sq3: show SQLite error messages on stderr by default
[iv.d.git] / gnutls.d
blobfe0de6cc52c92b86648a5b1cd4db4422e208c7a5
1 /* -*- c -*-
2 * Copyright (C) 2000-2012 Free Software Foundation, Inc.
4 * Author: Nikos Mavrogiannopoulos
6 * This file is part of GnuTLS.
8 * The GnuTLS is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU Lesser General Public License
10 * as published by the Free Software Foundation; either version 2.1 of
11 * the License, or (at your option) any later version.
13 * This library is distributed in the hope that it will be useful, but
14 * WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 * Lesser General Public License for more details.
18 * You should have received a copy of the GNU Lesser General Public License
19 * along with this program. If not, see <http://www.gnu.org/licenses/>
23 /* This file contains the types and prototypes for all the
24 * high level functionality of the gnutls main library.
26 * If the optional C++ binding was built, it is available in
27 * gnutls/gnutlsxx.h.
29 * The openssl compatibility layer (which is under the GNU GPL
30 * license) is in gnutls/openssl.h.
32 * The low level cipher functionality is in gnutls/crypto.h.
34 module iv.gnutls /*is aliced*/;
35 pragma(lib, "gnutls");
36 pragma(lib, "gcrypt");
38 import iv.alice;
39 import core.sys.posix.sys.types : time_t;
42 extern(C) nothrow:
44 alias gnutls_params_function = int function (gnutls_session_t, gnutls_params_type_t, gnutls_params_st *);
45 alias gnutls_certificate_verify_function = int function (gnutls_session_t);
46 alias gnutls_db_store_func = int function (void *, gnutls_datum_t key, gnutls_datum_t data);
47 alias gnutls_db_remove_func = int function (void *, gnutls_datum_t key);
48 alias gnutls_db_retr_func = gnutls_datum_t function (void *, gnutls_datum_t key);
49 alias gnutls_handshake_post_client_hello_func = int function (gnutls_session_t);
50 alias gnutls_handshake_hook_func = int function (gnutls_session_t, uint htype, uint post, uint incoming, const(gnutls_datum_t)* msg);
51 alias gnutls_time_func = time_t function (time_t * t);
52 alias mutex_init_func = int function (void **mutex);
53 alias mutex_lock_func = int function (void **mutex);
54 alias mutex_unlock_func = int function (void **mutex);
55 alias mutex_deinit_func = int function (void **mutex);
56 alias gnutls_alloc_function = void * function (usize);
57 alias gnutls_calloc_function = void * function (usize, usize);
58 alias gnutls_is_secure_function = int function (const(void)* );
59 alias gnutls_free_function = void function (void *);
60 alias gnutls_realloc_function = void * function (void *, usize);
61 alias gnutls_log_func = void function (int, const(char)* );
62 alias gnutls_audit_log_func = void function (gnutls_session_t, const(char)* );
63 alias gnutls_pull_func = ssize function (gnutls_transport_ptr_t, void *, usize);
64 alias gnutls_push_func = ssize function (gnutls_transport_ptr_t, const(void)* , usize);
65 alias gnutls_pull_timeout_func = int function (gnutls_transport_ptr_t, uint ms);
66 alias gnutls_vec_push_func = ssize function (gnutls_transport_ptr_t, const(giovec_t)* iov, int iovcnt);
67 alias gnutls_errno_func = int function (gnutls_transport_ptr_t);
68 alias gnutls_srp_server_credentials_function = int function (gnutls_session_t, const(char)* username, gnutls_datum_t* salt, gnutls_datum_t* verifier, gnutls_datum_t* generator, gnutls_datum_t* prime);
69 alias gnutls_srp_client_credentials_function = int function (gnutls_session_t, char **, char **);
70 alias gnutls_psk_server_credentials_function = int function (gnutls_session_t, const(char)* username, gnutls_datum_t* key);
71 alias gnutls_psk_client_credentials_function = int function (gnutls_session_t, char** username, gnutls_datum_t* key);
72 alias gnutls_certificate_retrieve_function = int function (gnutls_session_t, const(gnutls_datum_t)* req_ca_rdn, int nreqs, const(gnutls_pk_algorithm_t)* pk_algos, int pk_algos_length, gnutls_retr2_st*);
73 alias gnutls_tdb_store_func = int function (const(char)* db_name, const(char)* host, const(char)* service, time_t expiration, const(gnutls_datum_t)* pubkey);
74 alias gnutls_tdb_store_commitment_func = int function (const(char)* db_name, const(char)* host, const(char)* service, time_t expiration, gnutls_digest_algorithm_t hash_algo, const(gnutls_datum_t)* hash);
75 alias gnutls_tdb_verify_func = int function (const(char)* db_name, const(char)* host, const(char)* service, const(gnutls_datum_t)* pubkey);
76 alias gnutls_pin_callback_t = int function (void *userdata, int attempt, const(char)* token_url, const(char)* token_label, uint flags, char* pin, usize pin_max);
77 alias gnutls_ext_recv_func = int function (gnutls_session_t session, const(ubyte)* data, usize len);
78 alias gnutls_ext_send_func = int function (gnutls_session_t session, gnutls_buffer_t extdata);
79 alias gnutls_ext_deinit_data_func = void function (gnutls_ext_priv_data_t data);
80 alias gnutls_ext_pack_func = int function (gnutls_ext_priv_data_t data, gnutls_buffer_t packed_data);
81 alias gnutls_ext_unpack_func = int function (gnutls_buffer_t packed_data, gnutls_ext_priv_data_t *data);
82 alias gnutls_supp_recv_func = int function (gnutls_session_t session, const(ubyte)* data, usize data_size);
83 alias gnutls_supp_send_func = int function (gnutls_session_t session, gnutls_buffer_t buf);
86 @nogc:
87 enum GNUTLS_VERSION = "3.7.1";
89 enum GNUTLS_VERSION_MAJOR = 3;
90 enum GNUTLS_VERSION_MINOR = 4;
91 enum GNUTLS_VERSION_PATCH = 10;
93 enum GNUTLS_VERSION_NUMBER = 0x03040a;
95 enum GNUTLS_CIPHER_RIJNDAEL_128_CBC = GNUTLS_CIPHER_AES_128_CBC;
96 enum GNUTLS_CIPHER_RIJNDAEL_256_CBC = GNUTLS_CIPHER_AES_256_CBC;
97 enum GNUTLS_CIPHER_RIJNDAEL_CBC = GNUTLS_CIPHER_AES_128_CBC;
98 enum GNUTLS_CIPHER_ARCFOUR = GNUTLS_CIPHER_ARCFOUR_128;
100 /* Use the following definition globally in your program to disable
101 * implicit initialization of gnutls. */
102 /*???
103 #define GNUTLS_SKIP_GLOBAL_INIT int _gnutls_global_init_skip() @nogc; \
104 int _gnutls_global_init_skip(void) {return 1;}
108 * gnutls_cipher_algorithm_t:
109 * @GNUTLS_CIPHER_UNKNOWN: Value to identify an unknown/unsupported algorithm.
110 * @GNUTLS_CIPHER_NULL: The NULL (identity) encryption algorithm.
111 * @GNUTLS_CIPHER_ARCFOUR_128: ARCFOUR stream cipher with 128-bit keys.
112 * @GNUTLS_CIPHER_3DES_CBC: 3DES in CBC mode.
113 * @GNUTLS_CIPHER_AES_128_CBC: AES in CBC mode with 128-bit keys.
114 * @GNUTLS_CIPHER_AES_192_CBC: AES in CBC mode with 192-bit keys.
115 * @GNUTLS_CIPHER_AES_256_CBC: AES in CBC mode with 256-bit keys.
116 * @GNUTLS_CIPHER_ARCFOUR_40: ARCFOUR stream cipher with 40-bit keys.
117 * @GNUTLS_CIPHER_CAMELLIA_128_CBC: Camellia in CBC mode with 128-bit keys.
118 * @GNUTLS_CIPHER_CAMELLIA_192_CBC: Camellia in CBC mode with 192-bit keys.
119 * @GNUTLS_CIPHER_CAMELLIA_256_CBC: Camellia in CBC mode with 256-bit keys.
120 * @GNUTLS_CIPHER_RC2_40_CBC: RC2 in CBC mode with 40-bit keys.
121 * @GNUTLS_CIPHER_DES_CBC: DES in CBC mode (56-bit keys).
122 * @GNUTLS_CIPHER_AES_128_GCM: AES in GCM mode with 128-bit keys.
123 * @GNUTLS_CIPHER_AES_256_GCM: AES in GCM mode with 256-bit keys.
124 * @GNUTLS_CIPHER_AES_128_CCM: AES in CCM mode with 128-bit keys.
125 * @GNUTLS_CIPHER_AES_256_CCM: AES in CCM mode with 256-bit keys.
126 * @GNUTLS_CIPHER_AES_128_CCM_8: AES in CCM mode with 64-bit tag and 128-bit keys.
127 * @GNUTLS_CIPHER_AES_256_CCM_8: AES in CCM mode with 64-bit tag and 256-bit keys.
128 * @GNUTLS_CIPHER_CAMELLIA_128_GCM: CAMELLIA in GCM mode with 128-bit keys.
129 * @GNUTLS_CIPHER_CAMELLIA_256_GCM: CAMELLIA in GCM mode with 256-bit keys.
130 * @GNUTLS_CIPHER_SALSA20_256: Salsa20 with 256-bit keys.
131 * @GNUTLS_CIPHER_ESTREAM_SALSA20_256: Estream's Salsa20 variant with 256-bit keys.
132 * @GNUTLS_CIPHER_CHACHA20_POLY1305: The Chacha20 cipher with the Poly1305 authenticator (AEAD).
133 * @GNUTLS_CIPHER_IDEA_PGP_CFB: IDEA in CFB mode (placeholder - unsupported).
134 * @GNUTLS_CIPHER_3DES_PGP_CFB: 3DES in CFB mode (placeholder - unsupported).
135 * @GNUTLS_CIPHER_CAST5_PGP_CFB: CAST5 in CFB mode (placeholder - unsupported).
136 * @GNUTLS_CIPHER_BLOWFISH_PGP_CFB: Blowfish in CFB mode (placeholder - unsupported).
137 * @GNUTLS_CIPHER_SAFER_SK128_PGP_CFB: Safer-SK in CFB mode with 128-bit keys (placeholder - unsupported).
138 * @GNUTLS_CIPHER_AES128_PGP_CFB: AES in CFB mode with 128-bit keys (placeholder - unsupported).
139 * @GNUTLS_CIPHER_AES192_PGP_CFB: AES in CFB mode with 192-bit keys (placeholder - unsupported).
140 * @GNUTLS_CIPHER_AES256_PGP_CFB: AES in CFB mode with 256-bit keys (placeholder - unsupported).
141 * @GNUTLS_CIPHER_TWOFISH_PGP_CFB: Twofish in CFB mode (placeholder - unsupported).
143 * Enumeration of different symmetric encryption algorithms.
145 alias gnutls_cipher_algorithm = gnutls_cipher_algorithm_t;
146 alias gnutls_cipher_algorithm_t = int;
147 enum : int {
148 GNUTLS_CIPHER_UNKNOWN = 0,
149 GNUTLS_CIPHER_NULL = 1,
150 GNUTLS_CIPHER_ARCFOUR_128 = 2,
151 GNUTLS_CIPHER_3DES_CBC = 3,
152 GNUTLS_CIPHER_AES_128_CBC = 4,
153 GNUTLS_CIPHER_AES_256_CBC = 5,
154 GNUTLS_CIPHER_ARCFOUR_40 = 6,
155 GNUTLS_CIPHER_CAMELLIA_128_CBC = 7,
156 GNUTLS_CIPHER_CAMELLIA_256_CBC = 8,
157 GNUTLS_CIPHER_AES_192_CBC = 9,
158 GNUTLS_CIPHER_AES_128_GCM = 10,
159 GNUTLS_CIPHER_AES_256_GCM = 11,
160 GNUTLS_CIPHER_CAMELLIA_192_CBC = 12,
161 GNUTLS_CIPHER_SALSA20_256 = 13,
162 GNUTLS_CIPHER_ESTREAM_SALSA20_256 = 14,
163 GNUTLS_CIPHER_CAMELLIA_128_GCM = 15,
164 GNUTLS_CIPHER_CAMELLIA_256_GCM = 16,
165 GNUTLS_CIPHER_RC2_40_CBC = 17,
166 GNUTLS_CIPHER_DES_CBC = 18,
167 GNUTLS_CIPHER_AES_128_CCM = 19,
168 GNUTLS_CIPHER_AES_256_CCM = 20,
169 GNUTLS_CIPHER_AES_128_CCM_8 = 21,
170 GNUTLS_CIPHER_AES_256_CCM_8 = 22,
171 GNUTLS_CIPHER_CHACHA20_POLY1305 = 23,
173 /* used only for PGP internals. Ignored in TLS/SSL
175 GNUTLS_CIPHER_IDEA_PGP_CFB = 200,
176 GNUTLS_CIPHER_3DES_PGP_CFB = 201,
177 GNUTLS_CIPHER_CAST5_PGP_CFB = 202,
178 GNUTLS_CIPHER_BLOWFISH_PGP_CFB = 203,
179 GNUTLS_CIPHER_SAFER_SK128_PGP_CFB = 204,
180 GNUTLS_CIPHER_AES128_PGP_CFB = 205,
181 GNUTLS_CIPHER_AES192_PGP_CFB = 206,
182 GNUTLS_CIPHER_AES256_PGP_CFB = 207,
183 GNUTLS_CIPHER_TWOFISH_PGP_CFB = 208
187 * gnutls_kx_algorithm_t:
188 * @GNUTLS_KX_UNKNOWN: Unknown key-exchange algorithm.
189 * @GNUTLS_KX_RSA: RSA key-exchange algorithm.
190 * @GNUTLS_KX_DHE_DSS: DHE-DSS key-exchange algorithm.
191 * @GNUTLS_KX_DHE_RSA: DHE-RSA key-exchange algorithm.
192 * @GNUTLS_KX_ECDHE_RSA: ECDHE-RSA key-exchange algorithm.
193 * @GNUTLS_KX_ECDHE_ECDSA: ECDHE-ECDSA key-exchange algorithm.
194 * @GNUTLS_KX_ANON_DH: Anon-DH key-exchange algorithm.
195 * @GNUTLS_KX_ANON_ECDH: Anon-ECDH key-exchange algorithm.
196 * @GNUTLS_KX_SRP: SRP key-exchange algorithm.
197 * @GNUTLS_KX_RSA_EXPORT: RSA-EXPORT key-exchange algorithm (defunc).
198 * @GNUTLS_KX_SRP_RSA: SRP-RSA key-exchange algorithm.
199 * @GNUTLS_KX_SRP_DSS: SRP-DSS key-exchange algorithm.
200 * @GNUTLS_KX_PSK: PSK key-exchange algorithm.
201 * @GNUTLS_KX_DHE_PSK: DHE-PSK key-exchange algorithm.
202 * @GNUTLS_KX_ECDHE_PSK: ECDHE-PSK key-exchange algorithm.
203 * @GNUTLS_KX_RSA_PSK: RSA-PSK key-exchange algorithm.
205 * Enumeration of different key exchange algorithms.
207 alias gnutls_kx_algorithm_t = int;
208 enum : int {
209 GNUTLS_KX_UNKNOWN = 0,
210 GNUTLS_KX_RSA = 1,
211 GNUTLS_KX_DHE_DSS = 2,
212 GNUTLS_KX_DHE_RSA = 3,
213 GNUTLS_KX_ANON_DH = 4,
214 GNUTLS_KX_SRP = 5,
215 GNUTLS_KX_RSA_EXPORT = 6,
216 GNUTLS_KX_SRP_RSA = 7,
217 GNUTLS_KX_SRP_DSS = 8,
218 GNUTLS_KX_PSK = 9,
219 GNUTLS_KX_DHE_PSK = 10,
220 GNUTLS_KX_ANON_ECDH = 11,
221 GNUTLS_KX_ECDHE_RSA = 12,
222 GNUTLS_KX_ECDHE_ECDSA = 13,
223 GNUTLS_KX_ECDHE_PSK = 14,
224 GNUTLS_KX_RSA_PSK = 15
228 * gnutls_params_type_t:
229 * @GNUTLS_PARAMS_RSA_EXPORT: Session RSA-EXPORT parameters (defunc).
230 * @GNUTLS_PARAMS_DH: Session Diffie-Hellman parameters.
231 * @GNUTLS_PARAMS_ECDH: Session Elliptic-Curve Diffie-Hellman parameters.
233 * Enumeration of different TLS session parameter types.
235 alias gnutls_params_type_t = int;
236 enum : int {
237 GNUTLS_PARAMS_RSA_EXPORT = 1,
238 GNUTLS_PARAMS_DH = 2,
239 GNUTLS_PARAMS_ECDH = 3
243 * gnutls_credentials_type_t:
244 * @GNUTLS_CRD_CERTIFICATE: Certificate credential.
245 * @GNUTLS_CRD_ANON: Anonymous credential.
246 * @GNUTLS_CRD_SRP: SRP credential.
247 * @GNUTLS_CRD_PSK: PSK credential.
248 * @GNUTLS_CRD_IA: IA credential.
250 * Enumeration of different credential types.
252 alias gnutls_credentials_type_t = int;
253 enum : int {
254 GNUTLS_CRD_CERTIFICATE = 1,
255 GNUTLS_CRD_ANON,
256 GNUTLS_CRD_SRP,
257 GNUTLS_CRD_PSK,
258 GNUTLS_CRD_IA
261 enum GNUTLS_MAC_SHA = GNUTLS_MAC_SHA1;
262 enum GNUTLS_DIG_SHA = GNUTLS_DIG_SHA1;
265 * gnutls_mac_algorithm_t:
266 * @GNUTLS_MAC_UNKNOWN: Unknown MAC algorithm.
267 * @GNUTLS_MAC_NULL: NULL MAC algorithm (empty output).
