| blob | 9c0eed95b0a341a6849ea9a4487200879c202c81 |
1 /*
2 * Copyright (C) 2004-2012 Free Software Foundation, Inc.
3 *
4 * Author: Nikos Mavrogiannopoulos
5 *
6 * This file is part of GnuTLS.
7 *
8 * The GnuTLS is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU Lesser General Public License
10 * as published by the Free Software Foundation; either version 3 of
11 * the License, or (at your option) any later version.
12 *
13 * This library is distributed in the hope that it will be useful, but
14 * WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 * Lesser General Public License for more details.
17 *
18 * You should have received a copy of the GNU Lesser General Public License
19 * along with this program. If not, see <http://www.gnu.org/licenses/>
20 *
21 */
23 /* Here lies the code of the gnutls_*_set_priority() functions.
24 */
29 #include <gnutls_num.h>
31 static void
36 /**
37 * gnutls_cipher_set_priority:
38 * @session: is a #gnutls_session_t structure.
39 * @list: is a 0 terminated list of gnutls_cipher_algorithm_t elements.
40 *
41 * Sets the priority on the ciphers supported by gnutls. Priority is
42 * higher for elements specified before others. After specifying the
43 * ciphers you want, you must append a 0. Note that the priority is
44 * set on the client. The server does not use the algorithm's
45 * priority except for disabling algorithms that were not specified.
46 *
47 * Returns: %GNUTLS_E_SUCCESS (0) on success, or a negative error code.
48 **/
49 int
51 {
55 num++;
61 {
63 }
66 }
72 {
76 num++;
82 {
84 }
87 }
91 {
97 {
99 {
101 }
104 {
106 {
107 num++;
109 }
110 }
114 num++;
115 }
118 }
120 static void
122 {
124 }
126 /**
127 * gnutls_kx_set_priority:
128 * @session: is a #gnutls_session_t structure.
129 * @list: is a 0 terminated list of gnutls_kx_algorithm_t elements.
130 *
131 * Sets the priority on the key exchange algorithms supported by
132 * gnutls. Priority is higher for elements specified before others.
133 * After specifying the algorithms you want, you must append a 0.
134 * Note that the priority is set on the client. The server does not
135 * use the algorithm's priority except for disabling algorithms that
136 * were not specified.
137 *
138 * Returns: %GNUTLS_E_SUCCESS on success, or an error code.
139 **/
140 int
142 {
145 }
147 /**
148 * gnutls_mac_set_priority:
149 * @session: is a #gnutls_session_t structure.
150 * @list: is a 0 terminated list of gnutls_mac_algorithm_t elements.
151 *
152 * Sets the priority on the mac algorithms supported by gnutls.
153 * Priority is higher for elements specified before others. After
154 * specifying the algorithms you want, you must append a 0. Note
155 * that the priority is set on the client. The server does not use
156 * the algorithm's priority except for disabling algorithms that were
157 * not specified.
158 *
159 * Returns: %GNUTLS_E_SUCCESS on success, or an error code.
160 **/
161 int
163 {
166 }
168 /**
169 * gnutls_compression_set_priority:
170 * @session: is a #gnutls_session_t structure.
171 * @list: is a 0 terminated list of gnutls_compression_method_t elements.
172 *
173 * Sets the priority on the compression algorithms supported by
174 * gnutls. Priority is higher for elements specified before others.
175 * After specifying the algorithms you want, you must append a 0.
176 * Note that the priority is set on the client. The server does not
177 * use the algorithm's priority except for disabling algorithms that
178 * were not specified.
179 *
180 * TLS 1.0 does not define any compression algorithms except
181 * NULL. Other compression algorithms are to be considered as gnutls
182 * extensions.
183 *
184 * Returns: %GNUTLS_E_SUCCESS on success, or an error code.
185 **/
186 int
188 {
191 }
193 /**
194 * gnutls_protocol_set_priority:
195 * @session: is a #gnutls_session_t structure.
196 * @list: is a 0 terminated list of gnutls_protocol_t elements.
197 *
198 * Sets the priority on the protocol versions supported by gnutls.
199 * This function actually enables or disables protocols. Newer protocol
200 * versions always have highest priority.
201 *
202 * Returns: %GNUTLS_E_SUCCESS on success, or an error code.
