]> git.ipfire.org Git - thirdparty/gnutls.git/commitdiff
Added functions to allow quering a priority structure.
authorNikos Mavrogiannopoulos <nmav@gnutls.org>
Tue, 24 Jan 2012 19:58:09 +0000 (20:58 +0100)
committerNikos Mavrogiannopoulos <nmav@gnutls.org>
Tue, 24 Jan 2012 20:01:26 +0000 (21:01 +0100)
That is to allow more information being extracted than only the ciphersuites.

gnutls_priority_certificate_type_list: Added
gnutls_priority_sign_list: Added
gnutls_priority_protocol_list: Added
gnutls_priority_compression_list: Added
gnutls_priority_ecc_curve_list: Added

NEWS
doc/cha-programs.texi
lib/gnutls_priority.c
lib/includes/gnutls/gnutls.h.in
lib/libgnutls.map
src/common.c

diff --git a/NEWS b/NEWS
index 6d82a68ef974d1fa5caaeefddeb2208f6eba54d3..098c30b1c1afa89ce5bcb7c563b70e0be98e84d5 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -26,6 +26,12 @@ gnutls_x509_crt_get_authority_key_gn_serial: Added
 gnutls_x509_crl_get_authority_key_gn_serial: Added
 gnutls_pkcs11_reinit: Added
 gnutls_ecc_list: Added
+gnutls_priority_certificate_type_list: Added
+gnutls_priority_sign_list: Added
+gnutls_priority_protocol_list: Added
+gnutls_priority_compression_list: Added
+gnutls_priority_ecc_curve_list: Added
+
 
 * Version 3.0.12 (released 2012-01-20)
 
index 4009261e2bc62928e7ddfd115e2a5cdb8a751919..02d0d49df7d47c748268691a97974e4ea96101cc 100644 (file)
@@ -107,12 +107,18 @@ the handshake.
 @example
 $ ./gnutls-cli --priority SECURE192 -l
 Cipher suites for SECURE192
-TLS_ECDHE_ECDSA_AES_256_CBC_SHA384                0xc0, 0x24   TLS1.2
-TLS_ECDHE_ECDSA_AES_256_GCM_SHA384                0xc0, 0x2e   TLS1.2
-TLS_ECDHE_RSA_AES_256_GCM_SHA384                  0xc0, 0x30   TLS1.2
-TLS_DHE_RSA_AES_256_CBC_SHA256                    0x00, 0x6b   TLS1.2
-TLS_DHE_DSS_AES_256_CBC_SHA256                    0x00, 0x6a   TLS1.2
-TLS_RSA_AES_256_CBC_SHA256                        0x00, 0x3d   TLS1.2
+TLS_ECDHE_ECDSA_AES_256_CBC_SHA384                     0xc0, 0x24      TLS1.2
+TLS_ECDHE_ECDSA_AES_256_GCM_SHA384                     0xc0, 0x2e      TLS1.2
+TLS_ECDHE_RSA_AES_256_GCM_SHA384                       0xc0, 0x30      TLS1.2
+TLS_DHE_RSA_AES_256_CBC_SHA256                         0x00, 0x6b      TLS1.2
+TLS_DHE_DSS_AES_256_CBC_SHA256                         0x00, 0x6a      TLS1.2
+TLS_RSA_AES_256_CBC_SHA256                             0x00, 0x3d      TLS1.2
+
+Certificate types: CTYPE-X.509
+Protocols: VERS-TLS1.2, VERS-TLS1.1, VERS-TLS1.0, VERS-SSL3.0, VERS-DTLS1.0
+Compression: COMP-NULL
+Elliptic curves: CURVE-SECP384R1, CURVE-SECP521R1
+PK-signatures: SIGN-RSA-SHA384, SIGN-ECDSA-SHA384, SIGN-RSA-SHA512, SIGN-ECDSA-SHA512
 @end example
 
 
index 2848a6056d9ae4e00ca2adf023e9f0d7a5a4fcc8..59f43271db009d076525d9637e0635628130259f 100644 (file)
@@ -1128,3 +1128,108 @@ void _gnutls_priority_prefer_aes_gcm(void)
   cipher_priority_performance = cipher_priority_performance_hw_aes;
   cipher_priority_normal = cipher_priority_normal_hw_aes;
 }
+
+/**
+ * gnutls_priority_ecc_curve_list:
+ * @pcache: is a #gnutls_prioritity_t structure.
+ * @list: will point to an integer list
+ *
+ * Get a list of available elliptic curves in the priority
+ * structure. 
+ *
+ * Returns: the number of curves, or an error code.
+ * Since: 3.0.0
+ **/
+int
+gnutls_priority_ecc_curve_list (gnutls_priority_t pcache, const unsigned int** list)
+{
+  if (pcache->supported_ecc.algorithms == 0)
+    return 0;
+  
+  *list = pcache->supported_ecc.priority;
+  return pcache->supported_ecc.algorithms;
+}
+
+/**
+ * gnutls_priority_compression_list:
+ * @pcache: is a #gnutls_prioritity_t structure.
+ * @list: will point to an integer list
+ *
+ * Get a list of available compression method in the priority
+ * structure. 
+ *
+ * Returns: the number of methods, or an error code.
+ * Since: 3.0.0
+ **/
+int
+gnutls_priority_compression_list (gnutls_priority_t pcache, const unsigned int** list)
+{
+  if (pcache->compression.algorithms == 0)
+    return 0;
+  
+  *list = pcache->compression.priority;
+  return pcache->compression.algorithms;
+}
+
+/**
+ * gnutls_priority_protocol_list:
+ * @pcache: is a #gnutls_prioritity_t structure.
+ * @list: will point to an integer list
+ *
+ * Get a list of available TLS version numbers in the priority
+ * structure. 
+ *
+ * Returns: the number of protocols, or an error code.
+ * Since: 3.0.0
+ **/
+int
+gnutls_priority_protocol_list (gnutls_priority_t pcache, const unsigned int** list)
+{
+  if (pcache->protocol.algorithms == 0)
+    return 0;
+  
+  *list = pcache->protocol.priority;
+  return pcache->protocol.algorithms;
+}
+
+/**
+ * gnutls_priority_sign_list:
+ * @pcache: is a #gnutls_prioritity_t structure.
+ * @list: will point to an integer list
+ *
+ * Get a list of available signature algorithms in the priority
+ * structure. 
+ *
+ * Returns: the number of algorithms, or an error code.
+ * Since: 3.0.0
+ **/
+int
+gnutls_priority_sign_list (gnutls_priority_t pcache, const unsigned int** list)
+{
+  if (pcache->sign_algo.algorithms == 0)
+    return 0;
+  
+  *list = pcache->sign_algo.priority;
+  return pcache->sign_algo.algorithms;
+}
+
+/**
+ * gnutls_priority_certificate_type_list:
+ * @pcache: is a #gnutls_prioritity_t structure.
+ * @list: will point to an integer list
+ *
+ * Get a list of available certificate types in the priority
+ * structure. 
+ *
+ * Returns: the number of certificate types, or an error code.
+ * Since: 3.0.0
+ **/
+int
+gnutls_priority_certificate_type_list (gnutls_priority_t pcache, const unsigned int** list)
+{
+  if (pcache->cert_type.algorithms == 0)
+    return 0;
+  
+  *list = pcache->cert_type.priority;
+  return pcache->cert_type.algorithms;
+}
index 344168a2e01194590d2eab7c7a4dcfea79f7ab0d..6730306743126946da5a3879ccec55e34efde783 100644 (file)
@@ -921,6 +921,12 @@ gnutls_ecc_curve_t gnutls_ecc_curve_get(gnutls_session_t session);
                                   const char *priorities,
                                   const char **err_pos);
 