268 * @GNUTLS_MAC_MD5: HMAC-MD5 algorithm.
269 * @GNUTLS_MAC_SHA1: HMAC-SHA-1 algorithm.
270 * @GNUTLS_MAC_RMD160: HMAC-RMD160 algorithm.
271 * @GNUTLS_MAC_MD2: HMAC-MD2 algorithm.
272 * @GNUTLS_MAC_SHA256: HMAC-SHA-256 algorithm.
273 * @GNUTLS_MAC_SHA384: HMAC-SHA-384 algorithm.
274 * @GNUTLS_MAC_SHA512: HMAC-SHA-512 algorithm.
275 * @GNUTLS_MAC_SHA224: HMAC-SHA-224 algorithm.
276 * @GNUTLS_MAC_AEAD: MAC implicit through AEAD cipher.
277 * @GNUTLS_MAC_UMAC_96: The UMAC-96 MAC algorithm.
278 * @GNUTLS_MAC_UMAC_128: The UMAC-128 MAC algorithm.
280 * Enumeration of different Message Authentication Code (MAC)
281 * algorithms.
283 alias gnutls_mac_algorithm_t = int;
284 enum : int {
285 GNUTLS_MAC_UNKNOWN = 0,
286 GNUTLS_MAC_NULL = 1,
287 GNUTLS_MAC_MD5 = 2,
288 GNUTLS_MAC_SHA1 = 3,
289 GNUTLS_MAC_RMD160 = 4,
290 GNUTLS_MAC_MD2 = 5,
291 GNUTLS_MAC_SHA256 = 6,
292 GNUTLS_MAC_SHA384 = 7,
293 GNUTLS_MAC_SHA512 = 8,
294 GNUTLS_MAC_SHA224 = 9,
295 /* If you add anything here, make sure you align with
296 gnutls_digest_algorithm_t. */
297 GNUTLS_MAC_AEAD = 200, /* indicates that MAC is on the cipher */
298 GNUTLS_MAC_UMAC_96 = 201,
299 GNUTLS_MAC_UMAC_128 = 202
303 * gnutls_digest_algorithm_t:
304 * @GNUTLS_DIG_UNKNOWN: Unknown hash algorithm.
305 * @GNUTLS_DIG_NULL: NULL hash algorithm (empty output).
306 * @GNUTLS_DIG_MD5: MD5 algorithm.
307 * @GNUTLS_DIG_SHA1: SHA-1 algorithm.
308 * @GNUTLS_DIG_RMD160: RMD160 algorithm.
309 * @GNUTLS_DIG_MD2: MD2 algorithm.
310 * @GNUTLS_DIG_SHA256: SHA-256 algorithm.
311 * @GNUTLS_DIG_SHA384: SHA-384 algorithm.
312 * @GNUTLS_DIG_SHA512: SHA-512 algorithm.
313 * @GNUTLS_DIG_SHA224: SHA-224 algorithm.
315 * Enumeration of different digest (hash) algorithms.
317 alias gnutls_digest_algorithm_t = int;
318 enum : int {
319 GNUTLS_DIG_UNKNOWN = GNUTLS_MAC_UNKNOWN,
320 GNUTLS_DIG_NULL = GNUTLS_MAC_NULL,
321 GNUTLS_DIG_MD5 = GNUTLS_MAC_MD5,
322 GNUTLS_DIG_SHA1 = GNUTLS_MAC_SHA1,
323 GNUTLS_DIG_RMD160 = GNUTLS_MAC_RMD160,
324 GNUTLS_DIG_MD2 = GNUTLS_MAC_MD2,
325 GNUTLS_DIG_SHA256 = GNUTLS_MAC_SHA256,
326 GNUTLS_DIG_SHA384 = GNUTLS_MAC_SHA384,
327 GNUTLS_DIG_SHA512 = GNUTLS_MAC_SHA512,
328 GNUTLS_DIG_SHA224 = GNUTLS_MAC_SHA224
329 /* If you add anything here, make sure you align with
330 gnutls_mac_algorithm_t. */
333 /* exported for other gnutls headers. This is the maximum number of
334 * algorithms (ciphers, kx or macs).
336 enum GNUTLS_MAX_ALGORITHM_NUM = 32;
337 enum GNUTLS_MAX_SESSION_ID_SIZE = 32;
341 * gnutls_compression_method_t:
342 * @GNUTLS_COMP_UNKNOWN: Unknown compression method.
343 * @GNUTLS_COMP_NULL: The NULL compression method (no compression).
344 * @GNUTLS_COMP_DEFLATE: The DEFLATE compression method from zlib.
345 * @GNUTLS_COMP_ZLIB: Same as %GNUTLS_COMP_DEFLATE.
347 * Enumeration of different TLS compression methods.
349 alias gnutls_compression_method_t = int;
350 enum : int {
351 GNUTLS_COMP_UNKNOWN = 0,
352 GNUTLS_COMP_NULL = 1,
353 GNUTLS_COMP_DEFLATE = 2,
354 GNUTLS_COMP_ZLIB = GNUTLS_COMP_DEFLATE
358 * Flags for gnutls_init()
360 * @GNUTLS_SERVER: Connection end is a server.
361 * @GNUTLS_CLIENT: Connection end is a client.
362 * @GNUTLS_DATAGRAM: Connection is datagram oriented (DTLS).
363 * @GNUTLS_NONBLOCK: Connection should not block.
364 * @GNUTLS_NO_SIGNAL: In systems where SIGPIPE is delivered on send, it will be disabled. That flag has effect in systems which support the MSG_NOSIGNAL sockets flag.
365 * @GNUTLS_NO_EXTENSIONS: Do not enable any TLS extensions by default.
366 * @GNUTLS_NO_REPLAY_PROTECTION: Disable any replay protection in DTLS.
369 enum GNUTLS_SERVER = 1;
370 enum GNUTLS_CLIENT = (1<<1);
371 enum GNUTLS_DATAGRAM = (1<<2);
372 enum GNUTLS_NONBLOCK = (1<<3);
373 enum GNUTLS_NO_EXTENSIONS = (1<<4);
374 enum GNUTLS_NO_REPLAY_PROTECTION = (1<<5);
375 enum GNUTLS_NO_SIGNAL = (1<<6);
376 // v3.7
377 enum GNUTLS_FORCE_CLIENT_CERT = (1<<9);
379 GNUTLS_ALLOW_ID_CHANGE = (1<<7),
380 GNUTLS_ENABLE_FALSE_START = (1<<8),
381 GNUTLS_FORCE_CLIENT_CERT = (1<<9),
382 GNUTLS_NO_TICKETS = (1<<10),
383 GNUTLS_KEY_SHARE_TOP = (1<<11),
384 GNUTLS_KEY_SHARE_TOP2 = (1<<12),
385 GNUTLS_KEY_SHARE_TOP3 = (1<<13),
386 GNUTLS_POST_HANDSHAKE_AUTH = (1<<14),
387 GNUTLS_NO_AUTO_REKEY = (1<<15),
388 GNUTLS_SAFE_PADDING_CHECK = (1<<16),
389 GNUTLS_ENABLE_EARLY_START = (1<<17),
390 GNUTLS_ENABLE_RAWPK = (1<<18),
391 GNUTLS_AUTO_REAUTH = (1<<19),
392 GNUTLS_ENABLE_EARLY_DATA = (1<<20),
393 GNUTLS_NO_AUTO_SEND_TICKET = (1<<21)
396 * gnutls_alert_level_t:
397 * @GNUTLS_AL_WARNING: Alert of warning severity.
398 * @GNUTLS_AL_FATAL: Alert of fatal severity.
400 * Enumeration of different TLS alert severities.
402 alias gnutls_alert_level_t = int;
403 enum : int {
404 GNUTLS_AL_WARNING = 1,
405 GNUTLS_AL_FATAL
409 * gnutls_alert_description_t:
410 * @GNUTLS_A_CLOSE_NOTIFY: Close notify.
411 * @GNUTLS_A_UNEXPECTED_MESSAGE: Unexpected message.
412 * @GNUTLS_A_BAD_RECORD_MAC: Bad record MAC.
413 * @GNUTLS_A_DECRYPTION_FAILED: Decryption failed.
414 * @GNUTLS_A_RECORD_OVERFLOW: Record overflow.
415 * @GNUTLS_A_DECOMPRESSION_FAILURE: Decompression failed.
416 * @GNUTLS_A_HANDSHAKE_FAILURE: Handshake failed.
417 * @GNUTLS_A_SSL3_NO_CERTIFICATE: No certificate.
418 * @GNUTLS_A_BAD_CERTIFICATE: Certificate is bad.
419 * @GNUTLS_A_UNSUPPORTED_CERTIFICATE: Certificate is not supported.
420 * @GNUTLS_A_CERTIFICATE_REVOKED: Certificate was revoked.
421 * @GNUTLS_A_CERTIFICATE_EXPIRED: Certificate is expired.
422 * @GNUTLS_A_CERTIFICATE_UNKNOWN: Unknown certificate.
423 * @GNUTLS_A_ILLEGAL_PARAMETER: Illegal parameter.
424 * @GNUTLS_A_UNKNOWN_CA: CA is unknown.
425 * @GNUTLS_A_ACCESS_DENIED: Access was denied.
426 * @GNUTLS_A_DECODE_ERROR: Decode error.
427 * @GNUTLS_A_DECRYPT_ERROR: Decrypt error.
428 * @GNUTLS_A_EXPORT_RESTRICTION: Export restriction.
429 * @GNUTLS_A_PROTOCOL_VERSION: Error in protocol version.
430 * @GNUTLS_A_INSUFFICIENT_SECURITY: Insufficient security.
431 * @GNUTLS_A_USER_CANCELED: User canceled.
432 * @GNUTLS_A_INTERNAL_ERROR: Internal error.
433 * @GNUTLS_A_INAPPROPRIATE_FALLBACK: Inappropriate fallback,
434 * @GNUTLS_A_NO_RENEGOTIATION: No renegotiation is allowed.
435 * @GNUTLS_A_CERTIFICATE_UNOBTAINABLE: Could not retrieve the
436 * specified certificate.
437 * @GNUTLS_A_UNSUPPORTED_EXTENSION: An unsupported extension was
438 * sent.
439 * @GNUTLS_A_UNRECOGNIZED_NAME: The server name sent was not
440 * recognized.
441 * @GNUTLS_A_UNKNOWN_PSK_IDENTITY: The SRP/PSK username is missing
442 * or not known.
443 * @GNUTLS_A_NO_APPLICATION_PROTOCOL: The ALPN protocol requested is
444 * not supported by the peer.
446 * Enumeration of different TLS alerts.
448 alias gnutls_alert_description_t = int;
449 enum : int {
450 GNUTLS_A_CLOSE_NOTIFY,
451 GNUTLS_A_UNEXPECTED_MESSAGE = 10,
452 GNUTLS_A_BAD_RECORD_MAC = 20,
453 GNUTLS_A_DECRYPTION_FAILED,
454 GNUTLS_A_RECORD_OVERFLOW,
455 GNUTLS_A_DECOMPRESSION_FAILURE = 30,
456 GNUTLS_A_HANDSHAKE_FAILURE = 40,
457 GNUTLS_A_SSL3_NO_CERTIFICATE = 41,
458 GNUTLS_A_BAD_CERTIFICATE = 42,
459 GNUTLS_A_UNSUPPORTED_CERTIFICATE,
460 GNUTLS_A_CERTIFICATE_REVOKED,
461 GNUTLS_A_CERTIFICATE_EXPIRED,
462 GNUTLS_A_CERTIFICATE_UNKNOWN,
463 GNUTLS_A_ILLEGAL_PARAMETER,
464 GNUTLS_A_UNKNOWN_CA,
465 GNUTLS_A_ACCESS_DENIED,
466 GNUTLS_A_DECODE_ERROR = 50,
467 GNUTLS_A_DECRYPT_ERROR,
468 GNUTLS_A_EXPORT_RESTRICTION = 60,
469 GNUTLS_A_PROTOCOL_VERSION = 70,
470 GNUTLS_A_INSUFFICIENT_SECURITY,
471 GNUTLS_A_INTERNAL_ERROR = 80,
472 GNUTLS_A_INAPPROPRIATE_FALLBACK = 86,
473 GNUTLS_A_USER_CANCELED = 90,
474 GNUTLS_A_NO_RENEGOTIATION = 100,
475 GNUTLS_A_UNSUPPORTED_EXTENSION = 110,
476 GNUTLS_A_CERTIFICATE_UNOBTAINABLE = 111,
477 GNUTLS_A_UNRECOGNIZED_NAME = 112,
478 GNUTLS_A_UNKNOWN_PSK_IDENTITY = 115,
479 GNUTLS_A_NO_APPLICATION_PROTOCOL = 120
483 * gnutls_handshake_description_t:
484 * @GNUTLS_HANDSHAKE_HELLO_REQUEST: Hello request.
485 * @GNUTLS_HANDSHAKE_HELLO_VERIFY_REQUEST: DTLS Hello verify request.
486 * @GNUTLS_HANDSHAKE_CLIENT_HELLO: Client hello.
487 * @GNUTLS_HANDSHAKE_SERVER_HELLO: Server hello.
488 * @GNUTLS_HANDSHAKE_NEW_SESSION_TICKET: New session ticket.
489 * @GNUTLS_HANDSHAKE_CERTIFICATE_PKT: Certificate packet.
490 * @GNUTLS_HANDSHAKE_SERVER_KEY_EXCHANGE: Server key exchange.
491 * @GNUTLS_HANDSHAKE_CERTIFICATE_REQUEST: Certificate request.
492 * @GNUTLS_HANDSHAKE_SERVER_HELLO_DONE: Server hello done.
493 * @GNUTLS_HANDSHAKE_CERTIFICATE_VERIFY: Certificate verify.
494 * @GNUTLS_HANDSHAKE_CLIENT_KEY_EXCHANGE: Client key exchange.
495 * @GNUTLS_HANDSHAKE_FINISHED: Finished.
496 * @GNUTLS_HANDSHAKE_CERTIFICATE_STATUS: Certificate status (OCSP).
497 * @GNUTLS_HANDSHAKE_SUPPLEMENTAL: Supplemental.
498 * @GNUTLS_HANDSHAKE_CHANGE_CIPHER_SPEC: Change Cipher Spec.
499 * @GNUTLS_HANDSHAKE_CLIENT_HELLO_V2: SSLv2 Client Hello.
501 * Enumeration of different TLS handshake packets.
503 alias gnutls_handshake_description_t = int;
504 enum : int {
505 GNUTLS_HANDSHAKE_HELLO_REQUEST = 0,
506 GNUTLS_HANDSHAKE_CLIENT_HELLO = 1,
507 GNUTLS_HANDSHAKE_SERVER_HELLO = 2,
508 GNUTLS_HANDSHAKE_HELLO_VERIFY_REQUEST = 3,
509 GNUTLS_HANDSHAKE_NEW_SESSION_TICKET = 4,
510 GNUTLS_HANDSHAKE_CERTIFICATE_PKT = 11,
511 GNUTLS_HANDSHAKE_SERVER_KEY_EXCHANGE = 12,
512 GNUTLS_HANDSHAKE_CERTIFICATE_REQUEST = 13,
513 GNUTLS_HANDSHAKE_SERVER_HELLO_DONE = 14,
514 GNUTLS_HANDSHAKE_CERTIFICATE_VERIFY = 15,
515 GNUTLS_HANDSHAKE_CLIENT_KEY_EXCHANGE = 16,
516 GNUTLS_HANDSHAKE_FINISHED = 20,
517 GNUTLS_HANDSHAKE_CERTIFICATE_STATUS = 22,
518 GNUTLS_HANDSHAKE_SUPPLEMENTAL = 23,
519 GNUTLS_HANDSHAKE_CHANGE_CIPHER_SPEC = 254,
520 GNUTLS_HANDSHAKE_CLIENT_HELLO_V2 = 1024
523 enum GNUTLS_HANDSHAKE_ANY = (cast(uint)-1);
525 const(char)
526 *gnutls_handshake_description_get_name(gnutls_handshake_description_t
527 type) @nogc;
530 * gnutls_certificate_status_t:
531 * @GNUTLS_CERT_INVALID: The certificate is not signed by one of the
532 * known authorities or the signature is invalid (deprecated by the flags
533 * %GNUTLS_CERT_SIGNATURE_FAILURE and %GNUTLS_CERT_SIGNER_NOT_FOUND).
534 * @GNUTLS_CERT_SIGNATURE_FAILURE: The signature verification failed.
535 * @GNUTLS_CERT_REVOKED: Certificate is revoked by its authority. In X.509 this will be
536 * set only if CRLs are checked.
537 * @GNUTLS_CERT_SIGNER_NOT_FOUND: The certificate's issuer is not known.
538 * This is the case if the issuer is not included in the trusted certificate list.
539 * @GNUTLS_CERT_SIGNER_NOT_CA: The certificate's signer was not a CA. This
540 * may happen if this was a version 1 certificate, which is common with
541 * some CAs, or a version 3 certificate without the basic constrains extension.
542 * @GNUTLS_CERT_SIGNER_CONSTRAINTS_FAILURE: The certificate's signer constraints were
543 * violated.
544 * @GNUTLS_CERT_INSECURE_ALGORITHM: The certificate was signed using an insecure
545 * algorithm such as MD2 or MD5. These algorithms have been broken and
546 * should not be trusted.
547 * @GNUTLS_CERT_NOT_ACTIVATED: The certificate is not yet activated.
548 * @GNUTLS_CERT_EXPIRED: The certificate has expired.
549 * @GNUTLS_CERT_REVOCATION_DATA_SUPERSEDED: The revocation data are old and have been superseded.
550 * @GNUTLS_CERT_REVOCATION_DATA_ISSUED_IN_FUTURE: The revocation data have a future issue date.
551 * @GNUTLS_CERT_UNEXPECTED_OWNER: The owner is not the expected one.
552 * @GNUTLS_CERT_MISMATCH: The certificate presented isn't the expected one (TOFU)
553 * @GNUTLS_CERT_PURPOSE_MISMATCH: The certificate or an intermediate does not match the intended purpose (extended key usage).