203 **/
204 int
206 {
209 /* set the current version to the first in the chain.
210 * This will be overridden later.
211 */
216 }
218 /**
219 * gnutls_certificate_type_set_priority:
220 * @session: is a #gnutls_session_t structure.
221 * @list: is a 0 terminated list of gnutls_certificate_type_t elements.
222 *
223 * Sets the priority on the certificate types supported by gnutls.
224 * Priority is higher for elements specified before others.
225 * After specifying the types you want, you must append a 0.
226 * Note that the certificate type priority is set on the client.
227 * The server does not use the cert type priority except for disabling
228 * types that were not specified.
229 *
230 * Returns: %GNUTLS_E_SUCCESS on success, or an error code.
231 **/
232 int
235 {
236 #ifdef ENABLE_OPENPGP
239 #else
243 #endif
244 }
247 GNUTLS_ECC_CURVE_SECP192R1,
248 GNUTLS_ECC_CURVE_SECP224R1,
249 GNUTLS_ECC_CURVE_SECP256R1,
250 GNUTLS_ECC_CURVE_SECP384R1,
251 GNUTLS_ECC_CURVE_SECP521R1,
252 0
253 };
256 GNUTLS_ECC_CURVE_SECP256R1,
257 GNUTLS_ECC_CURVE_SECP384R1,
258 GNUTLS_ECC_CURVE_SECP521R1,
259 0
260 };
263 GNUTLS_ECC_CURVE_SECP256R1,
264 GNUTLS_ECC_CURVE_SECP384R1,
265 0
266 };
269 GNUTLS_ECC_CURVE_SECP384R1,
270 0
271 };
274 GNUTLS_ECC_CURVE_SECP384R1,
275 GNUTLS_ECC_CURVE_SECP521R1,
276 0
277 };
280 GNUTLS_TLS1_2,
281 GNUTLS_TLS1_1,
282 GNUTLS_TLS1_0,
283 GNUTLS_SSL3,
284 GNUTLS_DTLS1_0,
285 0
286 };
289 GNUTLS_TLS1_2,
290 0
291 };
294 GNUTLS_KX_RSA,
295 GNUTLS_KX_ECDHE_ECDSA,
296 GNUTLS_KX_ECDHE_RSA,
297 GNUTLS_KX_DHE_RSA,
298 GNUTLS_KX_DHE_DSS,
299 0
300 };
303 GNUTLS_KX_ECDHE_ECDSA,
304 0
305 };
308 GNUTLS_KX_RSA,
309 GNUTLS_KX_ECDHE_ECDSA,
310 GNUTLS_KX_ECDHE_RSA,
311 GNUTLS_KX_DHE_RSA,
312 GNUTLS_KX_DHE_DSS,
313 GNUTLS_KX_RSA_EXPORT,
314 0
315 };
318 /* The ciphersuites that offer forward secrecy take
319 * precedence
320 */
321 GNUTLS_KX_ECDHE_ECDSA,
322 GNUTLS_KX_ECDHE_RSA,
323 GNUTLS_KX_DHE_RSA,
324 GNUTLS_KX_DHE_DSS,
325 GNUTLS_KX_RSA,
326 /* GNUTLS_KX_ANON_DH: Man-in-the-middle prone, don't add!
327 * GNUTLS_KX_RSA_EXPORT: Deprecated, don't add!
328 */
329 0
330 };
333 GNUTLS_CIPHER_ARCFOUR_128,
334 GNUTLS_CIPHER_AES_128_CBC,
335 GNUTLS_CIPHER_CAMELLIA_128_CBC,
336 GNUTLS_CIPHER_AES_256_CBC,
337 GNUTLS_CIPHER_CAMELLIA_256_CBC,
338 GNUTLS_CIPHER_3DES_CBC,
339 GNUTLS_CIPHER_AES_128_GCM,
340 GNUTLS_CIPHER_AES_256_GCM,
341 0
342 };
344 /* If GCM and AES acceleration is available then prefer
345 * them over anything else.
