| blob | b6649ca6705cf113b84444fbffa527259c4a7ad4 |
1 /*
2 * Copyright (C) 2004-2012 Free Software Foundation, Inc.
3 *
4 * Author: Nikos Mavrogiannopoulos
5 *
6 * This file is part of GnuTLS.
7 *
8 * The GnuTLS is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU Lesser General Public License
10 * as published by the Free Software Foundation; either version 3 of
11 * the License, or (at your option) any later version.
12 *
13 * This library is distributed in the hope that it will be useful, but
14 * WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 * Lesser General Public License for more details.
17 *
18 * You should have received a copy of the GNU Lesser General Public License
19 * along with this program. If not, see <http://www.gnu.org/licenses/>
20 *
21 */
23 /* Here lies the code of the gnutls_*_set_priority() functions.
24 */
29 #include <gnutls_num.h>
31 static void
36 /**
37 * gnutls_cipher_set_priority:
38 * @session: is a #gnutls_session_t structure.
39 * @list: is a 0 terminated list of gnutls_cipher_algorithm_t elements.
40 *
41 * Sets the priority on the ciphers supported by gnutls. Priority is
42 * higher for elements specified before others. After specifying the
43 * ciphers you want, you must append a 0. Note that the priority is
44 * set on the client. The server does not use the algorithm's
45 * priority except for disabling algorithms that were not specified.
46 *
47 * Returns: %GNUTLS_E_SUCCESS (0) on success, or a negative error code.
48 **/
49 int
51 {
55 num++;
61 {
63 }
66 }
72 {
76 num++;
82 {
84 }
87 }
91 {
97 {
99 {
101 }
104 {
106 {
107 num++;
109 }
110 }
114 num++;
115 }
118 }
120 static void
122 {
124 }
126 /**
127 * gnutls_kx_set_priority:
128 * @session: is a #gnutls_session_t structure.
129 * @list: is a 0 terminated list of gnutls_kx_algorithm_t elements.
130 *
131 * Sets the priority on the key exchange algorithms supported by
132 * gnutls. Priority is higher for elements specified before others.
133 * After specifying the algorithms you want, you must append a 0.
134 * Note that the priority is set on the client. The server does not
135 * use the algorithm's priority except for disabling algorithms that
136 * were not specified.
137 *
138 * Returns: %GNUTLS_E_SUCCESS on success, or an error code.
139 **/
140 int
142 {
145 }
147 /**
148 * gnutls_mac_set_priority:
149 * @session: is a #gnutls_session_t structure.
150 * @list: is a 0 terminated list of gnutls_mac_algorithm_t elements.
151 *
152 * Sets the priority on the mac algorithms supported by gnutls.
153 * Priority is higher for elements specified before others. After
154 * specifying the algorithms you want, you must append a 0. Note
155 * that the priority is set on the client. The server does not use
156 * the algorithm's priority except for disabling algorithms that were
157 * not specified.
158 *
159 * Returns: %GNUTLS_E_SUCCESS on success, or an error code.
160 **/
161 int
163 {
166 }
168 /**
169 * gnutls_compression_set_priority:
170 * @session: is a #gnutls_session_t structure.
171 * @list: is a 0 terminated list of gnutls_compression_method_t elements.
172 *
173 * Sets the priority on the compression algorithms supported by
174 * gnutls. Priority is higher for elements specified before others.
175 * After specifying the algorithms you want, you must append a 0.
176 * Note that the priority is set on the client. The server does not
177 * use the algorithm's priority except for disabling algorithms that
178 * were not specified.
179 *
180 * TLS 1.0 does not define any compression algorithms except
181 * NULL. Other compression algorithms are to be considered as gnutls
182 * extensions.
183 *
184 * Returns: %GNUTLS_E_SUCCESS on success, or an error code.
185 **/
186 int
188 {
191 }
193 /**
194 * gnutls_protocol_set_priority:
195 * @session: is a #gnutls_session_t structure.
196 * @list: is a 0 terminated list of gnutls_protocol_t elements.
197 *
198 * Sets the priority on the protocol versions supported by gnutls.
199 * This function actually enables or disables protocols. Newer protocol
200 * versions always have highest priority.
201 *
202 * Returns: %GNUTLS_E_SUCCESS on success, or an error code.