555 * Enumeration of certificate status codes. Note that the status
556 * bits may have different meanings in OpenPGP keys and X.509
557 * certificate verification.
559 alias gnutls_certificate_status_t = int;
560 enum : int {
561 GNUTLS_CERT_INVALID = 1 << 1,
562 GNUTLS_CERT_REVOKED = 1 << 5,
563 GNUTLS_CERT_SIGNER_NOT_FOUND = 1 << 6,
564 GNUTLS_CERT_SIGNER_NOT_CA = 1 << 7,
565 GNUTLS_CERT_INSECURE_ALGORITHM = 1 << 8,
566 GNUTLS_CERT_NOT_ACTIVATED = 1 << 9,
567 GNUTLS_CERT_EXPIRED = 1 << 10,
568 GNUTLS_CERT_SIGNATURE_FAILURE = 1 << 11,
569 GNUTLS_CERT_REVOCATION_DATA_SUPERSEDED = 1 << 12,
570 GNUTLS_CERT_UNEXPECTED_OWNER = 1 << 14,
571 GNUTLS_CERT_REVOCATION_DATA_ISSUED_IN_FUTURE = 1 << 15,
572 GNUTLS_CERT_SIGNER_CONSTRAINTS_FAILURE = 1 << 16,
573 GNUTLS_CERT_MISMATCH = 1 << 17,
574 GNUTLS_CERT_PURPOSE_MISMATCH = 1 << 18
578 * gnutls_certificate_request_t:
579 * @GNUTLS_CERT_IGNORE: Ignore certificate.
580 * @GNUTLS_CERT_REQUEST: Request certificate.
581 * @GNUTLS_CERT_REQUIRE: Require certificate.
583 * Enumeration of certificate request types.
585 alias gnutls_certificate_request_t = int;
586 enum : int {
587 GNUTLS_CERT_IGNORE = 0,
588 GNUTLS_CERT_REQUEST = 1,
589 GNUTLS_CERT_REQUIRE = 2
593 * gnutls_openpgp_crt_status_t:
594 * @GNUTLS_OPENPGP_CERT: Send entire certificate.
595 * @GNUTLS_OPENPGP_CERT_FINGERPRINT: Send only certificate fingerprint.
597 * Enumeration of ways to send OpenPGP certificate.
599 alias gnutls_openpgp_crt_status_t = int;
600 enum : int {
601 GNUTLS_OPENPGP_CERT = 0,
602 GNUTLS_OPENPGP_CERT_FINGERPRINT = 1
606 * gnutls_close_request_t:
607 * @GNUTLS_SHUT_RDWR: Disallow further receives/sends.
608 * @GNUTLS_SHUT_WR: Disallow further sends.
610 * Enumeration of how TLS session should be terminated. See gnutls_bye().
612 alias gnutls_close_request_t = int;
613 enum : int {
614 GNUTLS_SHUT_RDWR = 0,
615 GNUTLS_SHUT_WR = 1
619 * gnutls_protocol_t:
620 * @GNUTLS_SSL3: SSL version 3.0.
621 * @GNUTLS_TLS1_0: TLS version 1.0.
622 * @GNUTLS_TLS1: Same as %GNUTLS_TLS1_0.
623 * @GNUTLS_TLS1_1: TLS version 1.1.
624 * @GNUTLS_TLS1_2: TLS version 1.2.
625 * @GNUTLS_DTLS1_0: DTLS version 1.0.
626 * @GNUTLS_DTLS1_2: DTLS version 1.2.
627 * @GNUTLS_DTLS0_9: DTLS version 0.9 (Cisco AnyConnect / OpenSSL 0.9.8e).
628 * @GNUTLS_VERSION_MAX: Maps to the highest supported TLS version.
629 * @GNUTLS_VERSION_UNKNOWN: Unknown SSL/TLS version.
631 * Enumeration of different SSL/TLS protocol versions.
633 alias gnutls_protocol_t = int;
634 enum : int {
635 GNUTLS_SSL3 = 1,
636 GNUTLS_TLS1_0 = 2,
637 GNUTLS_TLS1 = GNUTLS_TLS1_0,
638 GNUTLS_TLS1_1 = 3,
639 GNUTLS_TLS1_2 = 4,
641 GNUTLS_DTLS0_9 = 200,
642 GNUTLS_DTLS1_0 = 201, /* 201 */
643 GNUTLS_DTLS1_2 = 202,
644 GNUTLS_DTLS_VERSION_MIN = GNUTLS_DTLS0_9,
645 GNUTLS_DTLS_VERSION_MAX = GNUTLS_DTLS1_2,
646 GNUTLS_TLS_VERSION_MAX = GNUTLS_TLS1_2,
647 GNUTLS_VERSION_UNKNOWN = 0xff /* change it to 0xffff */
651 * gnutls_certificate_type_t:
652 * @GNUTLS_CRT_UNKNOWN: Unknown certificate type.
653 * @GNUTLS_CRT_X509: X.509 Certificate.
654 * @GNUTLS_CRT_OPENPGP: OpenPGP certificate.
655 * @GNUTLS_CRT_RAW: Raw public key (SubjectPublicKey)
657 * Enumeration of different certificate types.
659 alias gnutls_certificate_type_t = int;
660 enum : int {
661 GNUTLS_CRT_UNKNOWN = 0,
662 GNUTLS_CRT_X509 = 1,
663 GNUTLS_CRT_OPENPGP = 2,
664 GNUTLS_CRT_RAW = 3
668 * gnutls_x509_crt_fmt_t:
669 * @GNUTLS_X509_FMT_DER: X.509 certificate in DER format (binary).
670 * @GNUTLS_X509_FMT_PEM: X.509 certificate in PEM format (text).
672 * Enumeration of different certificate encoding formats.
674 alias gnutls_x509_crt_fmt_t = int;
675 enum : int {
676 GNUTLS_X509_FMT_DER = 0,
677 GNUTLS_X509_FMT_PEM = 1
681 * gnutls_certificate_print_formats_t:
682 * @GNUTLS_CRT_PRINT_FULL: Full information about certificate.
683 * @GNUTLS_CRT_PRINT_FULL_NUMBERS: Full information about certificate and include easy to parse public key parameters.
684 * @GNUTLS_CRT_PRINT_COMPACT: Information about certificate name in one line, plus identification of the public key.
685 * @GNUTLS_CRT_PRINT_ONELINE: Information about certificate in one line.
686 * @GNUTLS_CRT_PRINT_UNSIGNED_FULL: All info for an unsigned certificate.
688 * Enumeration of different certificate printing variants.
690 alias gnutls_certificate_print_formats = gnutls_certificate_print_formats_t;
691 alias gnutls_certificate_print_formats_t = int;
692 enum : int {
693 GNUTLS_CRT_PRINT_FULL = 0,
694 GNUTLS_CRT_PRINT_ONELINE = 1,
695 GNUTLS_CRT_PRINT_UNSIGNED_FULL = 2,
696 GNUTLS_CRT_PRINT_COMPACT = 3,
697 GNUTLS_CRT_PRINT_FULL_NUMBERS = 4
700 enum GNUTLS_PK_ECC = GNUTLS_PK_EC;
702 * gnutls_pk_algorithm_t:
703 * @GNUTLS_PK_UNKNOWN: Unknown public-key algorithm.
704 * @GNUTLS_PK_RSA: RSA public-key algorithm.
705 * @GNUTLS_PK_DSA: DSA public-key algorithm.
706 * @GNUTLS_PK_DH: Diffie-Hellman algorithm. Used to generate parameters.
707 * @GNUTLS_PK_EC: Elliptic curve algorithm. Used to generate parameters.
709 * Enumeration of different public-key algorithms.
711 alias gnutls_pk_algorithm_t = int;
712 enum : int {
713 GNUTLS_PK_UNKNOWN = 0,
714 GNUTLS_PK_RSA = 1,
715 GNUTLS_PK_DSA = 2,
716 GNUTLS_PK_DH = 3,
717 GNUTLS_PK_EC = 4
720 const(char)* gnutls_pk_algorithm_get_name(gnutls_pk_algorithm_t algorithm) @nogc;
723 * gnutls_sign_algorithm_t:
724 * @GNUTLS_SIGN_UNKNOWN: Unknown signature algorithm.
725 * @GNUTLS_SIGN_RSA_SHA1: Digital signature algorithm RSA with SHA-1
726 * @GNUTLS_SIGN_RSA_SHA: Same as %GNUTLS_SIGN_RSA_SHA1.
727 * @GNUTLS_SIGN_DSA_SHA1: Digital signature algorithm DSA with SHA-1
728 * @GNUTLS_SIGN_DSA_SHA224: Digital signature algorithm DSA with SHA-224
729 * @GNUTLS_SIGN_DSA_SHA256: Digital signature algorithm DSA with SHA-256
730 * @GNUTLS_SIGN_DSA_SHA384: Digital signature algorithm DSA with SHA-384
731 * @GNUTLS_SIGN_DSA_SHA512: Digital signature algorithm DSA with SHA-512
732 * @GNUTLS_SIGN_DSA_SHA: Same as %GNUTLS_SIGN_DSA_SHA1.
733 * @GNUTLS_SIGN_RSA_MD5: Digital signature algorithm RSA with MD5.
734 * @GNUTLS_SIGN_RSA_MD2: Digital signature algorithm RSA with MD2.
735 * @GNUTLS_SIGN_RSA_RMD160: Digital signature algorithm RSA with RMD-160.
736 * @GNUTLS_SIGN_RSA_SHA256: Digital signature algorithm RSA with SHA-256.
737 * @GNUTLS_SIGN_RSA_SHA384: Digital signature algorithm RSA with SHA-384.
738 * @GNUTLS_SIGN_RSA_SHA512: Digital signature algorithm RSA with SHA-512.
739 * @GNUTLS_SIGN_RSA_SHA224: Digital signature algorithm RSA with SHA-224.
740 * @GNUTLS_SIGN_ECDSA_SHA1: ECDSA with SHA1.
741 * @GNUTLS_SIGN_ECDSA_SHA256: Digital signature algorithm ECDSA with SHA-256.
742 * @GNUTLS_SIGN_ECDSA_SHA384: Digital signature algorithm ECDSA with SHA-384.
743 * @GNUTLS_SIGN_ECDSA_SHA512: Digital signature algorithm ECDSA with SHA-512.
744 * @GNUTLS_SIGN_ECDSA_SHA224: Digital signature algorithm ECDSA with SHA-224.
746 * Enumeration of different digital signature algorithms.
748 alias gnutls_sign_algorithm_t = int;
749 enum : int {
750 GNUTLS_SIGN_UNKNOWN = 0,
751 GNUTLS_SIGN_RSA_SHA1 = 1,
752 GNUTLS_SIGN_RSA_SHA = GNUTLS_SIGN_RSA_SHA1,
753 GNUTLS_SIGN_DSA_SHA1 = 2,
754 GNUTLS_SIGN_DSA_SHA = GNUTLS_SIGN_DSA_SHA1,
755 GNUTLS_SIGN_RSA_MD5 = 3,
756 GNUTLS_SIGN_RSA_MD2 = 4,
757 GNUTLS_SIGN_RSA_RMD160 = 5,
758 GNUTLS_SIGN_RSA_SHA256 = 6,
759 GNUTLS_SIGN_RSA_SHA384 = 7,
760 GNUTLS_SIGN_RSA_SHA512 = 8,
761 GNUTLS_SIGN_RSA_SHA224 = 9,
762 GNUTLS_SIGN_DSA_SHA224 = 10,
763 GNUTLS_SIGN_DSA_SHA256 = 11,
764 GNUTLS_SIGN_ECDSA_SHA1 = 12,
765 GNUTLS_SIGN_ECDSA_SHA224 = 13,
766 GNUTLS_SIGN_ECDSA_SHA256 = 14,
767 GNUTLS_SIGN_ECDSA_SHA384 = 15,
768 GNUTLS_SIGN_ECDSA_SHA512 = 16,
769 GNUTLS_SIGN_DSA_SHA384 = 17,
770 GNUTLS_SIGN_DSA_SHA512 = 18
774 * gnutls_ecc_curve_t:
775 * @GNUTLS_ECC_CURVE_INVALID: Cannot be known
776 * @GNUTLS_ECC_CURVE_SECP192R1: the SECP192R1 curve
777 * @GNUTLS_ECC_CURVE_SECP224R1: the SECP224R1 curve
778 * @GNUTLS_ECC_CURVE_SECP256R1: the SECP256R1 curve
779 * @GNUTLS_ECC_CURVE_SECP384R1: the SECP384R1 curve
780 * @GNUTLS_ECC_CURVE_SECP521R1: the SECP521R1 curve
782 * Enumeration of ECC curves.
784 alias gnutls_ecc_curve_t = int;
785 enum : int {
786 GNUTLS_ECC_CURVE_INVALID = 0,
787 GNUTLS_ECC_CURVE_SECP224R1,
788 GNUTLS_ECC_CURVE_SECP256R1,
789 GNUTLS_ECC_CURVE_SECP384R1,
790 GNUTLS_ECC_CURVE_SECP521R1,
791 GNUTLS_ECC_CURVE_SECP192R1
794 /* macros to allow specifying a specific curve in gnutls_privkey_generate()
795 * and gnutls_x509_privkey_generate() */
796 uint GNUTLS_CURVE_TO_BITS() (uint curve) { return cast(uint)((1U<<31)|(cast(uint)(curve))); }
797 uint GNUTLS_BITS_TO_CURVE() (uint bits) { return ((cast(uint)(bits)) & 0x7FFFFFFFU); }
798 uint GNUTLS_BITS_ARE_CURVE() (uint bits) { return ((cast(uint)(bits)) & 0x80000000U); }
801 * gnutls_sec_param_t:
802 * @GNUTLS_SEC_PARAM_UNKNOWN: Cannot be known
803 * @GNUTLS_SEC_PARAM_INSECURE: Less than 42 bits of security
804 * @GNUTLS_SEC_PARAM_EXPORT: 42 bits of security
805 * @GNUTLS_SEC_PARAM_VERY_WEAK: 64 bits of security
806 * @GNUTLS_SEC_PARAM_WEAK: 72 bits of security
807 * @GNUTLS_SEC_PARAM_LOW: 80 bits of security
808 * @GNUTLS_SEC_PARAM_LEGACY: 96 bits of security
809 * @GNUTLS_SEC_PARAM_MEDIUM: 112 bits of security (used to be %GNUTLS_SEC_PARAM_NORMAL)
810 * @GNUTLS_SEC_PARAM_HIGH: 128 bits of security
811 * @GNUTLS_SEC_PARAM_ULTRA: 192 bits of security
812 * @GNUTLS_SEC_PARAM_FUTURE: 256 bits of security
814 * Enumeration of security parameters for passive attacks.
816 alias gnutls_sec_param_t = int;
817 enum : int {
818 GNUTLS_SEC_PARAM_UNKNOWN = 0,
819 GNUTLS_SEC_PARAM_INSECURE = 5,
820 GNUTLS_SEC_PARAM_EXPORT = 10,
821 GNUTLS_SEC_PARAM_VERY_WEAK = 15,
822 GNUTLS_SEC_PARAM_WEAK = 20,
823 GNUTLS_SEC_PARAM_LOW = 25,
824 GNUTLS_SEC_PARAM_LEGACY = 30,
825 GNUTLS_SEC_PARAM_MEDIUM = 35,
826 GNUTLS_SEC_PARAM_HIGH = 40,
827 GNUTLS_SEC_PARAM_ULTRA = 45,
828 GNUTLS_SEC_PARAM_FUTURE = 50
831 /* old name */
832 enum GNUTLS_SEC_PARAM_NORMAL = GNUTLS_SEC_PARAM_MEDIUM;
835 * gnutls_channel_binding_t:
836 * @GNUTLS_CB_TLS_UNIQUE: "tls-unique" (RFC 5929) channel binding
838 * Enumeration of support channel binding types.
840 alias gnutls_channel_binding_t = int;
841 enum : int {
842 GNUTLS_CB_TLS_UNIQUE
846 /* If you want to change this, then also change the define in
847 * gnutls_int.h, and recompile.
