*
*/
-/*
+/*
* This file holds all the buffering code used in gnutls.
* The buffering code works as:
*
- * RECORD LAYER:
+ * RECORD LAYER:
* 1. uses a buffer to hold data (application/handshake),
* we got but they were not requested, yet.
* (see gnutls_record_buffer_put(), gnutls_record_buffer_get_size() etc.)
* 2. uses a buffer to hold data that were incomplete (ie the read/write
* was interrupted)
* (see _gnutls_io_read_buffered(), _gnutls_io_write_buffered() etc.)
- *
+ *
* HANDSHAKE LAYER:
* 1. Uses buffer to hold the last received handshake message.
* (see _gnutls_handshake_hash_buffer_put() etc.)
* @session: is a #gnutls_session_t type.
*
* This function checks if there pending corked
- * data in the gnutls buffers --see gnutls_record_cork().
+ * data in the gnutls buffers --see gnutls_record_cork().
*
* Returns: Returns the size of the corked data or zero.
*
return i;
}
-/*
+/*
* @ms: a pointer to the number of milliseconds to wait for data. Use zero or NULL for indefinite.
*
* This function is like recv(with MSG_PEEK). But it does not return -1 on error.
* It does return gnutls_errno instead.
* This function reads data from the socket and keeps them in a buffer, of up to
- * max_record_recv_size.
+ * max_record_recv_size.
*
* This is not a general purpose function. It returns EXACTLY the data requested,
* which are stored in a local (in the session) buffer.
return GNUTLS_E_TIMEDOUT;
}
-/* HANDSHAKE buffers part
+/* HANDSHAKE buffers part
*/
/* This function writes the data that are left in the
}
-/* This is a send function for the gnutls handshake
+/* This is a send function for the gnutls handshake
* protocol. Just makes sure that all data have been sent.
*
*/
RETURN_DTLS_EAGAIN_OR_TIMEOUT(session, 0);
}
-/* This is a receive function for the gnutls handshake
+/* This is a receive function for the gnutls handshake
* protocol. Makes sure that we have received all data.
*
* htype is the next handshake packet expected.
handshake_buffer_st tmp;
do {
- /* we now
+ /* we now
* 0. parse headers
* 1. insert to handshake_recv_buffer
* 2. sort handshake_recv_buffer on sequence numbers
}
}
-/* This is a receive function for the gnutls handshake
+/* This is a receive function for the gnutls handshake
* protocol. Makes sure that we have received all data.
*/
ssize_t
}
do {
- /* if we don't have a complete message waiting for us, try
+ /* if we don't have a complete message waiting for us, try
* receiving more */
ret =
_gnutls_recv_in_buffers(session, GNUTLS_HANDSHAKE, htype,
/* returns ciphertext which contains the headers too. This also
* calculates the size in the header field.
- *
+ *
*/
int
_gnutls_encrypt(gnutls_session_t session,
return p - preamble;
}
-/* This is the actual encryption
+/* This is the actual encryption
* Encrypts the given plaintext datum, and puts the result to cipher_data,
* which has cipher_size size.
* return the actual encrypted data length.
ret = _gnutls_auth_cipher_tag(¶ms->read.ctx.tls12, tag, tag_size);
if (unlikely(ret < 0))
return gnutls_assert_val(ret);
-
+
if (unlikely(gnutls_memcmp(tag, &ciphertext->data[ciphertext->size-tag_size], tag_size) != 0)) {
/* HMAC was not the same. */
return gnutls_assert_val(GNUTLS_E_DECRYPTION_FAILED);
pad = plain->data[ciphertext->size - tag_size - 1]; /* pad */
length = ciphertext->size - tag_size - pad - 1;
-
+
if (unlikely(length < 0))
return gnutls_assert_val(GNUTLS_E_DECRYPTION_FAILED);
}
client_random, session->security_parameters.client_random,
GNUTLS_RANDOM_SIZE);
- /* keep the ciphersuite and compression
+ /* keep the ciphersuite and compression
* That is because the client must see these in our
* hello message.
*/
return 0;
}
-/* Read a client hello packet.
+/* Read a client hello packet.
* A client hello must be a known version client hello
* or version 2.0 client hello (only for compatibility
* since SSL version 2.0 is not supported).
