| blob | 03ef83bf3cac79b07cad71308d05fddd430ca5f8 |
1 /*
2 * Copyright (C) 2004-2012 Free Software Foundation, Inc.
3 *
4 * Author: Nikos Mavrogiannopoulos
5 *
6 * This file is part of GnuTLS.
7 *
8 * The GnuTLS is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU Lesser General Public License
10 * as published by the Free Software Foundation; either version 3 of
11 * the License, or (at your option) any later version.
12 *
13 * This library is distributed in the hope that it will be useful, but
14 * WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 * Lesser General Public License for more details.
17 *
18 * You should have received a copy of the GNU Lesser General Public License
19 * along with this program. If not, see <http://www.gnu.org/licenses/>
20 *
21 */
23 /* Here lies the code of the gnutls_*_set_priority() functions.
24 */
29 #include <gnutls_num.h>
31 static void
36 /**
37 * gnutls_cipher_set_priority:
38 * @session: is a #gnutls_session_t structure.
39 * @list: is a 0 terminated list of gnutls_cipher_algorithm_t elements.
40 *
41 * Sets the priority on the ciphers supported by gnutls. Priority is
42 * higher for elements specified before others. After specifying the
43 * ciphers you want, you must append a 0. Note that the priority is
44 * set on the client. The server does not use the algorithm's
45 * priority except for disabling algorithms that were not specified.
46 *
47 * Returns: %GNUTLS_E_SUCCESS (0) on success, or a negative error code.
48 **/
49 int
51 {
55 num++;
61 {
63 }
66 }
72 {
76 num++;
82 {
84 }
87 }
91 {
97 {
99 {
101 }
104 {
106 {
108 }
109 }
112 {
115 }
116 }
119 }
121 static void
123 {
125 }
127 /**
128 * gnutls_kx_set_priority:
129 * @session: is a #gnutls_session_t structure.
130 * @list: is a 0 terminated list of gnutls_kx_algorithm_t elements.
131 *
132 * Sets the priority on the key exchange algorithms supported by
133 * gnutls. Priority is higher for elements specified before others.
134 * After specifying the algorithms you want, you must append a 0.
135 * Note that the priority is set on the client. The server does not
136 * use the algorithm's priority except for disabling algorithms that
137 * were not specified.
138 *
139 * Returns: %GNUTLS_E_SUCCESS on success, or an error code.
140 **/
141 int
143 {
146 }
148 /**
149 * gnutls_mac_set_priority:
150 * @session: is a #gnutls_session_t structure.
151 * @list: is a 0 terminated list of gnutls_mac_algorithm_t elements.
152 *
153 * Sets the priority on the mac algorithms supported by gnutls.
154 * Priority is higher for elements specified before others. After
155 * specifying the algorithms you want, you must append a 0. Note
156 * that the priority is set on the client. The server does not use
157 * the algorithm's priority except for disabling algorithms that were
158 * not specified.
159 *
160 * Returns: %GNUTLS_E_SUCCESS on success, or an error code.
161 **/
162 int
164 {
167 }
169 /**
170 * gnutls_compression_set_priority:
171 * @session: is a #gnutls_session_t structure.
172 * @list: is a 0 terminated list of gnutls_compression_method_t elements.
173 *
174 * Sets the priority on the compression algorithms supported by
175 * gnutls. Priority is higher for elements specified before others.
176 * After specifying the algorithms you want, you must append a 0.
177 * Note that the priority is set on the client. The server does not
178 * use the algorithm's priority except for disabling algorithms that
179 * were not specified.
180 *
181 * TLS 1.0 does not define any compression algorithms except
182 * NULL. Other compression algorithms are to be considered as gnutls
183 * extensions.
184 *
185 * Returns: %GNUTLS_E_SUCCESS on success, or an error code.
186 **/
187 int
189 {
192 }
194 /**
195 * gnutls_protocol_set_priority:
196 * @session: is a #gnutls_session_t structure.
197 * @list: is a 0 terminated list of gnutls_protocol_t elements.
198 *
199 * Sets the priority on the protocol versions supported by gnutls.
200 * This function actually enables or disables protocols. Newer protocol
201 * versions always have highest priority.
202 *
203 * Returns: %GNUTLS_E_SUCCESS on success, or an error code.
