[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU gnutls branch, master, updated. gnutls_2_9_9-127-g0ead62f
|
From: |
Simon Josefsson |
|
Subject: |
[SCM] GNU gnutls branch, master, updated. gnutls_2_9_9-127-g0ead62f |
|
Date: |
Wed, 17 Feb 2010 16:13:04 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".
http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=0ead62fd606b48a3751c8c8f17bdec97f9261a7e
The branch, master has been updated
via 0ead62fd606b48a3751c8c8f17bdec97f9261a7e (commit)
via 26beb2b1dae4f106fe9e961c979c7ebcec62093e (commit)
via 9ef7627206a993644f136cb8524009bd7a7b79f3 (commit)
via 18e9523fa00db8854378c23fb672418513e8760f (commit)
via 2d77f6a1be61e43bb3baec5f136fb1c4a3b36986 (commit)
via 138e2872c40a2032039abdb13e6be66800bd4039 (commit)
via a77c23b9b484dcc3cb7782e361ed3847f711a287 (commit)
from 065e0148db9699eeda5c134c742669bac316938c (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 0ead62fd606b48a3751c8c8f17bdec97f9261a7e
Author: Simon Josefsson <address@hidden>
Date: Wed Feb 17 17:13:01 2010 +0100
Doc fix.
commit 26beb2b1dae4f106fe9e961c979c7ebcec62093e
Author: Simon Josefsson <address@hidden>
Date: Wed Feb 17 17:11:27 2010 +0100
More enum documentation.
commit 9ef7627206a993644f136cb8524009bd7a7b79f3
Author: Simon Josefsson <address@hidden>
Date: Wed Feb 17 17:02:37 2010 +0100
Document more.
commit 18e9523fa00db8854378c23fb672418513e8760f
Author: Simon Josefsson <address@hidden>
Date: Wed Feb 17 17:01:36 2010 +0100
Document more.
commit 2d77f6a1be61e43bb3baec5f136fb1c4a3b36986
Author: Simon Josefsson <address@hidden>
Date: Wed Feb 17 16:59:59 2010 +0100
Document enum.
commit 138e2872c40a2032039abdb13e6be66800bd4039
Author: Simon Josefsson <address@hidden>
Date: Wed Feb 17 16:56:55 2010 +0100
More enum.
commit a77c23b9b484dcc3cb7782e361ed3847f711a287
Author: Simon Josefsson <address@hidden>
Date: Wed Feb 17 16:53:47 2010 +0100
Fix typo.
-----------------------------------------------------------------------
Summary of changes:
lib/includes/gnutls/gnutls.h.in | 28 +++++---
lib/includes/gnutls/openpgp.h | 14 +++-
lib/includes/gnutls/pkcs12.h | 29 ++++++--
lib/includes/gnutls/x509.h | 145 +++++++++++++++++++++----------------
libextra/gnutls_ia.c | 6 +-
libextra/includes/gnutls/extra.h | 18 ++++--
6 files changed, 147 insertions(+), 93 deletions(-)
diff --git a/lib/includes/gnutls/gnutls.h.in b/lib/includes/gnutls/gnutls.h.in
index 872b3d3..e5d5c60 100644
--- a/lib/includes/gnutls/gnutls.h.in
+++ b/lib/includes/gnutls/gnutls.h.in
@@ -518,9 +518,9 @@ extern "C" {
{
GNUTLS_SIGN_UNKNOWN = 0,
GNUTLS_SIGN_RSA_SHA1 = 1,
- GNUTLS_SIGN_RSA_SHA = GNUTLS_SIGN_RSA_SHA1
+ GNUTLS_SIGN_RSA_SHA = GNUTLS_SIGN_RSA_SHA1,
GNUTLS_SIGN_DSA_SHA1 = 2,
- GNUTLS_SIGN_DSA_SHA = GNUTLS_SIGN_DSA_SHA1
+ GNUTLS_SIGN_DSA_SHA = GNUTLS_SIGN_DSA_SHA1,
GNUTLS_SIGN_RSA_MD5 = 3,
GNUTLS_SIGN_RSA_MD2 = 4,
GNUTLS_SIGN_RSA_RMD160 = 5,
@@ -697,17 +697,25 @@ extern "C" {
typedef int (*gnutls_ext_send_func) (gnutls_session_t session,
unsigned char *data, size_t len);
- /* This flag indicates for an extension whether
- * it is useful to application level or TLS level only.