203 **/
204 int
206 {
209 /* set the current version to the first in the chain.
210 * This will be overridden later.
211 */
216 }
218 /**
219 * gnutls_certificate_type_set_priority:
220 * @session: is a #gnutls_session_t structure.
221 * @list: is a 0 terminated list of gnutls_certificate_type_t elements.
222 *
223 * Sets the priority on the certificate types supported by gnutls.
224 * Priority is higher for elements specified before others.
225 * After specifying the types you want, you must append a 0.
226 * Note that the certificate type priority is set on the client.
227 * The server does not use the cert type priority except for disabling
228 * types that were not specified.
229 *
230 * Returns: %GNUTLS_E_SUCCESS on success, or an error code.
231 **/
232 int
235 {
236 #ifdef ENABLE_OPENPGP
239 #else
243 #endif
244 }
247 GNUTLS_ECC_CURVE_SECP192R1,
248 GNUTLS_ECC_CURVE_SECP224R1,
249 GNUTLS_ECC_CURVE_SECP256R1,
250 GNUTLS_ECC_CURVE_SECP384R1,
251 GNUTLS_ECC_CURVE_SECP521R1,
252 0
253 };
256 GNUTLS_ECC_CURVE_SECP256R1,
257 GNUTLS_ECC_CURVE_SECP384R1,
258 GNUTLS_ECC_CURVE_SECP521R1,
259 0
260 };
263 GNUTLS_ECC_CURVE_SECP256R1,
264 GNUTLS_ECC_CURVE_SECP384R1,
265 0
266 };
269 GNUTLS_ECC_CURVE_SECP384R1,
270 0
271 };
274 GNUTLS_ECC_CURVE_SECP384R1,
275 GNUTLS_ECC_CURVE_SECP521R1,
276 0
277 };
280 GNUTLS_TLS1_2,
281 GNUTLS_TLS1_1,
282 GNUTLS_TLS1_0,
283 GNUTLS_SSL3,
284 GNUTLS_DTLS1_0,
285 0
286 };
289 GNUTLS_TLS1_2,
290 0
291 };
294 GNUTLS_KX_RSA,
295 GNUTLS_KX_ECDHE_ECDSA,
296 GNUTLS_KX_ECDHE_RSA,
297 GNUTLS_KX_DHE_RSA,
298 GNUTLS_KX_DHE_DSS,
299 0
300 };
303 GNUTLS_KX_ECDHE_ECDSA,
304 0
305 };
308 GNUTLS_KX_RSA,
309 GNUTLS_KX_ECDHE_ECDSA,
310 GNUTLS_KX_ECDHE_RSA,
311 GNUTLS_KX_DHE_RSA,
312 GNUTLS_KX_DHE_DSS,
313 GNUTLS_KX_RSA_EXPORT,
314 0
315 };
318 /* The ciphersuites that offer forward secrecy take
319 * precedence
320 */
321 GNUTLS_KX_ECDHE_ECDSA,
322 GNUTLS_KX_ECDHE_RSA,
323 GNUTLS_KX_DHE_RSA,
324 GNUTLS_KX_DHE_DSS,
325 GNUTLS_KX_RSA,
326 /* GNUTLS_KX_ANON_DH: Man-in-the-middle prone, don't add!
327 * GNUTLS_KX_RSA_EXPORT: Deprecated, don't add!
328 */
329 0
330 };
333 GNUTLS_CIPHER_ARCFOUR_128,
334 GNUTLS_CIPHER_AES_128_CBC,
335 GNUTLS_CIPHER_CAMELLIA_128_CBC,
336 GNUTLS_CIPHER_AES_256_CBC,
337 GNUTLS_CIPHER_CAMELLIA_256_CBC,
338 GNUTLS_CIPHER_3DES_CBC,
339 GNUTLS_CIPHER_AES_128_GCM,
340 GNUTLS_CIPHER_AES_256_GCM,
341 0
342 };
344 /* If GCM and AES acceleration is available then prefer
345 * them over anything else.