DECR_LEN(len, 1);
session_id_len = data[pos++];
- /* RESUME SESSION
+ /* RESUME SESSION
*/
if (session_id_len > GNUTLS_MAX_SESSION_ID_SIZE) {
gnutls_assert();
}
/* This is to be called after sending our finished message. If everything
- * went fine we have negotiated a secure connection
+ * went fine we have negotiated a secure connection
*/
int _gnutls_recv_finished(gnutls_session_t session)
{
/* This function sends an empty handshake packet. (like hello request).
* If the previous _gnutls_send_empty_handshake() returned
- * GNUTLS_E_AGAIN or GNUTLS_E_INTERRUPTED, then it must be called again
+ * GNUTLS_E_AGAIN or GNUTLS_E_INTERRUPTED, then it must be called again
* (until it returns ok), with NULL parameters.
*/
static int
/* This function sends a handshake message of type 'type' containing the
* data specified here. If the previous _gnutls_send_handshake() returned
- * GNUTLS_E_AGAIN or GNUTLS_E_INTERRUPTED, then it must be called again
+ * GNUTLS_E_AGAIN or GNUTLS_E_INTERRUPTED, then it must be called again
* (until it returns ok), with NULL parameters.
*/
int
return 0;
}
-/* This function copies the appropriate compression methods, to a locally allocated buffer
+/* This function copies the appropriate compression methods, to a locally allocated buffer
* Needed in hello messages. Returns the new data length.
*/
static int
*/
session->security_parameters.timestamp = gnutls_time(NULL);
- /* Generate random data
+ /* Generate random data
*/
if (!(session->internals.hsk_flags & HSK_HRR_RECEIVED) &&
!(IS_DTLS(session) && session->internals.dtls.hsk_hello_verify_requests == 0)) {
/* Copy the Session ID - if any
*/
- ret = _gnutls_buffer_append_data_prefix(&extdata, 8,
+ ret = _gnutls_buffer_append_data_prefix(&extdata, 8,
session->internals.resumed_security_parameters.session_id,
session_id_len);
if (ret < 0) {
* <-------- Finished
* [ChangeCipherSpec]
* Finished -------->
- *
+ *
*/
/**
*
* This function can only be called in server side, and
* instructs a TLS 1.2 or earlier client to renegotiate
- * parameters (perform a handshake), by sending a
+ * parameters (perform a handshake), by sending a
* hello request message.
*
* If this function succeeds, the calling application
* gnutls_handshake() to negotiate the new
* parameters.
*
- * If the client does not wish to renegotiate parameters he
+ * If the client does not wish to renegotiate parameters he
* may reply with an alert message, and in that case the return code seen
* by subsequent gnutls_record_recv() will be
* %GNUTLS_E_WARNING_ALERT_RECEIVED with the specific alert being
* initializes the TLS session parameters.
*
* The non-fatal errors expected by this function are:
- * %GNUTLS_E_INTERRUPTED, %GNUTLS_E_AGAIN,
+ * %GNUTLS_E_INTERRUPTED, %GNUTLS_E_AGAIN,
* %GNUTLS_E_WARNING_ALERT_RECEIVED. When this function is called
* for re-handshake under TLS 1.2 or earlier, the non-fatal error code
* %GNUTLS_E_GOT_APPLICATION_DATA may also be returned.
}
/*
- * handshake_client
+ * handshake_client
* This function performs the client side of the handshake of the TLS/SSL protocol.
*/
static int handshake_client(gnutls_session_t session)
IMED_RET("recv server kx message", ret, 1);
FALLTHROUGH;
case STATE10:
- /* receive the server certificate request - if any
+ /* receive the server certificate request - if any
*/
if (session->internals.resumed == RESUME_FALSE) /* if we are not resuming */
-/* This function is to be called if the handshake was successfully
+/* This function is to be called if the handshake was successfully
* completed. This sends a Change Cipher Spec packet to the peer.
*/
ssize_t _gnutls_send_change_cipher_spec(gnutls_session_t session, int again)
return 0;
}
-/* This function sends the final handshake packets and initializes connection
+/* This function sends the final handshake packets and initializes connection
*/
static int send_handshake_final(gnutls_session_t session, int init)
{
gnutls_assert();
return ret;
}
- /* Initialize the connection session (start encryption) - in case of client
+ /* Initialize the connection session (start encryption) - in case of client
*/
if (init == TRUE) {
ret = _gnutls_connection_state_init(session);
return 0;
}
-/* This function receives the final handshake packets
+/* This function receives the final handshake packets
* And executes the appropriate function to initialize the
* read session.
