. - * - * In case of a server the CAs set here will be sent to the client if - * a certificate request is sent. This can be disabled using - * gnutls_certificate_send_x509_rdn_sequence(). - * - * Returns: %GNUTLS_E_SUCCESS on success, or an error code. - * - * Since: 2.4.0 - **/ + * gnutls_certificate_set_x509_trust - Used to add trusted CAs in a gnutls_certificate_credentials_t structure + * @res: is a #gnutls_certificate_credentials_t structure. + * @ca_list: is a list of trusted CAs + * @ca_list_size: holds the size of the CA list + * + * This function adds the trusted CAs in order to verify client + * or server certificates. In case of a client this is not required + * to be called if the certificates are not verified using + * gnutls_certificate_verify_peers2(). + * This function may be called multiple times. + * + * In case of a server the CAs set here will be sent to the client if + * a certificate request is sent. This can be disabled using + * gnutls_certificate_send_x509_rdn_sequence(). + * + * Returns: %GNUTLS_E_SUCCESS on success, or an error code. + * + * Since: 2.4.0 + **/ int gnutls_certificate_set_x509_trust (gnutls_certificate_credentials_t res, gnutls_x509_crt_t * ca_list, @@ -1215,24 +1214,24 @@ gnutls_certificate_set_x509_trust (gnutls_certificate_credentials_t res, } /** - * gnutls_certificate_set_x509_trust_file - Used to add trusted CAs in a gnutls_certificate_credentials_t structure - * @res: is a #gnutls_certificate_credentials_t structure. - * @cafile: is a file containing the list of trusted CAs (DER or PEM list) - * @type: is PEM or DER - * - * This function adds the trusted CAs in order to verify client or - * server certificates. In case of a client this is not required to - * be called if the certificates are not verified using - * gnutls_certificate_verify_peers2(). This function may be called - * multiple times. - * - * In case of a server the names of the CAs set here will be sent to - * the client if a certificate request is sent. This can be disabled - * using gnutls_certificate_send_x509_rdn_sequence(). - * - * Returns: number of certificates processed, or a negative value on - * error. - **/ + * gnutls_certificate_set_x509_trust_file - Used to add trusted CAs in a gnutls_certificate_credentials_t structure + * @res: is a #gnutls_certificate_credentials_t structure. + * @cafile: is a file containing the list of trusted CAs (DER or PEM list) + * @type: is PEM or DER + * + * This function adds the trusted CAs in order to verify client or + * server certificates. In case of a client this is not required to + * be called if the certificates are not verified using + * gnutls_certificate_verify_peers2(). This function may be called + * multiple times. + * + * In case of a server the names of the CAs set here will be sent to + * the client if a certificate request is sent. This can be disabled + * using gnutls_certificate_send_x509_rdn_sequence(). + * + * Returns: number of certificates processed, or a negative value on + * error. + **/ int gnutls_certificate_set_x509_trust_file (gnutls_certificate_credentials_t res, const char *cafile, @@ -1435,19 +1434,19 @@ read_crl_mem (gnutls_certificate_credentials_t res, const void *crl, } /** - * gnutls_certificate_set_x509_crl_mem - Used to add CRLs in a gnutls_certificate_credentials_t structure - * @res: is a #gnutls_certificate_credentials_t structure. - * @CRL: is a list of trusted CRLs. They should have been verified before. - * @type: is DER or PEM - * - * This function adds the trusted CRLs in order to verify client or - * server certificates. In case of a client this is not required to - * be called if the certificates are not verified using - * gnutls_certificate_verify_peers2(). This function may be called - * multiple times. - * - * Returns: number of CRLs processed, or a negative value on error. - **/ + * gnutls_certificate_set_x509_crl_mem - Used to add CRLs in a gnutls_certificate_credentials_t structure + * @res: is a #gnutls_certificate_credentials_t structure. + * @CRL: is a list of trusted CRLs. They should have been verified before. + * @type: is DER or PEM + * + * This function adds the trusted CRLs in order to verify client or + * server certificates. In case of a client this is not required to + * be called if the certificates are not verified using + * gnutls_certificate_verify_peers2(). This function may be called + * multiple times. + * + * Returns: number of CRLs processed, or a negative value on error. + **/ int gnutls_certificate_set_x509_crl_mem (gnutls_certificate_credentials_t res, const gnutls_datum_t * CRL, @@ -1462,21 +1461,21 @@ gnutls_certificate_set_x509_crl_mem (gnutls_certificate_credentials_t res, } /** - * gnutls_certificate_set_x509_crl - Used to add CRLs in a gnutls_certificate_credentials_t structure - * @res: is a #gnutls_certificate_credentials_t structure. - * @crl_list: is a list of trusted CRLs. They should have been verified before. - * @crl_list_size: holds the size of the crl_list - * - * This function adds the trusted CRLs in order to verify client or - * server certificates. In case of a client this is not required to - * be called if the certificates are not verified using - * gnutls_certificate_verify_peers2(). This function may be called - * multiple times. - * - * Returns: %GNUTLS_E_SUCCESS on success, or an error code. - * - * Since: 2.4.0 - **/ + * gnutls_certificate_set_x509_crl - Used to add CRLs in a gnutls_certificate_credentials_t structure + * @res: is a #gnutls_certificate_credentials_t structure. + * @crl_list: is a list of trusted CRLs. They should have been verified before. + * @crl_list_size: holds the size of the crl_list + * + * This function adds the trusted CRLs in order to verify client or + * server certificates. In case of a client this is not required to + * be called if the certificates are not verified using + * gnutls_certificate_verify_peers2(). This function may be called + * multiple times. + * + * Returns: %GNUTLS_E_SUCCESS on success, or an error code. + * + * Since: 2.4.0 + **/ int gnutls_certificate_set_x509_crl (gnutls_certificate_credentials_t res, gnutls_x509_crl_t * crl_list, @@ -1517,19 +1516,19 @@ gnutls_certificate_set_x509_crl (gnutls_certificate_credentials_t res, } /** - * gnutls_certificate_set_x509_crl_file - Used to add CRLs in a gnutls_certificate_credentials_t structure - * @res: is a #gnutls_certificate_credentials_t structure. - * @crlfile: is a file containing the list of verified CRLs (DER or PEM list) - * @type: is PEM or DER - * - * This function adds the trusted CRLs in order to verify client or server - * certificates. In case of a client this is not required - * to be called if the certificates are not verified using - * gnutls_certificate_verify_peers2(). - * This function may be called multiple times. - * - * Returns: number of CRLs processed or a negative value on error. - **/ + * gnutls_certificate_set_x509_crl_file - Used to add CRLs in a gnutls_certificate_credentials_t structure + * @res: is a #gnutls_certificate_credentials_t structure. + * @crlfile: is a file containing the list of verified CRLs (DER or PEM list) + * @type: is PEM or DER + * + * This function adds the trusted CRLs in order to verify client or server + * certificates. In case of a client this is not required + * to be called if the certificates are not verified using + * gnutls_certificate_verify_peers2(). + * This function may be called multiple times. + * + * Returns: number of CRLs processed or a negative value on error. + **/ int gnutls_certificate_set_x509_crl_file (gnutls_certificate_credentials_t res, const char *crlfile, @@ -2045,13 +2044,12 @@ done: /** - * gnutls_certificate_free_crls - Used to free all the CRLs from a gnutls_certificate_credentials_t structure - * @sc: is a #gnutls_certificate_credentials_t structure. - * - * This function will delete all the CRLs associated - * with the given credentials. - * - **/ + * gnutls_certificate_free_crls - Used to free all the CRLs from a gnutls_certificate_credentials_t structure + * @sc: is a #gnutls_certificate_credentials_t structure. + * + * This function will delete all the CRLs associated + * with the given credentials. + **/ void gnutls_certificate_free_crls (gnutls_certificate_credentials_t sc) { diff --git a/lib/x509/crl.c b/lib/x509/crl.c index ba9663abff..42621abd2d 100644 --- a/lib/x509/crl.c +++ b/lib/x509/crl.c @@ -533,16 +533,15 @@ gnutls_x509_crl_get_crt_serial (gnutls_x509_crl_t crl, int indx, } /*- - * _gnutls_x509_crl_get_raw_issuer_dn - This function returns the issuer's DN DER encoded - * @crl: should contain a gnutls_x509_crl_t structure - * @dn: will hold the starting point of the DN - * - * This function will return a pointer to the DER encoded DN structure and - * the length. - * - * Returns a negative value on error, and zero on success. - * - -*/ + * _gnutls_x509_crl_get_raw_issuer_dn - This function returns the issuer's DN DER encoded + * @crl: should contain a gnutls_x509_crl_t structure + * @dn: will hold the starting point of the DN + * + * This function will return a pointer to the DER encoded DN structure and + * the length. + * + * Returns a negative value on error, and zero on success. + -*/ int _gnutls_x509_crl_get_raw_issuer_dn (gnutls_x509_crl_t crl, gnutls_datum_t * dn) @@ -646,16 +645,15 @@ gnutls_x509_crl_export (gnutls_x509_crl_t crl, } /*- - * _gnutls_x509_crl_cpy - This function copies a gnutls_x509_crl_t structure - * @dest: The structure where to copy - * @src: The structure to be copied - * - * This function will copy an X.509 certificate structure. - * - * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a - * negative error value. - * - -*/ + * _gnutls_x509_crl_cpy - This function copies a gnutls_x509_crl_t structure + * @dest: The structure where to copy + * @src: The structure to be copied + * + * This function will copy an X.509 certificate structure. + * + * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a + * negative error value. + -*/ int _gnutls_x509_crl_cpy (gnutls_x509_crl_t dest, gnutls_x509_crl_t src) { diff --git a/lib/x509/crl_write.c b/lib/x509/crl_write.c index 26a3a25464..df23054242 100644 --- a/lib/x509/crl_write.c +++ b/lib/x509/crl_write.c @@ -42,18 +42,17 @@ static void disable_optional_stuff (gnutls_x509_crl_t crl); /** - * gnutls_x509_crl_set_version - This function will set the CRL version - * @crl: should contain a gnutls_x509_crl_t structure - * @version: holds the version number. For CRLv1 crls must be 1. - * - * This function will set the version of the CRL. This - * must be one for CRL version 1, and so on. The CRLs generated - * by gnutls should have a version number of 2. - * - * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a - * negative error value. - * - **/ + * gnutls_x509_crl_set_version - This function will set the CRL version + * @crl: should contain a gnutls_x509_crl_t structure + * @version: holds the version number. For CRLv1 crls must be 1. + * + * This function will set the version of the CRL. This + * must be one for CRL version 1, and so on. The CRLs generated + * by gnutls should have a version number of 2. + * + * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a + * negative error value. + **/ int gnutls_x509_crl_set_version (gnutls_x509_crl_t crl, unsigned int version) { @@ -80,23 +79,22 @@ gnutls_x509_crl_set_version (gnutls_x509_crl_t crl, unsigned int version) } /** - * gnutls_x509_crl_sign2 - This function will sign a CRL with a key - * @crl: should contain a gnutls_x509_crl_t structure - * @issuer: is the certificate of the certificate issuer - * @issuer_key: holds the issuer's private key - * @dig: The message digest to use. GNUTLS_DIG_SHA1 is the safe choice unless you know what you're doing. - * @flags: must be 0 - * - * This function will sign the CRL with the issuer's private key, and - * will copy the issuer's information into the CRL. - * - * This must be the last step in a certificate CRL since all - * the previously set parameters are now signed. - * - * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a - * negative error value. - * - **/ + * gnutls_x509_crl_sign2 - This function will sign a CRL with a key + * @crl: should contain a gnutls_x509_crl_t structure + * @issuer: is the certificate of the certificate issuer + * @issuer_key: holds the issuer's private key + * @dig: The message digest to use. GNUTLS_DIG_SHA1 is the safe choice unless you know what you're doing. + * @flags: must be 0 + * + * This function will sign the CRL with the issuer's private key, and + * will copy the issuer's information into the CRL. + * + * This must be the last step in a certificate CRL since all + * the previously set parameters are now signed. + * + * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a + * negative error value. + **/ int gnutls_x509_crl_sign2 (gnutls_x509_crl_t crl, gnutls_x509_crt_t issuer, gnutls_x509_privkey_t issuer_key, @@ -126,18 +124,17 @@ gnutls_x509_crl_sign2 (gnutls_x509_crl_t crl, gnutls_x509_crt_t issuer, } /** - * gnutls_x509_crl_sign - This function will sign a CRL with a key - * @crl: should contain a gnutls_x509_crl_t structure - * @issuer: is the certificate of the certificate issuer - * @issuer_key: holds the issuer's private key - * - * This function is the same a gnutls_x509_crl_sign2() with no flags, and - * SHA1 as the hash algorithm. - * - * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a - * negative error value. - * - **/ + * gnutls_x509_crl_sign - This function will sign a CRL with a key + * @crl: should contain a gnutls_x509_crl_t structure + * @issuer: is the certificate of the certificate issuer + * @issuer_key: holds the issuer's private key + * + * This function is the same a gnutls_x509_crl_sign2() with no flags, and + * SHA1 as the hash algorithm. + * + * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a + * negative error value. + **/ int gnutls_x509_crl_sign (gnutls_x509_crl_t crl, gnutls_x509_crt_t issuer, gnutls_x509_privkey_t issuer_key) @@ -146,16 +143,15 @@ gnutls_x509_crl_sign (gnutls_x509_crl_t crl, gnutls_x509_crt_t issuer, } /** - * gnutls_x509_crl_set_this_update - This function will set the CRL's issuing time - * @crl: should contain a gnutls_x509_crl_t structure - * @act_time: The actual time - * - * This function will set the time this CRL was issued. - * - * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a - * negative error value. - * - **/ + * gnutls_x509_crl_set_this_update - This function will set the CRL's issuing time + * @crl: should contain a gnutls_x509_crl_t structure + * @act_time: The actual time + * + * This function will set the time this CRL was issued. + * + * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a + * negative error value. + **/ int gnutls_x509_crl_set_this_update (gnutls_x509_crl_t crl, time_t act_time) { @@ -169,16 +165,15 @@ gnutls_x509_crl_set_this_update (gnutls_x509_crl_t crl, time_t act_time) } /** - * gnutls_x509_crl_set_next_update - This function will set the CRL next update time - * @crl: should contain a gnutls_x509_crl_t structure - * @exp_time: The actual time - * - * This function will set the time this CRL will be updated. - * - * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a - * negative error value. - * - **/ + * gnutls_x509_crl_set_next_update - This function will set the CRL next update time + * @crl: should contain a gnutls_x509_crl_t structure + * @exp_time: The actual time + * + * This function will set the time this CRL will be updated. + * + * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a + * negative error value. + **/ int gnutls_x509_crl_set_next_update (gnutls_x509_crl_t crl, time_t exp_time) { @@ -191,18 +186,17 @@ gnutls_x509_crl_set_next_update (gnutls_x509_crl_t crl, time_t exp_time) } /** - * gnutls_x509_crl_set_crt_serial - This function will set a revoked certificate's serial number - * @crl: should contain a gnutls_x509_crl_t structure - * @serial: The revoked certificate's serial number - * @serial_size: Holds the size of the serial field. - * @revocation_time: The time this certificate was revoked - * - * This function will set a revoked certificate's serial number to the CRL. - * - * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a - * negative error value. - * - **/ + * gnutls_x509_crl_set_crt_serial - This function will set a revoked certificate's serial number + * @crl: should contain a gnutls_x509_crl_t structure + * @serial: The revoked certificate's serial number + * @serial_size: Holds the size of the serial field. + * @revocation_time: The time this certificate was revoked + * + * This function will set a revoked certificate's serial number to the CRL. + * + * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a + * negative error value. + **/ int gnutls_x509_crl_set_crt_serial (gnutls_x509_crl_t crl, const void *serial, size_t serial_size, @@ -258,17 +252,16 @@ gnutls_x509_crl_set_crt_serial (gnutls_x509_crl_t crl, } /** - * gnutls_x509_crl_set_crt - This function will set a revoked certificate's serial number - * @crl: should contain a gnutls_x509_crl_t structure - * @crt: a certificate of type #gnutls_x509_crt_t with the revoked certificate - * @revocation_time: The time this certificate was revoked - * - * This function will set a revoked certificate's serial number to the CRL. - * - * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a - * negative error value. - * - **/ + * gnutls_x509_crl_set_crt - This function will set a revoked certificate's serial number + * @crl: should contain a gnutls_x509_crl_t structure + * @crt: a certificate of type #gnutls_x509_crt_t with the revoked certificate + * @revocation_time: The time this certificate was revoked + * + * This function will set a revoked certificate's serial number to the CRL. + * + * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a + * negative error value. + **/ int gnutls_x509_crl_set_crt (gnutls_x509_crl_t crl, gnutls_x509_crt_t crt, time_t revocation_time) diff --git a/lib/x509/pkcs12.c b/lib/x509/pkcs12.c index 6c12e78026..1689274a39 100644 --- a/lib/x509/pkcs12.c +++ b/lib/x509/pkcs12.c @@ -126,17 +126,16 @@ cleanup: } /** - * gnutls_pkcs12_init - This function initializes a gnutls_pkcs12_t structure - * @pkcs12: The structure to be initialized - * - * This function will initialize a PKCS12 structure. PKCS12 structures - * usually contain lists of X.509 Certificates and X.509 Certificate - * revocation lists. - * - * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a - * negative error value. - * - **/ + * gnutls_pkcs12_init - This function initializes a gnutls_pkcs12_t structure + * @pkcs12: The structure to be initialized + * + * This function will initialize a PKCS12 structure. PKCS12 structures + * usually contain lists of X.509 Certificates and X.509 Certificate + * revocation lists. + * + * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a + * negative error value. + **/ int gnutls_pkcs12_init (gnutls_pkcs12_t * pkcs12) { @@ -159,12 +158,11 @@ gnutls_pkcs12_init (gnutls_pkcs12_t * pkcs12) } /** - * gnutls_pkcs12_deinit - This function deinitializes memory used by a gnutls_pkcs12_t structure - * @pkcs12: The structure to be initialized - * - * This function will deinitialize a PKCS12 structure. - * - **/ + * gnutls_pkcs12_deinit - This function deinitializes memory used by a gnutls_pkcs12_t structure + * @pkcs12: The structure to be initialized + * + * This function will deinitialize a PKCS12 structure. + **/ void gnutls_pkcs12_deinit (gnutls_pkcs12_t pkcs12) { @@ -178,21 +176,20 @@ gnutls_pkcs12_deinit (gnutls_pkcs12_t pkcs12) } /** - * gnutls_pkcs12_import - This function will import a DER or PEM encoded PKCS12 structure - * @pkcs12: The structure to store the parsed PKCS12. - * @data: The DER or PEM encoded PKCS12. - * @format: One of DER or PEM - * @flags: an ORed sequence of gnutls_privkey_pkcs8_flags - * - * This function will convert the given DER or PEM encoded PKCS12 - * to the native gnutls_pkcs12_t format. The output will be stored in 'pkcs12'. - * - * If the PKCS12 is PEM encoded it should have a header of "PKCS12". - * - * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a - * negative error value. - * - **/ + * gnutls_pkcs12_import - This function will import a DER or PEM encoded PKCS12 structure + * @pkcs12: The structure to store the parsed PKCS12. + * @data: The DER or PEM encoded PKCS12. + * @format: One of DER or PEM + * @flags: an ORed sequence of gnutls_privkey_pkcs8_flags + * + * This function will convert the given DER or PEM encoded PKCS12 + * to the native gnutls_pkcs12_t format. The output will be stored in 'pkcs12'. + * + * If the PKCS12 is PEM encoded it should have a header of "PKCS12". + * + * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a + * negative error value. + **/ int gnutls_pkcs12_import (gnutls_pkcs12_t pkcs12, const gnutls_datum_t * data, @@ -257,26 +254,25 @@ cleanup: /** - * gnutls_pkcs12_export - This function will export the pkcs12 structure - * @pkcs12: Holds the pkcs12 structure - * @format: the format of output params. One of PEM or DER. - * @output_data: will contain a structure PEM or DER encoded - * @output_data_size: holds the size of output_data (and will be - * replaced by the actual size of parameters) - * - * This function will export the pkcs12 structure to DER or PEM format. - * - * If the buffer provided is not long enough to hold the output, then - * *output_data_size will be updated and GNUTLS_E_SHORT_MEMORY_BUFFER - * will be returned. - * - * If the structure is PEM encoded, it will have a header - * of "BEGIN PKCS12". - * - * Return value: In case of failure a negative value will be - * returned, and 0 on success. - * - **/ + * gnutls_pkcs12_export - This function will export the pkcs12 structure + * @pkcs12: Holds the pkcs12 structure + * @format: the format of output params. One of PEM or DER. + * @output_data: will contain a structure PEM or DER encoded + * @output_data_size: holds the size of output_data (and will be + * replaced by the actual size of parameters) + * + * This function will export the pkcs12 structure to DER or PEM format. + * + * If the buffer provided is not long enough to hold the output, then + * *output_data_size will be updated and GNUTLS_E_SHORT_MEMORY_BUFFER + * will be returned. + * + * If the structure is PEM encoded, it will have a header + * of "BEGIN PKCS12". + * + * Return value: In case of failure a negative value will be + * returned, and 0 on success. + **/ int gnutls_pkcs12_export (gnutls_pkcs12_t pkcs12, gnutls_x509_crt_fmt_t format, void *output_data, @@ -576,19 +572,19 @@ cleanup: /** - * gnutls_pkcs12_get_bag - This function returns a Bag from a PKCS12 structure - * @pkcs12: should contain a gnutls_pkcs12_t structure - * @indx: contains the index of the bag to extract - * @bag: An initialized bag, where the contents of the bag will be copied - * - * This function will return a Bag from the PKCS12 structure. - * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a - * negative error value. - * - * After the last Bag has been read GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE - * will be returned. - * - **/ + * gnutls_pkcs12_get_bag - This function returns a Bag from a PKCS12 structure + * @pkcs12: should contain a gnutls_pkcs12_t structure + * @indx: contains the index of the bag to extract + * @bag: An initialized bag, where the contents of the bag will be copied + * + * This function will return a Bag from the PKCS12 structure. + * + * After the last Bag has been read + * %GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE will be returned. + * + * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a + * negative error value. + **/ int gnutls_pkcs12_get_bag (gnutls_pkcs12_t pkcs12, int indx, gnutls_pkcs12_bag_t bag) @@ -725,15 +721,15 @@ cleanup: } /** - * gnutls_pkcs12_set_bag - This function inserts a Bag into a PKCS12 structure - * @pkcs12: should contain a gnutls_pkcs12_t structure - * @bag: An initialized bag - * - * This function will insert a Bag into the PKCS12 structure. - * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a - * negative error value. - * - **/ + * gnutls_pkcs12_set_bag - This function inserts a Bag into a PKCS12 structure + * @pkcs12: should contain a gnutls_pkcs12_t structure + * @bag: An initialized bag + * + * This function will insert a Bag into the PKCS12 structure. + * + * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a + * negative error value. + **/ int gnutls_pkcs12_set_bag (gnutls_pkcs12_t pkcs12, gnutls_pkcs12_bag_t bag) { @@ -857,15 +853,15 @@ cleanup: } /** - * gnutls_pkcs12_generate_mac - This function generates the MAC of the PKCS12 structure - * @pkcs12: should contain a gnutls_pkcs12_t structure - * @pass: The password for the MAC - * - * This function will generate a MAC for the PKCS12 structure. - * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a - * negative error value. - * - **/ + * gnutls_pkcs12_generate_mac - This function generates the MAC of the PKCS12 structure + * @pkcs12: should contain a gnutls_pkcs12_t structure + * @pass: The password for the MAC + * + * This function will generate a MAC for the PKCS12 structure. + * + * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a + * negative error value. + **/ int gnutls_pkcs12_generate_mac (gnutls_pkcs12_t pkcs12, const char *pass) { @@ -990,15 +986,15 @@ cleanup: } /** - * gnutls_pkcs12_verify_mac - This function verifies the MAC of the PKCS12 structure - * @pkcs12: should contain a gnutls_pkcs12_t structure - * @pass: The password for the MAC - * - * This function will verify the MAC for the PKCS12 structure. - * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a - * negative error value. - * - **/ + * gnutls_pkcs12_verify_mac - This function verifies the MAC of the PKCS12 structure + * @pkcs12: should contain a gnutls_pkcs12_t structure + * @pass: The password for the MAC + * + * This function will verify the MAC for the PKCS12 structure. + * + * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a + * negative error value. + **/ int gnutls_pkcs12_verify_mac (gnutls_pkcs12_t pkcs12, const char *pass) { diff --git a/lib/x509/pkcs12_bag.c b/lib/x509/pkcs12_bag.c index b2ffea5720..799538c6a2 100644 --- a/lib/x509/pkcs12_bag.c +++ b/lib/x509/pkcs12_bag.c @@ -37,17 +37,16 @@ #include "x509_int.h" /** - * gnutls_pkcs12_bag_init - This function initializes a gnutls_pkcs12_bag_t structure - * @bag: The structure to be initialized - * - * This function will initialize a PKCS12 bag structure. PKCS12 Bags - * usually contain private keys, lists of X.509 Certificates and X.509 Certificate - * revocation lists. - * - * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a - * negative error value. - * - **/ + * gnutls_pkcs12_bag_init - This function initializes a gnutls_pkcs12_bag_t structure + * @bag: The structure to be initialized + * + * This function will initialize a PKCS12 bag structure. PKCS12 Bags + * usually contain private keys, lists of X.509 Certificates and X.509 + * Certificate revocation lists. + * + * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a + * negative error value. + **/ int gnutls_pkcs12_bag_init (gnutls_pkcs12_bag_t * bag) { @@ -78,12 +77,11 @@ _pkcs12_bag_free_data (gnutls_pkcs12_bag_t bag) /** - * gnutls_pkcs12_bag_deinit - This function deinitializes memory used by a gnutls_pkcs12_t structure - * @bag: The structure to be initialized - * - * This function will deinitialize a PKCS12 Bag structure. - * - **/ + * gnutls_pkcs12_bag_deinit - This function deinitializes memory used by a gnutls_pkcs12_t structure + * @bag: The structure to be initialized + * + * This function will deinitialize a PKCS12 Bag structure. + **/ void gnutls_pkcs12_bag_deinit (gnutls_pkcs12_bag_t bag) { @@ -140,19 +138,18 @@ gnutls_pkcs12_bag_get_count (gnutls_pkcs12_bag_t bag) } /** - * gnutls_pkcs12_bag_get_data - This function returns the bag's data - * @bag: The bag - * @indx: The element of the bag to get the data from - * @data: where the bag's data will be. Should be treated as constant. - * - * This function will return the bag's data. The data is a constant - * that is stored into the bag. Should not be accessed after the bag - * is deleted. - * - * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a - * negative error value. - * - **/ + * gnutls_pkcs12_bag_get_data - This function returns the bag's data + * @bag: The bag + * @indx: The element of the bag to get the data from + * @data: where the bag's data will be. Should be treated as constant. + * + * This function will return the bag's data. The data is a constant + * that is stored into the bag. Should not be accessed after the bag + * is deleted. + * + * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a + * negative error value. + **/ int gnutls_pkcs12_bag_get_data (gnutls_pkcs12_bag_t bag, int indx, gnutls_datum_t * data) @@ -533,19 +530,19 @@ gnutls_pkcs12_bag_set_crl (gnutls_pkcs12_bag_t bag, gnutls_x509_crl_t crl) } /** - * gnutls_pkcs12_bag_set_key_id - This function sets a key ID into the bag element - * @bag: The bag - * @indx: The bag's element to add the id - * @id: the ID - * - * This function will add the given key ID, to the specified, by the index, bag - * element. The key ID will be encoded as a 'Local key identifier' bag attribute, - * which is usually used to distinguish the local private key and the certificate pair. - * - * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a - * negative error value. or a negative value on error. - * - **/ + * gnutls_pkcs12_bag_set_key_id - This function sets a key ID into the bag element + * @bag: The bag + * @indx: The bag's element to add the id + * @id: the ID + * + * This function will add the given key ID, to the specified, by the + * index, bag element. The key ID will be encoded as a 'Local key + * identifier' bag attribute, which is usually used to distinguish + * the local private key and the certificate pair. + * + * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a + * negative error value. or a negative value on error. + **/ int gnutls_pkcs12_bag_set_key_id (gnutls_pkcs12_bag_t bag, int indx, const gnutls_datum_t * id) @@ -578,18 +575,18 @@ gnutls_pkcs12_bag_set_key_id (gnutls_pkcs12_bag_t bag, int indx, } /** - * gnutls_pkcs12_bag_get_key_id - This function gets the key ID from the bag element - * @bag: The bag - * @indx: The bag's element to add the id - * @id: where the ID will be copied (to be treated as const) - * - * This function will return the key ID, of the specified bag element. - * The key ID is usually used to distinguish the local private key and the certificate pair. - * - * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a - * negative error value. or a negative value on error. - * - **/ + * gnutls_pkcs12_bag_get_key_id - This function gets the key ID from the bag element + * @bag: The bag + * @indx: The bag's element to add the id + * @id: where the ID will be copied (to be treated as const) + * + * This function will return the key ID, of the specified bag element. + * The key ID is usually used to distinguish the local private key and + * the certificate pair. + * + * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a + * negative error value. or a negative value on error. + **/ int gnutls_pkcs12_bag_get_key_id (gnutls_pkcs12_bag_t bag, int indx, gnutls_datum_t * id) @@ -613,18 +610,18 @@ gnutls_pkcs12_bag_get_key_id (gnutls_pkcs12_bag_t bag, int indx, } /** - * gnutls_pkcs12_bag_get_friendly_name - This function returns the friendly name of the bag element - * @bag: The bag - * @indx: The bag's element to add the id - * @name: will hold a pointer to the name (to be treated as const) - * - * This function will return the friendly name, of the specified bag element. - * The key ID is usually used to distinguish the local private key and the certificate pair. - * - * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a - * negative error value. or a negative value on error. - * - **/ + * gnutls_pkcs12_bag_get_friendly_name - This function returns the friendly name of the bag element + * @bag: The bag + * @indx: The bag's element to add the id + * @name: will hold a pointer to the name (to be treated as const) + * + * This function will return the friendly name, of the specified bag + * element. The key ID is usually used to distinguish the local + * private key and the certificate pair. + * + * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a + * negative error value. or a negative value on error. + **/ int gnutls_pkcs12_bag_get_friendly_name (gnutls_pkcs12_bag_t bag, int indx, char **name) @@ -648,19 +645,19 @@ gnutls_pkcs12_bag_get_friendly_name (gnutls_pkcs12_bag_t bag, int indx, /** - * gnutls_pkcs12_bag_set_friendly_name - This function sets a friendly name into the bag element - * @bag: The bag - * @indx: The bag's element to add the id - * @name: the name - * - * This function will add the given key friendly name, to the specified, by the index, bag - * element. The name will be encoded as a 'Friendly name' bag attribute, - * which is usually used to set a user name to the local private key and the certificate pair. - * - * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a - * negative error value. or a negative value on error. - * - **/ + * gnutls_pkcs12_bag_set_friendly_name - This function sets a friendly name into the bag element + * @bag: The bag + * @indx: The bag's element to add the id + * @name: the name + * + * This function will add the given key friendly name, to the + * specified, by the index, bag element. The name will be encoded as + * a 'Friendly name' bag attribute, which is usually used to set a + * user name to the local private key and the certificate pair. + * + * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a + * negative error value. or a negative value on error. + **/ int gnutls_pkcs12_bag_set_friendly_name (gnutls_pkcs12_bag_t bag, int indx, const char *name) diff --git a/lib/x509/pkcs7.c b/lib/x509/pkcs7.c index 4bd89f794e..fdcf625373 100644 --- a/lib/x509/pkcs7.c +++ b/lib/x509/pkcs7.c @@ -618,17 +618,17 @@ cleanup: } /** - * gnutls_pkcs7_set_crt - add a parsed certificate in a PKCS7 certificate set - * @pkcs7: should contain a #gnutls_pkcs7_t structure - * @crt: the certificate to be copied. - * - * This function will add a parsed certificate to the PKCS7 or - * RFC2630 certificate set. This is a wrapper function over - * gnutls_pkcs7_set_crt_raw() . - * - * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a - * negative error value. - **/ + * gnutls_pkcs7_set_crt - add a parsed certificate in a PKCS7 certificate set + * @pkcs7: should contain a #gnutls_pkcs7_t structure + * @crt: the certificate to be copied. + * + * This function will add a parsed certificate to the PKCS7 or + * RFC2630 certificate set. This is a wrapper function over + * gnutls_pkcs7_set_crt_raw() . + * + * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a + * negative error value. + **/ int gnutls_pkcs7_set_crt (gnutls_pkcs7_t pkcs7, gnutls_x509_crt_t crt) { diff --git a/lib/x509/privkey.c b/lib/x509/privkey.c index 77d205c442..edd82f12b6 100644 --- a/lib/x509/privkey.c +++ b/lib/x509/privkey.c @@ -1564,18 +1564,18 @@ gnutls_x509_privkey_sign_hash (gnutls_x509_privkey_t key, } /** - * gnutls_x509_privkey_verify_data - Verify the signed data using private key - * @key: Holds the key - * @flags: should be 0 for now - * @data: holds the data to be signed - * @signature: contains the signature - * - * This function will verify the given signed data, using the - * parameters in the private key. - * - * Returns: In case of a verification failure 0 is returned, and 1 on - * success. - **/ + * gnutls_x509_privkey_verify_data - Verify the signed data using private key + * @key: Holds the key + * @flags: should be 0 for now + * @data: holds the data to be signed + * @signature: contains the signature + * + * This function will verify the given signed data, using the + * parameters in the private key. + * + * Returns: In case of a verification failure 0 is returned, and 1 on + * success. + **/ int gnutls_x509_privkey_verify_data (gnutls_x509_privkey_t