346 */
348 GNUTLS_CIPHER_AES_128_GCM,
349 GNUTLS_CIPHER_AES_128_CBC,
350 GNUTLS_CIPHER_AES_256_GCM,
351 GNUTLS_CIPHER_AES_256_CBC,
352 GNUTLS_CIPHER_ARCFOUR_128,
353 GNUTLS_CIPHER_CAMELLIA_128_CBC,
354 GNUTLS_CIPHER_CAMELLIA_256_CBC,
355 GNUTLS_CIPHER_3DES_CBC,
356 0
357 };
360 GNUTLS_CIPHER_AES_128_CBC,
361 GNUTLS_CIPHER_CAMELLIA_128_CBC,
362 GNUTLS_CIPHER_AES_128_GCM,
363 GNUTLS_CIPHER_AES_256_CBC,
364 GNUTLS_CIPHER_CAMELLIA_256_CBC,
365 GNUTLS_CIPHER_AES_256_GCM,
366 GNUTLS_CIPHER_3DES_CBC,
367 GNUTLS_CIPHER_ARCFOUR_128,
368 0
369 };
372 GNUTLS_CIPHER_AES_128_GCM,
373 GNUTLS_CIPHER_AES_128_CBC,
374 GNUTLS_CIPHER_AES_256_GCM,
375 GNUTLS_CIPHER_AES_256_CBC,
376 GNUTLS_CIPHER_CAMELLIA_128_CBC,
377 GNUTLS_CIPHER_CAMELLIA_256_CBC,
378 GNUTLS_CIPHER_3DES_CBC,
379 GNUTLS_CIPHER_ARCFOUR_128,
380 0
381 };
388 GNUTLS_CIPHER_AES_128_GCM,
389 GNUTLS_CIPHER_AES_256_GCM,
390 0
391 };
394 GNUTLS_CIPHER_AES_256_GCM,
395 0
396 };
400 GNUTLS_CIPHER_AES_128_CBC,
401 GNUTLS_CIPHER_CAMELLIA_128_CBC,
402 GNUTLS_CIPHER_AES_128_GCM,
403 GNUTLS_CIPHER_AES_256_CBC,
404 GNUTLS_CIPHER_CAMELLIA_256_CBC,
405 GNUTLS_CIPHER_AES_256_GCM,
406 0
407 };
411 GNUTLS_CIPHER_AES_256_CBC,
412 GNUTLS_CIPHER_CAMELLIA_256_CBC,
413 GNUTLS_CIPHER_AES_256_GCM,
414 0
415 };
417 /* The same as cipher_priority_security_normal + arcfour-40. */
419 GNUTLS_CIPHER_AES_128_CBC,
420 GNUTLS_CIPHER_AES_256_CBC,
421 GNUTLS_CIPHER_CAMELLIA_128_CBC,
422 GNUTLS_CIPHER_CAMELLIA_256_CBC,
423 GNUTLS_CIPHER_AES_128_GCM,
424 GNUTLS_CIPHER_3DES_CBC,
425 GNUTLS_CIPHER_ARCFOUR_128,
426 GNUTLS_CIPHER_ARCFOUR_40,
427 0
428 };
431 /* compression should be explicitly requested to be enabled */
432 GNUTLS_COMP_NULL,
433 0
434 };
437 GNUTLS_SIGN_RSA_SHA256,
438 GNUTLS_SIGN_DSA_SHA256,
439 GNUTLS_SIGN_ECDSA_SHA256,
441 GNUTLS_SIGN_RSA_SHA384,
442 GNUTLS_SIGN_ECDSA_SHA384,
444 GNUTLS_SIGN_RSA_SHA512,
445 GNUTLS_SIGN_ECDSA_SHA512,
447 GNUTLS_SIGN_RSA_SHA224,
448 GNUTLS_SIGN_DSA_SHA224,
449 GNUTLS_SIGN_ECDSA_SHA224,
451 GNUTLS_SIGN_RSA_SHA1,
452 GNUTLS_SIGN_DSA_SHA1,
453 GNUTLS_SIGN_ECDSA_SHA1,
454 0
455 };
458 GNUTLS_SIGN_ECDSA_SHA256,
459 GNUTLS_SIGN_ECDSA_SHA384,
460 0
461 };
464 GNUTLS_SIGN_ECDSA_SHA384,
465 0
466 };
469 GNUTLS_SIGN_RSA_SHA256,
470 GNUTLS_SIGN_DSA_SHA256,
471 GNUTLS_SIGN_ECDSA_SHA256,
472 GNUTLS_SIGN_RSA_SHA384,
473 GNUTLS_SIGN_ECDSA_SHA384,
474 GNUTLS_SIGN_RSA_SHA512,
475 GNUTLS_SIGN_ECDSA_SHA512,
476 0
477 };
480 GNUTLS_SIGN_RSA_SHA384,
481 GNUTLS_SIGN_ECDSA_SHA384,
482 GNUTLS_SIGN_RSA_SHA512,
483 GNUTLS_SIGN_ECDSA_SHA512,
484 0
485 };
488 GNUTLS_MAC_SHA1,
489 GNUTLS_MAC_SHA256,
490 GNUTLS_MAC_SHA384,
491 GNUTLS_MAC_AEAD,
492 GNUTLS_MAC_MD5,
493 0
494 };
497 GNUTLS_MAC_AEAD,
498 0
499 };
502 GNUTLS_MAC_AEAD,
503 0
504 };
507 GNUTLS_MAC_SHA1,
508 GNUTLS_MAC_SHA256,
509 GNUTLS_MAC_SHA384,
510 GNUTLS_MAC_AEAD,
511 0
512 };
515 GNUTLS_MAC_SHA256,