*/
};
/**
- * gnutls_record_disable_padding:
+ * gnutls_record_disable_padding:
* @session: is a #gnutls_session_t type.
*
* Used to disabled padding in TLS 1.0 and above. Normally you do not
* Used to set the first argument of the transport function (for push
* and pull callbacks). In berkeley style sockets this function will set the
* connection descriptor.
- *
+ *
**/
void
gnutls_transport_set_ptr(gnutls_session_t session,
* with the descriptor, but requires no casts.
*
* Since: 3.1.9
- *
+ *
**/
void gnutls_transport_set_int(gnutls_session_t session, int fd)
{
* Note that not all implementations will properly terminate a TLS
* connection. Some of them, usually for performance reasons, will
* terminate only the underlying transport layer, and thus not
- * distinguishing between a malicious party prematurely terminating
- * the connection and normal termination.
+ * distinguishing between a malicious party prematurely terminating
+ * the connection and normal termination.
*
* This function may also return %GNUTLS_E_AGAIN or
* %GNUTLS_E_INTERRUPTED; cf. gnutls_record_get_direction().
return 0;
}
-/* Copies the record version into the headers. The
+/* Copies the record version into the headers. The
* version must have 2 bytes at least.
*/
inline static int
/* This function behaves exactly like write(). The only difference is
* that it accepts, the gnutls_session_t and the content_type_t of data to
* send (if called by the user the Content is specific)
- * It is intended to transfer data, under the current session.
+ * It is intended to transfer data, under the current session.
*
* @type: The content type to send
* @htype: If this is a handshake message then the handshake type
} else
send_data_size = data_size;
- /* Only encrypt if we don't have data to send
+ /* Only encrypt if we don't have data to send
* from the previous run. - probably interrupted.
*/
if (mflags != 0
*/
cipher_size = MAX_RECORD_SEND_SIZE(session);
- bufel = _mbuffer_alloc_align16(cipher_size + CIPHER_SLACK_SIZE,
+ bufel = _mbuffer_alloc_align16(cipher_size + CIPHER_SLACK_SIZE,
get_total_headers2(session, record_params));
if (bufel == NULL)
return gnutls_assert_val(GNUTLS_E_MEMORY_ERROR);
* deactivate the async timer */
_dtls_async_timer_delete(session);
} else {
- /* if the expected type is different than the received
+ /* if the expected type is different than the received
*/
switch (recv->type) {
case GNUTLS_ALERT:
*/
if (bufel->msg.data[1] == GNUTLS_A_CLOSE_NOTIFY
&& bufel->msg.data[0] != GNUTLS_AL_FATAL) {
- /* If we have been expecting for an alert do
+ /* If we have been expecting for an alert do
*/
session->internals.read_eof = 1;
ret = GNUTLS_E_SESSION_EOF;
struct tls_record_st *record)
{
- /* Read the first two bytes to determine if this is a
- * version 2 message
+ /* Read the first two bytes to determine if this is a
+ * version 2 message
*/
#ifdef ENABLE_SSL2
&& !(IS_DTLS(session))) {
/* if msb set and expecting handshake message
- * it should be SSL 2 hello
+ * it should be SSL 2 hello
*/
record->version[0] = 3; /* assume SSL 3.0 */
record->version[1] = 0;
}
-static int recv_headers(gnutls_session_t session,
+static int recv_headers(gnutls_session_t session,
record_parameters_st *record_params,
content_type_t type,
gnutls_handshake_description_t htype,
return gnutls_assert_val(ret);
}
- ret = _mbuffer_linearize_align16(&session->internals.record_recv_buffer,
+ ret = _mbuffer_linearize_align16(&session->internals.record_recv_buffer,
get_total_headers2(session, record_params));
if (ret < 0)
return gnutls_assert_val(ret);
}
/* Here we check if the Type of the received packet is
- * ok.
+ * ok.
*/
if ((ret = check_recv_type(session, record->type)) < 0)
return gnutls_assert_val(ret);
/* @ms: is the number of milliseconds to wait for data. Use zero for indefinite.
*
- * This will receive record layer packets and add them to
+ * This will receive record layer packets and add them to
* application_data_buffer and handshake_data_buffer.
*
* If the htype is not -1 then handshake timeouts
/* ok now we are sure that we have read all the data - so
* move on !
