GnuTLS-Guile 3.4.11: Guile Reference

5 Guile Reference

This chapter lists the GnuTLS Scheme procedures exported by the (gnutls) module (see The Guile module system in The GNU Guile Reference Manual).

Scheme Procedure: set-log-level! level: Enable GnuTLS logging up to level (an integer).

Scheme Procedure: set-log-procedure! proc: Use proc (a two-argument procedure) as the global GnuTLS log procedure.

Scheme Procedure: set-certificate-credentials-openpgp-keys! cred pub sec: Use certificate pub and secret key sec in certificate credentials cred.

Scheme Procedure: openpgp-keyring-contains-key-id? keyring id: Return #f if key ID id is in keyring, #f otherwise.

Scheme Procedure: import-openpgp-keyring data format: Import data (a u8vector) according to format and return the imported keyring.

Scheme Procedure: openpgp-certificate-usage key: Return a list of values denoting the key usage of key.

Scheme Procedure: openpgp-certificate-version key: Return the version of the OpenPGP message format (RFC2440) honored by key.

Scheme Procedure: openpgp-certificate-algorithm key: Return two values: the certificate algorithm used by key and the number of bits used.

Scheme Procedure: openpgp-certificate-names key: Return the list of names for key.

Scheme Procedure: openpgp-certificate-name key index: Return the indexth name of key.

Scheme Procedure: openpgp-certificate-fingerprint key: Return a new u8vector denoting the fingerprint of key.

Scheme Procedure: openpgp-certificate-fingerprint! key fpr: Store in fpr (a u8vector) the fingerprint of key. Return the number of bytes stored in fpr.

Scheme Procedure: openpgp-certificate-id! key id: Store the ID (an 8 byte sequence) of certificate key in id (a u8vector).

Scheme Procedure: openpgp-certificate-id key: Return the ID (an 8-element u8vector) of certificate key.

Scheme Procedure: import-openpgp-private-key data format [pass]: Return a new OpenPGP private key object resulting from the import of data (a uniform array) according to format. Optionally, a passphrase may be provided.

Scheme Procedure: import-openpgp-certificate data format: Return a new OpenPGP certificate object resulting from the import of data (a uniform array) according to format.

Scheme Procedure: x509-certificate-subject-alternative-name cert index: Return two values: the alternative name type for cert (i.e., one of the x509-subject-alternative-name/ values) and the actual subject alternative name (a string) at index. Both values are #f if no alternative name is available at index.

Scheme Procedure: x509-certificate-subject-key-id cert: Return the subject key ID (a u8vector) for cert.

Scheme Procedure: x509-certificate-authority-key-id cert: Return the key ID (a u8vector) of the X.509 certificate authority of cert.

Scheme Procedure: x509-certificate-key-id cert: Return a statistically unique ID (a u8vector) for cert that depends on its public key parameters. This is normally a 20-byte SHA-1 hash.

Scheme Procedure: x509-certificate-version cert: Return the version of cert.

Scheme Procedure: x509-certificate-key-usage cert: Return the key usage of cert (i.e., a list of key-usage/ values), or the empty list if cert does not contain such information.

Scheme Procedure: x509-certificate-public-key-algorithm cert: Return two values: the public key algorithm (i.e., one of the pk-algorithm/ values) of cert and the number of bits used.

Scheme Procedure: x509-certificate-signature-algorithm cert: Return the signature algorithm used by cert (i.e., one of the sign-algorithm/ values).

Scheme Procedure: x509-certificate-matches-hostname? cert hostname: Return true if cert matches hostname, a string denoting a DNS host name. This is the basic implementation of RFC 2818 (aka. HTTPS).

Scheme Procedure: x509-certificate-issuer-dn-oid cert index: Return the OID (a string) at index from cert’s issuer DN. Return #f if no OID is available at index.

Scheme Procedure: x509-certificate-dn-oid cert index: Return OID (a string) at index from cert. Return #f if no OID is available at index.

