HAVE_SSIZE_T

#define             HAVE_SSIZE_T

GNUTLS_VERSION

#define GNUTLS_VERSION "3.1.5"

GNUTLS_VERSION_MAJOR

#define GNUTLS_VERSION_MAJOR 3

GNUTLS_VERSION_MINOR

#define GNUTLS_VERSION_MINOR 1

GNUTLS_VERSION_PATCH

#define GNUTLS_VERSION_PATCH 5

GNUTLS_VERSION_NUMBER

#define GNUTLS_VERSION_NUMBER 0x030105

GNUTLS_CIPHER_RIJNDAEL_128_CBC

#define GNUTLS_CIPHER_RIJNDAEL_128_CBC GNUTLS_CIPHER_AES_128_CBC

GNUTLS_CIPHER_RIJNDAEL_256_CBC

#define GNUTLS_CIPHER_RIJNDAEL_256_CBC GNUTLS_CIPHER_AES_256_CBC

GNUTLS_CIPHER_RIJNDAEL_CBC

#define GNUTLS_CIPHER_RIJNDAEL_CBC GNUTLS_CIPHER_AES_128_CBC

GNUTLS_CIPHER_ARCFOUR

#define GNUTLS_CIPHER_ARCFOUR GNUTLS_CIPHER_ARCFOUR_128

enum gnutls_cipher_algorithm_t

typedef enum {
    GNUTLS_CIPHER_UNKNOWN = 0,
    GNUTLS_CIPHER_NULL = 1,
    GNUTLS_CIPHER_ARCFOUR_128 = 2,
    GNUTLS_CIPHER_3DES_CBC = 3,
    GNUTLS_CIPHER_AES_128_CBC = 4,
    GNUTLS_CIPHER_AES_256_CBC = 5,
    GNUTLS_CIPHER_ARCFOUR_40 = 6,
    GNUTLS_CIPHER_CAMELLIA_128_CBC = 7,
    GNUTLS_CIPHER_CAMELLIA_256_CBC = 8,
    GNUTLS_CIPHER_RC2_40_CBC = 90,
    GNUTLS_CIPHER_DES_CBC = 91,
    GNUTLS_CIPHER_AES_192_CBC = 92,
    GNUTLS_CIPHER_AES_128_GCM = 93,
    GNUTLS_CIPHER_AES_256_GCM = 94,
    GNUTLS_CIPHER_CAMELLIA_192_CBC = 95,

    /* used only for PGP internals. Ignored in TLS/SSL
     */
    GNUTLS_CIPHER_IDEA_PGP_CFB = 200,
    GNUTLS_CIPHER_3DES_PGP_CFB = 201,
    GNUTLS_CIPHER_CAST5_PGP_CFB = 202,
    GNUTLS_CIPHER_BLOWFISH_PGP_CFB = 203,
    GNUTLS_CIPHER_SAFER_SK128_PGP_CFB = 204,
    GNUTLS_CIPHER_AES128_PGP_CFB = 205,
    GNUTLS_CIPHER_AES192_PGP_CFB = 206,
    GNUTLS_CIPHER_AES256_PGP_CFB = 207,
    GNUTLS_CIPHER_TWOFISH_PGP_CFB = 208
} gnutls_cipher_algorithm_t;

Enumeration of different symmetric encryption algorithms.

enum gnutls_kx_algorithm_t

typedef enum {
    GNUTLS_KX_UNKNOWN = 0,
    GNUTLS_KX_RSA = 1,
    GNUTLS_KX_DHE_DSS = 2,
    GNUTLS_KX_DHE_RSA = 3,
    GNUTLS_KX_ANON_DH = 4,
    GNUTLS_KX_SRP = 5,
    GNUTLS_KX_RSA_EXPORT = 6,
    GNUTLS_KX_SRP_RSA = 7,
    GNUTLS_KX_SRP_DSS = 8,
    GNUTLS_KX_PSK = 9,
    GNUTLS_KX_DHE_PSK = 10,
    GNUTLS_KX_ANON_ECDH = 11,
    GNUTLS_KX_ECDHE_RSA = 12,
    GNUTLS_KX_ECDHE_ECDSA = 13,
    GNUTLS_KX_ECDHE_PSK = 14,
} gnutls_kx_algorithm_t;

Enumeration of different key exchange algorithms.

enum gnutls_params_type_t

typedef enum {
    GNUTLS_PARAMS_RSA_EXPORT = 1,
    GNUTLS_PARAMS_DH = 2,
    GNUTLS_PARAMS_ECDH = 3,
} gnutls_params_type_t;

Enumeration of different TLS session parameter types.

enum gnutls_credentials_type_t

typedef enum {
    GNUTLS_CRD_CERTIFICATE = 1,
    GNUTLS_CRD_ANON,
    GNUTLS_CRD_SRP,
    GNUTLS_CRD_PSK,
    GNUTLS_CRD_IA
} gnutls_credentials_type_t;

Enumeration of different credential types.

GNUTLS_MAC_SHA

#define GNUTLS_MAC_SHA GNUTLS_MAC_SHA1

GNUTLS_DIG_SHA

#define GNUTLS_DIG_SHA GNUTLS_DIG_SHA1

enum gnutls_mac_algorithm_t

typedef enum {
    GNUTLS_MAC_UNKNOWN = 0,
    GNUTLS_MAC_NULL = 1,
    GNUTLS_MAC_MD5 = 2,
    GNUTLS_MAC_SHA1 = 3,
    GNUTLS_MAC_RMD160 = 4,
    GNUTLS_MAC_MD2 = 5,
    GNUTLS_MAC_SHA256 = 6,
    GNUTLS_MAC_SHA384 = 7,
    GNUTLS_MAC_SHA512 = 8,
    GNUTLS_MAC_SHA224 = 9,
      /* If you add anything here, make sure you align with
         gnutls_digest_algorithm_t. */
    GNUTLS_MAC_AEAD = 200 /* indicates that MAC is on the cipher */
} gnutls_mac_algorithm_t;

Enumeration of different Message Authentication Code (MAC) algorithms.

enum gnutls_digest_algorithm_t

typedef enum {
    GNUTLS_DIG_UNKNOWN = GNUTLS_MAC_UNKNOWN,
    GNUTLS_DIG_NULL = GNUTLS_MAC_NULL,
    GNUTLS_DIG_MD5 = GNUTLS_MAC_MD5,
    GNUTLS_DIG_SHA1 = GNUTLS_MAC_SHA1,
    GNUTLS_DIG_RMD160 = GNUTLS_MAC_RMD160,
    GNUTLS_DIG_MD2 = GNUTLS_MAC_MD2,
    GNUTLS_DIG_SHA256 = GNUTLS_MAC_SHA256,
    GNUTLS_DIG_SHA384 = GNUTLS_MAC_SHA384,
    GNUTLS_DIG_SHA512 = GNUTLS_MAC_SHA512,
    GNUTLS_DIG_SHA224 = GNUTLS_MAC_SHA224
      /* If you add anything here, make sure you align with
         gnutls_mac_algorithm_t. */
} gnutls_digest_algorithm_t;

Enumeration of different digest (hash) algorithms.