- * This is (only) used to parse the application level extensions
- * before the user_hello callback is called.
+ /**
+ * gnutls_ext_parse_type_t:
+ * @GNUTLS_EXT_ANY: Any extension type.
+ * @GNUTLS_EXT_APPLICATION: Application extension.
+ * @GNUTLS_EXT_TLS: TLS-internal extension.
+ * @GNUTLS_EXT_RESUMED: Extension parsed even if resuming.
+ *
+ * Enumeration of different TLS extension types. This flag
+ * indicates for an extension whether it is useful to application
+ * level or TLS level only. This is (only) used to parse the
+ * application level extensions before the "client_hello" callback
+ * is called.
*/
typedef enum
{
- GNUTLS_EXT_ANY,
- GNUTLS_EXT_APPLICATION,
- GNUTLS_EXT_TLS,
- GNUTLS_EXT_RESUMED, /* parse even if resuming */
+ GNUTLS_EXT_ANY = 0,
+ GNUTLS_EXT_APPLICATION = 1,
+ GNUTLS_EXT_TLS = 2,
+ GNUTLS_EXT_RESUMED = 3
} gnutls_ext_parse_type_t;
int gnutls_ext_register (int type,
diff --git a/lib/includes/gnutls/openpgp.h b/lib/includes/gnutls/openpgp.h
index 10ca339..f6c18f2 100644
--- a/lib/includes/gnutls/openpgp.h
+++ b/lib/includes/gnutls/openpgp.h
@@ -40,10 +40,18 @@ extern "C"
/* Openpgp certificate stuff
*/
+/**
+ * gnutls_openpgp_crt_fmt_t:
+ * @GNUTLS_OPENPGP_FMT_RAW: OpenPGP certificate in raw format.
+ * @GNUTLS_OPENPGP_FMT_BASE64: OpenPGP certificate in base64 format.
+ *
+ * Enumeration of different OpenPGP key formats.
+ */
typedef enum gnutls_openpgp_crt_fmt
- { GNUTLS_OPENPGP_FMT_RAW,
- GNUTLS_OPENPGP_FMT_BASE64
- } gnutls_openpgp_crt_fmt_t;
+ {
+ GNUTLS_OPENPGP_FMT_RAW,
+ GNUTLS_OPENPGP_FMT_BASE64
+ } gnutls_openpgp_crt_fmt_t;
typedef unsigned char gnutls_openpgp_keyid_t[8];
diff --git a/lib/includes/gnutls/pkcs12.h b/lib/includes/gnutls/pkcs12.h
index a2cea1d..8867224 100644
--- a/lib/includes/gnutls/pkcs12.h
+++ b/lib/includes/gnutls/pkcs12.h
@@ -61,18 +61,31 @@ extern "C"
int gnutls_pkcs12_bag_encrypt (gnutls_pkcs12_bag_t bag, const char *pass,
unsigned int flags);
+ /**
+ * gnutls_pkcs12_bag_type_t:
+ * @GNUTLS_BAG_EMPTY: Empty PKCS-12 bag.
+ * @GNUTLS_BAG_PKCS8_ENCRYPTED_KEY: PKCS-12 bag with PKCS-8 encrypted key.
+ * @GNUTLS_BAG_PKCS8_KEY: PKCS-12 bag with PKCS-8 key.
+ * @GNUTLS_BAG_CERTIFICATE: PKCS-12 bag with certificate.
+ * @GNUTLS_BAG_CRL: PKCS-12 bag with CRL.
+ * @GNUTLS_BAG_SECRET: PKCS-12 bag with secret PKCS-9 keys.
+ * @GNUTLS_BAG_ENCRYPTED: Encrypted PKCS-12 bag.
+ * @GNUTLS_BAG_UNKNOWN: Unknown PKCS-12 bag.
+ *
+ * Enumeration of different PKCS 12 bag types.
+ */
typedef enum gnutls_pkcs12_bag_type_t
{
GNUTLS_BAG_EMPTY = 0,
-
GNUTLS_BAG_PKCS8_ENCRYPTED_KEY = 1,
- GNUTLS_BAG_PKCS8_KEY,
- GNUTLS_BAG_CERTIFICATE,
- GNUTLS_BAG_CRL,
- GNUTLS_BAG_SECRET, /* secret data. Underspecified in pkcs-12, gnutls
extension. We use
- * the PKCS-9 random nonce ID (1.2.840.113549.1.9.25.3)
to store randomly
- * generated keys.