Scheme Procedure: x509-certificate-issuer-dn cert: Return the distinguished name (DN) of X.509 certificate cert.

Scheme Procedure: x509-certificate-dn cert: Return the distinguished name (DN) of X.509 certificate cert. The form of the DN is as described in RFC 2253.

Scheme Procedure: pkcs8-import-x509-private-key data format [pass [encrypted]]: Return a new X.509 private key object resulting from the import of data (a uniform array) according to format. Optionally, if pass is not #f, it should be a string denoting a passphrase. encrypted tells whether the private key is encrypted (#t by default).

Scheme Procedure: import-x509-private-key data format: Return a new X.509 private key object resulting from the import of data (a uniform array) according to format.

Scheme Procedure: import-x509-certificate data format: Return a new X.509 certificate object resulting from the import of data (a uniform array) according to format.

Scheme Procedure: server-session-psk-username session: Return the username associated with PSK server session session.

Scheme Procedure: set-psk-client-credentials! cred username key key-format: Set the client credentials for cred, a PSK client credentials object.

Scheme Procedure: make-psk-client-credentials: Return a new PSK client credentials object.

Scheme Procedure: set-psk-server-credentials-file! cred file: Use file as the password file for PSK server credentials cred.

Scheme Procedure: make-psk-server-credentials: Return new PSK server credentials.

Scheme Procedure: peer-certificate-status session: Verify the peer certificate for session and return a list of certificate-status values (such as certificate-status/revoked), or the empty list if the certificate is valid.

Scheme Procedure: set-certificate-credentials-verify-flags! cred [flags...]: Set the certificate verification flags to flags, a series of certificate-verify values.

Scheme Procedure: set-certificate-credentials-verify-limits! cred max-bits max-depth: Set the verification limits of peer-certificate-status for certificate credentials cred to max_bits bits for an acceptable certificate and max_depth as the maximum depth of a certificate chain.

Scheme Procedure: set-certificate-credentials-x509-keys! cred certs privkey: Have certificate credentials cred use the X.509 certificates listed in certs and X.509 private key privkey.

Scheme Procedure: set-certificate-credentials-x509-key-data! cred cert key format: Use X.509 certificate cert and private key key, both uniform arrays containing the X.509 certificate and key in format format, for certificate credentials cred.

Scheme Procedure: set-certificate-credentials-x509-crl-data! cred data format: Use data (a uniform array) as the X.509 CRL (certificate revocation list) database for cred. On success, return the number of CRLs processed.

Scheme Procedure: set-certificate-credentials-x509-trust-data! cred data format: Use data (a uniform array) as the X.509 trust database for cred. On success, return the number of certificates processed.

Scheme Procedure: set-certificate-credentials-x509-crl-file! cred file format: Use file as the X.509 CRL (certificate revocation list) file for certificate credentials cred. On success, return the number of CRLs processed.

Scheme Procedure: set-certificate-credentials-x509-trust-file! cred file format: Use file as the X.509 trust file for certificate credentials cred. On success, return the number of certificates processed.

Scheme Procedure: set-certificate-credentials-x509-key-files! cred cert-file key-file format: Use file as the password file for PSK server credentials cred.

Scheme Procedure: set-certificate-credentials-dh-parameters! cred dh-params: Use Diffie-Hellman parameters dh_params for certificate credentials cred.

Scheme Procedure: make-certificate-credentials: Return new certificate credentials (i.e., for use with either X.509 or OpenPGP certificates.

Scheme Procedure: set-anonymous-server-dh-parameters! cred dh-params: Set the Diffie-Hellman parameters of anonymous server credentials cred.

Scheme Procedure: make-anonymous-client-credentials: Return anonymous client credentials.

Scheme Procedure: make-anonymous-server-credentials: Return anonymous server credentials.