849 struct gnutls_transport_ptr_t_s {}
850 alias gnutls_transport_ptr_t = gnutls_transport_ptr_t_s*;
852 struct gnutls_session_int {}
853 alias gnutls_session_t = gnutls_session_int*;
855 struct gnutls_dh_params_int {}
856 alias gnutls_dh_params_t = gnutls_dh_params_int*;
858 /* XXX ugly. */
859 struct gnutls_x509_privkey_int {}
860 alias gnutls_rsa_params_t = gnutls_x509_privkey_int*;
862 struct gnutls_priority_st {}
863 alias gnutls_priority_t = gnutls_priority_st*;
865 struct gnutls_datum_t {
866 ubyte* data;
867 uint size;
871 union gnutls_params_st_params_union {
872 gnutls_dh_params_t dh;
873 gnutls_rsa_params_t rsa_export;
876 struct gnutls_params_st {
877 gnutls_params_type_t type;
878 gnutls_params_st_params_union params;
879 int deinit;
882 //alias gnutls_params_function = int function (gnutls_session_t, gnutls_params_type_t, gnutls_params_st *) @nogc;
884 /* internal functions */
886 int gnutls_init(gnutls_session_t * session, uint flags) @nogc;
887 void gnutls_deinit(gnutls_session_t session) @nogc;
888 //#define _gnutls_deinit(x) gnutls_deinit(x)
890 int gnutls_bye(gnutls_session_t session, gnutls_close_request_t how) @nogc;
892 int gnutls_handshake(gnutls_session_t session) @nogc;
894 enum GNUTLS_DEFAULT_HANDSHAKE_TIMEOUT = (cast(uint)-1);
895 void gnutls_handshake_set_timeout(gnutls_session_t session,
896 uint ms) @nogc;
897 int gnutls_rehandshake(gnutls_session_t session) @nogc;
899 gnutls_alert_description_t gnutls_alert_get(gnutls_session_t session) @nogc;
900 int gnutls_alert_send(gnutls_session_t session,
901 gnutls_alert_level_t level,
902 gnutls_alert_description_t desc) @nogc;
903 int gnutls_alert_send_appropriate(gnutls_session_t session, int err) @nogc;
904 const(char)* gnutls_alert_get_name(gnutls_alert_description_t alert) @nogc;
905 const(char)* gnutls_alert_get_strname(gnutls_alert_description_t alert) @nogc;
907 gnutls_sec_param_t gnutls_pk_bits_to_sec_param(gnutls_pk_algorithm_t algo,
908 uint bits) @nogc;
909 const(char)* gnutls_sec_param_get_name(gnutls_sec_param_t param) @nogc;
910 uint gnutls_sec_param_to_pk_bits(gnutls_pk_algorithm_t algo,
911 gnutls_sec_param_t param) @nogc;
912 uint
913 gnutls_sec_param_to_symmetric_bits(gnutls_sec_param_t param) @nogc;
915 /* Elliptic curves */
916 const(char)* gnutls_ecc_curve_get_name(gnutls_ecc_curve_t curve) @nogc;
917 const(char)* gnutls_ecc_curve_get_oid(gnutls_ecc_curve_t curve) @nogc;
919 int gnutls_ecc_curve_get_size(gnutls_ecc_curve_t curve) @nogc;
920 gnutls_ecc_curve_t gnutls_ecc_curve_get(gnutls_session_t session) @nogc;
922 /* get information on the current session */
923 gnutls_cipher_algorithm_t gnutls_cipher_get(gnutls_session_t session) @nogc;
924 gnutls_kx_algorithm_t gnutls_kx_get(gnutls_session_t session) @nogc;
925 gnutls_mac_algorithm_t gnutls_mac_get(gnutls_session_t session) @nogc;
926 gnutls_compression_method_t
927 gnutls_compression_get(gnutls_session_t session) @nogc;
928 gnutls_certificate_type_t
929 gnutls_certificate_type_get(gnutls_session_t session) @nogc;
931 int gnutls_sign_algorithm_get(gnutls_session_t session) @nogc;
932 int gnutls_sign_algorithm_get_client(gnutls_session_t session) @nogc;
934 int gnutls_sign_algorithm_get_requested(gnutls_session_t session,
935 usize indx,
936 gnutls_sign_algorithm_t * algo) @nogc;
938 /* the name of the specified algorithms */
939 const(char)* gnutls_cipher_get_name(gnutls_cipher_algorithm_t algorithm) @nogc;
940 const(char)* gnutls_mac_get_name(gnutls_mac_algorithm_t algorithm) @nogc;
942 const(char)* gnutls_digest_get_name(gnutls_digest_algorithm_t algorithm) @nogc;
943 const(char)* gnutls_digest_get_oid(gnutls_digest_algorithm_t algorithm) @nogc;
945 const(char)* gnutls_compression_get_name(gnutls_compression_method_t
946 algorithm) @nogc;
947 const(char)* gnutls_kx_get_name(gnutls_kx_algorithm_t algorithm) @nogc;
948 const(char)* gnutls_certificate_type_get_name(gnutls_certificate_type_t
949 type) @nogc;
950 const(char)* gnutls_pk_get_name(gnutls_pk_algorithm_t algorithm) @nogc;
951 const(char)* gnutls_pk_get_oid(gnutls_pk_algorithm_t algorithm) @nogc;
953 const(char)* gnutls_sign_get_name(gnutls_sign_algorithm_t algorithm) @nogc;
954 const(char)* gnutls_sign_get_oid(gnutls_sign_algorithm_t algorithm) @nogc;
956 usize gnutls_cipher_get_key_size(gnutls_cipher_algorithm_t algorithm) @nogc;
957 usize gnutls_mac_get_key_size(gnutls_mac_algorithm_t algorithm) @nogc;
959 int gnutls_sign_is_secure(gnutls_sign_algorithm_t algorithm) @nogc;
960 gnutls_digest_algorithm_t
961 gnutls_sign_get_hash_algorithm(gnutls_sign_algorithm_t sign) @nogc;
962 gnutls_pk_algorithm_t
963 gnutls_sign_get_pk_algorithm(gnutls_sign_algorithm_t sign) @nogc;
964 gnutls_sign_algorithm_t
965 gnutls_pk_to_sign(gnutls_pk_algorithm_t pk,
966 gnutls_digest_algorithm_t hash) @nogc;
968 //#define gnutls_sign_algorithm_get_name gnutls_sign_get_name
969 alias gnutls_sign_algorithm_get_name = gnutls_sign_get_name;
971 gnutls_mac_algorithm_t gnutls_mac_get_id(const(char)* name) @nogc;
972 gnutls_digest_algorithm_t gnutls_digest_get_id(const(char)* name) @nogc;
974 gnutls_compression_method_t gnutls_compression_get_id(const(char)* name) @nogc;
975 gnutls_cipher_algorithm_t gnutls_cipher_get_id(const(char)* name) @nogc;
976 gnutls_kx_algorithm_t gnutls_kx_get_id(const(char)* name) @nogc;
977 gnutls_protocol_t gnutls_protocol_get_id(const(char)* name) @nogc;
978 gnutls_certificate_type_t gnutls_certificate_type_get_id(const(char)* name) @nogc;
979 gnutls_pk_algorithm_t gnutls_pk_get_id(const(char)* name) @nogc;
980 gnutls_sign_algorithm_t gnutls_sign_get_id(const(char)* name) @nogc;
981 gnutls_ecc_curve_t gnutls_ecc_curve_get_id(const(char)* name) @nogc;
983 gnutls_digest_algorithm_t gnutls_oid_to_digest(const(char)* oid) @nogc;
984 gnutls_pk_algorithm_t gnutls_oid_to_pk(const(char)* oid) @nogc;
985 gnutls_sign_algorithm_t gnutls_oid_to_sign(const(char)* oid) @nogc;
986 gnutls_ecc_curve_t gnutls_oid_to_ecc_curve(const(char)* oid) @nogc;
988 /* list supported algorithms */
989 const(gnutls_ecc_curve_t)* gnutls_ecc_curve_list() @nogc;
990 const(gnutls_cipher_algorithm_t)* gnutls_cipher_list() @nogc;
991 const(gnutls_mac_algorithm_t)* gnutls_mac_list() @nogc;
992 const(gnutls_digest_algorithm_t)* gnutls_digest_list() @nogc;
993 const(gnutls_compression_method_t)* gnutls_compression_list() @nogc;
994 const(gnutls_protocol_t)* gnutls_protocol_list() @nogc;
995 const(gnutls_certificate_type_t)* gnutls_certificate_type_list() @nogc;
996 const(gnutls_kx_algorithm_t)* gnutls_kx_list() @nogc;
997 const(gnutls_pk_algorithm_t)* gnutls_pk_list() @nogc;
998 const(gnutls_sign_algorithm_t)* gnutls_sign_list() @nogc;
999 const(char)* gnutls_cipher_suite_info(usize idx,
1000 ubyte *cs_id,
1001 gnutls_kx_algorithm_t * kx,
1002 gnutls_cipher_algorithm_t * cipher,
1003 gnutls_mac_algorithm_t * mac,
1004 gnutls_protocol_t * min_version) @nogc;
1006 /* error functions */
1007 int gnutls_error_is_fatal(int error) @nogc;
1008 int gnutls_error_to_alert(int err, int *level) @nogc;
1010 void gnutls_perror(int error) @nogc;
1011 const(char)* gnutls_strerror(int error) @nogc;
1012 const(char)* gnutls_strerror_name(int error) @nogc;
1014 /* Semi-internal functions.
1016 void gnutls_handshake_set_private_extensions(gnutls_session_t session,
1017 int allow) @nogc;
1018 int gnutls_handshake_set_random(gnutls_session_t session,
1019 const(gnutls_datum_t)* random) @nogc;
1021 gnutls_handshake_description_t
1022 gnutls_handshake_get_last_out(gnutls_session_t session) @nogc;
1023 gnutls_handshake_description_t
1024 gnutls_handshake_get_last_in(gnutls_session_t session) @nogc;
1026 /* Record layer functions.
1028 enum GNUTLS_HEARTBEAT_WAIT = 1;
1029 int gnutls_heartbeat_ping(gnutls_session_t session, usize data_size,
1030 uint max_tries, uint flags) @nogc;
1031 int gnutls_heartbeat_pong(gnutls_session_t session, uint flags) @nogc;
1033 void gnutls_record_set_timeout(gnutls_session_t session, uint ms) @nogc;
1034 void gnutls_record_disable_padding(gnutls_session_t session) @nogc;
1036 void gnutls_record_cork(gnutls_session_t session) @nogc;
1037 enum GNUTLS_RECORD_WAIT = 1;
1038 int gnutls_record_uncork(gnutls_session_t session, uint flags) @nogc;
1039 usize gnutls_record_discard_queued(gnutls_session_t session) @nogc;
1042 gnutls_record_get_state(gnutls_session_t session,
1043 uint read,
1044 gnutls_datum_t *mac_key,
1045 gnutls_datum_t *IV,
1046 gnutls_datum_t *cipher_key,
1047 ubyte* seq_number/*[8]*/) @nogc;
1050 gnutls_record_set_state(gnutls_session_t session,
1051 uint read,
1052 ubyte* seq_number/*[8]*/) @nogc;
1054 struct gnutls_range_st {
1055 usize low;
1056 usize high;
1059 int gnutls_range_split(gnutls_session_t session,
1060 const(gnutls_range_st)* orig,
1061 gnutls_range_st * small_range,
1062 gnutls_range_st * rem_range) @nogc;
1064 ssize gnutls_record_send(gnutls_session_t session, const(void)* data,
1065 usize data_size) @nogc;
1066 ssize gnutls_record_send_range(gnutls_session_t session,
1067 const(void)* data, usize data_size,
1068 const(gnutls_range_st)* range) @nogc;
1069 ssize gnutls_record_recv(gnutls_session_t session, void *data,
1070 usize data_size) @nogc;
1072 struct mbuffer_st;
1073 alias gnutls_packet_t = mbuffer_st*;
1075 ssize
1076 gnutls_record_recv_packet(gnutls_session_t session,
1077 gnutls_packet_t *packet) @nogc;
1079 void gnutls_packet_get(gnutls_packet_t packet, gnutls_datum_t *data, ubyte *sequence) @nogc;
1080 void gnutls_packet_deinit(gnutls_packet_t packet) @nogc;
1082 alias gnutls_read = gnutls_record_recv;
1083 alias gnutls_write = gnutls_record_send;
1084 ssize gnutls_record_recv_seq(gnutls_session_t session, void *data,
1085 usize data_size, ubyte *seq) @nogc;
1087 usize gnutls_record_overhead_size(gnutls_session_t session) @nogc;
1089 usize gnutls_est_record_overhead_size(gnutls_protocol_t version_,
1090 gnutls_cipher_algorithm_t cipher,
1091 gnutls_mac_algorithm_t mac,
1092 gnutls_compression_method_t comp,
1093 uint flags) @nogc;
1095 void gnutls_session_enable_compatibility_mode(gnutls_session_t session) @nogc;
1096 //???#define gnutls_record_set_max_empty_records(session, x)
1097 void gnutls_record_set_max_empty_records(gnutls_session_t session, int x) {}
1099 int gnutls_record_can_use_length_hiding(gnutls_session_t session) @nogc;
1101 int gnutls_record_get_direction(gnutls_session_t session) @nogc;
1103 usize gnutls_record_get_max_size(gnutls_session_t session) @nogc;
1104 ssize gnutls_record_set_max_size(gnutls_session_t session, usize size) @nogc;
1106 usize gnutls_record_check_pending(gnutls_session_t session) @nogc;
1107 usize gnutls_record_check_corked(gnutls_session_t session) @nogc;
1109 void gnutls_session_force_valid(gnutls_session_t session) @nogc;
1111 int gnutls_prf(gnutls_session_t session,
1112 usize label_size, const(char)* label,
1113 int server_random_first,
1114 usize extra_size, const(char)* extra,
1115 usize outsize, char *out_) @nogc;
1116 int gnutls_prf_rfc5705(gnutls_session_t session,
1117 usize label_size, const(char)* label,
1118 usize context_size, const(char)* context,
1119 usize outsize, char *out_) @nogc;
1121 int gnutls_prf_raw(gnutls_session_t session,
1122 usize label_size, const(char)* label,
1123 usize seed_size, const(char)* seed,
1124 usize outsize, char *out_) @nogc;
1127 * gnutls_server_name_type_t:
1128 * @GNUTLS_NAME_DNS: Domain Name System name type.
1130 * Enumeration of different server name types.
1132 alias gnutls_server_name_type_t = int;
1133 enum : int {
1134 GNUTLS_NAME_DNS = 1
1137 int gnutls_server_name_set(gnutls_session_t session,
1138 gnutls_server_name_type_t type,
1139 const(void)* name, usize name_length) @nogc;
1141 int gnutls_server_name_get(gnutls_session_t session,
1142 void *data, usize * data_length,
1143 uint *type, uint indx) @nogc;
1145 uint gnutls_heartbeat_get_timeout(gnutls_session_t session) @nogc;
1146 void gnutls_heartbeat_set_timeouts(gnutls_session_t session,
1147 uint retrans_timeout,
1148 uint total_timeout) @nogc;
1150 enum GNUTLS_HB_PEER_ALLOWED_TO_SEND = (1);
1151 enum GNUTLS_HB_PEER_NOT_ALLOWED_TO_SEND = (1<<1);
1153 /* Heartbeat */
1154 void gnutls_heartbeat_enable(gnutls_session_t session, uint type) @nogc;
1156 enum GNUTLS_HB_LOCAL_ALLOWED_TO_SEND = (1<<2);
1157 int gnutls_heartbeat_allowed(gnutls_session_t session, uint type) @nogc;
1159 /* Safe renegotiation */
1160 int gnutls_safe_renegotiation_status(gnutls_session_t session) @nogc;
1161 uint gnutls_session_ext_master_secret_status(gnutls_session_t session) @nogc;
1162 uint gnutls_session_etm_status(gnutls_session_t session) @nogc;
1165 * gnutls_supplemental_data_format_type_t:
1166 * @GNUTLS_SUPPLEMENTAL_UNKNOWN: Unknown data format
1168 * Enumeration of different supplemental data types (RFC 4680).
1170 alias gnutls_supplemental_data_format_type_t = int;
1171 enum : int {
1172 GNUTLS_SUPPLEMENTAL_UNKNOWN = 0,
1175 const(char)* gnutls_supplemental_get_name(gnutls_supplemental_data_format_type_t type) @nogc;
1177 /* SessionTicket, RFC 5077. */
1178 int gnutls_session_ticket_key_generate(gnutls_datum_t * key) @nogc;
1179 int gnutls_session_ticket_enable_client(gnutls_session_t session) @nogc;
1180 int gnutls_session_ticket_enable_server(gnutls_session_t session,
1181 const(gnutls_datum_t)* key) @nogc;
1183 /* SRTP, RFC 5764 */
1186 * gnutls_srtp_profile_t:
1187 * @GNUTLS_SRTP_AES128_CM_HMAC_SHA1_80: 128 bit AES with a 80 bit HMAC-SHA1
1188 * @GNUTLS_SRTP_AES128_CM_HMAC_SHA1_32: 128 bit AES with a 32 bit HMAC-SHA1
1189 * @GNUTLS_SRTP_NULL_HMAC_SHA1_80: NULL cipher with a 80 bit HMAC-SHA1
1190 * @GNUTLS_SRTP_NULL_HMAC_SHA1_32: NULL cipher with a 32 bit HMAC-SHA1
1192 * Enumeration of different SRTP protection profiles.
1194 alias gnutls_srtp_profile_t = int;
1195 enum : int {
1196 GNUTLS_SRTP_AES128_CM_HMAC_SHA1_80 = 0x0001,
1197 GNUTLS_SRTP_AES128_CM_HMAC_SHA1_32 = 0x0002,
1198 GNUTLS_SRTP_NULL_HMAC_SHA1_80 = 0x0005,
1199 GNUTLS_SRTP_NULL_HMAC_SHA1_32 = 0x0006
1202 int gnutls_srtp_set_profile(gnutls_session_t session,
1203 gnutls_srtp_profile_t profile) @nogc;
1204 int gnutls_srtp_set_profile_direct(gnutls_session_t session,
1205 const(char)* profiles,
1206 const(char)* *err_pos) @nogc;
1207 int gnutls_srtp_get_selected_profile(gnutls_session_t session,
1208 gnutls_srtp_profile_t * profile) @nogc;
1210 const(char)* gnutls_srtp_get_profile_name(gnutls_srtp_profile_t profile) @nogc;
1211 int gnutls_srtp_get_profile_id(const(char)* name,
1212 gnutls_srtp_profile_t * profile) @nogc;
1213 int gnutls_srtp_get_keys(gnutls_session_t session,
1214 void *key_material,
1215 uint key_material_size,
1216 gnutls_datum_t * client_key,
1217 gnutls_datum_t * client_salt,
1218 gnutls_datum_t * server_key,
1219 gnutls_datum_t * server_salt) @nogc;
1221 int gnutls_srtp_set_mki(gnutls_session_t session,
1222 const(gnutls_datum_t)* mki) @nogc;
1223 int gnutls_srtp_get_mki(gnutls_session_t session, gnutls_datum_t * mki) @nogc;
1225 /* ALPN TLS extension */
1226 enum GNUTLS_ALPN_MAND = 1;
1227 int gnutls_alpn_get_selected_protocol(gnutls_session_t session,
1228 gnutls_datum_t * protocol) @nogc;
1229 int gnutls_alpn_set_protocols(gnutls_session_t session,
1230 const(gnutls_datum_t)* protocols,
1231 uint protocols_size, uint flags) @nogc;
1233 int gnutls_key_generate(gnutls_datum_t * key, uint key_size) @nogc;
1235 /* if you just want some defaults, use the following.