516 GNUTLS_MAC_SHA384,
517 GNUTLS_MAC_AEAD,
518 0
519 };
522 GNUTLS_CRT_X509,
523 0
524 };
527 GNUTLS_CRT_X509,
528 GNUTLS_CRT_OPENPGP,
529 0
530 };
534 static void
536 {
541 {
544 i++;
545 }
548 {
552 }
555 }
557 static void
559 {
562 {
565 i++;
566 }
569 {
572 }
575 }
578 /**
579 * gnutls_priority_set:
580 * @session: is a #gnutls_session_t structure.
581 * @priority: is a #gnutls_priority_t structure.
582 *
583 * Sets the priorities to use on the ciphers, key exchange methods,
584 * macs and compression methods.
585 *
586 * Returns: %GNUTLS_E_SUCCESS on success, or an error code.
587 **/
588 int
590 {
592 {
595 }
600 /* set the current version to the first in the chain.
601 * This will be overridden later.
602 */
616 }
619 #define MAX_ELEMENTS 48
631 static
633 {
640 {
642 cipher_priority_performance);
646 sign_priority_default);
649 }
651 {
656 sign_priority_default);
659 }
662 {
664 cipher_priority_secure192);
668 sign_priority_secure192);
671 }
674 {
676 cipher_priority_secure128);
680 sign_priority_secure128);
683 }
685 {
688 cipher_priority_suiteb128);
692 sign_priority_suiteb128);
695 }
697 {
700 cipher_priority_suiteb192);
704 sign_priority_suiteb192);
707 }
709 {
714 sign_priority_default);
717 }
719 }
721 /**
722 * gnutls_priority_init:
723 * @priority_cache: is a #gnutls_prioritity_t structure.
724 * @priorities: is a string describing priorities
725 * @err_pos: In case of an error this will have the position in the string the error occured
726 *
727 * Sets priorities for the ciphers, key exchange methods, macs and
728 * compression methods.
729 *
730 * The #priorities option allows you to specify a colon
731 * separated list of the cipher priorities to enable.
732 * Some keywords are defined to provide quick access
733 * to common preferences.
734 *
735 * "PERFORMANCE" means all the "secure" ciphersuites are enabled,
736 * limited to 128 bit ciphers and sorted by terms of speed
737 * performance.
738 *
739 * "NORMAL" means all "secure" ciphersuites. The 256-bit ciphers are
740 * included as a fallback only. The ciphers are sorted by security
741 * margin.
742 *
743 * "SECURE128" means all "secure" ciphersuites of security level 128-bit
744 * or more.
745 *
746 * "SECURE192" means all "secure" ciphersuites of security level 192-bit
747 * or more.
748 *
749 * "SUITEB128" means all the NSA SuiteB ciphersuites with security level
750 * of 128.
751 *
752 * "SUITEB192" means all the NSA SuiteB ciphersuites with security level
753 * of 192.
754 *
755 * "EXPORT" means all ciphersuites are enabled, including the
756 * low-security 40 bit ciphers.
757 *
758 * "NONE" means nothing is enabled. This disables even protocols and
759 * compression methods.
760 *
761 * Special keywords are "!", "-" and "+".
762 * "!" or "-" appended with an algorithm will remove this algorithm.
