This section lists the Scheme procedures exported by the
(gnutls)
module (see The Guile module system). This module is licenced under the GNU
Lesser General Public Licence, version 2.1 or later.
Use proc (a two-argument procedure) as the global GnuTLS log procedure.
Return two values: the alternative name type for cert (i.e., one of the
x509-subject-alternative-name/
values) and the actual subject alternative name (a string) at index. Both values are#f
if no alternative name is available at index.
Return the subject key ID (a u8vector) for cert.
Return the key ID (a u8vector) of the X.509 certificate authority of cert.
Return a statistically unique ID (a u8vector) for cert that depends on its public key parameters. This is normally a 20-byte SHA-1 hash.
Return the key usage of cert (i.e., a list of
key-usage/
values), or the empty list if cert does not contain such information.
Return two values: the public key algorithm (i.e., one of the
pk-algorithm/
values) of cert and the number of bits used.
Return the signature algorithm used by cert (i.e., one of the
sign-algorithm/
values).
Return true if cert matches hostname, a string denoting a DNS host name. This is the basic implementation of RFC 2818 (aka. HTTPS).
Return the OID (a string) at index from cert's issuer DN. Return
#f
if no OID is available at index.
Return OID (a string) at index from cert. Return
#f
if no OID is available at index.
Return the distinguished name (DN) of X.509 certificate cert.
Return the distinguished name (DN) of X.509 certificate cert. The form of the DN is as described in RFC 2253.
Return a new X.509 private key object resulting from the import of data (a uniform array) according to format. Optionally, if pass is not
#f
, it should be a string denoting a passphrase. encrypted tells whether the private key is encrypted (#t
by default).
Return a new X.509 private key object resulting from the import of data (a uniform array) according to format.
Return a new X.509 certificate object resulting from the import of data (a uniform array) according to format.
Return the username associated with PSK server session session.
Set the client credentials for cred, a PSK client credentials object.
Use file as the password file for PSK server credentials cred.
Verify the peer certificate for session and return a list of
certificate-status
values (such ascertificate-status/revoked
), or the empty list if the certificate is valid.
Set the certificate verification flags to flags, a series of
certificate-verify
values.
Set the verification limits of
peer-certificate-status
for certificate credentials cred to max_bits bits for an acceptable certificate and max_depth as the maximum depth of a certificate chain.
Have certificate credentials cred use the X.509 certificates listed in certs and X.509 private key privkey.
Use X.509 certificate cert and private key key, both uniform arrays containing the X.509 certificate and key in format format, for certificate credentials cred.
Use data (a uniform array) as the X.509 CRL (certificate revocation list) database for cred. On success, return the number of CRLs processed.
Use data (a uniform array) as the X.509 trust database for cred. On success, return the number of certificates processed.
Use file as the X.509 CRL (certificate revocation list) file for certificate credentials cred. On success, return the number of CRLs processed.
Use file as the X.509 trust file for certificate credentials cred. On success, return the number of certificates processed.
Use file as the password file for PSK server credentials cred.
Use RSA parameters rsa_params for certificate credentials cred.
Use Diffie-Hellman parameters dh_params for certificate credentials cred.
Return new certificate credentials (i.e., for use with either X.509 or OpenPGP certificates.
Export Diffie-Hellman parameters rsa_params in PKCS1 format according for format (an
x509-certificate-format
value). Return au8vector
containing the result.
Import Diffie-Hellman parameters in PKCS1 format (further specified by format, an
x509-certificate-format
value) from array (a homogeneous array) and return a newrsa-params
object.
Set the Diffie-Hellman parameters of anonymous server credentials cred.
Export Diffie-Hellman parameters dh_params in PKCS3 format according for format (an
x509-certificate-format
value). Return au8vector
containing the result.
Import Diffie-Hellman parameters in PKCS3 format (further specified by format, an
x509-certificate-format
value) from array (a homogeneous array) and return a newdh-params
object.
Use port as the input/output port for session.
Use file descriptor fd as the underlying transport for session.
Return a read-write port that may be used to communicate over session. All invocations of
session-port
on a given session return the same object (in the sense ofeq?
).
Receive data from session into array, a uniform homogeneous array. Return the number of bytes actually received.
Have session use the default export priorities.
Use items (a list) as the list of preferred certificate-type for session.
Use items (a list) as the list of preferred protocol for session.
Use items (a list) as the list of preferred kx for session.
Use items (a list) as the list of preferred compression-method for session.
Use items (a list) as the list of preferred mac for session.
Use items (a list) as the list of preferred cipher for session.
Tell how session, a server-side session, should deal with certificate requests. request should be either
certificate-request/request
orcertificate-request/require
.
Return our certificate chain for session (as sent to the peer) in raw format (a u8vector). In the case of OpenPGP there is exactly one certificate. Return the empty list if no certificate was used.
Return the a list of certificates in raw format (u8vectors) where the first one is the peer's certificate. In the case of OpenPGP, there is always exactly one certificate. In the case of X.509, subsequent certificates indicate form a certificate chain. Return the empty list if no certificate was sent.
Return the client authentication type (a
credential-type
value) used in session.
Return the server authentication type (a
credential-type
value) used in session.
Return the authentication type (a
credential-type
value) used by session.
Return a new session for connection end end, either
connection-end/server
orconnection-end/client
.
Return a string denoting the version number of the underlying GnuTLS library, e.g.,
"1.7.2"
.
Return true if obj is of type
psk-client-credentials
.
Return true if obj is of type
psk-server-credentials
.
Return true if obj is of type
srp-client-credentials
.
Return true if obj is of type
srp-server-credentials
.
Return true if obj is of type
certificate-credentials
.
Return true if obj is of type
anonymous-server-credentials
.
Return true if obj is of type
anonymous-client-credentials
.
Return a string describing enumval, a
certificate-verify
value.
Return a string describing enumval, a
key-usage
value.
Return a string describing enumval, a
psk-key-format
value.
Return a string describing enumval, a
sign-algorithm
value.
Return a string describing enumval, a
pk-algorithm
value.
Return a string describing enumval, a
x509-subject-alternative-name
value.
Return a string describing enumval, a
x509-certificate-format
value.
Return a string describing enumval, a
certificate-type
value.
Return a string describing enumval, a
close-request
value.
Return a string describing enumval, a
certificate-request
value.
Return a string describing enumval, a
certificate-status
value.
Return a string describing enumval, a
handshake-description
value.
Return a string describing enumval, a
alert-description
value.
Return a string describing enumval, a
alert-level
value.
Return a string describing enumval, a
connection-end
value.
Return a string describing enumval, a
compression-method
value.