GNUTLS_MAX_ALGORITHM_NUM

#define GNUTLS_MAX_ALGORITHM_NUM 32

enum gnutls_compression_method_t

typedef enum {
    GNUTLS_COMP_UNKNOWN = 0,
    GNUTLS_COMP_NULL = 1,
    GNUTLS_COMP_DEFLATE = 2,
    GNUTLS_COMP_ZLIB = GNUTLS_COMP_DEFLATE,
} gnutls_compression_method_t;

Enumeration of different TLS compression methods.

enum gnutls_alert_level_t

typedef enum {
    GNUTLS_AL_WARNING = 1,
    GNUTLS_AL_FATAL
} gnutls_alert_level_t;

Enumeration of different TLS alert severities.

enum gnutls_alert_description_t

typedef enum {
    GNUTLS_A_CLOSE_NOTIFY,
    GNUTLS_A_UNEXPECTED_MESSAGE = 10,
    GNUTLS_A_BAD_RECORD_MAC = 20,
    GNUTLS_A_DECRYPTION_FAILED,
    GNUTLS_A_RECORD_OVERFLOW,
    GNUTLS_A_DECOMPRESSION_FAILURE = 30,
    GNUTLS_A_HANDSHAKE_FAILURE = 40,
    GNUTLS_A_SSL3_NO_CERTIFICATE = 41,
    GNUTLS_A_BAD_CERTIFICATE = 42,
    GNUTLS_A_UNSUPPORTED_CERTIFICATE,
    GNUTLS_A_CERTIFICATE_REVOKED,
    GNUTLS_A_CERTIFICATE_EXPIRED,
    GNUTLS_A_CERTIFICATE_UNKNOWN,
    GNUTLS_A_ILLEGAL_PARAMETER,
    GNUTLS_A_UNKNOWN_CA,
    GNUTLS_A_ACCESS_DENIED,
    GNUTLS_A_DECODE_ERROR = 50,
    GNUTLS_A_DECRYPT_ERROR,
    GNUTLS_A_EXPORT_RESTRICTION = 60,
    GNUTLS_A_PROTOCOL_VERSION = 70,
    GNUTLS_A_INSUFFICIENT_SECURITY,
    GNUTLS_A_INTERNAL_ERROR = 80,
    GNUTLS_A_USER_CANCELED = 90,
    GNUTLS_A_NO_RENEGOTIATION = 100,
    GNUTLS_A_UNSUPPORTED_EXTENSION = 110,
    GNUTLS_A_CERTIFICATE_UNOBTAINABLE = 111,
    GNUTLS_A_UNRECOGNIZED_NAME = 112,
    GNUTLS_A_UNKNOWN_PSK_IDENTITY = 115,
} gnutls_alert_description_t;

Enumeration of different TLS alerts.

enum gnutls_handshake_description_t

typedef enum {
    GNUTLS_HANDSHAKE_HELLO_REQUEST = 0,
    GNUTLS_HANDSHAKE_CLIENT_HELLO = 1,
    GNUTLS_HANDSHAKE_SERVER_HELLO = 2,
    GNUTLS_HANDSHAKE_HELLO_VERIFY_REQUEST = 3,
    GNUTLS_HANDSHAKE_NEW_SESSION_TICKET = 4,
    GNUTLS_HANDSHAKE_CERTIFICATE_PKT = 11,
    GNUTLS_HANDSHAKE_SERVER_KEY_EXCHANGE = 12,
    GNUTLS_HANDSHAKE_CERTIFICATE_REQUEST = 13,
    GNUTLS_HANDSHAKE_SERVER_HELLO_DONE = 14,
    GNUTLS_HANDSHAKE_CERTIFICATE_VERIFY = 15,
    GNUTLS_HANDSHAKE_CLIENT_KEY_EXCHANGE = 16,
    GNUTLS_HANDSHAKE_FINISHED = 20,
    GNUTLS_HANDSHAKE_CERTIFICATE_STATUS = 22,
    GNUTLS_HANDSHAKE_SUPPLEMENTAL = 23,
    GNUTLS_HANDSHAKE_CHANGE_CIPHER_SPEC = 254,
    GNUTLS_HANDSHAKE_CLIENT_HELLO_V2 = 1024,
} gnutls_handshake_description_t;

Enumeration of different TLS handshake packets.

enum gnutls_certificate_status_t

typedef enum {
    GNUTLS_CERT_INVALID = 1<<1,
    GNUTLS_CERT_REVOKED = 1<<5,
    GNUTLS_CERT_SIGNER_NOT_FOUND = 1<<6,
    GNUTLS_CERT_SIGNER_NOT_CA = 1<<7,
    GNUTLS_CERT_INSECURE_ALGORITHM = 1<<8,
    GNUTLS_CERT_NOT_ACTIVATED = 1<<9,
    GNUTLS_CERT_EXPIRED = 1<<10,
    GNUTLS_CERT_SIGNATURE_FAILURE = 1<<11,
    GNUTLS_CERT_REVOCATION_DATA_SUPERSEDED = 1<<12,
    GNUTLS_CERT_UNEXPECTED_OWNER = 1<<14,
    GNUTLS_CERT_REVOCATION_DATA_ISSUED_IN_FUTURE = 1<<15,
    GNUTLS_CERT_SIGNER_CONSTRAINTS_FAILURE = 1<<16,
} gnutls_certificate_status_t;

Enumeration of certificate status codes. Note that the status bits may have different meanings in OpenPGP keys and X.509 certificate verification.

enum gnutls_certificate_request_t

typedef enum {
    GNUTLS_CERT_IGNORE = 0,
    GNUTLS_CERT_REQUEST = 1,
    GNUTLS_CERT_REQUIRE = 2
} gnutls_certificate_request_t;

Enumeration of certificate request types.

enum gnutls_openpgp_crt_status_t

typedef enum {
    GNUTLS_OPENPGP_CERT = 0,
    GNUTLS_OPENPGP_CERT_FINGERPRINT = 1
} gnutls_openpgp_crt_status_t;

Enumeration of ways to send OpenPGP certificate.