+  int gnutls_priority_get_certificate_type_list (gnutls_priority_t pcache, const unsigned int** list);
+  int gnutls_priority_get_sign_list (gnutls_priority_t pcache, const unsigned int** list);
+  int gnutls_priority_get_protocol_list (gnutls_priority_t pcache, const unsigned int** list);
+  int gnutls_priority_get_compression_list (gnutls_priority_t pcache, const unsigned int** list);
+  int gnutls_priority_get_ecc_curve_list (gnutls_priority_t pcache, const unsigned int** list);
+
   /* for compatibility
    */
   int gnutls_set_default_priority (gnutls_session_t session);
index 229a65c4e26a114f3dec966ab030e51962b95f68..e169a06170f90322b86f44bcee5e41906790adb9 100644 (file)
@@ -766,6 +766,11 @@ GNUTLS_3_0_0 {
        gnutls_x509_crt_get_authority_key_gn_serial;
        gnutls_x509_crl_get_authority_key_gn_serial;
        gnutls_ecc_curve_list;
+       gnutls_priority_certificate_type_list;
+       gnutls_priority_sign_list;
+       gnutls_priority_protocol_list;
+       gnutls_priority_compression_list;
+       gnutls_priority_ecc_curve_list;
 } GNUTLS_2_12;
 
 GNUTLS_PRIVATE {
index e01e9a07caa33afb5f116e73fa3972ae4075eb24..dcaf421dcd53ed29b98a7aed2cbc0fab36f30186 100644 (file)
@@ -49,122 +49,137 @@ const char str_unknown[] = "(unknown)";
 const char *
 raw_to_string (const unsigned char *raw, size_t raw_size)
 {
-  static char buf[1024];
-  size_t i;
-  if (raw_size == 0)
-    return NULL;
+    static char buf[1024];
+    size_t i;
+    if (raw_size == 0)
+        return NULL;
 
-  if (raw_size * 3 + 1 >= sizeof (buf))
-    return NULL;
+    if (raw_size * 3 + 1 >= sizeof (buf))
+        return NULL;
 
-  for (i = 0; i < raw_size; i++)
-    {
-      sprintf (&(buf[i * 3]), "%02X%s", raw[i],
-               (i == raw_size - 1) ? "" : ":");
-    }
-  buf[sizeof (buf) - 1] = '\0';
+    for (i = 0; i < raw_size; i++)
+      {
+          sprintf (&(buf[i * 3]), "%02X%s", raw[i],
+                   (i == raw_size - 1) ? "" : ":");
+      }
+    buf[sizeof (buf) - 1] = '\0';
 
-  return buf;
+    return buf;
 }
 
 static void
-print_x509_info (gnutls_session_t session, const char *hostname, int insecure)
+print_x509_info (gnutls_session_t session, const char *hostname,
+                 int insecure)
 {
-  gnutls_x509_crt_t crt;
-  const gnutls_datum_t *cert_list;
-  unsigned int cert_list_size = 0, j;
-  int hostname_ok = 0;
-  int ret;
-
-  cert_list = gnutls_certificate_get_peers (session, &cert_list_size);
-  if (cert_list_size == 0)
-    {
-      fprintf (stderr, "No certificates found!\n");
-      return;
-    }
+    gnutls_x509_crt_t crt;
+    const gnutls_datum_t *cert_list;
+    unsigned int cert_list_size = 0, j;
+    int hostname_ok = 0;
+    int ret;
 
-  printf (" - Got a certificate list of %d certificates.\n", cert_list_size);
+    cert_list = gnutls_certificate_get_peers (session, &cert_list_size);
+    if (cert_list_size == 0)
+      {
+          fprintf (stderr, "No certificates found!\n");
+          return;
+      }
 
-  for (j = 0; j < cert_list_size; j++)
-    {
-      gnutls_datum_t cinfo;
+    printf (" - Got a certificate list of %d certificates.\n",
+            cert_list_size);
 
-      gnutls_x509_crt_init (&crt);
-      ret = gnutls_x509_crt_import (crt, &cert_list[j], GNUTLS_X509_FMT_DER);
-      if (ret < 0)
-        {
-          fprintf (stderr, "Decoding error: %s\n", gnutls_strerror (ret));
-          return;
-        }
-
-      printf (" - Certificate[%d] info:\n  - ", j);
-
-      if (verbose)
-        ret = gnutls_x509_crt_print (crt, GNUTLS_CRT_PRINT_FULL, &cinfo);
-      else
-        ret = gnutls_x509_crt_print (crt, GNUTLS_CRT_PRINT_ONELINE, &cinfo);
-      if (ret == 0)
-        {
-          printf ("%s\n", cinfo.data);
-          gnutls_free (cinfo.data);
-        }
-
-      if (print_cert)
-        {
-          size_t size = 0;
-          char *p = NULL;
-
-          ret = gnutls_x509_crt_export (crt, GNUTLS_X509_FMT_PEM, p, &size);
-          if (ret == GNUTLS_E_SHORT_MEMORY_BUFFER)
-            {
-              p = malloc (size);
-              if (!p)
-                {
-                  fprintf (stderr, "gnutls_malloc\n");
-                  exit (1);
-                }
+    for (j = 0; j < cert_list_size; j++)
+      {
+          gnutls_datum_t cinfo;
 
-              ret = gnutls_x509_crt_export (crt, GNUTLS_X509_FMT_PEM,
-                                            p, &size);
-            }
+          gnutls_x509_crt_init (&crt);
+          ret =
+              gnutls_x509_crt_import (crt, &cert_list[j],
+                                      GNUTLS_X509_FMT_DER);
           if (ret < 0)
             {
-              fprintf (stderr, "Encoding error: %s\n", gnutls_strerror (ret));
-              return;
+                fprintf (stderr, "Decoding error: %s\n",
+                         gnutls_strerror (ret));
+                return;
             }
 
-          fputs ("\n", stdout);
-          fputs (p, stdout);
-          fputs ("\n", stdout);
-
-          gnutls_free (p);
-        }
+          printf (" - Certificate[%d] info:\n  - ", j);
 
-      if (j == 0 && hostname != NULL)
-        {
-          /* Check the hostname of the first certificate if it matches
-           * the name of the host we connected to.
-           */
-          if (gnutls_x509_crt_check_hostname (crt, hostname) == 0)
-            hostname_ok = 1;
+          if (verbose)
+              ret =
+                  gnutls_x509_crt_print (crt, GNUTLS_CRT_PRINT_FULL,
+                                         &cinfo);
           else
-            hostname_ok = 2;
-        }
+              ret =
+                  gnutls_x509_crt_print (crt, GNUTLS_CRT_PRINT_ONELINE,
+                                         &cinfo);
+          if (ret == 0)
+            {
+                printf ("%s\n", cinfo.data);
+                gnutls_free (cinfo.data);
+            }
 