1238 int gnutls_priority_init(gnutls_priority_t * priority_cache,
1239 const(char)* priorities, const(char)* *err_pos) @nogc;
1240 void gnutls_priority_deinit(gnutls_priority_t priority_cache) @nogc;
1241 int gnutls_priority_get_cipher_suite_index(gnutls_priority_t pcache,
1242 uint idx,
1243 uint *sidx) @nogc;
1245 enum GNUTLS_PRIORITY_LIST_INIT_KEYWORDS = 1;
1246 enum GNUTLS_PRIORITY_LIST_SPECIAL = 2;
1247 const(char)*
1248 gnutls_priority_string_list(uint iter, uint flags) @nogc;
1250 int gnutls_priority_set(gnutls_session_t session,
1251 gnutls_priority_t priority) @nogc;
1252 int gnutls_priority_set_direct(gnutls_session_t session,
1253 const(char)* priorities,
1254 const(char)* *err_pos) @nogc;
1256 int gnutls_priority_certificate_type_list(gnutls_priority_t pcache,
1257 const(uint)* *list) @nogc;
1258 int gnutls_priority_sign_list(gnutls_priority_t pcache,
1259 const(uint)* *list) @nogc;
1260 int gnutls_priority_protocol_list(gnutls_priority_t pcache,
1261 const(uint)* *list) @nogc;
1262 int gnutls_priority_compression_list(gnutls_priority_t pcache,
1263 const(uint)* *list) @nogc;
1264 int gnutls_priority_ecc_curve_list(gnutls_priority_t pcache,
1265 const(uint)* *list) @nogc;
1267 int gnutls_priority_kx_list(gnutls_priority_t pcache,
1268 const(uint)* *list) @nogc;
1269 int gnutls_priority_cipher_list(gnutls_priority_t pcache,
1270 const(uint)* *list) @nogc;
1271 int gnutls_priority_mac_list(gnutls_priority_t pcache,
1272 const(uint)* *list) @nogc;
1274 /* for compatibility
1276 int gnutls_set_default_priority(gnutls_session_t session) @nogc;
1278 /* Returns the name of a cipher suite */
1279 const(char)* gnutls_cipher_suite_get_name(gnutls_kx_algorithm_t
1280 kx_algorithm,
1281 gnutls_cipher_algorithm_t
1282 cipher_algorithm,
1283 gnutls_mac_algorithm_t
1284 mac_algorithm) @nogc;
1286 /* get the currently used protocol version */
1287 gnutls_protocol_t gnutls_protocol_get_version(gnutls_session_t session) @nogc;
1289 const(char)* gnutls_protocol_get_name(gnutls_protocol_t version_) @nogc;
1292 /* get/set session
1294 int gnutls_session_set_data(gnutls_session_t session,
1295 const(void)* session_data,
1296 usize session_data_size) @nogc;
1297 int gnutls_session_get_data(gnutls_session_t session, void *session_data,
1298 usize * session_data_size) @nogc;
1299 int gnutls_session_get_data2(gnutls_session_t session,
1300 gnutls_datum_t * data) @nogc;
1301 void gnutls_session_get_random(gnutls_session_t session,
1302 gnutls_datum_t * client,
1303 gnutls_datum_t * server) @nogc;
1304 char *gnutls_session_get_desc(gnutls_session_t session) @nogc;
1306 //alias gnutls_certificate_verify_function = int function (gnutls_session_t) @nogc;
1307 void gnutls_session_set_verify_function(gnutls_session_t session, gnutls_certificate_verify_function func) /*@nogc*/;
1310 * gnutls_vdata_types_t:
1311 * @GNUTLS_DT_UNKNOWN: Unknown data type.
1312 * @GNUTLS_DT_DNS_HOSTNAME: The data contain a null-terminated DNS hostname; the hostname will be
1313 * matched using the RFC6125 rules.
1314 * @GNUTLS_DT_RFC822NAME: The data contain a null-terminated email address; the email will be
1315 * matched against the RFC822Name field of the certificate, or the EMAIL DN component if the
1316 * former isn't available. Prior to matching the email address will be converted to ACE
1317 * (ASCII-compatible-encoding).
1318 * @GNUTLS_DT_KEY_PURPOSE_OID: The data contain a null-terminated key purpose OID. It will be matched
1319 * against the certificate's Extended Key Usage extension.
1321 * Enumeration of different typed-data options. They are used as input to certificate
1322 * verification functions to provide information about the name and purpose of the
1323 * certificate. Only a single option of a type can be provided to the relevant functions.
1325 alias gnutls_vdata_types_t = int;
1326 enum : int {
1327 GNUTLS_DT_UNKNOWN = 0,
1328 GNUTLS_DT_DNS_HOSTNAME = 1,
1329 GNUTLS_DT_KEY_PURPOSE_OID = 2,
1330 GNUTLS_DT_RFC822NAME = 3
1334 struct gnutls_typed_vdata_st {
1335 gnutls_vdata_types_t type;
1336 ubyte *data;
1337 uint size;
1340 void gnutls_session_set_verify_cert(gnutls_session_t session,
1341 const(char)* hostname, uint flags) @nogc;
1343 void
1344 gnutls_session_set_verify_cert2(gnutls_session_t session,
1345 gnutls_typed_vdata_st * data,
1346 uint elements, uint flags) @nogc;
1348 uint gnutls_session_get_verify_cert_status(gnutls_session_t) @nogc;
1350 int gnutls_session_set_premaster(gnutls_session_t session,
1351 uint entity,
1352 gnutls_protocol_t version_,
1353 gnutls_kx_algorithm_t kx,
1354 gnutls_cipher_algorithm_t cipher,
1355 gnutls_mac_algorithm_t mac,
1356 gnutls_compression_method_t comp,
1357 const(gnutls_datum_t)* master,
1358 const(gnutls_datum_t)* session_id) @nogc;
1360 /* returns the session ID */
1361 enum GNUTLS_MAX_SESSION_ID = 32;
1362 int gnutls_session_get_id(gnutls_session_t session, void *session_id,
1363 usize * session_id_size) @nogc;
1364 int gnutls_session_get_id2(gnutls_session_t session,
1365 gnutls_datum_t * session_id) @nogc;
1367 int gnutls_session_set_id(gnutls_session_t session,
1368 const(gnutls_datum_t)* sid) @nogc;
1370 int gnutls_session_channel_binding(gnutls_session_t session,
1371 gnutls_channel_binding_t cbtype,
1372 gnutls_datum_t * cb) @nogc;
1374 /* checks if this session is a resumed one
1376 int gnutls_session_is_resumed(gnutls_session_t session) @nogc;
1377 int gnutls_session_resumption_requested(gnutls_session_t session) @nogc;
1379 //alias gnutls_db_store_func = int function (void *, gnutls_datum_t key, gnutls_datum_t data) @nogc;
1380 //alias gnutls_db_remove_func = int function (void *, gnutls_datum_t key) @nogc;
1381 //alias gnutls_db_retr_func = gnutls_datum_t function (void *, gnutls_datum_t key) @nogc;
1383 void gnutls_db_set_cache_expiration(gnutls_session_t session, int seconds) @nogc;
1384 uint gnutls_db_get_default_cache_expiration() @nogc;
1386 void gnutls_db_remove_session(gnutls_session_t session) @nogc;
1387 void gnutls_db_set_retrieve_function(gnutls_session_t session,
1388 gnutls_db_retr_func retr_func) /*@nogc*/;
1389 void gnutls_db_set_remove_function(gnutls_session_t session,
1390 gnutls_db_remove_func rem_func) /*@nogc*/;
1391 void gnutls_db_set_store_function(gnutls_session_t session,
1392 gnutls_db_store_func store_func) /*@nogc*/;
1393 void gnutls_db_set_ptr(gnutls_session_t session, void *ptr) @nogc;
1394 void *gnutls_db_get_ptr(gnutls_session_t session) @nogc;
1395 int gnutls_db_check_entry(gnutls_session_t session,
1396 gnutls_datum_t session_entry) @nogc;
1397 time_t gnutls_db_check_entry_time(gnutls_datum_t * entry) @nogc;
1400 * gnutls_handshake_hook_func:
1401 * @session: the current session
1402 * @htype: the type of the handshake message (%gnutls_handshake_description_t)
1403 * @post: non zero if this is a post-process/generation call and zero otherwise
1404 * @incoming: non zero if this is an incoming message and zero if this is an outgoing message
1405 * @msg: the (const) data of the handshake message without the handshake headers.
1407 * Function prototype for handshake hooks. It is set using
1408 * gnutls_handshake_set_hook_function().
1410 * Returns: Non zero on error.
1412 enum GNUTLS_HOOK_POST = (1);
1413 enum GNUTLS_HOOK_PRE = (0);
1414 enum GNUTLS_HOOK_BOTH = (-1);
1416 //alias gnutls_handshake_hook_func = int function (gnutls_session_t, uint htype, uint post, uint incoming, const(gnutls_datum_t)* msg) @nogc;
1417 void gnutls_handshake_set_hook_function(gnutls_session_t session,
1418 uint htype, int post,
1419 gnutls_handshake_hook_func func) /*@nogc*/;
1421 //alias gnutls_handshake_post_client_hello_func = int function (gnutls_session_t) @nogc;
1422 void
1423 gnutls_handshake_set_post_client_hello_function(gnutls_session_t session,
1424 gnutls_handshake_post_client_hello_func
1425 func) /*@nogc*/;
1427 void gnutls_handshake_set_max_packet_length(gnutls_session_t session,
1428 usize max) @nogc;
1430 /* returns libgnutls version (call it with a NULL argument)
1432 const(char)* gnutls_check_version(const(char)* req_version) @nogc;
1434 /* Functions for setting/clearing credentials
1436 void gnutls_credentials_clear(gnutls_session_t session) @nogc;
1438 /* cred is a structure defined by the kx algorithm
1440 int gnutls_credentials_set(gnutls_session_t session,
1441 gnutls_credentials_type_t type, void *cred) @nogc;
1442 int gnutls_credentials_get(gnutls_session_t session,
1443 gnutls_credentials_type_t type, void **cred) @nogc;
1444 alias gnutls_cred_set = gnutls_credentials_set;
1446 /* x.509 types */
1448 struct gnutls_pubkey_st {}
1449 alias gnutls_pubkey_t = gnutls_pubkey_st*;
1451 struct gnutls_privkey_st {}
1452 alias gnutls_privkey_t = gnutls_privkey_st*;
1454 //struct gnutls_x509_privkey_int {}
1455 alias gnutls_x509_privkey_t = gnutls_x509_privkey_int*;
1457 struct gnutls_x509_crl_int {}
1458 alias gnutls_x509_crl_t = gnutls_x509_crl_int*;
1460 struct gnutls_x509_crt_int {}
1461 alias gnutls_x509_crt_t = gnutls_x509_crt_int*;
1463 struct gnutls_x509_crq_int {}
1464 alias gnutls_x509_crq_t = gnutls_x509_crq_int*;
1466 struct gnutls_openpgp_keyring_int {}
1467 alias gnutls_openpgp_keyring_t = gnutls_openpgp_keyring_int*;
1470 /* Credential structures - used in gnutls_credentials_set() @nogc; */
1472 struct gnutls_certificate_credentials_st {}
1473 alias gnutls_certificate_credentials_t = gnutls_certificate_credentials_st*;
1474 alias gnutls_certificate_server_credentials = gnutls_certificate_credentials_t;
1475 alias gnutls_certificate_client_credentials = gnutls_certificate_credentials_t;
1477 struct gnutls_anon_server_credentials_st {}
1478 struct gnutls_anon_client_credentials_st {}
1479 alias gnutls_anon_server_credentials_t = gnutls_anon_server_credentials_st*;
1480 alias gnutls_anon_client_credentials_t = gnutls_anon_client_credentials_st*;
1482 void gnutls_anon_free_server_credentials(gnutls_anon_server_credentials_t
1483 sc) @nogc;
1485 gnutls_anon_allocate_server_credentials(gnutls_anon_server_credentials_t
1486 * sc) @nogc;
1488 void gnutls_anon_set_server_dh_params(gnutls_anon_server_credentials_t res,
1489 gnutls_dh_params_t dh_params) @nogc;
1491 void
1492 gnutls_anon_set_server_params_function(gnutls_anon_server_credentials_t
1493 res, gnutls_params_function func) /*@nogc*/;
1495 void
1496 gnutls_anon_free_client_credentials(gnutls_anon_client_credentials_t sc) @nogc;
1498 gnutls_anon_allocate_client_credentials(gnutls_anon_client_credentials_t
1499 * sc) @nogc;
1501 /* CERTFILE is an x509 certificate in PEM form.
1502 * KEYFILE is a pkcs-1 private key in PEM form (for RSA keys).
1504 void
1505 gnutls_certificate_free_credentials(gnutls_certificate_credentials_t sc) @nogc;
1507 gnutls_certificate_allocate_credentials(gnutls_certificate_credentials_t
1508 * res) @nogc;
1511 gnutls_certificate_get_issuer(gnutls_certificate_credentials_t sc,
1512 gnutls_x509_crt_t cert,
1513 gnutls_x509_crt_t * issuer,
1514 uint flags) @nogc;
1516 int gnutls_certificate_get_crt_raw(gnutls_certificate_credentials_t sc,
1517 uint idx1, uint idx2,
1518 gnutls_datum_t * cert) @nogc;
1521 gnutls_certificate_get_x509_crt(gnutls_certificate_credentials_t res,
1522 uint index,
1523 gnutls_x509_crt_t **crt_list,
1524 uint *crt_list_size) @nogc;
1527 gnutls_certificate_get_x509_key(gnutls_certificate_credentials_t res,
1528 uint index,
1529 gnutls_x509_privkey_t *key) @nogc;
1531 void gnutls_certificate_free_keys(gnutls_certificate_credentials_t sc) @nogc;
1532 void gnutls_certificate_free_cas(gnutls_certificate_credentials_t sc) @nogc;
1533 void gnutls_certificate_free_ca_names(gnutls_certificate_credentials_t sc) @nogc;
1534 void gnutls_certificate_free_crls(gnutls_certificate_credentials_t sc) @nogc;
1536 void gnutls_certificate_set_dh_params(gnutls_certificate_credentials_t res,
1537 gnutls_dh_params_t dh_params) @nogc;
1538 void gnutls_certificate_set_verify_flags(gnutls_certificate_credentials_t
1539 res, uint flags) @nogc;
1540 uint
1541 gnutls_certificate_get_verify_flags(gnutls_certificate_credentials_t res) @nogc;
1544 * gnutls_certificate_flags:
1545 * @GNUTLS_CERTIFICATE_SKIP_KEY_CERT_MATCH: Skip the key and certificate matching check.
1547 * Enumeration of different certificate credentials flags.
1549 alias gnutls_certificate_flags = int;
1550 enum : int {
1551 GNUTLS_CERTIFICATE_SKIP_KEY_CERT_MATCH = 1
1554 void gnutls_certificate_set_flags(gnutls_certificate_credentials_t,
1555 uint flags) @nogc;
1557 void gnutls_certificate_set_verify_limits(gnutls_certificate_credentials_t
1558 res, uint max_bits,
1559 uint max_depth) @nogc;
1561 uint
1562 gnutls_certificate_get_verify_flags(gnutls_certificate_credentials_t) @nogc;
1565 gnutls_certificate_set_x509_system_trust(gnutls_certificate_credentials_t
1566 cred) @nogc;
1569 gnutls_certificate_set_x509_trust_file(gnutls_certificate_credentials_t
1570 cred, const(char)* cafile,
1571 gnutls_x509_crt_fmt_t type) @nogc;
1573 gnutls_certificate_set_x509_trust_dir(gnutls_certificate_credentials_t cred,
1574 const(char)* ca_dir,
1575 gnutls_x509_crt_fmt_t type) @nogc;
1577 int gnutls_certificate_set_x509_trust_mem(gnutls_certificate_credentials_t
1578 res, const(gnutls_datum_t)* ca,
1579 gnutls_x509_crt_fmt_t type) @nogc;
1582 gnutls_certificate_set_x509_crl_file(gnutls_certificate_credentials_t
1583 res, const(char)* crlfile,
1584 gnutls_x509_crt_fmt_t type) @nogc;
1585 int gnutls_certificate_set_x509_crl_mem(gnutls_certificate_credentials_t
1586 res, const(gnutls_datum_t)* CRL,
1587 gnutls_x509_crt_fmt_t type) @nogc;
1590 gnutls_certificate_set_x509_key_file(gnutls_certificate_credentials_t
1591 res, const(char)* certfile,
1592 const(char)* keyfile,
1593 gnutls_x509_crt_fmt_t type) @nogc;
1596 gnutls_certificate_set_x509_key_file2(gnutls_certificate_credentials_t
1597 res, const(char)* certfile,
1598 const(char)* keyfile,
1599 gnutls_x509_crt_fmt_t type,
1600 const(char)* pass,
1601 uint flags) @nogc;
1603 int gnutls_certificate_set_x509_key_mem(gnutls_certificate_credentials_t
1604 res, const(gnutls_datum_t)* cert,
1605 const(gnutls_datum_t)* key,
1606 gnutls_x509_crt_fmt_t type) @nogc;
1608 int gnutls_certificate_set_x509_key_mem2(gnutls_certificate_credentials_t
1609 res, const(gnutls_datum_t)* cert,
1610 const(gnutls_datum_t)* key,
1611 gnutls_x509_crt_fmt_t type,
1612 const(char)* pass,
1613 uint flags) @nogc;
1615 void gnutls_certificate_send_x509_rdn_sequence(gnutls_session_t session,
1616 int status) @nogc;
1619 gnutls_certificate_set_x509_simple_pkcs12_file
1620 (gnutls_certificate_credentials_t res, const(char)* pkcs12file,
1621 gnutls_x509_crt_fmt_t type, const(char)* password) @nogc;
1623 gnutls_certificate_set_x509_simple_pkcs12_mem
1624 (gnutls_certificate_credentials_t res, const(gnutls_datum_t)* p12blob,
1625 gnutls_x509_crt_fmt_t type, const(char)* password) @nogc;
1627 /* New functions to allow setting already parsed X.509 stuff.