Scheme Procedure: set-session-dh-prime-bits! session bits: Use bits DH prime bits for session.

Scheme Procedure: pkcs3-export-dh-parameters dh-params format: Export Diffie-Hellman parameters dh_params in PKCS3 format according for format (an x509-certificate-format value). Return a u8vector containing the result.

Scheme Procedure: pkcs3-import-dh-parameters array format: Import Diffie-Hellman parameters in PKCS3 format (further specified by format, an x509-certificate-format value) from array (a homogeneous array) and return a new dh-params object.

Scheme Procedure: make-dh-parameters bits: Return new Diffie-Hellman parameters.

Scheme Procedure: set-session-transport-port! session port: Use port as the input/output port for session.

Scheme Procedure: set-session-transport-fd! session fd: Use file descriptor fd as the underlying transport for session.

Scheme Procedure: session-record-port session: Return a read-write port that may be used to communicate over session. All invocations of session-port on a given session return the same object (in the sense of eq?).

Scheme Procedure: record-receive! session array: Receive data from session into array, a uniform homogeneous array. Return the number of bytes actually received.

Scheme Procedure: record-send session array: Send the record constituted by array through session.

Scheme Procedure: set-session-server-name! session type name: For a client, this procedure provides a way to inform the server that it is known under name, via the SERVER NAME TLS extension. type must be a server-name-type value, server-name-type/dns for DNS names.

Scheme Procedure: set-session-credentials! session cred: Use cred as session’s credentials.

Scheme Procedure: cipher-suite->string kx cipher mac: Return the name of the given cipher suite.

Scheme Procedure: set-session-priorities! session priorities: Have session use the given priorities for the ciphers, key exchange methods, MACs and compression methods. priorities must be a string (see Priority Strings in GnuTLS, Transport Layer Security Library for the GNU system). When priorities cannot be parsed, an error/invalid-request error is raised, with an extra argument indication the position of the error.

Scheme Procedure: set-session-default-priority! session: Have session use the default priorities.

Scheme Procedure: set-server-session-certificate-request! session request: Tell how session, a server-side session, should deal with certificate requests. request should be either certificate-request/request or certificate-request/require.

Scheme Procedure: session-our-certificate-chain session: Return our certificate chain for session (as sent to the peer) in raw format (a u8vector). In the case of OpenPGP there is exactly one certificate. Return the empty list if no certificate was used.

Scheme Procedure: session-peer-certificate-chain session: Return the a list of certificates in raw format (u8vectors) where the first one is the peer’s certificate. In the case of OpenPGP, there is always exactly one certificate. In the case of X.509, subsequent certificates indicate form a certificate chain. Return the empty list if no certificate was sent.

Scheme Procedure: session-client-authentication-type session: Return the client authentication type (a credential-type value) used in session.

Scheme Procedure: session-server-authentication-type session: Return the server authentication type (a credential-type value) used in session.

Scheme Procedure: session-authentication-type session: Return the authentication type (a credential-type value) used by session.

Scheme Procedure: session-protocol session: Return the protocol used by session.

Scheme Procedure: session-certificate-type session: Return session’s certificate type.

Scheme Procedure: session-compression-method session: Return session’s compression method.

Scheme Procedure: session-mac session: Return session’s MAC.

Scheme Procedure: session-kx session: Return session’s kx.

Scheme Procedure: session-cipher session: Return session’s cipher.

Scheme Procedure: alert-send session level alert: Send alert via session.

Scheme Procedure: alert-get session: Get an aleter from session.

Scheme Procedure: rehandshake session: Perform a re-handshaking for session.

Scheme Procedure: handshake session: Perform a handshake for session.

Scheme Procedure: bye session how: Close session according to how.

Scheme Procedure: make-session end: Return a new session for connection end end, either connection-end/server or connection-end/client.

Scheme Procedure: gnutls-version: Return a string denoting the version number of the underlying GnuTLS library, e.g., "1.7.2".