-      gnutls_x509_crt_deinit (crt);
-    }
+          if (print_cert)
+            {
+                size_t size = 0;
+                char *p = NULL;
+
+                ret =
+                    gnutls_x509_crt_export (crt, GNUTLS_X509_FMT_PEM, p,
+                                            &size);
+                if (ret == GNUTLS_E_SHORT_MEMORY_BUFFER)
+                  {
+                      p = malloc (size);
+                      if (!p)
+                        {
+                            fprintf (stderr, "gnutls_malloc\n");
+                            exit (1);
+                        }
+
+                      ret =
+                          gnutls_x509_crt_export (crt, GNUTLS_X509_FMT_PEM,
+                                                  p, &size);
+                  }
+                if (ret < 0)
+                  {
+                      fprintf (stderr, "Encoding error: %s\n",
+                               gnutls_strerror (ret));
+                      return;
+                  }
+
+                fputs ("\n", stdout);
+                fputs (p, stdout);
+                fputs ("\n", stdout);
+
+                gnutls_free (p);
+            }
 
-  if (hostname_ok == 1)
-    {
-      printf ("- The hostname in the certificate does NOT match '%s'\n",
-              hostname);
-      if (!insecure)
-        exit (1);
-    }
-  else if (hostname_ok == 2)
-    {
-      printf ("- The hostname in the certificate matches '%s'.\n", hostname);
-    }
+          if (j == 0 && hostname != NULL)
+            {
+                /* Check the hostname of the first certificate if it matches
+                 * the name of the host we connected to.
+                 */
+                if (gnutls_x509_crt_check_hostname (crt, hostname) == 0)
+                    hostname_ok = 1;
+                else
+                    hostname_ok = 2;
+            }
+
+          gnutls_x509_crt_deinit (crt);
+      }
+
+    if (hostname_ok == 1)
+      {
+          printf
+              ("- The hostname in the certificate does NOT match '%s'\n",
+               hostname);
+          if (!insecure)
+              exit (1);
+      }
+    else if (hostname_ok == 2)
+      {
+          printf ("- The hostname in the certificate matches '%s'.\n",
+                  hostname);
+      }
 }
 
 #ifdef ENABLE_OPENPGP
@@ -174,94 +189,105 @@ print_openpgp_info (gnutls_session_t session, const char *hostname,
                     int insecure)
 {
 
-  gnutls_openpgp_crt_t crt;
-  const gnutls_datum_t *cert_list;
-  unsigned int cert_list_size = 0;
-  int hostname_ok = 0;
-  int ret;
+    gnutls_openpgp_crt_t crt;
+    const gnutls_datum_t *cert_list;
+    unsigned int cert_list_size = 0;
+    int hostname_ok = 0;
+    int ret;
 
-  cert_list = gnutls_certificate_get_peers (session, &cert_list_size);
+    cert_list = gnutls_certificate_get_peers (session, &cert_list_size);
 
-  if (cert_list_size > 0)
-    {
-      gnutls_datum_t cinfo;
-
-      gnutls_openpgp_crt_init (&crt);
-      ret = gnutls_openpgp_crt_import (crt, &cert_list[0],
-                                       GNUTLS_OPENPGP_FMT_RAW);
-      if (ret < 0)
-        {
-          fprintf (stderr, "Decoding error: %s\n", gnutls_strerror (ret));
-          return;
-        }
-
-      if (verbose)
-        ret = gnutls_openpgp_crt_print (crt, GNUTLS_CRT_PRINT_FULL, &cinfo);
-      else
-        ret =
-          gnutls_openpgp_crt_print (crt, GNUTLS_CRT_PRINT_ONELINE, &cinfo);
-      if (ret == 0)
-        {
-          printf (" - %s\n", cinfo.data);
-          gnutls_free (cinfo.data);
-        }
-
-      if (print_cert)
-        {
-          size_t size = 0;
-          char *p = NULL;
-
-          ret = gnutls_openpgp_crt_export (crt, GNUTLS_OPENPGP_FMT_BASE64,
-                                           p, &size);
-          if (ret == GNUTLS_E_SHORT_MEMORY_BUFFER)
-            {
-              p = malloc (size);
-              if (!p)
-                {
-                  fprintf (stderr, "gnutls_malloc\n");
-                  exit (1);
-                }
+    if (cert_list_size > 0)
+      {
+          gnutls_datum_t cinfo;
 
-              ret = gnutls_openpgp_crt_export (crt, GNUTLS_OPENPGP_FMT_BASE64,
-                                               p, &size);
-            }
+          gnutls_openpgp_crt_init (&crt);
+          ret = gnutls_openpgp_crt_import (crt, &cert_list[0],
+                                           GNUTLS_OPENPGP_FMT_RAW);
           if (ret < 0)
             {
-              fprintf (stderr, "Encoding error: %s\n", gnutls_strerror (ret));
-              return;
+                fprintf (stderr, "Decoding error: %s\n",
+                         gnutls_strerror (ret));
+                return;
             }
 
-          fputs (p, stdout);
-          fputs ("\n", stdout);
+          if (verbose)
+              ret =
+                  gnutls_openpgp_crt_print (crt, GNUTLS_CRT_PRINT_FULL,
+                                            &cinfo);
+          else
+              ret =
+                  gnutls_openpgp_crt_print (crt, GNUTLS_CRT_PRINT_ONELINE,
+                                            &cinfo);
+          if (ret == 0)
+            {
+                printf (" - %s\n", cinfo.data);
+                gnutls_free (cinfo.data);
+            }
 
-          gnutls_free (p);
-        }
+          if (print_cert)
+            {
+                size_t size = 0;
+                char *p = NULL;
 
-      if (hostname != NULL)
-        {
-          /* Check the hostname of the first certificate if it matches
-           * the name of the host we connected to.
-           */
-          if (gnutls_openpgp_crt_check_hostname (crt, hostname) == 0)
-            hostname_ok = 1;
-          else
-            hostname_ok = 2;
-        }
+                ret =
+                    gnutls_openpgp_crt_export (crt,
+                                               GNUTLS_OPENPGP_FMT_BASE64,
+                                               p, &size);
+                if (ret == GNUTLS_E_SHORT_MEMORY_BUFFER)
+                  {
+                      p = malloc (size);
+                      if (!p)
+                        {
+                            fprintf (stderr, "gnutls_malloc\n");
+                            exit (1);
+                        }
+
+                      ret =
+                          gnutls_openpgp_crt_export (crt,
+                                                     GNUTLS_OPENPGP_FMT_BASE64,
+                                                     p, &size);
+                  }
+                if (ret < 0)
+                  {
+                      fprintf (stderr, "Encoding error: %s\n",
+                               gnutls_strerror (ret));
+                      return;
+                  }
+
+                fputs (p, stdout);
+                fputs ("\n", stdout);
+
+                gnutls_free (p);
+            }
 