346 */
348 GNUTLS_CIPHER_AES_128_GCM,
349 GNUTLS_CIPHER_AES_128_CBC,
350 GNUTLS_CIPHER_AES_256_GCM,
351 GNUTLS_CIPHER_AES_256_CBC,
352 GNUTLS_CIPHER_ARCFOUR_128,
353 GNUTLS_CIPHER_CAMELLIA_128_CBC,
354 GNUTLS_CIPHER_CAMELLIA_256_CBC,
355 GNUTLS_CIPHER_3DES_CBC,
356 0
357 };
360 GNUTLS_CIPHER_AES_128_CBC,
361 GNUTLS_CIPHER_CAMELLIA_128_CBC,
362 GNUTLS_CIPHER_AES_128_GCM,
363 GNUTLS_CIPHER_AES_256_CBC,
364 GNUTLS_CIPHER_CAMELLIA_256_CBC,
365 GNUTLS_CIPHER_AES_256_GCM,
366 GNUTLS_CIPHER_3DES_CBC,
367 GNUTLS_CIPHER_ARCFOUR_128,
368 0
369 };
372 GNUTLS_CIPHER_AES_128_GCM,
373 GNUTLS_CIPHER_AES_128_CBC,
374 GNUTLS_CIPHER_AES_256_GCM,
375 GNUTLS_CIPHER_AES_256_CBC,
376 GNUTLS_CIPHER_CAMELLIA_128_CBC,
377 GNUTLS_CIPHER_CAMELLIA_256_CBC,
378 GNUTLS_CIPHER_3DES_CBC,
379 GNUTLS_CIPHER_ARCFOUR_128,
380 0
381 };
388 GNUTLS_CIPHER_AES_128_GCM,
389 GNUTLS_CIPHER_AES_256_GCM,
390 0
391 };
394 GNUTLS_CIPHER_AES_256_GCM,
395 0
396 };
400 GNUTLS_CIPHER_AES_128_CBC,
401 GNUTLS_CIPHER_CAMELLIA_128_CBC,
402 GNUTLS_CIPHER_AES_128_GCM,
403 GNUTLS_CIPHER_AES_256_CBC,
404 GNUTLS_CIPHER_CAMELLIA_256_CBC,
405 GNUTLS_CIPHER_AES_256_GCM,
406 0
407 };
411 GNUTLS_CIPHER_AES_256_CBC,
412 GNUTLS_CIPHER_CAMELLIA_256_CBC,
413 GNUTLS_CIPHER_AES_256_GCM,
414 0
415 };
417 /* The same as cipher_priority_security_normal + arcfour-40. */
419 GNUTLS_CIPHER_AES_128_CBC,
420 GNUTLS_CIPHER_AES_256_CBC,
421 GNUTLS_CIPHER_CAMELLIA_128_CBC,
422 GNUTLS_CIPHER_CAMELLIA_256_CBC,
423 GNUTLS_CIPHER_AES_128_GCM,
424 GNUTLS_CIPHER_3DES_CBC,
425 GNUTLS_CIPHER_ARCFOUR_128,
426 GNUTLS_CIPHER_ARCFOUR_40,
427 0
428 };
431 /* compression should be explicitly requested to be enabled */
432 GNUTLS_COMP_NULL,
433 0
434 };
437 GNUTLS_SIGN_RSA_SHA256,
438 GNUTLS_SIGN_DSA_SHA256,
439 GNUTLS_SIGN_ECDSA_SHA256,
441 GNUTLS_SIGN_RSA_SHA384,
442 GNUTLS_SIGN_ECDSA_SHA384,
444 GNUTLS_SIGN_RSA_SHA512,
445 GNUTLS_SIGN_ECDSA_SHA512,
447 GNUTLS_SIGN_RSA_SHA224,
448 GNUTLS_SIGN_DSA_SHA224,
449 GNUTLS_SIGN_ECDSA_SHA224,
451 GNUTLS_SIGN_RSA_SHA1,
452 GNUTLS_SIGN_DSA_SHA1,
453 GNUTLS_SIGN_ECDSA_SHA1,
454 0
455 };
458 GNUTLS_SIGN_ECDSA_SHA256,
459 GNUTLS_SIGN_ECDSA_SHA384,
460 0
461 };
464 GNUTLS_SIGN_ECDSA_SHA384,
465 0
466 };
469 GNUTLS_SIGN_RSA_SHA256,
470 GNUTLS_SIGN_DSA_SHA256,
471 GNUTLS_SIGN_ECDSA_SHA256,
472 GNUTLS_SIGN_RSA_SHA384,
473 GNUTLS_SIGN_ECDSA_SHA384,
474 GNUTLS_SIGN_RSA_SHA512,
475 GNUTLS_SIGN_ECDSA_SHA512,
476 0
477 };
480 GNUTLS_SIGN_RSA_SHA384,
481 GNUTLS_SIGN_ECDSA_SHA384,
482 GNUTLS_SIGN_RSA_SHA512,
483 GNUTLS_SIGN_ECDSA_SHA512,
484 0
485 };
488 GNUTLS_MAC_SHA1,
489 GNUTLS_MAC_SHA256,
490 GNUTLS_MAC_SHA384,
491 GNUTLS_MAC_AEAD,
492 GNUTLS_MAC_MD5,
493 0
494 };
497 GNUTLS_MAC_AEAD,
498 0
499 };
502 GNUTLS_MAC_AEAD,
503 0
504 };
507 GNUTLS_MAC_SHA1,
508 GNUTLS_MAC_SHA256,
509 GNUTLS_MAC_SHA384,
510 GNUTLS_MAC_AEAD,