204 **/
205 int
207 {
210 /* set the current version to the first in the chain.
211 * This will be overridden later.
212 */
217 }
219 /**
220 * gnutls_certificate_type_set_priority:
221 * @session: is a #gnutls_session_t structure.
222 * @list: is a 0 terminated list of gnutls_certificate_type_t elements.
223 *
224 * Sets the priority on the certificate types supported by gnutls.
225 * Priority is higher for elements specified before others.
226 * After specifying the types you want, you must append a 0.
227 * Note that the certificate type priority is set on the client.
228 * The server does not use the cert type priority except for disabling
229 * types that were not specified.
230 *
231 * Returns: %GNUTLS_E_SUCCESS on success, or an error code.
232 **/
233 int
236 {
237 #ifdef ENABLE_OPENPGP
240 #else
244 #endif
245 }
248 GNUTLS_ECC_CURVE_SECP192R1,
249 GNUTLS_ECC_CURVE_SECP224R1,
250 GNUTLS_ECC_CURVE_SECP256R1,
251 GNUTLS_ECC_CURVE_SECP384R1,
252 GNUTLS_ECC_CURVE_SECP521R1,
253 0
254 };
257 GNUTLS_ECC_CURVE_SECP256R1,
258 GNUTLS_ECC_CURVE_SECP384R1,
259 GNUTLS_ECC_CURVE_SECP521R1,
260 0
261 };
264 GNUTLS_ECC_CURVE_SECP256R1,
265 GNUTLS_ECC_CURVE_SECP384R1,
266 0
267 };
270 GNUTLS_ECC_CURVE_SECP384R1,
271 0
272 };
275 GNUTLS_ECC_CURVE_SECP384R1,
276 GNUTLS_ECC_CURVE_SECP521R1,
277 0
278 };
281 GNUTLS_TLS1_2,
282 GNUTLS_TLS1_1,
283 GNUTLS_TLS1_0,
284 GNUTLS_SSL3,
285 GNUTLS_DTLS1_0,
286 0
287 };
290 GNUTLS_TLS1_2,
291 0
292 };
295 GNUTLS_KX_RSA,
296 GNUTLS_KX_ECDHE_ECDSA,
297 GNUTLS_KX_ECDHE_RSA,
298 GNUTLS_KX_DHE_RSA,
299 GNUTLS_KX_DHE_DSS,
300 0
301 };
304 GNUTLS_KX_ECDHE_ECDSA,
305 0
306 };
309 GNUTLS_KX_RSA,
310 GNUTLS_KX_ECDHE_ECDSA,
311 GNUTLS_KX_ECDHE_RSA,
312 GNUTLS_KX_DHE_RSA,
313 GNUTLS_KX_DHE_DSS,
314 GNUTLS_KX_RSA_EXPORT,
315 0
316 };
319 /* The ciphersuites that offer forward secrecy take
320 * precedence
321 */
322 GNUTLS_KX_ECDHE_ECDSA,
323 GNUTLS_KX_ECDHE_RSA,
324 GNUTLS_KX_DHE_RSA,
325 GNUTLS_KX_DHE_DSS,
326 GNUTLS_KX_RSA,
327 /* GNUTLS_KX_ANON_DH: Man-in-the-middle prone, don't add!
328 * GNUTLS_KX_RSA_EXPORT: Deprecated, don't add!
329 */
330 0
331 };
334 GNUTLS_CIPHER_ARCFOUR_128,
335 GNUTLS_CIPHER_AES_128_CBC,
336 GNUTLS_CIPHER_CAMELLIA_128_CBC,
337 GNUTLS_CIPHER_AES_256_CBC,
338 GNUTLS_CIPHER_CAMELLIA_256_CBC,
339 GNUTLS_CIPHER_3DES_CBC,
340 GNUTLS_CIPHER_AES_128_GCM,
341 GNUTLS_CIPHER_AES_256_GCM,
342 0
343 };
345 /* If GCM and AES acceleration is available then prefer
346 * them over anything else.