*/
- ret = _mbuffer_linearize_align16(&session->internals.record_recv_buffer,
+ ret = _mbuffer_linearize_align16(&session->internals.record_recv_buffer,
get_total_headers2(session, record_params));
if (ret < 0)
return gnutls_assert_val(ret);
(uint8_t *) _mbuffer_get_udata_ptr(bufel) + record.header_size;
ciphertext.size = record.length;
- /* decrypt the data we got.
+ /* decrypt the data we got.
*/
t.data = _mbuffer_get_udata_ptr(decrypted);
t.size = _mbuffer_get_udata_size(decrypted);
goto sanity_check_error;
}
-/* (originally for) TLS 1.0 CBC protection.
+/* (originally for) TLS 1.0 CBC protection.
* Actually this code is called if we just received
* an empty packet. An empty TLS packet is usually
* sent to protect some vulnerabilities in the CBC mode.
* memory copy, and is intended to be used by applications seeking high
* performance.
*
- * The received packet is accessed using gnutls_packet_get() and
+ * The received packet is accessed using gnutls_packet_get() and
* must be deinitialized using gnutls_packet_deinit(). The returned
* packet will be %NULL if the return value is zero (EOF).
*
* Returns: The number of bytes received and zero on EOF (for stream
- * connections). A negative error code is returned in case of an error.
+ * connections). A negative error code is returned in case of an error.
*
* Since: 3.3.5
**/
ssize_t
-gnutls_record_recv_packet(gnutls_session_t session,
+gnutls_record_recv_packet(gnutls_session_t session,
gnutls_packet_t *packet)
{
int ret;
* difference is that it accepts a GnuTLS session, and uses different
* error codes.
* Note that if the send buffer is full, send() will block this
- * function. See the send() documentation for more information.
+ * function. See the send() documentation for more information.
*
* You can replace the default push function which is send(), by using
* gnutls_transport_set_push_function().
*
- * If the EINTR is returned by the internal push function
+ * If the EINTR is returned by the internal push function
* then %GNUTLS_E_INTERRUPTED will be returned. If
* %GNUTLS_E_INTERRUPTED or %GNUTLS_E_AGAIN is returned, you must
* call this function again with the exact same parameters, or provide a
* of retrying, you must call gnutls_record_discard_queued() before
* calling this function with different parameters. Note that the latter
* works only on special transports (e.g., UDP).
- * cf. gnutls_record_get_direction().
+ * cf. gnutls_record_get_direction().
*
* Note that in DTLS this function will return the %GNUTLS_E_LARGE_PACKET
* error code if the send data exceed the data MTU value - as returned
* by gnutls_dtls_get_data_mtu(). The errno value EMSGSIZE
- * also maps to %GNUTLS_E_LARGE_PACKET.
+ * also maps to %GNUTLS_E_LARGE_PACKET.
* Note that since 3.2.13 this function can be called under cork in DTLS
* mode, and will refuse to send data over the MTU size by returning
* %GNUTLS_E_LARGE_PACKET.
* errors will be returned. To obtain the data left in the corked
* buffer use gnutls_record_check_corked().
*
- * Returns: On success the number of transmitted data is returned, or
- * otherwise a negative error code.
+ * Returns: On success the number of transmitted data is returned, or
+ * otherwise a negative error code.
*
* Since: 3.1.9
**/
* gnutls_record_get_direction().
*
* Returns: The number of bytes received and zero on EOF (for stream
- * connections). A negative error code is returned in case of an error.
+ * connections). A negative error code is returned in case of an error.
* The number of bytes received might be less than the requested @data_size.
**/
ssize_t
* This is useful in DTLS where record packets might be received
* out-of-order. The returned 8-byte sequence number is an
* integer in big-endian format and should be
- * treated as a unique message identification.
+ * treated as a unique message identification.
*
* Returns: The number of bytes received and zero on EOF. A negative
* error code is returned in case of an error. The number of bytes
gnutls_datum_t san = { NULL, 0 }, oid = {NULL, 0};
gnutls_x509_aia_t aia;
unsigned int san_type;
-
+
err = gnutls_x509_aia_init(&aia);
if (err < 0)
return;
gnutls_strerror(err));
goto cleanup;
}
-
+
adds(str, "\t\t\t");
_gnutls_buffer_hexprint(str, id.data, id.size);
adds(str, "\n");
char *p;
int err;
gnutls_x509_key_purposes_t purposes;
-
+
err = gnutls_x509_key_purpose_init(&purposes);
if (err < 0) {
addf(str, "error: gnutls_x509_key_purpose_init: %s\n",
* @format: Indicate the format to use
* @out: Newly allocated datum with null terminated string.