763 * "+" appended with an algorithm will add this algorithm.
764 *
765 * Check the GnuTLS manual section "Priority strings" for detailed
766 * information.
767 *
768 * Examples:
769 *
770 * "NONE:+VERS-TLS-ALL:+MAC-ALL:+RSA:+AES-128-CBC:+SIGN-ALL:+COMP-NULL"
771 *
772 * "NORMAL:-ARCFOUR-128" means normal ciphers except for ARCFOUR-128.
773 *
774 * "SECURE:-VERS-SSL3.0:+COMP-DEFLATE" means that only secure ciphers are
775 * enabled, SSL3.0 is disabled, and libz compression enabled.
776 *
777 * "NONE:+VERS-TLS-ALL:+AES-128-CBC:+RSA:+SHA1:+COMP-NULL:+SIGN-RSA-SHA1",
778 *
779 * "NONE:+VERS-TLS-ALL:+AES-128-CBC:+ECDHE-RSA:+SHA1:+COMP-NULL:+SIGN-RSA-SHA1:+CURVE-SECP256R1",
780 *
781 * "SECURE256:+SECURE128",
782 *
783 * Note that "NORMAL:%COMPAT" is the most compatible mode.
784 *
785 * Returns: On syntax error %GNUTLS_E_INVALID_REQUEST is returned,
786 * %GNUTLS_E_SUCCESS on success, or an error code.
787 **/
788 int
791 {
801 {
804 }
806 /* for now unsafe renegotiation is default on everyone. To be removed
807 * when we make it the default.
808 */
817 {
820 }
823 /* This is our default set of protocol version, certificate types and
824 * compression methods.
825 */
827 {
834 }
835 else
836 {
838 }
841 {
843 {
845 }
848 {
850 {
853 }
854 else
855 {
858 }
861 {
863 }
868 GNUTLS_CIPHER_UNKNOWN)
871 GNUTLS_KX_UNKNOWN)
874 {
876 {
878 protocol_priority);
879 }
880 else
881 {
884 GNUTLS_VERSION_UNKNOWN)
886 else
889 }
892 {
894 {
896 comp_priority);
897 }
898 else
899 {
902 GNUTLS_COMP_UNKNOWN)
904 else
906 }
909 {
911 {
913 supported_ecc_normal);
914 }
915 else
916 {
919 GNUTLS_ECC_CURVE_INVALID)
921 else
923 }
926 {
928 {
930 cert_type_priority_all);
931 }
932 else
933 {
936 GNUTLS_CRT_UNKNOWN)
938 else
940 }
943 {
945 {
947 sign_priority_default);
948 }
949 else
950 {
953 GNUTLS_SIGN_UNKNOWN)
955 else
957 }
958 }
960 {
962 mac_priority_normal);
963 }
965 {
967 cipher_priority_normal);
968 }
970 {
972 kx_priority_secure);
973 }
974 else
976 }
978 {
980 {
982 }
984 {
986 }
988 {
990 }
993 {
996 GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD5;
997 }
1000 {
1002 GNUTLS_VERIFY_DISABLE_CRL_CHECKS;
1003 }
1013 GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT;
1016 {
1018 }
1020 {
1022 }
1025 {
1027 }
1030 {
1032 }
1035 {
1037 }
1038 else
1040 }
1041 else
1043 }
1048 error:
1050 {
1053 {
1055 }
1056 }
1062 }
1064 /**
1065 * gnutls_priority_deinit:
1066 * @priority_cache: is a #gnutls_prioritity_t structure.
1067 *
1068 * Deinitializes the priority cache.
1069 **/
1070 void
1072 {
1074 }
1077 /**
1078 * gnutls_priority_set_direct:
1079 * @session: is a #gnutls_session_t structure.
1080 * @priorities: is a string describing priorities
1081 * @err_pos: In case of an error this will have the position in the string the error occured
1082 *
1083 * Sets the priorities to use on the ciphers, key exchange methods,
1084 * macs and compression methods. This function avoids keeping a
1085 * priority cache and is used to directly set string priorities to a
1086 * TLS session. For documentation check the gnutls_priority_init().
1087 *
1088 * Returns: On syntax error %GNUTLS_E_INVALID_REQUEST is returned,
1089 * %GNUTLS_E_SUCCESS on success, or an error code.