511 0
512 };
515 GNUTLS_MAC_SHA256,
516 GNUTLS_MAC_SHA384,
517 GNUTLS_MAC_AEAD,
518 0
519 };
522 GNUTLS_CRT_X509,
523 0
524 };
527 GNUTLS_CRT_X509,
528 GNUTLS_CRT_OPENPGP,
529 0
530 };
534 static void
536 {
541 {
544 i++;
545 }
548 {
552 }
555 }
557 static void
559 {
562 {
565 i++;
566 }
569 {
572 }
575 }
578 /**
579 * gnutls_priority_set:
580 * @session: is a #gnutls_session_t structure.
581 * @priority: is a #gnutls_priority_t structure.
582 *
583 * Sets the priorities to use on the ciphers, key exchange methods,
584 * macs and compression methods.
585 *
586 * Returns: %GNUTLS_E_SUCCESS on success, or an error code.
587 **/
588 int
590 {
592 {
595 }
600 /* set the current version to the first in the chain.
601 * This will be overridden later.
602 */
616 }
619 #define MAX_ELEMENTS 48
631 static
633 {
640 {
642 cipher_priority_performance);
646 sign_priority_default);
649 }
651 {
656 sign_priority_default);
659 }
662 {
664 cipher_priority_secure192);
668 sign_priority_secure192);
671 }
674 {
676 cipher_priority_secure128);
680 sign_priority_secure128);
683 }
685 {
688 cipher_priority_suiteb128);
692 sign_priority_suiteb128);
695 }
697 {
700 cipher_priority_suiteb192);
704 sign_priority_suiteb192);
707 }
709 {
714 sign_priority_default);
717 }
719 }
721 /**
722 * gnutls_priority_init:
723 * @priority_cache: is a #gnutls_prioritity_t structure.
724 * @priorities: is a string describing priorities
725 * @err_pos: In case of an error this will have the position in the string the error occured
726 *
727 * Sets priorities for the ciphers, key exchange methods, macs and
728 * compression methods.
729 *
730 * The #priorities option allows you to specify a colon
731 * separated list of the cipher priorities to enable.
732 * Some keywords are defined to provide quick access
733 * to common preferences.
734 *
735 * "PERFORMANCE" means all the "secure" ciphersuites are enabled,
736 * limited to 128 bit ciphers and sorted by terms of speed
737 * performance.
738 *
739 * "NORMAL" means all "secure" ciphersuites. The 256-bit ciphers are
740 * included as a fallback only. The ciphers are sorted by security
741 * margin.
742 *
743 * "SECURE128" means all "secure" ciphersuites of security level 128-bit
744 * or more.
745 *
746 * "SECURE192" means all "secure" ciphersuites of security level 192-bit
747 * or more.
748 *
749 * "SUITEB128" means all the NSA SuiteB ciphersuites with security level
750 * of 128.
751 *
752 * "SUITEB192" means all the NSA SuiteB ciphersuites with security level
753 * of 192.
754 *
755 * "EXPORT" means all ciphersuites are enabled, including the
756 * low-security 40 bit ciphers.
757 *
758 * "NONE" means nothing is enabled. This disables even protocols and
759 * compression methods.
760 *
761 * Special keywords are "!", "-" and "+".