1630 int gnutls_certificate_set_x509_key(gnutls_certificate_credentials_t res,
1631 gnutls_x509_crt_t * cert_list,
1632 int cert_list_size,
1633 gnutls_x509_privkey_t key) @nogc;
1634 int gnutls_certificate_set_x509_trust(gnutls_certificate_credentials_t res,
1635 gnutls_x509_crt_t * ca_list,
1636 int ca_list_size) @nogc;
1637 int gnutls_certificate_set_x509_crl(gnutls_certificate_credentials_t res,
1638 gnutls_x509_crl_t * crl_list,
1639 int crl_list_size) @nogc;
1641 int gnutls_certificate_get_x509_key(gnutls_certificate_credentials_t res,
1642 uint index,
1643 gnutls_x509_privkey_t *key) @nogc;
1644 int gnutls_certificate_get_x509_crt(gnutls_certificate_credentials_t res,
1645 uint index,
1646 gnutls_x509_crt_t **crt_list,
1647 uint *crt_list_size) @nogc;
1649 /* OCSP status request extension, RFC 6066 */
1650 alias gnutls_status_request_ocsp_func = int function
1651 (gnutls_session_t session, void *ptr, gnutls_datum_t * ocsp_response) @nogc;
1653 void
1654 gnutls_certificate_set_ocsp_status_request_function
1655 (gnutls_certificate_credentials_t res,
1656 gnutls_status_request_ocsp_func ocsp_func, void *ptr) /*@nogc*/;
1659 gnutls_certificate_set_ocsp_status_request_file
1660 (gnutls_certificate_credentials_t res, const(char)* response_file,
1661 uint flags) @nogc;
1663 int gnutls_ocsp_status_request_enable_client(gnutls_session_t session,
1664 gnutls_datum_t * responder_id,
1665 usize responder_id_size,
1666 gnutls_datum_t *
1667 request_extensions) @nogc;
1669 int gnutls_ocsp_status_request_get(gnutls_session_t session,
1670 gnutls_datum_t * response) @nogc;
1672 enum GNUTLS_OCSP_SR_IS_AVAIL = 1;
1673 int gnutls_ocsp_status_request_is_checked(gnutls_session_t session,
1674 uint flags) @nogc;
1676 /* global state functions
1678 int gnutls_global_init() @nogc;
1679 void gnutls_global_deinit() @nogc;
1682 * gnutls_time_func:
1683 * @t: where to store time.
1685 * Function prototype for time()-like function. Set with
1686 * gnutls_global_set_time_function().
1688 * Returns: Number of seconds since the epoch, or (time_t)-1 on errors.
1690 //alias gnutls_time_func = time_t function (time_t * t) @nogc;
1692 //alias mutex_init_func = int function (void **mutex) @nogc;
1693 //alias mutex_lock_func = int function (void **mutex) @nogc;
1694 //alias mutex_unlock_func = int function (void **mutex) @nogc;
1695 //alias mutex_deinit_func = int function (void **mutex) @nogc;
1697 void gnutls_global_set_mutex(mutex_init_func init,
1698 mutex_deinit_func deinit,
1699 mutex_lock_func lock,
1700 mutex_unlock_func unlock) /*@nogc*/;
1702 //alias gnutls_alloc_function = void * function (usize) @nogc;
1703 //alias gnutls_calloc_function = void * function (usize, usize) @nogc;
1704 //alias gnutls_is_secure_function = int function (const(void)* ) @nogc;
1705 //alias gnutls_free_function = void function (void *) @nogc;
1706 //alias gnutls_realloc_function = void * function (void *, usize) @nogc;
1708 void gnutls_global_set_time_function(gnutls_time_func time_func) /*@nogc*/;
1710 /* For use in callbacks */
1711 extern __gshared /*_SYM_EXPORT*/ gnutls_alloc_function gnutls_malloc;
1712 extern __gshared /*_SYM_EXPORT*/ gnutls_realloc_function gnutls_realloc;
1713 extern __gshared /*_SYM_EXPORT*/ gnutls_calloc_function gnutls_calloc;
1714 extern __gshared /*_SYM_EXPORT*/ gnutls_free_function gnutls_free;
1716 extern __gshared /*_SYM_EXPORT*/ char * function (const(char)* ) gnutls_strdup;
1718 /* a variant of memset that doesn't get optimized out */
1719 void gnutls_memset(void *data, int c, usize size) @nogc;
1721 /* constant time memcmp */
1722 int gnutls_memcmp(const(void)* s1, const(void)* s2, usize n) @nogc;
1724 //alias gnutls_log_func = void function (int, const(char)* ) @nogc;
1725 //alias gnutls_audit_log_func = void function (gnutls_session_t, const(char)* ) @nogc;
1726 void gnutls_global_set_log_function(gnutls_log_func log_func) /*@nogc*/;
1727 void gnutls_global_set_audit_log_function(gnutls_audit_log_func log_func) /*@nogc*/;
1728 void gnutls_global_set_log_level(int level) @nogc;
1730 /* Diffie-Hellman parameter handling.
1732 int gnutls_dh_params_init(gnutls_dh_params_t * dh_params) @nogc;
1733 void gnutls_dh_params_deinit(gnutls_dh_params_t dh_params) @nogc;
1734 int gnutls_dh_params_import_raw(gnutls_dh_params_t dh_params,
1735 const(gnutls_datum_t)* prime,
1736 const(gnutls_datum_t)* generator) @nogc;
1737 int gnutls_dh_params_import_raw2(gnutls_dh_params_t dh_params,
1738 const(gnutls_datum_t)* prime,
1739 const(gnutls_datum_t)* generator,
1740 uint key_bits) @nogc;
1741 int gnutls_dh_params_import_pkcs3(gnutls_dh_params_t params,
1742 const(gnutls_datum_t)* pkcs3_params,
1743 gnutls_x509_crt_fmt_t format) @nogc;
1744 int gnutls_dh_params_generate2(gnutls_dh_params_t params,
1745 uint bits) @nogc;
1746 int gnutls_dh_params_export_pkcs3(gnutls_dh_params_t params,
1747 gnutls_x509_crt_fmt_t format,
1748 ubyte *params_data,
1749 usize * params_data_size) @nogc;
1750 int gnutls_dh_params_export2_pkcs3(gnutls_dh_params_t params,
1751 gnutls_x509_crt_fmt_t format,
1752 gnutls_datum_t * out_) @nogc;
1753 int gnutls_dh_params_export_raw(gnutls_dh_params_t params,
1754 gnutls_datum_t * prime,
1755 gnutls_datum_t * generator,
1756 uint *bits) @nogc;
1757 int gnutls_dh_params_cpy(gnutls_dh_params_t dst, gnutls_dh_params_t src) @nogc;
1761 /* Session stuff
1763 struct giovec_t {
1764 void *iov_base; /* Starting address */
1765 usize iov_len; /* Number of bytes to transfer */
1768 //alias gnutls_pull_func = ssize function (gnutls_transport_ptr_t, void *, usize) @nogc;
1769 //alias gnutls_push_func = ssize function (gnutls_transport_ptr_t, const(void)* , usize) @nogc;
1771 int gnutls_system_recv_timeout(gnutls_transport_ptr_t ptr, uint ms) @nogc;
1772 //alias gnutls_pull_timeout_func = int function (gnutls_transport_ptr_t, uint ms) @nogc;
1774 //alias gnutls_vec_push_func = ssize function (gnutls_transport_ptr_t, const(giovec_t)* iov, int iovcnt) @nogc;
1776 //alias gnutls_errno_func = int function (gnutls_transport_ptr_t) @nogc;
1779 #if 0
1780 /* This will be defined as macro. */
1781 void gnutls_transport_set_int (gnutls_session_t session, int r) @nogc;
1782 #endif
1785 void gnutls_transport_set_int2(gnutls_session_t session, int r, int s) @nogc;
1786 //#define gnutls_transport_set_int(s, i) gnutls_transport_set_int2(s, i, i)
1787 void gnutls_transport_set_int(gnutls_session_t session, int i) { gnutls_transport_set_int2(session, i, i); }
1789 void gnutls_transport_get_int2(gnutls_session_t session, int *r, int *s) @nogc;
1790 int gnutls_transport_get_int(gnutls_session_t session) @nogc;
1792 void gnutls_transport_set_ptr(gnutls_session_t session,
1793 gnutls_transport_ptr_t ptr) @nogc;
1794 void gnutls_transport_set_ptr2(gnutls_session_t session,
1795 gnutls_transport_ptr_t recv_ptr,
1796 gnutls_transport_ptr_t send_ptr) @nogc;
1798 gnutls_transport_ptr_t gnutls_transport_get_ptr(gnutls_session_t session) @nogc;
1799 void gnutls_transport_get_ptr2(gnutls_session_t session,
1800 gnutls_transport_ptr_t * recv_ptr,
1801 gnutls_transport_ptr_t * send_ptr) @nogc;
1803 void gnutls_transport_set_vec_push_function(gnutls_session_t session,
1804 gnutls_vec_push_func vec_func) /*@nogc*/;
1805 void gnutls_transport_set_push_function(gnutls_session_t session,
1806 gnutls_push_func push_func) /*@nogc*/;
1807 void gnutls_transport_set_pull_function(gnutls_session_t session,
1808 gnutls_pull_func pull_func) /*@nogc*/;
1810 void gnutls_transport_set_pull_timeout_function(gnutls_session_t session,
1811 gnutls_pull_timeout_func
1812 func) /*@nogc*/;
1814 void gnutls_transport_set_errno_function(gnutls_session_t session,
1815 gnutls_errno_func errno_func) /*@nogc*/;
1817 void gnutls_transport_set_errno(gnutls_session_t session, int err) @nogc;
1819 /* session specific
1821 void gnutls_session_set_ptr(gnutls_session_t session, void *ptr) @nogc;
1822 void *gnutls_session_get_ptr(gnutls_session_t session) @nogc;
1824 void gnutls_openpgp_send_cert(gnutls_session_t session,
1825 gnutls_openpgp_crt_status_t status) @nogc;
1827 /* This function returns the hash of the given data.
1829 int gnutls_fingerprint(gnutls_digest_algorithm_t algo,
1830 const(gnutls_datum_t)* data, void *result,
1831 usize * result_size) @nogc;
1834 * gnutls_random_art_t:
1835 * @GNUTLS_RANDOM_ART_OPENSSH: OpenSSH-style random art.
1837 * Enumeration of different random art types.
1839 //alias gnutls_random_art = gnutls_random_art_t;
1840 alias gnutls_random_art_t = int;
1841 enum : int {
1842 GNUTLS_RANDOM_ART_OPENSSH = 1
1845 int gnutls_random_art(gnutls_random_art_t type,
1846 const(char)* key_type, uint key_size,
1847 void *fpr, usize fpr_size, gnutls_datum_t * art) @nogc;
1849 /* SRP
1852 struct gnutls_srp_server_credentials_st {}
1853 struct gnutls_srp_client_credentials_st {}
1854 alias gnutls_srp_server_credentials_t = gnutls_srp_server_credentials_st*;
1855 alias gnutls_srp_client_credentials_t = gnutls_srp_client_credentials_st*;
1857 void
1858 gnutls_srp_free_client_credentials(gnutls_srp_client_credentials_t sc) @nogc;
1860 gnutls_srp_allocate_client_credentials(gnutls_srp_client_credentials_t *
1861 sc) @nogc;
1862 int gnutls_srp_set_client_credentials(gnutls_srp_client_credentials_t res,
1863 const(char)* username,
1864 const(char)* password) @nogc;
1866 void
1867 gnutls_srp_free_server_credentials(gnutls_srp_server_credentials_t sc) @nogc;
1869 gnutls_srp_allocate_server_credentials(gnutls_srp_server_credentials_t *
1870 sc) @nogc;
1871 int gnutls_srp_set_server_credentials_file(gnutls_srp_server_credentials_t
1872 res, const(char)* password_file,
1873 const(char)* password_conf_file) @nogc;
1875 const(char)* gnutls_srp_server_get_username(gnutls_session_t session) @nogc;
1877 void gnutls_srp_set_prime_bits(gnutls_session_t session,
1878 uint bits) @nogc;
1880 int gnutls_srp_verifier(const(char)* username,
1881 const(char)* password,
1882 const(gnutls_datum_t)* salt,
1883 const(gnutls_datum_t)* generator,
1884 const(gnutls_datum_t)* prime,
1885 gnutls_datum_t * res) @nogc;
1887 /* The static parameters defined in draft-ietf-tls-srp-05
1888 * Those should be used as input to gnutls_srp_verifier().
1890 extern __gshared /*_SYM_EXPORT*/ const gnutls_datum_t gnutls_srp_4096_group_prime;
1891 extern __gshared /*_SYM_EXPORT*/ const gnutls_datum_t gnutls_srp_4096_group_generator;
1893 extern __gshared /*_SYM_EXPORT*/ const gnutls_datum_t gnutls_srp_3072_group_prime;
1894 extern __gshared /*_SYM_EXPORT*/ const gnutls_datum_t gnutls_srp_3072_group_generator;
1896 extern __gshared /*_SYM_EXPORT*/ const gnutls_datum_t gnutls_srp_2048_group_prime;
1897 extern __gshared /*_SYM_EXPORT*/ const gnutls_datum_t gnutls_srp_2048_group_generator;
1899 extern __gshared /*_SYM_EXPORT*/ const gnutls_datum_t gnutls_srp_1536_group_prime;
1900 extern __gshared /*_SYM_EXPORT*/ const gnutls_datum_t gnutls_srp_1536_group_generator;
1902 extern __gshared /*_SYM_EXPORT*/ const gnutls_datum_t gnutls_srp_1024_group_prime;
1903 extern __gshared /*_SYM_EXPORT*/ const gnutls_datum_t gnutls_srp_1024_group_generator;
1905 /*alias gnutls_srp_server_credentials_function = int function (gnutls_session_t,
1906 const(char)* username,
1907 gnutls_datum_t * salt,
1908 gnutls_datum_t *
1909 verifier,
1910 gnutls_datum_t *
1911 generator,
1912 gnutls_datum_t * prime) @nogc;*/
1913 void
1914 gnutls_srp_set_server_credentials_function(gnutls_srp_server_credentials_t
1915 cred,
1916 gnutls_srp_server_credentials_function func) /*@nogc*/;
1918 //alias gnutls_srp_client_credentials_function = int function (gnutls_session_t, char **, char **) @nogc;
1919 void
1920 gnutls_srp_set_client_credentials_function(gnutls_srp_client_credentials_t
1921 cred,
1922 gnutls_srp_client_credentials_function func) /*@nogc*/;
1924 int gnutls_srp_base64_encode(const(gnutls_datum_t)* data, char *result,
1925 usize * result_size) @nogc;
1926 int gnutls_srp_base64_encode2(const(gnutls_datum_t)* data,
1927 gnutls_datum_t * result) @nogc;
1929 int gnutls_srp_base64_decode(const(gnutls_datum_t)* b64_data, char *result,
1930 usize * result_size) @nogc;
1931 int gnutls_srp_base64_decode2(const(gnutls_datum_t)* b64_data,
1932 gnutls_datum_t * result) @nogc;
1934 alias gnutls_srp_base64_encode_alloc = gnutls_srp_base64_encode2;
1935 alias gnutls_srp_base64_decode_alloc = gnutls_srp_base64_decode2;
1937 void
1938 gnutls_srp_set_server_fake_salt_seed(gnutls_srp_server_credentials_t
1940 const(gnutls_datum_t)* seed,
1941 uint salt_length) @nogc;
1943 /* PSK stuff */
1944 struct gnutls_psk_server_credentials_st {}
1945 struct gnutls_psk_client_credentials_st {}
1946 alias gnutls_psk_server_credentials_t = gnutls_psk_server_credentials_st*;
1947 alias gnutls_psk_client_credentials_t = gnutls_psk_client_credentials_st*;
1950 * gnutls_psk_key_flags:
1951 * @GNUTLS_PSK_KEY_RAW: PSK-key in raw format.
1952 * @GNUTLS_PSK_KEY_HEX: PSK-key in hex format.
1954 * Enumeration of different PSK key flags.
1956 alias gnutls_psk_key_flags = int;
1957 enum : int {
1958 GNUTLS_PSK_KEY_RAW = 0,
1959 GNUTLS_PSK_KEY_HEX
1962 void
1963 gnutls_psk_free_client_credentials(gnutls_psk_client_credentials_t sc) @nogc;
1965 gnutls_psk_allocate_client_credentials(gnutls_psk_client_credentials_t *
1966 sc) @nogc;
1967 int gnutls_psk_set_client_credentials(gnutls_psk_client_credentials_t res,
1968 const(char)* username,
1969 const(gnutls_datum_t)* key,
1970 gnutls_psk_key_flags flags) @nogc;
1972 void
1973 gnutls_psk_free_server_credentials(gnutls_psk_server_credentials_t sc) @nogc;
1975 gnutls_psk_allocate_server_credentials(gnutls_psk_server_credentials_t *
1976 sc) @nogc;
1977 int gnutls_psk_set_server_credentials_file(gnutls_psk_server_credentials_t
1978 res, const(char)* password_file) @nogc;
1981 gnutls_psk_set_server_credentials_hint(gnutls_psk_server_credentials_t
1982 res, const(char)* hint) @nogc;
1984 const(char)* gnutls_psk_server_get_username(gnutls_session_t session) @nogc;
1985 const(char)* gnutls_psk_client_get_hint(gnutls_session_t session) @nogc;
1987 //alias gnutls_psk_server_credentials_function = int function (gnutls_session_t, const(char)* username, gnutls_datum_t* key) @nogc;
1988 void
1989 gnutls_psk_set_server_credentials_function(gnutls_psk_server_credentials_t
1990 cred,
1991 gnutls_psk_server_credentials_function func) /*@nogc*/;
1993 //alias gnutls_psk_client_credentials_function = int function (gnutls_session_t, char** username, gnutls_datum_t* key) @nogc;
1994 void
1995 gnutls_psk_set_client_credentials_function(gnutls_psk_client_credentials_t
1996 cred,
1997 gnutls_psk_client_credentials_function func) /*@nogc*/;
1999 int gnutls_hex_encode(const(gnutls_datum_t)* data, char *result,
2000 usize * result_size) @nogc;
2001 int gnutls_hex_decode(const(gnutls_datum_t)* hex_data, void *result,
2002 usize * result_size) @nogc;
2004 int gnutls_hex_encode2(const(gnutls_datum_t)* data, gnutls_datum_t *result) @nogc;
2005 int gnutls_hex_decode2(const(gnutls_datum_t)* data, gnutls_datum_t *result) @nogc;
2007 void
2008 gnutls_psk_set_server_dh_params(gnutls_psk_server_credentials_t res,
2009 gnutls_dh_params_t dh_params) @nogc;
2011 void
2012 gnutls_psk_set_server_params_function(gnutls_psk_server_credentials_t
2013 res, gnutls_params_function func) /*@nogc*/;
2016 * gnutls_x509_subject_alt_name_t:
2017 * @GNUTLS_SAN_DNSNAME: DNS-name SAN.