enum gnutls_close_request_t

typedef enum {
    GNUTLS_SHUT_RDWR = 0,
    GNUTLS_SHUT_WR = 1
} gnutls_close_request_t;

Enumeration of how TLS session should be terminated. See gnutls_bye().

enum gnutls_protocol_t

typedef enum {
    GNUTLS_SSL3 = 1,
    GNUTLS_TLS1_0 = 2,
    GNUTLS_TLS1 = GNUTLS_TLS1_0,
    GNUTLS_TLS1_1 = 3,
    GNUTLS_TLS1_2 = 4,
    GNUTLS_DTLS1_0 = 5,
    GNUTLS_DTLS0_9 = 6,
    GNUTLS_VERSION_MAX = GNUTLS_DTLS0_9,
    GNUTLS_VERSION_UNKNOWN = 0xff
} gnutls_protocol_t;

Enumeration of different SSL/TLS protocol versions.

enum gnutls_certificate_type_t

typedef enum {
    GNUTLS_CRT_UNKNOWN = 0,
    GNUTLS_CRT_X509 = 1,
    GNUTLS_CRT_OPENPGP = 2,
    GNUTLS_CRT_RAW = 3
} gnutls_certificate_type_t;

Enumeration of different certificate types.

enum gnutls_x509_crt_fmt_t

typedef enum {
    GNUTLS_X509_FMT_DER = 0,
    GNUTLS_X509_FMT_PEM = 1
} gnutls_x509_crt_fmt_t;

Enumeration of different certificate encoding formats.

enum gnutls_certificate_print_formats_t

typedef enum {
    GNUTLS_CRT_PRINT_FULL = 0,
    GNUTLS_CRT_PRINT_ONELINE = 1,
    GNUTLS_CRT_PRINT_UNSIGNED_FULL = 2,
    GNUTLS_CRT_PRINT_COMPACT = 3,
    GNUTLS_CRT_PRINT_FULL_NUMBERS = 4,
} gnutls_certificate_print_formats_t;

Enumeration of different certificate printing variants.

enum gnutls_pk_algorithm_t

typedef enum {
    GNUTLS_PK_UNKNOWN = 0,
    GNUTLS_PK_RSA = 1,
    GNUTLS_PK_DSA = 2,
    GNUTLS_PK_DH = 3,
    GNUTLS_PK_EC = 4,
} gnutls_pk_algorithm_t;

Enumeration of different public-key algorithms.

gnutls_pk_algorithm_get_name ()

const char *        gnutls_pk_algorithm_get_name        (gnutls_pk_algorithm_t algorithm);

Convert a gnutls_pk_algorithm_t value to a string.

enum gnutls_sign_algorithm_t

typedef enum {
    GNUTLS_SIGN_UNKNOWN = 0,
    GNUTLS_SIGN_RSA_SHA1 = 1,
    GNUTLS_SIGN_RSA_SHA = GNUTLS_SIGN_RSA_SHA1,
    GNUTLS_SIGN_DSA_SHA1 = 2,
    GNUTLS_SIGN_DSA_SHA = GNUTLS_SIGN_DSA_SHA1,
    GNUTLS_SIGN_RSA_MD5 = 3,
    GNUTLS_SIGN_RSA_MD2 = 4,
    GNUTLS_SIGN_RSA_RMD160 = 5,
    GNUTLS_SIGN_RSA_SHA256 = 6,
    GNUTLS_SIGN_RSA_SHA384 = 7,
    GNUTLS_SIGN_RSA_SHA512 = 8,
    GNUTLS_SIGN_RSA_SHA224 = 9,
    GNUTLS_SIGN_DSA_SHA224 = 10,
    GNUTLS_SIGN_DSA_SHA256 = 11,
    GNUTLS_SIGN_ECDSA_SHA1 = 12,
    GNUTLS_SIGN_ECDSA_SHA224 = 13,
    GNUTLS_SIGN_ECDSA_SHA256 = 14,
    GNUTLS_SIGN_ECDSA_SHA384 = 15,
    GNUTLS_SIGN_ECDSA_SHA512 = 16,
} gnutls_sign_algorithm_t;

Enumeration of different digital signature algorithms.

gnutls_sign_algorithm_get_name

#define gnutls_sign_algorithm_get_name gnutls_sign_get_name

enum gnutls_sec_param_t

typedef enum {
    GNUTLS_SEC_PARAM_INSECURE = -20,
    GNUTLS_SEC_PARAM_WEAK = -10,
    GNUTLS_SEC_PARAM_UNKNOWN = 0,
    GNUTLS_SEC_PARAM_LOW = 1,
    GNUTLS_SEC_PARAM_LEGACY = 2,
    GNUTLS_SEC_PARAM_NORMAL = 3,
    GNUTLS_SEC_PARAM_HIGH = 4,
    GNUTLS_SEC_PARAM_ULTRA = 5,
} gnutls_sec_param_t;

Enumeration of security parameters for passive attacks.

gnutls_transport_ptr_t

  typedef void *gnutls_transport_ptr_t;

struct gnutls_session_int

struct gnutls_session_int;

gnutls_session_t

  typedef struct gnutls_session_int *gnutls_session_t;

struct gnutls_dh_params_int

struct gnutls_dh_params_int;

gnutls_dh_params_t

  typedef struct gnutls_dh_params_int *gnutls_dh_params_t;

struct gnutls_x509_privkey_int

struct gnutls_x509_privkey_int;

gnutls_rsa_params_t

  typedef struct gnutls_x509_privkey_int *gnutls_rsa_params_t;

struct gnutls_priority_st

struct gnutls_priority_st;

gnutls_priority_t

  typedef struct gnutls_priority_st *gnutls_priority_t;

gnutls_init ()

int                 gnutls_init                         (gnutls_session_t *session,
                                                         unsigned int flags);

This function initializes the current session to null. Every session must be initialized before use, so internal structures can be allocated. This function allocates structures which can only be free'd by calling gnutls_deinit(). Returns GNUTLS_E_SUCCESS (0) on success.

flags can be one of GNUTLS_CLIENT and GNUTLS_SERVER. For a DTLS entity, the flags GNUTLS_DATAGRAM and GNUTLS_NONBLOCK are also available. The latter flag will enable a non-blocking operation of the DTLS timers.