762 * "!" or "-" appended with an algorithm will remove this algorithm.
763 * "+" appended with an algorithm will add this algorithm.
764 *
765 * Check the GnuTLS manual section "Priority strings" for detailed
766 * information.
767 *
768 * Examples:
769 *
770 * "NONE:+VERS-TLS-ALL:+MAC-ALL:+RSA:+AES-128-CBC:+SIGN-ALL:+COMP-NULL"
771 *
772 * "NORMAL:-ARCFOUR-128" means normal ciphers except for ARCFOUR-128.
773 *
774 * "SECURE:-VERS-SSL3.0:+COMP-DEFLATE" means that only secure ciphers are
775 * enabled, SSL3.0 is disabled, and libz compression enabled.
776 *
777 * "NONE:+VERS-TLS-ALL:+AES-128-CBC:+RSA:+SHA1:+COMP-NULL:+SIGN-RSA-SHA1",
778 *
779 * "NONE:+VERS-TLS-ALL:+AES-128-CBC:+ECDHE-RSA:+SHA1:+COMP-NULL:+SIGN-RSA-SHA1:+CURVE-SECP256R1",
780 *
781 * "SECURE256:+SECURE128",
782 *
783 * Note that "NORMAL:%COMPAT" is the most compatible mode.
784 *
785 * Returns: On syntax error %GNUTLS_E_INVALID_REQUEST is returned,
786 * %GNUTLS_E_SUCCESS on success, or an error code.
787 **/
788 int
791 {
801 {
804 }
806 /* for now unsafe renegotiation is default on everyone. To be removed
807 * when we make it the default.
808 */
817 {
820 }
823 /* This is our default set of protocol version, certificate types and
824 * compression methods.
825 */
827 {
834 }
835 else
836 {
838 }
841 {
843 {
845 }
848 {
850 {
853 }
854 else
855 {
858 }
861 {
863 }
868 GNUTLS_CIPHER_UNKNOWN)
871 GNUTLS_KX_UNKNOWN)
874 {
876 {
878 protocol_priority);
879 }
880 else
881 {
884 GNUTLS_VERSION_UNKNOWN)
886 else
889 }
892 {
894 {
896 comp_priority);
897 }
898 else
899 {
902 GNUTLS_COMP_UNKNOWN)
904 else
906 }
909 {
911 {
913 supported_ecc_normal);
914 }
915 else
916 {
919 GNUTLS_ECC_CURVE_INVALID)
921 else
923 }
926 {
928 {
930 cert_type_priority_all);
931 }
932 else
933 {
936 GNUTLS_CRT_UNKNOWN)
938 else
940 }
943 {
945 {
947 sign_priority_default);
948 }
949 else
950 {
953 GNUTLS_SIGN_UNKNOWN)
955 else
957 }
958 }
960 {
962 mac_priority_normal);
963 }
965 {
967 cipher_priority_normal);
968 }
970 {
972 kx_priority_secure);
973 }
974 else
976 }
978 {
980 {
982 }
984 {
986 }
988 {
990 }
993 {
996 GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD5;
997 }
1007 GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT;
1010 {
1012 }
1014 {
1016 }
1019 {
1021 }
1024 {
1026 }
1029 {
1031 }
1032 else
1034 }
1035 else
1037 }
1042 error:
1044 {
1047 {
1049 }
1050 }
1056 }
1058 /**
1059 * gnutls_priority_deinit:
1060 * @priority_cache: is a #gnutls_prioritity_t structure.
1061 *
1062 * Deinitializes the priority cache.
1063 **/
1064 void
1066 {
1068 }
1071 /**
1072 * gnutls_priority_set_direct:
1073 * @session: is a #gnutls_session_t structure.
1074 * @priorities: is a string describing priorities
1075 * @err_pos: In case of an error this will have the position in the string the error occured
1076 *
1077 * Sets the priorities to use on the ciphers, key exchange methods,
1078 * macs and compression methods. This function avoids keeping a
1079 * priority cache and is used to directly set string priorities to a
1080 * TLS session. For documentation check the gnutls_priority_init().
1081 *
1082 * Returns: On syntax error %GNUTLS_E_INVALID_REQUEST is returned,
1083 * %GNUTLS_E_SUCCESS on success, or an error code.