- */
+ GNUTLS_BAG_PKCS8_KEY = 2,
+ GNUTLS_BAG_CERTIFICATE = 3,
+ GNUTLS_BAG_CRL = 4,
+ GNUTLS_BAG_SECRET = 5, /* Secret data. Underspecified in pkcs-12,
+ * gnutls extension. We use the PKCS-9
+ * random nonce ID 1.2.840.113549.1.9.25.3
+ * to store randomly generated keys.
+ */
GNUTLS_BAG_ENCRYPTED = 10,
GNUTLS_BAG_UNKNOWN = 20
} gnutls_pkcs12_bag_type_t;
diff --git a/lib/includes/gnutls/x509.h b/lib/includes/gnutls/x509.h
index fdd3823..0645e9b 100644
--- a/lib/includes/gnutls/x509.h
+++ b/lib/includes/gnutls/x509.h
@@ -83,14 +83,19 @@ extern "C"
/* Certificate handling functions.
*/
+
+/**
+ * gnutls_certificate_import_flags:
+ * @GNUTLS_X509_CRT_LIST_IMPORT_FAIL_IF_EXCEED: Fail if the
+ * certificates in the buffer are more than the space allocated for
+ * certificates. The error code will be %GNUTLS_E_SHORT_MEMORY_BUFFER.
+ *
+ * Enumeration of different certificate import flags.
+ */
typedef enum gnutls_certificate_import_flags
- {
- /* Fail if the certificates in the buffer are more than the space
- * allocated for certificates. The error code will be
- * GNUTLS_E_SHORT_MEMORY_BUFFER.
- */
- GNUTLS_X509_CRT_LIST_IMPORT_FAIL_IF_EXCEED = 1
- } gnutls_certificate_import_flags;
+ {
+ GNUTLS_X509_CRT_LIST_IMPORT_FAIL_IF_EXCEED = 1
+ } gnutls_certificate_import_flags;
int gnutls_x509_crt_init (gnutls_x509_crt_t * cert);
void gnutls_x509_crt_deinit (gnutls_x509_crt_t cert);
@@ -489,46 +494,45 @@ extern "C"
/* X.509 Certificate verification functions.
*/
+
+/**
+ * gnutls_certificate_verify_flags:
+ * @GNUTLS_VERIFY_DISABLE_CA_SIGN: If set a signer does not have to be
+ * a certificate authority. This flag should normaly be disabled,
+ * unless you know what this means.
+ * @GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT: Allow only trusted CA
+ * certificates that have version 1. This is safer than
+ * %GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT, and should be used
+ * instead. That way only signers in your trusted list will be
+ * allowed to have certificates of version 1.
+ * @GNUTLS_VERIFY_DO_NOT_ALLOW_SAME: If a certificate is not signed by
+ * anyone trusted but exists in the trusted CA list do not treat it
+ * as trusted.
+ * @GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT: Allow CA certificates that
+ * have version 1 (both root and intermediate). This might be
+ * dangerous since those haven't the basicConstraints
+ * extension. Must be used in combination with
+ * %GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT.
+ * @GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD2: Allow certificates to be signed
+ * using the broken MD2 algorithm.
+ * @GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD5: Allow certificates to be signed
+ * using the broken MD5 algorithm.
+ * @GNUTLS_VERIFY_DISABLE_TIME_CHECKS: Disable checking of activation
+ * and expiration validity periods of certificate chains. Don't set
+ * this unless you understand the security implications.
+ *
+ * Enumeration of different certificate verify flags.
+ */
typedef enum gnutls_certificate_verify_flags
- {
- /* If set a signer does not have to be a certificate authority. This
- * flag should normaly be disabled, unless you know what this means.
- */
- GNUTLS_VERIFY_DISABLE_CA_SIGN = 1,
-
- /* Allow only trusted CA certificates that have version 1. This is
- * safer than GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT, and should be
- * used instead. That way only signers in your trusted list will be
- * allowed to have certificates of version 1.
- */
- GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT = 2,
-
- /* If a certificate is not signed by anyone trusted but exists in
- * the trusted CA list do not treat it as trusted.