key, unsigned int flags, diff --git a/lib/x509/privkey_pkcs8.c b/lib/x509/privkey_pkcs8.c index d2029e69d1..463bc9ec4e 100644 --- a/lib/x509/privkey_pkcs8.c +++ b/lib/x509/privkey_pkcs8.c @@ -580,35 +580,34 @@ error: /** - * gnutls_x509_privkey_export_pkcs8 - This function will export the private key to PKCS8 format - * @key: Holds the key - * @format: the format of output params. One of PEM or DER. - * @password: the password that will be used to encrypt the key. - * @flags: an ORed sequence of gnutls_pkcs_encrypt_flags_t - * @output_data: will contain a private key PEM or DER encoded - * @output_data_size: holds the size of output_data (and will be - * replaced by the actual size of parameters) - * - * This function will export the private key to a PKCS8 structure. - * Both RSA and DSA keys can be exported. For DSA keys we use - * PKCS #11 definitions. If the flags do not specify the encryption - * cipher, then the default 3DES (PBES2) will be used. - * - * The @password can be either ASCII or UTF-8 in the default PBES2 - * encryption schemas, or ASCII for the PKCS12 schemas. - * - * If the buffer provided is not long enough to hold the output, then - * *output_data_size is updated and GNUTLS_E_SHORT_MEMORY_BUFFER will - * be returned. - * - * If the structure is PEM encoded, it will have a header - * of "BEGIN ENCRYPTED PRIVATE KEY" or "BEGIN PRIVATE KEY" if - * encryption is not used. - * - * Return value: In case of failure a negative value will be - * returned, and 0 on success. - * - **/ + * gnutls_x509_privkey_export_pkcs8 - This function will export the private key to PKCS8 format + * @key: Holds the key + * @format: the format of output params. One of PEM or DER. + * @password: the password that will be used to encrypt the key. + * @flags: an ORed sequence of gnutls_pkcs_encrypt_flags_t + * @output_data: will contain a private key PEM or DER encoded + * @output_data_size: holds the size of output_data (and will be + * replaced by the actual size of parameters) + * + * This function will export the private key to a PKCS8 structure. + * Both RSA and DSA keys can be exported. For DSA keys we use + * PKCS #11 definitions. If the flags do not specify the encryption + * cipher, then the default 3DES (PBES2) will be used. + * + * The @password can be either ASCII or UTF-8 in the default PBES2 + * encryption schemas, or ASCII for the PKCS12 schemas. + * + * If the buffer provided is not long enough to hold the output, then + * *output_data_size is updated and GNUTLS_E_SHORT_MEMORY_BUFFER will + * be returned. + * + * If the structure is PEM encoded, it will have a header + * of "BEGIN ENCRYPTED PRIVATE KEY" or "BEGIN PRIVATE KEY" if + * encryption is not used. + * + * Return value: In case of failure a negative value will be + * returned, and 0 on success. + **/ int gnutls_x509_privkey_export_pkcs8 (gnutls_x509_privkey_t key, gnutls_x509_crt_fmt_t format, @@ -1136,31 +1135,31 @@ error: } - /** - * gnutls_x509_privkey_import_pkcs8 - This function will import a DER or PEM PKCS8 encoded key - * @key: The structure to store the parsed key - * @data: The DER or PEM encoded key. - * @format: One of DER or PEM - * @password: the password to decrypt the key (if it is encrypted). - * @flags: 0 if encrypted or GNUTLS_PKCS_PLAIN if not encrypted. - * - * This function will convert the given DER or PEM encoded PKCS8 2.0 encrypted key - * to the native gnutls_x509_privkey_t format. The output will be stored in @key. - * Both RSA and DSA keys can be imported, and flags can only be used to indicate - * an unencrypted key. - * - * The @password can be either ASCII or UTF-8 in the default PBES2 - * encryption schemas, or ASCII for the PKCS12 schemas. - * - * If the Certificate is PEM encoded it should have a header of "ENCRYPTED PRIVATE KEY", - * or "PRIVATE KEY". You only need to specify the flags if the key is DER encoded, since - * in that case the encryption status cannot be auto-detected. - * - * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a - * negative error value. - * - **/ + * gnutls_x509_privkey_import_pkcs8 - This function will import a DER or PEM PKCS8 encoded key + * @key: The structure to store the parsed key + * @data: The DER or PEM encoded key. + * @format: One of DER or PEM + * @password: the password to decrypt the key (if it is encrypted). + * @flags: 0 if encrypted or GNUTLS_PKCS_PLAIN if not encrypted. + * + * This function will convert the given DER or PEM encoded PKCS8 2.0 + * encrypted key to the native gnutls_x509_privkey_t format. The + * output will be stored in @key. Both RSA and DSA keys can be + * imported, and flags can only be used to indicate an unencrypted + * key. + * + * The @password can be either ASCII or UTF-8 in the default PBES2 + * encryption schemas, or ASCII for the PKCS12 schemas. + * + * If the Certificate is PEM encoded it should have a header of + * "ENCRYPTED PRIVATE KEY", or "PRIVATE KEY". You only need to + * specify the flags if the key is DER encoded, since in that case + * the encryption status cannot be auto-detected. + * + * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a + * negative error value. + **/ int gnutls_x509_privkey_import_pkcs8 (gnutls_x509_privkey_t key, const gnutls_datum_t * data, diff --git a/lib/x509/sign.c b/lib/x509/sign.c index 10a1dcbe10..500880b787 100644 --- a/lib/x509/sign.c +++ b/lib/x509/sign.c @@ -295,18 +295,17 @@ _gnutls_x509_sign_tbs (ASN1_TYPE cert, const char *tbs_name, } /*- - * _gnutls_x509_pkix_sign - This function will sign a CRL or a certificate with a key - * @src: should contain an ASN1_TYPE - * @issuer: is the certificate of the certificate issuer - * @issuer_key: holds the issuer's private key - * - * This function will sign a CRL or a certificate with the issuer's private key, and - * will copy the issuer's information into the CRL or certificate. - * - * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a - * negative error value. - * - -*/ + * _gnutls_x509_pkix_sign - This function will sign a CRL or a certificate with a key + * @src: should contain an ASN1_TYPE + * @issuer: is the certificate of the certificate issuer + * @issuer_key: holds the issuer's private key + * + * This function will sign a CRL or a certificate with the issuer's private key, and + * will copy the issuer's information into the CRL or certificate. + * + * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a + * negative error value. + -*/ int _gnutls_x509_pkix_sign (ASN1_TYPE src, const char *src_name, gnutls_digest_algorithm_t dig, diff --git a/lib/x509/verify.c b/lib/x509/verify.c index 06a0656f76..5c58ffd2bd 100644 --- a/lib/x509/verify.c +++ b/lib/x509/verify.c @@ -925,37 +925,37 @@ _gnutls_x509_privkey_verify_signature (const gnutls_datum_t * tbs, } /** - * gnutls_x509_crt_list_verify - This function verifies the given certificate list - * @cert_list: is the certificate list to be verified - * @cert_list_length: holds the number of certificate in cert_list - * @CA_list: is the CA list which will be used in verification - * @CA_list_length: holds the number of CA certificate in CA_list - * @CRL_list: holds a list of CRLs. - * @CRL_list_length: the length of CRL list. - * @flags: Flags that may be used to change the verification algorithm. Use OR of the gnutls_certificate_verify_flags enumerations. - * @verify: will hold the certificate verification output. - * - * This function will try to verify the given certificate list and return its status. - * If no flags are specified (0), this function will use the - * basicConstraints (2.5.29.19) PKIX extension. This means that only a certificate - * authority is allowed to sign a certificate. - * - * You must also check the peer's name in order to check if the verified - * certificate belongs to the actual peer. - * - * The certificate verification output will be put in @verify and will be - * one or more of the gnutls_certificate_status_t enumerated elements bitwise or'd. - * For a more detailed verification status use gnutls_x509_crt_verify() per list - * element. - * - * GNUTLS_CERT_INVALID: the certificate chain is not valid. - * - * GNUTLS_CERT_REVOKED: a certificate in the chain has been revoked. - * - * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a - * negative error value. - * - **/ + * gnutls_x509_crt_list_verify - This function verifies the given certificate list + * @cert_list: is the certificate list to be verified + * @cert_list_length: holds the number of certificate in cert_list + * @CA_list: is the CA list which will be used in verification + * @CA_list_length: holds the number of CA certificate in CA_list + * @CRL_list: holds a list of CRLs. + * @CRL_list_length: the length of CRL list. + * @flags: Flags that may be used to change the verification algorithm. Use OR of the gnutls_certificate_verify_flags enumerations. + * @verify: will hold the certificate verification output. + * + * This function will try to verify the given certificate list and + * return its status. If no flags are specified (0), this function + * will use the basicConstraints (2.5.29.19) PKIX extension. This + * means that only a certificate authority is allowed to sign a + * certificate. + * + * You must also check the peer's name in order to check if the verified + * certificate belongs to the actual peer. + * + * The certificate verification output will be put in @verify and will + * be one or more of the gnutls_certificate_status_t enumerated + * elements bitwise or'd. For a more detailed verification status use + * gnutls_x509_crt_verify() per list element. + * + * GNUTLS_CERT_INVALID: the certificate chain is not valid. + * + * GNUTLS_CERT_REVOKED: a certificate in the chain has been revoked. + * + * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a + * negative error value. + **/ int gnutls_x509_crt_list_verify (const gnutls_x509_crt_t * cert_list, int cert_list_length, @@ -979,20 +979,20 @@ gnutls_x509_crt_list_verify (const gnutls_x509_crt_t * cert_list, } /** - * gnutls_x509_crt_verify - This function verifies the given certificate against a given trusted one - * @cert: is the certificate to be verified - * @CA_list: is one certificate that is considered to be trusted one - * @CA_list_length: holds the number of CA certificate in CA_list - * @flags: Flags that may be used to change the verification algorithm. Use OR of the gnutls_certificate_verify_flags enumerations. - * @verify: will hold the certificate verification output. - * - * This function will try to verify the given certificate and return its status. - * The verification output in this functions cannot be GNUTLS_CERT_NOT_VALID. - * - * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a - * negative error value. - * - **/ + * gnutls_x509_crt_verify - This function verifies the given certificate against a given trusted one + * @cert: is the certificate to be verified + * @CA_list: is one certificate that is considered to be trusted one + * @CA_list_length: holds the number of CA certificate in CA_list + * @flags: Flags that may be used to change the verification algorithm. Use OR of the gnutls_certificate_verify_flags enumerations. + * @verify: will hold the certificate verification output. + * + * This function will try to verify the given certificate and return + * its status. The verification output in this functions cannot be + * GNUTLS_CERT_NOT_VALID. + * + * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a + * negative error value. + **/ int gnutls_x509_crt_verify (gnutls_x509_crt_t cert, const gnutls_x509_crt_t * CA_list, diff --git a/lib/x509/x509.c b/lib/x509/x509.c index f2c012243f..bf6bd7d681 100644 --- a/lib/x509/x509.c +++ b/lib/x509/x509.c @@ -36,15 +36,14 @@ #include <libtasn1.h> /** - * gnutls_x509_crt_init - This function initializes a gnutls_x509_crt_t structure - * @cert: The structure to be initialized - * - * This function will initialize an X.509 certificate structure. - * - * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a - * negative error value. - * - **/ + * gnutls_x509_crt_init - This function