347 */
349 GNUTLS_CIPHER_AES_128_GCM,
350 GNUTLS_CIPHER_AES_128_CBC,
351 GNUTLS_CIPHER_AES_256_GCM,
352 GNUTLS_CIPHER_AES_256_CBC,
353 GNUTLS_CIPHER_ARCFOUR_128,
354 GNUTLS_CIPHER_CAMELLIA_128_CBC,
355 GNUTLS_CIPHER_CAMELLIA_256_CBC,
356 GNUTLS_CIPHER_3DES_CBC,
357 0
358 };
361 GNUTLS_CIPHER_AES_128_CBC,
362 GNUTLS_CIPHER_CAMELLIA_128_CBC,
363 GNUTLS_CIPHER_AES_128_GCM,
364 GNUTLS_CIPHER_AES_256_CBC,
365 GNUTLS_CIPHER_CAMELLIA_256_CBC,
366 GNUTLS_CIPHER_AES_256_GCM,
367 GNUTLS_CIPHER_3DES_CBC,
368 GNUTLS_CIPHER_ARCFOUR_128,
369 0
370 };
373 GNUTLS_CIPHER_AES_128_GCM,
374 GNUTLS_CIPHER_AES_128_CBC,
375 GNUTLS_CIPHER_AES_256_GCM,
376 GNUTLS_CIPHER_AES_256_CBC,
377 GNUTLS_CIPHER_CAMELLIA_128_CBC,
378 GNUTLS_CIPHER_CAMELLIA_256_CBC,
379 GNUTLS_CIPHER_3DES_CBC,
380 GNUTLS_CIPHER_ARCFOUR_128,
381 0
382 };
389 GNUTLS_CIPHER_AES_128_GCM,
390 GNUTLS_CIPHER_AES_256_GCM,
391 0
392 };
395 GNUTLS_CIPHER_AES_256_GCM,
396 0
397 };
401 GNUTLS_CIPHER_AES_128_CBC,
402 GNUTLS_CIPHER_CAMELLIA_128_CBC,
403 GNUTLS_CIPHER_AES_128_GCM,
404 GNUTLS_CIPHER_AES_256_CBC,
405 GNUTLS_CIPHER_CAMELLIA_256_CBC,
406 GNUTLS_CIPHER_AES_256_GCM,
407 0
408 };
412 GNUTLS_CIPHER_AES_256_CBC,
413 GNUTLS_CIPHER_CAMELLIA_256_CBC,
414 GNUTLS_CIPHER_AES_256_GCM,
415 0
416 };
418 /* The same as cipher_priority_security_normal + arcfour-40. */
420 GNUTLS_CIPHER_AES_128_CBC,
421 GNUTLS_CIPHER_AES_256_CBC,
422 GNUTLS_CIPHER_CAMELLIA_128_CBC,
423 GNUTLS_CIPHER_CAMELLIA_256_CBC,
424 GNUTLS_CIPHER_AES_128_GCM,
425 GNUTLS_CIPHER_3DES_CBC,
426 GNUTLS_CIPHER_ARCFOUR_128,
427 GNUTLS_CIPHER_ARCFOUR_40,
428 0
429 };
432 /* compression should be explicitly requested to be enabled */
433 GNUTLS_COMP_NULL,
434 0
435 };
438 GNUTLS_SIGN_RSA_SHA256,
439 GNUTLS_SIGN_DSA_SHA256,
440 GNUTLS_SIGN_ECDSA_SHA256,
442 GNUTLS_SIGN_RSA_SHA384,
443 GNUTLS_SIGN_ECDSA_SHA384,
445 GNUTLS_SIGN_RSA_SHA512,
446 GNUTLS_SIGN_ECDSA_SHA512,
448 GNUTLS_SIGN_RSA_SHA224,
449 GNUTLS_SIGN_DSA_SHA224,
450 GNUTLS_SIGN_ECDSA_SHA224,
452 GNUTLS_SIGN_RSA_SHA1,
453 GNUTLS_SIGN_DSA_SHA1,
454 GNUTLS_SIGN_ECDSA_SHA1,
455 0
456 };
459 GNUTLS_SIGN_ECDSA_SHA256,
460 GNUTLS_SIGN_ECDSA_SHA384,
461 0
462 };
465 GNUTLS_SIGN_ECDSA_SHA384,
466 0
467 };
470 GNUTLS_SIGN_RSA_SHA256,
471 GNUTLS_SIGN_DSA_SHA256,
472 GNUTLS_SIGN_ECDSA_SHA256,
473 GNUTLS_SIGN_RSA_SHA384,
474 GNUTLS_SIGN_ECDSA_SHA384,
475 GNUTLS_SIGN_RSA_SHA512,
476 GNUTLS_SIGN_ECDSA_SHA512,
477 0
478 };
481 GNUTLS_SIGN_RSA_SHA384,
482 GNUTLS_SIGN_ECDSA_SHA384,
483 GNUTLS_SIGN_RSA_SHA512,
484 GNUTLS_SIGN_ECDSA_SHA512,
485 0
486 };
489 GNUTLS_MAC_SHA1,
490 GNUTLS_MAC_SHA256,
491 GNUTLS_MAC_SHA384,
492 GNUTLS_MAC_AEAD,
493 GNUTLS_MAC_MD5,
494 0
495 };
498 GNUTLS_MAC_AEAD,
499 0
500 };
503 GNUTLS_MAC_AEAD,
504 0
505 };
508 GNUTLS_MAC_SHA1,
509 GNUTLS_MAC_SHA256,
510 GNUTLS_MAC_SHA384,
511 GNUTLS_MAC_AEAD,
512 0
513 };
516 GNUTLS_MAC_SHA256,