1084 **/
1085 int
1088 {
1089 gnutls_priority_t prio;
1094 {
1097 }
1101 {
1104 }
1109 }
1111 /* Breaks a list of "xxx", "yyy", to a character array, of
1112 * MAX_COMMA_SEP_ELEMENTS size; Note that the given string is modified.
1113 */
1114 static void
1118 {
1125 do
1126 {
1133 {
1136 * space.
1137 */
1139 p++;
1140 }
1141 }
1143 }
1145 /**
1146 * gnutls_set_default_priority:
1147 * @session: is a #gnutls_session_t structure.
1148 *
1149 * Sets some default priority on the ciphers, key exchange methods,
1150 * macs and compression methods.
1151 *
1152 * This is the same as calling:
1153 *
1154 * gnutls_priority_set_direct (session, "NORMAL", NULL);
1155 *
1156 * This function is kept around for backwards compatibility, but
1157 * because of its wide use it is still fully supported. If you wish
1158 * to allow users to provide a string that specify which ciphers to
1159 * use (which is recommended), you should use
1160 * gnutls_priority_set_direct() or gnutls_priority_set() instead.
1161 *
1162 * Returns: %GNUTLS_E_SUCCESS on success, or an error code.
1163 **/
1164 int
1166 {
1168 }
1170 /**
1171 * gnutls_set_default_export_priority:
1172 * @session: is a #gnutls_session_t structure.
1173 *
1174 * Sets some default priority on the ciphers, key exchange methods, macs
1175 * and compression methods. This function also includes weak algorithms.
1176 *
1177 * This is the same as calling:
1178 *
1179 * gnutls_priority_set_direct (session, "EXPORT", NULL);
1180 *
1181 * This function is kept around for backwards compatibility, but
1182 * because of its wide use it is still fully supported. If you wish
1183 * to allow users to provide a string that specify which ciphers to
1184 * use (which is recommended), you should use
1185 * gnutls_priority_set_direct() or gnutls_priority_set() instead.
1186 *
1187 * Returns: %GNUTLS_E_SUCCESS on success, or an error code.
1188 **/
1189 int
1191 {
1193 }
1195 /* Increases the priority of AES-GCM as it is much faster
1196 * than anything else if hardware support is there.
1197 */
1199 {
1202 }
1204 /**
1205 * gnutls_priority_ecc_curve_list:
1206 * @pcache: is a #gnutls_prioritity_t structure.
1207 * @list: will point to an integer list
1208 *
1209 * Get a list of available elliptic curves in the priority
1210 * structure.
1211 *
1212 * Returns: the number of curves, or an error code.
1213 * Since: 3.0
1214 **/
1215 int
1217 {
1223 }
1225 /**
1226 * gnutls_priority_compression_list:
1227 * @pcache: is a #gnutls_prioritity_t structure.
1228 * @list: will point to an integer list
1229 *
1230 * Get a list of available compression method in the priority
1231 * structure.
1232 *
1233 * Returns: the number of methods, or an error code.
1234 * Since: 3.0
1235 **/
1236 int
1238 {
1244 }
1246 /**
1247 * gnutls_priority_protocol_list:
1248 * @pcache: is a #gnutls_prioritity_t structure.
1249 * @list: will point to an integer list
1250 *
1251 * Get a list of available TLS version numbers in the priority
1252 * structure.
1253 *
1254 * Returns: the number of protocols, or an error code.
1255 * Since: 3.0
1256 **/
1257 int
1259 {
1265 }
1267 /**
1268 * gnutls_priority_sign_list:
1269 * @pcache: is a #gnutls_prioritity_t structure.
1270 * @list: will point to an integer list
1271 *
1272 * Get a list of available signature algorithms in the priority
1273 * structure.
1274 *
1275 * Returns: the number of algorithms, or an error code.
1276 * Since: 3.0
1277 **/
1278 int
1280 {
1286 }
1288 /**
1289 * gnutls_priority_certificate_type_list:
1290 * @pcache: is a #gnutls_prioritity_t structure.
1291 * @list: will point to an integer list
1292 *
1293 * Get a list of available certificate types in the priority
1294 * structure.
1295 *
1296 * Returns: the number of certificate types, or an error code.
1297 * Since: 3.0
1298 **/
1299 int
1301 {
1307 }