initializes a gnutls_x509_crt_t structure + * @cert: The structure to be initialized + * + * This function will initialize an X.509 certificate structure. + * + * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a + * negative error value. + **/ int gnutls_x509_crt_init (gnutls_x509_crt_t * cert) { @@ -72,16 +71,15 @@ gnutls_x509_crt_init (gnutls_x509_crt_t * cert) } /*- - * _gnutls_x509_crt_cpy - This function copies a gnutls_x509_crt_t structure - * @dest: The structure where to copy - * @src: The structure to be copied - * - * This function will copy an X.509 certificate structure. - * - * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a - * negative error value. - * - -*/ + * _gnutls_x509_crt_cpy - This function copies a gnutls_x509_crt_t structure + * @dest: The structure where to copy + * @src: The structure to be copied + * + * This function will copy an X.509 certificate structure. + * + * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a + * negative error value. + -*/ int _gnutls_x509_crt_cpy (gnutls_x509_crt_t dest, gnutls_x509_crt_t src) { @@ -129,12 +127,11 @@ _gnutls_x509_crt_cpy (gnutls_x509_crt_t dest, gnutls_x509_crt_t src) } /** - * gnutls_x509_crt_deinit - This function deinitializes memory used by a gnutls_x509_crt_t structure - * @cert: The structure to be initialized - * - * This function will deinitialize a CRL structure. - * - **/ + * gnutls_x509_crt_deinit - This function deinitializes memory used by a gnutls_x509_crt_t structure + * @cert: The structure to be initialized + * + * This function will deinitialize a CRL structure. + **/ void gnutls_x509_crt_deinit (gnutls_x509_crt_t cert) { @@ -148,21 +145,21 @@ gnutls_x509_crt_deinit (gnutls_x509_crt_t cert) } /** - * gnutls_x509_crt_import - This function will import a DER or PEM encoded Certificate - * @cert: The structure to store the parsed certificate. - * @data: The DER or PEM encoded certificate. - * @format: One of DER or PEM - * - * This function will convert the given DER or PEM encoded Certificate - * to the native gnutls_x509_crt_t format. The output will be stored in @cert. - * - * If the Certificate is PEM encoded it should have a header of "X509 CERTIFICATE", or - * "CERTIFICATE". - * - * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a - * negative error value. - * - **/ + * gnutls_x509_crt_import - This function will import a DER or PEM encoded Certificate + * @cert: The structure to store the parsed certificate. + * @data: The DER or PEM encoded certificate. + * @format: One of DER or PEM + * + * This function will convert the given DER or PEM encoded Certificate + * to the native gnutls_x509_crt_t format. The output will be stored + * in @cert. + * + * If the Certificate is PEM encoded it should have a header of "X509 + * CERTIFICATE", or "CERTIFICATE". + * + * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a + * negative error value. + **/ int gnutls_x509_crt_import (gnutls_x509_crt_t cert, const gnutls_datum_t * data, @@ -253,23 +250,22 @@ cleanup: /** - * gnutls_x509_crt_get_issuer_dn - This function returns the Certificate's issuer distinguished name - * @cert: should contain a #gnutls_x509_crt_t structure - * @buf: a pointer to a structure to hold the name (may be null) - * @sizeof_buf: initially holds the size of @buf - * - * This function will copy the name of the Certificate issuer in the - * provided buffer. The name will be in the form - * "C=xxxx,O=yyyy,CN=zzzz" as described in RFC2253. The output string - * will be ASCII or UTF-8 encoded, depending on the certificate data. - * - * If @buf is null then only the size will be filled. - * - * Returns: GNUTLS_E_SHORT_MEMORY_BUFFER if the provided buffer is not - * long enough, and in that case the *sizeof_buf will be updated with - * the required size. On success 0 is returned. - * - **/ + * gnutls_x509_crt_get_issuer_dn - This function returns the Certificate's issuer distinguished name + * @cert: should contain a #gnutls_x509_crt_t structure + * @buf: a pointer to a structure to hold the name (may be null) + * @sizeof_buf: initially holds the size of @buf + * + * This function will copy the name of the Certificate issuer in the + * provided buffer. The name will be in the form + * "C=xxxx,O=yyyy,CN=zzzz" as described in RFC2253. The output string + * will be ASCII or UTF-8 encoded, depending on the certificate data. + * + * If @buf is null then only the size will be filled. + * + * Returns: GNUTLS_E_SHORT_MEMORY_BUFFER if the provided buffer is not + * long enough, and in that case the *sizeof_buf will be updated with + * the required size. On success 0 is returned. + **/ int gnutls_x509_crt_get_issuer_dn (gnutls_x509_crt_t cert, char *buf, size_t * sizeof_buf) @@ -286,32 +282,31 @@ gnutls_x509_crt_get_issuer_dn (gnutls_x509_crt_t cert, char *buf, } /** - * gnutls_x509_crt_get_issuer_dn_by_oid - This function returns the Certificate's issuer distinguished name - * @cert: should contain a #gnutls_x509_crt_t structure - * @oid: holds an Object Identified in null terminated string - * @indx: In case multiple same OIDs exist in the RDN, this specifies which to send. Use zero to get the first one. - * @raw_flag: If non zero returns the raw DER data of the DN part. - * @buf: a pointer to a structure to hold the name (may be null) - * @sizeof_buf: initially holds the size of @buf - * - * This function will extract the part of the name of the Certificate - * issuer specified by the given OID. The output, if the raw flag is not - * used, will be encoded as described in RFC2253. Thus a string that is - * ASCII or UTF-8 encoded, depending on the certificate data. - * - * Some helper macros with popular OIDs can be found in gnutls/x509.h - * If raw flag is zero, this function will only return known OIDs as - * text. Other OIDs will be DER encoded, as described in RFC2253 -- - * in hex format with a '\#' prefix. You can check about known OIDs - * using gnutls_x509_dn_oid_known(). - * - * If @buf is null then only the size will be filled. - * - * Returns: GNUTLS_E_SHORT_MEMORY_BUFFER if the provided buffer is not - * long enough, and in that case the *sizeof_buf will be updated with - * the required size. On success 0 is returned. - * - **/ + * gnutls_x509_crt_get_issuer_dn_by_oid - This function returns the Certificate's issuer distinguished name + * @cert: should contain a #gnutls_x509_crt_t structure + * @oid: holds an Object Identified in null terminated string + * @indx: In case multiple same OIDs exist in the RDN, this specifies which to send. Use zero to get the first one. + * @raw_flag: If non zero returns the raw DER data of the DN part. + * @buf: a pointer to a structure to hold the name (may be null) + * @sizeof_buf: initially holds the size of @buf + * + * This function will extract the part of the name of the Certificate + * issuer specified by the given OID. The output, if the raw flag is not + * used, will be encoded as described in RFC2253. Thus a string that is + * ASCII or UTF-8 encoded, depending on the certificate data. + * + * Some helper macros with popular OIDs can be found in gnutls/x509.h + * If raw flag is zero, this function will only return known OIDs as + * text. Other OIDs will be DER encoded, as described in RFC2253 -- + * in hex format with a '\#' prefix. You can check about known OIDs + * using gnutls_x509_dn_oid_known(). + * + * If @buf is null then only the size will be filled. + * + * Returns: GNUTLS_E_SHORT_MEMORY_BUFFER if the provided buffer is not + * long enough, and in that case the *sizeof_buf will be updated + * with the required size. On success 0 is returned. + **/ int gnutls_x509_crt_get_issuer_dn_by_oid (gnutls_x509_crt_t cert, const char *oid, int indx, @@ -330,22 +325,21 @@ gnutls_x509_crt_get_issuer_dn_by_oid (gnutls_x509_crt_t cert, } /** - * gnutls_x509_crt_get_issuer_dn_oid - This function returns the Certificate's issuer distinguished name OIDs - * @cert: should contain a #gnutls_x509_crt_t structure - * @indx: This specifies which OID to return. Use zero to get the first one. - * @oid: a pointer to a buffer to hold the OID (may be null) - * @sizeof_oid: initially holds the size of @oid - * - * This function will extract the OIDs of the name of the Certificate - * issuer specified by the given index. - * - * If @oid is null then only the size will be filled. - * - * Returns: GNUTLS_E_SHORT_MEMORY_BUFFER if the provided buffer is not - * long enough, and in that case the *sizeof_oid will be updated with - * the required size. On success 0 is returned. - * - **/ + * gnutls_x509_crt_get_issuer_dn_oid - This function returns the Certificate's issuer distinguished name OIDs + * @cert: should contain a #gnutls_x509_crt_t structure + * @indx: This specifies which OID to return. Use zero to get the first one. + * @oid: a pointer to a buffer to hold the OID (may be null) + * @sizeof_oid: initially holds the size of @oid + * + * This function will extract the OIDs of the name of the Certificate + * issuer specified by the given index. + * + * If @oid is null then only the size will be filled. + * + * Returns: GNUTLS_E_SHORT_MEMORY_BUFFER if the provided buffer is not + * long enough, and in that case the *sizeof_oid will be updated + * with the required size. On success 0 is returned. + **/ int gnutls_x509_crt_get_issuer_dn_oid (gnutls_x509_crt_t cert, int indx, void *oid, size_t * sizeof_oid) @@ -362,23 +356,22 @@ gnutls_x509_crt_get_issuer_dn_oid (gnutls_x509_crt_t cert, } /** - * gnutls_x509_crt_get_dn - This function returns the Certificate's distinguished name - * @cert: should contain a #gnutls_x509_crt_t structure - * @buf: a pointer to a structure to hold the name (may be null) - * @sizeof_buf: initially holds the size of @buf - * - * This function will copy the name of the Certificate in the - * provided buffer. The name will be in the form - * "C=xxxx,O=yyyy,CN=zzzz" as described in RFC2253. The output string - * will be ASCII or UTF-8 encoded, depending on the certificate data. - * - * If @buf is null then only the size will be filled. - * - * Returns: GNUTLS_E_SHORT_MEMORY_BUFFER if the provided buffer is not - * long enough, and in that case the *sizeof_buf will be updated with - * the required size. On success 0 is returned. - * - **/ + * gnutls_x509_crt_get_dn - This function returns the Certificate's distinguished name + * @cert: should contain a #gnutls_x509_crt_t structure + * @buf: a pointer to a structure to hold the name (may be null) + * @sizeof_buf: initially holds the size of @buf + * + * This function will copy the name of the Certificate in the provided + * buffer. The name will be in the form "C=xxxx,O=yyyy,CN=zzzz" as + * described in RFC2253. The output string will be ASCII or UTF-8 + * encoded, depending on the certificate data. + * + * If @buf is null then only the size will be filled. + * + * Returns: %GNUTLS_E_SHORT_MEMORY_BUFFER if the provided buffer is not + * long enough, and in that case the *sizeof_buf will be updated + * with the required size. On success 0 is returned. + **/ int gnutls_x509_crt_get_dn (gnutls_x509_crt_t cert, char *buf, size_t * sizeof_buf) @@ -395,32 +388,31 @@ gnutls_x509_crt_get_dn (gnutls_x509_crt_t cert, char *buf, } /** - * gnutls_x509_crt_get_dn_by_oid - This function returns the Certificate's distinguished name - * @cert: should contain a #gnutls_x509_crt_t structure - * @oid: holds an Object Identified in null terminated string - * @indx: In case multiple same OIDs exist in the RDN, this specifies which to send. Use zero to get the first one. - * @raw_flag: If non zero returns the raw DER data of the DN part. - * @buf: a pointer where the DN part will be copied (may be null). - * @sizeof_buf: initially holds the size of @buf - * - * This function will extract the part of the name of the Certificate - * subject specified by the given OID. The output, if the raw flag is not - * used, will be encoded as described in RFC2253. Thus a string that is - * ASCII or UTF-8 encoded, depending on the certificate data. - * - * Some helper macros with popular OIDs can be found in