Scheme Procedure: openpgp-keyring? obj: Return true if obj is of type openpgp-keyring.

Scheme Procedure: openpgp-private-key? obj: Return true if obj is of type openpgp-private-key.

Scheme Procedure: openpgp-certificate? obj: Return true if obj is of type openpgp-certificate.

Scheme Procedure: x509-private-key? obj: Return true if obj is of type x509-private-key.

Scheme Procedure: x509-certificate? obj: Return true if obj is of type x509-certificate.

Scheme Procedure: psk-client-credentials? obj: Return true if obj is of type psk-client-credentials.

Scheme Procedure: psk-server-credentials? obj: Return true if obj is of type psk-server-credentials.

Scheme Procedure: srp-client-credentials? obj: Return true if obj is of type srp-client-credentials.

Scheme Procedure: srp-server-credentials? obj: Return true if obj is of type srp-server-credentials.

Scheme Procedure: certificate-credentials? obj: Return true if obj is of type certificate-credentials.

Scheme Procedure: dh-parameters? obj: Return true if obj is of type dh-parameters.

Scheme Procedure: anonymous-server-credentials? obj: Return true if obj is of type anonymous-server-credentials.

Scheme Procedure: anonymous-client-credentials? obj: Return true if obj is of type anonymous-client-credentials.

Scheme Procedure: session? obj: Return true if obj is of type session.

Scheme Procedure: openpgp-certificate-format->string enumval: Return a string describing enumval, a openpgp-certificate-format value.

Scheme Procedure: error->string enumval: Return a string describing enumval, a error value.

Scheme Procedure: certificate-verify->string enumval: Return a string describing enumval, a certificate-verify value.

Scheme Procedure: key-usage->string enumval: Return a string describing enumval, a key-usage value.

Scheme Procedure: psk-key-format->string enumval: Return a string describing enumval, a psk-key-format value.

Scheme Procedure: server-name-type->string enumval: Return a string describing enumval, a server-name-type value.

Scheme Procedure: sign-algorithm->string enumval: Return a string describing enumval, a sign-algorithm value.

Scheme Procedure: pk-algorithm->string enumval: Return a string describing enumval, a pk-algorithm value.

Scheme Procedure: x509-subject-alternative-name->string enumval: Return a string describing enumval, a x509-subject-alternative-name value.

Scheme Procedure: x509-certificate-format->string enumval: Return a string describing enumval, a x509-certificate-format value.

Scheme Procedure: certificate-type->string enumval: Return a string describing enumval, a certificate-type value.

Scheme Procedure: protocol->string enumval: Return a string describing enumval, a protocol value.

Scheme Procedure: close-request->string enumval: Return a string describing enumval, a close-request value.

Scheme Procedure: certificate-request->string enumval: Return a string describing enumval, a certificate-request value.

Scheme Procedure: certificate-status->string enumval: Return a string describing enumval, a certificate-status value.

Scheme Procedure: handshake-description->string enumval: Return a string describing enumval, a handshake-description value.

Scheme Procedure: alert-description->string enumval: Return a string describing enumval, a alert-description value.

Scheme Procedure: alert-level->string enumval: Return a string describing enumval, a alert-level value.

Scheme Procedure: connection-end->string enumval: Return a string describing enumval, a connection-end value.

Scheme Procedure: compression-method->string enumval: Return a string describing enumval, a compression-method value.

Scheme Procedure: digest->string enumval: Return a string describing enumval, a digest value.

Scheme Procedure: mac->string enumval: Return a string describing enumval, a mac value.

Scheme Procedure: credentials->string enumval: Return a string describing enumval, a credentials value.

Scheme Procedure: params->string enumval: Return a string describing enumval, a params value.

Scheme Procedure: kx->string enumval: Return a string describing enumval, a kx value.

Scheme Procedure: cipher->string enumval: Return a string describing enumval, a cipher value.