*
- * This function will pretty print X.509 certificate extensions,
+ * This function will pretty print X.509 certificate extensions,
* suitable for display to a human.
*
* The output @out needs to be deallocated using gnutls_free().
_gnutls_free_datum(&sp2);
}
- if (empty1 != empty2 ||
+ if (empty1 != empty2 ||
sp1.size != sp2.size || safe_memcmp(sp1.data, sp2.data, sp1.size) != 0) {
gnutls_assert();
ret = GNUTLS_E_CERTIFICATE_ERROR;
* "C=xxxx,O=yyyy,CN=zzzz" as described in RFC4514. The output string
* will be ASCII or UTF-8 encoded, depending on the certificate data.
*
- * If @buf is null then only the size will be filled.
+ * If @buf is null then only the size will be filled.
*
* This function does not output a fully RFC4514 compliant string, if
* that is required see gnutls_x509_crt_get_issuer_dn3().
*
* Returns: %GNUTLS_E_SHORT_MEMORY_BUFFER if the provided buffer is not
* long enough, and in that case the @buf_size will be updated with
- * the required size. %GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE if there
+ * the required size. %GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE if there
* are no data in the current index. On success 0 is returned.
**/
int
*
* Returns: %GNUTLS_E_SHORT_MEMORY_BUFFER if the provided buffer is not
* long enough, and in that case the @buf_size will be updated with
- * the required size. %GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE if there
+ * the required size. %GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE if there
* are no data in the current index. On success 0 is returned.
**/
int
* described in RFC4514. The output string will be ASCII or UTF-8
* encoded, depending on the certificate data.
*
- * If @buf is null then only the size will be filled.
+ * If @buf is null then only the size will be filled.
*
* This function does not output a fully RFC4514 compliant string, if
* that is required see gnutls_x509_crt_get_dn3().
*
* Returns: %GNUTLS_E_SHORT_MEMORY_BUFFER if the provided buffer is not
* long enough, and in that case the @buf_size will be updated with
- * the required size. %GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE if there
+ * the required size. %GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE if there
* are no data in the current index. On success 0 is returned.
**/
int
*
* Returns: %GNUTLS_E_SHORT_MEMORY_BUFFER if the provided buffer is not
* long enough, and in that case the @buf_size will be updated with
- * the required size. %GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE if there
+ * the required size. %GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE if there
* are no data in the current index. On success 0 is returned.
**/
int
* @critical: will be non-zero if the extension is marked as critical (may be null)
*
* This function will return the X.509 authority key
- * identifier when stored as a general name (authorityCertIssuer)
+ * identifier when stored as a general name (authorityCertIssuer)
* and serial number.
*
* Because more than one general names might be stored
- * @seq can be used as a counter to request them all until
+ * @seq can be used as a counter to request them all until
* %GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE is returned.
*
* Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, %GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE
*/
int
_gnutls_parse_general_name2(ASN1_TYPE src, const char *src_name,
- int seq, gnutls_datum_t *dname,
+ int seq, gnutls_datum_t *dname,
unsigned int *ret_type, int othername_oid)
{
int len, ret;
* @policy: A pointer to a policy structure.
* @critical: will be non-zero if the extension is marked as critical
*
- * This function will extract the certificate policy (extension 2.5.29.32)
- * specified by the given index.
+ * This function will extract the certificate policy (extension 2.5.29.32)
+ * specified by the given index.
*
* The policy returned by this function must be deinitialized by using
* gnutls_x509_policy_release().
unsigned int *critical)
{
int ret;
-
+
if (cert == NULL) {
gnutls_assert();
return GNUTLS_E_INVALID_REQUEST;
*
* If the buffer provided is not long enough to hold the output, then
* @oid_size is updated and %GNUTLS_E_SHORT_MEMORY_BUFFER will be
- * returned. The @oid returned will be null terminated, although
+ * returned. The @oid returned will be null terminated, although
* @oid_size will not account for the trailing null (the latter is not
* true for GnuTLS prior to 3.6.0).
*
* @dn: output variable with pointer to uint8_t DN.
*
* Return the Certificate's Subject DN as a %gnutls_x509_dn_t data type,
- * that can be decoded using gnutls_x509_dn_get_rdn_ava().
+ * that can be decoded using gnutls_x509_dn_get_rdn_ava().