-      gnutls_openpgp_crt_deinit (crt);
-    }
+          if (hostname != NULL)
+            {
+                /* Check the hostname of the first certificate if it matches
+                 * the name of the host we connected to.
+                 */
+                if (gnutls_openpgp_crt_check_hostname (crt, hostname) == 0)
+                    hostname_ok = 1;
+                else
+                    hostname_ok = 2;
+            }
 
-  if (hostname_ok == 1)
-    {
-      printf ("- The hostname in the certificate does NOT match '%s'\n",
-              hostname);
-      if (!insecure)
-        exit (1);
-    }
-  else if (hostname_ok == 2)
-    {
-      printf ("- The hostname in the certificate matches '%s'.\n", hostname);
-    }
+          gnutls_openpgp_crt_deinit (crt);
+      }
+
+    if (hostname_ok == 1)
+      {
+          printf
+              ("- The hostname in the certificate does NOT match '%s'\n",
+               hostname);
+          if (!insecure)
+              exit (1);
+      }
+    else if (hostname_ok == 2)
+      {
+          printf ("- The hostname in the certificate matches '%s'.\n",
+                  hostname);
+      }
 }
 
 #endif
@@ -269,300 +295,320 @@ print_openpgp_info (gnutls_session_t session, const char *hostname,
 static void
 print_cert_vrfy (gnutls_session_t session)
 {
-  int rc;
-  unsigned int status;
+    int rc;
+    unsigned int status;
 
-  rc = gnutls_certificate_verify_peers2 (session, &status);
-  if (rc < 0)
-    {
-      printf ("- Could not verify certificate (err: %s)\n",
-              gnutls_strerror (rc));
-      return;
-    }
+    rc = gnutls_certificate_verify_peers2 (session, &status);
+    if (rc < 0)
+      {
+          printf ("- Could not verify certificate (err: %s)\n",
+                  gnutls_strerror (rc));
+          return;
+      }
 
-  if (rc == GNUTLS_E_NO_CERTIFICATE_FOUND)
-    {
-      printf ("- Peer did not send any certificate.\n");
-      return;
-    }
+    if (rc == GNUTLS_E_NO_CERTIFICATE_FOUND)
+      {
+          printf ("- Peer did not send any certificate.\n");
+          return;
+      }
 
-  if (gnutls_certificate_type_get (session) == GNUTLS_CRT_X509)
-    {
-      if (status & GNUTLS_CERT_REVOKED)
-        printf ("- Peer's certificate chain revoked\n");
-      if (status & GNUTLS_CERT_SIGNER_NOT_FOUND)
-        printf ("- Peer's certificate issuer is unknown\n");
-      if (status & GNUTLS_CERT_SIGNER_NOT_CA)
-        printf ("- Peer's certificate issuer is not a CA\n");
-      if (status & GNUTLS_CERT_INSECURE_ALGORITHM)
-        printf ("- Peer's certificate chain uses insecure algorithm\n");
-      if (status & GNUTLS_CERT_NOT_ACTIVATED)
-        printf
-          ("- Peer's certificate chain uses not yet valid certificate\n");
-      if (status & GNUTLS_CERT_EXPIRED)
-        printf ("- Peer's certificate chain uses expired certificate\n");
-      if (status & GNUTLS_CERT_INVALID)
-        printf ("- Peer's certificate is NOT trusted\n");
-      else
-        printf ("- Peer's certificate is trusted\n");
-    }
-  else
-    {
-      if (status & GNUTLS_CERT_INVALID)
-        printf ("- Peer's key is invalid\n");
-      else
-        printf ("- Peer's key is valid\n");
-      if (status & GNUTLS_CERT_SIGNER_NOT_FOUND)
-        printf ("- Could not find a signer of the peer's key\n");
-    }
+    if (gnutls_certificate_type_get (session) == GNUTLS_CRT_X509)
+      {
+          if (status & GNUTLS_CERT_REVOKED)
+              printf ("- Peer's certificate chain revoked\n");
+          if (status & GNUTLS_CERT_SIGNER_NOT_FOUND)
+              printf ("- Peer's certificate issuer is unknown\n");
+          if (status & GNUTLS_CERT_SIGNER_NOT_CA)
+              printf ("- Peer's certificate issuer is not a CA\n");
+          if (status & GNUTLS_CERT_INSECURE_ALGORITHM)
+              printf
+                  ("- Peer's certificate chain uses insecure algorithm\n");
+          if (status & GNUTLS_CERT_NOT_ACTIVATED)
+              printf
+                  ("- Peer's certificate chain uses not yet valid certificate\n");
+          if (status & GNUTLS_CERT_EXPIRED)
+              printf
+                  ("- Peer's certificate chain uses expired certificate\n");
+          if (status & GNUTLS_CERT_INVALID)
+              printf ("- Peer's certificate is NOT trusted\n");
+          else
+              printf ("- Peer's certificate is trusted\n");
+      }
+    else
+      {
+          if (status & GNUTLS_CERT_INVALID)
+              printf ("- Peer's key is invalid\n");
+          else
+              printf ("- Peer's key is valid\n");
+          if (status & GNUTLS_CERT_SIGNER_NOT_FOUND)
+              printf ("- Could not find a signer of the peer's key\n");
+      }
 }
 
 static void
 print_dh_info (gnutls_session_t session, const char *str)
 {
-  printf ("- %sDiffie-Hellman parameters\n", str);
-  printf (" - Using prime: %d bits\n", gnutls_dh_get_prime_bits (session));
-  printf (" - Secret key: %d bits\n", gnutls_dh_get_secret_bits (session));
-  printf (" - Peer's public key: %d bits\n",
-          gnutls_dh_get_peers_public_bits (session));
+    printf ("- %sDiffie-Hellman parameters\n", str);
+    printf (" - Using prime: %d bits\n",
+            gnutls_dh_get_prime_bits (session));
+    printf (" - Secret key: %d bits\n",
+            gnutls_dh_get_secret_bits (session));
+    printf (" - Peer's public key: %d bits\n",
+            gnutls_dh_get_peers_public_bits (session));
+
+    if (print_cert)
+      {
+          int ret;
+          gnutls_datum_t raw_gen = { NULL, 0 };
+          gnutls_datum_t raw_prime = { NULL, 0 };
+          gnutls_dh_params_t dh_params = NULL;
+          unsigned char *params_data = NULL;
+          size_t params_data_size = 0;
+
+          ret = gnutls_dh_get_group (session, &raw_gen, &raw_prime);
+          if (ret)
+            {
+                fprintf (stderr, "gnutls_dh_get_group %d\n", ret);
+                goto out;
+            }
 