Note that since version 3.1.2 this function enables some common TLS extensions such as session tickets and OCSP certificate status request in client side by default. To prevent that use the GNUTLS_NO_EXTENSIONS flag.

gnutls_deinit ()

void                gnutls_deinit                       (gnutls_session_t session);

This function clears all buffers associated with the session. This function will also remove session data from the session database if the session was terminated abnormally.

gnutls_bye ()

int                 gnutls_bye                          (gnutls_session_t session,
                                                         gnutls_close_request_t how);

Terminates the current TLS/SSL connection. The connection should have been initiated using gnutls_handshake(). how should be one of GNUTLS_SHUT_RDWR, GNUTLS_SHUT_WR.

In case of GNUTLS_SHUT_RDWR the TLS session gets terminated and further receives and sends will be disallowed. If the return value is zero you may continue using the underlying transport layer. GNUTLS_SHUT_RDWR sends an alert containing a close request and waits for the peer to reply with the same message.

In case of GNUTLS_SHUT_WR the TLS session gets terminated and further sends will be disallowed. In order to reuse the connection you should wait for an EOF from the peer. GNUTLS_SHUT_WR sends an alert containing a close request.

Note that not all implementations will properly terminate a TLS connection. Some of them, usually for performance reasons, will terminate only the underlying transport layer, and thus not distinguishing between a malicious party prematurely terminating the connection and normal termination.

This function may also return GNUTLS_E_AGAIN or GNUTLS_E_INTERRUPTED; cf. gnutls_record_get_direction().

gnutls_handshake ()

int                 gnutls_handshake                    (gnutls_session_t session);

This function does the handshake of the TLS/SSL protocol, and initializes the TLS connection.

This function will fail if any problem is encountered, and will return a negative error code. In case of a client, if the client has asked to resume a session, but the server couldn't, then a full handshake will be performed.

The non-fatal errors such as GNUTLS_E_AGAIN and GNUTLS_E_INTERRUPTED interrupt the handshake procedure, which should be resumed later. Call this function again, until it returns 0; cf. gnutls_record_get_direction() and gnutls_error_is_fatal().

If this function is called by a server after a rehandshake request then GNUTLS_E_GOT_APPLICATION_DATA or GNUTLS_E_WARNING_ALERT_RECEIVED may be returned. Note that these are non fatal errors, only in the specific case of a rehandshake. Their meaning is that the client rejected the rehandshake request or in the case of GNUTLS_E_GOT_APPLICATION_DATA it might also mean that some data were pending.

gnutls_rehandshake ()

int                 gnutls_rehandshake                  (gnutls_session_t session);

This function will renegotiate security parameters with the client. This should only be called in case of a server.

This message informs the peer that we want to renegotiate parameters (perform a handshake).

If this function succeeds (returns 0), you must call the gnutls_handshake() function in order to negotiate the new parameters.

Since TLS is full duplex some application data might have been sent during peer's processing of this message. In that case one should call gnutls_record_recv() until GNUTLS_E_REHANDSHAKE is returned to clear any pending data. Care must be taken if rehandshake is mandatory to terminate if it does not start after some threshold.

If the client does not wish to renegotiate parameters he will should with an alert message, thus the return code will be GNUTLS_E_WARNING_ALERT_RECEIVED and the alert will be GNUTLS_A_NO_RENEGOTIATION. A client may also choose to ignore this message.

gnutls_alert_get ()

gnutls_alert_description_t gnutls_alert_get             (gnutls_session_t session);

This function will return the last alert number received. This function should be called when GNUTLS_E_WARNING_ALERT_RECEIVED or GNUTLS_E_FATAL_ALERT_RECEIVED errors are returned by a gnutls function. The peer may send alerts if he encounters an error. If no alert has been received the returned value is undefined.

gnutls_alert_send ()

int                 gnutls_alert_send                   (gnutls_session_t session,
                                                         gnutls_alert_level_t level,
                                                         gnutls_alert_description_t desc);

This function will send an alert to the peer in order to inform him of something important (eg. his Certificate could not be verified). If the alert level is Fatal then the peer is expected to close the connection, otherwise he may ignore the alert and continue.

The error code of the underlying record send function will be returned, so you may also receive GNUTLS_E_INTERRUPTED or GNUTLS_E_AGAIN as well.

gnutls_alert_send_appropriate ()

int                 gnutls_alert_send_appropriate       (gnutls_session_t session,
                                                         int err);

Sends an alert to the peer depending on the error code returned by a gnutls function. This function will call gnutls_error_to_alert() to determine the appropriate alert to send.

This function may also return GNUTLS_E_AGAIN, or GNUTLS_E_INTERRUPTED.

If the return value is GNUTLS_E_INVALID_REQUEST, then no alert has been sent to the peer.

gnutls_alert_get_name ()

const char *        gnutls_alert_get_name               (gnutls_alert_description_t alert);

This function will return a string that describes the given alert number, or NULL. See gnutls_alert_get().

gnutls_pk_bits_to_sec_param ()

gnutls_sec_param_t  gnutls_pk_bits_to_sec_param         (gnutls_pk_algorithm_t algo,
                                                         unsigned int bits);

This is the inverse of gnutls_sec_param_to_pk_bits(). Given an algorithm and the number of bits, it will return the security parameter. This is a rough indication.

Since 2.12.0

gnutls_sec_param_get_name ()

const char *        gnutls_sec_param_get_name           (gnutls_sec_param_t param);

Convert a gnutls_sec_param_t value to a string.

Since 2.12.0

gnutls_sec_param_to_pk_bits ()

unsigned int        gnutls_sec_param_to_pk_bits         (gnutls_pk_algorithm_t algo,
                                                         gnutls_sec_param_t param);

When generating private and public key pairs a difficult question is which size of "bits" the modulus will be in RSA and the group size in DSA. The easy answer is 1024, which is also wrong. This function will convert a human understandable security parameter to an appropriate size for the specific algorithm.

Since 2.12.0

gnutls_cipher_get ()

gnutls_cipher_algorithm_t gnutls_cipher_get             (gnutls_session_t session);

Get currently used cipher.

gnutls_kx_get ()

gnutls_kx_algorithm_t gnutls_kx_get                     (gnutls_session_t session);

Get currently used key exchange algorithm.

gnutls_mac_get ()

gnutls_mac_algorithm_t gnutls_mac_get                   (gnutls_session_t session);

Get currently used MAC algorithm.

gnutls_compression_get ()

gnutls_compression_method_t gnutls_compression_get      (gnutls_session_t session);

Get currently used compression algorithm.

gnutls_certificate_type_get ()

gnutls_certificate_type_t gnutls_certificate_type_get   (gnutls_session_t session);

The certificate type is by default X.509, unless it is negotiated as a TLS extension.

gnutls_sign_algorithm_get_requested ()

int                 gnutls_sign_algorithm_get_requested (gnutls_session_t session,
                                                         size_t indx,
                                                         gnutls_sign_algorithm_t *algo);

Returns the signature algorithm specified by index that was requested by the peer. If the specified index has no data available this function returns GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE. If the negotiated TLS version does not support signature algorithms then GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE will be returned even for the first index. The first index is 0.

