Skip to content
Permalink
Browse files

gnutls_init(): refer to gnutls_init_flags_t for the documentation of …

…available flags
  • Loading branch information...
nmav committed Apr 2, 2016
1 parent 2185676 commit f07542836648a3149880505a45b099aef74a8b02
Showing with 28 additions and 27 deletions.
  1. +27 −21 lib/includes/gnutls/gnutls.h.in
  2. +1 −6 lib/state.c
@@ -342,27 +342,33 @@ typedef enum {
GNUTLS_COMP_ZLIB = GNUTLS_COMP_DEFLATE
} gnutls_compression_method_t;

/*
* Flags for gnutls_init()
*
* @GNUTLS_SERVER: Connection end is a server.
* @GNUTLS_CLIENT: Connection end is a client.
* @GNUTLS_DATAGRAM: Connection is datagram oriented (DTLS).
* @GNUTLS_NONBLOCK: Connection should not block.
* @GNUTLS_NO_SIGNAL: In systems where SIGPIPE is delivered on send, it will be disabled. That flag has effect in systems which support the MSG_NOSIGNAL sockets flag.
* @GNUTLS_NO_EXTENSIONS: Do not enable any TLS extensions by default.
* @GNUTLS_NO_REPLAY_PROTECTION: Disable any replay protection in DTLS.
* @GNUTLS_ALLOW_CERT_CHANGE: Allow the peer to replace its certificate during a rehandshake. This change is often used in attacks and thus prohibited by default.
*
*/
#define GNUTLS_SERVER 1
#define GNUTLS_CLIENT (1<<1)
#define GNUTLS_DATAGRAM (1<<2)
#define GNUTLS_NONBLOCK (1<<3)
#define GNUTLS_NO_EXTENSIONS (1<<4)
#define GNUTLS_NO_REPLAY_PROTECTION (1<<5)
#define GNUTLS_NO_SIGNAL (1<<6)
#define GNUTLS_ALLOW_CERT_CHANGE (1<<7)

/**
* gnutls_init_flags_t:
*
* @GNUTLS_SERVER: Connection end is a server.
* @GNUTLS_CLIENT: Connection end is a client.
* @GNUTLS_DATAGRAM: Connection is datagram oriented (DTLS).
* @GNUTLS_NONBLOCK: Connection should not block.
* @GNUTLS_NO_SIGNAL: In systems where SIGPIPE is delivered on send, it will be disabled. That flag has effect in systems which support the MSG_NOSIGNAL sockets flag (since 3.4.2).
* @GNUTLS_NO_EXTENSIONS: Do not enable any TLS extensions by default (since 3.1.2).
* @GNUTLS_NO_REPLAY_PROTECTION: Disable any replay protection in DTLS. This must only be used if replay protection is achieved using other means.
* @GNUTLS_ALLOW_CERT_CHANGE: Allow the peer to replace its certificate during a rehandshake. This change is often used in attacks and thus prohibited by default (since 3.5.0).
*
* Enumeration of different flags for gnutls_init() function. All the flags
* can be combined except @GNUTLS_SERVER and @GNUTLS_CLIENT which are mutually
* exclusive.
*/
typedef enum {
GNUTLS_SERVER = 1,
GNUTLS_CLIENT = (1<<1),
GNUTLS_DATAGRAM = (1<<2),
GNUTLS_NONBLOCK = (1<<3),
GNUTLS_NO_EXTENSIONS = (1<<4),
GNUTLS_NO_REPLAY_PROTECTION = (1<<5),
GNUTLS_NO_SIGNAL = (1<<6),
GNUTLS_ALLOW_CERT_CHANGE = (1<<7)
} gnutls_init_flags_t;

/**
* gnutls_alert_level_t:
@@ -318,12 +318,7 @@ void _gnutls_handshake_internal_state_clear(gnutls_session_t session)
* be allocated. This function allocates structures which can only
* be free'd by calling gnutls_deinit(). Returns %GNUTLS_E_SUCCESS (0) on success.
*
* @flags can be one of %GNUTLS_CLIENT, %GNUTLS_SERVER, %GNUTLS_DATAGRAM,
* %GNUTLS_NONBLOCK or %GNUTLS_NOSIGNAL (since 3.4.2).
*
* The flag %GNUTLS_NO_REPLAY_PROTECTION will disable any
* replay protection in DTLS mode. That must only used when
* replay protection is achieved using other means.
* @flags can be any of %gnutls_init_flags_t.
*
* Note that since version 3.1.2 this function enables some common
* TLS extensions such as session tickets and OCSP certificate status

0 comments on commit f075428

Please sign in to comment.
You can’t perform that action at this time.