- */
- GNUTLS_VERIFY_DO_NOT_ALLOW_SAME = 4,
-
- /* Allow CA certificates that have version 1 (both root and
- * intermediate). This might be dangerous since those haven't the
- * basicConstraints extension. Must be used in combination with
- * GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT.
- */
- GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT = 8,
-
- /* Allow certificates to be signed using the broken MD2 algorithm.
- */
- GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD2 = 16,
-
- /* Allow certificates to be signed using the broken MD5 algorithm.
- */
- GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD5 = 32,
-
- /* Disable checking of activation and expiration validity
- * periods of certificate chains. Don't set this unless you
- * understand the security implications.
- */
- GNUTLS_VERIFY_DISABLE_TIME_CHECKS = 64
- } gnutls_certificate_verify_flags;
+ {
+ GNUTLS_VERIFY_DISABLE_CA_SIGN = 1,
+ GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT = 2,
+ GNUTLS_VERIFY_DO_NOT_ALLOW_SAME = 4,
+ GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT = 8,
+ GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD2 = 16,
+ GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD5 = 32,
+ GNUTLS_VERIFY_DISABLE_TIME_CHECKS = 64
+ } gnutls_certificate_verify_flags;
int gnutls_x509_crt_check_issuer (gnutls_x509_crt_t cert,
gnutls_x509_crt_t issuer);
@@ -571,24 +575,39 @@ extern "C"
/* Flags for the gnutls_x509_privkey_export_pkcs8() function.
*/
+
+/**
+ * gnutls_pkcs_encrypt_flags_t:
+ * @GNUTLS_PKCS_PLAIN: Unencrypted private key.
+ * @GNUTLS_PKCS8_PLAIN: Same as %GNUTLS_PKCS_PLAIN.
+ * @GNUTLS_PKCS_USE_PKCS12_3DES: PKCS-12 3DES.
+ * @GNUTLS_PKCS8_USE_PKCS12_3DES: Same as %GNUTLS_PKCS_USE_PKCS12_3DES.
+ * @GNUTLS_PKCS_USE_PKCS12_ARCFOUR: PKCS-12 ARCFOUR.
+ * @GNUTLS_PKCS8_USE_PKCS12_ARCFOUR: Same as %GNUTLS_PKCS_USE_PKCS12_ARCFOUR.
+ * @GNUTLS_PKCS_USE_PKCS12_RC2_40: PKCS-12 RC2-40.
+ * @GNUTLS_PKCS8_USE_PKCS12_RC2_40: Same as %GNUTLS_PKCS_USE_PKCS12_RC2_40.
+ * @GNUTLS_PKCS_USE_PBES2_3DES: PBES2 3DES.
+ * @GNUTLS_PKCS_USE_PBES2_AES_128: PBES2 AES-128.
+ * @GNUTLS_PKCS_USE_PBES2_AES_192: PBES2 AES-192.
+ * @GNUTLS_PKCS_USE_PBES2_AES_256: PBES2 AES-256.
+ *
+ * Enumeration of different PKCS encryption flags.
+ */
typedef enum gnutls_pkcs_encrypt_flags_t
- {
- GNUTLS_PKCS_PLAIN = 1, /* if set the private key will not
- * be encrypted.