This function is useful in the certificate callback functions to assist in selecting the correct certificate.

Since 2.10.0

gnutls_cipher_get_key_size ()

size_t              gnutls_cipher_get_key_size          (gnutls_cipher_algorithm_t algorithm);

Get key size for cipher.

gnutls_mac_get_key_size ()

size_t              gnutls_mac_get_key_size             (gnutls_mac_algorithm_t algorithm);

Get size of MAC key.

gnutls_cipher_get_name ()

const char *        gnutls_cipher_get_name              (gnutls_cipher_algorithm_t algorithm);

Convert a gnutls_cipher_algorithm_t type to a string.

gnutls_mac_get_name ()

const char *        gnutls_mac_get_name                 (gnutls_mac_algorithm_t algorithm);

Convert a gnutls_mac_algorithm_t value to a string.

gnutls_compression_get_name ()

const char *        gnutls_compression_get_name         (gnutls_compression_method_t algorithm);

Convert a gnutls_compression_method_t value to a string.

gnutls_kx_get_name ()

const char *        gnutls_kx_get_name                  (gnutls_kx_algorithm_t algorithm);

Convert a gnutls_kx_algorithm_t value to a string.

gnutls_certificate_type_get_name ()

const char *        gnutls_certificate_type_get_name    (gnutls_certificate_type_t type);

Convert a gnutls_certificate_type_t type to a string.

gnutls_pk_get_name ()

const char *        gnutls_pk_get_name                  (gnutls_pk_algorithm_t algorithm);

Convert a gnutls_pk_algorithm_t value to a string.

Since 2.6.0

gnutls_sign_get_name ()

const char *        gnutls_sign_get_name                (gnutls_sign_algorithm_t algorithm);

Convert a gnutls_sign_algorithm_t value to a string.

gnutls_mac_get_id ()

gnutls_mac_algorithm_t gnutls_mac_get_id                (const char *name);

Convert a string to a gnutls_mac_algorithm_t value. The names are compared in a case insensitive way.

gnutls_compression_get_id ()

gnutls_compression_method_t gnutls_compression_get_id   (const char *name);

The names are compared in a case insensitive way.

gnutls_cipher_get_id ()

gnutls_cipher_algorithm_t gnutls_cipher_get_id          (const char *name);

The names are compared in a case insensitive way.

gnutls_kx_get_id ()

gnutls_kx_algorithm_t gnutls_kx_get_id                  (const char *name);

Convert a string to a gnutls_kx_algorithm_t value. The names are compared in a case insensitive way.

gnutls_protocol_get_id ()

gnutls_protocol_t   gnutls_protocol_get_id              (const char *name);

The names are compared in a case insensitive way.

gnutls_certificate_type_get_id ()

gnutls_certificate_type_t gnutls_certificate_type_get_id
                                                        (const char *name);

The names are compared in a case insensitive way.

gnutls_pk_get_id ()

gnutls_pk_algorithm_t gnutls_pk_get_id                  (const char *name);

Convert a string to a gnutls_pk_algorithm_t value. The names are compared in a case insensitive way. For example, gnutls_pk_get_id("RSA") will return GNUTLS_PK_RSA.

Since 2.6.0

gnutls_sign_get_id ()

gnutls_sign_algorithm_t gnutls_sign_get_id              (const char *name);

The names are compared in a case insensitive way.

gnutls_cipher_list ()

const gnutls_cipher_algorithm_t * gnutls_cipher_list    (void);

Get a list of supported cipher algorithms. Note that not necessarily all ciphers are supported as TLS cipher suites. For example, DES is not supported as a cipher suite, but is supported for other purposes (e.g., PKCS#8 or similar).

This function is not thread safe.

gnutls_mac_list ()

const gnutls_mac_algorithm_t * gnutls_mac_list          (void);

Get a list of hash algorithms for use as MACs. Note that not necessarily all MACs are supported in TLS cipher suites. For example, MD2 is not supported as a cipher suite, but is supported for other purposes (e.g., X.509 signature verification or similar).

This function is not thread safe.

gnutls_compression_list ()

const gnutls_compression_method_t * gnutls_compression_list
                                                        (void);

Get a list of compression methods.

gnutls_protocol_list ()

const gnutls_protocol_t * gnutls_protocol_list          (void);

Get a list of supported protocols, e.g. SSL 3.0, TLS 1.0 etc.

This function is not thread safe.

gnutls_certificate_type_list ()

const gnutls_certificate_type_t * gnutls_certificate_type_list
                                                        (void);

Get a list of certificate types.

gnutls_kx_list ()

const gnutls_kx_algorithm_t * gnutls_kx_list            (void);

Get a list of supported key exchange algorithms.

This function is not thread safe.

gnutls_pk_list ()

const gnutls_pk_algorithm_t * gnutls_pk_list            (void);

Get a list of supported public key algorithms.

This function is not thread safe.

Since 2.6.0

gnutls_sign_list ()

const gnutls_sign_algorithm_t * gnutls_sign_list        (void);

Get a list of supported public key signature algorithms.

gnutls_cipher_suite_info ()

const char *        gnutls_cipher_suite_info            (size_t idx,
                                                         unsigned char *cs_id,
                                                         gnutls_kx_algorithm_t *kx,
                                                         gnutls_cipher_algorithm_t *cipher,
                                                         gnutls_mac_algorithm_t *mac,
                                                         gnutls_protocol_t *min_version);

Get information about supported cipher suites. Use the function iteratively to get information about all supported cipher suites. Call with idx=0 to get information about first cipher suite, then idx=1 and so on until the function returns NULL.

gnutls_error_is_fatal ()

int                 gnutls_error_is_fatal               (int error);

If a GnuTLS function returns a negative error code you may feed that value to this function to see if the error condition is fatal. Note that you may also want to check the error code manually, since some non-fatal errors to the protocol (such as a warning alert or a rehandshake request) may be fatal for your program.

This function is only useful if you are dealing with errors from the record layer or the handshake layer.

gnutls_error_to_alert ()

int                 gnutls_error_to_alert               (int err,
                                                         int *level);

Get an alert depending on the error code returned by a gnutls function. All alerts sent by this function should be considered fatal. The only exception is when err is GNUTLS_E_REHANDSHAKE, where a warning alert should be sent to the peer indicating that no renegotiation will be performed.