-  if (print_cert)
-    {
-      int ret;
-      gnutls_datum_t raw_gen = { NULL, 0 };
-      gnutls_datum_t raw_prime = { NULL, 0 };
-      gnutls_dh_params_t dh_params = NULL;
-      unsigned char *params_data = NULL;
-      size_t params_data_size = 0;
-
-      ret = gnutls_dh_get_group (session, &raw_gen, &raw_prime);
-      if (ret)
-        {
-          fprintf (stderr, "gnutls_dh_get_group %d\n", ret);
-          goto out;
-        }
-
-      ret = gnutls_dh_params_init (&dh_params);
-      if (ret)
-        {
-          fprintf (stderr, "gnutls_dh_params_init %d\n", ret);
-          goto out;
-        }
-
-      ret = gnutls_dh_params_import_raw (dh_params, &raw_prime, &raw_gen);
-      if (ret)
-        {
-          fprintf (stderr, "gnutls_dh_params_import_raw %d\n", ret);
-          goto out;
-        }
-
-      ret = gnutls_dh_params_export_pkcs3 (dh_params,
-                                           GNUTLS_X509_FMT_PEM,
-                                           params_data, &params_data_size);
-      if (ret != GNUTLS_E_SHORT_MEMORY_BUFFER)
-        {
-          fprintf (stderr, "gnutls_dh_params_export_pkcs3 %d\n", ret);
-          goto out;
-        }
-
-      params_data = gnutls_malloc (params_data_size);
-      if (!params_data)
-        {
-          fprintf (stderr, "gnutls_malloc %d\n", ret);
-          goto out;
-        }
-
-      ret = gnutls_dh_params_export_pkcs3 (dh_params,
-                                           GNUTLS_X509_FMT_PEM,
-                                           params_data, &params_data_size);
-      if (ret)
-        {
-          fprintf (stderr, "gnutls_dh_params_export_pkcs3-2 %d\n", ret);
-          goto out;
-        }
-
-      printf (" - PKCS#3 format:\n\n%.*s\n", (int) params_data_size,
-              params_data);
-
-    out:
-      gnutls_free (params_data);
-      gnutls_free (raw_prime.data);
-      gnutls_free (raw_gen.data);
-      gnutls_dh_params_deinit (dh_params);
-    }
+          ret = gnutls_dh_params_init (&dh_params);
+          if (ret)
+            {
+                fprintf (stderr, "gnutls_dh_params_init %d\n", ret);
+                goto out;
+            }
+
+          ret =
+              gnutls_dh_params_import_raw (dh_params, &raw_prime,
+                                           &raw_gen);
+          if (ret)
+            {
+                fprintf (stderr, "gnutls_dh_params_import_raw %d\n", ret);
+                goto out;
+            }
+
+          ret = gnutls_dh_params_export_pkcs3 (dh_params,
+                                               GNUTLS_X509_FMT_PEM,
+                                               params_data,
+                                               &params_data_size);
+          if (ret != GNUTLS_E_SHORT_MEMORY_BUFFER)
+            {
+                fprintf (stderr, "gnutls_dh_params_export_pkcs3 %d\n",
+                         ret);
+                goto out;
+            }
+
+          params_data = gnutls_malloc (params_data_size);
+          if (!params_data)
+            {
+                fprintf (stderr, "gnutls_malloc %d\n", ret);
+                goto out;
+            }
+
+          ret = gnutls_dh_params_export_pkcs3 (dh_params,
+                                               GNUTLS_X509_FMT_PEM,
+                                               params_data,
+                                               &params_data_size);
+          if (ret)
+            {
+                fprintf (stderr, "gnutls_dh_params_export_pkcs3-2 %d\n",
+                         ret);
+                goto out;
+            }
+
+          printf (" - PKCS#3 format:\n\n%.*s\n", (int) params_data_size,
+                  params_data);
+
+        out:
+          gnutls_free (params_data);
+          gnutls_free (raw_prime.data);
+          gnutls_free (raw_gen.data);
+          gnutls_dh_params_deinit (dh_params);
+      }
 }
 
 static void
 print_ecdh_info (gnutls_session_t session, const char *str)
 {
-int curve;
+    int curve;
+
+    printf ("- %sEC Diffie-Hellman parameters\n", str);
 
-  printf ("- %sEC Diffie-Hellman parameters\n", str);
-  
-  curve = gnutls_ecc_curve_get(session);
-  
-  printf (" - Using curve: %s\n", gnutls_ecc_curve_get_name (curve));
-  printf (" - Curve size: %d bits\n", gnutls_ecc_curve_get_size(curve)*8);
+    curve = gnutls_ecc_curve_get (session);
+
+    printf (" - Using curve: %s\n", gnutls_ecc_curve_get_name (curve));
+    printf (" - Curve size: %d bits\n",
+            gnutls_ecc_curve_get_size (curve) * 8);
 
 }
 
 int
 print_info (gnutls_session_t session, const char *hostname, int insecure)
 {
-  const char *tmp;
-  gnutls_credentials_type_t cred;
-  gnutls_kx_algorithm_t kx;
-  unsigned char session_id[33];
-  size_t session_id_size = sizeof(session_id);
-
-  /* print session ID */
-  gnutls_session_get_id (session, session_id, &session_id_size);
-  printf("- Session ID: %s\n", raw_to_string(session_id, session_id_size));
-
-  /* print the key exchange's algorithm name
-   */
-  kx = gnutls_kx_get (session);
-
-  cred = gnutls_auth_get_type (session);
-  switch (cred)
-    {
+    const char *tmp;
+    gnutls_credentials_type_t cred;
+    gnutls_kx_algorithm_t kx;
+    unsigned char session_id[33];
+    size_t session_id_size = sizeof (session_id);
+
+    /* print session ID */
+    gnutls_session_get_id (session, session_id, &session_id_size);
+    printf ("- Session ID: %s\n",
+            raw_to_string (session_id, session_id_size));
+
+    /* print the key exchange's algorithm name
+     */
+    kx = gnutls_kx_get (session);
+
+    cred = gnutls_auth_get_type (session);
+    switch (cred)
+      {
 #ifdef ENABLE_ANON
-    case GNUTLS_CRD_ANON:
-      if (kx == GNUTLS_KX_ANON_ECDH)
-        print_ecdh_info(session, "Anonymous ");
-      else
-        print_dh_info (session, "Anonymous ");
-      break;
+      case GNUTLS_CRD_ANON:
+          if (kx == GNUTLS_KX_ANON_ECDH)
+              print_ecdh_info (session, "Anonymous ");
+          else
+              print_dh_info (session, "Anonymous ");
+          break;
 #endif
 #ifdef ENABLE_SRP
-    case GNUTLS_CRD_SRP:
-      /* This should be only called in server
-       * side.
-       */
-      if (gnutls_srp_server_get_username (session) != NULL)
-        printf ("- SRP authentication. Connected as '%s'\n",
-                gnutls_srp_server_get_username (session));
-      break;
+      case GNUTLS_CRD_SRP:
+          /* This should be only called in server
+           * side.
+           */
+          if (gnutls_srp_server_get_username (session) != NULL)
+              printf ("- SRP authentication. Connected as '%s'\n",
+                      gnutls_srp_server_get_username (session));
+          break;
 #endif
 #ifdef ENABLE_PSK
-    case GNUTLS_CRD_PSK:
-      /* This returns NULL in server side.
-       */
-      if (gnutls_psk_client_get_hint (session) != NULL)
-        printf ("- PSK authentication. PSK hint '%s'\n",
-                gnutls_psk_client_get_hint (session));
-      /* This returns NULL in client side.
-       */
-      if (gnutls_psk_server_get_username (session) != NULL)
-        printf ("- PSK authentication. Connected as '%s'\n",
-                gnutls_psk_server_get_username (session));
-      if (kx == GNUTLS_KX_DHE_PSK)
-        print_dh_info (session, "Ephemeral ");
-      if (kx == GNUTLS_KX_ECDHE_PSK)
-        print_ecdh_info(session, "Ephemeral ");
-      break;
+      case GNUTLS_CRD_PSK:
+          /* This returns NULL in server side.
+           */
+          if (gnutls_psk_client_get_hint (session) != NULL)
+              printf ("- PSK authentication. PSK hint '%s'\n",
+                      gnutls_psk_client_get_hint (session));
+          /* This returns NULL in client side.
+           */
+          if (gnutls_psk_server_get_username (session) != NULL)
+              printf ("- PSK authentication. Connected as '%s'\n",
+                      gnutls_psk_server_get_username (session));
+          if (kx == GNUTLS_KX_DHE_PSK)
+              print_dh_info (session, "Ephemeral ");
+          if (kx == GNUTLS_KX_ECDHE_PSK)
+              print_ecdh_info (session, "Ephemeral ");
+          break;
 #endif
-    case GNUTLS_CRD_IA:
-      printf ("- TLS/IA authentication\n");
-      break;
-    case GNUTLS_CRD_CERTIFICATE:
-      {
-        char dns[256];
-        size_t dns_size = sizeof (dns);
-        unsigned int type;
-
-        /* This fails in client side */
-        if (gnutls_server_name_get (session, dns, &dns_size, &type, 0) == 0)
+      case GNUTLS_CRD_IA:
+          printf ("- TLS/IA authentication\n");
+          break;
+      case GNUTLS_CRD_CERTIFICATE:
           {
-            printf ("- Given server name[%d]: %s\n", type, dns);
+              char dns[256];
+              size_t dns_size = sizeof (dns);
+              unsigned int type;
+
+              /* This fails in client side */
+              if (gnutls_server_name_get
+                  (session, dns, &dns_size, &type, 0) == 0)
+                {
+                    printf ("- Given server name[%d]: %s\n", type, dns);
+                }
           }
-      }
 
