* Version 3.3.0 (unreleased)
+** libgnutls: certificate verification profiles were introduced
+that can be specified as flags to verification functions. They
+are enumerations in gnutls_certificate_verification_profiles_t
+and can be converted to flags using GNUTLS_PROFILE_TO_VFLAGS()
+
+** libgnutls: When specifying a priority string a corresponding
+certificate verification profile is automatically set.
+
+** libgnutls: Increased the default security level of priority
+strings to corresponding defaults. The %COMPAT keyword is extended
+to revert to old defaults, by reducing the overall security level.
+
** libgnutls: The initialization of the library was moved to a
constructor. That is, gnutls_global_init() is no longer required
unless linking with a static library or a system that does not
* @GNUTLS_VERIFY_DISABLE_CRL_CHECKS: Disable checking for validity
* using certificate revocation lists or the available OCSP data.
*
- * Enumeration of different certificate verify flags.
+ * Enumeration of different certificate verify flags. Additional
+ * verification profiles can be set using GNUTLS_PROFILE_TO_VFLAGS()
+ * and %gnutls_certificate_verification_profiles_t.
*/
typedef enum gnutls_certificate_verify_flags {
GNUTLS_VERIFY_DISABLE_CA_SIGN = 1 << 0,
} gnutls_certificate_verify_flags;
/**
- * gnutls_certificate_verification_profiles:
+ * gnutls_certificate_verification_profiles_t:
* @GNUTLS_PROFILE_LOW: A verification profile that
* corresponds to @GNUTLS_SEC_PARAM_LOW (80 bits)
* @GNUTLS_PROFILE_LEGACY: A verification profile that
* corresponds to @GNUTLS_SEC_PARAM_HIGH (128 bits)
* @GNUTLS_PROFILE_ULTRA: A verification profile that
* corresponds to @GNUTLS_SEC_PARAM_ULTRA (256 bits)
- * @GNUTLS_PROFILE_SUITEB128: A verification profile that
+% * @GNUTLS_PROFILE_SUITEB128: A verification profile that
* applies the SUITEB128 rules
* @GNUTLS_PROFILE_SUITEB192: A verification profile that
* applies the SUITEB192 rules
*
* Enumeration of different certificate verification profiles.
*/
-typedef enum gnutls_certificate_verification_profiles {
+typedef enum gnutls_certificate_verification_profiles_t {
GNUTLS_PROFILE_LOW = 2,
GNUTLS_PROFILE_LEGACY = 4,
GNUTLS_PROFILE_NORMAL = 5,
* its status. The @verify parameter will hold an OR'ed sequence of
* %gnutls_certificate_status_t flags.
*
+ * Additionally a certificate verification profile can be specified
+ * from the ones in %gnutls_certificate_verification_profiles_t by
+ * ORing the result of GNUTLS_PROFILE_TO_VFLAGS() to the verification
+ * flags.
+ *
* Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
* negative error value.
*
* In addition to that this function will also check CRLs.
* The @verify parameter will hold an OR'ed sequence of %gnutls_certificate_status_t flags.
*
+ * Additionally a certificate verification profile can be specified
+ * from the ones in %gnutls_certificate_verification_profiles_t by
+ * ORing the result of GNUTLS_PROFILE_TO_VFLAGS() to the verification
+ * flags.
+ *
* Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
* negative error value.
*