If there is no mapping to a valid alert the alert to indicate internal error is returned.

gnutls_perror ()

void                gnutls_perror                       (int error);

This function is like perror(). The only difference is that it accepts an error number returned by a gnutls function.

gnutls_strerror ()

const char *        gnutls_strerror                     (int error);

This function is similar to strerror. The difference is that it accepts an error number returned by a gnutls function; In case of an unknown error a descriptive string is sent instead of NULL.

Error codes are always a negative error code.

gnutls_strerror_name ()

const char *        gnutls_strerror_name                (int error);

Return the GnuTLS error code define as a string. For example, gnutls_strerror_name (GNUTLS_E_DH_PRIME_UNACCEPTABLE) will return the string "GNUTLS_E_DH_PRIME_UNACCEPTABLE".

Since 2.6.0

gnutls_handshake_set_private_extensions ()

void                gnutls_handshake_set_private_extensions
                                                        (gnutls_session_t session,
                                                         int allow);

This function will enable or disable the use of private cipher suites (the ones that start with 0xFF). By default or if allow is 0 then these cipher suites will not be advertized nor used.

Currently GnuTLS does not include such cipher-suites or compression algorithms.

Enabling the private ciphersuites when talking to other than gnutls servers and clients may cause interoperability problems.

gnutls_handshake_get_last_out ()

gnutls_handshake_description_t gnutls_handshake_get_last_out
                                                        (gnutls_session_t session);

This function is only useful to check where the last performed handshake failed. If the previous handshake succeed or was not performed at all then no meaningful value will be returned.

Check gnutls_handshake_description_t in gnutls.h for the available handshake descriptions.

gnutls_handshake_get_last_in ()

gnutls_handshake_description_t gnutls_handshake_get_last_in
                                                        (gnutls_session_t session);

This function is only useful to check where the last performed handshake failed. If the previous handshake succeed or was not performed at all then no meaningful value will be returned.

Check gnutls_handshake_description_t in gnutls.h for the available handshake descriptions.

gnutls_record_send ()

ssize_t             gnutls_record_send                  (gnutls_session_t session,
                                                         const void *data,
                                                         size_t data_size);

This function has the similar semantics with send(). The only difference is that it accepts a GnuTLS session, and uses different error codes. Note that if the send buffer is full, send() will block this function. See the send() documentation for full information. You can replace the default push function by using gnutls_transport_set_ptr2() with a call to send() with a MSG_DONTWAIT flag if blocking is a problem. If the EINTR is returned by the internal push function (the default is send()) then GNUTLS_E_INTERRUPTED will be returned. If GNUTLS_E_INTERRUPTED or GNUTLS_E_AGAIN is returned, you must call this function again, with the same parameters; alternatively you could provide a NULL pointer for data, and 0 for size. cf. gnutls_record_get_direction(). The errno value EMSGSIZE maps to GNUTLS_E_LARGE_PACKET.

gnutls_record_recv ()

ssize_t             gnutls_record_recv                  (gnutls_session_t session,
                                                         void *data,
                                                         size_t data_size);

This function has the similar semantics with recv(). The only difference is that it accepts a GnuTLS session, and uses different error codes. In the special case that a server requests a renegotiation, the client may receive an error code of GNUTLS_E_REHANDSHAKE. This message may be simply ignored, replied with an alert GNUTLS_A_NO_RENEGOTIATION, or replied with a new handshake, depending on the client's will. If EINTR is returned by the internal push function (the default is recv()) then GNUTLS_E_INTERRUPTED will be returned. If GNUTLS_E_INTERRUPTED or GNUTLS_E_AGAIN is returned, you must call this function again to get the data. See also gnutls_record_get_direction(). A server may also receive GNUTLS_E_REHANDSHAKE when a client has initiated a handshake. In that case the server can only initiate a handshake or terminate the connection.

gnutls_read

#define gnutls_read gnutls_record_recv

gnutls_write

#define gnutls_write gnutls_record_send

gnutls_session_enable_compatibility_mode ()

void                gnutls_session_enable_compatibility_mode
                                                        (gnutls_session_t session);

This function can be used to disable certain (security) features in TLS in order to maintain maximum compatibility with buggy clients. Because several trade-offs with security are enabled, if required they will be reported through the audit subsystem.

Normally only servers that require maximum compatibility with everything out there, need to call this function.

gnutls_record_disable_padding ()

void                gnutls_record_disable_padding       (gnutls_session_t session);

Used to disabled padding in TLS 1.0 and above. Normally you do not need to use this function, but there are buggy clients that complain if a server pads the encrypted data. This of course will disable protection against statistical attacks on the data.

Normally only servers that require maximum compatibility with everything out there, need to call this function.

gnutls_record_get_direction ()

int                 gnutls_record_get_direction         (gnutls_session_t session);

This function provides information about the internals of the record protocol and is only useful if a prior gnutls function call (e.g. gnutls_handshake()) was interrupted for some reason, that is, if a function returned GNUTLS_E_INTERRUPTED or GNUTLS_E_AGAIN. In such a case, you might want to call select() or poll() before calling the interrupted gnutls function again. To tell you whether a file descriptor should be selected for either reading or writing, gnutls_record_get_direction() returns 0 if the interrupted function was trying to read data, and 1 if it was trying to write data.

gnutls_record_get_max_size ()

size_t              gnutls_record_get_max_size          (gnutls_session_t session);

Get the record size. The maximum record size is negotiated by the client after the first handshake message.

gnutls_record_set_max_size ()

ssize_t             gnutls_record_set_max_size          (gnutls_session_t session,
                                                         size_t size);

This function sets the maximum record packet size in this connection. This property can only be set to clients. The server may choose not to accept the requested size.

Acceptable values are 512(=2^9), 1024(=2^10), 2048(=2^11) and 4096(=2^12). The requested record size does get in effect immediately only while sending data. The receive part will take effect after a successful handshake.

This function uses a TLS extension called 'max record size'. Not all TLS implementations use or even understand this extension.

gnutls_record_check_pending ()

size_t              gnutls_record_check_pending         (gnutls_session_t session);

This function checks if there are unread data in the gnutls buffers. If the return value is non-zero the next call to gnutls_record_recv() is guarranteed not to block.

gnutls_prf ()

int                 gnutls_prf                          (gnutls_session_t session,
                                                         size_t label_size,
                                                         const char *label,
                                                         int server_random_first,
                                                         size_t extra_size,
                                                         const char *extra,
                                                         size_t outsize,
                                                         char *out);

Apply the TLS Pseudo-Random-Function (PRF) on the master secret and the provided data, seeded with the client and server random fields.