gnutls/x509.h - * If raw flag is zero, this function will only return known OIDs as - * text. Other OIDs will be DER encoded, as described in RFC2253 -- - * in hex format with a '\#' prefix. You can check about known OIDs - * using gnutls_x509_dn_oid_known(). - * - * If @buf is null then only the size will be filled. - * - * Returns: GNUTLS_E_SHORT_MEMORY_BUFFER if the provided buffer is not - * long enough, and in that case the *sizeof_buf will be updated with - * the required size. On success 0 is returned. - * - **/ + * gnutls_x509_crt_get_dn_by_oid - This function returns the Certificate's distinguished name + * @cert: should contain a #gnutls_x509_crt_t structure + * @oid: holds an Object Identified in null terminated string + * @indx: In case multiple same OIDs exist in the RDN, this specifies which to send. Use zero to get the first one. + * @raw_flag: If non zero returns the raw DER data of the DN part. + * @buf: a pointer where the DN part will be copied (may be null). + * @sizeof_buf: initially holds the size of @buf + * + * This function will extract the part of the name of the Certificate + * subject specified by the given OID. The output, if the raw flag is + * not used, will be encoded as described in RFC2253. Thus a string + * that is ASCII or UTF-8 encoded, depending on the certificate data. + * + * Some helper macros with popular OIDs can be found in gnutls/x509.h + * If raw flag is zero, this function will only return known OIDs as + * text. Other OIDs will be DER encoded, as described in RFC2253 -- + * in hex format with a '\#' prefix. You can check about known OIDs + * using gnutls_x509_dn_oid_known(). + * + * If @buf is null then only the size will be filled. + * + * Returns: %GNUTLS_E_SHORT_MEMORY_BUFFER if the provided buffer is + * not long enough, and in that case the *sizeof_buf will be updated + * with the required size. On success 0 is returned. + **/ int gnutls_x509_crt_get_dn_by_oid (gnutls_x509_crt_t cert, const char *oid, int indx, unsigned int raw_flag, @@ -438,22 +430,21 @@ gnutls_x509_crt_get_dn_by_oid (gnutls_x509_crt_t cert, const char *oid, } /** - * gnutls_x509_crt_get_dn_oid - This function returns the Certificate's subject distinguished name OIDs - * @cert: should contain a #gnutls_x509_crt_t structure - * @indx: This specifies which OID to return. Use zero to get the first one. - * @oid: a pointer to a buffer to hold the OID (may be null) - * @sizeof_oid: initially holds the size of @oid - * - * This function will extract the OIDs of the name of the Certificate - * subject specified by the given index. - * - * If oid is null then only the size will be filled. - * - * Returns: GNUTLS_E_SHORT_MEMORY_BUFFER if the provided buffer is not - * long enough, and in that case the *sizeof_oid will be updated with - * the required size. On success 0 is returned. - * - **/ + * gnutls_x509_crt_get_dn_oid - This function returns the Certificate's subject distinguished name OIDs + * @cert: should contain a #gnutls_x509_crt_t structure + * @indx: This specifies which OID to return. Use zero to get the first one. + * @oid: a pointer to a buffer to hold the OID (may be null) + * @sizeof_oid: initially holds the size of @oid + * + * This function will extract the OIDs of the name of the Certificate + * subject specified by the given index. + * + * If oid is null then only the size will be filled. + * + * Returns: %GNUTLS_E_SHORT_MEMORY_BUFFER if the provided buffer is + * not long enough, and in that case the *sizeof_oid will be updated + * with the required size. On success 0 is returned. + **/ int gnutls_x509_crt_get_dn_oid (gnutls_x509_crt_t cert, int indx, void *oid, size_t * sizeof_oid) @@ -470,15 +461,15 @@ gnutls_x509_crt_get_dn_oid (gnutls_x509_crt_t cert, } /** - * gnutls_x509_crt_get_signature_algorithm - This function returns the Certificate's signature algorithm - * @cert: should contain a #gnutls_x509_crt_t structure - * - * This function will return a value of the #gnutls_sign_algorithm_t - * enumeration that is the signature algorithm. - * - * Returns: a #gnutls_sign_algorithm_t value, or a negative value on - * error. - **/ + * gnutls_x509_crt_get_signature_algorithm - This function returns the Certificate's signature algorithm + * @cert: should contain a #gnutls_x509_crt_t structure + * + * This function will return a value of the #gnutls_sign_algorithm_t + * enumeration that is the signature algorithm. + * + * Returns: a #gnutls_sign_algorithm_t value, or a negative value on + * error. + **/ int gnutls_x509_crt_get_signature_algorithm (gnutls_x509_crt_t cert) { @@ -603,15 +594,14 @@ gnutls_x509_crt_get_version (gnutls_x509_crt_t cert) } /** - * gnutls_x509_crt_get_activation_time - returns the Certificate's activation time - * @cert: should contain a #gnutls_x509_crt_t structure - * - * This function will return the time this Certificate was or will be - * activated. - * - * Returns: activation time, or (time_t)-1 on error. - * - **/ + * gnutls_x509_crt_get_activation_time - returns the Certificate's activation time + * @cert: should contain a #gnutls_x509_crt_t structure + * + * This function will return the time this Certificate was or will be + * activated. + * + * Returns: activation time, or (time_t)-1 on error. + **/ time_t gnutls_x509_crt_get_activation_time (gnutls_x509_crt_t cert) { @@ -633,7 +623,6 @@ gnutls_x509_crt_get_activation_time (gnutls_x509_crt_t cert) * expired. * * Returns: expiration time, or (time_t)-1 on error. - * **/ time_t gnutls_x509_crt_get_expiration_time (gnutls_x509_crt_t cert) @@ -649,21 +638,19 @@ gnutls_x509_crt_get_expiration_time (gnutls_x509_crt_t cert) } /** - * gnutls_x509_crt_get_serial - This function returns the certificate's serial number - * @cert: should contain a #gnutls_x509_crt_t structure - * @result: The place where the serial number will be copied - * @result_size: Holds the size of the result field. - * - * This function will return the X.509 certificate's serial number. - * This is obtained by the X509 Certificate serialNumber - * field. Serial is not always a 32 or 64bit number. Some CAs use - * large serial numbers, thus it may be wise to handle it as something - * opaque. - * - * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a - * negative error value. - * - **/ + * gnutls_x509_crt_get_serial - This function returns the certificate's serial number + * @cert: should contain a #gnutls_x509_crt_t structure + * @result: The place where the serial number will be copied + * @result_size: Holds the size of the result field. + * + * This function will return the X.509 certificate's serial number. + * This is obtained by the X509 Certificate serialNumber field. Serial + * is not always a 32 or 64bit number. Some CAs use large serial + * numbers, thus it may be wise to handle it as something opaque. + * + * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a + * negative error value. + **/ int gnutls_x509_crt_get_serial (gnutls_x509_crt_t cert, void *result, size_t * result_size) @@ -691,20 +678,19 @@ gnutls_x509_crt_get_serial (gnutls_x509_crt_t cert, void *result, } /** - * gnutls_x509_crt_get_subject_key_id - This function returns the certificate's key identifier - * @cert: should contain a #gnutls_x509_crt_t structure - * @ret: The place where the identifier will be copied - * @ret_size: Holds the size of the result field. - * @critical: will be non zero if the extension is marked as critical (may be null) - * - * This function will return the X.509v3 certificate's subject key identifier. - * This is obtained by the X.509 Subject Key identifier extension - * field (2.5.29.14). - * - * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a - * negative error value. - * - **/ + * gnutls_x509_crt_get_subject_key_id - This function returns the certificate's key identifier + * @cert: should contain a #gnutls_x509_crt_t structure + * @ret: The place where the identifier will be copied + * @ret_size: Holds the size of the result field. + * @critical: will be non zero if the extension is marked as critical (may be null) + * + * This function will return the X.509v3 certificate's subject key + * identifier. This is obtained by the X.509 Subject Key identifier + * extension field (2.5.29.14). + * + * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a + * negative error value. + **/ int gnutls_x509_crt_get_subject_key_id (gnutls_x509_crt_t cert, void *ret, size_t * ret_size, unsigned int *critical) @@ -868,21 +854,21 @@ gnutls_x509_crt_get_authority_key_id (gnutls_x509_crt_t cert, void *ret, } /** - * gnutls_x509_crt_get_pk_algorithm - return the certificate's PublicKey algorithm - * @cert: should contain a #gnutls_x509_crt_t structure - * @bits: if bits is non null it will hold the size of the parameters' in bits - * - * This function will return the public key algorithm of an X.509 - * certificate. - * - * If bits is non null, it should have enough size to hold the parameters - * size in bits. For RSA the bits returned is the modulus. - * For DSA the bits returned are of the public - * exponent. - * - * Returns: a member of the #gnutls_pk_algorithm_t enumeration on - * success, or a negative value on error. - **/ + * gnutls_x509_crt_get_pk_algorithm - return the certificate's PublicKey algorithm + * @cert: should contain a #gnutls_x509_crt_t structure + * @bits: if bits is non null it will hold the size of the parameters' in bits + * + * This function will return the public key algorithm of an X.509 + * certificate. + * + * If bits is non null, it should have enough size to hold the parameters + * size in bits. For RSA the bits returned is the modulus. + * For DSA the bits returned are of the public + * exponent. + * + * Returns: a member of the #gnutls_pk_algorithm_t enumeration on + * success, or a negative value on error. + **/ int gnutls_x509_crt_get_pk_algorithm (gnutls_x509_crt_t cert, unsigned int *bits) { @@ -1192,38 +1178,38 @@ get_alt_name (gnutls_x509_crt_t cert, const char *extension_id, } /** - * gnutls_x509_crt_get_subject_alt_name - Get certificate's alternative name, if any - * @cert: should contain a #gnutls_x509_crt_t structure - * @seq: specifies the sequence number of the alt name (0 for the first one, 1 for the second etc.) - * @ret: is the place where the alternative name will be copied to - * @ret_size: holds the size of ret. - * @critical: will be non zero if the extension is marked as critical (may be null) - * - * This function will return the alternative names, contained in the - * given certificate. - * - * This is specified in X509v3 Certificate Extensions. GNUTLS will - * return the Alternative name (2.5.29.17), or a negative error code. - * - * When the SAN type is otherName, it will extract the data in the - * otherName's value field, and %GNUTLS_SAN_OTHERNAME is returned. - * You may use gnutls_x509_crt_get_subject_alt_othername_oid() to get - * the corresponding OID and the "virtual" SAN types (e.g., - * %GNUTLS_SAN_OTHERNAME_XMPP). - * - * If an otherName OID is known, the data will be decoded. Otherwise - * the returned data will be DER encoded, and you will have to decode - * it yourself. Currently, only the RFC 3920 id-on-xmppAddr SAN is - * recognized. - * - * Returns: the alternative subject name type on success, one of the - * enumerated #gnutls_x509_subject_alt_name_t. It will return - * %GNUTLS_E_SHORT_MEMORY_BUFFER if @ret_size is not large enough - * to hold the value. In that case @ret_size will be updated with - * the required size. If the certificate does not have an - * Alternative name with the specified sequence number then - * %GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE is returned. - **/ + * gnutls_x509_crt_get_subject_alt_name - Get certificate's alternative name, if any + * @cert: should contain a #gnutls_x509_crt_t structure + * @seq: specifies the sequence number of the alt name (0 for the first one, 1 for the second etc.) + * @ret: is the place where the alternative name will be copied to + * @ret_size: holds the size of ret. + * @critical: will be non zero if the