517 GNUTLS_MAC_SHA384,
518 GNUTLS_MAC_AEAD,
519 0
520 };
523 GNUTLS_CRT_X509,
524 0
525 };
528 GNUTLS_CRT_X509,
529 GNUTLS_CRT_OPENPGP,
530 0
531 };
535 static void
537 {
542 {
545 i++;
546 }
549 {
553 }
556 }
558 static void
560 {
563 {
566 i++;
567 }
570 {
573 }
576 }
579 /**
580 * gnutls_priority_set:
581 * @session: is a #gnutls_session_t structure.
582 * @priority: is a #gnutls_priority_t structure.
583 *
584 * Sets the priorities to use on the ciphers, key exchange methods,
585 * macs and compression methods.
586 *
587 * Returns: %GNUTLS_E_SUCCESS on success, or an error code.
588 **/
589 int
591 {
593 {
596 }
601 /* set the current version to the first in the chain.
602 * This will be overridden later.
603 */
617 }
620 #define MAX_ELEMENTS 48
632 static
634 {
641 {
643 cipher_priority_performance);
647 sign_priority_default);
650 }
652 {
657 sign_priority_default);
660 }
663 {
665 cipher_priority_secure192);
669 sign_priority_secure192);
672 }
675 {
677 cipher_priority_secure128);
681 sign_priority_secure128);
684 }
686 {
689 cipher_priority_suiteb128);
693 sign_priority_suiteb128);
696 }
698 {
701 cipher_priority_suiteb192);
705 sign_priority_suiteb192);
708 }
710 {
715 sign_priority_default);
718 }
720 }
722 /**
723 * gnutls_priority_init:
724 * @priority_cache: is a #gnutls_prioritity_t structure.
725 * @priorities: is a string describing priorities
726 * @err_pos: In case of an error this will have the position in the string the error occured
727 *
728 * Sets priorities for the ciphers, key exchange methods, macs and
729 * compression methods.
730 *
731 * The #priorities option allows you to specify a colon
732 * separated list of the cipher priorities to enable.
733 * Some keywords are defined to provide quick access
734 * to common preferences.
735 *
736 * "PERFORMANCE" means all the "secure" ciphersuites are enabled,
737 * limited to 128 bit ciphers and sorted by terms of speed
738 * performance.
739 *
740 * "NORMAL" means all "secure" ciphersuites. The 256-bit ciphers are
741 * included as a fallback only. The ciphers are sorted by security
742 * margin.
743 *
744 * "SECURE128" means all "secure" ciphersuites of security level 128-bit
745 * or more.
746 *
747 * "SECURE192" means all "secure" ciphersuites of security level 192-bit
748 * or more.
749 *
750 * "SUITEB128" means all the NSA SuiteB ciphersuites with security level
751 * of 128.
752 *
753 * "SUITEB192" means all the NSA SuiteB ciphersuites with security level
754 * of 192.
755 *
756 * "EXPORT" means all ciphersuites are enabled, including the
757 * low-security 40 bit ciphers.
758 *
759 * "NONE" means nothing is enabled. This disables even protocols and
760 * compression methods.
761 *
762 * Special keywords are "!", "-" and "+".
763 * "!" or "-" appended with an algorithm will remove this algorithm.
