XSSL is an experimental API available in the @code{gnutls-xssl} library
and in @code{gnutls/xssl.h} header. It is intended to be a very simple
-to use API avoid the GnuTLS API.
+to use API avoid the GnuTLS API. The API however has the following limitations
+@itemize
+@item It is applicable to blocking sockets only.
+@item The server verification is based on its DNS name.
+@end itemize
@menu
* Example client with X.509 certificate authentication::
typedef enum
{
- GNUTLS_CINPUT_CAS = 1,
- GNUTLS_CINPUT_CRLS = 2,
- GNUTLS_CINPUT_TOFU_DB = 3,
- GNUTLS_CINPUT_KEYPAIR = 4,
+ GNUTLS_CINPUT_CAS = 1, /* i1 contains the CAs */
+ GNUTLS_CINPUT_CRLS = 2,/* i1 contains the CRLs */
+ GNUTLS_CINPUT_TOFU_DB = 3, /* i1 contains the DB filename */
+ GNUTLS_CINPUT_KEYPAIR = 4, /* i1 contains the certificate, i2 the key
+ * or i1.pin_fn contains the pin function,
+ * and i2.udata the user pointer */
+ */
} gnutls_cinput_contents_t;
typedef struct gnutls_cinput_st {