extension is marked as critical (may be null) + * + * This function will return the alternative names, contained in the + * given certificate. + * + * This is specified in X509v3 Certificate Extensions. GNUTLS will + * return the Alternative name (2.5.29.17), or a negative error code. + * + * When the SAN type is otherName, it will extract the data in the + * otherName's value field, and %GNUTLS_SAN_OTHERNAME is returned. + * You may use gnutls_x509_crt_get_subject_alt_othername_oid() to get + * the corresponding OID and the "virtual" SAN types (e.g., + * %GNUTLS_SAN_OTHERNAME_XMPP). + * + * If an otherName OID is known, the data will be decoded. Otherwise + * the returned data will be DER encoded, and you will have to decode + * it yourself. Currently, only the RFC 3920 id-on-xmppAddr SAN is + * recognized. + * + * Returns: the alternative subject name type on success, one of the + * enumerated #gnutls_x509_subject_alt_name_t. It will return + * %GNUTLS_E_SHORT_MEMORY_BUFFER if @ret_size is not large enough to + * hold the value. In that case @ret_size will be updated with the + * required size. If the certificate does not have an Alternative + * name with the specified sequence number then + * %GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE is returned. + **/ int gnutls_x509_crt_get_subject_alt_name (gnutls_x509_crt_t cert, unsigned int seq, void *ret, @@ -1235,41 +1221,40 @@ gnutls_x509_crt_get_subject_alt_name (gnutls_x509_crt_t cert, } /** - * gnutls_x509_crt_get_issuer_alt_name - Get certificate's issuer alternative name, if any - * @cert: should contain a #gnutls_x509_crt_t structure - * @seq: specifies the sequence number of the alt name (0 for the first one, 1 for the second etc.) - * @ret: is the place where the alternative name will be copied to - * @ret_size: holds the size of ret. - * @critical: will be non zero if the extension is marked as critical (may be null) - * - * This function will return the issuer alternative names, contained in the - * given certificate. - * - * This is specified in X509v3 Certificate Extensions. GNUTLS will - * return the Isssuer Alternative name (2.5.29.18), or a negative error code. - * - * When the SAN type is otherName, it will extract the data in the - * otherName's value field, and %GNUTLS_SAN_OTHERNAME is returned. - * You may use gnutls_x509_crt_get_subject_alt_othername_oid() to get - * the corresponding OID and the "virtual" SAN types (e.g., - * %GNUTLS_SAN_OTHERNAME_XMPP). - * - * If an otherName OID is known, the data will be decoded. Otherwise - * the returned data will be DER encoded, and you will have to decode - * it yourself. Currently, only the RFC 3920 id-on-xmppAddr Issuer AltName - * is recognized. - * - * Returns: the alternative issuer name type on success, one of the - * enumerated #gnutls_x509_subject_alt_name_t. It will return - * %GNUTLS_E_SHORT_MEMORY_BUFFER if @ret_size is not large enough - * to hold the value. In that case @ret_size will be updated with - * the required size. If the certificate does not have an - * Alternative name with the specified sequence number then - * %GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE is returned. - * - * Since: 2.10.0 - * - **/ + * gnutls_x509_crt_get_issuer_alt_name - Get certificate's issuer alternative name, if any + * @cert: should contain a #gnutls_x509_crt_t structure + * @seq: specifies the sequence number of the alt name (0 for the first one, 1 for the second etc.) + * @ret: is the place where the alternative name will be copied to + * @ret_size: holds the size of ret. + * @critical: will be non zero if the extension is marked as critical (may be null) + * + * This function will return the issuer alternative names, contained in the + * given certificate. + * + * This is specified in X509v3 Certificate Extensions. GNUTLS will + * return the Isssuer Alternative name (2.5.29.18), or a negative error code. + * + * When the SAN type is otherName, it will extract the data in the + * otherName's value field, and %GNUTLS_SAN_OTHERNAME is returned. + * You may use gnutls_x509_crt_get_subject_alt_othername_oid() to get + * the corresponding OID and the "virtual" SAN types (e.g., + * %GNUTLS_SAN_OTHERNAME_XMPP). + * + * If an otherName OID is known, the data will be decoded. Otherwise + * the returned data will be DER encoded, and you will have to decode + * it yourself. Currently, only the RFC 3920 id-on-xmppAddr Issuer + * AltName is recognized. + * + * Returns: the alternative issuer name type on success, one of the + * enumerated #gnutls_x509_subject_alt_name_t. It will return + * %GNUTLS_E_SHORT_MEMORY_BUFFER if @ret_size is not large enough + * to hold the value. In that case @ret_size will be updated with + * the required size. If the certificate does not have an + * Alternative name with the specified sequence number then + * %GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE is returned. + * + * Since: 2.10.0 + **/ int gnutls_x509_crt_get_issuer_alt_name (gnutls_x509_crt_t cert, unsigned int seq, void *ret, @@ -1516,24 +1501,24 @@ gnutls_x509_crt_get_ca_status (gnutls_x509_crt_t cert, unsigned int *critical) } /** - * gnutls_x509_crt_get_key_usage - return the certificate's key usage - * @cert: should contain a #gnutls_x509_crt_t structure - * @key_usage: where the key usage bits will be stored - * @critical: will be non zero if the extension is marked as critical - * - * This function will return certificate's key usage, by reading the - * keyUsage X.509 extension (2.5.29.15). The key usage value will - * ORed values of the: %GNUTLS_KEY_DIGITAL_SIGNATURE, - * %GNUTLS_KEY_NON_REPUDIATION, %GNUTLS_KEY_KEY_ENCIPHERMENT, - * %GNUTLS_KEY_DATA_ENCIPHERMENT, %GNUTLS_KEY_KEY_AGREEMENT, - * %GNUTLS_KEY_KEY_CERT_SIGN, %GNUTLS_KEY_CRL_SIGN, - * %GNUTLS_KEY_ENCIPHER_ONLY, %GNUTLS_KEY_DECIPHER_ONLY. - * - * Returns: the certificate key usage, or a negative value in case of - * parsing error. If the certificate does not contain the keyUsage - * extension %GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE will be returned. - * - **/ + * gnutls_x509_crt_get_key_usage - return the certificate's key usage + * @cert: should contain a #gnutls_x509_crt_t structure + * @key_usage: where the key usage bits will be stored + * @critical: will be non zero if the extension is marked as critical + * + * This function will return certificate's key usage, by reading the + * keyUsage X.509 extension (2.5.29.15). The key usage value will ORed + * values of the: %GNUTLS_KEY_DIGITAL_SIGNATURE, + * %GNUTLS_KEY_NON_REPUDIATION, %GNUTLS_KEY_KEY_ENCIPHERMENT, + * %GNUTLS_KEY_DATA_ENCIPHERMENT, %GNUTLS_KEY_KEY_AGREEMENT, + * %GNUTLS_KEY_KEY_CERT_SIGN, %GNUTLS_KEY_CRL_SIGN, + * %GNUTLS_KEY_ENCIPHER_ONLY, %GNUTLS_KEY_DECIPHER_ONLY. + * + * Returns: the certificate key usage, or a negative value in case of + * parsing error. If the certificate does not contain the keyUsage + * extension %GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE will be + * returned. + **/ int gnutls_x509_crt_get_key_usage (gnutls_x509_crt_t cert, unsigned int *key_usage, @@ -2112,21 +2097,21 @@ gnutls_x509_dn_get_rdn_ava (gnutls_x509_dn_t dn, } /** - * gnutls_x509_crt_get_fingerprint - This function returns the Certificate's fingerprint - * @cert: should contain a #gnutls_x509_crt_t structure - * @algo: is a digest algorithm - * @buf: a pointer to a structure to hold the fingerprint (may be null) - * @sizeof_buf: initially holds the size of @buf - * - * This function will calculate and copy the certificate's fingerprint - * in the provided buffer. - * - * If the buffer is null then only the size will be filled. - * - * Returns: %GNUTLS_E_SHORT_MEMORY_BUFFER if the provided buffer is - * not long enough, and in that case the *sizeof_buf will be updated - * with the required size. On success 0 is returned. - **/ + * gnutls_x509_crt_get_fingerprint - This function returns the Certificate's fingerprint + * @cert: should contain a #gnutls_x509_crt_t structure + * @algo: is a digest algorithm + * @buf: a pointer to a structure to hold the fingerprint (may be null) + * @sizeof_buf: initially holds the size of @buf + * + * This function will calculate and copy the certificate's fingerprint + * in the provided buffer. + * + * If the buffer is null then only the size will be filled. + * + * Returns: %GNUTLS_E_SHORT_MEMORY_BUFFER if the provided buffer is + * not long enough, and in that case the *sizeof_buf will be updated + * with the required size. On success 0 is returned. + **/ int gnutls_x509_crt_get_fingerprint (gnutls_x509_crt_t cert, gnutls_digest_algorithm_t algo, @@ -2171,25 +2156,25 @@ gnutls_x509_crt_get_fingerprint (gnutls_x509_crt_t cert, } /** - * gnutls_x509_crt_export - This function will export the certificate - * @cert: Holds the certificate - * @format: the format of output params. One of PEM or DER. - * @output_data: will contain a certificate PEM or DER encoded - * @output_data_size: holds the size of output_data (and will be - * replaced by the actual size of parameters) - * - * This function will export the certificate to DER or PEM format. - * - * If the buffer provided is not long enough to hold the output, then - * *output_data_size is updated and GNUTLS_E_SHORT_MEMORY_BUFFER will - * be returned. - * - * If the structure is PEM encoded, it will have a header - * of "BEGIN CERTIFICATE". - * - * Return value: In case of failure a negative value will be - * returned, and 0 on success. - **/ + * gnutls_x509_crt_export - This function will export the certificate + * @cert: Holds the certificate + * @format: the format of output params. One of PEM or DER. + * @output_data: will contain a certificate PEM or DER encoded + * @output_data_size: holds the size of output_data (and will be + * replaced by the actual size of parameters) + * + * This function will export the certificate to DER or PEM format. + * + * If the buffer provided is not long enough to hold the output, then + * *output_data_size is updated and GNUTLS_E_SHORT_MEMORY_BUFFER will + * be returned. + * + * If the structure is PEM encoded, it will have a header + * of "BEGIN CERTIFICATE". + * + * Return value: In case of failure a negative value will be + * returned, and 0 on success. + **/ int gnutls_x509_crt_export (gnutls_x509_crt_t cert, gnutls_x509_crt_fmt_t format, void *output_data, @@ -2272,25 +2257,25 @@ cleanup: } /** - * gnutls_x509_crt_get_key_id - Return unique ID of public key's parameters - * @crt: Holds the certificate - * @flags: should be 0 for now - * @output_data: will contain the key ID - * @output_data_size: holds the size of output_data (and will be - * replaced by the actual size of parameters) - * - * This function will return a unique ID the depends on the public - * key parameters. This ID can be used in checking whether a - * certificate corresponds to the given private key. - * - * If the buffer provided is not long enough to hold the output, then - * *output_data_size is updated and GNUTLS_E_SHORT_MEMORY_BUFFER will - * be returned. The output will normally be a SHA-1 hash output, - * which is 20 bytes. - * - * Return value: In case of failure a negative value will be - * returned, and 0 on success. - **/ + * gnutls_x509_crt_get_key_id - Return unique ID of public key's parameters + * @crt: Holds the certificate + * @flags: should be 0 for now + * @output_data: will contain the key ID + * @output_data_size: holds the size of output_data (and will be + * replaced by the actual size of parameters) + * + * This function will return a unique ID the depends on the public + * key parameters. This ID can be used in checking whether a + * certificate corresponds to the given private key. + * + * If the buffer provided is not long enough to hold the output, then + * *output_data_size is updated and GNUTLS_E_SHORT_MEMORY_BUFFER will + * be returned. The output will normally be a SHA-1 hash output, + * which is 20 bytes. + * + * Return value: In case of failure a negative value will be + * returned, and 0 on success. + **/ int gnutls_x509_crt_get_key_id (gnutls_x509_crt_t crt, unsigned int flags, unsigned char *output_data, @@ -2366,17 +2351,17 @@ gnutls_x509_crt_get_key_id (gnutls_x509_crt_t crt, unsigned int flags, #ifdef ENABLE_PKI /** - * gnutls_x509_crt_check_revocation - This function checks if the given certificate is revoked - * @cert: should contain a #gnutls_x509_crt_t structure - * @crl_list: should contain a list of gnutls_x509_crl_t structures - * @crl_list_length: the length of the crl_list - * - * This function will return check if the given certificate is - * revoked. It is assumed that the CRLs have been verified before. - * - * Returns: 0 if the certificate is NOT revoked, and 1 if it is. A - * negative value is returned on error. - **/ + * gnutls_x509_crt_check_revocation - This function checks if the given certificate is revoked + * @cert: should contain a #gnutls_x509_crt_t structure + * @crl_list: should contain a list of gnutls_x509_crl_t structures + * @crl_list_length: the length of the crl_list + * + * This function will return check if the given certificate is + * revoked. It is assumed that the CRLs have been verified before. + * + * Returns: 0 if the certificate is NOT revoked, and 1 if it is. A + * negative value is returned on error. + **/ int gnutls_x509_crt_check_revocation (gnutls_x509_crt_t cert, const gnutls_x509_crl_t * crl_list, @@ -2574,39 +2559,39 @@ gnutls_x509_crt_verify_hash (gnutls_x509_crt_t crt, unsigned int flags, } /** - * gnutls_x509_crt_get_crl_dist_points - This function returns the CRL distribution points - * @cert: should contain a #gnutls_x509_crt_t structure - * @seq: specifies the sequence number of the distribution point (0 for the first one, 1 for the second etc.) - * @ret: is the place where the distribution point will be copied to - * @ret_size: holds the size of ret. - * @reason_flags: Revocation reasons flags. - * @critical: will be non zero if the extension is marked as critical (may be null) - * - * This function will return the CRL distribution points (2.5.29.31), - * contained in the given certificate. - * - * @reason_flags should be an ORed sequence of - * GNUTLS_CRL_REASON_UNUSED, GNUTLS_CRL_REASON_KEY_COMPROMISE, - * GNUTLS_CRL_REASON_CA_COMPROMISE, - * GNUTLS_CRL_REASON_AFFILIATION_CHANGED, - * GNUTLS_CRL_REASON_SUPERSEEDED, - * GNUTLS_CRL_REASON_CESSATION_OF_OPERATION, - * GNUTLS_CRL_REASON_CERTIFICATE_HOLD, - * GNUTLS_CRL_REASON_PRIVILEGE_WITHDRAWN, - * GNUTLS_CRL_REASON_AA_COMPROMISE, or zero for all possible reasons. - * - * This is specified in X509v3 Certificate Extensions. GNUTLS will - * return the distribution point type, or a negative error code on - * error. - * - * Returns: %GNUTLS_E_SHORT_MEMORY_BUFFER and updates &@ret_size if - * &@ret_size is not enough to hold the distribution point, or the - * type of the distribution point if everything was ok. The type is - * one of the enumerated %gnutls_x509_subject_alt_name_t. If the - * certificate does not have an Alternative name with the specified - * sequence number then %GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE is - * returned. - **/ + * gnutls_x509_crt_get_crl_dist_points - This function returns the CRL distribution points + * @cert: should contain a #gnutls_x509_crt_t structure + * @seq: specifies the sequence number of the distribution point (0 for the first one, 1 for the second etc.) + * @ret: is the place where the distribution point will be copied to + * @ret_size: holds the size of ret. + * @reason_flags: Revocation reasons flags. + * @critical: will be non zero if the extension is marked as critical (may be null) + * + * This function will return the CRL distribution points (2.5.29.31), + * contained in the given certificate. + * + * @reason_flags should be an ORed sequence of + * %GNUTLS_CRL_REASON_UNUSED, %GNUTLS_CRL_REASON_KEY_COMPROMISE, + * %GNUTLS_CRL_REASON_CA_COMPROMISE, + * %GNUTLS_CRL_REASON_AFFILIATION_CHANGED, + * %GNUTLS_CRL_REASON_SUPERSEEDED, + * %GNUTLS_CRL_REASON_CESSATION_OF_OPERATION, + * %GNUTLS_CRL_REASON_CERTIFICATE_HOLD, + * %GNUTLS_CRL_REASON_PRIVILEGE_WITHDRAWN, + * %GNUTLS_CRL_REASON_AA_COMPROMISE, or zero for all possible reasons. + * + * This is specified in X509v3 Certificate Extensions. GNUTLS will + * return the distribution point type, or a negative error code on + * error. + * + * Returns: %GNUTLS_E_SHORT_MEMORY_BUFFER and updates &@ret_size if + * &@ret_size is not enough to hold the distribution point, or the + * type of the distribution point if everything was ok. The type is + * one of the enumerated %gnutls_x509_subject_alt_name_t. If the + * certificate does not have an Alternative name with the specified + * sequence number then %GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE is + * returned. + **/ int gnutls_x509_crt_get_crl_dist_points (gnutls_x509_crt_t cert, unsigned int seq, void *ret, @@ -2709,24 +2694,24 @@ gnutls_x509_crt_get_crl_dist_points (gnutls_x509_crt_t cert, } /** - * gnutls_x509_crt_get_key_purpose_oid - This function returns the Certificate's key purpose OIDs - * @cert: should contain a #gnutls_x509_crt_t structure - * @indx: This specifies which OID to return. Use zero to get the first one. - * @oid: a pointer to a buffer to hold the OID (may be null) - * @sizeof_oid: initially holds the size of @oid - * @critical: output flag to indicate criticality of extension - * - * This function will extract the key purpose OIDs of the Certificate - * specified by the given index. These are stored in the Extended - * Key Usage extension (2.5.29.37) See the GNUTLS_KP_* definitions - * for human readable names. - * - * If @oid is null then only the size will be filled. - * - * Returns: %GNUTLS_E_SHORT_MEMORY_BUFFER if the provided buffer is - * not long enough, and in that case the *sizeof_oid will be - * updated with the required size. On success 0 is returned. - **/ + * gnutls_x509_crt_get_key_purpose_oid - This function returns the Certificate's key purpose OIDs + * @cert: should contain a #gnutls_x509_crt_t structure + * @indx: This specifies which OID to return. Use zero to get the first one. + * @oid: a pointer to a buffer to hold the OID (may be null) + * @sizeof_oid: initially holds the size of @oid + * @critical: output flag to indicate criticality of extension + * + * This function will extract the key purpose OIDs of the Certificate + * specified by the given index. These are stored in the Extended Key + * Usage extension (2.5.29.37) See the GNUTLS_KP_* definitions for + * human readable names. + * + * If @oid is null then only the size will be filled. + * + * Returns: %GNUTLS_E_SHORT_MEMORY_BUFFER if the provided buffer is + * not long enough, and in that case the *sizeof_oid will be updated + * with the required size. On success 0 is returned. + **/ int gnutls_x509_crt_get_key_purpose_oid (gnutls_x509_crt_t cert, int indx, void *oid, size_t * sizeof_oid, @@ -2807,17 +2792,17 @@ gnutls_x509_crt_get_key_purpose_oid (gnutls_x509_crt_t cert, } /** - * gnutls_x509_crt_get_pk_rsa_raw - This function will export the RSA public key - * @crt: Holds the certificate - * @m: will hold the modulus - * @e: will hold the public exponent - * - * This function will export the RSA public key's parameters found in - * the given structure. The new parameters will be allocated using - * gnutls_malloc() and will be stored in the appropriate datum. - * - * Returns: %GNUTLS_E_SUCCESS on success, otherwise an error. - **/ + * gnutls_x509_crt_get_pk_rsa_raw - This function will export the RSA public key + * @crt: Holds the certificate + * @m: will hold the modulus + * @e: will hold the public exponent + * + * This function will export the RSA public key's parameters found in + * the given structure. The new parameters will be allocated using + * gnutls_malloc() and will be stored in the appropriate datum. + * + * Returns: %GNUTLS_E_SUCCESS on success, otherwise an error. + **/ int gnutls_x509_crt_get_pk_rsa_raw (gnutls_x509_crt_t crt, gnutls_datum_t * m, gnutls_datum_t * e) @@ -2873,19 +2858,19 @@ cleanup: } /** - * gnutls_x509_crt_get_pk_dsa_raw - This function will export the DSA public key - * @crt: Holds the certificate - * @p: will hold the p - * @q: will hold the q - * @g: will hold the g - * @y: will hold the y - * - * This function will export the DSA public key's parameters found in - * the given certificate. The new parameters will be allocated using - * gnutls_malloc() and will be stored in the appropriate datum. - * - * Returns: %GNUTLS_E_SUCCESS on success, otherwise an error. - **/ + * gnutls_x509_crt_get_pk_dsa_raw - This function will export the DSA public key + * @crt: Holds the certificate + * @p: will hold the p + * @q: will hold the q + * @g: will hold the g + * @y: will hold the y + * + * This function will export the DSA public key's parameters found in + * the given certificate. The new parameters will be allocated using + * gnutls_malloc() and will be stored in the appropriate datum. + * + * Returns: %GNUTLS_E_SUCCESS on success, otherwise an error. + **/ int gnutls_x509_crt_get_pk_dsa_raw (gnutls_x509_crt_t crt, gnutls_datum_t * p, gnutls_datum_t * q, @@ -2971,22 +2956,22 @@ cleanup: #endif /** - * gnutls_x509_crt_list_import - This function will import a PEM encoded certificate list - * @certs: The structures to store the parsed certificate. Must not be initialized. - * @cert_max: Initially must hold the maximum number of certs. It will be updated with the number of certs available. - * @data: The PEM encoded certificate. - * @format: One of DER or PEM. - * @flags: must be zero or an OR'd sequence of gnutls_certificate_import_flags. - * - * This function will convert the given PEM encoded certificate list - * to the native gnutls_x509_crt_t format. The output will be stored - * in @certs. They will be automatically initialized. - * - * If the Certificate is PEM encoded it should have a header of "X509 - * CERTIFICATE", or "CERTIFICATE". - * - * Returns: the number of certificates read or a negative error value. - **/ + * gnutls_x509_crt_list_import - This function will import a PEM encoded certificate list + * @certs: The structures to store the parsed certificate. Must not be initialized. + * @cert_max: Initially must hold the maximum number of certs. It will be updated with the number of certs available. + * @data: The PEM encoded certificate. + * @format: One of DER or PEM. + * @flags: must be zero or an OR'd sequence of gnutls_certificate_import_flags. + * + * This function will convert the given PEM encoded certificate list + * to the native gnutls_x509_crt_t format. The output will be stored + * in @certs. They will be automatically initialized. + * + * If the Certificate is PEM encoded it should have a header of "X509 + * CERTIFICATE", or "CERTIFICATE". + * + * Returns: the number of certificates read or a negative error value. + **/ int gnutls_x509_crt_list_import (gnutls_x509_crt_t * certs, unsigned int *cert_max, diff --git a/lib/x509/x509_write.c b/lib/x509/x509_write.c index 908f41a8e9..c1928f6b74 100644 --- a/lib/x509/x509_write.c +++ b/lib/x509/x509_write.c @@ -207,18 +207,18 @@ gnutls_x509_crt_set_version (gnutls_x509_crt_t crt, unsigned int version) } /** - * gnutls_x509_crt_set_key - This function will associate the Certificate with a key - * @crt: a certificate of type #gnutls_x509_crt_t - * @key: holds a private key - * - * This function will set the public parameters from the given - * private key to the certificate. Only RSA keys are currently - * supported. - * - * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a - * negative error value. - * - **/ + * gnutls_x509_crt_set_key - This function will associate the Certificate with a key + * @crt: a certificate of type #gnutls_x509_crt_t + * @key: holds a private key + * + * This function will set the public parameters from the given + * private key to the certificate. Only RSA keys are currently + * supported. + * + * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a + * negative error value. + * + **/ int gnutls_x509_crt_set_key (gnutls_x509_crt_t crt, gnutls_x509_privkey_t key) { |