764 * "+" appended with an algorithm will add this algorithm.
765 *
766 * Check the GnuTLS manual section "Priority strings" for detailed
767 * information.
768 *
769 * Examples:
770 *
771 * "NONE:+VERS-TLS-ALL:+MAC-ALL:+RSA:+AES-128-CBC:+SIGN-ALL:+COMP-NULL"
772 *
773 * "NORMAL:-ARCFOUR-128" means normal ciphers except for ARCFOUR-128.
774 *
775 * "SECURE:-VERS-SSL3.0:+COMP-DEFLATE" means that only secure ciphers are
776 * enabled, SSL3.0 is disabled, and libz compression enabled.
777 *
778 * "NONE:+VERS-TLS-ALL:+AES-128-CBC:+RSA:+SHA1:+COMP-NULL:+SIGN-RSA-SHA1",
779 *
780 * "NONE:+VERS-TLS-ALL:+AES-128-CBC:+ECDHE-RSA:+SHA1:+COMP-NULL:+SIGN-RSA-SHA1:+CURVE-SECP256R1",
781 *
782 * "SECURE256:+SECURE128",
783 *
784 * Note that "NORMAL:%COMPAT" is the most compatible mode.
785 *
786 * Returns: On syntax error %GNUTLS_E_INVALID_REQUEST is returned,
787 * %GNUTLS_E_SUCCESS on success, or an error code.
788 **/
789 int
792 {
802 {
805 }
807 /* for now unsafe renegotiation is default on everyone. To be removed
808 * when we make it the default.
809 */
818 {
821 }
824 /* This is our default set of protocol version, certificate types and
825 * compression methods.
826 */
828 {
835 }
836 else
837 {
839 }
842 {
844 {
846 }
849 {
851 {
854 }
855 else
856 {
859 }
862 {
864 }
869 GNUTLS_CIPHER_UNKNOWN)
872 GNUTLS_KX_UNKNOWN)
875 {
877 {
879 protocol_priority);
880 }
881 else
882 {
885 GNUTLS_VERSION_UNKNOWN)
887 else
890 }
893 {
895 {
897 comp_priority);
898 }
899 else
900 {
903 GNUTLS_COMP_UNKNOWN)
905 else
907 }
910 {
912 {
914 supported_ecc_normal);
915 }
916 else
917 {
920 GNUTLS_ECC_CURVE_INVALID)
922 else
924 }
927 {
929 {
931 cert_type_priority_all);
932 }
933 else
934 {
937 GNUTLS_CRT_UNKNOWN)
939 else
941 }
944 {
946 {
948 sign_priority_default);
949 }
950 else
951 {
954 GNUTLS_SIGN_UNKNOWN)
956 else
958 }
959 }
961 {
963 mac_priority_normal);
964 }
966 {
968 cipher_priority_normal);
969 }
971 {
973 kx_priority_secure);
974 }
975 else
977 }
979 {
981 {
983 }
985 {
987 }
989 {
991 }
994 {
997 GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD5;
998 }
1001 {
1003 GNUTLS_VERIFY_DISABLE_CRL_CHECKS;
1004 }
1014 GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT;
1017 {
1019 }
1021 {
1023 }
1026 {
1028 }
1031 {
1033 }
1036 {
1038 }
1039 else
1041 }
1042 else
1044 }
1049 error:
1051 {
1054 {
1056 }
1057 }
1063 }
1065 /**
1066 * gnutls_priority_deinit:
1067 * @priority_cache: is a #gnutls_prioritity_t structure.
1068 *
1069 * Deinitializes the priority cache.
1070 **/
1071 void
1073 {
1075 }
1078 /**
1079 * gnutls_priority_set_direct:
1080 * @session: is a #gnutls_session_t structure.
1081 * @priorities: is a string describing priorities
1082 * @err_pos: In case of an error this will have the position in the string the error occured
1083 *
1084 * Sets the priorities to use on the ciphers, key exchange methods,
1085 * macs and compression methods. This function avoids keeping a
1086 * priority cache and is used to directly set string priorities to a
1087 * TLS session. For documentation check the gnutls_priority_init().
1088 *
1089 * Returns: On syntax error %GNUTLS_E_INVALID_REQUEST is returned,
1090 * %GNUTLS_E_SUCCESS on success, or an error code.