The label variable usually contains a string denoting the purpose for the generated data. The server_random_first indicates whether the client random field or the server random field should be first in the seed. Non-0 indicates that the server random field is first, 0 that the client random field is first.

The extra variable can be used to add more data to the seed, after the random variables. It can be used to make sure the generated output is strongly connected to some additional data (e.g., a string used in user authentication).

The output is placed in out, which must be pre-allocated.

gnutls_prf_raw ()

int                 gnutls_prf_raw                      (gnutls_session_t session,
                                                         size_t label_size,
                                                         const char *label,
                                                         size_t seed_size,
                                                         const char *seed,
                                                         size_t outsize,
                                                         char *out);

Apply the TLS Pseudo-Random-Function (PRF) on the master secret and the provided data.

The label variable usually contains a string denoting the purpose for the generated data. The seed usually contains data such as the client and server random, perhaps together with some additional data that is added to guarantee uniqueness of the output for a particular purpose.

Because the output is not guaranteed to be unique for a particular session unless seed includes the client random and server random fields (the PRF would output the same data on another connection resumed from the first one), it is not recommended to use this function directly. The gnutls_prf() function seeds the PRF with the client and server random fields directly, and is recommended if you want to generate pseudo random data unique for each session.

gnutls_ext_recv_func ()

int                 (*gnutls_ext_recv_func)             (gnutls_session_t session,
                                                         const unsigned char *data,
                                                         size_t len);

gnutls_ext_send_func ()

int                 (*gnutls_ext_send_func)             (gnutls_session_t session,
                                                         gnutls_buffer_st *extdata);

enum gnutls_ext_parse_type_t

typedef enum {
    GNUTLS_EXT_ANY = 0,
    GNUTLS_EXT_APPLICATION = 1,
    GNUTLS_EXT_TLS = 2,
    GNUTLS_EXT_MANDATORY = 3,
    GNUTLS_EXT_NONE = 4
} gnutls_ext_parse_type_t;

Enumeration of different TLS extension types. This flag indicates for an extension whether it is useful to application level or TLS level only. This is (only) used to parse the application level extensions before the "client_hello" callback is called.

enum gnutls_server_name_type_t

typedef enum {
    GNUTLS_NAME_DNS = 1
} gnutls_server_name_type_t;

Enumeration of different server name types.

gnutls_server_name_set ()

int                 gnutls_server_name_set              (gnutls_session_t session,
                                                         gnutls_server_name_type_t type,
                                                         const void *name,
                                                         size_t name_length);

This function is to be used by clients that want to inform (via a TLS extension mechanism) the server of the name they connected to. This should be used by clients that connect to servers that do virtual hosting.

The value of name depends on the type type. In case of GNUTLS_NAME_DNS, an ASCII (0)-terminated domain name string, without the trailing dot, is expected. IPv4 or IPv6 addresses are not permitted.

gnutls_server_name_get ()

int                 gnutls_server_name_get              (gnutls_session_t session,
                                                         void *data,
                                                         size_t *data_length,
                                                         unsigned int *type,
                                                         unsigned int indx);

This function will allow you to get the name indication (if any), a client has sent. The name indication may be any of the enumeration gnutls_server_name_type_t.

If type is GNUTLS_NAME_DNS, then this function is to be used by servers that support virtual hosting, and the data will be a null terminated UTF-8 string.

If data has not enough size to hold the server name GNUTLS_E_SHORT_MEMORY_BUFFER is returned, and data_length will hold the required size.

index is used to retrieve more than one server names (if sent by the client). The first server name has an index of 0, the second 1 and so on. If no name with the given index exists GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE is returned.

gnutls_safe_renegotiation_status ()

int                 gnutls_safe_renegotiation_status    (gnutls_session_t session);

Can be used to check whether safe renegotiation is being used in the current session.

Since 2.10.0

enum gnutls_supplemental_data_format_type_t

typedef enum {
    GNUTLS_SUPPLEMENTAL_USER_MAPPING_DATA = 0
} gnutls_supplemental_data_format_type_t;

Enumeration of different supplemental data types (RFC 4680).

gnutls_session_ticket_key_generate ()

int                 gnutls_session_ticket_key_generate  (gnutls_datum_t *key);

Generate a random key to encrypt security parameters within SessionTicket.

Since 2.10.0

gnutls_session_ticket_enable_client ()

int                 gnutls_session_ticket_enable_client (gnutls_session_t session);

Request that the client should attempt session resumption using SessionTicket.

Since 2.10.0

gnutls_session_ticket_enable_server ()

int                 gnutls_session_ticket_enable_server (gnutls_session_t session,
                                                         const gnutls_datum_t *key);

Request that the server should attempt session resumption using SessionTicket. key must be initialized with gnutls_session_ticket_key_generate().

Since 2.10.0

gnutls_priority_init ()

int                 gnutls_priority_init                (gnutls_priority_t *priority_cache,
                                                         const char *priorities,
                                                         const char **err_pos);

Sets priorities for the ciphers, key exchange methods, macs and compression methods.

The priorities option allows you to specify a colon separated list of the cipher priorities to enable. Some keywords are defined to provide quick access to common preferences.

"PERFORMANCE" means all the "secure" ciphersuites are enabled, limited to 128 bit ciphers and sorted by terms of speed performance.

"NORMAL" means all "secure" ciphersuites. The 256-bit ciphers are included as a fallback only. The ciphers are sorted by security margin.

"SECURE128" means all "secure" ciphersuites of security level 128-bit or more.

"SECURE192" means all "secure" ciphersuites of security level 192-bit or more.

"SUITEB128" means all the NSA SuiteB ciphersuites with security level of 128.

"SUITEB192" means all the NSA SuiteB ciphersuites with security level of 192.

"EXPORT" means all ciphersuites are enabled, including the low-security 40 bit ciphers.

"NONE" means nothing is enabled. This disables even protocols and compression methods.

Special keywords are "!", "-" and "+". "!" or "-" appended with an algorithm will remove this algorithm. "+" appended with an algorithm will add this algorithm.

Check the GnuTLS manual section "Priority strings" for detailed information.

Examples:

"NONE:+VERS-TLS-ALL:+MAC-ALL:+RSA:+AES-128-CBC:+SIGN-ALL:+COMP-NULL"

"NORMAL:-ARCFOUR-128" means normal ciphers except for ARCFOUR-128.

"SECURE:-VERS-SSL3.0:+COMP-DEFLATE" means that only secure ciphers are enabled, SSL3.0 is disabled, and libz compression enabled.