*
- * Note that @dn should be treated as constant. Because it points
+ * Note that @dn should be treated as constant. Because it points
* into the @cert object, you should not use @dn after @cert is
* deallocated.
*
* @dn: output variable with pointer to uint8_t DN
*
* Return the Certificate's Issuer DN as a %gnutls_x509_dn_t data type,
- * that can be decoded using gnutls_x509_dn_get_rdn_ava().
+ * that can be decoded using gnutls_x509_dn_get_rdn_ava().
*
- * Note that @dn should be treated as constant. Because it points
+ * Note that @dn should be treated as constant. Because it points
* into the @cert object, you should not use @dn after @cert is
* deallocated.
*
return gnutls_assert_val(ret);
ret = gnutls_pubkey_import_x509(pubkey, crt, 0);
- if (ret < 0) {
+ if (ret < 0) {
gnutls_assert();
goto cleanup;
}
ret = gnutls_pubkey_get_preferred_hash_algorithm(pubkey, hash, mand);
- if (ret < 0) {
+ if (ret < 0) {
gnutls_assert();
goto cleanup;
}
return gnutls_assert_val(ret);
ret = gnutls_pubkey_import_x509(pubkey, crt, 0);
- if (ret < 0) {
+ if (ret < 0) {
gnutls_assert();
goto cleanup;
}
ret = gnutls_pubkey_export_rsa_raw(pubkey, m, e);
- if (ret < 0) {
+ if (ret < 0) {
gnutls_assert();
goto cleanup;
}
return gnutls_assert_val(ret);
ret = gnutls_pubkey_import_x509(pubkey, crt, 0);
- if (ret < 0) {
+ if (ret < 0) {
gnutls_assert();
goto cleanup;
}
ret = gnutls_pubkey_export_ecc_raw(pubkey, curve, x, y);
- if (ret < 0) {
+ if (ret < 0) {
gnutls_assert();
goto cleanup;
}
return gnutls_assert_val(ret);
ret = gnutls_pubkey_import_x509(pubkey, crt, 0);
- if (ret < 0) {
+ if (ret < 0) {
gnutls_assert();
goto cleanup;
}
ret = gnutls_pubkey_export_dsa_raw(pubkey, p, q, g, y);
- if (ret < 0) {
+ if (ret < 0) {
gnutls_assert();
goto cleanup;
}
copied++;
}
- /* now we move ptr after the pem header
+ /* now we move ptr after the pem header
*/
ptr++;
/* find the next certificate (if any)
*
* Note that a simpler API to access the authority info data is provided
* by gnutls_x509_aia_get() and gnutls_x509_ext_import_aia().
- *
+ *
* This function extracts the Authority Information Access (AIA)
* extension, see RFC 5280 section 4.2.2.1 for more information. The
* AIA extension holds a sequence of AccessDescription (AD) data.
*
* If @what is %GNUTLS_IA_URI, @data will hold the accessLocation URI
* data. Requesting this @what value leads to an error if the
- * accessLocation is not of the "uniformResourceIdentifier" type.
+ * accessLocation is not of the "uniformResourceIdentifier" type.
*
* If @what is %GNUTLS_IA_OCSP_URI, @data will hold the OCSP URI.
* Requesting this @what value leads to an error if the accessMethod
* @userdata: data associated with the callback
*
* This function will set a callback function to be used when
- * it is required to access a protected object. This function overrides
+ * it is required to access a protected object. This function overrides
* the global function set using gnutls_pkcs11_set_pin_function().
*
* Note that this callback is currently used only during the import
* This function will verify the given signed data, using the
* parameters from the certificate.
*
- * Returns: In case of a verification failure %GNUTLS_E_PK_SIG_VERIFY_FAILED
+ * Returns: In case of a verification failure %GNUTLS_E_PK_SIG_VERIFY_FAILED
* is returned, %GNUTLS_E_EXPIRED or %GNUTLS_E_NOT_YET_ACTIVATED on expired
* or not yet activated certificate and zero or positive code on success.
*
* This function will verify the given signed data, using the
* parameters from the certificate.
*
- * Returns: In case of a verification failure %GNUTLS_E_PK_SIG_VERIFY_FAILED
+ * Returns: In case of a verification failure %GNUTLS_E_PK_SIG_VERIFY_FAILED
* is returned, %GNUTLS_E_EXPIRED or %GNUTLS_E_NOT_YET_ACTIVATED on expired
* or not yet activated certificate and zero or positive code on success.
*
projects / thirdparty / gnutls.git / commitdiff