-      print_cert_info (session, hostname, insecure);
+          print_cert_info (session, hostname, insecure);
 
-      print_cert_vrfy (session);
+          print_cert_vrfy (session);
 
-      if (kx == GNUTLS_KX_DHE_RSA || kx == GNUTLS_KX_DHE_DSS)
-        print_dh_info (session, "Ephemeral ");
-      else if (kx == GNUTLS_KX_ECDHE_RSA || kx == GNUTLS_KX_ECDHE_ECDSA)
-        print_ecdh_info(session, "Ephemeral ");
-    }
+          if (kx == GNUTLS_KX_DHE_RSA || kx == GNUTLS_KX_DHE_DSS)
+              print_dh_info (session, "Ephemeral ");
+          else if (kx == GNUTLS_KX_ECDHE_RSA
+                   || kx == GNUTLS_KX_ECDHE_ECDSA)
+              print_ecdh_info (session, "Ephemeral ");
+      }
 
-  tmp = SU (gnutls_protocol_get_name (gnutls_protocol_get_version (session)));
-  printf ("- Version: %s\n", tmp);
+    tmp =
+        SU (gnutls_protocol_get_name
+            (gnutls_protocol_get_version (session)));
+    printf ("- Version: %s\n", tmp);
 
-  tmp = SU (gnutls_kx_get_name (kx));
-  printf ("- Key Exchange: %s\n", tmp);
+    tmp = SU (gnutls_kx_get_name (kx));
+    printf ("- Key Exchange: %s\n", tmp);
 
-  tmp = SU (gnutls_cipher_get_name (gnutls_cipher_get (session)));
-  printf ("- Cipher: %s\n", tmp);
+    tmp = SU (gnutls_cipher_get_name (gnutls_cipher_get (session)));
+    printf ("- Cipher: %s\n", tmp);
 
-  tmp = SU (gnutls_mac_get_name (gnutls_mac_get (session)));
-  printf ("- MAC: %s\n", tmp);
+    tmp = SU (gnutls_mac_get_name (gnutls_mac_get (session)));
+    printf ("- MAC: %s\n", tmp);
 
-  tmp = SU (gnutls_compression_get_name (gnutls_compression_get (session)));
-  printf ("- Compression: %s\n", tmp);
+    tmp =
+        SU (gnutls_compression_get_name
+            (gnutls_compression_get (session)));
+    printf ("- Compression: %s\n", tmp);
 
-  if (verbose)
-    {
-      gnutls_datum_t cb;
-      int rc;
-
-      rc =
-        gnutls_session_channel_binding (session, GNUTLS_CB_TLS_UNIQUE, &cb);
-      if (rc)
-        fprintf (stderr, "Channel binding error: %s\n", gnutls_strerror (rc));
-      else
-        {
-          size_t i;
-
-          printf ("- Channel binding 'tls-unique': ");
-          for (i = 0; i < cb.size; i++)
-            printf ("%02x", cb.data[i]);
-          printf ("\n");
-        }
-    }
+    if (verbose)
+      {
+          gnutls_datum_t cb;
+          int rc;
+
+          rc = gnutls_session_channel_binding (session,
+                                               GNUTLS_CB_TLS_UNIQUE, &cb);
+          if (rc)
+              fprintf (stderr, "Channel binding error: %s\n",
+                       gnutls_strerror (rc));
+          else
+            {
+                size_t i;
 
-  /* Warning: Do not print anything more here. The 'Compression:'
-     output MUST be the last non-verbose output.  This is used by
-     Emacs starttls.el code. */
+                printf ("- Channel binding 'tls-unique': ");
+                for (i = 0; i < cb.size; i++)
+                    printf ("%02x", cb.data[i]);
+                printf ("\n");
+            }
+      }
 
-  fflush (stdout);
+    /* Warning: Do not print anything more here. The 'Compression:'
+       output MUST be the last non-verbose output.  This is used by
+       Emacs starttls.el code. */
 
-  return 0;
+    fflush (stdout);
+
+    return 0;
 }
 
 void
-print_cert_info (gnutls_session_t session, const char *hostname, int insecure)
+print_cert_info (gnutls_session_t session, const char *hostname,
+                 int insecure)
 {
 
-  if (gnutls_certificate_client_get_request_status (session) != 0)
-    printf ("- Server has requested a certificate.\n");
+    if (gnutls_certificate_client_get_request_status (session) != 0)
+        printf ("- Server has requested a certificate.\n");
 