2018 * @GNUTLS_SAN_RFC822NAME: E-mail address SAN.
2019 * @GNUTLS_SAN_URI: URI SAN.
2020 * @GNUTLS_SAN_IPADDRESS: IP address SAN.
2021 * @GNUTLS_SAN_OTHERNAME: OtherName SAN.
2022 * @GNUTLS_SAN_DN: DN SAN.
2023 * @GNUTLS_SAN_OTHERNAME_XMPP: Virtual SAN, used by
2024 * gnutls_x509_crt_get_subject_alt_othername_oid.
2026 * Enumeration of different subject alternative names types.
2028 alias gnutls_x509_subject_alt_name_t = int;
2029 enum : int {
2030 GNUTLS_SAN_DNSNAME = 1,
2031 GNUTLS_SAN_RFC822NAME = 2,
2032 GNUTLS_SAN_URI = 3,
2033 GNUTLS_SAN_IPADDRESS = 4,
2034 GNUTLS_SAN_OTHERNAME = 5,
2035 GNUTLS_SAN_DN = 6,
2036 /* The following are "virtual" subject alternative name types, in
2037 that they are represented by an otherName value and an OID.
2038 Used by gnutls_x509_crt_get_subject_alt_othername_oid. */
2039 GNUTLS_SAN_OTHERNAME_XMPP = 1000
2042 struct gnutls_openpgp_crt_int;
2043 alias gnutls_openpgp_crt_t = gnutls_openpgp_crt_int*;
2045 struct gnutls_openpgp_privkey_int;
2046 alias gnutls_openpgp_privkey_t = gnutls_openpgp_privkey_int*;
2048 struct gnutls_pkcs11_privkey_st;
2049 alias gnutls_pkcs11_privkey_t = gnutls_pkcs11_privkey_st*;
2052 * gnutls_privkey_type_t:
2053 * @GNUTLS_PRIVKEY_X509: X.509 private key, #gnutls_x509_privkey_t.
2054 * @GNUTLS_PRIVKEY_OPENPGP: OpenPGP private key, #gnutls_openpgp_privkey_t.
2055 * @GNUTLS_PRIVKEY_PKCS11: PKCS11 private key, #gnutls_pkcs11_privkey_t.
2056 * @GNUTLS_PRIVKEY_EXT: External private key, operating using callbacks.
2058 * Enumeration of different private key types.
2060 alias gnutls_privkey_type_t = int;
2061 enum : int {
2062 GNUTLS_PRIVKEY_X509,
2063 GNUTLS_PRIVKEY_OPENPGP,
2064 GNUTLS_PRIVKEY_PKCS11,
2065 GNUTLS_PRIVKEY_EXT
2068 union gnutls_retr2_st_cert_union {
2069 gnutls_x509_crt_t *x509;
2070 gnutls_openpgp_crt_t pgp;
2073 union gnutls_retr2_st_key_union {
2074 gnutls_x509_privkey_t x509;
2075 gnutls_openpgp_privkey_t pgp;
2076 gnutls_pkcs11_privkey_t pkcs11;
2079 struct gnutls_retr2_st {
2080 gnutls_certificate_type_t cert_type;
2081 gnutls_privkey_type_t key_type;
2083 gnutls_retr2_st_cert_union cert;
2084 uint ncerts; /* one for pgp keys */
2086 gnutls_retr2_st_key_union key;
2088 uint deinit_all; /* if non zero all keys will be deinited */
2092 /* Functions that allow auth_info_t structures handling
2095 gnutls_credentials_type_t gnutls_auth_get_type(gnutls_session_t session) @nogc;
2096 gnutls_credentials_type_t
2097 gnutls_auth_server_get_type(gnutls_session_t session) @nogc;
2098 gnutls_credentials_type_t
2099 gnutls_auth_client_get_type(gnutls_session_t session) @nogc;
2101 /* DH */
2103 void gnutls_dh_set_prime_bits(gnutls_session_t session, uint bits) @nogc;
2104 int gnutls_dh_get_secret_bits(gnutls_session_t session) @nogc;
2105 int gnutls_dh_get_peers_public_bits(gnutls_session_t session) @nogc;
2106 int gnutls_dh_get_prime_bits(gnutls_session_t session) @nogc;
2108 int gnutls_dh_get_group(gnutls_session_t session, gnutls_datum_t * raw_gen,
2109 gnutls_datum_t * raw_prime) @nogc;
2110 int gnutls_dh_get_pubkey(gnutls_session_t session,
2111 gnutls_datum_t * raw_key) @nogc;
2113 /* X509PKI */
2116 /* These are set on the credentials structure.
2119 /* use gnutls_certificate_set_retrieve_function2() in abstract.h
2120 * instead. It's much more efficient.
2123 //alias gnutls_certificate_retrieve_function = int function (gnutls_session_t, const(gnutls_datum_t)* req_ca_rdn, int nreqs, const(gnutls_pk_algorithm_t)* pk_algos, int pk_algos_length, gnutls_retr2_st*) @nogc;
2125 void
2126 gnutls_certificate_set_retrieve_function(gnutls_certificate_credentials_t
2127 cred,
2128 gnutls_certificate_retrieve_function func) /*@nogc*/;
2130 void
2131 gnutls_certificate_set_verify_function(gnutls_certificate_credentials_t
2132 cred,
2133 gnutls_certificate_verify_function func) /*@nogc*/;
2135 void
2136 gnutls_certificate_server_set_request(gnutls_session_t session,
2137 gnutls_certificate_request_t req) @nogc;
2139 /* get data from the session
2141 const(gnutls_datum_t)* gnutls_certificate_get_peers(gnutls_session_t
2142 session, uint
2143 *list_size) @nogc;
2144 const(gnutls_datum_t)* gnutls_certificate_get_ours(gnutls_session_t
2145 session) @nogc;
2147 int gnutls_certificate_get_peers_subkey_id(gnutls_session_t session,
2148 gnutls_datum_t * id) @nogc;
2150 time_t gnutls_certificate_activation_time_peers(gnutls_session_t session) @nogc;
2151 time_t gnutls_certificate_expiration_time_peers(gnutls_session_t session) @nogc;
2153 int gnutls_certificate_client_get_request_status(gnutls_session_t session) @nogc;
2154 int gnutls_certificate_verify_peers2(gnutls_session_t session,
2155 uint *status) @nogc;
2156 int gnutls_certificate_verify_peers3(gnutls_session_t session,
2157 const(char)* hostname,
2158 uint *status) @nogc;
2161 gnutls_certificate_verify_peers(gnutls_session_t session,
2162 gnutls_typed_vdata_st * data,
2163 uint elements,
2164 uint *status) @nogc;
2166 int gnutls_certificate_verification_status_print(uint status,
2167 gnutls_certificate_type_t
2168 type,
2169 gnutls_datum_t * out_,
2170 uint flags) @nogc;
2172 int gnutls_pem_base64_encode(const(char)* msg, const(gnutls_datum_t)* data,
2173 char *result, usize * result_size) @nogc;
2174 int gnutls_pem_base64_decode(const(char)* header,
2175 const(gnutls_datum_t)* b64_data,
2176 ubyte *result, usize * result_size) @nogc;
2178 int gnutls_pem_base64_encode2(const(char)* msg,
2179 const(gnutls_datum_t)* data,
2180 gnutls_datum_t * result) @nogc;
2181 int gnutls_pem_base64_decode2(const(char)* header,
2182 const(gnutls_datum_t)* b64_data,
2183 gnutls_datum_t * result) @nogc;
2185 alias gnutls_pem_base64_encode_alloc = gnutls_pem_base64_encode2;
2186 alias gnutls_pem_base64_decode_alloc = gnutls_pem_base64_decode2;
2188 /* key_usage will be an OR of the following values:
2191 /* when the key is to be used for signing: */
2192 enum GNUTLS_KEY_DIGITAL_SIGNATURE = 128;
2193 enum GNUTLS_KEY_NON_REPUDIATION = 64;
2194 /* when the key is to be used for encryption: */
2195 enum GNUTLS_KEY_KEY_ENCIPHERMENT = 32;
2196 enum GNUTLS_KEY_DATA_ENCIPHERMENT = 16;
2197 enum GNUTLS_KEY_KEY_AGREEMENT = 8;
2198 enum GNUTLS_KEY_KEY_CERT_SIGN = 4;
2199 enum GNUTLS_KEY_CRL_SIGN = 2;
2200 enum GNUTLS_KEY_ENCIPHER_ONLY = 1;
2201 enum GNUTLS_KEY_DECIPHER_ONLY = 32768;
2203 void
2204 gnutls_certificate_set_params_function(gnutls_certificate_credentials_t
2205 res, gnutls_params_function func) /*@nogc*/;
2206 void gnutls_anon_set_params_function(gnutls_anon_server_credentials_t res,
2207 gnutls_params_function func) /*@nogc*/;
2208 void gnutls_psk_set_params_function(gnutls_psk_server_credentials_t res,
2209 gnutls_params_function func) /*@nogc*/;
2211 int gnutls_hex2bin(const(char)* hex_data, usize hex_size,
2212 void *bin_data, usize * bin_size) @nogc;
2214 /* Trust on first use (or ssh like) functions */
2216 /* stores the provided information to a database
2218 //alias gnutls_tdb_store_func = int function (const(char)* db_name, const(char)* host, const(char)* service, time_t expiration, const(gnutls_datum_t)* pubkey) @nogc;
2219 //alias gnutls_tdb_store_commitment_func = int function (const(char)* db_name, const(char)* host, const(char)* service, time_t expiration, gnutls_digest_algorithm_t hash_algo, const(gnutls_datum_t)* hash) @nogc;
2221 /* searches for the provided host/service pair that match the
2222 * provided public key in the database. */
2223 //alias gnutls_tdb_verify_func = int function (const(char)* db_name, const(char)* host, const(char)* service, const(gnutls_datum_t)* pubkey) @nogc;
2226 struct gnutls_tdb_int;
2227 alias gnutls_tdb_t = gnutls_tdb_int*;
2229 int gnutls_tdb_init(gnutls_tdb_t * tdb) @nogc;
2230 void gnutls_tdb_set_store_func(gnutls_tdb_t tdb,
2231 gnutls_tdb_store_func store) /*@nogc*/;
2232 void gnutls_tdb_set_store_commitment_func(gnutls_tdb_t tdb,
2233 gnutls_tdb_store_commitment_func
2234 cstore) /*@nogc*/;
2235 void gnutls_tdb_set_verify_func(gnutls_tdb_t tdb,
2236 gnutls_tdb_verify_func verify) /*@nogc*/;
2237 void gnutls_tdb_deinit(gnutls_tdb_t tdb) @nogc;
2239 int gnutls_verify_stored_pubkey(const(char)* db_name,
2240 gnutls_tdb_t tdb,
2241 const(char)* host,
2242 const(char)* service,
2243 gnutls_certificate_type_t cert_type,
2244 const(gnutls_datum_t)* cert,
2245 uint flags) @nogc;
2247 int gnutls_store_commitment(const(char)* db_name,
2248 gnutls_tdb_t tdb,
2249 const(char)* host,
2250 const(char)* service,
2251 gnutls_digest_algorithm_t hash_algo,
2252 const(gnutls_datum_t)* hash,
2253 time_t expiration, uint flags) @nogc;
2255 int gnutls_store_pubkey(const(char)* db_name,
2256 gnutls_tdb_t tdb,
2257 const(char)* host,
2258 const(char)* service,
2259 gnutls_certificate_type_t cert_type,
2260 const(gnutls_datum_t)* cert,
2261 time_t expiration, uint flags) @nogc;
2263 /* Other helper functions */
2264 int gnutls_load_file(const(char)* filename, gnutls_datum_t * data) @nogc;
2266 int gnutls_url_is_supported(const(char)* url) @nogc;
2268 /* PIN callback */
2271 * gnutls_pin_flag_t:
2272 * @GNUTLS_PIN_USER: The PIN for the user.
2273 * @GNUTLS_PIN_SO: The PIN for the security officer (admin).
2274 * @GNUTLS_PIN_CONTEXT_SPECIFIC: The PIN is for a specific action and key like signing.
2275 * @GNUTLS_PIN_FINAL_TRY: This is the final try before blocking.
2276 * @GNUTLS_PIN_COUNT_LOW: Few tries remain before token blocks.
2277 * @GNUTLS_PIN_WRONG: Last given PIN was not correct.
2279 * Enumeration of different flags that are input to the PIN function.
2281 alias gnutls_pin_flag_t = int;
2282 enum : int {
2283 GNUTLS_PIN_USER = (1 << 0),
2284 GNUTLS_PIN_SO = (1 << 1),
2285 GNUTLS_PIN_FINAL_TRY = (1 << 2),
2286 GNUTLS_PIN_COUNT_LOW = (1 << 3),
2287 GNUTLS_PIN_CONTEXT_SPECIFIC = (1 << 4),
2288 GNUTLS_PIN_WRONG = (1 << 5)
2291 enum GNUTLS_PKCS11_PIN_USER = GNUTLS_PIN_USER;
2292 enum GNUTLS_PKCS11_PIN_SO = GNUTLS_PIN_SO;
2293 enum GNUTLS_PKCS11_PIN_FINAL_TRY = GNUTLS_PIN_FINAL_TRY;
2294 enum GNUTLS_PKCS11_PIN_COUNT_LOW = GNUTLS_PIN_COUNT_LOW;
2295 enum GNUTLS_PKCS11_PIN_CONTEXT_SPECIFIC = GNUTLS_PIN_CONTEXT_SPECIFIC;
2296 enum GNUTLS_PKCS11_PIN_WRONG = GNUTLS_PIN_WRONG;
2299 * gnutls_pin_callback_t:
2300 * @userdata: user-controlled data from gnutls_pkcs11_set_pin_function().
2301 * @attempt: pin-attempt counter, initially 0.
2302 * @token_url: URL of token.
2303 * @token_label: label of token.
2304 * @flags: a #gnutls_pin_flag_t flag.
2305 * @pin: buffer to hold PIN, of size @pin_max.
2306 * @pin_max: size of @pin buffer.
2308 * Callback function type for PKCS#11 or TPM PIN entry. It is set by
2309 * functions like gnutls_pkcs11_set_pin_function().
2311 * The callback should provides the PIN code to unlock the token with
2312 * label @token_label, specified by the URL @token_url.
2314 * The PIN code, as a NUL-terminated ASCII string, should be copied
2315 * into the @pin buffer (of maximum size @pin_max), and return 0 to
2316 * indicate success. Alternatively, the callback may return a
2317 * negative gnutls error code to indicate failure and cancel PIN entry
2318 * (in which case, the contents of the @pin parameter are ignored).
2320 * When a PIN is required, the callback will be invoked repeatedly
2321 * (and indefinitely) until either the returned PIN code is correct,
2322 * the callback returns failure, or the token refuses login (e.g. when
2323 * the token is locked due to too many incorrect PINs!). For the
2324 * first such invocation, the @attempt counter will have value zero;
2325 * it will increase by one for each subsequent attempt.
2327 * Returns: %GNUTLS_E_SUCCESS (0) on success or a negative error code on error.
2329 * Since: 2.12.0
2331 //alias gnutls_pin_callback_t = int function (void *userdata, int attempt, const(char)* token_url, const(char)* token_label, uint flags, char* pin, usize pin_max) @nogc;
2333 void gnutls_certificate_set_pin_function(gnutls_certificate_credentials_t,
2334 gnutls_pin_callback_t fn,
2335 void *userdata) /*@nogc*/;
2337 /* Public string related functions */
2338 struct gnutls_buffer_st {}
2339 alias gnutls_buffer_t = gnutls_buffer_st*;
2341 int gnutls_buffer_append_data(gnutls_buffer_t, const(void)* data, usize data_size) @nogc;
2343 /* Public extensions related functions */
2345 alias gnutls_ext_priv_data_t = void *;
2347 void gnutls_ext_set_data(gnutls_session_t session, uint type,
2348 gnutls_ext_priv_data_t) @nogc;
2349 int gnutls_ext_get_data(gnutls_session_t session, uint type,
2350 gnutls_ext_priv_data_t *) @nogc;
2352 //alias gnutls_ext_recv_func = int function (gnutls_session_t session, const(ubyte)* data, usize len) @nogc;
2353 //alias gnutls_ext_send_func = int function (gnutls_session_t session, gnutls_buffer_t extdata) @nogc;
2354 //alias gnutls_ext_deinit_data_func = void function (gnutls_ext_priv_data_t data) @nogc;
2355 //alias gnutls_ext_pack_func = int function (gnutls_ext_priv_data_t data, gnutls_buffer_t packed_data) @nogc;
2356 //alias gnutls_ext_unpack_func = int function (gnutls_buffer_t packed_data, gnutls_ext_priv_data_t *data) @nogc;
2359 * gnutls_ext_parse_type_t:
2360 * @GNUTLS_EXT_NONE: Never parsed
2361 * @GNUTLS_EXT_ANY: Any extension type.
