1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
|
This may not be complete yet. Check at gnutls.h for current information.
All functions return >=0 if everything is ok, or a negative value in case
of a failure.
int gnutls_init(GNUTLS_STATE * state, ConnectionEnd con_end);
This function just initializes a gnutls state to null.
int gnutls_deinit(GNUTLS_STATE * state);
This function clears all buffers associated with the state.
int gnutls_handshake(int cd, GNUTLS_STATE state);
This function does the handshake of the TLS/SSL protocol.
It accepts a TCP connection descriptor and a GNUTLS state.
This function will fail if any problem is encountered,
and the connection should be terminated.
int gnutls_handshake_begin(int cd, GNUTLS_STATE state);
This function does the handshake of the TLS/SSL protocol.
This function will fail if any problem is encountered.
However this failure will not be fatal. You may choose to
continue the handshake - eg. even if the certificate cannot
be verified- by calling gnutls_handshake_finish()
int gnutls_handshake_finish(int cd, GNUTLS_STATE state);
This function does the final stuff of the handshake protocol.
This function will fail if any problem is encountered.
int gnutls_close(int cd, GNUTLS_STATE state);
Terminates the current TLS/SSL connection. If it returns 0
you may continue using the TCP connection.
BulkCipherAlgorithm gnutls_get_current_cipher( GNUTLS_STATE state);
Returns the currently used cipher.
char *_gnutls_cipher_get_name(BulkCipherAlgorithm);
Returns a malloc'ed string with the name of the algorithm;
MACAlgorithm gnutls_get_current_mac_algorithm( GNUTLS_STATE state);
Returns the mac algorithm used.
char *_gnutls_mac_get_name(MACAlgorithm);
Returns a malloc'ed string with the name of the algorithm;
CompressionMethod gnutls_get_current_compression_method( GNUTLS_STATE state);
Returns the compression algorithm used.
char *_gnutls_compression_get_name(CompressionMethod);
Returns a malloc'ed string with the name of the algorithm;
int gnutls_is_fatal_error( int error);
If a function returns a negative value you may feed that value
to this function to see if it is fatal. Returns 1 for a fatal
error 0 otherwise.
void gnutls_perror( int error);
char* gnutls_strerror(int error);
These funtions are like perror() and strerror().
gnutls_strerror() returns a malloc'ed value thus it must be
freed.
ssize_t gnutls_write(int cd, GNUTLS_STATE state, void* data, int sizeofdata);
This function has the same semantics as write() has. The only
difference is that is accepts a GNUTLS state.
ssize_t gnutls_read(int cd, GNUTLS_STATE state, void* data, int sizeofdata);
This function has the same semantics as read() has. The only
difference is that is accepts a GNUTLS state.
ssize_t gnutls_recv(int cd, GNUTLS_STATE state, void* data, int sizeofdata, int flags);
This function has the same semantics as recv() has. The only
difference is that is accepts a GNUTLS state. However the
only acceptable flag is currently MSG_DONTWAIT. In that case, or
if the socket is set to non blocking IO it will return GNUTLS_E_AGAIN,
if there no data in the socket.
ssize_t gnutls_send(int cd, GNUTLS_STATE state, void* data, int sizeofdata, int flags);
This function has the same semantics as send() has. The only
difference is that is accepts a GNUTLS state. Currently flags cannot
be anything except 0.
int gnutls_check_pending(GNUTLS_STATE state);
This function checks if there are any data to receive
in the gnutls buffers. Returns the size of that data or 0.
Notice that you may use select to check for data in
the TCP connection, instead of this function.
void gnutls_set_cipher_priority( GNUTLS_STATE state, int num, ...);
Sets the priority on the ciphers supported by gnutls. The num
is the number of the ciphers specified. After num you should
specify the ciphers you want.
Note that the priority is set on the client. The server does
not use that except for disabling algorithms that were not
specified.
void gnutls_set_kx_priority( GNUTLS_STATE state, int num, ...);
like gnutls_set_cipher_priority, but for key exchange methods.
void gnutls_set_mac_priority( GNUTLS_STATE state, int num, ...);
like gnutls_set_cipher_priority, but for mac algorithms.
void gnutls_set_compression_priority( GNUTLS_STATE state, int num, ...);
like gnutls_set_cipher_priority, but for compression algorithms.
void gnutls_set_current_version(GNUTLS_STATE state, GNUTLS_Version version);
Sets the current SSL/TLS version. Accepted values are GNUTLS_SSL3
and GNUTLS_TLS1.
int gnutls_get_current_session_id( GNUTLS_STATE state, void* session, int *session_size);
Returns the session id. This can be used if you want to check if
the next session you tried to resume was actually resumed.
(resumed sessions have the same sessionID with the first session)
int gnutls_get_current_session( GNUTLS_STATE state, void* session, int *session_size);
Returns all session parameters - in order to support resuming.
The client should call this - and keep the returned session - if he wants to
resume that current version later by calling gnutls_set_current_session().
This function must be called after a successful handshake.
int gnutls_set_current_session( GNUTLS_STATE state, void* session, int session_size);
Sets all session parameters - in order to support resuming
session must be the one returned by get_current_session();
This function should be called before gnutls_handshake_begin.
Keep in mind that session resuming is advisory. The server may
choose not to resume the session, thus a full handshake will be
performed.
int gnutls_set_lowat( GNUTLS_STATE state, int num);
Used to set the lowat value in order for select to check
if there are pending data to socket buffer. Used only
if you have changed the default low water value (default is 1).
Normally you will not need that function.
int gnutls_set_cache_expiration( GNUTLS_STATE state, int seconds);
Sets the expiration time for resumed sessions.
int gnutls_set_db_name( GNUTLS_STATE state, char* filename);
Sets the name of the (gdbm) database to be used to keep
the sessions to be resumed.
int gnutls_clean_db( GNUTLS_STATE state);
Deletes all the records in the db. This db may become huge
if this is not called.
|