-  printf ("- Certificate type: ");
-  switch (gnutls_certificate_type_get (session))
-    {
-    case GNUTLS_CRT_UNKNOWN:
-      printf ("Unknown\n");
-
-      if (!insecure)
-        exit (1);
-      break;
-    case GNUTLS_CRT_X509:
-      printf ("X.509\n");
-      print_x509_info (session, hostname, insecure);
-      break;
+    printf ("- Certificate type: ");
+    switch (gnutls_certificate_type_get (session))
+      {
+      case GNUTLS_CRT_UNKNOWN:
+          printf ("Unknown\n");
+
+          if (!insecure)
+              exit (1);
+          break;
+      case GNUTLS_CRT_X509:
+          printf ("X.509\n");
+          print_x509_info (session, hostname, insecure);
+          break;
 #ifdef ENABLE_OPENPGP
-    case GNUTLS_CRT_OPENPGP:
-      printf ("OpenPGP\n");
-      print_openpgp_info (session, hostname, insecure);
-      break;
+      case GNUTLS_CRT_OPENPGP:
+          printf ("OpenPGP\n");
+          print_openpgp_info (session, hostname, insecure);
+          break;
 #endif
-    }
+      }
 }
 
 void
-print_list (const charpriorities, int verbose)
+print_list (const char *priorities, int verbose)
 {
     size_t i;
     int ret;
@@ -575,188 +621,279 @@ print_list (const char* priorities, int verbose)
     gnutls_mac_algorithm_t mac;
     gnutls_protocol_t version;
     gnutls_priority_t pcache;
+    const unsigned int *list;
 
     if (priorities != NULL)
       {
-        printf ("Cipher suites for %s\n", priorities);
-        
-        ret = gnutls_priority_init(&pcache, priorities, &err);
-        if (ret < 0)
+          printf ("Cipher suites for %s\n", priorities);
+
+          ret = gnutls_priority_init (&pcache, priorities, &err);
+          if (ret < 0)
+            {
+                fprintf (stderr, "Syntax error at: %s\n", err);
+                exit (1);
+            }
+
+          for (i = 0;; i++)
+            {
+                ret =
+                    gnutls_priority_get_cipher_suite_index (pcache, i,
+                                                            &idx);
+                if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE)
+                    break;
+                if (ret == GNUTLS_E_UNKNOWN_CIPHER_SUITE)
+                    continue;
+
+                name =
+                    gnutls_cipher_suite_info (idx, id, NULL, NULL, NULL,
+                                              &version);
+
+                if (name != NULL)
+                    printf ("%-50s\t0x%02x, 0x%02x\t%s\n",
+                            name, (unsigned char) id[0],
+                            (unsigned char) id[1],
+                            gnutls_protocol_get_name (version));
+            }
+
+          printf("\n");
           {
-            fprintf (stderr, "Syntax error at: %s\n", err);
-            exit(1);
+              ret = gnutls_priority_certificate_type_list (pcache, &list);
+
+              printf ("Certificate types: ");
+              if (ret == 0) printf("none\n");
+              for (i = 0; i < (unsigned)ret; i++)
+                {
+                    printf ("CTYPE-%s",
+                            gnutls_certificate_type_get_name (list[i]));
+                    if (i+1!=(unsigned)ret)
+                        printf (", ");
+                    else
+                        printf ("\n");
+                }
+          }
+
+          {
+              ret = gnutls_priority_protocol_list (pcache, &list);
+
+              printf ("Protocols: ");
+              if (ret == 0) printf("none\n");
+              for (i = 0; i < (unsigned)ret; i++)
+                {
+                    printf ("VERS-%s", gnutls_protocol_get_name (list[i]));
+                    if (i+1!=(unsigned)ret)
+                        printf (", ");
+                    else
+                        printf ("\n");
+                }
+          }
+
+          {
+              ret = gnutls_priority_compression_list (pcache, &list);
+
+              printf ("Compression: ");
+              if (ret == 0) printf("none\n");
+              for (i = 0; i < (unsigned)ret; i++)
+                {
+                    printf ("COMP-%s",
+                            gnutls_compression_get_name (list[i]));
+                    if (i+1!=(unsigned)ret)
+                        printf (", ");
+                    else
+                        printf ("\n");
+                }
           }
-      
-        for (i=0;;i++)
+
           {
-            ret = gnutls_priority_get_cipher_suite_index(pcache, i, &idx);
-            if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) break;
-            if (ret == GNUTLS_E_UNKNOWN_CIPHER_SUITE) continue;
-            
-            name = gnutls_cipher_suite_info(idx, id, NULL, NULL, NULL, &version);
-            
-            if (name != NULL)
-              printf ("%-50s\t0x%02x, 0x%02x\t%s\n",
-                      name, (unsigned char) id[0], (unsigned char) id[1],
-                      gnutls_protocol_get_name (version));
+              ret = gnutls_priority_ecc_curve_list (pcache, &list);
+
+              printf ("Elliptic curves: ");
+              if (ret == 0) printf("none\n");
+              for (i = 0; i < (unsigned)ret; i++)
+                {
+                    printf ("CURVE-%s",
+                            gnutls_ecc_curve_get_name (list[i]));
+                    if (i+1!=(unsigned)ret)
+                        printf (", ");
+                    else
+                        printf ("\n");
+                }
           }
-          
-        return;
+
+          {
+              ret = gnutls_priority_sign_list (pcache, &list);
+
+              printf ("PK-signatures: ");
+              if (ret == 0) printf("none\n");
+              for (i = 0; i < (unsigned)ret; i++)
+                {
+                    printf ("SIGN-%s",
+                            gnutls_sign_algorithm_get_name (list[i]));
+                    if (i+1!=(unsigned)ret)
+                        printf (", ");
+                    else
+                        printf ("\n");
+                }
+          }
+
+          return;
       }
 
     printf ("Cipher suites:\n");
     for (i = 0; (name = gnutls_cipher_suite_info
                  (i, id, &kx, &cipher, &mac, &version)); i++)
       {
-        printf ("%-50s\t0x%02x, 0x%02x\t%s\n",
-                name,
-                (unsigned char) id[0], (unsigned char) id[1],
-                gnutls_protocol_get_name (version));
-        if (verbose)
-          printf ("\tKey exchange: %s\n\tCipher: %s\n\tMAC: %s\n\n",
-                  gnutls_kx_get_name (kx),
-                  gnutls_cipher_get_name (cipher), gnutls_mac_get_name (mac));
+          printf ("%-50s\t0x%02x, 0x%02x\t%s\n",
+                  name,
+                  (unsigned char) id[0], (unsigned char) id[1],
+                  gnutls_protocol_get_name (version));
+          if (verbose)
+              printf ("\tKey exchange: %s\n\tCipher: %s\n\tMAC: %s\n\n",
+                      gnutls_kx_get_name (kx),
+                      gnutls_cipher_get_name (cipher),
+                      gnutls_mac_get_name (mac));
       }
 
-  {
-    const gnutls_certificate_type_t *p = gnutls_certificate_type_list ();
+    printf("\n");
+    {
+        const gnutls_certificate_type_t *p =
+            gnutls_certificate_type_list ();
 
-    printf ("Certificate types: ");
-    for (; *p; p++)
-      {
-        printf ("CTYPE-%s", gnutls_certificate_type_get_name (*p));
-        if (*(p + 1))
-          printf (", ");
-        else
-          printf ("\n");
-      }
-  }
+        printf ("Certificate types: ");
+        for (; *p; p++)
+          {
+              printf ("CTYPE-%s", gnutls_certificate_type_get_name (*p));
+              if (*(p + 1))
+                  printf (", ");
+              else
+                  printf ("\n");
+          }
+    }
 