1090 **/
1091 int
1094 {
1095 gnutls_priority_t prio;
1100 {
1103 }
1107 {
1110 }
1115 }
1117 /* Breaks a list of "xxx", "yyy", to a character array, of
1118 * MAX_COMMA_SEP_ELEMENTS size; Note that the given string is modified.
1119 */
1120 static void
1124 {
1131 do
1132 {
1139 {
1142 * space.
1143 */
1145 p++;
1146 }
1147 }
1149 }
1151 /**
1152 * gnutls_set_default_priority:
1153 * @session: is a #gnutls_session_t structure.
1154 *
1155 * Sets some default priority on the ciphers, key exchange methods,
1156 * macs and compression methods.
1157 *
1158 * This is the same as calling:
1159 *
1160 * gnutls_priority_set_direct (session, "NORMAL", NULL);
1161 *
1162 * This function is kept around for backwards compatibility, but
1163 * because of its wide use it is still fully supported. If you wish
1164 * to allow users to provide a string that specify which ciphers to
1165 * use (which is recommended), you should use
1166 * gnutls_priority_set_direct() or gnutls_priority_set() instead.
1167 *
1168 * Returns: %GNUTLS_E_SUCCESS on success, or an error code.
1169 **/
1170 int
1172 {
1174 }
1176 /**
1177 * gnutls_set_default_export_priority:
1178 * @session: is a #gnutls_session_t structure.
1179 *
1180 * Sets some default priority on the ciphers, key exchange methods, macs
1181 * and compression methods. This function also includes weak algorithms.
1182 *
1183 * This is the same as calling:
1184 *
1185 * gnutls_priority_set_direct (session, "EXPORT", NULL);
1186 *
1187 * This function is kept around for backwards compatibility, but
1188 * because of its wide use it is still fully supported. If you wish
1189 * to allow users to provide a string that specify which ciphers to
1190 * use (which is recommended), you should use
1191 * gnutls_priority_set_direct() or gnutls_priority_set() instead.
1192 *
1193 * Returns: %GNUTLS_E_SUCCESS on success, or an error code.
1194 **/
1195 int
1197 {
1199 }
1201 /* Increases the priority of AES-GCM as it is much faster
1202 * than anything else if hardware support is there.
1203 */
1205 {
1208 }
1210 /**
1211 * gnutls_priority_ecc_curve_list:
1212 * @pcache: is a #gnutls_prioritity_t structure.
1213 * @list: will point to an integer list
1214 *
1215 * Get a list of available elliptic curves in the priority
1216 * structure.
1217 *
1218 * Returns: the number of curves, or an error code.
1219 * Since: 3.0
1220 **/
1221 int
1223 {
1229 }
1231 /**
1232 * gnutls_priority_compression_list:
1233 * @pcache: is a #gnutls_prioritity_t structure.
1234 * @list: will point to an integer list
1235 *
1236 * Get a list of available compression method in the priority
1237 * structure.
1238 *
1239 * Returns: the number of methods, or an error code.
1240 * Since: 3.0
1241 **/
1242 int
1244 {
1250 }
1252 /**
1253 * gnutls_priority_protocol_list:
1254 * @pcache: is a #gnutls_prioritity_t structure.
1255 * @list: will point to an integer list
1256 *
1257 * Get a list of available TLS version numbers in the priority
1258 * structure.
1259 *
1260 * Returns: the number of protocols, or an error code.
1261 * Since: 3.0
1262 **/
1263 int
1265 {
1271 }
1273 /**
1274 * gnutls_priority_sign_list:
1275 * @pcache: is a #gnutls_prioritity_t structure.
1276 * @list: will point to an integer list
1277 *
1278 * Get a list of available signature algorithms in the priority
1279 * structure.
1280 *
1281 * Returns: the number of algorithms, or an error code.
1282 * Since: 3.0
1283 **/
1284 int
1286 {
1292 }
1294 /**
1295 * gnutls_priority_certificate_type_list:
1296 * @pcache: is a #gnutls_prioritity_t structure.
1297 * @list: will point to an integer list
1298 *
1299 * Get a list of available certificate types in the priority
1300 * structure.
1301 *
1302 * Returns: the number of certificate types, or an error code.
1303 * Since: 3.0
1304 **/
1305 int
1307 {
1313 }