"NONE:+VERS-TLS-ALL:+AES-128-CBC:+RSA:+SHA1:+COMP-NULL:+SIGN-RSA-SHA1",

"NONE:+VERS-TLS-ALL:+AES-128-CBC:+ECDHE-RSA:+SHA1:+COMP-NULL:+SIGN-RSA-SHA1:+CURVE-SECP256R1",

"SECURE256:+SECURE128",

Note that "NORMAL:COMPAT" is the most compatible mode.

gnutls_priority_deinit ()

void                gnutls_priority_deinit              (gnutls_priority_t priority_cache);

Deinitializes the priority cache.

gnutls_priority_set ()

int                 gnutls_priority_set                 (gnutls_session_t session,
                                                         gnutls_priority_t priority);

Sets the priorities to use on the ciphers, key exchange methods, macs and compression methods.

gnutls_priority_set_direct ()

int                 gnutls_priority_set_direct          (gnutls_session_t session,
                                                         const char *priorities,
                                                         const char **err_pos);

Sets the priorities to use on the ciphers, key exchange methods, macs and compression methods. This function avoids keeping a priority cache and is used to directly set string priorities to a TLS session. For documentation check the gnutls_priority_init().

gnutls_set_default_priority ()

int                 gnutls_set_default_priority         (gnutls_session_t session);

Sets some default priority on the ciphers, key exchange methods, macs and compression methods.

This is the same as calling:

gnutls_priority_set_direct (session, "NORMAL", NULL);

This function is kept around for backwards compatibility, but because of its wide use it is still fully supported. If you wish to allow users to provide a string that specify which ciphers to use (which is recommended), you should use gnutls_priority_set_direct() or gnutls_priority_set() instead.

gnutls_cipher_suite_get_name ()

const char *        gnutls_cipher_suite_get_name        (gnutls_kx_algorithm_t kx_algorithm,
                                                         gnutls_cipher_algorithm_t cipher_algorithm,
                                                         gnutls_mac_algorithm_t mac_algorithm);

Note that the full cipher suite name must be prepended by TLS or SSL depending of the protocol in use.

gnutls_protocol_get_version ()

gnutls_protocol_t   gnutls_protocol_get_version         (gnutls_session_t session);

Get TLS version, a gnutls_protocol_t value.

gnutls_protocol_get_name ()

const char *        gnutls_protocol_get_name            (gnutls_protocol_t version);

Convert a gnutls_protocol_t value to a string.

gnutls_session_set_data ()

int                 gnutls_session_set_data             (gnutls_session_t session,
                                                         const void *session_data,
                                                         size_t session_data_size);

Sets all session parameters, in order to resume a previously established session. The session data given must be the one returned by gnutls_session_get_data(). This function should be called before gnutls_handshake().

Keep in mind that session resuming is advisory. The server may choose not to resume the session, thus a full handshake will be performed.

gnutls_session_get_data ()

int                 gnutls_session_get_data             (gnutls_session_t session,
                                                         void *session_data,
                                                         size_t *session_data_size);

Returns all session parameters needed to be stored to support resumption. The client should call this, and store the returned session data. A session may be resumed later by calling gnutls_session_set_data(). This function must be called after a successful handshake.

gnutls_session_get_data2 ()

int                 gnutls_session_get_data2            (gnutls_session_t session,
                                                         gnutls_datum_t *data);

Returns all session parameters needed to be stored to support resumption. The client should call this, and store the returned session data. A session may be resumed later by calling gnutls_session_set_data(). This function must be called after a successful handshake. The returned data are allocated and must be released using gnutls_free().

GNUTLS_MAX_SESSION_ID

#define GNUTLS_MAX_SESSION_ID 32

gnutls_session_get_id ()

int                 gnutls_session_get_id               (gnutls_session_t session,
                                                         void *session_id,
                                                         size_t *session_id_size);

Returns the current session ID. This can be used if you want to check if the next session you tried to resume was actually resumed. That is because resumed sessions share the same session ID with the original session.

The session ID is selected by the server, that identify the current session. In TLS 1.0 and SSL 3.0 session id is always less than 32 bytes.

GNUTLS_MASTER_SIZE

#define GNUTLS_MASTER_SIZE 48

GNUTLS_RANDOM_SIZE

#define GNUTLS_RANDOM_SIZE 32

gnutls_session_is_resumed ()

int                 gnutls_session_is_resumed           (gnutls_session_t session);

Check whether session is resumed or not.

gnutls_db_store_func ()

int                 (*gnutls_db_store_func)             (void *Param1,
                                                         gnutls_datum_t key,
                                                         gnutls_datum_t data);

gnutls_db_remove_func ()

int                 (*gnutls_db_remove_func)            (void *Param1,
                                                         gnutls_datum_t key);

gnutls_db_retr_func ()

gnutls_datum_t      (*gnutls_db_retr_func)              (void *Param1,
                                                         gnutls_datum_t key);

gnutls_db_set_cache_expiration ()

void                gnutls_db_set_cache_expiration      (gnutls_session_t session,
                                                         int seconds);

Set the expiration time for resumed sessions. The default is 3600 (one hour) at the time of this writing.

gnutls_db_remove_session ()

void                gnutls_db_remove_session            (gnutls_session_t session);

This function will remove the current session data from the session database. This will prevent future handshakes reusing these session data. This function should be called if a session was terminated abnormally, and before gnutls_deinit() is called.

Normally gnutls_deinit() will remove abnormally terminated sessions.

gnutls_db_set_retrieve_function ()

void                gnutls_db_set_retrieve_function     (gnutls_session_t session,
                                                         gnutls_db_retr_func retr_func);

Sets the function that will be used to retrieve data from the resumed sessions database. This function must return a gnutls_datum_t containing the data on success, or a gnutls_datum_t containing null and 0 on failure.

The datum's data must be allocated using the function gnutls_malloc().

The first argument to retr_func will be null unless gnutls_db_set_ptr() has been called.

gnutls_db_set_remove_function ()

void                gnutls_db_set_remove_function       (gnutls_session_t session,
                                                         gnutls_db_remove_func rem_func);

Sets the function that will be used to remove data from the resumed sessions database. This function must return 0 on success.

The first argument to rem_func will be null unless gnutls_db_set_ptr() has been called.

gnutls_db_set_store_function ()

void                gnutls_db_set_store_function        (gnutls_session_t session,
                                                         gnutls_db_store_func store_func);

Sets the function that will be used to store data in the resumed sessions database. This function must return 0 on success.

The first argument to store_func will be null unless gnutls_db_set_ptr() has been called.

gnutls_db_set_ptr ()

void                gnutls_db_set_ptr                   (gnutls_session_t session,
                                                         void *ptr);

Sets the pointer that will be provided to db store, retrieve and delete functions, as the first argument.