-  {
-    const gnutls_protocol_t *p = gnutls_protocol_list ();
+    {
+        const gnutls_protocol_t *p = gnutls_protocol_list ();
 
-    printf ("Protocols: ");
-    for (; *p; p++)
-      {
-        printf ("VERS-%s", gnutls_protocol_get_name (*p));
-        if (*(p + 1))
-          printf (", ");
-        else
-          printf ("\n");
-      }
-  }
+        printf ("Protocols: ");
+        for (; *p; p++)
+          {
+              printf ("VERS-%s", gnutls_protocol_get_name (*p));
+              if (*(p + 1))
+                  printf (", ");
+              else
+                  printf ("\n");
+          }
+    }
 
-  {
-    const gnutls_cipher_algorithm_t *p = gnutls_cipher_list ();
+    {
+        const gnutls_cipher_algorithm_t *p = gnutls_cipher_list ();
 
-    printf ("Ciphers: ");
-    for (; *p; p++)
-      {
-        printf ("%s", gnutls_cipher_get_name (*p));
-        if (*(p + 1))
-          printf (", ");
-        else
-          printf ("\n");
-      }
-  }
+        printf ("Ciphers: ");
+        for (; *p; p++)
+          {
+              printf ("%s", gnutls_cipher_get_name (*p));
+              if (*(p + 1))
+                  printf (", ");
+              else
+                  printf ("\n");
+          }
+    }
 
-  {
-    const gnutls_mac_algorithm_t *p = gnutls_mac_list ();
+    {
+        const gnutls_mac_algorithm_t *p = gnutls_mac_list ();
 
-    printf ("MACs: ");
-    for (; *p; p++)
-      {
-        printf ("%s", gnutls_mac_get_name (*p));
-        if (*(p + 1))
-          printf (", ");
-        else
-          printf ("\n");
-      }
-  }
+        printf ("MACs: ");
+        for (; *p; p++)
+          {
+              printf ("%s", gnutls_mac_get_name (*p));
+              if (*(p + 1))
+                  printf (", ");
+              else
+                  printf ("\n");
+          }
+    }
 
-  {
-    const gnutls_kx_algorithm_t *p = gnutls_kx_list ();
+    {
+        const gnutls_kx_algorithm_t *p = gnutls_kx_list ();
 
-    printf ("Key exchange algorithms: ");
-    for (; *p; p++)
-      {
-        printf ("%s", gnutls_kx_get_name (*p));
-        if (*(p + 1))
-          printf (", ");
-        else
-          printf ("\n");
-      }
-  }
+        printf ("Key exchange algorithms: ");
+        for (; *p; p++)
+          {
+              printf ("%s", gnutls_kx_get_name (*p));
+              if (*(p + 1))
+                  printf (", ");
+              else
+                  printf ("\n");
+          }
+    }
 
-  {
-    const gnutls_compression_method_t *p = gnutls_compression_list ();
+    {
+        const gnutls_compression_method_t *p = gnutls_compression_list ();
 
-    printf ("Compression: ");
-    for (; *p; p++)
-      {
-        printf ("COMP-%s", gnutls_compression_get_name (*p));
-        if (*(p + 1))
-          printf (", ");
-        else
-          printf ("\n");
-      }
-  }
+        printf ("Compression: ");
+        for (; *p; p++)
+          {
+              printf ("COMP-%s", gnutls_compression_get_name (*p));
+              if (*(p + 1))
+                  printf (", ");
+              else
+                  printf ("\n");
+          }
+    }
 
-  {
-    const gnutls_ecc_curve_t *p = gnutls_ecc_curve_list ();
+    {
+        const gnutls_ecc_curve_t *p = gnutls_ecc_curve_list ();
 
-    printf ("Elliptic curves: ");
-    for (; *p; p++)
-      {
-        printf ("CURVE-%s", gnutls_ecc_curve_get_name (*p));
-        if (*(p + 1))
-          printf (", ");
-        else
-          printf ("\n");
-      }
-  }
+        printf ("Elliptic curves: ");
+        for (; *p; p++)
+          {
+              printf ("CURVE-%s", gnutls_ecc_curve_get_name (*p));
+              if (*(p + 1))
+                  printf (", ");
+              else
+                  printf ("\n");
+          }
+    }
 
-  {
-    const gnutls_pk_algorithm_t *p = gnutls_pk_list ();
+    {
+        const gnutls_pk_algorithm_t *p = gnutls_pk_list ();
 
-    printf ("Public Key Systems: ");
-    for (; *p; p++)
-      {
-        printf ("%s", gnutls_pk_algorithm_get_name (*p));
-        if (*(p + 1))
-          printf (", ");
-        else
-          printf ("\n");
-      }
-  }
+        printf ("Public Key Systems: ");
+        for (; *p; p++)
+          {
+              printf ("%s", gnutls_pk_algorithm_get_name (*p));
+              if (*(p + 1))
+                  printf (", ");
+              else
+                  printf ("\n");
+          }
+    }
 
-  {
-    const gnutls_sign_algorithm_t *p = gnutls_sign_list ();
+    {
+        const gnutls_sign_algorithm_t *p = gnutls_sign_list ();
 
-    printf ("PK-signatures: ");
-    for (; *p; p++)
-      {
-        printf ("SIGN-%s", gnutls_sign_algorithm_get_name (*p));
-        if (*(p + 1))
-          printf (", ");
-        else
-          printf ("\n");
-      }
-  }
+        printf ("PK-signatures: ");
+        for (; *p; p++)
+          {
+              printf ("SIGN-%s", gnutls_sign_algorithm_get_name (*p));
+              if (*(p + 1))
+                  printf (", ");
+              else
+                  printf ("\n");
+          }
+    }
 }
 
 void
 sockets_init (void)
 {
 #ifdef _WIN32
-  WORD wVersionRequested;
-  WSADATA wsaData;
+    WORD wVersionRequested;
+    WSADATA wsaData;
 
-  wVersionRequested = MAKEWORD (1, 1);
-  if (WSAStartup (wVersionRequested, &wsaData) != 0)
-    {
-      perror ("WSA_STARTUP_ERROR");
-    }
+    wVersionRequested = MAKEWORD (1, 1);
+    if (WSAStartup (wVersionRequested, &wsaData) != 0)
+      {
+          perror ("WSA_STARTUP_ERROR");
+      }
 #endif
 }
 
@@ -768,20 +905,19 @@ sockets_init (void)
 int
 service_to_port (const char *service)
 {
-  int port;
-  struct servent *server_port;
+    int port;
+    struct servent *server_port;
 
-  port = atoi (service);
-  if (port != 0)
-    return port;
+    port = atoi (service);
+    if (port != 0)
+        return port;
 
-  server_port = getservbyname (service, "tcp");
-  if (server_port == NULL)
-    {
-      perror ("getservbyname()");
-      return (-1);
-    }
+    server_port = getservbyname (service, "tcp");
+    if (server_port == NULL)
+      {
+          perror ("getservbyname()");
+          return (-1);
+      }
 
-  return ntohs (server_port->s_port);
+    return ntohs (server_port->s_port);
 }
-