- */
- GNUTLS_PKCS_USE_PKCS12_3DES = 2,
- GNUTLS_PKCS_USE_PKCS12_ARCFOUR = 4,
- GNUTLS_PKCS_USE_PKCS12_RC2_40 = 8,
- GNUTLS_PKCS_USE_PBES2_3DES = 16,
- GNUTLS_PKCS_USE_PBES2_AES_128 = 32,
- GNUTLS_PKCS_USE_PBES2_AES_192 = 64,
- GNUTLS_PKCS_USE_PBES2_AES_256 = 128,
- } gnutls_pkcs_encrypt_flags_t;
-
-#define GNUTLS_PKCS8_PLAIN GNUTLS_PKCS_PLAIN
-#define GNUTLS_PKCS8_USE_PKCS12_3DES GNUTLS_PKCS_USE_PKCS12_3DES
-#define GNUTLS_PKCS8_USE_PKCS12_ARCFOUR GNUTLS_PKCS_USE_PKCS12_ARCFOUR
-#define GNUTLS_PKCS8_USE_PKCS12_RC2_40 GNUTLS_PKCS_USE_PKCS12_RC2_40
+ {
+ GNUTLS_PKCS_PLAIN = 1,
+ GNUTLS_PKCS8_PLAIN = GNUTLS_PKCS_PLAIN,
+ GNUTLS_PKCS_USE_PKCS12_3DES = 2,
+ GNUTLS_PKCS8_USE_PKCS12_3DES = GNUTLS_PKCS_USE_PKCS12_3DES,
+ GNUTLS_PKCS_USE_PKCS12_ARCFOUR = 4,
+ GNUTLS_PKCS8_USE_PKCS12_ARCFOUR = GNUTLS_PKCS_USE_PKCS12_ARCFOUR,
+ GNUTLS_PKCS_USE_PKCS12_RC2_40 = 8,
+ GNUTLS_PKCS8_USE_PKCS12_RC2_40 = GNUTLS_PKCS_USE_PKCS12_RC2_40,
+ GNUTLS_PKCS_USE_PBES2_3DES = 16,
+ GNUTLS_PKCS_USE_PBES2_AES_128 = 32,
+ GNUTLS_PKCS_USE_PBES2_AES_192 = 64,
+ GNUTLS_PKCS_USE_PBES2_AES_256 = 128,
+ } gnutls_pkcs_encrypt_flags_t;
int gnutls_x509_privkey_init (gnutls_x509_privkey_t * key);
void gnutls_x509_privkey_deinit (gnutls_x509_privkey_t key);
diff --git a/libextra/gnutls_ia.c b/libextra/gnutls_ia.c
index ad2c3e8..be315b8 100644
--- a/libextra/gnutls_ia.c
+++ b/libextra/gnutls_ia.c
@@ -661,8 +661,7 @@ gnutls_ia_handshake (gnutls_session_t session)
*
* Adding this credential to a session will enable TLS/IA, and will
* require an Application Phase after the TLS handshake (if the server
- * support TLS/IA). Use gnutls_ia_require_inner_phase() to toggle the
- * TLS/IA mode.
+ * support TLS/IA). Use gnutls_ia_enable() to toggle the TLS/IA mode.
*
* Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise
* an error code is returned.
@@ -771,8 +770,7 @@ gnutls_ia_get_client_avp_ptr
(gnutls_ia_client_credentials_t cred)
*
* Adding this credential to a session will enable TLS/IA, and will
* require an Application Phase after the TLS handshake (if the client
- * support TLS/IA). Use gnutls_ia_require_inner_phase() to toggle the
- * TLS/IA mode.
+ * support TLS/IA). Use gnutls_ia_enable() to toggle the TLS/IA mode.
*
* Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise
* an error code is returned.
diff --git a/libextra/includes/gnutls/extra.h b/libextra/includes/gnutls/extra.h
index 5871a37..f43d324 100644
--- a/libextra/includes/gnutls/extra.h
+++ b/libextra/includes/gnutls/extra.h
@@ -42,12 +42,20 @@ extern "C"
/* TLS/IA stuff
*/
+ /**
+ * gnutls_ia_apptype_t:
+ * @GNUTLS_IA_APPLICATION_PAYLOAD: TLS/IA application payload.
+ * @GNUTLS_IA_INTERMEDIATE_PHASE_FINISHED: TLS/IA intermediate phase
finished.
+ * @GNUTLS_IA_FINAL_PHASE_FINISHED: TLS/IA final phase finished.
+ *
+ * Enumeration of different certificate encoding formats.
+ */
typedef enum
- {
- GNUTLS_IA_APPLICATION_PAYLOAD = 0,
- GNUTLS_IA_INTERMEDIATE_PHASE_FINISHED = 1,
- GNUTLS_IA_FINAL_PHASE_FINISHED = 2
- } gnutls_ia_apptype_t;
+ {
+ GNUTLS_IA_APPLICATION_PAYLOAD = 0,
+ GNUTLS_IA_INTERMEDIATE_PHASE_FINISHED = 1,
+ GNUTLS_IA_FINAL_PHASE_FINISHED = 2
+ } gnutls_ia_apptype_t;
/* TLS/IA credential
*/
hooks/post-receive
--
GNU gnutls
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [SCM] GNU gnutls branch, master, updated. gnutls_2_9_9-127-g0ead62f,
Simon Josefsson <=