1091 **/
1092 int
1095 {
1096 gnutls_priority_t prio;
1101 {
1104 }
1108 {
1111 }
1116 }
1118 /* Breaks a list of "xxx", "yyy", to a character array, of
1119 * MAX_COMMA_SEP_ELEMENTS size; Note that the given string is modified.
1120 */
1121 static void
1125 {
1132 do
1133 {
1140 {
1143 * space.
1144 */
1146 p++;
1147 }
1148 }
1150 }
1152 /**
1153 * gnutls_set_default_priority:
1154 * @session: is a #gnutls_session_t structure.
1155 *
1156 * Sets some default priority on the ciphers, key exchange methods,
1157 * macs and compression methods.
1158 *
1159 * This is the same as calling:
1160 *
1161 * gnutls_priority_set_direct (session, "NORMAL", NULL);
1162 *
1163 * This function is kept around for backwards compatibility, but
1164 * because of its wide use it is still fully supported. If you wish
1165 * to allow users to provide a string that specify which ciphers to
1166 * use (which is recommended), you should use
1167 * gnutls_priority_set_direct() or gnutls_priority_set() instead.
1168 *
1169 * Returns: %GNUTLS_E_SUCCESS on success, or an error code.
1170 **/
1171 int
1173 {
1175 }
1177 /**
1178 * gnutls_set_default_export_priority:
1179 * @session: is a #gnutls_session_t structure.
1180 *
1181 * Sets some default priority on the ciphers, key exchange methods, macs
1182 * and compression methods. This function also includes weak algorithms.
1183 *
1184 * This is the same as calling:
1185 *
1186 * gnutls_priority_set_direct (session, "EXPORT", NULL);
1187 *
1188 * This function is kept around for backwards compatibility, but
1189 * because of its wide use it is still fully supported. If you wish
1190 * to allow users to provide a string that specify which ciphers to
1191 * use (which is recommended), you should use
1192 * gnutls_priority_set_direct() or gnutls_priority_set() instead.
1193 *
1194 * Returns: %GNUTLS_E_SUCCESS on success, or an error code.
1195 **/
1196 int
1198 {
1200 }
1202 /* Increases the priority of AES-GCM as it is much faster
1203 * than anything else if hardware support is there.
1204 */
1206 {
1209 }
1211 /**
1212 * gnutls_priority_ecc_curve_list:
1213 * @pcache: is a #gnutls_prioritity_t structure.
1214 * @list: will point to an integer list
1215 *
1216 * Get a list of available elliptic curves in the priority
1217 * structure.
1218 *
1219 * Returns: the number of curves, or an error code.
1220 * Since: 3.0
1221 **/
1222 int
1224 {
1230 }
1232 /**
1233 * gnutls_priority_compression_list:
1234 * @pcache: is a #gnutls_prioritity_t structure.
1235 * @list: will point to an integer list
1236 *
1237 * Get a list of available compression method in the priority
1238 * structure.
1239 *
1240 * Returns: the number of methods, or an error code.
1241 * Since: 3.0
1242 **/
1243 int
1245 {
1251 }
1253 /**
1254 * gnutls_priority_protocol_list:
1255 * @pcache: is a #gnutls_prioritity_t structure.
1256 * @list: will point to an integer list
1257 *
1258 * Get a list of available TLS version numbers in the priority
1259 * structure.
1260 *
1261 * Returns: the number of protocols, or an error code.
1262 * Since: 3.0
1263 **/
1264 int
1266 {
1272 }
1274 /**
1275 * gnutls_priority_sign_list:
1276 * @pcache: is a #gnutls_prioritity_t structure.
1277 * @list: will point to an integer list
1278 *
1279 * Get a list of available signature algorithms in the priority
1280 * structure.
1281 *
1282 * Returns: the number of algorithms, or an error code.
1283 * Since: 3.0
1284 **/
1285 int
1287 {
1293 }
1295 /**
1296 * gnutls_priority_certificate_type_list:
1297 * @pcache: is a #gnutls_prioritity_t structure.
1298 * @list: will point to an integer list
1299 *
1300 * Get a list of available certificate types in the priority
1301 * structure.
1302 *
1303 * Returns: the number of certificate types, or an error code.
1304 * Since: 3.0
1305 **/
1306 int
1308 {
1314 }