2362 * @GNUTLS_EXT_APPLICATION: Application extension.
2363 * @GNUTLS_EXT_TLS: TLS-internal extension.
2364 * @GNUTLS_EXT_MANDATORY: Extension parsed even if resuming (or extensions are disabled).
2366 * Enumeration of different TLS extension types. This flag
2367 * indicates for an extension whether it is useful to application
2368 * level or TLS level only. This is (only) used to parse the
2369 * application level extensions before the "client_hello" callback
2370 * is called.
2372 alias gnutls_ext_parse_type_t = int;
2373 enum : int {
2374 GNUTLS_EXT_ANY = 0,
2375 GNUTLS_EXT_APPLICATION = 1,
2376 GNUTLS_EXT_TLS = 2,
2377 GNUTLS_EXT_MANDATORY = 3,
2378 GNUTLS_EXT_NONE = 4
2381 /* Register a custom tls extension
2383 int gnutls_ext_register(const(char)* name, int type, gnutls_ext_parse_type_t parse_type,
2384 gnutls_ext_recv_func recv_func, gnutls_ext_send_func send_func,
2385 gnutls_ext_deinit_data_func deinit_func, gnutls_ext_pack_func pack_func,
2386 gnutls_ext_unpack_func unpack_func) /*@nogc*/;
2388 /* Public supplemental data related functions */
2390 //alias gnutls_supp_recv_func = int function (gnutls_session_t session, const(ubyte)* data, usize data_size) @nogc;
2391 //alias gnutls_supp_send_func = int function (gnutls_session_t session, gnutls_buffer_t buf) @nogc;
2393 int gnutls_supplemental_register(const(char)* name,
2394 gnutls_supplemental_data_format_type_t type,
2395 gnutls_supp_recv_func supp_recv_func,
2396 gnutls_supp_send_func supp_send_func) /*@nogc*/;
2398 void gnutls_supplemental_recv(gnutls_session_t session, uint do_recv_supplemental) @nogc;
2400 void gnutls_supplemental_send(gnutls_session_t session, uint do_send_supplemental) @nogc;
2402 /* FIPS140-2 related functions */
2403 int gnutls_fips140_mode_enabled() @nogc;
2405 /* Gnutls error codes. The mapping to a TLS alert is also shown in
2406 * comments.
2409 enum GNUTLS_E_SUCCESS = 0;
2410 enum GNUTLS_E_UNKNOWN_COMPRESSION_ALGORITHM = -3;
2411 enum GNUTLS_E_UNKNOWN_CIPHER_TYPE = -6;
2412 enum GNUTLS_E_LARGE_PACKET = -7;
2413 enum GNUTLS_E_UNSUPPORTED_VERSION_PACKET = -8; /* GNUTLS_A_PROTOCOL_VERSION */
2414 enum GNUTLS_E_UNEXPECTED_PACKET_LENGTH = -9; /* GNUTLS_A_RECORD_OVERFLOW */
2415 enum GNUTLS_E_INVALID_SESSION = -10;
2416 enum GNUTLS_E_FATAL_ALERT_RECEIVED = -12;
2417 enum GNUTLS_E_UNEXPECTED_PACKET = -15; /* GNUTLS_A_UNEXPECTED_MESSAGE */
2418 enum GNUTLS_E_WARNING_ALERT_RECEIVED = -16;
2419 enum GNUTLS_E_ERROR_IN_FINISHED_PACKET = -18;
2420 enum GNUTLS_E_UNEXPECTED_HANDSHAKE_PACKET = -19;
2421 enum GNUTLS_E_UNKNOWN_CIPHER_SUITE = -21; /* GNUTLS_A_HANDSHAKE_FAILURE */
2422 enum GNUTLS_E_UNWANTED_ALGORITHM = -22;
2423 enum GNUTLS_E_MPI_SCAN_FAILED = -23;
2424 enum GNUTLS_E_DECRYPTION_FAILED = -24; /* GNUTLS_A_DECRYPTION_FAILED, GNUTLS_A_BAD_RECORD_MAC */
2425 enum GNUTLS_E_MEMORY_ERROR = -25;
2426 enum GNUTLS_E_DECOMPRESSION_FAILED = -26; /* GNUTLS_A_DECOMPRESSION_FAILURE */
2427 enum GNUTLS_E_COMPRESSION_FAILED = -27;
2428 enum GNUTLS_E_AGAIN = -28;
2429 enum GNUTLS_E_EXPIRED = -29;
2430 enum GNUTLS_E_DB_ERROR = -30;
2431 enum GNUTLS_E_SRP_PWD_ERROR = -31;
2432 enum GNUTLS_E_INSUFFICIENT_CREDENTIALS = -32;
2433 enum GNUTLS_E_INSUFICIENT_CREDENTIALS = GNUTLS_E_INSUFFICIENT_CREDENTIALS; /* for backwards compatibility only */
2434 enum GNUTLS_E_INSUFFICIENT_CRED = GNUTLS_E_INSUFFICIENT_CREDENTIALS;
2435 enum GNUTLS_E_INSUFICIENT_CRED = GNUTLS_E_INSUFFICIENT_CREDENTIALS; /* for backwards compatibility only */
2437 enum GNUTLS_E_HASH_FAILED = -33;
2438 enum GNUTLS_E_BASE64_DECODING_ERROR = -34;
2440 enum GNUTLS_E_MPI_PRINT_FAILED = -35;
2441 enum GNUTLS_E_REHANDSHAKE = -37; /* GNUTLS_A_NO_RENEGOTIATION */
2442 enum GNUTLS_E_GOT_APPLICATION_DATA = -38;
2443 enum GNUTLS_E_RECORD_LIMIT_REACHED = -39;
2444 enum GNUTLS_E_ENCRYPTION_FAILED = -40;
2446 enum GNUTLS_E_PK_ENCRYPTION_FAILED = -44;
2447 enum GNUTLS_E_PK_DECRYPTION_FAILED = -45;
2448 enum GNUTLS_E_PK_SIGN_FAILED = -46;
2449 enum GNUTLS_E_X509_UNSUPPORTED_CRITICAL_EXTENSION = -47;
2450 enum GNUTLS_E_KEY_USAGE_VIOLATION = -48;
2451 enum GNUTLS_E_NO_CERTIFICATE_FOUND = -49; /* GNUTLS_A_BAD_CERTIFICATE */
2452 enum GNUTLS_E_INVALID_REQUEST = -50;
2453 enum GNUTLS_E_SHORT_MEMORY_BUFFER = -51;
2454 enum GNUTLS_E_INTERRUPTED = -52;
2455 enum GNUTLS_E_PUSH_ERROR = -53;
2456 enum GNUTLS_E_PULL_ERROR = -54;
2457 enum GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER = -55; /* GNUTLS_A_ILLEGAL_PARAMETER */
2458 enum GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE = -56;
2459 enum GNUTLS_E_PKCS1_WRONG_PAD = -57;
2460 enum GNUTLS_E_RECEIVED_ILLEGAL_EXTENSION = -58;
2461 enum GNUTLS_E_INTERNAL_ERROR = -59;
2462 enum GNUTLS_E_DH_PRIME_UNACCEPTABLE = -63;
2463 enum GNUTLS_E_FILE_ERROR = -64;
2464 enum GNUTLS_E_TOO_MANY_EMPTY_PACKETS = -78;
2465 enum GNUTLS_E_UNKNOWN_PK_ALGORITHM = -80;
2466 enum GNUTLS_E_TOO_MANY_HANDSHAKE_PACKETS = -81;
2468 /* returned if you need to generate temporary RSA
2469 * parameters. These are needed for export cipher suites.
2471 enum GNUTLS_E_NO_TEMPORARY_RSA_PARAMS = -84;
2473 enum GNUTLS_E_NO_COMPRESSION_ALGORITHMS = -86;
2474 enum GNUTLS_E_NO_CIPHER_SUITES = -87;
2476 enum GNUTLS_E_OPENPGP_GETKEY_FAILED = -88;
2477 enum GNUTLS_E_PK_SIG_VERIFY_FAILED = -89;
2479 enum GNUTLS_E_ILLEGAL_SRP_USERNAME = -90;
2480 enum GNUTLS_E_SRP_PWD_PARSING_ERROR = -91;
2481 enum GNUTLS_E_NO_TEMPORARY_DH_PARAMS = -93;
2483 /* For certificate and key stuff
2485 enum GNUTLS_E_ASN1_ELEMENT_NOT_FOUND = -67;
2486 enum GNUTLS_E_ASN1_IDENTIFIER_NOT_FOUND = -68;
2487 enum GNUTLS_E_ASN1_DER_ERROR = -69;
2488 enum GNUTLS_E_ASN1_VALUE_NOT_FOUND = -70;
2489 enum GNUTLS_E_ASN1_GENERIC_ERROR = -71;
2490 enum GNUTLS_E_ASN1_VALUE_NOT_VALID = -72;
2491 enum GNUTLS_E_ASN1_TAG_ERROR = -73;
2492 enum GNUTLS_E_ASN1_TAG_IMPLICIT = -74;
2493 enum GNUTLS_E_ASN1_TYPE_ANY_ERROR = -75;
2494 enum GNUTLS_E_ASN1_SYNTAX_ERROR = -76;
2495 enum GNUTLS_E_ASN1_DER_OVERFLOW = -77;
2496 enum GNUTLS_E_OPENPGP_UID_REVOKED = -79;
2497 enum GNUTLS_E_CERTIFICATE_ERROR = -43;
2498 enum GNUTLS_E_X509_CERTIFICATE_ERROR = GNUTLS_E_CERTIFICATE_ERROR;
2499 enum GNUTLS_E_CERTIFICATE_KEY_MISMATCH = -60;
2500 enum GNUTLS_E_UNSUPPORTED_CERTIFICATE_TYPE = -61; /* GNUTLS_A_UNSUPPORTED_CERTIFICATE */
2501 enum GNUTLS_E_X509_UNKNOWN_SAN = -62;
2502 enum GNUTLS_E_OPENPGP_FINGERPRINT_UNSUPPORTED = -94;
2503 enum GNUTLS_E_X509_UNSUPPORTED_ATTRIBUTE = -95;
2504 enum GNUTLS_E_UNKNOWN_HASH_ALGORITHM = -96;
2505 enum GNUTLS_E_UNKNOWN_PKCS_CONTENT_TYPE = -97;
2506 enum GNUTLS_E_UNKNOWN_PKCS_BAG_TYPE = -98;
2507 enum GNUTLS_E_INVALID_PASSWORD = -99;
2508 enum GNUTLS_E_MAC_VERIFY_FAILED = -100; /* for PKCS #12 MAC */
2509 enum GNUTLS_E_CONSTRAINT_ERROR = -101;
2511 enum GNUTLS_E_WARNING_IA_IPHF_RECEIVED = -102;
2512 enum GNUTLS_E_WARNING_IA_FPHF_RECEIVED = -103;
2514 enum GNUTLS_E_IA_VERIFY_FAILED = -104;
2515 enum GNUTLS_E_UNKNOWN_ALGORITHM = -105;
2516 enum GNUTLS_E_UNSUPPORTED_SIGNATURE_ALGORITHM = -106;
2517 enum GNUTLS_E_SAFE_RENEGOTIATION_FAILED = -107;
2518 enum GNUTLS_E_UNSAFE_RENEGOTIATION_DENIED = -108;
2519 enum GNUTLS_E_UNKNOWN_SRP_USERNAME = -109;
2520 enum GNUTLS_E_PREMATURE_TERMINATION = -110;
2522 enum GNUTLS_E_BASE64_ENCODING_ERROR = -201;
2523 enum GNUTLS_E_INCOMPATIBLE_GCRYPT_LIBRARY = -202; /* obsolete */
2524 enum GNUTLS_E_INCOMPATIBLE_CRYPTO_LIBRARY = -202;
2525 enum GNUTLS_E_INCOMPATIBLE_LIBTASN1_LIBRARY = -203;
2527 enum GNUTLS_E_OPENPGP_KEYRING_ERROR = -204;
2528 enum GNUTLS_E_X509_UNSUPPORTED_OID = -205;
2530 enum GNUTLS_E_RANDOM_FAILED = -206;
2531 enum GNUTLS_E_BASE64_UNEXPECTED_HEADER_ERROR = -207;
2533 enum GNUTLS_E_OPENPGP_SUBKEY_ERROR = -208;
2535 enum GNUTLS_E_CRYPTO_ALREADY_REGISTERED = GNUTLS_E_ALREADY_REGISTERED;
2536 enum GNUTLS_E_ALREADY_REGISTERED = -209;
2538 enum GNUTLS_E_HANDSHAKE_TOO_LARGE = -210;
2540 enum GNUTLS_E_CRYPTODEV_IOCTL_ERROR = -211;
2541 enum GNUTLS_E_CRYPTODEV_DEVICE_ERROR = -212;
2543 enum GNUTLS_E_CHANNEL_BINDING_NOT_AVAILABLE = -213;
2544 enum GNUTLS_E_BAD_COOKIE = -214;
2545 enum GNUTLS_E_OPENPGP_PREFERRED_KEY_ERROR = -215;
2546 enum GNUTLS_E_INCOMPAT_DSA_KEY_WITH_TLS_PROTOCOL = -216;
2547 enum GNUTLS_E_INSUFFICIENT_SECURITY = -217;
2549 enum GNUTLS_E_HEARTBEAT_PONG_RECEIVED = -292;
2550 enum GNUTLS_E_HEARTBEAT_PING_RECEIVED = -293;
2552 /* PKCS11 related */
2553 enum GNUTLS_E_PKCS11_ERROR = -300;
2554 enum GNUTLS_E_PKCS11_LOAD_ERROR = -301;
2555 enum GNUTLS_E_PARSING_ERROR = -302;
2556 enum GNUTLS_E_PKCS11_PIN_ERROR = -303;
2558 enum GNUTLS_E_PKCS11_SLOT_ERROR = -305;
2559 enum GNUTLS_E_LOCKING_ERROR = -306;
2560 enum GNUTLS_E_PKCS11_ATTRIBUTE_ERROR = -307;
2561 enum GNUTLS_E_PKCS11_DEVICE_ERROR = -308;
2562 enum GNUTLS_E_PKCS11_DATA_ERROR = -309;
2563 enum GNUTLS_E_PKCS11_UNSUPPORTED_FEATURE_ERROR = -310;
2564 enum GNUTLS_E_PKCS11_KEY_ERROR = -311;
2565 enum GNUTLS_E_PKCS11_PIN_EXPIRED = -312;
2566 enum GNUTLS_E_PKCS11_PIN_LOCKED = -313;
2567 enum GNUTLS_E_PKCS11_SESSION_ERROR = -314;
2568 enum GNUTLS_E_PKCS11_SIGNATURE_ERROR = -315;
2569 enum GNUTLS_E_PKCS11_TOKEN_ERROR = -316;
2570 enum GNUTLS_E_PKCS11_USER_ERROR = -317;
2572 enum GNUTLS_E_CRYPTO_INIT_FAILED = -318;
2573 enum GNUTLS_E_TIMEDOUT = -319;
2574 enum GNUTLS_E_USER_ERROR = -320;
2575 enum GNUTLS_E_ECC_NO_SUPPORTED_CURVES = -321;
2576 enum GNUTLS_E_ECC_UNSUPPORTED_CURVE = -322;
2577 enum GNUTLS_E_PKCS11_REQUESTED_OBJECT_NOT_AVAILBLE = -323;
2578 enum GNUTLS_E_CERTIFICATE_LIST_UNSORTED = -324;
2579 enum GNUTLS_E_ILLEGAL_PARAMETER = -325;
2580 enum GNUTLS_E_NO_PRIORITIES_WERE_SET = -326;
2581 enum GNUTLS_E_X509_UNSUPPORTED_EXTENSION = -327;
2582 enum GNUTLS_E_SESSION_EOF = -328;
2584 enum GNUTLS_E_TPM_ERROR = -329;
2585 enum GNUTLS_E_TPM_KEY_PASSWORD_ERROR = -330;
2586 enum GNUTLS_E_TPM_SRK_PASSWORD_ERROR = -331;
2587 enum GNUTLS_E_TPM_SESSION_ERROR = -332;
2588 enum GNUTLS_E_TPM_KEY_NOT_FOUND = -333;
2589 enum GNUTLS_E_TPM_UNINITIALIZED = -334;
2590 enum GNUTLS_E_TPM_NO_LIB = -335;
2592 enum GNUTLS_E_NO_CERTIFICATE_STATUS = -340;
2593 enum GNUTLS_E_OCSP_RESPONSE_ERROR = -341;
2594 enum GNUTLS_E_RANDOM_DEVICE_ERROR = -342;
2595 enum GNUTLS_E_AUTH_ERROR = -343;
2596 enum GNUTLS_E_NO_APPLICATION_PROTOCOL = -344;
2597 enum GNUTLS_E_SOCKETS_INIT_ERROR = -345;
2598 enum GNUTLS_E_KEY_IMPORT_FAILED = -346;
2599 enum GNUTLS_E_INAPPROPRIATE_FALLBACK = -347; /*GNUTLS_A_INAPPROPRIATE_FALLBACK*/
2600 enum GNUTLS_E_CERTIFICATE_VERIFICATION_ERROR = -348;
2602 enum GNUTLS_E_SELF_TEST_ERROR = -400;
2603 enum GNUTLS_E_NO_SELF_TEST = -401;
2604 enum GNUTLS_E_LIB_IN_ERROR_STATE = -402;
2605 enum GNUTLS_E_PK_GENERATION_ERROR = -403;
2606 enum GNUTLS_E_IDNA_ERROR = -404;
2608 enum GNUTLS_E_NEED_FALLBACK = -405;
2610 enum GNUTLS_E_UNIMPLEMENTED_FEATURE = -1250;
2614 enum GNUTLS_E_APPLICATION_ERROR_MAX = -65000;
2615 enum GNUTLS_E_APPLICATION_ERROR_MIN = -65500;